From de61ea4b8c5cfcb8e353f17edb8903e7ba118619 Mon Sep 17 00:00:00 2001 From: Panos Date: Wed, 22 Jan 2025 23:36:18 +0000 Subject: [PATCH 1/3] Updated CI cfg --- .circleci/config.yml | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index fcb38202..e2389afb 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -35,8 +35,11 @@ jobs: - run: command: | pip uninstall -y cython - pip install -e . + python setup.py sdist + cd dist + pip install * python -c 'from ssh.session import Session; Session()' + cd .. eval "$(ssh-agent -s)" name: Build - run: @@ -52,14 +55,6 @@ jobs: command: | flake8 ssh name: Flake - - run: - command: | - python setup.py sdist - cd dist - pip install * - python -c 'from ssh.session import Session; Session()' - cd .. - name: Sdist Install - run: command: | cd doc From 90e637ae611312707fe39a1fdecab96a68307618 Mon Sep 17 00:00:00 2001 From: Panos Date: Wed, 22 Jan 2025 23:37:06 +0000 Subject: [PATCH 2/3] Removed unneeded files --- krb5-1.21.3/doc/README | 56 - krb5-1.21.3/doc/_static/kerb.css_t | 169 - krb5-1.21.3/doc/_templates/layout.html | 73 - krb5-1.21.3/doc/about.rst | 35 - .../doc/admin/admin_commands/index.rst | 17 - .../doc/admin/admin_commands/k5srvutil.rst | 69 - .../doc/admin/admin_commands/kadmin_local.rst | 985 - .../doc/admin/admin_commands/kadmind.rst | 129 - .../admin/admin_commands/kdb5_ldap_util.rst | 449 - .../doc/admin/admin_commands/kdb5_util.rst | 502 - .../doc/admin/admin_commands/kprop.rst | 60 - .../doc/admin/admin_commands/kpropd.rst | 144 - .../doc/admin/admin_commands/kproplog.rst | 85 - .../doc/admin/admin_commands/krb5kdc.rst | 114 - .../doc/admin/admin_commands/ktutil.rst | 129 - .../doc/admin/admin_commands/sserver.rst | 112 - krb5-1.21.3/doc/admin/advanced/index.rst | 8 - .../doc/admin/advanced/retiring-des.rst | 422 - krb5-1.21.3/doc/admin/appl_servers.rst | 171 - krb5-1.21.3/doc/admin/auth_indicator.rst | 57 - krb5-1.21.3/doc/admin/backup_host.rst | 34 - krb5-1.21.3/doc/admin/conf_files/index.rst | 20 - .../doc/admin/conf_files/kadm5_acl.rst | 163 - krb5-1.21.3/doc/admin/conf_files/kdc_conf.rst | 976 - .../doc/admin/conf_files/krb5_conf.rst | 1251 - krb5-1.21.3/doc/admin/conf_ldap.rst | 132 - krb5-1.21.3/doc/admin/database.rst | 587 - krb5-1.21.3/doc/admin/dbtypes.rst | 149 - krb5-1.21.3/doc/admin/dictionary.rst | 88 - krb5-1.21.3/doc/admin/enctypes.rst | 222 - krb5-1.21.3/doc/admin/env_variables.rst | 4 - krb5-1.21.3/doc/admin/host_config.rst | 235 - krb5-1.21.3/doc/admin/https.rst | 48 - krb5-1.21.3/doc/admin/index.rst | 34 - krb5-1.21.3/doc/admin/install.rst | 21 - krb5-1.21.3/doc/admin/install_appl_srv.rst | 78 - krb5-1.21.3/doc/admin/install_clients.rst | 58 - krb5-1.21.3/doc/admin/install_kdc.rst | 536 - krb5-1.21.3/doc/admin/lockout.rst | 154 - krb5-1.21.3/doc/admin/otp.rst | 100 - krb5-1.21.3/doc/admin/pkinit.rst | 354 - krb5-1.21.3/doc/admin/princ_dns.rst | 126 - krb5-1.21.3/doc/admin/realm_config.rst | 268 - krb5-1.21.3/doc/admin/spake.rst | 56 - krb5-1.21.3/doc/admin/troubleshoot.rst | 135 - krb5-1.21.3/doc/admin/various_envs.rst | 27 - krb5-1.21.3/doc/appdev/gssapi.rst | 727 - krb5-1.21.3/doc/appdev/h5l_mit_apidiff.rst | 28 - krb5-1.21.3/doc/appdev/index.rst | 16 - krb5-1.21.3/doc/appdev/init_creds.rst | 304 - krb5-1.21.3/doc/appdev/princ_handle.rst | 79 - krb5-1.21.3/doc/appdev/refs/api/index.rst | 413 - krb5-1.21.3/doc/appdev/refs/index.rst | 9 - krb5-1.21.3/doc/appdev/refs/macros/index.rst | 397 - krb5-1.21.3/doc/appdev/refs/types/index.rst | 108 - .../doc/appdev/refs/types/krb5_int32.rst | 12 - .../doc/appdev/refs/types/krb5_ui_4.rst | 12 - krb5-1.21.3/doc/appdev/y2038.rst | 28 - krb5-1.21.3/doc/basic/ccache_def.rst | 160 - krb5-1.21.3/doc/basic/date_format.rst | 140 - krb5-1.21.3/doc/basic/index.rst | 14 - krb5-1.21.3/doc/basic/keytab_def.rst | 59 - krb5-1.21.3/doc/basic/rcache_def.rst | 111 - krb5-1.21.3/doc/basic/stash_file_def.rst | 25 - krb5-1.21.3/doc/build/directory_org.rst | 75 - krb5-1.21.3/doc/build/doing_build.rst | 148 - krb5-1.21.3/doc/build/index.rst | 63 - krb5-1.21.3/doc/build/options2configure.rst | 397 - krb5-1.21.3/doc/build/osconf.rst | 26 - krb5-1.21.3/doc/build_this.rst | 82 - krb5-1.21.3/doc/coding-style | 5 - krb5-1.21.3/doc/conf.py | 320 - krb5-1.21.3/doc/contributing.txt | 70 - krb5-1.21.3/doc/copyright.rst | 8 - krb5-1.21.3/doc/doxy_examples/cc_set_config.c | 33 - krb5-1.21.3/doc/doxy_examples/cc_unique.c | 23 - krb5-1.21.3/doc/doxy_examples/error_message.c | 20 - krb5-1.21.3/doc/doxy_examples/tkt_creds.c | 55 - .../doc/doxy_examples/verify_init_creds.c | 28 - .../doc/formats/ccache_file_format.rst | 182 - krb5-1.21.3/doc/formats/cookie.rst | 97 - krb5-1.21.3/doc/formats/freshness_token.rst | 19 - krb5-1.21.3/doc/formats/index.rst | 11 - .../doc/formats/keytab_file_format.rst | 51 - .../doc/formats/rcache_file_format.rst | 50 - krb5-1.21.3/doc/html/.buildinfo | 4 - krb5-1.21.3/doc/html/_sources/about.rst.txt | 35 - .../admin/admin_commands/index.rst.txt | 17 - .../admin/admin_commands/k5srvutil.rst.txt | 69 - .../admin/admin_commands/kadmin_local.rst.txt | 985 - .../admin/admin_commands/kadmind.rst.txt | 129 - .../admin_commands/kdb5_ldap_util.rst.txt | 449 - .../admin/admin_commands/kdb5_util.rst.txt | 502 - .../admin/admin_commands/kprop.rst.txt | 60 - .../admin/admin_commands/kpropd.rst.txt | 144 - .../admin/admin_commands/kproplog.rst.txt | 85 - .../admin/admin_commands/krb5kdc.rst.txt | 114 - .../admin/admin_commands/ktutil.rst.txt | 129 - .../admin/admin_commands/sserver.rst.txt | 112 - .../_sources/admin/advanced/index.rst.txt | 8 - .../admin/advanced/retiring-des.rst.txt | 422 - .../html/_sources/admin/appl_servers.rst.txt | 171 - .../_sources/admin/auth_indicator.rst.txt | 57 - .../html/_sources/admin/backup_host.rst.txt | 34 - .../_sources/admin/conf_files/index.rst.txt | 20 - .../admin/conf_files/kadm5_acl.rst.txt | 163 - .../admin/conf_files/kdc_conf.rst.txt | 976 - .../admin/conf_files/krb5_conf.rst.txt | 1251 - .../doc/html/_sources/admin/conf_ldap.rst.txt | 132 - .../doc/html/_sources/admin/database.rst.txt | 587 - .../doc/html/_sources/admin/dbtypes.rst.txt | 149 - .../html/_sources/admin/dictionary.rst.txt | 88 - .../doc/html/_sources/admin/enctypes.rst.txt | 222 - .../html/_sources/admin/env_variables.rst.txt | 4 - .../html/_sources/admin/host_config.rst.txt | 235 - .../doc/html/_sources/admin/https.rst.txt | 48 - .../doc/html/_sources/admin/index.rst.txt | 34 - .../doc/html/_sources/admin/install.rst.txt | 21 - .../_sources/admin/install_appl_srv.rst.txt | 78 - .../_sources/admin/install_clients.rst.txt | 58 - .../html/_sources/admin/install_kdc.rst.txt | 536 - .../doc/html/_sources/admin/lockout.rst.txt | 154 - .../doc/html/_sources/admin/otp.rst.txt | 100 - .../doc/html/_sources/admin/pkinit.rst.txt | 354 - .../doc/html/_sources/admin/princ_dns.rst.txt | 126 - .../html/_sources/admin/realm_config.rst.txt | 268 - .../doc/html/_sources/admin/spake.rst.txt | 56 - .../html/_sources/admin/troubleshoot.rst.txt | 135 - .../html/_sources/admin/various_envs.rst.txt | 27 - .../doc/html/_sources/appdev/gssapi.rst.txt | 727 - .../_sources/appdev/h5l_mit_apidiff.rst.txt | 28 - .../doc/html/_sources/appdev/index.rst.txt | 16 - .../html/_sources/appdev/init_creds.rst.txt | 304 - .../html/_sources/appdev/princ_handle.rst.txt | 79 - .../_sources/appdev/refs/api/index.rst.txt | 413 - .../refs/api/krb5_425_conv_principal.rst.txt | 59 - .../refs/api/krb5_524_conv_principal.rst.txt | 60 - .../refs/api/krb5_524_convert_creds.rst.txt | 55 - .../refs/api/krb5_address_compare.rst.txt | 47 - .../refs/api/krb5_address_order.rst.txt | 49 - .../refs/api/krb5_address_search.rst.txt | 55 - .../refs/api/krb5_allow_weak_crypto.rst.txt | 49 - .../refs/api/krb5_aname_to_localname.rst.txt | 61 - .../refs/api/krb5_anonymous_principal.rst.txt | 47 - .../refs/api/krb5_anonymous_realm.rst.txt | 47 - .../refs/api/krb5_appdefault_boolean.rst.txt | 57 - .../refs/api/krb5_appdefault_string.rst.txt | 57 - .../refs/api/krb5_auth_con_free.rst.txt | 49 - .../refs/api/krb5_auth_con_genaddrs.rst.txt | 66 - .../krb5_auth_con_get_checksum_func.rst.txt | 49 - .../refs/api/krb5_auth_con_getaddrs.rst.txt | 49 - .../krb5_auth_con_getauthenticator.rst.txt | 51 - .../refs/api/krb5_auth_con_getflags.rst.txt | 60 - .../refs/api/krb5_auth_con_getkey.rst.txt | 51 - .../refs/api/krb5_auth_con_getkey_k.rst.txt | 51 - .../krb5_auth_con_getlocalseqnumber.rst.txt | 51 - .../api/krb5_auth_con_getlocalsubkey.rst.txt | 46 - .../refs/api/krb5_auth_con_getrcache.rst.txt | 51 - .../api/krb5_auth_con_getrecvsubkey.rst.txt | 51 - .../api/krb5_auth_con_getrecvsubkey_k.rst.txt | 51 - .../krb5_auth_con_getremoteseqnumber.rst.txt | 51 - .../api/krb5_auth_con_getremotesubkey.rst.txt | 46 - .../api/krb5_auth_con_getsendsubkey.rst.txt | 51 - .../api/krb5_auth_con_getsendsubkey_k.rst.txt | 51 - .../refs/api/krb5_auth_con_init.rst.txt | 57 - .../api/krb5_auth_con_initivector.rst.txt | 49 - .../krb5_auth_con_set_checksum_func.rst.txt | 53 - .../krb5_auth_con_set_req_cksumtype.rst.txt | 51 - .../refs/api/krb5_auth_con_setaddrs.rst.txt | 56 - .../refs/api/krb5_auth_con_setflags.rst.txt | 60 - .../refs/api/krb5_auth_con_setports.rst.txt | 56 - .../refs/api/krb5_auth_con_setrcache.rst.txt | 51 - .../api/krb5_auth_con_setrecvsubkey.rst.txt | 51 - .../api/krb5_auth_con_setrecvsubkey_k.rst.txt | 55 - .../api/krb5_auth_con_setsendsubkey.rst.txt | 51 - .../api/krb5_auth_con_setsendsubkey_k.rst.txt | 55 - .../api/krb5_auth_con_setuseruserkey.rst.txt | 47 - .../refs/api/krb5_build_principal.rst.txt | 72 - .../api/krb5_build_principal_alloc_va.rst.txt | 66 - .../refs/api/krb5_build_principal_ext.rst.txt | 64 - .../refs/api/krb5_build_principal_va.rst.txt | 50 - .../appdev/refs/api/krb5_c_block_size.rst.txt | 47 - .../refs/api/krb5_c_checksum_length.rst.txt | 47 - .../refs/api/krb5_c_crypto_length.rst.txt | 49 - .../refs/api/krb5_c_crypto_length_iov.rst.txt | 53 - .../appdev/refs/api/krb5_c_decrypt.rst.txt | 65 - .../refs/api/krb5_c_decrypt_iov.rst.txt | 68 - .../refs/api/krb5_c_derive_prfplus.rst.txt | 48 - .../appdev/refs/api/krb5_c_encrypt.rst.txt | 65 - .../refs/api/krb5_c_encrypt_iov.rst.txt | 68 - .../refs/api/krb5_c_encrypt_length.rst.txt | 53 - .../refs/api/krb5_c_enctype_compare.rst.txt | 53 - .../appdev/refs/api/krb5_c_free_state.rst.txt | 47 - .../refs/api/krb5_c_fx_cf2_simple.rst.txt | 57 - .../appdev/refs/api/krb5_c_init_state.rst.txt | 49 - .../api/krb5_c_is_coll_proof_cksum.rst.txt | 43 - .../refs/api/krb5_c_is_keyed_cksum.rst.txt | 43 - .../api/krb5_c_keyed_checksum_types.rst.txt | 53 - .../appdev/refs/api/krb5_c_keylengths.rst.txt | 49 - .../refs/api/krb5_c_make_checksum.rst.txt | 68 - .../refs/api/krb5_c_make_checksum_iov.rst.txt | 68 - .../refs/api/krb5_c_make_random_key.rst.txt | 51 - .../refs/api/krb5_c_padding_length.rst.txt | 53 - .../appdev/refs/api/krb5_c_prf.rst.txt | 53 - .../appdev/refs/api/krb5_c_prf_length.rst.txt | 47 - .../appdev/refs/api/krb5_c_prfplus.rst.txt | 61 - .../api/krb5_c_random_add_entropy.rst.txt | 46 - .../api/krb5_c_random_make_octets.rst.txt | 49 - .../refs/api/krb5_c_random_os_entropy.rst.txt | 46 - .../refs/api/krb5_c_random_seed.rst.txt | 44 - .../refs/api/krb5_c_random_to_key.rst.txt | 64 - .../refs/api/krb5_c_string_to_key.rst.txt | 55 - .../krb5_c_string_to_key_with_params.rst.txt | 57 - .../refs/api/krb5_c_valid_cksumtype.rst.txt | 43 - .../refs/api/krb5_c_valid_enctype.rst.txt | 43 - .../refs/api/krb5_c_verify_checksum.rst.txt | 65 - .../api/krb5_c_verify_checksum_iov.rst.txt | 70 - .../refs/api/krb5_calculate_checksum.rst.txt | 54 - .../refs/api/krb5_cc_cache_match.rst.txt | 56 - .../appdev/refs/api/krb5_cc_close.rst.txt | 52 - .../refs/api/krb5_cc_copy_creds.rst.txt | 47 - .../appdev/refs/api/krb5_cc_default.rst.txt | 54 - .../refs/api/krb5_cc_default_name.rst.txt | 51 - .../appdev/refs/api/krb5_cc_destroy.rst.txt | 52 - .../appdev/refs/api/krb5_cc_dup.rst.txt | 44 - .../refs/api/krb5_cc_end_seq_get.rst.txt | 54 - .../appdev/refs/api/krb5_cc_gen_new.rst.txt | 39 - .../refs/api/krb5_cc_get_config.rst.txt | 58 - .../appdev/refs/api/krb5_cc_get_flags.rst.txt | 55 - .../refs/api/krb5_cc_get_full_name.rst.txt | 52 - .../appdev/refs/api/krb5_cc_get_name.rst.txt | 53 - .../refs/api/krb5_cc_get_principal.rst.txt | 58 - .../appdev/refs/api/krb5_cc_get_type.rst.txt | 45 - .../refs/api/krb5_cc_initialize.rst.txt | 54 - .../appdev/refs/api/krb5_cc_move.rst.txt | 54 - .../refs/api/krb5_cc_new_unique.rst.txt | 52 - .../appdev/refs/api/krb5_cc_next_cred.rst.txt | 60 - .../refs/api/krb5_cc_remove_cred.rst.txt | 64 - .../appdev/refs/api/krb5_cc_resolve.rst.txt | 58 - .../refs/api/krb5_cc_retrieve_cred.rst.txt | 94 - .../appdev/refs/api/krb5_cc_select.rst.txt | 73 - .../refs/api/krb5_cc_set_config.rst.txt | 66 - .../refs/api/krb5_cc_set_default_name.rst.txt | 57 - .../appdev/refs/api/krb5_cc_set_flags.rst.txt | 51 - .../refs/api/krb5_cc_start_seq_get.rst.txt | 59 - .../refs/api/krb5_cc_store_cred.rst.txt | 54 - .../refs/api/krb5_cc_support_switch.rst.txt | 50 - .../appdev/refs/api/krb5_cc_switch.rst.txt | 52 - .../refs/api/krb5_cccol_cursor_free.rst.txt | 48 - .../refs/api/krb5_cccol_cursor_new.rst.txt | 56 - .../refs/api/krb5_cccol_cursor_next.rst.txt | 62 - .../refs/api/krb5_cccol_have_content.rst.txt | 48 - .../refs/api/krb5_change_password.rst.txt | 77 - .../refs/api/krb5_check_clockskew.rst.txt | 54 - .../refs/api/krb5_checksum_size.rst.txt | 44 - .../appdev/refs/api/krb5_chpw_message.rst.txt | 62 - .../refs/api/krb5_cksumtype_to_string.rst.txt | 47 - .../refs/api/krb5_clear_error_message.rst.txt | 40 - .../refs/api/krb5_copy_addresses.rst.txt | 51 - .../refs/api/krb5_copy_authdata.rst.txt | 59 - .../refs/api/krb5_copy_authenticator.rst.txt | 51 - .../refs/api/krb5_copy_checksum.rst.txt | 51 - .../appdev/refs/api/krb5_copy_context.rst.txt | 52 - .../appdev/refs/api/krb5_copy_creds.rst.txt | 51 - .../appdev/refs/api/krb5_copy_data.rst.txt | 51 - .../refs/api/krb5_copy_error_message.rst.txt | 42 - .../refs/api/krb5_copy_keyblock.rst.txt | 51 - .../api/krb5_copy_keyblock_contents.rst.txt | 51 - .../refs/api/krb5_copy_principal.rst.txt | 51 - .../appdev/refs/api/krb5_copy_ticket.rst.txt | 51 - .../krb5_decode_authdata_container.rst.txt | 52 - .../refs/api/krb5_decode_ticket.rst.txt | 45 - .../appdev/refs/api/krb5_decrypt.rst.txt | 52 - .../refs/api/krb5_deltat_to_string.rst.txt | 47 - .../refs/api/krb5_eblock_enctype.rst.txt | 44 - .../krb5_encode_authdata_container.rst.txt | 56 - .../appdev/refs/api/krb5_encrypt.rst.txt | 52 - .../appdev/refs/api/krb5_encrypt_size.rst.txt | 44 - .../refs/api/krb5_enctype_to_name.rst.txt | 57 - .../refs/api/krb5_enctype_to_string.rst.txt | 47 - .../refs/api/krb5_expand_hostname.rst.txt | 52 - .../refs/api/krb5_find_authdata.rst.txt | 56 - .../appdev/refs/api/krb5_finish_key.rst.txt | 44 - .../refs/api/krb5_finish_random_key.rst.txt | 46 - .../refs/api/krb5_free_addresses.rst.txt | 54 - .../api/krb5_free_ap_rep_enc_part.rst.txt | 42 - .../refs/api/krb5_free_authdata.rst.txt | 54 - .../refs/api/krb5_free_authenticator.rst.txt | 42 - .../refs/api/krb5_free_checksum.rst.txt | 42 - .../api/krb5_free_checksum_contents.rst.txt | 42 - .../refs/api/krb5_free_cksumtypes.rst.txt | 42 - .../appdev/refs/api/krb5_free_context.rst.txt | 40 - .../refs/api/krb5_free_cred_contents.rst.txt | 42 - .../appdev/refs/api/krb5_free_creds.rst.txt | 42 - .../appdev/refs/api/krb5_free_data.rst.txt | 42 - .../refs/api/krb5_free_data_contents.rst.txt | 42 - .../refs/api/krb5_free_default_realm.rst.txt | 42 - .../refs/api/krb5_free_enctypes.rst.txt | 46 - .../appdev/refs/api/krb5_free_error.rst.txt | 42 - .../refs/api/krb5_free_error_message.rst.txt | 42 - .../refs/api/krb5_free_host_realm.rst.txt | 48 - .../refs/api/krb5_free_keyblock.rst.txt | 42 - .../api/krb5_free_keyblock_contents.rst.txt | 42 - .../krb5_free_keytab_entry_contents.rst.txt | 53 - .../refs/api/krb5_free_principal.rst.txt | 42 - .../appdev/refs/api/krb5_free_string.rst.txt | 46 - .../refs/api/krb5_free_tgt_creds.rst.txt | 50 - .../appdev/refs/api/krb5_free_ticket.rst.txt | 42 - .../refs/api/krb5_free_unparsed_name.rst.txt | 42 - .../refs/api/krb5_fwd_tgt_creds.rst.txt | 68 - .../refs/api/krb5_get_credentials.rst.txt | 81 - .../api/krb5_get_credentials_renew.rst.txt | 50 - .../api/krb5_get_credentials_validate.rst.txt | 50 - .../refs/api/krb5_get_default_realm.rst.txt | 56 - .../refs/api/krb5_get_error_message.rst.txt | 62 - .../refs/api/krb5_get_etype_info.rst.txt | 72 - .../api/krb5_get_fallback_host_realm.rst.txt | 52 - .../refs/api/krb5_get_host_realm.rst.txt | 63 - .../api/krb5_get_in_tkt_with_keytab.rst.txt | 58 - .../api/krb5_get_in_tkt_with_password.rst.txt | 58 - .../api/krb5_get_in_tkt_with_skey.rst.txt | 58 - .../api/krb5_get_init_creds_keytab.rst.txt | 62 - .../api/krb5_get_init_creds_opt_alloc.rst.txt | 49 - .../api/krb5_get_init_creds_opt_free.rst.txt | 45 - ..._get_init_creds_opt_get_fast_flags.rst.txt | 47 - .../api/krb5_get_init_creds_opt_init.rst.txt | 42 - ...et_init_creds_opt_set_address_list.rst.txt | 42 - ...5_get_init_creds_opt_set_anonymous.rst.txt | 42 - ...et_init_creds_opt_set_canonicalize.rst.txt | 42 - ...eds_opt_set_change_password_prompt.rst.txt | 42 - ..._get_init_creds_opt_set_etype_list.rst.txt | 44 - ...init_creds_opt_set_expire_callback.rst.txt | 78 - ...get_init_creds_opt_set_fast_ccache.rst.txt | 52 - ...nit_creds_opt_set_fast_ccache_name.rst.txt | 48 - ..._get_init_creds_opt_set_fast_flags.rst.txt | 51 - ...get_init_creds_opt_set_forwardable.rst.txt | 42 - ...5_get_init_creds_opt_set_in_ccache.rst.txt | 52 - ..._get_init_creds_opt_set_out_ccache.rst.txt | 44 - .../krb5_get_init_creds_opt_set_pa.rst.txt | 46 - ...get_init_creds_opt_set_pac_request.rst.txt | 52 - ...et_init_creds_opt_set_preauth_list.rst.txt | 44 - ...5_get_init_creds_opt_set_proxiable.rst.txt | 42 - ..._get_init_creds_opt_set_renew_life.rst.txt | 42 - ...5_get_init_creds_opt_set_responder.rst.txt | 50 - .../krb5_get_init_creds_opt_set_salt.rst.txt | 42 - ...b5_get_init_creds_opt_set_tkt_life.rst.txt | 42 - .../api/krb5_get_init_creds_password.rst.txt | 75 - .../api/krb5_get_permitted_enctypes.rst.txt | 53 - .../appdev/refs/api/krb5_get_profile.rst.txt | 56 - .../refs/api/krb5_get_prompt_types.rst.txt | 43 - .../refs/api/krb5_get_renewed_creds.rst.txt | 62 - .../refs/api/krb5_get_server_rcache.rst.txt | 55 - .../refs/api/krb5_get_time_offsets.rst.txt | 51 - .../refs/api/krb5_get_validated_creds.rst.txt | 67 - .../appdev/refs/api/krb5_init_context.rst.txt | 58 - .../api/krb5_init_context_profile.rst.txt | 55 - .../refs/api/krb5_init_creds_free.rst.txt | 42 - .../refs/api/krb5_init_creds_get.rst.txt | 53 - .../api/krb5_init_creds_get_creds.rst.txt | 51 - .../api/krb5_init_creds_get_error.rst.txt | 47 - .../api/krb5_init_creds_get_times.rst.txt | 51 - .../refs/api/krb5_init_creds_init.rst.txt | 63 - .../api/krb5_init_creds_set_keytab.rst.txt | 51 - .../api/krb5_init_creds_set_password.rst.txt | 51 - .../api/krb5_init_creds_set_service.rst.txt | 51 - .../refs/api/krb5_init_creds_step.rst.txt | 69 - .../refs/api/krb5_init_keyblock.rst.txt | 61 - .../refs/api/krb5_init_random_key.rst.txt | 48 - .../refs/api/krb5_init_secure_context.rst.txt | 54 - .../refs/api/krb5_is_config_principal.rst.txt | 45 - .../refs/api/krb5_is_referral_realm.rst.txt | 43 - .../refs/api/krb5_is_thread_safe.rst.txt | 43 - .../appdev/refs/api/krb5_k_create_key.rst.txt | 51 - .../appdev/refs/api/krb5_k_decrypt.rst.txt | 65 - .../refs/api/krb5_k_decrypt_iov.rst.txt | 68 - .../appdev/refs/api/krb5_k_encrypt.rst.txt | 65 - .../refs/api/krb5_k_encrypt_iov.rst.txt | 68 - .../appdev/refs/api/krb5_k_free_key.rst.txt | 39 - .../refs/api/krb5_k_key_enctype.rst.txt | 39 - .../refs/api/krb5_k_key_keyblock.rst.txt | 41 - .../refs/api/krb5_k_make_checksum.rst.txt | 68 - .../refs/api/krb5_k_make_checksum_iov.rst.txt | 68 - .../appdev/refs/api/krb5_k_prf.rst.txt | 61 - .../refs/api/krb5_k_reference_key.rst.txt | 39 - .../refs/api/krb5_k_verify_checksum.rst.txt | 65 - .../api/krb5_k_verify_checksum_iov.rst.txt | 70 - .../refs/api/krb5_kdc_sign_ticket.rst.txt | 65 - .../refs/api/krb5_kdc_verify_ticket.rst.txt | 73 - .../appdev/refs/api/krb5_kt_add_entry.rst.txt | 52 - .../refs/api/krb5_kt_client_default.rst.txt | 56 - .../appdev/refs/api/krb5_kt_close.rst.txt | 45 - .../appdev/refs/api/krb5_kt_default.rst.txt | 52 - .../refs/api/krb5_kt_default_name.rst.txt | 55 - .../appdev/refs/api/krb5_kt_dup.rst.txt | 52 - .../refs/api/krb5_kt_end_seq_get.rst.txt | 54 - .../refs/api/krb5_kt_free_entry.rst.txt | 44 - .../appdev/refs/api/krb5_kt_get_entry.rst.txt | 70 - .../appdev/refs/api/krb5_kt_get_name.rst.txt | 57 - .../appdev/refs/api/krb5_kt_get_type.rst.txt | 45 - .../refs/api/krb5_kt_have_content.rst.txt | 50 - .../refs/api/krb5_kt_next_entry.rst.txt | 57 - .../refs/api/krb5_kt_read_service_key.rst.txt | 68 - .../refs/api/krb5_kt_remove_entry.rst.txt | 51 - .../appdev/refs/api/krb5_kt_resolve.rst.txt | 66 - .../refs/api/krb5_kt_start_seq_get.rst.txt | 54 - .../appdev/refs/api/krb5_kuserok.rst.txt | 51 - .../api/krb5_make_authdata_kdc_issued.rst.txt | 48 - .../refs/api/krb5_marshal_credentials.rst.txt | 55 - .../refs/api/krb5_merge_authdata.rst.txt | 61 - .../appdev/refs/api/krb5_mk_1cred.rst.txt | 60 - .../appdev/refs/api/krb5_mk_error.rst.txt | 51 - .../appdev/refs/api/krb5_mk_ncred.rst.txt | 88 - .../appdev/refs/api/krb5_mk_priv.rst.txt | 79 - .../appdev/refs/api/krb5_mk_rep.rst.txt | 59 - .../appdev/refs/api/krb5_mk_rep_dce.rst.txt | 51 - .../appdev/refs/api/krb5_mk_req.rst.txt | 65 - .../refs/api/krb5_mk_req_extended.rst.txt | 74 - .../appdev/refs/api/krb5_mk_safe.rst.txt | 83 - .../appdev/refs/api/krb5_os_localaddr.rst.txt | 49 - .../refs/api/krb5_pac_add_buffer.rst.txt | 75 - .../appdev/refs/api/krb5_pac_free.rst.txt | 42 - .../refs/api/krb5_pac_get_buffer.rst.txt | 53 - .../refs/api/krb5_pac_get_client_info.rst.txt | 57 - .../refs/api/krb5_pac_get_types.rst.txt | 49 - .../appdev/refs/api/krb5_pac_init.rst.txt | 49 - .../appdev/refs/api/krb5_pac_parse.rst.txt | 53 - .../appdev/refs/api/krb5_pac_sign.rst.txt | 54 - .../appdev/refs/api/krb5_pac_sign_ext.rst.txt | 56 - .../appdev/refs/api/krb5_pac_verify.rst.txt | 69 - .../refs/api/krb5_pac_verify_ext.rst.txt | 60 - .../appdev/refs/api/krb5_parse_name.rst.txt | 78 - .../refs/api/krb5_parse_name_flags.rst.txt | 77 - .../api/krb5_prepend_error_message.rst.txt | 44 - .../refs/api/krb5_principal2salt.rst.txt | 47 - .../refs/api/krb5_principal_compare.rst.txt | 47 - .../krb5_principal_compare_any_realm.rst.txt | 51 - .../api/krb5_principal_compare_flags.rst.txt | 65 - .../appdev/refs/api/krb5_process_key.rst.txt | 46 - .../refs/api/krb5_prompter_posix.rst.txt | 64 - .../appdev/refs/api/krb5_random_key.rst.txt | 48 - .../appdev/refs/api/krb5_rd_cred.rst.txt | 67 - .../appdev/refs/api/krb5_rd_error.rst.txt | 51 - .../appdev/refs/api/krb5_rd_priv.rst.txt | 79 - .../appdev/refs/api/krb5_rd_rep.rst.txt | 57 - .../appdev/refs/api/krb5_rd_rep_dce.rst.txt | 53 - .../appdev/refs/api/krb5_rd_req.rst.txt | 105 - .../appdev/refs/api/krb5_rd_safe.rst.txt | 79 - .../refs/api/krb5_read_password.rst.txt | 71 - .../refs/api/krb5_realm_compare.rst.txt | 47 - .../appdev/refs/api/krb5_recvauth.rst.txt | 68 - .../refs/api/krb5_recvauth_version.rst.txt | 61 - .../api/krb5_responder_get_challenge.rst.txt | 52 - .../api/krb5_responder_list_questions.rst.txt | 50 - .../krb5_responder_otp_challenge_free.rst.txt | 48 - .../krb5_responder_otp_get_challenge.rst.txt | 56 - .../api/krb5_responder_otp_set_answer.rst.txt | 52 - ...b5_responder_pkinit_challenge_free.rst.txt | 48 - ...rb5_responder_pkinit_get_challenge.rst.txt | 56 - .../krb5_responder_pkinit_set_answer.rst.txt | 50 - .../api/krb5_responder_set_answer.rst.txt | 57 - .../refs/api/krb5_salttype_to_string.rst.txt | 47 - .../appdev/refs/api/krb5_sendauth.rst.txt | 98 - .../krb5_server_decrypt_ticket_keytab.rst.txt | 51 - .../refs/api/krb5_set_default_realm.rst.txt | 52 - .../api/krb5_set_default_tgs_enctypes.rst.txt | 61 - .../refs/api/krb5_set_error_message.rst.txt | 44 - .../refs/api/krb5_set_kdc_recv_hook.rst.txt | 52 - .../refs/api/krb5_set_kdc_send_hook.rst.txt | 52 - .../appdev/refs/api/krb5_set_password.rst.txt | 74 - .../krb5_set_password_using_ccache.rst.txt | 74 - .../refs/api/krb5_set_principal_realm.rst.txt | 54 - .../refs/api/krb5_set_real_time.rst.txt | 51 - .../refs/api/krb5_set_trace_callback.rst.txt | 63 - .../refs/api/krb5_set_trace_filename.rst.txt | 61 - .../appdev/refs/api/krb5_sname_match.rst.txt | 59 - .../refs/api/krb5_sname_to_principal.rst.txt | 74 - .../refs/api/krb5_string_to_cksumtype.rst.txt | 45 - .../refs/api/krb5_string_to_deltat.rst.txt | 45 - .../refs/api/krb5_string_to_enctype.rst.txt | 45 - .../refs/api/krb5_string_to_key.rst.txt | 50 - .../refs/api/krb5_string_to_salttype.rst.txt | 45 - .../refs/api/krb5_string_to_timestamp.rst.txt | 45 - .../appdev/refs/api/krb5_timeofday.rst.txt | 52 - .../api/krb5_timestamp_to_sfstring.rst.txt | 53 - .../refs/api/krb5_timestamp_to_string.rst.txt | 51 - .../refs/api/krb5_tkt_creds_free.rst.txt | 46 - .../refs/api/krb5_tkt_creds_get.rst.txt | 53 - .../refs/api/krb5_tkt_creds_get_creds.rst.txt | 55 - .../refs/api/krb5_tkt_creds_get_times.rst.txt | 55 - .../refs/api/krb5_tkt_creds_init.rst.txt | 67 - .../refs/api/krb5_tkt_creds_step.rst.txt | 69 - .../api/krb5_unmarshal_credentials.rst.txt | 55 - .../appdev/refs/api/krb5_unparse_name.rst.txt | 58 - .../refs/api/krb5_unparse_name_ext.rst.txt | 60 - .../refs/api/krb5_unparse_name_flags.rst.txt | 70 - .../api/krb5_unparse_name_flags_ext.rst.txt | 54 - .../appdev/refs/api/krb5_us_timeofday.rst.txt | 54 - .../appdev/refs/api/krb5_use_enctype.rst.txt | 46 - .../krb5_verify_authdata_kdc_issued.rst.txt | 48 - .../refs/api/krb5_verify_checksum.rst.txt | 54 - .../refs/api/krb5_verify_init_creds.rst.txt | 65 - .../krb5_verify_init_creds_opt_init.rst.txt | 40 - ...y_init_creds_opt_set_ap_req_nofail.rst.txt | 46 - .../api/krb5_vprepend_error_message.rst.txt | 46 - .../refs/api/krb5_vset_error_message.rst.txt | 46 - .../refs/api/krb5_vwrap_error_message.rst.txt | 48 - .../refs/api/krb5_wrap_error_message.rst.txt | 46 - .../html/_sources/appdev/refs/index.rst.txt | 9 - .../refs/macros/ADDRTYPE_ADDRPORT.rst.txt | 17 - .../appdev/refs/macros/ADDRTYPE_CHAOS.rst.txt | 17 - .../appdev/refs/macros/ADDRTYPE_DDP.rst.txt | 17 - .../appdev/refs/macros/ADDRTYPE_INET.rst.txt | 17 - .../appdev/refs/macros/ADDRTYPE_INET6.rst.txt | 17 - .../refs/macros/ADDRTYPE_IPPORT.rst.txt | 17 - .../appdev/refs/macros/ADDRTYPE_ISO.rst.txt | 17 - .../refs/macros/ADDRTYPE_IS_LOCAL.rst.txt | 17 - .../refs/macros/ADDRTYPE_NETBIOS.rst.txt | 17 - .../appdev/refs/macros/ADDRTYPE_XNS.rst.txt | 17 - .../refs/macros/AD_TYPE_EXTERNAL.rst.txt | 17 - .../macros/AD_TYPE_FIELD_TYPE_MASK.rst.txt | 17 - .../refs/macros/AD_TYPE_REGISTERED.rst.txt | 17 - .../refs/macros/AD_TYPE_RESERVED.rst.txt | 17 - .../macros/AP_OPTS_ETYPE_NEGOTIATION.rst.txt | 17 - .../macros/AP_OPTS_MUTUAL_REQUIRED.rst.txt | 18 - .../refs/macros/AP_OPTS_RESERVED.rst.txt | 17 - .../macros/AP_OPTS_USE_SESSION_KEY.rst.txt | 18 - .../refs/macros/AP_OPTS_USE_SUBKEY.rst.txt | 18 - .../refs/macros/AP_OPTS_WIRE_MASK.rst.txt | 17 - .../macros/CKSUMTYPE_CMAC_CAMELLIA128.rst.txt | 18 - .../macros/CKSUMTYPE_CMAC_CAMELLIA256.rst.txt | 18 - .../refs/macros/CKSUMTYPE_CRC32.rst.txt | 17 - .../refs/macros/CKSUMTYPE_DESCBC.rst.txt | 17 - .../macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.rst.txt | 18 - .../CKSUMTYPE_HMAC_SHA1_96_AES128.rst.txt | 18 - .../CKSUMTYPE_HMAC_SHA1_96_AES256.rst.txt | 18 - .../macros/CKSUMTYPE_HMAC_SHA1_DES3.rst.txt | 17 - .../CKSUMTYPE_HMAC_SHA256_128_AES128.rst.txt | 18 - .../CKSUMTYPE_HMAC_SHA384_192_AES256.rst.txt | 18 - .../macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.rst.txt | 17 - .../refs/macros/CKSUMTYPE_NIST_SHA.rst.txt | 17 - .../refs/macros/CKSUMTYPE_RSA_MD4.rst.txt | 17 - .../refs/macros/CKSUMTYPE_RSA_MD4_DES.rst.txt | 17 - .../refs/macros/CKSUMTYPE_RSA_MD5.rst.txt | 17 - .../refs/macros/CKSUMTYPE_RSA_MD5_DES.rst.txt | 17 - .../appdev/refs/macros/CKSUMTYPE_SHA1.rst.txt | 18 - .../ENCTYPE_AES128_CTS_HMAC_SHA1_96.rst.txt | 18 - ...ENCTYPE_AES128_CTS_HMAC_SHA256_128.rst.txt | 18 - .../ENCTYPE_AES256_CTS_HMAC_SHA1_96.rst.txt | 18 - ...ENCTYPE_AES256_CTS_HMAC_SHA384_192.rst.txt | 18 - .../refs/macros/ENCTYPE_ARCFOUR_HMAC.rst.txt | 18 - .../macros/ENCTYPE_ARCFOUR_HMAC_EXP.rst.txt | 18 - .../ENCTYPE_CAMELLIA128_CTS_CMAC.rst.txt | 18 - .../ENCTYPE_CAMELLIA256_CTS_CMAC.rst.txt | 18 - .../refs/macros/ENCTYPE_DES3_CBC_ENV.rst.txt | 18 - .../refs/macros/ENCTYPE_DES3_CBC_RAW.rst.txt | 17 - .../refs/macros/ENCTYPE_DES3_CBC_SHA.rst.txt | 17 - .../refs/macros/ENCTYPE_DES3_CBC_SHA1.rst.txt | 17 - .../refs/macros/ENCTYPE_DES_CBC_CRC.rst.txt | 17 - .../refs/macros/ENCTYPE_DES_CBC_MD4.rst.txt | 17 - .../refs/macros/ENCTYPE_DES_CBC_MD5.rst.txt | 17 - .../refs/macros/ENCTYPE_DES_CBC_RAW.rst.txt | 17 - .../refs/macros/ENCTYPE_DES_HMAC_SHA1.rst.txt | 17 - .../refs/macros/ENCTYPE_DSA_SHA1_CMS.rst.txt | 18 - .../refs/macros/ENCTYPE_MD5_RSA_CMS.rst.txt | 18 - .../appdev/refs/macros/ENCTYPE_NULL.rst.txt | 17 - .../refs/macros/ENCTYPE_RC2_CBC_ENV.rst.txt | 18 - .../refs/macros/ENCTYPE_RSA_ENV.rst.txt | 18 - .../macros/ENCTYPE_RSA_ES_OAEP_ENV.rst.txt | 18 - .../refs/macros/ENCTYPE_SHA1_RSA_CMS.rst.txt | 18 - .../refs/macros/ENCTYPE_UNKNOWN.rst.txt | 17 - .../macros/KDC_OPT_ALLOW_POSTDATE.rst.txt | 17 - .../refs/macros/KDC_OPT_CANONICALIZE.rst.txt | 17 - .../macros/KDC_OPT_CNAME_IN_ADDL_TKT.rst.txt | 17 - .../KDC_OPT_DISABLE_TRANSITED_CHECK.rst.txt | 17 - .../macros/KDC_OPT_ENC_TKT_IN_SKEY.rst.txt | 17 - .../refs/macros/KDC_OPT_FORWARDABLE.rst.txt | 17 - .../refs/macros/KDC_OPT_FORWARDED.rst.txt | 17 - .../refs/macros/KDC_OPT_POSTDATED.rst.txt | 17 - .../refs/macros/KDC_OPT_PROXIABLE.rst.txt | 17 - .../appdev/refs/macros/KDC_OPT_PROXY.rst.txt | 17 - .../appdev/refs/macros/KDC_OPT_RENEW.rst.txt | 17 - .../refs/macros/KDC_OPT_RENEWABLE.rst.txt | 17 - .../refs/macros/KDC_OPT_RENEWABLE_OK.rst.txt | 17 - .../macros/KDC_OPT_REQUEST_ANONYMOUS.rst.txt | 17 - .../refs/macros/KDC_OPT_VALIDATE.rst.txt | 17 - .../refs/macros/KDC_TKT_COMMON_MASK.rst.txt | 17 - ...RB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.rst.txt | 18 - .../macros/KRB5_ANONYMOUS_PRINCSTR.rst.txt | 18 - .../macros/KRB5_ANONYMOUS_REALMSTR.rst.txt | 18 - .../appdev/refs/macros/KRB5_AP_REP.rst.txt | 18 - .../appdev/refs/macros/KRB5_AP_REQ.rst.txt | 18 - .../appdev/refs/macros/KRB5_AS_REP.rst.txt | 18 - .../appdev/refs/macros/KRB5_AS_REQ.rst.txt | 18 - .../refs/macros/KRB5_AUTHDATA_AND_OR.rst.txt | 17 - .../macros/KRB5_AUTHDATA_AP_OPTIONS.rst.txt | 17 - .../KRB5_AUTHDATA_AUTH_INDICATOR.rst.txt | 17 - .../refs/macros/KRB5_AUTHDATA_CAMMAC.rst.txt | 17 - .../KRB5_AUTHDATA_ETYPE_NEGOTIATION.rst.txt | 18 - .../macros/KRB5_AUTHDATA_FX_ARMOR.rst.txt | 17 - .../macros/KRB5_AUTHDATA_IF_RELEVANT.rst.txt | 17 - ...KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.rst.txt | 17 - .../macros/KRB5_AUTHDATA_KDC_ISSUED.rst.txt | 17 - .../KRB5_AUTHDATA_MANDATORY_FOR_KDC.rst.txt | 17 - .../refs/macros/KRB5_AUTHDATA_OSF_DCE.rst.txt | 17 - .../refs/macros/KRB5_AUTHDATA_SESAME.rst.txt | 17 - .../macros/KRB5_AUTHDATA_SIGNTICKET.rst.txt | 17 - .../macros/KRB5_AUTHDATA_WIN2K_PAC.rst.txt | 17 - .../KRB5_AUTH_CONTEXT_DO_SEQUENCE.rst.txt | 18 - .../macros/KRB5_AUTH_CONTEXT_DO_TIME.rst.txt | 18 - ...5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.rst.txt | 18 - ...H_CONTEXT_GENERATE_LOCAL_FULL_ADDR.rst.txt | 18 - ..._AUTH_CONTEXT_GENERATE_REMOTE_ADDR.rst.txt | 18 - ..._CONTEXT_GENERATE_REMOTE_FULL_ADDR.rst.txt | 18 - .../KRB5_AUTH_CONTEXT_PERMIT_ALL.rst.txt | 17 - .../KRB5_AUTH_CONTEXT_RET_SEQUENCE.rst.txt | 18 - .../macros/KRB5_AUTH_CONTEXT_RET_TIME.rst.txt | 18 - .../KRB5_AUTH_CONTEXT_USE_SUBKEY.rst.txt | 17 - .../appdev/refs/macros/KRB5_CRED.rst.txt | 18 - .../macros/KRB5_CRYPTO_TYPE_CHECKSUM.rst.txt | 18 - .../refs/macros/KRB5_CRYPTO_TYPE_DATA.rst.txt | 18 - .../macros/KRB5_CRYPTO_TYPE_EMPTY.rst.txt | 18 - .../macros/KRB5_CRYPTO_TYPE_HEADER.rst.txt | 18 - .../macros/KRB5_CRYPTO_TYPE_PADDING.rst.txt | 18 - .../macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.rst.txt | 18 - .../macros/KRB5_CRYPTO_TYPE_STREAM.rst.txt | 18 - .../macros/KRB5_CRYPTO_TYPE_TRAILER.rst.txt | 18 - .../macros/KRB5_CYBERSAFE_SECUREID.rst.txt | 18 - .../macros/KRB5_DOMAIN_X500_COMPRESS.rst.txt | 18 - .../KRB5_ENCPADATA_REQ_ENC_PA_REP.rst.txt | 18 - .../appdev/refs/macros/KRB5_ERROR.rst.txt | 18 - .../refs/macros/KRB5_FAST_REQUIRED.rst.txt | 18 - .../appdev/refs/macros/KRB5_GC_CACHED.rst.txt | 18 - .../refs/macros/KRB5_GC_CANONICALIZE.rst.txt | 18 - .../KRB5_GC_CONSTRAINED_DELEGATION.rst.txt | 18 - .../refs/macros/KRB5_GC_FORWARDABLE.rst.txt | 18 - .../refs/macros/KRB5_GC_NO_STORE.rst.txt | 18 - .../macros/KRB5_GC_NO_TRANSIT_CHECK.rst.txt | 18 - .../refs/macros/KRB5_GC_USER_USER.rst.txt | 18 - ...B5_GET_INIT_CREDS_OPT_ADDRESS_LIST.rst.txt | 17 - .../KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.rst.txt | 17 - ...B5_GET_INIT_CREDS_OPT_CANONICALIZE.rst.txt | 17 - ...5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.rst.txt | 17 - ...KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.rst.txt | 17 - ...RB5_GET_INIT_CREDS_OPT_FORWARDABLE.rst.txt | 17 - ...B5_GET_INIT_CREDS_OPT_PREAUTH_LIST.rst.txt | 17 - .../KRB5_GET_INIT_CREDS_OPT_PROXIABLE.rst.txt | 17 - ...KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.rst.txt | 17 - .../KRB5_GET_INIT_CREDS_OPT_SALT.rst.txt | 17 - .../KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.rst.txt | 17 - .../refs/macros/KRB5_INIT_CONTEXT_KDC.rst.txt | 18 - .../macros/KRB5_INIT_CONTEXT_SECURE.rst.txt | 18 - ...KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.rst.txt | 18 - .../appdev/refs/macros/KRB5_INT16_MAX.rst.txt | 17 - .../appdev/refs/macros/KRB5_INT16_MIN.rst.txt | 17 - .../appdev/refs/macros/KRB5_INT32_MAX.rst.txt | 17 - .../appdev/refs/macros/KRB5_INT32_MIN.rst.txt | 17 - .../refs/macros/KRB5_KEYUSAGE_AD_ITE.rst.txt | 17 - .../KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.rst.txt | 17 - .../refs/macros/KRB5_KEYUSAGE_AD_MTE.rst.txt | 17 - .../KRB5_KEYUSAGE_AD_SIGNEDPATH.rst.txt | 17 - .../KRB5_KEYUSAGE_APP_DATA_CKSUM.rst.txt | 17 - .../KRB5_KEYUSAGE_APP_DATA_ENCRYPT.rst.txt | 17 - .../KRB5_KEYUSAGE_AP_REP_ENCPART.rst.txt | 17 - .../macros/KRB5_KEYUSAGE_AP_REQ_AUTH.rst.txt | 17 - .../KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.rst.txt | 17 - .../KRB5_KEYUSAGE_AS_REP_ENCPART.rst.txt | 17 - .../refs/macros/KRB5_KEYUSAGE_AS_REQ.rst.txt | 17 - .../KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.rst.txt | 17 - .../refs/macros/KRB5_KEYUSAGE_CAMMAC.rst.txt | 17 - ...KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.rst.txt | 17 - .../KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.rst.txt | 17 - .../macros/KRB5_KEYUSAGE_FAST_ENC.rst.txt | 17 - .../KRB5_KEYUSAGE_FAST_FINISHED.rst.txt | 17 - .../macros/KRB5_KEYUSAGE_FAST_REP.rst.txt | 17 - .../KRB5_KEYUSAGE_FAST_REQ_CHKSUM.rst.txt | 17 - .../macros/KRB5_KEYUSAGE_GSS_TOK_MIC.rst.txt | 17 - .../KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.rst.txt | 17 - .../KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.rst.txt | 17 - .../KRB5_KEYUSAGE_IAKERB_FINISHED.rst.txt | 17 - .../KRB5_KEYUSAGE_KDC_REP_TICKET.rst.txt | 17 - .../KRB5_KEYUSAGE_KRB_CRED_ENCPART.rst.txt | 17 - .../KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst.txt | 17 - .../KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst.txt | 17 - .../KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst.txt | 17 - .../KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst.txt | 18 - .../macros/KRB5_KEYUSAGE_PA_FX_COOKIE.rst.txt | 18 - .../KRB5_KEYUSAGE_PA_OTP_REQUEST.rst.txt | 18 - .../macros/KRB5_KEYUSAGE_PA_PKINIT_KX.rst.txt | 17 - ...B5_KEYUSAGE_PA_S4U_X509_USER_REPLY.rst.txt | 17 - ..._KEYUSAGE_PA_S4U_X509_USER_REQUEST.rst.txt | 17 - ...B5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst.txt | 17 - ..._KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst.txt | 17 - .../KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst.txt | 17 - .../refs/macros/KRB5_KEYUSAGE_SPAKE.rst.txt | 17 - ...5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst.txt | 17 - ...B5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst.txt | 17 - .../KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst.txt | 17 - .../KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.rst.txt | 17 - .../macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.rst.txt | 17 - .../KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.rst.txt | 17 - .../macros/KRB5_KPASSWD_ACCESSDENIED.rst.txt | 18 - .../macros/KRB5_KPASSWD_AUTHERROR.rst.txt | 18 - .../macros/KRB5_KPASSWD_BAD_VERSION.rst.txt | 18 - .../macros/KRB5_KPASSWD_HARDERROR.rst.txt | 18 - .../KRB5_KPASSWD_INITIAL_FLAG_NEEDED.rst.txt | 18 - .../macros/KRB5_KPASSWD_MALFORMED.rst.txt | 18 - .../macros/KRB5_KPASSWD_SOFTERROR.rst.txt | 18 - .../refs/macros/KRB5_KPASSWD_SUCCESS.rst.txt | 18 - .../macros/KRB5_LRQ_ALL_ACCT_EXPTIME.rst.txt | 17 - .../macros/KRB5_LRQ_ALL_LAST_INITIAL.rst.txt | 17 - .../macros/KRB5_LRQ_ALL_LAST_RENEWAL.rst.txt | 17 - .../refs/macros/KRB5_LRQ_ALL_LAST_REQ.rst.txt | 17 - .../refs/macros/KRB5_LRQ_ALL_LAST_TGT.rst.txt | 17 - .../KRB5_LRQ_ALL_LAST_TGT_ISSUED.rst.txt | 17 - .../macros/KRB5_LRQ_ALL_PW_EXPTIME.rst.txt | 17 - .../appdev/refs/macros/KRB5_LRQ_NONE.rst.txt | 17 - .../macros/KRB5_LRQ_ONE_ACCT_EXPTIME.rst.txt | 17 - .../macros/KRB5_LRQ_ONE_LAST_INITIAL.rst.txt | 17 - .../macros/KRB5_LRQ_ONE_LAST_RENEWAL.rst.txt | 17 - .../refs/macros/KRB5_LRQ_ONE_LAST_REQ.rst.txt | 17 - .../refs/macros/KRB5_LRQ_ONE_LAST_TGT.rst.txt | 17 - .../KRB5_LRQ_ONE_LAST_TGT_ISSUED.rst.txt | 17 - .../macros/KRB5_LRQ_ONE_PW_EXPTIME.rst.txt | 17 - .../KRB5_NT_ENTERPRISE_PRINCIPAL.rst.txt | 18 - .../KRB5_NT_ENT_PRINCIPAL_AND_ID.rst.txt | 18 - .../refs/macros/KRB5_NT_MS_PRINCIPAL.rst.txt | 18 - .../KRB5_NT_MS_PRINCIPAL_AND_ID.rst.txt | 18 - .../refs/macros/KRB5_NT_PRINCIPAL.rst.txt | 18 - .../refs/macros/KRB5_NT_SMTP_NAME.rst.txt | 18 - .../refs/macros/KRB5_NT_SRV_HST.rst.txt | 18 - .../refs/macros/KRB5_NT_SRV_INST.rst.txt | 18 - .../refs/macros/KRB5_NT_SRV_XHST.rst.txt | 18 - .../appdev/refs/macros/KRB5_NT_UID.rst.txt | 18 - .../refs/macros/KRB5_NT_UNKNOWN.rst.txt | 18 - .../refs/macros/KRB5_NT_WELLKNOWN.rst.txt | 18 - .../macros/KRB5_NT_X500_PRINCIPAL.rst.txt | 18 - .../macros/KRB5_PAC_ATTRIBUTES_INFO.rst.txt | 18 - .../macros/KRB5_PAC_CLIENT_CLAIMS.rst.txt | 18 - .../refs/macros/KRB5_PAC_CLIENT_INFO.rst.txt | 18 - .../macros/KRB5_PAC_CREDENTIALS_INFO.rst.txt | 18 - .../macros/KRB5_PAC_DELEGATION_INFO.rst.txt | 18 - .../macros/KRB5_PAC_DEVICE_CLAIMS.rst.txt | 18 - .../refs/macros/KRB5_PAC_DEVICE_INFO.rst.txt | 18 - .../macros/KRB5_PAC_FULL_CHECKSUM.rst.txt | 18 - .../refs/macros/KRB5_PAC_LOGON_INFO.rst.txt | 18 - .../macros/KRB5_PAC_PRIVSVR_CHECKSUM.rst.txt | 18 - .../refs/macros/KRB5_PAC_REQUESTOR.rst.txt | 18 - .../macros/KRB5_PAC_SERVER_CHECKSUM.rst.txt | 18 - .../macros/KRB5_PAC_TICKET_CHECKSUM.rst.txt | 18 - .../refs/macros/KRB5_PAC_UPN_DNS_INFO.rst.txt | 18 - .../refs/macros/KRB5_PADATA_AFS3_SALT.rst.txt | 18 - .../refs/macros/KRB5_PADATA_AP_REQ.rst.txt | 17 - .../macros/KRB5_PADATA_AS_CHECKSUM.rst.txt | 18 - .../macros/KRB5_PADATA_AS_FRESHNESS.rst.txt | 18 - .../KRB5_PADATA_ENCRYPTED_CHALLENGE.rst.txt | 18 - .../KRB5_PADATA_ENC_SANDIA_SECURID.rst.txt | 18 - .../macros/KRB5_PADATA_ENC_TIMESTAMP.rst.txt | 18 - .../macros/KRB5_PADATA_ENC_UNIX_TIME.rst.txt | 18 - .../macros/KRB5_PADATA_ETYPE_INFO.rst.txt | 18 - .../macros/KRB5_PADATA_ETYPE_INFO2.rst.txt | 18 - .../refs/macros/KRB5_PADATA_FOR_USER.rst.txt | 18 - .../refs/macros/KRB5_PADATA_FX_COOKIE.rst.txt | 18 - .../refs/macros/KRB5_PADATA_FX_ERROR.rst.txt | 18 - .../refs/macros/KRB5_PADATA_FX_FAST.rst.txt | 18 - .../KRB5_PADATA_GET_FROM_TYPED_DATA.rst.txt | 18 - .../refs/macros/KRB5_PADATA_NONE.rst.txt | 17 - .../refs/macros/KRB5_PADATA_OSF_DCE.rst.txt | 18 - .../macros/KRB5_PADATA_OTP_CHALLENGE.rst.txt | 18 - .../macros/KRB5_PADATA_OTP_PIN_CHANGE.rst.txt | 18 - .../macros/KRB5_PADATA_OTP_REQUEST.rst.txt | 18 - .../macros/KRB5_PADATA_PAC_OPTIONS.rst.txt | 18 - .../macros/KRB5_PADATA_PAC_REQUEST.rst.txt | 18 - .../refs/macros/KRB5_PADATA_PKINIT_KX.rst.txt | 18 - .../refs/macros/KRB5_PADATA_PK_AS_REP.rst.txt | 18 - .../macros/KRB5_PADATA_PK_AS_REP_OLD.rst.txt | 18 - .../refs/macros/KRB5_PADATA_PK_AS_REQ.rst.txt | 18 - .../macros/KRB5_PADATA_PK_AS_REQ_OLD.rst.txt | 18 - .../refs/macros/KRB5_PADATA_PW_SALT.rst.txt | 18 - .../KRB5_PADATA_REDHAT_IDP_OAUTH2.rst.txt | 18 - .../macros/KRB5_PADATA_REDHAT_PASSKEY.rst.txt | 18 - .../refs/macros/KRB5_PADATA_REFERRAL.rst.txt | 18 - .../macros/KRB5_PADATA_S4U_X509_USER.rst.txt | 18 - .../macros/KRB5_PADATA_SAM_CHALLENGE.rst.txt | 18 - .../KRB5_PADATA_SAM_CHALLENGE_2.rst.txt | 18 - .../macros/KRB5_PADATA_SAM_REDIRECT.rst.txt | 18 - .../macros/KRB5_PADATA_SAM_RESPONSE.rst.txt | 18 - .../macros/KRB5_PADATA_SAM_RESPONSE_2.rst.txt | 18 - .../refs/macros/KRB5_PADATA_SESAME.rst.txt | 18 - .../refs/macros/KRB5_PADATA_SPAKE.rst.txt | 17 - .../KRB5_PADATA_SVR_REFERRAL_INFO.rst.txt | 18 - .../refs/macros/KRB5_PADATA_TGS_REQ.rst.txt | 17 - .../KRB5_PADATA_USE_SPECIFIED_KVNO.rst.txt | 18 - .../KRB5_PRINCIPAL_COMPARE_CASEFOLD.rst.txt | 18 - .../KRB5_PRINCIPAL_COMPARE_ENTERPRISE.rst.txt | 18 - ...RB5_PRINCIPAL_COMPARE_IGNORE_REALM.rst.txt | 18 - .../KRB5_PRINCIPAL_COMPARE_UTF8.rst.txt | 18 - .../KRB5_PRINCIPAL_PARSE_ENTERPRISE.rst.txt | 18 - .../KRB5_PRINCIPAL_PARSE_IGNORE_REALM.rst.txt | 18 - .../KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.rst.txt | 18 - .../KRB5_PRINCIPAL_PARSE_NO_REALM.rst.txt | 18 - ...KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.rst.txt | 18 - .../KRB5_PRINCIPAL_UNPARSE_DISPLAY.rst.txt | 18 - .../KRB5_PRINCIPAL_UNPARSE_NO_REALM.rst.txt | 18 - .../KRB5_PRINCIPAL_UNPARSE_SHORT.rst.txt | 18 - .../appdev/refs/macros/KRB5_PRIV.rst.txt | 18 - .../KRB5_PROMPT_TYPE_NEW_PASSWORD.rst.txt | 18 - ...RB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.rst.txt | 18 - .../macros/KRB5_PROMPT_TYPE_PASSWORD.rst.txt | 18 - .../macros/KRB5_PROMPT_TYPE_PREAUTH.rst.txt | 18 - .../appdev/refs/macros/KRB5_PVNO.rst.txt | 18 - .../macros/KRB5_REALM_BRANCH_CHAR.rst.txt | 17 - .../macros/KRB5_RECVAUTH_BADAUTHVERS.rst.txt | 17 - .../macros/KRB5_RECVAUTH_SKIP_VERSION.rst.txt | 17 - .../refs/macros/KRB5_REFERRAL_REALM.rst.txt | 18 - ...B5_RESPONDER_OTP_FLAGS_COLLECT_PIN.rst.txt | 18 - ..._RESPONDER_OTP_FLAGS_COLLECT_TOKEN.rst.txt | 18 - .../KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.rst.txt | 18 - ...5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.rst.txt | 18 - ..._RESPONDER_OTP_FORMAT_ALPHANUMERIC.rst.txt | 17 - .../KRB5_RESPONDER_OTP_FORMAT_DECIMAL.rst.txt | 18 - ...5_RESPONDER_OTP_FORMAT_HEXADECIMAL.rst.txt | 17 - ...NIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.rst.txt | 18 - ...NIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.rst.txt | 18 - ...PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.rst.txt | 18 - .../KRB5_RESPONDER_QUESTION_OTP.rst.txt | 47 - .../KRB5_RESPONDER_QUESTION_PASSWORD.rst.txt | 19 - .../KRB5_RESPONDER_QUESTION_PKINIT.rst.txt | 34 - .../appdev/refs/macros/KRB5_SAFE.rst.txt | 18 - .../KRB5_SAM_MUST_PK_ENCRYPT_SAD.rst.txt | 18 - .../KRB5_SAM_SEND_ENCRYPTED_SAD.rst.txt | 17 - .../macros/KRB5_SAM_USE_SAD_AS_KEY.rst.txt | 17 - .../refs/macros/KRB5_TC_MATCH_2ND_TKT.rst.txt | 18 - .../macros/KRB5_TC_MATCH_AUTHDATA.rst.txt | 18 - .../refs/macros/KRB5_TC_MATCH_FLAGS.rst.txt | 18 - .../macros/KRB5_TC_MATCH_FLAGS_EXACT.rst.txt | 18 - .../refs/macros/KRB5_TC_MATCH_IS_SKEY.rst.txt | 18 - .../refs/macros/KRB5_TC_MATCH_KTYPE.rst.txt | 18 - .../macros/KRB5_TC_MATCH_SRV_NAMEONLY.rst.txt | 18 - .../refs/macros/KRB5_TC_MATCH_TIMES.rst.txt | 18 - .../macros/KRB5_TC_MATCH_TIMES_EXACT.rst.txt | 18 - .../refs/macros/KRB5_TC_NOTICKET.rst.txt | 17 - .../refs/macros/KRB5_TC_OPENCLOSE.rst.txt | 18 - .../macros/KRB5_TC_SUPPORTED_KTYPES.rst.txt | 18 - .../appdev/refs/macros/KRB5_TGS_NAME.rst.txt | 17 - .../refs/macros/KRB5_TGS_NAME_SIZE.rst.txt | 17 - .../appdev/refs/macros/KRB5_TGS_REP.rst.txt | 18 - .../appdev/refs/macros/KRB5_TGS_REQ.rst.txt | 18 - .../KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.rst.txt | 18 - ...ERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.rst.txt | 17 - .../macros/KRB5_WELLKNOWN_NAMESTR.rst.txt | 18 - .../LR_TYPE_INTERPRETATION_MASK.rst.txt | 17 - .../macros/LR_TYPE_THIS_SERVER_ONLY.rst.txt | 17 - .../refs/macros/MAX_KEYTAB_NAME_LEN.rst.txt | 18 - .../appdev/refs/macros/MSEC_DIRBIT.rst.txt | 17 - .../appdev/refs/macros/MSEC_VAL_MASK.rst.txt | 17 - .../refs/macros/SALT_TYPE_AFS_LENGTH.rst.txt | 17 - .../refs/macros/SALT_TYPE_NO_LENGTH.rst.txt | 17 - .../appdev/refs/macros/THREEPARAMOPEN.rst.txt | 17 - .../refs/macros/TKT_FLG_ANONYMOUS.rst.txt | 17 - .../refs/macros/TKT_FLG_ENC_PA_REP.rst.txt | 17 - .../refs/macros/TKT_FLG_FORWARDABLE.rst.txt | 17 - .../refs/macros/TKT_FLG_FORWARDED.rst.txt | 17 - .../refs/macros/TKT_FLG_HW_AUTH.rst.txt | 17 - .../refs/macros/TKT_FLG_INITIAL.rst.txt | 17 - .../refs/macros/TKT_FLG_INVALID.rst.txt | 17 - .../refs/macros/TKT_FLG_MAY_POSTDATE.rst.txt | 17 - .../macros/TKT_FLG_OK_AS_DELEGATE.rst.txt | 17 - .../refs/macros/TKT_FLG_POSTDATED.rst.txt | 17 - .../refs/macros/TKT_FLG_PRE_AUTH.rst.txt | 17 - .../refs/macros/TKT_FLG_PROXIABLE.rst.txt | 17 - .../appdev/refs/macros/TKT_FLG_PROXY.rst.txt | 17 - .../refs/macros/TKT_FLG_RENEWABLE.rst.txt | 17 - .../TKT_FLG_TRANSIT_POLICY_CHECKED.rst.txt | 17 - .../appdev/refs/macros/VALID_INT_BITS.rst.txt | 17 - .../refs/macros/VALID_UINT_BITS.rst.txt | 17 - .../_sources/appdev/refs/macros/index.rst.txt | 397 - .../macros/krb524_convert_creds_kdc.rst.txt | 17 - .../refs/macros/krb524_init_ets.rst.txt | 17 - .../appdev/refs/macros/krb5_const.rst.txt | 17 - .../refs/macros/krb5_princ_component.rst.txt | 17 - .../refs/macros/krb5_princ_name.rst.txt | 17 - .../refs/macros/krb5_princ_realm.rst.txt | 17 - .../refs/macros/krb5_princ_set_realm.rst.txt | 17 - .../macros/krb5_princ_set_realm_data.rst.txt | 17 - .../krb5_princ_set_realm_length.rst.txt | 17 - .../refs/macros/krb5_princ_size.rst.txt | 17 - .../refs/macros/krb5_princ_type.rst.txt | 17 - .../appdev/refs/macros/krb5_roundup.rst.txt | 17 - .../appdev/refs/macros/krb5_x.rst.txt | 17 - .../appdev/refs/macros/krb5_xc.rst.txt | 17 - .../_sources/appdev/refs/types/index.rst.txt | 108 - .../appdev/refs/types/krb5_address.rst.txt | 45 - .../appdev/refs/types/krb5_addrtype.rst.txt | 20 - .../appdev/refs/types/krb5_ap_rep.rst.txt | 35 - .../refs/types/krb5_ap_rep_enc_part.rst.txt | 50 - .../appdev/refs/types/krb5_ap_req.rst.txt | 45 - .../refs/types/krb5_auth_context.rst.txt | 20 - .../appdev/refs/types/krb5_authdata.rst.txt | 45 - .../refs/types/krb5_authdatatype.rst.txt | 20 - .../refs/types/krb5_authenticator.rst.txt | 65 - .../appdev/refs/types/krb5_boolean.rst.txt | 20 - .../appdev/refs/types/krb5_cc_cursor.rst.txt | 21 - .../appdev/refs/types/krb5_ccache.rst.txt | 20 - .../refs/types/krb5_cccol_cursor.rst.txt | 21 - .../appdev/refs/types/krb5_checksum.rst.txt | 44 - .../appdev/refs/types/krb5_cksumtype.rst.txt | 20 - .../refs/types/krb5_const_pointer.rst.txt | 20 - .../refs/types/krb5_const_principal.rst.txt | 50 - .../appdev/refs/types/krb5_context.rst.txt | 20 - .../appdev/refs/types/krb5_cred.rst.txt | 45 - .../refs/types/krb5_cred_enc_part.rst.txt | 60 - .../appdev/refs/types/krb5_cred_info.rst.txt | 60 - .../appdev/refs/types/krb5_creds.rst.txt | 80 - .../appdev/refs/types/krb5_crypto_iov.rst.txt | 35 - .../appdev/refs/types/krb5_cryptotype.rst.txt | 20 - .../appdev/refs/types/krb5_data.rst.txt | 39 - .../appdev/refs/types/krb5_deltat.rst.txt | 20 - .../appdev/refs/types/krb5_enc_data.rst.txt | 44 - .../refs/types/krb5_enc_kdc_rep_part.rst.txt | 80 - .../refs/types/krb5_enc_tkt_part.rst.txt | 65 - .../refs/types/krb5_encrypt_block.rst.txt | 39 - .../appdev/refs/types/krb5_enctype.rst.txt | 20 - .../appdev/refs/types/krb5_error.rst.txt | 75 - .../appdev/refs/types/krb5_error_code.rst.txt | 21 - .../types/krb5_expire_callback_func.rst.txt | 20 - .../appdev/refs/types/krb5_flags.rst.txt | 20 - .../types/krb5_get_init_creds_opt.rst.txt | 80 - .../refs/types/krb5_gic_opt_pa_data.rst.txt | 35 - .../types/krb5_init_creds_context.rst.txt | 20 - .../appdev/refs/types/krb5_int16.rst.txt | 20 - .../appdev/refs/types/krb5_int32.rst.txt | 20 - .../appdev/refs/types/krb5_kdc_rep.rst.txt | 60 - .../appdev/refs/types/krb5_kdc_req.rst.txt | 105 - .../appdev/refs/types/krb5_key.rst.txt | 21 - .../appdev/refs/types/krb5_keyblock.rst.txt | 45 - .../appdev/refs/types/krb5_keytab.rst.txt | 20 - .../refs/types/krb5_keytab_entry.rst.txt | 50 - .../appdev/refs/types/krb5_keyusage.rst.txt | 20 - .../appdev/refs/types/krb5_kt_cursor.rst.txt | 20 - .../appdev/refs/types/krb5_kvno.rst.txt | 20 - .../refs/types/krb5_last_req_entry.rst.txt | 40 - .../appdev/refs/types/krb5_magic.rst.txt | 20 - .../types/krb5_mk_req_checksum_func.rst.txt | 21 - .../appdev/refs/types/krb5_msgtype.rst.txt | 20 - .../appdev/refs/types/krb5_octet.rst.txt | 20 - .../appdev/refs/types/krb5_pa_data.rst.txt | 45 - .../appdev/refs/types/krb5_pa_pac_req.rst.txt | 29 - .../krb5_pa_server_referral_data.rst.txt | 49 - .../types/krb5_pa_svr_referral_data.rst.txt | 29 - .../appdev/refs/types/krb5_pac.rst.txt | 21 - .../appdev/refs/types/krb5_pointer.rst.txt | 20 - .../refs/types/krb5_post_recv_fn.rst.txt | 22 - .../refs/types/krb5_pre_send_fn.rst.txt | 24 - .../refs/types/krb5_preauthtype.rst.txt | 20 - .../appdev/refs/types/krb5_principal.rst.txt | 49 - .../refs/types/krb5_principal_data.rst.txt | 49 - .../appdev/refs/types/krb5_prompt.rst.txt | 40 - .../refs/types/krb5_prompt_type.rst.txt | 20 - .../refs/types/krb5_prompter_fct.rst.txt | 21 - .../appdev/refs/types/krb5_pwd_data.rst.txt | 39 - .../appdev/refs/types/krb5_rcache.rst.txt | 20 - .../refs/types/krb5_replay_data.rst.txt | 40 - .../refs/types/krb5_responder_context.rst.txt | 22 - .../refs/types/krb5_responder_fn.rst.txt | 21 - .../krb5_responder_otp_challenge.rst.txt | 34 - .../krb5_responder_otp_tokeninfo.rst.txt | 59 - .../krb5_responder_pkinit_challenge.rst.txt | 29 - .../krb5_responder_pkinit_identity.rst.txt | 34 - .../appdev/refs/types/krb5_response.rst.txt | 49 - .../appdev/refs/types/krb5_ticket.rst.txt | 45 - .../refs/types/krb5_ticket_times.rst.txt | 45 - .../appdev/refs/types/krb5_timestamp.rst.txt | 21 - .../refs/types/krb5_tkt_authent.rst.txt | 45 - .../refs/types/krb5_tkt_creds_context.rst.txt | 20 - .../refs/types/krb5_trace_callback.rst.txt | 20 - .../appdev/refs/types/krb5_trace_info.rst.txt | 30 - .../appdev/refs/types/krb5_transited.rst.txt | 40 - .../appdev/refs/types/krb5_typed_data.rst.txt | 44 - .../appdev/refs/types/krb5_ui_2.rst.txt | 20 - .../appdev/refs/types/krb5_ui_4.rst.txt | 20 - .../types/krb5_verify_init_creds_opt.rst.txt | 34 - .../refs/types/passwd_phrase_element.rst.txt | 39 - .../doc/html/_sources/appdev/y2038.rst.txt | 28 - .../html/_sources/basic/ccache_def.rst.txt | 160 - .../html/_sources/basic/date_format.rst.txt | 140 - .../doc/html/_sources/basic/index.rst.txt | 14 - .../html/_sources/basic/keytab_def.rst.txt | 59 - .../html/_sources/basic/rcache_def.rst.txt | 111 - .../_sources/basic/stash_file_def.rst.txt | 25 - .../html/_sources/build/directory_org.rst.txt | 75 - .../html/_sources/build/doing_build.rst.txt | 148 - .../doc/html/_sources/build/index.rst.txt | 63 - .../_sources/build/options2configure.rst.txt | 397 - .../doc/html/_sources/build/osconf.rst.txt | 26 - .../doc/html/_sources/build_this.rst.txt | 82 - .../doc/html/_sources/copyright.rst.txt | 8 - .../formats/ccache_file_format.rst.txt | 182 - .../doc/html/_sources/formats/cookie.rst.txt | 97 - .../_sources/formats/freshness_token.rst.txt | 19 - .../doc/html/_sources/formats/index.rst.txt | 11 - .../formats/keytab_file_format.rst.txt | 51 - .../formats/rcache_file_format.rst.txt | 50 - krb5-1.21.3/doc/html/_sources/index.rst.txt | 18 - .../doc/html/_sources/mitK5defaults.rst.txt | 79 - .../doc/html/_sources/mitK5features.rst.txt | 699 - .../doc/html/_sources/mitK5license.rst.txt | 11 - .../html/_sources/plugindev/ccselect.rst.txt | 28 - .../html/_sources/plugindev/certauth.rst.txt | 36 - .../html/_sources/plugindev/clpreauth.rst.txt | 54 - .../html/_sources/plugindev/general.rst.txt | 118 - .../html/_sources/plugindev/gssapi.rst.txt | 134 - .../html/_sources/plugindev/hostrealm.rst.txt | 39 - .../doc/html/_sources/plugindev/index.rst.txt | 38 - .../html/_sources/plugindev/internal.rst.txt | 32 - .../_sources/plugindev/kadm5_auth.rst.txt | 35 - .../_sources/plugindev/kadm5_hook.rst.txt | 27 - .../html/_sources/plugindev/kdcpolicy.rst.txt | 24 - .../_sources/plugindev/kdcpreauth.rst.txt | 79 - .../html/_sources/plugindev/localauth.rst.txt | 43 - .../html/_sources/plugindev/locate.rst.txt | 32 - .../html/_sources/plugindev/profile.rst.txt | 96 - .../html/_sources/plugindev/pwqual.rst.txt | 25 - .../doc/html/_sources/resources.rst.txt | 60 - .../doc/html/_sources/user/index.rst.txt | 10 - .../doc/html/_sources/user/pwd_mgmt.rst.txt | 106 - .../doc/html/_sources/user/tkt_mgmt.rst.txt | 314 - .../_sources/user/user_commands/index.rst.txt | 17 - .../user/user_commands/kdestroy.rst.txt | 77 - .../_sources/user/user_commands/kinit.rst.txt | 230 - .../_sources/user/user_commands/klist.rst.txt | 129 - .../user/user_commands/kpasswd.rst.txt | 46 - .../user/user_commands/krb5-config.rst.txt | 83 - .../_sources/user/user_commands/ksu.rst.txt | 411 - .../user/user_commands/kswitch.rst.txt | 50 - .../_sources/user/user_commands/kvno.rst.txt | 119 - .../user/user_commands/sclient.rst.txt | 30 - .../_sources/user/user_config/index.rst.txt | 13 - .../user/user_config/k5identity.rst.txt | 64 - .../_sources/user/user_config/k5login.rst.txt | 54 - .../user/user_config/kerberos.rst.txt | 185 - krb5-1.21.3/doc/html/_static/agogo.css | 538 - krb5-1.21.3/doc/html/_static/basic.css | 905 - krb5-1.21.3/doc/html/_static/bgfooter.png | Bin 276 -> 0 bytes krb5-1.21.3/doc/html/_static/bgtop.png | Bin 266 -> 0 bytes krb5-1.21.3/doc/html/_static/doctools.js | 323 - .../doc/html/_static/documentation_options.js | 12 - krb5-1.21.3/doc/html/_static/file.png | Bin 286 -> 0 bytes krb5-1.21.3/doc/html/_static/jquery.js | 10879 ------ krb5-1.21.3/doc/html/_static/kerb.css | 169 - krb5-1.21.3/doc/html/_static/language_data.js | 297 - krb5-1.21.3/doc/html/_static/minus.png | Bin 90 -> 0 bytes krb5-1.21.3/doc/html/_static/plus.png | Bin 90 -> 0 bytes krb5-1.21.3/doc/html/_static/pygments.css | 74 - krb5-1.21.3/doc/html/_static/searchtools.js | 532 - krb5-1.21.3/doc/html/_static/underscore.js | 2042 - krb5-1.21.3/doc/html/about.html | 157 - .../doc/html/admin/admin_commands/index.html | 180 - .../html/admin/admin_commands/k5srvutil.html | 225 - .../admin/admin_commands/kadmin_local.html | 1018 - .../html/admin/admin_commands/kadmind.html | 277 - .../admin/admin_commands/kdb5_ldap_util.html | 551 - .../html/admin/admin_commands/kdb5_util.html | 621 - .../doc/html/admin/admin_commands/kprop.html | 217 - .../doc/html/admin/admin_commands/kpropd.html | 289 - .../html/admin/admin_commands/kproplog.html | 242 - .../html/admin/admin_commands/krb5kdc.html | 262 - .../doc/html/admin/admin_commands/ktutil.html | 292 - .../html/admin/admin_commands/sserver.html | 271 - .../doc/html/admin/advanced/index.html | 160 - .../doc/html/admin/advanced/retiring-des.html | 548 - krb5-1.21.3/doc/html/admin/appl_servers.html | 306 - .../doc/html/admin/auth_indicator.html | 201 - krb5-1.21.3/doc/html/admin/backup_host.html | 184 - .../doc/html/admin/conf_files/index.html | 178 - .../doc/html/admin/conf_files/kadm5_acl.html | 337 - .../doc/html/admin/conf_files/kdc_conf.html | 1073 - .../doc/html/admin/conf_files/krb5_conf.html | 1340 - krb5-1.21.3/doc/html/admin/conf_ldap.html | 275 - krb5-1.21.3/doc/html/admin/database.html | 710 - krb5-1.21.3/doc/html/admin/dbtypes.html | 288 - krb5-1.21.3/doc/html/admin/dictionary.html | 226 - krb5-1.21.3/doc/html/admin/enctypes.html | 402 - krb5-1.21.3/doc/html/admin/env_variables.html | 153 - krb5-1.21.3/doc/html/admin/host_config.html | 362 - krb5-1.21.3/doc/html/admin/https.html | 193 - krb5-1.21.3/doc/html/admin/index.html | 186 - krb5-1.21.3/doc/html/admin/install.html | 197 - .../doc/html/admin/install_appl_srv.html | 225 - .../doc/html/admin/install_clients.html | 207 - krb5-1.21.3/doc/html/admin/install_kdc.html | 653 - krb5-1.21.3/doc/html/admin/lockout.html | 293 - krb5-1.21.3/doc/html/admin/otp.html | 241 - krb5-1.21.3/doc/html/admin/pkinit.html | 482 - krb5-1.21.3/doc/html/admin/princ_dns.html | 268 - krb5-1.21.3/doc/html/admin/realm_config.html | 394 - krb5-1.21.3/doc/html/admin/spake.html | 199 - krb5-1.21.3/doc/html/admin/troubleshoot.html | 266 - krb5-1.21.3/doc/html/admin/various_envs.html | 179 - krb5-1.21.3/doc/html/appdev/gssapi.html | 797 - .../doc/html/appdev/h5l_mit_apidiff.html | 177 - krb5-1.21.3/doc/html/appdev/index.html | 150 - krb5-1.21.3/doc/html/appdev/init_creds.html | 433 - krb5-1.21.3/doc/html/appdev/princ_handle.html | 162 - .../doc/html/appdev/refs/api/index.html | 553 - .../refs/api/krb5_425_conv_principal.html | 162 - .../refs/api/krb5_524_conv_principal.html | 168 - .../refs/api/krb5_524_convert_creds.html | 162 - .../appdev/refs/api/krb5_address_compare.html | 158 - .../appdev/refs/api/krb5_address_order.html | 160 - .../appdev/refs/api/krb5_address_search.html | 162 - .../refs/api/krb5_allow_weak_crypto.html | 158 - .../refs/api/krb5_aname_to_localname.html | 167 - .../refs/api/krb5_anonymous_principal.html | 154 - .../appdev/refs/api/krb5_anonymous_realm.html | 154 - .../refs/api/krb5_appdefault_boolean.html | 159 - .../refs/api/krb5_appdefault_string.html | 159 - .../appdev/refs/api/krb5_auth_con_free.html | 158 - .../refs/api/krb5_auth_con_genaddrs.html | 168 - .../api/krb5_auth_con_get_checksum_func.html | 159 - .../refs/api/krb5_auth_con_getaddrs.html | 159 - .../api/krb5_auth_con_getauthenticator.html | 159 - .../refs/api/krb5_auth_con_getflags.html | 167 - .../appdev/refs/api/krb5_auth_con_getkey.html | 159 - .../refs/api/krb5_auth_con_getkey_k.html | 159 - .../api/krb5_auth_con_getlocalseqnumber.html | 159 - .../api/krb5_auth_con_getlocalsubkey.html | 152 - .../refs/api/krb5_auth_con_getrcache.html | 159 - .../refs/api/krb5_auth_con_getrecvsubkey.html | 159 - .../api/krb5_auth_con_getrecvsubkey_k.html | 159 - .../api/krb5_auth_con_getremoteseqnumber.html | 159 - .../api/krb5_auth_con_getremotesubkey.html | 152 - .../refs/api/krb5_auth_con_getsendsubkey.html | 159 - .../api/krb5_auth_con_getsendsubkey_k.html | 159 - .../appdev/refs/api/krb5_auth_con_init.html | 160 - .../refs/api/krb5_auth_con_initivector.html | 158 - .../api/krb5_auth_con_set_checksum_func.html | 160 - .../api/krb5_auth_con_set_req_cksumtype.html | 159 - .../refs/api/krb5_auth_con_setaddrs.html | 164 - .../refs/api/krb5_auth_con_setflags.html | 167 - .../refs/api/krb5_auth_con_setports.html | 164 - .../refs/api/krb5_auth_con_setrcache.html | 159 - .../refs/api/krb5_auth_con_setrecvsubkey.html | 159 - .../api/krb5_auth_con_setrecvsubkey_k.html | 163 - .../refs/api/krb5_auth_con_setsendsubkey.html | 159 - .../api/krb5_auth_con_setsendsubkey_k.html | 163 - .../api/krb5_auth_con_setuseruserkey.html | 158 - .../appdev/refs/api/krb5_build_principal.html | 170 - .../api/krb5_build_principal_alloc_va.html | 167 - .../refs/api/krb5_build_principal_ext.html | 166 - .../refs/api/krb5_build_principal_va.html | 154 - .../appdev/refs/api/krb5_c_block_size.html | 158 - .../refs/api/krb5_c_checksum_length.html | 158 - .../appdev/refs/api/krb5_c_crypto_length.html | 159 - .../refs/api/krb5_c_crypto_length_iov.html | 160 - .../html/appdev/refs/api/krb5_c_decrypt.html | 166 - .../appdev/refs/api/krb5_c_decrypt_iov.html | 170 - .../refs/api/krb5_c_derive_prfplus.html | 154 - .../html/appdev/refs/api/krb5_c_encrypt.html | 166 - .../appdev/refs/api/krb5_c_encrypt_iov.html | 170 - .../refs/api/krb5_c_encrypt_length.html | 160 - .../refs/api/krb5_c_enctype_compare.html | 160 - .../appdev/refs/api/krb5_c_free_state.html | 158 - .../appdev/refs/api/krb5_c_fx_cf2_simple.html | 162 - .../appdev/refs/api/krb5_c_init_state.html | 159 - .../refs/api/krb5_c_is_coll_proof_cksum.html | 156 - .../refs/api/krb5_c_is_keyed_cksum.html | 156 - .../refs/api/krb5_c_keyed_checksum_types.html | 160 - .../appdev/refs/api/krb5_c_keylengths.html | 159 - .../appdev/refs/api/krb5_c_make_checksum.html | 170 - .../refs/api/krb5_c_make_checksum_iov.html | 170 - .../refs/api/krb5_c_make_random_key.html | 159 - .../refs/api/krb5_c_padding_length.html | 160 - .../doc/html/appdev/refs/api/krb5_c_prf.html | 160 - .../appdev/refs/api/krb5_c_prf_length.html | 158 - .../html/appdev/refs/api/krb5_c_prfplus.html | 164 - .../refs/api/krb5_c_random_add_entropy.html | 152 - .../refs/api/krb5_c_random_make_octets.html | 158 - .../refs/api/krb5_c_random_os_entropy.html | 152 - .../appdev/refs/api/krb5_c_random_seed.html | 151 - .../appdev/refs/api/krb5_c_random_to_key.html | 168 - .../appdev/refs/api/krb5_c_string_to_key.html | 161 - .../api/krb5_c_string_to_key_with_params.html | 162 - .../refs/api/krb5_c_valid_cksumtype.html | 156 - .../appdev/refs/api/krb5_c_valid_enctype.html | 156 - .../refs/api/krb5_c_verify_checksum.html | 166 - .../refs/api/krb5_c_verify_checksum_iov.html | 171 - .../refs/api/krb5_calculate_checksum.html | 156 - .../appdev/refs/api/krb5_cc_cache_match.html | 164 - .../html/appdev/refs/api/krb5_cc_close.html | 163 - .../appdev/refs/api/krb5_cc_copy_creds.html | 158 - .../html/appdev/refs/api/krb5_cc_default.html | 165 - .../appdev/refs/api/krb5_cc_default_name.html | 158 - .../html/appdev/refs/api/krb5_cc_destroy.html | 163 - .../doc/html/appdev/refs/api/krb5_cc_dup.html | 152 - .../appdev/refs/api/krb5_cc_end_seq_get.html | 163 - .../html/appdev/refs/api/krb5_cc_gen_new.html | 150 - .../appdev/refs/api/krb5_cc_get_config.html | 166 - .../appdev/refs/api/krb5_cc_get_flags.html | 162 - .../refs/api/krb5_cc_get_full_name.html | 156 - .../appdev/refs/api/krb5_cc_get_name.html | 161 - .../refs/api/krb5_cc_get_principal.html | 165 - .../appdev/refs/api/krb5_cc_get_type.html | 157 - .../appdev/refs/api/krb5_cc_initialize.html | 164 - .../html/appdev/refs/api/krb5_cc_move.html | 164 - .../appdev/refs/api/krb5_cc_new_unique.html | 164 - .../appdev/refs/api/krb5_cc_next_cred.html | 165 - .../appdev/refs/api/krb5_cc_remove_cred.html | 169 - .../html/appdev/refs/api/krb5_cc_resolve.html | 164 - .../refs/api/krb5_cc_retrieve_cred.html | 179 - .../html/appdev/refs/api/krb5_cc_select.html | 168 - .../appdev/refs/api/krb5_cc_set_config.html | 173 - .../refs/api/krb5_cc_set_default_name.html | 165 - .../appdev/refs/api/krb5_cc_set_flags.html | 159 - .../refs/api/krb5_cc_start_seq_get.html | 163 - .../appdev/refs/api/krb5_cc_store_cred.html | 164 - .../refs/api/krb5_cc_support_switch.html | 162 - .../html/appdev/refs/api/krb5_cc_switch.html | 163 - .../refs/api/krb5_cccol_cursor_free.html | 161 - .../refs/api/krb5_cccol_cursor_new.html | 163 - .../refs/api/krb5_cccol_cursor_next.html | 167 - .../refs/api/krb5_cccol_have_content.html | 161 - .../appdev/refs/api/krb5_change_password.html | 172 - .../appdev/refs/api/krb5_check_clockskew.html | 163 - .../appdev/refs/api/krb5_checksum_size.html | 151 - .../appdev/refs/api/krb5_chpw_message.html | 169 - .../refs/api/krb5_cksumtype_to_string.html | 158 - .../refs/api/krb5_clear_error_message.html | 150 - .../appdev/refs/api/krb5_copy_addresses.html | 159 - .../appdev/refs/api/krb5_copy_authdata.html | 163 - .../refs/api/krb5_copy_authenticator.html | 159 - .../appdev/refs/api/krb5_copy_checksum.html | 159 - .../appdev/refs/api/krb5_copy_context.html | 163 - .../html/appdev/refs/api/krb5_copy_creds.html | 159 - .../html/appdev/refs/api/krb5_copy_data.html | 159 - .../refs/api/krb5_copy_error_message.html | 150 - .../appdev/refs/api/krb5_copy_keyblock.html | 159 - .../refs/api/krb5_copy_keyblock_contents.html | 159 - .../appdev/refs/api/krb5_copy_principal.html | 159 - .../appdev/refs/api/krb5_copy_ticket.html | 159 - .../api/krb5_decode_authdata_container.html | 163 - .../appdev/refs/api/krb5_decode_ticket.html | 157 - .../html/appdev/refs/api/krb5_decrypt.html | 155 - .../refs/api/krb5_deltat_to_string.html | 158 - .../appdev/refs/api/krb5_eblock_enctype.html | 151 - .../api/krb5_encode_authdata_container.html | 164 - .../html/appdev/refs/api/krb5_encrypt.html | 155 - .../appdev/refs/api/krb5_encrypt_size.html | 151 - .../appdev/refs/api/krb5_enctype_to_name.html | 164 - .../refs/api/krb5_enctype_to_string.html | 158 - .../appdev/refs/api/krb5_expand_hostname.html | 156 - .../appdev/refs/api/krb5_find_authdata.html | 158 - .../html/appdev/refs/api/krb5_finish_key.html | 151 - .../refs/api/krb5_finish_random_key.html | 152 - .../appdev/refs/api/krb5_free_addresses.html | 155 - .../refs/api/krb5_free_ap_rep_enc_part.html | 151 - .../appdev/refs/api/krb5_free_authdata.html | 155 - .../refs/api/krb5_free_authenticator.html | 151 - .../appdev/refs/api/krb5_free_checksum.html | 151 - .../refs/api/krb5_free_checksum_contents.html | 151 - .../appdev/refs/api/krb5_free_cksumtypes.html | 150 - .../appdev/refs/api/krb5_free_context.html | 150 - .../refs/api/krb5_free_cred_contents.html | 151 - .../html/appdev/refs/api/krb5_free_creds.html | 151 - .../html/appdev/refs/api/krb5_free_data.html | 151 - .../refs/api/krb5_free_data_contents.html | 151 - .../refs/api/krb5_free_default_realm.html | 150 - .../appdev/refs/api/krb5_free_enctypes.html | 154 - .../html/appdev/refs/api/krb5_free_error.html | 151 - .../refs/api/krb5_free_error_message.html | 150 - .../appdev/refs/api/krb5_free_host_realm.html | 162 - .../appdev/refs/api/krb5_free_keyblock.html | 151 - .../refs/api/krb5_free_keyblock_contents.html | 151 - .../api/krb5_free_keytab_entry_contents.html | 161 - .../appdev/refs/api/krb5_free_principal.html | 150 - .../appdev/refs/api/krb5_free_string.html | 154 - .../appdev/refs/api/krb5_free_tgt_creds.html | 154 - .../appdev/refs/api/krb5_free_ticket.html | 151 - .../refs/api/krb5_free_unparsed_name.html | 150 - .../appdev/refs/api/krb5_fwd_tgt_creds.html | 173 - .../appdev/refs/api/krb5_get_credentials.html | 179 - .../refs/api/krb5_get_credentials_renew.html | 154 - .../api/krb5_get_credentials_validate.html | 154 - .../refs/api/krb5_get_default_realm.html | 164 - .../refs/api/krb5_get_error_message.html | 157 - .../appdev/refs/api/krb5_get_etype_info.html | 175 - .../api/krb5_get_fallback_host_realm.html | 154 - .../appdev/refs/api/krb5_get_host_realm.html | 167 - .../refs/api/krb5_get_in_tkt_with_keytab.html | 158 - .../api/krb5_get_in_tkt_with_password.html | 158 - .../refs/api/krb5_get_in_tkt_with_skey.html | 158 - .../refs/api/krb5_get_init_creds_keytab.html | 168 - .../api/krb5_get_init_creds_opt_alloc.html | 158 - .../api/krb5_get_init_creds_opt_free.html | 154 - ...rb5_get_init_creds_opt_get_fast_flags.html | 158 - .../api/krb5_get_init_creds_opt_init.html | 150 - ...5_get_init_creds_opt_set_address_list.html | 150 - ...krb5_get_init_creds_opt_set_anonymous.html | 151 - ...5_get_init_creds_opt_set_canonicalize.html | 150 - ..._creds_opt_set_change_password_prompt.html | 151 - ...rb5_get_init_creds_opt_set_etype_list.html | 151 - ...et_init_creds_opt_set_expire_callback.html | 167 - ...b5_get_init_creds_opt_set_fast_ccache.html | 156 - ...t_init_creds_opt_set_fast_ccache_name.html | 153 - ...rb5_get_init_creds_opt_set_fast_flags.html | 164 - ...b5_get_init_creds_opt_set_forwardable.html | 150 - ...krb5_get_init_creds_opt_set_in_ccache.html | 156 - ...rb5_get_init_creds_opt_set_out_ccache.html | 152 - .../api/krb5_get_init_creds_opt_set_pa.html | 153 - ...b5_get_init_creds_opt_set_pac_request.html | 156 - ...5_get_init_creds_opt_set_preauth_list.html | 152 - ...krb5_get_init_creds_opt_set_proxiable.html | 150 - ...rb5_get_init_creds_opt_set_renew_life.html | 150 - ...krb5_get_init_creds_opt_set_responder.html | 156 - .../api/krb5_get_init_creds_opt_set_salt.html | 151 - .../krb5_get_init_creds_opt_set_tkt_life.html | 150 - .../api/krb5_get_init_creds_password.html | 179 - .../refs/api/krb5_get_permitted_enctypes.html | 159 - .../appdev/refs/api/krb5_get_profile.html | 164 - .../refs/api/krb5_get_prompt_types.html | 156 - .../refs/api/krb5_get_renewed_creds.html | 167 - .../refs/api/krb5_get_server_rcache.html | 163 - .../refs/api/krb5_get_time_offsets.html | 159 - .../refs/api/krb5_get_validated_creds.html | 172 - .../appdev/refs/api/krb5_init_context.html | 166 - .../refs/api/krb5_init_context_profile.html | 158 - .../appdev/refs/api/krb5_init_creds_free.html | 153 - .../appdev/refs/api/krb5_init_creds_get.html | 161 - .../refs/api/krb5_init_creds_get_creds.html | 159 - .../refs/api/krb5_init_creds_get_error.html | 158 - .../refs/api/krb5_init_creds_get_times.html | 159 - .../appdev/refs/api/krb5_init_creds_init.html | 164 - .../refs/api/krb5_init_creds_set_keytab.html | 159 - .../api/krb5_init_creds_set_password.html | 159 - .../refs/api/krb5_init_creds_set_service.html | 159 - .../appdev/refs/api/krb5_init_creds_step.html | 167 - .../appdev/refs/api/krb5_init_keyblock.html | 164 - .../appdev/refs/api/krb5_init_random_key.html | 153 - .../refs/api/krb5_init_secure_context.html | 163 - .../refs/api/krb5_is_config_principal.html | 157 - .../refs/api/krb5_is_referral_realm.html | 156 - .../appdev/refs/api/krb5_is_thread_safe.html | 156 - .../appdev/refs/api/krb5_k_create_key.html | 159 - .../html/appdev/refs/api/krb5_k_decrypt.html | 166 - .../appdev/refs/api/krb5_k_decrypt_iov.html | 170 - .../html/appdev/refs/api/krb5_k_encrypt.html | 166 - .../appdev/refs/api/krb5_k_encrypt_iov.html | 170 - .../html/appdev/refs/api/krb5_k_free_key.html | 150 - .../appdev/refs/api/krb5_k_key_enctype.html | 150 - .../appdev/refs/api/krb5_k_key_keyblock.html | 151 - .../appdev/refs/api/krb5_k_make_checksum.html | 170 - .../refs/api/krb5_k_make_checksum_iov.html | 170 - .../doc/html/appdev/refs/api/krb5_k_prf.html | 164 - .../appdev/refs/api/krb5_k_reference_key.html | 150 - .../refs/api/krb5_k_verify_checksum.html | 166 - .../refs/api/krb5_k_verify_checksum_iov.html | 171 - .../appdev/refs/api/krb5_kdc_sign_ticket.html | 168 - .../refs/api/krb5_kdc_verify_ticket.html | 171 - .../appdev/refs/api/krb5_kt_add_entry.html | 165 - .../refs/api/krb5_kt_client_default.html | 167 - .../html/appdev/refs/api/krb5_kt_close.html | 157 - .../html/appdev/refs/api/krb5_kt_default.html | 163 - .../appdev/refs/api/krb5_kt_default_name.html | 165 - .../doc/html/appdev/refs/api/krb5_kt_dup.html | 156 - .../appdev/refs/api/krb5_kt_end_seq_get.html | 164 - .../appdev/refs/api/krb5_kt_free_entry.html | 151 - .../appdev/refs/api/krb5_kt_get_entry.html | 168 - .../appdev/refs/api/krb5_kt_get_name.html | 166 - .../appdev/refs/api/krb5_kt_get_type.html | 157 - .../appdev/refs/api/krb5_kt_have_content.html | 162 - .../appdev/refs/api/krb5_kt_next_entry.html | 166 - .../refs/api/krb5_kt_read_service_key.html | 169 - .../appdev/refs/api/krb5_kt_remove_entry.html | 164 - .../html/appdev/refs/api/krb5_kt_resolve.html | 168 - .../refs/api/krb5_kt_start_seq_get.html | 164 - .../html/appdev/refs/api/krb5_kuserok.html | 159 - .../api/krb5_make_authdata_kdc_issued.html | 154 - .../refs/api/krb5_marshal_credentials.html | 160 - .../appdev/refs/api/krb5_merge_authdata.html | 164 - .../html/appdev/refs/api/krb5_mk_1cred.html | 168 - .../html/appdev/refs/api/krb5_mk_error.html | 159 - .../html/appdev/refs/api/krb5_mk_ncred.html | 177 - .../html/appdev/refs/api/krb5_mk_priv.html | 169 - .../doc/html/appdev/refs/api/krb5_mk_rep.html | 161 - .../html/appdev/refs/api/krb5_mk_rep_dce.html | 159 - .../doc/html/appdev/refs/api/krb5_mk_req.html | 165 - .../appdev/refs/api/krb5_mk_req_extended.html | 177 - .../html/appdev/refs/api/krb5_mk_safe.html | 170 - .../appdev/refs/api/krb5_os_localaddr.html | 158 - .../appdev/refs/api/krb5_pac_add_buffer.html | 172 - .../html/appdev/refs/api/krb5_pac_free.html | 151 - .../appdev/refs/api/krb5_pac_get_buffer.html | 160 - .../refs/api/krb5_pac_get_client_info.html | 164 - .../appdev/refs/api/krb5_pac_get_types.html | 159 - .../html/appdev/refs/api/krb5_pac_init.html | 158 - .../html/appdev/refs/api/krb5_pac_parse.html | 160 - .../html/appdev/refs/api/krb5_pac_sign.html | 156 - .../appdev/refs/api/krb5_pac_sign_ext.html | 157 - .../html/appdev/refs/api/krb5_pac_verify.html | 167 - .../appdev/refs/api/krb5_pac_verify_ext.html | 160 - .../html/appdev/refs/api/krb5_parse_name.html | 172 - .../refs/api/krb5_parse_name_flags.html | 178 - .../refs/api/krb5_prepend_error_message.html | 152 - .../appdev/refs/api/krb5_principal2salt.html | 158 - .../refs/api/krb5_principal_compare.html | 158 - .../api/krb5_principal_compare_any_realm.html | 159 - .../api/krb5_principal_compare_flags.html | 172 - .../appdev/refs/api/krb5_process_key.html | 152 - .../appdev/refs/api/krb5_prompter_posix.html | 168 - .../html/appdev/refs/api/krb5_random_key.html | 153 - .../html/appdev/refs/api/krb5_rd_cred.html | 168 - .../html/appdev/refs/api/krb5_rd_error.html | 159 - .../html/appdev/refs/api/krb5_rd_priv.html | 169 - .../doc/html/appdev/refs/api/krb5_rd_rep.html | 161 - .../html/appdev/refs/api/krb5_rd_rep_dce.html | 160 - .../doc/html/appdev/refs/api/krb5_rd_req.html | 178 - .../html/appdev/refs/api/krb5_rd_safe.html | 169 - .../appdev/refs/api/krb5_read_password.html | 172 - .../appdev/refs/api/krb5_realm_compare.html | 158 - .../html/appdev/refs/api/krb5_recvauth.html | 169 - .../refs/api/krb5_recvauth_version.html | 164 - .../api/krb5_responder_get_challenge.html | 156 - .../api/krb5_responder_list_questions.html | 155 - .../krb5_responder_otp_challenge_free.html | 155 - .../api/krb5_responder_otp_get_challenge.html | 157 - .../api/krb5_responder_otp_set_answer.html | 157 - .../krb5_responder_pkinit_challenge_free.html | 155 - .../krb5_responder_pkinit_get_challenge.html | 157 - .../api/krb5_responder_pkinit_set_answer.html | 156 - .../refs/api/krb5_responder_set_answer.html | 164 - .../refs/api/krb5_salttype_to_string.html | 158 - .../html/appdev/refs/api/krb5_sendauth.html | 185 - .../krb5_server_decrypt_ticket_keytab.html | 159 - .../refs/api/krb5_set_default_realm.html | 163 - .../api/krb5_set_default_tgs_enctypes.html | 168 - .../refs/api/krb5_set_error_message.html | 151 - .../refs/api/krb5_set_kdc_recv_hook.html | 158 - .../refs/api/krb5_set_kdc_send_hook.html | 158 - .../appdev/refs/api/krb5_set_password.html | 173 - .../api/krb5_set_password_using_ccache.html | 173 - .../refs/api/krb5_set_principal_realm.html | 164 - .../appdev/refs/api/krb5_set_real_time.html | 159 - .../refs/api/krb5_set_trace_callback.html | 167 - .../refs/api/krb5_set_trace_filename.html | 166 - .../appdev/refs/api/krb5_sname_match.html | 163 - .../refs/api/krb5_sname_to_principal.html | 176 - .../refs/api/krb5_string_to_cksumtype.html | 157 - .../refs/api/krb5_string_to_deltat.html | 157 - .../refs/api/krb5_string_to_enctype.html | 157 - .../appdev/refs/api/krb5_string_to_key.html | 154 - .../refs/api/krb5_string_to_salttype.html | 157 - .../refs/api/krb5_string_to_timestamp.html | 157 - .../html/appdev/refs/api/krb5_timeofday.html | 163 - .../refs/api/krb5_timestamp_to_sfstring.html | 160 - .../refs/api/krb5_timestamp_to_string.html | 159 - .../appdev/refs/api/krb5_tkt_creds_free.html | 154 - .../appdev/refs/api/krb5_tkt_creds_get.html | 162 - .../refs/api/krb5_tkt_creds_get_creds.html | 163 - .../refs/api/krb5_tkt_creds_get_times.html | 163 - .../appdev/refs/api/krb5_tkt_creds_init.html | 167 - .../appdev/refs/api/krb5_tkt_creds_step.html | 168 - .../refs/api/krb5_unmarshal_credentials.html | 160 - .../appdev/refs/api/krb5_unparse_name.html | 165 - .../refs/api/krb5_unparse_name_ext.html | 166 - .../refs/api/krb5_unparse_name_flags.html | 176 - .../refs/api/krb5_unparse_name_flags_ext.html | 165 - .../appdev/refs/api/krb5_us_timeofday.html | 164 - .../appdev/refs/api/krb5_use_enctype.html | 152 - .../api/krb5_verify_authdata_kdc_issued.html | 154 - .../appdev/refs/api/krb5_verify_checksum.html | 156 - .../refs/api/krb5_verify_init_creds.html | 164 - .../api/krb5_verify_init_creds_opt_init.html | 149 - ...rify_init_creds_opt_set_ap_req_nofail.html | 152 - .../refs/api/krb5_vprepend_error_message.html | 153 - .../refs/api/krb5_vset_error_message.html | 152 - .../refs/api/krb5_vwrap_error_message.html | 154 - .../refs/api/krb5_wrap_error_message.html | 153 - krb5-1.21.3/doc/html/appdev/refs/index.html | 146 - .../appdev/refs/macros/ADDRTYPE_ADDRPORT.html | 155 - .../appdev/refs/macros/ADDRTYPE_CHAOS.html | 155 - .../html/appdev/refs/macros/ADDRTYPE_DDP.html | 155 - .../appdev/refs/macros/ADDRTYPE_INET.html | 155 - .../appdev/refs/macros/ADDRTYPE_INET6.html | 155 - .../appdev/refs/macros/ADDRTYPE_IPPORT.html | 155 - .../html/appdev/refs/macros/ADDRTYPE_ISO.html | 155 - .../appdev/refs/macros/ADDRTYPE_IS_LOCAL.html | 155 - .../appdev/refs/macros/ADDRTYPE_NETBIOS.html | 155 - .../html/appdev/refs/macros/ADDRTYPE_XNS.html | 155 - .../appdev/refs/macros/AD_TYPE_EXTERNAL.html | 155 - .../refs/macros/AD_TYPE_FIELD_TYPE_MASK.html | 155 - .../refs/macros/AD_TYPE_REGISTERED.html | 155 - .../appdev/refs/macros/AD_TYPE_RESERVED.html | 155 - .../macros/AP_OPTS_ETYPE_NEGOTIATION.html | 155 - .../refs/macros/AP_OPTS_MUTUAL_REQUIRED.html | 156 - .../appdev/refs/macros/AP_OPTS_RESERVED.html | 155 - .../refs/macros/AP_OPTS_USE_SESSION_KEY.html | 156 - .../refs/macros/AP_OPTS_USE_SUBKEY.html | 156 - .../appdev/refs/macros/AP_OPTS_WIRE_MASK.html | 155 - .../macros/CKSUMTYPE_CMAC_CAMELLIA128.html | 156 - .../macros/CKSUMTYPE_CMAC_CAMELLIA256.html | 156 - .../appdev/refs/macros/CKSUMTYPE_CRC32.html | 155 - .../appdev/refs/macros/CKSUMTYPE_DESCBC.html | 155 - .../macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.html | 156 - .../macros/CKSUMTYPE_HMAC_SHA1_96_AES128.html | 157 - .../macros/CKSUMTYPE_HMAC_SHA1_96_AES256.html | 157 - .../refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.html | 155 - .../CKSUMTYPE_HMAC_SHA256_128_AES128.html | 156 - .../CKSUMTYPE_HMAC_SHA384_192_AES256.html | 156 - .../macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.html | 155 - .../refs/macros/CKSUMTYPE_NIST_SHA.html | 155 - .../appdev/refs/macros/CKSUMTYPE_RSA_MD4.html | 155 - .../refs/macros/CKSUMTYPE_RSA_MD4_DES.html | 155 - .../appdev/refs/macros/CKSUMTYPE_RSA_MD5.html | 155 - .../refs/macros/CKSUMTYPE_RSA_MD5_DES.html | 155 - .../appdev/refs/macros/CKSUMTYPE_SHA1.html | 156 - .../ENCTYPE_AES128_CTS_HMAC_SHA1_96.html | 156 - .../ENCTYPE_AES128_CTS_HMAC_SHA256_128.html | 156 - .../ENCTYPE_AES256_CTS_HMAC_SHA1_96.html | 156 - .../ENCTYPE_AES256_CTS_HMAC_SHA384_192.html | 156 - .../refs/macros/ENCTYPE_ARCFOUR_HMAC.html | 156 - .../refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.html | 156 - .../macros/ENCTYPE_CAMELLIA128_CTS_CMAC.html | 156 - .../macros/ENCTYPE_CAMELLIA256_CTS_CMAC.html | 156 - .../refs/macros/ENCTYPE_DES3_CBC_ENV.html | 156 - .../refs/macros/ENCTYPE_DES3_CBC_RAW.html | 155 - .../refs/macros/ENCTYPE_DES3_CBC_SHA.html | 155 - .../refs/macros/ENCTYPE_DES3_CBC_SHA1.html | 155 - .../refs/macros/ENCTYPE_DES_CBC_CRC.html | 155 - .../refs/macros/ENCTYPE_DES_CBC_MD4.html | 155 - .../refs/macros/ENCTYPE_DES_CBC_MD5.html | 155 - .../refs/macros/ENCTYPE_DES_CBC_RAW.html | 155 - .../refs/macros/ENCTYPE_DES_HMAC_SHA1.html | 155 - .../refs/macros/ENCTYPE_DSA_SHA1_CMS.html | 156 - .../refs/macros/ENCTYPE_MD5_RSA_CMS.html | 156 - .../html/appdev/refs/macros/ENCTYPE_NULL.html | 155 - .../refs/macros/ENCTYPE_RC2_CBC_ENV.html | 156 - .../appdev/refs/macros/ENCTYPE_RSA_ENV.html | 156 - .../refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.html | 156 - .../refs/macros/ENCTYPE_SHA1_RSA_CMS.html | 156 - .../appdev/refs/macros/ENCTYPE_UNKNOWN.html | 155 - .../refs/macros/KDC_OPT_ALLOW_POSTDATE.html | 155 - .../refs/macros/KDC_OPT_CANONICALIZE.html | 155 - .../macros/KDC_OPT_CNAME_IN_ADDL_TKT.html | 155 - .../KDC_OPT_DISABLE_TRANSITED_CHECK.html | 155 - .../refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.html | 155 - .../refs/macros/KDC_OPT_FORWARDABLE.html | 155 - .../appdev/refs/macros/KDC_OPT_FORWARDED.html | 155 - .../appdev/refs/macros/KDC_OPT_POSTDATED.html | 155 - .../appdev/refs/macros/KDC_OPT_PROXIABLE.html | 155 - .../appdev/refs/macros/KDC_OPT_PROXY.html | 155 - .../appdev/refs/macros/KDC_OPT_RENEW.html | 155 - .../appdev/refs/macros/KDC_OPT_RENEWABLE.html | 155 - .../refs/macros/KDC_OPT_RENEWABLE_OK.html | 155 - .../macros/KDC_OPT_REQUEST_ANONYMOUS.html | 155 - .../appdev/refs/macros/KDC_OPT_VALIDATE.html | 155 - .../refs/macros/KDC_TKT_COMMON_MASK.html | 155 - .../KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.html | 156 - .../refs/macros/KRB5_ANONYMOUS_PRINCSTR.html | 156 - .../refs/macros/KRB5_ANONYMOUS_REALMSTR.html | 156 - .../html/appdev/refs/macros/KRB5_AP_REP.html | 156 - .../html/appdev/refs/macros/KRB5_AP_REQ.html | 156 - .../html/appdev/refs/macros/KRB5_AS_REP.html | 156 - .../html/appdev/refs/macros/KRB5_AS_REQ.html | 156 - .../refs/macros/KRB5_AUTHDATA_AND_OR.html | 155 - .../refs/macros/KRB5_AUTHDATA_AP_OPTIONS.html | 155 - .../macros/KRB5_AUTHDATA_AUTH_INDICATOR.html | 155 - .../refs/macros/KRB5_AUTHDATA_CAMMAC.html | 155 - .../KRB5_AUTHDATA_ETYPE_NEGOTIATION.html | 156 - .../refs/macros/KRB5_AUTHDATA_FX_ARMOR.html | 155 - .../macros/KRB5_AUTHDATA_IF_RELEVANT.html | 155 - .../KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.html | 155 - .../refs/macros/KRB5_AUTHDATA_KDC_ISSUED.html | 155 - .../KRB5_AUTHDATA_MANDATORY_FOR_KDC.html | 155 - .../refs/macros/KRB5_AUTHDATA_OSF_DCE.html | 155 - .../refs/macros/KRB5_AUTHDATA_SESAME.html | 155 - .../refs/macros/KRB5_AUTHDATA_SIGNTICKET.html | 155 - .../refs/macros/KRB5_AUTHDATA_WIN2K_PAC.html | 155 - .../macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html | 156 - .../macros/KRB5_AUTH_CONTEXT_DO_TIME.html | 156 - ...KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.html | 156 - ...AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.html | 156 - ...RB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.html | 156 - ...UTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.html | 156 - .../macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.html | 155 - .../KRB5_AUTH_CONTEXT_RET_SEQUENCE.html | 156 - .../macros/KRB5_AUTH_CONTEXT_RET_TIME.html | 156 - .../macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.html | 155 - .../html/appdev/refs/macros/KRB5_CRED.html | 156 - .../macros/KRB5_CRYPTO_TYPE_CHECKSUM.html | 156 - .../refs/macros/KRB5_CRYPTO_TYPE_DATA.html | 156 - .../refs/macros/KRB5_CRYPTO_TYPE_EMPTY.html | 156 - .../refs/macros/KRB5_CRYPTO_TYPE_HEADER.html | 156 - .../refs/macros/KRB5_CRYPTO_TYPE_PADDING.html | 156 - .../macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.html | 156 - .../refs/macros/KRB5_CRYPTO_TYPE_STREAM.html | 156 - .../refs/macros/KRB5_CRYPTO_TYPE_TRAILER.html | 156 - .../refs/macros/KRB5_CYBERSAFE_SECUREID.html | 157 - .../macros/KRB5_DOMAIN_X500_COMPRESS.html | 156 - .../macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.html | 156 - .../html/appdev/refs/macros/KRB5_ERROR.html | 156 - .../refs/macros/KRB5_FAST_REQUIRED.html | 156 - .../appdev/refs/macros/KRB5_GC_CACHED.html | 156 - .../refs/macros/KRB5_GC_CANONICALIZE.html | 156 - .../KRB5_GC_CONSTRAINED_DELEGATION.html | 156 - .../refs/macros/KRB5_GC_FORWARDABLE.html | 156 - .../appdev/refs/macros/KRB5_GC_NO_STORE.html | 156 - .../refs/macros/KRB5_GC_NO_TRANSIT_CHECK.html | 156 - .../appdev/refs/macros/KRB5_GC_USER_USER.html | 156 - .../KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.html | 155 - .../KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.html | 155 - .../KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.html | 155 - ...KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.html | 155 - .../KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.html | 155 - .../KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.html | 155 - .../KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.html | 155 - .../KRB5_GET_INIT_CREDS_OPT_PROXIABLE.html | 155 - .../KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.html | 155 - .../macros/KRB5_GET_INIT_CREDS_OPT_SALT.html | 155 - .../KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.html | 155 - .../refs/macros/KRB5_INIT_CONTEXT_KDC.html | 156 - .../refs/macros/KRB5_INIT_CONTEXT_SECURE.html | 156 - .../KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.html | 156 - .../appdev/refs/macros/KRB5_INT16_MAX.html | 155 - .../appdev/refs/macros/KRB5_INT16_MIN.html | 155 - .../appdev/refs/macros/KRB5_INT32_MAX.html | 155 - .../appdev/refs/macros/KRB5_INT32_MIN.html | 155 - .../refs/macros/KRB5_KEYUSAGE_AD_ITE.html | 155 - .../KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.html | 155 - .../refs/macros/KRB5_KEYUSAGE_AD_MTE.html | 155 - .../macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.html | 155 - .../macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.html | 155 - .../KRB5_KEYUSAGE_APP_DATA_ENCRYPT.html | 155 - .../macros/KRB5_KEYUSAGE_AP_REP_ENCPART.html | 155 - .../macros/KRB5_KEYUSAGE_AP_REQ_AUTH.html | 155 - .../KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.html | 155 - .../macros/KRB5_KEYUSAGE_AS_REP_ENCPART.html | 155 - .../refs/macros/KRB5_KEYUSAGE_AS_REQ.html | 155 - .../KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.html | 155 - .../refs/macros/KRB5_KEYUSAGE_CAMMAC.html | 155 - .../KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.html | 155 - .../KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.html | 155 - .../refs/macros/KRB5_KEYUSAGE_FAST_ENC.html | 155 - .../macros/KRB5_KEYUSAGE_FAST_FINISHED.html | 155 - .../refs/macros/KRB5_KEYUSAGE_FAST_REP.html | 155 - .../macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.html | 155 - .../macros/KRB5_KEYUSAGE_GSS_TOK_MIC.html | 155 - .../KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.html | 155 - .../KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.html | 155 - .../macros/KRB5_KEYUSAGE_IAKERB_FINISHED.html | 155 - .../macros/KRB5_KEYUSAGE_KDC_REP_TICKET.html | 155 - .../KRB5_KEYUSAGE_KRB_CRED_ENCPART.html | 155 - .../macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.html | 155 - .../KRB5_KEYUSAGE_KRB_PRIV_ENCPART.html | 155 - .../macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.html | 155 - .../macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.html | 156 - .../macros/KRB5_KEYUSAGE_PA_FX_COOKIE.html | 156 - .../macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.html | 156 - .../macros/KRB5_KEYUSAGE_PA_PKINIT_KX.html | 155 - .../KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.html | 155 - ...RB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.html | 155 - .../KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.html | 155 - ...RB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.html | 155 - .../macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.html | 155 - .../refs/macros/KRB5_KEYUSAGE_SPAKE.html | 155 - ...KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.html | 155 - .../KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.html | 155 - .../KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.html | 155 - .../KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.html | 155 - .../macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.html | 155 - .../KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.html | 155 - .../macros/KRB5_KPASSWD_ACCESSDENIED.html | 156 - .../refs/macros/KRB5_KPASSWD_AUTHERROR.html | 156 - .../refs/macros/KRB5_KPASSWD_BAD_VERSION.html | 156 - .../refs/macros/KRB5_KPASSWD_HARDERROR.html | 156 - .../KRB5_KPASSWD_INITIAL_FLAG_NEEDED.html | 156 - .../refs/macros/KRB5_KPASSWD_MALFORMED.html | 156 - .../refs/macros/KRB5_KPASSWD_SOFTERROR.html | 156 - .../refs/macros/KRB5_KPASSWD_SUCCESS.html | 156 - .../macros/KRB5_LRQ_ALL_ACCT_EXPTIME.html | 155 - .../macros/KRB5_LRQ_ALL_LAST_INITIAL.html | 155 - .../macros/KRB5_LRQ_ALL_LAST_RENEWAL.html | 155 - .../refs/macros/KRB5_LRQ_ALL_LAST_REQ.html | 155 - .../refs/macros/KRB5_LRQ_ALL_LAST_TGT.html | 155 - .../macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.html | 155 - .../refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.html | 155 - .../appdev/refs/macros/KRB5_LRQ_NONE.html | 155 - .../macros/KRB5_LRQ_ONE_ACCT_EXPTIME.html | 155 - .../macros/KRB5_LRQ_ONE_LAST_INITIAL.html | 155 - .../macros/KRB5_LRQ_ONE_LAST_RENEWAL.html | 155 - .../refs/macros/KRB5_LRQ_ONE_LAST_REQ.html | 155 - .../refs/macros/KRB5_LRQ_ONE_LAST_TGT.html | 155 - .../macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.html | 155 - .../refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.html | 155 - .../macros/KRB5_NT_ENTERPRISE_PRINCIPAL.html | 156 - .../macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.html | 156 - .../refs/macros/KRB5_NT_MS_PRINCIPAL.html | 156 - .../macros/KRB5_NT_MS_PRINCIPAL_AND_ID.html | 156 - .../appdev/refs/macros/KRB5_NT_PRINCIPAL.html | 156 - .../appdev/refs/macros/KRB5_NT_SMTP_NAME.html | 156 - .../appdev/refs/macros/KRB5_NT_SRV_HST.html | 156 - .../appdev/refs/macros/KRB5_NT_SRV_INST.html | 156 - .../appdev/refs/macros/KRB5_NT_SRV_XHST.html | 156 - .../html/appdev/refs/macros/KRB5_NT_UID.html | 156 - .../appdev/refs/macros/KRB5_NT_UNKNOWN.html | 156 - .../appdev/refs/macros/KRB5_NT_WELLKNOWN.html | 156 - .../refs/macros/KRB5_NT_X500_PRINCIPAL.html | 156 - .../refs/macros/KRB5_PAC_ATTRIBUTES_INFO.html | 156 - .../refs/macros/KRB5_PAC_CLIENT_CLAIMS.html | 156 - .../refs/macros/KRB5_PAC_CLIENT_INFO.html | 156 - .../macros/KRB5_PAC_CREDENTIALS_INFO.html | 156 - .../refs/macros/KRB5_PAC_DELEGATION_INFO.html | 156 - .../refs/macros/KRB5_PAC_DEVICE_CLAIMS.html | 156 - .../refs/macros/KRB5_PAC_DEVICE_INFO.html | 156 - .../refs/macros/KRB5_PAC_FULL_CHECKSUM.html | 156 - .../refs/macros/KRB5_PAC_LOGON_INFO.html | 156 - .../macros/KRB5_PAC_PRIVSVR_CHECKSUM.html | 156 - .../refs/macros/KRB5_PAC_REQUESTOR.html | 156 - .../refs/macros/KRB5_PAC_SERVER_CHECKSUM.html | 156 - .../refs/macros/KRB5_PAC_TICKET_CHECKSUM.html | 156 - .../refs/macros/KRB5_PAC_UPN_DNS_INFO.html | 156 - .../refs/macros/KRB5_PADATA_AFS3_SALT.html | 157 - .../refs/macros/KRB5_PADATA_AP_REQ.html | 155 - .../refs/macros/KRB5_PADATA_AS_CHECKSUM.html | 156 - .../refs/macros/KRB5_PADATA_AS_FRESHNESS.html | 156 - .../KRB5_PADATA_ENCRYPTED_CHALLENGE.html | 156 - .../KRB5_PADATA_ENC_SANDIA_SECURID.html | 157 - .../macros/KRB5_PADATA_ENC_TIMESTAMP.html | 156 - .../macros/KRB5_PADATA_ENC_UNIX_TIME.html | 157 - .../refs/macros/KRB5_PADATA_ETYPE_INFO.html | 157 - .../refs/macros/KRB5_PADATA_ETYPE_INFO2.html | 156 - .../refs/macros/KRB5_PADATA_FOR_USER.html | 156 - .../refs/macros/KRB5_PADATA_FX_COOKIE.html | 156 - .../refs/macros/KRB5_PADATA_FX_ERROR.html | 156 - .../refs/macros/KRB5_PADATA_FX_FAST.html | 156 - .../KRB5_PADATA_GET_FROM_TYPED_DATA.html | 157 - .../appdev/refs/macros/KRB5_PADATA_NONE.html | 155 - .../refs/macros/KRB5_PADATA_OSF_DCE.html | 157 - .../macros/KRB5_PADATA_OTP_CHALLENGE.html | 156 - .../macros/KRB5_PADATA_OTP_PIN_CHANGE.html | 156 - .../refs/macros/KRB5_PADATA_OTP_REQUEST.html | 156 - .../refs/macros/KRB5_PADATA_PAC_OPTIONS.html | 156 - .../refs/macros/KRB5_PADATA_PAC_REQUEST.html | 156 - .../refs/macros/KRB5_PADATA_PKINIT_KX.html | 156 - .../refs/macros/KRB5_PADATA_PK_AS_REP.html | 157 - .../macros/KRB5_PADATA_PK_AS_REP_OLD.html | 156 - .../refs/macros/KRB5_PADATA_PK_AS_REQ.html | 157 - .../macros/KRB5_PADATA_PK_AS_REQ_OLD.html | 156 - .../refs/macros/KRB5_PADATA_PW_SALT.html | 156 - .../macros/KRB5_PADATA_REDHAT_IDP_OAUTH2.html | 156 - .../macros/KRB5_PADATA_REDHAT_PASSKEY.html | 156 - .../refs/macros/KRB5_PADATA_REFERRAL.html | 156 - .../macros/KRB5_PADATA_S4U_X509_USER.html | 156 - .../macros/KRB5_PADATA_SAM_CHALLENGE.html | 156 - .../macros/KRB5_PADATA_SAM_CHALLENGE_2.html | 156 - .../refs/macros/KRB5_PADATA_SAM_REDIRECT.html | 157 - .../refs/macros/KRB5_PADATA_SAM_RESPONSE.html | 156 - .../macros/KRB5_PADATA_SAM_RESPONSE_2.html | 156 - .../refs/macros/KRB5_PADATA_SESAME.html | 157 - .../appdev/refs/macros/KRB5_PADATA_SPAKE.html | 155 - .../macros/KRB5_PADATA_SVR_REFERRAL_INFO.html | 157 - .../refs/macros/KRB5_PADATA_TGS_REQ.html | 155 - .../KRB5_PADATA_USE_SPECIFIED_KVNO.html | 156 - .../KRB5_PRINCIPAL_COMPARE_CASEFOLD.html | 156 - .../KRB5_PRINCIPAL_COMPARE_ENTERPRISE.html | 156 - .../KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.html | 156 - .../macros/KRB5_PRINCIPAL_COMPARE_UTF8.html | 156 - .../KRB5_PRINCIPAL_PARSE_ENTERPRISE.html | 156 - .../KRB5_PRINCIPAL_PARSE_IGNORE_REALM.html | 156 - .../KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.html | 156 - .../macros/KRB5_PRINCIPAL_PARSE_NO_REALM.html | 156 - .../KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.html | 156 - .../KRB5_PRINCIPAL_UNPARSE_DISPLAY.html | 156 - .../KRB5_PRINCIPAL_UNPARSE_NO_REALM.html | 156 - .../macros/KRB5_PRINCIPAL_UNPARSE_SHORT.html | 156 - .../html/appdev/refs/macros/KRB5_PRIV.html | 156 - .../macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.html | 156 - .../KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.html | 156 - .../macros/KRB5_PROMPT_TYPE_PASSWORD.html | 156 - .../refs/macros/KRB5_PROMPT_TYPE_PREAUTH.html | 156 - .../html/appdev/refs/macros/KRB5_PVNO.html | 156 - .../refs/macros/KRB5_REALM_BRANCH_CHAR.html | 155 - .../macros/KRB5_RECVAUTH_BADAUTHVERS.html | 155 - .../macros/KRB5_RECVAUTH_SKIP_VERSION.html | 155 - .../refs/macros/KRB5_REFERRAL_REALM.html | 156 - .../KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.html | 156 - ...RB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.html | 156 - .../KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.html | 157 - ...KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.html | 157 - ...RB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.html | 155 - .../KRB5_RESPONDER_OTP_FORMAT_DECIMAL.html | 156 - ...KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.html | 155 - ...PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.html | 156 - ...PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.html | 156 - ...ER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.html | 156 - .../macros/KRB5_RESPONDER_QUESTION_OTP.html | 183 - .../KRB5_RESPONDER_QUESTION_PASSWORD.html | 157 - .../KRB5_RESPONDER_QUESTION_PKINIT.html | 170 - .../html/appdev/refs/macros/KRB5_SAFE.html | 156 - .../macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.html | 156 - .../macros/KRB5_SAM_SEND_ENCRYPTED_SAD.html | 155 - .../refs/macros/KRB5_SAM_USE_SAD_AS_KEY.html | 155 - .../refs/macros/KRB5_TC_MATCH_2ND_TKT.html | 156 - .../refs/macros/KRB5_TC_MATCH_AUTHDATA.html | 156 - .../refs/macros/KRB5_TC_MATCH_FLAGS.html | 156 - .../macros/KRB5_TC_MATCH_FLAGS_EXACT.html | 156 - .../refs/macros/KRB5_TC_MATCH_IS_SKEY.html | 156 - .../refs/macros/KRB5_TC_MATCH_KTYPE.html | 156 - .../macros/KRB5_TC_MATCH_SRV_NAMEONLY.html | 156 - .../refs/macros/KRB5_TC_MATCH_TIMES.html | 156 - .../macros/KRB5_TC_MATCH_TIMES_EXACT.html | 156 - .../appdev/refs/macros/KRB5_TC_NOTICKET.html | 155 - .../appdev/refs/macros/KRB5_TC_OPENCLOSE.html | 156 - .../refs/macros/KRB5_TC_SUPPORTED_KTYPES.html | 156 - .../appdev/refs/macros/KRB5_TGS_NAME.html | 155 - .../refs/macros/KRB5_TGS_NAME_SIZE.html | 155 - .../html/appdev/refs/macros/KRB5_TGS_REP.html | 156 - .../html/appdev/refs/macros/KRB5_TGS_REQ.html | 156 - .../KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.html | 156 - ...5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.html | 155 - .../refs/macros/KRB5_WELLKNOWN_NAMESTR.html | 156 - .../macros/LR_TYPE_INTERPRETATION_MASK.html | 155 - .../refs/macros/LR_TYPE_THIS_SERVER_ONLY.html | 155 - .../refs/macros/MAX_KEYTAB_NAME_LEN.html | 156 - .../html/appdev/refs/macros/MSEC_DIRBIT.html | 155 - .../appdev/refs/macros/MSEC_VAL_MASK.html | 155 - .../refs/macros/SALT_TYPE_AFS_LENGTH.html | 155 - .../refs/macros/SALT_TYPE_NO_LENGTH.html | 155 - .../appdev/refs/macros/THREEPARAMOPEN.html | 155 - .../appdev/refs/macros/TKT_FLG_ANONYMOUS.html | 155 - .../refs/macros/TKT_FLG_ENC_PA_REP.html | 155 - .../refs/macros/TKT_FLG_FORWARDABLE.html | 155 - .../appdev/refs/macros/TKT_FLG_FORWARDED.html | 155 - .../appdev/refs/macros/TKT_FLG_HW_AUTH.html | 155 - .../appdev/refs/macros/TKT_FLG_INITIAL.html | 155 - .../appdev/refs/macros/TKT_FLG_INVALID.html | 155 - .../refs/macros/TKT_FLG_MAY_POSTDATE.html | 155 - .../refs/macros/TKT_FLG_OK_AS_DELEGATE.html | 155 - .../appdev/refs/macros/TKT_FLG_POSTDATED.html | 155 - .../appdev/refs/macros/TKT_FLG_PRE_AUTH.html | 155 - .../appdev/refs/macros/TKT_FLG_PROXIABLE.html | 155 - .../appdev/refs/macros/TKT_FLG_PROXY.html | 155 - .../appdev/refs/macros/TKT_FLG_RENEWABLE.html | 155 - .../TKT_FLG_TRANSIT_POLICY_CHECKED.html | 155 - .../appdev/refs/macros/VALID_INT_BITS.html | 155 - .../appdev/refs/macros/VALID_UINT_BITS.html | 155 - .../doc/html/appdev/refs/macros/index.html | 538 - .../refs/macros/krb524_convert_creds_kdc.html | 155 - .../appdev/refs/macros/krb524_init_ets.html | 155 - .../html/appdev/refs/macros/krb5_const.html | 155 - .../refs/macros/krb5_princ_component.html | 155 - .../appdev/refs/macros/krb5_princ_name.html | 155 - .../appdev/refs/macros/krb5_princ_realm.html | 155 - .../refs/macros/krb5_princ_set_realm.html | 155 - .../macros/krb5_princ_set_realm_data.html | 155 - .../macros/krb5_princ_set_realm_length.html | 155 - .../appdev/refs/macros/krb5_princ_size.html | 155 - .../appdev/refs/macros/krb5_princ_type.html | 155 - .../html/appdev/refs/macros/krb5_roundup.html | 155 - .../doc/html/appdev/refs/macros/krb5_x.html | 155 - .../doc/html/appdev/refs/macros/krb5_xc.html | 155 - .../doc/html/appdev/refs/types/index.html | 248 - .../html/appdev/refs/types/krb5_address.html | 176 - .../html/appdev/refs/types/krb5_addrtype.html | 151 - .../html/appdev/refs/types/krb5_ap_rep.html | 168 - .../refs/types/krb5_ap_rep_enc_part.html | 185 - .../html/appdev/refs/types/krb5_ap_req.html | 179 - .../appdev/refs/types/krb5_auth_context.html | 151 - .../html/appdev/refs/types/krb5_authdata.html | 179 - .../appdev/refs/types/krb5_authdatatype.html | 151 - .../appdev/refs/types/krb5_authenticator.html | 204 - .../html/appdev/refs/types/krb5_boolean.html | 151 - .../appdev/refs/types/krb5_cc_cursor.html | 152 - .../html/appdev/refs/types/krb5_ccache.html | 151 - .../appdev/refs/types/krb5_cccol_cursor.html | 152 - .../html/appdev/refs/types/krb5_checksum.html | 175 - .../appdev/refs/types/krb5_cksumtype.html | 151 - .../appdev/refs/types/krb5_const_pointer.html | 151 - .../refs/types/krb5_const_principal.html | 182 - .../html/appdev/refs/types/krb5_context.html | 151 - .../doc/html/appdev/refs/types/krb5_cred.html | 179 - .../appdev/refs/types/krb5_cred_enc_part.html | 196 - .../appdev/refs/types/krb5_cred_info.html | 197 - .../html/appdev/refs/types/krb5_creds.html | 221 - .../appdev/refs/types/krb5_crypto_iov.html | 168 - .../appdev/refs/types/krb5_cryptotype.html | 151 - .../doc/html/appdev/refs/types/krb5_data.html | 170 - .../html/appdev/refs/types/krb5_deltat.html | 151 - .../html/appdev/refs/types/krb5_enc_data.html | 175 - .../refs/types/krb5_enc_kdc_rep_part.html | 222 - .../appdev/refs/types/krb5_enc_tkt_part.html | 203 - .../appdev/refs/types/krb5_encrypt_block.html | 170 - .../html/appdev/refs/types/krb5_enctype.html | 151 - .../html/appdev/refs/types/krb5_error.html | 215 - .../appdev/refs/types/krb5_error_code.html | 153 - .../refs/types/krb5_expire_callback_func.html | 151 - .../html/appdev/refs/types/krb5_flags.html | 151 - .../refs/types/krb5_get_init_creds_opt.html | 211 - .../refs/types/krb5_gic_opt_pa_data.html | 166 - .../refs/types/krb5_init_creds_context.html | 151 - .../html/appdev/refs/types/krb5_int16.html | 151 - .../html/appdev/refs/types/krb5_int32.html | 151 - .../html/appdev/refs/types/krb5_kdc_rep.html | 197 - .../html/appdev/refs/types/krb5_kdc_req.html | 251 - .../doc/html/appdev/refs/types/krb5_key.html | 153 - .../html/appdev/refs/types/krb5_keyblock.html | 176 - .../html/appdev/refs/types/krb5_keytab.html | 151 - .../appdev/refs/types/krb5_keytab_entry.html | 185 - .../html/appdev/refs/types/krb5_keyusage.html | 151 - .../appdev/refs/types/krb5_kt_cursor.html | 151 - .../doc/html/appdev/refs/types/krb5_kvno.html | 151 - .../refs/types/krb5_last_req_entry.html | 173 - .../html/appdev/refs/types/krb5_magic.html | 151 - .../refs/types/krb5_mk_req_checksum_func.html | 152 - .../html/appdev/refs/types/krb5_msgtype.html | 151 - .../html/appdev/refs/types/krb5_octet.html | 151 - .../html/appdev/refs/types/krb5_pa_data.html | 179 - .../appdev/refs/types/krb5_pa_pac_req.html | 161 - .../types/krb5_pa_server_referral_data.html | 180 - .../refs/types/krb5_pa_svr_referral_data.html | 161 - .../doc/html/appdev/refs/types/krb5_pac.html | 152 - .../html/appdev/refs/types/krb5_pointer.html | 151 - .../appdev/refs/types/krb5_post_recv_fn.html | 154 - .../appdev/refs/types/krb5_pre_send_fn.html | 156 - .../appdev/refs/types/krb5_preauthtype.html | 151 - .../appdev/refs/types/krb5_principal.html | 181 - .../refs/types/krb5_principal_data.html | 181 - .../html/appdev/refs/types/krb5_prompt.html | 175 - .../appdev/refs/types/krb5_prompt_type.html | 151 - .../appdev/refs/types/krb5_prompter_fct.html | 152 - .../html/appdev/refs/types/krb5_pwd_data.html | 170 - .../html/appdev/refs/types/krb5_rcache.html | 151 - .../appdev/refs/types/krb5_replay_data.html | 175 - .../refs/types/krb5_responder_context.html | 153 - .../appdev/refs/types/krb5_responder_fn.html | 153 - .../types/krb5_responder_otp_challenge.html | 165 - .../types/krb5_responder_otp_tokeninfo.html | 190 - .../krb5_responder_pkinit_challenge.html | 160 - .../types/krb5_responder_pkinit_identity.html | 165 - .../html/appdev/refs/types/krb5_response.html | 180 - .../html/appdev/refs/types/krb5_ticket.html | 180 - .../appdev/refs/types/krb5_ticket_times.html | 180 - .../appdev/refs/types/krb5_timestamp.html | 153 - .../appdev/refs/types/krb5_tkt_authent.html | 176 - .../refs/types/krb5_tkt_creds_context.html | 151 - .../refs/types/krb5_trace_callback.html | 151 - .../appdev/refs/types/krb5_trace_info.html | 162 - .../appdev/refs/types/krb5_transited.html | 173 - .../appdev/refs/types/krb5_typed_data.html | 175 - .../doc/html/appdev/refs/types/krb5_ui_2.html | 151 - .../doc/html/appdev/refs/types/krb5_ui_4.html | 151 - .../types/krb5_verify_init_creds_opt.html | 166 - .../refs/types/passwd_phrase_element.html | 170 - krb5-1.21.3/doc/html/appdev/y2038.html | 157 - krb5-1.21.3/doc/html/basic/ccache_def.html | 279 - krb5-1.21.3/doc/html/basic/date_format.html | 331 - krb5-1.21.3/doc/html/basic/index.html | 142 - krb5-1.21.3/doc/html/basic/keytab_def.html | 182 - krb5-1.21.3/doc/html/basic/rcache_def.html | 231 - .../doc/html/basic/stash_file_def.html | 150 - krb5-1.21.3/doc/html/build/directory_org.html | 244 - krb5-1.21.3/doc/html/build/doing_build.html | 270 - krb5-1.21.3/doc/html/build/index.html | 190 - .../doc/html/build/options2configure.html | 465 - krb5-1.21.3/doc/html/build/osconf.html | 156 - krb5-1.21.3/doc/html/build_this.html | 202 - krb5-1.21.3/doc/html/copyright.html | 130 - .../doc/html/formats/ccache_file_format.html | 295 - krb5-1.21.3/doc/html/formats/cookie.html | 222 - .../doc/html/formats/freshness_token.html | 149 - krb5-1.21.3/doc/html/formats/index.html | 142 - .../doc/html/formats/keytab_file_format.html | 179 - .../doc/html/formats/rcache_file_format.html | 173 - krb5-1.21.3/doc/html/genindex-A.html | 159 - krb5-1.21.3/doc/html/genindex-C.html | 153 - krb5-1.21.3/doc/html/genindex-E.html | 169 - krb5-1.21.3/doc/html/genindex-K.html | 2077 - krb5-1.21.3/doc/html/genindex-L.html | 123 - krb5-1.21.3/doc/html/genindex-M.html | 125 - krb5-1.21.3/doc/html/genindex-P.html | 127 - krb5-1.21.3/doc/html/genindex-R.html | 184 - krb5-1.21.3/doc/html/genindex-S.html | 123 - krb5-1.21.3/doc/html/genindex-T.html | 151 - krb5-1.21.3/doc/html/genindex-V.html | 123 - krb5-1.21.3/doc/html/genindex-all.html | 2419 -- krb5-1.21.3/doc/html/genindex.html | 131 - krb5-1.21.3/doc/html/index.html | 136 - krb5-1.21.3/doc/html/mitK5defaults.html | 361 - krb5-1.21.3/doc/html/mitK5features.html | 789 - krb5-1.21.3/doc/html/mitK5license.html | 1301 - krb5-1.21.3/doc/html/objects.inv | Bin 49033 -> 0 bytes krb5-1.21.3/doc/html/plugindev/ccselect.html | 160 - krb5-1.21.3/doc/html/plugindev/certauth.html | 170 - krb5-1.21.3/doc/html/plugindev/clpreauth.html | 187 - krb5-1.21.3/doc/html/plugindev/general.html | 242 - krb5-1.21.3/doc/html/plugindev/gssapi.html | 259 - krb5-1.21.3/doc/html/plugindev/hostrealm.html | 170 - krb5-1.21.3/doc/html/plugindev/index.html | 185 - krb5-1.21.3/doc/html/plugindev/internal.html | 171 - .../doc/html/plugindev/kadm5_auth.html | 169 - .../doc/html/plugindev/kadm5_hook.html | 162 - krb5-1.21.3/doc/html/plugindev/kdcpolicy.html | 160 - .../doc/html/plugindev/kdcpreauth.html | 207 - krb5-1.21.3/doc/html/plugindev/localauth.html | 176 - krb5-1.21.3/doc/html/plugindev/locate.html | 165 - krb5-1.21.3/doc/html/plugindev/profile.html | 229 - krb5-1.21.3/doc/html/plugindev/pwqual.html | 161 - krb5-1.21.3/doc/html/resources.html | 180 - krb5-1.21.3/doc/html/search.html | 144 - krb5-1.21.3/doc/html/searchindex.js | 1 - krb5-1.21.3/doc/html/user/index.html | 167 - krb5-1.21.3/doc/html/user/pwd_mgmt.html | 229 - krb5-1.21.3/doc/html/user/tkt_mgmt.html | 449 - .../doc/html/user/user_commands/index.html | 156 - .../doc/html/user/user_commands/kdestroy.html | 212 - .../doc/html/user/user_commands/kinit.html | 341 - .../doc/html/user/user_commands/klist.html | 254 - .../doc/html/user/user_commands/kpasswd.html | 184 - .../html/user/user_commands/krb5-config.html | 229 - .../doc/html/user/user_commands/ksu.html | 516 - .../doc/html/user/user_commands/kswitch.html | 189 - .../doc/html/user/user_commands/kvno.html | 247 - .../doc/html/user/user_commands/sclient.html | 169 - .../doc/html/user/user_config/index.html | 147 - .../doc/html/user/user_config/k5identity.html | 195 - .../doc/html/user/user_config/k5login.html | 186 - .../doc/html/user/user_config/kerberos.html | 303 - krb5-1.21.3/doc/index.rst | 18 - krb5-1.21.3/doc/iprop-notes.txt | 140 - krb5-1.21.3/doc/kadm5-errmsg.txt | 59 - krb5-1.21.3/doc/kadm5/adb-unit-test.tex | 135 - krb5-1.21.3/doc/kadm5/api-funcspec.tex | 2015 - krb5-1.21.3/doc/kadm5/api-server-design.tex | 1054 - krb5-1.21.3/doc/kadm5/fullpage.sty | 9 - krb5-1.21.3/doc/mitK5defaults.rst | 79 - krb5-1.21.3/doc/mitK5features.rst | 699 - krb5-1.21.3/doc/mitK5license.rst | 11 - krb5-1.21.3/doc/notice.rst | 1271 - krb5-1.21.3/doc/pdf/GMakefile | 64 - krb5-1.21.3/doc/pdf/LICRcyr2utf8.xdy | 101 - krb5-1.21.3/doc/pdf/LICRlatin2utf8.xdy | 239 - krb5-1.21.3/doc/pdf/LatinRules.xdy | 607 - krb5-1.21.3/doc/pdf/admin.pdf | Bin 648892 -> 0 bytes krb5-1.21.3/doc/pdf/admin.tex | 12287 ------ krb5-1.21.3/doc/pdf/appdev.pdf | Bin 829074 -> 0 bytes krb5-1.21.3/doc/pdf/appdev.tex | 31210 ---------------- krb5-1.21.3/doc/pdf/basic.pdf | Bin 185464 -> 0 bytes krb5-1.21.3/doc/pdf/basic.tex | 918 - krb5-1.21.3/doc/pdf/build.pdf | Bin 203594 -> 0 bytes krb5-1.21.3/doc/pdf/build.tex | 1091 - krb5-1.21.3/doc/pdf/latexmkjarc | 22 - krb5-1.21.3/doc/pdf/latexmkrc | 9 - krb5-1.21.3/doc/pdf/make.bat | 31 - krb5-1.21.3/doc/pdf/plugindev.pdf | Bin 199462 -> 0 bytes krb5-1.21.3/doc/pdf/plugindev.tex | 1020 - krb5-1.21.3/doc/pdf/python.ist | 16 - krb5-1.21.3/doc/pdf/sphinx.sty | 351 - krb5-1.21.3/doc/pdf/sphinx.xdy | 230 - krb5-1.21.3/doc/pdf/sphinxhighlight.sty | 106 - krb5-1.21.3/doc/pdf/sphinxhowto.cls | 102 - .../doc/pdf/sphinxlatexadmonitions.sty | 148 - krb5-1.21.3/doc/pdf/sphinxlatexcontainers.sty | 22 - krb5-1.21.3/doc/pdf/sphinxlatexgraphics.sty | 122 - krb5-1.21.3/doc/pdf/sphinxlatexindbibtoc.sty | 69 - krb5-1.21.3/doc/pdf/sphinxlatexlists.sty | 97 - krb5-1.21.3/doc/pdf/sphinxlatexliterals.sty | 795 - krb5-1.21.3/doc/pdf/sphinxlatexnumfig.sty | 122 - krb5-1.21.3/doc/pdf/sphinxlatexobjects.sty | 200 - krb5-1.21.3/doc/pdf/sphinxlatexshadowbox.sty | 100 - .../doc/pdf/sphinxlatexstyleheadings.sty | 83 - krb5-1.21.3/doc/pdf/sphinxlatexstylepage.sty | 79 - krb5-1.21.3/doc/pdf/sphinxlatexstyletext.sty | 126 - krb5-1.21.3/doc/pdf/sphinxlatextables.sty | 481 - krb5-1.21.3/doc/pdf/sphinxmanual.cls | 128 - krb5-1.21.3/doc/pdf/sphinxmessages.sty | 21 - krb5-1.21.3/doc/pdf/sphinxoptionsgeometry.sty | 54 - krb5-1.21.3/doc/pdf/sphinxoptionshyperref.sty | 35 - krb5-1.21.3/doc/pdf/sphinxpackagecyrillic.sty | 55 - krb5-1.21.3/doc/pdf/sphinxpackagefootnote.sty | 396 - krb5-1.21.3/doc/pdf/user.pdf | Bin 254843 -> 0 bytes krb5-1.21.3/doc/pdf/user.tex | 2456 -- krb5-1.21.3/doc/plugindev/ccselect.rst | 28 - krb5-1.21.3/doc/plugindev/certauth.rst | 36 - krb5-1.21.3/doc/plugindev/clpreauth.rst | 54 - krb5-1.21.3/doc/plugindev/general.rst | 118 - krb5-1.21.3/doc/plugindev/gssapi.rst | 134 - krb5-1.21.3/doc/plugindev/hostrealm.rst | 39 - krb5-1.21.3/doc/plugindev/index.rst | 38 - krb5-1.21.3/doc/plugindev/internal.rst | 32 - krb5-1.21.3/doc/plugindev/kadm5_auth.rst | 35 - krb5-1.21.3/doc/plugindev/kadm5_hook.rst | 27 - krb5-1.21.3/doc/plugindev/kdcpolicy.rst | 24 - krb5-1.21.3/doc/plugindev/kdcpreauth.rst | 79 - krb5-1.21.3/doc/plugindev/localauth.rst | 43 - krb5-1.21.3/doc/plugindev/locate.rst | 32 - krb5-1.21.3/doc/plugindev/profile.rst | 96 - krb5-1.21.3/doc/plugindev/pwqual.rst | 25 - krb5-1.21.3/doc/resources.rst | 60 - krb5-1.21.3/doc/rpc/design.tex | 1037 - krb5-1.21.3/doc/thread-safe.txt | 241 - krb5-1.21.3/doc/threads.txt | 101 - krb5-1.21.3/doc/tools/README | 62 - krb5-1.21.3/doc/tools/define_document.tmpl | 27 - krb5-1.21.3/doc/tools/docmodel.py | 251 - krb5-1.21.3/doc/tools/doxy.py | 64 - krb5-1.21.3/doc/tools/doxybuilder_funcs.py | 594 - krb5-1.21.3/doc/tools/doxybuilder_types.py | 382 - krb5-1.21.3/doc/tools/func_document.tmpl | 102 - krb5-1.21.3/doc/tools/type_document.tmpl | 43 - krb5-1.21.3/doc/user/index.rst | 10 - krb5-1.21.3/doc/user/pwd_mgmt.rst | 106 - krb5-1.21.3/doc/user/tkt_mgmt.rst | 314 - krb5-1.21.3/doc/user/user_commands/index.rst | 17 - .../doc/user/user_commands/kdestroy.rst | 77 - krb5-1.21.3/doc/user/user_commands/kinit.rst | 230 - krb5-1.21.3/doc/user/user_commands/klist.rst | 129 - .../doc/user/user_commands/kpasswd.rst | 46 - .../doc/user/user_commands/krb5-config.rst | 83 - krb5-1.21.3/doc/user/user_commands/ksu.rst | 411 - .../doc/user/user_commands/kswitch.rst | 50 - krb5-1.21.3/doc/user/user_commands/kvno.rst | 119 - .../doc/user/user_commands/sclient.rst | 30 - krb5-1.21.3/doc/user/user_config/index.rst | 13 - .../doc/user/user_config/k5identity.rst | 64 - krb5-1.21.3/doc/user/user_config/k5login.rst | 54 - krb5-1.21.3/doc/user/user_config/kerberos.rst | 185 - 2124 files changed, 314966 deletions(-) delete mode 100644 krb5-1.21.3/doc/README delete mode 100644 krb5-1.21.3/doc/_static/kerb.css_t delete mode 100644 krb5-1.21.3/doc/_templates/layout.html delete mode 100644 krb5-1.21.3/doc/about.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/index.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/k5srvutil.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/kadmin_local.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/kadmind.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/kdb5_ldap_util.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/kdb5_util.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/kprop.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/kpropd.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/kproplog.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/krb5kdc.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/ktutil.rst delete mode 100644 krb5-1.21.3/doc/admin/admin_commands/sserver.rst delete mode 100644 krb5-1.21.3/doc/admin/advanced/index.rst delete mode 100644 krb5-1.21.3/doc/admin/advanced/retiring-des.rst delete mode 100644 krb5-1.21.3/doc/admin/appl_servers.rst delete mode 100644 krb5-1.21.3/doc/admin/auth_indicator.rst delete mode 100644 krb5-1.21.3/doc/admin/backup_host.rst delete mode 100644 krb5-1.21.3/doc/admin/conf_files/index.rst delete mode 100644 krb5-1.21.3/doc/admin/conf_files/kadm5_acl.rst delete mode 100644 krb5-1.21.3/doc/admin/conf_files/kdc_conf.rst delete mode 100644 krb5-1.21.3/doc/admin/conf_files/krb5_conf.rst delete mode 100644 krb5-1.21.3/doc/admin/conf_ldap.rst delete mode 100644 krb5-1.21.3/doc/admin/database.rst delete mode 100644 krb5-1.21.3/doc/admin/dbtypes.rst delete mode 100644 krb5-1.21.3/doc/admin/dictionary.rst delete mode 100644 krb5-1.21.3/doc/admin/enctypes.rst delete mode 100644 krb5-1.21.3/doc/admin/env_variables.rst delete mode 100644 krb5-1.21.3/doc/admin/host_config.rst delete mode 100644 krb5-1.21.3/doc/admin/https.rst delete mode 100644 krb5-1.21.3/doc/admin/index.rst delete mode 100644 krb5-1.21.3/doc/admin/install.rst delete mode 100644 krb5-1.21.3/doc/admin/install_appl_srv.rst delete mode 100644 krb5-1.21.3/doc/admin/install_clients.rst delete mode 100644 krb5-1.21.3/doc/admin/install_kdc.rst delete mode 100644 krb5-1.21.3/doc/admin/lockout.rst delete mode 100644 krb5-1.21.3/doc/admin/otp.rst delete mode 100644 krb5-1.21.3/doc/admin/pkinit.rst delete mode 100644 krb5-1.21.3/doc/admin/princ_dns.rst delete mode 100644 krb5-1.21.3/doc/admin/realm_config.rst delete mode 100644 krb5-1.21.3/doc/admin/spake.rst delete mode 100644 krb5-1.21.3/doc/admin/troubleshoot.rst delete mode 100644 krb5-1.21.3/doc/admin/various_envs.rst delete mode 100644 krb5-1.21.3/doc/appdev/gssapi.rst delete mode 100644 krb5-1.21.3/doc/appdev/h5l_mit_apidiff.rst delete mode 100644 krb5-1.21.3/doc/appdev/index.rst delete mode 100644 krb5-1.21.3/doc/appdev/init_creds.rst delete mode 100644 krb5-1.21.3/doc/appdev/princ_handle.rst delete mode 100644 krb5-1.21.3/doc/appdev/refs/api/index.rst delete mode 100644 krb5-1.21.3/doc/appdev/refs/index.rst delete mode 100644 krb5-1.21.3/doc/appdev/refs/macros/index.rst delete mode 100644 krb5-1.21.3/doc/appdev/refs/types/index.rst delete mode 100644 krb5-1.21.3/doc/appdev/refs/types/krb5_int32.rst delete mode 100644 krb5-1.21.3/doc/appdev/refs/types/krb5_ui_4.rst delete mode 100644 krb5-1.21.3/doc/appdev/y2038.rst delete mode 100644 krb5-1.21.3/doc/basic/ccache_def.rst delete mode 100644 krb5-1.21.3/doc/basic/date_format.rst delete mode 100644 krb5-1.21.3/doc/basic/index.rst delete mode 100644 krb5-1.21.3/doc/basic/keytab_def.rst delete mode 100644 krb5-1.21.3/doc/basic/rcache_def.rst delete mode 100644 krb5-1.21.3/doc/basic/stash_file_def.rst delete mode 100644 krb5-1.21.3/doc/build/directory_org.rst delete mode 100644 krb5-1.21.3/doc/build/doing_build.rst delete mode 100644 krb5-1.21.3/doc/build/index.rst delete mode 100644 krb5-1.21.3/doc/build/options2configure.rst delete mode 100644 krb5-1.21.3/doc/build/osconf.rst delete mode 100644 krb5-1.21.3/doc/build_this.rst delete mode 100644 krb5-1.21.3/doc/coding-style delete mode 100644 krb5-1.21.3/doc/conf.py delete mode 100644 krb5-1.21.3/doc/contributing.txt delete mode 100644 krb5-1.21.3/doc/copyright.rst delete mode 100644 krb5-1.21.3/doc/doxy_examples/cc_set_config.c delete mode 100644 krb5-1.21.3/doc/doxy_examples/cc_unique.c delete mode 100755 krb5-1.21.3/doc/doxy_examples/error_message.c delete mode 100644 krb5-1.21.3/doc/doxy_examples/tkt_creds.c delete mode 100644 krb5-1.21.3/doc/doxy_examples/verify_init_creds.c delete mode 100644 krb5-1.21.3/doc/formats/ccache_file_format.rst delete mode 100644 krb5-1.21.3/doc/formats/cookie.rst delete mode 100644 krb5-1.21.3/doc/formats/freshness_token.rst delete mode 100644 krb5-1.21.3/doc/formats/index.rst delete mode 100644 krb5-1.21.3/doc/formats/keytab_file_format.rst delete mode 100644 krb5-1.21.3/doc/formats/rcache_file_format.rst delete mode 100644 krb5-1.21.3/doc/html/.buildinfo delete mode 100644 krb5-1.21.3/doc/html/_sources/about.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/k5srvutil.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/kadmin_local.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/kadmind.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/kdb5_ldap_util.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/kdb5_util.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/kprop.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/kpropd.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/kproplog.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/krb5kdc.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/ktutil.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/admin_commands/sserver.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/advanced/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/advanced/retiring-des.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/appl_servers.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/auth_indicator.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/backup_host.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/conf_files/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/conf_files/kadm5_acl.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/conf_files/kdc_conf.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/conf_files/krb5_conf.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/conf_ldap.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/database.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/dbtypes.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/dictionary.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/enctypes.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/env_variables.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/host_config.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/https.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/install.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/install_appl_srv.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/install_clients.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/install_kdc.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/lockout.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/otp.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/pkinit.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/princ_dns.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/realm_config.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/spake.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/troubleshoot.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/admin/various_envs.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/gssapi.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/h5l_mit_apidiff.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/init_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/princ_handle.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_425_conv_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_524_conv_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_524_convert_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_compare.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_order.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_search.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_allow_weak_crypto.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_aname_to_localname.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_anonymous_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_anonymous_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_appdefault_boolean.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_appdefault_string.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_free.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_genaddrs.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_get_checksum_func.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getaddrs.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getauthenticator.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getflags.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey_k.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalseqnumber.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalsubkey.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrcache.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremoteseqnumber.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremotesubkey.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey_k.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_init.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_initivector.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_checksum_func.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_req_cksumtype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setaddrs.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setflags.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setports.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrcache.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey_k.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setuseruserkey.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_alloc_va.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_ext.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_va.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_block_size.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_checksum_length.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length_iov.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_decrypt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_decrypt_iov.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_derive_prfplus.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_iov.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_length.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_enctype_compare.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_free_state.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_fx_cf2_simple.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_init_state.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_is_coll_proof_cksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_is_keyed_cksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_keyed_checksum_types.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_keylengths.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum_iov.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_random_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_padding_length.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prf.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prf_length.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prfplus.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_add_entropy.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_make_octets.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_os_entropy.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_seed.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_to_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key_with_params.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_valid_cksumtype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_valid_enctype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum_iov.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_calculate_checksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_cache_match.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_close.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_copy_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_default.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_default_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_destroy.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_dup.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_end_seq_get.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_gen_new.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_config.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_flags.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_full_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_type.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_initialize.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_move.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_new_unique.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_next_cred.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_remove_cred.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_resolve.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_retrieve_cred.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_select.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_config.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_default_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_flags.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_start_seq_get.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_store_cred.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_support_switch.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_switch.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_free.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_new.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_next.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_have_content.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_change_password.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_check_clockskew.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_checksum_size.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_chpw_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cksumtype_to_string.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_clear_error_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_addresses.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_authdata.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_authenticator.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_checksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_context.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_error_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock_contents.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_ticket.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decode_authdata_container.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decode_ticket.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decrypt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_deltat_to_string.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_eblock_enctype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encode_authdata_container.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encrypt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encrypt_size.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_enctype_to_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_enctype_to_string.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_expand_hostname.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_find_authdata.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_finish_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_finish_random_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_addresses.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_ap_rep_enc_part.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_authdata.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_authenticator.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_checksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_checksum_contents.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_cksumtypes.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_context.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_cred_contents.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_data_contents.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_default_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_enctypes.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_error.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_error_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_host_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keyblock.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keyblock_contents.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keytab_entry_contents.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_string.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_tgt_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_ticket.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_unparsed_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_fwd_tgt_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials_renew.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials_validate.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_default_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_error_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_etype_info.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_fallback_host_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_host_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_keytab.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_password.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_skey.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_keytab.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_alloc.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_free.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_init.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pa.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_responder.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_salt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_password.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_permitted_enctypes.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_profile.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_prompt_types.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_renewed_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_server_rcache.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_time_offsets.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_validated_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_context.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_context_profile.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_free.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_error.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_times.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_init.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_keytab.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_password.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_service.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_step.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_keyblock.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_random_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_secure_context.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_config_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_referral_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_thread_safe.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_create_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_decrypt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_decrypt_iov.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_encrypt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_encrypt_iov.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_free_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_key_enctype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_key_keyblock.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum_iov.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_prf.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_reference_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum_iov.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kdc_sign_ticket.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kdc_verify_ticket.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_add_entry.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_client_default.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_close.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_default.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_default_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_dup.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_end_seq_get.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_free_entry.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_entry.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_type.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_have_content.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_next_entry.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_read_service_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_remove_entry.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_resolve.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_start_seq_get.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kuserok.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_make_authdata_kdc_issued.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_marshal_credentials.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_merge_authdata.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_1cred.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_error.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_ncred.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_priv.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_rep.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_rep_dce.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_req.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_req_extended.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_safe.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_os_localaddr.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_add_buffer.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_free.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_buffer.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_client_info.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_types.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_init.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_parse.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_sign.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_sign_ext.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_verify.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_verify_ext.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_parse_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_parse_name_flags.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_prepend_error_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal2salt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare_any_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare_flags.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_process_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_prompter_posix.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_random_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_cred.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_error.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_priv.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_rep.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_rep_dce.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_req.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_safe.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_read_password.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_realm_compare.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_recvauth.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_recvauth_version.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_get_challenge.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_list_questions.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_challenge_free.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_get_challenge.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_set_answer.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_challenge_free.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_get_challenge.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_set_answer.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_set_answer.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_salttype_to_string.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sendauth.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_server_decrypt_ticket_keytab.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_default_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_default_tgs_enctypes.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_error_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_kdc_recv_hook.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_kdc_send_hook.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_password.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_principal_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_real_time.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_trace_callback.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_trace_filename.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sname_match.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sname_to_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_cksumtype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_deltat.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_enctype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_salttype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_timestamp.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timeofday.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_sfstring.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_string.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_free.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_times.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_init.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_step.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unmarshal_credentials.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_ext.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags_ext.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_us_timeofday.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_use_enctype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_authdata_kdc_issued.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_checksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_init.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vprepend_error_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vset_error_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vwrap_error_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_wrap_error_message.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_ADDRPORT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_CHAOS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_DDP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_INET.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_INET6.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_IPPORT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_ISO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_IS_LOCAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_NETBIOS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_XNS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_EXTERNAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_REGISTERED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_RESERVED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_RESERVED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_USE_SUBKEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_WIRE_MASK.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CRC32.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_DESCBC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_NIST_SHA.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD4.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD5.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_SHA1.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_CRC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_MD4.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_MD5.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_RAW.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_NULL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RSA_ENV.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_UNKNOWN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_CANONICALIZE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_FORWARDABLE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_FORWARDED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_POSTDATED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_PROXIABLE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_PROXY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEW.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEWABLE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEWABLE_OK.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_VALIDATE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_TKT_COMMON_MASK.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AP_REP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AP_REQ.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AS_REP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AS_REQ.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AND_OR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_SESAME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ERROR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_FAST_REQUIRED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CACHED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CANONICALIZE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_FORWARDABLE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_NO_STORE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_USER_USER.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT16_MAX.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT16_MIN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT32_MAX.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT32_MIN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_HARDERROR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_MALFORMED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_SUCCESS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_NONE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_PRINCIPAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SMTP_NAME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_HST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_INST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_XHST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_UID.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_UNKNOWN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_WELLKNOWN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CLIENT_INFO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DEVICE_INFO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_LOGON_INFO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_REQUESTOR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AFS3_SALT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AP_REQ.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FOR_USER.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_COOKIE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_ERROR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_FAST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_NONE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OSF_DCE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PKINIT_KX.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PW_SALT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REFERRAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SESAME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SPAKE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_TGS_REQ.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRIV.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PVNO.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_REFERRAL_REALM.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAFE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_FLAGS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_KTYPE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_TIMES.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_NOTICKET.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_OPENCLOSE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_NAME.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_NAME_SIZE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_REP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_REQ.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MAX_KEYTAB_NAME_LEN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MSEC_DIRBIT.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MSEC_VAL_MASK.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/SALT_TYPE_AFS_LENGTH.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/SALT_TYPE_NO_LENGTH.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/THREEPARAMOPEN.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_ANONYMOUS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_ENC_PA_REP.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_FORWARDABLE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_FORWARDED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_HW_AUTH.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_INITIAL.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_INVALID.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_MAY_POSTDATE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_POSTDATED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PRE_AUTH.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PROXIABLE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PROXY.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_RENEWABLE.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/VALID_INT_BITS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/VALID_UINT_BITS.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb524_convert_creds_kdc.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb524_init_ets.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_const.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_component.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_name.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm_length.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_size.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_type.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_roundup.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_x.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_xc.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_address.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_addrtype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_rep.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_rep_enc_part.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_req.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_auth_context.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authdata.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authdatatype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authenticator.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_boolean.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cc_cursor.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ccache.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cccol_cursor.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_checksum.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cksumtype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_const_pointer.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_const_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_context.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred_enc_part.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred_info.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_creds.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_crypto_iov.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cryptotype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_deltat.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_kdc_rep_part.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_tkt_part.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_encrypt_block.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enctype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_error.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_error_code.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_expire_callback_func.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_flags.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_get_init_creds_opt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_gic_opt_pa_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_init_creds_context.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_int16.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_int32.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kdc_rep.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kdc_req.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_key.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keyblock.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keytab.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keytab_entry.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keyusage.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kt_cursor.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kvno.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_last_req_entry.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_magic.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_mk_req_checksum_func.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_msgtype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_octet.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_pac_req.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_server_referral_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_svr_referral_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pac.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pointer.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_post_recv_fn.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pre_send_fn.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_preauthtype.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_principal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_principal_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompt_type.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompter_fct.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pwd_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_rcache.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_replay_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_context.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_fn.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_otp_challenge.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_otp_tokeninfo.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_pkinit_challenge.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_pkinit_identity.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_response.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ticket.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ticket_times.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_timestamp.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_tkt_authent.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_tkt_creds_context.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_trace_callback.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_trace_info.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_transited.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_typed_data.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ui_2.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ui_4.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_verify_init_creds_opt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/refs/types/passwd_phrase_element.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/appdev/y2038.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/basic/ccache_def.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/basic/date_format.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/basic/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/basic/keytab_def.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/basic/rcache_def.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/basic/stash_file_def.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/build/directory_org.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/build/doing_build.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/build/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/build/options2configure.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/build/osconf.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/build_this.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/copyright.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/formats/ccache_file_format.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/formats/cookie.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/formats/freshness_token.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/formats/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/formats/keytab_file_format.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/formats/rcache_file_format.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/mitK5defaults.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/mitK5features.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/mitK5license.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/ccselect.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/certauth.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/clpreauth.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/general.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/gssapi.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/hostrealm.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/internal.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/kadm5_auth.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/kadm5_hook.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/kdcpolicy.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/kdcpreauth.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/localauth.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/locate.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/profile.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/plugindev/pwqual.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/resources.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/pwd_mgmt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/tkt_mgmt.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_commands/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_commands/kdestroy.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_commands/kinit.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_commands/klist.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_commands/kpasswd.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_commands/krb5-config.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_commands/ksu.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_commands/kswitch.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_commands/kvno.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_commands/sclient.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_config/index.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_config/k5identity.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_config/k5login.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_sources/user/user_config/kerberos.rst.txt delete mode 100644 krb5-1.21.3/doc/html/_static/agogo.css delete mode 100644 krb5-1.21.3/doc/html/_static/basic.css delete mode 100644 krb5-1.21.3/doc/html/_static/bgfooter.png delete mode 100644 krb5-1.21.3/doc/html/_static/bgtop.png delete mode 100644 krb5-1.21.3/doc/html/_static/doctools.js delete mode 100644 krb5-1.21.3/doc/html/_static/documentation_options.js delete mode 100644 krb5-1.21.3/doc/html/_static/file.png delete mode 100644 krb5-1.21.3/doc/html/_static/jquery.js delete mode 100644 krb5-1.21.3/doc/html/_static/kerb.css delete mode 100644 krb5-1.21.3/doc/html/_static/language_data.js delete mode 100644 krb5-1.21.3/doc/html/_static/minus.png delete mode 100644 krb5-1.21.3/doc/html/_static/plus.png delete mode 100644 krb5-1.21.3/doc/html/_static/pygments.css delete mode 100644 krb5-1.21.3/doc/html/_static/searchtools.js delete mode 100644 krb5-1.21.3/doc/html/_static/underscore.js delete mode 100644 krb5-1.21.3/doc/html/about.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/index.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/k5srvutil.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/kadmin_local.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/kadmind.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/kdb5_ldap_util.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/kdb5_util.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/kprop.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/kpropd.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/kproplog.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/krb5kdc.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/ktutil.html delete mode 100644 krb5-1.21.3/doc/html/admin/admin_commands/sserver.html delete mode 100644 krb5-1.21.3/doc/html/admin/advanced/index.html delete mode 100644 krb5-1.21.3/doc/html/admin/advanced/retiring-des.html delete mode 100644 krb5-1.21.3/doc/html/admin/appl_servers.html delete mode 100644 krb5-1.21.3/doc/html/admin/auth_indicator.html delete mode 100644 krb5-1.21.3/doc/html/admin/backup_host.html delete mode 100644 krb5-1.21.3/doc/html/admin/conf_files/index.html delete mode 100644 krb5-1.21.3/doc/html/admin/conf_files/kadm5_acl.html delete mode 100644 krb5-1.21.3/doc/html/admin/conf_files/kdc_conf.html delete mode 100644 krb5-1.21.3/doc/html/admin/conf_files/krb5_conf.html delete mode 100644 krb5-1.21.3/doc/html/admin/conf_ldap.html delete mode 100644 krb5-1.21.3/doc/html/admin/database.html delete mode 100644 krb5-1.21.3/doc/html/admin/dbtypes.html delete mode 100644 krb5-1.21.3/doc/html/admin/dictionary.html delete mode 100644 krb5-1.21.3/doc/html/admin/enctypes.html delete mode 100644 krb5-1.21.3/doc/html/admin/env_variables.html delete mode 100644 krb5-1.21.3/doc/html/admin/host_config.html delete mode 100644 krb5-1.21.3/doc/html/admin/https.html delete mode 100644 krb5-1.21.3/doc/html/admin/index.html delete mode 100644 krb5-1.21.3/doc/html/admin/install.html delete mode 100644 krb5-1.21.3/doc/html/admin/install_appl_srv.html delete mode 100644 krb5-1.21.3/doc/html/admin/install_clients.html delete mode 100644 krb5-1.21.3/doc/html/admin/install_kdc.html delete mode 100644 krb5-1.21.3/doc/html/admin/lockout.html delete mode 100644 krb5-1.21.3/doc/html/admin/otp.html delete mode 100644 krb5-1.21.3/doc/html/admin/pkinit.html delete mode 100644 krb5-1.21.3/doc/html/admin/princ_dns.html delete mode 100644 krb5-1.21.3/doc/html/admin/realm_config.html delete mode 100644 krb5-1.21.3/doc/html/admin/spake.html delete mode 100644 krb5-1.21.3/doc/html/admin/troubleshoot.html delete mode 100644 krb5-1.21.3/doc/html/admin/various_envs.html delete mode 100644 krb5-1.21.3/doc/html/appdev/gssapi.html delete mode 100644 krb5-1.21.3/doc/html/appdev/h5l_mit_apidiff.html delete mode 100644 krb5-1.21.3/doc/html/appdev/index.html delete mode 100644 krb5-1.21.3/doc/html/appdev/init_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/princ_handle.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/index.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_425_conv_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_524_conv_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_524_convert_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_compare.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_order.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_search.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_allow_weak_crypto.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_aname_to_localname.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_anonymous_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_anonymous_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_appdefault_boolean.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_appdefault_string.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_free.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_genaddrs.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_get_checksum_func.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getaddrs.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getauthenticator.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getflags.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getkey.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getkey_k.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getlocalseqnumber.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getlocalsubkey.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrcache.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrecvsubkey.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getremoteseqnumber.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getremotesubkey.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getsendsubkey.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getsendsubkey_k.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_init.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_initivector.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_set_checksum_func.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_set_req_cksumtype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setaddrs.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setflags.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setports.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrcache.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrecvsubkey.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setsendsubkey.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setsendsubkey_k.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setuseruserkey.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_alloc_va.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_ext.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_va.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_block_size.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_checksum_length.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_crypto_length.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_crypto_length_iov.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_decrypt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_decrypt_iov.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_derive_prfplus.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt_iov.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt_length.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_enctype_compare.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_free_state.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_fx_cf2_simple.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_init_state.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_is_coll_proof_cksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_is_keyed_cksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_keyed_checksum_types.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_keylengths.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_checksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_checksum_iov.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_random_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_padding_length.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prf.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prf_length.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prfplus.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_add_entropy.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_make_octets.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_os_entropy.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_seed.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_to_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_string_to_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_string_to_key_with_params.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_valid_cksumtype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_valid_enctype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_verify_checksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_verify_checksum_iov.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_calculate_checksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_cache_match.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_close.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_copy_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_default.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_default_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_destroy.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_dup.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_end_seq_get.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_gen_new.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_config.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_flags.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_full_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_type.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_initialize.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_move.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_new_unique.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_next_cred.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_remove_cred.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_resolve.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_retrieve_cred.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_select.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_config.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_default_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_flags.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_start_seq_get.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_store_cred.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_support_switch.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_switch.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_free.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_new.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_next.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_have_content.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_change_password.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_check_clockskew.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_checksum_size.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_chpw_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_cksumtype_to_string.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_clear_error_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_addresses.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_authdata.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_authenticator.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_checksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_context.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_error_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_keyblock.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_keyblock_contents.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_ticket.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_decode_authdata_container.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_decode_ticket.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_decrypt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_deltat_to_string.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_eblock_enctype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_encode_authdata_container.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_encrypt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_encrypt_size.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_enctype_to_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_enctype_to_string.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_expand_hostname.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_find_authdata.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_finish_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_finish_random_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_addresses.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_ap_rep_enc_part.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_authdata.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_authenticator.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_checksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_checksum_contents.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_cksumtypes.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_context.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_cred_contents.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_data_contents.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_default_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_enctypes.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_error.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_error_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_host_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keyblock.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keyblock_contents.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keytab_entry_contents.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_string.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_tgt_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_ticket.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_unparsed_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_fwd_tgt_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials_renew.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials_validate.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_default_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_error_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_etype_info.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_fallback_host_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_host_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_keytab.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_password.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_skey.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_keytab.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_alloc.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_free.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_init.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_pa.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_responder.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_salt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_password.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_permitted_enctypes.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_profile.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_prompt_types.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_renewed_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_server_rcache.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_time_offsets.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_validated_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_context.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_context_profile.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_free.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_error.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_times.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_init.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_keytab.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_password.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_service.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_step.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_keyblock.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_random_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_secure_context.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_config_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_referral_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_thread_safe.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_create_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_decrypt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_decrypt_iov.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_encrypt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_encrypt_iov.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_free_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_key_enctype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_key_keyblock.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_make_checksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_make_checksum_iov.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_prf.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_reference_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_verify_checksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_verify_checksum_iov.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kdc_sign_ticket.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kdc_verify_ticket.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_add_entry.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_client_default.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_close.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_default.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_default_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_dup.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_end_seq_get.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_free_entry.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_entry.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_type.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_have_content.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_next_entry.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_read_service_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_remove_entry.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_resolve.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_start_seq_get.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_kuserok.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_make_authdata_kdc_issued.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_marshal_credentials.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_merge_authdata.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_1cred.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_error.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_ncred.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_priv.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_rep.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_rep_dce.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_req.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_req_extended.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_safe.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_os_localaddr.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_add_buffer.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_free.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_buffer.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_client_info.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_types.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_init.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_parse.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_sign.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_sign_ext.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_verify.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_verify_ext.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_parse_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_parse_name_flags.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_prepend_error_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal2salt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare_any_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare_flags.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_process_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_prompter_posix.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_random_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_cred.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_error.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_priv.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_rep.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_rep_dce.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_req.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_safe.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_read_password.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_realm_compare.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_recvauth.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_recvauth_version.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_get_challenge.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_list_questions.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_challenge_free.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_get_challenge.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_set_answer.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_challenge_free.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_get_challenge.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_set_answer.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_set_answer.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_salttype_to_string.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_sendauth.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_server_decrypt_ticket_keytab.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_default_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_default_tgs_enctypes.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_error_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_kdc_recv_hook.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_kdc_send_hook.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_password.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_password_using_ccache.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_principal_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_real_time.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_trace_callback.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_trace_filename.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_sname_match.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_sname_to_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_cksumtype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_deltat.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_enctype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_salttype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_timestamp.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_timeofday.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_timestamp_to_sfstring.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_timestamp_to_string.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_free.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get_times.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_init.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_step.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_unmarshal_credentials.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_ext.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_flags.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_flags_ext.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_us_timeofday.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_use_enctype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_authdata_kdc_issued.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_checksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds_opt_init.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_vprepend_error_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_vset_error_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_vwrap_error_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/api/krb5_wrap_error_message.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/index.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_ADDRPORT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_CHAOS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_DDP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_INET.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_INET6.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_IPPORT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_ISO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_IS_LOCAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_NETBIOS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_XNS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_EXTERNAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_REGISTERED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_RESERVED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_RESERVED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_USE_SUBKEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_WIRE_MASK.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CRC32.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_DESCBC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_NIST_SHA.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD4.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD5.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_SHA1.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_CRC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_MD4.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_MD5.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_RAW.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_NULL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RSA_ENV.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_UNKNOWN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_CANONICALIZE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_FORWARDABLE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_FORWARDED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_POSTDATED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_PROXIABLE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_PROXY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEW.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEWABLE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEWABLE_OK.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_VALIDATE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KDC_TKT_COMMON_MASK.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AP_REP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AP_REQ.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AS_REP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AS_REQ.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AND_OR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_SESAME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ERROR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_FAST_REQUIRED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CACHED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CANONICALIZE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_FORWARDABLE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_NO_STORE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_USER_USER.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT16_MAX.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT16_MIN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT32_MAX.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT32_MIN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_HARDERROR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_MALFORMED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_SUCCESS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_NONE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_PRINCIPAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SMTP_NAME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_HST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_INST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_XHST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_UID.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_UNKNOWN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_WELLKNOWN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CLIENT_INFO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DEVICE_INFO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_LOGON_INFO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_REQUESTOR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AFS3_SALT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AP_REQ.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FOR_USER.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_COOKIE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_ERROR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_FAST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_NONE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OSF_DCE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PKINIT_KX.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PW_SALT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REFERRAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SESAME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SPAKE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_TGS_REQ.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRIV.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PVNO.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_REFERRAL_REALM.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAFE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_FLAGS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_KTYPE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_TIMES.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_NOTICKET.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_OPENCLOSE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_NAME.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_NAME_SIZE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_REP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_REQ.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/MAX_KEYTAB_NAME_LEN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/MSEC_DIRBIT.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/MSEC_VAL_MASK.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/SALT_TYPE_AFS_LENGTH.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/SALT_TYPE_NO_LENGTH.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/THREEPARAMOPEN.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_ANONYMOUS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_ENC_PA_REP.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_FORWARDABLE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_FORWARDED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_HW_AUTH.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_INITIAL.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_INVALID.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_MAY_POSTDATE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_POSTDATED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PRE_AUTH.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PROXIABLE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PROXY.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_RENEWABLE.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/VALID_INT_BITS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/VALID_UINT_BITS.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/index.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb524_convert_creds_kdc.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb524_init_ets.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_const.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_component.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_name.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm_length.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_size.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_type.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_roundup.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_x.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/macros/krb5_xc.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/index.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_address.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_addrtype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_rep.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_rep_enc_part.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_req.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_auth_context.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_authdata.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_authdatatype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_authenticator.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_boolean.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_cc_cursor.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_ccache.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_cccol_cursor.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_checksum.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_cksumtype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_const_pointer.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_const_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_context.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred_enc_part.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred_info.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_creds.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_crypto_iov.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_cryptotype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_deltat.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_kdc_rep_part.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_tkt_part.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_encrypt_block.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_enctype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_error.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_error_code.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_expire_callback_func.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_flags.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_get_init_creds_opt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_gic_opt_pa_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_init_creds_context.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_int16.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_int32.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_kdc_rep.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_kdc_req.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_key.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_keyblock.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_keytab.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_keytab_entry.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_keyusage.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_kt_cursor.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_kvno.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_last_req_entry.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_magic.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_mk_req_checksum_func.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_msgtype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_octet.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_pac_req.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_server_referral_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_svr_referral_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_pac.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_pointer.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_post_recv_fn.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_pre_send_fn.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_preauthtype.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_principal.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_principal_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompt_type.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompter_fct.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_pwd_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_rcache.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_replay_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_context.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_fn.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_otp_challenge.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_otp_tokeninfo.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_pkinit_challenge.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_pkinit_identity.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_response.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_ticket.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_ticket_times.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_timestamp.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_tkt_authent.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_tkt_creds_context.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_trace_callback.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_trace_info.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_transited.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_typed_data.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_ui_2.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_ui_4.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/krb5_verify_init_creds_opt.html delete mode 100644 krb5-1.21.3/doc/html/appdev/refs/types/passwd_phrase_element.html delete mode 100644 krb5-1.21.3/doc/html/appdev/y2038.html delete mode 100644 krb5-1.21.3/doc/html/basic/ccache_def.html delete mode 100644 krb5-1.21.3/doc/html/basic/date_format.html delete mode 100644 krb5-1.21.3/doc/html/basic/index.html delete mode 100644 krb5-1.21.3/doc/html/basic/keytab_def.html delete mode 100644 krb5-1.21.3/doc/html/basic/rcache_def.html delete mode 100644 krb5-1.21.3/doc/html/basic/stash_file_def.html delete mode 100644 krb5-1.21.3/doc/html/build/directory_org.html delete mode 100644 krb5-1.21.3/doc/html/build/doing_build.html delete mode 100644 krb5-1.21.3/doc/html/build/index.html delete mode 100644 krb5-1.21.3/doc/html/build/options2configure.html delete mode 100644 krb5-1.21.3/doc/html/build/osconf.html delete mode 100644 krb5-1.21.3/doc/html/build_this.html delete mode 100644 krb5-1.21.3/doc/html/copyright.html delete mode 100644 krb5-1.21.3/doc/html/formats/ccache_file_format.html delete mode 100644 krb5-1.21.3/doc/html/formats/cookie.html delete mode 100644 krb5-1.21.3/doc/html/formats/freshness_token.html delete mode 100644 krb5-1.21.3/doc/html/formats/index.html delete mode 100644 krb5-1.21.3/doc/html/formats/keytab_file_format.html delete mode 100644 krb5-1.21.3/doc/html/formats/rcache_file_format.html delete mode 100644 krb5-1.21.3/doc/html/genindex-A.html delete mode 100644 krb5-1.21.3/doc/html/genindex-C.html delete mode 100644 krb5-1.21.3/doc/html/genindex-E.html delete mode 100644 krb5-1.21.3/doc/html/genindex-K.html delete mode 100644 krb5-1.21.3/doc/html/genindex-L.html delete mode 100644 krb5-1.21.3/doc/html/genindex-M.html delete mode 100644 krb5-1.21.3/doc/html/genindex-P.html delete mode 100644 krb5-1.21.3/doc/html/genindex-R.html delete mode 100644 krb5-1.21.3/doc/html/genindex-S.html delete mode 100644 krb5-1.21.3/doc/html/genindex-T.html delete mode 100644 krb5-1.21.3/doc/html/genindex-V.html delete mode 100644 krb5-1.21.3/doc/html/genindex-all.html delete mode 100644 krb5-1.21.3/doc/html/genindex.html delete mode 100644 krb5-1.21.3/doc/html/index.html delete mode 100644 krb5-1.21.3/doc/html/mitK5defaults.html delete mode 100644 krb5-1.21.3/doc/html/mitK5features.html delete mode 100644 krb5-1.21.3/doc/html/mitK5license.html delete mode 100644 krb5-1.21.3/doc/html/objects.inv delete mode 100644 krb5-1.21.3/doc/html/plugindev/ccselect.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/certauth.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/clpreauth.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/general.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/gssapi.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/hostrealm.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/index.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/internal.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/kadm5_auth.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/kadm5_hook.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/kdcpolicy.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/kdcpreauth.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/localauth.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/locate.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/profile.html delete mode 100644 krb5-1.21.3/doc/html/plugindev/pwqual.html delete mode 100644 krb5-1.21.3/doc/html/resources.html delete mode 100644 krb5-1.21.3/doc/html/search.html delete mode 100644 krb5-1.21.3/doc/html/searchindex.js delete mode 100644 krb5-1.21.3/doc/html/user/index.html delete mode 100644 krb5-1.21.3/doc/html/user/pwd_mgmt.html delete mode 100644 krb5-1.21.3/doc/html/user/tkt_mgmt.html delete mode 100644 krb5-1.21.3/doc/html/user/user_commands/index.html delete mode 100644 krb5-1.21.3/doc/html/user/user_commands/kdestroy.html delete mode 100644 krb5-1.21.3/doc/html/user/user_commands/kinit.html delete mode 100644 krb5-1.21.3/doc/html/user/user_commands/klist.html delete mode 100644 krb5-1.21.3/doc/html/user/user_commands/kpasswd.html delete mode 100644 krb5-1.21.3/doc/html/user/user_commands/krb5-config.html delete mode 100644 krb5-1.21.3/doc/html/user/user_commands/ksu.html delete mode 100644 krb5-1.21.3/doc/html/user/user_commands/kswitch.html delete mode 100644 krb5-1.21.3/doc/html/user/user_commands/kvno.html delete mode 100644 krb5-1.21.3/doc/html/user/user_commands/sclient.html delete mode 100644 krb5-1.21.3/doc/html/user/user_config/index.html delete mode 100644 krb5-1.21.3/doc/html/user/user_config/k5identity.html delete mode 100644 krb5-1.21.3/doc/html/user/user_config/k5login.html delete mode 100644 krb5-1.21.3/doc/html/user/user_config/kerberos.html delete mode 100644 krb5-1.21.3/doc/index.rst delete mode 100644 krb5-1.21.3/doc/iprop-notes.txt delete mode 100644 krb5-1.21.3/doc/kadm5-errmsg.txt delete mode 100644 krb5-1.21.3/doc/kadm5/adb-unit-test.tex delete mode 100644 krb5-1.21.3/doc/kadm5/api-funcspec.tex delete mode 100644 krb5-1.21.3/doc/kadm5/api-server-design.tex delete mode 100644 krb5-1.21.3/doc/kadm5/fullpage.sty delete mode 100644 krb5-1.21.3/doc/mitK5defaults.rst delete mode 100644 krb5-1.21.3/doc/mitK5features.rst delete mode 100644 krb5-1.21.3/doc/mitK5license.rst delete mode 100644 krb5-1.21.3/doc/notice.rst delete mode 100644 krb5-1.21.3/doc/pdf/GMakefile delete mode 100644 krb5-1.21.3/doc/pdf/LICRcyr2utf8.xdy delete mode 100644 krb5-1.21.3/doc/pdf/LICRlatin2utf8.xdy delete mode 100644 krb5-1.21.3/doc/pdf/LatinRules.xdy delete mode 100644 krb5-1.21.3/doc/pdf/admin.pdf delete mode 100644 krb5-1.21.3/doc/pdf/admin.tex delete mode 100644 krb5-1.21.3/doc/pdf/appdev.pdf delete mode 100644 krb5-1.21.3/doc/pdf/appdev.tex delete mode 100644 krb5-1.21.3/doc/pdf/basic.pdf delete mode 100644 krb5-1.21.3/doc/pdf/basic.tex delete mode 100644 krb5-1.21.3/doc/pdf/build.pdf delete mode 100644 krb5-1.21.3/doc/pdf/build.tex delete mode 100644 krb5-1.21.3/doc/pdf/latexmkjarc delete mode 100644 krb5-1.21.3/doc/pdf/latexmkrc delete mode 100644 krb5-1.21.3/doc/pdf/make.bat delete mode 100644 krb5-1.21.3/doc/pdf/plugindev.pdf delete mode 100644 krb5-1.21.3/doc/pdf/plugindev.tex delete mode 100644 krb5-1.21.3/doc/pdf/python.ist delete mode 100644 krb5-1.21.3/doc/pdf/sphinx.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinx.xdy delete mode 100644 krb5-1.21.3/doc/pdf/sphinxhighlight.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxhowto.cls delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexadmonitions.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexcontainers.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexgraphics.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexindbibtoc.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexlists.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexliterals.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexnumfig.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexobjects.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexshadowbox.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexstyleheadings.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexstylepage.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatexstyletext.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxlatextables.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxmanual.cls delete mode 100644 krb5-1.21.3/doc/pdf/sphinxmessages.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxoptionsgeometry.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxoptionshyperref.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxpackagecyrillic.sty delete mode 100644 krb5-1.21.3/doc/pdf/sphinxpackagefootnote.sty delete mode 100644 krb5-1.21.3/doc/pdf/user.pdf delete mode 100644 krb5-1.21.3/doc/pdf/user.tex delete mode 100644 krb5-1.21.3/doc/plugindev/ccselect.rst delete mode 100644 krb5-1.21.3/doc/plugindev/certauth.rst delete mode 100644 krb5-1.21.3/doc/plugindev/clpreauth.rst delete mode 100644 krb5-1.21.3/doc/plugindev/general.rst delete mode 100644 krb5-1.21.3/doc/plugindev/gssapi.rst delete mode 100644 krb5-1.21.3/doc/plugindev/hostrealm.rst delete mode 100644 krb5-1.21.3/doc/plugindev/index.rst delete mode 100644 krb5-1.21.3/doc/plugindev/internal.rst delete mode 100644 krb5-1.21.3/doc/plugindev/kadm5_auth.rst delete mode 100644 krb5-1.21.3/doc/plugindev/kadm5_hook.rst delete mode 100644 krb5-1.21.3/doc/plugindev/kdcpolicy.rst delete mode 100644 krb5-1.21.3/doc/plugindev/kdcpreauth.rst delete mode 100644 krb5-1.21.3/doc/plugindev/localauth.rst delete mode 100644 krb5-1.21.3/doc/plugindev/locate.rst delete mode 100644 krb5-1.21.3/doc/plugindev/profile.rst delete mode 100644 krb5-1.21.3/doc/plugindev/pwqual.rst delete mode 100644 krb5-1.21.3/doc/resources.rst delete mode 100644 krb5-1.21.3/doc/rpc/design.tex delete mode 100644 krb5-1.21.3/doc/thread-safe.txt delete mode 100644 krb5-1.21.3/doc/threads.txt delete mode 100644 krb5-1.21.3/doc/tools/README delete mode 100644 krb5-1.21.3/doc/tools/define_document.tmpl delete mode 100644 krb5-1.21.3/doc/tools/docmodel.py delete mode 100644 krb5-1.21.3/doc/tools/doxy.py delete mode 100644 krb5-1.21.3/doc/tools/doxybuilder_funcs.py delete mode 100644 krb5-1.21.3/doc/tools/doxybuilder_types.py delete mode 100644 krb5-1.21.3/doc/tools/func_document.tmpl delete mode 100644 krb5-1.21.3/doc/tools/type_document.tmpl delete mode 100644 krb5-1.21.3/doc/user/index.rst delete mode 100644 krb5-1.21.3/doc/user/pwd_mgmt.rst delete mode 100644 krb5-1.21.3/doc/user/tkt_mgmt.rst delete mode 100644 krb5-1.21.3/doc/user/user_commands/index.rst delete mode 100644 krb5-1.21.3/doc/user/user_commands/kdestroy.rst delete mode 100644 krb5-1.21.3/doc/user/user_commands/kinit.rst delete mode 100644 krb5-1.21.3/doc/user/user_commands/klist.rst delete mode 100644 krb5-1.21.3/doc/user/user_commands/kpasswd.rst delete mode 100644 krb5-1.21.3/doc/user/user_commands/krb5-config.rst delete mode 100644 krb5-1.21.3/doc/user/user_commands/ksu.rst delete mode 100644 krb5-1.21.3/doc/user/user_commands/kswitch.rst delete mode 100644 krb5-1.21.3/doc/user/user_commands/kvno.rst delete mode 100644 krb5-1.21.3/doc/user/user_commands/sclient.rst delete mode 100644 krb5-1.21.3/doc/user/user_config/index.rst delete mode 100644 krb5-1.21.3/doc/user/user_config/k5identity.rst delete mode 100644 krb5-1.21.3/doc/user/user_config/k5login.rst delete mode 100644 krb5-1.21.3/doc/user/user_config/kerberos.rst diff --git a/krb5-1.21.3/doc/README b/krb5-1.21.3/doc/README deleted file mode 100644 index dd26cb04..00000000 --- a/krb5-1.21.3/doc/README +++ /dev/null @@ -1,56 +0,0 @@ -BUILDING -======== - -See doc/build_this.rst for details about how to build the -documentation. - - -CONVENTIONS -=========== - -We use the following conventions: - -* Use four-space indentation where indentation levels are arbitrary. - Do not use tabs anywhere. Avoid trailing whitespace at the end of - lines or files. - -* Fill lines to 70 columns (the emacs default) where lines can be - wrapped. - -* For section headers, use === underlines for page titles, --- for - sections, ~~~ for subsections, and ### for sub-subsections. Make - underlines exactly as long as titles. Do not include trailing - punctuation in section headers. Do not capitalize section headers - (except for the first word) except in source files intended to - generate man pages. - -* For bullet lists, use * for top-level bullets and - for sub-bullets. - Do not indent bullet or enumerated lists relative to the surrounding - text. - -* Use italics (*word*) for words representing variables or parameters. - Use boldface (**word**) for command options, subcommands of programs - like kadmin, and krb5.conf/kdc.conf parameter names. Use literal - text (``text``) for examples and multi-component pathnames. For - command names, single-component filenames, and krb5.conf/kdc.conf - section names, use references (like :ref:`kadmin(1)`) if introducing - them, or just use them unadorned otherwise. - -* In man pages for commands with subcommands, make a subsection for - each subcommand. Start the subcommand with an indented synopsis, - then follow with non-indented text describing the subcommand and its - options. See kadmin_local.rst for an example. - -* In man page synopses, put a newline in the RST source before each - option. Put all parts of the synopsis at the same indentation - level. Ideally we would want a hanging indent to the width of the - command or subcommand name, but RST doesn't support that. Use - boldface for literal text in the synopsis, italics for variable - text, and unadorned text for syntax symbols (such as square brackets - to indicate optional parameters). If immediately following one kind - of inline markup with another or putting inline markup next to - punctuation, you may need to use "\ " as a dummy separator. - -* For directives that take a content block (e.g., note, error, and - warning), leave a blank line before the content block (after any - arguments or options that may be present). diff --git a/krb5-1.21.3/doc/_static/kerb.css_t b/krb5-1.21.3/doc/_static/kerb.css_t deleted file mode 100644 index 40569b90..00000000 --- a/krb5-1.21.3/doc/_static/kerb.css_t +++ /dev/null @@ -1,169 +0,0 @@ -/* - * kerb.css - * ~~~~~~~~~~~ - * - * Sphinx stylesheet -- modification to agogo theme. - * - */ -div.body { - padding-right: .5em; - text-align: left; - overflow-x: hidden; -} - -/* Page layout */ - -div.header, div.content, div.footer { - margin-left: auto; - margin-right: auto; - padding-left: 1em; - padding-right: 1em; - max-width: 60em; -} - -div.header-wrapper { - background: white; - border-bottom: 3px solid #2e3436; - border-top: 13px solid #5d1509; -} - -/* Header */ - -div.header { - padding-top: 10px; - padding-bottom: 0px; -} - -div.header h1 { - font-family: "Georgia", "Times New Roman", serif, black; - font-weight: normal; -} - -div.header h1 a { - color: {{ theme_bgcolor }}; - font-size: 120%; - padding-top: 10px; -} - -div.header div.right a { - color: #fcaf3e; - letter-spacing: .1em; - text-transform: lowercase; - float: right; -} - -div.header div.rel { - font-family: "Georgia", "Times New Roman", serif, black; - font-weight: normal; - margin-bottom: 1.6em; -} - -/* Content */ - -div.document { - width: 80%; - float: left; - margin: 0; - background-color: white; - padding-top: 20px; - padding-bottom: 20px; -} - -div.document div.section h1 { - margin-bottom: 20px; - padding: 1px; - line-height: 130%; -} - -div.document div.section dl { - margin-top: 15px; - margin-bottom: 5px; - padding: 1px; - text-align: left; -} - -/* Sidebar */ - -div.sidebar { - float: right; - font-size: .9em; - width: 20%; - margin: 0; - padding: 0; - background-color: #F9F9F9; -} - -div.sidebar ul { - list-style-type: none; - margin-left: .5em; -} - -div.sidebar li.toctree-l1 a { - margin-left: .5em; -} - -div.sidebar li.toctree-l2 a { - margin-left: .5em; -} - -div.sidebar li.toctree-l3 a { - margin-left: .5em; -} - -div.sidebar li.toctree-l2.current a { - border-right: 2px solid #fcaf3e !important; -} - -div.sidebar li.toctree-l3.current a { - font-weight: bold; -} - -div.sidebar li.toctree-l4 a { - display: none; -} - -div.sidebar input[type=text] { - width: auto; -} - -/* Other body styles */ - -dt:target, .highlighted { - background-color: #c1c1c1; -} - -/* Code displays */ - -pre { - overflow: auto; - overflow-y: hidden; -} - -td.linenos pre { - padding: 5px 0px; - border: 0; - background-color: transparent; - color: #aaa; -} - -/* ordered lists */ - -ol.arabic { - list-style: decimal; -} - -ol.loweralpha { - list-style: lower-alpha; -} - -ol.upperalpha { - list-style: upper-alpha; -} - -ol.lowerroman { - list-style-type: lower-roman; -} - -ol.upperroman { - list-style-type: upper-roman; -} diff --git a/krb5-1.21.3/doc/_templates/layout.html b/krb5-1.21.3/doc/_templates/layout.html deleted file mode 100644 index f05b9192..00000000 --- a/krb5-1.21.3/doc/_templates/layout.html +++ /dev/null @@ -1,73 +0,0 @@ -{% extends "!layout.html" %} -{% set rellinks = [('search', 'Enter search criteria', 'S', 'Search')] + - rellinks + - [('index', 'Full Table of Contents', 'C', 'Contents')] %} - -{# Add a "feedback" button to the rellinks #} -{%- macro feedback_rellinks() %} - {%- for rellink in rellinks|reverse %} - {{ rellink[3] }}{{ reldelim2 }} - {%- endfor %} - feedback -{%- endmacro %} - -{% block footer %} - -{% endblock %} - -{% block header %} -
-
- {% if logo %} - - {% endif %} - {% block headertitle %} -

{{ shorttitle|e }}

- {% endblock %} -
- {{ feedback_rellinks() }} -
-
-
-{% endblock %} - -{%- block sidebartoc %} -

{{ _('On this page') }}

- {{ toc }} -
-

{{ _('Table of contents') }}

- {{ toctree(collapse=true, maxdepth=3, titles_only=true, - includehidden=false) }} -
-

Full Table of Contents

-{%- endblock %} - -{%- block sidebarsearch %} -

{{ _('Search') }}

- -{%- endblock %} diff --git a/krb5-1.21.3/doc/about.rst b/krb5-1.21.3/doc/about.rst deleted file mode 100644 index dfdc31fb..00000000 --- a/krb5-1.21.3/doc/about.rst +++ /dev/null @@ -1,35 +0,0 @@ -Contributing to the MIT Kerberos Documentation -============================================== - -We are looking for documentation writers and editors who could contribute -towards improving the MIT KC documentation content. If you are an experienced -Kerberos developer and/or administrator, please consider sharing your knowledge -and experience with the Kerberos Community. You can suggest your own topic or -write about any of the topics listed -`here `__. - -If you have any questions, comments, or suggestions on the existing documents, -please send your feedback via email to krb5-bugs@mit.edu. The HTML version of -this documentation has a "FEEDBACK" link to the krb5-bugs@mit.edu email -address with a pre-constructed subject line. - - -Background ----------- - -Starting with release 1.11, the Kerberos documentation set is -unified in a central form. Man pages, HTML documentation, and PDF -documents are compiled from reStructuredText sources, and the application -developer documentation incorporates Doxygen markup from the source -tree. This project was undertaken along the outline described -`here `__. - -Previous versions of Kerberos 5 attempted to maintain separate documentation -in the texinfo format, with separate groff manual pages. Having the API -documentation disjoint from the source code implementing that API -resulted in the documentation becoming stale, and over time the documentation -ceased to match reality. With a fresh start and a source format that is -easier to use and maintain, reStructuredText-based documents should provide -an improved experience for the user. Consolidating all the documentation -formats into a single source document makes the documentation set easier -to maintain. diff --git a/krb5-1.21.3/doc/admin/admin_commands/index.rst b/krb5-1.21.3/doc/admin/admin_commands/index.rst deleted file mode 100644 index e8dc7652..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/index.rst +++ /dev/null @@ -1,17 +0,0 @@ -Administration programs -======================== - -.. toctree:: - :maxdepth: 1 - - kadmin_local.rst - kadmind.rst - kdb5_util.rst - kdb5_ldap_util.rst - krb5kdc.rst - kprop.rst - kpropd.rst - kproplog.rst - ktutil.rst - k5srvutil.rst - sserver.rst diff --git a/krb5-1.21.3/doc/admin/admin_commands/k5srvutil.rst b/krb5-1.21.3/doc/admin/admin_commands/k5srvutil.rst deleted file mode 100644 index 79502cf9..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/k5srvutil.rst +++ /dev/null @@ -1,69 +0,0 @@ -.. _k5srvutil(1): - -k5srvutil -========= - -SYNOPSIS --------- - -**k5srvutil** *operation* -[**-i**] -[**-f** *filename*] -[**-e** *keysalts*] - -DESCRIPTION ------------ - -k5srvutil allows an administrator to list keys currently in -a keytab, to obtain new keys for a principal currently in a keytab, -or to delete non-current keys from a keytab. - -*operation* must be one of the following: - -**list** - Lists the keys in a keytab, showing version number and principal - name. - -**change** - Uses the kadmin protocol to update the keys in the Kerberos - database to new randomly-generated keys, and updates the keys in - the keytab to match. If a key's version number doesn't match the - version number stored in the Kerberos server's database, then the - operation will fail. If the **-i** flag is given, k5srvutil will - prompt for confirmation before changing each key. If the **-k** - option is given, the old and new keys will be displayed. - Ordinarily, keys will be generated with the default encryption - types and key salts. This can be overridden with the **-e** - option. Old keys are retained in the keytab so that existing - tickets continue to work, but **delold** should be used after - such tickets expire, to prevent attacks against the old keys. - -**delold** - Deletes keys that are not the most recent version from the keytab. - This operation should be used some time after a change operation - to remove old keys, after existing tickets issued for the service - have expired. If the **-i** flag is given, then k5srvutil will - prompt for confirmation for each principal. - -**delete** - Deletes particular keys in the keytab, interactively prompting for - each key. - -In all cases, the default keytab is used unless this is overridden by -the **-f** option. - -k5srvutil uses the :ref:`kadmin(1)` program to edit the keytab in -place. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`ktutil(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/admin/admin_commands/kadmin_local.rst b/krb5-1.21.3/doc/admin/admin_commands/kadmin_local.rst deleted file mode 100644 index 2435b3c3..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/kadmin_local.rst +++ /dev/null @@ -1,985 +0,0 @@ -.. _kadmin(1): - -kadmin -====== - -SYNOPSIS --------- - -.. _kadmin_synopsis: - -**kadmin** -[**-O**\|\ **-N**] -[**-r** *realm*] -[**-p** *principal*] -[**-q** *query*] -[[**-c** *cache_name*]\|[**-k** [**-t** *keytab*]]\|\ **-n**] -[**-w** *password*] -[**-s** *admin_server*\ [:*port*]] -[command args...] - -**kadmin.local** -[**-r** *realm*] -[**-p** *principal*] -[**-q** *query*] -[**-d** *dbname*] -[**-e** *enc*:*salt* ...] -[**-m**] -[**-x** *db_args*] -[command args...] - - -DESCRIPTION ------------ - -kadmin and kadmin.local are command-line interfaces to the Kerberos V5 -administration system. They provide nearly identical functionalities; -the difference is that kadmin.local directly accesses the KDC -database, while kadmin performs operations using :ref:`kadmind(8)`. -Except as explicitly noted otherwise, this man page will use "kadmin" -to refer to both versions. kadmin provides for the maintenance of -Kerberos principals, password policies, and service key tables -(keytabs). - -The remote kadmin client uses Kerberos to authenticate to kadmind -using the service principal ``kadmin/admin`` or ``kadmin/ADMINHOST`` -(where *ADMINHOST* is the fully-qualified hostname of the admin -server). If the credentials cache contains a ticket for one of these -principals, and the **-c** credentials_cache option is specified, that -ticket is used to authenticate to kadmind. Otherwise, the **-p** and -**-k** options are used to specify the client Kerberos principal name -used to authenticate. Once kadmin has determined the principal name, -it requests a service ticket from the KDC, and uses that service -ticket to authenticate to kadmind. - -Since kadmin.local directly accesses the KDC database, it usually must -be run directly on the primary KDC with sufficient permissions to read -the KDC database. If the KDC database uses the LDAP database module, -kadmin.local can be run on any host which can access the LDAP server. - - -OPTIONS -------- - -.. _kadmin_options: - -**-r** *realm* - Use *realm* as the default database realm. - -**-p** *principal* - Use *principal* to authenticate. Otherwise, kadmin will append - ``/admin`` to the primary principal name of the default ccache, - the value of the **USER** environment variable, or the username as - obtained with getpwuid, in order of preference. - -**-k** - Use a keytab to decrypt the KDC response instead of prompting for - a password. In this case, the default principal will be - ``host/hostname``. If there is no keytab specified with the - **-t** option, then the default keytab will be used. - -**-t** *keytab* - Use *keytab* to decrypt the KDC response. This can only be used - with the **-k** option. - -**-n** - Requests anonymous processing. Two types of anonymous principals - are supported. For fully anonymous Kerberos, configure PKINIT on - the KDC and configure **pkinit_anchors** in the client's - :ref:`krb5.conf(5)`. Then use the **-n** option with a principal - of the form ``@REALM`` (an empty principal name followed by the - at-sign and a realm name). If permitted by the KDC, an anonymous - ticket will be returned. A second form of anonymous tickets is - supported; these realm-exposed tickets hide the identity of the - client but not the client's realm. For this mode, use ``kinit - -n`` with a normal principal name. If supported by the KDC, the - principal (but not realm) will be replaced by the anonymous - principal. As of release 1.8, the MIT Kerberos KDC only supports - fully anonymous operation. - -**-c** *credentials_cache* - Use *credentials_cache* as the credentials cache. The cache - should contain a service ticket for the ``kadmin/admin`` or - ``kadmin/ADMINHOST`` (where *ADMINHOST* is the fully-qualified - hostname of the admin server) service; it can be acquired with the - :ref:`kinit(1)` program. If this option is not specified, kadmin - requests a new service ticket from the KDC, and stores it in its - own temporary ccache. - -**-w** *password* - Use *password* instead of prompting for one. Use this option with - care, as it may expose the password to other users on the system - via the process list. - -**-q** *query* - Perform the specified query and then exit. - -**-d** *dbname* - Specifies the name of the KDC database. This option does not - apply to the LDAP database module. - -**-s** *admin_server*\ [:*port*] - Specifies the admin server which kadmin should contact. - -**-m** - If using kadmin.local, prompt for the database master password - instead of reading it from a stash file. - -**-e** "*enc*:*salt* ..." - Sets the keysalt list to be used for any new keys created. See - :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a list of possible - values. - -**-O** - Force use of old AUTH_GSSAPI authentication flavor. - -**-N** - Prevent fallback to AUTH_GSSAPI authentication flavor. - -**-x** *db_args* - Specifies the database specific arguments. See the next section - for supported options. - -Starting with release 1.14, if any command-line arguments remain after -the options, they will be treated as a single query to be executed. -This mode of operation is intended for scripts and behaves differently -from the interactive mode in several respects: - -* Query arguments are split by the shell, not by kadmin. -* Informational and warning messages are suppressed. Error messages - and query output (e.g. for **get_principal**) will still be - displayed. -* Confirmation prompts are disabled (as if **-force** was given). - Password prompts will still be issued as required. -* The exit status will be non-zero if the query fails. - -The **-q** option does not carry these behavior differences; the query -will be processed as if it was entered interactively. The **-q** -option cannot be used in combination with a query in the remaining -arguments. - -.. _dboptions: - -DATABASE OPTIONS ----------------- - -Database options can be used to override database-specific defaults. -Supported options for the DB2 module are: - - **-x dbname=**\ \*filename* - Specifies the base filename of the DB2 database. - - **-x lockiter** - Make iteration operations hold the lock for the duration of - the entire operation, rather than temporarily releasing the - lock while handling each principal. This is the default - behavior, but this option exists to allow command line - override of a [dbmodules] setting. First introduced in - release 1.13. - - **-x unlockiter** - Make iteration operations unlock the database for each - principal, instead of holding the lock for the duration of the - entire operation. First introduced in release 1.13. - -Supported options for the LDAP module are: - - **-x host=**\ *ldapuri* - Specifies the LDAP server to connect to by a LDAP URI. - - **-x binddn=**\ *bind_dn* - Specifies the DN used to bind to the LDAP server. - - **-x bindpwd=**\ *password* - Specifies the password or SASL secret used to bind to the LDAP - server. Using this option may expose the password to other - users on the system via the process list; to avoid this, - instead stash the password using the **stashsrvpw** command of - :ref:`kdb5_ldap_util(8)`. - - **-x sasl_mech=**\ *mechanism* - Specifies the SASL mechanism used to bind to the LDAP server. - The bind DN is ignored if a SASL mechanism is used. New in - release 1.13. - - **-x sasl_authcid=**\ *name* - Specifies the authentication name used when binding to the - LDAP server with a SASL mechanism, if the mechanism requires - one. New in release 1.13. - - **-x sasl_authzid=**\ *name* - Specifies the authorization name used when binding to the LDAP - server with a SASL mechanism. New in release 1.13. - - **-x sasl_realm=**\ *realm* - Specifies the realm used when binding to the LDAP server with - a SASL mechanism, if the mechanism uses one. New in release - 1.13. - - **-x debug=**\ *level* - sets the OpenLDAP client library debug level. *level* is an - integer to be interpreted by the library. Debugging messages - are printed to standard error. New in release 1.12. - - -COMMANDS --------- - -When using the remote client, available commands may be restricted -according to the privileges specified in the :ref:`kadm5.acl(5)` file -on the admin server. - -.. _add_principal: - -add_principal -~~~~~~~~~~~~~ - - **add_principal** [*options*] *newprinc* - -Creates the principal *newprinc*, prompting twice for a password. If -no password policy is specified with the **-policy** option, and the -policy named ``default`` is assigned to the principal if it exists. -However, creating a policy named ``default`` will not automatically -assign this policy to previously existing principals. This policy -assignment can be suppressed with the **-clearpolicy** option. - -This command requires the **add** privilege. - -Aliases: **addprinc**, **ank** - -Options: - -**-expire** *expdate* - (:ref:`getdate` string) The expiration date of the principal. - -**-pwexpire** *pwexpdate* - (:ref:`getdate` string) The password expiration date. - -**-maxlife** *maxlife* - (:ref:`duration` or :ref:`getdate` string) The maximum ticket life - for the principal. - -**-maxrenewlife** *maxrenewlife* - (:ref:`duration` or :ref:`getdate` string) The maximum renewable - life of tickets for the principal. - -**-kvno** *kvno* - The initial key version number. - -**-policy** *policy* - The password policy used by this principal. If not specified, the - policy ``default`` is used if it exists (unless **-clearpolicy** - is specified). - -**-clearpolicy** - Prevents any policy from being assigned when **-policy** is not - specified. - -{-\|+}\ **allow_postdated** - **-allow_postdated** prohibits this principal from obtaining - postdated tickets. **+allow_postdated** clears this flag. - -{-\|+}\ **allow_forwardable** - **-allow_forwardable** prohibits this principal from obtaining - forwardable tickets. **+allow_forwardable** clears this flag. - -{-\|+}\ **allow_renewable** - **-allow_renewable** prohibits this principal from obtaining - renewable tickets. **+allow_renewable** clears this flag. - -{-\|+}\ **allow_proxiable** - **-allow_proxiable** prohibits this principal from obtaining - proxiable tickets. **+allow_proxiable** clears this flag. - -{-\|+}\ **allow_dup_skey** - **-allow_dup_skey** disables user-to-user authentication for this - principal by prohibiting others from obtaining a service ticket - encrypted in this principal's TGT session key. - **+allow_dup_skey** clears this flag. - -{-\|+}\ **requires_preauth** - **+requires_preauth** requires this principal to preauthenticate - before being allowed to kinit. **-requires_preauth** clears this - flag. When **+requires_preauth** is set on a service principal, - the KDC will only issue service tickets for that service principal - if the client's initial authentication was performed using - preauthentication. - -{-\|+}\ **requires_hwauth** - **+requires_hwauth** requires this principal to preauthenticate - using a hardware device before being allowed to kinit. - **-requires_hwauth** clears this flag. When **+requires_hwauth** is - set on a service principal, the KDC will only issue service tickets - for that service principal if the client's initial authentication was - performed using a hardware device to preauthenticate. - -{-\|+}\ **ok_as_delegate** - **+ok_as_delegate** sets the **okay as delegate** flag on tickets - issued with this principal as the service. Clients may use this - flag as a hint that credentials should be delegated when - authenticating to the service. **-ok_as_delegate** clears this - flag. - -{-\|+}\ **allow_svr** - **-allow_svr** prohibits the issuance of service tickets for this - principal. In release 1.17 and later, user-to-user service - tickets are still allowed unless the **-allow_dup_skey** flag is - also set. **+allow_svr** clears this flag. - -{-\|+}\ **allow_tgs_req** - **-allow_tgs_req** specifies that a Ticket-Granting Service (TGS) - request for a service ticket for this principal is not permitted. - **+allow_tgs_req** clears this flag. - -{-\|+}\ **allow_tix** - **-allow_tix** forbids the issuance of any tickets for this - principal. **+allow_tix** clears this flag. - -{-\|+}\ **needchange** - **+needchange** forces a password change on the next initial - authentication to this principal. **-needchange** clears this - flag. - -{-\|+}\ **password_changing_service** - **+password_changing_service** marks this principal as a password - change service principal. - -{-\|+}\ **ok_to_auth_as_delegate** - **+ok_to_auth_as_delegate** allows this principal to acquire - forwardable tickets to itself from arbitrary users, for use with - constrained delegation. - -{-\|+}\ **no_auth_data_required** - **+no_auth_data_required** prevents PAC or AD-SIGNEDPATH data from - being added to service tickets for the principal. - -{-\|+}\ **lockdown_keys** - **+lockdown_keys** prevents keys for this principal from leaving - the KDC via kadmind. The chpass and extract operations are denied - for a principal with this attribute. The chrand operation is - allowed, but will not return the new keys. The delete and rename - operations are also denied if this attribute is set, in order to - prevent a malicious administrator from replacing principals like - krbtgt/* or kadmin/* with new principals without the attribute. - This attribute can be set via the network protocol, but can only - be removed using kadmin.local. - -**-randkey** - Sets the key of the principal to a random value. - -**-nokey** - Causes the principal to be created with no key. New in release - 1.12. - -**-pw** *password* - Sets the password of the principal to the specified string and - does not prompt for a password. Note: using this option in a - shell script may expose the password to other users on the system - via the process list. - -**-e** *enc*:*salt*,... - Uses the specified keysalt list for setting the keys of the - principal. See :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a - list of possible values. - -**-x** *db_princ_args* - Indicates database-specific options. The options for the LDAP - database module are: - - **-x dn=**\ *dn* - Specifies the LDAP object that will contain the Kerberos - principal being created. - - **-x linkdn=**\ *dn* - Specifies the LDAP object to which the newly created Kerberos - principal object will point. - - **-x containerdn=**\ *container_dn* - Specifies the container object under which the Kerberos - principal is to be created. - - **-x tktpolicy=**\ *policy* - Associates a ticket policy to the Kerberos principal. - - .. note:: - - - The **containerdn** and **linkdn** options cannot be - specified with the **dn** option. - - If the *dn* or *containerdn* options are not specified while - adding the principal, the principals are created under the - principal container configured in the realm or the realm - container. - - *dn* and *containerdn* should be within the subtrees or - principal container configured in the realm. - -Example:: - - kadmin: addprinc jennifer - No policy specified for "jennifer@ATHENA.MIT.EDU"; - defaulting to no policy. - Enter password for principal jennifer@ATHENA.MIT.EDU: - Re-enter password for principal jennifer@ATHENA.MIT.EDU: - Principal "jennifer@ATHENA.MIT.EDU" created. - kadmin: - -.. _modify_principal: - -modify_principal -~~~~~~~~~~~~~~~~ - - **modify_principal** [*options*] *principal* - -Modifies the specified principal, changing the fields as specified. -The options to **add_principal** also apply to this command, except -for the **-randkey**, **-pw**, and **-e** options. In addition, the -option **-clearpolicy** will clear the current policy of a principal. - -This command requires the *modify* privilege. - -Alias: **modprinc** - -Options (in addition to the **addprinc** options): - -**-unlock** - Unlocks a locked principal (one which has received too many failed - authentication attempts without enough time between them according - to its password policy) so that it can successfully authenticate. - -.. _rename_principal: - -rename_principal -~~~~~~~~~~~~~~~~ - - **rename_principal** [**-force**] *old_principal* *new_principal* - -Renames the specified *old_principal* to *new_principal*. This -command prompts for confirmation, unless the **-force** option is -given. - -This command requires the **add** and **delete** privileges. - -Alias: **renprinc** - -.. _delete_principal: - -delete_principal -~~~~~~~~~~~~~~~~ - - **delete_principal** [**-force**] *principal* - -Deletes the specified *principal* from the database. This command -prompts for deletion, unless the **-force** option is given. - -This command requires the **delete** privilege. - -Alias: **delprinc** - -.. _change_password: - -change_password -~~~~~~~~~~~~~~~ - - **change_password** [*options*] *principal* - -Changes the password of *principal*. Prompts for a new password if -neither **-randkey** or **-pw** is specified. - -This command requires the **changepw** privilege, or that the -principal running the program is the same as the principal being -changed. - -Alias: **cpw** - -The following options are available: - -**-randkey** - Sets the key of the principal to a random value. - -**-pw** *password* - Set the password to the specified string. Using this option in a - script may expose the password to other users on the system via - the process list. - -**-e** *enc*:*salt*,... - Uses the specified keysalt list for setting the keys of the - principal. See :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a - list of possible values. - -**-keepold** - Keeps the existing keys in the database. This flag is usually not - necessary except perhaps for ``krbtgt`` principals. - -Example:: - - kadmin: cpw systest - Enter password for principal systest@BLEEP.COM: - Re-enter password for principal systest@BLEEP.COM: - Password for systest@BLEEP.COM changed. - kadmin: - -.. _purgekeys: - -purgekeys -~~~~~~~~~ - - **purgekeys** [**-all**\|\ **-keepkvno** *oldest_kvno_to_keep*] *principal* - -Purges previously retained old keys (e.g., from **change_password --keepold**) from *principal*. If **-keepkvno** is specified, then -only purges keys with kvnos lower than *oldest_kvno_to_keep*. If -**-all** is specified, then all keys are purged. The **-all** option -is new in release 1.12. - -This command requires the **modify** privilege. - -.. _get_principal: - -get_principal -~~~~~~~~~~~~~ - - **get_principal** [**-terse**] *principal* - -Gets the attributes of principal. With the **-terse** option, outputs -fields as quoted tab-separated strings. - -This command requires the **inquire** privilege, or that the principal -running the the program to be the same as the one being listed. - -Alias: **getprinc** - -Examples:: - - kadmin: getprinc tlyu/admin - Principal: tlyu/admin@BLEEP.COM - Expiration date: [never] - Last password change: Mon Aug 12 14:16:47 EDT 1996 - Password expiration date: [never] - Maximum ticket life: 0 days 10:00:00 - Maximum renewable life: 7 days 00:00:00 - Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM) - Last successful authentication: [never] - Last failed authentication: [never] - Failed password attempts: 0 - Number of keys: 1 - Key: vno 1, aes256-cts-hmac-sha384-192 - MKey: vno 1 - Attributes: - Policy: [none] - - kadmin: getprinc -terse systest - systest@BLEEP.COM 3 86400 604800 1 - 785926535 753241234 785900000 - tlyu/admin@BLEEP.COM 786100034 0 0 - kadmin: - -.. _list_principals: - -list_principals -~~~~~~~~~~~~~~~ - - **list_principals** [*expression*] - -Retrieves all or some principal names. *expression* is a shell-style -glob expression that can contain the wild-card characters ``?``, -``*``, and ``[]``. All principal names matching the expression are -printed. If no expression is provided, all principal names are -printed. If the expression does not contain an ``@`` character, an -``@`` character followed by the local realm is appended to the -expression. - -This command requires the **list** privilege. - -Alias: **listprincs**, **get_principals**, **getprincs** - -Example:: - - kadmin: listprincs test* - test3@SECURE-TEST.OV.COM - test2@SECURE-TEST.OV.COM - test1@SECURE-TEST.OV.COM - testuser@SECURE-TEST.OV.COM - kadmin: - -.. _get_strings: - -get_strings -~~~~~~~~~~~ - - **get_strings** *principal* - -Displays string attributes on *principal*. - -This command requires the **inquire** privilege. - -Alias: **getstrs** - -.. _set_string: - -set_string -~~~~~~~~~~ - - **set_string** *principal* *name* *value* - -Sets a string attribute on *principal*. String attributes are used to -supply per-principal configuration to the KDC and some KDC plugin -modules. The following string attribute names are recognized by the -KDC: - -**require_auth** - Specifies an authentication indicator which is required to - authenticate to the principal as a service. Multiple indicators - can be specified, separated by spaces; in this case any of the - specified indicators will be accepted. (New in release 1.14.) - -**session_enctypes** - Specifies the encryption types supported for session keys when the - principal is authenticated to as a server. See - :ref:`Encryption_types` in :ref:`kdc.conf(5)` for a list of the - accepted values. - -**otp** - Enables One Time Passwords (OTP) preauthentication for a client - *principal*. The *value* is a JSON string representing an array - of objects, each having optional ``type`` and ``username`` fields. - -**pkinit_cert_match** - Specifies a matching expression that defines the certificate - attributes required for the client certificate used by the - principal during PKINIT authentication. The matching expression - is in the same format as those used by the **pkinit_cert_match** - option in :ref:`krb5.conf(5)`. (New in release 1.16.) - -**pac_privsvr_enctype** - Forces the encryption type of the PAC KDC checksum buffers to the - specified encryption type for tickets issued to this server, by - deriving a key from the local krbtgt key if it is of a different - encryption type. It may be necessary to set this value to - "aes256-sha1" on the cross-realm krbtgt entry for an Active - Directory realm when using aes-sha2 keys on the local krbtgt - entry. - -This command requires the **modify** privilege. - -Alias: **setstr** - -Example:: - - set_string host/foo.mit.edu session_enctypes aes128-cts - set_string user@FOO.COM otp "[{""type"":""hotp"",""username"":""al""}]" - -.. _del_string: - -del_string -~~~~~~~~~~ - - **del_string** *principal* *key* - -Deletes a string attribute from *principal*. - -This command requires the **delete** privilege. - -Alias: **delstr** - -.. _add_policy: - -add_policy -~~~~~~~~~~ - - **add_policy** [*options*] *policy* - -Adds a password policy named *policy* to the database. - -This command requires the **add** privilege. - -Alias: **addpol** - -The following options are available: - -**-maxlife** *time* - (:ref:`duration` or :ref:`getdate` string) Sets the maximum - lifetime of a password. - -**-minlife** *time* - (:ref:`duration` or :ref:`getdate` string) Sets the minimum - lifetime of a password. - -**-minlength** *length* - Sets the minimum length of a password. - -**-minclasses** *number* - Sets the minimum number of character classes required in a - password. The five character classes are lower case, upper case, - numbers, punctuation, and whitespace/unprintable characters. - -**-history** *number* - Sets the number of past keys kept for a principal. This option is - not supported with the LDAP KDC database module. - -.. _policy_maxfailure: - -**-maxfailure** *maxnumber* - Sets the number of authentication failures before the principal is - locked. Authentication failures are only tracked for principals - which require preauthentication. The counter of failed attempts - resets to 0 after a successful attempt to authenticate. A - *maxnumber* value of 0 (the default) disables lockout. - -.. _policy_failurecountinterval: - -**-failurecountinterval** *failuretime* - (:ref:`duration` or :ref:`getdate` string) Sets the allowable time - between authentication failures. If an authentication failure - happens after *failuretime* has elapsed since the previous - failure, the number of authentication failures is reset to 1. A - *failuretime* value of 0 (the default) means forever. - -.. _policy_lockoutduration: - -**-lockoutduration** *lockouttime* - (:ref:`duration` or :ref:`getdate` string) Sets the duration for - which the principal is locked from authenticating if too many - authentication failures occur without the specified failure count - interval elapsing. A duration of 0 (the default) means the - principal remains locked out until it is administratively unlocked - with ``modprinc -unlock``. - -**-allowedkeysalts** - Specifies the key/salt tuples supported for long-term keys when - setting or changing a principal's password/keys. See - :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a list of the - accepted values, but note that key/salt tuples must be separated - with commas (',') only. To clear the allowed key/salt policy use - a value of '-'. - -Example:: - - kadmin: add_policy -maxlife "2 days" -minlength 5 guests - kadmin: - -.. _modify_policy: - -modify_policy -~~~~~~~~~~~~~ - - **modify_policy** [*options*] *policy* - -Modifies the password policy named *policy*. Options are as described -for **add_policy**. - -This command requires the **modify** privilege. - -Alias: **modpol** - -.. _delete_policy: - -delete_policy -~~~~~~~~~~~~~ - - **delete_policy** [**-force**] *policy* - -Deletes the password policy named *policy*. Prompts for confirmation -before deletion. The command will fail if the policy is in use by any -principals. - -This command requires the **delete** privilege. - -Alias: **delpol** - -Example:: - - kadmin: del_policy guests - Are you sure you want to delete the policy "guests"? - (yes/no): yes - kadmin: - -.. _get_policy: - -get_policy -~~~~~~~~~~ - - **get_policy** [ **-terse** ] *policy* - -Displays the values of the password policy named *policy*. With the -**-terse** flag, outputs the fields as quoted strings separated by -tabs. - -This command requires the **inquire** privilege. - -Alias: **getpol** - -Examples:: - - kadmin: get_policy admin - Policy: admin - Maximum password life: 180 days 00:00:00 - Minimum password life: 00:00:00 - Minimum password length: 6 - Minimum number of password character classes: 2 - Number of old keys kept: 5 - Reference count: 17 - - kadmin: get_policy -terse admin - admin 15552000 0 6 2 5 17 - kadmin: - -The "Reference count" is the number of principals using that policy. -With the LDAP KDC database module, the reference count field is not -meaningful. - -.. _list_policies: - -list_policies -~~~~~~~~~~~~~ - - **list_policies** [*expression*] - -Retrieves all or some policy names. *expression* is a shell-style -glob expression that can contain the wild-card characters ``?``, -``*``, and ``[]``. All policy names matching the expression are -printed. If no expression is provided, all existing policy names are -printed. - -This command requires the **list** privilege. - -Aliases: **listpols**, **get_policies**, **getpols**. - -Examples:: - - kadmin: listpols - test-pol - dict-only - once-a-min - test-pol-nopw - - kadmin: listpols t* - test-pol - test-pol-nopw - kadmin: - -.. _ktadd: - -ktadd -~~~~~ - - | **ktadd** [options] *principal* - | **ktadd** [options] **-glob** *princ-exp* - -Adds a *principal*, or all principals matching *princ-exp*, to a -keytab file. Each principal's keys are randomized in the process. -The rules for *princ-exp* are described in the **list_principals** -command. - -This command requires the **inquire** and **changepw** privileges. -With the **-glob** form, it also requires the **list** privilege. - -The options are: - -**-k[eytab]** *keytab* - Use *keytab* as the keytab file. Otherwise, the default keytab is - used. - -**-e** *enc*:*salt*,... - Uses the specified keysalt list for setting the new keys of the - principal. See :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a - list of possible values. - -**-q** - Display less verbose information. - -**-norandkey** - Do not randomize the keys. The keys and their version numbers stay - unchanged. This option cannot be specified in combination with the - **-e** option. - -An entry for each of the principal's unique encryption types is added, -ignoring multiple keys with the same encryption type but different -salt types. - -Alias: **xst** - -Example:: - - kadmin: ktadd -k /tmp/foo-new-keytab host/foo.mit.edu - Entry for principal host/foo.mit.edu@ATHENA.MIT.EDU with kvno 3, - encryption type aes256-cts-hmac-sha1-96 added to keytab - FILE:/tmp/foo-new-keytab - kadmin: - -.. _ktremove: - -ktremove -~~~~~~~~ - - **ktremove** [options] *principal* [*kvno* | *all* | *old*] - -Removes entries for the specified *principal* from a keytab. Requires -no permissions, since this does not require database access. - -If the string "all" is specified, all entries for that principal are -removed; if the string "old" is specified, all entries for that -principal except those with the highest kvno are removed. Otherwise, -the value specified is parsed as an integer, and all entries whose -kvno match that integer are removed. - -The options are: - -**-k[eytab]** *keytab* - Use *keytab* as the keytab file. Otherwise, the default keytab is - used. - -**-q** - Display less verbose information. - -Alias: **ktrem** - -Example:: - - kadmin: ktremove kadmin/admin all - Entry for principal kadmin/admin with kvno 3 removed from keytab - FILE:/etc/krb5.keytab - kadmin: - -lock -~~~~ - -Lock database exclusively. Use with extreme caution! This command -only works with the DB2 KDC database module. - -unlock -~~~~~~ - -Release the exclusive database lock. - -list_requests -~~~~~~~~~~~~~ - -Lists available for kadmin requests. - -Aliases: **lr**, **?** - -quit -~~~~ - -Exit program. If the database was locked, the lock is released. - -Aliases: **exit**, **q** - - -HISTORY -------- - -The kadmin program was originally written by Tom Yu at MIT, as an -interface to the OpenVision Kerberos administration program. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kpasswd(1)`, :ref:`kadmind(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/admin/admin_commands/kadmind.rst b/krb5-1.21.3/doc/admin/admin_commands/kadmind.rst deleted file mode 100644 index 7e148263..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/kadmind.rst +++ /dev/null @@ -1,129 +0,0 @@ -.. _kadmind(8): - -kadmind -======= - -SYNOPSIS --------- - -**kadmind** -[**-x** *db_args*] -[**-r** *realm*] -[**-m**] -[**-nofork**] -[**-proponly**] -[**-port** *port-number*] -[**-P** *pid_file*] -[**-p** *kdb5_util_path*] -[**-K** *kprop_path*] -[**-k** *kprop_port*] -[**-F** *dump_file*] - -DESCRIPTION ------------ - -kadmind starts the Kerberos administration server. kadmind typically -runs on the primary Kerberos server, which stores the KDC database. -If the KDC database uses the LDAP module, the administration server -and the KDC server need not run on the same machine. kadmind accepts -remote requests from programs such as :ref:`kadmin(1)` and -:ref:`kpasswd(1)` to administer the information in these database. - -kadmind requires a number of configuration files to be set up in order -for it to work: - -:ref:`kdc.conf(5)` - The KDC configuration file contains configuration information for - the KDC and admin servers. kadmind uses settings in this file to - locate the Kerberos database, and is also affected by the - **acl_file**, **dict_file**, **kadmind_port**, and iprop-related - settings. - -:ref:`kadm5.acl(5)` - kadmind's ACL (access control list) tells it which principals are - allowed to perform administration actions. The pathname to the - ACL file can be specified with the **acl_file** :ref:`kdc.conf(5)` - variable; by default, it is |kdcdir|\ ``/kadm5.acl``. - -After the server begins running, it puts itself in the background and -disassociates itself from its controlling terminal. - -kadmind can be configured for incremental database propagation. -Incremental propagation allows replica KDC servers to receive -principal and policy updates incrementally instead of receiving full -dumps of the database. This facility can be enabled in the -:ref:`kdc.conf(5)` file with the **iprop_enable** option. Incremental -propagation requires the principal ``kiprop/PRIMARY\@REALM`` (where -PRIMARY is the primary KDC's canonical host name, and REALM the realm -name). In release 1.13, this principal is automatically created and -registered into the datebase. - - -OPTIONS -------- - -**-r** *realm* - specifies the realm that kadmind will serve; if it is not - specified, the default realm of the host is used. - -**-m** - causes the master database password to be fetched from the - keyboard (before the server puts itself in the background, if not - invoked with the **-nofork** option) rather than from a file on - disk. - -**-nofork** - causes the server to remain in the foreground and remain - associated to the terminal. - -**-proponly** - causes the server to only listen and respond to Kerberos replica - incremental propagation polling requests. This option can be used - to set up a hierarchical propagation topology where a replica KDC - provides incremental updates to other Kerberos replicas. - -**-port** *port-number* - specifies the port on which the administration server listens for - connections. The default port is determined by the - **kadmind_port** configuration variable in :ref:`kdc.conf(5)`. - -**-P** *pid_file* - specifies the file to which the PID of kadmind process should be - written after it starts up. This file can be used to identify - whether kadmind is still running and to allow init scripts to stop - the correct process. - -**-p** *kdb5_util_path* - specifies the path to the kdb5_util command to use when dumping the - KDB in response to full resync requests when iprop is enabled. - -**-K** *kprop_path* - specifies the path to the kprop command to use to send full dumps - to replicas in response to full resync requests. - -**-k** *kprop_port* - specifies the port by which the kprop process that is spawned by - kadmind connects to the replica kpropd, in order to transfer the - dump file during an iprop full resync request. - -**-F** *dump_file* - specifies the file path to be used for dumping the KDB in response - to full resync requests when iprop is enabled. - -**-x** *db_args* - specifies database-specific arguments. See :ref:`Database Options - ` in :ref:`kadmin(1)` for supported arguments. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kpasswd(1)`, :ref:`kadmin(1)`, :ref:`kdb5_util(8)`, -:ref:`kdb5_ldap_util(8)`, :ref:`kadm5.acl(5)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/admin/admin_commands/kdb5_ldap_util.rst b/krb5-1.21.3/doc/admin/admin_commands/kdb5_ldap_util.rst deleted file mode 100644 index 73a920f4..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/kdb5_ldap_util.rst +++ /dev/null @@ -1,449 +0,0 @@ -.. _kdb5_ldap_util(8): - -kdb5_ldap_util -=============== - -SYNOPSIS --------- - -.. _kdb5_ldap_util_synopsis: - -**kdb5_ldap_util** -[**-D** *user_dn* [**-w** *passwd*]] -[**-H** *ldapuri*] -**command** -[*command_options*] - -.. _kdb5_ldap_util_synopsis_end: - - -DESCRIPTION ------------ - -kdb5_ldap_util allows an administrator to manage realms, Kerberos -services and ticket policies. - - -COMMAND-LINE OPTIONS --------------------- - -.. _kdb5_ldap_util_options: - -**-r** *realm* - Specifies the realm to be operated on. - -**-D** *user_dn* - Specifies the Distinguished Name (DN) of the user who has - sufficient rights to perform the operation on the LDAP server. - -**-w** *passwd* - Specifies the password of *user_dn*. This option is not - recommended. - -**-H** *ldapuri* - Specifies the URI of the LDAP server. - -By default, kdb5_ldap_util operates on the default realm (as specified -in :ref:`krb5.conf(5)`) and connects and authenticates to the LDAP -server in the same manner as :ref:kadmind(8)` would given the -parameters in :ref:`dbdefaults` in :ref:`kdc.conf(5)`. - -.. _kdb5_ldap_util_options_end: - - -COMMANDS --------- - -create -~~~~~~ - -.. _kdb5_ldap_util_create: - - **create** - [**-subtrees** *subtree_dn_list*] - [**-sscope** *search_scope*] - [**-containerref** *container_reference_dn*] - [**-k** *mkeytype*] - [**-kv** *mkeyVNO*] - [**-M** *mkeyname*] - [**-m|-P** *password*\|\ **-sf** *stashfilename*] - [**-s**] - [**-maxtktlife** *max_ticket_life*] - [**-maxrenewlife** *max_renewable_ticket_life*] - [*ticket_flags*] - -Creates realm in directory. Options: - -**-subtrees** *subtree_dn_list* - Specifies the list of subtrees containing the principals of a - realm. The list contains the DNs of the subtree objects separated - by colon (``:``). - -**-sscope** *search_scope* - Specifies the scope for searching the principals under the - subtree. The possible values are 1 or one (one level), 2 or sub - (subtrees). - -**-containerref** *container_reference_dn* - Specifies the DN of the container object in which the principals - of a realm will be created. If the container reference is not - configured for a realm, the principals will be created in the - realm container. - -**-k** *mkeytype* - Specifies the key type of the master key in the database. The - default is given by the **master_key_type** variable in - :ref:`kdc.conf(5)`. - -**-kv** *mkeyVNO* - Specifies the version number of the master key in the database; - the default is 1. Note that 0 is not allowed. - -**-M** *mkeyname* - Specifies the principal name for the master key in the database. - If not specified, the name is determined by the - **master_key_name** variable in :ref:`kdc.conf(5)`. - -**-m** - Specifies that the master database password should be read from - the TTY rather than fetched from a file on the disk. - -**-P** *password* - Specifies the master database password. This option is not - recommended. - -**-sf** *stashfilename* - Specifies the stash file of the master database password. - -**-s** - Specifies that the stash file is to be created. - -**-maxtktlife** *max_ticket_life* - (:ref:`getdate` string) Specifies maximum ticket life for - principals in this realm. - -**-maxrenewlife** *max_renewable_ticket_life* - (:ref:`getdate` string) Specifies maximum renewable life of - tickets for principals in this realm. - -*ticket_flags* - Specifies global ticket flags for the realm. Allowable flags are - documented in the description of the **add_principal** command in - :ref:`kadmin(1)`. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU create -subtrees o=org -sscope SUB - Password for "cn=admin,o=org": - Initializing database for realm 'ATHENA.MIT.EDU' - You will be prompted for the database Master Password. - It is important that you NOT FORGET this password. - Enter KDC database master key: - Re-enter KDC database master key to verify: - -.. _kdb5_ldap_util_create_end: - -modify -~~~~~~ - -.. _kdb5_ldap_util_modify: - - **modify** - [**-subtrees** *subtree_dn_list*] - [**-sscope** *search_scope*] - [**-containerref** *container_reference_dn*] - [**-maxtktlife** *max_ticket_life*] - [**-maxrenewlife** *max_renewable_ticket_life*] - [*ticket_flags*] - -Modifies the attributes of a realm. Options: - -**-subtrees** *subtree_dn_list* - Specifies the list of subtrees containing the principals of a - realm. The list contains the DNs of the subtree objects separated - by colon (``:``). This list replaces the existing list. - -**-sscope** *search_scope* - Specifies the scope for searching the principals under the - subtrees. The possible values are 1 or one (one level), 2 or sub - (subtrees). - -**-containerref** *container_reference_dn* Specifies the DN of the - container object in which the principals of a realm will be - created. - -**-maxtktlife** *max_ticket_life* - (:ref:`getdate` string) Specifies maximum ticket life for - principals in this realm. - -**-maxrenewlife** *max_renewable_ticket_life* - (:ref:`getdate` string) Specifies maximum renewable life of - tickets for principals in this realm. - -*ticket_flags* - Specifies global ticket flags for the realm. Allowable flags are - documented in the description of the **add_principal** command in - :ref:`kadmin(1)`. - -Example:: - - shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H - ldaps://ldap-server1.mit.edu modify +requires_preauth - Password for "cn=admin,o=org": - shell% - -.. _kdb5_ldap_util_modify_end: - -view -~~~~ - -.. _kdb5_ldap_util_view: - - **view** - -Displays the attributes of a realm. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU view - Password for "cn=admin,o=org": - Realm Name: ATHENA.MIT.EDU - Subtree: ou=users,o=org - Subtree: ou=servers,o=org - SearchScope: ONE - Maximum ticket life: 0 days 01:00:00 - Maximum renewable life: 0 days 10:00:00 - Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE - -.. _kdb5_ldap_util_view_end: - -destroy -~~~~~~~ - -.. _kdb5_ldap_util_destroy: - - **destroy** [**-f**] - -Destroys an existing realm. Options: - -**-f** - If specified, will not prompt the user for confirmation. - -Example:: - - shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H - ldaps://ldap-server1.mit.edu destroy - Password for "cn=admin,o=org": - Deleting KDC database of 'ATHENA.MIT.EDU', are you sure? - (type 'yes' to confirm)? yes - OK, deleting database of 'ATHENA.MIT.EDU'... - shell% - -.. _kdb5_ldap_util_destroy_end: - -list -~~~~ - -.. _kdb5_ldap_util_list: - - **list** - -Lists the names of realms under the container. - -Example:: - - shell% kdb5_ldap_util -D cn=admin,o=org -H - ldaps://ldap-server1.mit.edu list - Password for "cn=admin,o=org": - ATHENA.MIT.EDU - OPENLDAP.MIT.EDU - MEDIA-LAB.MIT.EDU - shell% - -.. _kdb5_ldap_util_list_end: - -stashsrvpw -~~~~~~~~~~ - -.. _kdb5_ldap_util_stashsrvpw: - - **stashsrvpw** - [**-f** *filename*] - *name* - -Allows an administrator to store the password for service object in a -file so that KDC and Administration server can use it to authenticate -to the LDAP server. Options: - -**-f** *filename* - Specifies the complete path of the service password file. By - default, ``/usr/local/var/service_passwd`` is used. - -*name* - Specifies the name of the object whose password is to be stored. - If :ref:`krb5kdc(8)` or :ref:`kadmind(8)` are configured for - simple binding, this should be the distinguished name it will - use as given by the **ldap_kdc_dn** or **ldap_kadmind_dn** - variable in :ref:`kdc.conf(5)`. If the KDC or kadmind is - configured for SASL binding, this should be the authentication - name it will use as given by the **ldap_kdc_sasl_authcid** or - **ldap_kadmind_sasl_authcid** variable. - -Example:: - - kdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile - cn=service-kdc,o=org - Password for "cn=service-kdc,o=org": - Re-enter password for "cn=service-kdc,o=org": - -.. _kdb5_ldap_util_stashsrvpw_end: - -create_policy -~~~~~~~~~~~~~ - -.. _kdb5_ldap_util_create_policy: - - **create_policy** - [**-maxtktlife** *max_ticket_life*] - [**-maxrenewlife** *max_renewable_ticket_life*] - [*ticket_flags*] - *policy_name* - -Creates a ticket policy in the directory. Options: - -**-maxtktlife** *max_ticket_life* - (:ref:`getdate` string) Specifies maximum ticket life for - principals. - -**-maxrenewlife** *max_renewable_ticket_life* - (:ref:`getdate` string) Specifies maximum renewable life of - tickets for principals. - -*ticket_flags* - Specifies the ticket flags. If this option is not specified, by - default, no restriction will be set by the policy. Allowable - flags are documented in the description of the **add_principal** - command in :ref:`kadmin(1)`. - -*policy_name* - Specifies the name of the ticket policy. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU create_policy -maxtktlife "1 day" - -maxrenewlife "1 week" -allow_postdated +needchange - -allow_forwardable tktpolicy - Password for "cn=admin,o=org": - -.. _kdb5_ldap_util_create_policy_end: - -modify_policy -~~~~~~~~~~~~~ - -.. _kdb5_ldap_util_modify_policy: - - **modify_policy** - [**-maxtktlife** *max_ticket_life*] - [**-maxrenewlife** *max_renewable_ticket_life*] - [*ticket_flags*] - *policy_name* - -Modifies the attributes of a ticket policy. Options are same as for -**create_policy**. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H - ldaps://ldap-server1.mit.edu -r ATHENA.MIT.EDU modify_policy - -maxtktlife "60 minutes" -maxrenewlife "10 hours" - +allow_postdated -requires_preauth tktpolicy - Password for "cn=admin,o=org": - -.. _kdb5_ldap_util_modify_policy_end: - -view_policy -~~~~~~~~~~~ - -.. _kdb5_ldap_util_view_policy: - - **view_policy** - *policy_name* - -Displays the attributes of the named ticket policy. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU view_policy tktpolicy - Password for "cn=admin,o=org": - Ticket policy: tktpolicy - Maximum ticket life: 0 days 01:00:00 - Maximum renewable life: 0 days 10:00:00 - Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE - -.. _kdb5_ldap_util_view_policy_end: - -destroy_policy -~~~~~~~~~~~~~~ - -.. _kdb5_ldap_util_destroy_policy: - - **destroy_policy** - [**-force**] - *policy_name* - -Destroys an existing ticket policy. Options: - -**-force** - Forces the deletion of the policy object. If not specified, the - user will be prompted for confirmation before deleting the policy. - -*policy_name* - Specifies the name of the ticket policy. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU destroy_policy tktpolicy - Password for "cn=admin,o=org": - This will delete the policy object 'tktpolicy', are you sure? - (type 'yes' to confirm)? yes - ** policy object 'tktpolicy' deleted. - -.. _kdb5_ldap_util_destroy_policy_end: - -list_policy -~~~~~~~~~~~ - -.. _kdb5_ldap_util_list_policy: - - **list_policy** - -Lists ticket policies. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU list_policy - Password for "cn=admin,o=org": - tktpolicy - tmppolicy - userpolicy - -.. _kdb5_ldap_util_list_policy_end: - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/admin/admin_commands/kdb5_util.rst b/krb5-1.21.3/doc/admin/admin_commands/kdb5_util.rst deleted file mode 100644 index 444c58bc..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/kdb5_util.rst +++ /dev/null @@ -1,502 +0,0 @@ -.. _kdb5_util(8): - -kdb5_util -========= - -SYNOPSIS --------- - -.. _kdb5_util_synopsis: - -**kdb5_util** -[**-r** *realm*] -[**-d** *dbname*] -[**-k** *mkeytype*] -[**-kv** *mkeyVNO*] -[**-M** *mkeyname*] -[**-m**] -[**-sf** *stashfilename*] -[**-P** *password*] -[**-x** *db_args*] -*command* [*command_options*] - -.. _kdb5_util_synopsis_end: - -DESCRIPTION ------------ - -kdb5_util allows an administrator to perform maintenance procedures on -the KDC database. Databases can be created, destroyed, and dumped to -or loaded from ASCII files. kdb5_util can create a Kerberos master -key stash file or perform live rollover of the master key. - -When kdb5_util is run, it attempts to acquire the master key and open -the database. However, execution continues regardless of whether or -not kdb5_util successfully opens the database, because the database -may not exist yet or the stash file may be corrupt. - -Note that some KDC database modules may not support all kdb5_util -commands. - - -COMMAND-LINE OPTIONS --------------------- - -.. _kdb5_util_options: - -**-r** *realm* - specifies the Kerberos realm of the database. - -**-d** *dbname* - specifies the name under which the principal database is stored; - by default the database is that listed in :ref:`kdc.conf(5)`. The - password policy database and lock files are also derived from this - value. - -**-k** *mkeytype* - specifies the key type of the master key in the database. The - default is given by the **master_key_type** variable in - :ref:`kdc.conf(5)`. - -**-kv** *mkeyVNO* - Specifies the version number of the master key in the database; - the default is 1. Note that 0 is not allowed. - -**-M** *mkeyname* - principal name for the master key in the database. If not - specified, the name is determined by the **master_key_name** - variable in :ref:`kdc.conf(5)`. - -**-m** - specifies that the master database password should be read from - the keyboard rather than fetched from a file on disk. - -**-sf** *stash_file* - specifies the stash filename of the master database password. If - not specified, the filename is determined by the - **key_stash_file** variable in :ref:`kdc.conf(5)`. - -**-P** *password* - specifies the master database password. Using this option may - expose the password to other users on the system via the process - list. - -**-x** *db_args* - specifies database-specific options. See :ref:`kadmin(1)` for - supported options. - -.. _kdb5_util_options_end: - - -COMMANDS --------- - -create -~~~~~~ - -.. _kdb5_util_create: - - **create** [**-s**] - -Creates a new database. If the **-s** option is specified, the stash -file is also created. This command fails if the database already -exists. If the command is successful, the database is opened just as -if it had already existed when the program was first run. - -.. _kdb5_util_create_end: - -destroy -~~~~~~~ - -.. _kdb5_util_destroy: - - **destroy** [**-f**] - -Destroys the database, first overwriting the disk sectors and then -unlinking the files, after prompting the user for confirmation. With -the **-f** argument, does not prompt the user. - -.. _kdb5_util_destroy_end: - -stash -~~~~~ - -.. _kdb5_util_stash: - - **stash** [**-f** *keyfile*] - -Stores the master principal's keys in a stash file. The **-f** -argument can be used to override the *keyfile* specified in -:ref:`kdc.conf(5)`. - -.. _kdb5_util_stash_end: - -dump -~~~~ - -.. _kdb5_util_dump: - - **dump** [**-b7**\|\ **-r13**\|\ **-r18**] - [**-verbose**] [**-mkey_convert**] [**-new_mkey_file** - *mkey_file*] [**-rev**] [**-recurse**] [*filename* - [*principals*...]] - -Dumps the current Kerberos and KADM5 database into an ASCII file. By -default, the database is dumped in current format, "kdb5_util -load_dump version 7". If filename is not specified, or is the string -"-", the dump is sent to standard output. Options: - -**-b7** - causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util - load_dump version 4"). This was the dump format produced on - releases prior to 1.2.2. - -**-r13** - causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util - load_dump version 5"). This was the dump format produced on - releases prior to 1.8. - -**-r18** - causes the dump to be in the Kerberos 5 1.8 format ("kdb5_util - load_dump version 6"). This was the dump format produced on - releases prior to 1.11. - -**-verbose** - causes the name of each principal and policy to be printed as it - is dumped. - -**-mkey_convert** - prompts for a new master key. This new master key will be used to - re-encrypt principal key data in the dumpfile. The principal keys - themselves will not be changed. - -**-new_mkey_file** *mkey_file* - the filename of a stash file. The master key in this stash file - will be used to re-encrypt the key data in the dumpfile. The key - data in the database will not be changed. - -**-rev** - dumps in reverse order. This may recover principals that do not - dump normally, in cases where database corruption has occurred. - -**-recurse** - causes the dump to walk the database recursively (btree only). - This may recover principals that do not dump normally, in cases - where database corruption has occurred. In cases of such - corruption, this option will probably retrieve more principals - than the **-rev** option will. - - .. versionchanged:: 1.15 - Release 1.15 restored the functionality of the **-recurse** - option. - - .. versionchanged:: 1.5 - The **-recurse** option ceased working until release 1.15, - doing a normal dump instead of a recursive traversal. - -.. _kdb5_util_dump_end: - -load -~~~~ - -.. _kdb5_util_load: - - **load** [**-b7**\|\ **-r13**\|\ **-r18**] [**-hash**] - [**-verbose**] [**-update**] *filename* - -Loads a database dump from the named file into the named database. If -no option is given to determine the format of the dump file, the -format is detected automatically and handled as appropriate. Unless -the **-update** option is given, **load** creates a new database -containing only the data in the dump file, overwriting the contents of -any previously existing database. Note that when using the LDAP KDC -database module, the **-update** flag is required. - -Options: - -**-b7** - requires the database to be in the Kerberos 5 Beta 7 format - ("kdb5_util load_dump version 4"). This was the dump format - produced on releases prior to 1.2.2. - -**-r13** - requires the database to be in Kerberos 5 1.3 format ("kdb5_util - load_dump version 5"). This was the dump format produced on - releases prior to 1.8. - -**-r18** - requires the database to be in Kerberos 5 1.8 format ("kdb5_util - load_dump version 6"). This was the dump format produced on - releases prior to 1.11. - -**-hash** - stores the database in hash format, if using the DB2 database - type. If this option is not specified, the database will be - stored in btree format. This option is not recommended, as - databases stored in hash format are known to corrupt data and lose - principals. - -**-verbose** - causes the name of each principal and policy to be printed as it - is dumped. - -**-update** - records from the dump file are added to or updated in the existing - database. Otherwise, a new database is created containing only - what is in the dump file and the old one destroyed upon successful - completion. - -.. _kdb5_util_load_end: - -ark -~~~ - - **ark** [**-e** *enc*:*salt*,...] *principal* - -Adds new random keys to *principal* at the next available key version -number. Keys for the current highest key version number will be -preserved. The **-e** option specifies the list of encryption and -salt types to be used for the new keys. - -add_mkey -~~~~~~~~ - - **add_mkey** [**-e** *etype*] [**-s**] - -Adds a new master key to the master key principal, but does not mark -it as active. Existing master keys will remain. The **-e** option -specifies the encryption type of the new master key; see -:ref:`Encryption_types` in :ref:`kdc.conf(5)` for a list of possible -values. The **-s** option stashes the new master key in the stash -file, which will be created if it doesn't already exist. - -After a new master key is added, it should be propagated to replica -servers via a manual or periodic invocation of :ref:`kprop(8)`. Then, -the stash files on the replica servers should be updated with the -kdb5_util **stash** command. Once those steps are complete, the key -is ready to be marked active with the kdb5_util **use_mkey** command. - -use_mkey -~~~~~~~~ - - **use_mkey** *mkeyVNO* [*time*] - -Sets the activation time of the master key specified by *mkeyVNO*. -Once a master key becomes active, it will be used to encrypt newly -created principal keys. If no *time* argument is given, the current -time is used, causing the specified master key version to become -active immediately. The format for *time* is :ref:`getdate` string. - -After a new master key becomes active, the kdb5_util -**update_princ_encryption** command can be used to update all -principal keys to be encrypted in the new master key. - -list_mkeys -~~~~~~~~~~ - - **list_mkeys** - -List all master keys, from most recent to earliest, in the master key -principal. The output will show the kvno, enctype, and salt type for -each mkey, similar to the output of :ref:`kadmin(1)` **getprinc**. A -``*`` following an mkey denotes the currently active master key. - -purge_mkeys -~~~~~~~~~~~ - - **purge_mkeys** [**-f**] [**-n**] [**-v**] - -Delete master keys from the master key principal that are not used to -protect any principals. This command can be used to remove old master -keys all principal keys are protected by a newer master key. - -**-f** - does not prompt for confirmation. - -**-n** - performs a dry run, showing master keys that would be purged, but - not actually purging any keys. - -**-v** - gives more verbose output. - -update_princ_encryption -~~~~~~~~~~~~~~~~~~~~~~~ - - **update_princ_encryption** [**-f**] [**-n**] [**-v**] - [*princ-pattern*] - -Update all principal records (or only those matching the -*princ-pattern* glob pattern) to re-encrypt the key data using the -active database master key, if they are encrypted using a different -version, and give a count at the end of the number of principals -updated. If the **-f** option is not given, ask for confirmation -before starting to make changes. The **-v** option causes each -principal processed to be listed, with an indication as to whether it -needed updating or not. The **-n** option performs a dry run, only -showing the actions which would have been taken. - -tabdump -~~~~~~~ - - **tabdump** [**-H**] [**-c**] [**-e**] [**-n**] [**-o** *outfile*] - *dumptype* - -Dump selected fields of the database in a tabular format suitable for -reporting (e.g., using traditional Unix text processing tools) or -importing into relational databases. The data format is tab-separated -(default), or optionally comma-separated (CSV), with a fixed number of -columns. The output begins with a header line containing field names, -unless suppression is requested using the **-H** option. - -The *dumptype* parameter specifies the name of an output table (see -below). - -Options: - -**-H** - suppress writing the field names in a header line - -**-c** - use comma separated values (CSV) format, with minimal quoting, - instead of the default tab-separated (unquoted, unescaped) format - -**-e** - write empty hexadecimal string fields as empty fields instead of - as "-1". - -**-n** - produce numeric output for fields that normally have symbolic - output, such as enctypes and flag names. Also requests output of - time stamps as decimal POSIX time_t values. - -**-o** *outfile* - write the dump to the specified output file instead of to standard - output - -Dump types: - -**keydata** - principal encryption key information, including actual key data - (which is still encrypted in the master key) - - **name** - principal name - **keyindex** - index of this key in the principal's key list - **kvno** - key version number - **enctype** - encryption type - **key** - key data as a hexadecimal string - **salttype** - salt type - **salt** - salt data as a hexadecimal string - -**keyinfo** - principal encryption key information (as in **keydata** above), - excluding actual key data - -**princ_flags** - principal boolean attributes. Flag names print as hexadecimal - numbers if the **-n** option is specified, and all flag positions - are printed regardless of whether or not they are set. If **-n** - is not specified, print all known flag names for each principal, - but only print hexadecimal flag names if the corresponding flag is - set. - - **name** - principal name - **flag** - flag name - **value** - boolean value (0 for clear, or 1 for set) - -**princ_lockout** - state information used for tracking repeated password failures - - **name** - principal name - **last_success** - time stamp of most recent successful authentication - **last_failed** - time stamp of most recent failed authentication - **fail_count** - count of failed attempts - -**princ_meta** - principal metadata - - **name** - principal name - **modby** - name of last principal to modify this principal - **modtime** - timestamp of last modification - **lastpwd** - timestamp of last password change - **policy** - policy object name - **mkvno** - key version number of the master key that encrypts this - principal's key data - **hist_kvno** - key version number of the history key that encrypts the key - history data for this principal - -**princ_stringattrs** - string attributes (key/value pairs) - - **name** - principal name - **key** - attribute name - **value** - attribute value - -**princ_tktpolicy** - per-principal ticket policy data, including maximum ticket - lifetimes - - **name** - principal name - **expiration** - principal expiration date - **pw_expiration** - password expiration date - **max_life** - maximum ticket lifetime - **max_renew_life** - maximum renewable ticket lifetime - -Examples:: - - $ kdb5_util tabdump -o keyinfo.txt keyinfo - $ cat keyinfo.txt - name keyindex kvno enctype salttype salt - K/M@EXAMPLE.COM 0 1 aes256-cts-hmac-sha384-192 normal -1 - foo@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1 - bar@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1 - $ sqlite3 - sqlite> .mode tabs - sqlite> .import keyinfo.txt keyinfo - sqlite> select * from keyinfo where enctype like 'aes256-%'; - K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1 - sqlite> .quit - $ awk -F'\t' '$4 ~ /aes256-/ { print }' keyinfo.txt - K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1 - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/admin/admin_commands/kprop.rst b/krb5-1.21.3/doc/admin/admin_commands/kprop.rst deleted file mode 100644 index a118b262..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/kprop.rst +++ /dev/null @@ -1,60 +0,0 @@ -.. _kprop(8): - -kprop -===== - -SYNOPSIS --------- - -**kprop** -[**-r** *realm*] -[**-f** *file*] -[**-d**] -[**-P** *port*] -[**-s** *keytab*] -*replica_host* - - -DESCRIPTION ------------ - -kprop is used to securely propagate a Kerberos V5 database dump file -from the primary Kerberos server to a replica Kerberos server, which is -specified by *replica_host*. The dump file must be created by -:ref:`kdb5_util(8)`. - - -OPTIONS -------- - -**-r** *realm* - Specifies the realm of the primary server. - -**-f** *file* - Specifies the filename where the dumped principal database file is - to be found; by default the dumped database file is normally - |kdcdir|\ ``/replica_datatrans``. - -**-P** *port* - Specifies the port to use to contact the :ref:`kpropd(8)` server - on the remote host. - -**-d** - Prints debugging information. - -**-s** *keytab* - Specifies the location of the keytab file. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kpropd(8)`, :ref:`kdb5_util(8)`, :ref:`krb5kdc(8)`, -:ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/admin/admin_commands/kpropd.rst b/krb5-1.21.3/doc/admin/admin_commands/kpropd.rst deleted file mode 100644 index 30c66c7e..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/kpropd.rst +++ /dev/null @@ -1,144 +0,0 @@ -.. _kpropd(8): - -kpropd -====== - -SYNOPSIS --------- - -**kpropd** -[**-r** *realm*] -[**-A** *admin_server*] -[**-a** *acl_file*] -[**-f** *replica_dumpfile*] -[**-F** *principal_database*] -[**-p** *kdb5_util_prog*] -[**-P** *port*] -[**--pid-file**\ =\ *pid_file*] -[**-D**] -[**-d**] -[**-s** *keytab_file*] - -DESCRIPTION ------------ - -The *kpropd* command runs on the replica KDC server. It listens for -update requests made by the :ref:`kprop(8)` program. If incremental -propagation is enabled, it periodically requests incremental updates -from the primary KDC. - -When the replica receives a kprop request from the primary, kpropd -accepts the dumped KDC database and places it in a file, and then runs -:ref:`kdb5_util(8)` to load the dumped database into the active -database which is used by :ref:`krb5kdc(8)`. This allows the primary -Kerberos server to use :ref:`kprop(8)` to propagate its database to -the replica servers. Upon a successful download of the KDC database -file, the replica Kerberos server will have an up-to-date KDC -database. - -Where incremental propagation is not used, kpropd is commonly invoked -out of inetd(8) as a nowait service. This is done by adding a line to -the ``/etc/inetd.conf`` file which looks like this:: - - kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd - -kpropd can also run as a standalone daemon, backgrounding itself and -waiting for connections on port 754 (or the port specified with the -**-P** option if given). Standalone mode is required for incremental -propagation. Starting in release 1.11, kpropd automatically detects -whether it was run from inetd and runs in standalone mode if it is -not. Prior to release 1.11, the **-S** option is required to run -kpropd in standalone mode; this option is now accepted for backward -compatibility but does nothing. - -Incremental propagation may be enabled with the **iprop_enable** -variable in :ref:`kdc.conf(5)`. If incremental propagation is -enabled, the replica periodically polls the primary KDC for updates, at -an interval determined by the **iprop_replica_poll** variable. If the -replica receives updates, kpropd updates its log file with any updates -from the primary. :ref:`kproplog(8)` can be used to view a summary of -the update entry log on the replica KDC. If incremental propagation -is enabled, the principal ``kiprop/replicahostname@REALM`` (where -*replicahostname* is the name of the replica KDC host, and *REALM* is -the name of the Kerberos realm) must be present in the replica's -keytab file. - -:ref:`kproplog(8)` can be used to force full replication when iprop is -enabled. - - -OPTIONS --------- - -**-r** *realm* - Specifies the realm of the primary server. - -**-A** *admin_server* - Specifies the server to be contacted for incremental updates; by - default, the primary admin server is contacted. - -**-f** *file* - Specifies the filename where the dumped principal database file is - to be stored; by default the dumped database file is |kdcdir|\ - ``/from_master``. - -**-F** *kerberos_db* - Path to the Kerberos database file, if not the default. - -**-p** - Allows the user to specify the pathname to the :ref:`kdb5_util(8)` - program; by default the pathname used is |sbindir|\ - ``/kdb5_util``. - -**-D** - In this mode, kpropd will not detach itself from the current job - and run in the background. Instead, it will run in the - foreground. - -**-d** - Turn on debug mode. kpropd will print out debugging messages - during the database propogation and will run in the foreground - (implies **-D**). - -**-P** - Allow for an alternate port number for kpropd to listen on. This - is only useful in combination with the **-S** option. - -**-a** *acl_file* - Allows the user to specify the path to the kpropd.acl file; by - default the path used is |kdcdir|\ ``/kpropd.acl``. - -**--pid-file**\ =\ *pid_file* - In standalone mode, write the process ID of the daemon into - *pid_file*. - -**-s** *keytab_file* - Path to a keytab to use for acquiring acceptor credentials. - -**-x** *db_args* - Database-specific arguments. See :ref:`Database Options - ` in :ref:`kadmin(1)` for supported arguments. - - -FILES ------ - -kpropd.acl - Access file for kpropd; the default location is - ``/usr/local/var/krb5kdc/kpropd.acl``. Each entry is a line - containing the principal of a host from which the local machine - will allow Kerberos database propagation via :ref:`kprop(8)`. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kprop(8)`, :ref:`kdb5_util(8)`, :ref:`krb5kdc(8)`, -:ref:`kerberos(7)`, inetd(8) diff --git a/krb5-1.21.3/doc/admin/admin_commands/kproplog.rst b/krb5-1.21.3/doc/admin/admin_commands/kproplog.rst deleted file mode 100644 index 3b72cfa0..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/kproplog.rst +++ /dev/null @@ -1,85 +0,0 @@ -.. _kproplog(8): - -kproplog -======== - -SYNOPSIS --------- - -**kproplog** [**-h**] [**-e** *num*] [-v] -**kproplog** [-R] - - -DESCRIPTION ------------ - -The kproplog command displays the contents of the KDC database update -log to standard output. It can be used to keep track of incremental -updates to the principal database. The update log file contains the -update log maintained by the :ref:`kadmind(8)` process on the primary -KDC server and the :ref:`kpropd(8)` process on the replica KDC -servers. When updates occur, they are logged to this file. -Subsequently any KDC replica configured for incremental updates will -request the current data from the primary KDC and update their log -file with any updates returned. - -The kproplog command requires read access to the update log file. It -will display update entries only for the KDC it runs on. - -If no options are specified, kproplog displays a summary of the update -log. If invoked on the primary, kproplog also displays all of the -update entries. If invoked on a replica KDC server, kproplog displays -only a summary of the updates, which includes the serial number of the -last update received and the associated time stamp of the last update. - - -OPTIONS -------- - -**-R** - Reset the update log. This forces full resynchronization. If - used on a replica then that replica will request a full resync. - If used on the primary then all replicas will request full - resyncs. - -**-h** - Display a summary of the update log. This information includes - the database version number, state of the database, the number of - updates in the log, the time stamp of the first and last update, - and the version number of the first and last update entry. - -**-e** *num* - Display the last *num* update entries in the log. This is useful - when debugging synchronization between KDC servers. - -**-v** - Display individual attributes per update. An example of the - output generated for one entry:: - - Update Entry - Update serial # : 4 - Update operation : Add - Update principal : test@EXAMPLE.COM - Update size : 424 - Update committed : True - Update time stamp : Fri Feb 20 23:37:42 2004 - Attributes changed : 6 - Principal - Key data - Password last changed - Modifying principal - Modification time - TL data - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kpropd(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/admin/admin_commands/krb5kdc.rst b/krb5-1.21.3/doc/admin/admin_commands/krb5kdc.rst deleted file mode 100644 index 631a0de8..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/krb5kdc.rst +++ /dev/null @@ -1,114 +0,0 @@ -.. _krb5kdc(8): - -krb5kdc -======= - -SYNOPSIS --------- - -**krb5kdc** -[**-x** *db_args*] -[**-d** *dbname*] -[**-k** *keytype*] -[**-M** *mkeyname*] -[**-p** *portnum*] -[**-m**] -[**-r** *realm*] -[**-n**] -[**-w** *numworkers*] -[**-P** *pid_file*] -[**-T** *time_offset*] - - -DESCRIPTION ------------ - -krb5kdc is the Kerberos version 5 Authentication Service and Key -Distribution Center (AS/KDC). - - -OPTIONS -------- - -The **-r** *realm* option specifies the realm for which the server -should provide service. This option may be specified multiple times -to serve multiple realms. If no **-r** option is given, the default -realm (as specified in :ref:`krb5.conf(5)`) will be served. - -The **-d** *dbname* option specifies the name under which the -principal database can be found. This option does not apply to the -LDAP database. - -The **-k** *keytype* option specifies the key type of the master key -to be entered manually as a password when **-m** is given; the default -is |defmkey|. - -The **-M** *mkeyname* option specifies the principal name for the -master key in the database (usually ``K/M`` in the KDC's realm). - -The **-m** option specifies that the master database password should -be fetched from the keyboard rather than from a stash file. - -The **-n** option specifies that the KDC does not put itself in the -background and does not disassociate itself from the terminal. - -The **-P** *pid_file* option tells the KDC to write its PID into -*pid_file* after it starts up. This can be used to identify whether -the KDC is still running and to allow init scripts to stop the correct -process. - -The **-p** *portnum* option specifies the default UDP and TCP port -numbers which the KDC should listen on for Kerberos version 5 -requests, as a comma-separated list. This value overrides the port -numbers specified in the :ref:`kdcdefaults` section of -:ref:`kdc.conf(5)`, but may be overridden by realm-specific values. -If no value is given from any source, the default port is 88. - -The **-w** *numworkers* option tells the KDC to fork *numworkers* -processes to listen to the KDC ports and process requests in parallel. -The top level KDC process (whose pid is recorded in the pid file if -the **-P** option is also given) acts as a supervisor. The supervisor -will relay SIGHUP signals to the worker subprocesses, and will -terminate the worker subprocess if the it is itself terminated or if -any other worker process exits. - -The **-x** *db_args* option specifies database-specific arguments. -See :ref:`Database Options ` in :ref:`kadmin(1)` for -supported arguments. - -The **-T** *offset* option specifies a time offset, in seconds, which -the KDC will operate under. It is intended only for testing purposes. - -EXAMPLE -------- - -The KDC may service requests for multiple realms (maximum 32 realms). -The realms are listed on the command line. Per-realm options that can -be specified on the command line pertain for each realm that follows -it and are superseded by subsequent definitions of the same option. - -For example:: - - krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3 - -specifies that the KDC listen on port 2001 for REALM1 and on port 2002 -for REALM2 and REALM3. Additionally, per-realm parameters may be -specified in the :ref:`kdc.conf(5)` file. The location of this file -may be specified by the **KRB5_KDC_PROFILE** environment variable. -Per-realm parameters specified in this file take precedence over -options specified on the command line. See the :ref:`kdc.conf(5)` -description for further details. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kdb5_util(8)`, :ref:`kdc.conf(5)`, :ref:`krb5.conf(5)`, -:ref:`kdb5_ldap_util(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/admin/admin_commands/ktutil.rst b/krb5-1.21.3/doc/admin/admin_commands/ktutil.rst deleted file mode 100644 index fd83f0ad..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/ktutil.rst +++ /dev/null @@ -1,129 +0,0 @@ -.. _ktutil(1): - -ktutil -====== - -SYNOPSIS --------- - -**ktutil** - - -DESCRIPTION ------------ - -The ktutil command invokes a command interface from which an -administrator can read, write, or edit entries in a keytab. (Kerberos -V4 srvtab files are no longer supported.) - - -COMMANDS --------- - -list -~~~~ - - **list** [**-t**] [**-k**] [**-e**] - -Displays the current keylist. If **-t**, **-k**, and/or **-e** are -specified, also display the timestamp, key contents, or enctype -(respectively). - -Alias: **l** - -read_kt -~~~~~~~ - - **read_kt** *keytab* - -Read the Kerberos V5 keytab file *keytab* into the current keylist. - -Alias: **rkt** - -write_kt -~~~~~~~~ - - **write_kt** *keytab* - -Write the current keylist into the Kerberos V5 keytab file *keytab*. - -Alias: **wkt** - -clear_list -~~~~~~~~~~ - - **clear_list** - -Clear the current keylist. - -Alias: **clear** - -delete_entry -~~~~~~~~~~~~ - - **delete_entry** *slot* - -Delete the entry in slot number *slot* from the current keylist. - -Alias: **delent** - -add_entry -~~~~~~~~~ - - **add_entry** {**-key**\|\ **-password**} **-p** *principal* - **-k** *kvno* [**-e** *enctype*] [**-f**\|\ **-s** *salt*] - -Add *principal* to keylist using key or password. If the **-f** flag -is specified, salt information will be fetched from the KDC; in this -case the **-e** flag may be omitted, or it may be supplied to force a -particular enctype. If the **-f** flag is not specified, the **-e** -flag must be specified, and the default salt will be used unless -overridden with the **-s** option. - -Alias: **addent** - -list_requests -~~~~~~~~~~~~~ - - **list_requests** - -Displays a listing of available commands. - -Aliases: **lr**, **?** - -quit -~~~~ - - **quit** - -Quits ktutil. - -Aliases: **exit**, **q** - - -EXAMPLE -------- - - :: - - ktutil: add_entry -password -p alice@BLEEP.COM -k 1 -e - aes128-cts-hmac-sha1-96 - Password for alice@BLEEP.COM: - ktutil: add_entry -password -p alice@BLEEP.COM -k 1 -e - aes256-cts-hmac-sha1-96 - Password for alice@BLEEP.COM: - ktutil: write_kt alice.keytab - ktutil: - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`kdb5_util(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/admin/admin_commands/sserver.rst b/krb5-1.21.3/doc/admin/admin_commands/sserver.rst deleted file mode 100644 index a8dcf5d5..00000000 --- a/krb5-1.21.3/doc/admin/admin_commands/sserver.rst +++ /dev/null @@ -1,112 +0,0 @@ -.. _sserver(8): - -sserver -======= - -SYNOPSIS --------- - -**sserver** -[ **-p** *port* ] -[ **-S** *keytab* ] -[ *server_port* ] - - -DESCRIPTION ------------ - -sserver and :ref:`sclient(1)` are a simple demonstration client/server -application. When sclient connects to sserver, it performs a Kerberos -authentication, and then sserver returns to sclient the Kerberos -principal which was used for the Kerberos authentication. It makes a -good test that Kerberos has been successfully installed on a machine. - -The service name used by sserver and sclient is sample. Hence, -sserver will require that there be a keytab entry for the service -``sample/hostname.domain.name@REALM.NAME``. This keytab is generated -using the :ref:`kadmin(1)` program. The keytab file is usually -installed as |keytab|. - -The **-S** option allows for a different keytab than the default. - -sserver is normally invoked out of inetd(8), using a line in -``/etc/inetd.conf`` that looks like this:: - - sample stream tcp nowait root /usr/local/sbin/sserver sserver - -Since ``sample`` is normally not a port defined in ``/etc/services``, -you will usually have to add a line to ``/etc/services`` which looks -like this:: - - sample 13135/tcp - -When using sclient, you will first have to have an entry in the -Kerberos database, by using :ref:`kadmin(1)`, and then you have to get -Kerberos tickets, by using :ref:`kinit(1)`. Also, if you are running -the sclient program on a different host than the sserver it will be -connecting to, be sure that both hosts have an entry in /etc/services -for the sample tcp port, and that the same port number is in both -files. - -When you run sclient you should see something like this:: - - sendauth succeeded, reply is: - reply len 32, contents: - You are nlgilman@JIMI.MIT.EDU - - -COMMON ERROR MESSAGES ---------------------- - -1) kinit returns the error:: - - kinit: Client not found in Kerberos database while getting - initial credentials - - This means that you didn't create an entry for your username in the - Kerberos database. - -2) sclient returns the error:: - - unknown service sample/tcp; check /etc/services - - This means that you don't have an entry in /etc/services for the - sample tcp port. - -3) sclient returns the error:: - - connect: Connection refused - - This probably means you didn't edit /etc/inetd.conf correctly, or - you didn't restart inetd after editing inetd.conf. - -4) sclient returns the error:: - - sclient: Server not found in Kerberos database while using - sendauth - - This means that the ``sample/hostname@LOCAL.REALM`` service was not - defined in the Kerberos database; it should be created using - :ref:`kadmin(1)`, and a keytab file needs to be generated to make - the key for that service principal available for sclient. - -5) sclient returns the error:: - - sendauth rejected, error reply is: - "No such file or directory" - - This probably means sserver couldn't find the keytab file. It was - probably not installed in the proper directory. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`sclient(1)`, :ref:`kerberos(7)`, services(5), inetd(8) diff --git a/krb5-1.21.3/doc/admin/advanced/index.rst b/krb5-1.21.3/doc/admin/advanced/index.rst deleted file mode 100644 index 834f453c..00000000 --- a/krb5-1.21.3/doc/admin/advanced/index.rst +++ /dev/null @@ -1,8 +0,0 @@ -Advanced topics -=============== - - -.. toctree:: - :maxdepth: 1 - - retiring-des.rst diff --git a/krb5-1.21.3/doc/admin/advanced/retiring-des.rst b/krb5-1.21.3/doc/admin/advanced/retiring-des.rst deleted file mode 100644 index 38f76d3f..00000000 --- a/krb5-1.21.3/doc/admin/advanced/retiring-des.rst +++ /dev/null @@ -1,422 +0,0 @@ -.. _retiring-des: - -Retiring DES -======================= - -Version 5 of the Kerberos protocol was originally implemented using -the Data Encryption Standard (DES) as a block cipher for encryption. -While it was considered secure at the time, advancements in computational -ability have rendered DES vulnerable to brute force attacks on its 56-bit -keyspace. As such, it is now considered insecure and should not be -used (:rfc:`6649`). - -History -------- - -DES was used in the original Kerberos implementation, and was the -only cryptosystem in krb5 1.0. Partial support for triple-DES (3DES) was -added in version 1.1, with full support following in version 1.2. -The Advanced Encryption Standard (AES), which supersedes DES, gained -partial support in version 1.3.0 of krb5 and full support in version 1.3.2. -However, deployments of krb5 using Kerberos databases created with older -versions of krb5 will not necessarily start using strong crypto for -ordinary operation without administrator intervention. - -MIT krb5 began flagging deprecated encryption types with release 1.17, -and removed DES (single-DES) support in release 1.18. As a -consequence, a release prior to 1.18 is required to perform these -migrations. - -Types of keys -------------- - -* The database master key: This key is not exposed to user requests, - but is used to encrypt other key material stored in the kerberos - database. The database master key is currently stored as ``K/M`` - by default. -* Password-derived keys: User principals frequently have keys - derived from a password. When a new password is set, the KDC - uses various string2key functions to generate keys in the database - for that principal. -* Keytab keys: Application server principals generally use random - keys which are not derived from a password. When the database - entry is created, the KDC generates random keys of various enctypes - to enter in the database, which are conveyed to the application server - and stored in a keytab. -* Session keys: These are short-term keys generated by the KDC while - processing client requests, with an enctype selected by the KDC. - -For details on the various enctypes and how enctypes are selected by the KDC -for session keys and client/server long-term keys, see :ref:`enctypes`. -When using the :ref:`kadmin(1)` interface to generate new long-term keys, -the **-e** argument can be used to force a particular set of enctypes, -overriding the KDC default values. - -.. note:: - - When the KDC is selecting a session key, it has no knowledge about the - kerberos installation on the server which will receive the service ticket, - only what keys are in the database for the service principal. - In order to allow uninterrupted operation to - clients while migrating away from DES, care must be taken to ensure that - kerberos installations on application server machines are configured to - support newer encryption types before keys of those new encryption types - are created in the Kerberos database for those server principals. - -Upgrade procedure ------------------ - -This procedure assumes that the KDC software has already been upgraded -to a modern version of krb5 that supports non-DES keys, so that the -only remaining task is to update the actual keys used to service requests. -The realm used for demonstrating this procedure, ZONE.MIT.EDU, -is an example of the worst-case scenario, where all keys in the realm -are DES. The realm was initially created with a very old version of krb5, -and **supported_enctypes** in :ref:`kdc.conf(5)` was set to a value -appropriate when the KDC was installed, but was not updated as the KDC -was upgraded: - -:: - - [realms] - ZONE.MIT.EDU = { - [...] - master_key_type = des-cbc-crc - supported_enctypes = des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3 - } - -This resulted in the keys for all principals in the realm being forced -to DES-only, unless specifically requested using :ref:`kadmin(1)`. - -Before starting the upgrade, all KDCs were running krb5 1.11, -and the database entries for some "high-value" principals were: - -:: - - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc krbtgt/ZONE.MIT.EDU' - [...] - Number of keys: 1 - Key: vno 1, des-cbc-crc:v4 - [...] - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc kadmin/admin' - [...] - Number of keys: 1 - Key: vno 15, des-cbc-crc - [...] - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc kadmin/changepw' - [...] - Number of keys: 1 - Key: vno 14, des-cbc-crc - [...] - -The ``krbtgt/REALM`` key appears to have never been changed since creation -(its kvno is 1), and all three database entries have only a des-cbc-crc key. - -The krbtgt key and KDC keys -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Perhaps the biggest single-step improvement in the security of the cell -is gained by strengthening the key of the ticket-granting service principal, -``krbtgt/REALM``---if this principal's key is compromised, so is the -entire realm. Since the server that will handle service tickets -for this principal is the KDC itself, it is easy to guarantee that it -will be configured to support any encryption types which might be -selected. However, the default KDC behavior when creating new keys is to -remove the old keys, which would invalidate all existing tickets issued -against that principal, rendering the TGTs cached by clients useless. -Instead, a new key can be created with the old key retained, so that -existing tickets will still function until their scheduled expiry -(see :ref:`changing_krbtgt_key`). - -:: - - [root@casio krb5kdc]# enctypes=aes256-cts-hmac-sha1-96:normal,\ - > aes128-cts-hmac-sha1-96:normal,des3-hmac-sha1:normal,des-cbc-crc:normal - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -e ${enctypes} -randkey \ - > -keepold krbtgt/ZONE.MIT.EDU" - Authenticating as principal root/admin@ZONE.MIT.EDU with password. - Key for "krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU" randomized. - -.. note:: - - The new ``krbtgt@REALM`` key should be propagated to replica KDCs - immediately so that TGTs issued by the primary KDC can be used to - issue service tickets on replica KDCs. Replica KDCs will refuse - requests using the new TGT kvno until the new krbtgt entry has - been propagated to them. - -It is necessary to explicitly specify the enctypes for the new database -entry, since **supported_enctypes** has not been changed. Leaving -**supported_enctypes** unchanged makes a potential rollback operation -easier, since all new keys of new enctypes are the result of explicit -administrator action and can be easily enumerated. -Upgrading the krbtgt key should have minimal user-visible disruption other -than that described in the note above, since only clients which list the -new enctypes as supported will use them, per the procedure -in :ref:`session_key_selection`. -Once the krbtgt key is updated, the session and ticket keys for user -TGTs will be strong keys, but subsequent requests -for service tickets will still get DES keys until the service principals -have new keys generated. Application service -remains uninterrupted due to the key-selection procedure on the KDC. - -After the change, the database entry is now: - -:: - - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc krbtgt/ZONE.MIT.EDU' - [...] - Number of keys: 5 - Key: vno 2, aes256-cts-hmac-sha1-96 - Key: vno 2, aes128-cts-hmac-sha1-96 - Key: vno 2, des3-cbc-sha1 - Key: vno 2, des-cbc-crc - Key: vno 1, des-cbc-crc:v4 - [...] - -Since the expected disruptions from rekeying the krbtgt principal are -minor, after a short testing period, it is -appropriate to rekey the other high-value principals, ``kadmin/admin@REALM`` -and ``kadmin/changepw@REALM``. These are the service principals used for -changing user passwords and updating application keytabs. The kadmin -and password-changing services are regular kerberized services, so the -session-key-selection algorithm described in :ref:`session_key_selection` -applies. It is particularly important to have strong session keys for -these services, since user passwords and new long-term keys are conveyed -over the encrypted channel. - -:: - - [root@casio krb5kdc]# enctypes=aes256-cts-hmac-sha1-96:normal,\ - > aes128-cts-hmac-sha1-96:normal,des3-hmac-sha1:normal - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -e ${enctypes} -randkey \ - > kadmin/admin" - Authenticating as principal root/admin@ZONE.MIT.EDU with password. - Key for "kadmin/admin@ZONE.MIT.EDU" randomized. - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -e ${enctypes} -randkey \ - > kadmin/changepw" - Authenticating as principal root/admin@ZONE.MIT.EDU with password. - Key for "kadmin/changepw@ZONE.MIT.EDU" randomized. - -It is not necessary to retain a single-DES key for these services, since -password changes are not part of normal daily workflow, and disruption -from a client failure is likely to be minimal. Furthermore, if a kerberos -client experiences failure changing a user password or keytab key, -this indicates that that client will become inoperative once services -are rekeyed to non-DES enctypes. Such problems can be detected early -at this stage, giving more time for corrective action. - -Adding strong keys to application servers -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Before switching the default enctypes for new keys over to strong enctypes, -it may be desired to test upgrading a handful of services with the -new configuration before flipping the switch for the defaults. This -still requires using the **-e** argument in :ref:`kadmin(1)` to get non-default -enctypes: - -:: - - [root@casio krb5kdc]# enctypes=aes256-cts-hmac-sha1-96:normal,\ - > aes128-cts-hmac-sha1-96:normal,des3-cbc-sha1:normal,des-cbc-crc:normal - [root@casio krb5kdc]# kadmin -r ZONE.MIT.EDU -p zephyr/zephyr@ZONE.MIT.EDU -k -t \ - > /etc/zephyr/krb5.keytab -q "ktadd -e ${enctypes} \ - > -k /etc/zephyr/krb5.keytab zephyr/zephyr@ZONE.MIT.EDU" - Authenticating as principal zephyr/zephyr@ZONE.MIT.EDU with keytab /etc/zephyr/krb5.keytab. - Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/zephyr/krb5.keytab. - Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/zephyr/krb5.keytab. - Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/zephyr/krb5.keytab. - Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type des-cbc-crc added to keytab WRFILE:/etc/zephyr/krb5.keytab. - -Be sure to remove the old keys from the application keytab, per best -practice. - -:: - - [root@casio krb5kdc]# k5srvutil -f /etc/zephyr/krb5.keytab delold - Authenticating as principal zephyr/zephyr@ZONE.MIT.EDU with keytab /etc/zephyr/krb5.keytab. - Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 3 removed from keytab WRFILE:/etc/zephyr/krb5.keytab. - -Adding strong keys by default -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Once the high-visibility services have been rekeyed, it is probably -appropriate to change :ref:`kdc.conf(5)` to generate keys with the new -encryption types by default. This enables server administrators to generate -new enctypes with the **change** subcommand of :ref:`k5srvutil(1)`, -and causes user password -changes to add new encryption types for their entries. It will probably -be necessary to implement administrative controls to cause all user -principal keys to be updated in a reasonable period of time, whether -by forcing password changes or a password synchronization service that -has access to the current password and can add the new keys. - -:: - - [realms] - ZONE.MIT.EDU = { - supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des3-hmac-sha1:normal des-cbc-crc:normal - -.. note:: - - The krb5kdc process must be restarted for these changes to take effect. - -At this point, all service administrators can update their services and the -servers behind them to take advantage of strong cryptography. -If necessary, the server's krb5 installation should be configured and/or -upgraded to a version supporting non-DES keys. See :ref:`enctypes` for -krb5 version and configuration settings. -Only when the service is configured to accept non-DES keys should -the key version number be incremented and new keys generated -(``k5srvutil change && k5srvutil delold``). - -:: - - root@dr-willy:~# k5srvutil change - Authenticating as principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with keytab /etc/krb5.keytab. - Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. - Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. - Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. - Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab. - root@dr-willy:~# klist -e -k -t /etc/krb5.keytab - Keytab name: WRFILE:/etc/krb5.keytab - KVNO Timestamp Principal - ---- ----------------- -------------------------------------------------------- - 2 10/10/12 17:03:59 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (DES cbc mode with CRC-32) - 3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (AES-256 CTS mode with 96-bit SHA-1 HMAC) - 3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (AES-128 CTS mode with 96-bit SHA-1 HMAC) - 3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (Triple DES cbc mode with HMAC/sha1) - 3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (DES cbc mode with CRC-32) - root@dr-willy:~# k5srvutil delold - Authenticating as principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with keytab /etc/krb5.keytab. - Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab. - -When a single service principal is shared by multiple backend servers in -a load-balanced environment, it may be necessary to schedule downtime -or adjust the population in the load-balanced pool in order to propagate -the updated keytab to all hosts in the pool with minimal service interruption. - -Removing DES keys from usage -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This situation remains something of a testing or transitory state, -as new DES keys are still being generated, and will be used if requested -by a client. To make more progress removing DES from the realm, the KDC -should be configured to not generate such keys by default. - -.. note:: - - An attacker posing as a client can implement a brute force attack against - a DES key for any principal, if that key is in the current (highest-kvno) - key list. This attack is only possible if **allow_weak_crypto = true** - is enabled on the KDC. Setting the **+requires_preauth** flag on a - principal forces this attack to be an online attack, much slower than - the offline attack otherwise available to the attacker. However, setting - this flag on a service principal is not always advisable; see the entry in - :ref:`add_principal` for details. - -The following KDC configuration will not generate DES keys by default: - -:: - - [realms] - ZONE.MIT.EDU = { - supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des3-hmac-sha1:normal - -.. note:: - - As before, the KDC process must be restarted for this change to take - effect. It is best practice to update kdc.conf on all KDCs, not just the - primary, to avoid unpleasant surprises should the primary fail and a - replica need to be promoted. - -It is now appropriate to remove the legacy single-DES key from the -``krbtgt/REALM`` entry: - -:: - - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -randkey -keepold \ - > krbtgt/ZONE.MIT.EDU" - Authenticating as principal host/admin@ATHENA.MIT.EDU with password. - Key for "krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU" randomized. - -After the maximum ticket lifetime has passed, the old database entry -should be removed. - -:: - - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'purgekeys krbtgt/ZONE.MIT.EDU' - Authenticating as principal root/admin@ZONE.MIT.EDU with password. - Old keys for principal "krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU" purged. - -After the KDC is restarted with the new **supported_enctypes**, -all user password changes and application keytab updates will not -generate DES keys by default. - -:: - - contents-vnder-pressvre:~> kpasswd zonetest@ZONE.MIT.EDU - Password for zonetest@ZONE.MIT.EDU: [enter old password] - Enter new password: [enter new password] - Enter it again: [enter new password] - Password changed. - contents-vnder-pressvre:~> kadmin -r ZONE.MIT.EDU -q 'getprinc zonetest' - [...] - Number of keys: 3 - Key: vno 9, aes256-cts-hmac-sha1-96 - Key: vno 9, aes128-cts-hmac-sha1-96 - Key: vno 9, des3-cbc-sha1 - [...] - - [kaduk@glossolalia ~]$ kadmin -p kaduk@ZONE.MIT.EDU -r ZONE.MIT.EDU -k \ - > -t kaduk-zone.keytab -q 'ktadd -k kaduk-zone.keytab kaduk@ZONE.MIT.EDU' - Authenticating as principal kaduk@ZONE.MIT.EDU with keytab kaduk-zone.keytab. - Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:kaduk-zone.keytab. - Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:kaduk-zone.keytab. - Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type des3-cbc-sha1 added to keytab WRFILE:kaduk-zone.keytab. - -Once all principals have been re-keyed, DES support can be disabled on the -KDC (**allow_weak_crypto = false**), and client machines can remove -**allow_weak_crypto = true** from their :ref:`krb5.conf(5)` configuration -files, completing the migration. **allow_weak_crypto** takes precedence over -all places where DES enctypes could be explicitly configured. DES keys will -not be used, even if they are present, when **allow_weak_crypto = false**. - -Support for legacy services -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -If there remain legacy services which do not support non-DES enctypes -(such as older versions of AFS), **allow_weak_crypto** must remain -enabled on the KDC. Client machines need not have this setting, -though---applications which require DES can use API calls to allow -weak crypto on a per-request basis, overriding the system krb5.conf. -However, having **allow_weak_crypto** set on the KDC means that any -principals which have a DES key in the database could still use those -keys. To minimize the use of DES in the realm and restrict it to just -legacy services which require DES, it is necessary to remove all other -DES keys. The realm has been configured such that at password and -keytab change, no DES keys will be generated by default. The task -then reduces to requiring user password changes and having server -administrators update their service keytabs. Administrative outreach -will be necessary, and if the desire to eliminate DES is sufficiently -strong, the KDC administrators may choose to randkey any principals -which have not been rekeyed after some timeout period, forcing the -user to contact the helpdesk for access. - -The Database Master Key ------------------------ - -This procedure does not alter ``K/M@REALM``, the key used to encrypt key -material in the Kerberos database. (This is the key stored in the stash file -on the KDC if stash files are used.) However, the security risk of -a single-DES key for ``K/M`` is minimal, given that access to material -encrypted in ``K/M`` (the Kerberos database) is generally tightly controlled. -If an attacker can gain access to the encrypted database, they likely -have access to the stash file as well, rendering the weak cryptography -broken by non-cryptographic means. As such, upgrading ``K/M`` to a stronger -encryption type is unlikely to be a high-priority task. - -Is is possible to upgrade the master key used for the database, if -desired. Using :ref:`kdb5_util(8)`'s **add_mkey**, **use_mkey**, and -**update_princ_encryption** commands, a new master key can be added -and activated for use on new key material, and the existing entries -converted to the new master key. diff --git a/krb5-1.21.3/doc/admin/appl_servers.rst b/krb5-1.21.3/doc/admin/appl_servers.rst deleted file mode 100644 index e9d16e87..00000000 --- a/krb5-1.21.3/doc/admin/appl_servers.rst +++ /dev/null @@ -1,171 +0,0 @@ -Application servers -=================== - -If you need to install the Kerberos V5 programs on an application -server, please refer to the Kerberos V5 Installation Guide. Once you -have installed the software, you need to add that host to the Kerberos -database (see :ref:`principals`), and generate a keytab for that host, -that contains the host's key. You also need to make sure the host's -clock is within your maximum clock skew of the KDCs. - - -Keytabs -------- - -A keytab is a host's copy of its own keylist, which is analogous to a -user's password. An application server that needs to authenticate -itself to the KDC has to have a keytab that contains its own principal -and key. Just as it is important for users to protect their -passwords, it is equally important for hosts to protect their keytabs. -You should always store keytab files on local disk, and make them -readable only by root, and you should never send a keytab file over a -network in the clear. Ideally, you should run the :ref:`kadmin(1)` -command to extract a keytab on the host on which the keytab is to -reside. - - -.. _add_princ_kt: - -Adding principals to keytabs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To generate a keytab, or to add a principal to an existing keytab, use -the **ktadd** command from kadmin. Here is a sample session, using -configuration files that enable only AES encryption:: - - kadmin: ktadd host/daffodil.mit.edu@ATHENA.MIT.EDU - Entry for principal host/daffodil.mit.edu with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab - Entry for principal host/daffodil.mit.edu with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab - - -Removing principals from keytabs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To remove a principal from an existing keytab, use the kadmin -**ktremove** command:: - - kadmin: ktremove host/daffodil.mit.edu@ATHENA.MIT.EDU - Entry for principal host/daffodil.mit.edu with kvno 2 removed from keytab FILE:/etc/krb5.keytab. - Entry for principal host/daffodil.mit.edu with kvno 2 removed from keytab FILE:/etc/krb5.keytab. - - -Using a keytab to acquire client credentials -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -While keytabs are ordinarily used to accept credentials from clients, -they can also be used to acquire initial credentials, allowing one -service to authenticate to another. - -To manually obtain credentials using a keytab, use the :ref:`kinit(1)` -**-k** option, together with the **-t** option if the keytab is not in -the default location. - -Beginning with release 1.11, GSSAPI applications can be configured to -automatically obtain initial credentials from a keytab as needed. The -recommended configuration is as follows: - -#. Create a keytab containing a single entry for the desired client - identity. - -#. Place the keytab in a location readable by the service, and set the - **KRB5_CLIENT_KTNAME** environment variable to its filename. - Alternatively, use the **default_client_keytab_name** profile - variable in :ref:`libdefaults`, or use the default location of - |ckeytab|. - -#. Set **KRB5CCNAME** to a filename writable by the service, which - will not be used for any other purpose. Do not manually obtain - credentials at this location. (Another credential cache type - besides **FILE** can be used if desired, as long the cache will not - conflict with another use. A **MEMORY** cache can be used if the - service runs as a long-lived process. See :ref:`ccache_definition` - for details.) - -#. Start the service. When it authenticates using GSSAPI, it will - automatically obtain credentials from the client keytab into the - specified credential cache, and refresh them before they expire. - - -Clock Skew ----------- - -A Kerberos application server host must keep its clock synchronized or -it will reject authentication requests from clients. Modern operating -systems typically provide a facility to maintain the correct time; -make sure it is enabled. This is especially important on virtual -machines, where clocks tend to drift more rapidly than normal machine -clocks. - -The default allowable clock skew is controlled by the **clockskew** -variable in :ref:`libdefaults`. - - -Getting DNS information correct -------------------------------- - -Several aspects of Kerberos rely on name service. When a hostname is -used to name a service, clients may canonicalize the hostname using -forward and possibly reverse name resolution. The result of this -canonicalization must match the principal entry in the host's keytab, -or authentication will fail. To work with all client canonicalization -configurations, each host's canonical name must be the fully-qualified -host name (including the domain), and each host's IP address must -reverse-resolve to the canonical name. - -Configuration of hostnames varies by operating system. On the -application server itself, canonicalization will typically use the -``/etc/hosts`` file rather than the DNS. Ensure that the line for the -server's hostname is in the following form:: - - IP address fully-qualified hostname aliases - -Here is a sample ``/etc/hosts`` file:: - - # this is a comment - 127.0.0.1 localhost localhost.mit.edu - 10.0.0.6 daffodil.mit.edu daffodil trillium wake-robin - -The output of ``klist -k`` for this example host should look like:: - - viola# klist -k - Keytab name: /etc/krb5.keytab - KVNO Principal - ---- ------------------------------------------------------------ - 2 host/daffodil.mit.edu@ATHENA.MIT.EDU - -If you were to ssh to this host with a fresh credentials cache (ticket -file), and then :ref:`klist(1)`, the output should list a service -principal of ``host/daffodil.mit.edu@ATHENA.MIT.EDU``. - - -.. _conf_firewall: - -Configuring your firewall to work with Kerberos V5 --------------------------------------------------- - -If you need off-site users to be able to get Kerberos tickets in your -realm, they must be able to get to your KDC. This requires either -that you have a replica KDC outside your firewall, or that you -configure your firewall to allow UDP requests into at least one of -your KDCs, on whichever port the KDC is running. (The default is port -88; other ports may be specified in the KDC's :ref:`kdc.conf(5)` -file.) Similarly, if you need off-site users to be able to change -their passwords in your realm, they must be able to get to your -Kerberos admin server on the kpasswd port (which defaults to 464). If -you need off-site users to be able to administer your Kerberos realm, -they must be able to get to your Kerberos admin server on the -administrative port (which defaults to 749). - -If your on-site users inside your firewall will need to get to KDCs in -other realms, you will also need to configure your firewall to allow -outgoing TCP and UDP requests to port 88, and to port 464 to allow -password changes. If your on-site users inside your firewall will -need to get to Kerberos admin servers in other realms, you will also -need to allow outgoing TCP and UDP requests to port 749. - -If any of your KDCs are outside your firewall, you will need to allow -kprop requests to get through to the remote KDC. :ref:`kprop(8)` uses -the ``krb5_prop`` service on port 754 (tcp). - -The book *UNIX System Security*, by David Curry, is a good starting -point for learning to configure firewalls. diff --git a/krb5-1.21.3/doc/admin/auth_indicator.rst b/krb5-1.21.3/doc/admin/auth_indicator.rst deleted file mode 100644 index b13905e9..00000000 --- a/krb5-1.21.3/doc/admin/auth_indicator.rst +++ /dev/null @@ -1,57 +0,0 @@ -.. _auth_indicator: - -Authentication indicators -========================= - -As of release 1.14, the KDC can be configured to annotate tickets if -the client authenticated using a stronger preauthentication mechanism -such as :ref:`PKINIT ` or :ref:`OTP `. These -annotations are called "authentication indicators." Service -principals can be configured to require particular authentication -indicators in order to authenticate to that service. An -authentication indicator value can be any string chosen by the KDC -administrator; there are no pre-set values. - -To use authentication indicators with PKINIT or OTP, first configure -the KDC to include an indicator when that preauthentication mechanism -is used. For PKINIT, use the **pkinit_indicator** variable in -:ref:`kdc.conf(5)`. For OTP, use the **indicator** variable in the -token type definition, or specify the indicators in the **otp** user -string as described in :ref:`otp_preauth`. - -To require an indicator to be present in order to authenticate to a -service principal, set the **require_auth** string attribute on the -principal to the indicator value to be required. If you wish to allow -one of several indicators to be accepted, you can specify multiple -indicator values separated by spaces. - -For example, a realm could be configured to set the authentication -indicator value "strong" when PKINIT is used to authenticate, using a -setting in the :ref:`kdc_realms` subsection:: - - pkinit_indicator = strong - -A service principal could be configured to require the "strong" -authentication indicator value:: - - $ kadmin setstr host/high.value.server require_auth strong - Password for user/admin@KRBTEST.COM: - -A user who authenticates with PKINIT would be able to obtain a ticket -for the service principal:: - - $ kinit -X X509_user_identity=FILE:/my/cert.pem,/my/key.pem user - $ kvno host/high.value.server - host/high.value.server@KRBTEST.COM: kvno = 1 - -but a user who authenticates with a password would not:: - - $ kinit user - Password for user@KRBTEST.COM: - $ kvno host/high.value.server - kvno: KDC policy rejects request while getting credentials for - host/high.value.server@KRBTEST.COM - -GSSAPI server applications can inspect authentication indicators -through the :ref:`auth-indicators ` name -attribute. diff --git a/krb5-1.21.3/doc/admin/backup_host.rst b/krb5-1.21.3/doc/admin/backup_host.rst deleted file mode 100644 index 8914551c..00000000 --- a/krb5-1.21.3/doc/admin/backup_host.rst +++ /dev/null @@ -1,34 +0,0 @@ -Backups of secure hosts -======================= - -When you back up a secure host, you should exclude the host's keytab -file from the backup. If someone obtained a copy of the keytab from a -backup, that person could make any host masquerade as the host whose -keytab was compromised. In many configurations, knowledge of the -host's keytab also allows root access to the host. This could be -particularly dangerous if the compromised keytab was from one of your -KDCs. If the machine has a disk crash and the keytab file is lost, it -is easy to generate another keytab file. (See :ref:`add_princ_kt`.) -If you are unable to exclude particular files from backups, you should -ensure that the backups are kept as secure as the host's root -password. - - -Backing up the Kerberos database --------------------------------- - -As with any file, it is possible that your Kerberos database could -become corrupted. If this happens on one of the replica KDCs, you -might never notice, since the next automatic propagation of the -database would install a fresh copy. However, if it happens to the -primary KDC, the corrupted database would be propagated to all of the -replicas during the next propagation. For this reason, MIT recommends -that you back up your Kerberos database regularly. Because the primary -KDC is continuously dumping the database to a file in order to -propagate it to the replica KDCs, it is a simple matter to have a cron -job periodically copy the dump file to a secure machine elsewhere on -your network. (Of course, it is important to make the host where -these backups are stored as secure as your KDCs, and to encrypt its -transmission across your network.) Then if your database becomes -corrupted, you can load the most recent dump onto the primary KDC. -(See :ref:`restore_from_dump`.) diff --git a/krb5-1.21.3/doc/admin/conf_files/index.rst b/krb5-1.21.3/doc/admin/conf_files/index.rst deleted file mode 100644 index a04836ac..00000000 --- a/krb5-1.21.3/doc/admin/conf_files/index.rst +++ /dev/null @@ -1,20 +0,0 @@ -Configuration Files -=================== - -Kerberos uses configuration files to allow administrators to specify -settings on a per-machine basis. :ref:`krb5.conf(5)` applies to all -applications using the Kerboros library, on clients and servers. -For KDC-specific applications, additional settings can be specified in -:ref:`kdc.conf(5)`; the two files are merged into a configuration profile -used by applications accessing the KDC database directly. :ref:`kadm5.acl(5)` -is also only used on the KDC, it controls permissions for modifying the -KDC database. - -Contents --------- -.. toctree:: - :maxdepth: 1 - - krb5_conf - kdc_conf - kadm5_acl diff --git a/krb5-1.21.3/doc/admin/conf_files/kadm5_acl.rst b/krb5-1.21.3/doc/admin/conf_files/kadm5_acl.rst deleted file mode 100644 index 290bf0e0..00000000 --- a/krb5-1.21.3/doc/admin/conf_files/kadm5_acl.rst +++ /dev/null @@ -1,163 +0,0 @@ -.. _kadm5.acl(5): - -kadm5.acl -========= - -DESCRIPTION ------------ - -The Kerberos :ref:`kadmind(8)` daemon uses an Access Control List -(ACL) file to manage access rights to the Kerberos database. -For operations that affect principals, the ACL file also controls -which principals can operate on which other principals. - -The default location of the Kerberos ACL file is -|kdcdir|\ ``/kadm5.acl`` unless this is overridden by the *acl_file* -variable in :ref:`kdc.conf(5)`. - -SYNTAX ------- - -Empty lines and lines starting with the sharp sign (``#``) are -ignored. Lines containing ACL entries have the format:: - - principal permissions [target_principal [restrictions] ] - -.. note:: - - Line order in the ACL file is important. The first matching entry - will control access for an actor principal on a target principal. - -*principal* - (Partially or fully qualified Kerberos principal name.) Specifies - the principal whose permissions are to be set. - - Each component of the name may be wildcarded using the ``*`` - character. - -*permissions* - Specifies what operations may or may not be performed by a - *principal* matching a particular entry. This is a string of one or - more of the following list of characters or their upper-case - counterparts. If the character is *upper-case*, then the operation - is disallowed. If the character is *lower-case*, then the operation - is permitted. - - == ====================================================== - a [Dis]allows the addition of principals or policies - c [Dis]allows the changing of passwords for principals - d [Dis]allows the deletion of principals or policies - e [Dis]allows the extraction of principal keys - i [Dis]allows inquiries about principals or policies - l [Dis]allows the listing of all principals or policies - m [Dis]allows the modification of principals or policies - p [Dis]allows the propagation of the principal database (used in :ref:`incr_db_prop`) - s [Dis]allows the explicit setting of the key for a principal - x Short for admcilsp. All privileges (except ``e``) - \* Same as x. - == ====================================================== - -.. note:: - - The ``extract`` privilege is not included in the wildcard - privilege; it must be explicitly assigned. This privilege - allows the user to extract keys from the database, and must be - handled with great care to avoid disclosure of important keys - like those of the kadmin/* or krbtgt/* principals. The - **lockdown_keys** principal attribute can be used to prevent - key extraction from specific principals regardless of the - granted privilege. - -*target_principal* - (Optional. Partially or fully qualified Kerberos principal name.) - Specifies the principal on which *permissions* may be applied. - Each component of the name may be wildcarded using the ``*`` - character. - - *target_principal* can also include back-references to *principal*, - in which ``*number`` matches the corresponding wildcard in - *principal*. - -*restrictions* - (Optional) A string of flags. Allowed restrictions are: - - {+\|-}\ *flagname* - flag is forced to the indicated value. The permissible flags - are the same as those for the **default_principal_flags** - variable in :ref:`kdc.conf(5)`. - - *-clearpolicy* - policy is forced to be empty. - - *-policy pol* - policy is forced to be *pol*. - - -{*expire, pwexpire, maxlife, maxrenewlife*} *time* - (:ref:`getdate` string) associated value will be forced to - MIN(*time*, requested value). - - The above flags act as restrictions on any add or modify operation - which is allowed due to that ACL line. - -.. warning:: - - If the kadmind ACL file is modified, the kadmind daemon needs to be - restarted for changes to take effect. - -EXAMPLE -------- - -Here is an example of a kadm5.acl file:: - - */admin@ATHENA.MIT.EDU * # line 1 - joeadmin@ATHENA.MIT.EDU ADMCIL # line 2 - joeadmin/*@ATHENA.MIT.EDU i */root@ATHENA.MIT.EDU # line 3 - */root@ATHENA.MIT.EDU ci *1@ATHENA.MIT.EDU # line 4 - */root@ATHENA.MIT.EDU l * # line 5 - sms@ATHENA.MIT.EDU x * -maxlife 9h -postdateable # line 6 - -(line 1) Any principal in the ``ATHENA.MIT.EDU`` realm with an -``admin`` instance has all administrative privileges except extracting -keys. - -(lines 1-3) The user ``joeadmin`` has all permissions except -extracting keys with his ``admin`` instance, -``joeadmin/admin@ATHENA.MIT.EDU`` (matches line 1). He has no -permissions at all with his null instance, ``joeadmin@ATHENA.MIT.EDU`` -(matches line 2). His ``root`` and other non-``admin``, non-null -instances (e.g., ``extra`` or ``dbadmin``) have inquire permissions -with any principal that has the instance ``root`` (matches line 3). - -(line 4) Any ``root`` principal in ``ATHENA.MIT.EDU`` can inquire -or change the password of their null instance, but not any other -null instance. (Here, ``*1`` denotes a back-reference to the -component matching the first wildcard in the actor principal.) - -(line 5) Any ``root`` principal in ``ATHENA.MIT.EDU`` can generate -the list of principals in the database, and the list of policies -in the database. This line is separate from line 4, because list -permission can only be granted globally, not to specific target -principals. - -(line 6) Finally, the Service Management System principal -``sms@ATHENA.MIT.EDU`` has all permissions except extracting keys, but -any principal that it creates or modifies will not be able to get -postdateable tickets or tickets with a life of longer than 9 hours. - -MODULE BEHAVIOR ---------------- - -The ACL file can coexist with other authorization modules in release -1.16 and later, as configured in the :ref:`kadm5_auth` section of -:ref:`krb5.conf(5)`. The ACL file will positively authorize -operations according to the rules above, but will never -authoritatively deny an operation, so other modules can authorize -operations in addition to those authorized by the ACL file. - -To operate without an ACL file, set the *acl_file* variable in -:ref:`kdc.conf(5)` to the empty string with ``acl_file = ""``. - -SEE ALSO --------- - -:ref:`kdc.conf(5)`, :ref:`kadmind(8)` diff --git a/krb5-1.21.3/doc/admin/conf_files/kdc_conf.rst b/krb5-1.21.3/doc/admin/conf_files/kdc_conf.rst deleted file mode 100644 index 74a0a2ac..00000000 --- a/krb5-1.21.3/doc/admin/conf_files/kdc_conf.rst +++ /dev/null @@ -1,976 +0,0 @@ -.. _kdc.conf(5): - -kdc.conf -======== - -The kdc.conf file supplements :ref:`krb5.conf(5)` for programs which -are typically only used on a KDC, such as the :ref:`krb5kdc(8)` and -:ref:`kadmind(8)` daemons and the :ref:`kdb5_util(8)` program. -Relations documented here may also be specified in krb5.conf; for the -KDC programs mentioned, krb5.conf and kdc.conf will be merged into a -single configuration profile. - -Normally, the kdc.conf file is found in the KDC state directory, -|kdcdir|. You can override the default location by setting the -environment variable **KRB5_KDC_PROFILE**. - -Please note that you need to restart the KDC daemon for any configuration -changes to take effect. - -Structure ---------- - -The kdc.conf file is set up in the same format as the -:ref:`krb5.conf(5)` file. - - -Sections --------- - -The kdc.conf file may contain the following sections: - -==================== ================================================= -:ref:`kdcdefaults` Default values for KDC behavior -:ref:`kdc_realms` Realm-specific database configuration and settings -:ref:`dbdefaults` Default database settings -:ref:`dbmodules` Per-database settings -:ref:`logging` Controls how Kerberos daemons perform logging -==================== ================================================= - - -.. _kdcdefaults: - -[kdcdefaults] -~~~~~~~~~~~~~ - -Some relations in the [kdcdefaults] section specify default values for -realm variables, to be used if the [realms] subsection does not -contain a relation for the tag. See the :ref:`kdc_realms` section for -the definitions of these relations. - -* **host_based_services** -* **kdc_listen** -* **kdc_ports** -* **kdc_tcp_listen** -* **kdc_tcp_ports** -* **no_host_referral** -* **restrict_anonymous_to_tgt** - -The following [kdcdefaults] variables have no per-realm equivalent: - -**kdc_max_dgram_reply_size** - Specifies the maximum packet size that can be sent over UDP. The - default value is 4096 bytes. - -**kdc_tcp_listen_backlog** - (Integer.) Set the size of the listen queue length for the KDC - daemon. The value may be limited by OS settings. The default - value is 5. - -**spake_preauth_kdc_challenge** - (String.) Specifies the group for a SPAKE optimistic challenge. - See the **spake_preauth_groups** variable in :ref:`libdefaults` - for possible values. The default is not to issue an optimistic - challenge. (New in release 1.17.) - - -.. _kdc_realms: - -[realms] -~~~~~~~~ - -Each tag in the [realms] section is the name of a Kerberos realm. The -value of the tag is a subsection where the relations define KDC -parameters for that particular realm. The following example shows how -to define one parameter for the ATHENA.MIT.EDU realm:: - - [realms] - ATHENA.MIT.EDU = { - max_renewable_life = 7d 0h 0m 0s - } - -The following tags may be specified in a [realms] subsection: - -**acl_file** - (String.) Location of the access control list file that - :ref:`kadmind(8)` uses to determine which principals are allowed - which permissions on the Kerberos database. To operate without an - ACL file, set this relation to the empty string with ``acl_file = - ""``. The default value is |kdcdir|\ ``/kadm5.acl``. For more - information on Kerberos ACL file see :ref:`kadm5.acl(5)`. - -**database_module** - (String.) This relation indicates the name of the configuration - section under :ref:`dbmodules` for database-specific parameters - used by the loadable database library. The default value is the - realm name. If this configuration section does not exist, default - values will be used for all database parameters. - -**database_name** - (String, deprecated.) This relation specifies the location of the - Kerberos database for this realm, if the DB2 module is being used - and the :ref:`dbmodules` configuration section does not specify a - database name. The default value is |kdcdir|\ ``/principal``. - -**default_principal_expiration** - (:ref:`abstime` string.) Specifies the default expiration date of - principals created in this realm. The default value is 0, which - means no expiration date. - -**default_principal_flags** - (Flag string.) Specifies the default attributes of principals - created in this realm. The format for this string is a - comma-separated list of flags, with '+' before each flag that - should be enabled and '-' before each flag that should be - disabled. The **postdateable**, **forwardable**, **tgt-based**, - **renewable**, **proxiable**, **dup-skey**, **allow-tickets**, and - **service** flags default to enabled. - - There are a number of possible flags: - - **allow-tickets** - Enabling this flag means that the KDC will issue tickets for - this principal. Disabling this flag essentially deactivates - the principal within this realm. - - **dup-skey** - Enabling this flag allows the KDC to issue user-to-user - service tickets for this principal. - - **forwardable** - Enabling this flag allows the principal to obtain forwardable - tickets. - - **hwauth** - If this flag is enabled, then the principal is required to - preauthenticate using a hardware device before receiving any - tickets. - - **no-auth-data-required** - Enabling this flag prevents PAC or AD-SIGNEDPATH data from - being added to service tickets for the principal. - - **ok-as-delegate** - If this flag is enabled, it hints the client that credentials - can and should be delegated when authenticating to the - service. - - **ok-to-auth-as-delegate** - Enabling this flag allows the principal to use S4USelf tickets. - - **postdateable** - Enabling this flag allows the principal to obtain postdateable - tickets. - - **preauth** - If this flag is enabled on a client principal, then that - principal is required to preauthenticate to the KDC before - receiving any tickets. On a service principal, enabling this - flag means that service tickets for this principal will only - be issued to clients with a TGT that has the preauthenticated - bit set. - - **proxiable** - Enabling this flag allows the principal to obtain proxy - tickets. - - **pwchange** - Enabling this flag forces a password change for this - principal. - - **pwservice** - If this flag is enabled, it marks this principal as a password - change service. This should only be used in special cases, - for example, if a user's password has expired, then the user - has to get tickets for that principal without going through - the normal password authentication in order to be able to - change the password. - - **renewable** - Enabling this flag allows the principal to obtain renewable - tickets. - - **service** - Enabling this flag allows the the KDC to issue service tickets - for this principal. In release 1.17 and later, user-to-user - service tickets are still allowed if the **dup-skey** flag is - set. - - **tgt-based** - Enabling this flag allows a principal to obtain tickets based - on a ticket-granting-ticket, rather than repeating the - authentication process that was used to obtain the TGT. - -**dict_file** - (String.) Location of the dictionary file containing strings that - are not allowed as passwords. The file should contain one string - per line, with no additional whitespace. If none is specified or - if there is no policy assigned to the principal, no dictionary - checks of passwords will be performed. - -**disable_pac** - (Boolean value.) If true, the KDC will not issue PACs for this - realm, and S4U2Self and S4U2Proxy operations will be disabled. - The default is false, which will permit the KDC to issue PACs. - New in release 1.20. - -**encrypted_challenge_indicator** - (String.) Specifies the authentication indicator value that the KDC - asserts into tickets obtained using FAST encrypted challenge - pre-authentication. New in 1.16. - -**host_based_services** - (Whitespace- or comma-separated list.) Lists services which will - get host-based referral processing even if the server principal is - not marked as host-based by the client. - -**iprop_enable** - (Boolean value.) Specifies whether incremental database - propagation is enabled. The default value is false. - -**iprop_ulogsize** - (Integer.) Specifies the maximum number of log entries to be - retained for incremental propagation. The default value is 1000. - Prior to release 1.11, the maximum value was 2500. New in release - 1.19. - -**iprop_master_ulogsize** - The name for **iprop_ulogsize** prior to release 1.19. Its value is - used as a fallback if **iprop_ulogsize** is not specified. - -**iprop_replica_poll** - (Delta time string.) Specifies how often the replica KDC polls - for new updates from the primary. The default value is ``2m`` - (that is, two minutes). New in release 1.17. - -**iprop_slave_poll** - (Delta time string.) The name for **iprop_replica_poll** prior to - release 1.17. Its value is used as a fallback if - **iprop_replica_poll** is not specified. - -**iprop_listen** - (Whitespace- or comma-separated list.) Specifies the iprop RPC - listening addresses and/or ports for the :ref:`kadmind(8)` daemon. - Each entry may be an interface address, a port number, or an - address and port number separated by a colon. If the address - contains colons, enclose it in square brackets. If no address is - specified, the wildcard address is used. If kadmind fails to bind - to any of the specified addresses, it will fail to start. The - default (when **iprop_enable** is true) is to bind to the wildcard - address at the port specified in **iprop_port**. New in release - 1.15. - -**iprop_port** - (Port number.) Specifies the port number to be used for - incremental propagation. When **iprop_enable** is true, this - relation is required in the replica KDC configuration file, and - this relation or **iprop_listen** is required in the primary - configuration file, as there is no default port number. Port - numbers specified in **iprop_listen** entries will override this - port number for the :ref:`kadmind(8)` daemon. - -**iprop_resync_timeout** - (Delta time string.) Specifies the amount of time to wait for a - full propagation to complete. This is optional in configuration - files, and is used by replica KDCs only. The default value is 5 - minutes (``5m``). New in release 1.11. - -**iprop_logfile** - (File name.) Specifies where the update log file for the realm - database is to be stored. The default is to use the - **database_name** entry from the realms section of the krb5 config - file, with ``.ulog`` appended. (NOTE: If **database_name** isn't - specified in the realms section, perhaps because the LDAP database - back end is being used, or the file name is specified in the - [dbmodules] section, then the hard-coded default for - **database_name** is used. Determination of the **iprop_logfile** - default value will not use values from the [dbmodules] section.) - -**kadmind_listen** - (Whitespace- or comma-separated list.) Specifies the kadmin RPC - listening addresses and/or ports for the :ref:`kadmind(8)` daemon. - Each entry may be an interface address, a port number, or an - address and port number separated by a colon. If the address - contains colons, enclose it in square brackets. If no address is - specified, the wildcard address is used. If kadmind fails to bind - to any of the specified addresses, it will fail to start. The - default is to bind to the wildcard address at the port specified - in **kadmind_port**, or the standard kadmin port (749). New in - release 1.15. - -**kadmind_port** - (Port number.) Specifies the port on which the :ref:`kadmind(8)` - daemon is to listen for this realm. Port numbers specified in - **kadmind_listen** entries will override this port number. The - assigned port for kadmind is 749, which is used by default. - -**key_stash_file** - (String.) Specifies the location where the master key has been - stored (via kdb5_util stash). The default is |kdcdir|\ - ``/.k5.REALM``, where *REALM* is the Kerberos realm. - -**kdc_listen** - (Whitespace- or comma-separated list.) Specifies the UDP - listening addresses and/or ports for the :ref:`krb5kdc(8)` daemon. - Each entry may be an interface address, a port number, or an - address and port number separated by a colon. If the address - contains colons, enclose it in square brackets. If no address is - specified, the wildcard address is used. If no port is specified, - the standard port (88) is used. If the KDC daemon fails to bind - to any of the specified addresses, it will fail to start. The - default is to bind to the wildcard address on the standard port. - New in release 1.15. - -**kdc_ports** - (Whitespace- or comma-separated list, deprecated.) Prior to - release 1.15, this relation lists the ports for the - :ref:`krb5kdc(8)` daemon to listen on for UDP requests. In - release 1.15 and later, it has the same meaning as **kdc_listen** - if that relation is not defined. - -**kdc_tcp_listen** - (Whitespace- or comma-separated list.) Specifies the TCP - listening addresses and/or ports for the :ref:`krb5kdc(8)` daemon. - Each entry may be an interface address, a port number, or an - address and port number separated by a colon. If the address - contains colons, enclose it in square brackets. If no address is - specified, the wildcard address is used. If no port is specified, - the standard port (88) is used. To disable listening on TCP, set - this relation to the empty string with ``kdc_tcp_listen = ""``. - If the KDC daemon fails to bind to any of the specified addresses, - it will fail to start. The default is to bind to the wildcard - address on the standard port. New in release 1.15. - -**kdc_tcp_ports** - (Whitespace- or comma-separated list, deprecated.) Prior to - release 1.15, this relation lists the ports for the - :ref:`krb5kdc(8)` daemon to listen on for UDP requests. In - release 1.15 and later, it has the same meaning as - **kdc_tcp_listen** if that relation is not defined. - -**kpasswd_listen** - (Comma-separated list.) Specifies the kpasswd listening addresses - and/or ports for the :ref:`kadmind(8)` daemon. Each entry may be - an interface address, a port number, or an address and port number - separated by a colon. If the address contains colons, enclose it - in square brackets. If no address is specified, the wildcard - address is used. If kadmind fails to bind to any of the specified - addresses, it will fail to start. The default is to bind to the - wildcard address at the port specified in **kpasswd_port**, or the - standard kpasswd port (464). New in release 1.15. - -**kpasswd_port** - (Port number.) Specifies the port on which the :ref:`kadmind(8)` - daemon is to listen for password change requests for this realm. - Port numbers specified in **kpasswd_listen** entries will override - this port number. The assigned port for password change requests - is 464, which is used by default. - -**master_key_name** - (String.) Specifies the name of the principal associated with the - master key. The default is ``K/M``. - -**master_key_type** - (Key type string.) Specifies the master key's key type. The - default value for this is |defmkey|. For a list of all possible - values, see :ref:`Encryption_types`. - -**max_life** - (:ref:`duration` string.) Specifies the maximum time period for - which a ticket may be valid in this realm. The default value is - 24 hours. - -**max_renewable_life** - (:ref:`duration` string.) Specifies the maximum time period - during which a valid ticket may be renewed in this realm. - The default value is 0. - -**no_host_referral** - (Whitespace- or comma-separated list.) Lists services to block - from getting host-based referral processing, even if the client - marks the server principal as host-based or the service is also - listed in **host_based_services**. ``no_host_referral = *`` will - disable referral processing altogether. - -**reject_bad_transit** - (Boolean value.) If set to true, the KDC will check the list of - transited realms for cross-realm tickets against the transit path - computed from the realm names and the capaths section of its - :ref:`krb5.conf(5)` file; if the path in the ticket to be issued - contains any realms not in the computed path, the ticket will not - be issued, and an error will be returned to the client instead. - If this value is set to false, such tickets will be issued - anyways, and it will be left up to the application server to - validate the realm transit path. - - If the disable-transited-check flag is set in the incoming - request, this check is not performed at all. Having the - **reject_bad_transit** option will cause such ticket requests to - be rejected always. - - This transit path checking and config file option currently apply - only to TGS requests. - - The default value is true. - -**restrict_anonymous_to_tgt** - (Boolean value.) If set to true, the KDC will reject ticket - requests from anonymous principals to service principals other - than the realm's ticket-granting service. This option allows - anonymous PKINIT to be enabled for use as FAST armor tickets - without allowing anonymous authentication to services. The - default value is false. New in release 1.9. - -**spake_preauth_indicator** - (String.) Specifies an authentication indicator value that the - KDC asserts into tickets obtained using SPAKE pre-authentication. - The default is not to add any indicators. This option may be - specified multiple times. New in release 1.17. - -**supported_enctypes** - (List of *key*:*salt* strings.) Specifies the default key/salt - combinations of principals for this realm. Any principals created - through :ref:`kadmin(1)` will have keys of these types. The - default value for this tag is |defkeysalts|. For lists of - possible values, see :ref:`Keysalt_lists`. - - -.. _dbdefaults: - -[dbdefaults] -~~~~~~~~~~~~ - -The [dbdefaults] section specifies default values for some database -parameters, to be used if the [dbmodules] subsection does not contain -a relation for the tag. See the :ref:`dbmodules` section for the -definitions of these relations. - -* **ldap_kerberos_container_dn** -* **ldap_kdc_dn** -* **ldap_kdc_sasl_authcid** -* **ldap_kdc_sasl_authzid** -* **ldap_kdc_sasl_mech** -* **ldap_kdc_sasl_realm** -* **ldap_kadmind_dn** -* **ldap_kadmind_sasl_authcid** -* **ldap_kadmind_sasl_authzid** -* **ldap_kadmind_sasl_mech** -* **ldap_kadmind_sasl_realm** -* **ldap_service_password_file** -* **ldap_conns_per_server** - - -.. _dbmodules: - -[dbmodules] -~~~~~~~~~~~ - -The [dbmodules] section contains parameters used by the KDC database -library and database modules. Each tag in the [dbmodules] section is -the name of a Kerberos realm or a section name specified by a realm's -**database_module** parameter. The following example shows how to -define one database parameter for the ATHENA.MIT.EDU realm:: - - [dbmodules] - ATHENA.MIT.EDU = { - disable_last_success = true - } - -The following tags may be specified in a [dbmodules] subsection: - -**database_name** - This DB2-specific tag indicates the location of the database in - the filesystem. The default is |kdcdir|\ ``/principal``. - -**db_library** - This tag indicates the name of the loadable database module. The - value should be ``db2`` for the DB2 module, ``klmdb`` for the LMDB - module, or ``kldap`` for the LDAP module. - -**disable_last_success** - If set to ``true``, suppresses KDC updates to the "Last successful - authentication" field of principal entries requiring - preauthentication. Setting this flag may improve performance. - (Principal entries which do not require preauthentication never - update the "Last successful authentication" field.). First - introduced in release 1.9. - -**disable_lockout** - If set to ``true``, suppresses KDC updates to the "Last failed - authentication" and "Failed password attempts" fields of principal - entries requiring preauthentication. Setting this flag may - improve performance, but also disables account lockout. First - introduced in release 1.9. - -**ldap_conns_per_server** - This LDAP-specific tag indicates the number of connections to be - maintained per LDAP server. - -**ldap_kdc_dn** and **ldap_kadmind_dn** - These LDAP-specific tags indicate the default DN for binding to - the LDAP server. The :ref:`krb5kdc(8)` daemon uses - **ldap_kdc_dn**, while the :ref:`kadmind(8)` daemon and other - administrative programs use **ldap_kadmind_dn**. The kadmind DN - must have the rights to read and write the Kerberos data in the - LDAP database. The KDC DN must have the same rights, unless - **disable_lockout** and **disable_last_success** are true, in - which case it only needs to have rights to read the Kerberos data. - These tags are ignored if a SASL mechanism is set with - **ldap_kdc_sasl_mech** or **ldap_kadmind_sasl_mech**. - -**ldap_kdc_sasl_mech** and **ldap_kadmind_sasl_mech** - These LDAP-specific tags specify the SASL mechanism (such as - ``EXTERNAL``) to use when binding to the LDAP server. New in - release 1.13. - -**ldap_kdc_sasl_authcid** and **ldap_kadmind_sasl_authcid** - These LDAP-specific tags specify the SASL authentication identity - to use when binding to the LDAP server. Not all SASL mechanisms - require an authentication identity. If the SASL mechanism - requires a secret (such as the password for ``DIGEST-MD5``), these - tags also determine the name within the - **ldap_service_password_file** where the secret is stashed. New - in release 1.13. - -**ldap_kdc_sasl_authzid** and **ldap_kadmind_sasl_authzid** - These LDAP-specific tags specify the SASL authorization identity - to use when binding to the LDAP server. In most circumstances - they do not need to be specified. New in release 1.13. - -**ldap_kdc_sasl_realm** and **ldap_kadmind_sasl_realm** - These LDAP-specific tags specify the SASL realm to use when - binding to the LDAP server. In most circumstances they do not - need to be set. New in release 1.13. - -**ldap_kerberos_container_dn** - This LDAP-specific tag indicates the DN of the container object - where the realm objects will be located. - -**ldap_servers** - This LDAP-specific tag indicates the list of LDAP servers that the - Kerberos servers can connect to. The list of LDAP servers is - whitespace-separated. The LDAP server is specified by a LDAP URI. - It is recommended to use ``ldapi:`` or ``ldaps:`` URLs to connect - to the LDAP server. - -**ldap_service_password_file** - This LDAP-specific tag indicates the file containing the stashed - passwords (created by ``kdb5_ldap_util stashsrvpw``) for the - **ldap_kdc_dn** and **ldap_kadmind_dn** objects, or for the - **ldap_kdc_sasl_authcid** or **ldap_kadmind_sasl_authcid** names - for SASL authentication. This file must be kept secure. - -**mapsize** - This LMDB-specific tag indicates the maximum size of the two - database environments in megabytes. The default value is 128. - Increase this value to address "Environment mapsize limit reached" - errors. New in release 1.17. - -**max_readers** - This LMDB-specific tag indicates the maximum number of concurrent - reading processes for the databases. The default value is 128. - New in release 1.17. - -**nosync** - This LMDB-specific tag can be set to improve the throughput of - kadmind and other administrative agents, at the expense of - durability (recent database changes may not survive a power outage - or other sudden reboot). It does not affect the throughput of the - KDC. The default value is false. New in release 1.17. - -**unlockiter** - If set to ``true``, this DB2-specific tag causes iteration - operations to release the database lock while processing each - principal. Setting this flag to ``true`` can prevent extended - blocking of KDC or kadmin operations when dumps of large databases - are in progress. First introduced in release 1.13. - -The following tag may be specified directly in the [dbmodules] -section to control where database modules are loaded from: - -**db_module_dir** - This tag controls where the plugin system looks for database - modules. The value should be an absolute path. - -.. _logging: - -[logging] -~~~~~~~~~ - -The [logging] section indicates how :ref:`krb5kdc(8)` and -:ref:`kadmind(8)` perform logging. It may contain the following -relations: - -**admin_server** - Specifies how :ref:`kadmind(8)` performs logging. - -**kdc** - Specifies how :ref:`krb5kdc(8)` performs logging. - -**default** - Specifies how either daemon performs logging in the absence of - relations specific to the daemon. - -**debug** - (Boolean value.) Specifies whether debugging messages are - included in log outputs other than SYSLOG. Debugging messages are - always included in the system log output because syslog performs - its own priority filtering. The default value is false. New in - release 1.15. - -Logging specifications may have the following forms: - -**FILE=**\ *filename* or **FILE:**\ *filename* - This value causes the daemon's logging messages to go to the - *filename*. If the ``=`` form is used, the file is overwritten. - If the ``:`` form is used, the file is appended to. - -**STDERR** - This value causes the daemon's logging messages to go to its - standard error stream. - -**CONSOLE** - This value causes the daemon's logging messages to go to the - console, if the system supports it. - -**DEVICE=**\ ** - This causes the daemon's logging messages to go to the specified - device. - -**SYSLOG**\ [\ **:**\ *severity*\ [\ **:**\ *facility*\ ]] - This causes the daemon's logging messages to go to the system log. - - For backward compatibility, a severity argument may be specified, - and must be specified in order to specify a facility. This - argument will be ignored. - - The facility argument specifies the facility under which the - messages are logged. This may be any of the following facilities - supported by the syslog(3) call minus the LOG\_ prefix: **KERN**, - **USER**, **MAIL**, **DAEMON**, **AUTH**, **LPR**, **NEWS**, - **UUCP**, **CRON**, and **LOCAL0** through **LOCAL7**. If no - facility is specified, the default is **AUTH**. - -In the following example, the logging messages from the KDC will go to -the console and to the system log under the facility LOG_DAEMON, and -the logging messages from the administrative server will be appended -to the file ``/var/adm/kadmin.log`` and sent to the device -``/dev/tty04``. :: - - [logging] - kdc = CONSOLE - kdc = SYSLOG:INFO:DAEMON - admin_server = FILE:/var/adm/kadmin.log - admin_server = DEVICE=/dev/tty04 - -If no logging specification is given, the default is to use syslog. -To disable logging entirely, specify ``default = DEVICE=/dev/null``. - - -.. _otp: - -[otp] -~~~~~ - -Each subsection of [otp] is the name of an OTP token type. The tags -within the subsection define the configuration required to forward a -One Time Password request to a RADIUS server. - -For each token type, the following tags may be specified: - -**server** - This is the server to send the RADIUS request to. It can be a - hostname with optional port, an ip address with optional port, or - a Unix domain socket address. The default is - |kdcdir|\ ``/.socket``. - -**secret** - This tag indicates a filename (which may be relative to |kdcdir|) - containing the secret used to encrypt the RADIUS packets. The - secret should appear in the first line of the file by itself; - leading and trailing whitespace on the line will be removed. If - the value of **server** is a Unix domain socket address, this tag - is optional, and an empty secret will be used if it is not - specified. Otherwise, this tag is required. - -**timeout** - An integer which specifies the time in seconds during which the - KDC should attempt to contact the RADIUS server. This tag is the - total time across all retries and should be less than the time - which an OTP value remains valid for. The default is 5 seconds. - -**retries** - This tag specifies the number of retries to make to the RADIUS - server. The default is 3 retries (4 tries). - -**strip_realm** - If this tag is ``true``, the principal without the realm will be - passed to the RADIUS server. Otherwise, the realm will be - included. The default value is ``true``. - -**indicator** - This tag specifies an authentication indicator to be included in - the ticket if this token type is used to authenticate. This - option may be specified multiple times. (New in release 1.14.) - -In the following example, requests are sent to a remote server via UDP:: - - [otp] - MyRemoteTokenType = { - server = radius.mydomain.com:1812 - secret = SEmfiajf42$ - timeout = 15 - retries = 5 - strip_realm = true - } - -An implicit default token type named ``DEFAULT`` is defined for when -the per-principal configuration does not specify a token type. Its -configuration is shown below. You may override this token type to -something applicable for your situation:: - - [otp] - DEFAULT = { - strip_realm = false - } - -PKINIT options --------------- - -.. note:: - - The following are pkinit-specific options. These values may - be specified in [kdcdefaults] as global defaults, or within - a realm-specific subsection of [realms]. Also note that a - realm-specific value over-rides, does not add to, a generic - [kdcdefaults] specification. The search order is: - -1. realm-specific subsection of [realms]:: - - [realms] - EXAMPLE.COM = { - pkinit_anchors = FILE:/usr/local/example.com.crt - } - -2. generic value in the [kdcdefaults] section:: - - [kdcdefaults] - pkinit_anchors = DIR:/usr/local/generic_trusted_cas/ - -For information about the syntax of some of these options, see -:ref:`Specifying PKINIT identity information ` in -:ref:`krb5.conf(5)`. - -**pkinit_anchors** - Specifies the location of trusted anchor (root) certificates which - the KDC trusts to sign client certificates. This option is - required if pkinit is to be supported by the KDC. This option may - be specified multiple times. - -**pkinit_dh_min_bits** - Specifies the minimum number of bits the KDC is willing to accept - for a client's Diffie-Hellman key. The default is 2048. - -**pkinit_allow_upn** - Specifies that the KDC is willing to accept client certificates - with the Microsoft UserPrincipalName (UPN) Subject Alternative - Name (SAN). This means the KDC accepts the binding of the UPN in - the certificate to the Kerberos principal name. The default value - is false. - - Without this option, the KDC will only accept certificates with - the id-pkinit-san as defined in :rfc:`4556`. There is currently - no option to disable SAN checking in the KDC. - -**pkinit_eku_checking** - This option specifies what Extended Key Usage (EKU) values the KDC - is willing to accept in client certificates. The values - recognized in the kdc.conf file are: - - **kpClientAuth** - This is the default value and specifies that client - certificates must have the id-pkinit-KPClientAuth EKU as - defined in :rfc:`4556`. - - **scLogin** - If scLogin is specified, client certificates with the - Microsoft Smart Card Login EKU (id-ms-kp-sc-logon) will be - accepted. - - **none** - If none is specified, then client certificates will not be - checked to verify they have an acceptable EKU. The use of - this option is not recommended. - -**pkinit_identity** - Specifies the location of the KDC's X.509 identity information. - This option is required if pkinit is to be supported by the KDC. - -**pkinit_indicator** - Specifies an authentication indicator to include in the ticket if - pkinit is used to authenticate. This option may be specified - multiple times. (New in release 1.14.) - -**pkinit_pool** - Specifies the location of intermediate certificates which may be - used by the KDC to complete the trust chain between a client's - certificate and a trusted anchor. This option may be specified - multiple times. - -**pkinit_revoke** - Specifies the location of Certificate Revocation List (CRL) - information to be used by the KDC when verifying the validity of - client certificates. This option may be specified multiple times. - -**pkinit_require_crl_checking** - The default certificate verification process will always check the - available revocation information to see if a certificate has been - revoked. If a match is found for the certificate in a CRL, - verification fails. If the certificate being verified is not - listed in a CRL, or there is no CRL present for its issuing CA, - and **pkinit_require_crl_checking** is false, then verification - succeeds. - - However, if **pkinit_require_crl_checking** is true and there is - no CRL information available for the issuing CA, then verification - fails. - - **pkinit_require_crl_checking** should be set to true if the - policy is such that up-to-date CRLs must be present for every CA. - -**pkinit_require_freshness** - Specifies whether to require clients to include a freshness token - in PKINIT requests. The default value is false. (New in release - 1.17.) - -.. _Encryption_types: - -Encryption types ----------------- - -Any tag in the configuration files which requires a list of encryption -types can be set to some combination of the following strings. -Encryption types marked as "weak" and "deprecated" are available for -compatibility but not recommended for use. - -==================================================== ========================================================= -des3-cbc-raw Triple DES cbc mode raw (weak) -des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd Triple DES cbc mode with HMAC/sha1 (deprecated) -aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1 AES-256 CTS mode with 96-bit SHA-1 HMAC -aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1 AES-128 CTS mode with 96-bit SHA-1 HMAC -aes256-cts-hmac-sha384-192 aes256-sha2 AES-256 CTS mode with 192-bit SHA-384 HMAC -aes128-cts-hmac-sha256-128 aes128-sha2 AES-128 CTS mode with 128-bit SHA-256 HMAC -arcfour-hmac rc4-hmac arcfour-hmac-md5 RC4 with HMAC/MD5 (deprecated) -arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp Exportable RC4 with HMAC/MD5 (weak) -camellia256-cts-cmac camellia256-cts Camellia-256 CTS mode with CMAC -camellia128-cts-cmac camellia128-cts Camellia-128 CTS mode with CMAC -des3 The triple DES family: des3-cbc-sha1 -aes The AES family: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha384-192, and aes128-cts-hmac-sha256-128 -rc4 The RC4 family: arcfour-hmac -camellia The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac -==================================================== ========================================================= - -The string **DEFAULT** can be used to refer to the default set of -types for the variable in question. Types or families can be removed -from the current list by prefixing them with a minus sign ("-"). -Types or families can be prefixed with a plus sign ("+") for symmetry; -it has the same meaning as just listing the type or family. For -example, "``DEFAULT -rc4``" would be the default set of encryption -types with RC4 types removed, and "``des3 DEFAULT``" would be the -default set of encryption types with triple DES types moved to the -front. - -While **aes128-cts** and **aes256-cts** are supported for all Kerberos -operations, they are not supported by very old versions of our GSSAPI -implementation (krb5-1.3.1 and earlier). Services running versions of -krb5 without AES support must not be given keys of these encryption -types in the KDC database. - -The **aes128-sha2** and **aes256-sha2** encryption types are new in -release 1.15. Services running versions of krb5 without support for -these newer encryption types must not be given keys of these -encryption types in the KDC database. - - -.. _Keysalt_lists: - -Keysalt lists -------------- - -Kerberos keys for users are usually derived from passwords. Kerberos -commands and configuration parameters that affect generation of keys -take lists of enctype-salttype ("keysalt") pairs, known as *keysalt -lists*. Each keysalt pair is an enctype name followed by a salttype -name, in the format *enc*:*salt*. Individual keysalt list members are -separated by comma (",") characters or space characters. For example:: - - kadmin -e aes256-cts:normal,aes128-cts:normal - -would start up kadmin so that by default it would generate -password-derived keys for the **aes256-cts** and **aes128-cts** -encryption types, using a **normal** salt. - -To ensure that people who happen to pick the same password do not have -the same key, Kerberos 5 incorporates more information into the key -using something called a salt. The supported salt types are as -follows: - -================= ============================================ -normal default for Kerberos Version 5 -norealm same as the default, without using realm information -onlyrealm uses only realm information as the salt -special generate a random salt -================= ============================================ - - -Sample kdc.conf File --------------------- - -Here's an example of a kdc.conf file:: - - [kdcdefaults] - kdc_listen = 88 - kdc_tcp_listen = 88 - [realms] - ATHENA.MIT.EDU = { - kadmind_port = 749 - max_life = 12h 0m 0s - max_renewable_life = 7d 0h 0m 0s - master_key_type = aes256-cts-hmac-sha1-96 - supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal - database_module = openldap_ldapconf - } - - [logging] - kdc = FILE:/usr/local/var/krb5kdc/kdc.log - admin_server = FILE:/usr/local/var/krb5kdc/kadmin.log - - [dbdefaults] - ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu - - [dbmodules] - openldap_ldapconf = { - db_library = kldap - disable_last_success = true - ldap_kdc_dn = "cn=krbadmin,dc=mit,dc=edu" - # this object needs to have read rights on - # the realm container and principal subtrees - ldap_kadmind_dn = "cn=krbadmin,dc=mit,dc=edu" - # this object needs to have read and write rights on - # the realm container and principal subtrees - ldap_service_password_file = /etc/kerberos/service.keyfile - ldap_servers = ldaps://kerberos.mit.edu - ldap_conns_per_server = 5 - } - - -FILES ------- - -|kdcdir|\ ``/kdc.conf`` - - -SEE ALSO ---------- - -:ref:`krb5.conf(5)`, :ref:`krb5kdc(8)`, :ref:`kadm5.acl(5)` diff --git a/krb5-1.21.3/doc/admin/conf_files/krb5_conf.rst b/krb5-1.21.3/doc/admin/conf_files/krb5_conf.rst deleted file mode 100644 index ecdf9175..00000000 --- a/krb5-1.21.3/doc/admin/conf_files/krb5_conf.rst +++ /dev/null @@ -1,1251 +0,0 @@ -.. _krb5.conf(5): - -krb5.conf -========= - -The krb5.conf file contains Kerberos configuration information, -including the locations of KDCs and admin servers for the Kerberos -realms of interest, defaults for the current realm and for Kerberos -applications, and mappings of hostnames onto Kerberos realms. -Normally, you should install your krb5.conf file in the directory -``/etc``. You can override the default location by setting the -environment variable **KRB5_CONFIG**. Multiple colon-separated -filenames may be specified in **KRB5_CONFIG**; all files which are -present will be read. Starting in release 1.14, directory names can -also be specified in **KRB5_CONFIG**; all files within the directory -whose names consist solely of alphanumeric characters, dashes, or -underscores will be read. - - -Structure ---------- - -The krb5.conf file is set up in the style of a Windows INI file. -Lines beginning with '#' or ';' (possibly after initial whitespace) -are ignored as comments. Sections are headed by the section name, in -square brackets. Each section may contain zero or more relations, of -the form:: - - foo = bar - -or:: - - fubar = { - foo = bar - baz = quux - } - -Placing a '\*' after the closing bracket of a section name indicates -that the section is *final*, meaning that if the same section appears -within a later file specified in **KRB5_CONFIG**, it will be ignored. -A subsection can be marked as final by placing a '\*' after either the -tag name or the closing brace. - -The krb5.conf file can include other files using either of the -following directives at the beginning of a line:: - - include FILENAME - includedir DIRNAME - -*FILENAME* or *DIRNAME* should be an absolute path. The named file or -directory must exist and be readable. Including a directory includes -all files within the directory whose names consist solely of -alphanumeric characters, dashes, or underscores. Starting in release -1.15, files with names ending in ".conf" are also included, unless the -name begins with ".". Included profile files are syntactically -independent of their parents, so each included file must begin with a -section header. Starting in release 1.17, files are read in -alphanumeric order; in previous releases, they may be read in any -order. - -The krb5.conf file can specify that configuration should be obtained -from a loadable module, rather than the file itself, using the -following directive at the beginning of a line before any section -headers:: - - module MODULEPATH:RESIDUAL - -*MODULEPATH* may be relative to the library path of the krb5 -installation, or it may be an absolute path. *RESIDUAL* is provided -to the module at initialization time. If krb5.conf uses a module -directive, :ref:`kdc.conf(5)` should also use one if it exists. - - -Sections --------- - -The krb5.conf file may contain the following sections: - -=================== ======================================================= -:ref:`libdefaults` Settings used by the Kerberos V5 library -:ref:`realms` Realm-specific contact information and settings -:ref:`domain_realm` Maps server hostnames to Kerberos realms -:ref:`capaths` Authentication paths for non-hierarchical cross-realm -:ref:`appdefaults` Settings used by some Kerberos V5 applications -:ref:`plugins` Controls plugin module registration -=================== ======================================================= - -Additionally, krb5.conf may include any of the relations described in -:ref:`kdc.conf(5)`, but it is not a recommended practice. - -.. _libdefaults: - -[libdefaults] -~~~~~~~~~~~~~ - -The libdefaults section may contain any of the following relations: - -**allow_des3** - Permit the KDC to issue tickets with des3-cbc-sha1 session keys. - In future releases, this flag will allow des3-cbc-sha1 to be used - at all. The default value for this tag is false. (Added in - release 1.21.) - -**allow_rc4** - Permit the KDC to issue tickets with arcfour-hmac session keys. - In future releases, this flag will allow arcfour-hmac to be used - at all. The default value for this tag is false. (Added in - release 1.21.) - -**allow_weak_crypto** - If this flag is set to false, then weak encryption types (as noted - in :ref:`Encryption_types` in :ref:`kdc.conf(5)`) will be filtered - out of the lists **default_tgs_enctypes**, - **default_tkt_enctypes**, and **permitted_enctypes**. The default - value for this tag is false. - -**canonicalize** - If this flag is set to true, initial ticket requests to the KDC - will request canonicalization of the client principal name, and - answers with different client principals than the requested - principal will be accepted. The default value is false. - -**ccache_type** - This parameter determines the format of credential cache types - created by :ref:`kinit(1)` or other programs. The default value - is 4, which represents the most current format. Smaller values - can be used for compatibility with very old implementations of - Kerberos which interact with credential caches on the same host. - -**clockskew** - Sets the maximum allowable amount of clockskew in seconds that the - library will tolerate before assuming that a Kerberos message is - invalid. The default value is 300 seconds, or five minutes. - - The clockskew setting is also used when evaluating ticket start - and expiration times. For example, tickets that have reached - their expiration time can still be used (and renewed if they are - renewable tickets) if they have been expired for a shorter - duration than the **clockskew** setting. - -**default_ccache_name** - This relation specifies the name of the default credential cache. - The default is |ccache|. This relation is subject to parameter - expansion (see below). New in release 1.11. - -**default_client_keytab_name** - This relation specifies the name of the default keytab for - obtaining client credentials. The default is |ckeytab|. This - relation is subject to parameter expansion (see below). - New in release 1.11. - -**default_keytab_name** - This relation specifies the default keytab name to be used by - application servers such as sshd. The default is |keytab|. This - relation is subject to parameter expansion (see below). - -**default_rcache_name** - This relation specifies the name of the default replay cache. - The default is ``dfl:``. This relation is subject to parameter - expansion (see below). New in release 1.18. - -**default_realm** - Identifies the default Kerberos realm for the client. Set its - value to your Kerberos realm. If this value is not set, then a - realm must be specified with every Kerberos principal when - invoking programs such as :ref:`kinit(1)`. - -**default_tgs_enctypes** - Identifies the supported list of session key encryption types that - the client should request when making a TGS-REQ, in order of - preference from highest to lowest. The list may be delimited with - commas or whitespace. See :ref:`Encryption_types` in - :ref:`kdc.conf(5)` for a list of the accepted values for this tag. - Starting in release 1.18, the default value is the value of - **permitted_enctypes**. For previous releases or if - **permitted_enctypes** is not set, the default value is - |defetypes|. - - Do not set this unless required for specific backward - compatibility purposes; stale values of this setting can prevent - clients from taking advantage of new stronger enctypes when the - libraries are upgraded. - -**default_tkt_enctypes** - Identifies the supported list of session key encryption types that - the client should request when making an AS-REQ, in order of - preference from highest to lowest. The format is the same as for - default_tgs_enctypes. Starting in release 1.18, the default - value is the value of **permitted_enctypes**. For previous - releases or if **permitted_enctypes** is not set, the default - value is |defetypes|. - - Do not set this unless required for specific backward - compatibility purposes; stale values of this setting can prevent - clients from taking advantage of new stronger enctypes when the - libraries are upgraded. - -**dns_canonicalize_hostname** - Indicate whether name lookups will be used to canonicalize - hostnames for use in service principal names. Setting this flag - to false can improve security by reducing reliance on DNS, but - means that short hostnames will not be canonicalized to - fully-qualified hostnames. If this option is set to ``fallback`` (new - in release 1.18), DNS canonicalization will only be performed the - server hostname is not found with the original name when - requesting credentials. The default value is true. - -**dns_lookup_kdc** - Indicate whether DNS SRV records should be used to locate the KDCs - and other servers for a realm, if they are not listed in the - krb5.conf information for the realm. (Note that the admin_server - entry must be in the krb5.conf realm information in order to - contact kadmind, because the DNS implementation for kadmin is - incomplete.) - - Enabling this option does open up a type of denial-of-service - attack, if someone spoofs the DNS records and redirects you to - another server. However, it's no worse than a denial of service, - because that fake KDC will be unable to decode anything you send - it (besides the initial ticket request, which has no encrypted - data), and anything the fake KDC sends will not be trusted without - verification using some secret that it won't know. - -**dns_uri_lookup** - Indicate whether DNS URI records should be used to locate the KDCs - and other servers for a realm, if they are not listed in the - krb5.conf information for the realm. SRV records are used as a - fallback if no URI records were found. The default value is true. - New in release 1.15. - -**enforce_ok_as_delegate** - If this flag to true, GSSAPI credential delegation will be - disabled when the ``ok-as-delegate`` flag is not set in the - service ticket. If this flag is false, the ``ok-as-delegate`` - ticket flag is only enforced when an application specifically - requests enforcement. The default value is false. - -**err_fmt** - This relation allows for custom error message formatting. If a - value is set, error messages will be formatted by substituting a - normal error message for %M and an error code for %C in the value. - -**extra_addresses** - This allows a computer to use multiple local addresses, in order - to allow Kerberos to work in a network that uses NATs while still - using address-restricted tickets. The addresses should be in a - comma-separated list. This option has no effect if - **noaddresses** is true. - -**forwardable** - If this flag is true, initial tickets will be forwardable by - default, if allowed by the KDC. The default value is false. - -**ignore_acceptor_hostname** - When accepting GSSAPI or krb5 security contexts for host-based - service principals, ignore any hostname passed by the calling - application, and allow clients to authenticate to any service - principal in the keytab matching the service name and realm name - (if given). This option can improve the administrative - flexibility of server applications on multihomed hosts, but could - compromise the security of virtual hosting environments. The - default value is false. New in release 1.10. - -**k5login_authoritative** - If this flag is true, principals must be listed in a local user's - k5login file to be granted login access, if a :ref:`.k5login(5)` - file exists. If this flag is false, a principal may still be - granted login access through other mechanisms even if a k5login - file exists but does not list the principal. The default value is - true. - -**k5login_directory** - If set, the library will look for a local user's k5login file - within the named directory, with a filename corresponding to the - local username. If not set, the library will look for k5login - files in the user's home directory, with the filename .k5login. - For security reasons, .k5login files must be owned by - the local user or by root. - -**kcm_mach_service** - On macOS only, determines the name of the bootstrap service used to - contact the KCM daemon for the KCM credential cache type. If the - value is ``-``, Mach RPC will not be used to contact the KCM - daemon. The default value is ``org.h5l.kcm``. - -**kcm_socket** - Determines the path to the Unix domain socket used to access the - KCM daemon for the KCM credential cache type. If the value is - ``-``, Unix domain sockets will not be used to contact the KCM - daemon. The default value is - ``/var/run/.heim_org.h5l.kcm-socket``. - -**kdc_default_options** - Default KDC options (Xored for multiple values) when requesting - initial tickets. By default it is set to 0x00000010 - (KDC_OPT_RENEWABLE_OK). - -**kdc_timesync** - Accepted values for this relation are 1 or 0. If it is nonzero, - client machines will compute the difference between their time and - the time returned by the KDC in the timestamps in the tickets and - use this value to correct for an inaccurate system clock when - requesting service tickets or authenticating to services. This - corrective factor is only used by the Kerberos library; it is not - used to change the system clock. The default value is 1. - -**noaddresses** - If this flag is true, requests for initial tickets will not be - made with address restrictions set, allowing the tickets to be - used across NATs. The default value is true. - -**permitted_enctypes** - Identifies the encryption types that servers will permit for - session keys and for ticket and authenticator encryption, ordered - by preference from highest to lowest. Starting in release 1.18, - this tag also acts as the default value for - **default_tgs_enctypes** and **default_tkt_enctypes**. The - default value for this tag is |defetypes|. - -**plugin_base_dir** - If set, determines the base directory where krb5 plugins are - located. The default value is the ``krb5/plugins`` subdirectory - of the krb5 library directory. This relation is subject to - parameter expansion (see below) in release 1.17 and later. - -**preferred_preauth_types** - This allows you to set the preferred preauthentication types which - the client will attempt before others which may be advertised by a - KDC. The default value for this setting is "17, 16, 15, 14", - which forces libkrb5 to attempt to use PKINIT if it is supported. - -**proxiable** - If this flag is true, initial tickets will be proxiable by - default, if allowed by the KDC. The default value is false. - -**qualify_shortname** - If this string is set, it determines the domain suffix for - single-component hostnames when DNS canonicalization is not used - (either because **dns_canonicalize_hostname** is false or because - forward canonicalization failed). The default value is the first - search domain of the system's DNS configuration. To disable - qualification of shortnames, set this relation to the empty string - with ``qualify_shortname = ""``. (New in release 1.18.) - -**rdns** - If this flag is true, reverse name lookup will be used in addition - to forward name lookup to canonicalizing hostnames for use in - service principal names. If **dns_canonicalize_hostname** is set - to false, this flag has no effect. The default value is true. - -**realm_try_domains** - Indicate whether a host's domain components should be used to - determine the Kerberos realm of the host. The value of this - variable is an integer: -1 means not to search, 0 means to try the - host's domain itself, 1 means to also try the domain's immediate - parent, and so forth. The library's usual mechanism for locating - Kerberos realms is used to determine whether a domain is a valid - realm, which may involve consulting DNS if **dns_lookup_kdc** is - set. The default is not to search domain components. - -**renew_lifetime** - (:ref:`duration` string.) Sets the default renewable lifetime - for initial ticket requests. The default value is 0. - -**spake_preauth_groups** - A whitespace or comma-separated list of words which specifies the - groups allowed for SPAKE preauthentication. The possible values - are: - - ============ ================================ - edwards25519 Edwards25519 curve (:rfc:`7748`) - P-256 NIST P-256 curve (:rfc:`5480`) - P-384 NIST P-384 curve (:rfc:`5480`) - P-521 NIST P-521 curve (:rfc:`5480`) - ============ ================================ - - The default value for the client is ``edwards25519``. The default - value for the KDC is empty. New in release 1.17. - -**ticket_lifetime** - (:ref:`duration` string.) Sets the default lifetime for initial - ticket requests. The default value is 1 day. - -**udp_preference_limit** - When sending a message to the KDC, the library will try using TCP - before UDP if the size of the message is above - **udp_preference_limit**. If the message is smaller than - **udp_preference_limit**, then UDP will be tried before TCP. - Regardless of the size, both protocols will be tried if the first - attempt fails. - -**verify_ap_req_nofail** - If this flag is true, then an attempt to verify initial - credentials will fail if the client machine does not have a - keytab. The default value is false. - -**client_aware_channel_bindings** - If this flag is true, then all application protocol authentication - requests will be flagged to indicate that the application supports - channel bindings when operating over a secure channel. The - default value is false. - -.. _realms: - -[realms] -~~~~~~~~ - -Each tag in the [realms] section of the file is the name of a Kerberos -realm. The value of the tag is a subsection with relations that -define the properties of that particular realm. For each realm, the -following tags may be specified in the realm's subsection: - -**admin_server** - Identifies the host where the administration server is running. - Typically, this is the primary Kerberos server. This tag must be - given a value in order to communicate with the :ref:`kadmind(8)` - server for the realm. - -**auth_to_local** - This tag allows you to set a general rule for mapping principal - names to local user names. It will be used if there is not an - explicit mapping for the principal name that is being - translated. The possible values are: - - **RULE:**\ *exp* - The local name will be formulated from *exp*. - - The format for *exp* is **[**\ *n*\ **:**\ *string*\ **](**\ - *regexp*\ **)s/**\ *pattern*\ **/**\ *replacement*\ **/g**. - The integer *n* indicates how many components the target - principal should have. If this matches, then a string will be - formed from *string*, substituting the realm of the principal - for ``$0`` and the *n*'th component of the principal for - ``$n`` (e.g., if the principal was ``johndoe/admin`` then - ``[2:$2$1foo]`` would result in the string - ``adminjohndoefoo``). If this string matches *regexp*, then - the ``s//[g]`` substitution command will be run over the - string. The optional **g** will cause the substitution to be - global over the *string*, instead of replacing only the first - match in the *string*. - - **DEFAULT** - The principal name will be used as the local user name. If - the principal has more than one component or is not in the - default realm, this rule is not applicable and the conversion - will fail. - - For example:: - - [realms] - ATHENA.MIT.EDU = { - auth_to_local = RULE:[2:$1](johndoe)s/^.*$/guest/ - auth_to_local = RULE:[2:$1;$2](^.*;admin$)s/;admin$// - auth_to_local = RULE:[2:$2](^.*;root)s/^.*$/root/ - auth_to_local = DEFAULT - } - - would result in any principal without ``root`` or ``admin`` as the - second component to be translated with the default rule. A - principal with a second component of ``admin`` will become its - first component. ``root`` will be used as the local name for any - principal with a second component of ``root``. The exception to - these two rules are any principals ``johndoe/*``, which will - always get the local name ``guest``. - -**auth_to_local_names** - This subsection allows you to set explicit mappings from principal - names to local user names. The tag is the mapping name, and the - value is the corresponding local user name. - -**default_domain** - This tag specifies the domain used to expand hostnames when - translating Kerberos 4 service principals to Kerberos 5 principals - (for example, when converting ``rcmd.hostname`` to - ``host/hostname.domain``). - -**disable_encrypted_timestamp** - If this flag is true, the client will not perform encrypted - timestamp preauthentication if requested by the KDC. Setting this - flag can help to prevent dictionary attacks by active attackers, - if the realm's KDCs support SPAKE preauthentication or if initial - authentication always uses another mechanism or always uses FAST. - This flag persists across client referrals during initial - authentication. This flag does not prevent the KDC from offering - encrypted timestamp. New in release 1.17. - -**http_anchors** - When KDCs and kpasswd servers are accessed through HTTPS proxies, this tag - can be used to specify the location of the CA certificate which should be - trusted to issue the certificate for a proxy server. If left unspecified, - the system-wide default set of CA certificates is used. - - The syntax for values is similar to that of values for the - **pkinit_anchors** tag: - - **FILE:** *filename* - - *filename* is assumed to be the name of an OpenSSL-style ca-bundle file. - - **DIR:** *dirname* - - *dirname* is assumed to be an directory which contains CA certificates. - All files in the directory will be examined; if they contain certificates - (in PEM format), they will be used. - - **ENV:** *envvar* - - *envvar* specifies the name of an environment variable which has been set - to a value conforming to one of the previous values. For example, - ``ENV:X509_PROXY_CA``, where environment variable ``X509_PROXY_CA`` has - been set to ``FILE:/tmp/my_proxy.pem``. - -**kdc** - The name or address of a host running a KDC for that realm. An - optional port number, separated from the hostname by a colon, may - be included. If the name or address contains colons (for example, - if it is an IPv6 address), enclose it in square brackets to - distinguish the colon from a port separator. For your computer to - be able to communicate with the KDC for each realm, this tag must - be given a value in each realm subsection in the configuration - file, or there must be DNS SRV records specifying the KDCs. - -**kpasswd_server** - Points to the server where all the password changes are performed. - If there is no such entry, DNS will be queried (unless forbidden - by **dns_lookup_kdc**). Finally, port 464 on the **admin_server** - host will be tried. - -**master_kdc** - The name for **primary_kdc** prior to release 1.19. Its value is - used as a fallback if **primary_kdc** is not specified. - -**primary_kdc** - Identifies the primary KDC(s). Currently, this tag is used in only - one case: If an attempt to get credentials fails because of an - invalid password, the client software will attempt to contact the - primary KDC, in case the user's password has just been changed, and - the updated database has not been propagated to the replica - servers yet. New in release 1.19. - -**v4_instance_convert** - This subsection allows the administrator to configure exceptions - to the **default_domain** mapping rule. It contains V4 instances - (the tag name) which should be translated to some specific - hostname (the tag value) as the second component in a Kerberos V5 - principal name. - -**v4_realm** - This relation is used by the krb524 library routines when - converting a V5 principal name to a V4 principal name. It is used - when the V4 realm name and the V5 realm name are not the same, but - still share the same principal names and passwords. The tag value - is the Kerberos V4 realm name. - - -.. _domain_realm: - -[domain_realm] -~~~~~~~~~~~~~~ - -The [domain_realm] section provides a translation from hostnames to -Kerberos realms. Each tag is a domain name, providing the mapping for -that domain and all subdomains. If the tag begins with a period -(``.``) then it applies only to subdomains. The Kerberos realm may be -identified either in the realms_ section or using DNS SRV records. -Tag names should be in lower case. For example:: - - [domain_realm] - crash.mit.edu = TEST.ATHENA.MIT.EDU - .dev.mit.edu = TEST.ATHENA.MIT.EDU - mit.edu = ATHENA.MIT.EDU - -maps the host with the name ``crash.mit.edu`` into the -``TEST.ATHENA.MIT.EDU`` realm. The second entry maps all hosts under the -domain ``dev.mit.edu`` into the ``TEST.ATHENA.MIT.EDU`` realm, but not -the host with the name ``dev.mit.edu``. That host is matched -by the third entry, which maps the host ``mit.edu`` and all hosts -under the domain ``mit.edu`` that do not match a preceding rule -into the realm ``ATHENA.MIT.EDU``. - -If no translation entry applies to a hostname used for a service -principal for a service ticket request, the library will try to get a -referral to the appropriate realm from the client realm's KDC. If -that does not succeed, the host's realm is considered to be the -hostname's domain portion converted to uppercase, unless the -**realm_try_domains** setting in [libdefaults] causes a different -parent domain to be used. - - -.. _capaths: - -[capaths] -~~~~~~~~~ - -In order to perform direct (non-hierarchical) cross-realm -authentication, configuration is needed to determine the -authentication paths between realms. - -A client will use this section to find the authentication path between -its realm and the realm of the server. The server will use this -section to verify the authentication path used by the client, by -checking the transited field of the received ticket. - -There is a tag for each participating client realm, and each tag has -subtags for each of the server realms. The value of the subtags is an -intermediate realm which may participate in the cross-realm -authentication. The subtags may be repeated if there is more then one -intermediate realm. A value of "." means that the two realms share -keys directly, and no intermediate realms should be allowed to -participate. - -Only those entries which will be needed on the client or the server -need to be present. A client needs a tag for its local realm with -subtags for all the realms of servers it will need to authenticate to. -A server needs a tag for each realm of the clients it will serve, with -a subtag of the server realm. - -For example, ``ANL.GOV``, ``PNL.GOV``, and ``NERSC.GOV`` all wish to -use the ``ES.NET`` realm as an intermediate realm. ANL has a sub -realm of ``TEST.ANL.GOV`` which will authenticate with ``NERSC.GOV`` -but not ``PNL.GOV``. The [capaths] section for ``ANL.GOV`` systems -would look like this:: - - [capaths] - ANL.GOV = { - TEST.ANL.GOV = . - PNL.GOV = ES.NET - NERSC.GOV = ES.NET - ES.NET = . - } - TEST.ANL.GOV = { - ANL.GOV = . - } - PNL.GOV = { - ANL.GOV = ES.NET - } - NERSC.GOV = { - ANL.GOV = ES.NET - } - ES.NET = { - ANL.GOV = . - } - -The [capaths] section of the configuration file used on ``NERSC.GOV`` -systems would look like this:: - - [capaths] - NERSC.GOV = { - ANL.GOV = ES.NET - TEST.ANL.GOV = ES.NET - TEST.ANL.GOV = ANL.GOV - PNL.GOV = ES.NET - ES.NET = . - } - ANL.GOV = { - NERSC.GOV = ES.NET - } - PNL.GOV = { - NERSC.GOV = ES.NET - } - ES.NET = { - NERSC.GOV = . - } - TEST.ANL.GOV = { - NERSC.GOV = ANL.GOV - NERSC.GOV = ES.NET - } - -When a subtag is used more than once within a tag, clients will use -the order of values to determine the path. The order of values is not -important to servers. - - -.. _appdefaults: - -[appdefaults] -~~~~~~~~~~~~~ - -Each tag in the [appdefaults] section names a Kerberos V5 application -or an option that is used by some Kerberos V5 application[s]. The -value of the tag defines the default behaviors for that application. - -For example:: - - [appdefaults] - telnet = { - ATHENA.MIT.EDU = { - option1 = false - } - } - telnet = { - option1 = true - option2 = true - } - ATHENA.MIT.EDU = { - option2 = false - } - option2 = true - -The above four ways of specifying the value of an option are shown in -order of decreasing precedence. In this example, if telnet is running -in the realm EXAMPLE.COM, it should, by default, have option1 and -option2 set to true. However, a telnet program in the realm -``ATHENA.MIT.EDU`` should have ``option1`` set to false and -``option2`` set to true. Any other programs in ATHENA.MIT.EDU should -have ``option2`` set to false by default. Any programs running in -other realms should have ``option2`` set to true. - -The list of specifiable options for each application may be found in -that application's man pages. The application defaults specified here -are overridden by those specified in the realms_ section. - - -.. _plugins: - -[plugins] -~~~~~~~~~ - - * pwqual_ interface - * kadm5_hook_ interface - * clpreauth_ and kdcpreauth_ interfaces - -Tags in the [plugins] section can be used to register dynamic plugin -modules and to turn modules on and off. Not every krb5 pluggable -interface uses the [plugins] section; the ones that do are documented -here. - -New in release 1.9. - -Each pluggable interface corresponds to a subsection of [plugins]. -All subsections support the same tags: - -**disable** - This tag may have multiple values. If there are values for this - tag, then the named modules will be disabled for the pluggable - interface. - -**enable_only** - This tag may have multiple values. If there are values for this - tag, then only the named modules will be enabled for the pluggable - interface. - -**module** - This tag may have multiple values. Each value is a string of the - form ``modulename:pathname``, which causes the shared object - located at *pathname* to be registered as a dynamic module named - *modulename* for the pluggable interface. If *pathname* is not an - absolute path, it will be treated as relative to the - **plugin_base_dir** value from :ref:`libdefaults`. - -For pluggable interfaces where module order matters, modules -registered with a **module** tag normally come first, in the order -they are registered, followed by built-in modules in the order they -are documented below. If **enable_only** tags are used, then the -order of those tags overrides the normal module order. - -The following subsections are currently supported within the [plugins] -section: - -.. _ccselect: - -ccselect interface -################## - -The ccselect subsection controls modules for credential cache -selection within a cache collection. In addition to any registered -dynamic modules, the following built-in modules exist (and may be -disabled with the disable tag): - -**k5identity** - Uses a .k5identity file in the user's home directory to select a - client principal - -**realm** - Uses the service realm to guess an appropriate cache from the - collection - -**hostname** - If the service principal is host-based, uses the service hostname - to guess an appropriate cache from the collection - -.. _pwqual: - -pwqual interface -################ - -The pwqual subsection controls modules for the password quality -interface, which is used to reject weak passwords when passwords are -changed. The following built-in modules exist for this interface: - -**dict** - Checks against the realm dictionary file - -**empty** - Rejects empty passwords - -**hesiod** - Checks against user information stored in Hesiod (only if Kerberos - was built with Hesiod support) - -**princ** - Checks against components of the principal name - -.. _kadm5_hook: - -kadm5_hook interface -#################### - -The kadm5_hook interface provides plugins with information on -principal creation, modification, password changes and deletion. This -interface can be used to write a plugin to synchronize MIT Kerberos -with another database such as Active Directory. No plugins are built -in for this interface. - -.. _kadm5_auth: - -kadm5_auth interface -#################### - -The kadm5_auth section (introduced in release 1.16) controls modules -for the kadmin authorization interface, which determines whether a -client principal is allowed to perform a kadmin operation. The -following built-in modules exist for this interface: - -**acl** - This module reads the :ref:`kadm5.acl(5)` file, and authorizes - operations which are allowed according to the rules in the file. - -**self** - This module authorizes self-service operations including password - changes, creation of new random keys, fetching the client's - principal record or string attributes, and fetching the policy - record associated with the client principal. - -.. _clpreauth: - -.. _kdcpreauth: - -clpreauth and kdcpreauth interfaces -################################### - -The clpreauth and kdcpreauth interfaces allow plugin modules to -provide client and KDC preauthentication mechanisms. The following -built-in modules exist for these interfaces: - -**pkinit** - This module implements the PKINIT preauthentication mechanism. - -**encrypted_challenge** - This module implements the encrypted challenge FAST factor. - -**encrypted_timestamp** - This module implements the encrypted timestamp mechanism. - -.. _hostrealm: - -hostrealm interface -################### - -The hostrealm section (introduced in release 1.12) controls modules -for the host-to-realm interface, which affects the local mapping of -hostnames to realm names and the choice of default realm. The following -built-in modules exist for this interface: - -**profile** - This module consults the [domain_realm] section of the profile for - authoritative host-to-realm mappings, and the **default_realm** - variable for the default realm. - -**dns** - This module looks for DNS records for fallback host-to-realm - mappings and the default realm. It only operates if the - **dns_lookup_realm** variable is set to true. - -**domain** - This module applies heuristics for fallback host-to-realm - mappings. It implements the **realm_try_domains** variable, and - uses the uppercased parent domain of the hostname if that does not - produce a result. - -.. _localauth: - -localauth interface -################### - -The localauth section (introduced in release 1.12) controls modules -for the local authorization interface, which affects the relationship -between Kerberos principals and local system accounts. The following -built-in modules exist for this interface: - -**default** - This module implements the **DEFAULT** type for **auth_to_local** - values. - -**rule** - This module implements the **RULE** type for **auth_to_local** - values. - -**names** - This module looks for an **auth_to_local_names** mapping for the - principal name. - -**auth_to_local** - This module processes **auth_to_local** values in the default - realm's section, and applies the default method if no - **auth_to_local** values exist. - -**k5login** - This module authorizes a principal to a local account according to - the account's :ref:`.k5login(5)` file. - -**an2ln** - This module authorizes a principal to a local account if the - principal name maps to the local account name. - -.. _certauth: - -certauth interface -################## - -The certauth section (introduced in release 1.16) controls modules for -the certificate authorization interface, which determines whether a -certificate is allowed to preauthenticate a user via PKINIT. The -following built-in modules exist for this interface: - -**pkinit_san** - This module authorizes the certificate if it contains a PKINIT - Subject Alternative Name for the requested client principal, or a - Microsoft UPN SAN matching the principal if **pkinit_allow_upn** - is set to true for the realm. - -**pkinit_eku** - This module rejects the certificate if it does not contain an - Extended Key Usage attribute consistent with the - **pkinit_eku_checking** value for the realm. - -**dbmatch** - This module authorizes or rejects the certificate according to - whether it matches the **pkinit_cert_match** string attribute on - the client principal, if that attribute is present. - - -PKINIT options --------------- - -.. note:: - - The following are PKINIT-specific options. These values may - be specified in [libdefaults] as global defaults, or within - a realm-specific subsection of [libdefaults], or may be - specified as realm-specific values in the [realms] section. - A realm-specific value overrides, not adds to, a generic - [libdefaults] specification. The search order is: - -1. realm-specific subsection of [libdefaults]:: - - [libdefaults] - EXAMPLE.COM = { - pkinit_anchors = FILE:/usr/local/example.com.crt - } - -2. realm-specific value in the [realms] section:: - - [realms] - OTHERREALM.ORG = { - pkinit_anchors = FILE:/usr/local/otherrealm.org.crt - } - -3. generic value in the [libdefaults] section:: - - [libdefaults] - pkinit_anchors = DIR:/usr/local/generic_trusted_cas/ - - -.. _pkinit_identity: - -Specifying PKINIT identity information -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The syntax for specifying Public Key identity, trust, and revocation -information for PKINIT is as follows: - -**FILE:**\ *filename*\ [**,**\ *keyfilename*] - This option has context-specific behavior. - - In **pkinit_identity** or **pkinit_identities**, *filename* - specifies the name of a PEM-format file containing the user's - certificate. If *keyfilename* is not specified, the user's - private key is expected to be in *filename* as well. Otherwise, - *keyfilename* is the name of the file containing the private key. - - In **pkinit_anchors** or **pkinit_pool**, *filename* is assumed to - be the name of an OpenSSL-style ca-bundle file. - -**DIR:**\ *dirname* - This option has context-specific behavior. - - In **pkinit_identity** or **pkinit_identities**, *dirname* - specifies a directory with files named ``*.crt`` and ``*.key`` - where the first part of the file name is the same for matching - pairs of certificate and private key files. When a file with a - name ending with ``.crt`` is found, a matching file ending with - ``.key`` is assumed to contain the private key. If no such file - is found, then the certificate in the ``.crt`` is not used. - - In **pkinit_anchors** or **pkinit_pool**, *dirname* is assumed to - be an OpenSSL-style hashed CA directory where each CA cert is - stored in a file named ``hash-of-ca-cert.#``. This infrastructure - is encouraged, but all files in the directory will be examined and - if they contain certificates (in PEM format), they will be used. - - In **pkinit_revoke**, *dirname* is assumed to be an OpenSSL-style - hashed CA directory where each revocation list is stored in a file - named ``hash-of-ca-cert.r#``. This infrastructure is encouraged, - but all files in the directory will be examined and if they - contain a revocation list (in PEM format), they will be used. - -**PKCS12:**\ *filename* - *filename* is the name of a PKCS #12 format file, containing the - user's certificate and private key. - -**PKCS11:**\ [**module_name=**]\ *modname*\ [**:slotid=**\ *slot-id*][**:token=**\ *token-label*][**:certid=**\ *cert-id*][**:certlabel=**\ *cert-label*] - All keyword/values are optional. *modname* specifies the location - of a library implementing PKCS #11. If a value is encountered - with no keyword, it is assumed to be the *modname*. If no - module-name is specified, the default is |pkcs11_modname|. - ``slotid=`` and/or ``token=`` may be specified to force the use of - a particular smard card reader or token if there is more than one - available. ``certid=`` and/or ``certlabel=`` may be specified to - force the selection of a particular certificate on the device. - See the **pkinit_cert_match** configuration option for more ways - to select a particular certificate to use for PKINIT. - -**ENV:**\ *envvar* - *envvar* specifies the name of an environment variable which has - been set to a value conforming to one of the previous values. For - example, ``ENV:X509_PROXY``, where environment variable - ``X509_PROXY`` has been set to ``FILE:/tmp/my_proxy.pem``. - - -PKINIT krb5.conf options -~~~~~~~~~~~~~~~~~~~~~~~~ - -**pkinit_anchors** - Specifies the location of trusted anchor (root) certificates which - the client trusts to sign KDC certificates. This option may be - specified multiple times. These values from the config file are - not used if the user specifies X509_anchors on the command line. - -**pkinit_cert_match** - Specifies matching rules that the client certificate must match - before it is used to attempt PKINIT authentication. If a user has - multiple certificates available (on a smart card, or via other - media), there must be exactly one certificate chosen before - attempting PKINIT authentication. This option may be specified - multiple times. All the available certificates are checked - against each rule in order until there is a match of exactly one - certificate. - - The Subject and Issuer comparison strings are the :rfc:`2253` - string representations from the certificate Subject DN and Issuer - DN values. - - The syntax of the matching rules is: - - [*relation-operator*\ ]\ *component-rule* ... - - where: - - *relation-operator* - can be either ``&&``, meaning all component rules must match, - or ``||``, meaning only one component rule must match. The - default is ``&&``. - - *component-rule* - can be one of the following. Note that there is no - punctuation or whitespace between component rules. - - | ****\ *regular-expression* - | ****\ *regular-expression* - | ****\ *regular-expression* - | ****\ *extended-key-usage-list* - | ****\ *key-usage-list* - - *extended-key-usage-list* is a comma-separated list of - required Extended Key Usage values. All values in the list - must be present in the certificate. Extended Key Usage values - can be: - - * pkinit - * msScLogin - * clientAuth - * emailProtection - - *key-usage-list* is a comma-separated list of required Key - Usage values. All values in the list must be present in the - certificate. Key Usage values can be: - - * digitalSignature - * keyEncipherment - - Examples:: - - pkinit_cert_match = ||.*DoE.*.*@EXAMPLE.COM - pkinit_cert_match = &&msScLogin,clientAuth.*DoE.* - pkinit_cert_match = msScLogin,clientAuthdigitalSignature - -**pkinit_eku_checking** - This option specifies what Extended Key Usage value the KDC - certificate presented to the client must contain. (Note that if - the KDC certificate has the pkinit SubjectAlternativeName encoded - as the Kerberos TGS name, EKU checking is not necessary since the - issuing CA has certified this as a KDC certificate.) The values - recognized in the krb5.conf file are: - - **kpKDC** - This is the default value and specifies that the KDC must have - the id-pkinit-KPKdc EKU as defined in :rfc:`4556`. - - **kpServerAuth** - If **kpServerAuth** is specified, a KDC certificate with the - id-kp-serverAuth EKU will be accepted. This key usage value - is used in most commercially issued server certificates. - - **none** - If **none** is specified, then the KDC certificate will not be - checked to verify it has an acceptable EKU. The use of this - option is not recommended. - -**pkinit_dh_min_bits** - Specifies the size of the Diffie-Hellman key the client will - attempt to use. The acceptable values are 1024, 2048, and 4096. - The default is 2048. - -**pkinit_identities** - Specifies the location(s) to be used to find the user's X.509 - identity information. If this option is specified multiple times, - each value is attempted in order until certificates are found. - Note that these values are not used if the user specifies - **X509_user_identity** on the command line. - -**pkinit_kdc_hostname** - The presence of this option indicates that the client is willing - to accept a KDC certificate with a dNSName SAN (Subject - Alternative Name) rather than requiring the id-pkinit-san as - defined in :rfc:`4556`. This option may be specified multiple - times. Its value should contain the acceptable hostname for the - KDC (as contained in its certificate). - -**pkinit_pool** - Specifies the location of intermediate certificates which may be - used by the client to complete the trust chain between a KDC - certificate and a trusted anchor. This option may be specified - multiple times. - -**pkinit_require_crl_checking** - The default certificate verification process will always check the - available revocation information to see if a certificate has been - revoked. If a match is found for the certificate in a CRL, - verification fails. If the certificate being verified is not - listed in a CRL, or there is no CRL present for its issuing CA, - and **pkinit_require_crl_checking** is false, then verification - succeeds. - - However, if **pkinit_require_crl_checking** is true and there is - no CRL information available for the issuing CA, then verification - fails. - - **pkinit_require_crl_checking** should be set to true if the - policy is such that up-to-date CRLs must be present for every CA. - -**pkinit_revoke** - Specifies the location of Certificate Revocation List (CRL) - information to be used by the client when verifying the validity - of the KDC certificate presented. This option may be specified - multiple times. - - -.. _parameter_expansion: - -Parameter expansion -------------------- - -Starting with release 1.11, several variables, such as -**default_keytab_name**, allow parameters to be expanded. -Valid parameters are: - - ================= =================================================== - %{TEMP} Temporary directory - %{uid} Unix real UID or Windows SID - %{euid} Unix effective user ID or Windows SID - %{USERID} Same as %{uid} - %{null} Empty string - %{LIBDIR} Installation library directory - %{BINDIR} Installation binary directory - %{SBINDIR} Installation admin binary directory - %{username} (Unix) Username of effective user ID - %{APPDATA} (Windows) Roaming application data for current user - %{COMMON_APPDATA} (Windows) Application data for all users - %{LOCAL_APPDATA} (Windows) Local application data for current user - %{SYSTEM} (Windows) Windows system folder - %{WINDOWS} (Windows) Windows folder - %{USERCONFIG} (Windows) Per-user MIT krb5 config file directory - %{COMMONCONFIG} (Windows) Common MIT krb5 config file directory - ================= =================================================== - -Sample krb5.conf file ---------------------- - -Here is an example of a generic krb5.conf file:: - - [libdefaults] - default_realm = ATHENA.MIT.EDU - dns_lookup_kdc = true - dns_lookup_realm = false - - [realms] - ATHENA.MIT.EDU = { - kdc = kerberos.mit.edu - kdc = kerberos-1.mit.edu - kdc = kerberos-2.mit.edu - admin_server = kerberos.mit.edu - primary_kdc = kerberos.mit.edu - } - EXAMPLE.COM = { - kdc = kerberos.example.com - kdc = kerberos-1.example.com - admin_server = kerberos.example.com - } - - [domain_realm] - mit.edu = ATHENA.MIT.EDU - - [capaths] - ATHENA.MIT.EDU = { - EXAMPLE.COM = . - } - EXAMPLE.COM = { - ATHENA.MIT.EDU = . - } - -FILES ------ - -|krb5conf| - - -SEE ALSO --------- - -syslog(3) diff --git a/krb5-1.21.3/doc/admin/conf_ldap.rst b/krb5-1.21.3/doc/admin/conf_ldap.rst deleted file mode 100644 index 65542c1a..00000000 --- a/krb5-1.21.3/doc/admin/conf_ldap.rst +++ /dev/null @@ -1,132 +0,0 @@ -.. _conf_ldap: - -Configuring Kerberos with OpenLDAP back-end -=========================================== - - - 1. Make sure the LDAP server is using local authentication - (``ldapi://``) or TLS (``ldaps``). See - https://www.openldap.org/doc/admin/tls.html for instructions on - configuring TLS support in OpenLDAP. - - 2. Add the Kerberos schema file to the LDAP Server using the OpenLDAP - LDIF file from the krb5 source directory - (``src/plugins/kdb/ldap/libkdb_ldap/kerberos.openldap.ldif``). - The following example uses local authentication:: - - ldapadd -Y EXTERNAL -H ldapi:/// -f /path/to/kerberos.openldap.ldif - - 3. Choose DNs for the :ref:`krb5kdc(8)` and :ref:`kadmind(8)` servers - to bind to the LDAP server, and create them if necessary. Specify - these DNs with the **ldap_kdc_dn** and **ldap_kadmind_dn** - directives in :ref:`kdc.conf(5)`. The kadmind DN will also be - used for administrative commands such as :ref:`kdb5_util(8)`. - - Alternatively, you may configure krb5kdc and kadmind to use SASL - authentication to access the LDAP server; see the :ref:`dbmodules` - relations **ldap_kdc_sasl_mech** and similar. - - 4. Specify a location for the LDAP service password file by setting - **ldap_service_password_file**. Use ``kdb5_ldap_util stashsrvpw`` - to stash passwords for the KDC and kadmind DNs chosen above. For - example:: - - kdb5_ldap_util stashsrvpw -f /path/to/service.keyfile cn=krbadmin,dc=example,dc=com - - Skip this step if you are using SASL authentication and the - mechanism does not require a password. - - 5. Choose a DN for the global Kerberos container entry (but do not - create the entry at this time). Specify this DN with the - **ldap_kerberos_container_dn** directive in :ref:`kdc.conf(5)`. - Realm container entries will be created underneath this DN. - Principal entries may exist either underneath the realm container - (the default) or in separate trees referenced from the realm - container. - - 6. Configure the LDAP server ACLs to enable the KDC and kadmin server - DNs to read and write the Kerberos data. If - **disable_last_success** and **disable_lockout** are both set to - true in the :ref:`dbmodules` subsection for the realm, then the - KDC DN only requires read access to the Kerberos data. - - Sample access control information:: - - access to dn.base="" - by * read - - access to dn.base="cn=Subschema" - by * read - - # Provide access to the realm container. - access to dn.subtree= "cn=EXAMPLE.COM,cn=krbcontainer,dc=example,dc=com" - by dn.exact="cn=kdc-service,dc=example,dc=com" write - by dn.exact="cn=adm-service,dc=example,dc=com" write - by * none - - # Provide access to principals, if not underneath the realm container. - access to dn.subtree= "ou=users,dc=example,dc=com" - by dn.exact="cn=kdc-service,dc=example,dc=com" write - by dn.exact="cn=adm-service,dc=example,dc=com" write - by * none - - access to * - by * read - - If the locations of the container and principals or the DNs of the - service objects for a realm are changed then this information - should be updated. - - 7. In :ref:`kdc.conf(5)`, make sure the following relations are set - in the :ref:`dbmodules` subsection for the realm:: - - db_library (set to ``kldap``) - ldap_kerberos_container_dn - ldap_kdc_dn - ldap_kadmind_dn - ldap_service_password_file - ldap_servers - - 8. Create the realm using :ref:`kdb5_ldap_util(8)`: - - kdb5_ldap_util create -subtrees ou=users,dc=example,dc=com -s - - Use the **-subtrees** option if the principals are to exist in a - separate subtree from the realm container. Before executing the - command, make sure that the subtree mentioned above - ``(ou=users,dc=example,dc=com)`` exists. If the principals will - exist underneath the realm container, omit the **-subtrees** option - and do not worry about creating the principal subtree. - - For more information, refer to the section :ref:`ops_on_ldap`. - - The realm object is created under the - **ldap_kerberos_container_dn** specified in the configuration - file. This operation will also create the Kerberos container, if - not present already. This container can be used to store - information related to multiple realms. - - 9. Add an ``eq`` index for ``krbPrincipalName`` to speed up principal - lookup operations. See - https://www.openldap.org/doc/admin/tuning.html#Indexes for - details. - -With the LDAP back end it is possible to provide aliases for principal -entries. Currently we provide no administrative utilities for -creating aliases, so it must be done by direct manipulation of the -LDAP entries. - -An entry with aliases contains multiple values of the -*krbPrincipalName* attribute. Since LDAP attribute values are not -ordered, it is necessary to specify which principal name is canonical, -by using the *krbCanonicalName* attribute. Therefore, to create -aliases for an entry, first set the *krbCanonicalName* attribute of -the entry to the canonical principal name (which should be identical -to the pre-existing *krbPrincipalName* value), and then add additional -*krbPrincipalName* attributes for the aliases. - -Principal aliases are only returned by the KDC when the client -requests canonicalization. Canonicalization is normally requested for -service principals; for client principals, an explicit flag is often -required (e.g., ``kinit -C``) and canonicalization is only performed -for initial ticket requests. diff --git a/krb5-1.21.3/doc/admin/database.rst b/krb5-1.21.3/doc/admin/database.rst deleted file mode 100644 index 2fd07242..00000000 --- a/krb5-1.21.3/doc/admin/database.rst +++ /dev/null @@ -1,587 +0,0 @@ -Database administration -======================= - -A Kerberos database contains all of a realm's Kerberos principals, -their passwords, and other administrative information about each -principal. For the most part, you will use the :ref:`kdb5_util(8)` -program to manipulate the Kerberos database as a whole, and the -:ref:`kadmin(1)` program to make changes to the entries in the -database. (One notable exception is that users will use the -:ref:`kpasswd(1)` program to change their own passwords.) The kadmin -program has its own command-line interface, to which you type the -database administrating commands. - -:ref:`kdb5_util(8)` provides a means to create, delete, load, or dump -a Kerberos database. It also contains commands to roll over the -database master key, and to stash a copy of the key so that the -:ref:`kadmind(8)` and :ref:`krb5kdc(8)` daemons can use the database -without manual input. - -:ref:`kadmin(1)` provides for the maintenance of Kerberos principals, -password policies, and service key tables (keytabs). Normally it -operates as a network client using Kerberos authentication to -communicate with :ref:`kadmind(8)`, but there is also a variant, named -kadmin.local, which directly accesses the Kerberos database on the -local filesystem (or through LDAP). kadmin.local is necessary to set -up enough of the database to be able to use the remote version. - -kadmin can authenticate to the admin server using the service -principal ``kadmin/admin`` or ``kadmin/HOST`` (where *HOST* is the -hostname of the admin server). If the credentials cache contains a -ticket for either service principal and the **-c** ccache option is -specified, that ticket is used to authenticate to KADM5. Otherwise, -the **-p** and **-k** options are used to specify the client Kerberos -principal name used to authenticate. Once kadmin has determined the -principal name, it requests a ``kadmin/admin`` Kerberos service ticket -from the KDC, and uses that service ticket to authenticate to KADM5. - -See :ref:`kadmin(1)` for the available kadmin and kadmin.local -commands and options. - - -.. _principals: - -Principals ----------- - -Each entry in the Kerberos database contains a Kerberos principal and -the attributes and policies associated with that principal. - -To add a principal to the database, use the :ref:`kadmin(1)` -**add_principal** command. User principals should usually be created -with the ``+requires_preauth -allow_svr`` options to help mitigate -dictionary attacks (see :ref:`dictionary`):: - - kadmin: addprinc +requires_preauth -allow_svr alice - Enter password for principal "alice@KRBTEST.COM": - Re-enter password for principal "alice@KRBTEST.COM": - -User principals which will authenticate with :ref:`pkinit` should -instead by created with the ``-nokey`` option: - - kadmin: addprinc -nokey alice - -Service principals can be created with the ``-nokey`` option; -long-term keys will be added when a keytab is generated:: - - kadmin: addprinc -nokey host/foo.mit.edu - kadmin: ktadd -k foo.keytab host/foo.mit.edu - Entry for principal host/foo.mit.edu with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:foo.keytab. - Entry for principal host/foo.mit.edu with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:foo.keytab. - -To modify attributes of an existing principal, use the kadmin -**modify_principal** command:: - - kadmin: modprinc -expire tomorrow alice - Principal "alice@KRBTEST.COM" modified. - -To delete a principal, use the kadmin **delete_principal** command:: - - kadmin: delprinc alice - Are you sure you want to delete the principal "alice@KRBTEST.COM"? (yes/no): yes - Principal "alice@KRBTEST.COM" deleted. - Make sure that you have removed this principal from all ACLs before reusing. - -To change a principal's password, use the kadmin **change_password** -command. Password changes made through kadmin are subject to the same -password policies as would apply to password changes made through -:ref:`kpasswd(1)`. - -To view the attributes of a principal, use the kadmin` -**get_principal** command. - -To generate a listing of principals, use the kadmin -**list_principals** command. - - -.. _policies: - -Policies --------- - -A policy is a set of rules governing passwords. Policies can dictate -minimum and maximum password lifetimes, minimum number of characters -and character classes a password must contain, and the number of old -passwords kept in the database. - -To add a new policy, use the :ref:`kadmin(1)` **add_policy** command:: - - kadmin: addpol -maxlife "1 year" -history 3 stduser - -To modify attributes of a principal, use the kadmin **modify_policy** -command. To delete a policy, use the kadmin **delete_policy** -command. - -To associate a policy with a principal, use the kadmin -**modify_principal** command with the **-policy** option: - - kadmin: modprinc -policy stduser alice - Principal "alice@KRBTEST.COM" modified. - -A principal entry may be associated with a nonexistent policy, either -because the policy did not exist at the time of associated or was -deleted afterwards. kadmin will warn when associated a principal with -a nonexistent policy, and will annotate the policy name with "[does -not exist]" in the **get_principal** output. - - -.. _updating_history_key: - -Updating the history key -~~~~~~~~~~~~~~~~~~~~~~~~ - -If a policy specifies a number of old keys kept of two or more, the -stored old keys are encrypted in a history key, which is found in the -key data of the ``kadmin/history`` principal. - -Currently there is no support for proper rollover of the history key, -but you can change the history key (for example, to use a better -encryption type) at the cost of invalidating currently stored old -keys. To change the history key, run:: - - kadmin: change_password -randkey kadmin/history - -This command will fail if you specify the **-keepold** flag. Only one -new history key will be created, even if you specify multiple key/salt -combinations. - -In the future, we plan to migrate towards encrypting old keys in the -master key instead of the history key, and implementing proper -rollover support for stored old keys. - - -.. _privileges: - -Privileges ----------- - -Administrative privileges for the Kerberos database are stored in the -file :ref:`kadm5.acl(5)`. - -.. note:: - - A common use of an admin instance is so you can grant - separate permissions (such as administrator access to the - Kerberos database) to a separate Kerberos principal. For - example, the user ``joeadmin`` might have a principal for - his administrative use, called ``joeadmin/admin``. This - way, ``joeadmin`` would obtain ``joeadmin/admin`` tickets - only when he actually needs to use those permissions. - - -.. _db_operations: - -Operations on the Kerberos database ------------------------------------ - -The :ref:`kdb5_util(8)` command is the primary tool for administrating -the Kerberos database when using the DB2 or LMDB modules (see -:ref:`dbtypes`). Creating a database is described in -:ref:`create_db`. - -To create a stash file using the master password (because the database -was not created with one using the ``create -s`` flag, or after -restoring from a backup which did not contain the stash file), use the -kdb5_util **stash** command:: - - $ kdb5_util stash - kdb5_util: Cannot find/read stored master key while reading master key - kdb5_util: Warning: proceeding without master key - Enter KDC database master key: <= Type the KDC database master password. - -To destroy a database, use the kdb5_util destroy command:: - - $ kdb5_util destroy - Deleting KDC database stored in '/var/krb5kdc/principal', are you sure? - (type 'yes' to confirm)? yes - OK, deleting database '/var/krb5kdc/principal'... - ** Database '/var/krb5kdc/principal' destroyed. - - -.. _restore_from_dump: - -Dumping and loading a Kerberos database -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To dump a Kerberos database into a text file for backup or transfer -purposes, use the :ref:`kdb5_util(8)` **dump** command on one of the -KDCs:: - - $ kdb5_util dump dumpfile - - $ kbd5_util dump -verbose dumpfile - kadmin/admin@ATHENA.MIT.EDU - krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - kadmin/history@ATHENA.MIT.EDU - K/M@ATHENA.MIT.EDU - kadmin/changepw@ATHENA.MIT.EDU - -You may specify which principals to dump, using full principal names -including realm:: - - $ kdb5_util dump -verbose someprincs K/M@ATHENA.MIT.EDU kadmin/admin@ATHENA.MIT.EDU - kadmin/admin@ATHENA.MIT.EDU - K/M@ATHENA.MIT.EDU - -To restore a Kerberos database dump from a file, use the -:ref:`kdb5_util(8)` **load** command:: - - $ kdb5_util load dumpfile - -To update an existing database with a partial dump file containing -only some principals, use the ``-update`` flag:: - - $ kdb5_util load -update someprincs - -.. note:: - - If the database file exists, and the *-update* flag was not - given, *kdb5_util* will overwrite the existing database. - - -.. _updating_master_key: - -Updating the master key -~~~~~~~~~~~~~~~~~~~~~~~ - -Starting with release 1.7, :ref:`kdb5_util(8)` allows the master key -to be changed using a rollover process, with minimal loss of -availability. To roll over the master key, follow these steps: - -#. On the primary KDC, run ``kdb5_util list_mkeys`` to view the - current master key version number (KVNO). If you have never rolled - over the master key before, this will likely be version 1:: - - $ kdb5_util list_mkeys - Master keys for Principal: K/M@KRBTEST.COM - KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 * - -#. On the primary KDC, run ``kdb5_util use_mkey 1`` to ensure that a - master key activation list is present in the database. This step - is unnecessary in release 1.11.4 or later, or if the database was - initially created with release 1.7 or later. - -#. On the primary KDC, run ``kdb5_util add_mkey -s`` to create a new - master key and write it to the stash file. Enter a secure password - when prompted. If this is the first time you are changing the - master key, the new key will have version 2. The new master key - will not be used until you make it active. - -#. Propagate the database to all replica KDCs, either manually or by - waiting until the next scheduled propagation. If you do not have - any replica KDCs, you can skip this and the next step. - -#. On each replica KDC, run ``kdb5_util list_mkeys`` to verify that - the new master key is present, and then ``kdb5_util stash`` to - write the new master key to the replica KDC's stash file. - -#. On the primary KDC, run ``kdb5_util use_mkey 2`` to begin using the - new master key. Replace ``2`` with the version of the new master - key, as appropriate. You can optionally specify a date for the new - master key to become active; by default, it will become active - immediately. Prior to release 1.12, :ref:`kadmind(8)` must be - restarted for this change to take full effect. - -#. On the primary KDC, run ``kdb5_util update_princ_encryption``. - This command will iterate over the database and re-encrypt all keys - in the new master key. If the database is large and uses DB2, the - primary KDC will become unavailable while this command runs, but - clients should fail over to replica KDCs (if any are present) - during this time period. In release 1.13 and later, you can - instead run ``kdb5_util -x unlockiter update_princ_encryption`` to - use unlocked iteration; this variant will take longer, but will - keep the database available to the KDC and kadmind while it runs. - -#. Wait until the above changes have propagated to all replica KDCs - and until all running KDC and kadmind processes have serviced - requests using updated principal entries. - -#. On the primary KDC, run ``kdb5_util purge_mkeys`` to clean up the - old master key. - - -.. _ops_on_ldap: - -Operations on the LDAP database -------------------------------- - -The :ref:`kdb5_ldap_util(8)` command is the primary tool for -administrating the Kerberos database when using the LDAP module. -Creating an LDAP Kerberos database is describe in :ref:`conf_ldap`. - -To view a list of realms in the LDAP database, use the kdb5_ldap_util -**list** command:: - - $ kdb5_ldap_util list - KRBTEST.COM - -To modify the attributes of a realm, use the kdb5_ldap_util **modify** -command. For example, to change the default realm's maximum ticket -life:: - - $ kdb5_ldap_util modify -maxtktlife "10 hours" - -To display the attributes of a realm, use the kdb5_ldap_util **view** -command:: - - $ kdb5_ldap_util view - Realm Name: KRBTEST.COM - Maximum Ticket Life: 0 days 00:10:00 - -To remove a realm from the LDAP database, destroying its contents, use -the kdb5_ldap_util **destroy** command:: - - $ kdb5_ldap_util destroy - Deleting KDC database of 'KRBTEST.COM', are you sure? - (type 'yes' to confirm)? yes - OK, deleting database of 'KRBTEST.COM'... - ** Database of 'KRBTEST.COM' destroyed. - - -Ticket Policy operations -~~~~~~~~~~~~~~~~~~~~~~~~ - -Unlike the DB2 and LMDB modules, the LDAP module supports ticket -policy objects, which can be associated with principals to restrict -maximum ticket lifetimes and set mandatory principal flags. Ticket -policy objects are distinct from the password policies described -earlier on this page, and are chiefly managed through kdb5_ldap_util -rather than kadmin. To create a new ticket policy, use the -kdb5_ldap_util **create_policy** command:: - - $ kdb5_ldap_util create_policy -maxrenewlife "2 days" users - -To associate a ticket policy with a principal, use the -:ref:`kadmin(1)` **modify_principal** (or **add_principal**) command -with the **-x tktpolicy=**\ *policy* option:: - - $ kadmin.local modprinc -x tktpolicy=users alice - -To remove a ticket policy reference from a principal, use the same -command with an empty *policy*:: - - $ kadmin.local modprinc -x tktpolicy= alice - -To list the existing ticket policy objects, use the kdb5_ldap_util -**list_policy** command:: - - $ kdb5_ldap_util list_policy - users - -To modify the attributes of a ticket policy object, use the -kdb5_ldap_util **modify_policy** command:: - - $ kdb5_ldap_util modify_policy -allow_svr +requires_preauth users - -To view the attributes of a ticket policy object, use the -kdb5_ldap_util **view_policy** command:: - - $ kdb5_ldap_util view_policy users - Ticket policy: users - Maximum renewable life: 2 days 00:00:00 - Ticket flags: REQUIRES_PRE_AUTH DISALLOW_SVR - -To destroy an ticket policy object, use the kdb5_ldap_util -**destroy_policy** command:: - - $ kdb5_ldap_util destroy_policy users - This will delete the policy object 'users', are you sure? - (type 'yes' to confirm)? yes - ** policy object 'users' deleted. - - -.. _xrealm_authn: - -Cross-realm authentication --------------------------- - -In order for a KDC in one realm to authenticate Kerberos users in a -different realm, it must share a key with the KDC in the other realm. -In both databases, there must be krbtgt service principals for both realms. -For example, if you need to do cross-realm authentication between the realms -``ATHENA.MIT.EDU`` and ``EXAMPLE.COM``, you would need to add the -principals ``krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU`` and -``krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM`` to both databases. -These principals must all have the same passwords, key version -numbers, and encryption types; this may require explicitly setting -the key version number with the **-kvno** option. - -In the ATHENA.MIT.EDU and EXAMPLE.COM cross-realm case, the administrators -would run the following commands on the KDCs in both realms:: - - shell%: kadmin.local -e "aes256-cts:normal" - kadmin: addprinc -requires_preauth krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM - Enter password for principal krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM: - Re-enter password for principal krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM: - kadmin: addprinc -requires_preauth krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU - Enter password for principal krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU: - Enter password for principal krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU: - kadmin: - -.. note:: - - Even if most principals in a realm are generally created - with the **requires_preauth** flag enabled, this flag is not - desirable on cross-realm authentication keys because doing - so makes it impossible to disable preauthentication on a - service-by-service basis. Disabling it as in the example - above is recommended. - -.. note:: - - It is very important that these principals have good - passwords. MIT recommends that TGT principal passwords be - at least 26 characters of random ASCII text. - - -.. _changing_krbtgt_key: - -Changing the krbtgt key ------------------------ - -A Kerberos Ticket Granting Ticket (TGT) is a service ticket for the -principal ``krbtgt/REALM``. The key for this principal is created -when the Kerberos database is initialized and need not be changed. -However, it will only have the encryption types supported by the KDC -at the time of the initial database creation. To allow use of newer -encryption types for the TGT, this key has to be changed. - -Changing this key using the normal :ref:`kadmin(1)` -**change_password** command would invalidate any previously issued -TGTs. Therefore, when changing this key, normally one should use the -**-keepold** flag to change_password to retain the previous key in the -database as well as the new key. For example:: - - kadmin: change_password -randkey -keepold krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - -.. warning:: - - After issuing this command, the old key is still valid - and is still vulnerable to (for instance) brute force - attacks. To completely retire an old key or encryption - type, run the kadmin **purgekeys** command to delete keys - with older kvnos, ideally first making sure that all - tickets issued with the old keys have expired. - -Only the first krbtgt key of the newest key version is used to encrypt -ticket-granting tickets. However, the set of encryption types present -in the krbtgt keys is used by default to determine the session key -types supported by the krbtgt service (see -:ref:`session_key_selection`). Because non-MIT Kerberos clients -sometimes send a limited set of encryption types when making AS -requests, it can be important for the krbtgt service to support -multiple encryption types. This can be accomplished by giving the -krbtgt principal multiple keys, which is usually as simple as not -specifying any **-e** option when changing the krbtgt key, or by -setting the **session_enctypes** string attribute on the krbtgt -principal (see :ref:`set_string`). - -Due to a bug in releases 1.8 through 1.13, renewed and forwarded -tickets may not work if the original ticket was obtained prior to a -krbtgt key change and the modified ticket is obtained afterwards. -Upgrading the KDC to release 1.14 or later will correct this bug. - - -.. _incr_db_prop: - -Incremental database propagation --------------------------------- - -Overview -~~~~~~~~ - -At some very large sites, dumping and transmitting the database can -take more time than is desirable for changes to propagate from the -primary KDC to the replica KDCs. The incremental propagation support -added in the 1.7 release is intended to address this. - -With incremental propagation enabled, all programs on the primary KDC -that change the database also write information about the changes to -an "update log" file, maintained as a circular buffer of a certain -size. A process on each replica KDC connects to a service on the -primary KDC (currently implemented in the :ref:`kadmind(8)` server) and -periodically requests the changes that have been made since the last -check. By default, this check is done every two minutes. - -Incremental propagation uses the following entries in the per-realm -data in the KDC config file (See :ref:`kdc.conf(5)`): - -====================== =============== =========================================== -iprop_enable *boolean* If *true*, then incremental propagation is enabled, and (as noted below) normal kprop propagation is disabled. The default is *false*. -iprop_master_ulogsize *integer* Indicates the number of entries that should be retained in the update log. The default is 1000; the maximum number is 2500. -iprop_replica_poll *time interval* Indicates how often the replica should poll the primary KDC for changes to the database. The default is two minutes. -iprop_port *integer* Specifies the port number to be used for incremental propagation. This is required in both primary and replica configuration files. -iprop_resync_timeout *integer* Specifies the number of seconds to wait for a full propagation to complete. This is optional on replica configurations. Defaults to 300 seconds (5 minutes). -iprop_logfile *file name* Specifies where the update log file for the realm database is to be stored. The default is to use the *database_name* entry from the realms section of the config file :ref:`kdc.conf(5)`, with *.ulog* appended. (NOTE: If database_name isn't specified in the realms section, perhaps because the LDAP database back end is being used, or the file name is specified in the *dbmodules* section, then the hard-coded default for *database_name* is used. Determination of the *iprop_logfile* default value will not use values from the *dbmodules* section.) -====================== =============== =========================================== - -Both primary and replica sides must have a principal named -``kiprop/hostname`` (where *hostname* is the lowercase, -fully-qualified, canonical name for the host) registered in the -Kerberos database, and have keys for that principal stored in the -default keytab file (|keytab|). The ``kiprop/hostname`` principal may -have been created automatically for the primary KDC, but it must -always be created for replica KDCs. - -On the primary KDC side, the ``kiprop/hostname`` principal must be -listed in the kadmind ACL file :ref:`kadm5.acl(5)`, and given the -**p** privilege (see :ref:`privileges`). - -On the replica KDC side, :ref:`kpropd(8)` should be run. When -incremental propagation is enabled, it will connect to the kadmind on -the primary KDC and start requesting updates. - -The normal kprop mechanism is disabled by the incremental propagation -support. However, if the replica has been unable to fetch changes -from the primary KDC for too long (network problems, perhaps), the log -on the primary may wrap around and overwrite some of the updates that -the replica has not yet retrieved. In this case, the replica will -instruct the primary KDC to dump the current database out to a file -and invoke a one-time kprop propagation, with special options to also -convey the point in the update log at which the replica should resume -fetching incremental updates. Thus, all the keytab and ACL setup -previously described for kprop propagation is still needed. - -If an environment has a large number of replicas, it may be desirable -to arrange them in a hierarchy instead of having the primary serve -updates to every replica. To do this, run ``kadmind -proponly`` on -each intermediate replica, and ``kpropd -A upstreamhostname`` on -downstream replicas to direct each one to the appropriate upstream -replica. - -There are several known restrictions in the current implementation: - -- The incremental update protocol does not transport changes to policy - objects. Any policy changes on the primary will result in full - resyncs to all replicas. -- The replica's KDB module must support locking; it cannot be using the - LDAP KDB module. -- The primary and replica must be able to initiate TCP connections in - both directions, without an intervening NAT. - - -Sun/MIT incremental propagation differences -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Sun donated the original code for supporting incremental database -propagation to MIT. Some changes have been made in the MIT source -tree that will be visible to administrators. (These notes are based -on Sun's patches. Changes to Sun's implementation since then may not -be reflected here.) - -The Sun config file support looks for ``sunw_dbprop_enable``, -``sunw_dbprop_master_ulogsize``, and ``sunw_dbprop_slave_poll``. - -The incremental propagation service is implemented as an ONC RPC -service. In the Sun implementation, the service is registered with -rpcbind (also known as portmapper) and the client looks up the port -number to contact. In the MIT implementation, where interaction with -some modern versions of rpcbind doesn't always work well, the port -number must be specified in the config file on both the primary and -replica sides. - -The Sun implementation hard-codes pathnames in ``/var/krb5`` for the -update log and the per-replica kprop dump files. In the MIT -implementation, the pathname for the update log is specified in the -config file, and the per-replica dump files are stored in -|kdcdir|\ ``/replica_datatrans_hostname``. diff --git a/krb5-1.21.3/doc/admin/dbtypes.rst b/krb5-1.21.3/doc/admin/dbtypes.rst deleted file mode 100644 index 04748176..00000000 --- a/krb5-1.21.3/doc/admin/dbtypes.rst +++ /dev/null @@ -1,149 +0,0 @@ -.. _dbtypes: - -Database types -============== - -A Kerberos database can be implemented with one of three built-in -database providers, called KDB modules. Software which incorporates -the MIT krb5 KDC may also provide its own KDB module. The following -subsections describe the three built-in KDB modules and the -configuration specific to them. - -The database type can be configured with the **db_library** variable -in the :ref:`dbmodules` subsection for the realm. For example:: - - [dbmodules] - ATHENA.MIT.EDU = { - db_library = db2 - } - -If the ``ATHENA.MIT.EDU`` realm subsection contains a -**database_module** setting, then the subsection within -``[dbmodules]`` should use that name instead of ``ATHENA.MIT.EDU``. - -To transition from one database type to another, stop the -:ref:`kadmind(8)` service, use ``kdb5_util dump`` to create a dump -file, change the **db_library** value and set any appropriate -configuration for the new database type, and use ``kdb5_util load`` to -create and populate the new database. If the new database type is -LDAP, create the new database using ``kdb5_ldap_util`` and populate it -from the dump file using ``kdb5_util load -update``. Then restart the -:ref:`krb5kdc(8)` and :ref:`kadmind(8)` services. - - -Berkeley database module (db2) ------------------------------- - -The default KDB module is ``db2``, which uses a version of the -Berkeley DB library. It creates four files based on the database -pathname. If the pathname ends with ``principal`` then the four files -are: - -* ``principal``, containing principal entry data -* ``principal.ok``, a lock file for the principal database -* ``principal.kadm5``, containing policy object data -* ``principal.kadm5.lock``, a lock file for the policy database - -For large databases, the :ref:`kdb5_util(8)` **dump** command (perhaps -invoked by :ref:`kprop(8)` or by :ref:`kadmind(8)` for incremental -propagation) may cause :ref:`krb5kdc(8)` to stop for a noticeable -period of time while it iterates over the database. This delay can be -avoided by disabling account lockout features so that the KDC does not -perform database writes (see :ref:`disable_lockout`). Alternatively, -a slower form of iteration can be enabled by setting the -**unlockiter** variable to ``true``. For example:: - - [dbmodules] - ATHENA.MIT.EDU = { - db_library = db2 - unlockiter = true - } - -In rare cases, a power failure or other unclean system shutdown may -cause inconsistencies in the internal pointers within a database file, -such that ``kdb5_util dump`` cannot retrieve all principal entries in -the database. In this situation, it may be possible to retrieve all -of the principal data by running ``kdb5_util dump -recurse`` to -iterate over the database using the tree pointers instead of the -iteration pointers. Running ``kdb5_util dump -rev`` to iterate over -the database backwards may also retrieve some of the data which is not -retrieved by a normal dump operation. - - -Lightning Memory-Mapped Database module (klmdb) ------------------------------------------------ - -The klmdb module was added in release 1.17. It uses the LMDB library, -and may offer better performance and reliability than the db2 module. -It creates four files based on the database pathname. If the pathname -ends with ``principal``, then the four files are: - -* ``principal.mdb``, containing policy object data and most principal - entry data -* ``principal.mdb-lock``, a lock file for the primary database -* ``principal.lockout.mdb``, containing the account lockout attributes - (last successful authentication time, last failed authentication - time, and number of failed attempts) for each principal entry -* ``principal.lockout.mdb-lock``, a lock file for the lockout database - -Separating out the lockout attributes ensures that the KDC will never -block on an administrative operation such as a database dump or load. -It also allows the KDC to operate without write access to the primary -database. If both account lockout features are disabled (see -:ref:`disable_lockout`), the lockout database files will be created -but will not subsequently be opened, and the account lockout -attributes will always have zero values. - -Because LMDB creates a memory map to the database files, it requires a -configured memory map size which also determines the maximum size of -the database. This size is applied equally to the two databases, so -twice the configured size will be consumed in the process address -space; this is primarily a limitation on 32-bit platforms. The -default value of 128 megabytes should be sufficient for several -hundred thousand principal entries. If the limit is reached, kadmin -operations will fail and the error message "Environment mapsize limit -reached" will appear in the kadmind log file. In this case, the -**mapsize** variable can be used to increase the map size. The -following example sets the map size to 512 megabytes:: - - [dbmodules] - ATHENA.MIT.EDU = { - db_library = klmdb - mapsize = 512 - } - -LMDB has a configurable maximum number of readers. The default value -of 128 should be sufficient for most deployments. If you are going to -use a large number of KDC worker processes, it may be necessary to set -the **max_readers** variable to a larger number. - -By default, LMDB synchronizes database files to disk after each write -transaction to ensure durability in the case of an unclean system -shutdown. The klmdb module always turns synchronization off for the -lockout database to ensure reasonable KDC performance, but leaves it -on for the primary database. If high throughput for administrative -operations (including password changes) is required, the **nosync** -variable can be set to "true" to disable synchronization for the -primary database. - -The klmdb module does not support explicit locking with the -:ref:`kadmin(1)` **lock** command. - - -LDAP module (kldap) -------------------- - -The kldap module stores principal and policy data using an LDAP -server. To use it you must configure an LDAP server to use the -Kerberos schema. See :ref:`conf_ldap` for details. - -Because :ref:`krb5kdc(8)` is single-threaded, latency in LDAP database -accesses may limit KDC operation throughput. If the LDAP server is -located on the same server host as the KDC and accessed through an -``ldapi://`` URL, latency should be minimal. If this is not possible, -consider starting multiple KDC worker processes with the -:ref:`krb5kdc(8)` **-w** option to enable concurrent processing of KDC -requests. - -The kldap module does not support explicit locking with the -:ref:`kadmin(1)` **lock** command. diff --git a/krb5-1.21.3/doc/admin/dictionary.rst b/krb5-1.21.3/doc/admin/dictionary.rst deleted file mode 100644 index a5c57868..00000000 --- a/krb5-1.21.3/doc/admin/dictionary.rst +++ /dev/null @@ -1,88 +0,0 @@ -.. _dictionary: - -Addressing dictionary attack risks -================================== - -Kerberos initial authentication is normally secured using the client -principal's long-term key, which for users is generally derived from a -password. Using a pasword-derived long-term key carries the risk of a -dictionary attack, where an attacker tries a sequence of possible -passwords, possibly requiring much less effort than would be required -to try all possible values of the key. Even if :ref:`password policy -objects ` are used to force users not to pick trivial -passwords, dictionary attacks can sometimes be successful against a -significant fraction of the users in a realm. Dictionary attacks are -not a concern for principals using random keys. - -A dictionary attack may be online or offline. An online dictionary -attack is performed by trying each password in a separate request to -the KDC, and is therefore visible to the KDC and also limited in speed -by the KDC's processing power and the network capacity between the -client and the KDC. Online dictionary attacks can be mitigated using -:ref:`account lockout `. This measure is not totally -satisfactory, as it makes it easy for an attacker to deny access to a -client principal. - -An offline dictionary attack is performed by obtaining a ciphertext -generated using the password-derived key, and trying each password -against the ciphertext. This category of attack is invisible to the -KDC and can be performed much faster than an online attack. The -attack will generally take much longer with more recent encryption -types (particularly the ones based on AES), because those encryption -types use a much more expensive string-to-key function. However, the -best defense is to deny the attacker access to a useful ciphertext. -The required defensive measures depend on the attacker's level of -network access. - -An off-path attacker has no access to packets sent between legitimate -users and the KDC. An off-path attacker could gain access to an -attackable ciphertext either by making an AS request for a client -principal which does not have the **+requires_preauth** flag, or by -making a TGS request (after authenticating as a different user) for a -server principal which does not have the **-allow_svr** flag. To -address off-path attackers, a KDC administrator should set those flags -on principals with password-derived keys:: - - kadmin: add_principal +requires_preauth -allow_svr princname - -An attacker with passive network access (one who can monitor packets -sent between legitimate users and the KDC, but cannot change them or -insert their own packets) can gain access to an attackable ciphertext -by observing an authentication by a user using the most common form of -preauthentication, encrypted timestamp. Any of the following methods -can prevent dictionary attacks by attackers with passive network -access: - -* Enabling :ref:`SPAKE preauthentication ` (added in release - 1.17) on the KDC, and ensuring that all clients are able to support - it. - -* Using an :ref:`HTTPS proxy ` for communication with the KDC, - if the attacker cannot monitor communication between the proxy - server and the KDC. - -* Using FAST, protecting the initial authentication with either a - random key (such as a host key) or with :ref:`anonymous PKINIT - `. - -An attacker with active network access (one who can inject or modify -packets sent between legitimate users and the KDC) can try to fool the -client software into sending an attackable ciphertext using an -encryption type and salt string of the attacker's choosing. Any of the -following methods can prevent dictionary attacks by active attackers: - -* Enabling SPAKE preauthentication and setting the - **disable_encrypted_timestamp** variable to ``true`` in the - :ref:`realms` subsection of the client configuration. - -* Using an HTTPS proxy as described above, configured in the client's - krb5.conf realm configuration. If :ref:`KDC discovery - ` is used to locate a proxy server, an active - attacker may be able to use DNS spoofing to cause the client to use - a different HTTPS server or to not use HTTPS. - -* Using FAST as described above. - -If :ref:`PKINIT ` or :ref:`OTP ` are used for -initial authentication, the principal's long-term keys are not used -and dictionary attacks are usually not a concern. diff --git a/krb5-1.21.3/doc/admin/enctypes.rst b/krb5-1.21.3/doc/admin/enctypes.rst deleted file mode 100644 index dce19ad4..00000000 --- a/krb5-1.21.3/doc/admin/enctypes.rst +++ /dev/null @@ -1,222 +0,0 @@ -.. _enctypes: - -Encryption types -================ - -Kerberos can use a variety of cipher algorithms to protect data. A -Kerberos **encryption type** (also known as an **enctype**) is a -specific combination of a cipher algorithm with an integrity algorithm -to provide both confidentiality and integrity to data. - - -Enctypes in requests --------------------- - -Clients make two types of requests (KDC-REQ) to the KDC: AS-REQs and -TGS-REQs. The client uses the AS-REQ to obtain initial tickets -(typically a Ticket-Granting Ticket (TGT)), and uses the TGS-REQ to -obtain service tickets. - -The KDC uses three different keys when issuing a ticket to a client: - -* The long-term key of the service: the KDC uses this to encrypt the - actual service ticket. The KDC only uses the first long-term key in - the most recent kvno for this purpose. - -* The session key: the KDC randomly chooses this key and places one - copy inside the ticket and the other copy inside the encrypted part - of the reply. - -* The reply-encrypting key: the KDC uses this to encrypt the reply it - sends to the client. For AS replies, this is a long-term key of the - client principal. For TGS replies, this is either the session key of the - authenticating ticket, or a subsession key. - -Each of these keys is of a specific enctype. - -Each request type allows the client to submit a list of enctypes that -it is willing to accept. For the AS-REQ, this list affects both the -session key selection and the reply-encrypting key selection. For the -TGS-REQ, this list only affects the session key selection. - - -.. _session_key_selection: - -Session key selection ---------------------- - -The KDC chooses the session key enctype by taking the intersection of -its **permitted_enctypes** list, the list of long-term keys for the -most recent kvno of the service, and the client's requested list of -enctypes. Starting in krb5-1.21, all services are assumed to support -aes256-cts-hmac-sha1-96; also, des3-cbc-sha1 and arcfour-hmac session -keys will not be issued by default. - -Starting in krb5-1.11, it is possible to set a string attribute on a -service principal to control what session key enctypes the KDC may -issue for service tickets for that principal, overriding the service's -long-term keys and the assumption of aes256-cts-hmac-sha1-96 support. -See :ref:`set_string` in :ref:`kadmin(1)` for details. - - -Choosing enctypes for a service -------------------------------- - -Generally, a service should have a key of the strongest -enctype that both it and the KDC support. If the KDC is running a -release earlier than krb5-1.11, it is also useful to generate an -additional key for each enctype that the service can support. The KDC -will only use the first key in the list of long-term keys for encrypting -the service ticket, but the additional long-term keys indicate the -other enctypes that the service supports. - -As noted above, starting with release krb5-1.11, there are additional -configuration settings that control session key enctype selection -independently of the set of long-term keys that the KDC has stored for -a service principal. - - -Configuration variables ------------------------ - -The following ``[libdefaults]`` settings in :ref:`krb5.conf(5)` will -affect how enctypes are chosen. - -**allow_weak_crypto** - defaults to *false* starting with krb5-1.8. When *false*, removes - weak enctypes from **permitted_enctypes**, - **default_tkt_enctypes**, and **default_tgs_enctypes**. Do not - set this to *true* unless the use of weak enctypes is an - acceptable risk for your environment and the weak enctypes are - required for backward compatibility. - -**allow_des3** - was added in release 1.21 and defaults to *false*. Unless this - flag is set to *true*, the KDC will not issue tickets with - des3-cbc-sha1 session keys. In a future release, this flag will - control whether des3-cbc-sha1 is permitted in similar fashion to - weak enctypes. - -**allow_rc4** - was added in release 1.21 and defaults to *false*. Unless this - flag is set to *true*, the KDC will not issue tickets with - arcfour-hmac session keys. In a future release, this flag will - control whether arcfour-hmac is permitted in similar fashion to - weak enctypes. - -**permitted_enctypes** - controls the set of enctypes that a service will permit for - session keys and for ticket and authenticator encryption. The KDC - and other programs that access the Kerberos database will ignore - keys of non-permitted enctypes. Starting in release 1.18, this - setting also acts as the default for **default_tkt_enctypes** and - **default_tgs_enctypes**. - -**default_tkt_enctypes** - controls the default set of enctypes that the Kerberos client - library requests when making an AS-REQ. Do not set this unless - required for specific backward compatibility purposes; stale - values of this setting can prevent clients from taking advantage - of new stronger enctypes when the libraries are upgraded. - -**default_tgs_enctypes** - controls the default set of enctypes that the Kerberos client - library requests when making a TGS-REQ. Do not set this unless - required for specific backward compatibility purposes; stale - values of this setting can prevent clients from taking advantage - of new stronger enctypes when the libraries are upgraded. - -The following per-realm setting in :ref:`kdc.conf(5)` affects the -generation of long-term keys. - -**supported_enctypes** - controls the default set of enctype-salttype pairs that :ref:`kadmind(8)` - will use for generating long-term keys, either randomly or from - passwords - - -Enctype compatibility ---------------------- - -See :ref:`Encryption_types` for additional information about enctypes. - -========================== ========== ======== ======= -enctype weak? krb5 Windows -========================== ========== ======== ======= -des-cbc-crc weak <1.18 >=2000 -des-cbc-md4 weak <1.18 ? -des-cbc-md5 weak <1.18 >=2000 -des3-cbc-sha1 deprecated >=1.1 none -arcfour-hmac deprecated >=1.3 >=2000 -arcfour-hmac-exp weak >=1.3 >=2000 -aes128-cts-hmac-sha1-96 >=1.3 >=Vista -aes256-cts-hmac-sha1-96 >=1.3 >=Vista -aes128-cts-hmac-sha256-128 >=1.15 none -aes256-cts-hmac-sha384-192 >=1.15 none -camellia128-cts-cmac >=1.9 none -camellia256-cts-cmac >=1.9 none -========================== ========== ======== ======= - -krb5 releases 1.18 and later do not support single-DES. krb5 releases -1.8 and later disable the single-DES enctypes by default. Microsoft -Windows releases Windows 7 and later disable single-DES enctypes by -default. - -krb5 releases 1.17 and later flag deprecated encryption types -(including ``des3-cbc-sha1`` and ``arcfour-hmac``) in KDC logs and -kadmin output. krb5 release 1.19 issues a warning during initial -authentication if ``des3-cbc-sha1`` is used. Future releases will -disable ``des3-cbc-sha1`` by default and eventually remove support for -it. - - -Migrating away from older encryption types ------------------------------------------- - -Administrator intervention may be required to migrate a realm away -from legacy encryption types, especially if the realm was created -using krb5 release 1.2 or earlier. This migration should be performed -before upgrading to krb5 versions which disable or remove support for -legacy encryption types. - -If there is a **supported_enctypes** setting in :ref:`kdc.conf(5)` on -the KDC, make sure that it does not include weak or deprecated -encryption types. This will ensure that newly created keys do not use -those encryption types by default. - -Check the ``krbtgt/REALM`` principal using the :ref:`kadmin(1)` -**getprinc** command. If it lists a weak or deprecated encryption -type as the first key, it must be migrated using the procedure in -:ref:`changing_krbtgt_key`. - -Check the ``kadmin/history`` principal, which should have only one key -entry. If it uses a weak or deprecated encryption type, it should be -upgraded following the notes in :ref:`updating_history_key`. - -Check the other kadmin principals: kadmin/changepw, kadmin/admin, and -any kadmin/hostname principals that may exist. These principals can -be upgraded with **change_password -randkey** in kadmin. - -Check the ``K/M`` entry. If it uses a weak or deprecated encryption -type, it should be upgraded following the procedure in -:ref:`updating_master_key`. - -User and service principals using legacy encryption types can be -enumerated with the :ref:`kdb5_util(8)` **tabdump keyinfo** command. - -Service principals can be migrated with a keytab rotation on the -service host, which can be accomplished using the :ref:`k5srvutil(1)` -**change** and **delold** commands. Allow enough time for existing -tickets to expire between the change and delold operations. - -User principals with password-based keys can be migrated with a -password change. The realm administrator can set a password -expiration date using the :ref:`kadmin(1)` **modify_principal --pwexpire** command to force a password change. - -If a legacy encryption type has not yet been disabled by default in -the version of krb5 running on the KDC, it can be disabled -administratively with the **permitted_enctypes** variable. For -example, setting **permitted_enctypes** to ``DEFAULT -des3 -rc4`` will -cause any database keys of the triple-DES and RC4 encryption types to -be ignored. diff --git a/krb5-1.21.3/doc/admin/env_variables.rst b/krb5-1.21.3/doc/admin/env_variables.rst deleted file mode 100644 index a2d15bea..00000000 --- a/krb5-1.21.3/doc/admin/env_variables.rst +++ /dev/null @@ -1,4 +0,0 @@ -Environment variables -===================== - -This content has moved to :ref:`kerberos(7)`. diff --git a/krb5-1.21.3/doc/admin/host_config.rst b/krb5-1.21.3/doc/admin/host_config.rst deleted file mode 100644 index 4e1db025..00000000 --- a/krb5-1.21.3/doc/admin/host_config.rst +++ /dev/null @@ -1,235 +0,0 @@ -Host configuration -================== - -All hosts running Kerberos software, whether they are clients, -application servers, or KDCs, can be configured using -:ref:`krb5.conf(5)`. Here we describe some of the behavior changes -you might want to make. - - -Default realm -------------- - -In the :ref:`libdefaults` section, the **default_realm** realm -relation sets the default Kerberos realm. For example:: - - [libdefaults] - default_realm = ATHENA.MIT.EDU - -The default realm affects Kerberos behavior in the following ways: - -* When a principal name is parsed from text, the default realm is used - if no ``@REALM`` component is specified. - -* The default realm affects login authorization as described below. - -* For programs which operate on a Kerberos database, the default realm - is used to determine which database to operate on, unless the **-r** - parameter is given to specify a realm. - -* A server program may use the default realm when looking up its key - in a :ref:`keytab file `, if its realm is not - determined by :ref:`domain_realm` configuration or by the server - program itself. - -* If :ref:`kinit(1)` is passed the **-n** flag, it requests anonymous - tickets from the default realm. - -In some situations, these uses of the default realm might conflict. -For example, it might be desirable for principal name parsing to use -one realm by default, but for login authorization to use a second -realm. In this situation, the first realm can be configured as the -default realm, and **auth_to_local** relations can be used as -described below to use the second realm for login authorization. - - -.. _login_authorization: - -Login authorization -------------------- - -If a host runs a Kerberos-enabled login service such as OpenSSH with -GSSAPIAuthentication enabled, login authorization rules determine -whether a Kerberos principal is allowed to access a local account. - -By default, a Kerberos principal is allowed access to an account if -its realm matches the default realm and its name matches the account -name. (For historical reasons, access is also granted by default if -the name has two components and the second component matches the -default realm; for instance, ``alice/ATHENA.MIT.EDU@ATHENA.MIT.EDU`` -is granted access to the ``alice`` account if ``ATHENA.MIT.EDU`` is -the default realm.) - -The simplest way to control local access is using :ref:`.k5login(5)` -files. To use these, place a ``.k5login`` file in the home directory -of each account listing the principal names which should have login -access to that account. If it is not desirable to use ``.k5login`` -files located in account home directories, the **k5login_directory** -relation in the :ref:`libdefaults` section can specify a directory -containing one file per account uname. - -By default, if a ``.k5login`` file is present, it controls -authorization both positively and negatively--any principal name -contained in the file is granted access and any other principal name -is denied access, even if it would have had access if the ``.k5login`` -file didn't exist. The **k5login_authoritative** relation in the -:ref:`libdefaults` section can be set to false to make ``.k5login`` -files provide positive authorization only. - -The **auth_to_local** relation in the :ref:`realms` section for the -default realm can specify pattern-matching rules to control login -authorization. For example, the following configuration allows access -to principals from a different realm than the default realm:: - - [realms] - DEFAULT.REALM = { - # Allow access to principals from OTHER.REALM. - # - # [1:$1@$0] matches single-component principal names and creates - # a selection string containing the principal name and realm. - # - # (.*@OTHER\.REALM) matches against the selection string, so that - # only principals in OTHER.REALM are matched. - # - # s/@OTHER\.REALM$// removes the realm name, leaving behind the - # principal name as the account name. - auth_to_local = RULE:[1:$1@$0](.*@OTHER\.REALM)s/@OTHER\.REALM$// - - # Also allow principals from the default realm. Omit this line - # to only allow access to principals in OTHER.REALM. - auth_to_local = DEFAULT - } - -The **auth_to_local_names** subsection of the :ref:`realms` section -for the default realm can specify explicit mappings from principal -names to local accounts. The key used in this subsection is the -principal name without realm, so it is only safe to use in a Kerberos -environment with a single realm or a tightly controlled set of realms. -An example use of **auth_to_local_names** might be:: - - [realms] - ATHENA.MIT.EDU = { - auth_to_local_names = { - # Careful, these match principals in any realm! - host/example.com = hostaccount - fred = localfred - } - } - -Local authorization behavior can also be modified using plugin -modules; see :ref:`hostrealm_plugin` for details. - - -.. _plugin_config: - -Plugin module configuration ---------------------------- - -Many aspects of Kerberos behavior, such as client preauthentication -and KDC service location, can be modified through the use of plugin -modules. For most of these behaviors, you can use the :ref:`plugins` -section of krb5.conf to register third-party modules, and to switch -off registered or built-in modules. - -A plugin module takes the form of a Unix shared object -(``modname.so``) or Windows DLL (``modname.dll``). If you have -installed a third-party plugin module and want to register it, you do -so using the **module** relation in the appropriate subsection of the -[plugins] section. The value for **module** must give the module name -and the path to the module, separated by a colon. The module name -will often be the same as the shared object's name, but in unusual -cases (such as a shared object which implements multiple modules for -the same interface) it might not be. For example, to register a -client preauthentication module named ``mypreauth`` installed at -``/path/to/mypreauth.so``, you could write:: - - [plugins] - clpreauth = { - module = mypreauth:/path/to/mypreauth.so - } - -Many of the pluggable behaviors in MIT krb5 contain built-in modules -which can be switched off. You can disable a built-in module (or one -you have registered) using the **disable** directive in the -appropriate subsection of the [plugins] section. For example, to -disable the use of .k5identity files to select credential caches, you -could write:: - - [plugins] - ccselect = { - disable = k5identity - } - -If you want to disable multiple modules, specify the **disable** -directive multiple times, giving one module to disable each time. - -Alternatively, you can explicitly specify which modules you want to be -enabled for that behavior using the **enable_only** directive. For -example, to make :ref:`kadmind(8)` check password quality using only a -module you have registered, and no other mechanism, you could write:: - - [plugins] - pwqual = { - module = mymodule:/path/to/mymodule.so - enable_only = mymodule - } - -Again, if you want to specify multiple modules, specify the -**enable_only** directive multiple times, giving one module to enable -each time. - -Some Kerberos interfaces use different mechanisms to register plugin -modules. - - -KDC location modules -~~~~~~~~~~~~~~~~~~~~ - -For historical reasons, modules to control how KDC servers are located -are registered simply by placing the shared object or DLL into the -"libkrb5" subdirectory of the krb5 plugin directory, which defaults to -|libdir|\ ``/krb5/plugins``. For example, Samba's winbind krb5 -locator plugin would be registered by placing its shared object in -|libdir|\ ``/krb5/plugins/libkrb5/winbind_krb5_locator.so``. - - -.. _gssapi_plugin_config: - -GSSAPI mechanism modules -~~~~~~~~~~~~~~~~~~~~~~~~ - -GSSAPI mechanism modules are registered using the file -|sysconfdir|\ ``/gss/mech`` or configuration files in the -|sysconfdir|\ ``/gss/mech.d`` directory with a ``.conf`` -suffix. Each line in these files has the form:: - - name oid pathname [options] - -Only the name, oid, and pathname are required. *name* is the -mechanism name, which may be used for debugging or logging purposes. -*oid* is the object identifier of the GSSAPI mechanism to be -registered. *pathname* is a path to the module shared object or DLL. -*options* (if present) are options provided to the plugin module, -surrounded in square brackets. *type* (if present) can be used to -indicate a special type of module. Currently the only special module -type is "interposer", for a module designed to intercept calls to -other mechanisms. - -If the environment variable **GSS_MECH_CONFIG** is set, its value is -used as the sole mechanism configuration filename. - - -.. _profile_plugin_config: - -Configuration profile modules -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -A configuration profile module replaces the information source for -:ref:`krb5.conf(5)` itself. To use a profile module, begin krb5.conf -with the line:: - - module PATHNAME:STRING - -where *PATHNAME* is a path to the module shared object or DLL, and -*STRING* is a string to provide to the module. The module will then -take over, and the rest of krb5.conf will be ignored. diff --git a/krb5-1.21.3/doc/admin/https.rst b/krb5-1.21.3/doc/admin/https.rst deleted file mode 100644 index b4e68b2b..00000000 --- a/krb5-1.21.3/doc/admin/https.rst +++ /dev/null @@ -1,48 +0,0 @@ -.. _https: - -HTTPS proxy configuration -========================= - -In addition to being able to use UDP or TCP to communicate directly -with a KDC as is outlined in RFC4120, and with kpasswd services in a -similar fashion, the client libraries can attempt to use an HTTPS -proxy server to communicate with a KDC or kpasswd service, using the -protocol outlined in [MS-KKDCP]. - -Communicating with a KDC through an HTTPS proxy allows clients to -contact servers when network firewalls might otherwise prevent them -from doing so. The use of TLS also encrypts all traffic between the -clients and the KDC, preventing observers from conducting password -dictionary attacks or from observing the client and server principals -being authenticated, at additional computational cost to both clients -and servers. - -An HTTPS proxy server is provided as a feature in some versions of -Microsoft Windows Server, and a WSGI implementation named `kdcproxy` -is available in the python package index. - - -Configuring the clients ------------------------ - -To use an HTTPS proxy, a client host must trust the CA which issued -that proxy's SSL certificate. If that CA's certificate is not in the -system-wide default set of trusted certificates, configure the -following relation in the client host's :ref:`krb5.conf(5)` file in -the appropriate :ref:`realms` subsection:: - - http_anchors = FILE:/etc/krb5/cacert.pem - -Adjust the pathname to match the path of the file which contains a -copy of the CA's certificate. The `http_anchors` option is documented -more fully in :ref:`krb5.conf(5)`. - -Configure the client to access the KDC and kpasswd service by -specifying their locations in its :ref:`krb5.conf(5)` file in the form -of HTTPS URLs for the proxy server:: - - kdc = https://server.fqdn/KdcProxy - kpasswd_server = https://server.fqdn/KdcProxy - -If the proxy and client are properly configured, client commands such -as ``kinit``, ``kvno``, and ``kpasswd`` should all function normally. diff --git a/krb5-1.21.3/doc/admin/index.rst b/krb5-1.21.3/doc/admin/index.rst deleted file mode 100644 index d87b003a..00000000 --- a/krb5-1.21.3/doc/admin/index.rst +++ /dev/null @@ -1,34 +0,0 @@ -For administrators -================== - -.. toctree:: - :maxdepth: 1 - - install.rst - conf_files/index.rst - realm_config.rst - database.rst - dbtypes.rst - lockout.rst - conf_ldap.rst - appl_servers.rst - host_config.rst - backup_host.rst - pkinit.rst - otp.rst - spake.rst - dictionary.rst - princ_dns.rst - enctypes.rst - https.rst - auth_indicator.rst - -.. toctree:: - :maxdepth: 1 - - admin_commands/index.rst - ../mitK5defaults.rst - env_variables.rst - troubleshoot.rst - advanced/index.rst - various_envs.rst diff --git a/krb5-1.21.3/doc/admin/install.rst b/krb5-1.21.3/doc/admin/install.rst deleted file mode 100644 index 01434a40..00000000 --- a/krb5-1.21.3/doc/admin/install.rst +++ /dev/null @@ -1,21 +0,0 @@ -Installation guide -================== - -Contents --------- - -.. toctree:: - :maxdepth: 2 - - install_kdc.rst - install_clients.rst - install_appl_srv.rst - - -Additional references ---------------------- - -#. Debian: `Setting up MIT Kerberos 5 - `_ -#. Solaris: `Configuring the Kerberos Service - `_ diff --git a/krb5-1.21.3/doc/admin/install_appl_srv.rst b/krb5-1.21.3/doc/admin/install_appl_srv.rst deleted file mode 100644 index 2e198138..00000000 --- a/krb5-1.21.3/doc/admin/install_appl_srv.rst +++ /dev/null @@ -1,78 +0,0 @@ -UNIX Application Servers -======================== - -An application server is a host that provides one or more services -over the network. Application servers can be "secure" or "insecure." -A "secure" host is set up to require authentication from every client -connecting to it. An "insecure" host will still provide Kerberos -authentication, but will also allow unauthenticated clients to -connect. - -If you have Kerberos V5 installed on all of your client machines, MIT -recommends that you make your hosts secure, to take advantage of the -security that Kerberos authentication affords. However, if you have -some clients that do not have Kerberos V5 installed, you can run an -insecure server, and still take advantage of Kerberos V5's single -sign-on capability. - - -.. _keytab_file: - -The keytab file ---------------- - -All Kerberos server machines need a keytab file to authenticate to the -KDC. By default on UNIX-like systems this file is named |keytab|. -The keytab file is an local copy of the host's key. The keytab file -is a potential point of entry for a break-in, and if compromised, -would allow unrestricted access to its host. The keytab file should -be readable only by root, and should exist only on the machine's local -disk. The file should not be part of any backup of the machine, -unless access to the backup data is secured as tightly as access to -the machine's root password. - -In order to generate a keytab for a host, the host must have a -principal in the Kerberos database. The procedure for adding hosts to -the database is described fully in :ref:`principals`. (See -:ref:`replica_host_key` for a brief description.) The keytab is -generated by running :ref:`kadmin(1)` and issuing the :ref:`ktadd` -command. - -For example, to generate a keytab file to allow the host -``trillium.mit.edu`` to authenticate for the services host, ftp, and -pop, the administrator ``joeadmin`` would issue the command (on -``trillium.mit.edu``):: - - trillium% kadmin - Authenticating as principal root/admin@ATHENA.MIT.EDU with password. - Password for root/admin@ATHENA.MIT.EDU: - kadmin: ktadd host/trillium.mit.edu ftp/trillium.mit.edu pop/trillium.mit.edu - Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab. - kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab. - kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab. - kadmin: quit - trillium% - -If you generate the keytab file on another host, you need to get a -copy of the keytab file onto the destination host (``trillium``, in -the above example) without sending it unencrypted over the network. - - -Some advice about secure hosts ------------------------------- - -Kerberos V5 can protect your host from certain types of break-ins, but -it is possible to install Kerberos V5 and still leave your host -vulnerable to attack. Obviously an installation guide is not the -place to try to include an exhaustive list of countermeasures for -every possible attack, but it is worth noting some of the larger holes -and how to close them. - -We recommend that backups of secure machines exclude the keytab file -(|keytab|). If this is not possible, the backups should at least be -done locally, rather than over a network, and the backup tapes should -be physically secured. - -The keytab file and any programs run by root, including the Kerberos -V5 binaries, should be kept on local disk. The keytab file should be -readable only by root. diff --git a/krb5-1.21.3/doc/admin/install_clients.rst b/krb5-1.21.3/doc/admin/install_clients.rst deleted file mode 100644 index f2c87d07..00000000 --- a/krb5-1.21.3/doc/admin/install_clients.rst +++ /dev/null @@ -1,58 +0,0 @@ -Installing and configuring UNIX client machines -=============================================== - -The Kerberized client programs include :ref:`kinit(1)`, -:ref:`klist(1)`, :ref:`kdestroy(1)`, and :ref:`kpasswd(1)`. All of -these programs are in the directory |bindir|. - -You can often integrate Kerberos with the login system on client -machines, typically through the use of PAM. The details vary by -operating system, and should be covered in your operating system's -documentation. If you do this, you will need to make sure your users -know to use their Kerberos passwords when they log in. - -You will also need to educate your users to use the ticket management -programs kinit, klist, and kdestroy. If you do not have Kerberos -password changing integrated into the native password program (again, -typically through PAM), you will need to educate users to use kpasswd -in place of its non-Kerberos counterparts passwd. - - -Client machine configuration files ----------------------------------- - -Each machine running Kerberos should have a :ref:`krb5.conf(5)` file. -At a minimum, it should define a **default_realm** setting in -:ref:`libdefaults`. If you are not using DNS SRV records -(:ref:`kdc_hostnames`) or URI records (:ref:`kdc_discovery`), it must -also contain a :ref:`realms` section containing information for your -realm's KDCs. - -Consider setting **rdns** to false in order to reduce your dependence -on precisely correct DNS information for service hostnames. Turning -this flag off means that service hostnames will be canonicalized -through forward name resolution (which adds your domain name to -unqualified hostnames, and resolves CNAME records in DNS), but not -through reverse address lookup. The default value of this flag is -true for historical reasons only. - -If you anticipate users frequently logging into remote hosts -(e.g., using ssh) using forwardable credentials, consider setting -**forwardable** to true so that users obtain forwardable tickets by -default. Otherwise users will need to use ``kinit -f`` to get -forwardable tickets. - -Consider adjusting the **ticket_lifetime** setting to match the likely -length of sessions for your users. For instance, if most of your -users will be logging in for an eight-hour workday, you could set the -default to ten hours so that tickets obtained in the morning expire -shortly after the end of the workday. Users can still manually -request longer tickets when necessary, up to the maximum allowed by -each user's principal record on the KDC. - -If a client host may access services in different realms, it may be -useful to define a :ref:`domain_realm` mapping so that clients know -which hosts belong to which realms. However, if your clients and KDC -are running release 1.7 or later, it is also reasonable to leave this -section out on client machines and just define it in the KDC's -krb5.conf. diff --git a/krb5-1.21.3/doc/admin/install_kdc.rst b/krb5-1.21.3/doc/admin/install_kdc.rst deleted file mode 100644 index 8cab6514..00000000 --- a/krb5-1.21.3/doc/admin/install_kdc.rst +++ /dev/null @@ -1,536 +0,0 @@ -Installing KDCs -=============== - -When setting up Kerberos in a production environment, it is best to -have multiple replica KDCs alongside with a primary KDC to ensure the -continued availability of the Kerberized services. Each KDC contains -a copy of the Kerberos database. The primary KDC contains the -writable copy of the realm database, which it replicates to the -replica KDCs at regular intervals. All database changes (such as -password changes) are made on the primary KDC. Replica KDCs provide -Kerberos ticket-granting services, but not database administration, -when the primary KDC is unavailable. MIT recommends that you install -all of your KDCs to be able to function as either the primary or one -of the replicas. This will enable you to easily switch your primary -KDC with one of the replicas if necessary (see -:ref:`switch_primary_replica`). This installation procedure is based -on that recommendation. - -.. warning:: - - - The Kerberos system relies on the availability of correct time - information. Ensure that the primary and all replica KDCs have - properly synchronized clocks. - - - It is best to install and run KDCs on secured and dedicated - hardware with limited access. If your KDC is also a file - server, FTP server, Web server, or even just a client machine, - someone who obtained root access through a security hole in any - of those areas could potentially gain access to the Kerberos - database. - - -Install and configure the primary KDC -------------------------------------- - -Install Kerberos either from the OS-provided packages or from the -source (See :ref:`do_build`). - -.. note:: - - For the purpose of this document we will use the following - names:: - - kerberos.mit.edu - primary KDC - kerberos-1.mit.edu - replica KDC - ATHENA.MIT.EDU - realm name - .k5.ATHENA.MIT.EDU - stash file - admin/admin - admin principal - - See :ref:`mitK5defaults` for the default names and locations - of the relevant to this topic files. Adjust the names and - paths to your system environment. - - -Edit KDC configuration files ----------------------------- - -Modify the configuration files, :ref:`krb5.conf(5)` and -:ref:`kdc.conf(5)`, to reflect the correct information (such as -domain-realm mappings and Kerberos servers names) for your realm. -(See :ref:`mitK5defaults` for the recommended default locations for -these files). - -Most of the tags in the configuration have default values that will -work well for most sites. There are some tags in the -:ref:`krb5.conf(5)` file whose values must be specified, and this -section will explain those. - -If the locations for these configuration files differs from the -default ones, set **KRB5_CONFIG** and **KRB5_KDC_PROFILE** environment -variables to point to the krb5.conf and kdc.conf respectively. For -example:: - - export KRB5_CONFIG=/yourdir/krb5.conf - export KRB5_KDC_PROFILE=/yourdir/kdc.conf - - -krb5.conf -~~~~~~~~~ - -If you are not using DNS TXT records (see :ref:`mapping_hostnames`), -you must specify the **default_realm** in the :ref:`libdefaults` -section. If you are not using DNS URI or SRV records (see -:ref:`kdc_hostnames` and :ref:`kdc_discovery`), you must include the -**kdc** tag for each *realm* in the :ref:`realms` section. To -communicate with the kadmin server in each realm, the **admin_server** -tag must be set in the -:ref:`realms` section. - -An example krb5.conf file:: - - [libdefaults] - default_realm = ATHENA.MIT.EDU - - [realms] - ATHENA.MIT.EDU = { - kdc = kerberos.mit.edu - kdc = kerberos-1.mit.edu - admin_server = kerberos.mit.edu - } - - -kdc.conf -~~~~~~~~ - -The kdc.conf file can be used to control the listening ports of the -KDC and kadmind, as well as realm-specific defaults, the database type -and location, and logging. - -An example kdc.conf file:: - - [kdcdefaults] - kdc_listen = 88 - kdc_tcp_listen = 88 - - [realms] - ATHENA.MIT.EDU = { - kadmind_port = 749 - max_life = 12h 0m 0s - max_renewable_life = 7d 0h 0m 0s - master_key_type = aes256-cts - supported_enctypes = aes256-cts:normal aes128-cts:normal - # If the default location does not suit your setup, - # explicitly configure the following values: - # database_name = /var/krb5kdc/principal - # key_stash_file = /var/krb5kdc/.k5.ATHENA.MIT.EDU - # acl_file = /var/krb5kdc/kadm5.acl - } - - [logging] - # By default, the KDC and kadmind will log output using - # syslog. You can instead send log output to files like this: - kdc = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmin.log - default = FILE:/var/log/krb5lib.log - -Replace ``ATHENA.MIT.EDU`` and ``kerberos.mit.edu`` with the name of -your Kerberos realm and server respectively. - -.. note:: - - You have to have write permission on the target directories - (these directories must exist) used by **database_name**, - **key_stash_file**, and **acl_file**. - - -.. _create_db: - -Create the KDC database ------------------------ - -You will use the :ref:`kdb5_util(8)` command on the primary KDC to -create the Kerberos database and the optional :ref:`stash_definition`. - -.. note:: - - If you choose not to install a stash file, the KDC will - prompt you for the master key each time it starts up. This - means that the KDC will not be able to start automatically, - such as after a system reboot. - -:ref:`kdb5_util(8)` will prompt you for the master password for the -Kerberos database. This password can be any string. A good password -is one you can remember, but that no one else can guess. Examples of -bad passwords are words that can be found in a dictionary, any common -or popular name, especially a famous person (or cartoon character), -your username in any form (e.g., forward, backward, repeated twice, -etc.), and any of the sample passwords that appear in this manual. -One example of a password which might be good if it did not appear in -this manual is "MITiys4K5!", which represents the sentence "MIT is -your source for Kerberos 5!" (It's the first letter of each word, -substituting the numeral "4" for the word "for", and includes the -punctuation mark at the end.) - -The following is an example of how to create a Kerberos database and -stash file on the primary KDC, using the :ref:`kdb5_util(8)` command. -Replace ``ATHENA.MIT.EDU`` with the name of your Kerberos realm:: - - shell% kdb5_util create -r ATHENA.MIT.EDU -s - - Initializing database '/usr/local/var/krb5kdc/principal' for realm 'ATHENA.MIT.EDU', - master key name 'K/M@ATHENA.MIT.EDU' - You will be prompted for the database Master Password. - It is important that you NOT FORGET this password. - Enter KDC database master key: <= Type the master password. - Re-enter KDC database master key to verify: <= Type it again. - shell% - -This will create five files in |kdcdir| (or at the locations specified -in :ref:`kdc.conf(5)`): - -* two Kerberos database files, ``principal``, and ``principal.ok`` -* the Kerberos administrative database file, ``principal.kadm5`` -* the administrative database lock file, ``principal.kadm5.lock`` -* the stash file, in this example ``.k5.ATHENA.MIT.EDU``. If you do - not want a stash file, run the above command without the **-s** - option. - -For more information on administrating Kerberos database see -:ref:`db_operations`. - - -.. _admin_acl: - -Add administrators to the ACL file ----------------------------------- - -Next, you need create an Access Control List (ACL) file and put the -Kerberos principal of at least one of the administrators into it. -This file is used by the :ref:`kadmind(8)` daemon to control which -principals may view and make privileged modifications to the Kerberos -database files. The ACL filename is determined by the **acl_file** -variable in :ref:`kdc.conf(5)`; the default is |kdcdir|\ -``/kadm5.acl``. - -For more information on Kerberos ACL file see :ref:`kadm5.acl(5)`. - -.. _addadmin_kdb: - -Add administrators to the Kerberos database -------------------------------------------- - -Next you need to add administrative principals (i.e., principals who -are allowed to administer Kerberos database) to the Kerberos database. -You *must* add at least one principal now to allow communication -between the Kerberos administration daemon kadmind and the kadmin -program over the network for further administration. To do this, use -the kadmin.local utility on the primary KDC. kadmin.local is designed -to be run on the primary KDC host without using Kerberos -authentication to an admin server; instead, it must have read and -write access to the Kerberos database on the local filesystem. - -The administrative principals you create should be the ones you added -to the ACL file (see :ref:`admin_acl`). - -In the following example, the administrative principal ``admin/admin`` -is created:: - - shell% kadmin.local - - kadmin.local: addprinc admin/admin@ATHENA.MIT.EDU - - No policy specified for "admin/admin@ATHENA.MIT.EDU"; - assigning "default". - Enter password for principal admin/admin@ATHENA.MIT.EDU: <= Enter a password. - Re-enter password for principal admin/admin@ATHENA.MIT.EDU: <= Type it again. - Principal "admin/admin@ATHENA.MIT.EDU" created. - kadmin.local: - -.. _start_kdc_daemons: - -Start the Kerberos daemons on the primary KDC ---------------------------------------------- - -At this point, you are ready to start the Kerberos KDC -(:ref:`krb5kdc(8)`) and administrative daemons on the primary KDC. To -do so, type:: - - shell% krb5kdc - shell% kadmind - -Each server daemon will fork and run in the background. - -.. note:: - - Assuming you want these daemons to start up automatically at - boot time, you can add them to the KDC's ``/etc/rc`` or - ``/etc/inittab`` file. You need to have a - :ref:`stash_definition` in order to do this. - -You can verify that they started properly by checking for their -startup messages in the logging locations you defined in -:ref:`krb5.conf(5)` (see :ref:`logging`). For example:: - - shell% tail /var/log/krb5kdc.log - Dec 02 12:35:47 beeblebrox krb5kdc[3187](info): commencing operation - shell% tail /var/log/kadmin.log - Dec 02 12:35:52 beeblebrox kadmind[3189](info): starting - -Any errors the daemons encounter while starting will also be listed in -the logging output. - -As an additional verification, check if :ref:`kinit(1)` succeeds -against the principals that you have created on the previous step -(:ref:`addadmin_kdb`). Run:: - - shell% kinit admin/admin@ATHENA.MIT.EDU - - -Install the replica KDCs ------------------------- - -You are now ready to start configuring the replica KDCs. - -.. note:: - - Assuming you are setting the KDCs up so that you can easily - switch the primary KDC with one of the replicas, you should - perform each of these steps on the primary KDC as well as - the replica KDCs, unless these instructions specify - otherwise. - - -.. _replica_host_key: - -Create host keytabs for replica KDCs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Each KDC needs a ``host`` key in the Kerberos database. These keys -are used for mutual authentication when propagating the database dump -file from the primary KDC to the secondary KDC servers. - -On the primary KDC, connect to administrative interface and create the -host principal for each of the KDCs' ``host`` services. For example, -if the primary KDC were called ``kerberos.mit.edu``, and you had a -replica KDC named ``kerberos-1.mit.edu``, you would type the -following:: - - shell% kadmin - kadmin: addprinc -randkey host/kerberos.mit.edu - No policy specified for "host/kerberos.mit.edu@ATHENA.MIT.EDU"; assigning "default" - Principal "host/kerberos.mit.edu@ATHENA.MIT.EDU" created. - - kadmin: addprinc -randkey host/kerberos-1.mit.edu - No policy specified for "host/kerberos-1.mit.edu@ATHENA.MIT.EDU"; assigning "default" - Principal "host/kerberos-1.mit.edu@ATHENA.MIT.EDU" created. - -It is not strictly necessary to have the primary KDC server in the -Kerberos database, but it can be handy if you want to be able to swap -the primary KDC with one of the replicas. - -Next, extract ``host`` random keys for all participating KDCs and -store them in each host's default keytab file. Ideally, you should -extract each keytab locally on its own KDC. If this is not feasible, -you should use an encrypted session to send them across the network. -To extract a keytab directly on a replica KDC called -``kerberos-1.mit.edu``, you would execute the following command:: - - kadmin: ktadd host/kerberos-1.mit.edu - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab. - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type arcfour-hmac added to keytab FILE:/etc/krb5.keytab. - -If you are instead extracting a keytab for the replica KDC called -``kerberos-1.mit.edu`` on the primary KDC, you should use a dedicated -temporary keytab file for that machine's keytab:: - - kadmin: ktadd -k /tmp/kerberos-1.keytab host/kerberos-1.mit.edu - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. - -The file ``/tmp/kerberos-1.keytab`` can then be installed as -``/etc/krb5.keytab`` on the host ``kerberos-1.mit.edu``. - - -Configure replica KDCs -~~~~~~~~~~~~~~~~~~~~~~ - -Database propagation copies the contents of the primary's database, -but does not propagate configuration files, stash files, or the kadm5 -ACL file. The following files must be copied by hand to each replica -(see :ref:`mitK5defaults` for the default locations for these files): - -* krb5.conf -* kdc.conf -* kadm5.acl -* master key stash file - -Move the copied files into their appropriate directories, exactly as -on the primary KDC. kadm5.acl is only needed to allow a replica to -swap with the primary KDC. - -The database is propagated from the primary KDC to the replica KDCs -via the :ref:`kpropd(8)` daemon. You must explicitly specify the -principals which are allowed to provide Kerberos dump updates on the -replica machine with a new database. Create a file named kpropd.acl -in the KDC state directory containing the ``host`` principals for each -of the KDCs:: - - host/kerberos.mit.edu@ATHENA.MIT.EDU - host/kerberos-1.mit.edu@ATHENA.MIT.EDU - -.. note:: - - If you expect that the primary and replica KDCs will be - switched at some point of time, list the host principals - from all participating KDC servers in kpropd.acl files on - all of the KDCs. Otherwise, you only need to list the - primary KDC's host principal in the kpropd.acl files of the - replica KDCs. - -Then, add the following line to ``/etc/inetd.conf`` on each KDC -(adjust the path to kpropd):: - - krb5_prop stream tcp nowait root /usr/local/sbin/kpropd kpropd - -You also need to add the following line to ``/etc/services`` on each -KDC, if it is not already present (assuming that the default port is -used):: - - krb5_prop 754/tcp # Kerberos replica propagation - -Restart inetd daemon. - -Alternatively, start :ref:`kpropd(8)` as a stand-alone daemon. This is -required when incremental propagation is enabled. - -Now that the replica KDC is able to accept database propagation, -you’ll need to propagate the database from the primary server. - -NOTE: Do not start the replica KDC yet; you still do not have a copy -of the primary's database. - - -.. _kprop_to_replicas: - -Propagate the database to each replica KDC -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -First, create a dump file of the database on the primary KDC, as -follows:: - - shell% kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans - -Then, manually propagate the database to each replica KDC, as in the -following example:: - - shell% kprop -f /usr/local/var/krb5kdc/replica_datatrans kerberos-1.mit.edu - - Database propagation to kerberos-1.mit.edu: SUCCEEDED - -You will need a script to dump and propagate the database. The -following is an example of a Bourne shell script that will do this. - -.. note:: - - Remember that you need to replace ``/usr/local/var/krb5kdc`` - with the name of the KDC state directory. - -:: - - #!/bin/sh - - kdclist = "kerberos-1.mit.edu kerberos-2.mit.edu" - - kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans - - for kdc in $kdclist - do - kprop -f /usr/local/var/krb5kdc/replica_datatrans $kdc - done - -You will need to set up a cron job to run this script at the intervals -you decided on earlier (see :ref:`db_prop`). - -Now that the replica KDC has a copy of the Kerberos database, you can -start the krb5kdc daemon:: - - shell% krb5kdc - -As with the primary KDC, you will probably want to add this command to -the KDCs' ``/etc/rc`` or ``/etc/inittab`` files, so they will start -the krb5kdc daemon automatically at boot time. - - -Propagation failed? -################### - -You may encounter the following error messages. For a more detailed -discussion on possible causes and solutions click on the error link -to be redirected to :ref:`troubleshoot` section. - -.. include:: ./troubleshoot.rst - :start-after: _prop_failed_start: - :end-before: _prop_failed_end: - - -Add Kerberos principals to the database ---------------------------------------- - -Once your KDCs are set up and running, you are ready to use -:ref:`kadmin(1)` to load principals for your users, hosts, and other -services into the Kerberos database. This procedure is described -fully in :ref:`principals`. - -You may occasionally want to use one of your replica KDCs as the -primary. This might happen if you are upgrading the primary KDC, or -if your primary KDC has a disk crash. See the following section for -the instructions. - - -.. _switch_primary_replica: - -Switching primary and replica KDCs ----------------------------------- - -You may occasionally want to use one of your replica KDCs as the -primary. This might happen if you are upgrading the primary KDC, or -if your primary KDC has a disk crash. - -Assuming you have configured all of your KDCs to be able to function -as either the primary KDC or a replica KDC (as this document -recommends), all you need to do to make the changeover is: - -If the primary KDC is still running, do the following on the *old* -primary KDC: - -#. Kill the kadmind process. -#. Disable the cron job that propagates the database. -#. Run your database propagation script manually, to ensure that the - replicas all have the latest copy of the database (see - :ref:`kprop_to_replicas`). - -On the *new* primary KDC: - -#. Start the :ref:`kadmind(8)` daemon (see :ref:`start_kdc_daemons`). -#. Set up the cron job to propagate the database (see - :ref:`kprop_to_replicas`). -#. Switch the CNAMEs of the old and new primary KDCs. If you can't do - this, you'll need to change the :ref:`krb5.conf(5)` file on every - client machine in your Kerberos realm. - - -Incremental database propagation --------------------------------- - -If you expect your Kerberos database to become large, you may wish to -set up incremental propagation to replica KDCs. See -:ref:`incr_db_prop` for details. diff --git a/krb5-1.21.3/doc/admin/lockout.rst b/krb5-1.21.3/doc/admin/lockout.rst deleted file mode 100644 index cce44903..00000000 --- a/krb5-1.21.3/doc/admin/lockout.rst +++ /dev/null @@ -1,154 +0,0 @@ -.. _lockout: - -Account lockout -=============== - -As of release 1.8, the KDC can be configured to lock out principals -after a number of failed authentication attempts within a period of -time. Account lockout can make it more difficult to attack a -principal's password by brute force, but also makes it easy for an -attacker to deny access to a principal. - - -Configuring account lockout ---------------------------- - -Account lockout only works for principals with the -**+requires_preauth** flag set. Without this flag, the KDC cannot -know whether or not a client successfully decrypted the ticket it -issued. It is also important to set the **-allow_svr** flag on a -principal to protect its password from an off-line dictionary attack -through a TGS request. You can set these flags on a principal with -:ref:`kadmin(1)` as follows:: - - kadmin: modprinc +requires_preauth -allow_svr PRINCNAME - -Account lockout parameters are configured via :ref:`policy objects -`. There may be an existing policy associated with user -principals (such as the "default" policy), or you may need to create a -new one and associate it with each user principal. - -The policy parameters related to account lockout are: - -* :ref:`maxfailure `: the number of failed attempts - before the principal is locked out -* :ref:`failurecountinterval `: the - allowable interval between failed attempts -* :ref:`lockoutduration `: the amount of time - a principal is locked out for - -Here is an example of setting these parameters on a new policy and -associating it with a principal:: - - kadmin: addpol -maxfailure 10 -failurecountinterval 180 - -lockoutduration 60 lockout_policy - kadmin: modprinc -policy lockout_policy PRINCNAME - - -Testing account lockout ------------------------ - -To test that account lockout is working, try authenticating as the -principal (hopefully not one that might be in use) multiple times with -the wrong password. For instance, if **maxfailure** is set to 2, you -might see:: - - $ kinit user - Password for user@KRBTEST.COM: - kinit: Password incorrect while getting initial credentials - $ kinit user - Password for user@KRBTEST.COM: - kinit: Password incorrect while getting initial credentials - $ kinit user - kinit: Client's credentials have been revoked while getting initial credentials - - -Account lockout principal state -------------------------------- - -A principal entry keeps three pieces of state related to account -lockout: - -* The time of last successful authentication -* The time of last failed authentication -* A counter of failed attempts - -The time of last successful authentication is not actually needed for -the account lockout system to function, but may be of administrative -interest. These fields can be observed with the **getprinc** kadmin -command. For example:: - - kadmin: getprinc user - Principal: user@KRBTEST.COM - ... - Last successful authentication: [never] - Last failed authentication: Mon Dec 03 12:30:33 EST 2012 - Failed password attempts: 2 - ... - -A principal which has been locked out can be administratively unlocked -with the **-unlock** option to the **modprinc** kadmin command:: - - kadmin: modprinc -unlock PRINCNAME - -This command will reset the number of failed attempts to 0. - - -KDC replication and account lockout ------------------------------------ - -The account lockout state of a principal is not replicated by either -traditional :ref:`kprop(8)` or incremental propagation. Because of -this, the number of attempts an attacker can make within a time period -is multiplied by the number of KDCs. For instance, if the -**maxfailure** parameter on a policy is 10 and there are four KDCs in -the environment (a primary and three replicas), an attacker could make -as many as 40 attempts before the principal is locked out on all four -KDCs. - -An administrative unlock is propagated from the primary to the replica -KDCs during the next propagation. Propagation of an administrative -unlock will cause the counter of failed attempts on each replica to -reset to 1 on the next failure. - -If a KDC environment uses a replication strategy other than kprop or -incremental propagation, such as the LDAP KDB module with multi-master -LDAP replication, then account lockout state may be replicated between -KDCs and the concerns of this section may not apply. - - -.. _disable_lockout: - -KDC performance and account lockout ------------------------------------ - -In order to fully track account lockout state, the KDC must write to -the the database on each successful and failed authentication. -Writing to the database is generally more expensive than reading from -it, so these writes may have a significant impact on KDC performance. -As of release 1.9, it is possible to turn off account lockout state -tracking in order to improve performance, by setting the -**disable_last_success** and **disable_lockout** variables in the -database module subsection of :ref:`kdc.conf(5)`. For example:: - - [dbmodules] - DB = { - disable_last_success = true - disable_lockout = true - } - -Of the two variables, setting **disable_last_success** will usually -have the largest positive impact on performance, and will still allow -account lockout policies to operate. However, it will make it -impossible to observe the last successful authentication time with -kadmin. - - -KDC setup and account lockout ------------------------------ - -To update the account lockout state on principals, the KDC must be -able to write to the principal database. For the DB2 module, no -special setup is required. For the LDAP module, the KDC DN must be -granted write access to the principal objects. If the KDC DN has only -read access, account lockout will not function. diff --git a/krb5-1.21.3/doc/admin/otp.rst b/krb5-1.21.3/doc/admin/otp.rst deleted file mode 100644 index 29dc520f..00000000 --- a/krb5-1.21.3/doc/admin/otp.rst +++ /dev/null @@ -1,100 +0,0 @@ -.. _otp_preauth: - -OTP Preauthentication -===================== - -OTP is a preauthentication mechanism for Kerberos 5 which uses One -Time Passwords (OTP) to authenticate the client to the KDC. The OTP -is passed to the KDC over an encrypted FAST channel in clear-text. -The KDC uses the password along with per-user configuration to proxy -the request to a third-party RADIUS system. This enables -out-of-the-box compatibility with a large number of already widely -deployed proprietary systems. - -Additionally, our implementation of the OTP system allows for the -passing of RADIUS requests over a UNIX domain stream socket. This -permits the use of a local companion daemon which can handle the -details of authentication. - - -Defining token types --------------------- - -Token types are defined in either :ref:`krb5.conf(5)` or -:ref:`kdc.conf(5)` according to the following format:: - - [otp] - = { - server = (default: see below) - secret = - timeout = (default: 5 [seconds]) - retries = (default: 3) - strip_realm = (default: true) - indicator = (default: none) - } - -If the server field begins with '/', it will be interpreted as a UNIX -socket. Otherwise, it is assumed to be in the format host:port. When -a UNIX domain socket is specified, the secret field is optional and an -empty secret is used by default. If the server field is not -specified, it defaults to |kdcrundir|\ ``/.socket``. - -When forwarding the request over RADIUS, by default the principal is -used in the User-Name attribute of the RADIUS packet. The strip_realm -parameter controls whether the principal is forwarded with or without -the realm portion. - -If an indicator field is present, tickets issued using this token type -will be annotated with the specified authentication indicator (see -:ref:`auth_indicator`). This key may be specified multiple times to -add multiple indicators. - - -The default token type ----------------------- - -A default token type is used internally when no token type is specified for a -given user. It is defined as follows:: - - [otp] - DEFAULT = { - strip_realm = false - } - -The administrator may override the internal ``DEFAULT`` token type -simply by defining a configuration with the same name. - - -Token instance configuration ----------------------------- - -To enable OTP for a client principal, the administrator must define -the **otp** string attribute for that principal. (See -:ref:`set_string`.) The **otp** user string is a JSON string of the -format: - -.. code-block:: xml - - [{ - "type": , - "username": , - "indicators": [, ...] - }, ...] - -This is an array of token objects. Both fields of token objects are -optional. The **type** field names the token type of this token; if -not specified, it defaults to ``DEFAULT``. The **username** field -specifies the value to be sent in the User-Name RADIUS attribute. If -not specified, the principal name is sent, with or without realm as -defined in the token type. The **indicators** field specifies a list -of authentication indicators to annotate tickets with, overriding any -indicators specified in the token type. - -For ease of configuration, an empty array (``[]``) is treated as -equivalent to one DEFAULT token (``[{}]``). - - -Other considerations --------------------- - -#. FAST is required for OTP to work. diff --git a/krb5-1.21.3/doc/admin/pkinit.rst b/krb5-1.21.3/doc/admin/pkinit.rst deleted file mode 100644 index 45817dac..00000000 --- a/krb5-1.21.3/doc/admin/pkinit.rst +++ /dev/null @@ -1,354 +0,0 @@ -.. _pkinit: - -PKINIT configuration -==================== - -PKINIT is a preauthentication mechanism for Kerberos 5 which uses -X.509 certificates to authenticate the KDC to clients and vice versa. -PKINIT can also be used to enable anonymity support, allowing clients -to communicate securely with the KDC or with application servers -without authenticating as a particular client principal. - - -Creating certificates ---------------------- - -PKINIT requires an X.509 certificate for the KDC and one for each -client principal which will authenticate using PKINIT. For anonymous -PKINIT, a KDC certificate is required, but client certificates are -not. A commercially issued server certificate can be used for the KDC -certificate, but generally cannot be used for client certificates. - -The instruction in this section describe how to establish a -certificate authority and create standard PKINIT certificates. Skip -this section if you are using a commercially issued server certificate -as the KDC certificate for anonymous PKINIT, or if you are configuring -a client to use an Active Directory KDC. - - -Generating a certificate authority certificate -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -You can establish a new certificate authority (CA) for use with a -PKINIT deployment with the commands:: - - openssl genrsa -out cakey.pem 2048 - openssl req -key cakey.pem -new -x509 -out cacert.pem -days 3650 - -The second command will ask for the values of several certificate -fields. These fields can be set to any values. You can adjust the -expiration time of the CA certificate by changing the number after -``-days``. Since the CA certificate must be deployed to client -machines each time it changes, it should normally have an expiration -time far in the future; however, expiration times after 2037 may cause -interoperability issues in rare circumstances. - -The result of these commands will be two files, cakey.pem and -cacert.pem. cakey.pem will contain a 2048-bit RSA private key, which -must be carefully protected. cacert.pem will contain the CA -certificate, which must be placed in the filesystems of the KDC and -each client host. cakey.pem will be required to create KDC and client -certificates. - - -Generating a KDC certificate -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -A KDC certificate for use with PKINIT is required to have some unusual -fields, which makes generating them with OpenSSL somewhat complicated. -First, you will need a file containing the following:: - - [kdc_cert] - basicConstraints=CA:FALSE - keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement - extendedKeyUsage=1.3.6.1.5.2.3.5 - subjectKeyIdentifier=hash - authorityKeyIdentifier=keyid,issuer - issuerAltName=issuer:copy - subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name - - [kdc_princ_name] - realm=EXP:0,GeneralString:${ENV::REALM} - principal_name=EXP:1,SEQUENCE:kdc_principal_seq - - [kdc_principal_seq] - name_type=EXP:0,INTEGER:2 - name_string=EXP:1,SEQUENCE:kdc_principals - - [kdc_principals] - princ1=GeneralString:krbtgt - princ2=GeneralString:${ENV::REALM} - -If the above contents are placed in extensions.kdc, you can generate -and sign a KDC certificate with the following commands:: - - openssl genrsa -out kdckey.pem 2048 - openssl req -new -out kdc.req -key kdckey.pem - env REALM=YOUR_REALMNAME openssl x509 -req -in kdc.req \ - -CAkey cakey.pem -CA cacert.pem -out kdc.pem -days 365 \ - -extfile extensions.kdc -extensions kdc_cert -CAcreateserial - rm kdc.req - -The second command will ask for the values of certificate fields, -which can be set to any values. In the third command, substitute your -KDC's realm name for YOUR_REALMNAME. You can adjust the certificate's -expiration date by changing the number after ``-days``. Remember to -create a new KDC certificate before the old one expires. - -The result of this operation will be in two files, kdckey.pem and -kdc.pem. Both files must be placed in the KDC's filesystem. -kdckey.pem, which contains the KDC's private key, must be carefully -protected. - -If you examine the KDC certificate with ``openssl x509 -in kdc.pem --text -noout``, OpenSSL will not know how to display the KDC principal -name in the Subject Alternative Name extension, so it will appear as -``othername:``. This is normal and does not mean -anything is wrong with the KDC certificate. - - -Generating client certificates -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -PKINIT client certificates also must have some unusual certificate -fields. To generate a client certificate with OpenSSL for a -single-component principal name, you will need an extensions file -(different from the KDC extensions file above) containing:: - - [client_cert] - basicConstraints=CA:FALSE - keyUsage=digitalSignature,keyEncipherment,keyAgreement - extendedKeyUsage=1.3.6.1.5.2.3.4 - subjectKeyIdentifier=hash - authorityKeyIdentifier=keyid,issuer - issuerAltName=issuer:copy - subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name - - [princ_name] - realm=EXP:0,GeneralString:${ENV::REALM} - principal_name=EXP:1,SEQUENCE:principal_seq - - [principal_seq] - name_type=EXP:0,INTEGER:1 - name_string=EXP:1,SEQUENCE:principals - - [principals] - princ1=GeneralString:${ENV::CLIENT} - -If the above contents are placed in extensions.client, you can -generate and sign a client certificate with the following commands:: - - openssl genrsa -out clientkey.pem 2048 - openssl req -new -key clientkey.pem -out client.req - env REALM=YOUR_REALMNAME CLIENT=YOUR_PRINCNAME openssl x509 \ - -CAkey cakey.pem -CA cacert.pem -req -in client.req \ - -extensions client_cert -extfile extensions.client \ - -days 365 -out client.pem - rm client.req - -Normally, the first two commands should be run on the client host, and -the resulting client.req file transferred to the certificate authority -host for the third command. As in the previous steps, the second -command will ask for the values of certificate fields, which can be -set to any values. In the third command, substitute your realm's name -for YOUR_REALMNAME and the client's principal name (without realm) for -YOUR_PRINCNAME. You can adjust the certificate's expiration date by -changing the number after ``-days``. - -The result of this operation will be two files, clientkey.pem and -client.pem. Both files must be present on the client's host; -clientkey.pem, which contains the client's private key, must be -protected from access by others. - -As in the KDC certificate, OpenSSL will display the client principal -name as ``othername:`` in the Subject Alternative Name -extension of a PKINIT client certificate. - -If the client principal name contains more than one component -(e.g. ``host/example.com@REALM``), the ``[principals]`` section of -``extensions.client`` must be altered to contain multiple entries. -(Simply setting ``CLIENT`` to ``host/example.com`` would generate a -certificate for ``host\/example.com@REALM`` which would not match the -multi-component principal name.) For a two-component principal, the -section should read:: - - [principals] - princ1=GeneralString:${ENV::CLIENT1} - princ2=GeneralString:${ENV::CLIENT2} - -The environment variables ``CLIENT1`` and ``CLIENT2`` must then be set -to the first and second components when running ``openssl x509``. - - -Configuring the KDC -------------------- - -The KDC must have filesystem access to the KDC certificate (kdc.pem) -and the KDC private key (kdckey.pem). Configure the following -relation in the KDC's :ref:`kdc.conf(5)` file, either in the -:ref:`kdcdefaults` section or in a :ref:`kdc_realms` subsection (with -appropriate pathnames):: - - pkinit_identity = FILE:/var/lib/krb5kdc/kdc.pem,/var/lib/krb5kdc/kdckey.pem - -If any clients will authenticate using regular (as opposed to -anonymous) PKINIT, the KDC must also have filesystem access to the CA -certificate (cacert.pem), and the following configuration (with the -appropriate pathname):: - - pkinit_anchors = FILE:/var/lib/krb5kdc/cacert.pem - -Because of the larger size of requests and responses using PKINIT, you -may also need to allow TCP access to the KDC:: - - kdc_tcp_listen = 88 - -Restart the :ref:`krb5kdc(8)` daemon to pick up the configuration -changes. - -The principal entry for each PKINIT-using client must be configured to -require preauthentication. Ensure this with the command:: - - kadmin -q 'modprinc +requires_preauth YOUR_PRINCNAME' - -Starting with release 1.12, it is possible to remove the long-term -keys of a principal entry, which can save some space in the database -and help to clarify some PKINIT-related error conditions by not asking -for a password:: - - kadmin -q 'purgekeys -all YOUR_PRINCNAME' - -These principal options can also be specified at principal creation -time as follows:: - - kadmin -q 'add_principal +requires_preauth -nokey YOUR_PRINCNAME' - -By default, the KDC requires PKINIT client certificates to have the -standard Extended Key Usage and Subject Alternative Name attributes -for PKINIT. Starting in release 1.16, it is possible to authorize -client certificates based on the subject or other criteria instead of -the standard PKINIT Subject Alternative Name, by setting the -**pkinit_cert_match** string attribute on each client principal entry. -For example:: - - kadmin set_string user@REALM pkinit_cert_match "CN=user@REALM$" - -The **pkinit_cert_match** string attribute follows the syntax used by -the :ref:`krb5.conf(5)` **pkinit_cert_match** relation. To allow the -use of non-PKINIT client certificates, it will also be necessary to -disable key usage checking using the **pkinit_eku_checking** relation; -for example:: - - [kdcdefaults] - pkinit_eku_checking = none - - - -Configuring the clients ------------------------ - -Client hosts must be configured to trust the issuing authority for the -KDC certificate. For a newly established certificate authority, the -client host must have filesystem access to the CA certificate -(cacert.pem) and the following relation in :ref:`krb5.conf(5)` in the -appropriate :ref:`realms` subsection (with appropriate pathnames):: - - pkinit_anchors = FILE:/etc/krb5/cacert.pem - -If the KDC certificate is a commercially issued server certificate, -the issuing certificate is most likely included in a system directory. -You can specify it by filename as above, or specify the whole -directory like so:: - - pkinit_anchors = DIR:/etc/ssl/certs - -A commercially issued server certificate will usually not have the -standard PKINIT principal name or Extended Key Usage extensions, so -the following additional configuration is required:: - - pkinit_eku_checking = kpServerAuth - pkinit_kdc_hostname = hostname.of.kdc.certificate - -Multiple **pkinit_kdc_hostname** relations can be configured to -recognize multiple KDC certificates. If the KDC is an Active -Directory domain controller, setting **pkinit_kdc_hostname** is -necessary, but it should not be necessary to set -**pkinit_eku_checking**. - -To perform regular (as opposed to anonymous) PKINIT authentication, a -client host must have filesystem access to a client certificate -(client.pem), and the corresponding private key (clientkey.pem). -Configure the following relations in the client host's -:ref:`krb5.conf(5)` file in the appropriate :ref:`realms` subsection -(with appropriate pathnames):: - - pkinit_identities = FILE:/etc/krb5/client.pem,/etc/krb5/clientkey.pem - -If the KDC and client are properly configured, it should now be -possible to run ``kinit username`` without entering a password. - - -.. _anonymous_pkinit: - -Anonymous PKINIT ----------------- - -Anonymity support in Kerberos allows a client to obtain a ticket -without authenticating as any particular principal. Such a ticket can -be used as a FAST armor ticket, or to securely communicate with an -application server anonymously. - -To configure anonymity support, you must generate or otherwise procure -a KDC certificate and configure the KDC host, but you do not need to -generate any client certificates. On the KDC, you must set the -**pkinit_identity** variable to provide the KDC certificate, but do -not need to set the **pkinit_anchors** variable or store the issuing -certificate if you won't have any client certificates to verify. On -client hosts, you must set the **pkinit_anchors** variable (and -possibly **pkinit_kdc_hostname** and **pkinit_eku_checking**) in order -to trust the issuing authority for the KDC certificate, but do not -need to set the **pkinit_identities** variable. - -Anonymity support is not enabled by default. To enable it, you must -create the principal ``WELLKNOWN/ANONYMOUS`` using the command:: - - kadmin -q 'addprinc -randkey WELLKNOWN/ANONYMOUS' - -Some Kerberos deployments include application servers which lack -proper access control, and grant some level of access to any user who -can authenticate. In such an environment, enabling anonymity support -on the KDC would present a security issue. If you need to enable -anonymity support for TGTs (for use as FAST armor tickets) without -enabling anonymous authentication to application servers, you can set -the variable **restrict_anonymous_to_tgt** to ``true`` in the -appropriate :ref:`kdc_realms` subsection of the KDC's -:ref:`kdc.conf(5)` file. - -To obtain anonymous credentials on a client, run ``kinit -n``, or -``kinit -n @REALMNAME`` to specify a realm. The resulting tickets -will have the client name ``WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS``. - - -Freshness tokens ----------------- - -Freshness tokens can ensure that the client has recently had access to -its certificate private key. If freshness tokens are not required by -the KDC, a client program with temporary possession of the private key -can compose requests for future timestamps and use them later. - -In release 1.17 and later, freshness tokens are supported by the -client and are sent by the KDC when the client indicates support for -them. Because not all clients support freshness tokens yet, they are -not required by default. To check if freshness tokens are supported -by a realm's clients, look in the KDC logs for the lines:: - - PKINIT: freshness token received from - PKINIT: no freshness token received from - -To require freshness tokens for all clients in a realm (except for -clients authenticating anonymously), set the -**pkinit_require_freshness** variable to ``true`` in the appropriate -:ref:`kdc_realms` subsection of the KDC's :ref:`kdc.conf(5)` file. To -test that this option is in effect, run ``kinit -X disable_freshness`` -and verify that authentication is unsuccessful. diff --git a/krb5-1.21.3/doc/admin/princ_dns.rst b/krb5-1.21.3/doc/admin/princ_dns.rst deleted file mode 100644 index e558cd48..00000000 --- a/krb5-1.21.3/doc/admin/princ_dns.rst +++ /dev/null @@ -1,126 +0,0 @@ -Principal names and DNS -======================= - -Kerberos clients can do DNS lookups to canonicalize service principal -names. This can cause difficulties when setting up Kerberos -application servers, especially when the client's name for the service -is different from what the service thinks its name is. - - -Service principal names ------------------------ - -A frequently used kind of principal name is the host-based service -principal name. This kind of principal name has two components: a -service name and a hostname. For example, ``imap/imap.example.com`` -is the principal name of the "imap" service on the host -"imap.example.com". Other possible service names for the first -component include "host" (remote login services such as ssh), "HTTP", -and "nfs" (Network File System). - -Service administrators often publish well-known hostname aliases that -they would prefer users to use instead of the canonical name of the -service host. This gives service administrators more flexibility in -deploying services. For example, a shell login server might be named -"long-vanity-hostname.example.com", but users will naturally prefer to -type something like "login.example.com". Hostname aliases also allow -for administrators to set up load balancing for some sorts of services -based on rotating ``CNAME`` records in DNS. - - -Service principal canonicalization ----------------------------------- - -In the MIT krb5 client library, canonicalization of host-based service -principals is controlled by the **dns_canonicalize_hostname**, -**rnds**, and **qualify_shortname** variables in :ref:`libdefaults`. - -If **dns_canonicalize_hostname** is set to ``true`` (the default -value), the client performs forward resolution by looking up the IPv4 -and/or IPv6 addresses of the hostname using ``getaddrinfo()``. This -process will typically add a domain suffix to the hostname if needed, -and follow CNAME records in the DNS. If **rdns** is also set to -``true`` (the default), the client will then perform a reverse lookup -of the first returned Internet address using ``getnameinfo()``, -finding the name associated with the PTR record. - -If **dns_canonicalize_hostname** is set to ``false``, the hostname is -not canonicalized using DNS. If the hostname has only one component -(i.e. it contains no "." characters), the host's primary DNS search -domain will be appended, if there is one. The **qualify_shortname** -variable can be used to override or disable this suffix. - -If **dns_canonicalize_hostname** is set to ``fallback`` (added in -release 1.18), the hostname is initially treated according to the -rules for ``dns_canonicalize_hostname=false``. If a ticket request -fails because the service principal is unknown, the hostname will be -canonicalized according to the rules for -``dns_canonicalize_hostname=true`` and the request will be retried. - -In all cases, the hostname is converted to lowercase, and any trailing -dot is removed. - - - -Reverse DNS mismatches ----------------------- - -Sometimes, an enterprise will have control over its forward DNS but -not its reverse DNS. The reverse DNS is sometimes under the control -of the Internet service provider of the enterprise, and the enterprise -may not have much influence in setting up reverse DNS records for its -address space. If there are difficulties with getting forward and -reverse DNS to match, it is best to set ``rdns = false`` on client -machines. - - -Overriding application behavior -------------------------------- - -Applications can choose to use a default hostname component in their -service principal name when accepting authentication, which avoids -some sorts of hostname mismatches. Because not all relevant -applications do this yet, using the :ref:`krb5.conf(5)` setting:: - - [libdefaults] - ignore_acceptor_hostname = true - -will allow the Kerberos library to override the application's choice -of service principal hostname and will allow a server program to -accept incoming authentications using any key in its keytab that -matches the service name and realm name (if given). This setting -defaults to "false" and is available in releases krb5-1.10 and later. - - -Provisioning keytabs --------------------- - -One service principal entry that should be in the keytab is a -principal whose hostname component is the canonical hostname that -``getaddrinfo()`` reports for all known aliases for the host. If the -reverse DNS information does not match this canonical hostname, an -additional service principal entry should be in the keytab for this -different hostname. - - -Specific application advice ---------------------------- - -Secure shell (ssh) -~~~~~~~~~~~~~~~~~~ - -Setting ``GSSAPIStrictAcceptorCheck = no`` in the configuration file -of modern versions of the openssh daemon will allow the daemon to try -any key in its keytab when accepting a connection, rather than looking -for the keytab entry that matches the host's own idea of its name -(typically the name that ``gethostname()`` returns). This requires -krb5-1.10 or later. - -OpenLDAP (ldapsearch, etc.) -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -OpenLDAP's SASL implementation performs reverse DNS lookup in order to -canonicalize service principal names, even if **rdns** is set to -``false`` in the Kerberos configuration. To disable this behavior, -add ``SASL_NOCANON on`` to ``ldap.conf``, or set the -``LDAPSASL_NOCANON`` environment variable. diff --git a/krb5-1.21.3/doc/admin/realm_config.rst b/krb5-1.21.3/doc/admin/realm_config.rst deleted file mode 100644 index 9f5ad507..00000000 --- a/krb5-1.21.3/doc/admin/realm_config.rst +++ /dev/null @@ -1,268 +0,0 @@ -Realm configuration decisions -============================= - -Before installing Kerberos V5, it is necessary to consider the -following issues: - -* The name of your Kerberos realm (or the name of each realm, if you - need more than one). -* How you will assign your hostnames to Kerberos realms. -* Which ports your KDC and and kadmind services will use, if they will - not be using the default ports. -* How many replica KDCs you need and where they should be located. -* The hostnames of your primary and replica KDCs. -* How frequently you will propagate the database from the primary KDC - to the replica KDCs. - - -Realm name ----------- - -Although your Kerberos realm can be any ASCII string, convention is to -make it the same as your domain name, in upper-case letters. - -For example, hosts in the domain ``example.com`` would be in the -Kerberos realm:: - - EXAMPLE.COM - -If you need multiple Kerberos realms, MIT recommends that you use -descriptive names which end with your domain name, such as:: - - BOSTON.EXAMPLE.COM - HOUSTON.EXAMPLE.COM - - -.. _mapping_hostnames: - -Mapping hostnames onto Kerberos realms --------------------------------------- - -Mapping hostnames onto Kerberos realms is done in one of three ways. - -The first mechanism works through a set of rules in the -:ref:`domain_realm` section of :ref:`krb5.conf(5)`. You can specify -mappings for an entire domain or on a per-hostname basis. Typically -you would do this by specifying the mappings for a given domain or -subdomain and listing the exceptions. - -The second mechanism is to use KDC host-based service referrals. With -this method, the KDC's krb5.conf has a full [domain_realm] mapping for -hosts, but the clients do not, or have mappings for only a subset of -the hosts they might contact. When a client needs to contact a server -host for which it has no mapping, it will ask the client realm's KDC -for the service ticket, and will receive a referral to the appropriate -service realm. - -To use referrals, clients must be running MIT krb5 1.6 or later, and -the KDC must be running MIT krb5 1.7 or later. The -**host_based_services** and **no_host_referral** variables in the -:ref:`kdc_realms` section of :ref:`kdc.conf(5)` can be used to -fine-tune referral behavior on the KDC. - -It is also possible for clients to use DNS TXT records, if -**dns_lookup_realm** is enabled in :ref:`krb5.conf(5)`. Such lookups -are disabled by default because DNS is an insecure protocol and security -holes could result if DNS records are spoofed. If enabled, the client -will try to look up a TXT record formed by prepending the prefix -``_kerberos`` to the hostname in question. If that record is not -found, the client will attempt a lookup by prepending ``_kerberos`` to the -host's domain name, then its parent domain, up to the top-level domain. -For the hostname ``boston.engineering.example.com``, the names looked up -would be:: - - _kerberos.boston.engineering.example.com - _kerberos.engineering.example.com - _kerberos.example.com - _kerberos.com - -The value of the first TXT record found is taken as the realm name. - -Even if you do not choose to use this mechanism within your site, -you may wish to set it up anyway, for use when interacting with other sites. - - -Ports for the KDC and admin services ------------------------------------- - -The default ports used by Kerberos are port 88 for the KDC and port -749 for the admin server. You can, however, choose to run on other -ports, as long as they are specified in each host's -:ref:`krb5.conf(5)` files or in DNS SRV records, and the -:ref:`kdc.conf(5)` file on each KDC. For a more thorough treatment of -port numbers used by the Kerberos V5 programs, refer to the -:ref:`conf_firewall`. - - -Replica KDCs ------------- - -Replica KDCs provide an additional source of Kerberos ticket-granting -services in the event of inaccessibility of the primary KDC. The -number of replica KDCs you need and the decision of where to place them, -both physically and logically, depends on the specifics of your -network. - -Kerberos authentication requires that each client be able to contact a -KDC. Therefore, you need to anticipate any likely reason a KDC might -be unavailable and have a replica KDC to take up the slack. - -Some considerations include: - -* Have at least one replica KDC as a backup, for when the primary KDC - is down, is being upgraded, or is otherwise unavailable. -* If your network is split such that a network outage is likely to - cause a network partition (some segment or segments of the network - to become cut off or isolated from other segments), have a replica - KDC accessible to each segment. -* If possible, have at least one replica KDC in a different building - from the primary, in case of power outages, fires, or other - localized disasters. - - -.. _kdc_hostnames: - -Hostnames for KDCs ------------------- - -MIT recommends that your KDCs have a predefined set of CNAME records -(DNS hostname aliases), such as ``kerberos`` for the primary KDC and -``kerberos-1``, ``kerberos-2``, ... for the replica KDCs. This way, -if you need to swap a machine, you only need to change a DNS entry, -rather than having to change hostnames. - -As of MIT krb5 1.4, clients can locate a realm's KDCs through DNS -using SRV records (:rfc:`2782`), assuming the Kerberos realm name is -also a DNS domain name. These records indicate the hostname and port -number to contact for that service, optionally with weighting and -prioritization. The domain name used in the SRV record name is the -realm name. Several different Kerberos-related service names are -used: - -_kerberos._udp - This is for contacting any KDC by UDP. This entry will be used - the most often. Normally you should list port 88 on each of your - KDCs. -_kerberos._tcp - This is for contacting any KDC by TCP. Normally you should use - port 88. This entry should be omitted if the KDC does not listen - on TCP ports, as was the default prior to release 1.13. -_kerberos-master._udp - This entry should refer to those KDCs, if any, that will - immediately see password changes to the Kerberos database. If a - user is logging in and the password appears to be incorrect, the - client will retry with the primary KDC before failing with an - "incorrect password" error given. - - If you have only one KDC, or for whatever reason there is no - accessible KDC that would get database changes faster than the - others, you do not need to define this entry. -_kerberos-adm._tcp - This should list port 749 on your primary KDC. Support for it is - not complete at this time, but it will eventually be used by the - :ref:`kadmin(1)` program and related utilities. For now, you will - also need the **admin_server** variable in :ref:`krb5.conf(5)`. -_kerberos-master._tcp - The corresponding TCP port for _kerberos-master._udp, assuming the - primary KDC listens on a TCP port. -_kpasswd._udp - This entry should list port 464 on your primary KDC. It is used - when a user changes her password. If this entry is not defined - but a _kerberos-adm._tcp entry is defined, the client will use the - _kerberos-adm._tcp entry with the port number changed to 464. -_kpasswd._tcp - The corresponding TCP port for _kpasswd._udp. - -The DNS SRV specification requires that the hostnames listed be the -canonical names, not aliases. So, for example, you might include the -following records in your (BIND-style) zone file:: - - $ORIGIN foobar.com. - _kerberos TXT "FOOBAR.COM" - kerberos CNAME daisy - kerberos-1 CNAME use-the-force-luke - kerberos-2 CNAME bunny-rabbit - _kerberos._udp SRV 0 0 88 daisy - SRV 0 0 88 use-the-force-luke - SRV 0 0 88 bunny-rabbit - _kerberos-master._udp SRV 0 0 88 daisy - _kerberos-adm._tcp SRV 0 0 749 daisy - _kpasswd._udp SRV 0 0 464 daisy - -Clients can also be configured with the explicit location of services -using the **kdc**, **master_kdc**, **admin_server**, and -**kpasswd_server** variables in the :ref:`realms` section of -:ref:`krb5.conf(5)`. Even if some clients will be configured with -explicit server locations, providing SRV records will still benefit -unconfigured clients, and be useful for other sites. - - -.. _kdc_discovery: - -KDC Discovery -------------- - -As of MIT krb5 1.15, clients can also locate KDCs in DNS through URI -records (:rfc:`7553`). Limitations with the SRV record format may -result in extra DNS queries in situations where a client must failover -to other transport types, or find a primary server. The URI record -can convey more information about a realm's KDCs with a single query. - -The client performs a query for the following URI records: - -* ``_kerberos.REALM`` for finding KDCs. -* ``_kerberos-adm.REALM`` for finding kadmin services. -* ``_kpasswd.REALM`` for finding password services. - -The URI record includes a priority, weight, and a URI string that -consists of case-insensitive colon separated fields, in the form -``scheme:[flags]:transport:residual``. - -* *scheme* defines the registered URI type. It should always be - ``krb5srv``. -* *flags* contains zero or more flag characters. Currently the only - valid flag is ``m``, which indicates that the record is for a - primary server. -* *transport* defines the transport type of the residual URL or - address. Accepted values are ``tcp``, ``udp``, or ``kkdcp`` for the - MS-KKDCP type. -* *residual* contains the hostname, IP address, or URL to be - contacted using the specified transport, with an optional port - extension. The MS-KKDCP transport type uses a HTTPS URL, and can - include a port and/or path extension. - -An example of URI records in a zone file:: - - _kerberos.EXAMPLE.COM URI 10 1 krb5srv:m:tcp:kdc1.example.com - URI 20 1 krb5srv:m:udp:kdc2.example.com:89 - URI 40 1 krb5srv::udp:10.10.0.23 - URI 30 1 krb5srv::kkdcp:https://proxy:89/auth - -URI lookups are enabled by default, and can be disabled by setting -**dns_uri_lookup** in the :ref:`libdefaults` section of -:ref:`krb5.conf(5)` to False. When enabled, URI lookups take -precedence over SRV lookups, falling back to SRV lookups if no URI -records are found. - - -.. _db_prop: - -Database propagation --------------------- - -The Kerberos database resides on the primary KDC, and must be -propagated regularly (usually by a cron job) to the replica KDCs. In -deciding how frequently the propagation should happen, you will need -to balance the amount of time the propagation takes against the -maximum reasonable amount of time a user should have to wait for a -password change to take effect. - -If the propagation time is longer than this maximum reasonable time -(e.g., you have a particularly large database, you have a lot of -replicas, or you experience frequent network delays), you may wish to -cut down on your propagation delay by performing the propagation in -parallel. To do this, have the primary KDC propagate the database to -one set of replicas, and then have each of these replicas propagate -the database to additional replicas. - -See also :ref:`incr_db_prop` diff --git a/krb5-1.21.3/doc/admin/spake.rst b/krb5-1.21.3/doc/admin/spake.rst deleted file mode 100644 index 001f9291..00000000 --- a/krb5-1.21.3/doc/admin/spake.rst +++ /dev/null @@ -1,56 +0,0 @@ -.. _spake: - -SPAKE Preauthentication -======================= - -SPAKE preauthentication (added in release 1.17) uses public key -cryptography techniques to protect against :ref:`password dictionary -attacks `. Unlike :ref:`PKINIT `, it does not -require any additional infrastructure such as certificates; it simply -needs to be turned on. Using SPAKE preauthentication may modestly -increase the CPU and network load on the KDC. - -SPAKE preauthentication can use one of four elliptic curve groups for -its password-authenticated key exchange. The recommended group is -``edwards25519``; three NIST curves (``P-256``, ``P-384``, and -``P-521``) are also supported. - -By default, SPAKE with the ``edwards25519`` group is enabled on -clients, but the KDC does not offer SPAKE by default. To turn it on, -set the **spake_preauth_groups** variable in :ref:`libdefaults` to a -list of allowed groups. This variable affects both the client and the -KDC. Simply setting it to ``edwards25519`` is recommended:: - - [libdefaults] - spake_preauth_groups = edwards25519 - -Set the **+requires_preauth** and **-allow_svr** flags on client -principal entries, as you would for any preauthentication mechanism:: - - kadmin: modprinc +requires_preauth -allow_svr PRINCNAME - -Clients which do not implement SPAKE preauthentication will fall back -to encrypted timestamp. - -An active attacker can force a fallback to encrypted timestamp by -modifying the initial KDC response, defeating the protection against -dictionary attacks. To prevent this fallback on clients which do -implement SPAKE preauthentication, set the -**disable_encrypted_timestamp** variable to ``true`` in the -:ref:`realms` subsection for realms whose KDCs offer SPAKE -preauthentication. - -By default, SPAKE preauthentication requires an extra network round -trip to the KDC during initial authentication. If most of the clients -in a realm support SPAKE, this extra round trip can be eliminated -using an optimistic challenge, by setting the -**spake_preauth_kdc_challenge** variable in :ref:`kdcdefaults` to a -single group name:: - - [kdcdefaults] - spake_preauth_kdc_challenge = edwards25519 - -Using optimistic challenge will cause the KDC to do extra work for -initial authentication requests that do not result in SPAKE -preauthentication, but will save work when SPAKE preauthentication is -used. diff --git a/krb5-1.21.3/doc/admin/troubleshoot.rst b/krb5-1.21.3/doc/admin/troubleshoot.rst deleted file mode 100644 index ade5e1f8..00000000 --- a/krb5-1.21.3/doc/admin/troubleshoot.rst +++ /dev/null @@ -1,135 +0,0 @@ -.. _troubleshoot: - -Troubleshooting -=============== - -.. _trace_logging: - -Trace logging -------------- - -Most programs using MIT krb5 1.9 or later can be made to provide -information about internal krb5 library operations using trace -logging. To enable this, set the **KRB5_TRACE** environment variable -to a filename before running the program. On many operating systems, -the filename ``/dev/stdout`` can be used to send trace logging output -to standard output. - -Some programs do not honor **KRB5_TRACE**, either because they use -secure library contexts (this generally applies to setuid programs and -parts of the login system) or because they take direct control of the -trace logging system using the API. - -Here is a short example showing trace logging output for an invocation -of the :ref:`kvno(1)` command:: - - shell% env KRB5_TRACE=/dev/stdout kvno krbtgt/KRBTEST.COM - [9138] 1332348778.823276: Getting credentials user@KRBTEST.COM -> - krbtgt/KRBTEST.COM@KRBTEST.COM using ccache - FILE:/me/krb5/build/testdir/ccache - [9138] 1332348778.823381: Retrieving user@KRBTEST.COM -> - krbtgt/KRBTEST.COM@KRBTEST.COM from - FILE:/me/krb5/build/testdir/ccache with result: 0/Unknown code 0 - krbtgt/KRBTEST.COM@KRBTEST.COM: kvno = 1 - - -List of errors --------------- - -Frequently seen errors -~~~~~~~~~~~~~~~~~~~~~~ - -#. :ref:`init_creds_ETYPE_NOSUPP` - -#. :ref:`cert_chain_ETYPE_NOSUPP` - -#. :ref:`err_cert_chain_cert_expired` - - -Errors seen by admins -~~~~~~~~~~~~~~~~~~~~~ - -.. _prop_failed_start: - -#. :ref:`kprop_no_route` - -#. :ref:`kprop_con_refused` - -#. :ref:`kprop_sendauth_exchange` - -.. _prop_failed_end: - ------ - -.. _init_creds_etype_nosupp: - -KDC has no support for encryption type while getting initial credentials -........................................................................ - -.. _cert_chain_etype_nosupp: - - -credential verification failed: KDC has no support for encryption type -...................................................................... - -This most commonly happens when trying to use a principal with only -DES keys, in a release (MIT krb5 1.7 or later) which disables DES by -default. DES encryption is considered weak due to its inadequate key -size. If you cannot migrate away from its use, you can re-enable DES -by adding ``allow_weak_crypto = true`` to the :ref:`libdefaults` -section of :ref:`krb5.conf(5)`. - - -.. _err_cert_chain_cert_expired: - -Cannot create cert chain: certificate has expired -................................................. - -This error message indicates that PKINIT authentication failed because -the client certificate, KDC certificate, or one of the certificates in -the signing chain above them has expired. - -If the KDC certificate has expired, this message appears in the KDC -log file, and the client will receive a "Preauthentication failed" -error. (Prior to release 1.11, the KDC log file message erroneously -appears as "Out of memory". Prior to release 1.12, the client will -receive a "Generic error".) - -If the client or a signing certificate has expired, this message may -appear in trace_logging_ output from :ref:`kinit(1)` or, starting in -release 1.12, as an error message from kinit or another program which -gets initial tickets. The error message is more likely to appear -properly on the client if the principal entry has no long-term keys. - -.. _kprop_no_route: - -kprop: No route to host while connecting to server -.................................................. - -Make sure that the hostname of the replica KDC (as given to kprop) is -correct, and that any firewalls between the primary and the replica -allow a connection on port 754. - -.. _kprop_con_refused: - -kprop: Connection refused while connecting to server -.................................................... - -If the replica KDC is intended to run kpropd out of inetd, make sure -that inetd is configured to accept krb5_prop connections. inetd may -need to be restarted or sent a SIGHUP to recognize the new -configuration. If the replica is intended to run kpropd in standalone -mode, make sure that it is running. - -.. _kprop_sendauth_exchange: - -kprop: Server rejected authentication (during sendauth exchange) while authenticating to server -............................................................................................... - -Make sure that: - -#. The time is synchronized between the primary and replica KDCs. -#. The master stash file was copied from the primary to the expected - location on the replica. -#. The replica has a keytab file in the default location containing a - ``host`` principal for the replica's hostname. diff --git a/krb5-1.21.3/doc/admin/various_envs.rst b/krb5-1.21.3/doc/admin/various_envs.rst deleted file mode 100644 index 64c1795f..00000000 --- a/krb5-1.21.3/doc/admin/various_envs.rst +++ /dev/null @@ -1,27 +0,0 @@ -Various links -============= - -Whitepapers ------------ - -#. https://kerberos.org/software/whitepapers.html - - -Tutorials ---------- - -#. Fulvio Ricciardi _ - - -Troubleshooting ---------------- - -#. https://wiki.ncsa.illinois.edu/display/ITS/Windows+Kerberos+Troubleshooting - -#. https://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html - -#. https://docs.oracle.com/cd/E19253-01/816-4557/trouble-1/index.html - -#. https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb463167(v=technet.10)#EBAA - -#. https://bugs.launchpad.net/ubuntu/+source/libpam-heimdal/+bug/86528 diff --git a/krb5-1.21.3/doc/appdev/gssapi.rst b/krb5-1.21.3/doc/appdev/gssapi.rst deleted file mode 100644 index 339fd6c7..00000000 --- a/krb5-1.21.3/doc/appdev/gssapi.rst +++ /dev/null @@ -1,727 +0,0 @@ -Developing with GSSAPI -====================== - -The GSSAPI (Generic Security Services API) allows applications to -communicate securely using Kerberos 5 or other security mechanisms. -We recommend using the GSSAPI (or a higher-level framework which -encompasses GSSAPI, such as SASL) for secure network communication -over using the libkrb5 API directly. - -GSSAPIv2 is specified in :rfc:`2743` and :rfc:`2744`. Also see -:rfc:`7546` for a description of how to use the GSSAPI in a client or -server program. - -This documentation will describe how various ways of using the -GSSAPI will behave with the krb5 mechanism as implemented in MIT krb5, -as well as krb5-specific extensions to the GSSAPI. - - -Name types ----------- - -A GSSAPI application can name a local or remote entity by calling -gss_import_name_, specifying a name type and a value. The following -name types are supported by the krb5 mechanism: - -* **GSS_C_NT_HOSTBASED_SERVICE**: The value should be a string of the - form ``service`` or ``service@hostname``. This is the most common - way to name target services when initiating a security context, and - is the most likely name type to work across multiple mechanisms. - -* **GSS_KRB5_NT_PRINCIPAL_NAME**: The value should be a principal name - string. This name type only works with the krb5 mechanism, and is - defined in the ```` header. - -* **GSS_C_NT_USER_NAME** or **GSS_C_NULL_OID**: The value is treated - as an unparsed principal name string, as above. These name types - may work with mechanisms other than krb5, but will have different - interpretations in those mechanisms. **GSS_C_NT_USER_NAME** is - intended to be used with a local username, which will parse into a - single-component principal in the default realm. - -* **GSS_C_NT_ANONYMOUS**: The value is ignored. The anonymous - principal is used, allowing a client to authenticate to a server - without asserting a particular identity (which may or may not be - allowed by a particular server or Kerberos realm). - -* **GSS_C_NT_MACHINE_UID_NAME**: The value is uid_t object. On - Unix-like systems, the username of the uid is looked up in the - system user database and the resulting username is parsed as a - principal name. - -* **GSS_C_NT_STRING_UID_NAME**: As above, but the value is a decimal - string representation of the uid. - -* **GSS_C_NT_EXPORT_NAME**: The value must be the result of a - gss_export_name_ call. - -* **GSS_KRB5_NT_ENTERPRISE_NAME**: The value should be a krb5 - enterprise name string (see :rfc:`6806` section 5), in the form - ``user@suffix``. This name type is used to convey alias names, and - is defined in the ```` header. (New in - release 1.17.) - -* **GSS_KRB5_NT_X509_CERT**: The value should be an X.509 certificate - encoded according to :rfc:`5280`. This name form can be used for - the desired_name parameter of gss_acquire_cred_impersonate_name(), - to identify the S4U2Self user by certificate. (New in release - 1.19.) - - -Initiator credentials ---------------------- - -A GSSAPI client application uses gss_init_sec_context_ to establish a -security context. The *initiator_cred_handle* parameter determines -what tickets are used to establish the connection. An application can -either pass **GSS_C_NO_CREDENTIAL** to use the default client -credential, or it can use gss_acquire_cred_ beforehand to acquire an -initiator credential. The call to gss_acquire_cred_ may include a -*desired_name* parameter, or it may pass **GSS_C_NO_NAME** if it does -not have a specific name preference. - -If the desired name for a krb5 initiator credential is a host-based -name, it is converted to a principal name of the form -``service/hostname`` in the local realm, where *hostname* is the local -hostname if not specified. The hostname will be canonicalized using -forward name resolution, and possibly also using reverse name -resolution depending on the value of the **rdns** variable in -:ref:`libdefaults`. - -If a desired name is specified in the call to gss_acquire_cred_, the -krb5 mechanism will attempt to find existing tickets for that client -principal name in the default credential cache or collection. If the -default cache type does not support a collection, and the default -cache contains credentials for a different principal than the desired -name, a **GSS_S_CRED_UNAVAIL** error will be returned with a minor -code indicating a mismatch. - -If no existing tickets are available for the desired name, but the -name has an entry in the default client :ref:`keytab_definition`, the -krb5 mechanism will acquire initial tickets for the name using the -default client keytab. - -If no desired name is specified, credential acquisition will be -deferred until the credential is used in a call to -gss_init_sec_context_ or gss_inquire_cred_. If the call is to -gss_init_sec_context_, the target name will be used to choose a client -principal name using the credential cache selection facility. (This -facility might, for instance, try to choose existing tickets for a -client principal in the same realm as the target service). If there -are no existing tickets for the chosen principal, but it is present in -the default client keytab, the krb5 mechanism will acquire initial -tickets using the keytab. - -If the target name cannot be used to select a client principal -(because the credentials are used in a call to gss_inquire_cred_), or -if the credential cache selection facility cannot choose a principal -for it, the default credential cache will be selected if it exists and -contains tickets. - -If the default credential cache does not exist, but the default client -keytab does, the krb5 mechanism will try to acquire initial tickets -for the first principal in the default client keytab. - -If the krb5 mechanism acquires initial tickets using the default -client keytab, the resulting tickets will be stored in the default -cache or collection, and will be refreshed by future calls to -gss_acquire_cred_ as they approach their expire time. - - -Acceptor names --------------- - -A GSSAPI server application uses gss_accept_sec_context_ to establish -a security context based on tokens provided by the client. The -*acceptor_cred_handle* parameter determines what -:ref:`keytab_definition` entries may be authenticated to by the -client, if the krb5 mechanism is used. - -The simplest choice is to pass **GSS_C_NO_CREDENTIAL** as the acceptor -credential. In this case, clients may authenticate to any service -principal in the default keytab (typically |keytab|, or the value of -the **KRB5_KTNAME** environment variable). This is the recommended -approach if the server application has no specific requirements to the -contrary. - -A server may acquire an acceptor credential with gss_acquire_cred_ and -a *cred_usage* of **GSS_C_ACCEPT** or **GSS_C_BOTH**. If the -*desired_name* parameter is **GSS_C_NO_NAME**, then clients will be -allowed to authenticate to any service principal in the default -keytab, just as if no acceptor credential was supplied. - -If a server wishes to specify a *desired_name* to gss_acquire_cred_, -the most common choice is a host-based name. If the host-based -*desired_name* contains just a *service*, then clients will be allowed -to authenticate to any host-based service principal (that is, a -principal of the form ``service/hostname@REALM``) for the named -service, regardless of hostname or realm, as long as it is present in -the default keytab. If the input name contains both a *service* and a -*hostname*, clients will be allowed to authenticate to any host-based -principal for the named service and hostname, regardless of realm. - -.. note:: - - If a *hostname* is specified, it will be canonicalized - using forward name resolution, and possibly also using - reverse name resolution depending on the value of the - **rdns** variable in :ref:`libdefaults`. - -.. note:: - - If the **ignore_acceptor_hostname** variable in - :ref:`libdefaults` is enabled, then *hostname* will be - ignored even if one is specified in the input name. - -.. note:: - - In MIT krb5 versions prior to 1.10, and in Heimdal's - implementation of the krb5 mechanism, an input name with - just a *service* is treated like an input name of - ``service@localhostname``, where *localhostname* is the - string returned by gethostname(). - -If the *desired_name* is a krb5 principal name or a local system name -type which is mapped to a krb5 principal name, clients will only be -allowed to authenticate to that principal in the default keytab. - - -Name Attributes ---------------- - -In release 1.8 or later, the gss_inquire_name_ and -gss_get_name_attribute_ functions, specified in :rfc:`6680`, can be -used to retrieve name attributes from the *src_name* returned by -gss_accept_sec_context_. The following attributes are defined when -the krb5 mechanism is used: - -.. _gssapi_authind_attr: - -* "auth-indicators" attribute: - -This attribute will be included in the gss_inquire_name_ output if the -ticket contains :ref:`authentication indicators `. -One indicator is returned per invocation of gss_get_name_attribute_, -so multiple invocations may be necessary to retrieve all of the -indicators from the ticket. (New in release 1.15.) - - -Credential store extensions ---------------------------- - -Beginning with release 1.11, the following GSSAPI extensions declared -in ```` can be used to specify how credentials -are acquired or stored:: - - struct gss_key_value_element_struct { - const char *key; - const char *value; - }; - typedef struct gss_key_value_element_struct gss_key_value_element_desc; - - struct gss_key_value_set_struct { - OM_uint32 count; - gss_key_value_element_desc *elements; - }; - typedef const struct gss_key_value_set_struct gss_key_value_set_desc; - typedef const gss_key_value_set_desc *gss_const_key_value_set_t; - - OM_uint32 gss_acquire_cred_from(OM_uint32 *minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_const_key_value_set_t cred_store, - gss_cred_id_t *output_cred_handle, - gss_OID_set *actual_mechs, - OM_uint32 *time_rec); - - OM_uint32 gss_store_cred_into(OM_uint32 *minor_status, - gss_cred_id_t input_cred_handle, - gss_cred_usage_t cred_usage, - const gss_OID desired_mech, - OM_uint32 overwrite_cred, - OM_uint32 default_cred, - gss_const_key_value_set_t cred_store, - gss_OID_set *elements_stored, - gss_cred_usage_t *cred_usage_stored); - -The additional *cred_store* parameter allows the caller to specify -information about how the credentials should be obtained and stored. -The following options are supported by the krb5 mechanism: - -* **ccache**: For acquiring initiator credentials, the name of the - :ref:`credential cache ` to which the handle will - refer. For storing credentials, the name of the cache or collection - where the credentials will be stored (see below). - -* **client_keytab**: For acquiring initiator credentials, the name of - the :ref:`keytab ` which will be used, if - necessary, to refresh the credentials in the cache. - -* **keytab**: For acquiring acceptor credentials, the name of the - :ref:`keytab ` to which the handle will refer. - In release 1.19 and later, this option also determines the keytab to - be used for verification when initiator credentials are acquired - using a password and verified. - -* **password**: For acquiring initiator credentials, this option - instructs the mechanism to acquire fresh credentials into a unique - memory credential cache. This option may not be used with the - **ccache** or **client_keytab** options, and a *desired_name* must - be specified. (New in release 1.19.) - -* **rcache**: For acquiring acceptor credentials, the name of the - :ref:`replay cache ` to be used when processing - the initiator tokens. (New in release 1.13.) - -* **verify**: For acquiring initiator credentials, this option - instructs the mechanism to verify the credentials by obtaining a - ticket to a service with a known key. The service key is obtained - from the keytab specified with the **keytab** option or the default - keytab. The value may be the name of a principal in the keytab, or - the empty string. If the empty string is given, any ``host`` - service principal in the keytab may be used. (New in release 1.19.) - -In release 1.20 or later, if a collection name is specified for -**cache** in a call to gss_store_cred_into(), an existing cache for -the client principal within the collection will be selected, or a new -cache will be created within the collection. If *overwrite_cred* is -false and the selected credential cache already exists, a -**GSS_S_DUPLICATE_ELEMENT** error will be returned. If *default_cred* -is true, the primary cache of the collection will be switched to the -selected cache. - - -Importing and exporting credentials ------------------------------------ - -The following GSSAPI extensions can be used to import and export -credentials (declared in ````):: - - OM_uint32 gss_export_cred(OM_uint32 *minor_status, - gss_cred_id_t cred_handle, - gss_buffer_t token); - - OM_uint32 gss_import_cred(OM_uint32 *minor_status, - gss_buffer_t token, - gss_cred_id_t *cred_handle); - -The first function serializes a GSSAPI credential handle into a -buffer; the second unseralizes a buffer into a GSSAPI credential -handle. Serializing a credential does not destroy it. If any of the -mechanisms used in *cred_handle* do not support serialization, -gss_export_cred will return **GSS_S_UNAVAILABLE**. As with other -GSSAPI serialization functions, these extensions are only intended to -work with a matching implementation on the other side; they do not -serialize credentials in a standardized format. - -A serialized credential may contain secret information such as ticket -session keys. The serialization format does not protect this -information from eavesdropping or tampering. The calling application -must take care to protect the serialized credential when communicating -it over an insecure channel or to an untrusted party. - -A krb5 GSSAPI credential may contain references to a credential cache, -a client keytab, an acceptor keytab, and a replay cache. These -resources are normally serialized as references to their external -locations (such as the filename of the credential cache). Because of -this, a serialized krb5 credential can only be imported by a process -with similar privileges to the exporter. A serialized credential -should not be trusted if it originates from a source with lower -privileges than the importer, as it may contain references to external -credential cache, keytab, or replay cache resources not accessible to -the originator. - -An exception to the above rule applies when a krb5 GSSAPI credential -refers to a memory credential cache, as is normally the case for -delegated credentials received by gss_accept_sec_context_. In this -case, the contents of the credential cache are serialized, so that the -resulting token may be imported even if the original memory credential -cache no longer exists. - - -Constrained delegation (S4U) ----------------------------- - -The Microsoft S4U2Self and S4U2Proxy Kerberos protocol extensions -allow an intermediate service to acquire credentials from a client to -a target service without requiring the client to delegate a -ticket-granting ticket, if the KDC is configured to allow it. - -To perform a constrained delegation operation, the intermediate -service must submit to the KDC an "evidence ticket" from the client to -the intermediate service. An evidence ticket can be acquired when the -client authenticates to the intermediate service with Kerberos, or -with an S4U2Self request if the KDC allows it. The MIT krb5 GSSAPI -library represents an evidence ticket using a "proxy credential", -which is a special kind of gss_cred_id_t object whose underlying -credential cache contains the evidence ticket and a krbtgt ticket for -the intermediate service. - -To acquire a proxy credential during client authentication, the -service should first create an acceptor credential using the -**GSS_C_BOTH** usage. The application should then pass this -credential as the *acceptor_cred_handle* to gss_accept_sec_context_, -and also pass a *delegated_cred_handle* output parameter to receive a -proxy credential containing the evidence ticket. The output value of -*delegated_cred_handle* may be a delegated ticket-granting ticket if -the client sent one, or a proxy credential if not. If the library can -determine that the client's ticket is not a valid evidence ticket, it -will place **GSS_C_NO_CREDENTIAL** in *delegated_cred_handle*. - -To acquire a proxy credential using an S4U2Self request, the service -can use the following GSSAPI extension:: - - OM_uint32 gss_acquire_cred_impersonate_name(OM_uint32 *minor_status, - gss_cred_id_t icred, - gss_name_t desired_name, - OM_uint32 time_req, - gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t *output_cred, - gss_OID_set *actual_mechs, - OM_uint32 *time_rec); - -The parameters to this function are similar to those of -gss_acquire_cred_, except that *icred* is used to make an S4U2Self -request to the KDC for a ticket from *desired_name* to the -intermediate service. Both *icred* and *desired_name* are required -for this function; passing **GSS_C_NO_CREDENTIAL** or -**GSS_C_NO_NAME** will cause the call to fail. *icred* must contain a -krbtgt ticket for the intermediate service. The result of this -operation is a proxy credential. (Prior to release 1.18, the result -of this operation may be a regular credential for *desired_name*, if -the KDC issues a non-forwardable ticket.) - -Once the intermediate service has a proxy credential, it can simply -pass it to gss_init_sec_context_ as the *initiator_cred_handle* -parameter, and the desired service as the *target_name* parameter. -The GSSAPI library will present the krbtgt ticket and evidence ticket -in the proxy credential to the KDC in an S4U2Proxy request; if the -intermediate service has the appropriate permissions, the KDC will -issue a ticket from the client to the target service. The GSSAPI -library will then use this ticket to authenticate to the target -service. - -If an application needs to find out whether a credential it holds is a -proxy credential and the name of the intermediate service, it can -query the credential with the **GSS_KRB5_GET_CRED_IMPERSONATOR** OID -(new in release 1.16, declared in ````) using -the gss_inquire_cred_by_oid extension (declared in -````):: - - OM_uint32 gss_inquire_cred_by_oid(OM_uint32 *minor_status, - const gss_cred_id_t cred_handle, - gss_OID desired_object, - gss_buffer_set_t *data_set); - -If the call succeeds and *cred_handle* is a proxy credential, -*data_set* will be set to a single-element buffer set containing the -unparsed principal name of the intermediate service. If *cred_handle* -is not a proxy credential, *data_set* will be set to an empty buffer -set. If the library does not support the query, -gss_inquire_cred_by_oid will return **GSS_S_UNAVAILABLE**. - - -AEAD message wrapping ---------------------- - -The following GSSAPI extensions (declared in -````) can be used to wrap and unwrap messages -with additional "associated data" which is integrity-checked but is -not included in the output buffer:: - - OM_uint32 gss_wrap_aead(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, gss_qop_t qop_req, - gss_buffer_t input_assoc_buffer, - gss_buffer_t input_payload_buffer, - int *conf_state, - gss_buffer_t output_message_buffer); - - OM_uint32 gss_unwrap_aead(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_message_buffer, - gss_buffer_t input_assoc_buffer, - gss_buffer_t output_payload_buffer, - int *conf_state, - gss_qop_t *qop_state); - -Wrap tokens created with gss_wrap_aead will successfully unwrap only -if the same *input_assoc_buffer* contents are presented to -gss_unwrap_aead. - - -IOV message wrapping --------------------- - -The following extensions (declared in ````) can -be used for in-place encryption, fine-grained control over wrap token -layout, and for constructing wrap tokens compatible with Microsoft DCE -RPC:: - - typedef struct gss_iov_buffer_desc_struct { - OM_uint32 type; - gss_buffer_desc buffer; - } gss_iov_buffer_desc, *gss_iov_buffer_t; - - OM_uint32 gss_wrap_iov(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, gss_qop_t qop_req, - int *conf_state, - gss_iov_buffer_desc *iov, int iov_count); - - OM_uint32 gss_unwrap_iov(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int *conf_state, gss_qop_t *qop_state, - gss_iov_buffer_desc *iov, int iov_count); - - OM_uint32 gss_wrap_iov_length(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, int *conf_state, - gss_iov_buffer_desc *iov, - int iov_count); - - OM_uint32 gss_release_iov_buffer(OM_uint32 *minor_status, - gss_iov_buffer_desc *iov, - int iov_count); - -The caller of gss_wrap_iov provides an array of gss_iov_buffer_desc -structures, each containing a type and a gss_buffer_desc structure. -Valid types include: - -* **GSS_C_BUFFER_TYPE_DATA**: A data buffer to be included in the - token, and to be encrypted or decrypted in-place if the token is - confidentiality-protected. - -* **GSS_C_BUFFER_TYPE_HEADER**: The GSSAPI wrap token header and - underlying cryptographic header. - -* **GSS_C_BUFFER_TYPE_TRAILER**: The cryptographic trailer, if one is - required. - -* **GSS_C_BUFFER_TYPE_PADDING**: Padding to be combined with the data - during encryption and decryption. (The implementation may choose to - place padding in the trailer buffer, in which case it will set the - padding buffer length to 0.) - -* **GSS_C_BUFFER_TYPE_STREAM**: For unwrapping only, a buffer - containing a complete wrap token in standard format to be unwrapped. - -* **GSS_C_BUFFER_TYPE_SIGN_ONLY**: A buffer to be included in the - token's integrity protection checksum, but not to be encrypted or - included in the token itself. - -For gss_wrap_iov, the IOV list should contain one HEADER buffer, -followed by zero or more SIGN_ONLY buffers, followed by one or more -DATA buffers, followed by a TRAILER buffer. The memory pointed to by -the buffers is not required to be contiguous or in any particular -order. If *conf_req_flag* is true, DATA buffers will be encrypted -in-place, while SIGN_ONLY buffers will not be modified. - -The type of an output buffer may be combined with -**GSS_C_BUFFER_FLAG_ALLOCATE** to request that gss_wrap_iov allocate -the buffer contents. If gss_wrap_iov allocates a buffer, it sets the -**GSS_C_BUFFER_FLAG_ALLOCATED** flag on the buffer type. -gss_release_iov_buffer can be used to release all allocated buffers -within an iov list and unset their allocated flags. Here is an -example of how gss_wrap_iov can be used with allocation requested -(*ctx* is assumed to be a previously established gss_ctx_id_t):: - - OM_uint32 major, minor; - gss_iov_buffer_desc iov[4]; - char str[] = "message"; - - iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE; - iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; - iov[1].buffer.value = str; - iov[1].buffer.length = strlen(str); - iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING | GSS_IOV_BUFFER_FLAG_ALLOCATE; - iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER | GSS_IOV_BUFFER_FLAG_ALLOCATE; - - major = gss_wrap_iov(&minor, ctx, 1, GSS_C_QOP_DEFAULT, NULL, - iov, 4); - if (GSS_ERROR(major)) - handle_error(major, minor); - - /* Transmit or otherwise use resulting buffers. */ - - (void)gss_release_iov_buffer(&minor, iov, 4); - -If the caller does not choose to request buffer allocation by -gss_wrap_iov, it should first call gss_wrap_iov_length to query the -lengths of the HEADER, PADDING, and TRAILER buffers. DATA buffers -must be provided in the iov list so that padding length can be -computed correctly, but the output buffers need not be initialized. -Here is an example of using gss_wrap_iov_length and gss_wrap_iov:: - - OM_uint32 major, minor; - gss_iov_buffer_desc iov[4]; - char str[1024] = "message", *ptr; - - iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER; - iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; - iov[1].buffer.value = str; - iov[1].buffer.length = strlen(str); - - iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING; - iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER; - - major = gss_wrap_iov_length(&minor, ctx, 1, GSS_C_QOP_DEFAULT, - NULL, iov, 4); - if (GSS_ERROR(major)) - handle_error(major, minor); - if (strlen(str) + iov[0].buffer.length + iov[2].buffer.length + - iov[3].buffer.length > sizeof(str)) - handle_out_of_space_error(); - ptr = str + strlen(str); - iov[0].buffer.value = ptr; - ptr += iov[0].buffer.length; - iov[2].buffer.value = ptr; - ptr += iov[2].buffer.length; - iov[3].buffer.value = ptr; - - major = gss_wrap_iov(&minor, ctx, 1, GSS_C_QOP_DEFAULT, NULL, - iov, 4); - if (GSS_ERROR(major)) - handle_error(major, minor); - -If the context was established using the **GSS_C_DCE_STYLE** flag -(described in :rfc:`4757`), wrap tokens compatible with Microsoft DCE -RPC can be constructed. In this case, the IOV list must include a -SIGN_ONLY buffer, a DATA buffer, a second SIGN_ONLY buffer, and a -HEADER buffer in that order (the order of the buffer contents remains -arbitrary). The application must pad the DATA buffer to a multiple of -16 bytes as no padding or trailer buffer is used. - -gss_unwrap_iov may be called with an IOV list just like one which -would be provided to gss_wrap_iov. DATA buffers will be decrypted -in-place if they were encrypted, and SIGN_ONLY buffers will not be -modified. - -Alternatively, gss_unwrap_iov may be called with a single STREAM -buffer, zero or more SIGN_ONLY buffers, and a single DATA buffer. The -STREAM buffer is interpreted as a complete wrap token. The STREAM -buffer will be modified in-place to decrypt its contents. The DATA -buffer will be initialized to point to the decrypted data within the -STREAM buffer, unless it has the **GSS_C_BUFFER_FLAG_ALLOCATE** flag -set, in which case it will be initialized with a copy of the decrypted -data. Here is an example (*token* and *token_len* are assumed to be a -pre-existing pointer and length for a modifiable region of data):: - - OM_uint32 major, minor; - gss_iov_buffer_desc iov[2]; - - iov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; - iov[0].buffer.value = token; - iov[0].buffer.length = token_len; - iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; - major = gss_unwrap_iov(&minor, ctx, NULL, NULL, iov, 2); - if (GSS_ERROR(major)) - handle_error(major, minor); - - /* Decrypted data is in iov[1].buffer, pointing to a subregion of - * token. */ - -.. _gssapi_mic_token: - -IOV MIC tokens --------------- - -The following extensions (declared in ````) can -be used in release 1.12 or later to construct and verify MIC tokens -using an IOV list:: - - OM_uint32 gss_get_mic_iov(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_qop_t qop_req, - gss_iov_buffer_desc *iov, - int iov_count); - - OM_uint32 gss_get_mic_iov_length(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_qop_t qop_req, - gss_iov_buffer_desc *iov, - iov_count); - - OM_uint32 gss_verify_mic_iov(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_qop_t *qop_state, - gss_iov_buffer_desc *iov, - int iov_count); - -The caller of gss_get_mic_iov provides an array of gss_iov_buffer_desc -structures, each containing a type and a gss_buffer_desc structure. -Valid types include: - -* **GSS_C_BUFFER_TYPE_DATA** and **GSS_C_BUFFER_TYPE_SIGN_ONLY**: The - corresponding buffer for each of these types will be signed for the - MIC token, in the order provided. - -* **GSS_C_BUFFER_TYPE_MIC_TOKEN**: The GSSAPI MIC token. - -The type of the MIC_TOKEN buffer may be combined with -**GSS_C_BUFFER_FLAG_ALLOCATE** to request that gss_get_mic_iov -allocate the buffer contents. If gss_get_mic_iov allocates the -buffer, it sets the **GSS_C_BUFFER_FLAG_ALLOCATED** flag on the buffer -type. gss_release_iov_buffer can be used to release all allocated -buffers within an iov list and unset their allocated flags. Here is -an example of how gss_get_mic_iov can be used with allocation -requested (*ctx* is assumed to be a previously established -gss_ctx_id_t):: - - OM_uint32 major, minor; - gss_iov_buffer_desc iov[3]; - - iov[0].type = GSS_IOV_BUFFER_TYPE_DATA; - iov[0].buffer.value = "sign1"; - iov[0].buffer.length = 5; - iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; - iov[1].buffer.value = "sign2"; - iov[1].buffer.length = 5; - iov[2].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN | GSS_IOV_BUFFER_FLAG_ALLOCATE; - - major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 3); - if (GSS_ERROR(major)) - handle_error(major, minor); - - /* Transmit or otherwise use iov[2].buffer. */ - - (void)gss_release_iov_buffer(&minor, iov, 3); - -If the caller does not choose to request buffer allocation by -gss_get_mic_iov, it should first call gss_get_mic_iov_length to query -the length of the MIC_TOKEN buffer. Here is an example of using -gss_get_mic_iov_length and gss_get_mic_iov:: - - OM_uint32 major, minor; - gss_iov_buffer_desc iov[2]; - char data[1024]; - - iov[0].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN; - iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; - iov[1].buffer.value = "message"; - iov[1].buffer.length = 7; - - major = gss_get_mic_iov_length(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2); - if (GSS_ERROR(major)) - handle_error(major, minor); - if (iov[0].buffer.length > sizeof(data)) - handle_out_of_space_error(); - iov[0].buffer.value = data; - - major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2); - if (GSS_ERROR(major)) - handle_error(major, minor); - - -.. _gss_accept_sec_context: https://tools.ietf.org/html/rfc2744.html#section-5.1 -.. _gss_acquire_cred: https://tools.ietf.org/html/rfc2744.html#section-5.2 -.. _gss_export_name: https://tools.ietf.org/html/rfc2744.html#section-5.13 -.. _gss_get_name_attribute: https://tools.ietf.org/html/6680.html#section-7.5 -.. _gss_import_name: https://tools.ietf.org/html/rfc2744.html#section-5.16 -.. _gss_init_sec_context: https://tools.ietf.org/html/rfc2744.html#section-5.19 -.. _gss_inquire_name: https://tools.ietf.org/html/rfc6680.txt#section-7.4 -.. _gss_inquire_cred: https://tools.ietf.org/html/rfc2744.html#section-5.21 diff --git a/krb5-1.21.3/doc/appdev/h5l_mit_apidiff.rst b/krb5-1.21.3/doc/appdev/h5l_mit_apidiff.rst deleted file mode 100644 index b721b57b..00000000 --- a/krb5-1.21.3/doc/appdev/h5l_mit_apidiff.rst +++ /dev/null @@ -1,28 +0,0 @@ -Differences between Heimdal and MIT Kerberos API -================================================ - -.. tabularcolumns:: |l|l| - -.. table:: - - ======================================== ================================================= - :c:func:`krb5_auth_con_getaddrs()` H5l: If either of the pointers to local_addr - and remote_addr is not NULL, it is freed - first and then reallocated before being - populated with the content of corresponding - address from authentication context. - :c:func:`krb5_auth_con_setaddrs()` H5l: If either address is NULL, the previous - address remains in place - :c:func:`krb5_auth_con_setports()` H5l: Not implemented as of version 1.3.3 - :c:func:`krb5_auth_con_setrecvsubkey()` H5l: If either port is NULL, the previous - port remains in place - :c:func:`krb5_auth_con_setsendsubkey()` H5l: Not implemented as of version 1.3.3 - :c:func:`krb5_cc_set_config()` MIT: Before version 1.10 it was assumed that - the last argument *data* is ALWAYS non-zero. - :c:func:`krb5_cccol_last_change_time()` MIT: not implemented - :c:func:`krb5_set_default_realm()` H5l: Caches the computed default realm context - field. If the second argument is NULL, - it tries to retrieve it from libdefaults or DNS. - MIT: Computes the default realm each time - if it wasn't explicitly set in the context - ======================================== ================================================= diff --git a/krb5-1.21.3/doc/appdev/index.rst b/krb5-1.21.3/doc/appdev/index.rst deleted file mode 100644 index 961bb1e9..00000000 --- a/krb5-1.21.3/doc/appdev/index.rst +++ /dev/null @@ -1,16 +0,0 @@ -For application developers -========================== - -.. toctree:: - :maxdepth: 1 - - gssapi.rst - y2038.rst - h5l_mit_apidiff.rst - init_creds.rst - princ_handle.rst - -.. toctree:: - :maxdepth: 1 - - refs/index.rst diff --git a/krb5-1.21.3/doc/appdev/init_creds.rst b/krb5-1.21.3/doc/appdev/init_creds.rst deleted file mode 100644 index 5c3c0a87..00000000 --- a/krb5-1.21.3/doc/appdev/init_creds.rst +++ /dev/null @@ -1,304 +0,0 @@ -Initial credentials -=================== - -Software that performs tasks such as logging users into a computer -when they type their Kerberos password needs to get initial -credentials (usually ticket granting tickets) from Kerberos. Such -software shares some behavior with the :ref:`kinit(1)` program. - -Whenever a program grants access to a resource (such as a local login -session on a desktop computer) based on a user successfully getting -initial Kerberos credentials, it must verify those credentials against -a secure shared secret (e.g., a host keytab) to ensure that the user -credentials actually originate from a legitimate KDC. Failure to -perform this verification is a critical vulnerability, because a -malicious user can execute the "Zanarotti attack": the user constructs -a fake response that appears to come from the legitimate KDC, but -whose contents come from an attacker-controlled KDC. - -Some applications read a Kerberos password over the network (ideally -over a secure channel), which they then verify against the KDC. While -this technique may be the only practical way to integrate Kerberos -into some existing legacy systems, its use is contrary to the original -design goals of Kerberos. - -The function :c:func:`krb5_get_init_creds_password` will get initial -credentials for a client using a password. An application that needs -to verify the credentials can call :c:func:`krb5_verify_init_creds`. -Here is an example of code to obtain and verify TGT credentials, given -strings *princname* and *password* for the client principal name and -password:: - - krb5_error_code ret; - krb5_creds creds; - krb5_principal client_princ = NULL; - - memset(&creds, 0, sizeof(creds)); - ret = krb5_parse_name(context, princname, &client_princ); - if (ret) - goto cleanup; - ret = krb5_get_init_creds_password(context, &creds, client_princ, - password, NULL, NULL, 0, NULL, NULL); - if (ret) - goto cleanup; - ret = krb5_verify_init_creds(context, &creds, NULL, NULL, NULL, NULL); - - cleanup: - krb5_free_principal(context, client_princ); - krb5_free_cred_contents(context, &creds); - return ret; - -Options for get_init_creds --------------------------- - -The function :c:func:`krb5_get_init_creds_password` takes an options -parameter (which can be a null pointer). Use the function -:c:func:`krb5_get_init_creds_opt_alloc` to allocate an options -structure, and :c:func:`krb5_get_init_creds_opt_free` to free it. For -example:: - - krb5_error_code ret; - krb5_get_init_creds_opt *opt = NULL; - krb5_creds creds; - - memset(&creds, 0, sizeof(creds)); - ret = krb5_get_init_creds_opt_alloc(context, &opt); - if (ret) - goto cleanup; - krb5_get_init_creds_opt_set_tkt_life(opt, 24 * 60 * 60); - ret = krb5_get_init_creds_password(context, &creds, client_princ, - password, NULL, NULL, 0, NULL, opt); - if (ret) - goto cleanup; - - cleanup: - krb5_get_init_creds_opt_free(context, opt); - krb5_free_cred_contents(context, &creds); - return ret; - -Getting anonymous credentials ------------------------------ - -As of release 1.8, it is possible to obtain fully anonymous or -partially anonymous (realm-exposed) credentials, if the KDC supports -it. The MIT KDC supports issuing fully anonymous credentials as of -release 1.8 if configured appropriately (see :ref:`anonymous_pkinit`), -but does not support issuing realm-exposed anonymous credentials at -this time. - -To obtain fully anonymous credentials, call -:c:func:`krb5_get_init_creds_opt_set_anonymous` on the options -structure to set the anonymous flag, and specify a client principal -with the KDC's realm and a single empty data component (the principal -obtained by parsing ``@``\ *realmname*). Authentication will take -place using anonymous PKINIT; if successful, the client principal of -the resulting tickets will be -``WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS``. Here is an example:: - - krb5_get_init_creds_opt_set_anonymous(opt, 1); - ret = krb5_build_principal(context, &client_princ, strlen(myrealm), - myrealm, "", (char *)NULL); - if (ret) - goto cleanup; - ret = krb5_get_init_creds_password(context, &creds, client_princ, - password, NULL, NULL, 0, NULL, opt); - if (ret) - goto cleanup; - -To obtain realm-exposed anonymous credentials, set the anonymous flag -on the options structure as above, but specify a normal client -principal in order to prove membership in the realm. Authentication -will take place as it normally does; if successful, the client -principal of the resulting tickets will be ``WELLKNOWN/ANONYMOUS@``\ -*realmname*. - -User interaction ----------------- - -Authenticating a user usually requires the entry of secret -information, such as a password. A password can be supplied directly -to :c:func:`krb5_get_init_creds_password` via the *password* -parameter, or the application can supply prompter and/or responder -callbacks instead. If callbacks are used, the user can also be -queried for other secret information such as a PIN, informed of -impending password expiration, or prompted to change a password which -has expired. - -Prompter callback -~~~~~~~~~~~~~~~~~ - -A prompter callback can be specified via the *prompter* and *data* -parameters to :c:func:`krb5_get_init_creds_password`. The prompter -will be invoked each time the krb5 library has a question to ask or -information to present. When the prompter callback is invoked, the -*banner* argument (if not null) is intended to be displayed to the -user, and the questions to be answered are specified in the *prompts* -array. Each prompt contains a text question in the *prompt* field, a -*hidden* bit to indicate whether the answer should be hidden from -display, and a storage area for the answer in the *reply* field. The -callback should fill in each question's ``reply->data`` with the -answer, up to a maximum number of ``reply->length`` bytes, and then -reset ``reply->length`` to the length of the answer. - -A prompter callback can call :c:func:`krb5_get_prompt_types` to get an -array of type constants corresponding to the prompts, to get -programmatic information about the semantic meaning of the questions. -:c:func:`krb5_get_prompt_types` may return a null pointer if no prompt -type information is available. - -Text-based applications can use a built-in text prompter -implementation by supplying :c:func:`krb5_prompter_posix` as the -*prompter* parameter and a null pointer as the *data* parameter. For -example:: - - ret = krb5_get_init_creds_password(context, &creds, client_princ, - NULL, krb5_prompter_posix, NULL, 0, - NULL, NULL); - -Responder callback -~~~~~~~~~~~~~~~~~~ - -A responder callback can be specified through the init_creds options -using the :c:func:`krb5_get_init_creds_opt_set_responder` function. -Responder callbacks can present a more sophisticated user interface -for authentication secrets. The responder callback is usually invoked -only once per authentication, with a list of questions produced by all -of the allowed preauthentication mechanisms. - -When the responder callback is invoked, the *rctx* argument can be -accessed to obtain the list of questions and to answer them. The -:c:func:`krb5_responder_list_questions` function retrieves an array of -question types. For each question type, the -:c:func:`krb5_responder_get_challenge` function retrieves additional -information about the question, if applicable, and the -:c:func:`krb5_responder_set_answer` function sets the answer. - -Responder question types, challenges, and answers are UTF-8 strings. -The question type is a well-known string; the meaning of the challenge -and answer depend on the question type. If an application does not -understand a question type, it cannot interpret the challenge or -provide an answer. Failing to answer a question typically results in -the prompter callback being used as a fallback. - -Password question -################# - -The :c:macro:`KRB5_RESPONDER_QUESTION_PASSWORD` (or ``"password"``) -question type requests the user's password. This question does not -have a challenge, and the response is simply the password string. - -One-time password question -########################## - -The :c:macro:`KRB5_RESPONDER_QUESTION_OTP` (or ``"otp"``) question -type requests a choice among one-time password tokens and the PIN and -value for the chosen token. The challenge and answer are JSON-encoded -strings, but an application can use convenience functions to avoid -doing any JSON processing itself. - -The :c:func:`krb5_responder_otp_get_challenge` function decodes the -challenge into a krb5_responder_otp_challenge structure. The -:c:func:`krb5_responder_otp_set_answer` function selects one of the -token information elements from the challenge and supplies the value -and pin for that token. - -PKINIT password or PIN question -############################### - -The :c:macro:`KRB5_RESPONDER_QUESTION_PKINIT` (or ``"pkinit"``) question -type requests PINs for hardware devices and/or passwords for encrypted -credentials which are stored on disk, potentially also supplying -information about the state of the hardware devices. The challenge and -answer are JSON-encoded strings, but an application can use convenience -functions to avoid doing any JSON processing itself. - -The :c:func:`krb5_responder_pkinit_get_challenge` function decodes the -challenges into a krb5_responder_pkinit_challenge structure. The -:c:func:`krb5_responder_pkinit_set_answer` function can be used to -supply the PIN or password for a particular client credential, and can -be called multiple times. - -Example -####### - -Here is an example of using a responder callback:: - - static krb5_error_code - my_responder(krb5_context context, void *data, - krb5_responder_context rctx) - { - krb5_error_code ret; - krb5_responder_otp_challenge *chl; - - if (krb5_responder_get_challenge(context, rctx, - KRB5_RESPONDER_QUESTION_PASSWORD)) { - ret = krb5_responder_set_answer(context, rctx, - KRB5_RESPONDER_QUESTION_PASSWORD, - "open sesame"); - if (ret) - return ret; - } - ret = krb5_responder_otp_get_challenge(context, rctx, &chl); - if (ret == 0 && chl != NULL) { - ret = krb5_responder_otp_set_answer(context, rctx, 0, "1234", - NULL); - krb5_responder_otp_challenge_free(context, rctx, chl); - if (ret) - return ret; - } - return 0; - } - - static krb5_error_code - get_creds(krb5_context context, krb5_principal client_princ) - { - krb5_error_code ret; - krb5_get_init_creds_opt *opt = NULL; - krb5_creds creds; - - memset(&creds, 0, sizeof(creds)); - ret = krb5_get_init_creds_opt_alloc(context, &opt); - if (ret) - goto cleanup; - ret = krb5_get_init_creds_opt_set_responder(context, opt, my_responder, - NULL); - if (ret) - goto cleanup; - ret = krb5_get_init_creds_password(context, &creds, client_princ, - NULL, NULL, NULL, 0, NULL, opt); - - cleanup: - krb5_get_init_creds_opt_free(context, opt); - krb5_free_cred_contents(context, &creds); - return ret; - } - -Verifying initial credentials ------------------------------ - -Use the function :c:func:`krb5_verify_init_creds` to verify initial -credentials. It takes an options structure (which can be a null -pointer). Use :c:func:`krb5_verify_init_creds_opt_init` to initialize -the caller-allocated options structure, and -:c:func:`krb5_verify_init_creds_opt_set_ap_req_nofail` to set the -"nofail" option. For example:: - - krb5_verify_init_creds_opt vopt; - - krb5_verify_init_creds_opt_init(&vopt); - krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, 1); - ret = krb5_verify_init_creds(context, &creds, NULL, NULL, NULL, &vopt); - -The confusingly named "nofail" option, when set, means that the -verification must actually succeed in order for -:c:func:`krb5_verify_init_creds` to indicate success. The default -state of this option (cleared) means that if there is no key material -available to verify the user credentials, the verification will -succeed anyway. (The default can be changed by a configuration file -setting.) - -This accommodates a use case where a large number of unkeyed shared -desktop workstations need to allow users to log in using Kerberos. -The security risks from this practice are mitigated by the absence of -valuable state on the shared workstations---any valuable resources -that the users would access reside on networked servers. diff --git a/krb5-1.21.3/doc/appdev/princ_handle.rst b/krb5-1.21.3/doc/appdev/princ_handle.rst deleted file mode 100644 index 455f00a4..00000000 --- a/krb5-1.21.3/doc/appdev/princ_handle.rst +++ /dev/null @@ -1,79 +0,0 @@ -Principal manipulation and parsing -================================== - -Kerberos principal structure - -.. - -:c:type:`krb5_principal_data` - -:c:type:`krb5_principal` - -.. - -Create and free principal - -.. - -:c:func:`krb5_build_principal()` - -:c:func:`krb5_build_principal_alloc_va()` - -:c:func:`krb5_build_principal_ext()` - -:c:func:`krb5_copy_principal()` - -:c:func:`krb5_free_principal()` - -:c:func:`krb5_cc_get_principal()` - -.. - -Comparing - -.. - -:c:func:`krb5_principal_compare()` - -:c:func:`krb5_principal_compare_flags()` - -:c:func:`krb5_principal_compare_any_realm()` - -:c:func:`krb5_sname_match()` - -:c:func:`krb5_sname_to_principal()` - -.. - - -Parsing: - -.. - -:c:func:`krb5_parse_name()` - -:c:func:`krb5_parse_name_flags()` - -:c:func:`krb5_unparse_name()` - -:c:func:`krb5_unparse_name_flags()` - -.. - -Utilities: - -.. - -:c:func:`krb5_is_config_principal()` - -:c:func:`krb5_kuserok()` - -:c:func:`krb5_set_password()` - -:c:func:`krb5_set_password_using_ccache()` - -:c:func:`krb5_set_principal_realm()` - -:c:func:`krb5_realm_compare()` - -.. diff --git a/krb5-1.21.3/doc/appdev/refs/api/index.rst b/krb5-1.21.3/doc/appdev/refs/api/index.rst deleted file mode 100644 index d12be47c..00000000 --- a/krb5-1.21.3/doc/appdev/refs/api/index.rst +++ /dev/null @@ -1,413 +0,0 @@ -krb5 API -======== - - -Frequently used public interfaces ----------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb5_build_principal.rst - krb5_build_principal_alloc_va.rst - krb5_build_principal_ext.rst - krb5_cc_close.rst - krb5_cc_default.rst - krb5_cc_default_name.rst - krb5_cc_destroy.rst - krb5_cc_dup.rst - krb5_cc_get_name.rst - krb5_cc_get_principal.rst - krb5_cc_get_type.rst - krb5_cc_initialize.rst - krb5_cc_new_unique.rst - krb5_cc_resolve.rst - krb5_change_password.rst - krb5_chpw_message.rst - krb5_expand_hostname.rst - krb5_free_context.rst - krb5_free_error_message.rst - krb5_free_principal.rst - krb5_fwd_tgt_creds.rst - krb5_get_default_realm.rst - krb5_get_error_message.rst - krb5_get_host_realm.rst - krb5_get_credentials.rst - krb5_get_fallback_host_realm.rst - krb5_get_init_creds_keytab.rst - krb5_get_init_creds_opt_alloc.rst - krb5_get_init_creds_opt_free.rst - krb5_get_init_creds_opt_get_fast_flags.rst - krb5_get_init_creds_opt_set_address_list.rst - krb5_get_init_creds_opt_set_anonymous.rst - krb5_get_init_creds_opt_set_canonicalize.rst - krb5_get_init_creds_opt_set_change_password_prompt.rst - krb5_get_init_creds_opt_set_etype_list.rst - krb5_get_init_creds_opt_set_expire_callback.rst - krb5_get_init_creds_opt_set_fast_ccache.rst - krb5_get_init_creds_opt_set_fast_ccache_name.rst - krb5_get_init_creds_opt_set_fast_flags.rst - krb5_get_init_creds_opt_set_forwardable.rst - krb5_get_init_creds_opt_set_in_ccache.rst - krb5_get_init_creds_opt_set_out_ccache.rst - krb5_get_init_creds_opt_set_pa.rst - krb5_get_init_creds_opt_set_pac_request.rst - krb5_get_init_creds_opt_set_preauth_list.rst - krb5_get_init_creds_opt_set_proxiable.rst - krb5_get_init_creds_opt_set_renew_life.rst - krb5_get_init_creds_opt_set_responder.rst - krb5_get_init_creds_opt_set_salt.rst - krb5_get_init_creds_opt_set_tkt_life.rst - krb5_get_init_creds_password.rst - krb5_get_profile.rst - krb5_get_prompt_types.rst - krb5_get_renewed_creds.rst - krb5_get_validated_creds.rst - krb5_init_context.rst - krb5_init_secure_context.rst - krb5_is_config_principal.rst - krb5_is_thread_safe.rst - krb5_kt_close.rst - krb5_kt_client_default.rst - krb5_kt_default.rst - krb5_kt_default_name.rst - krb5_kt_dup.rst - krb5_kt_get_name.rst - krb5_kt_get_type.rst - krb5_kt_resolve.rst - krb5_kuserok.rst - krb5_parse_name.rst - krb5_parse_name_flags.rst - krb5_principal_compare.rst - krb5_principal_compare_any_realm.rst - krb5_principal_compare_flags.rst - krb5_prompter_posix.rst - krb5_realm_compare.rst - krb5_responder_get_challenge.rst - krb5_responder_list_questions.rst - krb5_responder_set_answer.rst - krb5_responder_otp_get_challenge.rst - krb5_responder_otp_set_answer.rst - krb5_responder_otp_challenge_free.rst - krb5_responder_pkinit_get_challenge.rst - krb5_responder_pkinit_set_answer.rst - krb5_responder_pkinit_challenge_free.rst - krb5_set_default_realm.rst - krb5_set_password.rst - krb5_set_password_using_ccache.rst - krb5_set_principal_realm.rst - krb5_set_trace_callback.rst - krb5_set_trace_filename.rst - krb5_sname_match.rst - krb5_sname_to_principal.rst - krb5_unparse_name.rst - krb5_unparse_name_ext.rst - krb5_unparse_name_flags.rst - krb5_unparse_name_flags_ext.rst - krb5_us_timeofday.rst - krb5_verify_authdata_kdc_issued.rst - -Rarely used public interfaces --------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb5_425_conv_principal.rst - krb5_524_conv_principal.rst - krb5_address_compare.rst - krb5_address_order.rst - krb5_address_search.rst - krb5_allow_weak_crypto.rst - krb5_aname_to_localname.rst - krb5_anonymous_principal.rst - krb5_anonymous_realm.rst - krb5_appdefault_boolean.rst - krb5_appdefault_string.rst - krb5_auth_con_free.rst - krb5_auth_con_genaddrs.rst - krb5_auth_con_get_checksum_func.rst - krb5_auth_con_getaddrs.rst - krb5_auth_con_getauthenticator.rst - krb5_auth_con_getflags.rst - krb5_auth_con_getkey.rst - krb5_auth_con_getkey_k.rst - krb5_auth_con_getlocalseqnumber.rst - krb5_auth_con_getrcache.rst - krb5_auth_con_getrecvsubkey.rst - krb5_auth_con_getrecvsubkey_k.rst - krb5_auth_con_getremoteseqnumber.rst - krb5_auth_con_getsendsubkey.rst - krb5_auth_con_getsendsubkey_k.rst - krb5_auth_con_init.rst - krb5_auth_con_set_checksum_func.rst - krb5_auth_con_set_req_cksumtype.rst - krb5_auth_con_setaddrs.rst - krb5_auth_con_setflags.rst - krb5_auth_con_setports.rst - krb5_auth_con_setrcache.rst - krb5_auth_con_setrecvsubkey.rst - krb5_auth_con_setrecvsubkey_k.rst - krb5_auth_con_setsendsubkey.rst - krb5_auth_con_setsendsubkey_k.rst - krb5_auth_con_setuseruserkey.rst - krb5_cc_cache_match.rst - krb5_cc_copy_creds.rst - krb5_cc_end_seq_get.rst - krb5_cc_get_config.rst - krb5_cc_get_flags.rst - krb5_cc_get_full_name.rst - krb5_cc_move.rst - krb5_cc_next_cred.rst - krb5_cc_remove_cred.rst - krb5_cc_retrieve_cred.rst - krb5_cc_select.rst - krb5_cc_set_config.rst - krb5_cc_set_default_name.rst - krb5_cc_set_flags.rst - krb5_cc_start_seq_get.rst - krb5_cc_store_cred.rst - krb5_cc_support_switch.rst - krb5_cc_switch.rst - krb5_cccol_cursor_free.rst - krb5_cccol_cursor_new.rst - krb5_cccol_cursor_next.rst - krb5_cccol_have_content.rst - krb5_clear_error_message.rst - krb5_check_clockskew.rst - krb5_copy_addresses.rst - krb5_copy_authdata.rst - krb5_copy_authenticator.rst - krb5_copy_checksum.rst - krb5_copy_context.rst - krb5_copy_creds.rst - krb5_copy_data.rst - krb5_copy_error_message.rst - krb5_copy_keyblock.rst - krb5_copy_keyblock_contents.rst - krb5_copy_principal.rst - krb5_copy_ticket.rst - krb5_find_authdata.rst - krb5_free_addresses.rst - krb5_free_ap_rep_enc_part.rst - krb5_free_authdata.rst - krb5_free_authenticator.rst - krb5_free_cred_contents.rst - krb5_free_creds.rst - krb5_free_data.rst - krb5_free_data_contents.rst - krb5_free_default_realm.rst - krb5_free_enctypes.rst - krb5_free_error.rst - krb5_free_host_realm.rst - krb5_free_keyblock.rst - krb5_free_keyblock_contents.rst - krb5_free_keytab_entry_contents.rst - krb5_free_string.rst - krb5_free_ticket.rst - krb5_free_unparsed_name.rst - krb5_get_etype_info.rst - krb5_get_permitted_enctypes.rst - krb5_get_server_rcache.rst - krb5_get_time_offsets.rst - krb5_init_context_profile.rst - krb5_init_creds_free.rst - krb5_init_creds_get.rst - krb5_init_creds_get_creds.rst - krb5_init_creds_get_error.rst - krb5_init_creds_get_times.rst - krb5_init_creds_init.rst - krb5_init_creds_set_keytab.rst - krb5_init_creds_set_password.rst - krb5_init_creds_set_service.rst - krb5_init_creds_step.rst - krb5_init_keyblock.rst - krb5_is_referral_realm.rst - krb5_kdc_sign_ticket.rst - krb5_kdc_verify_ticket.rst - krb5_kt_add_entry.rst - krb5_kt_end_seq_get.rst - krb5_kt_get_entry.rst - krb5_kt_have_content.rst - krb5_kt_next_entry.rst - krb5_kt_read_service_key.rst - krb5_kt_remove_entry.rst - krb5_kt_start_seq_get.rst - krb5_make_authdata_kdc_issued.rst - krb5_marshal_credentials.rst - krb5_merge_authdata.rst - krb5_mk_1cred.rst - krb5_mk_error.rst - krb5_mk_ncred.rst - krb5_mk_priv.rst - krb5_mk_rep.rst - krb5_mk_rep_dce.rst - krb5_mk_req.rst - krb5_mk_req_extended.rst - krb5_mk_safe.rst - krb5_os_localaddr.rst - krb5_pac_add_buffer.rst - krb5_pac_free.rst - krb5_pac_get_buffer.rst - krb5_pac_get_types.rst - krb5_pac_init.rst - krb5_pac_parse.rst - krb5_pac_sign.rst - krb5_pac_sign_ext.rst - krb5_pac_verify.rst - krb5_pac_verify_ext.rst - krb5_pac_get_client_info.rst - krb5_prepend_error_message.rst - krb5_principal2salt.rst - krb5_rd_cred.rst - krb5_rd_error.rst - krb5_rd_priv.rst - krb5_rd_rep.rst - krb5_rd_rep_dce.rst - krb5_rd_req.rst - krb5_rd_safe.rst - krb5_read_password.rst - krb5_salttype_to_string.rst - krb5_server_decrypt_ticket_keytab.rst - krb5_set_default_tgs_enctypes.rst - krb5_set_error_message.rst - krb5_set_kdc_recv_hook.rst - krb5_set_kdc_send_hook.rst - krb5_set_real_time.rst - krb5_string_to_cksumtype.rst - krb5_string_to_deltat.rst - krb5_string_to_enctype.rst - krb5_string_to_salttype.rst - krb5_string_to_timestamp.rst - krb5_timeofday.rst - krb5_timestamp_to_sfstring.rst - krb5_timestamp_to_string.rst - krb5_tkt_creds_free.rst - krb5_tkt_creds_get.rst - krb5_tkt_creds_get_creds.rst - krb5_tkt_creds_get_times.rst - krb5_tkt_creds_init.rst - krb5_tkt_creds_step.rst - krb5_unmarshal_credentials.rst - krb5_verify_init_creds.rst - krb5_verify_init_creds_opt_init.rst - krb5_verify_init_creds_opt_set_ap_req_nofail.rst - krb5_vprepend_error_message.rst - krb5_vset_error_message.rst - krb5_vwrap_error_message.rst - krb5_wrap_error_message.rst - - -Public interfaces that should not be called directly -------------------------------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb5_c_block_size.rst - krb5_c_checksum_length.rst - krb5_c_crypto_length.rst - krb5_c_crypto_length_iov.rst - krb5_c_decrypt.rst - krb5_c_decrypt_iov.rst - krb5_c_derive_prfplus.rst - krb5_c_encrypt.rst - krb5_c_encrypt_iov.rst - krb5_c_encrypt_length.rst - krb5_c_enctype_compare.rst - krb5_c_free_state.rst - krb5_c_fx_cf2_simple.rst - krb5_c_init_state.rst - krb5_c_is_coll_proof_cksum.rst - krb5_c_is_keyed_cksum.rst - krb5_c_keyed_checksum_types.rst - krb5_c_keylengths.rst - krb5_c_make_checksum.rst - krb5_c_make_checksum_iov.rst - krb5_c_make_random_key.rst - krb5_c_padding_length.rst - krb5_c_prf.rst - krb5_c_prfplus.rst - krb5_c_prf_length.rst - krb5_c_random_add_entropy.rst - krb5_c_random_make_octets.rst - krb5_c_random_os_entropy.rst - krb5_c_random_to_key.rst - krb5_c_string_to_key.rst - krb5_c_string_to_key_with_params.rst - krb5_c_valid_cksumtype.rst - krb5_c_valid_enctype.rst - krb5_c_verify_checksum.rst - krb5_c_verify_checksum_iov.rst - krb5_cksumtype_to_string.rst - krb5_decode_authdata_container.rst - krb5_decode_ticket.rst - krb5_deltat_to_string.rst - krb5_encode_authdata_container.rst - krb5_enctype_to_name.rst - krb5_enctype_to_string.rst - krb5_free_checksum.rst - krb5_free_checksum_contents.rst - krb5_free_cksumtypes.rst - krb5_free_tgt_creds.rst - krb5_k_create_key.rst - krb5_k_decrypt.rst - krb5_k_decrypt_iov.rst - krb5_k_encrypt.rst - krb5_k_encrypt_iov.rst - krb5_k_free_key.rst - krb5_k_key_enctype.rst - krb5_k_key_keyblock.rst - krb5_k_make_checksum.rst - krb5_k_make_checksum_iov.rst - krb5_k_prf.rst - krb5_k_reference_key.rst - krb5_k_verify_checksum.rst - krb5_k_verify_checksum_iov.rst - - -Legacy convenience interfaces ------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb5_recvauth.rst - krb5_recvauth_version.rst - krb5_sendauth.rst - - -Deprecated public interfaces ------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb5_524_convert_creds.rst - krb5_auth_con_getlocalsubkey.rst - krb5_auth_con_getremotesubkey.rst - krb5_auth_con_initivector.rst - krb5_build_principal_va.rst - krb5_c_random_seed.rst - krb5_calculate_checksum.rst - krb5_checksum_size.rst - krb5_encrypt.rst - krb5_decrypt.rst - krb5_eblock_enctype.rst - krb5_encrypt_size.rst - krb5_finish_key.rst - krb5_finish_random_key.rst - krb5_cc_gen_new.rst - krb5_get_credentials_renew.rst - krb5_get_credentials_validate.rst - krb5_get_in_tkt_with_password.rst - krb5_get_in_tkt_with_skey.rst - krb5_get_in_tkt_with_keytab.rst - krb5_get_init_creds_opt_init.rst - krb5_init_random_key.rst - krb5_kt_free_entry.rst - krb5_random_key.rst - krb5_process_key.rst - krb5_string_to_key.rst - krb5_use_enctype.rst - krb5_verify_checksum.rst diff --git a/krb5-1.21.3/doc/appdev/refs/index.rst b/krb5-1.21.3/doc/appdev/refs/index.rst deleted file mode 100644 index 37a895f3..00000000 --- a/krb5-1.21.3/doc/appdev/refs/index.rst +++ /dev/null @@ -1,9 +0,0 @@ -Complete reference - API and datatypes -====================================== - -.. toctree:: - :maxdepth: 1 - - api/index.rst - types/index.rst - macros/index.rst diff --git a/krb5-1.21.3/doc/appdev/refs/macros/index.rst b/krb5-1.21.3/doc/appdev/refs/macros/index.rst deleted file mode 100644 index 45fe160d..00000000 --- a/krb5-1.21.3/doc/appdev/refs/macros/index.rst +++ /dev/null @@ -1,397 +0,0 @@ -krb5 simple macros -========================= - -Public -------- - -.. toctree:: - :maxdepth: 1 - - ADDRTYPE_ADDRPORT.rst - ADDRTYPE_CHAOS.rst - ADDRTYPE_DDP.rst - ADDRTYPE_INET.rst - ADDRTYPE_INET6.rst - ADDRTYPE_IPPORT.rst - ADDRTYPE_ISO.rst - ADDRTYPE_IS_LOCAL.rst - ADDRTYPE_NETBIOS.rst - ADDRTYPE_XNS.rst - AD_TYPE_EXTERNAL.rst - AD_TYPE_FIELD_TYPE_MASK.rst - AD_TYPE_REGISTERED.rst - AD_TYPE_RESERVED.rst - AP_OPTS_ETYPE_NEGOTIATION.rst - AP_OPTS_MUTUAL_REQUIRED.rst - AP_OPTS_RESERVED.rst - AP_OPTS_USE_SESSION_KEY.rst - AP_OPTS_USE_SUBKEY.rst - AP_OPTS_WIRE_MASK.rst - CKSUMTYPE_CMAC_CAMELLIA128.rst - CKSUMTYPE_CMAC_CAMELLIA256.rst - CKSUMTYPE_CRC32.rst - CKSUMTYPE_DESCBC.rst - CKSUMTYPE_HMAC_MD5_ARCFOUR.rst - CKSUMTYPE_HMAC_SHA1_96_AES128.rst - CKSUMTYPE_HMAC_SHA1_96_AES256.rst - CKSUMTYPE_HMAC_SHA256_128_AES128.rst - CKSUMTYPE_HMAC_SHA384_192_AES256.rst - CKSUMTYPE_HMAC_SHA1_DES3.rst - CKSUMTYPE_MD5_HMAC_ARCFOUR.rst - CKSUMTYPE_NIST_SHA.rst - CKSUMTYPE_RSA_MD4.rst - CKSUMTYPE_RSA_MD4_DES.rst - CKSUMTYPE_RSA_MD5.rst - CKSUMTYPE_RSA_MD5_DES.rst - CKSUMTYPE_SHA1.rst - ENCTYPE_AES128_CTS_HMAC_SHA1_96.rst - ENCTYPE_AES128_CTS_HMAC_SHA256_128.rst - ENCTYPE_AES256_CTS_HMAC_SHA1_96.rst - ENCTYPE_AES256_CTS_HMAC_SHA384_192.rst - ENCTYPE_ARCFOUR_HMAC.rst - ENCTYPE_ARCFOUR_HMAC_EXP.rst - ENCTYPE_CAMELLIA128_CTS_CMAC.rst - ENCTYPE_CAMELLIA256_CTS_CMAC.rst - ENCTYPE_DES3_CBC_ENV.rst - ENCTYPE_DES3_CBC_RAW.rst - ENCTYPE_DES3_CBC_SHA.rst - ENCTYPE_DES3_CBC_SHA1.rst - ENCTYPE_DES_CBC_CRC.rst - ENCTYPE_DES_CBC_MD4.rst - ENCTYPE_DES_CBC_MD5.rst - ENCTYPE_DES_CBC_RAW.rst - ENCTYPE_DES_HMAC_SHA1.rst - ENCTYPE_DSA_SHA1_CMS.rst - ENCTYPE_MD5_RSA_CMS.rst - ENCTYPE_NULL.rst - ENCTYPE_RC2_CBC_ENV.rst - ENCTYPE_RSA_ENV.rst - ENCTYPE_RSA_ES_OAEP_ENV.rst - ENCTYPE_SHA1_RSA_CMS.rst - ENCTYPE_UNKNOWN.rst - KDC_OPT_ALLOW_POSTDATE.rst - KDC_OPT_CANONICALIZE.rst - KDC_OPT_CNAME_IN_ADDL_TKT.rst - KDC_OPT_DISABLE_TRANSITED_CHECK.rst - KDC_OPT_ENC_TKT_IN_SKEY.rst - KDC_OPT_FORWARDABLE.rst - KDC_OPT_FORWARDED.rst - KDC_OPT_POSTDATED.rst - KDC_OPT_PROXIABLE.rst - KDC_OPT_PROXY.rst - KDC_OPT_RENEW.rst - KDC_OPT_RENEWABLE.rst - KDC_OPT_RENEWABLE_OK.rst - KDC_OPT_REQUEST_ANONYMOUS.rst - KDC_OPT_VALIDATE.rst - KDC_TKT_COMMON_MASK.rst - KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.rst - KRB5_ANONYMOUS_PRINCSTR.rst - KRB5_ANONYMOUS_REALMSTR.rst - KRB5_AP_REP.rst - KRB5_AP_REQ.rst - KRB5_AS_REP.rst - KRB5_AS_REQ.rst - KRB5_AUTHDATA_AND_OR.rst - KRB5_AUTHDATA_AP_OPTIONS.rst - KRB5_AUTHDATA_AUTH_INDICATOR.rst - KRB5_AUTHDATA_CAMMAC.rst - KRB5_AUTHDATA_ETYPE_NEGOTIATION.rst - KRB5_AUTHDATA_FX_ARMOR.rst - KRB5_AUTHDATA_IF_RELEVANT.rst - KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.rst - KRB5_AUTHDATA_KDC_ISSUED.rst - KRB5_AUTHDATA_MANDATORY_FOR_KDC.rst - KRB5_AUTHDATA_OSF_DCE.rst - KRB5_AUTHDATA_SESAME.rst - KRB5_AUTHDATA_SIGNTICKET.rst - KRB5_AUTHDATA_WIN2K_PAC.rst - KRB5_AUTH_CONTEXT_DO_SEQUENCE.rst - KRB5_AUTH_CONTEXT_DO_TIME.rst - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.rst - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.rst - KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.rst - KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.rst - KRB5_AUTH_CONTEXT_PERMIT_ALL.rst - KRB5_AUTH_CONTEXT_RET_SEQUENCE.rst - KRB5_AUTH_CONTEXT_RET_TIME.rst - KRB5_AUTH_CONTEXT_USE_SUBKEY.rst - KRB5_CRED.rst - KRB5_CRYPTO_TYPE_CHECKSUM.rst - KRB5_CRYPTO_TYPE_DATA.rst - KRB5_CRYPTO_TYPE_EMPTY.rst - KRB5_CRYPTO_TYPE_HEADER.rst - KRB5_CRYPTO_TYPE_PADDING.rst - KRB5_CRYPTO_TYPE_SIGN_ONLY.rst - KRB5_CRYPTO_TYPE_STREAM.rst - KRB5_CRYPTO_TYPE_TRAILER.rst - KRB5_CYBERSAFE_SECUREID.rst - KRB5_DOMAIN_X500_COMPRESS.rst - KRB5_ENCPADATA_REQ_ENC_PA_REP.rst - KRB5_ERROR.rst - KRB5_FAST_REQUIRED.rst - KRB5_GC_CACHED.rst - KRB5_GC_CANONICALIZE.rst - KRB5_GC_CONSTRAINED_DELEGATION.rst - KRB5_GC_FORWARDABLE.rst - KRB5_GC_NO_STORE.rst - KRB5_GC_NO_TRANSIT_CHECK.rst - KRB5_GC_USER_USER.rst - KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.rst - KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.rst - KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.rst - KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.rst - KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.rst - KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.rst - KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.rst - KRB5_GET_INIT_CREDS_OPT_PROXIABLE.rst - KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.rst - KRB5_GET_INIT_CREDS_OPT_SALT.rst - KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.rst - KRB5_INIT_CONTEXT_SECURE.rst - KRB5_INIT_CONTEXT_KDC.rst - KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.rst - KRB5_INT16_MAX.rst - KRB5_INT16_MIN.rst - KRB5_INT32_MAX.rst - KRB5_INT32_MIN.rst - KRB5_KEYUSAGE_AD_ITE.rst - KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.rst - KRB5_KEYUSAGE_AD_MTE.rst - KRB5_KEYUSAGE_AD_SIGNEDPATH.rst - KRB5_KEYUSAGE_APP_DATA_CKSUM.rst - KRB5_KEYUSAGE_APP_DATA_ENCRYPT.rst - KRB5_KEYUSAGE_AP_REP_ENCPART.rst - KRB5_KEYUSAGE_AP_REQ_AUTH.rst - KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.rst - KRB5_KEYUSAGE_AS_REP_ENCPART.rst - KRB5_KEYUSAGE_AS_REQ.rst - KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.rst - KRB5_KEYUSAGE_CAMMAC.rst - KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.rst - KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.rst - KRB5_KEYUSAGE_FAST_ENC.rst - KRB5_KEYUSAGE_FAST_FINISHED.rst - KRB5_KEYUSAGE_FAST_REP.rst - KRB5_KEYUSAGE_FAST_REQ_CHKSUM.rst - KRB5_KEYUSAGE_GSS_TOK_MIC.rst - KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.rst - KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.rst - KRB5_KEYUSAGE_IAKERB_FINISHED.rst - KRB5_KEYUSAGE_KDC_REP_TICKET.rst - KRB5_KEYUSAGE_KRB_CRED_ENCPART.rst - KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst - KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst - KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst - KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst - KRB5_KEYUSAGE_PA_FX_COOKIE.rst - KRB5_KEYUSAGE_PA_OTP_REQUEST.rst - KRB5_KEYUSAGE_PA_PKINIT_KX.rst - KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.rst - KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.rst - KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst - KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst - KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst - KRB5_KEYUSAGE_SPAKE.rst - KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst - KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst - KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst - KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.rst - KRB5_KEYUSAGE_TGS_REQ_AUTH.rst - KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.rst - KRB5_KPASSWD_ACCESSDENIED.rst - KRB5_KPASSWD_AUTHERROR.rst - KRB5_KPASSWD_BAD_VERSION.rst - KRB5_KPASSWD_HARDERROR.rst - KRB5_KPASSWD_INITIAL_FLAG_NEEDED.rst - KRB5_KPASSWD_MALFORMED.rst - KRB5_KPASSWD_SOFTERROR.rst - KRB5_KPASSWD_SUCCESS.rst - KRB5_LRQ_ALL_ACCT_EXPTIME.rst - KRB5_LRQ_ALL_LAST_INITIAL.rst - KRB5_LRQ_ALL_LAST_RENEWAL.rst - KRB5_LRQ_ALL_LAST_REQ.rst - KRB5_LRQ_ALL_LAST_TGT.rst - KRB5_LRQ_ALL_LAST_TGT_ISSUED.rst - KRB5_LRQ_ALL_PW_EXPTIME.rst - KRB5_LRQ_NONE.rst - KRB5_LRQ_ONE_ACCT_EXPTIME.rst - KRB5_LRQ_ONE_LAST_INITIAL.rst - KRB5_LRQ_ONE_LAST_RENEWAL.rst - KRB5_LRQ_ONE_LAST_REQ.rst - KRB5_LRQ_ONE_LAST_TGT.rst - KRB5_LRQ_ONE_LAST_TGT_ISSUED.rst - KRB5_LRQ_ONE_PW_EXPTIME.rst - KRB5_NT_ENTERPRISE_PRINCIPAL.rst - KRB5_NT_ENT_PRINCIPAL_AND_ID.rst - KRB5_NT_MS_PRINCIPAL.rst - KRB5_NT_MS_PRINCIPAL_AND_ID.rst - KRB5_NT_PRINCIPAL.rst - KRB5_NT_SMTP_NAME.rst - KRB5_NT_SRV_HST.rst - KRB5_NT_SRV_INST.rst - KRB5_NT_SRV_XHST.rst - KRB5_NT_UID.rst - KRB5_NT_UNKNOWN.rst - KRB5_NT_WELLKNOWN.rst - KRB5_NT_X500_PRINCIPAL.rst - KRB5_PAC_ATTRIBUTES_INFO.rst - KRB5_PAC_CLIENT_INFO.rst - KRB5_PAC_CLIENT_CLAIMS.rst - KRB5_PAC_CREDENTIALS_INFO.rst - KRB5_PAC_DELEGATION_INFO.rst - KRB5_PAC_DEVICE_CLAIMS.rst - KRB5_PAC_DEVICE_INFO.rst - KRB5_PAC_LOGON_INFO.rst - KRB5_PAC_PRIVSVR_CHECKSUM.rst - KRB5_PAC_REQUESTOR.rst - KRB5_PAC_SERVER_CHECKSUM.rst - KRB5_PAC_TICKET_CHECKSUM.rst - KRB5_PAC_UPN_DNS_INFO.rst - KRB5_PAC_FULL_CHECKSUM.rst - KRB5_PADATA_AFS3_SALT.rst - KRB5_PADATA_AP_REQ.rst - KRB5_PADATA_AS_CHECKSUM.rst - KRB5_PADATA_AS_FRESHNESS.rst - KRB5_PADATA_ENCRYPTED_CHALLENGE.rst - KRB5_PADATA_ENC_SANDIA_SECURID.rst - KRB5_PADATA_ENC_TIMESTAMP.rst - KRB5_PADATA_ENC_UNIX_TIME.rst - KRB5_PADATA_ETYPE_INFO.rst - KRB5_PADATA_ETYPE_INFO2.rst - KRB5_PADATA_FOR_USER.rst - KRB5_PADATA_FX_COOKIE.rst - KRB5_PADATA_FX_ERROR.rst - KRB5_PADATA_FX_FAST.rst - KRB5_PADATA_GET_FROM_TYPED_DATA.rst - KRB5_PADATA_NONE.rst - KRB5_PADATA_OSF_DCE.rst - KRB5_PADATA_OTP_CHALLENGE.rst - KRB5_PADATA_OTP_PIN_CHANGE.rst - KRB5_PADATA_OTP_REQUEST.rst - KRB5_PADATA_PAC_OPTIONS.rst - KRB5_PADATA_PAC_REQUEST.rst - KRB5_PADATA_PKINIT_KX.rst - KRB5_PADATA_PK_AS_REP.rst - KRB5_PADATA_PK_AS_REP_OLD.rst - KRB5_PADATA_PK_AS_REQ.rst - KRB5_PADATA_PK_AS_REQ_OLD.rst - KRB5_PADATA_PW_SALT.rst - KRB5_PADATA_REFERRAL.rst - KRB5_PADATA_S4U_X509_USER.rst - KRB5_PADATA_SAM_CHALLENGE.rst - KRB5_PADATA_SAM_CHALLENGE_2.rst - KRB5_PADATA_SAM_REDIRECT.rst - KRB5_PADATA_SAM_RESPONSE.rst - KRB5_PADATA_SAM_RESPONSE_2.rst - KRB5_PADATA_SESAME.rst - KRB5_PADATA_SPAKE.rst - KRB5_PADATA_REDHAT_IDP_OAUTH2.rst - KRB5_PADATA_REDHAT_PASSKEY.rst - KRB5_PADATA_SVR_REFERRAL_INFO.rst - KRB5_PADATA_TGS_REQ.rst - KRB5_PADATA_USE_SPECIFIED_KVNO.rst - KRB5_PRINCIPAL_COMPARE_CASEFOLD.rst - KRB5_PRINCIPAL_COMPARE_ENTERPRISE.rst - KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.rst - KRB5_PRINCIPAL_COMPARE_UTF8.rst - KRB5_PRINCIPAL_PARSE_ENTERPRISE.rst - KRB5_PRINCIPAL_PARSE_IGNORE_REALM.rst - KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.rst - KRB5_PRINCIPAL_PARSE_NO_REALM.rst - KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.rst - KRB5_PRINCIPAL_UNPARSE_DISPLAY.rst - KRB5_PRINCIPAL_UNPARSE_NO_REALM.rst - KRB5_PRINCIPAL_UNPARSE_SHORT.rst - KRB5_PRIV.rst - KRB5_PROMPT_TYPE_NEW_PASSWORD.rst - KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.rst - KRB5_PROMPT_TYPE_PASSWORD.rst - KRB5_PROMPT_TYPE_PREAUTH.rst - KRB5_PVNO.rst - KRB5_REALM_BRANCH_CHAR.rst - KRB5_RECVAUTH_BADAUTHVERS.rst - KRB5_RECVAUTH_SKIP_VERSION.rst - KRB5_REFERRAL_REALM.rst - KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.rst - KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.rst - KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.rst - KRB5_RESPONDER_QUESTION_PKINIT.rst - KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.rst - KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.rst - KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.rst - KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.rst - KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.rst - KRB5_RESPONDER_OTP_FORMAT_DECIMAL.rst - KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.rst - KRB5_RESPONDER_QUESTION_OTP.rst - KRB5_RESPONDER_QUESTION_PASSWORD.rst - KRB5_SAFE.rst - KRB5_SAM_MUST_PK_ENCRYPT_SAD.rst - KRB5_SAM_SEND_ENCRYPTED_SAD.rst - KRB5_SAM_USE_SAD_AS_KEY.rst - KRB5_TC_MATCH_2ND_TKT.rst - KRB5_TC_MATCH_AUTHDATA.rst - KRB5_TC_MATCH_FLAGS.rst - KRB5_TC_MATCH_FLAGS_EXACT.rst - KRB5_TC_MATCH_IS_SKEY.rst - KRB5_TC_MATCH_KTYPE.rst - KRB5_TC_MATCH_SRV_NAMEONLY.rst - KRB5_TC_MATCH_TIMES.rst - KRB5_TC_MATCH_TIMES_EXACT.rst - KRB5_TC_NOTICKET.rst - KRB5_TC_OPENCLOSE.rst - KRB5_TC_SUPPORTED_KTYPES.rst - KRB5_TGS_NAME.rst - KRB5_TGS_NAME_SIZE.rst - KRB5_TGS_REP.rst - KRB5_TGS_REQ.rst - KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.rst - KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.rst - KRB5_WELLKNOWN_NAMESTR.rst - LR_TYPE_INTERPRETATION_MASK.rst - LR_TYPE_THIS_SERVER_ONLY.rst - MAX_KEYTAB_NAME_LEN.rst - MSEC_DIRBIT.rst - MSEC_VAL_MASK.rst - SALT_TYPE_AFS_LENGTH.rst - SALT_TYPE_NO_LENGTH.rst - THREEPARAMOPEN.rst - TKT_FLG_ANONYMOUS.rst - TKT_FLG_ENC_PA_REP.rst - TKT_FLG_FORWARDABLE.rst - TKT_FLG_FORWARDED.rst - TKT_FLG_HW_AUTH.rst - TKT_FLG_INITIAL.rst - TKT_FLG_INVALID.rst - TKT_FLG_MAY_POSTDATE.rst - TKT_FLG_OK_AS_DELEGATE.rst - TKT_FLG_POSTDATED.rst - TKT_FLG_PRE_AUTH.rst - TKT_FLG_PROXIABLE.rst - TKT_FLG_PROXY.rst - TKT_FLG_RENEWABLE.rst - TKT_FLG_TRANSIT_POLICY_CHECKED.rst - VALID_INT_BITS.rst - VALID_UINT_BITS.rst - krb5_const.rst - krb5_princ_component.rst - krb5_princ_name.rst - krb5_princ_realm.rst - krb5_princ_set_realm.rst - krb5_princ_set_realm_data.rst - krb5_princ_set_realm_length.rst - krb5_princ_size.rst - krb5_princ_type.rst - krb5_roundup.rst - krb5_x.rst - krb5_xc.rst - -Deprecated macros ------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb524_convert_creds_kdc.rst - krb524_init_ets.rst diff --git a/krb5-1.21.3/doc/appdev/refs/types/index.rst b/krb5-1.21.3/doc/appdev/refs/types/index.rst deleted file mode 100644 index d8d2a8f3..00000000 --- a/krb5-1.21.3/doc/appdev/refs/types/index.rst +++ /dev/null @@ -1,108 +0,0 @@ -krb5 types and structures -========================= - -Public -------- - -.. toctree:: - :maxdepth: 1 - - krb5_address.rst - krb5_addrtype.rst - krb5_ap_req.rst - krb5_ap_rep.rst - krb5_ap_rep_enc_part.rst - krb5_authdata.rst - krb5_authdatatype.rst - krb5_authenticator.rst - krb5_boolean.rst - krb5_checksum.rst - krb5_const_pointer.rst - krb5_const_principal.rst - krb5_cred.rst - krb5_cred_enc_part.rst - krb5_cred_info.rst - krb5_creds.rst - krb5_crypto_iov.rst - krb5_cryptotype.rst - krb5_data.rst - krb5_deltat.rst - krb5_enc_data.rst - krb5_enc_kdc_rep_part.rst - krb5_enc_tkt_part.rst - krb5_encrypt_block.rst - krb5_enctype.rst - krb5_error.rst - krb5_error_code.rst - krb5_expire_callback_func.rst - krb5_flags.rst - krb5_get_init_creds_opt.rst - krb5_gic_opt_pa_data.rst - krb5_int16.rst - krb5_int32.rst - krb5_kdc_rep.rst - krb5_kdc_req.rst - krb5_keyblock.rst - krb5_keytab_entry.rst - krb5_keyusage.rst - krb5_kt_cursor.rst - krb5_kvno.rst - krb5_last_req_entry.rst - krb5_magic.rst - krb5_mk_req_checksum_func.rst - krb5_msgtype.rst - krb5_octet.rst - krb5_pa_pac_req.rst - krb5_pa_server_referral_data.rst - krb5_pa_svr_referral_data.rst - krb5_pa_data.rst - krb5_pointer.rst - krb5_post_recv_fn.rst - krb5_pre_send_fn.rst - krb5_preauthtype.rst - krb5_principal.rst - krb5_principal_data.rst - krb5_prompt.rst - krb5_prompt_type.rst - krb5_prompter_fct.rst - krb5_pwd_data.rst - krb5_responder_context.rst - krb5_responder_fn.rst - krb5_responder_otp_challenge.rst - krb5_responder_otp_tokeninfo.rst - krb5_responder_pkinit_challenge.rst - krb5_responder_pkinit_identity.rst - krb5_response.rst - krb5_replay_data.rst - krb5_ticket.rst - krb5_ticket_times.rst - krb5_timestamp.rst - krb5_tkt_authent.rst - krb5_trace_callback.rst - krb5_trace_info.rst - krb5_transited.rst - krb5_typed_data.rst - krb5_ui_2.rst - krb5_ui_4.rst - krb5_verify_init_creds_opt.rst - passwd_phrase_element.rst - - -Internal ---------- - -.. toctree:: - :maxdepth: 1 - - krb5_auth_context.rst - krb5_cksumtype - krb5_context.rst - krb5_cc_cursor.rst - krb5_ccache.rst - krb5_cccol_cursor.rst - krb5_init_creds_context.rst - krb5_key.rst - krb5_keytab.rst - krb5_pac.rst - krb5_rcache.rst - krb5_tkt_creds_context.rst diff --git a/krb5-1.21.3/doc/appdev/refs/types/krb5_int32.rst b/krb5-1.21.3/doc/appdev/refs/types/krb5_int32.rst deleted file mode 100644 index 28baafa3..00000000 --- a/krb5-1.21.3/doc/appdev/refs/types/krb5_int32.rst +++ /dev/null @@ -1,12 +0,0 @@ -.. highlight:: c - -.. _krb5-int32-struct: - -krb5_int32 -========== - -.. -.. c:type:: krb5_int32 -.. - -krb5_int32 is a signed 32-bit integer type diff --git a/krb5-1.21.3/doc/appdev/refs/types/krb5_ui_4.rst b/krb5-1.21.3/doc/appdev/refs/types/krb5_ui_4.rst deleted file mode 100644 index 73eb38cf..00000000 --- a/krb5-1.21.3/doc/appdev/refs/types/krb5_ui_4.rst +++ /dev/null @@ -1,12 +0,0 @@ -.. highlight:: c - -.. _krb5-ui4-struct: - -krb5_ui_4 -========== - -.. -.. c:type:: krb5_ui_4 -.. - -krb5_ui_4 is an unsigned 32-bit integer type. diff --git a/krb5-1.21.3/doc/appdev/y2038.rst b/krb5-1.21.3/doc/appdev/y2038.rst deleted file mode 100644 index bc4122da..00000000 --- a/krb5-1.21.3/doc/appdev/y2038.rst +++ /dev/null @@ -1,28 +0,0 @@ -Year 2038 considerations for uses of krb5_timestamp -=================================================== - -POSIX time values, which measure the number of seconds since January 1 -1970, will exceed the maximum value representable in a signed 32-bit -integer in January 2038. This documentation describes considerations -for consumers of the MIT krb5 libraries. - -Applications or libraries which use libkrb5 and consume the timestamps -included in credentials or other structures make use of the -:c:type:`krb5_timestamp` type. For historical reasons, krb5_timestamp -is a signed 32-bit integer, even on platforms where a larger type is -natively used to represent time values. To behave properly for time -values after January 2038, calling code should cast krb5_timestamp -values to uint32_t, and then to time_t:: - - (time_t)(uint32_t)timestamp - -Used in this way, krb5_timestamp values can represent time values up -until February 2106, provided that the platform uses a 64-bit or -larger time_t type. This usage will also remain safe if a later -version of MIT krb5 changes krb5_timestamp to an unsigned 32-bit -integer. - -The GSSAPI only uses representations of time intervals, not absolute -times. Callers of the GSSAPI should require no changes to behave -correctly after January 2038, provided that they use MIT krb5 release -1.16 or later. diff --git a/krb5-1.21.3/doc/basic/ccache_def.rst b/krb5-1.21.3/doc/basic/ccache_def.rst deleted file mode 100644 index 53542add..00000000 --- a/krb5-1.21.3/doc/basic/ccache_def.rst +++ /dev/null @@ -1,160 +0,0 @@ -.. _ccache_definition: - -Credential cache -================ - -A credential cache (or "ccache") holds Kerberos credentials while they -remain valid and, generally, while the user's session lasts, so that -authenticating to a service multiple times (e.g., connecting to a web -or mail server more than once) doesn't require contacting the KDC -every time. - -A credential cache usually contains one initial ticket which is -obtained using a password or another form of identity verification. -If this ticket is a ticket-granting ticket, it can be used to obtain -additional credentials without the password. Because the credential -cache does not store the password, less long-term damage can be done -to the user's account if the machine is compromised. - -A credentials cache stores a default client principal name, set when -the cache is created. This is the name shown at the top of the -:ref:`klist(1)` *-A* output. - -Each normal cache entry includes a service principal name, a client -principal name (which, in some ccache types, need not be the same as -the default), lifetime information, and flags, along with the -credential itself. There are also other entries, indicated by special -names, that store additional information. - - -ccache types ------------- - -The credential cache interface, like the :ref:`keytab_definition` and -:ref:`rcache_definition` interfaces, uses `TYPE:value` strings to -indicate the type of credential cache and any associated cache naming -data to use. - -There are several kinds of credentials cache supported in the MIT -Kerberos library. Not all are supported on every platform. In most -cases, it should be correct to use the default type built into the -library. - -#. **API** is only implemented on Windows. It communicates with a - server process that holds the credentials in memory for the user, - rather than writing them to disk. - -#. **DIR** points to the storage location of the collection of the - credential caches in *FILE:* format. It is most useful when dealing - with multiple Kerberos realms and KDCs. For release 1.10 the - directory must already exist. In post-1.10 releases the - requirement is for parent directory to exist and the current - process must have permissions to create the directory if it does - not exist. See :ref:`col_ccache` for details. New in release 1.10. - The following residual forms are supported: - - * DIR:dirname - * DIR::dirpath/filename - a single cache within the directory - - Switching to a ccache of the latter type causes it to become the - primary for the directory. - -#. **FILE** caches are the simplest and most portable. A simple flat - file format is used to store one credential after another. This is - the default ccache type if no type is specified in a ccache name. - -#. **KCM** caches work by contacting a daemon process called ``kcm`` - to perform cache operations. If the cache name is just ``KCM:``, - the default cache as determined by the KCM daemon will be used. - Newly created caches must generally be named ``KCM:uid:name``, - where *uid* is the effective user ID of the running process. - - KCM client support is new in release 1.13. A KCM daemon has not - yet been implemented in MIT krb5, but the client will interoperate - with the KCM daemon implemented by Heimdal. macOS 10.7 and higher - provides a KCM daemon as part of the operating system, and the - **KCM** cache type is used as the default cache on that platform in - a default build. - -#. **KEYRING** is Linux-specific, and uses the kernel keyring support - to store credential data in unswappable kernel memory where only - the current user should be able to access it. The following - residual forms are supported: - - * KEYRING:name - * KEYRING:process:name - process keyring - * KEYRING:thread:name - thread keyring - - Starting with release 1.12 the *KEYRING* type supports collections. - The following new residual forms were added: - - * KEYRING:session:name - session keyring - * KEYRING:user:name - user keyring - * KEYRING:persistent:uidnumber - persistent per-UID collection. - Unlike the user keyring, this collection survives after the user - logs out, until the cache credentials expire. This type of - ccache requires support from the kernel; otherwise, it will fall - back to the user keyring. - - See :ref:`col_ccache` for details. - -#. **MEMORY** caches are for storage of credentials that don't need to - be made available outside of the current process. For example, a - memory ccache is used by :ref:`kadmin(1)` to store the - administrative ticket used to contact the admin server. Memory - ccaches are faster than file ccaches and are automatically - destroyed when the process exits. - -#. **MSLSA** is a Windows-specific cache type that accesses the - Windows credential store. - - -.. _col_ccache: - -Collections of caches ---------------------- - -Some credential cache types can support collections of multiple -caches. One of the caches in the collection is designated as the -*primary* and will be used when the collection is resolved as a cache. -When a collection-enabled cache type is the default cache for a -process, applications can search the specified collection for a -specific client principal, and GSSAPI applications will automatically -select between the caches in the collection based on criteria such as -the target service realm. - -Credential cache collections are new in release 1.10, with support -from the **DIR** and **API** ccache types. Starting in release 1.12, -collections are also supported by the **KEYRING** ccache type. -Collections are supported by the **KCM** ccache type in release 1.13. - - -Tool alterations to use cache collection -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -* :ref:`kdestroy(1)` *-A* will destroy all caches in the collection. -* If the default cache type supports switching, :ref:`kinit(1)` - *princname* will search the collection for a matching cache and - store credentials there, or will store credentials in a new unique - cache of the default type if no existing cache for the principal - exists. Either way, kinit will switch to the selected cache. -* :ref:`klist(1)` *-l* will list the caches in the collection. -* :ref:`klist(1)` *-A* will show the content of all caches in the - collection. -* :ref:`kswitch(1)` *-p princname* will search the collection for a - matching cache and switch to it. -* :ref:`kswitch(1)` *-c cachename* will switch to a specified cache. - - -Default ccache name -------------------- - -The default credential cache name is determined by the following, in -descending order of priority: - -#. The **KRB5CCNAME** environment variable. For example, - ``KRB5CCNAME=DIR:/mydir/``. - -#. The **default_ccache_name** profile variable in :ref:`libdefaults`. - -#. The hardcoded default, |ccache|. diff --git a/krb5-1.21.3/doc/basic/date_format.rst b/krb5-1.21.3/doc/basic/date_format.rst deleted file mode 100644 index 6ee82ce6..00000000 --- a/krb5-1.21.3/doc/basic/date_format.rst +++ /dev/null @@ -1,140 +0,0 @@ -.. _datetime: - -Supported date and time formats -=============================== - -.. _duration: - -Time duration -------------- - -This format is used to express a time duration in the Kerberos -configuration files and user commands. The allowed formats are: - - ====================== ============== ============ - Format Example Value - ---------------------- -------------- ------------ - h:m[:s] 36:00 36 hours - NdNhNmNs 8h30s 8 hours 30 seconds - N (number of seconds) 3600 1 hour - ====================== ============== ============ - -Here *N* denotes a number, *d* - days, *h* - hours, *m* - minutes, -*s* - seconds. - -.. note:: - - The time interval should not exceed 2147483647 seconds. - -Examples:: - - Request a ticket valid for one hour, five hours, 30 minutes - and 10 days respectively: - - kinit -l 3600 - kinit -l 5:00 - kinit -l 30m - kinit -l "10d 0h 0m 0s" - - -.. _getdate: - -getdate time ------------- - -Some of the kadmin and kdb5_util commands take a date-time in a -human-readable format. Some of the acceptable date-time -strings are: - - +-----------+------------------+-----------------+ - | | Format | Example | - +===========+==================+=================+ - | Date | mm/dd/yy | 07/27/12 | - | +------------------+-----------------+ - | | month dd, yyyy | Jul 27, 2012 | - | +------------------+-----------------+ - | | yyyy-mm-dd | 2012-07-27 | - +-----------+------------------+-----------------+ - | Absolute | HH:mm[:ss]pp | 08:30 PM | - | time +------------------+-----------------+ - | | hh:mm[:ss] | 20:30 | - +-----------+------------------+-----------------+ - | Relative | N tt | 30 sec | - | time | | | - +-----------+------------------+-----------------+ - | Time zone | Z | EST | - | +------------------+-----------------+ - | | z | -0400 | - +-----------+------------------+-----------------+ - -(See :ref:`abbreviation`.) - -Examples:: - - Create a principal that expires on the date indicated: - addprinc test1 -expire "3/27/12 10:00:07 EST" - addprinc test2 -expire "January 23, 2015 10:05pm" - addprinc test3 -expire "22:00 GMT" - Add a principal that will expire in 30 minutes: - addprinc test4 -expire "30 minutes" - - -.. _abstime: - -Absolute time -------------- - -This rarely used date-time format can be noted in one of the -following ways: - - - +------------------------+----------------------+--------------+ - | Format | Example | Value | - +========================+======================+==============+ - | yyyymmddhhmmss | 20141231235900 | One minute | - +------------------------+----------------------+ before 2015 | - | yyyy.mm.dd.hh.mm.ss | 2014.12.31.23.59.00 | | - +------------------------+----------------------+ | - | yymmddhhmmss | 141231235900 | | - +------------------------+----------------------+ | - | yy.mm.dd.hh.mm.ss | 14.12.31.23.59.00 | | - +------------------------+----------------------+ | - | dd-month-yyyy:hh:mm:ss | 31-Dec-2014:23:59:00 | | - +------------------------+----------------------+--------------+ - | hh:mm:ss | 20:00:00 | 8 o'clock in | - +------------------------+----------------------+ the evening | - | hhmmss | 200000 | | - +------------------------+----------------------+--------------+ - -(See :ref:`abbreviation`.) - -Example:: - - Set the default expiration date to July 27, 2012 at 20:30 - default_principal_expiration = 20120727203000 - - -.. _abbreviation: - -Abbreviations used in this document -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -| *month* : locale’s month name or its abbreviation; -| *dd* : day of month (01-31); -| *HH* : hours (00-12); -| *hh* : hours (00-23); -| *mm* : in time - minutes (00-59); in date - month (01-12); -| *N* : number; -| *pp* : AM or PM; -| *ss* : seconds (00-60); -| *tt* : time units (hours, minutes, min, seconds, sec); -| *yyyy* : year; -| *yy* : last two digits of the year; -| *Z* : alphabetic time zone abbreviation; -| *z* : numeric time zone; - -.. note:: - - - If the date specification contains spaces, you may need to - enclose it in double quotes; - - All keywords are case-insensitive. diff --git a/krb5-1.21.3/doc/basic/index.rst b/krb5-1.21.3/doc/basic/index.rst deleted file mode 100644 index 87a9b547..00000000 --- a/krb5-1.21.3/doc/basic/index.rst +++ /dev/null @@ -1,14 +0,0 @@ -.. _basic_concepts: - -Kerberos V5 concepts -==================== - - -.. toctree:: - :maxdepth: 1 - - ccache_def - keytab_def - rcache_def - stash_file_def - date_format diff --git a/krb5-1.21.3/doc/basic/keytab_def.rst b/krb5-1.21.3/doc/basic/keytab_def.rst deleted file mode 100644 index 6c7fcc3b..00000000 --- a/krb5-1.21.3/doc/basic/keytab_def.rst +++ /dev/null @@ -1,59 +0,0 @@ -.. _keytab_definition: - -keytab -====== - -A keytab (short for "key table") stores long-term keys for one or more -principals. Keytabs are normally represented by files in a standard -format, although in rare cases they can be represented in other ways. -Keytabs are used most often to allow server applications to accept -authentications from clients, but can also be used to obtain initial -credentials for client applications. - -Keytabs are named using the format *type*\ ``:``\ *value*. Usually -*type* is ``FILE`` and *value* is the absolute pathname of the file. -The other possible value for *type* is ``MEMORY``, which indicates a -temporary keytab stored in the memory of the current process. - -A keytab contains one or more entries, where each entry consists of a -timestamp (indicating when the entry was written to the keytab), a -principal name, a key version number, an encryption type, and the -encryption key itself. - -A keytab can be displayed using the :ref:`klist(1)` command with the -``-k`` option. Keytabs can be created or appended to by extracting -keys from the KDC database using the :ref:`kadmin(1)` :ref:`ktadd` -command. Keytabs can be manipulated using the :ref:`ktutil(1)` and -:ref:`k5srvutil(1)` commands. - - -Default keytab --------------- - -The default keytab is used by server applications if the application -does not request a specific keytab. The name of the default keytab is -determined by the following, in decreasing order of preference: - -#. The **KRB5_KTNAME** environment variable. - -#. The **default_keytab_name** profile variable in :ref:`libdefaults`. - -#. The hardcoded default, |keytab|. - - -Default client keytab ---------------------- - -The default client keytab is used, if it is present and readable, to -automatically obtain initial credentials for GSSAPI client -applications. The principal name of the first entry in the client -keytab is used by default when obtaining initial credentials. The -name of the default client keytab is determined by the following, in -decreasing order of preference: - -#. The **KRB5_CLIENT_KTNAME** environment variable. - -#. The **default_client_keytab_name** profile variable in - :ref:`libdefaults`. - -#. The hardcoded default, |ckeytab|. diff --git a/krb5-1.21.3/doc/basic/rcache_def.rst b/krb5-1.21.3/doc/basic/rcache_def.rst deleted file mode 100644 index a80cf5af..00000000 --- a/krb5-1.21.3/doc/basic/rcache_def.rst +++ /dev/null @@ -1,111 +0,0 @@ -.. _rcache_definition: - -replay cache -============ - -A replay cache (or "rcache") keeps track of all authenticators -recently presented to a service. If a duplicate authentication -request is detected in the replay cache, an error message is sent to -the application program. - -The replay cache interface, like the credential cache and -:ref:`keytab_definition` interfaces, uses `type:residual` strings to -indicate the type of replay cache and any associated cache naming -data to use. - -Background information ----------------------- - -Some Kerberos or GSSAPI services use a simple authentication mechanism -where a message is sent containing an authenticator, which establishes -the encryption key that the client will use for talking to the -service. But nothing about that prevents an eavesdropper from -recording the messages sent by the client, establishing a new -connection, and re-sending or "replaying" the same messages; the -replayed authenticator will establish the same encryption key for the -new session, and the following messages will be decrypted and -processed. The attacker may not know what the messages say, and can't -generate new messages under the same encryption key, but in some -instances it may be harmful to the user (or helpful to the attacker) -to cause the server to see the same messages again a second time. For -example, if the legitimate client sends "delete first message in -mailbox", a replay from an attacker may delete another, different -"first" message. (Protocol design to guard against such problems has -been discussed in :rfc:`4120#section-10`.) - -Even if one protocol uses further protection to verify that the client -side of the connection actually knows the encryption keys (and thus is -presumably a legitimate user), if another service uses the same -service principal name, it may be possible to record an authenticator -used with the first protocol and "replay" it against the second. - -The replay cache mitigates these attacks somewhat, by keeping track of -authenticators that have been seen until their five-minute window -expires. Different authenticators generated by multiple connections -from the same legitimate client will generally have different -timestamps, and thus will not be considered the same. - -This mechanism isn't perfect. If a message is sent to one application -server but a man-in-the-middle attacker can prevent it from actually -arriving at that server, the attacker could then use the authenticator -(once!) against a different service on the same host. This could be a -problem if the message from the client included something more than -authentication in the first message that could be useful to the -attacker (which is uncommon; in most protocols the server has to -indicate a successful authentication before the client sends -additional messages), or if the simple act of presenting the -authenticator triggers some interesting action in the service being -attacked. - -Replay cache types ------------------- - -Unlike the credential cache and keytab interfaces, replay cache types -are in lowercase. The following types are defined: - -#. **none** disables the replay cache. The residual value is ignored. - -#. **file2** (new in release 1.18) uses a hash-based format to store - replay records. The file may grow to accommodate hash collisions. - The residual value is the filename. - -#. **dfl** is the default type if no environment variable or - configuration specifies a different type. It stores replay data in - a file2 replay cache with a filename based on the effective uid. - The residual value is ignored. - -For the dfl type, the location of the replay cache file is determined -as follows: - -#. The directory is taken from the **KRB5RCACHEDIR** environment - variable, or the **TMPDIR** environment variable, or a temporary - directory determined at configuration time such as ``/var/tmp``, in - descending order of preference. - -#. The filename is ``krb5_EUID.rcache2`` where EUID is the effective - uid of the process. - -#. The file is opened without following symbolic links, and ownership - of the file is verified to match the effective uid. - -On Windows, the directory for the dfl type is the local appdata -directory, unless overridden by the **KRB5RCACHEDIR** environment -variable. The filename on Windows is ``krb5.rcache2``, and the file -is opened normally. - -Default replay cache name -------------------------- - -The default replay cache name is determined by the following, in -descending order of priority: - -#. The **KRB5RCACHENAME** environment variable (new in release 1.18). - -#. The **KRB5RCACHETYPE** environment variable. If this variable is - set, the residual value is empty. - -#. The **default_rcache_name** profile variable in :ref:`libdefaults` - (new in release 1.18). - -#. If none of the above are set, the default replay cache name is - ``dfl:``. diff --git a/krb5-1.21.3/doc/basic/stash_file_def.rst b/krb5-1.21.3/doc/basic/stash_file_def.rst deleted file mode 100644 index 256e2c27..00000000 --- a/krb5-1.21.3/doc/basic/stash_file_def.rst +++ /dev/null @@ -1,25 +0,0 @@ -.. _stash_definition: - - -stash file -============ - -The stash file is a local copy of the master key that resides in -encrypted form on the KDC's local disk. The stash file is used to -authenticate the KDC to itself automatically before starting the -:ref:`kadmind(8)` and :ref:`krb5kdc(8)` daemons (e.g., as part of the -machine's boot sequence). The stash file, like the keytab file (see -:ref:`keytab_file`) is a potential point-of-entry for a break-in, and -if compromised, would allow unrestricted access to the Kerberos -database. If you choose to install a stash file, it should be -readable only by root, and should exist only on the KDC's local disk. -The file should not be part of any backup of the machine, unless -access to the backup data is secured as tightly as access to the -master password itself. - -.. note:: - - If you choose not to install a stash file, the KDC will prompt you for the master key each time it starts up. - This means that the KDC will not be able to start automatically, such as after a system reboot. - - diff --git a/krb5-1.21.3/doc/build/directory_org.rst b/krb5-1.21.3/doc/build/directory_org.rst deleted file mode 100644 index 109b69a3..00000000 --- a/krb5-1.21.3/doc/build/directory_org.rst +++ /dev/null @@ -1,75 +0,0 @@ -Organization of the source directory -==================================== - -Below is a brief overview of the organization of the complete source -directory. More detailed descriptions follow. - -=============== ============================================== -appl Kerberos application client and server programs -ccapi Credential cache services -clients Kerberos V5 user programs (See :ref:`user_commands`) -config Configure scripts -config-files Sample Kerberos configuration files -include include files needed to build the Kerberos system -kadmin Administrative interface to the Kerberos database: :ref:`kadmin(1)`, :ref:`kdb5_util(8)`, :ref:`ktutil(1)`. -kdc Kerberos V5 Authentication Service and Key Distribution Center -lib_ Libraries for use with/by Kerberos V5 -plugins Kerberos plugins directory -po Localization infrastructure -prototype Templates files containing the MIT copyright message and a placeholder for the title and description of the file. -kprop Utilities for propagating the database to replica KDCs :ref:`kprop(8)` and :ref:`kpropd(8)` -tests Test suite -util_ Various utilities for building/configuring the code, sending bug reports, etc. -windows Source code for building Kerberos V5 on Windows (see windows/README) -=============== ============================================== - - -.. _lib: - -lib ---- - -The lib directory contain several subdirectories as well as some -definition and glue files. - - - The apputils directory contains the code for the generic network - servicing. - - The crypto subdirectory contains the Kerberos V5 encryption - library. - - The gssapi library contains the Generic Security Services API, - which is a library of commands to be used in secure client-server - communication. - - The kadm5 directory contains the libraries for the KADM5 - administration utilities. - - The Kerberos 5 database libraries are contained in kdb. - - The krb5 directory contains Kerberos 5 API. - - The rpc directory contains the API for the Kerberos Remote - Procedure Call protocol. - - -.. _util: - -util ----- - -The util directory contains several utility programs and libraries. - - the programs used to configure and build the code, such as - autoconf, lndir, kbuild, reconf, and makedepend, are in this - directory. - - the profile directory contains most of the functions which parse - the Kerberos configuration files (krb5.conf and kdc.conf). - - the Kerberos error table library and utilities (et); - - the Sub-system library and utilities (ss); - - database utilities (db2); - - pseudo-terminal utilities (pty); - - bug-reporting program send-pr; - - a generic support library support used by several of our other - libraries; - - the build infrastructure for building lightweight Kerberos client - (collected-client-lib) - - the tool for validating Kerberos configuration files - (confvalidator); - - the toolkit for kernel integrators for building krb5 code subsets - (gss-kernel-lib); - - source code for building Kerberos V5 on MacOS (mac) - - Windows getopt operations (windows) diff --git a/krb5-1.21.3/doc/build/doing_build.rst b/krb5-1.21.3/doc/build/doing_build.rst deleted file mode 100644 index 59cb546c..00000000 --- a/krb5-1.21.3/doc/build/doing_build.rst +++ /dev/null @@ -1,148 +0,0 @@ -Doing the build -=============== - -.. _do_build: - -Building within a single tree ------------------------------ - -If you only need to build Kerberos for one platform, using a single -directory tree which contains both the source files and the object -files is the simplest. However, if you need to maintain Kerberos for -a large number of platforms, you will probably want to use separate -build trees for each platform. We recommend that you look at OS -Incompatibilities, for notes that we have on particular operating -systems. - -If you don't want separate build trees for each architecture, then use -the following abbreviated procedure:: - - cd /u1/krb5-VERSION/src - ./configure - make - -That's it! - -Building with separate build directories ----------------------------------------- - -If you wish to keep separate build directories for each platform, you -can do so using the following procedure. (Note, this requires that -your make program support VPATH. GNU's make will provide this -functionality, for example.) If your make program does not support -this, see the next section. - -For example, if you wish to store the binaries in ``tmpbuild`` build -directory you might use the following procedure:: - - mkdir /u1/tmpbuild - cd /u1/tmpbuild - /u1/krb5-VERSION/src/configure - make - - -Building using lndir --------------------- - -If you wish to keep separate build directories for each platform, and -you do not have access to a make program which supports VPATH, all is -not lost. You can use the lndir program to create symbolic link trees -in your build directory. - -For example, if you wish to create a build directory for solaris -binaries you might use the following procedure:: - - mkdir /u1/krb5-VERSION/solaris - cd /u1/krb5-VERSION/solaris - /u1/krb5-VERSION/src/util/lndir `pwd`/../src - ./configure - make - -You must give an absolute pathname to lndir because it has a bug that -makes it fail for relative pathnames. Note that this version differs -from the latest version as distributed and installed by the -XConsortium with X11R6. Either version should be acceptable. - - -Installing the binaries ------------------------ - -Once you have built Kerberos, you should install the binaries. You can -do this by running:: - - make install - -If you want to install the binaries into a destination directory that -is not their final destination, which may be convenient if you want to -build a binary distribution to be deployed on multiple hosts, you may -use:: - - make install DESTDIR=/path/to/destdir - -This will install the binaries under *DESTDIR/PREFIX*, e.g., the user -programs will install into *DESTDIR/PREFIX/bin*, the libraries into -*DESTDIR/PREFIX/lib*, etc. *DESTDIR* must be an absolute path. - -Some implementations of make allow multiple commands to be run in -parallel, for faster builds. We test our Makefiles in parallel builds -with GNU make only; they may not be compatible with other parallel -build implementations. - - -Testing the build ------------------ - -The Kerberos V5 distribution comes with built-in regression tests. To -run them, simply type the following command while in the top-level -build directory (i.e., the directory where you sent typed make to -start building Kerberos; see :ref:`do_build`):: - - make check - -On some operating systems, you have to run ``make install`` before -running ``make check``, or the test suite will pick up installed -versions of Kerberos libraries rather than the newly built ones. You -can install into a prefix that isn't in the system library search -path, though. Alternatively, you can configure with -**-**\ **-disable-rpath**, which renders the build tree less suitable -for installation, but allows testing without interference from -previously installed libraries. - -There are additional regression tests available, which are not run -by ``make check``. These tests require manual setup and teardown of -support infrastructure which is not easily automated, or require -excessive resources for ordinary use. The procedure for running -the manual tests is documented at -https://k5wiki.kerberos.org/wiki/Manual_Testing. - - -Cleaning up the build ---------------------- - -* Use ``make clean`` to remove all files generated by running make - command. -* Use ``make distclean`` to remove all files generated by running - ./configure script. After running ``make distclean`` your source - tree (ideally) should look like the raw (just un-tarred) source - tree. - -Using autoconf --------------- - -(If you are not a developer, you can ignore this section.) - -In the Kerberos V5 source directory, there is a configure script which -automatically determines the compilation environment and creates the -proper Makefiles for a particular platform. This configure script is -generated using autoconf, which you should already have installed if -you will be making changes to ``src/configure.in``. - -Normal users will not need to worry about running autoconf; the -distribution comes with the configure script already prebuilt. - -The autoconf package comes with a script called ``autoreconf`` that -will automatically run ``autoconf`` and ``autoheader`` as needed. You -should run ``autoreconf`` from the top source directory, e.g.:: - - cd /u1/krb5-VERSION/src - autoreconf --verbose diff --git a/krb5-1.21.3/doc/build/index.rst b/krb5-1.21.3/doc/build/index.rst deleted file mode 100644 index f321d020..00000000 --- a/krb5-1.21.3/doc/build/index.rst +++ /dev/null @@ -1,63 +0,0 @@ -.. _build_V5: - -Building Kerberos V5 -==================== - -This section details how to build and install MIT Kerberos software -from the source. - -Prerequisites -------------- - -In order to build Kerberos V5, you will need approximately 60-70 -megabytes of disk space. The exact amount will vary depending on the -platform and whether the distribution is compiled with debugging -symbol tables or not. - -Your C compiler must conform to ANSI C (ISO/IEC 9899:1990, "c89"). -Some operating systems do not have an ANSI C compiler, or their -default compiler requires extra command-line options to enable ANSI C -conformance. - -If you wish to keep a separate build tree, which contains the compiled -\*.o file and executables, separate from your source tree, you will -need a make program which supports **VPATH**, or you will need to use -a tool such as lndir to produce a symbolic link tree for your build -tree. - -Obtaining the software ----------------------- - -The source code can be obtained from MIT Kerberos Distribution page, -at https://kerberos.org/dist/index.html. -The MIT Kerberos distribution comes in an archive file, generally -named krb5-VERSION-signed.tar, where *VERSION* is a placeholder for -the major and minor versions of MIT Kerberos. (For example, MIT -Kerberos 1.9 has major version "1" and minor version "9".) - -The krb5-VERSION-signed.tar contains a compressed tar file consisting -of the sources for all of Kerberos (generally named -krb5-VERSION.tar.gz) and a PGP signature file for this source tree -(generally named krb5-VERSION.tar.gz.asc). MIT highly recommends that -you verify the integrity of the source code using this signature, -e.g., by running:: - - tar xf krb5-VERSION-signed.tar - gpg --verify krb5-VERSION.tar.gz.asc - -Unpack krb5-VERSION.tar.gz in some directory. In this section we will assume -that you have chosen the top directory of the distribution the directory -``/u1/krb5-VERSION``. - -Review the README file for the license, copyright and other sprecific to the -distribution information. - -Contents --------- -.. toctree:: - :maxdepth: 1 - - directory_org.rst - doing_build.rst - options2configure.rst - osconf.rst diff --git a/krb5-1.21.3/doc/build/options2configure.rst b/krb5-1.21.3/doc/build/options2configure.rst deleted file mode 100644 index e879b18b..00000000 --- a/krb5-1.21.3/doc/build/options2configure.rst +++ /dev/null @@ -1,397 +0,0 @@ -.. _options2configure: - -Options to *configure* -====================== - -There are a number of options to configure which you can use to -control how the Kerberos distribution is built. - -Most commonly used options --------------------------- - -**-**\ **-help** - Provides help to configure. This will list the set of commonly - used options for building Kerberos. - -**-**\ **-prefix=**\ *PREFIX* - By default, Kerberos will install the package's files rooted at - ``/usr/local``. If you desire to place the binaries into the - directory *PREFIX*, use this option. - -**-**\ **-exec-prefix=**\ *EXECPREFIX* - This option allows one to separate the architecture independent - programs from the host-dependent files (configuration files, - manual pages). Use this option to install architecture-dependent - programs in *EXECPREFIX*. The default location is the value of - specified by **-**\ **-prefix** option. - -**-**\ **-localstatedir=**\ *LOCALSTATEDIR* - This option sets the directory for locally modifiable - single-machine data. In Kerberos, this mostly is useful for - setting a location for the KDC data files, as they will be - installed in ``LOCALSTATEDIR/krb5kdc``, which is by default - ``PREFIX/var/krb5kdc``. - -**-**\ **-with-netlib**\ [=\ *libs*] - Allows for suppression of or replacement of network libraries. By - default, Kerberos V5 configuration will look for ``-lnsl`` and - ``-lsocket``. If your operating system has a broken resolver - library or fails to pass the tests in ``src/tests/resolv``, you - will need to use this option. - -**-**\ **-enable-dns-for-realm** - Enable the use of DNS to look up a host's Kerberos realm, - if the information is not provided in - :ref:`krb5.conf(5)`. See :ref:`mapping_hostnames` - for information about using DNS to determine the default realm. - DNS lookups for realm names are disabled by default. - -**-**\ **-with-system-et** - Use an installed version of the error-table (et) support software, - the compile_et program, the com_err.h header file and the com_err - library. If these are not in the default locations, you may wish - to specify ``CPPFLAGS=-I/some/dir`` and - ``LDFLAGS=-L/some/other/dir`` options at configuration time as - well. - - If this option is not given, a version supplied with the Kerberos - sources will be built and installed along with the rest of the - Kerberos tree, for Kerberos applications to link against. - -**-**\ **-with-system-ss** - Use an installed version of the subsystem command-line interface - software, the mk_cmds program, the ``ss/ss.h`` header file and the - ss library. If these are not in the default locations, you may - wish to specify ``CPPFLAGS=-I/some/dir`` and - ``LDFLAGS=-L/some/other/dir`` options at configuration time as - well. See also the **SS_LIB** option. - - If this option is not given, the ss library supplied with the - Kerberos sources will be compiled and linked into those programs - that need it; it will not be installed separately. - -**-**\ **-with-system-db** - Use an installed version of the Berkeley DB package, which must - provide an API compatible with version 1.85. This option is - unsupported and untested. In particular, we do not know if the - database-rename code used in the dumpfile load operation will - behave properly. - - If this option is not given, a version supplied with the Kerberos - sources will be built and installed. (We are not updating this - version at this time because of licensing issues with newer - versions that we haven't investigated sufficiently yet.) - - -Environment variables ---------------------- - -**CC=**\ *COMPILER* - Use *COMPILER* as the C compiler. - -**CFLAGS=**\ *FLAGS* - Use *FLAGS* as the default set of C compiler flags. - -**CPP=**\ *CPP* - C preprocessor to use. (e.g., ``CPP='gcc -E'``) - -**CPPFLAGS=**\ *CPPOPTS* - Use *CPPOPTS* as the default set of C preprocessor flags. The - most common use of this option is to select certain #define's for - use with the operating system's include files. - - -**DB_HEADER=**\ *headername* - If db.h is not the correct header file to include to compile - against the Berkeley DB 1.85 API, specify the correct header file - name with this option. For example, ``DB_HEADER=db3/db_185.h``. - -**DB_LIB=**\ *libs*... - If ``-ldb`` is not the correct library specification for the - Berkeley DB library version to be used, override it with this - option. For example, ``DB_LIB=-ldb-3.3``. - -**DEFCCNAME=**\ *ccachename* - Override the built-in default credential cache name. - For example, ``DEFCCNAME=DIR:/var/run/user/%{USERID}/ccache`` - See :ref:`parameter_expansion` for information about supported - parameter expansions. - -**DEFCKTNAME=**\ *keytabname* - Override the built-in default client keytab name. - The format is the same as for *DEFCCNAME*. - -**DEFKTNAME=**\ *keytabname* - Override the built-in default keytab name. - The format is the same as for *DEFCCNAME*. - -**LD=**\ *LINKER* - Use *LINKER* as the default loader if it should be different from - C compiler as specified above. - -**LDFLAGS=**\ *LDOPTS* - This option informs the linker where to get additional libraries - (e.g., ``-L``). - -**LIBS=**\ *LDNAME* - This option allows one to specify libraries to be passed to the - linker (e.g., ``-l``) - -**PKCS11_MODNAME=**\ *library* - Override the built-in default PKCS11 library name. - -**SS_LIB=**\ *libs*... - If ``-lss`` is not the correct way to link in your installed ss - library, for example if additional support libraries are needed, - specify the correct link options here. Some variants of this - library are around which allow for Emacs-like line editing, but - different versions require different support libraries to be - explicitly specified. - - This option is ignored if **-**\ **-with-system-ss** is not specified. - -**YACC** - The 'Yet Another C Compiler' implementation to use. Defaults to - the first program found out of: '`bison -y`', '`byacc`', - '`yacc`'. - -**YFLAGS** - The list of arguments that will be passed by default to $YACC. - This script will default YFLAGS to the empty string to avoid a - default value of ``-d`` given by some make applications. - - -Fine tuning of the installation directories -------------------------------------------- - -**-**\ **-bindir=**\ *DIR* - User executables. Defaults to ``EXECPREFIX/bin``, where - *EXECPREFIX* is the path specified by **-**\ **-exec-prefix** - configuration option. - -**-**\ **-sbindir=**\ *DIR* - System admin executables. Defaults to ``EXECPREFIX/sbin``, where - *EXECPREFIX* is the path specified by **-**\ **-exec-prefix** - configuration option. - -**-**\ **-sysconfdir=**\ *DIR* - Read-only single-machine data such as krb5.conf. - Defaults to ``PREFIX/etc``, where - *PREFIX* is the path specified by **-**\ **-prefix** configuration - option. - -**-**\ **-libdir=**\ *DIR* - Object code libraries. Defaults to ``EXECPREFIX/lib``, where - *EXECPREFIX* is the path specified by **-**\ **-exec-prefix** - configuration option. - -**-**\ **-includedir=**\ *DIR* - C header files. Defaults to ``PREFIX/include``, where *PREFIX* is - the path specified by **-**\ **-prefix** configuration option. - -**-**\ **-datarootdir=**\ *DATAROOTDIR* - Read-only architecture-independent data root. Defaults to - ``PREFIX/share``, where *PREFIX* is the path specified by - **-**\ **-prefix** configuration option. - -**-**\ **-datadir=**\ *DIR* - Read-only architecture-independent data. Defaults to path - specified by **-**\ **-datarootdir** configuration option. - -**-**\ **-localedir=**\ *DIR* - Locale-dependent data. Defaults to ``DATAROOTDIR/locale``, where - *DATAROOTDIR* is the path specified by **-**\ **-datarootdir** - configuration option. - -**-**\ **-mandir=**\ *DIR* - Man documentation. Defaults to ``DATAROOTDIR/man``, where - *DATAROOTDIR* is the path specified by **-**\ **-datarootdir** - configuration option. - - -Program names -------------- - -**-**\ **-program-prefix=**\ *PREFIX* - Prepend *PREFIX* to the names of the programs when installing - them. For example, specifying ``--program-prefix=mit-`` at the - configure time will cause the program named ``abc`` to be - installed as ``mit-abc``. - -**-**\ **-program-suffix=**\ *SUFFIX* - Append *SUFFIX* to the names of the programs when installing them. - For example, specifying ``--program-suffix=-mit`` at the configure - time will cause the program named ``abc`` to be installed as - ``abc-mit``. - -**-**\ **-program-transform-name=**\ *PROGRAM* - Run ``sed -e PROGRAM`` on installed program names. (*PROGRAM* is a - sed script). - - -System types ------------- - -**-**\ **-build=**\ *BUILD* - Configure for building on *BUILD* - (e.g., ``--build=x86_64-linux-gnu``). - -**-**\ **-host=**\ *HOST* - Cross-compile to build programs to run on *HOST* - (e.g., ``--host=x86_64-linux-gnu``). By default, Kerberos V5 - configuration will look for "build" option. - - -Optional features ------------------ - -**-**\ **-disable-option-checking** - Ignore unrecognized --enable/--with options. - -**-**\ **-disable-**\ *FEATURE* - Do not include *FEATURE* (same as --enable-FEATURE=no). - -**-**\ **-enable-**\ *FEATURE*\ [=\ *ARG*] - Include *FEATURE* [ARG=yes]. - -**-**\ **-enable-maintainer-mode** - Enable rebuilding of source files, Makefiles, etc. - -**-**\ **-disable-delayed-initialization** - Initialize library code when loaded. Defaults to delay until - first use. - -**-**\ **-disable-thread-support** - Don't enable thread support. Defaults to enabled. - -**-**\ **-disable-rpath** - Suppress run path flags in link lines. - -**-**\ **-enable-athena** - Build with MIT Project Athena configuration. - -**-**\ **-disable-kdc-lookaside-cache** - Disable the cache which detects client retransmits. - -**-**\ **-disable-pkinit** - Disable PKINIT plugin support. - -**-**\ **-disable-aesni** - Disable support for using AES instructions on x86 platforms. - -**-**\ **-enable-asan**\ [=\ *ARG*] - Enable building with asan memory error checking. If *ARG* is - given, it controls the -fsanitize compilation flag value (the - default is "address"). - - -Optional packages ------------------ - -**-**\ **-with-**\ *PACKAGE*\ [=ARG\] - Use *PACKAGE* (e.g., ``--with-imap``). The default value of *ARG* - is ``yes``. - -**-**\ **-without-**\ *PACKAGE* - Do not use *PACKAGE* (same as ``--with-PACKAGE=no``) - (e.g., ``--without-libedit``). - -**-**\ **-with-size-optimizations** - Enable a few optimizations to reduce code size possibly at some - run-time cost. - -**-**\ **-with-system-et** - Use the com_err library and compile_et utility that are already - installed on the system, instead of building and installing - local versions. - -**-**\ **-with-system-ss** - Use the ss library and mk_cmds utility that are already installed - on the system, instead of building and using private versions. - -**-**\ **-with-system-db** - Use the berkeley db utility already installed on the system, - instead of using a private version. This option is not - recommended; enabling it may result in incompatibility with key - databases originating on other systems. - -**-**\ **-with-netlib=**\ *LIBS* - Use the resolver library specified in *LIBS*. Use this variable - if the C library resolver is insufficient or broken. - -**-**\ **-with-hesiod=**\ *path* - Compile with Hesiod support. The *path* points to the Hesiod - directory. By default Hesiod is unsupported. - -**-**\ **-with-ldap** - Compile OpenLDAP database backend module. - -**-**\ **-with-lmdb** - Compile LMDB database backend module. - -**-**\ **-with-vague-errors** - Do not send helpful errors to client. For example, if the KDC - should return only vague error codes to clients. - -**-**\ **-with-crypto-impl=**\ *IMPL* - Use specified crypto implementation (e.g., **-**\ - **-with-crypto-impl=**\ *openssl*). The default is the native MIT - Kerberos implementation ``builtin``. The other currently - implemented crypto backend is ``openssl``. (See - :ref:`mitK5features`) - -**-**\ **-without-libedit** - Do not compile and link against libedit. Some utilities will no - longer offer command history or completion in interactive mode if - libedit is disabled. - -**-**\ **-with-readline** - Compile and link against GNU readline, as an alternative to libedit. - -**-**\ **-with-system-verto** - Use an installed version of libverto. If the libverto header and - library are not in default locations, you may wish to specify - ``CPPFLAGS=-I/some/dir`` and ``LDFLAGS=-L/some/other/dir`` options - at configuration time as well. - - If this option is not given, the build system will try to detect - an installed version of libverto and use it if it is found. - Otherwise, a version supplied with the Kerberos sources will be - built and installed. The built-in version does not contain the - full set of back-end modules and is not a suitable general - replacement for the upstream version, but will work for the - purposes of Kerberos. - - Specifying **-**\ **-without-system-verto** will cause the built-in - version of libverto to be used unconditionally. - -**-**\ **-with-krb5-config=**\ *PATH* - Use the krb5-config program at *PATH* to obtain the build-time - default credential cache, keytab, and client keytab names. The - default is to use ``krb5-config`` from the program path. Specify - ``--without-krb5-config`` to disable the use of krb5-config and - use the usual built-in defaults. - -**-**\ **-without-keyutils** - Build without libkeyutils support. This disables the KEYRING - credential cache type. - - -Examples --------- - -For example, in order to configure Kerberos on a Solaris machine using -the suncc compiler with the optimizer turned on, run the configure -script with the following options:: - - % ./configure CC=suncc CFLAGS=-O - -For a slightly more complicated example, consider a system where -several packages to be used by Kerberos are installed in -``/usr/foobar``, including Berkeley DB 3.3, and an ss library that -needs to link against the curses library. The configuration of -Kerberos might be done thus:: - - ./configure CPPFLAGS=-I/usr/foobar/include LDFLAGS=-L/usr/foobar/lib \ - --with-system-et --with-system-ss --with-system-db \ - SS_LIB='-lss -lcurses' DB_HEADER=db3/db_185.h DB_LIB=-ldb-3.3 diff --git a/krb5-1.21.3/doc/build/osconf.rst b/krb5-1.21.3/doc/build/osconf.rst deleted file mode 100644 index 22ee6804..00000000 --- a/krb5-1.21.3/doc/build/osconf.rst +++ /dev/null @@ -1,26 +0,0 @@ -osconf.hin -========== - -There is one configuration file which you may wish to edit to control -various compile-time parameters in the Kerberos distribution:: - - include/osconf.hin - -The list that follows is by no means complete, just some of the more -interesting variables. - -**DEFAULT_PROFILE_PATH** - The pathname to the file which contains the profiles for the known - realms, their KDCs, etc. The default value is |krb5conf|. -**DEFAULT_KEYTAB_NAME** - The type and pathname to the default server keytab file. The - default is |keytab|. -**DEFAULT_KDC_ENCTYPE** - The default encryption type for the KDC database master key. The - default value is |defmkey|. -**RCTMPDIR** - The directory which stores replay caches. The default is - ``/var/tmp``. -**DEFAULT_KDB_FILE** - The location of the default database. The default value is - |kdcdir|\ ``/principal``. diff --git a/krb5-1.21.3/doc/build_this.rst b/krb5-1.21.3/doc/build_this.rst deleted file mode 100644 index 9be7360a..00000000 --- a/krb5-1.21.3/doc/build_this.rst +++ /dev/null @@ -1,82 +0,0 @@ -How to build this documentation from the source -=============================================== - -Pre-requisites for a simple build, or to update man pages: - -* Sphinx 1.0.4 or higher (See https://www.sphinx-doc.org) with the - autodoc extension installed. - -Additional prerequisites to include the API reference based on Doxygen -markup: - -* Python 2.5 with the Cheetah, lxml, and xml modules -* Doxygen - - -Simple build without API reference ----------------------------------- - -To test simple changes to the RST sources, you can build the -documentation without the Doxygen reference by running, from the doc -directory:: - - sphinx-build . test_html - -You will see a number of warnings about missing files. This is -expected. If there is not already a ``doc/version.py`` file, you will -need to create one by first running ``make version.py`` in the -``src/doc`` directory of a configured build tree. - - -Updating man pages ------------------- - -Man pages are generated from the RST sources and checked into the -``src/man`` directory of the repository. This allows man pages to be -installed without requiring Sphinx when using a source checkout. To -regenerate these files, run ``make man`` from the man subdirectory -of a configured build tree. You can also do this from an unconfigured -source tree with:: - - cd src/man - make -f Makefile.in top_srcdir=.. srcdir=. man - make clean - -As with the simple build, it is normal to see warnings about missing -files when rebuilding the man pages. - - -Building for a release tarball or web site ------------------------------------------- - -To generate documentation in HTML format, run ``make html`` in the -``doc`` subdirectory of a configured build tree (the build directory -corresponding to ``src/doc``, not the top-level ``doc`` directory). -The output will be placed in the top-level ``doc/html`` directory. -This build will include the API reference generated from Doxygen -markup in the source tree. - -Documentation generated this way will use symbolic names for paths -(like ``BINDIR`` for the directory containing user programs), with the -symbolic names being links to a table showing typical values for those -paths. - -You can also do this from an unconfigured source tree with:: - - cd src/doc - make -f Makefile.in SPHINX_ARGS= htmlsrc - - -Building for an OS package or site documentation ------------------------------------------------- - -To generate documentation specific to a build of MIT krb5 as you have -configured it, run ``make substhtml`` in the ``doc`` subdirectory of a -configured build tree (the build directory corresponding to -``src/doc``, not the top-level ``doc`` directory). The output will be -placed in the ``html_subst`` subdirectory of that build directory. -This build will include the API reference. - -Documentation generated this way will use concrete paths (like -``/usr/local/bin`` for the directory containing user programs, for a -default custom build). diff --git a/krb5-1.21.3/doc/coding-style b/krb5-1.21.3/doc/coding-style deleted file mode 100644 index 58a10893..00000000 --- a/krb5-1.21.3/doc/coding-style +++ /dev/null @@ -1,5 +0,0 @@ -Please see - - https://k5wiki.kerberos.org/wiki/Coding_style - -for the current coding style. diff --git a/krb5-1.21.3/doc/conf.py b/krb5-1.21.3/doc/conf.py deleted file mode 100644 index ecf9020a..00000000 --- a/krb5-1.21.3/doc/conf.py +++ /dev/null @@ -1,320 +0,0 @@ -# -*- coding: utf-8 -*- -# -# MIT Kerberos documentation build configuration file, created by -# sphinx-quickstart on Wed Oct 13 09:14:03 2010. -# -# This file is execfile()d with the current directory set to its containing dir. -# -# Note that not all possible configuration values are present in this -# autogenerated file. -# -# All configuration values have a default; values that are commented out -# serve to show the default. - -import sys, os - -# If extensions (or modules to document with autodoc) are in another directory, -# add these directories to sys.path here. If the directory is relative to the -# documentation root, use os.path.abspath to make it absolute, like shown here. -#sys.path.insert(0, os.path.abspath('.')) - -# -- General configuration ----------------------------------------------------- - -# If your documentation needs a minimal Sphinx version, state it here. -#needs_sphinx = '1.0' - -# Add any Sphinx extension module names here, as strings. They can be extensions -# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. -#extensions = ['sphinx.ext.autodoc', 'sphinxcontrib.doxylink'] -extensions = ['sphinx.ext.autodoc'] - -# Add any paths that contain templates here, relative to this directory. -templates_path = ['_templates'] - -# The suffix of source filenames. -source_suffix = '.rst' - -# The encoding of source files. -#source_encoding = 'utf-8-sig' - -# The master toctree document. -if 'notice' in tags: - master_doc = 'notice' -else: - master_doc = 'index' - -# General information about the project. -project = u'MIT Kerberos' -copyright = u'1985-2024, MIT' - -# The version info for the project you're documenting, acts as replacement for -# |version| and |release|, also used in various other places throughout the -# built documents. -exec(open("version.py").read()) -# The short X.Y version. -r_list = [r_major, r_minor] -if r_patch: - r_list += [r_patch] -version = '.'.join(map(str, r_list)) -# The full version, including alpha/beta/rc tags. -release = version -if r_tail: - release += '-' + r_tail - -# The language for content autogenerated by Sphinx. Refer to documentation -# for a list of supported languages. -#language = None - -# There are two options for replacing |today|: either, you set today to some -# non-false value, then it is used: -today = ' ' -# Else, today_fmt is used as the format for a strftime call. -#today_fmt = '%B %d, %Y' - -# List of patterns, relative to source directory, that match files and -# directories to ignore when looking for source files. -exclude_patterns = [] - -# The reST default role (used for this markup: `text`) to use for all documents. -#default_role = None - -# If true, '()' will be appended to :func: etc. cross-reference text. -#add_function_parentheses = True - -# If true, the current module name will be prepended to all description -# unit titles (such as .. function::). -#add_module_names = True - -# If true, sectionauthor and moduleauthor directives will be shown in the -# output. They are ignored by default. -#show_authors = False - -# The name of the Pygments (syntax highlighting) style to use. -pygments_style = 'sphinx' - -# A list of ignored prefixes for module index sorting. -#modindex_common_prefix = [] - - -# -- Options for HTML output --------------------------------------------------- - -# When we can rely on Sphinx 1.8 (released Sep 2018) we can just set: -# html_css_files = ['kerb.css'] -# But in the meantime, we add this file using either a way that works -# after 1.8 or a way that works before 4.0. -def setup(app): - if callable(getattr(app, 'add_css_file', None)): - app.add_css_file('kerb.css') - else: - app.add_stylesheet('kerb.css') - -# The theme to use for HTML and HTML Help pages. See the documentation for -# a list of builtin themes. -# html_theme = 'default' -html_theme = 'agogo' - -# Theme options are theme-specific and customize the look and feel of a theme -# further. For a list of options available for each theme, see the -# documentation. -html_theme_options = { "linkcolor": "#881f0d", "footerbg": "#5d1509", - "bgcolor": "#5d1509", "documentwidth": "80%", - "pagewidth": "auto", "sidebarwidth": "20%" } - -# Add any paths that contain custom themes here, relative to this directory. -#html_theme_path = [] - -# The name for this set of Sphinx documents. If None, it defaults to -# " v documentation". -html_title = "MIT Kerberos Documentation" - -# A shorter title for the navigation bar. Default is the same as html_title. -#html_short_title = None - -# The name of an image file (relative to this directory) to place at the top -# of the sidebar. -if os.environ.get('HTML_LOGO'): - html_logo = os.environ['HTML_LOGO'] - -# The name of an image file (within the static path) to use as favicon of the -# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 -# pixels large. -#html_favicon = None - -# Add any paths that contain custom static files (such as style sheets) here, -# relative to this directory. They are copied after the builtin static files, -# so a file named "default.css" will overwrite the builtin "default.css". -html_static_path = ['_static'] - -# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, -# using the given strftime format. -#html_last_updated_fmt = '%b %d, %Y' - -# Custom sidebar templates, maps document names to template names. -#html_sidebars = {} - -# Additional templates that should be rendered to pages, maps page names to -# template names. -#html_additional_pages = {} - -# If false, no module index is generated. -#html_domain_indices = True - -# If false, no index is generated. -#html_use_index = True - -# If true, the index is split into individual pages for each letter. -html_split_index = True - -# If true, links to the reST sources are added to the pages. -html_show_sourcelink = False - -# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. -#html_show_sphinx = True - -# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. -#html_show_copyright = True - -# If true, an OpenSearch description file will be output, and all pages will -# contain a tag referring to it. The value of this option must be the -# base URL from which the finished HTML is served. -#html_use_opensearch = '' - -# This is the file name suffix for HTML files (e.g., ".xhtml"). -#html_file_suffix = None - -# Output file base name for HTML help builder. -htmlhelp_basename = 'MIT Kerberos' - -pointsize = '10pt' - -# -- Options for LaTeX output -------------------------------------------------- - -# The paper size ('letter' or 'a4'). -#latex_paper_size = 'letter' - -# The font size ('10pt', '11pt' or '12pt'). -#latex_font_size = '10pt' - -# Grouping the document tree into LaTeX files. List of tuples -# (source start file, target name, title, author, documentclass [howto/manual]). -latex_documents = [ - ('admin/index', 'admin.tex', u"Kerberos Administration Guide", u'MIT', - 'manual'), - ('appdev/index', 'appdev.tex', u"Kerberos Application Developer Guide", - u'MIT', 'manual'), - ('basic/index', 'basic.tex', u"Kerberos Concepts", u'MIT', 'manual'), - ('build/index', 'build.tex', u"Building MIT Kerberos", u'MIT', 'manual'), - ('plugindev/index', 'plugindev.tex', u"Kerberos Plugin Module Developer Guide", - u'MIT', 'manual'), - ('user/index', 'user.tex', u"Kerberos User Guide", u'MIT', 'manual') -] - -# The name of an image file (relative to this directory) to place at the top of -# the title page. -#latex_logo = None - -# For "manual" documents, if this is true, then toplevel headings are parts, -# not chapters. -#latex_use_parts = False - -# If true, show page references after internal links. -#latex_show_pagerefs = False - -# If true, show URL addresses after external links. -#latex_show_urls = False - -# Additional stuff for the LaTeX preamble. -#latex_preamble = '' - -# Documents to append as an appendix to all manuals. -#latex_appendices = [] - -# If false, no module index is generated. -#latex_domain_indices = True - -if 'mansubs' in tags: - bindir = '``@BINDIR@``' - sbindir = '``@SBINDIR@``' - libdir = '``@LIBDIR@``' - localstatedir = '``@LOCALSTATEDIR@``' - runstatedir = '``@RUNSTATEDIR@``' - sysconfdir = '``@SYSCONFDIR@``' - ccache = '``@CCNAME@``' - keytab = '``@KTNAME@``' - ckeytab = '``@CKTNAME@``' - pkcs11_modname = '``@PKCS11MOD@``' -elif 'pathsubs' in tags: - # Read configured paths from a file produced by the build system. - exec(open("paths.py").read()) -else: - bindir = ':ref:`BINDIR `' - sbindir = ':ref:`SBINDIR `' - libdir = ':ref:`LIBDIR `' - localstatedir = ':ref:`LOCALSTATEDIR `' - runstatedir = ':ref:`RUNSTATEDIR `' - sysconfdir = ':ref:`SYSCONFDIR `' - ccache = ':ref:`DEFCCNAME `' - keytab = ':ref:`DEFKTNAME `' - ckeytab = ':ref:`DEFCKTNAME `' - pkcs11_modname = ':ref:`PKCS11_MODNAME `' - -rst_epilog = '\n' - -if 'notice' in tags: - exclude_patterns = [ 'admin', 'appdev', 'basic', 'build', - 'plugindev', 'user' ] - exclude_patterns += [ 'about.rst', 'build_this.rst', 'copyright.rst', - 'index.rst', 'mitK5*.rst', 'resources.rst' ] - rst_epilog += '.. |copy| replace:: \(C\)' -else: - exclude_patterns += [ 'notice.rst' ] - rst_epilog += '.. |bindir| replace:: %s\n' % bindir - rst_epilog += '.. |sbindir| replace:: %s\n' % sbindir - rst_epilog += '.. |libdir| replace:: %s\n' % libdir - rst_epilog += '.. |kdcdir| replace:: %s\\ ``/krb5kdc``\n' % localstatedir - rst_epilog += '.. |kdcrundir| replace:: %s\\ ``/krb5kdc``\n' % runstatedir - rst_epilog += '.. |sysconfdir| replace:: %s\n' % sysconfdir - rst_epilog += '.. |ccache| replace:: %s\n' % ccache - rst_epilog += '.. |keytab| replace:: %s\n' % keytab - rst_epilog += '.. |ckeytab| replace:: %s\n' % ckeytab - rst_epilog += '.. |pkcs11_modname| replace:: %s\n' % pkcs11_modname - rst_epilog += ''' -.. |krb5conf| replace:: ``/etc/krb5.conf`` -.. |defkeysalts| replace:: ``aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal`` -.. |defetypes| replace:: ``aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac`` -.. |defmkey| replace:: ``aes256-cts-hmac-sha1-96`` -.. |copy| unicode:: U+000A9 -''' - -# -- Options for manual page output -------------------------------------------- - -# One entry per manual page. List of tuples -# (source start file, name, description, authors, manual section). -man_pages = [ - ('user/user_commands/kinit', 'kinit', u'obtain and cache Kerberos ticket-granting ticket', [u'MIT'], 1), - ('user/user_commands/klist', 'klist', u'list cached Kerberos tickets', [u'MIT'], 1), - ('user/user_commands/kdestroy', 'kdestroy', u'destroy Kerberos tickets', [u'MIT'], 1), - ('user/user_commands/kswitch', 'kswitch', u'switch primary ticket cache', [u'MIT'], 1), - ('user/user_commands/kpasswd', 'kpasswd', u'change a user\'s Kerberos password', [u'MIT'], 1), - ('user/user_commands/kvno', 'kvno', u'print key version numbers of Kerberos principals', [u'MIT'], 1), - ('user/user_commands/ksu', 'ksu', u'Kerberized super-user', [u'MIT'], 1), - ('user/user_commands/krb5-config', 'krb5-config', u'tool for linking against MIT Kerberos libraries', [u'MIT'], 1), - ('user/user_config/k5login', 'k5login', u'Kerberos V5 acl file for host access', [u'MIT'], 5), - ('user/user_config/k5identity', 'k5identity', u'Kerberos V5 client principal selection rules', [u'MIT'], 5), - ('user/user_config/kerberos', 'kerberos', u'Overview of using Kerberos', [u'MIT'], 7), - ('admin/admin_commands/krb5kdc', 'krb5kdc', u'Kerberos V5 KDC', [u'MIT'], 8), - ('admin/admin_commands/kadmin_local', 'kadmin', u'Kerberos V5 database administration program', [u'MIT'], 1), - ('admin/admin_commands/kprop', 'kprop', u'propagate a Kerberos V5 principal database to a replica server', [u'MIT'], 8), - ('admin/admin_commands/kproplog', 'kproplog', u'display the contents of the Kerberos principal update log', [u'MIT'], 8), - ('admin/admin_commands/kpropd', 'kpropd', u'Kerberos V5 replica KDC update server', [u'MIT'], 8), - ('admin/admin_commands/kdb5_util', 'kdb5_util', u'Kerberos database maintenance utility', [u'MIT'], 8), - ('admin/admin_commands/ktutil', 'ktutil', u'Kerberos keytab file maintenance utility', [u'MIT'], 1), - ('admin/admin_commands/k5srvutil', 'k5srvutil', u'host key table (keytab) manipulation utility', [u'MIT'], 1), - ('admin/admin_commands/kadmind', 'kadmind', u'KADM5 administration server', [u'MIT'], 8), - ('admin/admin_commands/kdb5_ldap_util', 'kdb5_ldap_util', u'Kerberos configuration utility', [u'MIT'], 8), - ('admin/conf_files/krb5_conf', 'krb5.conf', u'Kerberos configuration file', [u'MIT'], 5), - ('admin/conf_files/kdc_conf', 'kdc.conf', u'Kerberos V5 KDC configuration file', [u'MIT'], 5), - ('admin/conf_files/kadm5_acl', 'kadm5.acl', u'Kerberos ACL file', [u'MIT'], 5), - ('user/user_commands/sclient', 'sclient', u'sample Kerberos version 5 client', [u'MIT'], 1), - ('admin/admin_commands/sserver', 'sserver', u'sample Kerberos version 5 server', [u'MIT'], 8), -] diff --git a/krb5-1.21.3/doc/contributing.txt b/krb5-1.21.3/doc/contributing.txt deleted file mode 100644 index 776c5d58..00000000 --- a/krb5-1.21.3/doc/contributing.txt +++ /dev/null @@ -1,70 +0,0 @@ - Contributing to MIT Kerberos - -DESIGN -====== - -If you are planning to contribute a substantial amount of work, please -ensure that you have a discussion about the design on the -krbdev@mit.edu list. Some changes may require coordination with -standards groups. For example, interface changes and extensions for -the GSS-API should be discussed in the IETF KITTEN Working Group. - -STYLE -===== - -Please follow the guidelines in doc/coding-style for new code. For -existing code, please preserve its existing indentation and brace -conventions. These existing conventions usually resemble the -guidelines in doc/coding-style. Exceptions to the style in -doc/coding-style are usually large past contributions or imports from -other parties. These include (not an exhaustive list): - - src/appl/bsd - src/appl/gssftp - src/appl/telnet - src/kadmin - src/lib/kadm5 - src/lib/gssapi/mechglue - src/lib/rpc - -PATCHES -======= - -We prefer patches in either unified or context diff format (diff -u or -diff -c). As is usual practice, please specify the original file -before the modified file on the diff command line. It's also useful -to perform the diff from the top level of the tree, e.g., - - diff -ur src.orig src - -It's even more useful if you use our anonymous Subversion repository -at - - svn://anonsvn.mit.edu/krb5 - -and use "svn diff" (or "svk diff" if you prefer to use SVK) to -generate your patches. - -It is much easier for us to integrate patches which are generated -against current code on the trunk. Please ensure that your source -tree is up-to-date before generating your patch. - -COPYRIGHT -========= - -If you are submitting substantial quantities of new code, or are -substantially modifying existing code, please be clear about the -copyright status of your contributions. Note that if your -contribution was created in the course of your employment, your -employer may own copyright in your contribution. - -We prefer that MIT receives the ownership of the contributions, but -will generally accept contributed code with copyright owned by other -parties provided that the license conditions are substantially -identical to the existing license on the MIT krb5 code. - -Appropriate copyright notices and license terms should be added to new -or changed files, unless the contributed code is being assigned to the -already-listed copyright holder in the file, or the contribution is -being released to the public domain. Please make sure that the -year in the copyright statement is kept up-to-date. diff --git a/krb5-1.21.3/doc/copyright.rst b/krb5-1.21.3/doc/copyright.rst deleted file mode 100644 index 85ecebec..00000000 --- a/krb5-1.21.3/doc/copyright.rst +++ /dev/null @@ -1,8 +0,0 @@ -Copyright -========= - -Copyright |copy| 1985-2024 by the Massachusetts Institute of -Technology and its contributors. All rights reserved. - -See :ref:`mitK5license` for additional copyright and license -information. diff --git a/krb5-1.21.3/doc/doxy_examples/cc_set_config.c b/krb5-1.21.3/doc/doxy_examples/cc_set_config.c deleted file mode 100644 index 838ff7e2..00000000 --- a/krb5-1.21.3/doc/doxy_examples/cc_set_config.c +++ /dev/null @@ -1,33 +0,0 @@ -/** @example cc_set_config.c - * - * Usage examples for krb5_cc_set_config and krb5_cc_get_config functions - */ -#include - -krb5_error_code -func_set(krb5_context context, krb5_ccache id, - krb5_const_principal principal, const char *key) -{ - krb5_data config_data; - - config_data.data = "yes"; - config_data.length = strlen(config_data.data); - return krb5_cc_set_config(context, id, principal, key, &config_data); -} - -krb5_error_code -func_get(krb5_context context, krb5_ccache id, - krb5_const_principal principal, const char *key) -{ - krb5_data config_data; - krb5_error_code ret; - - config_data.data = NULL; - ret = krb5_cc_get_config(context, id, principal, key, &config_data); - if (ret){ - return ret; - } - /* do something */ - krb5_free_data_contents(context, &config_data); - return ret; -} diff --git a/krb5-1.21.3/doc/doxy_examples/cc_unique.c b/krb5-1.21.3/doc/doxy_examples/cc_unique.c deleted file mode 100644 index 0a03edb5..00000000 --- a/krb5-1.21.3/doc/doxy_examples/cc_unique.c +++ /dev/null @@ -1,23 +0,0 @@ -/** @example cc_unique.c - * - * Usage example for krb5_cc_new_unique function - */ -#include "k5-int.h" - -krb5_error_code -func(krb5_context context) -{ - krb5_error_code ret; - krb5_ccache ccache = NULL; - - ret = krb5_cc_new_unique(context, "MEMORY", NULL, &ccache); - if (ret){ - ccache = NULL; - return ret; - } - /* do something */ - if (ccache) - (void)krb5_cc_destroy(context, ccache); - return 0; -} - diff --git a/krb5-1.21.3/doc/doxy_examples/error_message.c b/krb5-1.21.3/doc/doxy_examples/error_message.c deleted file mode 100755 index 1e156976..00000000 --- a/krb5-1.21.3/doc/doxy_examples/error_message.c +++ /dev/null @@ -1,20 +0,0 @@ -/** @example error_message.c - * - * Demo for krb5_get/set/free_error_message function family - */ -#include - -krb5_error_code -func(krb5_context context) -{ - krb5_error_code ret; - - ret = krb5_func(context); - if (ret) { - const char *err_str = krb5_get_error_message(context, ret); - krb5_set_error_message(context, ret, - "Failed krb5_func: %s", err_str); - krb5_free_error_message(context, err_str); - } -} - diff --git a/krb5-1.21.3/doc/doxy_examples/tkt_creds.c b/krb5-1.21.3/doc/doxy_examples/tkt_creds.c deleted file mode 100644 index 9ddf5cc8..00000000 --- a/krb5-1.21.3/doc/doxy_examples/tkt_creds.c +++ /dev/null @@ -1,55 +0,0 @@ -/** @example tkt_creds.c - * - * Usage example for krb5_tkt_creds function family - */ -#include "krb5.h" - -krb5_error_code -func(krb5_context context, krb5_flags options, - krb5_ccache ccache, krb5_creds *in_creds, - krb5_creds **out_creds) -{ - krb5_error_code code = KRB5_OK; - krb5_creds *ncreds = NULL; - krb5_tkt_creds_context ctx = NULL; - - *out_creds = NULL; - - /* Allocate a container. */ - ncreds = k5alloc(sizeof(*ncreds), &code); - if (ncreds == NULL) - goto cleanup; - - /* Make and execute a krb5_tkt_creds context to get the credential. */ - code = krb5_tkt_creds_init(context, ccache, in_creds, options, &ctx); - if (code != KRB5_OK) - goto cleanup; - code = krb5_tkt_creds_get(context, ctx); - if (code != KRB5_OK) - goto cleanup; - code = krb5_tkt_creds_get_creds(context, ctx, ncreds); - if (code != KRB5_OK) - goto cleanup; - - *out_creds = ncreds; - ncreds = NULL; - -cleanup: - krb5_free_creds(context, ncreds); - krb5_tkt_creds_free(context, ctx); - return code; -} - -/* Allocate zeroed memory; set *code to 0 on success or ENOMEM on failure. */ -static inline void * -k5alloc(size_t len, krb5_error_code *code) -{ - void *ptr; - - /* Allocate at least one byte since zero-byte allocs may return NULL. */ - ptr = calloc((len > 0) ? len : 1, 1); - *code = (ptr == NULL) ? ENOMEM : 0; - return ptr; -} - - diff --git a/krb5-1.21.3/doc/doxy_examples/verify_init_creds.c b/krb5-1.21.3/doc/doxy_examples/verify_init_creds.c deleted file mode 100644 index c22e2528..00000000 --- a/krb5-1.21.3/doc/doxy_examples/verify_init_creds.c +++ /dev/null @@ -1,28 +0,0 @@ -/** @example verify_init_creds.c - * - * Usage example for krb5_verify_init_creds function family - */ -#include "k5-int.h" - -krb5_error_code -func(krb5_context context, krb5_creds *creds, krb5_principal server_principal) -{ - krb5_error_code ret = KRB5_OK; - krb5_verify_init_creds_opt options; - - krb5_verify_init_creds_opt_init (&options); - krb5_verify_init_creds_opt_set_ap_req_nofail (&options, 1); - - ret = krb5_verify_init_creds(context, - creds, - server_principal, - NULL /* use default keytab */, - NULL /* don't store creds in ccache */, - &options); - if (ret) { - /* error while verifying credentials for server */ - } - - return ret; -} - diff --git a/krb5-1.21.3/doc/formats/ccache_file_format.rst b/krb5-1.21.3/doc/formats/ccache_file_format.rst deleted file mode 100644 index 6138c1b5..00000000 --- a/krb5-1.21.3/doc/formats/ccache_file_format.rst +++ /dev/null @@ -1,182 +0,0 @@ -.. _ccache_file_format: - -Credential cache file format -============================ - -There are four versions of the file format used by the FILE credential -cache type. The first byte of the file always has the value 5, and -the value of the second byte contains the version number (1 through -4). Versions 1 and 2 of the file format use native byte order for integer -representations. Versions 3 and 4 always use big-endian byte order. - -After the two-byte version indicator, the file has three parts: the -header (in version 4 only), the default principal name, and a sequence -of credentials. - - -Header format -------------- - -The header appears only in format version 4. It begins with a 16-bit -integer giving the length of the entire header, followed by a sequence -of fields. Each field consists of a 16-bit tag, a 16-bit length, and -a value of the given length. A file format implementation should -ignore fields with unknown tags. - -At this time there is only one defined header field. Its tag value is -1, its length is always 8, and its contents are two 32-bit integers -giving the seconds and microseconds of the time offset of the KDC -relative to the client. Adding this offset to the current time on the -client should give the current time on the KDC, if that offset has not -changed since the initial authentication. - - -.. _cache_principal_format: - -Principal format ----------------- - -The default principal is marshalled using the following informal -grammar:: - - principal ::= - name type (32 bits) [omitted in version 1] - count of components (32 bits) [includes realm in version 1] - realm (data) - component1 (data) - component2 (data) - ... - - data ::= - length (32 bits) - value (length bytes) - -There is no external framing on the default principal, so it must be -parsed according to the above grammar in order to find the sequence of -credentials which follows. - - -.. _ccache_credential_format: - -Credential format ------------------ - -The credential format uses the following informal grammar (referencing -the ``principal`` and ``data`` types from the previous section):: - - credential ::= - client (principal) - server (principal) - keyblock (keyblock) - authtime (32 bits) - starttime (32 bits) - endtime (32 bits) - renew_till (32 bits) - is_skey (1 byte, 0 or 1) - ticket_flags (32 bits) - addresses (addresses) - authdata (authdata) - ticket (data) - second_ticket (data) - - keyblock ::= - enctype (16 bits) [repeated twice in version 3] - data - - addresses ::= - count (32 bits) - address1 - address2 - ... - - address ::= - addrtype (16 bits) - data - - authdata ::= - count (32 bits) - authdata1 - authdata2 - ... - - authdata ::= - ad_type (16 bits) - data - -There is no external framing on a marshalled credential, so it must be -parsed according to the above grammar in order to find the next -credential. There is also no count of credentials or marker at the -end of the sequence of credentials; the sequence ends when the file -ends. - - -Credential cache configuration entries --------------------------------------- - -Configuration entries are encoded as credential entries. The client -principal of the entry is the default principal of the cache. The -server principal has the realm ``X-CACHECONF:`` and two or three -components, the first of which is ``krb5_ccache_conf_data``. The -server principal's second component is the configuration key. The -third component, if it exists, is a principal to which the -configuration key is associated. The configuration value is stored in -the ticket field of the entry. All other entry fields are zeroed. - -Programs using credential caches must be aware of configuration -entries for several reasons: - -* A program which displays the contents of a cache should not - generally display configuration entries. - -* The ticket field of a configuration entry is not (usually) a valid - encoding of a Kerberos ticket. An implementation must not treat the - cache file as malformed if it cannot decode the ticket field. - -* Configuration entries have an endtime field of 0 and might therefore - always be considered expired, but they should not be treated as - unimportant as a result. For instance, a program which copies - credentials from one cache to another should not omit configuration - entries because of the endtime. - -The following configuration keys are currently used in MIT krb5: - -fast_avail - The presence of this key with a non-empty value indicates that the - KDC asserted support for FAST (see :rfc:`6113`) during the initial - authentication, using the negotiation method described in - :rfc:`6806` section 11. This key is not associated with any - principal. - -pa_config_data - The value of this key contains a JSON object representation of - parameters remembered by the preauthentication mechanism used - during the initial authentication. These parameters may be used - when refreshing credentials. This key is associated with the - server principal of the initial authentication (usually the local - krbtgt principal of the client realm). - -pa_type - The value of this key is the ASCII decimal representation of the - preauth type number used during the initial authentication. This - key is associated with the server principal of the initial - authentication. - -proxy_impersonator - The presence of this key indicates that the cache is a synthetic - delegated credential for use with S4U2Proxy. The value is the - name of the intermediate service whose TGT can be used to make - S4U2Proxy requests for target services. This key is not - associated with any principal. - -refresh_time - The presence of this key indicates that the cache was acquired by - the GSS mechanism using a client keytab. The value is the ASCII - decimal representation of a timestamp at which the GSS mechanism - should attempt to refresh the credential cache from the client - keytab. - -start_realm - This key indicates the realm of the ticket-granting ticket to be - used for TGS requests, when making a referrals request or - beginning a cross-realm request. If it is not present, the client - realm is used. diff --git a/krb5-1.21.3/doc/formats/cookie.rst b/krb5-1.21.3/doc/formats/cookie.rst deleted file mode 100644 index e32365da..00000000 --- a/krb5-1.21.3/doc/formats/cookie.rst +++ /dev/null @@ -1,97 +0,0 @@ -KDC cookie format -================= - -:rfc:`6113` section 5.2 specifies a pa-data type PA-FX-COOKIE, which -clients are required to reflect back to the KDC during -pre-authentication. The MIT krb5 KDC uses the following formats for -cookies. - - -Trivial cookie (version 0) --------------------------- - -If there is no pre-authentication mechanism state information to save, -a trivial cookie containing the value "MIT" is used. A trivial cookie -is needed to indicate that the conversation can continue. - - -Secure cookie (version 1) -------------------------- - -In release 1.14 and later, a secure cookie can be sent if there is any -mechanism state to save for the next request. A secure cookie -contains the concatenation of the following: - -* the four bytes "MIT1" -* a four-byte big-endian kvno value -* an :rfc:`3961` ciphertext - -The ciphertext is encrypted in the cookie key with key usage -number 513. The cookie key is derived from a key in the local krbtgt -principal entry for the realm (e.g. ``krbtgt/KRBTEST.COM@KRBTEST.COM`` -if the request is to the ``KRBTEST.COM`` realm). The first krbtgt key -for the indicated kvno value is combined with the client principal as -follows:: - - cookie-key <- random-to-key(PRF+(tgt-key, "COOKIE" | client-princ)) - -where **random-to-key** is the :rfc:`3961` random-to-key operation for -the krbtgt key's encryption type, **PRF+** is defined in :rfc:`6113`, -and ``|`` denotes concatenation. *client-princ* is the request client -principal name with realm, marshalled according to :rfc:`1964` section -2.1.1. - -The plain text of the encrypted part of a cookie is the DER encoding -of the following ASN.1 type:: - - SecureCookie ::= SEQUENCE { - time INTEGER, - data SEQUENCE OF PA-DATA, - ... - } - -The time field represents the cookie creation time; for brevity, it is -encoded as an integer giving the POSIX timestamp rather than as an -ASN.1 GeneralizedTime value. The data field contains one element for -each pre-authentication type which requires saved state. For -mechanisms which have separate request and reply types, the request -type is used; this allows the KDC to determine whether a cookie is -relevant to a request by comparing the request pa-data types to the -cookie data types. - -SPAKE cookie format (version 1) -------------------------------- - -Inside the SecureCookie wrapper, a data value of type 151 contains -state for SPAKE pre-authentication. This data is the concatenation of -the following: - -* a two-byte big-endian version number with the value 1 -* a two-byte big-endian stage number -* a four-byte big-endian group number -* a four-byte big-endian length and data for the SPAKE value -* a four-byte big-endian length and data for the transcript hash -* zero or more second factor records, each consisting of: - - a four-byte big-endian second-factor type - - a four-byte big-endian length and data - -The stage value is 0 if the cookie was sent with a challenge message. -Otherwise it is 1 for the first encdata message sent by the KDC during -an exchange, 2 for the second, etc.. - -The group value indicates the group number used in the SPAKE challenge. - -For a stage-0 cookie, the SPAKE value is the KDC private key, -represented in the scalar marshalling form of the group. For other -cookies, the SPAKE value is the SPAKE result K, represented in the -group element marshalling form. - -For a stage-0 cookie, the transcript hash is the intermediate hash -after updating with the client support message (if one was sent) and -challenge. For other cookies it is the final hash. - -For a stage-0 cookie, there may be any number of second-factor -records, including none; a second-factor type need not create a state -field if it does not need one, and no record is created for SF-NONE. -For other cookies, there must be exactly one second-factor record -corresponding to the factor type chosen by the client. diff --git a/krb5-1.21.3/doc/formats/freshness_token.rst b/krb5-1.21.3/doc/formats/freshness_token.rst deleted file mode 100644 index 3127621a..00000000 --- a/krb5-1.21.3/doc/formats/freshness_token.rst +++ /dev/null @@ -1,19 +0,0 @@ -PKINIT freshness tokens -======================= - -:rfc:`8070` specifies a pa-data type PA_AS_FRESHNESS, which clients -should reflect within signed PKINIT data to prove recent access to the -client certificate private key. The contents of a freshness token are -left to the KDC implementation. The MIT krb5 KDC uses the following -format for freshness tokens (starting in release 1.17): - -* a four-byte big-endian POSIX timestamp -* a four-byte big-endian key version number -* an :rfc:`3961` checksum, with no ASN.1 wrapper - -The checksum is computed using the first key in the local krbtgt -principal entry for the realm (e.g. ``krbtgt/KRBTEST.COM@KRBTEST.COM`` -if the request is to the ``KRBTEST.COM`` realm) of the indicated key -version. The checksum type must be the mandatory checksum type for -the encryption type of the krbtgt key. The key usage value for the -checksum is 514. diff --git a/krb5-1.21.3/doc/formats/index.rst b/krb5-1.21.3/doc/formats/index.rst deleted file mode 100644 index 47dea12f..00000000 --- a/krb5-1.21.3/doc/formats/index.rst +++ /dev/null @@ -1,11 +0,0 @@ -Protocols and file formats -========================== - -.. toctree:: - :maxdepth: 1 - - ccache_file_format - keytab_file_format - rcache_file_format - cookie - freshness_token diff --git a/krb5-1.21.3/doc/formats/keytab_file_format.rst b/krb5-1.21.3/doc/formats/keytab_file_format.rst deleted file mode 100644 index 8424d058..00000000 --- a/krb5-1.21.3/doc/formats/keytab_file_format.rst +++ /dev/null @@ -1,51 +0,0 @@ -.. _keytab_file_format: - -Keytab file format -================== - -There are two versions of the file format used by the FILE keytab -type. The first byte of the file always has the value 5, and the -value of the second byte contains the version number (1 or 2). -Version 1 of the file format uses native byte order for integer -representations. Version 2 always uses big-endian byte order. - -After the two-byte version indicator, the file contains a sequence of -signed 32-bit record lengths followed by key records or holes. A -positive record length indicates a valid key entry whose size is equal -to or less than the record length. A negative length indicates a -zero-filled hole whose size is the inverse of the length. A length of -0 indicates the end of the file. - - -Key entry format ----------------- - -A key entry may be smaller in size than the record length which -precedes it, because it may have replaced a hole which is larger than -the key entry. Key entries use the following informal grammar:: - - entry ::= - principal - timestamp (32 bits) - key version (8 bits) - enctype (16 bits) - key length (16 bits) - key contents - key version (32 bits) [in release 1.14 and later] - - principal ::= - count of components (16 bits) [includes realm in version 1] - realm (data) - component1 (data) - component2 (data) - ... - name type (32 bits) [omitted in version 1] - - data ::= - length (16 bits) - value (length bytes) - -The 32-bit key version overrides the 8-bit key version. To determine -if it is present, the implementation must check that at least 4 bytes -remain in the record after the other fields are read, and that the -value of the 32-bit integer contained in those bytes is non-zero. diff --git a/krb5-1.21.3/doc/formats/rcache_file_format.rst b/krb5-1.21.3/doc/formats/rcache_file_format.rst deleted file mode 100644 index 42ee8281..00000000 --- a/krb5-1.21.3/doc/formats/rcache_file_format.rst +++ /dev/null @@ -1,50 +0,0 @@ -Replay cache file format -======================== - -This section documents the second version of the replay cache file -format, used by the "file2" replay cache type (new in release 1.18). -The first version of the file replay cache format is not documented. - -All accesses to the replay cache file take place under an exclusive -POSIX or Windows file lock, obtained when the file is opened and -released when it is closed. Replay cache files are automatically -created when first accessed. - -For each store operation, a tag is derived from the checksum part of -the :RFC:`3961` ciphertext of the authenticator. The checksum is -coerced to a fixed length of 12 bytes, either through truncation or -right-padding with zero bytes. A four-byte timestamp is appended to -the tag to produce a total record length of 16 bytes. - -Bytes 0 through 15 of the file contain a hash seed for the SipHash-2-4 -algorithm (siphash_); this field is populated with random bytes when -the file is first created. All remaining bytes are divided into a -series of expanding hash tables: - -* Bytes 16-16383: hash table 1 (1023 slots) -* Bytes 16384-49151: hash table 2 (2048 slots) -* Bytes 49152-114687: hash table 3 (4096 slots) -* ... - -Only some hash tables will be present in the file at any specific -time, and the final table may be only partially filled. Replay cache -files may be sparse if the filesystem supports it. - -For each table present in the file, the tag is hashed with SipHash-2-4 -using the seed recorded in the file. The first byte of the seed is -incremented by one (modulo 256) for each table after the first. The -resulting hash value is taken modulo one less than the table size -(1022 for the first hash table, 2047 for the second) to produce the -index. The record may be found at the slot given by the index or at -the next slot. - -All candidate locations for the record must be searched until a slot -is found with a timestamp of zero (indicating a slot which has never -been written to) or an offset is reached at or beyond the end of the -file. Any candidate location with a timestamp value of zero, with a -timestamp value less than the current time minus clockskew, or at or -beyond the end of the file is available for writing. When all -candidate locations have been searched without finding a match, the -new entry is written to the earliest candidate available for writing. - -.. _siphash: https://131002.net/siphash/siphash.pdf diff --git a/krb5-1.21.3/doc/html/.buildinfo b/krb5-1.21.3/doc/html/.buildinfo deleted file mode 100644 index a9714486..00000000 --- a/krb5-1.21.3/doc/html/.buildinfo +++ /dev/null @@ -1,4 +0,0 @@ -# Sphinx build info version 1 -# This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. -config: 9ca503a4e24138fa47d4451ee9426bb5 -tags: 645f666f9bcd5a90fca523b33c5a78b7 diff --git a/krb5-1.21.3/doc/html/_sources/about.rst.txt b/krb5-1.21.3/doc/html/_sources/about.rst.txt deleted file mode 100644 index dfdc31fb..00000000 --- a/krb5-1.21.3/doc/html/_sources/about.rst.txt +++ /dev/null @@ -1,35 +0,0 @@ -Contributing to the MIT Kerberos Documentation -============================================== - -We are looking for documentation writers and editors who could contribute -towards improving the MIT KC documentation content. If you are an experienced -Kerberos developer and/or administrator, please consider sharing your knowledge -and experience with the Kerberos Community. You can suggest your own topic or -write about any of the topics listed -`here `__. - -If you have any questions, comments, or suggestions on the existing documents, -please send your feedback via email to krb5-bugs@mit.edu. The HTML version of -this documentation has a "FEEDBACK" link to the krb5-bugs@mit.edu email -address with a pre-constructed subject line. - - -Background ----------- - -Starting with release 1.11, the Kerberos documentation set is -unified in a central form. Man pages, HTML documentation, and PDF -documents are compiled from reStructuredText sources, and the application -developer documentation incorporates Doxygen markup from the source -tree. This project was undertaken along the outline described -`here `__. - -Previous versions of Kerberos 5 attempted to maintain separate documentation -in the texinfo format, with separate groff manual pages. Having the API -documentation disjoint from the source code implementing that API -resulted in the documentation becoming stale, and over time the documentation -ceased to match reality. With a fresh start and a source format that is -easier to use and maintain, reStructuredText-based documents should provide -an improved experience for the user. Consolidating all the documentation -formats into a single source document makes the documentation set easier -to maintain. diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/index.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/index.rst.txt deleted file mode 100644 index e8dc7652..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/index.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -Administration programs -======================== - -.. toctree:: - :maxdepth: 1 - - kadmin_local.rst - kadmind.rst - kdb5_util.rst - kdb5_ldap_util.rst - krb5kdc.rst - kprop.rst - kpropd.rst - kproplog.rst - ktutil.rst - k5srvutil.rst - sserver.rst diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/k5srvutil.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/k5srvutil.rst.txt deleted file mode 100644 index 79502cf9..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/k5srvutil.rst.txt +++ /dev/null @@ -1,69 +0,0 @@ -.. _k5srvutil(1): - -k5srvutil -========= - -SYNOPSIS --------- - -**k5srvutil** *operation* -[**-i**] -[**-f** *filename*] -[**-e** *keysalts*] - -DESCRIPTION ------------ - -k5srvutil allows an administrator to list keys currently in -a keytab, to obtain new keys for a principal currently in a keytab, -or to delete non-current keys from a keytab. - -*operation* must be one of the following: - -**list** - Lists the keys in a keytab, showing version number and principal - name. - -**change** - Uses the kadmin protocol to update the keys in the Kerberos - database to new randomly-generated keys, and updates the keys in - the keytab to match. If a key's version number doesn't match the - version number stored in the Kerberos server's database, then the - operation will fail. If the **-i** flag is given, k5srvutil will - prompt for confirmation before changing each key. If the **-k** - option is given, the old and new keys will be displayed. - Ordinarily, keys will be generated with the default encryption - types and key salts. This can be overridden with the **-e** - option. Old keys are retained in the keytab so that existing - tickets continue to work, but **delold** should be used after - such tickets expire, to prevent attacks against the old keys. - -**delold** - Deletes keys that are not the most recent version from the keytab. - This operation should be used some time after a change operation - to remove old keys, after existing tickets issued for the service - have expired. If the **-i** flag is given, then k5srvutil will - prompt for confirmation for each principal. - -**delete** - Deletes particular keys in the keytab, interactively prompting for - each key. - -In all cases, the default keytab is used unless this is overridden by -the **-f** option. - -k5srvutil uses the :ref:`kadmin(1)` program to edit the keytab in -place. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`ktutil(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kadmin_local.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kadmin_local.rst.txt deleted file mode 100644 index 2435b3c3..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kadmin_local.rst.txt +++ /dev/null @@ -1,985 +0,0 @@ -.. _kadmin(1): - -kadmin -====== - -SYNOPSIS --------- - -.. _kadmin_synopsis: - -**kadmin** -[**-O**\|\ **-N**] -[**-r** *realm*] -[**-p** *principal*] -[**-q** *query*] -[[**-c** *cache_name*]\|[**-k** [**-t** *keytab*]]\|\ **-n**] -[**-w** *password*] -[**-s** *admin_server*\ [:*port*]] -[command args...] - -**kadmin.local** -[**-r** *realm*] -[**-p** *principal*] -[**-q** *query*] -[**-d** *dbname*] -[**-e** *enc*:*salt* ...] -[**-m**] -[**-x** *db_args*] -[command args...] - - -DESCRIPTION ------------ - -kadmin and kadmin.local are command-line interfaces to the Kerberos V5 -administration system. They provide nearly identical functionalities; -the difference is that kadmin.local directly accesses the KDC -database, while kadmin performs operations using :ref:`kadmind(8)`. -Except as explicitly noted otherwise, this man page will use "kadmin" -to refer to both versions. kadmin provides for the maintenance of -Kerberos principals, password policies, and service key tables -(keytabs). - -The remote kadmin client uses Kerberos to authenticate to kadmind -using the service principal ``kadmin/admin`` or ``kadmin/ADMINHOST`` -(where *ADMINHOST* is the fully-qualified hostname of the admin -server). If the credentials cache contains a ticket for one of these -principals, and the **-c** credentials_cache option is specified, that -ticket is used to authenticate to kadmind. Otherwise, the **-p** and -**-k** options are used to specify the client Kerberos principal name -used to authenticate. Once kadmin has determined the principal name, -it requests a service ticket from the KDC, and uses that service -ticket to authenticate to kadmind. - -Since kadmin.local directly accesses the KDC database, it usually must -be run directly on the primary KDC with sufficient permissions to read -the KDC database. If the KDC database uses the LDAP database module, -kadmin.local can be run on any host which can access the LDAP server. - - -OPTIONS -------- - -.. _kadmin_options: - -**-r** *realm* - Use *realm* as the default database realm. - -**-p** *principal* - Use *principal* to authenticate. Otherwise, kadmin will append - ``/admin`` to the primary principal name of the default ccache, - the value of the **USER** environment variable, or the username as - obtained with getpwuid, in order of preference. - -**-k** - Use a keytab to decrypt the KDC response instead of prompting for - a password. In this case, the default principal will be - ``host/hostname``. If there is no keytab specified with the - **-t** option, then the default keytab will be used. - -**-t** *keytab* - Use *keytab* to decrypt the KDC response. This can only be used - with the **-k** option. - -**-n** - Requests anonymous processing. Two types of anonymous principals - are supported. For fully anonymous Kerberos, configure PKINIT on - the KDC and configure **pkinit_anchors** in the client's - :ref:`krb5.conf(5)`. Then use the **-n** option with a principal - of the form ``@REALM`` (an empty principal name followed by the - at-sign and a realm name). If permitted by the KDC, an anonymous - ticket will be returned. A second form of anonymous tickets is - supported; these realm-exposed tickets hide the identity of the - client but not the client's realm. For this mode, use ``kinit - -n`` with a normal principal name. If supported by the KDC, the - principal (but not realm) will be replaced by the anonymous - principal. As of release 1.8, the MIT Kerberos KDC only supports - fully anonymous operation. - -**-c** *credentials_cache* - Use *credentials_cache* as the credentials cache. The cache - should contain a service ticket for the ``kadmin/admin`` or - ``kadmin/ADMINHOST`` (where *ADMINHOST* is the fully-qualified - hostname of the admin server) service; it can be acquired with the - :ref:`kinit(1)` program. If this option is not specified, kadmin - requests a new service ticket from the KDC, and stores it in its - own temporary ccache. - -**-w** *password* - Use *password* instead of prompting for one. Use this option with - care, as it may expose the password to other users on the system - via the process list. - -**-q** *query* - Perform the specified query and then exit. - -**-d** *dbname* - Specifies the name of the KDC database. This option does not - apply to the LDAP database module. - -**-s** *admin_server*\ [:*port*] - Specifies the admin server which kadmin should contact. - -**-m** - If using kadmin.local, prompt for the database master password - instead of reading it from a stash file. - -**-e** "*enc*:*salt* ..." - Sets the keysalt list to be used for any new keys created. See - :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a list of possible - values. - -**-O** - Force use of old AUTH_GSSAPI authentication flavor. - -**-N** - Prevent fallback to AUTH_GSSAPI authentication flavor. - -**-x** *db_args* - Specifies the database specific arguments. See the next section - for supported options. - -Starting with release 1.14, if any command-line arguments remain after -the options, they will be treated as a single query to be executed. -This mode of operation is intended for scripts and behaves differently -from the interactive mode in several respects: - -* Query arguments are split by the shell, not by kadmin. -* Informational and warning messages are suppressed. Error messages - and query output (e.g. for **get_principal**) will still be - displayed. -* Confirmation prompts are disabled (as if **-force** was given). - Password prompts will still be issued as required. -* The exit status will be non-zero if the query fails. - -The **-q** option does not carry these behavior differences; the query -will be processed as if it was entered interactively. The **-q** -option cannot be used in combination with a query in the remaining -arguments. - -.. _dboptions: - -DATABASE OPTIONS ----------------- - -Database options can be used to override database-specific defaults. -Supported options for the DB2 module are: - - **-x dbname=**\ \*filename* - Specifies the base filename of the DB2 database. - - **-x lockiter** - Make iteration operations hold the lock for the duration of - the entire operation, rather than temporarily releasing the - lock while handling each principal. This is the default - behavior, but this option exists to allow command line - override of a [dbmodules] setting. First introduced in - release 1.13. - - **-x unlockiter** - Make iteration operations unlock the database for each - principal, instead of holding the lock for the duration of the - entire operation. First introduced in release 1.13. - -Supported options for the LDAP module are: - - **-x host=**\ *ldapuri* - Specifies the LDAP server to connect to by a LDAP URI. - - **-x binddn=**\ *bind_dn* - Specifies the DN used to bind to the LDAP server. - - **-x bindpwd=**\ *password* - Specifies the password or SASL secret used to bind to the LDAP - server. Using this option may expose the password to other - users on the system via the process list; to avoid this, - instead stash the password using the **stashsrvpw** command of - :ref:`kdb5_ldap_util(8)`. - - **-x sasl_mech=**\ *mechanism* - Specifies the SASL mechanism used to bind to the LDAP server. - The bind DN is ignored if a SASL mechanism is used. New in - release 1.13. - - **-x sasl_authcid=**\ *name* - Specifies the authentication name used when binding to the - LDAP server with a SASL mechanism, if the mechanism requires - one. New in release 1.13. - - **-x sasl_authzid=**\ *name* - Specifies the authorization name used when binding to the LDAP - server with a SASL mechanism. New in release 1.13. - - **-x sasl_realm=**\ *realm* - Specifies the realm used when binding to the LDAP server with - a SASL mechanism, if the mechanism uses one. New in release - 1.13. - - **-x debug=**\ *level* - sets the OpenLDAP client library debug level. *level* is an - integer to be interpreted by the library. Debugging messages - are printed to standard error. New in release 1.12. - - -COMMANDS --------- - -When using the remote client, available commands may be restricted -according to the privileges specified in the :ref:`kadm5.acl(5)` file -on the admin server. - -.. _add_principal: - -add_principal -~~~~~~~~~~~~~ - - **add_principal** [*options*] *newprinc* - -Creates the principal *newprinc*, prompting twice for a password. If -no password policy is specified with the **-policy** option, and the -policy named ``default`` is assigned to the principal if it exists. -However, creating a policy named ``default`` will not automatically -assign this policy to previously existing principals. This policy -assignment can be suppressed with the **-clearpolicy** option. - -This command requires the **add** privilege. - -Aliases: **addprinc**, **ank** - -Options: - -**-expire** *expdate* - (:ref:`getdate` string) The expiration date of the principal. - -**-pwexpire** *pwexpdate* - (:ref:`getdate` string) The password expiration date. - -**-maxlife** *maxlife* - (:ref:`duration` or :ref:`getdate` string) The maximum ticket life - for the principal. - -**-maxrenewlife** *maxrenewlife* - (:ref:`duration` or :ref:`getdate` string) The maximum renewable - life of tickets for the principal. - -**-kvno** *kvno* - The initial key version number. - -**-policy** *policy* - The password policy used by this principal. If not specified, the - policy ``default`` is used if it exists (unless **-clearpolicy** - is specified). - -**-clearpolicy** - Prevents any policy from being assigned when **-policy** is not - specified. - -{-\|+}\ **allow_postdated** - **-allow_postdated** prohibits this principal from obtaining - postdated tickets. **+allow_postdated** clears this flag. - -{-\|+}\ **allow_forwardable** - **-allow_forwardable** prohibits this principal from obtaining - forwardable tickets. **+allow_forwardable** clears this flag. - -{-\|+}\ **allow_renewable** - **-allow_renewable** prohibits this principal from obtaining - renewable tickets. **+allow_renewable** clears this flag. - -{-\|+}\ **allow_proxiable** - **-allow_proxiable** prohibits this principal from obtaining - proxiable tickets. **+allow_proxiable** clears this flag. - -{-\|+}\ **allow_dup_skey** - **-allow_dup_skey** disables user-to-user authentication for this - principal by prohibiting others from obtaining a service ticket - encrypted in this principal's TGT session key. - **+allow_dup_skey** clears this flag. - -{-\|+}\ **requires_preauth** - **+requires_preauth** requires this principal to preauthenticate - before being allowed to kinit. **-requires_preauth** clears this - flag. When **+requires_preauth** is set on a service principal, - the KDC will only issue service tickets for that service principal - if the client's initial authentication was performed using - preauthentication. - -{-\|+}\ **requires_hwauth** - **+requires_hwauth** requires this principal to preauthenticate - using a hardware device before being allowed to kinit. - **-requires_hwauth** clears this flag. When **+requires_hwauth** is - set on a service principal, the KDC will only issue service tickets - for that service principal if the client's initial authentication was - performed using a hardware device to preauthenticate. - -{-\|+}\ **ok_as_delegate** - **+ok_as_delegate** sets the **okay as delegate** flag on tickets - issued with this principal as the service. Clients may use this - flag as a hint that credentials should be delegated when - authenticating to the service. **-ok_as_delegate** clears this - flag. - -{-\|+}\ **allow_svr** - **-allow_svr** prohibits the issuance of service tickets for this - principal. In release 1.17 and later, user-to-user service - tickets are still allowed unless the **-allow_dup_skey** flag is - also set. **+allow_svr** clears this flag. - -{-\|+}\ **allow_tgs_req** - **-allow_tgs_req** specifies that a Ticket-Granting Service (TGS) - request for a service ticket for this principal is not permitted. - **+allow_tgs_req** clears this flag. - -{-\|+}\ **allow_tix** - **-allow_tix** forbids the issuance of any tickets for this - principal. **+allow_tix** clears this flag. - -{-\|+}\ **needchange** - **+needchange** forces a password change on the next initial - authentication to this principal. **-needchange** clears this - flag. - -{-\|+}\ **password_changing_service** - **+password_changing_service** marks this principal as a password - change service principal. - -{-\|+}\ **ok_to_auth_as_delegate** - **+ok_to_auth_as_delegate** allows this principal to acquire - forwardable tickets to itself from arbitrary users, for use with - constrained delegation. - -{-\|+}\ **no_auth_data_required** - **+no_auth_data_required** prevents PAC or AD-SIGNEDPATH data from - being added to service tickets for the principal. - -{-\|+}\ **lockdown_keys** - **+lockdown_keys** prevents keys for this principal from leaving - the KDC via kadmind. The chpass and extract operations are denied - for a principal with this attribute. The chrand operation is - allowed, but will not return the new keys. The delete and rename - operations are also denied if this attribute is set, in order to - prevent a malicious administrator from replacing principals like - krbtgt/* or kadmin/* with new principals without the attribute. - This attribute can be set via the network protocol, but can only - be removed using kadmin.local. - -**-randkey** - Sets the key of the principal to a random value. - -**-nokey** - Causes the principal to be created with no key. New in release - 1.12. - -**-pw** *password* - Sets the password of the principal to the specified string and - does not prompt for a password. Note: using this option in a - shell script may expose the password to other users on the system - via the process list. - -**-e** *enc*:*salt*,... - Uses the specified keysalt list for setting the keys of the - principal. See :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a - list of possible values. - -**-x** *db_princ_args* - Indicates database-specific options. The options for the LDAP - database module are: - - **-x dn=**\ *dn* - Specifies the LDAP object that will contain the Kerberos - principal being created. - - **-x linkdn=**\ *dn* - Specifies the LDAP object to which the newly created Kerberos - principal object will point. - - **-x containerdn=**\ *container_dn* - Specifies the container object under which the Kerberos - principal is to be created. - - **-x tktpolicy=**\ *policy* - Associates a ticket policy to the Kerberos principal. - - .. note:: - - - The **containerdn** and **linkdn** options cannot be - specified with the **dn** option. - - If the *dn* or *containerdn* options are not specified while - adding the principal, the principals are created under the - principal container configured in the realm or the realm - container. - - *dn* and *containerdn* should be within the subtrees or - principal container configured in the realm. - -Example:: - - kadmin: addprinc jennifer - No policy specified for "jennifer@ATHENA.MIT.EDU"; - defaulting to no policy. - Enter password for principal jennifer@ATHENA.MIT.EDU: - Re-enter password for principal jennifer@ATHENA.MIT.EDU: - Principal "jennifer@ATHENA.MIT.EDU" created. - kadmin: - -.. _modify_principal: - -modify_principal -~~~~~~~~~~~~~~~~ - - **modify_principal** [*options*] *principal* - -Modifies the specified principal, changing the fields as specified. -The options to **add_principal** also apply to this command, except -for the **-randkey**, **-pw**, and **-e** options. In addition, the -option **-clearpolicy** will clear the current policy of a principal. - -This command requires the *modify* privilege. - -Alias: **modprinc** - -Options (in addition to the **addprinc** options): - -**-unlock** - Unlocks a locked principal (one which has received too many failed - authentication attempts without enough time between them according - to its password policy) so that it can successfully authenticate. - -.. _rename_principal: - -rename_principal -~~~~~~~~~~~~~~~~ - - **rename_principal** [**-force**] *old_principal* *new_principal* - -Renames the specified *old_principal* to *new_principal*. This -command prompts for confirmation, unless the **-force** option is -given. - -This command requires the **add** and **delete** privileges. - -Alias: **renprinc** - -.. _delete_principal: - -delete_principal -~~~~~~~~~~~~~~~~ - - **delete_principal** [**-force**] *principal* - -Deletes the specified *principal* from the database. This command -prompts for deletion, unless the **-force** option is given. - -This command requires the **delete** privilege. - -Alias: **delprinc** - -.. _change_password: - -change_password -~~~~~~~~~~~~~~~ - - **change_password** [*options*] *principal* - -Changes the password of *principal*. Prompts for a new password if -neither **-randkey** or **-pw** is specified. - -This command requires the **changepw** privilege, or that the -principal running the program is the same as the principal being -changed. - -Alias: **cpw** - -The following options are available: - -**-randkey** - Sets the key of the principal to a random value. - -**-pw** *password* - Set the password to the specified string. Using this option in a - script may expose the password to other users on the system via - the process list. - -**-e** *enc*:*salt*,... - Uses the specified keysalt list for setting the keys of the - principal. See :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a - list of possible values. - -**-keepold** - Keeps the existing keys in the database. This flag is usually not - necessary except perhaps for ``krbtgt`` principals. - -Example:: - - kadmin: cpw systest - Enter password for principal systest@BLEEP.COM: - Re-enter password for principal systest@BLEEP.COM: - Password for systest@BLEEP.COM changed. - kadmin: - -.. _purgekeys: - -purgekeys -~~~~~~~~~ - - **purgekeys** [**-all**\|\ **-keepkvno** *oldest_kvno_to_keep*] *principal* - -Purges previously retained old keys (e.g., from **change_password --keepold**) from *principal*. If **-keepkvno** is specified, then -only purges keys with kvnos lower than *oldest_kvno_to_keep*. If -**-all** is specified, then all keys are purged. The **-all** option -is new in release 1.12. - -This command requires the **modify** privilege. - -.. _get_principal: - -get_principal -~~~~~~~~~~~~~ - - **get_principal** [**-terse**] *principal* - -Gets the attributes of principal. With the **-terse** option, outputs -fields as quoted tab-separated strings. - -This command requires the **inquire** privilege, or that the principal -running the the program to be the same as the one being listed. - -Alias: **getprinc** - -Examples:: - - kadmin: getprinc tlyu/admin - Principal: tlyu/admin@BLEEP.COM - Expiration date: [never] - Last password change: Mon Aug 12 14:16:47 EDT 1996 - Password expiration date: [never] - Maximum ticket life: 0 days 10:00:00 - Maximum renewable life: 7 days 00:00:00 - Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM) - Last successful authentication: [never] - Last failed authentication: [never] - Failed password attempts: 0 - Number of keys: 1 - Key: vno 1, aes256-cts-hmac-sha384-192 - MKey: vno 1 - Attributes: - Policy: [none] - - kadmin: getprinc -terse systest - systest@BLEEP.COM 3 86400 604800 1 - 785926535 753241234 785900000 - tlyu/admin@BLEEP.COM 786100034 0 0 - kadmin: - -.. _list_principals: - -list_principals -~~~~~~~~~~~~~~~ - - **list_principals** [*expression*] - -Retrieves all or some principal names. *expression* is a shell-style -glob expression that can contain the wild-card characters ``?``, -``*``, and ``[]``. All principal names matching the expression are -printed. If no expression is provided, all principal names are -printed. If the expression does not contain an ``@`` character, an -``@`` character followed by the local realm is appended to the -expression. - -This command requires the **list** privilege. - -Alias: **listprincs**, **get_principals**, **getprincs** - -Example:: - - kadmin: listprincs test* - test3@SECURE-TEST.OV.COM - test2@SECURE-TEST.OV.COM - test1@SECURE-TEST.OV.COM - testuser@SECURE-TEST.OV.COM - kadmin: - -.. _get_strings: - -get_strings -~~~~~~~~~~~ - - **get_strings** *principal* - -Displays string attributes on *principal*. - -This command requires the **inquire** privilege. - -Alias: **getstrs** - -.. _set_string: - -set_string -~~~~~~~~~~ - - **set_string** *principal* *name* *value* - -Sets a string attribute on *principal*. String attributes are used to -supply per-principal configuration to the KDC and some KDC plugin -modules. The following string attribute names are recognized by the -KDC: - -**require_auth** - Specifies an authentication indicator which is required to - authenticate to the principal as a service. Multiple indicators - can be specified, separated by spaces; in this case any of the - specified indicators will be accepted. (New in release 1.14.) - -**session_enctypes** - Specifies the encryption types supported for session keys when the - principal is authenticated to as a server. See - :ref:`Encryption_types` in :ref:`kdc.conf(5)` for a list of the - accepted values. - -**otp** - Enables One Time Passwords (OTP) preauthentication for a client - *principal*. The *value* is a JSON string representing an array - of objects, each having optional ``type`` and ``username`` fields. - -**pkinit_cert_match** - Specifies a matching expression that defines the certificate - attributes required for the client certificate used by the - principal during PKINIT authentication. The matching expression - is in the same format as those used by the **pkinit_cert_match** - option in :ref:`krb5.conf(5)`. (New in release 1.16.) - -**pac_privsvr_enctype** - Forces the encryption type of the PAC KDC checksum buffers to the - specified encryption type for tickets issued to this server, by - deriving a key from the local krbtgt key if it is of a different - encryption type. It may be necessary to set this value to - "aes256-sha1" on the cross-realm krbtgt entry for an Active - Directory realm when using aes-sha2 keys on the local krbtgt - entry. - -This command requires the **modify** privilege. - -Alias: **setstr** - -Example:: - - set_string host/foo.mit.edu session_enctypes aes128-cts - set_string user@FOO.COM otp "[{""type"":""hotp"",""username"":""al""}]" - -.. _del_string: - -del_string -~~~~~~~~~~ - - **del_string** *principal* *key* - -Deletes a string attribute from *principal*. - -This command requires the **delete** privilege. - -Alias: **delstr** - -.. _add_policy: - -add_policy -~~~~~~~~~~ - - **add_policy** [*options*] *policy* - -Adds a password policy named *policy* to the database. - -This command requires the **add** privilege. - -Alias: **addpol** - -The following options are available: - -**-maxlife** *time* - (:ref:`duration` or :ref:`getdate` string) Sets the maximum - lifetime of a password. - -**-minlife** *time* - (:ref:`duration` or :ref:`getdate` string) Sets the minimum - lifetime of a password. - -**-minlength** *length* - Sets the minimum length of a password. - -**-minclasses** *number* - Sets the minimum number of character classes required in a - password. The five character classes are lower case, upper case, - numbers, punctuation, and whitespace/unprintable characters. - -**-history** *number* - Sets the number of past keys kept for a principal. This option is - not supported with the LDAP KDC database module. - -.. _policy_maxfailure: - -**-maxfailure** *maxnumber* - Sets the number of authentication failures before the principal is - locked. Authentication failures are only tracked for principals - which require preauthentication. The counter of failed attempts - resets to 0 after a successful attempt to authenticate. A - *maxnumber* value of 0 (the default) disables lockout. - -.. _policy_failurecountinterval: - -**-failurecountinterval** *failuretime* - (:ref:`duration` or :ref:`getdate` string) Sets the allowable time - between authentication failures. If an authentication failure - happens after *failuretime* has elapsed since the previous - failure, the number of authentication failures is reset to 1. A - *failuretime* value of 0 (the default) means forever. - -.. _policy_lockoutduration: - -**-lockoutduration** *lockouttime* - (:ref:`duration` or :ref:`getdate` string) Sets the duration for - which the principal is locked from authenticating if too many - authentication failures occur without the specified failure count - interval elapsing. A duration of 0 (the default) means the - principal remains locked out until it is administratively unlocked - with ``modprinc -unlock``. - -**-allowedkeysalts** - Specifies the key/salt tuples supported for long-term keys when - setting or changing a principal's password/keys. See - :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a list of the - accepted values, but note that key/salt tuples must be separated - with commas (',') only. To clear the allowed key/salt policy use - a value of '-'. - -Example:: - - kadmin: add_policy -maxlife "2 days" -minlength 5 guests - kadmin: - -.. _modify_policy: - -modify_policy -~~~~~~~~~~~~~ - - **modify_policy** [*options*] *policy* - -Modifies the password policy named *policy*. Options are as described -for **add_policy**. - -This command requires the **modify** privilege. - -Alias: **modpol** - -.. _delete_policy: - -delete_policy -~~~~~~~~~~~~~ - - **delete_policy** [**-force**] *policy* - -Deletes the password policy named *policy*. Prompts for confirmation -before deletion. The command will fail if the policy is in use by any -principals. - -This command requires the **delete** privilege. - -Alias: **delpol** - -Example:: - - kadmin: del_policy guests - Are you sure you want to delete the policy "guests"? - (yes/no): yes - kadmin: - -.. _get_policy: - -get_policy -~~~~~~~~~~ - - **get_policy** [ **-terse** ] *policy* - -Displays the values of the password policy named *policy*. With the -**-terse** flag, outputs the fields as quoted strings separated by -tabs. - -This command requires the **inquire** privilege. - -Alias: **getpol** - -Examples:: - - kadmin: get_policy admin - Policy: admin - Maximum password life: 180 days 00:00:00 - Minimum password life: 00:00:00 - Minimum password length: 6 - Minimum number of password character classes: 2 - Number of old keys kept: 5 - Reference count: 17 - - kadmin: get_policy -terse admin - admin 15552000 0 6 2 5 17 - kadmin: - -The "Reference count" is the number of principals using that policy. -With the LDAP KDC database module, the reference count field is not -meaningful. - -.. _list_policies: - -list_policies -~~~~~~~~~~~~~ - - **list_policies** [*expression*] - -Retrieves all or some policy names. *expression* is a shell-style -glob expression that can contain the wild-card characters ``?``, -``*``, and ``[]``. All policy names matching the expression are -printed. If no expression is provided, all existing policy names are -printed. - -This command requires the **list** privilege. - -Aliases: **listpols**, **get_policies**, **getpols**. - -Examples:: - - kadmin: listpols - test-pol - dict-only - once-a-min - test-pol-nopw - - kadmin: listpols t* - test-pol - test-pol-nopw - kadmin: - -.. _ktadd: - -ktadd -~~~~~ - - | **ktadd** [options] *principal* - | **ktadd** [options] **-glob** *princ-exp* - -Adds a *principal*, or all principals matching *princ-exp*, to a -keytab file. Each principal's keys are randomized in the process. -The rules for *princ-exp* are described in the **list_principals** -command. - -This command requires the **inquire** and **changepw** privileges. -With the **-glob** form, it also requires the **list** privilege. - -The options are: - -**-k[eytab]** *keytab* - Use *keytab* as the keytab file. Otherwise, the default keytab is - used. - -**-e** *enc*:*salt*,... - Uses the specified keysalt list for setting the new keys of the - principal. See :ref:`Keysalt_lists` in :ref:`kdc.conf(5)` for a - list of possible values. - -**-q** - Display less verbose information. - -**-norandkey** - Do not randomize the keys. The keys and their version numbers stay - unchanged. This option cannot be specified in combination with the - **-e** option. - -An entry for each of the principal's unique encryption types is added, -ignoring multiple keys with the same encryption type but different -salt types. - -Alias: **xst** - -Example:: - - kadmin: ktadd -k /tmp/foo-new-keytab host/foo.mit.edu - Entry for principal host/foo.mit.edu@ATHENA.MIT.EDU with kvno 3, - encryption type aes256-cts-hmac-sha1-96 added to keytab - FILE:/tmp/foo-new-keytab - kadmin: - -.. _ktremove: - -ktremove -~~~~~~~~ - - **ktremove** [options] *principal* [*kvno* | *all* | *old*] - -Removes entries for the specified *principal* from a keytab. Requires -no permissions, since this does not require database access. - -If the string "all" is specified, all entries for that principal are -removed; if the string "old" is specified, all entries for that -principal except those with the highest kvno are removed. Otherwise, -the value specified is parsed as an integer, and all entries whose -kvno match that integer are removed. - -The options are: - -**-k[eytab]** *keytab* - Use *keytab* as the keytab file. Otherwise, the default keytab is - used. - -**-q** - Display less verbose information. - -Alias: **ktrem** - -Example:: - - kadmin: ktremove kadmin/admin all - Entry for principal kadmin/admin with kvno 3 removed from keytab - FILE:/etc/krb5.keytab - kadmin: - -lock -~~~~ - -Lock database exclusively. Use with extreme caution! This command -only works with the DB2 KDC database module. - -unlock -~~~~~~ - -Release the exclusive database lock. - -list_requests -~~~~~~~~~~~~~ - -Lists available for kadmin requests. - -Aliases: **lr**, **?** - -quit -~~~~ - -Exit program. If the database was locked, the lock is released. - -Aliases: **exit**, **q** - - -HISTORY -------- - -The kadmin program was originally written by Tom Yu at MIT, as an -interface to the OpenVision Kerberos administration program. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kpasswd(1)`, :ref:`kadmind(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kadmind.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kadmind.rst.txt deleted file mode 100644 index 7e148263..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kadmind.rst.txt +++ /dev/null @@ -1,129 +0,0 @@ -.. _kadmind(8): - -kadmind -======= - -SYNOPSIS --------- - -**kadmind** -[**-x** *db_args*] -[**-r** *realm*] -[**-m**] -[**-nofork**] -[**-proponly**] -[**-port** *port-number*] -[**-P** *pid_file*] -[**-p** *kdb5_util_path*] -[**-K** *kprop_path*] -[**-k** *kprop_port*] -[**-F** *dump_file*] - -DESCRIPTION ------------ - -kadmind starts the Kerberos administration server. kadmind typically -runs on the primary Kerberos server, which stores the KDC database. -If the KDC database uses the LDAP module, the administration server -and the KDC server need not run on the same machine. kadmind accepts -remote requests from programs such as :ref:`kadmin(1)` and -:ref:`kpasswd(1)` to administer the information in these database. - -kadmind requires a number of configuration files to be set up in order -for it to work: - -:ref:`kdc.conf(5)` - The KDC configuration file contains configuration information for - the KDC and admin servers. kadmind uses settings in this file to - locate the Kerberos database, and is also affected by the - **acl_file**, **dict_file**, **kadmind_port**, and iprop-related - settings. - -:ref:`kadm5.acl(5)` - kadmind's ACL (access control list) tells it which principals are - allowed to perform administration actions. The pathname to the - ACL file can be specified with the **acl_file** :ref:`kdc.conf(5)` - variable; by default, it is |kdcdir|\ ``/kadm5.acl``. - -After the server begins running, it puts itself in the background and -disassociates itself from its controlling terminal. - -kadmind can be configured for incremental database propagation. -Incremental propagation allows replica KDC servers to receive -principal and policy updates incrementally instead of receiving full -dumps of the database. This facility can be enabled in the -:ref:`kdc.conf(5)` file with the **iprop_enable** option. Incremental -propagation requires the principal ``kiprop/PRIMARY\@REALM`` (where -PRIMARY is the primary KDC's canonical host name, and REALM the realm -name). In release 1.13, this principal is automatically created and -registered into the datebase. - - -OPTIONS -------- - -**-r** *realm* - specifies the realm that kadmind will serve; if it is not - specified, the default realm of the host is used. - -**-m** - causes the master database password to be fetched from the - keyboard (before the server puts itself in the background, if not - invoked with the **-nofork** option) rather than from a file on - disk. - -**-nofork** - causes the server to remain in the foreground and remain - associated to the terminal. - -**-proponly** - causes the server to only listen and respond to Kerberos replica - incremental propagation polling requests. This option can be used - to set up a hierarchical propagation topology where a replica KDC - provides incremental updates to other Kerberos replicas. - -**-port** *port-number* - specifies the port on which the administration server listens for - connections. The default port is determined by the - **kadmind_port** configuration variable in :ref:`kdc.conf(5)`. - -**-P** *pid_file* - specifies the file to which the PID of kadmind process should be - written after it starts up. This file can be used to identify - whether kadmind is still running and to allow init scripts to stop - the correct process. - -**-p** *kdb5_util_path* - specifies the path to the kdb5_util command to use when dumping the - KDB in response to full resync requests when iprop is enabled. - -**-K** *kprop_path* - specifies the path to the kprop command to use to send full dumps - to replicas in response to full resync requests. - -**-k** *kprop_port* - specifies the port by which the kprop process that is spawned by - kadmind connects to the replica kpropd, in order to transfer the - dump file during an iprop full resync request. - -**-F** *dump_file* - specifies the file path to be used for dumping the KDB in response - to full resync requests when iprop is enabled. - -**-x** *db_args* - specifies database-specific arguments. See :ref:`Database Options - ` in :ref:`kadmin(1)` for supported arguments. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kpasswd(1)`, :ref:`kadmin(1)`, :ref:`kdb5_util(8)`, -:ref:`kdb5_ldap_util(8)`, :ref:`kadm5.acl(5)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kdb5_ldap_util.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kdb5_ldap_util.rst.txt deleted file mode 100644 index 73a920f4..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kdb5_ldap_util.rst.txt +++ /dev/null @@ -1,449 +0,0 @@ -.. _kdb5_ldap_util(8): - -kdb5_ldap_util -=============== - -SYNOPSIS --------- - -.. _kdb5_ldap_util_synopsis: - -**kdb5_ldap_util** -[**-D** *user_dn* [**-w** *passwd*]] -[**-H** *ldapuri*] -**command** -[*command_options*] - -.. _kdb5_ldap_util_synopsis_end: - - -DESCRIPTION ------------ - -kdb5_ldap_util allows an administrator to manage realms, Kerberos -services and ticket policies. - - -COMMAND-LINE OPTIONS --------------------- - -.. _kdb5_ldap_util_options: - -**-r** *realm* - Specifies the realm to be operated on. - -**-D** *user_dn* - Specifies the Distinguished Name (DN) of the user who has - sufficient rights to perform the operation on the LDAP server. - -**-w** *passwd* - Specifies the password of *user_dn*. This option is not - recommended. - -**-H** *ldapuri* - Specifies the URI of the LDAP server. - -By default, kdb5_ldap_util operates on the default realm (as specified -in :ref:`krb5.conf(5)`) and connects and authenticates to the LDAP -server in the same manner as :ref:kadmind(8)` would given the -parameters in :ref:`dbdefaults` in :ref:`kdc.conf(5)`. - -.. _kdb5_ldap_util_options_end: - - -COMMANDS --------- - -create -~~~~~~ - -.. _kdb5_ldap_util_create: - - **create** - [**-subtrees** *subtree_dn_list*] - [**-sscope** *search_scope*] - [**-containerref** *container_reference_dn*] - [**-k** *mkeytype*] - [**-kv** *mkeyVNO*] - [**-M** *mkeyname*] - [**-m|-P** *password*\|\ **-sf** *stashfilename*] - [**-s**] - [**-maxtktlife** *max_ticket_life*] - [**-maxrenewlife** *max_renewable_ticket_life*] - [*ticket_flags*] - -Creates realm in directory. Options: - -**-subtrees** *subtree_dn_list* - Specifies the list of subtrees containing the principals of a - realm. The list contains the DNs of the subtree objects separated - by colon (``:``). - -**-sscope** *search_scope* - Specifies the scope for searching the principals under the - subtree. The possible values are 1 or one (one level), 2 or sub - (subtrees). - -**-containerref** *container_reference_dn* - Specifies the DN of the container object in which the principals - of a realm will be created. If the container reference is not - configured for a realm, the principals will be created in the - realm container. - -**-k** *mkeytype* - Specifies the key type of the master key in the database. The - default is given by the **master_key_type** variable in - :ref:`kdc.conf(5)`. - -**-kv** *mkeyVNO* - Specifies the version number of the master key in the database; - the default is 1. Note that 0 is not allowed. - -**-M** *mkeyname* - Specifies the principal name for the master key in the database. - If not specified, the name is determined by the - **master_key_name** variable in :ref:`kdc.conf(5)`. - -**-m** - Specifies that the master database password should be read from - the TTY rather than fetched from a file on the disk. - -**-P** *password* - Specifies the master database password. This option is not - recommended. - -**-sf** *stashfilename* - Specifies the stash file of the master database password. - -**-s** - Specifies that the stash file is to be created. - -**-maxtktlife** *max_ticket_life* - (:ref:`getdate` string) Specifies maximum ticket life for - principals in this realm. - -**-maxrenewlife** *max_renewable_ticket_life* - (:ref:`getdate` string) Specifies maximum renewable life of - tickets for principals in this realm. - -*ticket_flags* - Specifies global ticket flags for the realm. Allowable flags are - documented in the description of the **add_principal** command in - :ref:`kadmin(1)`. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU create -subtrees o=org -sscope SUB - Password for "cn=admin,o=org": - Initializing database for realm 'ATHENA.MIT.EDU' - You will be prompted for the database Master Password. - It is important that you NOT FORGET this password. - Enter KDC database master key: - Re-enter KDC database master key to verify: - -.. _kdb5_ldap_util_create_end: - -modify -~~~~~~ - -.. _kdb5_ldap_util_modify: - - **modify** - [**-subtrees** *subtree_dn_list*] - [**-sscope** *search_scope*] - [**-containerref** *container_reference_dn*] - [**-maxtktlife** *max_ticket_life*] - [**-maxrenewlife** *max_renewable_ticket_life*] - [*ticket_flags*] - -Modifies the attributes of a realm. Options: - -**-subtrees** *subtree_dn_list* - Specifies the list of subtrees containing the principals of a - realm. The list contains the DNs of the subtree objects separated - by colon (``:``). This list replaces the existing list. - -**-sscope** *search_scope* - Specifies the scope for searching the principals under the - subtrees. The possible values are 1 or one (one level), 2 or sub - (subtrees). - -**-containerref** *container_reference_dn* Specifies the DN of the - container object in which the principals of a realm will be - created. - -**-maxtktlife** *max_ticket_life* - (:ref:`getdate` string) Specifies maximum ticket life for - principals in this realm. - -**-maxrenewlife** *max_renewable_ticket_life* - (:ref:`getdate` string) Specifies maximum renewable life of - tickets for principals in this realm. - -*ticket_flags* - Specifies global ticket flags for the realm. Allowable flags are - documented in the description of the **add_principal** command in - :ref:`kadmin(1)`. - -Example:: - - shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H - ldaps://ldap-server1.mit.edu modify +requires_preauth - Password for "cn=admin,o=org": - shell% - -.. _kdb5_ldap_util_modify_end: - -view -~~~~ - -.. _kdb5_ldap_util_view: - - **view** - -Displays the attributes of a realm. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU view - Password for "cn=admin,o=org": - Realm Name: ATHENA.MIT.EDU - Subtree: ou=users,o=org - Subtree: ou=servers,o=org - SearchScope: ONE - Maximum ticket life: 0 days 01:00:00 - Maximum renewable life: 0 days 10:00:00 - Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE - -.. _kdb5_ldap_util_view_end: - -destroy -~~~~~~~ - -.. _kdb5_ldap_util_destroy: - - **destroy** [**-f**] - -Destroys an existing realm. Options: - -**-f** - If specified, will not prompt the user for confirmation. - -Example:: - - shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H - ldaps://ldap-server1.mit.edu destroy - Password for "cn=admin,o=org": - Deleting KDC database of 'ATHENA.MIT.EDU', are you sure? - (type 'yes' to confirm)? yes - OK, deleting database of 'ATHENA.MIT.EDU'... - shell% - -.. _kdb5_ldap_util_destroy_end: - -list -~~~~ - -.. _kdb5_ldap_util_list: - - **list** - -Lists the names of realms under the container. - -Example:: - - shell% kdb5_ldap_util -D cn=admin,o=org -H - ldaps://ldap-server1.mit.edu list - Password for "cn=admin,o=org": - ATHENA.MIT.EDU - OPENLDAP.MIT.EDU - MEDIA-LAB.MIT.EDU - shell% - -.. _kdb5_ldap_util_list_end: - -stashsrvpw -~~~~~~~~~~ - -.. _kdb5_ldap_util_stashsrvpw: - - **stashsrvpw** - [**-f** *filename*] - *name* - -Allows an administrator to store the password for service object in a -file so that KDC and Administration server can use it to authenticate -to the LDAP server. Options: - -**-f** *filename* - Specifies the complete path of the service password file. By - default, ``/usr/local/var/service_passwd`` is used. - -*name* - Specifies the name of the object whose password is to be stored. - If :ref:`krb5kdc(8)` or :ref:`kadmind(8)` are configured for - simple binding, this should be the distinguished name it will - use as given by the **ldap_kdc_dn** or **ldap_kadmind_dn** - variable in :ref:`kdc.conf(5)`. If the KDC or kadmind is - configured for SASL binding, this should be the authentication - name it will use as given by the **ldap_kdc_sasl_authcid** or - **ldap_kadmind_sasl_authcid** variable. - -Example:: - - kdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile - cn=service-kdc,o=org - Password for "cn=service-kdc,o=org": - Re-enter password for "cn=service-kdc,o=org": - -.. _kdb5_ldap_util_stashsrvpw_end: - -create_policy -~~~~~~~~~~~~~ - -.. _kdb5_ldap_util_create_policy: - - **create_policy** - [**-maxtktlife** *max_ticket_life*] - [**-maxrenewlife** *max_renewable_ticket_life*] - [*ticket_flags*] - *policy_name* - -Creates a ticket policy in the directory. Options: - -**-maxtktlife** *max_ticket_life* - (:ref:`getdate` string) Specifies maximum ticket life for - principals. - -**-maxrenewlife** *max_renewable_ticket_life* - (:ref:`getdate` string) Specifies maximum renewable life of - tickets for principals. - -*ticket_flags* - Specifies the ticket flags. If this option is not specified, by - default, no restriction will be set by the policy. Allowable - flags are documented in the description of the **add_principal** - command in :ref:`kadmin(1)`. - -*policy_name* - Specifies the name of the ticket policy. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU create_policy -maxtktlife "1 day" - -maxrenewlife "1 week" -allow_postdated +needchange - -allow_forwardable tktpolicy - Password for "cn=admin,o=org": - -.. _kdb5_ldap_util_create_policy_end: - -modify_policy -~~~~~~~~~~~~~ - -.. _kdb5_ldap_util_modify_policy: - - **modify_policy** - [**-maxtktlife** *max_ticket_life*] - [**-maxrenewlife** *max_renewable_ticket_life*] - [*ticket_flags*] - *policy_name* - -Modifies the attributes of a ticket policy. Options are same as for -**create_policy**. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H - ldaps://ldap-server1.mit.edu -r ATHENA.MIT.EDU modify_policy - -maxtktlife "60 minutes" -maxrenewlife "10 hours" - +allow_postdated -requires_preauth tktpolicy - Password for "cn=admin,o=org": - -.. _kdb5_ldap_util_modify_policy_end: - -view_policy -~~~~~~~~~~~ - -.. _kdb5_ldap_util_view_policy: - - **view_policy** - *policy_name* - -Displays the attributes of the named ticket policy. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU view_policy tktpolicy - Password for "cn=admin,o=org": - Ticket policy: tktpolicy - Maximum ticket life: 0 days 01:00:00 - Maximum renewable life: 0 days 10:00:00 - Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE - -.. _kdb5_ldap_util_view_policy_end: - -destroy_policy -~~~~~~~~~~~~~~ - -.. _kdb5_ldap_util_destroy_policy: - - **destroy_policy** - [**-force**] - *policy_name* - -Destroys an existing ticket policy. Options: - -**-force** - Forces the deletion of the policy object. If not specified, the - user will be prompted for confirmation before deleting the policy. - -*policy_name* - Specifies the name of the ticket policy. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU destroy_policy tktpolicy - Password for "cn=admin,o=org": - This will delete the policy object 'tktpolicy', are you sure? - (type 'yes' to confirm)? yes - ** policy object 'tktpolicy' deleted. - -.. _kdb5_ldap_util_destroy_policy_end: - -list_policy -~~~~~~~~~~~ - -.. _kdb5_ldap_util_list_policy: - - **list_policy** - -Lists ticket policies. - -Example:: - - kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu - -r ATHENA.MIT.EDU list_policy - Password for "cn=admin,o=org": - tktpolicy - tmppolicy - userpolicy - -.. _kdb5_ldap_util_list_policy_end: - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kdb5_util.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kdb5_util.rst.txt deleted file mode 100644 index 444c58bc..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kdb5_util.rst.txt +++ /dev/null @@ -1,502 +0,0 @@ -.. _kdb5_util(8): - -kdb5_util -========= - -SYNOPSIS --------- - -.. _kdb5_util_synopsis: - -**kdb5_util** -[**-r** *realm*] -[**-d** *dbname*] -[**-k** *mkeytype*] -[**-kv** *mkeyVNO*] -[**-M** *mkeyname*] -[**-m**] -[**-sf** *stashfilename*] -[**-P** *password*] -[**-x** *db_args*] -*command* [*command_options*] - -.. _kdb5_util_synopsis_end: - -DESCRIPTION ------------ - -kdb5_util allows an administrator to perform maintenance procedures on -the KDC database. Databases can be created, destroyed, and dumped to -or loaded from ASCII files. kdb5_util can create a Kerberos master -key stash file or perform live rollover of the master key. - -When kdb5_util is run, it attempts to acquire the master key and open -the database. However, execution continues regardless of whether or -not kdb5_util successfully opens the database, because the database -may not exist yet or the stash file may be corrupt. - -Note that some KDC database modules may not support all kdb5_util -commands. - - -COMMAND-LINE OPTIONS --------------------- - -.. _kdb5_util_options: - -**-r** *realm* - specifies the Kerberos realm of the database. - -**-d** *dbname* - specifies the name under which the principal database is stored; - by default the database is that listed in :ref:`kdc.conf(5)`. The - password policy database and lock files are also derived from this - value. - -**-k** *mkeytype* - specifies the key type of the master key in the database. The - default is given by the **master_key_type** variable in - :ref:`kdc.conf(5)`. - -**-kv** *mkeyVNO* - Specifies the version number of the master key in the database; - the default is 1. Note that 0 is not allowed. - -**-M** *mkeyname* - principal name for the master key in the database. If not - specified, the name is determined by the **master_key_name** - variable in :ref:`kdc.conf(5)`. - -**-m** - specifies that the master database password should be read from - the keyboard rather than fetched from a file on disk. - -**-sf** *stash_file* - specifies the stash filename of the master database password. If - not specified, the filename is determined by the - **key_stash_file** variable in :ref:`kdc.conf(5)`. - -**-P** *password* - specifies the master database password. Using this option may - expose the password to other users on the system via the process - list. - -**-x** *db_args* - specifies database-specific options. See :ref:`kadmin(1)` for - supported options. - -.. _kdb5_util_options_end: - - -COMMANDS --------- - -create -~~~~~~ - -.. _kdb5_util_create: - - **create** [**-s**] - -Creates a new database. If the **-s** option is specified, the stash -file is also created. This command fails if the database already -exists. If the command is successful, the database is opened just as -if it had already existed when the program was first run. - -.. _kdb5_util_create_end: - -destroy -~~~~~~~ - -.. _kdb5_util_destroy: - - **destroy** [**-f**] - -Destroys the database, first overwriting the disk sectors and then -unlinking the files, after prompting the user for confirmation. With -the **-f** argument, does not prompt the user. - -.. _kdb5_util_destroy_end: - -stash -~~~~~ - -.. _kdb5_util_stash: - - **stash** [**-f** *keyfile*] - -Stores the master principal's keys in a stash file. The **-f** -argument can be used to override the *keyfile* specified in -:ref:`kdc.conf(5)`. - -.. _kdb5_util_stash_end: - -dump -~~~~ - -.. _kdb5_util_dump: - - **dump** [**-b7**\|\ **-r13**\|\ **-r18**] - [**-verbose**] [**-mkey_convert**] [**-new_mkey_file** - *mkey_file*] [**-rev**] [**-recurse**] [*filename* - [*principals*...]] - -Dumps the current Kerberos and KADM5 database into an ASCII file. By -default, the database is dumped in current format, "kdb5_util -load_dump version 7". If filename is not specified, or is the string -"-", the dump is sent to standard output. Options: - -**-b7** - causes the dump to be in the Kerberos 5 Beta 7 format ("kdb5_util - load_dump version 4"). This was the dump format produced on - releases prior to 1.2.2. - -**-r13** - causes the dump to be in the Kerberos 5 1.3 format ("kdb5_util - load_dump version 5"). This was the dump format produced on - releases prior to 1.8. - -**-r18** - causes the dump to be in the Kerberos 5 1.8 format ("kdb5_util - load_dump version 6"). This was the dump format produced on - releases prior to 1.11. - -**-verbose** - causes the name of each principal and policy to be printed as it - is dumped. - -**-mkey_convert** - prompts for a new master key. This new master key will be used to - re-encrypt principal key data in the dumpfile. The principal keys - themselves will not be changed. - -**-new_mkey_file** *mkey_file* - the filename of a stash file. The master key in this stash file - will be used to re-encrypt the key data in the dumpfile. The key - data in the database will not be changed. - -**-rev** - dumps in reverse order. This may recover principals that do not - dump normally, in cases where database corruption has occurred. - -**-recurse** - causes the dump to walk the database recursively (btree only). - This may recover principals that do not dump normally, in cases - where database corruption has occurred. In cases of such - corruption, this option will probably retrieve more principals - than the **-rev** option will. - - .. versionchanged:: 1.15 - Release 1.15 restored the functionality of the **-recurse** - option. - - .. versionchanged:: 1.5 - The **-recurse** option ceased working until release 1.15, - doing a normal dump instead of a recursive traversal. - -.. _kdb5_util_dump_end: - -load -~~~~ - -.. _kdb5_util_load: - - **load** [**-b7**\|\ **-r13**\|\ **-r18**] [**-hash**] - [**-verbose**] [**-update**] *filename* - -Loads a database dump from the named file into the named database. If -no option is given to determine the format of the dump file, the -format is detected automatically and handled as appropriate. Unless -the **-update** option is given, **load** creates a new database -containing only the data in the dump file, overwriting the contents of -any previously existing database. Note that when using the LDAP KDC -database module, the **-update** flag is required. - -Options: - -**-b7** - requires the database to be in the Kerberos 5 Beta 7 format - ("kdb5_util load_dump version 4"). This was the dump format - produced on releases prior to 1.2.2. - -**-r13** - requires the database to be in Kerberos 5 1.3 format ("kdb5_util - load_dump version 5"). This was the dump format produced on - releases prior to 1.8. - -**-r18** - requires the database to be in Kerberos 5 1.8 format ("kdb5_util - load_dump version 6"). This was the dump format produced on - releases prior to 1.11. - -**-hash** - stores the database in hash format, if using the DB2 database - type. If this option is not specified, the database will be - stored in btree format. This option is not recommended, as - databases stored in hash format are known to corrupt data and lose - principals. - -**-verbose** - causes the name of each principal and policy to be printed as it - is dumped. - -**-update** - records from the dump file are added to or updated in the existing - database. Otherwise, a new database is created containing only - what is in the dump file and the old one destroyed upon successful - completion. - -.. _kdb5_util_load_end: - -ark -~~~ - - **ark** [**-e** *enc*:*salt*,...] *principal* - -Adds new random keys to *principal* at the next available key version -number. Keys for the current highest key version number will be -preserved. The **-e** option specifies the list of encryption and -salt types to be used for the new keys. - -add_mkey -~~~~~~~~ - - **add_mkey** [**-e** *etype*] [**-s**] - -Adds a new master key to the master key principal, but does not mark -it as active. Existing master keys will remain. The **-e** option -specifies the encryption type of the new master key; see -:ref:`Encryption_types` in :ref:`kdc.conf(5)` for a list of possible -values. The **-s** option stashes the new master key in the stash -file, which will be created if it doesn't already exist. - -After a new master key is added, it should be propagated to replica -servers via a manual or periodic invocation of :ref:`kprop(8)`. Then, -the stash files on the replica servers should be updated with the -kdb5_util **stash** command. Once those steps are complete, the key -is ready to be marked active with the kdb5_util **use_mkey** command. - -use_mkey -~~~~~~~~ - - **use_mkey** *mkeyVNO* [*time*] - -Sets the activation time of the master key specified by *mkeyVNO*. -Once a master key becomes active, it will be used to encrypt newly -created principal keys. If no *time* argument is given, the current -time is used, causing the specified master key version to become -active immediately. The format for *time* is :ref:`getdate` string. - -After a new master key becomes active, the kdb5_util -**update_princ_encryption** command can be used to update all -principal keys to be encrypted in the new master key. - -list_mkeys -~~~~~~~~~~ - - **list_mkeys** - -List all master keys, from most recent to earliest, in the master key -principal. The output will show the kvno, enctype, and salt type for -each mkey, similar to the output of :ref:`kadmin(1)` **getprinc**. A -``*`` following an mkey denotes the currently active master key. - -purge_mkeys -~~~~~~~~~~~ - - **purge_mkeys** [**-f**] [**-n**] [**-v**] - -Delete master keys from the master key principal that are not used to -protect any principals. This command can be used to remove old master -keys all principal keys are protected by a newer master key. - -**-f** - does not prompt for confirmation. - -**-n** - performs a dry run, showing master keys that would be purged, but - not actually purging any keys. - -**-v** - gives more verbose output. - -update_princ_encryption -~~~~~~~~~~~~~~~~~~~~~~~ - - **update_princ_encryption** [**-f**] [**-n**] [**-v**] - [*princ-pattern*] - -Update all principal records (or only those matching the -*princ-pattern* glob pattern) to re-encrypt the key data using the -active database master key, if they are encrypted using a different -version, and give a count at the end of the number of principals -updated. If the **-f** option is not given, ask for confirmation -before starting to make changes. The **-v** option causes each -principal processed to be listed, with an indication as to whether it -needed updating or not. The **-n** option performs a dry run, only -showing the actions which would have been taken. - -tabdump -~~~~~~~ - - **tabdump** [**-H**] [**-c**] [**-e**] [**-n**] [**-o** *outfile*] - *dumptype* - -Dump selected fields of the database in a tabular format suitable for -reporting (e.g., using traditional Unix text processing tools) or -importing into relational databases. The data format is tab-separated -(default), or optionally comma-separated (CSV), with a fixed number of -columns. The output begins with a header line containing field names, -unless suppression is requested using the **-H** option. - -The *dumptype* parameter specifies the name of an output table (see -below). - -Options: - -**-H** - suppress writing the field names in a header line - -**-c** - use comma separated values (CSV) format, with minimal quoting, - instead of the default tab-separated (unquoted, unescaped) format - -**-e** - write empty hexadecimal string fields as empty fields instead of - as "-1". - -**-n** - produce numeric output for fields that normally have symbolic - output, such as enctypes and flag names. Also requests output of - time stamps as decimal POSIX time_t values. - -**-o** *outfile* - write the dump to the specified output file instead of to standard - output - -Dump types: - -**keydata** - principal encryption key information, including actual key data - (which is still encrypted in the master key) - - **name** - principal name - **keyindex** - index of this key in the principal's key list - **kvno** - key version number - **enctype** - encryption type - **key** - key data as a hexadecimal string - **salttype** - salt type - **salt** - salt data as a hexadecimal string - -**keyinfo** - principal encryption key information (as in **keydata** above), - excluding actual key data - -**princ_flags** - principal boolean attributes. Flag names print as hexadecimal - numbers if the **-n** option is specified, and all flag positions - are printed regardless of whether or not they are set. If **-n** - is not specified, print all known flag names for each principal, - but only print hexadecimal flag names if the corresponding flag is - set. - - **name** - principal name - **flag** - flag name - **value** - boolean value (0 for clear, or 1 for set) - -**princ_lockout** - state information used for tracking repeated password failures - - **name** - principal name - **last_success** - time stamp of most recent successful authentication - **last_failed** - time stamp of most recent failed authentication - **fail_count** - count of failed attempts - -**princ_meta** - principal metadata - - **name** - principal name - **modby** - name of last principal to modify this principal - **modtime** - timestamp of last modification - **lastpwd** - timestamp of last password change - **policy** - policy object name - **mkvno** - key version number of the master key that encrypts this - principal's key data - **hist_kvno** - key version number of the history key that encrypts the key - history data for this principal - -**princ_stringattrs** - string attributes (key/value pairs) - - **name** - principal name - **key** - attribute name - **value** - attribute value - -**princ_tktpolicy** - per-principal ticket policy data, including maximum ticket - lifetimes - - **name** - principal name - **expiration** - principal expiration date - **pw_expiration** - password expiration date - **max_life** - maximum ticket lifetime - **max_renew_life** - maximum renewable ticket lifetime - -Examples:: - - $ kdb5_util tabdump -o keyinfo.txt keyinfo - $ cat keyinfo.txt - name keyindex kvno enctype salttype salt - K/M@EXAMPLE.COM 0 1 aes256-cts-hmac-sha384-192 normal -1 - foo@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1 - bar@EXAMPLE.COM 0 1 aes128-cts-hmac-sha1-96 normal -1 - $ sqlite3 - sqlite> .mode tabs - sqlite> .import keyinfo.txt keyinfo - sqlite> select * from keyinfo where enctype like 'aes256-%'; - K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1 - sqlite> .quit - $ awk -F'\t' '$4 ~ /aes256-/ { print }' keyinfo.txt - K/M@EXAMPLE.COM 1 1 aes256-cts-hmac-sha384-192 normal -1 - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kprop.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kprop.rst.txt deleted file mode 100644 index a118b262..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kprop.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -.. _kprop(8): - -kprop -===== - -SYNOPSIS --------- - -**kprop** -[**-r** *realm*] -[**-f** *file*] -[**-d**] -[**-P** *port*] -[**-s** *keytab*] -*replica_host* - - -DESCRIPTION ------------ - -kprop is used to securely propagate a Kerberos V5 database dump file -from the primary Kerberos server to a replica Kerberos server, which is -specified by *replica_host*. The dump file must be created by -:ref:`kdb5_util(8)`. - - -OPTIONS -------- - -**-r** *realm* - Specifies the realm of the primary server. - -**-f** *file* - Specifies the filename where the dumped principal database file is - to be found; by default the dumped database file is normally - |kdcdir|\ ``/replica_datatrans``. - -**-P** *port* - Specifies the port to use to contact the :ref:`kpropd(8)` server - on the remote host. - -**-d** - Prints debugging information. - -**-s** *keytab* - Specifies the location of the keytab file. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kpropd(8)`, :ref:`kdb5_util(8)`, :ref:`krb5kdc(8)`, -:ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kpropd.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kpropd.rst.txt deleted file mode 100644 index 30c66c7e..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kpropd.rst.txt +++ /dev/null @@ -1,144 +0,0 @@ -.. _kpropd(8): - -kpropd -====== - -SYNOPSIS --------- - -**kpropd** -[**-r** *realm*] -[**-A** *admin_server*] -[**-a** *acl_file*] -[**-f** *replica_dumpfile*] -[**-F** *principal_database*] -[**-p** *kdb5_util_prog*] -[**-P** *port*] -[**--pid-file**\ =\ *pid_file*] -[**-D**] -[**-d**] -[**-s** *keytab_file*] - -DESCRIPTION ------------ - -The *kpropd* command runs on the replica KDC server. It listens for -update requests made by the :ref:`kprop(8)` program. If incremental -propagation is enabled, it periodically requests incremental updates -from the primary KDC. - -When the replica receives a kprop request from the primary, kpropd -accepts the dumped KDC database and places it in a file, and then runs -:ref:`kdb5_util(8)` to load the dumped database into the active -database which is used by :ref:`krb5kdc(8)`. This allows the primary -Kerberos server to use :ref:`kprop(8)` to propagate its database to -the replica servers. Upon a successful download of the KDC database -file, the replica Kerberos server will have an up-to-date KDC -database. - -Where incremental propagation is not used, kpropd is commonly invoked -out of inetd(8) as a nowait service. This is done by adding a line to -the ``/etc/inetd.conf`` file which looks like this:: - - kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd - -kpropd can also run as a standalone daemon, backgrounding itself and -waiting for connections on port 754 (or the port specified with the -**-P** option if given). Standalone mode is required for incremental -propagation. Starting in release 1.11, kpropd automatically detects -whether it was run from inetd and runs in standalone mode if it is -not. Prior to release 1.11, the **-S** option is required to run -kpropd in standalone mode; this option is now accepted for backward -compatibility but does nothing. - -Incremental propagation may be enabled with the **iprop_enable** -variable in :ref:`kdc.conf(5)`. If incremental propagation is -enabled, the replica periodically polls the primary KDC for updates, at -an interval determined by the **iprop_replica_poll** variable. If the -replica receives updates, kpropd updates its log file with any updates -from the primary. :ref:`kproplog(8)` can be used to view a summary of -the update entry log on the replica KDC. If incremental propagation -is enabled, the principal ``kiprop/replicahostname@REALM`` (where -*replicahostname* is the name of the replica KDC host, and *REALM* is -the name of the Kerberos realm) must be present in the replica's -keytab file. - -:ref:`kproplog(8)` can be used to force full replication when iprop is -enabled. - - -OPTIONS --------- - -**-r** *realm* - Specifies the realm of the primary server. - -**-A** *admin_server* - Specifies the server to be contacted for incremental updates; by - default, the primary admin server is contacted. - -**-f** *file* - Specifies the filename where the dumped principal database file is - to be stored; by default the dumped database file is |kdcdir|\ - ``/from_master``. - -**-F** *kerberos_db* - Path to the Kerberos database file, if not the default. - -**-p** - Allows the user to specify the pathname to the :ref:`kdb5_util(8)` - program; by default the pathname used is |sbindir|\ - ``/kdb5_util``. - -**-D** - In this mode, kpropd will not detach itself from the current job - and run in the background. Instead, it will run in the - foreground. - -**-d** - Turn on debug mode. kpropd will print out debugging messages - during the database propogation and will run in the foreground - (implies **-D**). - -**-P** - Allow for an alternate port number for kpropd to listen on. This - is only useful in combination with the **-S** option. - -**-a** *acl_file* - Allows the user to specify the path to the kpropd.acl file; by - default the path used is |kdcdir|\ ``/kpropd.acl``. - -**--pid-file**\ =\ *pid_file* - In standalone mode, write the process ID of the daemon into - *pid_file*. - -**-s** *keytab_file* - Path to a keytab to use for acquiring acceptor credentials. - -**-x** *db_args* - Database-specific arguments. See :ref:`Database Options - ` in :ref:`kadmin(1)` for supported arguments. - - -FILES ------ - -kpropd.acl - Access file for kpropd; the default location is - ``/usr/local/var/krb5kdc/kpropd.acl``. Each entry is a line - containing the principal of a host from which the local machine - will allow Kerberos database propagation via :ref:`kprop(8)`. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kprop(8)`, :ref:`kdb5_util(8)`, :ref:`krb5kdc(8)`, -:ref:`kerberos(7)`, inetd(8) diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kproplog.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kproplog.rst.txt deleted file mode 100644 index 3b72cfa0..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/kproplog.rst.txt +++ /dev/null @@ -1,85 +0,0 @@ -.. _kproplog(8): - -kproplog -======== - -SYNOPSIS --------- - -**kproplog** [**-h**] [**-e** *num*] [-v] -**kproplog** [-R] - - -DESCRIPTION ------------ - -The kproplog command displays the contents of the KDC database update -log to standard output. It can be used to keep track of incremental -updates to the principal database. The update log file contains the -update log maintained by the :ref:`kadmind(8)` process on the primary -KDC server and the :ref:`kpropd(8)` process on the replica KDC -servers. When updates occur, they are logged to this file. -Subsequently any KDC replica configured for incremental updates will -request the current data from the primary KDC and update their log -file with any updates returned. - -The kproplog command requires read access to the update log file. It -will display update entries only for the KDC it runs on. - -If no options are specified, kproplog displays a summary of the update -log. If invoked on the primary, kproplog also displays all of the -update entries. If invoked on a replica KDC server, kproplog displays -only a summary of the updates, which includes the serial number of the -last update received and the associated time stamp of the last update. - - -OPTIONS -------- - -**-R** - Reset the update log. This forces full resynchronization. If - used on a replica then that replica will request a full resync. - If used on the primary then all replicas will request full - resyncs. - -**-h** - Display a summary of the update log. This information includes - the database version number, state of the database, the number of - updates in the log, the time stamp of the first and last update, - and the version number of the first and last update entry. - -**-e** *num* - Display the last *num* update entries in the log. This is useful - when debugging synchronization between KDC servers. - -**-v** - Display individual attributes per update. An example of the - output generated for one entry:: - - Update Entry - Update serial # : 4 - Update operation : Add - Update principal : test@EXAMPLE.COM - Update size : 424 - Update committed : True - Update time stamp : Fri Feb 20 23:37:42 2004 - Attributes changed : 6 - Principal - Key data - Password last changed - Modifying principal - Modification time - TL data - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kpropd(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/krb5kdc.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/krb5kdc.rst.txt deleted file mode 100644 index 631a0de8..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/krb5kdc.rst.txt +++ /dev/null @@ -1,114 +0,0 @@ -.. _krb5kdc(8): - -krb5kdc -======= - -SYNOPSIS --------- - -**krb5kdc** -[**-x** *db_args*] -[**-d** *dbname*] -[**-k** *keytype*] -[**-M** *mkeyname*] -[**-p** *portnum*] -[**-m**] -[**-r** *realm*] -[**-n**] -[**-w** *numworkers*] -[**-P** *pid_file*] -[**-T** *time_offset*] - - -DESCRIPTION ------------ - -krb5kdc is the Kerberos version 5 Authentication Service and Key -Distribution Center (AS/KDC). - - -OPTIONS -------- - -The **-r** *realm* option specifies the realm for which the server -should provide service. This option may be specified multiple times -to serve multiple realms. If no **-r** option is given, the default -realm (as specified in :ref:`krb5.conf(5)`) will be served. - -The **-d** *dbname* option specifies the name under which the -principal database can be found. This option does not apply to the -LDAP database. - -The **-k** *keytype* option specifies the key type of the master key -to be entered manually as a password when **-m** is given; the default -is |defmkey|. - -The **-M** *mkeyname* option specifies the principal name for the -master key in the database (usually ``K/M`` in the KDC's realm). - -The **-m** option specifies that the master database password should -be fetched from the keyboard rather than from a stash file. - -The **-n** option specifies that the KDC does not put itself in the -background and does not disassociate itself from the terminal. - -The **-P** *pid_file* option tells the KDC to write its PID into -*pid_file* after it starts up. This can be used to identify whether -the KDC is still running and to allow init scripts to stop the correct -process. - -The **-p** *portnum* option specifies the default UDP and TCP port -numbers which the KDC should listen on for Kerberos version 5 -requests, as a comma-separated list. This value overrides the port -numbers specified in the :ref:`kdcdefaults` section of -:ref:`kdc.conf(5)`, but may be overridden by realm-specific values. -If no value is given from any source, the default port is 88. - -The **-w** *numworkers* option tells the KDC to fork *numworkers* -processes to listen to the KDC ports and process requests in parallel. -The top level KDC process (whose pid is recorded in the pid file if -the **-P** option is also given) acts as a supervisor. The supervisor -will relay SIGHUP signals to the worker subprocesses, and will -terminate the worker subprocess if the it is itself terminated or if -any other worker process exits. - -The **-x** *db_args* option specifies database-specific arguments. -See :ref:`Database Options ` in :ref:`kadmin(1)` for -supported arguments. - -The **-T** *offset* option specifies a time offset, in seconds, which -the KDC will operate under. It is intended only for testing purposes. - -EXAMPLE -------- - -The KDC may service requests for multiple realms (maximum 32 realms). -The realms are listed on the command line. Per-realm options that can -be specified on the command line pertain for each realm that follows -it and are superseded by subsequent definitions of the same option. - -For example:: - - krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3 - -specifies that the KDC listen on port 2001 for REALM1 and on port 2002 -for REALM2 and REALM3. Additionally, per-realm parameters may be -specified in the :ref:`kdc.conf(5)` file. The location of this file -may be specified by the **KRB5_KDC_PROFILE** environment variable. -Per-realm parameters specified in this file take precedence over -options specified on the command line. See the :ref:`kdc.conf(5)` -description for further details. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kdb5_util(8)`, :ref:`kdc.conf(5)`, :ref:`krb5.conf(5)`, -:ref:`kdb5_ldap_util(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/ktutil.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/ktutil.rst.txt deleted file mode 100644 index fd83f0ad..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/ktutil.rst.txt +++ /dev/null @@ -1,129 +0,0 @@ -.. _ktutil(1): - -ktutil -====== - -SYNOPSIS --------- - -**ktutil** - - -DESCRIPTION ------------ - -The ktutil command invokes a command interface from which an -administrator can read, write, or edit entries in a keytab. (Kerberos -V4 srvtab files are no longer supported.) - - -COMMANDS --------- - -list -~~~~ - - **list** [**-t**] [**-k**] [**-e**] - -Displays the current keylist. If **-t**, **-k**, and/or **-e** are -specified, also display the timestamp, key contents, or enctype -(respectively). - -Alias: **l** - -read_kt -~~~~~~~ - - **read_kt** *keytab* - -Read the Kerberos V5 keytab file *keytab* into the current keylist. - -Alias: **rkt** - -write_kt -~~~~~~~~ - - **write_kt** *keytab* - -Write the current keylist into the Kerberos V5 keytab file *keytab*. - -Alias: **wkt** - -clear_list -~~~~~~~~~~ - - **clear_list** - -Clear the current keylist. - -Alias: **clear** - -delete_entry -~~~~~~~~~~~~ - - **delete_entry** *slot* - -Delete the entry in slot number *slot* from the current keylist. - -Alias: **delent** - -add_entry -~~~~~~~~~ - - **add_entry** {**-key**\|\ **-password**} **-p** *principal* - **-k** *kvno* [**-e** *enctype*] [**-f**\|\ **-s** *salt*] - -Add *principal* to keylist using key or password. If the **-f** flag -is specified, salt information will be fetched from the KDC; in this -case the **-e** flag may be omitted, or it may be supplied to force a -particular enctype. If the **-f** flag is not specified, the **-e** -flag must be specified, and the default salt will be used unless -overridden with the **-s** option. - -Alias: **addent** - -list_requests -~~~~~~~~~~~~~ - - **list_requests** - -Displays a listing of available commands. - -Aliases: **lr**, **?** - -quit -~~~~ - - **quit** - -Quits ktutil. - -Aliases: **exit**, **q** - - -EXAMPLE -------- - - :: - - ktutil: add_entry -password -p alice@BLEEP.COM -k 1 -e - aes128-cts-hmac-sha1-96 - Password for alice@BLEEP.COM: - ktutil: add_entry -password -p alice@BLEEP.COM -k 1 -e - aes256-cts-hmac-sha1-96 - Password for alice@BLEEP.COM: - ktutil: write_kt alice.keytab - ktutil: - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`kdb5_util(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/sserver.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/admin_commands/sserver.rst.txt deleted file mode 100644 index a8dcf5d5..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/admin_commands/sserver.rst.txt +++ /dev/null @@ -1,112 +0,0 @@ -.. _sserver(8): - -sserver -======= - -SYNOPSIS --------- - -**sserver** -[ **-p** *port* ] -[ **-S** *keytab* ] -[ *server_port* ] - - -DESCRIPTION ------------ - -sserver and :ref:`sclient(1)` are a simple demonstration client/server -application. When sclient connects to sserver, it performs a Kerberos -authentication, and then sserver returns to sclient the Kerberos -principal which was used for the Kerberos authentication. It makes a -good test that Kerberos has been successfully installed on a machine. - -The service name used by sserver and sclient is sample. Hence, -sserver will require that there be a keytab entry for the service -``sample/hostname.domain.name@REALM.NAME``. This keytab is generated -using the :ref:`kadmin(1)` program. The keytab file is usually -installed as |keytab|. - -The **-S** option allows for a different keytab than the default. - -sserver is normally invoked out of inetd(8), using a line in -``/etc/inetd.conf`` that looks like this:: - - sample stream tcp nowait root /usr/local/sbin/sserver sserver - -Since ``sample`` is normally not a port defined in ``/etc/services``, -you will usually have to add a line to ``/etc/services`` which looks -like this:: - - sample 13135/tcp - -When using sclient, you will first have to have an entry in the -Kerberos database, by using :ref:`kadmin(1)`, and then you have to get -Kerberos tickets, by using :ref:`kinit(1)`. Also, if you are running -the sclient program on a different host than the sserver it will be -connecting to, be sure that both hosts have an entry in /etc/services -for the sample tcp port, and that the same port number is in both -files. - -When you run sclient you should see something like this:: - - sendauth succeeded, reply is: - reply len 32, contents: - You are nlgilman@JIMI.MIT.EDU - - -COMMON ERROR MESSAGES ---------------------- - -1) kinit returns the error:: - - kinit: Client not found in Kerberos database while getting - initial credentials - - This means that you didn't create an entry for your username in the - Kerberos database. - -2) sclient returns the error:: - - unknown service sample/tcp; check /etc/services - - This means that you don't have an entry in /etc/services for the - sample tcp port. - -3) sclient returns the error:: - - connect: Connection refused - - This probably means you didn't edit /etc/inetd.conf correctly, or - you didn't restart inetd after editing inetd.conf. - -4) sclient returns the error:: - - sclient: Server not found in Kerberos database while using - sendauth - - This means that the ``sample/hostname@LOCAL.REALM`` service was not - defined in the Kerberos database; it should be created using - :ref:`kadmin(1)`, and a keytab file needs to be generated to make - the key for that service principal available for sclient. - -5) sclient returns the error:: - - sendauth rejected, error reply is: - "No such file or directory" - - This probably means sserver couldn't find the keytab file. It was - probably not installed in the proper directory. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`sclient(1)`, :ref:`kerberos(7)`, services(5), inetd(8) diff --git a/krb5-1.21.3/doc/html/_sources/admin/advanced/index.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/advanced/index.rst.txt deleted file mode 100644 index 834f453c..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/advanced/index.rst.txt +++ /dev/null @@ -1,8 +0,0 @@ -Advanced topics -=============== - - -.. toctree:: - :maxdepth: 1 - - retiring-des.rst diff --git a/krb5-1.21.3/doc/html/_sources/admin/advanced/retiring-des.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/advanced/retiring-des.rst.txt deleted file mode 100644 index 38f76d3f..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/advanced/retiring-des.rst.txt +++ /dev/null @@ -1,422 +0,0 @@ -.. _retiring-des: - -Retiring DES -======================= - -Version 5 of the Kerberos protocol was originally implemented using -the Data Encryption Standard (DES) as a block cipher for encryption. -While it was considered secure at the time, advancements in computational -ability have rendered DES vulnerable to brute force attacks on its 56-bit -keyspace. As such, it is now considered insecure and should not be -used (:rfc:`6649`). - -History -------- - -DES was used in the original Kerberos implementation, and was the -only cryptosystem in krb5 1.0. Partial support for triple-DES (3DES) was -added in version 1.1, with full support following in version 1.2. -The Advanced Encryption Standard (AES), which supersedes DES, gained -partial support in version 1.3.0 of krb5 and full support in version 1.3.2. -However, deployments of krb5 using Kerberos databases created with older -versions of krb5 will not necessarily start using strong crypto for -ordinary operation without administrator intervention. - -MIT krb5 began flagging deprecated encryption types with release 1.17, -and removed DES (single-DES) support in release 1.18. As a -consequence, a release prior to 1.18 is required to perform these -migrations. - -Types of keys -------------- - -* The database master key: This key is not exposed to user requests, - but is used to encrypt other key material stored in the kerberos - database. The database master key is currently stored as ``K/M`` - by default. -* Password-derived keys: User principals frequently have keys - derived from a password. When a new password is set, the KDC - uses various string2key functions to generate keys in the database - for that principal. -* Keytab keys: Application server principals generally use random - keys which are not derived from a password. When the database - entry is created, the KDC generates random keys of various enctypes - to enter in the database, which are conveyed to the application server - and stored in a keytab. -* Session keys: These are short-term keys generated by the KDC while - processing client requests, with an enctype selected by the KDC. - -For details on the various enctypes and how enctypes are selected by the KDC -for session keys and client/server long-term keys, see :ref:`enctypes`. -When using the :ref:`kadmin(1)` interface to generate new long-term keys, -the **-e** argument can be used to force a particular set of enctypes, -overriding the KDC default values. - -.. note:: - - When the KDC is selecting a session key, it has no knowledge about the - kerberos installation on the server which will receive the service ticket, - only what keys are in the database for the service principal. - In order to allow uninterrupted operation to - clients while migrating away from DES, care must be taken to ensure that - kerberos installations on application server machines are configured to - support newer encryption types before keys of those new encryption types - are created in the Kerberos database for those server principals. - -Upgrade procedure ------------------ - -This procedure assumes that the KDC software has already been upgraded -to a modern version of krb5 that supports non-DES keys, so that the -only remaining task is to update the actual keys used to service requests. -The realm used for demonstrating this procedure, ZONE.MIT.EDU, -is an example of the worst-case scenario, where all keys in the realm -are DES. The realm was initially created with a very old version of krb5, -and **supported_enctypes** in :ref:`kdc.conf(5)` was set to a value -appropriate when the KDC was installed, but was not updated as the KDC -was upgraded: - -:: - - [realms] - ZONE.MIT.EDU = { - [...] - master_key_type = des-cbc-crc - supported_enctypes = des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3 - } - -This resulted in the keys for all principals in the realm being forced -to DES-only, unless specifically requested using :ref:`kadmin(1)`. - -Before starting the upgrade, all KDCs were running krb5 1.11, -and the database entries for some "high-value" principals were: - -:: - - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc krbtgt/ZONE.MIT.EDU' - [...] - Number of keys: 1 - Key: vno 1, des-cbc-crc:v4 - [...] - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc kadmin/admin' - [...] - Number of keys: 1 - Key: vno 15, des-cbc-crc - [...] - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc kadmin/changepw' - [...] - Number of keys: 1 - Key: vno 14, des-cbc-crc - [...] - -The ``krbtgt/REALM`` key appears to have never been changed since creation -(its kvno is 1), and all three database entries have only a des-cbc-crc key. - -The krbtgt key and KDC keys -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Perhaps the biggest single-step improvement in the security of the cell -is gained by strengthening the key of the ticket-granting service principal, -``krbtgt/REALM``---if this principal's key is compromised, so is the -entire realm. Since the server that will handle service tickets -for this principal is the KDC itself, it is easy to guarantee that it -will be configured to support any encryption types which might be -selected. However, the default KDC behavior when creating new keys is to -remove the old keys, which would invalidate all existing tickets issued -against that principal, rendering the TGTs cached by clients useless. -Instead, a new key can be created with the old key retained, so that -existing tickets will still function until their scheduled expiry -(see :ref:`changing_krbtgt_key`). - -:: - - [root@casio krb5kdc]# enctypes=aes256-cts-hmac-sha1-96:normal,\ - > aes128-cts-hmac-sha1-96:normal,des3-hmac-sha1:normal,des-cbc-crc:normal - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -e ${enctypes} -randkey \ - > -keepold krbtgt/ZONE.MIT.EDU" - Authenticating as principal root/admin@ZONE.MIT.EDU with password. - Key for "krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU" randomized. - -.. note:: - - The new ``krbtgt@REALM`` key should be propagated to replica KDCs - immediately so that TGTs issued by the primary KDC can be used to - issue service tickets on replica KDCs. Replica KDCs will refuse - requests using the new TGT kvno until the new krbtgt entry has - been propagated to them. - -It is necessary to explicitly specify the enctypes for the new database -entry, since **supported_enctypes** has not been changed. Leaving -**supported_enctypes** unchanged makes a potential rollback operation -easier, since all new keys of new enctypes are the result of explicit -administrator action and can be easily enumerated. -Upgrading the krbtgt key should have minimal user-visible disruption other -than that described in the note above, since only clients which list the -new enctypes as supported will use them, per the procedure -in :ref:`session_key_selection`. -Once the krbtgt key is updated, the session and ticket keys for user -TGTs will be strong keys, but subsequent requests -for service tickets will still get DES keys until the service principals -have new keys generated. Application service -remains uninterrupted due to the key-selection procedure on the KDC. - -After the change, the database entry is now: - -:: - - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc krbtgt/ZONE.MIT.EDU' - [...] - Number of keys: 5 - Key: vno 2, aes256-cts-hmac-sha1-96 - Key: vno 2, aes128-cts-hmac-sha1-96 - Key: vno 2, des3-cbc-sha1 - Key: vno 2, des-cbc-crc - Key: vno 1, des-cbc-crc:v4 - [...] - -Since the expected disruptions from rekeying the krbtgt principal are -minor, after a short testing period, it is -appropriate to rekey the other high-value principals, ``kadmin/admin@REALM`` -and ``kadmin/changepw@REALM``. These are the service principals used for -changing user passwords and updating application keytabs. The kadmin -and password-changing services are regular kerberized services, so the -session-key-selection algorithm described in :ref:`session_key_selection` -applies. It is particularly important to have strong session keys for -these services, since user passwords and new long-term keys are conveyed -over the encrypted channel. - -:: - - [root@casio krb5kdc]# enctypes=aes256-cts-hmac-sha1-96:normal,\ - > aes128-cts-hmac-sha1-96:normal,des3-hmac-sha1:normal - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -e ${enctypes} -randkey \ - > kadmin/admin" - Authenticating as principal root/admin@ZONE.MIT.EDU with password. - Key for "kadmin/admin@ZONE.MIT.EDU" randomized. - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -e ${enctypes} -randkey \ - > kadmin/changepw" - Authenticating as principal root/admin@ZONE.MIT.EDU with password. - Key for "kadmin/changepw@ZONE.MIT.EDU" randomized. - -It is not necessary to retain a single-DES key for these services, since -password changes are not part of normal daily workflow, and disruption -from a client failure is likely to be minimal. Furthermore, if a kerberos -client experiences failure changing a user password or keytab key, -this indicates that that client will become inoperative once services -are rekeyed to non-DES enctypes. Such problems can be detected early -at this stage, giving more time for corrective action. - -Adding strong keys to application servers -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Before switching the default enctypes for new keys over to strong enctypes, -it may be desired to test upgrading a handful of services with the -new configuration before flipping the switch for the defaults. This -still requires using the **-e** argument in :ref:`kadmin(1)` to get non-default -enctypes: - -:: - - [root@casio krb5kdc]# enctypes=aes256-cts-hmac-sha1-96:normal,\ - > aes128-cts-hmac-sha1-96:normal,des3-cbc-sha1:normal,des-cbc-crc:normal - [root@casio krb5kdc]# kadmin -r ZONE.MIT.EDU -p zephyr/zephyr@ZONE.MIT.EDU -k -t \ - > /etc/zephyr/krb5.keytab -q "ktadd -e ${enctypes} \ - > -k /etc/zephyr/krb5.keytab zephyr/zephyr@ZONE.MIT.EDU" - Authenticating as principal zephyr/zephyr@ZONE.MIT.EDU with keytab /etc/zephyr/krb5.keytab. - Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/zephyr/krb5.keytab. - Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/zephyr/krb5.keytab. - Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/zephyr/krb5.keytab. - Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type des-cbc-crc added to keytab WRFILE:/etc/zephyr/krb5.keytab. - -Be sure to remove the old keys from the application keytab, per best -practice. - -:: - - [root@casio krb5kdc]# k5srvutil -f /etc/zephyr/krb5.keytab delold - Authenticating as principal zephyr/zephyr@ZONE.MIT.EDU with keytab /etc/zephyr/krb5.keytab. - Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 3 removed from keytab WRFILE:/etc/zephyr/krb5.keytab. - -Adding strong keys by default -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Once the high-visibility services have been rekeyed, it is probably -appropriate to change :ref:`kdc.conf(5)` to generate keys with the new -encryption types by default. This enables server administrators to generate -new enctypes with the **change** subcommand of :ref:`k5srvutil(1)`, -and causes user password -changes to add new encryption types for their entries. It will probably -be necessary to implement administrative controls to cause all user -principal keys to be updated in a reasonable period of time, whether -by forcing password changes or a password synchronization service that -has access to the current password and can add the new keys. - -:: - - [realms] - ZONE.MIT.EDU = { - supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des3-hmac-sha1:normal des-cbc-crc:normal - -.. note:: - - The krb5kdc process must be restarted for these changes to take effect. - -At this point, all service administrators can update their services and the -servers behind them to take advantage of strong cryptography. -If necessary, the server's krb5 installation should be configured and/or -upgraded to a version supporting non-DES keys. See :ref:`enctypes` for -krb5 version and configuration settings. -Only when the service is configured to accept non-DES keys should -the key version number be incremented and new keys generated -(``k5srvutil change && k5srvutil delold``). - -:: - - root@dr-willy:~# k5srvutil change - Authenticating as principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with keytab /etc/krb5.keytab. - Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. - Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. - Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. - Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab. - root@dr-willy:~# klist -e -k -t /etc/krb5.keytab - Keytab name: WRFILE:/etc/krb5.keytab - KVNO Timestamp Principal - ---- ----------------- -------------------------------------------------------- - 2 10/10/12 17:03:59 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (DES cbc mode with CRC-32) - 3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (AES-256 CTS mode with 96-bit SHA-1 HMAC) - 3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (AES-128 CTS mode with 96-bit SHA-1 HMAC) - 3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (Triple DES cbc mode with HMAC/sha1) - 3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (DES cbc mode with CRC-32) - root@dr-willy:~# k5srvutil delold - Authenticating as principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with keytab /etc/krb5.keytab. - Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab. - -When a single service principal is shared by multiple backend servers in -a load-balanced environment, it may be necessary to schedule downtime -or adjust the population in the load-balanced pool in order to propagate -the updated keytab to all hosts in the pool with minimal service interruption. - -Removing DES keys from usage -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -This situation remains something of a testing or transitory state, -as new DES keys are still being generated, and will be used if requested -by a client. To make more progress removing DES from the realm, the KDC -should be configured to not generate such keys by default. - -.. note:: - - An attacker posing as a client can implement a brute force attack against - a DES key for any principal, if that key is in the current (highest-kvno) - key list. This attack is only possible if **allow_weak_crypto = true** - is enabled on the KDC. Setting the **+requires_preauth** flag on a - principal forces this attack to be an online attack, much slower than - the offline attack otherwise available to the attacker. However, setting - this flag on a service principal is not always advisable; see the entry in - :ref:`add_principal` for details. - -The following KDC configuration will not generate DES keys by default: - -:: - - [realms] - ZONE.MIT.EDU = { - supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des3-hmac-sha1:normal - -.. note:: - - As before, the KDC process must be restarted for this change to take - effect. It is best practice to update kdc.conf on all KDCs, not just the - primary, to avoid unpleasant surprises should the primary fail and a - replica need to be promoted. - -It is now appropriate to remove the legacy single-DES key from the -``krbtgt/REALM`` entry: - -:: - - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -randkey -keepold \ - > krbtgt/ZONE.MIT.EDU" - Authenticating as principal host/admin@ATHENA.MIT.EDU with password. - Key for "krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU" randomized. - -After the maximum ticket lifetime has passed, the old database entry -should be removed. - -:: - - [root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'purgekeys krbtgt/ZONE.MIT.EDU' - Authenticating as principal root/admin@ZONE.MIT.EDU with password. - Old keys for principal "krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU" purged. - -After the KDC is restarted with the new **supported_enctypes**, -all user password changes and application keytab updates will not -generate DES keys by default. - -:: - - contents-vnder-pressvre:~> kpasswd zonetest@ZONE.MIT.EDU - Password for zonetest@ZONE.MIT.EDU: [enter old password] - Enter new password: [enter new password] - Enter it again: [enter new password] - Password changed. - contents-vnder-pressvre:~> kadmin -r ZONE.MIT.EDU -q 'getprinc zonetest' - [...] - Number of keys: 3 - Key: vno 9, aes256-cts-hmac-sha1-96 - Key: vno 9, aes128-cts-hmac-sha1-96 - Key: vno 9, des3-cbc-sha1 - [...] - - [kaduk@glossolalia ~]$ kadmin -p kaduk@ZONE.MIT.EDU -r ZONE.MIT.EDU -k \ - > -t kaduk-zone.keytab -q 'ktadd -k kaduk-zone.keytab kaduk@ZONE.MIT.EDU' - Authenticating as principal kaduk@ZONE.MIT.EDU with keytab kaduk-zone.keytab. - Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:kaduk-zone.keytab. - Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:kaduk-zone.keytab. - Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type des3-cbc-sha1 added to keytab WRFILE:kaduk-zone.keytab. - -Once all principals have been re-keyed, DES support can be disabled on the -KDC (**allow_weak_crypto = false**), and client machines can remove -**allow_weak_crypto = true** from their :ref:`krb5.conf(5)` configuration -files, completing the migration. **allow_weak_crypto** takes precedence over -all places where DES enctypes could be explicitly configured. DES keys will -not be used, even if they are present, when **allow_weak_crypto = false**. - -Support for legacy services -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -If there remain legacy services which do not support non-DES enctypes -(such as older versions of AFS), **allow_weak_crypto** must remain -enabled on the KDC. Client machines need not have this setting, -though---applications which require DES can use API calls to allow -weak crypto on a per-request basis, overriding the system krb5.conf. -However, having **allow_weak_crypto** set on the KDC means that any -principals which have a DES key in the database could still use those -keys. To minimize the use of DES in the realm and restrict it to just -legacy services which require DES, it is necessary to remove all other -DES keys. The realm has been configured such that at password and -keytab change, no DES keys will be generated by default. The task -then reduces to requiring user password changes and having server -administrators update their service keytabs. Administrative outreach -will be necessary, and if the desire to eliminate DES is sufficiently -strong, the KDC administrators may choose to randkey any principals -which have not been rekeyed after some timeout period, forcing the -user to contact the helpdesk for access. - -The Database Master Key ------------------------ - -This procedure does not alter ``K/M@REALM``, the key used to encrypt key -material in the Kerberos database. (This is the key stored in the stash file -on the KDC if stash files are used.) However, the security risk of -a single-DES key for ``K/M`` is minimal, given that access to material -encrypted in ``K/M`` (the Kerberos database) is generally tightly controlled. -If an attacker can gain access to the encrypted database, they likely -have access to the stash file as well, rendering the weak cryptography -broken by non-cryptographic means. As such, upgrading ``K/M`` to a stronger -encryption type is unlikely to be a high-priority task. - -Is is possible to upgrade the master key used for the database, if -desired. Using :ref:`kdb5_util(8)`'s **add_mkey**, **use_mkey**, and -**update_princ_encryption** commands, a new master key can be added -and activated for use on new key material, and the existing entries -converted to the new master key. diff --git a/krb5-1.21.3/doc/html/_sources/admin/appl_servers.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/appl_servers.rst.txt deleted file mode 100644 index e9d16e87..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/appl_servers.rst.txt +++ /dev/null @@ -1,171 +0,0 @@ -Application servers -=================== - -If you need to install the Kerberos V5 programs on an application -server, please refer to the Kerberos V5 Installation Guide. Once you -have installed the software, you need to add that host to the Kerberos -database (see :ref:`principals`), and generate a keytab for that host, -that contains the host's key. You also need to make sure the host's -clock is within your maximum clock skew of the KDCs. - - -Keytabs -------- - -A keytab is a host's copy of its own keylist, which is analogous to a -user's password. An application server that needs to authenticate -itself to the KDC has to have a keytab that contains its own principal -and key. Just as it is important for users to protect their -passwords, it is equally important for hosts to protect their keytabs. -You should always store keytab files on local disk, and make them -readable only by root, and you should never send a keytab file over a -network in the clear. Ideally, you should run the :ref:`kadmin(1)` -command to extract a keytab on the host on which the keytab is to -reside. - - -.. _add_princ_kt: - -Adding principals to keytabs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To generate a keytab, or to add a principal to an existing keytab, use -the **ktadd** command from kadmin. Here is a sample session, using -configuration files that enable only AES encryption:: - - kadmin: ktadd host/daffodil.mit.edu@ATHENA.MIT.EDU - Entry for principal host/daffodil.mit.edu with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab - Entry for principal host/daffodil.mit.edu with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab - - -Removing principals from keytabs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To remove a principal from an existing keytab, use the kadmin -**ktremove** command:: - - kadmin: ktremove host/daffodil.mit.edu@ATHENA.MIT.EDU - Entry for principal host/daffodil.mit.edu with kvno 2 removed from keytab FILE:/etc/krb5.keytab. - Entry for principal host/daffodil.mit.edu with kvno 2 removed from keytab FILE:/etc/krb5.keytab. - - -Using a keytab to acquire client credentials -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -While keytabs are ordinarily used to accept credentials from clients, -they can also be used to acquire initial credentials, allowing one -service to authenticate to another. - -To manually obtain credentials using a keytab, use the :ref:`kinit(1)` -**-k** option, together with the **-t** option if the keytab is not in -the default location. - -Beginning with release 1.11, GSSAPI applications can be configured to -automatically obtain initial credentials from a keytab as needed. The -recommended configuration is as follows: - -#. Create a keytab containing a single entry for the desired client - identity. - -#. Place the keytab in a location readable by the service, and set the - **KRB5_CLIENT_KTNAME** environment variable to its filename. - Alternatively, use the **default_client_keytab_name** profile - variable in :ref:`libdefaults`, or use the default location of - |ckeytab|. - -#. Set **KRB5CCNAME** to a filename writable by the service, which - will not be used for any other purpose. Do not manually obtain - credentials at this location. (Another credential cache type - besides **FILE** can be used if desired, as long the cache will not - conflict with another use. A **MEMORY** cache can be used if the - service runs as a long-lived process. See :ref:`ccache_definition` - for details.) - -#. Start the service. When it authenticates using GSSAPI, it will - automatically obtain credentials from the client keytab into the - specified credential cache, and refresh them before they expire. - - -Clock Skew ----------- - -A Kerberos application server host must keep its clock synchronized or -it will reject authentication requests from clients. Modern operating -systems typically provide a facility to maintain the correct time; -make sure it is enabled. This is especially important on virtual -machines, where clocks tend to drift more rapidly than normal machine -clocks. - -The default allowable clock skew is controlled by the **clockskew** -variable in :ref:`libdefaults`. - - -Getting DNS information correct -------------------------------- - -Several aspects of Kerberos rely on name service. When a hostname is -used to name a service, clients may canonicalize the hostname using -forward and possibly reverse name resolution. The result of this -canonicalization must match the principal entry in the host's keytab, -or authentication will fail. To work with all client canonicalization -configurations, each host's canonical name must be the fully-qualified -host name (including the domain), and each host's IP address must -reverse-resolve to the canonical name. - -Configuration of hostnames varies by operating system. On the -application server itself, canonicalization will typically use the -``/etc/hosts`` file rather than the DNS. Ensure that the line for the -server's hostname is in the following form:: - - IP address fully-qualified hostname aliases - -Here is a sample ``/etc/hosts`` file:: - - # this is a comment - 127.0.0.1 localhost localhost.mit.edu - 10.0.0.6 daffodil.mit.edu daffodil trillium wake-robin - -The output of ``klist -k`` for this example host should look like:: - - viola# klist -k - Keytab name: /etc/krb5.keytab - KVNO Principal - ---- ------------------------------------------------------------ - 2 host/daffodil.mit.edu@ATHENA.MIT.EDU - -If you were to ssh to this host with a fresh credentials cache (ticket -file), and then :ref:`klist(1)`, the output should list a service -principal of ``host/daffodil.mit.edu@ATHENA.MIT.EDU``. - - -.. _conf_firewall: - -Configuring your firewall to work with Kerberos V5 --------------------------------------------------- - -If you need off-site users to be able to get Kerberos tickets in your -realm, they must be able to get to your KDC. This requires either -that you have a replica KDC outside your firewall, or that you -configure your firewall to allow UDP requests into at least one of -your KDCs, on whichever port the KDC is running. (The default is port -88; other ports may be specified in the KDC's :ref:`kdc.conf(5)` -file.) Similarly, if you need off-site users to be able to change -their passwords in your realm, they must be able to get to your -Kerberos admin server on the kpasswd port (which defaults to 464). If -you need off-site users to be able to administer your Kerberos realm, -they must be able to get to your Kerberos admin server on the -administrative port (which defaults to 749). - -If your on-site users inside your firewall will need to get to KDCs in -other realms, you will also need to configure your firewall to allow -outgoing TCP and UDP requests to port 88, and to port 464 to allow -password changes. If your on-site users inside your firewall will -need to get to Kerberos admin servers in other realms, you will also -need to allow outgoing TCP and UDP requests to port 749. - -If any of your KDCs are outside your firewall, you will need to allow -kprop requests to get through to the remote KDC. :ref:`kprop(8)` uses -the ``krb5_prop`` service on port 754 (tcp). - -The book *UNIX System Security*, by David Curry, is a good starting -point for learning to configure firewalls. diff --git a/krb5-1.21.3/doc/html/_sources/admin/auth_indicator.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/auth_indicator.rst.txt deleted file mode 100644 index b13905e9..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/auth_indicator.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -.. _auth_indicator: - -Authentication indicators -========================= - -As of release 1.14, the KDC can be configured to annotate tickets if -the client authenticated using a stronger preauthentication mechanism -such as :ref:`PKINIT ` or :ref:`OTP `. These -annotations are called "authentication indicators." Service -principals can be configured to require particular authentication -indicators in order to authenticate to that service. An -authentication indicator value can be any string chosen by the KDC -administrator; there are no pre-set values. - -To use authentication indicators with PKINIT or OTP, first configure -the KDC to include an indicator when that preauthentication mechanism -is used. For PKINIT, use the **pkinit_indicator** variable in -:ref:`kdc.conf(5)`. For OTP, use the **indicator** variable in the -token type definition, or specify the indicators in the **otp** user -string as described in :ref:`otp_preauth`. - -To require an indicator to be present in order to authenticate to a -service principal, set the **require_auth** string attribute on the -principal to the indicator value to be required. If you wish to allow -one of several indicators to be accepted, you can specify multiple -indicator values separated by spaces. - -For example, a realm could be configured to set the authentication -indicator value "strong" when PKINIT is used to authenticate, using a -setting in the :ref:`kdc_realms` subsection:: - - pkinit_indicator = strong - -A service principal could be configured to require the "strong" -authentication indicator value:: - - $ kadmin setstr host/high.value.server require_auth strong - Password for user/admin@KRBTEST.COM: - -A user who authenticates with PKINIT would be able to obtain a ticket -for the service principal:: - - $ kinit -X X509_user_identity=FILE:/my/cert.pem,/my/key.pem user - $ kvno host/high.value.server - host/high.value.server@KRBTEST.COM: kvno = 1 - -but a user who authenticates with a password would not:: - - $ kinit user - Password for user@KRBTEST.COM: - $ kvno host/high.value.server - kvno: KDC policy rejects request while getting credentials for - host/high.value.server@KRBTEST.COM - -GSSAPI server applications can inspect authentication indicators -through the :ref:`auth-indicators ` name -attribute. diff --git a/krb5-1.21.3/doc/html/_sources/admin/backup_host.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/backup_host.rst.txt deleted file mode 100644 index 8914551c..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/backup_host.rst.txt +++ /dev/null @@ -1,34 +0,0 @@ -Backups of secure hosts -======================= - -When you back up a secure host, you should exclude the host's keytab -file from the backup. If someone obtained a copy of the keytab from a -backup, that person could make any host masquerade as the host whose -keytab was compromised. In many configurations, knowledge of the -host's keytab also allows root access to the host. This could be -particularly dangerous if the compromised keytab was from one of your -KDCs. If the machine has a disk crash and the keytab file is lost, it -is easy to generate another keytab file. (See :ref:`add_princ_kt`.) -If you are unable to exclude particular files from backups, you should -ensure that the backups are kept as secure as the host's root -password. - - -Backing up the Kerberos database --------------------------------- - -As with any file, it is possible that your Kerberos database could -become corrupted. If this happens on one of the replica KDCs, you -might never notice, since the next automatic propagation of the -database would install a fresh copy. However, if it happens to the -primary KDC, the corrupted database would be propagated to all of the -replicas during the next propagation. For this reason, MIT recommends -that you back up your Kerberos database regularly. Because the primary -KDC is continuously dumping the database to a file in order to -propagate it to the replica KDCs, it is a simple matter to have a cron -job periodically copy the dump file to a secure machine elsewhere on -your network. (Of course, it is important to make the host where -these backups are stored as secure as your KDCs, and to encrypt its -transmission across your network.) Then if your database becomes -corrupted, you can load the most recent dump onto the primary KDC. -(See :ref:`restore_from_dump`.) diff --git a/krb5-1.21.3/doc/html/_sources/admin/conf_files/index.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/conf_files/index.rst.txt deleted file mode 100644 index a04836ac..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/conf_files/index.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -Configuration Files -=================== - -Kerberos uses configuration files to allow administrators to specify -settings on a per-machine basis. :ref:`krb5.conf(5)` applies to all -applications using the Kerboros library, on clients and servers. -For KDC-specific applications, additional settings can be specified in -:ref:`kdc.conf(5)`; the two files are merged into a configuration profile -used by applications accessing the KDC database directly. :ref:`kadm5.acl(5)` -is also only used on the KDC, it controls permissions for modifying the -KDC database. - -Contents --------- -.. toctree:: - :maxdepth: 1 - - krb5_conf - kdc_conf - kadm5_acl diff --git a/krb5-1.21.3/doc/html/_sources/admin/conf_files/kadm5_acl.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/conf_files/kadm5_acl.rst.txt deleted file mode 100644 index 290bf0e0..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/conf_files/kadm5_acl.rst.txt +++ /dev/null @@ -1,163 +0,0 @@ -.. _kadm5.acl(5): - -kadm5.acl -========= - -DESCRIPTION ------------ - -The Kerberos :ref:`kadmind(8)` daemon uses an Access Control List -(ACL) file to manage access rights to the Kerberos database. -For operations that affect principals, the ACL file also controls -which principals can operate on which other principals. - -The default location of the Kerberos ACL file is -|kdcdir|\ ``/kadm5.acl`` unless this is overridden by the *acl_file* -variable in :ref:`kdc.conf(5)`. - -SYNTAX ------- - -Empty lines and lines starting with the sharp sign (``#``) are -ignored. Lines containing ACL entries have the format:: - - principal permissions [target_principal [restrictions] ] - -.. note:: - - Line order in the ACL file is important. The first matching entry - will control access for an actor principal on a target principal. - -*principal* - (Partially or fully qualified Kerberos principal name.) Specifies - the principal whose permissions are to be set. - - Each component of the name may be wildcarded using the ``*`` - character. - -*permissions* - Specifies what operations may or may not be performed by a - *principal* matching a particular entry. This is a string of one or - more of the following list of characters or their upper-case - counterparts. If the character is *upper-case*, then the operation - is disallowed. If the character is *lower-case*, then the operation - is permitted. - - == ====================================================== - a [Dis]allows the addition of principals or policies - c [Dis]allows the changing of passwords for principals - d [Dis]allows the deletion of principals or policies - e [Dis]allows the extraction of principal keys - i [Dis]allows inquiries about principals or policies - l [Dis]allows the listing of all principals or policies - m [Dis]allows the modification of principals or policies - p [Dis]allows the propagation of the principal database (used in :ref:`incr_db_prop`) - s [Dis]allows the explicit setting of the key for a principal - x Short for admcilsp. All privileges (except ``e``) - \* Same as x. - == ====================================================== - -.. note:: - - The ``extract`` privilege is not included in the wildcard - privilege; it must be explicitly assigned. This privilege - allows the user to extract keys from the database, and must be - handled with great care to avoid disclosure of important keys - like those of the kadmin/* or krbtgt/* principals. The - **lockdown_keys** principal attribute can be used to prevent - key extraction from specific principals regardless of the - granted privilege. - -*target_principal* - (Optional. Partially or fully qualified Kerberos principal name.) - Specifies the principal on which *permissions* may be applied. - Each component of the name may be wildcarded using the ``*`` - character. - - *target_principal* can also include back-references to *principal*, - in which ``*number`` matches the corresponding wildcard in - *principal*. - -*restrictions* - (Optional) A string of flags. Allowed restrictions are: - - {+\|-}\ *flagname* - flag is forced to the indicated value. The permissible flags - are the same as those for the **default_principal_flags** - variable in :ref:`kdc.conf(5)`. - - *-clearpolicy* - policy is forced to be empty. - - *-policy pol* - policy is forced to be *pol*. - - -{*expire, pwexpire, maxlife, maxrenewlife*} *time* - (:ref:`getdate` string) associated value will be forced to - MIN(*time*, requested value). - - The above flags act as restrictions on any add or modify operation - which is allowed due to that ACL line. - -.. warning:: - - If the kadmind ACL file is modified, the kadmind daemon needs to be - restarted for changes to take effect. - -EXAMPLE -------- - -Here is an example of a kadm5.acl file:: - - */admin@ATHENA.MIT.EDU * # line 1 - joeadmin@ATHENA.MIT.EDU ADMCIL # line 2 - joeadmin/*@ATHENA.MIT.EDU i */root@ATHENA.MIT.EDU # line 3 - */root@ATHENA.MIT.EDU ci *1@ATHENA.MIT.EDU # line 4 - */root@ATHENA.MIT.EDU l * # line 5 - sms@ATHENA.MIT.EDU x * -maxlife 9h -postdateable # line 6 - -(line 1) Any principal in the ``ATHENA.MIT.EDU`` realm with an -``admin`` instance has all administrative privileges except extracting -keys. - -(lines 1-3) The user ``joeadmin`` has all permissions except -extracting keys with his ``admin`` instance, -``joeadmin/admin@ATHENA.MIT.EDU`` (matches line 1). He has no -permissions at all with his null instance, ``joeadmin@ATHENA.MIT.EDU`` -(matches line 2). His ``root`` and other non-``admin``, non-null -instances (e.g., ``extra`` or ``dbadmin``) have inquire permissions -with any principal that has the instance ``root`` (matches line 3). - -(line 4) Any ``root`` principal in ``ATHENA.MIT.EDU`` can inquire -or change the password of their null instance, but not any other -null instance. (Here, ``*1`` denotes a back-reference to the -component matching the first wildcard in the actor principal.) - -(line 5) Any ``root`` principal in ``ATHENA.MIT.EDU`` can generate -the list of principals in the database, and the list of policies -in the database. This line is separate from line 4, because list -permission can only be granted globally, not to specific target -principals. - -(line 6) Finally, the Service Management System principal -``sms@ATHENA.MIT.EDU`` has all permissions except extracting keys, but -any principal that it creates or modifies will not be able to get -postdateable tickets or tickets with a life of longer than 9 hours. - -MODULE BEHAVIOR ---------------- - -The ACL file can coexist with other authorization modules in release -1.16 and later, as configured in the :ref:`kadm5_auth` section of -:ref:`krb5.conf(5)`. The ACL file will positively authorize -operations according to the rules above, but will never -authoritatively deny an operation, so other modules can authorize -operations in addition to those authorized by the ACL file. - -To operate without an ACL file, set the *acl_file* variable in -:ref:`kdc.conf(5)` to the empty string with ``acl_file = ""``. - -SEE ALSO --------- - -:ref:`kdc.conf(5)`, :ref:`kadmind(8)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/conf_files/kdc_conf.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/conf_files/kdc_conf.rst.txt deleted file mode 100644 index 74a0a2ac..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/conf_files/kdc_conf.rst.txt +++ /dev/null @@ -1,976 +0,0 @@ -.. _kdc.conf(5): - -kdc.conf -======== - -The kdc.conf file supplements :ref:`krb5.conf(5)` for programs which -are typically only used on a KDC, such as the :ref:`krb5kdc(8)` and -:ref:`kadmind(8)` daemons and the :ref:`kdb5_util(8)` program. -Relations documented here may also be specified in krb5.conf; for the -KDC programs mentioned, krb5.conf and kdc.conf will be merged into a -single configuration profile. - -Normally, the kdc.conf file is found in the KDC state directory, -|kdcdir|. You can override the default location by setting the -environment variable **KRB5_KDC_PROFILE**. - -Please note that you need to restart the KDC daemon for any configuration -changes to take effect. - -Structure ---------- - -The kdc.conf file is set up in the same format as the -:ref:`krb5.conf(5)` file. - - -Sections --------- - -The kdc.conf file may contain the following sections: - -==================== ================================================= -:ref:`kdcdefaults` Default values for KDC behavior -:ref:`kdc_realms` Realm-specific database configuration and settings -:ref:`dbdefaults` Default database settings -:ref:`dbmodules` Per-database settings -:ref:`logging` Controls how Kerberos daemons perform logging -==================== ================================================= - - -.. _kdcdefaults: - -[kdcdefaults] -~~~~~~~~~~~~~ - -Some relations in the [kdcdefaults] section specify default values for -realm variables, to be used if the [realms] subsection does not -contain a relation for the tag. See the :ref:`kdc_realms` section for -the definitions of these relations. - -* **host_based_services** -* **kdc_listen** -* **kdc_ports** -* **kdc_tcp_listen** -* **kdc_tcp_ports** -* **no_host_referral** -* **restrict_anonymous_to_tgt** - -The following [kdcdefaults] variables have no per-realm equivalent: - -**kdc_max_dgram_reply_size** - Specifies the maximum packet size that can be sent over UDP. The - default value is 4096 bytes. - -**kdc_tcp_listen_backlog** - (Integer.) Set the size of the listen queue length for the KDC - daemon. The value may be limited by OS settings. The default - value is 5. - -**spake_preauth_kdc_challenge** - (String.) Specifies the group for a SPAKE optimistic challenge. - See the **spake_preauth_groups** variable in :ref:`libdefaults` - for possible values. The default is not to issue an optimistic - challenge. (New in release 1.17.) - - -.. _kdc_realms: - -[realms] -~~~~~~~~ - -Each tag in the [realms] section is the name of a Kerberos realm. The -value of the tag is a subsection where the relations define KDC -parameters for that particular realm. The following example shows how -to define one parameter for the ATHENA.MIT.EDU realm:: - - [realms] - ATHENA.MIT.EDU = { - max_renewable_life = 7d 0h 0m 0s - } - -The following tags may be specified in a [realms] subsection: - -**acl_file** - (String.) Location of the access control list file that - :ref:`kadmind(8)` uses to determine which principals are allowed - which permissions on the Kerberos database. To operate without an - ACL file, set this relation to the empty string with ``acl_file = - ""``. The default value is |kdcdir|\ ``/kadm5.acl``. For more - information on Kerberos ACL file see :ref:`kadm5.acl(5)`. - -**database_module** - (String.) This relation indicates the name of the configuration - section under :ref:`dbmodules` for database-specific parameters - used by the loadable database library. The default value is the - realm name. If this configuration section does not exist, default - values will be used for all database parameters. - -**database_name** - (String, deprecated.) This relation specifies the location of the - Kerberos database for this realm, if the DB2 module is being used - and the :ref:`dbmodules` configuration section does not specify a - database name. The default value is |kdcdir|\ ``/principal``. - -**default_principal_expiration** - (:ref:`abstime` string.) Specifies the default expiration date of - principals created in this realm. The default value is 0, which - means no expiration date. - -**default_principal_flags** - (Flag string.) Specifies the default attributes of principals - created in this realm. The format for this string is a - comma-separated list of flags, with '+' before each flag that - should be enabled and '-' before each flag that should be - disabled. The **postdateable**, **forwardable**, **tgt-based**, - **renewable**, **proxiable**, **dup-skey**, **allow-tickets**, and - **service** flags default to enabled. - - There are a number of possible flags: - - **allow-tickets** - Enabling this flag means that the KDC will issue tickets for - this principal. Disabling this flag essentially deactivates - the principal within this realm. - - **dup-skey** - Enabling this flag allows the KDC to issue user-to-user - service tickets for this principal. - - **forwardable** - Enabling this flag allows the principal to obtain forwardable - tickets. - - **hwauth** - If this flag is enabled, then the principal is required to - preauthenticate using a hardware device before receiving any - tickets. - - **no-auth-data-required** - Enabling this flag prevents PAC or AD-SIGNEDPATH data from - being added to service tickets for the principal. - - **ok-as-delegate** - If this flag is enabled, it hints the client that credentials - can and should be delegated when authenticating to the - service. - - **ok-to-auth-as-delegate** - Enabling this flag allows the principal to use S4USelf tickets. - - **postdateable** - Enabling this flag allows the principal to obtain postdateable - tickets. - - **preauth** - If this flag is enabled on a client principal, then that - principal is required to preauthenticate to the KDC before - receiving any tickets. On a service principal, enabling this - flag means that service tickets for this principal will only - be issued to clients with a TGT that has the preauthenticated - bit set. - - **proxiable** - Enabling this flag allows the principal to obtain proxy - tickets. - - **pwchange** - Enabling this flag forces a password change for this - principal. - - **pwservice** - If this flag is enabled, it marks this principal as a password - change service. This should only be used in special cases, - for example, if a user's password has expired, then the user - has to get tickets for that principal without going through - the normal password authentication in order to be able to - change the password. - - **renewable** - Enabling this flag allows the principal to obtain renewable - tickets. - - **service** - Enabling this flag allows the the KDC to issue service tickets - for this principal. In release 1.17 and later, user-to-user - service tickets are still allowed if the **dup-skey** flag is - set. - - **tgt-based** - Enabling this flag allows a principal to obtain tickets based - on a ticket-granting-ticket, rather than repeating the - authentication process that was used to obtain the TGT. - -**dict_file** - (String.) Location of the dictionary file containing strings that - are not allowed as passwords. The file should contain one string - per line, with no additional whitespace. If none is specified or - if there is no policy assigned to the principal, no dictionary - checks of passwords will be performed. - -**disable_pac** - (Boolean value.) If true, the KDC will not issue PACs for this - realm, and S4U2Self and S4U2Proxy operations will be disabled. - The default is false, which will permit the KDC to issue PACs. - New in release 1.20. - -**encrypted_challenge_indicator** - (String.) Specifies the authentication indicator value that the KDC - asserts into tickets obtained using FAST encrypted challenge - pre-authentication. New in 1.16. - -**host_based_services** - (Whitespace- or comma-separated list.) Lists services which will - get host-based referral processing even if the server principal is - not marked as host-based by the client. - -**iprop_enable** - (Boolean value.) Specifies whether incremental database - propagation is enabled. The default value is false. - -**iprop_ulogsize** - (Integer.) Specifies the maximum number of log entries to be - retained for incremental propagation. The default value is 1000. - Prior to release 1.11, the maximum value was 2500. New in release - 1.19. - -**iprop_master_ulogsize** - The name for **iprop_ulogsize** prior to release 1.19. Its value is - used as a fallback if **iprop_ulogsize** is not specified. - -**iprop_replica_poll** - (Delta time string.) Specifies how often the replica KDC polls - for new updates from the primary. The default value is ``2m`` - (that is, two minutes). New in release 1.17. - -**iprop_slave_poll** - (Delta time string.) The name for **iprop_replica_poll** prior to - release 1.17. Its value is used as a fallback if - **iprop_replica_poll** is not specified. - -**iprop_listen** - (Whitespace- or comma-separated list.) Specifies the iprop RPC - listening addresses and/or ports for the :ref:`kadmind(8)` daemon. - Each entry may be an interface address, a port number, or an - address and port number separated by a colon. If the address - contains colons, enclose it in square brackets. If no address is - specified, the wildcard address is used. If kadmind fails to bind - to any of the specified addresses, it will fail to start. The - default (when **iprop_enable** is true) is to bind to the wildcard - address at the port specified in **iprop_port**. New in release - 1.15. - -**iprop_port** - (Port number.) Specifies the port number to be used for - incremental propagation. When **iprop_enable** is true, this - relation is required in the replica KDC configuration file, and - this relation or **iprop_listen** is required in the primary - configuration file, as there is no default port number. Port - numbers specified in **iprop_listen** entries will override this - port number for the :ref:`kadmind(8)` daemon. - -**iprop_resync_timeout** - (Delta time string.) Specifies the amount of time to wait for a - full propagation to complete. This is optional in configuration - files, and is used by replica KDCs only. The default value is 5 - minutes (``5m``). New in release 1.11. - -**iprop_logfile** - (File name.) Specifies where the update log file for the realm - database is to be stored. The default is to use the - **database_name** entry from the realms section of the krb5 config - file, with ``.ulog`` appended. (NOTE: If **database_name** isn't - specified in the realms section, perhaps because the LDAP database - back end is being used, or the file name is specified in the - [dbmodules] section, then the hard-coded default for - **database_name** is used. Determination of the **iprop_logfile** - default value will not use values from the [dbmodules] section.) - -**kadmind_listen** - (Whitespace- or comma-separated list.) Specifies the kadmin RPC - listening addresses and/or ports for the :ref:`kadmind(8)` daemon. - Each entry may be an interface address, a port number, or an - address and port number separated by a colon. If the address - contains colons, enclose it in square brackets. If no address is - specified, the wildcard address is used. If kadmind fails to bind - to any of the specified addresses, it will fail to start. The - default is to bind to the wildcard address at the port specified - in **kadmind_port**, or the standard kadmin port (749). New in - release 1.15. - -**kadmind_port** - (Port number.) Specifies the port on which the :ref:`kadmind(8)` - daemon is to listen for this realm. Port numbers specified in - **kadmind_listen** entries will override this port number. The - assigned port for kadmind is 749, which is used by default. - -**key_stash_file** - (String.) Specifies the location where the master key has been - stored (via kdb5_util stash). The default is |kdcdir|\ - ``/.k5.REALM``, where *REALM* is the Kerberos realm. - -**kdc_listen** - (Whitespace- or comma-separated list.) Specifies the UDP - listening addresses and/or ports for the :ref:`krb5kdc(8)` daemon. - Each entry may be an interface address, a port number, or an - address and port number separated by a colon. If the address - contains colons, enclose it in square brackets. If no address is - specified, the wildcard address is used. If no port is specified, - the standard port (88) is used. If the KDC daemon fails to bind - to any of the specified addresses, it will fail to start. The - default is to bind to the wildcard address on the standard port. - New in release 1.15. - -**kdc_ports** - (Whitespace- or comma-separated list, deprecated.) Prior to - release 1.15, this relation lists the ports for the - :ref:`krb5kdc(8)` daemon to listen on for UDP requests. In - release 1.15 and later, it has the same meaning as **kdc_listen** - if that relation is not defined. - -**kdc_tcp_listen** - (Whitespace- or comma-separated list.) Specifies the TCP - listening addresses and/or ports for the :ref:`krb5kdc(8)` daemon. - Each entry may be an interface address, a port number, or an - address and port number separated by a colon. If the address - contains colons, enclose it in square brackets. If no address is - specified, the wildcard address is used. If no port is specified, - the standard port (88) is used. To disable listening on TCP, set - this relation to the empty string with ``kdc_tcp_listen = ""``. - If the KDC daemon fails to bind to any of the specified addresses, - it will fail to start. The default is to bind to the wildcard - address on the standard port. New in release 1.15. - -**kdc_tcp_ports** - (Whitespace- or comma-separated list, deprecated.) Prior to - release 1.15, this relation lists the ports for the - :ref:`krb5kdc(8)` daemon to listen on for UDP requests. In - release 1.15 and later, it has the same meaning as - **kdc_tcp_listen** if that relation is not defined. - -**kpasswd_listen** - (Comma-separated list.) Specifies the kpasswd listening addresses - and/or ports for the :ref:`kadmind(8)` daemon. Each entry may be - an interface address, a port number, or an address and port number - separated by a colon. If the address contains colons, enclose it - in square brackets. If no address is specified, the wildcard - address is used. If kadmind fails to bind to any of the specified - addresses, it will fail to start. The default is to bind to the - wildcard address at the port specified in **kpasswd_port**, or the - standard kpasswd port (464). New in release 1.15. - -**kpasswd_port** - (Port number.) Specifies the port on which the :ref:`kadmind(8)` - daemon is to listen for password change requests for this realm. - Port numbers specified in **kpasswd_listen** entries will override - this port number. The assigned port for password change requests - is 464, which is used by default. - -**master_key_name** - (String.) Specifies the name of the principal associated with the - master key. The default is ``K/M``. - -**master_key_type** - (Key type string.) Specifies the master key's key type. The - default value for this is |defmkey|. For a list of all possible - values, see :ref:`Encryption_types`. - -**max_life** - (:ref:`duration` string.) Specifies the maximum time period for - which a ticket may be valid in this realm. The default value is - 24 hours. - -**max_renewable_life** - (:ref:`duration` string.) Specifies the maximum time period - during which a valid ticket may be renewed in this realm. - The default value is 0. - -**no_host_referral** - (Whitespace- or comma-separated list.) Lists services to block - from getting host-based referral processing, even if the client - marks the server principal as host-based or the service is also - listed in **host_based_services**. ``no_host_referral = *`` will - disable referral processing altogether. - -**reject_bad_transit** - (Boolean value.) If set to true, the KDC will check the list of - transited realms for cross-realm tickets against the transit path - computed from the realm names and the capaths section of its - :ref:`krb5.conf(5)` file; if the path in the ticket to be issued - contains any realms not in the computed path, the ticket will not - be issued, and an error will be returned to the client instead. - If this value is set to false, such tickets will be issued - anyways, and it will be left up to the application server to - validate the realm transit path. - - If the disable-transited-check flag is set in the incoming - request, this check is not performed at all. Having the - **reject_bad_transit** option will cause such ticket requests to - be rejected always. - - This transit path checking and config file option currently apply - only to TGS requests. - - The default value is true. - -**restrict_anonymous_to_tgt** - (Boolean value.) If set to true, the KDC will reject ticket - requests from anonymous principals to service principals other - than the realm's ticket-granting service. This option allows - anonymous PKINIT to be enabled for use as FAST armor tickets - without allowing anonymous authentication to services. The - default value is false. New in release 1.9. - -**spake_preauth_indicator** - (String.) Specifies an authentication indicator value that the - KDC asserts into tickets obtained using SPAKE pre-authentication. - The default is not to add any indicators. This option may be - specified multiple times. New in release 1.17. - -**supported_enctypes** - (List of *key*:*salt* strings.) Specifies the default key/salt - combinations of principals for this realm. Any principals created - through :ref:`kadmin(1)` will have keys of these types. The - default value for this tag is |defkeysalts|. For lists of - possible values, see :ref:`Keysalt_lists`. - - -.. _dbdefaults: - -[dbdefaults] -~~~~~~~~~~~~ - -The [dbdefaults] section specifies default values for some database -parameters, to be used if the [dbmodules] subsection does not contain -a relation for the tag. See the :ref:`dbmodules` section for the -definitions of these relations. - -* **ldap_kerberos_container_dn** -* **ldap_kdc_dn** -* **ldap_kdc_sasl_authcid** -* **ldap_kdc_sasl_authzid** -* **ldap_kdc_sasl_mech** -* **ldap_kdc_sasl_realm** -* **ldap_kadmind_dn** -* **ldap_kadmind_sasl_authcid** -* **ldap_kadmind_sasl_authzid** -* **ldap_kadmind_sasl_mech** -* **ldap_kadmind_sasl_realm** -* **ldap_service_password_file** -* **ldap_conns_per_server** - - -.. _dbmodules: - -[dbmodules] -~~~~~~~~~~~ - -The [dbmodules] section contains parameters used by the KDC database -library and database modules. Each tag in the [dbmodules] section is -the name of a Kerberos realm or a section name specified by a realm's -**database_module** parameter. The following example shows how to -define one database parameter for the ATHENA.MIT.EDU realm:: - - [dbmodules] - ATHENA.MIT.EDU = { - disable_last_success = true - } - -The following tags may be specified in a [dbmodules] subsection: - -**database_name** - This DB2-specific tag indicates the location of the database in - the filesystem. The default is |kdcdir|\ ``/principal``. - -**db_library** - This tag indicates the name of the loadable database module. The - value should be ``db2`` for the DB2 module, ``klmdb`` for the LMDB - module, or ``kldap`` for the LDAP module. - -**disable_last_success** - If set to ``true``, suppresses KDC updates to the "Last successful - authentication" field of principal entries requiring - preauthentication. Setting this flag may improve performance. - (Principal entries which do not require preauthentication never - update the "Last successful authentication" field.). First - introduced in release 1.9. - -**disable_lockout** - If set to ``true``, suppresses KDC updates to the "Last failed - authentication" and "Failed password attempts" fields of principal - entries requiring preauthentication. Setting this flag may - improve performance, but also disables account lockout. First - introduced in release 1.9. - -**ldap_conns_per_server** - This LDAP-specific tag indicates the number of connections to be - maintained per LDAP server. - -**ldap_kdc_dn** and **ldap_kadmind_dn** - These LDAP-specific tags indicate the default DN for binding to - the LDAP server. The :ref:`krb5kdc(8)` daemon uses - **ldap_kdc_dn**, while the :ref:`kadmind(8)` daemon and other - administrative programs use **ldap_kadmind_dn**. The kadmind DN - must have the rights to read and write the Kerberos data in the - LDAP database. The KDC DN must have the same rights, unless - **disable_lockout** and **disable_last_success** are true, in - which case it only needs to have rights to read the Kerberos data. - These tags are ignored if a SASL mechanism is set with - **ldap_kdc_sasl_mech** or **ldap_kadmind_sasl_mech**. - -**ldap_kdc_sasl_mech** and **ldap_kadmind_sasl_mech** - These LDAP-specific tags specify the SASL mechanism (such as - ``EXTERNAL``) to use when binding to the LDAP server. New in - release 1.13. - -**ldap_kdc_sasl_authcid** and **ldap_kadmind_sasl_authcid** - These LDAP-specific tags specify the SASL authentication identity - to use when binding to the LDAP server. Not all SASL mechanisms - require an authentication identity. If the SASL mechanism - requires a secret (such as the password for ``DIGEST-MD5``), these - tags also determine the name within the - **ldap_service_password_file** where the secret is stashed. New - in release 1.13. - -**ldap_kdc_sasl_authzid** and **ldap_kadmind_sasl_authzid** - These LDAP-specific tags specify the SASL authorization identity - to use when binding to the LDAP server. In most circumstances - they do not need to be specified. New in release 1.13. - -**ldap_kdc_sasl_realm** and **ldap_kadmind_sasl_realm** - These LDAP-specific tags specify the SASL realm to use when - binding to the LDAP server. In most circumstances they do not - need to be set. New in release 1.13. - -**ldap_kerberos_container_dn** - This LDAP-specific tag indicates the DN of the container object - where the realm objects will be located. - -**ldap_servers** - This LDAP-specific tag indicates the list of LDAP servers that the - Kerberos servers can connect to. The list of LDAP servers is - whitespace-separated. The LDAP server is specified by a LDAP URI. - It is recommended to use ``ldapi:`` or ``ldaps:`` URLs to connect - to the LDAP server. - -**ldap_service_password_file** - This LDAP-specific tag indicates the file containing the stashed - passwords (created by ``kdb5_ldap_util stashsrvpw``) for the - **ldap_kdc_dn** and **ldap_kadmind_dn** objects, or for the - **ldap_kdc_sasl_authcid** or **ldap_kadmind_sasl_authcid** names - for SASL authentication. This file must be kept secure. - -**mapsize** - This LMDB-specific tag indicates the maximum size of the two - database environments in megabytes. The default value is 128. - Increase this value to address "Environment mapsize limit reached" - errors. New in release 1.17. - -**max_readers** - This LMDB-specific tag indicates the maximum number of concurrent - reading processes for the databases. The default value is 128. - New in release 1.17. - -**nosync** - This LMDB-specific tag can be set to improve the throughput of - kadmind and other administrative agents, at the expense of - durability (recent database changes may not survive a power outage - or other sudden reboot). It does not affect the throughput of the - KDC. The default value is false. New in release 1.17. - -**unlockiter** - If set to ``true``, this DB2-specific tag causes iteration - operations to release the database lock while processing each - principal. Setting this flag to ``true`` can prevent extended - blocking of KDC or kadmin operations when dumps of large databases - are in progress. First introduced in release 1.13. - -The following tag may be specified directly in the [dbmodules] -section to control where database modules are loaded from: - -**db_module_dir** - This tag controls where the plugin system looks for database - modules. The value should be an absolute path. - -.. _logging: - -[logging] -~~~~~~~~~ - -The [logging] section indicates how :ref:`krb5kdc(8)` and -:ref:`kadmind(8)` perform logging. It may contain the following -relations: - -**admin_server** - Specifies how :ref:`kadmind(8)` performs logging. - -**kdc** - Specifies how :ref:`krb5kdc(8)` performs logging. - -**default** - Specifies how either daemon performs logging in the absence of - relations specific to the daemon. - -**debug** - (Boolean value.) Specifies whether debugging messages are - included in log outputs other than SYSLOG. Debugging messages are - always included in the system log output because syslog performs - its own priority filtering. The default value is false. New in - release 1.15. - -Logging specifications may have the following forms: - -**FILE=**\ *filename* or **FILE:**\ *filename* - This value causes the daemon's logging messages to go to the - *filename*. If the ``=`` form is used, the file is overwritten. - If the ``:`` form is used, the file is appended to. - -**STDERR** - This value causes the daemon's logging messages to go to its - standard error stream. - -**CONSOLE** - This value causes the daemon's logging messages to go to the - console, if the system supports it. - -**DEVICE=**\ ** - This causes the daemon's logging messages to go to the specified - device. - -**SYSLOG**\ [\ **:**\ *severity*\ [\ **:**\ *facility*\ ]] - This causes the daemon's logging messages to go to the system log. - - For backward compatibility, a severity argument may be specified, - and must be specified in order to specify a facility. This - argument will be ignored. - - The facility argument specifies the facility under which the - messages are logged. This may be any of the following facilities - supported by the syslog(3) call minus the LOG\_ prefix: **KERN**, - **USER**, **MAIL**, **DAEMON**, **AUTH**, **LPR**, **NEWS**, - **UUCP**, **CRON**, and **LOCAL0** through **LOCAL7**. If no - facility is specified, the default is **AUTH**. - -In the following example, the logging messages from the KDC will go to -the console and to the system log under the facility LOG_DAEMON, and -the logging messages from the administrative server will be appended -to the file ``/var/adm/kadmin.log`` and sent to the device -``/dev/tty04``. :: - - [logging] - kdc = CONSOLE - kdc = SYSLOG:INFO:DAEMON - admin_server = FILE:/var/adm/kadmin.log - admin_server = DEVICE=/dev/tty04 - -If no logging specification is given, the default is to use syslog. -To disable logging entirely, specify ``default = DEVICE=/dev/null``. - - -.. _otp: - -[otp] -~~~~~ - -Each subsection of [otp] is the name of an OTP token type. The tags -within the subsection define the configuration required to forward a -One Time Password request to a RADIUS server. - -For each token type, the following tags may be specified: - -**server** - This is the server to send the RADIUS request to. It can be a - hostname with optional port, an ip address with optional port, or - a Unix domain socket address. The default is - |kdcdir|\ ``/.socket``. - -**secret** - This tag indicates a filename (which may be relative to |kdcdir|) - containing the secret used to encrypt the RADIUS packets. The - secret should appear in the first line of the file by itself; - leading and trailing whitespace on the line will be removed. If - the value of **server** is a Unix domain socket address, this tag - is optional, and an empty secret will be used if it is not - specified. Otherwise, this tag is required. - -**timeout** - An integer which specifies the time in seconds during which the - KDC should attempt to contact the RADIUS server. This tag is the - total time across all retries and should be less than the time - which an OTP value remains valid for. The default is 5 seconds. - -**retries** - This tag specifies the number of retries to make to the RADIUS - server. The default is 3 retries (4 tries). - -**strip_realm** - If this tag is ``true``, the principal without the realm will be - passed to the RADIUS server. Otherwise, the realm will be - included. The default value is ``true``. - -**indicator** - This tag specifies an authentication indicator to be included in - the ticket if this token type is used to authenticate. This - option may be specified multiple times. (New in release 1.14.) - -In the following example, requests are sent to a remote server via UDP:: - - [otp] - MyRemoteTokenType = { - server = radius.mydomain.com:1812 - secret = SEmfiajf42$ - timeout = 15 - retries = 5 - strip_realm = true - } - -An implicit default token type named ``DEFAULT`` is defined for when -the per-principal configuration does not specify a token type. Its -configuration is shown below. You may override this token type to -something applicable for your situation:: - - [otp] - DEFAULT = { - strip_realm = false - } - -PKINIT options --------------- - -.. note:: - - The following are pkinit-specific options. These values may - be specified in [kdcdefaults] as global defaults, or within - a realm-specific subsection of [realms]. Also note that a - realm-specific value over-rides, does not add to, a generic - [kdcdefaults] specification. The search order is: - -1. realm-specific subsection of [realms]:: - - [realms] - EXAMPLE.COM = { - pkinit_anchors = FILE:/usr/local/example.com.crt - } - -2. generic value in the [kdcdefaults] section:: - - [kdcdefaults] - pkinit_anchors = DIR:/usr/local/generic_trusted_cas/ - -For information about the syntax of some of these options, see -:ref:`Specifying PKINIT identity information ` in -:ref:`krb5.conf(5)`. - -**pkinit_anchors** - Specifies the location of trusted anchor (root) certificates which - the KDC trusts to sign client certificates. This option is - required if pkinit is to be supported by the KDC. This option may - be specified multiple times. - -**pkinit_dh_min_bits** - Specifies the minimum number of bits the KDC is willing to accept - for a client's Diffie-Hellman key. The default is 2048. - -**pkinit_allow_upn** - Specifies that the KDC is willing to accept client certificates - with the Microsoft UserPrincipalName (UPN) Subject Alternative - Name (SAN). This means the KDC accepts the binding of the UPN in - the certificate to the Kerberos principal name. The default value - is false. - - Without this option, the KDC will only accept certificates with - the id-pkinit-san as defined in :rfc:`4556`. There is currently - no option to disable SAN checking in the KDC. - -**pkinit_eku_checking** - This option specifies what Extended Key Usage (EKU) values the KDC - is willing to accept in client certificates. The values - recognized in the kdc.conf file are: - - **kpClientAuth** - This is the default value and specifies that client - certificates must have the id-pkinit-KPClientAuth EKU as - defined in :rfc:`4556`. - - **scLogin** - If scLogin is specified, client certificates with the - Microsoft Smart Card Login EKU (id-ms-kp-sc-logon) will be - accepted. - - **none** - If none is specified, then client certificates will not be - checked to verify they have an acceptable EKU. The use of - this option is not recommended. - -**pkinit_identity** - Specifies the location of the KDC's X.509 identity information. - This option is required if pkinit is to be supported by the KDC. - -**pkinit_indicator** - Specifies an authentication indicator to include in the ticket if - pkinit is used to authenticate. This option may be specified - multiple times. (New in release 1.14.) - -**pkinit_pool** - Specifies the location of intermediate certificates which may be - used by the KDC to complete the trust chain between a client's - certificate and a trusted anchor. This option may be specified - multiple times. - -**pkinit_revoke** - Specifies the location of Certificate Revocation List (CRL) - information to be used by the KDC when verifying the validity of - client certificates. This option may be specified multiple times. - -**pkinit_require_crl_checking** - The default certificate verification process will always check the - available revocation information to see if a certificate has been - revoked. If a match is found for the certificate in a CRL, - verification fails. If the certificate being verified is not - listed in a CRL, or there is no CRL present for its issuing CA, - and **pkinit_require_crl_checking** is false, then verification - succeeds. - - However, if **pkinit_require_crl_checking** is true and there is - no CRL information available for the issuing CA, then verification - fails. - - **pkinit_require_crl_checking** should be set to true if the - policy is such that up-to-date CRLs must be present for every CA. - -**pkinit_require_freshness** - Specifies whether to require clients to include a freshness token - in PKINIT requests. The default value is false. (New in release - 1.17.) - -.. _Encryption_types: - -Encryption types ----------------- - -Any tag in the configuration files which requires a list of encryption -types can be set to some combination of the following strings. -Encryption types marked as "weak" and "deprecated" are available for -compatibility but not recommended for use. - -==================================================== ========================================================= -des3-cbc-raw Triple DES cbc mode raw (weak) -des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd Triple DES cbc mode with HMAC/sha1 (deprecated) -aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1 AES-256 CTS mode with 96-bit SHA-1 HMAC -aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1 AES-128 CTS mode with 96-bit SHA-1 HMAC -aes256-cts-hmac-sha384-192 aes256-sha2 AES-256 CTS mode with 192-bit SHA-384 HMAC -aes128-cts-hmac-sha256-128 aes128-sha2 AES-128 CTS mode with 128-bit SHA-256 HMAC -arcfour-hmac rc4-hmac arcfour-hmac-md5 RC4 with HMAC/MD5 (deprecated) -arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp Exportable RC4 with HMAC/MD5 (weak) -camellia256-cts-cmac camellia256-cts Camellia-256 CTS mode with CMAC -camellia128-cts-cmac camellia128-cts Camellia-128 CTS mode with CMAC -des3 The triple DES family: des3-cbc-sha1 -aes The AES family: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha384-192, and aes128-cts-hmac-sha256-128 -rc4 The RC4 family: arcfour-hmac -camellia The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac -==================================================== ========================================================= - -The string **DEFAULT** can be used to refer to the default set of -types for the variable in question. Types or families can be removed -from the current list by prefixing them with a minus sign ("-"). -Types or families can be prefixed with a plus sign ("+") for symmetry; -it has the same meaning as just listing the type or family. For -example, "``DEFAULT -rc4``" would be the default set of encryption -types with RC4 types removed, and "``des3 DEFAULT``" would be the -default set of encryption types with triple DES types moved to the -front. - -While **aes128-cts** and **aes256-cts** are supported for all Kerberos -operations, they are not supported by very old versions of our GSSAPI -implementation (krb5-1.3.1 and earlier). Services running versions of -krb5 without AES support must not be given keys of these encryption -types in the KDC database. - -The **aes128-sha2** and **aes256-sha2** encryption types are new in -release 1.15. Services running versions of krb5 without support for -these newer encryption types must not be given keys of these -encryption types in the KDC database. - - -.. _Keysalt_lists: - -Keysalt lists -------------- - -Kerberos keys for users are usually derived from passwords. Kerberos -commands and configuration parameters that affect generation of keys -take lists of enctype-salttype ("keysalt") pairs, known as *keysalt -lists*. Each keysalt pair is an enctype name followed by a salttype -name, in the format *enc*:*salt*. Individual keysalt list members are -separated by comma (",") characters or space characters. For example:: - - kadmin -e aes256-cts:normal,aes128-cts:normal - -would start up kadmin so that by default it would generate -password-derived keys for the **aes256-cts** and **aes128-cts** -encryption types, using a **normal** salt. - -To ensure that people who happen to pick the same password do not have -the same key, Kerberos 5 incorporates more information into the key -using something called a salt. The supported salt types are as -follows: - -================= ============================================ -normal default for Kerberos Version 5 -norealm same as the default, without using realm information -onlyrealm uses only realm information as the salt -special generate a random salt -================= ============================================ - - -Sample kdc.conf File --------------------- - -Here's an example of a kdc.conf file:: - - [kdcdefaults] - kdc_listen = 88 - kdc_tcp_listen = 88 - [realms] - ATHENA.MIT.EDU = { - kadmind_port = 749 - max_life = 12h 0m 0s - max_renewable_life = 7d 0h 0m 0s - master_key_type = aes256-cts-hmac-sha1-96 - supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal - database_module = openldap_ldapconf - } - - [logging] - kdc = FILE:/usr/local/var/krb5kdc/kdc.log - admin_server = FILE:/usr/local/var/krb5kdc/kadmin.log - - [dbdefaults] - ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu - - [dbmodules] - openldap_ldapconf = { - db_library = kldap - disable_last_success = true - ldap_kdc_dn = "cn=krbadmin,dc=mit,dc=edu" - # this object needs to have read rights on - # the realm container and principal subtrees - ldap_kadmind_dn = "cn=krbadmin,dc=mit,dc=edu" - # this object needs to have read and write rights on - # the realm container and principal subtrees - ldap_service_password_file = /etc/kerberos/service.keyfile - ldap_servers = ldaps://kerberos.mit.edu - ldap_conns_per_server = 5 - } - - -FILES ------- - -|kdcdir|\ ``/kdc.conf`` - - -SEE ALSO ---------- - -:ref:`krb5.conf(5)`, :ref:`krb5kdc(8)`, :ref:`kadm5.acl(5)` diff --git a/krb5-1.21.3/doc/html/_sources/admin/conf_files/krb5_conf.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/conf_files/krb5_conf.rst.txt deleted file mode 100644 index ecdf9175..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/conf_files/krb5_conf.rst.txt +++ /dev/null @@ -1,1251 +0,0 @@ -.. _krb5.conf(5): - -krb5.conf -========= - -The krb5.conf file contains Kerberos configuration information, -including the locations of KDCs and admin servers for the Kerberos -realms of interest, defaults for the current realm and for Kerberos -applications, and mappings of hostnames onto Kerberos realms. -Normally, you should install your krb5.conf file in the directory -``/etc``. You can override the default location by setting the -environment variable **KRB5_CONFIG**. Multiple colon-separated -filenames may be specified in **KRB5_CONFIG**; all files which are -present will be read. Starting in release 1.14, directory names can -also be specified in **KRB5_CONFIG**; all files within the directory -whose names consist solely of alphanumeric characters, dashes, or -underscores will be read. - - -Structure ---------- - -The krb5.conf file is set up in the style of a Windows INI file. -Lines beginning with '#' or ';' (possibly after initial whitespace) -are ignored as comments. Sections are headed by the section name, in -square brackets. Each section may contain zero or more relations, of -the form:: - - foo = bar - -or:: - - fubar = { - foo = bar - baz = quux - } - -Placing a '\*' after the closing bracket of a section name indicates -that the section is *final*, meaning that if the same section appears -within a later file specified in **KRB5_CONFIG**, it will be ignored. -A subsection can be marked as final by placing a '\*' after either the -tag name or the closing brace. - -The krb5.conf file can include other files using either of the -following directives at the beginning of a line:: - - include FILENAME - includedir DIRNAME - -*FILENAME* or *DIRNAME* should be an absolute path. The named file or -directory must exist and be readable. Including a directory includes -all files within the directory whose names consist solely of -alphanumeric characters, dashes, or underscores. Starting in release -1.15, files with names ending in ".conf" are also included, unless the -name begins with ".". Included profile files are syntactically -independent of their parents, so each included file must begin with a -section header. Starting in release 1.17, files are read in -alphanumeric order; in previous releases, they may be read in any -order. - -The krb5.conf file can specify that configuration should be obtained -from a loadable module, rather than the file itself, using the -following directive at the beginning of a line before any section -headers:: - - module MODULEPATH:RESIDUAL - -*MODULEPATH* may be relative to the library path of the krb5 -installation, or it may be an absolute path. *RESIDUAL* is provided -to the module at initialization time. If krb5.conf uses a module -directive, :ref:`kdc.conf(5)` should also use one if it exists. - - -Sections --------- - -The krb5.conf file may contain the following sections: - -=================== ======================================================= -:ref:`libdefaults` Settings used by the Kerberos V5 library -:ref:`realms` Realm-specific contact information and settings -:ref:`domain_realm` Maps server hostnames to Kerberos realms -:ref:`capaths` Authentication paths for non-hierarchical cross-realm -:ref:`appdefaults` Settings used by some Kerberos V5 applications -:ref:`plugins` Controls plugin module registration -=================== ======================================================= - -Additionally, krb5.conf may include any of the relations described in -:ref:`kdc.conf(5)`, but it is not a recommended practice. - -.. _libdefaults: - -[libdefaults] -~~~~~~~~~~~~~ - -The libdefaults section may contain any of the following relations: - -**allow_des3** - Permit the KDC to issue tickets with des3-cbc-sha1 session keys. - In future releases, this flag will allow des3-cbc-sha1 to be used - at all. The default value for this tag is false. (Added in - release 1.21.) - -**allow_rc4** - Permit the KDC to issue tickets with arcfour-hmac session keys. - In future releases, this flag will allow arcfour-hmac to be used - at all. The default value for this tag is false. (Added in - release 1.21.) - -**allow_weak_crypto** - If this flag is set to false, then weak encryption types (as noted - in :ref:`Encryption_types` in :ref:`kdc.conf(5)`) will be filtered - out of the lists **default_tgs_enctypes**, - **default_tkt_enctypes**, and **permitted_enctypes**. The default - value for this tag is false. - -**canonicalize** - If this flag is set to true, initial ticket requests to the KDC - will request canonicalization of the client principal name, and - answers with different client principals than the requested - principal will be accepted. The default value is false. - -**ccache_type** - This parameter determines the format of credential cache types - created by :ref:`kinit(1)` or other programs. The default value - is 4, which represents the most current format. Smaller values - can be used for compatibility with very old implementations of - Kerberos which interact with credential caches on the same host. - -**clockskew** - Sets the maximum allowable amount of clockskew in seconds that the - library will tolerate before assuming that a Kerberos message is - invalid. The default value is 300 seconds, or five minutes. - - The clockskew setting is also used when evaluating ticket start - and expiration times. For example, tickets that have reached - their expiration time can still be used (and renewed if they are - renewable tickets) if they have been expired for a shorter - duration than the **clockskew** setting. - -**default_ccache_name** - This relation specifies the name of the default credential cache. - The default is |ccache|. This relation is subject to parameter - expansion (see below). New in release 1.11. - -**default_client_keytab_name** - This relation specifies the name of the default keytab for - obtaining client credentials. The default is |ckeytab|. This - relation is subject to parameter expansion (see below). - New in release 1.11. - -**default_keytab_name** - This relation specifies the default keytab name to be used by - application servers such as sshd. The default is |keytab|. This - relation is subject to parameter expansion (see below). - -**default_rcache_name** - This relation specifies the name of the default replay cache. - The default is ``dfl:``. This relation is subject to parameter - expansion (see below). New in release 1.18. - -**default_realm** - Identifies the default Kerberos realm for the client. Set its - value to your Kerberos realm. If this value is not set, then a - realm must be specified with every Kerberos principal when - invoking programs such as :ref:`kinit(1)`. - -**default_tgs_enctypes** - Identifies the supported list of session key encryption types that - the client should request when making a TGS-REQ, in order of - preference from highest to lowest. The list may be delimited with - commas or whitespace. See :ref:`Encryption_types` in - :ref:`kdc.conf(5)` for a list of the accepted values for this tag. - Starting in release 1.18, the default value is the value of - **permitted_enctypes**. For previous releases or if - **permitted_enctypes** is not set, the default value is - |defetypes|. - - Do not set this unless required for specific backward - compatibility purposes; stale values of this setting can prevent - clients from taking advantage of new stronger enctypes when the - libraries are upgraded. - -**default_tkt_enctypes** - Identifies the supported list of session key encryption types that - the client should request when making an AS-REQ, in order of - preference from highest to lowest. The format is the same as for - default_tgs_enctypes. Starting in release 1.18, the default - value is the value of **permitted_enctypes**. For previous - releases or if **permitted_enctypes** is not set, the default - value is |defetypes|. - - Do not set this unless required for specific backward - compatibility purposes; stale values of this setting can prevent - clients from taking advantage of new stronger enctypes when the - libraries are upgraded. - -**dns_canonicalize_hostname** - Indicate whether name lookups will be used to canonicalize - hostnames for use in service principal names. Setting this flag - to false can improve security by reducing reliance on DNS, but - means that short hostnames will not be canonicalized to - fully-qualified hostnames. If this option is set to ``fallback`` (new - in release 1.18), DNS canonicalization will only be performed the - server hostname is not found with the original name when - requesting credentials. The default value is true. - -**dns_lookup_kdc** - Indicate whether DNS SRV records should be used to locate the KDCs - and other servers for a realm, if they are not listed in the - krb5.conf information for the realm. (Note that the admin_server - entry must be in the krb5.conf realm information in order to - contact kadmind, because the DNS implementation for kadmin is - incomplete.) - - Enabling this option does open up a type of denial-of-service - attack, if someone spoofs the DNS records and redirects you to - another server. However, it's no worse than a denial of service, - because that fake KDC will be unable to decode anything you send - it (besides the initial ticket request, which has no encrypted - data), and anything the fake KDC sends will not be trusted without - verification using some secret that it won't know. - -**dns_uri_lookup** - Indicate whether DNS URI records should be used to locate the KDCs - and other servers for a realm, if they are not listed in the - krb5.conf information for the realm. SRV records are used as a - fallback if no URI records were found. The default value is true. - New in release 1.15. - -**enforce_ok_as_delegate** - If this flag to true, GSSAPI credential delegation will be - disabled when the ``ok-as-delegate`` flag is not set in the - service ticket. If this flag is false, the ``ok-as-delegate`` - ticket flag is only enforced when an application specifically - requests enforcement. The default value is false. - -**err_fmt** - This relation allows for custom error message formatting. If a - value is set, error messages will be formatted by substituting a - normal error message for %M and an error code for %C in the value. - -**extra_addresses** - This allows a computer to use multiple local addresses, in order - to allow Kerberos to work in a network that uses NATs while still - using address-restricted tickets. The addresses should be in a - comma-separated list. This option has no effect if - **noaddresses** is true. - -**forwardable** - If this flag is true, initial tickets will be forwardable by - default, if allowed by the KDC. The default value is false. - -**ignore_acceptor_hostname** - When accepting GSSAPI or krb5 security contexts for host-based - service principals, ignore any hostname passed by the calling - application, and allow clients to authenticate to any service - principal in the keytab matching the service name and realm name - (if given). This option can improve the administrative - flexibility of server applications on multihomed hosts, but could - compromise the security of virtual hosting environments. The - default value is false. New in release 1.10. - -**k5login_authoritative** - If this flag is true, principals must be listed in a local user's - k5login file to be granted login access, if a :ref:`.k5login(5)` - file exists. If this flag is false, a principal may still be - granted login access through other mechanisms even if a k5login - file exists but does not list the principal. The default value is - true. - -**k5login_directory** - If set, the library will look for a local user's k5login file - within the named directory, with a filename corresponding to the - local username. If not set, the library will look for k5login - files in the user's home directory, with the filename .k5login. - For security reasons, .k5login files must be owned by - the local user or by root. - -**kcm_mach_service** - On macOS only, determines the name of the bootstrap service used to - contact the KCM daemon for the KCM credential cache type. If the - value is ``-``, Mach RPC will not be used to contact the KCM - daemon. The default value is ``org.h5l.kcm``. - -**kcm_socket** - Determines the path to the Unix domain socket used to access the - KCM daemon for the KCM credential cache type. If the value is - ``-``, Unix domain sockets will not be used to contact the KCM - daemon. The default value is - ``/var/run/.heim_org.h5l.kcm-socket``. - -**kdc_default_options** - Default KDC options (Xored for multiple values) when requesting - initial tickets. By default it is set to 0x00000010 - (KDC_OPT_RENEWABLE_OK). - -**kdc_timesync** - Accepted values for this relation are 1 or 0. If it is nonzero, - client machines will compute the difference between their time and - the time returned by the KDC in the timestamps in the tickets and - use this value to correct for an inaccurate system clock when - requesting service tickets or authenticating to services. This - corrective factor is only used by the Kerberos library; it is not - used to change the system clock. The default value is 1. - -**noaddresses** - If this flag is true, requests for initial tickets will not be - made with address restrictions set, allowing the tickets to be - used across NATs. The default value is true. - -**permitted_enctypes** - Identifies the encryption types that servers will permit for - session keys and for ticket and authenticator encryption, ordered - by preference from highest to lowest. Starting in release 1.18, - this tag also acts as the default value for - **default_tgs_enctypes** and **default_tkt_enctypes**. The - default value for this tag is |defetypes|. - -**plugin_base_dir** - If set, determines the base directory where krb5 plugins are - located. The default value is the ``krb5/plugins`` subdirectory - of the krb5 library directory. This relation is subject to - parameter expansion (see below) in release 1.17 and later. - -**preferred_preauth_types** - This allows you to set the preferred preauthentication types which - the client will attempt before others which may be advertised by a - KDC. The default value for this setting is "17, 16, 15, 14", - which forces libkrb5 to attempt to use PKINIT if it is supported. - -**proxiable** - If this flag is true, initial tickets will be proxiable by - default, if allowed by the KDC. The default value is false. - -**qualify_shortname** - If this string is set, it determines the domain suffix for - single-component hostnames when DNS canonicalization is not used - (either because **dns_canonicalize_hostname** is false or because - forward canonicalization failed). The default value is the first - search domain of the system's DNS configuration. To disable - qualification of shortnames, set this relation to the empty string - with ``qualify_shortname = ""``. (New in release 1.18.) - -**rdns** - If this flag is true, reverse name lookup will be used in addition - to forward name lookup to canonicalizing hostnames for use in - service principal names. If **dns_canonicalize_hostname** is set - to false, this flag has no effect. The default value is true. - -**realm_try_domains** - Indicate whether a host's domain components should be used to - determine the Kerberos realm of the host. The value of this - variable is an integer: -1 means not to search, 0 means to try the - host's domain itself, 1 means to also try the domain's immediate - parent, and so forth. The library's usual mechanism for locating - Kerberos realms is used to determine whether a domain is a valid - realm, which may involve consulting DNS if **dns_lookup_kdc** is - set. The default is not to search domain components. - -**renew_lifetime** - (:ref:`duration` string.) Sets the default renewable lifetime - for initial ticket requests. The default value is 0. - -**spake_preauth_groups** - A whitespace or comma-separated list of words which specifies the - groups allowed for SPAKE preauthentication. The possible values - are: - - ============ ================================ - edwards25519 Edwards25519 curve (:rfc:`7748`) - P-256 NIST P-256 curve (:rfc:`5480`) - P-384 NIST P-384 curve (:rfc:`5480`) - P-521 NIST P-521 curve (:rfc:`5480`) - ============ ================================ - - The default value for the client is ``edwards25519``. The default - value for the KDC is empty. New in release 1.17. - -**ticket_lifetime** - (:ref:`duration` string.) Sets the default lifetime for initial - ticket requests. The default value is 1 day. - -**udp_preference_limit** - When sending a message to the KDC, the library will try using TCP - before UDP if the size of the message is above - **udp_preference_limit**. If the message is smaller than - **udp_preference_limit**, then UDP will be tried before TCP. - Regardless of the size, both protocols will be tried if the first - attempt fails. - -**verify_ap_req_nofail** - If this flag is true, then an attempt to verify initial - credentials will fail if the client machine does not have a - keytab. The default value is false. - -**client_aware_channel_bindings** - If this flag is true, then all application protocol authentication - requests will be flagged to indicate that the application supports - channel bindings when operating over a secure channel. The - default value is false. - -.. _realms: - -[realms] -~~~~~~~~ - -Each tag in the [realms] section of the file is the name of a Kerberos -realm. The value of the tag is a subsection with relations that -define the properties of that particular realm. For each realm, the -following tags may be specified in the realm's subsection: - -**admin_server** - Identifies the host where the administration server is running. - Typically, this is the primary Kerberos server. This tag must be - given a value in order to communicate with the :ref:`kadmind(8)` - server for the realm. - -**auth_to_local** - This tag allows you to set a general rule for mapping principal - names to local user names. It will be used if there is not an - explicit mapping for the principal name that is being - translated. The possible values are: - - **RULE:**\ *exp* - The local name will be formulated from *exp*. - - The format for *exp* is **[**\ *n*\ **:**\ *string*\ **](**\ - *regexp*\ **)s/**\ *pattern*\ **/**\ *replacement*\ **/g**. - The integer *n* indicates how many components the target - principal should have. If this matches, then a string will be - formed from *string*, substituting the realm of the principal - for ``$0`` and the *n*'th component of the principal for - ``$n`` (e.g., if the principal was ``johndoe/admin`` then - ``[2:$2$1foo]`` would result in the string - ``adminjohndoefoo``). If this string matches *regexp*, then - the ``s//[g]`` substitution command will be run over the - string. The optional **g** will cause the substitution to be - global over the *string*, instead of replacing only the first - match in the *string*. - - **DEFAULT** - The principal name will be used as the local user name. If - the principal has more than one component or is not in the - default realm, this rule is not applicable and the conversion - will fail. - - For example:: - - [realms] - ATHENA.MIT.EDU = { - auth_to_local = RULE:[2:$1](johndoe)s/^.*$/guest/ - auth_to_local = RULE:[2:$1;$2](^.*;admin$)s/;admin$// - auth_to_local = RULE:[2:$2](^.*;root)s/^.*$/root/ - auth_to_local = DEFAULT - } - - would result in any principal without ``root`` or ``admin`` as the - second component to be translated with the default rule. A - principal with a second component of ``admin`` will become its - first component. ``root`` will be used as the local name for any - principal with a second component of ``root``. The exception to - these two rules are any principals ``johndoe/*``, which will - always get the local name ``guest``. - -**auth_to_local_names** - This subsection allows you to set explicit mappings from principal - names to local user names. The tag is the mapping name, and the - value is the corresponding local user name. - -**default_domain** - This tag specifies the domain used to expand hostnames when - translating Kerberos 4 service principals to Kerberos 5 principals - (for example, when converting ``rcmd.hostname`` to - ``host/hostname.domain``). - -**disable_encrypted_timestamp** - If this flag is true, the client will not perform encrypted - timestamp preauthentication if requested by the KDC. Setting this - flag can help to prevent dictionary attacks by active attackers, - if the realm's KDCs support SPAKE preauthentication or if initial - authentication always uses another mechanism or always uses FAST. - This flag persists across client referrals during initial - authentication. This flag does not prevent the KDC from offering - encrypted timestamp. New in release 1.17. - -**http_anchors** - When KDCs and kpasswd servers are accessed through HTTPS proxies, this tag - can be used to specify the location of the CA certificate which should be - trusted to issue the certificate for a proxy server. If left unspecified, - the system-wide default set of CA certificates is used. - - The syntax for values is similar to that of values for the - **pkinit_anchors** tag: - - **FILE:** *filename* - - *filename* is assumed to be the name of an OpenSSL-style ca-bundle file. - - **DIR:** *dirname* - - *dirname* is assumed to be an directory which contains CA certificates. - All files in the directory will be examined; if they contain certificates - (in PEM format), they will be used. - - **ENV:** *envvar* - - *envvar* specifies the name of an environment variable which has been set - to a value conforming to one of the previous values. For example, - ``ENV:X509_PROXY_CA``, where environment variable ``X509_PROXY_CA`` has - been set to ``FILE:/tmp/my_proxy.pem``. - -**kdc** - The name or address of a host running a KDC for that realm. An - optional port number, separated from the hostname by a colon, may - be included. If the name or address contains colons (for example, - if it is an IPv6 address), enclose it in square brackets to - distinguish the colon from a port separator. For your computer to - be able to communicate with the KDC for each realm, this tag must - be given a value in each realm subsection in the configuration - file, or there must be DNS SRV records specifying the KDCs. - -**kpasswd_server** - Points to the server where all the password changes are performed. - If there is no such entry, DNS will be queried (unless forbidden - by **dns_lookup_kdc**). Finally, port 464 on the **admin_server** - host will be tried. - -**master_kdc** - The name for **primary_kdc** prior to release 1.19. Its value is - used as a fallback if **primary_kdc** is not specified. - -**primary_kdc** - Identifies the primary KDC(s). Currently, this tag is used in only - one case: If an attempt to get credentials fails because of an - invalid password, the client software will attempt to contact the - primary KDC, in case the user's password has just been changed, and - the updated database has not been propagated to the replica - servers yet. New in release 1.19. - -**v4_instance_convert** - This subsection allows the administrator to configure exceptions - to the **default_domain** mapping rule. It contains V4 instances - (the tag name) which should be translated to some specific - hostname (the tag value) as the second component in a Kerberos V5 - principal name. - -**v4_realm** - This relation is used by the krb524 library routines when - converting a V5 principal name to a V4 principal name. It is used - when the V4 realm name and the V5 realm name are not the same, but - still share the same principal names and passwords. The tag value - is the Kerberos V4 realm name. - - -.. _domain_realm: - -[domain_realm] -~~~~~~~~~~~~~~ - -The [domain_realm] section provides a translation from hostnames to -Kerberos realms. Each tag is a domain name, providing the mapping for -that domain and all subdomains. If the tag begins with a period -(``.``) then it applies only to subdomains. The Kerberos realm may be -identified either in the realms_ section or using DNS SRV records. -Tag names should be in lower case. For example:: - - [domain_realm] - crash.mit.edu = TEST.ATHENA.MIT.EDU - .dev.mit.edu = TEST.ATHENA.MIT.EDU - mit.edu = ATHENA.MIT.EDU - -maps the host with the name ``crash.mit.edu`` into the -``TEST.ATHENA.MIT.EDU`` realm. The second entry maps all hosts under the -domain ``dev.mit.edu`` into the ``TEST.ATHENA.MIT.EDU`` realm, but not -the host with the name ``dev.mit.edu``. That host is matched -by the third entry, which maps the host ``mit.edu`` and all hosts -under the domain ``mit.edu`` that do not match a preceding rule -into the realm ``ATHENA.MIT.EDU``. - -If no translation entry applies to a hostname used for a service -principal for a service ticket request, the library will try to get a -referral to the appropriate realm from the client realm's KDC. If -that does not succeed, the host's realm is considered to be the -hostname's domain portion converted to uppercase, unless the -**realm_try_domains** setting in [libdefaults] causes a different -parent domain to be used. - - -.. _capaths: - -[capaths] -~~~~~~~~~ - -In order to perform direct (non-hierarchical) cross-realm -authentication, configuration is needed to determine the -authentication paths between realms. - -A client will use this section to find the authentication path between -its realm and the realm of the server. The server will use this -section to verify the authentication path used by the client, by -checking the transited field of the received ticket. - -There is a tag for each participating client realm, and each tag has -subtags for each of the server realms. The value of the subtags is an -intermediate realm which may participate in the cross-realm -authentication. The subtags may be repeated if there is more then one -intermediate realm. A value of "." means that the two realms share -keys directly, and no intermediate realms should be allowed to -participate. - -Only those entries which will be needed on the client or the server -need to be present. A client needs a tag for its local realm with -subtags for all the realms of servers it will need to authenticate to. -A server needs a tag for each realm of the clients it will serve, with -a subtag of the server realm. - -For example, ``ANL.GOV``, ``PNL.GOV``, and ``NERSC.GOV`` all wish to -use the ``ES.NET`` realm as an intermediate realm. ANL has a sub -realm of ``TEST.ANL.GOV`` which will authenticate with ``NERSC.GOV`` -but not ``PNL.GOV``. The [capaths] section for ``ANL.GOV`` systems -would look like this:: - - [capaths] - ANL.GOV = { - TEST.ANL.GOV = . - PNL.GOV = ES.NET - NERSC.GOV = ES.NET - ES.NET = . - } - TEST.ANL.GOV = { - ANL.GOV = . - } - PNL.GOV = { - ANL.GOV = ES.NET - } - NERSC.GOV = { - ANL.GOV = ES.NET - } - ES.NET = { - ANL.GOV = . - } - -The [capaths] section of the configuration file used on ``NERSC.GOV`` -systems would look like this:: - - [capaths] - NERSC.GOV = { - ANL.GOV = ES.NET - TEST.ANL.GOV = ES.NET - TEST.ANL.GOV = ANL.GOV - PNL.GOV = ES.NET - ES.NET = . - } - ANL.GOV = { - NERSC.GOV = ES.NET - } - PNL.GOV = { - NERSC.GOV = ES.NET - } - ES.NET = { - NERSC.GOV = . - } - TEST.ANL.GOV = { - NERSC.GOV = ANL.GOV - NERSC.GOV = ES.NET - } - -When a subtag is used more than once within a tag, clients will use -the order of values to determine the path. The order of values is not -important to servers. - - -.. _appdefaults: - -[appdefaults] -~~~~~~~~~~~~~ - -Each tag in the [appdefaults] section names a Kerberos V5 application -or an option that is used by some Kerberos V5 application[s]. The -value of the tag defines the default behaviors for that application. - -For example:: - - [appdefaults] - telnet = { - ATHENA.MIT.EDU = { - option1 = false - } - } - telnet = { - option1 = true - option2 = true - } - ATHENA.MIT.EDU = { - option2 = false - } - option2 = true - -The above four ways of specifying the value of an option are shown in -order of decreasing precedence. In this example, if telnet is running -in the realm EXAMPLE.COM, it should, by default, have option1 and -option2 set to true. However, a telnet program in the realm -``ATHENA.MIT.EDU`` should have ``option1`` set to false and -``option2`` set to true. Any other programs in ATHENA.MIT.EDU should -have ``option2`` set to false by default. Any programs running in -other realms should have ``option2`` set to true. - -The list of specifiable options for each application may be found in -that application's man pages. The application defaults specified here -are overridden by those specified in the realms_ section. - - -.. _plugins: - -[plugins] -~~~~~~~~~ - - * pwqual_ interface - * kadm5_hook_ interface - * clpreauth_ and kdcpreauth_ interfaces - -Tags in the [plugins] section can be used to register dynamic plugin -modules and to turn modules on and off. Not every krb5 pluggable -interface uses the [plugins] section; the ones that do are documented -here. - -New in release 1.9. - -Each pluggable interface corresponds to a subsection of [plugins]. -All subsections support the same tags: - -**disable** - This tag may have multiple values. If there are values for this - tag, then the named modules will be disabled for the pluggable - interface. - -**enable_only** - This tag may have multiple values. If there are values for this - tag, then only the named modules will be enabled for the pluggable - interface. - -**module** - This tag may have multiple values. Each value is a string of the - form ``modulename:pathname``, which causes the shared object - located at *pathname* to be registered as a dynamic module named - *modulename* for the pluggable interface. If *pathname* is not an - absolute path, it will be treated as relative to the - **plugin_base_dir** value from :ref:`libdefaults`. - -For pluggable interfaces where module order matters, modules -registered with a **module** tag normally come first, in the order -they are registered, followed by built-in modules in the order they -are documented below. If **enable_only** tags are used, then the -order of those tags overrides the normal module order. - -The following subsections are currently supported within the [plugins] -section: - -.. _ccselect: - -ccselect interface -################## - -The ccselect subsection controls modules for credential cache -selection within a cache collection. In addition to any registered -dynamic modules, the following built-in modules exist (and may be -disabled with the disable tag): - -**k5identity** - Uses a .k5identity file in the user's home directory to select a - client principal - -**realm** - Uses the service realm to guess an appropriate cache from the - collection - -**hostname** - If the service principal is host-based, uses the service hostname - to guess an appropriate cache from the collection - -.. _pwqual: - -pwqual interface -################ - -The pwqual subsection controls modules for the password quality -interface, which is used to reject weak passwords when passwords are -changed. The following built-in modules exist for this interface: - -**dict** - Checks against the realm dictionary file - -**empty** - Rejects empty passwords - -**hesiod** - Checks against user information stored in Hesiod (only if Kerberos - was built with Hesiod support) - -**princ** - Checks against components of the principal name - -.. _kadm5_hook: - -kadm5_hook interface -#################### - -The kadm5_hook interface provides plugins with information on -principal creation, modification, password changes and deletion. This -interface can be used to write a plugin to synchronize MIT Kerberos -with another database such as Active Directory. No plugins are built -in for this interface. - -.. _kadm5_auth: - -kadm5_auth interface -#################### - -The kadm5_auth section (introduced in release 1.16) controls modules -for the kadmin authorization interface, which determines whether a -client principal is allowed to perform a kadmin operation. The -following built-in modules exist for this interface: - -**acl** - This module reads the :ref:`kadm5.acl(5)` file, and authorizes - operations which are allowed according to the rules in the file. - -**self** - This module authorizes self-service operations including password - changes, creation of new random keys, fetching the client's - principal record or string attributes, and fetching the policy - record associated with the client principal. - -.. _clpreauth: - -.. _kdcpreauth: - -clpreauth and kdcpreauth interfaces -################################### - -The clpreauth and kdcpreauth interfaces allow plugin modules to -provide client and KDC preauthentication mechanisms. The following -built-in modules exist for these interfaces: - -**pkinit** - This module implements the PKINIT preauthentication mechanism. - -**encrypted_challenge** - This module implements the encrypted challenge FAST factor. - -**encrypted_timestamp** - This module implements the encrypted timestamp mechanism. - -.. _hostrealm: - -hostrealm interface -################### - -The hostrealm section (introduced in release 1.12) controls modules -for the host-to-realm interface, which affects the local mapping of -hostnames to realm names and the choice of default realm. The following -built-in modules exist for this interface: - -**profile** - This module consults the [domain_realm] section of the profile for - authoritative host-to-realm mappings, and the **default_realm** - variable for the default realm. - -**dns** - This module looks for DNS records for fallback host-to-realm - mappings and the default realm. It only operates if the - **dns_lookup_realm** variable is set to true. - -**domain** - This module applies heuristics for fallback host-to-realm - mappings. It implements the **realm_try_domains** variable, and - uses the uppercased parent domain of the hostname if that does not - produce a result. - -.. _localauth: - -localauth interface -################### - -The localauth section (introduced in release 1.12) controls modules -for the local authorization interface, which affects the relationship -between Kerberos principals and local system accounts. The following -built-in modules exist for this interface: - -**default** - This module implements the **DEFAULT** type for **auth_to_local** - values. - -**rule** - This module implements the **RULE** type for **auth_to_local** - values. - -**names** - This module looks for an **auth_to_local_names** mapping for the - principal name. - -**auth_to_local** - This module processes **auth_to_local** values in the default - realm's section, and applies the default method if no - **auth_to_local** values exist. - -**k5login** - This module authorizes a principal to a local account according to - the account's :ref:`.k5login(5)` file. - -**an2ln** - This module authorizes a principal to a local account if the - principal name maps to the local account name. - -.. _certauth: - -certauth interface -################## - -The certauth section (introduced in release 1.16) controls modules for -the certificate authorization interface, which determines whether a -certificate is allowed to preauthenticate a user via PKINIT. The -following built-in modules exist for this interface: - -**pkinit_san** - This module authorizes the certificate if it contains a PKINIT - Subject Alternative Name for the requested client principal, or a - Microsoft UPN SAN matching the principal if **pkinit_allow_upn** - is set to true for the realm. - -**pkinit_eku** - This module rejects the certificate if it does not contain an - Extended Key Usage attribute consistent with the - **pkinit_eku_checking** value for the realm. - -**dbmatch** - This module authorizes or rejects the certificate according to - whether it matches the **pkinit_cert_match** string attribute on - the client principal, if that attribute is present. - - -PKINIT options --------------- - -.. note:: - - The following are PKINIT-specific options. These values may - be specified in [libdefaults] as global defaults, or within - a realm-specific subsection of [libdefaults], or may be - specified as realm-specific values in the [realms] section. - A realm-specific value overrides, not adds to, a generic - [libdefaults] specification. The search order is: - -1. realm-specific subsection of [libdefaults]:: - - [libdefaults] - EXAMPLE.COM = { - pkinit_anchors = FILE:/usr/local/example.com.crt - } - -2. realm-specific value in the [realms] section:: - - [realms] - OTHERREALM.ORG = { - pkinit_anchors = FILE:/usr/local/otherrealm.org.crt - } - -3. generic value in the [libdefaults] section:: - - [libdefaults] - pkinit_anchors = DIR:/usr/local/generic_trusted_cas/ - - -.. _pkinit_identity: - -Specifying PKINIT identity information -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The syntax for specifying Public Key identity, trust, and revocation -information for PKINIT is as follows: - -**FILE:**\ *filename*\ [**,**\ *keyfilename*] - This option has context-specific behavior. - - In **pkinit_identity** or **pkinit_identities**, *filename* - specifies the name of a PEM-format file containing the user's - certificate. If *keyfilename* is not specified, the user's - private key is expected to be in *filename* as well. Otherwise, - *keyfilename* is the name of the file containing the private key. - - In **pkinit_anchors** or **pkinit_pool**, *filename* is assumed to - be the name of an OpenSSL-style ca-bundle file. - -**DIR:**\ *dirname* - This option has context-specific behavior. - - In **pkinit_identity** or **pkinit_identities**, *dirname* - specifies a directory with files named ``*.crt`` and ``*.key`` - where the first part of the file name is the same for matching - pairs of certificate and private key files. When a file with a - name ending with ``.crt`` is found, a matching file ending with - ``.key`` is assumed to contain the private key. If no such file - is found, then the certificate in the ``.crt`` is not used. - - In **pkinit_anchors** or **pkinit_pool**, *dirname* is assumed to - be an OpenSSL-style hashed CA directory where each CA cert is - stored in a file named ``hash-of-ca-cert.#``. This infrastructure - is encouraged, but all files in the directory will be examined and - if they contain certificates (in PEM format), they will be used. - - In **pkinit_revoke**, *dirname* is assumed to be an OpenSSL-style - hashed CA directory where each revocation list is stored in a file - named ``hash-of-ca-cert.r#``. This infrastructure is encouraged, - but all files in the directory will be examined and if they - contain a revocation list (in PEM format), they will be used. - -**PKCS12:**\ *filename* - *filename* is the name of a PKCS #12 format file, containing the - user's certificate and private key. - -**PKCS11:**\ [**module_name=**]\ *modname*\ [**:slotid=**\ *slot-id*][**:token=**\ *token-label*][**:certid=**\ *cert-id*][**:certlabel=**\ *cert-label*] - All keyword/values are optional. *modname* specifies the location - of a library implementing PKCS #11. If a value is encountered - with no keyword, it is assumed to be the *modname*. If no - module-name is specified, the default is |pkcs11_modname|. - ``slotid=`` and/or ``token=`` may be specified to force the use of - a particular smard card reader or token if there is more than one - available. ``certid=`` and/or ``certlabel=`` may be specified to - force the selection of a particular certificate on the device. - See the **pkinit_cert_match** configuration option for more ways - to select a particular certificate to use for PKINIT. - -**ENV:**\ *envvar* - *envvar* specifies the name of an environment variable which has - been set to a value conforming to one of the previous values. For - example, ``ENV:X509_PROXY``, where environment variable - ``X509_PROXY`` has been set to ``FILE:/tmp/my_proxy.pem``. - - -PKINIT krb5.conf options -~~~~~~~~~~~~~~~~~~~~~~~~ - -**pkinit_anchors** - Specifies the location of trusted anchor (root) certificates which - the client trusts to sign KDC certificates. This option may be - specified multiple times. These values from the config file are - not used if the user specifies X509_anchors on the command line. - -**pkinit_cert_match** - Specifies matching rules that the client certificate must match - before it is used to attempt PKINIT authentication. If a user has - multiple certificates available (on a smart card, or via other - media), there must be exactly one certificate chosen before - attempting PKINIT authentication. This option may be specified - multiple times. All the available certificates are checked - against each rule in order until there is a match of exactly one - certificate. - - The Subject and Issuer comparison strings are the :rfc:`2253` - string representations from the certificate Subject DN and Issuer - DN values. - - The syntax of the matching rules is: - - [*relation-operator*\ ]\ *component-rule* ... - - where: - - *relation-operator* - can be either ``&&``, meaning all component rules must match, - or ``||``, meaning only one component rule must match. The - default is ``&&``. - - *component-rule* - can be one of the following. Note that there is no - punctuation or whitespace between component rules. - - | ****\ *regular-expression* - | ****\ *regular-expression* - | ****\ *regular-expression* - | ****\ *extended-key-usage-list* - | ****\ *key-usage-list* - - *extended-key-usage-list* is a comma-separated list of - required Extended Key Usage values. All values in the list - must be present in the certificate. Extended Key Usage values - can be: - - * pkinit - * msScLogin - * clientAuth - * emailProtection - - *key-usage-list* is a comma-separated list of required Key - Usage values. All values in the list must be present in the - certificate. Key Usage values can be: - - * digitalSignature - * keyEncipherment - - Examples:: - - pkinit_cert_match = ||.*DoE.*.*@EXAMPLE.COM - pkinit_cert_match = &&msScLogin,clientAuth.*DoE.* - pkinit_cert_match = msScLogin,clientAuthdigitalSignature - -**pkinit_eku_checking** - This option specifies what Extended Key Usage value the KDC - certificate presented to the client must contain. (Note that if - the KDC certificate has the pkinit SubjectAlternativeName encoded - as the Kerberos TGS name, EKU checking is not necessary since the - issuing CA has certified this as a KDC certificate.) The values - recognized in the krb5.conf file are: - - **kpKDC** - This is the default value and specifies that the KDC must have - the id-pkinit-KPKdc EKU as defined in :rfc:`4556`. - - **kpServerAuth** - If **kpServerAuth** is specified, a KDC certificate with the - id-kp-serverAuth EKU will be accepted. This key usage value - is used in most commercially issued server certificates. - - **none** - If **none** is specified, then the KDC certificate will not be - checked to verify it has an acceptable EKU. The use of this - option is not recommended. - -**pkinit_dh_min_bits** - Specifies the size of the Diffie-Hellman key the client will - attempt to use. The acceptable values are 1024, 2048, and 4096. - The default is 2048. - -**pkinit_identities** - Specifies the location(s) to be used to find the user's X.509 - identity information. If this option is specified multiple times, - each value is attempted in order until certificates are found. - Note that these values are not used if the user specifies - **X509_user_identity** on the command line. - -**pkinit_kdc_hostname** - The presence of this option indicates that the client is willing - to accept a KDC certificate with a dNSName SAN (Subject - Alternative Name) rather than requiring the id-pkinit-san as - defined in :rfc:`4556`. This option may be specified multiple - times. Its value should contain the acceptable hostname for the - KDC (as contained in its certificate). - -**pkinit_pool** - Specifies the location of intermediate certificates which may be - used by the client to complete the trust chain between a KDC - certificate and a trusted anchor. This option may be specified - multiple times. - -**pkinit_require_crl_checking** - The default certificate verification process will always check the - available revocation information to see if a certificate has been - revoked. If a match is found for the certificate in a CRL, - verification fails. If the certificate being verified is not - listed in a CRL, or there is no CRL present for its issuing CA, - and **pkinit_require_crl_checking** is false, then verification - succeeds. - - However, if **pkinit_require_crl_checking** is true and there is - no CRL information available for the issuing CA, then verification - fails. - - **pkinit_require_crl_checking** should be set to true if the - policy is such that up-to-date CRLs must be present for every CA. - -**pkinit_revoke** - Specifies the location of Certificate Revocation List (CRL) - information to be used by the client when verifying the validity - of the KDC certificate presented. This option may be specified - multiple times. - - -.. _parameter_expansion: - -Parameter expansion -------------------- - -Starting with release 1.11, several variables, such as -**default_keytab_name**, allow parameters to be expanded. -Valid parameters are: - - ================= =================================================== - %{TEMP} Temporary directory - %{uid} Unix real UID or Windows SID - %{euid} Unix effective user ID or Windows SID - %{USERID} Same as %{uid} - %{null} Empty string - %{LIBDIR} Installation library directory - %{BINDIR} Installation binary directory - %{SBINDIR} Installation admin binary directory - %{username} (Unix) Username of effective user ID - %{APPDATA} (Windows) Roaming application data for current user - %{COMMON_APPDATA} (Windows) Application data for all users - %{LOCAL_APPDATA} (Windows) Local application data for current user - %{SYSTEM} (Windows) Windows system folder - %{WINDOWS} (Windows) Windows folder - %{USERCONFIG} (Windows) Per-user MIT krb5 config file directory - %{COMMONCONFIG} (Windows) Common MIT krb5 config file directory - ================= =================================================== - -Sample krb5.conf file ---------------------- - -Here is an example of a generic krb5.conf file:: - - [libdefaults] - default_realm = ATHENA.MIT.EDU - dns_lookup_kdc = true - dns_lookup_realm = false - - [realms] - ATHENA.MIT.EDU = { - kdc = kerberos.mit.edu - kdc = kerberos-1.mit.edu - kdc = kerberos-2.mit.edu - admin_server = kerberos.mit.edu - primary_kdc = kerberos.mit.edu - } - EXAMPLE.COM = { - kdc = kerberos.example.com - kdc = kerberos-1.example.com - admin_server = kerberos.example.com - } - - [domain_realm] - mit.edu = ATHENA.MIT.EDU - - [capaths] - ATHENA.MIT.EDU = { - EXAMPLE.COM = . - } - EXAMPLE.COM = { - ATHENA.MIT.EDU = . - } - -FILES ------ - -|krb5conf| - - -SEE ALSO --------- - -syslog(3) diff --git a/krb5-1.21.3/doc/html/_sources/admin/conf_ldap.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/conf_ldap.rst.txt deleted file mode 100644 index 65542c1a..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/conf_ldap.rst.txt +++ /dev/null @@ -1,132 +0,0 @@ -.. _conf_ldap: - -Configuring Kerberos with OpenLDAP back-end -=========================================== - - - 1. Make sure the LDAP server is using local authentication - (``ldapi://``) or TLS (``ldaps``). See - https://www.openldap.org/doc/admin/tls.html for instructions on - configuring TLS support in OpenLDAP. - - 2. Add the Kerberos schema file to the LDAP Server using the OpenLDAP - LDIF file from the krb5 source directory - (``src/plugins/kdb/ldap/libkdb_ldap/kerberos.openldap.ldif``). - The following example uses local authentication:: - - ldapadd -Y EXTERNAL -H ldapi:/// -f /path/to/kerberos.openldap.ldif - - 3. Choose DNs for the :ref:`krb5kdc(8)` and :ref:`kadmind(8)` servers - to bind to the LDAP server, and create them if necessary. Specify - these DNs with the **ldap_kdc_dn** and **ldap_kadmind_dn** - directives in :ref:`kdc.conf(5)`. The kadmind DN will also be - used for administrative commands such as :ref:`kdb5_util(8)`. - - Alternatively, you may configure krb5kdc and kadmind to use SASL - authentication to access the LDAP server; see the :ref:`dbmodules` - relations **ldap_kdc_sasl_mech** and similar. - - 4. Specify a location for the LDAP service password file by setting - **ldap_service_password_file**. Use ``kdb5_ldap_util stashsrvpw`` - to stash passwords for the KDC and kadmind DNs chosen above. For - example:: - - kdb5_ldap_util stashsrvpw -f /path/to/service.keyfile cn=krbadmin,dc=example,dc=com - - Skip this step if you are using SASL authentication and the - mechanism does not require a password. - - 5. Choose a DN for the global Kerberos container entry (but do not - create the entry at this time). Specify this DN with the - **ldap_kerberos_container_dn** directive in :ref:`kdc.conf(5)`. - Realm container entries will be created underneath this DN. - Principal entries may exist either underneath the realm container - (the default) or in separate trees referenced from the realm - container. - - 6. Configure the LDAP server ACLs to enable the KDC and kadmin server - DNs to read and write the Kerberos data. If - **disable_last_success** and **disable_lockout** are both set to - true in the :ref:`dbmodules` subsection for the realm, then the - KDC DN only requires read access to the Kerberos data. - - Sample access control information:: - - access to dn.base="" - by * read - - access to dn.base="cn=Subschema" - by * read - - # Provide access to the realm container. - access to dn.subtree= "cn=EXAMPLE.COM,cn=krbcontainer,dc=example,dc=com" - by dn.exact="cn=kdc-service,dc=example,dc=com" write - by dn.exact="cn=adm-service,dc=example,dc=com" write - by * none - - # Provide access to principals, if not underneath the realm container. - access to dn.subtree= "ou=users,dc=example,dc=com" - by dn.exact="cn=kdc-service,dc=example,dc=com" write - by dn.exact="cn=adm-service,dc=example,dc=com" write - by * none - - access to * - by * read - - If the locations of the container and principals or the DNs of the - service objects for a realm are changed then this information - should be updated. - - 7. In :ref:`kdc.conf(5)`, make sure the following relations are set - in the :ref:`dbmodules` subsection for the realm:: - - db_library (set to ``kldap``) - ldap_kerberos_container_dn - ldap_kdc_dn - ldap_kadmind_dn - ldap_service_password_file - ldap_servers - - 8. Create the realm using :ref:`kdb5_ldap_util(8)`: - - kdb5_ldap_util create -subtrees ou=users,dc=example,dc=com -s - - Use the **-subtrees** option if the principals are to exist in a - separate subtree from the realm container. Before executing the - command, make sure that the subtree mentioned above - ``(ou=users,dc=example,dc=com)`` exists. If the principals will - exist underneath the realm container, omit the **-subtrees** option - and do not worry about creating the principal subtree. - - For more information, refer to the section :ref:`ops_on_ldap`. - - The realm object is created under the - **ldap_kerberos_container_dn** specified in the configuration - file. This operation will also create the Kerberos container, if - not present already. This container can be used to store - information related to multiple realms. - - 9. Add an ``eq`` index for ``krbPrincipalName`` to speed up principal - lookup operations. See - https://www.openldap.org/doc/admin/tuning.html#Indexes for - details. - -With the LDAP back end it is possible to provide aliases for principal -entries. Currently we provide no administrative utilities for -creating aliases, so it must be done by direct manipulation of the -LDAP entries. - -An entry with aliases contains multiple values of the -*krbPrincipalName* attribute. Since LDAP attribute values are not -ordered, it is necessary to specify which principal name is canonical, -by using the *krbCanonicalName* attribute. Therefore, to create -aliases for an entry, first set the *krbCanonicalName* attribute of -the entry to the canonical principal name (which should be identical -to the pre-existing *krbPrincipalName* value), and then add additional -*krbPrincipalName* attributes for the aliases. - -Principal aliases are only returned by the KDC when the client -requests canonicalization. Canonicalization is normally requested for -service principals; for client principals, an explicit flag is often -required (e.g., ``kinit -C``) and canonicalization is only performed -for initial ticket requests. diff --git a/krb5-1.21.3/doc/html/_sources/admin/database.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/database.rst.txt deleted file mode 100644 index 2fd07242..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/database.rst.txt +++ /dev/null @@ -1,587 +0,0 @@ -Database administration -======================= - -A Kerberos database contains all of a realm's Kerberos principals, -their passwords, and other administrative information about each -principal. For the most part, you will use the :ref:`kdb5_util(8)` -program to manipulate the Kerberos database as a whole, and the -:ref:`kadmin(1)` program to make changes to the entries in the -database. (One notable exception is that users will use the -:ref:`kpasswd(1)` program to change their own passwords.) The kadmin -program has its own command-line interface, to which you type the -database administrating commands. - -:ref:`kdb5_util(8)` provides a means to create, delete, load, or dump -a Kerberos database. It also contains commands to roll over the -database master key, and to stash a copy of the key so that the -:ref:`kadmind(8)` and :ref:`krb5kdc(8)` daemons can use the database -without manual input. - -:ref:`kadmin(1)` provides for the maintenance of Kerberos principals, -password policies, and service key tables (keytabs). Normally it -operates as a network client using Kerberos authentication to -communicate with :ref:`kadmind(8)`, but there is also a variant, named -kadmin.local, which directly accesses the Kerberos database on the -local filesystem (or through LDAP). kadmin.local is necessary to set -up enough of the database to be able to use the remote version. - -kadmin can authenticate to the admin server using the service -principal ``kadmin/admin`` or ``kadmin/HOST`` (where *HOST* is the -hostname of the admin server). If the credentials cache contains a -ticket for either service principal and the **-c** ccache option is -specified, that ticket is used to authenticate to KADM5. Otherwise, -the **-p** and **-k** options are used to specify the client Kerberos -principal name used to authenticate. Once kadmin has determined the -principal name, it requests a ``kadmin/admin`` Kerberos service ticket -from the KDC, and uses that service ticket to authenticate to KADM5. - -See :ref:`kadmin(1)` for the available kadmin and kadmin.local -commands and options. - - -.. _principals: - -Principals ----------- - -Each entry in the Kerberos database contains a Kerberos principal and -the attributes and policies associated with that principal. - -To add a principal to the database, use the :ref:`kadmin(1)` -**add_principal** command. User principals should usually be created -with the ``+requires_preauth -allow_svr`` options to help mitigate -dictionary attacks (see :ref:`dictionary`):: - - kadmin: addprinc +requires_preauth -allow_svr alice - Enter password for principal "alice@KRBTEST.COM": - Re-enter password for principal "alice@KRBTEST.COM": - -User principals which will authenticate with :ref:`pkinit` should -instead by created with the ``-nokey`` option: - - kadmin: addprinc -nokey alice - -Service principals can be created with the ``-nokey`` option; -long-term keys will be added when a keytab is generated:: - - kadmin: addprinc -nokey host/foo.mit.edu - kadmin: ktadd -k foo.keytab host/foo.mit.edu - Entry for principal host/foo.mit.edu with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:foo.keytab. - Entry for principal host/foo.mit.edu with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:foo.keytab. - -To modify attributes of an existing principal, use the kadmin -**modify_principal** command:: - - kadmin: modprinc -expire tomorrow alice - Principal "alice@KRBTEST.COM" modified. - -To delete a principal, use the kadmin **delete_principal** command:: - - kadmin: delprinc alice - Are you sure you want to delete the principal "alice@KRBTEST.COM"? (yes/no): yes - Principal "alice@KRBTEST.COM" deleted. - Make sure that you have removed this principal from all ACLs before reusing. - -To change a principal's password, use the kadmin **change_password** -command. Password changes made through kadmin are subject to the same -password policies as would apply to password changes made through -:ref:`kpasswd(1)`. - -To view the attributes of a principal, use the kadmin` -**get_principal** command. - -To generate a listing of principals, use the kadmin -**list_principals** command. - - -.. _policies: - -Policies --------- - -A policy is a set of rules governing passwords. Policies can dictate -minimum and maximum password lifetimes, minimum number of characters -and character classes a password must contain, and the number of old -passwords kept in the database. - -To add a new policy, use the :ref:`kadmin(1)` **add_policy** command:: - - kadmin: addpol -maxlife "1 year" -history 3 stduser - -To modify attributes of a principal, use the kadmin **modify_policy** -command. To delete a policy, use the kadmin **delete_policy** -command. - -To associate a policy with a principal, use the kadmin -**modify_principal** command with the **-policy** option: - - kadmin: modprinc -policy stduser alice - Principal "alice@KRBTEST.COM" modified. - -A principal entry may be associated with a nonexistent policy, either -because the policy did not exist at the time of associated or was -deleted afterwards. kadmin will warn when associated a principal with -a nonexistent policy, and will annotate the policy name with "[does -not exist]" in the **get_principal** output. - - -.. _updating_history_key: - -Updating the history key -~~~~~~~~~~~~~~~~~~~~~~~~ - -If a policy specifies a number of old keys kept of two or more, the -stored old keys are encrypted in a history key, which is found in the -key data of the ``kadmin/history`` principal. - -Currently there is no support for proper rollover of the history key, -but you can change the history key (for example, to use a better -encryption type) at the cost of invalidating currently stored old -keys. To change the history key, run:: - - kadmin: change_password -randkey kadmin/history - -This command will fail if you specify the **-keepold** flag. Only one -new history key will be created, even if you specify multiple key/salt -combinations. - -In the future, we plan to migrate towards encrypting old keys in the -master key instead of the history key, and implementing proper -rollover support for stored old keys. - - -.. _privileges: - -Privileges ----------- - -Administrative privileges for the Kerberos database are stored in the -file :ref:`kadm5.acl(5)`. - -.. note:: - - A common use of an admin instance is so you can grant - separate permissions (such as administrator access to the - Kerberos database) to a separate Kerberos principal. For - example, the user ``joeadmin`` might have a principal for - his administrative use, called ``joeadmin/admin``. This - way, ``joeadmin`` would obtain ``joeadmin/admin`` tickets - only when he actually needs to use those permissions. - - -.. _db_operations: - -Operations on the Kerberos database ------------------------------------ - -The :ref:`kdb5_util(8)` command is the primary tool for administrating -the Kerberos database when using the DB2 or LMDB modules (see -:ref:`dbtypes`). Creating a database is described in -:ref:`create_db`. - -To create a stash file using the master password (because the database -was not created with one using the ``create -s`` flag, or after -restoring from a backup which did not contain the stash file), use the -kdb5_util **stash** command:: - - $ kdb5_util stash - kdb5_util: Cannot find/read stored master key while reading master key - kdb5_util: Warning: proceeding without master key - Enter KDC database master key: <= Type the KDC database master password. - -To destroy a database, use the kdb5_util destroy command:: - - $ kdb5_util destroy - Deleting KDC database stored in '/var/krb5kdc/principal', are you sure? - (type 'yes' to confirm)? yes - OK, deleting database '/var/krb5kdc/principal'... - ** Database '/var/krb5kdc/principal' destroyed. - - -.. _restore_from_dump: - -Dumping and loading a Kerberos database -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To dump a Kerberos database into a text file for backup or transfer -purposes, use the :ref:`kdb5_util(8)` **dump** command on one of the -KDCs:: - - $ kdb5_util dump dumpfile - - $ kbd5_util dump -verbose dumpfile - kadmin/admin@ATHENA.MIT.EDU - krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - kadmin/history@ATHENA.MIT.EDU - K/M@ATHENA.MIT.EDU - kadmin/changepw@ATHENA.MIT.EDU - -You may specify which principals to dump, using full principal names -including realm:: - - $ kdb5_util dump -verbose someprincs K/M@ATHENA.MIT.EDU kadmin/admin@ATHENA.MIT.EDU - kadmin/admin@ATHENA.MIT.EDU - K/M@ATHENA.MIT.EDU - -To restore a Kerberos database dump from a file, use the -:ref:`kdb5_util(8)` **load** command:: - - $ kdb5_util load dumpfile - -To update an existing database with a partial dump file containing -only some principals, use the ``-update`` flag:: - - $ kdb5_util load -update someprincs - -.. note:: - - If the database file exists, and the *-update* flag was not - given, *kdb5_util* will overwrite the existing database. - - -.. _updating_master_key: - -Updating the master key -~~~~~~~~~~~~~~~~~~~~~~~ - -Starting with release 1.7, :ref:`kdb5_util(8)` allows the master key -to be changed using a rollover process, with minimal loss of -availability. To roll over the master key, follow these steps: - -#. On the primary KDC, run ``kdb5_util list_mkeys`` to view the - current master key version number (KVNO). If you have never rolled - over the master key before, this will likely be version 1:: - - $ kdb5_util list_mkeys - Master keys for Principal: K/M@KRBTEST.COM - KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 * - -#. On the primary KDC, run ``kdb5_util use_mkey 1`` to ensure that a - master key activation list is present in the database. This step - is unnecessary in release 1.11.4 or later, or if the database was - initially created with release 1.7 or later. - -#. On the primary KDC, run ``kdb5_util add_mkey -s`` to create a new - master key and write it to the stash file. Enter a secure password - when prompted. If this is the first time you are changing the - master key, the new key will have version 2. The new master key - will not be used until you make it active. - -#. Propagate the database to all replica KDCs, either manually or by - waiting until the next scheduled propagation. If you do not have - any replica KDCs, you can skip this and the next step. - -#. On each replica KDC, run ``kdb5_util list_mkeys`` to verify that - the new master key is present, and then ``kdb5_util stash`` to - write the new master key to the replica KDC's stash file. - -#. On the primary KDC, run ``kdb5_util use_mkey 2`` to begin using the - new master key. Replace ``2`` with the version of the new master - key, as appropriate. You can optionally specify a date for the new - master key to become active; by default, it will become active - immediately. Prior to release 1.12, :ref:`kadmind(8)` must be - restarted for this change to take full effect. - -#. On the primary KDC, run ``kdb5_util update_princ_encryption``. - This command will iterate over the database and re-encrypt all keys - in the new master key. If the database is large and uses DB2, the - primary KDC will become unavailable while this command runs, but - clients should fail over to replica KDCs (if any are present) - during this time period. In release 1.13 and later, you can - instead run ``kdb5_util -x unlockiter update_princ_encryption`` to - use unlocked iteration; this variant will take longer, but will - keep the database available to the KDC and kadmind while it runs. - -#. Wait until the above changes have propagated to all replica KDCs - and until all running KDC and kadmind processes have serviced - requests using updated principal entries. - -#. On the primary KDC, run ``kdb5_util purge_mkeys`` to clean up the - old master key. - - -.. _ops_on_ldap: - -Operations on the LDAP database -------------------------------- - -The :ref:`kdb5_ldap_util(8)` command is the primary tool for -administrating the Kerberos database when using the LDAP module. -Creating an LDAP Kerberos database is describe in :ref:`conf_ldap`. - -To view a list of realms in the LDAP database, use the kdb5_ldap_util -**list** command:: - - $ kdb5_ldap_util list - KRBTEST.COM - -To modify the attributes of a realm, use the kdb5_ldap_util **modify** -command. For example, to change the default realm's maximum ticket -life:: - - $ kdb5_ldap_util modify -maxtktlife "10 hours" - -To display the attributes of a realm, use the kdb5_ldap_util **view** -command:: - - $ kdb5_ldap_util view - Realm Name: KRBTEST.COM - Maximum Ticket Life: 0 days 00:10:00 - -To remove a realm from the LDAP database, destroying its contents, use -the kdb5_ldap_util **destroy** command:: - - $ kdb5_ldap_util destroy - Deleting KDC database of 'KRBTEST.COM', are you sure? - (type 'yes' to confirm)? yes - OK, deleting database of 'KRBTEST.COM'... - ** Database of 'KRBTEST.COM' destroyed. - - -Ticket Policy operations -~~~~~~~~~~~~~~~~~~~~~~~~ - -Unlike the DB2 and LMDB modules, the LDAP module supports ticket -policy objects, which can be associated with principals to restrict -maximum ticket lifetimes and set mandatory principal flags. Ticket -policy objects are distinct from the password policies described -earlier on this page, and are chiefly managed through kdb5_ldap_util -rather than kadmin. To create a new ticket policy, use the -kdb5_ldap_util **create_policy** command:: - - $ kdb5_ldap_util create_policy -maxrenewlife "2 days" users - -To associate a ticket policy with a principal, use the -:ref:`kadmin(1)` **modify_principal** (or **add_principal**) command -with the **-x tktpolicy=**\ *policy* option:: - - $ kadmin.local modprinc -x tktpolicy=users alice - -To remove a ticket policy reference from a principal, use the same -command with an empty *policy*:: - - $ kadmin.local modprinc -x tktpolicy= alice - -To list the existing ticket policy objects, use the kdb5_ldap_util -**list_policy** command:: - - $ kdb5_ldap_util list_policy - users - -To modify the attributes of a ticket policy object, use the -kdb5_ldap_util **modify_policy** command:: - - $ kdb5_ldap_util modify_policy -allow_svr +requires_preauth users - -To view the attributes of a ticket policy object, use the -kdb5_ldap_util **view_policy** command:: - - $ kdb5_ldap_util view_policy users - Ticket policy: users - Maximum renewable life: 2 days 00:00:00 - Ticket flags: REQUIRES_PRE_AUTH DISALLOW_SVR - -To destroy an ticket policy object, use the kdb5_ldap_util -**destroy_policy** command:: - - $ kdb5_ldap_util destroy_policy users - This will delete the policy object 'users', are you sure? - (type 'yes' to confirm)? yes - ** policy object 'users' deleted. - - -.. _xrealm_authn: - -Cross-realm authentication --------------------------- - -In order for a KDC in one realm to authenticate Kerberos users in a -different realm, it must share a key with the KDC in the other realm. -In both databases, there must be krbtgt service principals for both realms. -For example, if you need to do cross-realm authentication between the realms -``ATHENA.MIT.EDU`` and ``EXAMPLE.COM``, you would need to add the -principals ``krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU`` and -``krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM`` to both databases. -These principals must all have the same passwords, key version -numbers, and encryption types; this may require explicitly setting -the key version number with the **-kvno** option. - -In the ATHENA.MIT.EDU and EXAMPLE.COM cross-realm case, the administrators -would run the following commands on the KDCs in both realms:: - - shell%: kadmin.local -e "aes256-cts:normal" - kadmin: addprinc -requires_preauth krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM - Enter password for principal krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM: - Re-enter password for principal krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM: - kadmin: addprinc -requires_preauth krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU - Enter password for principal krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU: - Enter password for principal krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU: - kadmin: - -.. note:: - - Even if most principals in a realm are generally created - with the **requires_preauth** flag enabled, this flag is not - desirable on cross-realm authentication keys because doing - so makes it impossible to disable preauthentication on a - service-by-service basis. Disabling it as in the example - above is recommended. - -.. note:: - - It is very important that these principals have good - passwords. MIT recommends that TGT principal passwords be - at least 26 characters of random ASCII text. - - -.. _changing_krbtgt_key: - -Changing the krbtgt key ------------------------ - -A Kerberos Ticket Granting Ticket (TGT) is a service ticket for the -principal ``krbtgt/REALM``. The key for this principal is created -when the Kerberos database is initialized and need not be changed. -However, it will only have the encryption types supported by the KDC -at the time of the initial database creation. To allow use of newer -encryption types for the TGT, this key has to be changed. - -Changing this key using the normal :ref:`kadmin(1)` -**change_password** command would invalidate any previously issued -TGTs. Therefore, when changing this key, normally one should use the -**-keepold** flag to change_password to retain the previous key in the -database as well as the new key. For example:: - - kadmin: change_password -randkey -keepold krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - -.. warning:: - - After issuing this command, the old key is still valid - and is still vulnerable to (for instance) brute force - attacks. To completely retire an old key or encryption - type, run the kadmin **purgekeys** command to delete keys - with older kvnos, ideally first making sure that all - tickets issued with the old keys have expired. - -Only the first krbtgt key of the newest key version is used to encrypt -ticket-granting tickets. However, the set of encryption types present -in the krbtgt keys is used by default to determine the session key -types supported by the krbtgt service (see -:ref:`session_key_selection`). Because non-MIT Kerberos clients -sometimes send a limited set of encryption types when making AS -requests, it can be important for the krbtgt service to support -multiple encryption types. This can be accomplished by giving the -krbtgt principal multiple keys, which is usually as simple as not -specifying any **-e** option when changing the krbtgt key, or by -setting the **session_enctypes** string attribute on the krbtgt -principal (see :ref:`set_string`). - -Due to a bug in releases 1.8 through 1.13, renewed and forwarded -tickets may not work if the original ticket was obtained prior to a -krbtgt key change and the modified ticket is obtained afterwards. -Upgrading the KDC to release 1.14 or later will correct this bug. - - -.. _incr_db_prop: - -Incremental database propagation --------------------------------- - -Overview -~~~~~~~~ - -At some very large sites, dumping and transmitting the database can -take more time than is desirable for changes to propagate from the -primary KDC to the replica KDCs. The incremental propagation support -added in the 1.7 release is intended to address this. - -With incremental propagation enabled, all programs on the primary KDC -that change the database also write information about the changes to -an "update log" file, maintained as a circular buffer of a certain -size. A process on each replica KDC connects to a service on the -primary KDC (currently implemented in the :ref:`kadmind(8)` server) and -periodically requests the changes that have been made since the last -check. By default, this check is done every two minutes. - -Incremental propagation uses the following entries in the per-realm -data in the KDC config file (See :ref:`kdc.conf(5)`): - -====================== =============== =========================================== -iprop_enable *boolean* If *true*, then incremental propagation is enabled, and (as noted below) normal kprop propagation is disabled. The default is *false*. -iprop_master_ulogsize *integer* Indicates the number of entries that should be retained in the update log. The default is 1000; the maximum number is 2500. -iprop_replica_poll *time interval* Indicates how often the replica should poll the primary KDC for changes to the database. The default is two minutes. -iprop_port *integer* Specifies the port number to be used for incremental propagation. This is required in both primary and replica configuration files. -iprop_resync_timeout *integer* Specifies the number of seconds to wait for a full propagation to complete. This is optional on replica configurations. Defaults to 300 seconds (5 minutes). -iprop_logfile *file name* Specifies where the update log file for the realm database is to be stored. The default is to use the *database_name* entry from the realms section of the config file :ref:`kdc.conf(5)`, with *.ulog* appended. (NOTE: If database_name isn't specified in the realms section, perhaps because the LDAP database back end is being used, or the file name is specified in the *dbmodules* section, then the hard-coded default for *database_name* is used. Determination of the *iprop_logfile* default value will not use values from the *dbmodules* section.) -====================== =============== =========================================== - -Both primary and replica sides must have a principal named -``kiprop/hostname`` (where *hostname* is the lowercase, -fully-qualified, canonical name for the host) registered in the -Kerberos database, and have keys for that principal stored in the -default keytab file (|keytab|). The ``kiprop/hostname`` principal may -have been created automatically for the primary KDC, but it must -always be created for replica KDCs. - -On the primary KDC side, the ``kiprop/hostname`` principal must be -listed in the kadmind ACL file :ref:`kadm5.acl(5)`, and given the -**p** privilege (see :ref:`privileges`). - -On the replica KDC side, :ref:`kpropd(8)` should be run. When -incremental propagation is enabled, it will connect to the kadmind on -the primary KDC and start requesting updates. - -The normal kprop mechanism is disabled by the incremental propagation -support. However, if the replica has been unable to fetch changes -from the primary KDC for too long (network problems, perhaps), the log -on the primary may wrap around and overwrite some of the updates that -the replica has not yet retrieved. In this case, the replica will -instruct the primary KDC to dump the current database out to a file -and invoke a one-time kprop propagation, with special options to also -convey the point in the update log at which the replica should resume -fetching incremental updates. Thus, all the keytab and ACL setup -previously described for kprop propagation is still needed. - -If an environment has a large number of replicas, it may be desirable -to arrange them in a hierarchy instead of having the primary serve -updates to every replica. To do this, run ``kadmind -proponly`` on -each intermediate replica, and ``kpropd -A upstreamhostname`` on -downstream replicas to direct each one to the appropriate upstream -replica. - -There are several known restrictions in the current implementation: - -- The incremental update protocol does not transport changes to policy - objects. Any policy changes on the primary will result in full - resyncs to all replicas. -- The replica's KDB module must support locking; it cannot be using the - LDAP KDB module. -- The primary and replica must be able to initiate TCP connections in - both directions, without an intervening NAT. - - -Sun/MIT incremental propagation differences -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Sun donated the original code for supporting incremental database -propagation to MIT. Some changes have been made in the MIT source -tree that will be visible to administrators. (These notes are based -on Sun's patches. Changes to Sun's implementation since then may not -be reflected here.) - -The Sun config file support looks for ``sunw_dbprop_enable``, -``sunw_dbprop_master_ulogsize``, and ``sunw_dbprop_slave_poll``. - -The incremental propagation service is implemented as an ONC RPC -service. In the Sun implementation, the service is registered with -rpcbind (also known as portmapper) and the client looks up the port -number to contact. In the MIT implementation, where interaction with -some modern versions of rpcbind doesn't always work well, the port -number must be specified in the config file on both the primary and -replica sides. - -The Sun implementation hard-codes pathnames in ``/var/krb5`` for the -update log and the per-replica kprop dump files. In the MIT -implementation, the pathname for the update log is specified in the -config file, and the per-replica dump files are stored in -|kdcdir|\ ``/replica_datatrans_hostname``. diff --git a/krb5-1.21.3/doc/html/_sources/admin/dbtypes.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/dbtypes.rst.txt deleted file mode 100644 index 04748176..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/dbtypes.rst.txt +++ /dev/null @@ -1,149 +0,0 @@ -.. _dbtypes: - -Database types -============== - -A Kerberos database can be implemented with one of three built-in -database providers, called KDB modules. Software which incorporates -the MIT krb5 KDC may also provide its own KDB module. The following -subsections describe the three built-in KDB modules and the -configuration specific to them. - -The database type can be configured with the **db_library** variable -in the :ref:`dbmodules` subsection for the realm. For example:: - - [dbmodules] - ATHENA.MIT.EDU = { - db_library = db2 - } - -If the ``ATHENA.MIT.EDU`` realm subsection contains a -**database_module** setting, then the subsection within -``[dbmodules]`` should use that name instead of ``ATHENA.MIT.EDU``. - -To transition from one database type to another, stop the -:ref:`kadmind(8)` service, use ``kdb5_util dump`` to create a dump -file, change the **db_library** value and set any appropriate -configuration for the new database type, and use ``kdb5_util load`` to -create and populate the new database. If the new database type is -LDAP, create the new database using ``kdb5_ldap_util`` and populate it -from the dump file using ``kdb5_util load -update``. Then restart the -:ref:`krb5kdc(8)` and :ref:`kadmind(8)` services. - - -Berkeley database module (db2) ------------------------------- - -The default KDB module is ``db2``, which uses a version of the -Berkeley DB library. It creates four files based on the database -pathname. If the pathname ends with ``principal`` then the four files -are: - -* ``principal``, containing principal entry data -* ``principal.ok``, a lock file for the principal database -* ``principal.kadm5``, containing policy object data -* ``principal.kadm5.lock``, a lock file for the policy database - -For large databases, the :ref:`kdb5_util(8)` **dump** command (perhaps -invoked by :ref:`kprop(8)` or by :ref:`kadmind(8)` for incremental -propagation) may cause :ref:`krb5kdc(8)` to stop for a noticeable -period of time while it iterates over the database. This delay can be -avoided by disabling account lockout features so that the KDC does not -perform database writes (see :ref:`disable_lockout`). Alternatively, -a slower form of iteration can be enabled by setting the -**unlockiter** variable to ``true``. For example:: - - [dbmodules] - ATHENA.MIT.EDU = { - db_library = db2 - unlockiter = true - } - -In rare cases, a power failure or other unclean system shutdown may -cause inconsistencies in the internal pointers within a database file, -such that ``kdb5_util dump`` cannot retrieve all principal entries in -the database. In this situation, it may be possible to retrieve all -of the principal data by running ``kdb5_util dump -recurse`` to -iterate over the database using the tree pointers instead of the -iteration pointers. Running ``kdb5_util dump -rev`` to iterate over -the database backwards may also retrieve some of the data which is not -retrieved by a normal dump operation. - - -Lightning Memory-Mapped Database module (klmdb) ------------------------------------------------ - -The klmdb module was added in release 1.17. It uses the LMDB library, -and may offer better performance and reliability than the db2 module. -It creates four files based on the database pathname. If the pathname -ends with ``principal``, then the four files are: - -* ``principal.mdb``, containing policy object data and most principal - entry data -* ``principal.mdb-lock``, a lock file for the primary database -* ``principal.lockout.mdb``, containing the account lockout attributes - (last successful authentication time, last failed authentication - time, and number of failed attempts) for each principal entry -* ``principal.lockout.mdb-lock``, a lock file for the lockout database - -Separating out the lockout attributes ensures that the KDC will never -block on an administrative operation such as a database dump or load. -It also allows the KDC to operate without write access to the primary -database. If both account lockout features are disabled (see -:ref:`disable_lockout`), the lockout database files will be created -but will not subsequently be opened, and the account lockout -attributes will always have zero values. - -Because LMDB creates a memory map to the database files, it requires a -configured memory map size which also determines the maximum size of -the database. This size is applied equally to the two databases, so -twice the configured size will be consumed in the process address -space; this is primarily a limitation on 32-bit platforms. The -default value of 128 megabytes should be sufficient for several -hundred thousand principal entries. If the limit is reached, kadmin -operations will fail and the error message "Environment mapsize limit -reached" will appear in the kadmind log file. In this case, the -**mapsize** variable can be used to increase the map size. The -following example sets the map size to 512 megabytes:: - - [dbmodules] - ATHENA.MIT.EDU = { - db_library = klmdb - mapsize = 512 - } - -LMDB has a configurable maximum number of readers. The default value -of 128 should be sufficient for most deployments. If you are going to -use a large number of KDC worker processes, it may be necessary to set -the **max_readers** variable to a larger number. - -By default, LMDB synchronizes database files to disk after each write -transaction to ensure durability in the case of an unclean system -shutdown. The klmdb module always turns synchronization off for the -lockout database to ensure reasonable KDC performance, but leaves it -on for the primary database. If high throughput for administrative -operations (including password changes) is required, the **nosync** -variable can be set to "true" to disable synchronization for the -primary database. - -The klmdb module does not support explicit locking with the -:ref:`kadmin(1)` **lock** command. - - -LDAP module (kldap) -------------------- - -The kldap module stores principal and policy data using an LDAP -server. To use it you must configure an LDAP server to use the -Kerberos schema. See :ref:`conf_ldap` for details. - -Because :ref:`krb5kdc(8)` is single-threaded, latency in LDAP database -accesses may limit KDC operation throughput. If the LDAP server is -located on the same server host as the KDC and accessed through an -``ldapi://`` URL, latency should be minimal. If this is not possible, -consider starting multiple KDC worker processes with the -:ref:`krb5kdc(8)` **-w** option to enable concurrent processing of KDC -requests. - -The kldap module does not support explicit locking with the -:ref:`kadmin(1)` **lock** command. diff --git a/krb5-1.21.3/doc/html/_sources/admin/dictionary.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/dictionary.rst.txt deleted file mode 100644 index a5c57868..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/dictionary.rst.txt +++ /dev/null @@ -1,88 +0,0 @@ -.. _dictionary: - -Addressing dictionary attack risks -================================== - -Kerberos initial authentication is normally secured using the client -principal's long-term key, which for users is generally derived from a -password. Using a pasword-derived long-term key carries the risk of a -dictionary attack, where an attacker tries a sequence of possible -passwords, possibly requiring much less effort than would be required -to try all possible values of the key. Even if :ref:`password policy -objects ` are used to force users not to pick trivial -passwords, dictionary attacks can sometimes be successful against a -significant fraction of the users in a realm. Dictionary attacks are -not a concern for principals using random keys. - -A dictionary attack may be online or offline. An online dictionary -attack is performed by trying each password in a separate request to -the KDC, and is therefore visible to the KDC and also limited in speed -by the KDC's processing power and the network capacity between the -client and the KDC. Online dictionary attacks can be mitigated using -:ref:`account lockout `. This measure is not totally -satisfactory, as it makes it easy for an attacker to deny access to a -client principal. - -An offline dictionary attack is performed by obtaining a ciphertext -generated using the password-derived key, and trying each password -against the ciphertext. This category of attack is invisible to the -KDC and can be performed much faster than an online attack. The -attack will generally take much longer with more recent encryption -types (particularly the ones based on AES), because those encryption -types use a much more expensive string-to-key function. However, the -best defense is to deny the attacker access to a useful ciphertext. -The required defensive measures depend on the attacker's level of -network access. - -An off-path attacker has no access to packets sent between legitimate -users and the KDC. An off-path attacker could gain access to an -attackable ciphertext either by making an AS request for a client -principal which does not have the **+requires_preauth** flag, or by -making a TGS request (after authenticating as a different user) for a -server principal which does not have the **-allow_svr** flag. To -address off-path attackers, a KDC administrator should set those flags -on principals with password-derived keys:: - - kadmin: add_principal +requires_preauth -allow_svr princname - -An attacker with passive network access (one who can monitor packets -sent between legitimate users and the KDC, but cannot change them or -insert their own packets) can gain access to an attackable ciphertext -by observing an authentication by a user using the most common form of -preauthentication, encrypted timestamp. Any of the following methods -can prevent dictionary attacks by attackers with passive network -access: - -* Enabling :ref:`SPAKE preauthentication ` (added in release - 1.17) on the KDC, and ensuring that all clients are able to support - it. - -* Using an :ref:`HTTPS proxy ` for communication with the KDC, - if the attacker cannot monitor communication between the proxy - server and the KDC. - -* Using FAST, protecting the initial authentication with either a - random key (such as a host key) or with :ref:`anonymous PKINIT - `. - -An attacker with active network access (one who can inject or modify -packets sent between legitimate users and the KDC) can try to fool the -client software into sending an attackable ciphertext using an -encryption type and salt string of the attacker's choosing. Any of the -following methods can prevent dictionary attacks by active attackers: - -* Enabling SPAKE preauthentication and setting the - **disable_encrypted_timestamp** variable to ``true`` in the - :ref:`realms` subsection of the client configuration. - -* Using an HTTPS proxy as described above, configured in the client's - krb5.conf realm configuration. If :ref:`KDC discovery - ` is used to locate a proxy server, an active - attacker may be able to use DNS spoofing to cause the client to use - a different HTTPS server or to not use HTTPS. - -* Using FAST as described above. - -If :ref:`PKINIT ` or :ref:`OTP ` are used for -initial authentication, the principal's long-term keys are not used -and dictionary attacks are usually not a concern. diff --git a/krb5-1.21.3/doc/html/_sources/admin/enctypes.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/enctypes.rst.txt deleted file mode 100644 index dce19ad4..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/enctypes.rst.txt +++ /dev/null @@ -1,222 +0,0 @@ -.. _enctypes: - -Encryption types -================ - -Kerberos can use a variety of cipher algorithms to protect data. A -Kerberos **encryption type** (also known as an **enctype**) is a -specific combination of a cipher algorithm with an integrity algorithm -to provide both confidentiality and integrity to data. - - -Enctypes in requests --------------------- - -Clients make two types of requests (KDC-REQ) to the KDC: AS-REQs and -TGS-REQs. The client uses the AS-REQ to obtain initial tickets -(typically a Ticket-Granting Ticket (TGT)), and uses the TGS-REQ to -obtain service tickets. - -The KDC uses three different keys when issuing a ticket to a client: - -* The long-term key of the service: the KDC uses this to encrypt the - actual service ticket. The KDC only uses the first long-term key in - the most recent kvno for this purpose. - -* The session key: the KDC randomly chooses this key and places one - copy inside the ticket and the other copy inside the encrypted part - of the reply. - -* The reply-encrypting key: the KDC uses this to encrypt the reply it - sends to the client. For AS replies, this is a long-term key of the - client principal. For TGS replies, this is either the session key of the - authenticating ticket, or a subsession key. - -Each of these keys is of a specific enctype. - -Each request type allows the client to submit a list of enctypes that -it is willing to accept. For the AS-REQ, this list affects both the -session key selection and the reply-encrypting key selection. For the -TGS-REQ, this list only affects the session key selection. - - -.. _session_key_selection: - -Session key selection ---------------------- - -The KDC chooses the session key enctype by taking the intersection of -its **permitted_enctypes** list, the list of long-term keys for the -most recent kvno of the service, and the client's requested list of -enctypes. Starting in krb5-1.21, all services are assumed to support -aes256-cts-hmac-sha1-96; also, des3-cbc-sha1 and arcfour-hmac session -keys will not be issued by default. - -Starting in krb5-1.11, it is possible to set a string attribute on a -service principal to control what session key enctypes the KDC may -issue for service tickets for that principal, overriding the service's -long-term keys and the assumption of aes256-cts-hmac-sha1-96 support. -See :ref:`set_string` in :ref:`kadmin(1)` for details. - - -Choosing enctypes for a service -------------------------------- - -Generally, a service should have a key of the strongest -enctype that both it and the KDC support. If the KDC is running a -release earlier than krb5-1.11, it is also useful to generate an -additional key for each enctype that the service can support. The KDC -will only use the first key in the list of long-term keys for encrypting -the service ticket, but the additional long-term keys indicate the -other enctypes that the service supports. - -As noted above, starting with release krb5-1.11, there are additional -configuration settings that control session key enctype selection -independently of the set of long-term keys that the KDC has stored for -a service principal. - - -Configuration variables ------------------------ - -The following ``[libdefaults]`` settings in :ref:`krb5.conf(5)` will -affect how enctypes are chosen. - -**allow_weak_crypto** - defaults to *false* starting with krb5-1.8. When *false*, removes - weak enctypes from **permitted_enctypes**, - **default_tkt_enctypes**, and **default_tgs_enctypes**. Do not - set this to *true* unless the use of weak enctypes is an - acceptable risk for your environment and the weak enctypes are - required for backward compatibility. - -**allow_des3** - was added in release 1.21 and defaults to *false*. Unless this - flag is set to *true*, the KDC will not issue tickets with - des3-cbc-sha1 session keys. In a future release, this flag will - control whether des3-cbc-sha1 is permitted in similar fashion to - weak enctypes. - -**allow_rc4** - was added in release 1.21 and defaults to *false*. Unless this - flag is set to *true*, the KDC will not issue tickets with - arcfour-hmac session keys. In a future release, this flag will - control whether arcfour-hmac is permitted in similar fashion to - weak enctypes. - -**permitted_enctypes** - controls the set of enctypes that a service will permit for - session keys and for ticket and authenticator encryption. The KDC - and other programs that access the Kerberos database will ignore - keys of non-permitted enctypes. Starting in release 1.18, this - setting also acts as the default for **default_tkt_enctypes** and - **default_tgs_enctypes**. - -**default_tkt_enctypes** - controls the default set of enctypes that the Kerberos client - library requests when making an AS-REQ. Do not set this unless - required for specific backward compatibility purposes; stale - values of this setting can prevent clients from taking advantage - of new stronger enctypes when the libraries are upgraded. - -**default_tgs_enctypes** - controls the default set of enctypes that the Kerberos client - library requests when making a TGS-REQ. Do not set this unless - required for specific backward compatibility purposes; stale - values of this setting can prevent clients from taking advantage - of new stronger enctypes when the libraries are upgraded. - -The following per-realm setting in :ref:`kdc.conf(5)` affects the -generation of long-term keys. - -**supported_enctypes** - controls the default set of enctype-salttype pairs that :ref:`kadmind(8)` - will use for generating long-term keys, either randomly or from - passwords - - -Enctype compatibility ---------------------- - -See :ref:`Encryption_types` for additional information about enctypes. - -========================== ========== ======== ======= -enctype weak? krb5 Windows -========================== ========== ======== ======= -des-cbc-crc weak <1.18 >=2000 -des-cbc-md4 weak <1.18 ? -des-cbc-md5 weak <1.18 >=2000 -des3-cbc-sha1 deprecated >=1.1 none -arcfour-hmac deprecated >=1.3 >=2000 -arcfour-hmac-exp weak >=1.3 >=2000 -aes128-cts-hmac-sha1-96 >=1.3 >=Vista -aes256-cts-hmac-sha1-96 >=1.3 >=Vista -aes128-cts-hmac-sha256-128 >=1.15 none -aes256-cts-hmac-sha384-192 >=1.15 none -camellia128-cts-cmac >=1.9 none -camellia256-cts-cmac >=1.9 none -========================== ========== ======== ======= - -krb5 releases 1.18 and later do not support single-DES. krb5 releases -1.8 and later disable the single-DES enctypes by default. Microsoft -Windows releases Windows 7 and later disable single-DES enctypes by -default. - -krb5 releases 1.17 and later flag deprecated encryption types -(including ``des3-cbc-sha1`` and ``arcfour-hmac``) in KDC logs and -kadmin output. krb5 release 1.19 issues a warning during initial -authentication if ``des3-cbc-sha1`` is used. Future releases will -disable ``des3-cbc-sha1`` by default and eventually remove support for -it. - - -Migrating away from older encryption types ------------------------------------------- - -Administrator intervention may be required to migrate a realm away -from legacy encryption types, especially if the realm was created -using krb5 release 1.2 or earlier. This migration should be performed -before upgrading to krb5 versions which disable or remove support for -legacy encryption types. - -If there is a **supported_enctypes** setting in :ref:`kdc.conf(5)` on -the KDC, make sure that it does not include weak or deprecated -encryption types. This will ensure that newly created keys do not use -those encryption types by default. - -Check the ``krbtgt/REALM`` principal using the :ref:`kadmin(1)` -**getprinc** command. If it lists a weak or deprecated encryption -type as the first key, it must be migrated using the procedure in -:ref:`changing_krbtgt_key`. - -Check the ``kadmin/history`` principal, which should have only one key -entry. If it uses a weak or deprecated encryption type, it should be -upgraded following the notes in :ref:`updating_history_key`. - -Check the other kadmin principals: kadmin/changepw, kadmin/admin, and -any kadmin/hostname principals that may exist. These principals can -be upgraded with **change_password -randkey** in kadmin. - -Check the ``K/M`` entry. If it uses a weak or deprecated encryption -type, it should be upgraded following the procedure in -:ref:`updating_master_key`. - -User and service principals using legacy encryption types can be -enumerated with the :ref:`kdb5_util(8)` **tabdump keyinfo** command. - -Service principals can be migrated with a keytab rotation on the -service host, which can be accomplished using the :ref:`k5srvutil(1)` -**change** and **delold** commands. Allow enough time for existing -tickets to expire between the change and delold operations. - -User principals with password-based keys can be migrated with a -password change. The realm administrator can set a password -expiration date using the :ref:`kadmin(1)` **modify_principal --pwexpire** command to force a password change. - -If a legacy encryption type has not yet been disabled by default in -the version of krb5 running on the KDC, it can be disabled -administratively with the **permitted_enctypes** variable. For -example, setting **permitted_enctypes** to ``DEFAULT -des3 -rc4`` will -cause any database keys of the triple-DES and RC4 encryption types to -be ignored. diff --git a/krb5-1.21.3/doc/html/_sources/admin/env_variables.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/env_variables.rst.txt deleted file mode 100644 index a2d15bea..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/env_variables.rst.txt +++ /dev/null @@ -1,4 +0,0 @@ -Environment variables -===================== - -This content has moved to :ref:`kerberos(7)`. diff --git a/krb5-1.21.3/doc/html/_sources/admin/host_config.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/host_config.rst.txt deleted file mode 100644 index 4e1db025..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/host_config.rst.txt +++ /dev/null @@ -1,235 +0,0 @@ -Host configuration -================== - -All hosts running Kerberos software, whether they are clients, -application servers, or KDCs, can be configured using -:ref:`krb5.conf(5)`. Here we describe some of the behavior changes -you might want to make. - - -Default realm -------------- - -In the :ref:`libdefaults` section, the **default_realm** realm -relation sets the default Kerberos realm. For example:: - - [libdefaults] - default_realm = ATHENA.MIT.EDU - -The default realm affects Kerberos behavior in the following ways: - -* When a principal name is parsed from text, the default realm is used - if no ``@REALM`` component is specified. - -* The default realm affects login authorization as described below. - -* For programs which operate on a Kerberos database, the default realm - is used to determine which database to operate on, unless the **-r** - parameter is given to specify a realm. - -* A server program may use the default realm when looking up its key - in a :ref:`keytab file `, if its realm is not - determined by :ref:`domain_realm` configuration or by the server - program itself. - -* If :ref:`kinit(1)` is passed the **-n** flag, it requests anonymous - tickets from the default realm. - -In some situations, these uses of the default realm might conflict. -For example, it might be desirable for principal name parsing to use -one realm by default, but for login authorization to use a second -realm. In this situation, the first realm can be configured as the -default realm, and **auth_to_local** relations can be used as -described below to use the second realm for login authorization. - - -.. _login_authorization: - -Login authorization -------------------- - -If a host runs a Kerberos-enabled login service such as OpenSSH with -GSSAPIAuthentication enabled, login authorization rules determine -whether a Kerberos principal is allowed to access a local account. - -By default, a Kerberos principal is allowed access to an account if -its realm matches the default realm and its name matches the account -name. (For historical reasons, access is also granted by default if -the name has two components and the second component matches the -default realm; for instance, ``alice/ATHENA.MIT.EDU@ATHENA.MIT.EDU`` -is granted access to the ``alice`` account if ``ATHENA.MIT.EDU`` is -the default realm.) - -The simplest way to control local access is using :ref:`.k5login(5)` -files. To use these, place a ``.k5login`` file in the home directory -of each account listing the principal names which should have login -access to that account. If it is not desirable to use ``.k5login`` -files located in account home directories, the **k5login_directory** -relation in the :ref:`libdefaults` section can specify a directory -containing one file per account uname. - -By default, if a ``.k5login`` file is present, it controls -authorization both positively and negatively--any principal name -contained in the file is granted access and any other principal name -is denied access, even if it would have had access if the ``.k5login`` -file didn't exist. The **k5login_authoritative** relation in the -:ref:`libdefaults` section can be set to false to make ``.k5login`` -files provide positive authorization only. - -The **auth_to_local** relation in the :ref:`realms` section for the -default realm can specify pattern-matching rules to control login -authorization. For example, the following configuration allows access -to principals from a different realm than the default realm:: - - [realms] - DEFAULT.REALM = { - # Allow access to principals from OTHER.REALM. - # - # [1:$1@$0] matches single-component principal names and creates - # a selection string containing the principal name and realm. - # - # (.*@OTHER\.REALM) matches against the selection string, so that - # only principals in OTHER.REALM are matched. - # - # s/@OTHER\.REALM$// removes the realm name, leaving behind the - # principal name as the account name. - auth_to_local = RULE:[1:$1@$0](.*@OTHER\.REALM)s/@OTHER\.REALM$// - - # Also allow principals from the default realm. Omit this line - # to only allow access to principals in OTHER.REALM. - auth_to_local = DEFAULT - } - -The **auth_to_local_names** subsection of the :ref:`realms` section -for the default realm can specify explicit mappings from principal -names to local accounts. The key used in this subsection is the -principal name without realm, so it is only safe to use in a Kerberos -environment with a single realm or a tightly controlled set of realms. -An example use of **auth_to_local_names** might be:: - - [realms] - ATHENA.MIT.EDU = { - auth_to_local_names = { - # Careful, these match principals in any realm! - host/example.com = hostaccount - fred = localfred - } - } - -Local authorization behavior can also be modified using plugin -modules; see :ref:`hostrealm_plugin` for details. - - -.. _plugin_config: - -Plugin module configuration ---------------------------- - -Many aspects of Kerberos behavior, such as client preauthentication -and KDC service location, can be modified through the use of plugin -modules. For most of these behaviors, you can use the :ref:`plugins` -section of krb5.conf to register third-party modules, and to switch -off registered or built-in modules. - -A plugin module takes the form of a Unix shared object -(``modname.so``) or Windows DLL (``modname.dll``). If you have -installed a third-party plugin module and want to register it, you do -so using the **module** relation in the appropriate subsection of the -[plugins] section. The value for **module** must give the module name -and the path to the module, separated by a colon. The module name -will often be the same as the shared object's name, but in unusual -cases (such as a shared object which implements multiple modules for -the same interface) it might not be. For example, to register a -client preauthentication module named ``mypreauth`` installed at -``/path/to/mypreauth.so``, you could write:: - - [plugins] - clpreauth = { - module = mypreauth:/path/to/mypreauth.so - } - -Many of the pluggable behaviors in MIT krb5 contain built-in modules -which can be switched off. You can disable a built-in module (or one -you have registered) using the **disable** directive in the -appropriate subsection of the [plugins] section. For example, to -disable the use of .k5identity files to select credential caches, you -could write:: - - [plugins] - ccselect = { - disable = k5identity - } - -If you want to disable multiple modules, specify the **disable** -directive multiple times, giving one module to disable each time. - -Alternatively, you can explicitly specify which modules you want to be -enabled for that behavior using the **enable_only** directive. For -example, to make :ref:`kadmind(8)` check password quality using only a -module you have registered, and no other mechanism, you could write:: - - [plugins] - pwqual = { - module = mymodule:/path/to/mymodule.so - enable_only = mymodule - } - -Again, if you want to specify multiple modules, specify the -**enable_only** directive multiple times, giving one module to enable -each time. - -Some Kerberos interfaces use different mechanisms to register plugin -modules. - - -KDC location modules -~~~~~~~~~~~~~~~~~~~~ - -For historical reasons, modules to control how KDC servers are located -are registered simply by placing the shared object or DLL into the -"libkrb5" subdirectory of the krb5 plugin directory, which defaults to -|libdir|\ ``/krb5/plugins``. For example, Samba's winbind krb5 -locator plugin would be registered by placing its shared object in -|libdir|\ ``/krb5/plugins/libkrb5/winbind_krb5_locator.so``. - - -.. _gssapi_plugin_config: - -GSSAPI mechanism modules -~~~~~~~~~~~~~~~~~~~~~~~~ - -GSSAPI mechanism modules are registered using the file -|sysconfdir|\ ``/gss/mech`` or configuration files in the -|sysconfdir|\ ``/gss/mech.d`` directory with a ``.conf`` -suffix. Each line in these files has the form:: - - name oid pathname [options] - -Only the name, oid, and pathname are required. *name* is the -mechanism name, which may be used for debugging or logging purposes. -*oid* is the object identifier of the GSSAPI mechanism to be -registered. *pathname* is a path to the module shared object or DLL. -*options* (if present) are options provided to the plugin module, -surrounded in square brackets. *type* (if present) can be used to -indicate a special type of module. Currently the only special module -type is "interposer", for a module designed to intercept calls to -other mechanisms. - -If the environment variable **GSS_MECH_CONFIG** is set, its value is -used as the sole mechanism configuration filename. - - -.. _profile_plugin_config: - -Configuration profile modules -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -A configuration profile module replaces the information source for -:ref:`krb5.conf(5)` itself. To use a profile module, begin krb5.conf -with the line:: - - module PATHNAME:STRING - -where *PATHNAME* is a path to the module shared object or DLL, and -*STRING* is a string to provide to the module. The module will then -take over, and the rest of krb5.conf will be ignored. diff --git a/krb5-1.21.3/doc/html/_sources/admin/https.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/https.rst.txt deleted file mode 100644 index b4e68b2b..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/https.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -.. _https: - -HTTPS proxy configuration -========================= - -In addition to being able to use UDP or TCP to communicate directly -with a KDC as is outlined in RFC4120, and with kpasswd services in a -similar fashion, the client libraries can attempt to use an HTTPS -proxy server to communicate with a KDC or kpasswd service, using the -protocol outlined in [MS-KKDCP]. - -Communicating with a KDC through an HTTPS proxy allows clients to -contact servers when network firewalls might otherwise prevent them -from doing so. The use of TLS also encrypts all traffic between the -clients and the KDC, preventing observers from conducting password -dictionary attacks or from observing the client and server principals -being authenticated, at additional computational cost to both clients -and servers. - -An HTTPS proxy server is provided as a feature in some versions of -Microsoft Windows Server, and a WSGI implementation named `kdcproxy` -is available in the python package index. - - -Configuring the clients ------------------------ - -To use an HTTPS proxy, a client host must trust the CA which issued -that proxy's SSL certificate. If that CA's certificate is not in the -system-wide default set of trusted certificates, configure the -following relation in the client host's :ref:`krb5.conf(5)` file in -the appropriate :ref:`realms` subsection:: - - http_anchors = FILE:/etc/krb5/cacert.pem - -Adjust the pathname to match the path of the file which contains a -copy of the CA's certificate. The `http_anchors` option is documented -more fully in :ref:`krb5.conf(5)`. - -Configure the client to access the KDC and kpasswd service by -specifying their locations in its :ref:`krb5.conf(5)` file in the form -of HTTPS URLs for the proxy server:: - - kdc = https://server.fqdn/KdcProxy - kpasswd_server = https://server.fqdn/KdcProxy - -If the proxy and client are properly configured, client commands such -as ``kinit``, ``kvno``, and ``kpasswd`` should all function normally. diff --git a/krb5-1.21.3/doc/html/_sources/admin/index.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/index.rst.txt deleted file mode 100644 index d87b003a..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/index.rst.txt +++ /dev/null @@ -1,34 +0,0 @@ -For administrators -================== - -.. toctree:: - :maxdepth: 1 - - install.rst - conf_files/index.rst - realm_config.rst - database.rst - dbtypes.rst - lockout.rst - conf_ldap.rst - appl_servers.rst - host_config.rst - backup_host.rst - pkinit.rst - otp.rst - spake.rst - dictionary.rst - princ_dns.rst - enctypes.rst - https.rst - auth_indicator.rst - -.. toctree:: - :maxdepth: 1 - - admin_commands/index.rst - ../mitK5defaults.rst - env_variables.rst - troubleshoot.rst - advanced/index.rst - various_envs.rst diff --git a/krb5-1.21.3/doc/html/_sources/admin/install.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/install.rst.txt deleted file mode 100644 index 01434a40..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/install.rst.txt +++ /dev/null @@ -1,21 +0,0 @@ -Installation guide -================== - -Contents --------- - -.. toctree:: - :maxdepth: 2 - - install_kdc.rst - install_clients.rst - install_appl_srv.rst - - -Additional references ---------------------- - -#. Debian: `Setting up MIT Kerberos 5 - `_ -#. Solaris: `Configuring the Kerberos Service - `_ diff --git a/krb5-1.21.3/doc/html/_sources/admin/install_appl_srv.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/install_appl_srv.rst.txt deleted file mode 100644 index 2e198138..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/install_appl_srv.rst.txt +++ /dev/null @@ -1,78 +0,0 @@ -UNIX Application Servers -======================== - -An application server is a host that provides one or more services -over the network. Application servers can be "secure" or "insecure." -A "secure" host is set up to require authentication from every client -connecting to it. An "insecure" host will still provide Kerberos -authentication, but will also allow unauthenticated clients to -connect. - -If you have Kerberos V5 installed on all of your client machines, MIT -recommends that you make your hosts secure, to take advantage of the -security that Kerberos authentication affords. However, if you have -some clients that do not have Kerberos V5 installed, you can run an -insecure server, and still take advantage of Kerberos V5's single -sign-on capability. - - -.. _keytab_file: - -The keytab file ---------------- - -All Kerberos server machines need a keytab file to authenticate to the -KDC. By default on UNIX-like systems this file is named |keytab|. -The keytab file is an local copy of the host's key. The keytab file -is a potential point of entry for a break-in, and if compromised, -would allow unrestricted access to its host. The keytab file should -be readable only by root, and should exist only on the machine's local -disk. The file should not be part of any backup of the machine, -unless access to the backup data is secured as tightly as access to -the machine's root password. - -In order to generate a keytab for a host, the host must have a -principal in the Kerberos database. The procedure for adding hosts to -the database is described fully in :ref:`principals`. (See -:ref:`replica_host_key` for a brief description.) The keytab is -generated by running :ref:`kadmin(1)` and issuing the :ref:`ktadd` -command. - -For example, to generate a keytab file to allow the host -``trillium.mit.edu`` to authenticate for the services host, ftp, and -pop, the administrator ``joeadmin`` would issue the command (on -``trillium.mit.edu``):: - - trillium% kadmin - Authenticating as principal root/admin@ATHENA.MIT.EDU with password. - Password for root/admin@ATHENA.MIT.EDU: - kadmin: ktadd host/trillium.mit.edu ftp/trillium.mit.edu pop/trillium.mit.edu - Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab. - kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab. - kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab. - kadmin: quit - trillium% - -If you generate the keytab file on another host, you need to get a -copy of the keytab file onto the destination host (``trillium``, in -the above example) without sending it unencrypted over the network. - - -Some advice about secure hosts ------------------------------- - -Kerberos V5 can protect your host from certain types of break-ins, but -it is possible to install Kerberos V5 and still leave your host -vulnerable to attack. Obviously an installation guide is not the -place to try to include an exhaustive list of countermeasures for -every possible attack, but it is worth noting some of the larger holes -and how to close them. - -We recommend that backups of secure machines exclude the keytab file -(|keytab|). If this is not possible, the backups should at least be -done locally, rather than over a network, and the backup tapes should -be physically secured. - -The keytab file and any programs run by root, including the Kerberos -V5 binaries, should be kept on local disk. The keytab file should be -readable only by root. diff --git a/krb5-1.21.3/doc/html/_sources/admin/install_clients.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/install_clients.rst.txt deleted file mode 100644 index f2c87d07..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/install_clients.rst.txt +++ /dev/null @@ -1,58 +0,0 @@ -Installing and configuring UNIX client machines -=============================================== - -The Kerberized client programs include :ref:`kinit(1)`, -:ref:`klist(1)`, :ref:`kdestroy(1)`, and :ref:`kpasswd(1)`. All of -these programs are in the directory |bindir|. - -You can often integrate Kerberos with the login system on client -machines, typically through the use of PAM. The details vary by -operating system, and should be covered in your operating system's -documentation. If you do this, you will need to make sure your users -know to use their Kerberos passwords when they log in. - -You will also need to educate your users to use the ticket management -programs kinit, klist, and kdestroy. If you do not have Kerberos -password changing integrated into the native password program (again, -typically through PAM), you will need to educate users to use kpasswd -in place of its non-Kerberos counterparts passwd. - - -Client machine configuration files ----------------------------------- - -Each machine running Kerberos should have a :ref:`krb5.conf(5)` file. -At a minimum, it should define a **default_realm** setting in -:ref:`libdefaults`. If you are not using DNS SRV records -(:ref:`kdc_hostnames`) or URI records (:ref:`kdc_discovery`), it must -also contain a :ref:`realms` section containing information for your -realm's KDCs. - -Consider setting **rdns** to false in order to reduce your dependence -on precisely correct DNS information for service hostnames. Turning -this flag off means that service hostnames will be canonicalized -through forward name resolution (which adds your domain name to -unqualified hostnames, and resolves CNAME records in DNS), but not -through reverse address lookup. The default value of this flag is -true for historical reasons only. - -If you anticipate users frequently logging into remote hosts -(e.g., using ssh) using forwardable credentials, consider setting -**forwardable** to true so that users obtain forwardable tickets by -default. Otherwise users will need to use ``kinit -f`` to get -forwardable tickets. - -Consider adjusting the **ticket_lifetime** setting to match the likely -length of sessions for your users. For instance, if most of your -users will be logging in for an eight-hour workday, you could set the -default to ten hours so that tickets obtained in the morning expire -shortly after the end of the workday. Users can still manually -request longer tickets when necessary, up to the maximum allowed by -each user's principal record on the KDC. - -If a client host may access services in different realms, it may be -useful to define a :ref:`domain_realm` mapping so that clients know -which hosts belong to which realms. However, if your clients and KDC -are running release 1.7 or later, it is also reasonable to leave this -section out on client machines and just define it in the KDC's -krb5.conf. diff --git a/krb5-1.21.3/doc/html/_sources/admin/install_kdc.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/install_kdc.rst.txt deleted file mode 100644 index 8cab6514..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/install_kdc.rst.txt +++ /dev/null @@ -1,536 +0,0 @@ -Installing KDCs -=============== - -When setting up Kerberos in a production environment, it is best to -have multiple replica KDCs alongside with a primary KDC to ensure the -continued availability of the Kerberized services. Each KDC contains -a copy of the Kerberos database. The primary KDC contains the -writable copy of the realm database, which it replicates to the -replica KDCs at regular intervals. All database changes (such as -password changes) are made on the primary KDC. Replica KDCs provide -Kerberos ticket-granting services, but not database administration, -when the primary KDC is unavailable. MIT recommends that you install -all of your KDCs to be able to function as either the primary or one -of the replicas. This will enable you to easily switch your primary -KDC with one of the replicas if necessary (see -:ref:`switch_primary_replica`). This installation procedure is based -on that recommendation. - -.. warning:: - - - The Kerberos system relies on the availability of correct time - information. Ensure that the primary and all replica KDCs have - properly synchronized clocks. - - - It is best to install and run KDCs on secured and dedicated - hardware with limited access. If your KDC is also a file - server, FTP server, Web server, or even just a client machine, - someone who obtained root access through a security hole in any - of those areas could potentially gain access to the Kerberos - database. - - -Install and configure the primary KDC -------------------------------------- - -Install Kerberos either from the OS-provided packages or from the -source (See :ref:`do_build`). - -.. note:: - - For the purpose of this document we will use the following - names:: - - kerberos.mit.edu - primary KDC - kerberos-1.mit.edu - replica KDC - ATHENA.MIT.EDU - realm name - .k5.ATHENA.MIT.EDU - stash file - admin/admin - admin principal - - See :ref:`mitK5defaults` for the default names and locations - of the relevant to this topic files. Adjust the names and - paths to your system environment. - - -Edit KDC configuration files ----------------------------- - -Modify the configuration files, :ref:`krb5.conf(5)` and -:ref:`kdc.conf(5)`, to reflect the correct information (such as -domain-realm mappings and Kerberos servers names) for your realm. -(See :ref:`mitK5defaults` for the recommended default locations for -these files). - -Most of the tags in the configuration have default values that will -work well for most sites. There are some tags in the -:ref:`krb5.conf(5)` file whose values must be specified, and this -section will explain those. - -If the locations for these configuration files differs from the -default ones, set **KRB5_CONFIG** and **KRB5_KDC_PROFILE** environment -variables to point to the krb5.conf and kdc.conf respectively. For -example:: - - export KRB5_CONFIG=/yourdir/krb5.conf - export KRB5_KDC_PROFILE=/yourdir/kdc.conf - - -krb5.conf -~~~~~~~~~ - -If you are not using DNS TXT records (see :ref:`mapping_hostnames`), -you must specify the **default_realm** in the :ref:`libdefaults` -section. If you are not using DNS URI or SRV records (see -:ref:`kdc_hostnames` and :ref:`kdc_discovery`), you must include the -**kdc** tag for each *realm* in the :ref:`realms` section. To -communicate with the kadmin server in each realm, the **admin_server** -tag must be set in the -:ref:`realms` section. - -An example krb5.conf file:: - - [libdefaults] - default_realm = ATHENA.MIT.EDU - - [realms] - ATHENA.MIT.EDU = { - kdc = kerberos.mit.edu - kdc = kerberos-1.mit.edu - admin_server = kerberos.mit.edu - } - - -kdc.conf -~~~~~~~~ - -The kdc.conf file can be used to control the listening ports of the -KDC and kadmind, as well as realm-specific defaults, the database type -and location, and logging. - -An example kdc.conf file:: - - [kdcdefaults] - kdc_listen = 88 - kdc_tcp_listen = 88 - - [realms] - ATHENA.MIT.EDU = { - kadmind_port = 749 - max_life = 12h 0m 0s - max_renewable_life = 7d 0h 0m 0s - master_key_type = aes256-cts - supported_enctypes = aes256-cts:normal aes128-cts:normal - # If the default location does not suit your setup, - # explicitly configure the following values: - # database_name = /var/krb5kdc/principal - # key_stash_file = /var/krb5kdc/.k5.ATHENA.MIT.EDU - # acl_file = /var/krb5kdc/kadm5.acl - } - - [logging] - # By default, the KDC and kadmind will log output using - # syslog. You can instead send log output to files like this: - kdc = FILE:/var/log/krb5kdc.log - admin_server = FILE:/var/log/kadmin.log - default = FILE:/var/log/krb5lib.log - -Replace ``ATHENA.MIT.EDU`` and ``kerberos.mit.edu`` with the name of -your Kerberos realm and server respectively. - -.. note:: - - You have to have write permission on the target directories - (these directories must exist) used by **database_name**, - **key_stash_file**, and **acl_file**. - - -.. _create_db: - -Create the KDC database ------------------------ - -You will use the :ref:`kdb5_util(8)` command on the primary KDC to -create the Kerberos database and the optional :ref:`stash_definition`. - -.. note:: - - If you choose not to install a stash file, the KDC will - prompt you for the master key each time it starts up. This - means that the KDC will not be able to start automatically, - such as after a system reboot. - -:ref:`kdb5_util(8)` will prompt you for the master password for the -Kerberos database. This password can be any string. A good password -is one you can remember, but that no one else can guess. Examples of -bad passwords are words that can be found in a dictionary, any common -or popular name, especially a famous person (or cartoon character), -your username in any form (e.g., forward, backward, repeated twice, -etc.), and any of the sample passwords that appear in this manual. -One example of a password which might be good if it did not appear in -this manual is "MITiys4K5!", which represents the sentence "MIT is -your source for Kerberos 5!" (It's the first letter of each word, -substituting the numeral "4" for the word "for", and includes the -punctuation mark at the end.) - -The following is an example of how to create a Kerberos database and -stash file on the primary KDC, using the :ref:`kdb5_util(8)` command. -Replace ``ATHENA.MIT.EDU`` with the name of your Kerberos realm:: - - shell% kdb5_util create -r ATHENA.MIT.EDU -s - - Initializing database '/usr/local/var/krb5kdc/principal' for realm 'ATHENA.MIT.EDU', - master key name 'K/M@ATHENA.MIT.EDU' - You will be prompted for the database Master Password. - It is important that you NOT FORGET this password. - Enter KDC database master key: <= Type the master password. - Re-enter KDC database master key to verify: <= Type it again. - shell% - -This will create five files in |kdcdir| (or at the locations specified -in :ref:`kdc.conf(5)`): - -* two Kerberos database files, ``principal``, and ``principal.ok`` -* the Kerberos administrative database file, ``principal.kadm5`` -* the administrative database lock file, ``principal.kadm5.lock`` -* the stash file, in this example ``.k5.ATHENA.MIT.EDU``. If you do - not want a stash file, run the above command without the **-s** - option. - -For more information on administrating Kerberos database see -:ref:`db_operations`. - - -.. _admin_acl: - -Add administrators to the ACL file ----------------------------------- - -Next, you need create an Access Control List (ACL) file and put the -Kerberos principal of at least one of the administrators into it. -This file is used by the :ref:`kadmind(8)` daemon to control which -principals may view and make privileged modifications to the Kerberos -database files. The ACL filename is determined by the **acl_file** -variable in :ref:`kdc.conf(5)`; the default is |kdcdir|\ -``/kadm5.acl``. - -For more information on Kerberos ACL file see :ref:`kadm5.acl(5)`. - -.. _addadmin_kdb: - -Add administrators to the Kerberos database -------------------------------------------- - -Next you need to add administrative principals (i.e., principals who -are allowed to administer Kerberos database) to the Kerberos database. -You *must* add at least one principal now to allow communication -between the Kerberos administration daemon kadmind and the kadmin -program over the network for further administration. To do this, use -the kadmin.local utility on the primary KDC. kadmin.local is designed -to be run on the primary KDC host without using Kerberos -authentication to an admin server; instead, it must have read and -write access to the Kerberos database on the local filesystem. - -The administrative principals you create should be the ones you added -to the ACL file (see :ref:`admin_acl`). - -In the following example, the administrative principal ``admin/admin`` -is created:: - - shell% kadmin.local - - kadmin.local: addprinc admin/admin@ATHENA.MIT.EDU - - No policy specified for "admin/admin@ATHENA.MIT.EDU"; - assigning "default". - Enter password for principal admin/admin@ATHENA.MIT.EDU: <= Enter a password. - Re-enter password for principal admin/admin@ATHENA.MIT.EDU: <= Type it again. - Principal "admin/admin@ATHENA.MIT.EDU" created. - kadmin.local: - -.. _start_kdc_daemons: - -Start the Kerberos daemons on the primary KDC ---------------------------------------------- - -At this point, you are ready to start the Kerberos KDC -(:ref:`krb5kdc(8)`) and administrative daemons on the primary KDC. To -do so, type:: - - shell% krb5kdc - shell% kadmind - -Each server daemon will fork and run in the background. - -.. note:: - - Assuming you want these daemons to start up automatically at - boot time, you can add them to the KDC's ``/etc/rc`` or - ``/etc/inittab`` file. You need to have a - :ref:`stash_definition` in order to do this. - -You can verify that they started properly by checking for their -startup messages in the logging locations you defined in -:ref:`krb5.conf(5)` (see :ref:`logging`). For example:: - - shell% tail /var/log/krb5kdc.log - Dec 02 12:35:47 beeblebrox krb5kdc[3187](info): commencing operation - shell% tail /var/log/kadmin.log - Dec 02 12:35:52 beeblebrox kadmind[3189](info): starting - -Any errors the daemons encounter while starting will also be listed in -the logging output. - -As an additional verification, check if :ref:`kinit(1)` succeeds -against the principals that you have created on the previous step -(:ref:`addadmin_kdb`). Run:: - - shell% kinit admin/admin@ATHENA.MIT.EDU - - -Install the replica KDCs ------------------------- - -You are now ready to start configuring the replica KDCs. - -.. note:: - - Assuming you are setting the KDCs up so that you can easily - switch the primary KDC with one of the replicas, you should - perform each of these steps on the primary KDC as well as - the replica KDCs, unless these instructions specify - otherwise. - - -.. _replica_host_key: - -Create host keytabs for replica KDCs -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Each KDC needs a ``host`` key in the Kerberos database. These keys -are used for mutual authentication when propagating the database dump -file from the primary KDC to the secondary KDC servers. - -On the primary KDC, connect to administrative interface and create the -host principal for each of the KDCs' ``host`` services. For example, -if the primary KDC were called ``kerberos.mit.edu``, and you had a -replica KDC named ``kerberos-1.mit.edu``, you would type the -following:: - - shell% kadmin - kadmin: addprinc -randkey host/kerberos.mit.edu - No policy specified for "host/kerberos.mit.edu@ATHENA.MIT.EDU"; assigning "default" - Principal "host/kerberos.mit.edu@ATHENA.MIT.EDU" created. - - kadmin: addprinc -randkey host/kerberos-1.mit.edu - No policy specified for "host/kerberos-1.mit.edu@ATHENA.MIT.EDU"; assigning "default" - Principal "host/kerberos-1.mit.edu@ATHENA.MIT.EDU" created. - -It is not strictly necessary to have the primary KDC server in the -Kerberos database, but it can be handy if you want to be able to swap -the primary KDC with one of the replicas. - -Next, extract ``host`` random keys for all participating KDCs and -store them in each host's default keytab file. Ideally, you should -extract each keytab locally on its own KDC. If this is not feasible, -you should use an encrypted session to send them across the network. -To extract a keytab directly on a replica KDC called -``kerberos-1.mit.edu``, you would execute the following command:: - - kadmin: ktadd host/kerberos-1.mit.edu - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab. - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type arcfour-hmac added to keytab FILE:/etc/krb5.keytab. - -If you are instead extracting a keytab for the replica KDC called -``kerberos-1.mit.edu`` on the primary KDC, you should use a dedicated -temporary keytab file for that machine's keytab:: - - kadmin: ktadd -k /tmp/kerberos-1.keytab host/kerberos-1.mit.edu - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. - Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption - type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab. - -The file ``/tmp/kerberos-1.keytab`` can then be installed as -``/etc/krb5.keytab`` on the host ``kerberos-1.mit.edu``. - - -Configure replica KDCs -~~~~~~~~~~~~~~~~~~~~~~ - -Database propagation copies the contents of the primary's database, -but does not propagate configuration files, stash files, or the kadm5 -ACL file. The following files must be copied by hand to each replica -(see :ref:`mitK5defaults` for the default locations for these files): - -* krb5.conf -* kdc.conf -* kadm5.acl -* master key stash file - -Move the copied files into their appropriate directories, exactly as -on the primary KDC. kadm5.acl is only needed to allow a replica to -swap with the primary KDC. - -The database is propagated from the primary KDC to the replica KDCs -via the :ref:`kpropd(8)` daemon. You must explicitly specify the -principals which are allowed to provide Kerberos dump updates on the -replica machine with a new database. Create a file named kpropd.acl -in the KDC state directory containing the ``host`` principals for each -of the KDCs:: - - host/kerberos.mit.edu@ATHENA.MIT.EDU - host/kerberos-1.mit.edu@ATHENA.MIT.EDU - -.. note:: - - If you expect that the primary and replica KDCs will be - switched at some point of time, list the host principals - from all participating KDC servers in kpropd.acl files on - all of the KDCs. Otherwise, you only need to list the - primary KDC's host principal in the kpropd.acl files of the - replica KDCs. - -Then, add the following line to ``/etc/inetd.conf`` on each KDC -(adjust the path to kpropd):: - - krb5_prop stream tcp nowait root /usr/local/sbin/kpropd kpropd - -You also need to add the following line to ``/etc/services`` on each -KDC, if it is not already present (assuming that the default port is -used):: - - krb5_prop 754/tcp # Kerberos replica propagation - -Restart inetd daemon. - -Alternatively, start :ref:`kpropd(8)` as a stand-alone daemon. This is -required when incremental propagation is enabled. - -Now that the replica KDC is able to accept database propagation, -you’ll need to propagate the database from the primary server. - -NOTE: Do not start the replica KDC yet; you still do not have a copy -of the primary's database. - - -.. _kprop_to_replicas: - -Propagate the database to each replica KDC -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -First, create a dump file of the database on the primary KDC, as -follows:: - - shell% kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans - -Then, manually propagate the database to each replica KDC, as in the -following example:: - - shell% kprop -f /usr/local/var/krb5kdc/replica_datatrans kerberos-1.mit.edu - - Database propagation to kerberos-1.mit.edu: SUCCEEDED - -You will need a script to dump and propagate the database. The -following is an example of a Bourne shell script that will do this. - -.. note:: - - Remember that you need to replace ``/usr/local/var/krb5kdc`` - with the name of the KDC state directory. - -:: - - #!/bin/sh - - kdclist = "kerberos-1.mit.edu kerberos-2.mit.edu" - - kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans - - for kdc in $kdclist - do - kprop -f /usr/local/var/krb5kdc/replica_datatrans $kdc - done - -You will need to set up a cron job to run this script at the intervals -you decided on earlier (see :ref:`db_prop`). - -Now that the replica KDC has a copy of the Kerberos database, you can -start the krb5kdc daemon:: - - shell% krb5kdc - -As with the primary KDC, you will probably want to add this command to -the KDCs' ``/etc/rc`` or ``/etc/inittab`` files, so they will start -the krb5kdc daemon automatically at boot time. - - -Propagation failed? -################### - -You may encounter the following error messages. For a more detailed -discussion on possible causes and solutions click on the error link -to be redirected to :ref:`troubleshoot` section. - -.. include:: ./troubleshoot.rst - :start-after: _prop_failed_start: - :end-before: _prop_failed_end: - - -Add Kerberos principals to the database ---------------------------------------- - -Once your KDCs are set up and running, you are ready to use -:ref:`kadmin(1)` to load principals for your users, hosts, and other -services into the Kerberos database. This procedure is described -fully in :ref:`principals`. - -You may occasionally want to use one of your replica KDCs as the -primary. This might happen if you are upgrading the primary KDC, or -if your primary KDC has a disk crash. See the following section for -the instructions. - - -.. _switch_primary_replica: - -Switching primary and replica KDCs ----------------------------------- - -You may occasionally want to use one of your replica KDCs as the -primary. This might happen if you are upgrading the primary KDC, or -if your primary KDC has a disk crash. - -Assuming you have configured all of your KDCs to be able to function -as either the primary KDC or a replica KDC (as this document -recommends), all you need to do to make the changeover is: - -If the primary KDC is still running, do the following on the *old* -primary KDC: - -#. Kill the kadmind process. -#. Disable the cron job that propagates the database. -#. Run your database propagation script manually, to ensure that the - replicas all have the latest copy of the database (see - :ref:`kprop_to_replicas`). - -On the *new* primary KDC: - -#. Start the :ref:`kadmind(8)` daemon (see :ref:`start_kdc_daemons`). -#. Set up the cron job to propagate the database (see - :ref:`kprop_to_replicas`). -#. Switch the CNAMEs of the old and new primary KDCs. If you can't do - this, you'll need to change the :ref:`krb5.conf(5)` file on every - client machine in your Kerberos realm. - - -Incremental database propagation --------------------------------- - -If you expect your Kerberos database to become large, you may wish to -set up incremental propagation to replica KDCs. See -:ref:`incr_db_prop` for details. diff --git a/krb5-1.21.3/doc/html/_sources/admin/lockout.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/lockout.rst.txt deleted file mode 100644 index cce44903..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/lockout.rst.txt +++ /dev/null @@ -1,154 +0,0 @@ -.. _lockout: - -Account lockout -=============== - -As of release 1.8, the KDC can be configured to lock out principals -after a number of failed authentication attempts within a period of -time. Account lockout can make it more difficult to attack a -principal's password by brute force, but also makes it easy for an -attacker to deny access to a principal. - - -Configuring account lockout ---------------------------- - -Account lockout only works for principals with the -**+requires_preauth** flag set. Without this flag, the KDC cannot -know whether or not a client successfully decrypted the ticket it -issued. It is also important to set the **-allow_svr** flag on a -principal to protect its password from an off-line dictionary attack -through a TGS request. You can set these flags on a principal with -:ref:`kadmin(1)` as follows:: - - kadmin: modprinc +requires_preauth -allow_svr PRINCNAME - -Account lockout parameters are configured via :ref:`policy objects -`. There may be an existing policy associated with user -principals (such as the "default" policy), or you may need to create a -new one and associate it with each user principal. - -The policy parameters related to account lockout are: - -* :ref:`maxfailure `: the number of failed attempts - before the principal is locked out -* :ref:`failurecountinterval `: the - allowable interval between failed attempts -* :ref:`lockoutduration `: the amount of time - a principal is locked out for - -Here is an example of setting these parameters on a new policy and -associating it with a principal:: - - kadmin: addpol -maxfailure 10 -failurecountinterval 180 - -lockoutduration 60 lockout_policy - kadmin: modprinc -policy lockout_policy PRINCNAME - - -Testing account lockout ------------------------ - -To test that account lockout is working, try authenticating as the -principal (hopefully not one that might be in use) multiple times with -the wrong password. For instance, if **maxfailure** is set to 2, you -might see:: - - $ kinit user - Password for user@KRBTEST.COM: - kinit: Password incorrect while getting initial credentials - $ kinit user - Password for user@KRBTEST.COM: - kinit: Password incorrect while getting initial credentials - $ kinit user - kinit: Client's credentials have been revoked while getting initial credentials - - -Account lockout principal state -------------------------------- - -A principal entry keeps three pieces of state related to account -lockout: - -* The time of last successful authentication -* The time of last failed authentication -* A counter of failed attempts - -The time of last successful authentication is not actually needed for -the account lockout system to function, but may be of administrative -interest. These fields can be observed with the **getprinc** kadmin -command. For example:: - - kadmin: getprinc user - Principal: user@KRBTEST.COM - ... - Last successful authentication: [never] - Last failed authentication: Mon Dec 03 12:30:33 EST 2012 - Failed password attempts: 2 - ... - -A principal which has been locked out can be administratively unlocked -with the **-unlock** option to the **modprinc** kadmin command:: - - kadmin: modprinc -unlock PRINCNAME - -This command will reset the number of failed attempts to 0. - - -KDC replication and account lockout ------------------------------------ - -The account lockout state of a principal is not replicated by either -traditional :ref:`kprop(8)` or incremental propagation. Because of -this, the number of attempts an attacker can make within a time period -is multiplied by the number of KDCs. For instance, if the -**maxfailure** parameter on a policy is 10 and there are four KDCs in -the environment (a primary and three replicas), an attacker could make -as many as 40 attempts before the principal is locked out on all four -KDCs. - -An administrative unlock is propagated from the primary to the replica -KDCs during the next propagation. Propagation of an administrative -unlock will cause the counter of failed attempts on each replica to -reset to 1 on the next failure. - -If a KDC environment uses a replication strategy other than kprop or -incremental propagation, such as the LDAP KDB module with multi-master -LDAP replication, then account lockout state may be replicated between -KDCs and the concerns of this section may not apply. - - -.. _disable_lockout: - -KDC performance and account lockout ------------------------------------ - -In order to fully track account lockout state, the KDC must write to -the the database on each successful and failed authentication. -Writing to the database is generally more expensive than reading from -it, so these writes may have a significant impact on KDC performance. -As of release 1.9, it is possible to turn off account lockout state -tracking in order to improve performance, by setting the -**disable_last_success** and **disable_lockout** variables in the -database module subsection of :ref:`kdc.conf(5)`. For example:: - - [dbmodules] - DB = { - disable_last_success = true - disable_lockout = true - } - -Of the two variables, setting **disable_last_success** will usually -have the largest positive impact on performance, and will still allow -account lockout policies to operate. However, it will make it -impossible to observe the last successful authentication time with -kadmin. - - -KDC setup and account lockout ------------------------------ - -To update the account lockout state on principals, the KDC must be -able to write to the principal database. For the DB2 module, no -special setup is required. For the LDAP module, the KDC DN must be -granted write access to the principal objects. If the KDC DN has only -read access, account lockout will not function. diff --git a/krb5-1.21.3/doc/html/_sources/admin/otp.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/otp.rst.txt deleted file mode 100644 index 29dc520f..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/otp.rst.txt +++ /dev/null @@ -1,100 +0,0 @@ -.. _otp_preauth: - -OTP Preauthentication -===================== - -OTP is a preauthentication mechanism for Kerberos 5 which uses One -Time Passwords (OTP) to authenticate the client to the KDC. The OTP -is passed to the KDC over an encrypted FAST channel in clear-text. -The KDC uses the password along with per-user configuration to proxy -the request to a third-party RADIUS system. This enables -out-of-the-box compatibility with a large number of already widely -deployed proprietary systems. - -Additionally, our implementation of the OTP system allows for the -passing of RADIUS requests over a UNIX domain stream socket. This -permits the use of a local companion daemon which can handle the -details of authentication. - - -Defining token types --------------------- - -Token types are defined in either :ref:`krb5.conf(5)` or -:ref:`kdc.conf(5)` according to the following format:: - - [otp] - = { - server = (default: see below) - secret = - timeout = (default: 5 [seconds]) - retries = (default: 3) - strip_realm = (default: true) - indicator = (default: none) - } - -If the server field begins with '/', it will be interpreted as a UNIX -socket. Otherwise, it is assumed to be in the format host:port. When -a UNIX domain socket is specified, the secret field is optional and an -empty secret is used by default. If the server field is not -specified, it defaults to |kdcrundir|\ ``/.socket``. - -When forwarding the request over RADIUS, by default the principal is -used in the User-Name attribute of the RADIUS packet. The strip_realm -parameter controls whether the principal is forwarded with or without -the realm portion. - -If an indicator field is present, tickets issued using this token type -will be annotated with the specified authentication indicator (see -:ref:`auth_indicator`). This key may be specified multiple times to -add multiple indicators. - - -The default token type ----------------------- - -A default token type is used internally when no token type is specified for a -given user. It is defined as follows:: - - [otp] - DEFAULT = { - strip_realm = false - } - -The administrator may override the internal ``DEFAULT`` token type -simply by defining a configuration with the same name. - - -Token instance configuration ----------------------------- - -To enable OTP for a client principal, the administrator must define -the **otp** string attribute for that principal. (See -:ref:`set_string`.) The **otp** user string is a JSON string of the -format: - -.. code-block:: xml - - [{ - "type": , - "username": , - "indicators": [, ...] - }, ...] - -This is an array of token objects. Both fields of token objects are -optional. The **type** field names the token type of this token; if -not specified, it defaults to ``DEFAULT``. The **username** field -specifies the value to be sent in the User-Name RADIUS attribute. If -not specified, the principal name is sent, with or without realm as -defined in the token type. The **indicators** field specifies a list -of authentication indicators to annotate tickets with, overriding any -indicators specified in the token type. - -For ease of configuration, an empty array (``[]``) is treated as -equivalent to one DEFAULT token (``[{}]``). - - -Other considerations --------------------- - -#. FAST is required for OTP to work. diff --git a/krb5-1.21.3/doc/html/_sources/admin/pkinit.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/pkinit.rst.txt deleted file mode 100644 index 45817dac..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/pkinit.rst.txt +++ /dev/null @@ -1,354 +0,0 @@ -.. _pkinit: - -PKINIT configuration -==================== - -PKINIT is a preauthentication mechanism for Kerberos 5 which uses -X.509 certificates to authenticate the KDC to clients and vice versa. -PKINIT can also be used to enable anonymity support, allowing clients -to communicate securely with the KDC or with application servers -without authenticating as a particular client principal. - - -Creating certificates ---------------------- - -PKINIT requires an X.509 certificate for the KDC and one for each -client principal which will authenticate using PKINIT. For anonymous -PKINIT, a KDC certificate is required, but client certificates are -not. A commercially issued server certificate can be used for the KDC -certificate, but generally cannot be used for client certificates. - -The instruction in this section describe how to establish a -certificate authority and create standard PKINIT certificates. Skip -this section if you are using a commercially issued server certificate -as the KDC certificate for anonymous PKINIT, or if you are configuring -a client to use an Active Directory KDC. - - -Generating a certificate authority certificate -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -You can establish a new certificate authority (CA) for use with a -PKINIT deployment with the commands:: - - openssl genrsa -out cakey.pem 2048 - openssl req -key cakey.pem -new -x509 -out cacert.pem -days 3650 - -The second command will ask for the values of several certificate -fields. These fields can be set to any values. You can adjust the -expiration time of the CA certificate by changing the number after -``-days``. Since the CA certificate must be deployed to client -machines each time it changes, it should normally have an expiration -time far in the future; however, expiration times after 2037 may cause -interoperability issues in rare circumstances. - -The result of these commands will be two files, cakey.pem and -cacert.pem. cakey.pem will contain a 2048-bit RSA private key, which -must be carefully protected. cacert.pem will contain the CA -certificate, which must be placed in the filesystems of the KDC and -each client host. cakey.pem will be required to create KDC and client -certificates. - - -Generating a KDC certificate -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -A KDC certificate for use with PKINIT is required to have some unusual -fields, which makes generating them with OpenSSL somewhat complicated. -First, you will need a file containing the following:: - - [kdc_cert] - basicConstraints=CA:FALSE - keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement - extendedKeyUsage=1.3.6.1.5.2.3.5 - subjectKeyIdentifier=hash - authorityKeyIdentifier=keyid,issuer - issuerAltName=issuer:copy - subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name - - [kdc_princ_name] - realm=EXP:0,GeneralString:${ENV::REALM} - principal_name=EXP:1,SEQUENCE:kdc_principal_seq - - [kdc_principal_seq] - name_type=EXP:0,INTEGER:2 - name_string=EXP:1,SEQUENCE:kdc_principals - - [kdc_principals] - princ1=GeneralString:krbtgt - princ2=GeneralString:${ENV::REALM} - -If the above contents are placed in extensions.kdc, you can generate -and sign a KDC certificate with the following commands:: - - openssl genrsa -out kdckey.pem 2048 - openssl req -new -out kdc.req -key kdckey.pem - env REALM=YOUR_REALMNAME openssl x509 -req -in kdc.req \ - -CAkey cakey.pem -CA cacert.pem -out kdc.pem -days 365 \ - -extfile extensions.kdc -extensions kdc_cert -CAcreateserial - rm kdc.req - -The second command will ask for the values of certificate fields, -which can be set to any values. In the third command, substitute your -KDC's realm name for YOUR_REALMNAME. You can adjust the certificate's -expiration date by changing the number after ``-days``. Remember to -create a new KDC certificate before the old one expires. - -The result of this operation will be in two files, kdckey.pem and -kdc.pem. Both files must be placed in the KDC's filesystem. -kdckey.pem, which contains the KDC's private key, must be carefully -protected. - -If you examine the KDC certificate with ``openssl x509 -in kdc.pem --text -noout``, OpenSSL will not know how to display the KDC principal -name in the Subject Alternative Name extension, so it will appear as -``othername:``. This is normal and does not mean -anything is wrong with the KDC certificate. - - -Generating client certificates -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -PKINIT client certificates also must have some unusual certificate -fields. To generate a client certificate with OpenSSL for a -single-component principal name, you will need an extensions file -(different from the KDC extensions file above) containing:: - - [client_cert] - basicConstraints=CA:FALSE - keyUsage=digitalSignature,keyEncipherment,keyAgreement - extendedKeyUsage=1.3.6.1.5.2.3.4 - subjectKeyIdentifier=hash - authorityKeyIdentifier=keyid,issuer - issuerAltName=issuer:copy - subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name - - [princ_name] - realm=EXP:0,GeneralString:${ENV::REALM} - principal_name=EXP:1,SEQUENCE:principal_seq - - [principal_seq] - name_type=EXP:0,INTEGER:1 - name_string=EXP:1,SEQUENCE:principals - - [principals] - princ1=GeneralString:${ENV::CLIENT} - -If the above contents are placed in extensions.client, you can -generate and sign a client certificate with the following commands:: - - openssl genrsa -out clientkey.pem 2048 - openssl req -new -key clientkey.pem -out client.req - env REALM=YOUR_REALMNAME CLIENT=YOUR_PRINCNAME openssl x509 \ - -CAkey cakey.pem -CA cacert.pem -req -in client.req \ - -extensions client_cert -extfile extensions.client \ - -days 365 -out client.pem - rm client.req - -Normally, the first two commands should be run on the client host, and -the resulting client.req file transferred to the certificate authority -host for the third command. As in the previous steps, the second -command will ask for the values of certificate fields, which can be -set to any values. In the third command, substitute your realm's name -for YOUR_REALMNAME and the client's principal name (without realm) for -YOUR_PRINCNAME. You can adjust the certificate's expiration date by -changing the number after ``-days``. - -The result of this operation will be two files, clientkey.pem and -client.pem. Both files must be present on the client's host; -clientkey.pem, which contains the client's private key, must be -protected from access by others. - -As in the KDC certificate, OpenSSL will display the client principal -name as ``othername:`` in the Subject Alternative Name -extension of a PKINIT client certificate. - -If the client principal name contains more than one component -(e.g. ``host/example.com@REALM``), the ``[principals]`` section of -``extensions.client`` must be altered to contain multiple entries. -(Simply setting ``CLIENT`` to ``host/example.com`` would generate a -certificate for ``host\/example.com@REALM`` which would not match the -multi-component principal name.) For a two-component principal, the -section should read:: - - [principals] - princ1=GeneralString:${ENV::CLIENT1} - princ2=GeneralString:${ENV::CLIENT2} - -The environment variables ``CLIENT1`` and ``CLIENT2`` must then be set -to the first and second components when running ``openssl x509``. - - -Configuring the KDC -------------------- - -The KDC must have filesystem access to the KDC certificate (kdc.pem) -and the KDC private key (kdckey.pem). Configure the following -relation in the KDC's :ref:`kdc.conf(5)` file, either in the -:ref:`kdcdefaults` section or in a :ref:`kdc_realms` subsection (with -appropriate pathnames):: - - pkinit_identity = FILE:/var/lib/krb5kdc/kdc.pem,/var/lib/krb5kdc/kdckey.pem - -If any clients will authenticate using regular (as opposed to -anonymous) PKINIT, the KDC must also have filesystem access to the CA -certificate (cacert.pem), and the following configuration (with the -appropriate pathname):: - - pkinit_anchors = FILE:/var/lib/krb5kdc/cacert.pem - -Because of the larger size of requests and responses using PKINIT, you -may also need to allow TCP access to the KDC:: - - kdc_tcp_listen = 88 - -Restart the :ref:`krb5kdc(8)` daemon to pick up the configuration -changes. - -The principal entry for each PKINIT-using client must be configured to -require preauthentication. Ensure this with the command:: - - kadmin -q 'modprinc +requires_preauth YOUR_PRINCNAME' - -Starting with release 1.12, it is possible to remove the long-term -keys of a principal entry, which can save some space in the database -and help to clarify some PKINIT-related error conditions by not asking -for a password:: - - kadmin -q 'purgekeys -all YOUR_PRINCNAME' - -These principal options can also be specified at principal creation -time as follows:: - - kadmin -q 'add_principal +requires_preauth -nokey YOUR_PRINCNAME' - -By default, the KDC requires PKINIT client certificates to have the -standard Extended Key Usage and Subject Alternative Name attributes -for PKINIT. Starting in release 1.16, it is possible to authorize -client certificates based on the subject or other criteria instead of -the standard PKINIT Subject Alternative Name, by setting the -**pkinit_cert_match** string attribute on each client principal entry. -For example:: - - kadmin set_string user@REALM pkinit_cert_match "CN=user@REALM$" - -The **pkinit_cert_match** string attribute follows the syntax used by -the :ref:`krb5.conf(5)` **pkinit_cert_match** relation. To allow the -use of non-PKINIT client certificates, it will also be necessary to -disable key usage checking using the **pkinit_eku_checking** relation; -for example:: - - [kdcdefaults] - pkinit_eku_checking = none - - - -Configuring the clients ------------------------ - -Client hosts must be configured to trust the issuing authority for the -KDC certificate. For a newly established certificate authority, the -client host must have filesystem access to the CA certificate -(cacert.pem) and the following relation in :ref:`krb5.conf(5)` in the -appropriate :ref:`realms` subsection (with appropriate pathnames):: - - pkinit_anchors = FILE:/etc/krb5/cacert.pem - -If the KDC certificate is a commercially issued server certificate, -the issuing certificate is most likely included in a system directory. -You can specify it by filename as above, or specify the whole -directory like so:: - - pkinit_anchors = DIR:/etc/ssl/certs - -A commercially issued server certificate will usually not have the -standard PKINIT principal name or Extended Key Usage extensions, so -the following additional configuration is required:: - - pkinit_eku_checking = kpServerAuth - pkinit_kdc_hostname = hostname.of.kdc.certificate - -Multiple **pkinit_kdc_hostname** relations can be configured to -recognize multiple KDC certificates. If the KDC is an Active -Directory domain controller, setting **pkinit_kdc_hostname** is -necessary, but it should not be necessary to set -**pkinit_eku_checking**. - -To perform regular (as opposed to anonymous) PKINIT authentication, a -client host must have filesystem access to a client certificate -(client.pem), and the corresponding private key (clientkey.pem). -Configure the following relations in the client host's -:ref:`krb5.conf(5)` file in the appropriate :ref:`realms` subsection -(with appropriate pathnames):: - - pkinit_identities = FILE:/etc/krb5/client.pem,/etc/krb5/clientkey.pem - -If the KDC and client are properly configured, it should now be -possible to run ``kinit username`` without entering a password. - - -.. _anonymous_pkinit: - -Anonymous PKINIT ----------------- - -Anonymity support in Kerberos allows a client to obtain a ticket -without authenticating as any particular principal. Such a ticket can -be used as a FAST armor ticket, or to securely communicate with an -application server anonymously. - -To configure anonymity support, you must generate or otherwise procure -a KDC certificate and configure the KDC host, but you do not need to -generate any client certificates. On the KDC, you must set the -**pkinit_identity** variable to provide the KDC certificate, but do -not need to set the **pkinit_anchors** variable or store the issuing -certificate if you won't have any client certificates to verify. On -client hosts, you must set the **pkinit_anchors** variable (and -possibly **pkinit_kdc_hostname** and **pkinit_eku_checking**) in order -to trust the issuing authority for the KDC certificate, but do not -need to set the **pkinit_identities** variable. - -Anonymity support is not enabled by default. To enable it, you must -create the principal ``WELLKNOWN/ANONYMOUS`` using the command:: - - kadmin -q 'addprinc -randkey WELLKNOWN/ANONYMOUS' - -Some Kerberos deployments include application servers which lack -proper access control, and grant some level of access to any user who -can authenticate. In such an environment, enabling anonymity support -on the KDC would present a security issue. If you need to enable -anonymity support for TGTs (for use as FAST armor tickets) without -enabling anonymous authentication to application servers, you can set -the variable **restrict_anonymous_to_tgt** to ``true`` in the -appropriate :ref:`kdc_realms` subsection of the KDC's -:ref:`kdc.conf(5)` file. - -To obtain anonymous credentials on a client, run ``kinit -n``, or -``kinit -n @REALMNAME`` to specify a realm. The resulting tickets -will have the client name ``WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS``. - - -Freshness tokens ----------------- - -Freshness tokens can ensure that the client has recently had access to -its certificate private key. If freshness tokens are not required by -the KDC, a client program with temporary possession of the private key -can compose requests for future timestamps and use them later. - -In release 1.17 and later, freshness tokens are supported by the -client and are sent by the KDC when the client indicates support for -them. Because not all clients support freshness tokens yet, they are -not required by default. To check if freshness tokens are supported -by a realm's clients, look in the KDC logs for the lines:: - - PKINIT: freshness token received from - PKINIT: no freshness token received from - -To require freshness tokens for all clients in a realm (except for -clients authenticating anonymously), set the -**pkinit_require_freshness** variable to ``true`` in the appropriate -:ref:`kdc_realms` subsection of the KDC's :ref:`kdc.conf(5)` file. To -test that this option is in effect, run ``kinit -X disable_freshness`` -and verify that authentication is unsuccessful. diff --git a/krb5-1.21.3/doc/html/_sources/admin/princ_dns.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/princ_dns.rst.txt deleted file mode 100644 index e558cd48..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/princ_dns.rst.txt +++ /dev/null @@ -1,126 +0,0 @@ -Principal names and DNS -======================= - -Kerberos clients can do DNS lookups to canonicalize service principal -names. This can cause difficulties when setting up Kerberos -application servers, especially when the client's name for the service -is different from what the service thinks its name is. - - -Service principal names ------------------------ - -A frequently used kind of principal name is the host-based service -principal name. This kind of principal name has two components: a -service name and a hostname. For example, ``imap/imap.example.com`` -is the principal name of the "imap" service on the host -"imap.example.com". Other possible service names for the first -component include "host" (remote login services such as ssh), "HTTP", -and "nfs" (Network File System). - -Service administrators often publish well-known hostname aliases that -they would prefer users to use instead of the canonical name of the -service host. This gives service administrators more flexibility in -deploying services. For example, a shell login server might be named -"long-vanity-hostname.example.com", but users will naturally prefer to -type something like "login.example.com". Hostname aliases also allow -for administrators to set up load balancing for some sorts of services -based on rotating ``CNAME`` records in DNS. - - -Service principal canonicalization ----------------------------------- - -In the MIT krb5 client library, canonicalization of host-based service -principals is controlled by the **dns_canonicalize_hostname**, -**rnds**, and **qualify_shortname** variables in :ref:`libdefaults`. - -If **dns_canonicalize_hostname** is set to ``true`` (the default -value), the client performs forward resolution by looking up the IPv4 -and/or IPv6 addresses of the hostname using ``getaddrinfo()``. This -process will typically add a domain suffix to the hostname if needed, -and follow CNAME records in the DNS. If **rdns** is also set to -``true`` (the default), the client will then perform a reverse lookup -of the first returned Internet address using ``getnameinfo()``, -finding the name associated with the PTR record. - -If **dns_canonicalize_hostname** is set to ``false``, the hostname is -not canonicalized using DNS. If the hostname has only one component -(i.e. it contains no "." characters), the host's primary DNS search -domain will be appended, if there is one. The **qualify_shortname** -variable can be used to override or disable this suffix. - -If **dns_canonicalize_hostname** is set to ``fallback`` (added in -release 1.18), the hostname is initially treated according to the -rules for ``dns_canonicalize_hostname=false``. If a ticket request -fails because the service principal is unknown, the hostname will be -canonicalized according to the rules for -``dns_canonicalize_hostname=true`` and the request will be retried. - -In all cases, the hostname is converted to lowercase, and any trailing -dot is removed. - - - -Reverse DNS mismatches ----------------------- - -Sometimes, an enterprise will have control over its forward DNS but -not its reverse DNS. The reverse DNS is sometimes under the control -of the Internet service provider of the enterprise, and the enterprise -may not have much influence in setting up reverse DNS records for its -address space. If there are difficulties with getting forward and -reverse DNS to match, it is best to set ``rdns = false`` on client -machines. - - -Overriding application behavior -------------------------------- - -Applications can choose to use a default hostname component in their -service principal name when accepting authentication, which avoids -some sorts of hostname mismatches. Because not all relevant -applications do this yet, using the :ref:`krb5.conf(5)` setting:: - - [libdefaults] - ignore_acceptor_hostname = true - -will allow the Kerberos library to override the application's choice -of service principal hostname and will allow a server program to -accept incoming authentications using any key in its keytab that -matches the service name and realm name (if given). This setting -defaults to "false" and is available in releases krb5-1.10 and later. - - -Provisioning keytabs --------------------- - -One service principal entry that should be in the keytab is a -principal whose hostname component is the canonical hostname that -``getaddrinfo()`` reports for all known aliases for the host. If the -reverse DNS information does not match this canonical hostname, an -additional service principal entry should be in the keytab for this -different hostname. - - -Specific application advice ---------------------------- - -Secure shell (ssh) -~~~~~~~~~~~~~~~~~~ - -Setting ``GSSAPIStrictAcceptorCheck = no`` in the configuration file -of modern versions of the openssh daemon will allow the daemon to try -any key in its keytab when accepting a connection, rather than looking -for the keytab entry that matches the host's own idea of its name -(typically the name that ``gethostname()`` returns). This requires -krb5-1.10 or later. - -OpenLDAP (ldapsearch, etc.) -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -OpenLDAP's SASL implementation performs reverse DNS lookup in order to -canonicalize service principal names, even if **rdns** is set to -``false`` in the Kerberos configuration. To disable this behavior, -add ``SASL_NOCANON on`` to ``ldap.conf``, or set the -``LDAPSASL_NOCANON`` environment variable. diff --git a/krb5-1.21.3/doc/html/_sources/admin/realm_config.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/realm_config.rst.txt deleted file mode 100644 index 9f5ad507..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/realm_config.rst.txt +++ /dev/null @@ -1,268 +0,0 @@ -Realm configuration decisions -============================= - -Before installing Kerberos V5, it is necessary to consider the -following issues: - -* The name of your Kerberos realm (or the name of each realm, if you - need more than one). -* How you will assign your hostnames to Kerberos realms. -* Which ports your KDC and and kadmind services will use, if they will - not be using the default ports. -* How many replica KDCs you need and where they should be located. -* The hostnames of your primary and replica KDCs. -* How frequently you will propagate the database from the primary KDC - to the replica KDCs. - - -Realm name ----------- - -Although your Kerberos realm can be any ASCII string, convention is to -make it the same as your domain name, in upper-case letters. - -For example, hosts in the domain ``example.com`` would be in the -Kerberos realm:: - - EXAMPLE.COM - -If you need multiple Kerberos realms, MIT recommends that you use -descriptive names which end with your domain name, such as:: - - BOSTON.EXAMPLE.COM - HOUSTON.EXAMPLE.COM - - -.. _mapping_hostnames: - -Mapping hostnames onto Kerberos realms --------------------------------------- - -Mapping hostnames onto Kerberos realms is done in one of three ways. - -The first mechanism works through a set of rules in the -:ref:`domain_realm` section of :ref:`krb5.conf(5)`. You can specify -mappings for an entire domain or on a per-hostname basis. Typically -you would do this by specifying the mappings for a given domain or -subdomain and listing the exceptions. - -The second mechanism is to use KDC host-based service referrals. With -this method, the KDC's krb5.conf has a full [domain_realm] mapping for -hosts, but the clients do not, or have mappings for only a subset of -the hosts they might contact. When a client needs to contact a server -host for which it has no mapping, it will ask the client realm's KDC -for the service ticket, and will receive a referral to the appropriate -service realm. - -To use referrals, clients must be running MIT krb5 1.6 or later, and -the KDC must be running MIT krb5 1.7 or later. The -**host_based_services** and **no_host_referral** variables in the -:ref:`kdc_realms` section of :ref:`kdc.conf(5)` can be used to -fine-tune referral behavior on the KDC. - -It is also possible for clients to use DNS TXT records, if -**dns_lookup_realm** is enabled in :ref:`krb5.conf(5)`. Such lookups -are disabled by default because DNS is an insecure protocol and security -holes could result if DNS records are spoofed. If enabled, the client -will try to look up a TXT record formed by prepending the prefix -``_kerberos`` to the hostname in question. If that record is not -found, the client will attempt a lookup by prepending ``_kerberos`` to the -host's domain name, then its parent domain, up to the top-level domain. -For the hostname ``boston.engineering.example.com``, the names looked up -would be:: - - _kerberos.boston.engineering.example.com - _kerberos.engineering.example.com - _kerberos.example.com - _kerberos.com - -The value of the first TXT record found is taken as the realm name. - -Even if you do not choose to use this mechanism within your site, -you may wish to set it up anyway, for use when interacting with other sites. - - -Ports for the KDC and admin services ------------------------------------- - -The default ports used by Kerberos are port 88 for the KDC and port -749 for the admin server. You can, however, choose to run on other -ports, as long as they are specified in each host's -:ref:`krb5.conf(5)` files or in DNS SRV records, and the -:ref:`kdc.conf(5)` file on each KDC. For a more thorough treatment of -port numbers used by the Kerberos V5 programs, refer to the -:ref:`conf_firewall`. - - -Replica KDCs ------------- - -Replica KDCs provide an additional source of Kerberos ticket-granting -services in the event of inaccessibility of the primary KDC. The -number of replica KDCs you need and the decision of where to place them, -both physically and logically, depends on the specifics of your -network. - -Kerberos authentication requires that each client be able to contact a -KDC. Therefore, you need to anticipate any likely reason a KDC might -be unavailable and have a replica KDC to take up the slack. - -Some considerations include: - -* Have at least one replica KDC as a backup, for when the primary KDC - is down, is being upgraded, or is otherwise unavailable. -* If your network is split such that a network outage is likely to - cause a network partition (some segment or segments of the network - to become cut off or isolated from other segments), have a replica - KDC accessible to each segment. -* If possible, have at least one replica KDC in a different building - from the primary, in case of power outages, fires, or other - localized disasters. - - -.. _kdc_hostnames: - -Hostnames for KDCs ------------------- - -MIT recommends that your KDCs have a predefined set of CNAME records -(DNS hostname aliases), such as ``kerberos`` for the primary KDC and -``kerberos-1``, ``kerberos-2``, ... for the replica KDCs. This way, -if you need to swap a machine, you only need to change a DNS entry, -rather than having to change hostnames. - -As of MIT krb5 1.4, clients can locate a realm's KDCs through DNS -using SRV records (:rfc:`2782`), assuming the Kerberos realm name is -also a DNS domain name. These records indicate the hostname and port -number to contact for that service, optionally with weighting and -prioritization. The domain name used in the SRV record name is the -realm name. Several different Kerberos-related service names are -used: - -_kerberos._udp - This is for contacting any KDC by UDP. This entry will be used - the most often. Normally you should list port 88 on each of your - KDCs. -_kerberos._tcp - This is for contacting any KDC by TCP. Normally you should use - port 88. This entry should be omitted if the KDC does not listen - on TCP ports, as was the default prior to release 1.13. -_kerberos-master._udp - This entry should refer to those KDCs, if any, that will - immediately see password changes to the Kerberos database. If a - user is logging in and the password appears to be incorrect, the - client will retry with the primary KDC before failing with an - "incorrect password" error given. - - If you have only one KDC, or for whatever reason there is no - accessible KDC that would get database changes faster than the - others, you do not need to define this entry. -_kerberos-adm._tcp - This should list port 749 on your primary KDC. Support for it is - not complete at this time, but it will eventually be used by the - :ref:`kadmin(1)` program and related utilities. For now, you will - also need the **admin_server** variable in :ref:`krb5.conf(5)`. -_kerberos-master._tcp - The corresponding TCP port for _kerberos-master._udp, assuming the - primary KDC listens on a TCP port. -_kpasswd._udp - This entry should list port 464 on your primary KDC. It is used - when a user changes her password. If this entry is not defined - but a _kerberos-adm._tcp entry is defined, the client will use the - _kerberos-adm._tcp entry with the port number changed to 464. -_kpasswd._tcp - The corresponding TCP port for _kpasswd._udp. - -The DNS SRV specification requires that the hostnames listed be the -canonical names, not aliases. So, for example, you might include the -following records in your (BIND-style) zone file:: - - $ORIGIN foobar.com. - _kerberos TXT "FOOBAR.COM" - kerberos CNAME daisy - kerberos-1 CNAME use-the-force-luke - kerberos-2 CNAME bunny-rabbit - _kerberos._udp SRV 0 0 88 daisy - SRV 0 0 88 use-the-force-luke - SRV 0 0 88 bunny-rabbit - _kerberos-master._udp SRV 0 0 88 daisy - _kerberos-adm._tcp SRV 0 0 749 daisy - _kpasswd._udp SRV 0 0 464 daisy - -Clients can also be configured with the explicit location of services -using the **kdc**, **master_kdc**, **admin_server**, and -**kpasswd_server** variables in the :ref:`realms` section of -:ref:`krb5.conf(5)`. Even if some clients will be configured with -explicit server locations, providing SRV records will still benefit -unconfigured clients, and be useful for other sites. - - -.. _kdc_discovery: - -KDC Discovery -------------- - -As of MIT krb5 1.15, clients can also locate KDCs in DNS through URI -records (:rfc:`7553`). Limitations with the SRV record format may -result in extra DNS queries in situations where a client must failover -to other transport types, or find a primary server. The URI record -can convey more information about a realm's KDCs with a single query. - -The client performs a query for the following URI records: - -* ``_kerberos.REALM`` for finding KDCs. -* ``_kerberos-adm.REALM`` for finding kadmin services. -* ``_kpasswd.REALM`` for finding password services. - -The URI record includes a priority, weight, and a URI string that -consists of case-insensitive colon separated fields, in the form -``scheme:[flags]:transport:residual``. - -* *scheme* defines the registered URI type. It should always be - ``krb5srv``. -* *flags* contains zero or more flag characters. Currently the only - valid flag is ``m``, which indicates that the record is for a - primary server. -* *transport* defines the transport type of the residual URL or - address. Accepted values are ``tcp``, ``udp``, or ``kkdcp`` for the - MS-KKDCP type. -* *residual* contains the hostname, IP address, or URL to be - contacted using the specified transport, with an optional port - extension. The MS-KKDCP transport type uses a HTTPS URL, and can - include a port and/or path extension. - -An example of URI records in a zone file:: - - _kerberos.EXAMPLE.COM URI 10 1 krb5srv:m:tcp:kdc1.example.com - URI 20 1 krb5srv:m:udp:kdc2.example.com:89 - URI 40 1 krb5srv::udp:10.10.0.23 - URI 30 1 krb5srv::kkdcp:https://proxy:89/auth - -URI lookups are enabled by default, and can be disabled by setting -**dns_uri_lookup** in the :ref:`libdefaults` section of -:ref:`krb5.conf(5)` to False. When enabled, URI lookups take -precedence over SRV lookups, falling back to SRV lookups if no URI -records are found. - - -.. _db_prop: - -Database propagation --------------------- - -The Kerberos database resides on the primary KDC, and must be -propagated regularly (usually by a cron job) to the replica KDCs. In -deciding how frequently the propagation should happen, you will need -to balance the amount of time the propagation takes against the -maximum reasonable amount of time a user should have to wait for a -password change to take effect. - -If the propagation time is longer than this maximum reasonable time -(e.g., you have a particularly large database, you have a lot of -replicas, or you experience frequent network delays), you may wish to -cut down on your propagation delay by performing the propagation in -parallel. To do this, have the primary KDC propagate the database to -one set of replicas, and then have each of these replicas propagate -the database to additional replicas. - -See also :ref:`incr_db_prop` diff --git a/krb5-1.21.3/doc/html/_sources/admin/spake.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/spake.rst.txt deleted file mode 100644 index 001f9291..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/spake.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -.. _spake: - -SPAKE Preauthentication -======================= - -SPAKE preauthentication (added in release 1.17) uses public key -cryptography techniques to protect against :ref:`password dictionary -attacks `. Unlike :ref:`PKINIT `, it does not -require any additional infrastructure such as certificates; it simply -needs to be turned on. Using SPAKE preauthentication may modestly -increase the CPU and network load on the KDC. - -SPAKE preauthentication can use one of four elliptic curve groups for -its password-authenticated key exchange. The recommended group is -``edwards25519``; three NIST curves (``P-256``, ``P-384``, and -``P-521``) are also supported. - -By default, SPAKE with the ``edwards25519`` group is enabled on -clients, but the KDC does not offer SPAKE by default. To turn it on, -set the **spake_preauth_groups** variable in :ref:`libdefaults` to a -list of allowed groups. This variable affects both the client and the -KDC. Simply setting it to ``edwards25519`` is recommended:: - - [libdefaults] - spake_preauth_groups = edwards25519 - -Set the **+requires_preauth** and **-allow_svr** flags on client -principal entries, as you would for any preauthentication mechanism:: - - kadmin: modprinc +requires_preauth -allow_svr PRINCNAME - -Clients which do not implement SPAKE preauthentication will fall back -to encrypted timestamp. - -An active attacker can force a fallback to encrypted timestamp by -modifying the initial KDC response, defeating the protection against -dictionary attacks. To prevent this fallback on clients which do -implement SPAKE preauthentication, set the -**disable_encrypted_timestamp** variable to ``true`` in the -:ref:`realms` subsection for realms whose KDCs offer SPAKE -preauthentication. - -By default, SPAKE preauthentication requires an extra network round -trip to the KDC during initial authentication. If most of the clients -in a realm support SPAKE, this extra round trip can be eliminated -using an optimistic challenge, by setting the -**spake_preauth_kdc_challenge** variable in :ref:`kdcdefaults` to a -single group name:: - - [kdcdefaults] - spake_preauth_kdc_challenge = edwards25519 - -Using optimistic challenge will cause the KDC to do extra work for -initial authentication requests that do not result in SPAKE -preauthentication, but will save work when SPAKE preauthentication is -used. diff --git a/krb5-1.21.3/doc/html/_sources/admin/troubleshoot.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/troubleshoot.rst.txt deleted file mode 100644 index ade5e1f8..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/troubleshoot.rst.txt +++ /dev/null @@ -1,135 +0,0 @@ -.. _troubleshoot: - -Troubleshooting -=============== - -.. _trace_logging: - -Trace logging -------------- - -Most programs using MIT krb5 1.9 or later can be made to provide -information about internal krb5 library operations using trace -logging. To enable this, set the **KRB5_TRACE** environment variable -to a filename before running the program. On many operating systems, -the filename ``/dev/stdout`` can be used to send trace logging output -to standard output. - -Some programs do not honor **KRB5_TRACE**, either because they use -secure library contexts (this generally applies to setuid programs and -parts of the login system) or because they take direct control of the -trace logging system using the API. - -Here is a short example showing trace logging output for an invocation -of the :ref:`kvno(1)` command:: - - shell% env KRB5_TRACE=/dev/stdout kvno krbtgt/KRBTEST.COM - [9138] 1332348778.823276: Getting credentials user@KRBTEST.COM -> - krbtgt/KRBTEST.COM@KRBTEST.COM using ccache - FILE:/me/krb5/build/testdir/ccache - [9138] 1332348778.823381: Retrieving user@KRBTEST.COM -> - krbtgt/KRBTEST.COM@KRBTEST.COM from - FILE:/me/krb5/build/testdir/ccache with result: 0/Unknown code 0 - krbtgt/KRBTEST.COM@KRBTEST.COM: kvno = 1 - - -List of errors --------------- - -Frequently seen errors -~~~~~~~~~~~~~~~~~~~~~~ - -#. :ref:`init_creds_ETYPE_NOSUPP` - -#. :ref:`cert_chain_ETYPE_NOSUPP` - -#. :ref:`err_cert_chain_cert_expired` - - -Errors seen by admins -~~~~~~~~~~~~~~~~~~~~~ - -.. _prop_failed_start: - -#. :ref:`kprop_no_route` - -#. :ref:`kprop_con_refused` - -#. :ref:`kprop_sendauth_exchange` - -.. _prop_failed_end: - ------ - -.. _init_creds_etype_nosupp: - -KDC has no support for encryption type while getting initial credentials -........................................................................ - -.. _cert_chain_etype_nosupp: - - -credential verification failed: KDC has no support for encryption type -...................................................................... - -This most commonly happens when trying to use a principal with only -DES keys, in a release (MIT krb5 1.7 or later) which disables DES by -default. DES encryption is considered weak due to its inadequate key -size. If you cannot migrate away from its use, you can re-enable DES -by adding ``allow_weak_crypto = true`` to the :ref:`libdefaults` -section of :ref:`krb5.conf(5)`. - - -.. _err_cert_chain_cert_expired: - -Cannot create cert chain: certificate has expired -................................................. - -This error message indicates that PKINIT authentication failed because -the client certificate, KDC certificate, or one of the certificates in -the signing chain above them has expired. - -If the KDC certificate has expired, this message appears in the KDC -log file, and the client will receive a "Preauthentication failed" -error. (Prior to release 1.11, the KDC log file message erroneously -appears as "Out of memory". Prior to release 1.12, the client will -receive a "Generic error".) - -If the client or a signing certificate has expired, this message may -appear in trace_logging_ output from :ref:`kinit(1)` or, starting in -release 1.12, as an error message from kinit or another program which -gets initial tickets. The error message is more likely to appear -properly on the client if the principal entry has no long-term keys. - -.. _kprop_no_route: - -kprop: No route to host while connecting to server -.................................................. - -Make sure that the hostname of the replica KDC (as given to kprop) is -correct, and that any firewalls between the primary and the replica -allow a connection on port 754. - -.. _kprop_con_refused: - -kprop: Connection refused while connecting to server -.................................................... - -If the replica KDC is intended to run kpropd out of inetd, make sure -that inetd is configured to accept krb5_prop connections. inetd may -need to be restarted or sent a SIGHUP to recognize the new -configuration. If the replica is intended to run kpropd in standalone -mode, make sure that it is running. - -.. _kprop_sendauth_exchange: - -kprop: Server rejected authentication (during sendauth exchange) while authenticating to server -............................................................................................... - -Make sure that: - -#. The time is synchronized between the primary and replica KDCs. -#. The master stash file was copied from the primary to the expected - location on the replica. -#. The replica has a keytab file in the default location containing a - ``host`` principal for the replica's hostname. diff --git a/krb5-1.21.3/doc/html/_sources/admin/various_envs.rst.txt b/krb5-1.21.3/doc/html/_sources/admin/various_envs.rst.txt deleted file mode 100644 index 64c1795f..00000000 --- a/krb5-1.21.3/doc/html/_sources/admin/various_envs.rst.txt +++ /dev/null @@ -1,27 +0,0 @@ -Various links -============= - -Whitepapers ------------ - -#. https://kerberos.org/software/whitepapers.html - - -Tutorials ---------- - -#. Fulvio Ricciardi _ - - -Troubleshooting ---------------- - -#. https://wiki.ncsa.illinois.edu/display/ITS/Windows+Kerberos+Troubleshooting - -#. https://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html - -#. https://docs.oracle.com/cd/E19253-01/816-4557/trouble-1/index.html - -#. https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb463167(v=technet.10)#EBAA - -#. https://bugs.launchpad.net/ubuntu/+source/libpam-heimdal/+bug/86528 diff --git a/krb5-1.21.3/doc/html/_sources/appdev/gssapi.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/gssapi.rst.txt deleted file mode 100644 index 339fd6c7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/gssapi.rst.txt +++ /dev/null @@ -1,727 +0,0 @@ -Developing with GSSAPI -====================== - -The GSSAPI (Generic Security Services API) allows applications to -communicate securely using Kerberos 5 or other security mechanisms. -We recommend using the GSSAPI (or a higher-level framework which -encompasses GSSAPI, such as SASL) for secure network communication -over using the libkrb5 API directly. - -GSSAPIv2 is specified in :rfc:`2743` and :rfc:`2744`. Also see -:rfc:`7546` for a description of how to use the GSSAPI in a client or -server program. - -This documentation will describe how various ways of using the -GSSAPI will behave with the krb5 mechanism as implemented in MIT krb5, -as well as krb5-specific extensions to the GSSAPI. - - -Name types ----------- - -A GSSAPI application can name a local or remote entity by calling -gss_import_name_, specifying a name type and a value. The following -name types are supported by the krb5 mechanism: - -* **GSS_C_NT_HOSTBASED_SERVICE**: The value should be a string of the - form ``service`` or ``service@hostname``. This is the most common - way to name target services when initiating a security context, and - is the most likely name type to work across multiple mechanisms. - -* **GSS_KRB5_NT_PRINCIPAL_NAME**: The value should be a principal name - string. This name type only works with the krb5 mechanism, and is - defined in the ```` header. - -* **GSS_C_NT_USER_NAME** or **GSS_C_NULL_OID**: The value is treated - as an unparsed principal name string, as above. These name types - may work with mechanisms other than krb5, but will have different - interpretations in those mechanisms. **GSS_C_NT_USER_NAME** is - intended to be used with a local username, which will parse into a - single-component principal in the default realm. - -* **GSS_C_NT_ANONYMOUS**: The value is ignored. The anonymous - principal is used, allowing a client to authenticate to a server - without asserting a particular identity (which may or may not be - allowed by a particular server or Kerberos realm). - -* **GSS_C_NT_MACHINE_UID_NAME**: The value is uid_t object. On - Unix-like systems, the username of the uid is looked up in the - system user database and the resulting username is parsed as a - principal name. - -* **GSS_C_NT_STRING_UID_NAME**: As above, but the value is a decimal - string representation of the uid. - -* **GSS_C_NT_EXPORT_NAME**: The value must be the result of a - gss_export_name_ call. - -* **GSS_KRB5_NT_ENTERPRISE_NAME**: The value should be a krb5 - enterprise name string (see :rfc:`6806` section 5), in the form - ``user@suffix``. This name type is used to convey alias names, and - is defined in the ```` header. (New in - release 1.17.) - -* **GSS_KRB5_NT_X509_CERT**: The value should be an X.509 certificate - encoded according to :rfc:`5280`. This name form can be used for - the desired_name parameter of gss_acquire_cred_impersonate_name(), - to identify the S4U2Self user by certificate. (New in release - 1.19.) - - -Initiator credentials ---------------------- - -A GSSAPI client application uses gss_init_sec_context_ to establish a -security context. The *initiator_cred_handle* parameter determines -what tickets are used to establish the connection. An application can -either pass **GSS_C_NO_CREDENTIAL** to use the default client -credential, or it can use gss_acquire_cred_ beforehand to acquire an -initiator credential. The call to gss_acquire_cred_ may include a -*desired_name* parameter, or it may pass **GSS_C_NO_NAME** if it does -not have a specific name preference. - -If the desired name for a krb5 initiator credential is a host-based -name, it is converted to a principal name of the form -``service/hostname`` in the local realm, where *hostname* is the local -hostname if not specified. The hostname will be canonicalized using -forward name resolution, and possibly also using reverse name -resolution depending on the value of the **rdns** variable in -:ref:`libdefaults`. - -If a desired name is specified in the call to gss_acquire_cred_, the -krb5 mechanism will attempt to find existing tickets for that client -principal name in the default credential cache or collection. If the -default cache type does not support a collection, and the default -cache contains credentials for a different principal than the desired -name, a **GSS_S_CRED_UNAVAIL** error will be returned with a minor -code indicating a mismatch. - -If no existing tickets are available for the desired name, but the -name has an entry in the default client :ref:`keytab_definition`, the -krb5 mechanism will acquire initial tickets for the name using the -default client keytab. - -If no desired name is specified, credential acquisition will be -deferred until the credential is used in a call to -gss_init_sec_context_ or gss_inquire_cred_. If the call is to -gss_init_sec_context_, the target name will be used to choose a client -principal name using the credential cache selection facility. (This -facility might, for instance, try to choose existing tickets for a -client principal in the same realm as the target service). If there -are no existing tickets for the chosen principal, but it is present in -the default client keytab, the krb5 mechanism will acquire initial -tickets using the keytab. - -If the target name cannot be used to select a client principal -(because the credentials are used in a call to gss_inquire_cred_), or -if the credential cache selection facility cannot choose a principal -for it, the default credential cache will be selected if it exists and -contains tickets. - -If the default credential cache does not exist, but the default client -keytab does, the krb5 mechanism will try to acquire initial tickets -for the first principal in the default client keytab. - -If the krb5 mechanism acquires initial tickets using the default -client keytab, the resulting tickets will be stored in the default -cache or collection, and will be refreshed by future calls to -gss_acquire_cred_ as they approach their expire time. - - -Acceptor names --------------- - -A GSSAPI server application uses gss_accept_sec_context_ to establish -a security context based on tokens provided by the client. The -*acceptor_cred_handle* parameter determines what -:ref:`keytab_definition` entries may be authenticated to by the -client, if the krb5 mechanism is used. - -The simplest choice is to pass **GSS_C_NO_CREDENTIAL** as the acceptor -credential. In this case, clients may authenticate to any service -principal in the default keytab (typically |keytab|, or the value of -the **KRB5_KTNAME** environment variable). This is the recommended -approach if the server application has no specific requirements to the -contrary. - -A server may acquire an acceptor credential with gss_acquire_cred_ and -a *cred_usage* of **GSS_C_ACCEPT** or **GSS_C_BOTH**. If the -*desired_name* parameter is **GSS_C_NO_NAME**, then clients will be -allowed to authenticate to any service principal in the default -keytab, just as if no acceptor credential was supplied. - -If a server wishes to specify a *desired_name* to gss_acquire_cred_, -the most common choice is a host-based name. If the host-based -*desired_name* contains just a *service*, then clients will be allowed -to authenticate to any host-based service principal (that is, a -principal of the form ``service/hostname@REALM``) for the named -service, regardless of hostname or realm, as long as it is present in -the default keytab. If the input name contains both a *service* and a -*hostname*, clients will be allowed to authenticate to any host-based -principal for the named service and hostname, regardless of realm. - -.. note:: - - If a *hostname* is specified, it will be canonicalized - using forward name resolution, and possibly also using - reverse name resolution depending on the value of the - **rdns** variable in :ref:`libdefaults`. - -.. note:: - - If the **ignore_acceptor_hostname** variable in - :ref:`libdefaults` is enabled, then *hostname* will be - ignored even if one is specified in the input name. - -.. note:: - - In MIT krb5 versions prior to 1.10, and in Heimdal's - implementation of the krb5 mechanism, an input name with - just a *service* is treated like an input name of - ``service@localhostname``, where *localhostname* is the - string returned by gethostname(). - -If the *desired_name* is a krb5 principal name or a local system name -type which is mapped to a krb5 principal name, clients will only be -allowed to authenticate to that principal in the default keytab. - - -Name Attributes ---------------- - -In release 1.8 or later, the gss_inquire_name_ and -gss_get_name_attribute_ functions, specified in :rfc:`6680`, can be -used to retrieve name attributes from the *src_name* returned by -gss_accept_sec_context_. The following attributes are defined when -the krb5 mechanism is used: - -.. _gssapi_authind_attr: - -* "auth-indicators" attribute: - -This attribute will be included in the gss_inquire_name_ output if the -ticket contains :ref:`authentication indicators `. -One indicator is returned per invocation of gss_get_name_attribute_, -so multiple invocations may be necessary to retrieve all of the -indicators from the ticket. (New in release 1.15.) - - -Credential store extensions ---------------------------- - -Beginning with release 1.11, the following GSSAPI extensions declared -in ```` can be used to specify how credentials -are acquired or stored:: - - struct gss_key_value_element_struct { - const char *key; - const char *value; - }; - typedef struct gss_key_value_element_struct gss_key_value_element_desc; - - struct gss_key_value_set_struct { - OM_uint32 count; - gss_key_value_element_desc *elements; - }; - typedef const struct gss_key_value_set_struct gss_key_value_set_desc; - typedef const gss_key_value_set_desc *gss_const_key_value_set_t; - - OM_uint32 gss_acquire_cred_from(OM_uint32 *minor_status, - const gss_name_t desired_name, - OM_uint32 time_req, - const gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_const_key_value_set_t cred_store, - gss_cred_id_t *output_cred_handle, - gss_OID_set *actual_mechs, - OM_uint32 *time_rec); - - OM_uint32 gss_store_cred_into(OM_uint32 *minor_status, - gss_cred_id_t input_cred_handle, - gss_cred_usage_t cred_usage, - const gss_OID desired_mech, - OM_uint32 overwrite_cred, - OM_uint32 default_cred, - gss_const_key_value_set_t cred_store, - gss_OID_set *elements_stored, - gss_cred_usage_t *cred_usage_stored); - -The additional *cred_store* parameter allows the caller to specify -information about how the credentials should be obtained and stored. -The following options are supported by the krb5 mechanism: - -* **ccache**: For acquiring initiator credentials, the name of the - :ref:`credential cache ` to which the handle will - refer. For storing credentials, the name of the cache or collection - where the credentials will be stored (see below). - -* **client_keytab**: For acquiring initiator credentials, the name of - the :ref:`keytab ` which will be used, if - necessary, to refresh the credentials in the cache. - -* **keytab**: For acquiring acceptor credentials, the name of the - :ref:`keytab ` to which the handle will refer. - In release 1.19 and later, this option also determines the keytab to - be used for verification when initiator credentials are acquired - using a password and verified. - -* **password**: For acquiring initiator credentials, this option - instructs the mechanism to acquire fresh credentials into a unique - memory credential cache. This option may not be used with the - **ccache** or **client_keytab** options, and a *desired_name* must - be specified. (New in release 1.19.) - -* **rcache**: For acquiring acceptor credentials, the name of the - :ref:`replay cache ` to be used when processing - the initiator tokens. (New in release 1.13.) - -* **verify**: For acquiring initiator credentials, this option - instructs the mechanism to verify the credentials by obtaining a - ticket to a service with a known key. The service key is obtained - from the keytab specified with the **keytab** option or the default - keytab. The value may be the name of a principal in the keytab, or - the empty string. If the empty string is given, any ``host`` - service principal in the keytab may be used. (New in release 1.19.) - -In release 1.20 or later, if a collection name is specified for -**cache** in a call to gss_store_cred_into(), an existing cache for -the client principal within the collection will be selected, or a new -cache will be created within the collection. If *overwrite_cred* is -false and the selected credential cache already exists, a -**GSS_S_DUPLICATE_ELEMENT** error will be returned. If *default_cred* -is true, the primary cache of the collection will be switched to the -selected cache. - - -Importing and exporting credentials ------------------------------------ - -The following GSSAPI extensions can be used to import and export -credentials (declared in ````):: - - OM_uint32 gss_export_cred(OM_uint32 *minor_status, - gss_cred_id_t cred_handle, - gss_buffer_t token); - - OM_uint32 gss_import_cred(OM_uint32 *minor_status, - gss_buffer_t token, - gss_cred_id_t *cred_handle); - -The first function serializes a GSSAPI credential handle into a -buffer; the second unseralizes a buffer into a GSSAPI credential -handle. Serializing a credential does not destroy it. If any of the -mechanisms used in *cred_handle* do not support serialization, -gss_export_cred will return **GSS_S_UNAVAILABLE**. As with other -GSSAPI serialization functions, these extensions are only intended to -work with a matching implementation on the other side; they do not -serialize credentials in a standardized format. - -A serialized credential may contain secret information such as ticket -session keys. The serialization format does not protect this -information from eavesdropping or tampering. The calling application -must take care to protect the serialized credential when communicating -it over an insecure channel or to an untrusted party. - -A krb5 GSSAPI credential may contain references to a credential cache, -a client keytab, an acceptor keytab, and a replay cache. These -resources are normally serialized as references to their external -locations (such as the filename of the credential cache). Because of -this, a serialized krb5 credential can only be imported by a process -with similar privileges to the exporter. A serialized credential -should not be trusted if it originates from a source with lower -privileges than the importer, as it may contain references to external -credential cache, keytab, or replay cache resources not accessible to -the originator. - -An exception to the above rule applies when a krb5 GSSAPI credential -refers to a memory credential cache, as is normally the case for -delegated credentials received by gss_accept_sec_context_. In this -case, the contents of the credential cache are serialized, so that the -resulting token may be imported even if the original memory credential -cache no longer exists. - - -Constrained delegation (S4U) ----------------------------- - -The Microsoft S4U2Self and S4U2Proxy Kerberos protocol extensions -allow an intermediate service to acquire credentials from a client to -a target service without requiring the client to delegate a -ticket-granting ticket, if the KDC is configured to allow it. - -To perform a constrained delegation operation, the intermediate -service must submit to the KDC an "evidence ticket" from the client to -the intermediate service. An evidence ticket can be acquired when the -client authenticates to the intermediate service with Kerberos, or -with an S4U2Self request if the KDC allows it. The MIT krb5 GSSAPI -library represents an evidence ticket using a "proxy credential", -which is a special kind of gss_cred_id_t object whose underlying -credential cache contains the evidence ticket and a krbtgt ticket for -the intermediate service. - -To acquire a proxy credential during client authentication, the -service should first create an acceptor credential using the -**GSS_C_BOTH** usage. The application should then pass this -credential as the *acceptor_cred_handle* to gss_accept_sec_context_, -and also pass a *delegated_cred_handle* output parameter to receive a -proxy credential containing the evidence ticket. The output value of -*delegated_cred_handle* may be a delegated ticket-granting ticket if -the client sent one, or a proxy credential if not. If the library can -determine that the client's ticket is not a valid evidence ticket, it -will place **GSS_C_NO_CREDENTIAL** in *delegated_cred_handle*. - -To acquire a proxy credential using an S4U2Self request, the service -can use the following GSSAPI extension:: - - OM_uint32 gss_acquire_cred_impersonate_name(OM_uint32 *minor_status, - gss_cred_id_t icred, - gss_name_t desired_name, - OM_uint32 time_req, - gss_OID_set desired_mechs, - gss_cred_usage_t cred_usage, - gss_cred_id_t *output_cred, - gss_OID_set *actual_mechs, - OM_uint32 *time_rec); - -The parameters to this function are similar to those of -gss_acquire_cred_, except that *icred* is used to make an S4U2Self -request to the KDC for a ticket from *desired_name* to the -intermediate service. Both *icred* and *desired_name* are required -for this function; passing **GSS_C_NO_CREDENTIAL** or -**GSS_C_NO_NAME** will cause the call to fail. *icred* must contain a -krbtgt ticket for the intermediate service. The result of this -operation is a proxy credential. (Prior to release 1.18, the result -of this operation may be a regular credential for *desired_name*, if -the KDC issues a non-forwardable ticket.) - -Once the intermediate service has a proxy credential, it can simply -pass it to gss_init_sec_context_ as the *initiator_cred_handle* -parameter, and the desired service as the *target_name* parameter. -The GSSAPI library will present the krbtgt ticket and evidence ticket -in the proxy credential to the KDC in an S4U2Proxy request; if the -intermediate service has the appropriate permissions, the KDC will -issue a ticket from the client to the target service. The GSSAPI -library will then use this ticket to authenticate to the target -service. - -If an application needs to find out whether a credential it holds is a -proxy credential and the name of the intermediate service, it can -query the credential with the **GSS_KRB5_GET_CRED_IMPERSONATOR** OID -(new in release 1.16, declared in ````) using -the gss_inquire_cred_by_oid extension (declared in -````):: - - OM_uint32 gss_inquire_cred_by_oid(OM_uint32 *minor_status, - const gss_cred_id_t cred_handle, - gss_OID desired_object, - gss_buffer_set_t *data_set); - -If the call succeeds and *cred_handle* is a proxy credential, -*data_set* will be set to a single-element buffer set containing the -unparsed principal name of the intermediate service. If *cred_handle* -is not a proxy credential, *data_set* will be set to an empty buffer -set. If the library does not support the query, -gss_inquire_cred_by_oid will return **GSS_S_UNAVAILABLE**. - - -AEAD message wrapping ---------------------- - -The following GSSAPI extensions (declared in -````) can be used to wrap and unwrap messages -with additional "associated data" which is integrity-checked but is -not included in the output buffer:: - - OM_uint32 gss_wrap_aead(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, gss_qop_t qop_req, - gss_buffer_t input_assoc_buffer, - gss_buffer_t input_payload_buffer, - int *conf_state, - gss_buffer_t output_message_buffer); - - OM_uint32 gss_unwrap_aead(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_buffer_t input_message_buffer, - gss_buffer_t input_assoc_buffer, - gss_buffer_t output_payload_buffer, - int *conf_state, - gss_qop_t *qop_state); - -Wrap tokens created with gss_wrap_aead will successfully unwrap only -if the same *input_assoc_buffer* contents are presented to -gss_unwrap_aead. - - -IOV message wrapping --------------------- - -The following extensions (declared in ````) can -be used for in-place encryption, fine-grained control over wrap token -layout, and for constructing wrap tokens compatible with Microsoft DCE -RPC:: - - typedef struct gss_iov_buffer_desc_struct { - OM_uint32 type; - gss_buffer_desc buffer; - } gss_iov_buffer_desc, *gss_iov_buffer_t; - - OM_uint32 gss_wrap_iov(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, gss_qop_t qop_req, - int *conf_state, - gss_iov_buffer_desc *iov, int iov_count); - - OM_uint32 gss_unwrap_iov(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int *conf_state, gss_qop_t *qop_state, - gss_iov_buffer_desc *iov, int iov_count); - - OM_uint32 gss_wrap_iov_length(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - int conf_req_flag, - gss_qop_t qop_req, int *conf_state, - gss_iov_buffer_desc *iov, - int iov_count); - - OM_uint32 gss_release_iov_buffer(OM_uint32 *minor_status, - gss_iov_buffer_desc *iov, - int iov_count); - -The caller of gss_wrap_iov provides an array of gss_iov_buffer_desc -structures, each containing a type and a gss_buffer_desc structure. -Valid types include: - -* **GSS_C_BUFFER_TYPE_DATA**: A data buffer to be included in the - token, and to be encrypted or decrypted in-place if the token is - confidentiality-protected. - -* **GSS_C_BUFFER_TYPE_HEADER**: The GSSAPI wrap token header and - underlying cryptographic header. - -* **GSS_C_BUFFER_TYPE_TRAILER**: The cryptographic trailer, if one is - required. - -* **GSS_C_BUFFER_TYPE_PADDING**: Padding to be combined with the data - during encryption and decryption. (The implementation may choose to - place padding in the trailer buffer, in which case it will set the - padding buffer length to 0.) - -* **GSS_C_BUFFER_TYPE_STREAM**: For unwrapping only, a buffer - containing a complete wrap token in standard format to be unwrapped. - -* **GSS_C_BUFFER_TYPE_SIGN_ONLY**: A buffer to be included in the - token's integrity protection checksum, but not to be encrypted or - included in the token itself. - -For gss_wrap_iov, the IOV list should contain one HEADER buffer, -followed by zero or more SIGN_ONLY buffers, followed by one or more -DATA buffers, followed by a TRAILER buffer. The memory pointed to by -the buffers is not required to be contiguous or in any particular -order. If *conf_req_flag* is true, DATA buffers will be encrypted -in-place, while SIGN_ONLY buffers will not be modified. - -The type of an output buffer may be combined with -**GSS_C_BUFFER_FLAG_ALLOCATE** to request that gss_wrap_iov allocate -the buffer contents. If gss_wrap_iov allocates a buffer, it sets the -**GSS_C_BUFFER_FLAG_ALLOCATED** flag on the buffer type. -gss_release_iov_buffer can be used to release all allocated buffers -within an iov list and unset their allocated flags. Here is an -example of how gss_wrap_iov can be used with allocation requested -(*ctx* is assumed to be a previously established gss_ctx_id_t):: - - OM_uint32 major, minor; - gss_iov_buffer_desc iov[4]; - char str[] = "message"; - - iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE; - iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; - iov[1].buffer.value = str; - iov[1].buffer.length = strlen(str); - iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING | GSS_IOV_BUFFER_FLAG_ALLOCATE; - iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER | GSS_IOV_BUFFER_FLAG_ALLOCATE; - - major = gss_wrap_iov(&minor, ctx, 1, GSS_C_QOP_DEFAULT, NULL, - iov, 4); - if (GSS_ERROR(major)) - handle_error(major, minor); - - /* Transmit or otherwise use resulting buffers. */ - - (void)gss_release_iov_buffer(&minor, iov, 4); - -If the caller does not choose to request buffer allocation by -gss_wrap_iov, it should first call gss_wrap_iov_length to query the -lengths of the HEADER, PADDING, and TRAILER buffers. DATA buffers -must be provided in the iov list so that padding length can be -computed correctly, but the output buffers need not be initialized. -Here is an example of using gss_wrap_iov_length and gss_wrap_iov:: - - OM_uint32 major, minor; - gss_iov_buffer_desc iov[4]; - char str[1024] = "message", *ptr; - - iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER; - iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; - iov[1].buffer.value = str; - iov[1].buffer.length = strlen(str); - - iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING; - iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER; - - major = gss_wrap_iov_length(&minor, ctx, 1, GSS_C_QOP_DEFAULT, - NULL, iov, 4); - if (GSS_ERROR(major)) - handle_error(major, minor); - if (strlen(str) + iov[0].buffer.length + iov[2].buffer.length + - iov[3].buffer.length > sizeof(str)) - handle_out_of_space_error(); - ptr = str + strlen(str); - iov[0].buffer.value = ptr; - ptr += iov[0].buffer.length; - iov[2].buffer.value = ptr; - ptr += iov[2].buffer.length; - iov[3].buffer.value = ptr; - - major = gss_wrap_iov(&minor, ctx, 1, GSS_C_QOP_DEFAULT, NULL, - iov, 4); - if (GSS_ERROR(major)) - handle_error(major, minor); - -If the context was established using the **GSS_C_DCE_STYLE** flag -(described in :rfc:`4757`), wrap tokens compatible with Microsoft DCE -RPC can be constructed. In this case, the IOV list must include a -SIGN_ONLY buffer, a DATA buffer, a second SIGN_ONLY buffer, and a -HEADER buffer in that order (the order of the buffer contents remains -arbitrary). The application must pad the DATA buffer to a multiple of -16 bytes as no padding or trailer buffer is used. - -gss_unwrap_iov may be called with an IOV list just like one which -would be provided to gss_wrap_iov. DATA buffers will be decrypted -in-place if they were encrypted, and SIGN_ONLY buffers will not be -modified. - -Alternatively, gss_unwrap_iov may be called with a single STREAM -buffer, zero or more SIGN_ONLY buffers, and a single DATA buffer. The -STREAM buffer is interpreted as a complete wrap token. The STREAM -buffer will be modified in-place to decrypt its contents. The DATA -buffer will be initialized to point to the decrypted data within the -STREAM buffer, unless it has the **GSS_C_BUFFER_FLAG_ALLOCATE** flag -set, in which case it will be initialized with a copy of the decrypted -data. Here is an example (*token* and *token_len* are assumed to be a -pre-existing pointer and length for a modifiable region of data):: - - OM_uint32 major, minor; - gss_iov_buffer_desc iov[2]; - - iov[0].type = GSS_IOV_BUFFER_TYPE_STREAM; - iov[0].buffer.value = token; - iov[0].buffer.length = token_len; - iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; - major = gss_unwrap_iov(&minor, ctx, NULL, NULL, iov, 2); - if (GSS_ERROR(major)) - handle_error(major, minor); - - /* Decrypted data is in iov[1].buffer, pointing to a subregion of - * token. */ - -.. _gssapi_mic_token: - -IOV MIC tokens --------------- - -The following extensions (declared in ````) can -be used in release 1.12 or later to construct and verify MIC tokens -using an IOV list:: - - OM_uint32 gss_get_mic_iov(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_qop_t qop_req, - gss_iov_buffer_desc *iov, - int iov_count); - - OM_uint32 gss_get_mic_iov_length(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_qop_t qop_req, - gss_iov_buffer_desc *iov, - iov_count); - - OM_uint32 gss_verify_mic_iov(OM_uint32 *minor_status, - gss_ctx_id_t context_handle, - gss_qop_t *qop_state, - gss_iov_buffer_desc *iov, - int iov_count); - -The caller of gss_get_mic_iov provides an array of gss_iov_buffer_desc -structures, each containing a type and a gss_buffer_desc structure. -Valid types include: - -* **GSS_C_BUFFER_TYPE_DATA** and **GSS_C_BUFFER_TYPE_SIGN_ONLY**: The - corresponding buffer for each of these types will be signed for the - MIC token, in the order provided. - -* **GSS_C_BUFFER_TYPE_MIC_TOKEN**: The GSSAPI MIC token. - -The type of the MIC_TOKEN buffer may be combined with -**GSS_C_BUFFER_FLAG_ALLOCATE** to request that gss_get_mic_iov -allocate the buffer contents. If gss_get_mic_iov allocates the -buffer, it sets the **GSS_C_BUFFER_FLAG_ALLOCATED** flag on the buffer -type. gss_release_iov_buffer can be used to release all allocated -buffers within an iov list and unset their allocated flags. Here is -an example of how gss_get_mic_iov can be used with allocation -requested (*ctx* is assumed to be a previously established -gss_ctx_id_t):: - - OM_uint32 major, minor; - gss_iov_buffer_desc iov[3]; - - iov[0].type = GSS_IOV_BUFFER_TYPE_DATA; - iov[0].buffer.value = "sign1"; - iov[0].buffer.length = 5; - iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY; - iov[1].buffer.value = "sign2"; - iov[1].buffer.length = 5; - iov[2].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN | GSS_IOV_BUFFER_FLAG_ALLOCATE; - - major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 3); - if (GSS_ERROR(major)) - handle_error(major, minor); - - /* Transmit or otherwise use iov[2].buffer. */ - - (void)gss_release_iov_buffer(&minor, iov, 3); - -If the caller does not choose to request buffer allocation by -gss_get_mic_iov, it should first call gss_get_mic_iov_length to query -the length of the MIC_TOKEN buffer. Here is an example of using -gss_get_mic_iov_length and gss_get_mic_iov:: - - OM_uint32 major, minor; - gss_iov_buffer_desc iov[2]; - char data[1024]; - - iov[0].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN; - iov[1].type = GSS_IOV_BUFFER_TYPE_DATA; - iov[1].buffer.value = "message"; - iov[1].buffer.length = 7; - - major = gss_get_mic_iov_length(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2); - if (GSS_ERROR(major)) - handle_error(major, minor); - if (iov[0].buffer.length > sizeof(data)) - handle_out_of_space_error(); - iov[0].buffer.value = data; - - major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2); - if (GSS_ERROR(major)) - handle_error(major, minor); - - -.. _gss_accept_sec_context: https://tools.ietf.org/html/rfc2744.html#section-5.1 -.. _gss_acquire_cred: https://tools.ietf.org/html/rfc2744.html#section-5.2 -.. _gss_export_name: https://tools.ietf.org/html/rfc2744.html#section-5.13 -.. _gss_get_name_attribute: https://tools.ietf.org/html/6680.html#section-7.5 -.. _gss_import_name: https://tools.ietf.org/html/rfc2744.html#section-5.16 -.. _gss_init_sec_context: https://tools.ietf.org/html/rfc2744.html#section-5.19 -.. _gss_inquire_name: https://tools.ietf.org/html/rfc6680.txt#section-7.4 -.. _gss_inquire_cred: https://tools.ietf.org/html/rfc2744.html#section-5.21 diff --git a/krb5-1.21.3/doc/html/_sources/appdev/h5l_mit_apidiff.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/h5l_mit_apidiff.rst.txt deleted file mode 100644 index b721b57b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/h5l_mit_apidiff.rst.txt +++ /dev/null @@ -1,28 +0,0 @@ -Differences between Heimdal and MIT Kerberos API -================================================ - -.. tabularcolumns:: |l|l| - -.. table:: - - ======================================== ================================================= - :c:func:`krb5_auth_con_getaddrs()` H5l: If either of the pointers to local_addr - and remote_addr is not NULL, it is freed - first and then reallocated before being - populated with the content of corresponding - address from authentication context. - :c:func:`krb5_auth_con_setaddrs()` H5l: If either address is NULL, the previous - address remains in place - :c:func:`krb5_auth_con_setports()` H5l: Not implemented as of version 1.3.3 - :c:func:`krb5_auth_con_setrecvsubkey()` H5l: If either port is NULL, the previous - port remains in place - :c:func:`krb5_auth_con_setsendsubkey()` H5l: Not implemented as of version 1.3.3 - :c:func:`krb5_cc_set_config()` MIT: Before version 1.10 it was assumed that - the last argument *data* is ALWAYS non-zero. - :c:func:`krb5_cccol_last_change_time()` MIT: not implemented - :c:func:`krb5_set_default_realm()` H5l: Caches the computed default realm context - field. If the second argument is NULL, - it tries to retrieve it from libdefaults or DNS. - MIT: Computes the default realm each time - if it wasn't explicitly set in the context - ======================================== ================================================= diff --git a/krb5-1.21.3/doc/html/_sources/appdev/index.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/index.rst.txt deleted file mode 100644 index 961bb1e9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/index.rst.txt +++ /dev/null @@ -1,16 +0,0 @@ -For application developers -========================== - -.. toctree:: - :maxdepth: 1 - - gssapi.rst - y2038.rst - h5l_mit_apidiff.rst - init_creds.rst - princ_handle.rst - -.. toctree:: - :maxdepth: 1 - - refs/index.rst diff --git a/krb5-1.21.3/doc/html/_sources/appdev/init_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/init_creds.rst.txt deleted file mode 100644 index 5c3c0a87..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/init_creds.rst.txt +++ /dev/null @@ -1,304 +0,0 @@ -Initial credentials -=================== - -Software that performs tasks such as logging users into a computer -when they type their Kerberos password needs to get initial -credentials (usually ticket granting tickets) from Kerberos. Such -software shares some behavior with the :ref:`kinit(1)` program. - -Whenever a program grants access to a resource (such as a local login -session on a desktop computer) based on a user successfully getting -initial Kerberos credentials, it must verify those credentials against -a secure shared secret (e.g., a host keytab) to ensure that the user -credentials actually originate from a legitimate KDC. Failure to -perform this verification is a critical vulnerability, because a -malicious user can execute the "Zanarotti attack": the user constructs -a fake response that appears to come from the legitimate KDC, but -whose contents come from an attacker-controlled KDC. - -Some applications read a Kerberos password over the network (ideally -over a secure channel), which they then verify against the KDC. While -this technique may be the only practical way to integrate Kerberos -into some existing legacy systems, its use is contrary to the original -design goals of Kerberos. - -The function :c:func:`krb5_get_init_creds_password` will get initial -credentials for a client using a password. An application that needs -to verify the credentials can call :c:func:`krb5_verify_init_creds`. -Here is an example of code to obtain and verify TGT credentials, given -strings *princname* and *password* for the client principal name and -password:: - - krb5_error_code ret; - krb5_creds creds; - krb5_principal client_princ = NULL; - - memset(&creds, 0, sizeof(creds)); - ret = krb5_parse_name(context, princname, &client_princ); - if (ret) - goto cleanup; - ret = krb5_get_init_creds_password(context, &creds, client_princ, - password, NULL, NULL, 0, NULL, NULL); - if (ret) - goto cleanup; - ret = krb5_verify_init_creds(context, &creds, NULL, NULL, NULL, NULL); - - cleanup: - krb5_free_principal(context, client_princ); - krb5_free_cred_contents(context, &creds); - return ret; - -Options for get_init_creds --------------------------- - -The function :c:func:`krb5_get_init_creds_password` takes an options -parameter (which can be a null pointer). Use the function -:c:func:`krb5_get_init_creds_opt_alloc` to allocate an options -structure, and :c:func:`krb5_get_init_creds_opt_free` to free it. For -example:: - - krb5_error_code ret; - krb5_get_init_creds_opt *opt = NULL; - krb5_creds creds; - - memset(&creds, 0, sizeof(creds)); - ret = krb5_get_init_creds_opt_alloc(context, &opt); - if (ret) - goto cleanup; - krb5_get_init_creds_opt_set_tkt_life(opt, 24 * 60 * 60); - ret = krb5_get_init_creds_password(context, &creds, client_princ, - password, NULL, NULL, 0, NULL, opt); - if (ret) - goto cleanup; - - cleanup: - krb5_get_init_creds_opt_free(context, opt); - krb5_free_cred_contents(context, &creds); - return ret; - -Getting anonymous credentials ------------------------------ - -As of release 1.8, it is possible to obtain fully anonymous or -partially anonymous (realm-exposed) credentials, if the KDC supports -it. The MIT KDC supports issuing fully anonymous credentials as of -release 1.8 if configured appropriately (see :ref:`anonymous_pkinit`), -but does not support issuing realm-exposed anonymous credentials at -this time. - -To obtain fully anonymous credentials, call -:c:func:`krb5_get_init_creds_opt_set_anonymous` on the options -structure to set the anonymous flag, and specify a client principal -with the KDC's realm and a single empty data component (the principal -obtained by parsing ``@``\ *realmname*). Authentication will take -place using anonymous PKINIT; if successful, the client principal of -the resulting tickets will be -``WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS``. Here is an example:: - - krb5_get_init_creds_opt_set_anonymous(opt, 1); - ret = krb5_build_principal(context, &client_princ, strlen(myrealm), - myrealm, "", (char *)NULL); - if (ret) - goto cleanup; - ret = krb5_get_init_creds_password(context, &creds, client_princ, - password, NULL, NULL, 0, NULL, opt); - if (ret) - goto cleanup; - -To obtain realm-exposed anonymous credentials, set the anonymous flag -on the options structure as above, but specify a normal client -principal in order to prove membership in the realm. Authentication -will take place as it normally does; if successful, the client -principal of the resulting tickets will be ``WELLKNOWN/ANONYMOUS@``\ -*realmname*. - -User interaction ----------------- - -Authenticating a user usually requires the entry of secret -information, such as a password. A password can be supplied directly -to :c:func:`krb5_get_init_creds_password` via the *password* -parameter, or the application can supply prompter and/or responder -callbacks instead. If callbacks are used, the user can also be -queried for other secret information such as a PIN, informed of -impending password expiration, or prompted to change a password which -has expired. - -Prompter callback -~~~~~~~~~~~~~~~~~ - -A prompter callback can be specified via the *prompter* and *data* -parameters to :c:func:`krb5_get_init_creds_password`. The prompter -will be invoked each time the krb5 library has a question to ask or -information to present. When the prompter callback is invoked, the -*banner* argument (if not null) is intended to be displayed to the -user, and the questions to be answered are specified in the *prompts* -array. Each prompt contains a text question in the *prompt* field, a -*hidden* bit to indicate whether the answer should be hidden from -display, and a storage area for the answer in the *reply* field. The -callback should fill in each question's ``reply->data`` with the -answer, up to a maximum number of ``reply->length`` bytes, and then -reset ``reply->length`` to the length of the answer. - -A prompter callback can call :c:func:`krb5_get_prompt_types` to get an -array of type constants corresponding to the prompts, to get -programmatic information about the semantic meaning of the questions. -:c:func:`krb5_get_prompt_types` may return a null pointer if no prompt -type information is available. - -Text-based applications can use a built-in text prompter -implementation by supplying :c:func:`krb5_prompter_posix` as the -*prompter* parameter and a null pointer as the *data* parameter. For -example:: - - ret = krb5_get_init_creds_password(context, &creds, client_princ, - NULL, krb5_prompter_posix, NULL, 0, - NULL, NULL); - -Responder callback -~~~~~~~~~~~~~~~~~~ - -A responder callback can be specified through the init_creds options -using the :c:func:`krb5_get_init_creds_opt_set_responder` function. -Responder callbacks can present a more sophisticated user interface -for authentication secrets. The responder callback is usually invoked -only once per authentication, with a list of questions produced by all -of the allowed preauthentication mechanisms. - -When the responder callback is invoked, the *rctx* argument can be -accessed to obtain the list of questions and to answer them. The -:c:func:`krb5_responder_list_questions` function retrieves an array of -question types. For each question type, the -:c:func:`krb5_responder_get_challenge` function retrieves additional -information about the question, if applicable, and the -:c:func:`krb5_responder_set_answer` function sets the answer. - -Responder question types, challenges, and answers are UTF-8 strings. -The question type is a well-known string; the meaning of the challenge -and answer depend on the question type. If an application does not -understand a question type, it cannot interpret the challenge or -provide an answer. Failing to answer a question typically results in -the prompter callback being used as a fallback. - -Password question -################# - -The :c:macro:`KRB5_RESPONDER_QUESTION_PASSWORD` (or ``"password"``) -question type requests the user's password. This question does not -have a challenge, and the response is simply the password string. - -One-time password question -########################## - -The :c:macro:`KRB5_RESPONDER_QUESTION_OTP` (or ``"otp"``) question -type requests a choice among one-time password tokens and the PIN and -value for the chosen token. The challenge and answer are JSON-encoded -strings, but an application can use convenience functions to avoid -doing any JSON processing itself. - -The :c:func:`krb5_responder_otp_get_challenge` function decodes the -challenge into a krb5_responder_otp_challenge structure. The -:c:func:`krb5_responder_otp_set_answer` function selects one of the -token information elements from the challenge and supplies the value -and pin for that token. - -PKINIT password or PIN question -############################### - -The :c:macro:`KRB5_RESPONDER_QUESTION_PKINIT` (or ``"pkinit"``) question -type requests PINs for hardware devices and/or passwords for encrypted -credentials which are stored on disk, potentially also supplying -information about the state of the hardware devices. The challenge and -answer are JSON-encoded strings, but an application can use convenience -functions to avoid doing any JSON processing itself. - -The :c:func:`krb5_responder_pkinit_get_challenge` function decodes the -challenges into a krb5_responder_pkinit_challenge structure. The -:c:func:`krb5_responder_pkinit_set_answer` function can be used to -supply the PIN or password for a particular client credential, and can -be called multiple times. - -Example -####### - -Here is an example of using a responder callback:: - - static krb5_error_code - my_responder(krb5_context context, void *data, - krb5_responder_context rctx) - { - krb5_error_code ret; - krb5_responder_otp_challenge *chl; - - if (krb5_responder_get_challenge(context, rctx, - KRB5_RESPONDER_QUESTION_PASSWORD)) { - ret = krb5_responder_set_answer(context, rctx, - KRB5_RESPONDER_QUESTION_PASSWORD, - "open sesame"); - if (ret) - return ret; - } - ret = krb5_responder_otp_get_challenge(context, rctx, &chl); - if (ret == 0 && chl != NULL) { - ret = krb5_responder_otp_set_answer(context, rctx, 0, "1234", - NULL); - krb5_responder_otp_challenge_free(context, rctx, chl); - if (ret) - return ret; - } - return 0; - } - - static krb5_error_code - get_creds(krb5_context context, krb5_principal client_princ) - { - krb5_error_code ret; - krb5_get_init_creds_opt *opt = NULL; - krb5_creds creds; - - memset(&creds, 0, sizeof(creds)); - ret = krb5_get_init_creds_opt_alloc(context, &opt); - if (ret) - goto cleanup; - ret = krb5_get_init_creds_opt_set_responder(context, opt, my_responder, - NULL); - if (ret) - goto cleanup; - ret = krb5_get_init_creds_password(context, &creds, client_princ, - NULL, NULL, NULL, 0, NULL, opt); - - cleanup: - krb5_get_init_creds_opt_free(context, opt); - krb5_free_cred_contents(context, &creds); - return ret; - } - -Verifying initial credentials ------------------------------ - -Use the function :c:func:`krb5_verify_init_creds` to verify initial -credentials. It takes an options structure (which can be a null -pointer). Use :c:func:`krb5_verify_init_creds_opt_init` to initialize -the caller-allocated options structure, and -:c:func:`krb5_verify_init_creds_opt_set_ap_req_nofail` to set the -"nofail" option. For example:: - - krb5_verify_init_creds_opt vopt; - - krb5_verify_init_creds_opt_init(&vopt); - krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, 1); - ret = krb5_verify_init_creds(context, &creds, NULL, NULL, NULL, &vopt); - -The confusingly named "nofail" option, when set, means that the -verification must actually succeed in order for -:c:func:`krb5_verify_init_creds` to indicate success. The default -state of this option (cleared) means that if there is no key material -available to verify the user credentials, the verification will -succeed anyway. (The default can be changed by a configuration file -setting.) - -This accommodates a use case where a large number of unkeyed shared -desktop workstations need to allow users to log in using Kerberos. -The security risks from this practice are mitigated by the absence of -valuable state on the shared workstations---any valuable resources -that the users would access reside on networked servers. diff --git a/krb5-1.21.3/doc/html/_sources/appdev/princ_handle.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/princ_handle.rst.txt deleted file mode 100644 index 455f00a4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/princ_handle.rst.txt +++ /dev/null @@ -1,79 +0,0 @@ -Principal manipulation and parsing -================================== - -Kerberos principal structure - -.. - -:c:type:`krb5_principal_data` - -:c:type:`krb5_principal` - -.. - -Create and free principal - -.. - -:c:func:`krb5_build_principal()` - -:c:func:`krb5_build_principal_alloc_va()` - -:c:func:`krb5_build_principal_ext()` - -:c:func:`krb5_copy_principal()` - -:c:func:`krb5_free_principal()` - -:c:func:`krb5_cc_get_principal()` - -.. - -Comparing - -.. - -:c:func:`krb5_principal_compare()` - -:c:func:`krb5_principal_compare_flags()` - -:c:func:`krb5_principal_compare_any_realm()` - -:c:func:`krb5_sname_match()` - -:c:func:`krb5_sname_to_principal()` - -.. - - -Parsing: - -.. - -:c:func:`krb5_parse_name()` - -:c:func:`krb5_parse_name_flags()` - -:c:func:`krb5_unparse_name()` - -:c:func:`krb5_unparse_name_flags()` - -.. - -Utilities: - -.. - -:c:func:`krb5_is_config_principal()` - -:c:func:`krb5_kuserok()` - -:c:func:`krb5_set_password()` - -:c:func:`krb5_set_password_using_ccache()` - -:c:func:`krb5_set_principal_realm()` - -:c:func:`krb5_realm_compare()` - -.. diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/index.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/index.rst.txt deleted file mode 100644 index d12be47c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/index.rst.txt +++ /dev/null @@ -1,413 +0,0 @@ -krb5 API -======== - - -Frequently used public interfaces ----------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb5_build_principal.rst - krb5_build_principal_alloc_va.rst - krb5_build_principal_ext.rst - krb5_cc_close.rst - krb5_cc_default.rst - krb5_cc_default_name.rst - krb5_cc_destroy.rst - krb5_cc_dup.rst - krb5_cc_get_name.rst - krb5_cc_get_principal.rst - krb5_cc_get_type.rst - krb5_cc_initialize.rst - krb5_cc_new_unique.rst - krb5_cc_resolve.rst - krb5_change_password.rst - krb5_chpw_message.rst - krb5_expand_hostname.rst - krb5_free_context.rst - krb5_free_error_message.rst - krb5_free_principal.rst - krb5_fwd_tgt_creds.rst - krb5_get_default_realm.rst - krb5_get_error_message.rst - krb5_get_host_realm.rst - krb5_get_credentials.rst - krb5_get_fallback_host_realm.rst - krb5_get_init_creds_keytab.rst - krb5_get_init_creds_opt_alloc.rst - krb5_get_init_creds_opt_free.rst - krb5_get_init_creds_opt_get_fast_flags.rst - krb5_get_init_creds_opt_set_address_list.rst - krb5_get_init_creds_opt_set_anonymous.rst - krb5_get_init_creds_opt_set_canonicalize.rst - krb5_get_init_creds_opt_set_change_password_prompt.rst - krb5_get_init_creds_opt_set_etype_list.rst - krb5_get_init_creds_opt_set_expire_callback.rst - krb5_get_init_creds_opt_set_fast_ccache.rst - krb5_get_init_creds_opt_set_fast_ccache_name.rst - krb5_get_init_creds_opt_set_fast_flags.rst - krb5_get_init_creds_opt_set_forwardable.rst - krb5_get_init_creds_opt_set_in_ccache.rst - krb5_get_init_creds_opt_set_out_ccache.rst - krb5_get_init_creds_opt_set_pa.rst - krb5_get_init_creds_opt_set_pac_request.rst - krb5_get_init_creds_opt_set_preauth_list.rst - krb5_get_init_creds_opt_set_proxiable.rst - krb5_get_init_creds_opt_set_renew_life.rst - krb5_get_init_creds_opt_set_responder.rst - krb5_get_init_creds_opt_set_salt.rst - krb5_get_init_creds_opt_set_tkt_life.rst - krb5_get_init_creds_password.rst - krb5_get_profile.rst - krb5_get_prompt_types.rst - krb5_get_renewed_creds.rst - krb5_get_validated_creds.rst - krb5_init_context.rst - krb5_init_secure_context.rst - krb5_is_config_principal.rst - krb5_is_thread_safe.rst - krb5_kt_close.rst - krb5_kt_client_default.rst - krb5_kt_default.rst - krb5_kt_default_name.rst - krb5_kt_dup.rst - krb5_kt_get_name.rst - krb5_kt_get_type.rst - krb5_kt_resolve.rst - krb5_kuserok.rst - krb5_parse_name.rst - krb5_parse_name_flags.rst - krb5_principal_compare.rst - krb5_principal_compare_any_realm.rst - krb5_principal_compare_flags.rst - krb5_prompter_posix.rst - krb5_realm_compare.rst - krb5_responder_get_challenge.rst - krb5_responder_list_questions.rst - krb5_responder_set_answer.rst - krb5_responder_otp_get_challenge.rst - krb5_responder_otp_set_answer.rst - krb5_responder_otp_challenge_free.rst - krb5_responder_pkinit_get_challenge.rst - krb5_responder_pkinit_set_answer.rst - krb5_responder_pkinit_challenge_free.rst - krb5_set_default_realm.rst - krb5_set_password.rst - krb5_set_password_using_ccache.rst - krb5_set_principal_realm.rst - krb5_set_trace_callback.rst - krb5_set_trace_filename.rst - krb5_sname_match.rst - krb5_sname_to_principal.rst - krb5_unparse_name.rst - krb5_unparse_name_ext.rst - krb5_unparse_name_flags.rst - krb5_unparse_name_flags_ext.rst - krb5_us_timeofday.rst - krb5_verify_authdata_kdc_issued.rst - -Rarely used public interfaces --------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb5_425_conv_principal.rst - krb5_524_conv_principal.rst - krb5_address_compare.rst - krb5_address_order.rst - krb5_address_search.rst - krb5_allow_weak_crypto.rst - krb5_aname_to_localname.rst - krb5_anonymous_principal.rst - krb5_anonymous_realm.rst - krb5_appdefault_boolean.rst - krb5_appdefault_string.rst - krb5_auth_con_free.rst - krb5_auth_con_genaddrs.rst - krb5_auth_con_get_checksum_func.rst - krb5_auth_con_getaddrs.rst - krb5_auth_con_getauthenticator.rst - krb5_auth_con_getflags.rst - krb5_auth_con_getkey.rst - krb5_auth_con_getkey_k.rst - krb5_auth_con_getlocalseqnumber.rst - krb5_auth_con_getrcache.rst - krb5_auth_con_getrecvsubkey.rst - krb5_auth_con_getrecvsubkey_k.rst - krb5_auth_con_getremoteseqnumber.rst - krb5_auth_con_getsendsubkey.rst - krb5_auth_con_getsendsubkey_k.rst - krb5_auth_con_init.rst - krb5_auth_con_set_checksum_func.rst - krb5_auth_con_set_req_cksumtype.rst - krb5_auth_con_setaddrs.rst - krb5_auth_con_setflags.rst - krb5_auth_con_setports.rst - krb5_auth_con_setrcache.rst - krb5_auth_con_setrecvsubkey.rst - krb5_auth_con_setrecvsubkey_k.rst - krb5_auth_con_setsendsubkey.rst - krb5_auth_con_setsendsubkey_k.rst - krb5_auth_con_setuseruserkey.rst - krb5_cc_cache_match.rst - krb5_cc_copy_creds.rst - krb5_cc_end_seq_get.rst - krb5_cc_get_config.rst - krb5_cc_get_flags.rst - krb5_cc_get_full_name.rst - krb5_cc_move.rst - krb5_cc_next_cred.rst - krb5_cc_remove_cred.rst - krb5_cc_retrieve_cred.rst - krb5_cc_select.rst - krb5_cc_set_config.rst - krb5_cc_set_default_name.rst - krb5_cc_set_flags.rst - krb5_cc_start_seq_get.rst - krb5_cc_store_cred.rst - krb5_cc_support_switch.rst - krb5_cc_switch.rst - krb5_cccol_cursor_free.rst - krb5_cccol_cursor_new.rst - krb5_cccol_cursor_next.rst - krb5_cccol_have_content.rst - krb5_clear_error_message.rst - krb5_check_clockskew.rst - krb5_copy_addresses.rst - krb5_copy_authdata.rst - krb5_copy_authenticator.rst - krb5_copy_checksum.rst - krb5_copy_context.rst - krb5_copy_creds.rst - krb5_copy_data.rst - krb5_copy_error_message.rst - krb5_copy_keyblock.rst - krb5_copy_keyblock_contents.rst - krb5_copy_principal.rst - krb5_copy_ticket.rst - krb5_find_authdata.rst - krb5_free_addresses.rst - krb5_free_ap_rep_enc_part.rst - krb5_free_authdata.rst - krb5_free_authenticator.rst - krb5_free_cred_contents.rst - krb5_free_creds.rst - krb5_free_data.rst - krb5_free_data_contents.rst - krb5_free_default_realm.rst - krb5_free_enctypes.rst - krb5_free_error.rst - krb5_free_host_realm.rst - krb5_free_keyblock.rst - krb5_free_keyblock_contents.rst - krb5_free_keytab_entry_contents.rst - krb5_free_string.rst - krb5_free_ticket.rst - krb5_free_unparsed_name.rst - krb5_get_etype_info.rst - krb5_get_permitted_enctypes.rst - krb5_get_server_rcache.rst - krb5_get_time_offsets.rst - krb5_init_context_profile.rst - krb5_init_creds_free.rst - krb5_init_creds_get.rst - krb5_init_creds_get_creds.rst - krb5_init_creds_get_error.rst - krb5_init_creds_get_times.rst - krb5_init_creds_init.rst - krb5_init_creds_set_keytab.rst - krb5_init_creds_set_password.rst - krb5_init_creds_set_service.rst - krb5_init_creds_step.rst - krb5_init_keyblock.rst - krb5_is_referral_realm.rst - krb5_kdc_sign_ticket.rst - krb5_kdc_verify_ticket.rst - krb5_kt_add_entry.rst - krb5_kt_end_seq_get.rst - krb5_kt_get_entry.rst - krb5_kt_have_content.rst - krb5_kt_next_entry.rst - krb5_kt_read_service_key.rst - krb5_kt_remove_entry.rst - krb5_kt_start_seq_get.rst - krb5_make_authdata_kdc_issued.rst - krb5_marshal_credentials.rst - krb5_merge_authdata.rst - krb5_mk_1cred.rst - krb5_mk_error.rst - krb5_mk_ncred.rst - krb5_mk_priv.rst - krb5_mk_rep.rst - krb5_mk_rep_dce.rst - krb5_mk_req.rst - krb5_mk_req_extended.rst - krb5_mk_safe.rst - krb5_os_localaddr.rst - krb5_pac_add_buffer.rst - krb5_pac_free.rst - krb5_pac_get_buffer.rst - krb5_pac_get_types.rst - krb5_pac_init.rst - krb5_pac_parse.rst - krb5_pac_sign.rst - krb5_pac_sign_ext.rst - krb5_pac_verify.rst - krb5_pac_verify_ext.rst - krb5_pac_get_client_info.rst - krb5_prepend_error_message.rst - krb5_principal2salt.rst - krb5_rd_cred.rst - krb5_rd_error.rst - krb5_rd_priv.rst - krb5_rd_rep.rst - krb5_rd_rep_dce.rst - krb5_rd_req.rst - krb5_rd_safe.rst - krb5_read_password.rst - krb5_salttype_to_string.rst - krb5_server_decrypt_ticket_keytab.rst - krb5_set_default_tgs_enctypes.rst - krb5_set_error_message.rst - krb5_set_kdc_recv_hook.rst - krb5_set_kdc_send_hook.rst - krb5_set_real_time.rst - krb5_string_to_cksumtype.rst - krb5_string_to_deltat.rst - krb5_string_to_enctype.rst - krb5_string_to_salttype.rst - krb5_string_to_timestamp.rst - krb5_timeofday.rst - krb5_timestamp_to_sfstring.rst - krb5_timestamp_to_string.rst - krb5_tkt_creds_free.rst - krb5_tkt_creds_get.rst - krb5_tkt_creds_get_creds.rst - krb5_tkt_creds_get_times.rst - krb5_tkt_creds_init.rst - krb5_tkt_creds_step.rst - krb5_unmarshal_credentials.rst - krb5_verify_init_creds.rst - krb5_verify_init_creds_opt_init.rst - krb5_verify_init_creds_opt_set_ap_req_nofail.rst - krb5_vprepend_error_message.rst - krb5_vset_error_message.rst - krb5_vwrap_error_message.rst - krb5_wrap_error_message.rst - - -Public interfaces that should not be called directly -------------------------------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb5_c_block_size.rst - krb5_c_checksum_length.rst - krb5_c_crypto_length.rst - krb5_c_crypto_length_iov.rst - krb5_c_decrypt.rst - krb5_c_decrypt_iov.rst - krb5_c_derive_prfplus.rst - krb5_c_encrypt.rst - krb5_c_encrypt_iov.rst - krb5_c_encrypt_length.rst - krb5_c_enctype_compare.rst - krb5_c_free_state.rst - krb5_c_fx_cf2_simple.rst - krb5_c_init_state.rst - krb5_c_is_coll_proof_cksum.rst - krb5_c_is_keyed_cksum.rst - krb5_c_keyed_checksum_types.rst - krb5_c_keylengths.rst - krb5_c_make_checksum.rst - krb5_c_make_checksum_iov.rst - krb5_c_make_random_key.rst - krb5_c_padding_length.rst - krb5_c_prf.rst - krb5_c_prfplus.rst - krb5_c_prf_length.rst - krb5_c_random_add_entropy.rst - krb5_c_random_make_octets.rst - krb5_c_random_os_entropy.rst - krb5_c_random_to_key.rst - krb5_c_string_to_key.rst - krb5_c_string_to_key_with_params.rst - krb5_c_valid_cksumtype.rst - krb5_c_valid_enctype.rst - krb5_c_verify_checksum.rst - krb5_c_verify_checksum_iov.rst - krb5_cksumtype_to_string.rst - krb5_decode_authdata_container.rst - krb5_decode_ticket.rst - krb5_deltat_to_string.rst - krb5_encode_authdata_container.rst - krb5_enctype_to_name.rst - krb5_enctype_to_string.rst - krb5_free_checksum.rst - krb5_free_checksum_contents.rst - krb5_free_cksumtypes.rst - krb5_free_tgt_creds.rst - krb5_k_create_key.rst - krb5_k_decrypt.rst - krb5_k_decrypt_iov.rst - krb5_k_encrypt.rst - krb5_k_encrypt_iov.rst - krb5_k_free_key.rst - krb5_k_key_enctype.rst - krb5_k_key_keyblock.rst - krb5_k_make_checksum.rst - krb5_k_make_checksum_iov.rst - krb5_k_prf.rst - krb5_k_reference_key.rst - krb5_k_verify_checksum.rst - krb5_k_verify_checksum_iov.rst - - -Legacy convenience interfaces ------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb5_recvauth.rst - krb5_recvauth_version.rst - krb5_sendauth.rst - - -Deprecated public interfaces ------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb5_524_convert_creds.rst - krb5_auth_con_getlocalsubkey.rst - krb5_auth_con_getremotesubkey.rst - krb5_auth_con_initivector.rst - krb5_build_principal_va.rst - krb5_c_random_seed.rst - krb5_calculate_checksum.rst - krb5_checksum_size.rst - krb5_encrypt.rst - krb5_decrypt.rst - krb5_eblock_enctype.rst - krb5_encrypt_size.rst - krb5_finish_key.rst - krb5_finish_random_key.rst - krb5_cc_gen_new.rst - krb5_get_credentials_renew.rst - krb5_get_credentials_validate.rst - krb5_get_in_tkt_with_password.rst - krb5_get_in_tkt_with_skey.rst - krb5_get_in_tkt_with_keytab.rst - krb5_get_init_creds_opt_init.rst - krb5_init_random_key.rst - krb5_kt_free_entry.rst - krb5_random_key.rst - krb5_process_key.rst - krb5_string_to_key.rst - krb5_use_enctype.rst - krb5_verify_checksum.rst diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_425_conv_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_425_conv_principal.rst.txt deleted file mode 100644 index 6673b5bd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_425_conv_principal.rst.txt +++ /dev/null @@ -1,59 +0,0 @@ -krb5_425_conv_principal - Convert a Kerberos V4 principal to a Kerberos V5 principal. -======================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_425_conv_principal(krb5_context context, const char * name, const char * instance, const char * realm, krb5_principal * princ) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **name** - V4 name - - **[in]** **instance** - V4 instance - - **[in]** **realm** - Realm - - **[out]** **princ** - V5 principal - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function builds a *princ* from V4 specification based on given input *name.instance@realm* . - - - -Use krb5_free_principal() to free *princ* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_524_conv_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_524_conv_principal.rst.txt deleted file mode 100644 index 14b2fc10..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_524_conv_principal.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -krb5_524_conv_principal - Convert a Kerberos V5 principal to a Kerberos V4 principal. -======================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, char * name, char * inst, char * realm) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **princ** - V5 Principal - - **[out]** **name** - V4 principal's name to be filled in - - **[out]** **inst** - V4 principal's instance name to be filled in - - **[out]** **realm** - Principal's realm name to be filled in - - -.. - - -:retval: - - 0 Success - - KRB5_INVALID_PRINCIPAL Invalid principal name - - KRB5_CONFIG_CANTOPEN Can't open or find Kerberos configuration file - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function separates a V5 principal *princ* into *name* , *instance* , and *realm* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_524_convert_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_524_convert_creds.rst.txt deleted file mode 100644 index f8d96f0d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_524_convert_creds.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_524_convert_creds - Convert a Kerberos V5 credentials to a Kerberos V4 credentials. -========================================================================================== - -.. - -.. c:function:: int krb5_524_convert_creds(krb5_context context, krb5_creds * v5creds, struct credentials * v4creds) - -.. - - -:param: - - **context** - - **v5creds** - - **v4creds** - - -.. - - -:retval: - - KRB524_KRB4_DISABLED (always) - - -.. - - - - - - - - - - - - - - -.. - - - - - - -.. note:: - - Not implemented - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_compare.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_compare.rst.txt deleted file mode 100644 index 7665fc70..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_compare.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_address_compare - Compare two Kerberos addresses. -======================================================== - -.. - -.. c:function:: krb5_boolean krb5_address_compare(krb5_context context, const krb5_address * addr1, const krb5_address * addr2) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **addr1** - First address to be compared - - **[in]** **addr2** - Second address to be compared - - -.. - - - -:return: - - TRUE if the addresses are the same, FALSE otherwise - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_order.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_order.rst.txt deleted file mode 100644 index 2ba9aab6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_order.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_address_order - Return an ordering of the specified addresses. -===================================================================== - -.. - -.. c:function:: int krb5_address_order(krb5_context context, const krb5_address * addr1, const krb5_address * addr2) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **addr1** - First address - - **[in]** **addr2** - Second address - - -.. - - -:retval: - - 0 if The two addresses are the same - - < 0 First address is less than second - - > 0 First address is greater than second - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_search.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_search.rst.txt deleted file mode 100644 index 2bc68c49..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_address_search.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_address_search - Search a list of addresses for a specified address. -=========================================================================== - -.. - -.. c:function:: krb5_boolean krb5_address_search(krb5_context context, const krb5_address * addr, krb5_address *const * addrlist) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **addr** - Address to search for - - **[in]** **addrlist** - Address list to be searched (or NULL) - - -.. - - - -:return: - - TRUE if addr is listed in addrlist , or addrlist is NULL; FALSE otherwise - -.. - - - - - - - - - - - - - - -.. - - - - - - -.. note:: - - If *addrlist* contains only a NetBIOS addresses, it will be treated as a null list. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_allow_weak_crypto.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_allow_weak_crypto.rst.txt deleted file mode 100644 index 87e69ed2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_allow_weak_crypto.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_allow_weak_crypto - Allow the application to override the profile's allow_weak_crypto setting. -===================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_allow_weak_crypto(krb5_context context, krb5_boolean enable) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enable** - Boolean flag - - -.. - - -:retval: - - 0 (always) - - -.. - - - - - - - -This function allows an application to override the allow_weak_crypto setting. It is primarily for use by aklog. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_aname_to_localname.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_aname_to_localname.rst.txt deleted file mode 100644 index c6162940..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_aname_to_localname.rst.txt +++ /dev/null @@ -1,61 +0,0 @@ -krb5_aname_to_localname - Convert a principal name to a local name. -===================================================================== - -.. - -.. c:function:: krb5_error_code krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int lnsize_in, char * lname) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **aname** - Principal name - - **[in]** **lnsize_in** - Space available in *lname* - - **[out]** **lname** - Local name buffer to be filled in - - -.. - - -:retval: - - 0 Success - - System errors - - -:return: - - Kerberos error codes - -.. - - - - - - - -If *aname* does not correspond to any local account, KRB5_LNAME_NOTRANS is returned. If *lnsize_in* is too small for the local name, KRB5_CONFIG_NOTENUFSPACE is returned. - - - -Local names, rather than principal names, can be used by programs that translate to an environment-specific name (for example, a user account name). - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_anonymous_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_anonymous_principal.rst.txt deleted file mode 100644 index 0b715e11..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_anonymous_principal.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_anonymous_principal - Build an anonymous principal. -========================================================== - -.. - -.. c:function:: krb5_const_principal krb5_anonymous_principal(void None) - -.. - - -:param: - - **None** - - -.. - - - -.. - - - - - - - -This function returns constant storage that must not be freed. - - - - - - - - - - -.. - -.. seealso:: - #KRB5_ANONYMOUS_PRINCSTR - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_anonymous_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_anonymous_realm.rst.txt deleted file mode 100644 index ec3cc4e3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_anonymous_realm.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_anonymous_realm - Return an anonymous realm data. -======================================================== - -.. - -.. c:function:: const krb5_data * krb5_anonymous_realm(void None) - -.. - - -:param: - - **None** - - -.. - - - -.. - - - - - - - -This function returns constant storage that must not be freed. - - - - - - - - - - -.. - -.. seealso:: - #KRB5_ANONYMOUS_REALMSTR - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_appdefault_boolean.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_appdefault_boolean.rst.txt deleted file mode 100644 index 60802e5b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_appdefault_boolean.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_appdefault_boolean - Retrieve a boolean value from the appdefaults section of krb5.conf. -=============================================================================================== - -.. - -.. c:function:: void krb5_appdefault_boolean(krb5_context context, const char * appname, const krb5_data * realm, const char * option, int default_value, int * ret_value) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **appname** - Application name - - **[in]** **realm** - Realm name - - **[in]** **option** - Option to be checked - - **[in]** **default_value** - Default value to return if no match is found - - **[out]** **ret_value** - Boolean value of *option* - - -.. - - - -.. - - - - - - - -This function gets the application defaults for *option* based on the given *appname* and/or *realm* . - - - - - - - - - - -.. - -.. seealso:: - krb5_appdefault_string() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_appdefault_string.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_appdefault_string.rst.txt deleted file mode 100644 index 1909f1b3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_appdefault_string.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_appdefault_string - Retrieve a string value from the appdefaults section of krb5.conf. -============================================================================================= - -.. - -.. c:function:: void krb5_appdefault_string(krb5_context context, const char * appname, const krb5_data * realm, const char * option, const char * default_value, char ** ret_value) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **appname** - Application name - - **[in]** **realm** - Realm name - - **[in]** **option** - Option to be checked - - **[in]** **default_value** - Default value to return if no match is found - - **[out]** **ret_value** - String value of *option* - - -.. - - - -.. - - - - - - - -This function gets the application defaults for *option* based on the given *appname* and/or *realm* . - - - - - - - - - - -.. - -.. seealso:: - krb5_appdefault_boolean() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_free.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_free.rst.txt deleted file mode 100644 index 93a8d690..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_free.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_auth_con_free - Free a krb5_auth_context structure. -========================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context to be freed - - -.. - - -:retval: - - 0 (always) - - -.. - - - - - - - -This function frees an auth context allocated by krb5_auth_con_init(). - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_genaddrs.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_genaddrs.rst.txt deleted file mode 100644 index f61c2318..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_genaddrs.rst.txt +++ /dev/null @@ -1,66 +0,0 @@ -krb5_auth_con_genaddrs - Generate auth context addresses from a connected socket. -=================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context, int infd, int flags) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **infd** - Connected socket descriptor - - **[in]** **flags** - Flags - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function sets the local and/or remote addresses in *auth_context* based on the local and remote endpoints of the socket *infd* . The following flags determine the operations performed: - - - - - - - #KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR Generate local address. - - - - #KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR Generate remote address. - - - - #KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR Generate local address and port. - - - - #KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR Generate remote address and port. - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_get_checksum_func.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_get_checksum_func.rst.txt deleted file mode 100644 index e3a42742..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_get_checksum_func.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_auth_con_get_checksum_func - Get the checksum callback from an auth context. -=================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_get_checksum_func(krb5_context context, krb5_auth_context auth_context, krb5_mk_req_checksum_func * func, void ** data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **func** - Checksum callback - - **[out]** **data** - Callback argument - - -.. - - -:retval: - - 0 (always) - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getaddrs.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getaddrs.rst.txt deleted file mode 100644 index 12252940..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getaddrs.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_auth_con_getaddrs - Retrieve address fields from an auth context. -======================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address ** local_addr, krb5_address ** remote_addr) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **local_addr** - Local address (NULL if not needed) - - **[out]** **remote_addr** - Remote address (NULL if not needed) - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getauthenticator.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getauthenticator.rst.txt deleted file mode 100644 index 0e67df91..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getauthenticator.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_getauthenticator - Retrieve the authenticator from an auth context. -=================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context, krb5_authenticator ** authenticator) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **authenticator** - Authenticator - - -.. - - -:retval: - - 0 Success. Otherwise - Kerberos error codes - - -.. - - - - - - - -Use krb5_free_authenticator() to free *authenticator* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getflags.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getflags.rst.txt deleted file mode 100644 index db9020e2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getflags.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -krb5_auth_con_getflags - Retrieve flags from a krb5_auth_context structure. -============================================================================= - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getflags(krb5_context context, krb5_auth_context auth_context, krb5_int32 * flags) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **flags** - Flags bit mask - - -.. - - -:retval: - - 0 (always) - - -.. - - - - - - - -Valid values for *flags* are: - - - #KRB5_AUTH_CONTEXT_DO_TIME Use timestamps - - - - #KRB5_AUTH_CONTEXT_RET_TIME Save timestamps - - - - #KRB5_AUTH_CONTEXT_DO_SEQUENCE Use sequence numbers - - - - #KRB5_AUTH_CONTEXT_RET_SEQUENCE Save sequence numbers - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey.rst.txt deleted file mode 100644 index b5abc855..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_getkey - Retrieve the session key from an auth context as a keyblock. -===================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock ** keyblock) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **keyblock** - Session key - - -.. - - -:retval: - - 0 Success. Otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a keyblock containing the session key from *auth_context* . Use krb5_free_keyblock() to free *keyblock* when it is no longer needed - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey_k.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey_k.rst.txt deleted file mode 100644 index 4d87db92..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getkey_k.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_getkey_k - Retrieve the session key from an auth context. -========================================================================= - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getkey_k(krb5_context context, krb5_auth_context auth_context, krb5_key * key) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **key** - Session key - - -.. - - -:retval: - - 0 (always) - - -.. - - - - - - - -This function sets *key* to the session key from *auth_context* . Use krb5_k_free_key() to release *key* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalseqnumber.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalseqnumber.rst.txt deleted file mode 100644 index 0b340a3f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalseqnumber.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_getlocalseqnumber - Retrieve the local sequence number from an auth context. -============================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_context auth_context, krb5_int32 * seqnumber) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **seqnumber** - Local sequence number - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Retrieve the local sequence number from *auth_context* and return it in *seqnumber* . The #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag must be set in *auth_context* for this function to be useful. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalsubkey.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalsubkey.rst.txt deleted file mode 100644 index a938d749..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getlocalsubkey.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_auth_con_getlocalsubkey -============================ - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getlocalsubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock ** keyblock) - -.. - - -:param: - - **context** - - **auth_context** - - **keyblock** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_auth_con_getsendsubkey(). - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrcache.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrcache.rst.txt deleted file mode 100644 index c5066364..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrcache.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_getrcache - Retrieve the replay cache from an auth context. -=========================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache * rcache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **rcache** - Replay cache handle - - -.. - - -:retval: - - 0 (always) - - -.. - - - - - - - -This function fetches the replay cache from *auth_context* . The caller should not close *rcache* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey.rst.txt deleted file mode 100644 index ece6d0c1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_getrecvsubkey - Retrieve the receiving subkey from an auth context as a keyblock. -================================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock ** keyblock) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **ac** - Authentication context - - **[out]** **keyblock** - Receiving subkey - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a keyblock containing the receiving subkey from *auth_context* . Use krb5_free_keyblock() to free *keyblock* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.rst.txt deleted file mode 100644 index 7caf5b03..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_getrecvsubkey_k - Retrieve the receiving subkey from an auth context as a keyblock. -=================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getrecvsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key * key) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **ac** - Authentication context - - **[out]** **key** - Receiving subkey - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function sets *key* to the receiving subkey from *auth_context* . Use krb5_k_free_key() to release *key* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremoteseqnumber.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremoteseqnumber.rst.txt deleted file mode 100644 index 8f2a7ffd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremoteseqnumber.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_getremoteseqnumber - Retrieve the remote sequence number from an auth context. -============================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getremoteseqnumber(krb5_context context, krb5_auth_context auth_context, krb5_int32 * seqnumber) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **seqnumber** - Remote sequence number - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Retrieve the remote sequence number from *auth_context* and return it in *seqnumber* . The #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag must be set in *auth_context* for this function to be useful. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremotesubkey.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremotesubkey.rst.txt deleted file mode 100644 index 25f42d90..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getremotesubkey.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_auth_con_getremotesubkey -============================= - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getremotesubkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock ** keyblock) - -.. - - -:param: - - **context** - - **auth_context** - - **keyblock** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_auth_con_getrecvsubkey(). - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey.rst.txt deleted file mode 100644 index fa7c6cf9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_getsendsubkey - Retrieve the send subkey from an auth context as a keyblock. -============================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock ** keyblock) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **ac** - Authentication context - - **[out]** **keyblock** - Send subkey - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a keyblock containing the send subkey from *auth_context* . Use krb5_free_keyblock() to free *keyblock* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey_k.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey_k.rst.txt deleted file mode 100644 index bfbbf574..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_getsendsubkey_k.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_getsendsubkey_k - Retrieve the send subkey from an auth context. -================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_auth_con_getsendsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key * key) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **ac** - Authentication context - - **[out]** **key** - Send subkey - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function sets *key* to the send subkey from *auth_context* . Use krb5_k_free_key() to release *key* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_init.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_init.rst.txt deleted file mode 100644 index 9f61f30b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_init.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_auth_con_init - Create and initialize an authentication context. -======================================================================= - -.. - -.. c:function:: krb5_error_code krb5_auth_con_init(krb5_context context, krb5_auth_context * auth_context) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **auth_context** - Authentication context - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates an authentication context to hold configuration and state relevant to krb5 functions for authenticating principals and protecting messages once authentication has occurred. - - - -By default, flags for the context are set to enable the use of the replay cache (#KRB5_AUTH_CONTEXT_DO_TIME), but not sequence numbers. Use krb5_auth_con_setflags() to change the flags. - - - -The allocated *auth_context* must be freed with krb5_auth_con_free() when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_initivector.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_initivector.rst.txt deleted file mode 100644 index 31e8403d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_initivector.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_auth_con_initivector - Cause an auth context to use cipher state. -======================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Prepare *auth_context* to use cipher state when krb5_mk_priv() or krb5_rd_priv() encrypt or decrypt data. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_checksum_func.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_checksum_func.rst.txt deleted file mode 100644 index c7f19f0d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_checksum_func.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_auth_con_set_checksum_func - Set a checksum callback in an auth context. -=============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_set_checksum_func(krb5_context context, krb5_auth_context auth_context, krb5_mk_req_checksum_func func, void * data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **func** - Checksum callback - - **[in]** **data** - Callback argument - - -.. - - -:retval: - - 0 (always) - - -.. - - - - - - - -Set a callback to obtain checksum data in krb5_mk_req(). The callback will be invoked after the subkey and local sequence number are stored in *auth_context* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_req_cksumtype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_req_cksumtype.rst.txt deleted file mode 100644 index 4a79bfd6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_set_req_cksumtype.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_set_req_cksumtype - Set checksum type in an an auth context. -============================================================================ - -.. - -.. c:function:: krb5_error_code krb5_auth_con_set_req_cksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype cksumtype) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **cksumtype** - Checksum type - - -.. - - -:retval: - - 0 Success. Otherwise - Kerberos error codes - - -.. - - - - - - - -This function sets the checksum type in *auth_context* to be used by krb5_mk_req() for the authenticator checksum. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setaddrs.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setaddrs.rst.txt deleted file mode 100644 index 0a9a8e80..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setaddrs.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_auth_con_setaddrs - Set the local and remote addresses in an auth context. -================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address * local_addr, krb5_address * remote_addr) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **local_addr** - Local address - - **[in]** **remote_addr** - Remote address - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function releases the storage assigned to the contents of the local and remote addresses of *auth_context* and then sets them to *local_addr* and *remote_addr* respectively. - - - - - - - - - - -.. - -.. seealso:: - krb5_auth_con_genaddrs() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setflags.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setflags.rst.txt deleted file mode 100644 index d8cb6e71..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setflags.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -krb5_auth_con_setflags - Set a flags field in a krb5_auth_context structure. -============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_setflags(krb5_context context, krb5_auth_context auth_context, krb5_int32 flags) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **flags** - Flags bit mask - - -.. - - -:retval: - - 0 (always) - - -.. - - - - - - - -Valid values for *flags* are: - - - #KRB5_AUTH_CONTEXT_DO_TIME Use timestamps - - - - #KRB5_AUTH_CONTEXT_RET_TIME Save timestamps - - - - #KRB5_AUTH_CONTEXT_DO_SEQUENCE Use sequence numbers - - - - #KRB5_AUTH_CONTEXT_RET_SEQUENCE Save sequence numbers - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setports.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setports.rst.txt deleted file mode 100644 index e64c4219..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setports.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_auth_con_setports - Set local and remote port fields in an auth context. -=============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_setports(krb5_context context, krb5_auth_context auth_context, krb5_address * local_port, krb5_address * remote_port) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **local_port** - Local port - - **[in]** **remote_port** - Remote port - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function releases the storage assigned to the contents of the local and remote ports of *auth_context* and then sets them to *local_port* and *remote_port* respectively. - - - - - - - - - - -.. - -.. seealso:: - krb5_auth_con_genaddrs() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrcache.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrcache.rst.txt deleted file mode 100644 index 0a37e8ae..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrcache.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_setrcache - Set the replay cache in an auth context. -==================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_setrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache rcache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **rcache** - Replay cache haddle - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function sets the replay cache in *auth_context* to *rcache* . *rcache* will be closed when *auth_context* is freed, so the caller should relinquish that responsibility. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey.rst.txt deleted file mode 100644 index 7e43d914..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_setrecvsubkey - Set the receiving subkey in an auth context with a keyblock. -============================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_auth_con_setrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock * keyblock) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **ac** - Authentication context - - **[in]** **keyblock** - Receiving subkey - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function sets the receiving subkey in *ac* to a copy of *keyblock* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.rst.txt deleted file mode 100644 index feafaabf..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_auth_con_setrecvsubkey_k - Set the receiving subkey in an auth context. -============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_setrecvsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key key) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **ac** - Authentication context - - **[in]** **key** - Receiving subkey - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function sets the receiving subkey in *ac* to *key* , incrementing its reference count. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey.rst.txt deleted file mode 100644 index 47f746b5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_auth_con_setsendsubkey - Set the send subkey in an auth context with a keyblock. -======================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_auth_con_setsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock * keyblock) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **ac** - Authentication context - - **[in]** **keyblock** - Send subkey - - -.. - - -:retval: - - 0 Success. Otherwise - Kerberos error codes - - -.. - - - - - - - -This function sets the send subkey in *ac* to a copy of *keyblock* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey_k.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey_k.rst.txt deleted file mode 100644 index 59fd7392..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setsendsubkey_k.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_auth_con_setsendsubkey_k - Set the send subkey in an auth context. -========================================================================= - -.. - -.. c:function:: krb5_error_code krb5_auth_con_setsendsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key key) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **ac** - Authentication context - - **[out]** **key** - Send subkey - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function sets the send subkey in *ac* to *key* , incrementing its reference count. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setuseruserkey.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setuseruserkey.rst.txt deleted file mode 100644 index 11d9249d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_auth_con_setuseruserkey.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_auth_con_setuseruserkey - Set the session key in an auth context. -======================================================================== - -.. - -.. c:function:: krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock * keyblock) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **keyblock** - User key - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal.rst.txt deleted file mode 100644 index fddcb462..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal.rst.txt +++ /dev/null @@ -1,72 +0,0 @@ -krb5_build_principal - Build a principal name using null-terminated strings. -============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_build_principal(krb5_context context, krb5_principal * princ, unsigned int rlen, const char * realm, ... ) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **princ** - Principal name - - **[in]** **rlen** - Realm name length - - **[in]** **realm** - Realm name - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Call krb5_free_principal() to free *princ* when it is no longer needed. - - - -Beginning with release 1.20, the name type of the principal will be inferred as **KRB5_NT_SRV_INST** or **KRB5_NT_WELLKNOWN** based on the principal name. The type will be **KRB5_NT_PRINCIPAL** if a type cannot be inferred. - - - - - - - - - - - - - - -.. - - - - - - -.. note:: - - krb5_build_principal() and krb5_build_principal_alloc_va() perform the same task. krb5_build_principal() takes variadic arguments. krb5_build_principal_alloc_va() takes a pre-computed *varargs* pointer. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_alloc_va.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_alloc_va.rst.txt deleted file mode 100644 index 904f4161..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_alloc_va.rst.txt +++ /dev/null @@ -1,66 +0,0 @@ -krb5_build_principal_alloc_va - Build a principal name, using a precomputed variable argument list. -===================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_build_principal_alloc_va(krb5_context context, krb5_principal * princ, unsigned int rlen, const char * realm, va_list ap) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **princ** - Principal structure - - **[in]** **rlen** - Realm name length - - **[in]** **realm** - Realm name - - **[in]** **ap** - List of char * components, ending with NULL - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Similar to krb5_build_principal(), this function builds a principal name, but its name components are specified as a va_list. - - - -Use krb5_free_principal() to deallocate *princ* when it is no longer needed. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_ext.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_ext.rst.txt deleted file mode 100644 index 6f1b3ba6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_ext.rst.txt +++ /dev/null @@ -1,64 +0,0 @@ -krb5_build_principal_ext - Build a principal name using length-counted strings. -================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_build_principal_ext(krb5_context context, krb5_principal * princ, unsigned int rlen, const char * realm, ... ) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **princ** - Principal name - - **[in]** **rlen** - Realm name length - - **[in]** **realm** - Realm name - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function creates a principal from a length-counted string and a variable-length list of length-counted components. The list of components ends with the first 0 length argument (so it is not possible to specify an empty component with this function). Call krb5_free_principal() to free allocated memory for principal when it is no longer needed. - - - -Beginning with release 1.20, the name type of the principal will be inferred as **KRB5_NT_SRV_INST** or **KRB5_NT_WELLKNOWN** based on the principal name. The type will be **KRB5_NT_PRINCIPAL** if a type cannot be inferred. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_va.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_va.rst.txt deleted file mode 100644 index a30c39f1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_build_principal_va.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -krb5_build_principal_va -======================= - -.. - -.. c:function:: krb5_error_code krb5_build_principal_va(krb5_context context, krb5_principal princ, unsigned int rlen, const char * realm, va_list ap) - -.. - - -:param: - - **context** - - **princ** - - **rlen** - - **realm** - - **ap** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_build_principal_alloc_va(). - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_block_size.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_block_size.rst.txt deleted file mode 100644 index 4c4a13ea..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_block_size.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_c_block_size - Return cipher block size. -=============================================== - -.. - -.. c:function:: krb5_error_code krb5_c_block_size(krb5_context context, krb5_enctype enctype, size_t * blocksize) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[out]** **blocksize** - Block size for *enctype* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_checksum_length.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_checksum_length.rst.txt deleted file mode 100644 index 644e34bf..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_checksum_length.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_c_checksum_length - Return the length of checksums for a checksum type. -============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype, size_t * length) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cksumtype** - Checksum type - - **[out]** **length** - Checksum length - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length.rst.txt deleted file mode 100644 index 5a38d3b0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_c_crypto_length - Return a length of a message field specific to the encryption type. -============================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_c_crypto_length(krb5_context context, krb5_enctype enctype, krb5_cryptotype type, unsigned int * size) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[in]** **type** - Type field (See KRB5_CRYPTO_TYPE macros) - - **[out]** **size** - Length of the *type* specific to *enctype* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length_iov.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length_iov.rst.txt deleted file mode 100644 index cb4d18d1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_crypto_length_iov.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_c_crypto_length_iov - Fill in lengths for header, trailer and padding in a IOV array. -============================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype, krb5_crypto_iov * data, size_t num_data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[inout]** **data** - IOV array - - **[in]** **num_data** - Size of *data* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Padding is set to the actual padding required based on the provided *data* buffers. Typically this API is used after setting up the data buffers and #KRB5_CRYPTO_TYPE_SIGN_ONLY buffers, but before actually allocating header, trailer and padding. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_decrypt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_decrypt.rst.txt deleted file mode 100644 index e8371559..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_decrypt.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -krb5_c_decrypt - Decrypt data using a key (operates on keyblock). -=================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_decrypt(krb5_context context, const krb5_keyblock * key, krb5_keyusage usage, const krb5_data * cipher_state, const krb5_enc_data * input, krb5_data * output) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Encryption key - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[inout]** **cipher_state** - Cipher state; specify NULL if not needed - - **[in]** **input** - Encrypted data - - **[out]** **output** - Decrypted data - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function decrypts the data block *input* and stores the output into *output* . The actual decryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. - - - - - - - - - - -.. - - - - - - -.. note:: - - The caller must initialize *output* and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let krb5_c_decrypt() trim *output->length* . For some enctypes, the resulting *output->length* may include padding bytes. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_decrypt_iov.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_decrypt_iov.rst.txt deleted file mode 100644 index 96dd9a25..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_decrypt_iov.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_c_decrypt_iov - Decrypt data in place supporting AEAD (operates on keyblock). -==================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_decrypt_iov(krb5_context context, const krb5_keyblock * keyblock, krb5_keyusage usage, const krb5_data * cipher_state, krb5_crypto_iov * data, size_t num_data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keyblock** - Encryption key - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[in]** **cipher_state** - Cipher state; specify NULL if not needed - - **[inout]** **data** - IOV array. Modified in-place. - - **[in]** **num_data** - Size of *data* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function decrypts the data block *data* and stores the output in-place. The actual decryption key will be derived from *keyblock* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API. - - - - - - - - - - -.. - -.. seealso:: - krb5_c_decrypt_iov() - - - - - - -.. note:: - - On return from a krb5_c_decrypt_iov() call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_derive_prfplus.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_derive_prfplus.rst.txt deleted file mode 100644 index fdb62c50..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_derive_prfplus.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_c_derive_prfplus - Derive a key using some input data (via RFC 6113 PRF+). -================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_c_derive_prfplus(krb5_context context, const krb5_keyblock * k, const krb5_data * input, krb5_enctype enctype, krb5_keyblock ** out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **k** - KDC contribution key - - **[in]** **input** - Input string - - **[in]** **enctype** - Output key enctype (or **ENCTYPE_NULL** ) - - **[out]** **out** - Derived keyblock - - -.. - - - -.. - - - - - - - -This function uses PRF+ as defined in RFC 6113 to derive a key from another key and an input string. If *enctype* is **ENCTYPE_NULL** , the output key will have the same enctype as the input key. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt.rst.txt deleted file mode 100644 index b67a8db6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -krb5_c_encrypt - Encrypt data using a key (operates on keyblock). -=================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_encrypt(krb5_context context, const krb5_keyblock * key, krb5_keyusage usage, const krb5_data * cipher_state, const krb5_data * input, krb5_enc_data * output) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Encryption key - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[inout]** **cipher_state** - Cipher state; specify NULL if not needed - - **[in]** **input** - Data to be encrypted - - **[out]** **output** - Encrypted data - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function encrypts the data block *input* and stores the outputinto *output* . The actual encryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. - - - - - - - - - - -.. - - - - - - -.. note:: - - The caller must initialize *output* and allocate at least enough space for the result (using krb5_c_encrypt_length() to determine the amount of space needed). *output->length* will be set to the actual length of the ciphertext. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_iov.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_iov.rst.txt deleted file mode 100644 index 619bc8c5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_iov.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_c_encrypt_iov - Encrypt data in place supporting AEAD (operates on keyblock). -==================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_encrypt_iov(krb5_context context, const krb5_keyblock * keyblock, krb5_keyusage usage, const krb5_data * cipher_state, krb5_crypto_iov * data, size_t num_data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keyblock** - Encryption key - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[in]** **cipher_state** - Cipher state; specify NULL if not needed - - **[inout]** **data** - IOV array. Modified in-place. - - **[in]** **num_data** - Size of *data* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function encrypts the data block *data* and stores the output in-place. The actual encryption key will be derived from *keyblock* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API. - - - - - - - - - - -.. - -.. seealso:: - krb5_c_decrypt_iov() - - - - - - -.. note:: - - On return from a krb5_c_encrypt_iov() call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_length.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_length.rst.txt deleted file mode 100644 index a459c3a4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_encrypt_length.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_c_encrypt_length - Compute encrypted data length. -======================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype, size_t inputlen, size_t * length) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[in]** **inputlen** - Length of the data to be encrypted - - **[out]** **length** - Length of the encrypted data - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function computes the length of the ciphertext produced by encrypting *inputlen* bytes including padding, confounder, and checksum. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_enctype_compare.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_enctype_compare.rst.txt deleted file mode 100644 index 156cdd23..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_enctype_compare.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_c_enctype_compare - Compare two encryption types. -======================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean * similar) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **e1** - First encryption type - - **[in]** **e2** - Second encryption type - - **[out]** **similar** - **TRUE** if types are similar, **FALSE** if not - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function determines whether two encryption types use the same kind of keys. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_free_state.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_free_state.rst.txt deleted file mode 100644 index 18da478c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_free_state.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_c_free_state - Free a cipher state previously allocated by krb5_c_init_state(). -====================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_free_state(krb5_context context, const krb5_keyblock * key, krb5_data * state) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Key - - **[in]** **state** - Cipher state to be freed - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_fx_cf2_simple.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_fx_cf2_simple.rst.txt deleted file mode 100644 index 0d9cf9d5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_fx_cf2_simple.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_c_fx_cf2_simple - Compute the KRB-FX-CF2 combination of two keys and pepper strings. -=========================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_fx_cf2_simple(krb5_context context, const krb5_keyblock * k1, const char * pepper1, const krb5_keyblock * k2, const char * pepper2, krb5_keyblock ** out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **k1** - KDC contribution key - - **[in]** **pepper1** - String"PKINIT" - - **[in]** **k2** - Reply key - - **[in]** **pepper2** - String"KeyExchange" - - **[out]** **out** - Output key - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function computes the KRB-FX-CF2 function over its inputs and places the results in a newly allocated keyblock. This function is simple in that it assumes that *pepper1* and *pepper2* are C strings with no internal nulls and that the enctype of the result will be the same as that of *k1* . *k1* and *k2* may be of different enctypes. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_init_state.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_init_state.rst.txt deleted file mode 100644 index b6a3065d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_init_state.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_c_init_state - Initialize a new cipher state. -==================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_init_state(krb5_context context, const krb5_keyblock * key, krb5_keyusage usage, krb5_data * new_state) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Key - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[out]** **new_state** - New cipher state - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_is_coll_proof_cksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_is_coll_proof_cksum.rst.txt deleted file mode 100644 index 478f2466..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_is_coll_proof_cksum.rst.txt +++ /dev/null @@ -1,43 +0,0 @@ -krb5_c_is_coll_proof_cksum - Test whether a checksum type is collision-proof. -=============================================================================== - -.. - -.. c:function:: krb5_boolean krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype) - -.. - - -:param: - - **[in]** **ctype** - Checksum type - - -.. - - - -:return: - - TRUE if ctype is collision-proof, FALSE if it is not collision-proof or not a valid checksum type. - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_is_keyed_cksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_is_keyed_cksum.rst.txt deleted file mode 100644 index ed6e6ab4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_is_keyed_cksum.rst.txt +++ /dev/null @@ -1,43 +0,0 @@ -krb5_c_is_keyed_cksum - Test whether a checksum type is keyed. -================================================================ - -.. - -.. c:function:: krb5_boolean krb5_c_is_keyed_cksum(krb5_cksumtype ctype) - -.. - - -:param: - - **[in]** **ctype** - Checksum type - - -.. - - - -:return: - - TRUE if ctype is a keyed checksum type, FALSE otherwise. - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_keyed_checksum_types.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_keyed_checksum_types.rst.txt deleted file mode 100644 index 37e18000..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_keyed_checksum_types.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_c_keyed_checksum_types - Return a list of keyed checksum types usable with an encryption type. -===================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype, unsigned int * count, krb5_cksumtype ** cksumtypes) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[out]** **count** - Count of allowable checksum types - - **[out]** **cksumtypes** - Array of allowable checksum types - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Use krb5_free_cksumtypes() to free *cksumtypes* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_keylengths.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_keylengths.rst.txt deleted file mode 100644 index 9b195c43..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_keylengths.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_c_keylengths - Return length of the specified key in bytes. -================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_keylengths(krb5_context context, krb5_enctype enctype, size_t * keybytes, size_t * keylength) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[out]** **keybytes** - Number of bytes required to make a key - - **[out]** **keylength** - Length of final key - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum.rst.txt deleted file mode 100644 index bf057e20..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_c_make_checksum - Compute a checksum (operates on keyblock). -=================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock * key, krb5_keyusage usage, const krb5_data * input, krb5_checksum * cksum) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cksumtype** - Checksum type (0 for mandatory type) - - **[in]** **key** - Encryption key for a keyed checksum - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[in]** **input** - Input data - - **[out]** **cksum** - Generated checksum - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function computes a checksum of type *cksumtype* over *input* , using *key* if the checksum type is a keyed checksum. If *cksumtype* is 0 and *key* is non-null, the checksum type will be the mandatory-to-implement checksum type for the key's encryption type. The actual checksum key will be derived from *key* and *usage* if key derivation is specified for the checksum type. The newly created *cksum* must be released by calling krb5_free_checksum_contents() when it is no longer needed. - - - - - - - - - - -.. - -.. seealso:: - krb5_c_verify_checksum() - - - - - - -.. note:: - - This function is similar to krb5_k_make_checksum(), but operates on keyblock *key* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum_iov.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum_iov.rst.txt deleted file mode 100644 index fe1d921c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_checksum_iov.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_c_make_checksum_iov - Fill in a checksum element in IOV array (operates on keyblock) -=========================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock * key, krb5_keyusage usage, krb5_crypto_iov * data, size_t num_data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cksumtype** - Checksum type (0 for mandatory type) - - **[in]** **key** - Encryption key for a keyed checksum - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[inout]** **data** - IOV array - - **[in]** **num_data** - Size of *data* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Create a checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element over #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY chunks in *data* . Only the #KRB5_CRYPTO_TYPE_CHECKSUM region is modified. - - - - - - - - - - -.. - -.. seealso:: - krb5_c_verify_checksum_iov() - - - - - - -.. note:: - - This function is similar to krb5_k_make_checksum_iov(), but operates on keyblock *key* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_random_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_random_key.rst.txt deleted file mode 100644 index bcf7e28d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_make_random_key.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_c_make_random_key - Generate an enctype-specific random encryption key. -============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_make_random_key(krb5_context context, krb5_enctype enctype, krb5_keyblock * k5_random_key) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type of the generated key - - **[out]** **k5_random_key** - An allocated and initialized keyblock - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Use krb5_free_keyblock_contents() to free *k5_random_key* when no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_padding_length.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_padding_length.rst.txt deleted file mode 100644 index 35471bf1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_padding_length.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_c_padding_length - Return a number of padding octets. -============================================================ - -.. - -.. c:function:: krb5_error_code krb5_c_padding_length(krb5_context context, krb5_enctype enctype, size_t data_length, unsigned int * size) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[in]** **data_length** - Length of the plaintext to pad - - **[out]** **size** - Number of padding octets - - -.. - - -:retval: - - 0 Success; otherwise - KRB5_BAD_ENCTYPE - - -.. - - - - - - - -This function returns the number of the padding octets required to pad *data_length* octets of plaintext. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prf.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prf.rst.txt deleted file mode 100644 index 2bf18e57..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prf.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_c_prf - Generate enctype-specific pseudo-random bytes. -============================================================= - -.. - -.. c:function:: krb5_error_code krb5_c_prf(krb5_context context, const krb5_keyblock * keyblock, krb5_data * input, krb5_data * output) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keyblock** - Key - - **[in]** **input** - Input data - - **[out]** **output** - Output data - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function selects a pseudo-random function based on *keyblock* and computes its value over *input* , placing the result into *output* . The caller must preinitialize *output* and allocate space for the result, using krb5_c_prf_length() to determine the required length. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prf_length.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prf_length.rst.txt deleted file mode 100644 index ff20e291..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prf_length.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_c_prf_length - Get the output length of pseudo-random functions for an encryption type. -============================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_prf_length(krb5_context context, krb5_enctype enctype, size_t * len) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[out]** **len** - Length of PRF output - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prfplus.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prfplus.rst.txt deleted file mode 100644 index 682a8f46..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_prfplus.rst.txt +++ /dev/null @@ -1,61 +0,0 @@ -krb5_c_prfplus - Generate pseudo-random bytes using RFC 6113 PRF+. -==================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_prfplus(krb5_context context, const krb5_keyblock * k, const krb5_data * input, krb5_data * output) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **k** - KDC contribution key - - **[in]** **input** - Input data - - **[out]** **output** - Pseudo-random output buffer - - -.. - - - -:return: - - 0 on success, E2BIG if output->length is too large for PRF+ to generate, ENOMEM on allocation failure, or an error code from krb5_c_prf() - -.. - - - - - - - -This function fills *output* with PRF+(k, input) as defined in RFC 6113 section 5.1. The caller must preinitialize *output* and allocate the desired amount of space. The length of the pseudo-random output will match the length of *output* . - - - - - - - - - - -.. - - - - - - -.. note:: - - RFC 4402 defines a different PRF+ operation. This function does not implement that operation. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_add_entropy.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_add_entropy.rst.txt deleted file mode 100644 index cfd87797..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_add_entropy.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_c_random_add_entropy -========================= - -.. - -.. c:function:: krb5_error_code krb5_c_random_add_entropy(krb5_context context, unsigned int randsource, const krb5_data * data) - -.. - - -:param: - - **context** - - **randsource** - - **data** - - -.. - - - -.. - - -DEPRECATED This call is no longer necessary. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_make_octets.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_make_octets.rst.txt deleted file mode 100644 index 91a1159b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_make_octets.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_c_random_make_octets - Generate pseudo-random bytes. -=========================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_random_make_octets(krb5_context context, krb5_data * data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **data** - Random data - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Fills in *data* with bytes from the PRNG used by krb5 crypto operations. The caller must preinitialize *data* and allocate the desired amount of space. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_os_entropy.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_os_entropy.rst.txt deleted file mode 100644 index d4a66bdd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_os_entropy.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_c_random_os_entropy -======================== - -.. - -.. c:function:: krb5_error_code krb5_c_random_os_entropy(krb5_context context, int strong, int * success) - -.. - - -:param: - - **context** - - **strong** - - **success** - - -.. - - - -.. - - -DEPRECATED This call is no longer necessary. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_seed.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_seed.rst.txt deleted file mode 100644 index 0b47a86e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_seed.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_c_random_seed -================== - -.. - -.. c:function:: krb5_error_code krb5_c_random_seed(krb5_context context, krb5_data * data) - -.. - - -:param: - - **context** - - **data** - - -.. - - - -.. - - -DEPRECATED This call is no longer necessary. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_to_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_to_key.rst.txt deleted file mode 100644 index 192e9d7e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_random_to_key.rst.txt +++ /dev/null @@ -1,64 +0,0 @@ -krb5_c_random_to_key - Generate an enctype-specific key from random data. -=========================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_random_to_key(krb5_context context, krb5_enctype enctype, krb5_data * random_data, krb5_keyblock * k5_random_key) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[in]** **random_data** - Random input data - - **[out]** **k5_random_key** - Resulting key - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function takes random input data *random_data* and produces a valid key *k5_random_key* for a given *enctype* . - - - - - - - - - - -.. - -.. seealso:: - krb5_c_keylengths() - - - - - - -.. note:: - - It is assumed that *k5_random_key* has already been initialized and *k5_random_key->contents* has been allocated with the correct length. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key.rst.txt deleted file mode 100644 index 0720b634..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_c_string_to_key - Convert a string (such a password) to a key. -===================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_string_to_key(krb5_context context, krb5_enctype enctype, const krb5_data * string, const krb5_data * salt, krb5_keyblock * key) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[in]** **string** - String to be converted - - **[in]** **salt** - Salt value - - **[out]** **key** - Generated key - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function converts *string* to a *key* of encryption type *enctype* , using the specified *salt* . The newly created *key* must be released by calling krb5_free_keyblock_contents() when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key_with_params.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key_with_params.rst.txt deleted file mode 100644 index 6348a40a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_string_to_key_with_params.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_c_string_to_key_with_params - Convert a string (such as a password) to a key with additional parameters. -=============================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype, const krb5_data * string, const krb5_data * salt, const krb5_data * params, krb5_keyblock * key) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[in]** **string** - String to be converted - - **[in]** **salt** - Salt value - - **[in]** **params** - Parameters - - **[out]** **key** - Generated key - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function is similar to krb5_c_string_to_key(), but also takes parameters which may affect the algorithm in an enctype-dependent way. The newly created *key* must be released by calling krb5_free_keyblock_contents() when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_valid_cksumtype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_valid_cksumtype.rst.txt deleted file mode 100644 index 0cc7787f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_valid_cksumtype.rst.txt +++ /dev/null @@ -1,43 +0,0 @@ -krb5_c_valid_cksumtype - Verify that specified checksum type is a valid Kerberos checksum type. -================================================================================================= - -.. - -.. c:function:: krb5_boolean krb5_c_valid_cksumtype(krb5_cksumtype ctype) - -.. - - -:param: - - **[in]** **ctype** - Checksum type - - -.. - - - -:return: - - TRUE if ctype is valid, FALSE if not - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_valid_enctype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_valid_enctype.rst.txt deleted file mode 100644 index f5adeee8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_valid_enctype.rst.txt +++ /dev/null @@ -1,43 +0,0 @@ -krb5_c_valid_enctype - Verify that a specified encryption type is a valid Kerberos encryption type. -===================================================================================================== - -.. - -.. c:function:: krb5_boolean krb5_c_valid_enctype(krb5_enctype ktype) - -.. - - -:param: - - **[in]** **ktype** - Encryption type - - -.. - - - -:return: - - TRUE if ktype is valid, FALSE if not - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum.rst.txt deleted file mode 100644 index 823d5707..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -krb5_c_verify_checksum - Verify a checksum (operates on keyblock). -==================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_verify_checksum(krb5_context context, const krb5_keyblock * key, krb5_keyusage usage, const krb5_data * data, const krb5_checksum * cksum, krb5_boolean * valid) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Encryption key for a keyed checksum - - **[in]** **usage** - *key* usage - - **[in]** **data** - Data to be used to compute a new checksum using *key* to compare *cksum* against - - **[in]** **cksum** - Checksum to be verified - - **[out]** **valid** - Non-zero for success, zero for failure - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function verifies that *cksum* is a valid checksum for *data* . If the checksum type of *cksum* is a keyed checksum, *key* is used to verify the checksum. If the checksum type in *cksum* is 0 and *key* is not NULL, the mandatory checksum type for *key* will be used. The actual checksum key will be derived from *key* and *usage* if key derivation is specified for the checksum type. - - - - - - - - - - -.. - - - - - - -.. note:: - - This function is similar to krb5_k_verify_checksum(), but operates on keyblock *key* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum_iov.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum_iov.rst.txt deleted file mode 100644 index 237c01f1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_c_verify_checksum_iov.rst.txt +++ /dev/null @@ -1,70 +0,0 @@ -krb5_c_verify_checksum_iov - Validate a checksum element in IOV array (operates on keyblock). -=============================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_c_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock * key, krb5_keyusage usage, const krb5_crypto_iov * data, size_t num_data, krb5_boolean * valid) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cksumtype** - Checksum type (0 for mandatory type) - - **[in]** **key** - Encryption key for a keyed checksum - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[in]** **data** - IOV array - - **[in]** **num_data** - Size of *data* - - **[out]** **valid** - Non-zero for success, zero for failure - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Confirm that the checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element is a valid checksum of the #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY regions in the iov. - - - - - - - - - - -.. - -.. seealso:: - krb5_c_make_checksum_iov() - - - - - - -.. note:: - - This function is similar to krb5_k_verify_checksum_iov(), but operates on keyblock *key* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_calculate_checksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_calculate_checksum.rst.txt deleted file mode 100644 index ef40b12e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_calculate_checksum.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_calculate_checksum -======================= - -.. - -.. c:function:: krb5_error_code krb5_calculate_checksum(krb5_context context, krb5_cksumtype ctype, krb5_const_pointer in, size_t in_length, krb5_const_pointer seed, size_t seed_length, krb5_checksum * outcksum) - -.. - - -:param: - - **context** - - **ctype** - - **in** - - **in_length** - - **seed** - - **seed_length** - - **outcksum** - - -.. - - - -.. - - -DEPRECATED See krb5_c_make_checksum() - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_cache_match.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_cache_match.rst.txt deleted file mode 100644 index 3e01acca..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_cache_match.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_cc_cache_match - Find a credential cache with a specified client principal. -================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_cache_match(krb5_context context, krb5_principal client, krb5_ccache * cache_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **client** - Client principal - - **[out]** **cache_out** - Credential cache handle - - -.. - - -:retval: - - 0 Success - - KRB5_CC_NOTFOUND None - - -.. - - - - - - - -Find a cache within the collection whose default principal is *client* . Use *krb5_cc_close* to close *ccache* when it is no longer needed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.10 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_close.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_close.rst.txt deleted file mode 100644 index 6a58c9a2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_close.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_cc_close - Close a credential cache handle. -================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_close(krb5_context context, krb5_ccache cache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function closes a credential cache handle *cache* without affecting the contents of the cache. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_copy_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_copy_creds.rst.txt deleted file mode 100644 index f3af7c11..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_copy_creds.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_cc_copy_creds - Copy a credential cache. -=============================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **incc** - Credential cache to be copied - - **[out]** **outcc** - Copy of credential cache to be filled in - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_default.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_default.rst.txt deleted file mode 100644 index a734335f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_default.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_cc_default - Resolve the default credential cache name. -============================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_default(krb5_context context, krb5_ccache * ccache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **ccache** - Pointer to credential cache name - - -.. - - -:retval: - - 0 Success - - KV5M_CONTEXT Bad magic number for _krb5_context structure - - KRB5_FCC_INTERNAL The name of the default credential cache cannot be obtained - - -:return: - - Kerberos error codes - -.. - - - - - - - -Create a handle to the default credential cache as given by krb5_cc_default_name(). - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_default_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_default_name.rst.txt deleted file mode 100644 index d9f3e7d0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_default_name.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_cc_default_name - Return the name of the default credential cache. -========================================================================= - -.. - -.. c:function:: const char * krb5_cc_default_name(krb5_context context) - -.. - - -:param: - - **[in]** **context** - Library context - - -.. - - - -:return: - - Name of default credential cache for the current user. - -.. - - - - - - - -Return a pointer to the default credential cache name for *context* , as determined by a prior call to krb5_cc_set_default_name(), by the KRB5CCNAME environment variable, by the default_ccache_name profile variable, or by the operating system or build-time default value. The returned value must not be modified or freed by the caller. The returned value becomes invalid when *context* is destroyed krb5_free_context() or if a subsequent call to krb5_cc_set_default_name() is made on *context* . - - - -The default credential cache name is cached in *context* between calls to this function, so if the value of KRB5CCNAME changes in the process environment after the first call to this function on, that change will not be reflected in later calls with the same context. The caller can invoke krb5_cc_set_default_name() with a NULL value of *name* to clear the cached value and force the default name to be recomputed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_destroy.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_destroy.rst.txt deleted file mode 100644 index 12254719..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_destroy.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_cc_destroy - Destroy a credential cache. -=============================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_destroy(krb5_context context, krb5_ccache cache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - -.. - - -:retval: - - 0 Success - - -:return: - - Permission errors - -.. - - - - - - - -This function destroys any existing contents of *cache* and closes the handle to it. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_dup.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_dup.rst.txt deleted file mode 100644 index 00179a0b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_dup.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_cc_dup - Duplicate ccache handle. -======================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_dup(krb5_context context, krb5_ccache in, krb5_ccache * out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **in** - Credential cache handle to be duplicated - - **[out]** **out** - Credential cache handle - - -.. - - - -.. - - - - - - - -Create a new handle referring to the same cache as *in* . The new handle and *in* can be closed independently. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_end_seq_get.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_end_seq_get.rst.txt deleted file mode 100644 index 0b4fb656..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_end_seq_get.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_cc_end_seq_get - Finish a series of sequential processing credential cache entries. -========================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_end_seq_get(krb5_context context, krb5_ccache cache, krb5_cc_cursor * cursor) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[in]** **cursor** - Cursor - - -.. - - -:retval: - - 0 (always) - - -.. - - - - - - - -This function finishes processing credential cache entries and invalidates *cursor* . - - - - - - - - - - -.. - -.. seealso:: - krb5_cc_start_seq_get(), krb5_cc_next_cred() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_gen_new.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_gen_new.rst.txt deleted file mode 100644 index 3672b362..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_gen_new.rst.txt +++ /dev/null @@ -1,39 +0,0 @@ -krb5_cc_gen_new -=============== - -.. - -.. c:function:: krb5_error_code krb5_cc_gen_new(krb5_context context, krb5_ccache * cache) - -.. - - -:param: - - **context** - - **cache** - - -.. - - - -.. - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_config.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_config.rst.txt deleted file mode 100644 index 3c5576ed..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_config.rst.txt +++ /dev/null @@ -1,58 +0,0 @@ -krb5_cc_get_config - Get a configuration value from a credential cache. -========================================================================= - -.. - -.. c:function:: krb5_error_code krb5_cc_get_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * key, krb5_data * data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **id** - Credential cache handle - - **[in]** **principal** - Configuration for this principal; if NULL, global for the whole cache - - **[in]** **key** - Name of config variable - - **[out]** **data** - Data to be fetched - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Use krb5_free_data_contents() to free *data* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_flags.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_flags.rst.txt deleted file mode 100644 index ca764c8b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_flags.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_cc_get_flags - Retrieve flags from a credential cache structure. -======================================================================= - -.. - -.. c:function:: krb5_error_code krb5_cc_get_flags(krb5_context context, krb5_ccache cache, krb5_flags * flags) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[out]** **flags** - Flag bit mask - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - -.. warning:: - - For memory credential cache always returns a flag mask of 0. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_full_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_full_name.rst.txt deleted file mode 100644 index fdab6616..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_full_name.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_cc_get_full_name - Retrieve the full name of a credential cache. -======================================================================= - -.. - -.. c:function:: krb5_error_code krb5_cc_get_full_name(krb5_context context, krb5_ccache cache, char ** fullname_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[out]** **fullname_out** - Full name of cache - - -.. - - - -.. - - - - - - - -Use krb5_free_string() to free *fullname_out* when it is no longer needed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.10 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_name.rst.txt deleted file mode 100644 index 3115b0b0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_name.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_cc_get_name - Retrieve the name, but not type of a credential cache. -=========================================================================== - -.. - -.. c:function:: const char * krb5_cc_get_name(krb5_context context, krb5_ccache cache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - -.. - - - -:return: - - On success - the name of the credential cache. - -.. - - - - - - - - - - - - - - -.. - - - - - -.. warning:: - - Returns the name of the credential cache. The result is an alias into *cache* and should not be freed or modified by the caller. This name does not include the cache type, so should not be used as input to krb5_cc_resolve(). - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_principal.rst.txt deleted file mode 100644 index 059d10a2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_principal.rst.txt +++ /dev/null @@ -1,58 +0,0 @@ -krb5_cc_get_principal - Get the default principal of a credential cache. -========================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_get_principal(krb5_context context, krb5_ccache cache, krb5_principal * principal) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[out]** **principal** - Primary principal - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Returns the default client principal of a credential cache as set by krb5_cc_initialize(). - - - -Use krb5_free_principal() to free *principal* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_type.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_type.rst.txt deleted file mode 100644 index a970bd6d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_get_type.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_cc_get_type - Retrieve the type of a credential cache. -============================================================= - -.. - -.. c:function:: const char * krb5_cc_get_type(krb5_context context, krb5_ccache cache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - -.. - - - -:return: - - The type of a credential cache as an alias that must not be modified or freed by the caller. - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_initialize.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_initialize.rst.txt deleted file mode 100644 index d306a292..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_initialize.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_cc_initialize - Initialize a credential cache. -===================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_initialize(krb5_context context, krb5_ccache cache, krb5_principal principal) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[in]** **principal** - Default principal name - - -.. - - -:retval: - - 0 Success - - -:return: - - System errors; Permission errors; Kerberos error codes - -.. - - - - - - - -Destroy any existing contents of *cache* and initialize it for the default principal *principal* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_move.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_move.rst.txt deleted file mode 100644 index ba9f0fd1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_move.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_cc_move - Move a credential cache. -========================================= - -.. - -.. c:function:: krb5_error_code krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **src** - The credential cache to move the content from - - **[in]** **dst** - The credential cache to move the content to - - -.. - - -:retval: - - 0 Success; src is closed. - - -:return: - - Kerberos error codes; src is still allocated. - -.. - - - - - - - -This function reinitializes *dst* and populates it with the credentials and default principal of *src* ; then, if successful, destroys *src* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_new_unique.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_new_unique.rst.txt deleted file mode 100644 index e4313c07..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_new_unique.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_cc_new_unique - Create a new credential cache of the specified type with a unique name. -============================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_new_unique(krb5_context context, const char * type, const char * hint, krb5_ccache * id) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **type** - Credential cache type name - - **[in]** **hint** - Unused - - **[out]** **id** - Credential cache handle - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_next_cred.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_next_cred.rst.txt deleted file mode 100644 index e9d7b1e4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_next_cred.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -krb5_cc_next_cred - Retrieve the next entry from the credential cache. -======================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_next_cred(krb5_context context, krb5_ccache cache, krb5_cc_cursor * cursor, krb5_creds * creds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[in]** **cursor** - Cursor - - **[out]** **creds** - Next credential cache entry - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function fills in *creds* with the next entry in *cache* and advances *cursor* . - - - -Use krb5_free_cred_contents() to free *creds* when it is no longer needed. - - - - - - - - - - -.. - -.. seealso:: - krb5_cc_start_seq_get(), krb5_end_seq_get() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_remove_cred.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_remove_cred.rst.txt deleted file mode 100644 index 274f8c50..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_remove_cred.rst.txt +++ /dev/null @@ -1,64 +0,0 @@ -krb5_cc_remove_cred - Remove credentials from a credential cache. -=================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds * creds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[in]** **flags** - Bitwise-ORed search flags - - **[in]** **creds** - Credentials to be matched - - -.. - - -:retval: - - KRB5_CC_NOSUPP Not implemented for this cache type - - -:return: - - No matches found; Data cannot be deleted; Kerberos error codes - -.. - - - - - - - -This function accepts the same flag values as krb5_cc_retrieve_cred(). - - - - - - - - - - -.. - - - - - -.. warning:: - - This function is not implemented for some cache types. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_resolve.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_resolve.rst.txt deleted file mode 100644 index 746ac6c2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_resolve.rst.txt +++ /dev/null @@ -1,58 +0,0 @@ -krb5_cc_resolve - Resolve a credential cache name. -==================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_resolve(krb5_context context, const char * name, krb5_ccache * cache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **name** - Credential cache name to be resolved - - **[out]** **cache** - Credential cache handle - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Fills in *cache* with a *cache* handle that corresponds to the name in *name* . *name* should be of the form **type:residual** , and *type* must be a type known to the library. If the *name* does not contain a colon, interpret it as a file name. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_retrieve_cred.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_retrieve_cred.rst.txt deleted file mode 100644 index 3674f97d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_retrieve_cred.rst.txt +++ /dev/null @@ -1,94 +0,0 @@ -krb5_cc_retrieve_cred - Retrieve a specified credentials from a credential cache. -=================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_retrieve_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds * mcreds, krb5_creds * creds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[in]** **flags** - Flags bit mask - - **[in]** **mcreds** - Credentials to match - - **[out]** **creds** - Credentials matching the requested value - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function searches a credential cache for credentials matching *mcreds* and returns it if found. - - - -Valid values for *flags* are: - - - - - - - #KRB5_TC_MATCH_TIMES The requested lifetime must be at least as great as in *mcreds* . - - - - #KRB5_TC_MATCH_IS_SKEY The *is_skey* field much match exactly. - - - - #KRB5_TC_MATCH_FLAGS Flags set in *mcreds* must be set. - - - - #KRB5_TC_MATCH_TIMES_EXACT The requested lifetime must match exactly. - - - - #KRB5_TC_MATCH_FLAGS_EXACT Flags must match exactly. - - - - #KRB5_TC_MATCH_AUTHDATA The authorization data must match. - - - - #KRB5_TC_MATCH_SRV_NAMEONLY Only the name portion of the principal name must match, not the realm. - - - - #KRB5_TC_MATCH_2ND_TKT The second tickets must match. - - - - #KRB5_TC_MATCH_KTYPE The encryption key types must match. - - - - #KRB5_TC_SUPPORTED_KTYPES Check all matching entries that have any supported encryption type and return the one with the encryption type listed earliest. - - Use krb5_free_cred_contents() to free *creds* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_select.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_select.rst.txt deleted file mode 100644 index c221a65b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_select.rst.txt +++ /dev/null @@ -1,73 +0,0 @@ -krb5_cc_select - Select a credential cache to use with a server principal. -============================================================================ - -.. - -.. c:function:: krb5_error_code krb5_cc_select(krb5_context context, krb5_principal server, krb5_ccache * cache_out, krb5_principal * princ_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **server** - Server principal - - **[out]** **cache_out** - Credential cache handle - - **[out]** **princ_out** - Client principal - - -.. - - - -:return: - - If an appropriate cache is found, 0 is returned, cache_out is set to the selected cache, and princ_out is set to the default principal of that cache. - -.. - - - - - - - -Select a cache within the collection containing credentials most appropriate for use with *server* , according to configured rules and heuristics. - - - -Use krb5_cc_close() to release *cache_out* when it is no longer needed. Use krb5_free_principal() to release *princ_out* when it is no longer needed. Note that *princ_out* is set in some error conditions. - - - -If the appropriate client principal can be authoritatively determined but the cache collection contains no credentials for that principal, then KRB5_CC_NOTFOUND is returned, *cache_out* is set to NULL, and *princ_out* is set to the appropriate client principal. - - - -If no configured mechanism can determine the appropriate cache or principal, KRB5_CC_NOTFOUND is returned and *cache_out* and *princ_out* are set to NULL. - - - -Any other error code indicates a fatal error in the processing of a cache selection mechanism. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.10 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_config.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_config.rst.txt deleted file mode 100644 index fdcc6139..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_config.rst.txt +++ /dev/null @@ -1,66 +0,0 @@ -krb5_cc_set_config - Store a configuration value in a credential cache. -========================================================================= - -.. - -.. c:function:: krb5_error_code krb5_cc_set_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char * key, krb5_data * data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **id** - Credential cache handle - - **[in]** **principal** - Configuration for a specific principal; if NULL, global for the whole cache - - **[in]** **key** - Name of config variable - - **[in]** **data** - Data to store, or NULL to remove - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - - - - - - - - -.. - - - - - -.. warning:: - - Before version 1.10 *data* was assumed to be always non-null. - - -.. note:: - - Existing configuration under the same key is over-written. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_default_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_default_name.rst.txt deleted file mode 100644 index 6c78ac6c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_default_name.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_cc_set_default_name - Set the default credential cache name. -=================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_set_default_name(krb5_context context, const char * name) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **name** - Default credential cache name or NULL - - -.. - - -:retval: - - 0 Success - - KV5M_CONTEXT Bad magic number for _krb5_context structure - - -:return: - - Kerberos error codes - -.. - - - - - - - -Set the default credential cache name to *name* for future operations using *context* . If *name* is NULL, clear any previous application-set default name and forget any cached value of the default name for *context* . - - - -Calls to this function invalidate the result of any previous calls to krb5_cc_default_name() using *context* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_flags.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_flags.rst.txt deleted file mode 100644 index d68d8748..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_set_flags.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_cc_set_flags - Set options flags on a credential cache. -============================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[in]** **flags** - Flag bit mask - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function resets *cache* flags to *flags* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_start_seq_get.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_start_seq_get.rst.txt deleted file mode 100644 index 84fa02ba..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_start_seq_get.rst.txt +++ /dev/null @@ -1,59 +0,0 @@ -krb5_cc_start_seq_get - Prepare to sequentially read every credential in a credential cache. -============================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_start_seq_get(krb5_context context, krb5_ccache cache, krb5_cc_cursor * cursor) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[out]** **cursor** - Cursor - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -krb5_cc_end_seq_get() must be called to complete the retrieve operation. - - - - - - - - - - -.. - - - - - - -.. note:: - - If the cache represented by *cache* is modified between the time of the call to this function and the time of the final krb5_cc_end_seq_get(), these changes may not be reflected in the results of krb5_cc_next_cred() calls. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_store_cred.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_store_cred.rst.txt deleted file mode 100644 index 1cc27ccc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_store_cred.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_cc_store_cred - Store credentials in a credential cache. -=============================================================== - -.. - -.. c:function:: krb5_error_code krb5_cc_store_cred(krb5_context context, krb5_ccache cache, krb5_creds * creds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - **[in]** **creds** - Credentials to be stored in cache - - -.. - - -:retval: - - 0 Success - - -:return: - - Permission errors; storage failure errors; Kerberos error codes - -.. - - - - - - - -This function stores *creds* into *cache* . If *creds->server* and the server in the decoded ticket *creds->ticket* differ, the credentials will be stored under both server principal names. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_support_switch.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_support_switch.rst.txt deleted file mode 100644 index 394629b0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_support_switch.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -krb5_cc_support_switch - Determine whether a credential cache type supports switching. -======================================================================================== - -.. - -.. c:function:: krb5_boolean krb5_cc_support_switch(krb5_context context, const char * type) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **type** - Credential cache type - - -.. - - -:retval: - - TRUE if type supports switching - - FALSE if it does not or is not a valid credential cache type. - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.10 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_switch.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_switch.rst.txt deleted file mode 100644 index ef4c570d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cc_switch.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_cc_switch - Make a credential cache the primary cache for its collection. -================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_cc_switch(krb5_context context, krb5_ccache cache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cache** - Credential cache handle - - -.. - - -:retval: - - 0 Success, or the type of cache doesn't support switching - - -:return: - - Kerberos error codes - -.. - - - - - - - -If the type of *cache* supports it, set *cache* to be the primary credential cache for the collection it belongs to. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_free.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_free.rst.txt deleted file mode 100644 index ce397b92..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_free.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_cccol_cursor_free - Free a credential cache collection cursor. -===================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor * cursor) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cursor** - Cursor - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - -.. seealso:: - krb5_cccol_cursor_new(), krb5_cccol_cursor_next() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_new.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_new.rst.txt deleted file mode 100644 index b1673332..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_new.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches. -============================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor * cursor) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **cursor** - Cursor - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Get a new cache iteration *cursor* that will iterate over all known credential caches independent of type. - - - -Use krb5_cccol_cursor_free() to release *cursor* when it is no longer needed. - - - - - - - - - - -.. - -.. seealso:: - krb5_cccol_cursor_next() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_next.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_next.rst.txt deleted file mode 100644 index d019a049..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_cursor_next.rst.txt +++ /dev/null @@ -1,62 +0,0 @@ -krb5_cccol_cursor_next - Get the next credential cache in the collection. -=========================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, krb5_ccache * ccache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cursor** - Cursor - - **[out]** **ccache** - Credential cache handle - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Use krb5_cc_close() to close *ccache* when it is no longer needed. - - - - - - - - - - -.. - -.. seealso:: - krb5_cccol_cursor_new(), krb5_cccol_cursor_free() - - - - - - -.. note:: - - When all caches are iterated over and the end of the list is reached, *ccache* is set to NULL. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_have_content.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_have_content.rst.txt deleted file mode 100644 index d1c7426e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cccol_have_content.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_cccol_have_content - Check if the credential cache collection contains any initialized caches. -===================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_cccol_have_content(krb5_context context) - -.. - - -:param: - - **[in]** **context** - Library context - - -.. - - -:retval: - - 0 At least one initialized cache is present in the collection - - KRB5_CC_NOTFOUND The collection contains no caches - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_change_password.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_change_password.rst.txt deleted file mode 100644 index 05a3eb95..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_change_password.rst.txt +++ /dev/null @@ -1,77 +0,0 @@ -krb5_change_password - Change a password for an existing Kerberos account. -============================================================================ - -.. - -.. c:function:: krb5_error_code krb5_change_password(krb5_context context, krb5_creds * creds, const char * newpw, int * result_code, krb5_data * result_code_string, krb5_data * result_string) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **creds** - Credentials for kadmin/changepw service - - **[in]** **newpw** - New password - - **[out]** **result_code** - Numeric error code from server - - **[out]** **result_code_string** - String equivalent to *result_code* - - **[out]** **result_string** - Change password response from the KDC - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Change the password for the existing principal identified by *creds* . - - - -The possible values of the output *result_code* are: - - - - - - - #KRB5_KPASSWD_SUCCESS (0) - success - - - - #KRB5_KPASSWD_MALFORMED (1) - Malformed request error - - - - #KRB5_KPASSWD_HARDERROR (2) - Server error - - - - #KRB5_KPASSWD_AUTHERROR (3) - Authentication error - - - - #KRB5_KPASSWD_SOFTERROR (4) - Password change rejected - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_check_clockskew.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_check_clockskew.rst.txt deleted file mode 100644 index 4999d485..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_check_clockskew.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time. -=================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_check_clockskew(krb5_context context, krb5_timestamp date) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **date** - Timestamp to check - - -.. - - -:retval: - - 0 Success - - KRB5KRB_AP_ERR_SKEW date is not within allowable clock skew - - -.. - - - - - - - -This function checks if *date* is close enough to the current time according to the configured allowable clock skew. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.10 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_checksum_size.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_checksum_size.rst.txt deleted file mode 100644 index 5a676991..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_checksum_size.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_checksum_size -================== - -.. - -.. c:function:: size_t krb5_checksum_size(krb5_context context, krb5_cksumtype ctype) - -.. - - -:param: - - **context** - - **ctype** - - -.. - - - -.. - - -DEPRECATED See krb5_c_checksum_length() - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_chpw_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_chpw_message.rst.txt deleted file mode 100644 index 3f4919e5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_chpw_message.rst.txt +++ /dev/null @@ -1,62 +0,0 @@ -krb5_chpw_message - Get a result message for changing or setting a password. -============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_chpw_message(krb5_context context, const krb5_data * server_string, char ** message_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **server_string** - Data returned from the remote system - - **[out]** **message_out** - A message displayable to the user - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function processes the *server_string* returned in the *result_string* parameter of krb5_change_password(), krb5_set_password(), and related functions, and returns a displayable string. If *server_string* contains Active Directory structured policy information, it will be converted into human-readable text. - - - -Use krb5_free_string() to free *message_out* when it is no longer needed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cksumtype_to_string.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cksumtype_to_string.rst.txt deleted file mode 100644 index a297c8f9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_cksumtype_to_string.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_cksumtype_to_string - Convert a checksum type to a string. -================================================================= - -.. - -.. c:function:: krb5_error_code krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char * buffer, size_t buflen) - -.. - - -:param: - - **[in]** **cksumtype** - Checksum type - - **[out]** **buffer** - Buffer to hold converted checksum type - - **[in]** **buflen** - Storage available in *buffer* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_clear_error_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_clear_error_message.rst.txt deleted file mode 100644 index c988ca3a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_clear_error_message.rst.txt +++ /dev/null @@ -1,40 +0,0 @@ -krb5_clear_error_message - Clear the extended error message in a context. -=========================================================================== - -.. - -.. c:function:: void krb5_clear_error_message(krb5_context ctx) - -.. - - -:param: - - **[in]** **ctx** - Library context - - -.. - - - -.. - - - - - - - -This function unsets the extended error message in a context, to ensure that it is not mistakenly applied to another occurrence of the same error code. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_addresses.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_addresses.rst.txt deleted file mode 100644 index e1f85b89..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_addresses.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_copy_addresses - Copy an array of addresses. -=================================================== - -.. - -.. c:function:: krb5_error_code krb5_copy_addresses(krb5_context context, krb5_address *const * inaddr, krb5_address *** outaddr) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **inaddr** - Array of addresses to be copied - - **[out]** **outaddr** - Copy of array of addresses - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a new address array containing a copy of *inaddr* . Use krb5_free_addresses() to free *outaddr* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_authdata.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_authdata.rst.txt deleted file mode 100644 index 518b95e6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_authdata.rst.txt +++ /dev/null @@ -1,59 +0,0 @@ -krb5_copy_authdata - Copy an authorization data list. -======================================================= - -.. - -.. c:function:: krb5_error_code krb5_copy_authdata(krb5_context context, krb5_authdata *const * in_authdat, krb5_authdata *** out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **in_authdat** - List of *krb5_authdata* structures - - **[out]** **out** - New array of *krb5_authdata* structures - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a new authorization data list containing a copy of *in_authdat* , which must be null-terminated. Use krb5_free_authdata() to free *out* when it is no longer needed. - - - - - - - - - - -.. - - - - - - -.. note:: - - The last array entry in *in_authdat* must be a NULL pointer. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_authenticator.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_authenticator.rst.txt deleted file mode 100644 index a3d043cd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_authenticator.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_copy_authenticator - Copy a krb5_authenticator structure. -================================================================ - -.. - -.. c:function:: krb5_error_code krb5_copy_authenticator(krb5_context context, const krb5_authenticator * authfrom, krb5_authenticator ** authto) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **authfrom** - krb5_authenticator structure to be copied - - **[out]** **authto** - Copy of krb5_authenticator structure - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a new krb5_authenticator structure with the content of *authfrom* . Use krb5_free_authenticator() to free *authto* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_checksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_checksum.rst.txt deleted file mode 100644 index 3e94c3ca..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_checksum.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_copy_checksum - Copy a krb5_checksum structure. -====================================================== - -.. - -.. c:function:: krb5_error_code krb5_copy_checksum(krb5_context context, const krb5_checksum * ckfrom, krb5_checksum ** ckto) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ckfrom** - Checksum to be copied - - **[out]** **ckto** - Copy of krb5_checksum structure - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a new krb5_checksum structure with the contents of *ckfrom* . Use krb5_free_checksum() to free *ckto* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_context.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_context.rst.txt deleted file mode 100644 index 50df96fc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_context.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_copy_context - Copy a krb5_context structure. -==================================================== - -.. - -.. c:function:: krb5_error_code krb5_copy_context(krb5_context ctx, krb5_context * nctx_out) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[out]** **nctx_out** - New context structure - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -The newly created context must be released by calling krb5_free_context() when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_creds.rst.txt deleted file mode 100644 index ac7df356..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_creds.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_copy_creds - Copy a krb5_creds structure. -================================================ - -.. - -.. c:function:: krb5_error_code krb5_copy_creds(krb5_context context, const krb5_creds * incred, krb5_creds ** outcred) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **incred** - Credentials structure to be copied - - **[out]** **outcred** - Copy of *incred* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a new credential with the contents of *incred* . Use krb5_free_creds() to free *outcred* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_data.rst.txt deleted file mode 100644 index a7714f0e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_data.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_copy_data - Copy a krb5_data object. -=========================================== - -.. - -.. c:function:: krb5_error_code krb5_copy_data(krb5_context context, const krb5_data * indata, krb5_data ** outdata) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **indata** - Data object to be copied - - **[out]** **outdata** - Copy of *indata* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a new krb5_data object with the contents of *indata* . Use krb5_free_data() to free *outdata* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_error_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_error_message.rst.txt deleted file mode 100644 index 3904cabf..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_error_message.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_copy_error_message - Copy the most recent extended error message from one context to another. -==================================================================================================== - -.. - -.. c:function:: void krb5_copy_error_message(krb5_context dest_ctx, krb5_context src_ctx) - -.. - - -:param: - - **[in]** **dest_ctx** - Library context to copy message to - - **[in]** **src_ctx** - Library context with current message - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock.rst.txt deleted file mode 100644 index a9b1bcf2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_copy_keyblock - Copy a keyblock. -======================================= - -.. - -.. c:function:: krb5_error_code krb5_copy_keyblock(krb5_context context, const krb5_keyblock * from, krb5_keyblock ** to) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **from** - Keyblock to be copied - - **[out]** **to** - Copy of keyblock *from* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a new keyblock with the same contents as *from* . Use krb5_free_keyblock() to free *to* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock_contents.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock_contents.rst.txt deleted file mode 100644 index c485dac8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_keyblock_contents.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_copy_keyblock_contents - Copy the contents of a keyblock. -================================================================ - -.. - -.. c:function:: krb5_error_code krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock * from, krb5_keyblock * to) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **from** - Key to be copied - - **[out]** **to** - Output key - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function copies the contents of *from* to *to* . Use krb5_free_keyblock_contents() to free *to* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_principal.rst.txt deleted file mode 100644 index 1db2d06f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_principal.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_copy_principal - Copy a principal. -========================================= - -.. - -.. c:function:: krb5_error_code krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal * outprinc) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **inprinc** - Principal to be copied - - **[out]** **outprinc** - Copy of *inprinc* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a new principal structure with the contents of *inprinc* . Use krb5_free_principal() to free *outprinc* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_ticket.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_ticket.rst.txt deleted file mode 100644 index db434f7b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_copy_ticket.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_copy_ticket - Copy a krb5_ticket structure. -================================================== - -.. - -.. c:function:: krb5_error_code krb5_copy_ticket(krb5_context context, const krb5_ticket * from, krb5_ticket ** pto) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **from** - Ticket to be copied - - **[out]** **pto** - Copy of ticket - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a new krb5_ticket structure containing the contents of *from* . Use krb5_free_ticket() to free *pto* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decode_authdata_container.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decode_authdata_container.rst.txt deleted file mode 100644 index 6a93d7bb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decode_authdata_container.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_decode_authdata_container - Unwrap authorization data. -============================================================= - -.. - -.. c:function:: krb5_error_code krb5_decode_authdata_container(krb5_context context, krb5_authdatatype type, const krb5_authdata * container, krb5_authdata *** authdata) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **type** - Container type (see KRB5_AUTHDATA macros) - - **[in]** **container** - Authorization data to be decoded - - **[out]** **authdata** - List of decoded authorization data - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - -.. seealso:: - krb5_encode_authdata_container() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decode_ticket.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decode_ticket.rst.txt deleted file mode 100644 index 8f2cf821..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decode_ticket.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_decode_ticket - Decode an ASN.1-formatted ticket. -======================================================== - -.. - -.. c:function:: krb5_error_code krb5_decode_ticket(const krb5_data * code, krb5_ticket ** rep) - -.. - - -:param: - - **[in]** **code** - ASN.1-formatted ticket - - **[out]** **rep** - Decoded ticket information - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decrypt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decrypt.rst.txt deleted file mode 100644 index eb8123ff..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_decrypt.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_decrypt -============ - -.. - -.. c:function:: krb5_error_code krb5_decrypt(krb5_context context, krb5_const_pointer inptr, krb5_pointer outptr, size_t size, krb5_encrypt_block * eblock, krb5_pointer ivec) - -.. - - -:param: - - **context** - - **inptr** - - **outptr** - - **size** - - **eblock** - - **ivec** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_c_* API family. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_deltat_to_string.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_deltat_to_string.rst.txt deleted file mode 100644 index 3b66ba3b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_deltat_to_string.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_deltat_to_string - Convert a relative time value to a string. -==================================================================== - -.. - -.. c:function:: krb5_error_code krb5_deltat_to_string(krb5_deltat deltat, char * buffer, size_t buflen) - -.. - - -:param: - - **[in]** **deltat** - Relative time value to convert - - **[out]** **buffer** - Buffer to hold time string - - **[in]** **buflen** - Storage available in *buffer* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_eblock_enctype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_eblock_enctype.rst.txt deleted file mode 100644 index c621a6df..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_eblock_enctype.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_eblock_enctype -=================== - -.. - -.. c:function:: krb5_enctype krb5_eblock_enctype(krb5_context context, const krb5_encrypt_block * eblock) - -.. - - -:param: - - **context** - - **eblock** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_c_* API family. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encode_authdata_container.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encode_authdata_container.rst.txt deleted file mode 100644 index 3bf9d776..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encode_authdata_container.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_encode_authdata_container - Wrap authorization data in a container. -========================================================================== - -.. - -.. c:function:: krb5_error_code krb5_encode_authdata_container(krb5_context context, krb5_authdatatype type, krb5_authdata *const * authdata, krb5_authdata *** container) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **type** - Container type (see KRB5_AUTHDATA macros) - - **[in]** **authdata** - List of authorization data to be encoded - - **[out]** **container** - List of encoded authorization data - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -The result is returned in *container* as a single-element list. - - - - - - - - - - -.. - -.. seealso:: - krb5_decode_authdata_container() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encrypt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encrypt.rst.txt deleted file mode 100644 index 56e93be1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encrypt.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_encrypt -============ - -.. - -.. c:function:: krb5_error_code krb5_encrypt(krb5_context context, krb5_const_pointer inptr, krb5_pointer outptr, size_t size, krb5_encrypt_block * eblock, krb5_pointer ivec) - -.. - - -:param: - - **context** - - **inptr** - - **outptr** - - **size** - - **eblock** - - **ivec** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_c_* API family. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encrypt_size.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encrypt_size.rst.txt deleted file mode 100644 index f331490f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_encrypt_size.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_encrypt_size -================= - -.. - -.. c:function:: size_t krb5_encrypt_size(size_t length, krb5_enctype crypto) - -.. - - -:param: - - **length** - - **crypto** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_c_* API family. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_enctype_to_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_enctype_to_name.rst.txt deleted file mode 100644 index d830697c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_enctype_to_name.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_enctype_to_name - Convert an encryption type to a name or alias. -======================================================================= - -.. - -.. c:function:: krb5_error_code krb5_enctype_to_name(krb5_enctype enctype, krb5_boolean shortest, char * buffer, size_t buflen) - -.. - - -:param: - - **[in]** **enctype** - Encryption type - - **[in]** **shortest** - Flag - - **[out]** **buffer** - Buffer to hold encryption type string - - **[in]** **buflen** - Storage available in *buffer* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -If *shortest* is FALSE, this function returns the enctype's canonical name (like"aes128-cts-hmac-sha1-96"). If *shortest* is TRUE, it return the enctype's shortest alias (like"aes128-cts"). - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_enctype_to_string.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_enctype_to_string.rst.txt deleted file mode 100644 index d46d83eb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_enctype_to_string.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_enctype_to_string - Convert an encryption type to a string. -================================================================== - -.. - -.. c:function:: krb5_error_code krb5_enctype_to_string(krb5_enctype enctype, char * buffer, size_t buflen) - -.. - - -:param: - - **[in]** **enctype** - Encryption type - - **[out]** **buffer** - Buffer to hold encryption type string - - **[in]** **buflen** - Storage available in *buffer* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_expand_hostname.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_expand_hostname.rst.txt deleted file mode 100644 index 0acc9592..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_expand_hostname.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_expand_hostname - Canonicalize a hostname, possibly using name service. -============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_expand_hostname(krb5_context context, const char * host, char ** canonhost_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **host** - Input hostname - - **[out]** **canonhost_out** - Canonicalized hostname - - -.. - - - -.. - - - - - - - -This function canonicalizes orig_hostname, possibly using name service lookups if configuration permits. Use krb5_free_string() to free *canonhost_out* when it is no longer needed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.15 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_find_authdata.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_find_authdata.rst.txt deleted file mode 100644 index 793e6578..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_find_authdata.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_find_authdata - Find authorization data elements. -======================================================== - -.. - -.. c:function:: krb5_error_code krb5_find_authdata(krb5_context context, krb5_authdata *const * ticket_authdata, krb5_authdata *const * ap_req_authdata, krb5_authdatatype ad_type, krb5_authdata *** results) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ticket_authdata** - Authorization data list from ticket - - **[in]** **ap_req_authdata** - Authorization data list from AP request - - **[in]** **ad_type** - Authorization data type to find - - **[out]** **results** - List of matching entries - - -.. - - - -.. - - - - - - - -This function searches *ticket_authdata* and *ap_req_authdata* for elements of type *ad_type* . Either input list may be NULL, in which case it will not be searched; otherwise, the input lists must be terminated by NULL entries. This function will search inside AD-IF-RELEVANT containers if found in either list. Use krb5_free_authdata() to free *results* when it is no longer needed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.10 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_finish_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_finish_key.rst.txt deleted file mode 100644 index a9f3da59..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_finish_key.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_finish_key -=============== - -.. - -.. c:function:: krb5_error_code krb5_finish_key(krb5_context context, krb5_encrypt_block * eblock) - -.. - - -:param: - - **context** - - **eblock** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_c_* API family. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_finish_random_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_finish_random_key.rst.txt deleted file mode 100644 index 26c8b59d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_finish_random_key.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_finish_random_key -====================== - -.. - -.. c:function:: krb5_error_code krb5_finish_random_key(krb5_context context, const krb5_encrypt_block * eblock, krb5_pointer * ptr) - -.. - - -:param: - - **context** - - **eblock** - - **ptr** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_c_* API family. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_addresses.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_addresses.rst.txt deleted file mode 100644 index 6717f529..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_addresses.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_free_addresses - Free the data stored in array of addresses. -=================================================================== - -.. - -.. c:function:: void krb5_free_addresses(krb5_context context, krb5_address ** val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Array of addresses to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* and the array itself. - - - - - - - - - - -.. - - - - - - -.. note:: - - The last entry in the array must be a NULL pointer. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_ap_rep_enc_part.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_ap_rep_enc_part.rst.txt deleted file mode 100644 index 33f24e89..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_ap_rep_enc_part.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_ap_rep_enc_part - Free a krb5_ap_rep_enc_part structure. -==================================================================== - -.. - -.. c:function:: void krb5_free_ap_rep_enc_part(krb5_context context, krb5_ap_rep_enc_part * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - AP-REP enc part to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* and the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_authdata.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_authdata.rst.txt deleted file mode 100644 index e2b3e90b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_authdata.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_free_authdata - Free the storage assigned to array of authentication data. -================================================================================= - -.. - -.. c:function:: void krb5_free_authdata(krb5_context context, krb5_authdata ** val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Array of authentication data to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* and the array itself. - - - - - - - - - - -.. - - - - - - -.. note:: - - The last entry in the array must be a NULL pointer. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_authenticator.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_authenticator.rst.txt deleted file mode 100644 index 505a508a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_authenticator.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_authenticator - Free a krb5_authenticator structure. -================================================================ - -.. - -.. c:function:: void krb5_free_authenticator(krb5_context context, krb5_authenticator * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Authenticator structure to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* and the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_checksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_checksum.rst.txt deleted file mode 100644 index 7809f6cf..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_checksum.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_checksum - Free a krb5_checksum structure. -====================================================== - -.. - -.. c:function:: void krb5_free_checksum(krb5_context context, krb5_checksum * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Checksum structure to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* and the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_checksum_contents.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_checksum_contents.rst.txt deleted file mode 100644 index 4ef12c3b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_checksum_contents.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_checksum_contents - Free the contents of a krb5_checksum structure. -=============================================================================== - -.. - -.. c:function:: void krb5_free_checksum_contents(krb5_context context, krb5_checksum * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Checksum structure to free contents of - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* , but not the structure itself. It sets the checksum's data pointer to null and (beginning in release 1.19) sets its length to zero. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_cksumtypes.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_cksumtypes.rst.txt deleted file mode 100644 index d4d0d288..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_cksumtypes.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_cksumtypes - Free an array of checksum types. -========================================================= - -.. - -.. c:function:: void krb5_free_cksumtypes(krb5_context context, krb5_cksumtype * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Array of checksum types to be freed - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_context.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_context.rst.txt deleted file mode 100644 index d403c21f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_context.rst.txt +++ /dev/null @@ -1,40 +0,0 @@ -krb5_free_context - Free a krb5 library context. -================================================== - -.. - -.. c:function:: void krb5_free_context(krb5_context context) - -.. - - -:param: - - **[in]** **context** - Library context - - -.. - - - -.. - - - - - - - -This function frees a *context* that was created by krb5_init_context() or krb5_init_secure_context(). - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_cred_contents.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_cred_contents.rst.txt deleted file mode 100644 index cc267880..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_cred_contents.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_cred_contents - Free the contents of a krb5_creds structure. -======================================================================== - -.. - -.. c:function:: void krb5_free_cred_contents(krb5_context context, krb5_creds * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Credential structure to free contents of - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* , but not the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_creds.rst.txt deleted file mode 100644 index c78ecdfc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_creds.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_creds - Free a krb5_creds structure. -================================================ - -.. - -.. c:function:: void krb5_free_creds(krb5_context context, krb5_creds * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Credential structure to be freed. - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* and the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_data.rst.txt deleted file mode 100644 index 8cd23a50..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_data.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_data - Free a krb5_data structure. -============================================== - -.. - -.. c:function:: void krb5_free_data(krb5_context context, krb5_data * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Data structure to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* and the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_data_contents.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_data_contents.rst.txt deleted file mode 100644 index c64ded12..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_data_contents.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_data_contents - Free the contents of a krb5_data structure and zero the data field. -=============================================================================================== - -.. - -.. c:function:: void krb5_free_data_contents(krb5_context context, krb5_data * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Data structure to free contents of - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* , but not the structure itself. It sets the structure's data pointer to null and (beginning in release 1.19) sets its length to zero. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_default_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_default_realm.rst.txt deleted file mode 100644 index a0a3babf..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_default_realm.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm(). -============================================================================================= - -.. - -.. c:function:: void krb5_free_default_realm(krb5_context context, char * lrealm) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **lrealm** - Realm to be freed - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_enctypes.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_enctypes.rst.txt deleted file mode 100644 index e1189cb0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_enctypes.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_free_enctypes - Free an array of encryption types. -========================================================= - -.. - -.. c:function:: void krb5_free_enctypes(krb5_context context, krb5_enctype * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Array of enctypes to be freed - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.12 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_error.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_error.rst.txt deleted file mode 100644 index e31daf09..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_error.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth(). -==================================================================================== - -.. - -.. c:function:: void krb5_free_error(krb5_context context, krb5_error * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Error data structure to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* and the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_error_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_error_message.rst.txt deleted file mode 100644 index 923647af..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_error_message.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_error_message - Free an error message generated by krb5_get_error_message(). -======================================================================================== - -.. - -.. c:function:: void krb5_free_error_message(krb5_context ctx, const char * msg) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **msg** - Pointer to error message - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_host_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_host_realm.rst.txt deleted file mode 100644 index 1a733b12..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_host_realm.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm(). -============================================================================ - -.. - -.. c:function:: krb5_error_code krb5_free_host_realm(krb5_context context, char *const * realmlist) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **realmlist** - List of realm names to be released - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keyblock.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keyblock.rst.txt deleted file mode 100644 index ec58604c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keyblock.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_keyblock - Free a krb5_keyblock structure. -====================================================== - -.. - -.. c:function:: void krb5_free_keyblock(krb5_context context, krb5_keyblock * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Keyblock to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* and the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keyblock_contents.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keyblock_contents.rst.txt deleted file mode 100644 index 264444e7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keyblock_contents.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_keyblock_contents - Free the contents of a krb5_keyblock structure. -=============================================================================== - -.. - -.. c:function:: void krb5_free_keyblock_contents(krb5_context context, krb5_keyblock * key) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Keyblock to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *key* , but not the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keytab_entry_contents.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keytab_entry_contents.rst.txt deleted file mode 100644 index adecfe2f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_keytab_entry_contents.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_free_keytab_entry_contents - Free the contents of a key table entry. -=========================================================================== - -.. - -.. c:function:: krb5_error_code krb5_free_keytab_entry_contents(krb5_context context, krb5_keytab_entry * entry) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **entry** - Key table entry whose contents are to be freed - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - - -.. note:: - - The pointer is not freed. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_principal.rst.txt deleted file mode 100644 index 218369af..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_principal.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_principal - Free the storage assigned to a principal. -================================================================= - -.. - -.. c:function:: void krb5_free_principal(krb5_context context, krb5_principal val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Principal to be freed - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_string.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_string.rst.txt deleted file mode 100644 index 4c7bcac3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_string.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_free_string - Free a string allocated by a krb5 function. -================================================================ - -.. - -.. c:function:: void krb5_free_string(krb5_context context, char * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - String to be freed - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.10 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_tgt_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_tgt_creds.rst.txt deleted file mode 100644 index f885fc0c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_tgt_creds.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -krb5_free_tgt_creds - Free an array of credential structures. -=============================================================== - -.. - -.. c:function:: void krb5_free_tgt_creds(krb5_context context, krb5_creds ** tgts) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **tgts** - Null-terminated array of credentials to free - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - - -.. note:: - - The last entry in the array *tgts* must be a NULL pointer. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_ticket.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_ticket.rst.txt deleted file mode 100644 index f523917c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_ticket.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_ticket - Free a ticket. -=================================== - -.. - -.. c:function:: void krb5_free_ticket(krb5_context context, krb5_ticket * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Ticket to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *val* and the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_unparsed_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_unparsed_name.rst.txt deleted file mode 100644 index b6f9e162..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_free_unparsed_name.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_free_unparsed_name - Free a string representation of a principal. -======================================================================== - -.. - -.. c:function:: void krb5_free_unparsed_name(krb5_context context, char * val) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **val** - Name string to be freed - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_fwd_tgt_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_fwd_tgt_creds.rst.txt deleted file mode 100644 index bfda237f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_fwd_tgt_creds.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_fwd_tgt_creds - Get a forwarded TGT and format a KRB-CRED message. -========================================================================= - -.. - -.. c:function:: krb5_error_code krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, const char * rhost, krb5_principal client, krb5_principal server, krb5_ccache cc, int forwardable, krb5_data * outbuf) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **rhost** - Remote host - - **[in]** **client** - Client principal of TGT - - **[in]** **server** - Principal of server to receive TGT - - **[in]** **cc** - Credential cache handle (NULL to use default) - - **[in]** **forwardable** - Whether TGT should be forwardable - - **[out]** **outbuf** - KRB-CRED message - - -.. - - -:retval: - - 0 Success - - ENOMEM Insufficient memory - - KRB5_PRINC_NOMATCH Requested principal and ticket do not match - - KRB5_NO_TKT_SUPPLIED Request did not supply a ticket - - KRB5_CC_BADNAME Credential cache name or principal name malformed - - -:return: - - Kerberos error codes - -.. - - - - - - - -Get a TGT for use at the remote host *rhost* and format it into a KRB-CRED message. If *rhost* is NULL and *server* is of type #KRB5_NT_SRV_HST, the second component of *server* will be used. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials.rst.txt deleted file mode 100644 index 7a72b39a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials.rst.txt +++ /dev/null @@ -1,81 +0,0 @@ -krb5_get_credentials - Get an additional ticket. -================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_credentials(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **options** - Options - - **[in]** **ccache** - Credential cache handle - - **[in]** **in_creds** - Input credentials - - **[out]** **out_creds** - Output updated credentials - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Use *ccache* or a TGS exchange to get a service ticket matching *in_creds* . - - - -Valid values for *options* are: - - - #KRB5_GC_CACHED Search only credential cache for the ticket - - - - #KRB5_GC_USER_USER Return a user to user authentication ticket - - *in_creds* must be non-null. *in_creds->client* and *in_creds->server* must be filled in to specify the client and the server respectively. If any authorization data needs to be requested for the service ticket (such as restrictions on how the ticket can be used), specify it in *in_creds->authdata* ; otherwise set *in_creds->authdata* to NULL. The session key type is specified in *in_creds->keyblock.enctype* , if it is nonzero. - - - -The expiration date is specified in *in_creds->times.endtime* . The KDC may return tickets with an earlier expiration date. If *in_creds->times.endtime* is set to 0, the latest possible expiration date will be requested. - - - -Any returned ticket and intermediate ticket-granting tickets are stored in *ccache* . - - - -Use krb5_free_creds() to free *out_creds* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials_renew.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials_renew.rst.txt deleted file mode 100644 index 75aac540..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials_renew.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -krb5_get_credentials_renew -========================== - -.. - -.. c:function:: krb5_error_code krb5_get_credentials_renew(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds) - -.. - - -:param: - - **context** - - **options** - - **ccache** - - **in_creds** - - **out_creds** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_get_renewed_creds. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials_validate.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials_validate.rst.txt deleted file mode 100644 index 29033b9d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_credentials_validate.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -krb5_get_credentials_validate -============================= - -.. - -.. c:function:: krb5_error_code krb5_get_credentials_validate(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds * in_creds, krb5_creds ** out_creds) - -.. - - -:param: - - **context** - - **options** - - **ccache** - - **in_creds** - - **out_creds** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_get_validated_creds. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_default_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_default_realm.rst.txt deleted file mode 100644 index 093bfa9e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_default_realm.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_get_default_realm - Retrieve the default realm. -====================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_default_realm(krb5_context context, char ** lrealm) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **lrealm** - Default realm name - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Retrieves the default realm to be used if no user-specified realm is available. - - - -Use krb5_free_default_realm() to free *lrealm* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_error_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_error_message.rst.txt deleted file mode 100644 index 16bac2f2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_error_message.rst.txt +++ /dev/null @@ -1,62 +0,0 @@ -krb5_get_error_message - Get the (possibly extended) error message for a code. -================================================================================ - -.. - -.. c:function:: const char * krb5_get_error_message(krb5_context ctx, krb5_error_code code) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **code** - Error code - - -.. - - - -.. - - - - - - - -The behavior of krb5_get_error_message() is only defined the first time it is called after a failed call to a krb5 function using the same context, and only when the error code passed in is the same as that returned by the krb5 function. - - - -This function never returns NULL, so its result may be used unconditionally as a C string. - - - -The string returned by this function must be freed using krb5_free_error_message() - - - - - - - - - - -.. - - - - - - -.. note:: - - Future versions may return the same string for the second and following calls. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_etype_info.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_etype_info.rst.txt deleted file mode 100644 index 63425f56..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_etype_info.rst.txt +++ /dev/null @@ -1,72 +0,0 @@ -krb5_get_etype_info - Retrieve enctype, salt and s2kparams from KDC. -====================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_etype_info(krb5_context context, krb5_principal principal, krb5_get_init_creds_opt * opt, krb5_enctype * enctype_out, krb5_data * salt_out, krb5_data * s2kparams_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **principal** - Principal whose information is requested - - **[in]** **opt** - Initial credential options - - **[out]** **enctype_out** - The enctype chosen by KDC - - **[out]** **salt_out** - Salt returned from KDC - - **[out]** **s2kparams_out** - String-to-key parameters returned from KDC - - -.. - - -:retval: - - 0 Success - - -:return: - - A Kerberos error code - -.. - - - - - - - -Send an initial ticket request for *principal* and extract the encryption type, salt type, and string-to-key parameters from the KDC response. If the KDC provides no etype-info, set *enctype_out* to **ENCTYPE_NULL** and set *salt_out* and *s2kparams_out* to empty. If the KDC etype-info provides no salt, compute the default salt and place it in *salt_out* . If the KDC etype-info provides no string-to-key parameters, set *s2kparams_out* to empty. - - - - *opt* may be used to specify options which affect the initial request, such as request encryption types or a FAST armor cache (see krb5_get_init_creds_opt_set_etype_list() and krb5_get_init_creds_opt_set_fast_ccache_name()). - - - -Use krb5_free_data_contents() to free *salt_out* and *s2kparams_out* when they are no longer needed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.17 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_fallback_host_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_fallback_host_realm.rst.txt deleted file mode 100644 index 0a7d1a3c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_fallback_host_realm.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_get_fallback_host_realm -============================ - -.. - -.. c:function:: krb5_error_code krb5_get_fallback_host_realm(krb5_context context, krb5_data * hdata, char *** realmsp) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **hdata** - Host name (or NULL) - - **[out]** **realmsp** - Null-terminated list of realm names - - -.. - - - -.. - - - - - - - -Fill in *realmsp* with a pointer to a null-terminated list of realm names obtained through heuristics or insecure resolution methods which have lower priority than KDC referrals. - - - -If *host* is NULL, the local host's realms are determined. - - - -Use krb5_free_host_realm() to release *realmsp* when it is no longer needed. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_host_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_host_realm.rst.txt deleted file mode 100644 index 32ceb2ad..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_host_realm.rst.txt +++ /dev/null @@ -1,63 +0,0 @@ -krb5_get_host_realm - Get the Kerberos realm names for a host. -================================================================ - -.. - -.. c:function:: krb5_error_code krb5_get_host_realm(krb5_context context, const char * host, char *** realmsp) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **host** - Host name (or NULL) - - **[out]** **realmsp** - Null-terminated list of realm names - - -.. - - -:retval: - - 0 Success - - ENOMEM Insufficient memory - - -:return: - - Kerberos error codes - -.. - - - - - - - -Fill in *realmsp* with a pointer to a null-terminated list of realm names. If there are no known realms for the host, a list containing the referral (empty) realm is returned. - - - -If *host* is NULL, the local host's realms are determined. - - - -Use krb5_free_host_realm() to release *realmsp* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_keytab.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_keytab.rst.txt deleted file mode 100644 index 23a25153..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_keytab.rst.txt +++ /dev/null @@ -1,58 +0,0 @@ -krb5_get_in_tkt_with_keytab -=========================== - -.. - -.. c:function:: krb5_error_code krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, krb5_address *const * addrs, krb5_enctype * ktypes, krb5_preauthtype * pre_auth_types, krb5_keytab arg_keytab, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep ** ret_as_reply) - -.. - - -:param: - - **context** - - **options** - - **addrs** - - **ktypes** - - **pre_auth_types** - - **arg_keytab** - - **ccache** - - **creds** - - **ret_as_reply** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_get_init_creds_keytab(). - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_password.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_password.rst.txt deleted file mode 100644 index c0782f8b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_password.rst.txt +++ /dev/null @@ -1,58 +0,0 @@ -krb5_get_in_tkt_with_password -============================= - -.. - -.. c:function:: krb5_error_code krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, krb5_address *const * addrs, krb5_enctype * ktypes, krb5_preauthtype * pre_auth_types, const char * password, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep ** ret_as_reply) - -.. - - -:param: - - **context** - - **options** - - **addrs** - - **ktypes** - - **pre_auth_types** - - **password** - - **ccache** - - **creds** - - **ret_as_reply** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_get_init_creds_password(). - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_skey.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_skey.rst.txt deleted file mode 100644 index fed7f0b4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_in_tkt_with_skey.rst.txt +++ /dev/null @@ -1,58 +0,0 @@ -krb5_get_in_tkt_with_skey -========================= - -.. - -.. c:function:: krb5_error_code krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options, krb5_address *const * addrs, krb5_enctype * ktypes, krb5_preauthtype * pre_auth_types, const krb5_keyblock * key, krb5_ccache ccache, krb5_creds * creds, krb5_kdc_rep ** ret_as_reply) - -.. - - -:param: - - **context** - - **options** - - **addrs** - - **ktypes** - - **pre_auth_types** - - **key** - - **ccache** - - **creds** - - **ret_as_reply** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_get_init_creds(). - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_keytab.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_keytab.rst.txt deleted file mode 100644 index 32ce5cb6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_keytab.rst.txt +++ /dev/null @@ -1,62 +0,0 @@ -krb5_get_init_creds_keytab - Get initial credentials using a key table. -========================================================================= - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_keytab(krb5_context context, krb5_creds * creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * k5_gic_options) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **creds** - New credentials - - **[in]** **client** - Client principal - - **[in]** **arg_keytab** - Key table handle - - **[in]** **start_time** - Time when ticket becomes valid (0 for now) - - **[in]** **in_tkt_service** - Service name of initial credentials (or NULL) - - **[in]** **k5_gic_options** - Initial credential options - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function requests KDC for an initial credentials for *client* using a client key stored in *arg_keytab* . If *in_tkt_service* is specified, it is parsed as a principal name (with the realm ignored) and used as the service principal for the request; otherwise the ticket-granting service is used. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_alloc.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_alloc.rst.txt deleted file mode 100644 index b8826089..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_alloc.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_get_init_creds_opt_alloc - Allocate a new initial credential options structure. -====================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt ** opt) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **opt** - New options structure - - -.. - - -:retval: - - 0 - Success; Kerberos errors otherwise. - - -.. - - - - - - - -This function is the preferred way to create an options structure for getting initial credentials, and is required to make use of certain options. Use krb5_get_init_creds_opt_free() to free *opt* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_free.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_free.rst.txt deleted file mode 100644 index 94ddbf6b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_free.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_get_init_creds_opt_free - Free initial credential options. -================================================================= - -.. - -.. c:function:: void krb5_get_init_creds_opt_free(krb5_context context, krb5_get_init_creds_opt * opt) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options structure to free - - -.. - - - -.. - - - - - - - - - - - - - - -.. - -.. seealso:: - krb5_get_init_creds_opt_alloc() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.rst.txt deleted file mode 100644 index b38ddacf..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_get_init_creds_opt_get_fast_flags - Retrieve FAST flags from initial credential options. -=============================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_get_fast_flags(krb5_context context, krb5_get_init_creds_opt * opt, krb5_flags * out_flags) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options - - **[out]** **out_flags** - FAST flags - - -.. - - -:retval: - - 0 - Success; Kerberos errors otherwise. - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_init.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_init.rst.txt deleted file mode 100644 index 1cbaa9ab..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_init.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_get_init_creds_opt_init -============================ - -.. - -.. c:function:: void krb5_get_init_creds_opt_init(krb5_get_init_creds_opt * opt) - -.. - - -:param: - - **opt** - - -.. - - - -.. - - -DEPRECATED Use krb5_get_init_creds_opt_alloc() instead. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.rst.txt deleted file mode 100644 index e460a46e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_get_init_creds_opt_set_address_list - Set address restrictions in initial credential options. -==================================================================================================== - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_address_list(krb5_get_init_creds_opt * opt, krb5_address ** addresses) - -.. - - -:param: - - **[in]** **opt** - Options structure - - **[in]** **addresses** - Null-terminated array of addresses - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.rst.txt deleted file mode 100644 index 6953b2c5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_get_init_creds_opt_set_anonymous - Set or unset the anonymous flag in initial credential options. -======================================================================================================== - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt * opt, int anonymous) - -.. - - -:param: - - **[in]** **opt** - Options structure - - **[in]** **anonymous** - Whether to make an anonymous request - - -.. - - - -.. - - - - - - - -This function may be used to request anonymous credentials from the KDC by setting *anonymous* to non-zero. Note that anonymous credentials are only a request; clients must verify that credentials are anonymous if that is a requirement. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.rst.txt deleted file mode 100644 index 099644fe..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_get_init_creds_opt_set_canonicalize - Set or unset the canonicalize flag in initial credential options. -============================================================================================================== - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt * opt, int canonicalize) - -.. - - -:param: - - **[in]** **opt** - Options structure - - **[in]** **canonicalize** - Whether to canonicalize client principal - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.rst.txt deleted file mode 100644 index f8859329..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_get_init_creds_opt_set_change_password_prompt - Set or unset change-password-prompt flag in initial credential options. -============================================================================================================================== - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt * opt, int prompt) - -.. - - -:param: - - **[in]** **opt** - Options structure - - **[in]** **prompt** - Whether to prompt to change password - - -.. - - - -.. - - - - - - - -This flag is on by default. It controls whether krb5_get_init_creds_password() will react to an expired-password error by prompting for a new password and attempting to change the old one. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.rst.txt deleted file mode 100644 index ac6f8ab6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_get_init_creds_opt_set_etype_list - Set allowable encryption types in initial credential options. -======================================================================================================== - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt * opt, krb5_enctype * etype_list, int etype_list_length) - -.. - - -:param: - - **[in]** **opt** - Options structure - - **[in]** **etype_list** - Array of encryption types - - **[in]** **etype_list_length** - Length of *etype_list* - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.rst.txt deleted file mode 100644 index 6715de3e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.rst.txt +++ /dev/null @@ -1,78 +0,0 @@ -krb5_get_init_creds_opt_set_expire_callback - Set an expiration callback in initial credential options. -========================================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_expire_callback(krb5_context context, krb5_get_init_creds_opt * opt, krb5_expire_callback_func cb, void * data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options structure - - **[in]** **cb** - Callback function - - **[in]** **data** - Callback argument - - -.. - - - -.. - - - - - - - -Set a callback to receive password and account expiration times. - - - - *cb* will be invoked if and only if credentials are successfully acquired. The callback will receive the *context* from the calling function and the *data* argument supplied with this API. The remaining arguments should be interpreted as follows: - - - -If *is_last_req* is true, then the KDC reply contained last-req entries which unambiguously indicated the password expiration, account expiration, or both. (If either value was not present, the corresponding argument will be 0.) Furthermore, a non-zero *password_expiration* should be taken as a suggestion from the KDC that a warning be displayed. - - - -If *is_last_req* is false, then *account_expiration* will be 0 and *password_expiration* will contain the expiration time of either the password or account, or 0 if no expiration time was indicated in the KDC reply. The callback should independently decide whether to display a password expiration warning. - - - -Note that *cb* may be invoked even if credentials are being acquired for the kadmin/changepw service in order to change the password. It is the caller's responsibility to avoid displaying a password expiry warning in this case. - - - - - - - - - - -.. - - - - - -.. warning:: - - Setting an expire callback with this API will cause krb5_get_init_creds_password() not to send password expiry warnings to the prompter, as it ordinarily may. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.rst.txt deleted file mode 100644 index 0124a3c0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_get_init_creds_opt_set_fast_ccache - Set FAST armor cache in initial credential options. -=============================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_fast_ccache(krb5_context context, krb5_get_init_creds_opt * opt, krb5_ccache ccache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options - - **[in]** **ccache** - Credential cache handle - - -.. - - - -.. - - - - - - - -This function is similar to krb5_get_init_creds_opt_set_fast_ccache_name(), but uses a credential cache handle instead of a name. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.rst.txt deleted file mode 100644 index b7d7710d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_get_init_creds_opt_set_fast_ccache_name - Set location of FAST armor ccache in initial credential options. -================================================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context, krb5_get_init_creds_opt * opt, const char * fast_ccache_name) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options - - **[in]** **fast_ccache_name** - Credential cache name - - -.. - - - -.. - - - - - - - -Sets the location of a credential cache containing an armor ticket to protect an initial credential exchange using the FAST protocol extension. - - - -In version 1.7, setting an armor ccache requires that FAST be used for the exchange. In version 1.8 or later, setting the armor ccache causes FAST to be used if the KDC supports it; krb5_get_init_creds_opt_set_fast_flags() must be used to require that FAST be used. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.rst.txt deleted file mode 100644 index 77e9fa04..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_get_init_creds_opt_set_fast_flags - Set FAST flags in initial credential options. -======================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_fast_flags(krb5_context context, krb5_get_init_creds_opt * opt, krb5_flags flags) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options - - **[in]** **flags** - FAST flags - - -.. - - -:retval: - - 0 - Success; Kerberos errors otherwise. - - -.. - - - - - - - -The following flag values are valid: - - - #KRB5_FAST_REQUIRED - Require FAST to be used - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.rst.txt deleted file mode 100644 index 50d64b8c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_get_init_creds_opt_set_forwardable - Set or unset the forwardable flag in initial credential options. -============================================================================================================ - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_forwardable(krb5_get_init_creds_opt * opt, int forwardable) - -.. - - -:param: - - **[in]** **opt** - Options structure - - **[in]** **forwardable** - Whether credentials should be forwardable - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.rst.txt deleted file mode 100644 index 41d51176..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_get_init_creds_opt_set_in_ccache - Set an input credential cache in initial credential options. -====================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_in_ccache(krb5_context context, krb5_get_init_creds_opt * opt, krb5_ccache ccache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options - - **[in]** **ccache** - Credential cache handle - - -.. - - - -.. - - - - - - - -If an input credential cache is set, then the krb5_get_init_creds family of APIs will read settings from it. Setting an input ccache is desirable when the application wishes to perform authentication in the same way (using the same preauthentication mechanisms, and making the same non-security- sensitive choices) as the previous authentication attempt, which stored information in the passed-in ccache. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.rst.txt deleted file mode 100644 index dcb1cf60..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_get_init_creds_opt_set_out_ccache - Set an output credential cache in initial credential options. -======================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_out_ccache(krb5_context context, krb5_get_init_creds_opt * opt, krb5_ccache ccache) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options - - **[in]** **ccache** - Credential cache handle - - -.. - - - -.. - - - - - - - -If an output credential cache is set, then the krb5_get_init_creds family of APIs will write credentials to it. Setting an output ccache is desirable both because it simplifies calling code and because it permits the krb5_get_init_creds APIs to write out configuration information about the realm to the ccache. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pa.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pa.rst.txt deleted file mode 100644 index a610fa0c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pa.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_get_init_creds_opt_set_pa - Supply options for preauthentication in initial credential options. -====================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_pa(krb5_context context, krb5_get_init_creds_opt * opt, const char * attr, const char * value) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options structure - - **[in]** **attr** - Preauthentication option name - - **[in]** **value** - Preauthentication option value - - -.. - - - -.. - - - - - - - -This function allows the caller to supply options for preauthentication. The values of *attr* and *value* are supplied to each preauthentication module available within *context* . - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.rst.txt deleted file mode 100644 index ed46081b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_get_init_creds_opt_set_pac_request - Ask the KDC to include or not include a PAC in the ticket. -====================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_pac_request(krb5_context context, krb5_get_init_creds_opt * opt, krb5_boolean req_pac) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options structure - - **[in]** **req_pac** - Whether to request a PAC or not - - -.. - - - -.. - - - - - - - -If this option is set, the AS request will include a PAC-REQUEST pa-data item explicitly asking the KDC to either include or not include a privilege attribute certificate in the ticket authorization data. By default, no request is made; typically the KDC will default to including a PAC if it supports them. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.15 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.rst.txt deleted file mode 100644 index 1e7b647f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_get_init_creds_opt_set_preauth_list - Set preauthentication types in initial credential options. -======================================================================================================= - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt * opt, krb5_preauthtype * preauth_list, int preauth_list_length) - -.. - - -:param: - - **[in]** **opt** - Options structure - - **[in]** **preauth_list** - Array of preauthentication types - - **[in]** **preauth_list_length** - Length of *preauth_list* - - -.. - - - -.. - - - - - - - -This function can be used to perform optimistic preauthentication when getting initial credentials, in combination with krb5_get_init_creds_opt_set_salt() and krb5_get_init_creds_opt_set_pa(). - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.rst.txt deleted file mode 100644 index 7ced7273..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_get_init_creds_opt_set_proxiable - Set or unset the proxiable flag in initial credential options. -======================================================================================================== - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_proxiable(krb5_get_init_creds_opt * opt, int proxiable) - -.. - - -:param: - - **[in]** **opt** - Options structure - - **[in]** **proxiable** - Whether credentials should be proxiable - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.rst.txt deleted file mode 100644 index 58e938d9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_get_init_creds_opt_set_renew_life - Set the ticket renewal lifetime in initial credential options. -========================================================================================================= - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_renew_life(krb5_get_init_creds_opt * opt, krb5_deltat renew_life) - -.. - - -:param: - - **[in]** **opt** - Pointer to *options* field - - **[in]** **renew_life** - Ticket renewal lifetime - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_responder.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_responder.rst.txt deleted file mode 100644 index 220ba403..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_responder.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -krb5_get_init_creds_opt_set_responder - Set the responder function in initial credential options. -=================================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_opt_set_responder(krb5_context context, krb5_get_init_creds_opt * opt, krb5_responder_fn responder, void * data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **opt** - Options structure - - **[in]** **responder** - Responder function - - **[in]** **data** - Responder data argument - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_salt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_salt.rst.txt deleted file mode 100644 index 22512f67..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_salt.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_get_init_creds_opt_set_salt - Set salt for optimistic preauthentication in initial credential options. -============================================================================================================= - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt * opt, krb5_data * salt) - -.. - - -:param: - - **[in]** **opt** - Options structure - - **[in]** **salt** - Salt data - - -.. - - - -.. - - - - - - - -When getting initial credentials with a password, a salt string it used to convert the password to a key. Normally this salt is obtained from the first KDC reply, but when performing optimistic preauthentication, the client may need to supply the salt string with this function. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.rst.txt deleted file mode 100644 index a5c1f685..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_get_init_creds_opt_set_tkt_life - Set the ticket lifetime in initial credential options. -=============================================================================================== - -.. - -.. c:function:: void krb5_get_init_creds_opt_set_tkt_life(krb5_get_init_creds_opt * opt, krb5_deltat tkt_life) - -.. - - -:param: - - **[in]** **opt** - Options structure - - **[in]** **tkt_life** - Ticket lifetime - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_password.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_password.rst.txt deleted file mode 100644 index 1c6fd685..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_init_creds_password.rst.txt +++ /dev/null @@ -1,75 +0,0 @@ -krb5_get_init_creds_password - Get initial credentials using a password. -========================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_init_creds_password(krb5_context context, krb5_creds * creds, krb5_principal client, const char * password, krb5_prompter_fct prompter, void * data, krb5_deltat start_time, const char * in_tkt_service, krb5_get_init_creds_opt * k5_gic_options) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **creds** - New credentials - - **[in]** **client** - Client principal - - **[in]** **password** - Password (or NULL) - - **[in]** **prompter** - Prompter function - - **[in]** **data** - Prompter callback data - - **[in]** **start_time** - Time when ticket becomes valid (0 for now) - - **[in]** **in_tkt_service** - Service name of initial credentials (or NULL) - - **[in]** **k5_gic_options** - Initial credential options - - -.. - - -:retval: - - 0 Success - - EINVAL Invalid argument - - KRB5_KDC_UNREACH Cannot contact any KDC for requested realm - - KRB5_PREAUTH_FAILED Generic Pre-athentication failure - - KRB5_LIBOS_PWDINTR Password read interrupted - - KRB5_REALM_CANT_RESOLVE Cannot resolve network address for KDC in requested realm - - KRB5KDC_ERR_KEY_EXP Password has expired - - KRB5_LIBOS_BADPWDMATCH Password mismatch - - KRB5_CHPW_PWDNULL New password cannot be zero length - - KRB5_CHPW_FAIL Password change failed - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function requests KDC for an initial credentials for *client* using *password* . If *password* is NULL, a password will be prompted for using *prompter* if necessary. If *in_tkt_service* is specified, it is parsed as a principal name (with the realm ignored) and used as the service principal for the request; otherwise the ticket-granting service is used. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_permitted_enctypes.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_permitted_enctypes.rst.txt deleted file mode 100644 index a5776405..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_permitted_enctypes.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_get_permitted_enctypes - Return a list of encryption types permitted for session keys. -============================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_get_permitted_enctypes(krb5_context context, krb5_enctype ** ktypes) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **ktypes** - Zero-terminated list of encryption types - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function returns the list of encryption types permitted for session keys within *context* , as determined by configuration or by a previous call to krb5_set_default_tgs_enctypes(). - - - -Use krb5_free_enctypes() to free *ktypes* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_profile.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_profile.rst.txt deleted file mode 100644 index 4ef2949a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_profile.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_get_profile - Retrieve configuration profile from the context. -===================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_profile(krb5_context context, struct _profile_t ** profile) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **profile** - Pointer to data read from a configuration file - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function creates a new *profile* object that reflects profile in the supplied *context* . - - - -The *profile* object may be freed with profile_release() function. See profile.h and profile API for more details. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_prompt_types.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_prompt_types.rst.txt deleted file mode 100644 index 4cf9748c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_prompt_types.rst.txt +++ /dev/null @@ -1,43 +0,0 @@ -krb5_get_prompt_types - Get prompt types array from a context. -================================================================ - -.. - -.. c:function:: krb5_prompt_type * krb5_get_prompt_types(krb5_context context) - -.. - - -:param: - - **[in]** **context** - Library context - - -.. - - - -:return: - - Pointer to an array of prompt types corresponding to the prompter's prompts arguments. Each type has one of the following values: #KRB5_PROMPT_TYPE_PASSWORD #KRB5_PROMPT_TYPE_NEW_PASSWORD #KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN #KRB5_PROMPT_TYPE_PREAUTH - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_renewed_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_renewed_creds.rst.txt deleted file mode 100644 index 21458f85..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_renewed_creds.rst.txt +++ /dev/null @@ -1,62 +0,0 @@ -krb5_get_renewed_creds - Get renewed credential from KDC using an existing credential. -======================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_renewed_creds(krb5_context context, krb5_creds * creds, krb5_principal client, krb5_ccache ccache, const char * in_tkt_service) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **creds** - Renewed credentials - - **[in]** **client** - Client principal name - - **[in]** **ccache** - Credential cache - - **[in]** **in_tkt_service** - Server principal string (or NULL) - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function gets a renewed credential using an existing one from *ccache* . If *in_tkt_service* is specified, it is parsed (with the realm part ignored) and used as the server principal of the credential; otherwise, the ticket-granting service is used. - - - -If successful, the renewed credential is placed in *creds* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_server_rcache.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_server_rcache.rst.txt deleted file mode 100644 index 38bb1305..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_server_rcache.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_get_server_rcache - Generate a replay cache object for server use and open it. -===================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_server_rcache(krb5_context context, const krb5_data * piece, krb5_rcache * rcptr) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **piece** - Unused (replay cache identifier) - - **[out]** **rcptr** - Handle to an open rcache - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a handle to the default replay cache. Use krb5_rc_close() to close *rcptr* when it is no longer needed. - - - - - - - - - - -.. - - - - -.. note:: - - Prior to release 1.18, this function creates a handle to a different replay cache for each unique value of *piece* . - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_time_offsets.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_time_offsets.rst.txt deleted file mode 100644 index 9bdd8ecb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_time_offsets.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_get_time_offsets - Return the time offsets from the os context. -====================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_time_offsets(krb5_context context, krb5_timestamp * seconds, krb5_int32 * microseconds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **seconds** - Time offset, seconds portion - - **[out]** **microseconds** - Time offset, microseconds portion - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function returns the time offsets in *context* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_validated_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_validated_creds.rst.txt deleted file mode 100644 index e1bf3107..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_get_validated_creds.rst.txt +++ /dev/null @@ -1,67 +0,0 @@ -krb5_get_validated_creds - Get validated credentials from the KDC. -==================================================================== - -.. - -.. c:function:: krb5_error_code krb5_get_validated_creds(krb5_context context, krb5_creds * creds, krb5_principal client, krb5_ccache ccache, const char * in_tkt_service) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **creds** - Validated credentials - - **[in]** **client** - Client principal name - - **[in]** **ccache** - Credential cache - - **[in]** **in_tkt_service** - Server principal string (or NULL) - - -.. - - -:retval: - - 0 Success - - KRB5_NO_2ND_TKT Request missing second ticket - - KRB5_NO_TKT_SUPPLIED Request did not supply a ticket - - KRB5_PRINC_NOMATCH Requested principal and ticket do not match - - KRB5_KDCREP_MODIFIED KDC reply did not match expectations - - KRB5_KDCREP_SKEW Clock skew too great in KDC reply - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function gets a validated credential using a postdated credential from *ccache* . If *in_tkt_service* is specified, it is parsed (with the realm part ignored) and used as the server principal of the credential; otherwise, the ticket-granting service is used. - - - -If successful, the validated credential is placed in *creds* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_context.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_context.rst.txt deleted file mode 100644 index df00c2da..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_context.rst.txt +++ /dev/null @@ -1,58 +0,0 @@ -krb5_init_context - Create a krb5 library context. -==================================================== - -.. - -.. c:function:: krb5_error_code krb5_init_context(krb5_context * context) - -.. - - -:param: - - **[out]** **context** - Library context - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -The *context* must be released by calling krb5_free_context() when it is no longer needed. - - - - - - - - - - -.. - - - - - -.. warning:: - - Any program or module that needs the Kerberos code to not trust the environment must use krb5_init_secure_context(), or clean out the environment. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_context_profile.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_context_profile.rst.txt deleted file mode 100644 index d92f0995..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_context_profile.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_init_context_profile - Create a krb5 library context using a specified profile. -====================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_init_context_profile(struct _profile_t * profile, krb5_flags flags, krb5_context * context) - -.. - - -:param: - - **[in]** **profile** - Profile object (NULL to create default profile) - - **[in]** **flags** - Context initialization flags - - **[out]** **context** - Library context - - -.. - - - -.. - - - - - - - -Create a context structure, optionally using a specified profile and initialization flags. If *profile* is NULL, the default profile will be created from config files. If *profile* is non-null, a copy of it will be made for the new context; the caller should still clean up its copy. Valid flag values are: - - - - - - - #KRB5_INIT_CONTEXT_SECURE Ignore environment variables - - - - #KRB5_INIT_CONTEXT_KDC Use KDC configuration if creating profile - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_free.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_free.rst.txt deleted file mode 100644 index 9b6f5500..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_free.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_init_creds_free - Free an initial credentials context. -============================================================= - -.. - -.. c:function:: void krb5_init_creds_free(krb5_context context, krb5_init_creds_context ctx) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - Initial credentials context - - -.. - - - -.. - - - - - - - - *context* must be the same as the one passed to krb5_init_creds_init() for this initial credentials context. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get.rst.txt deleted file mode 100644 index 00e070ae..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_init_creds_get - Acquire credentials using an initial credentials context. -================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - Initial credentials context - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function synchronously obtains credentials using a context created by krb5_init_creds_init(). On successful return, the credentials can be retrieved with krb5_init_creds_get_creds(). - - - - *context* must be the same as the one passed to krb5_init_creds_init() for this initial credentials context. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_creds.rst.txt deleted file mode 100644 index 777f7f88..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_creds.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_init_creds_get_creds - Retrieve acquired credentials from an initial credentials context. -================================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_init_creds_get_creds(krb5_context context, krb5_init_creds_context ctx, krb5_creds * creds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - Initial credentials context - - **[out]** **creds** - Acquired credentials - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function copies the acquired initial credentials from *ctx* into *creds* , after the successful completion of krb5_init_creds_get() or krb5_init_creds_step(). Use krb5_free_cred_contents() to free *creds* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_error.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_error.rst.txt deleted file mode 100644 index 66aea0b8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_error.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_init_creds_get_error - Get the last error from KDC from an initial credentials context. -============================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_init_creds_get_error(krb5_context context, krb5_init_creds_context ctx, krb5_error ** error) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - Initial credentials context - - **[out]** **error** - Error from KDC, or NULL if none was received - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_times.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_times.rst.txt deleted file mode 100644 index e856df1d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_get_times.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_init_creds_get_times - Retrieve ticket times from an initial credentials context. -======================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_init_creds_get_times(krb5_context context, krb5_init_creds_context ctx, krb5_ticket_times * times) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - Initial credentials context - - **[out]** **times** - Ticket times for acquired credentials - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -The initial credentials context must have completed obtaining credentials via either krb5_init_creds_get() or krb5_init_creds_step(). - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_init.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_init.rst.txt deleted file mode 100644 index ed8096b8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_init.rst.txt +++ /dev/null @@ -1,63 +0,0 @@ -krb5_init_creds_init - Create a context for acquiring initial credentials. -============================================================================ - -.. - -.. c:function:: krb5_error_code krb5_init_creds_init(krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void * data, krb5_deltat start_time, krb5_get_init_creds_opt * options, krb5_init_creds_context * ctx) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **client** - Client principal to get initial creds for - - **[in]** **prompter** - Prompter callback - - **[in]** **data** - Prompter callback argument - - **[in]** **start_time** - Time when credentials become valid (0 for now) - - **[in]** **options** - Options structure (NULL for default) - - **[out]** **ctx** - New initial credentials context - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a new context for acquiring initial credentials. Use krb5_init_creds_free() to free *ctx* when it is no longer needed. - - - -Any subsequent calls to krb5_init_creds_step(), krb5_init_creds_get(), or krb5_init_creds_free() for this initial credentials context must use the same *context* argument as the one passed to this function. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_keytab.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_keytab.rst.txt deleted file mode 100644 index 222755aa..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_keytab.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_init_creds_set_keytab - Specify a keytab to use for acquiring initial credentials. -========================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_init_creds_set_keytab(krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - Initial credentials context - - **[in]** **keytab** - Key table handle - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function supplies a keytab containing the client key for an initial credentials request. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_password.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_password.rst.txt deleted file mode 100644 index 10ad140d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_password.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_init_creds_set_password - Set a password for acquiring initial credentials. -================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_init_creds_set_password(krb5_context context, krb5_init_creds_context ctx, const char * password) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - Initial credentials context - - **[in]** **password** - Password - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function supplies a password to be used to construct the client key for an initial credentials request. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_service.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_service.rst.txt deleted file mode 100644 index d08ffc7d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_set_service.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_init_creds_set_service - Specify a service principal for acquiring initial credentials. -============================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_init_creds_set_service(krb5_context context, krb5_init_creds_context ctx, const char * service) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - Initial credentials context - - **[in]** **service** - Service principal string - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function supplies a service principal string to acquire initial credentials for instead of the default krbtgt service. *service* is parsed as a principal name; any realm part is ignored. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_step.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_step.rst.txt deleted file mode 100644 index 4f425510..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_creds_step.rst.txt +++ /dev/null @@ -1,69 +0,0 @@ -krb5_init_creds_step - Get the next KDC request for acquiring initial credentials. -==================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_init_creds_step(krb5_context context, krb5_init_creds_context ctx, krb5_data * in, krb5_data * out, krb5_data * realm, unsigned int * flags) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - Initial credentials context - - **[in]** **in** - KDC response (empty on the first call) - - **[out]** **out** - Next KDC request - - **[out]** **realm** - Realm for next KDC request - - **[out]** **flags** - Output flags - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function constructs the next KDC request in an initial credential exchange, allowing the caller to control the transport of KDC requests and replies. On the first call, *in* should be set to an empty buffer; on subsequent calls, it should be set to the KDC's reply to the previous request. - - - -If more requests are needed, *flags* will be set to #KRB5_INIT_CREDS_STEP_FLAG_CONTINUE and the next request will be placed in *out* . If no more requests are needed, *flags* will not contain #KRB5_INIT_CREDS_STEP_FLAG_CONTINUE and *out* will be empty. - - - -If this function returns **KRB5KRB_ERR_RESPONSE_TOO_BIG** , the caller should transmit the next request using TCP rather than UDP. If this function returns any other error, the initial credential exchange has failed. - - - - *context* must be the same as the one passed to krb5_init_creds_init() for this initial credentials context. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_keyblock.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_keyblock.rst.txt deleted file mode 100644 index cc6109de..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_keyblock.rst.txt +++ /dev/null @@ -1,61 +0,0 @@ -krb5_init_keyblock - Initialize an empty krb5_keyblock . -========================================================== - -.. - -.. c:function:: krb5_error_code krb5_init_keyblock(krb5_context context, krb5_enctype enctype, size_t length, krb5_keyblock ** out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enctype** - Encryption type - - **[in]** **length** - Length of keyblock (or 0) - - **[out]** **out** - New keyblock structure - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Initialize a new keyblock and allocate storage for the contents of the key. It is legal to pass in a length of 0, in which case contents are left unallocated. Use krb5_free_keyblock() to free *out* when it is no longer needed. - - - - - - - - - - -.. - - - - - - -.. note:: - - If *length* is set to 0, contents are left unallocated. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_random_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_random_key.rst.txt deleted file mode 100644 index 271d7274..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_random_key.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_init_random_key -==================== - -.. - -.. c:function:: krb5_error_code krb5_init_random_key(krb5_context context, const krb5_encrypt_block * eblock, const krb5_keyblock * keyblock, krb5_pointer * ptr) - -.. - - -:param: - - **context** - - **eblock** - - **keyblock** - - **ptr** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_c_* API family. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_secure_context.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_secure_context.rst.txt deleted file mode 100644 index 83c41cdb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_init_secure_context.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_init_secure_context - Create a krb5 library context using only configuration files. -========================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_init_secure_context(krb5_context * context) - -.. - - -:param: - - **[out]** **context** - Library context - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Create a context structure, using only system configuration files. All information passed through the environment variables is ignored. - - - -The *context* must be released by calling krb5_free_context() when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_config_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_config_principal.rst.txt deleted file mode 100644 index 8c1ef806..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_config_principal.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_is_config_principal - Test whether a principal is a configuration principal. -=================================================================================== - -.. - -.. c:function:: krb5_boolean krb5_is_config_principal(krb5_context context, krb5_const_principal principal) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **principal** - Principal to check - - -.. - - - -:return: - - TRUE if the principal is a configuration principal (generated part of krb5_cc_set_config()); FALSE otherwise. - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_referral_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_referral_realm.rst.txt deleted file mode 100644 index 89916c32..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_referral_realm.rst.txt +++ /dev/null @@ -1,43 +0,0 @@ -krb5_is_referral_realm - Check for a match with KRB5_REFERRAL_REALM. -====================================================================== - -.. - -.. c:function:: krb5_boolean krb5_is_referral_realm(const krb5_data * r) - -.. - - -:param: - - **[in]** **r** - Realm to check - - -.. - - - -:return: - - TRUE if r is zero-length, FALSE otherwise - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_thread_safe.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_thread_safe.rst.txt deleted file mode 100644 index 812a2c32..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_is_thread_safe.rst.txt +++ /dev/null @@ -1,43 +0,0 @@ -krb5_is_thread_safe - Test whether the Kerberos library was built with multithread support. -============================================================================================= - -.. - -.. c:function:: krb5_boolean krb5_is_thread_safe(void None) - -.. - - -:param: - - **None** - - -.. - - -:retval: - - TRUE if the library is threadsafe; FALSE otherwise - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_create_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_create_key.rst.txt deleted file mode 100644 index 204d0209..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_create_key.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_k_create_key - Create a krb5_key from the enctype and key data in a keyblock. -==================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_k_create_key(krb5_context context, const krb5_keyblock * key_data, krb5_key * out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key_data** - Keyblock - - **[out]** **out** - Opaque key - - -.. - - -:retval: - - 0 Success; otherwise - KRB5_BAD_ENCTYPE - - -.. - - - - - - - -The reference count on a key *out* is set to 1. Use krb5_k_free_key() to free *out* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_decrypt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_decrypt.rst.txt deleted file mode 100644 index 3c170041..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_decrypt.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -krb5_k_decrypt - Decrypt data using a key (operates on opaque key). -===================================================================== - -.. - -.. c:function:: krb5_error_code krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * cipher_state, const krb5_enc_data * input, krb5_data * output) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Encryption key - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[inout]** **cipher_state** - Cipher state; specify NULL if not needed - - **[in]** **input** - Encrypted data - - **[out]** **output** - Decrypted data - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function decrypts the data block *input* and stores the output into *output* . The actual decryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. - - - - - - - - - - -.. - - - - - - -.. note:: - - The caller must initialize *output* and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let krb5_c_decrypt() trim *output->length* . For some enctypes, the resulting *output->length* may include padding bytes. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_decrypt_iov.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_decrypt_iov.rst.txt deleted file mode 100644 index 3156b439..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_decrypt_iov.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_k_decrypt_iov - Decrypt data in place supporting AEAD (operates on opaque key). -====================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * cipher_state, krb5_crypto_iov * data, size_t num_data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Encryption key - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[in]** **cipher_state** - Cipher state; specify NULL if not needed - - **[inout]** **data** - IOV array. Modified in-place. - - **[in]** **num_data** - Size of *data* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function decrypts the data block *data* and stores the output in-place. The actual decryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API. - - - - - - - - - - -.. - -.. seealso:: - krb5_k_encrypt_iov() - - - - - - -.. note:: - - On return from a krb5_c_decrypt_iov() call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_encrypt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_encrypt.rst.txt deleted file mode 100644 index 797f9d2a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_encrypt.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -krb5_k_encrypt - Encrypt data using a key (operates on opaque key). -===================================================================== - -.. - -.. c:function:: krb5_error_code krb5_k_encrypt(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * cipher_state, const krb5_data * input, krb5_enc_data * output) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Encryption key - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[inout]** **cipher_state** - Cipher state; specify NULL if not needed - - **[in]** **input** - Data to be encrypted - - **[out]** **output** - Encrypted data - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function encrypts the data block *input* and stores the output into *output* . The actual encryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. - - - - - - - - - - -.. - - - - - - -.. note:: - - The caller must initialize *output* and allocate at least enough space for the result (using krb5_c_encrypt_length() to determine the amount of space needed). *output->length* will be set to the actual length of the ciphertext. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_encrypt_iov.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_encrypt_iov.rst.txt deleted file mode 100644 index e715e26e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_encrypt_iov.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_k_encrypt_iov - Encrypt data in place supporting AEAD (operates on opaque key). -====================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * cipher_state, krb5_crypto_iov * data, size_t num_data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Encryption key - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[in]** **cipher_state** - Cipher state; specify NULL if not needed - - **[inout]** **data** - IOV array. Modified in-place. - - **[in]** **num_data** - Size of *data* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function encrypts the data block *data* and stores the output in-place. The actual encryption key will be derived from *key* and *usage* if key derivation is specified for the encryption type. If non-null, *cipher_state* specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API. - - - - - - - - - - -.. - -.. seealso:: - krb5_k_decrypt_iov() - - - - - - -.. note:: - - On return from a krb5_c_encrypt_iov() call, the *data->length* in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_free_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_free_key.rst.txt deleted file mode 100644 index c1060f6d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_free_key.rst.txt +++ /dev/null @@ -1,39 +0,0 @@ -krb5_k_free_key - Decrement the reference count on a key and free it if it hits zero. -======================================================================================= - -.. - -.. c:function:: void krb5_k_free_key(krb5_context context, krb5_key key) - -.. - - -:param: - - **context** - - **key** - - -.. - - - -.. - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_key_enctype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_key_enctype.rst.txt deleted file mode 100644 index d77a541e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_key_enctype.rst.txt +++ /dev/null @@ -1,39 +0,0 @@ -krb5_k_key_enctype - Retrieve the enctype of a krb5_key structure. -==================================================================== - -.. - -.. c:function:: krb5_enctype krb5_k_key_enctype(krb5_context context, krb5_key key) - -.. - - -:param: - - **context** - - **key** - - -.. - - - -.. - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_key_keyblock.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_key_keyblock.rst.txt deleted file mode 100644 index efd782c9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_key_keyblock.rst.txt +++ /dev/null @@ -1,41 +0,0 @@ -krb5_k_key_keyblock - Retrieve a copy of the keyblock from a krb5_key structure. -================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_k_key_keyblock(krb5_context context, krb5_key key, krb5_keyblock ** key_data) - -.. - - -:param: - - **context** - - **key** - - **key_data** - - -.. - - - -.. - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum.rst.txt deleted file mode 100644 index 3f66c0f0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_k_make_checksum - Compute a checksum (operates on opaque key). -===================================================================== - -.. - -.. c:function:: krb5_error_code krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype, krb5_key key, krb5_keyusage usage, const krb5_data * input, krb5_checksum * cksum) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cksumtype** - Checksum type (0 for mandatory type) - - **[in]** **key** - Encryption key for a keyed checksum - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[in]** **input** - Input data - - **[out]** **cksum** - Generated checksum - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function computes a checksum of type *cksumtype* over *input* , using *key* if the checksum type is a keyed checksum. If *cksumtype* is 0 and *key* is non-null, the checksum type will be the mandatory-to-implement checksum type for the key's encryption type. The actual checksum key will be derived from *key* and *usage* if key derivation is specified for the checksum type. The newly created *cksum* must be released by calling krb5_free_checksum_contents() when it is no longer needed. - - - - - - - - - - -.. - -.. seealso:: - krb5_c_verify_checksum() - - - - - - -.. note:: - - This function is similar to krb5_c_make_checksum(), but operates on opaque *key* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum_iov.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum_iov.rst.txt deleted file mode 100644 index a25d8ec1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_make_checksum_iov.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_k_make_checksum_iov - Fill in a checksum element in IOV array (operates on opaque key) -============================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_k_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, krb5_key key, krb5_keyusage usage, krb5_crypto_iov * data, size_t num_data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cksumtype** - Checksum type (0 for mandatory type) - - **[in]** **key** - Encryption key for a keyed checksum - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[inout]** **data** - IOV array - - **[in]** **num_data** - Size of *data* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Create a checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element over #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY chunks in *data* . Only the #KRB5_CRYPTO_TYPE_CHECKSUM region is modified. - - - - - - - - - - -.. - -.. seealso:: - krb5_k_verify_checksum_iov() - - - - - - -.. note:: - - This function is similar to krb5_c_make_checksum_iov(), but operates on opaque *key* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_prf.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_prf.rst.txt deleted file mode 100644 index 69b75d83..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_prf.rst.txt +++ /dev/null @@ -1,61 +0,0 @@ -krb5_k_prf - Generate enctype-specific pseudo-random bytes (operates on opaque key). -====================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_k_prf(krb5_context context, krb5_key key, krb5_data * input, krb5_data * output) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Key - - **[in]** **input** - Input data - - **[out]** **output** - Output data - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function selects a pseudo-random function based on *key* and computes its value over *input* , placing the result into *output* . The caller must preinitialize *output* and allocate space for the result. - - - - - - - - - - -.. - - - - - - -.. note:: - - This function is similar to krb5_c_prf(), but operates on opaque *key* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_reference_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_reference_key.rst.txt deleted file mode 100644 index 06b4629e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_reference_key.rst.txt +++ /dev/null @@ -1,39 +0,0 @@ -krb5_k_reference_key - Increment the reference count on a key. -================================================================ - -.. - -.. c:function:: void krb5_k_reference_key(krb5_context context, krb5_key key) - -.. - - -:param: - - **context** - - **key** - - -.. - - - -.. - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum.rst.txt deleted file mode 100644 index fe591953..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -krb5_k_verify_checksum - Verify a checksum (operates on opaque key). -====================================================================== - -.. - -.. c:function:: krb5_error_code krb5_k_verify_checksum(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data * data, const krb5_checksum * cksum, krb5_boolean * valid) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Encryption key for a keyed checksum - - **[in]** **usage** - *key* usage - - **[in]** **data** - Data to be used to compute a new checksum using *key* to compare *cksum* against - - **[in]** **cksum** - Checksum to be verified - - **[out]** **valid** - Non-zero for success, zero for failure - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function verifies that *cksum* is a valid checksum for *data* . If the checksum type of *cksum* is a keyed checksum, *key* is used to verify the checksum. If the checksum type in *cksum* is 0 and *key* is not NULL, the mandatory checksum type for *key* will be used. The actual checksum key will be derived from *key* and *usage* if key derivation is specified for the checksum type. - - - - - - - - - - -.. - - - - - - -.. note:: - - This function is similar to krb5_c_verify_checksum(), but operates on opaque *key* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum_iov.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum_iov.rst.txt deleted file mode 100644 index af4cffee..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_k_verify_checksum_iov.rst.txt +++ /dev/null @@ -1,70 +0,0 @@ -krb5_k_verify_checksum_iov - Validate a checksum element in IOV array (operates on opaque key). -================================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_k_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov * data, size_t num_data, krb5_boolean * valid) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **cksumtype** - Checksum type (0 for mandatory type) - - **[in]** **key** - Encryption key for a keyed checksum - - **[in]** **usage** - Key usage (see KRB5_KEYUSAGE macros) - - **[in]** **data** - IOV array - - **[in]** **num_data** - Size of *data* - - **[out]** **valid** - Non-zero for success, zero for failure - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Confirm that the checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element is a valid checksum of the #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY regions in the iov. - - - - - - - - - - -.. - -.. seealso:: - krb5_k_make_checksum_iov() - - - - - - -.. note:: - - This function is similar to krb5_c_verify_checksum_iov(), but operates on opaque *key* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kdc_sign_ticket.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kdc_sign_ticket.rst.txt deleted file mode 100644 index 4697e455..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kdc_sign_ticket.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -krb5_kdc_sign_ticket - Sign a PAC, possibly including a ticket signature. -=========================================================================== - -.. - -.. c:function:: krb5_error_code krb5_kdc_sign_ticket(krb5_context context, krb5_enc_tkt_part * enc_tkt, const krb5_pac pac, krb5_const_principal server_princ, krb5_const_principal client_princ, const krb5_keyblock * server, const krb5_keyblock * privsvr, krb5_boolean with_realm) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enc_tkt** - The ticket for the signature - - **[in]** **pac** - PAC handle - - **[in]** **server_princ** - Canonical ticket server name - - **[in]** **client_princ** - PAC_CLIENT_INFO principal (or NULL) - - **[in]** **server** - Key for server checksum - - **[in]** **privsvr** - Key for KDC and ticket checksum - - **[in]** **with_realm** - If true, include the realm of *principal* - - -.. - - -:retval: - - 0 on success, otherwise - Kerberos error codes - - -.. - - - - - - - -Sign *pac* using the keys *server* and *privsvr* . Include a ticket signature over *enc_tkt* if *server_princ* is not a TGS or kadmin/changepw principal name. Add the signed PAC's encoding to the authorization data of *enc_tkt* in the first slot, wrapped in an AD-IF-RELEVANT container. If *client_princ* is non-null, add a PAC_CLIENT_INFO buffer, including the realm if *with_realm* is true. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.20 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kdc_verify_ticket.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kdc_verify_ticket.rst.txt deleted file mode 100644 index 29fdd3a3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kdc_verify_ticket.rst.txt +++ /dev/null @@ -1,73 +0,0 @@ -krb5_kdc_verify_ticket - Verify a PAC, possibly including ticket signature. -============================================================================= - -.. - -.. c:function:: krb5_error_code krb5_kdc_verify_ticket(krb5_context context, const krb5_enc_tkt_part * enc_tkt, krb5_const_principal server_princ, const krb5_keyblock * server, const krb5_keyblock * privsvr, krb5_pac * pac_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enc_tkt** - Ticket enc-part, possibly containing a PAC - - **[in]** **server_princ** - Canonicalized name of ticket server - - **[in]** **server** - Key to validate server checksum (or NULL) - - **[in]** **privsvr** - Key to validate KDC checksum (or NULL) - - **[out]** **pac_out** - Verified PAC (NULL if no PAC included) - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -If a PAC is present in *enc_tkt* , verify its signatures. If *privsvr* is not NULL and *server_princ* is not a krbtgt or kadmin/changepw service, require a ticket signature over *enc_tkt* in addition to the KDC signature. Place the verified PAC in *pac_out* . If an invalid PAC signature is found, return an error matching the Windows KDC protocol code for that condition as closely as possible. - - - -If no PAC is present in *enc_tkt* , set *pac_out* to NULL and return successfully. - - - - - - - - - - -.. - - - - - - -.. note:: - - This function does not validate the PAC_CLIENT_INFO buffer. If a specific value is expected, the caller can make a separate call to krb5_pac_verify_ext() with a principal but no keys. - - - -.. note:: - - New in 1.20 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_add_entry.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_add_entry.rst.txt deleted file mode 100644 index f762d360..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_add_entry.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_kt_add_entry - Add a new entry to a key table. -===================================================== - -.. - -.. c:function:: krb5_error_code krb5_kt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry * entry) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **id** - Key table handle - - **[in]** **entry** - Entry to be added - - -.. - - -:retval: - - 0 Success - - ENOMEM Insufficient memory - - KRB5_KT_NOWRITE Key table is not writeable - - -:return: - - Kerberos error codes - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_client_default.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_client_default.rst.txt deleted file mode 100644 index 8f5663bc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_client_default.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_kt_client_default - Resolve the default client key table. -================================================================ - -.. - -.. c:function:: krb5_error_code krb5_kt_client_default(krb5_context context, krb5_keytab * keytab_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **keytab_out** - Key table handle - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Fill *keytab_out* with a handle to the default client key table. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_close.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_close.rst.txt deleted file mode 100644 index 4761ad68..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_close.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_kt_close - Close a key table handle. -=========================================== - -.. - -.. c:function:: krb5_error_code krb5_kt_close(krb5_context context, krb5_keytab keytab) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keytab** - Key table handle - - -.. - - -:retval: - - 0 None - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_default.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_default.rst.txt deleted file mode 100644 index 35f5a660..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_default.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_kt_default - Resolve the default key table. -================================================== - -.. - -.. c:function:: krb5_error_code krb5_kt_default(krb5_context context, krb5_keytab * id) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **id** - Key table handle - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Set *id* to a handle to the default key table. The key table is not opened. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_default_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_default_name.rst.txt deleted file mode 100644 index 6f9e558f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_default_name.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_kt_default_name - Get the default key table name. -======================================================== - -.. - -.. c:function:: krb5_error_code krb5_kt_default_name(krb5_context context, char * name, int name_size) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **name** - Default key table name - - **[in]** **name_size** - Space available in *name* - - -.. - - -:retval: - - 0 Success - - KRB5_CONFIG_NOTENUFSPACE Buffer is too short - - -:return: - - Kerberos error codes - -.. - - - - - - - -Fill *name* with the name of the default key table for *context* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_dup.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_dup.rst.txt deleted file mode 100644 index 74546350..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_dup.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_kt_dup - Duplicate keytab handle. -======================================== - -.. - -.. c:function:: krb5_error_code krb5_kt_dup(krb5_context context, krb5_keytab in, krb5_keytab * out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **in** - Key table handle to be duplicated - - **[out]** **out** - Key table handle - - -.. - - - -.. - - - - - - - -Create a new handle referring to the same key table as *in* . The new handle and *in* can be closed independently. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.12 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_end_seq_get.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_end_seq_get.rst.txt deleted file mode 100644 index c22443ae..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_end_seq_get.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_kt_end_seq_get - Release a keytab cursor. -================================================ - -.. - -.. c:function:: krb5_error_code krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor * cursor) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keytab** - Key table handle - - **[out]** **cursor** - Cursor - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function should be called to release the cursor created by krb5_kt_start_seq_get(). - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_free_entry.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_free_entry.rst.txt deleted file mode 100644 index 5eaa118f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_free_entry.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_kt_free_entry -================== - -.. - -.. c:function:: krb5_error_code krb5_kt_free_entry(krb5_context context, krb5_keytab_entry * entry) - -.. - - -:param: - - **context** - - **entry** - - -.. - - - -.. - - -DEPRECATED Use krb5_free_keytab_entry_contents instead. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_entry.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_entry.rst.txt deleted file mode 100644 index d5779002..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_entry.rst.txt +++ /dev/null @@ -1,70 +0,0 @@ -krb5_kt_get_entry - Get an entry from a key table. -==================================================== - -.. - -.. c:function:: krb5_error_code krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keytab_entry * entry) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keytab** - Key table handle - - **[in]** **principal** - Principal name - - **[in]** **vno** - Key version number (0 for highest available) - - **[in]** **enctype** - Encryption type (0 zero for any enctype) - - **[out]** **entry** - Returned entry from key table - - -.. - - -:retval: - - 0 Success - - Kerberos error codes on failure - - -.. - - - - - - - -Retrieve an entry from a key table which matches the *keytab* , *principal* , *vno* , and *enctype* . If *vno* is zero, retrieve the highest-numbered kvno matching the other fields. If *enctype* is 0, match any enctype. - - - -Use krb5_free_keytab_entry_contents() to free *entry* when it is no longer needed. - - - - - - - - - - -.. - - - - - - -.. note:: - - If *vno* is zero, the function retrieves the highest-numbered-kvno entry that matches the specified principal. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_name.rst.txt deleted file mode 100644 index 5d36dbba..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_name.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_kt_get_name - Get a key table name. -========================================== - -.. - -.. c:function:: krb5_error_code krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char * name, unsigned int namelen) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keytab** - Key table handle - - **[out]** **name** - Key table name - - **[in]** **namelen** - Maximum length to fill in name - - -.. - - -:retval: - - 0 Success - - KRB5_KT_NAME_TOOLONG Key table name does not fit in namelen bytes - - -:return: - - Kerberos error codes - -.. - - - - - - - -Fill *name* with the name of *keytab* including the type and delimiter. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_type.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_type.rst.txt deleted file mode 100644 index c675af8f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_get_type.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_kt_get_type - Return the type of a key table. -==================================================== - -.. - -.. c:function:: const char * krb5_kt_get_type(krb5_context context, krb5_keytab keytab) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keytab** - Key table handle - - -.. - - - -:return: - - The type of a key table as an alias that must not be modified or freed by the caller. - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_have_content.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_have_content.rst.txt deleted file mode 100644 index dffa94e6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_have_content.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -krb5_kt_have_content - Check if a keytab exists and contains entries. -======================================================================= - -.. - -.. c:function:: krb5_error_code krb5_kt_have_content(krb5_context context, krb5_keytab keytab) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keytab** - Key table handle - - -.. - - -:retval: - - 0 Keytab exists and contains entries - - KRB5_KT_NOTFOUND Keytab does not contain entries - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_next_entry.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_next_entry.rst.txt deleted file mode 100644 index a8715175..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_next_entry.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_kt_next_entry - Retrieve the next entry from the key table. -================================================================== - -.. - -.. c:function:: krb5_error_code krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, krb5_keytab_entry * entry, krb5_kt_cursor * cursor) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keytab** - Key table handle - - **[out]** **entry** - Returned key table entry - - **[in]** **cursor** - Key table cursor - - -.. - - -:retval: - - 0 Success - - KRB5_KT_END - if the last entry was reached - - -:return: - - Kerberos error codes - -.. - - - - - - - -Return the next sequential entry in *keytab* and advance *cursor* . Callers must release the returned entry with krb5_kt_free_entry(). - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_read_service_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_read_service_key.rst.txt deleted file mode 100644 index acb8ca86..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_read_service_key.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_kt_read_service_key - Retrieve a service key from a key table. -===================================================================== - -.. - -.. c:function:: krb5_error_code krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keyblock ** key) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keyprocarg** - Name of a key table (NULL to use default name) - - **[in]** **principal** - Service principal - - **[in]** **vno** - Key version number (0 for highest available) - - **[in]** **enctype** - Encryption type (0 for any type) - - **[out]** **key** - Service key from key table - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error code if not found or keyprocarg is invalid. - -.. - - - - - - - -Open and search the specified key table for the entry identified by *principal* , *enctype* , and *vno* . If no key is found, return an error code. - - - -The default key table is used, unless *keyprocarg* is non-null. *keyprocarg* designates a specific key table. - - - -Use krb5_free_keyblock() to free *key* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_remove_entry.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_remove_entry.rst.txt deleted file mode 100644 index 10c1705a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_remove_entry.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_kt_remove_entry - Remove an entry from a key table. -========================================================== - -.. - -.. c:function:: krb5_error_code krb5_kt_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry * entry) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **id** - Key table handle - - **[in]** **entry** - Entry to remove from key table - - -.. - - -:retval: - - 0 Success - - KRB5_KT_NOWRITE Key table is not writable - - -:return: - - Kerberos error codes - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_resolve.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_resolve.rst.txt deleted file mode 100644 index 4ece77d8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_resolve.rst.txt +++ /dev/null @@ -1,66 +0,0 @@ -krb5_kt_resolve - Get a handle for a key table. -================================================= - -.. - -.. c:function:: krb5_error_code krb5_kt_resolve(krb5_context context, const char * name, krb5_keytab * ktid) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **name** - Name of the key table - - **[out]** **ktid** - Key table handle - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Resolve the key table name *name* and set *ktid* to a handle identifying the key table. Use krb5_kt_close() to free *ktid* when it is no longer needed. - - - - *name* must be of the form **type:residual** , where *type* must be a type known to the library and *residual* portion should be specific to the particular keytab type. If no *type* is given, the default is **FILE** . - - - -If *name* is of type **FILE** , the keytab file is not opened by this call. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_start_seq_get.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_start_seq_get.rst.txt deleted file mode 100644 index cbe107be..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kt_start_seq_get.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_kt_start_seq_get - Start a sequential retrieval of key table entries. -============================================================================ - -.. - -.. c:function:: krb5_error_code krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor * cursor) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **keytab** - Key table handle - - **[out]** **cursor** - Cursor - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Prepare to read sequentially every key in the specified key table. Use krb5_kt_end_seq_get() to release the cursor when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kuserok.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kuserok.rst.txt deleted file mode 100644 index 7dbd15f7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_kuserok.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_kuserok - Determine if a principal is authorized to log in as a local user. -================================================================================== - -.. - -.. c:function:: krb5_boolean krb5_kuserok(krb5_context context, krb5_principal principal, const char * luser) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **principal** - Principal name - - **[in]** **luser** - Local username - - -.. - - -:retval: - - TRUE Principal is authorized to log in as user; FALSE otherwise. - - -.. - - - - - - - -Determine whether *principal* is authorized to log in as a local user *luser* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_make_authdata_kdc_issued.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_make_authdata_kdc_issued.rst.txt deleted file mode 100644 index e671af5f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_make_authdata_kdc_issued.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_make_authdata_kdc_issued - Encode and sign AD-KDCIssued authorization data. -================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_make_authdata_kdc_issued(krb5_context context, const krb5_keyblock * key, krb5_const_principal issuer, krb5_authdata *const * authdata, krb5_authdata *** ad_kdcissued) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Session key - - **[in]** **issuer** - The name of the issuing principal - - **[in]** **authdata** - List of authorization data to be signed - - **[out]** **ad_kdcissued** - List containing AD-KDCIssued authdata - - -.. - - - -.. - - - - - - - -This function wraps a list of authorization data entries *authdata* in an AD-KDCIssued container (see RFC 4120 section 5.2.6.2) signed with *key* . The result is returned in *ad_kdcissued* as a single-element list. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_marshal_credentials.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_marshal_credentials.rst.txt deleted file mode 100644 index de1c8f8e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_marshal_credentials.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_marshal_credentials - Serialize a krb5_creds object. -=========================================================== - -.. - -.. c:function:: krb5_error_code krb5_marshal_credentials(krb5_context context, krb5_creds * in_creds, krb5_data ** data_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **in_creds** - The credentials object to serialize - - **[out]** **data_out** - The serialized credentials - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Serialize *creds* in the format used by the FILE ccache format (vesion 4) and KCM ccache protocol. - - - -Use krb5_free_data() to free *data_out* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_merge_authdata.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_merge_authdata.rst.txt deleted file mode 100644 index 6be3fbef..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_merge_authdata.rst.txt +++ /dev/null @@ -1,61 +0,0 @@ -krb5_merge_authdata - Merge two authorization data lists into a new list. -=========================================================================== - -.. - -.. c:function:: krb5_error_code krb5_merge_authdata(krb5_context context, krb5_authdata *const * inauthdat1, krb5_authdata *const * inauthdat2, krb5_authdata *** outauthdat) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **inauthdat1** - First list of *krb5_authdata* structures - - **[in]** **inauthdat2** - Second list of *krb5_authdata* structures - - **[out]** **outauthdat** - Merged list of *krb5_authdata* structures - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Merge two authdata arrays, such as the array from a ticket and authenticator. Use krb5_free_authdata() to free *outauthdat* when it is no longer needed. - - - - - - - - - - -.. - - - - - - -.. note:: - - The last array entry in *inauthdat1* and *inauthdat2* must be a NULL pointer. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_1cred.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_1cred.rst.txt deleted file mode 100644 index 7244e3be..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_1cred.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -krb5_mk_1cred - Format a KRB-CRED message for a single set of credentials. -============================================================================ - -.. - -.. c:function:: krb5_error_code krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context, krb5_creds * creds, krb5_data ** der_out, krb5_replay_data * rdata_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **creds** - Pointer to credentials - - **[out]** **der_out** - Encoded credentials - - **[out]** **rdata_out** - Replay cache data (NULL if not needed) - - -.. - - -:retval: - - 0 Success - - ENOMEM Insufficient memory - - KRB5_RC_REQUIRED Message replay detection requires rcache parameter - - -:return: - - Kerberos error codes - -.. - - - - - - - -This is a convenience function that calls krb5_mk_ncred() with a single set of credentials. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_error.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_error.rst.txt deleted file mode 100644 index 59405b26..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_error.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_mk_error - Format and encode a KRB_ERROR message. -======================================================== - -.. - -.. c:function:: krb5_error_code krb5_mk_error(krb5_context context, const krb5_error * dec_err, krb5_data * enc_err) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **dec_err** - Error structure to be encoded - - **[out]** **enc_err** - Encoded error structure - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates a **KRB_ERROR** message in *enc_err* . Use krb5_free_data_contents() to free *enc_err* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_ncred.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_ncred.rst.txt deleted file mode 100644 index 7a074b6d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_ncred.rst.txt +++ /dev/null @@ -1,88 +0,0 @@ -krb5_mk_ncred - Format a KRB-CRED message for an array of credentials. -======================================================================== - -.. - -.. c:function:: krb5_error_code krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, krb5_creds ** creds, krb5_data ** der_out, krb5_replay_data * rdata_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **creds** - Null-terminated array of credentials - - **[out]** **der_out** - Encoded credentials - - **[out]** **rdata_out** - Replay cache information (NULL if not needed) - - -.. - - -:retval: - - 0 Success - - ENOMEM Insufficient memory - - KRB5_RC_REQUIRED Message replay detection requires rcache parameter - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function takes an array of credentials *creds* and formats a **KRB-CRED** message *der_out* to pass to krb5_rd_cred(). - - - -The local and remote addresses in *auth_context* are optional; if either is specified, they are used to form the sender and receiver addresses in the KRB-CRED message. - - - -If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in *auth_context* , an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no replay cache is used. If #KRB5_AUTH_CONTEXT_RET_TIME is set in *auth_context* , the timestamp used for the KRB-CRED message is stored in *rdata_out* . - - - -If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the *auth_context* local sequence number is included in the KRB-CRED message and then incremented. If #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the sequence number used is stored in *rdata_out* . - - - -Use krb5_free_data_contents() to free *der_out* when it is no longer needed. - - - -The message will be encrypted using the send subkey of *auth_context* if it is present, or the session key otherwise. If neither key is present, the credentials will not be encrypted, and the message should only be sent over a secure channel. No replay cache entry is used in this case. - - - - - - - - - - -.. - - - - - - -.. note:: - - The *rdata_out* argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in *auth_context* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_priv.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_priv.rst.txt deleted file mode 100644 index 0d9922ec..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_priv.rst.txt +++ /dev/null @@ -1,79 +0,0 @@ -krb5_mk_priv - Format a KRB-PRIV message. -=========================================== - -.. - -.. c:function:: krb5_error_code krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data * userdata, krb5_data * der_out, krb5_replay_data * rdata_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **userdata** - User data for **KRB-PRIV** message - - **[out]** **der_out** - Formatted **KRB-PRIV** message - - **[out]** **rdata_out** - Replay data (NULL if not needed) - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function is similar to krb5_mk_safe(), but the message is encrypted and integrity-protected, not just integrity-protected. - - - -The local address in *auth_context* must be set, and is used to form the sender address used in the KRB-PRIV message. The remote address is optional; if specified, it will be used to form the receiver address used in the message. - - - -If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in *auth_context* , a timestamp is included in the KRB-PRIV message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no replay cache is used. If #KRB5_AUTH_CONTEXT_RET_TIME is set in *auth_context* , a timestamp is included in the KRB-PRIV message and is stored in *rdata_out* . - - - -If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the *auth_context* local sequence number is included in the KRB-PRIV message and then incremented. If #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the sequence number used is stored in *rdata_out* . - - - -Use krb5_free_data_contents() to free *der_out* when it is no longer needed. - - - - - - - - - - -.. - - - - - - -.. note:: - - The *rdata_out* argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in *auth_context* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_rep.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_rep.rst.txt deleted file mode 100644 index 29091a1b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_rep.rst.txt +++ /dev/null @@ -1,59 +0,0 @@ -krb5_mk_rep - Format and encrypt a KRB_AP_REP message. -======================================================== - -.. - -.. c:function:: krb5_error_code krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data * outbuf) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **outbuf** - **AP-REP** message - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function fills in *outbuf* with an AP-REP message using information from *auth_context* . - - - -If the flags in *auth_context* indicate that a sequence number should be used (either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE) and the local sequence number in *auth_context* is 0, a new number will be generated with krb5_generate_seq_number(). - - - -Use krb5_free_data_contents() to free *outbuf* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_rep_dce.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_rep_dce.rst.txt deleted file mode 100644 index 31cc1828..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_rep_dce.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_mk_rep_dce - Format and encrypt a KRB_AP_REP message for DCE RPC. -======================================================================== - -.. - -.. c:function:: krb5_error_code krb5_mk_rep_dce(krb5_context context, krb5_auth_context auth_context, krb5_data * outbuf) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[out]** **outbuf** - **AP-REP** message - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Use krb5_free_data_contents() to free *outbuf* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_req.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_req.rst.txt deleted file mode 100644 index 08033bbd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_req.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -krb5_mk_req - Create a KRB_AP_REQ message. -============================================ - -.. - -.. c:function:: krb5_error_code krb5_mk_req(krb5_context context, krb5_auth_context * auth_context, krb5_flags ap_req_options, const char * service, const char * hostname, krb5_data * in_data, krb5_ccache ccache, krb5_data * outbuf) - -.. - - -:param: - - **[in]** **context** - Library context - - **[inout]** **auth_context** - Pre-existing or newly created auth context - - **[in]** **ap_req_options** - Options (see AP_OPTS macros) - - **[in]** **service** - Service name, or NULL to use **"host"** - - **[in]** **hostname** - Host name, or NULL to use local hostname - - **[in]** **in_data** - Application data to be checksummed in the authenticator, or NULL - - **[in]** **ccache** - Credential cache used to obtain credentials for the desired service. - - **[out]** **outbuf** - **AP-REQ** message - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function is similar to krb5_mk_req_extended() except that it uses a given *hostname* , *service* , and *ccache* to construct a service principal name and obtain credentials. - - - -Use krb5_free_data_contents() to free *outbuf* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_req_extended.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_req_extended.rst.txt deleted file mode 100644 index 532af977..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_req_extended.rst.txt +++ /dev/null @@ -1,74 +0,0 @@ -krb5_mk_req_extended - Create a KRB_AP_REQ message using supplied credentials. -================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_mk_req_extended(krb5_context context, krb5_auth_context * auth_context, krb5_flags ap_req_options, krb5_data * in_data, krb5_creds * in_creds, krb5_data * outbuf) - -.. - - -:param: - - **[in]** **context** - Library context - - **[inout]** **auth_context** - Pre-existing or newly created auth context - - **[in]** **ap_req_options** - Options (see AP_OPTS macros) - - **[in]** **in_data** - Application data to be checksummed in the authenticator, or NULL - - **[in]** **in_creds** - Credentials for the service with valid ticket and key - - **[out]** **outbuf** - **AP-REQ** message - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Valid *ap_req_options* are: - - - #AP_OPTS_USE_SESSION_KEY - Use the session key when creating the request used for user to user authentication. - - - - #AP_OPTS_MUTUAL_REQUIRED - Request a mutual authentication packet from the receiver. - - - - #AP_OPTS_USE_SUBKEY - Generate a subsession key from the current session key obtained from the credentials. - - This function creates a KRB_AP_REQ message using supplied credentials *in_creds* . *auth_context* may point to an existing auth context or to NULL, in which case a new one will be created. If *in_data* is non-null, a checksum of it will be included in the authenticator contained in the KRB_AP_REQ message. Use krb5_free_data_contents() to free *outbuf* when it is no longer needed. - - - -On successful return, the authenticator is stored in *auth_context* with the *client* and *checksum* fields nulled out. (This is to prevent pointer-sharing problems; the caller should not need these fields anyway, since the caller supplied them.) - - - - - - - - - - -.. - -.. seealso:: - krb5_mk_req() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_safe.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_safe.rst.txt deleted file mode 100644 index f9a67be4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_mk_safe.rst.txt +++ /dev/null @@ -1,83 +0,0 @@ -krb5_mk_safe - Format a KRB-SAFE message. -=========================================== - -.. - -.. c:function:: krb5_error_code krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data * userdata, krb5_data * der_out, krb5_replay_data * rdata_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **userdata** - User data in the message - - **[out]** **der_out** - Formatted **KRB-SAFE** buffer - - **[out]** **rdata_out** - Replay data. Specify NULL if not needed - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function creates an integrity protected **KRB-SAFE** message using data supplied by the application. - - - -Fields in *auth_context* specify the checksum type, the keyblock that can be used to seed the checksum, full addresses (host and port) for the sender and receiver, and KRB5_AUTH_CONTEXT flags. - - - -The local address in *auth_context* must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message. - - - -If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in *auth_context* , a timestamp is included in the KRB-SAFE message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no replay cache is used. If #KRB5_AUTH_CONTEXT_RET_TIME is set in *auth_context* , a timestamp is included in the KRB-SAFE message and is stored in *rdata_out* . - - - -If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the *auth_context* local sequence number is included in the KRB-SAFE message and then incremented. If #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the sequence number used is stored in *rdata_out* . - - - -Use krb5_free_data_contents() to free *der_out* when it is no longer needed. - - - - - - - - - - -.. - - - - - - -.. note:: - - The *rdata_out* argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in *auth_context* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_os_localaddr.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_os_localaddr.rst.txt deleted file mode 100644 index e0b01ff5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_os_localaddr.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_os_localaddr - Return all interface addresses for this host. -=================================================================== - -.. - -.. c:function:: krb5_error_code krb5_os_localaddr(krb5_context context, krb5_address *** addr) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **addr** - Array of krb5_address pointers, ending with NULL - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Use krb5_free_addresses() to free *addr* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_add_buffer.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_add_buffer.rst.txt deleted file mode 100644 index 4c153c23..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_add_buffer.rst.txt +++ /dev/null @@ -1,75 +0,0 @@ -krb5_pac_add_buffer - Add a buffer to a PAC handle. -===================================================== - -.. - -.. c:function:: krb5_error_code krb5_pac_add_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type, const krb5_data * data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **pac** - PAC handle - - **[in]** **type** - Buffer type - - **[in]** **data** - contents - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function adds a buffer of type *type* and contents *data* to *pac* if there isn't already a buffer of this type present. - - - -The valid values of *type* is one of the following: - - - #KRB5_PAC_LOGON_INFO - Logon information - - - - #KRB5_PAC_CREDENTIALS_INFO - Credentials information - - - - #KRB5_PAC_SERVER_CHECKSUM - Server checksum - - - - #KRB5_PAC_PRIVSVR_CHECKSUM - KDC checksum - - - - #KRB5_PAC_CLIENT_INFO - Client name and ticket information - - - - #KRB5_PAC_DELEGATION_INFO - Constrained delegation information - - - - #KRB5_PAC_UPN_DNS_INFO - User principal name and DNS information - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_free.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_free.rst.txt deleted file mode 100644 index 9b204bef..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_free.rst.txt +++ /dev/null @@ -1,42 +0,0 @@ -krb5_pac_free - Free a PAC handle. -==================================== - -.. - -.. c:function:: void krb5_pac_free(krb5_context context, krb5_pac pac) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **pac** - PAC to be freed - - -.. - - - -.. - - - - - - - -This function frees the contents of *pac* and the structure itself. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_buffer.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_buffer.rst.txt deleted file mode 100644 index b4361f9b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_buffer.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_pac_get_buffer - Retrieve a buffer value from a PAC. -=========================================================== - -.. - -.. c:function:: krb5_error_code krb5_pac_get_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type, krb5_data * data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **pac** - PAC handle - - **[in]** **type** - Type of buffer to retrieve - - **[out]** **data** - Buffer value - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Use krb5_free_data_contents() to free *data* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_client_info.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_client_info.rst.txt deleted file mode 100644 index 4c628c46..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_client_info.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_pac_get_client_info - Read client information from a PAC. -================================================================ - -.. - -.. c:function:: krb5_error_code krb5_pac_get_client_info(krb5_context context, const krb5_pac pac, krb5_timestamp * authtime_out, char ** princname_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **pac** - PAC handle - - **[out]** **authtime_out** - Authentication timestamp (NULL if not needed) - - **[out]** **princname_out** - Client account name - - -.. - - -:retval: - - 0 on success, ENOENT if no PAC_CLIENT_INFO buffer is present in pac , ERANGE if the buffer contains invalid lengths. - - -.. - - - - - - - -Read the PAC_CLIENT_INFO buffer in *pac* . Place the client account name as a string in *princname_out* . If *authtime_out* is not NULL, place the initial authentication timestamp in *authtime_out* . - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.18 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_types.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_types.rst.txt deleted file mode 100644 index bce3b2c8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_get_types.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_pac_get_types - Return an array of buffer types in a PAC handle. -======================================================================= - -.. - -.. c:function:: krb5_error_code krb5_pac_get_types(krb5_context context, krb5_pac pac, size_t * len, krb5_ui_4 ** types) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **pac** - PAC handle - - **[out]** **len** - Number of entries in *types* - - **[out]** **types** - Array of buffer types - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_init.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_init.rst.txt deleted file mode 100644 index d4a248bc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_init.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -krb5_pac_init - Create an empty Privilege Attribute Certificate (PAC) handle. -=============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_pac_init(krb5_context context, krb5_pac * pac) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **pac** - New PAC handle - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Use krb5_pac_free() to free *pac* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_parse.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_parse.rst.txt deleted file mode 100644 index e770e929..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_parse.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_pac_parse - Unparse an encoded PAC into a new handle. -============================================================ - -.. - -.. c:function:: krb5_error_code krb5_pac_parse(krb5_context context, const void * ptr, size_t len, krb5_pac * pac) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ptr** - PAC buffer - - **[in]** **len** - Length of *ptr* - - **[out]** **pac** - PAC handle - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Use krb5_pac_free() to free *pac* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_sign.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_sign.rst.txt deleted file mode 100644 index 9b2499a8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_sign.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_pac_sign -============= - -.. - -.. c:function:: krb5_error_code krb5_pac_sign(krb5_context context, krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server_key, const krb5_keyblock * privsvr_key, krb5_data * data) - -.. - - -:param: - - **context** - - **pac** - - **authtime** - - **principal** - - **server_key** - - **privsvr_key** - - **data** - - -.. - - - -.. - - -DEPRECATED Use krb5_kdc_sign_ticket() instead. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_sign_ext.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_sign_ext.rst.txt deleted file mode 100644 index 46f1552b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_sign_ext.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_pac_sign_ext -================= - -.. - -.. c:function:: krb5_error_code krb5_pac_sign_ext(krb5_context context, krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server_key, const krb5_keyblock * privsvr_key, krb5_boolean with_realm, krb5_data * data) - -.. - - -:param: - - **context** - - **pac** - - **authtime** - - **principal** - - **server_key** - - **privsvr_key** - - **with_realm** - - **data** - - -.. - - - -.. - - -DEPRECATED Use krb5_kdc_sign_ticket() instead. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_verify.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_verify.rst.txt deleted file mode 100644 index 338b43a1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_verify.rst.txt +++ /dev/null @@ -1,69 +0,0 @@ -krb5_pac_verify - Verify a PAC. -================================= - -.. - -.. c:function:: krb5_error_code krb5_pac_verify(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **pac** - PAC handle - - **[in]** **authtime** - Expected timestamp - - **[in]** **principal** - Expected principal name (or NULL) - - **[in]** **server** - Key to validate server checksum (or NULL) - - **[in]** **privsvr** - Key to validate KDC checksum (or NULL) - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function validates *pac* against the supplied *server* , *privsvr* , *principal* and *authtime* . If *principal* is NULL, the principal and authtime are not verified. If *server* or *privsvr* is NULL, the corresponding checksum is not verified. - - - -If successful, *pac* is marked as verified. - - - - - - - - - - -.. - - - - - - -.. note:: - - A checksum mismatch can occur if the PAC was copied from a cross-realm TGT by an ignorant KDC; also macOS Server Open Directory (as of 10.6) generates PACs with no server checksum at all. One should consider not failing the whole authentication because of this reason, but, instead, treating the ticket as if it did not contain a PAC or marking the PAC information as non-verified. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_verify_ext.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_verify_ext.rst.txt deleted file mode 100644 index 41ffcdf6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_pac_verify_ext.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm. -====================================================================== - -.. - -.. c:function:: krb5_error_code krb5_pac_verify_ext(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock * server, const krb5_keyblock * privsvr, krb5_boolean with_realm) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **pac** - PAC handle - - **[in]** **authtime** - Expected timestamp - - **[in]** **principal** - Expected principal name (or NULL) - - **[in]** **server** - Key to validate server checksum (or NULL) - - **[in]** **privsvr** - Key to validate KDC checksum (or NULL) - - **[in]** **with_realm** - If true, expect the realm of *principal* - - -.. - - - -.. - - - - - - - -This function is similar to krb5_pac_verify(), but adds a parameter *with_realm* . If *with_realm* is true, the PAC_CLIENT_INFO field is expected to include the realm of *principal* as well as the name. This flag is necessary to verify PACs in cross-realm S4U2Self referral TGTs. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.17 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_parse_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_parse_name.rst.txt deleted file mode 100644 index 835337d4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_parse_name.rst.txt +++ /dev/null @@ -1,78 +0,0 @@ -krb5_parse_name - Convert a string principal name to a krb5_principal structure. -================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_parse_name(krb5_context context, const char * name, krb5_principal * principal_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **name** - String representation of a principal name - - **[out]** **principal_out** - New principal - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Convert a string representation of a principal name to a krb5_principal structure. - - - -A string representation of a Kerberos name consists of one or more principal name components, separated by slashes, optionally followed by the @ character and a realm name. If the realm name is not specified, the local realm is used. - - - -To use the slash and @ symbols as part of a component (quoted) instead of using them as a component separator or as a realm prefix), put a backslash () character in front of the symbol. Similarly, newline, tab, backspace, and NULL characters can be included in a component by using **n** , **t** , **b** or **0** , respectively. - - - -Beginning with release 1.20, the name type of the principal will be inferred as **KRB5_NT_SRV_INST** or **KRB5_NT_WELLKNOWN** based on the principal name. The type will be **KRB5_NT_PRINCIPAL** if a type cannot be inferred. - - - -Use krb5_free_principal() to free *principal_out* when it is no longer needed. - - - - - - - - - - -.. - - - - - - -.. note:: - - The realm in a Kerberos *name* cannot contain slash, colon, or NULL characters. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_parse_name_flags.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_parse_name_flags.rst.txt deleted file mode 100644 index 68cbc7c5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_parse_name_flags.rst.txt +++ /dev/null @@ -1,77 +0,0 @@ -krb5_parse_name_flags - Convert a string principal name to a krb5_principal with flags. -========================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_parse_name_flags(krb5_context context, const char * name, int flags, krb5_principal * principal_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **name** - String representation of a principal name - - **[in]** **flags** - Flag - - **[out]** **principal_out** - New principal - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Similar to krb5_parse_name(), this function converts a single-string representation of a principal name to a krb5_principal structure. - - - -The following flags are valid: - - - #KRB5_PRINCIPAL_PARSE_NO_REALM - no realm must be present in *name* - - - - #KRB5_PRINCIPAL_PARSE_REQUIRE_REALM - realm must be present in *name* - - - - #KRB5_PRINCIPAL_PARSE_ENTERPRISE - create single-component enterprise principal - - - - #KRB5_PRINCIPAL_PARSE_IGNORE_REALM - ignore realm if present in *name* - - If **KRB5_PRINCIPAL_PARSE_NO_REALM** or **KRB5_PRINCIPAL_PARSE_IGNORE_REALM** is specified in *flags* , the realm of the new principal will be empty. Otherwise, the default realm for *context* will be used if *name* does not specify a realm. - - - -Use krb5_free_principal() to free *principal_out* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_prepend_error_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_prepend_error_message.rst.txt deleted file mode 100644 index 6503ab16..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_prepend_error_message.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_prepend_error_message - Add a prefix to the message for an error code. -============================================================================= - -.. - -.. c:function:: void krb5_prepend_error_message(krb5_context ctx, krb5_error_code code, const char * fmt, ... ) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **code** - Error code - - **[in]** **fmt** - Format string for error message prefix - - -.. - - - -.. - - - - - - - -Format a message and prepend it to the current message for *code* . The prefix will be separated from the old message with a colon and space. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal2salt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal2salt.rst.txt deleted file mode 100644 index ff0f3416..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal2salt.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_principal2salt - Convert a principal name into the default salt for that principal. -========================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_principal2salt(krb5_context context, krb5_const_principal pr, krb5_data * ret) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **pr** - Principal name - - **[out]** **ret** - Default salt for *pr* to be filled in - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare.rst.txt deleted file mode 100644 index 269efe31..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_principal_compare - Compare two principals. -================================================== - -.. - -.. c:function:: krb5_boolean krb5_principal_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **princ1** - First principal - - **[in]** **princ2** - Second principal - - -.. - - -:retval: - - TRUE if the principals are the same; FALSE otherwise - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare_any_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare_any_realm.rst.txt deleted file mode 100644 index 72c02a66..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare_any_realm.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_principal_compare_any_realm - Compare two principals ignoring realm components. -====================================================================================== - -.. - -.. c:function:: krb5_boolean krb5_principal_compare_any_realm(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **princ1** - First principal - - **[in]** **princ2** - Second principal - - -.. - - -:retval: - - TRUE if the principals are the same; FALSE otherwise - - -.. - - - - - - - -Similar to krb5_principal_compare(), but do not compare the realm components of the principals. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare_flags.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare_flags.rst.txt deleted file mode 100644 index df8fc5bd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_principal_compare_flags.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -krb5_principal_compare_flags - Compare two principals with additional flags. -============================================================================== - -.. - -.. c:function:: krb5_boolean krb5_principal_compare_flags(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2, int flags) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **princ1** - First principal - - **[in]** **princ2** - Second principal - - **[in]** **flags** - Flags - - -.. - - -:retval: - - TRUE if the principal names are the same; FALSE otherwise - - -.. - - - - - - - -Valid flags are: - - - #KRB5_PRINCIPAL_COMPARE_IGNORE_REALM - ignore realm component - - - - #KRB5_PRINCIPAL_COMPARE_ENTERPRISE - UPNs as real principals - - - - #KRB5_PRINCIPAL_COMPARE_CASEFOLD case-insensitive - - - - #KRB5_PRINCIPAL_COMPARE_UTF8 - treat principals as UTF-8 - - - - - - - - -.. - -.. seealso:: - krb5_principal_compare() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_process_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_process_key.rst.txt deleted file mode 100644 index 3d08b5dc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_process_key.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_process_key -================ - -.. - -.. c:function:: krb5_error_code krb5_process_key(krb5_context context, krb5_encrypt_block * eblock, const krb5_keyblock * key) - -.. - - -:param: - - **context** - - **eblock** - - **key** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_c_* API family. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_prompter_posix.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_prompter_posix.rst.txt deleted file mode 100644 index b4012cac..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_prompter_posix.rst.txt +++ /dev/null @@ -1,64 +0,0 @@ -krb5_prompter_posix - Prompt user for password. -================================================= - -.. - -.. c:function:: krb5_error_code krb5_prompter_posix(krb5_context context, void * data, const char * name, const char * banner, int num_prompts, krb5_prompt prompts) - -.. - - -:param: - - **[in]** **context** - Library context - - **data** - Unused (callback argument) - - **[in]** **name** - Name to output during prompt - - **[in]** **banner** - Banner to output during prompt - - **[in]** **num_prompts** - Number of prompts in *prompts* - - **[in]** **prompts** - Array of prompts and replies - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function is intended to be used as a prompter callback for krb5_get_init_creds_password() or krb5_init_creds_init(). - - - -Writes *name* and *banner* to stdout, each followed by a newline, then writes each prompt field in the *prompts* array, followed by":", and sets the reply field of the entry to a line of input read from stdin. If the hidden flag is set for a prompt, then terminal echoing is turned off when input is read. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_random_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_random_key.rst.txt deleted file mode 100644 index d8e81ba3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_random_key.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_random_key -=============== - -.. - -.. c:function:: krb5_error_code krb5_random_key(krb5_context context, const krb5_encrypt_block * eblock, krb5_pointer ptr, krb5_keyblock ** keyblock) - -.. - - -:param: - - **context** - - **eblock** - - **ptr** - - **keyblock** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_c_* API family. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_cred.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_cred.rst.txt deleted file mode 100644 index 556a2604..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_cred.rst.txt +++ /dev/null @@ -1,67 +0,0 @@ -krb5_rd_cred - Read and validate a KRB-CRED message. -====================================================== - -.. - -.. c:function:: krb5_error_code krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data * creddata, krb5_creds *** creds_out, krb5_replay_data * rdata_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **creddata** - **KRB-CRED** message - - **[out]** **creds_out** - Null-terminated array of forwarded credentials - - **[out]** **rdata_out** - Replay data (NULL if not needed) - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - *creddata* will be decrypted using the receiving subkey if it is present in *auth_context* , or the session key if the receiving subkey is not present or fails to decrypt the message. - - - -Use krb5_free_tgt_creds() to free *creds_out* when it is no longer needed. - - - - - - - - - - -.. - - - - - - -.. note:: - - The *rdata_out* argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in *auth_context* .` - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_error.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_error.rst.txt deleted file mode 100644 index a748a620..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_error.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_rd_error - Decode a KRB-ERROR message. -============================================= - -.. - -.. c:function:: krb5_error_code krb5_rd_error(krb5_context context, const krb5_data * enc_errbuf, krb5_error ** dec_error) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **enc_errbuf** - Encoded error message - - **[out]** **dec_error** - Decoded error message - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function processes **KRB-ERROR** message *enc_errbuf* and returns an allocated structure *dec_error* containing the error message. Use krb5_free_error() to free *dec_error* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_priv.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_priv.rst.txt deleted file mode 100644 index f2690f41..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_priv.rst.txt +++ /dev/null @@ -1,79 +0,0 @@ -krb5_rd_priv - Process a KRB-PRIV message. -============================================ - -.. - -.. c:function:: krb5_error_code krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * userdata_out, krb5_replay_data * rdata_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication structure - - **[in]** **inbuf** - **KRB-PRIV** message to be parsed - - **[out]** **userdata_out** - Data parsed from **KRB-PRIV** message - - **[out]** **rdata_out** - Replay data. Specify NULL if not needed - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function parses a **KRB-PRIV** message, verifies its integrity, and stores its unencrypted data into *userdata_out* . - - - -If *auth_context* has a remote address set, the address will be used to verify the sender address in the KRB-PRIV message. If *auth_context* has a local address set, it will be used to verify the receiver address in the KRB-PRIV message if the message contains one. - - - -If the #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in *auth_context* , the sequence number of the KRB-PRIV message is checked against the remote sequence number field of *auth_context* . Otherwise, the sequence number is not used. - - - -If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in *auth_context* , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays. - - - -Use krb5_free_data_contents() to free *userdata_out* when it is no longer needed. - - - - - - - - - - -.. - - - - - - -.. note:: - - The *rdata_out* argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in *auth_context* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_rep.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_rep.rst.txt deleted file mode 100644 index e2acba84..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_rep.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_rd_rep - Parse and decrypt a KRB_AP_REP message. -======================================================= - -.. - -.. c:function:: krb5_error_code krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_ap_rep_enc_part ** repl) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **inbuf** - AP-REP message - - **[out]** **repl** - Decrypted reply message - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function parses, decrypts and verifies a message from *inbuf* and fills in *repl* with a pointer to allocated memory containing the fields from the encrypted response. - - - -Use krb5_free_ap_rep_enc_part() to free *repl* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_rep_dce.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_rep_dce.rst.txt deleted file mode 100644 index c82ef431..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_rep_dce.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC. -======================================================================= - -.. - -.. c:function:: krb5_error_code krb5_rd_rep_dce(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_ui_4 * nonce) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **inbuf** - AP-REP message - - **[out]** **nonce** - Sequence number from the decrypted reply - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function parses, decrypts and verifies a message from *inbuf* and fills in *nonce* with a decrypted reply sequence number. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_req.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_req.rst.txt deleted file mode 100644 index e5b9d73c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_req.rst.txt +++ /dev/null @@ -1,105 +0,0 @@ -krb5_rd_req - Parse and decrypt a KRB_AP_REQ message. -======================================================= - -.. - -.. c:function:: krb5_error_code krb5_rd_req(krb5_context context, krb5_auth_context * auth_context, const krb5_data * inbuf, krb5_const_principal server, krb5_keytab keytab, krb5_flags * ap_req_options, krb5_ticket ** ticket) - -.. - - -:param: - - **[in]** **context** - Library context - - **[inout]** **auth_context** - Pre-existing or newly created auth context - - **[in]** **inbuf** - AP-REQ message to be parsed - - **[in]** **server** - Matching principal for server, or NULL to allow any principal in keytab - - **[in]** **keytab** - Key table, or NULL to use the default - - **[out]** **ap_req_options** - If non-null, the AP-REQ flags on output - - **[out]** **ticket** - If non-null, ticket from the AP-REQ message - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function parses, decrypts and verifies a AP-REQ message from *inbuf* and stores the authenticator in *auth_context* . - - - -If a keyblock was specified in *auth_context* using krb5_auth_con_setuseruserkey(), that key is used to decrypt the ticket in AP-REQ message and *keytab* is ignored. In this case, *server* should be specified as a complete principal name to allow for proper transited-path checking and replay cache selection. - - - -Otherwise, the decryption key is obtained from *keytab* , or from the default keytab if it is NULL. In this case, *server* may be a complete principal name, a matching principal (see krb5_sname_match()), or NULL to match any principal name. The keys tried against the encrypted part of the ticket are determined as follows: - - - - - - - If *server* is a complete principal name, then its entry in *keytab* is tried. - - - - Otherwise, if *keytab* is iterable, then all entries in *keytab* which match *server* are tried. - - - - Otherwise, the server principal in the ticket must match *server* , and its entry in *keytab* is tried. - - - - - -The client specified in the decrypted authenticator must match the client specified in the decrypted ticket. - - - -If the *remote_addr* field of *auth_context* is set, the request must come from that address. - - - -If a replay cache handle is provided in the *auth_context* , the authenticator and ticket are verified against it. If no conflict is found, the new authenticator is then stored in the replay cache of *auth_context* . - - - -Various other checks are performed on the decoded data, including cross-realm policy, clockskew, and ticket validation times. - - - -On success the authenticator, subkey, and remote sequence number of the request are stored in *auth_context* . If the #AP_OPTS_MUTUAL_REQUIRED bit is set, the local sequence number is XORed with the remote sequence number in the request. - - - -Use krb5_free_ticket() to free *ticket* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_safe.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_safe.rst.txt deleted file mode 100644 index 5166c550..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_rd_safe.rst.txt +++ /dev/null @@ -1,79 +0,0 @@ -krb5_rd_safe - Process KRB-SAFE message. -========================================== - -.. - -.. c:function:: krb5_error_code krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data * inbuf, krb5_data * userdata_out, krb5_replay_data * rdata_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **auth_context** - Authentication context - - **[in]** **inbuf** - **KRB-SAFE** message to be parsed - - **[out]** **userdata_out** - Data parsed from **KRB-SAFE** message - - **[out]** **rdata_out** - Replay data. Specify NULL if not needed - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function parses a **KRB-SAFE** message, verifies its integrity, and stores its data into *userdata_out* . - - - -If *auth_context* has a remote address set, the address will be used to verify the sender address in the KRB-SAFE message. If *auth_context* has a local address set, it will be used to verify the receiver address in the KRB-SAFE message if the message contains one. - - - -If the #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in *auth_context* , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of *auth_context* . Otherwise, the sequence number is not used. - - - -If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in *auth_context* , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays. - - - -Use krb5_free_data_contents() to free *userdata_out* when it is no longer needed. - - - - - - - - - - -.. - - - - - - -.. note:: - - The *rdata_out* argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in *auth_context* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_read_password.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_read_password.rst.txt deleted file mode 100644 index 877fe6e6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_read_password.rst.txt +++ /dev/null @@ -1,71 +0,0 @@ -krb5_read_password - Read a password from keyboard input. -=========================================================== - -.. - -.. c:function:: krb5_error_code krb5_read_password(krb5_context context, const char * prompt, const char * prompt2, char * return_pwd, unsigned int * size_return) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **prompt** - First user prompt when reading password - - **[in]** **prompt2** - Second user prompt (NULL to prompt only once) - - **[out]** **return_pwd** - Returned password - - **[inout]** **size_return** - On input, maximum size of password; on output, size of password read - - -.. - - -:retval: - - 0 Success - - -:return: - - Error in reading or verifying the password - - Kerberos error codes - -.. - - - - - - - -This function reads a password from keyboard input and stores it in *return_pwd* . *size_return* should be set by the caller to the amount of storage space available in *return_pwd* ; on successful return, it will be set to the length of the password read. - - - - *prompt* is printed to the terminal, followed by":", and then a password is read from the keyboard. - - - -If *prompt2* is NULL, the password is read only once. Otherwise, *prompt2* is printed to the terminal and a second password is read. If the two passwords entered are not identical, KRB5_LIBOS_BADPWDMATCH is returned. - - - -Echoing is turned off when the password is read. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_realm_compare.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_realm_compare.rst.txt deleted file mode 100644 index f9df1b02..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_realm_compare.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_realm_compare - Compare the realms of two principals. -============================================================ - -.. - -.. c:function:: krb5_boolean krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **princ1** - First principal - - **[in]** **princ2** - Second principal - - -.. - - -:retval: - - TRUE if the realm names are the same; FALSE otherwise - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_recvauth.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_recvauth.rst.txt deleted file mode 100644 index 0cc70cf8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_recvauth.rst.txt +++ /dev/null @@ -1,68 +0,0 @@ -krb5_recvauth - Server function for sendauth protocol. -======================================================== - -.. - -.. c:function:: krb5_error_code krb5_recvauth(krb5_context context, krb5_auth_context * auth_context, krb5_pointer fd, char * appl_version, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket ** ticket) - -.. - - -:param: - - **[in]** **context** - Library context - - **[inout]** **auth_context** - Pre-existing or newly created auth context - - **[in]** **fd** - File descriptor - - **[in]** **appl_version** - Application protocol version to be matched against the client's application version - - **[in]** **server** - Server principal (NULL for any in *keytab* ) - - **[in]** **flags** - Additional specifications - - **[in]** **keytab** - Key table containing service keys - - **[out]** **ticket** - Ticket (NULL if not needed) - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function performs the server side of a sendauth/recvauth exchange by sending and receiving messages over *fd* . - - - -Use krb5_free_ticket() to free *ticket* when it is no longer needed. - - - - - - - - - - -.. - -.. seealso:: - krb5_sendauth() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_recvauth_version.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_recvauth_version.rst.txt deleted file mode 100644 index 4ec26ab0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_recvauth_version.rst.txt +++ /dev/null @@ -1,61 +0,0 @@ -krb5_recvauth_version - Server function for sendauth protocol with version parameter. -======================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_recvauth_version(krb5_context context, krb5_auth_context * auth_context, krb5_pointer fd, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket ** ticket, krb5_data * version) - -.. - - -:param: - - **[in]** **context** - Library context - - **[inout]** **auth_context** - Pre-existing or newly created auth context - - **[in]** **fd** - File descriptor - - **[in]** **server** - Server principal (NULL for any in *keytab* ) - - **[in]** **flags** - Additional specifications - - **[in]** **keytab** - Decryption key - - **[out]** **ticket** - Ticket (NULL if not needed) - - **[out]** **version** - sendauth protocol version (NULL if not needed) - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function is similar to krb5_recvauth() with the additional output information place into *version* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_get_challenge.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_get_challenge.rst.txt deleted file mode 100644 index ae1edc9a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_get_challenge.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_responder_get_challenge - Retrieve the challenge data for a given question in the responder context. -=========================================================================================================== - -.. - -.. c:function:: const char * krb5_responder_get_challenge(krb5_context ctx, krb5_responder_context rctx, const char * question) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **rctx** - Responder context - - **[in]** **question** - Question name - - -.. - - - -.. - - - - - - - -Return a pointer to a C string containing the challenge for *question* within *rctx* , or NULL if the question is not present in *rctx* . The structure of the question depends on the question name, but will always be printable UTF-8 text. The returned pointer is an alias, valid only as long as the lifetime of *rctx* , and should not be modified or freed by the caller. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_list_questions.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_list_questions.rst.txt deleted file mode 100644 index 03491ced..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_list_questions.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -krb5_responder_list_questions - List the question names contained in the responder context. -============================================================================================= - -.. - -.. c:function:: const char *const * krb5_responder_list_questions(krb5_context ctx, krb5_responder_context rctx) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **rctx** - Responder context - - -.. - - - -.. - - - - - - - -Return a pointer to a null-terminated list of question names which are present in *rctx* . The pointer is an alias, valid only as long as the lifetime of *rctx* , and should not be modified or freed by the caller. A question's challenge can be retrieved using krb5_responder_get_challenge() and answered using krb5_responder_set_answer(). - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_challenge_free.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_challenge_free.rst.txt deleted file mode 100644 index a92db44d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_challenge_free.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_responder_otp_challenge_free - Free the value returned by krb5_responder_otp_get_challenge(). -==================================================================================================== - -.. - -.. c:function:: void krb5_responder_otp_challenge_free(krb5_context ctx, krb5_responder_context rctx, krb5_responder_otp_challenge * chl) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **rctx** - Responder context - - **[in]** **chl** - The challenge to free - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_get_challenge.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_get_challenge.rst.txt deleted file mode 100644 index 7f7755db..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_get_challenge.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_responder_otp_get_challenge - Decode the KRB5_RESPONDER_QUESTION_OTP to a C struct. -========================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_responder_otp_get_challenge(krb5_context ctx, krb5_responder_context rctx, krb5_responder_otp_challenge ** chl) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **rctx** - Responder context - - **[out]** **chl** - Challenge structure - - -.. - - - -.. - - - - - - - -A convenience function which parses the KRB5_RESPONDER_QUESTION_OTP question challenge data, making it available in native C. The main feature of this function is the ability to interact with OTP tokens without parsing the JSON. - - - -The returned value must be passed to krb5_responder_otp_challenge_free() to be freed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_set_answer.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_set_answer.rst.txt deleted file mode 100644 index 0535a206..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_otp_set_answer.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_responder_otp_set_answer - Answer the KRB5_RESPONDER_QUESTION_OTP question. -================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_responder_otp_set_answer(krb5_context ctx, krb5_responder_context rctx, size_t ti, const char * value, const char * pin) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **rctx** - Responder context - - **[in]** **ti** - The index of the tokeninfo selected - - **[in]** **value** - The value to set, or NULL for none - - **[in]** **pin** - The pin to set, or NULL for none - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_challenge_free.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_challenge_free.rst.txt deleted file mode 100644 index a017b2e6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_challenge_free.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_responder_pkinit_challenge_free - Free the value returned by krb5_responder_pkinit_get_challenge(). -========================================================================================================== - -.. - -.. c:function:: void krb5_responder_pkinit_challenge_free(krb5_context ctx, krb5_responder_context rctx, krb5_responder_pkinit_challenge * chl) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **rctx** - Responder context - - **[in]** **chl** - The challenge to free - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.12 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_get_challenge.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_get_challenge.rst.txt deleted file mode 100644 index 4204e50a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_get_challenge.rst.txt +++ /dev/null @@ -1,56 +0,0 @@ -krb5_responder_pkinit_get_challenge - Decode the KRB5_RESPONDER_QUESTION_PKINIT to a C struct. -================================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_responder_pkinit_get_challenge(krb5_context ctx, krb5_responder_context rctx, krb5_responder_pkinit_challenge ** chl_out) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **rctx** - Responder context - - **[out]** **chl_out** - Challenge structure - - -.. - - - -.. - - - - - - - -A convenience function which parses the KRB5_RESPONDER_QUESTION_PKINIT question challenge data, making it available in native C. The main feature of this function is the ability to read the challenge without parsing the JSON. - - - -The returned value must be passed to krb5_responder_pkinit_challenge_free() to be freed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.12 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_set_answer.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_set_answer.rst.txt deleted file mode 100644 index dc8fa57c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_pkinit_set_answer.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -krb5_responder_pkinit_set_answer - Answer the KRB5_RESPONDER_QUESTION_PKINIT question for one identity. -========================================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_responder_pkinit_set_answer(krb5_context ctx, krb5_responder_context rctx, const char * identity, const char * pin) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **rctx** - Responder context - - **[in]** **identity** - The identity for which a PIN is being supplied - - **[in]** **pin** - The provided PIN, or NULL for none - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.12 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_set_answer.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_set_answer.rst.txt deleted file mode 100644 index c5b588aa..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_responder_set_answer.rst.txt +++ /dev/null @@ -1,57 +0,0 @@ -krb5_responder_set_answer - Answer a named question in the responder context. -=============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_responder_set_answer(krb5_context ctx, krb5_responder_context rctx, const char * question, const char * answer) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **rctx** - Responder context - - **[in]** **question** - Question name - - **[in]** **answer** - The string to set (MUST be printable UTF-8) - - -.. - - -:retval: - - EINVAL question is not present within rctx - - -.. - - - - - - - -This function supplies an answer to *question* within *rctx* . The appropriate form of the answer depends on the question name. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.11 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_salttype_to_string.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_salttype_to_string.rst.txt deleted file mode 100644 index e0e44a6b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_salttype_to_string.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -krb5_salttype_to_string - Convert a salt type to a string. -============================================================ - -.. - -.. c:function:: krb5_error_code krb5_salttype_to_string(krb5_int32 salttype, char * buffer, size_t buflen) - -.. - - -:param: - - **[in]** **salttype** - Salttype to convert - - **[out]** **buffer** - Buffer to receive the converted string - - **[in]** **buflen** - Storage available in *buffer* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sendauth.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sendauth.rst.txt deleted file mode 100644 index 40ef384b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sendauth.rst.txt +++ /dev/null @@ -1,98 +0,0 @@ -krb5_sendauth - Client function for sendauth protocol. -======================================================== - -.. - -.. c:function:: krb5_error_code krb5_sendauth(krb5_context context, krb5_auth_context * auth_context, krb5_pointer fd, char * appl_version, krb5_principal client, krb5_principal server, krb5_flags ap_req_options, krb5_data * in_data, krb5_creds * in_creds, krb5_ccache ccache, krb5_error ** error, krb5_ap_rep_enc_part ** rep_result, krb5_creds ** out_creds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[inout]** **auth_context** - Pre-existing or newly created auth context - - **[in]** **fd** - File descriptor that describes network socket - - **[in]** **appl_version** - Application protocol version to be matched with the receiver's application version - - **[in]** **client** - Client principal - - **[in]** **server** - Server principal - - **[in]** **ap_req_options** - Options (see AP_OPTS macros) - - **[in]** **in_data** - Data to be sent to the server - - **[in]** **in_creds** - Input credentials, or NULL to use *ccache* - - **[in]** **ccache** - Credential cache - - **[out]** **error** - If non-null, contains KRB_ERROR message returned from server - - **[out]** **rep_result** - If non-null and *ap_req_options* is #AP_OPTS_MUTUAL_REQUIRED, contains the result of mutual authentication exchange - - **[out]** **out_creds** - If non-null, the retrieved credentials - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function performs the client side of a sendauth/recvauth exchange by sending and receiving messages over *fd* . - - - -Credentials may be specified in three ways: - - - - - - - If *in_creds* is NULL, credentials are obtained with krb5_get_credentials() using the principals *client* and *server* . *server* must be non-null; *client* may NULL to use the default principal of *ccache* . - - - - - If *in_creds* is non-null, but does not contain a ticket, credentials for the exchange are obtained with krb5_get_credentials() using *in_creds* . In this case, the values of *client* and *server* are unused. - - - - - If *in_creds* is a complete credentials structure, it used directly. In this case, the values of *client* , *server* , and *ccache* are unused. - - If the server is using a different application protocol than that specified in *appl_version* , an error will be returned. - - - -Use krb5_free_creds() to free *out_creds* , krb5_free_ap_rep_enc_part() to free *rep_result* , and krb5_free_error() to free *error* when they are no longer needed. - - - - - - - - - - -.. - -.. seealso:: - krb5_recvauth() - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_server_decrypt_ticket_keytab.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_server_decrypt_ticket_keytab.rst.txt deleted file mode 100644 index 0ec03371..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_server_decrypt_ticket_keytab.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_server_decrypt_ticket_keytab - Decrypt a ticket using the specified key table. -===================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_server_decrypt_ticket_keytab(krb5_context context, const krb5_keytab kt, krb5_ticket * ticket) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **kt** - Key table - - **[in]** **ticket** - Ticket to be decrypted - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function takes a *ticket* as input and decrypts it using key data from *kt* . The result is placed into *ticket->enc_part2* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_default_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_default_realm.rst.txt deleted file mode 100644 index d9ac43d5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_default_realm.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_set_default_realm - Override the default realm for the specified context. -================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_set_default_realm(krb5_context context, const char * lrealm) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **lrealm** - Realm name for the default realm - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -If *lrealm* is NULL, clear the default realm setting. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_default_tgs_enctypes.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_default_tgs_enctypes.rst.txt deleted file mode 100644 index 870ca63d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_default_tgs_enctypes.rst.txt +++ /dev/null @@ -1,61 +0,0 @@ -krb5_set_default_tgs_enctypes - Set default TGS encryption types in a krb5_context structure. -=============================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_set_default_tgs_enctypes(krb5_context context, const krb5_enctype * etypes) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **etypes** - Encryption type(s) to set - - -.. - - -:retval: - - 0 Success - - KRB5_PROG_ETYPE_NOSUPP Program lacks support for encryption type - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function sets the default enctype list for TGS requests made using *context* to *etypes* . - - - - - - - - - - -.. - - - - - - -.. note:: - - This overrides the default list (from config file or built-in). - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_error_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_error_message.rst.txt deleted file mode 100644 index 86bf9b7c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_error_message.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -krb5_set_error_message - Set an extended error message for an error code. -=========================================================================== - -.. - -.. c:function:: void krb5_set_error_message(krb5_context ctx, krb5_error_code code, const char * fmt, ... ) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **code** - Error code - - **[in]** **fmt** - Error string for the error code - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_kdc_recv_hook.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_kdc_recv_hook.rst.txt deleted file mode 100644 index 70c48cca..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_kdc_recv_hook.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_set_kdc_recv_hook - Set a KDC post-receive hook function. -================================================================ - -.. - -.. c:function:: void krb5_set_kdc_recv_hook(krb5_context context, krb5_post_recv_fn recv_hook, void * data) - -.. - - -:param: - - **[in]** **context** - The library context. - - **[in]** **recv_hook** - Hook function (or NULL to disable the hook) - - **[in]** **data** - Callback data to be passed to *recv_hook* - - -.. - - - -.. - - - - - - - - *recv_hook* will be called after a reply is received from a KDC during a call to a library function such as krb5_get_credentials(). The hook function may inspect or override the reply. This hook will not be executed if the pre-send hook returns a synthetic reply. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.15 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_kdc_send_hook.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_kdc_send_hook.rst.txt deleted file mode 100644 index d2696db9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_kdc_send_hook.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_set_kdc_send_hook - Set a KDC pre-send hook function. -============================================================ - -.. - -.. c:function:: void krb5_set_kdc_send_hook(krb5_context context, krb5_pre_send_fn send_hook, void * data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **send_hook** - Hook function (or NULL to disable the hook) - - **[in]** **data** - Callback data to be passed to *send_hook* - - -.. - - - -.. - - - - - - - - *send_hook* will be called before messages are sent to KDCs by library functions such as krb5_get_credentials(). The hook function may inspect, override, or synthesize its own reply to the message. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.15 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_password.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_password.rst.txt deleted file mode 100644 index ff80c966..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_password.rst.txt +++ /dev/null @@ -1,74 +0,0 @@ -krb5_set_password - Set a password for a principal using specified credentials. -================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_set_password(krb5_context context, krb5_creds * creds, const char * newpw, krb5_principal change_password_for, int * result_code, krb5_data * result_code_string, krb5_data * result_string) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **creds** - Credentials for kadmin/changepw service - - **[in]** **newpw** - New password - - **[in]** **change_password_for** - Change the password for this principal - - **[out]** **result_code** - Numeric error code from server - - **[out]** **result_code_string** - String equivalent to *result_code* - - **[out]** **result_string** - Data returned from the remote system - - -.. - - -:retval: - - 0 Success and result_code is set to #KRB5_KPASSWD_SUCCESS. - - -:return: - - Kerberos error codes. - -.. - - - - - - - -This function uses the credentials *creds* to set the password *newpw* for the principal *change_password_for* . It implements the set password operation of RFC 3244, for interoperability with Microsoft Windows implementations. - - - -The error code and strings are returned in *result_code* , *result_code_string* and *result_string* . - - - - - - - - - - -.. - - - - - - -.. note:: - - If *change_password_for* is NULL, the change is performed on the current principal. If *change_password_for* is non-null, the change is performed on the principal name passed in *change_password_for* . - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.rst.txt deleted file mode 100644 index 24bf4be7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_password_using_ccache.rst.txt +++ /dev/null @@ -1,74 +0,0 @@ -krb5_set_password_using_ccache - Set a password for a principal using cached credentials. -=========================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, const char * newpw, krb5_principal change_password_for, int * result_code, krb5_data * result_code_string, krb5_data * result_string) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ccache** - Credential cache - - **[in]** **newpw** - New password - - **[in]** **change_password_for** - Change the password for this principal - - **[out]** **result_code** - Numeric error code from server - - **[out]** **result_code_string** - String equivalent to *result_code* - - **[out]** **result_string** - Data returned from the remote system - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function uses the cached credentials from *ccache* to set the password *newpw* for the principal *change_password_for* . It implements RFC 3244 set password operation (interoperable with MS Windows implementations) using the credential cache. - - - -The error code and strings are returned in *result_code* , *result_code_string* and *result_string* . - - - - - - - - - - -.. - - - - - - -.. note:: - - If *change_password_for* is set to NULL, the change is performed on the default principal in *ccache* . If *change_password_for* is non null, the change is performed on the specified principal. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_principal_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_principal_realm.rst.txt deleted file mode 100644 index 0319b338..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_principal_realm.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_set_principal_realm - Set the realm field of a principal. -================================================================ - -.. - -.. c:function:: krb5_error_code krb5_set_principal_realm(krb5_context context, krb5_principal principal, const char * realm) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **principal** - Principal name - - **[in]** **realm** - Realm name - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -Set the realm name part of *principal* to *realm* , overwriting the previous realm. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_real_time.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_real_time.rst.txt deleted file mode 100644 index 18d7a6b5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_real_time.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_set_real_time - Set time offset field in a krb5_context structure. -========================================================================= - -.. - -.. c:function:: krb5_error_code krb5_set_real_time(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **seconds** - Real time, seconds portion - - **[in]** **microseconds** - Real time, microseconds portion - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function sets the time offset in *context* to the difference between the system time and the real time as determined by *seconds* and *microseconds* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_trace_callback.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_trace_callback.rst.txt deleted file mode 100644 index 4c31ddb6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_trace_callback.rst.txt +++ /dev/null @@ -1,63 +0,0 @@ -krb5_set_trace_callback - Specify a callback function for trace events. -========================================================================= - -.. - -.. c:function:: krb5_error_code krb5_set_trace_callback(krb5_context context, krb5_trace_callback fn, void * cb_data) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **fn** - Callback function - - **[in]** **cb_data** - Callback data - - -.. - - - -:return: - - Returns KRB5_TRACE_NOSUPP if tracing is not supported in the library (unless fn is NULL). - -.. - - - - - - - -Specify a callback for trace events occurring in krb5 operations performed within *context* . *fn* will be invoked with *context* as the first argument, *cb_data* as the last argument, and a pointer to a krb5_trace_info as the second argument. If the trace callback is reset via this function or *context* is destroyed, *fn* will be invoked with a NULL second argument so it can clean up *cb_data* . Supply a NULL value for *fn* to disable trace callbacks within *context* . - - - - - - - - - - -.. - - - - - - -.. note:: - - This function overrides the information passed through the *KRB5_TRACE* environment variable. - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_trace_filename.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_trace_filename.rst.txt deleted file mode 100644 index 6d75325a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_set_trace_filename.rst.txt +++ /dev/null @@ -1,61 +0,0 @@ -krb5_set_trace_filename - Specify a file name for directing trace events. -=========================================================================== - -.. - -.. c:function:: krb5_error_code krb5_set_trace_filename(krb5_context context, const char * filename) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **filename** - File name - - -.. - - -:retval: - - KRB5_TRACE_NOSUPP Tracing is not supported in the library. - - -.. - - - - - - - -Open *filename* for appending (creating it, if necessary) and set up a callback to write trace events to it. - - - - - - - - - - -.. - - - - - - -.. note:: - - This function overrides the information passed through the *KRB5_TRACE* environment variable. - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sname_match.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sname_match.rst.txt deleted file mode 100644 index c3750006..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sname_match.rst.txt +++ /dev/null @@ -1,59 +0,0 @@ -krb5_sname_match - Test whether a principal matches a matching principal. -=========================================================================== - -.. - -.. c:function:: krb5_boolean krb5_sname_match(krb5_context context, krb5_const_principal matching, krb5_const_principal princ) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **matching** - Matching principal - - **[in]** **princ** - Principal to test - - -.. - - - -:return: - - TRUE if princ matches matching , FALSE otherwise. - -.. - - - - - - - -If *matching* is NULL, return TRUE. If *matching* is not a matching principal, return the value of krb5_principal_compare(context, matching, princ). - - - - - - - - - - -.. - - - - - - -.. note:: - - A matching principal is a host-based principal with an empty realm and/or second data component (hostname). Profile configuration may cause the hostname to be ignored even if it is present. A principal matches a matching principal if the former has the same non-empty (and non-ignored) components of the latter. - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sname_to_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sname_to_principal.rst.txt deleted file mode 100644 index 6dd15ddb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_sname_to_principal.rst.txt +++ /dev/null @@ -1,74 +0,0 @@ -krb5_sname_to_principal - Generate a full principal name from a service name. -=============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_sname_to_principal(krb5_context context, const char * hostname, const char * sname, krb5_int32 type, krb5_principal * ret_princ) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **hostname** - Host name, or NULL to use local host - - **[in]** **sname** - Service name, or NULL to use **"host"** - - **[in]** **type** - Principal type - - **[out]** **ret_princ** - Generated principal - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function converts a *hostname* and *sname* into *krb5_principal* structure *ret_princ* . The returned principal will be of the form *sname\/hostname@REALM* where REALM is determined by krb5_get_host_realm(). In some cases this may be the referral (empty) realm. - - - -The *type* can be one of the following: - - - - - - - #KRB5_NT_SRV_HST canonicalizes the host name before looking up the realm and generating the principal. - - - - - #KRB5_NT_UNKNOWN accepts the hostname as given, and does not canonicalize it. - - Use krb5_free_principal to free *ret_princ* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_cksumtype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_cksumtype.rst.txt deleted file mode 100644 index 8ad07f79..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_cksumtype.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_string_to_cksumtype - Convert a string to a checksum type. -================================================================= - -.. - -.. c:function:: krb5_error_code krb5_string_to_cksumtype(char * string, krb5_cksumtype * cksumtypep) - -.. - - -:param: - - **[in]** **string** - String to be converted - - **[out]** **cksumtypep** - Checksum type to be filled in - - -.. - - -:retval: - - 0 Success; otherwise - EINVAL - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_deltat.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_deltat.rst.txt deleted file mode 100644 index 0f1b9584..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_deltat.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_string_to_deltat - Convert a string to a delta time value. -================================================================= - -.. - -.. c:function:: krb5_error_code krb5_string_to_deltat(char * string, krb5_deltat * deltatp) - -.. - - -:param: - - **[in]** **string** - String to be converted - - **[out]** **deltatp** - Delta time to be filled in - - -.. - - -:retval: - - 0 Success; otherwise - KRB5_DELTAT_BADFORMAT - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_enctype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_enctype.rst.txt deleted file mode 100644 index 173251f6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_enctype.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_string_to_enctype - Convert a string to an encryption type. -================================================================== - -.. - -.. c:function:: krb5_error_code krb5_string_to_enctype(char * string, krb5_enctype * enctypep) - -.. - - -:param: - - **[in]** **string** - String to convert to an encryption type - - **[out]** **enctypep** - Encryption type - - -.. - - -:retval: - - 0 Success; otherwise - EINVAL - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_key.rst.txt deleted file mode 100644 index 3f44b9d5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_key.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -krb5_string_to_key -================== - -.. - -.. c:function:: krb5_error_code krb5_string_to_key(krb5_context context, const krb5_encrypt_block * eblock, krb5_keyblock * keyblock, const krb5_data * data, const krb5_data * salt) - -.. - - -:param: - - **context** - - **eblock** - - **keyblock** - - **data** - - **salt** - - -.. - - - -.. - - -DEPRECATED See krb5_c_string_to_key() - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_salttype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_salttype.rst.txt deleted file mode 100644 index 36978f4b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_salttype.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_string_to_salttype - Convert a string to a salt type. -============================================================ - -.. - -.. c:function:: krb5_error_code krb5_string_to_salttype(char * string, krb5_int32 * salttypep) - -.. - - -:param: - - **[in]** **string** - String to convert to an encryption type - - **[out]** **salttypep** - Salt type to be filled in - - -.. - - -:retval: - - 0 Success; otherwise - EINVAL - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_timestamp.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_timestamp.rst.txt deleted file mode 100644 index 11b6d1e9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_string_to_timestamp.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -krb5_string_to_timestamp - Convert a string to a timestamp. -============================================================= - -.. - -.. c:function:: krb5_error_code krb5_string_to_timestamp(char * string, krb5_timestamp * timestampp) - -.. - - -:param: - - **[in]** **string** - String to be converted - - **[out]** **timestampp** - Pointer to timestamp - - -.. - - -:retval: - - 0 Success; otherwise - EINVAL - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timeofday.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timeofday.rst.txt deleted file mode 100644 index dc1c9029..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timeofday.rst.txt +++ /dev/null @@ -1,52 +0,0 @@ -krb5_timeofday - Retrieve the current time with context specific time offset adjustment. -========================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_timeofday(krb5_context context, krb5_timestamp * timeret) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **timeret** - Timestamp to fill in - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function retrieves the system time of day with the context specific time offset adjustment. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_sfstring.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_sfstring.rst.txt deleted file mode 100644 index 3750c45d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_sfstring.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_timestamp_to_sfstring - Convert a timestamp to a string, with optional output padding. -============================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char * buffer, size_t buflen, char * pad) - -.. - - -:param: - - **[in]** **timestamp** - Timestamp to convert - - **[out]** **buffer** - Buffer to hold the converted timestamp - - **[in]** **buflen** - Length of buffer - - **[in]** **pad** - Optional value to pad *buffer* if converted timestamp does not fill it - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -If *pad* is not NULL, *buffer* is padded out to *buflen* - 1 characters with the value of * *pad* . - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_string.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_string.rst.txt deleted file mode 100644 index 1c4c71eb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_timestamp_to_string.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -krb5_timestamp_to_string - Convert a timestamp to a string. -============================================================= - -.. - -.. c:function:: krb5_error_code krb5_timestamp_to_string(krb5_timestamp timestamp, char * buffer, size_t buflen) - -.. - - -:param: - - **[in]** **timestamp** - Timestamp to convert - - **[out]** **buffer** - Buffer to hold converted timestamp - - **[in]** **buflen** - Storage available in *buffer* - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -The string is returned in the locale's appropriate date and time representation. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_free.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_free.rst.txt deleted file mode 100644 index 623ed5be..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_free.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_tkt_creds_free - Free a TGS request context. -=================================================== - -.. - -.. c:function:: void krb5_tkt_creds_free(krb5_context context, krb5_tkt_creds_context ctx) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - TGS request context - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get.rst.txt deleted file mode 100644 index a193ce92..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get.rst.txt +++ /dev/null @@ -1,53 +0,0 @@ -krb5_tkt_creds_get - Synchronously obtain credentials using a TGS request context. -==================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_tkt_creds_get(krb5_context context, krb5_tkt_creds_context ctx) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - TGS request context - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function synchronously obtains credentials using a context created by krb5_tkt_creds_init(). On successful return, the credentials can be retrieved with krb5_tkt_creds_get_creds(). - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_creds.rst.txt deleted file mode 100644 index 309e8d47..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_creds.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_tkt_creds_get_creds - Retrieve acquired credentials from a TGS request context. -====================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_tkt_creds_get_creds(krb5_context context, krb5_tkt_creds_context ctx, krb5_creds * creds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - TGS request context - - **[out]** **creds** - Acquired credentials - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function copies the acquired initial credentials from *ctx* into *creds* , after the successful completion of krb5_tkt_creds_get() or krb5_tkt_creds_step(). Use krb5_free_cred_contents() to free *creds* when it is no longer needed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_times.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_times.rst.txt deleted file mode 100644 index 19c9f980..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_get_times.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_tkt_creds_get_times - Retrieve ticket times from a TGS request context. -============================================================================== - -.. - -.. c:function:: krb5_error_code krb5_tkt_creds_get_times(krb5_context context, krb5_tkt_creds_context ctx, krb5_ticket_times * times) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - TGS request context - - **[out]** **times** - Ticket times for acquired credentials - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -The TGS request context must have completed obtaining credentials via either krb5_tkt_creds_get() or krb5_tkt_creds_step(). - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_init.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_init.rst.txt deleted file mode 100644 index 3ec4a35d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_init.rst.txt +++ /dev/null @@ -1,67 +0,0 @@ -krb5_tkt_creds_init - Create a context to get credentials from a KDC's Ticket Granting Service. -================================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache, krb5_creds * creds, krb5_flags options, krb5_tkt_creds_context * ctx) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ccache** - Credential cache handle - - **[in]** **creds** - Input credentials - - **[in]** **options** - Options (see KRB5_GC macros) - - **[out]** **ctx** - New TGS request context - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function prepares to obtain credentials matching *creds* , either by retrieving them from *ccache* or by making requests to ticket-granting services beginning with a ticket-granting ticket for the client principal's realm. - - - -The resulting TGS acquisition context can be used asynchronously with krb5_tkt_creds_step() or synchronously with krb5_tkt_creds_get(). See also krb5_get_credentials() for synchronous use. - - - -Use krb5_tkt_creds_free() to free *ctx* when it is no longer needed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_step.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_step.rst.txt deleted file mode 100644 index 919f47c7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_tkt_creds_step.rst.txt +++ /dev/null @@ -1,69 +0,0 @@ -krb5_tkt_creds_step - Get the next KDC request in a TGS exchange. -=================================================================== - -.. - -.. c:function:: krb5_error_code krb5_tkt_creds_step(krb5_context context, krb5_tkt_creds_context ctx, krb5_data * in, krb5_data * out, krb5_data * realm, unsigned int * flags) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **ctx** - TGS request context - - **[in]** **in** - KDC response (empty on the first call) - - **[out]** **out** - Next KDC request - - **[out]** **realm** - Realm for next KDC request - - **[out]** **flags** - Output flags - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function constructs the next KDC request for a TGS exchange, allowing the caller to control the transport of KDC requests and replies. On the first call, *in* should be set to an empty buffer; on subsequent calls, it should be set to the KDC's reply to the previous request. - - - -If more requests are needed, *flags* will be set to #KRB5_TKT_CREDS_STEP_FLAG_CONTINUE and the next request will be placed in *out* . If no more requests are needed, *flags* will not contain #KRB5_TKT_CREDS_STEP_FLAG_CONTINUE and *out* will be empty. - - - -If this function returns **KRB5KRB_ERR_RESPONSE_TOO_BIG** , the caller should transmit the next request using TCP rather than UDP. If this function returns any other error, the TGS exchange has failed. - - - - - - - - - - -.. - - - - -.. note:: - - New in 1.9 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unmarshal_credentials.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unmarshal_credentials.rst.txt deleted file mode 100644 index bbab8765..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unmarshal_credentials.rst.txt +++ /dev/null @@ -1,55 +0,0 @@ -krb5_unmarshal_credentials - Deserialize a krb5_creds object. -=============================================================== - -.. - -.. c:function:: krb5_error_code krb5_unmarshal_credentials(krb5_context context, const krb5_data * data, krb5_creds ** creds_out) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **data** - The serialized credentials - - **[out]** **creds_out** - The resulting creds object - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -Deserialize *data* to credentials in the format used by the FILE ccache format (vesion 4) and KCM ccache protocol. - - - -Use krb5_free_creds() to free *creds_out* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name.rst.txt deleted file mode 100644 index 90ecea70..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name.rst.txt +++ /dev/null @@ -1,58 +0,0 @@ -krb5_unparse_name - Convert a krb5_principal structure to a string representation. -==================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_unparse_name(krb5_context context, krb5_const_principal principal, char ** name) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **principal** - Principal - - **[out]** **name** - String representation of principal name - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -The resulting string representation uses the format and quoting conventions described for krb5_parse_name(). - - - -Use krb5_free_unparsed_name() to free *name* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_ext.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_ext.rst.txt deleted file mode 100644 index 6456632f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_ext.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -krb5_unparse_name_ext - Convert krb5_principal structure to string and length. -================================================================================ - -.. - -.. c:function:: krb5_error_code krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, char ** name, unsigned int * size) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **principal** - Principal - - **[inout]** **name** - String representation of principal name - - **[inout]** **size** - Size of unparsed name - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes. On failure name is set to NULL - -.. - - - - - - - -This function is similar to krb5_unparse_name(), but allows the use of an existing buffer for the result. If size is not NULL, then *name* must point to either NULL or an existing buffer of at least the size pointed to by *size* . The buffer will be allocated or resized if necessary, with the new pointer stored into *name* . Whether or not the buffer is resized, the necessary space for the result, including null terminator, will be stored into *size* . - - - -If size is NULL, this function behaves exactly as krb5_unparse_name(). - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags.rst.txt deleted file mode 100644 index dce93531..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags.rst.txt +++ /dev/null @@ -1,70 +0,0 @@ -krb5_unparse_name_flags - Convert krb5_principal structure to a string with flags. -==================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, int flags, char ** name) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **principal** - Principal - - **[in]** **flags** - Flags - - **[out]** **name** - String representation of principal name - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes. On failure name is set to NULL - -.. - - - - - - - -Similar to krb5_unparse_name(), this function converts a krb5_principal structure to a string representation. - - - -The following flags are valid: - - - #KRB5_PRINCIPAL_UNPARSE_SHORT - omit realm if it is the local realm - - - - #KRB5_PRINCIPAL_UNPARSE_NO_REALM - omit realm - - - - #KRB5_PRINCIPAL_UNPARSE_DISPLAY - do not quote special characters - - Use krb5_free_unparsed_name() to free *name* when it is no longer needed. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags_ext.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags_ext.rst.txt deleted file mode 100644 index aa713bda..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_unparse_name_flags_ext.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_unparse_name_flags_ext - Convert krb5_principal structure to string format with flags. -============================================================================================= - -.. - -.. c:function:: krb5_error_code krb5_unparse_name_flags_ext(krb5_context context, krb5_const_principal principal, int flags, char ** name, unsigned int * size) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **principal** - Principal - - **[in]** **flags** - Flags - - **[out]** **name** - Single string format of principal name - - **[out]** **size** - Size of unparsed name buffer - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes. On failure name is set to NULL - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_us_timeofday.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_us_timeofday.rst.txt deleted file mode 100644 index ba4ef808..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_us_timeofday.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_us_timeofday - Retrieve the system time of day, in sec and ms, since the epoch. -====================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_us_timeofday(krb5_context context, krb5_timestamp * seconds, krb5_int32 * microseconds) - -.. - - -:param: - - **[in]** **context** - Library context - - **[out]** **seconds** - System timeofday, seconds portion - - **[out]** **microseconds** - System timeofday, microseconds portion - - -.. - - -:retval: - - 0 Success - - -:return: - - Kerberos error codes - -.. - - - - - - - -This function retrieves the system time of day with the context specific time offset adjustment. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_use_enctype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_use_enctype.rst.txt deleted file mode 100644 index 10b3fa71..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_use_enctype.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_use_enctype -================ - -.. - -.. c:function:: krb5_error_code krb5_use_enctype(krb5_context context, krb5_encrypt_block * eblock, krb5_enctype enctype) - -.. - - -:param: - - **context** - - **eblock** - - **enctype** - - -.. - - - -.. - - -DEPRECATED Replaced by krb5_c_* API family. - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_authdata_kdc_issued.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_authdata_kdc_issued.rst.txt deleted file mode 100644 index 30971392..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_authdata_kdc_issued.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_verify_authdata_kdc_issued - Unwrap and verify AD-KDCIssued authorization data. -====================================================================================== - -.. - -.. c:function:: krb5_error_code krb5_verify_authdata_kdc_issued(krb5_context context, const krb5_keyblock * key, const krb5_authdata * ad_kdcissued, krb5_principal * issuer, krb5_authdata *** authdata) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **key** - Session key - - **[in]** **ad_kdcissued** - AD-KDCIssued authorization data to be unwrapped - - **[out]** **issuer** - Name of issuing principal (or NULL) - - **[out]** **authdata** - Unwrapped list of authorization data - - -.. - - - -.. - - - - - - - -This function unwraps an AD-KDCIssued authdatum (see RFC 4120 section 5.2.6.2) and verifies its signature against *key* . The issuer field of the authdatum element is returned in *issuer* , and the unwrapped list of authdata is returned in *authdata* . - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_checksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_checksum.rst.txt deleted file mode 100644 index 0ddf6318..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_checksum.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -krb5_verify_checksum -==================== - -.. - -.. c:function:: krb5_error_code krb5_verify_checksum(krb5_context context, krb5_cksumtype ctype, const krb5_checksum * cksum, krb5_const_pointer in, size_t in_length, krb5_const_pointer seed, size_t seed_length) - -.. - - -:param: - - **context** - - **ctype** - - **cksum** - - **in** - - **in_length** - - **seed** - - **seed_length** - - -.. - - - -.. - - -DEPRECATED See krb5_c_verify_checksum() - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds.rst.txt deleted file mode 100644 index 1788cad3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -krb5_verify_init_creds - Verify initial credentials against a keytab. -======================================================================= - -.. - -.. c:function:: krb5_error_code krb5_verify_init_creds(krb5_context context, krb5_creds * creds, krb5_principal server, krb5_keytab keytab, krb5_ccache * ccache, krb5_verify_init_creds_opt * options) - -.. - - -:param: - - **[in]** **context** - Library context - - **[in]** **creds** - Initial credentials to be verified - - **[in]** **server** - Server principal (or NULL) - - **[in]** **keytab** - Key table (NULL to use default keytab) - - **[in]** **ccache** - Credential cache for fetched creds (or NULL) - - **[in]** **options** - Verification options (NULL for default options) - - -.. - - -:retval: - - 0 Success; otherwise - Kerberos error codes - - -.. - - - - - - - -This function attempts to verify that *creds* were obtained from a KDC with knowledge of a key in *keytab* , or the default keytab if *keytab* is NULL. If *server* is provided, the highest-kvno key entry for that principal name is used to verify the credentials; otherwise, all unique"host"service principals in the keytab are tried. - - - -If the specified keytab does not exist, or is empty, or cannot be read, or does not contain an entry for *server* , then credential verification may be skipped unless configuration demands that it succeed. The caller can control this behavior by providing a verification options structure; see krb5_verify_init_creds_opt_init() and krb5_verify_init_creds_opt_set_ap_req_nofail(). - - - -If *ccache* is NULL, any additional credentials fetched during the verification process will be destroyed. If *ccache* points to NULL, a memory ccache will be created for the additional credentials and returned in *ccache* . If *ccache* points to a valid credential cache handle, the additional credentials will be stored in that cache. - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_init.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_init.rst.txt deleted file mode 100644 index a55fd3aa..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_init.rst.txt +++ /dev/null @@ -1,40 +0,0 @@ -krb5_verify_init_creds_opt_init - Initialize a credential verification options structure. -=========================================================================================== - -.. - -.. c:function:: void krb5_verify_init_creds_opt_init(krb5_verify_init_creds_opt * k5_vic_options) - -.. - - -:param: - - **[in]** **k5_vic_options** - Verification options structure - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.rst.txt deleted file mode 100644 index 870f448f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_verify_init_creds_opt_set_ap_req_nofail - Set whether credential verification is required. -================================================================================================= - -.. - -.. c:function:: void krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt * k5_vic_options, int ap_req_nofail) - -.. - - -:param: - - **[in]** **k5_vic_options** - Verification options structure - - **[in]** **ap_req_nofail** - Whether to require successful verification - - -.. - - - -.. - - - - - - - -This function determines how krb5_verify_init_creds() behaves if no keytab information is available. If *ap_req_nofail* is **FALSE** , verification will be skipped in this case and krb5_verify_init_creds() will return successfully. If *ap_req_nofail* is **TRUE** , krb5_verify_init_creds() will not return successfully unless verification can be performed. - - - -If this function is not used, the behavior of krb5_verify_init_creds() is determined through configuration. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vprepend_error_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vprepend_error_message.rst.txt deleted file mode 100644 index 53003d1c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vprepend_error_message.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_vprepend_error_message - Add a prefix to the message for an error code using a va_list. -============================================================================================== - -.. - -.. c:function:: void krb5_vprepend_error_message(krb5_context ctx, krb5_error_code code, const char * fmt, va_list args) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **code** - Error code - - **[in]** **fmt** - Format string for error message prefix - - **[in]** **args** - List of vprintf(3) style arguments - - -.. - - - -.. - - - - - - - -This function is similar to krb5_prepend_error_message(), but uses a va_list instead of variadic arguments. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vset_error_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vset_error_message.rst.txt deleted file mode 100644 index fcb4b699..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vset_error_message.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_vset_error_message - Set an extended error message for an error code using a va_list. -============================================================================================ - -.. - -.. c:function:: void krb5_vset_error_message(krb5_context ctx, krb5_error_code code, const char * fmt, va_list args) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **code** - Error code - - **[in]** **fmt** - Error string for the error code - - **[in]** **args** - List of vprintf(3) style arguments - - -.. - - - -.. - - - - - - - - - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vwrap_error_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vwrap_error_message.rst.txt deleted file mode 100644 index d860efe4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_vwrap_error_message.rst.txt +++ /dev/null @@ -1,48 +0,0 @@ -krb5_vwrap_error_message - Add a prefix to a different error code's message using a va_list. -============================================================================================== - -.. - -.. c:function:: void krb5_vwrap_error_message(krb5_context ctx, krb5_error_code old_code, krb5_error_code code, const char * fmt, va_list args) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **old_code** - Previous error code - - **[in]** **code** - Error code - - **[in]** **fmt** - Format string for error message prefix - - **[in]** **args** - List of vprintf(3) style arguments - - -.. - - - -.. - - - - - - - -This function is similar to krb5_wrap_error_message(), but uses a va_list instead of variadic arguments. - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_wrap_error_message.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_wrap_error_message.rst.txt deleted file mode 100644 index b599ae78..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/api/krb5_wrap_error_message.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -krb5_wrap_error_message - Add a prefix to a different error code's message. -============================================================================= - -.. - -.. c:function:: void krb5_wrap_error_message(krb5_context ctx, krb5_error_code old_code, krb5_error_code code, const char * fmt, ... ) - -.. - - -:param: - - **[in]** **ctx** - Library context - - **[in]** **old_code** - Previous error code - - **[in]** **code** - Error code - - **[in]** **fmt** - Format string for error message prefix - - -.. - - - -.. - - - - - - - -Format a message and prepend it to the message for *old_code* . The prefix will be separated from the old message with a colon and space. Set the resulting message as the extended error message for *code* . - - - - - - -.. - - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/index.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/index.rst.txt deleted file mode 100644 index 37a895f3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/index.rst.txt +++ /dev/null @@ -1,9 +0,0 @@ -Complete reference - API and datatypes -====================================== - -.. toctree:: - :maxdepth: 1 - - api/index.rst - types/index.rst - macros/index.rst diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_ADDRPORT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_ADDRPORT.rst.txt deleted file mode 100644 index ec4c2835..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_ADDRPORT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ADDRTYPE-ADDRPORT-data: - -ADDRTYPE_ADDRPORT -================= - -.. -.. data:: ADDRTYPE_ADDRPORT -.. - - - - -======================== ====================== -``ADDRTYPE_ADDRPORT`` ``0x0100`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_CHAOS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_CHAOS.rst.txt deleted file mode 100644 index 7285be14..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_CHAOS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ADDRTYPE-CHAOS-data: - -ADDRTYPE_CHAOS -============== - -.. -.. data:: ADDRTYPE_CHAOS -.. - - - - -===================== ====================== -``ADDRTYPE_CHAOS`` ``0x0005`` -===================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_DDP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_DDP.rst.txt deleted file mode 100644 index bbf67c14..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_DDP.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ADDRTYPE-DDP-data: - -ADDRTYPE_DDP -============ - -.. -.. data:: ADDRTYPE_DDP -.. - - - - -=================== ====================== -``ADDRTYPE_DDP`` ``0x0010`` -=================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_INET.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_INET.rst.txt deleted file mode 100644 index e40013b0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_INET.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ADDRTYPE-INET-data: - -ADDRTYPE_INET -============= - -.. -.. data:: ADDRTYPE_INET -.. - - - - -==================== ====================== -``ADDRTYPE_INET`` ``0x0002`` -==================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_INET6.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_INET6.rst.txt deleted file mode 100644 index f1c6c852..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_INET6.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ADDRTYPE-INET6-data: - -ADDRTYPE_INET6 -============== - -.. -.. data:: ADDRTYPE_INET6 -.. - - - - -===================== ====================== -``ADDRTYPE_INET6`` ``0x0018`` -===================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_IPPORT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_IPPORT.rst.txt deleted file mode 100644 index 09030d66..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_IPPORT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ADDRTYPE-IPPORT-data: - -ADDRTYPE_IPPORT -=============== - -.. -.. data:: ADDRTYPE_IPPORT -.. - - - - -====================== ====================== -``ADDRTYPE_IPPORT`` ``0x0101`` -====================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_ISO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_ISO.rst.txt deleted file mode 100644 index 3feb1fb0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_ISO.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ADDRTYPE-ISO-data: - -ADDRTYPE_ISO -============ - -.. -.. data:: ADDRTYPE_ISO -.. - - - - -=================== ====================== -``ADDRTYPE_ISO`` ``0x0007`` -=================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_IS_LOCAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_IS_LOCAL.rst.txt deleted file mode 100644 index 9f091b41..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_IS_LOCAL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ADDRTYPE-IS-LOCAL-data: - -ADDRTYPE_IS_LOCAL -================= - -.. -.. data:: ADDRTYPE_IS_LOCAL -.. - - - - -================================== ====================== -``ADDRTYPE_IS_LOCAL (addrtype)`` ``(addrtype & 0x8000)`` -================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_NETBIOS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_NETBIOS.rst.txt deleted file mode 100644 index 1c62e3d8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_NETBIOS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ADDRTYPE-NETBIOS-data: - -ADDRTYPE_NETBIOS -================ - -.. -.. data:: ADDRTYPE_NETBIOS -.. - - - - -======================= ====================== -``ADDRTYPE_NETBIOS`` ``0x0014`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_XNS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_XNS.rst.txt deleted file mode 100644 index 8c30dcdd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ADDRTYPE_XNS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ADDRTYPE-XNS-data: - -ADDRTYPE_XNS -============ - -.. -.. data:: ADDRTYPE_XNS -.. - - - - -=================== ====================== -``ADDRTYPE_XNS`` ``0x0006`` -=================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_EXTERNAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_EXTERNAL.rst.txt deleted file mode 100644 index eacafc20..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_EXTERNAL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _AD-TYPE-EXTERNAL-data: - -AD_TYPE_EXTERNAL -================ - -.. -.. data:: AD_TYPE_EXTERNAL -.. - - - - -======================= ====================== -``AD_TYPE_EXTERNAL`` ``0x4000`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.rst.txt deleted file mode 100644 index fefb9843..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _AD-TYPE-FIELD-TYPE-MASK-data: - -AD_TYPE_FIELD_TYPE_MASK -======================= - -.. -.. data:: AD_TYPE_FIELD_TYPE_MASK -.. - - - - -============================== ====================== -``AD_TYPE_FIELD_TYPE_MASK`` ``0x1fff`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_REGISTERED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_REGISTERED.rst.txt deleted file mode 100644 index 4907e159..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_REGISTERED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _AD-TYPE-REGISTERED-data: - -AD_TYPE_REGISTERED -================== - -.. -.. data:: AD_TYPE_REGISTERED -.. - - - - -========================= ====================== -``AD_TYPE_REGISTERED`` ``0x2000`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_RESERVED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_RESERVED.rst.txt deleted file mode 100644 index 5ae5ea33..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AD_TYPE_RESERVED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _AD-TYPE-RESERVED-data: - -AD_TYPE_RESERVED -================ - -.. -.. data:: AD_TYPE_RESERVED -.. - - - - -======================= ====================== -``AD_TYPE_RESERVED`` ``0x8000`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.rst.txt deleted file mode 100644 index 4bea16d0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _AP-OPTS-ETYPE-NEGOTIATION-data: - -AP_OPTS_ETYPE_NEGOTIATION -========================= - -.. -.. data:: AP_OPTS_ETYPE_NEGOTIATION -.. - - - - -================================ ====================== -``AP_OPTS_ETYPE_NEGOTIATION`` ``0x00000002`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.rst.txt deleted file mode 100644 index b3e6e592..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _AP-OPTS-MUTUAL-REQUIRED-data: - -AP_OPTS_MUTUAL_REQUIRED -======================= - -.. -.. data:: AP_OPTS_MUTUAL_REQUIRED -.. - -Perform a mutual authentication exchange. - - - -============================== ====================== -``AP_OPTS_MUTUAL_REQUIRED`` ``0x20000000`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_RESERVED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_RESERVED.rst.txt deleted file mode 100644 index 7961b63c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_RESERVED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _AP-OPTS-RESERVED-data: - -AP_OPTS_RESERVED -================ - -.. -.. data:: AP_OPTS_RESERVED -.. - - - - -======================= ====================== -``AP_OPTS_RESERVED`` ``0x80000000`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.rst.txt deleted file mode 100644 index 1742a2ff..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _AP-OPTS-USE-SESSION-KEY-data: - -AP_OPTS_USE_SESSION_KEY -======================= - -.. -.. data:: AP_OPTS_USE_SESSION_KEY -.. - -Use session key. - - - -============================== ====================== -``AP_OPTS_USE_SESSION_KEY`` ``0x40000000`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_USE_SUBKEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_USE_SUBKEY.rst.txt deleted file mode 100644 index 77bf41d9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_USE_SUBKEY.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _AP-OPTS-USE-SUBKEY-data: - -AP_OPTS_USE_SUBKEY -================== - -.. -.. data:: AP_OPTS_USE_SUBKEY -.. - -Generate a subsession key from the current session key obtained from the credentials. - - - -========================= ====================== -``AP_OPTS_USE_SUBKEY`` ``0x00000001`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_WIRE_MASK.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_WIRE_MASK.rst.txt deleted file mode 100644 index 36328d55..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/AP_OPTS_WIRE_MASK.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _AP-OPTS-WIRE-MASK-data: - -AP_OPTS_WIRE_MASK -================= - -.. -.. data:: AP_OPTS_WIRE_MASK -.. - - - - -======================== ====================== -``AP_OPTS_WIRE_MASK`` ``0xfffffff0`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.rst.txt deleted file mode 100644 index 1a61f154..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-CMAC-CAMELLIA128-data: - -CKSUMTYPE_CMAC_CAMELLIA128 -========================== - -.. -.. data:: CKSUMTYPE_CMAC_CAMELLIA128 -.. - -RFC 6803. - - - -================================= ====================== -``CKSUMTYPE_CMAC_CAMELLIA128`` ``0x0011`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.rst.txt deleted file mode 100644 index 91f2c166..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-CMAC-CAMELLIA256-data: - -CKSUMTYPE_CMAC_CAMELLIA256 -========================== - -.. -.. data:: CKSUMTYPE_CMAC_CAMELLIA256 -.. - -RFC 6803. - - - -================================= ====================== -``CKSUMTYPE_CMAC_CAMELLIA256`` ``0x0012`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CRC32.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CRC32.rst.txt deleted file mode 100644 index 6d0c4a31..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_CRC32.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-CRC32-data: - -CKSUMTYPE_CRC32 -=============== - -.. -.. data:: CKSUMTYPE_CRC32 -.. - - - - -====================== ====================== -``CKSUMTYPE_CRC32`` ``0x0001`` -====================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_DESCBC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_DESCBC.rst.txt deleted file mode 100644 index 830ddb88..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_DESCBC.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-DESCBC-data: - -CKSUMTYPE_DESCBC -================ - -.. -.. data:: CKSUMTYPE_DESCBC -.. - - - - -======================= ====================== -``CKSUMTYPE_DESCBC`` ``0x0004`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.rst.txt deleted file mode 100644 index 9163bd36..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-HMAC-MD5-ARCFOUR-data: - -CKSUMTYPE_HMAC_MD5_ARCFOUR -========================== - -.. -.. data:: CKSUMTYPE_HMAC_MD5_ARCFOUR -.. - -RFC 4757. - - - -================================= ====================== -``CKSUMTYPE_HMAC_MD5_ARCFOUR`` ``-138`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.rst.txt deleted file mode 100644 index 5d28bbe0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-HMAC-SHA1-96-AES128-data: - -CKSUMTYPE_HMAC_SHA1_96_AES128 -============================= - -.. -.. data:: CKSUMTYPE_HMAC_SHA1_96_AES128 -.. - -RFC 3962. - -Used with ENCTYPE_AES128_CTS_HMAC_SHA1_96 - -==================================== ====================== -``CKSUMTYPE_HMAC_SHA1_96_AES128`` ``0x000f`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.rst.txt deleted file mode 100644 index 71ba018c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-HMAC-SHA1-96-AES256-data: - -CKSUMTYPE_HMAC_SHA1_96_AES256 -============================= - -.. -.. data:: CKSUMTYPE_HMAC_SHA1_96_AES256 -.. - -RFC 3962. - -Used with ENCTYPE_AES256_CTS_HMAC_SHA1_96 - -==================================== ====================== -``CKSUMTYPE_HMAC_SHA1_96_AES256`` ``0x0010`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.rst.txt deleted file mode 100644 index c6c76f2a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-HMAC-SHA1-DES3-data: - -CKSUMTYPE_HMAC_SHA1_DES3 -======================== - -.. -.. data:: CKSUMTYPE_HMAC_SHA1_DES3 -.. - - - - -=============================== ====================== -``CKSUMTYPE_HMAC_SHA1_DES3`` ``0x000c`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.rst.txt deleted file mode 100644 index 77f956e0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-HMAC-SHA256-128-AES128-data: - -CKSUMTYPE_HMAC_SHA256_128_AES128 -================================ - -.. -.. data:: CKSUMTYPE_HMAC_SHA256_128_AES128 -.. - -RFC 8009. - - - -======================================= ====================== -``CKSUMTYPE_HMAC_SHA256_128_AES128`` ``0x0013`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.rst.txt deleted file mode 100644 index b95628d5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-HMAC-SHA384-192-AES256-data: - -CKSUMTYPE_HMAC_SHA384_192_AES256 -================================ - -.. -.. data:: CKSUMTYPE_HMAC_SHA384_192_AES256 -.. - -RFC 8009. - - - -======================================= ====================== -``CKSUMTYPE_HMAC_SHA384_192_AES256`` ``0x0014`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.rst.txt deleted file mode 100644 index 97d84fe8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-MD5-HMAC-ARCFOUR-data: - -CKSUMTYPE_MD5_HMAC_ARCFOUR -========================== - -.. -.. data:: CKSUMTYPE_MD5_HMAC_ARCFOUR -.. - - - - -================================= ====================== -``CKSUMTYPE_MD5_HMAC_ARCFOUR`` ``-137 /* Microsoft netlogon */`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_NIST_SHA.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_NIST_SHA.rst.txt deleted file mode 100644 index 3524028e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_NIST_SHA.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-NIST-SHA-data: - -CKSUMTYPE_NIST_SHA -================== - -.. -.. data:: CKSUMTYPE_NIST_SHA -.. - - - - -========================= ====================== -``CKSUMTYPE_NIST_SHA`` ``0x0009`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD4.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD4.rst.txt deleted file mode 100644 index 02a4248b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD4.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-RSA-MD4-data: - -CKSUMTYPE_RSA_MD4 -================= - -.. -.. data:: CKSUMTYPE_RSA_MD4 -.. - - - - -======================== ====================== -``CKSUMTYPE_RSA_MD4`` ``0x0002`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.rst.txt deleted file mode 100644 index 7e5cc058..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-RSA-MD4-DES-data: - -CKSUMTYPE_RSA_MD4_DES -===================== - -.. -.. data:: CKSUMTYPE_RSA_MD4_DES -.. - - - - -============================ ====================== -``CKSUMTYPE_RSA_MD4_DES`` ``0x0003`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD5.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD5.rst.txt deleted file mode 100644 index e94f0b45..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD5.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-RSA-MD5-data: - -CKSUMTYPE_RSA_MD5 -================= - -.. -.. data:: CKSUMTYPE_RSA_MD5 -.. - - - - -======================== ====================== -``CKSUMTYPE_RSA_MD5`` ``0x0007`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.rst.txt deleted file mode 100644 index 87c321f5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-RSA-MD5-DES-data: - -CKSUMTYPE_RSA_MD5_DES -===================== - -.. -.. data:: CKSUMTYPE_RSA_MD5_DES -.. - - - - -============================ ====================== -``CKSUMTYPE_RSA_MD5_DES`` ``0x0008`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_SHA1.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_SHA1.rst.txt deleted file mode 100644 index a0f24bd5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/CKSUMTYPE_SHA1.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _CKSUMTYPE-SHA1-data: - -CKSUMTYPE_SHA1 -============== - -.. -.. data:: CKSUMTYPE_SHA1 -.. - -RFC 3961. - - - -===================== ====================== -``CKSUMTYPE_SHA1`` ``0x000e`` -===================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.rst.txt deleted file mode 100644 index b66ae72b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-AES128-CTS-HMAC-SHA1-96-data: - -ENCTYPE_AES128_CTS_HMAC_SHA1_96 -=============================== - -.. -.. data:: ENCTYPE_AES128_CTS_HMAC_SHA1_96 -.. - -RFC 3962. - - - -====================================== ====================== -``ENCTYPE_AES128_CTS_HMAC_SHA1_96`` ``0x0011`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.rst.txt deleted file mode 100644 index 3f83a1bf..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-AES128-CTS-HMAC-SHA256-128-data: - -ENCTYPE_AES128_CTS_HMAC_SHA256_128 -================================== - -.. -.. data:: ENCTYPE_AES128_CTS_HMAC_SHA256_128 -.. - -RFC 8009. - - - -========================================= ====================== -``ENCTYPE_AES128_CTS_HMAC_SHA256_128`` ``0x0013`` -========================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.rst.txt deleted file mode 100644 index 4d216964..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-AES256-CTS-HMAC-SHA1-96-data: - -ENCTYPE_AES256_CTS_HMAC_SHA1_96 -=============================== - -.. -.. data:: ENCTYPE_AES256_CTS_HMAC_SHA1_96 -.. - -RFC 3962. - - - -====================================== ====================== -``ENCTYPE_AES256_CTS_HMAC_SHA1_96`` ``0x0012`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.rst.txt deleted file mode 100644 index 76c8e4b7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-AES256-CTS-HMAC-SHA384-192-data: - -ENCTYPE_AES256_CTS_HMAC_SHA384_192 -================================== - -.. -.. data:: ENCTYPE_AES256_CTS_HMAC_SHA384_192 -.. - -RFC 8009. - - - -========================================= ====================== -``ENCTYPE_AES256_CTS_HMAC_SHA384_192`` ``0x0014`` -========================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.rst.txt deleted file mode 100644 index 54200453..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-ARCFOUR-HMAC-data: - -ENCTYPE_ARCFOUR_HMAC -==================== - -.. -.. data:: ENCTYPE_ARCFOUR_HMAC -.. - -RFC 4757. - - - -=========================== ====================== -``ENCTYPE_ARCFOUR_HMAC`` ``0x0017`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.rst.txt deleted file mode 100644 index 140c3412..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-ARCFOUR-HMAC-EXP-data: - -ENCTYPE_ARCFOUR_HMAC_EXP -======================== - -.. -.. data:: ENCTYPE_ARCFOUR_HMAC_EXP -.. - -RFC 4757. - - - -=============================== ====================== -``ENCTYPE_ARCFOUR_HMAC_EXP`` ``0x0018`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.rst.txt deleted file mode 100644 index e08e8e3f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-CAMELLIA128-CTS-CMAC-data: - -ENCTYPE_CAMELLIA128_CTS_CMAC -============================ - -.. -.. data:: ENCTYPE_CAMELLIA128_CTS_CMAC -.. - -RFC 6803. - - - -=================================== ====================== -``ENCTYPE_CAMELLIA128_CTS_CMAC`` ``0x0019`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.rst.txt deleted file mode 100644 index 7f7d64c8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-CAMELLIA256-CTS-CMAC-data: - -ENCTYPE_CAMELLIA256_CTS_CMAC -============================ - -.. -.. data:: ENCTYPE_CAMELLIA256_CTS_CMAC -.. - -RFC 6803. - - - -=================================== ====================== -``ENCTYPE_CAMELLIA256_CTS_CMAC`` ``0x001a`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.rst.txt deleted file mode 100644 index 62358d2f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-DES3-CBC-ENV-data: - -ENCTYPE_DES3_CBC_ENV -==================== - -.. -.. data:: ENCTYPE_DES3_CBC_ENV -.. - -DES-3 cbc mode, CMS enveloped data. - - - -=========================== ====================== -``ENCTYPE_DES3_CBC_ENV`` ``0x000f`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.rst.txt deleted file mode 100644 index 1f323133..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-DES3-CBC-RAW-data: - -ENCTYPE_DES3_CBC_RAW -==================== - -.. -.. data:: ENCTYPE_DES3_CBC_RAW -.. - - - - -=========================== ====================== -``ENCTYPE_DES3_CBC_RAW`` ``0x0006`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.rst.txt deleted file mode 100644 index 3d14182b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-DES3-CBC-SHA-data: - -ENCTYPE_DES3_CBC_SHA -==================== - -.. -.. data:: ENCTYPE_DES3_CBC_SHA -.. - - - - -=========================== ====================== -``ENCTYPE_DES3_CBC_SHA`` ``0x0005`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.rst.txt deleted file mode 100644 index 6ad9a185..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-DES3-CBC-SHA1-data: - -ENCTYPE_DES3_CBC_SHA1 -===================== - -.. -.. data:: ENCTYPE_DES3_CBC_SHA1 -.. - - - - -============================ ====================== -``ENCTYPE_DES3_CBC_SHA1`` ``0x0010`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_CRC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_CRC.rst.txt deleted file mode 100644 index a442821b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_CRC.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-DES-CBC-CRC-data: - -ENCTYPE_DES_CBC_CRC -=================== - -.. -.. data:: ENCTYPE_DES_CBC_CRC -.. - - - - -========================== ====================== -``ENCTYPE_DES_CBC_CRC`` ``0x0001`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_MD4.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_MD4.rst.txt deleted file mode 100644 index 2b227deb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_MD4.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-DES-CBC-MD4-data: - -ENCTYPE_DES_CBC_MD4 -=================== - -.. -.. data:: ENCTYPE_DES_CBC_MD4 -.. - - - - -========================== ====================== -``ENCTYPE_DES_CBC_MD4`` ``0x0002`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_MD5.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_MD5.rst.txt deleted file mode 100644 index d4edca90..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_MD5.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-DES-CBC-MD5-data: - -ENCTYPE_DES_CBC_MD5 -=================== - -.. -.. data:: ENCTYPE_DES_CBC_MD5 -.. - - - - -========================== ====================== -``ENCTYPE_DES_CBC_MD5`` ``0x0003`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_RAW.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_RAW.rst.txt deleted file mode 100644 index e3de8120..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_CBC_RAW.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-DES-CBC-RAW-data: - -ENCTYPE_DES_CBC_RAW -=================== - -.. -.. data:: ENCTYPE_DES_CBC_RAW -.. - - - - -========================== ====================== -``ENCTYPE_DES_CBC_RAW`` ``0x0004`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.rst.txt deleted file mode 100644 index 9494faed..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-DES-HMAC-SHA1-data: - -ENCTYPE_DES_HMAC_SHA1 -===================== - -.. -.. data:: ENCTYPE_DES_HMAC_SHA1 -.. - - - - -============================ ====================== -``ENCTYPE_DES_HMAC_SHA1`` ``0x0008`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.rst.txt deleted file mode 100644 index fca77e48..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-DSA-SHA1-CMS-data: - -ENCTYPE_DSA_SHA1_CMS -==================== - -.. -.. data:: ENCTYPE_DSA_SHA1_CMS -.. - -DSA with SHA1, CMS signature. - - - -=========================== ====================== -``ENCTYPE_DSA_SHA1_CMS`` ``0x0009`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.rst.txt deleted file mode 100644 index 5d4cc6b5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-MD5-RSA-CMS-data: - -ENCTYPE_MD5_RSA_CMS -=================== - -.. -.. data:: ENCTYPE_MD5_RSA_CMS -.. - -MD5 with RSA, CMS signature. - - - -========================== ====================== -``ENCTYPE_MD5_RSA_CMS`` ``0x000a`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_NULL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_NULL.rst.txt deleted file mode 100644 index 1a62c065..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_NULL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-NULL-data: - -ENCTYPE_NULL -============ - -.. -.. data:: ENCTYPE_NULL -.. - - - - -=================== ====================== -``ENCTYPE_NULL`` ``0x0000`` -=================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.rst.txt deleted file mode 100644 index 3dc732bb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-RC2-CBC-ENV-data: - -ENCTYPE_RC2_CBC_ENV -=================== - -.. -.. data:: ENCTYPE_RC2_CBC_ENV -.. - -RC2 cbc mode, CMS enveloped data. - - - -========================== ====================== -``ENCTYPE_RC2_CBC_ENV`` ``0x000c`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RSA_ENV.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RSA_ENV.rst.txt deleted file mode 100644 index 0f065716..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RSA_ENV.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-RSA-ENV-data: - -ENCTYPE_RSA_ENV -=============== - -.. -.. data:: ENCTYPE_RSA_ENV -.. - -RSA encryption, CMS enveloped data. - - - -====================== ====================== -``ENCTYPE_RSA_ENV`` ``0x000d`` -====================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.rst.txt deleted file mode 100644 index 1d7cfc0d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-RSA-ES-OAEP-ENV-data: - -ENCTYPE_RSA_ES_OAEP_ENV -======================= - -.. -.. data:: ENCTYPE_RSA_ES_OAEP_ENV -.. - -RSA w/OEAP encryption, CMS enveloped data. - - - -============================== ====================== -``ENCTYPE_RSA_ES_OAEP_ENV`` ``0x000e`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.rst.txt deleted file mode 100644 index a8cfe754..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-SHA1-RSA-CMS-data: - -ENCTYPE_SHA1_RSA_CMS -==================== - -.. -.. data:: ENCTYPE_SHA1_RSA_CMS -.. - -SHA1 with RSA, CMS signature. - - - -=========================== ====================== -``ENCTYPE_SHA1_RSA_CMS`` ``0x000b`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_UNKNOWN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_UNKNOWN.rst.txt deleted file mode 100644 index 44f86879..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/ENCTYPE_UNKNOWN.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _ENCTYPE-UNKNOWN-data: - -ENCTYPE_UNKNOWN -=============== - -.. -.. data:: ENCTYPE_UNKNOWN -.. - - - - -====================== ====================== -``ENCTYPE_UNKNOWN`` ``0x01ff`` -====================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.rst.txt deleted file mode 100644 index 64508eeb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-ALLOW-POSTDATE-data: - -KDC_OPT_ALLOW_POSTDATE -====================== - -.. -.. data:: KDC_OPT_ALLOW_POSTDATE -.. - - - - -============================= ====================== -``KDC_OPT_ALLOW_POSTDATE`` ``0x04000000`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_CANONICALIZE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_CANONICALIZE.rst.txt deleted file mode 100644 index 05f20bdc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_CANONICALIZE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-CANONICALIZE-data: - -KDC_OPT_CANONICALIZE -==================== - -.. -.. data:: KDC_OPT_CANONICALIZE -.. - - - - -=========================== ====================== -``KDC_OPT_CANONICALIZE`` ``0x00010000`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.rst.txt deleted file mode 100644 index bf9a9717..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-CNAME-IN-ADDL-TKT-data: - -KDC_OPT_CNAME_IN_ADDL_TKT -========================= - -.. -.. data:: KDC_OPT_CNAME_IN_ADDL_TKT -.. - - - - -================================ ====================== -``KDC_OPT_CNAME_IN_ADDL_TKT`` ``0x00020000`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.rst.txt deleted file mode 100644 index c0ac5294..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-DISABLE-TRANSITED-CHECK-data: - -KDC_OPT_DISABLE_TRANSITED_CHECK -=============================== - -.. -.. data:: KDC_OPT_DISABLE_TRANSITED_CHECK -.. - - - - -====================================== ====================== -``KDC_OPT_DISABLE_TRANSITED_CHECK`` ``0x00000020`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.rst.txt deleted file mode 100644 index ca72eccd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-ENC-TKT-IN-SKEY-data: - -KDC_OPT_ENC_TKT_IN_SKEY -======================= - -.. -.. data:: KDC_OPT_ENC_TKT_IN_SKEY -.. - - - - -============================== ====================== -``KDC_OPT_ENC_TKT_IN_SKEY`` ``0x00000008`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_FORWARDABLE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_FORWARDABLE.rst.txt deleted file mode 100644 index 171ea002..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_FORWARDABLE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-FORWARDABLE-data: - -KDC_OPT_FORWARDABLE -=================== - -.. -.. data:: KDC_OPT_FORWARDABLE -.. - - - - -========================== ====================== -``KDC_OPT_FORWARDABLE`` ``0x40000000`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_FORWARDED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_FORWARDED.rst.txt deleted file mode 100644 index ddfd30c8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_FORWARDED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-FORWARDED-data: - -KDC_OPT_FORWARDED -================= - -.. -.. data:: KDC_OPT_FORWARDED -.. - - - - -======================== ====================== -``KDC_OPT_FORWARDED`` ``0x20000000`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_POSTDATED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_POSTDATED.rst.txt deleted file mode 100644 index a6af6435..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_POSTDATED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-POSTDATED-data: - -KDC_OPT_POSTDATED -================= - -.. -.. data:: KDC_OPT_POSTDATED -.. - - - - -======================== ====================== -``KDC_OPT_POSTDATED`` ``0x02000000`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_PROXIABLE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_PROXIABLE.rst.txt deleted file mode 100644 index 5a874547..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_PROXIABLE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-PROXIABLE-data: - -KDC_OPT_PROXIABLE -================= - -.. -.. data:: KDC_OPT_PROXIABLE -.. - - - - -======================== ====================== -``KDC_OPT_PROXIABLE`` ``0x10000000`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_PROXY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_PROXY.rst.txt deleted file mode 100644 index 64c4f0ae..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_PROXY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-PROXY-data: - -KDC_OPT_PROXY -============= - -.. -.. data:: KDC_OPT_PROXY -.. - - - - -==================== ====================== -``KDC_OPT_PROXY`` ``0x08000000`` -==================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEW.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEW.rst.txt deleted file mode 100644 index 23e48761..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEW.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-RENEW-data: - -KDC_OPT_RENEW -============= - -.. -.. data:: KDC_OPT_RENEW -.. - - - - -==================== ====================== -``KDC_OPT_RENEW`` ``0x00000002`` -==================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEWABLE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEWABLE.rst.txt deleted file mode 100644 index d7f13ca5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEWABLE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-RENEWABLE-data: - -KDC_OPT_RENEWABLE -================= - -.. -.. data:: KDC_OPT_RENEWABLE -.. - - - - -======================== ====================== -``KDC_OPT_RENEWABLE`` ``0x00800000`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEWABLE_OK.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEWABLE_OK.rst.txt deleted file mode 100644 index 0d082e1a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_RENEWABLE_OK.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-RENEWABLE-OK-data: - -KDC_OPT_RENEWABLE_OK -==================== - -.. -.. data:: KDC_OPT_RENEWABLE_OK -.. - - - - -=========================== ====================== -``KDC_OPT_RENEWABLE_OK`` ``0x00000010`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.rst.txt deleted file mode 100644 index 7a14ec6e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-REQUEST-ANONYMOUS-data: - -KDC_OPT_REQUEST_ANONYMOUS -========================= - -.. -.. data:: KDC_OPT_REQUEST_ANONYMOUS -.. - - - - -================================ ====================== -``KDC_OPT_REQUEST_ANONYMOUS`` ``0x00008000`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_VALIDATE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_VALIDATE.rst.txt deleted file mode 100644 index 666beccb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_OPT_VALIDATE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-OPT-VALIDATE-data: - -KDC_OPT_VALIDATE -================ - -.. -.. data:: KDC_OPT_VALIDATE -.. - - - - -======================= ====================== -``KDC_OPT_VALIDATE`` ``0x00000001`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_TKT_COMMON_MASK.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_TKT_COMMON_MASK.rst.txt deleted file mode 100644 index e2cb9603..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KDC_TKT_COMMON_MASK.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KDC-TKT-COMMON-MASK-data: - -KDC_TKT_COMMON_MASK -=================== - -.. -.. data:: KDC_TKT_COMMON_MASK -.. - - - - -========================== ====================== -``KDC_TKT_COMMON_MASK`` ``0x54800000`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.rst.txt deleted file mode 100644 index ddc0ea0e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-ALTAUTH-ATT-CHALLENGE-RESPONSE-data: - -KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE -=================================== - -.. -.. data:: KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE -.. - -alternate authentication types - - - -========================================== ====================== -``KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE`` ``64`` -========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.rst.txt deleted file mode 100644 index 1d1644e3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-ANONYMOUS-PRINCSTR-data: - -KRB5_ANONYMOUS_PRINCSTR -======================= - -.. -.. data:: KRB5_ANONYMOUS_PRINCSTR -.. - -Anonymous principal name. - - - -============================== ====================== -``KRB5_ANONYMOUS_PRINCSTR`` ``"ANONYMOUS"`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.rst.txt deleted file mode 100644 index e9ab94d0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-ANONYMOUS-REALMSTR-data: - -KRB5_ANONYMOUS_REALMSTR -======================= - -.. -.. data:: KRB5_ANONYMOUS_REALMSTR -.. - -Anonymous realm. - - - -============================== ====================== -``KRB5_ANONYMOUS_REALMSTR`` ``"WELLKNOWN:ANONYMOUS"`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AP_REP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AP_REP.rst.txt deleted file mode 100644 index 4e50adf4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AP_REP.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AP-REP-data: - -KRB5_AP_REP -=========== - -.. -.. data:: KRB5_AP_REP -.. - -Response to mutual AP request. - - - -================== ====================== -``KRB5_AP_REP`` ``((krb5_msgtype)15)`` -================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AP_REQ.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AP_REQ.rst.txt deleted file mode 100644 index e92d37ea..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AP_REQ.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AP-REQ-data: - -KRB5_AP_REQ -=========== - -.. -.. data:: KRB5_AP_REQ -.. - -Auth req to application server. - - - -================== ====================== -``KRB5_AP_REQ`` ``((krb5_msgtype)14)`` -================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AS_REP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AS_REP.rst.txt deleted file mode 100644 index 69eb7041..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AS_REP.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AS-REP-data: - -KRB5_AS_REP -=========== - -.. -.. data:: KRB5_AS_REP -.. - -Response to AS request. - - - -================== ====================== -``KRB5_AS_REP`` ``((krb5_msgtype)11)`` -================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AS_REQ.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AS_REQ.rst.txt deleted file mode 100644 index 85501063..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AS_REQ.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AS-REQ-data: - -KRB5_AS_REQ -=========== - -.. -.. data:: KRB5_AS_REQ -.. - -Initial authentication request. - - - -================== ====================== -``KRB5_AS_REQ`` ``((krb5_msgtype)10)`` -================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AND_OR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AND_OR.rst.txt deleted file mode 100644 index a1abcbd2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AND_OR.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-AND-OR-data: - -KRB5_AUTHDATA_AND_OR -==================== - -.. -.. data:: KRB5_AUTHDATA_AND_OR -.. - - - - -=========================== ====================== -``KRB5_AUTHDATA_AND_OR`` ``5`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS.rst.txt deleted file mode 100644 index 87970252..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-AP-OPTIONS-data: - -KRB5_AUTHDATA_AP_OPTIONS -======================== - -.. -.. data:: KRB5_AUTHDATA_AP_OPTIONS -.. - - - - -=============================== ====================== -``KRB5_AUTHDATA_AP_OPTIONS`` ``143`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.rst.txt deleted file mode 100644 index ae1178ea..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-AUTH-INDICATOR-data: - -KRB5_AUTHDATA_AUTH_INDICATOR -============================ - -.. -.. data:: KRB5_AUTHDATA_AUTH_INDICATOR -.. - - - - -=================================== ====================== -``KRB5_AUTHDATA_AUTH_INDICATOR`` ``97`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.rst.txt deleted file mode 100644 index e6a239ea..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-CAMMAC-data: - -KRB5_AUTHDATA_CAMMAC -==================== - -.. -.. data:: KRB5_AUTHDATA_CAMMAC -.. - - - - -=========================== ====================== -``KRB5_AUTHDATA_CAMMAC`` ``96`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.rst.txt deleted file mode 100644 index 04621391..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-ETYPE-NEGOTIATION-data: - -KRB5_AUTHDATA_ETYPE_NEGOTIATION -=============================== - -.. -.. data:: KRB5_AUTHDATA_ETYPE_NEGOTIATION -.. - -RFC 4537. - - - -====================================== ====================== -``KRB5_AUTHDATA_ETYPE_NEGOTIATION`` ``129`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.rst.txt deleted file mode 100644 index 1982e835..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-FX-ARMOR-data: - -KRB5_AUTHDATA_FX_ARMOR -====================== - -.. -.. data:: KRB5_AUTHDATA_FX_ARMOR -.. - - - - -============================= ====================== -``KRB5_AUTHDATA_FX_ARMOR`` ``71`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.rst.txt deleted file mode 100644 index ff0b2439..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-IF-RELEVANT-data: - -KRB5_AUTHDATA_IF_RELEVANT -========================= - -.. -.. data:: KRB5_AUTHDATA_IF_RELEVANT -.. - - - - -================================ ====================== -``KRB5_AUTHDATA_IF_RELEVANT`` ``1`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.rst.txt deleted file mode 100644 index 5e76101c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-INITIAL-VERIFIED-CAS-data: - -KRB5_AUTHDATA_INITIAL_VERIFIED_CAS -================================== - -.. -.. data:: KRB5_AUTHDATA_INITIAL_VERIFIED_CAS -.. - - - - -========================================= ====================== -``KRB5_AUTHDATA_INITIAL_VERIFIED_CAS`` ``9`` -========================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.rst.txt deleted file mode 100644 index e566040c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-KDC-ISSUED-data: - -KRB5_AUTHDATA_KDC_ISSUED -======================== - -.. -.. data:: KRB5_AUTHDATA_KDC_ISSUED -.. - - - - -=============================== ====================== -``KRB5_AUTHDATA_KDC_ISSUED`` ``4`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.rst.txt deleted file mode 100644 index 50eacee7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-MANDATORY-FOR-KDC-data: - -KRB5_AUTHDATA_MANDATORY_FOR_KDC -=============================== - -.. -.. data:: KRB5_AUTHDATA_MANDATORY_FOR_KDC -.. - - - - -====================================== ====================== -``KRB5_AUTHDATA_MANDATORY_FOR_KDC`` ``8`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.rst.txt deleted file mode 100644 index a545b9fa..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-OSF-DCE-data: - -KRB5_AUTHDATA_OSF_DCE -===================== - -.. -.. data:: KRB5_AUTHDATA_OSF_DCE -.. - - - - -============================ ====================== -``KRB5_AUTHDATA_OSF_DCE`` ``64`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_SESAME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_SESAME.rst.txt deleted file mode 100644 index c21e3a11..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_SESAME.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-SESAME-data: - -KRB5_AUTHDATA_SESAME -==================== - -.. -.. data:: KRB5_AUTHDATA_SESAME -.. - - - - -=========================== ====================== -``KRB5_AUTHDATA_SESAME`` ``65`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.rst.txt deleted file mode 100644 index cff5f6f7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-SIGNTICKET-data: - -KRB5_AUTHDATA_SIGNTICKET -======================== - -.. -.. data:: KRB5_AUTHDATA_SIGNTICKET -.. - - - - -=============================== ====================== -``KRB5_AUTHDATA_SIGNTICKET`` ``512`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.rst.txt deleted file mode 100644 index b7ecde0b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTHDATA-WIN2K-PAC-data: - -KRB5_AUTHDATA_WIN2K_PAC -======================= - -.. -.. data:: KRB5_AUTHDATA_WIN2K_PAC -.. - - - - -============================== ====================== -``KRB5_AUTHDATA_WIN2K_PAC`` ``128`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.rst.txt deleted file mode 100644 index b0e214c1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTH-CONTEXT-DO-SEQUENCE-data: - -KRB5_AUTH_CONTEXT_DO_SEQUENCE -============================= - -.. -.. data:: KRB5_AUTH_CONTEXT_DO_SEQUENCE -.. - -Prevent replays with sequence numbers. - - - -==================================== ====================== -``KRB5_AUTH_CONTEXT_DO_SEQUENCE`` ``0x00000004`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.rst.txt deleted file mode 100644 index 09815b7b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTH-CONTEXT-DO-TIME-data: - -KRB5_AUTH_CONTEXT_DO_TIME -========================= - -.. -.. data:: KRB5_AUTH_CONTEXT_DO_TIME -.. - -Prevent replays with timestamps and replay cache. - - - -================================ ====================== -``KRB5_AUTH_CONTEXT_DO_TIME`` ``0x00000001`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.rst.txt deleted file mode 100644 index 16a15cff..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTH-CONTEXT-GENERATE-LOCAL-ADDR-data: - -KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR -===================================== - -.. -.. data:: KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR -.. - -Generate the local network address. - - - -============================================ ====================== -``KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR`` ``0x00000001`` -============================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.rst.txt deleted file mode 100644 index b74824f0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTH-CONTEXT-GENERATE-LOCAL-FULL-ADDR-data: - -KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR -========================================== - -.. -.. data:: KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR -.. - -Generate the local network address and the local port. - - - -================================================= ====================== -``KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR`` ``0x00000004`` -================================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.rst.txt deleted file mode 100644 index d8ee93bd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTH-CONTEXT-GENERATE-REMOTE-ADDR-data: - -KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR -====================================== - -.. -.. data:: KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR -.. - -Generate the remote network address. - - - -============================================= ====================== -``KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR`` ``0x00000002`` -============================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.rst.txt deleted file mode 100644 index a70428ab..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTH-CONTEXT-GENERATE-REMOTE-FULL-ADDR-data: - -KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR -=========================================== - -.. -.. data:: KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR -.. - -Generate the remote network address and the remote port. - - - -================================================== ====================== -``KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR`` ``0x00000008`` -================================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.rst.txt deleted file mode 100644 index 7ed17e79..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTH-CONTEXT-PERMIT-ALL-data: - -KRB5_AUTH_CONTEXT_PERMIT_ALL -============================ - -.. -.. data:: KRB5_AUTH_CONTEXT_PERMIT_ALL -.. - - - - -=================================== ====================== -``KRB5_AUTH_CONTEXT_PERMIT_ALL`` ``0x00000010`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.rst.txt deleted file mode 100644 index d9e67d66..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTH-CONTEXT-RET-SEQUENCE-data: - -KRB5_AUTH_CONTEXT_RET_SEQUENCE -============================== - -.. -.. data:: KRB5_AUTH_CONTEXT_RET_SEQUENCE -.. - -Save sequence numbers for application. - - - -===================================== ====================== -``KRB5_AUTH_CONTEXT_RET_SEQUENCE`` ``0x00000008`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.rst.txt deleted file mode 100644 index bebc83d9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTH-CONTEXT-RET-TIME-data: - -KRB5_AUTH_CONTEXT_RET_TIME -========================== - -.. -.. data:: KRB5_AUTH_CONTEXT_RET_TIME -.. - -Save timestamps for application. - - - -================================= ====================== -``KRB5_AUTH_CONTEXT_RET_TIME`` ``0x00000002`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.rst.txt deleted file mode 100644 index 481e7557..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-AUTH-CONTEXT-USE-SUBKEY-data: - -KRB5_AUTH_CONTEXT_USE_SUBKEY -============================ - -.. -.. data:: KRB5_AUTH_CONTEXT_USE_SUBKEY -.. - - - - -=================================== ====================== -``KRB5_AUTH_CONTEXT_USE_SUBKEY`` ``0x00000020`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRED.rst.txt deleted file mode 100644 index f4cb55e7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRED.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-CRED-data: - -KRB5_CRED -========= - -.. -.. data:: KRB5_CRED -.. - -Cred forwarding message. - - - -================ ====================== -``KRB5_CRED`` ``((krb5_msgtype)22)`` -================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.rst.txt deleted file mode 100644 index f882f79b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-CRYPTO-TYPE-CHECKSUM-data: - -KRB5_CRYPTO_TYPE_CHECKSUM -========================= - -.. -.. data:: KRB5_CRYPTO_TYPE_CHECKSUM -.. - -[out] checksum for MIC - - - -================================ ====================== -``KRB5_CRYPTO_TYPE_CHECKSUM`` ``6`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.rst.txt deleted file mode 100644 index 2dd2ea41..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-CRYPTO-TYPE-DATA-data: - -KRB5_CRYPTO_TYPE_DATA -===================== - -.. -.. data:: KRB5_CRYPTO_TYPE_DATA -.. - -[in, out] plaintext - - - -============================ ====================== -``KRB5_CRYPTO_TYPE_DATA`` ``2`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.rst.txt deleted file mode 100644 index dab70ced..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-CRYPTO-TYPE-EMPTY-data: - -KRB5_CRYPTO_TYPE_EMPTY -====================== - -.. -.. data:: KRB5_CRYPTO_TYPE_EMPTY -.. - -[in] ignored - - - -============================= ====================== -``KRB5_CRYPTO_TYPE_EMPTY`` ``0`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.rst.txt deleted file mode 100644 index a3263c24..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-CRYPTO-TYPE-HEADER-data: - -KRB5_CRYPTO_TYPE_HEADER -======================= - -.. -.. data:: KRB5_CRYPTO_TYPE_HEADER -.. - -[out] header - - - -============================== ====================== -``KRB5_CRYPTO_TYPE_HEADER`` ``1`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.rst.txt deleted file mode 100644 index 44d50728..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-CRYPTO-TYPE-PADDING-data: - -KRB5_CRYPTO_TYPE_PADDING -======================== - -.. -.. data:: KRB5_CRYPTO_TYPE_PADDING -.. - -[out] padding - - - -=============================== ====================== -``KRB5_CRYPTO_TYPE_PADDING`` ``4`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.rst.txt deleted file mode 100644 index a8b9f8a8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-CRYPTO-TYPE-SIGN-ONLY-data: - -KRB5_CRYPTO_TYPE_SIGN_ONLY -========================== - -.. -.. data:: KRB5_CRYPTO_TYPE_SIGN_ONLY -.. - -[in] associated data - - - -================================= ====================== -``KRB5_CRYPTO_TYPE_SIGN_ONLY`` ``3`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.rst.txt deleted file mode 100644 index e58f6825..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-CRYPTO-TYPE-STREAM-data: - -KRB5_CRYPTO_TYPE_STREAM -======================= - -.. -.. data:: KRB5_CRYPTO_TYPE_STREAM -.. - -[in] entire message without decomposing the structure into header, data and trailer buffers - - - -============================== ====================== -``KRB5_CRYPTO_TYPE_STREAM`` ``7`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.rst.txt deleted file mode 100644 index bf78ea02..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-CRYPTO-TYPE-TRAILER-data: - -KRB5_CRYPTO_TYPE_TRAILER -======================== - -.. -.. data:: KRB5_CRYPTO_TYPE_TRAILER -.. - -[out] checksum for encrypt - - - -=============================== ====================== -``KRB5_CRYPTO_TYPE_TRAILER`` ``5`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.rst.txt deleted file mode 100644 index 0b79861b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-CYBERSAFE-SECUREID-data: - -KRB5_CYBERSAFE_SECUREID -======================= - -.. -.. data:: KRB5_CYBERSAFE_SECUREID -.. - -Cybersafe. - -RFC 4120 - -============================== ====================== -``KRB5_CYBERSAFE_SECUREID`` ``9`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.rst.txt deleted file mode 100644 index 7bf71f8f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-DOMAIN-X500-COMPRESS-data: - -KRB5_DOMAIN_X500_COMPRESS -========================= - -.. -.. data:: KRB5_DOMAIN_X500_COMPRESS -.. - -Transited encoding types. - - - -================================ ====================== -``KRB5_DOMAIN_X500_COMPRESS`` ``1`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.rst.txt deleted file mode 100644 index fe828898..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-ENCPADATA-REQ-ENC-PA-REP-data: - -KRB5_ENCPADATA_REQ_ENC_PA_REP -============================= - -.. -.. data:: KRB5_ENCPADATA_REQ_ENC_PA_REP -.. - -RFC 6806. - - - -==================================== ====================== -``KRB5_ENCPADATA_REQ_ENC_PA_REP`` ``149`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ERROR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ERROR.rst.txt deleted file mode 100644 index 901f9452..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_ERROR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-ERROR-data: - -KRB5_ERROR -========== - -.. -.. data:: KRB5_ERROR -.. - -Error response. - - - -================= ====================== -``KRB5_ERROR`` ``((krb5_msgtype)30)`` -================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_FAST_REQUIRED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_FAST_REQUIRED.rst.txt deleted file mode 100644 index 936423d2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_FAST_REQUIRED.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-FAST-REQUIRED-data: - -KRB5_FAST_REQUIRED -================== - -.. -.. data:: KRB5_FAST_REQUIRED -.. - -Require KDC to support FAST. - - - -========================= ====================== -``KRB5_FAST_REQUIRED`` ``0x0001`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CACHED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CACHED.rst.txt deleted file mode 100644 index df1e7e5f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CACHED.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-GC-CACHED-data: - -KRB5_GC_CACHED -============== - -.. -.. data:: KRB5_GC_CACHED -.. - -Want cached ticket only. - - - -===================== ====================== -``KRB5_GC_CACHED`` ``2`` -===================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CANONICALIZE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CANONICALIZE.rst.txt deleted file mode 100644 index 93ea301b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CANONICALIZE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-GC-CANONICALIZE-data: - -KRB5_GC_CANONICALIZE -==================== - -.. -.. data:: KRB5_GC_CANONICALIZE -.. - -Set canonicalize KDC option. - - - -=========================== ====================== -``KRB5_GC_CANONICALIZE`` ``4`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.rst.txt deleted file mode 100644 index 3a3ed03a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-GC-CONSTRAINED-DELEGATION-data: - -KRB5_GC_CONSTRAINED_DELEGATION -============================== - -.. -.. data:: KRB5_GC_CONSTRAINED_DELEGATION -.. - -Constrained delegation. - - - -===================================== ====================== -``KRB5_GC_CONSTRAINED_DELEGATION`` ``64`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_FORWARDABLE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_FORWARDABLE.rst.txt deleted file mode 100644 index 0fbe57a9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_FORWARDABLE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-GC-FORWARDABLE-data: - -KRB5_GC_FORWARDABLE -=================== - -.. -.. data:: KRB5_GC_FORWARDABLE -.. - -Acquire forwardable tickets. - - - -========================== ====================== -``KRB5_GC_FORWARDABLE`` ``16`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_NO_STORE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_NO_STORE.rst.txt deleted file mode 100644 index 1640bc29..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_NO_STORE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-GC-NO-STORE-data: - -KRB5_GC_NO_STORE -================ - -.. -.. data:: KRB5_GC_NO_STORE -.. - -Do not store in credential cache. - - - -======================= ====================== -``KRB5_GC_NO_STORE`` ``8`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.rst.txt deleted file mode 100644 index da1b5cd7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-GC-NO-TRANSIT-CHECK-data: - -KRB5_GC_NO_TRANSIT_CHECK -======================== - -.. -.. data:: KRB5_GC_NO_TRANSIT_CHECK -.. - -Disable transited check. - - - -=============================== ====================== -``KRB5_GC_NO_TRANSIT_CHECK`` ``32`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_USER_USER.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_USER_USER.rst.txt deleted file mode 100644 index 2fc073f8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GC_USER_USER.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-GC-USER-USER-data: - -KRB5_GC_USER_USER -================= - -.. -.. data:: KRB5_GC_USER_USER -.. - -Want user-user ticket. - - - -======================== ====================== -``KRB5_GC_USER_USER`` ``1`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.rst.txt deleted file mode 100644 index d0ae5fb9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-ADDRESS-LIST-data: - -KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST -==================================== - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST -.. - - - - -=========================================== ====================== -``KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST`` ``0x0020`` -=========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.rst.txt deleted file mode 100644 index 2f4281ee..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-ANONYMOUS-data: - -KRB5_GET_INIT_CREDS_OPT_ANONYMOUS -================================= - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_ANONYMOUS -.. - - - - -======================================== ====================== -``KRB5_GET_INIT_CREDS_OPT_ANONYMOUS`` ``0x0400`` -======================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.rst.txt deleted file mode 100644 index 921c8730..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-CANONICALIZE-data: - -KRB5_GET_INIT_CREDS_OPT_CANONICALIZE -==================================== - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_CANONICALIZE -.. - - - - -=========================================== ====================== -``KRB5_GET_INIT_CREDS_OPT_CANONICALIZE`` ``0x0200`` -=========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.rst.txt deleted file mode 100644 index 5182abf8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-CHG-PWD-PRMPT-data: - -KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT -===================================== - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT -.. - - - - -============================================ ====================== -``KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT`` ``0x0100`` -============================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.rst.txt deleted file mode 100644 index 975417af..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-ETYPE-LIST-data: - -KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST -================================== - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST -.. - - - - -========================================= ====================== -``KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST`` ``0x0010`` -========================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.rst.txt deleted file mode 100644 index 8946b555..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-FORWARDABLE-data: - -KRB5_GET_INIT_CREDS_OPT_FORWARDABLE -=================================== - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_FORWARDABLE -.. - - - - -========================================== ====================== -``KRB5_GET_INIT_CREDS_OPT_FORWARDABLE`` ``0x0004`` -========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.rst.txt deleted file mode 100644 index 023783c6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-PREAUTH-LIST-data: - -KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST -==================================== - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST -.. - - - - -=========================================== ====================== -``KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST`` ``0x0040`` -=========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.rst.txt deleted file mode 100644 index 5cb3217f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-PROXIABLE-data: - -KRB5_GET_INIT_CREDS_OPT_PROXIABLE -================================= - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_PROXIABLE -.. - - - - -======================================== ====================== -``KRB5_GET_INIT_CREDS_OPT_PROXIABLE`` ``0x0008`` -======================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.rst.txt deleted file mode 100644 index 342ad6fc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-RENEW-LIFE-data: - -KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE -================================== - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE -.. - - - - -========================================= ====================== -``KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE`` ``0x0002`` -========================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.rst.txt deleted file mode 100644 index f3854eb0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-SALT-data: - -KRB5_GET_INIT_CREDS_OPT_SALT -============================ - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_SALT -.. - - - - -=================================== ====================== -``KRB5_GET_INIT_CREDS_OPT_SALT`` ``0x0080`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.rst.txt deleted file mode 100644 index 9f719b86..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-GET-INIT-CREDS-OPT-TKT-LIFE-data: - -KRB5_GET_INIT_CREDS_OPT_TKT_LIFE -================================ - -.. -.. data:: KRB5_GET_INIT_CREDS_OPT_TKT_LIFE -.. - - - - -======================================= ====================== -``KRB5_GET_INIT_CREDS_OPT_TKT_LIFE`` ``0x0001`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.rst.txt deleted file mode 100644 index 7d2ecf0a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-INIT-CONTEXT-KDC-data: - -KRB5_INIT_CONTEXT_KDC -===================== - -.. -.. data:: KRB5_INIT_CONTEXT_KDC -.. - -Use KDC configuration if available. - - - -============================ ====================== -``KRB5_INIT_CONTEXT_KDC`` ``0x2`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.rst.txt deleted file mode 100644 index 299b48f8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-INIT-CONTEXT-SECURE-data: - -KRB5_INIT_CONTEXT_SECURE -======================== - -.. -.. data:: KRB5_INIT_CONTEXT_SECURE -.. - -Use secure context configuration. - - - -=============================== ====================== -``KRB5_INIT_CONTEXT_SECURE`` ``0x1`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.rst.txt deleted file mode 100644 index 7981dc0f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-INIT-CREDS-STEP-FLAG-CONTINUE-data: - -KRB5_INIT_CREDS_STEP_FLAG_CONTINUE -================================== - -.. -.. data:: KRB5_INIT_CREDS_STEP_FLAG_CONTINUE -.. - -More responses needed. - - - -========================================= ====================== -``KRB5_INIT_CREDS_STEP_FLAG_CONTINUE`` ``0x1`` -========================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT16_MAX.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT16_MAX.rst.txt deleted file mode 100644 index ac18b597..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT16_MAX.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-INT16-MAX-data: - -KRB5_INT16_MAX -============== - -.. -.. data:: KRB5_INT16_MAX -.. - - - - -===================== ====================== -``KRB5_INT16_MAX`` ``65535`` -===================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT16_MIN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT16_MIN.rst.txt deleted file mode 100644 index 1bcfaa82..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT16_MIN.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-INT16-MIN-data: - -KRB5_INT16_MIN -============== - -.. -.. data:: KRB5_INT16_MIN -.. - - - - -===================== ====================== -``KRB5_INT16_MIN`` ``(-KRB5_INT16_MAX-1)`` -===================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT32_MAX.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT32_MAX.rst.txt deleted file mode 100644 index a041c979..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT32_MAX.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-INT32-MAX-data: - -KRB5_INT32_MAX -============== - -.. -.. data:: KRB5_INT32_MAX -.. - - - - -===================== ====================== -``KRB5_INT32_MAX`` ``2147483647`` -===================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT32_MIN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT32_MIN.rst.txt deleted file mode 100644 index 20192101..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_INT32_MIN.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-INT32-MIN-data: - -KRB5_INT32_MIN -============== - -.. -.. data:: KRB5_INT32_MIN -.. - - - - -===================== ====================== -``KRB5_INT32_MIN`` ``(-KRB5_INT32_MAX-1)`` -===================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.rst.txt deleted file mode 100644 index efd51241..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-AD-ITE-data: - -KRB5_KEYUSAGE_AD_ITE -==================== - -.. -.. data:: KRB5_KEYUSAGE_AD_ITE -.. - - - - -=========================== ====================== -``KRB5_KEYUSAGE_AD_ITE`` ``21`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.rst.txt deleted file mode 100644 index f2cdd071..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-AD-KDCISSUED-CKSUM-data: - -KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM -================================ - -.. -.. data:: KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM -.. - - - - -======================================= ====================== -``KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM`` ``19`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.rst.txt deleted file mode 100644 index 0cab9a2d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-AD-MTE-data: - -KRB5_KEYUSAGE_AD_MTE -==================== - -.. -.. data:: KRB5_KEYUSAGE_AD_MTE -.. - - - - -=========================== ====================== -``KRB5_KEYUSAGE_AD_MTE`` ``20`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.rst.txt deleted file mode 100644 index fada88e0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-AD-SIGNEDPATH-data: - -KRB5_KEYUSAGE_AD_SIGNEDPATH -=========================== - -.. -.. data:: KRB5_KEYUSAGE_AD_SIGNEDPATH -.. - - - - -================================== ====================== -``KRB5_KEYUSAGE_AD_SIGNEDPATH`` ``-21`` -================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.rst.txt deleted file mode 100644 index 2f909eab..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-APP-DATA-CKSUM-data: - -KRB5_KEYUSAGE_APP_DATA_CKSUM -============================ - -.. -.. data:: KRB5_KEYUSAGE_APP_DATA_CKSUM -.. - - - - -=================================== ====================== -``KRB5_KEYUSAGE_APP_DATA_CKSUM`` ``17`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.rst.txt deleted file mode 100644 index 2b3e840b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-APP-DATA-ENCRYPT-data: - -KRB5_KEYUSAGE_APP_DATA_ENCRYPT -============================== - -.. -.. data:: KRB5_KEYUSAGE_APP_DATA_ENCRYPT -.. - - - - -===================================== ====================== -``KRB5_KEYUSAGE_APP_DATA_ENCRYPT`` ``16`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.rst.txt deleted file mode 100644 index bab584ff..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-AP-REP-ENCPART-data: - -KRB5_KEYUSAGE_AP_REP_ENCPART -============================ - -.. -.. data:: KRB5_KEYUSAGE_AP_REP_ENCPART -.. - - - - -=================================== ====================== -``KRB5_KEYUSAGE_AP_REP_ENCPART`` ``12`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.rst.txt deleted file mode 100644 index 83fe216e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-AP-REQ-AUTH-data: - -KRB5_KEYUSAGE_AP_REQ_AUTH -========================= - -.. -.. data:: KRB5_KEYUSAGE_AP_REQ_AUTH -.. - - - - -================================ ====================== -``KRB5_KEYUSAGE_AP_REQ_AUTH`` ``11`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.rst.txt deleted file mode 100644 index 54d18a9d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-AP-REQ-AUTH-CKSUM-data: - -KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM -=============================== - -.. -.. data:: KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM -.. - - - - -====================================== ====================== -``KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM`` ``10`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.rst.txt deleted file mode 100644 index d666d88c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-AS-REP-ENCPART-data: - -KRB5_KEYUSAGE_AS_REP_ENCPART -============================ - -.. -.. data:: KRB5_KEYUSAGE_AS_REP_ENCPART -.. - - - - -=================================== ====================== -``KRB5_KEYUSAGE_AS_REP_ENCPART`` ``3`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.rst.txt deleted file mode 100644 index 0626b0ae..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-AS-REQ-data: - -KRB5_KEYUSAGE_AS_REQ -==================== - -.. -.. data:: KRB5_KEYUSAGE_AS_REQ -.. - - - - -=========================== ====================== -``KRB5_KEYUSAGE_AS_REQ`` ``56`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.rst.txt deleted file mode 100644 index 6552938f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-AS-REQ-PA-ENC-TS-data: - -KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS -============================== - -.. -.. data:: KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS -.. - - - - -===================================== ====================== -``KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS`` ``1`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.rst.txt deleted file mode 100644 index 0f7c7b12..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-CAMMAC-data: - -KRB5_KEYUSAGE_CAMMAC -==================== - -.. -.. data:: KRB5_KEYUSAGE_CAMMAC -.. - - - - -=========================== ====================== -``KRB5_KEYUSAGE_CAMMAC`` ``64`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.rst.txt deleted file mode 100644 index 1f27210c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-ENC-CHALLENGE-CLIENT-data: - -KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT -================================== - -.. -.. data:: KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT -.. - - - - -========================================= ====================== -``KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT`` ``54`` -========================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.rst.txt deleted file mode 100644 index ec53ab1a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-ENC-CHALLENGE-KDC-data: - -KRB5_KEYUSAGE_ENC_CHALLENGE_KDC -=============================== - -.. -.. data:: KRB5_KEYUSAGE_ENC_CHALLENGE_KDC -.. - - - - -====================================== ====================== -``KRB5_KEYUSAGE_ENC_CHALLENGE_KDC`` ``55`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.rst.txt deleted file mode 100644 index 0936f56a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-FAST-ENC-data: - -KRB5_KEYUSAGE_FAST_ENC -====================== - -.. -.. data:: KRB5_KEYUSAGE_FAST_ENC -.. - - - - -============================= ====================== -``KRB5_KEYUSAGE_FAST_ENC`` ``51`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.rst.txt deleted file mode 100644 index e66fd0f4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-FAST-FINISHED-data: - -KRB5_KEYUSAGE_FAST_FINISHED -=========================== - -.. -.. data:: KRB5_KEYUSAGE_FAST_FINISHED -.. - - - - -================================== ====================== -``KRB5_KEYUSAGE_FAST_FINISHED`` ``53`` -================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.rst.txt deleted file mode 100644 index 076714bc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-FAST-REP-data: - -KRB5_KEYUSAGE_FAST_REP -====================== - -.. -.. data:: KRB5_KEYUSAGE_FAST_REP -.. - - - - -============================= ====================== -``KRB5_KEYUSAGE_FAST_REP`` ``52`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.rst.txt deleted file mode 100644 index 257d006b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-FAST-REQ-CHKSUM-data: - -KRB5_KEYUSAGE_FAST_REQ_CHKSUM -============================= - -.. -.. data:: KRB5_KEYUSAGE_FAST_REQ_CHKSUM -.. - - - - -==================================== ====================== -``KRB5_KEYUSAGE_FAST_REQ_CHKSUM`` ``50`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.rst.txt deleted file mode 100644 index c1ae9317..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-GSS-TOK-MIC-data: - -KRB5_KEYUSAGE_GSS_TOK_MIC -========================= - -.. -.. data:: KRB5_KEYUSAGE_GSS_TOK_MIC -.. - - - - -================================ ====================== -``KRB5_KEYUSAGE_GSS_TOK_MIC`` ``22`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.rst.txt deleted file mode 100644 index 35a1ba74..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-GSS-TOK-WRAP-INTEG-data: - -KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG -================================ - -.. -.. data:: KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG -.. - - - - -======================================= ====================== -``KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG`` ``23`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.rst.txt deleted file mode 100644 index c3df9b36..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-GSS-TOK-WRAP-PRIV-data: - -KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV -=============================== - -.. -.. data:: KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV -.. - - - - -====================================== ====================== -``KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV`` ``24`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.rst.txt deleted file mode 100644 index e17ba0b7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-IAKERB-FINISHED-data: - -KRB5_KEYUSAGE_IAKERB_FINISHED -============================= - -.. -.. data:: KRB5_KEYUSAGE_IAKERB_FINISHED -.. - - - - -==================================== ====================== -``KRB5_KEYUSAGE_IAKERB_FINISHED`` ``42`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.rst.txt deleted file mode 100644 index 9203b56f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-KDC-REP-TICKET-data: - -KRB5_KEYUSAGE_KDC_REP_TICKET -============================ - -.. -.. data:: KRB5_KEYUSAGE_KDC_REP_TICKET -.. - - - - -=================================== ====================== -``KRB5_KEYUSAGE_KDC_REP_TICKET`` ``2`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.rst.txt deleted file mode 100644 index 823c2ead..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-KRB-CRED-ENCPART-data: - -KRB5_KEYUSAGE_KRB_CRED_ENCPART -============================== - -.. -.. data:: KRB5_KEYUSAGE_KRB_CRED_ENCPART -.. - - - - -===================================== ====================== -``KRB5_KEYUSAGE_KRB_CRED_ENCPART`` ``14`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst.txt deleted file mode 100644 index 8986ac08..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-KRB-ERROR-CKSUM-data: - -KRB5_KEYUSAGE_KRB_ERROR_CKSUM -============================= - -.. -.. data:: KRB5_KEYUSAGE_KRB_ERROR_CKSUM -.. - - - - -==================================== ====================== -``KRB5_KEYUSAGE_KRB_ERROR_CKSUM`` ``18`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst.txt deleted file mode 100644 index 696ab74b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-KRB-PRIV-ENCPART-data: - -KRB5_KEYUSAGE_KRB_PRIV_ENCPART -============================== - -.. -.. data:: KRB5_KEYUSAGE_KRB_PRIV_ENCPART -.. - - - - -===================================== ====================== -``KRB5_KEYUSAGE_KRB_PRIV_ENCPART`` ``13`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst.txt deleted file mode 100644 index 07493e66..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-KRB-SAFE-CKSUM-data: - -KRB5_KEYUSAGE_KRB_SAFE_CKSUM -============================ - -.. -.. data:: KRB5_KEYUSAGE_KRB_SAFE_CKSUM -.. - - - - -=================================== ====================== -``KRB5_KEYUSAGE_KRB_SAFE_CKSUM`` ``15`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst.txt deleted file mode 100644 index 66e29627..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-PA-AS-FRESHNESS-data: - -KRB5_KEYUSAGE_PA_AS_FRESHNESS -============================= - -.. -.. data:: KRB5_KEYUSAGE_PA_AS_FRESHNESS -.. - -Used for freshness tokens. - - - -==================================== ====================== -``KRB5_KEYUSAGE_PA_AS_FRESHNESS`` ``514`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.rst.txt deleted file mode 100644 index 709c8c39..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-PA-FX-COOKIE-data: - -KRB5_KEYUSAGE_PA_FX_COOKIE -========================== - -.. -.. data:: KRB5_KEYUSAGE_PA_FX_COOKIE -.. - -Used for encrypted FAST cookies. - - - -================================= ====================== -``KRB5_KEYUSAGE_PA_FX_COOKIE`` ``513`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.rst.txt deleted file mode 100644 index cfc6946d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-PA-OTP-REQUEST-data: - -KRB5_KEYUSAGE_PA_OTP_REQUEST -============================ - -.. -.. data:: KRB5_KEYUSAGE_PA_OTP_REQUEST -.. - -See RFC 6560 section 4.2. - - - -=================================== ====================== -``KRB5_KEYUSAGE_PA_OTP_REQUEST`` ``45`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.rst.txt deleted file mode 100644 index a0c61921..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-PA-PKINIT-KX-data: - -KRB5_KEYUSAGE_PA_PKINIT_KX -========================== - -.. -.. data:: KRB5_KEYUSAGE_PA_PKINIT_KX -.. - - - - -================================= ====================== -``KRB5_KEYUSAGE_PA_PKINIT_KX`` ``44`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.rst.txt deleted file mode 100644 index adab35dc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-PA-S4U-X509-USER-REPLY-data: - -KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY -==================================== - -.. -.. data:: KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY -.. - - - - -=========================================== ====================== -``KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY`` ``27`` -=========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.rst.txt deleted file mode 100644 index 03fff049..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-PA-S4U-X509-USER-REQUEST-data: - -KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST -====================================== - -.. -.. data:: KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST -.. - - - - -============================================= ====================== -``KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST`` ``26`` -============================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst.txt deleted file mode 100644 index eff8ef82..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-PA-SAM-CHALLENGE-CKSUM-data: - -KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM -==================================== - -.. -.. data:: KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM -.. - - - - -=========================================== ====================== -``KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM`` ``25`` -=========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst.txt deleted file mode 100644 index 1928646e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-PA-SAM-CHALLENGE-TRACKID-data: - -KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID -====================================== - -.. -.. data:: KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID -.. - - - - -============================================= ====================== -``KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID`` ``26`` -============================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst.txt deleted file mode 100644 index 93b83048..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-PA-SAM-RESPONSE-data: - -KRB5_KEYUSAGE_PA_SAM_RESPONSE -============================= - -.. -.. data:: KRB5_KEYUSAGE_PA_SAM_RESPONSE -.. - - - - -==================================== ====================== -``KRB5_KEYUSAGE_PA_SAM_RESPONSE`` ``27`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.rst.txt deleted file mode 100644 index db6ccb67..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-SPAKE-data: - -KRB5_KEYUSAGE_SPAKE -=================== - -.. -.. data:: KRB5_KEYUSAGE_SPAKE -.. - - - - -========================== ====================== -``KRB5_KEYUSAGE_SPAKE`` ``65`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst.txt deleted file mode 100644 index 56151c1b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-TGS-REP-ENCPART-SESSKEY-data: - -KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY -===================================== - -.. -.. data:: KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY -.. - - - - -============================================ ====================== -``KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY`` ``8`` -============================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst.txt deleted file mode 100644 index ee0548c4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-TGS-REP-ENCPART-SUBKEY-data: - -KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY -==================================== - -.. -.. data:: KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY -.. - - - - -=========================================== ====================== -``KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY`` ``9`` -=========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst.txt deleted file mode 100644 index dc93ba77..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-TGS-REQ-AD-SESSKEY-data: - -KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY -================================ - -.. -.. data:: KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY -.. - - - - -======================================= ====================== -``KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY`` ``4`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.rst.txt deleted file mode 100644 index c48b8643..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-TGS-REQ-AD-SUBKEY-data: - -KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY -=============================== - -.. -.. data:: KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY -.. - - - - -====================================== ====================== -``KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY`` ``5`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.rst.txt deleted file mode 100644 index d50140f2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-TGS-REQ-AUTH-data: - -KRB5_KEYUSAGE_TGS_REQ_AUTH -========================== - -.. -.. data:: KRB5_KEYUSAGE_TGS_REQ_AUTH -.. - - - - -================================= ====================== -``KRB5_KEYUSAGE_TGS_REQ_AUTH`` ``7`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.rst.txt deleted file mode 100644 index a9245b4c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-KEYUSAGE-TGS-REQ-AUTH-CKSUM-data: - -KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM -================================ - -.. -.. data:: KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM -.. - - - - -======================================= ====================== -``KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM`` ``6`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.rst.txt deleted file mode 100644 index 56d44af2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KPASSWD-ACCESSDENIED-data: - -KRB5_KPASSWD_ACCESSDENIED -========================= - -.. -.. data:: KRB5_KPASSWD_ACCESSDENIED -.. - -Not authorized. - - - -================================ ====================== -``KRB5_KPASSWD_ACCESSDENIED`` ``5`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.rst.txt deleted file mode 100644 index 356208ae..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KPASSWD-AUTHERROR-data: - -KRB5_KPASSWD_AUTHERROR -====================== - -.. -.. data:: KRB5_KPASSWD_AUTHERROR -.. - -Authentication error. - - - -============================= ====================== -``KRB5_KPASSWD_AUTHERROR`` ``3`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.rst.txt deleted file mode 100644 index 7c6d0908..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KPASSWD-BAD-VERSION-data: - -KRB5_KPASSWD_BAD_VERSION -======================== - -.. -.. data:: KRB5_KPASSWD_BAD_VERSION -.. - -Unknown RPC version. - - - -=============================== ====================== -``KRB5_KPASSWD_BAD_VERSION`` ``6`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_HARDERROR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_HARDERROR.rst.txt deleted file mode 100644 index dbdb777e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_HARDERROR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KPASSWD-HARDERROR-data: - -KRB5_KPASSWD_HARDERROR -====================== - -.. -.. data:: KRB5_KPASSWD_HARDERROR -.. - -Server error. - - - -============================= ====================== -``KRB5_KPASSWD_HARDERROR`` ``2`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.rst.txt deleted file mode 100644 index e4385673..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KPASSWD-INITIAL-FLAG-NEEDED-data: - -KRB5_KPASSWD_INITIAL_FLAG_NEEDED -================================ - -.. -.. data:: KRB5_KPASSWD_INITIAL_FLAG_NEEDED -.. - -The presented credentials were not obtained using a password directly. - - - -======================================= ====================== -``KRB5_KPASSWD_INITIAL_FLAG_NEEDED`` ``7`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_MALFORMED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_MALFORMED.rst.txt deleted file mode 100644 index 8aa3a90c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_MALFORMED.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KPASSWD-MALFORMED-data: - -KRB5_KPASSWD_MALFORMED -====================== - -.. -.. data:: KRB5_KPASSWD_MALFORMED -.. - -Malformed request. - - - -============================= ====================== -``KRB5_KPASSWD_MALFORMED`` ``1`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.rst.txt deleted file mode 100644 index 2d1cb307..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KPASSWD-SOFTERROR-data: - -KRB5_KPASSWD_SOFTERROR -====================== - -.. -.. data:: KRB5_KPASSWD_SOFTERROR -.. - -Password change rejected. - - - -============================= ====================== -``KRB5_KPASSWD_SOFTERROR`` ``4`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_SUCCESS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_SUCCESS.rst.txt deleted file mode 100644 index 6cad3cf7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_KPASSWD_SUCCESS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-KPASSWD-SUCCESS-data: - -KRB5_KPASSWD_SUCCESS -==================== - -.. -.. data:: KRB5_KPASSWD_SUCCESS -.. - -Success. - - - -=========================== ====================== -``KRB5_KPASSWD_SUCCESS`` ``0`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.rst.txt deleted file mode 100644 index 3f33bd03..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ALL-ACCT-EXPTIME-data: - -KRB5_LRQ_ALL_ACCT_EXPTIME -========================= - -.. -.. data:: KRB5_LRQ_ALL_ACCT_EXPTIME -.. - - - - -================================ ====================== -``KRB5_LRQ_ALL_ACCT_EXPTIME`` ``7`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.rst.txt deleted file mode 100644 index 5d90c8ef..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ALL-LAST-INITIAL-data: - -KRB5_LRQ_ALL_LAST_INITIAL -========================= - -.. -.. data:: KRB5_LRQ_ALL_LAST_INITIAL -.. - - - - -================================ ====================== -``KRB5_LRQ_ALL_LAST_INITIAL`` ``2`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.rst.txt deleted file mode 100644 index f7854969..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ALL-LAST-RENEWAL-data: - -KRB5_LRQ_ALL_LAST_RENEWAL -========================= - -.. -.. data:: KRB5_LRQ_ALL_LAST_RENEWAL -.. - - - - -================================ ====================== -``KRB5_LRQ_ALL_LAST_RENEWAL`` ``4`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.rst.txt deleted file mode 100644 index 2b98c985..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ALL-LAST-REQ-data: - -KRB5_LRQ_ALL_LAST_REQ -===================== - -.. -.. data:: KRB5_LRQ_ALL_LAST_REQ -.. - - - - -============================ ====================== -``KRB5_LRQ_ALL_LAST_REQ`` ``5`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.rst.txt deleted file mode 100644 index 4a7b5b1e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ALL-LAST-TGT-data: - -KRB5_LRQ_ALL_LAST_TGT -===================== - -.. -.. data:: KRB5_LRQ_ALL_LAST_TGT -.. - - - - -============================ ====================== -``KRB5_LRQ_ALL_LAST_TGT`` ``1`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.rst.txt deleted file mode 100644 index 646b61a3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ALL-LAST-TGT-ISSUED-data: - -KRB5_LRQ_ALL_LAST_TGT_ISSUED -============================ - -.. -.. data:: KRB5_LRQ_ALL_LAST_TGT_ISSUED -.. - - - - -=================================== ====================== -``KRB5_LRQ_ALL_LAST_TGT_ISSUED`` ``3`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.rst.txt deleted file mode 100644 index f88a1c78..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ALL-PW-EXPTIME-data: - -KRB5_LRQ_ALL_PW_EXPTIME -======================= - -.. -.. data:: KRB5_LRQ_ALL_PW_EXPTIME -.. - - - - -============================== ====================== -``KRB5_LRQ_ALL_PW_EXPTIME`` ``6`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_NONE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_NONE.rst.txt deleted file mode 100644 index 1a816fed..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_NONE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-NONE-data: - -KRB5_LRQ_NONE -============= - -.. -.. data:: KRB5_LRQ_NONE -.. - - - - -==================== ====================== -``KRB5_LRQ_NONE`` ``0`` -==================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.rst.txt deleted file mode 100644 index 842f1d78..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ONE-ACCT-EXPTIME-data: - -KRB5_LRQ_ONE_ACCT_EXPTIME -========================= - -.. -.. data:: KRB5_LRQ_ONE_ACCT_EXPTIME -.. - - - - -================================ ====================== -``KRB5_LRQ_ONE_ACCT_EXPTIME`` ``(-7)`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.rst.txt deleted file mode 100644 index c79efcca..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ONE-LAST-INITIAL-data: - -KRB5_LRQ_ONE_LAST_INITIAL -========================= - -.. -.. data:: KRB5_LRQ_ONE_LAST_INITIAL -.. - - - - -================================ ====================== -``KRB5_LRQ_ONE_LAST_INITIAL`` ``(-2)`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.rst.txt deleted file mode 100644 index dd9f70ec..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ONE-LAST-RENEWAL-data: - -KRB5_LRQ_ONE_LAST_RENEWAL -========================= - -.. -.. data:: KRB5_LRQ_ONE_LAST_RENEWAL -.. - - - - -================================ ====================== -``KRB5_LRQ_ONE_LAST_RENEWAL`` ``(-4)`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.rst.txt deleted file mode 100644 index da502338..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ONE-LAST-REQ-data: - -KRB5_LRQ_ONE_LAST_REQ -===================== - -.. -.. data:: KRB5_LRQ_ONE_LAST_REQ -.. - - - - -============================ ====================== -``KRB5_LRQ_ONE_LAST_REQ`` ``(-5)`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.rst.txt deleted file mode 100644 index f57c5473..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ONE-LAST-TGT-data: - -KRB5_LRQ_ONE_LAST_TGT -===================== - -.. -.. data:: KRB5_LRQ_ONE_LAST_TGT -.. - - - - -============================ ====================== -``KRB5_LRQ_ONE_LAST_TGT`` ``(-1)`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.rst.txt deleted file mode 100644 index 44702a41..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ONE-LAST-TGT-ISSUED-data: - -KRB5_LRQ_ONE_LAST_TGT_ISSUED -============================ - -.. -.. data:: KRB5_LRQ_ONE_LAST_TGT_ISSUED -.. - - - - -=================================== ====================== -``KRB5_LRQ_ONE_LAST_TGT_ISSUED`` ``(-3)`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.rst.txt deleted file mode 100644 index 4710a605..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-LRQ-ONE-PW-EXPTIME-data: - -KRB5_LRQ_ONE_PW_EXPTIME -======================= - -.. -.. data:: KRB5_LRQ_ONE_PW_EXPTIME -.. - - - - -============================== ====================== -``KRB5_LRQ_ONE_PW_EXPTIME`` ``(-6)`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.rst.txt deleted file mode 100644 index 3511088c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-ENTERPRISE-PRINCIPAL-data: - -KRB5_NT_ENTERPRISE_PRINCIPAL -============================ - -.. -.. data:: KRB5_NT_ENTERPRISE_PRINCIPAL -.. - -Windows 2000 UPN. - - - -=================================== ====================== -``KRB5_NT_ENTERPRISE_PRINCIPAL`` ``10`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.rst.txt deleted file mode 100644 index 28f7eb39..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-ENT-PRINCIPAL-AND-ID-data: - -KRB5_NT_ENT_PRINCIPAL_AND_ID -============================ - -.. -.. data:: KRB5_NT_ENT_PRINCIPAL_AND_ID -.. - -NT 4 style name and SID. - - - -=================================== ====================== -``KRB5_NT_ENT_PRINCIPAL_AND_ID`` ``-130`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.rst.txt deleted file mode 100644 index 80801f6d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-MS-PRINCIPAL-data: - -KRB5_NT_MS_PRINCIPAL -==================== - -.. -.. data:: KRB5_NT_MS_PRINCIPAL -.. - -Windows 2000 UPN and SID. - - - -=========================== ====================== -``KRB5_NT_MS_PRINCIPAL`` ``-128`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.rst.txt deleted file mode 100644 index 7388c64a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-MS-PRINCIPAL-AND-ID-data: - -KRB5_NT_MS_PRINCIPAL_AND_ID -=========================== - -.. -.. data:: KRB5_NT_MS_PRINCIPAL_AND_ID -.. - -NT 4 style name. - - - -================================== ====================== -``KRB5_NT_MS_PRINCIPAL_AND_ID`` ``-129`` -================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_PRINCIPAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_PRINCIPAL.rst.txt deleted file mode 100644 index 49309a52..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_PRINCIPAL.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-PRINCIPAL-data: - -KRB5_NT_PRINCIPAL -================= - -.. -.. data:: KRB5_NT_PRINCIPAL -.. - -Just the name of the principal as in DCE, or for users. - - - -======================== ====================== -``KRB5_NT_PRINCIPAL`` ``1`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SMTP_NAME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SMTP_NAME.rst.txt deleted file mode 100644 index 1d411335..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SMTP_NAME.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-SMTP-NAME-data: - -KRB5_NT_SMTP_NAME -================= - -.. -.. data:: KRB5_NT_SMTP_NAME -.. - -Name in form of SMTP email name. - - - -======================== ====================== -``KRB5_NT_SMTP_NAME`` ``7`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_HST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_HST.rst.txt deleted file mode 100644 index 7a96e400..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_HST.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-SRV-HST-data: - -KRB5_NT_SRV_HST -=============== - -.. -.. data:: KRB5_NT_SRV_HST -.. - -Service with host name as instance (telnet, rcommands) - - - -====================== ====================== -``KRB5_NT_SRV_HST`` ``3`` -====================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_INST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_INST.rst.txt deleted file mode 100644 index 8beee817..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_INST.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-SRV-INST-data: - -KRB5_NT_SRV_INST -================ - -.. -.. data:: KRB5_NT_SRV_INST -.. - -Service and other unique instance (krbtgt) - - - -======================= ====================== -``KRB5_NT_SRV_INST`` ``2`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_XHST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_XHST.rst.txt deleted file mode 100644 index 03e0f0d7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_SRV_XHST.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-SRV-XHST-data: - -KRB5_NT_SRV_XHST -================ - -.. -.. data:: KRB5_NT_SRV_XHST -.. - -Service with host as remaining components. - - - -======================= ====================== -``KRB5_NT_SRV_XHST`` ``4`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_UID.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_UID.rst.txt deleted file mode 100644 index 76f278c5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_UID.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-UID-data: - -KRB5_NT_UID -=========== - -.. -.. data:: KRB5_NT_UID -.. - -Unique ID. - - - -================== ====================== -``KRB5_NT_UID`` ``5`` -================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_UNKNOWN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_UNKNOWN.rst.txt deleted file mode 100644 index 04636d46..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_UNKNOWN.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-UNKNOWN-data: - -KRB5_NT_UNKNOWN -=============== - -.. -.. data:: KRB5_NT_UNKNOWN -.. - -Name type not known. - - - -====================== ====================== -``KRB5_NT_UNKNOWN`` ``0`` -====================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_WELLKNOWN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_WELLKNOWN.rst.txt deleted file mode 100644 index 2d7c1b9b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_WELLKNOWN.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-WELLKNOWN-data: - -KRB5_NT_WELLKNOWN -================= - -.. -.. data:: KRB5_NT_WELLKNOWN -.. - -Well-known (special) principal. - - - -======================== ====================== -``KRB5_NT_WELLKNOWN`` ``11`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.rst.txt deleted file mode 100644 index fdd994c6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-NT-X500-PRINCIPAL-data: - -KRB5_NT_X500_PRINCIPAL -====================== - -.. -.. data:: KRB5_NT_X500_PRINCIPAL -.. - -PKINIT. - - - -============================= ====================== -``KRB5_NT_X500_PRINCIPAL`` ``6`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO.rst.txt deleted file mode 100644 index da248a8d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-ATTRIBUTES-INFO-data: - -KRB5_PAC_ATTRIBUTES_INFO -======================== - -.. -.. data:: KRB5_PAC_ATTRIBUTES_INFO -.. - -PAC attributes. - - - -=============================== ====================== -``KRB5_PAC_ATTRIBUTES_INFO`` ``17`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS.rst.txt deleted file mode 100644 index 4e940486..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-CLIENT-CLAIMS-data: - -KRB5_PAC_CLIENT_CLAIMS -====================== - -.. -.. data:: KRB5_PAC_CLIENT_CLAIMS -.. - -Client claims information. - - - -============================= ====================== -``KRB5_PAC_CLIENT_CLAIMS`` ``13`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CLIENT_INFO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CLIENT_INFO.rst.txt deleted file mode 100644 index 846e21d0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CLIENT_INFO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-CLIENT-INFO-data: - -KRB5_PAC_CLIENT_INFO -==================== - -.. -.. data:: KRB5_PAC_CLIENT_INFO -.. - -Client name and ticket info. - - - -=========================== ====================== -``KRB5_PAC_CLIENT_INFO`` ``10`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.rst.txt deleted file mode 100644 index ae454f0e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-CREDENTIALS-INFO-data: - -KRB5_PAC_CREDENTIALS_INFO -========================= - -.. -.. data:: KRB5_PAC_CREDENTIALS_INFO -.. - -Credentials information. - - - -================================ ====================== -``KRB5_PAC_CREDENTIALS_INFO`` ``2`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.rst.txt deleted file mode 100644 index 6c93933b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-DELEGATION-INFO-data: - -KRB5_PAC_DELEGATION_INFO -======================== - -.. -.. data:: KRB5_PAC_DELEGATION_INFO -.. - -Constrained delegation info. - - - -=============================== ====================== -``KRB5_PAC_DELEGATION_INFO`` ``11`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS.rst.txt deleted file mode 100644 index 36659dee..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-DEVICE-CLAIMS-data: - -KRB5_PAC_DEVICE_CLAIMS -====================== - -.. -.. data:: KRB5_PAC_DEVICE_CLAIMS -.. - -Device claims information. - - - -============================= ====================== -``KRB5_PAC_DEVICE_CLAIMS`` ``15`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DEVICE_INFO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DEVICE_INFO.rst.txt deleted file mode 100644 index d7e88127..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_DEVICE_INFO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-DEVICE-INFO-data: - -KRB5_PAC_DEVICE_INFO -==================== - -.. -.. data:: KRB5_PAC_DEVICE_INFO -.. - -Device information. - - - -=========================== ====================== -``KRB5_PAC_DEVICE_INFO`` ``14`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM.rst.txt deleted file mode 100644 index c9512888..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-FULL-CHECKSUM-data: - -KRB5_PAC_FULL_CHECKSUM -====================== - -.. -.. data:: KRB5_PAC_FULL_CHECKSUM -.. - -KDC full checksum. - - - -============================= ====================== -``KRB5_PAC_FULL_CHECKSUM`` ``19`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_LOGON_INFO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_LOGON_INFO.rst.txt deleted file mode 100644 index 83424eb4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_LOGON_INFO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-LOGON-INFO-data: - -KRB5_PAC_LOGON_INFO -=================== - -.. -.. data:: KRB5_PAC_LOGON_INFO -.. - -Logon information. - - - -========================== ====================== -``KRB5_PAC_LOGON_INFO`` ``1`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.rst.txt deleted file mode 100644 index 75e1e667..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-PRIVSVR-CHECKSUM-data: - -KRB5_PAC_PRIVSVR_CHECKSUM -========================= - -.. -.. data:: KRB5_PAC_PRIVSVR_CHECKSUM -.. - -KDC checksum. - - - -================================ ====================== -``KRB5_PAC_PRIVSVR_CHECKSUM`` ``7`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_REQUESTOR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_REQUESTOR.rst.txt deleted file mode 100644 index 4bffb7f0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_REQUESTOR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-REQUESTOR-data: - -KRB5_PAC_REQUESTOR -================== - -.. -.. data:: KRB5_PAC_REQUESTOR -.. - -PAC requestor SID. - - - -========================= ====================== -``KRB5_PAC_REQUESTOR`` ``18`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.rst.txt deleted file mode 100644 index 1f094041..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-SERVER-CHECKSUM-data: - -KRB5_PAC_SERVER_CHECKSUM -======================== - -.. -.. data:: KRB5_PAC_SERVER_CHECKSUM -.. - -Server checksum. - - - -=============================== ====================== -``KRB5_PAC_SERVER_CHECKSUM`` ``6`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM.rst.txt deleted file mode 100644 index 9ab24b14..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-TICKET-CHECKSUM-data: - -KRB5_PAC_TICKET_CHECKSUM -======================== - -.. -.. data:: KRB5_PAC_TICKET_CHECKSUM -.. - -Ticket checksum. - - - -=============================== ====================== -``KRB5_PAC_TICKET_CHECKSUM`` ``16`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.rst.txt deleted file mode 100644 index 08a5cbd1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PAC-UPN-DNS-INFO-data: - -KRB5_PAC_UPN_DNS_INFO -===================== - -.. -.. data:: KRB5_PAC_UPN_DNS_INFO -.. - -User principal name and DNS info. - - - -============================ ====================== -``KRB5_PAC_UPN_DNS_INFO`` ``12`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AFS3_SALT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AFS3_SALT.rst.txt deleted file mode 100644 index f2609c68..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AFS3_SALT.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-AFS3-SALT-data: - -KRB5_PADATA_AFS3_SALT -===================== - -.. -.. data:: KRB5_PADATA_AFS3_SALT -.. - -Cygnus. - -RFC 4120, 3961 - -============================ ====================== -``KRB5_PADATA_AFS3_SALT`` ``10`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AP_REQ.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AP_REQ.rst.txt deleted file mode 100644 index 32b4d2ff..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AP_REQ.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-AP-REQ-data: - -KRB5_PADATA_AP_REQ -================== - -.. -.. data:: KRB5_PADATA_AP_REQ -.. - - - - -========================= ====================== -``KRB5_PADATA_AP_REQ`` ``1`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.rst.txt deleted file mode 100644 index d0487a01..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-AS-CHECKSUM-data: - -KRB5_PADATA_AS_CHECKSUM -======================= - -.. -.. data:: KRB5_PADATA_AS_CHECKSUM -.. - -AS checksum. - - - -============================== ====================== -``KRB5_PADATA_AS_CHECKSUM`` ``132`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.rst.txt deleted file mode 100644 index 084b39db..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-AS-FRESHNESS-data: - -KRB5_PADATA_AS_FRESHNESS -======================== - -.. -.. data:: KRB5_PADATA_AS_FRESHNESS -.. - -RFC 8070. - - - -=============================== ====================== -``KRB5_PADATA_AS_FRESHNESS`` ``150`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.rst.txt deleted file mode 100644 index f0efc2e5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-ENCRYPTED-CHALLENGE-data: - -KRB5_PADATA_ENCRYPTED_CHALLENGE -=============================== - -.. -.. data:: KRB5_PADATA_ENCRYPTED_CHALLENGE -.. - -RFC 6113. - - - -====================================== ====================== -``KRB5_PADATA_ENCRYPTED_CHALLENGE`` ``138`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.rst.txt deleted file mode 100644 index 9aaec10e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-ENC-SANDIA-SECURID-data: - -KRB5_PADATA_ENC_SANDIA_SECURID -============================== - -.. -.. data:: KRB5_PADATA_ENC_SANDIA_SECURID -.. - -SecurId passcode. - -RFC 4120 - -===================================== ====================== -``KRB5_PADATA_ENC_SANDIA_SECURID`` ``6`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.rst.txt deleted file mode 100644 index d40145f1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-ENC-TIMESTAMP-data: - -KRB5_PADATA_ENC_TIMESTAMP -========================= - -.. -.. data:: KRB5_PADATA_ENC_TIMESTAMP -.. - -RFC 4120. - - - -================================ ====================== -``KRB5_PADATA_ENC_TIMESTAMP`` ``2`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.rst.txt deleted file mode 100644 index 755a84e9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-ENC-UNIX-TIME-data: - -KRB5_PADATA_ENC_UNIX_TIME -========================= - -.. -.. data:: KRB5_PADATA_ENC_UNIX_TIME -.. - -timestamp encrypted in key. - -RFC 4120 - -================================ ====================== -``KRB5_PADATA_ENC_UNIX_TIME`` ``5`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.rst.txt deleted file mode 100644 index 4341a526..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-ETYPE-INFO-data: - -KRB5_PADATA_ETYPE_INFO -====================== - -.. -.. data:: KRB5_PADATA_ETYPE_INFO -.. - -Etype info for preauth. - -RFC 4120 - -============================= ====================== -``KRB5_PADATA_ETYPE_INFO`` ``11`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.rst.txt deleted file mode 100644 index 3335112a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-ETYPE-INFO2-data: - -KRB5_PADATA_ETYPE_INFO2 -======================= - -.. -.. data:: KRB5_PADATA_ETYPE_INFO2 -.. - -RFC 4120. - - - -============================== ====================== -``KRB5_PADATA_ETYPE_INFO2`` ``19`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FOR_USER.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FOR_USER.rst.txt deleted file mode 100644 index cb914247..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FOR_USER.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-FOR-USER-data: - -KRB5_PADATA_FOR_USER -==================== - -.. -.. data:: KRB5_PADATA_FOR_USER -.. - -username protocol transition request - - - -=========================== ====================== -``KRB5_PADATA_FOR_USER`` ``129`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_COOKIE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_COOKIE.rst.txt deleted file mode 100644 index f8390741..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_COOKIE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-FX-COOKIE-data: - -KRB5_PADATA_FX_COOKIE -===================== - -.. -.. data:: KRB5_PADATA_FX_COOKIE -.. - -RFC 6113. - - - -============================ ====================== -``KRB5_PADATA_FX_COOKIE`` ``133`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_ERROR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_ERROR.rst.txt deleted file mode 100644 index 93cf047a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_ERROR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-FX-ERROR-data: - -KRB5_PADATA_FX_ERROR -==================== - -.. -.. data:: KRB5_PADATA_FX_ERROR -.. - -RFC 6113. - - - -=========================== ====================== -``KRB5_PADATA_FX_ERROR`` ``137`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_FAST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_FAST.rst.txt deleted file mode 100644 index 67ce1d8d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_FX_FAST.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-FX-FAST-data: - -KRB5_PADATA_FX_FAST -=================== - -.. -.. data:: KRB5_PADATA_FX_FAST -.. - -RFC 6113. - - - -========================== ====================== -``KRB5_PADATA_FX_FAST`` ``136`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.rst.txt deleted file mode 100644 index 75e7a866..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-GET-FROM-TYPED-DATA-data: - -KRB5_PADATA_GET_FROM_TYPED_DATA -=============================== - -.. -.. data:: KRB5_PADATA_GET_FROM_TYPED_DATA -.. - -Embedded in typed data. - -RFC 4120 - -====================================== ====================== -``KRB5_PADATA_GET_FROM_TYPED_DATA`` ``22`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_NONE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_NONE.rst.txt deleted file mode 100644 index f1c0d44e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_NONE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-NONE-data: - -KRB5_PADATA_NONE -================ - -.. -.. data:: KRB5_PADATA_NONE -.. - - - - -======================= ====================== -``KRB5_PADATA_NONE`` ``0`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OSF_DCE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OSF_DCE.rst.txt deleted file mode 100644 index 2f83465c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OSF_DCE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-OSF-DCE-data: - -KRB5_PADATA_OSF_DCE -=================== - -.. -.. data:: KRB5_PADATA_OSF_DCE -.. - -OSF DCE. - -RFC 4120 - -========================== ====================== -``KRB5_PADATA_OSF_DCE`` ``8`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.rst.txt deleted file mode 100644 index cfff48c6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-OTP-CHALLENGE-data: - -KRB5_PADATA_OTP_CHALLENGE -========================= - -.. -.. data:: KRB5_PADATA_OTP_CHALLENGE -.. - -RFC 6560 section 4.1. - - - -================================ ====================== -``KRB5_PADATA_OTP_CHALLENGE`` ``141`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.rst.txt deleted file mode 100644 index 35a4b163..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-OTP-PIN-CHANGE-data: - -KRB5_PADATA_OTP_PIN_CHANGE -========================== - -.. -.. data:: KRB5_PADATA_OTP_PIN_CHANGE -.. - -RFC 6560 section 4.3. - - - -================================= ====================== -``KRB5_PADATA_OTP_PIN_CHANGE`` ``144`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.rst.txt deleted file mode 100644 index 90ba56e1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-OTP-REQUEST-data: - -KRB5_PADATA_OTP_REQUEST -======================= - -.. -.. data:: KRB5_PADATA_OTP_REQUEST -.. - -RFC 6560 section 4.2. - - - -============================== ====================== -``KRB5_PADATA_OTP_REQUEST`` ``142`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.rst.txt deleted file mode 100644 index 46722ce6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-PAC-OPTIONS-data: - -KRB5_PADATA_PAC_OPTIONS -======================= - -.. -.. data:: KRB5_PADATA_PAC_OPTIONS -.. - -MS-KILE and MS-SFU. - - - -============================== ====================== -``KRB5_PADATA_PAC_OPTIONS`` ``167`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.rst.txt deleted file mode 100644 index 5147ce98..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-PAC-REQUEST-data: - -KRB5_PADATA_PAC_REQUEST -======================= - -.. -.. data:: KRB5_PADATA_PAC_REQUEST -.. - -include Windows PAC - - - -============================== ====================== -``KRB5_PADATA_PAC_REQUEST`` ``128`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PKINIT_KX.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PKINIT_KX.rst.txt deleted file mode 100644 index 71930745..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PKINIT_KX.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-PKINIT-KX-data: - -KRB5_PADATA_PKINIT_KX -===================== - -.. -.. data:: KRB5_PADATA_PKINIT_KX -.. - -RFC 6112. - - - -============================ ====================== -``KRB5_PADATA_PKINIT_KX`` ``147`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REP.rst.txt deleted file mode 100644 index 5d7be824..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REP.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-PK-AS-REP-data: - -KRB5_PADATA_PK_AS_REP -===================== - -.. -.. data:: KRB5_PADATA_PK_AS_REP -.. - -PKINIT. - -RFC 4556 - -============================ ====================== -``KRB5_PADATA_PK_AS_REP`` ``17`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.rst.txt deleted file mode 100644 index 1f782d2d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-PK-AS-REP-OLD-data: - -KRB5_PADATA_PK_AS_REP_OLD -========================= - -.. -.. data:: KRB5_PADATA_PK_AS_REP_OLD -.. - -PKINIT. - - - -================================ ====================== -``KRB5_PADATA_PK_AS_REP_OLD`` ``15`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.rst.txt deleted file mode 100644 index a291aa36..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-PK-AS-REQ-data: - -KRB5_PADATA_PK_AS_REQ -===================== - -.. -.. data:: KRB5_PADATA_PK_AS_REQ -.. - -PKINIT. - -RFC 4556 - -============================ ====================== -``KRB5_PADATA_PK_AS_REQ`` ``16`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.rst.txt deleted file mode 100644 index b3454c5f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-PK-AS-REQ-OLD-data: - -KRB5_PADATA_PK_AS_REQ_OLD -========================= - -.. -.. data:: KRB5_PADATA_PK_AS_REQ_OLD -.. - -PKINIT. - - - -================================ ====================== -``KRB5_PADATA_PK_AS_REQ_OLD`` ``14`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PW_SALT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PW_SALT.rst.txt deleted file mode 100644 index 9a006da7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_PW_SALT.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-PW-SALT-data: - -KRB5_PADATA_PW_SALT -=================== - -.. -.. data:: KRB5_PADATA_PW_SALT -.. - -RFC 4120. - - - -========================== ====================== -``KRB5_PADATA_PW_SALT`` ``3`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2.rst.txt deleted file mode 100644 index b88f7916..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-REDHAT-IDP-OAUTH2-data: - -KRB5_PADATA_REDHAT_IDP_OAUTH2 -============================= - -.. -.. data:: KRB5_PADATA_REDHAT_IDP_OAUTH2 -.. - -Red Hat IdP mechanism. - - - -==================================== ====================== -``KRB5_PADATA_REDHAT_IDP_OAUTH2`` ``152`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY.rst.txt deleted file mode 100644 index 76cb77b8..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-REDHAT-PASSKEY-data: - -KRB5_PADATA_REDHAT_PASSKEY -========================== - -.. -.. data:: KRB5_PADATA_REDHAT_PASSKEY -.. - -Red Hat Passkey mechanism. - - - -================================= ====================== -``KRB5_PADATA_REDHAT_PASSKEY`` ``153`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REFERRAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REFERRAL.rst.txt deleted file mode 100644 index eb2c571e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_REFERRAL.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-REFERRAL-data: - -KRB5_PADATA_REFERRAL -==================== - -.. -.. data:: KRB5_PADATA_REFERRAL -.. - -draft referral system - - - -=========================== ====================== -``KRB5_PADATA_REFERRAL`` ``25`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.rst.txt deleted file mode 100644 index 566ed4dc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-S4U-X509-USER-data: - -KRB5_PADATA_S4U_X509_USER -========================= - -.. -.. data:: KRB5_PADATA_S4U_X509_USER -.. - -certificate protocol transition request - - - -================================ ====================== -``KRB5_PADATA_S4U_X509_USER`` ``130`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.rst.txt deleted file mode 100644 index fd1dc607..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-SAM-CHALLENGE-data: - -KRB5_PADATA_SAM_CHALLENGE -========================= - -.. -.. data:: KRB5_PADATA_SAM_CHALLENGE -.. - -SAM/OTP. - - - -================================ ====================== -``KRB5_PADATA_SAM_CHALLENGE`` ``12`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.rst.txt deleted file mode 100644 index 9d77eb76..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-SAM-CHALLENGE-2-data: - -KRB5_PADATA_SAM_CHALLENGE_2 -=========================== - -.. -.. data:: KRB5_PADATA_SAM_CHALLENGE_2 -.. - -draft challenge system, updated - - - -================================== ====================== -``KRB5_PADATA_SAM_CHALLENGE_2`` ``30`` -================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.rst.txt deleted file mode 100644 index 93fbeac2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-SAM-REDIRECT-data: - -KRB5_PADATA_SAM_REDIRECT -======================== - -.. -.. data:: KRB5_PADATA_SAM_REDIRECT -.. - -SAM/OTP. - -RFC 4120 - -=============================== ====================== -``KRB5_PADATA_SAM_REDIRECT`` ``21`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.rst.txt deleted file mode 100644 index 14a18d48..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-SAM-RESPONSE-data: - -KRB5_PADATA_SAM_RESPONSE -======================== - -.. -.. data:: KRB5_PADATA_SAM_RESPONSE -.. - -SAM/OTP. - - - -=============================== ====================== -``KRB5_PADATA_SAM_RESPONSE`` ``13`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.rst.txt deleted file mode 100644 index 265c60b1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-SAM-RESPONSE-2-data: - -KRB5_PADATA_SAM_RESPONSE_2 -========================== - -.. -.. data:: KRB5_PADATA_SAM_RESPONSE_2 -.. - -draft challenge system, updated - - - -================================= ====================== -``KRB5_PADATA_SAM_RESPONSE_2`` ``31`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SESAME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SESAME.rst.txt deleted file mode 100644 index f653d8ea..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SESAME.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-SESAME-data: - -KRB5_PADATA_SESAME -================== - -.. -.. data:: KRB5_PADATA_SESAME -.. - -Sesame project. - -RFC 4120 - -========================= ====================== -``KRB5_PADATA_SESAME`` ``7`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SPAKE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SPAKE.rst.txt deleted file mode 100644 index 16887a6c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SPAKE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-SPAKE-data: - -KRB5_PADATA_SPAKE -================= - -.. -.. data:: KRB5_PADATA_SPAKE -.. - - - - -======================== ====================== -``KRB5_PADATA_SPAKE`` ``151`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.rst.txt deleted file mode 100644 index c3897c3d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-SVR-REFERRAL-INFO-data: - -KRB5_PADATA_SVR_REFERRAL_INFO -============================= - -.. -.. data:: KRB5_PADATA_SVR_REFERRAL_INFO -.. - -Windows 2000 referrals. - -RFC 6820 - -==================================== ====================== -``KRB5_PADATA_SVR_REFERRAL_INFO`` ``20`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_TGS_REQ.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_TGS_REQ.rst.txt deleted file mode 100644 index 75f5a26e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_TGS_REQ.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-TGS-REQ-data: - -KRB5_PADATA_TGS_REQ -=================== - -.. -.. data:: KRB5_PADATA_TGS_REQ -.. - - - - -========================== ====================== -``KRB5_PADATA_TGS_REQ`` ``KRB5_PADATA_AP_REQ`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.rst.txt deleted file mode 100644 index 159c3026..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PADATA-USE-SPECIFIED-KVNO-data: - -KRB5_PADATA_USE_SPECIFIED_KVNO -============================== - -.. -.. data:: KRB5_PADATA_USE_SPECIFIED_KVNO -.. - -RFC 4120. - - - -===================================== ====================== -``KRB5_PADATA_USE_SPECIFIED_KVNO`` ``20`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.rst.txt deleted file mode 100644 index 63c43ba7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-COMPARE-CASEFOLD-data: - -KRB5_PRINCIPAL_COMPARE_CASEFOLD -=============================== - -.. -.. data:: KRB5_PRINCIPAL_COMPARE_CASEFOLD -.. - -case-insensitive - - - -====================================== ====================== -``KRB5_PRINCIPAL_COMPARE_CASEFOLD`` ``4`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.rst.txt deleted file mode 100644 index 121f8264..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-COMPARE-ENTERPRISE-data: - -KRB5_PRINCIPAL_COMPARE_ENTERPRISE -================================= - -.. -.. data:: KRB5_PRINCIPAL_COMPARE_ENTERPRISE -.. - -UPNs as real principals. - - - -======================================== ====================== -``KRB5_PRINCIPAL_COMPARE_ENTERPRISE`` ``2`` -======================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.rst.txt deleted file mode 100644 index fdbe0dd9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-COMPARE-IGNORE-REALM-data: - -KRB5_PRINCIPAL_COMPARE_IGNORE_REALM -=================================== - -.. -.. data:: KRB5_PRINCIPAL_COMPARE_IGNORE_REALM -.. - -ignore realm component - - - -========================================== ====================== -``KRB5_PRINCIPAL_COMPARE_IGNORE_REALM`` ``1`` -========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.rst.txt deleted file mode 100644 index 9e0f76bc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-COMPARE-UTF8-data: - -KRB5_PRINCIPAL_COMPARE_UTF8 -=========================== - -.. -.. data:: KRB5_PRINCIPAL_COMPARE_UTF8 -.. - -treat principals as UTF-8 - - - -================================== ====================== -``KRB5_PRINCIPAL_COMPARE_UTF8`` ``8`` -================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.rst.txt deleted file mode 100644 index 5b5df427..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-PARSE-ENTERPRISE-data: - -KRB5_PRINCIPAL_PARSE_ENTERPRISE -=============================== - -.. -.. data:: KRB5_PRINCIPAL_PARSE_ENTERPRISE -.. - -Create single-component enterprise principle. - - - -====================================== ====================== -``KRB5_PRINCIPAL_PARSE_ENTERPRISE`` ``0x4`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.rst.txt deleted file mode 100644 index 786cfce6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-PARSE-IGNORE-REALM-data: - -KRB5_PRINCIPAL_PARSE_IGNORE_REALM -================================= - -.. -.. data:: KRB5_PRINCIPAL_PARSE_IGNORE_REALM -.. - -Ignore realm if present. - - - -======================================== ====================== -``KRB5_PRINCIPAL_PARSE_IGNORE_REALM`` ``0x8`` -======================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.rst.txt deleted file mode 100644 index c07956ce..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-PARSE-NO-DEF-REALM-data: - -KRB5_PRINCIPAL_PARSE_NO_DEF_REALM -================================= - -.. -.. data:: KRB5_PRINCIPAL_PARSE_NO_DEF_REALM -.. - -Don't add default realm. - - - -======================================== ====================== -``KRB5_PRINCIPAL_PARSE_NO_DEF_REALM`` ``0x10`` -======================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.rst.txt deleted file mode 100644 index 6d241738..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-PARSE-NO-REALM-data: - -KRB5_PRINCIPAL_PARSE_NO_REALM -============================= - -.. -.. data:: KRB5_PRINCIPAL_PARSE_NO_REALM -.. - -Error if realm is present. - - - -==================================== ====================== -``KRB5_PRINCIPAL_PARSE_NO_REALM`` ``0x1`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.rst.txt deleted file mode 100644 index ec3c4248..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-PARSE-REQUIRE-REALM-data: - -KRB5_PRINCIPAL_PARSE_REQUIRE_REALM -================================== - -.. -.. data:: KRB5_PRINCIPAL_PARSE_REQUIRE_REALM -.. - -Error if realm is not present. - - - -========================================= ====================== -``KRB5_PRINCIPAL_PARSE_REQUIRE_REALM`` ``0x2`` -========================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.rst.txt deleted file mode 100644 index 2a648a23..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-UNPARSE-DISPLAY-data: - -KRB5_PRINCIPAL_UNPARSE_DISPLAY -============================== - -.. -.. data:: KRB5_PRINCIPAL_UNPARSE_DISPLAY -.. - -Don't escape special characters. - - - -===================================== ====================== -``KRB5_PRINCIPAL_UNPARSE_DISPLAY`` ``0x4`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.rst.txt deleted file mode 100644 index 277b53ef..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-UNPARSE-NO-REALM-data: - -KRB5_PRINCIPAL_UNPARSE_NO_REALM -=============================== - -.. -.. data:: KRB5_PRINCIPAL_UNPARSE_NO_REALM -.. - -Omit realm always. - - - -====================================== ====================== -``KRB5_PRINCIPAL_UNPARSE_NO_REALM`` ``0x2`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.rst.txt deleted file mode 100644 index 08aeb625..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRINCIPAL-UNPARSE-SHORT-data: - -KRB5_PRINCIPAL_UNPARSE_SHORT -============================ - -.. -.. data:: KRB5_PRINCIPAL_UNPARSE_SHORT -.. - -Omit realm if it is the local realm. - - - -=================================== ====================== -``KRB5_PRINCIPAL_UNPARSE_SHORT`` ``0x1`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRIV.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRIV.rst.txt deleted file mode 100644 index a55392c0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PRIV.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PRIV-data: - -KRB5_PRIV -========= - -.. -.. data:: KRB5_PRIV -.. - -Private application message. - - - -================ ====================== -``KRB5_PRIV`` ``((krb5_msgtype)21)`` -================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.rst.txt deleted file mode 100644 index 6af358ff..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PROMPT-TYPE-NEW-PASSWORD-data: - -KRB5_PROMPT_TYPE_NEW_PASSWORD -============================= - -.. -.. data:: KRB5_PROMPT_TYPE_NEW_PASSWORD -.. - -Prompt for new password (during password change) - - - -==================================== ====================== -``KRB5_PROMPT_TYPE_NEW_PASSWORD`` ``0x2`` -==================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.rst.txt deleted file mode 100644 index bd9e9233..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PROMPT-TYPE-NEW-PASSWORD-AGAIN-data: - -KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN -=================================== - -.. -.. data:: KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN -.. - -Prompt for new password again. - - - -========================================== ====================== -``KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN`` ``0x3`` -========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.rst.txt deleted file mode 100644 index 135a5652..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PROMPT-TYPE-PASSWORD-data: - -KRB5_PROMPT_TYPE_PASSWORD -========================= - -.. -.. data:: KRB5_PROMPT_TYPE_PASSWORD -.. - -Prompt for password. - - - -================================ ====================== -``KRB5_PROMPT_TYPE_PASSWORD`` ``0x1`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.rst.txt deleted file mode 100644 index 11b64feb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PROMPT-TYPE-PREAUTH-data: - -KRB5_PROMPT_TYPE_PREAUTH -======================== - -.. -.. data:: KRB5_PROMPT_TYPE_PREAUTH -.. - -Prompt for preauthentication data (such as an OTP value) - - - -=============================== ====================== -``KRB5_PROMPT_TYPE_PREAUTH`` ``0x4`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PVNO.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PVNO.rst.txt deleted file mode 100644 index 7bdda5d9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_PVNO.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-PVNO-data: - -KRB5_PVNO -========= - -.. -.. data:: KRB5_PVNO -.. - -Protocol version number. - - - -================ ====================== -``KRB5_PVNO`` ``5`` -================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.rst.txt deleted file mode 100644 index 96c3e58f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-REALM-BRANCH-CHAR-data: - -KRB5_REALM_BRANCH_CHAR -====================== - -.. -.. data:: KRB5_REALM_BRANCH_CHAR -.. - - - - -============================= ====================== -``KRB5_REALM_BRANCH_CHAR`` ``'.'`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.rst.txt deleted file mode 100644 index c7666441..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-RECVAUTH-BADAUTHVERS-data: - -KRB5_RECVAUTH_BADAUTHVERS -========================= - -.. -.. data:: KRB5_RECVAUTH_BADAUTHVERS -.. - - - - -================================ ====================== -``KRB5_RECVAUTH_BADAUTHVERS`` ``0x0002`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.rst.txt deleted file mode 100644 index 63fd124d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-RECVAUTH-SKIP-VERSION-data: - -KRB5_RECVAUTH_SKIP_VERSION -========================== - -.. -.. data:: KRB5_RECVAUTH_SKIP_VERSION -.. - - - - -================================= ====================== -``KRB5_RECVAUTH_SKIP_VERSION`` ``0x0001`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_REFERRAL_REALM.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_REFERRAL_REALM.rst.txt deleted file mode 100644 index f5a65b1e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_REFERRAL_REALM.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-REFERRAL-REALM-data: - -KRB5_REFERRAL_REALM -=================== - -.. -.. data:: KRB5_REFERRAL_REALM -.. - -Constant for realm referrals. - - - -========================== ====================== -``KRB5_REFERRAL_REALM`` ``""`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.rst.txt deleted file mode 100644 index 413b6349..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-OTP-FLAGS-COLLECT-PIN-data: - -KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN -==================================== - -.. -.. data:: KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN -.. - -This flag indicates that the PIN value MUST be collected. - - - -=========================================== ====================== -``KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN`` ``0x0002`` -=========================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.rst.txt deleted file mode 100644 index 1a78999f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-OTP-FLAGS-COLLECT-TOKEN-data: - -KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN -====================================== - -.. -.. data:: KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN -.. - -This flag indicates that the token value MUST be collected. - - - -============================================= ====================== -``KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN`` ``0x0001`` -============================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.rst.txt deleted file mode 100644 index 26e230a0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-OTP-FLAGS-NEXTOTP-data: - -KRB5_RESPONDER_OTP_FLAGS_NEXTOTP -================================ - -.. -.. data:: KRB5_RESPONDER_OTP_FLAGS_NEXTOTP -.. - -This flag indicates that the token is now in re-synchronization mode with the server. - -The user is expected to reply with the next code displayed on the token. - -======================================= ====================== -``KRB5_RESPONDER_OTP_FLAGS_NEXTOTP`` ``0x0004`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.rst.txt deleted file mode 100644 index ddd3d488..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-OTP-FLAGS-SEPARATE-PIN-data: - -KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN -===================================== - -.. -.. data:: KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN -.. - -This flag indicates that the PIN MUST be returned as a separate item. - -This flag only takes effect if KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN is set. If this flag is not set, the responder may either concatenate PIN + token value and store it as "value" in the answer or it may return them separately. If they are returned separately, they will be concatenated internally. - -============================================ ====================== -``KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN`` ``0x0008`` -============================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.rst.txt deleted file mode 100644 index 96beff5f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-OTP-FORMAT-ALPHANUMERIC-data: - -KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC -====================================== - -.. -.. data:: KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC -.. - - - - -============================================= ====================== -``KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC`` ``2`` -============================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.rst.txt deleted file mode 100644 index 11544558..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-OTP-FORMAT-DECIMAL-data: - -KRB5_RESPONDER_OTP_FORMAT_DECIMAL -================================= - -.. -.. data:: KRB5_RESPONDER_OTP_FORMAT_DECIMAL -.. - -These format constants identify the format of the token value. - - - -======================================== ====================== -``KRB5_RESPONDER_OTP_FORMAT_DECIMAL`` ``0`` -======================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.rst.txt deleted file mode 100644 index 77ecfb11..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-OTP-FORMAT-HEXADECIMAL-data: - -KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL -===================================== - -.. -.. data:: KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL -.. - - - - -============================================ ====================== -``KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL`` ``1`` -============================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.rst.txt deleted file mode 100644 index 99aa5478..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-PKINIT-FLAGS-TOKEN-USER-PIN-COUNT-LOW-data: - -KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW -==================================================== - -.. -.. data:: KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW -.. - -This flag indicates that an incorrect PIN was supplied at least once since the last time the correct PIN was supplied. - - - -=========================================================== ====================== -``KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW`` ``(1 << 0)`` -=========================================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.rst.txt deleted file mode 100644 index ecf2ca0d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-PKINIT-FLAGS-TOKEN-USER-PIN-FINAL-TRY-data: - -KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY -==================================================== - -.. -.. data:: KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY -.. - -This flag indicates that supplying an incorrect PIN will cause the token to lock itself. - - - -=========================================================== ====================== -``KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY`` ``(1 << 1)`` -=========================================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.rst.txt deleted file mode 100644 index 3974c52f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-PKINIT-FLAGS-TOKEN-USER-PIN-LOCKED-data: - -KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED -================================================= - -.. -.. data:: KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED -.. - -This flag indicates that the user PIN is locked, and you can't log in to the token with it. - - - -======================================================== ====================== -``KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED`` ``(1 << 2)`` -======================================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.rst.txt deleted file mode 100644 index 47ad1732..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.rst.txt +++ /dev/null @@ -1,47 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-QUESTION-OTP-data: - -KRB5_RESPONDER_QUESTION_OTP -=========================== - -.. -.. data:: KRB5_RESPONDER_QUESTION_OTP -.. - -OTP responder question. - -The OTP responder question is asked when the KDC indicates that an OTP value is required in order to complete the authentication. The JSON format of the challenge is: -:: - - { - "service": , - "tokenInfo": [ - { - "flags": , - "vendor": , - "challenge": , - "length": , - "format": , - "tokenID": , - "algID": , - }, - ... - ] - } - -The answer to the question MUST be JSON formatted: -:: - - { - "tokeninfo": , - "value": , - "pin": , - } - -For more detail, please see RFC 6560. - - -================================== ====================== -``KRB5_RESPONDER_QUESTION_OTP`` ``"otp"`` -================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.rst.txt deleted file mode 100644 index 057eac4a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.rst.txt +++ /dev/null @@ -1,19 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-QUESTION-PASSWORD-data: - -KRB5_RESPONDER_QUESTION_PASSWORD -================================ - -.. -.. data:: KRB5_RESPONDER_QUESTION_PASSWORD -.. - -Long-term password responder question. - -This question is asked when the long-term password is needed. It has no challenge and the response is simply the password string. - - -======================================= ====================== -``KRB5_RESPONDER_QUESTION_PASSWORD`` ``"password"`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.rst.txt deleted file mode 100644 index 0fb11c73..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.rst.txt +++ /dev/null @@ -1,34 +0,0 @@ -.. highlight:: c - -.. _KRB5-RESPONDER-QUESTION-PKINIT-data: - -KRB5_RESPONDER_QUESTION_PKINIT -============================== - -.. -.. data:: KRB5_RESPONDER_QUESTION_PKINIT -.. - -PKINIT responder question. - -The PKINIT responder question is asked when the client needs a password that's being used to protect key information, and is formatted as a JSON object. A specific identity's flags value, if not zero, is the bitwise-OR of one or more of the KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_* flags defined below, and possibly other flags to be added later. Any resemblance to similarly-named CKF_* values in the PKCS#11 API should not be depended on. -:: - - { - identity : flags , - ... - } - -The answer to the question MUST be JSON formatted: -:: - - { - identity : password , - ... - } - - - -===================================== ====================== -``KRB5_RESPONDER_QUESTION_PKINIT`` ``"pkinit"`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAFE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAFE.rst.txt deleted file mode 100644 index 4210e4f4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAFE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-SAFE-data: - -KRB5_SAFE -========= - -.. -.. data:: KRB5_SAFE -.. - -Safe application message. - - - -================ ====================== -``KRB5_SAFE`` ``((krb5_msgtype)20)`` -================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.rst.txt deleted file mode 100644 index e8c8c570..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-SAM-MUST-PK-ENCRYPT-SAD-data: - -KRB5_SAM_MUST_PK_ENCRYPT_SAD -============================ - -.. -.. data:: KRB5_SAM_MUST_PK_ENCRYPT_SAD -.. - -currently must be zero - - - -=================================== ====================== -``KRB5_SAM_MUST_PK_ENCRYPT_SAD`` ``0x20000000`` -=================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.rst.txt deleted file mode 100644 index fcd56bea..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-SAM-SEND-ENCRYPTED-SAD-data: - -KRB5_SAM_SEND_ENCRYPTED_SAD -=========================== - -.. -.. data:: KRB5_SAM_SEND_ENCRYPTED_SAD -.. - - - - -================================== ====================== -``KRB5_SAM_SEND_ENCRYPTED_SAD`` ``0x40000000`` -================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.rst.txt deleted file mode 100644 index beae65cd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-SAM-USE-SAD-AS-KEY-data: - -KRB5_SAM_USE_SAD_AS_KEY -======================= - -.. -.. data:: KRB5_SAM_USE_SAD_AS_KEY -.. - - - - -============================== ====================== -``KRB5_SAM_USE_SAD_AS_KEY`` ``0x80000000`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.rst.txt deleted file mode 100644 index fb5e39b9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-MATCH-2ND-TKT-data: - -KRB5_TC_MATCH_2ND_TKT -===================== - -.. -.. data:: KRB5_TC_MATCH_2ND_TKT -.. - -The second ticket must match. - - - -============================ ====================== -``KRB5_TC_MATCH_2ND_TKT`` ``0x00000080`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.rst.txt deleted file mode 100644 index d78b8487..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-MATCH-AUTHDATA-data: - -KRB5_TC_MATCH_AUTHDATA -====================== - -.. -.. data:: KRB5_TC_MATCH_AUTHDATA -.. - -The authorization data must match. - - - -============================= ====================== -``KRB5_TC_MATCH_AUTHDATA`` ``0x00000020`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_FLAGS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_FLAGS.rst.txt deleted file mode 100644 index 0fac98fc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_FLAGS.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-MATCH-FLAGS-data: - -KRB5_TC_MATCH_FLAGS -=================== - -.. -.. data:: KRB5_TC_MATCH_FLAGS -.. - -All the flags set in the match credentials must be set. - - - -========================== ====================== -``KRB5_TC_MATCH_FLAGS`` ``0x00000004`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.rst.txt deleted file mode 100644 index 9e3480ab..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-MATCH-FLAGS-EXACT-data: - -KRB5_TC_MATCH_FLAGS_EXACT -========================= - -.. -.. data:: KRB5_TC_MATCH_FLAGS_EXACT -.. - -All the flags must match exactly. - - - -================================ ====================== -``KRB5_TC_MATCH_FLAGS_EXACT`` ``0x00000010`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.rst.txt deleted file mode 100644 index 98799934..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-MATCH-IS-SKEY-data: - -KRB5_TC_MATCH_IS_SKEY -===================== - -.. -.. data:: KRB5_TC_MATCH_IS_SKEY -.. - -The is_skey field must match exactly. - - - -============================ ====================== -``KRB5_TC_MATCH_IS_SKEY`` ``0x00000002`` -============================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_KTYPE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_KTYPE.rst.txt deleted file mode 100644 index e5bf18c4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_KTYPE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-MATCH-KTYPE-data: - -KRB5_TC_MATCH_KTYPE -=================== - -.. -.. data:: KRB5_TC_MATCH_KTYPE -.. - -The encryption key type must match. - - - -========================== ====================== -``KRB5_TC_MATCH_KTYPE`` ``0x00000100`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.rst.txt deleted file mode 100644 index ca79db32..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-MATCH-SRV-NAMEONLY-data: - -KRB5_TC_MATCH_SRV_NAMEONLY -========================== - -.. -.. data:: KRB5_TC_MATCH_SRV_NAMEONLY -.. - -Only the name portion of the principal name must match. - - - -================================= ====================== -``KRB5_TC_MATCH_SRV_NAMEONLY`` ``0x00000040`` -================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_TIMES.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_TIMES.rst.txt deleted file mode 100644 index 628ee32e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_TIMES.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-MATCH-TIMES-data: - -KRB5_TC_MATCH_TIMES -=================== - -.. -.. data:: KRB5_TC_MATCH_TIMES -.. - -The requested lifetime must be at least as great as the time specified. - - - -========================== ====================== -``KRB5_TC_MATCH_TIMES`` ``0x00000001`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.rst.txt deleted file mode 100644 index 9d0ffce6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-MATCH-TIMES-EXACT-data: - -KRB5_TC_MATCH_TIMES_EXACT -========================= - -.. -.. data:: KRB5_TC_MATCH_TIMES_EXACT -.. - -All the time fields must match exactly. - - - -================================ ====================== -``KRB5_TC_MATCH_TIMES_EXACT`` ``0x00000008`` -================================ ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_NOTICKET.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_NOTICKET.rst.txt deleted file mode 100644 index 76e9a01f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_NOTICKET.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-NOTICKET-data: - -KRB5_TC_NOTICKET -================ - -.. -.. data:: KRB5_TC_NOTICKET -.. - - - - -======================= ====================== -``KRB5_TC_NOTICKET`` ``0x00000002`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_OPENCLOSE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_OPENCLOSE.rst.txt deleted file mode 100644 index 83d94560..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_OPENCLOSE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-OPENCLOSE-data: - -KRB5_TC_OPENCLOSE -================= - -.. -.. data:: KRB5_TC_OPENCLOSE -.. - -Open and close the file for each cache operation. - - - -======================== ====================== -``KRB5_TC_OPENCLOSE`` ``0x00000001`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.rst.txt deleted file mode 100644 index ecd20381..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TC-SUPPORTED-KTYPES-data: - -KRB5_TC_SUPPORTED_KTYPES -======================== - -.. -.. data:: KRB5_TC_SUPPORTED_KTYPES -.. - -The supported key types must match. - - - -=============================== ====================== -``KRB5_TC_SUPPORTED_KTYPES`` ``0x00000200`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_NAME.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_NAME.rst.txt deleted file mode 100644 index 32b22b00..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_NAME.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-TGS-NAME-data: - -KRB5_TGS_NAME -============= - -.. -.. data:: KRB5_TGS_NAME -.. - - - - -==================== ====================== -``KRB5_TGS_NAME`` ``"krbtgt"`` -==================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_NAME_SIZE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_NAME_SIZE.rst.txt deleted file mode 100644 index 71adc91d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_NAME_SIZE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-TGS-NAME-SIZE-data: - -KRB5_TGS_NAME_SIZE -================== - -.. -.. data:: KRB5_TGS_NAME_SIZE -.. - - - - -========================= ====================== -``KRB5_TGS_NAME_SIZE`` ``6`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_REP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_REP.rst.txt deleted file mode 100644 index f3dbfe87..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_REP.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TGS-REP-data: - -KRB5_TGS_REP -============ - -.. -.. data:: KRB5_TGS_REP -.. - -Response to TGS request. - - - -=================== ====================== -``KRB5_TGS_REP`` ``((krb5_msgtype)13)`` -=================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_REQ.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_REQ.rst.txt deleted file mode 100644 index 1b574227..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TGS_REQ.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TGS-REQ-data: - -KRB5_TGS_REQ -============ - -.. -.. data:: KRB5_TGS_REQ -.. - -Ticket granting server request. - - - -=================== ====================== -``KRB5_TGS_REQ`` ``((krb5_msgtype)12)`` -=================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.rst.txt deleted file mode 100644 index fa01e45c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-TKT-CREDS-STEP-FLAG-CONTINUE-data: - -KRB5_TKT_CREDS_STEP_FLAG_CONTINUE -================================= - -.. -.. data:: KRB5_TKT_CREDS_STEP_FLAG_CONTINUE -.. - -More responses needed. - - - -======================================== ====================== -``KRB5_TKT_CREDS_STEP_FLAG_CONTINUE`` ``0x1`` -======================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.rst.txt deleted file mode 100644 index 1925137f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _KRB5-VERIFY-INIT-CREDS-OPT-AP-REQ-NOFAIL-data: - -KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL -======================================== - -.. -.. data:: KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL -.. - - - - -=============================================== ====================== -``KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL`` ``0x0001`` -=============================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.rst.txt deleted file mode 100644 index 6c24427e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _KRB5-WELLKNOWN-NAMESTR-data: - -KRB5_WELLKNOWN_NAMESTR -====================== - -.. -.. data:: KRB5_WELLKNOWN_NAMESTR -.. - -First component of NT_WELLKNOWN principals. - - - -============================= ====================== -``KRB5_WELLKNOWN_NAMESTR`` ``"WELLKNOWN"`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.rst.txt deleted file mode 100644 index 47513d56..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _LR-TYPE-INTERPRETATION-MASK-data: - -LR_TYPE_INTERPRETATION_MASK -=========================== - -.. -.. data:: LR_TYPE_INTERPRETATION_MASK -.. - - - - -================================== ====================== -``LR_TYPE_INTERPRETATION_MASK`` ``0x7fff`` -================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.rst.txt deleted file mode 100644 index 4db68f9a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _LR-TYPE-THIS-SERVER-ONLY-data: - -LR_TYPE_THIS_SERVER_ONLY -======================== - -.. -.. data:: LR_TYPE_THIS_SERVER_ONLY -.. - - - - -=============================== ====================== -``LR_TYPE_THIS_SERVER_ONLY`` ``0x8000`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MAX_KEYTAB_NAME_LEN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MAX_KEYTAB_NAME_LEN.rst.txt deleted file mode 100644 index ae0e1e2a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MAX_KEYTAB_NAME_LEN.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -.. highlight:: c - -.. _MAX-KEYTAB-NAME-LEN-data: - -MAX_KEYTAB_NAME_LEN -=================== - -.. -.. data:: MAX_KEYTAB_NAME_LEN -.. - -Long enough for MAXPATHLEN + some extra. - - - -========================== ====================== -``MAX_KEYTAB_NAME_LEN`` ``1100`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MSEC_DIRBIT.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MSEC_DIRBIT.rst.txt deleted file mode 100644 index e2686b0a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MSEC_DIRBIT.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _MSEC-DIRBIT-data: - -MSEC_DIRBIT -=========== - -.. -.. data:: MSEC_DIRBIT -.. - - - - -================== ====================== -``MSEC_DIRBIT`` ``0x8000`` -================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MSEC_VAL_MASK.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MSEC_VAL_MASK.rst.txt deleted file mode 100644 index 23905a4e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/MSEC_VAL_MASK.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _MSEC-VAL-MASK-data: - -MSEC_VAL_MASK -============= - -.. -.. data:: MSEC_VAL_MASK -.. - - - - -==================== ====================== -``MSEC_VAL_MASK`` ``0x7fff`` -==================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/SALT_TYPE_AFS_LENGTH.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/SALT_TYPE_AFS_LENGTH.rst.txt deleted file mode 100644 index 235b81f2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/SALT_TYPE_AFS_LENGTH.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _SALT-TYPE-AFS-LENGTH-data: - -SALT_TYPE_AFS_LENGTH -==================== - -.. -.. data:: SALT_TYPE_AFS_LENGTH -.. - - - - -=========================== ====================== -``SALT_TYPE_AFS_LENGTH`` ``UINT_MAX`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/SALT_TYPE_NO_LENGTH.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/SALT_TYPE_NO_LENGTH.rst.txt deleted file mode 100644 index 7cf62df5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/SALT_TYPE_NO_LENGTH.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _SALT-TYPE-NO-LENGTH-data: - -SALT_TYPE_NO_LENGTH -=================== - -.. -.. data:: SALT_TYPE_NO_LENGTH -.. - - - - -========================== ====================== -``SALT_TYPE_NO_LENGTH`` ``UINT_MAX`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/THREEPARAMOPEN.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/THREEPARAMOPEN.rst.txt deleted file mode 100644 index e61eb0ad..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/THREEPARAMOPEN.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _THREEPARAMOPEN-data: - -THREEPARAMOPEN -============== - -.. -.. data:: THREEPARAMOPEN -.. - - - - -============================== ====================== -``THREEPARAMOPEN (x, y, z)`` ``open(x,y,z)`` -============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_ANONYMOUS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_ANONYMOUS.rst.txt deleted file mode 100644 index 696ca809..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_ANONYMOUS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-ANONYMOUS-data: - -TKT_FLG_ANONYMOUS -================= - -.. -.. data:: TKT_FLG_ANONYMOUS -.. - - - - -======================== ====================== -``TKT_FLG_ANONYMOUS`` ``0x00008000`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_ENC_PA_REP.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_ENC_PA_REP.rst.txt deleted file mode 100644 index b575553e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_ENC_PA_REP.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-ENC-PA-REP-data: - -TKT_FLG_ENC_PA_REP -================== - -.. -.. data:: TKT_FLG_ENC_PA_REP -.. - - - - -========================= ====================== -``TKT_FLG_ENC_PA_REP`` ``0x00010000`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_FORWARDABLE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_FORWARDABLE.rst.txt deleted file mode 100644 index ede984cb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_FORWARDABLE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-FORWARDABLE-data: - -TKT_FLG_FORWARDABLE -=================== - -.. -.. data:: TKT_FLG_FORWARDABLE -.. - - - - -========================== ====================== -``TKT_FLG_FORWARDABLE`` ``0x40000000`` -========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_FORWARDED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_FORWARDED.rst.txt deleted file mode 100644 index 0f3d490d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_FORWARDED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-FORWARDED-data: - -TKT_FLG_FORWARDED -================= - -.. -.. data:: TKT_FLG_FORWARDED -.. - - - - -======================== ====================== -``TKT_FLG_FORWARDED`` ``0x20000000`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_HW_AUTH.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_HW_AUTH.rst.txt deleted file mode 100644 index 30baa34e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_HW_AUTH.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-HW-AUTH-data: - -TKT_FLG_HW_AUTH -=============== - -.. -.. data:: TKT_FLG_HW_AUTH -.. - - - - -====================== ====================== -``TKT_FLG_HW_AUTH`` ``0x00100000`` -====================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_INITIAL.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_INITIAL.rst.txt deleted file mode 100644 index 6e3d8c31..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_INITIAL.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-INITIAL-data: - -TKT_FLG_INITIAL -=============== - -.. -.. data:: TKT_FLG_INITIAL -.. - - - - -====================== ====================== -``TKT_FLG_INITIAL`` ``0x00400000`` -====================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_INVALID.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_INVALID.rst.txt deleted file mode 100644 index 8d4465bb..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_INVALID.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-INVALID-data: - -TKT_FLG_INVALID -=============== - -.. -.. data:: TKT_FLG_INVALID -.. - - - - -====================== ====================== -``TKT_FLG_INVALID`` ``0x01000000`` -====================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_MAY_POSTDATE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_MAY_POSTDATE.rst.txt deleted file mode 100644 index 935d05e7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_MAY_POSTDATE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-MAY-POSTDATE-data: - -TKT_FLG_MAY_POSTDATE -==================== - -.. -.. data:: TKT_FLG_MAY_POSTDATE -.. - - - - -=========================== ====================== -``TKT_FLG_MAY_POSTDATE`` ``0x04000000`` -=========================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.rst.txt deleted file mode 100644 index bee1deb2..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-OK-AS-DELEGATE-data: - -TKT_FLG_OK_AS_DELEGATE -====================== - -.. -.. data:: TKT_FLG_OK_AS_DELEGATE -.. - - - - -============================= ====================== -``TKT_FLG_OK_AS_DELEGATE`` ``0x00040000`` -============================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_POSTDATED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_POSTDATED.rst.txt deleted file mode 100644 index 46a5cf67..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_POSTDATED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-POSTDATED-data: - -TKT_FLG_POSTDATED -================= - -.. -.. data:: TKT_FLG_POSTDATED -.. - - - - -======================== ====================== -``TKT_FLG_POSTDATED`` ``0x02000000`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PRE_AUTH.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PRE_AUTH.rst.txt deleted file mode 100644 index 69735bd1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PRE_AUTH.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-PRE-AUTH-data: - -TKT_FLG_PRE_AUTH -================ - -.. -.. data:: TKT_FLG_PRE_AUTH -.. - - - - -======================= ====================== -``TKT_FLG_PRE_AUTH`` ``0x00200000`` -======================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PROXIABLE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PROXIABLE.rst.txt deleted file mode 100644 index c73a62d6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PROXIABLE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-PROXIABLE-data: - -TKT_FLG_PROXIABLE -================= - -.. -.. data:: TKT_FLG_PROXIABLE -.. - - - - -======================== ====================== -``TKT_FLG_PROXIABLE`` ``0x10000000`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PROXY.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PROXY.rst.txt deleted file mode 100644 index b749830e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_PROXY.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-PROXY-data: - -TKT_FLG_PROXY -============= - -.. -.. data:: TKT_FLG_PROXY -.. - - - - -==================== ====================== -``TKT_FLG_PROXY`` ``0x08000000`` -==================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_RENEWABLE.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_RENEWABLE.rst.txt deleted file mode 100644 index 5d87dc97..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_RENEWABLE.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-RENEWABLE-data: - -TKT_FLG_RENEWABLE -================= - -.. -.. data:: TKT_FLG_RENEWABLE -.. - - - - -======================== ====================== -``TKT_FLG_RENEWABLE`` ``0x00800000`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.rst.txt deleted file mode 100644 index 082a1f09..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _TKT-FLG-TRANSIT-POLICY-CHECKED-data: - -TKT_FLG_TRANSIT_POLICY_CHECKED -============================== - -.. -.. data:: TKT_FLG_TRANSIT_POLICY_CHECKED -.. - - - - -===================================== ====================== -``TKT_FLG_TRANSIT_POLICY_CHECKED`` ``0x00080000`` -===================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/VALID_INT_BITS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/VALID_INT_BITS.rst.txt deleted file mode 100644 index 0267d421..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/VALID_INT_BITS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _VALID-INT-BITS-data: - -VALID_INT_BITS -============== - -.. -.. data:: VALID_INT_BITS -.. - - - - -===================== ====================== -``VALID_INT_BITS`` ``INT_MAX`` -===================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/VALID_UINT_BITS.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/VALID_UINT_BITS.rst.txt deleted file mode 100644 index efba9a80..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/VALID_UINT_BITS.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _VALID-UINT-BITS-data: - -VALID_UINT_BITS -=============== - -.. -.. data:: VALID_UINT_BITS -.. - - - - -====================== ====================== -``VALID_UINT_BITS`` ``UINT_MAX`` -====================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/index.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/index.rst.txt deleted file mode 100644 index 45fe160d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/index.rst.txt +++ /dev/null @@ -1,397 +0,0 @@ -krb5 simple macros -========================= - -Public -------- - -.. toctree:: - :maxdepth: 1 - - ADDRTYPE_ADDRPORT.rst - ADDRTYPE_CHAOS.rst - ADDRTYPE_DDP.rst - ADDRTYPE_INET.rst - ADDRTYPE_INET6.rst - ADDRTYPE_IPPORT.rst - ADDRTYPE_ISO.rst - ADDRTYPE_IS_LOCAL.rst - ADDRTYPE_NETBIOS.rst - ADDRTYPE_XNS.rst - AD_TYPE_EXTERNAL.rst - AD_TYPE_FIELD_TYPE_MASK.rst - AD_TYPE_REGISTERED.rst - AD_TYPE_RESERVED.rst - AP_OPTS_ETYPE_NEGOTIATION.rst - AP_OPTS_MUTUAL_REQUIRED.rst - AP_OPTS_RESERVED.rst - AP_OPTS_USE_SESSION_KEY.rst - AP_OPTS_USE_SUBKEY.rst - AP_OPTS_WIRE_MASK.rst - CKSUMTYPE_CMAC_CAMELLIA128.rst - CKSUMTYPE_CMAC_CAMELLIA256.rst - CKSUMTYPE_CRC32.rst - CKSUMTYPE_DESCBC.rst - CKSUMTYPE_HMAC_MD5_ARCFOUR.rst - CKSUMTYPE_HMAC_SHA1_96_AES128.rst - CKSUMTYPE_HMAC_SHA1_96_AES256.rst - CKSUMTYPE_HMAC_SHA256_128_AES128.rst - CKSUMTYPE_HMAC_SHA384_192_AES256.rst - CKSUMTYPE_HMAC_SHA1_DES3.rst - CKSUMTYPE_MD5_HMAC_ARCFOUR.rst - CKSUMTYPE_NIST_SHA.rst - CKSUMTYPE_RSA_MD4.rst - CKSUMTYPE_RSA_MD4_DES.rst - CKSUMTYPE_RSA_MD5.rst - CKSUMTYPE_RSA_MD5_DES.rst - CKSUMTYPE_SHA1.rst - ENCTYPE_AES128_CTS_HMAC_SHA1_96.rst - ENCTYPE_AES128_CTS_HMAC_SHA256_128.rst - ENCTYPE_AES256_CTS_HMAC_SHA1_96.rst - ENCTYPE_AES256_CTS_HMAC_SHA384_192.rst - ENCTYPE_ARCFOUR_HMAC.rst - ENCTYPE_ARCFOUR_HMAC_EXP.rst - ENCTYPE_CAMELLIA128_CTS_CMAC.rst - ENCTYPE_CAMELLIA256_CTS_CMAC.rst - ENCTYPE_DES3_CBC_ENV.rst - ENCTYPE_DES3_CBC_RAW.rst - ENCTYPE_DES3_CBC_SHA.rst - ENCTYPE_DES3_CBC_SHA1.rst - ENCTYPE_DES_CBC_CRC.rst - ENCTYPE_DES_CBC_MD4.rst - ENCTYPE_DES_CBC_MD5.rst - ENCTYPE_DES_CBC_RAW.rst - ENCTYPE_DES_HMAC_SHA1.rst - ENCTYPE_DSA_SHA1_CMS.rst - ENCTYPE_MD5_RSA_CMS.rst - ENCTYPE_NULL.rst - ENCTYPE_RC2_CBC_ENV.rst - ENCTYPE_RSA_ENV.rst - ENCTYPE_RSA_ES_OAEP_ENV.rst - ENCTYPE_SHA1_RSA_CMS.rst - ENCTYPE_UNKNOWN.rst - KDC_OPT_ALLOW_POSTDATE.rst - KDC_OPT_CANONICALIZE.rst - KDC_OPT_CNAME_IN_ADDL_TKT.rst - KDC_OPT_DISABLE_TRANSITED_CHECK.rst - KDC_OPT_ENC_TKT_IN_SKEY.rst - KDC_OPT_FORWARDABLE.rst - KDC_OPT_FORWARDED.rst - KDC_OPT_POSTDATED.rst - KDC_OPT_PROXIABLE.rst - KDC_OPT_PROXY.rst - KDC_OPT_RENEW.rst - KDC_OPT_RENEWABLE.rst - KDC_OPT_RENEWABLE_OK.rst - KDC_OPT_REQUEST_ANONYMOUS.rst - KDC_OPT_VALIDATE.rst - KDC_TKT_COMMON_MASK.rst - KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.rst - KRB5_ANONYMOUS_PRINCSTR.rst - KRB5_ANONYMOUS_REALMSTR.rst - KRB5_AP_REP.rst - KRB5_AP_REQ.rst - KRB5_AS_REP.rst - KRB5_AS_REQ.rst - KRB5_AUTHDATA_AND_OR.rst - KRB5_AUTHDATA_AP_OPTIONS.rst - KRB5_AUTHDATA_AUTH_INDICATOR.rst - KRB5_AUTHDATA_CAMMAC.rst - KRB5_AUTHDATA_ETYPE_NEGOTIATION.rst - KRB5_AUTHDATA_FX_ARMOR.rst - KRB5_AUTHDATA_IF_RELEVANT.rst - KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.rst - KRB5_AUTHDATA_KDC_ISSUED.rst - KRB5_AUTHDATA_MANDATORY_FOR_KDC.rst - KRB5_AUTHDATA_OSF_DCE.rst - KRB5_AUTHDATA_SESAME.rst - KRB5_AUTHDATA_SIGNTICKET.rst - KRB5_AUTHDATA_WIN2K_PAC.rst - KRB5_AUTH_CONTEXT_DO_SEQUENCE.rst - KRB5_AUTH_CONTEXT_DO_TIME.rst - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.rst - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.rst - KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.rst - KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.rst - KRB5_AUTH_CONTEXT_PERMIT_ALL.rst - KRB5_AUTH_CONTEXT_RET_SEQUENCE.rst - KRB5_AUTH_CONTEXT_RET_TIME.rst - KRB5_AUTH_CONTEXT_USE_SUBKEY.rst - KRB5_CRED.rst - KRB5_CRYPTO_TYPE_CHECKSUM.rst - KRB5_CRYPTO_TYPE_DATA.rst - KRB5_CRYPTO_TYPE_EMPTY.rst - KRB5_CRYPTO_TYPE_HEADER.rst - KRB5_CRYPTO_TYPE_PADDING.rst - KRB5_CRYPTO_TYPE_SIGN_ONLY.rst - KRB5_CRYPTO_TYPE_STREAM.rst - KRB5_CRYPTO_TYPE_TRAILER.rst - KRB5_CYBERSAFE_SECUREID.rst - KRB5_DOMAIN_X500_COMPRESS.rst - KRB5_ENCPADATA_REQ_ENC_PA_REP.rst - KRB5_ERROR.rst - KRB5_FAST_REQUIRED.rst - KRB5_GC_CACHED.rst - KRB5_GC_CANONICALIZE.rst - KRB5_GC_CONSTRAINED_DELEGATION.rst - KRB5_GC_FORWARDABLE.rst - KRB5_GC_NO_STORE.rst - KRB5_GC_NO_TRANSIT_CHECK.rst - KRB5_GC_USER_USER.rst - KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.rst - KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.rst - KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.rst - KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.rst - KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.rst - KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.rst - KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.rst - KRB5_GET_INIT_CREDS_OPT_PROXIABLE.rst - KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.rst - KRB5_GET_INIT_CREDS_OPT_SALT.rst - KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.rst - KRB5_INIT_CONTEXT_SECURE.rst - KRB5_INIT_CONTEXT_KDC.rst - KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.rst - KRB5_INT16_MAX.rst - KRB5_INT16_MIN.rst - KRB5_INT32_MAX.rst - KRB5_INT32_MIN.rst - KRB5_KEYUSAGE_AD_ITE.rst - KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.rst - KRB5_KEYUSAGE_AD_MTE.rst - KRB5_KEYUSAGE_AD_SIGNEDPATH.rst - KRB5_KEYUSAGE_APP_DATA_CKSUM.rst - KRB5_KEYUSAGE_APP_DATA_ENCRYPT.rst - KRB5_KEYUSAGE_AP_REP_ENCPART.rst - KRB5_KEYUSAGE_AP_REQ_AUTH.rst - KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.rst - KRB5_KEYUSAGE_AS_REP_ENCPART.rst - KRB5_KEYUSAGE_AS_REQ.rst - KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.rst - KRB5_KEYUSAGE_CAMMAC.rst - KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.rst - KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.rst - KRB5_KEYUSAGE_FAST_ENC.rst - KRB5_KEYUSAGE_FAST_FINISHED.rst - KRB5_KEYUSAGE_FAST_REP.rst - KRB5_KEYUSAGE_FAST_REQ_CHKSUM.rst - KRB5_KEYUSAGE_GSS_TOK_MIC.rst - KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.rst - KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.rst - KRB5_KEYUSAGE_IAKERB_FINISHED.rst - KRB5_KEYUSAGE_KDC_REP_TICKET.rst - KRB5_KEYUSAGE_KRB_CRED_ENCPART.rst - KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst - KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst - KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst - KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst - KRB5_KEYUSAGE_PA_FX_COOKIE.rst - KRB5_KEYUSAGE_PA_OTP_REQUEST.rst - KRB5_KEYUSAGE_PA_PKINIT_KX.rst - KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.rst - KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.rst - KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst - KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst - KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst - KRB5_KEYUSAGE_SPAKE.rst - KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst - KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst - KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst - KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.rst - KRB5_KEYUSAGE_TGS_REQ_AUTH.rst - KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.rst - KRB5_KPASSWD_ACCESSDENIED.rst - KRB5_KPASSWD_AUTHERROR.rst - KRB5_KPASSWD_BAD_VERSION.rst - KRB5_KPASSWD_HARDERROR.rst - KRB5_KPASSWD_INITIAL_FLAG_NEEDED.rst - KRB5_KPASSWD_MALFORMED.rst - KRB5_KPASSWD_SOFTERROR.rst - KRB5_KPASSWD_SUCCESS.rst - KRB5_LRQ_ALL_ACCT_EXPTIME.rst - KRB5_LRQ_ALL_LAST_INITIAL.rst - KRB5_LRQ_ALL_LAST_RENEWAL.rst - KRB5_LRQ_ALL_LAST_REQ.rst - KRB5_LRQ_ALL_LAST_TGT.rst - KRB5_LRQ_ALL_LAST_TGT_ISSUED.rst - KRB5_LRQ_ALL_PW_EXPTIME.rst - KRB5_LRQ_NONE.rst - KRB5_LRQ_ONE_ACCT_EXPTIME.rst - KRB5_LRQ_ONE_LAST_INITIAL.rst - KRB5_LRQ_ONE_LAST_RENEWAL.rst - KRB5_LRQ_ONE_LAST_REQ.rst - KRB5_LRQ_ONE_LAST_TGT.rst - KRB5_LRQ_ONE_LAST_TGT_ISSUED.rst - KRB5_LRQ_ONE_PW_EXPTIME.rst - KRB5_NT_ENTERPRISE_PRINCIPAL.rst - KRB5_NT_ENT_PRINCIPAL_AND_ID.rst - KRB5_NT_MS_PRINCIPAL.rst - KRB5_NT_MS_PRINCIPAL_AND_ID.rst - KRB5_NT_PRINCIPAL.rst - KRB5_NT_SMTP_NAME.rst - KRB5_NT_SRV_HST.rst - KRB5_NT_SRV_INST.rst - KRB5_NT_SRV_XHST.rst - KRB5_NT_UID.rst - KRB5_NT_UNKNOWN.rst - KRB5_NT_WELLKNOWN.rst - KRB5_NT_X500_PRINCIPAL.rst - KRB5_PAC_ATTRIBUTES_INFO.rst - KRB5_PAC_CLIENT_INFO.rst - KRB5_PAC_CLIENT_CLAIMS.rst - KRB5_PAC_CREDENTIALS_INFO.rst - KRB5_PAC_DELEGATION_INFO.rst - KRB5_PAC_DEVICE_CLAIMS.rst - KRB5_PAC_DEVICE_INFO.rst - KRB5_PAC_LOGON_INFO.rst - KRB5_PAC_PRIVSVR_CHECKSUM.rst - KRB5_PAC_REQUESTOR.rst - KRB5_PAC_SERVER_CHECKSUM.rst - KRB5_PAC_TICKET_CHECKSUM.rst - KRB5_PAC_UPN_DNS_INFO.rst - KRB5_PAC_FULL_CHECKSUM.rst - KRB5_PADATA_AFS3_SALT.rst - KRB5_PADATA_AP_REQ.rst - KRB5_PADATA_AS_CHECKSUM.rst - KRB5_PADATA_AS_FRESHNESS.rst - KRB5_PADATA_ENCRYPTED_CHALLENGE.rst - KRB5_PADATA_ENC_SANDIA_SECURID.rst - KRB5_PADATA_ENC_TIMESTAMP.rst - KRB5_PADATA_ENC_UNIX_TIME.rst - KRB5_PADATA_ETYPE_INFO.rst - KRB5_PADATA_ETYPE_INFO2.rst - KRB5_PADATA_FOR_USER.rst - KRB5_PADATA_FX_COOKIE.rst - KRB5_PADATA_FX_ERROR.rst - KRB5_PADATA_FX_FAST.rst - KRB5_PADATA_GET_FROM_TYPED_DATA.rst - KRB5_PADATA_NONE.rst - KRB5_PADATA_OSF_DCE.rst - KRB5_PADATA_OTP_CHALLENGE.rst - KRB5_PADATA_OTP_PIN_CHANGE.rst - KRB5_PADATA_OTP_REQUEST.rst - KRB5_PADATA_PAC_OPTIONS.rst - KRB5_PADATA_PAC_REQUEST.rst - KRB5_PADATA_PKINIT_KX.rst - KRB5_PADATA_PK_AS_REP.rst - KRB5_PADATA_PK_AS_REP_OLD.rst - KRB5_PADATA_PK_AS_REQ.rst - KRB5_PADATA_PK_AS_REQ_OLD.rst - KRB5_PADATA_PW_SALT.rst - KRB5_PADATA_REFERRAL.rst - KRB5_PADATA_S4U_X509_USER.rst - KRB5_PADATA_SAM_CHALLENGE.rst - KRB5_PADATA_SAM_CHALLENGE_2.rst - KRB5_PADATA_SAM_REDIRECT.rst - KRB5_PADATA_SAM_RESPONSE.rst - KRB5_PADATA_SAM_RESPONSE_2.rst - KRB5_PADATA_SESAME.rst - KRB5_PADATA_SPAKE.rst - KRB5_PADATA_REDHAT_IDP_OAUTH2.rst - KRB5_PADATA_REDHAT_PASSKEY.rst - KRB5_PADATA_SVR_REFERRAL_INFO.rst - KRB5_PADATA_TGS_REQ.rst - KRB5_PADATA_USE_SPECIFIED_KVNO.rst - KRB5_PRINCIPAL_COMPARE_CASEFOLD.rst - KRB5_PRINCIPAL_COMPARE_ENTERPRISE.rst - KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.rst - KRB5_PRINCIPAL_COMPARE_UTF8.rst - KRB5_PRINCIPAL_PARSE_ENTERPRISE.rst - KRB5_PRINCIPAL_PARSE_IGNORE_REALM.rst - KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.rst - KRB5_PRINCIPAL_PARSE_NO_REALM.rst - KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.rst - KRB5_PRINCIPAL_UNPARSE_DISPLAY.rst - KRB5_PRINCIPAL_UNPARSE_NO_REALM.rst - KRB5_PRINCIPAL_UNPARSE_SHORT.rst - KRB5_PRIV.rst - KRB5_PROMPT_TYPE_NEW_PASSWORD.rst - KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.rst - KRB5_PROMPT_TYPE_PASSWORD.rst - KRB5_PROMPT_TYPE_PREAUTH.rst - KRB5_PVNO.rst - KRB5_REALM_BRANCH_CHAR.rst - KRB5_RECVAUTH_BADAUTHVERS.rst - KRB5_RECVAUTH_SKIP_VERSION.rst - KRB5_REFERRAL_REALM.rst - KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.rst - KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.rst - KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.rst - KRB5_RESPONDER_QUESTION_PKINIT.rst - KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.rst - KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.rst - KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.rst - KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.rst - KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.rst - KRB5_RESPONDER_OTP_FORMAT_DECIMAL.rst - KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.rst - KRB5_RESPONDER_QUESTION_OTP.rst - KRB5_RESPONDER_QUESTION_PASSWORD.rst - KRB5_SAFE.rst - KRB5_SAM_MUST_PK_ENCRYPT_SAD.rst - KRB5_SAM_SEND_ENCRYPTED_SAD.rst - KRB5_SAM_USE_SAD_AS_KEY.rst - KRB5_TC_MATCH_2ND_TKT.rst - KRB5_TC_MATCH_AUTHDATA.rst - KRB5_TC_MATCH_FLAGS.rst - KRB5_TC_MATCH_FLAGS_EXACT.rst - KRB5_TC_MATCH_IS_SKEY.rst - KRB5_TC_MATCH_KTYPE.rst - KRB5_TC_MATCH_SRV_NAMEONLY.rst - KRB5_TC_MATCH_TIMES.rst - KRB5_TC_MATCH_TIMES_EXACT.rst - KRB5_TC_NOTICKET.rst - KRB5_TC_OPENCLOSE.rst - KRB5_TC_SUPPORTED_KTYPES.rst - KRB5_TGS_NAME.rst - KRB5_TGS_NAME_SIZE.rst - KRB5_TGS_REP.rst - KRB5_TGS_REQ.rst - KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.rst - KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.rst - KRB5_WELLKNOWN_NAMESTR.rst - LR_TYPE_INTERPRETATION_MASK.rst - LR_TYPE_THIS_SERVER_ONLY.rst - MAX_KEYTAB_NAME_LEN.rst - MSEC_DIRBIT.rst - MSEC_VAL_MASK.rst - SALT_TYPE_AFS_LENGTH.rst - SALT_TYPE_NO_LENGTH.rst - THREEPARAMOPEN.rst - TKT_FLG_ANONYMOUS.rst - TKT_FLG_ENC_PA_REP.rst - TKT_FLG_FORWARDABLE.rst - TKT_FLG_FORWARDED.rst - TKT_FLG_HW_AUTH.rst - TKT_FLG_INITIAL.rst - TKT_FLG_INVALID.rst - TKT_FLG_MAY_POSTDATE.rst - TKT_FLG_OK_AS_DELEGATE.rst - TKT_FLG_POSTDATED.rst - TKT_FLG_PRE_AUTH.rst - TKT_FLG_PROXIABLE.rst - TKT_FLG_PROXY.rst - TKT_FLG_RENEWABLE.rst - TKT_FLG_TRANSIT_POLICY_CHECKED.rst - VALID_INT_BITS.rst - VALID_UINT_BITS.rst - krb5_const.rst - krb5_princ_component.rst - krb5_princ_name.rst - krb5_princ_realm.rst - krb5_princ_set_realm.rst - krb5_princ_set_realm_data.rst - krb5_princ_set_realm_length.rst - krb5_princ_size.rst - krb5_princ_type.rst - krb5_roundup.rst - krb5_x.rst - krb5_xc.rst - -Deprecated macros ------------------------------- - -.. toctree:: - :maxdepth: 1 - - krb524_convert_creds_kdc.rst - krb524_init_ets.rst diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb524_convert_creds_kdc.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb524_convert_creds_kdc.rst.txt deleted file mode 100644 index 9316160f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb524_convert_creds_kdc.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb524-convert-creds-kdc-data: - -krb524_convert_creds_kdc -======================== - -.. -.. data:: krb524_convert_creds_kdc -.. - - - - -=============================== ====================== -``krb524_convert_creds_kdc`` ``krb5_524_convert_creds`` -=============================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb524_init_ets.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb524_init_ets.rst.txt deleted file mode 100644 index dfb8e202..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb524_init_ets.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb524-init-ets-data: - -krb524_init_ets -=============== - -.. -.. data:: krb524_init_ets -.. - - - - -========================= ====================== -``krb524_init_ets (x)`` ``(0)`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_const.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_const.rst.txt deleted file mode 100644 index 1baaa096..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_const.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-const-data: - -krb5_const -========== - -.. -.. data:: krb5_const -.. - - - - -================= ====================== -``krb5_const`` ``const`` -================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_component.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_component.rst.txt deleted file mode 100644 index cdca4bff..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_component.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-princ-component-data: - -krb5_princ_component -==================== - -.. -.. data:: krb5_princ_component -.. - - - - -============================================== ====================== -``krb5_princ_component (context, princ, i)`` `` (((i) < krb5_princ_size(context, princ)) ? (princ)->data + (i) : NULL)`` -============================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_name.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_name.rst.txt deleted file mode 100644 index 31481305..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_name.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-princ-name-data: - -krb5_princ_name -=============== - -.. -.. data:: krb5_princ_name -.. - - - - -====================================== ====================== -``krb5_princ_name (context, princ)`` ``(princ)->data`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_realm.rst.txt deleted file mode 100644 index 562a2675..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_realm.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-princ-realm-data: - -krb5_princ_realm -================ - -.. -.. data:: krb5_princ_realm -.. - - - - -======================================= ====================== -``krb5_princ_realm (context, princ)`` ``(&(princ)->realm)`` -======================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm.rst.txt deleted file mode 100644 index dc05314a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-princ-set-realm-data: - -krb5_princ_set_realm -==================== - -.. -.. data:: krb5_princ_set_realm -.. - - - - -================================================== ====================== -``krb5_princ_set_realm (context, princ, value)`` ``((princ)->realm = *(value))`` -================================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm_data.rst.txt deleted file mode 100644 index 4ded1b3a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm_data.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-princ-set-realm-data-data: - -krb5_princ_set_realm_data -========================= - -.. -.. data:: krb5_princ_set_realm_data -.. - - - - -======================================================= ====================== -``krb5_princ_set_realm_data (context, princ, value)`` ``(princ)->realm.data = (value)`` -======================================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm_length.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm_length.rst.txt deleted file mode 100644 index 81ea192b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_set_realm_length.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-princ-set-realm-length-data: - -krb5_princ_set_realm_length -=========================== - -.. -.. data:: krb5_princ_set_realm_length -.. - - - - -========================================================= ====================== -``krb5_princ_set_realm_length (context, princ, value)`` ``(princ)->realm.length = (value)`` -========================================================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_size.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_size.rst.txt deleted file mode 100644 index 251fad5d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_size.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-princ-size-data: - -krb5_princ_size -=============== - -.. -.. data:: krb5_princ_size -.. - - - - -====================================== ====================== -``krb5_princ_size (context, princ)`` ``(princ)->length`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_type.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_type.rst.txt deleted file mode 100644 index a4ff8a4b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_princ_type.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-princ-type-data: - -krb5_princ_type -=============== - -.. -.. data:: krb5_princ_type -.. - - - - -====================================== ====================== -``krb5_princ_type (context, princ)`` ``(princ)->type`` -====================================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_roundup.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_roundup.rst.txt deleted file mode 100644 index db81d04b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_roundup.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-roundup-data: - -krb5_roundup -============ - -.. -.. data:: krb5_roundup -.. - - - - -========================= ====================== -``krb5_roundup (x, y)`` ``((((x) + (y) - 1)/(y))*(y))`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_x.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_x.rst.txt deleted file mode 100644 index eaf3f869..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_x.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-x-data: - -krb5_x -====== - -.. -.. data:: krb5_x -.. - - - - -======================== ====================== -``krb5_x (ptr, args)`` ``((ptr)?((*(ptr)) args):(abort(),1))`` -======================== ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_xc.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_xc.rst.txt deleted file mode 100644 index 4d452672..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/macros/krb5_xc.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. highlight:: c - -.. _krb5-xc-data: - -krb5_xc -======= - -.. -.. data:: krb5_xc -.. - - - - -========================= ====================== -``krb5_xc (ptr, args)`` ``((ptr)?((*(ptr)) args):(abort(),(char*)0))`` -========================= ====================== diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/index.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/index.rst.txt deleted file mode 100644 index d8d2a8f3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/index.rst.txt +++ /dev/null @@ -1,108 +0,0 @@ -krb5 types and structures -========================= - -Public -------- - -.. toctree:: - :maxdepth: 1 - - krb5_address.rst - krb5_addrtype.rst - krb5_ap_req.rst - krb5_ap_rep.rst - krb5_ap_rep_enc_part.rst - krb5_authdata.rst - krb5_authdatatype.rst - krb5_authenticator.rst - krb5_boolean.rst - krb5_checksum.rst - krb5_const_pointer.rst - krb5_const_principal.rst - krb5_cred.rst - krb5_cred_enc_part.rst - krb5_cred_info.rst - krb5_creds.rst - krb5_crypto_iov.rst - krb5_cryptotype.rst - krb5_data.rst - krb5_deltat.rst - krb5_enc_data.rst - krb5_enc_kdc_rep_part.rst - krb5_enc_tkt_part.rst - krb5_encrypt_block.rst - krb5_enctype.rst - krb5_error.rst - krb5_error_code.rst - krb5_expire_callback_func.rst - krb5_flags.rst - krb5_get_init_creds_opt.rst - krb5_gic_opt_pa_data.rst - krb5_int16.rst - krb5_int32.rst - krb5_kdc_rep.rst - krb5_kdc_req.rst - krb5_keyblock.rst - krb5_keytab_entry.rst - krb5_keyusage.rst - krb5_kt_cursor.rst - krb5_kvno.rst - krb5_last_req_entry.rst - krb5_magic.rst - krb5_mk_req_checksum_func.rst - krb5_msgtype.rst - krb5_octet.rst - krb5_pa_pac_req.rst - krb5_pa_server_referral_data.rst - krb5_pa_svr_referral_data.rst - krb5_pa_data.rst - krb5_pointer.rst - krb5_post_recv_fn.rst - krb5_pre_send_fn.rst - krb5_preauthtype.rst - krb5_principal.rst - krb5_principal_data.rst - krb5_prompt.rst - krb5_prompt_type.rst - krb5_prompter_fct.rst - krb5_pwd_data.rst - krb5_responder_context.rst - krb5_responder_fn.rst - krb5_responder_otp_challenge.rst - krb5_responder_otp_tokeninfo.rst - krb5_responder_pkinit_challenge.rst - krb5_responder_pkinit_identity.rst - krb5_response.rst - krb5_replay_data.rst - krb5_ticket.rst - krb5_ticket_times.rst - krb5_timestamp.rst - krb5_tkt_authent.rst - krb5_trace_callback.rst - krb5_trace_info.rst - krb5_transited.rst - krb5_typed_data.rst - krb5_ui_2.rst - krb5_ui_4.rst - krb5_verify_init_creds_opt.rst - passwd_phrase_element.rst - - -Internal ---------- - -.. toctree:: - :maxdepth: 1 - - krb5_auth_context.rst - krb5_cksumtype - krb5_context.rst - krb5_cc_cursor.rst - krb5_ccache.rst - krb5_cccol_cursor.rst - krb5_init_creds_context.rst - krb5_key.rst - krb5_keytab.rst - krb5_pac.rst - krb5_rcache.rst - krb5_tkt_creds_context.rst diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_address.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_address.rst.txt deleted file mode 100644 index 1b433789..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_address.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -.. highlight:: c - -.. _krb5-address-struct: - -krb5_address -============ - -.. -.. c:type:: krb5_address -.. - -Structure for address. - - - -Declaration ------------- - -typedef struct _krb5_address krb5_address - - -Members ---------- - - -.. c:member:: krb5_magic krb5_address.magic - - - - -.. c:member:: krb5_addrtype krb5_address.addrtype - - - - -.. c:member:: unsigned int krb5_address.length - - - - -.. c:member:: krb5_octet * krb5_address.contents - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_addrtype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_addrtype.rst.txt deleted file mode 100644 index 4c619163..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_addrtype.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-addrtype-struct: - -krb5_addrtype -============= - -.. -.. c:type:: krb5_addrtype -.. - - - - -Declaration ------------- - -typedef krb5_int32 krb5_addrtype - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_rep.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_rep.rst.txt deleted file mode 100644 index e2e7e7df..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_rep.rst.txt +++ /dev/null @@ -1,35 +0,0 @@ -.. highlight:: c - -.. _krb5-ap-rep-struct: - -krb5_ap_rep -=========== - -.. -.. c:type:: krb5_ap_rep -.. - -C representaton of AP-REP message. - -The server's response to a client's request for mutual authentication. - -Declaration ------------- - -typedef struct _krb5_ap_rep krb5_ap_rep - - -Members ---------- - - -.. c:member:: krb5_magic krb5_ap_rep.magic - - - - -.. c:member:: krb5_enc_data krb5_ap_rep.enc_part - - Ciphertext of ApRepEncPart. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_rep_enc_part.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_rep_enc_part.rst.txt deleted file mode 100644 index b7191783..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_rep_enc_part.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -.. highlight:: c - -.. _krb5-ap-rep-enc-part-struct: - -krb5_ap_rep_enc_part -==================== - -.. -.. c:type:: krb5_ap_rep_enc_part -.. - -Cleartext that is encrypted and put into :c:type:`_krb5_ap_rep` . - - - -Declaration ------------- - -typedef struct _krb5_ap_rep_enc_part krb5_ap_rep_enc_part - - -Members ---------- - - -.. c:member:: krb5_magic krb5_ap_rep_enc_part.magic - - - - -.. c:member:: krb5_timestamp krb5_ap_rep_enc_part.ctime - - Client time, seconds portion. - - -.. c:member:: krb5_int32 krb5_ap_rep_enc_part.cusec - - Client time, microseconds portion. - - -.. c:member:: krb5_keyblock * krb5_ap_rep_enc_part.subkey - - Subkey (optional) - - -.. c:member:: krb5_ui_4 krb5_ap_rep_enc_part.seq_number - - Sequence number. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_req.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_req.rst.txt deleted file mode 100644 index 8d9642c7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ap_req.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -.. highlight:: c - -.. _krb5-ap-req-struct: - -krb5_ap_req -=========== - -.. -.. c:type:: krb5_ap_req -.. - -Authentication header. - - - -Declaration ------------- - -typedef struct _krb5_ap_req krb5_ap_req - - -Members ---------- - - -.. c:member:: krb5_magic krb5_ap_req.magic - - - - -.. c:member:: krb5_flags krb5_ap_req.ap_options - - Requested options. - - -.. c:member:: krb5_ticket * krb5_ap_req.ticket - - Ticket. - - -.. c:member:: krb5_enc_data krb5_ap_req.authenticator - - Encrypted authenticator. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_auth_context.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_auth_context.rst.txt deleted file mode 100644 index e0f302c5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_auth_context.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-auth-context-struct: - -krb5_auth_context -================= - -.. -.. c:type:: krb5_auth_context -.. - - - - -Declaration ------------- - -typedef struct _krb5_auth_context\* krb5_auth_context - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authdata.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authdata.rst.txt deleted file mode 100644 index 6419a059..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authdata.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -.. highlight:: c - -.. _krb5-authdata-struct: - -krb5_authdata -============= - -.. -.. c:type:: krb5_authdata -.. - -Structure for auth data. - - - -Declaration ------------- - -typedef struct _krb5_authdata krb5_authdata - - -Members ---------- - - -.. c:member:: krb5_magic krb5_authdata.magic - - - - -.. c:member:: krb5_authdatatype krb5_authdata.ad_type - - ADTYPE. - - -.. c:member:: unsigned int krb5_authdata.length - - Length of data. - - -.. c:member:: krb5_octet * krb5_authdata.contents - - Data. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authdatatype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authdatatype.rst.txt deleted file mode 100644 index 01c23d97..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authdatatype.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-authdatatype-struct: - -krb5_authdatatype -================= - -.. -.. c:type:: krb5_authdatatype -.. - - - - -Declaration ------------- - -typedef krb5_int32 krb5_authdatatype - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authenticator.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authenticator.rst.txt deleted file mode 100644 index 4b2b1c92..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_authenticator.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -.. highlight:: c - -.. _krb5-authenticator-struct: - -krb5_authenticator -================== - -.. -.. c:type:: krb5_authenticator -.. - -Ticket authenticator. - -The C representation of an unencrypted authenticator. - -Declaration ------------- - -typedef struct _krb5_authenticator krb5_authenticator - - -Members ---------- - - -.. c:member:: krb5_magic krb5_authenticator.magic - - - - -.. c:member:: krb5_principal krb5_authenticator.client - - client name/realm - - -.. c:member:: krb5_checksum * krb5_authenticator.checksum - - checksum, includes type, optional - - -.. c:member:: krb5_int32 krb5_authenticator.cusec - - client usec portion - - -.. c:member:: krb5_timestamp krb5_authenticator.ctime - - client sec portion - - -.. c:member:: krb5_keyblock * krb5_authenticator.subkey - - true session key, optional - - -.. c:member:: krb5_ui_4 krb5_authenticator.seq_number - - sequence #, optional - - -.. c:member:: krb5_authdata ** krb5_authenticator.authorization_data - - authoriazation data - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_boolean.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_boolean.rst.txt deleted file mode 100644 index f9be9b41..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_boolean.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-boolean-struct: - -krb5_boolean -============ - -.. -.. c:type:: krb5_boolean -.. - - - - -Declaration ------------- - -typedef unsigned int krb5_boolean - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cc_cursor.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cc_cursor.rst.txt deleted file mode 100644 index 97da560d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cc_cursor.rst.txt +++ /dev/null @@ -1,21 +0,0 @@ -.. highlight:: c - -.. _krb5-cc-cursor-struct: - -krb5_cc_cursor -============== - -.. -.. c:type:: krb5_cc_cursor -.. - -Cursor for sequential lookup. - - - -Declaration ------------- - -typedef krb5_pointer krb5_cc_cursor - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ccache.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ccache.rst.txt deleted file mode 100644 index 86317f5f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ccache.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-ccache-struct: - -krb5_ccache -=========== - -.. -.. c:type:: krb5_ccache -.. - - - - -Declaration ------------- - -typedef struct _krb5_ccache\* krb5_ccache - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cccol_cursor.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cccol_cursor.rst.txt deleted file mode 100644 index 13095b1c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cccol_cursor.rst.txt +++ /dev/null @@ -1,21 +0,0 @@ -.. highlight:: c - -.. _krb5-cccol-cursor-struct: - -krb5_cccol_cursor -================= - -.. -.. c:type:: krb5_cccol_cursor -.. - -Cursor for iterating over all ccaches. - - - -Declaration ------------- - -typedef struct _krb5_cccol_cursor\* krb5_cccol_cursor - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_checksum.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_checksum.rst.txt deleted file mode 100644 index de4cc011..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_checksum.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -.. highlight:: c - -.. _krb5-checksum-struct: - -krb5_checksum -============= - -.. -.. c:type:: krb5_checksum -.. - - - - -Declaration ------------- - -typedef struct _krb5_checksum krb5_checksum - - -Members ---------- - - -.. c:member:: krb5_magic krb5_checksum.magic - - - - -.. c:member:: krb5_cksumtype krb5_checksum.checksum_type - - - - -.. c:member:: unsigned int krb5_checksum.length - - - - -.. c:member:: krb5_octet * krb5_checksum.contents - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cksumtype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cksumtype.rst.txt deleted file mode 100644 index 52a757a4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cksumtype.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-cksumtype-struct: - -krb5_cksumtype -============== - -.. -.. c:type:: krb5_cksumtype -.. - - - - -Declaration ------------- - -typedef krb5_int32 krb5_cksumtype - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_const_pointer.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_const_pointer.rst.txt deleted file mode 100644 index 7b70b430..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_const_pointer.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-const-pointer-struct: - -krb5_const_pointer -================== - -.. -.. c:type:: krb5_const_pointer -.. - - - - -Declaration ------------- - -typedef void const\* krb5_const_pointer - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_const_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_const_principal.rst.txt deleted file mode 100644 index 37131f6a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_const_principal.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -.. highlight:: c - -.. _krb5-const-principal-struct: - -krb5_const_principal -==================== - -.. -.. c:type:: krb5_const_principal -.. - -Constant version of :c:type:`krb5_principal_data` . - - - -Declaration ------------- - -typedef const krb5_principal_data\* krb5_const_principal - - -Members ---------- - - -.. c:member:: krb5_magic krb5_const_principal.magic - - - - -.. c:member:: krb5_data krb5_const_principal.realm - - - - -.. c:member:: krb5_data * krb5_const_principal.data - - An array of strings. - - -.. c:member:: krb5_int32 krb5_const_principal.length - - - - -.. c:member:: krb5_int32 krb5_const_principal.type - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_context.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_context.rst.txt deleted file mode 100644 index 8390b9cd..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_context.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-context-struct: - -krb5_context -============ - -.. -.. c:type:: krb5_context -.. - - - - -Declaration ------------- - -typedef struct _krb5_context\* krb5_context - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred.rst.txt deleted file mode 100644 index 500d0162..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -.. highlight:: c - -.. _krb5-cred-struct: - -krb5_cred -========= - -.. -.. c:type:: krb5_cred -.. - -Credentials data structure. - - - -Declaration ------------- - -typedef struct _krb5_cred krb5_cred - - -Members ---------- - - -.. c:member:: krb5_magic krb5_cred.magic - - - - -.. c:member:: krb5_ticket ** krb5_cred.tickets - - Tickets. - - -.. c:member:: krb5_enc_data krb5_cred.enc_part - - Encrypted part. - - -.. c:member:: krb5_cred_enc_part * krb5_cred.enc_part2 - - Unencrypted version, if available. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred_enc_part.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred_enc_part.rst.txt deleted file mode 100644 index a69650a5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred_enc_part.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -.. highlight:: c - -.. _krb5-cred-enc-part-struct: - -krb5_cred_enc_part -================== - -.. -.. c:type:: krb5_cred_enc_part -.. - -Cleartext credentials information. - - - -Declaration ------------- - -typedef struct _krb5_cred_enc_part krb5_cred_enc_part - - -Members ---------- - - -.. c:member:: krb5_magic krb5_cred_enc_part.magic - - - - -.. c:member:: krb5_int32 krb5_cred_enc_part.nonce - - Nonce (optional) - - -.. c:member:: krb5_timestamp krb5_cred_enc_part.timestamp - - Generation time, seconds portion. - - -.. c:member:: krb5_int32 krb5_cred_enc_part.usec - - Generation time, microseconds portion. - - -.. c:member:: krb5_address * krb5_cred_enc_part.s_address - - Sender address (optional) - - -.. c:member:: krb5_address * krb5_cred_enc_part.r_address - - Recipient address (optional) - - -.. c:member:: krb5_cred_info ** krb5_cred_enc_part.ticket_info - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred_info.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred_info.rst.txt deleted file mode 100644 index f0dcc34a..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cred_info.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -.. highlight:: c - -.. _krb5-cred-info-struct: - -krb5_cred_info -============== - -.. -.. c:type:: krb5_cred_info -.. - -Credentials information inserted into *EncKrbCredPart* . - - - -Declaration ------------- - -typedef struct _krb5_cred_info krb5_cred_info - - -Members ---------- - - -.. c:member:: krb5_magic krb5_cred_info.magic - - - - -.. c:member:: krb5_keyblock * krb5_cred_info.session - - Session key used to encrypt ticket. - - -.. c:member:: krb5_principal krb5_cred_info.client - - Client principal and realm. - - -.. c:member:: krb5_principal krb5_cred_info.server - - Server principal and realm. - - -.. c:member:: krb5_flags krb5_cred_info.flags - - Ticket flags. - - -.. c:member:: krb5_ticket_times krb5_cred_info.times - - Auth, start, end, renew_till. - - -.. c:member:: krb5_address ** krb5_cred_info.caddrs - - Array of pointers to addrs (optional) - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_creds.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_creds.rst.txt deleted file mode 100644 index 68c0c663..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_creds.rst.txt +++ /dev/null @@ -1,80 +0,0 @@ -.. highlight:: c - -.. _krb5-creds-struct: - -krb5_creds -========== - -.. -.. c:type:: krb5_creds -.. - -Credentials structure including ticket, session key, and lifetime info. - - - -Declaration ------------- - -typedef struct _krb5_creds krb5_creds - - -Members ---------- - - -.. c:member:: krb5_magic krb5_creds.magic - - - - -.. c:member:: krb5_principal krb5_creds.client - - client's principal identifier - - -.. c:member:: krb5_principal krb5_creds.server - - server's principal identifier - - -.. c:member:: krb5_keyblock krb5_creds.keyblock - - session encryption key info - - -.. c:member:: krb5_ticket_times krb5_creds.times - - lifetime info - - -.. c:member:: krb5_boolean krb5_creds.is_skey - - true if ticket is encrypted in another ticket's skey - - -.. c:member:: krb5_flags krb5_creds.ticket_flags - - flags in ticket - - -.. c:member:: krb5_address ** krb5_creds.addresses - - addrs in ticket - - -.. c:member:: krb5_data krb5_creds.ticket - - ticket string itself - - -.. c:member:: krb5_data krb5_creds.second_ticket - - second ticket, if related to ticket (via DUPLICATE-SKEY or ENC-TKT-IN-SKEY) - - -.. c:member:: krb5_authdata ** krb5_creds.authdata - - authorization data - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_crypto_iov.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_crypto_iov.rst.txt deleted file mode 100644 index e4eb787b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_crypto_iov.rst.txt +++ /dev/null @@ -1,35 +0,0 @@ -.. highlight:: c - -.. _krb5-crypto-iov-struct: - -krb5_crypto_iov -=============== - -.. -.. c:type:: krb5_crypto_iov -.. - -Structure to describe a region of text to be encrypted or decrypted. - -The *flags* member describes the type of the iov. The *data* member points to the memory that will be manipulated. All iov APIs take a pointer to the first element of an array of krb5_crypto_iov's along with the size of that array. Buffer contents are manipulated in-place; data is overwritten. Callers must allocate the right number of krb5_crypto_iov structures before calling into an iov API. - -Declaration ------------- - -typedef struct _krb5_crypto_iov krb5_crypto_iov - - -Members ---------- - - -.. c:member:: krb5_cryptotype krb5_crypto_iov.flags - - iov type (see KRB5_CRYPTO_TYPE macros) - - -.. c:member:: krb5_data krb5_crypto_iov.data - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cryptotype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cryptotype.rst.txt deleted file mode 100644 index 1e49e351..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_cryptotype.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-cryptotype-struct: - -krb5_cryptotype -=============== - -.. -.. c:type:: krb5_cryptotype -.. - - - - -Declaration ------------- - -typedef krb5_int32 krb5_cryptotype - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_data.rst.txt deleted file mode 100644 index 98cc3a76..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_data.rst.txt +++ /dev/null @@ -1,39 +0,0 @@ -.. highlight:: c - -.. _krb5-data-struct: - -krb5_data -========= - -.. -.. c:type:: krb5_data -.. - - - - -Declaration ------------- - -typedef struct _krb5_data krb5_data - - -Members ---------- - - -.. c:member:: krb5_magic krb5_data.magic - - - - -.. c:member:: unsigned int krb5_data.length - - - - -.. c:member:: char * krb5_data.data - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_deltat.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_deltat.rst.txt deleted file mode 100644 index bfefbe88..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_deltat.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-deltat-struct: - -krb5_deltat -=========== - -.. -.. c:type:: krb5_deltat -.. - - - - -Declaration ------------- - -typedef krb5_int32 krb5_deltat - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_data.rst.txt deleted file mode 100644 index 0f874c7f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_data.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -.. highlight:: c - -.. _krb5-enc-data-struct: - -krb5_enc_data -============= - -.. -.. c:type:: krb5_enc_data -.. - - - - -Declaration ------------- - -typedef struct _krb5_enc_data krb5_enc_data - - -Members ---------- - - -.. c:member:: krb5_magic krb5_enc_data.magic - - - - -.. c:member:: krb5_enctype krb5_enc_data.enctype - - - - -.. c:member:: krb5_kvno krb5_enc_data.kvno - - - - -.. c:member:: krb5_data krb5_enc_data.ciphertext - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_kdc_rep_part.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_kdc_rep_part.rst.txt deleted file mode 100644 index 7c7a2460..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_kdc_rep_part.rst.txt +++ /dev/null @@ -1,80 +0,0 @@ -.. highlight:: c - -.. _krb5-enc-kdc-rep-part-struct: - -krb5_enc_kdc_rep_part -===================== - -.. -.. c:type:: krb5_enc_kdc_rep_part -.. - -C representation of *EncKDCRepPart* protocol message. - -This is the cleartext message that is encrypted and inserted in *KDC-REP* . - -Declaration ------------- - -typedef struct _krb5_enc_kdc_rep_part krb5_enc_kdc_rep_part - - -Members ---------- - - -.. c:member:: krb5_magic krb5_enc_kdc_rep_part.magic - - - - -.. c:member:: krb5_msgtype krb5_enc_kdc_rep_part.msg_type - - krb5 message type - - -.. c:member:: krb5_keyblock * krb5_enc_kdc_rep_part.session - - Session key. - - -.. c:member:: krb5_last_req_entry ** krb5_enc_kdc_rep_part.last_req - - Array of pointers to entries. - - -.. c:member:: krb5_int32 krb5_enc_kdc_rep_part.nonce - - Nonce from request. - - -.. c:member:: krb5_timestamp krb5_enc_kdc_rep_part.key_exp - - Expiration date. - - -.. c:member:: krb5_flags krb5_enc_kdc_rep_part.flags - - Ticket flags. - - -.. c:member:: krb5_ticket_times krb5_enc_kdc_rep_part.times - - Lifetime info. - - -.. c:member:: krb5_principal krb5_enc_kdc_rep_part.server - - Server's principal identifier. - - -.. c:member:: krb5_address ** krb5_enc_kdc_rep_part.caddrs - - Array of ptrs to addrs, optional. - - -.. c:member:: krb5_pa_data ** krb5_enc_kdc_rep_part.enc_padata - - Encrypted preauthentication data. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_tkt_part.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_tkt_part.rst.txt deleted file mode 100644 index 05cbe481..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enc_tkt_part.rst.txt +++ /dev/null @@ -1,65 +0,0 @@ -.. highlight:: c - -.. _krb5-enc-tkt-part-struct: - -krb5_enc_tkt_part -================= - -.. -.. c:type:: krb5_enc_tkt_part -.. - -Encrypted part of ticket. - - - -Declaration ------------- - -typedef struct _krb5_enc_tkt_part krb5_enc_tkt_part - - -Members ---------- - - -.. c:member:: krb5_magic krb5_enc_tkt_part.magic - - - - -.. c:member:: krb5_flags krb5_enc_tkt_part.flags - - flags - - -.. c:member:: krb5_keyblock * krb5_enc_tkt_part.session - - session key: includes enctype - - -.. c:member:: krb5_principal krb5_enc_tkt_part.client - - client name/realm - - -.. c:member:: krb5_transited krb5_enc_tkt_part.transited - - list of transited realms - - -.. c:member:: krb5_ticket_times krb5_enc_tkt_part.times - - auth, start, end, renew_till - - -.. c:member:: krb5_address ** krb5_enc_tkt_part.caddrs - - array of ptrs to addresses - - -.. c:member:: krb5_authdata ** krb5_enc_tkt_part.authorization_data - - auth data - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_encrypt_block.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_encrypt_block.rst.txt deleted file mode 100644 index daf2fa50..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_encrypt_block.rst.txt +++ /dev/null @@ -1,39 +0,0 @@ -.. highlight:: c - -.. _krb5-encrypt-block-struct: - -krb5_encrypt_block -================== - -.. -.. c:type:: krb5_encrypt_block -.. - - - - -Declaration ------------- - -typedef struct _krb5_encrypt_block krb5_encrypt_block - - -Members ---------- - - -.. c:member:: krb5_magic krb5_encrypt_block.magic - - - - -.. c:member:: krb5_enctype krb5_encrypt_block.crypto_entry - - - - -.. c:member:: krb5_keyblock * krb5_encrypt_block.key - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enctype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enctype.rst.txt deleted file mode 100644 index c820bf8e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_enctype.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-enctype-struct: - -krb5_enctype -============ - -.. -.. c:type:: krb5_enctype -.. - - - - -Declaration ------------- - -typedef krb5_int32 krb5_enctype - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_error.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_error.rst.txt deleted file mode 100644 index 29a64665..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_error.rst.txt +++ /dev/null @@ -1,75 +0,0 @@ -.. highlight:: c - -.. _krb5-error-struct: - -krb5_error -========== - -.. -.. c:type:: krb5_error -.. - -Error message structure. - - - -Declaration ------------- - -typedef struct _krb5_error krb5_error - - -Members ---------- - - -.. c:member:: krb5_magic krb5_error.magic - - - - -.. c:member:: krb5_timestamp krb5_error.ctime - - Client sec portion; optional. - - -.. c:member:: krb5_int32 krb5_error.cusec - - Client usec portion; optional. - - -.. c:member:: krb5_int32 krb5_error.susec - - Server usec portion. - - -.. c:member:: krb5_timestamp krb5_error.stime - - Server sec portion. - - -.. c:member:: krb5_ui_4 krb5_error.error - - Error code (protocol error #'s) - - -.. c:member:: krb5_principal krb5_error.client - - Client principal and realm. - - -.. c:member:: krb5_principal krb5_error.server - - Server principal and realm. - - -.. c:member:: krb5_data krb5_error.text - - Descriptive text. - - -.. c:member:: krb5_data krb5_error.e_data - - Additional error-describing data. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_error_code.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_error_code.rst.txt deleted file mode 100644 index 58d374ba..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_error_code.rst.txt +++ /dev/null @@ -1,21 +0,0 @@ -.. highlight:: c - -.. _krb5-error-code-struct: - -krb5_error_code -=============== - -.. -.. c:type:: krb5_error_code -.. - -Used to convey an operation status. - -The value 0 indicates success; any other values are com_err codes. Use krb5_get_error_message() to obtain a string describing the error. - -Declaration ------------- - -typedef krb5_int32 krb5_error_code - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_expire_callback_func.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_expire_callback_func.rst.txt deleted file mode 100644 index 13b1f217..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_expire_callback_func.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-expire-callback-func-struct: - -krb5_expire_callback_func -========================= - -.. -.. c:type:: krb5_expire_callback_func -.. - - - - -Declaration ------------- - -typedef void( \* krb5_expire_callback_func) (krb5_context context, void \*data, krb5_timestamp password_expiration, krb5_timestamp account_expiration, krb5_boolean is_last_req) - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_flags.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_flags.rst.txt deleted file mode 100644 index 398a5e95..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_flags.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-flags-struct: - -krb5_flags -========== - -.. -.. c:type:: krb5_flags -.. - - - - -Declaration ------------- - -typedef krb5_int32 krb5_flags - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_get_init_creds_opt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_get_init_creds_opt.rst.txt deleted file mode 100644 index 19742f20..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_get_init_creds_opt.rst.txt +++ /dev/null @@ -1,80 +0,0 @@ -.. highlight:: c - -.. _krb5-get-init-creds-opt-struct: - -krb5_get_init_creds_opt -======================= - -.. -.. c:type:: krb5_get_init_creds_opt -.. - -Store options for *_krb5_get_init_creds* . - - - -Declaration ------------- - -typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt - - -Members ---------- - - -.. c:member:: krb5_flags krb5_get_init_creds_opt.flags - - - - -.. c:member:: krb5_deltat krb5_get_init_creds_opt.tkt_life - - - - -.. c:member:: krb5_deltat krb5_get_init_creds_opt.renew_life - - - - -.. c:member:: int krb5_get_init_creds_opt.forwardable - - - - -.. c:member:: int krb5_get_init_creds_opt.proxiable - - - - -.. c:member:: krb5_enctype * krb5_get_init_creds_opt.etype_list - - - - -.. c:member:: int krb5_get_init_creds_opt.etype_list_length - - - - -.. c:member:: krb5_address ** krb5_get_init_creds_opt.address_list - - - - -.. c:member:: krb5_preauthtype * krb5_get_init_creds_opt.preauth_list - - - - -.. c:member:: int krb5_get_init_creds_opt.preauth_list_length - - - - -.. c:member:: krb5_data * krb5_get_init_creds_opt.salt - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_gic_opt_pa_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_gic_opt_pa_data.rst.txt deleted file mode 100644 index cef8a469..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_gic_opt_pa_data.rst.txt +++ /dev/null @@ -1,35 +0,0 @@ -.. highlight:: c - -.. _krb5-gic-opt-pa-data-struct: - -krb5_gic_opt_pa_data -==================== - -.. -.. c:type:: krb5_gic_opt_pa_data -.. - -Generic preauth option attribute/value pairs. - - - -Declaration ------------- - -typedef struct _krb5_gic_opt_pa_data krb5_gic_opt_pa_data - - -Members ---------- - - -.. c:member:: char * krb5_gic_opt_pa_data.attr - - - - -.. c:member:: char * krb5_gic_opt_pa_data.value - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_init_creds_context.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_init_creds_context.rst.txt deleted file mode 100644 index 22c4af36..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_init_creds_context.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-init-creds-context-struct: - -krb5_init_creds_context -======================= - -.. -.. c:type:: krb5_init_creds_context -.. - - - - -Declaration ------------- - -typedef struct _krb5_init_creds_context\* krb5_init_creds_context - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_int16.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_int16.rst.txt deleted file mode 100644 index 9686c306..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_int16.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-int16-struct: - -krb5_int16 -========== - -.. -.. c:type:: krb5_int16 -.. - - - - -Declaration ------------- - -typedef int16_t krb5_int16 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_int32.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_int32.rst.txt deleted file mode 100644 index cab1a43f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_int32.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-int32-struct: - -krb5_int32 -========== - -.. -.. c:type:: krb5_int32 -.. - - - - -Declaration ------------- - -typedef int32_t krb5_int32 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kdc_rep.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kdc_rep.rst.txt deleted file mode 100644 index 5e742dfc..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kdc_rep.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -.. highlight:: c - -.. _krb5-kdc-rep-struct: - -krb5_kdc_rep -============ - -.. -.. c:type:: krb5_kdc_rep -.. - -Representation of the *KDC-REP* protocol message. - - - -Declaration ------------- - -typedef struct _krb5_kdc_rep krb5_kdc_rep - - -Members ---------- - - -.. c:member:: krb5_magic krb5_kdc_rep.magic - - - - -.. c:member:: krb5_msgtype krb5_kdc_rep.msg_type - - KRB5_AS_REP or KRB5_KDC_REP. - - -.. c:member:: krb5_pa_data ** krb5_kdc_rep.padata - - Preauthentication data from KDC. - - -.. c:member:: krb5_principal krb5_kdc_rep.client - - Client principal and realm. - - -.. c:member:: krb5_ticket * krb5_kdc_rep.ticket - - Ticket. - - -.. c:member:: krb5_enc_data krb5_kdc_rep.enc_part - - Encrypted part of reply. - - -.. c:member:: krb5_enc_kdc_rep_part * krb5_kdc_rep.enc_part2 - - Unencrypted version, if available. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kdc_req.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kdc_req.rst.txt deleted file mode 100644 index 51e3512c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kdc_req.rst.txt +++ /dev/null @@ -1,105 +0,0 @@ -.. highlight:: c - -.. _krb5-kdc-req-struct: - -krb5_kdc_req -============ - -.. -.. c:type:: krb5_kdc_req -.. - -C representation of KDC-REQ protocol message, including KDC-REQ-BODY. - - - -Declaration ------------- - -typedef struct _krb5_kdc_req krb5_kdc_req - - -Members ---------- - - -.. c:member:: krb5_magic krb5_kdc_req.magic - - - - -.. c:member:: krb5_msgtype krb5_kdc_req.msg_type - - KRB5_AS_REQ or KRB5_TGS_REQ. - - -.. c:member:: krb5_pa_data ** krb5_kdc_req.padata - - Preauthentication data. - - -.. c:member:: krb5_flags krb5_kdc_req.kdc_options - - Requested options. - - -.. c:member:: krb5_principal krb5_kdc_req.client - - Client principal and realm. - - -.. c:member:: krb5_principal krb5_kdc_req.server - - Server principal and realm. - - -.. c:member:: krb5_timestamp krb5_kdc_req.from - - Requested start time. - - -.. c:member:: krb5_timestamp krb5_kdc_req.till - - Requested end time. - - -.. c:member:: krb5_timestamp krb5_kdc_req.rtime - - Requested renewable end time. - - -.. c:member:: krb5_int32 krb5_kdc_req.nonce - - Nonce to match request and response. - - -.. c:member:: int krb5_kdc_req.nktypes - - Number of enctypes. - - -.. c:member:: krb5_enctype * krb5_kdc_req.ktype - - Requested enctypes. - - -.. c:member:: krb5_address ** krb5_kdc_req.addresses - - Requested addresses (optional) - - -.. c:member:: krb5_enc_data krb5_kdc_req.authorization_data - - Encrypted authz data (optional) - - -.. c:member:: krb5_authdata ** krb5_kdc_req.unenc_authdata - - Unencrypted authz data. - - -.. c:member:: krb5_ticket ** krb5_kdc_req.second_ticket - - Second ticket array (optional) - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_key.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_key.rst.txt deleted file mode 100644 index 580d4107..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_key.rst.txt +++ /dev/null @@ -1,21 +0,0 @@ -.. highlight:: c - -.. _krb5-key-struct: - -krb5_key -======== - -.. -.. c:type:: krb5_key -.. - -Opaque identifier for a key. - -Use with the krb5_k APIs for better performance for repeated operations with the same key and usage. Key identifiers must not be used simultaneously within multiple threads, as they may contain mutable internal state and are not mutex-protected. - -Declaration ------------- - -typedef struct krb5_key_st\* krb5_key - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keyblock.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keyblock.rst.txt deleted file mode 100644 index a6c08225..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keyblock.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -.. highlight:: c - -.. _krb5-keyblock-struct: - -krb5_keyblock -============= - -.. -.. c:type:: krb5_keyblock -.. - -Exposed contents of a key. - - - -Declaration ------------- - -typedef struct _krb5_keyblock krb5_keyblock - - -Members ---------- - - -.. c:member:: krb5_magic krb5_keyblock.magic - - - - -.. c:member:: krb5_enctype krb5_keyblock.enctype - - - - -.. c:member:: unsigned int krb5_keyblock.length - - - - -.. c:member:: krb5_octet * krb5_keyblock.contents - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keytab.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keytab.rst.txt deleted file mode 100644 index 879a92b4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keytab.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-keytab-struct: - -krb5_keytab -=========== - -.. -.. c:type:: krb5_keytab -.. - - - - -Declaration ------------- - -typedef struct _krb5_kt\* krb5_keytab - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keytab_entry.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keytab_entry.rst.txt deleted file mode 100644 index a727744f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keytab_entry.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -.. highlight:: c - -.. _krb5-keytab-entry-struct: - -krb5_keytab_entry -================= - -.. -.. c:type:: krb5_keytab_entry -.. - -A key table entry. - - - -Declaration ------------- - -typedef struct krb5_keytab_entry_st krb5_keytab_entry - - -Members ---------- - - -.. c:member:: krb5_magic krb5_keytab_entry.magic - - - - -.. c:member:: krb5_principal krb5_keytab_entry.principal - - Principal of this key. - - -.. c:member:: krb5_timestamp krb5_keytab_entry.timestamp - - Time entry written to keytable. - - -.. c:member:: krb5_kvno krb5_keytab_entry.vno - - Key version number. - - -.. c:member:: krb5_keyblock krb5_keytab_entry.key - - The secret key. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keyusage.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keyusage.rst.txt deleted file mode 100644 index 6e2358f0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_keyusage.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-keyusage-struct: - -krb5_keyusage -============= - -.. -.. c:type:: krb5_keyusage -.. - - - - -Declaration ------------- - -typedef krb5_int32 krb5_keyusage - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kt_cursor.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kt_cursor.rst.txt deleted file mode 100644 index 0b374624..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kt_cursor.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-kt-cursor-struct: - -krb5_kt_cursor -============== - -.. -.. c:type:: krb5_kt_cursor -.. - - - - -Declaration ------------- - -typedef krb5_pointer krb5_kt_cursor - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kvno.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kvno.rst.txt deleted file mode 100644 index ad766bb7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_kvno.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-kvno-struct: - -krb5_kvno -========= - -.. -.. c:type:: krb5_kvno -.. - - - - -Declaration ------------- - -typedef unsigned int krb5_kvno - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_last_req_entry.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_last_req_entry.rst.txt deleted file mode 100644 index 437472ed..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_last_req_entry.rst.txt +++ /dev/null @@ -1,40 +0,0 @@ -.. highlight:: c - -.. _krb5-last-req-entry-struct: - -krb5_last_req_entry -=================== - -.. -.. c:type:: krb5_last_req_entry -.. - -Last request entry. - - - -Declaration ------------- - -typedef struct _krb5_last_req_entry krb5_last_req_entry - - -Members ---------- - - -.. c:member:: krb5_magic krb5_last_req_entry.magic - - - - -.. c:member:: krb5_int32 krb5_last_req_entry.lr_type - - LR type. - - -.. c:member:: krb5_timestamp krb5_last_req_entry.value - - Timestamp. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_magic.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_magic.rst.txt deleted file mode 100644 index 7d3fc24c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_magic.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-magic-struct: - -krb5_magic -========== - -.. -.. c:type:: krb5_magic -.. - - - - -Declaration ------------- - -typedef krb5_error_code krb5_magic - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_mk_req_checksum_func.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_mk_req_checksum_func.rst.txt deleted file mode 100644 index fa0dd01c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_mk_req_checksum_func.rst.txt +++ /dev/null @@ -1,21 +0,0 @@ -.. highlight:: c - -.. _krb5-mk-req-checksum-func-struct: - -krb5_mk_req_checksum_func -========================= - -.. -.. c:type:: krb5_mk_req_checksum_func -.. - -Type of function used as a callback to generate checksum data for mk_req. - - - -Declaration ------------- - -typedef krb5_error_code( \* krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context, void \*, krb5_data \*\*) - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_msgtype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_msgtype.rst.txt deleted file mode 100644 index b1e08cd5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_msgtype.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-msgtype-struct: - -krb5_msgtype -============ - -.. -.. c:type:: krb5_msgtype -.. - - - - -Declaration ------------- - -typedef unsigned int krb5_msgtype - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_octet.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_octet.rst.txt deleted file mode 100644 index b6802e20..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_octet.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-octet-struct: - -krb5_octet -========== - -.. -.. c:type:: krb5_octet -.. - - - - -Declaration ------------- - -typedef uint8_t krb5_octet - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_data.rst.txt deleted file mode 100644 index 390f810f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_data.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -.. highlight:: c - -.. _krb5-pa-data-struct: - -krb5_pa_data -============ - -.. -.. c:type:: krb5_pa_data -.. - -Pre-authentication data. - - - -Declaration ------------- - -typedef struct _krb5_pa_data krb5_pa_data - - -Members ---------- - - -.. c:member:: krb5_magic krb5_pa_data.magic - - - - -.. c:member:: krb5_preauthtype krb5_pa_data.pa_type - - Preauthentication data type. - - -.. c:member:: unsigned int krb5_pa_data.length - - Length of data. - - -.. c:member:: krb5_octet * krb5_pa_data.contents - - Data. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_pac_req.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_pac_req.rst.txt deleted file mode 100644 index de072e95..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_pac_req.rst.txt +++ /dev/null @@ -1,29 +0,0 @@ -.. highlight:: c - -.. _krb5-pa-pac-req-struct: - -krb5_pa_pac_req -=============== - -.. -.. c:type:: krb5_pa_pac_req -.. - - - - -Declaration ------------- - -typedef struct _krb5_pa_pac_req krb5_pa_pac_req - - -Members ---------- - - -.. c:member:: krb5_boolean krb5_pa_pac_req.include_pac - - TRUE if a PAC should be included in TGS-REP. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_server_referral_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_server_referral_data.rst.txt deleted file mode 100644 index f9037d22..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_server_referral_data.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -.. highlight:: c - -.. _krb5-pa-server-referral-data-struct: - -krb5_pa_server_referral_data -============================ - -.. -.. c:type:: krb5_pa_server_referral_data -.. - - - - -Declaration ------------- - -typedef struct _krb5_pa_server_referral_data krb5_pa_server_referral_data - - -Members ---------- - - -.. c:member:: krb5_data * krb5_pa_server_referral_data.referred_realm - - - - -.. c:member:: krb5_principal krb5_pa_server_referral_data.true_principal_name - - - - -.. c:member:: krb5_principal krb5_pa_server_referral_data.requested_principal_name - - - - -.. c:member:: krb5_timestamp krb5_pa_server_referral_data.referral_valid_until - - - - -.. c:member:: krb5_checksum krb5_pa_server_referral_data.rep_cksum - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_svr_referral_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_svr_referral_data.rst.txt deleted file mode 100644 index 8ec298d5..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pa_svr_referral_data.rst.txt +++ /dev/null @@ -1,29 +0,0 @@ -.. highlight:: c - -.. _krb5-pa-svr-referral-data-struct: - -krb5_pa_svr_referral_data -========================= - -.. -.. c:type:: krb5_pa_svr_referral_data -.. - - - - -Declaration ------------- - -typedef struct _krb5_pa_svr_referral_data krb5_pa_svr_referral_data - - -Members ---------- - - -.. c:member:: krb5_principal krb5_pa_svr_referral_data.principal - - Referred name, only realm is required. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pac.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pac.rst.txt deleted file mode 100644 index 603733c9..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pac.rst.txt +++ /dev/null @@ -1,21 +0,0 @@ -.. highlight:: c - -.. _krb5-pac-struct: - -krb5_pac -======== - -.. -.. c:type:: krb5_pac -.. - -PAC data structure to convey authorization information. - - - -Declaration ------------- - -typedef struct krb5_pac_data\* krb5_pac - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pointer.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pointer.rst.txt deleted file mode 100644 index e9a9ddd3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pointer.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-pointer-struct: - -krb5_pointer -============ - -.. -.. c:type:: krb5_pointer -.. - - - - -Declaration ------------- - -typedef void\* krb5_pointer - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_post_recv_fn.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_post_recv_fn.rst.txt deleted file mode 100644 index 54a64681..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_post_recv_fn.rst.txt +++ /dev/null @@ -1,22 +0,0 @@ -.. highlight:: c - -.. _krb5-post-recv-fn-struct: - -krb5_post_recv_fn -================= - -.. -.. c:type:: krb5_post_recv_fn -.. - -Hook function for inspecting or overriding KDC replies. - -If *code* is non-zero, KDC communication failed and *reply* should be ignored. The hook function may return *code* or a different error code, or may synthesize a reply by setting *new_reply_out* and return successfully. -The hook function should use krb5_copy_data() to construct the value for *new_reply_out* , to ensure that it can be freed correctly by the library. - -Declaration ------------- - -typedef krb5_error_code( \* krb5_post_recv_fn) (krb5_context context, void \*data, krb5_error_code code, const krb5_data \*realm, const krb5_data \*message, const krb5_data \*reply, krb5_data \*\*new_reply_out) - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pre_send_fn.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pre_send_fn.rst.txt deleted file mode 100644 index 76c3f9ab..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pre_send_fn.rst.txt +++ /dev/null @@ -1,24 +0,0 @@ -.. highlight:: c - -.. _krb5-pre-send-fn-struct: - -krb5_pre_send_fn -================ - -.. -.. c:type:: krb5_pre_send_fn -.. - -Hook function for inspecting or modifying messages sent to KDCs. - -If the hook function sets *new_reply_out* , *message* will not be sent to the KDC, and the given reply will used instead. -If the hook function sets *new_message_out* , the given message will be sent to the KDC in place of *message* . -If the hook function returns successfully without setting either output, *message* will be sent to the KDC normally. -The hook function should use krb5_copy_data() to construct the value for *new_message_out* or *reply_out* , to ensure that it can be freed correctly by the library. - -Declaration ------------- - -typedef krb5_error_code( \* krb5_pre_send_fn) (krb5_context context, void \*data, const krb5_data \*realm, const krb5_data \*message, krb5_data \*\*new_message_out, krb5_data \*\*new_reply_out) - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_preauthtype.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_preauthtype.rst.txt deleted file mode 100644 index 7cd85875..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_preauthtype.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-preauthtype-struct: - -krb5_preauthtype -================ - -.. -.. c:type:: krb5_preauthtype -.. - - - - -Declaration ------------- - -typedef krb5_int32 krb5_preauthtype - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_principal.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_principal.rst.txt deleted file mode 100644 index 818b66f1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_principal.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -.. highlight:: c - -.. _krb5-principal-struct: - -krb5_principal -============== - -.. -.. c:type:: krb5_principal -.. - - - - -Declaration ------------- - -typedef krb5_principal_data\* krb5_principal - - -Members ---------- - - -.. c:member:: krb5_magic krb5_principal.magic - - - - -.. c:member:: krb5_data krb5_principal.realm - - - - -.. c:member:: krb5_data * krb5_principal.data - - An array of strings. - - -.. c:member:: krb5_int32 krb5_principal.length - - - - -.. c:member:: krb5_int32 krb5_principal.type - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_principal_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_principal_data.rst.txt deleted file mode 100644 index f58c45b7..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_principal_data.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -.. highlight:: c - -.. _krb5-principal-data-struct: - -krb5_principal_data -=================== - -.. -.. c:type:: krb5_principal_data -.. - - - - -Declaration ------------- - -typedef struct krb5_principal_data krb5_principal_data - - -Members ---------- - - -.. c:member:: krb5_magic krb5_principal_data.magic - - - - -.. c:member:: krb5_data krb5_principal_data.realm - - - - -.. c:member:: krb5_data * krb5_principal_data.data - - An array of strings. - - -.. c:member:: krb5_int32 krb5_principal_data.length - - - - -.. c:member:: krb5_int32 krb5_principal_data.type - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompt.rst.txt deleted file mode 100644 index f31ac703..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompt.rst.txt +++ /dev/null @@ -1,40 +0,0 @@ -.. highlight:: c - -.. _krb5-prompt-struct: - -krb5_prompt -=========== - -.. -.. c:type:: krb5_prompt -.. - -Text for prompt used in prompter callback function. - - - -Declaration ------------- - -typedef struct _krb5_prompt krb5_prompt - - -Members ---------- - - -.. c:member:: char * krb5_prompt.prompt - - The prompt to show to the user. - - -.. c:member:: int krb5_prompt.hidden - - Boolean; informative prompt or hidden (e.g. - PIN) - -.. c:member:: krb5_data * krb5_prompt.reply - - Must be allocated before call to prompt routine. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompt_type.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompt_type.rst.txt deleted file mode 100644 index e36044c4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompt_type.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-prompt-type-struct: - -krb5_prompt_type -================ - -.. -.. c:type:: krb5_prompt_type -.. - - - - -Declaration ------------- - -typedef krb5_int32 krb5_prompt_type - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompter_fct.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompter_fct.rst.txt deleted file mode 100644 index 99cdc95e..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_prompter_fct.rst.txt +++ /dev/null @@ -1,21 +0,0 @@ -.. highlight:: c - -.. _krb5-prompter-fct-struct: - -krb5_prompter_fct -================= - -.. -.. c:type:: krb5_prompter_fct -.. - -Pointer to a prompter callback function. - - - -Declaration ------------- - -typedef krb5_error_code( \* krb5_prompter_fct) (krb5_context context, void \*data, const char \*name, const char \*banner, int num_prompts, krb5_prompt prompts[]) - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pwd_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pwd_data.rst.txt deleted file mode 100644 index 5797d23f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_pwd_data.rst.txt +++ /dev/null @@ -1,39 +0,0 @@ -.. highlight:: c - -.. _krb5-pwd-data-struct: - -krb5_pwd_data -============= - -.. -.. c:type:: krb5_pwd_data -.. - - - - -Declaration ------------- - -typedef struct _krb5_pwd_data krb5_pwd_data - - -Members ---------- - - -.. c:member:: krb5_magic krb5_pwd_data.magic - - - - -.. c:member:: int krb5_pwd_data.sequence_count - - - - -.. c:member:: passwd_phrase_element ** krb5_pwd_data.element - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_rcache.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_rcache.rst.txt deleted file mode 100644 index 8d08c3a4..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_rcache.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-rcache-struct: - -krb5_rcache -=========== - -.. -.. c:type:: krb5_rcache -.. - - - - -Declaration ------------- - -typedef struct krb5_rc_st\* krb5_rcache - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_replay_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_replay_data.rst.txt deleted file mode 100644 index afd88127..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_replay_data.rst.txt +++ /dev/null @@ -1,40 +0,0 @@ -.. highlight:: c - -.. _krb5-replay-data-struct: - -krb5_replay_data -================ - -.. -.. c:type:: krb5_replay_data -.. - -Replay data. - -Sequence number and timestamp information output by krb5_rd_priv() and krb5_rd_safe(). - -Declaration ------------- - -typedef struct krb5_replay_data krb5_replay_data - - -Members ---------- - - -.. c:member:: krb5_timestamp krb5_replay_data.timestamp - - Timestamp, seconds portion. - - -.. c:member:: krb5_int32 krb5_replay_data.usec - - Timestamp, microseconds portion. - - -.. c:member:: krb5_ui_4 krb5_replay_data.seq - - Sequence number. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_context.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_context.rst.txt deleted file mode 100644 index be5ccc42..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_context.rst.txt +++ /dev/null @@ -1,22 +0,0 @@ -.. highlight:: c - -.. _krb5-responder-context-struct: - -krb5_responder_context -====================== - -.. -.. c:type:: krb5_responder_context -.. - -A container for a set of preauthentication questions and answers. - -A responder context is supplied by the krb5 authentication system to a krb5_responder_fn callback. It contains a list of questions and can receive answers. Questions contained in a responder context can be listed using krb5_responder_list_questions(), retrieved using krb5_responder_get_challenge(), or answered using krb5_responder_set_answer(). The form of a question's challenge and answer depend on the question name. - - -Declaration ------------- - -typedef struct krb5_responder_context_st\* krb5_responder_context - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_fn.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_fn.rst.txt deleted file mode 100644 index a66fa6c0..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_fn.rst.txt +++ /dev/null @@ -1,21 +0,0 @@ -.. highlight:: c - -.. _krb5-responder-fn-struct: - -krb5_responder_fn -================= - -.. -.. c:type:: krb5_responder_fn -.. - -Responder function for an initial credential exchange. - -If a required question is unanswered, the prompter may be called. - -Declaration ------------- - -typedef krb5_error_code( \* krb5_responder_fn) (krb5_context ctx, void \*data, krb5_responder_context rctx) - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_otp_challenge.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_otp_challenge.rst.txt deleted file mode 100644 index 9001a574..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_otp_challenge.rst.txt +++ /dev/null @@ -1,34 +0,0 @@ -.. highlight:: c - -.. _krb5-responder-otp-challenge-struct: - -krb5_responder_otp_challenge -============================ - -.. -.. c:type:: krb5_responder_otp_challenge -.. - - - - -Declaration ------------- - -typedef struct _krb5_responder_otp_challenge krb5_responder_otp_challenge - - -Members ---------- - - -.. c:member:: char * krb5_responder_otp_challenge.service - - - - -.. c:member:: krb5_responder_otp_tokeninfo ** krb5_responder_otp_challenge.tokeninfo - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_otp_tokeninfo.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_otp_tokeninfo.rst.txt deleted file mode 100644 index 18c53c88..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_otp_tokeninfo.rst.txt +++ /dev/null @@ -1,59 +0,0 @@ -.. highlight:: c - -.. _krb5-responder-otp-tokeninfo-struct: - -krb5_responder_otp_tokeninfo -============================ - -.. -.. c:type:: krb5_responder_otp_tokeninfo -.. - - - - -Declaration ------------- - -typedef struct _krb5_responder_otp_tokeninfo krb5_responder_otp_tokeninfo - - -Members ---------- - - -.. c:member:: krb5_flags krb5_responder_otp_tokeninfo.flags - - - - -.. c:member:: krb5_int32 krb5_responder_otp_tokeninfo.format - - - - -.. c:member:: krb5_int32 krb5_responder_otp_tokeninfo.length - - - - -.. c:member:: char * krb5_responder_otp_tokeninfo.vendor - - - - -.. c:member:: char * krb5_responder_otp_tokeninfo.challenge - - - - -.. c:member:: char * krb5_responder_otp_tokeninfo.token_id - - - - -.. c:member:: char * krb5_responder_otp_tokeninfo.alg_id - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_pkinit_challenge.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_pkinit_challenge.rst.txt deleted file mode 100644 index 7e35621d..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_pkinit_challenge.rst.txt +++ /dev/null @@ -1,29 +0,0 @@ -.. highlight:: c - -.. _krb5-responder-pkinit-challenge-struct: - -krb5_responder_pkinit_challenge -=============================== - -.. -.. c:type:: krb5_responder_pkinit_challenge -.. - - - - -Declaration ------------- - -typedef struct _krb5_responder_pkinit_challenge krb5_responder_pkinit_challenge - - -Members ---------- - - -.. c:member:: krb5_responder_pkinit_identity ** krb5_responder_pkinit_challenge.identities - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_pkinit_identity.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_pkinit_identity.rst.txt deleted file mode 100644 index 9535693b..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_responder_pkinit_identity.rst.txt +++ /dev/null @@ -1,34 +0,0 @@ -.. highlight:: c - -.. _krb5-responder-pkinit-identity-struct: - -krb5_responder_pkinit_identity -============================== - -.. -.. c:type:: krb5_responder_pkinit_identity -.. - - - - -Declaration ------------- - -typedef struct _krb5_responder_pkinit_identity krb5_responder_pkinit_identity - - -Members ---------- - - -.. c:member:: char * krb5_responder_pkinit_identity.identity - - - - -.. c:member:: krb5_int32 krb5_responder_pkinit_identity.token_flags - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_response.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_response.rst.txt deleted file mode 100644 index 1e31caa6..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_response.rst.txt +++ /dev/null @@ -1,49 +0,0 @@ -.. highlight:: c - -.. _krb5-response-struct: - -krb5_response -============= - -.. -.. c:type:: krb5_response -.. - - - - -Declaration ------------- - -typedef struct _krb5_response krb5_response - - -Members ---------- - - -.. c:member:: krb5_magic krb5_response.magic - - - - -.. c:member:: krb5_octet krb5_response.message_type - - - - -.. c:member:: krb5_data krb5_response.response - - - - -.. c:member:: krb5_int32 krb5_response.expected_nonce - - - - -.. c:member:: krb5_timestamp krb5_response.request_time - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ticket.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ticket.rst.txt deleted file mode 100644 index b1f9e6ad..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ticket.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -.. highlight:: c - -.. _krb5-ticket-struct: - -krb5_ticket -=========== - -.. -.. c:type:: krb5_ticket -.. - -Ticket structure. - -The C representation of the ticket message, with a pointer to the C representation of the encrypted part. - -Declaration ------------- - -typedef struct _krb5_ticket krb5_ticket - - -Members ---------- - - -.. c:member:: krb5_magic krb5_ticket.magic - - - - -.. c:member:: krb5_principal krb5_ticket.server - - server name/realm - - -.. c:member:: krb5_enc_data krb5_ticket.enc_part - - encryption type, kvno, encrypted encoding - - -.. c:member:: krb5_enc_tkt_part * krb5_ticket.enc_part2 - - ptr to decrypted version, if available - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ticket_times.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ticket_times.rst.txt deleted file mode 100644 index 60f7fd53..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ticket_times.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -.. highlight:: c - -.. _krb5-ticket-times-struct: - -krb5_ticket_times -================= - -.. -.. c:type:: krb5_ticket_times -.. - -Ticket start time, end time, and renewal duration. - - - -Declaration ------------- - -typedef struct _krb5_ticket_times krb5_ticket_times - - -Members ---------- - - -.. c:member:: krb5_timestamp krb5_ticket_times.authtime - - Time at which KDC issued the initial ticket that corresponds to this ticket. - - -.. c:member:: krb5_timestamp krb5_ticket_times.starttime - - optional in ticket, if not present, use *authtime* - - -.. c:member:: krb5_timestamp krb5_ticket_times.endtime - - Ticket expiration time. - - -.. c:member:: krb5_timestamp krb5_ticket_times.renew_till - - Latest time at which renewal of ticket can be valid. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_timestamp.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_timestamp.rst.txt deleted file mode 100644 index 4a13d685..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_timestamp.rst.txt +++ /dev/null @@ -1,21 +0,0 @@ -.. highlight:: c - -.. _krb5-timestamp-struct: - -krb5_timestamp -============== - -.. -.. c:type:: krb5_timestamp -.. - -Represents a timestamp in seconds since the POSIX epoch. - -This legacy type is used frequently in the ABI, but cannot represent timestamps after 2038 as a positive number. Code which uses this type should cast values of it to uint32_t so that negative values are treated as timestamps between 2038 and 2106 on platforms with 64-bit time_t. - -Declaration ------------- - -typedef krb5_int32 krb5_timestamp - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_tkt_authent.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_tkt_authent.rst.txt deleted file mode 100644 index bbc53e77..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_tkt_authent.rst.txt +++ /dev/null @@ -1,45 +0,0 @@ -.. highlight:: c - -.. _krb5-tkt-authent-struct: - -krb5_tkt_authent -================ - -.. -.. c:type:: krb5_tkt_authent -.. - -Ticket authentication data. - - - -Declaration ------------- - -typedef struct _krb5_tkt_authent krb5_tkt_authent - - -Members ---------- - - -.. c:member:: krb5_magic krb5_tkt_authent.magic - - - - -.. c:member:: krb5_ticket * krb5_tkt_authent.ticket - - - - -.. c:member:: krb5_authenticator * krb5_tkt_authent.authenticator - - - - -.. c:member:: krb5_flags krb5_tkt_authent.ap_options - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_tkt_creds_context.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_tkt_creds_context.rst.txt deleted file mode 100644 index 95c9625f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_tkt_creds_context.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-tkt-creds-context-struct: - -krb5_tkt_creds_context -====================== - -.. -.. c:type:: krb5_tkt_creds_context -.. - - - - -Declaration ------------- - -typedef struct _krb5_tkt_creds_context\* krb5_tkt_creds_context - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_trace_callback.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_trace_callback.rst.txt deleted file mode 100644 index f201ec18..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_trace_callback.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-trace-callback-struct: - -krb5_trace_callback -=================== - -.. -.. c:type:: krb5_trace_callback -.. - - - - -Declaration ------------- - -typedef void( \* krb5_trace_callback) (krb5_context context, const krb5_trace_info \*info, void \*cb_data) - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_trace_info.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_trace_info.rst.txt deleted file mode 100644 index 0a90a4ef..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_trace_info.rst.txt +++ /dev/null @@ -1,30 +0,0 @@ -.. highlight:: c - -.. _krb5-trace-info-struct: - -krb5_trace_info -=============== - -.. -.. c:type:: krb5_trace_info -.. - -A wrapper for passing information to a *krb5_trace_callback* . - -Currently, it only contains the formatted message as determined the the format string and arguments of the tracing macro, but it may be extended to contain more fields in the future. - -Declaration ------------- - -typedef struct _krb5_trace_info krb5_trace_info - - -Members ---------- - - -.. c:member:: const char * krb5_trace_info.message - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_transited.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_transited.rst.txt deleted file mode 100644 index 2c3751ab..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_transited.rst.txt +++ /dev/null @@ -1,40 +0,0 @@ -.. highlight:: c - -.. _krb5-transited-struct: - -krb5_transited -============== - -.. -.. c:type:: krb5_transited -.. - -Structure for transited encoding. - - - -Declaration ------------- - -typedef struct _krb5_transited krb5_transited - - -Members ---------- - - -.. c:member:: krb5_magic krb5_transited.magic - - - - -.. c:member:: krb5_octet krb5_transited.tr_type - - Transited encoding type. - - -.. c:member:: krb5_data krb5_transited.tr_contents - - Contents. - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_typed_data.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_typed_data.rst.txt deleted file mode 100644 index 0894be9c..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_typed_data.rst.txt +++ /dev/null @@ -1,44 +0,0 @@ -.. highlight:: c - -.. _krb5-typed-data-struct: - -krb5_typed_data -=============== - -.. -.. c:type:: krb5_typed_data -.. - - - - -Declaration ------------- - -typedef struct _krb5_typed_data krb5_typed_data - - -Members ---------- - - -.. c:member:: krb5_magic krb5_typed_data.magic - - - - -.. c:member:: krb5_int32 krb5_typed_data.type - - - - -.. c:member:: unsigned int krb5_typed_data.length - - - - -.. c:member:: krb5_octet * krb5_typed_data.data - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ui_2.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ui_2.rst.txt deleted file mode 100644 index ed07896f..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ui_2.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-ui-2-struct: - -krb5_ui_2 -========= - -.. -.. c:type:: krb5_ui_2 -.. - - - - -Declaration ------------- - -typedef uint16_t krb5_ui_2 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ui_4.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ui_4.rst.txt deleted file mode 100644 index 4e754133..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_ui_4.rst.txt +++ /dev/null @@ -1,20 +0,0 @@ -.. highlight:: c - -.. _krb5-ui-4-struct: - -krb5_ui_4 -========= - -.. -.. c:type:: krb5_ui_4 -.. - - - - -Declaration ------------- - -typedef uint32_t krb5_ui_4 - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_verify_init_creds_opt.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_verify_init_creds_opt.rst.txt deleted file mode 100644 index c46fd9d3..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/krb5_verify_init_creds_opt.rst.txt +++ /dev/null @@ -1,34 +0,0 @@ -.. highlight:: c - -.. _krb5-verify-init-creds-opt-struct: - -krb5_verify_init_creds_opt -========================== - -.. -.. c:type:: krb5_verify_init_creds_opt -.. - - - - -Declaration ------------- - -typedef struct _krb5_verify_init_creds_opt krb5_verify_init_creds_opt - - -Members ---------- - - -.. c:member:: krb5_flags krb5_verify_init_creds_opt.flags - - - - -.. c:member:: int krb5_verify_init_creds_opt.ap_req_nofail - - boolean - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/passwd_phrase_element.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/refs/types/passwd_phrase_element.rst.txt deleted file mode 100644 index 41532ee1..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/refs/types/passwd_phrase_element.rst.txt +++ /dev/null @@ -1,39 +0,0 @@ -.. highlight:: c - -.. _passwd-phrase-element-struct: - -passwd_phrase_element -===================== - -.. -.. c:type:: passwd_phrase_element -.. - - - - -Declaration ------------- - -typedef struct _passwd_phrase_element passwd_phrase_element - - -Members ---------- - - -.. c:member:: krb5_magic passwd_phrase_element.magic - - - - -.. c:member:: krb5_data * passwd_phrase_element.passwd - - - - -.. c:member:: krb5_data * passwd_phrase_element.phrase - - - - diff --git a/krb5-1.21.3/doc/html/_sources/appdev/y2038.rst.txt b/krb5-1.21.3/doc/html/_sources/appdev/y2038.rst.txt deleted file mode 100644 index bc4122da..00000000 --- a/krb5-1.21.3/doc/html/_sources/appdev/y2038.rst.txt +++ /dev/null @@ -1,28 +0,0 @@ -Year 2038 considerations for uses of krb5_timestamp -=================================================== - -POSIX time values, which measure the number of seconds since January 1 -1970, will exceed the maximum value representable in a signed 32-bit -integer in January 2038. This documentation describes considerations -for consumers of the MIT krb5 libraries. - -Applications or libraries which use libkrb5 and consume the timestamps -included in credentials or other structures make use of the -:c:type:`krb5_timestamp` type. For historical reasons, krb5_timestamp -is a signed 32-bit integer, even on platforms where a larger type is -natively used to represent time values. To behave properly for time -values after January 2038, calling code should cast krb5_timestamp -values to uint32_t, and then to time_t:: - - (time_t)(uint32_t)timestamp - -Used in this way, krb5_timestamp values can represent time values up -until February 2106, provided that the platform uses a 64-bit or -larger time_t type. This usage will also remain safe if a later -version of MIT krb5 changes krb5_timestamp to an unsigned 32-bit -integer. - -The GSSAPI only uses representations of time intervals, not absolute -times. Callers of the GSSAPI should require no changes to behave -correctly after January 2038, provided that they use MIT krb5 release -1.16 or later. diff --git a/krb5-1.21.3/doc/html/_sources/basic/ccache_def.rst.txt b/krb5-1.21.3/doc/html/_sources/basic/ccache_def.rst.txt deleted file mode 100644 index 53542add..00000000 --- a/krb5-1.21.3/doc/html/_sources/basic/ccache_def.rst.txt +++ /dev/null @@ -1,160 +0,0 @@ -.. _ccache_definition: - -Credential cache -================ - -A credential cache (or "ccache") holds Kerberos credentials while they -remain valid and, generally, while the user's session lasts, so that -authenticating to a service multiple times (e.g., connecting to a web -or mail server more than once) doesn't require contacting the KDC -every time. - -A credential cache usually contains one initial ticket which is -obtained using a password or another form of identity verification. -If this ticket is a ticket-granting ticket, it can be used to obtain -additional credentials without the password. Because the credential -cache does not store the password, less long-term damage can be done -to the user's account if the machine is compromised. - -A credentials cache stores a default client principal name, set when -the cache is created. This is the name shown at the top of the -:ref:`klist(1)` *-A* output. - -Each normal cache entry includes a service principal name, a client -principal name (which, in some ccache types, need not be the same as -the default), lifetime information, and flags, along with the -credential itself. There are also other entries, indicated by special -names, that store additional information. - - -ccache types ------------- - -The credential cache interface, like the :ref:`keytab_definition` and -:ref:`rcache_definition` interfaces, uses `TYPE:value` strings to -indicate the type of credential cache and any associated cache naming -data to use. - -There are several kinds of credentials cache supported in the MIT -Kerberos library. Not all are supported on every platform. In most -cases, it should be correct to use the default type built into the -library. - -#. **API** is only implemented on Windows. It communicates with a - server process that holds the credentials in memory for the user, - rather than writing them to disk. - -#. **DIR** points to the storage location of the collection of the - credential caches in *FILE:* format. It is most useful when dealing - with multiple Kerberos realms and KDCs. For release 1.10 the - directory must already exist. In post-1.10 releases the - requirement is for parent directory to exist and the current - process must have permissions to create the directory if it does - not exist. See :ref:`col_ccache` for details. New in release 1.10. - The following residual forms are supported: - - * DIR:dirname - * DIR::dirpath/filename - a single cache within the directory - - Switching to a ccache of the latter type causes it to become the - primary for the directory. - -#. **FILE** caches are the simplest and most portable. A simple flat - file format is used to store one credential after another. This is - the default ccache type if no type is specified in a ccache name. - -#. **KCM** caches work by contacting a daemon process called ``kcm`` - to perform cache operations. If the cache name is just ``KCM:``, - the default cache as determined by the KCM daemon will be used. - Newly created caches must generally be named ``KCM:uid:name``, - where *uid* is the effective user ID of the running process. - - KCM client support is new in release 1.13. A KCM daemon has not - yet been implemented in MIT krb5, but the client will interoperate - with the KCM daemon implemented by Heimdal. macOS 10.7 and higher - provides a KCM daemon as part of the operating system, and the - **KCM** cache type is used as the default cache on that platform in - a default build. - -#. **KEYRING** is Linux-specific, and uses the kernel keyring support - to store credential data in unswappable kernel memory where only - the current user should be able to access it. The following - residual forms are supported: - - * KEYRING:name - * KEYRING:process:name - process keyring - * KEYRING:thread:name - thread keyring - - Starting with release 1.12 the *KEYRING* type supports collections. - The following new residual forms were added: - - * KEYRING:session:name - session keyring - * KEYRING:user:name - user keyring - * KEYRING:persistent:uidnumber - persistent per-UID collection. - Unlike the user keyring, this collection survives after the user - logs out, until the cache credentials expire. This type of - ccache requires support from the kernel; otherwise, it will fall - back to the user keyring. - - See :ref:`col_ccache` for details. - -#. **MEMORY** caches are for storage of credentials that don't need to - be made available outside of the current process. For example, a - memory ccache is used by :ref:`kadmin(1)` to store the - administrative ticket used to contact the admin server. Memory - ccaches are faster than file ccaches and are automatically - destroyed when the process exits. - -#. **MSLSA** is a Windows-specific cache type that accesses the - Windows credential store. - - -.. _col_ccache: - -Collections of caches ---------------------- - -Some credential cache types can support collections of multiple -caches. One of the caches in the collection is designated as the -*primary* and will be used when the collection is resolved as a cache. -When a collection-enabled cache type is the default cache for a -process, applications can search the specified collection for a -specific client principal, and GSSAPI applications will automatically -select between the caches in the collection based on criteria such as -the target service realm. - -Credential cache collections are new in release 1.10, with support -from the **DIR** and **API** ccache types. Starting in release 1.12, -collections are also supported by the **KEYRING** ccache type. -Collections are supported by the **KCM** ccache type in release 1.13. - - -Tool alterations to use cache collection -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -* :ref:`kdestroy(1)` *-A* will destroy all caches in the collection. -* If the default cache type supports switching, :ref:`kinit(1)` - *princname* will search the collection for a matching cache and - store credentials there, or will store credentials in a new unique - cache of the default type if no existing cache for the principal - exists. Either way, kinit will switch to the selected cache. -* :ref:`klist(1)` *-l* will list the caches in the collection. -* :ref:`klist(1)` *-A* will show the content of all caches in the - collection. -* :ref:`kswitch(1)` *-p princname* will search the collection for a - matching cache and switch to it. -* :ref:`kswitch(1)` *-c cachename* will switch to a specified cache. - - -Default ccache name -------------------- - -The default credential cache name is determined by the following, in -descending order of priority: - -#. The **KRB5CCNAME** environment variable. For example, - ``KRB5CCNAME=DIR:/mydir/``. - -#. The **default_ccache_name** profile variable in :ref:`libdefaults`. - -#. The hardcoded default, |ccache|. diff --git a/krb5-1.21.3/doc/html/_sources/basic/date_format.rst.txt b/krb5-1.21.3/doc/html/_sources/basic/date_format.rst.txt deleted file mode 100644 index 6ee82ce6..00000000 --- a/krb5-1.21.3/doc/html/_sources/basic/date_format.rst.txt +++ /dev/null @@ -1,140 +0,0 @@ -.. _datetime: - -Supported date and time formats -=============================== - -.. _duration: - -Time duration -------------- - -This format is used to express a time duration in the Kerberos -configuration files and user commands. The allowed formats are: - - ====================== ============== ============ - Format Example Value - ---------------------- -------------- ------------ - h:m[:s] 36:00 36 hours - NdNhNmNs 8h30s 8 hours 30 seconds - N (number of seconds) 3600 1 hour - ====================== ============== ============ - -Here *N* denotes a number, *d* - days, *h* - hours, *m* - minutes, -*s* - seconds. - -.. note:: - - The time interval should not exceed 2147483647 seconds. - -Examples:: - - Request a ticket valid for one hour, five hours, 30 minutes - and 10 days respectively: - - kinit -l 3600 - kinit -l 5:00 - kinit -l 30m - kinit -l "10d 0h 0m 0s" - - -.. _getdate: - -getdate time ------------- - -Some of the kadmin and kdb5_util commands take a date-time in a -human-readable format. Some of the acceptable date-time -strings are: - - +-----------+------------------+-----------------+ - | | Format | Example | - +===========+==================+=================+ - | Date | mm/dd/yy | 07/27/12 | - | +------------------+-----------------+ - | | month dd, yyyy | Jul 27, 2012 | - | +------------------+-----------------+ - | | yyyy-mm-dd | 2012-07-27 | - +-----------+------------------+-----------------+ - | Absolute | HH:mm[:ss]pp | 08:30 PM | - | time +------------------+-----------------+ - | | hh:mm[:ss] | 20:30 | - +-----------+------------------+-----------------+ - | Relative | N tt | 30 sec | - | time | | | - +-----------+------------------+-----------------+ - | Time zone | Z | EST | - | +------------------+-----------------+ - | | z | -0400 | - +-----------+------------------+-----------------+ - -(See :ref:`abbreviation`.) - -Examples:: - - Create a principal that expires on the date indicated: - addprinc test1 -expire "3/27/12 10:00:07 EST" - addprinc test2 -expire "January 23, 2015 10:05pm" - addprinc test3 -expire "22:00 GMT" - Add a principal that will expire in 30 minutes: - addprinc test4 -expire "30 minutes" - - -.. _abstime: - -Absolute time -------------- - -This rarely used date-time format can be noted in one of the -following ways: - - - +------------------------+----------------------+--------------+ - | Format | Example | Value | - +========================+======================+==============+ - | yyyymmddhhmmss | 20141231235900 | One minute | - +------------------------+----------------------+ before 2015 | - | yyyy.mm.dd.hh.mm.ss | 2014.12.31.23.59.00 | | - +------------------------+----------------------+ | - | yymmddhhmmss | 141231235900 | | - +------------------------+----------------------+ | - | yy.mm.dd.hh.mm.ss | 14.12.31.23.59.00 | | - +------------------------+----------------------+ | - | dd-month-yyyy:hh:mm:ss | 31-Dec-2014:23:59:00 | | - +------------------------+----------------------+--------------+ - | hh:mm:ss | 20:00:00 | 8 o'clock in | - +------------------------+----------------------+ the evening | - | hhmmss | 200000 | | - +------------------------+----------------------+--------------+ - -(See :ref:`abbreviation`.) - -Example:: - - Set the default expiration date to July 27, 2012 at 20:30 - default_principal_expiration = 20120727203000 - - -.. _abbreviation: - -Abbreviations used in this document -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -| *month* : locale’s month name or its abbreviation; -| *dd* : day of month (01-31); -| *HH* : hours (00-12); -| *hh* : hours (00-23); -| *mm* : in time - minutes (00-59); in date - month (01-12); -| *N* : number; -| *pp* : AM or PM; -| *ss* : seconds (00-60); -| *tt* : time units (hours, minutes, min, seconds, sec); -| *yyyy* : year; -| *yy* : last two digits of the year; -| *Z* : alphabetic time zone abbreviation; -| *z* : numeric time zone; - -.. note:: - - - If the date specification contains spaces, you may need to - enclose it in double quotes; - - All keywords are case-insensitive. diff --git a/krb5-1.21.3/doc/html/_sources/basic/index.rst.txt b/krb5-1.21.3/doc/html/_sources/basic/index.rst.txt deleted file mode 100644 index 87a9b547..00000000 --- a/krb5-1.21.3/doc/html/_sources/basic/index.rst.txt +++ /dev/null @@ -1,14 +0,0 @@ -.. _basic_concepts: - -Kerberos V5 concepts -==================== - - -.. toctree:: - :maxdepth: 1 - - ccache_def - keytab_def - rcache_def - stash_file_def - date_format diff --git a/krb5-1.21.3/doc/html/_sources/basic/keytab_def.rst.txt b/krb5-1.21.3/doc/html/_sources/basic/keytab_def.rst.txt deleted file mode 100644 index 6c7fcc3b..00000000 --- a/krb5-1.21.3/doc/html/_sources/basic/keytab_def.rst.txt +++ /dev/null @@ -1,59 +0,0 @@ -.. _keytab_definition: - -keytab -====== - -A keytab (short for "key table") stores long-term keys for one or more -principals. Keytabs are normally represented by files in a standard -format, although in rare cases they can be represented in other ways. -Keytabs are used most often to allow server applications to accept -authentications from clients, but can also be used to obtain initial -credentials for client applications. - -Keytabs are named using the format *type*\ ``:``\ *value*. Usually -*type* is ``FILE`` and *value* is the absolute pathname of the file. -The other possible value for *type* is ``MEMORY``, which indicates a -temporary keytab stored in the memory of the current process. - -A keytab contains one or more entries, where each entry consists of a -timestamp (indicating when the entry was written to the keytab), a -principal name, a key version number, an encryption type, and the -encryption key itself. - -A keytab can be displayed using the :ref:`klist(1)` command with the -``-k`` option. Keytabs can be created or appended to by extracting -keys from the KDC database using the :ref:`kadmin(1)` :ref:`ktadd` -command. Keytabs can be manipulated using the :ref:`ktutil(1)` and -:ref:`k5srvutil(1)` commands. - - -Default keytab --------------- - -The default keytab is used by server applications if the application -does not request a specific keytab. The name of the default keytab is -determined by the following, in decreasing order of preference: - -#. The **KRB5_KTNAME** environment variable. - -#. The **default_keytab_name** profile variable in :ref:`libdefaults`. - -#. The hardcoded default, |keytab|. - - -Default client keytab ---------------------- - -The default client keytab is used, if it is present and readable, to -automatically obtain initial credentials for GSSAPI client -applications. The principal name of the first entry in the client -keytab is used by default when obtaining initial credentials. The -name of the default client keytab is determined by the following, in -decreasing order of preference: - -#. The **KRB5_CLIENT_KTNAME** environment variable. - -#. The **default_client_keytab_name** profile variable in - :ref:`libdefaults`. - -#. The hardcoded default, |ckeytab|. diff --git a/krb5-1.21.3/doc/html/_sources/basic/rcache_def.rst.txt b/krb5-1.21.3/doc/html/_sources/basic/rcache_def.rst.txt deleted file mode 100644 index a80cf5af..00000000 --- a/krb5-1.21.3/doc/html/_sources/basic/rcache_def.rst.txt +++ /dev/null @@ -1,111 +0,0 @@ -.. _rcache_definition: - -replay cache -============ - -A replay cache (or "rcache") keeps track of all authenticators -recently presented to a service. If a duplicate authentication -request is detected in the replay cache, an error message is sent to -the application program. - -The replay cache interface, like the credential cache and -:ref:`keytab_definition` interfaces, uses `type:residual` strings to -indicate the type of replay cache and any associated cache naming -data to use. - -Background information ----------------------- - -Some Kerberos or GSSAPI services use a simple authentication mechanism -where a message is sent containing an authenticator, which establishes -the encryption key that the client will use for talking to the -service. But nothing about that prevents an eavesdropper from -recording the messages sent by the client, establishing a new -connection, and re-sending or "replaying" the same messages; the -replayed authenticator will establish the same encryption key for the -new session, and the following messages will be decrypted and -processed. The attacker may not know what the messages say, and can't -generate new messages under the same encryption key, but in some -instances it may be harmful to the user (or helpful to the attacker) -to cause the server to see the same messages again a second time. For -example, if the legitimate client sends "delete first message in -mailbox", a replay from an attacker may delete another, different -"first" message. (Protocol design to guard against such problems has -been discussed in :rfc:`4120#section-10`.) - -Even if one protocol uses further protection to verify that the client -side of the connection actually knows the encryption keys (and thus is -presumably a legitimate user), if another service uses the same -service principal name, it may be possible to record an authenticator -used with the first protocol and "replay" it against the second. - -The replay cache mitigates these attacks somewhat, by keeping track of -authenticators that have been seen until their five-minute window -expires. Different authenticators generated by multiple connections -from the same legitimate client will generally have different -timestamps, and thus will not be considered the same. - -This mechanism isn't perfect. If a message is sent to one application -server but a man-in-the-middle attacker can prevent it from actually -arriving at that server, the attacker could then use the authenticator -(once!) against a different service on the same host. This could be a -problem if the message from the client included something more than -authentication in the first message that could be useful to the -attacker (which is uncommon; in most protocols the server has to -indicate a successful authentication before the client sends -additional messages), or if the simple act of presenting the -authenticator triggers some interesting action in the service being -attacked. - -Replay cache types ------------------- - -Unlike the credential cache and keytab interfaces, replay cache types -are in lowercase. The following types are defined: - -#. **none** disables the replay cache. The residual value is ignored. - -#. **file2** (new in release 1.18) uses a hash-based format to store - replay records. The file may grow to accommodate hash collisions. - The residual value is the filename. - -#. **dfl** is the default type if no environment variable or - configuration specifies a different type. It stores replay data in - a file2 replay cache with a filename based on the effective uid. - The residual value is ignored. - -For the dfl type, the location of the replay cache file is determined -as follows: - -#. The directory is taken from the **KRB5RCACHEDIR** environment - variable, or the **TMPDIR** environment variable, or a temporary - directory determined at configuration time such as ``/var/tmp``, in - descending order of preference. - -#. The filename is ``krb5_EUID.rcache2`` where EUID is the effective - uid of the process. - -#. The file is opened without following symbolic links, and ownership - of the file is verified to match the effective uid. - -On Windows, the directory for the dfl type is the local appdata -directory, unless overridden by the **KRB5RCACHEDIR** environment -variable. The filename on Windows is ``krb5.rcache2``, and the file -is opened normally. - -Default replay cache name -------------------------- - -The default replay cache name is determined by the following, in -descending order of priority: - -#. The **KRB5RCACHENAME** environment variable (new in release 1.18). - -#. The **KRB5RCACHETYPE** environment variable. If this variable is - set, the residual value is empty. - -#. The **default_rcache_name** profile variable in :ref:`libdefaults` - (new in release 1.18). - -#. If none of the above are set, the default replay cache name is - ``dfl:``. diff --git a/krb5-1.21.3/doc/html/_sources/basic/stash_file_def.rst.txt b/krb5-1.21.3/doc/html/_sources/basic/stash_file_def.rst.txt deleted file mode 100644 index 256e2c27..00000000 --- a/krb5-1.21.3/doc/html/_sources/basic/stash_file_def.rst.txt +++ /dev/null @@ -1,25 +0,0 @@ -.. _stash_definition: - - -stash file -============ - -The stash file is a local copy of the master key that resides in -encrypted form on the KDC's local disk. The stash file is used to -authenticate the KDC to itself automatically before starting the -:ref:`kadmind(8)` and :ref:`krb5kdc(8)` daemons (e.g., as part of the -machine's boot sequence). The stash file, like the keytab file (see -:ref:`keytab_file`) is a potential point-of-entry for a break-in, and -if compromised, would allow unrestricted access to the Kerberos -database. If you choose to install a stash file, it should be -readable only by root, and should exist only on the KDC's local disk. -The file should not be part of any backup of the machine, unless -access to the backup data is secured as tightly as access to the -master password itself. - -.. note:: - - If you choose not to install a stash file, the KDC will prompt you for the master key each time it starts up. - This means that the KDC will not be able to start automatically, such as after a system reboot. - - diff --git a/krb5-1.21.3/doc/html/_sources/build/directory_org.rst.txt b/krb5-1.21.3/doc/html/_sources/build/directory_org.rst.txt deleted file mode 100644 index 109b69a3..00000000 --- a/krb5-1.21.3/doc/html/_sources/build/directory_org.rst.txt +++ /dev/null @@ -1,75 +0,0 @@ -Organization of the source directory -==================================== - -Below is a brief overview of the organization of the complete source -directory. More detailed descriptions follow. - -=============== ============================================== -appl Kerberos application client and server programs -ccapi Credential cache services -clients Kerberos V5 user programs (See :ref:`user_commands`) -config Configure scripts -config-files Sample Kerberos configuration files -include include files needed to build the Kerberos system -kadmin Administrative interface to the Kerberos database: :ref:`kadmin(1)`, :ref:`kdb5_util(8)`, :ref:`ktutil(1)`. -kdc Kerberos V5 Authentication Service and Key Distribution Center -lib_ Libraries for use with/by Kerberos V5 -plugins Kerberos plugins directory -po Localization infrastructure -prototype Templates files containing the MIT copyright message and a placeholder for the title and description of the file. -kprop Utilities for propagating the database to replica KDCs :ref:`kprop(8)` and :ref:`kpropd(8)` -tests Test suite -util_ Various utilities for building/configuring the code, sending bug reports, etc. -windows Source code for building Kerberos V5 on Windows (see windows/README) -=============== ============================================== - - -.. _lib: - -lib ---- - -The lib directory contain several subdirectories as well as some -definition and glue files. - - - The apputils directory contains the code for the generic network - servicing. - - The crypto subdirectory contains the Kerberos V5 encryption - library. - - The gssapi library contains the Generic Security Services API, - which is a library of commands to be used in secure client-server - communication. - - The kadm5 directory contains the libraries for the KADM5 - administration utilities. - - The Kerberos 5 database libraries are contained in kdb. - - The krb5 directory contains Kerberos 5 API. - - The rpc directory contains the API for the Kerberos Remote - Procedure Call protocol. - - -.. _util: - -util ----- - -The util directory contains several utility programs and libraries. - - the programs used to configure and build the code, such as - autoconf, lndir, kbuild, reconf, and makedepend, are in this - directory. - - the profile directory contains most of the functions which parse - the Kerberos configuration files (krb5.conf and kdc.conf). - - the Kerberos error table library and utilities (et); - - the Sub-system library and utilities (ss); - - database utilities (db2); - - pseudo-terminal utilities (pty); - - bug-reporting program send-pr; - - a generic support library support used by several of our other - libraries; - - the build infrastructure for building lightweight Kerberos client - (collected-client-lib) - - the tool for validating Kerberos configuration files - (confvalidator); - - the toolkit for kernel integrators for building krb5 code subsets - (gss-kernel-lib); - - source code for building Kerberos V5 on MacOS (mac) - - Windows getopt operations (windows) diff --git a/krb5-1.21.3/doc/html/_sources/build/doing_build.rst.txt b/krb5-1.21.3/doc/html/_sources/build/doing_build.rst.txt deleted file mode 100644 index 59cb546c..00000000 --- a/krb5-1.21.3/doc/html/_sources/build/doing_build.rst.txt +++ /dev/null @@ -1,148 +0,0 @@ -Doing the build -=============== - -.. _do_build: - -Building within a single tree ------------------------------ - -If you only need to build Kerberos for one platform, using a single -directory tree which contains both the source files and the object -files is the simplest. However, if you need to maintain Kerberos for -a large number of platforms, you will probably want to use separate -build trees for each platform. We recommend that you look at OS -Incompatibilities, for notes that we have on particular operating -systems. - -If you don't want separate build trees for each architecture, then use -the following abbreviated procedure:: - - cd /u1/krb5-VERSION/src - ./configure - make - -That's it! - -Building with separate build directories ----------------------------------------- - -If you wish to keep separate build directories for each platform, you -can do so using the following procedure. (Note, this requires that -your make program support VPATH. GNU's make will provide this -functionality, for example.) If your make program does not support -this, see the next section. - -For example, if you wish to store the binaries in ``tmpbuild`` build -directory you might use the following procedure:: - - mkdir /u1/tmpbuild - cd /u1/tmpbuild - /u1/krb5-VERSION/src/configure - make - - -Building using lndir --------------------- - -If you wish to keep separate build directories for each platform, and -you do not have access to a make program which supports VPATH, all is -not lost. You can use the lndir program to create symbolic link trees -in your build directory. - -For example, if you wish to create a build directory for solaris -binaries you might use the following procedure:: - - mkdir /u1/krb5-VERSION/solaris - cd /u1/krb5-VERSION/solaris - /u1/krb5-VERSION/src/util/lndir `pwd`/../src - ./configure - make - -You must give an absolute pathname to lndir because it has a bug that -makes it fail for relative pathnames. Note that this version differs -from the latest version as distributed and installed by the -XConsortium with X11R6. Either version should be acceptable. - - -Installing the binaries ------------------------ - -Once you have built Kerberos, you should install the binaries. You can -do this by running:: - - make install - -If you want to install the binaries into a destination directory that -is not their final destination, which may be convenient if you want to -build a binary distribution to be deployed on multiple hosts, you may -use:: - - make install DESTDIR=/path/to/destdir - -This will install the binaries under *DESTDIR/PREFIX*, e.g., the user -programs will install into *DESTDIR/PREFIX/bin*, the libraries into -*DESTDIR/PREFIX/lib*, etc. *DESTDIR* must be an absolute path. - -Some implementations of make allow multiple commands to be run in -parallel, for faster builds. We test our Makefiles in parallel builds -with GNU make only; they may not be compatible with other parallel -build implementations. - - -Testing the build ------------------ - -The Kerberos V5 distribution comes with built-in regression tests. To -run them, simply type the following command while in the top-level -build directory (i.e., the directory where you sent typed make to -start building Kerberos; see :ref:`do_build`):: - - make check - -On some operating systems, you have to run ``make install`` before -running ``make check``, or the test suite will pick up installed -versions of Kerberos libraries rather than the newly built ones. You -can install into a prefix that isn't in the system library search -path, though. Alternatively, you can configure with -**-**\ **-disable-rpath**, which renders the build tree less suitable -for installation, but allows testing without interference from -previously installed libraries. - -There are additional regression tests available, which are not run -by ``make check``. These tests require manual setup and teardown of -support infrastructure which is not easily automated, or require -excessive resources for ordinary use. The procedure for running -the manual tests is documented at -https://k5wiki.kerberos.org/wiki/Manual_Testing. - - -Cleaning up the build ---------------------- - -* Use ``make clean`` to remove all files generated by running make - command. -* Use ``make distclean`` to remove all files generated by running - ./configure script. After running ``make distclean`` your source - tree (ideally) should look like the raw (just un-tarred) source - tree. - -Using autoconf --------------- - -(If you are not a developer, you can ignore this section.) - -In the Kerberos V5 source directory, there is a configure script which -automatically determines the compilation environment and creates the -proper Makefiles for a particular platform. This configure script is -generated using autoconf, which you should already have installed if -you will be making changes to ``src/configure.in``. - -Normal users will not need to worry about running autoconf; the -distribution comes with the configure script already prebuilt. - -The autoconf package comes with a script called ``autoreconf`` that -will automatically run ``autoconf`` and ``autoheader`` as needed. You -should run ``autoreconf`` from the top source directory, e.g.:: - - cd /u1/krb5-VERSION/src - autoreconf --verbose diff --git a/krb5-1.21.3/doc/html/_sources/build/index.rst.txt b/krb5-1.21.3/doc/html/_sources/build/index.rst.txt deleted file mode 100644 index f321d020..00000000 --- a/krb5-1.21.3/doc/html/_sources/build/index.rst.txt +++ /dev/null @@ -1,63 +0,0 @@ -.. _build_V5: - -Building Kerberos V5 -==================== - -This section details how to build and install MIT Kerberos software -from the source. - -Prerequisites -------------- - -In order to build Kerberos V5, you will need approximately 60-70 -megabytes of disk space. The exact amount will vary depending on the -platform and whether the distribution is compiled with debugging -symbol tables or not. - -Your C compiler must conform to ANSI C (ISO/IEC 9899:1990, "c89"). -Some operating systems do not have an ANSI C compiler, or their -default compiler requires extra command-line options to enable ANSI C -conformance. - -If you wish to keep a separate build tree, which contains the compiled -\*.o file and executables, separate from your source tree, you will -need a make program which supports **VPATH**, or you will need to use -a tool such as lndir to produce a symbolic link tree for your build -tree. - -Obtaining the software ----------------------- - -The source code can be obtained from MIT Kerberos Distribution page, -at https://kerberos.org/dist/index.html. -The MIT Kerberos distribution comes in an archive file, generally -named krb5-VERSION-signed.tar, where *VERSION* is a placeholder for -the major and minor versions of MIT Kerberos. (For example, MIT -Kerberos 1.9 has major version "1" and minor version "9".) - -The krb5-VERSION-signed.tar contains a compressed tar file consisting -of the sources for all of Kerberos (generally named -krb5-VERSION.tar.gz) and a PGP signature file for this source tree -(generally named krb5-VERSION.tar.gz.asc). MIT highly recommends that -you verify the integrity of the source code using this signature, -e.g., by running:: - - tar xf krb5-VERSION-signed.tar - gpg --verify krb5-VERSION.tar.gz.asc - -Unpack krb5-VERSION.tar.gz in some directory. In this section we will assume -that you have chosen the top directory of the distribution the directory -``/u1/krb5-VERSION``. - -Review the README file for the license, copyright and other sprecific to the -distribution information. - -Contents --------- -.. toctree:: - :maxdepth: 1 - - directory_org.rst - doing_build.rst - options2configure.rst - osconf.rst diff --git a/krb5-1.21.3/doc/html/_sources/build/options2configure.rst.txt b/krb5-1.21.3/doc/html/_sources/build/options2configure.rst.txt deleted file mode 100644 index e879b18b..00000000 --- a/krb5-1.21.3/doc/html/_sources/build/options2configure.rst.txt +++ /dev/null @@ -1,397 +0,0 @@ -.. _options2configure: - -Options to *configure* -====================== - -There are a number of options to configure which you can use to -control how the Kerberos distribution is built. - -Most commonly used options --------------------------- - -**-**\ **-help** - Provides help to configure. This will list the set of commonly - used options for building Kerberos. - -**-**\ **-prefix=**\ *PREFIX* - By default, Kerberos will install the package's files rooted at - ``/usr/local``. If you desire to place the binaries into the - directory *PREFIX*, use this option. - -**-**\ **-exec-prefix=**\ *EXECPREFIX* - This option allows one to separate the architecture independent - programs from the host-dependent files (configuration files, - manual pages). Use this option to install architecture-dependent - programs in *EXECPREFIX*. The default location is the value of - specified by **-**\ **-prefix** option. - -**-**\ **-localstatedir=**\ *LOCALSTATEDIR* - This option sets the directory for locally modifiable - single-machine data. In Kerberos, this mostly is useful for - setting a location for the KDC data files, as they will be - installed in ``LOCALSTATEDIR/krb5kdc``, which is by default - ``PREFIX/var/krb5kdc``. - -**-**\ **-with-netlib**\ [=\ *libs*] - Allows for suppression of or replacement of network libraries. By - default, Kerberos V5 configuration will look for ``-lnsl`` and - ``-lsocket``. If your operating system has a broken resolver - library or fails to pass the tests in ``src/tests/resolv``, you - will need to use this option. - -**-**\ **-enable-dns-for-realm** - Enable the use of DNS to look up a host's Kerberos realm, - if the information is not provided in - :ref:`krb5.conf(5)`. See :ref:`mapping_hostnames` - for information about using DNS to determine the default realm. - DNS lookups for realm names are disabled by default. - -**-**\ **-with-system-et** - Use an installed version of the error-table (et) support software, - the compile_et program, the com_err.h header file and the com_err - library. If these are not in the default locations, you may wish - to specify ``CPPFLAGS=-I/some/dir`` and - ``LDFLAGS=-L/some/other/dir`` options at configuration time as - well. - - If this option is not given, a version supplied with the Kerberos - sources will be built and installed along with the rest of the - Kerberos tree, for Kerberos applications to link against. - -**-**\ **-with-system-ss** - Use an installed version of the subsystem command-line interface - software, the mk_cmds program, the ``ss/ss.h`` header file and the - ss library. If these are not in the default locations, you may - wish to specify ``CPPFLAGS=-I/some/dir`` and - ``LDFLAGS=-L/some/other/dir`` options at configuration time as - well. See also the **SS_LIB** option. - - If this option is not given, the ss library supplied with the - Kerberos sources will be compiled and linked into those programs - that need it; it will not be installed separately. - -**-**\ **-with-system-db** - Use an installed version of the Berkeley DB package, which must - provide an API compatible with version 1.85. This option is - unsupported and untested. In particular, we do not know if the - database-rename code used in the dumpfile load operation will - behave properly. - - If this option is not given, a version supplied with the Kerberos - sources will be built and installed. (We are not updating this - version at this time because of licensing issues with newer - versions that we haven't investigated sufficiently yet.) - - -Environment variables ---------------------- - -**CC=**\ *COMPILER* - Use *COMPILER* as the C compiler. - -**CFLAGS=**\ *FLAGS* - Use *FLAGS* as the default set of C compiler flags. - -**CPP=**\ *CPP* - C preprocessor to use. (e.g., ``CPP='gcc -E'``) - -**CPPFLAGS=**\ *CPPOPTS* - Use *CPPOPTS* as the default set of C preprocessor flags. The - most common use of this option is to select certain #define's for - use with the operating system's include files. - - -**DB_HEADER=**\ *headername* - If db.h is not the correct header file to include to compile - against the Berkeley DB 1.85 API, specify the correct header file - name with this option. For example, ``DB_HEADER=db3/db_185.h``. - -**DB_LIB=**\ *libs*... - If ``-ldb`` is not the correct library specification for the - Berkeley DB library version to be used, override it with this - option. For example, ``DB_LIB=-ldb-3.3``. - -**DEFCCNAME=**\ *ccachename* - Override the built-in default credential cache name. - For example, ``DEFCCNAME=DIR:/var/run/user/%{USERID}/ccache`` - See :ref:`parameter_expansion` for information about supported - parameter expansions. - -**DEFCKTNAME=**\ *keytabname* - Override the built-in default client keytab name. - The format is the same as for *DEFCCNAME*. - -**DEFKTNAME=**\ *keytabname* - Override the built-in default keytab name. - The format is the same as for *DEFCCNAME*. - -**LD=**\ *LINKER* - Use *LINKER* as the default loader if it should be different from - C compiler as specified above. - -**LDFLAGS=**\ *LDOPTS* - This option informs the linker where to get additional libraries - (e.g., ``-L``). - -**LIBS=**\ *LDNAME* - This option allows one to specify libraries to be passed to the - linker (e.g., ``-l``) - -**PKCS11_MODNAME=**\ *library* - Override the built-in default PKCS11 library name. - -**SS_LIB=**\ *libs*... - If ``-lss`` is not the correct way to link in your installed ss - library, for example if additional support libraries are needed, - specify the correct link options here. Some variants of this - library are around which allow for Emacs-like line editing, but - different versions require different support libraries to be - explicitly specified. - - This option is ignored if **-**\ **-with-system-ss** is not specified. - -**YACC** - The 'Yet Another C Compiler' implementation to use. Defaults to - the first program found out of: '`bison -y`', '`byacc`', - '`yacc`'. - -**YFLAGS** - The list of arguments that will be passed by default to $YACC. - This script will default YFLAGS to the empty string to avoid a - default value of ``-d`` given by some make applications. - - -Fine tuning of the installation directories -------------------------------------------- - -**-**\ **-bindir=**\ *DIR* - User executables. Defaults to ``EXECPREFIX/bin``, where - *EXECPREFIX* is the path specified by **-**\ **-exec-prefix** - configuration option. - -**-**\ **-sbindir=**\ *DIR* - System admin executables. Defaults to ``EXECPREFIX/sbin``, where - *EXECPREFIX* is the path specified by **-**\ **-exec-prefix** - configuration option. - -**-**\ **-sysconfdir=**\ *DIR* - Read-only single-machine data such as krb5.conf. - Defaults to ``PREFIX/etc``, where - *PREFIX* is the path specified by **-**\ **-prefix** configuration - option. - -**-**\ **-libdir=**\ *DIR* - Object code libraries. Defaults to ``EXECPREFIX/lib``, where - *EXECPREFIX* is the path specified by **-**\ **-exec-prefix** - configuration option. - -**-**\ **-includedir=**\ *DIR* - C header files. Defaults to ``PREFIX/include``, where *PREFIX* is - the path specified by **-**\ **-prefix** configuration option. - -**-**\ **-datarootdir=**\ *DATAROOTDIR* - Read-only architecture-independent data root. Defaults to - ``PREFIX/share``, where *PREFIX* is the path specified by - **-**\ **-prefix** configuration option. - -**-**\ **-datadir=**\ *DIR* - Read-only architecture-independent data. Defaults to path - specified by **-**\ **-datarootdir** configuration option. - -**-**\ **-localedir=**\ *DIR* - Locale-dependent data. Defaults to ``DATAROOTDIR/locale``, where - *DATAROOTDIR* is the path specified by **-**\ **-datarootdir** - configuration option. - -**-**\ **-mandir=**\ *DIR* - Man documentation. Defaults to ``DATAROOTDIR/man``, where - *DATAROOTDIR* is the path specified by **-**\ **-datarootdir** - configuration option. - - -Program names -------------- - -**-**\ **-program-prefix=**\ *PREFIX* - Prepend *PREFIX* to the names of the programs when installing - them. For example, specifying ``--program-prefix=mit-`` at the - configure time will cause the program named ``abc`` to be - installed as ``mit-abc``. - -**-**\ **-program-suffix=**\ *SUFFIX* - Append *SUFFIX* to the names of the programs when installing them. - For example, specifying ``--program-suffix=-mit`` at the configure - time will cause the program named ``abc`` to be installed as - ``abc-mit``. - -**-**\ **-program-transform-name=**\ *PROGRAM* - Run ``sed -e PROGRAM`` on installed program names. (*PROGRAM* is a - sed script). - - -System types ------------- - -**-**\ **-build=**\ *BUILD* - Configure for building on *BUILD* - (e.g., ``--build=x86_64-linux-gnu``). - -**-**\ **-host=**\ *HOST* - Cross-compile to build programs to run on *HOST* - (e.g., ``--host=x86_64-linux-gnu``). By default, Kerberos V5 - configuration will look for "build" option. - - -Optional features ------------------ - -**-**\ **-disable-option-checking** - Ignore unrecognized --enable/--with options. - -**-**\ **-disable-**\ *FEATURE* - Do not include *FEATURE* (same as --enable-FEATURE=no). - -**-**\ **-enable-**\ *FEATURE*\ [=\ *ARG*] - Include *FEATURE* [ARG=yes]. - -**-**\ **-enable-maintainer-mode** - Enable rebuilding of source files, Makefiles, etc. - -**-**\ **-disable-delayed-initialization** - Initialize library code when loaded. Defaults to delay until - first use. - -**-**\ **-disable-thread-support** - Don't enable thread support. Defaults to enabled. - -**-**\ **-disable-rpath** - Suppress run path flags in link lines. - -**-**\ **-enable-athena** - Build with MIT Project Athena configuration. - -**-**\ **-disable-kdc-lookaside-cache** - Disable the cache which detects client retransmits. - -**-**\ **-disable-pkinit** - Disable PKINIT plugin support. - -**-**\ **-disable-aesni** - Disable support for using AES instructions on x86 platforms. - -**-**\ **-enable-asan**\ [=\ *ARG*] - Enable building with asan memory error checking. If *ARG* is - given, it controls the -fsanitize compilation flag value (the - default is "address"). - - -Optional packages ------------------ - -**-**\ **-with-**\ *PACKAGE*\ [=ARG\] - Use *PACKAGE* (e.g., ``--with-imap``). The default value of *ARG* - is ``yes``. - -**-**\ **-without-**\ *PACKAGE* - Do not use *PACKAGE* (same as ``--with-PACKAGE=no``) - (e.g., ``--without-libedit``). - -**-**\ **-with-size-optimizations** - Enable a few optimizations to reduce code size possibly at some - run-time cost. - -**-**\ **-with-system-et** - Use the com_err library and compile_et utility that are already - installed on the system, instead of building and installing - local versions. - -**-**\ **-with-system-ss** - Use the ss library and mk_cmds utility that are already installed - on the system, instead of building and using private versions. - -**-**\ **-with-system-db** - Use the berkeley db utility already installed on the system, - instead of using a private version. This option is not - recommended; enabling it may result in incompatibility with key - databases originating on other systems. - -**-**\ **-with-netlib=**\ *LIBS* - Use the resolver library specified in *LIBS*. Use this variable - if the C library resolver is insufficient or broken. - -**-**\ **-with-hesiod=**\ *path* - Compile with Hesiod support. The *path* points to the Hesiod - directory. By default Hesiod is unsupported. - -**-**\ **-with-ldap** - Compile OpenLDAP database backend module. - -**-**\ **-with-lmdb** - Compile LMDB database backend module. - -**-**\ **-with-vague-errors** - Do not send helpful errors to client. For example, if the KDC - should return only vague error codes to clients. - -**-**\ **-with-crypto-impl=**\ *IMPL* - Use specified crypto implementation (e.g., **-**\ - **-with-crypto-impl=**\ *openssl*). The default is the native MIT - Kerberos implementation ``builtin``. The other currently - implemented crypto backend is ``openssl``. (See - :ref:`mitK5features`) - -**-**\ **-without-libedit** - Do not compile and link against libedit. Some utilities will no - longer offer command history or completion in interactive mode if - libedit is disabled. - -**-**\ **-with-readline** - Compile and link against GNU readline, as an alternative to libedit. - -**-**\ **-with-system-verto** - Use an installed version of libverto. If the libverto header and - library are not in default locations, you may wish to specify - ``CPPFLAGS=-I/some/dir`` and ``LDFLAGS=-L/some/other/dir`` options - at configuration time as well. - - If this option is not given, the build system will try to detect - an installed version of libverto and use it if it is found. - Otherwise, a version supplied with the Kerberos sources will be - built and installed. The built-in version does not contain the - full set of back-end modules and is not a suitable general - replacement for the upstream version, but will work for the - purposes of Kerberos. - - Specifying **-**\ **-without-system-verto** will cause the built-in - version of libverto to be used unconditionally. - -**-**\ **-with-krb5-config=**\ *PATH* - Use the krb5-config program at *PATH* to obtain the build-time - default credential cache, keytab, and client keytab names. The - default is to use ``krb5-config`` from the program path. Specify - ``--without-krb5-config`` to disable the use of krb5-config and - use the usual built-in defaults. - -**-**\ **-without-keyutils** - Build without libkeyutils support. This disables the KEYRING - credential cache type. - - -Examples --------- - -For example, in order to configure Kerberos on a Solaris machine using -the suncc compiler with the optimizer turned on, run the configure -script with the following options:: - - % ./configure CC=suncc CFLAGS=-O - -For a slightly more complicated example, consider a system where -several packages to be used by Kerberos are installed in -``/usr/foobar``, including Berkeley DB 3.3, and an ss library that -needs to link against the curses library. The configuration of -Kerberos might be done thus:: - - ./configure CPPFLAGS=-I/usr/foobar/include LDFLAGS=-L/usr/foobar/lib \ - --with-system-et --with-system-ss --with-system-db \ - SS_LIB='-lss -lcurses' DB_HEADER=db3/db_185.h DB_LIB=-ldb-3.3 diff --git a/krb5-1.21.3/doc/html/_sources/build/osconf.rst.txt b/krb5-1.21.3/doc/html/_sources/build/osconf.rst.txt deleted file mode 100644 index 22ee6804..00000000 --- a/krb5-1.21.3/doc/html/_sources/build/osconf.rst.txt +++ /dev/null @@ -1,26 +0,0 @@ -osconf.hin -========== - -There is one configuration file which you may wish to edit to control -various compile-time parameters in the Kerberos distribution:: - - include/osconf.hin - -The list that follows is by no means complete, just some of the more -interesting variables. - -**DEFAULT_PROFILE_PATH** - The pathname to the file which contains the profiles for the known - realms, their KDCs, etc. The default value is |krb5conf|. -**DEFAULT_KEYTAB_NAME** - The type and pathname to the default server keytab file. The - default is |keytab|. -**DEFAULT_KDC_ENCTYPE** - The default encryption type for the KDC database master key. The - default value is |defmkey|. -**RCTMPDIR** - The directory which stores replay caches. The default is - ``/var/tmp``. -**DEFAULT_KDB_FILE** - The location of the default database. The default value is - |kdcdir|\ ``/principal``. diff --git a/krb5-1.21.3/doc/html/_sources/build_this.rst.txt b/krb5-1.21.3/doc/html/_sources/build_this.rst.txt deleted file mode 100644 index 9be7360a..00000000 --- a/krb5-1.21.3/doc/html/_sources/build_this.rst.txt +++ /dev/null @@ -1,82 +0,0 @@ -How to build this documentation from the source -=============================================== - -Pre-requisites for a simple build, or to update man pages: - -* Sphinx 1.0.4 or higher (See https://www.sphinx-doc.org) with the - autodoc extension installed. - -Additional prerequisites to include the API reference based on Doxygen -markup: - -* Python 2.5 with the Cheetah, lxml, and xml modules -* Doxygen - - -Simple build without API reference ----------------------------------- - -To test simple changes to the RST sources, you can build the -documentation without the Doxygen reference by running, from the doc -directory:: - - sphinx-build . test_html - -You will see a number of warnings about missing files. This is -expected. If there is not already a ``doc/version.py`` file, you will -need to create one by first running ``make version.py`` in the -``src/doc`` directory of a configured build tree. - - -Updating man pages ------------------- - -Man pages are generated from the RST sources and checked into the -``src/man`` directory of the repository. This allows man pages to be -installed without requiring Sphinx when using a source checkout. To -regenerate these files, run ``make man`` from the man subdirectory -of a configured build tree. You can also do this from an unconfigured -source tree with:: - - cd src/man - make -f Makefile.in top_srcdir=.. srcdir=. man - make clean - -As with the simple build, it is normal to see warnings about missing -files when rebuilding the man pages. - - -Building for a release tarball or web site ------------------------------------------- - -To generate documentation in HTML format, run ``make html`` in the -``doc`` subdirectory of a configured build tree (the build directory -corresponding to ``src/doc``, not the top-level ``doc`` directory). -The output will be placed in the top-level ``doc/html`` directory. -This build will include the API reference generated from Doxygen -markup in the source tree. - -Documentation generated this way will use symbolic names for paths -(like ``BINDIR`` for the directory containing user programs), with the -symbolic names being links to a table showing typical values for those -paths. - -You can also do this from an unconfigured source tree with:: - - cd src/doc - make -f Makefile.in SPHINX_ARGS= htmlsrc - - -Building for an OS package or site documentation ------------------------------------------------- - -To generate documentation specific to a build of MIT krb5 as you have -configured it, run ``make substhtml`` in the ``doc`` subdirectory of a -configured build tree (the build directory corresponding to -``src/doc``, not the top-level ``doc`` directory). The output will be -placed in the ``html_subst`` subdirectory of that build directory. -This build will include the API reference. - -Documentation generated this way will use concrete paths (like -``/usr/local/bin`` for the directory containing user programs, for a -default custom build). diff --git a/krb5-1.21.3/doc/html/_sources/copyright.rst.txt b/krb5-1.21.3/doc/html/_sources/copyright.rst.txt deleted file mode 100644 index 85ecebec..00000000 --- a/krb5-1.21.3/doc/html/_sources/copyright.rst.txt +++ /dev/null @@ -1,8 +0,0 @@ -Copyright -========= - -Copyright |copy| 1985-2024 by the Massachusetts Institute of -Technology and its contributors. All rights reserved. - -See :ref:`mitK5license` for additional copyright and license -information. diff --git a/krb5-1.21.3/doc/html/_sources/formats/ccache_file_format.rst.txt b/krb5-1.21.3/doc/html/_sources/formats/ccache_file_format.rst.txt deleted file mode 100644 index 6138c1b5..00000000 --- a/krb5-1.21.3/doc/html/_sources/formats/ccache_file_format.rst.txt +++ /dev/null @@ -1,182 +0,0 @@ -.. _ccache_file_format: - -Credential cache file format -============================ - -There are four versions of the file format used by the FILE credential -cache type. The first byte of the file always has the value 5, and -the value of the second byte contains the version number (1 through -4). Versions 1 and 2 of the file format use native byte order for integer -representations. Versions 3 and 4 always use big-endian byte order. - -After the two-byte version indicator, the file has three parts: the -header (in version 4 only), the default principal name, and a sequence -of credentials. - - -Header format -------------- - -The header appears only in format version 4. It begins with a 16-bit -integer giving the length of the entire header, followed by a sequence -of fields. Each field consists of a 16-bit tag, a 16-bit length, and -a value of the given length. A file format implementation should -ignore fields with unknown tags. - -At this time there is only one defined header field. Its tag value is -1, its length is always 8, and its contents are two 32-bit integers -giving the seconds and microseconds of the time offset of the KDC -relative to the client. Adding this offset to the current time on the -client should give the current time on the KDC, if that offset has not -changed since the initial authentication. - - -.. _cache_principal_format: - -Principal format ----------------- - -The default principal is marshalled using the following informal -grammar:: - - principal ::= - name type (32 bits) [omitted in version 1] - count of components (32 bits) [includes realm in version 1] - realm (data) - component1 (data) - component2 (data) - ... - - data ::= - length (32 bits) - value (length bytes) - -There is no external framing on the default principal, so it must be -parsed according to the above grammar in order to find the sequence of -credentials which follows. - - -.. _ccache_credential_format: - -Credential format ------------------ - -The credential format uses the following informal grammar (referencing -the ``principal`` and ``data`` types from the previous section):: - - credential ::= - client (principal) - server (principal) - keyblock (keyblock) - authtime (32 bits) - starttime (32 bits) - endtime (32 bits) - renew_till (32 bits) - is_skey (1 byte, 0 or 1) - ticket_flags (32 bits) - addresses (addresses) - authdata (authdata) - ticket (data) - second_ticket (data) - - keyblock ::= - enctype (16 bits) [repeated twice in version 3] - data - - addresses ::= - count (32 bits) - address1 - address2 - ... - - address ::= - addrtype (16 bits) - data - - authdata ::= - count (32 bits) - authdata1 - authdata2 - ... - - authdata ::= - ad_type (16 bits) - data - -There is no external framing on a marshalled credential, so it must be -parsed according to the above grammar in order to find the next -credential. There is also no count of credentials or marker at the -end of the sequence of credentials; the sequence ends when the file -ends. - - -Credential cache configuration entries --------------------------------------- - -Configuration entries are encoded as credential entries. The client -principal of the entry is the default principal of the cache. The -server principal has the realm ``X-CACHECONF:`` and two or three -components, the first of which is ``krb5_ccache_conf_data``. The -server principal's second component is the configuration key. The -third component, if it exists, is a principal to which the -configuration key is associated. The configuration value is stored in -the ticket field of the entry. All other entry fields are zeroed. - -Programs using credential caches must be aware of configuration -entries for several reasons: - -* A program which displays the contents of a cache should not - generally display configuration entries. - -* The ticket field of a configuration entry is not (usually) a valid - encoding of a Kerberos ticket. An implementation must not treat the - cache file as malformed if it cannot decode the ticket field. - -* Configuration entries have an endtime field of 0 and might therefore - always be considered expired, but they should not be treated as - unimportant as a result. For instance, a program which copies - credentials from one cache to another should not omit configuration - entries because of the endtime. - -The following configuration keys are currently used in MIT krb5: - -fast_avail - The presence of this key with a non-empty value indicates that the - KDC asserted support for FAST (see :rfc:`6113`) during the initial - authentication, using the negotiation method described in - :rfc:`6806` section 11. This key is not associated with any - principal. - -pa_config_data - The value of this key contains a JSON object representation of - parameters remembered by the preauthentication mechanism used - during the initial authentication. These parameters may be used - when refreshing credentials. This key is associated with the - server principal of the initial authentication (usually the local - krbtgt principal of the client realm). - -pa_type - The value of this key is the ASCII decimal representation of the - preauth type number used during the initial authentication. This - key is associated with the server principal of the initial - authentication. - -proxy_impersonator - The presence of this key indicates that the cache is a synthetic - delegated credential for use with S4U2Proxy. The value is the - name of the intermediate service whose TGT can be used to make - S4U2Proxy requests for target services. This key is not - associated with any principal. - -refresh_time - The presence of this key indicates that the cache was acquired by - the GSS mechanism using a client keytab. The value is the ASCII - decimal representation of a timestamp at which the GSS mechanism - should attempt to refresh the credential cache from the client - keytab. - -start_realm - This key indicates the realm of the ticket-granting ticket to be - used for TGS requests, when making a referrals request or - beginning a cross-realm request. If it is not present, the client - realm is used. diff --git a/krb5-1.21.3/doc/html/_sources/formats/cookie.rst.txt b/krb5-1.21.3/doc/html/_sources/formats/cookie.rst.txt deleted file mode 100644 index e32365da..00000000 --- a/krb5-1.21.3/doc/html/_sources/formats/cookie.rst.txt +++ /dev/null @@ -1,97 +0,0 @@ -KDC cookie format -================= - -:rfc:`6113` section 5.2 specifies a pa-data type PA-FX-COOKIE, which -clients are required to reflect back to the KDC during -pre-authentication. The MIT krb5 KDC uses the following formats for -cookies. - - -Trivial cookie (version 0) --------------------------- - -If there is no pre-authentication mechanism state information to save, -a trivial cookie containing the value "MIT" is used. A trivial cookie -is needed to indicate that the conversation can continue. - - -Secure cookie (version 1) -------------------------- - -In release 1.14 and later, a secure cookie can be sent if there is any -mechanism state to save for the next request. A secure cookie -contains the concatenation of the following: - -* the four bytes "MIT1" -* a four-byte big-endian kvno value -* an :rfc:`3961` ciphertext - -The ciphertext is encrypted in the cookie key with key usage -number 513. The cookie key is derived from a key in the local krbtgt -principal entry for the realm (e.g. ``krbtgt/KRBTEST.COM@KRBTEST.COM`` -if the request is to the ``KRBTEST.COM`` realm). The first krbtgt key -for the indicated kvno value is combined with the client principal as -follows:: - - cookie-key <- random-to-key(PRF+(tgt-key, "COOKIE" | client-princ)) - -where **random-to-key** is the :rfc:`3961` random-to-key operation for -the krbtgt key's encryption type, **PRF+** is defined in :rfc:`6113`, -and ``|`` denotes concatenation. *client-princ* is the request client -principal name with realm, marshalled according to :rfc:`1964` section -2.1.1. - -The plain text of the encrypted part of a cookie is the DER encoding -of the following ASN.1 type:: - - SecureCookie ::= SEQUENCE { - time INTEGER, - data SEQUENCE OF PA-DATA, - ... - } - -The time field represents the cookie creation time; for brevity, it is -encoded as an integer giving the POSIX timestamp rather than as an -ASN.1 GeneralizedTime value. The data field contains one element for -each pre-authentication type which requires saved state. For -mechanisms which have separate request and reply types, the request -type is used; this allows the KDC to determine whether a cookie is -relevant to a request by comparing the request pa-data types to the -cookie data types. - -SPAKE cookie format (version 1) -------------------------------- - -Inside the SecureCookie wrapper, a data value of type 151 contains -state for SPAKE pre-authentication. This data is the concatenation of -the following: - -* a two-byte big-endian version number with the value 1 -* a two-byte big-endian stage number -* a four-byte big-endian group number -* a four-byte big-endian length and data for the SPAKE value -* a four-byte big-endian length and data for the transcript hash -* zero or more second factor records, each consisting of: - - a four-byte big-endian second-factor type - - a four-byte big-endian length and data - -The stage value is 0 if the cookie was sent with a challenge message. -Otherwise it is 1 for the first encdata message sent by the KDC during -an exchange, 2 for the second, etc.. - -The group value indicates the group number used in the SPAKE challenge. - -For a stage-0 cookie, the SPAKE value is the KDC private key, -represented in the scalar marshalling form of the group. For other -cookies, the SPAKE value is the SPAKE result K, represented in the -group element marshalling form. - -For a stage-0 cookie, the transcript hash is the intermediate hash -after updating with the client support message (if one was sent) and -challenge. For other cookies it is the final hash. - -For a stage-0 cookie, there may be any number of second-factor -records, including none; a second-factor type need not create a state -field if it does not need one, and no record is created for SF-NONE. -For other cookies, there must be exactly one second-factor record -corresponding to the factor type chosen by the client. diff --git a/krb5-1.21.3/doc/html/_sources/formats/freshness_token.rst.txt b/krb5-1.21.3/doc/html/_sources/formats/freshness_token.rst.txt deleted file mode 100644 index 3127621a..00000000 --- a/krb5-1.21.3/doc/html/_sources/formats/freshness_token.rst.txt +++ /dev/null @@ -1,19 +0,0 @@ -PKINIT freshness tokens -======================= - -:rfc:`8070` specifies a pa-data type PA_AS_FRESHNESS, which clients -should reflect within signed PKINIT data to prove recent access to the -client certificate private key. The contents of a freshness token are -left to the KDC implementation. The MIT krb5 KDC uses the following -format for freshness tokens (starting in release 1.17): - -* a four-byte big-endian POSIX timestamp -* a four-byte big-endian key version number -* an :rfc:`3961` checksum, with no ASN.1 wrapper - -The checksum is computed using the first key in the local krbtgt -principal entry for the realm (e.g. ``krbtgt/KRBTEST.COM@KRBTEST.COM`` -if the request is to the ``KRBTEST.COM`` realm) of the indicated key -version. The checksum type must be the mandatory checksum type for -the encryption type of the krbtgt key. The key usage value for the -checksum is 514. diff --git a/krb5-1.21.3/doc/html/_sources/formats/index.rst.txt b/krb5-1.21.3/doc/html/_sources/formats/index.rst.txt deleted file mode 100644 index 47dea12f..00000000 --- a/krb5-1.21.3/doc/html/_sources/formats/index.rst.txt +++ /dev/null @@ -1,11 +0,0 @@ -Protocols and file formats -========================== - -.. toctree:: - :maxdepth: 1 - - ccache_file_format - keytab_file_format - rcache_file_format - cookie - freshness_token diff --git a/krb5-1.21.3/doc/html/_sources/formats/keytab_file_format.rst.txt b/krb5-1.21.3/doc/html/_sources/formats/keytab_file_format.rst.txt deleted file mode 100644 index 8424d058..00000000 --- a/krb5-1.21.3/doc/html/_sources/formats/keytab_file_format.rst.txt +++ /dev/null @@ -1,51 +0,0 @@ -.. _keytab_file_format: - -Keytab file format -================== - -There are two versions of the file format used by the FILE keytab -type. The first byte of the file always has the value 5, and the -value of the second byte contains the version number (1 or 2). -Version 1 of the file format uses native byte order for integer -representations. Version 2 always uses big-endian byte order. - -After the two-byte version indicator, the file contains a sequence of -signed 32-bit record lengths followed by key records or holes. A -positive record length indicates a valid key entry whose size is equal -to or less than the record length. A negative length indicates a -zero-filled hole whose size is the inverse of the length. A length of -0 indicates the end of the file. - - -Key entry format ----------------- - -A key entry may be smaller in size than the record length which -precedes it, because it may have replaced a hole which is larger than -the key entry. Key entries use the following informal grammar:: - - entry ::= - principal - timestamp (32 bits) - key version (8 bits) - enctype (16 bits) - key length (16 bits) - key contents - key version (32 bits) [in release 1.14 and later] - - principal ::= - count of components (16 bits) [includes realm in version 1] - realm (data) - component1 (data) - component2 (data) - ... - name type (32 bits) [omitted in version 1] - - data ::= - length (16 bits) - value (length bytes) - -The 32-bit key version overrides the 8-bit key version. To determine -if it is present, the implementation must check that at least 4 bytes -remain in the record after the other fields are read, and that the -value of the 32-bit integer contained in those bytes is non-zero. diff --git a/krb5-1.21.3/doc/html/_sources/formats/rcache_file_format.rst.txt b/krb5-1.21.3/doc/html/_sources/formats/rcache_file_format.rst.txt deleted file mode 100644 index 42ee8281..00000000 --- a/krb5-1.21.3/doc/html/_sources/formats/rcache_file_format.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -Replay cache file format -======================== - -This section documents the second version of the replay cache file -format, used by the "file2" replay cache type (new in release 1.18). -The first version of the file replay cache format is not documented. - -All accesses to the replay cache file take place under an exclusive -POSIX or Windows file lock, obtained when the file is opened and -released when it is closed. Replay cache files are automatically -created when first accessed. - -For each store operation, a tag is derived from the checksum part of -the :RFC:`3961` ciphertext of the authenticator. The checksum is -coerced to a fixed length of 12 bytes, either through truncation or -right-padding with zero bytes. A four-byte timestamp is appended to -the tag to produce a total record length of 16 bytes. - -Bytes 0 through 15 of the file contain a hash seed for the SipHash-2-4 -algorithm (siphash_); this field is populated with random bytes when -the file is first created. All remaining bytes are divided into a -series of expanding hash tables: - -* Bytes 16-16383: hash table 1 (1023 slots) -* Bytes 16384-49151: hash table 2 (2048 slots) -* Bytes 49152-114687: hash table 3 (4096 slots) -* ... - -Only some hash tables will be present in the file at any specific -time, and the final table may be only partially filled. Replay cache -files may be sparse if the filesystem supports it. - -For each table present in the file, the tag is hashed with SipHash-2-4 -using the seed recorded in the file. The first byte of the seed is -incremented by one (modulo 256) for each table after the first. The -resulting hash value is taken modulo one less than the table size -(1022 for the first hash table, 2047 for the second) to produce the -index. The record may be found at the slot given by the index or at -the next slot. - -All candidate locations for the record must be searched until a slot -is found with a timestamp of zero (indicating a slot which has never -been written to) or an offset is reached at or beyond the end of the -file. Any candidate location with a timestamp value of zero, with a -timestamp value less than the current time minus clockskew, or at or -beyond the end of the file is available for writing. When all -candidate locations have been searched without finding a match, the -new entry is written to the earliest candidate available for writing. - -.. _siphash: https://131002.net/siphash/siphash.pdf diff --git a/krb5-1.21.3/doc/html/_sources/index.rst.txt b/krb5-1.21.3/doc/html/_sources/index.rst.txt deleted file mode 100644 index 543a9d1b..00000000 --- a/krb5-1.21.3/doc/html/_sources/index.rst.txt +++ /dev/null @@ -1,18 +0,0 @@ -MIT Kerberos Documentation (|release|) -====================================== - - -.. toctree:: - :maxdepth: 1 - - user/index.rst - admin/index.rst - appdev/index.rst - plugindev/index.rst - build/index.rst - basic/index.rst - formats/index.rst - mitK5features.rst - build_this.rst - about.rst - resources diff --git a/krb5-1.21.3/doc/html/_sources/mitK5defaults.rst.txt b/krb5-1.21.3/doc/html/_sources/mitK5defaults.rst.txt deleted file mode 100644 index aea7af3d..00000000 --- a/krb5-1.21.3/doc/html/_sources/mitK5defaults.rst.txt +++ /dev/null @@ -1,79 +0,0 @@ -.. _mitK5defaults: - -MIT Kerberos defaults -===================== - -General defaults ----------------- - -========================================== ============================= ==================== -Description Default Environment -========================================== ============================= ==================== -:ref:`keytab_definition` file |keytab| **KRB5_KTNAME** -Client :ref:`keytab_definition` file |ckeytab| **KRB5_CLIENT_KTNAME** -Kerberos config file :ref:`krb5.conf(5)` |krb5conf|\ ``:``\ **KRB5_CONFIG** - |sysconfdir|\ ``/krb5.conf`` -KDC config file :ref:`kdc.conf(5)` |kdcdir|\ ``/kdc.conf`` **KRB5_KDC_PROFILE** -GSS mechanism config file |sysconfdir|\ ``/gss/mech`` **GSS_MECH_CONFIG** -KDC database path (DB2) |kdcdir|\ ``/principal`` -Master key :ref:`stash_definition` |kdcdir|\ ``/.k5.``\ *realm* -Admin server ACL file :ref:`kadm5.acl(5)` |kdcdir|\ ``/kadm5.acl`` -OTP socket directory |kdcrundir| -Plugin base directory |libdir|\ ``/krb5/plugins`` -:ref:`rcache_definition` directory ``/var/tmp`` **KRB5RCACHEDIR** -Master key default enctype |defmkey| -Default :ref:`keysalt list` |defkeysalts| -Permitted enctypes |defetypes| -KDC default port 88 -Admin server port 749 -Password change port 464 -========================================== ============================= ==================== - - -Replica KDC propagation defaults --------------------------------- - -This table shows defaults used by the :ref:`kprop(8)` and -:ref:`kpropd(8)` programs. - -========================== ================================ =========== -Description Default Environment -========================== ================================ =========== -kprop database dump file |kdcdir|\ ``/replica_datatrans`` -kpropd temporary dump file |kdcdir|\ ``/from_master`` -kdb5_util location |sbindir|\ ``/kdb5_util`` -kprop location |sbindir|\ ``/kprop`` -kpropd ACL file |kdcdir|\ ``/kpropd.acl`` -kprop port 754 KPROP_PORT -========================== ================================ =========== - - -.. _paths: - -Default paths for Unix-like systems ------------------------------------ - -On Unix-like systems, some paths used by MIT krb5 depend on parameters -chosen at build time. For a custom build, these paths default to -subdirectories of ``/usr/local``. When MIT krb5 is integrated into an -operating system, the paths are generally chosen to match the -operating system's filesystem layout. - -========================== ============== =========================== =========================== -Description Symbolic name Custom build path Typical OS path -========================== ============== =========================== =========================== -User programs BINDIR ``/usr/local/bin`` ``/usr/bin`` -Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/lib`` -Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var`` -Parent of KDC runtime dir RUNSTATEDIR ``/usr/local/var/run`` ``/run`` -Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin`` -Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc`` -Default ccache name DEFCCNAME ``FILE:/tmp/krb5cc_%{uid}`` ``FILE:/tmp/krb5cc_%{uid}`` -Default keytab name DEFKTNAME ``FILE:/etc/krb5.keytab`` ``FILE:/etc/krb5.keytab`` -Default PKCS11 module PKCS11_MODNAME ``opensc-pkcs11.so`` ``opensc-pkcs11.so`` -========================== ============== =========================== =========================== - -The default client keytab name (DEFCKTNAME) typically defaults to -``FILE:/usr/local/var/krb5/user/%{euid}/client.keytab`` for a custom -build. A native build will typically use a path which will vary -according to the operating system's layout of ``/var``. diff --git a/krb5-1.21.3/doc/html/_sources/mitK5features.rst.txt b/krb5-1.21.3/doc/html/_sources/mitK5features.rst.txt deleted file mode 100644 index 10effcf1..00000000 --- a/krb5-1.21.3/doc/html/_sources/mitK5features.rst.txt +++ /dev/null @@ -1,699 +0,0 @@ -.. highlight:: rst - -.. toctree:: - :hidden: - - mitK5license.rst - -.. _mitK5features: - -MIT Kerberos features -===================== - -https://web.mit.edu/kerberos - - -Quick facts ------------ - -License - :ref:`mitK5license` - -Releases: - - Latest stable: https://web.mit.edu/kerberos/krb5-1.20/ - - Supported: https://web.mit.edu/kerberos/krb5-1.19/ - - Release cycle: approximately 12 months - -Supported platforms \/ OS distributions: - - Windows (KfW 4.0): Windows 7, Vista, XP - - Solaris: SPARC, x86_64/x86 - - GNU/Linux: Debian x86_64/x86, Ubuntu x86_64/x86, RedHat x86_64/x86 - - BSD: NetBSD x86_64/x86 - -Crypto backends: - - builtin - MIT Kerberos native crypto library - - OpenSSL (1.0\+) - https://www.openssl.org - -Database backends: LDAP, DB2, LMDB - -krb4 support: Kerberos 5 release < 1.8 - -DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`) - -Interoperability ----------------- - -`Microsoft` - -Starting from release 1.7: - -* Follow client principal referrals in the client library when - obtaining initial tickets. - -* KDC can issue realm referrals for service principals based on domain names. - -* Extensions supporting DCE RPC, including three-leg GSS context setup - and unencapsulated GSS tokens inside SPNEGO. - -* Microsoft GSS_WrapEX, implemented using the gss_iov API, which is - similar to the equivalent SSPI functionality. This is needed to - support some instances of DCE RPC. - -* NTLM recognition support in GSS-API, to facilitate dropping in an - NTLM implementation for improved compatibility with older releases - of Microsoft Windows. - -* KDC support for principal aliases, if the back end supports them. - Currently, only the LDAP back end supports aliases. - -* Support Microsoft set/change password (:rfc:`3244`) protocol in - kadmind. - -* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which - allows a GSS application to request credential delegation only if - permitted by KDC policy. - - -Starting from release 1.8: - -* Microsoft Services for User (S4U) compatibility - - -`Heimdal` - -* Support for KCM credential cache starting from release 1.13 - -Feature list ------------- - -For more information on the specific project see https://k5wiki.kerberos.org/wiki/Projects - -Release 1.7 - - Credentials delegation :rfc:`5896` - - Cross-realm authentication and referrals :rfc:`6806` - - Master key migration - - PKINIT :rfc:`4556` :ref:`pkinit` - -Release 1.8 - - Anonymous PKINIT :rfc:`6112` :ref:`anonymous_pkinit` - - Constrained delegation - - IAKERB https://tools.ietf.org/html/draft-ietf-krb-wg-iakerb-02 - - Heimdal bridge plugin for KDC backend - - GSS-API S4U extensions https://msdn.microsoft.com/en-us/library/cc246071 - - GSS-API naming extensions :rfc:`6680` - - GSS-API extensions for storing delegated credentials :rfc:`5588` - -Release 1.9 - - Advance warning on password expiry - - Camellia encryption (CTS-CMAC mode) :rfc:`6803` - - KDC support for SecurID preauthentication - - kadmin over IPv6 - - Trace logging :ref:`trace_logging` - - GSSAPI/KRB5 multi-realm support - - Plugin to test password quality :ref:`pwqual_plugin` - - Plugin to synchronize password changes :ref:`kadm5_hook_plugin` - - Parallel KDC - - GSS-API extensions for SASL GS2 bridge :rfc:`5801` :rfc:`5587` - - Purging old keys - - Naming extensions for delegation chain - - Password expiration API - - Windows client support (build-only) - - IPv6 support in iprop - -Release 1.10 - - Plugin interface for configuration :ref:`profile_plugin` - - Credentials for multiple identities :ref:`ccselect_plugin` - -Release 1.11 - - Client support for FAST OTP :rfc:`6560` - - GSS-API extensions for credential locations - - Responder mechanism - -Release 1.12 - - Plugin to control krb5_aname_to_localname and krb5_kuserok behavior :ref:`localauth_plugin` - - Plugin to control hostname-to-realm mappings and the default realm :ref:`hostrealm_plugin` - - GSSAPI extensions for constructing MIC tokens using IOV lists :ref:`gssapi_mic_token` - - Principal may refer to nonexistent policies `Policy Refcount project `_ - - Support for having no long-term keys for a principal `Principals Without Keys project `_ - - Collection support to the KEYRING credential cache type on Linux :ref:`ccache_definition` - - FAST OTP preauthentication module for the KDC which uses RADIUS to validate OTP token values :ref:`otp_preauth` - - Experimental Audit plugin for KDC processing `Audit project `_ - -Release 1.13 - - - Add support for accessing KDCs via an HTTPS proxy server using - the `MS-KKDCP - `_ - protocol. - - Add support for `hierarchical incremental propagation - `_, - where replicas can act as intermediates between an upstream primary - and other downstream replicas. - - Add support for configuring GSS mechanisms using - ``/etc/gss/mech.d/*.conf`` files in addition to - ``/etc/gss/mech``. - - Add support to the LDAP KDB module for `binding to the LDAP - server using SASL - `_. - - The KDC listens for TCP connections by default. - - Fix a minor key disclosure vulnerability where using the - "keepold" option to the kadmin randkey operation could return the - old keys. `[CVE-2014-5351] - `_ - - Add client support for the Kerberos Cache Manager protocol. If - the host is running a Heimdal kcm daemon, caches served by the - daemon can be accessed with the KCM: cache type. - - When built on macOS 10.7 and higher, use "KCM:" as the default - cachetype, unless overridden by command-line options or - krb5-config values. - - Add support for doing unlocked database dumps for the DB2 KDC - back end, which would allow the KDC and kadmind to continue - accessing the database during lengthy database dumps. - -Release 1.14 - - * Administrator experience - - - Add a new kdb5_util tabdump command to provide reporting-friendly - tabular dump formats (tab-separated or CSV) for the KDC database. - Unlike the normal dump format, each output table has a fixed number - of fields. Some tables include human-readable forms of data that - are opaque in ordinary dump files. This format is also suitable for - importing into relational databases for complex queries. - - Add support to kadmin and kadmin.local for specifying a single - command line following any global options, where the command - arguments are split by the shell--for example, "kadmin getprinc - principalname". Commands issued this way do not prompt for - confirmation or display warning messages, and exit with non-zero - status if the operation fails. - - Accept the same principal flag names in kadmin as we do for the - default_principal_flags kdc.conf variable, and vice versa. Also - accept flag specifiers in the form that kadmin prints, as well as - hexadecimal numbers. - - Remove the triple-DES and RC4 encryption types from the default - value of supported_enctypes, which determines the default key and - salt types for new password-derived keys. By default, keys will - only created only for AES128 and AES256. This mitigates some types - of password guessing attacks. - - Add support for directory names in the KRB5_CONFIG and - KRB5_KDC_PROFILE environment variables. - - Add support for authentication indicators, which are ticket - annotations to indicate the strength of the initial authentication. - Add support for the "require_auth" string attribute, which can be - set on server principal entries to require an indicator when - authenticating to the server. - - Add support for key version numbers larger than 255 in keytab files, - and for version numbers up to 65535 in KDC databases. - - Transmit only one ETYPE-INFO and/or ETYPE-INFO2 entry from the KDC - during pre-authentication, corresponding to the client's most - preferred encryption type. - - Add support for server name identification (SNI) when proxying KDC - requests over HTTPS. - - Add support for the err_fmt profile parameter, which can be used to - generate custom-formatted error messages. - - * Developer experience: - - - Change gss_acquire_cred_with_password() to acquire credentials into - a private memory credential cache. Applications can use - gss_store_cred() to make the resulting credentials visible to other - processes. - - Change gss_acquire_cred() and SPNEGO not to acquire credentials for - IAKERB or for non-standard variants of the krb5 mechanism OID unless - explicitly requested. (SPNEGO will still accept the Microsoft - variant of the krb5 mechanism OID during negotiation.) - - Change gss_accept_sec_context() not to accept tokens for IAKERB or - for non-standard variants of the krb5 mechanism OID unless an - acceptor credential is acquired for those mechanisms. - - Change gss_acquire_cred() to immediately resolve credentials if the - time_rec parameter is not NULL, so that a correct expiration time - can be returned. Normally credential resolution is delayed until - the target name is known. - - Add krb5_prepend_error_message() and krb5_wrap_error_message() APIs, - which can be used by plugin modules or applications to add prefixes - to existing detailed error messages. - - Add krb5_c_prfplus() and krb5_c_derive_prfplus() APIs, which - implement the RFC 6113 PRF+ operation and key derivation using PRF+. - - Add support for pre-authentication mechanisms which use multiple - round trips, using the the KDC_ERR_MORE_PREAUTH_DATA_REQUIRED error - code. Add get_cookie() and set_cookie() callbacks to the kdcpreauth - interface; these callbacks can be used to save marshalled state - information in an encrypted cookie for the next request. - - Add a client_key() callback to the kdcpreauth interface to retrieve - the chosen client key, corresponding to the ETYPE-INFO2 entry sent - by the KDC. - - Add an add_auth_indicator() callback to the kdcpreauth interface, - allowing pre-authentication modules to assert authentication - indicators. - - Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to - suppress sending the confidentiality and integrity flags in GSS - initiator tokens unless they are requested by the caller. These - flags control the negotiated SASL security layer for the Microsoft - GSS-SPNEGO SASL mechanism. - - Make the FILE credential cache implementation less prone to - corruption issues in multi-threaded programs, especially on - platforms with support for open file description locks. - - * Performance: - - - On replica KDCs, poll the primary KDC immediately after - processing a full resync, and do not require two full resyncs - after the primary KDC's log file is reset. - -Release 1.15 - -* Administrator experience: - - - Add support to kadmin for remote extraction of current keys - without changing them (requires a special kadmin permission that - is excluded from the wildcard permission), with the exception of - highly protected keys. - - - Add a lockdown_keys principal attribute to prevent retrieval of - the principal's keys (old or new) via the kadmin protocol. In - newly created databases, this attribute is set on the krbtgt and - kadmin principals. - - - Restore recursive dump capability for DB2 back end, so sites can - more easily recover from database corruption resulting from power - failure events. - - - Add DNS auto-discovery of KDC and kpasswd servers from URI - records, in addition to SRV records. URI records can convey TCP - and UDP servers and primary KDC status in a single DNS lookup, and - can also point to HTTPS proxy servers. - - - Add support for password history to the LDAP back end. - - - Add support for principal renaming to the LDAP back end. - - - Use the getrandom system call on supported Linux kernels to avoid - blocking problems when getting entropy from the operating system. - -* Code quality: - - - Clean up numerous compilation warnings. - - - Remove various infrequently built modules, including some preauth - modules that were not built by default. - -* Developer experience: - - - Add support for building with OpenSSL 1.1. - - - Use SHA-256 instead of MD5 for (non-cryptographic) hashing of - authenticators in the replay cache. This helps sites that must - build with FIPS 140 conformant libraries that lack MD5. - -* Protocol evolution: - - - Add support for the AES-SHA2 enctypes, which allows sites to - conform to Suite B crypto requirements. - -Release 1.16 - -* Administrator experience: - - - The KDC can match PKINIT client certificates against the - "pkinit_cert_match" string attribute on the client principal - entry, using the same syntax as the existing "pkinit_cert_match" - profile option. - - - The ktutil addent command supports the "-k 0" option to ignore the - key version, and the "-s" option to use a non-default salt string. - - - kpropd supports a --pid-file option to write a pid file at - startup, when it is run in standalone mode. - - - The "encrypted_challenge_indicator" realm option can be used to - attach an authentication indicator to tickets obtained using FAST - encrypted challenge pre-authentication. - - - Localization support can be disabled at build time with the - --disable-nls configure option. - -* Developer experience: - - - The kdcpolicy pluggable interface allows modules control whether - tickets are issued by the KDC. - - - The kadm5_auth pluggable interface allows modules to control - whether kadmind grants access to a kadmin request. - - - The certauth pluggable interface allows modules to control which - PKINIT client certificates can authenticate to which client - principals. - - - KDB modules can use the client and KDC interface IP addresses to - determine whether to allow an AS request. - - - GSS applications can query the bit strength of a krb5 GSS context - using the GSS_C_SEC_CONTEXT_SASL_SSF OID with - gss_inquire_sec_context_by_oid(). - - - GSS applications can query the impersonator name of a krb5 GSS - credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with - gss_inquire_cred_by_oid(). - - - kdcpreauth modules can query the KDC for the canonicalized - requested client principal name, or match a principal name against - the requested client principal name with canonicalization. - -* Protocol evolution: - - - The client library will continue to try pre-authentication - mechanisms after most failure conditions. - - - The KDC will issue trivially renewable tickets (where the - renewable lifetime is equal to or less than the ticket lifetime) - if requested by the client, to be friendlier to scripts. - - - The client library will use a random nonce for TGS requests - instead of the current system time. - - - For the RC4 string-to-key or PAC operations, UTF-16 is supported - (previously only UCS-2 was supported). - - - When matching PKINIT client certificates, UPN SANs will be matched - correctly as UPNs, with canonicalization. - -* User experience: - - - Dates after the year 2038 are accepted (provided that the platform - time facilities support them), through the year 2106. - - - Automatic credential cache selection based on the client realm - will take into account the fallback realm and the service - hostname. - - - Referral and alternate cross-realm TGTs will not be cached, - avoiding some scenarios where they can be added to the credential - cache multiple times. - - - A German translation has been added. - -* Code quality: - - - The build is warning-clean under clang with the configured warning - options. - - - The automated test suite runs cleanly under AddressSanitizer. - -Release 1.17 - -* Administrator experience: - - - A new Kerberos database module using the Lightning Memory-Mapped - Database library (LMDB) has been added. The LMDB KDB module - should be more performant and more robust than the DB2 module, and - may become the default module for new databases in a future - release. - - - "kdb5_util dump" will no longer dump policy entries when specific - principal names are requested. - -* Developer experience: - - - The new krb5_get_etype_info() API can be used to retrieve enctype, - salt, and string-to-key parameters from the KDC for a client - principal. - - - The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise - principal names to be used with GSS-API functions. - - - KDC and kadmind modules which call com_err() will now write to the - log file in a format more consistent with other log messages. - - - Programs which use large numbers of memory credential caches - should perform better. - -* Protocol evolution: - - - The SPAKE pre-authentication mechanism is now supported. This - mechanism protects against password dictionary attacks without - requiring any additional infrastructure such as certificates. - SPAKE is enabled by default on clients, but must be manually - enabled on the KDC for this release. - - - PKINIT freshness tokens are now supported. Freshness tokens can - protect against scenarios where an attacker uses temporary access - to a smart card to generate authentication requests for the - future. - - - Password change operations now prefer TCP over UDP, to avoid - spurious error messages about replays when a response packet is - dropped. - - - The KDC now supports cross-realm S4U2Self requests when used with - a third-party KDB module such as Samba's. The client code for - cross-realm S4U2Self requests is also now more robust. - -* User experience: - - - The new ktutil addent -f flag can be used to fetch salt - information from the KDC for password-based keys. - - - The new kdestroy -p option can be used to destroy a credential - cache within a collection by client principal name. - - - The Kerberos man page has been restored, and documents the - environment variables that affect programs using the Kerberos - library. - -* Code quality: - - - Python test scripts now use Python 3. - - - Python test scripts now display markers in verbose output, making - it easier to find where a failure occurred within the scripts. - - - The Windows build system has been simplified and updated to work - with more recent versions of Visual Studio. A large volume of - unused Windows-specific code has been removed. Visual Studio 2013 - or later is now required. - -Release 1.18 - -* Administrator experience: - - - Remove support for single-DES encryption types. - - - Change the replay cache format to be more efficient and robust. - Replay cache filenames using the new format end with ``.rcache2`` - by default. - - - setuid programs will automatically ignore environment variables - that normally affect krb5 API functions, even if the caller does - not use krb5_init_secure_context(). - - - Add an ``enforce_ok_as_delegate`` krb5.conf relation to disable - credential forwarding during GSSAPI authentication unless the KDC - sets the ok-as-delegate bit in the service ticket. - -* Developer experience: - - - Implement krb5_cc_remove_cred() for all credential cache types. - - - Add the krb5_pac_get_client_info() API to get the client account - name from a PAC. - -* Protocol evolution: - - - Add KDC support for S4U2Self requests where the user is identified - by X.509 certificate. (Requires support for certificate lookup - from a third-party KDB module.) - - - Remove support for an old ("draft 9") variant of PKINIT. - - - Add support for Microsoft NegoEx. (Requires one or more - third-party GSS modules implementing NegoEx mechanisms.) - -* User experience: - - - Add support for ``dns_canonicalize_hostname=fallback``, causing - host-based principal names to be tried first without DNS - canonicalization, and again with DNS canonicalization if the - un-canonicalized server is not found. - - - Expand single-component hostnames in hhost-based principal names - when DNS canonicalization is not used, adding the system's first - DNS search path as a suffix. Add a ``qualify_shortname`` - krb5.conf relation to override this suffix or disable expansion. - -* Code quality: - - - The libkrb5 serialization code (used to export and import krb5 GSS - security contexts) has been simplified and made type-safe. - - - The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED - messages has been revised to conform to current coding practices. - - - The test suite has been modified to work with macOS System - Integrity Protection enabled. - - - The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 - support can always be tested. - -Release 1.19 - -* Administrator experience: - - - When a client keytab is present, the GSSAPI krb5 mech will refresh - credentials even if the current credentials were acquired - manually. - - - It is now harder to accidentally delete the K/M entry from a KDB. - -* Developer experience: - - - gss_acquire_cred_from() now supports the "password" and "verify" - options, allowing credentials to be acquired via password and - verified using a keytab key. - - - When an application accepts a GSS security context, the new - GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor - both provided matching channel bindings. - - - Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self - requests to identify the desired client principal by certificate. - - - PKINIT certauth modules can now cause the hw-authent flag to be - set in issued tickets. - - - The krb5_init_creds_step() API will now issue the same password - expiration warnings as krb5_get_init_creds_password(). - -* Protocol evolution: - - - Added client and KDC support for Microsoft's Resource-Based - Constrained Delegation, which allows cross-realm S4U2Proxy - requests. A third-party database module is required for KDC - support. - - - kadmin/admin is now the preferred server principal name for kadmin - connections, and the host-based form is no longer created by - default. The client will still try the host-based form as a - fallback. - - - Added client and server support for Microsoft's - KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be - required for the initiator if the acceptor provided them. The - client will send this option if the client_aware_gss_bindings - profile option is set. - -User experience: - - - The default setting of dns_canonicalize_realm is now "fallback". - Hostnames provided from applications will be tried in principal - names as given (possibly with shortname qualification), falling - back to the canonicalized name. - - - kinit will now issue a warning if the des3-cbc-sha1 encryption - type is used in the reply. This encryption type will be - deprecated and removed in future releases. - - - Added kvno flags --out-cache, --no-store, and --cached-only - (inspired by Heimdal's kgetcred). - -Release 1.20 - -* Administrator experience: - - - Added a "disable_pac" realm relation to suppress adding PAC - authdata to tickets, for realms which do not need to support S4U - requests. - - - Most credential cache types will use atomic replacement when a - cache is reinitialized using kinit or refreshed from the client - keytab. - - - kprop can now propagate databases with a dump size larger than - 4GB, if both the client and server are upgraded. - - - kprop can now work over NATs that change the destination IP - address, if the client is upgraded. - -* Developer experience: - - - Updated the KDB interface. The sign_authdata() method is replaced - with the issue_pac() method, allowing KDB modules to add logon - info and other buffers to the PAC issued by the KDC. - - - Host-based initiator names are better supported in the GSS krb5 - mechanism. - -* Protocol evolution: - - - Replaced AD-SIGNEDPATH authdata with minimal PACs. - - - To avoid spurious replay errors, password change requests will not - be attempted over UDP until the attempt over TCP fails. - - - PKINIT will sign its CMS messages with SHA-256 instead of SHA-1. - -* Code quality: - - - Updated all code using OpenSSL to be compatible with OpenSSL 3. - - - Reorganized the libk5crypto build system to allow the OpenSSL - back-end to pull in material from the builtin back-end depending - on the OpenSSL version. - - - Simplified the PRNG logic to always use the platform PRNG. - - - Converted the remaining Tcl tests to Python. - -Release 1.21 - -* User experience: - - - Added a credential cache type providing compatibility with the - macOS 11 native credential cache. - -* Developer experience: - - - libkadm5 will use the provided krb5_context object to read - configuration values, instead of creating its own. - - - Added an interface to retrieve the ticket session key from a GSS - context. - -* Protocol evolution: - - - The KDC will no longer issue tickets with RC4 or triple-DES - session keys unless explicitly configured with the new allow_rc4 - or allow_des3 variables respectively. - - - The KDC will assume that all services can handle aes256-sha1 - session keys unless the service principal has a session_enctypes - string attribute. - - - Support for PAC full KDC checksums has been added to mitigate an - S4U2Proxy privilege escalation attack. - - - The PKINIT client will advertise a more modern set of supported - CMS algorithms. - -* Code quality: - - - Removed unused code in libkrb5, libkrb5support, and the PKINIT - module. - - - Modernized the KDC code for processing TGS requests, the code for - encrypting and decrypting key data, the PAC handling code, and the - GSS library packet parsing and composition code. - - - Improved the test framework's detection of memory errors in daemon - processes when used with asan. - -`Pre-authentication mechanisms` - -- PW-SALT :rfc:`4120#section-5.2.7.3` -- ENC-TIMESTAMP :rfc:`4120#section-5.2.7.2` -- SAM-2 -- FAST negotiation framework (release 1.8) :rfc:`6113` -- PKINIT with FAST on client (release 1.10) :rfc:`6113` -- PKINIT :rfc:`4556` -- FX-COOKIE :rfc:`6113#section-5.2` -- S4U-X509-USER (release 1.8) https://msdn.microsoft.com/en-us/library/cc246091 -- OTP (release 1.12) :ref:`otp_preauth` -- SPAKE (release 1.17) :ref:`spake` diff --git a/krb5-1.21.3/doc/html/_sources/mitK5license.rst.txt b/krb5-1.21.3/doc/html/_sources/mitK5license.rst.txt deleted file mode 100644 index e23edbfb..00000000 --- a/krb5-1.21.3/doc/html/_sources/mitK5license.rst.txt +++ /dev/null @@ -1,11 +0,0 @@ -.. _mitK5license: - -MIT Kerberos License information -================================ - -.. toctree:: - :hidden: - - copyright.rst - -.. include:: notice.rst diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/ccselect.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/ccselect.rst.txt deleted file mode 100644 index 1253fe6b..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/ccselect.rst.txt +++ /dev/null @@ -1,28 +0,0 @@ -.. _ccselect_plugin: - -Credential cache selection interface (ccselect) -=============================================== - -The ccselect interface allows modules to control how credential caches -are chosen when a GSSAPI client contacts a service. For a detailed -description of the ccselect interface, see the header file -````. - -The primary ccselect method is **choose**, which accepts a server -principal as input and returns a ccache and/or principal name as -output. A module can use the krb5_cccol APIs to iterate over the -cache collection in order to find an appropriate ccache to use. - -.. TODO: add reference to the admin guide for ccaches and cache - collections when we have appropriate sections. - -A module can create and destroy per-library-context state objects by -implementing the **init** and **fini** methods. State objects have -the type krb5_ccselect_moddata, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. - -A module can have one of two priorities, "authoritative" or -"heuristic". Results from authoritative modules, if any are -available, will take priority over results from heuristic modules. A -module communicates its priority as a result of the **init** method. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/certauth.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/certauth.rst.txt deleted file mode 100644 index 3740c5f7..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/certauth.rst.txt +++ /dev/null @@ -1,36 +0,0 @@ -.. _certauth_plugin: - -PKINIT certificate authorization interface (certauth) -===================================================== - -The certauth interface was first introduced in release 1.16. It -allows customization of the X.509 certificate attribute requirements -placed on certificates used by PKINIT enabled clients. For a detailed -description of the certauth interface, see the header file -```` - -A certauth module implements the **authorize** method to determine -whether a client's certificate is authorized to authenticate a client -principal. **authorize** receives the DER-encoded certificate, the -requested client principal, and a pointer to the client's -krb5_db_entry (for modules that link against libkdb5). The method -must decode the certificate and inspect its attributes to determine if -it should authorize PKINIT authentication. It returns the -authorization status and optionally outputs a list of authentication -indicator strings to be added to the ticket. - -Beginning in release 1.19, the authorize method can request that the -hardware authentication bit be set in the ticket by returning -**KRB5_CERTAUTH_HWAUTH**. Beginning in release 1.20, the authorize -method can return **KRB5_CERTAUTH_HWAUTH_PASS** to request that the -hardware authentication bit be set in the ticket but otherwise defer -authorization to another certauth module. A module must use its own -internal or library-provided ASN.1 certificate decoder. - -A module can optionally create and destroy module data with the -**init** and **fini** methods. Module data objects last for the -lifetime of the KDC process. - -If a module allocates and returns a list of authentication indicators -from **authorize**, it must also implement the **free_ind** method -to free the list. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/clpreauth.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/clpreauth.rst.txt deleted file mode 100644 index 38aa52e8..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/clpreauth.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -Client preauthentication interface (clpreauth) -============================================== - -During an initial ticket request, a KDC may ask a client to prove its -knowledge of the password before issuing an encrypted ticket, or to -use credentials other than a password. This process is called -preauthentication, and is described in :rfc:`4120` and :rfc:`6113`. -The clpreauth interface allows the addition of client support for -preauthentication mechanisms beyond those included in the core MIT -krb5 code base. For a detailed description of the clpreauth -interface, see the header file ```` (or -```` before release 1.12). - -A clpreauth module is generally responsible for: - -* Supplying a list of preauth type numbers used by the module in the - **pa_type_list** field of the vtable structure. - -* Indicating what kind of preauthentication mechanism it implements, - with the **flags** method. In the most common case, this method - just returns ``PA_REAL``, indicating that it implements a normal - preauthentication type. - -* Examining the padata information included in a PREAUTH_REQUIRED or - MORE_PREAUTH_DATA_REQUIRED error and producing padata values for the - next AS request. This is done with the **process** method. - -* Examining the padata information included in a successful ticket - reply, possibly verifying the KDC identity and computing a reply - key. This is also done with the **process** method. - -* For preauthentication types which support it, recovering from errors - by examining the error data from the KDC and producing a padata - value for another AS request. This is done with the **tryagain** - method. - -* Receiving option information (supplied by ``kinit -X`` or by an - application), with the **gic_opts** method. - -A clpreauth module can create and destroy per-library-context and -per-request state objects by implementing the **init**, **fini**, -**request_init**, and **request_fini** methods. Per-context state -objects have the type krb5_clpreauth_moddata, and per-request state -objects have the type krb5_clpreauth_modreq. These are abstract -pointer types; a module should typically cast these to internal -types for the state objects. - -The **process** and **tryagain** methods have access to a callback -function and handle (called a "rock") which can be used to get -additional information about the current request, including the -expected enctype of the AS reply, the FAST armor key, and the client -long-term key (prompting for the user password if necessary). A -callback can also be used to replace the AS reply key if the -preauthentication mechanism computes one. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/general.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/general.rst.txt deleted file mode 100644 index fba9bf6e..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/general.rst.txt +++ /dev/null @@ -1,118 +0,0 @@ -General plugin concepts -======================= - -A krb5 dynamic plugin module is a Unix shared object or Windows DLL. -Typically, the source code for a dynamic plugin module should live in -its own project with a build system using automake_ and libtool_, or -tools with similar functionality. - -A plugin module must define a specific symbol name, which depends on -the pluggable interface and module name. For most pluggable -interfaces, the exported symbol is a function named -``INTERFACE_MODULE_initvt``, where *INTERFACE* is the name of the -pluggable interface and *MODULE* is the name of the module. For these -interfaces, it is possible for one shared object or DLL to implement -multiple plugin modules, either for the same pluggable interface or -for different ones. For example, a shared object could implement both -KDC and client preauthentication mechanisms, by exporting functions -named ``kdcpreauth_mymech_initvt`` and ``clpreauth_mymech_initvt``. - -.. note: The profile, locate, and GSSAPI mechglue pluggable interfaces - follow different conventions. See the documentation for - those interfaces for details. The remainder of this section - applies to pluggable interfaces which use the standard - conventions. - -A plugin module implementation should include the header file -````, where *INTERFACE* is the name of the -pluggable interface. For instance, a ccselect plugin module -implementation should use ``#include ``. - -.. note: clpreauth and kdcpreauth module implementations should - include . - -initvt functions have the following prototype:: - - krb5_error_code interface_modname_initvt(krb5_context context, - int maj_ver, int min_ver, - krb5_plugin_vtable vtable); - -and should do the following: - -1. Check that the supplied maj_ver argument is supported by the - module. If it is not supported, the function should return - KRB5_PLUGIN_VER_NOTSUPP. - -2. Cast the supplied vtable pointer to the structure type - corresponding to the major version, as documented in the pluggable - interface header file. - -3. Fill in the structure fields with pointers to method functions and - static data, stopping at the field indicated by the supplied minor - version. Fields for unimplemented optional methods can be left - alone; it is not necessary to initialize them to NULL. - -In most cases, the context argument will not be used. The initvt -function should not allocate memory; think of it as a glorified -structure initializer. Each pluggable interface defines methods for -allocating and freeing module state if doing so is necessary for the -interface. - -Pluggable interfaces typically include a **name** field in the vtable -structure, which should be filled in with a pointer to a string -literal containing the module name. - -Here is an example of what an initvt function might look like for a -fictional pluggable interface named fences, for a module named -"wicker":: - - krb5_error_code - fences_wicker_initvt(krb5_context context, int maj_ver, - int min_ver, krb5_plugin_vtable vtable) - { - krb5_ccselect_vtable vt; - - if (maj_ver == 1) { - krb5_fences_vtable vt = (krb5_fences_vtable)vtable; - vt->name = "wicker"; - vt->slats = wicker_slats; - vt->braces = wicker_braces; - } else if (maj_ver == 2) { - krb5_fences_vtable_v2 vt = (krb5_fences_vtable_v2)vtable; - vt->name = "wicker"; - vt->material = wicker_material; - vt->construction = wicker_construction; - if (min_ver < 2) - return 0; - vt->footing = wicker_footing; - if (min_ver < 3) - return 0; - vt->appearance = wicker_appearance; - } else { - return KRB5_PLUGIN_VER_NOTSUPP; - } - return 0; - } - -Logging from KDC and kadmind plugin modules -------------------------------------------- - -Plugin modules for the KDC or kadmind daemons can write to the -configured logging outputs (see :ref:`logging`) by calling the -**com_err** function. The first argument (*whoami*) is ignored. If -the second argument (*code*) is zero, the formatted message is logged -at informational severity; otherwise, the formatted message is logged -at error severity and includes the error message for the supplied -code. Here are examples:: - - com_err("", 0, "Client message contains %d items", nitems); - com_err("", retval, "while decoding client message"); - -(The behavior described above is new in release 1.17. In prior -releases, the *whoami* argument is included for some logging output -types, the logged message does not include the usual header for some -output types, and the severity for syslog outputs is configured as -part of the logging specification, defaulting to error severity.) - -.. _automake: https://www.gnu.org/software/automake/ -.. _libtool: https://www.gnu.org/software/libtool/ diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/gssapi.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/gssapi.rst.txt deleted file mode 100644 index 0918d151..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/gssapi.rst.txt +++ /dev/null @@ -1,134 +0,0 @@ -GSSAPI mechanism interface -========================== - -The GSSAPI library in MIT krb5 can load mechanism modules to augment -the set of built-in mechanisms. - -.. note: The GSSAPI loadable mechanism interface does not follow the - normal conventions for MIT krb5 pluggable interfaces. - -A mechanism module is a Unix shared object or Windows DLL, built -separately from the krb5 tree. Modules are loaded according to the -GSS mechanism config files described in :ref:`gssapi_plugin_config`. - -For the most part, a GSSAPI mechanism module exports the same -functions as would a GSSAPI implementation itself, with the same -function signatures. The mechanism selection layer within the GSSAPI -library (called the "mechglue") will dispatch calls from the -application to the module if the module's mechanism is requested. If -a module does not wish to implement a GSSAPI extension, it can simply -refrain from exporting it, and the mechglue will fail gracefully if -the application calls that function. - -The mechglue does not invoke a module's **gss_add_cred**, -**gss_add_cred_from**, **gss_add_cred_impersonate_name**, or -**gss_add_cred_with_password** function. A mechanism only needs to -implement the "acquire" variants of those functions. - -A module does not need to coordinate its minor status codes with those -of other mechanisms. If the mechglue detects conflicts, it will map -the mechanism's status codes onto unique values, and then map them -back again when **gss_display_status** is called. - - -NegoEx modules --------------- - -Some Windows GSSAPI mechanisms can only be negotiated via a Microsoft -extension to SPNEGO called NegoEx. Beginning with release 1.18, -mechanism modules can support NegoEx as follows: - -* Implement the gssspi_query_meta_data(), gssspi_exchange_meta_data(), - and gssspi_query_mechanism_info() SPIs declared in - ````. - -* Implement gss_inquire_sec_context_by_oid() and answer the - **GSS_C_INQ_NEGOEX_KEY** and **GSS_C_INQ_NEGOEX_VERIFY_KEY** OIDs - to provide the checksum keys for outgoing and incoming checksums, - respectively. The answer must be in two buffers: the first buffer - contains the key contents, and the second buffer contains the key - encryption type as a four-byte little-endian integer. - -By default, NegoEx mechanisms will not be directly negotiated via -SPNEGO. If direct SPNEGO negotiation is required for -interoperability, implement gss_inquire_attrs_for_mech() and assert -the GSS_C_MA_NEGOEX_AND_SPNEGO attribute (along with any applicable -RFC 5587 attributes). - - -Interposer modules ------------------- - -The mechglue also supports a kind of loadable module, called an -interposer module, which intercepts calls to existing mechanisms -rather than implementing a new mechanism. - -An interposer module must export the symbol **gss_mech_interposer** -with the following signature:: - - gss_OID_set gss_mech_interposer(gss_OID mech_type); - -This function is invoked with the OID of the interposer mechanism as -specified in the mechanism config file, and returns a set of mechanism -OIDs to be interposed. The returned OID set must have been created -using the mechglue's gss_create_empty_oid_set and -gss_add_oid_set_member functions. - -An interposer module must use the prefix ``gssi_`` for the GSSAPI -functions it exports, instead of the prefix ``gss_``. In most cases, -unexported ``gssi_`` functions will result in failure from their -corresponding ``gss_`` calls. - -An interposer module can link against the GSSAPI library in order to -make calls to the original mechanism. To do so, it must specify a -special mechanism OID which is the concatention of the interposer's -own OID byte string and the original mechanism's OID byte string. - -Functions that do not accept a mechanism argument directly require no -special handling, with the following exceptions: - -Since **gss_accept_sec_context** does not accept a mechanism argument, -an interposer mechanism must, in order to invoke the original -mechanism's function, acquire a credential for the concatenated OID -and pass that as the *verifier_cred_handle* parameter. - -Since **gss_import_name**, **gss_import_cred**, and -**gss_import_sec_context** do not accept mechanism parameters, the SPI -has been extended to include variants which do. This allows the -interposer module to know which mechanism should be used to interpret -the token. These functions have the following signatures:: - - OM_uint32 gssi_import_sec_context_by_mech(OM_uint32 *minor_status, - gss_OID desired_mech, gss_buffer_t interprocess_token, - gss_ctx_id_t *context_handle); - - OM_uint32 gssi_import_name_by_mech(OM_uint32 *minor_status, - gss_OID mech_type, gss_buffer_t input_name_buffer, - gss_OID input_name_type, gss_name_t output_name); - - OM_uint32 gssi_import_cred_by_mech(OM_uint32 *minor_status, - gss_OID mech_type, gss_buffer_t token, - gss_cred_id_t *cred_handle); - -To re-enter the original mechanism when importing tokens for the above -functions, the interposer module must wrap the mechanism token in the -mechglue's format, using the concatenated OID (except in -**gss_import_name**). The mechglue token formats are: - -* For **gss_import_sec_context**, a four-byte OID length in big-endian - order, followed by the concatenated OID, followed by the mechanism - token. - -* For **gss_import_name**, the bytes 04 01, followed by a two-byte OID - length in big-endian order, followed by the mechanism OID, followed - by a four-byte token length in big-endian order, followed by the - mechanism token. Unlike most uses of OIDs in the API, the mechanism - OID encoding must include the DER tag and length for an object - identifier (06 followed by the DER length of the OID byte string), - and this prefix must be included in the two-byte OID length. - input_name_type must also be set to GSS_C_NT_EXPORT_NAME. - -* For **gss_import_cred**, a four-byte OID length in big-endian order, - followed by the concatenated OID, followed by a four-byte token - length in big-endian order, followed by the mechanism token. This - sequence may be repeated multiple times. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/hostrealm.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/hostrealm.rst.txt deleted file mode 100644 index 4d488ef7..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/hostrealm.rst.txt +++ /dev/null @@ -1,39 +0,0 @@ -.. _hostrealm_plugin: - -Host-to-realm interface (hostrealm) -=================================== - -The host-to-realm interface was first introduced in release 1.12. It -allows modules to control the local mapping of hostnames to realm -names as well as the default realm. For a detailed description of the -hostrealm interface, see the header file -````. - -Although the mapping methods in the hostrealm interface return a list -of one or more realms, only the first realm in the list is currently -used by callers. Callers may begin using later responses in the -future. - -Any mapping method may return KRB5_PLUGIN_NO_HANDLE to defer -processing to a later module. - -A module can create and destroy per-library-context state objects -using the **init** and **fini** methods. If the module does not need -any state, it does not need to implement these methods. - -The optional **host_realm** method allows a module to determine -authoritative realm mappings for a hostname. The first authoritative -mapping is used in preference to KDC referrals when getting service -credentials. - -The optional **fallback_realm** method allows a module to determine -fallback mappings for a hostname. The first fallback mapping is tried -if there is no authoritative mapping for a realm, and KDC referrals -failed to produce a successful result. - -The optional **default_realm** method allows a module to determine the -local default realm. - -If a module implements any of the above methods, it must also -implement **free_list** to ensure that memory is allocated and -deallocated consistently. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/index.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/index.rst.txt deleted file mode 100644 index 5e783463..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/index.rst.txt +++ /dev/null @@ -1,38 +0,0 @@ -For plugin module developers -============================ - -Kerberos plugin modules allow increased control over MIT krb5 library -and server behavior. This guide describes how to create dynamic -plugin modules and the currently available pluggable interfaces. - -See :ref:`plugin_config` for information on how to register dynamic -plugin modules and how to enable and disable modules via -:ref:`krb5.conf(5)`. - -.. TODO: update the above reference when we have a free-form section - in the admin guide about plugin configuration - - -Contents --------- - -.. toctree:: - :maxdepth: 2 - - general.rst - clpreauth.rst - kdcpreauth.rst - ccselect.rst - pwqual.rst - kadm5_hook.rst - kadm5_auth.rst - hostrealm.rst - localauth.rst - locate.rst - profile.rst - gssapi.rst - internal.rst - certauth.rst - kdcpolicy.rst - -.. TODO: GSSAPI mechanism plugins diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/internal.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/internal.rst.txt deleted file mode 100644 index 99e30bb7..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/internal.rst.txt +++ /dev/null @@ -1,32 +0,0 @@ -Internal pluggable interfaces -============================= - -Following are brief discussions of pluggable interfaces which have not -yet been made public. These interfaces are functional, but the -interfaces are likely to change in incompatible ways from release to -release. In some cases, it may be necessary to copy header files from -the krb5 source tree to use an internal interface. Use these with -care, and expect to need to update your modules for each new release -of MIT krb5. - - -Kerberos database interface (KDB) ---------------------------------- - -A KDB module implements a database back end for KDC principal and -policy information, and can also control many aspects of KDC behavior. -For a full description of the interface, see the header file -````. - -The KDB pluggable interface is often referred to as the DAL (Database -Access Layer). - - -Authorization data interface (authdata) ---------------------------------------- - -The authdata interface allows a module to provide (from the KDC) or -consume (in application servers) authorization data of types beyond -those handled by the core MIT krb5 code base. The interface is -defined in the header file ````, which is not -installed by the build. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/kadm5_auth.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/kadm5_auth.rst.txt deleted file mode 100644 index b4839617..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/kadm5_auth.rst.txt +++ /dev/null @@ -1,35 +0,0 @@ -.. _kadm5_auth_plugin: - -kadmin authorization interface (kadm5_auth) -=========================================== - -The kadm5_auth interface (new in release 1.16) allows modules to -determine whether a client principal is authorized to perform an -operation in the kadmin protocol, and to apply restrictions to -principal operations. For a detailed description of the kadm5_auth -interface, see the header file ````. - -A module can create and destroy per-process state objects by -implementing the **init** and **fini** methods. State objects have -the type kadm5_auth_modinfo, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. - -The kadm5_auth interface has one method for each kadmin operation, -with parameters specific to the operation. Each method can return -either 0 to authorize access, KRB5_PLUGIN_NO_HANDLE to defer the -decision to other modules, or another error (canonically EPERM) to -authoritatively deny access. Access is granted if at least one module -grants access and no module authoritatively denies access. - -The **addprinc** and **modprinc** methods can also impose restrictions -on the principal operation by returning a ``struct -kadm5_auth_restrictions`` object. The module should also implement -the **free_restrictions** method if it dynamically allocates -restrictions objects for principal operations. - -kadm5_auth modules can optionally inspect principal or policy objects. -To do this, the module must also include ```` to gain -access to the structure definitions for those objects. As the kadmin -interface is explicitly not as stable as other public interfaces, -modules which do this may not retain compatibility across releases. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/kadm5_hook.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/kadm5_hook.rst.txt deleted file mode 100644 index ece3eacf..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/kadm5_hook.rst.txt +++ /dev/null @@ -1,27 +0,0 @@ -.. _kadm5_hook_plugin: - -KADM5 hook interface (kadm5_hook) -================================= - -The kadm5_hook interface allows modules to perform actions when -changes are made to the Kerberos database through :ref:`kadmin(1)`. -For a detailed description of the kadm5_hook interface, see the header -file ````. - -The kadm5_hook interface has five primary methods: **chpass**, -**create**, **modify**, **remove**, and **rename**. (The **rename** -method was introduced in release 1.14.) Each of these methods is -called twice when the corresponding administrative action takes place, -once before the action is committed and once afterwards. A module can -prevent the action from taking place by returning an error code during -the pre-commit stage. - -A module can create and destroy per-process state objects by -implementing the **init** and **fini** methods. State objects have -the type kadm5_hook_modinfo, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. - -Because the kadm5_hook interface is tied closely to the kadmin -interface (which is explicitly unstable), it may not remain as stable -across versions as other public pluggable interfaces. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/kdcpolicy.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/kdcpolicy.rst.txt deleted file mode 100644 index 74f21f08..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/kdcpolicy.rst.txt +++ /dev/null @@ -1,24 +0,0 @@ -.. _kdcpolicy_plugin: - -KDC policy interface (kdcpolicy) -================================ - -The kdcpolicy interface was first introduced in release 1.16. It -allows modules to veto otherwise valid AS and TGS requests or restrict -the lifetime and renew time of the resulting ticket. For a detailed -description of the kdcpolicy interface, see the header file -````. - -The optional **check_as** and **check_tgs** functions allow the module -to perform access control. Additionally, a module can create and -destroy module data with the **init** and **fini** methods. Module -data objects last for the lifetime of the KDC process, and are -provided to all other methods. The data has the type -krb5_kdcpolicy_moddata, which should be cast to the appropriate -internal type. - -kdcpolicy modules can optionally inspect principal entries. To do -this, the module must also include ```` to gain access to the -principal entry structure definition. As the KDB interface is -explicitly not as stable as other public interfaces, modules which do -this may not retain compatibility across releases. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/kdcpreauth.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/kdcpreauth.rst.txt deleted file mode 100644 index ab7f3a90..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/kdcpreauth.rst.txt +++ /dev/null @@ -1,79 +0,0 @@ -KDC preauthentication interface (kdcpreauth) -============================================ - -The kdcpreauth interface allows the addition of KDC support for -preauthentication mechanisms beyond those included in the core MIT -krb5 code base. For a detailed description of the kdcpreauth -interface, see the header file ```` (or -```` before release 1.12). - -A kdcpreauth module is generally responsible for: - -* Supplying a list of preauth type numbers used by the module in the - **pa_type_list** field of the vtable structure. - -* Indicating what kind of preauthentication mechanism it implements, - with the **flags** method. If the mechanism computes a new reply - key, it must specify the ``PA_REPLACES_KEY`` flag. If the mechanism - is generally only used with hardware tokens, the ``PA_HARDWARE`` - flag allows the mechanism to work with principals which have the - **requires_hwauth** flag set. - -* Producing a padata value to be sent with a preauth_required error, - with the **edata** method. - -* Examining a padata value sent by a client and verifying that it - proves knowledge of the appropriate client credential information. - This is done with the **verify** method. - -* Producing a padata response value for the client, and possibly - computing a reply key. This is done with the **return_padata** - method. - -A module can create and destroy per-KDC state objects by implementing -the **init** and **fini** methods. Per-KDC state objects have the -type krb5_kdcpreauth_moddata, which is an abstract pointer types. A -module should typically cast this to an internal type for the state -object. - -A module can create a per-request state object by returning one in the -**verify** method, receiving it in the **return_padata** method, and -destroying it in the **free_modreq** method. Note that these state -objects only apply to the processing of a single AS request packet, -not to an entire authentication exchange (since an authentication -exchange may remain unfinished by the client or may involve multiple -different KDC hosts). Per-request state objects have the type -krb5_kdcpreauth_modreq, which is an abstract pointer type. - -The **edata**, **verify**, and **return_padata** methods have access -to a callback function and handle (called a "rock") which can be used -to get additional information about the current request, including the -maximum allowable clock skew, the client's long-term keys, the -DER-encoded request body, the FAST armor key, string attributes on the -client's database entry, and the client's database entry itself. The -**verify** method can assert one or more authentication indicators to -be included in the issued ticket using the ``add_auth_indicator`` -callback (new in release 1.14). - -A module can generate state information to be included with the next -client request using the ``set_cookie`` callback (new in release -1.14). On the next request, the module can read this state -information using the ``get_cookie`` callback. Cookie information is -encrypted, timestamped, and transmitted to the client in a -``PA-FX-COOKIE`` pa-data item. Older clients may not support cookies -and therefore may not transmit the cookie in the next request; in this -case, ``get_cookie`` will not yield the saved information. - -If a module implements a mechanism which requires multiple round -trips, its **verify** method can respond with the code -``KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED`` and a list of pa-data in -the *e_data* parameter to be processed by the client. - -The **edata** and **verify** methods can be implemented -asynchronously. Because of this, they do not return values directly -to the caller, but must instead invoke responder functions with their -results. A synchronous implementation can invoke the responder -function immediately. An asynchronous implementation can use the -callback to get an event context for use with the libverto_ API. - -.. _libverto: https://fedorahosted.org/libverto/ diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/localauth.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/localauth.rst.txt deleted file mode 100644 index 6f396a9c..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/localauth.rst.txt +++ /dev/null @@ -1,43 +0,0 @@ -.. _localauth_plugin: - -Local authorization interface (localauth) -========================================= - -The localauth interface was first introduced in release 1.12. It -allows modules to control the relationship between Kerberos principals -and local system accounts. When an application calls -:c:func:`krb5_kuserok` or :c:func:`krb5_aname_to_localname`, localauth -modules are consulted to determine the result. For a detailed -description of the localauth interface, see the header file -````. - -A module can create and destroy per-library-context state objects -using the **init** and **fini** methods. If the module does not need -any state, it does not need to implement these methods. - -The optional **userok** method allows a module to control the behavior -of :c:func:`krb5_kuserok`. The module receives the authenticated name -and the local account name as inputs, and can return either 0 to -authorize access, KRB5_PLUGIN_NO_HANDLE to defer the decision to other -modules, or another error (canonically EPERM) to authoritatively deny -access. Access is granted if at least one module grants access and no -module authoritatively denies access. - -The optional **an2ln** method can work in two different ways. If the -module sets an array of uppercase type names in **an2ln_types**, then -the module's **an2ln** method will only be invoked by -:c:func:`krb5_aname_to_localname` if an **auth_to_local** value in -:ref:`krb5.conf(5)` refers to one of the module's types. In this -case, the *type* and *residual* arguments will give the type name and -residual string of the **auth_to_local** value. - -If the module does not set **an2ln_types** but does implement -**an2ln**, the module's **an2ln** method will be invoked for all -:c:func:`krb5_aname_to_localname` operations unless an earlier module -determines a mapping, with *type* and *residual* set to NULL. The -module can return KRB5_LNAME_NO_TRANS to defer mapping to later -modules. - -If a module implements **an2ln**, it must also implement -**free_string** to ensure that memory is allocated and deallocated -consistently. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/locate.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/locate.rst.txt deleted file mode 100644 index fca6a4da..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/locate.rst.txt +++ /dev/null @@ -1,32 +0,0 @@ -Server location interface (locate) -================================== - -The locate interface allows modules to control how KDCs and similar -services are located by clients. For a detailed description of the -ccselect interface, see the header file ````. - -.. note: The locate interface does not follow the normal conventions - for MIT krb5 pluggable interfaces, because it was made public - before those conventions were established. - -A locate module exports a structure object of type -krb5plugin_service_locate_ftable, with the name ``service_locator``. -The structure contains a minor version and pointers to the module's -methods. - -The primary locate method is **lookup**, which accepts a service type, -realm name, desired socket type, and desired address family (which -will be AF_UNSPEC if no specific address family is desired). The -method should invoke the callback function once for each server -address it wants to return, passing a socket type (SOCK_STREAM for TCP -or SOCK_DGRAM for UDP) and socket address. The **lookup** method -should return 0 if it has authoritatively determined the server -addresses for the realm, KRB5_PLUGIN_NO_HANDLE if it wants to let -other location mechanisms determine the server addresses, or another -code if it experienced a failure which should abort the location -process. - -A module can create and destroy per-library-context state objects by -implementing the **init** and **fini** methods. State objects have -the type void \*, and should be cast to an internal type for the state -object. diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/profile.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/profile.rst.txt deleted file mode 100644 index 209c0644..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/profile.rst.txt +++ /dev/null @@ -1,96 +0,0 @@ -.. _profile_plugin: - -Configuration interface (profile) -================================= - -The profile interface allows a module to control how krb5 -configuration information is obtained by the Kerberos library and -applications. For a detailed description of the profile interface, -see the header file ````. - -.. note:: - - The profile interface does not follow the normal conventions - for MIT krb5 pluggable interfaces, because it is part of a - lower-level component of the krb5 library. - -As with other types of plugin modules, a profile module is a Unix -shared object or Windows DLL, built separately from the krb5 tree. -The krb5 library will dynamically load and use a profile plugin module -if it reads a ``module`` directive at the beginning of krb5.conf, as -described in :ref:`profile_plugin_config`. - -A profile module exports a function named ``profile_module_init`` -matching the signature of the profile_module_init_fn type. This -function accepts a residual string, which may be used to help locate -the configuration source. The function fills in a vtable and may also -create a per-profile state object. If the module uses state objects, -it should implement the **copy** and **cleanup** methods to manage -them. - -A basic read-only profile module need only implement the -**get_values** and **free_values** methods. The **get_values** method -accepts a null-terminated list of C string names (e.g., an array -containing "libdefaults", "clockskew", and NULL for the **clockskew** -variable in the :ref:`libdefaults` section) and returns a -null-terminated list of values, which will be cleaned up with the -**free_values** method when the caller is done with them. - -Iterable profile modules must also define the **iterator_create**, -**iterator**, **iterator_free**, and **free_string** methods. The -core krb5 code does not require profiles to be iterable, but some -applications may iterate over the krb5 profile object in order to -present configuration interfaces. - -Writable profile modules must also define the **writable**, -**modified**, **update_relation**, **rename_section**, -**add_relation**, and **flush** methods. The core krb5 code does not -require profiles to be writable, but some applications may write to -the krb5 profile in order to present configuration interfaces. - -The following is an example of a very basic read-only profile module -which returns a hardcoded value for the **default_realm** variable in -:ref:`libdefaults`, and provides no other configuration information. -(For conciseness, the example omits code for checking the return -values of malloc and strdup.) :: - - #include - #include - #include - - static long - get_values(void *cbdata, const char *const *names, char ***values) - { - if (names[0] != NULL && strcmp(names[0], "libdefaults") == 0 && - names[1] != NULL && strcmp(names[1], "default_realm") == 0) { - *values = malloc(2 * sizeof(char *)); - (*values)[0] = strdup("ATHENA.MIT.EDU"); - (*values)[1] = NULL; - return 0; - } - return PROF_NO_RELATION; - } - - static void - free_values(void *cbdata, char **values) - { - char **v; - - for (v = values; *v; v++) - free(*v); - free(values); - } - - long - profile_module_init(const char *residual, struct profile_vtable *vtable, - void **cb_ret); - - long - profile_module_init(const char *residual, struct profile_vtable *vtable, - void **cb_ret) - { - *cb_ret = NULL; - vtable->get_values = get_values; - vtable->free_values = free_values; - return 0; - } diff --git a/krb5-1.21.3/doc/html/_sources/plugindev/pwqual.rst.txt b/krb5-1.21.3/doc/html/_sources/plugindev/pwqual.rst.txt deleted file mode 100644 index 523b95c5..00000000 --- a/krb5-1.21.3/doc/html/_sources/plugindev/pwqual.rst.txt +++ /dev/null @@ -1,25 +0,0 @@ -.. _pwqual_plugin: - -Password quality interface (pwqual) -=================================== - -The pwqual interface allows modules to control what passwords are -allowed when a user changes passwords. For a detailed description of -the pwqual interface, see the header file ````. - -The primary pwqual method is **check**, which receives a password as -input and returns success (0) or a ``KADM5_PASS_Q_`` failure code -depending on whether the password is allowed. The **check** method -also receives the principal name and the name of the principal's -password policy as input; although there is no stable interface for -the module to obtain the fields of the password policy, it can define -its own configuration or data store based on the policy name. - -A module can create and destroy per-process state objects by -implementing the **open** and **close** methods. State objects have -the type krb5_pwqual_moddata, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. The **open** method also receives the name of the realm's -dictionary file (as configured by the **dict_file** variable in the -:ref:`kdc_realms` section of :ref:`kdc.conf(5)`) if it wishes to use -it. diff --git a/krb5-1.21.3/doc/html/_sources/resources.rst.txt b/krb5-1.21.3/doc/html/_sources/resources.rst.txt deleted file mode 100644 index 2ac2791c..00000000 --- a/krb5-1.21.3/doc/html/_sources/resources.rst.txt +++ /dev/null @@ -1,60 +0,0 @@ -Resources -========= - -Mailing lists -------------- - -* kerberos@mit.edu is a community resource for discussion and - questions about MIT krb5 and other Kerberos implementations. To - subscribe to the list, please follow the instructions at - https://mailman.mit.edu/mailman/listinfo/kerberos. -* krbdev@mit.edu is the primary list for developers of MIT Kerberos. - To subscribe to the list, please follow the instructions at - https://mailman.mit.edu/mailman/listinfo/krbdev. -* krb5-bugs@mit.edu is notified when a ticket is created or updated. - This list helps track bugs and feature requests. - In addition, this list is used to track documentation criticism - and recommendations for improvements. -* krbcore@mit.edu is a private list for the MIT krb5 core team. Send - mail to this list if you need to contact the core team. -* krbcore-security@mit.edu is the point of contact for security problems - with MIT Kerberos. Please use PGP-encrypted mail to report possible - vulnerabilities to this list. - - -IRC channels ------------- - -The IRC channel `#kerberos` on libera.chat is a community resource for -general Kerberos discussion and support. - -The main IRC channel for MIT Kerberos development is `#krbdev` on -Libera Chat. - -For more information about Libera Chat, see https://libera.chat/. - - -Archives --------- - -* The archive https://mailman.mit.edu/pipermail/kerberos/ contains - past postings from the `kerberos@mit.edu` list. - -* The https://mailman.mit.edu/pipermail/krbdev/ contains past postings - from the `krbdev@mit.edu` list. - - -Wiki ----- - -The wiki at https://k5wiki.kerberos.org/ contains useful information -for developers working on the MIT Kerberos source code. Some of the -information on the wiki may be useful for advanced users or system -administrators. - -Web pages ---------- - -* https://web.mit.edu/kerberos/ is the MIT Kerberos software web page. - -* https://kerberos.org/ is the MIT Kerberos Consortium web page. diff --git a/krb5-1.21.3/doc/html/_sources/user/index.rst.txt b/krb5-1.21.3/doc/html/_sources/user/index.rst.txt deleted file mode 100644 index 233c3ef5..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/index.rst.txt +++ /dev/null @@ -1,10 +0,0 @@ -For users -========= - -.. toctree:: - :maxdepth: 2 - - pwd_mgmt.rst - tkt_mgmt.rst - user_config/index.rst - user_commands/index.rst diff --git a/krb5-1.21.3/doc/html/_sources/user/pwd_mgmt.rst.txt b/krb5-1.21.3/doc/html/_sources/user/pwd_mgmt.rst.txt deleted file mode 100644 index ed7d459f..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/pwd_mgmt.rst.txt +++ /dev/null @@ -1,106 +0,0 @@ -Password management -=================== - -Your password is the only way Kerberos has of verifying your identity. -If someone finds out your password, that person can masquerade as -you---send email that comes from you, read, edit, or delete your files, -or log into other hosts as you---and no one will be able to tell the -difference. For this reason, it is important that you choose a good -password, and keep it secret. If you need to give access to your -account to someone else, you can do so through Kerberos (see -:ref:`grant_access`). You should never tell your password to anyone, -including your system administrator, for any reason. You should -change your password frequently, particularly any time you think -someone may have found out what it is. - - -Changing your password ----------------------- - -To change your Kerberos password, use the :ref:`kpasswd(1)` command. -It will ask you for your old password (to prevent someone else from -walking up to your computer when you're not there and changing your -password), and then prompt you for the new one twice. (The reason you -have to type it twice is to make sure you have typed it correctly.) -For example, user ``david`` would do the following:: - - shell% kpasswd - Password for david: <- Type your old password. - Enter new password: <- Type your new password. - Enter it again: <- Type the new password again. - Password changed. - shell% - -If ``david`` typed the incorrect old password, he would get the -following message:: - - shell% kpasswd - Password for david: <- Type the incorrect old password. - kpasswd: Password incorrect while getting initial ticket - shell% - -If you make a mistake and don't type the new password the same way -twice, kpasswd will ask you to try again:: - - shell% kpasswd - Password for david: <- Type the old password. - Enter new password: <- Type the new password. - Enter it again: <- Type a different new password. - kpasswd: Password mismatch while reading password - shell% - -Once you change your password, it takes some time for the change to -propagate through the system. Depending on how your system is set up, -this might be anywhere from a few minutes to an hour or more. If you -need to get new Kerberos tickets shortly after changing your password, -try the new password. If the new password doesn't work, try again -using the old one. - - -.. _grant_access: - -Granting access to your account -------------------------------- - -If you need to give someone access to log into your account, you can -do so through Kerberos, without telling the person your password. -Simply create a file called :ref:`.k5login(5)` in your home directory. -This file should contain the Kerberos principal of each person to whom -you wish to give access. Each principal must be on a separate line. -Here is a sample .k5login file:: - - jennifer@ATHENA.MIT.EDU - david@EXAMPLE.COM - -This file would allow the users ``jennifer`` and ``david`` to use your -user ID, provided that they had Kerberos tickets in their respective -realms. If you will be logging into other hosts across a network, you -will want to include your own Kerberos principal in your .k5login file -on each of these hosts. - -Using a .k5login file is much safer than giving out your password, -because: - -* You can take access away any time simply by removing the principal - from your .k5login file. - -* Although the user has full access to your account on one particular - host (or set of hosts if your .k5login file is shared, e.g., over - NFS), that user does not inherit your network privileges. - -* Kerberos keeps a log of who obtains tickets, so a system - administrator could find out, if necessary, who was capable of using - your user ID at a particular time. - -One common application is to have a .k5login file in root's home -directory, giving root access to that machine to the Kerberos -principals listed. This allows system administrators to allow users -to become root locally, or to log in remotely as root, without their -having to give out the root password, and without anyone having to -type the root password over the network. - - -Password quality verification ------------------------------ - -TODO diff --git a/krb5-1.21.3/doc/html/_sources/user/tkt_mgmt.rst.txt b/krb5-1.21.3/doc/html/_sources/user/tkt_mgmt.rst.txt deleted file mode 100644 index 9ec7f1e7..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/tkt_mgmt.rst.txt +++ /dev/null @@ -1,314 +0,0 @@ -Ticket management -================= - -On many systems, Kerberos is built into the login program, and you get -tickets automatically when you log in. Other programs, such as ssh, -can forward copies of your tickets to a remote host. Most of these -programs also automatically destroy your tickets when they exit. -However, MIT recommends that you explicitly destroy your Kerberos -tickets when you are through with them, just to be sure. One way to -help ensure that this happens is to add the :ref:`kdestroy(1)` command -to your .logout file. Additionally, if you are going to be away from -your machine and are concerned about an intruder using your -permissions, it is safest to either destroy all copies of your -tickets, or use a screensaver that locks the screen. - - -Kerberos ticket properties --------------------------- - -There are various properties that Kerberos tickets can have: - -If a ticket is **forwardable**, then the KDC can issue a new ticket -(with a different network address, if necessary) based on the -forwardable ticket. This allows for authentication forwarding without -requiring a password to be typed in again. For example, if a user -with a forwardable TGT logs into a remote system, the KDC could issue -a new TGT for that user with the network address of the remote system, -allowing authentication on that host to work as though the user were -logged in locally. - -When the KDC creates a new ticket based on a forwardable ticket, it -sets the **forwarded** flag on that new ticket. Any tickets that are -created based on a ticket with the forwarded flag set will also have -their forwarded flags set. - -A **proxiable** ticket is similar to a forwardable ticket in that it -allows a service to take on the identity of the client. Unlike a -forwardable ticket, however, a proxiable ticket is only issued for -specific services. In other words, a ticket-granting ticket cannot be -issued based on a ticket that is proxiable but not forwardable. - -A **proxy** ticket is one that was issued based on a proxiable ticket. - -A **postdated** ticket is issued with the invalid flag set. After the -starting time listed on the ticket, it can be presented to the KDC to -obtain valid tickets. - -Ticket-granting tickets with the **postdateable** flag set can be used -to obtain postdated service tickets. - -**Renewable** tickets can be used to obtain new session keys without -the user entering their password again. A renewable ticket has two -expiration times. The first is the time at which this particular -ticket expires. The second is the latest possible expiration time for -any ticket issued based on this renewable ticket. - -A ticket with the **initial flag** set was issued based on the -authentication protocol, and not on a ticket-granting ticket. -Application servers that wish to ensure that the user's key has been -recently presented for verification could specify that this flag must -be set to accept the ticket. - -An **invalid** ticket must be rejected by application servers. -Postdated tickets are usually issued with this flag set, and must be -validated by the KDC before they can be used. - -A **preauthenticated** ticket is one that was only issued after the -client requesting the ticket had authenticated itself to the KDC. - -The **hardware authentication** flag is set on a ticket which required -the use of hardware for authentication. The hardware is expected to -be possessed only by the client which requested the tickets. - -If a ticket has the **transit policy** checked flag set, then the KDC -that issued this ticket implements the transited-realm check policy -and checked the transited-realms list on the ticket. The -transited-realms list contains a list of all intermediate realms -between the realm of the KDC that issued the first ticket and that of -the one that issued the current ticket. If this flag is not set, then -the application server must check the transited realms itself or else -reject the ticket. - -The **okay as delegate** flag indicates that the server specified in -the ticket is suitable as a delegate as determined by the policy of -that realm. Some client applications may use this flag to decide -whether to forward tickets to a remote host, although many -applications do not honor it. - -An **anonymous** ticket is one in which the named principal is a -generic principal for that realm; it does not actually specify the -individual that will be using the ticket. This ticket is meant only -to securely distribute a session key. - - -.. _obtain_tkt: - -Obtaining tickets with kinit ----------------------------- - -If your site has integrated Kerberos V5 with the login system, you -will get Kerberos tickets automatically when you log in. Otherwise, -you may need to explicitly obtain your Kerberos tickets, using the -:ref:`kinit(1)` program. Similarly, if your Kerberos tickets expire, -use the kinit program to obtain new ones. - -To use the kinit program, simply type ``kinit`` and then type your -password at the prompt. For example, Jennifer (whose username is -``jennifer``) works for Bleep, Inc. (a fictitious company with the -domain name mit.edu and the Kerberos realm ATHENA.MIT.EDU). She would -type:: - - shell% kinit - Password for jennifer@ATHENA.MIT.EDU: <-- [Type jennifer's password here.] - shell% - -If you type your password incorrectly, kinit will give you the -following error message:: - - shell% kinit - Password for jennifer@ATHENA.MIT.EDU: <-- [Type the wrong password here.] - kinit: Password incorrect - shell% - -and you won't get Kerberos tickets. - -By default, kinit assumes you want tickets for your own username in -your default realm. Suppose Jennifer's friend David is visiting, and -he wants to borrow a window to check his mail. David needs to get -tickets for himself in his own realm, EXAMPLE.COM. He would type:: - - shell% kinit david@EXAMPLE.COM - Password for david@EXAMPLE.COM: <-- [Type david's password here.] - shell% - -David would then have tickets which he could use to log onto his own -machine. Note that he typed his password locally on Jennifer's -machine, but it never went over the network. Kerberos on the local -host performed the authentication to the KDC in the other realm. - -If you want to be able to forward your tickets to another host, you -need to request forwardable tickets. You do this by specifying the -**-f** option:: - - shell% kinit -f - Password for jennifer@ATHENA.MIT.EDU: <-- [Type your password here.] - shell% - -Note that kinit does not tell you that it obtained forwardable -tickets; you can verify this using the :ref:`klist(1)` command (see -:ref:`view_tkt`). - -Normally, your tickets are good for your system's default ticket -lifetime, which is ten hours on many systems. You can specify a -different ticket lifetime with the **-l** option. Add the letter -**s** to the value for seconds, **m** for minutes, **h** for hours, or -**d** for days. For example, to obtain forwardable tickets for -``david@EXAMPLE.COM`` that would be good for three hours, you would -type:: - - shell% kinit -f -l 3h david@EXAMPLE.COM - Password for david@EXAMPLE.COM: <-- [Type david's password here.] - shell% - -.. note:: - - You cannot mix units; specifying a lifetime of 3h30m would - result in an error. Note also that most systems specify a - maximum ticket lifetime. If you request a longer ticket - lifetime, it will be automatically truncated to the maximum - lifetime. - - -.. _view_tkt: - -Viewing tickets with klist --------------------------- - -The :ref:`klist(1)` command shows your tickets. When you first obtain -tickets, you will have only the ticket-granting ticket. The listing -would look like this:: - - shell% klist - Ticket cache: /tmp/krb5cc_ttypa - Default principal: jennifer@ATHENA.MIT.EDU - - Valid starting Expires Service principal - 06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - shell% - -The ticket cache is the location of your ticket file. In the above -example, this file is named ``/tmp/krb5cc_ttypa``. The default -principal is your Kerberos principal. - -The "valid starting" and "expires" fields describe the period of time -during which the ticket is valid. The "service principal" describes -each ticket. The ticket-granting ticket has a first component -``krbtgt``, and a second component which is the realm name. - -Now, if ``jennifer`` connected to the machine ``daffodil.mit.edu``, -and then typed "klist" again, she would have gotten the following -result:: - - shell% klist - Ticket cache: /tmp/krb5cc_ttypa - Default principal: jennifer@ATHENA.MIT.EDU - - Valid starting Expires Service principal - 06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - 06/07/04 20:22:30 06/08/04 05:49:19 host/daffodil.mit.edu@ATHENA.MIT.EDU - shell% - -Here's what happened: when ``jennifer`` used ssh to connect to the -host ``daffodil.mit.edu``, the ssh program presented her -ticket-granting ticket to the KDC and requested a host ticket for the -host ``daffodil.mit.edu``. The KDC sent the host ticket, which ssh -then presented to the host ``daffodil.mit.edu``, and she was allowed -to log in without typing her password. - -Suppose your Kerberos tickets allow you to log into a host in another -domain, such as ``trillium.example.com``, which is also in another -Kerberos realm, ``EXAMPLE.COM``. If you ssh to this host, you will -receive a ticket-granting ticket for the realm ``EXAMPLE.COM``, plus -the new host ticket for ``trillium.example.com``. klist will now -show:: - - shell% klist - Ticket cache: /tmp/krb5cc_ttypa - Default principal: jennifer@ATHENA.MIT.EDU - - Valid starting Expires Service principal - 06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - 06/07/04 20:22:30 06/08/04 05:49:19 host/daffodil.mit.edu@ATHENA.MIT.EDU - 06/07/04 20:24:18 06/08/04 05:49:19 krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU - 06/07/04 20:24:18 06/08/04 05:49:19 host/trillium.example.com@EXAMPLE.COM - shell% - -Depending on your host's and realm's configuration, you may also see a -ticket with the service principal ``host/trillium.example.com@``. If -so, this means that your host did not know what realm -trillium.example.com is in, so it asked the ``ATHENA.MIT.EDU`` KDC for -a referral. The next time you connect to ``trillium.example.com``, -the odd-looking entry will be used to avoid needing to ask for a -referral again. - -You can use the **-f** option to view the flags that apply to your -tickets. The flags are: - -===== ========================= - F Forwardable - f forwarded - P Proxiable - p proxy - D postDateable - d postdated - R Renewable - I Initial - i invalid - H Hardware authenticated - A preAuthenticated - T Transit policy checked - O Okay as delegate - a anonymous -===== ========================= - -Here is a sample listing. In this example, the user *jennifer* -obtained her initial tickets (**I**), which are forwardable (**F**) -and postdated (**d**) but not yet validated (**i**):: - - shell% klist -f - Ticket cache: /tmp/krb5cc_320 - Default principal: jennifer@ATHENA.MIT.EDU - - Valid starting Expires Service principal - 31/07/05 19:06:25 31/07/05 19:16:25 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - Flags: FdiI - shell% - -In the following example, the user *david*'s tickets were forwarded -(**f**) to this host from another host. The tickets are reforwardable -(**F**):: - - shell% klist -f - Ticket cache: /tmp/krb5cc_p11795 - Default principal: david@EXAMPLE.COM - - Valid starting Expires Service principal - 07/31/05 11:52:29 07/31/05 21:11:23 krbtgt/EXAMPLE.COM@EXAMPLE.COM - Flags: Ff - 07/31/05 12:03:48 07/31/05 21:11:23 host/trillium.example.com@EXAMPLE.COM - Flags: Ff - shell% - - -Destroying tickets with kdestroy --------------------------------- - -Your Kerberos tickets are proof that you are indeed yourself, and -tickets could be stolen if someone gains access to a computer where -they are stored. If this happens, the person who has them can -masquerade as you until they expire. For this reason, you should -destroy your Kerberos tickets when you are away from your computer. - -Destroying your tickets is easy. Simply type kdestroy:: - - shell% kdestroy - shell% - -If :ref:`kdestroy(1)` fails to destroy your tickets, it will beep and -give an error message. For example, if kdestroy can't find any -tickets to destroy, it will give the following message:: - - shell% kdestroy - kdestroy: No credentials cache file found while destroying cache - shell% diff --git a/krb5-1.21.3/doc/html/_sources/user/user_commands/index.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_commands/index.rst.txt deleted file mode 100644 index 7ce86a14..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_commands/index.rst.txt +++ /dev/null @@ -1,17 +0,0 @@ -.. _user_commands: - -User commands -============= - -.. toctree:: - :maxdepth: 1 - - kdestroy.rst - kinit.rst - klist.rst - kpasswd.rst - krb5-config.rst - ksu.rst - kswitch.rst - kvno.rst - sclient.rst diff --git a/krb5-1.21.3/doc/html/_sources/user/user_commands/kdestroy.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_commands/kdestroy.rst.txt deleted file mode 100644 index b15846f9..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_commands/kdestroy.rst.txt +++ /dev/null @@ -1,77 +0,0 @@ -.. _kdestroy(1): - -kdestroy -======== - -SYNOPSIS --------- - -**kdestroy** -[**-A**] -[**-q**] -[**-c** *cache_name*] -[**-p** *princ_name*] - - -DESCRIPTION ------------ - -The kdestroy utility destroys the user's active Kerberos authorization -tickets by overwriting and deleting the credentials cache that -contains them. If the credentials cache is not specified, the default -credentials cache is destroyed. - - -OPTIONS -------- - -**-A** - Destroys all caches in the collection, if a cache collection is - available. May be used with the **-c** option to specify the - collection to be destroyed. - -**-q** - Run quietly. Normally kdestroy beeps if it fails to destroy the - user's tickets. The **-q** flag suppresses this behavior. - -**-c** *cache_name* - Use *cache_name* as the credentials (ticket) cache name and - location; if this option is not used, the default cache name and - location are used. - - The default credentials cache may vary between systems. If the - **KRB5CCNAME** environment variable is set, its value is used to - name the default ticket cache. - -**-p** *princ_name* - If a cache collection is available, destroy the cache for - *princ_name* instead of the primary cache. May be used with the - **-c** option to specify the collection to be searched. - - -NOTE ----- - -Most installations recommend that you place the kdestroy command in -your .logout file, so that your tickets are destroyed automatically -when you log out. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -FILES ------ - -|ccache| - Default location of Kerberos 5 credentials cache - - -SEE ALSO --------- - -:ref:`kinit(1)`, :ref:`klist(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/user/user_commands/kinit.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_commands/kinit.rst.txt deleted file mode 100644 index 5b105e35..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_commands/kinit.rst.txt +++ /dev/null @@ -1,230 +0,0 @@ -.. _kinit(1): - -kinit -===== - -SYNOPSIS --------- - -**kinit** -[**-V**] -[**-l** *lifetime*] -[**-s** *start_time*] -[**-r** *renewable_life*] -[**-p** | -**P**] -[**-f** | -**F**] -[**-a**] -[**-A**] -[**-C**] -[**-E**] -[**-v**] -[**-R**] -[**-k** [**-i** | -**t** *keytab_file*]] -[**-c** *cache_name*] -[**-n**] -[**-S** *service_name*] -[**-I** *input_ccache*] -[**-T** *armor_ccache*] -[**-X** *attribute*\ [=\ *value*]] -[**--request-pac** | **--no-request-pac**] -[*principal*] - - -DESCRIPTION ------------ - -kinit obtains and caches an initial ticket-granting ticket for -*principal*. If *principal* is absent, kinit chooses an appropriate -principal name based on existing credential cache contents or the -local username of the user invoking kinit. Some options modify the -choice of principal name. - - -OPTIONS -------- - -**-V** - display verbose output. - -**-l** *lifetime* - (:ref:`duration` string.) Requests a ticket with the lifetime - *lifetime*. - - For example, ``kinit -l 5:30`` or ``kinit -l 5h30m``. - - If the **-l** option is not specified, the default ticket lifetime - (configured by each site) is used. Specifying a ticket lifetime - longer than the maximum ticket lifetime (configured by each site) - will not override the configured maximum ticket lifetime. - -**-s** *start_time* - (:ref:`duration` string.) Requests a postdated ticket. Postdated - tickets are issued with the **invalid** flag set, and need to be - resubmitted to the KDC for validation before use. - - *start_time* specifies the duration of the delay before the ticket - can become valid. - -**-r** *renewable_life* - (:ref:`duration` string.) Requests renewable tickets, with a total - lifetime of *renewable_life*. - -**-f** - requests forwardable tickets. - -**-F** - requests non-forwardable tickets. - -**-p** - requests proxiable tickets. - -**-P** - requests non-proxiable tickets. - -**-a** - requests tickets restricted to the host's local address[es]. - -**-A** - requests tickets not restricted by address. - -**-C** - requests canonicalization of the principal name, and allows the - KDC to reply with a different client principal from the one - requested. - -**-E** - treats the principal name as an enterprise name. - -**-v** - requests that the ticket-granting ticket in the cache (with the - **invalid** flag set) be passed to the KDC for validation. If the - ticket is within its requested time range, the cache is replaced - with the validated ticket. - -**-R** - requests renewal of the ticket-granting ticket. Note that an - expired ticket cannot be renewed, even if the ticket is still - within its renewable life. - - Note that renewable tickets that have expired as reported by - :ref:`klist(1)` may sometimes be renewed using this option, - because the KDC applies a grace period to account for client-KDC - clock skew. See :ref:`krb5.conf(5)` **clockskew** setting. - -**-k** [**-i** | **-t** *keytab_file*] - requests a ticket, obtained from a key in the local host's keytab. - The location of the keytab may be specified with the **-t** - *keytab_file* option, or with the **-i** option to specify the use - of the default client keytab; otherwise the default keytab will be - used. By default, a host ticket for the local host is requested, - but any principal may be specified. On a KDC, the special keytab - location ``KDB:`` can be used to indicate that kinit should open - the KDC database and look up the key directly. This permits an - administrator to obtain tickets as any principal that supports - authentication based on the key. - -**-n** - Requests anonymous processing. Two types of anonymous principals - are supported. - - For fully anonymous Kerberos, configure pkinit on the KDC and - configure **pkinit_anchors** in the client's :ref:`krb5.conf(5)`. - Then use the **-n** option with a principal of the form ``@REALM`` - (an empty principal name followed by the at-sign and a realm - name). If permitted by the KDC, an anonymous ticket will be - returned. - - A second form of anonymous tickets is supported; these - realm-exposed tickets hide the identity of the client but not the - client's realm. For this mode, use ``kinit -n`` with a normal - principal name. If supported by the KDC, the principal (but not - realm) will be replaced by the anonymous principal. - - As of release 1.8, the MIT Kerberos KDC only supports fully - anonymous operation. - -**-I** *input_ccache* - - Specifies the name of a credentials cache that already contains a - ticket. When obtaining that ticket, if information about how that - ticket was obtained was also stored to the cache, that information - will be used to affect how new credentials are obtained, including - preselecting the same methods of authenticating to the KDC. - -**-T** *armor_ccache* - Specifies the name of a credentials cache that already contains a - ticket. If supported by the KDC, this cache will be used to armor - the request, preventing offline dictionary attacks and allowing - the use of additional preauthentication mechanisms. Armoring also - makes sure that the response from the KDC is not modified in - transit. - -**-c** *cache_name* - use *cache_name* as the Kerberos 5 credentials (ticket) cache - location. If this option is not used, the default cache location - is used. - - The default cache location may vary between systems. If the - **KRB5CCNAME** environment variable is set, its value is used to - locate the default cache. If a principal name is specified and - the type of the default cache supports a collection (such as the - DIR type), an existing cache containing credentials for the - principal is selected or a new one is created and becomes the new - primary cache. Otherwise, any existing contents of the default - cache are destroyed by kinit. - -**-S** *service_name* - specify an alternate service name to use when getting initial - tickets. - -**-X** *attribute*\ [=\ *value*] - specify a pre-authentication *attribute* and *value* to be - interpreted by pre-authentication modules. The acceptable - attribute and value values vary from module to module. This - option may be specified multiple times to specify multiple - attributes. If no value is specified, it is assumed to be "yes". - - The following attributes are recognized by the PKINIT - pre-authentication mechanism: - - **X509_user_identity**\ =\ *value* - specify where to find user's X509 identity information - - **X509_anchors**\ =\ *value* - specify where to find trusted X509 anchor information - - **flag_RSA_PROTOCOL**\ [**=yes**] - specify use of RSA, rather than the default Diffie-Hellman - protocol - - **disable_freshness**\ [**=yes**] - disable sending freshness tokens (for testing purposes only) - -**--request-pac** | **--no-request-pac** - mutually exclusive. If **--request-pac** is set, ask the KDC to - include a PAC in authdata; if **--no-request-pac** is set, ask the - KDC not to include a PAC; if neither are set, the KDC will follow - its default, which is typically is to include a PAC if doing so is - supported. - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -FILES ------ - -|ccache| - default location of Kerberos 5 credentials cache - -|keytab| - default location for the local host's keytab. - - -SEE ALSO --------- - -:ref:`klist(1)`, :ref:`kdestroy(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/user/user_commands/klist.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_commands/klist.rst.txt deleted file mode 100644 index eb556450..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_commands/klist.rst.txt +++ /dev/null @@ -1,129 +0,0 @@ -.. _klist(1): - -klist -===== - -SYNOPSIS --------- - -**klist** -[**-e**] -[[**-c**] [**-l**] [**-A**] [**-f**] [**-s**] [**-a** [**-n**]]] -[**-C**] -[**-k** [**-i**] [**-t**] [**-K**]] -[**-V**] -[**-d**] -[*cache_name*\|\ *keytab_name*] - - -DESCRIPTION ------------ - -klist lists the Kerberos principal and Kerberos tickets held in a -credentials cache, or the keys held in a keytab file. - - -OPTIONS -------- - -**-e** - Displays the encryption types of the session key and the ticket - for each credential in the credential cache, or each key in the - keytab file. - -**-l** - If a cache collection is available, displays a table summarizing - the caches present in the collection. - -**-A** - If a cache collection is available, displays the contents of all - of the caches in the collection. - -**-c** - List tickets held in a credentials cache. This is the default if - neither **-c** nor **-k** is specified. - -**-f** - Shows the flags present in the credentials, using the following - abbreviations:: - - F Forwardable - f forwarded - P Proxiable - p proxy - D postDateable - d postdated - R Renewable - I Initial - i invalid - H Hardware authenticated - A preAuthenticated - T Transit policy checked - O Okay as delegate - a anonymous - -**-s** - Causes klist to run silently (produce no output). klist will exit - with status 1 if the credentials cache cannot be read or is - expired, and with status 0 otherwise. - -**-a** - Display list of addresses in credentials. - -**-n** - Show numeric addresses instead of reverse-resolving addresses. - -**-C** - List configuration data that has been stored in the credentials - cache when klist encounters it. By default, configuration data - is not listed. - -**-k** - List keys held in a keytab file. - -**-i** - In combination with **-k**, defaults to using the default client - keytab instead of the default acceptor keytab, if no name is - given. - -**-t** - Display the time entry timestamps for each keytab entry in the - keytab file. - -**-K** - Display the value of the encryption key in each keytab entry in - the keytab file. - -**-d** - Display the authdata types (if any) for each entry. - -**-V** - Display the Kerberos version number and exit. - -If *cache_name* or *keytab_name* is not specified, klist will display -the credentials in the default credentials cache or keytab file as -appropriate. If the **KRB5CCNAME** environment variable is set, its -value is used to locate the default ticket cache. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -FILES ------ - -|ccache| - Default location of Kerberos 5 credentials cache - -|keytab| - Default location for the local host's keytab file. - - -SEE ALSO --------- - -:ref:`kinit(1)`, :ref:`kdestroy(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/user/user_commands/kpasswd.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_commands/kpasswd.rst.txt deleted file mode 100644 index 0583bbd0..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_commands/kpasswd.rst.txt +++ /dev/null @@ -1,46 +0,0 @@ -.. _kpasswd(1): - -kpasswd -======= - -SYNOPSIS --------- - -**kpasswd** [*principal*] - - -DESCRIPTION ------------ - -The kpasswd command is used to change a Kerberos principal's password. -kpasswd first prompts for the current Kerberos password, then prompts -the user twice for the new password, and the password is changed. - -If the principal is governed by a policy that specifies the length -and/or number of character classes required in the new password, the -new password must conform to the policy. (The five character classes -are lower case, upper case, numbers, punctuation, and all other -characters.) - - -OPTIONS -------- - -*principal* - Change the password for the Kerberos principal principal. - Otherwise, kpasswd uses the principal name from an existing ccache - if there is one; if not, the principal is derived from the - identity of the user invoking the kpasswd command. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`kadmind(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/user/user_commands/krb5-config.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_commands/krb5-config.rst.txt deleted file mode 100644 index 2c09141a..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_commands/krb5-config.rst.txt +++ /dev/null @@ -1,83 +0,0 @@ -.. _krb5-config(1): - -krb5-config -=========== - -SYNOPSIS --------- - -**krb5-config** -[**-**\ **-help** | **-**\ **-all** | **-**\ **-version** | **-**\ **-vendor** | **-**\ **-prefix** | **-**\ **-exec-prefix** | **-**\ **-defccname** | **-**\ **-defktname** | **-**\ **-defcktname** | **-**\ **-cflags** | **-**\ **-libs** [*libraries*]] - - -DESCRIPTION ------------ - -krb5-config tells the application programmer what flags to use to compile -and link programs against the installed Kerberos libraries. - - -OPTIONS -------- - -**-**\ **-help** - prints a usage message. This is the default behavior when no options - are specified. - -**-**\ **-all** - prints the version, vendor, prefix, and exec-prefix. - -**-**\ **-version** - prints the version number of the Kerberos installation. - -**-**\ **-vendor** - prints the name of the vendor of the Kerberos installation. - -**-**\ **-prefix** - prints the prefix for which the Kerberos installation was built. - -**-**\ **-exec-prefix** - prints the prefix for executables for which the Kerberos installation - was built. - -**-**\ **-defccname** - prints the built-in default credentials cache location. - -**-**\ **-defktname** - prints the built-in default keytab location. - -**-**\ **-defcktname** - prints the built-in default client (initiator) keytab location. - -**-**\ **-cflags** - prints the compilation flags used to build the Kerberos installation. - -**-**\ **-libs** [*library*] - prints the compiler options needed to link against *library*. - Allowed values for *library* are: - - ============ =============================================== - krb5 Kerberos 5 applications (default) - gssapi GSSAPI applications with Kerberos 5 bindings - kadm-client Kadmin client - kadm-server Kadmin server - kdb Applications that access the Kerberos database - ============ =============================================== - -EXAMPLES --------- - -krb5-config is particularly useful for compiling against a Kerberos -installation that was installed in a non-standard location. For example, -a Kerberos installation that is installed in ``/opt/krb5/`` but uses -libraries in ``/usr/local/lib/`` for text localization would produce -the following output:: - - shell% krb5-config --libs krb5 - -L/opt/krb5/lib -Wl,-rpath -Wl,/opt/krb5/lib -L/usr/local/lib -lkrb5 -lk5crypto -lcom_err - - -SEE ALSO --------- - -:ref:`kerberos(7)`, cc(1) diff --git a/krb5-1.21.3/doc/html/_sources/user/user_commands/ksu.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_commands/ksu.rst.txt deleted file mode 100644 index 93373822..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_commands/ksu.rst.txt +++ /dev/null @@ -1,411 +0,0 @@ -.. _ksu(1): - -ksu -=== - -SYNOPSIS --------- - -**ksu** -[ *target_user* ] -[ **-n** *target_principal_name* ] -[ **-c** *source_cache_name* ] -[ **-k** ] -[ **-r** time ] -[ **-p** | **-P**] -[ **-f** | **-F**] -[ **-l** *lifetime* ] -[ **-z | Z** ] -[ **-q** ] -[ **-e** *command* [ args ... ] ] [ **-a** [ args ... ] ] - - -REQUIREMENTS ------------- - -Must have Kerberos version 5 installed to compile ksu. Must have a -Kerberos version 5 server running to use ksu. - - -DESCRIPTION ------------ - -ksu is a Kerberized version of the su program that has two missions: -one is to securely change the real and effective user ID to that of -the target user, and the other is to create a new security context. - -.. note:: - - For the sake of clarity, all references to and attributes of - the user invoking the program will start with "source" - (e.g., "source user", "source cache", etc.). - - Likewise, all references to and attributes of the target - account will start with "target". - -AUTHENTICATION --------------- - -To fulfill the first mission, ksu operates in two phases: -authentication and authorization. Resolving the target principal name -is the first step in authentication. The user can either specify his -principal name with the **-n** option (e.g., ``-n jqpublic@USC.EDU``) -or a default principal name will be assigned using a heuristic -described in the OPTIONS section (see **-n** option). The target user -name must be the first argument to ksu; if not specified root is the -default. If ``.`` is specified then the target user will be the -source user (e.g., ``ksu .``). If the source user is root or the -target user is the source user, no authentication or authorization -takes place. Otherwise, ksu looks for an appropriate Kerberos ticket -in the source cache. - -The ticket can either be for the end-server or a ticket granting -ticket (TGT) for the target principal's realm. If the ticket for the -end-server is already in the cache, it's decrypted and verified. If -it's not in the cache but the TGT is, the TGT is used to obtain the -ticket for the end-server. The end-server ticket is then verified. -If neither ticket is in the cache, but ksu is compiled with the -**GET_TGT_VIA_PASSWD** define, the user will be prompted for a -Kerberos password which will then be used to get a TGT. If the user -is logged in remotely and does not have a secure channel, the password -may be exposed. If neither ticket is in the cache and -**GET_TGT_VIA_PASSWD** is not defined, authentication fails. - - -AUTHORIZATION -------------- - -This section describes authorization of the source user when ksu is -invoked without the **-e** option. For a description of the **-e** -option, see the OPTIONS section. - -Upon successful authentication, ksu checks whether the target -principal is authorized to access the target account. In the target -user's home directory, ksu attempts to access two authorization files: -:ref:`.k5login(5)` and .k5users. In the .k5login file each line -contains the name of a principal that is authorized to access the -account. - -For example:: - - jqpublic@USC.EDU - jqpublic/secure@USC.EDU - jqpublic/admin@USC.EDU - -The format of .k5users is the same, except the principal name may be -followed by a list of commands that the principal is authorized to -execute (see the **-e** option in the OPTIONS section for details). - -Thus if the target principal name is found in the .k5login file the -source user is authorized to access the target account. Otherwise ksu -looks in the .k5users file. If the target principal name is found -without any trailing commands or followed only by ``*`` then the -source user is authorized. If either .k5login or .k5users exist but -an appropriate entry for the target principal does not exist then -access is denied. If neither file exists then the principal will be -granted access to the account according to the aname->lname mapping -rules. Otherwise, authorization fails. - - -EXECUTION OF THE TARGET SHELL ------------------------------ - -Upon successful authentication and authorization, ksu proceeds in a -similar fashion to su. The environment is unmodified with the -exception of USER, HOME and SHELL variables. If the target user is -not root, USER gets set to the target user name. Otherwise USER -remains unchanged. Both HOME and SHELL are set to the target login's -default values. In addition, the environment variable **KRB5CCNAME** -gets set to the name of the target cache. The real and effective user -ID are changed to that of the target user. The target user's shell is -then invoked (the shell name is specified in the password file). Upon -termination of the shell, ksu deletes the target cache (unless ksu is -invoked with the **-k** option). This is implemented by first doing a -fork and then an exec, instead of just exec, as done by su. - - -CREATING A NEW SECURITY CONTEXT -------------------------------- - -ksu can be used to create a new security context for the target -program (either the target shell, or command specified via the **-e** -option). The target program inherits a set of credentials from the -source user. By default, this set includes all of the credentials in -the source cache plus any additional credentials obtained during -authentication. The source user is able to limit the credentials in -this set by using **-z** or **-Z** option. **-z** restricts the copy -of tickets from the source cache to the target cache to only the -tickets where client == the target principal name. The **-Z** option -provides the target user with a fresh target cache (no creds in the -cache). Note that for security reasons, when the source user is root -and target user is non-root, **-z** option is the default mode of -operation. - -While no authentication takes place if the source user is root or is -the same as the target user, additional tickets can still be obtained -for the target cache. If **-n** is specified and no credentials can -be copied to the target cache, the source user is prompted for a -Kerberos password (unless **-Z** specified or **GET_TGT_VIA_PASSWD** -is undefined). If successful, a TGT is obtained from the Kerberos -server and stored in the target cache. Otherwise, if a password is -not provided (user hit return) ksu continues in a normal mode of -operation (the target cache will not contain the desired TGT). If the -wrong password is typed in, ksu fails. - -.. note:: - - During authentication, only the tickets that could be - obtained without providing a password are cached in the - source cache. - - -OPTIONS -------- - -**-n** *target_principal_name* - Specify a Kerberos target principal name. Used in authentication - and authorization phases of ksu. - - If ksu is invoked without **-n**, a default principal name is - assigned via the following heuristic: - - * Case 1: source user is non-root. - - If the target user is the source user the default principal name - is set to the default principal of the source cache. If the - cache does not exist then the default principal name is set to - ``target_user@local_realm``. If the source and target users are - different and neither ``~target_user/.k5users`` nor - ``~target_user/.k5login`` exist then the default principal name - is ``target_user_login_name@local_realm``. Otherwise, starting - with the first principal listed below, ksu checks if the - principal is authorized to access the target account and whether - there is a legitimate ticket for that principal in the source - cache. If both conditions are met that principal becomes the - default target principal, otherwise go to the next principal. - - a) default principal of the source cache - b) target_user\@local_realm - c) source_user\@local_realm - - If a-c fails try any principal for which there is a ticket in - the source cache and that is authorized to access the target - account. If that fails select the first principal that is - authorized to access the target account from the above list. If - none are authorized and ksu is configured with - **PRINC_LOOK_AHEAD** turned on, select the default principal as - follows: - - For each candidate in the above list, select an authorized - principal that has the same realm name and first part of the - principal name equal to the prefix of the candidate. For - example if candidate a) is ``jqpublic@ISI.EDU`` and - ``jqpublic/secure@ISI.EDU`` is authorized to access the target - account then the default principal is set to - ``jqpublic/secure@ISI.EDU``. - - * Case 2: source user is root. - - If the target user is non-root then the default principal name - is ``target_user@local_realm``. Else, if the source cache - exists the default principal name is set to the default - principal of the source cache. If the source cache does not - exist, default principal name is set to ``root\@local_realm``. - -**-c** *source_cache_name* - - Specify source cache name (e.g., ``-c FILE:/tmp/my_cache``). If - **-c** option is not used then the name is obtained from - **KRB5CCNAME** environment variable. If **KRB5CCNAME** is not - defined the source cache name is set to ``krb5cc_``. - The target cache name is automatically set to ``krb5cc_.(gen_sym())``, where gen_sym generates a new number such that - the resulting cache does not already exist. For example:: - - krb5cc_1984.2 - -**-k** - Do not delete the target cache upon termination of the target - shell or a command (**-e** command). Without **-k**, ksu deletes - the target cache. - -**-z** - Restrict the copy of tickets from the source cache to the target - cache to only the tickets where client == the target principal - name. Use the **-n** option if you want the tickets for other then - the default principal. Note that the **-z** option is mutually - exclusive with the **-Z** option. - -**-Z** - Don't copy any tickets from the source cache to the target cache. - Just create a fresh target cache, where the default principal name - of the cache is initialized to the target principal name. Note - that the **-Z** option is mutually exclusive with the **-z** - option. - -**-q** - Suppress the printing of status messages. - -Ticket granting ticket options: - -**-l** *lifetime* **-r** *time* **-p** **-P** **-f** **-F** - The ticket granting ticket options only apply to the case where - there are no appropriate tickets in the cache to authenticate the - source user. In this case if ksu is configured to prompt users - for a Kerberos password (**GET_TGT_VIA_PASSWD** is defined), the - ticket granting ticket options that are specified will be used - when getting a ticket granting ticket from the Kerberos server. - -**-l** *lifetime* - (:ref:`duration` string.) Specifies the lifetime to be requested - for the ticket; if this option is not specified, the default ticket - lifetime (12 hours) is used instead. - -**-r** *time* - (:ref:`duration` string.) Specifies that the **renewable** option - should be requested for the ticket, and specifies the desired - total lifetime of the ticket. - -**-p** - specifies that the **proxiable** option should be requested for - the ticket. - -**-P** - specifies that the **proxiable** option should not be requested - for the ticket, even if the default configuration is to ask for - proxiable tickets. - -**-f** - option specifies that the **forwardable** option should be - requested for the ticket. - -**-F** - option specifies that the **forwardable** option should not be - requested for the ticket, even if the default configuration is to - ask for forwardable tickets. - -**-e** *command* [*args* ...] - ksu proceeds exactly the same as if it was invoked without the - **-e** option, except instead of executing the target shell, ksu - executes the specified command. Example of usage:: - - ksu bob -e ls -lag - - The authorization algorithm for **-e** is as follows: - - If the source user is root or source user == target user, no - authorization takes place and the command is executed. If source - user id != 0, and ``~target_user/.k5users`` file does not exist, - authorization fails. Otherwise, ``~target_user/.k5users`` file - must have an appropriate entry for target principal to get - authorized. - - The .k5users file format: - - A single principal entry on each line that may be followed by a - list of commands that the principal is authorized to execute. A - principal name followed by a ``*`` means that the user is - authorized to execute any command. Thus, in the following - example:: - - jqpublic@USC.EDU ls mail /local/kerberos/klist - jqpublic/secure@USC.EDU * - jqpublic/admin@USC.EDU - - ``jqpublic@USC.EDU`` is only authorized to execute ``ls``, - ``mail`` and ``klist`` commands. ``jqpublic/secure@USC.EDU`` is - authorized to execute any command. ``jqpublic/admin@USC.EDU`` is - not authorized to execute any command. Note, that - ``jqpublic/admin@USC.EDU`` is authorized to execute the target - shell (regular ksu, without the **-e** option) but - ``jqpublic@USC.EDU`` is not. - - The commands listed after the principal name must be either a full - path names or just the program name. In the second case, - **CMD_PATH** specifying the location of authorized programs must - be defined at the compilation time of ksu. Which command gets - executed? - - If the source user is root or the target user is the source user - or the user is authorized to execute any command (``*`` entry) - then command can be either a full or a relative path leading to - the target program. Otherwise, the user must specify either a - full path or just the program name. - -**-a** *args* - Specify arguments to be passed to the target shell. Note that all - flags and parameters following -a will be passed to the shell, - thus all options intended for ksu must precede **-a**. - - The **-a** option can be used to simulate the **-e** option if - used as follows:: - - -a -c [command [arguments]]. - - **-c** is interpreted by the c-shell to execute the command. - - -INSTALLATION INSTRUCTIONS -------------------------- - -ksu can be compiled with the following four flags: - -**GET_TGT_VIA_PASSWD** - In case no appropriate tickets are found in the source cache, the - user will be prompted for a Kerberos password. The password is - then used to get a ticket granting ticket from the Kerberos - server. The danger of configuring ksu with this macro is if the - source user is logged in remotely and does not have a secure - channel, the password may get exposed. - -**PRINC_LOOK_AHEAD** - During the resolution of the default principal name, - **PRINC_LOOK_AHEAD** enables ksu to find principal names in - the .k5users file as described in the OPTIONS section - (see **-n** option). - -**CMD_PATH** - Specifies a list of directories containing programs that users are - authorized to execute (via .k5users file). - -**HAVE_GETUSERSHELL** - If the source user is non-root, ksu insists that the target user's - shell to be invoked is a "legal shell". *getusershell(3)* is - called to obtain the names of "legal shells". Note that the - target user's shell is obtained from the passwd file. - -Sample configuration:: - - KSU_OPTS = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin" - -ksu should be owned by root and have the set user id bit turned on. - -ksu attempts to get a ticket for the end server just as Kerberized -telnet and rlogin. Thus, there must be an entry for the server in the -Kerberos database (e.g., ``host/nii.isi.edu@ISI.EDU``). The keytab -file must be in an appropriate location. - - -SIDE EFFECTS ------------- - -ksu deletes all expired tickets from the source cache. - - -AUTHOR OF KSU -------------- - -GENNADY (ARI) MEDVINSKY - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kerberos(7)`, :ref:`kinit(1)` diff --git a/krb5-1.21.3/doc/html/_sources/user/user_commands/kswitch.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_commands/kswitch.rst.txt deleted file mode 100644 index 010332e6..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_commands/kswitch.rst.txt +++ /dev/null @@ -1,50 +0,0 @@ -.. _kswitch(1): - -kswitch -======= - -SYNOPSIS --------- - -**kswitch** -{**-c** *cachename*\|\ **-p** *principal*} - - -DESCRIPTION ------------ - -kswitch makes the specified credential cache the primary cache for the -collection, if a cache collection is available. - - -OPTIONS -------- - -**-c** *cachename* - Directly specifies the credential cache to be made primary. - -**-p** *principal* - Causes the cache collection to be searched for a cache containing - credentials for *principal*. If one is found, that collection is - made primary. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -FILES ------ - -|ccache| - Default location of Kerberos 5 credentials cache - - -SEE ALSO --------- - -:ref:`kinit(1)`, :ref:`kdestroy(1)`, :ref:`klist(1)`, -:ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/user/user_commands/kvno.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_commands/kvno.rst.txt deleted file mode 100644 index 970fbb47..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_commands/kvno.rst.txt +++ /dev/null @@ -1,119 +0,0 @@ -.. _kvno(1): - -kvno -==== - -SYNOPSIS --------- - -**kvno** -[**-c** *ccache*] -[**-e** *etype*] -[**-k** *keytab*] -[**-q**] -[**-u** | **-S** *sname*] -[**-P**] -[**--cached-only**] -[**--no-store**] -[**--out-cache** *cache*] -[[{**-F** *cert_file* | {**-I** | **-U**} *for_user*} [**-P**]] | **--u2u** *ccache*] -*service1 service2* ... - - -DESCRIPTION ------------ - -kvno acquires a service ticket for the specified Kerberos principals -and prints out the key version numbers of each. - - -OPTIONS -------- - -**-c** *ccache* - Specifies the name of a credentials cache to use (if not the - default) - -**-e** *etype* - Specifies the enctype which will be requested for the session key - of all the services named on the command line. This is useful in - certain backward compatibility situations. - -**-k** *keytab* - Decrypt the acquired tickets using *keytab* to confirm their - validity. - -**-q** - Suppress printing output when successful. If a service ticket - cannot be obtained, an error message will still be printed and - kvno will exit with nonzero status. - -**-u** - Use the unknown name type in requested service principal names. - This option Cannot be used with *-S*. - -**-P** - Specifies that the *service1 service2* ... arguments are to be - treated as services for which credentials should be acquired using - constrained delegation. This option is only valid when used in - conjunction with protocol transition. - -**-S** *sname* - Specifies that the *service1 service2* ... arguments are - interpreted as hostnames, and the service principals are to be - constructed from those hostnames and the service name *sname*. - The service hostnames will be canonicalized according to the usual - rules for constructing service principals. - -**-I** *for_user* - Specifies that protocol transition (S4U2Self) is to be used to - acquire a ticket on behalf of *for_user*. If constrained - delegation is not requested, the service name must match the - credentials cache client principal. - -**-U** *for_user* - Same as -I, but treats *for_user* as an enterprise name. - -**-F** *cert_file* - Specifies that protocol transition is to be used, identifying the - client principal with the X.509 certificate in *cert_file*. The - certificate file must be in PEM format. - -**--cached-only** - Only retrieve credentials already present in the cache, not from - the KDC. (Added in release 1.19.) - -**--no-store** - Do not store retrieved credentials in the cache. If - **--out-cache** is also specified, credentials will still be - stored into the output credential cache. (Added in release 1.19.) - -**--out-cache** *ccache* - Initialize *ccache* and store all retrieved credentials into it. - Do not store acquired credentials in the input cache. (Added in - release 1.19.) - -**--u2u** *ccache* - Requests a user-to-user ticket. *ccache* must contain a local - krbtgt ticket for the server principal. The reported version - number will typically be 0, as the resulting ticket is not - encrypted in the server's long-term key. - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -FILES ------ - -|ccache| - Default location of the credentials cache - - -SEE ALSO --------- - -:ref:`kinit(1)`, :ref:`kdestroy(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/user/user_commands/sclient.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_commands/sclient.rst.txt deleted file mode 100644 index 1e3d38f8..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_commands/sclient.rst.txt +++ /dev/null @@ -1,30 +0,0 @@ -.. _sclient(1): - -sclient -======= - -SYNOPSIS --------- - -**sclient** *remotehost* - - -DESCRIPTION ------------ - -sclient is a sample application, primarily useful for testing -purposes. It contacts a sample server :ref:`sserver(8)` and -authenticates to it using Kerberos version 5 tickets, then displays -the server's response. - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kinit(1)`, :ref:`sserver(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/html/_sources/user/user_config/index.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_config/index.rst.txt deleted file mode 100644 index ad0dc1a7..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_config/index.rst.txt +++ /dev/null @@ -1,13 +0,0 @@ -User config files -================= - -The following files in your home directory can be used to control the -behavior of Kerberos as it applies to your account (unless they have -been disabled by your host's configuration): - -.. toctree:: - :maxdepth: 1 - - kerberos.rst - k5login.rst - k5identity.rst diff --git a/krb5-1.21.3/doc/html/_sources/user/user_config/k5identity.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_config/k5identity.rst.txt deleted file mode 100644 index cf5d95e5..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_config/k5identity.rst.txt +++ /dev/null @@ -1,64 +0,0 @@ -.. _.k5identity(5): - -.k5identity -=========== - -DESCRIPTION ------------ - -The .k5identity file, which resides in a user's home directory, -contains a list of rules for selecting a client principals based on -the server being accessed. These rules are used to choose a -credential cache within the cache collection when possible. - -Blank lines and lines beginning with ``#`` are ignored. Each line has -the form: - - *principal* *field*\=\ *value* ... - -If the server principal meets all of the field constraints, then -principal is chosen as the client principal. The following fields are -recognized: - -**realm** - If the realm of the server principal is known, it is matched - against *value*, which may be a pattern using shell wildcards. - For host-based server principals, the realm will generally only be - known if there is a :ref:`domain_realm` section in - :ref:`krb5.conf(5)` with a mapping for the hostname. - -**service** - If the server principal is a host-based principal, its service - component is matched against *value*, which may be a pattern using - shell wildcards. - -**host** - If the server principal is a host-based principal, its hostname - component is converted to lower case and matched against *value*, - which may be a pattern using shell wildcards. - - If the server principal matches the constraints of multiple lines - in the .k5identity file, the principal from the first matching - line is used. If no line matches, credentials will be selected - some other way, such as the realm heuristic or the current primary - cache. - - -EXAMPLE -------- - -The following example .k5identity file selects the client principal -``alice@KRBTEST.COM`` if the server principal is within that realm, -the principal ``alice/root@EXAMPLE.COM`` if the server host is within -a servers subdomain, and the principal ``alice/mail@EXAMPLE.COM`` when -accessing the IMAP service on ``mail.example.com``:: - - alice@KRBTEST.COM realm=KRBTEST.COM - alice/root@EXAMPLE.COM host=*.servers.example.com - alice/mail@EXAMPLE.COM host=mail.example.com service=imap - - -SEE ALSO --------- - -kerberos(1), :ref:`krb5.conf(5)` diff --git a/krb5-1.21.3/doc/html/_sources/user/user_config/k5login.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_config/k5login.rst.txt deleted file mode 100644 index 8a9753da..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_config/k5login.rst.txt +++ /dev/null @@ -1,54 +0,0 @@ -.. _.k5login(5): - -.k5login -======== - -DESCRIPTION ------------ - -The .k5login file, which resides in a user's home directory, contains -a list of the Kerberos principals. Anyone with valid tickets for a -principal in the file is allowed host access with the UID of the user -in whose home directory the file resides. One common use is to place -a .k5login file in root's home directory, thereby granting system -administrators remote root access to the host via Kerberos. - - -EXAMPLES --------- - -Suppose the user ``alice`` had a .k5login file in her home directory -containing just the following line:: - - bob@FOOBAR.ORG - -This would allow ``bob`` to use Kerberos network applications, such as -ssh(1), to access ``alice``'s account, using ``bob``'s Kerberos -tickets. In a default configuration (with **k5login_authoritative** set -to true in :ref:`krb5.conf(5)`), this .k5login file would not let -``alice`` use those network applications to access her account, since -she is not listed! With no .k5login file, or with **k5login_authoritative** -set to false, a default rule would permit the principal ``alice`` in the -machine's default realm to access the ``alice`` account. - -Let us further suppose that ``alice`` is a system administrator. -Alice and the other system administrators would have their principals -in root's .k5login file on each host:: - - alice@BLEEP.COM - - joeadmin/root@BLEEP.COM - -This would allow either system administrator to log in to these hosts -using their Kerberos tickets instead of having to type the root -password. Note that because ``bob`` retains the Kerberos tickets for -his own principal, ``bob@FOOBAR.ORG``, he would not have any of the -privileges that require ``alice``'s tickets, such as root access to -any of the site's hosts, or the ability to change ``alice``'s -password. - - -SEE ALSO --------- - -kerberos(1) diff --git a/krb5-1.21.3/doc/html/_sources/user/user_config/kerberos.rst.txt b/krb5-1.21.3/doc/html/_sources/user/user_config/kerberos.rst.txt deleted file mode 100644 index 1830447a..00000000 --- a/krb5-1.21.3/doc/html/_sources/user/user_config/kerberos.rst.txt +++ /dev/null @@ -1,185 +0,0 @@ -.. _kerberos(7): - -kerberos -======== - -DESCRIPTION ------------ - -The Kerberos system authenticates individual users in a network -environment. After authenticating yourself to Kerberos, you can use -Kerberos-enabled programs without having to present passwords or -certificates to those programs. - -If you receive the following response from :ref:`kinit(1)`: - -kinit: Client not found in Kerberos database while getting initial -credentials - -you haven't been registered as a Kerberos user. See your system -administrator. - -A Kerberos name usually contains three parts. The first is the -**primary**, which is usually a user's or service's name. The second -is the **instance**, which in the case of a user is usually null. -Some users may have privileged instances, however, such as ``root`` or -``admin``. In the case of a service, the instance is the fully -qualified name of the machine on which it runs; i.e. there can be an -ssh service running on the machine ABC (ssh/ABC@REALM), which is -different from the ssh service running on the machine XYZ -(ssh/XYZ@REALM). The third part of a Kerberos name is the **realm**. -The realm corresponds to the Kerberos service providing authentication -for the principal. Realms are conventionally all-uppercase, and often -match the end of hostnames in the realm (for instance, host01.example.com -might be in realm EXAMPLE.COM). - -When writing a Kerberos name, the principal name is separated from the -instance (if not null) by a slash, and the realm (if not the local -realm) follows, preceded by an "@" sign. The following are examples -of valid Kerberos names:: - - david - jennifer/admin - joeuser@BLEEP.COM - cbrown/root@FUBAR.ORG - -When you authenticate yourself with Kerberos you get an initial -Kerberos **ticket**. (A Kerberos ticket is an encrypted protocol -message that provides authentication.) Kerberos uses this ticket for -network utilities such as ssh. The ticket transactions are done -transparently, so you don't have to worry about their management. - -Note, however, that tickets expire. Administrators may configure more -privileged tickets, such as those with service or instance of ``root`` -or ``admin``, to expire in a few minutes, while tickets that carry -more ordinary privileges may be good for several hours or a day. If -your login session extends beyond the time limit, you will have to -re-authenticate yourself to Kerberos to get new tickets using the -:ref:`kinit(1)` command. - -Some tickets are **renewable** beyond their initial lifetime. This -means that ``kinit -R`` can extend their lifetime without requiring -you to re-authenticate. - -If you wish to delete your local tickets, use the :ref:`kdestroy(1)` -command. - -Kerberos tickets can be forwarded. In order to forward tickets, you -must request **forwardable** tickets when you kinit. Once you have -forwardable tickets, most Kerberos programs have a command line option -to forward them to the remote host. This can be useful for, e.g., -running kinit on your local machine and then sshing into another to do -work. Note that this should not be done on untrusted machines since -they will then have your tickets. - -ENVIRONMENT VARIABLES ---------------------- - -Several environment variables affect the operation of Kerberos-enabled -programs. These include: - -**KRB5CCNAME** - Default name for the credentials cache file, in the form - *TYPE*:*residual*. The type of the default cache may determine - the availability of a cache collection. ``FILE`` is not a - collection type; ``KEYRING``, ``DIR``, and ``KCM`` are. - - If not set, the value of **default_ccache_name** from - configuration files (see **KRB5_CONFIG**) will be used. If that - is also not set, the default *type* is ``FILE``, and the - *residual* is the path /tmp/krb5cc_*uid*, where *uid* is the - decimal user ID of the user. - -**KRB5_KTNAME** - Specifies the location of the default keytab file, in the form - *TYPE*:*residual*. If no *type* is present, the **FILE** type is - assumed and *residual* is the pathname of the keytab file. If - unset, |keytab| will be used. - -**KRB5_CONFIG** - Specifies the location of the Kerberos configuration file. The - default is |sysconfdir|\ ``/krb5.conf``. Multiple filenames can - be specified, separated by a colon; all files which are present - will be read. - -**KRB5_KDC_PROFILE** - Specifies the location of the KDC configuration file, which - contains additional configuration directives for the Key - Distribution Center daemon and associated programs. The default - is |kdcdir|\ ``/kdc.conf``. - -**KRB5RCACHENAME** - (New in release 1.18) Specifies the location of the default replay - cache, in the form *type*:*residual*. The ``file2`` type with a - pathname residual specifies a replay cache file in the version-2 - format in the specified location. The ``none`` type (residual is - ignored) disables the replay cache. The ``dfl`` type (residual is - ignored) indicates the default, which uses a file2 replay cache in - a temporary directory. The default is ``dfl:``. - -**KRB5RCACHETYPE** - Specifies the type of the default replay cache, if - **KRB5RCACHENAME** is unspecified. No residual can be specified, - so ``none`` and ``dfl`` are the only useful types. - -**KRB5RCACHEDIR** - Specifies the directory used by the ``dfl`` replay cache type. - The default is the value of the **TMPDIR** environment variable, - or ``/var/tmp`` if **TMPDIR** is not set. - -**KRB5_TRACE** - Specifies a filename to write trace log output to. Trace logs can - help illuminate decisions made internally by the Kerberos - libraries. For example, ``env KRB5_TRACE=/dev/stderr kinit`` - would send tracing information for :ref:`kinit(1)` to - ``/dev/stderr``. The default is not to write trace log output - anywhere. - -**KRB5_CLIENT_KTNAME** - Default client keytab file name. If unset, |ckeytab| will be - used). - -**KPROP_PORT** - :ref:`kprop(8)` port to use. Defaults to 754. - -**GSS_MECH_CONFIG** - Specifies a filename containing GSSAPI mechanism module - configuration. The default is to read |sysconfdir|\ ``/gss/mech`` - and files with a ``.conf`` suffix within the directory - |sysconfdir|\ ``/gss/mech.d``. - -Most environment variables are disabled for certain programs, such as -login system programs and setuid programs, which are designed to be -secure when run within an untrusted process environment. - -SEE ALSO --------- - -:ref:`kdestroy(1)`, :ref:`kinit(1)`, :ref:`klist(1)`, -:ref:`kswitch(1)`, :ref:`kpasswd(1)`, :ref:`ksu(1)`, -:ref:`krb5.conf(5)`, :ref:`kdc.conf(5)`, :ref:`kadmin(1)`, -:ref:`kadmind(8)`, :ref:`kdb5_util(8)`, :ref:`krb5kdc(8)` - -BUGS ----- - -AUTHORS -------- - -| Steve Miller, MIT Project Athena/Digital Equipment Corporation -| Clifford Neuman, MIT Project Athena -| Greg Hudson, MIT Kerberos Consortium -| Robbie Harwood, Red Hat, Inc. - -HISTORY -------- - -The MIT Kerberos 5 implementation was developed at MIT, with -contributions from many outside parties. It is currently maintained -by the MIT Kerberos Consortium. - -RESTRICTIONS ------------- - -Copyright 1985, 1986, 1989-1996, 2002, 2011, 2018 Masachusetts -Institute of Technology diff --git a/krb5-1.21.3/doc/html/_static/agogo.css b/krb5-1.21.3/doc/html/_static/agogo.css deleted file mode 100644 index f13ad80b..00000000 --- a/krb5-1.21.3/doc/html/_static/agogo.css +++ /dev/null @@ -1,538 +0,0 @@ -/* - * agogo.css_t - * ~~~~~~~~~~~ - * - * Sphinx stylesheet -- agogo theme. - * - * :copyright: Copyright 2007-2021 by the Sphinx team, see AUTHORS. - * :license: BSD, see LICENSE for details. - * - */ - -* { - margin: 0px; - padding: 0px; -} - -body { - font-family: "Verdana", Arial, sans-serif; - line-height: 1.4em; - color: black; - background-color: #5d1509; -} - - -/* Page layout */ - -div.header, div.content, div.footer { - width: auto; - margin-left: auto; - margin-right: auto; -} - -div.header-wrapper { - background: #555573 url(bgtop.png) top left repeat-x; - border-bottom: 3px solid #2e3436; -} - - -/* Default body styles */ -a { - color: #881f0d; -} - -div.bodywrapper a, div.footer a { - text-decoration: underline; -} - -.clearer { - clear: both; -} - -.left { - float: left; -} - -.right { - float: right; -} - -.line-block { - display: block; - margin-top: 1em; - margin-bottom: 1em; -} - -.line-block .line-block { - margin-top: 0; - margin-bottom: 0; - margin-left: 1.5em; -} - -h1, h2, h3, h4 { - font-family: "Georgia", "Times New Roman", serif; - font-weight: normal; - color: #3465a4; - margin-bottom: .8em; -} - -h1 { - color: #204a87; -} - -h2 { - padding-bottom: .5em; - border-bottom: 1px solid #3465a4; -} - -a.headerlink { - visibility: hidden; - color: #dddddd; - padding-left: .3em; -} - -h1:hover > a.headerlink, -h2:hover > a.headerlink, -h3:hover > a.headerlink, -h4:hover > a.headerlink, -h5:hover > a.headerlink, -h6:hover > a.headerlink, -dt:hover > a.headerlink, -caption:hover > a.headerlink, -p.caption:hover > a.headerlink, -div.code-block-caption:hover > a.headerlink { - visibility: visible; -} - -img { - border: 0; -} - -div.admonition { - margin-top: 10px; - margin-bottom: 10px; - padding: 2px 7px 1px 7px; - border-left: 0.2em solid black; -} - -p.admonition-title { - margin: 0px 10px 5px 0px; - font-weight: bold; -} - -dt:target, .highlighted { - background-color: #fbe54e; -} - -/* Header */ - -div.header { - padding-top: 10px; - padding-bottom: 10px; -} - -div.header .headertitle { - font-family: "Georgia", "Times New Roman", serif; - font-weight: normal; - font-size: 180%; - letter-spacing: .08em; - margin-bottom: .8em; -} - -div.header .headertitle a { - color: white; -} - -div.header div.rel { - margin-top: 1em; -} - -div.header div.rel a { - color: #fcaf3e; - letter-spacing: .1em; - text-transform: uppercase; -} - -p.logo { - float: right; -} - -img.logo { - border: 0; -} - - -/* Content */ -div.content-wrapper { - background-color: white; - padding-top: 20px; - padding-bottom: 20px; -} - -div.document { - width: 80%; - float: left; -} - -div.body { - padding-right: 2em; - text-align: justify; -} - -div.document h1 { - line-height: 120%; -} - -div.document ul { - margin: 1.5em; - list-style-type: square; -} - -div.document dd { - margin-left: 1.2em; - margin-top: .4em; - margin-bottom: 1em; -} - -div.document .section { - margin-top: 1.7em; -} -div.document .section:first-child { - margin-top: 0px; -} - -div.document div.highlight { - padding: 3px; - border-top: 2px solid #dddddd; - border-bottom: 2px solid #dddddd; - margin-top: .8em; - margin-bottom: .8em; -} - -div.document div.literal-block-wrapper { - margin-top: .8em; - margin-bottom: .8em; -} - -div.document div.literal-block-wrapper div.highlight { - margin: 0; -} - -div.document div.code-block-caption span.caption-number { - padding: 0.1em 0.3em; - font-style: italic; -} - -div.document div.code-block-caption span.caption-text { -} - -div.document h2 { - margin-top: .7em; -} - -div.document p { - margin-bottom: .5em; -} - -div.document li.toctree-l1 { - margin-bottom: 1em; -} - -div.document .descname { - font-weight: bold; -} - -div.document .sig-paren { - font-size: larger; -} - -div.document .docutils.literal { - background-color: #eeeeec; - padding: 1px; -} - -div.document .docutils.xref.literal { - background-color: transparent; - padding: 0px; -} - -div.document blockquote { - margin: 1em; -} - -div.document ol { - margin: 1.5em; -} - - -/* Sidebar */ - -div.sidebar { - width: 20%; - float: right; - font-size: .9em; -} - -div.sidebar a, div.header a { - text-decoration: none; -} - -div.sidebar a:hover, div.header a:hover { - text-decoration: underline; -} - -div.sidebar h3 { - color: #2e3436; - text-transform: uppercase; - font-size: 130%; - letter-spacing: .1em; -} - -div.sidebar ul { - list-style-type: none; -} - -div.sidebar li.toctree-l1 a { - display: block; - padding: 1px; - border: 1px solid #dddddd; - background-color: #eeeeec; - margin-bottom: .4em; - padding-left: 3px; - color: #2e3436; -} - -div.sidebar li.toctree-l2 a { - background-color: transparent; - border: none; - margin-left: 1em; - border-bottom: 1px solid #dddddd; -} - -div.sidebar li.toctree-l3 a { - background-color: transparent; - border: none; - margin-left: 2em; - border-bottom: 1px solid #dddddd; -} - -div.sidebar li.toctree-l2:last-child a { - border-bottom: none; -} - -div.sidebar li.toctree-l1.current a { - border-right: 5px solid #fcaf3e; -} - -div.sidebar li.toctree-l1.current li.toctree-l2 a { - border-right: none; -} - -div.sidebar input[type="text"] { - width: 170px; -} - -div.sidebar input[type="submit"] { - width: 30px; -} - - -/* Footer */ - -div.footer-wrapper { - background: #5d1509; - border-top: 4px solid #babdb6; - padding-top: 10px; - padding-bottom: 10px; - min-height: 80px; -} - -div.footer, div.footer a { - color: #888a85; -} - -div.footer .right { - text-align: right; -} - -div.footer .left { - text-transform: uppercase; -} - - -/* Styles copied from basic theme */ - -img.align-left, figure.align-left, .figure.align-left, object.align-left { - clear: left; - float: left; - margin-right: 1em; -} - -img.align-right, figure.align-right, .figure.align-right, object.align-right { - clear: right; - float: right; - margin-left: 1em; -} - -img.align-center, figure.align-center, .figure.align-center, object.align-center { - display: block; - margin-left: auto; - margin-right: auto; -} - -img.align-default, figure.align-default, .figure.align-default { - display: block; - margin-left: auto; - margin-right: auto; -} - -.align-left { - text-align: left; -} - -.align-center { - text-align: center; -} - -.align-right { - text-align: right; -} - -table caption span.caption-number { - font-style: italic; -} - -table caption span.caption-text { -} - -div.figure p.caption span.caption-number, -figcaption span.caption-number { - font-style: italic; -} - -div.figure p.caption span.caption-text, -figcaption span.caption-text { -} - -/* -- search page ----------------------------------------------------------- */ - -ul.search { - margin: 10px 0 0 20px; - padding: 0; -} - -ul.search li { - padding: 5px 0 5px 20px; - background-image: url(file.png); - background-repeat: no-repeat; - background-position: 0 7px; -} - -ul.search li a { - font-weight: bold; -} - -ul.search li div.context { - color: #888; - margin: 2px 0 0 30px; - text-align: left; -} - -ul.keywordmatches li.goodmatch a { - font-weight: bold; -} - -/* -- index page ------------------------------------------------------------ */ - -table.contentstable { - width: 90%; -} - -table.contentstable p.biglink { - line-height: 150%; -} - -a.biglink { - font-size: 1.3em; -} - -span.linkdescr { - font-style: italic; - padding-top: 5px; - font-size: 90%; -} - -/* -- general index --------------------------------------------------------- */ - -table.indextable td { - text-align: left; - vertical-align: top; -} - -table.indextable ul { - margin-top: 0; - margin-bottom: 0; - list-style-type: none; -} - -table.indextable > tbody > tr > td > ul { - padding-left: 0em; -} - -table.indextable tr.pcap { - height: 10px; -} - -table.indextable tr.cap { - margin-top: 10px; - background-color: #f2f2f2; -} - -img.toggler { - margin-right: 3px; - margin-top: 3px; - cursor: pointer; -} - -/* -- domain module index --------------------------------------------------- */ - -table.modindextable td { - padding: 2px; - border-collapse: collapse; -} - -/* -- viewcode extension ---------------------------------------------------- */ - -.viewcode-link { - float: right; -} - -.viewcode-back { - float: right; - font-family:: "Verdana", Arial, sans-serif; -} - -div.viewcode-block:target { - margin: -1px -3px; - padding: 0 3px; - background-color: #f4debf; - border-top: 1px solid #ac9; - border-bottom: 1px solid #ac9; -} - -div.code-block-caption { - background-color: #ddd; - color: #333; - padding: 2px 5px; - font-size: small; -} - -/* -- math display ---------------------------------------------------------- */ - -div.body div.math p { - text-align: center; -} - -span.eqno { - float: right; -} \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/_static/basic.css b/krb5-1.21.3/doc/html/_static/basic.css deleted file mode 100644 index 5f55daeb..00000000 --- a/krb5-1.21.3/doc/html/_static/basic.css +++ /dev/null @@ -1,905 +0,0 @@ -/* - * basic.css - * ~~~~~~~~~ - * - * Sphinx stylesheet -- basic theme. - * - * :copyright: Copyright 2007-2021 by the Sphinx team, see AUTHORS. - * :license: BSD, see LICENSE for details. - * - */ - -/* -- main layout ----------------------------------------------------------- */ - -div.clearer { - clear: both; -} - -div.section::after { - display: block; - content: ''; - clear: left; -} - -/* -- relbar ---------------------------------------------------------------- */ - -div.related { - width: 100%; - font-size: 90%; -} - -div.related h3 { - display: none; -} - -div.related ul { - margin: 0; - padding: 0 0 0 10px; - list-style: none; -} - -div.related li { - display: inline; -} - -div.related li.right { - float: right; - margin-right: 5px; -} - -/* -- sidebar --------------------------------------------------------------- */ - -div.sphinxsidebarwrapper { - padding: 10px 5px 0 10px; -} - -div.sphinxsidebar { - float: left; - width: 20%; - margin-left: -100%; - font-size: 90%; - word-wrap: break-word; - overflow-wrap : break-word; -} - -div.sphinxsidebar ul { - list-style: none; -} - -div.sphinxsidebar ul ul, -div.sphinxsidebar ul.want-points { - margin-left: 20px; - list-style: square; -} - -div.sphinxsidebar ul ul { - margin-top: 0; - margin-bottom: 0; -} - -div.sphinxsidebar form { - margin-top: 10px; -} - -div.sphinxsidebar input { - border: 1px solid #98dbcc; - font-family: sans-serif; - font-size: 1em; -} - -div.sphinxsidebar #searchbox form.search { - overflow: hidden; -} - -div.sphinxsidebar #searchbox input[type="text"] { - float: left; - width: 80%; - padding: 0.25em; - box-sizing: border-box; -} - -div.sphinxsidebar #searchbox input[type="submit"] { - float: left; - width: 20%; - border-left: none; - padding: 0.25em; - box-sizing: border-box; -} - - -img { - border: 0; - max-width: 100%; -} - -/* -- search page ----------------------------------------------------------- */ - -ul.search { - margin: 10px 0 0 20px; - padding: 0; -} - -ul.search li { - padding: 5px 0 5px 20px; - background-image: url(file.png); - background-repeat: no-repeat; - background-position: 0 7px; -} - -ul.search li a { - font-weight: bold; -} - -ul.search li p.context { - color: #888; - margin: 2px 0 0 30px; - text-align: left; -} - -ul.keywordmatches li.goodmatch a { - font-weight: bold; -} - -/* -- index page ------------------------------------------------------------ */ - -table.contentstable { - width: 90%; - margin-left: auto; - margin-right: auto; -} - -table.contentstable p.biglink { - line-height: 150%; -} - -a.biglink { - font-size: 1.3em; -} - -span.linkdescr { - font-style: italic; - padding-top: 5px; - font-size: 90%; -} - -/* -- general index --------------------------------------------------------- */ - -table.indextable { - width: 100%; -} - -table.indextable td { - text-align: left; - vertical-align: top; -} - -table.indextable ul { - margin-top: 0; - margin-bottom: 0; - list-style-type: none; -} - -table.indextable > tbody > tr > td > ul { - padding-left: 0em; -} - -table.indextable tr.pcap { - height: 10px; -} - -table.indextable tr.cap { - margin-top: 10px; - background-color: #f2f2f2; -} - -img.toggler { - margin-right: 3px; - margin-top: 3px; - cursor: pointer; -} - -div.modindex-jumpbox { - border-top: 1px solid #ddd; - border-bottom: 1px solid #ddd; - margin: 1em 0 1em 0; - padding: 0.4em; -} - -div.genindex-jumpbox { - border-top: 1px solid #ddd; - border-bottom: 1px solid #ddd; - margin: 1em 0 1em 0; - padding: 0.4em; -} - -/* -- domain module index --------------------------------------------------- */ - -table.modindextable td { - padding: 2px; - border-collapse: collapse; -} - -/* -- general body styles --------------------------------------------------- */ - -div.body { - min-width: 450px; - max-width: 800px; -} - -div.body p, div.body dd, div.body li, div.body blockquote { - -moz-hyphens: auto; - -ms-hyphens: auto; - -webkit-hyphens: auto; - hyphens: auto; -} - -a.headerlink { - visibility: hidden; -} - -a.brackets:before, -span.brackets > a:before{ - content: "["; -} - -a.brackets:after, -span.brackets > a:after { - content: "]"; -} - -h1:hover > a.headerlink, -h2:hover > a.headerlink, -h3:hover > a.headerlink, -h4:hover > a.headerlink, -h5:hover > a.headerlink, -h6:hover > a.headerlink, -dt:hover > a.headerlink, -caption:hover > a.headerlink, -p.caption:hover > a.headerlink, -div.code-block-caption:hover > a.headerlink { - visibility: visible; -} - -div.body p.caption { - text-align: inherit; -} - -div.body td { - text-align: left; -} - -.first { - margin-top: 0 !important; -} - -p.rubric { - margin-top: 30px; - font-weight: bold; -} - -img.align-left, figure.align-left, .figure.align-left, object.align-left { - clear: left; - float: left; - margin-right: 1em; -} - -img.align-right, figure.align-right, .figure.align-right, object.align-right { - clear: right; - float: right; - margin-left: 1em; -} - -img.align-center, figure.align-center, .figure.align-center, object.align-center { - display: block; - margin-left: auto; - margin-right: auto; -} - -img.align-default, figure.align-default, .figure.align-default { - display: block; - margin-left: auto; - margin-right: auto; -} - -.align-left { - text-align: left; -} - -.align-center { - text-align: center; -} - -.align-default { - text-align: center; -} - -.align-right { - text-align: right; -} - -/* -- sidebars -------------------------------------------------------------- */ - -div.sidebar, -aside.sidebar { - margin: 0 0 0.5em 1em; - border: 1px solid #ddb; - padding: 7px; - background-color: #ffe; - width: 40%; - float: right; - clear: right; - overflow-x: auto; -} - -p.sidebar-title { - font-weight: bold; -} - -div.admonition, div.topic, blockquote { - clear: left; -} - -/* -- topics ---------------------------------------------------------------- */ - -div.topic { - border: 1px solid #ccc; - padding: 7px; - margin: 10px 0 10px 0; -} - -p.topic-title { - font-size: 1.1em; - font-weight: bold; - margin-top: 10px; -} - -/* -- admonitions ----------------------------------------------------------- */ - -div.admonition { - margin-top: 10px; - margin-bottom: 10px; - padding: 7px; -} - -div.admonition dt { - font-weight: bold; -} - -p.admonition-title { - margin: 0px 10px 5px 0px; - font-weight: bold; -} - -div.body p.centered { - text-align: center; - margin-top: 25px; -} - -/* -- content of sidebars/topics/admonitions -------------------------------- */ - -div.sidebar > :last-child, -aside.sidebar > :last-child, -div.topic > :last-child, -div.admonition > :last-child { - margin-bottom: 0; -} - -div.sidebar::after, -aside.sidebar::after, -div.topic::after, -div.admonition::after, -blockquote::after { - display: block; - content: ''; - clear: both; -} - -/* -- tables ---------------------------------------------------------------- */ - -table.docutils { - margin-top: 10px; - margin-bottom: 10px; - border: 0; - border-collapse: collapse; -} - -table.align-center { - margin-left: auto; - margin-right: auto; -} - -table.align-default { - margin-left: auto; - margin-right: auto; -} - -table caption span.caption-number { - font-style: italic; -} - -table caption span.caption-text { -} - -table.docutils td, table.docutils th { - padding: 1px 8px 1px 5px; - border-top: 0; - border-left: 0; - border-right: 0; - border-bottom: 1px solid #aaa; -} - -table.footnote td, table.footnote th { - border: 0 !important; -} - -th { - text-align: left; - padding-right: 5px; -} - -table.citation { - border-left: solid 1px gray; - margin-left: 1px; -} - -table.citation td { - border-bottom: none; -} - -th > :first-child, -td > :first-child { - margin-top: 0px; -} - -th > :last-child, -td > :last-child { - margin-bottom: 0px; -} - -/* -- figures --------------------------------------------------------------- */ - -div.figure, figure { - margin: 0.5em; - padding: 0.5em; -} - -div.figure p.caption, figcaption { - padding: 0.3em; -} - -div.figure p.caption span.caption-number, -figcaption span.caption-number { - font-style: italic; -} - -div.figure p.caption span.caption-text, -figcaption span.caption-text { -} - -/* -- field list styles ----------------------------------------------------- */ - -table.field-list td, table.field-list th { - border: 0 !important; -} - -.field-list ul { - margin: 0; - padding-left: 1em; -} - -.field-list p { - margin: 0; -} - -.field-name { - -moz-hyphens: manual; - -ms-hyphens: manual; - -webkit-hyphens: manual; - hyphens: manual; -} - -/* -- hlist styles ---------------------------------------------------------- */ - -table.hlist { - margin: 1em 0; -} - -table.hlist td { - vertical-align: top; -} - -/* -- object description styles --------------------------------------------- */ - -.sig { - font-family: 'Consolas', 'Menlo', 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', monospace; -} - -.sig-name, code.descname { - background-color: transparent; - font-weight: bold; -} - -.sig-name { - font-size: 1.1em; -} - -code.descname { - font-size: 1.2em; -} - -.sig-prename, code.descclassname { - background-color: transparent; -} - -.optional { - font-size: 1.3em; -} - -.sig-paren { - font-size: larger; -} - -.sig-param.n { - font-style: italic; -} - -/* C++ specific styling */ - -.sig-inline.c-texpr, -.sig-inline.cpp-texpr { - font-family: unset; -} - -.sig.c .k, .sig.c .kt, -.sig.cpp .k, .sig.cpp .kt { - color: #0033B3; -} - -.sig.c .m, -.sig.cpp .m { - color: #1750EB; -} - -.sig.c .s, .sig.c .sc, -.sig.cpp .s, .sig.cpp .sc { - color: #067D17; -} - - -/* -- other body styles ----------------------------------------------------- */ - -ol.arabic { - list-style: decimal; -} - -ol.loweralpha { - list-style: lower-alpha; -} - -ol.upperalpha { - list-style: upper-alpha; -} - -ol.lowerroman { - list-style: lower-roman; -} - -ol.upperroman { - list-style: upper-roman; -} - -:not(li) > ol > li:first-child > :first-child, -:not(li) > ul > li:first-child > :first-child { - margin-top: 0px; -} - -:not(li) > ol > li:last-child > :last-child, -:not(li) > ul > li:last-child > :last-child { - margin-bottom: 0px; -} - -ol.simple ol p, -ol.simple ul p, -ul.simple ol p, -ul.simple ul p { - margin-top: 0; -} - -ol.simple > li:not(:first-child) > p, -ul.simple > li:not(:first-child) > p { - margin-top: 0; -} - -ol.simple p, -ul.simple p { - margin-bottom: 0; -} - -dl.footnote > dt, -dl.citation > dt { - float: left; - margin-right: 0.5em; -} - -dl.footnote > dd, -dl.citation > dd { - margin-bottom: 0em; -} - -dl.footnote > dd:after, -dl.citation > dd:after { - content: ""; - clear: both; -} - -dl.field-list { - display: grid; - grid-template-columns: fit-content(30%) auto; -} - -dl.field-list > dt { - font-weight: bold; - word-break: break-word; - padding-left: 0.5em; - padding-right: 5px; -} - -dl.field-list > dt:after { - content: ":"; -} - -dl.field-list > dd { - padding-left: 0.5em; - margin-top: 0em; - margin-left: 0em; - margin-bottom: 0em; -} - -dl { - margin-bottom: 15px; -} - -dd > :first-child { - margin-top: 0px; -} - -dd ul, dd table { - margin-bottom: 10px; -} - -dd { - margin-top: 3px; - margin-bottom: 10px; - margin-left: 30px; -} - -dl > dd:last-child, -dl > dd:last-child > :last-child { - margin-bottom: 0; -} - -dt:target, span.highlighted { - background-color: #fbe54e; -} - -rect.highlighted { - fill: #fbe54e; -} - -dl.glossary dt { - font-weight: bold; - font-size: 1.1em; -} - -.versionmodified { - font-style: italic; -} - -.system-message { - background-color: #fda; - padding: 5px; - border: 3px solid red; -} - -.footnote:target { - background-color: #ffa; -} - -.line-block { - display: block; - margin-top: 1em; - margin-bottom: 1em; -} - -.line-block .line-block { - margin-top: 0; - margin-bottom: 0; - margin-left: 1.5em; -} - -.guilabel, .menuselection { - font-family: sans-serif; -} - -.accelerator { - text-decoration: underline; -} - -.classifier { - font-style: oblique; -} - -.classifier:before { - font-style: normal; - margin: 0 0.5em; - content: ":"; - display: inline-block; -} - -abbr, acronym { - border-bottom: dotted 1px; - cursor: help; -} - -/* -- code displays --------------------------------------------------------- */ - -pre { - overflow: auto; - overflow-y: hidden; /* fixes display issues on Chrome browsers */ -} - -pre, div[class*="highlight-"] { - clear: both; -} - -span.pre { - -moz-hyphens: none; - -ms-hyphens: none; - -webkit-hyphens: none; - hyphens: none; -} - -div[class*="highlight-"] { - margin: 1em 0; -} - -td.linenos pre { - border: 0; - background-color: transparent; - color: #aaa; -} - -table.highlighttable { - display: block; -} - -table.highlighttable tbody { - display: block; -} - -table.highlighttable tr { - display: flex; -} - -table.highlighttable td { - margin: 0; - padding: 0; -} - -table.highlighttable td.linenos { - padding-right: 0.5em; -} - -table.highlighttable td.code { - flex: 1; - overflow: hidden; -} - -.highlight .hll { - display: block; -} - -div.highlight pre, -table.highlighttable pre { - margin: 0; -} - -div.code-block-caption + div { - margin-top: 0; -} - -div.code-block-caption { - margin-top: 1em; - padding: 2px 5px; - font-size: small; -} - -div.code-block-caption code { - background-color: transparent; -} - -table.highlighttable td.linenos, -span.linenos, -div.highlight span.gp { /* gp: Generic.Prompt */ - user-select: none; - -webkit-user-select: text; /* Safari fallback only */ - -webkit-user-select: none; /* Chrome/Safari */ - -moz-user-select: none; /* Firefox */ - -ms-user-select: none; /* IE10+ */ -} - -div.code-block-caption span.caption-number { - padding: 0.1em 0.3em; - font-style: italic; -} - -div.code-block-caption span.caption-text { -} - -div.literal-block-wrapper { - margin: 1em 0; -} - -code.xref, a code { - background-color: transparent; - font-weight: bold; -} - -h1 code, h2 code, h3 code, h4 code, h5 code, h6 code { - background-color: transparent; -} - -.viewcode-link { - float: right; -} - -.viewcode-back { - float: right; - font-family: sans-serif; -} - -div.viewcode-block:target { - margin: -1px -10px; - padding: 0 10px; -} - -/* -- math display ---------------------------------------------------------- */ - -img.math { - vertical-align: middle; -} - -div.body div.math p { - text-align: center; -} - -span.eqno { - float: right; -} - -span.eqno a.headerlink { - position: absolute; - z-index: 1; -} - -div.math:hover a.headerlink { - visibility: visible; -} - -/* -- printout stylesheet --------------------------------------------------- */ - -@media print { - div.document, - div.documentwrapper, - div.bodywrapper { - margin: 0 !important; - width: 100%; - } - - div.sphinxsidebar, - div.related, - div.footer, - #top-link { - display: none; - } -} \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/_static/bgfooter.png b/krb5-1.21.3/doc/html/_static/bgfooter.png deleted file mode 100644 index b7c7cadd4e6978aa7081fe672fcf5afc97516bda..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 276 zcmV+v0qg#WP)qvnR6EfsQ*t~7O=UY2%BZy- zs#7>Lw$#|1-#yb5jZ8}CcXenmE?Bb?+emvZy3eu4G&!aT9i`%Ot1U0%(#mRx?NNc)^t8TJHA0R4$Di^IIL4X9&MVm&N-9#bE;?}xqq}wTrc0WUU#YK z#2JfT+O{=ipwX3&j4H~AegD$wD(9Ee_Le?vx(rq^B%Dj?^+nzae0J!bK00|W&N)Yz aUi|<^NiO;Hz(H~V0000P0IhA`JcOe?|*M3M!YD+&^mI=Y=U~-8S>8l1XAJ*3?jZZ Q8UO$Q07*qoM6N<$f;!4|TmS$7 diff --git a/krb5-1.21.3/doc/html/_static/doctools.js b/krb5-1.21.3/doc/html/_static/doctools.js deleted file mode 100644 index 8cbf1b16..00000000 --- a/krb5-1.21.3/doc/html/_static/doctools.js +++ /dev/null @@ -1,323 +0,0 @@ -/* - * doctools.js - * ~~~~~~~~~~~ - * - * Sphinx JavaScript utilities for all documentation. - * - * :copyright: Copyright 2007-2021 by the Sphinx team, see AUTHORS. - * :license: BSD, see LICENSE for details. - * - */ - -/** - * select a different prefix for underscore - */ -$u = _.noConflict(); - -/** - * make the code below compatible with browsers without - * an installed firebug like debugger -if (!window.console || !console.firebug) { - var names = ["log", "debug", "info", "warn", "error", "assert", "dir", - "dirxml", "group", "groupEnd", "time", "timeEnd", "count", "trace", - "profile", "profileEnd"]; - window.console = {}; - for (var i = 0; i < names.length; ++i) - window.console[names[i]] = function() {}; -} - */ - -/** - * small helper function to urldecode strings - * - * See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent#Decoding_query_parameters_from_a_URL - */ -jQuery.urldecode = function(x) { - if (!x) { - return x - } - return decodeURIComponent(x.replace(/\+/g, ' ')); -}; - -/** - * small helper function to urlencode strings - */ -jQuery.urlencode = encodeURIComponent; - -/** - * This function returns the parsed url parameters of the - * current request. Multiple values per key are supported, - * it will always return arrays of strings for the value parts. - */ -jQuery.getQueryParameters = function(s) { - if (typeof s === 'undefined') - s = document.location.search; - var parts = s.substr(s.indexOf('?') + 1).split('&'); - var result = {}; - for (var i = 0; i < parts.length; i++) { - var tmp = parts[i].split('=', 2); - var key = jQuery.urldecode(tmp[0]); - var value = jQuery.urldecode(tmp[1]); - if (key in result) - result[key].push(value); - else - result[key] = [value]; - } - return result; -}; - -/** - * highlight a given string on a jquery object by wrapping it in - * span elements with the given class name. - */ -jQuery.fn.highlightText = function(text, className) { - function highlight(node, addItems) { - if (node.nodeType === 3) { - var val = node.nodeValue; - var pos = val.toLowerCase().indexOf(text); - if (pos >= 0 && - !jQuery(node.parentNode).hasClass(className) && - !jQuery(node.parentNode).hasClass("nohighlight")) { - var span; - var isInSVG = jQuery(node).closest("body, svg, foreignObject").is("svg"); - if (isInSVG) { - span = document.createElementNS("http://www.w3.org/2000/svg", "tspan"); - } else { - span = document.createElement("span"); - span.className = className; - } - span.appendChild(document.createTextNode(val.substr(pos, text.length))); - node.parentNode.insertBefore(span, node.parentNode.insertBefore( - document.createTextNode(val.substr(pos + text.length)), - node.nextSibling)); - node.nodeValue = val.substr(0, pos); - if (isInSVG) { - var rect = document.createElementNS("http://www.w3.org/2000/svg", "rect"); - var bbox = node.parentElement.getBBox(); - rect.x.baseVal.value = bbox.x; - rect.y.baseVal.value = bbox.y; - rect.width.baseVal.value = bbox.width; - rect.height.baseVal.value = bbox.height; - rect.setAttribute('class', className); - addItems.push({ - "parent": node.parentNode, - "target": rect}); - } - } - } - else if (!jQuery(node).is("button, select, textarea")) { - jQuery.each(node.childNodes, function() { - highlight(this, addItems); - }); - } - } - var addItems = []; - var result = this.each(function() { - highlight(this, addItems); - }); - for (var i = 0; i < addItems.length; ++i) { - jQuery(addItems[i].parent).before(addItems[i].target); - } - return result; -}; - -/* - * backward compatibility for jQuery.browser - * This will be supported until firefox bug is fixed. - */ -if (!jQuery.browser) { - jQuery.uaMatch = function(ua) { - ua = ua.toLowerCase(); - - var match = /(chrome)[ \/]([\w.]+)/.exec(ua) || - /(webkit)[ \/]([\w.]+)/.exec(ua) || - /(opera)(?:.*version|)[ \/]([\w.]+)/.exec(ua) || - /(msie) ([\w.]+)/.exec(ua) || - ua.indexOf("compatible") < 0 && /(mozilla)(?:.*? rv:([\w.]+)|)/.exec(ua) || - []; - - return { - browser: match[ 1 ] || "", - version: match[ 2 ] || "0" - }; - }; - jQuery.browser = {}; - jQuery.browser[jQuery.uaMatch(navigator.userAgent).browser] = true; -} - -/** - * Small JavaScript module for the documentation. - */ -var Documentation = { - - init : function() { - this.fixFirefoxAnchorBug(); - this.highlightSearchWords(); - this.initIndexTable(); - if (DOCUMENTATION_OPTIONS.NAVIGATION_WITH_KEYS) { - this.initOnKeyListeners(); - } - }, - - /** - * i18n support - */ - TRANSLATIONS : {}, - PLURAL_EXPR : function(n) { return n === 1 ? 0 : 1; }, - LOCALE : 'unknown', - - // gettext and ngettext don't access this so that the functions - // can safely bound to a different name (_ = Documentation.gettext) - gettext : function(string) { - var translated = Documentation.TRANSLATIONS[string]; - if (typeof translated === 'undefined') - return string; - return (typeof translated === 'string') ? translated : translated[0]; - }, - - ngettext : function(singular, plural, n) { - var translated = Documentation.TRANSLATIONS[singular]; - if (typeof translated === 'undefined') - return (n == 1) ? singular : plural; - return translated[Documentation.PLURALEXPR(n)]; - }, - - addTranslations : function(catalog) { - for (var key in catalog.messages) - this.TRANSLATIONS[key] = catalog.messages[key]; - this.PLURAL_EXPR = new Function('n', 'return +(' + catalog.plural_expr + ')'); - this.LOCALE = catalog.locale; - }, - - /** - * add context elements like header anchor links - */ - addContextElements : function() { - $('div[id] > :header:first').each(function() { - $('\u00B6'). - attr('href', '#' + this.id). - attr('title', _('Permalink to this headline')). - appendTo(this); - }); - $('dt[id]').each(function() { - $('\u00B6'). - attr('href', '#' + this.id). - attr('title', _('Permalink to this definition')). - appendTo(this); - }); - }, - - /** - * workaround a firefox stupidity - * see: https://bugzilla.mozilla.org/show_bug.cgi?id=645075 - */ - fixFirefoxAnchorBug : function() { - if (document.location.hash && $.browser.mozilla) - window.setTimeout(function() { - document.location.href += ''; - }, 10); - }, - - /** - * highlight the search words provided in the url in the text - */ - highlightSearchWords : function() { - var params = $.getQueryParameters(); - var terms = (params.highlight) ? params.highlight[0].split(/\s+/) : []; - if (terms.length) { - var body = $('div.body'); - if (!body.length) { - body = $('body'); - } - window.setTimeout(function() { - $.each(terms, function() { - body.highlightText(this.toLowerCase(), 'highlighted'); - }); - }, 10); - $('') - .appendTo($('#searchbox')); - } - }, - - /** - * init the domain index toggle buttons - */ - initIndexTable : function() { - var togglers = $('img.toggler').click(function() { - var src = $(this).attr('src'); - var idnum = $(this).attr('id').substr(7); - $('tr.cg-' + idnum).toggle(); - if (src.substr(-9) === 'minus.png') - $(this).attr('src', src.substr(0, src.length-9) + 'plus.png'); - else - $(this).attr('src', src.substr(0, src.length-8) + 'minus.png'); - }).css('display', ''); - if (DOCUMENTATION_OPTIONS.COLLAPSE_INDEX) { - togglers.click(); - } - }, - - /** - * helper function to hide the search marks again - */ - hideSearchWords : function() { - $('#searchbox .highlight-link').fadeOut(300); - $('span.highlighted').removeClass('highlighted'); - }, - - /** - * make the url absolute - */ - makeURL : function(relativeURL) { - return DOCUMENTATION_OPTIONS.URL_ROOT + '/' + relativeURL; - }, - - /** - * get the current relative url - */ - getCurrentURL : function() { - var path = document.location.pathname; - var parts = path.split(/\//); - $.each(DOCUMENTATION_OPTIONS.URL_ROOT.split(/\//), function() { - if (this === '..') - parts.pop(); - }); - var url = parts.join('/'); - return path.substring(url.lastIndexOf('/') + 1, path.length - 1); - }, - - initOnKeyListeners: function() { - $(document).keydown(function(event) { - var activeElementType = document.activeElement.tagName; - // don't navigate when in search box, textarea, dropdown or button - if (activeElementType !== 'TEXTAREA' && activeElementType !== 'INPUT' && activeElementType !== 'SELECT' - && activeElementType !== 'BUTTON' && !event.altKey && !event.ctrlKey && !event.metaKey - && !event.shiftKey) { - switch (event.keyCode) { - case 37: // left - var prevHref = $('link[rel="prev"]').prop('href'); - if (prevHref) { - window.location.href = prevHref; - return false; - } - break; - case 39: // right - var nextHref = $('link[rel="next"]').prop('href'); - if (nextHref) { - window.location.href = nextHref; - return false; - } - break; - } - } - }); - } -}; - -// quick alias for translations -_ = Documentation.gettext; - -$(document).ready(function() { - Documentation.init(); -}); diff --git a/krb5-1.21.3/doc/html/_static/documentation_options.js b/krb5-1.21.3/doc/html/_static/documentation_options.js deleted file mode 100644 index f212ba68..00000000 --- a/krb5-1.21.3/doc/html/_static/documentation_options.js +++ /dev/null @@ -1,12 +0,0 @@ -var DOCUMENTATION_OPTIONS = { - URL_ROOT: document.getElementById("documentation_options").getAttribute('data-url_root'), - VERSION: '1.21.3', - LANGUAGE: 'None', - COLLAPSE_INDEX: false, - BUILDER: 'html', - FILE_SUFFIX: '.html', - LINK_SUFFIX: '.html', - HAS_SOURCE: true, - SOURCELINK_SUFFIX: '.txt', - NAVIGATION_WITH_KEYS: false -}; \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/_static/file.png b/krb5-1.21.3/doc/html/_static/file.png deleted file mode 100644 index a858a410e4faa62ce324d814e4b816fff83a6fb3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 286 zcmV+(0pb3MP)s`hMrGg#P~ix$^RISR_I47Y|r1 z_CyJOe}D1){SET-^Amu_i71Lt6eYfZjRyw@I6OQAIXXHDfiX^GbOlHe=Ae4>0m)d(f|Me07*qoM6N<$f}vM^LjV8( diff --git a/krb5-1.21.3/doc/html/_static/jquery.js b/krb5-1.21.3/doc/html/_static/jquery.js deleted file mode 100644 index 624bca82..00000000 --- a/krb5-1.21.3/doc/html/_static/jquery.js +++ /dev/null @@ -1,10879 +0,0 @@ -/*! - * jQuery JavaScript Library v3.6.0 - * https://jquery.com/ - * - * Includes Sizzle.js - * https://sizzlejs.com/ - * - * Copyright OpenJS Foundation and other contributors - * Released under the MIT license - * https://jquery.org/license - */ -( function( global, factory ) { - - "use strict"; - - if ( typeof module === "object" && typeof module.exports === "object" ) { - - // For CommonJS and CommonJS-like environments where a proper `window` - // is present, execute the factory and get jQuery. - // For environments that do not have a `window` with a `document` - // (such as Node.js), expose a factory as module.exports. - // This accentuates the need for the creation of a real `window`. - // e.g. var jQuery = require("jquery")(window); - // See ticket #14549 for more info. - module.exports = global.document ? - factory( global, true ) : - function( w ) { - if ( !w.document ) { - throw new Error( "jQuery requires a window with a document" ); - } - return factory( w ); - }; - } else { - factory( global ); - } - -// Pass this if window is not defined yet -} )( typeof window !== "undefined" ? window : this, function( window, noGlobal ) { - -// Edge <= 12 - 13+, Firefox <=18 - 45+, IE 10 - 11, Safari 5.1 - 9+, iOS 6 - 9.1 -// throw exceptions when non-strict code (e.g., ASP.NET 4.5) accesses strict mode -// arguments.callee.caller (trac-13335). But as of jQuery 3.0 (2016), strict mode should be common -// enough that all such attempts are guarded in a try block. -"use strict"; - -var arr = []; - -var getProto = Object.getPrototypeOf; - -var slice = arr.slice; - -var flat = arr.flat ? function( array ) { - return arr.flat.call( array ); -} : function( array ) { - return arr.concat.apply( [], array ); -}; - - -var push = arr.push; - -var indexOf = arr.indexOf; - -var class2type = {}; - -var toString = class2type.toString; - -var hasOwn = class2type.hasOwnProperty; - -var fnToString = hasOwn.toString; - -var ObjectFunctionString = fnToString.call( Object ); - -var support = {}; - -var isFunction = function isFunction( obj ) { - - // Support: Chrome <=57, Firefox <=52 - // In some browsers, typeof returns "function" for HTML elements - // (i.e., `typeof document.createElement( "object" ) === "function"`). - // We don't want to classify *any* DOM node as a function. - // Support: QtWeb <=3.8.5, WebKit <=534.34, wkhtmltopdf tool <=0.12.5 - // Plus for old WebKit, typeof returns "function" for HTML collections - // (e.g., `typeof document.getElementsByTagName("div") === "function"`). (gh-4756) - return typeof obj === "function" && typeof obj.nodeType !== "number" && - typeof obj.item !== "function"; - }; - - -var isWindow = function isWindow( obj ) { - return obj != null && obj === obj.window; - }; - - -var document = window.document; - - - - var preservedScriptAttributes = { - type: true, - src: true, - nonce: true, - noModule: true - }; - - function DOMEval( code, node, doc ) { - doc = doc || document; - - var i, val, - script = doc.createElement( "script" ); - - script.text = code; - if ( node ) { - for ( i in preservedScriptAttributes ) { - - // Support: Firefox 64+, Edge 18+ - // Some browsers don't support the "nonce" property on scripts. - // On the other hand, just using `getAttribute` is not enough as - // the `nonce` attribute is reset to an empty string whenever it - // becomes browsing-context connected. - // See https://github.com/whatwg/html/issues/2369 - // See https://html.spec.whatwg.org/#nonce-attributes - // The `node.getAttribute` check was added for the sake of - // `jQuery.globalEval` so that it can fake a nonce-containing node - // via an object. - val = node[ i ] || node.getAttribute && node.getAttribute( i ); - if ( val ) { - script.setAttribute( i, val ); - } - } - } - doc.head.appendChild( script ).parentNode.removeChild( script ); - } - - -function toType( obj ) { - if ( obj == null ) { - return obj + ""; - } - - // Support: Android <=2.3 only (functionish RegExp) - return typeof obj === "object" || typeof obj === "function" ? - class2type[ toString.call( obj ) ] || "object" : - typeof obj; -} -/* global Symbol */ -// Defining this global in .eslintrc.json would create a danger of using the global -// unguarded in another place, it seems safer to define global only for this module - - - -var - version = "3.6.0", - - // Define a local copy of jQuery - jQuery = function( selector, context ) { - - // The jQuery object is actually just the init constructor 'enhanced' - // Need init if jQuery is called (just allow error to be thrown if not included) - return new jQuery.fn.init( selector, context ); - }; - -jQuery.fn = jQuery.prototype = { - - // The current version of jQuery being used - jquery: version, - - constructor: jQuery, - - // The default length of a jQuery object is 0 - length: 0, - - toArray: function() { - return slice.call( this ); - }, - - // Get the Nth element in the matched element set OR - // Get the whole matched element set as a clean array - get: function( num ) { - - // Return all the elements in a clean array - if ( num == null ) { - return slice.call( this ); - } - - // Return just the one element from the set - return num < 0 ? this[ num + this.length ] : this[ num ]; - }, - - // Take an array of elements and push it onto the stack - // (returning the new matched element set) - pushStack: function( elems ) { - - // Build a new jQuery matched element set - var ret = jQuery.merge( this.constructor(), elems ); - - // Add the old object onto the stack (as a reference) - ret.prevObject = this; - - // Return the newly-formed element set - return ret; - }, - - // Execute a callback for every element in the matched set. - each: function( callback ) { - return jQuery.each( this, callback ); - }, - - map: function( callback ) { - return this.pushStack( jQuery.map( this, function( elem, i ) { - return callback.call( elem, i, elem ); - } ) ); - }, - - slice: function() { - return this.pushStack( slice.apply( this, arguments ) ); - }, - - first: function() { - return this.eq( 0 ); - }, - - last: function() { - return this.eq( -1 ); - }, - - even: function() { - return this.pushStack( jQuery.grep( this, function( _elem, i ) { - return ( i + 1 ) % 2; - } ) ); - }, - - odd: function() { - return this.pushStack( jQuery.grep( this, function( _elem, i ) { - return i % 2; - } ) ); - }, - - eq: function( i ) { - var len = this.length, - j = +i + ( i < 0 ? len : 0 ); - return this.pushStack( j >= 0 && j < len ? [ this[ j ] ] : [] ); - }, - - end: function() { - return this.prevObject || this.constructor(); - }, - - // For internal use only. - // Behaves like an Array's method, not like a jQuery method. - push: push, - sort: arr.sort, - splice: arr.splice -}; - -jQuery.extend = jQuery.fn.extend = function() { - var options, name, src, copy, copyIsArray, clone, - target = arguments[ 0 ] || {}, - i = 1, - length = arguments.length, - deep = false; - - // Handle a deep copy situation - if ( typeof target === "boolean" ) { - deep = target; - - // Skip the boolean and the target - target = arguments[ i ] || {}; - i++; - } - - // Handle case when target is a string or something (possible in deep copy) - if ( typeof target !== "object" && !isFunction( target ) ) { - target = {}; - } - - // Extend jQuery itself if only one argument is passed - if ( i === length ) { - target = this; - i--; - } - - for ( ; i < length; i++ ) { - - // Only deal with non-null/undefined values - if ( ( options = arguments[ i ] ) != null ) { - - // Extend the base object - for ( name in options ) { - copy = options[ name ]; - - // Prevent Object.prototype pollution - // Prevent never-ending loop - if ( name === "__proto__" || target === copy ) { - continue; - } - - // Recurse if we're merging plain objects or arrays - if ( deep && copy && ( jQuery.isPlainObject( copy ) || - ( copyIsArray = Array.isArray( copy ) ) ) ) { - src = target[ name ]; - - // Ensure proper type for the source value - if ( copyIsArray && !Array.isArray( src ) ) { - clone = []; - } else if ( !copyIsArray && !jQuery.isPlainObject( src ) ) { - clone = {}; - } else { - clone = src; - } - copyIsArray = false; - - // Never move original objects, clone them - target[ name ] = jQuery.extend( deep, clone, copy ); - - // Don't bring in undefined values - } else if ( copy !== undefined ) { - target[ name ] = copy; - } - } - } - } - - // Return the modified object - return target; -}; - -jQuery.extend( { - - // Unique for each copy of jQuery on the page - expando: "jQuery" + ( version + Math.random() ).replace( /\D/g, "" ), - - // Assume jQuery is ready without the ready module - isReady: true, - - error: function( msg ) { - throw new Error( msg ); - }, - - noop: function() {}, - - isPlainObject: function( obj ) { - var proto, Ctor; - - // Detect obvious negatives - // Use toString instead of jQuery.type to catch host objects - if ( !obj || toString.call( obj ) !== "[object Object]" ) { - return false; - } - - proto = getProto( obj ); - - // Objects with no prototype (e.g., `Object.create( null )`) are plain - if ( !proto ) { - return true; - } - - // Objects with prototype are plain iff they were constructed by a global Object function - Ctor = hasOwn.call( proto, "constructor" ) && proto.constructor; - return typeof Ctor === "function" && fnToString.call( Ctor ) === ObjectFunctionString; - }, - - isEmptyObject: function( obj ) { - var name; - - for ( name in obj ) { - return false; - } - return true; - }, - - // Evaluates a script in a provided context; falls back to the global one - // if not specified. - globalEval: function( code, options, doc ) { - DOMEval( code, { nonce: options && options.nonce }, doc ); - }, - - each: function( obj, callback ) { - var length, i = 0; - - if ( isArrayLike( obj ) ) { - length = obj.length; - for ( ; i < length; i++ ) { - if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { - break; - } - } - } else { - for ( i in obj ) { - if ( callback.call( obj[ i ], i, obj[ i ] ) === false ) { - break; - } - } - } - - return obj; - }, - - // results is for internal usage only - makeArray: function( arr, results ) { - var ret = results || []; - - if ( arr != null ) { - if ( isArrayLike( Object( arr ) ) ) { - jQuery.merge( ret, - typeof arr === "string" ? - [ arr ] : arr - ); - } else { - push.call( ret, arr ); - } - } - - return ret; - }, - - inArray: function( elem, arr, i ) { - return arr == null ? -1 : indexOf.call( arr, elem, i ); - }, - - // Support: Android <=4.0 only, PhantomJS 1 only - // push.apply(_, arraylike) throws on ancient WebKit - merge: function( first, second ) { - var len = +second.length, - j = 0, - i = first.length; - - for ( ; j < len; j++ ) { - first[ i++ ] = second[ j ]; - } - - first.length = i; - - return first; - }, - - grep: function( elems, callback, invert ) { - var callbackInverse, - matches = [], - i = 0, - length = elems.length, - callbackExpect = !invert; - - // Go through the array, only saving the items - // that pass the validator function - for ( ; i < length; i++ ) { - callbackInverse = !callback( elems[ i ], i ); - if ( callbackInverse !== callbackExpect ) { - matches.push( elems[ i ] ); - } - } - - return matches; - }, - - // arg is for internal usage only - map: function( elems, callback, arg ) { - var length, value, - i = 0, - ret = []; - - // Go through the array, translating each of the items to their new values - if ( isArrayLike( elems ) ) { - length = elems.length; - for ( ; i < length; i++ ) { - value = callback( elems[ i ], i, arg ); - - if ( value != null ) { - ret.push( value ); - } - } - - // Go through every key on the object, - } else { - for ( i in elems ) { - value = callback( elems[ i ], i, arg ); - - if ( value != null ) { - ret.push( value ); - } - } - } - - // Flatten any nested arrays - return flat( ret ); - }, - - // A global GUID counter for objects - guid: 1, - - // jQuery.support is not used in Core but other projects attach their - // properties to it so it needs to exist. - support: support -} ); - -if ( typeof Symbol === "function" ) { - jQuery.fn[ Symbol.iterator ] = arr[ Symbol.iterator ]; -} - -// Populate the class2type map -jQuery.each( "Boolean Number String Function Array Date RegExp Object Error Symbol".split( " " ), - function( _i, name ) { - class2type[ "[object " + name + "]" ] = name.toLowerCase(); - } ); - -function isArrayLike( obj ) { - - // Support: real iOS 8.2 only (not reproducible in simulator) - // `in` check used to prevent JIT error (gh-2145) - // hasOwn isn't used here due to false negatives - // regarding Nodelist length in IE - var length = !!obj && "length" in obj && obj.length, - type = toType( obj ); - - if ( isFunction( obj ) || isWindow( obj ) ) { - return false; - } - - return type === "array" || length === 0 || - typeof length === "number" && length > 0 && ( length - 1 ) in obj; -} -var Sizzle = -/*! - * Sizzle CSS Selector Engine v2.3.6 - * https://sizzlejs.com/ - * - * Copyright JS Foundation and other contributors - * Released under the MIT license - * https://js.foundation/ - * - * Date: 2021-02-16 - */ -( function( window ) { -var i, - support, - Expr, - getText, - isXML, - tokenize, - compile, - select, - outermostContext, - sortInput, - hasDuplicate, - - // Local document vars - setDocument, - document, - docElem, - documentIsHTML, - rbuggyQSA, - rbuggyMatches, - matches, - contains, - - // Instance-specific data - expando = "sizzle" + 1 * new Date(), - preferredDoc = window.document, - dirruns = 0, - done = 0, - classCache = createCache(), - tokenCache = createCache(), - compilerCache = createCache(), - nonnativeSelectorCache = createCache(), - sortOrder = function( a, b ) { - if ( a === b ) { - hasDuplicate = true; - } - return 0; - }, - - // Instance methods - hasOwn = ( {} ).hasOwnProperty, - arr = [], - pop = arr.pop, - pushNative = arr.push, - push = arr.push, - slice = arr.slice, - - // Use a stripped-down indexOf as it's faster than native - // https://jsperf.com/thor-indexof-vs-for/5 - indexOf = function( list, elem ) { - var i = 0, - len = list.length; - for ( ; i < len; i++ ) { - if ( list[ i ] === elem ) { - return i; - } - } - return -1; - }, - - booleans = "checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|" + - "ismap|loop|multiple|open|readonly|required|scoped", - - // Regular expressions - - // http://www.w3.org/TR/css3-selectors/#whitespace - whitespace = "[\\x20\\t\\r\\n\\f]", - - // https://www.w3.org/TR/css-syntax-3/#ident-token-diagram - identifier = "(?:\\\\[\\da-fA-F]{1,6}" + whitespace + - "?|\\\\[^\\r\\n\\f]|[\\w-]|[^\0-\\x7f])+", - - // Attribute selectors: http://www.w3.org/TR/selectors/#attribute-selectors - attributes = "\\[" + whitespace + "*(" + identifier + ")(?:" + whitespace + - - // Operator (capture 2) - "*([*^$|!~]?=)" + whitespace + - - // "Attribute values must be CSS identifiers [capture 5] - // or strings [capture 3 or capture 4]" - "*(?:'((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\"|(" + identifier + "))|)" + - whitespace + "*\\]", - - pseudos = ":(" + identifier + ")(?:\\((" + - - // To reduce the number of selectors needing tokenize in the preFilter, prefer arguments: - // 1. quoted (capture 3; capture 4 or capture 5) - "('((?:\\\\.|[^\\\\'])*)'|\"((?:\\\\.|[^\\\\\"])*)\")|" + - - // 2. simple (capture 6) - "((?:\\\\.|[^\\\\()[\\]]|" + attributes + ")*)|" + - - // 3. anything else (capture 2) - ".*" + - ")\\)|)", - - // Leading and non-escaped trailing whitespace, capturing some non-whitespace characters preceding the latter - rwhitespace = new RegExp( whitespace + "+", "g" ), - rtrim = new RegExp( "^" + whitespace + "+|((?:^|[^\\\\])(?:\\\\.)*)" + - whitespace + "+$", "g" ), - - rcomma = new RegExp( "^" + whitespace + "*," + whitespace + "*" ), - rcombinators = new RegExp( "^" + whitespace + "*([>+~]|" + whitespace + ")" + whitespace + - "*" ), - rdescend = new RegExp( whitespace + "|>" ), - - rpseudo = new RegExp( pseudos ), - ridentifier = new RegExp( "^" + identifier + "$" ), - - matchExpr = { - "ID": new RegExp( "^#(" + identifier + ")" ), - "CLASS": new RegExp( "^\\.(" + identifier + ")" ), - "TAG": new RegExp( "^(" + identifier + "|[*])" ), - "ATTR": new RegExp( "^" + attributes ), - "PSEUDO": new RegExp( "^" + pseudos ), - "CHILD": new RegExp( "^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" + - whitespace + "*(even|odd|(([+-]|)(\\d*)n|)" + whitespace + "*(?:([+-]|)" + - whitespace + "*(\\d+)|))" + whitespace + "*\\)|)", "i" ), - "bool": new RegExp( "^(?:" + booleans + ")$", "i" ), - - // For use in libraries implementing .is() - // We use this for POS matching in `select` - "needsContext": new RegExp( "^" + whitespace + - "*[>+~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" + whitespace + - "*((?:-\\d)?\\d*)" + whitespace + "*\\)|)(?=[^-]|$)", "i" ) - }, - - rhtml = /HTML$/i, - rinputs = /^(?:input|select|textarea|button)$/i, - rheader = /^h\d$/i, - - rnative = /^[^{]+\{\s*\[native \w/, - - // Easily-parseable/retrievable ID or TAG or CLASS selectors - rquickExpr = /^(?:#([\w-]+)|(\w+)|\.([\w-]+))$/, - - rsibling = /[+~]/, - - // CSS escapes - // http://www.w3.org/TR/CSS21/syndata.html#escaped-characters - runescape = new RegExp( "\\\\[\\da-fA-F]{1,6}" + whitespace + "?|\\\\([^\\r\\n\\f])", "g" ), - funescape = function( escape, nonHex ) { - var high = "0x" + escape.slice( 1 ) - 0x10000; - - return nonHex ? - - // Strip the backslash prefix from a non-hex escape sequence - nonHex : - - // Replace a hexadecimal escape sequence with the encoded Unicode code point - // Support: IE <=11+ - // For values outside the Basic Multilingual Plane (BMP), manually construct a - // surrogate pair - high < 0 ? - String.fromCharCode( high + 0x10000 ) : - String.fromCharCode( high >> 10 | 0xD800, high & 0x3FF | 0xDC00 ); - }, - - // CSS string/identifier serialization - // https://drafts.csswg.org/cssom/#common-serializing-idioms - rcssescape = /([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\x7f-\uFFFF\w-]/g, - fcssescape = function( ch, asCodePoint ) { - if ( asCodePoint ) { - - // U+0000 NULL becomes U+FFFD REPLACEMENT CHARACTER - if ( ch === "\0" ) { - return "\uFFFD"; - } - - // Control characters and (dependent upon position) numbers get escaped as code points - return ch.slice( 0, -1 ) + "\\" + - ch.charCodeAt( ch.length - 1 ).toString( 16 ) + " "; - } - - // Other potentially-special ASCII characters get backslash-escaped - return "\\" + ch; - }, - - // Used for iframes - // See setDocument() - // Removing the function wrapper causes a "Permission Denied" - // error in IE - unloadHandler = function() { - setDocument(); - }, - - inDisabledFieldset = addCombinator( - function( elem ) { - return elem.disabled === true && elem.nodeName.toLowerCase() === "fieldset"; - }, - { dir: "parentNode", next: "legend" } - ); - -// Optimize for push.apply( _, NodeList ) -try { - push.apply( - ( arr = slice.call( preferredDoc.childNodes ) ), - preferredDoc.childNodes - ); - - // Support: Android<4.0 - // Detect silently failing push.apply - // eslint-disable-next-line no-unused-expressions - arr[ preferredDoc.childNodes.length ].nodeType; -} catch ( e ) { - push = { apply: arr.length ? - - // Leverage slice if possible - function( target, els ) { - pushNative.apply( target, slice.call( els ) ); - } : - - // Support: IE<9 - // Otherwise append directly - function( target, els ) { - var j = target.length, - i = 0; - - // Can't trust NodeList.length - while ( ( target[ j++ ] = els[ i++ ] ) ) {} - target.length = j - 1; - } - }; -} - -function Sizzle( selector, context, results, seed ) { - var m, i, elem, nid, match, groups, newSelector, - newContext = context && context.ownerDocument, - - // nodeType defaults to 9, since context defaults to document - nodeType = context ? context.nodeType : 9; - - results = results || []; - - // Return early from calls with invalid selector or context - if ( typeof selector !== "string" || !selector || - nodeType !== 1 && nodeType !== 9 && nodeType !== 11 ) { - - return results; - } - - // Try to shortcut find operations (as opposed to filters) in HTML documents - if ( !seed ) { - setDocument( context ); - context = context || document; - - if ( documentIsHTML ) { - - // If the selector is sufficiently simple, try using a "get*By*" DOM method - // (excepting DocumentFragment context, where the methods don't exist) - if ( nodeType !== 11 && ( match = rquickExpr.exec( selector ) ) ) { - - // ID selector - if ( ( m = match[ 1 ] ) ) { - - // Document context - if ( nodeType === 9 ) { - if ( ( elem = context.getElementById( m ) ) ) { - - // Support: IE, Opera, Webkit - // TODO: identify versions - // getElementById can match elements by name instead of ID - if ( elem.id === m ) { - results.push( elem ); - return results; - } - } else { - return results; - } - - // Element context - } else { - - // Support: IE, Opera, Webkit - // TODO: identify versions - // getElementById can match elements by name instead of ID - if ( newContext && ( elem = newContext.getElementById( m ) ) && - contains( context, elem ) && - elem.id === m ) { - - results.push( elem ); - return results; - } - } - - // Type selector - } else if ( match[ 2 ] ) { - push.apply( results, context.getElementsByTagName( selector ) ); - return results; - - // Class selector - } else if ( ( m = match[ 3 ] ) && support.getElementsByClassName && - context.getElementsByClassName ) { - - push.apply( results, context.getElementsByClassName( m ) ); - return results; - } - } - - // Take advantage of querySelectorAll - if ( support.qsa && - !nonnativeSelectorCache[ selector + " " ] && - ( !rbuggyQSA || !rbuggyQSA.test( selector ) ) && - - // Support: IE 8 only - // Exclude object elements - ( nodeType !== 1 || context.nodeName.toLowerCase() !== "object" ) ) { - - newSelector = selector; - newContext = context; - - // qSA considers elements outside a scoping root when evaluating child or - // descendant combinators, which is not what we want. - // In such cases, we work around the behavior by prefixing every selector in the - // list with an ID selector referencing the scope context. - // The technique has to be used as well when a leading combinator is used - // as such selectors are not recognized by querySelectorAll. - // Thanks to Andrew Dupont for this technique. - if ( nodeType === 1 && - ( rdescend.test( selector ) || rcombinators.test( selector ) ) ) { - - // Expand context for sibling selectors - newContext = rsibling.test( selector ) && testContext( context.parentNode ) || - context; - - // We can use :scope instead of the ID hack if the browser - // supports it & if we're not changing the context. - if ( newContext !== context || !support.scope ) { - - // Capture the context ID, setting it first if necessary - if ( ( nid = context.getAttribute( "id" ) ) ) { - nid = nid.replace( rcssescape, fcssescape ); - } else { - context.setAttribute( "id", ( nid = expando ) ); - } - } - - // Prefix every selector in the list - groups = tokenize( selector ); - i = groups.length; - while ( i-- ) { - groups[ i ] = ( nid ? "#" + nid : ":scope" ) + " " + - toSelector( groups[ i ] ); - } - newSelector = groups.join( "," ); - } - - try { - push.apply( results, - newContext.querySelectorAll( newSelector ) - ); - return results; - } catch ( qsaError ) { - nonnativeSelectorCache( selector, true ); - } finally { - if ( nid === expando ) { - context.removeAttribute( "id" ); - } - } - } - } - } - - // All others - return select( selector.replace( rtrim, "$1" ), context, results, seed ); -} - -/** - * Create key-value caches of limited size - * @returns {function(string, object)} Returns the Object data after storing it on itself with - * property name the (space-suffixed) string and (if the cache is larger than Expr.cacheLength) - * deleting the oldest entry - */ -function createCache() { - var keys = []; - - function cache( key, value ) { - - // Use (key + " ") to avoid collision with native prototype properties (see Issue #157) - if ( keys.push( key + " " ) > Expr.cacheLength ) { - - // Only keep the most recent entries - delete cache[ keys.shift() ]; - } - return ( cache[ key + " " ] = value ); - } - return cache; -} - -/** - * Mark a function for special use by Sizzle - * @param {Function} fn The function to mark - */ -function markFunction( fn ) { - fn[ expando ] = true; - return fn; -} - -/** - * Support testing using an element - * @param {Function} fn Passed the created element and returns a boolean result - */ -function assert( fn ) { - var el = document.createElement( "fieldset" ); - - try { - return !!fn( el ); - } catch ( e ) { - return false; - } finally { - - // Remove from its parent by default - if ( el.parentNode ) { - el.parentNode.removeChild( el ); - } - - // release memory in IE - el = null; - } -} - -/** - * Adds the same handler for all of the specified attrs - * @param {String} attrs Pipe-separated list of attributes - * @param {Function} handler The method that will be applied - */ -function addHandle( attrs, handler ) { - var arr = attrs.split( "|" ), - i = arr.length; - - while ( i-- ) { - Expr.attrHandle[ arr[ i ] ] = handler; - } -} - -/** - * Checks document order of two siblings - * @param {Element} a - * @param {Element} b - * @returns {Number} Returns less than 0 if a precedes b, greater than 0 if a follows b - */ -function siblingCheck( a, b ) { - var cur = b && a, - diff = cur && a.nodeType === 1 && b.nodeType === 1 && - a.sourceIndex - b.sourceIndex; - - // Use IE sourceIndex if available on both nodes - if ( diff ) { - return diff; - } - - // Check if b follows a - if ( cur ) { - while ( ( cur = cur.nextSibling ) ) { - if ( cur === b ) { - return -1; - } - } - } - - return a ? 1 : -1; -} - -/** - * Returns a function to use in pseudos for input types - * @param {String} type - */ -function createInputPseudo( type ) { - return function( elem ) { - var name = elem.nodeName.toLowerCase(); - return name === "input" && elem.type === type; - }; -} - -/** - * Returns a function to use in pseudos for buttons - * @param {String} type - */ -function createButtonPseudo( type ) { - return function( elem ) { - var name = elem.nodeName.toLowerCase(); - return ( name === "input" || name === "button" ) && elem.type === type; - }; -} - -/** - * Returns a function to use in pseudos for :enabled/:disabled - * @param {Boolean} disabled true for :disabled; false for :enabled - */ -function createDisabledPseudo( disabled ) { - - // Known :disabled false positives: fieldset[disabled] > legend:nth-of-type(n+2) :can-disable - return function( elem ) { - - // Only certain elements can match :enabled or :disabled - // https://html.spec.whatwg.org/multipage/scripting.html#selector-enabled - // https://html.spec.whatwg.org/multipage/scripting.html#selector-disabled - if ( "form" in elem ) { - - // Check for inherited disabledness on relevant non-disabled elements: - // * listed form-associated elements in a disabled fieldset - // https://html.spec.whatwg.org/multipage/forms.html#category-listed - // https://html.spec.whatwg.org/multipage/forms.html#concept-fe-disabled - // * option elements in a disabled optgroup - // https://html.spec.whatwg.org/multipage/forms.html#concept-option-disabled - // All such elements have a "form" property. - if ( elem.parentNode && elem.disabled === false ) { - - // Option elements defer to a parent optgroup if present - if ( "label" in elem ) { - if ( "label" in elem.parentNode ) { - return elem.parentNode.disabled === disabled; - } else { - return elem.disabled === disabled; - } - } - - // Support: IE 6 - 11 - // Use the isDisabled shortcut property to check for disabled fieldset ancestors - return elem.isDisabled === disabled || - - // Where there is no isDisabled, check manually - /* jshint -W018 */ - elem.isDisabled !== !disabled && - inDisabledFieldset( elem ) === disabled; - } - - return elem.disabled === disabled; - - // Try to winnow out elements that can't be disabled before trusting the disabled property. - // Some victims get caught in our net (label, legend, menu, track), but it shouldn't - // even exist on them, let alone have a boolean value. - } else if ( "label" in elem ) { - return elem.disabled === disabled; - } - - // Remaining elements are neither :enabled nor :disabled - return false; - }; -} - -/** - * Returns a function to use in pseudos for positionals - * @param {Function} fn - */ -function createPositionalPseudo( fn ) { - return markFunction( function( argument ) { - argument = +argument; - return markFunction( function( seed, matches ) { - var j, - matchIndexes = fn( [], seed.length, argument ), - i = matchIndexes.length; - - // Match elements found at the specified indexes - while ( i-- ) { - if ( seed[ ( j = matchIndexes[ i ] ) ] ) { - seed[ j ] = !( matches[ j ] = seed[ j ] ); - } - } - } ); - } ); -} - -/** - * Checks a node for validity as a Sizzle context - * @param {Element|Object=} context - * @returns {Element|Object|Boolean} The input node if acceptable, otherwise a falsy value - */ -function testContext( context ) { - return context && typeof context.getElementsByTagName !== "undefined" && context; -} - -// Expose support vars for convenience -support = Sizzle.support = {}; - -/** - * Detects XML nodes - * @param {Element|Object} elem An element or a document - * @returns {Boolean} True iff elem is a non-HTML XML node - */ -isXML = Sizzle.isXML = function( elem ) { - var namespace = elem && elem.namespaceURI, - docElem = elem && ( elem.ownerDocument || elem ).documentElement; - - // Support: IE <=8 - // Assume HTML when documentElement doesn't yet exist, such as inside loading iframes - // https://bugs.jquery.com/ticket/4833 - return !rhtml.test( namespace || docElem && docElem.nodeName || "HTML" ); -}; - -/** - * Sets document-related variables once based on the current document - * @param {Element|Object} [doc] An element or document object to use to set the document - * @returns {Object} Returns the current document - */ -setDocument = Sizzle.setDocument = function( node ) { - var hasCompare, subWindow, - doc = node ? node.ownerDocument || node : preferredDoc; - - // Return early if doc is invalid or already selected - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( doc == document || doc.nodeType !== 9 || !doc.documentElement ) { - return document; - } - - // Update global variables - document = doc; - docElem = document.documentElement; - documentIsHTML = !isXML( document ); - - // Support: IE 9 - 11+, Edge 12 - 18+ - // Accessing iframe documents after unload throws "permission denied" errors (jQuery #13936) - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( preferredDoc != document && - ( subWindow = document.defaultView ) && subWindow.top !== subWindow ) { - - // Support: IE 11, Edge - if ( subWindow.addEventListener ) { - subWindow.addEventListener( "unload", unloadHandler, false ); - - // Support: IE 9 - 10 only - } else if ( subWindow.attachEvent ) { - subWindow.attachEvent( "onunload", unloadHandler ); - } - } - - // Support: IE 8 - 11+, Edge 12 - 18+, Chrome <=16 - 25 only, Firefox <=3.6 - 31 only, - // Safari 4 - 5 only, Opera <=11.6 - 12.x only - // IE/Edge & older browsers don't support the :scope pseudo-class. - // Support: Safari 6.0 only - // Safari 6.0 supports :scope but it's an alias of :root there. - support.scope = assert( function( el ) { - docElem.appendChild( el ).appendChild( document.createElement( "div" ) ); - return typeof el.querySelectorAll !== "undefined" && - !el.querySelectorAll( ":scope fieldset div" ).length; - } ); - - /* Attributes - ---------------------------------------------------------------------- */ - - // Support: IE<8 - // Verify that getAttribute really returns attributes and not properties - // (excepting IE8 booleans) - support.attributes = assert( function( el ) { - el.className = "i"; - return !el.getAttribute( "className" ); - } ); - - /* getElement(s)By* - ---------------------------------------------------------------------- */ - - // Check if getElementsByTagName("*") returns only elements - support.getElementsByTagName = assert( function( el ) { - el.appendChild( document.createComment( "" ) ); - return !el.getElementsByTagName( "*" ).length; - } ); - - // Support: IE<9 - support.getElementsByClassName = rnative.test( document.getElementsByClassName ); - - // Support: IE<10 - // Check if getElementById returns elements by name - // The broken getElementById methods don't pick up programmatically-set names, - // so use a roundabout getElementsByName test - support.getById = assert( function( el ) { - docElem.appendChild( el ).id = expando; - return !document.getElementsByName || !document.getElementsByName( expando ).length; - } ); - - // ID filter and find - if ( support.getById ) { - Expr.filter[ "ID" ] = function( id ) { - var attrId = id.replace( runescape, funescape ); - return function( elem ) { - return elem.getAttribute( "id" ) === attrId; - }; - }; - Expr.find[ "ID" ] = function( id, context ) { - if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { - var elem = context.getElementById( id ); - return elem ? [ elem ] : []; - } - }; - } else { - Expr.filter[ "ID" ] = function( id ) { - var attrId = id.replace( runescape, funescape ); - return function( elem ) { - var node = typeof elem.getAttributeNode !== "undefined" && - elem.getAttributeNode( "id" ); - return node && node.value === attrId; - }; - }; - - // Support: IE 6 - 7 only - // getElementById is not reliable as a find shortcut - Expr.find[ "ID" ] = function( id, context ) { - if ( typeof context.getElementById !== "undefined" && documentIsHTML ) { - var node, i, elems, - elem = context.getElementById( id ); - - if ( elem ) { - - // Verify the id attribute - node = elem.getAttributeNode( "id" ); - if ( node && node.value === id ) { - return [ elem ]; - } - - // Fall back on getElementsByName - elems = context.getElementsByName( id ); - i = 0; - while ( ( elem = elems[ i++ ] ) ) { - node = elem.getAttributeNode( "id" ); - if ( node && node.value === id ) { - return [ elem ]; - } - } - } - - return []; - } - }; - } - - // Tag - Expr.find[ "TAG" ] = support.getElementsByTagName ? - function( tag, context ) { - if ( typeof context.getElementsByTagName !== "undefined" ) { - return context.getElementsByTagName( tag ); - - // DocumentFragment nodes don't have gEBTN - } else if ( support.qsa ) { - return context.querySelectorAll( tag ); - } - } : - - function( tag, context ) { - var elem, - tmp = [], - i = 0, - - // By happy coincidence, a (broken) gEBTN appears on DocumentFragment nodes too - results = context.getElementsByTagName( tag ); - - // Filter out possible comments - if ( tag === "*" ) { - while ( ( elem = results[ i++ ] ) ) { - if ( elem.nodeType === 1 ) { - tmp.push( elem ); - } - } - - return tmp; - } - return results; - }; - - // Class - Expr.find[ "CLASS" ] = support.getElementsByClassName && function( className, context ) { - if ( typeof context.getElementsByClassName !== "undefined" && documentIsHTML ) { - return context.getElementsByClassName( className ); - } - }; - - /* QSA/matchesSelector - ---------------------------------------------------------------------- */ - - // QSA and matchesSelector support - - // matchesSelector(:active) reports false when true (IE9/Opera 11.5) - rbuggyMatches = []; - - // qSa(:focus) reports false when true (Chrome 21) - // We allow this because of a bug in IE8/9 that throws an error - // whenever `document.activeElement` is accessed on an iframe - // So, we allow :focus to pass through QSA all the time to avoid the IE error - // See https://bugs.jquery.com/ticket/13378 - rbuggyQSA = []; - - if ( ( support.qsa = rnative.test( document.querySelectorAll ) ) ) { - - // Build QSA regex - // Regex strategy adopted from Diego Perini - assert( function( el ) { - - var input; - - // Select is set to empty string on purpose - // This is to test IE's treatment of not explicitly - // setting a boolean content attribute, - // since its presence should be enough - // https://bugs.jquery.com/ticket/12359 - docElem.appendChild( el ).innerHTML = "" + - ""; - - // Support: IE8, Opera 11-12.16 - // Nothing should be selected when empty strings follow ^= or $= or *= - // The test attribute must be unknown in Opera but "safe" for WinRT - // https://msdn.microsoft.com/en-us/library/ie/hh465388.aspx#attribute_section - if ( el.querySelectorAll( "[msallowcapture^='']" ).length ) { - rbuggyQSA.push( "[*^$]=" + whitespace + "*(?:''|\"\")" ); - } - - // Support: IE8 - // Boolean attributes and "value" are not treated correctly - if ( !el.querySelectorAll( "[selected]" ).length ) { - rbuggyQSA.push( "\\[" + whitespace + "*(?:value|" + booleans + ")" ); - } - - // Support: Chrome<29, Android<4.4, Safari<7.0+, iOS<7.0+, PhantomJS<1.9.8+ - if ( !el.querySelectorAll( "[id~=" + expando + "-]" ).length ) { - rbuggyQSA.push( "~=" ); - } - - // Support: IE 11+, Edge 15 - 18+ - // IE 11/Edge don't find elements on a `[name='']` query in some cases. - // Adding a temporary attribute to the document before the selection works - // around the issue. - // Interestingly, IE 10 & older don't seem to have the issue. - input = document.createElement( "input" ); - input.setAttribute( "name", "" ); - el.appendChild( input ); - if ( !el.querySelectorAll( "[name='']" ).length ) { - rbuggyQSA.push( "\\[" + whitespace + "*name" + whitespace + "*=" + - whitespace + "*(?:''|\"\")" ); - } - - // Webkit/Opera - :checked should return selected option elements - // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked - // IE8 throws error here and will not see later tests - if ( !el.querySelectorAll( ":checked" ).length ) { - rbuggyQSA.push( ":checked" ); - } - - // Support: Safari 8+, iOS 8+ - // https://bugs.webkit.org/show_bug.cgi?id=136851 - // In-page `selector#id sibling-combinator selector` fails - if ( !el.querySelectorAll( "a#" + expando + "+*" ).length ) { - rbuggyQSA.push( ".#.+[+~]" ); - } - - // Support: Firefox <=3.6 - 5 only - // Old Firefox doesn't throw on a badly-escaped identifier. - el.querySelectorAll( "\\\f" ); - rbuggyQSA.push( "[\\r\\n\\f]" ); - } ); - - assert( function( el ) { - el.innerHTML = "" + - ""; - - // Support: Windows 8 Native Apps - // The type and name attributes are restricted during .innerHTML assignment - var input = document.createElement( "input" ); - input.setAttribute( "type", "hidden" ); - el.appendChild( input ).setAttribute( "name", "D" ); - - // Support: IE8 - // Enforce case-sensitivity of name attribute - if ( el.querySelectorAll( "[name=d]" ).length ) { - rbuggyQSA.push( "name" + whitespace + "*[*^$|!~]?=" ); - } - - // FF 3.5 - :enabled/:disabled and hidden elements (hidden elements are still enabled) - // IE8 throws error here and will not see later tests - if ( el.querySelectorAll( ":enabled" ).length !== 2 ) { - rbuggyQSA.push( ":enabled", ":disabled" ); - } - - // Support: IE9-11+ - // IE's :disabled selector does not pick up the children of disabled fieldsets - docElem.appendChild( el ).disabled = true; - if ( el.querySelectorAll( ":disabled" ).length !== 2 ) { - rbuggyQSA.push( ":enabled", ":disabled" ); - } - - // Support: Opera 10 - 11 only - // Opera 10-11 does not throw on post-comma invalid pseudos - el.querySelectorAll( "*,:x" ); - rbuggyQSA.push( ",.*:" ); - } ); - } - - if ( ( support.matchesSelector = rnative.test( ( matches = docElem.matches || - docElem.webkitMatchesSelector || - docElem.mozMatchesSelector || - docElem.oMatchesSelector || - docElem.msMatchesSelector ) ) ) ) { - - assert( function( el ) { - - // Check to see if it's possible to do matchesSelector - // on a disconnected node (IE 9) - support.disconnectedMatch = matches.call( el, "*" ); - - // This should fail with an exception - // Gecko does not error, returns false instead - matches.call( el, "[s!='']:x" ); - rbuggyMatches.push( "!=", pseudos ); - } ); - } - - rbuggyQSA = rbuggyQSA.length && new RegExp( rbuggyQSA.join( "|" ) ); - rbuggyMatches = rbuggyMatches.length && new RegExp( rbuggyMatches.join( "|" ) ); - - /* Contains - ---------------------------------------------------------------------- */ - hasCompare = rnative.test( docElem.compareDocumentPosition ); - - // Element contains another - // Purposefully self-exclusive - // As in, an element does not contain itself - contains = hasCompare || rnative.test( docElem.contains ) ? - function( a, b ) { - var adown = a.nodeType === 9 ? a.documentElement : a, - bup = b && b.parentNode; - return a === bup || !!( bup && bup.nodeType === 1 && ( - adown.contains ? - adown.contains( bup ) : - a.compareDocumentPosition && a.compareDocumentPosition( bup ) & 16 - ) ); - } : - function( a, b ) { - if ( b ) { - while ( ( b = b.parentNode ) ) { - if ( b === a ) { - return true; - } - } - } - return false; - }; - - /* Sorting - ---------------------------------------------------------------------- */ - - // Document order sorting - sortOrder = hasCompare ? - function( a, b ) { - - // Flag for duplicate removal - if ( a === b ) { - hasDuplicate = true; - return 0; - } - - // Sort on method existence if only one input has compareDocumentPosition - var compare = !a.compareDocumentPosition - !b.compareDocumentPosition; - if ( compare ) { - return compare; - } - - // Calculate position if both inputs belong to the same document - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - compare = ( a.ownerDocument || a ) == ( b.ownerDocument || b ) ? - a.compareDocumentPosition( b ) : - - // Otherwise we know they are disconnected - 1; - - // Disconnected nodes - if ( compare & 1 || - ( !support.sortDetached && b.compareDocumentPosition( a ) === compare ) ) { - - // Choose the first element that is related to our preferred document - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( a == document || a.ownerDocument == preferredDoc && - contains( preferredDoc, a ) ) { - return -1; - } - - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( b == document || b.ownerDocument == preferredDoc && - contains( preferredDoc, b ) ) { - return 1; - } - - // Maintain original order - return sortInput ? - ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : - 0; - } - - return compare & 4 ? -1 : 1; - } : - function( a, b ) { - - // Exit early if the nodes are identical - if ( a === b ) { - hasDuplicate = true; - return 0; - } - - var cur, - i = 0, - aup = a.parentNode, - bup = b.parentNode, - ap = [ a ], - bp = [ b ]; - - // Parentless nodes are either documents or disconnected - if ( !aup || !bup ) { - - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - /* eslint-disable eqeqeq */ - return a == document ? -1 : - b == document ? 1 : - /* eslint-enable eqeqeq */ - aup ? -1 : - bup ? 1 : - sortInput ? - ( indexOf( sortInput, a ) - indexOf( sortInput, b ) ) : - 0; - - // If the nodes are siblings, we can do a quick check - } else if ( aup === bup ) { - return siblingCheck( a, b ); - } - - // Otherwise we need full lists of their ancestors for comparison - cur = a; - while ( ( cur = cur.parentNode ) ) { - ap.unshift( cur ); - } - cur = b; - while ( ( cur = cur.parentNode ) ) { - bp.unshift( cur ); - } - - // Walk down the tree looking for a discrepancy - while ( ap[ i ] === bp[ i ] ) { - i++; - } - - return i ? - - // Do a sibling check if the nodes have a common ancestor - siblingCheck( ap[ i ], bp[ i ] ) : - - // Otherwise nodes in our document sort first - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - /* eslint-disable eqeqeq */ - ap[ i ] == preferredDoc ? -1 : - bp[ i ] == preferredDoc ? 1 : - /* eslint-enable eqeqeq */ - 0; - }; - - return document; -}; - -Sizzle.matches = function( expr, elements ) { - return Sizzle( expr, null, null, elements ); -}; - -Sizzle.matchesSelector = function( elem, expr ) { - setDocument( elem ); - - if ( support.matchesSelector && documentIsHTML && - !nonnativeSelectorCache[ expr + " " ] && - ( !rbuggyMatches || !rbuggyMatches.test( expr ) ) && - ( !rbuggyQSA || !rbuggyQSA.test( expr ) ) ) { - - try { - var ret = matches.call( elem, expr ); - - // IE 9's matchesSelector returns false on disconnected nodes - if ( ret || support.disconnectedMatch || - - // As well, disconnected nodes are said to be in a document - // fragment in IE 9 - elem.document && elem.document.nodeType !== 11 ) { - return ret; - } - } catch ( e ) { - nonnativeSelectorCache( expr, true ); - } - } - - return Sizzle( expr, document, null, [ elem ] ).length > 0; -}; - -Sizzle.contains = function( context, elem ) { - - // Set document vars if needed - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( ( context.ownerDocument || context ) != document ) { - setDocument( context ); - } - return contains( context, elem ); -}; - -Sizzle.attr = function( elem, name ) { - - // Set document vars if needed - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( ( elem.ownerDocument || elem ) != document ) { - setDocument( elem ); - } - - var fn = Expr.attrHandle[ name.toLowerCase() ], - - // Don't get fooled by Object.prototype properties (jQuery #13807) - val = fn && hasOwn.call( Expr.attrHandle, name.toLowerCase() ) ? - fn( elem, name, !documentIsHTML ) : - undefined; - - return val !== undefined ? - val : - support.attributes || !documentIsHTML ? - elem.getAttribute( name ) : - ( val = elem.getAttributeNode( name ) ) && val.specified ? - val.value : - null; -}; - -Sizzle.escape = function( sel ) { - return ( sel + "" ).replace( rcssescape, fcssescape ); -}; - -Sizzle.error = function( msg ) { - throw new Error( "Syntax error, unrecognized expression: " + msg ); -}; - -/** - * Document sorting and removing duplicates - * @param {ArrayLike} results - */ -Sizzle.uniqueSort = function( results ) { - var elem, - duplicates = [], - j = 0, - i = 0; - - // Unless we *know* we can detect duplicates, assume their presence - hasDuplicate = !support.detectDuplicates; - sortInput = !support.sortStable && results.slice( 0 ); - results.sort( sortOrder ); - - if ( hasDuplicate ) { - while ( ( elem = results[ i++ ] ) ) { - if ( elem === results[ i ] ) { - j = duplicates.push( i ); - } - } - while ( j-- ) { - results.splice( duplicates[ j ], 1 ); - } - } - - // Clear input after sorting to release objects - // See https://github.com/jquery/sizzle/pull/225 - sortInput = null; - - return results; -}; - -/** - * Utility function for retrieving the text value of an array of DOM nodes - * @param {Array|Element} elem - */ -getText = Sizzle.getText = function( elem ) { - var node, - ret = "", - i = 0, - nodeType = elem.nodeType; - - if ( !nodeType ) { - - // If no nodeType, this is expected to be an array - while ( ( node = elem[ i++ ] ) ) { - - // Do not traverse comment nodes - ret += getText( node ); - } - } else if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { - - // Use textContent for elements - // innerText usage removed for consistency of new lines (jQuery #11153) - if ( typeof elem.textContent === "string" ) { - return elem.textContent; - } else { - - // Traverse its children - for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { - ret += getText( elem ); - } - } - } else if ( nodeType === 3 || nodeType === 4 ) { - return elem.nodeValue; - } - - // Do not include comment or processing instruction nodes - - return ret; -}; - -Expr = Sizzle.selectors = { - - // Can be adjusted by the user - cacheLength: 50, - - createPseudo: markFunction, - - match: matchExpr, - - attrHandle: {}, - - find: {}, - - relative: { - ">": { dir: "parentNode", first: true }, - " ": { dir: "parentNode" }, - "+": { dir: "previousSibling", first: true }, - "~": { dir: "previousSibling" } - }, - - preFilter: { - "ATTR": function( match ) { - match[ 1 ] = match[ 1 ].replace( runescape, funescape ); - - // Move the given value to match[3] whether quoted or unquoted - match[ 3 ] = ( match[ 3 ] || match[ 4 ] || - match[ 5 ] || "" ).replace( runescape, funescape ); - - if ( match[ 2 ] === "~=" ) { - match[ 3 ] = " " + match[ 3 ] + " "; - } - - return match.slice( 0, 4 ); - }, - - "CHILD": function( match ) { - - /* matches from matchExpr["CHILD"] - 1 type (only|nth|...) - 2 what (child|of-type) - 3 argument (even|odd|\d*|\d*n([+-]\d+)?|...) - 4 xn-component of xn+y argument ([+-]?\d*n|) - 5 sign of xn-component - 6 x of xn-component - 7 sign of y-component - 8 y of y-component - */ - match[ 1 ] = match[ 1 ].toLowerCase(); - - if ( match[ 1 ].slice( 0, 3 ) === "nth" ) { - - // nth-* requires argument - if ( !match[ 3 ] ) { - Sizzle.error( match[ 0 ] ); - } - - // numeric x and y parameters for Expr.filter.CHILD - // remember that false/true cast respectively to 0/1 - match[ 4 ] = +( match[ 4 ] ? - match[ 5 ] + ( match[ 6 ] || 1 ) : - 2 * ( match[ 3 ] === "even" || match[ 3 ] === "odd" ) ); - match[ 5 ] = +( ( match[ 7 ] + match[ 8 ] ) || match[ 3 ] === "odd" ); - - // other types prohibit arguments - } else if ( match[ 3 ] ) { - Sizzle.error( match[ 0 ] ); - } - - return match; - }, - - "PSEUDO": function( match ) { - var excess, - unquoted = !match[ 6 ] && match[ 2 ]; - - if ( matchExpr[ "CHILD" ].test( match[ 0 ] ) ) { - return null; - } - - // Accept quoted arguments as-is - if ( match[ 3 ] ) { - match[ 2 ] = match[ 4 ] || match[ 5 ] || ""; - - // Strip excess characters from unquoted arguments - } else if ( unquoted && rpseudo.test( unquoted ) && - - // Get excess from tokenize (recursively) - ( excess = tokenize( unquoted, true ) ) && - - // advance to the next closing parenthesis - ( excess = unquoted.indexOf( ")", unquoted.length - excess ) - unquoted.length ) ) { - - // excess is a negative index - match[ 0 ] = match[ 0 ].slice( 0, excess ); - match[ 2 ] = unquoted.slice( 0, excess ); - } - - // Return only captures needed by the pseudo filter method (type and argument) - return match.slice( 0, 3 ); - } - }, - - filter: { - - "TAG": function( nodeNameSelector ) { - var nodeName = nodeNameSelector.replace( runescape, funescape ).toLowerCase(); - return nodeNameSelector === "*" ? - function() { - return true; - } : - function( elem ) { - return elem.nodeName && elem.nodeName.toLowerCase() === nodeName; - }; - }, - - "CLASS": function( className ) { - var pattern = classCache[ className + " " ]; - - return pattern || - ( pattern = new RegExp( "(^|" + whitespace + - ")" + className + "(" + whitespace + "|$)" ) ) && classCache( - className, function( elem ) { - return pattern.test( - typeof elem.className === "string" && elem.className || - typeof elem.getAttribute !== "undefined" && - elem.getAttribute( "class" ) || - "" - ); - } ); - }, - - "ATTR": function( name, operator, check ) { - return function( elem ) { - var result = Sizzle.attr( elem, name ); - - if ( result == null ) { - return operator === "!="; - } - if ( !operator ) { - return true; - } - - result += ""; - - /* eslint-disable max-len */ - - return operator === "=" ? result === check : - operator === "!=" ? result !== check : - operator === "^=" ? check && result.indexOf( check ) === 0 : - operator === "*=" ? check && result.indexOf( check ) > -1 : - operator === "$=" ? check && result.slice( -check.length ) === check : - operator === "~=" ? ( " " + result.replace( rwhitespace, " " ) + " " ).indexOf( check ) > -1 : - operator === "|=" ? result === check || result.slice( 0, check.length + 1 ) === check + "-" : - false; - /* eslint-enable max-len */ - - }; - }, - - "CHILD": function( type, what, _argument, first, last ) { - var simple = type.slice( 0, 3 ) !== "nth", - forward = type.slice( -4 ) !== "last", - ofType = what === "of-type"; - - return first === 1 && last === 0 ? - - // Shortcut for :nth-*(n) - function( elem ) { - return !!elem.parentNode; - } : - - function( elem, _context, xml ) { - var cache, uniqueCache, outerCache, node, nodeIndex, start, - dir = simple !== forward ? "nextSibling" : "previousSibling", - parent = elem.parentNode, - name = ofType && elem.nodeName.toLowerCase(), - useCache = !xml && !ofType, - diff = false; - - if ( parent ) { - - // :(first|last|only)-(child|of-type) - if ( simple ) { - while ( dir ) { - node = elem; - while ( ( node = node[ dir ] ) ) { - if ( ofType ? - node.nodeName.toLowerCase() === name : - node.nodeType === 1 ) { - - return false; - } - } - - // Reverse direction for :only-* (if we haven't yet done so) - start = dir = type === "only" && !start && "nextSibling"; - } - return true; - } - - start = [ forward ? parent.firstChild : parent.lastChild ]; - - // non-xml :nth-child(...) stores cache data on `parent` - if ( forward && useCache ) { - - // Seek `elem` from a previously-cached index - - // ...in a gzip-friendly way - node = parent; - outerCache = node[ expando ] || ( node[ expando ] = {} ); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ node.uniqueID ] || - ( outerCache[ node.uniqueID ] = {} ); - - cache = uniqueCache[ type ] || []; - nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; - diff = nodeIndex && cache[ 2 ]; - node = nodeIndex && parent.childNodes[ nodeIndex ]; - - while ( ( node = ++nodeIndex && node && node[ dir ] || - - // Fallback to seeking `elem` from the start - ( diff = nodeIndex = 0 ) || start.pop() ) ) { - - // When found, cache indexes on `parent` and break - if ( node.nodeType === 1 && ++diff && node === elem ) { - uniqueCache[ type ] = [ dirruns, nodeIndex, diff ]; - break; - } - } - - } else { - - // Use previously-cached element index if available - if ( useCache ) { - - // ...in a gzip-friendly way - node = elem; - outerCache = node[ expando ] || ( node[ expando ] = {} ); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ node.uniqueID ] || - ( outerCache[ node.uniqueID ] = {} ); - - cache = uniqueCache[ type ] || []; - nodeIndex = cache[ 0 ] === dirruns && cache[ 1 ]; - diff = nodeIndex; - } - - // xml :nth-child(...) - // or :nth-last-child(...) or :nth(-last)?-of-type(...) - if ( diff === false ) { - - // Use the same loop as above to seek `elem` from the start - while ( ( node = ++nodeIndex && node && node[ dir ] || - ( diff = nodeIndex = 0 ) || start.pop() ) ) { - - if ( ( ofType ? - node.nodeName.toLowerCase() === name : - node.nodeType === 1 ) && - ++diff ) { - - // Cache the index of each encountered element - if ( useCache ) { - outerCache = node[ expando ] || - ( node[ expando ] = {} ); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ node.uniqueID ] || - ( outerCache[ node.uniqueID ] = {} ); - - uniqueCache[ type ] = [ dirruns, diff ]; - } - - if ( node === elem ) { - break; - } - } - } - } - } - - // Incorporate the offset, then check against cycle size - diff -= last; - return diff === first || ( diff % first === 0 && diff / first >= 0 ); - } - }; - }, - - "PSEUDO": function( pseudo, argument ) { - - // pseudo-class names are case-insensitive - // http://www.w3.org/TR/selectors/#pseudo-classes - // Prioritize by case sensitivity in case custom pseudos are added with uppercase letters - // Remember that setFilters inherits from pseudos - var args, - fn = Expr.pseudos[ pseudo ] || Expr.setFilters[ pseudo.toLowerCase() ] || - Sizzle.error( "unsupported pseudo: " + pseudo ); - - // The user may use createPseudo to indicate that - // arguments are needed to create the filter function - // just as Sizzle does - if ( fn[ expando ] ) { - return fn( argument ); - } - - // But maintain support for old signatures - if ( fn.length > 1 ) { - args = [ pseudo, pseudo, "", argument ]; - return Expr.setFilters.hasOwnProperty( pseudo.toLowerCase() ) ? - markFunction( function( seed, matches ) { - var idx, - matched = fn( seed, argument ), - i = matched.length; - while ( i-- ) { - idx = indexOf( seed, matched[ i ] ); - seed[ idx ] = !( matches[ idx ] = matched[ i ] ); - } - } ) : - function( elem ) { - return fn( elem, 0, args ); - }; - } - - return fn; - } - }, - - pseudos: { - - // Potentially complex pseudos - "not": markFunction( function( selector ) { - - // Trim the selector passed to compile - // to avoid treating leading and trailing - // spaces as combinators - var input = [], - results = [], - matcher = compile( selector.replace( rtrim, "$1" ) ); - - return matcher[ expando ] ? - markFunction( function( seed, matches, _context, xml ) { - var elem, - unmatched = matcher( seed, null, xml, [] ), - i = seed.length; - - // Match elements unmatched by `matcher` - while ( i-- ) { - if ( ( elem = unmatched[ i ] ) ) { - seed[ i ] = !( matches[ i ] = elem ); - } - } - } ) : - function( elem, _context, xml ) { - input[ 0 ] = elem; - matcher( input, null, xml, results ); - - // Don't keep the element (issue #299) - input[ 0 ] = null; - return !results.pop(); - }; - } ), - - "has": markFunction( function( selector ) { - return function( elem ) { - return Sizzle( selector, elem ).length > 0; - }; - } ), - - "contains": markFunction( function( text ) { - text = text.replace( runescape, funescape ); - return function( elem ) { - return ( elem.textContent || getText( elem ) ).indexOf( text ) > -1; - }; - } ), - - // "Whether an element is represented by a :lang() selector - // is based solely on the element's language value - // being equal to the identifier C, - // or beginning with the identifier C immediately followed by "-". - // The matching of C against the element's language value is performed case-insensitively. - // The identifier C does not have to be a valid language name." - // http://www.w3.org/TR/selectors/#lang-pseudo - "lang": markFunction( function( lang ) { - - // lang value must be a valid identifier - if ( !ridentifier.test( lang || "" ) ) { - Sizzle.error( "unsupported lang: " + lang ); - } - lang = lang.replace( runescape, funescape ).toLowerCase(); - return function( elem ) { - var elemLang; - do { - if ( ( elemLang = documentIsHTML ? - elem.lang : - elem.getAttribute( "xml:lang" ) || elem.getAttribute( "lang" ) ) ) { - - elemLang = elemLang.toLowerCase(); - return elemLang === lang || elemLang.indexOf( lang + "-" ) === 0; - } - } while ( ( elem = elem.parentNode ) && elem.nodeType === 1 ); - return false; - }; - } ), - - // Miscellaneous - "target": function( elem ) { - var hash = window.location && window.location.hash; - return hash && hash.slice( 1 ) === elem.id; - }, - - "root": function( elem ) { - return elem === docElem; - }, - - "focus": function( elem ) { - return elem === document.activeElement && - ( !document.hasFocus || document.hasFocus() ) && - !!( elem.type || elem.href || ~elem.tabIndex ); - }, - - // Boolean properties - "enabled": createDisabledPseudo( false ), - "disabled": createDisabledPseudo( true ), - - "checked": function( elem ) { - - // In CSS3, :checked should return both checked and selected elements - // http://www.w3.org/TR/2011/REC-css3-selectors-20110929/#checked - var nodeName = elem.nodeName.toLowerCase(); - return ( nodeName === "input" && !!elem.checked ) || - ( nodeName === "option" && !!elem.selected ); - }, - - "selected": function( elem ) { - - // Accessing this property makes selected-by-default - // options in Safari work properly - if ( elem.parentNode ) { - // eslint-disable-next-line no-unused-expressions - elem.parentNode.selectedIndex; - } - - return elem.selected === true; - }, - - // Contents - "empty": function( elem ) { - - // http://www.w3.org/TR/selectors/#empty-pseudo - // :empty is negated by element (1) or content nodes (text: 3; cdata: 4; entity ref: 5), - // but not by others (comment: 8; processing instruction: 7; etc.) - // nodeType < 6 works because attributes (2) do not appear as children - for ( elem = elem.firstChild; elem; elem = elem.nextSibling ) { - if ( elem.nodeType < 6 ) { - return false; - } - } - return true; - }, - - "parent": function( elem ) { - return !Expr.pseudos[ "empty" ]( elem ); - }, - - // Element/input types - "header": function( elem ) { - return rheader.test( elem.nodeName ); - }, - - "input": function( elem ) { - return rinputs.test( elem.nodeName ); - }, - - "button": function( elem ) { - var name = elem.nodeName.toLowerCase(); - return name === "input" && elem.type === "button" || name === "button"; - }, - - "text": function( elem ) { - var attr; - return elem.nodeName.toLowerCase() === "input" && - elem.type === "text" && - - // Support: IE<8 - // New HTML5 attribute values (e.g., "search") appear with elem.type === "text" - ( ( attr = elem.getAttribute( "type" ) ) == null || - attr.toLowerCase() === "text" ); - }, - - // Position-in-collection - "first": createPositionalPseudo( function() { - return [ 0 ]; - } ), - - "last": createPositionalPseudo( function( _matchIndexes, length ) { - return [ length - 1 ]; - } ), - - "eq": createPositionalPseudo( function( _matchIndexes, length, argument ) { - return [ argument < 0 ? argument + length : argument ]; - } ), - - "even": createPositionalPseudo( function( matchIndexes, length ) { - var i = 0; - for ( ; i < length; i += 2 ) { - matchIndexes.push( i ); - } - return matchIndexes; - } ), - - "odd": createPositionalPseudo( function( matchIndexes, length ) { - var i = 1; - for ( ; i < length; i += 2 ) { - matchIndexes.push( i ); - } - return matchIndexes; - } ), - - "lt": createPositionalPseudo( function( matchIndexes, length, argument ) { - var i = argument < 0 ? - argument + length : - argument > length ? - length : - argument; - for ( ; --i >= 0; ) { - matchIndexes.push( i ); - } - return matchIndexes; - } ), - - "gt": createPositionalPseudo( function( matchIndexes, length, argument ) { - var i = argument < 0 ? argument + length : argument; - for ( ; ++i < length; ) { - matchIndexes.push( i ); - } - return matchIndexes; - } ) - } -}; - -Expr.pseudos[ "nth" ] = Expr.pseudos[ "eq" ]; - -// Add button/input type pseudos -for ( i in { radio: true, checkbox: true, file: true, password: true, image: true } ) { - Expr.pseudos[ i ] = createInputPseudo( i ); -} -for ( i in { submit: true, reset: true } ) { - Expr.pseudos[ i ] = createButtonPseudo( i ); -} - -// Easy API for creating new setFilters -function setFilters() {} -setFilters.prototype = Expr.filters = Expr.pseudos; -Expr.setFilters = new setFilters(); - -tokenize = Sizzle.tokenize = function( selector, parseOnly ) { - var matched, match, tokens, type, - soFar, groups, preFilters, - cached = tokenCache[ selector + " " ]; - - if ( cached ) { - return parseOnly ? 0 : cached.slice( 0 ); - } - - soFar = selector; - groups = []; - preFilters = Expr.preFilter; - - while ( soFar ) { - - // Comma and first run - if ( !matched || ( match = rcomma.exec( soFar ) ) ) { - if ( match ) { - - // Don't consume trailing commas as valid - soFar = soFar.slice( match[ 0 ].length ) || soFar; - } - groups.push( ( tokens = [] ) ); - } - - matched = false; - - // Combinators - if ( ( match = rcombinators.exec( soFar ) ) ) { - matched = match.shift(); - tokens.push( { - value: matched, - - // Cast descendant combinators to space - type: match[ 0 ].replace( rtrim, " " ) - } ); - soFar = soFar.slice( matched.length ); - } - - // Filters - for ( type in Expr.filter ) { - if ( ( match = matchExpr[ type ].exec( soFar ) ) && ( !preFilters[ type ] || - ( match = preFilters[ type ]( match ) ) ) ) { - matched = match.shift(); - tokens.push( { - value: matched, - type: type, - matches: match - } ); - soFar = soFar.slice( matched.length ); - } - } - - if ( !matched ) { - break; - } - } - - // Return the length of the invalid excess - // if we're just parsing - // Otherwise, throw an error or return tokens - return parseOnly ? - soFar.length : - soFar ? - Sizzle.error( selector ) : - - // Cache the tokens - tokenCache( selector, groups ).slice( 0 ); -}; - -function toSelector( tokens ) { - var i = 0, - len = tokens.length, - selector = ""; - for ( ; i < len; i++ ) { - selector += tokens[ i ].value; - } - return selector; -} - -function addCombinator( matcher, combinator, base ) { - var dir = combinator.dir, - skip = combinator.next, - key = skip || dir, - checkNonElements = base && key === "parentNode", - doneName = done++; - - return combinator.first ? - - // Check against closest ancestor/preceding element - function( elem, context, xml ) { - while ( ( elem = elem[ dir ] ) ) { - if ( elem.nodeType === 1 || checkNonElements ) { - return matcher( elem, context, xml ); - } - } - return false; - } : - - // Check against all ancestor/preceding elements - function( elem, context, xml ) { - var oldCache, uniqueCache, outerCache, - newCache = [ dirruns, doneName ]; - - // We can't set arbitrary data on XML nodes, so they don't benefit from combinator caching - if ( xml ) { - while ( ( elem = elem[ dir ] ) ) { - if ( elem.nodeType === 1 || checkNonElements ) { - if ( matcher( elem, context, xml ) ) { - return true; - } - } - } - } else { - while ( ( elem = elem[ dir ] ) ) { - if ( elem.nodeType === 1 || checkNonElements ) { - outerCache = elem[ expando ] || ( elem[ expando ] = {} ); - - // Support: IE <9 only - // Defend against cloned attroperties (jQuery gh-1709) - uniqueCache = outerCache[ elem.uniqueID ] || - ( outerCache[ elem.uniqueID ] = {} ); - - if ( skip && skip === elem.nodeName.toLowerCase() ) { - elem = elem[ dir ] || elem; - } else if ( ( oldCache = uniqueCache[ key ] ) && - oldCache[ 0 ] === dirruns && oldCache[ 1 ] === doneName ) { - - // Assign to newCache so results back-propagate to previous elements - return ( newCache[ 2 ] = oldCache[ 2 ] ); - } else { - - // Reuse newcache so results back-propagate to previous elements - uniqueCache[ key ] = newCache; - - // A match means we're done; a fail means we have to keep checking - if ( ( newCache[ 2 ] = matcher( elem, context, xml ) ) ) { - return true; - } - } - } - } - } - return false; - }; -} - -function elementMatcher( matchers ) { - return matchers.length > 1 ? - function( elem, context, xml ) { - var i = matchers.length; - while ( i-- ) { - if ( !matchers[ i ]( elem, context, xml ) ) { - return false; - } - } - return true; - } : - matchers[ 0 ]; -} - -function multipleContexts( selector, contexts, results ) { - var i = 0, - len = contexts.length; - for ( ; i < len; i++ ) { - Sizzle( selector, contexts[ i ], results ); - } - return results; -} - -function condense( unmatched, map, filter, context, xml ) { - var elem, - newUnmatched = [], - i = 0, - len = unmatched.length, - mapped = map != null; - - for ( ; i < len; i++ ) { - if ( ( elem = unmatched[ i ] ) ) { - if ( !filter || filter( elem, context, xml ) ) { - newUnmatched.push( elem ); - if ( mapped ) { - map.push( i ); - } - } - } - } - - return newUnmatched; -} - -function setMatcher( preFilter, selector, matcher, postFilter, postFinder, postSelector ) { - if ( postFilter && !postFilter[ expando ] ) { - postFilter = setMatcher( postFilter ); - } - if ( postFinder && !postFinder[ expando ] ) { - postFinder = setMatcher( postFinder, postSelector ); - } - return markFunction( function( seed, results, context, xml ) { - var temp, i, elem, - preMap = [], - postMap = [], - preexisting = results.length, - - // Get initial elements from seed or context - elems = seed || multipleContexts( - selector || "*", - context.nodeType ? [ context ] : context, - [] - ), - - // Prefilter to get matcher input, preserving a map for seed-results synchronization - matcherIn = preFilter && ( seed || !selector ) ? - condense( elems, preMap, preFilter, context, xml ) : - elems, - - matcherOut = matcher ? - - // If we have a postFinder, or filtered seed, or non-seed postFilter or preexisting results, - postFinder || ( seed ? preFilter : preexisting || postFilter ) ? - - // ...intermediate processing is necessary - [] : - - // ...otherwise use results directly - results : - matcherIn; - - // Find primary matches - if ( matcher ) { - matcher( matcherIn, matcherOut, context, xml ); - } - - // Apply postFilter - if ( postFilter ) { - temp = condense( matcherOut, postMap ); - postFilter( temp, [], context, xml ); - - // Un-match failing elements by moving them back to matcherIn - i = temp.length; - while ( i-- ) { - if ( ( elem = temp[ i ] ) ) { - matcherOut[ postMap[ i ] ] = !( matcherIn[ postMap[ i ] ] = elem ); - } - } - } - - if ( seed ) { - if ( postFinder || preFilter ) { - if ( postFinder ) { - - // Get the final matcherOut by condensing this intermediate into postFinder contexts - temp = []; - i = matcherOut.length; - while ( i-- ) { - if ( ( elem = matcherOut[ i ] ) ) { - - // Restore matcherIn since elem is not yet a final match - temp.push( ( matcherIn[ i ] = elem ) ); - } - } - postFinder( null, ( matcherOut = [] ), temp, xml ); - } - - // Move matched elements from seed to results to keep them synchronized - i = matcherOut.length; - while ( i-- ) { - if ( ( elem = matcherOut[ i ] ) && - ( temp = postFinder ? indexOf( seed, elem ) : preMap[ i ] ) > -1 ) { - - seed[ temp ] = !( results[ temp ] = elem ); - } - } - } - - // Add elements to results, through postFinder if defined - } else { - matcherOut = condense( - matcherOut === results ? - matcherOut.splice( preexisting, matcherOut.length ) : - matcherOut - ); - if ( postFinder ) { - postFinder( null, results, matcherOut, xml ); - } else { - push.apply( results, matcherOut ); - } - } - } ); -} - -function matcherFromTokens( tokens ) { - var checkContext, matcher, j, - len = tokens.length, - leadingRelative = Expr.relative[ tokens[ 0 ].type ], - implicitRelative = leadingRelative || Expr.relative[ " " ], - i = leadingRelative ? 1 : 0, - - // The foundational matcher ensures that elements are reachable from top-level context(s) - matchContext = addCombinator( function( elem ) { - return elem === checkContext; - }, implicitRelative, true ), - matchAnyContext = addCombinator( function( elem ) { - return indexOf( checkContext, elem ) > -1; - }, implicitRelative, true ), - matchers = [ function( elem, context, xml ) { - var ret = ( !leadingRelative && ( xml || context !== outermostContext ) ) || ( - ( checkContext = context ).nodeType ? - matchContext( elem, context, xml ) : - matchAnyContext( elem, context, xml ) ); - - // Avoid hanging onto element (issue #299) - checkContext = null; - return ret; - } ]; - - for ( ; i < len; i++ ) { - if ( ( matcher = Expr.relative[ tokens[ i ].type ] ) ) { - matchers = [ addCombinator( elementMatcher( matchers ), matcher ) ]; - } else { - matcher = Expr.filter[ tokens[ i ].type ].apply( null, tokens[ i ].matches ); - - // Return special upon seeing a positional matcher - if ( matcher[ expando ] ) { - - // Find the next relative operator (if any) for proper handling - j = ++i; - for ( ; j < len; j++ ) { - if ( Expr.relative[ tokens[ j ].type ] ) { - break; - } - } - return setMatcher( - i > 1 && elementMatcher( matchers ), - i > 1 && toSelector( - - // If the preceding token was a descendant combinator, insert an implicit any-element `*` - tokens - .slice( 0, i - 1 ) - .concat( { value: tokens[ i - 2 ].type === " " ? "*" : "" } ) - ).replace( rtrim, "$1" ), - matcher, - i < j && matcherFromTokens( tokens.slice( i, j ) ), - j < len && matcherFromTokens( ( tokens = tokens.slice( j ) ) ), - j < len && toSelector( tokens ) - ); - } - matchers.push( matcher ); - } - } - - return elementMatcher( matchers ); -} - -function matcherFromGroupMatchers( elementMatchers, setMatchers ) { - var bySet = setMatchers.length > 0, - byElement = elementMatchers.length > 0, - superMatcher = function( seed, context, xml, results, outermost ) { - var elem, j, matcher, - matchedCount = 0, - i = "0", - unmatched = seed && [], - setMatched = [], - contextBackup = outermostContext, - - // We must always have either seed elements or outermost context - elems = seed || byElement && Expr.find[ "TAG" ]( "*", outermost ), - - // Use integer dirruns iff this is the outermost matcher - dirrunsUnique = ( dirruns += contextBackup == null ? 1 : Math.random() || 0.1 ), - len = elems.length; - - if ( outermost ) { - - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - outermostContext = context == document || context || outermost; - } - - // Add elements passing elementMatchers directly to results - // Support: IE<9, Safari - // Tolerate NodeList properties (IE: "length"; Safari: ) matching elements by id - for ( ; i !== len && ( elem = elems[ i ] ) != null; i++ ) { - if ( byElement && elem ) { - j = 0; - - // Support: IE 11+, Edge 17 - 18+ - // IE/Edge sometimes throw a "Permission denied" error when strict-comparing - // two documents; shallow comparisons work. - // eslint-disable-next-line eqeqeq - if ( !context && elem.ownerDocument != document ) { - setDocument( elem ); - xml = !documentIsHTML; - } - while ( ( matcher = elementMatchers[ j++ ] ) ) { - if ( matcher( elem, context || document, xml ) ) { - results.push( elem ); - break; - } - } - if ( outermost ) { - dirruns = dirrunsUnique; - } - } - - // Track unmatched elements for set filters - if ( bySet ) { - - // They will have gone through all possible matchers - if ( ( elem = !matcher && elem ) ) { - matchedCount--; - } - - // Lengthen the array for every element, matched or not - if ( seed ) { - unmatched.push( elem ); - } - } - } - - // `i` is now the count of elements visited above, and adding it to `matchedCount` - // makes the latter nonnegative. - matchedCount += i; - - // Apply set filters to unmatched elements - // NOTE: This can be skipped if there are no unmatched elements (i.e., `matchedCount` - // equals `i`), unless we didn't visit _any_ elements in the above loop because we have - // no element matchers and no seed. - // Incrementing an initially-string "0" `i` allows `i` to remain a string only in that - // case, which will result in a "00" `matchedCount` that differs from `i` but is also - // numerically zero. - if ( bySet && i !== matchedCount ) { - j = 0; - while ( ( matcher = setMatchers[ j++ ] ) ) { - matcher( unmatched, setMatched, context, xml ); - } - - if ( seed ) { - - // Reintegrate element matches to eliminate the need for sorting - if ( matchedCount > 0 ) { - while ( i-- ) { - if ( !( unmatched[ i ] || setMatched[ i ] ) ) { - setMatched[ i ] = pop.call( results ); - } - } - } - - // Discard index placeholder values to get only actual matches - setMatched = condense( setMatched ); - } - - // Add matches to results - push.apply( results, setMatched ); - - // Seedless set matches succeeding multiple successful matchers stipulate sorting - if ( outermost && !seed && setMatched.length > 0 && - ( matchedCount + setMatchers.length ) > 1 ) { - - Sizzle.uniqueSort( results ); - } - } - - // Override manipulation of globals by nested matchers - if ( outermost ) { - dirruns = dirrunsUnique; - outermostContext = contextBackup; - } - - return unmatched; - }; - - return bySet ? - markFunction( superMatcher ) : - superMatcher; -} - -compile = Sizzle.compile = function( selector, match /* Internal Use Only */ ) { - var i, - setMatchers = [], - elementMatchers = [], - cached = compilerCache[ selector + " " ]; - - if ( !cached ) { - - // Generate a function of recursive functions that can be used to check each element - if ( !match ) { - match = tokenize( selector ); - } - i = match.length; - while ( i-- ) { - cached = matcherFromTokens( match[ i ] ); - if ( cached[ expando ] ) { - setMatchers.push( cached ); - } else { - elementMatchers.push( cached ); - } - } - - // Cache the compiled function - cached = compilerCache( - selector, - matcherFromGroupMatchers( elementMatchers, setMatchers ) - ); - - // Save selector and tokenization - cached.selector = selector; - } - return cached; -}; - -/** - * A low-level selection function that works with Sizzle's compiled - * selector functions - * @param {String|Function} selector A selector or a pre-compiled - * selector function built with Sizzle.compile - * @param {Element} context - * @param {Array} [results] - * @param {Array} [seed] A set of elements to match against - */ -select = Sizzle.select = function( selector, context, results, seed ) { - var i, tokens, token, type, find, - compiled = typeof selector === "function" && selector, - match = !seed && tokenize( ( selector = compiled.selector || selector ) ); - - results = results || []; - - // Try to minimize operations if there is only one selector in the list and no seed - // (the latter of which guarantees us context) - if ( match.length === 1 ) { - - // Reduce context if the leading compound selector is an ID - tokens = match[ 0 ] = match[ 0 ].slice( 0 ); - if ( tokens.length > 2 && ( token = tokens[ 0 ] ).type === "ID" && - context.nodeType === 9 && documentIsHTML && Expr.relative[ tokens[ 1 ].type ] ) { - - context = ( Expr.find[ "ID" ]( token.matches[ 0 ] - .replace( runescape, funescape ), context ) || [] )[ 0 ]; - if ( !context ) { - return results; - - // Precompiled matchers will still verify ancestry, so step up a level - } else if ( compiled ) { - context = context.parentNode; - } - - selector = selector.slice( tokens.shift().value.length ); - } - - // Fetch a seed set for right-to-left matching - i = matchExpr[ "needsContext" ].test( selector ) ? 0 : tokens.length; - while ( i-- ) { - token = tokens[ i ]; - - // Abort if we hit a combinator - if ( Expr.relative[ ( type = token.type ) ] ) { - break; - } - if ( ( find = Expr.find[ type ] ) ) { - - // Search, expanding context for leading sibling combinators - if ( ( seed = find( - token.matches[ 0 ].replace( runescape, funescape ), - rsibling.test( tokens[ 0 ].type ) && testContext( context.parentNode ) || - context - ) ) ) { - - // If seed is empty or no tokens remain, we can return early - tokens.splice( i, 1 ); - selector = seed.length && toSelector( tokens ); - if ( !selector ) { - push.apply( results, seed ); - return results; - } - - break; - } - } - } - } - - // Compile and execute a filtering function if one is not provided - // Provide `match` to avoid retokenization if we modified the selector above - ( compiled || compile( selector, match ) )( - seed, - context, - !documentIsHTML, - results, - !context || rsibling.test( selector ) && testContext( context.parentNode ) || context - ); - return results; -}; - -// One-time assignments - -// Sort stability -support.sortStable = expando.split( "" ).sort( sortOrder ).join( "" ) === expando; - -// Support: Chrome 14-35+ -// Always assume duplicates if they aren't passed to the comparison function -support.detectDuplicates = !!hasDuplicate; - -// Initialize against the default document -setDocument(); - -// Support: Webkit<537.32 - Safari 6.0.3/Chrome 25 (fixed in Chrome 27) -// Detached nodes confoundingly follow *each other* -support.sortDetached = assert( function( el ) { - - // Should return 1, but returns 4 (following) - return el.compareDocumentPosition( document.createElement( "fieldset" ) ) & 1; -} ); - -// Support: IE<8 -// Prevent attribute/property "interpolation" -// https://msdn.microsoft.com/en-us/library/ms536429%28VS.85%29.aspx -if ( !assert( function( el ) { - el.innerHTML = ""; - return el.firstChild.getAttribute( "href" ) === "#"; -} ) ) { - addHandle( "type|href|height|width", function( elem, name, isXML ) { - if ( !isXML ) { - return elem.getAttribute( name, name.toLowerCase() === "type" ? 1 : 2 ); - } - } ); -} - -// Support: IE<9 -// Use defaultValue in place of getAttribute("value") -if ( !support.attributes || !assert( function( el ) { - el.innerHTML = ""; - el.firstChild.setAttribute( "value", "" ); - return el.firstChild.getAttribute( "value" ) === ""; -} ) ) { - addHandle( "value", function( elem, _name, isXML ) { - if ( !isXML && elem.nodeName.toLowerCase() === "input" ) { - return elem.defaultValue; - } - } ); -} - -// Support: IE<9 -// Use getAttributeNode to fetch booleans when getAttribute lies -if ( !assert( function( el ) { - return el.getAttribute( "disabled" ) == null; -} ) ) { - addHandle( booleans, function( elem, name, isXML ) { - var val; - if ( !isXML ) { - return elem[ name ] === true ? name.toLowerCase() : - ( val = elem.getAttributeNode( name ) ) && val.specified ? - val.value : - null; - } - } ); -} - -return Sizzle; - -} )( window ); - - - -jQuery.find = Sizzle; -jQuery.expr = Sizzle.selectors; - -// Deprecated -jQuery.expr[ ":" ] = jQuery.expr.pseudos; -jQuery.uniqueSort = jQuery.unique = Sizzle.uniqueSort; -jQuery.text = Sizzle.getText; -jQuery.isXMLDoc = Sizzle.isXML; -jQuery.contains = Sizzle.contains; -jQuery.escapeSelector = Sizzle.escape; - - - - -var dir = function( elem, dir, until ) { - var matched = [], - truncate = until !== undefined; - - while ( ( elem = elem[ dir ] ) && elem.nodeType !== 9 ) { - if ( elem.nodeType === 1 ) { - if ( truncate && jQuery( elem ).is( until ) ) { - break; - } - matched.push( elem ); - } - } - return matched; -}; - - -var siblings = function( n, elem ) { - var matched = []; - - for ( ; n; n = n.nextSibling ) { - if ( n.nodeType === 1 && n !== elem ) { - matched.push( n ); - } - } - - return matched; -}; - - -var rneedsContext = jQuery.expr.match.needsContext; - - - -function nodeName( elem, name ) { - - return elem.nodeName && elem.nodeName.toLowerCase() === name.toLowerCase(); - -} -var rsingleTag = ( /^<([a-z][^\/\0>:\x20\t\r\n\f]*)[\x20\t\r\n\f]*\/?>(?:<\/\1>|)$/i ); - - - -// Implement the identical functionality for filter and not -function winnow( elements, qualifier, not ) { - if ( isFunction( qualifier ) ) { - return jQuery.grep( elements, function( elem, i ) { - return !!qualifier.call( elem, i, elem ) !== not; - } ); - } - - // Single element - if ( qualifier.nodeType ) { - return jQuery.grep( elements, function( elem ) { - return ( elem === qualifier ) !== not; - } ); - } - - // Arraylike of elements (jQuery, arguments, Array) - if ( typeof qualifier !== "string" ) { - return jQuery.grep( elements, function( elem ) { - return ( indexOf.call( qualifier, elem ) > -1 ) !== not; - } ); - } - - // Filtered directly for both simple and complex selectors - return jQuery.filter( qualifier, elements, not ); -} - -jQuery.filter = function( expr, elems, not ) { - var elem = elems[ 0 ]; - - if ( not ) { - expr = ":not(" + expr + ")"; - } - - if ( elems.length === 1 && elem.nodeType === 1 ) { - return jQuery.find.matchesSelector( elem, expr ) ? [ elem ] : []; - } - - return jQuery.find.matches( expr, jQuery.grep( elems, function( elem ) { - return elem.nodeType === 1; - } ) ); -}; - -jQuery.fn.extend( { - find: function( selector ) { - var i, ret, - len = this.length, - self = this; - - if ( typeof selector !== "string" ) { - return this.pushStack( jQuery( selector ).filter( function() { - for ( i = 0; i < len; i++ ) { - if ( jQuery.contains( self[ i ], this ) ) { - return true; - } - } - } ) ); - } - - ret = this.pushStack( [] ); - - for ( i = 0; i < len; i++ ) { - jQuery.find( selector, self[ i ], ret ); - } - - return len > 1 ? jQuery.uniqueSort( ret ) : ret; - }, - filter: function( selector ) { - return this.pushStack( winnow( this, selector || [], false ) ); - }, - not: function( selector ) { - return this.pushStack( winnow( this, selector || [], true ) ); - }, - is: function( selector ) { - return !!winnow( - this, - - // If this is a positional/relative selector, check membership in the returned set - // so $("p:first").is("p:last") won't return true for a doc with two "p". - typeof selector === "string" && rneedsContext.test( selector ) ? - jQuery( selector ) : - selector || [], - false - ).length; - } -} ); - - -// Initialize a jQuery object - - -// A central reference to the root jQuery(document) -var rootjQuery, - - // A simple way to check for HTML strings - // Prioritize #id over to avoid XSS via location.hash (#9521) - // Strict HTML recognition (#11290: must start with <) - // Shortcut simple #id case for speed - rquickExpr = /^(?:\s*(<[\w\W]+>)[^>]*|#([\w-]+))$/, - - init = jQuery.fn.init = function( selector, context, root ) { - var match, elem; - - // HANDLE: $(""), $(null), $(undefined), $(false) - if ( !selector ) { - return this; - } - - // Method init() accepts an alternate rootjQuery - // so migrate can support jQuery.sub (gh-2101) - root = root || rootjQuery; - - // Handle HTML strings - if ( typeof selector === "string" ) { - if ( selector[ 0 ] === "<" && - selector[ selector.length - 1 ] === ">" && - selector.length >= 3 ) { - - // Assume that strings that start and end with <> are HTML and skip the regex check - match = [ null, selector, null ]; - - } else { - match = rquickExpr.exec( selector ); - } - - // Match html or make sure no context is specified for #id - if ( match && ( match[ 1 ] || !context ) ) { - - // HANDLE: $(html) -> $(array) - if ( match[ 1 ] ) { - context = context instanceof jQuery ? context[ 0 ] : context; - - // Option to run scripts is true for back-compat - // Intentionally let the error be thrown if parseHTML is not present - jQuery.merge( this, jQuery.parseHTML( - match[ 1 ], - context && context.nodeType ? context.ownerDocument || context : document, - true - ) ); - - // HANDLE: $(html, props) - if ( rsingleTag.test( match[ 1 ] ) && jQuery.isPlainObject( context ) ) { - for ( match in context ) { - - // Properties of context are called as methods if possible - if ( isFunction( this[ match ] ) ) { - this[ match ]( context[ match ] ); - - // ...and otherwise set as attributes - } else { - this.attr( match, context[ match ] ); - } - } - } - - return this; - - // HANDLE: $(#id) - } else { - elem = document.getElementById( match[ 2 ] ); - - if ( elem ) { - - // Inject the element directly into the jQuery object - this[ 0 ] = elem; - this.length = 1; - } - return this; - } - - // HANDLE: $(expr, $(...)) - } else if ( !context || context.jquery ) { - return ( context || root ).find( selector ); - - // HANDLE: $(expr, context) - // (which is just equivalent to: $(context).find(expr) - } else { - return this.constructor( context ).find( selector ); - } - - // HANDLE: $(DOMElement) - } else if ( selector.nodeType ) { - this[ 0 ] = selector; - this.length = 1; - return this; - - // HANDLE: $(function) - // Shortcut for document ready - } else if ( isFunction( selector ) ) { - return root.ready !== undefined ? - root.ready( selector ) : - - // Execute immediately if ready is not present - selector( jQuery ); - } - - return jQuery.makeArray( selector, this ); - }; - -// Give the init function the jQuery prototype for later instantiation -init.prototype = jQuery.fn; - -// Initialize central reference -rootjQuery = jQuery( document ); - - -var rparentsprev = /^(?:parents|prev(?:Until|All))/, - - // Methods guaranteed to produce a unique set when starting from a unique set - guaranteedUnique = { - children: true, - contents: true, - next: true, - prev: true - }; - -jQuery.fn.extend( { - has: function( target ) { - var targets = jQuery( target, this ), - l = targets.length; - - return this.filter( function() { - var i = 0; - for ( ; i < l; i++ ) { - if ( jQuery.contains( this, targets[ i ] ) ) { - return true; - } - } - } ); - }, - - closest: function( selectors, context ) { - var cur, - i = 0, - l = this.length, - matched = [], - targets = typeof selectors !== "string" && jQuery( selectors ); - - // Positional selectors never match, since there's no _selection_ context - if ( !rneedsContext.test( selectors ) ) { - for ( ; i < l; i++ ) { - for ( cur = this[ i ]; cur && cur !== context; cur = cur.parentNode ) { - - // Always skip document fragments - if ( cur.nodeType < 11 && ( targets ? - targets.index( cur ) > -1 : - - // Don't pass non-elements to Sizzle - cur.nodeType === 1 && - jQuery.find.matchesSelector( cur, selectors ) ) ) { - - matched.push( cur ); - break; - } - } - } - } - - return this.pushStack( matched.length > 1 ? jQuery.uniqueSort( matched ) : matched ); - }, - - // Determine the position of an element within the set - index: function( elem ) { - - // No argument, return index in parent - if ( !elem ) { - return ( this[ 0 ] && this[ 0 ].parentNode ) ? this.first().prevAll().length : -1; - } - - // Index in selector - if ( typeof elem === "string" ) { - return indexOf.call( jQuery( elem ), this[ 0 ] ); - } - - // Locate the position of the desired element - return indexOf.call( this, - - // If it receives a jQuery object, the first element is used - elem.jquery ? elem[ 0 ] : elem - ); - }, - - add: function( selector, context ) { - return this.pushStack( - jQuery.uniqueSort( - jQuery.merge( this.get(), jQuery( selector, context ) ) - ) - ); - }, - - addBack: function( selector ) { - return this.add( selector == null ? - this.prevObject : this.prevObject.filter( selector ) - ); - } -} ); - -function sibling( cur, dir ) { - while ( ( cur = cur[ dir ] ) && cur.nodeType !== 1 ) {} - return cur; -} - -jQuery.each( { - parent: function( elem ) { - var parent = elem.parentNode; - return parent && parent.nodeType !== 11 ? parent : null; - }, - parents: function( elem ) { - return dir( elem, "parentNode" ); - }, - parentsUntil: function( elem, _i, until ) { - return dir( elem, "parentNode", until ); - }, - next: function( elem ) { - return sibling( elem, "nextSibling" ); - }, - prev: function( elem ) { - return sibling( elem, "previousSibling" ); - }, - nextAll: function( elem ) { - return dir( elem, "nextSibling" ); - }, - prevAll: function( elem ) { - return dir( elem, "previousSibling" ); - }, - nextUntil: function( elem, _i, until ) { - return dir( elem, "nextSibling", until ); - }, - prevUntil: function( elem, _i, until ) { - return dir( elem, "previousSibling", until ); - }, - siblings: function( elem ) { - return siblings( ( elem.parentNode || {} ).firstChild, elem ); - }, - children: function( elem ) { - return siblings( elem.firstChild ); - }, - contents: function( elem ) { - if ( elem.contentDocument != null && - - // Support: IE 11+ - // elements with no `data` attribute has an object - // `contentDocument` with a `null` prototype. - getProto( elem.contentDocument ) ) { - - return elem.contentDocument; - } - - // Support: IE 9 - 11 only, iOS 7 only, Android Browser <=4.3 only - // Treat the template element as a regular one in browsers that - // don't support it. - if ( nodeName( elem, "template" ) ) { - elem = elem.content || elem; - } - - return jQuery.merge( [], elem.childNodes ); - } -}, function( name, fn ) { - jQuery.fn[ name ] = function( until, selector ) { - var matched = jQuery.map( this, fn, until ); - - if ( name.slice( -5 ) !== "Until" ) { - selector = until; - } - - if ( selector && typeof selector === "string" ) { - matched = jQuery.filter( selector, matched ); - } - - if ( this.length > 1 ) { - - // Remove duplicates - if ( !guaranteedUnique[ name ] ) { - jQuery.uniqueSort( matched ); - } - - // Reverse order for parents* and prev-derivatives - if ( rparentsprev.test( name ) ) { - matched.reverse(); - } - } - - return this.pushStack( matched ); - }; -} ); -var rnothtmlwhite = ( /[^\x20\t\r\n\f]+/g ); - - - -// Convert String-formatted options into Object-formatted ones -function createOptions( options ) { - var object = {}; - jQuery.each( options.match( rnothtmlwhite ) || [], function( _, flag ) { - object[ flag ] = true; - } ); - return object; -} - -/* - * Create a callback list using the following parameters: - * - * options: an optional list of space-separated options that will change how - * the callback list behaves or a more traditional option object - * - * By default a callback list will act like an event callback list and can be - * "fired" multiple times. - * - * Possible options: - * - * once: will ensure the callback list can only be fired once (like a Deferred) - * - * memory: will keep track of previous values and will call any callback added - * after the list has been fired right away with the latest "memorized" - * values (like a Deferred) - * - * unique: will ensure a callback can only be added once (no duplicate in the list) - * - * stopOnFalse: interrupt callings when a callback returns false - * - */ -jQuery.Callbacks = function( options ) { - - // Convert options from String-formatted to Object-formatted if needed - // (we check in cache first) - options = typeof options === "string" ? - createOptions( options ) : - jQuery.extend( {}, options ); - - var // Flag to know if list is currently firing - firing, - - // Last fire value for non-forgettable lists - memory, - - // Flag to know if list was already fired - fired, - - // Flag to prevent firing - locked, - - // Actual callback list - list = [], - - // Queue of execution data for repeatable lists - queue = [], - - // Index of currently firing callback (modified by add/remove as needed) - firingIndex = -1, - - // Fire callbacks - fire = function() { - - // Enforce single-firing - locked = locked || options.once; - - // Execute callbacks for all pending executions, - // respecting firingIndex overrides and runtime changes - fired = firing = true; - for ( ; queue.length; firingIndex = -1 ) { - memory = queue.shift(); - while ( ++firingIndex < list.length ) { - - // Run callback and check for early termination - if ( list[ firingIndex ].apply( memory[ 0 ], memory[ 1 ] ) === false && - options.stopOnFalse ) { - - // Jump to end and forget the data so .add doesn't re-fire - firingIndex = list.length; - memory = false; - } - } - } - - // Forget the data if we're done with it - if ( !options.memory ) { - memory = false; - } - - firing = false; - - // Clean up if we're done firing for good - if ( locked ) { - - // Keep an empty list if we have data for future add calls - if ( memory ) { - list = []; - - // Otherwise, this object is spent - } else { - list = ""; - } - } - }, - - // Actual Callbacks object - self = { - - // Add a callback or a collection of callbacks to the list - add: function() { - if ( list ) { - - // If we have memory from a past run, we should fire after adding - if ( memory && !firing ) { - firingIndex = list.length - 1; - queue.push( memory ); - } - - ( function add( args ) { - jQuery.each( args, function( _, arg ) { - if ( isFunction( arg ) ) { - if ( !options.unique || !self.has( arg ) ) { - list.push( arg ); - } - } else if ( arg && arg.length && toType( arg ) !== "string" ) { - - // Inspect recursively - add( arg ); - } - } ); - } )( arguments ); - - if ( memory && !firing ) { - fire(); - } - } - return this; - }, - - // Remove a callback from the list - remove: function() { - jQuery.each( arguments, function( _, arg ) { - var index; - while ( ( index = jQuery.inArray( arg, list, index ) ) > -1 ) { - list.splice( index, 1 ); - - // Handle firing indexes - if ( index <= firingIndex ) { - firingIndex--; - } - } - } ); - return this; - }, - - // Check if a given callback is in the list. - // If no argument is given, return whether or not list has callbacks attached. - has: function( fn ) { - return fn ? - jQuery.inArray( fn, list ) > -1 : - list.length > 0; - }, - - // Remove all callbacks from the list - empty: function() { - if ( list ) { - list = []; - } - return this; - }, - - // Disable .fire and .add - // Abort any current/pending executions - // Clear all callbacks and values - disable: function() { - locked = queue = []; - list = memory = ""; - return this; - }, - disabled: function() { - return !list; - }, - - // Disable .fire - // Also disable .add unless we have memory (since it would have no effect) - // Abort any pending executions - lock: function() { - locked = queue = []; - if ( !memory && !firing ) { - list = memory = ""; - } - return this; - }, - locked: function() { - return !!locked; - }, - - // Call all callbacks with the given context and arguments - fireWith: function( context, args ) { - if ( !locked ) { - args = args || []; - args = [ context, args.slice ? args.slice() : args ]; - queue.push( args ); - if ( !firing ) { - fire(); - } - } - return this; - }, - - // Call all the callbacks with the given arguments - fire: function() { - self.fireWith( this, arguments ); - return this; - }, - - // To know if the callbacks have already been called at least once - fired: function() { - return !!fired; - } - }; - - return self; -}; - - -function Identity( v ) { - return v; -} -function Thrower( ex ) { - throw ex; -} - -function adoptValue( value, resolve, reject, noValue ) { - var method; - - try { - - // Check for promise aspect first to privilege synchronous behavior - if ( value && isFunction( ( method = value.promise ) ) ) { - method.call( value ).done( resolve ).fail( reject ); - - // Other thenables - } else if ( value && isFunction( ( method = value.then ) ) ) { - method.call( value, resolve, reject ); - - // Other non-thenables - } else { - - // Control `resolve` arguments by letting Array#slice cast boolean `noValue` to integer: - // * false: [ value ].slice( 0 ) => resolve( value ) - // * true: [ value ].slice( 1 ) => resolve() - resolve.apply( undefined, [ value ].slice( noValue ) ); - } - - // For Promises/A+, convert exceptions into rejections - // Since jQuery.when doesn't unwrap thenables, we can skip the extra checks appearing in - // Deferred#then to conditionally suppress rejection. - } catch ( value ) { - - // Support: Android 4.0 only - // Strict mode functions invoked without .call/.apply get global-object context - reject.apply( undefined, [ value ] ); - } -} - -jQuery.extend( { - - Deferred: function( func ) { - var tuples = [ - - // action, add listener, callbacks, - // ... .then handlers, argument index, [final state] - [ "notify", "progress", jQuery.Callbacks( "memory" ), - jQuery.Callbacks( "memory" ), 2 ], - [ "resolve", "done", jQuery.Callbacks( "once memory" ), - jQuery.Callbacks( "once memory" ), 0, "resolved" ], - [ "reject", "fail", jQuery.Callbacks( "once memory" ), - jQuery.Callbacks( "once memory" ), 1, "rejected" ] - ], - state = "pending", - promise = { - state: function() { - return state; - }, - always: function() { - deferred.done( arguments ).fail( arguments ); - return this; - }, - "catch": function( fn ) { - return promise.then( null, fn ); - }, - - // Keep pipe for back-compat - pipe: function( /* fnDone, fnFail, fnProgress */ ) { - var fns = arguments; - - return jQuery.Deferred( function( newDefer ) { - jQuery.each( tuples, function( _i, tuple ) { - - // Map tuples (progress, done, fail) to arguments (done, fail, progress) - var fn = isFunction( fns[ tuple[ 4 ] ] ) && fns[ tuple[ 4 ] ]; - - // deferred.progress(function() { bind to newDefer or newDefer.notify }) - // deferred.done(function() { bind to newDefer or newDefer.resolve }) - // deferred.fail(function() { bind to newDefer or newDefer.reject }) - deferred[ tuple[ 1 ] ]( function() { - var returned = fn && fn.apply( this, arguments ); - if ( returned && isFunction( returned.promise ) ) { - returned.promise() - .progress( newDefer.notify ) - .done( newDefer.resolve ) - .fail( newDefer.reject ); - } else { - newDefer[ tuple[ 0 ] + "With" ]( - this, - fn ? [ returned ] : arguments - ); - } - } ); - } ); - fns = null; - } ).promise(); - }, - then: function( onFulfilled, onRejected, onProgress ) { - var maxDepth = 0; - function resolve( depth, deferred, handler, special ) { - return function() { - var that = this, - args = arguments, - mightThrow = function() { - var returned, then; - - // Support: Promises/A+ section 2.3.3.3.3 - // https://promisesaplus.com/#point-59 - // Ignore double-resolution attempts - if ( depth < maxDepth ) { - return; - } - - returned = handler.apply( that, args ); - - // Support: Promises/A+ section 2.3.1 - // https://promisesaplus.com/#point-48 - if ( returned === deferred.promise() ) { - throw new TypeError( "Thenable self-resolution" ); - } - - // Support: Promises/A+ sections 2.3.3.1, 3.5 - // https://promisesaplus.com/#point-54 - // https://promisesaplus.com/#point-75 - // Retrieve `then` only once - then = returned && - - // Support: Promises/A+ section 2.3.4 - // https://promisesaplus.com/#point-64 - // Only check objects and functions for thenability - ( typeof returned === "object" || - typeof returned === "function" ) && - returned.then; - - // Handle a returned thenable - if ( isFunction( then ) ) { - - // Special processors (notify) just wait for resolution - if ( special ) { - then.call( - returned, - resolve( maxDepth, deferred, Identity, special ), - resolve( maxDepth, deferred, Thrower, special ) - ); - - // Normal processors (resolve) also hook into progress - } else { - - // ...and disregard older resolution values - maxDepth++; - - then.call( - returned, - resolve( maxDepth, deferred, Identity, special ), - resolve( maxDepth, deferred, Thrower, special ), - resolve( maxDepth, deferred, Identity, - deferred.notifyWith ) - ); - } - - // Handle all other returned values - } else { - - // Only substitute handlers pass on context - // and multiple values (non-spec behavior) - if ( handler !== Identity ) { - that = undefined; - args = [ returned ]; - } - - // Process the value(s) - // Default process is resolve - ( special || deferred.resolveWith )( that, args ); - } - }, - - // Only normal processors (resolve) catch and reject exceptions - process = special ? - mightThrow : - function() { - try { - mightThrow(); - } catch ( e ) { - - if ( jQuery.Deferred.exceptionHook ) { - jQuery.Deferred.exceptionHook( e, - process.stackTrace ); - } - - // Support: Promises/A+ section 2.3.3.3.4.1 - // https://promisesaplus.com/#point-61 - // Ignore post-resolution exceptions - if ( depth + 1 >= maxDepth ) { - - // Only substitute handlers pass on context - // and multiple values (non-spec behavior) - if ( handler !== Thrower ) { - that = undefined; - args = [ e ]; - } - - deferred.rejectWith( that, args ); - } - } - }; - - // Support: Promises/A+ section 2.3.3.3.1 - // https://promisesaplus.com/#point-57 - // Re-resolve promises immediately to dodge false rejection from - // subsequent errors - if ( depth ) { - process(); - } else { - - // Call an optional hook to record the stack, in case of exception - // since it's otherwise lost when execution goes async - if ( jQuery.Deferred.getStackHook ) { - process.stackTrace = jQuery.Deferred.getStackHook(); - } - window.setTimeout( process ); - } - }; - } - - return jQuery.Deferred( function( newDefer ) { - - // progress_handlers.add( ... ) - tuples[ 0 ][ 3 ].add( - resolve( - 0, - newDefer, - isFunction( onProgress ) ? - onProgress : - Identity, - newDefer.notifyWith - ) - ); - - // fulfilled_handlers.add( ... ) - tuples[ 1 ][ 3 ].add( - resolve( - 0, - newDefer, - isFunction( onFulfilled ) ? - onFulfilled : - Identity - ) - ); - - // rejected_handlers.add( ... ) - tuples[ 2 ][ 3 ].add( - resolve( - 0, - newDefer, - isFunction( onRejected ) ? - onRejected : - Thrower - ) - ); - } ).promise(); - }, - - // Get a promise for this deferred - // If obj is provided, the promise aspect is added to the object - promise: function( obj ) { - return obj != null ? jQuery.extend( obj, promise ) : promise; - } - }, - deferred = {}; - - // Add list-specific methods - jQuery.each( tuples, function( i, tuple ) { - var list = tuple[ 2 ], - stateString = tuple[ 5 ]; - - // promise.progress = list.add - // promise.done = list.add - // promise.fail = list.add - promise[ tuple[ 1 ] ] = list.add; - - // Handle state - if ( stateString ) { - list.add( - function() { - - // state = "resolved" (i.e., fulfilled) - // state = "rejected" - state = stateString; - }, - - // rejected_callbacks.disable - // fulfilled_callbacks.disable - tuples[ 3 - i ][ 2 ].disable, - - // rejected_handlers.disable - // fulfilled_handlers.disable - tuples[ 3 - i ][ 3 ].disable, - - // progress_callbacks.lock - tuples[ 0 ][ 2 ].lock, - - // progress_handlers.lock - tuples[ 0 ][ 3 ].lock - ); - } - - // progress_handlers.fire - // fulfilled_handlers.fire - // rejected_handlers.fire - list.add( tuple[ 3 ].fire ); - - // deferred.notify = function() { deferred.notifyWith(...) } - // deferred.resolve = function() { deferred.resolveWith(...) } - // deferred.reject = function() { deferred.rejectWith(...) } - deferred[ tuple[ 0 ] ] = function() { - deferred[ tuple[ 0 ] + "With" ]( this === deferred ? undefined : this, arguments ); - return this; - }; - - // deferred.notifyWith = list.fireWith - // deferred.resolveWith = list.fireWith - // deferred.rejectWith = list.fireWith - deferred[ tuple[ 0 ] + "With" ] = list.fireWith; - } ); - - // Make the deferred a promise - promise.promise( deferred ); - - // Call given func if any - if ( func ) { - func.call( deferred, deferred ); - } - - // All done! - return deferred; - }, - - // Deferred helper - when: function( singleValue ) { - var - - // count of uncompleted subordinates - remaining = arguments.length, - - // count of unprocessed arguments - i = remaining, - - // subordinate fulfillment data - resolveContexts = Array( i ), - resolveValues = slice.call( arguments ), - - // the primary Deferred - primary = jQuery.Deferred(), - - // subordinate callback factory - updateFunc = function( i ) { - return function( value ) { - resolveContexts[ i ] = this; - resolveValues[ i ] = arguments.length > 1 ? slice.call( arguments ) : value; - if ( !( --remaining ) ) { - primary.resolveWith( resolveContexts, resolveValues ); - } - }; - }; - - // Single- and empty arguments are adopted like Promise.resolve - if ( remaining <= 1 ) { - adoptValue( singleValue, primary.done( updateFunc( i ) ).resolve, primary.reject, - !remaining ); - - // Use .then() to unwrap secondary thenables (cf. gh-3000) - if ( primary.state() === "pending" || - isFunction( resolveValues[ i ] && resolveValues[ i ].then ) ) { - - return primary.then(); - } - } - - // Multiple arguments are aggregated like Promise.all array elements - while ( i-- ) { - adoptValue( resolveValues[ i ], updateFunc( i ), primary.reject ); - } - - return primary.promise(); - } -} ); - - -// These usually indicate a programmer mistake during development, -// warn about them ASAP rather than swallowing them by default. -var rerrorNames = /^(Eval|Internal|Range|Reference|Syntax|Type|URI)Error$/; - -jQuery.Deferred.exceptionHook = function( error, stack ) { - - // Support: IE 8 - 9 only - // Console exists when dev tools are open, which can happen at any time - if ( window.console && window.console.warn && error && rerrorNames.test( error.name ) ) { - window.console.warn( "jQuery.Deferred exception: " + error.message, error.stack, stack ); - } -}; - - - - -jQuery.readyException = function( error ) { - window.setTimeout( function() { - throw error; - } ); -}; - - - - -// The deferred used on DOM ready -var readyList = jQuery.Deferred(); - -jQuery.fn.ready = function( fn ) { - - readyList - .then( fn ) - - // Wrap jQuery.readyException in a function so that the lookup - // happens at the time of error handling instead of callback - // registration. - .catch( function( error ) { - jQuery.readyException( error ); - } ); - - return this; -}; - -jQuery.extend( { - - // Is the DOM ready to be used? Set to true once it occurs. - isReady: false, - - // A counter to track how many items to wait for before - // the ready event fires. See #6781 - readyWait: 1, - - // Handle when the DOM is ready - ready: function( wait ) { - - // Abort if there are pending holds or we're already ready - if ( wait === true ? --jQuery.readyWait : jQuery.isReady ) { - return; - } - - // Remember that the DOM is ready - jQuery.isReady = true; - - // If a normal DOM Ready event fired, decrement, and wait if need be - if ( wait !== true && --jQuery.readyWait > 0 ) { - return; - } - - // If there are functions bound, to execute - readyList.resolveWith( document, [ jQuery ] ); - } -} ); - -jQuery.ready.then = readyList.then; - -// The ready event handler and self cleanup method -function completed() { - document.removeEventListener( "DOMContentLoaded", completed ); - window.removeEventListener( "load", completed ); - jQuery.ready(); -} - -// Catch cases where $(document).ready() is called -// after the browser event has already occurred. -// Support: IE <=9 - 10 only -// Older IE sometimes signals "interactive" too soon -if ( document.readyState === "complete" || - ( document.readyState !== "loading" && !document.documentElement.doScroll ) ) { - - // Handle it asynchronously to allow scripts the opportunity to delay ready - window.setTimeout( jQuery.ready ); - -} else { - - // Use the handy event callback - document.addEventListener( "DOMContentLoaded", completed ); - - // A fallback to window.onload, that will always work - window.addEventListener( "load", completed ); -} - - - - -// Multifunctional method to get and set values of a collection -// The value/s can optionally be executed if it's a function -var access = function( elems, fn, key, value, chainable, emptyGet, raw ) { - var i = 0, - len = elems.length, - bulk = key == null; - - // Sets many values - if ( toType( key ) === "object" ) { - chainable = true; - for ( i in key ) { - access( elems, fn, i, key[ i ], true, emptyGet, raw ); - } - - // Sets one value - } else if ( value !== undefined ) { - chainable = true; - - if ( !isFunction( value ) ) { - raw = true; - } - - if ( bulk ) { - - // Bulk operations run against the entire set - if ( raw ) { - fn.call( elems, value ); - fn = null; - - // ...except when executing function values - } else { - bulk = fn; - fn = function( elem, _key, value ) { - return bulk.call( jQuery( elem ), value ); - }; - } - } - - if ( fn ) { - for ( ; i < len; i++ ) { - fn( - elems[ i ], key, raw ? - value : - value.call( elems[ i ], i, fn( elems[ i ], key ) ) - ); - } - } - } - - if ( chainable ) { - return elems; - } - - // Gets - if ( bulk ) { - return fn.call( elems ); - } - - return len ? fn( elems[ 0 ], key ) : emptyGet; -}; - - -// Matches dashed string for camelizing -var rmsPrefix = /^-ms-/, - rdashAlpha = /-([a-z])/g; - -// Used by camelCase as callback to replace() -function fcamelCase( _all, letter ) { - return letter.toUpperCase(); -} - -// Convert dashed to camelCase; used by the css and data modules -// Support: IE <=9 - 11, Edge 12 - 15 -// Microsoft forgot to hump their vendor prefix (#9572) -function camelCase( string ) { - return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); -} -var acceptData = function( owner ) { - - // Accepts only: - // - Node - // - Node.ELEMENT_NODE - // - Node.DOCUMENT_NODE - // - Object - // - Any - return owner.nodeType === 1 || owner.nodeType === 9 || !( +owner.nodeType ); -}; - - - - -function Data() { - this.expando = jQuery.expando + Data.uid++; -} - -Data.uid = 1; - -Data.prototype = { - - cache: function( owner ) { - - // Check if the owner object already has a cache - var value = owner[ this.expando ]; - - // If not, create one - if ( !value ) { - value = {}; - - // We can accept data for non-element nodes in modern browsers, - // but we should not, see #8335. - // Always return an empty object. - if ( acceptData( owner ) ) { - - // If it is a node unlikely to be stringify-ed or looped over - // use plain assignment - if ( owner.nodeType ) { - owner[ this.expando ] = value; - - // Otherwise secure it in a non-enumerable property - // configurable must be true to allow the property to be - // deleted when data is removed - } else { - Object.defineProperty( owner, this.expando, { - value: value, - configurable: true - } ); - } - } - } - - return value; - }, - set: function( owner, data, value ) { - var prop, - cache = this.cache( owner ); - - // Handle: [ owner, key, value ] args - // Always use camelCase key (gh-2257) - if ( typeof data === "string" ) { - cache[ camelCase( data ) ] = value; - - // Handle: [ owner, { properties } ] args - } else { - - // Copy the properties one-by-one to the cache object - for ( prop in data ) { - cache[ camelCase( prop ) ] = data[ prop ]; - } - } - return cache; - }, - get: function( owner, key ) { - return key === undefined ? - this.cache( owner ) : - - // Always use camelCase key (gh-2257) - owner[ this.expando ] && owner[ this.expando ][ camelCase( key ) ]; - }, - access: function( owner, key, value ) { - - // In cases where either: - // - // 1. No key was specified - // 2. A string key was specified, but no value provided - // - // Take the "read" path and allow the get method to determine - // which value to return, respectively either: - // - // 1. The entire cache object - // 2. The data stored at the key - // - if ( key === undefined || - ( ( key && typeof key === "string" ) && value === undefined ) ) { - - return this.get( owner, key ); - } - - // When the key is not a string, or both a key and value - // are specified, set or extend (existing objects) with either: - // - // 1. An object of properties - // 2. A key and value - // - this.set( owner, key, value ); - - // Since the "set" path can have two possible entry points - // return the expected data based on which path was taken[*] - return value !== undefined ? value : key; - }, - remove: function( owner, key ) { - var i, - cache = owner[ this.expando ]; - - if ( cache === undefined ) { - return; - } - - if ( key !== undefined ) { - - // Support array or space separated string of keys - if ( Array.isArray( key ) ) { - - // If key is an array of keys... - // We always set camelCase keys, so remove that. - key = key.map( camelCase ); - } else { - key = camelCase( key ); - - // If a key with the spaces exists, use it. - // Otherwise, create an array by matching non-whitespace - key = key in cache ? - [ key ] : - ( key.match( rnothtmlwhite ) || [] ); - } - - i = key.length; - - while ( i-- ) { - delete cache[ key[ i ] ]; - } - } - - // Remove the expando if there's no more data - if ( key === undefined || jQuery.isEmptyObject( cache ) ) { - - // Support: Chrome <=35 - 45 - // Webkit & Blink performance suffers when deleting properties - // from DOM nodes, so set to undefined instead - // https://bugs.chromium.org/p/chromium/issues/detail?id=378607 (bug restricted) - if ( owner.nodeType ) { - owner[ this.expando ] = undefined; - } else { - delete owner[ this.expando ]; - } - } - }, - hasData: function( owner ) { - var cache = owner[ this.expando ]; - return cache !== undefined && !jQuery.isEmptyObject( cache ); - } -}; -var dataPriv = new Data(); - -var dataUser = new Data(); - - - -// Implementation Summary -// -// 1. Enforce API surface and semantic compatibility with 1.9.x branch -// 2. Improve the module's maintainability by reducing the storage -// paths to a single mechanism. -// 3. Use the same single mechanism to support "private" and "user" data. -// 4. _Never_ expose "private" data to user code (TODO: Drop _data, _removeData) -// 5. Avoid exposing implementation details on user objects (eg. expando properties) -// 6. Provide a clear path for implementation upgrade to WeakMap in 2014 - -var rbrace = /^(?:\{[\w\W]*\}|\[[\w\W]*\])$/, - rmultiDash = /[A-Z]/g; - -function getData( data ) { - if ( data === "true" ) { - return true; - } - - if ( data === "false" ) { - return false; - } - - if ( data === "null" ) { - return null; - } - - // Only convert to a number if it doesn't change the string - if ( data === +data + "" ) { - return +data; - } - - if ( rbrace.test( data ) ) { - return JSON.parse( data ); - } - - return data; -} - -function dataAttr( elem, key, data ) { - var name; - - // If nothing was found internally, try to fetch any - // data from the HTML5 data-* attribute - if ( data === undefined && elem.nodeType === 1 ) { - name = "data-" + key.replace( rmultiDash, "-$&" ).toLowerCase(); - data = elem.getAttribute( name ); - - if ( typeof data === "string" ) { - try { - data = getData( data ); - } catch ( e ) {} - - // Make sure we set the data so it isn't changed later - dataUser.set( elem, key, data ); - } else { - data = undefined; - } - } - return data; -} - -jQuery.extend( { - hasData: function( elem ) { - return dataUser.hasData( elem ) || dataPriv.hasData( elem ); - }, - - data: function( elem, name, data ) { - return dataUser.access( elem, name, data ); - }, - - removeData: function( elem, name ) { - dataUser.remove( elem, name ); - }, - - // TODO: Now that all calls to _data and _removeData have been replaced - // with direct calls to dataPriv methods, these can be deprecated. - _data: function( elem, name, data ) { - return dataPriv.access( elem, name, data ); - }, - - _removeData: function( elem, name ) { - dataPriv.remove( elem, name ); - } -} ); - -jQuery.fn.extend( { - data: function( key, value ) { - var i, name, data, - elem = this[ 0 ], - attrs = elem && elem.attributes; - - // Gets all values - if ( key === undefined ) { - if ( this.length ) { - data = dataUser.get( elem ); - - if ( elem.nodeType === 1 && !dataPriv.get( elem, "hasDataAttrs" ) ) { - i = attrs.length; - while ( i-- ) { - - // Support: IE 11 only - // The attrs elements can be null (#14894) - if ( attrs[ i ] ) { - name = attrs[ i ].name; - if ( name.indexOf( "data-" ) === 0 ) { - name = camelCase( name.slice( 5 ) ); - dataAttr( elem, name, data[ name ] ); - } - } - } - dataPriv.set( elem, "hasDataAttrs", true ); - } - } - - return data; - } - - // Sets multiple values - if ( typeof key === "object" ) { - return this.each( function() { - dataUser.set( this, key ); - } ); - } - - return access( this, function( value ) { - var data; - - // The calling jQuery object (element matches) is not empty - // (and therefore has an element appears at this[ 0 ]) and the - // `value` parameter was not undefined. An empty jQuery object - // will result in `undefined` for elem = this[ 0 ] which will - // throw an exception if an attempt to read a data cache is made. - if ( elem && value === undefined ) { - - // Attempt to get data from the cache - // The key will always be camelCased in Data - data = dataUser.get( elem, key ); - if ( data !== undefined ) { - return data; - } - - // Attempt to "discover" the data in - // HTML5 custom data-* attrs - data = dataAttr( elem, key ); - if ( data !== undefined ) { - return data; - } - - // We tried really hard, but the data doesn't exist. - return; - } - - // Set the data... - this.each( function() { - - // We always store the camelCased key - dataUser.set( this, key, value ); - } ); - }, null, value, arguments.length > 1, null, true ); - }, - - removeData: function( key ) { - return this.each( function() { - dataUser.remove( this, key ); - } ); - } -} ); - - -jQuery.extend( { - queue: function( elem, type, data ) { - var queue; - - if ( elem ) { - type = ( type || "fx" ) + "queue"; - queue = dataPriv.get( elem, type ); - - // Speed up dequeue by getting out quickly if this is just a lookup - if ( data ) { - if ( !queue || Array.isArray( data ) ) { - queue = dataPriv.access( elem, type, jQuery.makeArray( data ) ); - } else { - queue.push( data ); - } - } - return queue || []; - } - }, - - dequeue: function( elem, type ) { - type = type || "fx"; - - var queue = jQuery.queue( elem, type ), - startLength = queue.length, - fn = queue.shift(), - hooks = jQuery._queueHooks( elem, type ), - next = function() { - jQuery.dequeue( elem, type ); - }; - - // If the fx queue is dequeued, always remove the progress sentinel - if ( fn === "inprogress" ) { - fn = queue.shift(); - startLength--; - } - - if ( fn ) { - - // Add a progress sentinel to prevent the fx queue from being - // automatically dequeued - if ( type === "fx" ) { - queue.unshift( "inprogress" ); - } - - // Clear up the last queue stop function - delete hooks.stop; - fn.call( elem, next, hooks ); - } - - if ( !startLength && hooks ) { - hooks.empty.fire(); - } - }, - - // Not public - generate a queueHooks object, or return the current one - _queueHooks: function( elem, type ) { - var key = type + "queueHooks"; - return dataPriv.get( elem, key ) || dataPriv.access( elem, key, { - empty: jQuery.Callbacks( "once memory" ).add( function() { - dataPriv.remove( elem, [ type + "queue", key ] ); - } ) - } ); - } -} ); - -jQuery.fn.extend( { - queue: function( type, data ) { - var setter = 2; - - if ( typeof type !== "string" ) { - data = type; - type = "fx"; - setter--; - } - - if ( arguments.length < setter ) { - return jQuery.queue( this[ 0 ], type ); - } - - return data === undefined ? - this : - this.each( function() { - var queue = jQuery.queue( this, type, data ); - - // Ensure a hooks for this queue - jQuery._queueHooks( this, type ); - - if ( type === "fx" && queue[ 0 ] !== "inprogress" ) { - jQuery.dequeue( this, type ); - } - } ); - }, - dequeue: function( type ) { - return this.each( function() { - jQuery.dequeue( this, type ); - } ); - }, - clearQueue: function( type ) { - return this.queue( type || "fx", [] ); - }, - - // Get a promise resolved when queues of a certain type - // are emptied (fx is the type by default) - promise: function( type, obj ) { - var tmp, - count = 1, - defer = jQuery.Deferred(), - elements = this, - i = this.length, - resolve = function() { - if ( !( --count ) ) { - defer.resolveWith( elements, [ elements ] ); - } - }; - - if ( typeof type !== "string" ) { - obj = type; - type = undefined; - } - type = type || "fx"; - - while ( i-- ) { - tmp = dataPriv.get( elements[ i ], type + "queueHooks" ); - if ( tmp && tmp.empty ) { - count++; - tmp.empty.add( resolve ); - } - } - resolve(); - return defer.promise( obj ); - } -} ); -var pnum = ( /[+-]?(?:\d*\.|)\d+(?:[eE][+-]?\d+|)/ ).source; - -var rcssNum = new RegExp( "^(?:([+-])=|)(" + pnum + ")([a-z%]*)$", "i" ); - - -var cssExpand = [ "Top", "Right", "Bottom", "Left" ]; - -var documentElement = document.documentElement; - - - - var isAttached = function( elem ) { - return jQuery.contains( elem.ownerDocument, elem ); - }, - composed = { composed: true }; - - // Support: IE 9 - 11+, Edge 12 - 18+, iOS 10.0 - 10.2 only - // Check attachment across shadow DOM boundaries when possible (gh-3504) - // Support: iOS 10.0-10.2 only - // Early iOS 10 versions support `attachShadow` but not `getRootNode`, - // leading to errors. We need to check for `getRootNode`. - if ( documentElement.getRootNode ) { - isAttached = function( elem ) { - return jQuery.contains( elem.ownerDocument, elem ) || - elem.getRootNode( composed ) === elem.ownerDocument; - }; - } -var isHiddenWithinTree = function( elem, el ) { - - // isHiddenWithinTree might be called from jQuery#filter function; - // in that case, element will be second argument - elem = el || elem; - - // Inline style trumps all - return elem.style.display === "none" || - elem.style.display === "" && - - // Otherwise, check computed style - // Support: Firefox <=43 - 45 - // Disconnected elements can have computed display: none, so first confirm that elem is - // in the document. - isAttached( elem ) && - - jQuery.css( elem, "display" ) === "none"; - }; - - - -function adjustCSS( elem, prop, valueParts, tween ) { - var adjusted, scale, - maxIterations = 20, - currentValue = tween ? - function() { - return tween.cur(); - } : - function() { - return jQuery.css( elem, prop, "" ); - }, - initial = currentValue(), - unit = valueParts && valueParts[ 3 ] || ( jQuery.cssNumber[ prop ] ? "" : "px" ), - - // Starting value computation is required for potential unit mismatches - initialInUnit = elem.nodeType && - ( jQuery.cssNumber[ prop ] || unit !== "px" && +initial ) && - rcssNum.exec( jQuery.css( elem, prop ) ); - - if ( initialInUnit && initialInUnit[ 3 ] !== unit ) { - - // Support: Firefox <=54 - // Halve the iteration target value to prevent interference from CSS upper bounds (gh-2144) - initial = initial / 2; - - // Trust units reported by jQuery.css - unit = unit || initialInUnit[ 3 ]; - - // Iteratively approximate from a nonzero starting point - initialInUnit = +initial || 1; - - while ( maxIterations-- ) { - - // Evaluate and update our best guess (doubling guesses that zero out). - // Finish if the scale equals or crosses 1 (making the old*new product non-positive). - jQuery.style( elem, prop, initialInUnit + unit ); - if ( ( 1 - scale ) * ( 1 - ( scale = currentValue() / initial || 0.5 ) ) <= 0 ) { - maxIterations = 0; - } - initialInUnit = initialInUnit / scale; - - } - - initialInUnit = initialInUnit * 2; - jQuery.style( elem, prop, initialInUnit + unit ); - - // Make sure we update the tween properties later on - valueParts = valueParts || []; - } - - if ( valueParts ) { - initialInUnit = +initialInUnit || +initial || 0; - - // Apply relative offset (+=/-=) if specified - adjusted = valueParts[ 1 ] ? - initialInUnit + ( valueParts[ 1 ] + 1 ) * valueParts[ 2 ] : - +valueParts[ 2 ]; - if ( tween ) { - tween.unit = unit; - tween.start = initialInUnit; - tween.end = adjusted; - } - } - return adjusted; -} - - -var defaultDisplayMap = {}; - -function getDefaultDisplay( elem ) { - var temp, - doc = elem.ownerDocument, - nodeName = elem.nodeName, - display = defaultDisplayMap[ nodeName ]; - - if ( display ) { - return display; - } - - temp = doc.body.appendChild( doc.createElement( nodeName ) ); - display = jQuery.css( temp, "display" ); - - temp.parentNode.removeChild( temp ); - - if ( display === "none" ) { - display = "block"; - } - defaultDisplayMap[ nodeName ] = display; - - return display; -} - -function showHide( elements, show ) { - var display, elem, - values = [], - index = 0, - length = elements.length; - - // Determine new display value for elements that need to change - for ( ; index < length; index++ ) { - elem = elements[ index ]; - if ( !elem.style ) { - continue; - } - - display = elem.style.display; - if ( show ) { - - // Since we force visibility upon cascade-hidden elements, an immediate (and slow) - // check is required in this first loop unless we have a nonempty display value (either - // inline or about-to-be-restored) - if ( display === "none" ) { - values[ index ] = dataPriv.get( elem, "display" ) || null; - if ( !values[ index ] ) { - elem.style.display = ""; - } - } - if ( elem.style.display === "" && isHiddenWithinTree( elem ) ) { - values[ index ] = getDefaultDisplay( elem ); - } - } else { - if ( display !== "none" ) { - values[ index ] = "none"; - - // Remember what we're overwriting - dataPriv.set( elem, "display", display ); - } - } - } - - // Set the display of the elements in a second loop to avoid constant reflow - for ( index = 0; index < length; index++ ) { - if ( values[ index ] != null ) { - elements[ index ].style.display = values[ index ]; - } - } - - return elements; -} - -jQuery.fn.extend( { - show: function() { - return showHide( this, true ); - }, - hide: function() { - return showHide( this ); - }, - toggle: function( state ) { - if ( typeof state === "boolean" ) { - return state ? this.show() : this.hide(); - } - - return this.each( function() { - if ( isHiddenWithinTree( this ) ) { - jQuery( this ).show(); - } else { - jQuery( this ).hide(); - } - } ); - } -} ); -var rcheckableType = ( /^(?:checkbox|radio)$/i ); - -var rtagName = ( /<([a-z][^\/\0>\x20\t\r\n\f]*)/i ); - -var rscriptType = ( /^$|^module$|\/(?:java|ecma)script/i ); - - - -( function() { - var fragment = document.createDocumentFragment(), - div = fragment.appendChild( document.createElement( "div" ) ), - input = document.createElement( "input" ); - - // Support: Android 4.0 - 4.3 only - // Check state lost if the name is set (#11217) - // Support: Windows Web Apps (WWA) - // `name` and `type` must use .setAttribute for WWA (#14901) - input.setAttribute( "type", "radio" ); - input.setAttribute( "checked", "checked" ); - input.setAttribute( "name", "t" ); - - div.appendChild( input ); - - // Support: Android <=4.1 only - // Older WebKit doesn't clone checked state correctly in fragments - support.checkClone = div.cloneNode( true ).cloneNode( true ).lastChild.checked; - - // Support: IE <=11 only - // Make sure textarea (and checkbox) defaultValue is properly cloned - div.innerHTML = ""; - support.noCloneChecked = !!div.cloneNode( true ).lastChild.defaultValue; - - // Support: IE <=9 only - // IE <=9 replaces "; - support.option = !!div.lastChild; -} )(); - - -// We have to close these tags to support XHTML (#13200) -var wrapMap = { - - // XHTML parsers do not magically insert elements in the - // same way that tag soup parsers do. So we cannot shorten - // this by omitting or other required elements. - thead: [ 1, "", "
" ], - col: [ 2, "", "
" ], - tr: [ 2, "", "
" ], - td: [ 3, "", "
" ], - - _default: [ 0, "", "" ] -}; - -wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; -wrapMap.th = wrapMap.td; - -// Support: IE <=9 only -if ( !support.option ) { - wrapMap.optgroup = wrapMap.option = [ 1, "" ]; -} - - -function getAll( context, tag ) { - - // Support: IE <=9 - 11 only - // Use typeof to avoid zero-argument method invocation on host objects (#15151) - var ret; - - if ( typeof context.getElementsByTagName !== "undefined" ) { - ret = context.getElementsByTagName( tag || "*" ); - - } else if ( typeof context.querySelectorAll !== "undefined" ) { - ret = context.querySelectorAll( tag || "*" ); - - } else { - ret = []; - } - - if ( tag === undefined || tag && nodeName( context, tag ) ) { - return jQuery.merge( [ context ], ret ); - } - - return ret; -} - - -// Mark scripts as having already been evaluated -function setGlobalEval( elems, refElements ) { - var i = 0, - l = elems.length; - - for ( ; i < l; i++ ) { - dataPriv.set( - elems[ i ], - "globalEval", - !refElements || dataPriv.get( refElements[ i ], "globalEval" ) - ); - } -} - - -var rhtml = /<|&#?\w+;/; - -function buildFragment( elems, context, scripts, selection, ignored ) { - var elem, tmp, tag, wrap, attached, j, - fragment = context.createDocumentFragment(), - nodes = [], - i = 0, - l = elems.length; - - for ( ; i < l; i++ ) { - elem = elems[ i ]; - - if ( elem || elem === 0 ) { - - // Add nodes directly - if ( toType( elem ) === "object" ) { - - // Support: Android <=4.0 only, PhantomJS 1 only - // push.apply(_, arraylike) throws on ancient WebKit - jQuery.merge( nodes, elem.nodeType ? [ elem ] : elem ); - - // Convert non-html into a text node - } else if ( !rhtml.test( elem ) ) { - nodes.push( context.createTextNode( elem ) ); - - // Convert html into DOM nodes - } else { - tmp = tmp || fragment.appendChild( context.createElement( "div" ) ); - - // Deserialize a standard representation - tag = ( rtagName.exec( elem ) || [ "", "" ] )[ 1 ].toLowerCase(); - wrap = wrapMap[ tag ] || wrapMap._default; - tmp.innerHTML = wrap[ 1 ] + jQuery.htmlPrefilter( elem ) + wrap[ 2 ]; - - // Descend through wrappers to the right content - j = wrap[ 0 ]; - while ( j-- ) { - tmp = tmp.lastChild; - } - - // Support: Android <=4.0 only, PhantomJS 1 only - // push.apply(_, arraylike) throws on ancient WebKit - jQuery.merge( nodes, tmp.childNodes ); - - // Remember the top-level container - tmp = fragment.firstChild; - - // Ensure the created nodes are orphaned (#12392) - tmp.textContent = ""; - } - } - } - - // Remove wrapper from fragment - fragment.textContent = ""; - - i = 0; - while ( ( elem = nodes[ i++ ] ) ) { - - // Skip elements already in the context collection (trac-4087) - if ( selection && jQuery.inArray( elem, selection ) > -1 ) { - if ( ignored ) { - ignored.push( elem ); - } - continue; - } - - attached = isAttached( elem ); - - // Append to fragment - tmp = getAll( fragment.appendChild( elem ), "script" ); - - // Preserve script evaluation history - if ( attached ) { - setGlobalEval( tmp ); - } - - // Capture executables - if ( scripts ) { - j = 0; - while ( ( elem = tmp[ j++ ] ) ) { - if ( rscriptType.test( elem.type || "" ) ) { - scripts.push( elem ); - } - } - } - } - - return fragment; -} - - -var rtypenamespace = /^([^.]*)(?:\.(.+)|)/; - -function returnTrue() { - return true; -} - -function returnFalse() { - return false; -} - -// Support: IE <=9 - 11+ -// focus() and blur() are asynchronous, except when they are no-op. -// So expect focus to be synchronous when the element is already active, -// and blur to be synchronous when the element is not already active. -// (focus and blur are always synchronous in other supported browsers, -// this just defines when we can count on it). -function expectSync( elem, type ) { - return ( elem === safeActiveElement() ) === ( type === "focus" ); -} - -// Support: IE <=9 only -// Accessing document.activeElement can throw unexpectedly -// https://bugs.jquery.com/ticket/13393 -function safeActiveElement() { - try { - return document.activeElement; - } catch ( err ) { } -} - -function on( elem, types, selector, data, fn, one ) { - var origFn, type; - - // Types can be a map of types/handlers - if ( typeof types === "object" ) { - - // ( types-Object, selector, data ) - if ( typeof selector !== "string" ) { - - // ( types-Object, data ) - data = data || selector; - selector = undefined; - } - for ( type in types ) { - on( elem, type, selector, data, types[ type ], one ); - } - return elem; - } - - if ( data == null && fn == null ) { - - // ( types, fn ) - fn = selector; - data = selector = undefined; - } else if ( fn == null ) { - if ( typeof selector === "string" ) { - - // ( types, selector, fn ) - fn = data; - data = undefined; - } else { - - // ( types, data, fn ) - fn = data; - data = selector; - selector = undefined; - } - } - if ( fn === false ) { - fn = returnFalse; - } else if ( !fn ) { - return elem; - } - - if ( one === 1 ) { - origFn = fn; - fn = function( event ) { - - // Can use an empty set, since event contains the info - jQuery().off( event ); - return origFn.apply( this, arguments ); - }; - - // Use same guid so caller can remove using origFn - fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ ); - } - return elem.each( function() { - jQuery.event.add( this, types, fn, data, selector ); - } ); -} - -/* - * Helper functions for managing events -- not part of the public interface. - * Props to Dean Edwards' addEvent library for many of the ideas. - */ -jQuery.event = { - - global: {}, - - add: function( elem, types, handler, data, selector ) { - - var handleObjIn, eventHandle, tmp, - events, t, handleObj, - special, handlers, type, namespaces, origType, - elemData = dataPriv.get( elem ); - - // Only attach events to objects that accept data - if ( !acceptData( elem ) ) { - return; - } - - // Caller can pass in an object of custom data in lieu of the handler - if ( handler.handler ) { - handleObjIn = handler; - handler = handleObjIn.handler; - selector = handleObjIn.selector; - } - - // Ensure that invalid selectors throw exceptions at attach time - // Evaluate against documentElement in case elem is a non-element node (e.g., document) - if ( selector ) { - jQuery.find.matchesSelector( documentElement, selector ); - } - - // Make sure that the handler has a unique ID, used to find/remove it later - if ( !handler.guid ) { - handler.guid = jQuery.guid++; - } - - // Init the element's event structure and main handler, if this is the first - if ( !( events = elemData.events ) ) { - events = elemData.events = Object.create( null ); - } - if ( !( eventHandle = elemData.handle ) ) { - eventHandle = elemData.handle = function( e ) { - - // Discard the second event of a jQuery.event.trigger() and - // when an event is called after a page has unloaded - return typeof jQuery !== "undefined" && jQuery.event.triggered !== e.type ? - jQuery.event.dispatch.apply( elem, arguments ) : undefined; - }; - } - - // Handle multiple events separated by a space - types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; - t = types.length; - while ( t-- ) { - tmp = rtypenamespace.exec( types[ t ] ) || []; - type = origType = tmp[ 1 ]; - namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); - - // There *must* be a type, no attaching namespace-only handlers - if ( !type ) { - continue; - } - - // If event changes its type, use the special event handlers for the changed type - special = jQuery.event.special[ type ] || {}; - - // If selector defined, determine special event api type, otherwise given type - type = ( selector ? special.delegateType : special.bindType ) || type; - - // Update special based on newly reset type - special = jQuery.event.special[ type ] || {}; - - // handleObj is passed to all event handlers - handleObj = jQuery.extend( { - type: type, - origType: origType, - data: data, - handler: handler, - guid: handler.guid, - selector: selector, - needsContext: selector && jQuery.expr.match.needsContext.test( selector ), - namespace: namespaces.join( "." ) - }, handleObjIn ); - - // Init the event handler queue if we're the first - if ( !( handlers = events[ type ] ) ) { - handlers = events[ type ] = []; - handlers.delegateCount = 0; - - // Only use addEventListener if the special events handler returns false - if ( !special.setup || - special.setup.call( elem, data, namespaces, eventHandle ) === false ) { - - if ( elem.addEventListener ) { - elem.addEventListener( type, eventHandle ); - } - } - } - - if ( special.add ) { - special.add.call( elem, handleObj ); - - if ( !handleObj.handler.guid ) { - handleObj.handler.guid = handler.guid; - } - } - - // Add to the element's handler list, delegates in front - if ( selector ) { - handlers.splice( handlers.delegateCount++, 0, handleObj ); - } else { - handlers.push( handleObj ); - } - - // Keep track of which events have ever been used, for event optimization - jQuery.event.global[ type ] = true; - } - - }, - - // Detach an event or set of events from an element - remove: function( elem, types, handler, selector, mappedTypes ) { - - var j, origCount, tmp, - events, t, handleObj, - special, handlers, type, namespaces, origType, - elemData = dataPriv.hasData( elem ) && dataPriv.get( elem ); - - if ( !elemData || !( events = elemData.events ) ) { - return; - } - - // Once for each type.namespace in types; type may be omitted - types = ( types || "" ).match( rnothtmlwhite ) || [ "" ]; - t = types.length; - while ( t-- ) { - tmp = rtypenamespace.exec( types[ t ] ) || []; - type = origType = tmp[ 1 ]; - namespaces = ( tmp[ 2 ] || "" ).split( "." ).sort(); - - // Unbind all events (on this namespace, if provided) for the element - if ( !type ) { - for ( type in events ) { - jQuery.event.remove( elem, type + types[ t ], handler, selector, true ); - } - continue; - } - - special = jQuery.event.special[ type ] || {}; - type = ( selector ? special.delegateType : special.bindType ) || type; - handlers = events[ type ] || []; - tmp = tmp[ 2 ] && - new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ); - - // Remove matching events - origCount = j = handlers.length; - while ( j-- ) { - handleObj = handlers[ j ]; - - if ( ( mappedTypes || origType === handleObj.origType ) && - ( !handler || handler.guid === handleObj.guid ) && - ( !tmp || tmp.test( handleObj.namespace ) ) && - ( !selector || selector === handleObj.selector || - selector === "**" && handleObj.selector ) ) { - handlers.splice( j, 1 ); - - if ( handleObj.selector ) { - handlers.delegateCount--; - } - if ( special.remove ) { - special.remove.call( elem, handleObj ); - } - } - } - - // Remove generic event handler if we removed something and no more handlers exist - // (avoids potential for endless recursion during removal of special event handlers) - if ( origCount && !handlers.length ) { - if ( !special.teardown || - special.teardown.call( elem, namespaces, elemData.handle ) === false ) { - - jQuery.removeEvent( elem, type, elemData.handle ); - } - - delete events[ type ]; - } - } - - // Remove data and the expando if it's no longer used - if ( jQuery.isEmptyObject( events ) ) { - dataPriv.remove( elem, "handle events" ); - } - }, - - dispatch: function( nativeEvent ) { - - var i, j, ret, matched, handleObj, handlerQueue, - args = new Array( arguments.length ), - - // Make a writable jQuery.Event from the native event object - event = jQuery.event.fix( nativeEvent ), - - handlers = ( - dataPriv.get( this, "events" ) || Object.create( null ) - )[ event.type ] || [], - special = jQuery.event.special[ event.type ] || {}; - - // Use the fix-ed jQuery.Event rather than the (read-only) native event - args[ 0 ] = event; - - for ( i = 1; i < arguments.length; i++ ) { - args[ i ] = arguments[ i ]; - } - - event.delegateTarget = this; - - // Call the preDispatch hook for the mapped type, and let it bail if desired - if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) { - return; - } - - // Determine handlers - handlerQueue = jQuery.event.handlers.call( this, event, handlers ); - - // Run delegates first; they may want to stop propagation beneath us - i = 0; - while ( ( matched = handlerQueue[ i++ ] ) && !event.isPropagationStopped() ) { - event.currentTarget = matched.elem; - - j = 0; - while ( ( handleObj = matched.handlers[ j++ ] ) && - !event.isImmediatePropagationStopped() ) { - - // If the event is namespaced, then each handler is only invoked if it is - // specially universal or its namespaces are a superset of the event's. - if ( !event.rnamespace || handleObj.namespace === false || - event.rnamespace.test( handleObj.namespace ) ) { - - event.handleObj = handleObj; - event.data = handleObj.data; - - ret = ( ( jQuery.event.special[ handleObj.origType ] || {} ).handle || - handleObj.handler ).apply( matched.elem, args ); - - if ( ret !== undefined ) { - if ( ( event.result = ret ) === false ) { - event.preventDefault(); - event.stopPropagation(); - } - } - } - } - } - - // Call the postDispatch hook for the mapped type - if ( special.postDispatch ) { - special.postDispatch.call( this, event ); - } - - return event.result; - }, - - handlers: function( event, handlers ) { - var i, handleObj, sel, matchedHandlers, matchedSelectors, - handlerQueue = [], - delegateCount = handlers.delegateCount, - cur = event.target; - - // Find delegate handlers - if ( delegateCount && - - // Support: IE <=9 - // Black-hole SVG instance trees (trac-13180) - cur.nodeType && - - // Support: Firefox <=42 - // Suppress spec-violating clicks indicating a non-primary pointer button (trac-3861) - // https://www.w3.org/TR/DOM-Level-3-Events/#event-type-click - // Support: IE 11 only - // ...but not arrow key "clicks" of radio inputs, which can have `button` -1 (gh-2343) - !( event.type === "click" && event.button >= 1 ) ) { - - for ( ; cur !== this; cur = cur.parentNode || this ) { - - // Don't check non-elements (#13208) - // Don't process clicks on disabled elements (#6911, #8165, #11382, #11764) - if ( cur.nodeType === 1 && !( event.type === "click" && cur.disabled === true ) ) { - matchedHandlers = []; - matchedSelectors = {}; - for ( i = 0; i < delegateCount; i++ ) { - handleObj = handlers[ i ]; - - // Don't conflict with Object.prototype properties (#13203) - sel = handleObj.selector + " "; - - if ( matchedSelectors[ sel ] === undefined ) { - matchedSelectors[ sel ] = handleObj.needsContext ? - jQuery( sel, this ).index( cur ) > -1 : - jQuery.find( sel, this, null, [ cur ] ).length; - } - if ( matchedSelectors[ sel ] ) { - matchedHandlers.push( handleObj ); - } - } - if ( matchedHandlers.length ) { - handlerQueue.push( { elem: cur, handlers: matchedHandlers } ); - } - } - } - } - - // Add the remaining (directly-bound) handlers - cur = this; - if ( delegateCount < handlers.length ) { - handlerQueue.push( { elem: cur, handlers: handlers.slice( delegateCount ) } ); - } - - return handlerQueue; - }, - - addProp: function( name, hook ) { - Object.defineProperty( jQuery.Event.prototype, name, { - enumerable: true, - configurable: true, - - get: isFunction( hook ) ? - function() { - if ( this.originalEvent ) { - return hook( this.originalEvent ); - } - } : - function() { - if ( this.originalEvent ) { - return this.originalEvent[ name ]; - } - }, - - set: function( value ) { - Object.defineProperty( this, name, { - enumerable: true, - configurable: true, - writable: true, - value: value - } ); - } - } ); - }, - - fix: function( originalEvent ) { - return originalEvent[ jQuery.expando ] ? - originalEvent : - new jQuery.Event( originalEvent ); - }, - - special: { - load: { - - // Prevent triggered image.load events from bubbling to window.load - noBubble: true - }, - click: { - - // Utilize native event to ensure correct state for checkable inputs - setup: function( data ) { - - // For mutual compressibility with _default, replace `this` access with a local var. - // `|| data` is dead code meant only to preserve the variable through minification. - var el = this || data; - - // Claim the first handler - if ( rcheckableType.test( el.type ) && - el.click && nodeName( el, "input" ) ) { - - // dataPriv.set( el, "click", ... ) - leverageNative( el, "click", returnTrue ); - } - - // Return false to allow normal processing in the caller - return false; - }, - trigger: function( data ) { - - // For mutual compressibility with _default, replace `this` access with a local var. - // `|| data` is dead code meant only to preserve the variable through minification. - var el = this || data; - - // Force setup before triggering a click - if ( rcheckableType.test( el.type ) && - el.click && nodeName( el, "input" ) ) { - - leverageNative( el, "click" ); - } - - // Return non-false to allow normal event-path propagation - return true; - }, - - // For cross-browser consistency, suppress native .click() on links - // Also prevent it if we're currently inside a leveraged native-event stack - _default: function( event ) { - var target = event.target; - return rcheckableType.test( target.type ) && - target.click && nodeName( target, "input" ) && - dataPriv.get( target, "click" ) || - nodeName( target, "a" ); - } - }, - - beforeunload: { - postDispatch: function( event ) { - - // Support: Firefox 20+ - // Firefox doesn't alert if the returnValue field is not set. - if ( event.result !== undefined && event.originalEvent ) { - event.originalEvent.returnValue = event.result; - } - } - } - } -}; - -// Ensure the presence of an event listener that handles manually-triggered -// synthetic events by interrupting progress until reinvoked in response to -// *native* events that it fires directly, ensuring that state changes have -// already occurred before other listeners are invoked. -function leverageNative( el, type, expectSync ) { - - // Missing expectSync indicates a trigger call, which must force setup through jQuery.event.add - if ( !expectSync ) { - if ( dataPriv.get( el, type ) === undefined ) { - jQuery.event.add( el, type, returnTrue ); - } - return; - } - - // Register the controller as a special universal handler for all event namespaces - dataPriv.set( el, type, false ); - jQuery.event.add( el, type, { - namespace: false, - handler: function( event ) { - var notAsync, result, - saved = dataPriv.get( this, type ); - - if ( ( event.isTrigger & 1 ) && this[ type ] ) { - - // Interrupt processing of the outer synthetic .trigger()ed event - // Saved data should be false in such cases, but might be a leftover capture object - // from an async native handler (gh-4350) - if ( !saved.length ) { - - // Store arguments for use when handling the inner native event - // There will always be at least one argument (an event object), so this array - // will not be confused with a leftover capture object. - saved = slice.call( arguments ); - dataPriv.set( this, type, saved ); - - // Trigger the native event and capture its result - // Support: IE <=9 - 11+ - // focus() and blur() are asynchronous - notAsync = expectSync( this, type ); - this[ type ](); - result = dataPriv.get( this, type ); - if ( saved !== result || notAsync ) { - dataPriv.set( this, type, false ); - } else { - result = {}; - } - if ( saved !== result ) { - - // Cancel the outer synthetic event - event.stopImmediatePropagation(); - event.preventDefault(); - - // Support: Chrome 86+ - // In Chrome, if an element having a focusout handler is blurred by - // clicking outside of it, it invokes the handler synchronously. If - // that handler calls `.remove()` on the element, the data is cleared, - // leaving `result` undefined. We need to guard against this. - return result && result.value; - } - - // If this is an inner synthetic event for an event with a bubbling surrogate - // (focus or blur), assume that the surrogate already propagated from triggering the - // native event and prevent that from happening again here. - // This technically gets the ordering wrong w.r.t. to `.trigger()` (in which the - // bubbling surrogate propagates *after* the non-bubbling base), but that seems - // less bad than duplication. - } else if ( ( jQuery.event.special[ type ] || {} ).delegateType ) { - event.stopPropagation(); - } - - // If this is a native event triggered above, everything is now in order - // Fire an inner synthetic event with the original arguments - } else if ( saved.length ) { - - // ...and capture the result - dataPriv.set( this, type, { - value: jQuery.event.trigger( - - // Support: IE <=9 - 11+ - // Extend with the prototype to reset the above stopImmediatePropagation() - jQuery.extend( saved[ 0 ], jQuery.Event.prototype ), - saved.slice( 1 ), - this - ) - } ); - - // Abort handling of the native event - event.stopImmediatePropagation(); - } - } - } ); -} - -jQuery.removeEvent = function( elem, type, handle ) { - - // This "if" is needed for plain objects - if ( elem.removeEventListener ) { - elem.removeEventListener( type, handle ); - } -}; - -jQuery.Event = function( src, props ) { - - // Allow instantiation without the 'new' keyword - if ( !( this instanceof jQuery.Event ) ) { - return new jQuery.Event( src, props ); - } - - // Event object - if ( src && src.type ) { - this.originalEvent = src; - this.type = src.type; - - // Events bubbling up the document may have been marked as prevented - // by a handler lower down the tree; reflect the correct value. - this.isDefaultPrevented = src.defaultPrevented || - src.defaultPrevented === undefined && - - // Support: Android <=2.3 only - src.returnValue === false ? - returnTrue : - returnFalse; - - // Create target properties - // Support: Safari <=6 - 7 only - // Target should not be a text node (#504, #13143) - this.target = ( src.target && src.target.nodeType === 3 ) ? - src.target.parentNode : - src.target; - - this.currentTarget = src.currentTarget; - this.relatedTarget = src.relatedTarget; - - // Event type - } else { - this.type = src; - } - - // Put explicitly provided properties onto the event object - if ( props ) { - jQuery.extend( this, props ); - } - - // Create a timestamp if incoming event doesn't have one - this.timeStamp = src && src.timeStamp || Date.now(); - - // Mark it as fixed - this[ jQuery.expando ] = true; -}; - -// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding -// https://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html -jQuery.Event.prototype = { - constructor: jQuery.Event, - isDefaultPrevented: returnFalse, - isPropagationStopped: returnFalse, - isImmediatePropagationStopped: returnFalse, - isSimulated: false, - - preventDefault: function() { - var e = this.originalEvent; - - this.isDefaultPrevented = returnTrue; - - if ( e && !this.isSimulated ) { - e.preventDefault(); - } - }, - stopPropagation: function() { - var e = this.originalEvent; - - this.isPropagationStopped = returnTrue; - - if ( e && !this.isSimulated ) { - e.stopPropagation(); - } - }, - stopImmediatePropagation: function() { - var e = this.originalEvent; - - this.isImmediatePropagationStopped = returnTrue; - - if ( e && !this.isSimulated ) { - e.stopImmediatePropagation(); - } - - this.stopPropagation(); - } -}; - -// Includes all common event props including KeyEvent and MouseEvent specific props -jQuery.each( { - altKey: true, - bubbles: true, - cancelable: true, - changedTouches: true, - ctrlKey: true, - detail: true, - eventPhase: true, - metaKey: true, - pageX: true, - pageY: true, - shiftKey: true, - view: true, - "char": true, - code: true, - charCode: true, - key: true, - keyCode: true, - button: true, - buttons: true, - clientX: true, - clientY: true, - offsetX: true, - offsetY: true, - pointerId: true, - pointerType: true, - screenX: true, - screenY: true, - targetTouches: true, - toElement: true, - touches: true, - which: true -}, jQuery.event.addProp ); - -jQuery.each( { focus: "focusin", blur: "focusout" }, function( type, delegateType ) { - jQuery.event.special[ type ] = { - - // Utilize native event if possible so blur/focus sequence is correct - setup: function() { - - // Claim the first handler - // dataPriv.set( this, "focus", ... ) - // dataPriv.set( this, "blur", ... ) - leverageNative( this, type, expectSync ); - - // Return false to allow normal processing in the caller - return false; - }, - trigger: function() { - - // Force setup before trigger - leverageNative( this, type ); - - // Return non-false to allow normal event-path propagation - return true; - }, - - // Suppress native focus or blur as it's already being fired - // in leverageNative. - _default: function() { - return true; - }, - - delegateType: delegateType - }; -} ); - -// Create mouseenter/leave events using mouseover/out and event-time checks -// so that event delegation works in jQuery. -// Do the same for pointerenter/pointerleave and pointerover/pointerout -// -// Support: Safari 7 only -// Safari sends mouseenter too often; see: -// https://bugs.chromium.org/p/chromium/issues/detail?id=470258 -// for the description of the bug (it existed in older Chrome versions as well). -jQuery.each( { - mouseenter: "mouseover", - mouseleave: "mouseout", - pointerenter: "pointerover", - pointerleave: "pointerout" -}, function( orig, fix ) { - jQuery.event.special[ orig ] = { - delegateType: fix, - bindType: fix, - - handle: function( event ) { - var ret, - target = this, - related = event.relatedTarget, - handleObj = event.handleObj; - - // For mouseenter/leave call the handler if related is outside the target. - // NB: No relatedTarget if the mouse left/entered the browser window - if ( !related || ( related !== target && !jQuery.contains( target, related ) ) ) { - event.type = handleObj.origType; - ret = handleObj.handler.apply( this, arguments ); - event.type = fix; - } - return ret; - } - }; -} ); - -jQuery.fn.extend( { - - on: function( types, selector, data, fn ) { - return on( this, types, selector, data, fn ); - }, - one: function( types, selector, data, fn ) { - return on( this, types, selector, data, fn, 1 ); - }, - off: function( types, selector, fn ) { - var handleObj, type; - if ( types && types.preventDefault && types.handleObj ) { - - // ( event ) dispatched jQuery.Event - handleObj = types.handleObj; - jQuery( types.delegateTarget ).off( - handleObj.namespace ? - handleObj.origType + "." + handleObj.namespace : - handleObj.origType, - handleObj.selector, - handleObj.handler - ); - return this; - } - if ( typeof types === "object" ) { - - // ( types-object [, selector] ) - for ( type in types ) { - this.off( type, selector, types[ type ] ); - } - return this; - } - if ( selector === false || typeof selector === "function" ) { - - // ( types [, fn] ) - fn = selector; - selector = undefined; - } - if ( fn === false ) { - fn = returnFalse; - } - return this.each( function() { - jQuery.event.remove( this, types, fn, selector ); - } ); - } -} ); - - -var - - // Support: IE <=10 - 11, Edge 12 - 13 only - // In IE/Edge using regex groups here causes severe slowdowns. - // See https://connect.microsoft.com/IE/feedback/details/1736512/ - rnoInnerhtml = /\s*$/g; - -// Prefer a tbody over its parent table for containing new rows -function manipulationTarget( elem, content ) { - if ( nodeName( elem, "table" ) && - nodeName( content.nodeType !== 11 ? content : content.firstChild, "tr" ) ) { - - return jQuery( elem ).children( "tbody" )[ 0 ] || elem; - } - - return elem; -} - -// Replace/restore the type attribute of script elements for safe DOM manipulation -function disableScript( elem ) { - elem.type = ( elem.getAttribute( "type" ) !== null ) + "/" + elem.type; - return elem; -} -function restoreScript( elem ) { - if ( ( elem.type || "" ).slice( 0, 5 ) === "true/" ) { - elem.type = elem.type.slice( 5 ); - } else { - elem.removeAttribute( "type" ); - } - - return elem; -} - -function cloneCopyEvent( src, dest ) { - var i, l, type, pdataOld, udataOld, udataCur, events; - - if ( dest.nodeType !== 1 ) { - return; - } - - // 1. Copy private data: events, handlers, etc. - if ( dataPriv.hasData( src ) ) { - pdataOld = dataPriv.get( src ); - events = pdataOld.events; - - if ( events ) { - dataPriv.remove( dest, "handle events" ); - - for ( type in events ) { - for ( i = 0, l = events[ type ].length; i < l; i++ ) { - jQuery.event.add( dest, type, events[ type ][ i ] ); - } - } - } - } - - // 2. Copy user data - if ( dataUser.hasData( src ) ) { - udataOld = dataUser.access( src ); - udataCur = jQuery.extend( {}, udataOld ); - - dataUser.set( dest, udataCur ); - } -} - -// Fix IE bugs, see support tests -function fixInput( src, dest ) { - var nodeName = dest.nodeName.toLowerCase(); - - // Fails to persist the checked state of a cloned checkbox or radio button. - if ( nodeName === "input" && rcheckableType.test( src.type ) ) { - dest.checked = src.checked; - - // Fails to return the selected option to the default selected state when cloning options - } else if ( nodeName === "input" || nodeName === "textarea" ) { - dest.defaultValue = src.defaultValue; - } -} - -function domManip( collection, args, callback, ignored ) { - - // Flatten any nested arrays - args = flat( args ); - - var fragment, first, scripts, hasScripts, node, doc, - i = 0, - l = collection.length, - iNoClone = l - 1, - value = args[ 0 ], - valueIsFunction = isFunction( value ); - - // We can't cloneNode fragments that contain checked, in WebKit - if ( valueIsFunction || - ( l > 1 && typeof value === "string" && - !support.checkClone && rchecked.test( value ) ) ) { - return collection.each( function( index ) { - var self = collection.eq( index ); - if ( valueIsFunction ) { - args[ 0 ] = value.call( this, index, self.html() ); - } - domManip( self, args, callback, ignored ); - } ); - } - - if ( l ) { - fragment = buildFragment( args, collection[ 0 ].ownerDocument, false, collection, ignored ); - first = fragment.firstChild; - - if ( fragment.childNodes.length === 1 ) { - fragment = first; - } - - // Require either new content or an interest in ignored elements to invoke the callback - if ( first || ignored ) { - scripts = jQuery.map( getAll( fragment, "script" ), disableScript ); - hasScripts = scripts.length; - - // Use the original fragment for the last item - // instead of the first because it can end up - // being emptied incorrectly in certain situations (#8070). - for ( ; i < l; i++ ) { - node = fragment; - - if ( i !== iNoClone ) { - node = jQuery.clone( node, true, true ); - - // Keep references to cloned scripts for later restoration - if ( hasScripts ) { - - // Support: Android <=4.0 only, PhantomJS 1 only - // push.apply(_, arraylike) throws on ancient WebKit - jQuery.merge( scripts, getAll( node, "script" ) ); - } - } - - callback.call( collection[ i ], node, i ); - } - - if ( hasScripts ) { - doc = scripts[ scripts.length - 1 ].ownerDocument; - - // Reenable scripts - jQuery.map( scripts, restoreScript ); - - // Evaluate executable scripts on first document insertion - for ( i = 0; i < hasScripts; i++ ) { - node = scripts[ i ]; - if ( rscriptType.test( node.type || "" ) && - !dataPriv.access( node, "globalEval" ) && - jQuery.contains( doc, node ) ) { - - if ( node.src && ( node.type || "" ).toLowerCase() !== "module" ) { - - // Optional AJAX dependency, but won't run scripts if not present - if ( jQuery._evalUrl && !node.noModule ) { - jQuery._evalUrl( node.src, { - nonce: node.nonce || node.getAttribute( "nonce" ) - }, doc ); - } - } else { - DOMEval( node.textContent.replace( rcleanScript, "" ), node, doc ); - } - } - } - } - } - } - - return collection; -} - -function remove( elem, selector, keepData ) { - var node, - nodes = selector ? jQuery.filter( selector, elem ) : elem, - i = 0; - - for ( ; ( node = nodes[ i ] ) != null; i++ ) { - if ( !keepData && node.nodeType === 1 ) { - jQuery.cleanData( getAll( node ) ); - } - - if ( node.parentNode ) { - if ( keepData && isAttached( node ) ) { - setGlobalEval( getAll( node, "script" ) ); - } - node.parentNode.removeChild( node ); - } - } - - return elem; -} - -jQuery.extend( { - htmlPrefilter: function( html ) { - return html; - }, - - clone: function( elem, dataAndEvents, deepDataAndEvents ) { - var i, l, srcElements, destElements, - clone = elem.cloneNode( true ), - inPage = isAttached( elem ); - - // Fix IE cloning issues - if ( !support.noCloneChecked && ( elem.nodeType === 1 || elem.nodeType === 11 ) && - !jQuery.isXMLDoc( elem ) ) { - - // We eschew Sizzle here for performance reasons: https://jsperf.com/getall-vs-sizzle/2 - destElements = getAll( clone ); - srcElements = getAll( elem ); - - for ( i = 0, l = srcElements.length; i < l; i++ ) { - fixInput( srcElements[ i ], destElements[ i ] ); - } - } - - // Copy the events from the original to the clone - if ( dataAndEvents ) { - if ( deepDataAndEvents ) { - srcElements = srcElements || getAll( elem ); - destElements = destElements || getAll( clone ); - - for ( i = 0, l = srcElements.length; i < l; i++ ) { - cloneCopyEvent( srcElements[ i ], destElements[ i ] ); - } - } else { - cloneCopyEvent( elem, clone ); - } - } - - // Preserve script evaluation history - destElements = getAll( clone, "script" ); - if ( destElements.length > 0 ) { - setGlobalEval( destElements, !inPage && getAll( elem, "script" ) ); - } - - // Return the cloned set - return clone; - }, - - cleanData: function( elems ) { - var data, elem, type, - special = jQuery.event.special, - i = 0; - - for ( ; ( elem = elems[ i ] ) !== undefined; i++ ) { - if ( acceptData( elem ) ) { - if ( ( data = elem[ dataPriv.expando ] ) ) { - if ( data.events ) { - for ( type in data.events ) { - if ( special[ type ] ) { - jQuery.event.remove( elem, type ); - - // This is a shortcut to avoid jQuery.event.remove's overhead - } else { - jQuery.removeEvent( elem, type, data.handle ); - } - } - } - - // Support: Chrome <=35 - 45+ - // Assign undefined instead of using delete, see Data#remove - elem[ dataPriv.expando ] = undefined; - } - if ( elem[ dataUser.expando ] ) { - - // Support: Chrome <=35 - 45+ - // Assign undefined instead of using delete, see Data#remove - elem[ dataUser.expando ] = undefined; - } - } - } - } -} ); - -jQuery.fn.extend( { - detach: function( selector ) { - return remove( this, selector, true ); - }, - - remove: function( selector ) { - return remove( this, selector ); - }, - - text: function( value ) { - return access( this, function( value ) { - return value === undefined ? - jQuery.text( this ) : - this.empty().each( function() { - if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { - this.textContent = value; - } - } ); - }, null, value, arguments.length ); - }, - - append: function() { - return domManip( this, arguments, function( elem ) { - if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { - var target = manipulationTarget( this, elem ); - target.appendChild( elem ); - } - } ); - }, - - prepend: function() { - return domManip( this, arguments, function( elem ) { - if ( this.nodeType === 1 || this.nodeType === 11 || this.nodeType === 9 ) { - var target = manipulationTarget( this, elem ); - target.insertBefore( elem, target.firstChild ); - } - } ); - }, - - before: function() { - return domManip( this, arguments, function( elem ) { - if ( this.parentNode ) { - this.parentNode.insertBefore( elem, this ); - } - } ); - }, - - after: function() { - return domManip( this, arguments, function( elem ) { - if ( this.parentNode ) { - this.parentNode.insertBefore( elem, this.nextSibling ); - } - } ); - }, - - empty: function() { - var elem, - i = 0; - - for ( ; ( elem = this[ i ] ) != null; i++ ) { - if ( elem.nodeType === 1 ) { - - // Prevent memory leaks - jQuery.cleanData( getAll( elem, false ) ); - - // Remove any remaining nodes - elem.textContent = ""; - } - } - - return this; - }, - - clone: function( dataAndEvents, deepDataAndEvents ) { - dataAndEvents = dataAndEvents == null ? false : dataAndEvents; - deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents; - - return this.map( function() { - return jQuery.clone( this, dataAndEvents, deepDataAndEvents ); - } ); - }, - - html: function( value ) { - return access( this, function( value ) { - var elem = this[ 0 ] || {}, - i = 0, - l = this.length; - - if ( value === undefined && elem.nodeType === 1 ) { - return elem.innerHTML; - } - - // See if we can take a shortcut and just use innerHTML - if ( typeof value === "string" && !rnoInnerhtml.test( value ) && - !wrapMap[ ( rtagName.exec( value ) || [ "", "" ] )[ 1 ].toLowerCase() ] ) { - - value = jQuery.htmlPrefilter( value ); - - try { - for ( ; i < l; i++ ) { - elem = this[ i ] || {}; - - // Remove element nodes and prevent memory leaks - if ( elem.nodeType === 1 ) { - jQuery.cleanData( getAll( elem, false ) ); - elem.innerHTML = value; - } - } - - elem = 0; - - // If using innerHTML throws an exception, use the fallback method - } catch ( e ) {} - } - - if ( elem ) { - this.empty().append( value ); - } - }, null, value, arguments.length ); - }, - - replaceWith: function() { - var ignored = []; - - // Make the changes, replacing each non-ignored context element with the new content - return domManip( this, arguments, function( elem ) { - var parent = this.parentNode; - - if ( jQuery.inArray( this, ignored ) < 0 ) { - jQuery.cleanData( getAll( this ) ); - if ( parent ) { - parent.replaceChild( elem, this ); - } - } - - // Force callback invocation - }, ignored ); - } -} ); - -jQuery.each( { - appendTo: "append", - prependTo: "prepend", - insertBefore: "before", - insertAfter: "after", - replaceAll: "replaceWith" -}, function( name, original ) { - jQuery.fn[ name ] = function( selector ) { - var elems, - ret = [], - insert = jQuery( selector ), - last = insert.length - 1, - i = 0; - - for ( ; i <= last; i++ ) { - elems = i === last ? this : this.clone( true ); - jQuery( insert[ i ] )[ original ]( elems ); - - // Support: Android <=4.0 only, PhantomJS 1 only - // .get() because push.apply(_, arraylike) throws on ancient WebKit - push.apply( ret, elems.get() ); - } - - return this.pushStack( ret ); - }; -} ); -var rnumnonpx = new RegExp( "^(" + pnum + ")(?!px)[a-z%]+$", "i" ); - -var getStyles = function( elem ) { - - // Support: IE <=11 only, Firefox <=30 (#15098, #14150) - // IE throws on elements created in popups - // FF meanwhile throws on frame elements through "defaultView.getComputedStyle" - var view = elem.ownerDocument.defaultView; - - if ( !view || !view.opener ) { - view = window; - } - - return view.getComputedStyle( elem ); - }; - -var swap = function( elem, options, callback ) { - var ret, name, - old = {}; - - // Remember the old values, and insert the new ones - for ( name in options ) { - old[ name ] = elem.style[ name ]; - elem.style[ name ] = options[ name ]; - } - - ret = callback.call( elem ); - - // Revert the old values - for ( name in options ) { - elem.style[ name ] = old[ name ]; - } - - return ret; -}; - - -var rboxStyle = new RegExp( cssExpand.join( "|" ), "i" ); - - - -( function() { - - // Executing both pixelPosition & boxSizingReliable tests require only one layout - // so they're executed at the same time to save the second computation. - function computeStyleTests() { - - // This is a singleton, we need to execute it only once - if ( !div ) { - return; - } - - container.style.cssText = "position:absolute;left:-11111px;width:60px;" + - "margin-top:1px;padding:0;border:0"; - div.style.cssText = - "position:relative;display:block;box-sizing:border-box;overflow:scroll;" + - "margin:auto;border:1px;padding:1px;" + - "width:60%;top:1%"; - documentElement.appendChild( container ).appendChild( div ); - - var divStyle = window.getComputedStyle( div ); - pixelPositionVal = divStyle.top !== "1%"; - - // Support: Android 4.0 - 4.3 only, Firefox <=3 - 44 - reliableMarginLeftVal = roundPixelMeasures( divStyle.marginLeft ) === 12; - - // Support: Android 4.0 - 4.3 only, Safari <=9.1 - 10.1, iOS <=7.0 - 9.3 - // Some styles come back with percentage values, even though they shouldn't - div.style.right = "60%"; - pixelBoxStylesVal = roundPixelMeasures( divStyle.right ) === 36; - - // Support: IE 9 - 11 only - // Detect misreporting of content dimensions for box-sizing:border-box elements - boxSizingReliableVal = roundPixelMeasures( divStyle.width ) === 36; - - // Support: IE 9 only - // Detect overflow:scroll screwiness (gh-3699) - // Support: Chrome <=64 - // Don't get tricked when zoom affects offsetWidth (gh-4029) - div.style.position = "absolute"; - scrollboxSizeVal = roundPixelMeasures( div.offsetWidth / 3 ) === 12; - - documentElement.removeChild( container ); - - // Nullify the div so it wouldn't be stored in the memory and - // it will also be a sign that checks already performed - div = null; - } - - function roundPixelMeasures( measure ) { - return Math.round( parseFloat( measure ) ); - } - - var pixelPositionVal, boxSizingReliableVal, scrollboxSizeVal, pixelBoxStylesVal, - reliableTrDimensionsVal, reliableMarginLeftVal, - container = document.createElement( "div" ), - div = document.createElement( "div" ); - - // Finish early in limited (non-browser) environments - if ( !div.style ) { - return; - } - - // Support: IE <=9 - 11 only - // Style of cloned element affects source element cloned (#8908) - div.style.backgroundClip = "content-box"; - div.cloneNode( true ).style.backgroundClip = ""; - support.clearCloneStyle = div.style.backgroundClip === "content-box"; - - jQuery.extend( support, { - boxSizingReliable: function() { - computeStyleTests(); - return boxSizingReliableVal; - }, - pixelBoxStyles: function() { - computeStyleTests(); - return pixelBoxStylesVal; - }, - pixelPosition: function() { - computeStyleTests(); - return pixelPositionVal; - }, - reliableMarginLeft: function() { - computeStyleTests(); - return reliableMarginLeftVal; - }, - scrollboxSize: function() { - computeStyleTests(); - return scrollboxSizeVal; - }, - - // Support: IE 9 - 11+, Edge 15 - 18+ - // IE/Edge misreport `getComputedStyle` of table rows with width/height - // set in CSS while `offset*` properties report correct values. - // Behavior in IE 9 is more subtle than in newer versions & it passes - // some versions of this test; make sure not to make it pass there! - // - // Support: Firefox 70+ - // Only Firefox includes border widths - // in computed dimensions. (gh-4529) - reliableTrDimensions: function() { - var table, tr, trChild, trStyle; - if ( reliableTrDimensionsVal == null ) { - table = document.createElement( "table" ); - tr = document.createElement( "tr" ); - trChild = document.createElement( "div" ); - - table.style.cssText = "position:absolute;left:-11111px;border-collapse:separate"; - tr.style.cssText = "border:1px solid"; - - // Support: Chrome 86+ - // Height set through cssText does not get applied. - // Computed height then comes back as 0. - tr.style.height = "1px"; - trChild.style.height = "9px"; - - // Support: Android 8 Chrome 86+ - // In our bodyBackground.html iframe, - // display for all div elements is set to "inline", - // which causes a problem only in Android 8 Chrome 86. - // Ensuring the div is display: block - // gets around this issue. - trChild.style.display = "block"; - - documentElement - .appendChild( table ) - .appendChild( tr ) - .appendChild( trChild ); - - trStyle = window.getComputedStyle( tr ); - reliableTrDimensionsVal = ( parseInt( trStyle.height, 10 ) + - parseInt( trStyle.borderTopWidth, 10 ) + - parseInt( trStyle.borderBottomWidth, 10 ) ) === tr.offsetHeight; - - documentElement.removeChild( table ); - } - return reliableTrDimensionsVal; - } - } ); -} )(); - - -function curCSS( elem, name, computed ) { - var width, minWidth, maxWidth, ret, - - // Support: Firefox 51+ - // Retrieving style before computed somehow - // fixes an issue with getting wrong values - // on detached elements - style = elem.style; - - computed = computed || getStyles( elem ); - - // getPropertyValue is needed for: - // .css('filter') (IE 9 only, #12537) - // .css('--customProperty) (#3144) - if ( computed ) { - ret = computed.getPropertyValue( name ) || computed[ name ]; - - if ( ret === "" && !isAttached( elem ) ) { - ret = jQuery.style( elem, name ); - } - - // A tribute to the "awesome hack by Dean Edwards" - // Android Browser returns percentage for some values, - // but width seems to be reliably pixels. - // This is against the CSSOM draft spec: - // https://drafts.csswg.org/cssom/#resolved-values - if ( !support.pixelBoxStyles() && rnumnonpx.test( ret ) && rboxStyle.test( name ) ) { - - // Remember the original values - width = style.width; - minWidth = style.minWidth; - maxWidth = style.maxWidth; - - // Put in the new values to get a computed value out - style.minWidth = style.maxWidth = style.width = ret; - ret = computed.width; - - // Revert the changed values - style.width = width; - style.minWidth = minWidth; - style.maxWidth = maxWidth; - } - } - - return ret !== undefined ? - - // Support: IE <=9 - 11 only - // IE returns zIndex value as an integer. - ret + "" : - ret; -} - - -function addGetHookIf( conditionFn, hookFn ) { - - // Define the hook, we'll check on the first run if it's really needed. - return { - get: function() { - if ( conditionFn() ) { - - // Hook not needed (or it's not possible to use it due - // to missing dependency), remove it. - delete this.get; - return; - } - - // Hook needed; redefine it so that the support test is not executed again. - return ( this.get = hookFn ).apply( this, arguments ); - } - }; -} - - -var cssPrefixes = [ "Webkit", "Moz", "ms" ], - emptyStyle = document.createElement( "div" ).style, - vendorProps = {}; - -// Return a vendor-prefixed property or undefined -function vendorPropName( name ) { - - // Check for vendor prefixed names - var capName = name[ 0 ].toUpperCase() + name.slice( 1 ), - i = cssPrefixes.length; - - while ( i-- ) { - name = cssPrefixes[ i ] + capName; - if ( name in emptyStyle ) { - return name; - } - } -} - -// Return a potentially-mapped jQuery.cssProps or vendor prefixed property -function finalPropName( name ) { - var final = jQuery.cssProps[ name ] || vendorProps[ name ]; - - if ( final ) { - return final; - } - if ( name in emptyStyle ) { - return name; - } - return vendorProps[ name ] = vendorPropName( name ) || name; -} - - -var - - // Swappable if display is none or starts with table - // except "table", "table-cell", or "table-caption" - // See here for display values: https://developer.mozilla.org/en-US/docs/CSS/display - rdisplayswap = /^(none|table(?!-c[ea]).+)/, - rcustomProp = /^--/, - cssShow = { position: "absolute", visibility: "hidden", display: "block" }, - cssNormalTransform = { - letterSpacing: "0", - fontWeight: "400" - }; - -function setPositiveNumber( _elem, value, subtract ) { - - // Any relative (+/-) values have already been - // normalized at this point - var matches = rcssNum.exec( value ); - return matches ? - - // Guard against undefined "subtract", e.g., when used as in cssHooks - Math.max( 0, matches[ 2 ] - ( subtract || 0 ) ) + ( matches[ 3 ] || "px" ) : - value; -} - -function boxModelAdjustment( elem, dimension, box, isBorderBox, styles, computedVal ) { - var i = dimension === "width" ? 1 : 0, - extra = 0, - delta = 0; - - // Adjustment may not be necessary - if ( box === ( isBorderBox ? "border" : "content" ) ) { - return 0; - } - - for ( ; i < 4; i += 2 ) { - - // Both box models exclude margin - if ( box === "margin" ) { - delta += jQuery.css( elem, box + cssExpand[ i ], true, styles ); - } - - // If we get here with a content-box, we're seeking "padding" or "border" or "margin" - if ( !isBorderBox ) { - - // Add padding - delta += jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); - - // For "border" or "margin", add border - if ( box !== "padding" ) { - delta += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); - - // But still keep track of it otherwise - } else { - extra += jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); - } - - // If we get here with a border-box (content + padding + border), we're seeking "content" or - // "padding" or "margin" - } else { - - // For "content", subtract padding - if ( box === "content" ) { - delta -= jQuery.css( elem, "padding" + cssExpand[ i ], true, styles ); - } - - // For "content" or "padding", subtract border - if ( box !== "margin" ) { - delta -= jQuery.css( elem, "border" + cssExpand[ i ] + "Width", true, styles ); - } - } - } - - // Account for positive content-box scroll gutter when requested by providing computedVal - if ( !isBorderBox && computedVal >= 0 ) { - - // offsetWidth/offsetHeight is a rounded sum of content, padding, scroll gutter, and border - // Assuming integer scroll gutter, subtract the rest and round down - delta += Math.max( 0, Math.ceil( - elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - - computedVal - - delta - - extra - - 0.5 - - // If offsetWidth/offsetHeight is unknown, then we can't determine content-box scroll gutter - // Use an explicit zero to avoid NaN (gh-3964) - ) ) || 0; - } - - return delta; -} - -function getWidthOrHeight( elem, dimension, extra ) { - - // Start with computed style - var styles = getStyles( elem ), - - // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-4322). - // Fake content-box until we know it's needed to know the true value. - boxSizingNeeded = !support.boxSizingReliable() || extra, - isBorderBox = boxSizingNeeded && - jQuery.css( elem, "boxSizing", false, styles ) === "border-box", - valueIsBorderBox = isBorderBox, - - val = curCSS( elem, dimension, styles ), - offsetProp = "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ); - - // Support: Firefox <=54 - // Return a confounding non-pixel value or feign ignorance, as appropriate. - if ( rnumnonpx.test( val ) ) { - if ( !extra ) { - return val; - } - val = "auto"; - } - - - // Support: IE 9 - 11 only - // Use offsetWidth/offsetHeight for when box sizing is unreliable. - // In those cases, the computed value can be trusted to be border-box. - if ( ( !support.boxSizingReliable() && isBorderBox || - - // Support: IE 10 - 11+, Edge 15 - 18+ - // IE/Edge misreport `getComputedStyle` of table rows with width/height - // set in CSS while `offset*` properties report correct values. - // Interestingly, in some cases IE 9 doesn't suffer from this issue. - !support.reliableTrDimensions() && nodeName( elem, "tr" ) || - - // Fall back to offsetWidth/offsetHeight when value is "auto" - // This happens for inline elements with no explicit setting (gh-3571) - val === "auto" || - - // Support: Android <=4.1 - 4.3 only - // Also use offsetWidth/offsetHeight for misreported inline dimensions (gh-3602) - !parseFloat( val ) && jQuery.css( elem, "display", false, styles ) === "inline" ) && - - // Make sure the element is visible & connected - elem.getClientRects().length ) { - - isBorderBox = jQuery.css( elem, "boxSizing", false, styles ) === "border-box"; - - // Where available, offsetWidth/offsetHeight approximate border box dimensions. - // Where not available (e.g., SVG), assume unreliable box-sizing and interpret the - // retrieved value as a content box dimension. - valueIsBorderBox = offsetProp in elem; - if ( valueIsBorderBox ) { - val = elem[ offsetProp ]; - } - } - - // Normalize "" and auto - val = parseFloat( val ) || 0; - - // Adjust for the element's box model - return ( val + - boxModelAdjustment( - elem, - dimension, - extra || ( isBorderBox ? "border" : "content" ), - valueIsBorderBox, - styles, - - // Provide the current computed size to request scroll gutter calculation (gh-3589) - val - ) - ) + "px"; -} - -jQuery.extend( { - - // Add in style property hooks for overriding the default - // behavior of getting and setting a style property - cssHooks: { - opacity: { - get: function( elem, computed ) { - if ( computed ) { - - // We should always get a number back from opacity - var ret = curCSS( elem, "opacity" ); - return ret === "" ? "1" : ret; - } - } - } - }, - - // Don't automatically add "px" to these possibly-unitless properties - cssNumber: { - "animationIterationCount": true, - "columnCount": true, - "fillOpacity": true, - "flexGrow": true, - "flexShrink": true, - "fontWeight": true, - "gridArea": true, - "gridColumn": true, - "gridColumnEnd": true, - "gridColumnStart": true, - "gridRow": true, - "gridRowEnd": true, - "gridRowStart": true, - "lineHeight": true, - "opacity": true, - "order": true, - "orphans": true, - "widows": true, - "zIndex": true, - "zoom": true - }, - - // Add in properties whose names you wish to fix before - // setting or getting the value - cssProps: {}, - - // Get and set the style property on a DOM Node - style: function( elem, name, value, extra ) { - - // Don't set styles on text and comment nodes - if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) { - return; - } - - // Make sure that we're working with the right name - var ret, type, hooks, - origName = camelCase( name ), - isCustomProp = rcustomProp.test( name ), - style = elem.style; - - // Make sure that we're working with the right name. We don't - // want to query the value if it is a CSS custom property - // since they are user-defined. - if ( !isCustomProp ) { - name = finalPropName( origName ); - } - - // Gets hook for the prefixed version, then unprefixed version - hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; - - // Check if we're setting a value - if ( value !== undefined ) { - type = typeof value; - - // Convert "+=" or "-=" to relative numbers (#7345) - if ( type === "string" && ( ret = rcssNum.exec( value ) ) && ret[ 1 ] ) { - value = adjustCSS( elem, name, ret ); - - // Fixes bug #9237 - type = "number"; - } - - // Make sure that null and NaN values aren't set (#7116) - if ( value == null || value !== value ) { - return; - } - - // If a number was passed in, add the unit (except for certain CSS properties) - // The isCustomProp check can be removed in jQuery 4.0 when we only auto-append - // "px" to a few hardcoded values. - if ( type === "number" && !isCustomProp ) { - value += ret && ret[ 3 ] || ( jQuery.cssNumber[ origName ] ? "" : "px" ); - } - - // background-* props affect original clone's values - if ( !support.clearCloneStyle && value === "" && name.indexOf( "background" ) === 0 ) { - style[ name ] = "inherit"; - } - - // If a hook was provided, use that value, otherwise just set the specified value - if ( !hooks || !( "set" in hooks ) || - ( value = hooks.set( elem, value, extra ) ) !== undefined ) { - - if ( isCustomProp ) { - style.setProperty( name, value ); - } else { - style[ name ] = value; - } - } - - } else { - - // If a hook was provided get the non-computed value from there - if ( hooks && "get" in hooks && - ( ret = hooks.get( elem, false, extra ) ) !== undefined ) { - - return ret; - } - - // Otherwise just get the value from the style object - return style[ name ]; - } - }, - - css: function( elem, name, extra, styles ) { - var val, num, hooks, - origName = camelCase( name ), - isCustomProp = rcustomProp.test( name ); - - // Make sure that we're working with the right name. We don't - // want to modify the value if it is a CSS custom property - // since they are user-defined. - if ( !isCustomProp ) { - name = finalPropName( origName ); - } - - // Try prefixed name followed by the unprefixed name - hooks = jQuery.cssHooks[ name ] || jQuery.cssHooks[ origName ]; - - // If a hook was provided get the computed value from there - if ( hooks && "get" in hooks ) { - val = hooks.get( elem, true, extra ); - } - - // Otherwise, if a way to get the computed value exists, use that - if ( val === undefined ) { - val = curCSS( elem, name, styles ); - } - - // Convert "normal" to computed value - if ( val === "normal" && name in cssNormalTransform ) { - val = cssNormalTransform[ name ]; - } - - // Make numeric if forced or a qualifier was provided and val looks numeric - if ( extra === "" || extra ) { - num = parseFloat( val ); - return extra === true || isFinite( num ) ? num || 0 : val; - } - - return val; - } -} ); - -jQuery.each( [ "height", "width" ], function( _i, dimension ) { - jQuery.cssHooks[ dimension ] = { - get: function( elem, computed, extra ) { - if ( computed ) { - - // Certain elements can have dimension info if we invisibly show them - // but it must have a current display style that would benefit - return rdisplayswap.test( jQuery.css( elem, "display" ) ) && - - // Support: Safari 8+ - // Table columns in Safari have non-zero offsetWidth & zero - // getBoundingClientRect().width unless display is changed. - // Support: IE <=11 only - // Running getBoundingClientRect on a disconnected node - // in IE throws an error. - ( !elem.getClientRects().length || !elem.getBoundingClientRect().width ) ? - swap( elem, cssShow, function() { - return getWidthOrHeight( elem, dimension, extra ); - } ) : - getWidthOrHeight( elem, dimension, extra ); - } - }, - - set: function( elem, value, extra ) { - var matches, - styles = getStyles( elem ), - - // Only read styles.position if the test has a chance to fail - // to avoid forcing a reflow. - scrollboxSizeBuggy = !support.scrollboxSize() && - styles.position === "absolute", - - // To avoid forcing a reflow, only fetch boxSizing if we need it (gh-3991) - boxSizingNeeded = scrollboxSizeBuggy || extra, - isBorderBox = boxSizingNeeded && - jQuery.css( elem, "boxSizing", false, styles ) === "border-box", - subtract = extra ? - boxModelAdjustment( - elem, - dimension, - extra, - isBorderBox, - styles - ) : - 0; - - // Account for unreliable border-box dimensions by comparing offset* to computed and - // faking a content-box to get border and padding (gh-3699) - if ( isBorderBox && scrollboxSizeBuggy ) { - subtract -= Math.ceil( - elem[ "offset" + dimension[ 0 ].toUpperCase() + dimension.slice( 1 ) ] - - parseFloat( styles[ dimension ] ) - - boxModelAdjustment( elem, dimension, "border", false, styles ) - - 0.5 - ); - } - - // Convert to pixels if value adjustment is needed - if ( subtract && ( matches = rcssNum.exec( value ) ) && - ( matches[ 3 ] || "px" ) !== "px" ) { - - elem.style[ dimension ] = value; - value = jQuery.css( elem, dimension ); - } - - return setPositiveNumber( elem, value, subtract ); - } - }; -} ); - -jQuery.cssHooks.marginLeft = addGetHookIf( support.reliableMarginLeft, - function( elem, computed ) { - if ( computed ) { - return ( parseFloat( curCSS( elem, "marginLeft" ) ) || - elem.getBoundingClientRect().left - - swap( elem, { marginLeft: 0 }, function() { - return elem.getBoundingClientRect().left; - } ) - ) + "px"; - } - } -); - -// These hooks are used by animate to expand properties -jQuery.each( { - margin: "", - padding: "", - border: "Width" -}, function( prefix, suffix ) { - jQuery.cssHooks[ prefix + suffix ] = { - expand: function( value ) { - var i = 0, - expanded = {}, - - // Assumes a single number if not a string - parts = typeof value === "string" ? value.split( " " ) : [ value ]; - - for ( ; i < 4; i++ ) { - expanded[ prefix + cssExpand[ i ] + suffix ] = - parts[ i ] || parts[ i - 2 ] || parts[ 0 ]; - } - - return expanded; - } - }; - - if ( prefix !== "margin" ) { - jQuery.cssHooks[ prefix + suffix ].set = setPositiveNumber; - } -} ); - -jQuery.fn.extend( { - css: function( name, value ) { - return access( this, function( elem, name, value ) { - var styles, len, - map = {}, - i = 0; - - if ( Array.isArray( name ) ) { - styles = getStyles( elem ); - len = name.length; - - for ( ; i < len; i++ ) { - map[ name[ i ] ] = jQuery.css( elem, name[ i ], false, styles ); - } - - return map; - } - - return value !== undefined ? - jQuery.style( elem, name, value ) : - jQuery.css( elem, name ); - }, name, value, arguments.length > 1 ); - } -} ); - - -function Tween( elem, options, prop, end, easing ) { - return new Tween.prototype.init( elem, options, prop, end, easing ); -} -jQuery.Tween = Tween; - -Tween.prototype = { - constructor: Tween, - init: function( elem, options, prop, end, easing, unit ) { - this.elem = elem; - this.prop = prop; - this.easing = easing || jQuery.easing._default; - this.options = options; - this.start = this.now = this.cur(); - this.end = end; - this.unit = unit || ( jQuery.cssNumber[ prop ] ? "" : "px" ); - }, - cur: function() { - var hooks = Tween.propHooks[ this.prop ]; - - return hooks && hooks.get ? - hooks.get( this ) : - Tween.propHooks._default.get( this ); - }, - run: function( percent ) { - var eased, - hooks = Tween.propHooks[ this.prop ]; - - if ( this.options.duration ) { - this.pos = eased = jQuery.easing[ this.easing ]( - percent, this.options.duration * percent, 0, 1, this.options.duration - ); - } else { - this.pos = eased = percent; - } - this.now = ( this.end - this.start ) * eased + this.start; - - if ( this.options.step ) { - this.options.step.call( this.elem, this.now, this ); - } - - if ( hooks && hooks.set ) { - hooks.set( this ); - } else { - Tween.propHooks._default.set( this ); - } - return this; - } -}; - -Tween.prototype.init.prototype = Tween.prototype; - -Tween.propHooks = { - _default: { - get: function( tween ) { - var result; - - // Use a property on the element directly when it is not a DOM element, - // or when there is no matching style property that exists. - if ( tween.elem.nodeType !== 1 || - tween.elem[ tween.prop ] != null && tween.elem.style[ tween.prop ] == null ) { - return tween.elem[ tween.prop ]; - } - - // Passing an empty string as a 3rd parameter to .css will automatically - // attempt a parseFloat and fallback to a string if the parse fails. - // Simple values such as "10px" are parsed to Float; - // complex values such as "rotate(1rad)" are returned as-is. - result = jQuery.css( tween.elem, tween.prop, "" ); - - // Empty strings, null, undefined and "auto" are converted to 0. - return !result || result === "auto" ? 0 : result; - }, - set: function( tween ) { - - // Use step hook for back compat. - // Use cssHook if its there. - // Use .style if available and use plain properties where available. - if ( jQuery.fx.step[ tween.prop ] ) { - jQuery.fx.step[ tween.prop ]( tween ); - } else if ( tween.elem.nodeType === 1 && ( - jQuery.cssHooks[ tween.prop ] || - tween.elem.style[ finalPropName( tween.prop ) ] != null ) ) { - jQuery.style( tween.elem, tween.prop, tween.now + tween.unit ); - } else { - tween.elem[ tween.prop ] = tween.now; - } - } - } -}; - -// Support: IE <=9 only -// Panic based approach to setting things on disconnected nodes -Tween.propHooks.scrollTop = Tween.propHooks.scrollLeft = { - set: function( tween ) { - if ( tween.elem.nodeType && tween.elem.parentNode ) { - tween.elem[ tween.prop ] = tween.now; - } - } -}; - -jQuery.easing = { - linear: function( p ) { - return p; - }, - swing: function( p ) { - return 0.5 - Math.cos( p * Math.PI ) / 2; - }, - _default: "swing" -}; - -jQuery.fx = Tween.prototype.init; - -// Back compat <1.8 extension point -jQuery.fx.step = {}; - - - - -var - fxNow, inProgress, - rfxtypes = /^(?:toggle|show|hide)$/, - rrun = /queueHooks$/; - -function schedule() { - if ( inProgress ) { - if ( document.hidden === false && window.requestAnimationFrame ) { - window.requestAnimationFrame( schedule ); - } else { - window.setTimeout( schedule, jQuery.fx.interval ); - } - - jQuery.fx.tick(); - } -} - -// Animations created synchronously will run synchronously -function createFxNow() { - window.setTimeout( function() { - fxNow = undefined; - } ); - return ( fxNow = Date.now() ); -} - -// Generate parameters to create a standard animation -function genFx( type, includeWidth ) { - var which, - i = 0, - attrs = { height: type }; - - // If we include width, step value is 1 to do all cssExpand values, - // otherwise step value is 2 to skip over Left and Right - includeWidth = includeWidth ? 1 : 0; - for ( ; i < 4; i += 2 - includeWidth ) { - which = cssExpand[ i ]; - attrs[ "margin" + which ] = attrs[ "padding" + which ] = type; - } - - if ( includeWidth ) { - attrs.opacity = attrs.width = type; - } - - return attrs; -} - -function createTween( value, prop, animation ) { - var tween, - collection = ( Animation.tweeners[ prop ] || [] ).concat( Animation.tweeners[ "*" ] ), - index = 0, - length = collection.length; - for ( ; index < length; index++ ) { - if ( ( tween = collection[ index ].call( animation, prop, value ) ) ) { - - // We're done with this property - return tween; - } - } -} - -function defaultPrefilter( elem, props, opts ) { - var prop, value, toggle, hooks, oldfire, propTween, restoreDisplay, display, - isBox = "width" in props || "height" in props, - anim = this, - orig = {}, - style = elem.style, - hidden = elem.nodeType && isHiddenWithinTree( elem ), - dataShow = dataPriv.get( elem, "fxshow" ); - - // Queue-skipping animations hijack the fx hooks - if ( !opts.queue ) { - hooks = jQuery._queueHooks( elem, "fx" ); - if ( hooks.unqueued == null ) { - hooks.unqueued = 0; - oldfire = hooks.empty.fire; - hooks.empty.fire = function() { - if ( !hooks.unqueued ) { - oldfire(); - } - }; - } - hooks.unqueued++; - - anim.always( function() { - - // Ensure the complete handler is called before this completes - anim.always( function() { - hooks.unqueued--; - if ( !jQuery.queue( elem, "fx" ).length ) { - hooks.empty.fire(); - } - } ); - } ); - } - - // Detect show/hide animations - for ( prop in props ) { - value = props[ prop ]; - if ( rfxtypes.test( value ) ) { - delete props[ prop ]; - toggle = toggle || value === "toggle"; - if ( value === ( hidden ? "hide" : "show" ) ) { - - // Pretend to be hidden if this is a "show" and - // there is still data from a stopped show/hide - if ( value === "show" && dataShow && dataShow[ prop ] !== undefined ) { - hidden = true; - - // Ignore all other no-op show/hide data - } else { - continue; - } - } - orig[ prop ] = dataShow && dataShow[ prop ] || jQuery.style( elem, prop ); - } - } - - // Bail out if this is a no-op like .hide().hide() - propTween = !jQuery.isEmptyObject( props ); - if ( !propTween && jQuery.isEmptyObject( orig ) ) { - return; - } - - // Restrict "overflow" and "display" styles during box animations - if ( isBox && elem.nodeType === 1 ) { - - // Support: IE <=9 - 11, Edge 12 - 15 - // Record all 3 overflow attributes because IE does not infer the shorthand - // from identically-valued overflowX and overflowY and Edge just mirrors - // the overflowX value there. - opts.overflow = [ style.overflow, style.overflowX, style.overflowY ]; - - // Identify a display type, preferring old show/hide data over the CSS cascade - restoreDisplay = dataShow && dataShow.display; - if ( restoreDisplay == null ) { - restoreDisplay = dataPriv.get( elem, "display" ); - } - display = jQuery.css( elem, "display" ); - if ( display === "none" ) { - if ( restoreDisplay ) { - display = restoreDisplay; - } else { - - // Get nonempty value(s) by temporarily forcing visibility - showHide( [ elem ], true ); - restoreDisplay = elem.style.display || restoreDisplay; - display = jQuery.css( elem, "display" ); - showHide( [ elem ] ); - } - } - - // Animate inline elements as inline-block - if ( display === "inline" || display === "inline-block" && restoreDisplay != null ) { - if ( jQuery.css( elem, "float" ) === "none" ) { - - // Restore the original display value at the end of pure show/hide animations - if ( !propTween ) { - anim.done( function() { - style.display = restoreDisplay; - } ); - if ( restoreDisplay == null ) { - display = style.display; - restoreDisplay = display === "none" ? "" : display; - } - } - style.display = "inline-block"; - } - } - } - - if ( opts.overflow ) { - style.overflow = "hidden"; - anim.always( function() { - style.overflow = opts.overflow[ 0 ]; - style.overflowX = opts.overflow[ 1 ]; - style.overflowY = opts.overflow[ 2 ]; - } ); - } - - // Implement show/hide animations - propTween = false; - for ( prop in orig ) { - - // General show/hide setup for this element animation - if ( !propTween ) { - if ( dataShow ) { - if ( "hidden" in dataShow ) { - hidden = dataShow.hidden; - } - } else { - dataShow = dataPriv.access( elem, "fxshow", { display: restoreDisplay } ); - } - - // Store hidden/visible for toggle so `.stop().toggle()` "reverses" - if ( toggle ) { - dataShow.hidden = !hidden; - } - - // Show elements before animating them - if ( hidden ) { - showHide( [ elem ], true ); - } - - /* eslint-disable no-loop-func */ - - anim.done( function() { - - /* eslint-enable no-loop-func */ - - // The final step of a "hide" animation is actually hiding the element - if ( !hidden ) { - showHide( [ elem ] ); - } - dataPriv.remove( elem, "fxshow" ); - for ( prop in orig ) { - jQuery.style( elem, prop, orig[ prop ] ); - } - } ); - } - - // Per-property setup - propTween = createTween( hidden ? dataShow[ prop ] : 0, prop, anim ); - if ( !( prop in dataShow ) ) { - dataShow[ prop ] = propTween.start; - if ( hidden ) { - propTween.end = propTween.start; - propTween.start = 0; - } - } - } -} - -function propFilter( props, specialEasing ) { - var index, name, easing, value, hooks; - - // camelCase, specialEasing and expand cssHook pass - for ( index in props ) { - name = camelCase( index ); - easing = specialEasing[ name ]; - value = props[ index ]; - if ( Array.isArray( value ) ) { - easing = value[ 1 ]; - value = props[ index ] = value[ 0 ]; - } - - if ( index !== name ) { - props[ name ] = value; - delete props[ index ]; - } - - hooks = jQuery.cssHooks[ name ]; - if ( hooks && "expand" in hooks ) { - value = hooks.expand( value ); - delete props[ name ]; - - // Not quite $.extend, this won't overwrite existing keys. - // Reusing 'index' because we have the correct "name" - for ( index in value ) { - if ( !( index in props ) ) { - props[ index ] = value[ index ]; - specialEasing[ index ] = easing; - } - } - } else { - specialEasing[ name ] = easing; - } - } -} - -function Animation( elem, properties, options ) { - var result, - stopped, - index = 0, - length = Animation.prefilters.length, - deferred = jQuery.Deferred().always( function() { - - // Don't match elem in the :animated selector - delete tick.elem; - } ), - tick = function() { - if ( stopped ) { - return false; - } - var currentTime = fxNow || createFxNow(), - remaining = Math.max( 0, animation.startTime + animation.duration - currentTime ), - - // Support: Android 2.3 only - // Archaic crash bug won't allow us to use `1 - ( 0.5 || 0 )` (#12497) - temp = remaining / animation.duration || 0, - percent = 1 - temp, - index = 0, - length = animation.tweens.length; - - for ( ; index < length; index++ ) { - animation.tweens[ index ].run( percent ); - } - - deferred.notifyWith( elem, [ animation, percent, remaining ] ); - - // If there's more to do, yield - if ( percent < 1 && length ) { - return remaining; - } - - // If this was an empty animation, synthesize a final progress notification - if ( !length ) { - deferred.notifyWith( elem, [ animation, 1, 0 ] ); - } - - // Resolve the animation and report its conclusion - deferred.resolveWith( elem, [ animation ] ); - return false; - }, - animation = deferred.promise( { - elem: elem, - props: jQuery.extend( {}, properties ), - opts: jQuery.extend( true, { - specialEasing: {}, - easing: jQuery.easing._default - }, options ), - originalProperties: properties, - originalOptions: options, - startTime: fxNow || createFxNow(), - duration: options.duration, - tweens: [], - createTween: function( prop, end ) { - var tween = jQuery.Tween( elem, animation.opts, prop, end, - animation.opts.specialEasing[ prop ] || animation.opts.easing ); - animation.tweens.push( tween ); - return tween; - }, - stop: function( gotoEnd ) { - var index = 0, - - // If we are going to the end, we want to run all the tweens - // otherwise we skip this part - length = gotoEnd ? animation.tweens.length : 0; - if ( stopped ) { - return this; - } - stopped = true; - for ( ; index < length; index++ ) { - animation.tweens[ index ].run( 1 ); - } - - // Resolve when we played the last frame; otherwise, reject - if ( gotoEnd ) { - deferred.notifyWith( elem, [ animation, 1, 0 ] ); - deferred.resolveWith( elem, [ animation, gotoEnd ] ); - } else { - deferred.rejectWith( elem, [ animation, gotoEnd ] ); - } - return this; - } - } ), - props = animation.props; - - propFilter( props, animation.opts.specialEasing ); - - for ( ; index < length; index++ ) { - result = Animation.prefilters[ index ].call( animation, elem, props, animation.opts ); - if ( result ) { - if ( isFunction( result.stop ) ) { - jQuery._queueHooks( animation.elem, animation.opts.queue ).stop = - result.stop.bind( result ); - } - return result; - } - } - - jQuery.map( props, createTween, animation ); - - if ( isFunction( animation.opts.start ) ) { - animation.opts.start.call( elem, animation ); - } - - // Attach callbacks from options - animation - .progress( animation.opts.progress ) - .done( animation.opts.done, animation.opts.complete ) - .fail( animation.opts.fail ) - .always( animation.opts.always ); - - jQuery.fx.timer( - jQuery.extend( tick, { - elem: elem, - anim: animation, - queue: animation.opts.queue - } ) - ); - - return animation; -} - -jQuery.Animation = jQuery.extend( Animation, { - - tweeners: { - "*": [ function( prop, value ) { - var tween = this.createTween( prop, value ); - adjustCSS( tween.elem, prop, rcssNum.exec( value ), tween ); - return tween; - } ] - }, - - tweener: function( props, callback ) { - if ( isFunction( props ) ) { - callback = props; - props = [ "*" ]; - } else { - props = props.match( rnothtmlwhite ); - } - - var prop, - index = 0, - length = props.length; - - for ( ; index < length; index++ ) { - prop = props[ index ]; - Animation.tweeners[ prop ] = Animation.tweeners[ prop ] || []; - Animation.tweeners[ prop ].unshift( callback ); - } - }, - - prefilters: [ defaultPrefilter ], - - prefilter: function( callback, prepend ) { - if ( prepend ) { - Animation.prefilters.unshift( callback ); - } else { - Animation.prefilters.push( callback ); - } - } -} ); - -jQuery.speed = function( speed, easing, fn ) { - var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : { - complete: fn || !fn && easing || - isFunction( speed ) && speed, - duration: speed, - easing: fn && easing || easing && !isFunction( easing ) && easing - }; - - // Go to the end state if fx are off - if ( jQuery.fx.off ) { - opt.duration = 0; - - } else { - if ( typeof opt.duration !== "number" ) { - if ( opt.duration in jQuery.fx.speeds ) { - opt.duration = jQuery.fx.speeds[ opt.duration ]; - - } else { - opt.duration = jQuery.fx.speeds._default; - } - } - } - - // Normalize opt.queue - true/undefined/null -> "fx" - if ( opt.queue == null || opt.queue === true ) { - opt.queue = "fx"; - } - - // Queueing - opt.old = opt.complete; - - opt.complete = function() { - if ( isFunction( opt.old ) ) { - opt.old.call( this ); - } - - if ( opt.queue ) { - jQuery.dequeue( this, opt.queue ); - } - }; - - return opt; -}; - -jQuery.fn.extend( { - fadeTo: function( speed, to, easing, callback ) { - - // Show any hidden elements after setting opacity to 0 - return this.filter( isHiddenWithinTree ).css( "opacity", 0 ).show() - - // Animate to the value specified - .end().animate( { opacity: to }, speed, easing, callback ); - }, - animate: function( prop, speed, easing, callback ) { - var empty = jQuery.isEmptyObject( prop ), - optall = jQuery.speed( speed, easing, callback ), - doAnimation = function() { - - // Operate on a copy of prop so per-property easing won't be lost - var anim = Animation( this, jQuery.extend( {}, prop ), optall ); - - // Empty animations, or finishing resolves immediately - if ( empty || dataPriv.get( this, "finish" ) ) { - anim.stop( true ); - } - }; - - doAnimation.finish = doAnimation; - - return empty || optall.queue === false ? - this.each( doAnimation ) : - this.queue( optall.queue, doAnimation ); - }, - stop: function( type, clearQueue, gotoEnd ) { - var stopQueue = function( hooks ) { - var stop = hooks.stop; - delete hooks.stop; - stop( gotoEnd ); - }; - - if ( typeof type !== "string" ) { - gotoEnd = clearQueue; - clearQueue = type; - type = undefined; - } - if ( clearQueue ) { - this.queue( type || "fx", [] ); - } - - return this.each( function() { - var dequeue = true, - index = type != null && type + "queueHooks", - timers = jQuery.timers, - data = dataPriv.get( this ); - - if ( index ) { - if ( data[ index ] && data[ index ].stop ) { - stopQueue( data[ index ] ); - } - } else { - for ( index in data ) { - if ( data[ index ] && data[ index ].stop && rrun.test( index ) ) { - stopQueue( data[ index ] ); - } - } - } - - for ( index = timers.length; index--; ) { - if ( timers[ index ].elem === this && - ( type == null || timers[ index ].queue === type ) ) { - - timers[ index ].anim.stop( gotoEnd ); - dequeue = false; - timers.splice( index, 1 ); - } - } - - // Start the next in the queue if the last step wasn't forced. - // Timers currently will call their complete callbacks, which - // will dequeue but only if they were gotoEnd. - if ( dequeue || !gotoEnd ) { - jQuery.dequeue( this, type ); - } - } ); - }, - finish: function( type ) { - if ( type !== false ) { - type = type || "fx"; - } - return this.each( function() { - var index, - data = dataPriv.get( this ), - queue = data[ type + "queue" ], - hooks = data[ type + "queueHooks" ], - timers = jQuery.timers, - length = queue ? queue.length : 0; - - // Enable finishing flag on private data - data.finish = true; - - // Empty the queue first - jQuery.queue( this, type, [] ); - - if ( hooks && hooks.stop ) { - hooks.stop.call( this, true ); - } - - // Look for any active animations, and finish them - for ( index = timers.length; index--; ) { - if ( timers[ index ].elem === this && timers[ index ].queue === type ) { - timers[ index ].anim.stop( true ); - timers.splice( index, 1 ); - } - } - - // Look for any animations in the old queue and finish them - for ( index = 0; index < length; index++ ) { - if ( queue[ index ] && queue[ index ].finish ) { - queue[ index ].finish.call( this ); - } - } - - // Turn off finishing flag - delete data.finish; - } ); - } -} ); - -jQuery.each( [ "toggle", "show", "hide" ], function( _i, name ) { - var cssFn = jQuery.fn[ name ]; - jQuery.fn[ name ] = function( speed, easing, callback ) { - return speed == null || typeof speed === "boolean" ? - cssFn.apply( this, arguments ) : - this.animate( genFx( name, true ), speed, easing, callback ); - }; -} ); - -// Generate shortcuts for custom animations -jQuery.each( { - slideDown: genFx( "show" ), - slideUp: genFx( "hide" ), - slideToggle: genFx( "toggle" ), - fadeIn: { opacity: "show" }, - fadeOut: { opacity: "hide" }, - fadeToggle: { opacity: "toggle" } -}, function( name, props ) { - jQuery.fn[ name ] = function( speed, easing, callback ) { - return this.animate( props, speed, easing, callback ); - }; -} ); - -jQuery.timers = []; -jQuery.fx.tick = function() { - var timer, - i = 0, - timers = jQuery.timers; - - fxNow = Date.now(); - - for ( ; i < timers.length; i++ ) { - timer = timers[ i ]; - - // Run the timer and safely remove it when done (allowing for external removal) - if ( !timer() && timers[ i ] === timer ) { - timers.splice( i--, 1 ); - } - } - - if ( !timers.length ) { - jQuery.fx.stop(); - } - fxNow = undefined; -}; - -jQuery.fx.timer = function( timer ) { - jQuery.timers.push( timer ); - jQuery.fx.start(); -}; - -jQuery.fx.interval = 13; -jQuery.fx.start = function() { - if ( inProgress ) { - return; - } - - inProgress = true; - schedule(); -}; - -jQuery.fx.stop = function() { - inProgress = null; -}; - -jQuery.fx.speeds = { - slow: 600, - fast: 200, - - // Default speed - _default: 400 -}; - - -// Based off of the plugin by Clint Helfers, with permission. -// https://web.archive.org/web/20100324014747/http://blindsignals.com/index.php/2009/07/jquery-delay/ -jQuery.fn.delay = function( time, type ) { - time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; - type = type || "fx"; - - return this.queue( type, function( next, hooks ) { - var timeout = window.setTimeout( next, time ); - hooks.stop = function() { - window.clearTimeout( timeout ); - }; - } ); -}; - - -( function() { - var input = document.createElement( "input" ), - select = document.createElement( "select" ), - opt = select.appendChild( document.createElement( "option" ) ); - - input.type = "checkbox"; - - // Support: Android <=4.3 only - // Default value for a checkbox should be "on" - support.checkOn = input.value !== ""; - - // Support: IE <=11 only - // Must access selectedIndex to make default options select - support.optSelected = opt.selected; - - // Support: IE <=11 only - // An input loses its value after becoming a radio - input = document.createElement( "input" ); - input.value = "t"; - input.type = "radio"; - support.radioValue = input.value === "t"; -} )(); - - -var boolHook, - attrHandle = jQuery.expr.attrHandle; - -jQuery.fn.extend( { - attr: function( name, value ) { - return access( this, jQuery.attr, name, value, arguments.length > 1 ); - }, - - removeAttr: function( name ) { - return this.each( function() { - jQuery.removeAttr( this, name ); - } ); - } -} ); - -jQuery.extend( { - attr: function( elem, name, value ) { - var ret, hooks, - nType = elem.nodeType; - - // Don't get/set attributes on text, comment and attribute nodes - if ( nType === 3 || nType === 8 || nType === 2 ) { - return; - } - - // Fallback to prop when attributes are not supported - if ( typeof elem.getAttribute === "undefined" ) { - return jQuery.prop( elem, name, value ); - } - - // Attribute hooks are determined by the lowercase version - // Grab necessary hook if one is defined - if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { - hooks = jQuery.attrHooks[ name.toLowerCase() ] || - ( jQuery.expr.match.bool.test( name ) ? boolHook : undefined ); - } - - if ( value !== undefined ) { - if ( value === null ) { - jQuery.removeAttr( elem, name ); - return; - } - - if ( hooks && "set" in hooks && - ( ret = hooks.set( elem, value, name ) ) !== undefined ) { - return ret; - } - - elem.setAttribute( name, value + "" ); - return value; - } - - if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { - return ret; - } - - ret = jQuery.find.attr( elem, name ); - - // Non-existent attributes return null, we normalize to undefined - return ret == null ? undefined : ret; - }, - - attrHooks: { - type: { - set: function( elem, value ) { - if ( !support.radioValue && value === "radio" && - nodeName( elem, "input" ) ) { - var val = elem.value; - elem.setAttribute( "type", value ); - if ( val ) { - elem.value = val; - } - return value; - } - } - } - }, - - removeAttr: function( elem, value ) { - var name, - i = 0, - - // Attribute names can contain non-HTML whitespace characters - // https://html.spec.whatwg.org/multipage/syntax.html#attributes-2 - attrNames = value && value.match( rnothtmlwhite ); - - if ( attrNames && elem.nodeType === 1 ) { - while ( ( name = attrNames[ i++ ] ) ) { - elem.removeAttribute( name ); - } - } - } -} ); - -// Hooks for boolean attributes -boolHook = { - set: function( elem, value, name ) { - if ( value === false ) { - - // Remove boolean attributes when set to false - jQuery.removeAttr( elem, name ); - } else { - elem.setAttribute( name, name ); - } - return name; - } -}; - -jQuery.each( jQuery.expr.match.bool.source.match( /\w+/g ), function( _i, name ) { - var getter = attrHandle[ name ] || jQuery.find.attr; - - attrHandle[ name ] = function( elem, name, isXML ) { - var ret, handle, - lowercaseName = name.toLowerCase(); - - if ( !isXML ) { - - // Avoid an infinite loop by temporarily removing this function from the getter - handle = attrHandle[ lowercaseName ]; - attrHandle[ lowercaseName ] = ret; - ret = getter( elem, name, isXML ) != null ? - lowercaseName : - null; - attrHandle[ lowercaseName ] = handle; - } - return ret; - }; -} ); - - - - -var rfocusable = /^(?:input|select|textarea|button)$/i, - rclickable = /^(?:a|area)$/i; - -jQuery.fn.extend( { - prop: function( name, value ) { - return access( this, jQuery.prop, name, value, arguments.length > 1 ); - }, - - removeProp: function( name ) { - return this.each( function() { - delete this[ jQuery.propFix[ name ] || name ]; - } ); - } -} ); - -jQuery.extend( { - prop: function( elem, name, value ) { - var ret, hooks, - nType = elem.nodeType; - - // Don't get/set properties on text, comment and attribute nodes - if ( nType === 3 || nType === 8 || nType === 2 ) { - return; - } - - if ( nType !== 1 || !jQuery.isXMLDoc( elem ) ) { - - // Fix name and attach hooks - name = jQuery.propFix[ name ] || name; - hooks = jQuery.propHooks[ name ]; - } - - if ( value !== undefined ) { - if ( hooks && "set" in hooks && - ( ret = hooks.set( elem, value, name ) ) !== undefined ) { - return ret; - } - - return ( elem[ name ] = value ); - } - - if ( hooks && "get" in hooks && ( ret = hooks.get( elem, name ) ) !== null ) { - return ret; - } - - return elem[ name ]; - }, - - propHooks: { - tabIndex: { - get: function( elem ) { - - // Support: IE <=9 - 11 only - // elem.tabIndex doesn't always return the - // correct value when it hasn't been explicitly set - // https://web.archive.org/web/20141116233347/http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ - // Use proper attribute retrieval(#12072) - var tabindex = jQuery.find.attr( elem, "tabindex" ); - - if ( tabindex ) { - return parseInt( tabindex, 10 ); - } - - if ( - rfocusable.test( elem.nodeName ) || - rclickable.test( elem.nodeName ) && - elem.href - ) { - return 0; - } - - return -1; - } - } - }, - - propFix: { - "for": "htmlFor", - "class": "className" - } -} ); - -// Support: IE <=11 only -// Accessing the selectedIndex property -// forces the browser to respect setting selected -// on the option -// The getter ensures a default option is selected -// when in an optgroup -// eslint rule "no-unused-expressions" is disabled for this code -// since it considers such accessions noop -if ( !support.optSelected ) { - jQuery.propHooks.selected = { - get: function( elem ) { - - /* eslint no-unused-expressions: "off" */ - - var parent = elem.parentNode; - if ( parent && parent.parentNode ) { - parent.parentNode.selectedIndex; - } - return null; - }, - set: function( elem ) { - - /* eslint no-unused-expressions: "off" */ - - var parent = elem.parentNode; - if ( parent ) { - parent.selectedIndex; - - if ( parent.parentNode ) { - parent.parentNode.selectedIndex; - } - } - } - }; -} - -jQuery.each( [ - "tabIndex", - "readOnly", - "maxLength", - "cellSpacing", - "cellPadding", - "rowSpan", - "colSpan", - "useMap", - "frameBorder", - "contentEditable" -], function() { - jQuery.propFix[ this.toLowerCase() ] = this; -} ); - - - - - // Strip and collapse whitespace according to HTML spec - // https://infra.spec.whatwg.org/#strip-and-collapse-ascii-whitespace - function stripAndCollapse( value ) { - var tokens = value.match( rnothtmlwhite ) || []; - return tokens.join( " " ); - } - - -function getClass( elem ) { - return elem.getAttribute && elem.getAttribute( "class" ) || ""; -} - -function classesToArray( value ) { - if ( Array.isArray( value ) ) { - return value; - } - if ( typeof value === "string" ) { - return value.match( rnothtmlwhite ) || []; - } - return []; -} - -jQuery.fn.extend( { - addClass: function( value ) { - var classes, elem, cur, curValue, clazz, j, finalValue, - i = 0; - - if ( isFunction( value ) ) { - return this.each( function( j ) { - jQuery( this ).addClass( value.call( this, j, getClass( this ) ) ); - } ); - } - - classes = classesToArray( value ); - - if ( classes.length ) { - while ( ( elem = this[ i++ ] ) ) { - curValue = getClass( elem ); - cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); - - if ( cur ) { - j = 0; - while ( ( clazz = classes[ j++ ] ) ) { - if ( cur.indexOf( " " + clazz + " " ) < 0 ) { - cur += clazz + " "; - } - } - - // Only assign if different to avoid unneeded rendering. - finalValue = stripAndCollapse( cur ); - if ( curValue !== finalValue ) { - elem.setAttribute( "class", finalValue ); - } - } - } - } - - return this; - }, - - removeClass: function( value ) { - var classes, elem, cur, curValue, clazz, j, finalValue, - i = 0; - - if ( isFunction( value ) ) { - return this.each( function( j ) { - jQuery( this ).removeClass( value.call( this, j, getClass( this ) ) ); - } ); - } - - if ( !arguments.length ) { - return this.attr( "class", "" ); - } - - classes = classesToArray( value ); - - if ( classes.length ) { - while ( ( elem = this[ i++ ] ) ) { - curValue = getClass( elem ); - - // This expression is here for better compressibility (see addClass) - cur = elem.nodeType === 1 && ( " " + stripAndCollapse( curValue ) + " " ); - - if ( cur ) { - j = 0; - while ( ( clazz = classes[ j++ ] ) ) { - - // Remove *all* instances - while ( cur.indexOf( " " + clazz + " " ) > -1 ) { - cur = cur.replace( " " + clazz + " ", " " ); - } - } - - // Only assign if different to avoid unneeded rendering. - finalValue = stripAndCollapse( cur ); - if ( curValue !== finalValue ) { - elem.setAttribute( "class", finalValue ); - } - } - } - } - - return this; - }, - - toggleClass: function( value, stateVal ) { - var type = typeof value, - isValidValue = type === "string" || Array.isArray( value ); - - if ( typeof stateVal === "boolean" && isValidValue ) { - return stateVal ? this.addClass( value ) : this.removeClass( value ); - } - - if ( isFunction( value ) ) { - return this.each( function( i ) { - jQuery( this ).toggleClass( - value.call( this, i, getClass( this ), stateVal ), - stateVal - ); - } ); - } - - return this.each( function() { - var className, i, self, classNames; - - if ( isValidValue ) { - - // Toggle individual class names - i = 0; - self = jQuery( this ); - classNames = classesToArray( value ); - - while ( ( className = classNames[ i++ ] ) ) { - - // Check each className given, space separated list - if ( self.hasClass( className ) ) { - self.removeClass( className ); - } else { - self.addClass( className ); - } - } - - // Toggle whole class name - } else if ( value === undefined || type === "boolean" ) { - className = getClass( this ); - if ( className ) { - - // Store className if set - dataPriv.set( this, "__className__", className ); - } - - // If the element has a class name or if we're passed `false`, - // then remove the whole classname (if there was one, the above saved it). - // Otherwise bring back whatever was previously saved (if anything), - // falling back to the empty string if nothing was stored. - if ( this.setAttribute ) { - this.setAttribute( "class", - className || value === false ? - "" : - dataPriv.get( this, "__className__" ) || "" - ); - } - } - } ); - }, - - hasClass: function( selector ) { - var className, elem, - i = 0; - - className = " " + selector + " "; - while ( ( elem = this[ i++ ] ) ) { - if ( elem.nodeType === 1 && - ( " " + stripAndCollapse( getClass( elem ) ) + " " ).indexOf( className ) > -1 ) { - return true; - } - } - - return false; - } -} ); - - - - -var rreturn = /\r/g; - -jQuery.fn.extend( { - val: function( value ) { - var hooks, ret, valueIsFunction, - elem = this[ 0 ]; - - if ( !arguments.length ) { - if ( elem ) { - hooks = jQuery.valHooks[ elem.type ] || - jQuery.valHooks[ elem.nodeName.toLowerCase() ]; - - if ( hooks && - "get" in hooks && - ( ret = hooks.get( elem, "value" ) ) !== undefined - ) { - return ret; - } - - ret = elem.value; - - // Handle most common string cases - if ( typeof ret === "string" ) { - return ret.replace( rreturn, "" ); - } - - // Handle cases where value is null/undef or number - return ret == null ? "" : ret; - } - - return; - } - - valueIsFunction = isFunction( value ); - - return this.each( function( i ) { - var val; - - if ( this.nodeType !== 1 ) { - return; - } - - if ( valueIsFunction ) { - val = value.call( this, i, jQuery( this ).val() ); - } else { - val = value; - } - - // Treat null/undefined as ""; convert numbers to string - if ( val == null ) { - val = ""; - - } else if ( typeof val === "number" ) { - val += ""; - - } else if ( Array.isArray( val ) ) { - val = jQuery.map( val, function( value ) { - return value == null ? "" : value + ""; - } ); - } - - hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ]; - - // If set returns undefined, fall back to normal setting - if ( !hooks || !( "set" in hooks ) || hooks.set( this, val, "value" ) === undefined ) { - this.value = val; - } - } ); - } -} ); - -jQuery.extend( { - valHooks: { - option: { - get: function( elem ) { - - var val = jQuery.find.attr( elem, "value" ); - return val != null ? - val : - - // Support: IE <=10 - 11 only - // option.text throws exceptions (#14686, #14858) - // Strip and collapse whitespace - // https://html.spec.whatwg.org/#strip-and-collapse-whitespace - stripAndCollapse( jQuery.text( elem ) ); - } - }, - select: { - get: function( elem ) { - var value, option, i, - options = elem.options, - index = elem.selectedIndex, - one = elem.type === "select-one", - values = one ? null : [], - max = one ? index + 1 : options.length; - - if ( index < 0 ) { - i = max; - - } else { - i = one ? index : 0; - } - - // Loop through all the selected options - for ( ; i < max; i++ ) { - option = options[ i ]; - - // Support: IE <=9 only - // IE8-9 doesn't update selected after form reset (#2551) - if ( ( option.selected || i === index ) && - - // Don't return options that are disabled or in a disabled optgroup - !option.disabled && - ( !option.parentNode.disabled || - !nodeName( option.parentNode, "optgroup" ) ) ) { - - // Get the specific value for the option - value = jQuery( option ).val(); - - // We don't need an array for one selects - if ( one ) { - return value; - } - - // Multi-Selects return an array - values.push( value ); - } - } - - return values; - }, - - set: function( elem, value ) { - var optionSet, option, - options = elem.options, - values = jQuery.makeArray( value ), - i = options.length; - - while ( i-- ) { - option = options[ i ]; - - /* eslint-disable no-cond-assign */ - - if ( option.selected = - jQuery.inArray( jQuery.valHooks.option.get( option ), values ) > -1 - ) { - optionSet = true; - } - - /* eslint-enable no-cond-assign */ - } - - // Force browsers to behave consistently when non-matching value is set - if ( !optionSet ) { - elem.selectedIndex = -1; - } - return values; - } - } - } -} ); - -// Radios and checkboxes getter/setter -jQuery.each( [ "radio", "checkbox" ], function() { - jQuery.valHooks[ this ] = { - set: function( elem, value ) { - if ( Array.isArray( value ) ) { - return ( elem.checked = jQuery.inArray( jQuery( elem ).val(), value ) > -1 ); - } - } - }; - if ( !support.checkOn ) { - jQuery.valHooks[ this ].get = function( elem ) { - return elem.getAttribute( "value" ) === null ? "on" : elem.value; - }; - } -} ); - - - - -// Return jQuery for attributes-only inclusion - - -support.focusin = "onfocusin" in window; - - -var rfocusMorph = /^(?:focusinfocus|focusoutblur)$/, - stopPropagationCallback = function( e ) { - e.stopPropagation(); - }; - -jQuery.extend( jQuery.event, { - - trigger: function( event, data, elem, onlyHandlers ) { - - var i, cur, tmp, bubbleType, ontype, handle, special, lastElement, - eventPath = [ elem || document ], - type = hasOwn.call( event, "type" ) ? event.type : event, - namespaces = hasOwn.call( event, "namespace" ) ? event.namespace.split( "." ) : []; - - cur = lastElement = tmp = elem = elem || document; - - // Don't do events on text and comment nodes - if ( elem.nodeType === 3 || elem.nodeType === 8 ) { - return; - } - - // focus/blur morphs to focusin/out; ensure we're not firing them right now - if ( rfocusMorph.test( type + jQuery.event.triggered ) ) { - return; - } - - if ( type.indexOf( "." ) > -1 ) { - - // Namespaced trigger; create a regexp to match event type in handle() - namespaces = type.split( "." ); - type = namespaces.shift(); - namespaces.sort(); - } - ontype = type.indexOf( ":" ) < 0 && "on" + type; - - // Caller can pass in a jQuery.Event object, Object, or just an event type string - event = event[ jQuery.expando ] ? - event : - new jQuery.Event( type, typeof event === "object" && event ); - - // Trigger bitmask: & 1 for native handlers; & 2 for jQuery (always true) - event.isTrigger = onlyHandlers ? 2 : 3; - event.namespace = namespaces.join( "." ); - event.rnamespace = event.namespace ? - new RegExp( "(^|\\.)" + namespaces.join( "\\.(?:.*\\.|)" ) + "(\\.|$)" ) : - null; - - // Clean up the event in case it is being reused - event.result = undefined; - if ( !event.target ) { - event.target = elem; - } - - // Clone any incoming data and prepend the event, creating the handler arg list - data = data == null ? - [ event ] : - jQuery.makeArray( data, [ event ] ); - - // Allow special events to draw outside the lines - special = jQuery.event.special[ type ] || {}; - if ( !onlyHandlers && special.trigger && special.trigger.apply( elem, data ) === false ) { - return; - } - - // Determine event propagation path in advance, per W3C events spec (#9951) - // Bubble up to document, then to window; watch for a global ownerDocument var (#9724) - if ( !onlyHandlers && !special.noBubble && !isWindow( elem ) ) { - - bubbleType = special.delegateType || type; - if ( !rfocusMorph.test( bubbleType + type ) ) { - cur = cur.parentNode; - } - for ( ; cur; cur = cur.parentNode ) { - eventPath.push( cur ); - tmp = cur; - } - - // Only add window if we got to document (e.g., not plain obj or detached DOM) - if ( tmp === ( elem.ownerDocument || document ) ) { - eventPath.push( tmp.defaultView || tmp.parentWindow || window ); - } - } - - // Fire handlers on the event path - i = 0; - while ( ( cur = eventPath[ i++ ] ) && !event.isPropagationStopped() ) { - lastElement = cur; - event.type = i > 1 ? - bubbleType : - special.bindType || type; - - // jQuery handler - handle = ( dataPriv.get( cur, "events" ) || Object.create( null ) )[ event.type ] && - dataPriv.get( cur, "handle" ); - if ( handle ) { - handle.apply( cur, data ); - } - - // Native handler - handle = ontype && cur[ ontype ]; - if ( handle && handle.apply && acceptData( cur ) ) { - event.result = handle.apply( cur, data ); - if ( event.result === false ) { - event.preventDefault(); - } - } - } - event.type = type; - - // If nobody prevented the default action, do it now - if ( !onlyHandlers && !event.isDefaultPrevented() ) { - - if ( ( !special._default || - special._default.apply( eventPath.pop(), data ) === false ) && - acceptData( elem ) ) { - - // Call a native DOM method on the target with the same name as the event. - // Don't do default actions on window, that's where global variables be (#6170) - if ( ontype && isFunction( elem[ type ] ) && !isWindow( elem ) ) { - - // Don't re-trigger an onFOO event when we call its FOO() method - tmp = elem[ ontype ]; - - if ( tmp ) { - elem[ ontype ] = null; - } - - // Prevent re-triggering of the same event, since we already bubbled it above - jQuery.event.triggered = type; - - if ( event.isPropagationStopped() ) { - lastElement.addEventListener( type, stopPropagationCallback ); - } - - elem[ type ](); - - if ( event.isPropagationStopped() ) { - lastElement.removeEventListener( type, stopPropagationCallback ); - } - - jQuery.event.triggered = undefined; - - if ( tmp ) { - elem[ ontype ] = tmp; - } - } - } - } - - return event.result; - }, - - // Piggyback on a donor event to simulate a different one - // Used only for `focus(in | out)` events - simulate: function( type, elem, event ) { - var e = jQuery.extend( - new jQuery.Event(), - event, - { - type: type, - isSimulated: true - } - ); - - jQuery.event.trigger( e, null, elem ); - } - -} ); - -jQuery.fn.extend( { - - trigger: function( type, data ) { - return this.each( function() { - jQuery.event.trigger( type, data, this ); - } ); - }, - triggerHandler: function( type, data ) { - var elem = this[ 0 ]; - if ( elem ) { - return jQuery.event.trigger( type, data, elem, true ); - } - } -} ); - - -// Support: Firefox <=44 -// Firefox doesn't have focus(in | out) events -// Related ticket - https://bugzilla.mozilla.org/show_bug.cgi?id=687787 -// -// Support: Chrome <=48 - 49, Safari <=9.0 - 9.1 -// focus(in | out) events fire after focus & blur events, -// which is spec violation - http://www.w3.org/TR/DOM-Level-3-Events/#events-focusevent-event-order -// Related ticket - https://bugs.chromium.org/p/chromium/issues/detail?id=449857 -if ( !support.focusin ) { - jQuery.each( { focus: "focusin", blur: "focusout" }, function( orig, fix ) { - - // Attach a single capturing handler on the document while someone wants focusin/focusout - var handler = function( event ) { - jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ) ); - }; - - jQuery.event.special[ fix ] = { - setup: function() { - - // Handle: regular nodes (via `this.ownerDocument`), window - // (via `this.document`) & document (via `this`). - var doc = this.ownerDocument || this.document || this, - attaches = dataPriv.access( doc, fix ); - - if ( !attaches ) { - doc.addEventListener( orig, handler, true ); - } - dataPriv.access( doc, fix, ( attaches || 0 ) + 1 ); - }, - teardown: function() { - var doc = this.ownerDocument || this.document || this, - attaches = dataPriv.access( doc, fix ) - 1; - - if ( !attaches ) { - doc.removeEventListener( orig, handler, true ); - dataPriv.remove( doc, fix ); - - } else { - dataPriv.access( doc, fix, attaches ); - } - } - }; - } ); -} -var location = window.location; - -var nonce = { guid: Date.now() }; - -var rquery = ( /\?/ ); - - - -// Cross-browser xml parsing -jQuery.parseXML = function( data ) { - var xml, parserErrorElem; - if ( !data || typeof data !== "string" ) { - return null; - } - - // Support: IE 9 - 11 only - // IE throws on parseFromString with invalid input. - try { - xml = ( new window.DOMParser() ).parseFromString( data, "text/xml" ); - } catch ( e ) {} - - parserErrorElem = xml && xml.getElementsByTagName( "parsererror" )[ 0 ]; - if ( !xml || parserErrorElem ) { - jQuery.error( "Invalid XML: " + ( - parserErrorElem ? - jQuery.map( parserErrorElem.childNodes, function( el ) { - return el.textContent; - } ).join( "\n" ) : - data - ) ); - } - return xml; -}; - - -var - rbracket = /\[\]$/, - rCRLF = /\r?\n/g, - rsubmitterTypes = /^(?:submit|button|image|reset|file)$/i, - rsubmittable = /^(?:input|select|textarea|keygen)/i; - -function buildParams( prefix, obj, traditional, add ) { - var name; - - if ( Array.isArray( obj ) ) { - - // Serialize array item. - jQuery.each( obj, function( i, v ) { - if ( traditional || rbracket.test( prefix ) ) { - - // Treat each array item as a scalar. - add( prefix, v ); - - } else { - - // Item is non-scalar (array or object), encode its numeric index. - buildParams( - prefix + "[" + ( typeof v === "object" && v != null ? i : "" ) + "]", - v, - traditional, - add - ); - } - } ); - - } else if ( !traditional && toType( obj ) === "object" ) { - - // Serialize object item. - for ( name in obj ) { - buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add ); - } - - } else { - - // Serialize scalar item. - add( prefix, obj ); - } -} - -// Serialize an array of form elements or a set of -// key/values into a query string -jQuery.param = function( a, traditional ) { - var prefix, - s = [], - add = function( key, valueOrFunction ) { - - // If value is a function, invoke it and use its return value - var value = isFunction( valueOrFunction ) ? - valueOrFunction() : - valueOrFunction; - - s[ s.length ] = encodeURIComponent( key ) + "=" + - encodeURIComponent( value == null ? "" : value ); - }; - - if ( a == null ) { - return ""; - } - - // If an array was passed in, assume that it is an array of form elements. - if ( Array.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) { - - // Serialize the form elements - jQuery.each( a, function() { - add( this.name, this.value ); - } ); - - } else { - - // If traditional, encode the "old" way (the way 1.3.2 or older - // did it), otherwise encode params recursively. - for ( prefix in a ) { - buildParams( prefix, a[ prefix ], traditional, add ); - } - } - - // Return the resulting serialization - return s.join( "&" ); -}; - -jQuery.fn.extend( { - serialize: function() { - return jQuery.param( this.serializeArray() ); - }, - serializeArray: function() { - return this.map( function() { - - // Can add propHook for "elements" to filter or add form elements - var elements = jQuery.prop( this, "elements" ); - return elements ? jQuery.makeArray( elements ) : this; - } ).filter( function() { - var type = this.type; - - // Use .is( ":disabled" ) so that fieldset[disabled] works - return this.name && !jQuery( this ).is( ":disabled" ) && - rsubmittable.test( this.nodeName ) && !rsubmitterTypes.test( type ) && - ( this.checked || !rcheckableType.test( type ) ); - } ).map( function( _i, elem ) { - var val = jQuery( this ).val(); - - if ( val == null ) { - return null; - } - - if ( Array.isArray( val ) ) { - return jQuery.map( val, function( val ) { - return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; - } ); - } - - return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; - } ).get(); - } -} ); - - -var - r20 = /%20/g, - rhash = /#.*$/, - rantiCache = /([?&])_=[^&]*/, - rheaders = /^(.*?):[ \t]*([^\r\n]*)$/mg, - - // #7653, #8125, #8152: local protocol detection - rlocalProtocol = /^(?:about|app|app-storage|.+-extension|file|res|widget):$/, - rnoContent = /^(?:GET|HEAD)$/, - rprotocol = /^\/\//, - - /* Prefilters - * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example) - * 2) These are called: - * - BEFORE asking for a transport - * - AFTER param serialization (s.data is a string if s.processData is true) - * 3) key is the dataType - * 4) the catchall symbol "*" can be used - * 5) execution will start with transport dataType and THEN continue down to "*" if needed - */ - prefilters = {}, - - /* Transports bindings - * 1) key is the dataType - * 2) the catchall symbol "*" can be used - * 3) selection will start with transport dataType and THEN go to "*" if needed - */ - transports = {}, - - // Avoid comment-prolog char sequence (#10098); must appease lint and evade compression - allTypes = "*/".concat( "*" ), - - // Anchor tag for parsing the document origin - originAnchor = document.createElement( "a" ); - -originAnchor.href = location.href; - -// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport -function addToPrefiltersOrTransports( structure ) { - - // dataTypeExpression is optional and defaults to "*" - return function( dataTypeExpression, func ) { - - if ( typeof dataTypeExpression !== "string" ) { - func = dataTypeExpression; - dataTypeExpression = "*"; - } - - var dataType, - i = 0, - dataTypes = dataTypeExpression.toLowerCase().match( rnothtmlwhite ) || []; - - if ( isFunction( func ) ) { - - // For each dataType in the dataTypeExpression - while ( ( dataType = dataTypes[ i++ ] ) ) { - - // Prepend if requested - if ( dataType[ 0 ] === "+" ) { - dataType = dataType.slice( 1 ) || "*"; - ( structure[ dataType ] = structure[ dataType ] || [] ).unshift( func ); - - // Otherwise append - } else { - ( structure[ dataType ] = structure[ dataType ] || [] ).push( func ); - } - } - } - }; -} - -// Base inspection function for prefilters and transports -function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR ) { - - var inspected = {}, - seekingTransport = ( structure === transports ); - - function inspect( dataType ) { - var selected; - inspected[ dataType ] = true; - jQuery.each( structure[ dataType ] || [], function( _, prefilterOrFactory ) { - var dataTypeOrTransport = prefilterOrFactory( options, originalOptions, jqXHR ); - if ( typeof dataTypeOrTransport === "string" && - !seekingTransport && !inspected[ dataTypeOrTransport ] ) { - - options.dataTypes.unshift( dataTypeOrTransport ); - inspect( dataTypeOrTransport ); - return false; - } else if ( seekingTransport ) { - return !( selected = dataTypeOrTransport ); - } - } ); - return selected; - } - - return inspect( options.dataTypes[ 0 ] ) || !inspected[ "*" ] && inspect( "*" ); -} - -// A special extend for ajax options -// that takes "flat" options (not to be deep extended) -// Fixes #9887 -function ajaxExtend( target, src ) { - var key, deep, - flatOptions = jQuery.ajaxSettings.flatOptions || {}; - - for ( key in src ) { - if ( src[ key ] !== undefined ) { - ( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ]; - } - } - if ( deep ) { - jQuery.extend( true, target, deep ); - } - - return target; -} - -/* Handles responses to an ajax request: - * - finds the right dataType (mediates between content-type and expected dataType) - * - returns the corresponding response - */ -function ajaxHandleResponses( s, jqXHR, responses ) { - - var ct, type, finalDataType, firstDataType, - contents = s.contents, - dataTypes = s.dataTypes; - - // Remove auto dataType and get content-type in the process - while ( dataTypes[ 0 ] === "*" ) { - dataTypes.shift(); - if ( ct === undefined ) { - ct = s.mimeType || jqXHR.getResponseHeader( "Content-Type" ); - } - } - - // Check if we're dealing with a known content-type - if ( ct ) { - for ( type in contents ) { - if ( contents[ type ] && contents[ type ].test( ct ) ) { - dataTypes.unshift( type ); - break; - } - } - } - - // Check to see if we have a response for the expected dataType - if ( dataTypes[ 0 ] in responses ) { - finalDataType = dataTypes[ 0 ]; - } else { - - // Try convertible dataTypes - for ( type in responses ) { - if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[ 0 ] ] ) { - finalDataType = type; - break; - } - if ( !firstDataType ) { - firstDataType = type; - } - } - - // Or just use first one - finalDataType = finalDataType || firstDataType; - } - - // If we found a dataType - // We add the dataType to the list if needed - // and return the corresponding response - if ( finalDataType ) { - if ( finalDataType !== dataTypes[ 0 ] ) { - dataTypes.unshift( finalDataType ); - } - return responses[ finalDataType ]; - } -} - -/* Chain conversions given the request and the original response - * Also sets the responseXXX fields on the jqXHR instance - */ -function ajaxConvert( s, response, jqXHR, isSuccess ) { - var conv2, current, conv, tmp, prev, - converters = {}, - - // Work with a copy of dataTypes in case we need to modify it for conversion - dataTypes = s.dataTypes.slice(); - - // Create converters map with lowercased keys - if ( dataTypes[ 1 ] ) { - for ( conv in s.converters ) { - converters[ conv.toLowerCase() ] = s.converters[ conv ]; - } - } - - current = dataTypes.shift(); - - // Convert to each sequential dataType - while ( current ) { - - if ( s.responseFields[ current ] ) { - jqXHR[ s.responseFields[ current ] ] = response; - } - - // Apply the dataFilter if provided - if ( !prev && isSuccess && s.dataFilter ) { - response = s.dataFilter( response, s.dataType ); - } - - prev = current; - current = dataTypes.shift(); - - if ( current ) { - - // There's only work to do if current dataType is non-auto - if ( current === "*" ) { - - current = prev; - - // Convert response if prev dataType is non-auto and differs from current - } else if ( prev !== "*" && prev !== current ) { - - // Seek a direct converter - conv = converters[ prev + " " + current ] || converters[ "* " + current ]; - - // If none found, seek a pair - if ( !conv ) { - for ( conv2 in converters ) { - - // If conv2 outputs current - tmp = conv2.split( " " ); - if ( tmp[ 1 ] === current ) { - - // If prev can be converted to accepted input - conv = converters[ prev + " " + tmp[ 0 ] ] || - converters[ "* " + tmp[ 0 ] ]; - if ( conv ) { - - // Condense equivalence converters - if ( conv === true ) { - conv = converters[ conv2 ]; - - // Otherwise, insert the intermediate dataType - } else if ( converters[ conv2 ] !== true ) { - current = tmp[ 0 ]; - dataTypes.unshift( tmp[ 1 ] ); - } - break; - } - } - } - } - - // Apply converter (if not an equivalence) - if ( conv !== true ) { - - // Unless errors are allowed to bubble, catch and return them - if ( conv && s.throws ) { - response = conv( response ); - } else { - try { - response = conv( response ); - } catch ( e ) { - return { - state: "parsererror", - error: conv ? e : "No conversion from " + prev + " to " + current - }; - } - } - } - } - } - } - - return { state: "success", data: response }; -} - -jQuery.extend( { - - // Counter for holding the number of active queries - active: 0, - - // Last-Modified header cache for next request - lastModified: {}, - etag: {}, - - ajaxSettings: { - url: location.href, - type: "GET", - isLocal: rlocalProtocol.test( location.protocol ), - global: true, - processData: true, - async: true, - contentType: "application/x-www-form-urlencoded; charset=UTF-8", - - /* - timeout: 0, - data: null, - dataType: null, - username: null, - password: null, - cache: null, - throws: false, - traditional: false, - headers: {}, - */ - - accepts: { - "*": allTypes, - text: "text/plain", - html: "text/html", - xml: "application/xml, text/xml", - json: "application/json, text/javascript" - }, - - contents: { - xml: /\bxml\b/, - html: /\bhtml/, - json: /\bjson\b/ - }, - - responseFields: { - xml: "responseXML", - text: "responseText", - json: "responseJSON" - }, - - // Data converters - // Keys separate source (or catchall "*") and destination types with a single space - converters: { - - // Convert anything to text - "* text": String, - - // Text to html (true = no transformation) - "text html": true, - - // Evaluate text as a json expression - "text json": JSON.parse, - - // Parse text as xml - "text xml": jQuery.parseXML - }, - - // For options that shouldn't be deep extended: - // you can add your own custom options here if - // and when you create one that shouldn't be - // deep extended (see ajaxExtend) - flatOptions: { - url: true, - context: true - } - }, - - // Creates a full fledged settings object into target - // with both ajaxSettings and settings fields. - // If target is omitted, writes into ajaxSettings. - ajaxSetup: function( target, settings ) { - return settings ? - - // Building a settings object - ajaxExtend( ajaxExtend( target, jQuery.ajaxSettings ), settings ) : - - // Extending ajaxSettings - ajaxExtend( jQuery.ajaxSettings, target ); - }, - - ajaxPrefilter: addToPrefiltersOrTransports( prefilters ), - ajaxTransport: addToPrefiltersOrTransports( transports ), - - // Main method - ajax: function( url, options ) { - - // If url is an object, simulate pre-1.5 signature - if ( typeof url === "object" ) { - options = url; - url = undefined; - } - - // Force options to be an object - options = options || {}; - - var transport, - - // URL without anti-cache param - cacheURL, - - // Response headers - responseHeadersString, - responseHeaders, - - // timeout handle - timeoutTimer, - - // Url cleanup var - urlAnchor, - - // Request state (becomes false upon send and true upon completion) - completed, - - // To know if global events are to be dispatched - fireGlobals, - - // Loop variable - i, - - // uncached part of the url - uncached, - - // Create the final options object - s = jQuery.ajaxSetup( {}, options ), - - // Callbacks context - callbackContext = s.context || s, - - // Context for global events is callbackContext if it is a DOM node or jQuery collection - globalEventContext = s.context && - ( callbackContext.nodeType || callbackContext.jquery ) ? - jQuery( callbackContext ) : - jQuery.event, - - // Deferreds - deferred = jQuery.Deferred(), - completeDeferred = jQuery.Callbacks( "once memory" ), - - // Status-dependent callbacks - statusCode = s.statusCode || {}, - - // Headers (they are sent all at once) - requestHeaders = {}, - requestHeadersNames = {}, - - // Default abort message - strAbort = "canceled", - - // Fake xhr - jqXHR = { - readyState: 0, - - // Builds headers hashtable if needed - getResponseHeader: function( key ) { - var match; - if ( completed ) { - if ( !responseHeaders ) { - responseHeaders = {}; - while ( ( match = rheaders.exec( responseHeadersString ) ) ) { - responseHeaders[ match[ 1 ].toLowerCase() + " " ] = - ( responseHeaders[ match[ 1 ].toLowerCase() + " " ] || [] ) - .concat( match[ 2 ] ); - } - } - match = responseHeaders[ key.toLowerCase() + " " ]; - } - return match == null ? null : match.join( ", " ); - }, - - // Raw string - getAllResponseHeaders: function() { - return completed ? responseHeadersString : null; - }, - - // Caches the header - setRequestHeader: function( name, value ) { - if ( completed == null ) { - name = requestHeadersNames[ name.toLowerCase() ] = - requestHeadersNames[ name.toLowerCase() ] || name; - requestHeaders[ name ] = value; - } - return this; - }, - - // Overrides response content-type header - overrideMimeType: function( type ) { - if ( completed == null ) { - s.mimeType = type; - } - return this; - }, - - // Status-dependent callbacks - statusCode: function( map ) { - var code; - if ( map ) { - if ( completed ) { - - // Execute the appropriate callbacks - jqXHR.always( map[ jqXHR.status ] ); - } else { - - // Lazy-add the new callbacks in a way that preserves old ones - for ( code in map ) { - statusCode[ code ] = [ statusCode[ code ], map[ code ] ]; - } - } - } - return this; - }, - - // Cancel the request - abort: function( statusText ) { - var finalText = statusText || strAbort; - if ( transport ) { - transport.abort( finalText ); - } - done( 0, finalText ); - return this; - } - }; - - // Attach deferreds - deferred.promise( jqXHR ); - - // Add protocol if not provided (prefilters might expect it) - // Handle falsy url in the settings object (#10093: consistency with old signature) - // We also use the url parameter if available - s.url = ( ( url || s.url || location.href ) + "" ) - .replace( rprotocol, location.protocol + "//" ); - - // Alias method option to type as per ticket #12004 - s.type = options.method || options.type || s.method || s.type; - - // Extract dataTypes list - s.dataTypes = ( s.dataType || "*" ).toLowerCase().match( rnothtmlwhite ) || [ "" ]; - - // A cross-domain request is in order when the origin doesn't match the current origin. - if ( s.crossDomain == null ) { - urlAnchor = document.createElement( "a" ); - - // Support: IE <=8 - 11, Edge 12 - 15 - // IE throws exception on accessing the href property if url is malformed, - // e.g. http://example.com:80x/ - try { - urlAnchor.href = s.url; - - // Support: IE <=8 - 11 only - // Anchor's host property isn't correctly set when s.url is relative - urlAnchor.href = urlAnchor.href; - s.crossDomain = originAnchor.protocol + "//" + originAnchor.host !== - urlAnchor.protocol + "//" + urlAnchor.host; - } catch ( e ) { - - // If there is an error parsing the URL, assume it is crossDomain, - // it can be rejected by the transport if it is invalid - s.crossDomain = true; - } - } - - // Convert data if not already a string - if ( s.data && s.processData && typeof s.data !== "string" ) { - s.data = jQuery.param( s.data, s.traditional ); - } - - // Apply prefilters - inspectPrefiltersOrTransports( prefilters, s, options, jqXHR ); - - // If request was aborted inside a prefilter, stop there - if ( completed ) { - return jqXHR; - } - - // We can fire global events as of now if asked to - // Don't fire events if jQuery.event is undefined in an AMD-usage scenario (#15118) - fireGlobals = jQuery.event && s.global; - - // Watch for a new set of requests - if ( fireGlobals && jQuery.active++ === 0 ) { - jQuery.event.trigger( "ajaxStart" ); - } - - // Uppercase the type - s.type = s.type.toUpperCase(); - - // Determine if request has content - s.hasContent = !rnoContent.test( s.type ); - - // Save the URL in case we're toying with the If-Modified-Since - // and/or If-None-Match header later on - // Remove hash to simplify url manipulation - cacheURL = s.url.replace( rhash, "" ); - - // More options handling for requests with no content - if ( !s.hasContent ) { - - // Remember the hash so we can put it back - uncached = s.url.slice( cacheURL.length ); - - // If data is available and should be processed, append data to url - if ( s.data && ( s.processData || typeof s.data === "string" ) ) { - cacheURL += ( rquery.test( cacheURL ) ? "&" : "?" ) + s.data; - - // #9682: remove data so that it's not used in an eventual retry - delete s.data; - } - - // Add or update anti-cache param if needed - if ( s.cache === false ) { - cacheURL = cacheURL.replace( rantiCache, "$1" ); - uncached = ( rquery.test( cacheURL ) ? "&" : "?" ) + "_=" + ( nonce.guid++ ) + - uncached; - } - - // Put hash and anti-cache on the URL that will be requested (gh-1732) - s.url = cacheURL + uncached; - - // Change '%20' to '+' if this is encoded form body content (gh-2658) - } else if ( s.data && s.processData && - ( s.contentType || "" ).indexOf( "application/x-www-form-urlencoded" ) === 0 ) { - s.data = s.data.replace( r20, "+" ); - } - - // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. - if ( s.ifModified ) { - if ( jQuery.lastModified[ cacheURL ] ) { - jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ cacheURL ] ); - } - if ( jQuery.etag[ cacheURL ] ) { - jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ cacheURL ] ); - } - } - - // Set the correct header, if data is being sent - if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) { - jqXHR.setRequestHeader( "Content-Type", s.contentType ); - } - - // Set the Accepts header for the server, depending on the dataType - jqXHR.setRequestHeader( - "Accept", - s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[ 0 ] ] ? - s.accepts[ s.dataTypes[ 0 ] ] + - ( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) : - s.accepts[ "*" ] - ); - - // Check for headers option - for ( i in s.headers ) { - jqXHR.setRequestHeader( i, s.headers[ i ] ); - } - - // Allow custom headers/mimetypes and early abort - if ( s.beforeSend && - ( s.beforeSend.call( callbackContext, jqXHR, s ) === false || completed ) ) { - - // Abort if not done already and return - return jqXHR.abort(); - } - - // Aborting is no longer a cancellation - strAbort = "abort"; - - // Install callbacks on deferreds - completeDeferred.add( s.complete ); - jqXHR.done( s.success ); - jqXHR.fail( s.error ); - - // Get transport - transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR ); - - // If no transport, we auto-abort - if ( !transport ) { - done( -1, "No Transport" ); - } else { - jqXHR.readyState = 1; - - // Send global event - if ( fireGlobals ) { - globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] ); - } - - // If request was aborted inside ajaxSend, stop there - if ( completed ) { - return jqXHR; - } - - // Timeout - if ( s.async && s.timeout > 0 ) { - timeoutTimer = window.setTimeout( function() { - jqXHR.abort( "timeout" ); - }, s.timeout ); - } - - try { - completed = false; - transport.send( requestHeaders, done ); - } catch ( e ) { - - // Rethrow post-completion exceptions - if ( completed ) { - throw e; - } - - // Propagate others as results - done( -1, e ); - } - } - - // Callback for when everything is done - function done( status, nativeStatusText, responses, headers ) { - var isSuccess, success, error, response, modified, - statusText = nativeStatusText; - - // Ignore repeat invocations - if ( completed ) { - return; - } - - completed = true; - - // Clear timeout if it exists - if ( timeoutTimer ) { - window.clearTimeout( timeoutTimer ); - } - - // Dereference transport for early garbage collection - // (no matter how long the jqXHR object will be used) - transport = undefined; - - // Cache response headers - responseHeadersString = headers || ""; - - // Set readyState - jqXHR.readyState = status > 0 ? 4 : 0; - - // Determine if successful - isSuccess = status >= 200 && status < 300 || status === 304; - - // Get response data - if ( responses ) { - response = ajaxHandleResponses( s, jqXHR, responses ); - } - - // Use a noop converter for missing script but not if jsonp - if ( !isSuccess && - jQuery.inArray( "script", s.dataTypes ) > -1 && - jQuery.inArray( "json", s.dataTypes ) < 0 ) { - s.converters[ "text script" ] = function() {}; - } - - // Convert no matter what (that way responseXXX fields are always set) - response = ajaxConvert( s, response, jqXHR, isSuccess ); - - // If successful, handle type chaining - if ( isSuccess ) { - - // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. - if ( s.ifModified ) { - modified = jqXHR.getResponseHeader( "Last-Modified" ); - if ( modified ) { - jQuery.lastModified[ cacheURL ] = modified; - } - modified = jqXHR.getResponseHeader( "etag" ); - if ( modified ) { - jQuery.etag[ cacheURL ] = modified; - } - } - - // if no content - if ( status === 204 || s.type === "HEAD" ) { - statusText = "nocontent"; - - // if not modified - } else if ( status === 304 ) { - statusText = "notmodified"; - - // If we have data, let's convert it - } else { - statusText = response.state; - success = response.data; - error = response.error; - isSuccess = !error; - } - } else { - - // Extract error from statusText and normalize for non-aborts - error = statusText; - if ( status || !statusText ) { - statusText = "error"; - if ( status < 0 ) { - status = 0; - } - } - } - - // Set data for the fake xhr object - jqXHR.status = status; - jqXHR.statusText = ( nativeStatusText || statusText ) + ""; - - // Success/Error - if ( isSuccess ) { - deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] ); - } else { - deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] ); - } - - // Status-dependent callbacks - jqXHR.statusCode( statusCode ); - statusCode = undefined; - - if ( fireGlobals ) { - globalEventContext.trigger( isSuccess ? "ajaxSuccess" : "ajaxError", - [ jqXHR, s, isSuccess ? success : error ] ); - } - - // Complete - completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] ); - - if ( fireGlobals ) { - globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] ); - - // Handle the global AJAX counter - if ( !( --jQuery.active ) ) { - jQuery.event.trigger( "ajaxStop" ); - } - } - } - - return jqXHR; - }, - - getJSON: function( url, data, callback ) { - return jQuery.get( url, data, callback, "json" ); - }, - - getScript: function( url, callback ) { - return jQuery.get( url, undefined, callback, "script" ); - } -} ); - -jQuery.each( [ "get", "post" ], function( _i, method ) { - jQuery[ method ] = function( url, data, callback, type ) { - - // Shift arguments if data argument was omitted - if ( isFunction( data ) ) { - type = type || callback; - callback = data; - data = undefined; - } - - // The url can be an options object (which then must have .url) - return jQuery.ajax( jQuery.extend( { - url: url, - type: method, - dataType: type, - data: data, - success: callback - }, jQuery.isPlainObject( url ) && url ) ); - }; -} ); - -jQuery.ajaxPrefilter( function( s ) { - var i; - for ( i in s.headers ) { - if ( i.toLowerCase() === "content-type" ) { - s.contentType = s.headers[ i ] || ""; - } - } -} ); - - -jQuery._evalUrl = function( url, options, doc ) { - return jQuery.ajax( { - url: url, - - // Make this explicit, since user can override this through ajaxSetup (#11264) - type: "GET", - dataType: "script", - cache: true, - async: false, - global: false, - - // Only evaluate the response if it is successful (gh-4126) - // dataFilter is not invoked for failure responses, so using it instead - // of the default converter is kludgy but it works. - converters: { - "text script": function() {} - }, - dataFilter: function( response ) { - jQuery.globalEval( response, options, doc ); - } - } ); -}; - - -jQuery.fn.extend( { - wrapAll: function( html ) { - var wrap; - - if ( this[ 0 ] ) { - if ( isFunction( html ) ) { - html = html.call( this[ 0 ] ); - } - - // The elements to wrap the target around - wrap = jQuery( html, this[ 0 ].ownerDocument ).eq( 0 ).clone( true ); - - if ( this[ 0 ].parentNode ) { - wrap.insertBefore( this[ 0 ] ); - } - - wrap.map( function() { - var elem = this; - - while ( elem.firstElementChild ) { - elem = elem.firstElementChild; - } - - return elem; - } ).append( this ); - } - - return this; - }, - - wrapInner: function( html ) { - if ( isFunction( html ) ) { - return this.each( function( i ) { - jQuery( this ).wrapInner( html.call( this, i ) ); - } ); - } - - return this.each( function() { - var self = jQuery( this ), - contents = self.contents(); - - if ( contents.length ) { - contents.wrapAll( html ); - - } else { - self.append( html ); - } - } ); - }, - - wrap: function( html ) { - var htmlIsFunction = isFunction( html ); - - return this.each( function( i ) { - jQuery( this ).wrapAll( htmlIsFunction ? html.call( this, i ) : html ); - } ); - }, - - unwrap: function( selector ) { - this.parent( selector ).not( "body" ).each( function() { - jQuery( this ).replaceWith( this.childNodes ); - } ); - return this; - } -} ); - - -jQuery.expr.pseudos.hidden = function( elem ) { - return !jQuery.expr.pseudos.visible( elem ); -}; -jQuery.expr.pseudos.visible = function( elem ) { - return !!( elem.offsetWidth || elem.offsetHeight || elem.getClientRects().length ); -}; - - - - -jQuery.ajaxSettings.xhr = function() { - try { - return new window.XMLHttpRequest(); - } catch ( e ) {} -}; - -var xhrSuccessStatus = { - - // File protocol always yields status code 0, assume 200 - 0: 200, - - // Support: IE <=9 only - // #1450: sometimes IE returns 1223 when it should be 204 - 1223: 204 - }, - xhrSupported = jQuery.ajaxSettings.xhr(); - -support.cors = !!xhrSupported && ( "withCredentials" in xhrSupported ); -support.ajax = xhrSupported = !!xhrSupported; - -jQuery.ajaxTransport( function( options ) { - var callback, errorCallback; - - // Cross domain only allowed if supported through XMLHttpRequest - if ( support.cors || xhrSupported && !options.crossDomain ) { - return { - send: function( headers, complete ) { - var i, - xhr = options.xhr(); - - xhr.open( - options.type, - options.url, - options.async, - options.username, - options.password - ); - - // Apply custom fields if provided - if ( options.xhrFields ) { - for ( i in options.xhrFields ) { - xhr[ i ] = options.xhrFields[ i ]; - } - } - - // Override mime type if needed - if ( options.mimeType && xhr.overrideMimeType ) { - xhr.overrideMimeType( options.mimeType ); - } - - // X-Requested-With header - // For cross-domain requests, seeing as conditions for a preflight are - // akin to a jigsaw puzzle, we simply never set it to be sure. - // (it can always be set on a per-request basis or even using ajaxSetup) - // For same-domain requests, won't change header if already provided. - if ( !options.crossDomain && !headers[ "X-Requested-With" ] ) { - headers[ "X-Requested-With" ] = "XMLHttpRequest"; - } - - // Set headers - for ( i in headers ) { - xhr.setRequestHeader( i, headers[ i ] ); - } - - // Callback - callback = function( type ) { - return function() { - if ( callback ) { - callback = errorCallback = xhr.onload = - xhr.onerror = xhr.onabort = xhr.ontimeout = - xhr.onreadystatechange = null; - - if ( type === "abort" ) { - xhr.abort(); - } else if ( type === "error" ) { - - // Support: IE <=9 only - // On a manual native abort, IE9 throws - // errors on any property access that is not readyState - if ( typeof xhr.status !== "number" ) { - complete( 0, "error" ); - } else { - complete( - - // File: protocol always yields status 0; see #8605, #14207 - xhr.status, - xhr.statusText - ); - } - } else { - complete( - xhrSuccessStatus[ xhr.status ] || xhr.status, - xhr.statusText, - - // Support: IE <=9 only - // IE9 has no XHR2 but throws on binary (trac-11426) - // For XHR2 non-text, let the caller handle it (gh-2498) - ( xhr.responseType || "text" ) !== "text" || - typeof xhr.responseText !== "string" ? - { binary: xhr.response } : - { text: xhr.responseText }, - xhr.getAllResponseHeaders() - ); - } - } - }; - }; - - // Listen to events - xhr.onload = callback(); - errorCallback = xhr.onerror = xhr.ontimeout = callback( "error" ); - - // Support: IE 9 only - // Use onreadystatechange to replace onabort - // to handle uncaught aborts - if ( xhr.onabort !== undefined ) { - xhr.onabort = errorCallback; - } else { - xhr.onreadystatechange = function() { - - // Check readyState before timeout as it changes - if ( xhr.readyState === 4 ) { - - // Allow onerror to be called first, - // but that will not handle a native abort - // Also, save errorCallback to a variable - // as xhr.onerror cannot be accessed - window.setTimeout( function() { - if ( callback ) { - errorCallback(); - } - } ); - } - }; - } - - // Create the abort callback - callback = callback( "abort" ); - - try { - - // Do send the request (this may raise an exception) - xhr.send( options.hasContent && options.data || null ); - } catch ( e ) { - - // #14683: Only rethrow if this hasn't been notified as an error yet - if ( callback ) { - throw e; - } - } - }, - - abort: function() { - if ( callback ) { - callback(); - } - } - }; - } -} ); - - - - -// Prevent auto-execution of scripts when no explicit dataType was provided (See gh-2432) -jQuery.ajaxPrefilter( function( s ) { - if ( s.crossDomain ) { - s.contents.script = false; - } -} ); - -// Install script dataType -jQuery.ajaxSetup( { - accepts: { - script: "text/javascript, application/javascript, " + - "application/ecmascript, application/x-ecmascript" - }, - contents: { - script: /\b(?:java|ecma)script\b/ - }, - converters: { - "text script": function( text ) { - jQuery.globalEval( text ); - return text; - } - } -} ); - -// Handle cache's special case and crossDomain -jQuery.ajaxPrefilter( "script", function( s ) { - if ( s.cache === undefined ) { - s.cache = false; - } - if ( s.crossDomain ) { - s.type = "GET"; - } -} ); - -// Bind script tag hack transport -jQuery.ajaxTransport( "script", function( s ) { - - // This transport only deals with cross domain or forced-by-attrs requests - if ( s.crossDomain || s.scriptAttrs ) { - var script, callback; - return { - send: function( _, complete ) { - script = jQuery( " - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Contributing to the MIT Kerberos Documentation¶

-

We are looking for documentation writers and editors who could contribute -towards improving the MIT KC documentation content. If you are an experienced -Kerberos developer and/or administrator, please consider sharing your knowledge -and experience with the Kerberos Community. You can suggest your own topic or -write about any of the topics listed -here.

-

If you have any questions, comments, or suggestions on the existing documents, -please send your feedback via email to krb5-bugs@mit.edu. The HTML version of -this documentation has a “FEEDBACK†link to the krb5-bugs@mit.edu email -address with a pre-constructed subject line.

-
-

Background¶

-

Starting with release 1.11, the Kerberos documentation set is -unified in a central form. Man pages, HTML documentation, and PDF -documents are compiled from reStructuredText sources, and the application -developer documentation incorporates Doxygen markup from the source -tree. This project was undertaken along the outline described -here.

-

Previous versions of Kerberos 5 attempted to maintain separate documentation -in the texinfo format, with separate groff manual pages. Having the API -documentation disjoint from the source code implementing that API -resulted in the documentation becoming stale, and over time the documentation -ceased to match reality. With a fresh start and a source format that is -easier to use and maintain, reStructuredText-based documents should provide -an improved experience for the user. Consolidating all the documentation -formats into a single source document makes the documentation set easier -to maintain.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/index.html b/krb5-1.21.3/doc/html/admin/admin_commands/index.html deleted file mode 100644 index 42935051..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/index.html +++ /dev/null @@ -1,180 +0,0 @@ - - - - - - - - - Administration programs — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/k5srvutil.html b/krb5-1.21.3/doc/html/admin/admin_commands/k5srvutil.html deleted file mode 100644 index e2e3bc5f..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/k5srvutil.html +++ /dev/null @@ -1,225 +0,0 @@ - - - - - - - - - k5srvutil — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

k5srvutil¶

-
-

SYNOPSIS¶

-

k5srvutil operation -[-i] -[-f filename] -[-e keysalts]

-
-
-

DESCRIPTION¶

-

k5srvutil allows an administrator to list keys currently in -a keytab, to obtain new keys for a principal currently in a keytab, -or to delete non-current keys from a keytab.

-

operation must be one of the following:

-
-
list

Lists the keys in a keytab, showing version number and principal -name.

-
-
change

Uses the kadmin protocol to update the keys in the Kerberos -database to new randomly-generated keys, and updates the keys in -the keytab to match. If a key’s version number doesn’t match the -version number stored in the Kerberos server’s database, then the -operation will fail. If the -i flag is given, k5srvutil will -prompt for confirmation before changing each key. If the -k -option is given, the old and new keys will be displayed. -Ordinarily, keys will be generated with the default encryption -types and key salts. This can be overridden with the -e -option. Old keys are retained in the keytab so that existing -tickets continue to work, but delold should be used after -such tickets expire, to prevent attacks against the old keys.

-
-
delold

Deletes keys that are not the most recent version from the keytab. -This operation should be used some time after a change operation -to remove old keys, after existing tickets issued for the service -have expired. If the -i flag is given, then k5srvutil will -prompt for confirmation for each principal.

-
-
delete

Deletes particular keys in the keytab, interactively prompting for -each key.

-
-
-

In all cases, the default keytab is used unless this is overridden by -the -f option.

-

k5srvutil uses the kadmin program to edit the keytab in -place.

-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kadmin, ktutil, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/kadmin_local.html b/krb5-1.21.3/doc/html/admin/admin_commands/kadmin_local.html deleted file mode 100644 index 1b6e42b3..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/kadmin_local.html +++ /dev/null @@ -1,1018 +0,0 @@ - - - - - - - - - kadmin — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kadmin¶

-
-

SYNOPSIS¶

-

kadmin -[-O|-N] -[-r realm] -[-p principal] -[-q query] -[[-c cache_name]|[-k [-t keytab]]|-n] -[-w password] -[-s admin_server[:port]] -[command args…]

-

kadmin.local -[-r realm] -[-p principal] -[-q query] -[-d dbname] -[-e enc:salt …] -[-m] -[-x db_args] -[command args…]

-
-
-

DESCRIPTION¶

-

kadmin and kadmin.local are command-line interfaces to the Kerberos V5 -administration system. They provide nearly identical functionalities; -the difference is that kadmin.local directly accesses the KDC -database, while kadmin performs operations using kadmind. -Except as explicitly noted otherwise, this man page will use “kadmin†-to refer to both versions. kadmin provides for the maintenance of -Kerberos principals, password policies, and service key tables -(keytabs).

-

The remote kadmin client uses Kerberos to authenticate to kadmind -using the service principal kadmin/admin or kadmin/ADMINHOST -(where ADMINHOST is the fully-qualified hostname of the admin -server). If the credentials cache contains a ticket for one of these -principals, and the -c credentials_cache option is specified, that -ticket is used to authenticate to kadmind. Otherwise, the -p and --k options are used to specify the client Kerberos principal name -used to authenticate. Once kadmin has determined the principal name, -it requests a service ticket from the KDC, and uses that service -ticket to authenticate to kadmind.

-

Since kadmin.local directly accesses the KDC database, it usually must -be run directly on the primary KDC with sufficient permissions to read -the KDC database. If the KDC database uses the LDAP database module, -kadmin.local can be run on any host which can access the LDAP server.

-
-
-

OPTIONS¶

-
-
-r realm

Use realm as the default database realm.

-
-
-p principal

Use principal to authenticate. Otherwise, kadmin will append -/admin to the primary principal name of the default ccache, -the value of the USER environment variable, or the username as -obtained with getpwuid, in order of preference.

-
-
-k

Use a keytab to decrypt the KDC response instead of prompting for -a password. In this case, the default principal will be -host/hostname. If there is no keytab specified with the --t option, then the default keytab will be used.

-
-
-t keytab

Use keytab to decrypt the KDC response. This can only be used -with the -k option.

-
-
-n

Requests anonymous processing. Two types of anonymous principals -are supported. For fully anonymous Kerberos, configure PKINIT on -the KDC and configure pkinit_anchors in the client’s -krb5.conf. Then use the -n option with a principal -of the form @REALM (an empty principal name followed by the -at-sign and a realm name). If permitted by the KDC, an anonymous -ticket will be returned. A second form of anonymous tickets is -supported; these realm-exposed tickets hide the identity of the -client but not the client’s realm. For this mode, use kinit --n with a normal principal name. If supported by the KDC, the -principal (but not realm) will be replaced by the anonymous -principal. As of release 1.8, the MIT Kerberos KDC only supports -fully anonymous operation.

-
-
-c credentials_cache

Use credentials_cache as the credentials cache. The cache -should contain a service ticket for the kadmin/admin or -kadmin/ADMINHOST (where ADMINHOST is the fully-qualified -hostname of the admin server) service; it can be acquired with the -kinit program. If this option is not specified, kadmin -requests a new service ticket from the KDC, and stores it in its -own temporary ccache.

-
-
-w password

Use password instead of prompting for one. Use this option with -care, as it may expose the password to other users on the system -via the process list.

-
-
-q query

Perform the specified query and then exit.

-
-
-d dbname

Specifies the name of the KDC database. This option does not -apply to the LDAP database module.

-
-
-s admin_server[:port]

Specifies the admin server which kadmin should contact.

-
-
-m

If using kadmin.local, prompt for the database master password -instead of reading it from a stash file.

-
-
-e “enc:salt …â€

Sets the keysalt list to be used for any new keys created. See -Keysalt lists in kdc.conf for a list of possible -values.

-
-
-O

Force use of old AUTH_GSSAPI authentication flavor.

-
-
-N

Prevent fallback to AUTH_GSSAPI authentication flavor.

-
-
-x db_args

Specifies the database specific arguments. See the next section -for supported options.

-
-
-

Starting with release 1.14, if any command-line arguments remain after -the options, they will be treated as a single query to be executed. -This mode of operation is intended for scripts and behaves differently -from the interactive mode in several respects:

-
    -
  • Query arguments are split by the shell, not by kadmin.

  • -
  • Informational and warning messages are suppressed. Error messages -and query output (e.g. for get_principal) will still be -displayed.

  • -
  • Confirmation prompts are disabled (as if -force was given). -Password prompts will still be issued as required.

  • -
  • The exit status will be non-zero if the query fails.

  • -
-

The -q option does not carry these behavior differences; the query -will be processed as if it was entered interactively. The -q -option cannot be used in combination with a query in the remaining -arguments.

-
-
-

DATABASE OPTIONS¶

-

Database options can be used to override database-specific defaults. -Supported options for the DB2 module are:

-
-
-
-x dbname=*filename*

Specifies the base filename of the DB2 database.

-
-
-x lockiter

Make iteration operations hold the lock for the duration of -the entire operation, rather than temporarily releasing the -lock while handling each principal. This is the default -behavior, but this option exists to allow command line -override of a [dbmodules] setting. First introduced in -release 1.13.

-
-
-x unlockiter

Make iteration operations unlock the database for each -principal, instead of holding the lock for the duration of the -entire operation. First introduced in release 1.13.

-
-
-
-

Supported options for the LDAP module are:

-
-
-
-x host=ldapuri

Specifies the LDAP server to connect to by a LDAP URI.

-
-
-x binddn=bind_dn

Specifies the DN used to bind to the LDAP server.

-
-
-x bindpwd=password

Specifies the password or SASL secret used to bind to the LDAP -server. Using this option may expose the password to other -users on the system via the process list; to avoid this, -instead stash the password using the stashsrvpw command of -kdb5_ldap_util.

-
-
-x sasl_mech=mechanism

Specifies the SASL mechanism used to bind to the LDAP server. -The bind DN is ignored if a SASL mechanism is used. New in -release 1.13.

-
-
-x sasl_authcid=name

Specifies the authentication name used when binding to the -LDAP server with a SASL mechanism, if the mechanism requires -one. New in release 1.13.

-
-
-x sasl_authzid=name

Specifies the authorization name used when binding to the LDAP -server with a SASL mechanism. New in release 1.13.

-
-
-x sasl_realm=realm

Specifies the realm used when binding to the LDAP server with -a SASL mechanism, if the mechanism uses one. New in release -1.13.

-
-
-x debug=level

sets the OpenLDAP client library debug level. level is an -integer to be interpreted by the library. Debugging messages -are printed to standard error. New in release 1.12.

-
-
-
-
-
-

COMMANDS¶

-

When using the remote client, available commands may be restricted -according to the privileges specified in the kadm5.acl file -on the admin server.

-
-

add_principal¶

-
-

add_principal [options] newprinc

-
-

Creates the principal newprinc, prompting twice for a password. If -no password policy is specified with the -policy option, and the -policy named default is assigned to the principal if it exists. -However, creating a policy named default will not automatically -assign this policy to previously existing principals. This policy -assignment can be suppressed with the -clearpolicy option.

-

This command requires the add privilege.

-

Aliases: addprinc, ank

-

Options:

-
-
-expire expdate

(getdate time string) The expiration date of the principal.

-
-
-pwexpire pwexpdate

(getdate time string) The password expiration date.

-
-
-maxlife maxlife

(Time duration or getdate time string) The maximum ticket life -for the principal.

-
-
-maxrenewlife maxrenewlife

(Time duration or getdate time string) The maximum renewable -life of tickets for the principal.

-
-
-kvno kvno

The initial key version number.

-
-
-policy policy

The password policy used by this principal. If not specified, the -policy default is used if it exists (unless -clearpolicy -is specified).

-
-
-clearpolicy

Prevents any policy from being assigned when -policy is not -specified.

-
-
{-|+}allow_postdated

-allow_postdated prohibits this principal from obtaining -postdated tickets. +allow_postdated clears this flag.

-
-
{-|+}allow_forwardable

-allow_forwardable prohibits this principal from obtaining -forwardable tickets. +allow_forwardable clears this flag.

-
-
{-|+}allow_renewable

-allow_renewable prohibits this principal from obtaining -renewable tickets. +allow_renewable clears this flag.

-
-
{-|+}allow_proxiable

-allow_proxiable prohibits this principal from obtaining -proxiable tickets. +allow_proxiable clears this flag.

-
-
{-|+}allow_dup_skey

-allow_dup_skey disables user-to-user authentication for this -principal by prohibiting others from obtaining a service ticket -encrypted in this principal’s TGT session key. -+allow_dup_skey clears this flag.

-
-
{-|+}requires_preauth

+requires_preauth requires this principal to preauthenticate -before being allowed to kinit. -requires_preauth clears this -flag. When +requires_preauth is set on a service principal, -the KDC will only issue service tickets for that service principal -if the client’s initial authentication was performed using -preauthentication.

-
-
{-|+}requires_hwauth

+requires_hwauth requires this principal to preauthenticate -using a hardware device before being allowed to kinit. --requires_hwauth clears this flag. When +requires_hwauth is -set on a service principal, the KDC will only issue service tickets -for that service principal if the client’s initial authentication was -performed using a hardware device to preauthenticate.

-
-
{-|+}ok_as_delegate

+ok_as_delegate sets the okay as delegate flag on tickets -issued with this principal as the service. Clients may use this -flag as a hint that credentials should be delegated when -authenticating to the service. -ok_as_delegate clears this -flag.

-
-
{-|+}allow_svr

-allow_svr prohibits the issuance of service tickets for this -principal. In release 1.17 and later, user-to-user service -tickets are still allowed unless the -allow_dup_skey flag is -also set. +allow_svr clears this flag.

-
-
{-|+}allow_tgs_req

-allow_tgs_req specifies that a Ticket-Granting Service (TGS) -request for a service ticket for this principal is not permitted. -+allow_tgs_req clears this flag.

-
-
{-|+}allow_tix

-allow_tix forbids the issuance of any tickets for this -principal. +allow_tix clears this flag.

-
-
{-|+}needchange

+needchange forces a password change on the next initial -authentication to this principal. -needchange clears this -flag.

-
-
{-|+}password_changing_service

+password_changing_service marks this principal as a password -change service principal.

-
-
{-|+}ok_to_auth_as_delegate

+ok_to_auth_as_delegate allows this principal to acquire -forwardable tickets to itself from arbitrary users, for use with -constrained delegation.

-
-
{-|+}no_auth_data_required

+no_auth_data_required prevents PAC or AD-SIGNEDPATH data from -being added to service tickets for the principal.

-
-
{-|+}lockdown_keys

+lockdown_keys prevents keys for this principal from leaving -the KDC via kadmind. The chpass and extract operations are denied -for a principal with this attribute. The chrand operation is -allowed, but will not return the new keys. The delete and rename -operations are also denied if this attribute is set, in order to -prevent a malicious administrator from replacing principals like -krbtgt/* or kadmin/* with new principals without the attribute. -This attribute can be set via the network protocol, but can only -be removed using kadmin.local.

-
-
-randkey

Sets the key of the principal to a random value.

-
-
-nokey

Causes the principal to be created with no key. New in release -1.12.

-
-
-pw password

Sets the password of the principal to the specified string and -does not prompt for a password. Note: using this option in a -shell script may expose the password to other users on the system -via the process list.

-
-
-e enc:salt,…

Uses the specified keysalt list for setting the keys of the -principal. See Keysalt lists in kdc.conf for a -list of possible values.

-
-
-x db_princ_args

Indicates database-specific options. The options for the LDAP -database module are:

-
-
-x dn=dn

Specifies the LDAP object that will contain the Kerberos -principal being created.

-
-
-x linkdn=dn

Specifies the LDAP object to which the newly created Kerberos -principal object will point.

-
-
-x containerdn=container_dn

Specifies the container object under which the Kerberos -principal is to be created.

-
-
-x tktpolicy=policy

Associates a ticket policy to the Kerberos principal.

-
-
-
-

Note

-
    -
  • The containerdn and linkdn options cannot be -specified with the dn option.

  • -
  • If the dn or containerdn options are not specified while -adding the principal, the principals are created under the -principal container configured in the realm or the realm -container.

  • -
  • dn and containerdn should be within the subtrees or -principal container configured in the realm.

  • -
-
-
-
-

Example:

-
kadmin: addprinc jennifer
-No policy specified for "jennifer@ATHENA.MIT.EDU";
-defaulting to no policy.
-Enter password for principal jennifer@ATHENA.MIT.EDU:
-Re-enter password for principal jennifer@ATHENA.MIT.EDU:
-Principal "jennifer@ATHENA.MIT.EDU" created.
-kadmin:
-
-
-
-
-

modify_principal¶

-
-

modify_principal [options] principal

-
-

Modifies the specified principal, changing the fields as specified. -The options to add_principal also apply to this command, except -for the -randkey, -pw, and -e options. In addition, the -option -clearpolicy will clear the current policy of a principal.

-

This command requires the modify privilege.

-

Alias: modprinc

-

Options (in addition to the addprinc options):

-
-
-unlock

Unlocks a locked principal (one which has received too many failed -authentication attempts without enough time between them according -to its password policy) so that it can successfully authenticate.

-
-
-
-
-

rename_principal¶

-
-

rename_principal [-force] old_principal new_principal

-
-

Renames the specified old_principal to new_principal. This -command prompts for confirmation, unless the -force option is -given.

-

This command requires the add and delete privileges.

-

Alias: renprinc

-
-
-

delete_principal¶

-
-

delete_principal [-force] principal

-
-

Deletes the specified principal from the database. This command -prompts for deletion, unless the -force option is given.

-

This command requires the delete privilege.

-

Alias: delprinc

-
-
-

change_password¶

-
-

change_password [options] principal

-
-

Changes the password of principal. Prompts for a new password if -neither -randkey or -pw is specified.

-

This command requires the changepw privilege, or that the -principal running the program is the same as the principal being -changed.

-

Alias: cpw

-

The following options are available:

-
-
-randkey

Sets the key of the principal to a random value.

-
-
-pw password

Set the password to the specified string. Using this option in a -script may expose the password to other users on the system via -the process list.

-
-
-e enc:salt,…

Uses the specified keysalt list for setting the keys of the -principal. See Keysalt lists in kdc.conf for a -list of possible values.

-
-
-keepold

Keeps the existing keys in the database. This flag is usually not -necessary except perhaps for krbtgt principals.

-
-
-

Example:

-
kadmin: cpw systest
-Enter password for principal systest@BLEEP.COM:
-Re-enter password for principal systest@BLEEP.COM:
-Password for systest@BLEEP.COM changed.
-kadmin:
-
-
-
-
-

purgekeys¶

-
-

purgekeys [-all|-keepkvno oldest_kvno_to_keep] principal

-
-

Purges previously retained old keys (e.g., from change_password --keepold) from principal. If -keepkvno is specified, then -only purges keys with kvnos lower than oldest_kvno_to_keep. If --all is specified, then all keys are purged. The -all option -is new in release 1.12.

-

This command requires the modify privilege.

-
-
-

get_principal¶

-
-

get_principal [-terse] principal

-
-

Gets the attributes of principal. With the -terse option, outputs -fields as quoted tab-separated strings.

-

This command requires the inquire privilege, or that the principal -running the the program to be the same as the one being listed.

-

Alias: getprinc

-

Examples:

-
kadmin: getprinc tlyu/admin
-Principal: tlyu/admin@BLEEP.COM
-Expiration date: [never]
-Last password change: Mon Aug 12 14:16:47 EDT 1996
-Password expiration date: [never]
-Maximum ticket life: 0 days 10:00:00
-Maximum renewable life: 7 days 00:00:00
-Last modified: Mon Aug 12 14:16:47 EDT 1996 (bjaspan/admin@BLEEP.COM)
-Last successful authentication: [never]
-Last failed authentication: [never]
-Failed password attempts: 0
-Number of keys: 1
-Key: vno 1, aes256-cts-hmac-sha384-192
-MKey: vno 1
-Attributes:
-Policy: [none]
-
-kadmin: getprinc -terse systest
-systest@BLEEP.COM   3    86400     604800    1
-785926535 753241234 785900000
-tlyu/admin@BLEEP.COM     786100034 0    0
-kadmin:
-
-
-
-
-

list_principals¶

-
-

list_principals [expression]

-
-

Retrieves all or some principal names. expression is a shell-style -glob expression that can contain the wild-card characters ?, -*, and []. All principal names matching the expression are -printed. If no expression is provided, all principal names are -printed. If the expression does not contain an @ character, an -@ character followed by the local realm is appended to the -expression.

-

This command requires the list privilege.

-

Alias: listprincs, get_principals, getprincs

-

Example:

-
kadmin:  listprincs test*
-test3@SECURE-TEST.OV.COM
-test2@SECURE-TEST.OV.COM
-test1@SECURE-TEST.OV.COM
-testuser@SECURE-TEST.OV.COM
-kadmin:
-
-
-
-
-

get_strings¶

-
-

get_strings principal

-
-

Displays string attributes on principal.

-

This command requires the inquire privilege.

-

Alias: getstrs

-
-
-

set_string¶

-
-

set_string principal name value

-
-

Sets a string attribute on principal. String attributes are used to -supply per-principal configuration to the KDC and some KDC plugin -modules. The following string attribute names are recognized by the -KDC:

-
-
require_auth

Specifies an authentication indicator which is required to -authenticate to the principal as a service. Multiple indicators -can be specified, separated by spaces; in this case any of the -specified indicators will be accepted. (New in release 1.14.)

-
-
session_enctypes

Specifies the encryption types supported for session keys when the -principal is authenticated to as a server. See -Encryption types in kdc.conf for a list of the -accepted values.

-
-
otp

Enables One Time Passwords (OTP) preauthentication for a client -principal. The value is a JSON string representing an array -of objects, each having optional type and username fields.

-
-
pkinit_cert_match

Specifies a matching expression that defines the certificate -attributes required for the client certificate used by the -principal during PKINIT authentication. The matching expression -is in the same format as those used by the pkinit_cert_match -option in krb5.conf. (New in release 1.16.)

-
-
pac_privsvr_enctype

Forces the encryption type of the PAC KDC checksum buffers to the -specified encryption type for tickets issued to this server, by -deriving a key from the local krbtgt key if it is of a different -encryption type. It may be necessary to set this value to -“aes256-sha1†on the cross-realm krbtgt entry for an Active -Directory realm when using aes-sha2 keys on the local krbtgt -entry.

-
-
-

This command requires the modify privilege.

-

Alias: setstr

-

Example:

-
set_string host/foo.mit.edu session_enctypes aes128-cts
-set_string user@FOO.COM otp "[{""type"":""hotp"",""username"":""al""}]"
-
-
-
-
-

del_string¶

-
-

del_string principal key

-
-

Deletes a string attribute from principal.

-

This command requires the delete privilege.

-

Alias: delstr

-
-
-

add_policy¶

-
-

add_policy [options] policy

-
-

Adds a password policy named policy to the database.

-

This command requires the add privilege.

-

Alias: addpol

-

The following options are available:

-
-
-maxlife time

(Time duration or getdate time string) Sets the maximum -lifetime of a password.

-
-
-minlife time

(Time duration or getdate time string) Sets the minimum -lifetime of a password.

-
-
-minlength length

Sets the minimum length of a password.

-
-
-minclasses number

Sets the minimum number of character classes required in a -password. The five character classes are lower case, upper case, -numbers, punctuation, and whitespace/unprintable characters.

-
-
-history number

Sets the number of past keys kept for a principal. This option is -not supported with the LDAP KDC database module.

-
-
-
-
-maxfailure maxnumber

Sets the number of authentication failures before the principal is -locked. Authentication failures are only tracked for principals -which require preauthentication. The counter of failed attempts -resets to 0 after a successful attempt to authenticate. A -maxnumber value of 0 (the default) disables lockout.

-
-
-
-
-failurecountinterval failuretime

(Time duration or getdate time string) Sets the allowable time -between authentication failures. If an authentication failure -happens after failuretime has elapsed since the previous -failure, the number of authentication failures is reset to 1. A -failuretime value of 0 (the default) means forever.

-
-
-
-
-lockoutduration lockouttime

(Time duration or getdate time string) Sets the duration for -which the principal is locked from authenticating if too many -authentication failures occur without the specified failure count -interval elapsing. A duration of 0 (the default) means the -principal remains locked out until it is administratively unlocked -with modprinc -unlock.

-
-
-allowedkeysalts

Specifies the key/salt tuples supported for long-term keys when -setting or changing a principal’s password/keys. See -Keysalt lists in kdc.conf for a list of the -accepted values, but note that key/salt tuples must be separated -with commas (‘,’) only. To clear the allowed key/salt policy use -a value of ‘-‘.

-
-
-

Example:

-
kadmin: add_policy -maxlife "2 days" -minlength 5 guests
-kadmin:
-
-
-
-
-

modify_policy¶

-
-

modify_policy [options] policy

-
-

Modifies the password policy named policy. Options are as described -for add_policy.

-

This command requires the modify privilege.

-

Alias: modpol

-
-
-

delete_policy¶

-
-

delete_policy [-force] policy

-
-

Deletes the password policy named policy. Prompts for confirmation -before deletion. The command will fail if the policy is in use by any -principals.

-

This command requires the delete privilege.

-

Alias: delpol

-

Example:

-
kadmin: del_policy guests
-Are you sure you want to delete the policy "guests"?
-(yes/no): yes
-kadmin:
-
-
-
-
-

get_policy¶

-
-

get_policy [ -terse ] policy

-
-

Displays the values of the password policy named policy. With the --terse flag, outputs the fields as quoted strings separated by -tabs.

-

This command requires the inquire privilege.

-

Alias: getpol

-

Examples:

-
kadmin: get_policy admin
-Policy: admin
-Maximum password life: 180 days 00:00:00
-Minimum password life: 00:00:00
-Minimum password length: 6
-Minimum number of password character classes: 2
-Number of old keys kept: 5
-Reference count: 17
-
-kadmin: get_policy -terse admin
-admin     15552000  0    6    2    5    17
-kadmin:
-
-
-

The “Reference count†is the number of principals using that policy. -With the LDAP KDC database module, the reference count field is not -meaningful.

-
-
-

list_policies¶

-
-

list_policies [expression]

-
-

Retrieves all or some policy names. expression is a shell-style -glob expression that can contain the wild-card characters ?, -*, and []. All policy names matching the expression are -printed. If no expression is provided, all existing policy names are -printed.

-

This command requires the list privilege.

-

Aliases: listpols, get_policies, getpols.

-

Examples:

-
kadmin:  listpols
-test-pol
-dict-only
-once-a-min
-test-pol-nopw
-
-kadmin:  listpols t*
-test-pol
-test-pol-nopw
-kadmin:
-
-
-
-
-

ktadd¶

-
-
-
ktadd [options] principal
-
ktadd [options] -glob princ-exp
-
-
-

Adds a principal, or all principals matching princ-exp, to a -keytab file. Each principal’s keys are randomized in the process. -The rules for princ-exp are described in the list_principals -command.

-

This command requires the inquire and changepw privileges. -With the -glob form, it also requires the list privilege.

-

The options are:

-
-
-k[eytab] keytab

Use keytab as the keytab file. Otherwise, the default keytab is -used.

-
-
-e enc:salt,…

Uses the specified keysalt list for setting the new keys of the -principal. See Keysalt lists in kdc.conf for a -list of possible values.

-
-
-q

Display less verbose information.

-
-
-norandkey

Do not randomize the keys. The keys and their version numbers stay -unchanged. This option cannot be specified in combination with the --e option.

-
-
-

An entry for each of the principal’s unique encryption types is added, -ignoring multiple keys with the same encryption type but different -salt types.

-

Alias: xst

-

Example:

-
kadmin: ktadd -k /tmp/foo-new-keytab host/foo.mit.edu
-Entry for principal host/foo.mit.edu@ATHENA.MIT.EDU with kvno 3,
-     encryption type aes256-cts-hmac-sha1-96 added to keytab
-     FILE:/tmp/foo-new-keytab
-kadmin:
-
-
-
-
-

ktremove¶

-
-

ktremove [options] principal [kvno | all | old]

-
-

Removes entries for the specified principal from a keytab. Requires -no permissions, since this does not require database access.

-

If the string “all†is specified, all entries for that principal are -removed; if the string “old†is specified, all entries for that -principal except those with the highest kvno are removed. Otherwise, -the value specified is parsed as an integer, and all entries whose -kvno match that integer are removed.

-

The options are:

-
-
-k[eytab] keytab

Use keytab as the keytab file. Otherwise, the default keytab is -used.

-
-
-q

Display less verbose information.

-
-
-

Alias: ktrem

-

Example:

-
kadmin: ktremove kadmin/admin all
-Entry for principal kadmin/admin with kvno 3 removed from keytab
-     FILE:/etc/krb5.keytab
-kadmin:
-
-
-
-
-

lock¶

-

Lock database exclusively. Use with extreme caution! This command -only works with the DB2 KDC database module.

-
-
-

unlock¶

-

Release the exclusive database lock.

-
-
-

list_requests¶

-

Lists available for kadmin requests.

-

Aliases: lr, ?

-
-
-

quit¶

-

Exit program. If the database was locked, the lock is released.

-

Aliases: exit, q

-
-
-
-

HISTORY¶

-

The kadmin program was originally written by Tom Yu at MIT, as an -interface to the OpenVision Kerberos administration program.

-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kpasswd, kadmind, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/kadmind.html b/krb5-1.21.3/doc/html/admin/admin_commands/kadmind.html deleted file mode 100644 index 66b384d7..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/kadmind.html +++ /dev/null @@ -1,277 +0,0 @@ - - - - - - - - - kadmind — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kadmind¶

-
-

SYNOPSIS¶

-

kadmind -[-x db_args] -[-r realm] -[-m] -[-nofork] -[-proponly] -[-port port-number] -[-P pid_file] -[-p kdb5_util_path] -[-K kprop_path] -[-k kprop_port] -[-F dump_file]

-
-
-

DESCRIPTION¶

-

kadmind starts the Kerberos administration server. kadmind typically -runs on the primary Kerberos server, which stores the KDC database. -If the KDC database uses the LDAP module, the administration server -and the KDC server need not run on the same machine. kadmind accepts -remote requests from programs such as kadmin and -kpasswd to administer the information in these database.

-

kadmind requires a number of configuration files to be set up in order -for it to work:

-
-
kdc.conf

The KDC configuration file contains configuration information for -the KDC and admin servers. kadmind uses settings in this file to -locate the Kerberos database, and is also affected by the -acl_file, dict_file, kadmind_port, and iprop-related -settings.

-
-
kadm5.acl

kadmind’s ACL (access control list) tells it which principals are -allowed to perform administration actions. The pathname to the -ACL file can be specified with the acl_file kdc.conf -variable; by default, it is LOCALSTATEDIR/krb5kdc/kadm5.acl.

-
-
-

After the server begins running, it puts itself in the background and -disassociates itself from its controlling terminal.

-

kadmind can be configured for incremental database propagation. -Incremental propagation allows replica KDC servers to receive -principal and policy updates incrementally instead of receiving full -dumps of the database. This facility can be enabled in the -kdc.conf file with the iprop_enable option. Incremental -propagation requires the principal kiprop/PRIMARY\@REALM (where -PRIMARY is the primary KDC’s canonical host name, and REALM the realm -name). In release 1.13, this principal is automatically created and -registered into the datebase.

-
-
-

OPTIONS¶

-
-
-r realm

specifies the realm that kadmind will serve; if it is not -specified, the default realm of the host is used.

-
-
-m

causes the master database password to be fetched from the -keyboard (before the server puts itself in the background, if not -invoked with the -nofork option) rather than from a file on -disk.

-
-
-nofork

causes the server to remain in the foreground and remain -associated to the terminal.

-
-
-proponly

causes the server to only listen and respond to Kerberos replica -incremental propagation polling requests. This option can be used -to set up a hierarchical propagation topology where a replica KDC -provides incremental updates to other Kerberos replicas.

-
-
-port port-number

specifies the port on which the administration server listens for -connections. The default port is determined by the -kadmind_port configuration variable in kdc.conf.

-
-
-P pid_file

specifies the file to which the PID of kadmind process should be -written after it starts up. This file can be used to identify -whether kadmind is still running and to allow init scripts to stop -the correct process.

-
-
-p kdb5_util_path

specifies the path to the kdb5_util command to use when dumping the -KDB in response to full resync requests when iprop is enabled.

-
-
-K kprop_path

specifies the path to the kprop command to use to send full dumps -to replicas in response to full resync requests.

-
-
-k kprop_port

specifies the port by which the kprop process that is spawned by -kadmind connects to the replica kpropd, in order to transfer the -dump file during an iprop full resync request.

-
-
-F dump_file

specifies the file path to be used for dumping the KDB in response -to full resync requests when iprop is enabled.

-
-
-x db_args

specifies database-specific arguments. See Database Options in kadmin for supported arguments.

-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kpasswd, kadmin, kdb5_util, -kdb5_ldap_util, kadm5.acl, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/kdb5_ldap_util.html b/krb5-1.21.3/doc/html/admin/admin_commands/kdb5_ldap_util.html deleted file mode 100644 index 7b6321b5..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/kdb5_ldap_util.html +++ /dev/null @@ -1,551 +0,0 @@ - - - - - - - - - kdb5_ldap_util — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kdb5_ldap_util¶

-
-

SYNOPSIS¶

-

kdb5_ldap_util -[-D user_dn [-w passwd]] -[-H ldapuri] -command -[command_options]

-
-
-

DESCRIPTION¶

-

kdb5_ldap_util allows an administrator to manage realms, Kerberos -services and ticket policies.

-
-
-

COMMAND-LINE OPTIONS¶

-
-
-r realm

Specifies the realm to be operated on.

-
-
-D user_dn

Specifies the Distinguished Name (DN) of the user who has -sufficient rights to perform the operation on the LDAP server.

-
-
-w passwd

Specifies the password of user_dn. This option is not -recommended.

-
-
-H ldapuri

Specifies the URI of the LDAP server.

-
-
-

By default, kdb5_ldap_util operates on the default realm (as specified -in krb5.conf) and connects and authenticates to the LDAP -server in the same manner as :ref:kadmind(8)` would given the -parameters in [dbdefaults] in kdc.conf.

-
-
-

COMMANDS¶

-
-

create¶

-
-

create -[-subtrees subtree_dn_list] -[-sscope search_scope] -[-containerref container_reference_dn] -[-k mkeytype] -[-kv mkeyVNO] -[-M mkeyname] -[-m|-P password|-sf stashfilename] -[-s] -[-maxtktlife max_ticket_life] -[-maxrenewlife max_renewable_ticket_life] -[ticket_flags]

-
-

Creates realm in directory. Options:

-
-
-subtrees subtree_dn_list

Specifies the list of subtrees containing the principals of a -realm. The list contains the DNs of the subtree objects separated -by colon (:).

-
-
-sscope search_scope

Specifies the scope for searching the principals under the -subtree. The possible values are 1 or one (one level), 2 or sub -(subtrees).

-
-
-containerref container_reference_dn

Specifies the DN of the container object in which the principals -of a realm will be created. If the container reference is not -configured for a realm, the principals will be created in the -realm container.

-
-
-k mkeytype

Specifies the key type of the master key in the database. The -default is given by the master_key_type variable in -kdc.conf.

-
-
-kv mkeyVNO

Specifies the version number of the master key in the database; -the default is 1. Note that 0 is not allowed.

-
-
-M mkeyname

Specifies the principal name for the master key in the database. -If not specified, the name is determined by the -master_key_name variable in kdc.conf.

-
-
-m

Specifies that the master database password should be read from -the TTY rather than fetched from a file on the disk.

-
-
-P password

Specifies the master database password. This option is not -recommended.

-
-
-sf stashfilename

Specifies the stash file of the master database password.

-
-
-s

Specifies that the stash file is to be created.

-
-
-maxtktlife max_ticket_life

(getdate time string) Specifies maximum ticket life for -principals in this realm.

-
-
-maxrenewlife max_renewable_ticket_life

(getdate time string) Specifies maximum renewable life of -tickets for principals in this realm.

-
-
ticket_flags

Specifies global ticket flags for the realm. Allowable flags are -documented in the description of the add_principal command in -kadmin.

-
-
-

Example:

-
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
-    -r ATHENA.MIT.EDU create -subtrees o=org -sscope SUB
-Password for "cn=admin,o=org":
-Initializing database for realm 'ATHENA.MIT.EDU'
-You will be prompted for the database Master Password.
-It is important that you NOT FORGET this password.
-Enter KDC database master key:
-Re-enter KDC database master key to verify:
-
-
-
-
-

modify¶

-
-

modify -[-subtrees subtree_dn_list] -[-sscope search_scope] -[-containerref container_reference_dn] -[-maxtktlife max_ticket_life] -[-maxrenewlife max_renewable_ticket_life] -[ticket_flags]

-
-

Modifies the attributes of a realm. Options:

-
-
-subtrees subtree_dn_list

Specifies the list of subtrees containing the principals of a -realm. The list contains the DNs of the subtree objects separated -by colon (:). This list replaces the existing list.

-
-
-sscope search_scope

Specifies the scope for searching the principals under the -subtrees. The possible values are 1 or one (one level), 2 or sub -(subtrees).

-
-
-containerref container_reference_dn Specifies the DN of the

container object in which the principals of a realm will be -created.

-
-
-maxtktlife max_ticket_life

(getdate time string) Specifies maximum ticket life for -principals in this realm.

-
-
-maxrenewlife max_renewable_ticket_life

(getdate time string) Specifies maximum renewable life of -tickets for principals in this realm.

-
-
ticket_flags

Specifies global ticket flags for the realm. Allowable flags are -documented in the description of the add_principal command in -kadmin.

-
-
-

Example:

-
shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H
-    ldaps://ldap-server1.mit.edu modify +requires_preauth
-Password for "cn=admin,o=org":
-shell%
-
-
-
-
-

view¶

-
-

view

-
-

Displays the attributes of a realm.

-

Example:

-
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
-    -r ATHENA.MIT.EDU view
-Password for "cn=admin,o=org":
-Realm Name: ATHENA.MIT.EDU
-Subtree: ou=users,o=org
-Subtree: ou=servers,o=org
-SearchScope: ONE
-Maximum ticket life: 0 days 01:00:00
-Maximum renewable life: 0 days 10:00:00
-Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE
-
-
-
-
-

destroy¶

-
-

destroy [-f]

-
-

Destroys an existing realm. Options:

-
-
-f

If specified, will not prompt the user for confirmation.

-
-
-

Example:

-
shell% kdb5_ldap_util -r ATHENA.MIT.EDU -D cn=admin,o=org -H
-    ldaps://ldap-server1.mit.edu destroy
-Password for "cn=admin,o=org":
-Deleting KDC database of 'ATHENA.MIT.EDU', are you sure?
-(type 'yes' to confirm)? yes
-OK, deleting database of 'ATHENA.MIT.EDU'...
-shell%
-
-
-
-
-

list¶

-
-

list

-
-

Lists the names of realms under the container.

-

Example:

-
shell% kdb5_ldap_util -D cn=admin,o=org -H
-    ldaps://ldap-server1.mit.edu list
-Password for "cn=admin,o=org":
-ATHENA.MIT.EDU
-OPENLDAP.MIT.EDU
-MEDIA-LAB.MIT.EDU
-shell%
-
-
-
-
-

stashsrvpw¶

-
-

stashsrvpw -[-f filename] -name

-
-

Allows an administrator to store the password for service object in a -file so that KDC and Administration server can use it to authenticate -to the LDAP server. Options:

-
-
-f filename

Specifies the complete path of the service password file. By -default, /usr/local/var/service_passwd is used.

-
-
name

Specifies the name of the object whose password is to be stored. -If krb5kdc or kadmind are configured for -simple binding, this should be the distinguished name it will -use as given by the ldap_kdc_dn or ldap_kadmind_dn -variable in kdc.conf. If the KDC or kadmind is -configured for SASL binding, this should be the authentication -name it will use as given by the ldap_kdc_sasl_authcid or -ldap_kadmind_sasl_authcid variable.

-
-
-

Example:

-
kdb5_ldap_util stashsrvpw -f /home/andrew/conf_keyfile
-    cn=service-kdc,o=org
-Password for "cn=service-kdc,o=org":
-Re-enter password for "cn=service-kdc,o=org":
-
-
-
-
-

create_policy¶

-
-

create_policy -[-maxtktlife max_ticket_life] -[-maxrenewlife max_renewable_ticket_life] -[ticket_flags] -policy_name

-
-

Creates a ticket policy in the directory. Options:

-
-
-maxtktlife max_ticket_life

(getdate time string) Specifies maximum ticket life for -principals.

-
-
-maxrenewlife max_renewable_ticket_life

(getdate time string) Specifies maximum renewable life of -tickets for principals.

-
-
ticket_flags

Specifies the ticket flags. If this option is not specified, by -default, no restriction will be set by the policy. Allowable -flags are documented in the description of the add_principal -command in kadmin.

-
-
policy_name

Specifies the name of the ticket policy.

-
-
-

Example:

-
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
-    -r ATHENA.MIT.EDU create_policy -maxtktlife "1 day"
-    -maxrenewlife "1 week" -allow_postdated +needchange
-    -allow_forwardable tktpolicy
-Password for "cn=admin,o=org":
-
-
-
-
-

modify_policy¶

-
-

modify_policy -[-maxtktlife max_ticket_life] -[-maxrenewlife max_renewable_ticket_life] -[ticket_flags] -policy_name

-
-

Modifies the attributes of a ticket policy. Options are same as for -create_policy.

-

Example:

-
kdb5_ldap_util -D cn=admin,o=org -H
-    ldaps://ldap-server1.mit.edu -r ATHENA.MIT.EDU modify_policy
-    -maxtktlife "60 minutes" -maxrenewlife "10 hours"
-    +allow_postdated -requires_preauth tktpolicy
-Password for "cn=admin,o=org":
-
-
-
-
-

view_policy¶

-
-

view_policy -policy_name

-
-

Displays the attributes of the named ticket policy.

-

Example:

-
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
-    -r ATHENA.MIT.EDU view_policy tktpolicy
-Password for "cn=admin,o=org":
-Ticket policy: tktpolicy
-Maximum ticket life: 0 days 01:00:00
-Maximum renewable life: 0 days 10:00:00
-Ticket flags: DISALLOW_FORWARDABLE REQUIRES_PWCHANGE
-
-
-
-
-

destroy_policy¶

-
-

destroy_policy -[-force] -policy_name

-
-

Destroys an existing ticket policy. Options:

-
-
-force

Forces the deletion of the policy object. If not specified, the -user will be prompted for confirmation before deleting the policy.

-
-
policy_name

Specifies the name of the ticket policy.

-
-
-

Example:

-
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
-    -r ATHENA.MIT.EDU destroy_policy tktpolicy
-Password for "cn=admin,o=org":
-This will delete the policy object 'tktpolicy', are you sure?
-(type 'yes' to confirm)? yes
-** policy object 'tktpolicy' deleted.
-
-
-
-
-

list_policy¶

-
-

list_policy

-
-

Lists ticket policies.

-

Example:

-
kdb5_ldap_util -D cn=admin,o=org -H ldaps://ldap-server1.mit.edu
-    -r ATHENA.MIT.EDU list_policy
-Password for "cn=admin,o=org":
-tktpolicy
-tmppolicy
-userpolicy
-
-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kadmin, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/kdb5_util.html b/krb5-1.21.3/doc/html/admin/admin_commands/kdb5_util.html deleted file mode 100644 index eb50fcd7..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/kdb5_util.html +++ /dev/null @@ -1,621 +0,0 @@ - - - - - - - - - kdb5_util — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kdb5_util¶

-
-

SYNOPSIS¶

-

kdb5_util -[-r realm] -[-d dbname] -[-k mkeytype] -[-kv mkeyVNO] -[-M mkeyname] -[-m] -[-sf stashfilename] -[-P password] -[-x db_args] -command [command_options]

-
-
-

DESCRIPTION¶

-

kdb5_util allows an administrator to perform maintenance procedures on -the KDC database. Databases can be created, destroyed, and dumped to -or loaded from ASCII files. kdb5_util can create a Kerberos master -key stash file or perform live rollover of the master key.

-

When kdb5_util is run, it attempts to acquire the master key and open -the database. However, execution continues regardless of whether or -not kdb5_util successfully opens the database, because the database -may not exist yet or the stash file may be corrupt.

-

Note that some KDC database modules may not support all kdb5_util -commands.

-
-
-

COMMAND-LINE OPTIONS¶

-
-
-r realm

specifies the Kerberos realm of the database.

-
-
-d dbname

specifies the name under which the principal database is stored; -by default the database is that listed in kdc.conf. The -password policy database and lock files are also derived from this -value.

-
-
-k mkeytype

specifies the key type of the master key in the database. The -default is given by the master_key_type variable in -kdc.conf.

-
-
-kv mkeyVNO

Specifies the version number of the master key in the database; -the default is 1. Note that 0 is not allowed.

-
-
-M mkeyname

principal name for the master key in the database. If not -specified, the name is determined by the master_key_name -variable in kdc.conf.

-
-
-m

specifies that the master database password should be read from -the keyboard rather than fetched from a file on disk.

-
-
-sf stash_file

specifies the stash filename of the master database password. If -not specified, the filename is determined by the -key_stash_file variable in kdc.conf.

-
-
-P password

specifies the master database password. Using this option may -expose the password to other users on the system via the process -list.

-
-
-x db_args

specifies database-specific options. See kadmin for -supported options.

-
-
-
-
-

COMMANDS¶

-
-

create¶

-
-

create [-s]

-
-

Creates a new database. If the -s option is specified, the stash -file is also created. This command fails if the database already -exists. If the command is successful, the database is opened just as -if it had already existed when the program was first run.

-
-
-

destroy¶

-
-

destroy [-f]

-
-

Destroys the database, first overwriting the disk sectors and then -unlinking the files, after prompting the user for confirmation. With -the -f argument, does not prompt the user.

-
-
-

stash¶

-
-

stash [-f keyfile]

-
-

Stores the master principal’s keys in a stash file. The -f -argument can be used to override the keyfile specified in -kdc.conf.

-
-
-

dump¶

-
-

dump [-b7|-r13|-r18] -[-verbose] [-mkey_convert] [-new_mkey_file -mkey_file] [-rev] [-recurse] [filename -[principals…]]

-
-

Dumps the current Kerberos and KADM5 database into an ASCII file. By -default, the database is dumped in current format, “kdb5_util -load_dump version 7â€. If filename is not specified, or is the string -“-â€, the dump is sent to standard output. Options:

-
-
-b7

causes the dump to be in the Kerberos 5 Beta 7 format (“kdb5_util -load_dump version 4â€). This was the dump format produced on -releases prior to 1.2.2.

-
-
-r13

causes the dump to be in the Kerberos 5 1.3 format (“kdb5_util -load_dump version 5â€). This was the dump format produced on -releases prior to 1.8.

-
-
-r18

causes the dump to be in the Kerberos 5 1.8 format (“kdb5_util -load_dump version 6â€). This was the dump format produced on -releases prior to 1.11.

-
-
-verbose

causes the name of each principal and policy to be printed as it -is dumped.

-
-
-mkey_convert

prompts for a new master key. This new master key will be used to -re-encrypt principal key data in the dumpfile. The principal keys -themselves will not be changed.

-
-
-new_mkey_file mkey_file

the filename of a stash file. The master key in this stash file -will be used to re-encrypt the key data in the dumpfile. The key -data in the database will not be changed.

-
-
-rev

dumps in reverse order. This may recover principals that do not -dump normally, in cases where database corruption has occurred.

-
-
-recurse

causes the dump to walk the database recursively (btree only). -This may recover principals that do not dump normally, in cases -where database corruption has occurred. In cases of such -corruption, this option will probably retrieve more principals -than the -rev option will.

-
-

Changed in version 1.15: Release 1.15 restored the functionality of the -recurse -option.

-
-
-

Changed in version 1.5: The -recurse option ceased working until release 1.15, -doing a normal dump instead of a recursive traversal.

-
-
-
-
-
-

load¶

-
-

load [-b7|-r13|-r18] [-hash] -[-verbose] [-update] filename

-
-

Loads a database dump from the named file into the named database. If -no option is given to determine the format of the dump file, the -format is detected automatically and handled as appropriate. Unless -the -update option is given, load creates a new database -containing only the data in the dump file, overwriting the contents of -any previously existing database. Note that when using the LDAP KDC -database module, the -update flag is required.

-

Options:

-
-
-b7

requires the database to be in the Kerberos 5 Beta 7 format -(“kdb5_util load_dump version 4â€). This was the dump format -produced on releases prior to 1.2.2.

-
-
-r13

requires the database to be in Kerberos 5 1.3 format (“kdb5_util -load_dump version 5â€). This was the dump format produced on -releases prior to 1.8.

-
-
-r18

requires the database to be in Kerberos 5 1.8 format (“kdb5_util -load_dump version 6â€). This was the dump format produced on -releases prior to 1.11.

-
-
-hash

stores the database in hash format, if using the DB2 database -type. If this option is not specified, the database will be -stored in btree format. This option is not recommended, as -databases stored in hash format are known to corrupt data and lose -principals.

-
-
-verbose

causes the name of each principal and policy to be printed as it -is dumped.

-
-
-update

records from the dump file are added to or updated in the existing -database. Otherwise, a new database is created containing only -what is in the dump file and the old one destroyed upon successful -completion.

-
-
-
-
-

ark¶

-
-

ark [-e enc:salt,…] principal

-
-

Adds new random keys to principal at the next available key version -number. Keys for the current highest key version number will be -preserved. The -e option specifies the list of encryption and -salt types to be used for the new keys.

-
-
-

add_mkey¶

-
-

add_mkey [-e etype] [-s]

-
-

Adds a new master key to the master key principal, but does not mark -it as active. Existing master keys will remain. The -e option -specifies the encryption type of the new master key; see -Encryption types in kdc.conf for a list of possible -values. The -s option stashes the new master key in the stash -file, which will be created if it doesn’t already exist.

-

After a new master key is added, it should be propagated to replica -servers via a manual or periodic invocation of kprop. Then, -the stash files on the replica servers should be updated with the -kdb5_util stash command. Once those steps are complete, the key -is ready to be marked active with the kdb5_util use_mkey command.

-
-
-

use_mkey¶

-
-

use_mkey mkeyVNO [time]

-
-

Sets the activation time of the master key specified by mkeyVNO. -Once a master key becomes active, it will be used to encrypt newly -created principal keys. If no time argument is given, the current -time is used, causing the specified master key version to become -active immediately. The format for time is getdate time string.

-

After a new master key becomes active, the kdb5_util -update_princ_encryption command can be used to update all -principal keys to be encrypted in the new master key.

-
-
-

list_mkeys¶

-
-

list_mkeys

-
-

List all master keys, from most recent to earliest, in the master key -principal. The output will show the kvno, enctype, and salt type for -each mkey, similar to the output of kadmin getprinc. A -* following an mkey denotes the currently active master key.

-
-
-

purge_mkeys¶

-
-

purge_mkeys [-f] [-n] [-v]

-
-

Delete master keys from the master key principal that are not used to -protect any principals. This command can be used to remove old master -keys all principal keys are protected by a newer master key.

-
-
-f

does not prompt for confirmation.

-
-
-n

performs a dry run, showing master keys that would be purged, but -not actually purging any keys.

-
-
-v

gives more verbose output.

-
-
-
-
-

update_princ_encryption¶

-
-

update_princ_encryption [-f] [-n] [-v] -[princ-pattern]

-
-

Update all principal records (or only those matching the -princ-pattern glob pattern) to re-encrypt the key data using the -active database master key, if they are encrypted using a different -version, and give a count at the end of the number of principals -updated. If the -f option is not given, ask for confirmation -before starting to make changes. The -v option causes each -principal processed to be listed, with an indication as to whether it -needed updating or not. The -n option performs a dry run, only -showing the actions which would have been taken.

-
-
-

tabdump¶

-
-

tabdump [-H] [-c] [-e] [-n] [-o outfile] -dumptype

-
-

Dump selected fields of the database in a tabular format suitable for -reporting (e.g., using traditional Unix text processing tools) or -importing into relational databases. The data format is tab-separated -(default), or optionally comma-separated (CSV), with a fixed number of -columns. The output begins with a header line containing field names, -unless suppression is requested using the -H option.

-

The dumptype parameter specifies the name of an output table (see -below).

-

Options:

-
-
-H

suppress writing the field names in a header line

-
-
-c

use comma separated values (CSV) format, with minimal quoting, -instead of the default tab-separated (unquoted, unescaped) format

-
-
-e

write empty hexadecimal string fields as empty fields instead of -as “-1â€.

-
-
-n

produce numeric output for fields that normally have symbolic -output, such as enctypes and flag names. Also requests output of -time stamps as decimal POSIX time_t values.

-
-
-o outfile

write the dump to the specified output file instead of to standard -output

-
-
-

Dump types:

-
-
keydata

principal encryption key information, including actual key data -(which is still encrypted in the master key)

-
-
name

principal name

-
-
keyindex

index of this key in the principal’s key list

-
-
kvno

key version number

-
-
enctype

encryption type

-
-
key

key data as a hexadecimal string

-
-
salttype

salt type

-
-
salt

salt data as a hexadecimal string

-
-
-
-
keyinfo

principal encryption key information (as in keydata above), -excluding actual key data

-
-
princ_flags

principal boolean attributes. Flag names print as hexadecimal -numbers if the -n option is specified, and all flag positions -are printed regardless of whether or not they are set. If -n -is not specified, print all known flag names for each principal, -but only print hexadecimal flag names if the corresponding flag is -set.

-
-
name

principal name

-
-
flag

flag name

-
-
value

boolean value (0 for clear, or 1 for set)

-
-
-
-
princ_lockout

state information used for tracking repeated password failures

-
-
name

principal name

-
-
last_success

time stamp of most recent successful authentication

-
-
last_failed

time stamp of most recent failed authentication

-
-
fail_count

count of failed attempts

-
-
-
-
princ_meta

principal metadata

-
-
name

principal name

-
-
modby

name of last principal to modify this principal

-
-
modtime

timestamp of last modification

-
-
lastpwd

timestamp of last password change

-
-
policy

policy object name

-
-
mkvno

key version number of the master key that encrypts this -principal’s key data

-
-
hist_kvno

key version number of the history key that encrypts the key -history data for this principal

-
-
-
-
princ_stringattrs

string attributes (key/value pairs)

-
-
name

principal name

-
-
key

attribute name

-
-
value

attribute value

-
-
-
-
princ_tktpolicy

per-principal ticket policy data, including maximum ticket -lifetimes

-
-
name

principal name

-
-
expiration

principal expiration date

-
-
pw_expiration

password expiration date

-
-
max_life

maximum ticket lifetime

-
-
max_renew_life

maximum renewable ticket lifetime

-
-
-
-
-

Examples:

-
$ kdb5_util tabdump -o keyinfo.txt keyinfo
-$ cat keyinfo.txt
-name        keyindex        kvno    enctype salttype        salt
-K/M@EXAMPLE.COM     0       1       aes256-cts-hmac-sha384-192      normal  -1
-foo@EXAMPLE.COM     0       1       aes128-cts-hmac-sha1-96 normal  -1
-bar@EXAMPLE.COM     0       1       aes128-cts-hmac-sha1-96 normal  -1
-$ sqlite3
-sqlite> .mode tabs
-sqlite> .import keyinfo.txt keyinfo
-sqlite> select * from keyinfo where enctype like 'aes256-%';
-K/M@EXAMPLE.COM     1       1       aes256-cts-hmac-sha384-192      normal  -1
-sqlite> .quit
-$ awk -F'\t' '$4 ~ /aes256-/ { print }' keyinfo.txt
-K/M@EXAMPLE.COM     1       1       aes256-cts-hmac-sha384-192      normal  -1
-
-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kadmin, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/kprop.html b/krb5-1.21.3/doc/html/admin/admin_commands/kprop.html deleted file mode 100644 index 71d2f701..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/kprop.html +++ /dev/null @@ -1,217 +0,0 @@ - - - - - - - - - kprop — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kprop¶

-
-

SYNOPSIS¶

-

kprop -[-r realm] -[-f file] -[-d] -[-P port] -[-s keytab] -replica_host

-
-
-

DESCRIPTION¶

-

kprop is used to securely propagate a Kerberos V5 database dump file -from the primary Kerberos server to a replica Kerberos server, which is -specified by replica_host. The dump file must be created by -kdb5_util.

-
-
-

OPTIONS¶

-
-
-r realm

Specifies the realm of the primary server.

-
-
-f file

Specifies the filename where the dumped principal database file is -to be found; by default the dumped database file is normally -LOCALSTATEDIR/krb5kdc/replica_datatrans.

-
-
-P port

Specifies the port to use to contact the kpropd server -on the remote host.

-
-
-d

Prints debugging information.

-
-
-s keytab

Specifies the location of the keytab file.

-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kpropd, kdb5_util, krb5kdc, -kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/kpropd.html b/krb5-1.21.3/doc/html/admin/admin_commands/kpropd.html deleted file mode 100644 index 4b9a07f0..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/kpropd.html +++ /dev/null @@ -1,289 +0,0 @@ - - - - - - - - - kpropd — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kpropd¶

-
-

SYNOPSIS¶

-

kpropd -[-r realm] -[-A admin_server] -[-a acl_file] -[-f replica_dumpfile] -[-F principal_database] -[-p kdb5_util_prog] -[-P port] -[–pid-file=pid_file] -[-D] -[-d] -[-s keytab_file]

-
-
-

DESCRIPTION¶

-

The kpropd command runs on the replica KDC server. It listens for -update requests made by the kprop program. If incremental -propagation is enabled, it periodically requests incremental updates -from the primary KDC.

-

When the replica receives a kprop request from the primary, kpropd -accepts the dumped KDC database and places it in a file, and then runs -kdb5_util to load the dumped database into the active -database which is used by krb5kdc. This allows the primary -Kerberos server to use kprop to propagate its database to -the replica servers. Upon a successful download of the KDC database -file, the replica Kerberos server will have an up-to-date KDC -database.

-

Where incremental propagation is not used, kpropd is commonly invoked -out of inetd(8) as a nowait service. This is done by adding a line to -the /etc/inetd.conf file which looks like this:

-
kprop  stream  tcp  nowait  root  /usr/local/sbin/kpropd  kpropd
-
-
-

kpropd can also run as a standalone daemon, backgrounding itself and -waiting for connections on port 754 (or the port specified with the --P option if given). Standalone mode is required for incremental -propagation. Starting in release 1.11, kpropd automatically detects -whether it was run from inetd and runs in standalone mode if it is -not. Prior to release 1.11, the -S option is required to run -kpropd in standalone mode; this option is now accepted for backward -compatibility but does nothing.

-

Incremental propagation may be enabled with the iprop_enable -variable in kdc.conf. If incremental propagation is -enabled, the replica periodically polls the primary KDC for updates, at -an interval determined by the iprop_replica_poll variable. If the -replica receives updates, kpropd updates its log file with any updates -from the primary. kproplog can be used to view a summary of -the update entry log on the replica KDC. If incremental propagation -is enabled, the principal kiprop/replicahostname@REALM (where -replicahostname is the name of the replica KDC host, and REALM is -the name of the Kerberos realm) must be present in the replica’s -keytab file.

-

kproplog can be used to force full replication when iprop is -enabled.

-
-
-

OPTIONS¶

-
-
-r realm

Specifies the realm of the primary server.

-
-
-A admin_server

Specifies the server to be contacted for incremental updates; by -default, the primary admin server is contacted.

-
-
-f file

Specifies the filename where the dumped principal database file is -to be stored; by default the dumped database file is LOCALSTATEDIR/krb5kdc/from_master.

-
-
-F kerberos_db

Path to the Kerberos database file, if not the default.

-
-
-p

Allows the user to specify the pathname to the kdb5_util -program; by default the pathname used is SBINDIR/kdb5_util.

-
-
-D

In this mode, kpropd will not detach itself from the current job -and run in the background. Instead, it will run in the -foreground.

-
-
-d

Turn on debug mode. kpropd will print out debugging messages -during the database propogation and will run in the foreground -(implies -D).

-
-
-P

Allow for an alternate port number for kpropd to listen on. This -is only useful in combination with the -S option.

-
-
-a acl_file

Allows the user to specify the path to the kpropd.acl file; by -default the path used is LOCALSTATEDIR/krb5kdc/kpropd.acl.

-
-
–pid-file=pid_file

In standalone mode, write the process ID of the daemon into -pid_file.

-
-
-s keytab_file

Path to a keytab to use for acquiring acceptor credentials.

-
-
-x db_args

Database-specific arguments. See Database Options in kadmin for supported arguments.

-
-
-
-
-

FILES¶

-
-
kpropd.acl

Access file for kpropd; the default location is -/usr/local/var/krb5kdc/kpropd.acl. Each entry is a line -containing the principal of a host from which the local machine -will allow Kerberos database propagation via kprop.

-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kprop, kdb5_util, krb5kdc, -kerberos, inetd(8)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/kproplog.html b/krb5-1.21.3/doc/html/admin/admin_commands/kproplog.html deleted file mode 100644 index 498e5814..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/kproplog.html +++ /dev/null @@ -1,242 +0,0 @@ - - - - - - - - - kproplog — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kproplog¶

-
-

SYNOPSIS¶

-

kproplog [-h] [-e num] [-v] -kproplog [-R]

-
-
-

DESCRIPTION¶

-

The kproplog command displays the contents of the KDC database update -log to standard output. It can be used to keep track of incremental -updates to the principal database. The update log file contains the -update log maintained by the kadmind process on the primary -KDC server and the kpropd process on the replica KDC -servers. When updates occur, they are logged to this file. -Subsequently any KDC replica configured for incremental updates will -request the current data from the primary KDC and update their log -file with any updates returned.

-

The kproplog command requires read access to the update log file. It -will display update entries only for the KDC it runs on.

-

If no options are specified, kproplog displays a summary of the update -log. If invoked on the primary, kproplog also displays all of the -update entries. If invoked on a replica KDC server, kproplog displays -only a summary of the updates, which includes the serial number of the -last update received and the associated time stamp of the last update.

-
-
-

OPTIONS¶

-
-
-R

Reset the update log. This forces full resynchronization. If -used on a replica then that replica will request a full resync. -If used on the primary then all replicas will request full -resyncs.

-
-
-h

Display a summary of the update log. This information includes -the database version number, state of the database, the number of -updates in the log, the time stamp of the first and last update, -and the version number of the first and last update entry.

-
-
-e num

Display the last num update entries in the log. This is useful -when debugging synchronization between KDC servers.

-
-
-v

Display individual attributes per update. An example of the -output generated for one entry:

-
Update Entry
-   Update serial # : 4
-   Update operation : Add
-   Update principal : test@EXAMPLE.COM
-   Update size : 424
-   Update committed : True
-   Update time stamp : Fri Feb 20 23:37:42 2004
-   Attributes changed : 6
-         Principal
-         Key data
-         Password last changed
-         Modifying principal
-         Modification time
-         TL data
-
-
-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kpropd, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/krb5kdc.html b/krb5-1.21.3/doc/html/admin/admin_commands/krb5kdc.html deleted file mode 100644 index b7c6d993..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/krb5kdc.html +++ /dev/null @@ -1,262 +0,0 @@ - - - - - - - - - krb5kdc — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5kdc¶

-
-

SYNOPSIS¶

-

krb5kdc -[-x db_args] -[-d dbname] -[-k keytype] -[-M mkeyname] -[-p portnum] -[-m] -[-r realm] -[-n] -[-w numworkers] -[-P pid_file] -[-T time_offset]

-
-
-

DESCRIPTION¶

-

krb5kdc is the Kerberos version 5 Authentication Service and Key -Distribution Center (AS/KDC).

-
-
-

OPTIONS¶

-

The -r realm option specifies the realm for which the server -should provide service. This option may be specified multiple times -to serve multiple realms. If no -r option is given, the default -realm (as specified in krb5.conf) will be served.

-

The -d dbname option specifies the name under which the -principal database can be found. This option does not apply to the -LDAP database.

-

The -k keytype option specifies the key type of the master key -to be entered manually as a password when -m is given; the default -is aes256-cts-hmac-sha1-96.

-

The -M mkeyname option specifies the principal name for the -master key in the database (usually K/M in the KDC’s realm).

-

The -m option specifies that the master database password should -be fetched from the keyboard rather than from a stash file.

-

The -n option specifies that the KDC does not put itself in the -background and does not disassociate itself from the terminal.

-

The -P pid_file option tells the KDC to write its PID into -pid_file after it starts up. This can be used to identify whether -the KDC is still running and to allow init scripts to stop the correct -process.

-

The -p portnum option specifies the default UDP and TCP port -numbers which the KDC should listen on for Kerberos version 5 -requests, as a comma-separated list. This value overrides the port -numbers specified in the [kdcdefaults] section of -kdc.conf, but may be overridden by realm-specific values. -If no value is given from any source, the default port is 88.

-

The -w numworkers option tells the KDC to fork numworkers -processes to listen to the KDC ports and process requests in parallel. -The top level KDC process (whose pid is recorded in the pid file if -the -P option is also given) acts as a supervisor. The supervisor -will relay SIGHUP signals to the worker subprocesses, and will -terminate the worker subprocess if the it is itself terminated or if -any other worker process exits.

-

The -x db_args option specifies database-specific arguments. -See Database Options in kadmin for -supported arguments.

-

The -T offset option specifies a time offset, in seconds, which -the KDC will operate under. It is intended only for testing purposes.

-
-
-

EXAMPLE¶

-

The KDC may service requests for multiple realms (maximum 32 realms). -The realms are listed on the command line. Per-realm options that can -be specified on the command line pertain for each realm that follows -it and are superseded by subsequent definitions of the same option.

-

For example:

-
krb5kdc -p 2001 -r REALM1 -p 2002 -r REALM2 -r REALM3
-
-
-

specifies that the KDC listen on port 2001 for REALM1 and on port 2002 -for REALM2 and REALM3. Additionally, per-realm parameters may be -specified in the kdc.conf file. The location of this file -may be specified by the KRB5_KDC_PROFILE environment variable. -Per-realm parameters specified in this file take precedence over -options specified on the command line. See the kdc.conf -description for further details.

-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kdb5_util, kdc.conf, krb5.conf, -kdb5_ldap_util, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/ktutil.html b/krb5-1.21.3/doc/html/admin/admin_commands/ktutil.html deleted file mode 100644 index 93e66f84..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/ktutil.html +++ /dev/null @@ -1,292 +0,0 @@ - - - - - - - - - ktutil — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

ktutil¶

-
-

SYNOPSIS¶

-

ktutil

-
-
-

DESCRIPTION¶

-

The ktutil command invokes a command interface from which an -administrator can read, write, or edit entries in a keytab. (Kerberos -V4 srvtab files are no longer supported.)

-
-
-

COMMANDS¶

-
-

list¶

-
-

list [-t] [-k] [-e]

-
-

Displays the current keylist. If -t, -k, and/or -e are -specified, also display the timestamp, key contents, or enctype -(respectively).

-

Alias: l

-
-
-

read_kt¶

-
-

read_kt keytab

-
-

Read the Kerberos V5 keytab file keytab into the current keylist.

-

Alias: rkt

-
-
-

write_kt¶

-
-

write_kt keytab

-
-

Write the current keylist into the Kerberos V5 keytab file keytab.

-

Alias: wkt

-
-
-

clear_list¶

-
-

clear_list

-
-

Clear the current keylist.

-

Alias: clear

-
-
-

delete_entry¶

-
-

delete_entry slot

-
-

Delete the entry in slot number slot from the current keylist.

-

Alias: delent

-
-
-

add_entry¶

-
-

add_entry {-key|-password} -p principal --k kvno [-e enctype] [-f|-s salt]

-
-

Add principal to keylist using key or password. If the -f flag -is specified, salt information will be fetched from the KDC; in this -case the -e flag may be omitted, or it may be supplied to force a -particular enctype. If the -f flag is not specified, the -e -flag must be specified, and the default salt will be used unless -overridden with the -s option.

-

Alias: addent

-
-
-

list_requests¶

-
-

list_requests

-
-

Displays a listing of available commands.

-

Aliases: lr, ?

-
-
-

quit¶

-
-

quit

-
-

Quits ktutil.

-

Aliases: exit, q

-
-
-
-

EXAMPLE¶

-
-
ktutil:  add_entry -password -p alice@BLEEP.COM -k 1 -e
-    aes128-cts-hmac-sha1-96
-Password for alice@BLEEP.COM:
-ktutil:  add_entry -password -p alice@BLEEP.COM -k 1 -e
-    aes256-cts-hmac-sha1-96
-Password for alice@BLEEP.COM:
-ktutil:  write_kt alice.keytab
-ktutil:
-
-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kadmin, kdb5_util, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/admin_commands/sserver.html b/krb5-1.21.3/doc/html/admin/admin_commands/sserver.html deleted file mode 100644 index b8db93f5..00000000 --- a/krb5-1.21.3/doc/html/admin/admin_commands/sserver.html +++ /dev/null @@ -1,271 +0,0 @@ - - - - - - - - - sserver — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

sserver¶

-
-

SYNOPSIS¶

-

sserver -[ -p port ] -[ -S keytab ] -[ server_port ]

-
-
-

DESCRIPTION¶

-

sserver and sclient are a simple demonstration client/server -application. When sclient connects to sserver, it performs a Kerberos -authentication, and then sserver returns to sclient the Kerberos -principal which was used for the Kerberos authentication. It makes a -good test that Kerberos has been successfully installed on a machine.

-

The service name used by sserver and sclient is sample. Hence, -sserver will require that there be a keytab entry for the service -sample/hostname.domain.name@REALM.NAME. This keytab is generated -using the kadmin program. The keytab file is usually -installed as DEFKTNAME.

-

The -S option allows for a different keytab than the default.

-

sserver is normally invoked out of inetd(8), using a line in -/etc/inetd.conf that looks like this:

-
sample stream tcp nowait root /usr/local/sbin/sserver sserver
-
-
-

Since sample is normally not a port defined in /etc/services, -you will usually have to add a line to /etc/services which looks -like this:

-
sample          13135/tcp
-
-
-

When using sclient, you will first have to have an entry in the -Kerberos database, by using kadmin, and then you have to get -Kerberos tickets, by using kinit. Also, if you are running -the sclient program on a different host than the sserver it will be -connecting to, be sure that both hosts have an entry in /etc/services -for the sample tcp port, and that the same port number is in both -files.

-

When you run sclient you should see something like this:

-
sendauth succeeded, reply is:
-reply len 32, contents:
-You are nlgilman@JIMI.MIT.EDU
-
-
-
-
-

COMMON ERROR MESSAGES¶

-
    -
  1. kinit returns the error:

    -
    kinit: Client not found in Kerberos database while getting
    -       initial credentials
    -
    -
    -

    This means that you didn’t create an entry for your username in the -Kerberos database.

    -
  2. -
  3. sclient returns the error:

    -
    unknown service sample/tcp; check /etc/services
    -
    -
    -

    This means that you don’t have an entry in /etc/services for the -sample tcp port.

    -
  4. -
  5. sclient returns the error:

    -
    connect: Connection refused
    -
    -
    -

    This probably means you didn’t edit /etc/inetd.conf correctly, or -you didn’t restart inetd after editing inetd.conf.

    -
  6. -
  7. sclient returns the error:

    -
    sclient: Server not found in Kerberos database while using
    -         sendauth
    -
    -
    -

    This means that the sample/hostname@LOCAL.REALM service was not -defined in the Kerberos database; it should be created using -kadmin, and a keytab file needs to be generated to make -the key for that service principal available for sclient.

    -
  8. -
  9. sclient returns the error:

    -
    sendauth rejected, error reply is:
    -    "No such file or directory"
    -
    -
    -

    This probably means sserver couldn’t find the keytab file. It was -probably not installed in the proper directory.

    -
  10. -
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

sclient, kerberos, services(5), inetd(8)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/advanced/index.html b/krb5-1.21.3/doc/html/admin/advanced/index.html deleted file mode 100644 index 5b65f238..00000000 --- a/krb5-1.21.3/doc/html/admin/advanced/index.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - Advanced topics — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/advanced/retiring-des.html b/krb5-1.21.3/doc/html/admin/advanced/retiring-des.html deleted file mode 100644 index 40ba435f..00000000 --- a/krb5-1.21.3/doc/html/admin/advanced/retiring-des.html +++ /dev/null @@ -1,548 +0,0 @@ - - - - - - - - - Retiring DES — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Retiring DES¶

-

Version 5 of the Kerberos protocol was originally implemented using -the Data Encryption Standard (DES) as a block cipher for encryption. -While it was considered secure at the time, advancements in computational -ability have rendered DES vulnerable to brute force attacks on its 56-bit -keyspace. As such, it is now considered insecure and should not be -used (RFC 6649).

-
-

History¶

-

DES was used in the original Kerberos implementation, and was the -only cryptosystem in krb5 1.0. Partial support for triple-DES (3DES) was -added in version 1.1, with full support following in version 1.2. -The Advanced Encryption Standard (AES), which supersedes DES, gained -partial support in version 1.3.0 of krb5 and full support in version 1.3.2. -However, deployments of krb5 using Kerberos databases created with older -versions of krb5 will not necessarily start using strong crypto for -ordinary operation without administrator intervention.

-

MIT krb5 began flagging deprecated encryption types with release 1.17, -and removed DES (single-DES) support in release 1.18. As a -consequence, a release prior to 1.18 is required to perform these -migrations.

-
-
-

Types of keys¶

-
    -
  • The database master key: This key is not exposed to user requests, -but is used to encrypt other key material stored in the kerberos -database. The database master key is currently stored as K/M -by default.

  • -
  • Password-derived keys: User principals frequently have keys -derived from a password. When a new password is set, the KDC -uses various string2key functions to generate keys in the database -for that principal.

  • -
  • Keytab keys: Application server principals generally use random -keys which are not derived from a password. When the database -entry is created, the KDC generates random keys of various enctypes -to enter in the database, which are conveyed to the application server -and stored in a keytab.

  • -
  • Session keys: These are short-term keys generated by the KDC while -processing client requests, with an enctype selected by the KDC.

  • -
-

For details on the various enctypes and how enctypes are selected by the KDC -for session keys and client/server long-term keys, see Encryption types. -When using the kadmin interface to generate new long-term keys, -the -e argument can be used to force a particular set of enctypes, -overriding the KDC default values.

-
-

Note

-

When the KDC is selecting a session key, it has no knowledge about the -kerberos installation on the server which will receive the service ticket, -only what keys are in the database for the service principal. -In order to allow uninterrupted operation to -clients while migrating away from DES, care must be taken to ensure that -kerberos installations on application server machines are configured to -support newer encryption types before keys of those new encryption types -are created in the Kerberos database for those server principals.

-
-
-
-

Upgrade procedure¶

-

This procedure assumes that the KDC software has already been upgraded -to a modern version of krb5 that supports non-DES keys, so that the -only remaining task is to update the actual keys used to service requests. -The realm used for demonstrating this procedure, ZONE.MIT.EDU, -is an example of the worst-case scenario, where all keys in the realm -are DES. The realm was initially created with a very old version of krb5, -and supported_enctypes in kdc.conf was set to a value -appropriate when the KDC was installed, but was not updated as the KDC -was upgraded:

-
[realms]
-        ZONE.MIT.EDU = {
-                [...]
-                master_key_type = des-cbc-crc
-                supported_enctypes = des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
-        }
-
-
-

This resulted in the keys for all principals in the realm being forced -to DES-only, unless specifically requested using kadmin.

-

Before starting the upgrade, all KDCs were running krb5 1.11, -and the database entries for some “high-value†principals were:

-
[root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc krbtgt/ZONE.MIT.EDU'
-[...]
-Number of keys: 1
-Key: vno 1, des-cbc-crc:v4
-[...]
-[root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc kadmin/admin'
-[...]
-Number of keys: 1
-Key: vno 15, des-cbc-crc
-[...]
-[root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc kadmin/changepw'
-[...]
-Number of keys: 1
-Key: vno 14, des-cbc-crc
-[...]
-
-
-

The krbtgt/REALM key appears to have never been changed since creation -(its kvno is 1), and all three database entries have only a des-cbc-crc key.

-
-

The krbtgt key and KDC keys¶

-

Perhaps the biggest single-step improvement in the security of the cell -is gained by strengthening the key of the ticket-granting service principal, -krbtgt/REALM—if this principal’s key is compromised, so is the -entire realm. Since the server that will handle service tickets -for this principal is the KDC itself, it is easy to guarantee that it -will be configured to support any encryption types which might be -selected. However, the default KDC behavior when creating new keys is to -remove the old keys, which would invalidate all existing tickets issued -against that principal, rendering the TGTs cached by clients useless. -Instead, a new key can be created with the old key retained, so that -existing tickets will still function until their scheduled expiry -(see Changing the krbtgt key).

-
[root@casio krb5kdc]# enctypes=aes256-cts-hmac-sha1-96:normal,\
-> aes128-cts-hmac-sha1-96:normal,des3-hmac-sha1:normal,des-cbc-crc:normal
-[root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -e ${enctypes} -randkey \
-> -keepold krbtgt/ZONE.MIT.EDU"
-Authenticating as principal root/admin@ZONE.MIT.EDU with password.
-Key for "krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU" randomized.
-
-
-
-

Note

-

The new krbtgt@REALM key should be propagated to replica KDCs -immediately so that TGTs issued by the primary KDC can be used to -issue service tickets on replica KDCs. Replica KDCs will refuse -requests using the new TGT kvno until the new krbtgt entry has -been propagated to them.

-
-

It is necessary to explicitly specify the enctypes for the new database -entry, since supported_enctypes has not been changed. Leaving -supported_enctypes unchanged makes a potential rollback operation -easier, since all new keys of new enctypes are the result of explicit -administrator action and can be easily enumerated. -Upgrading the krbtgt key should have minimal user-visible disruption other -than that described in the note above, since only clients which list the -new enctypes as supported will use them, per the procedure -in Session key selection. -Once the krbtgt key is updated, the session and ticket keys for user -TGTs will be strong keys, but subsequent requests -for service tickets will still get DES keys until the service principals -have new keys generated. Application service -remains uninterrupted due to the key-selection procedure on the KDC.

-

After the change, the database entry is now:

-
[root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'getprinc krbtgt/ZONE.MIT.EDU'
-[...]
-Number of keys: 5
-Key: vno 2, aes256-cts-hmac-sha1-96
-Key: vno 2, aes128-cts-hmac-sha1-96
-Key: vno 2, des3-cbc-sha1
-Key: vno 2, des-cbc-crc
-Key: vno 1, des-cbc-crc:v4
-[...]
-
-
-

Since the expected disruptions from rekeying the krbtgt principal are -minor, after a short testing period, it is -appropriate to rekey the other high-value principals, kadmin/admin@REALM -and kadmin/changepw@REALM. These are the service principals used for -changing user passwords and updating application keytabs. The kadmin -and password-changing services are regular kerberized services, so the -session-key-selection algorithm described in Session key selection -applies. It is particularly important to have strong session keys for -these services, since user passwords and new long-term keys are conveyed -over the encrypted channel.

-
[root@casio krb5kdc]# enctypes=aes256-cts-hmac-sha1-96:normal,\
-> aes128-cts-hmac-sha1-96:normal,des3-hmac-sha1:normal
-[root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -e ${enctypes} -randkey \
-> kadmin/admin"
-Authenticating as principal root/admin@ZONE.MIT.EDU with password.
-Key for "kadmin/admin@ZONE.MIT.EDU" randomized.
-[root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -e ${enctypes} -randkey \
-> kadmin/changepw"
-Authenticating as principal root/admin@ZONE.MIT.EDU with password.
-Key for "kadmin/changepw@ZONE.MIT.EDU" randomized.
-
-
-

It is not necessary to retain a single-DES key for these services, since -password changes are not part of normal daily workflow, and disruption -from a client failure is likely to be minimal. Furthermore, if a kerberos -client experiences failure changing a user password or keytab key, -this indicates that that client will become inoperative once services -are rekeyed to non-DES enctypes. Such problems can be detected early -at this stage, giving more time for corrective action.

-
-
-

Adding strong keys to application servers¶

-

Before switching the default enctypes for new keys over to strong enctypes, -it may be desired to test upgrading a handful of services with the -new configuration before flipping the switch for the defaults. This -still requires using the -e argument in kadmin to get non-default -enctypes:

-
[root@casio krb5kdc]# enctypes=aes256-cts-hmac-sha1-96:normal,\
-> aes128-cts-hmac-sha1-96:normal,des3-cbc-sha1:normal,des-cbc-crc:normal
-[root@casio krb5kdc]# kadmin -r ZONE.MIT.EDU -p zephyr/zephyr@ZONE.MIT.EDU -k -t \
-> /etc/zephyr/krb5.keytab  -q "ktadd -e ${enctypes} \
-> -k /etc/zephyr/krb5.keytab zephyr/zephyr@ZONE.MIT.EDU"
-Authenticating as principal zephyr/zephyr@ZONE.MIT.EDU with keytab /etc/zephyr/krb5.keytab.
-Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/etc/zephyr/krb5.keytab.
-Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/etc/zephyr/krb5.keytab.
-Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type des3-cbc-sha1 added to keytab WRFILE:/etc/zephyr/krb5.keytab.
-Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 4, encryption type des-cbc-crc added to keytab WRFILE:/etc/zephyr/krb5.keytab.
-
-
-

Be sure to remove the old keys from the application keytab, per best -practice.

-
[root@casio krb5kdc]# k5srvutil -f /etc/zephyr/krb5.keytab delold
-Authenticating as principal zephyr/zephyr@ZONE.MIT.EDU with keytab /etc/zephyr/krb5.keytab.
-Entry for principal zephyr/zephyr@ZONE.MIT.EDU with kvno 3 removed from keytab WRFILE:/etc/zephyr/krb5.keytab.
-
-
-
-
-

Adding strong keys by default¶

-

Once the high-visibility services have been rekeyed, it is probably -appropriate to change kdc.conf to generate keys with the new -encryption types by default. This enables server administrators to generate -new enctypes with the change subcommand of k5srvutil, -and causes user password -changes to add new encryption types for their entries. It will probably -be necessary to implement administrative controls to cause all user -principal keys to be updated in a reasonable period of time, whether -by forcing password changes or a password synchronization service that -has access to the current password and can add the new keys.

-
[realms]
-        ZONE.MIT.EDU = {
-                supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des3-hmac-sha1:normal des-cbc-crc:normal
-
-
-
-

Note

-

The krb5kdc process must be restarted for these changes to take effect.

-
-

At this point, all service administrators can update their services and the -servers behind them to take advantage of strong cryptography. -If necessary, the server’s krb5 installation should be configured and/or -upgraded to a version supporting non-DES keys. See Encryption types for -krb5 version and configuration settings. -Only when the service is configured to accept non-DES keys should -the key version number be incremented and new keys generated -(k5srvutil change && k5srvutil delold).

-
root@dr-willy:~# k5srvutil change
-Authenticating as principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with keytab /etc/krb5.keytab.
-Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab.
-Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab.
-Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab.
-Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 3, encryption type DES cbc mode with CRC-32 added to keytab WRFILE:/etc/krb5.keytab.
-root@dr-willy:~# klist -e -k -t /etc/krb5.keytab
-Keytab name: WRFILE:/etc/krb5.keytab
-KVNO Timestamp         Principal
----- ----------------- --------------------------------------------------------
-   2 10/10/12 17:03:59 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (DES cbc mode with CRC-32)
-   3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (AES-256 CTS mode with 96-bit SHA-1 HMAC)
-   3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (AES-128 CTS mode with 96-bit SHA-1 HMAC)
-   3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (Triple DES cbc mode with HMAC/sha1)
-   3 12/12/12 15:31:19 host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU (DES cbc mode with CRC-32)
-root@dr-willy:~# k5srvutil delold
-Authenticating as principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with keytab /etc/krb5.keytab.
-Entry for principal host/dr-willy.xvm.mit.edu@ZONE.MIT.EDU with kvno 2 removed from keytab WRFILE:/etc/krb5.keytab.
-
-
-

When a single service principal is shared by multiple backend servers in -a load-balanced environment, it may be necessary to schedule downtime -or adjust the population in the load-balanced pool in order to propagate -the updated keytab to all hosts in the pool with minimal service interruption.

-
-
-

Removing DES keys from usage¶

-

This situation remains something of a testing or transitory state, -as new DES keys are still being generated, and will be used if requested -by a client. To make more progress removing DES from the realm, the KDC -should be configured to not generate such keys by default.

-
-

Note

-

An attacker posing as a client can implement a brute force attack against -a DES key for any principal, if that key is in the current (highest-kvno) -key list. This attack is only possible if allow_weak_crypto = true -is enabled on the KDC. Setting the +requires_preauth flag on a -principal forces this attack to be an online attack, much slower than -the offline attack otherwise available to the attacker. However, setting -this flag on a service principal is not always advisable; see the entry in -add_principal for details.

-
-

The following KDC configuration will not generate DES keys by default:

-
[realms]
-        ZONE.MIT.EDU = {
-                supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal des3-hmac-sha1:normal
-
-
-
-

Note

-

As before, the KDC process must be restarted for this change to take -effect. It is best practice to update kdc.conf on all KDCs, not just the -primary, to avoid unpleasant surprises should the primary fail and a -replica need to be promoted.

-
-

It is now appropriate to remove the legacy single-DES key from the -krbtgt/REALM entry:

-
[root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q "cpw -randkey -keepold \
-> krbtgt/ZONE.MIT.EDU"
-Authenticating as principal host/admin@ATHENA.MIT.EDU with password.
-Key for "krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU" randomized.
-
-
-

After the maximum ticket lifetime has passed, the old database entry -should be removed.

-
[root@casio krb5kdc]# kadmin.local -r ZONE.MIT.EDU -q 'purgekeys krbtgt/ZONE.MIT.EDU'
-Authenticating as principal root/admin@ZONE.MIT.EDU with password.
-Old keys for principal "krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU" purged.
-
-
-

After the KDC is restarted with the new supported_enctypes, -all user password changes and application keytab updates will not -generate DES keys by default.

-
contents-vnder-pressvre:~> kpasswd zonetest@ZONE.MIT.EDU
-Password for zonetest@ZONE.MIT.EDU:  [enter old password]
-Enter new password:                  [enter new password]
-Enter it again:                      [enter new password]
-Password changed.
-contents-vnder-pressvre:~> kadmin -r ZONE.MIT.EDU -q 'getprinc zonetest'
-[...]
-Number of keys: 3
-Key: vno 9, aes256-cts-hmac-sha1-96
-Key: vno 9, aes128-cts-hmac-sha1-96
-Key: vno 9, des3-cbc-sha1
-[...]
-
-[kaduk@glossolalia ~]$ kadmin -p kaduk@ZONE.MIT.EDU -r ZONE.MIT.EDU -k \
-> -t kaduk-zone.keytab -q 'ktadd -k kaduk-zone.keytab kaduk@ZONE.MIT.EDU'
-Authenticating as principal kaduk@ZONE.MIT.EDU with keytab kaduk-zone.keytab.
-Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:kaduk-zone.keytab.
-Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:kaduk-zone.keytab.
-Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type des3-cbc-sha1 added to keytab WRFILE:kaduk-zone.keytab.
-
-
-

Once all principals have been re-keyed, DES support can be disabled on the -KDC (allow_weak_crypto = false), and client machines can remove -allow_weak_crypto = true from their krb5.conf configuration -files, completing the migration. allow_weak_crypto takes precedence over -all places where DES enctypes could be explicitly configured. DES keys will -not be used, even if they are present, when allow_weak_crypto = false.

-
-
-

Support for legacy services¶

-

If there remain legacy services which do not support non-DES enctypes -(such as older versions of AFS), allow_weak_crypto must remain -enabled on the KDC. Client machines need not have this setting, -though—applications which require DES can use API calls to allow -weak crypto on a per-request basis, overriding the system krb5.conf. -However, having allow_weak_crypto set on the KDC means that any -principals which have a DES key in the database could still use those -keys. To minimize the use of DES in the realm and restrict it to just -legacy services which require DES, it is necessary to remove all other -DES keys. The realm has been configured such that at password and -keytab change, no DES keys will be generated by default. The task -then reduces to requiring user password changes and having server -administrators update their service keytabs. Administrative outreach -will be necessary, and if the desire to eliminate DES is sufficiently -strong, the KDC administrators may choose to randkey any principals -which have not been rekeyed after some timeout period, forcing the -user to contact the helpdesk for access.

-
-
-
-

The Database Master Key¶

-

This procedure does not alter K/M@REALM, the key used to encrypt key -material in the Kerberos database. (This is the key stored in the stash file -on the KDC if stash files are used.) However, the security risk of -a single-DES key for K/M is minimal, given that access to material -encrypted in K/M (the Kerberos database) is generally tightly controlled. -If an attacker can gain access to the encrypted database, they likely -have access to the stash file as well, rendering the weak cryptography -broken by non-cryptographic means. As such, upgrading K/M to a stronger -encryption type is unlikely to be a high-priority task.

-

Is is possible to upgrade the master key used for the database, if -desired. Using kdb5_util’s add_mkey, use_mkey, and -update_princ_encryption commands, a new master key can be added -and activated for use on new key material, and the existing entries -converted to the new master key.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/appl_servers.html b/krb5-1.21.3/doc/html/admin/appl_servers.html deleted file mode 100644 index 4b92f4f5..00000000 --- a/krb5-1.21.3/doc/html/admin/appl_servers.html +++ /dev/null @@ -1,306 +0,0 @@ - - - - - - - - - Application servers — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Application servers¶

-

If you need to install the Kerberos V5 programs on an application -server, please refer to the Kerberos V5 Installation Guide. Once you -have installed the software, you need to add that host to the Kerberos -database (see Principals), and generate a keytab for that host, -that contains the host’s key. You also need to make sure the host’s -clock is within your maximum clock skew of the KDCs.

-
-

Keytabs¶

-

A keytab is a host’s copy of its own keylist, which is analogous to a -user’s password. An application server that needs to authenticate -itself to the KDC has to have a keytab that contains its own principal -and key. Just as it is important for users to protect their -passwords, it is equally important for hosts to protect their keytabs. -You should always store keytab files on local disk, and make them -readable only by root, and you should never send a keytab file over a -network in the clear. Ideally, you should run the kadmin -command to extract a keytab on the host on which the keytab is to -reside.

-
-

Adding principals to keytabs¶

-

To generate a keytab, or to add a principal to an existing keytab, use -the ktadd command from kadmin. Here is a sample session, using -configuration files that enable only AES encryption:

-
kadmin: ktadd host/daffodil.mit.edu@ATHENA.MIT.EDU
-Entry for principal host/daffodil.mit.edu with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab
-Entry for principal host/daffodil.mit.edu with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab
-
-
-
-
-

Removing principals from keytabs¶

-

To remove a principal from an existing keytab, use the kadmin -ktremove command:

-
kadmin:  ktremove host/daffodil.mit.edu@ATHENA.MIT.EDU
-Entry for principal host/daffodil.mit.edu with kvno 2 removed from keytab FILE:/etc/krb5.keytab.
-Entry for principal host/daffodil.mit.edu with kvno 2 removed from keytab FILE:/etc/krb5.keytab.
-
-
-
-
-

Using a keytab to acquire client credentials¶

-

While keytabs are ordinarily used to accept credentials from clients, -they can also be used to acquire initial credentials, allowing one -service to authenticate to another.

-

To manually obtain credentials using a keytab, use the kinit --k option, together with the -t option if the keytab is not in -the default location.

-

Beginning with release 1.11, GSSAPI applications can be configured to -automatically obtain initial credentials from a keytab as needed. The -recommended configuration is as follows:

-
    -
  1. Create a keytab containing a single entry for the desired client -identity.

  2. -
  3. Place the keytab in a location readable by the service, and set the -KRB5_CLIENT_KTNAME environment variable to its filename. -Alternatively, use the default_client_keytab_name profile -variable in [libdefaults], or use the default location of -DEFCKTNAME.

  4. -
  5. Set KRB5CCNAME to a filename writable by the service, which -will not be used for any other purpose. Do not manually obtain -credentials at this location. (Another credential cache type -besides FILE can be used if desired, as long the cache will not -conflict with another use. A MEMORY cache can be used if the -service runs as a long-lived process. See Credential cache -for details.)

  6. -
  7. Start the service. When it authenticates using GSSAPI, it will -automatically obtain credentials from the client keytab into the -specified credential cache, and refresh them before they expire.

  8. -
-
-
-
-

Clock Skew¶

-

A Kerberos application server host must keep its clock synchronized or -it will reject authentication requests from clients. Modern operating -systems typically provide a facility to maintain the correct time; -make sure it is enabled. This is especially important on virtual -machines, where clocks tend to drift more rapidly than normal machine -clocks.

-

The default allowable clock skew is controlled by the clockskew -variable in [libdefaults].

-
-
-

Getting DNS information correct¶

-

Several aspects of Kerberos rely on name service. When a hostname is -used to name a service, clients may canonicalize the hostname using -forward and possibly reverse name resolution. The result of this -canonicalization must match the principal entry in the host’s keytab, -or authentication will fail. To work with all client canonicalization -configurations, each host’s canonical name must be the fully-qualified -host name (including the domain), and each host’s IP address must -reverse-resolve to the canonical name.

-

Configuration of hostnames varies by operating system. On the -application server itself, canonicalization will typically use the -/etc/hosts file rather than the DNS. Ensure that the line for the -server’s hostname is in the following form:

-
IP address      fully-qualified hostname        aliases
-
-
-

Here is a sample /etc/hosts file:

-
# this is a comment
-127.0.0.1      localhost localhost.mit.edu
-10.0.0.6       daffodil.mit.edu daffodil trillium wake-robin
-
-
-

The output of klist -k for this example host should look like:

-
viola# klist -k
-Keytab name: /etc/krb5.keytab
-KVNO Principal
----- ------------------------------------------------------------
-   2 host/daffodil.mit.edu@ATHENA.MIT.EDU
-
-
-

If you were to ssh to this host with a fresh credentials cache (ticket -file), and then klist, the output should list a service -principal of host/daffodil.mit.edu@ATHENA.MIT.EDU.

-
-
-

Configuring your firewall to work with Kerberos V5¶

-

If you need off-site users to be able to get Kerberos tickets in your -realm, they must be able to get to your KDC. This requires either -that you have a replica KDC outside your firewall, or that you -configure your firewall to allow UDP requests into at least one of -your KDCs, on whichever port the KDC is running. (The default is port -88; other ports may be specified in the KDC’s kdc.conf -file.) Similarly, if you need off-site users to be able to change -their passwords in your realm, they must be able to get to your -Kerberos admin server on the kpasswd port (which defaults to 464). If -you need off-site users to be able to administer your Kerberos realm, -they must be able to get to your Kerberos admin server on the -administrative port (which defaults to 749).

-

If your on-site users inside your firewall will need to get to KDCs in -other realms, you will also need to configure your firewall to allow -outgoing TCP and UDP requests to port 88, and to port 464 to allow -password changes. If your on-site users inside your firewall will -need to get to Kerberos admin servers in other realms, you will also -need to allow outgoing TCP and UDP requests to port 749.

-

If any of your KDCs are outside your firewall, you will need to allow -kprop requests to get through to the remote KDC. kprop uses -the krb5_prop service on port 754 (tcp).

-

The book UNIX System Security, by David Curry, is a good starting -point for learning to configure firewalls.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/auth_indicator.html b/krb5-1.21.3/doc/html/admin/auth_indicator.html deleted file mode 100644 index 1ac39373..00000000 --- a/krb5-1.21.3/doc/html/admin/auth_indicator.html +++ /dev/null @@ -1,201 +0,0 @@ - - - - - - - - - Authentication indicators — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Authentication indicators¶

-

As of release 1.14, the KDC can be configured to annotate tickets if -the client authenticated using a stronger preauthentication mechanism -such as PKINIT or OTP. These -annotations are called “authentication indicators.†Service -principals can be configured to require particular authentication -indicators in order to authenticate to that service. An -authentication indicator value can be any string chosen by the KDC -administrator; there are no pre-set values.

-

To use authentication indicators with PKINIT or OTP, first configure -the KDC to include an indicator when that preauthentication mechanism -is used. For PKINIT, use the pkinit_indicator variable in -kdc.conf. For OTP, use the indicator variable in the -token type definition, or specify the indicators in the otp user -string as described in OTP Preauthentication.

-

To require an indicator to be present in order to authenticate to a -service principal, set the require_auth string attribute on the -principal to the indicator value to be required. If you wish to allow -one of several indicators to be accepted, you can specify multiple -indicator values separated by spaces.

-

For example, a realm could be configured to set the authentication -indicator value “strong†when PKINIT is used to authenticate, using a -setting in the [realms] subsection:

-
pkinit_indicator = strong
-
-
-

A service principal could be configured to require the “strong†-authentication indicator value:

-
$ kadmin setstr host/high.value.server require_auth strong
-Password for user/admin@KRBTEST.COM:
-
-
-

A user who authenticates with PKINIT would be able to obtain a ticket -for the service principal:

-
$ kinit -X X509_user_identity=FILE:/my/cert.pem,/my/key.pem user
-$ kvno host/high.value.server
-host/high.value.server@KRBTEST.COM: kvno = 1
-
-
-

but a user who authenticates with a password would not:

-
$ kinit user
-Password for user@KRBTEST.COM:
-$ kvno host/high.value.server
-kvno: KDC policy rejects request while getting credentials for
-  host/high.value.server@KRBTEST.COM
-
-
-

GSSAPI server applications can inspect authentication indicators -through the auth-indicators name -attribute.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/backup_host.html b/krb5-1.21.3/doc/html/admin/backup_host.html deleted file mode 100644 index ebf2954a..00000000 --- a/krb5-1.21.3/doc/html/admin/backup_host.html +++ /dev/null @@ -1,184 +0,0 @@ - - - - - - - - - Backups of secure hosts — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Backups of secure hosts¶

-

When you back up a secure host, you should exclude the host’s keytab -file from the backup. If someone obtained a copy of the keytab from a -backup, that person could make any host masquerade as the host whose -keytab was compromised. In many configurations, knowledge of the -host’s keytab also allows root access to the host. This could be -particularly dangerous if the compromised keytab was from one of your -KDCs. If the machine has a disk crash and the keytab file is lost, it -is easy to generate another keytab file. (See Adding principals to keytabs.) -If you are unable to exclude particular files from backups, you should -ensure that the backups are kept as secure as the host’s root -password.

-
-

Backing up the Kerberos database¶

-

As with any file, it is possible that your Kerberos database could -become corrupted. If this happens on one of the replica KDCs, you -might never notice, since the next automatic propagation of the -database would install a fresh copy. However, if it happens to the -primary KDC, the corrupted database would be propagated to all of the -replicas during the next propagation. For this reason, MIT recommends -that you back up your Kerberos database regularly. Because the primary -KDC is continuously dumping the database to a file in order to -propagate it to the replica KDCs, it is a simple matter to have a cron -job periodically copy the dump file to a secure machine elsewhere on -your network. (Of course, it is important to make the host where -these backups are stored as secure as your KDCs, and to encrypt its -transmission across your network.) Then if your database becomes -corrupted, you can load the most recent dump onto the primary KDC. -(See Dumping and loading a Kerberos database.)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/conf_files/index.html b/krb5-1.21.3/doc/html/admin/conf_files/index.html deleted file mode 100644 index 57c59b1e..00000000 --- a/krb5-1.21.3/doc/html/admin/conf_files/index.html +++ /dev/null @@ -1,178 +0,0 @@ - - - - - - - - - Configuration Files — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Configuration Files¶

-

Kerberos uses configuration files to allow administrators to specify -settings on a per-machine basis. krb5.conf applies to all -applications using the Kerboros library, on clients and servers. -For KDC-specific applications, additional settings can be specified in -kdc.conf; the two files are merged into a configuration profile -used by applications accessing the KDC database directly. kadm5.acl -is also only used on the KDC, it controls permissions for modifying the -KDC database.

-
-

Contents¶

- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/conf_files/kadm5_acl.html b/krb5-1.21.3/doc/html/admin/conf_files/kadm5_acl.html deleted file mode 100644 index 611864b3..00000000 --- a/krb5-1.21.3/doc/html/admin/conf_files/kadm5_acl.html +++ /dev/null @@ -1,337 +0,0 @@ - - - - - - - - - kadm5.acl — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kadm5.acl¶

-
-

DESCRIPTION¶

-

The Kerberos kadmind daemon uses an Access Control List -(ACL) file to manage access rights to the Kerberos database. -For operations that affect principals, the ACL file also controls -which principals can operate on which other principals.

-

The default location of the Kerberos ACL file is -LOCALSTATEDIR/krb5kdc/kadm5.acl unless this is overridden by the acl_file -variable in kdc.conf.

-
-
-

SYNTAX¶

-

Empty lines and lines starting with the sharp sign (#) are -ignored. Lines containing ACL entries have the format:

-
principal  permissions  [target_principal  [restrictions] ]
-
-
-
-

Note

-

Line order in the ACL file is important. The first matching entry -will control access for an actor principal on a target principal.

-
-
-
principal

(Partially or fully qualified Kerberos principal name.) Specifies -the principal whose permissions are to be set.

-

Each component of the name may be wildcarded using the * -character.

-
-
permissions

Specifies what operations may or may not be performed by a -principal matching a particular entry. This is a string of one or -more of the following list of characters or their upper-case -counterparts. If the character is upper-case, then the operation -is disallowed. If the character is lower-case, then the operation -is permitted.

- ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

a

[Dis]allows the addition of principals or policies

c

[Dis]allows the changing of passwords for principals

d

[Dis]allows the deletion of principals or policies

e

[Dis]allows the extraction of principal keys

i

[Dis]allows inquiries about principals or policies

l

[Dis]allows the listing of all principals or policies

m

[Dis]allows the modification of principals or policies

p

[Dis]allows the propagation of the principal database (used in Incremental database propagation)

s

[Dis]allows the explicit setting of the key for a principal

x

Short for admcilsp. All privileges (except e)

*

Same as x.

-
-
-
-

Note

-

The extract privilege is not included in the wildcard -privilege; it must be explicitly assigned. This privilege -allows the user to extract keys from the database, and must be -handled with great care to avoid disclosure of important keys -like those of the kadmin/* or krbtgt/* principals. The -lockdown_keys principal attribute can be used to prevent -key extraction from specific principals regardless of the -granted privilege.

-
-
-
target_principal

(Optional. Partially or fully qualified Kerberos principal name.) -Specifies the principal on which permissions may be applied. -Each component of the name may be wildcarded using the * -character.

-

target_principal can also include back-references to principal, -in which *number matches the corresponding wildcard in -principal.

-
-
restrictions

(Optional) A string of flags. Allowed restrictions are:

-
-
-
{+|-}flagname

flag is forced to the indicated value. The permissible flags -are the same as those for the default_principal_flags -variable in kdc.conf.

-
-
-clearpolicy

policy is forced to be empty.

-
-
-policy pol

policy is forced to be pol.

-
-
-{expire, pwexpire, maxlife, maxrenewlife} time

(getdate time string) associated value will be forced to -MIN(time, requested value).

-
-
-
-

The above flags act as restrictions on any add or modify operation -which is allowed due to that ACL line.

-
-
-
-

Warning

-

If the kadmind ACL file is modified, the kadmind daemon needs to be -restarted for changes to take effect.

-
-
-
-

EXAMPLE¶

-

Here is an example of a kadm5.acl file:

-
*/admin@ATHENA.MIT.EDU    *                               # line 1
-joeadmin@ATHENA.MIT.EDU   ADMCIL                          # line 2
-joeadmin/*@ATHENA.MIT.EDU i   */root@ATHENA.MIT.EDU       # line 3
-*/root@ATHENA.MIT.EDU     ci  *1@ATHENA.MIT.EDU           # line 4
-*/root@ATHENA.MIT.EDU     l   *                           # line 5
-sms@ATHENA.MIT.EDU        x   * -maxlife 9h -postdateable # line 6
-
-
-

(line 1) Any principal in the ATHENA.MIT.EDU realm with an -admin instance has all administrative privileges except extracting -keys.

-

(lines 1-3) The user joeadmin has all permissions except -extracting keys with his admin instance, -joeadmin/admin@ATHENA.MIT.EDU (matches line 1). He has no -permissions at all with his null instance, joeadmin@ATHENA.MIT.EDU -(matches line 2). His root and other non-admin, non-null -instances (e.g., extra or dbadmin) have inquire permissions -with any principal that has the instance root (matches line 3).

-

(line 4) Any root principal in ATHENA.MIT.EDU can inquire -or change the password of their null instance, but not any other -null instance. (Here, *1 denotes a back-reference to the -component matching the first wildcard in the actor principal.)

-

(line 5) Any root principal in ATHENA.MIT.EDU can generate -the list of principals in the database, and the list of policies -in the database. This line is separate from line 4, because list -permission can only be granted globally, not to specific target -principals.

-

(line 6) Finally, the Service Management System principal -sms@ATHENA.MIT.EDU has all permissions except extracting keys, but -any principal that it creates or modifies will not be able to get -postdateable tickets or tickets with a life of longer than 9 hours.

-
-
-

MODULE BEHAVIOR¶

-

The ACL file can coexist with other authorization modules in release -1.16 and later, as configured in the kadm5_auth interface section of -krb5.conf. The ACL file will positively authorize -operations according to the rules above, but will never -authoritatively deny an operation, so other modules can authorize -operations in addition to those authorized by the ACL file.

-

To operate without an ACL file, set the acl_file variable in -kdc.conf to the empty string with acl_file = "".

-
-
-

SEE ALSO¶

-

kdc.conf, kadmind

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/conf_files/kdc_conf.html b/krb5-1.21.3/doc/html/admin/conf_files/kdc_conf.html deleted file mode 100644 index dc6876d6..00000000 --- a/krb5-1.21.3/doc/html/admin/conf_files/kdc_conf.html +++ /dev/null @@ -1,1073 +0,0 @@ - - - - - - - - - kdc.conf — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kdc.conf¶

-

The kdc.conf file supplements krb5.conf for programs which -are typically only used on a KDC, such as the krb5kdc and -kadmind daemons and the kdb5_util program. -Relations documented here may also be specified in krb5.conf; for the -KDC programs mentioned, krb5.conf and kdc.conf will be merged into a -single configuration profile.

-

Normally, the kdc.conf file is found in the KDC state directory, -LOCALSTATEDIR/krb5kdc. You can override the default location by setting the -environment variable KRB5_KDC_PROFILE.

-

Please note that you need to restart the KDC daemon for any configuration -changes to take effect.

-
-

Structure¶

-

The kdc.conf file is set up in the same format as the -krb5.conf file.

-
-
-

Sections¶

-

The kdc.conf file may contain the following sections:

- ---- - - - - - - - - - - - - - - - - - -

[kdcdefaults]

Default values for KDC behavior

[realms]

Realm-specific database configuration and settings

[dbdefaults]

Default database settings

[dbmodules]

Per-database settings

[logging]

Controls how Kerberos daemons perform logging

-
-

[kdcdefaults]¶

-

Some relations in the [kdcdefaults] section specify default values for -realm variables, to be used if the [realms] subsection does not -contain a relation for the tag. See the [realms] section for -the definitions of these relations.

-
    -
  • host_based_services

  • -
  • kdc_listen

  • -
  • kdc_ports

  • -
  • kdc_tcp_listen

  • -
  • kdc_tcp_ports

  • -
  • no_host_referral

  • -
  • restrict_anonymous_to_tgt

  • -
-

The following [kdcdefaults] variables have no per-realm equivalent:

-
-
kdc_max_dgram_reply_size

Specifies the maximum packet size that can be sent over UDP. The -default value is 4096 bytes.

-
-
kdc_tcp_listen_backlog

(Integer.) Set the size of the listen queue length for the KDC -daemon. The value may be limited by OS settings. The default -value is 5.

-
-
spake_preauth_kdc_challenge

(String.) Specifies the group for a SPAKE optimistic challenge. -See the spake_preauth_groups variable in [libdefaults] -for possible values. The default is not to issue an optimistic -challenge. (New in release 1.17.)

-
-
-
-
-

[realms]¶

-

Each tag in the [realms] section is the name of a Kerberos realm. The -value of the tag is a subsection where the relations define KDC -parameters for that particular realm. The following example shows how -to define one parameter for the ATHENA.MIT.EDU realm:

-
[realms]
-    ATHENA.MIT.EDU = {
-        max_renewable_life = 7d 0h 0m 0s
-    }
-
-
-

The following tags may be specified in a [realms] subsection:

-
-
acl_file

(String.) Location of the access control list file that -kadmind uses to determine which principals are allowed -which permissions on the Kerberos database. To operate without an -ACL file, set this relation to the empty string with acl_file = -"". The default value is LOCALSTATEDIR/krb5kdc/kadm5.acl. For more -information on Kerberos ACL file see kadm5.acl.

-
-
database_module

(String.) This relation indicates the name of the configuration -section under [dbmodules] for database-specific parameters -used by the loadable database library. The default value is the -realm name. If this configuration section does not exist, default -values will be used for all database parameters.

-
-
database_name

(String, deprecated.) This relation specifies the location of the -Kerberos database for this realm, if the DB2 module is being used -and the [dbmodules] configuration section does not specify a -database name. The default value is LOCALSTATEDIR/krb5kdc/principal.

-
-
default_principal_expiration

(Absolute time string.) Specifies the default expiration date of -principals created in this realm. The default value is 0, which -means no expiration date.

-
-
default_principal_flags

(Flag string.) Specifies the default attributes of principals -created in this realm. The format for this string is a -comma-separated list of flags, with ‘+’ before each flag that -should be enabled and ‘-’ before each flag that should be -disabled. The postdateable, forwardable, tgt-based, -renewable, proxiable, dup-skey, allow-tickets, and -service flags default to enabled.

-

There are a number of possible flags:

-
-
allow-tickets

Enabling this flag means that the KDC will issue tickets for -this principal. Disabling this flag essentially deactivates -the principal within this realm.

-
-
dup-skey

Enabling this flag allows the KDC to issue user-to-user -service tickets for this principal.

-
-
forwardable

Enabling this flag allows the principal to obtain forwardable -tickets.

-
-
hwauth

If this flag is enabled, then the principal is required to -preauthenticate using a hardware device before receiving any -tickets.

-
-
no-auth-data-required

Enabling this flag prevents PAC or AD-SIGNEDPATH data from -being added to service tickets for the principal.

-
-
ok-as-delegate

If this flag is enabled, it hints the client that credentials -can and should be delegated when authenticating to the -service.

-
-
ok-to-auth-as-delegate

Enabling this flag allows the principal to use S4USelf tickets.

-
-
postdateable

Enabling this flag allows the principal to obtain postdateable -tickets.

-
-
preauth

If this flag is enabled on a client principal, then that -principal is required to preauthenticate to the KDC before -receiving any tickets. On a service principal, enabling this -flag means that service tickets for this principal will only -be issued to clients with a TGT that has the preauthenticated -bit set.

-
-
proxiable

Enabling this flag allows the principal to obtain proxy -tickets.

-
-
pwchange

Enabling this flag forces a password change for this -principal.

-
-
pwservice

If this flag is enabled, it marks this principal as a password -change service. This should only be used in special cases, -for example, if a user’s password has expired, then the user -has to get tickets for that principal without going through -the normal password authentication in order to be able to -change the password.

-
-
renewable

Enabling this flag allows the principal to obtain renewable -tickets.

-
-
service

Enabling this flag allows the the KDC to issue service tickets -for this principal. In release 1.17 and later, user-to-user -service tickets are still allowed if the dup-skey flag is -set.

-
-
tgt-based

Enabling this flag allows a principal to obtain tickets based -on a ticket-granting-ticket, rather than repeating the -authentication process that was used to obtain the TGT.

-
-
-
-
dict_file

(String.) Location of the dictionary file containing strings that -are not allowed as passwords. The file should contain one string -per line, with no additional whitespace. If none is specified or -if there is no policy assigned to the principal, no dictionary -checks of passwords will be performed.

-
-
disable_pac

(Boolean value.) If true, the KDC will not issue PACs for this -realm, and S4U2Self and S4U2Proxy operations will be disabled. -The default is false, which will permit the KDC to issue PACs. -New in release 1.20.

-
-
encrypted_challenge_indicator

(String.) Specifies the authentication indicator value that the KDC -asserts into tickets obtained using FAST encrypted challenge -pre-authentication. New in 1.16.

-
-
host_based_services

(Whitespace- or comma-separated list.) Lists services which will -get host-based referral processing even if the server principal is -not marked as host-based by the client.

-
-
iprop_enable

(Boolean value.) Specifies whether incremental database -propagation is enabled. The default value is false.

-
-
iprop_ulogsize

(Integer.) Specifies the maximum number of log entries to be -retained for incremental propagation. The default value is 1000. -Prior to release 1.11, the maximum value was 2500. New in release -1.19.

-
-
iprop_master_ulogsize

The name for iprop_ulogsize prior to release 1.19. Its value is -used as a fallback if iprop_ulogsize is not specified.

-
-
iprop_replica_poll

(Delta time string.) Specifies how often the replica KDC polls -for new updates from the primary. The default value is 2m -(that is, two minutes). New in release 1.17.

-
-
iprop_slave_poll

(Delta time string.) The name for iprop_replica_poll prior to -release 1.17. Its value is used as a fallback if -iprop_replica_poll is not specified.

-
-
iprop_listen

(Whitespace- or comma-separated list.) Specifies the iprop RPC -listening addresses and/or ports for the kadmind daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If kadmind fails to bind -to any of the specified addresses, it will fail to start. The -default (when iprop_enable is true) is to bind to the wildcard -address at the port specified in iprop_port. New in release -1.15.

-
-
iprop_port

(Port number.) Specifies the port number to be used for -incremental propagation. When iprop_enable is true, this -relation is required in the replica KDC configuration file, and -this relation or iprop_listen is required in the primary -configuration file, as there is no default port number. Port -numbers specified in iprop_listen entries will override this -port number for the kadmind daemon.

-
-
iprop_resync_timeout

(Delta time string.) Specifies the amount of time to wait for a -full propagation to complete. This is optional in configuration -files, and is used by replica KDCs only. The default value is 5 -minutes (5m). New in release 1.11.

-
-
iprop_logfile

(File name.) Specifies where the update log file for the realm -database is to be stored. The default is to use the -database_name entry from the realms section of the krb5 config -file, with .ulog appended. (NOTE: If database_name isn’t -specified in the realms section, perhaps because the LDAP database -back end is being used, or the file name is specified in the -[dbmodules] section, then the hard-coded default for -database_name is used. Determination of the iprop_logfile -default value will not use values from the [dbmodules] section.)

-
-
kadmind_listen

(Whitespace- or comma-separated list.) Specifies the kadmin RPC -listening addresses and/or ports for the kadmind daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If kadmind fails to bind -to any of the specified addresses, it will fail to start. The -default is to bind to the wildcard address at the port specified -in kadmind_port, or the standard kadmin port (749). New in -release 1.15.

-
-
kadmind_port

(Port number.) Specifies the port on which the kadmind -daemon is to listen for this realm. Port numbers specified in -kadmind_listen entries will override this port number. The -assigned port for kadmind is 749, which is used by default.

-
-
key_stash_file

(String.) Specifies the location where the master key has been -stored (via kdb5_util stash). The default is LOCALSTATEDIR/krb5kdc/.k5.REALM, where REALM is the Kerberos realm.

-
-
kdc_listen

(Whitespace- or comma-separated list.) Specifies the UDP -listening addresses and/or ports for the krb5kdc daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If no port is specified, -the standard port (88) is used. If the KDC daemon fails to bind -to any of the specified addresses, it will fail to start. The -default is to bind to the wildcard address on the standard port. -New in release 1.15.

-
-
kdc_ports

(Whitespace- or comma-separated list, deprecated.) Prior to -release 1.15, this relation lists the ports for the -krb5kdc daemon to listen on for UDP requests. In -release 1.15 and later, it has the same meaning as kdc_listen -if that relation is not defined.

-
-
kdc_tcp_listen

(Whitespace- or comma-separated list.) Specifies the TCP -listening addresses and/or ports for the krb5kdc daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If no port is specified, -the standard port (88) is used. To disable listening on TCP, set -this relation to the empty string with kdc_tcp_listen = "". -If the KDC daemon fails to bind to any of the specified addresses, -it will fail to start. The default is to bind to the wildcard -address on the standard port. New in release 1.15.

-
-
kdc_tcp_ports

(Whitespace- or comma-separated list, deprecated.) Prior to -release 1.15, this relation lists the ports for the -krb5kdc daemon to listen on for UDP requests. In -release 1.15 and later, it has the same meaning as -kdc_tcp_listen if that relation is not defined.

-
-
kpasswd_listen

(Comma-separated list.) Specifies the kpasswd listening addresses -and/or ports for the kadmind daemon. Each entry may be -an interface address, a port number, or an address and port number -separated by a colon. If the address contains colons, enclose it -in square brackets. If no address is specified, the wildcard -address is used. If kadmind fails to bind to any of the specified -addresses, it will fail to start. The default is to bind to the -wildcard address at the port specified in kpasswd_port, or the -standard kpasswd port (464). New in release 1.15.

-
-
kpasswd_port

(Port number.) Specifies the port on which the kadmind -daemon is to listen for password change requests for this realm. -Port numbers specified in kpasswd_listen entries will override -this port number. The assigned port for password change requests -is 464, which is used by default.

-
-
master_key_name

(String.) Specifies the name of the principal associated with the -master key. The default is K/M.

-
-
master_key_type

(Key type string.) Specifies the master key’s key type. The -default value for this is aes256-cts-hmac-sha1-96. For a list of all possible -values, see Encryption types.

-
-
max_life

(Time duration string.) Specifies the maximum time period for -which a ticket may be valid in this realm. The default value is -24 hours.

-
-
max_renewable_life

(Time duration string.) Specifies the maximum time period -during which a valid ticket may be renewed in this realm. -The default value is 0.

-
-
no_host_referral

(Whitespace- or comma-separated list.) Lists services to block -from getting host-based referral processing, even if the client -marks the server principal as host-based or the service is also -listed in host_based_services. no_host_referral = * will -disable referral processing altogether.

-
-
reject_bad_transit

(Boolean value.) If set to true, the KDC will check the list of -transited realms for cross-realm tickets against the transit path -computed from the realm names and the capaths section of its -krb5.conf file; if the path in the ticket to be issued -contains any realms not in the computed path, the ticket will not -be issued, and an error will be returned to the client instead. -If this value is set to false, such tickets will be issued -anyways, and it will be left up to the application server to -validate the realm transit path.

-

If the disable-transited-check flag is set in the incoming -request, this check is not performed at all. Having the -reject_bad_transit option will cause such ticket requests to -be rejected always.

-

This transit path checking and config file option currently apply -only to TGS requests.

-

The default value is true.

-
-
restrict_anonymous_to_tgt

(Boolean value.) If set to true, the KDC will reject ticket -requests from anonymous principals to service principals other -than the realm’s ticket-granting service. This option allows -anonymous PKINIT to be enabled for use as FAST armor tickets -without allowing anonymous authentication to services. The -default value is false. New in release 1.9.

-
-
spake_preauth_indicator

(String.) Specifies an authentication indicator value that the -KDC asserts into tickets obtained using SPAKE pre-authentication. -The default is not to add any indicators. This option may be -specified multiple times. New in release 1.17.

-
-
supported_enctypes

(List of key:salt strings.) Specifies the default key/salt -combinations of principals for this realm. Any principals created -through kadmin will have keys of these types. The -default value for this tag is aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal. For lists of -possible values, see Keysalt lists.

-
-
-
-
-

[dbdefaults]¶

-

The [dbdefaults] section specifies default values for some database -parameters, to be used if the [dbmodules] subsection does not contain -a relation for the tag. See the [dbmodules] section for the -definitions of these relations.

-
    -
  • ldap_kerberos_container_dn

  • -
  • ldap_kdc_dn

  • -
  • ldap_kdc_sasl_authcid

  • -
  • ldap_kdc_sasl_authzid

  • -
  • ldap_kdc_sasl_mech

  • -
  • ldap_kdc_sasl_realm

  • -
  • ldap_kadmind_dn

  • -
  • ldap_kadmind_sasl_authcid

  • -
  • ldap_kadmind_sasl_authzid

  • -
  • ldap_kadmind_sasl_mech

  • -
  • ldap_kadmind_sasl_realm

  • -
  • ldap_service_password_file

  • -
  • ldap_conns_per_server

  • -
-
-
-

[dbmodules]¶

-

The [dbmodules] section contains parameters used by the KDC database -library and database modules. Each tag in the [dbmodules] section is -the name of a Kerberos realm or a section name specified by a realm’s -database_module parameter. The following example shows how to -define one database parameter for the ATHENA.MIT.EDU realm:

-
[dbmodules]
-    ATHENA.MIT.EDU = {
-        disable_last_success = true
-    }
-
-
-

The following tags may be specified in a [dbmodules] subsection:

-
-
database_name

This DB2-specific tag indicates the location of the database in -the filesystem. The default is LOCALSTATEDIR/krb5kdc/principal.

-
-
db_library

This tag indicates the name of the loadable database module. The -value should be db2 for the DB2 module, klmdb for the LMDB -module, or kldap for the LDAP module.

-
-
disable_last_success

If set to true, suppresses KDC updates to the “Last successful -authentication†field of principal entries requiring -preauthentication. Setting this flag may improve performance. -(Principal entries which do not require preauthentication never -update the “Last successful authentication†field.). First -introduced in release 1.9.

-
-
disable_lockout

If set to true, suppresses KDC updates to the “Last failed -authentication†and “Failed password attempts†fields of principal -entries requiring preauthentication. Setting this flag may -improve performance, but also disables account lockout. First -introduced in release 1.9.

-
-
ldap_conns_per_server

This LDAP-specific tag indicates the number of connections to be -maintained per LDAP server.

-
-
ldap_kdc_dn and ldap_kadmind_dn

These LDAP-specific tags indicate the default DN for binding to -the LDAP server. The krb5kdc daemon uses -ldap_kdc_dn, while the kadmind daemon and other -administrative programs use ldap_kadmind_dn. The kadmind DN -must have the rights to read and write the Kerberos data in the -LDAP database. The KDC DN must have the same rights, unless -disable_lockout and disable_last_success are true, in -which case it only needs to have rights to read the Kerberos data. -These tags are ignored if a SASL mechanism is set with -ldap_kdc_sasl_mech or ldap_kadmind_sasl_mech.

-
-
ldap_kdc_sasl_mech and ldap_kadmind_sasl_mech

These LDAP-specific tags specify the SASL mechanism (such as -EXTERNAL) to use when binding to the LDAP server. New in -release 1.13.

-
-
ldap_kdc_sasl_authcid and ldap_kadmind_sasl_authcid

These LDAP-specific tags specify the SASL authentication identity -to use when binding to the LDAP server. Not all SASL mechanisms -require an authentication identity. If the SASL mechanism -requires a secret (such as the password for DIGEST-MD5), these -tags also determine the name within the -ldap_service_password_file where the secret is stashed. New -in release 1.13.

-
-
ldap_kdc_sasl_authzid and ldap_kadmind_sasl_authzid

These LDAP-specific tags specify the SASL authorization identity -to use when binding to the LDAP server. In most circumstances -they do not need to be specified. New in release 1.13.

-
-
ldap_kdc_sasl_realm and ldap_kadmind_sasl_realm

These LDAP-specific tags specify the SASL realm to use when -binding to the LDAP server. In most circumstances they do not -need to be set. New in release 1.13.

-
-
ldap_kerberos_container_dn

This LDAP-specific tag indicates the DN of the container object -where the realm objects will be located.

-
-
ldap_servers

This LDAP-specific tag indicates the list of LDAP servers that the -Kerberos servers can connect to. The list of LDAP servers is -whitespace-separated. The LDAP server is specified by a LDAP URI. -It is recommended to use ldapi: or ldaps: URLs to connect -to the LDAP server.

-
-
ldap_service_password_file

This LDAP-specific tag indicates the file containing the stashed -passwords (created by kdb5_ldap_util stashsrvpw) for the -ldap_kdc_dn and ldap_kadmind_dn objects, or for the -ldap_kdc_sasl_authcid or ldap_kadmind_sasl_authcid names -for SASL authentication. This file must be kept secure.

-
-
mapsize

This LMDB-specific tag indicates the maximum size of the two -database environments in megabytes. The default value is 128. -Increase this value to address “Environment mapsize limit reached†-errors. New in release 1.17.

-
-
max_readers

This LMDB-specific tag indicates the maximum number of concurrent -reading processes for the databases. The default value is 128. -New in release 1.17.

-
-
nosync

This LMDB-specific tag can be set to improve the throughput of -kadmind and other administrative agents, at the expense of -durability (recent database changes may not survive a power outage -or other sudden reboot). It does not affect the throughput of the -KDC. The default value is false. New in release 1.17.

-
-
unlockiter

If set to true, this DB2-specific tag causes iteration -operations to release the database lock while processing each -principal. Setting this flag to true can prevent extended -blocking of KDC or kadmin operations when dumps of large databases -are in progress. First introduced in release 1.13.

-
-
-

The following tag may be specified directly in the [dbmodules] -section to control where database modules are loaded from:

-
-
db_module_dir

This tag controls where the plugin system looks for database -modules. The value should be an absolute path.

-
-
-
-
-

[logging]¶

-

The [logging] section indicates how krb5kdc and -kadmind perform logging. It may contain the following -relations:

-
-
admin_server

Specifies how kadmind performs logging.

-
-
kdc

Specifies how krb5kdc performs logging.

-
-
default

Specifies how either daemon performs logging in the absence of -relations specific to the daemon.

-
-
debug

(Boolean value.) Specifies whether debugging messages are -included in log outputs other than SYSLOG. Debugging messages are -always included in the system log output because syslog performs -its own priority filtering. The default value is false. New in -release 1.15.

-
-
-

Logging specifications may have the following forms:

-
-
FILE=filename or FILE:filename

This value causes the daemon’s logging messages to go to the -filename. If the = form is used, the file is overwritten. -If the : form is used, the file is appended to.

-
-
STDERR

This value causes the daemon’s logging messages to go to its -standard error stream.

-
-
CONSOLE

This value causes the daemon’s logging messages to go to the -console, if the system supports it.

-
-
DEVICE=<devicename>

This causes the daemon’s logging messages to go to the specified -device.

-
-
SYSLOG[:severity[:facility]]

This causes the daemon’s logging messages to go to the system log.

-

For backward compatibility, a severity argument may be specified, -and must be specified in order to specify a facility. This -argument will be ignored.

-

The facility argument specifies the facility under which the -messages are logged. This may be any of the following facilities -supported by the syslog(3) call minus the LOG_ prefix: KERN, -USER, MAIL, DAEMON, AUTH, LPR, NEWS, -UUCP, CRON, and LOCAL0 through LOCAL7. If no -facility is specified, the default is AUTH.

-
-
-

In the following example, the logging messages from the KDC will go to -the console and to the system log under the facility LOG_DAEMON, and -the logging messages from the administrative server will be appended -to the file /var/adm/kadmin.log and sent to the device -/dev/tty04.

-
[logging]
-    kdc = CONSOLE
-    kdc = SYSLOG:INFO:DAEMON
-    admin_server = FILE:/var/adm/kadmin.log
-    admin_server = DEVICE=/dev/tty04
-
-
-

If no logging specification is given, the default is to use syslog. -To disable logging entirely, specify default = DEVICE=/dev/null.

-
-
-

[otp]¶

-

Each subsection of [otp] is the name of an OTP token type. The tags -within the subsection define the configuration required to forward a -One Time Password request to a RADIUS server.

-

For each token type, the following tags may be specified:

-
-
server

This is the server to send the RADIUS request to. It can be a -hostname with optional port, an ip address with optional port, or -a Unix domain socket address. The default is -LOCALSTATEDIR/krb5kdc/<name>.socket.

-
-
secret

This tag indicates a filename (which may be relative to LOCALSTATEDIR/krb5kdc) -containing the secret used to encrypt the RADIUS packets. The -secret should appear in the first line of the file by itself; -leading and trailing whitespace on the line will be removed. If -the value of server is a Unix domain socket address, this tag -is optional, and an empty secret will be used if it is not -specified. Otherwise, this tag is required.

-
-
timeout

An integer which specifies the time in seconds during which the -KDC should attempt to contact the RADIUS server. This tag is the -total time across all retries and should be less than the time -which an OTP value remains valid for. The default is 5 seconds.

-
-
retries

This tag specifies the number of retries to make to the RADIUS -server. The default is 3 retries (4 tries).

-
-
strip_realm

If this tag is true, the principal without the realm will be -passed to the RADIUS server. Otherwise, the realm will be -included. The default value is true.

-
-
indicator

This tag specifies an authentication indicator to be included in -the ticket if this token type is used to authenticate. This -option may be specified multiple times. (New in release 1.14.)

-
-
-

In the following example, requests are sent to a remote server via UDP:

-
[otp]
-    MyRemoteTokenType = {
-        server = radius.mydomain.com:1812
-        secret = SEmfiajf42$
-        timeout = 15
-        retries = 5
-        strip_realm = true
-    }
-
-
-

An implicit default token type named DEFAULT is defined for when -the per-principal configuration does not specify a token type. Its -configuration is shown below. You may override this token type to -something applicable for your situation:

-
[otp]
-    DEFAULT = {
-        strip_realm = false
-    }
-
-
-
-
-
-

PKINIT options¶

-
-

Note

-

The following are pkinit-specific options. These values may -be specified in [kdcdefaults] as global defaults, or within -a realm-specific subsection of [realms]. Also note that a -realm-specific value over-rides, does not add to, a generic -[kdcdefaults] specification. The search order is:

-
-
    -
  1. realm-specific subsection of [realms]:

    -
    [realms]
    -    EXAMPLE.COM = {
    -        pkinit_anchors = FILE:/usr/local/example.com.crt
    -    }
    -
    -
    -
  2. -
  3. generic value in the [kdcdefaults] section:

    -
    [kdcdefaults]
    -    pkinit_anchors = DIR:/usr/local/generic_trusted_cas/
    -
    -
    -
  4. -
-

For information about the syntax of some of these options, see -Specifying PKINIT identity information in -krb5.conf.

-
-
pkinit_anchors

Specifies the location of trusted anchor (root) certificates which -the KDC trusts to sign client certificates. This option is -required if pkinit is to be supported by the KDC. This option may -be specified multiple times.

-
-
pkinit_dh_min_bits

Specifies the minimum number of bits the KDC is willing to accept -for a client’s Diffie-Hellman key. The default is 2048.

-
-
pkinit_allow_upn

Specifies that the KDC is willing to accept client certificates -with the Microsoft UserPrincipalName (UPN) Subject Alternative -Name (SAN). This means the KDC accepts the binding of the UPN in -the certificate to the Kerberos principal name. The default value -is false.

-

Without this option, the KDC will only accept certificates with -the id-pkinit-san as defined in RFC 4556. There is currently -no option to disable SAN checking in the KDC.

-
-
pkinit_eku_checking

This option specifies what Extended Key Usage (EKU) values the KDC -is willing to accept in client certificates. The values -recognized in the kdc.conf file are:

-
-
kpClientAuth

This is the default value and specifies that client -certificates must have the id-pkinit-KPClientAuth EKU as -defined in RFC 4556.

-
-
scLogin

If scLogin is specified, client certificates with the -Microsoft Smart Card Login EKU (id-ms-kp-sc-logon) will be -accepted.

-
-
none

If none is specified, then client certificates will not be -checked to verify they have an acceptable EKU. The use of -this option is not recommended.

-
-
-
-
pkinit_identity

Specifies the location of the KDC’s X.509 identity information. -This option is required if pkinit is to be supported by the KDC.

-
-
pkinit_indicator

Specifies an authentication indicator to include in the ticket if -pkinit is used to authenticate. This option may be specified -multiple times. (New in release 1.14.)

-
-
pkinit_pool

Specifies the location of intermediate certificates which may be -used by the KDC to complete the trust chain between a client’s -certificate and a trusted anchor. This option may be specified -multiple times.

-
-
pkinit_revoke

Specifies the location of Certificate Revocation List (CRL) -information to be used by the KDC when verifying the validity of -client certificates. This option may be specified multiple times.

-
-
pkinit_require_crl_checking

The default certificate verification process will always check the -available revocation information to see if a certificate has been -revoked. If a match is found for the certificate in a CRL, -verification fails. If the certificate being verified is not -listed in a CRL, or there is no CRL present for its issuing CA, -and pkinit_require_crl_checking is false, then verification -succeeds.

-

However, if pkinit_require_crl_checking is true and there is -no CRL information available for the issuing CA, then verification -fails.

-

pkinit_require_crl_checking should be set to true if the -policy is such that up-to-date CRLs must be present for every CA.

-
-
pkinit_require_freshness

Specifies whether to require clients to include a freshness token -in PKINIT requests. The default value is false. (New in release -1.17.)

-
-
-
-
-

Encryption types¶

-

Any tag in the configuration files which requires a list of encryption -types can be set to some combination of the following strings. -Encryption types marked as “weak†and “deprecated†are available for -compatibility but not recommended for use.

- ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

des3-cbc-raw

Triple DES cbc mode raw (weak)

des3-cbc-sha1 des3-hmac-sha1 des3-cbc-sha1-kd

Triple DES cbc mode with HMAC/sha1 (deprecated)

aes256-cts-hmac-sha1-96 aes256-cts aes256-sha1

AES-256 CTS mode with 96-bit SHA-1 HMAC

aes128-cts-hmac-sha1-96 aes128-cts aes128-sha1

AES-128 CTS mode with 96-bit SHA-1 HMAC

aes256-cts-hmac-sha384-192 aes256-sha2

AES-256 CTS mode with 192-bit SHA-384 HMAC

aes128-cts-hmac-sha256-128 aes128-sha2

AES-128 CTS mode with 128-bit SHA-256 HMAC

arcfour-hmac rc4-hmac arcfour-hmac-md5

RC4 with HMAC/MD5 (deprecated)

arcfour-hmac-exp rc4-hmac-exp arcfour-hmac-md5-exp

Exportable RC4 with HMAC/MD5 (weak)

camellia256-cts-cmac camellia256-cts

Camellia-256 CTS mode with CMAC

camellia128-cts-cmac camellia128-cts

Camellia-128 CTS mode with CMAC

des3

The triple DES family: des3-cbc-sha1

aes

The AES family: aes256-cts-hmac-sha1-96, aes128-cts-hmac-sha1-96, aes256-cts-hmac-sha384-192, and aes128-cts-hmac-sha256-128

rc4

The RC4 family: arcfour-hmac

camellia

The Camellia family: camellia256-cts-cmac and camellia128-cts-cmac

-

The string DEFAULT can be used to refer to the default set of -types for the variable in question. Types or families can be removed -from the current list by prefixing them with a minus sign (“-“). -Types or families can be prefixed with a plus sign (“+â€) for symmetry; -it has the same meaning as just listing the type or family. For -example, “DEFAULT -rc4†would be the default set of encryption -types with RC4 types removed, and “des3 DEFAULT†would be the -default set of encryption types with triple DES types moved to the -front.

-

While aes128-cts and aes256-cts are supported for all Kerberos -operations, they are not supported by very old versions of our GSSAPI -implementation (krb5-1.3.1 and earlier). Services running versions of -krb5 without AES support must not be given keys of these encryption -types in the KDC database.

-

The aes128-sha2 and aes256-sha2 encryption types are new in -release 1.15. Services running versions of krb5 without support for -these newer encryption types must not be given keys of these -encryption types in the KDC database.

-
-
-

Keysalt lists¶

-

Kerberos keys for users are usually derived from passwords. Kerberos -commands and configuration parameters that affect generation of keys -take lists of enctype-salttype (“keysaltâ€) pairs, known as keysalt -lists. Each keysalt pair is an enctype name followed by a salttype -name, in the format enc:salt. Individual keysalt list members are -separated by comma (“,â€) characters or space characters. For example:

-
kadmin -e aes256-cts:normal,aes128-cts:normal
-
-
-

would start up kadmin so that by default it would generate -password-derived keys for the aes256-cts and aes128-cts -encryption types, using a normal salt.

-

To ensure that people who happen to pick the same password do not have -the same key, Kerberos 5 incorporates more information into the key -using something called a salt. The supported salt types are as -follows:

- ---- - - - - - - - - - - - - - - -

normal

default for Kerberos Version 5

norealm

same as the default, without using realm information

onlyrealm

uses only realm information as the salt

special

generate a random salt

-
-
-

Sample kdc.conf File¶

-

Here’s an example of a kdc.conf file:

-
[kdcdefaults]
-    kdc_listen = 88
-    kdc_tcp_listen = 88
-[realms]
-    ATHENA.MIT.EDU = {
-        kadmind_port = 749
-        max_life = 12h 0m 0s
-        max_renewable_life = 7d 0h 0m 0s
-        master_key_type = aes256-cts-hmac-sha1-96
-        supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal
-        database_module = openldap_ldapconf
-    }
-
-[logging]
-    kdc = FILE:/usr/local/var/krb5kdc/kdc.log
-    admin_server = FILE:/usr/local/var/krb5kdc/kadmin.log
-
-[dbdefaults]
-    ldap_kerberos_container_dn = cn=krbcontainer,dc=mit,dc=edu
-
-[dbmodules]
-    openldap_ldapconf = {
-        db_library = kldap
-        disable_last_success = true
-        ldap_kdc_dn = "cn=krbadmin,dc=mit,dc=edu"
-            # this object needs to have read rights on
-            # the realm container and principal subtrees
-        ldap_kadmind_dn = "cn=krbadmin,dc=mit,dc=edu"
-            # this object needs to have read and write rights on
-            # the realm container and principal subtrees
-        ldap_service_password_file = /etc/kerberos/service.keyfile
-        ldap_servers = ldaps://kerberos.mit.edu
-        ldap_conns_per_server = 5
-    }
-
-
-
-
-

FILES¶

-

LOCALSTATEDIR/krb5kdc/kdc.conf

-
-
-

SEE ALSO¶

-

krb5.conf, krb5kdc, kadm5.acl

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/conf_files/krb5_conf.html b/krb5-1.21.3/doc/html/admin/conf_files/krb5_conf.html deleted file mode 100644 index 7c922675..00000000 --- a/krb5-1.21.3/doc/html/admin/conf_files/krb5_conf.html +++ /dev/null @@ -1,1340 +0,0 @@ - - - - - - - - - krb5.conf — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5.conf¶

-

The krb5.conf file contains Kerberos configuration information, -including the locations of KDCs and admin servers for the Kerberos -realms of interest, defaults for the current realm and for Kerberos -applications, and mappings of hostnames onto Kerberos realms. -Normally, you should install your krb5.conf file in the directory -/etc. You can override the default location by setting the -environment variable KRB5_CONFIG. Multiple colon-separated -filenames may be specified in KRB5_CONFIG; all files which are -present will be read. Starting in release 1.14, directory names can -also be specified in KRB5_CONFIG; all files within the directory -whose names consist solely of alphanumeric characters, dashes, or -underscores will be read.

-
-

Structure¶

-

The krb5.conf file is set up in the style of a Windows INI file. -Lines beginning with ‘#’ or ‘;’ (possibly after initial whitespace) -are ignored as comments. Sections are headed by the section name, in -square brackets. Each section may contain zero or more relations, of -the form:

-
foo = bar
-
-
-

or:

-
fubar = {
-    foo = bar
-    baz = quux
-}
-
-
-

Placing a ‘*’ after the closing bracket of a section name indicates -that the section is final, meaning that if the same section appears -within a later file specified in KRB5_CONFIG, it will be ignored. -A subsection can be marked as final by placing a ‘*’ after either the -tag name or the closing brace.

-

The krb5.conf file can include other files using either of the -following directives at the beginning of a line:

-
include FILENAME
-includedir DIRNAME
-
-
-

FILENAME or DIRNAME should be an absolute path. The named file or -directory must exist and be readable. Including a directory includes -all files within the directory whose names consist solely of -alphanumeric characters, dashes, or underscores. Starting in release -1.15, files with names ending in “.conf†are also included, unless the -name begins with “.â€. Included profile files are syntactically -independent of their parents, so each included file must begin with a -section header. Starting in release 1.17, files are read in -alphanumeric order; in previous releases, they may be read in any -order.

-

The krb5.conf file can specify that configuration should be obtained -from a loadable module, rather than the file itself, using the -following directive at the beginning of a line before any section -headers:

-
module MODULEPATH:RESIDUAL
-
-
-

MODULEPATH may be relative to the library path of the krb5 -installation, or it may be an absolute path. RESIDUAL is provided -to the module at initialization time. If krb5.conf uses a module -directive, kdc.conf should also use one if it exists.

-
-
-

Sections¶

-

The krb5.conf file may contain the following sections:

- ---- - - - - - - - - - - - - - - - - - - - - -

[libdefaults]

Settings used by the Kerberos V5 library

[realms]

Realm-specific contact information and settings

[domain_realm]

Maps server hostnames to Kerberos realms

[capaths]

Authentication paths for non-hierarchical cross-realm

[appdefaults]

Settings used by some Kerberos V5 applications

[plugins]

Controls plugin module registration

-

Additionally, krb5.conf may include any of the relations described in -kdc.conf, but it is not a recommended practice.

-
-

[libdefaults]¶

-

The libdefaults section may contain any of the following relations:

-
-
allow_des3

Permit the KDC to issue tickets with des3-cbc-sha1 session keys. -In future releases, this flag will allow des3-cbc-sha1 to be used -at all. The default value for this tag is false. (Added in -release 1.21.)

-
-
allow_rc4

Permit the KDC to issue tickets with arcfour-hmac session keys. -In future releases, this flag will allow arcfour-hmac to be used -at all. The default value for this tag is false. (Added in -release 1.21.)

-
-
allow_weak_crypto

If this flag is set to false, then weak encryption types (as noted -in Encryption types in kdc.conf) will be filtered -out of the lists default_tgs_enctypes, -default_tkt_enctypes, and permitted_enctypes. The default -value for this tag is false.

-
-
canonicalize

If this flag is set to true, initial ticket requests to the KDC -will request canonicalization of the client principal name, and -answers with different client principals than the requested -principal will be accepted. The default value is false.

-
-
ccache_type

This parameter determines the format of credential cache types -created by kinit or other programs. The default value -is 4, which represents the most current format. Smaller values -can be used for compatibility with very old implementations of -Kerberos which interact with credential caches on the same host.

-
-
clockskew

Sets the maximum allowable amount of clockskew in seconds that the -library will tolerate before assuming that a Kerberos message is -invalid. The default value is 300 seconds, or five minutes.

-

The clockskew setting is also used when evaluating ticket start -and expiration times. For example, tickets that have reached -their expiration time can still be used (and renewed if they are -renewable tickets) if they have been expired for a shorter -duration than the clockskew setting.

-
-
default_ccache_name

This relation specifies the name of the default credential cache. -The default is DEFCCNAME. This relation is subject to parameter -expansion (see below). New in release 1.11.

-
-
default_client_keytab_name

This relation specifies the name of the default keytab for -obtaining client credentials. The default is DEFCKTNAME. This -relation is subject to parameter expansion (see below). -New in release 1.11.

-
-
default_keytab_name

This relation specifies the default keytab name to be used by -application servers such as sshd. The default is DEFKTNAME. This -relation is subject to parameter expansion (see below).

-
-
default_rcache_name

This relation specifies the name of the default replay cache. -The default is dfl:. This relation is subject to parameter -expansion (see below). New in release 1.18.

-
-
default_realm

Identifies the default Kerberos realm for the client. Set its -value to your Kerberos realm. If this value is not set, then a -realm must be specified with every Kerberos principal when -invoking programs such as kinit.

-
-
default_tgs_enctypes

Identifies the supported list of session key encryption types that -the client should request when making a TGS-REQ, in order of -preference from highest to lowest. The list may be delimited with -commas or whitespace. See Encryption types in -kdc.conf for a list of the accepted values for this tag. -Starting in release 1.18, the default value is the value of -permitted_enctypes. For previous releases or if -permitted_enctypes is not set, the default value is -aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac.

-

Do not set this unless required for specific backward -compatibility purposes; stale values of this setting can prevent -clients from taking advantage of new stronger enctypes when the -libraries are upgraded.

-
-
default_tkt_enctypes

Identifies the supported list of session key encryption types that -the client should request when making an AS-REQ, in order of -preference from highest to lowest. The format is the same as for -default_tgs_enctypes. Starting in release 1.18, the default -value is the value of permitted_enctypes. For previous -releases or if permitted_enctypes is not set, the default -value is aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac.

-

Do not set this unless required for specific backward -compatibility purposes; stale values of this setting can prevent -clients from taking advantage of new stronger enctypes when the -libraries are upgraded.

-
-
dns_canonicalize_hostname

Indicate whether name lookups will be used to canonicalize -hostnames for use in service principal names. Setting this flag -to false can improve security by reducing reliance on DNS, but -means that short hostnames will not be canonicalized to -fully-qualified hostnames. If this option is set to fallback (new -in release 1.18), DNS canonicalization will only be performed the -server hostname is not found with the original name when -requesting credentials. The default value is true.

-
-
dns_lookup_kdc

Indicate whether DNS SRV records should be used to locate the KDCs -and other servers for a realm, if they are not listed in the -krb5.conf information for the realm. (Note that the admin_server -entry must be in the krb5.conf realm information in order to -contact kadmind, because the DNS implementation for kadmin is -incomplete.)

-

Enabling this option does open up a type of denial-of-service -attack, if someone spoofs the DNS records and redirects you to -another server. However, it’s no worse than a denial of service, -because that fake KDC will be unable to decode anything you send -it (besides the initial ticket request, which has no encrypted -data), and anything the fake KDC sends will not be trusted without -verification using some secret that it won’t know.

-
-
dns_uri_lookup

Indicate whether DNS URI records should be used to locate the KDCs -and other servers for a realm, if they are not listed in the -krb5.conf information for the realm. SRV records are used as a -fallback if no URI records were found. The default value is true. -New in release 1.15.

-
-
enforce_ok_as_delegate

If this flag to true, GSSAPI credential delegation will be -disabled when the ok-as-delegate flag is not set in the -service ticket. If this flag is false, the ok-as-delegate -ticket flag is only enforced when an application specifically -requests enforcement. The default value is false.

-
-
err_fmt

This relation allows for custom error message formatting. If a -value is set, error messages will be formatted by substituting a -normal error message for %M and an error code for %C in the value.

-
-
extra_addresses

This allows a computer to use multiple local addresses, in order -to allow Kerberos to work in a network that uses NATs while still -using address-restricted tickets. The addresses should be in a -comma-separated list. This option has no effect if -noaddresses is true.

-
-
forwardable

If this flag is true, initial tickets will be forwardable by -default, if allowed by the KDC. The default value is false.

-
-
ignore_acceptor_hostname

When accepting GSSAPI or krb5 security contexts for host-based -service principals, ignore any hostname passed by the calling -application, and allow clients to authenticate to any service -principal in the keytab matching the service name and realm name -(if given). This option can improve the administrative -flexibility of server applications on multihomed hosts, but could -compromise the security of virtual hosting environments. The -default value is false. New in release 1.10.

-
-
k5login_authoritative

If this flag is true, principals must be listed in a local user’s -k5login file to be granted login access, if a .k5login -file exists. If this flag is false, a principal may still be -granted login access through other mechanisms even if a k5login -file exists but does not list the principal. The default value is -true.

-
-
k5login_directory

If set, the library will look for a local user’s k5login file -within the named directory, with a filename corresponding to the -local username. If not set, the library will look for k5login -files in the user’s home directory, with the filename .k5login. -For security reasons, .k5login files must be owned by -the local user or by root.

-
-
kcm_mach_service

On macOS only, determines the name of the bootstrap service used to -contact the KCM daemon for the KCM credential cache type. If the -value is -, Mach RPC will not be used to contact the KCM -daemon. The default value is org.h5l.kcm.

-
-
kcm_socket

Determines the path to the Unix domain socket used to access the -KCM daemon for the KCM credential cache type. If the value is --, Unix domain sockets will not be used to contact the KCM -daemon. The default value is -/var/run/.heim_org.h5l.kcm-socket.

-
-
kdc_default_options

Default KDC options (Xored for multiple values) when requesting -initial tickets. By default it is set to 0x00000010 -(KDC_OPT_RENEWABLE_OK).

-
-
kdc_timesync

Accepted values for this relation are 1 or 0. If it is nonzero, -client machines will compute the difference between their time and -the time returned by the KDC in the timestamps in the tickets and -use this value to correct for an inaccurate system clock when -requesting service tickets or authenticating to services. This -corrective factor is only used by the Kerberos library; it is not -used to change the system clock. The default value is 1.

-
-
noaddresses

If this flag is true, requests for initial tickets will not be -made with address restrictions set, allowing the tickets to be -used across NATs. The default value is true.

-
-
permitted_enctypes

Identifies the encryption types that servers will permit for -session keys and for ticket and authenticator encryption, ordered -by preference from highest to lowest. Starting in release 1.18, -this tag also acts as the default value for -default_tgs_enctypes and default_tkt_enctypes. The -default value for this tag is aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac.

-
-
plugin_base_dir

If set, determines the base directory where krb5 plugins are -located. The default value is the krb5/plugins subdirectory -of the krb5 library directory. This relation is subject to -parameter expansion (see below) in release 1.17 and later.

-
-
preferred_preauth_types

This allows you to set the preferred preauthentication types which -the client will attempt before others which may be advertised by a -KDC. The default value for this setting is “17, 16, 15, 14â€, -which forces libkrb5 to attempt to use PKINIT if it is supported.

-
-
proxiable

If this flag is true, initial tickets will be proxiable by -default, if allowed by the KDC. The default value is false.

-
-
qualify_shortname

If this string is set, it determines the domain suffix for -single-component hostnames when DNS canonicalization is not used -(either because dns_canonicalize_hostname is false or because -forward canonicalization failed). The default value is the first -search domain of the system’s DNS configuration. To disable -qualification of shortnames, set this relation to the empty string -with qualify_shortname = "". (New in release 1.18.)

-
-
rdns

If this flag is true, reverse name lookup will be used in addition -to forward name lookup to canonicalizing hostnames for use in -service principal names. If dns_canonicalize_hostname is set -to false, this flag has no effect. The default value is true.

-
-
realm_try_domains

Indicate whether a host’s domain components should be used to -determine the Kerberos realm of the host. The value of this -variable is an integer: -1 means not to search, 0 means to try the -host’s domain itself, 1 means to also try the domain’s immediate -parent, and so forth. The library’s usual mechanism for locating -Kerberos realms is used to determine whether a domain is a valid -realm, which may involve consulting DNS if dns_lookup_kdc is -set. The default is not to search domain components.

-
-
renew_lifetime

(Time duration string.) Sets the default renewable lifetime -for initial ticket requests. The default value is 0.

-
-
spake_preauth_groups

A whitespace or comma-separated list of words which specifies the -groups allowed for SPAKE preauthentication. The possible values -are:

- ---- - - - - - - - - - - - - - - -

edwards25519

Edwards25519 curve (RFC 7748)

P-256

NIST P-256 curve (RFC 5480)

P-384

NIST P-384 curve (RFC 5480)

P-521

NIST P-521 curve (RFC 5480)

-

The default value for the client is edwards25519. The default -value for the KDC is empty. New in release 1.17.

-
-
ticket_lifetime

(Time duration string.) Sets the default lifetime for initial -ticket requests. The default value is 1 day.

-
-
udp_preference_limit

When sending a message to the KDC, the library will try using TCP -before UDP if the size of the message is above -udp_preference_limit. If the message is smaller than -udp_preference_limit, then UDP will be tried before TCP. -Regardless of the size, both protocols will be tried if the first -attempt fails.

-
-
verify_ap_req_nofail

If this flag is true, then an attempt to verify initial -credentials will fail if the client machine does not have a -keytab. The default value is false.

-
-
client_aware_channel_bindings

If this flag is true, then all application protocol authentication -requests will be flagged to indicate that the application supports -channel bindings when operating over a secure channel. The -default value is false.

-
-
-
-
-

[realms]¶

-

Each tag in the [realms] section of the file is the name of a Kerberos -realm. The value of the tag is a subsection with relations that -define the properties of that particular realm. For each realm, the -following tags may be specified in the realm’s subsection:

-
-
admin_server

Identifies the host where the administration server is running. -Typically, this is the primary Kerberos server. This tag must be -given a value in order to communicate with the kadmind -server for the realm.

-
-
auth_to_local

This tag allows you to set a general rule for mapping principal -names to local user names. It will be used if there is not an -explicit mapping for the principal name that is being -translated. The possible values are:

-
-
RULE:exp

The local name will be formulated from exp.

-

The format for exp is [n:string](regexp)s/pattern/replacement/g. -The integer n indicates how many components the target -principal should have. If this matches, then a string will be -formed from string, substituting the realm of the principal -for $0 and the n’th component of the principal for -$n (e.g., if the principal was johndoe/admin then -[2:$2$1foo] would result in the string -adminjohndoefoo). If this string matches regexp, then -the s//[g] substitution command will be run over the -string. The optional g will cause the substitution to be -global over the string, instead of replacing only the first -match in the string.

-
-
DEFAULT

The principal name will be used as the local user name. If -the principal has more than one component or is not in the -default realm, this rule is not applicable and the conversion -will fail.

-
-
-

For example:

-
[realms]
-    ATHENA.MIT.EDU = {
-        auth_to_local = RULE:[2:$1](johndoe)s/^.*$/guest/
-        auth_to_local = RULE:[2:$1;$2](^.*;admin$)s/;admin$//
-        auth_to_local = RULE:[2:$2](^.*;root)s/^.*$/root/
-        auth_to_local = DEFAULT
-    }
-
-
-

would result in any principal without root or admin as the -second component to be translated with the default rule. A -principal with a second component of admin will become its -first component. root will be used as the local name for any -principal with a second component of root. The exception to -these two rules are any principals johndoe/*, which will -always get the local name guest.

-
-
auth_to_local_names

This subsection allows you to set explicit mappings from principal -names to local user names. The tag is the mapping name, and the -value is the corresponding local user name.

-
-
default_domain

This tag specifies the domain used to expand hostnames when -translating Kerberos 4 service principals to Kerberos 5 principals -(for example, when converting rcmd.hostname to -host/hostname.domain).

-
-
disable_encrypted_timestamp

If this flag is true, the client will not perform encrypted -timestamp preauthentication if requested by the KDC. Setting this -flag can help to prevent dictionary attacks by active attackers, -if the realm’s KDCs support SPAKE preauthentication or if initial -authentication always uses another mechanism or always uses FAST. -This flag persists across client referrals during initial -authentication. This flag does not prevent the KDC from offering -encrypted timestamp. New in release 1.17.

-
-
http_anchors

When KDCs and kpasswd servers are accessed through HTTPS proxies, this tag -can be used to specify the location of the CA certificate which should be -trusted to issue the certificate for a proxy server. If left unspecified, -the system-wide default set of CA certificates is used.

-

The syntax for values is similar to that of values for the -pkinit_anchors tag:

-

FILE: filename

-

filename is assumed to be the name of an OpenSSL-style ca-bundle file.

-

DIR: dirname

-

dirname is assumed to be an directory which contains CA certificates. -All files in the directory will be examined; if they contain certificates -(in PEM format), they will be used.

-

ENV: envvar

-

envvar specifies the name of an environment variable which has been set -to a value conforming to one of the previous values. For example, -ENV:X509_PROXY_CA, where environment variable X509_PROXY_CA has -been set to FILE:/tmp/my_proxy.pem.

-
-
kdc

The name or address of a host running a KDC for that realm. An -optional port number, separated from the hostname by a colon, may -be included. If the name or address contains colons (for example, -if it is an IPv6 address), enclose it in square brackets to -distinguish the colon from a port separator. For your computer to -be able to communicate with the KDC for each realm, this tag must -be given a value in each realm subsection in the configuration -file, or there must be DNS SRV records specifying the KDCs.

-
-
kpasswd_server

Points to the server where all the password changes are performed. -If there is no such entry, DNS will be queried (unless forbidden -by dns_lookup_kdc). Finally, port 464 on the admin_server -host will be tried.

-
-
master_kdc

The name for primary_kdc prior to release 1.19. Its value is -used as a fallback if primary_kdc is not specified.

-
-
primary_kdc

Identifies the primary KDC(s). Currently, this tag is used in only -one case: If an attempt to get credentials fails because of an -invalid password, the client software will attempt to contact the -primary KDC, in case the user’s password has just been changed, and -the updated database has not been propagated to the replica -servers yet. New in release 1.19.

-
-
v4_instance_convert

This subsection allows the administrator to configure exceptions -to the default_domain mapping rule. It contains V4 instances -(the tag name) which should be translated to some specific -hostname (the tag value) as the second component in a Kerberos V5 -principal name.

-
-
v4_realm

This relation is used by the krb524 library routines when -converting a V5 principal name to a V4 principal name. It is used -when the V4 realm name and the V5 realm name are not the same, but -still share the same principal names and passwords. The tag value -is the Kerberos V4 realm name.

-
-
-
-
-

[domain_realm]¶

-

The [domain_realm] section provides a translation from hostnames to -Kerberos realms. Each tag is a domain name, providing the mapping for -that domain and all subdomains. If the tag begins with a period -(.) then it applies only to subdomains. The Kerberos realm may be -identified either in the realms section or using DNS SRV records. -Tag names should be in lower case. For example:

-
[domain_realm]
-    crash.mit.edu = TEST.ATHENA.MIT.EDU
-    .dev.mit.edu = TEST.ATHENA.MIT.EDU
-    mit.edu = ATHENA.MIT.EDU
-
-
-

maps the host with the name crash.mit.edu into the -TEST.ATHENA.MIT.EDU realm. The second entry maps all hosts under the -domain dev.mit.edu into the TEST.ATHENA.MIT.EDU realm, but not -the host with the name dev.mit.edu. That host is matched -by the third entry, which maps the host mit.edu and all hosts -under the domain mit.edu that do not match a preceding rule -into the realm ATHENA.MIT.EDU.

-

If no translation entry applies to a hostname used for a service -principal for a service ticket request, the library will try to get a -referral to the appropriate realm from the client realm’s KDC. If -that does not succeed, the host’s realm is considered to be the -hostname’s domain portion converted to uppercase, unless the -realm_try_domains setting in [libdefaults] causes a different -parent domain to be used.

-
-
-

[capaths]¶

-

In order to perform direct (non-hierarchical) cross-realm -authentication, configuration is needed to determine the -authentication paths between realms.

-

A client will use this section to find the authentication path between -its realm and the realm of the server. The server will use this -section to verify the authentication path used by the client, by -checking the transited field of the received ticket.

-

There is a tag for each participating client realm, and each tag has -subtags for each of the server realms. The value of the subtags is an -intermediate realm which may participate in the cross-realm -authentication. The subtags may be repeated if there is more then one -intermediate realm. A value of “.†means that the two realms share -keys directly, and no intermediate realms should be allowed to -participate.

-

Only those entries which will be needed on the client or the server -need to be present. A client needs a tag for its local realm with -subtags for all the realms of servers it will need to authenticate to. -A server needs a tag for each realm of the clients it will serve, with -a subtag of the server realm.

-

For example, ANL.GOV, PNL.GOV, and NERSC.GOV all wish to -use the ES.NET realm as an intermediate realm. ANL has a sub -realm of TEST.ANL.GOV which will authenticate with NERSC.GOV -but not PNL.GOV. The [capaths] section for ANL.GOV systems -would look like this:

-
[capaths]
-    ANL.GOV = {
-        TEST.ANL.GOV = .
-        PNL.GOV = ES.NET
-        NERSC.GOV = ES.NET
-        ES.NET = .
-    }
-    TEST.ANL.GOV = {
-        ANL.GOV = .
-    }
-    PNL.GOV = {
-        ANL.GOV = ES.NET
-    }
-    NERSC.GOV = {
-        ANL.GOV = ES.NET
-    }
-    ES.NET = {
-        ANL.GOV = .
-    }
-
-
-

The [capaths] section of the configuration file used on NERSC.GOV -systems would look like this:

-
[capaths]
-    NERSC.GOV = {
-        ANL.GOV = ES.NET
-        TEST.ANL.GOV = ES.NET
-        TEST.ANL.GOV = ANL.GOV
-        PNL.GOV = ES.NET
-        ES.NET = .
-    }
-    ANL.GOV = {
-        NERSC.GOV = ES.NET
-    }
-    PNL.GOV = {
-        NERSC.GOV = ES.NET
-    }
-    ES.NET = {
-        NERSC.GOV = .
-    }
-    TEST.ANL.GOV = {
-        NERSC.GOV = ANL.GOV
-        NERSC.GOV = ES.NET
-    }
-
-
-

When a subtag is used more than once within a tag, clients will use -the order of values to determine the path. The order of values is not -important to servers.

-
-
-

[appdefaults]¶

-

Each tag in the [appdefaults] section names a Kerberos V5 application -or an option that is used by some Kerberos V5 application[s]. The -value of the tag defines the default behaviors for that application.

-

For example:

-
[appdefaults]
-    telnet = {
-        ATHENA.MIT.EDU = {
-            option1 = false
-        }
-    }
-    telnet = {
-        option1 = true
-        option2 = true
-    }
-    ATHENA.MIT.EDU = {
-        option2 = false
-    }
-    option2 = true
-
-
-

The above four ways of specifying the value of an option are shown in -order of decreasing precedence. In this example, if telnet is running -in the realm EXAMPLE.COM, it should, by default, have option1 and -option2 set to true. However, a telnet program in the realm -ATHENA.MIT.EDU should have option1 set to false and -option2 set to true. Any other programs in ATHENA.MIT.EDU should -have option2 set to false by default. Any programs running in -other realms should have option2 set to true.

-

The list of specifiable options for each application may be found in -that application’s man pages. The application defaults specified here -are overridden by those specified in the realms section.

-
-
-

[plugins]¶

-
-
-
-

Tags in the [plugins] section can be used to register dynamic plugin -modules and to turn modules on and off. Not every krb5 pluggable -interface uses the [plugins] section; the ones that do are documented -here.

-

New in release 1.9.

-

Each pluggable interface corresponds to a subsection of [plugins]. -All subsections support the same tags:

-
-
disable

This tag may have multiple values. If there are values for this -tag, then the named modules will be disabled for the pluggable -interface.

-
-
enable_only

This tag may have multiple values. If there are values for this -tag, then only the named modules will be enabled for the pluggable -interface.

-
-
module

This tag may have multiple values. Each value is a string of the -form modulename:pathname, which causes the shared object -located at pathname to be registered as a dynamic module named -modulename for the pluggable interface. If pathname is not an -absolute path, it will be treated as relative to the -plugin_base_dir value from [libdefaults].

-
-
-

For pluggable interfaces where module order matters, modules -registered with a module tag normally come first, in the order -they are registered, followed by built-in modules in the order they -are documented below. If enable_only tags are used, then the -order of those tags overrides the normal module order.

-

The following subsections are currently supported within the [plugins] -section:

-
-

ccselect interface¶

-

The ccselect subsection controls modules for credential cache -selection within a cache collection. In addition to any registered -dynamic modules, the following built-in modules exist (and may be -disabled with the disable tag):

-
-
k5identity

Uses a .k5identity file in the user’s home directory to select a -client principal

-
-
realm

Uses the service realm to guess an appropriate cache from the -collection

-
-
hostname

If the service principal is host-based, uses the service hostname -to guess an appropriate cache from the collection

-
-
-
-
-

pwqual interface¶

-

The pwqual subsection controls modules for the password quality -interface, which is used to reject weak passwords when passwords are -changed. The following built-in modules exist for this interface:

-
-
dict

Checks against the realm dictionary file

-
-
empty

Rejects empty passwords

-
-
hesiod

Checks against user information stored in Hesiod (only if Kerberos -was built with Hesiod support)

-
-
princ

Checks against components of the principal name

-
-
-
-
-

kadm5_hook interface¶

-

The kadm5_hook interface provides plugins with information on -principal creation, modification, password changes and deletion. This -interface can be used to write a plugin to synchronize MIT Kerberos -with another database such as Active Directory. No plugins are built -in for this interface.

-
-
-

kadm5_auth interface¶

-

The kadm5_auth section (introduced in release 1.16) controls modules -for the kadmin authorization interface, which determines whether a -client principal is allowed to perform a kadmin operation. The -following built-in modules exist for this interface:

-
-
acl

This module reads the kadm5.acl file, and authorizes -operations which are allowed according to the rules in the file.

-
-
self

This module authorizes self-service operations including password -changes, creation of new random keys, fetching the client’s -principal record or string attributes, and fetching the policy -record associated with the client principal.

-
-
-
-
-

clpreauth and kdcpreauth interfaces¶

-

The clpreauth and kdcpreauth interfaces allow plugin modules to -provide client and KDC preauthentication mechanisms. The following -built-in modules exist for these interfaces:

-
-
pkinit

This module implements the PKINIT preauthentication mechanism.

-
-
encrypted_challenge

This module implements the encrypted challenge FAST factor.

-
-
encrypted_timestamp

This module implements the encrypted timestamp mechanism.

-
-
-
-
-

hostrealm interface¶

-

The hostrealm section (introduced in release 1.12) controls modules -for the host-to-realm interface, which affects the local mapping of -hostnames to realm names and the choice of default realm. The following -built-in modules exist for this interface:

-
-
profile

This module consults the [domain_realm] section of the profile for -authoritative host-to-realm mappings, and the default_realm -variable for the default realm.

-
-
dns

This module looks for DNS records for fallback host-to-realm -mappings and the default realm. It only operates if the -dns_lookup_realm variable is set to true.

-
-
domain

This module applies heuristics for fallback host-to-realm -mappings. It implements the realm_try_domains variable, and -uses the uppercased parent domain of the hostname if that does not -produce a result.

-
-
-
-
-

localauth interface¶

-

The localauth section (introduced in release 1.12) controls modules -for the local authorization interface, which affects the relationship -between Kerberos principals and local system accounts. The following -built-in modules exist for this interface:

-
-
default

This module implements the DEFAULT type for auth_to_local -values.

-
-
rule

This module implements the RULE type for auth_to_local -values.

-
-
names

This module looks for an auth_to_local_names mapping for the -principal name.

-
-
auth_to_local

This module processes auth_to_local values in the default -realm’s section, and applies the default method if no -auth_to_local values exist.

-
-
k5login

This module authorizes a principal to a local account according to -the account’s .k5login file.

-
-
an2ln

This module authorizes a principal to a local account if the -principal name maps to the local account name.

-
-
-
-
-

certauth interface¶

-

The certauth section (introduced in release 1.16) controls modules for -the certificate authorization interface, which determines whether a -certificate is allowed to preauthenticate a user via PKINIT. The -following built-in modules exist for this interface:

-
-
pkinit_san

This module authorizes the certificate if it contains a PKINIT -Subject Alternative Name for the requested client principal, or a -Microsoft UPN SAN matching the principal if pkinit_allow_upn -is set to true for the realm.

-
-
pkinit_eku

This module rejects the certificate if it does not contain an -Extended Key Usage attribute consistent with the -pkinit_eku_checking value for the realm.

-
-
dbmatch

This module authorizes or rejects the certificate according to -whether it matches the pkinit_cert_match string attribute on -the client principal, if that attribute is present.

-
-
-
-
-
-
-

PKINIT options¶

-
-

Note

-

The following are PKINIT-specific options. These values may -be specified in [libdefaults] as global defaults, or within -a realm-specific subsection of [libdefaults], or may be -specified as realm-specific values in the [realms] section. -A realm-specific value overrides, not adds to, a generic -[libdefaults] specification. The search order is:

-
-
    -
  1. realm-specific subsection of [libdefaults]:

    -
    [libdefaults]
    -    EXAMPLE.COM = {
    -        pkinit_anchors = FILE:/usr/local/example.com.crt
    -    }
    -
    -
    -
  2. -
  3. realm-specific value in the [realms] section:

    -
    [realms]
    -    OTHERREALM.ORG = {
    -        pkinit_anchors = FILE:/usr/local/otherrealm.org.crt
    -    }
    -
    -
    -
  4. -
  5. generic value in the [libdefaults] section:

    -
    [libdefaults]
    -    pkinit_anchors = DIR:/usr/local/generic_trusted_cas/
    -
    -
    -
  6. -
-
-

Specifying PKINIT identity information¶

-

The syntax for specifying Public Key identity, trust, and revocation -information for PKINIT is as follows:

-
-
FILE:filename[,keyfilename]

This option has context-specific behavior.

-

In pkinit_identity or pkinit_identities, filename -specifies the name of a PEM-format file containing the user’s -certificate. If keyfilename is not specified, the user’s -private key is expected to be in filename as well. Otherwise, -keyfilename is the name of the file containing the private key.

-

In pkinit_anchors or pkinit_pool, filename is assumed to -be the name of an OpenSSL-style ca-bundle file.

-
-
DIR:dirname

This option has context-specific behavior.

-

In pkinit_identity or pkinit_identities, dirname -specifies a directory with files named *.crt and *.key -where the first part of the file name is the same for matching -pairs of certificate and private key files. When a file with a -name ending with .crt is found, a matching file ending with -.key is assumed to contain the private key. If no such file -is found, then the certificate in the .crt is not used.

-

In pkinit_anchors or pkinit_pool, dirname is assumed to -be an OpenSSL-style hashed CA directory where each CA cert is -stored in a file named hash-of-ca-cert.#. This infrastructure -is encouraged, but all files in the directory will be examined and -if they contain certificates (in PEM format), they will be used.

-

In pkinit_revoke, dirname is assumed to be an OpenSSL-style -hashed CA directory where each revocation list is stored in a file -named hash-of-ca-cert.r#. This infrastructure is encouraged, -but all files in the directory will be examined and if they -contain a revocation list (in PEM format), they will be used.

-
-
PKCS12:filename

filename is the name of a PKCS #12 format file, containing the -user’s certificate and private key.

-
-
PKCS11:[module_name=]modname[:slotid=slot-id][:token=token-label][:certid=cert-id][:certlabel=cert-label]

All keyword/values are optional. modname specifies the location -of a library implementing PKCS #11. If a value is encountered -with no keyword, it is assumed to be the modname. If no -module-name is specified, the default is PKCS11_MODNAME. -slotid= and/or token= may be specified to force the use of -a particular smard card reader or token if there is more than one -available. certid= and/or certlabel= may be specified to -force the selection of a particular certificate on the device. -See the pkinit_cert_match configuration option for more ways -to select a particular certificate to use for PKINIT.

-
-
ENV:envvar

envvar specifies the name of an environment variable which has -been set to a value conforming to one of the previous values. For -example, ENV:X509_PROXY, where environment variable -X509_PROXY has been set to FILE:/tmp/my_proxy.pem.

-
-
-
-
-

PKINIT krb5.conf options¶

-
-
pkinit_anchors

Specifies the location of trusted anchor (root) certificates which -the client trusts to sign KDC certificates. This option may be -specified multiple times. These values from the config file are -not used if the user specifies X509_anchors on the command line.

-
-
pkinit_cert_match

Specifies matching rules that the client certificate must match -before it is used to attempt PKINIT authentication. If a user has -multiple certificates available (on a smart card, or via other -media), there must be exactly one certificate chosen before -attempting PKINIT authentication. This option may be specified -multiple times. All the available certificates are checked -against each rule in order until there is a match of exactly one -certificate.

-

The Subject and Issuer comparison strings are the RFC 2253 -string representations from the certificate Subject DN and Issuer -DN values.

-

The syntax of the matching rules is:

-
-

[relation-operator]component-rule …

-
-

where:

-
-
relation-operator

can be either &&, meaning all component rules must match, -or ||, meaning only one component rule must match. The -default is &&.

-
-
component-rule

can be one of the following. Note that there is no -punctuation or whitespace between component rules.

-
-
-
<SUBJECT>regular-expression
-
<ISSUER>regular-expression
-
<SAN>regular-expression
-
<EKU>extended-key-usage-list
-
<KU>key-usage-list
-
-
-

extended-key-usage-list is a comma-separated list of -required Extended Key Usage values. All values in the list -must be present in the certificate. Extended Key Usage values -can be:

-
    -
  • pkinit

  • -
  • msScLogin

  • -
  • clientAuth

  • -
  • emailProtection

  • -
-

key-usage-list is a comma-separated list of required Key -Usage values. All values in the list must be present in the -certificate. Key Usage values can be:

-
    -
  • digitalSignature

  • -
  • keyEncipherment

  • -
-
-
-

Examples:

-
pkinit_cert_match = ||<SUBJECT>.*DoE.*<SAN>.*@EXAMPLE.COM
-pkinit_cert_match = &&<EKU>msScLogin,clientAuth<ISSUER>.*DoE.*
-pkinit_cert_match = <EKU>msScLogin,clientAuth<KU>digitalSignature
-
-
-
-
pkinit_eku_checking

This option specifies what Extended Key Usage value the KDC -certificate presented to the client must contain. (Note that if -the KDC certificate has the pkinit SubjectAlternativeName encoded -as the Kerberos TGS name, EKU checking is not necessary since the -issuing CA has certified this as a KDC certificate.) The values -recognized in the krb5.conf file are:

-
-
kpKDC

This is the default value and specifies that the KDC must have -the id-pkinit-KPKdc EKU as defined in RFC 4556.

-
-
kpServerAuth

If kpServerAuth is specified, a KDC certificate with the -id-kp-serverAuth EKU will be accepted. This key usage value -is used in most commercially issued server certificates.

-
-
none

If none is specified, then the KDC certificate will not be -checked to verify it has an acceptable EKU. The use of this -option is not recommended.

-
-
-
-
pkinit_dh_min_bits

Specifies the size of the Diffie-Hellman key the client will -attempt to use. The acceptable values are 1024, 2048, and 4096. -The default is 2048.

-
-
pkinit_identities

Specifies the location(s) to be used to find the user’s X.509 -identity information. If this option is specified multiple times, -each value is attempted in order until certificates are found. -Note that these values are not used if the user specifies -X509_user_identity on the command line.

-
-
pkinit_kdc_hostname

The presence of this option indicates that the client is willing -to accept a KDC certificate with a dNSName SAN (Subject -Alternative Name) rather than requiring the id-pkinit-san as -defined in RFC 4556. This option may be specified multiple -times. Its value should contain the acceptable hostname for the -KDC (as contained in its certificate).

-
-
pkinit_pool

Specifies the location of intermediate certificates which may be -used by the client to complete the trust chain between a KDC -certificate and a trusted anchor. This option may be specified -multiple times.

-
-
pkinit_require_crl_checking

The default certificate verification process will always check the -available revocation information to see if a certificate has been -revoked. If a match is found for the certificate in a CRL, -verification fails. If the certificate being verified is not -listed in a CRL, or there is no CRL present for its issuing CA, -and pkinit_require_crl_checking is false, then verification -succeeds.

-

However, if pkinit_require_crl_checking is true and there is -no CRL information available for the issuing CA, then verification -fails.

-

pkinit_require_crl_checking should be set to true if the -policy is such that up-to-date CRLs must be present for every CA.

-
-
pkinit_revoke

Specifies the location of Certificate Revocation List (CRL) -information to be used by the client when verifying the validity -of the KDC certificate presented. This option may be specified -multiple times.

-
-
-
-
-
-

Parameter expansion¶

-

Starting with release 1.11, several variables, such as -default_keytab_name, allow parameters to be expanded. -Valid parameters are:

-
-
---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

%{TEMP}

Temporary directory

%{uid}

Unix real UID or Windows SID

%{euid}

Unix effective user ID or Windows SID

%{USERID}

Same as %{uid}

%{null}

Empty string

%{LIBDIR}

Installation library directory

%{BINDIR}

Installation binary directory

%{SBINDIR}

Installation admin binary directory

%{username}

(Unix) Username of effective user ID

%{APPDATA}

(Windows) Roaming application data for current user

%{COMMON_APPDATA}

(Windows) Application data for all users

%{LOCAL_APPDATA}

(Windows) Local application data for current user

%{SYSTEM}

(Windows) Windows system folder

%{WINDOWS}

(Windows) Windows folder

%{USERCONFIG}

(Windows) Per-user MIT krb5 config file directory

%{COMMONCONFIG}

(Windows) Common MIT krb5 config file directory

-
-
-
-

Sample krb5.conf file¶

-

Here is an example of a generic krb5.conf file:

-
[libdefaults]
-    default_realm = ATHENA.MIT.EDU
-    dns_lookup_kdc = true
-    dns_lookup_realm = false
-
-[realms]
-    ATHENA.MIT.EDU = {
-        kdc = kerberos.mit.edu
-        kdc = kerberos-1.mit.edu
-        kdc = kerberos-2.mit.edu
-        admin_server = kerberos.mit.edu
-        primary_kdc = kerberos.mit.edu
-    }
-    EXAMPLE.COM = {
-        kdc = kerberos.example.com
-        kdc = kerberos-1.example.com
-        admin_server = kerberos.example.com
-    }
-
-[domain_realm]
-    mit.edu = ATHENA.MIT.EDU
-
-[capaths]
-    ATHENA.MIT.EDU = {
-           EXAMPLE.COM = .
-    }
-    EXAMPLE.COM = {
-           ATHENA.MIT.EDU = .
-    }
-
-
-
-
-

FILES¶

-

/etc/krb5.conf

-
-
-

SEE ALSO¶

-

syslog(3)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/conf_ldap.html b/krb5-1.21.3/doc/html/admin/conf_ldap.html deleted file mode 100644 index c5b390b5..00000000 --- a/krb5-1.21.3/doc/html/admin/conf_ldap.html +++ /dev/null @@ -1,275 +0,0 @@ - - - - - - - - - Configuring Kerberos with OpenLDAP back-end — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Configuring Kerberos with OpenLDAP back-end¶

-
-
    -
  1. Make sure the LDAP server is using local authentication -(ldapi://) or TLS (ldaps). See -https://www.openldap.org/doc/admin/tls.html for instructions on -configuring TLS support in OpenLDAP.

  2. -
  3. Add the Kerberos schema file to the LDAP Server using the OpenLDAP -LDIF file from the krb5 source directory -(src/plugins/kdb/ldap/libkdb_ldap/kerberos.openldap.ldif). -The following example uses local authentication:

    -
    ldapadd -Y EXTERNAL -H ldapi:/// -f /path/to/kerberos.openldap.ldif
    -
    -
    -
  4. -
  5. Choose DNs for the krb5kdc and kadmind servers -to bind to the LDAP server, and create them if necessary. Specify -these DNs with the ldap_kdc_dn and ldap_kadmind_dn -directives in kdc.conf. The kadmind DN will also be -used for administrative commands such as kdb5_util.

    -

    Alternatively, you may configure krb5kdc and kadmind to use SASL -authentication to access the LDAP server; see the [dbmodules] -relations ldap_kdc_sasl_mech and similar.

    -
  6. -
  7. Specify a location for the LDAP service password file by setting -ldap_service_password_file. Use kdb5_ldap_util stashsrvpw -to stash passwords for the KDC and kadmind DNs chosen above. For -example:

    -
    kdb5_ldap_util stashsrvpw -f /path/to/service.keyfile cn=krbadmin,dc=example,dc=com
    -
    -
    -

    Skip this step if you are using SASL authentication and the -mechanism does not require a password.

    -
  8. -
  9. Choose a DN for the global Kerberos container entry (but do not -create the entry at this time). Specify this DN with the -ldap_kerberos_container_dn directive in kdc.conf. -Realm container entries will be created underneath this DN. -Principal entries may exist either underneath the realm container -(the default) or in separate trees referenced from the realm -container.

  10. -
  11. Configure the LDAP server ACLs to enable the KDC and kadmin server -DNs to read and write the Kerberos data. If -disable_last_success and disable_lockout are both set to -true in the [dbmodules] subsection for the realm, then the -KDC DN only requires read access to the Kerberos data.

    -

    Sample access control information:

    -
    access to dn.base=""
    -    by * read
    -
    -access to dn.base="cn=Subschema"
    -    by * read
    -
    -# Provide access to the realm container.
    -access to dn.subtree= "cn=EXAMPLE.COM,cn=krbcontainer,dc=example,dc=com"
    -    by dn.exact="cn=kdc-service,dc=example,dc=com" write
    -    by dn.exact="cn=adm-service,dc=example,dc=com" write
    -    by * none
    -
    -# Provide access to principals, if not underneath the realm container.
    -access to dn.subtree= "ou=users,dc=example,dc=com"
    -    by dn.exact="cn=kdc-service,dc=example,dc=com" write
    -    by dn.exact="cn=adm-service,dc=example,dc=com" write
    -    by * none
    -
    -access to *
    -    by * read
    -
    -
    -

    If the locations of the container and principals or the DNs of the -service objects for a realm are changed then this information -should be updated.

    -
  12. -
  13. In kdc.conf, make sure the following relations are set -in the [dbmodules] subsection for the realm:

    -
    db_library (set to ``kldap``)
    -ldap_kerberos_container_dn
    -ldap_kdc_dn
    -ldap_kadmind_dn
    -ldap_service_password_file
    -ldap_servers
    -
    -
    -
  14. -
  15. Create the realm using kdb5_ldap_util:

    -
    -

    kdb5_ldap_util create -subtrees ou=users,dc=example,dc=com -s

    -
    -

    Use the -subtrees option if the principals are to exist in a -separate subtree from the realm container. Before executing the -command, make sure that the subtree mentioned above -(ou=users,dc=example,dc=com) exists. If the principals will -exist underneath the realm container, omit the -subtrees option -and do not worry about creating the principal subtree.

    -

    For more information, refer to the section Operations on the LDAP database.

    -

    The realm object is created under the -ldap_kerberos_container_dn specified in the configuration -file. This operation will also create the Kerberos container, if -not present already. This container can be used to store -information related to multiple realms.

    -
  16. -
  17. Add an eq index for krbPrincipalName to speed up principal -lookup operations. See -https://www.openldap.org/doc/admin/tuning.html#Indexes for -details.

  18. -
-
-

With the LDAP back end it is possible to provide aliases for principal -entries. Currently we provide no administrative utilities for -creating aliases, so it must be done by direct manipulation of the -LDAP entries.

-

An entry with aliases contains multiple values of the -krbPrincipalName attribute. Since LDAP attribute values are not -ordered, it is necessary to specify which principal name is canonical, -by using the krbCanonicalName attribute. Therefore, to create -aliases for an entry, first set the krbCanonicalName attribute of -the entry to the canonical principal name (which should be identical -to the pre-existing krbPrincipalName value), and then add additional -krbPrincipalName attributes for the aliases.

-

Principal aliases are only returned by the KDC when the client -requests canonicalization. Canonicalization is normally requested for -service principals; for client principals, an explicit flag is often -required (e.g., kinit -C) and canonicalization is only performed -for initial ticket requests.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/database.html b/krb5-1.21.3/doc/html/admin/database.html deleted file mode 100644 index 2c668f64..00000000 --- a/krb5-1.21.3/doc/html/admin/database.html +++ /dev/null @@ -1,710 +0,0 @@ - - - - - - - - - Database administration — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Database administration¶

-

A Kerberos database contains all of a realm’s Kerberos principals, -their passwords, and other administrative information about each -principal. For the most part, you will use the kdb5_util -program to manipulate the Kerberos database as a whole, and the -kadmin program to make changes to the entries in the -database. (One notable exception is that users will use the -kpasswd program to change their own passwords.) The kadmin -program has its own command-line interface, to which you type the -database administrating commands.

-

kdb5_util provides a means to create, delete, load, or dump -a Kerberos database. It also contains commands to roll over the -database master key, and to stash a copy of the key so that the -kadmind and krb5kdc daemons can use the database -without manual input.

-

kadmin provides for the maintenance of Kerberos principals, -password policies, and service key tables (keytabs). Normally it -operates as a network client using Kerberos authentication to -communicate with kadmind, but there is also a variant, named -kadmin.local, which directly accesses the Kerberos database on the -local filesystem (or through LDAP). kadmin.local is necessary to set -up enough of the database to be able to use the remote version.

-

kadmin can authenticate to the admin server using the service -principal kadmin/admin or kadmin/HOST (where HOST is the -hostname of the admin server). If the credentials cache contains a -ticket for either service principal and the -c ccache option is -specified, that ticket is used to authenticate to KADM5. Otherwise, -the -p and -k options are used to specify the client Kerberos -principal name used to authenticate. Once kadmin has determined the -principal name, it requests a kadmin/admin Kerberos service ticket -from the KDC, and uses that service ticket to authenticate to KADM5.

-

See kadmin for the available kadmin and kadmin.local -commands and options.

-
-

Principals¶

-

Each entry in the Kerberos database contains a Kerberos principal and -the attributes and policies associated with that principal.

-

To add a principal to the database, use the kadmin -add_principal command. User principals should usually be created -with the +requires_preauth -allow_svr options to help mitigate -dictionary attacks (see Addressing dictionary attack risks):

-
kadmin: addprinc +requires_preauth -allow_svr alice
-Enter password for principal "alice@KRBTEST.COM":
-Re-enter password for principal "alice@KRBTEST.COM":
-
-
-

User principals which will authenticate with PKINIT configuration should -instead by created with the -nokey option:

-
-

kadmin: addprinc -nokey alice

-
-

Service principals can be created with the -nokey option; -long-term keys will be added when a keytab is generated:

-
kadmin: addprinc -nokey host/foo.mit.edu
-kadmin: ktadd -k foo.keytab host/foo.mit.edu
-Entry for principal host/foo.mit.edu with kvno 1, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:foo.keytab.
-Entry for principal host/foo.mit.edu with kvno 1, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:foo.keytab.
-
-
-

To modify attributes of an existing principal, use the kadmin -modify_principal command:

-
kadmin: modprinc -expire tomorrow alice
-Principal "alice@KRBTEST.COM" modified.
-
-
-

To delete a principal, use the kadmin delete_principal command:

-
kadmin: delprinc alice
-Are you sure you want to delete the principal "alice@KRBTEST.COM"? (yes/no): yes
-Principal "alice@KRBTEST.COM" deleted.
-Make sure that you have removed this principal from all ACLs before reusing.
-
-
-

To change a principal’s password, use the kadmin change_password -command. Password changes made through kadmin are subject to the same -password policies as would apply to password changes made through -kpasswd.

-

To view the attributes of a principal, use the kadmin` -get_principal command.

-

To generate a listing of principals, use the kadmin -list_principals command.

-
-
-

Policies¶

-

A policy is a set of rules governing passwords. Policies can dictate -minimum and maximum password lifetimes, minimum number of characters -and character classes a password must contain, and the number of old -passwords kept in the database.

-

To add a new policy, use the kadmin add_policy command:

-
kadmin: addpol -maxlife "1 year" -history 3 stduser
-
-
-

To modify attributes of a principal, use the kadmin modify_policy -command. To delete a policy, use the kadmin delete_policy -command.

-

To associate a policy with a principal, use the kadmin -modify_principal command with the -policy option:

-
-

kadmin: modprinc -policy stduser alice -Principal “alice@KRBTEST.COM†modified.

-
-

A principal entry may be associated with a nonexistent policy, either -because the policy did not exist at the time of associated or was -deleted afterwards. kadmin will warn when associated a principal with -a nonexistent policy, and will annotate the policy name with “[does -not exist]†in the get_principal output.

-
-

Updating the history key¶

-

If a policy specifies a number of old keys kept of two or more, the -stored old keys are encrypted in a history key, which is found in the -key data of the kadmin/history principal.

-

Currently there is no support for proper rollover of the history key, -but you can change the history key (for example, to use a better -encryption type) at the cost of invalidating currently stored old -keys. To change the history key, run:

-
kadmin: change_password -randkey kadmin/history
-
-
-

This command will fail if you specify the -keepold flag. Only one -new history key will be created, even if you specify multiple key/salt -combinations.

-

In the future, we plan to migrate towards encrypting old keys in the -master key instead of the history key, and implementing proper -rollover support for stored old keys.

-
-
-
-

Privileges¶

-

Administrative privileges for the Kerberos database are stored in the -file kadm5.acl.

-
-

Note

-

A common use of an admin instance is so you can grant -separate permissions (such as administrator access to the -Kerberos database) to a separate Kerberos principal. For -example, the user joeadmin might have a principal for -his administrative use, called joeadmin/admin. This -way, joeadmin would obtain joeadmin/admin tickets -only when he actually needs to use those permissions.

-
-
-
-

Operations on the Kerberos database¶

-

The kdb5_util command is the primary tool for administrating -the Kerberos database when using the DB2 or LMDB modules (see -Database types). Creating a database is described in -Create the KDC database.

-

To create a stash file using the master password (because the database -was not created with one using the create -s flag, or after -restoring from a backup which did not contain the stash file), use the -kdb5_util stash command:

-
$ kdb5_util stash
-kdb5_util: Cannot find/read stored master key while reading master key
-kdb5_util: Warning: proceeding without master key
-Enter KDC database master key:  <= Type the KDC database master password.
-
-
-

To destroy a database, use the kdb5_util destroy command:

-
$ kdb5_util destroy
-Deleting KDC database stored in '/var/krb5kdc/principal', are you sure?
-(type 'yes' to confirm)? yes
-OK, deleting database '/var/krb5kdc/principal'...
-** Database '/var/krb5kdc/principal' destroyed.
-
-
-
-

Dumping and loading a Kerberos database¶

-

To dump a Kerberos database into a text file for backup or transfer -purposes, use the kdb5_util dump command on one of the -KDCs:

-
$ kdb5_util dump dumpfile
-
-$ kbd5_util dump -verbose dumpfile
-kadmin/admin@ATHENA.MIT.EDU
-krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
-kadmin/history@ATHENA.MIT.EDU
-K/M@ATHENA.MIT.EDU
-kadmin/changepw@ATHENA.MIT.EDU
-
-
-

You may specify which principals to dump, using full principal names -including realm:

-
$ kdb5_util dump -verbose someprincs K/M@ATHENA.MIT.EDU kadmin/admin@ATHENA.MIT.EDU
-kadmin/admin@ATHENA.MIT.EDU
-K/M@ATHENA.MIT.EDU
-
-
-

To restore a Kerberos database dump from a file, use the -kdb5_util load command:

-
$ kdb5_util load dumpfile
-
-
-

To update an existing database with a partial dump file containing -only some principals, use the -update flag:

-
$ kdb5_util load -update someprincs
-
-
-
-

Note

-

If the database file exists, and the -update flag was not -given, kdb5_util will overwrite the existing database.

-
-
-
-

Updating the master key¶

-

Starting with release 1.7, kdb5_util allows the master key -to be changed using a rollover process, with minimal loss of -availability. To roll over the master key, follow these steps:

-
    -
  1. On the primary KDC, run kdb5_util list_mkeys to view the -current master key version number (KVNO). If you have never rolled -over the master key before, this will likely be version 1:

    -
    $ kdb5_util list_mkeys
    -Master keys for Principal: K/M@KRBTEST.COM
    -KVNO: 1, Enctype: aes256-cts-hmac-sha384-192, Active on: Thu Jan 01 00:00:00 UTC 1970 *
    -
    -
    -
  2. -
  3. On the primary KDC, run kdb5_util use_mkey 1 to ensure that a -master key activation list is present in the database. This step -is unnecessary in release 1.11.4 or later, or if the database was -initially created with release 1.7 or later.

  4. -
  5. On the primary KDC, run kdb5_util add_mkey -s to create a new -master key and write it to the stash file. Enter a secure password -when prompted. If this is the first time you are changing the -master key, the new key will have version 2. The new master key -will not be used until you make it active.

  6. -
  7. Propagate the database to all replica KDCs, either manually or by -waiting until the next scheduled propagation. If you do not have -any replica KDCs, you can skip this and the next step.

  8. -
  9. On each replica KDC, run kdb5_util list_mkeys to verify that -the new master key is present, and then kdb5_util stash to -write the new master key to the replica KDC’s stash file.

  10. -
  11. On the primary KDC, run kdb5_util use_mkey 2 to begin using the -new master key. Replace 2 with the version of the new master -key, as appropriate. You can optionally specify a date for the new -master key to become active; by default, it will become active -immediately. Prior to release 1.12, kadmind must be -restarted for this change to take full effect.

  12. -
  13. On the primary KDC, run kdb5_util update_princ_encryption. -This command will iterate over the database and re-encrypt all keys -in the new master key. If the database is large and uses DB2, the -primary KDC will become unavailable while this command runs, but -clients should fail over to replica KDCs (if any are present) -during this time period. In release 1.13 and later, you can -instead run kdb5_util -x unlockiter update_princ_encryption to -use unlocked iteration; this variant will take longer, but will -keep the database available to the KDC and kadmind while it runs.

  14. -
  15. Wait until the above changes have propagated to all replica KDCs -and until all running KDC and kadmind processes have serviced -requests using updated principal entries.

  16. -
  17. On the primary KDC, run kdb5_util purge_mkeys to clean up the -old master key.

  18. -
-
-
-
-

Operations on the LDAP database¶

-

The kdb5_ldap_util command is the primary tool for -administrating the Kerberos database when using the LDAP module. -Creating an LDAP Kerberos database is describe in Configuring Kerberos with OpenLDAP back-end.

-

To view a list of realms in the LDAP database, use the kdb5_ldap_util -list command:

-
$ kdb5_ldap_util list
-KRBTEST.COM
-
-
-

To modify the attributes of a realm, use the kdb5_ldap_util modify -command. For example, to change the default realm’s maximum ticket -life:

-
$ kdb5_ldap_util modify -maxtktlife "10 hours"
-
-
-

To display the attributes of a realm, use the kdb5_ldap_util view -command:

-
$ kdb5_ldap_util view
-               Realm Name: KRBTEST.COM
-      Maximum Ticket Life: 0 days 00:10:00
-
-
-

To remove a realm from the LDAP database, destroying its contents, use -the kdb5_ldap_util destroy command:

-
$ kdb5_ldap_util destroy
-Deleting KDC database of 'KRBTEST.COM', are you sure?
-(type 'yes' to confirm)? yes
-OK, deleting database of 'KRBTEST.COM'...
-** Database of 'KRBTEST.COM' destroyed.
-
-
-
-

Ticket Policy operations¶

-

Unlike the DB2 and LMDB modules, the LDAP module supports ticket -policy objects, which can be associated with principals to restrict -maximum ticket lifetimes and set mandatory principal flags. Ticket -policy objects are distinct from the password policies described -earlier on this page, and are chiefly managed through kdb5_ldap_util -rather than kadmin. To create a new ticket policy, use the -kdb5_ldap_util create_policy command:

-
$ kdb5_ldap_util create_policy -maxrenewlife "2 days" users
-
-
-

To associate a ticket policy with a principal, use the -kadmin modify_principal (or add_principal) command -with the -x tktpolicy=policy option:

-
$ kadmin.local modprinc -x tktpolicy=users alice
-
-
-

To remove a ticket policy reference from a principal, use the same -command with an empty policy:

-
$ kadmin.local modprinc -x tktpolicy= alice
-
-
-

To list the existing ticket policy objects, use the kdb5_ldap_util -list_policy command:

-
$ kdb5_ldap_util list_policy
-users
-
-
-

To modify the attributes of a ticket policy object, use the -kdb5_ldap_util modify_policy command:

-
$ kdb5_ldap_util modify_policy -allow_svr +requires_preauth users
-
-
-

To view the attributes of a ticket policy object, use the -kdb5_ldap_util view_policy command:

-
$ kdb5_ldap_util view_policy users
-            Ticket policy: users
-   Maximum renewable life: 2 days 00:00:00
-             Ticket flags: REQUIRES_PRE_AUTH DISALLOW_SVR
-
-
-

To destroy an ticket policy object, use the kdb5_ldap_util -destroy_policy command:

-
$ kdb5_ldap_util destroy_policy users
-This will delete the policy object 'users', are you sure?
-(type 'yes' to confirm)? yes
-** policy object 'users' deleted.
-
-
-
-
-
-

Cross-realm authentication¶

-

In order for a KDC in one realm to authenticate Kerberos users in a -different realm, it must share a key with the KDC in the other realm. -In both databases, there must be krbtgt service principals for both realms. -For example, if you need to do cross-realm authentication between the realms -ATHENA.MIT.EDU and EXAMPLE.COM, you would need to add the -principals krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU and -krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM to both databases. -These principals must all have the same passwords, key version -numbers, and encryption types; this may require explicitly setting -the key version number with the -kvno option.

-

In the ATHENA.MIT.EDU and EXAMPLE.COM cross-realm case, the administrators -would run the following commands on the KDCs in both realms:

-
shell%: kadmin.local -e "aes256-cts:normal"
-kadmin: addprinc -requires_preauth krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM
-Enter password for principal krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM:
-Re-enter password for principal krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM:
-kadmin: addprinc -requires_preauth krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU
-Enter password for principal krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU:
-Enter password for principal krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU:
-kadmin:
-
-
-
-

Note

-

Even if most principals in a realm are generally created -with the requires_preauth flag enabled, this flag is not -desirable on cross-realm authentication keys because doing -so makes it impossible to disable preauthentication on a -service-by-service basis. Disabling it as in the example -above is recommended.

-
-
-

Note

-

It is very important that these principals have good -passwords. MIT recommends that TGT principal passwords be -at least 26 characters of random ASCII text.

-
-
-
-

Changing the krbtgt key¶

-

A Kerberos Ticket Granting Ticket (TGT) is a service ticket for the -principal krbtgt/REALM. The key for this principal is created -when the Kerberos database is initialized and need not be changed. -However, it will only have the encryption types supported by the KDC -at the time of the initial database creation. To allow use of newer -encryption types for the TGT, this key has to be changed.

-

Changing this key using the normal kadmin -change_password command would invalidate any previously issued -TGTs. Therefore, when changing this key, normally one should use the --keepold flag to change_password to retain the previous key in the -database as well as the new key. For example:

-
kadmin: change_password -randkey -keepold krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
-
-
-
-

Warning

-

After issuing this command, the old key is still valid -and is still vulnerable to (for instance) brute force -attacks. To completely retire an old key or encryption -type, run the kadmin purgekeys command to delete keys -with older kvnos, ideally first making sure that all -tickets issued with the old keys have expired.

-
-

Only the first krbtgt key of the newest key version is used to encrypt -ticket-granting tickets. However, the set of encryption types present -in the krbtgt keys is used by default to determine the session key -types supported by the krbtgt service (see -Session key selection). Because non-MIT Kerberos clients -sometimes send a limited set of encryption types when making AS -requests, it can be important for the krbtgt service to support -multiple encryption types. This can be accomplished by giving the -krbtgt principal multiple keys, which is usually as simple as not -specifying any -e option when changing the krbtgt key, or by -setting the session_enctypes string attribute on the krbtgt -principal (see set_string).

-

Due to a bug in releases 1.8 through 1.13, renewed and forwarded -tickets may not work if the original ticket was obtained prior to a -krbtgt key change and the modified ticket is obtained afterwards. -Upgrading the KDC to release 1.14 or later will correct this bug.

-
-
-

Incremental database propagation¶

-
-

Overview¶

-

At some very large sites, dumping and transmitting the database can -take more time than is desirable for changes to propagate from the -primary KDC to the replica KDCs. The incremental propagation support -added in the 1.7 release is intended to address this.

-

With incremental propagation enabled, all programs on the primary KDC -that change the database also write information about the changes to -an “update log†file, maintained as a circular buffer of a certain -size. A process on each replica KDC connects to a service on the -primary KDC (currently implemented in the kadmind server) and -periodically requests the changes that have been made since the last -check. By default, this check is done every two minutes.

-

Incremental propagation uses the following entries in the per-realm -data in the KDC config file (See kdc.conf):

- ----- - - - - - - - - - - - - - - - - - - - - - - - - - - -

iprop_enable

boolean

If true, then incremental propagation is enabled, and (as noted below) normal kprop propagation is disabled. The default is false.

iprop_master_ulogsize

integer

Indicates the number of entries that should be retained in the update log. The default is 1000; the maximum number is 2500.

iprop_replica_poll

time interval

Indicates how often the replica should poll the primary KDC for changes to the database. The default is two minutes.

iprop_port

integer

Specifies the port number to be used for incremental propagation. This is required in both primary and replica configuration files.

iprop_resync_timeout

integer

Specifies the number of seconds to wait for a full propagation to complete. This is optional on replica configurations. Defaults to 300 seconds (5 minutes).

iprop_logfile

file name

Specifies where the update log file for the realm database is to be stored. The default is to use the database_name entry from the realms section of the config file kdc.conf, with .ulog appended. (NOTE: If database_name isn’t specified in the realms section, perhaps because the LDAP database back end is being used, or the file name is specified in the dbmodules section, then the hard-coded default for database_name is used. Determination of the iprop_logfile default value will not use values from the dbmodules section.)

-

Both primary and replica sides must have a principal named -kiprop/hostname (where hostname is the lowercase, -fully-qualified, canonical name for the host) registered in the -Kerberos database, and have keys for that principal stored in the -default keytab file (DEFKTNAME). The kiprop/hostname principal may -have been created automatically for the primary KDC, but it must -always be created for replica KDCs.

-

On the primary KDC side, the kiprop/hostname principal must be -listed in the kadmind ACL file kadm5.acl, and given the -p privilege (see Privileges).

-

On the replica KDC side, kpropd should be run. When -incremental propagation is enabled, it will connect to the kadmind on -the primary KDC and start requesting updates.

-

The normal kprop mechanism is disabled by the incremental propagation -support. However, if the replica has been unable to fetch changes -from the primary KDC for too long (network problems, perhaps), the log -on the primary may wrap around and overwrite some of the updates that -the replica has not yet retrieved. In this case, the replica will -instruct the primary KDC to dump the current database out to a file -and invoke a one-time kprop propagation, with special options to also -convey the point in the update log at which the replica should resume -fetching incremental updates. Thus, all the keytab and ACL setup -previously described for kprop propagation is still needed.

-

If an environment has a large number of replicas, it may be desirable -to arrange them in a hierarchy instead of having the primary serve -updates to every replica. To do this, run kadmind -proponly on -each intermediate replica, and kpropd -A upstreamhostname on -downstream replicas to direct each one to the appropriate upstream -replica.

-

There are several known restrictions in the current implementation:

-
    -
  • The incremental update protocol does not transport changes to policy -objects. Any policy changes on the primary will result in full -resyncs to all replicas.

  • -
  • The replica’s KDB module must support locking; it cannot be using the -LDAP KDB module.

  • -
  • The primary and replica must be able to initiate TCP connections in -both directions, without an intervening NAT.

  • -
-
-
-

Sun/MIT incremental propagation differences¶

-

Sun donated the original code for supporting incremental database -propagation to MIT. Some changes have been made in the MIT source -tree that will be visible to administrators. (These notes are based -on Sun’s patches. Changes to Sun’s implementation since then may not -be reflected here.)

-

The Sun config file support looks for sunw_dbprop_enable, -sunw_dbprop_master_ulogsize, and sunw_dbprop_slave_poll.

-

The incremental propagation service is implemented as an ONC RPC -service. In the Sun implementation, the service is registered with -rpcbind (also known as portmapper) and the client looks up the port -number to contact. In the MIT implementation, where interaction with -some modern versions of rpcbind doesn’t always work well, the port -number must be specified in the config file on both the primary and -replica sides.

-

The Sun implementation hard-codes pathnames in /var/krb5 for the -update log and the per-replica kprop dump files. In the MIT -implementation, the pathname for the update log is specified in the -config file, and the per-replica dump files are stored in -LOCALSTATEDIR/krb5kdc/replica_datatrans_hostname.

-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/dbtypes.html b/krb5-1.21.3/doc/html/admin/dbtypes.html deleted file mode 100644 index af0f101f..00000000 --- a/krb5-1.21.3/doc/html/admin/dbtypes.html +++ /dev/null @@ -1,288 +0,0 @@ - - - - - - - - - Database types — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Database types¶

-

A Kerberos database can be implemented with one of three built-in -database providers, called KDB modules. Software which incorporates -the MIT krb5 KDC may also provide its own KDB module. The following -subsections describe the three built-in KDB modules and the -configuration specific to them.

-

The database type can be configured with the db_library variable -in the [dbmodules] subsection for the realm. For example:

-
[dbmodules]
-    ATHENA.MIT.EDU = {
-        db_library = db2
-    }
-
-
-

If the ATHENA.MIT.EDU realm subsection contains a -database_module setting, then the subsection within -[dbmodules] should use that name instead of ATHENA.MIT.EDU.

-

To transition from one database type to another, stop the -kadmind service, use kdb5_util dump to create a dump -file, change the db_library value and set any appropriate -configuration for the new database type, and use kdb5_util load to -create and populate the new database. If the new database type is -LDAP, create the new database using kdb5_ldap_util and populate it -from the dump file using kdb5_util load -update. Then restart the -krb5kdc and kadmind services.

-
-

Berkeley database module (db2)¶

-

The default KDB module is db2, which uses a version of the -Berkeley DB library. It creates four files based on the database -pathname. If the pathname ends with principal then the four files -are:

-
    -
  • principal, containing principal entry data

  • -
  • principal.ok, a lock file for the principal database

  • -
  • principal.kadm5, containing policy object data

  • -
  • principal.kadm5.lock, a lock file for the policy database

  • -
-

For large databases, the kdb5_util dump command (perhaps -invoked by kprop or by kadmind for incremental -propagation) may cause krb5kdc to stop for a noticeable -period of time while it iterates over the database. This delay can be -avoided by disabling account lockout features so that the KDC does not -perform database writes (see KDC performance and account lockout). Alternatively, -a slower form of iteration can be enabled by setting the -unlockiter variable to true. For example:

-
[dbmodules]
-    ATHENA.MIT.EDU = {
-        db_library = db2
-        unlockiter = true
-    }
-
-
-

In rare cases, a power failure or other unclean system shutdown may -cause inconsistencies in the internal pointers within a database file, -such that kdb5_util dump cannot retrieve all principal entries in -the database. In this situation, it may be possible to retrieve all -of the principal data by running kdb5_util dump -recurse to -iterate over the database using the tree pointers instead of the -iteration pointers. Running kdb5_util dump -rev to iterate over -the database backwards may also retrieve some of the data which is not -retrieved by a normal dump operation.

-
-
-

Lightning Memory-Mapped Database module (klmdb)¶

-

The klmdb module was added in release 1.17. It uses the LMDB library, -and may offer better performance and reliability than the db2 module. -It creates four files based on the database pathname. If the pathname -ends with principal, then the four files are:

-
    -
  • principal.mdb, containing policy object data and most principal -entry data

  • -
  • principal.mdb-lock, a lock file for the primary database

  • -
  • principal.lockout.mdb, containing the account lockout attributes -(last successful authentication time, last failed authentication -time, and number of failed attempts) for each principal entry

  • -
  • principal.lockout.mdb-lock, a lock file for the lockout database

  • -
-

Separating out the lockout attributes ensures that the KDC will never -block on an administrative operation such as a database dump or load. -It also allows the KDC to operate without write access to the primary -database. If both account lockout features are disabled (see -KDC performance and account lockout), the lockout database files will be created -but will not subsequently be opened, and the account lockout -attributes will always have zero values.

-

Because LMDB creates a memory map to the database files, it requires a -configured memory map size which also determines the maximum size of -the database. This size is applied equally to the two databases, so -twice the configured size will be consumed in the process address -space; this is primarily a limitation on 32-bit platforms. The -default value of 128 megabytes should be sufficient for several -hundred thousand principal entries. If the limit is reached, kadmin -operations will fail and the error message “Environment mapsize limit -reached†will appear in the kadmind log file. In this case, the -mapsize variable can be used to increase the map size. The -following example sets the map size to 512 megabytes:

-
[dbmodules]
-    ATHENA.MIT.EDU = {
-        db_library = klmdb
-        mapsize = 512
-    }
-
-
-

LMDB has a configurable maximum number of readers. The default value -of 128 should be sufficient for most deployments. If you are going to -use a large number of KDC worker processes, it may be necessary to set -the max_readers variable to a larger number.

-

By default, LMDB synchronizes database files to disk after each write -transaction to ensure durability in the case of an unclean system -shutdown. The klmdb module always turns synchronization off for the -lockout database to ensure reasonable KDC performance, but leaves it -on for the primary database. If high throughput for administrative -operations (including password changes) is required, the nosync -variable can be set to “true†to disable synchronization for the -primary database.

-

The klmdb module does not support explicit locking with the -kadmin lock command.

-
-
-

LDAP module (kldap)¶

-

The kldap module stores principal and policy data using an LDAP -server. To use it you must configure an LDAP server to use the -Kerberos schema. See Configuring Kerberos with OpenLDAP back-end for details.

-

Because krb5kdc is single-threaded, latency in LDAP database -accesses may limit KDC operation throughput. If the LDAP server is -located on the same server host as the KDC and accessed through an -ldapi:// URL, latency should be minimal. If this is not possible, -consider starting multiple KDC worker processes with the -krb5kdc -w option to enable concurrent processing of KDC -requests.

-

The kldap module does not support explicit locking with the -kadmin lock command.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/dictionary.html b/krb5-1.21.3/doc/html/admin/dictionary.html deleted file mode 100644 index c9b44139..00000000 --- a/krb5-1.21.3/doc/html/admin/dictionary.html +++ /dev/null @@ -1,226 +0,0 @@ - - - - - - - - - Addressing dictionary attack risks — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Addressing dictionary attack risks¶

-

Kerberos initial authentication is normally secured using the client -principal’s long-term key, which for users is generally derived from a -password. Using a pasword-derived long-term key carries the risk of a -dictionary attack, where an attacker tries a sequence of possible -passwords, possibly requiring much less effort than would be required -to try all possible values of the key. Even if password policy -objects are used to force users not to pick trivial -passwords, dictionary attacks can sometimes be successful against a -significant fraction of the users in a realm. Dictionary attacks are -not a concern for principals using random keys.

-

A dictionary attack may be online or offline. An online dictionary -attack is performed by trying each password in a separate request to -the KDC, and is therefore visible to the KDC and also limited in speed -by the KDC’s processing power and the network capacity between the -client and the KDC. Online dictionary attacks can be mitigated using -account lockout. This measure is not totally -satisfactory, as it makes it easy for an attacker to deny access to a -client principal.

-

An offline dictionary attack is performed by obtaining a ciphertext -generated using the password-derived key, and trying each password -against the ciphertext. This category of attack is invisible to the -KDC and can be performed much faster than an online attack. The -attack will generally take much longer with more recent encryption -types (particularly the ones based on AES), because those encryption -types use a much more expensive string-to-key function. However, the -best defense is to deny the attacker access to a useful ciphertext. -The required defensive measures depend on the attacker’s level of -network access.

-

An off-path attacker has no access to packets sent between legitimate -users and the KDC. An off-path attacker could gain access to an -attackable ciphertext either by making an AS request for a client -principal which does not have the +requires_preauth flag, or by -making a TGS request (after authenticating as a different user) for a -server principal which does not have the -allow_svr flag. To -address off-path attackers, a KDC administrator should set those flags -on principals with password-derived keys:

-
kadmin: add_principal +requires_preauth -allow_svr princname
-
-
-

An attacker with passive network access (one who can monitor packets -sent between legitimate users and the KDC, but cannot change them or -insert their own packets) can gain access to an attackable ciphertext -by observing an authentication by a user using the most common form of -preauthentication, encrypted timestamp. Any of the following methods -can prevent dictionary attacks by attackers with passive network -access:

-
    -
  • Enabling SPAKE preauthentication (added in release -1.17) on the KDC, and ensuring that all clients are able to support -it.

  • -
  • Using an HTTPS proxy for communication with the KDC, -if the attacker cannot monitor communication between the proxy -server and the KDC.

  • -
  • Using FAST, protecting the initial authentication with either a -random key (such as a host key) or with anonymous PKINIT.

  • -
-

An attacker with active network access (one who can inject or modify -packets sent between legitimate users and the KDC) can try to fool the -client software into sending an attackable ciphertext using an -encryption type and salt string of the attacker’s choosing. Any of the -following methods can prevent dictionary attacks by active attackers:

-
    -
  • Enabling SPAKE preauthentication and setting the -disable_encrypted_timestamp variable to true in the -[realms] subsection of the client configuration.

  • -
  • Using an HTTPS proxy as described above, configured in the client’s -krb5.conf realm configuration. If KDC discovery is used to locate a proxy server, an active -attacker may be able to use DNS spoofing to cause the client to use -a different HTTPS server or to not use HTTPS.

  • -
  • Using FAST as described above.

  • -
-

If PKINIT or OTP are used for -initial authentication, the principal’s long-term keys are not used -and dictionary attacks are usually not a concern.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/enctypes.html b/krb5-1.21.3/doc/html/admin/enctypes.html deleted file mode 100644 index cfe92410..00000000 --- a/krb5-1.21.3/doc/html/admin/enctypes.html +++ /dev/null @@ -1,402 +0,0 @@ - - - - - - - - - Encryption types — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Encryption types¶

-

Kerberos can use a variety of cipher algorithms to protect data. A -Kerberos encryption type (also known as an enctype) is a -specific combination of a cipher algorithm with an integrity algorithm -to provide both confidentiality and integrity to data.

-
-

Enctypes in requests¶

-

Clients make two types of requests (KDC-REQ) to the KDC: AS-REQs and -TGS-REQs. The client uses the AS-REQ to obtain initial tickets -(typically a Ticket-Granting Ticket (TGT)), and uses the TGS-REQ to -obtain service tickets.

-

The KDC uses three different keys when issuing a ticket to a client:

-
    -
  • The long-term key of the service: the KDC uses this to encrypt the -actual service ticket. The KDC only uses the first long-term key in -the most recent kvno for this purpose.

  • -
  • The session key: the KDC randomly chooses this key and places one -copy inside the ticket and the other copy inside the encrypted part -of the reply.

  • -
  • The reply-encrypting key: the KDC uses this to encrypt the reply it -sends to the client. For AS replies, this is a long-term key of the -client principal. For TGS replies, this is either the session key of the -authenticating ticket, or a subsession key.

  • -
-

Each of these keys is of a specific enctype.

-

Each request type allows the client to submit a list of enctypes that -it is willing to accept. For the AS-REQ, this list affects both the -session key selection and the reply-encrypting key selection. For the -TGS-REQ, this list only affects the session key selection.

-
-
-

Session key selection¶

-

The KDC chooses the session key enctype by taking the intersection of -its permitted_enctypes list, the list of long-term keys for the -most recent kvno of the service, and the client’s requested list of -enctypes. Starting in krb5-1.21, all services are assumed to support -aes256-cts-hmac-sha1-96; also, des3-cbc-sha1 and arcfour-hmac session -keys will not be issued by default.

-

Starting in krb5-1.11, it is possible to set a string attribute on a -service principal to control what session key enctypes the KDC may -issue for service tickets for that principal, overriding the service’s -long-term keys and the assumption of aes256-cts-hmac-sha1-96 support. -See set_string in kadmin for details.

-
-
-

Choosing enctypes for a service¶

-

Generally, a service should have a key of the strongest -enctype that both it and the KDC support. If the KDC is running a -release earlier than krb5-1.11, it is also useful to generate an -additional key for each enctype that the service can support. The KDC -will only use the first key in the list of long-term keys for encrypting -the service ticket, but the additional long-term keys indicate the -other enctypes that the service supports.

-

As noted above, starting with release krb5-1.11, there are additional -configuration settings that control session key enctype selection -independently of the set of long-term keys that the KDC has stored for -a service principal.

-
-
-

Configuration variables¶

-

The following [libdefaults] settings in krb5.conf will -affect how enctypes are chosen.

-
-
allow_weak_crypto

defaults to false starting with krb5-1.8. When false, removes -weak enctypes from permitted_enctypes, -default_tkt_enctypes, and default_tgs_enctypes. Do not -set this to true unless the use of weak enctypes is an -acceptable risk for your environment and the weak enctypes are -required for backward compatibility.

-
-
allow_des3

was added in release 1.21 and defaults to false. Unless this -flag is set to true, the KDC will not issue tickets with -des3-cbc-sha1 session keys. In a future release, this flag will -control whether des3-cbc-sha1 is permitted in similar fashion to -weak enctypes.

-
-
allow_rc4

was added in release 1.21 and defaults to false. Unless this -flag is set to true, the KDC will not issue tickets with -arcfour-hmac session keys. In a future release, this flag will -control whether arcfour-hmac is permitted in similar fashion to -weak enctypes.

-
-
permitted_enctypes

controls the set of enctypes that a service will permit for -session keys and for ticket and authenticator encryption. The KDC -and other programs that access the Kerberos database will ignore -keys of non-permitted enctypes. Starting in release 1.18, this -setting also acts as the default for default_tkt_enctypes and -default_tgs_enctypes.

-
-
default_tkt_enctypes

controls the default set of enctypes that the Kerberos client -library requests when making an AS-REQ. Do not set this unless -required for specific backward compatibility purposes; stale -values of this setting can prevent clients from taking advantage -of new stronger enctypes when the libraries are upgraded.

-
-
default_tgs_enctypes

controls the default set of enctypes that the Kerberos client -library requests when making a TGS-REQ. Do not set this unless -required for specific backward compatibility purposes; stale -values of this setting can prevent clients from taking advantage -of new stronger enctypes when the libraries are upgraded.

-
-
-

The following per-realm setting in kdc.conf affects the -generation of long-term keys.

-
-
supported_enctypes

controls the default set of enctype-salttype pairs that kadmind -will use for generating long-term keys, either randomly or from -passwords

-
-
-
-
-

Enctype compatibility¶

-

See Encryption types for additional information about enctypes.

- ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

enctype

weak?

krb5

Windows

des-cbc-crc

weak

<1.18

>=2000

des-cbc-md4

weak

<1.18

?

des-cbc-md5

weak

<1.18

>=2000

des3-cbc-sha1

deprecated

>=1.1

none

arcfour-hmac

deprecated

>=1.3

>=2000

arcfour-hmac-exp

weak

>=1.3

>=2000

aes128-cts-hmac-sha1-96

>=1.3

>=Vista

aes256-cts-hmac-sha1-96

>=1.3

>=Vista

aes128-cts-hmac-sha256-128

>=1.15

none

aes256-cts-hmac-sha384-192

>=1.15

none

camellia128-cts-cmac

>=1.9

none

camellia256-cts-cmac

>=1.9

none

-

krb5 releases 1.18 and later do not support single-DES. krb5 releases -1.8 and later disable the single-DES enctypes by default. Microsoft -Windows releases Windows 7 and later disable single-DES enctypes by -default.

-

krb5 releases 1.17 and later flag deprecated encryption types -(including des3-cbc-sha1 and arcfour-hmac) in KDC logs and -kadmin output. krb5 release 1.19 issues a warning during initial -authentication if des3-cbc-sha1 is used. Future releases will -disable des3-cbc-sha1 by default and eventually remove support for -it.

-
-
-

Migrating away from older encryption types¶

-

Administrator intervention may be required to migrate a realm away -from legacy encryption types, especially if the realm was created -using krb5 release 1.2 or earlier. This migration should be performed -before upgrading to krb5 versions which disable or remove support for -legacy encryption types.

-

If there is a supported_enctypes setting in kdc.conf on -the KDC, make sure that it does not include weak or deprecated -encryption types. This will ensure that newly created keys do not use -those encryption types by default.

-

Check the krbtgt/REALM principal using the kadmin -getprinc command. If it lists a weak or deprecated encryption -type as the first key, it must be migrated using the procedure in -Changing the krbtgt key.

-

Check the kadmin/history principal, which should have only one key -entry. If it uses a weak or deprecated encryption type, it should be -upgraded following the notes in Updating the history key.

-

Check the other kadmin principals: kadmin/changepw, kadmin/admin, and -any kadmin/hostname principals that may exist. These principals can -be upgraded with change_password -randkey in kadmin.

-

Check the K/M entry. If it uses a weak or deprecated encryption -type, it should be upgraded following the procedure in -Updating the master key.

-

User and service principals using legacy encryption types can be -enumerated with the kdb5_util tabdump keyinfo command.

-

Service principals can be migrated with a keytab rotation on the -service host, which can be accomplished using the k5srvutil -change and delold commands. Allow enough time for existing -tickets to expire between the change and delold operations.

-

User principals with password-based keys can be migrated with a -password change. The realm administrator can set a password -expiration date using the kadmin modify_principal --pwexpire command to force a password change.

-

If a legacy encryption type has not yet been disabled by default in -the version of krb5 running on the KDC, it can be disabled -administratively with the permitted_enctypes variable. For -example, setting permitted_enctypes to DEFAULT -des3 -rc4 will -cause any database keys of the triple-DES and RC4 encryption types to -be ignored.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/env_variables.html b/krb5-1.21.3/doc/html/admin/env_variables.html deleted file mode 100644 index d7bbc8f5..00000000 --- a/krb5-1.21.3/doc/html/admin/env_variables.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - Environment variables — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/host_config.html b/krb5-1.21.3/doc/html/admin/host_config.html deleted file mode 100644 index 709c6dcf..00000000 --- a/krb5-1.21.3/doc/html/admin/host_config.html +++ /dev/null @@ -1,362 +0,0 @@ - - - - - - - - - Host configuration — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Host configuration¶

-

All hosts running Kerberos software, whether they are clients, -application servers, or KDCs, can be configured using -krb5.conf. Here we describe some of the behavior changes -you might want to make.

-
-

Default realm¶

-

In the [libdefaults] section, the default_realm realm -relation sets the default Kerberos realm. For example:

-
[libdefaults]
-    default_realm = ATHENA.MIT.EDU
-
-
-

The default realm affects Kerberos behavior in the following ways:

-
    -
  • When a principal name is parsed from text, the default realm is used -if no @REALM component is specified.

  • -
  • The default realm affects login authorization as described below.

  • -
  • For programs which operate on a Kerberos database, the default realm -is used to determine which database to operate on, unless the -r -parameter is given to specify a realm.

  • -
  • A server program may use the default realm when looking up its key -in a keytab file, if its realm is not -determined by [domain_realm] configuration or by the server -program itself.

  • -
  • If kinit is passed the -n flag, it requests anonymous -tickets from the default realm.

  • -
-

In some situations, these uses of the default realm might conflict. -For example, it might be desirable for principal name parsing to use -one realm by default, but for login authorization to use a second -realm. In this situation, the first realm can be configured as the -default realm, and auth_to_local relations can be used as -described below to use the second realm for login authorization.

-
-
-

Login authorization¶

-

If a host runs a Kerberos-enabled login service such as OpenSSH with -GSSAPIAuthentication enabled, login authorization rules determine -whether a Kerberos principal is allowed to access a local account.

-

By default, a Kerberos principal is allowed access to an account if -its realm matches the default realm and its name matches the account -name. (For historical reasons, access is also granted by default if -the name has two components and the second component matches the -default realm; for instance, alice/ATHENA.MIT.EDU@ATHENA.MIT.EDU -is granted access to the alice account if ATHENA.MIT.EDU is -the default realm.)

-

The simplest way to control local access is using .k5login -files. To use these, place a .k5login file in the home directory -of each account listing the principal names which should have login -access to that account. If it is not desirable to use .k5login -files located in account home directories, the k5login_directory -relation in the [libdefaults] section can specify a directory -containing one file per account uname.

-

By default, if a .k5login file is present, it controls -authorization both positively and negatively–any principal name -contained in the file is granted access and any other principal name -is denied access, even if it would have had access if the .k5login -file didn’t exist. The k5login_authoritative relation in the -[libdefaults] section can be set to false to make .k5login -files provide positive authorization only.

-

The auth_to_local relation in the [realms] section for the -default realm can specify pattern-matching rules to control login -authorization. For example, the following configuration allows access -to principals from a different realm than the default realm:

-
[realms]
-    DEFAULT.REALM = {
-        # Allow access to principals from OTHER.REALM.
-        #
-        # [1:$1@$0] matches single-component principal names and creates
-        # a selection string containing the principal name and realm.
-        #
-        # (.*@OTHER\.REALM) matches against the selection string, so that
-        # only principals in OTHER.REALM are matched.
-        #
-        # s/@OTHER\.REALM$// removes the realm name, leaving behind the
-        # principal name as the account name.
-        auth_to_local = RULE:[1:$1@$0](.*@OTHER\.REALM)s/@OTHER\.REALM$//
-
-        # Also allow principals from the default realm.  Omit this line
-        # to only allow access to principals in OTHER.REALM.
-        auth_to_local = DEFAULT
-    }
-
-
-

The auth_to_local_names subsection of the [realms] section -for the default realm can specify explicit mappings from principal -names to local accounts. The key used in this subsection is the -principal name without realm, so it is only safe to use in a Kerberos -environment with a single realm or a tightly controlled set of realms. -An example use of auth_to_local_names might be:

-
[realms]
-    ATHENA.MIT.EDU = {
-        auth_to_local_names = {
-            # Careful, these match principals in any realm!
-            host/example.com = hostaccount
-            fred = localfred
-        }
-    }
-
-
-

Local authorization behavior can also be modified using plugin -modules; see Host-to-realm interface (hostrealm) for details.

-
-
-

Plugin module configuration¶

-

Many aspects of Kerberos behavior, such as client preauthentication -and KDC service location, can be modified through the use of plugin -modules. For most of these behaviors, you can use the [plugins] -section of krb5.conf to register third-party modules, and to switch -off registered or built-in modules.

-

A plugin module takes the form of a Unix shared object -(modname.so) or Windows DLL (modname.dll). If you have -installed a third-party plugin module and want to register it, you do -so using the module relation in the appropriate subsection of the -[plugins] section. The value for module must give the module name -and the path to the module, separated by a colon. The module name -will often be the same as the shared object’s name, but in unusual -cases (such as a shared object which implements multiple modules for -the same interface) it might not be. For example, to register a -client preauthentication module named mypreauth installed at -/path/to/mypreauth.so, you could write:

-
[plugins]
-    clpreauth = {
-        module = mypreauth:/path/to/mypreauth.so
-    }
-
-
-

Many of the pluggable behaviors in MIT krb5 contain built-in modules -which can be switched off. You can disable a built-in module (or one -you have registered) using the disable directive in the -appropriate subsection of the [plugins] section. For example, to -disable the use of .k5identity files to select credential caches, you -could write:

-
[plugins]
-    ccselect = {
-        disable = k5identity
-    }
-
-
-

If you want to disable multiple modules, specify the disable -directive multiple times, giving one module to disable each time.

-

Alternatively, you can explicitly specify which modules you want to be -enabled for that behavior using the enable_only directive. For -example, to make kadmind check password quality using only a -module you have registered, and no other mechanism, you could write:

-
[plugins]
-    pwqual = {
-        module = mymodule:/path/to/mymodule.so
-        enable_only = mymodule
-    }
-
-
-

Again, if you want to specify multiple modules, specify the -enable_only directive multiple times, giving one module to enable -each time.

-

Some Kerberos interfaces use different mechanisms to register plugin -modules.

-
-

KDC location modules¶

-

For historical reasons, modules to control how KDC servers are located -are registered simply by placing the shared object or DLL into the -“libkrb5†subdirectory of the krb5 plugin directory, which defaults to -LIBDIR/krb5/plugins. For example, Samba’s winbind krb5 -locator plugin would be registered by placing its shared object in -LIBDIR/krb5/plugins/libkrb5/winbind_krb5_locator.so.

-
-
-

GSSAPI mechanism modules¶

-

GSSAPI mechanism modules are registered using the file -SYSCONFDIR/gss/mech or configuration files in the -SYSCONFDIR/gss/mech.d directory with a .conf -suffix. Each line in these files has the form:

-
name  oid  pathname  [options]  <type>
-
-
-

Only the name, oid, and pathname are required. name is the -mechanism name, which may be used for debugging or logging purposes. -oid is the object identifier of the GSSAPI mechanism to be -registered. pathname is a path to the module shared object or DLL. -options (if present) are options provided to the plugin module, -surrounded in square brackets. type (if present) can be used to -indicate a special type of module. Currently the only special module -type is “interposerâ€, for a module designed to intercept calls to -other mechanisms.

-

If the environment variable GSS_MECH_CONFIG is set, its value is -used as the sole mechanism configuration filename.

-
-
-

Configuration profile modules¶

-

A configuration profile module replaces the information source for -krb5.conf itself. To use a profile module, begin krb5.conf -with the line:

-
module PATHNAME:STRING
-
-
-

where PATHNAME is a path to the module shared object or DLL, and -STRING is a string to provide to the module. The module will then -take over, and the rest of krb5.conf will be ignored.

-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/https.html b/krb5-1.21.3/doc/html/admin/https.html deleted file mode 100644 index 7047915b..00000000 --- a/krb5-1.21.3/doc/html/admin/https.html +++ /dev/null @@ -1,193 +0,0 @@ - - - - - - - - - HTTPS proxy configuration — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

HTTPS proxy configuration¶

-

In addition to being able to use UDP or TCP to communicate directly -with a KDC as is outlined in RFC4120, and with kpasswd services in a -similar fashion, the client libraries can attempt to use an HTTPS -proxy server to communicate with a KDC or kpasswd service, using the -protocol outlined in [MS-KKDCP].

-

Communicating with a KDC through an HTTPS proxy allows clients to -contact servers when network firewalls might otherwise prevent them -from doing so. The use of TLS also encrypts all traffic between the -clients and the KDC, preventing observers from conducting password -dictionary attacks or from observing the client and server principals -being authenticated, at additional computational cost to both clients -and servers.

-

An HTTPS proxy server is provided as a feature in some versions of -Microsoft Windows Server, and a WSGI implementation named kdcproxy -is available in the python package index.

-
-

Configuring the clients¶

-

To use an HTTPS proxy, a client host must trust the CA which issued -that proxy’s SSL certificate. If that CA’s certificate is not in the -system-wide default set of trusted certificates, configure the -following relation in the client host’s krb5.conf file in -the appropriate [realms] subsection:

-
http_anchors = FILE:/etc/krb5/cacert.pem
-
-
-

Adjust the pathname to match the path of the file which contains a -copy of the CA’s certificate. The http_anchors option is documented -more fully in krb5.conf.

-

Configure the client to access the KDC and kpasswd service by -specifying their locations in its krb5.conf file in the form -of HTTPS URLs for the proxy server:

-
kdc = https://server.fqdn/KdcProxy
-kpasswd_server = https://server.fqdn/KdcProxy
-
-
-

If the proxy and client are properly configured, client commands such -as kinit, kvno, and kpasswd should all function normally.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/index.html b/krb5-1.21.3/doc/html/admin/index.html deleted file mode 100644 index 0e2bf2f4..00000000 --- a/krb5-1.21.3/doc/html/admin/index.html +++ /dev/null @@ -1,186 +0,0 @@ - - - - - - - - - For administrators — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
- - -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/install.html b/krb5-1.21.3/doc/html/admin/install.html deleted file mode 100644 index 3c27a010..00000000 --- a/krb5-1.21.3/doc/html/admin/install.html +++ /dev/null @@ -1,197 +0,0 @@ - - - - - - - - - Installation guide — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
- - -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/install_appl_srv.html b/krb5-1.21.3/doc/html/admin/install_appl_srv.html deleted file mode 100644 index 14536e42..00000000 --- a/krb5-1.21.3/doc/html/admin/install_appl_srv.html +++ /dev/null @@ -1,225 +0,0 @@ - - - - - - - - - UNIX Application Servers — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

UNIX Application Servers¶

-

An application server is a host that provides one or more services -over the network. Application servers can be “secure†or “insecure.†-A “secure†host is set up to require authentication from every client -connecting to it. An “insecure†host will still provide Kerberos -authentication, but will also allow unauthenticated clients to -connect.

-

If you have Kerberos V5 installed on all of your client machines, MIT -recommends that you make your hosts secure, to take advantage of the -security that Kerberos authentication affords. However, if you have -some clients that do not have Kerberos V5 installed, you can run an -insecure server, and still take advantage of Kerberos V5’s single -sign-on capability.

-
-

The keytab file¶

-

All Kerberos server machines need a keytab file to authenticate to the -KDC. By default on UNIX-like systems this file is named DEFKTNAME. -The keytab file is an local copy of the host’s key. The keytab file -is a potential point of entry for a break-in, and if compromised, -would allow unrestricted access to its host. The keytab file should -be readable only by root, and should exist only on the machine’s local -disk. The file should not be part of any backup of the machine, -unless access to the backup data is secured as tightly as access to -the machine’s root password.

-

In order to generate a keytab for a host, the host must have a -principal in the Kerberos database. The procedure for adding hosts to -the database is described fully in Principals. (See -Create host keytabs for replica KDCs for a brief description.) The keytab is -generated by running kadmin and issuing the ktadd -command.

-

For example, to generate a keytab file to allow the host -trillium.mit.edu to authenticate for the services host, ftp, and -pop, the administrator joeadmin would issue the command (on -trillium.mit.edu):

-
trillium% kadmin
-Authenticating as principal root/admin@ATHENA.MIT.EDU with password.
-Password for root/admin@ATHENA.MIT.EDU:
-kadmin: ktadd host/trillium.mit.edu ftp/trillium.mit.edu pop/trillium.mit.edu
-Entry for principal host/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
-kadmin: Entry for principal ftp/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
-kadmin: Entry for principal pop/trillium.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
-kadmin: quit
-trillium%
-
-
-

If you generate the keytab file on another host, you need to get a -copy of the keytab file onto the destination host (trillium, in -the above example) without sending it unencrypted over the network.

-
-
-

Some advice about secure hosts¶

-

Kerberos V5 can protect your host from certain types of break-ins, but -it is possible to install Kerberos V5 and still leave your host -vulnerable to attack. Obviously an installation guide is not the -place to try to include an exhaustive list of countermeasures for -every possible attack, but it is worth noting some of the larger holes -and how to close them.

-

We recommend that backups of secure machines exclude the keytab file -(DEFKTNAME). If this is not possible, the backups should at least be -done locally, rather than over a network, and the backup tapes should -be physically secured.

-

The keytab file and any programs run by root, including the Kerberos -V5 binaries, should be kept on local disk. The keytab file should be -readable only by root.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/install_clients.html b/krb5-1.21.3/doc/html/admin/install_clients.html deleted file mode 100644 index 928576e3..00000000 --- a/krb5-1.21.3/doc/html/admin/install_clients.html +++ /dev/null @@ -1,207 +0,0 @@ - - - - - - - - - Installing and configuring UNIX client machines — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Installing and configuring UNIX client machines¶

-

The Kerberized client programs include kinit, -klist, kdestroy, and kpasswd. All of -these programs are in the directory BINDIR.

-

You can often integrate Kerberos with the login system on client -machines, typically through the use of PAM. The details vary by -operating system, and should be covered in your operating system’s -documentation. If you do this, you will need to make sure your users -know to use their Kerberos passwords when they log in.

-

You will also need to educate your users to use the ticket management -programs kinit, klist, and kdestroy. If you do not have Kerberos -password changing integrated into the native password program (again, -typically through PAM), you will need to educate users to use kpasswd -in place of its non-Kerberos counterparts passwd.

-
-

Client machine configuration files¶

-

Each machine running Kerberos should have a krb5.conf file. -At a minimum, it should define a default_realm setting in -[libdefaults]. If you are not using DNS SRV records -(Hostnames for KDCs) or URI records (KDC Discovery), it must -also contain a [realms] section containing information for your -realm’s KDCs.

-

Consider setting rdns to false in order to reduce your dependence -on precisely correct DNS information for service hostnames. Turning -this flag off means that service hostnames will be canonicalized -through forward name resolution (which adds your domain name to -unqualified hostnames, and resolves CNAME records in DNS), but not -through reverse address lookup. The default value of this flag is -true for historical reasons only.

-

If you anticipate users frequently logging into remote hosts -(e.g., using ssh) using forwardable credentials, consider setting -forwardable to true so that users obtain forwardable tickets by -default. Otherwise users will need to use kinit -f to get -forwardable tickets.

-

Consider adjusting the ticket_lifetime setting to match the likely -length of sessions for your users. For instance, if most of your -users will be logging in for an eight-hour workday, you could set the -default to ten hours so that tickets obtained in the morning expire -shortly after the end of the workday. Users can still manually -request longer tickets when necessary, up to the maximum allowed by -each user’s principal record on the KDC.

-

If a client host may access services in different realms, it may be -useful to define a [domain_realm] mapping so that clients know -which hosts belong to which realms. However, if your clients and KDC -are running release 1.7 or later, it is also reasonable to leave this -section out on client machines and just define it in the KDC’s -krb5.conf.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/install_kdc.html b/krb5-1.21.3/doc/html/admin/install_kdc.html deleted file mode 100644 index 6f251913..00000000 --- a/krb5-1.21.3/doc/html/admin/install_kdc.html +++ /dev/null @@ -1,653 +0,0 @@ - - - - - - - - - Installing KDCs — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Installing KDCs¶

-

When setting up Kerberos in a production environment, it is best to -have multiple replica KDCs alongside with a primary KDC to ensure the -continued availability of the Kerberized services. Each KDC contains -a copy of the Kerberos database. The primary KDC contains the -writable copy of the realm database, which it replicates to the -replica KDCs at regular intervals. All database changes (such as -password changes) are made on the primary KDC. Replica KDCs provide -Kerberos ticket-granting services, but not database administration, -when the primary KDC is unavailable. MIT recommends that you install -all of your KDCs to be able to function as either the primary or one -of the replicas. This will enable you to easily switch your primary -KDC with one of the replicas if necessary (see -Switching primary and replica KDCs). This installation procedure is based -on that recommendation.

-
-

Warning

-
    -
  • The Kerberos system relies on the availability of correct time -information. Ensure that the primary and all replica KDCs have -properly synchronized clocks.

  • -
  • It is best to install and run KDCs on secured and dedicated -hardware with limited access. If your KDC is also a file -server, FTP server, Web server, or even just a client machine, -someone who obtained root access through a security hole in any -of those areas could potentially gain access to the Kerberos -database.

  • -
-
-
-

Install and configure the primary KDC¶

-

Install Kerberos either from the OS-provided packages or from the -source (See Building within a single tree).

-
-

Note

-

For the purpose of this document we will use the following -names:

-
kerberos.mit.edu    - primary KDC
-kerberos-1.mit.edu  - replica KDC
-ATHENA.MIT.EDU      - realm name
-.k5.ATHENA.MIT.EDU  - stash file
-admin/admin         - admin principal
-
-
-

See MIT Kerberos defaults for the default names and locations -of the relevant to this topic files. Adjust the names and -paths to your system environment.

-
-
-
-

Edit KDC configuration files¶

-

Modify the configuration files, krb5.conf and -kdc.conf, to reflect the correct information (such as -domain-realm mappings and Kerberos servers names) for your realm. -(See MIT Kerberos defaults for the recommended default locations for -these files).

-

Most of the tags in the configuration have default values that will -work well for most sites. There are some tags in the -krb5.conf file whose values must be specified, and this -section will explain those.

-

If the locations for these configuration files differs from the -default ones, set KRB5_CONFIG and KRB5_KDC_PROFILE environment -variables to point to the krb5.conf and kdc.conf respectively. For -example:

-
export KRB5_CONFIG=/yourdir/krb5.conf
-export KRB5_KDC_PROFILE=/yourdir/kdc.conf
-
-
-
-

krb5.conf¶

-

If you are not using DNS TXT records (see Mapping hostnames onto Kerberos realms), -you must specify the default_realm in the [libdefaults] -section. If you are not using DNS URI or SRV records (see -Hostnames for KDCs and KDC Discovery), you must include the -kdc tag for each realm in the [realms] section. To -communicate with the kadmin server in each realm, the admin_server -tag must be set in the -[realms] section.

-

An example krb5.conf file:

-
[libdefaults]
-    default_realm = ATHENA.MIT.EDU
-
-[realms]
-    ATHENA.MIT.EDU = {
-        kdc = kerberos.mit.edu
-        kdc = kerberos-1.mit.edu
-        admin_server = kerberos.mit.edu
-    }
-
-
-
-
-

kdc.conf¶

-

The kdc.conf file can be used to control the listening ports of the -KDC and kadmind, as well as realm-specific defaults, the database type -and location, and logging.

-

An example kdc.conf file:

-
[kdcdefaults]
-    kdc_listen = 88
-    kdc_tcp_listen = 88
-
-[realms]
-    ATHENA.MIT.EDU = {
-        kadmind_port = 749
-        max_life = 12h 0m 0s
-        max_renewable_life = 7d 0h 0m 0s
-        master_key_type = aes256-cts
-        supported_enctypes = aes256-cts:normal aes128-cts:normal
-        # If the default location does not suit your setup,
-        # explicitly configure the following values:
-        #    database_name = /var/krb5kdc/principal
-        #    key_stash_file = /var/krb5kdc/.k5.ATHENA.MIT.EDU
-        #    acl_file = /var/krb5kdc/kadm5.acl
-    }
-
-[logging]
-    # By default, the KDC and kadmind will log output using
-    # syslog.  You can instead send log output to files like this:
-    kdc = FILE:/var/log/krb5kdc.log
-    admin_server = FILE:/var/log/kadmin.log
-    default = FILE:/var/log/krb5lib.log
-
-
-

Replace ATHENA.MIT.EDU and kerberos.mit.edu with the name of -your Kerberos realm and server respectively.

-
-

Note

-

You have to have write permission on the target directories -(these directories must exist) used by database_name, -key_stash_file, and acl_file.

-
-
-
-
-

Create the KDC database¶

-

You will use the kdb5_util command on the primary KDC to -create the Kerberos database and the optional stash file.

-
-

Note

-

If you choose not to install a stash file, the KDC will -prompt you for the master key each time it starts up. This -means that the KDC will not be able to start automatically, -such as after a system reboot.

-
-

kdb5_util will prompt you for the master password for the -Kerberos database. This password can be any string. A good password -is one you can remember, but that no one else can guess. Examples of -bad passwords are words that can be found in a dictionary, any common -or popular name, especially a famous person (or cartoon character), -your username in any form (e.g., forward, backward, repeated twice, -etc.), and any of the sample passwords that appear in this manual. -One example of a password which might be good if it did not appear in -this manual is “MITiys4K5!â€, which represents the sentence “MIT is -your source for Kerberos 5!†(It’s the first letter of each word, -substituting the numeral “4†for the word “forâ€, and includes the -punctuation mark at the end.)

-

The following is an example of how to create a Kerberos database and -stash file on the primary KDC, using the kdb5_util command. -Replace ATHENA.MIT.EDU with the name of your Kerberos realm:

-
shell% kdb5_util create -r ATHENA.MIT.EDU -s
-
-Initializing database '/usr/local/var/krb5kdc/principal' for realm 'ATHENA.MIT.EDU',
-master key name 'K/M@ATHENA.MIT.EDU'
-You will be prompted for the database Master Password.
-It is important that you NOT FORGET this password.
-Enter KDC database master key:  <= Type the master password.
-Re-enter KDC database master key to verify:  <= Type it again.
-shell%
-
-
-

This will create five files in LOCALSTATEDIR/krb5kdc (or at the locations specified -in kdc.conf):

-
    -
  • two Kerberos database files, principal, and principal.ok

  • -
  • the Kerberos administrative database file, principal.kadm5

  • -
  • the administrative database lock file, principal.kadm5.lock

  • -
  • the stash file, in this example .k5.ATHENA.MIT.EDU. If you do -not want a stash file, run the above command without the -s -option.

  • -
-

For more information on administrating Kerberos database see -Operations on the Kerberos database.

-
-
-

Add administrators to the ACL file¶

-

Next, you need create an Access Control List (ACL) file and put the -Kerberos principal of at least one of the administrators into it. -This file is used by the kadmind daemon to control which -principals may view and make privileged modifications to the Kerberos -database files. The ACL filename is determined by the acl_file -variable in kdc.conf; the default is LOCALSTATEDIR/krb5kdc/kadm5.acl.

-

For more information on Kerberos ACL file see kadm5.acl.

-
-
-

Add administrators to the Kerberos database¶

-

Next you need to add administrative principals (i.e., principals who -are allowed to administer Kerberos database) to the Kerberos database. -You must add at least one principal now to allow communication -between the Kerberos administration daemon kadmind and the kadmin -program over the network for further administration. To do this, use -the kadmin.local utility on the primary KDC. kadmin.local is designed -to be run on the primary KDC host without using Kerberos -authentication to an admin server; instead, it must have read and -write access to the Kerberos database on the local filesystem.

-

The administrative principals you create should be the ones you added -to the ACL file (see Add administrators to the ACL file).

-

In the following example, the administrative principal admin/admin -is created:

-
shell% kadmin.local
-
-kadmin.local: addprinc admin/admin@ATHENA.MIT.EDU
-
-No policy specified for "admin/admin@ATHENA.MIT.EDU";
-assigning "default".
-Enter password for principal admin/admin@ATHENA.MIT.EDU:  <= Enter a password.
-Re-enter password for principal admin/admin@ATHENA.MIT.EDU:  <= Type it again.
-Principal "admin/admin@ATHENA.MIT.EDU" created.
-kadmin.local:
-
-
-
-
-

Start the Kerberos daemons on the primary KDC¶

-

At this point, you are ready to start the Kerberos KDC -(krb5kdc) and administrative daemons on the primary KDC. To -do so, type:

-
shell% krb5kdc
-shell% kadmind
-
-
-

Each server daemon will fork and run in the background.

-
-

Note

-

Assuming you want these daemons to start up automatically at -boot time, you can add them to the KDC’s /etc/rc or -/etc/inittab file. You need to have a -stash file in order to do this.

-
-

You can verify that they started properly by checking for their -startup messages in the logging locations you defined in -krb5.conf (see [logging]). For example:

-
shell% tail /var/log/krb5kdc.log
-Dec 02 12:35:47 beeblebrox krb5kdc[3187](info): commencing operation
-shell% tail /var/log/kadmin.log
-Dec 02 12:35:52 beeblebrox kadmind[3189](info): starting
-
-
-

Any errors the daemons encounter while starting will also be listed in -the logging output.

-

As an additional verification, check if kinit succeeds -against the principals that you have created on the previous step -(Add administrators to the Kerberos database). Run:

-
shell% kinit admin/admin@ATHENA.MIT.EDU
-
-
-
-
-

Install the replica KDCs¶

-

You are now ready to start configuring the replica KDCs.

-
-

Note

-

Assuming you are setting the KDCs up so that you can easily -switch the primary KDC with one of the replicas, you should -perform each of these steps on the primary KDC as well as -the replica KDCs, unless these instructions specify -otherwise.

-
-
-

Create host keytabs for replica KDCs¶

-

Each KDC needs a host key in the Kerberos database. These keys -are used for mutual authentication when propagating the database dump -file from the primary KDC to the secondary KDC servers.

-

On the primary KDC, connect to administrative interface and create the -host principal for each of the KDCs’ host services. For example, -if the primary KDC were called kerberos.mit.edu, and you had a -replica KDC named kerberos-1.mit.edu, you would type the -following:

-
shell% kadmin
-kadmin: addprinc -randkey host/kerberos.mit.edu
-No policy specified for "host/kerberos.mit.edu@ATHENA.MIT.EDU"; assigning "default"
-Principal "host/kerberos.mit.edu@ATHENA.MIT.EDU" created.
-
-kadmin: addprinc -randkey host/kerberos-1.mit.edu
-No policy specified for "host/kerberos-1.mit.edu@ATHENA.MIT.EDU"; assigning "default"
-Principal "host/kerberos-1.mit.edu@ATHENA.MIT.EDU" created.
-
-
-

It is not strictly necessary to have the primary KDC server in the -Kerberos database, but it can be handy if you want to be able to swap -the primary KDC with one of the replicas.

-

Next, extract host random keys for all participating KDCs and -store them in each host’s default keytab file. Ideally, you should -extract each keytab locally on its own KDC. If this is not feasible, -you should use an encrypted session to send them across the network. -To extract a keytab directly on a replica KDC called -kerberos-1.mit.edu, you would execute the following command:

-
kadmin: ktadd host/kerberos-1.mit.edu
-Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
-    type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
-Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
-    type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
-Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
-    type aes256-cts-hmac-sha384-192 added to keytab FILE:/etc/krb5.keytab.
-Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
-    type arcfour-hmac added to keytab FILE:/etc/krb5.keytab.
-
-
-

If you are instead extracting a keytab for the replica KDC called -kerberos-1.mit.edu on the primary KDC, you should use a dedicated -temporary keytab file for that machine’s keytab:

-
kadmin: ktadd -k /tmp/kerberos-1.keytab host/kerberos-1.mit.edu
-Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
-    type aes256-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
-Entry for principal host/kerberos-1.mit.edu with kvno 2, encryption
-    type aes128-cts-hmac-sha1-96 added to keytab FILE:/etc/krb5.keytab.
-
-
-

The file /tmp/kerberos-1.keytab can then be installed as -/etc/krb5.keytab on the host kerberos-1.mit.edu.

-
-
-

Configure replica KDCs¶

-

Database propagation copies the contents of the primary’s database, -but does not propagate configuration files, stash files, or the kadm5 -ACL file. The following files must be copied by hand to each replica -(see MIT Kerberos defaults for the default locations for these files):

-
    -
  • krb5.conf

  • -
  • kdc.conf

  • -
  • kadm5.acl

  • -
  • master key stash file

  • -
-

Move the copied files into their appropriate directories, exactly as -on the primary KDC. kadm5.acl is only needed to allow a replica to -swap with the primary KDC.

-

The database is propagated from the primary KDC to the replica KDCs -via the kpropd daemon. You must explicitly specify the -principals which are allowed to provide Kerberos dump updates on the -replica machine with a new database. Create a file named kpropd.acl -in the KDC state directory containing the host principals for each -of the KDCs:

-
host/kerberos.mit.edu@ATHENA.MIT.EDU
-host/kerberos-1.mit.edu@ATHENA.MIT.EDU
-
-
-
-

Note

-

If you expect that the primary and replica KDCs will be -switched at some point of time, list the host principals -from all participating KDC servers in kpropd.acl files on -all of the KDCs. Otherwise, you only need to list the -primary KDC’s host principal in the kpropd.acl files of the -replica KDCs.

-
-

Then, add the following line to /etc/inetd.conf on each KDC -(adjust the path to kpropd):

-
krb5_prop stream tcp nowait root /usr/local/sbin/kpropd kpropd
-
-
-

You also need to add the following line to /etc/services on each -KDC, if it is not already present (assuming that the default port is -used):

-
krb5_prop       754/tcp               # Kerberos replica propagation
-
-
-

Restart inetd daemon.

-

Alternatively, start kpropd as a stand-alone daemon. This is -required when incremental propagation is enabled.

-

Now that the replica KDC is able to accept database propagation, -you’ll need to propagate the database from the primary server.

-

NOTE: Do not start the replica KDC yet; you still do not have a copy -of the primary’s database.

-
-
-

Propagate the database to each replica KDC¶

-

First, create a dump file of the database on the primary KDC, as -follows:

-
shell% kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans
-
-
-

Then, manually propagate the database to each replica KDC, as in the -following example:

-
shell% kprop -f /usr/local/var/krb5kdc/replica_datatrans kerberos-1.mit.edu
-
-Database propagation to kerberos-1.mit.edu: SUCCEEDED
-
-
-

You will need a script to dump and propagate the database. The -following is an example of a Bourne shell script that will do this.

-
-

Note

-

Remember that you need to replace /usr/local/var/krb5kdc -with the name of the KDC state directory.

-
-
#!/bin/sh
-
-kdclist = "kerberos-1.mit.edu kerberos-2.mit.edu"
-
-kdb5_util dump /usr/local/var/krb5kdc/replica_datatrans
-
-for kdc in $kdclist
-do
-    kprop -f /usr/local/var/krb5kdc/replica_datatrans $kdc
-done
-
-
-

You will need to set up a cron job to run this script at the intervals -you decided on earlier (see Database propagation).

-

Now that the replica KDC has a copy of the Kerberos database, you can -start the krb5kdc daemon:

-
shell% krb5kdc
-
-
-

As with the primary KDC, you will probably want to add this command to -the KDCs’ /etc/rc or /etc/inittab files, so they will start -the krb5kdc daemon automatically at boot time.

-
-

Propagation failed?¶

-

You may encounter the following error messages. For a more detailed -discussion on possible causes and solutions click on the error link -to be redirected to Troubleshooting section.

-
    -
  1. kprop: No route to host while connecting to server

  2. -
  3. kprop: Connection refused while connecting to server

  4. -
  5. kprop: Server rejected authentication (during sendauth exchange) while authenticating to server

  6. -
-
-
-
-
-

Add Kerberos principals to the database¶

-

Once your KDCs are set up and running, you are ready to use -kadmin to load principals for your users, hosts, and other -services into the Kerberos database. This procedure is described -fully in Principals.

-

You may occasionally want to use one of your replica KDCs as the -primary. This might happen if you are upgrading the primary KDC, or -if your primary KDC has a disk crash. See the following section for -the instructions.

-
-
-

Switching primary and replica KDCs¶

-

You may occasionally want to use one of your replica KDCs as the -primary. This might happen if you are upgrading the primary KDC, or -if your primary KDC has a disk crash.

-

Assuming you have configured all of your KDCs to be able to function -as either the primary KDC or a replica KDC (as this document -recommends), all you need to do to make the changeover is:

-

If the primary KDC is still running, do the following on the old -primary KDC:

-
    -
  1. Kill the kadmind process.

  2. -
  3. Disable the cron job that propagates the database.

  4. -
  5. Run your database propagation script manually, to ensure that the -replicas all have the latest copy of the database (see -Propagate the database to each replica KDC).

  6. -
-

On the new primary KDC:

-
    -
  1. Start the kadmind daemon (see Start the Kerberos daemons on the primary KDC).

  2. -
  3. Set up the cron job to propagate the database (see -Propagate the database to each replica KDC).

  4. -
  5. Switch the CNAMEs of the old and new primary KDCs. If you can’t do -this, you’ll need to change the krb5.conf file on every -client machine in your Kerberos realm.

  6. -
-
-
-

Incremental database propagation¶

-

If you expect your Kerberos database to become large, you may wish to -set up incremental propagation to replica KDCs. See -Incremental database propagation for details.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/lockout.html b/krb5-1.21.3/doc/html/admin/lockout.html deleted file mode 100644 index 8f6d4507..00000000 --- a/krb5-1.21.3/doc/html/admin/lockout.html +++ /dev/null @@ -1,293 +0,0 @@ - - - - - - - - - Account lockout — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Account lockout¶

-

As of release 1.8, the KDC can be configured to lock out principals -after a number of failed authentication attempts within a period of -time. Account lockout can make it more difficult to attack a -principal’s password by brute force, but also makes it easy for an -attacker to deny access to a principal.

-
-

Configuring account lockout¶

-

Account lockout only works for principals with the -+requires_preauth flag set. Without this flag, the KDC cannot -know whether or not a client successfully decrypted the ticket it -issued. It is also important to set the -allow_svr flag on a -principal to protect its password from an off-line dictionary attack -through a TGS request. You can set these flags on a principal with -kadmin as follows:

-
kadmin: modprinc +requires_preauth -allow_svr PRINCNAME
-
-
-

Account lockout parameters are configured via policy objects. There may be an existing policy associated with user -principals (such as the “default†policy), or you may need to create a -new one and associate it with each user principal.

-

The policy parameters related to account lockout are:

- -

Here is an example of setting these parameters on a new policy and -associating it with a principal:

-
kadmin: addpol -maxfailure 10 -failurecountinterval 180
-    -lockoutduration 60 lockout_policy
-kadmin: modprinc -policy lockout_policy PRINCNAME
-
-
-
-
-

Testing account lockout¶

-

To test that account lockout is working, try authenticating as the -principal (hopefully not one that might be in use) multiple times with -the wrong password. For instance, if maxfailure is set to 2, you -might see:

-
$ kinit user
-Password for user@KRBTEST.COM:
-kinit: Password incorrect while getting initial credentials
-$ kinit user
-Password for user@KRBTEST.COM:
-kinit: Password incorrect while getting initial credentials
-$ kinit user
-kinit: Client's credentials have been revoked while getting initial credentials
-
-
-
-
-

Account lockout principal state¶

-

A principal entry keeps three pieces of state related to account -lockout:

-
    -
  • The time of last successful authentication

  • -
  • The time of last failed authentication

  • -
  • A counter of failed attempts

  • -
-

The time of last successful authentication is not actually needed for -the account lockout system to function, but may be of administrative -interest. These fields can be observed with the getprinc kadmin -command. For example:

-
kadmin: getprinc user
-Principal: user@KRBTEST.COM
-...
-Last successful authentication: [never]
-Last failed authentication: Mon Dec 03 12:30:33 EST 2012
-Failed password attempts: 2
-...
-
-
-

A principal which has been locked out can be administratively unlocked -with the -unlock option to the modprinc kadmin command:

-
kadmin: modprinc -unlock PRINCNAME
-
-
-

This command will reset the number of failed attempts to 0.

-
-
-

KDC replication and account lockout¶

-

The account lockout state of a principal is not replicated by either -traditional kprop or incremental propagation. Because of -this, the number of attempts an attacker can make within a time period -is multiplied by the number of KDCs. For instance, if the -maxfailure parameter on a policy is 10 and there are four KDCs in -the environment (a primary and three replicas), an attacker could make -as many as 40 attempts before the principal is locked out on all four -KDCs.

-

An administrative unlock is propagated from the primary to the replica -KDCs during the next propagation. Propagation of an administrative -unlock will cause the counter of failed attempts on each replica to -reset to 1 on the next failure.

-

If a KDC environment uses a replication strategy other than kprop or -incremental propagation, such as the LDAP KDB module with multi-master -LDAP replication, then account lockout state may be replicated between -KDCs and the concerns of this section may not apply.

-
-
-

KDC performance and account lockout¶

-

In order to fully track account lockout state, the KDC must write to -the the database on each successful and failed authentication. -Writing to the database is generally more expensive than reading from -it, so these writes may have a significant impact on KDC performance. -As of release 1.9, it is possible to turn off account lockout state -tracking in order to improve performance, by setting the -disable_last_success and disable_lockout variables in the -database module subsection of kdc.conf. For example:

-
[dbmodules]
-    DB = {
-        disable_last_success = true
-        disable_lockout = true
-    }
-
-
-

Of the two variables, setting disable_last_success will usually -have the largest positive impact on performance, and will still allow -account lockout policies to operate. However, it will make it -impossible to observe the last successful authentication time with -kadmin.

-
-
-

KDC setup and account lockout¶

-

To update the account lockout state on principals, the KDC must be -able to write to the principal database. For the DB2 module, no -special setup is required. For the LDAP module, the KDC DN must be -granted write access to the principal objects. If the KDC DN has only -read access, account lockout will not function.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/otp.html b/krb5-1.21.3/doc/html/admin/otp.html deleted file mode 100644 index 042a0d03..00000000 --- a/krb5-1.21.3/doc/html/admin/otp.html +++ /dev/null @@ -1,241 +0,0 @@ - - - - - - - - - OTP Preauthentication — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

OTP Preauthentication¶

-

OTP is a preauthentication mechanism for Kerberos 5 which uses One -Time Passwords (OTP) to authenticate the client to the KDC. The OTP -is passed to the KDC over an encrypted FAST channel in clear-text. -The KDC uses the password along with per-user configuration to proxy -the request to a third-party RADIUS system. This enables -out-of-the-box compatibility with a large number of already widely -deployed proprietary systems.

-

Additionally, our implementation of the OTP system allows for the -passing of RADIUS requests over a UNIX domain stream socket. This -permits the use of a local companion daemon which can handle the -details of authentication.

-
-

Defining token types¶

-

Token types are defined in either krb5.conf or -kdc.conf according to the following format:

-
[otp]
-    <name> = {
-        server = <host:port or filename> (default: see below)
-        secret = <filename>
-        timeout = <integer> (default: 5 [seconds])
-        retries = <integer> (default: 3)
-        strip_realm = <boolean> (default: true)
-        indicator = <string> (default: none)
-    }
-
-
-

If the server field begins with ‘/’, it will be interpreted as a UNIX -socket. Otherwise, it is assumed to be in the format host:port. When -a UNIX domain socket is specified, the secret field is optional and an -empty secret is used by default. If the server field is not -specified, it defaults to RUNSTATEDIR/krb5kdc/<name>.socket.

-

When forwarding the request over RADIUS, by default the principal is -used in the User-Name attribute of the RADIUS packet. The strip_realm -parameter controls whether the principal is forwarded with or without -the realm portion.

-

If an indicator field is present, tickets issued using this token type -will be annotated with the specified authentication indicator (see -Authentication indicators). This key may be specified multiple times to -add multiple indicators.

-
-
-

The default token type¶

-

A default token type is used internally when no token type is specified for a -given user. It is defined as follows:

-
[otp]
-    DEFAULT = {
-        strip_realm = false
-    }
-
-
-

The administrator may override the internal DEFAULT token type -simply by defining a configuration with the same name.

-
-
-

Token instance configuration¶

-

To enable OTP for a client principal, the administrator must define -the otp string attribute for that principal. (See -set_string.) The otp user string is a JSON string of the -format:

-
[{
-    "type": <string>,
-    "username": <string>,
-    "indicators": [<string>, ...]
- }, ...]
-
-
-

This is an array of token objects. Both fields of token objects are -optional. The type field names the token type of this token; if -not specified, it defaults to DEFAULT. The username field -specifies the value to be sent in the User-Name RADIUS attribute. If -not specified, the principal name is sent, with or without realm as -defined in the token type. The indicators field specifies a list -of authentication indicators to annotate tickets with, overriding any -indicators specified in the token type.

-

For ease of configuration, an empty array ([]) is treated as -equivalent to one DEFAULT token ([{}]).

-
-
-

Other considerations¶

-
    -
  1. FAST is required for OTP to work.

  2. -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/pkinit.html b/krb5-1.21.3/doc/html/admin/pkinit.html deleted file mode 100644 index 40791a2e..00000000 --- a/krb5-1.21.3/doc/html/admin/pkinit.html +++ /dev/null @@ -1,482 +0,0 @@ - - - - - - - - - PKINIT configuration — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

PKINIT configuration¶

-

PKINIT is a preauthentication mechanism for Kerberos 5 which uses -X.509 certificates to authenticate the KDC to clients and vice versa. -PKINIT can also be used to enable anonymity support, allowing clients -to communicate securely with the KDC or with application servers -without authenticating as a particular client principal.

-
-

Creating certificates¶

-

PKINIT requires an X.509 certificate for the KDC and one for each -client principal which will authenticate using PKINIT. For anonymous -PKINIT, a KDC certificate is required, but client certificates are -not. A commercially issued server certificate can be used for the KDC -certificate, but generally cannot be used for client certificates.

-

The instruction in this section describe how to establish a -certificate authority and create standard PKINIT certificates. Skip -this section if you are using a commercially issued server certificate -as the KDC certificate for anonymous PKINIT, or if you are configuring -a client to use an Active Directory KDC.

-
-

Generating a certificate authority certificate¶

-

You can establish a new certificate authority (CA) for use with a -PKINIT deployment with the commands:

-
openssl genrsa -out cakey.pem 2048
-openssl req -key cakey.pem -new -x509 -out cacert.pem -days 3650
-
-
-

The second command will ask for the values of several certificate -fields. These fields can be set to any values. You can adjust the -expiration time of the CA certificate by changing the number after --days. Since the CA certificate must be deployed to client -machines each time it changes, it should normally have an expiration -time far in the future; however, expiration times after 2037 may cause -interoperability issues in rare circumstances.

-

The result of these commands will be two files, cakey.pem and -cacert.pem. cakey.pem will contain a 2048-bit RSA private key, which -must be carefully protected. cacert.pem will contain the CA -certificate, which must be placed in the filesystems of the KDC and -each client host. cakey.pem will be required to create KDC and client -certificates.

-
-
-

Generating a KDC certificate¶

-

A KDC certificate for use with PKINIT is required to have some unusual -fields, which makes generating them with OpenSSL somewhat complicated. -First, you will need a file containing the following:

-
[kdc_cert]
-basicConstraints=CA:FALSE
-keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement
-extendedKeyUsage=1.3.6.1.5.2.3.5
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-issuerAltName=issuer:copy
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name
-
-[kdc_princ_name]
-realm=EXP:0,GeneralString:${ENV::REALM}
-principal_name=EXP:1,SEQUENCE:kdc_principal_seq
-
-[kdc_principal_seq]
-name_type=EXP:0,INTEGER:2
-name_string=EXP:1,SEQUENCE:kdc_principals
-
-[kdc_principals]
-princ1=GeneralString:krbtgt
-princ2=GeneralString:${ENV::REALM}
-
-
-

If the above contents are placed in extensions.kdc, you can generate -and sign a KDC certificate with the following commands:

-
openssl genrsa -out kdckey.pem 2048
-openssl req -new -out kdc.req -key kdckey.pem
-env REALM=YOUR_REALMNAME openssl x509 -req -in kdc.req \
-    -CAkey cakey.pem -CA cacert.pem -out kdc.pem -days 365 \
-    -extfile extensions.kdc -extensions kdc_cert -CAcreateserial
-rm kdc.req
-
-
-

The second command will ask for the values of certificate fields, -which can be set to any values. In the third command, substitute your -KDC’s realm name for YOUR_REALMNAME. You can adjust the certificate’s -expiration date by changing the number after -days. Remember to -create a new KDC certificate before the old one expires.

-

The result of this operation will be in two files, kdckey.pem and -kdc.pem. Both files must be placed in the KDC’s filesystem. -kdckey.pem, which contains the KDC’s private key, must be carefully -protected.

-

If you examine the KDC certificate with openssl x509 -in kdc.pem --text -noout, OpenSSL will not know how to display the KDC principal -name in the Subject Alternative Name extension, so it will appear as -othername:<unsupported>. This is normal and does not mean -anything is wrong with the KDC certificate.

-
-
-

Generating client certificates¶

-

PKINIT client certificates also must have some unusual certificate -fields. To generate a client certificate with OpenSSL for a -single-component principal name, you will need an extensions file -(different from the KDC extensions file above) containing:

-
[client_cert]
-basicConstraints=CA:FALSE
-keyUsage=digitalSignature,keyEncipherment,keyAgreement
-extendedKeyUsage=1.3.6.1.5.2.3.4
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-issuerAltName=issuer:copy
-subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ_name
-
-[princ_name]
-realm=EXP:0,GeneralString:${ENV::REALM}
-principal_name=EXP:1,SEQUENCE:principal_seq
-
-[principal_seq]
-name_type=EXP:0,INTEGER:1
-name_string=EXP:1,SEQUENCE:principals
-
-[principals]
-princ1=GeneralString:${ENV::CLIENT}
-
-
-

If the above contents are placed in extensions.client, you can -generate and sign a client certificate with the following commands:

-
openssl genrsa -out clientkey.pem 2048
-openssl req -new -key clientkey.pem -out client.req
-env REALM=YOUR_REALMNAME CLIENT=YOUR_PRINCNAME openssl x509 \
-    -CAkey cakey.pem -CA cacert.pem -req -in client.req \
-    -extensions client_cert -extfile extensions.client \
-    -days 365 -out client.pem
-rm client.req
-
-
-

Normally, the first two commands should be run on the client host, and -the resulting client.req file transferred to the certificate authority -host for the third command. As in the previous steps, the second -command will ask for the values of certificate fields, which can be -set to any values. In the third command, substitute your realm’s name -for YOUR_REALMNAME and the client’s principal name (without realm) for -YOUR_PRINCNAME. You can adjust the certificate’s expiration date by -changing the number after -days.

-

The result of this operation will be two files, clientkey.pem and -client.pem. Both files must be present on the client’s host; -clientkey.pem, which contains the client’s private key, must be -protected from access by others.

-

As in the KDC certificate, OpenSSL will display the client principal -name as othername:<unsupported> in the Subject Alternative Name -extension of a PKINIT client certificate.

-

If the client principal name contains more than one component -(e.g. host/example.com@REALM), the [principals] section of -extensions.client must be altered to contain multiple entries. -(Simply setting CLIENT to host/example.com would generate a -certificate for host\/example.com@REALM which would not match the -multi-component principal name.) For a two-component principal, the -section should read:

-
[principals]
-princ1=GeneralString:${ENV::CLIENT1}
-princ2=GeneralString:${ENV::CLIENT2}
-
-
-

The environment variables CLIENT1 and CLIENT2 must then be set -to the first and second components when running openssl x509.

-
-
-
-

Configuring the KDC¶

-

The KDC must have filesystem access to the KDC certificate (kdc.pem) -and the KDC private key (kdckey.pem). Configure the following -relation in the KDC’s kdc.conf file, either in the -[kdcdefaults] section or in a [realms] subsection (with -appropriate pathnames):

-
pkinit_identity = FILE:/var/lib/krb5kdc/kdc.pem,/var/lib/krb5kdc/kdckey.pem
-
-
-

If any clients will authenticate using regular (as opposed to -anonymous) PKINIT, the KDC must also have filesystem access to the CA -certificate (cacert.pem), and the following configuration (with the -appropriate pathname):

-
pkinit_anchors = FILE:/var/lib/krb5kdc/cacert.pem
-
-
-

Because of the larger size of requests and responses using PKINIT, you -may also need to allow TCP access to the KDC:

-
kdc_tcp_listen = 88
-
-
-

Restart the krb5kdc daemon to pick up the configuration -changes.

-

The principal entry for each PKINIT-using client must be configured to -require preauthentication. Ensure this with the command:

-
kadmin -q 'modprinc +requires_preauth YOUR_PRINCNAME'
-
-
-

Starting with release 1.12, it is possible to remove the long-term -keys of a principal entry, which can save some space in the database -and help to clarify some PKINIT-related error conditions by not asking -for a password:

-
kadmin -q 'purgekeys -all YOUR_PRINCNAME'
-
-
-

These principal options can also be specified at principal creation -time as follows:

-
kadmin -q 'add_principal +requires_preauth -nokey YOUR_PRINCNAME'
-
-
-

By default, the KDC requires PKINIT client certificates to have the -standard Extended Key Usage and Subject Alternative Name attributes -for PKINIT. Starting in release 1.16, it is possible to authorize -client certificates based on the subject or other criteria instead of -the standard PKINIT Subject Alternative Name, by setting the -pkinit_cert_match string attribute on each client principal entry. -For example:

-
kadmin set_string user@REALM pkinit_cert_match "<SUBJECT>CN=user@REALM$"
-
-
-

The pkinit_cert_match string attribute follows the syntax used by -the krb5.conf pkinit_cert_match relation. To allow the -use of non-PKINIT client certificates, it will also be necessary to -disable key usage checking using the pkinit_eku_checking relation; -for example:

-
[kdcdefaults]
-    pkinit_eku_checking = none
-
-
-
-
-

Configuring the clients¶

-

Client hosts must be configured to trust the issuing authority for the -KDC certificate. For a newly established certificate authority, the -client host must have filesystem access to the CA certificate -(cacert.pem) and the following relation in krb5.conf in the -appropriate [realms] subsection (with appropriate pathnames):

-
pkinit_anchors = FILE:/etc/krb5/cacert.pem
-
-
-

If the KDC certificate is a commercially issued server certificate, -the issuing certificate is most likely included in a system directory. -You can specify it by filename as above, or specify the whole -directory like so:

-
pkinit_anchors = DIR:/etc/ssl/certs
-
-
-

A commercially issued server certificate will usually not have the -standard PKINIT principal name or Extended Key Usage extensions, so -the following additional configuration is required:

-
pkinit_eku_checking = kpServerAuth
-pkinit_kdc_hostname = hostname.of.kdc.certificate
-
-
-

Multiple pkinit_kdc_hostname relations can be configured to -recognize multiple KDC certificates. If the KDC is an Active -Directory domain controller, setting pkinit_kdc_hostname is -necessary, but it should not be necessary to set -pkinit_eku_checking.

-

To perform regular (as opposed to anonymous) PKINIT authentication, a -client host must have filesystem access to a client certificate -(client.pem), and the corresponding private key (clientkey.pem). -Configure the following relations in the client host’s -krb5.conf file in the appropriate [realms] subsection -(with appropriate pathnames):

-
pkinit_identities = FILE:/etc/krb5/client.pem,/etc/krb5/clientkey.pem
-
-
-

If the KDC and client are properly configured, it should now be -possible to run kinit username without entering a password.

-
-
-

Anonymous PKINIT¶

-

Anonymity support in Kerberos allows a client to obtain a ticket -without authenticating as any particular principal. Such a ticket can -be used as a FAST armor ticket, or to securely communicate with an -application server anonymously.

-

To configure anonymity support, you must generate or otherwise procure -a KDC certificate and configure the KDC host, but you do not need to -generate any client certificates. On the KDC, you must set the -pkinit_identity variable to provide the KDC certificate, but do -not need to set the pkinit_anchors variable or store the issuing -certificate if you won’t have any client certificates to verify. On -client hosts, you must set the pkinit_anchors variable (and -possibly pkinit_kdc_hostname and pkinit_eku_checking) in order -to trust the issuing authority for the KDC certificate, but do not -need to set the pkinit_identities variable.

-

Anonymity support is not enabled by default. To enable it, you must -create the principal WELLKNOWN/ANONYMOUS using the command:

-
kadmin -q 'addprinc -randkey WELLKNOWN/ANONYMOUS'
-
-
-

Some Kerberos deployments include application servers which lack -proper access control, and grant some level of access to any user who -can authenticate. In such an environment, enabling anonymity support -on the KDC would present a security issue. If you need to enable -anonymity support for TGTs (for use as FAST armor tickets) without -enabling anonymous authentication to application servers, you can set -the variable restrict_anonymous_to_tgt to true in the -appropriate [realms] subsection of the KDC’s -kdc.conf file.

-

To obtain anonymous credentials on a client, run kinit -n, or -kinit -n @REALMNAME to specify a realm. The resulting tickets -will have the client name WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS.

-
-
-

Freshness tokens¶

-

Freshness tokens can ensure that the client has recently had access to -its certificate private key. If freshness tokens are not required by -the KDC, a client program with temporary possession of the private key -can compose requests for future timestamps and use them later.

-

In release 1.17 and later, freshness tokens are supported by the -client and are sent by the KDC when the client indicates support for -them. Because not all clients support freshness tokens yet, they are -not required by default. To check if freshness tokens are supported -by a realm’s clients, look in the KDC logs for the lines:

-
PKINIT: freshness token received from <client principal>
-PKINIT: no freshness token received from <client principal>
-
-
-

To require freshness tokens for all clients in a realm (except for -clients authenticating anonymously), set the -pkinit_require_freshness variable to true in the appropriate -[realms] subsection of the KDC’s kdc.conf file. To -test that this option is in effect, run kinit -X disable_freshness -and verify that authentication is unsuccessful.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/princ_dns.html b/krb5-1.21.3/doc/html/admin/princ_dns.html deleted file mode 100644 index 845f788e..00000000 --- a/krb5-1.21.3/doc/html/admin/princ_dns.html +++ /dev/null @@ -1,268 +0,0 @@ - - - - - - - - - Principal names and DNS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Principal names and DNS¶

-

Kerberos clients can do DNS lookups to canonicalize service principal -names. This can cause difficulties when setting up Kerberos -application servers, especially when the client’s name for the service -is different from what the service thinks its name is.

-
-

Service principal names¶

-

A frequently used kind of principal name is the host-based service -principal name. This kind of principal name has two components: a -service name and a hostname. For example, imap/imap.example.com -is the principal name of the “imap†service on the host -“imap.example.comâ€. Other possible service names for the first -component include “host†(remote login services such as ssh), “HTTPâ€, -and “nfs†(Network File System).

-

Service administrators often publish well-known hostname aliases that -they would prefer users to use instead of the canonical name of the -service host. This gives service administrators more flexibility in -deploying services. For example, a shell login server might be named -“long-vanity-hostname.example.comâ€, but users will naturally prefer to -type something like “login.example.comâ€. Hostname aliases also allow -for administrators to set up load balancing for some sorts of services -based on rotating CNAME records in DNS.

-
-
-

Service principal canonicalization¶

-

In the MIT krb5 client library, canonicalization of host-based service -principals is controlled by the dns_canonicalize_hostname, -rnds, and qualify_shortname variables in [libdefaults].

-

If dns_canonicalize_hostname is set to true (the default -value), the client performs forward resolution by looking up the IPv4 -and/or IPv6 addresses of the hostname using getaddrinfo(). This -process will typically add a domain suffix to the hostname if needed, -and follow CNAME records in the DNS. If rdns is also set to -true (the default), the client will then perform a reverse lookup -of the first returned Internet address using getnameinfo(), -finding the name associated with the PTR record.

-

If dns_canonicalize_hostname is set to false, the hostname is -not canonicalized using DNS. If the hostname has only one component -(i.e. it contains no “.†characters), the host’s primary DNS search -domain will be appended, if there is one. The qualify_shortname -variable can be used to override or disable this suffix.

-

If dns_canonicalize_hostname is set to fallback (added in -release 1.18), the hostname is initially treated according to the -rules for dns_canonicalize_hostname=false. If a ticket request -fails because the service principal is unknown, the hostname will be -canonicalized according to the rules for -dns_canonicalize_hostname=true and the request will be retried.

-

In all cases, the hostname is converted to lowercase, and any trailing -dot is removed.

-
-
-

Reverse DNS mismatches¶

-

Sometimes, an enterprise will have control over its forward DNS but -not its reverse DNS. The reverse DNS is sometimes under the control -of the Internet service provider of the enterprise, and the enterprise -may not have much influence in setting up reverse DNS records for its -address space. If there are difficulties with getting forward and -reverse DNS to match, it is best to set rdns = false on client -machines.

-
-
-

Overriding application behavior¶

-

Applications can choose to use a default hostname component in their -service principal name when accepting authentication, which avoids -some sorts of hostname mismatches. Because not all relevant -applications do this yet, using the krb5.conf setting:

-
[libdefaults]
-    ignore_acceptor_hostname = true
-
-
-

will allow the Kerberos library to override the application’s choice -of service principal hostname and will allow a server program to -accept incoming authentications using any key in its keytab that -matches the service name and realm name (if given). This setting -defaults to “false†and is available in releases krb5-1.10 and later.

-
-
-

Provisioning keytabs¶

-

One service principal entry that should be in the keytab is a -principal whose hostname component is the canonical hostname that -getaddrinfo() reports for all known aliases for the host. If the -reverse DNS information does not match this canonical hostname, an -additional service principal entry should be in the keytab for this -different hostname.

-
-
-

Specific application advice¶

-
-

Secure shell (ssh)¶

-

Setting GSSAPIStrictAcceptorCheck = no in the configuration file -of modern versions of the openssh daemon will allow the daemon to try -any key in its keytab when accepting a connection, rather than looking -for the keytab entry that matches the host’s own idea of its name -(typically the name that gethostname() returns). This requires -krb5-1.10 or later.

-
-
-

OpenLDAP (ldapsearch, etc.)¶

-

OpenLDAP’s SASL implementation performs reverse DNS lookup in order to -canonicalize service principal names, even if rdns is set to -false in the Kerberos configuration. To disable this behavior, -add SASL_NOCANON on to ldap.conf, or set the -LDAPSASL_NOCANON environment variable.

-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/realm_config.html b/krb5-1.21.3/doc/html/admin/realm_config.html deleted file mode 100644 index f90ab88f..00000000 --- a/krb5-1.21.3/doc/html/admin/realm_config.html +++ /dev/null @@ -1,394 +0,0 @@ - - - - - - - - - Realm configuration decisions — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Realm configuration decisions¶

-

Before installing Kerberos V5, it is necessary to consider the -following issues:

-
    -
  • The name of your Kerberos realm (or the name of each realm, if you -need more than one).

  • -
  • How you will assign your hostnames to Kerberos realms.

  • -
  • Which ports your KDC and and kadmind services will use, if they will -not be using the default ports.

  • -
  • How many replica KDCs you need and where they should be located.

  • -
  • The hostnames of your primary and replica KDCs.

  • -
  • How frequently you will propagate the database from the primary KDC -to the replica KDCs.

  • -
-
-

Realm name¶

-

Although your Kerberos realm can be any ASCII string, convention is to -make it the same as your domain name, in upper-case letters.

-

For example, hosts in the domain example.com would be in the -Kerberos realm:

-
EXAMPLE.COM
-
-
-

If you need multiple Kerberos realms, MIT recommends that you use -descriptive names which end with your domain name, such as:

-
BOSTON.EXAMPLE.COM
-HOUSTON.EXAMPLE.COM
-
-
-
-
-

Mapping hostnames onto Kerberos realms¶

-

Mapping hostnames onto Kerberos realms is done in one of three ways.

-

The first mechanism works through a set of rules in the -[domain_realm] section of krb5.conf. You can specify -mappings for an entire domain or on a per-hostname basis. Typically -you would do this by specifying the mappings for a given domain or -subdomain and listing the exceptions.

-

The second mechanism is to use KDC host-based service referrals. With -this method, the KDC’s krb5.conf has a full [domain_realm] mapping for -hosts, but the clients do not, or have mappings for only a subset of -the hosts they might contact. When a client needs to contact a server -host for which it has no mapping, it will ask the client realm’s KDC -for the service ticket, and will receive a referral to the appropriate -service realm.

-

To use referrals, clients must be running MIT krb5 1.6 or later, and -the KDC must be running MIT krb5 1.7 or later. The -host_based_services and no_host_referral variables in the -[realms] section of kdc.conf can be used to -fine-tune referral behavior on the KDC.

-

It is also possible for clients to use DNS TXT records, if -dns_lookup_realm is enabled in krb5.conf. Such lookups -are disabled by default because DNS is an insecure protocol and security -holes could result if DNS records are spoofed. If enabled, the client -will try to look up a TXT record formed by prepending the prefix -_kerberos to the hostname in question. If that record is not -found, the client will attempt a lookup by prepending _kerberos to the -host’s domain name, then its parent domain, up to the top-level domain. -For the hostname boston.engineering.example.com, the names looked up -would be:

-
_kerberos.boston.engineering.example.com
-_kerberos.engineering.example.com
-_kerberos.example.com
-_kerberos.com
-
-
-

The value of the first TXT record found is taken as the realm name.

-

Even if you do not choose to use this mechanism within your site, -you may wish to set it up anyway, for use when interacting with other sites.

-
-
-

Ports for the KDC and admin services¶

-

The default ports used by Kerberos are port 88 for the KDC and port -749 for the admin server. You can, however, choose to run on other -ports, as long as they are specified in each host’s -krb5.conf files or in DNS SRV records, and the -kdc.conf file on each KDC. For a more thorough treatment of -port numbers used by the Kerberos V5 programs, refer to the -Configuring your firewall to work with Kerberos V5.

-
-
-

Replica KDCs¶

-

Replica KDCs provide an additional source of Kerberos ticket-granting -services in the event of inaccessibility of the primary KDC. The -number of replica KDCs you need and the decision of where to place them, -both physically and logically, depends on the specifics of your -network.

-

Kerberos authentication requires that each client be able to contact a -KDC. Therefore, you need to anticipate any likely reason a KDC might -be unavailable and have a replica KDC to take up the slack.

-

Some considerations include:

-
    -
  • Have at least one replica KDC as a backup, for when the primary KDC -is down, is being upgraded, or is otherwise unavailable.

  • -
  • If your network is split such that a network outage is likely to -cause a network partition (some segment or segments of the network -to become cut off or isolated from other segments), have a replica -KDC accessible to each segment.

  • -
  • If possible, have at least one replica KDC in a different building -from the primary, in case of power outages, fires, or other -localized disasters.

  • -
-
-
-

Hostnames for KDCs¶

-

MIT recommends that your KDCs have a predefined set of CNAME records -(DNS hostname aliases), such as kerberos for the primary KDC and -kerberos-1, kerberos-2, … for the replica KDCs. This way, -if you need to swap a machine, you only need to change a DNS entry, -rather than having to change hostnames.

-

As of MIT krb5 1.4, clients can locate a realm’s KDCs through DNS -using SRV records (RFC 2782), assuming the Kerberos realm name is -also a DNS domain name. These records indicate the hostname and port -number to contact for that service, optionally with weighting and -prioritization. The domain name used in the SRV record name is the -realm name. Several different Kerberos-related service names are -used:

-
-
_kerberos._udp

This is for contacting any KDC by UDP. This entry will be used -the most often. Normally you should list port 88 on each of your -KDCs.

-
-
_kerberos._tcp

This is for contacting any KDC by TCP. Normally you should use -port 88. This entry should be omitted if the KDC does not listen -on TCP ports, as was the default prior to release 1.13.

-
-
_kerberos-master._udp

This entry should refer to those KDCs, if any, that will -immediately see password changes to the Kerberos database. If a -user is logging in and the password appears to be incorrect, the -client will retry with the primary KDC before failing with an -“incorrect password†error given.

-

If you have only one KDC, or for whatever reason there is no -accessible KDC that would get database changes faster than the -others, you do not need to define this entry.

-
-
_kerberos-adm._tcp

This should list port 749 on your primary KDC. Support for it is -not complete at this time, but it will eventually be used by the -kadmin program and related utilities. For now, you will -also need the admin_server variable in krb5.conf.

-
-
_kerberos-master._tcp

The corresponding TCP port for _kerberos-master._udp, assuming the -primary KDC listens on a TCP port.

-
-
_kpasswd._udp

This entry should list port 464 on your primary KDC. It is used -when a user changes her password. If this entry is not defined -but a _kerberos-adm._tcp entry is defined, the client will use the -_kerberos-adm._tcp entry with the port number changed to 464.

-
-
_kpasswd._tcp

The corresponding TCP port for _kpasswd._udp.

-
-
-

The DNS SRV specification requires that the hostnames listed be the -canonical names, not aliases. So, for example, you might include the -following records in your (BIND-style) zone file:

-
$ORIGIN foobar.com.
-_kerberos               TXT       "FOOBAR.COM"
-kerberos                CNAME     daisy
-kerberos-1              CNAME     use-the-force-luke
-kerberos-2              CNAME     bunny-rabbit
-_kerberos._udp          SRV       0 0 88 daisy
-                        SRV       0 0 88 use-the-force-luke
-                        SRV       0 0 88 bunny-rabbit
-_kerberos-master._udp   SRV       0 0 88 daisy
-_kerberos-adm._tcp      SRV       0 0 749 daisy
-_kpasswd._udp           SRV       0 0 464 daisy
-
-
-

Clients can also be configured with the explicit location of services -using the kdc, master_kdc, admin_server, and -kpasswd_server variables in the [realms] section of -krb5.conf. Even if some clients will be configured with -explicit server locations, providing SRV records will still benefit -unconfigured clients, and be useful for other sites.

-
-
-

KDC Discovery¶

-

As of MIT krb5 1.15, clients can also locate KDCs in DNS through URI -records (RFC 7553). Limitations with the SRV record format may -result in extra DNS queries in situations where a client must failover -to other transport types, or find a primary server. The URI record -can convey more information about a realm’s KDCs with a single query.

-

The client performs a query for the following URI records:

-
    -
  • _kerberos.REALM for finding KDCs.

  • -
  • _kerberos-adm.REALM for finding kadmin services.

  • -
  • _kpasswd.REALM for finding password services.

  • -
-

The URI record includes a priority, weight, and a URI string that -consists of case-insensitive colon separated fields, in the form -scheme:[flags]:transport:residual.

-
    -
  • scheme defines the registered URI type. It should always be -krb5srv.

  • -
  • flags contains zero or more flag characters. Currently the only -valid flag is m, which indicates that the record is for a -primary server.

  • -
  • transport defines the transport type of the residual URL or -address. Accepted values are tcp, udp, or kkdcp for the -MS-KKDCP type.

  • -
  • residual contains the hostname, IP address, or URL to be -contacted using the specified transport, with an optional port -extension. The MS-KKDCP transport type uses a HTTPS URL, and can -include a port and/or path extension.

  • -
-

An example of URI records in a zone file:

-
_kerberos.EXAMPLE.COM  URI  10 1 krb5srv:m:tcp:kdc1.example.com
-                       URI  20 1 krb5srv:m:udp:kdc2.example.com:89
-                       URI  40 1 krb5srv::udp:10.10.0.23
-                       URI  30 1 krb5srv::kkdcp:https://proxy:89/auth
-
-
-

URI lookups are enabled by default, and can be disabled by setting -dns_uri_lookup in the [libdefaults] section of -krb5.conf to False. When enabled, URI lookups take -precedence over SRV lookups, falling back to SRV lookups if no URI -records are found.

-
-
-

Database propagation¶

-

The Kerberos database resides on the primary KDC, and must be -propagated regularly (usually by a cron job) to the replica KDCs. In -deciding how frequently the propagation should happen, you will need -to balance the amount of time the propagation takes against the -maximum reasonable amount of time a user should have to wait for a -password change to take effect.

-

If the propagation time is longer than this maximum reasonable time -(e.g., you have a particularly large database, you have a lot of -replicas, or you experience frequent network delays), you may wish to -cut down on your propagation delay by performing the propagation in -parallel. To do this, have the primary KDC propagate the database to -one set of replicas, and then have each of these replicas propagate -the database to additional replicas.

-

See also Incremental database propagation

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/spake.html b/krb5-1.21.3/doc/html/admin/spake.html deleted file mode 100644 index 39c9ee58..00000000 --- a/krb5-1.21.3/doc/html/admin/spake.html +++ /dev/null @@ -1,199 +0,0 @@ - - - - - - - - - SPAKE Preauthentication — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

SPAKE Preauthentication¶

-

SPAKE preauthentication (added in release 1.17) uses public key -cryptography techniques to protect against password dictionary -attacks. Unlike PKINIT, it does not -require any additional infrastructure such as certificates; it simply -needs to be turned on. Using SPAKE preauthentication may modestly -increase the CPU and network load on the KDC.

-

SPAKE preauthentication can use one of four elliptic curve groups for -its password-authenticated key exchange. The recommended group is -edwards25519; three NIST curves (P-256, P-384, and -P-521) are also supported.

-

By default, SPAKE with the edwards25519 group is enabled on -clients, but the KDC does not offer SPAKE by default. To turn it on, -set the spake_preauth_groups variable in [libdefaults] to a -list of allowed groups. This variable affects both the client and the -KDC. Simply setting it to edwards25519 is recommended:

-
[libdefaults]
-    spake_preauth_groups = edwards25519
-
-
-

Set the +requires_preauth and -allow_svr flags on client -principal entries, as you would for any preauthentication mechanism:

-
kadmin: modprinc +requires_preauth -allow_svr PRINCNAME
-
-
-

Clients which do not implement SPAKE preauthentication will fall back -to encrypted timestamp.

-

An active attacker can force a fallback to encrypted timestamp by -modifying the initial KDC response, defeating the protection against -dictionary attacks. To prevent this fallback on clients which do -implement SPAKE preauthentication, set the -disable_encrypted_timestamp variable to true in the -[realms] subsection for realms whose KDCs offer SPAKE -preauthentication.

-

By default, SPAKE preauthentication requires an extra network round -trip to the KDC during initial authentication. If most of the clients -in a realm support SPAKE, this extra round trip can be eliminated -using an optimistic challenge, by setting the -spake_preauth_kdc_challenge variable in [kdcdefaults] to a -single group name:

-
[kdcdefaults]
-    spake_preauth_kdc_challenge = edwards25519
-
-
-

Using optimistic challenge will cause the KDC to do extra work for -initial authentication requests that do not result in SPAKE -preauthentication, but will save work when SPAKE preauthentication is -used.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/troubleshoot.html b/krb5-1.21.3/doc/html/admin/troubleshoot.html deleted file mode 100644 index 493abbf0..00000000 --- a/krb5-1.21.3/doc/html/admin/troubleshoot.html +++ /dev/null @@ -1,266 +0,0 @@ - - - - - - - - - Troubleshooting — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Troubleshooting¶

-
-

Trace logging¶

-

Most programs using MIT krb5 1.9 or later can be made to provide -information about internal krb5 library operations using trace -logging. To enable this, set the KRB5_TRACE environment variable -to a filename before running the program. On many operating systems, -the filename /dev/stdout can be used to send trace logging output -to standard output.

-

Some programs do not honor KRB5_TRACE, either because they use -secure library contexts (this generally applies to setuid programs and -parts of the login system) or because they take direct control of the -trace logging system using the API.

-

Here is a short example showing trace logging output for an invocation -of the kvno command:

-
shell% env KRB5_TRACE=/dev/stdout kvno krbtgt/KRBTEST.COM
-[9138] 1332348778.823276: Getting credentials user@KRBTEST.COM ->
-    krbtgt/KRBTEST.COM@KRBTEST.COM using ccache
-    FILE:/me/krb5/build/testdir/ccache
-[9138] 1332348778.823381: Retrieving user@KRBTEST.COM ->
-    krbtgt/KRBTEST.COM@KRBTEST.COM from
-    FILE:/me/krb5/build/testdir/ccache with result: 0/Unknown code 0
-krbtgt/KRBTEST.COM@KRBTEST.COM: kvno = 1
-
-
-
-
-

List of errors¶

-
-

Frequently seen errors¶

-
    -
  1. KDC has no support for encryption type while getting initial credentials

  2. -
  3. credential verification failed: KDC has no support for encryption type

  4. -
  5. Cannot create cert chain: certificate has expired

  6. -
-
-
-

Errors seen by admins¶

-
    -
  1. kprop: No route to host while connecting to server

  2. -
  3. kprop: Connection refused while connecting to server

  4. -
  5. kprop: Server rejected authentication (during sendauth exchange) while authenticating to server

  6. -
-
-
-

KDC has no support for encryption type while getting initial credentials¶

-
-
-

credential verification failed: KDC has no support for encryption type¶

-

This most commonly happens when trying to use a principal with only -DES keys, in a release (MIT krb5 1.7 or later) which disables DES by -default. DES encryption is considered weak due to its inadequate key -size. If you cannot migrate away from its use, you can re-enable DES -by adding allow_weak_crypto = true to the [libdefaults] -section of krb5.conf.

-
-
-

Cannot create cert chain: certificate has expired¶

-

This error message indicates that PKINIT authentication failed because -the client certificate, KDC certificate, or one of the certificates in -the signing chain above them has expired.

-

If the KDC certificate has expired, this message appears in the KDC -log file, and the client will receive a “Preauthentication failed†-error. (Prior to release 1.11, the KDC log file message erroneously -appears as “Out of memoryâ€. Prior to release 1.12, the client will -receive a “Generic errorâ€.)

-

If the client or a signing certificate has expired, this message may -appear in trace_logging output from kinit or, starting in -release 1.12, as an error message from kinit or another program which -gets initial tickets. The error message is more likely to appear -properly on the client if the principal entry has no long-term keys.

-
-
-

kprop: No route to host while connecting to server¶

-

Make sure that the hostname of the replica KDC (as given to kprop) is -correct, and that any firewalls between the primary and the replica -allow a connection on port 754.

-
-
-

kprop: Connection refused while connecting to server¶

-

If the replica KDC is intended to run kpropd out of inetd, make sure -that inetd is configured to accept krb5_prop connections. inetd may -need to be restarted or sent a SIGHUP to recognize the new -configuration. If the replica is intended to run kpropd in standalone -mode, make sure that it is running.

-
-
-

kprop: Server rejected authentication (during sendauth exchange) while authenticating to server¶

-

Make sure that:

-
    -
  1. The time is synchronized between the primary and replica KDCs.

  2. -
  3. The master stash file was copied from the primary to the expected -location on the replica.

  4. -
  5. The replica has a keytab file in the default location containing a -host principal for the replica’s hostname.

  6. -
-
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/admin/various_envs.html b/krb5-1.21.3/doc/html/admin/various_envs.html deleted file mode 100644 index 14d3c535..00000000 --- a/krb5-1.21.3/doc/html/admin/various_envs.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - - Various links — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
- - -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/gssapi.html b/krb5-1.21.3/doc/html/appdev/gssapi.html deleted file mode 100644 index c51274a4..00000000 --- a/krb5-1.21.3/doc/html/appdev/gssapi.html +++ /dev/null @@ -1,797 +0,0 @@ - - - - - - - - - Developing with GSSAPI — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Developing with GSSAPI¶

-

The GSSAPI (Generic Security Services API) allows applications to -communicate securely using Kerberos 5 or other security mechanisms. -We recommend using the GSSAPI (or a higher-level framework which -encompasses GSSAPI, such as SASL) for secure network communication -over using the libkrb5 API directly.

-

GSSAPIv2 is specified in RFC 2743 and RFC 2744. Also see -RFC 7546 for a description of how to use the GSSAPI in a client or -server program.

-

This documentation will describe how various ways of using the -GSSAPI will behave with the krb5 mechanism as implemented in MIT krb5, -as well as krb5-specific extensions to the GSSAPI.

-
-

Name types¶

-

A GSSAPI application can name a local or remote entity by calling -gss_import_name, specifying a name type and a value. The following -name types are supported by the krb5 mechanism:

-
    -
  • GSS_C_NT_HOSTBASED_SERVICE: The value should be a string of the -form service or service@hostname. This is the most common -way to name target services when initiating a security context, and -is the most likely name type to work across multiple mechanisms.

  • -
  • GSS_KRB5_NT_PRINCIPAL_NAME: The value should be a principal name -string. This name type only works with the krb5 mechanism, and is -defined in the <gssapi/gssapi_krb5.h> header.

  • -
  • GSS_C_NT_USER_NAME or GSS_C_NULL_OID: The value is treated -as an unparsed principal name string, as above. These name types -may work with mechanisms other than krb5, but will have different -interpretations in those mechanisms. GSS_C_NT_USER_NAME is -intended to be used with a local username, which will parse into a -single-component principal in the default realm.

  • -
  • GSS_C_NT_ANONYMOUS: The value is ignored. The anonymous -principal is used, allowing a client to authenticate to a server -without asserting a particular identity (which may or may not be -allowed by a particular server or Kerberos realm).

  • -
  • GSS_C_NT_MACHINE_UID_NAME: The value is uid_t object. On -Unix-like systems, the username of the uid is looked up in the -system user database and the resulting username is parsed as a -principal name.

  • -
  • GSS_C_NT_STRING_UID_NAME: As above, but the value is a decimal -string representation of the uid.

  • -
  • GSS_C_NT_EXPORT_NAME: The value must be the result of a -gss_export_name call.

  • -
  • GSS_KRB5_NT_ENTERPRISE_NAME: The value should be a krb5 -enterprise name string (see RFC 6806 section 5), in the form -user@suffix. This name type is used to convey alias names, and -is defined in the <gssapi/gssapi_krb5.h> header. (New in -release 1.17.)

  • -
  • GSS_KRB5_NT_X509_CERT: The value should be an X.509 certificate -encoded according to RFC 5280. This name form can be used for -the desired_name parameter of gss_acquire_cred_impersonate_name(), -to identify the S4U2Self user by certificate. (New in release -1.19.)

  • -
-
-
-

Initiator credentials¶

-

A GSSAPI client application uses gss_init_sec_context to establish a -security context. The initiator_cred_handle parameter determines -what tickets are used to establish the connection. An application can -either pass GSS_C_NO_CREDENTIAL to use the default client -credential, or it can use gss_acquire_cred beforehand to acquire an -initiator credential. The call to gss_acquire_cred may include a -desired_name parameter, or it may pass GSS_C_NO_NAME if it does -not have a specific name preference.

-

If the desired name for a krb5 initiator credential is a host-based -name, it is converted to a principal name of the form -service/hostname in the local realm, where hostname is the local -hostname if not specified. The hostname will be canonicalized using -forward name resolution, and possibly also using reverse name -resolution depending on the value of the rdns variable in -[libdefaults].

-

If a desired name is specified in the call to gss_acquire_cred, the -krb5 mechanism will attempt to find existing tickets for that client -principal name in the default credential cache or collection. If the -default cache type does not support a collection, and the default -cache contains credentials for a different principal than the desired -name, a GSS_S_CRED_UNAVAIL error will be returned with a minor -code indicating a mismatch.

-

If no existing tickets are available for the desired name, but the -name has an entry in the default client keytab, the -krb5 mechanism will acquire initial tickets for the name using the -default client keytab.

-

If no desired name is specified, credential acquisition will be -deferred until the credential is used in a call to -gss_init_sec_context or gss_inquire_cred. If the call is to -gss_init_sec_context, the target name will be used to choose a client -principal name using the credential cache selection facility. (This -facility might, for instance, try to choose existing tickets for a -client principal in the same realm as the target service). If there -are no existing tickets for the chosen principal, but it is present in -the default client keytab, the krb5 mechanism will acquire initial -tickets using the keytab.

-

If the target name cannot be used to select a client principal -(because the credentials are used in a call to gss_inquire_cred), or -if the credential cache selection facility cannot choose a principal -for it, the default credential cache will be selected if it exists and -contains tickets.

-

If the default credential cache does not exist, but the default client -keytab does, the krb5 mechanism will try to acquire initial tickets -for the first principal in the default client keytab.

-

If the krb5 mechanism acquires initial tickets using the default -client keytab, the resulting tickets will be stored in the default -cache or collection, and will be refreshed by future calls to -gss_acquire_cred as they approach their expire time.

-
-
-

Acceptor names¶

-

A GSSAPI server application uses gss_accept_sec_context to establish -a security context based on tokens provided by the client. The -acceptor_cred_handle parameter determines what -keytab entries may be authenticated to by the -client, if the krb5 mechanism is used.

-

The simplest choice is to pass GSS_C_NO_CREDENTIAL as the acceptor -credential. In this case, clients may authenticate to any service -principal in the default keytab (typically DEFKTNAME, or the value of -the KRB5_KTNAME environment variable). This is the recommended -approach if the server application has no specific requirements to the -contrary.

-

A server may acquire an acceptor credential with gss_acquire_cred and -a cred_usage of GSS_C_ACCEPT or GSS_C_BOTH. If the -desired_name parameter is GSS_C_NO_NAME, then clients will be -allowed to authenticate to any service principal in the default -keytab, just as if no acceptor credential was supplied.

-

If a server wishes to specify a desired_name to gss_acquire_cred, -the most common choice is a host-based name. If the host-based -desired_name contains just a service, then clients will be allowed -to authenticate to any host-based service principal (that is, a -principal of the form service/hostname@REALM) for the named -service, regardless of hostname or realm, as long as it is present in -the default keytab. If the input name contains both a service and a -hostname, clients will be allowed to authenticate to any host-based -principal for the named service and hostname, regardless of realm.

-
-

Note

-

If a hostname is specified, it will be canonicalized -using forward name resolution, and possibly also using -reverse name resolution depending on the value of the -rdns variable in [libdefaults].

-
-
-

Note

-

If the ignore_acceptor_hostname variable in -[libdefaults] is enabled, then hostname will be -ignored even if one is specified in the input name.

-
-
-

Note

-

In MIT krb5 versions prior to 1.10, and in Heimdal’s -implementation of the krb5 mechanism, an input name with -just a service is treated like an input name of -service@localhostname, where localhostname is the -string returned by gethostname().

-
-

If the desired_name is a krb5 principal name or a local system name -type which is mapped to a krb5 principal name, clients will only be -allowed to authenticate to that principal in the default keytab.

-
-
-

Name Attributes¶

-

In release 1.8 or later, the gss_inquire_name and -gss_get_name_attribute functions, specified in RFC 6680, can be -used to retrieve name attributes from the src_name returned by -gss_accept_sec_context. The following attributes are defined when -the krb5 mechanism is used:

-
    -
  • “auth-indicators†attribute:

  • -
-

This attribute will be included in the gss_inquire_name output if the -ticket contains authentication indicators. -One indicator is returned per invocation of gss_get_name_attribute, -so multiple invocations may be necessary to retrieve all of the -indicators from the ticket. (New in release 1.15.)

-
-
-

Credential store extensions¶

-

Beginning with release 1.11, the following GSSAPI extensions declared -in <gssapi/gssapi_ext.h> can be used to specify how credentials -are acquired or stored:

-
struct gss_key_value_element_struct {
-    const char *key;
-    const char *value;
-};
-typedef struct gss_key_value_element_struct gss_key_value_element_desc;
-
-struct gss_key_value_set_struct {
-    OM_uint32 count;
-    gss_key_value_element_desc *elements;
-};
-typedef const struct gss_key_value_set_struct gss_key_value_set_desc;
-typedef const gss_key_value_set_desc *gss_const_key_value_set_t;
-
-OM_uint32 gss_acquire_cred_from(OM_uint32 *minor_status,
-                                const gss_name_t desired_name,
-                                OM_uint32 time_req,
-                                const gss_OID_set desired_mechs,
-                                gss_cred_usage_t cred_usage,
-                                gss_const_key_value_set_t cred_store,
-                                gss_cred_id_t *output_cred_handle,
-                                gss_OID_set *actual_mechs,
-                                OM_uint32 *time_rec);
-
-OM_uint32 gss_store_cred_into(OM_uint32 *minor_status,
-                              gss_cred_id_t input_cred_handle,
-                              gss_cred_usage_t cred_usage,
-                              const gss_OID desired_mech,
-                              OM_uint32 overwrite_cred,
-                              OM_uint32 default_cred,
-                              gss_const_key_value_set_t cred_store,
-                              gss_OID_set *elements_stored,
-                              gss_cred_usage_t *cred_usage_stored);
-
-
-

The additional cred_store parameter allows the caller to specify -information about how the credentials should be obtained and stored. -The following options are supported by the krb5 mechanism:

-
    -
  • ccache: For acquiring initiator credentials, the name of the -credential cache to which the handle will -refer. For storing credentials, the name of the cache or collection -where the credentials will be stored (see below).

  • -
  • client_keytab: For acquiring initiator credentials, the name of -the keytab which will be used, if -necessary, to refresh the credentials in the cache.

  • -
  • keytab: For acquiring acceptor credentials, the name of the -keytab to which the handle will refer. -In release 1.19 and later, this option also determines the keytab to -be used for verification when initiator credentials are acquired -using a password and verified.

  • -
  • password: For acquiring initiator credentials, this option -instructs the mechanism to acquire fresh credentials into a unique -memory credential cache. This option may not be used with the -ccache or client_keytab options, and a desired_name must -be specified. (New in release 1.19.)

  • -
  • rcache: For acquiring acceptor credentials, the name of the -replay cache to be used when processing -the initiator tokens. (New in release 1.13.)

  • -
  • verify: For acquiring initiator credentials, this option -instructs the mechanism to verify the credentials by obtaining a -ticket to a service with a known key. The service key is obtained -from the keytab specified with the keytab option or the default -keytab. The value may be the name of a principal in the keytab, or -the empty string. If the empty string is given, any host -service principal in the keytab may be used. (New in release 1.19.)

  • -
-

In release 1.20 or later, if a collection name is specified for -cache in a call to gss_store_cred_into(), an existing cache for -the client principal within the collection will be selected, or a new -cache will be created within the collection. If overwrite_cred is -false and the selected credential cache already exists, a -GSS_S_DUPLICATE_ELEMENT error will be returned. If default_cred -is true, the primary cache of the collection will be switched to the -selected cache.

-
-
-

Importing and exporting credentials¶

-

The following GSSAPI extensions can be used to import and export -credentials (declared in <gssapi/gssapi_ext.h>):

-
OM_uint32 gss_export_cred(OM_uint32 *minor_status,
-                          gss_cred_id_t cred_handle,
-                          gss_buffer_t token);
-
-OM_uint32 gss_import_cred(OM_uint32 *minor_status,
-                          gss_buffer_t token,
-                          gss_cred_id_t *cred_handle);
-
-
-

The first function serializes a GSSAPI credential handle into a -buffer; the second unseralizes a buffer into a GSSAPI credential -handle. Serializing a credential does not destroy it. If any of the -mechanisms used in cred_handle do not support serialization, -gss_export_cred will return GSS_S_UNAVAILABLE. As with other -GSSAPI serialization functions, these extensions are only intended to -work with a matching implementation on the other side; they do not -serialize credentials in a standardized format.

-

A serialized credential may contain secret information such as ticket -session keys. The serialization format does not protect this -information from eavesdropping or tampering. The calling application -must take care to protect the serialized credential when communicating -it over an insecure channel or to an untrusted party.

-

A krb5 GSSAPI credential may contain references to a credential cache, -a client keytab, an acceptor keytab, and a replay cache. These -resources are normally serialized as references to their external -locations (such as the filename of the credential cache). Because of -this, a serialized krb5 credential can only be imported by a process -with similar privileges to the exporter. A serialized credential -should not be trusted if it originates from a source with lower -privileges than the importer, as it may contain references to external -credential cache, keytab, or replay cache resources not accessible to -the originator.

-

An exception to the above rule applies when a krb5 GSSAPI credential -refers to a memory credential cache, as is normally the case for -delegated credentials received by gss_accept_sec_context. In this -case, the contents of the credential cache are serialized, so that the -resulting token may be imported even if the original memory credential -cache no longer exists.

-
-
-

Constrained delegation (S4U)¶

-

The Microsoft S4U2Self and S4U2Proxy Kerberos protocol extensions -allow an intermediate service to acquire credentials from a client to -a target service without requiring the client to delegate a -ticket-granting ticket, if the KDC is configured to allow it.

-

To perform a constrained delegation operation, the intermediate -service must submit to the KDC an “evidence ticket†from the client to -the intermediate service. An evidence ticket can be acquired when the -client authenticates to the intermediate service with Kerberos, or -with an S4U2Self request if the KDC allows it. The MIT krb5 GSSAPI -library represents an evidence ticket using a “proxy credentialâ€, -which is a special kind of gss_cred_id_t object whose underlying -credential cache contains the evidence ticket and a krbtgt ticket for -the intermediate service.

-

To acquire a proxy credential during client authentication, the -service should first create an acceptor credential using the -GSS_C_BOTH usage. The application should then pass this -credential as the acceptor_cred_handle to gss_accept_sec_context, -and also pass a delegated_cred_handle output parameter to receive a -proxy credential containing the evidence ticket. The output value of -delegated_cred_handle may be a delegated ticket-granting ticket if -the client sent one, or a proxy credential if not. If the library can -determine that the client’s ticket is not a valid evidence ticket, it -will place GSS_C_NO_CREDENTIAL in delegated_cred_handle.

-

To acquire a proxy credential using an S4U2Self request, the service -can use the following GSSAPI extension:

-
OM_uint32 gss_acquire_cred_impersonate_name(OM_uint32 *minor_status,
-                                            gss_cred_id_t icred,
-                                            gss_name_t desired_name,
-                                            OM_uint32 time_req,
-                                            gss_OID_set desired_mechs,
-                                            gss_cred_usage_t cred_usage,
-                                            gss_cred_id_t *output_cred,
-                                            gss_OID_set *actual_mechs,
-                                            OM_uint32 *time_rec);
-
-
-

The parameters to this function are similar to those of -gss_acquire_cred, except that icred is used to make an S4U2Self -request to the KDC for a ticket from desired_name to the -intermediate service. Both icred and desired_name are required -for this function; passing GSS_C_NO_CREDENTIAL or -GSS_C_NO_NAME will cause the call to fail. icred must contain a -krbtgt ticket for the intermediate service. The result of this -operation is a proxy credential. (Prior to release 1.18, the result -of this operation may be a regular credential for desired_name, if -the KDC issues a non-forwardable ticket.)

-

Once the intermediate service has a proxy credential, it can simply -pass it to gss_init_sec_context as the initiator_cred_handle -parameter, and the desired service as the target_name parameter. -The GSSAPI library will present the krbtgt ticket and evidence ticket -in the proxy credential to the KDC in an S4U2Proxy request; if the -intermediate service has the appropriate permissions, the KDC will -issue a ticket from the client to the target service. The GSSAPI -library will then use this ticket to authenticate to the target -service.

-

If an application needs to find out whether a credential it holds is a -proxy credential and the name of the intermediate service, it can -query the credential with the GSS_KRB5_GET_CRED_IMPERSONATOR OID -(new in release 1.16, declared in <gssapi/gssapi_krb5.h>) using -the gss_inquire_cred_by_oid extension (declared in -<gssapi/gssapi_ext.h>):

-
OM_uint32 gss_inquire_cred_by_oid(OM_uint32 *minor_status,
-                                  const gss_cred_id_t cred_handle,
-                                  gss_OID desired_object,
-                                  gss_buffer_set_t *data_set);
-
-
-

If the call succeeds and cred_handle is a proxy credential, -data_set will be set to a single-element buffer set containing the -unparsed principal name of the intermediate service. If cred_handle -is not a proxy credential, data_set will be set to an empty buffer -set. If the library does not support the query, -gss_inquire_cred_by_oid will return GSS_S_UNAVAILABLE.

-
-
-

AEAD message wrapping¶

-

The following GSSAPI extensions (declared in -<gssapi/gssapi_ext.h>) can be used to wrap and unwrap messages -with additional “associated data†which is integrity-checked but is -not included in the output buffer:

-
OM_uint32 gss_wrap_aead(OM_uint32 *minor_status,
-                        gss_ctx_id_t context_handle,
-                        int conf_req_flag, gss_qop_t qop_req,
-                        gss_buffer_t input_assoc_buffer,
-                        gss_buffer_t input_payload_buffer,
-                        int *conf_state,
-                        gss_buffer_t output_message_buffer);
-
-OM_uint32 gss_unwrap_aead(OM_uint32 *minor_status,
-                          gss_ctx_id_t context_handle,
-                          gss_buffer_t input_message_buffer,
-                          gss_buffer_t input_assoc_buffer,
-                          gss_buffer_t output_payload_buffer,
-                          int *conf_state,
-                          gss_qop_t *qop_state);
-
-
-

Wrap tokens created with gss_wrap_aead will successfully unwrap only -if the same input_assoc_buffer contents are presented to -gss_unwrap_aead.

-
-
-

IOV message wrapping¶

-

The following extensions (declared in <gssapi/gssapi_ext.h>) can -be used for in-place encryption, fine-grained control over wrap token -layout, and for constructing wrap tokens compatible with Microsoft DCE -RPC:

-
typedef struct gss_iov_buffer_desc_struct {
-    OM_uint32 type;
-    gss_buffer_desc buffer;
-} gss_iov_buffer_desc, *gss_iov_buffer_t;
-
-OM_uint32 gss_wrap_iov(OM_uint32 *minor_status,
-                       gss_ctx_id_t context_handle,
-                       int conf_req_flag, gss_qop_t qop_req,
-                       int *conf_state,
-                       gss_iov_buffer_desc *iov, int iov_count);
-
-OM_uint32 gss_unwrap_iov(OM_uint32 *minor_status,
-                         gss_ctx_id_t context_handle,
-                         int *conf_state, gss_qop_t *qop_state,
-                         gss_iov_buffer_desc *iov, int iov_count);
-
-OM_uint32 gss_wrap_iov_length(OM_uint32 *minor_status,
-                              gss_ctx_id_t context_handle,
-                              int conf_req_flag,
-                              gss_qop_t qop_req, int *conf_state,
-                              gss_iov_buffer_desc *iov,
-                              int iov_count);
-
-OM_uint32 gss_release_iov_buffer(OM_uint32 *minor_status,
-                                 gss_iov_buffer_desc *iov,
-                                 int iov_count);
-
-
-

The caller of gss_wrap_iov provides an array of gss_iov_buffer_desc -structures, each containing a type and a gss_buffer_desc structure. -Valid types include:

-
    -
  • GSS_C_BUFFER_TYPE_DATA: A data buffer to be included in the -token, and to be encrypted or decrypted in-place if the token is -confidentiality-protected.

  • -
  • GSS_C_BUFFER_TYPE_HEADER: The GSSAPI wrap token header and -underlying cryptographic header.

  • -
  • GSS_C_BUFFER_TYPE_TRAILER: The cryptographic trailer, if one is -required.

  • -
  • GSS_C_BUFFER_TYPE_PADDING: Padding to be combined with the data -during encryption and decryption. (The implementation may choose to -place padding in the trailer buffer, in which case it will set the -padding buffer length to 0.)

  • -
  • GSS_C_BUFFER_TYPE_STREAM: For unwrapping only, a buffer -containing a complete wrap token in standard format to be unwrapped.

  • -
  • GSS_C_BUFFER_TYPE_SIGN_ONLY: A buffer to be included in the -token’s integrity protection checksum, but not to be encrypted or -included in the token itself.

  • -
-

For gss_wrap_iov, the IOV list should contain one HEADER buffer, -followed by zero or more SIGN_ONLY buffers, followed by one or more -DATA buffers, followed by a TRAILER buffer. The memory pointed to by -the buffers is not required to be contiguous or in any particular -order. If conf_req_flag is true, DATA buffers will be encrypted -in-place, while SIGN_ONLY buffers will not be modified.

-

The type of an output buffer may be combined with -GSS_C_BUFFER_FLAG_ALLOCATE to request that gss_wrap_iov allocate -the buffer contents. If gss_wrap_iov allocates a buffer, it sets the -GSS_C_BUFFER_FLAG_ALLOCATED flag on the buffer type. -gss_release_iov_buffer can be used to release all allocated buffers -within an iov list and unset their allocated flags. Here is an -example of how gss_wrap_iov can be used with allocation requested -(ctx is assumed to be a previously established gss_ctx_id_t):

-
OM_uint32 major, minor;
-gss_iov_buffer_desc iov[4];
-char str[] = "message";
-
-iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE;
-iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
-iov[1].buffer.value = str;
-iov[1].buffer.length = strlen(str);
-iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING | GSS_IOV_BUFFER_FLAG_ALLOCATE;
-iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER | GSS_IOV_BUFFER_FLAG_ALLOCATE;
-
-major = gss_wrap_iov(&minor, ctx, 1, GSS_C_QOP_DEFAULT, NULL,
-                     iov, 4);
-if (GSS_ERROR(major))
-    handle_error(major, minor);
-
-/* Transmit or otherwise use resulting buffers. */
-
-(void)gss_release_iov_buffer(&minor, iov, 4);
-
-
-

If the caller does not choose to request buffer allocation by -gss_wrap_iov, it should first call gss_wrap_iov_length to query the -lengths of the HEADER, PADDING, and TRAILER buffers. DATA buffers -must be provided in the iov list so that padding length can be -computed correctly, but the output buffers need not be initialized. -Here is an example of using gss_wrap_iov_length and gss_wrap_iov:

-
OM_uint32 major, minor;
-gss_iov_buffer_desc iov[4];
-char str[1024] = "message", *ptr;
-
-iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
-iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
-iov[1].buffer.value = str;
-iov[1].buffer.length = strlen(str);
-
-iov[2].type = GSS_IOV_BUFFER_TYPE_PADDING;
-iov[3].type = GSS_IOV_BUFFER_TYPE_TRAILER;
-
-major = gss_wrap_iov_length(&minor, ctx, 1, GSS_C_QOP_DEFAULT,
-                            NULL, iov, 4);
-if (GSS_ERROR(major))
-    handle_error(major, minor);
-if (strlen(str) + iov[0].buffer.length + iov[2].buffer.length +
-    iov[3].buffer.length > sizeof(str))
-    handle_out_of_space_error();
-ptr = str + strlen(str);
-iov[0].buffer.value = ptr;
-ptr += iov[0].buffer.length;
-iov[2].buffer.value = ptr;
-ptr += iov[2].buffer.length;
-iov[3].buffer.value = ptr;
-
-major = gss_wrap_iov(&minor, ctx, 1, GSS_C_QOP_DEFAULT, NULL,
-                     iov, 4);
-if (GSS_ERROR(major))
-    handle_error(major, minor);
-
-
-

If the context was established using the GSS_C_DCE_STYLE flag -(described in RFC 4757), wrap tokens compatible with Microsoft DCE -RPC can be constructed. In this case, the IOV list must include a -SIGN_ONLY buffer, a DATA buffer, a second SIGN_ONLY buffer, and a -HEADER buffer in that order (the order of the buffer contents remains -arbitrary). The application must pad the DATA buffer to a multiple of -16 bytes as no padding or trailer buffer is used.

-

gss_unwrap_iov may be called with an IOV list just like one which -would be provided to gss_wrap_iov. DATA buffers will be decrypted -in-place if they were encrypted, and SIGN_ONLY buffers will not be -modified.

-

Alternatively, gss_unwrap_iov may be called with a single STREAM -buffer, zero or more SIGN_ONLY buffers, and a single DATA buffer. The -STREAM buffer is interpreted as a complete wrap token. The STREAM -buffer will be modified in-place to decrypt its contents. The DATA -buffer will be initialized to point to the decrypted data within the -STREAM buffer, unless it has the GSS_C_BUFFER_FLAG_ALLOCATE flag -set, in which case it will be initialized with a copy of the decrypted -data. Here is an example (token and token_len are assumed to be a -pre-existing pointer and length for a modifiable region of data):

-
OM_uint32 major, minor;
-gss_iov_buffer_desc iov[2];
-
-iov[0].type = GSS_IOV_BUFFER_TYPE_STREAM;
-iov[0].buffer.value = token;
-iov[0].buffer.length = token_len;
-iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
-major = gss_unwrap_iov(&minor, ctx, NULL, NULL, iov, 2);
-if (GSS_ERROR(major))
-    handle_error(major, minor);
-
-/* Decrypted data is in iov[1].buffer, pointing to a subregion of
- * token. */
-
-
-
-
-

IOV MIC tokens¶

-

The following extensions (declared in <gssapi/gssapi_ext.h>) can -be used in release 1.12 or later to construct and verify MIC tokens -using an IOV list:

-
OM_uint32 gss_get_mic_iov(OM_uint32 *minor_status,
-                          gss_ctx_id_t context_handle,
-                          gss_qop_t qop_req,
-                          gss_iov_buffer_desc *iov,
-                          int iov_count);
-
-OM_uint32 gss_get_mic_iov_length(OM_uint32 *minor_status,
-                                 gss_ctx_id_t context_handle,
-                                 gss_qop_t qop_req,
-                                 gss_iov_buffer_desc *iov,
-                                 iov_count);
-
-OM_uint32 gss_verify_mic_iov(OM_uint32 *minor_status,
-                             gss_ctx_id_t context_handle,
-                             gss_qop_t *qop_state,
-                             gss_iov_buffer_desc *iov,
-                             int iov_count);
-
-
-

The caller of gss_get_mic_iov provides an array of gss_iov_buffer_desc -structures, each containing a type and a gss_buffer_desc structure. -Valid types include:

-
    -
  • GSS_C_BUFFER_TYPE_DATA and GSS_C_BUFFER_TYPE_SIGN_ONLY: The -corresponding buffer for each of these types will be signed for the -MIC token, in the order provided.

  • -
  • GSS_C_BUFFER_TYPE_MIC_TOKEN: The GSSAPI MIC token.

  • -
-

The type of the MIC_TOKEN buffer may be combined with -GSS_C_BUFFER_FLAG_ALLOCATE to request that gss_get_mic_iov -allocate the buffer contents. If gss_get_mic_iov allocates the -buffer, it sets the GSS_C_BUFFER_FLAG_ALLOCATED flag on the buffer -type. gss_release_iov_buffer can be used to release all allocated -buffers within an iov list and unset their allocated flags. Here is -an example of how gss_get_mic_iov can be used with allocation -requested (ctx is assumed to be a previously established -gss_ctx_id_t):

-
OM_uint32 major, minor;
-gss_iov_buffer_desc iov[3];
-
-iov[0].type = GSS_IOV_BUFFER_TYPE_DATA;
-iov[0].buffer.value = "sign1";
-iov[0].buffer.length = 5;
-iov[1].type = GSS_IOV_BUFFER_TYPE_SIGN_ONLY;
-iov[1].buffer.value = "sign2";
-iov[1].buffer.length = 5;
-iov[2].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN | GSS_IOV_BUFFER_FLAG_ALLOCATE;
-
-major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 3);
-if (GSS_ERROR(major))
-    handle_error(major, minor);
-
-/* Transmit or otherwise use iov[2].buffer. */
-
-(void)gss_release_iov_buffer(&minor, iov, 3);
-
-
-

If the caller does not choose to request buffer allocation by -gss_get_mic_iov, it should first call gss_get_mic_iov_length to query -the length of the MIC_TOKEN buffer. Here is an example of using -gss_get_mic_iov_length and gss_get_mic_iov:

-
OM_uint32 major, minor;
-gss_iov_buffer_desc iov[2];
-char data[1024];
-
-iov[0].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN;
-iov[1].type = GSS_IOV_BUFFER_TYPE_DATA;
-iov[1].buffer.value = "message";
-iov[1].buffer.length = 7;
-
-major = gss_get_mic_iov_length(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2);
-if (GSS_ERROR(major))
-    handle_error(major, minor);
-if (iov[0].buffer.length > sizeof(data))
-    handle_out_of_space_error();
-iov[0].buffer.value = data;
-
-major = gss_get_mic_iov(&minor, ctx, GSS_C_QOP_DEFAULT, iov, 2);
-if (GSS_ERROR(major))
-    handle_error(major, minor);
-
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/h5l_mit_apidiff.html b/krb5-1.21.3/doc/html/appdev/h5l_mit_apidiff.html deleted file mode 100644 index 4894254a..00000000 --- a/krb5-1.21.3/doc/html/appdev/h5l_mit_apidiff.html +++ /dev/null @@ -1,177 +0,0 @@ - - - - - - - - - Differences between Heimdal and MIT Kerberos API — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Differences between Heimdal and MIT Kerberos API¶

- ---- - - - - - - - - - - - - - - - - - - - - - - - - - - -

krb5_auth_con_getaddrs()

H5l: If either of the pointers to local_addr -and remote_addr is not NULL, it is freed -first and then reallocated before being -populated with the content of corresponding -address from authentication context.

krb5_auth_con_setaddrs()

H5l: If either address is NULL, the previous -address remains in place

krb5_auth_con_setports()

H5l: Not implemented as of version 1.3.3

krb5_auth_con_setrecvsubkey()

H5l: If either port is NULL, the previous -port remains in place

krb5_auth_con_setsendsubkey()

H5l: Not implemented as of version 1.3.3

krb5_cc_set_config()

MIT: Before version 1.10 it was assumed that -the last argument data is ALWAYS non-zero.

krb5_cccol_last_change_time()

MIT: not implemented

krb5_set_default_realm()

H5l: Caches the computed default realm context -field. If the second argument is NULL, -it tries to retrieve it from libdefaults or DNS. -MIT: Computes the default realm each time -if it wasn’t explicitly set in the context

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/index.html b/krb5-1.21.3/doc/html/appdev/index.html deleted file mode 100644 index a776af53..00000000 --- a/krb5-1.21.3/doc/html/appdev/index.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - For application developers — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/init_creds.html b/krb5-1.21.3/doc/html/appdev/init_creds.html deleted file mode 100644 index 8822189c..00000000 --- a/krb5-1.21.3/doc/html/appdev/init_creds.html +++ /dev/null @@ -1,433 +0,0 @@ - - - - - - - - - Initial credentials — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Initial credentials¶

-

Software that performs tasks such as logging users into a computer -when they type their Kerberos password needs to get initial -credentials (usually ticket granting tickets) from Kerberos. Such -software shares some behavior with the kinit program.

-

Whenever a program grants access to a resource (such as a local login -session on a desktop computer) based on a user successfully getting -initial Kerberos credentials, it must verify those credentials against -a secure shared secret (e.g., a host keytab) to ensure that the user -credentials actually originate from a legitimate KDC. Failure to -perform this verification is a critical vulnerability, because a -malicious user can execute the “Zanarotti attackâ€: the user constructs -a fake response that appears to come from the legitimate KDC, but -whose contents come from an attacker-controlled KDC.

-

Some applications read a Kerberos password over the network (ideally -over a secure channel), which they then verify against the KDC. While -this technique may be the only practical way to integrate Kerberos -into some existing legacy systems, its use is contrary to the original -design goals of Kerberos.

-

The function krb5_get_init_creds_password() will get initial -credentials for a client using a password. An application that needs -to verify the credentials can call krb5_verify_init_creds(). -Here is an example of code to obtain and verify TGT credentials, given -strings princname and password for the client principal name and -password:

-
krb5_error_code ret;
-krb5_creds creds;
-krb5_principal client_princ = NULL;
-
-memset(&creds, 0, sizeof(creds));
-ret = krb5_parse_name(context, princname, &client_princ);
-if (ret)
-    goto cleanup;
-ret = krb5_get_init_creds_password(context, &creds, client_princ,
-                                   password, NULL, NULL, 0, NULL, NULL);
-if (ret)
-    goto cleanup;
-ret = krb5_verify_init_creds(context, &creds, NULL, NULL, NULL, NULL);
-
-cleanup:
-krb5_free_principal(context, client_princ);
-krb5_free_cred_contents(context, &creds);
-return ret;
-
-
-
-

Options for get_init_creds¶

-

The function krb5_get_init_creds_password() takes an options -parameter (which can be a null pointer). Use the function -krb5_get_init_creds_opt_alloc() to allocate an options -structure, and krb5_get_init_creds_opt_free() to free it. For -example:

-
krb5_error_code ret;
-krb5_get_init_creds_opt *opt = NULL;
-krb5_creds creds;
-
-memset(&creds, 0, sizeof(creds));
-ret = krb5_get_init_creds_opt_alloc(context, &opt);
-if (ret)
-    goto cleanup;
-krb5_get_init_creds_opt_set_tkt_life(opt, 24 * 60 * 60);
-ret = krb5_get_init_creds_password(context, &creds, client_princ,
-                                   password, NULL, NULL, 0, NULL, opt);
-if (ret)
-    goto cleanup;
-
-cleanup:
-krb5_get_init_creds_opt_free(context, opt);
-krb5_free_cred_contents(context, &creds);
-return ret;
-
-
-
-
-

Getting anonymous credentials¶

-

As of release 1.8, it is possible to obtain fully anonymous or -partially anonymous (realm-exposed) credentials, if the KDC supports -it. The MIT KDC supports issuing fully anonymous credentials as of -release 1.8 if configured appropriately (see Anonymous PKINIT), -but does not support issuing realm-exposed anonymous credentials at -this time.

-

To obtain fully anonymous credentials, call -krb5_get_init_creds_opt_set_anonymous() on the options -structure to set the anonymous flag, and specify a client principal -with the KDC’s realm and a single empty data component (the principal -obtained by parsing @realmname). Authentication will take -place using anonymous PKINIT; if successful, the client principal of -the resulting tickets will be -WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS. Here is an example:

-
krb5_get_init_creds_opt_set_anonymous(opt, 1);
-ret = krb5_build_principal(context, &client_princ, strlen(myrealm),
-                           myrealm, "", (char *)NULL);
-if (ret)
-    goto cleanup;
-ret = krb5_get_init_creds_password(context, &creds, client_princ,
-                                   password, NULL, NULL, 0, NULL, opt);
-if (ret)
-    goto cleanup;
-
-
-

To obtain realm-exposed anonymous credentials, set the anonymous flag -on the options structure as above, but specify a normal client -principal in order to prove membership in the realm. Authentication -will take place as it normally does; if successful, the client -principal of the resulting tickets will be WELLKNOWN/ANONYMOUS@realmname.

-
-
-

User interaction¶

-

Authenticating a user usually requires the entry of secret -information, such as a password. A password can be supplied directly -to krb5_get_init_creds_password() via the password -parameter, or the application can supply prompter and/or responder -callbacks instead. If callbacks are used, the user can also be -queried for other secret information such as a PIN, informed of -impending password expiration, or prompted to change a password which -has expired.

-
-

Prompter callback¶

-

A prompter callback can be specified via the prompter and data -parameters to krb5_get_init_creds_password(). The prompter -will be invoked each time the krb5 library has a question to ask or -information to present. When the prompter callback is invoked, the -banner argument (if not null) is intended to be displayed to the -user, and the questions to be answered are specified in the prompts -array. Each prompt contains a text question in the prompt field, a -hidden bit to indicate whether the answer should be hidden from -display, and a storage area for the answer in the reply field. The -callback should fill in each question’s reply->data with the -answer, up to a maximum number of reply->length bytes, and then -reset reply->length to the length of the answer.

-

A prompter callback can call krb5_get_prompt_types() to get an -array of type constants corresponding to the prompts, to get -programmatic information about the semantic meaning of the questions. -krb5_get_prompt_types() may return a null pointer if no prompt -type information is available.

-

Text-based applications can use a built-in text prompter -implementation by supplying krb5_prompter_posix() as the -prompter parameter and a null pointer as the data parameter. For -example:

-
ret = krb5_get_init_creds_password(context, &creds, client_princ,
-                                   NULL, krb5_prompter_posix, NULL, 0,
-                                   NULL, NULL);
-
-
-
-
-

Responder callback¶

-

A responder callback can be specified through the init_creds options -using the krb5_get_init_creds_opt_set_responder() function. -Responder callbacks can present a more sophisticated user interface -for authentication secrets. The responder callback is usually invoked -only once per authentication, with a list of questions produced by all -of the allowed preauthentication mechanisms.

-

When the responder callback is invoked, the rctx argument can be -accessed to obtain the list of questions and to answer them. The -krb5_responder_list_questions() function retrieves an array of -question types. For each question type, the -krb5_responder_get_challenge() function retrieves additional -information about the question, if applicable, and the -krb5_responder_set_answer() function sets the answer.

-

Responder question types, challenges, and answers are UTF-8 strings. -The question type is a well-known string; the meaning of the challenge -and answer depend on the question type. If an application does not -understand a question type, it cannot interpret the challenge or -provide an answer. Failing to answer a question typically results in -the prompter callback being used as a fallback.

-
-

Password question¶

-

The KRB5_RESPONDER_QUESTION_PASSWORD (or "password") -question type requests the user’s password. This question does not -have a challenge, and the response is simply the password string.

-
-
-

One-time password question¶

-

The KRB5_RESPONDER_QUESTION_OTP (or "otp") question -type requests a choice among one-time password tokens and the PIN and -value for the chosen token. The challenge and answer are JSON-encoded -strings, but an application can use convenience functions to avoid -doing any JSON processing itself.

-

The krb5_responder_otp_get_challenge() function decodes the -challenge into a krb5_responder_otp_challenge structure. The -krb5_responder_otp_set_answer() function selects one of the -token information elements from the challenge and supplies the value -and pin for that token.

-
-
-

PKINIT password or PIN question¶

-

The KRB5_RESPONDER_QUESTION_PKINIT (or "pkinit") question -type requests PINs for hardware devices and/or passwords for encrypted -credentials which are stored on disk, potentially also supplying -information about the state of the hardware devices. The challenge and -answer are JSON-encoded strings, but an application can use convenience -functions to avoid doing any JSON processing itself.

-

The krb5_responder_pkinit_get_challenge() function decodes the -challenges into a krb5_responder_pkinit_challenge structure. The -krb5_responder_pkinit_set_answer() function can be used to -supply the PIN or password for a particular client credential, and can -be called multiple times.

-
-
-

Example¶

-

Here is an example of using a responder callback:

-
static krb5_error_code
-my_responder(krb5_context context, void *data,
-             krb5_responder_context rctx)
-{
-    krb5_error_code ret;
-    krb5_responder_otp_challenge *chl;
-
-    if (krb5_responder_get_challenge(context, rctx,
-                                     KRB5_RESPONDER_QUESTION_PASSWORD)) {
-        ret = krb5_responder_set_answer(context, rctx,
-                                        KRB5_RESPONDER_QUESTION_PASSWORD,
-                                        "open sesame");
-        if (ret)
-            return ret;
-    }
-    ret = krb5_responder_otp_get_challenge(context, rctx, &chl);
-    if (ret == 0 && chl != NULL) {
-        ret = krb5_responder_otp_set_answer(context, rctx, 0, "1234",
-                                            NULL);
-        krb5_responder_otp_challenge_free(context, rctx, chl);
-        if (ret)
-            return ret;
-    }
-    return 0;
-}
-
-static krb5_error_code
-get_creds(krb5_context context, krb5_principal client_princ)
-{
-    krb5_error_code ret;
-    krb5_get_init_creds_opt *opt = NULL;
-    krb5_creds creds;
-
-    memset(&creds, 0, sizeof(creds));
-    ret = krb5_get_init_creds_opt_alloc(context, &opt);
-    if (ret)
-        goto cleanup;
-    ret = krb5_get_init_creds_opt_set_responder(context, opt, my_responder,
-                                                NULL);
-    if (ret)
-        goto cleanup;
-    ret = krb5_get_init_creds_password(context, &creds, client_princ,
-                                       NULL, NULL, NULL, 0, NULL, opt);
-
-cleanup:
-    krb5_get_init_creds_opt_free(context, opt);
-    krb5_free_cred_contents(context, &creds);
-    return ret;
-}
-
-
-
-
-
-
-

Verifying initial credentials¶

-

Use the function krb5_verify_init_creds() to verify initial -credentials. It takes an options structure (which can be a null -pointer). Use krb5_verify_init_creds_opt_init() to initialize -the caller-allocated options structure, and -krb5_verify_init_creds_opt_set_ap_req_nofail() to set the -“nofail†option. For example:

-
krb5_verify_init_creds_opt vopt;
-
-krb5_verify_init_creds_opt_init(&vopt);
-krb5_verify_init_creds_opt_set_ap_req_nofail(&vopt, 1);
-ret = krb5_verify_init_creds(context, &creds, NULL, NULL, NULL, &vopt);
-
-
-

The confusingly named “nofail†option, when set, means that the -verification must actually succeed in order for -krb5_verify_init_creds() to indicate success. The default -state of this option (cleared) means that if there is no key material -available to verify the user credentials, the verification will -succeed anyway. (The default can be changed by a configuration file -setting.)

-

This accommodates a use case where a large number of unkeyed shared -desktop workstations need to allow users to log in using Kerberos. -The security risks from this practice are mitigated by the absence of -valuable state on the shared workstations—any valuable resources -that the users would access reside on networked servers.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/princ_handle.html b/krb5-1.21.3/doc/html/appdev/princ_handle.html deleted file mode 100644 index ec58321a..00000000 --- a/krb5-1.21.3/doc/html/appdev/princ_handle.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - Principal manipulation and parsing — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/index.html b/krb5-1.21.3/doc/html/appdev/refs/api/index.html deleted file mode 100644 index 93ee0b7d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/index.html +++ /dev/null @@ -1,553 +0,0 @@ - - - - - - - - - krb5 API — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5 API¶

-
-

Frequently used public interfaces¶

-
- -
-
-
-

Rarely used public interfaces¶

-
- -
-
-
-

Public interfaces that should not be called directly¶

-
- -
-
-
-

Legacy convenience interfaces¶

- -
-
-

Deprecated public interfaces¶

- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_425_conv_principal.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_425_conv_principal.html deleted file mode 100644 index 036e97f2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_425_conv_principal.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_425_conv_principal - Convert a Kerberos V4 principal to a Kerberos V5 principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_425_conv_principal - Convert a Kerberos V4 principal to a Kerberos V5 principal.¶

-
-
-krb5_error_code krb5_425_conv_principal(krb5_context context, const char *name, const char *instance, const char *realm, krb5_principal *princ)¶
-
- -
-
param
-

[in] context - Library context

-

[in] name - V4 name

-

[in] instance - V4 instance

-

[in] realm - Realm

-

[out] princ - V5 principal

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function builds a princ from V4 specification based on given input name.instance@realm .

-

Use krb5_free_principal() to free princ when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_524_conv_principal.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_524_conv_principal.html deleted file mode 100644 index 3d67076a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_524_conv_principal.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_524_conv_principal - Convert a Kerberos V5 principal to a Kerberos V4 principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_524_conv_principal - Convert a Kerberos V5 principal to a Kerberos V4 principal.¶

-
-
-krb5_error_code krb5_524_conv_principal(krb5_context context, krb5_const_principal princ, char *name, char *inst, char *realm)¶
-
- -
-
param
-

[in] context - Library context

-

[in] princ - V5 Principal

-

[out] name - V4 principal’s name to be filled in

-

[out] inst - V4 principal’s instance name to be filled in

-

[out] realm - Principal’s realm name to be filled in

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KRB5_INVALID_PRINCIPAL Invalid principal name

  • -
  • KRB5_CONFIG_CANTOPEN Can’t open or find Kerberos configuration file

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function separates a V5 principal princ into name , instance , and realm .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_524_convert_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_524_convert_creds.html deleted file mode 100644 index 1e0e7f03..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_524_convert_creds.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_524_convert_creds - Convert a Kerberos V5 credentials to a Kerberos V4 credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_524_convert_creds - Convert a Kerberos V5 credentials to a Kerberos V4 credentials.¶

-
-
-int krb5_524_convert_creds(krb5_context context, krb5_creds *v5creds, struct credentials *v4creds)¶
-
- -
-
param
-

context

-

v5creds

-

v4creds

-
-
-
-
retval
-
    -
  • KRB524_KRB4_DISABLED (always)

  • -
-
-
-
-

Note

-

Not implemented

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_compare.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_compare.html deleted file mode 100644 index 61566692..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_compare.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_address_compare - Compare two Kerberos addresses. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_address_compare - Compare two Kerberos addresses.¶

-
-
-krb5_boolean krb5_address_compare(krb5_context context, const krb5_address *addr1, const krb5_address *addr2)¶
-
- -
-
param
-

[in] context - Library context

-

[in] addr1 - First address to be compared

-

[in] addr2 - Second address to be compared

-
-
-
-
return
-
    -
  • TRUE if the addresses are the same, FALSE otherwise

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_order.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_order.html deleted file mode 100644 index aee5c35c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_order.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_address_order - Return an ordering of the specified addresses. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_address_order - Return an ordering of the specified addresses.¶

-
-
-int krb5_address_order(krb5_context context, const krb5_address *addr1, const krb5_address *addr2)¶
-
- -
-
param
-

[in] context - Library context

-

[in] addr1 - First address

-

[in] addr2 - Second address

-
-
-
-
retval
-
    -
  • 0 if The two addresses are the same

  • -
  • < 0 First address is less than second

  • -
  • > 0 First address is greater than second

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_search.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_search.html deleted file mode 100644 index 842da157..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_address_search.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_address_search - Search a list of addresses for a specified address. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_address_search - Search a list of addresses for a specified address.¶

-
- -
- -
-
param
-

[in] context - Library context

-

[in] addr - Address to search for

-

[in] addrlist - Address list to be searched (or NULL)

-
-
-
-
return
-
    -
  • TRUE if addr is listed in addrlist , or addrlist is NULL; FALSE otherwise

  • -
-
-
-
-

Note

-

If addrlist contains only a NetBIOS addresses, it will be treated as a null list.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_allow_weak_crypto.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_allow_weak_crypto.html deleted file mode 100644 index 2f0509f5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_allow_weak_crypto.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_allow_weak_crypto - Allow the application to override the profile’s allow_weak_crypto setting.¶

-
-
-krb5_error_code krb5_allow_weak_crypto(krb5_context context, krb5_boolean enable)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enable - Boolean flag

-
-
-
-
retval
-
    -
  • 0 (always)

  • -
-
-
-

This function allows an application to override the allow_weak_crypto setting. It is primarily for use by aklog.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_aname_to_localname.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_aname_to_localname.html deleted file mode 100644 index f3bd88ec..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_aname_to_localname.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_aname_to_localname - Convert a principal name to a local name. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_aname_to_localname - Convert a principal name to a local name.¶

-
-
-krb5_error_code krb5_aname_to_localname(krb5_context context, krb5_const_principal aname, int lnsize_in, char *lname)¶
-
- -
-
param
-

[in] context - Library context

-

[in] aname - Principal name

-

[in] lnsize_in - Space available in lname

-

[out] lname - Local name buffer to be filled in

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • System errors

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

If aname does not correspond to any local account, KRB5_LNAME_NOTRANS is returned. If lnsize_in is too small for the local name, KRB5_CONFIG_NOTENUFSPACE is returned.

-

Local names, rather than principal names, can be used by programs that translate to an environment-specific name (for example, a user account name).

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_anonymous_principal.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_anonymous_principal.html deleted file mode 100644 index 43176b16..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_anonymous_principal.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_anonymous_principal - Build an anonymous principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_anonymous_realm.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_anonymous_realm.html deleted file mode 100644 index 912343ef..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_anonymous_realm.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_anonymous_realm - Return an anonymous realm data. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_appdefault_boolean.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_appdefault_boolean.html deleted file mode 100644 index 1d669d84..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_appdefault_boolean.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_appdefault_boolean - Retrieve a boolean value from the appdefaults section of krb5.conf. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_appdefault_boolean - Retrieve a boolean value from the appdefaults section of krb5.conf.¶

-
-
-void krb5_appdefault_boolean(krb5_context context, const char *appname, const krb5_data *realm, const char *option, int default_value, int *ret_value)¶
-
- -
-
param
-

[in] context - Library context

-

[in] appname - Application name

-

[in] realm - Realm name

-

[in] option - Option to be checked

-

[in] default_value - Default value to return if no match is found

-

[out] ret_value - Boolean value of option

-
-
-

This function gets the application defaults for option based on the given appname and/or realm .

-
-

See also

-

krb5_appdefault_string()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_appdefault_string.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_appdefault_string.html deleted file mode 100644 index c3c9e8a9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_appdefault_string.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_appdefault_string - Retrieve a string value from the appdefaults section of krb5.conf. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_appdefault_string - Retrieve a string value from the appdefaults section of krb5.conf.¶

-
-
-void krb5_appdefault_string(krb5_context context, const char *appname, const krb5_data *realm, const char *option, const char *default_value, char **ret_value)¶
-
- -
-
param
-

[in] context - Library context

-

[in] appname - Application name

-

[in] realm - Realm name

-

[in] option - Option to be checked

-

[in] default_value - Default value to return if no match is found

-

[out] ret_value - String value of option

-
-
-

This function gets the application defaults for option based on the given appname and/or realm .

-
-

See also

-

krb5_appdefault_boolean()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_free.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_free.html deleted file mode 100644 index b7aed116..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_free.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_auth_con_free - Free a krb5_auth_context structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_free - Free a krb5_auth_context structure.¶

-
-
-krb5_error_code krb5_auth_con_free(krb5_context context, krb5_auth_context auth_context)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context to be freed

-
-
-
-
retval
-
    -
  • 0 (always)

  • -
-
-
-

This function frees an auth context allocated by krb5_auth_con_init().

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_genaddrs.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_genaddrs.html deleted file mode 100644 index 2d99915c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_genaddrs.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_auth_con_genaddrs - Generate auth context addresses from a connected socket. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_genaddrs - Generate auth context addresses from a connected socket.¶

-
-
-krb5_error_code krb5_auth_con_genaddrs(krb5_context context, krb5_auth_context auth_context, int infd, int flags)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] infd - Connected socket descriptor

-

[in] flags - Flags

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function sets the local and/or remote addresses in auth_context based on the local and remote endpoints of the socket infd . The following flags determine the operations performed:

-
-
    -
  • #KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR Generate local address.

  • -
  • #KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR Generate remote address.

  • -
  • #KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR Generate local address and port.

  • -
  • #KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR Generate remote address and port.

  • -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_get_checksum_func.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_get_checksum_func.html deleted file mode 100644 index ed6064b3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_get_checksum_func.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_get_checksum_func - Get the checksum callback from an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_get_checksum_func - Get the checksum callback from an auth context.¶

-
-
-krb5_error_code krb5_auth_con_get_checksum_func(krb5_context context, krb5_auth_context auth_context, krb5_mk_req_checksum_func *func, void **data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] func - Checksum callback

-

[out] data - Callback argument

-
-
-
-
retval
-
    -
  • 0 (always)

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getaddrs.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getaddrs.html deleted file mode 100644 index 6815e293..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getaddrs.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getaddrs - Retrieve address fields from an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getaddrs - Retrieve address fields from an auth context.¶

-
-
-krb5_error_code krb5_auth_con_getaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address **local_addr, krb5_address **remote_addr)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] local_addr - Local address (NULL if not needed)

-

[out] remote_addr - Remote address (NULL if not needed)

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getauthenticator.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getauthenticator.html deleted file mode 100644 index 55c82200..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getauthenticator.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getauthenticator - Retrieve the authenticator from an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getauthenticator - Retrieve the authenticator from an auth context.¶

-
-
-krb5_error_code krb5_auth_con_getauthenticator(krb5_context context, krb5_auth_context auth_context, krb5_authenticator **authenticator)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] authenticator - Authenticator

-
-
-
-
retval
-
    -
  • 0 Success. Otherwise - Kerberos error codes

  • -
-
-
-

Use krb5_free_authenticator() to free authenticator when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getflags.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getflags.html deleted file mode 100644 index 45879ca4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getflags.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_auth_con_getflags - Retrieve flags from a krb5_auth_context structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getflags - Retrieve flags from a krb5_auth_context structure.¶

-
-
-krb5_error_code krb5_auth_con_getflags(krb5_context context, krb5_auth_context auth_context, krb5_int32 *flags)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] flags - Flags bit mask

-
-
-
-
retval
-
    -
  • 0 (always)

  • -
-
-
-

Valid values for flags are:

-
-
    -
  • #KRB5_AUTH_CONTEXT_DO_TIME Use timestamps

  • -
  • #KRB5_AUTH_CONTEXT_RET_TIME Save timestamps

  • -
  • #KRB5_AUTH_CONTEXT_DO_SEQUENCE Use sequence numbers

  • -
  • #KRB5_AUTH_CONTEXT_RET_SEQUENCE Save sequence numbers

  • -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getkey.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getkey.html deleted file mode 100644 index 0e3216b7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getkey.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getkey - Retrieve the session key from an auth context as a keyblock. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getkey - Retrieve the session key from an auth context as a keyblock.¶

-
-
-krb5_error_code krb5_auth_con_getkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock **keyblock)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] keyblock - Session key

-
-
-
-
retval
-
    -
  • 0 Success. Otherwise - Kerberos error codes

  • -
-
-
-

This function creates a keyblock containing the session key from auth_context . Use krb5_free_keyblock() to free keyblock when it is no longer needed

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getkey_k.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getkey_k.html deleted file mode 100644 index 9a00fefe..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getkey_k.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getkey_k - Retrieve the session key from an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getkey_k - Retrieve the session key from an auth context.¶

-
-
-krb5_error_code krb5_auth_con_getkey_k(krb5_context context, krb5_auth_context auth_context, krb5_key *key)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] key - Session key

-
-
-
-
retval
-
    -
  • 0 (always)

  • -
-
-
-

This function sets key to the session key from auth_context . Use krb5_k_free_key() to release key when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getlocalseqnumber.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getlocalseqnumber.html deleted file mode 100644 index 441299c5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getlocalseqnumber.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getlocalseqnumber - Retrieve the local sequence number from an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getlocalseqnumber - Retrieve the local sequence number from an auth context.¶

-
-
-krb5_error_code krb5_auth_con_getlocalseqnumber(krb5_context context, krb5_auth_context auth_context, krb5_int32 *seqnumber)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] seqnumber - Local sequence number

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Retrieve the local sequence number from auth_context and return it in seqnumber . The #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag must be set in auth_context for this function to be useful.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getlocalsubkey.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getlocalsubkey.html deleted file mode 100644 index dc0b5fe7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getlocalsubkey.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_auth_con_getlocalsubkey — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrcache.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrcache.html deleted file mode 100644 index 0d432a5e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrcache.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getrcache - Retrieve the replay cache from an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getrcache - Retrieve the replay cache from an auth context.¶

-
-
-krb5_error_code krb5_auth_con_getrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache *rcache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] rcache - Replay cache handle

-
-
-
-
retval
-
    -
  • 0 (always)

  • -
-
-
-

This function fetches the replay cache from auth_context . The caller should not close rcache .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrecvsubkey.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrecvsubkey.html deleted file mode 100644 index 38304c09..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrecvsubkey.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getrecvsubkey - Retrieve the receiving subkey from an auth context as a keyblock. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getrecvsubkey - Retrieve the receiving subkey from an auth context as a keyblock.¶

-
-
-krb5_error_code krb5_auth_con_getrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] ac - Authentication context

-

[out] keyblock - Receiving subkey

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a keyblock containing the receiving subkey from auth_context . Use krb5_free_keyblock() to free keyblock when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.html deleted file mode 100644 index 112ea8c6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getrecvsubkey_k.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getrecvsubkey_k - Retrieve the receiving subkey from an auth context as a keyblock. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getrecvsubkey_k - Retrieve the receiving subkey from an auth context as a keyblock.¶

-
-
-krb5_error_code krb5_auth_con_getrecvsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key *key)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] ac - Authentication context

-

[out] key - Receiving subkey

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function sets key to the receiving subkey from auth_context . Use krb5_k_free_key() to release key when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getremoteseqnumber.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getremoteseqnumber.html deleted file mode 100644 index 60c5a7d0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getremoteseqnumber.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getremoteseqnumber - Retrieve the remote sequence number from an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getremoteseqnumber - Retrieve the remote sequence number from an auth context.¶

-
-
-krb5_error_code krb5_auth_con_getremoteseqnumber(krb5_context context, krb5_auth_context auth_context, krb5_int32 *seqnumber)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] seqnumber - Remote sequence number

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Retrieve the remote sequence number from auth_context and return it in seqnumber . The #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag must be set in auth_context for this function to be useful.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getremotesubkey.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getremotesubkey.html deleted file mode 100644 index 76c1d128..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getremotesubkey.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_auth_con_getremotesubkey — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getsendsubkey.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getsendsubkey.html deleted file mode 100644 index efeeb3be..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getsendsubkey.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getsendsubkey - Retrieve the send subkey from an auth context as a keyblock. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getsendsubkey - Retrieve the send subkey from an auth context as a keyblock.¶

-
-
-krb5_error_code krb5_auth_con_getsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock **keyblock)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] ac - Authentication context

-

[out] keyblock - Send subkey

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a keyblock containing the send subkey from auth_context . Use krb5_free_keyblock() to free keyblock when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getsendsubkey_k.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getsendsubkey_k.html deleted file mode 100644 index ddbc602b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_getsendsubkey_k.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_getsendsubkey_k - Retrieve the send subkey from an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_getsendsubkey_k - Retrieve the send subkey from an auth context.¶

-
-
-krb5_error_code krb5_auth_con_getsendsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key *key)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] ac - Authentication context

-

[out] key - Send subkey

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function sets key to the send subkey from auth_context . Use krb5_k_free_key() to release key when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_init.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_init.html deleted file mode 100644 index 69cffb3e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_init.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_auth_con_init - Create and initialize an authentication context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_init - Create and initialize an authentication context.¶

-
-
-krb5_error_code krb5_auth_con_init(krb5_context context, krb5_auth_context *auth_context)¶
-
- -
-
param
-

[in] context - Library context

-

[out] auth_context - Authentication context

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates an authentication context to hold configuration and state relevant to krb5 functions for authenticating principals and protecting messages once authentication has occurred.

-

By default, flags for the context are set to enable the use of the replay cache (#KRB5_AUTH_CONTEXT_DO_TIME), but not sequence numbers. Use krb5_auth_con_setflags() to change the flags.

-

The allocated auth_context must be freed with krb5_auth_con_free() when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_initivector.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_initivector.html deleted file mode 100644 index 03000f72..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_initivector.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_auth_con_initivector - Cause an auth context to use cipher state. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_initivector - Cause an auth context to use cipher state.¶

-
-
-krb5_error_code krb5_auth_con_initivector(krb5_context context, krb5_auth_context auth_context)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Prepare auth_context to use cipher state when krb5_mk_priv() or krb5_rd_priv() encrypt or decrypt data.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_set_checksum_func.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_set_checksum_func.html deleted file mode 100644 index f6bdfdbe..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_set_checksum_func.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_auth_con_set_checksum_func - Set a checksum callback in an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_set_checksum_func - Set a checksum callback in an auth context.¶

-
-
-krb5_error_code krb5_auth_con_set_checksum_func(krb5_context context, krb5_auth_context auth_context, krb5_mk_req_checksum_func func, void *data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] func - Checksum callback

-

[in] data - Callback argument

-
-
-
-
retval
-
    -
  • 0 (always)

  • -
-
-
-

Set a callback to obtain checksum data in krb5_mk_req(). The callback will be invoked after the subkey and local sequence number are stored in auth_context .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_set_req_cksumtype.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_set_req_cksumtype.html deleted file mode 100644 index 267309de..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_set_req_cksumtype.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_set_req_cksumtype - Set checksum type in an an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_set_req_cksumtype - Set checksum type in an an auth context.¶

-
-
-krb5_error_code krb5_auth_con_set_req_cksumtype(krb5_context context, krb5_auth_context auth_context, krb5_cksumtype cksumtype)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] cksumtype - Checksum type

-
-
-
-
retval
-
    -
  • 0 Success. Otherwise - Kerberos error codes

  • -
-
-
-

This function sets the checksum type in auth_context to be used by krb5_mk_req() for the authenticator checksum.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setaddrs.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setaddrs.html deleted file mode 100644 index bc62882c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setaddrs.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_auth_con_setaddrs - Set the local and remote addresses in an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_setaddrs - Set the local and remote addresses in an auth context.¶

-
-
-krb5_error_code krb5_auth_con_setaddrs(krb5_context context, krb5_auth_context auth_context, krb5_address *local_addr, krb5_address *remote_addr)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] local_addr - Local address

-

[in] remote_addr - Remote address

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function releases the storage assigned to the contents of the local and remote addresses of auth_context and then sets them to local_addr and remote_addr respectively.

-
-

See also

-

krb5_auth_con_genaddrs()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setflags.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setflags.html deleted file mode 100644 index 98f5ed54..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setflags.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_auth_con_setflags - Set a flags field in a krb5_auth_context structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_setflags - Set a flags field in a krb5_auth_context structure.¶

-
-
-krb5_error_code krb5_auth_con_setflags(krb5_context context, krb5_auth_context auth_context, krb5_int32 flags)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] flags - Flags bit mask

-
-
-
-
retval
-
    -
  • 0 (always)

  • -
-
-
-

Valid values for flags are:

-
-
    -
  • #KRB5_AUTH_CONTEXT_DO_TIME Use timestamps

  • -
  • #KRB5_AUTH_CONTEXT_RET_TIME Save timestamps

  • -
  • #KRB5_AUTH_CONTEXT_DO_SEQUENCE Use sequence numbers

  • -
  • #KRB5_AUTH_CONTEXT_RET_SEQUENCE Save sequence numbers

  • -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setports.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setports.html deleted file mode 100644 index 6a28f812..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setports.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_auth_con_setports - Set local and remote port fields in an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_setports - Set local and remote port fields in an auth context.¶

-
-
-krb5_error_code krb5_auth_con_setports(krb5_context context, krb5_auth_context auth_context, krb5_address *local_port, krb5_address *remote_port)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] local_port - Local port

-

[in] remote_port - Remote port

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function releases the storage assigned to the contents of the local and remote ports of auth_context and then sets them to local_port and remote_port respectively.

-
-

See also

-

krb5_auth_con_genaddrs()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrcache.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrcache.html deleted file mode 100644 index a0654219..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrcache.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_setrcache - Set the replay cache in an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_setrcache - Set the replay cache in an auth context.¶

-
-
-krb5_error_code krb5_auth_con_setrcache(krb5_context context, krb5_auth_context auth_context, krb5_rcache rcache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] rcache - Replay cache haddle

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function sets the replay cache in auth_context to rcache . rcache will be closed when auth_context is freed, so the caller should relinquish that responsibility.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrecvsubkey.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrecvsubkey.html deleted file mode 100644 index 9236396b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrecvsubkey.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_setrecvsubkey - Set the receiving subkey in an auth context with a keyblock. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_setrecvsubkey - Set the receiving subkey in an auth context with a keyblock.¶

-
-
-krb5_error_code krb5_auth_con_setrecvsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] ac - Authentication context

-

[in] keyblock - Receiving subkey

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function sets the receiving subkey in ac to a copy of keyblock .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.html deleted file mode 100644 index 1f59b660..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setrecvsubkey_k.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_auth_con_setrecvsubkey_k - Set the receiving subkey in an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_setrecvsubkey_k - Set the receiving subkey in an auth context.¶

-
-
-krb5_error_code krb5_auth_con_setrecvsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key key)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] ac - Authentication context

-

[in] key - Receiving subkey

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function sets the receiving subkey in ac to key , incrementing its reference count.

-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setsendsubkey.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setsendsubkey.html deleted file mode 100644 index 6c2fe8e3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setsendsubkey.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_auth_con_setsendsubkey - Set the send subkey in an auth context with a keyblock. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_setsendsubkey - Set the send subkey in an auth context with a keyblock.¶

-
-
-krb5_error_code krb5_auth_con_setsendsubkey(krb5_context ctx, krb5_auth_context ac, krb5_keyblock *keyblock)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] ac - Authentication context

-

[in] keyblock - Send subkey

-
-
-
-
retval
-
    -
  • 0 Success. Otherwise - Kerberos error codes

  • -
-
-
-

This function sets the send subkey in ac to a copy of keyblock .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setsendsubkey_k.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setsendsubkey_k.html deleted file mode 100644 index 4047613f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setsendsubkey_k.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_auth_con_setsendsubkey_k - Set the send subkey in an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_setsendsubkey_k - Set the send subkey in an auth context.¶

-
-
-krb5_error_code krb5_auth_con_setsendsubkey_k(krb5_context ctx, krb5_auth_context ac, krb5_key key)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] ac - Authentication context

-

[out] key - Send subkey

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function sets the send subkey in ac to key , incrementing its reference count.

-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setuseruserkey.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setuseruserkey.html deleted file mode 100644 index a7929a2a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_auth_con_setuseruserkey.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_auth_con_setuseruserkey - Set the session key in an auth context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_auth_con_setuseruserkey - Set the session key in an auth context.¶

-
-
-krb5_error_code krb5_auth_con_setuseruserkey(krb5_context context, krb5_auth_context auth_context, krb5_keyblock *keyblock)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] keyblock - User key

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal.html deleted file mode 100644 index 93c490cc..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_build_principal - Build a principal name using null-terminated strings. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_build_principal - Build a principal name using null-terminated strings.¶

-
-
-krb5_error_code krb5_build_principal(krb5_context context, krb5_principal *princ, unsigned int rlen, const char *realm, ...)¶
-
- -
-
param
-

[in] context - Library context

-

[out] princ - Principal name

-

[in] rlen - Realm name length

-

[in] realm - Realm name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Call krb5_free_principal() to free princ when it is no longer needed.

-

Beginning with release 1.20, the name type of the principal will be inferred as KRB5_NT_SRV_INST or KRB5_NT_WELLKNOWN based on the principal name. The type will be KRB5_NT_PRINCIPAL if a type cannot be inferred.

-
-

Note

-

krb5_build_principal() and krb5_build_principal_alloc_va() perform the same task. krb5_build_principal() takes variadic arguments. krb5_build_principal_alloc_va() takes a pre-computed varargs pointer.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_alloc_va.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_alloc_va.html deleted file mode 100644 index ba3999b4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_alloc_va.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_build_principal_alloc_va - Build a principal name, using a precomputed variable argument list. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_build_principal_alloc_va - Build a principal name, using a precomputed variable argument list.¶

-
-
-krb5_error_code krb5_build_principal_alloc_va(krb5_context context, krb5_principal *princ, unsigned int rlen, const char *realm, va_list ap)¶
-
- -
-
param
-

[in] context - Library context

-

[out] princ - Principal structure

-

[in] rlen - Realm name length

-

[in] realm - Realm name

-

[in] ap - List of char * components, ending with NULL

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Similar to krb5_build_principal(), this function builds a principal name, but its name components are specified as a va_list.

-

Use krb5_free_principal() to deallocate princ when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_ext.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_ext.html deleted file mode 100644 index ec469c6e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_ext.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_build_principal_ext - Build a principal name using length-counted strings. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_build_principal_ext - Build a principal name using length-counted strings.¶

-
-
-krb5_error_code krb5_build_principal_ext(krb5_context context, krb5_principal *princ, unsigned int rlen, const char *realm, ...)¶
-
- -
-
param
-

[in] context - Library context

-

[out] princ - Principal name

-

[in] rlen - Realm name length

-

[in] realm - Realm name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function creates a principal from a length-counted string and a variable-length list of length-counted components. The list of components ends with the first 0 length argument (so it is not possible to specify an empty component with this function). Call krb5_free_principal() to free allocated memory for principal when it is no longer needed.

-

Beginning with release 1.20, the name type of the principal will be inferred as KRB5_NT_SRV_INST or KRB5_NT_WELLKNOWN based on the principal name. The type will be KRB5_NT_PRINCIPAL if a type cannot be inferred.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_va.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_va.html deleted file mode 100644 index bf55bd2c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_build_principal_va.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_build_principal_va — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_block_size.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_block_size.html deleted file mode 100644 index 437bfc76..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_block_size.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_c_block_size - Return cipher block size. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_block_size - Return cipher block size.¶

-
-
-krb5_error_code krb5_c_block_size(krb5_context context, krb5_enctype enctype, size_t *blocksize)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[out] blocksize - Block size for enctype

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_checksum_length.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_checksum_length.html deleted file mode 100644 index 6b78619f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_checksum_length.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_c_checksum_length - Return the length of checksums for a checksum type. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_checksum_length - Return the length of checksums for a checksum type.¶

-
-
-krb5_error_code krb5_c_checksum_length(krb5_context context, krb5_cksumtype cksumtype, size_t *length)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cksumtype - Checksum type

-

[out] length - Checksum length

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_crypto_length.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_crypto_length.html deleted file mode 100644 index aaf59923..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_crypto_length.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_c_crypto_length - Return a length of a message field specific to the encryption type. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_crypto_length - Return a length of a message field specific to the encryption type.¶

-
-
-krb5_error_code krb5_c_crypto_length(krb5_context context, krb5_enctype enctype, krb5_cryptotype type, unsigned int *size)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[in] type - Type field (See KRB5_CRYPTO_TYPE macros)

-

[out] size - Length of the type specific to enctype

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_crypto_length_iov.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_crypto_length_iov.html deleted file mode 100644 index cc75f56e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_crypto_length_iov.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_c_crypto_length_iov - Fill in lengths for header, trailer and padding in a IOV array. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_crypto_length_iov - Fill in lengths for header, trailer and padding in a IOV array.¶

-
-
-krb5_error_code krb5_c_crypto_length_iov(krb5_context context, krb5_enctype enctype, krb5_crypto_iov *data, size_t num_data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[inout] data - IOV array

-

[in] num_data - Size of data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Padding is set to the actual padding required based on the provided data buffers. Typically this API is used after setting up the data buffers and #KRB5_CRYPTO_TYPE_SIGN_ONLY buffers, but before actually allocating header, trailer and padding.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_decrypt.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_decrypt.html deleted file mode 100644 index e9a33ab6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_decrypt.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_c_decrypt - Decrypt data using a key (operates on keyblock). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_decrypt - Decrypt data using a key (operates on keyblock).¶

-
-
-krb5_error_code krb5_c_decrypt(krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *cipher_state, const krb5_enc_data *input, krb5_data *output)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Encryption key

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[inout] cipher_state - Cipher state; specify NULL if not needed

-

[in] input - Encrypted data

-

[out] output - Decrypted data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function decrypts the data block input and stores the output into output . The actual decryption key will be derived from key and usage if key derivation is specified for the encryption type. If non-null, cipher_state specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation.

-
-

Note

-

The caller must initialize output and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let krb5_c_decrypt() trim output->length . For some enctypes, the resulting output->length may include padding bytes.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_decrypt_iov.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_decrypt_iov.html deleted file mode 100644 index f8133269..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_decrypt_iov.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_c_decrypt_iov - Decrypt data in place supporting AEAD (operates on keyblock). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_decrypt_iov - Decrypt data in place supporting AEAD (operates on keyblock).¶

-
-
-krb5_error_code krb5_c_decrypt_iov(krb5_context context, const krb5_keyblock *keyblock, krb5_keyusage usage, const krb5_data *cipher_state, krb5_crypto_iov *data, size_t num_data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keyblock - Encryption key

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[in] cipher_state - Cipher state; specify NULL if not needed

-

[inout] data - IOV array. Modified in-place.

-

[in] num_data - Size of data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function decrypts the data block data and stores the output in-place. The actual decryption key will be derived from keyblock and usage if key derivation is specified for the encryption type. If non-null, cipher_state specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API.

-
-

See also

-

krb5_c_decrypt_iov()

-
-
-

Note

-

On return from a krb5_c_decrypt_iov() call, the data->length in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_derive_prfplus.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_derive_prfplus.html deleted file mode 100644 index 302dcb75..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_derive_prfplus.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_c_derive_prfplus - Derive a key using some input data (via RFC 6113 PRF+). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_derive_prfplus - Derive a key using some input data (via RFC 6113 PRF+).¶

-
-
-krb5_error_code krb5_c_derive_prfplus(krb5_context context, const krb5_keyblock *k, const krb5_data *input, krb5_enctype enctype, krb5_keyblock **out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] k - KDC contribution key

-

[in] input - Input string

-

[in] enctype - Output key enctype (or ENCTYPE_NULL )

-

[out] out - Derived keyblock

-
-
-

This function uses PRF+ as defined in RFC 6113 to derive a key from another key and an input string. If enctype is ENCTYPE_NULL , the output key will have the same enctype as the input key.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt.html deleted file mode 100644 index bb448ade..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_c_encrypt - Encrypt data using a key (operates on keyblock). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_encrypt - Encrypt data using a key (operates on keyblock).¶

-
-
-krb5_error_code krb5_c_encrypt(krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *cipher_state, const krb5_data *input, krb5_enc_data *output)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Encryption key

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[inout] cipher_state - Cipher state; specify NULL if not needed

-

[in] input - Data to be encrypted

-

[out] output - Encrypted data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function encrypts the data block input and stores the outputinto output . The actual encryption key will be derived from key and usage if key derivation is specified for the encryption type. If non-null, cipher_state specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation.

-
-

Note

-

The caller must initialize output and allocate at least enough space for the result (using krb5_c_encrypt_length() to determine the amount of space needed). output->length will be set to the actual length of the ciphertext.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt_iov.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt_iov.html deleted file mode 100644 index b5dde9b8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt_iov.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_c_encrypt_iov - Encrypt data in place supporting AEAD (operates on keyblock). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_encrypt_iov - Encrypt data in place supporting AEAD (operates on keyblock).¶

-
-
-krb5_error_code krb5_c_encrypt_iov(krb5_context context, const krb5_keyblock *keyblock, krb5_keyusage usage, const krb5_data *cipher_state, krb5_crypto_iov *data, size_t num_data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keyblock - Encryption key

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[in] cipher_state - Cipher state; specify NULL if not needed

-

[inout] data - IOV array. Modified in-place.

-

[in] num_data - Size of data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function encrypts the data block data and stores the output in-place. The actual encryption key will be derived from keyblock and usage if key derivation is specified for the encryption type. If non-null, cipher_state specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API.

-
-

See also

-

krb5_c_decrypt_iov()

-
-
-

Note

-

On return from a krb5_c_encrypt_iov() call, the data->length in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt_length.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt_length.html deleted file mode 100644 index 674be48e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_encrypt_length.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_c_encrypt_length - Compute encrypted data length. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_encrypt_length - Compute encrypted data length.¶

-
-
-krb5_error_code krb5_c_encrypt_length(krb5_context context, krb5_enctype enctype, size_t inputlen, size_t *length)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[in] inputlen - Length of the data to be encrypted

-

[out] length - Length of the encrypted data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function computes the length of the ciphertext produced by encrypting inputlen bytes including padding, confounder, and checksum.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_enctype_compare.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_enctype_compare.html deleted file mode 100644 index 37c63a9b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_enctype_compare.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_c_enctype_compare - Compare two encryption types. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_enctype_compare - Compare two encryption types.¶

-
-
-krb5_error_code krb5_c_enctype_compare(krb5_context context, krb5_enctype e1, krb5_enctype e2, krb5_boolean *similar)¶
-
- -
-
param
-

[in] context - Library context

-

[in] e1 - First encryption type

-

[in] e2 - Second encryption type

-

[out] similar - TRUE if types are similar, FALSE if not

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function determines whether two encryption types use the same kind of keys.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_free_state.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_free_state.html deleted file mode 100644 index fea85338..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_free_state.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_c_free_state - Free a cipher state previously allocated by krb5_c_init_state(). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_free_state - Free a cipher state previously allocated by krb5_c_init_state().¶

-
-
-krb5_error_code krb5_c_free_state(krb5_context context, const krb5_keyblock *key, krb5_data *state)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Key

-

[in] state - Cipher state to be freed

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_fx_cf2_simple.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_fx_cf2_simple.html deleted file mode 100644 index 165828e8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_fx_cf2_simple.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_c_fx_cf2_simple - Compute the KRB-FX-CF2 combination of two keys and pepper strings. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_fx_cf2_simple - Compute the KRB-FX-CF2 combination of two keys and pepper strings.¶

-
-
-krb5_error_code krb5_c_fx_cf2_simple(krb5_context context, const krb5_keyblock *k1, const char *pepper1, const krb5_keyblock *k2, const char *pepper2, krb5_keyblock **out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] k1 - KDC contribution key

-

[in] pepper1 - Stringâ€PKINITâ€

-

[in] k2 - Reply key

-

[in] pepper2 - Stringâ€KeyExchangeâ€

-

[out] out - Output key

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function computes the KRB-FX-CF2 function over its inputs and places the results in a newly allocated keyblock. This function is simple in that it assumes that pepper1 and pepper2 are C strings with no internal nulls and that the enctype of the result will be the same as that of k1 . k1 and k2 may be of different enctypes.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_init_state.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_init_state.html deleted file mode 100644 index 7b7d4122..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_init_state.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_c_init_state - Initialize a new cipher state. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_init_state - Initialize a new cipher state.¶

-
-
-krb5_error_code krb5_c_init_state(krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, krb5_data *new_state)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Key

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[out] new_state - New cipher state

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_is_coll_proof_cksum.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_is_coll_proof_cksum.html deleted file mode 100644 index c00941b0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_is_coll_proof_cksum.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_c_is_coll_proof_cksum - Test whether a checksum type is collision-proof. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_is_coll_proof_cksum - Test whether a checksum type is collision-proof.¶

-
-
-krb5_boolean krb5_c_is_coll_proof_cksum(krb5_cksumtype ctype)¶
-
- -
-
param
-

[in] ctype - Checksum type

-
-
-
-
return
-
    -
  • TRUE if ctype is collision-proof, FALSE if it is not collision-proof or not a valid checksum type.

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_is_keyed_cksum.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_is_keyed_cksum.html deleted file mode 100644 index 9cbc6281..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_is_keyed_cksum.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_c_is_keyed_cksum - Test whether a checksum type is keyed. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_keyed_checksum_types.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_keyed_checksum_types.html deleted file mode 100644 index a4223002..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_keyed_checksum_types.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_c_keyed_checksum_types - Return a list of keyed checksum types usable with an encryption type. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_keyed_checksum_types - Return a list of keyed checksum types usable with an encryption type.¶

-
-
-krb5_error_code krb5_c_keyed_checksum_types(krb5_context context, krb5_enctype enctype, unsigned int *count, krb5_cksumtype **cksumtypes)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[out] count - Count of allowable checksum types

-

[out] cksumtypes - Array of allowable checksum types

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Use krb5_free_cksumtypes() to free cksumtypes when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_keylengths.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_keylengths.html deleted file mode 100644 index 240fa83c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_keylengths.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_c_keylengths - Return length of the specified key in bytes. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_keylengths - Return length of the specified key in bytes.¶

-
-
-krb5_error_code krb5_c_keylengths(krb5_context context, krb5_enctype enctype, size_t *keybytes, size_t *keylength)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[out] keybytes - Number of bytes required to make a key

-

[out] keylength - Length of final key

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_checksum.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_checksum.html deleted file mode 100644 index ffdde623..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_checksum.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_c_make_checksum - Compute a checksum (operates on keyblock). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_make_checksum - Compute a checksum (operates on keyblock).¶

-
-
-krb5_error_code krb5_c_make_checksum(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *input, krb5_checksum *cksum)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cksumtype - Checksum type (0 for mandatory type)

-

[in] key - Encryption key for a keyed checksum

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[in] input - Input data

-

[out] cksum - Generated checksum

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function computes a checksum of type cksumtype over input , using key if the checksum type is a keyed checksum. If cksumtype is 0 and key is non-null, the checksum type will be the mandatory-to-implement checksum type for the key’s encryption type. The actual checksum key will be derived from key and usage if key derivation is specified for the checksum type. The newly created cksum must be released by calling krb5_free_checksum_contents() when it is no longer needed.

-
-

See also

-

krb5_c_verify_checksum()

-
-
-

Note

-

This function is similar to krb5_k_make_checksum(), but operates on keyblock key .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_checksum_iov.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_checksum_iov.html deleted file mode 100644 index d9b1341f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_checksum_iov.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_c_make_checksum_iov - Fill in a checksum element in IOV array (operates on keyblock) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_make_checksum_iov - Fill in a checksum element in IOV array (operates on keyblock)¶

-
-
-krb5_error_code krb5_c_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock *key, krb5_keyusage usage, krb5_crypto_iov *data, size_t num_data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cksumtype - Checksum type (0 for mandatory type)

-

[in] key - Encryption key for a keyed checksum

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[inout] data - IOV array

-

[in] num_data - Size of data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Create a checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element over #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY chunks in data . Only the #KRB5_CRYPTO_TYPE_CHECKSUM region is modified.

-
-

See also

-

krb5_c_verify_checksum_iov()

-
-
-

Note

-

This function is similar to krb5_k_make_checksum_iov(), but operates on keyblock key .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_random_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_random_key.html deleted file mode 100644 index 3ad46d16..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_make_random_key.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_c_make_random_key - Generate an enctype-specific random encryption key. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_make_random_key - Generate an enctype-specific random encryption key.¶

-
-
-krb5_error_code krb5_c_make_random_key(krb5_context context, krb5_enctype enctype, krb5_keyblock *k5_random_key)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type of the generated key

-

[out] k5_random_key - An allocated and initialized keyblock

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Use krb5_free_keyblock_contents() to free k5_random_key when no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_padding_length.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_padding_length.html deleted file mode 100644 index 0efa8703..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_padding_length.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_c_padding_length - Return a number of padding octets. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_padding_length - Return a number of padding octets.¶

-
-
-krb5_error_code krb5_c_padding_length(krb5_context context, krb5_enctype enctype, size_t data_length, unsigned int *size)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[in] data_length - Length of the plaintext to pad

-

[out] size - Number of padding octets

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - KRB5_BAD_ENCTYPE

  • -
-
-
-

This function returns the number of the padding octets required to pad data_length octets of plaintext.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prf.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prf.html deleted file mode 100644 index 656241f4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prf.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_c_prf - Generate enctype-specific pseudo-random bytes. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_prf - Generate enctype-specific pseudo-random bytes.¶

-
-
-krb5_error_code krb5_c_prf(krb5_context context, const krb5_keyblock *keyblock, krb5_data *input, krb5_data *output)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keyblock - Key

-

[in] input - Input data

-

[out] output - Output data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function selects a pseudo-random function based on keyblock and computes its value over input , placing the result into output . The caller must preinitialize output and allocate space for the result, using krb5_c_prf_length() to determine the required length.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prf_length.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prf_length.html deleted file mode 100644 index b9f9fb2a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prf_length.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_c_prf_length - Get the output length of pseudo-random functions for an encryption type. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_prf_length - Get the output length of pseudo-random functions for an encryption type.¶

-
-
-krb5_error_code krb5_c_prf_length(krb5_context context, krb5_enctype enctype, size_t *len)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[out] len - Length of PRF output

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prfplus.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prfplus.html deleted file mode 100644 index 1308bffa..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_prfplus.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_c_prfplus - Generate pseudo-random bytes using RFC 6113 PRF+. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_prfplus - Generate pseudo-random bytes using RFC 6113 PRF+.¶

-
-
-krb5_error_code krb5_c_prfplus(krb5_context context, const krb5_keyblock *k, const krb5_data *input, krb5_data *output)¶
-
- -
-
param
-

[in] context - Library context

-

[in] k - KDC contribution key

-

[in] input - Input data

-

[out] output - Pseudo-random output buffer

-
-
-
-
return
-
    -
  • 0 on success, E2BIG if output->length is too large for PRF+ to generate, ENOMEM on allocation failure, or an error code from krb5_c_prf()

  • -
-
-
-

This function fills output with PRF+(k, input) as defined in RFC 6113 section 5.1. The caller must preinitialize output and allocate the desired amount of space. The length of the pseudo-random output will match the length of output .

-
-

Note

-

RFC 4402 defines a different PRF+ operation. This function does not implement that operation.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_add_entropy.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_add_entropy.html deleted file mode 100644 index 4486b2c0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_add_entropy.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_c_random_add_entropy — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_make_octets.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_make_octets.html deleted file mode 100644 index c917e7a1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_make_octets.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_c_random_make_octets - Generate pseudo-random bytes. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_random_make_octets - Generate pseudo-random bytes.¶

-
-
-krb5_error_code krb5_c_random_make_octets(krb5_context context, krb5_data *data)¶
-
- -
-
param
-

[in] context - Library context

-

[out] data - Random data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Fills in data with bytes from the PRNG used by krb5 crypto operations. The caller must preinitialize data and allocate the desired amount of space.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_os_entropy.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_os_entropy.html deleted file mode 100644 index 08a47c82..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_os_entropy.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_c_random_os_entropy — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_seed.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_seed.html deleted file mode 100644 index 44749637..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_seed.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_c_random_seed — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_to_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_to_key.html deleted file mode 100644 index 961108e2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_random_to_key.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_c_random_to_key - Generate an enctype-specific key from random data. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_random_to_key - Generate an enctype-specific key from random data.¶

-
-
-krb5_error_code krb5_c_random_to_key(krb5_context context, krb5_enctype enctype, krb5_data *random_data, krb5_keyblock *k5_random_key)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[in] random_data - Random input data

-

[out] k5_random_key - Resulting key

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function takes random input data random_data and produces a valid key k5_random_key for a given enctype .

-
-

See also

-

krb5_c_keylengths()

-
-
-

Note

-

It is assumed that k5_random_key has already been initialized and k5_random_key->contents has been allocated with the correct length.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_string_to_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_string_to_key.html deleted file mode 100644 index 6e577708..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_string_to_key.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - krb5_c_string_to_key - Convert a string (such a password) to a key. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_string_to_key - Convert a string (such a password) to a key.¶

-
-
-krb5_error_code krb5_c_string_to_key(krb5_context context, krb5_enctype enctype, const krb5_data *string, const krb5_data *salt, krb5_keyblock *key)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[in] string - String to be converted

-

[in] salt - Salt value

-

[out] key - Generated key

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function converts string to a key of encryption type enctype , using the specified salt . The newly created key must be released by calling krb5_free_keyblock_contents() when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_string_to_key_with_params.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_string_to_key_with_params.html deleted file mode 100644 index a2a1a14d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_string_to_key_with_params.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_c_string_to_key_with_params - Convert a string (such as a password) to a key with additional parameters. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_string_to_key_with_params - Convert a string (such as a password) to a key with additional parameters.¶

-
-
-krb5_error_code krb5_c_string_to_key_with_params(krb5_context context, krb5_enctype enctype, const krb5_data *string, const krb5_data *salt, const krb5_data *params, krb5_keyblock *key)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[in] string - String to be converted

-

[in] salt - Salt value

-

[in] params - Parameters

-

[out] key - Generated key

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function is similar to krb5_c_string_to_key(), but also takes parameters which may affect the algorithm in an enctype-dependent way. The newly created key must be released by calling krb5_free_keyblock_contents() when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_valid_cksumtype.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_valid_cksumtype.html deleted file mode 100644 index e37da7bf..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_valid_cksumtype.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_c_valid_cksumtype - Verify that specified checksum type is a valid Kerberos checksum type. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_valid_enctype.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_valid_enctype.html deleted file mode 100644 index 3eb00ff9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_valid_enctype.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_c_valid_enctype - Verify that a specified encryption type is a valid Kerberos encryption type. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_verify_checksum.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_verify_checksum.html deleted file mode 100644 index e2d99c29..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_verify_checksum.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_c_verify_checksum - Verify a checksum (operates on keyblock). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_verify_checksum - Verify a checksum (operates on keyblock).¶

-
-
-krb5_error_code krb5_c_verify_checksum(krb5_context context, const krb5_keyblock *key, krb5_keyusage usage, const krb5_data *data, const krb5_checksum *cksum, krb5_boolean *valid)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Encryption key for a keyed checksum

-

[in] usage - key usage

-

[in] data - Data to be used to compute a new checksum using key to compare cksum against

-

[in] cksum - Checksum to be verified

-

[out] valid - Non-zero for success, zero for failure

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function verifies that cksum is a valid checksum for data . If the checksum type of cksum is a keyed checksum, key is used to verify the checksum. If the checksum type in cksum is 0 and key is not NULL, the mandatory checksum type for key will be used. The actual checksum key will be derived from key and usage if key derivation is specified for the checksum type.

-
-

Note

-

This function is similar to krb5_k_verify_checksum(), but operates on keyblock key .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_verify_checksum_iov.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_verify_checksum_iov.html deleted file mode 100644 index ce0c9699..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_c_verify_checksum_iov.html +++ /dev/null @@ -1,171 +0,0 @@ - - - - - - - - - krb5_c_verify_checksum_iov - Validate a checksum element in IOV array (operates on keyblock). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_c_verify_checksum_iov - Validate a checksum element in IOV array (operates on keyblock).¶

-
-
-krb5_error_code krb5_c_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, const krb5_keyblock *key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, krb5_boolean *valid)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cksumtype - Checksum type (0 for mandatory type)

-

[in] key - Encryption key for a keyed checksum

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[in] data - IOV array

-

[in] num_data - Size of data

-

[out] valid - Non-zero for success, zero for failure

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Confirm that the checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element is a valid checksum of the #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY regions in the iov.

-
-

See also

-

krb5_c_make_checksum_iov()

-
-
-

Note

-

This function is similar to krb5_k_verify_checksum_iov(), but operates on keyblock key .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_calculate_checksum.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_calculate_checksum.html deleted file mode 100644 index 7d429889..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_calculate_checksum.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_calculate_checksum — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_cache_match.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_cache_match.html deleted file mode 100644 index 8f858217..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_cache_match.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_cc_cache_match - Find a credential cache with a specified client principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_cache_match - Find a credential cache with a specified client principal.¶

-
-
-krb5_error_code krb5_cc_cache_match(krb5_context context, krb5_principal client, krb5_ccache *cache_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] client - Client principal

-

[out] cache_out - Credential cache handle

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KRB5_CC_NOTFOUND None

  • -
-
-
-

Find a cache within the collection whose default principal is client . Use krb5_cc_close to close ccache when it is no longer needed.

-
-

Note

-

New in 1.10

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_close.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_close.html deleted file mode 100644 index 66b7fb2c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_close.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_cc_close - Close a credential cache handle. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_close - Close a credential cache handle.¶

-
-
-krb5_error_code krb5_cc_close(krb5_context context, krb5_ccache cache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function closes a credential cache handle cache without affecting the contents of the cache.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_copy_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_copy_creds.html deleted file mode 100644 index d5e2b462..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_copy_creds.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_cc_copy_creds - Copy a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_copy_creds - Copy a credential cache.¶

-
-
-krb5_error_code krb5_cc_copy_creds(krb5_context context, krb5_ccache incc, krb5_ccache outcc)¶
-
- -
-
param
-

[in] context - Library context

-

[in] incc - Credential cache to be copied

-

[out] outcc - Copy of credential cache to be filled in

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_default.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_default.html deleted file mode 100644 index 15fa748b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_default.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_cc_default - Resolve the default credential cache name. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_default - Resolve the default credential cache name.¶

-
-
-krb5_error_code krb5_cc_default(krb5_context context, krb5_ccache *ccache)¶
-
- -
-
param
-

[in] context - Library context

-

[out] ccache - Pointer to credential cache name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KV5M_CONTEXT Bad magic number for _krb5_context structure

  • -
  • KRB5_FCC_INTERNAL The name of the default credential cache cannot be obtained

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Create a handle to the default credential cache as given by krb5_cc_default_name().

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_default_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_default_name.html deleted file mode 100644 index eda52320..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_default_name.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_cc_default_name - Return the name of the default credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_default_name - Return the name of the default credential cache.¶

-
-
-const char *krb5_cc_default_name(krb5_context context)¶
-
- -
-
param
-

[in] context - Library context

-
-
-
-
return
-
    -
  • Name of default credential cache for the current user.

  • -
-
-
-

Return a pointer to the default credential cache name for context , as determined by a prior call to krb5_cc_set_default_name(), by the KRB5CCNAME environment variable, by the default_ccache_name profile variable, or by the operating system or build-time default value. The returned value must not be modified or freed by the caller. The returned value becomes invalid when context is destroyed krb5_free_context() or if a subsequent call to krb5_cc_set_default_name() is made on context .

-

The default credential cache name is cached in context between calls to this function, so if the value of KRB5CCNAME changes in the process environment after the first call to this function on, that change will not be reflected in later calls with the same context. The caller can invoke krb5_cc_set_default_name() with a NULL value of name to clear the cached value and force the default name to be recomputed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_destroy.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_destroy.html deleted file mode 100644 index 016e2690..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_destroy.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_cc_destroy - Destroy a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_destroy - Destroy a credential cache.¶

-
-
-krb5_error_code krb5_cc_destroy(krb5_context context, krb5_ccache cache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Permission errors

  • -
-
-
-

This function destroys any existing contents of cache and closes the handle to it.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_dup.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_dup.html deleted file mode 100644 index 028e294b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_dup.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_cc_dup - Duplicate ccache handle. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_dup - Duplicate ccache handle.¶

-
-
-krb5_error_code krb5_cc_dup(krb5_context context, krb5_ccache in, krb5_ccache *out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] in - Credential cache handle to be duplicated

-

[out] out - Credential cache handle

-
-
-

Create a new handle referring to the same cache as in . The new handle and in can be closed independently.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_end_seq_get.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_end_seq_get.html deleted file mode 100644 index fd6fee3d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_end_seq_get.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_cc_end_seq_get - Finish a series of sequential processing credential cache entries. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_end_seq_get - Finish a series of sequential processing credential cache entries.¶

-
-
-krb5_error_code krb5_cc_end_seq_get(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[in] cursor - Cursor

-
-
-
-
retval
-
    -
  • 0 (always)

  • -
-
-
-

This function finishes processing credential cache entries and invalidates cursor .

-
-

See also

-

krb5_cc_start_seq_get(), krb5_cc_next_cred()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_gen_new.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_gen_new.html deleted file mode 100644 index 7ff44dc2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_gen_new.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_cc_gen_new — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_config.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_config.html deleted file mode 100644 index c0bb4cea..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_config.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_cc_get_config - Get a configuration value from a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_get_config - Get a configuration value from a credential cache.¶

-
-
-krb5_error_code krb5_cc_get_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *key, krb5_data *data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] id - Credential cache handle

-

[in] principal - Configuration for this principal; if NULL, global for the whole cache

-

[in] key - Name of config variable

-

[out] data - Data to be fetched

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Use krb5_free_data_contents() to free data when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_flags.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_flags.html deleted file mode 100644 index 708f965a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_flags.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_cc_get_flags - Retrieve flags from a credential cache structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_get_flags - Retrieve flags from a credential cache structure.¶

-
-
-krb5_error_code krb5_cc_get_flags(krb5_context context, krb5_ccache cache, krb5_flags *flags)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[out] flags - Flag bit mask

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
-

Warning

-

For memory credential cache always returns a flag mask of 0.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_full_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_full_name.html deleted file mode 100644 index 5a10794b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_full_name.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_cc_get_full_name - Retrieve the full name of a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_get_full_name - Retrieve the full name of a credential cache.¶

-
-
-krb5_error_code krb5_cc_get_full_name(krb5_context context, krb5_ccache cache, char **fullname_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[out] fullname_out - Full name of cache

-
-
-

Use krb5_free_string() to free fullname_out when it is no longer needed.

-
-

Note

-

New in 1.10

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_name.html deleted file mode 100644 index 01eb9aa1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_name.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - krb5_cc_get_name - Retrieve the name, but not type of a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_get_name - Retrieve the name, but not type of a credential cache.¶

-
-
-const char *krb5_cc_get_name(krb5_context context, krb5_ccache cache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-
-
-
-
return
-
    -
  • On success - the name of the credential cache.

  • -
-
-
-
-

Warning

-

Returns the name of the credential cache. The result is an alias into cache and should not be freed or modified by the caller. This name does not include the cache type, so should not be used as input to krb5_cc_resolve().

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_principal.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_principal.html deleted file mode 100644 index d0ad967e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_principal.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_cc_get_principal - Get the default principal of a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_get_principal - Get the default principal of a credential cache.¶

-
-
-krb5_error_code krb5_cc_get_principal(krb5_context context, krb5_ccache cache, krb5_principal *principal)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[out] principal - Primary principal

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Returns the default client principal of a credential cache as set by krb5_cc_initialize().

-

Use krb5_free_principal() to free principal when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_type.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_type.html deleted file mode 100644 index e97c529b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_get_type.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_cc_get_type - Retrieve the type of a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_get_type - Retrieve the type of a credential cache.¶

-
-
-const char *krb5_cc_get_type(krb5_context context, krb5_ccache cache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-
-
-
-
return
-
    -
  • The type of a credential cache as an alias that must not be modified or freed by the caller.

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_initialize.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_initialize.html deleted file mode 100644 index 0d98dee3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_initialize.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_cc_initialize - Initialize a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_initialize - Initialize a credential cache.¶

-
-
-krb5_error_code krb5_cc_initialize(krb5_context context, krb5_ccache cache, krb5_principal principal)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[in] principal - Default principal name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • System errors; Permission errors; Kerberos error codes

  • -
-
-
-

Destroy any existing contents of cache and initialize it for the default principal principal .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_move.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_move.html deleted file mode 100644 index 2c474cb8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_move.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_cc_move - Move a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_move - Move a credential cache.¶

-
-
-krb5_error_code krb5_cc_move(krb5_context context, krb5_ccache src, krb5_ccache dst)¶
-
- -
-
param
-

[in] context - Library context

-

[in] src - The credential cache to move the content from

-

[in] dst - The credential cache to move the content to

-
-
-
-
retval
-
    -
  • 0 Success; src is closed.

  • -
-
-
return
-
    -
  • Kerberos error codes; src is still allocated.

  • -
-
-
-

This function reinitializes dst and populates it with the credentials and default principal of src ; then, if successful, destroys src .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_new_unique.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_new_unique.html deleted file mode 100644 index 7f116e87..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_new_unique.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_cc_new_unique - Create a new credential cache of the specified type with a unique name. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_new_unique - Create a new credential cache of the specified type with a unique name.¶

-
-
-krb5_error_code krb5_cc_new_unique(krb5_context context, const char *type, const char *hint, krb5_ccache *id)¶
-
- -
-
param
-

[in] context - Library context

-

[in] type - Credential cache type name

-

[in] hint - Unused

-

[out] id - Credential cache handle

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_next_cred.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_next_cred.html deleted file mode 100644 index 0430d9c1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_next_cred.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_cc_next_cred - Retrieve the next entry from the credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_next_cred - Retrieve the next entry from the credential cache.¶

-
-
-krb5_error_code krb5_cc_next_cred(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor, krb5_creds *creds)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[in] cursor - Cursor

-

[out] creds - Next credential cache entry

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function fills in creds with the next entry in cache and advances cursor .

-

Use krb5_free_cred_contents() to free creds when it is no longer needed.

-
-

See also

-

krb5_cc_start_seq_get(), krb5_end_seq_get()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_remove_cred.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_remove_cred.html deleted file mode 100644 index 552b6d68..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_remove_cred.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - - krb5_cc_remove_cred - Remove credentials from a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_remove_cred - Remove credentials from a credential cache.¶

-
-
-krb5_error_code krb5_cc_remove_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds *creds)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[in] flags - Bitwise-ORed search flags

-

[in] creds - Credentials to be matched

-
-
-
-
retval
-
    -
  • KRB5_CC_NOSUPP Not implemented for this cache type

  • -
-
-
return
-
    -
  • No matches found; Data cannot be deleted; Kerberos error codes

  • -
-
-
-

This function accepts the same flag values as krb5_cc_retrieve_cred().

-
-

Warning

-

This function is not implemented for some cache types.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_resolve.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_resolve.html deleted file mode 100644 index 4145693c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_resolve.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_cc_resolve - Resolve a credential cache name. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_resolve - Resolve a credential cache name.¶

-
-
-krb5_error_code krb5_cc_resolve(krb5_context context, const char *name, krb5_ccache *cache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] name - Credential cache name to be resolved

-

[out] cache - Credential cache handle

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Fills in cache with a cache handle that corresponds to the name in name . name should be of the form type:residual , and type must be a type known to the library. If the name does not contain a colon, interpret it as a file name.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_retrieve_cred.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_retrieve_cred.html deleted file mode 100644 index ec432bc6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_retrieve_cred.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - - krb5_cc_retrieve_cred - Retrieve a specified credentials from a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_retrieve_cred - Retrieve a specified credentials from a credential cache.¶

-
-
-krb5_error_code krb5_cc_retrieve_cred(krb5_context context, krb5_ccache cache, krb5_flags flags, krb5_creds *mcreds, krb5_creds *creds)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[in] flags - Flags bit mask

-

[in] mcreds - Credentials to match

-

[out] creds - Credentials matching the requested value

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function searches a credential cache for credentials matching mcreds and returns it if found.

-

Valid values for flags are:

-
-
-
    -
  • #KRB5_TC_MATCH_TIMES The requested lifetime must be at least as great as in mcreds .

  • -
  • #KRB5_TC_MATCH_IS_SKEY The is_skey field much match exactly.

  • -
  • #KRB5_TC_MATCH_FLAGS Flags set in mcreds must be set.

  • -
  • #KRB5_TC_MATCH_TIMES_EXACT The requested lifetime must match exactly.

  • -
  • #KRB5_TC_MATCH_FLAGS_EXACT Flags must match exactly.

  • -
  • #KRB5_TC_MATCH_AUTHDATA The authorization data must match.

  • -
  • #KRB5_TC_MATCH_SRV_NAMEONLY Only the name portion of the principal name must match, not the realm.

  • -
  • #KRB5_TC_MATCH_2ND_TKT The second tickets must match.

  • -
  • #KRB5_TC_MATCH_KTYPE The encryption key types must match.

  • -
  • #KRB5_TC_SUPPORTED_KTYPES Check all matching entries that have any supported encryption type and return the one with the encryption type listed earliest.

  • -
-
-

Use krb5_free_cred_contents() to free creds when it is no longer needed.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_select.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_select.html deleted file mode 100644 index e9fcc2c7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_select.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_cc_select - Select a credential cache to use with a server principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_select - Select a credential cache to use with a server principal.¶

-
-
-krb5_error_code krb5_cc_select(krb5_context context, krb5_principal server, krb5_ccache *cache_out, krb5_principal *princ_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] server - Server principal

-

[out] cache_out - Credential cache handle

-

[out] princ_out - Client principal

-
-
-
-
return
-
    -
  • If an appropriate cache is found, 0 is returned, cache_out is set to the selected cache, and princ_out is set to the default principal of that cache.

  • -
-
-
-

Select a cache within the collection containing credentials most appropriate for use with server , according to configured rules and heuristics.

-

Use krb5_cc_close() to release cache_out when it is no longer needed. Use krb5_free_principal() to release princ_out when it is no longer needed. Note that princ_out is set in some error conditions.

-

If the appropriate client principal can be authoritatively determined but the cache collection contains no credentials for that principal, then KRB5_CC_NOTFOUND is returned, cache_out is set to NULL, and princ_out is set to the appropriate client principal.

-

If no configured mechanism can determine the appropriate cache or principal, KRB5_CC_NOTFOUND is returned and cache_out and princ_out are set to NULL.

-

Any other error code indicates a fatal error in the processing of a cache selection mechanism.

-
-

Note

-

New in 1.10

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_config.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_config.html deleted file mode 100644 index ef7220fc..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_config.html +++ /dev/null @@ -1,173 +0,0 @@ - - - - - - - - - krb5_cc_set_config - Store a configuration value in a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_set_config - Store a configuration value in a credential cache.¶

-
-
-krb5_error_code krb5_cc_set_config(krb5_context context, krb5_ccache id, krb5_const_principal principal, const char *key, krb5_data *data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] id - Credential cache handle

-

[in] principal - Configuration for a specific principal; if NULL, global for the whole cache

-

[in] key - Name of config variable

-

[in] data - Data to store, or NULL to remove

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-
-

Warning

-

Before version 1.10 data was assumed to be always non-null.

-
-
-

Note

-

Existing configuration under the same key is over-written.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_default_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_default_name.html deleted file mode 100644 index b9329376..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_default_name.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_cc_set_default_name - Set the default credential cache name. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_set_default_name - Set the default credential cache name.¶

-
-
-krb5_error_code krb5_cc_set_default_name(krb5_context context, const char *name)¶
-
- -
-
param
-

[in] context - Library context

-

[in] name - Default credential cache name or NULL

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KV5M_CONTEXT Bad magic number for _krb5_context structure

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Set the default credential cache name to name for future operations using context . If name is NULL, clear any previous application-set default name and forget any cached value of the default name for context .

-

Calls to this function invalidate the result of any previous calls to krb5_cc_default_name() using context .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_flags.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_flags.html deleted file mode 100644 index e6a95794..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_set_flags.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_cc_set_flags - Set options flags on a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_set_flags - Set options flags on a credential cache.¶

-
-
-krb5_error_code krb5_cc_set_flags(krb5_context context, krb5_ccache cache, krb5_flags flags)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[in] flags - Flag bit mask

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function resets cache flags to flags .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_start_seq_get.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_start_seq_get.html deleted file mode 100644 index d4d41c8f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_start_seq_get.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_cc_start_seq_get - Prepare to sequentially read every credential in a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_start_seq_get - Prepare to sequentially read every credential in a credential cache.¶

-
-
-krb5_error_code krb5_cc_start_seq_get(krb5_context context, krb5_ccache cache, krb5_cc_cursor *cursor)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[out] cursor - Cursor

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

krb5_cc_end_seq_get() must be called to complete the retrieve operation.

-
-

Note

-

If the cache represented by cache is modified between the time of the call to this function and the time of the final krb5_cc_end_seq_get(), these changes may not be reflected in the results of krb5_cc_next_cred() calls.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_store_cred.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_store_cred.html deleted file mode 100644 index 47bd1354..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_store_cred.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_cc_store_cred - Store credentials in a credential cache. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_store_cred - Store credentials in a credential cache.¶

-
-
-krb5_error_code krb5_cc_store_cred(krb5_context context, krb5_ccache cache, krb5_creds *creds)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-

[in] creds - Credentials to be stored in cache

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Permission errors; storage failure errors; Kerberos error codes

  • -
-
-
-

This function stores creds into cache . If creds->server and the server in the decoded ticket creds->ticket differ, the credentials will be stored under both server principal names.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_support_switch.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_support_switch.html deleted file mode 100644 index ae2078d2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_support_switch.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_cc_support_switch - Determine whether a credential cache type supports switching. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_support_switch - Determine whether a credential cache type supports switching.¶

-
-
-krb5_boolean krb5_cc_support_switch(krb5_context context, const char *type)¶
-
- -
-
param
-

[in] context - Library context

-

[in] type - Credential cache type

-
-
-
-
retval
-
    -
  • TRUE if type supports switching

  • -
  • FALSE if it does not or is not a valid credential cache type.

  • -
-
-
-
-

Note

-

New in 1.10

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_switch.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_switch.html deleted file mode 100644 index a4673185..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cc_switch.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_cc_switch - Make a credential cache the primary cache for its collection. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cc_switch - Make a credential cache the primary cache for its collection.¶

-
-
-krb5_error_code krb5_cc_switch(krb5_context context, krb5_ccache cache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cache - Credential cache handle

-
-
-
-
retval
-
    -
  • 0 Success, or the type of cache doesn’t support switching

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

If the type of cache supports it, set cache to be the primary credential cache for the collection it belongs to.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_free.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_free.html deleted file mode 100644 index 6167b696..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_free.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - krb5_cccol_cursor_free - Free a credential cache collection cursor. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cccol_cursor_free - Free a credential cache collection cursor.¶

-
-
-krb5_error_code krb5_cccol_cursor_free(krb5_context context, krb5_cccol_cursor *cursor)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cursor - Cursor

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
-

See also

-

krb5_cccol_cursor_new(), krb5_cccol_cursor_next()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_new.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_new.html deleted file mode 100644 index ffbb6d3e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_new.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches.¶

-
-
-krb5_error_code krb5_cccol_cursor_new(krb5_context context, krb5_cccol_cursor *cursor)¶
-
- -
-
param
-

[in] context - Library context

-

[out] cursor - Cursor

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Get a new cache iteration cursor that will iterate over all known credential caches independent of type.

-

Use krb5_cccol_cursor_free() to release cursor when it is no longer needed.

-
-

See also

-

krb5_cccol_cursor_next()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_next.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_next.html deleted file mode 100644 index 79962cc2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_cursor_next.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_cccol_cursor_next - Get the next credential cache in the collection. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cccol_cursor_next - Get the next credential cache in the collection.¶

-
-
-krb5_error_code krb5_cccol_cursor_next(krb5_context context, krb5_cccol_cursor cursor, krb5_ccache *ccache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cursor - Cursor

-

[out] ccache - Credential cache handle

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Use krb5_cc_close() to close ccache when it is no longer needed.

-
-

See also

-

krb5_cccol_cursor_new(), krb5_cccol_cursor_free()

-
-
-

Note

-

When all caches are iterated over and the end of the list is reached, ccache is set to NULL.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_have_content.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_have_content.html deleted file mode 100644 index df061ced..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cccol_have_content.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - krb5_cccol_have_content - Check if the credential cache collection contains any initialized caches. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cccol_have_content - Check if the credential cache collection contains any initialized caches.¶

-
-
-krb5_error_code krb5_cccol_have_content(krb5_context context)¶
-
- -
-
param
-

[in] context - Library context

-
-
-
-
retval
-
    -
  • 0 At least one initialized cache is present in the collection

  • -
  • KRB5_CC_NOTFOUND The collection contains no caches

  • -
-
-
-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_change_password.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_change_password.html deleted file mode 100644 index 2be3e6c7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_change_password.html +++ /dev/null @@ -1,172 +0,0 @@ - - - - - - - - - krb5_change_password - Change a password for an existing Kerberos account. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_change_password - Change a password for an existing Kerberos account.¶

-
-
-krb5_error_code krb5_change_password(krb5_context context, krb5_creds *creds, const char *newpw, int *result_code, krb5_data *result_code_string, krb5_data *result_string)¶
-
- -
-
param
-

[in] context - Library context

-

[in] creds - Credentials for kadmin/changepw service

-

[in] newpw - New password

-

[out] result_code - Numeric error code from server

-

[out] result_code_string - String equivalent to result_code

-

[out] result_string - Change password response from the KDC

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Change the password for the existing principal identified by creds .

-

The possible values of the output result_code are:

-
-
    -
  • #KRB5_KPASSWD_SUCCESS (0) - success

  • -
  • #KRB5_KPASSWD_MALFORMED (1) - Malformed request error

  • -
  • #KRB5_KPASSWD_HARDERROR (2) - Server error

  • -
  • #KRB5_KPASSWD_AUTHERROR (3) - Authentication error

  • -
  • #KRB5_KPASSWD_SOFTERROR (4) - Password change rejected

  • -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_check_clockskew.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_check_clockskew.html deleted file mode 100644 index ab5896da..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_check_clockskew.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time.¶

-
-
-krb5_error_code krb5_check_clockskew(krb5_context context, krb5_timestamp date)¶
-
- -
-
param
-

[in] context - Library context

-

[in] date - Timestamp to check

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KRB5KRB_AP_ERR_SKEW date is not within allowable clock skew

  • -
-
-
-

This function checks if date is close enough to the current time according to the configured allowable clock skew.

-
-

Note

-

New in 1.10

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_checksum_size.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_checksum_size.html deleted file mode 100644 index 893ff4b8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_checksum_size.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_checksum_size — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_chpw_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_chpw_message.html deleted file mode 100644 index 6a8ea88b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_chpw_message.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - - krb5_chpw_message - Get a result message for changing or setting a password. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_chpw_message - Get a result message for changing or setting a password.¶

-
-
-krb5_error_code krb5_chpw_message(krb5_context context, const krb5_data *server_string, char **message_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] server_string - Data returned from the remote system

-

[out] message_out - A message displayable to the user

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function processes the server_string returned in the result_string parameter of krb5_change_password(), krb5_set_password(), and related functions, and returns a displayable string. If server_string contains Active Directory structured policy information, it will be converted into human-readable text.

-

Use krb5_free_string() to free message_out when it is no longer needed.

-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cksumtype_to_string.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cksumtype_to_string.html deleted file mode 100644 index 0246b8be..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_cksumtype_to_string.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_cksumtype_to_string - Convert a checksum type to a string. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cksumtype_to_string - Convert a checksum type to a string.¶

-
-
-krb5_error_code krb5_cksumtype_to_string(krb5_cksumtype cksumtype, char *buffer, size_t buflen)¶
-
- -
-
param
-

[in] cksumtype - Checksum type

-

[out] buffer - Buffer to hold converted checksum type

-

[in] buflen - Storage available in buffer

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_clear_error_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_clear_error_message.html deleted file mode 100644 index 181e13e5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_clear_error_message.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_clear_error_message - Clear the extended error message in a context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_clear_error_message - Clear the extended error message in a context.¶

-
-
-void krb5_clear_error_message(krb5_context ctx)¶
-
- -
-
param
-

[in] ctx - Library context

-
-
-

This function unsets the extended error message in a context, to ensure that it is not mistakenly applied to another occurrence of the same error code.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_addresses.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_addresses.html deleted file mode 100644 index bd2419a3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_addresses.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_copy_addresses - Copy an array of addresses. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_addresses - Copy an array of addresses.¶

-
-
-krb5_error_code krb5_copy_addresses(krb5_context context, krb5_address *const *inaddr, krb5_address ***outaddr)¶
-
- -
-
param
-

[in] context - Library context

-

[in] inaddr - Array of addresses to be copied

-

[out] outaddr - Copy of array of addresses

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a new address array containing a copy of inaddr . Use krb5_free_addresses() to free outaddr when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_authdata.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_authdata.html deleted file mode 100644 index e9ab3e65..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_authdata.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_copy_authdata - Copy an authorization data list. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_authdata - Copy an authorization data list.¶

-
-
-krb5_error_code krb5_copy_authdata(krb5_context context, krb5_authdata *const *in_authdat, krb5_authdata ***out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] in_authdat - List of krb5_authdata structures

-

[out] out - New array of krb5_authdata structures

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a new authorization data list containing a copy of in_authdat , which must be null-terminated. Use krb5_free_authdata() to free out when it is no longer needed.

-
-

Note

-

The last array entry in in_authdat must be a NULL pointer.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_authenticator.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_authenticator.html deleted file mode 100644 index 3152f25e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_authenticator.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_copy_authenticator - Copy a krb5_authenticator structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_authenticator - Copy a krb5_authenticator structure.¶

-
-
-krb5_error_code krb5_copy_authenticator(krb5_context context, const krb5_authenticator *authfrom, krb5_authenticator **authto)¶
-
- -
-
param
-

[in] context - Library context

-

[in] authfrom - krb5_authenticator structure to be copied

-

[out] authto - Copy of krb5_authenticator structure

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a new krb5_authenticator structure with the content of authfrom . Use krb5_free_authenticator() to free authto when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_checksum.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_checksum.html deleted file mode 100644 index 27e6189e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_checksum.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_copy_checksum - Copy a krb5_checksum structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_checksum - Copy a krb5_checksum structure.¶

-
-
-krb5_error_code krb5_copy_checksum(krb5_context context, const krb5_checksum *ckfrom, krb5_checksum **ckto)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ckfrom - Checksum to be copied

-

[out] ckto - Copy of krb5_checksum structure

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a new krb5_checksum structure with the contents of ckfrom . Use krb5_free_checksum() to free ckto when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_context.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_context.html deleted file mode 100644 index c70c65d0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_context.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_copy_context - Copy a krb5_context structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_context - Copy a krb5_context structure.¶

-
-
-krb5_error_code krb5_copy_context(krb5_context ctx, krb5_context *nctx_out)¶
-
- -
-
param
-

[in] ctx - Library context

-

[out] nctx_out - New context structure

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

The newly created context must be released by calling krb5_free_context() when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_creds.html deleted file mode 100644 index 888f0642..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_creds.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_copy_creds - Copy a krb5_creds structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_creds - Copy a krb5_creds structure.¶

-
-
-krb5_error_code krb5_copy_creds(krb5_context context, const krb5_creds *incred, krb5_creds **outcred)¶
-
- -
-
param
-

[in] context - Library context

-

[in] incred - Credentials structure to be copied

-

[out] outcred - Copy of incred

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a new credential with the contents of incred . Use krb5_free_creds() to free outcred when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_data.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_data.html deleted file mode 100644 index 8db97660..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_data.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_copy_data - Copy a krb5_data object. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_data - Copy a krb5_data object.¶

-
-
-krb5_error_code krb5_copy_data(krb5_context context, const krb5_data *indata, krb5_data **outdata)¶
-
- -
-
param
-

[in] context - Library context

-

[in] indata - Data object to be copied

-

[out] outdata - Copy of indata

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a new krb5_data object with the contents of indata . Use krb5_free_data() to free outdata when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_error_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_error_message.html deleted file mode 100644 index 9619774c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_error_message.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_copy_error_message - Copy the most recent extended error message from one context to another. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_keyblock.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_keyblock.html deleted file mode 100644 index 53b17d04..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_keyblock.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_copy_keyblock - Copy a keyblock. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_keyblock - Copy a keyblock.¶

-
-
-krb5_error_code krb5_copy_keyblock(krb5_context context, const krb5_keyblock *from, krb5_keyblock **to)¶
-
- -
-
param
-

[in] context - Library context

-

[in] from - Keyblock to be copied

-

[out] to - Copy of keyblock from

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a new keyblock with the same contents as from . Use krb5_free_keyblock() to free to when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_keyblock_contents.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_keyblock_contents.html deleted file mode 100644 index 807e5c1f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_keyblock_contents.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_copy_keyblock_contents - Copy the contents of a keyblock. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_keyblock_contents - Copy the contents of a keyblock.¶

-
-
-krb5_error_code krb5_copy_keyblock_contents(krb5_context context, const krb5_keyblock *from, krb5_keyblock *to)¶
-
- -
-
param
-

[in] context - Library context

-

[in] from - Key to be copied

-

[out] to - Output key

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function copies the contents of from to to . Use krb5_free_keyblock_contents() to free to when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_principal.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_principal.html deleted file mode 100644 index 65e48948..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_principal.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_copy_principal - Copy a principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_principal - Copy a principal.¶

-
-
-krb5_error_code krb5_copy_principal(krb5_context context, krb5_const_principal inprinc, krb5_principal *outprinc)¶
-
- -
-
param
-

[in] context - Library context

-

[in] inprinc - Principal to be copied

-

[out] outprinc - Copy of inprinc

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a new principal structure with the contents of inprinc . Use krb5_free_principal() to free outprinc when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_ticket.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_ticket.html deleted file mode 100644 index 63cbd1f0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_copy_ticket.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_copy_ticket - Copy a krb5_ticket structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_copy_ticket - Copy a krb5_ticket structure.¶

-
-
-krb5_error_code krb5_copy_ticket(krb5_context context, const krb5_ticket *from, krb5_ticket **pto)¶
-
- -
-
param
-

[in] context - Library context

-

[in] from - Ticket to be copied

-

[out] pto - Copy of ticket

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a new krb5_ticket structure containing the contents of from . Use krb5_free_ticket() to free pto when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_decode_authdata_container.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_decode_authdata_container.html deleted file mode 100644 index dcb1eb74..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_decode_authdata_container.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_decode_authdata_container - Unwrap authorization data. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_decode_authdata_container - Unwrap authorization data.¶

-
-
-krb5_error_code krb5_decode_authdata_container(krb5_context context, krb5_authdatatype type, const krb5_authdata *container, krb5_authdata ***authdata)¶
-
- -
-
param
-

[in] context - Library context

-

[in] type - Container type (see KRB5_AUTHDATA macros)

-

[in] container - Authorization data to be decoded

-

[out] authdata - List of decoded authorization data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
-

See also

-

krb5_encode_authdata_container()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_decode_ticket.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_decode_ticket.html deleted file mode 100644 index 2ee5227b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_decode_ticket.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_decode_ticket - Decode an ASN.1-formatted ticket. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_decrypt.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_decrypt.html deleted file mode 100644 index dac5f0e1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_decrypt.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_decrypt — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_deltat_to_string.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_deltat_to_string.html deleted file mode 100644 index 911cb0c2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_deltat_to_string.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_deltat_to_string - Convert a relative time value to a string. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_deltat_to_string - Convert a relative time value to a string.¶

-
-
-krb5_error_code krb5_deltat_to_string(krb5_deltat deltat, char *buffer, size_t buflen)¶
-
- -
-
param
-

[in] deltat - Relative time value to convert

-

[out] buffer - Buffer to hold time string

-

[in] buflen - Storage available in buffer

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_eblock_enctype.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_eblock_enctype.html deleted file mode 100644 index 46a44a01..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_eblock_enctype.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_eblock_enctype — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_encode_authdata_container.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_encode_authdata_container.html deleted file mode 100644 index 3bb14a9b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_encode_authdata_container.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_encode_authdata_container - Wrap authorization data in a container. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_encode_authdata_container - Wrap authorization data in a container.¶

-
-
-krb5_error_code krb5_encode_authdata_container(krb5_context context, krb5_authdatatype type, krb5_authdata *const *authdata, krb5_authdata ***container)¶
-
- -
-
param
-

[in] context - Library context

-

[in] type - Container type (see KRB5_AUTHDATA macros)

-

[in] authdata - List of authorization data to be encoded

-

[out] container - List of encoded authorization data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

The result is returned in container as a single-element list.

-
-

See also

-

krb5_decode_authdata_container()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_encrypt.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_encrypt.html deleted file mode 100644 index 76414f03..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_encrypt.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_encrypt — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_encrypt_size.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_encrypt_size.html deleted file mode 100644 index cf818b2c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_encrypt_size.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_encrypt_size — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_enctype_to_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_enctype_to_name.html deleted file mode 100644 index 46fc5d84..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_enctype_to_name.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_enctype_to_name - Convert an encryption type to a name or alias. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_enctype_to_name - Convert an encryption type to a name or alias.¶

-
-
-krb5_error_code krb5_enctype_to_name(krb5_enctype enctype, krb5_boolean shortest, char *buffer, size_t buflen)¶
-
- -
-
param
-

[in] enctype - Encryption type

-

[in] shortest - Flag

-

[out] buffer - Buffer to hold encryption type string

-

[in] buflen - Storage available in buffer

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

If shortest is FALSE, this function returns the enctype’s canonical name (likeâ€aes128-cts-hmac-sha1-96â€). If shortest is TRUE, it return the enctype’s shortest alias (likeâ€aes128-ctsâ€).

-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_enctype_to_string.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_enctype_to_string.html deleted file mode 100644 index 82695b07..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_enctype_to_string.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_enctype_to_string - Convert an encryption type to a string. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_enctype_to_string - Convert an encryption type to a string.¶

-
-
-krb5_error_code krb5_enctype_to_string(krb5_enctype enctype, char *buffer, size_t buflen)¶
-
- -
-
param
-

[in] enctype - Encryption type

-

[out] buffer - Buffer to hold encryption type string

-

[in] buflen - Storage available in buffer

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_expand_hostname.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_expand_hostname.html deleted file mode 100644 index afd64130..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_expand_hostname.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_expand_hostname - Canonicalize a hostname, possibly using name service. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_expand_hostname - Canonicalize a hostname, possibly using name service.¶

-
-
-krb5_error_code krb5_expand_hostname(krb5_context context, const char *host, char **canonhost_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] host - Input hostname

-

[out] canonhost_out - Canonicalized hostname

-
-
-

This function canonicalizes orig_hostname, possibly using name service lookups if configuration permits. Use krb5_free_string() to free canonhost_out when it is no longer needed.

-
-

Note

-

New in 1.15

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_find_authdata.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_find_authdata.html deleted file mode 100644 index 71c21943..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_find_authdata.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_find_authdata - Find authorization data elements. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_find_authdata - Find authorization data elements.¶

-
-
-krb5_error_code krb5_find_authdata(krb5_context context, krb5_authdata *const *ticket_authdata, krb5_authdata *const *ap_req_authdata, krb5_authdatatype ad_type, krb5_authdata ***results)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ticket_authdata - Authorization data list from ticket

-

[in] ap_req_authdata - Authorization data list from AP request

-

[in] ad_type - Authorization data type to find

-

[out] results - List of matching entries

-
-
-

This function searches ticket_authdata and ap_req_authdata for elements of type ad_type . Either input list may be NULL, in which case it will not be searched; otherwise, the input lists must be terminated by NULL entries. This function will search inside AD-IF-RELEVANT containers if found in either list. Use krb5_free_authdata() to free results when it is no longer needed.

-
-

Note

-

New in 1.10

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_finish_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_finish_key.html deleted file mode 100644 index 94313bbd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_finish_key.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_finish_key — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_finish_random_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_finish_random_key.html deleted file mode 100644 index bfdeb4ff..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_finish_random_key.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_finish_random_key — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_addresses.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_addresses.html deleted file mode 100644 index deaab411..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_addresses.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_free_addresses - Free the data stored in array of addresses. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_addresses - Free the data stored in array of addresses.¶

-
-
-void krb5_free_addresses(krb5_context context, krb5_address **val)¶
-
- -
-
param
-

[in] context - Library context

-

[in] val - Array of addresses to be freed

-
-
-

This function frees the contents of val and the array itself.

-
-

Note

-

The last entry in the array must be a NULL pointer.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_ap_rep_enc_part.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_ap_rep_enc_part.html deleted file mode 100644 index 9c15e48f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_ap_rep_enc_part.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_ap_rep_enc_part - Free a krb5_ap_rep_enc_part structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_ap_rep_enc_part - Free a krb5_ap_rep_enc_part structure.¶

-
-
-void krb5_free_ap_rep_enc_part(krb5_context context, krb5_ap_rep_enc_part *val)¶
-
- -
-
param
-

[in] context - Library context

-

[in] val - AP-REP enc part to be freed

-
-
-

This function frees the contents of val and the structure itself.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_authdata.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_authdata.html deleted file mode 100644 index 1c521889..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_authdata.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_free_authdata - Free the storage assigned to array of authentication data. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_authdata - Free the storage assigned to array of authentication data.¶

-
-
-void krb5_free_authdata(krb5_context context, krb5_authdata **val)¶
-
- -
-
param
-

[in] context - Library context

-

[in] val - Array of authentication data to be freed

-
-
-

This function frees the contents of val and the array itself.

-
-

Note

-

The last entry in the array must be a NULL pointer.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_authenticator.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_authenticator.html deleted file mode 100644 index 897427ef..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_authenticator.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_authenticator - Free a krb5_authenticator structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_authenticator - Free a krb5_authenticator structure.¶

-
-
-void krb5_free_authenticator(krb5_context context, krb5_authenticator *val)¶
-
- -
-
param
-

[in] context - Library context

-

[in] val - Authenticator structure to be freed

-
-
-

This function frees the contents of val and the structure itself.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_checksum.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_checksum.html deleted file mode 100644 index 3f366e65..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_checksum.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_checksum - Free a krb5_checksum structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_checksum - Free a krb5_checksum structure.¶

-
-
-void krb5_free_checksum(krb5_context context, krb5_checksum *val)¶
-
- -
-
param
-

[in] context - Library context

-

[in] val - Checksum structure to be freed

-
-
-

This function frees the contents of val and the structure itself.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_checksum_contents.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_checksum_contents.html deleted file mode 100644 index 74e81e83..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_checksum_contents.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_checksum_contents - Free the contents of a krb5_checksum structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_checksum_contents - Free the contents of a krb5_checksum structure.¶

-
-
-void krb5_free_checksum_contents(krb5_context context, krb5_checksum *val)¶
-
- -
-
param
-

[in] context - Library context

-

[in] val - Checksum structure to free contents of

-
-
-

This function frees the contents of val , but not the structure itself. It sets the checksum’s data pointer to null and (beginning in release 1.19) sets its length to zero.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_cksumtypes.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_cksumtypes.html deleted file mode 100644 index 7c9c207a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_cksumtypes.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_free_cksumtypes - Free an array of checksum types. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_context.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_context.html deleted file mode 100644 index 253bfb23..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_context.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_free_context - Free a krb5 library context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_cred_contents.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_cred_contents.html deleted file mode 100644 index 181d6d4f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_cred_contents.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_cred_contents - Free the contents of a krb5_creds structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_cred_contents - Free the contents of a krb5_creds structure.¶

-
-
-void krb5_free_cred_contents(krb5_context context, krb5_creds *val)¶
-
- -
-
param
-

[in] context - Library context

-

[in] val - Credential structure to free contents of

-
-
-

This function frees the contents of val , but not the structure itself.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_creds.html deleted file mode 100644 index 521beb0d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_creds.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_creds - Free a krb5_creds structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_creds - Free a krb5_creds structure.¶

-
-
-void krb5_free_creds(krb5_context context, krb5_creds *val)¶
-
- -
-
param
-

[in] context - Library context

-

[in] val - Credential structure to be freed.

-
-
-

This function frees the contents of val and the structure itself.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_data.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_data.html deleted file mode 100644 index 341bd1ab..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_data.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_data - Free a krb5_data structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_data_contents.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_data_contents.html deleted file mode 100644 index dbb44185..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_data_contents.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_data_contents - Free the contents of a krb5_data structure and zero the data field. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_data_contents - Free the contents of a krb5_data structure and zero the data field.¶

-
-
-void krb5_free_data_contents(krb5_context context, krb5_data *val)¶
-
- -
-
param
-

[in] context - Library context

-

[in] val - Data structure to free contents of

-
-
-

This function frees the contents of val , but not the structure itself. It sets the structure’s data pointer to null and (beginning in release 1.19) sets its length to zero.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_default_realm.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_default_realm.html deleted file mode 100644 index f2ebf4a8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_default_realm.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm(). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_enctypes.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_enctypes.html deleted file mode 100644 index 3a8ffe25..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_enctypes.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_free_enctypes - Free an array of encryption types. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_error.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_error.html deleted file mode 100644 index 321051e3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_error.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth(). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth().¶

-
-
-void krb5_free_error(krb5_context context, krb5_error *val)¶
-
- -
-
param
-

[in] context - Library context

-

[in] val - Error data structure to be freed

-
-
-

This function frees the contents of val and the structure itself.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_error_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_error_message.html deleted file mode 100644 index 010c0e38..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_error_message.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_free_error_message - Free an error message generated by krb5_get_error_message(). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_host_realm.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_host_realm.html deleted file mode 100644 index b095c77c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_host_realm.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm(). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm().¶

-
-
-krb5_error_code krb5_free_host_realm(krb5_context context, char *const *realmlist)¶
-
- -
-
param
-

[in] context - Library context

-

[in] realmlist - List of realm names to be released

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keyblock.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keyblock.html deleted file mode 100644 index 8a0a83f5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keyblock.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_keyblock - Free a krb5_keyblock structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keyblock_contents.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keyblock_contents.html deleted file mode 100644 index 1e477ec9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keyblock_contents.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_keyblock_contents - Free the contents of a krb5_keyblock structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_keyblock_contents - Free the contents of a krb5_keyblock structure.¶

-
-
-void krb5_free_keyblock_contents(krb5_context context, krb5_keyblock *key)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Keyblock to be freed

-
-
-

This function frees the contents of key , but not the structure itself.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keytab_entry_contents.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keytab_entry_contents.html deleted file mode 100644 index ca780f4e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_keytab_entry_contents.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - krb5_free_keytab_entry_contents - Free the contents of a key table entry. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_keytab_entry_contents - Free the contents of a key table entry.¶

-
-
-krb5_error_code krb5_free_keytab_entry_contents(krb5_context context, krb5_keytab_entry *entry)¶
-
- -
-
param
-

[in] context - Library context

-

[in] entry - Key table entry whose contents are to be freed

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
-

Note

-

The pointer is not freed.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_principal.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_principal.html deleted file mode 100644 index 496366a4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_principal.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_free_principal - Free the storage assigned to a principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_string.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_string.html deleted file mode 100644 index c02087a4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_string.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_free_string - Free a string allocated by a krb5 function. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_tgt_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_tgt_creds.html deleted file mode 100644 index f9027940..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_tgt_creds.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_free_tgt_creds - Free an array of credential structures. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_free_tgt_creds - Free an array of credential structures.¶

-
-
-void krb5_free_tgt_creds(krb5_context context, krb5_creds **tgts)¶
-
- -
-
param
-

[in] context - Library context

-

[in] tgts - Null-terminated array of credentials to free

-
-
-
-

Note

-

The last entry in the array tgts must be a NULL pointer.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_ticket.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_ticket.html deleted file mode 100644 index 3e022993..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_ticket.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_free_ticket - Free a ticket. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_unparsed_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_unparsed_name.html deleted file mode 100644 index a6faa009..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_free_unparsed_name.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_free_unparsed_name - Free a string representation of a principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_fwd_tgt_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_fwd_tgt_creds.html deleted file mode 100644 index 16429b1b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_fwd_tgt_creds.html +++ /dev/null @@ -1,173 +0,0 @@ - - - - - - - - - krb5_fwd_tgt_creds - Get a forwarded TGT and format a KRB-CRED message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_fwd_tgt_creds - Get a forwarded TGT and format a KRB-CRED message.¶

-
-
-krb5_error_code krb5_fwd_tgt_creds(krb5_context context, krb5_auth_context auth_context, const char *rhost, krb5_principal client, krb5_principal server, krb5_ccache cc, int forwardable, krb5_data *outbuf)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] rhost - Remote host

-

[in] client - Client principal of TGT

-

[in] server - Principal of server to receive TGT

-

[in] cc - Credential cache handle (NULL to use default)

-

[in] forwardable - Whether TGT should be forwardable

-

[out] outbuf - KRB-CRED message

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • ENOMEM Insufficient memory

  • -
  • KRB5_PRINC_NOMATCH Requested principal and ticket do not match

  • -
  • KRB5_NO_TKT_SUPPLIED Request did not supply a ticket

  • -
  • KRB5_CC_BADNAME Credential cache name or principal name malformed

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Get a TGT for use at the remote host rhost and format it into a KRB-CRED message. If rhost is NULL and server is of type #KRB5_NT_SRV_HST, the second component of server will be used.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials.html deleted file mode 100644 index bb68b8f9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - - krb5_get_credentials - Get an additional ticket. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_credentials - Get an additional ticket.¶

-
-
-krb5_error_code krb5_get_credentials(krb5_context context, krb5_flags options, krb5_ccache ccache, krb5_creds *in_creds, krb5_creds **out_creds)¶
-
- -
-
param
-

[in] context - Library context

-

[in] options - Options

-

[in] ccache - Credential cache handle

-

[in] in_creds - Input credentials

-

[out] out_creds - Output updated credentials

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Use ccache or a TGS exchange to get a service ticket matching in_creds .

-

Valid values for options are:

-
-
-
    -
  • #KRB5_GC_CACHED Search only credential cache for the ticket

  • -
  • #KRB5_GC_USER_USER Return a user to user authentication ticket

  • -
-
-

in_creds must be non-null. in_creds->client and in_creds->server must be filled in to specify the client and the server respectively. If any authorization data needs to be requested for the service ticket (such as restrictions on how the ticket can be used), specify it in in_creds->authdata ; otherwise set in_creds->authdata to NULL. The session key type is specified in in_creds->keyblock.enctype , if it is nonzero.

-
-

The expiration date is specified in in_creds->times.endtime . The KDC may return tickets with an earlier expiration date. If in_creds->times.endtime is set to 0, the latest possible expiration date will be requested.

-

Any returned ticket and intermediate ticket-granting tickets are stored in ccache .

-

Use krb5_free_creds() to free out_creds when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials_renew.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials_renew.html deleted file mode 100644 index 930f2fad..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials_renew.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_get_credentials_renew — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials_validate.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials_validate.html deleted file mode 100644 index 6b2ded9f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_credentials_validate.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_get_credentials_validate — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_default_realm.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_default_realm.html deleted file mode 100644 index a9a6e85e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_default_realm.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_get_default_realm - Retrieve the default realm. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_default_realm - Retrieve the default realm.¶

-
-
-krb5_error_code krb5_get_default_realm(krb5_context context, char **lrealm)¶
-
- -
-
param
-

[in] context - Library context

-

[out] lrealm - Default realm name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Retrieves the default realm to be used if no user-specified realm is available.

-

Use krb5_free_default_realm() to free lrealm when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_error_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_error_message.html deleted file mode 100644 index 8ec00800..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_error_message.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_get_error_message - Get the (possibly extended) error message for a code. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_error_message - Get the (possibly extended) error message for a code.¶

-
-
-const char *krb5_get_error_message(krb5_context ctx, krb5_error_code code)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] code - Error code

-
-
-

The behavior of krb5_get_error_message() is only defined the first time it is called after a failed call to a krb5 function using the same context, and only when the error code passed in is the same as that returned by the krb5 function.

-

This function never returns NULL, so its result may be used unconditionally as a C string.

-

The string returned by this function must be freed using krb5_free_error_message()

-
-

Note

-

Future versions may return the same string for the second and following calls.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_etype_info.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_etype_info.html deleted file mode 100644 index 3cb66001..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_etype_info.html +++ /dev/null @@ -1,175 +0,0 @@ - - - - - - - - - krb5_get_etype_info - Retrieve enctype, salt and s2kparams from KDC. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_etype_info - Retrieve enctype, salt and s2kparams from KDC.¶

-
-
-krb5_error_code krb5_get_etype_info(krb5_context context, krb5_principal principal, krb5_get_init_creds_opt *opt, krb5_enctype *enctype_out, krb5_data *salt_out, krb5_data *s2kparams_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] principal - Principal whose information is requested

-

[in] opt - Initial credential options

-

[out] enctype_out - The enctype chosen by KDC

-

[out] salt_out - Salt returned from KDC

-

[out] s2kparams_out - String-to-key parameters returned from KDC

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • A Kerberos error code

  • -
-
-
-

Send an initial ticket request for principal and extract the encryption type, salt type, and string-to-key parameters from the KDC response. If the KDC provides no etype-info, set enctype_out to ENCTYPE_NULL and set salt_out and s2kparams_out to empty. If the KDC etype-info provides no salt, compute the default salt and place it in salt_out . If the KDC etype-info provides no string-to-key parameters, set s2kparams_out to empty.

-
-

opt may be used to specify options which affect the initial request, such as request encryption types or a FAST armor cache (see krb5_get_init_creds_opt_set_etype_list() and krb5_get_init_creds_opt_set_fast_ccache_name()).

-
-

Use krb5_free_data_contents() to free salt_out and s2kparams_out when they are no longer needed.

-
-

Note

-

New in 1.17

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_fallback_host_realm.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_fallback_host_realm.html deleted file mode 100644 index 41d978b7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_fallback_host_realm.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_get_fallback_host_realm — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_fallback_host_realm¶

-
-
-krb5_error_code krb5_get_fallback_host_realm(krb5_context context, krb5_data *hdata, char ***realmsp)¶
-
- -
-
param
-

[in] context - Library context

-

[in] hdata - Host name (or NULL)

-

[out] realmsp - Null-terminated list of realm names

-
-
-

Fill in realmsp with a pointer to a null-terminated list of realm names obtained through heuristics or insecure resolution methods which have lower priority than KDC referrals.

-

If host is NULL, the local host’s realms are determined.

-

Use krb5_free_host_realm() to release realmsp when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_host_realm.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_host_realm.html deleted file mode 100644 index 8594425c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_host_realm.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_get_host_realm - Get the Kerberos realm names for a host. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_host_realm - Get the Kerberos realm names for a host.¶

-
-
-krb5_error_code krb5_get_host_realm(krb5_context context, const char *host, char ***realmsp)¶
-
- -
-
param
-

[in] context - Library context

-

[in] host - Host name (or NULL)

-

[out] realmsp - Null-terminated list of realm names

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • ENOMEM Insufficient memory

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Fill in realmsp with a pointer to a null-terminated list of realm names. If there are no known realms for the host, a list containing the referral (empty) realm is returned.

-

If host is NULL, the local host’s realms are determined.

-

Use krb5_free_host_realm() to release realmsp when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_keytab.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_keytab.html deleted file mode 100644 index d546b065..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_keytab.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_get_in_tkt_with_keytab — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_in_tkt_with_keytab¶

-
-
-krb5_error_code krb5_get_in_tkt_with_keytab(krb5_context context, krb5_flags options, krb5_address *const *addrs, krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types, krb5_keytab arg_keytab, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep **ret_as_reply)¶
-
- -
-
param
-

context

-

options

-

addrs

-

ktypes

-

pre_auth_types

-

arg_keytab

-

ccache

-

creds

-

ret_as_reply

-
-
-

DEPRECATED Replaced by krb5_get_init_creds_keytab().

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_password.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_password.html deleted file mode 100644 index d303e0b9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_password.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_get_in_tkt_with_password — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_in_tkt_with_password¶

-
-
-krb5_error_code krb5_get_in_tkt_with_password(krb5_context context, krb5_flags options, krb5_address *const *addrs, krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types, const char *password, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep **ret_as_reply)¶
-
- -
-
param
-

context

-

options

-

addrs

-

ktypes

-

pre_auth_types

-

password

-

ccache

-

creds

-

ret_as_reply

-
-
-

DEPRECATED Replaced by krb5_get_init_creds_password().

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_skey.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_skey.html deleted file mode 100644 index 11a5661e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_in_tkt_with_skey.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_get_in_tkt_with_skey — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_in_tkt_with_skey¶

-
-
-krb5_error_code krb5_get_in_tkt_with_skey(krb5_context context, krb5_flags options, krb5_address *const *addrs, krb5_enctype *ktypes, krb5_preauthtype *pre_auth_types, const krb5_keyblock *key, krb5_ccache ccache, krb5_creds *creds, krb5_kdc_rep **ret_as_reply)¶
-
- -
-
param
-

context

-

options

-

addrs

-

ktypes

-

pre_auth_types

-

key

-

ccache

-

creds

-

ret_as_reply

-
-
-

DEPRECATED Replaced by krb5_get_init_creds().

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_keytab.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_keytab.html deleted file mode 100644 index 760fc283..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_keytab.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_get_init_creds_keytab - Get initial credentials using a key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_keytab - Get initial credentials using a key table.¶

-
-
-krb5_error_code krb5_get_init_creds_keytab(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_keytab arg_keytab, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *k5_gic_options)¶
-
- -
-
param
-

[in] context - Library context

-

[out] creds - New credentials

-

[in] client - Client principal

-

[in] arg_keytab - Key table handle

-

[in] start_time - Time when ticket becomes valid (0 for now)

-

[in] in_tkt_service - Service name of initial credentials (or NULL)

-

[in] k5_gic_options - Initial credential options

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function requests KDC for an initial credentials for client using a client key stored in arg_keytab . If in_tkt_service is specified, it is parsed as a principal name (with the realm ignored) and used as the service principal for the request; otherwise the ticket-granting service is used.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_alloc.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_alloc.html deleted file mode 100644 index 584d8035..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_alloc.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_alloc - Allocate a new initial credential options structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_alloc - Allocate a new initial credential options structure.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_alloc(krb5_context context, krb5_get_init_creds_opt **opt)¶
-
- -
-
param
-

[in] context - Library context

-

[out] opt - New options structure

-
-
-
-
retval
-
    -
  • 0 - Success; Kerberos errors otherwise.

  • -
-
-
-

This function is the preferred way to create an options structure for getting initial credentials, and is required to make use of certain options. Use krb5_get_init_creds_opt_free() to free opt when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_free.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_free.html deleted file mode 100644 index 622b94a1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_free.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_free - Free initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.html deleted file mode 100644 index 9f189db8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_get_fast_flags - Retrieve FAST flags from initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_get_fast_flags - Retrieve FAST flags from initial credential options.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_get_fast_flags(krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags *out_flags)¶
-
- -
-
param
-

[in] context - Library context

-

[in] opt - Options

-

[out] out_flags - FAST flags

-
-
-
-
retval
-
    -
  • 0 - Success; Kerberos errors otherwise.

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_init.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_init.html deleted file mode 100644 index 6bbaa0a0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_init.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_init — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.html deleted file mode 100644 index a4a03beb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_address_list.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_address_list - Set address restrictions in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.html deleted file mode 100644 index 104511d1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_anonymous - Set or unset the anonymous flag in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_anonymous - Set or unset the anonymous flag in initial credential options.¶

-
-
-void krb5_get_init_creds_opt_set_anonymous(krb5_get_init_creds_opt *opt, int anonymous)¶
-
- -
-
param
-

[in] opt - Options structure

-

[in] anonymous - Whether to make an anonymous request

-
-
-

This function may be used to request anonymous credentials from the KDC by setting anonymous to non-zero. Note that anonymous credentials are only a request; clients must verify that credentials are anonymous if that is a requirement.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.html deleted file mode 100644 index c424621a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_canonicalize - Set or unset the canonicalize flag in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_canonicalize - Set or unset the canonicalize flag in initial credential options.¶

-
-
-void krb5_get_init_creds_opt_set_canonicalize(krb5_get_init_creds_opt *opt, int canonicalize)¶
-
- -
-
param
-

[in] opt - Options structure

-

[in] canonicalize - Whether to canonicalize client principal

-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.html deleted file mode 100644 index 97f4aaac..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_change_password_prompt - Set or unset change-password-prompt flag in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_change_password_prompt - Set or unset change-password-prompt flag in initial credential options.¶

-
-
-void krb5_get_init_creds_opt_set_change_password_prompt(krb5_get_init_creds_opt *opt, int prompt)¶
-
- -
-
param
-

[in] opt - Options structure

-

[in] prompt - Whether to prompt to change password

-
-
-

This flag is on by default. It controls whether krb5_get_init_creds_password() will react to an expired-password error by prompting for a new password and attempting to change the old one.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.html deleted file mode 100644 index f8480408..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_etype_list - Set allowable encryption types in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_etype_list - Set allowable encryption types in initial credential options.¶

-
-
-void krb5_get_init_creds_opt_set_etype_list(krb5_get_init_creds_opt *opt, krb5_enctype *etype_list, int etype_list_length)¶
-
- -
-
param
-

[in] opt - Options structure

-

[in] etype_list - Array of encryption types

-

[in] etype_list_length - Length of etype_list

-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.html deleted file mode 100644 index 3d00dbfa..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_expire_callback - Set an expiration callback in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_expire_callback - Set an expiration callback in initial credential options.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_set_expire_callback(krb5_context context, krb5_get_init_creds_opt *opt, krb5_expire_callback_func cb, void *data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] opt - Options structure

-

[in] cb - Callback function

-

[in] data - Callback argument

-
-
-

Set a callback to receive password and account expiration times.

-
-

cb will be invoked if and only if credentials are successfully acquired. The callback will receive the context from the calling function and the data argument supplied with this API. The remaining arguments should be interpreted as follows:

-
-

If is_last_req is true, then the KDC reply contained last-req entries which unambiguously indicated the password expiration, account expiration, or both. (If either value was not present, the corresponding argument will be 0.) Furthermore, a non-zero password_expiration should be taken as a suggestion from the KDC that a warning be displayed.

-

If is_last_req is false, then account_expiration will be 0 and password_expiration will contain the expiration time of either the password or account, or 0 if no expiration time was indicated in the KDC reply. The callback should independently decide whether to display a password expiration warning.

-

Note that cb may be invoked even if credentials are being acquired for the kadmin/changepw service in order to change the password. It is the caller’s responsibility to avoid displaying a password expiry warning in this case.

-
-

Warning

-

Setting an expire callback with this API will cause krb5_get_init_creds_password() not to send password expiry warnings to the prompter, as it ordinarily may.

-
-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.html deleted file mode 100644 index 70be5633..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_fast_ccache - Set FAST armor cache in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_fast_ccache - Set FAST armor cache in initial credential options.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_set_fast_ccache(krb5_context context, krb5_get_init_creds_opt *opt, krb5_ccache ccache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] opt - Options

-

[in] ccache - Credential cache handle

-
-
-

This function is similar to krb5_get_init_creds_opt_set_fast_ccache_name(), but uses a credential cache handle instead of a name.

-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.html deleted file mode 100644 index adb50036..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_fast_ccache_name - Set location of FAST armor ccache in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_fast_ccache_name - Set location of FAST armor ccache in initial credential options.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_set_fast_ccache_name(krb5_context context, krb5_get_init_creds_opt *opt, const char *fast_ccache_name)¶
-
- -
-
param
-

[in] context - Library context

-

[in] opt - Options

-

[in] fast_ccache_name - Credential cache name

-
-
-

Sets the location of a credential cache containing an armor ticket to protect an initial credential exchange using the FAST protocol extension.

-

In version 1.7, setting an armor ccache requires that FAST be used for the exchange. In version 1.8 or later, setting the armor ccache causes FAST to be used if the KDC supports it; krb5_get_init_creds_opt_set_fast_flags() must be used to require that FAST be used.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.html deleted file mode 100644 index 6c011196..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_fast_flags - Set FAST flags in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_fast_flags - Set FAST flags in initial credential options.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_set_fast_flags(krb5_context context, krb5_get_init_creds_opt *opt, krb5_flags flags)¶
-
- -
-
param
-

[in] context - Library context

-

[in] opt - Options

-

[in] flags - FAST flags

-
-
-
-
retval
-
    -
  • 0 - Success; Kerberos errors otherwise.

  • -
-
-
-

The following flag values are valid:

-
-
    -
  • #KRB5_FAST_REQUIRED - Require FAST to be used

  • -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.html deleted file mode 100644 index 793b939d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_forwardable - Set or unset the forwardable flag in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
- -
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.html deleted file mode 100644 index 165986df..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_in_ccache - Set an input credential cache in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_in_ccache - Set an input credential cache in initial credential options.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_set_in_ccache(krb5_context context, krb5_get_init_creds_opt *opt, krb5_ccache ccache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] opt - Options

-

[in] ccache - Credential cache handle

-
-
-

If an input credential cache is set, then the krb5_get_init_creds family of APIs will read settings from it. Setting an input ccache is desirable when the application wishes to perform authentication in the same way (using the same preauthentication mechanisms, and making the same non-security- sensitive choices) as the previous authentication attempt, which stored information in the passed-in ccache.

-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.html deleted file mode 100644 index a57acf2d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_out_ccache - Set an output credential cache in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_out_ccache - Set an output credential cache in initial credential options.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_set_out_ccache(krb5_context context, krb5_get_init_creds_opt *opt, krb5_ccache ccache)¶
-
- -
-
param
-

[in] context - Library context

-

[in] opt - Options

-

[in] ccache - Credential cache handle

-
-
-

If an output credential cache is set, then the krb5_get_init_creds family of APIs will write credentials to it. Setting an output ccache is desirable both because it simplifies calling code and because it permits the krb5_get_init_creds APIs to write out configuration information about the realm to the ccache.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_pa.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_pa.html deleted file mode 100644 index 131a76d0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_pa.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_pa - Supply options for preauthentication in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_pa - Supply options for preauthentication in initial credential options.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_set_pa(krb5_context context, krb5_get_init_creds_opt *opt, const char *attr, const char *value)¶
-
- -
-
param
-

[in] context - Library context

-

[in] opt - Options structure

-

[in] attr - Preauthentication option name

-

[in] value - Preauthentication option value

-
-
-

This function allows the caller to supply options for preauthentication. The values of attr and value are supplied to each preauthentication module available within context .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.html deleted file mode 100644 index 58a337d9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_pac_request - Ask the KDC to include or not include a PAC in the ticket. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_pac_request - Ask the KDC to include or not include a PAC in the ticket.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_set_pac_request(krb5_context context, krb5_get_init_creds_opt *opt, krb5_boolean req_pac)¶
-
- -
-
param
-

[in] context - Library context

-

[in] opt - Options structure

-

[in] req_pac - Whether to request a PAC or not

-
-
-

If this option is set, the AS request will include a PAC-REQUEST pa-data item explicitly asking the KDC to either include or not include a privilege attribute certificate in the ticket authorization data. By default, no request is made; typically the KDC will default to including a PAC if it supports them.

-
-

Note

-

New in 1.15

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.html deleted file mode 100644 index 94f4b41c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_preauth_list - Set preauthentication types in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_preauth_list - Set preauthentication types in initial credential options.¶

-
-
-void krb5_get_init_creds_opt_set_preauth_list(krb5_get_init_creds_opt *opt, krb5_preauthtype *preauth_list, int preauth_list_length)¶
-
- -
-
param
-

[in] opt - Options structure

-

[in] preauth_list - Array of preauthentication types

-

[in] preauth_list_length - Length of preauth_list

-
-
-

This function can be used to perform optimistic preauthentication when getting initial credentials, in combination with krb5_get_init_creds_opt_set_salt() and krb5_get_init_creds_opt_set_pa().

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.html deleted file mode 100644 index fb570f30..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_proxiable - Set or unset the proxiable flag in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.html deleted file mode 100644 index b671b95a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_renew_life - Set the ticket renewal lifetime in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_responder.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_responder.html deleted file mode 100644 index 1f2ff115..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_responder.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_responder - Set the responder function in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_responder - Set the responder function in initial credential options.¶

-
-
-krb5_error_code krb5_get_init_creds_opt_set_responder(krb5_context context, krb5_get_init_creds_opt *opt, krb5_responder_fn responder, void *data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] opt - Options structure

-

[in] responder - Responder function

-

[in] data - Responder data argument

-
-
-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_salt.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_salt.html deleted file mode 100644 index 6609f377..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_salt.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_salt - Set salt for optimistic preauthentication in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt_set_salt - Set salt for optimistic preauthentication in initial credential options.¶

-
-
-void krb5_get_init_creds_opt_set_salt(krb5_get_init_creds_opt *opt, krb5_data *salt)¶
-
- -
-
param
-

[in] opt - Options structure

-

[in] salt - Salt data

-
-
-

When getting initial credentials with a password, a salt string it used to convert the password to a key. Normally this salt is obtained from the first KDC reply, but when performing optimistic preauthentication, the client may need to supply the salt string with this function.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.html deleted file mode 100644 index ef0e23ee..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt_set_tkt_life - Set the ticket lifetime in initial credential options. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_password.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_password.html deleted file mode 100644 index db25a9cb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_init_creds_password.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - - krb5_get_init_creds_password - Get initial credentials using a password. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_password - Get initial credentials using a password.¶

-
-
-krb5_error_code krb5_get_init_creds_password(krb5_context context, krb5_creds *creds, krb5_principal client, const char *password, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, const char *in_tkt_service, krb5_get_init_creds_opt *k5_gic_options)¶
-
- -
-
param
-

[in] context - Library context

-

[out] creds - New credentials

-

[in] client - Client principal

-

[in] password - Password (or NULL)

-

[in] prompter - Prompter function

-

[in] data - Prompter callback data

-

[in] start_time - Time when ticket becomes valid (0 for now)

-

[in] in_tkt_service - Service name of initial credentials (or NULL)

-

[in] k5_gic_options - Initial credential options

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • EINVAL Invalid argument

  • -
  • KRB5_KDC_UNREACH Cannot contact any KDC for requested realm

  • -
  • KRB5_PREAUTH_FAILED Generic Pre-athentication failure

  • -
  • KRB5_LIBOS_PWDINTR Password read interrupted

  • -
  • KRB5_REALM_CANT_RESOLVE Cannot resolve network address for KDC in requested realm

  • -
  • KRB5KDC_ERR_KEY_EXP Password has expired

  • -
  • KRB5_LIBOS_BADPWDMATCH Password mismatch

  • -
  • KRB5_CHPW_PWDNULL New password cannot be zero length

  • -
  • KRB5_CHPW_FAIL Password change failed

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function requests KDC for an initial credentials for client using password . If password is NULL, a password will be prompted for using prompter if necessary. If in_tkt_service is specified, it is parsed as a principal name (with the realm ignored) and used as the service principal for the request; otherwise the ticket-granting service is used.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_permitted_enctypes.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_permitted_enctypes.html deleted file mode 100644 index 917e809d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_permitted_enctypes.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_get_permitted_enctypes - Return a list of encryption types permitted for session keys. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_permitted_enctypes - Return a list of encryption types permitted for session keys.¶

-
-
-krb5_error_code krb5_get_permitted_enctypes(krb5_context context, krb5_enctype **ktypes)¶
-
- -
-
param
-

[in] context - Library context

-

[out] ktypes - Zero-terminated list of encryption types

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function returns the list of encryption types permitted for session keys within context , as determined by configuration or by a previous call to krb5_set_default_tgs_enctypes().

-

Use krb5_free_enctypes() to free ktypes when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_profile.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_profile.html deleted file mode 100644 index e8b92e71..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_profile.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_get_profile - Retrieve configuration profile from the context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_profile - Retrieve configuration profile from the context.¶

-
-
-krb5_error_code krb5_get_profile(krb5_context context, struct _profile_t **profile)¶
-
- -
-
param
-

[in] context - Library context

-

[out] profile - Pointer to data read from a configuration file

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function creates a new profile object that reflects profile in the supplied context .

-

The profile object may be freed with profile_release() function. See profile.h and profile API for more details.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_prompt_types.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_prompt_types.html deleted file mode 100644 index 60406fc3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_prompt_types.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_get_prompt_types - Get prompt types array from a context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_prompt_types - Get prompt types array from a context.¶

-
-
-krb5_prompt_type *krb5_get_prompt_types(krb5_context context)¶
-
- -
-
param
-

[in] context - Library context

-
-
-
-
return
-
    -
  • Pointer to an array of prompt types corresponding to the prompter’s prompts arguments. Each type has one of the following values: #KRB5_PROMPT_TYPE_PASSWORD #KRB5_PROMPT_TYPE_NEW_PASSWORD #KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN #KRB5_PROMPT_TYPE_PREAUTH

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_renewed_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_renewed_creds.html deleted file mode 100644 index 654c48b1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_renewed_creds.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_get_renewed_creds - Get renewed credential from KDC using an existing credential. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_renewed_creds - Get renewed credential from KDC using an existing credential.¶

-
-
-krb5_error_code krb5_get_renewed_creds(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, const char *in_tkt_service)¶
-
- -
-
param
-

[in] context - Library context

-

[out] creds - Renewed credentials

-

[in] client - Client principal name

-

[in] ccache - Credential cache

-

[in] in_tkt_service - Server principal string (or NULL)

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function gets a renewed credential using an existing one from ccache . If in_tkt_service is specified, it is parsed (with the realm part ignored) and used as the server principal of the credential; otherwise, the ticket-granting service is used.

-

If successful, the renewed credential is placed in creds .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_server_rcache.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_server_rcache.html deleted file mode 100644 index e0c037ff..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_server_rcache.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_get_server_rcache - Generate a replay cache object for server use and open it. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_server_rcache - Generate a replay cache object for server use and open it.¶

-
-
-krb5_error_code krb5_get_server_rcache(krb5_context context, const krb5_data *piece, krb5_rcache *rcptr)¶
-
- -
-
param
-

[in] context - Library context

-

[in] piece - Unused (replay cache identifier)

-

[out] rcptr - Handle to an open rcache

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a handle to the default replay cache. Use krb5_rc_close() to close rcptr when it is no longer needed.

-
-

Note

-

Prior to release 1.18, this function creates a handle to a different replay cache for each unique value of piece .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_time_offsets.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_time_offsets.html deleted file mode 100644 index 61f73adf..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_time_offsets.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_get_time_offsets - Return the time offsets from the os context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_time_offsets - Return the time offsets from the os context.¶

-
-
-krb5_error_code krb5_get_time_offsets(krb5_context context, krb5_timestamp *seconds, krb5_int32 *microseconds)¶
-
- -
-
param
-

[in] context - Library context

-

[out] seconds - Time offset, seconds portion

-

[out] microseconds - Time offset, microseconds portion

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function returns the time offsets in context .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_validated_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_validated_creds.html deleted file mode 100644 index a9230042..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_get_validated_creds.html +++ /dev/null @@ -1,172 +0,0 @@ - - - - - - - - - krb5_get_validated_creds - Get validated credentials from the KDC. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_validated_creds - Get validated credentials from the KDC.¶

-
-
-krb5_error_code krb5_get_validated_creds(krb5_context context, krb5_creds *creds, krb5_principal client, krb5_ccache ccache, const char *in_tkt_service)¶
-
- -
-
param
-

[in] context - Library context

-

[out] creds - Validated credentials

-

[in] client - Client principal name

-

[in] ccache - Credential cache

-

[in] in_tkt_service - Server principal string (or NULL)

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KRB5_NO_2ND_TKT Request missing second ticket

  • -
  • KRB5_NO_TKT_SUPPLIED Request did not supply a ticket

  • -
  • KRB5_PRINC_NOMATCH Requested principal and ticket do not match

  • -
  • KRB5_KDCREP_MODIFIED KDC reply did not match expectations

  • -
  • KRB5_KDCREP_SKEW Clock skew too great in KDC reply

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function gets a validated credential using a postdated credential from ccache . If in_tkt_service is specified, it is parsed (with the realm part ignored) and used as the server principal of the credential; otherwise, the ticket-granting service is used.

-

If successful, the validated credential is placed in creds .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_context.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_context.html deleted file mode 100644 index af327010..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_context.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_init_context - Create a krb5 library context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_context - Create a krb5 library context.¶

-
-
-krb5_error_code krb5_init_context(krb5_context *context)¶
-
- -
-
param
-

[out] context - Library context

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

The context must be released by calling krb5_free_context() when it is no longer needed.

-
-

Warning

-

Any program or module that needs the Kerberos code to not trust the environment must use krb5_init_secure_context(), or clean out the environment.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_context_profile.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_context_profile.html deleted file mode 100644 index 595e064c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_context_profile.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_init_context_profile - Create a krb5 library context using a specified profile. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_context_profile - Create a krb5 library context using a specified profile.¶

-
-
-krb5_error_code krb5_init_context_profile(struct _profile_t *profile, krb5_flags flags, krb5_context *context)¶
-
- -
-
param
-

[in] profile - Profile object (NULL to create default profile)

-

[in] flags - Context initialization flags

-

[out] context - Library context

-
-
-

Create a context structure, optionally using a specified profile and initialization flags. If profile is NULL, the default profile will be created from config files. If profile is non-null, a copy of it will be made for the new context; the caller should still clean up its copy. Valid flag values are:

-
-
    -
  • #KRB5_INIT_CONTEXT_SECURE Ignore environment variables

  • -
  • #KRB5_INIT_CONTEXT_KDC Use KDC configuration if creating profile

  • -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_free.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_free.html deleted file mode 100644 index fa1a3a13..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_free.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_init_creds_free - Free an initial credentials context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_creds_free - Free an initial credentials context.¶

-
-
-void krb5_init_creds_free(krb5_context context, krb5_init_creds_context ctx)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - Initial credentials context

-
-
-
-

context must be the same as the one passed to krb5_init_creds_init() for this initial credentials context.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get.html deleted file mode 100644 index f5d82127..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - krb5_init_creds_get - Acquire credentials using an initial credentials context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_creds_get - Acquire credentials using an initial credentials context.¶

-
-
-krb5_error_code krb5_init_creds_get(krb5_context context, krb5_init_creds_context ctx)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - Initial credentials context

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function synchronously obtains credentials using a context created by krb5_init_creds_init(). On successful return, the credentials can be retrieved with krb5_init_creds_get_creds().

-
-

context must be the same as the one passed to krb5_init_creds_init() for this initial credentials context.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_creds.html deleted file mode 100644 index cc7320eb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_creds.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_init_creds_get_creds - Retrieve acquired credentials from an initial credentials context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_creds_get_creds - Retrieve acquired credentials from an initial credentials context.¶

-
-
-krb5_error_code krb5_init_creds_get_creds(krb5_context context, krb5_init_creds_context ctx, krb5_creds *creds)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - Initial credentials context

-

[out] creds - Acquired credentials

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function copies the acquired initial credentials from ctx into creds , after the successful completion of krb5_init_creds_get() or krb5_init_creds_step(). Use krb5_free_cred_contents() to free creds when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_error.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_error.html deleted file mode 100644 index 42ae200c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_error.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_init_creds_get_error - Get the last error from KDC from an initial credentials context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_creds_get_error - Get the last error from KDC from an initial credentials context.¶

-
-
-krb5_error_code krb5_init_creds_get_error(krb5_context context, krb5_init_creds_context ctx, krb5_error **error)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - Initial credentials context

-

[out] error - Error from KDC, or NULL if none was received

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_times.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_times.html deleted file mode 100644 index 1f17b9e3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_get_times.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_init_creds_get_times - Retrieve ticket times from an initial credentials context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_creds_get_times - Retrieve ticket times from an initial credentials context.¶

-
-
-krb5_error_code krb5_init_creds_get_times(krb5_context context, krb5_init_creds_context ctx, krb5_ticket_times *times)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - Initial credentials context

-

[out] times - Ticket times for acquired credentials

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

The initial credentials context must have completed obtaining credentials via either krb5_init_creds_get() or krb5_init_creds_step().

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_init.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_init.html deleted file mode 100644 index ace909ae..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_init.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_init_creds_init - Create a context for acquiring initial credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_creds_init - Create a context for acquiring initial credentials.¶

-
-
-krb5_error_code krb5_init_creds_init(krb5_context context, krb5_principal client, krb5_prompter_fct prompter, void *data, krb5_deltat start_time, krb5_get_init_creds_opt *options, krb5_init_creds_context *ctx)¶
-
- -
-
param
-

[in] context - Library context

-

[in] client - Client principal to get initial creds for

-

[in] prompter - Prompter callback

-

[in] data - Prompter callback argument

-

[in] start_time - Time when credentials become valid (0 for now)

-

[in] options - Options structure (NULL for default)

-

[out] ctx - New initial credentials context

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a new context for acquiring initial credentials. Use krb5_init_creds_free() to free ctx when it is no longer needed.

-

Any subsequent calls to krb5_init_creds_step(), krb5_init_creds_get(), or krb5_init_creds_free() for this initial credentials context must use the same context argument as the one passed to this function.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_keytab.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_keytab.html deleted file mode 100644 index 359f2269..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_keytab.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_init_creds_set_keytab - Specify a keytab to use for acquiring initial credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_creds_set_keytab - Specify a keytab to use for acquiring initial credentials.¶

-
-
-krb5_error_code krb5_init_creds_set_keytab(krb5_context context, krb5_init_creds_context ctx, krb5_keytab keytab)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - Initial credentials context

-

[in] keytab - Key table handle

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function supplies a keytab containing the client key for an initial credentials request.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_password.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_password.html deleted file mode 100644 index 1c723871..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_password.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_init_creds_set_password - Set a password for acquiring initial credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_creds_set_password - Set a password for acquiring initial credentials.¶

-
-
-krb5_error_code krb5_init_creds_set_password(krb5_context context, krb5_init_creds_context ctx, const char *password)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - Initial credentials context

-

[in] password - Password

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function supplies a password to be used to construct the client key for an initial credentials request.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_service.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_service.html deleted file mode 100644 index 0aacd833..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_set_service.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_init_creds_set_service - Specify a service principal for acquiring initial credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_creds_set_service - Specify a service principal for acquiring initial credentials.¶

-
-
-krb5_error_code krb5_init_creds_set_service(krb5_context context, krb5_init_creds_context ctx, const char *service)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - Initial credentials context

-

[in] service - Service principal string

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function supplies a service principal string to acquire initial credentials for instead of the default krbtgt service. service is parsed as a principal name; any realm part is ignored.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_step.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_step.html deleted file mode 100644 index 41d643c3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_creds_step.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_init_creds_step - Get the next KDC request for acquiring initial credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_creds_step - Get the next KDC request for acquiring initial credentials.¶

-
-
-krb5_error_code krb5_init_creds_step(krb5_context context, krb5_init_creds_context ctx, krb5_data *in, krb5_data *out, krb5_data *realm, unsigned int *flags)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - Initial credentials context

-

[in] in - KDC response (empty on the first call)

-

[out] out - Next KDC request

-

[out] realm - Realm for next KDC request

-

[out] flags - Output flags

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function constructs the next KDC request in an initial credential exchange, allowing the caller to control the transport of KDC requests and replies. On the first call, in should be set to an empty buffer; on subsequent calls, it should be set to the KDC’s reply to the previous request.

-

If more requests are needed, flags will be set to #KRB5_INIT_CREDS_STEP_FLAG_CONTINUE and the next request will be placed in out . If no more requests are needed, flags will not contain #KRB5_INIT_CREDS_STEP_FLAG_CONTINUE and out will be empty.

-

If this function returns KRB5KRB_ERR_RESPONSE_TOO_BIG , the caller should transmit the next request using TCP rather than UDP. If this function returns any other error, the initial credential exchange has failed.

-
-

context must be the same as the one passed to krb5_init_creds_init() for this initial credentials context.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_keyblock.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_keyblock.html deleted file mode 100644 index 5b41041a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_keyblock.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_init_keyblock - Initialize an empty krb5_keyblock . — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_keyblock - Initialize an empty krb5_keyblock .¶

-
-
-krb5_error_code krb5_init_keyblock(krb5_context context, krb5_enctype enctype, size_t length, krb5_keyblock **out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enctype - Encryption type

-

[in] length - Length of keyblock (or 0)

-

[out] out - New keyblock structure

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Initialize a new keyblock and allocate storage for the contents of the key. It is legal to pass in a length of 0, in which case contents are left unallocated. Use krb5_free_keyblock() to free out when it is no longer needed.

-
-

Note

-

If length is set to 0, contents are left unallocated.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_random_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_random_key.html deleted file mode 100644 index 2af5648f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_random_key.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_init_random_key — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_secure_context.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_secure_context.html deleted file mode 100644 index fdfdac95..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_init_secure_context.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_init_secure_context - Create a krb5 library context using only configuration files. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_init_secure_context - Create a krb5 library context using only configuration files.¶

-
-
-krb5_error_code krb5_init_secure_context(krb5_context *context)¶
-
- -
-
param
-

[out] context - Library context

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Create a context structure, using only system configuration files. All information passed through the environment variables is ignored.

-

The context must be released by calling krb5_free_context() when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_config_principal.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_config_principal.html deleted file mode 100644 index f9da536e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_config_principal.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_is_config_principal - Test whether a principal is a configuration principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_is_config_principal - Test whether a principal is a configuration principal.¶

-
-
-krb5_boolean krb5_is_config_principal(krb5_context context, krb5_const_principal principal)¶
-
- -
-
param
-

[in] context - Library context

-

[in] principal - Principal to check

-
-
-
-
return
-
    -
  • TRUE if the principal is a configuration principal (generated part of krb5_cc_set_config()); FALSE otherwise.

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_referral_realm.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_referral_realm.html deleted file mode 100644 index 490230ec..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_referral_realm.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_is_referral_realm - Check for a match with KRB5_REFERRAL_REALM. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_thread_safe.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_thread_safe.html deleted file mode 100644 index 76b425d6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_is_thread_safe.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_is_thread_safe - Test whether the Kerberos library was built with multithread support. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_create_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_create_key.html deleted file mode 100644 index bcdf3869..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_create_key.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_k_create_key - Create a krb5_key from the enctype and key data in a keyblock. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_k_create_key - Create a krb5_key from the enctype and key data in a keyblock.¶

-
-
-krb5_error_code krb5_k_create_key(krb5_context context, const krb5_keyblock *key_data, krb5_key *out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key_data - Keyblock

-

[out] out - Opaque key

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - KRB5_BAD_ENCTYPE

  • -
-
-
-

The reference count on a key out is set to 1. Use krb5_k_free_key() to free out when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_decrypt.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_decrypt.html deleted file mode 100644 index 70b2c7c7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_decrypt.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_k_decrypt - Decrypt data using a key (operates on opaque key). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_k_decrypt - Decrypt data using a key (operates on opaque key).¶

-
-
-krb5_error_code krb5_k_decrypt(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data *cipher_state, const krb5_enc_data *input, krb5_data *output)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Encryption key

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[inout] cipher_state - Cipher state; specify NULL if not needed

-

[in] input - Encrypted data

-

[out] output - Decrypted data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function decrypts the data block input and stores the output into output . The actual decryption key will be derived from key and usage if key derivation is specified for the encryption type. If non-null, cipher_state specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation.

-
-

Note

-

The caller must initialize output and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let krb5_c_decrypt() trim output->length . For some enctypes, the resulting output->length may include padding bytes.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_decrypt_iov.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_decrypt_iov.html deleted file mode 100644 index 5a5bd202..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_decrypt_iov.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_k_decrypt_iov - Decrypt data in place supporting AEAD (operates on opaque key). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_k_decrypt_iov - Decrypt data in place supporting AEAD (operates on opaque key).¶

-
-
-krb5_error_code krb5_k_decrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data *cipher_state, krb5_crypto_iov *data, size_t num_data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Encryption key

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[in] cipher_state - Cipher state; specify NULL if not needed

-

[inout] data - IOV array. Modified in-place.

-

[in] num_data - Size of data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function decrypts the data block data and stores the output in-place. The actual decryption key will be derived from key and usage if key derivation is specified for the encryption type. If non-null, cipher_state specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API.

-
-

See also

-

krb5_k_encrypt_iov()

-
-
-

Note

-

On return from a krb5_c_decrypt_iov() call, the data->length in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_encrypt.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_encrypt.html deleted file mode 100644 index c4c484f7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_encrypt.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_k_encrypt - Encrypt data using a key (operates on opaque key). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_k_encrypt - Encrypt data using a key (operates on opaque key).¶

-
-
-krb5_error_code krb5_k_encrypt(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data *cipher_state, const krb5_data *input, krb5_enc_data *output)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Encryption key

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[inout] cipher_state - Cipher state; specify NULL if not needed

-

[in] input - Data to be encrypted

-

[out] output - Encrypted data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function encrypts the data block input and stores the output into output . The actual encryption key will be derived from key and usage if key derivation is specified for the encryption type. If non-null, cipher_state specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation.

-
-

Note

-

The caller must initialize output and allocate at least enough space for the result (using krb5_c_encrypt_length() to determine the amount of space needed). output->length will be set to the actual length of the ciphertext.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_encrypt_iov.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_encrypt_iov.html deleted file mode 100644 index 744a2602..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_encrypt_iov.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_k_encrypt_iov - Encrypt data in place supporting AEAD (operates on opaque key). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_k_encrypt_iov - Encrypt data in place supporting AEAD (operates on opaque key).¶

-
-
-krb5_error_code krb5_k_encrypt_iov(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data *cipher_state, krb5_crypto_iov *data, size_t num_data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Encryption key

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[in] cipher_state - Cipher state; specify NULL if not needed

-

[inout] data - IOV array. Modified in-place.

-

[in] num_data - Size of data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function encrypts the data block data and stores the output in-place. The actual encryption key will be derived from key and usage if key derivation is specified for the encryption type. If non-null, cipher_state specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5_crypto_iov structures before calling into this API.

-
-

See also

-

krb5_k_decrypt_iov()

-
-
-

Note

-

On return from a krb5_c_encrypt_iov() call, the data->length in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_free_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_free_key.html deleted file mode 100644 index e05b5d47..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_free_key.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_k_free_key - Decrement the reference count on a key and free it if it hits zero. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_key_enctype.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_key_enctype.html deleted file mode 100644 index 97c4c1e4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_key_enctype.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_k_key_enctype - Retrieve the enctype of a krb5_key structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_key_keyblock.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_key_keyblock.html deleted file mode 100644 index a32ab7a5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_key_keyblock.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_k_key_keyblock - Retrieve a copy of the keyblock from a krb5_key structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_make_checksum.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_make_checksum.html deleted file mode 100644 index 3b5e70d8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_make_checksum.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_k_make_checksum - Compute a checksum (operates on opaque key). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_k_make_checksum - Compute a checksum (operates on opaque key).¶

-
-
-krb5_error_code krb5_k_make_checksum(krb5_context context, krb5_cksumtype cksumtype, krb5_key key, krb5_keyusage usage, const krb5_data *input, krb5_checksum *cksum)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cksumtype - Checksum type (0 for mandatory type)

-

[in] key - Encryption key for a keyed checksum

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[in] input - Input data

-

[out] cksum - Generated checksum

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function computes a checksum of type cksumtype over input , using key if the checksum type is a keyed checksum. If cksumtype is 0 and key is non-null, the checksum type will be the mandatory-to-implement checksum type for the key’s encryption type. The actual checksum key will be derived from key and usage if key derivation is specified for the checksum type. The newly created cksum must be released by calling krb5_free_checksum_contents() when it is no longer needed.

-
-

See also

-

krb5_c_verify_checksum()

-
-
-

Note

-

This function is similar to krb5_c_make_checksum(), but operates on opaque key .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_make_checksum_iov.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_make_checksum_iov.html deleted file mode 100644 index 8222f676..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_make_checksum_iov.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_k_make_checksum_iov - Fill in a checksum element in IOV array (operates on opaque key) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_k_make_checksum_iov - Fill in a checksum element in IOV array (operates on opaque key)¶

-
-
-krb5_error_code krb5_k_make_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, krb5_key key, krb5_keyusage usage, krb5_crypto_iov *data, size_t num_data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cksumtype - Checksum type (0 for mandatory type)

-

[in] key - Encryption key for a keyed checksum

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[inout] data - IOV array

-

[in] num_data - Size of data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Create a checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element over #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY chunks in data . Only the #KRB5_CRYPTO_TYPE_CHECKSUM region is modified.

-
-

See also

-

krb5_k_verify_checksum_iov()

-
-
-

Note

-

This function is similar to krb5_c_make_checksum_iov(), but operates on opaque key .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_prf.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_prf.html deleted file mode 100644 index 12a3387b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_prf.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_k_prf - Generate enctype-specific pseudo-random bytes (operates on opaque key). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_k_prf - Generate enctype-specific pseudo-random bytes (operates on opaque key).¶

-
-
-krb5_error_code krb5_k_prf(krb5_context context, krb5_key key, krb5_data *input, krb5_data *output)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Key

-

[in] input - Input data

-

[out] output - Output data

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function selects a pseudo-random function based on key and computes its value over input , placing the result into output . The caller must preinitialize output and allocate space for the result.

-
-

Note

-

This function is similar to krb5_c_prf(), but operates on opaque key .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_reference_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_reference_key.html deleted file mode 100644 index 8b271f67..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_reference_key.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - krb5_k_reference_key - Increment the reference count on a key. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_verify_checksum.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_verify_checksum.html deleted file mode 100644 index 7990872a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_verify_checksum.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_k_verify_checksum - Verify a checksum (operates on opaque key). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_k_verify_checksum - Verify a checksum (operates on opaque key).¶

-
-
-krb5_error_code krb5_k_verify_checksum(krb5_context context, krb5_key key, krb5_keyusage usage, const krb5_data *data, const krb5_checksum *cksum, krb5_boolean *valid)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Encryption key for a keyed checksum

-

[in] usage - key usage

-

[in] data - Data to be used to compute a new checksum using key to compare cksum against

-

[in] cksum - Checksum to be verified

-

[out] valid - Non-zero for success, zero for failure

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function verifies that cksum is a valid checksum for data . If the checksum type of cksum is a keyed checksum, key is used to verify the checksum. If the checksum type in cksum is 0 and key is not NULL, the mandatory checksum type for key will be used. The actual checksum key will be derived from key and usage if key derivation is specified for the checksum type.

-
-

Note

-

This function is similar to krb5_c_verify_checksum(), but operates on opaque key .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_verify_checksum_iov.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_verify_checksum_iov.html deleted file mode 100644 index 4e95e0cd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_k_verify_checksum_iov.html +++ /dev/null @@ -1,171 +0,0 @@ - - - - - - - - - krb5_k_verify_checksum_iov - Validate a checksum element in IOV array (operates on opaque key). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_k_verify_checksum_iov - Validate a checksum element in IOV array (operates on opaque key).¶

-
-
-krb5_error_code krb5_k_verify_checksum_iov(krb5_context context, krb5_cksumtype cksumtype, krb5_key key, krb5_keyusage usage, const krb5_crypto_iov *data, size_t num_data, krb5_boolean *valid)¶
-
- -
-
param
-

[in] context - Library context

-

[in] cksumtype - Checksum type (0 for mandatory type)

-

[in] key - Encryption key for a keyed checksum

-

[in] usage - Key usage (see KRB5_KEYUSAGE macros)

-

[in] data - IOV array

-

[in] num_data - Size of data

-

[out] valid - Non-zero for success, zero for failure

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Confirm that the checksum in the #KRB5_CRYPTO_TYPE_CHECKSUM element is a valid checksum of the #KRB5_CRYPTO_TYPE_DATA and #KRB5_CRYPTO_TYPE_SIGN_ONLY regions in the iov.

-
-

See also

-

krb5_k_make_checksum_iov()

-
-
-

Note

-

This function is similar to krb5_c_verify_checksum_iov(), but operates on opaque key .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kdc_sign_ticket.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kdc_sign_ticket.html deleted file mode 100644 index 9430e829..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kdc_sign_ticket.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_kdc_sign_ticket - Sign a PAC, possibly including a ticket signature. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kdc_sign_ticket - Sign a PAC, possibly including a ticket signature.¶

-
-
-krb5_error_code krb5_kdc_sign_ticket(krb5_context context, krb5_enc_tkt_part *enc_tkt, const krb5_pac pac, krb5_const_principal server_princ, krb5_const_principal client_princ, const krb5_keyblock *server, const krb5_keyblock *privsvr, krb5_boolean with_realm)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enc_tkt - The ticket for the signature

-

[in] pac - PAC handle

-

[in] server_princ - Canonical ticket server name

-

[in] client_princ - PAC_CLIENT_INFO principal (or NULL)

-

[in] server - Key for server checksum

-

[in] privsvr - Key for KDC and ticket checksum

-

[in] with_realm - If true, include the realm of principal

-
-
-
-
retval
-
    -
  • 0 on success, otherwise - Kerberos error codes

  • -
-
-
-

Sign pac using the keys server and privsvr . Include a ticket signature over enc_tkt if server_princ is not a TGS or kadmin/changepw principal name. Add the signed PAC’s encoding to the authorization data of enc_tkt in the first slot, wrapped in an AD-IF-RELEVANT container. If client_princ is non-null, add a PAC_CLIENT_INFO buffer, including the realm if with_realm is true.

-
-

Note

-

New in 1.20

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kdc_verify_ticket.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kdc_verify_ticket.html deleted file mode 100644 index 1e2d6ea2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kdc_verify_ticket.html +++ /dev/null @@ -1,171 +0,0 @@ - - - - - - - - - krb5_kdc_verify_ticket - Verify a PAC, possibly including ticket signature. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kdc_verify_ticket - Verify a PAC, possibly including ticket signature.¶

-
-
-krb5_error_code krb5_kdc_verify_ticket(krb5_context context, const krb5_enc_tkt_part *enc_tkt, krb5_const_principal server_princ, const krb5_keyblock *server, const krb5_keyblock *privsvr, krb5_pac *pac_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enc_tkt - Ticket enc-part, possibly containing a PAC

-

[in] server_princ - Canonicalized name of ticket server

-

[in] server - Key to validate server checksum (or NULL)

-

[in] privsvr - Key to validate KDC checksum (or NULL)

-

[out] pac_out - Verified PAC (NULL if no PAC included)

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

If a PAC is present in enc_tkt , verify its signatures. If privsvr is not NULL and server_princ is not a krbtgt or kadmin/changepw service, require a ticket signature over enc_tkt in addition to the KDC signature. Place the verified PAC in pac_out . If an invalid PAC signature is found, return an error matching the Windows KDC protocol code for that condition as closely as possible.

-

If no PAC is present in enc_tkt , set pac_out to NULL and return successfully.

-
-

Note

-

This function does not validate the PAC_CLIENT_INFO buffer. If a specific value is expected, the caller can make a separate call to krb5_pac_verify_ext() with a principal but no keys.

-
-
-

Note

-

New in 1.20

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_add_entry.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_add_entry.html deleted file mode 100644 index 8bc7aa68..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_add_entry.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_kt_add_entry - Add a new entry to a key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_add_entry - Add a new entry to a key table.¶

-
-
-krb5_error_code krb5_kt_add_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)¶
-
- -
-
param
-

[in] context - Library context

-

[in] id - Key table handle

-

[in] entry - Entry to be added

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • ENOMEM Insufficient memory

  • -
  • KRB5_KT_NOWRITE Key table is not writeable

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_client_default.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_client_default.html deleted file mode 100644 index d26d5e99..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_client_default.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_kt_client_default - Resolve the default client key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_client_default - Resolve the default client key table.¶

-
-
-krb5_error_code krb5_kt_client_default(krb5_context context, krb5_keytab *keytab_out)¶
-
- -
-
param
-

[in] context - Library context

-

[out] keytab_out - Key table handle

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Fill keytab_out with a handle to the default client key table.

-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_close.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_close.html deleted file mode 100644 index 0e9e2cd0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_close.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_kt_close - Close a key table handle. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_default.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_default.html deleted file mode 100644 index 0f94a7f8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_default.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_kt_default - Resolve the default key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_default - Resolve the default key table.¶

-
-
-krb5_error_code krb5_kt_default(krb5_context context, krb5_keytab *id)¶
-
- -
-
param
-

[in] context - Library context

-

[out] id - Key table handle

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Set id to a handle to the default key table. The key table is not opened.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_default_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_default_name.html deleted file mode 100644 index 8384b119..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_default_name.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_kt_default_name - Get the default key table name. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_default_name - Get the default key table name.¶

-
-
-krb5_error_code krb5_kt_default_name(krb5_context context, char *name, int name_size)¶
-
- -
-
param
-

[in] context - Library context

-

[out] name - Default key table name

-

[in] name_size - Space available in name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KRB5_CONFIG_NOTENUFSPACE Buffer is too short

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Fill name with the name of the default key table for context .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_dup.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_dup.html deleted file mode 100644 index cf8806f9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_dup.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_kt_dup - Duplicate keytab handle. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_dup - Duplicate keytab handle.¶

-
-
-krb5_error_code krb5_kt_dup(krb5_context context, krb5_keytab in, krb5_keytab *out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] in - Key table handle to be duplicated

-

[out] out - Key table handle

-
-
-

Create a new handle referring to the same key table as in . The new handle and in can be closed independently.

-
-

Note

-

New in 1.12

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_end_seq_get.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_end_seq_get.html deleted file mode 100644 index 95019bb2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_end_seq_get.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_kt_end_seq_get - Release a keytab cursor. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_end_seq_get - Release a keytab cursor.¶

-
-
-krb5_error_code krb5_kt_end_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor *cursor)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keytab - Key table handle

-

[out] cursor - Cursor

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function should be called to release the cursor created by krb5_kt_start_seq_get().

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_free_entry.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_free_entry.html deleted file mode 100644 index cc4af5dc..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_free_entry.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_kt_free_entry — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_entry.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_entry.html deleted file mode 100644 index 7f6ed3d0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_entry.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_kt_get_entry - Get an entry from a key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_get_entry - Get an entry from a key table.¶

-
-
-krb5_error_code krb5_kt_get_entry(krb5_context context, krb5_keytab keytab, krb5_const_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keytab_entry *entry)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keytab - Key table handle

-

[in] principal - Principal name

-

[in] vno - Key version number (0 for highest available)

-

[in] enctype - Encryption type (0 zero for any enctype)

-

[out] entry - Returned entry from key table

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • Kerberos error codes on failure

  • -
-
-
-

Retrieve an entry from a key table which matches the keytab , principal , vno , and enctype . If vno is zero, retrieve the highest-numbered kvno matching the other fields. If enctype is 0, match any enctype.

-

Use krb5_free_keytab_entry_contents() to free entry when it is no longer needed.

-
-

Note

-

If vno is zero, the function retrieves the highest-numbered-kvno entry that matches the specified principal.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_name.html deleted file mode 100644 index 58d6f2c2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_name.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_kt_get_name - Get a key table name. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_get_name - Get a key table name.¶

-
-
-krb5_error_code krb5_kt_get_name(krb5_context context, krb5_keytab keytab, char *name, unsigned int namelen)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keytab - Key table handle

-

[out] name - Key table name

-

[in] namelen - Maximum length to fill in name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KRB5_KT_NAME_TOOLONG Key table name does not fit in namelen bytes

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Fill name with the name of keytab including the type and delimiter.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_type.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_type.html deleted file mode 100644 index f1ab854e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_get_type.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_kt_get_type - Return the type of a key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_get_type - Return the type of a key table.¶

-
-
-const char *krb5_kt_get_type(krb5_context context, krb5_keytab keytab)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keytab - Key table handle

-
-
-
-
return
-
    -
  • The type of a key table as an alias that must not be modified or freed by the caller.

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_have_content.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_have_content.html deleted file mode 100644 index a61872bf..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_have_content.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_kt_have_content - Check if a keytab exists and contains entries. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_have_content - Check if a keytab exists and contains entries.¶

-
-
-krb5_error_code krb5_kt_have_content(krb5_context context, krb5_keytab keytab)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keytab - Key table handle

-
-
-
-
retval
-
    -
  • 0 Keytab exists and contains entries

  • -
  • KRB5_KT_NOTFOUND Keytab does not contain entries

  • -
-
-
-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_next_entry.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_next_entry.html deleted file mode 100644 index de69878a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_next_entry.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_kt_next_entry - Retrieve the next entry from the key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_next_entry - Retrieve the next entry from the key table.¶

-
-
-krb5_error_code krb5_kt_next_entry(krb5_context context, krb5_keytab keytab, krb5_keytab_entry *entry, krb5_kt_cursor *cursor)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keytab - Key table handle

-

[out] entry - Returned key table entry

-

[in] cursor - Key table cursor

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KRB5_KT_END - if the last entry was reached

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Return the next sequential entry in keytab and advance cursor . Callers must release the returned entry with krb5_kt_free_entry().

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_read_service_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_read_service_key.html deleted file mode 100644 index 2fd57a75..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_read_service_key.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - - krb5_kt_read_service_key - Retrieve a service key from a key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_read_service_key - Retrieve a service key from a key table.¶

-
-
-krb5_error_code krb5_kt_read_service_key(krb5_context context, krb5_pointer keyprocarg, krb5_principal principal, krb5_kvno vno, krb5_enctype enctype, krb5_keyblock **key)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keyprocarg - Name of a key table (NULL to use default name)

-

[in] principal - Service principal

-

[in] vno - Key version number (0 for highest available)

-

[in] enctype - Encryption type (0 for any type)

-

[out] key - Service key from key table

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error code if not found or keyprocarg is invalid.

  • -
-
-
-

Open and search the specified key table for the entry identified by principal , enctype , and vno . If no key is found, return an error code.

-

The default key table is used, unless keyprocarg is non-null. keyprocarg designates a specific key table.

-

Use krb5_free_keyblock() to free key when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_remove_entry.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_remove_entry.html deleted file mode 100644 index 2f0ab7fe..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_remove_entry.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_kt_remove_entry - Remove an entry from a key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_remove_entry - Remove an entry from a key table.¶

-
-
-krb5_error_code krb5_kt_remove_entry(krb5_context context, krb5_keytab id, krb5_keytab_entry *entry)¶
-
- -
-
param
-

[in] context - Library context

-

[in] id - Key table handle

-

[in] entry - Entry to remove from key table

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KRB5_KT_NOWRITE Key table is not writable

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_resolve.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_resolve.html deleted file mode 100644 index a801e5c5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_resolve.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_kt_resolve - Get a handle for a key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_resolve - Get a handle for a key table.¶

-
-
-krb5_error_code krb5_kt_resolve(krb5_context context, const char *name, krb5_keytab *ktid)¶
-
- -
-
param
-

[in] context - Library context

-

[in] name - Name of the key table

-

[out] ktid - Key table handle

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Resolve the key table name name and set ktid to a handle identifying the key table. Use krb5_kt_close() to free ktid when it is no longer needed.

-
-

name must be of the form type:residual , where type must be a type known to the library and residual portion should be specific to the particular keytab type. If no type is given, the default is FILE .

-
-

If name is of type FILE , the keytab file is not opened by this call.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_start_seq_get.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_start_seq_get.html deleted file mode 100644 index 821c872a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kt_start_seq_get.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_kt_start_seq_get - Start a sequential retrieval of key table entries. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kt_start_seq_get - Start a sequential retrieval of key table entries.¶

-
-
-krb5_error_code krb5_kt_start_seq_get(krb5_context context, krb5_keytab keytab, krb5_kt_cursor *cursor)¶
-
- -
-
param
-

[in] context - Library context

-

[in] keytab - Key table handle

-

[out] cursor - Cursor

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Prepare to read sequentially every key in the specified key table. Use krb5_kt_end_seq_get() to release the cursor when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kuserok.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kuserok.html deleted file mode 100644 index 9a87f53c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_kuserok.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_kuserok - Determine if a principal is authorized to log in as a local user. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kuserok - Determine if a principal is authorized to log in as a local user.¶

-
-
-krb5_boolean krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser)¶
-
- -
-
param
-

[in] context - Library context

-

[in] principal - Principal name

-

[in] luser - Local username

-
-
-
-
retval
-
    -
  • TRUE Principal is authorized to log in as user; FALSE otherwise.

  • -
-
-
-

Determine whether principal is authorized to log in as a local user luser .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_make_authdata_kdc_issued.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_make_authdata_kdc_issued.html deleted file mode 100644 index 07f29e54..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_make_authdata_kdc_issued.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_make_authdata_kdc_issued - Encode and sign AD-KDCIssued authorization data. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_make_authdata_kdc_issued - Encode and sign AD-KDCIssued authorization data.¶

-
-
-krb5_error_code krb5_make_authdata_kdc_issued(krb5_context context, const krb5_keyblock *key, krb5_const_principal issuer, krb5_authdata *const *authdata, krb5_authdata ***ad_kdcissued)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Session key

-

[in] issuer - The name of the issuing principal

-

[in] authdata - List of authorization data to be signed

-

[out] ad_kdcissued - List containing AD-KDCIssued authdata

-
-
-

This function wraps a list of authorization data entries authdata in an AD-KDCIssued container (see RFC 4120 section 5.2.6.2) signed with key . The result is returned in ad_kdcissued as a single-element list.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_marshal_credentials.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_marshal_credentials.html deleted file mode 100644 index e529478d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_marshal_credentials.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_marshal_credentials - Serialize a krb5_creds object. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_marshal_credentials - Serialize a krb5_creds object.¶

-
-
-krb5_error_code krb5_marshal_credentials(krb5_context context, krb5_creds *in_creds, krb5_data **data_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] in_creds - The credentials object to serialize

-

[out] data_out - The serialized credentials

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Serialize creds in the format used by the FILE ccache format (vesion 4) and KCM ccache protocol.

-

Use krb5_free_data() to free data_out when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_merge_authdata.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_merge_authdata.html deleted file mode 100644 index dfc79e02..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_merge_authdata.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_merge_authdata - Merge two authorization data lists into a new list. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_merge_authdata - Merge two authorization data lists into a new list.¶

-
-
-krb5_error_code krb5_merge_authdata(krb5_context context, krb5_authdata *const *inauthdat1, krb5_authdata *const *inauthdat2, krb5_authdata ***outauthdat)¶
-
- -
-
param
-

[in] context - Library context

-

[in] inauthdat1 - First list of krb5_authdata structures

-

[in] inauthdat2 - Second list of krb5_authdata structures

-

[out] outauthdat - Merged list of krb5_authdata structures

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Merge two authdata arrays, such as the array from a ticket and authenticator. Use krb5_free_authdata() to free outauthdat when it is no longer needed.

-
-

Note

-

The last array entry in inauthdat1 and inauthdat2 must be a NULL pointer.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_1cred.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_1cred.html deleted file mode 100644 index 513f13ea..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_1cred.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_mk_1cred - Format a KRB-CRED message for a single set of credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_mk_1cred - Format a KRB-CRED message for a single set of credentials.¶

-
-
-krb5_error_code krb5_mk_1cred(krb5_context context, krb5_auth_context auth_context, krb5_creds *creds, krb5_data **der_out, krb5_replay_data *rdata_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] creds - Pointer to credentials

-

[out] der_out - Encoded credentials

-

[out] rdata_out - Replay cache data (NULL if not needed)

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • ENOMEM Insufficient memory

  • -
  • KRB5_RC_REQUIRED Message replay detection requires rcache parameter

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This is a convenience function that calls krb5_mk_ncred() with a single set of credentials.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_error.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_error.html deleted file mode 100644 index 19fdbd98..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_error.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_mk_error - Format and encode a KRB_ERROR message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_mk_error - Format and encode a KRB_ERROR message.¶

-
-
-krb5_error_code krb5_mk_error(krb5_context context, const krb5_error *dec_err, krb5_data *enc_err)¶
-
- -
-
param
-

[in] context - Library context

-

[in] dec_err - Error structure to be encoded

-

[out] enc_err - Encoded error structure

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates a KRB_ERROR message in enc_err . Use krb5_free_data_contents() to free enc_err when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_ncred.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_ncred.html deleted file mode 100644 index 85684bb8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_ncred.html +++ /dev/null @@ -1,177 +0,0 @@ - - - - - - - - - krb5_mk_ncred - Format a KRB-CRED message for an array of credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_mk_ncred - Format a KRB-CRED message for an array of credentials.¶

-
-
-krb5_error_code krb5_mk_ncred(krb5_context context, krb5_auth_context auth_context, krb5_creds **creds, krb5_data **der_out, krb5_replay_data *rdata_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] creds - Null-terminated array of credentials

-

[out] der_out - Encoded credentials

-

[out] rdata_out - Replay cache information (NULL if not needed)

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • ENOMEM Insufficient memory

  • -
  • KRB5_RC_REQUIRED Message replay detection requires rcache parameter

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function takes an array of credentials creds and formats a KRB-CRED message der_out to pass to krb5_rd_cred().

-

The local and remote addresses in auth_context are optional; if either is specified, they are used to form the sender and receiver addresses in the KRB-CRED message.

-

If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in auth_context , an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no replay cache is used. If #KRB5_AUTH_CONTEXT_RET_TIME is set in auth_context , the timestamp used for the KRB-CRED message is stored in rdata_out .

-

If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the auth_context local sequence number is included in the KRB-CRED message and then incremented. If #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the sequence number used is stored in rdata_out .

-

Use krb5_free_data_contents() to free der_out when it is no longer needed.

-

The message will be encrypted using the send subkey of auth_context if it is present, or the session key otherwise. If neither key is present, the credentials will not be encrypted, and the message should only be sent over a secure channel. No replay cache entry is used in this case.

-
-

Note

-

The rdata_out argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in auth_context .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_priv.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_priv.html deleted file mode 100644 index 7f4fdddc..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_priv.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - - krb5_mk_priv - Format a KRB-PRIV message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_mk_priv - Format a KRB-PRIV message.¶

-
-
-krb5_error_code krb5_mk_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data *userdata, krb5_data *der_out, krb5_replay_data *rdata_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] userdata - User data for KRB-PRIV message

-

[out] der_out - Formatted KRB-PRIV message

-

[out] rdata_out - Replay data (NULL if not needed)

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function is similar to krb5_mk_safe(), but the message is encrypted and integrity-protected, not just integrity-protected.

-

The local address in auth_context must be set, and is used to form the sender address used in the KRB-PRIV message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.

-

If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in auth_context , a timestamp is included in the KRB-PRIV message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no replay cache is used. If #KRB5_AUTH_CONTEXT_RET_TIME is set in auth_context , a timestamp is included in the KRB-PRIV message and is stored in rdata_out .

-

If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the auth_context local sequence number is included in the KRB-PRIV message and then incremented. If #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the sequence number used is stored in rdata_out .

-

Use krb5_free_data_contents() to free der_out when it is no longer needed.

-
-

Note

-

The rdata_out argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in auth_context .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_rep.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_rep.html deleted file mode 100644 index fabc30f8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_rep.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - krb5_mk_rep - Format and encrypt a KRB_AP_REP message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_mk_rep - Format and encrypt a KRB_AP_REP message.¶

-
-
-krb5_error_code krb5_mk_rep(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] outbuf - AP-REP message

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function fills in outbuf with an AP-REP message using information from auth_context .

-

If the flags in auth_context indicate that a sequence number should be used (either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE) and the local sequence number in auth_context is 0, a new number will be generated with krb5_generate_seq_number().

-

Use krb5_free_data_contents() to free outbuf when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_rep_dce.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_rep_dce.html deleted file mode 100644 index 703716fe..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_rep_dce.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_mk_rep_dce - Format and encrypt a KRB_AP_REP message for DCE RPC. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_mk_rep_dce - Format and encrypt a KRB_AP_REP message for DCE RPC.¶

-
-
-krb5_error_code krb5_mk_rep_dce(krb5_context context, krb5_auth_context auth_context, krb5_data *outbuf)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[out] outbuf - AP-REP message

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Use krb5_free_data_contents() to free outbuf when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_req.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_req.html deleted file mode 100644 index dd3ecfd3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_req.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_mk_req - Create a KRB_AP_REQ message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_mk_req - Create a KRB_AP_REQ message.¶

-
-
-krb5_error_code krb5_mk_req(krb5_context context, krb5_auth_context *auth_context, krb5_flags ap_req_options, const char *service, const char *hostname, krb5_data *in_data, krb5_ccache ccache, krb5_data *outbuf)¶
-
- -
-
param
-

[in] context - Library context

-

[inout] auth_context - Pre-existing or newly created auth context

-

[in] ap_req_options - Options (see AP_OPTS macros)

-

[in] service - Service name, or NULL to use “hostâ€

-

[in] hostname - Host name, or NULL to use local hostname

-

[in] in_data - Application data to be checksummed in the authenticator, or NULL

-

[in] ccache - Credential cache used to obtain credentials for the desired service.

-

[out] outbuf - AP-REQ message

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function is similar to krb5_mk_req_extended() except that it uses a given hostname , service , and ccache to construct a service principal name and obtain credentials.

-

Use krb5_free_data_contents() to free outbuf when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_req_extended.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_req_extended.html deleted file mode 100644 index 8378d044..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_req_extended.html +++ /dev/null @@ -1,177 +0,0 @@ - - - - - - - - - krb5_mk_req_extended - Create a KRB_AP_REQ message using supplied credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_mk_req_extended - Create a KRB_AP_REQ message using supplied credentials.¶

-
-
-krb5_error_code krb5_mk_req_extended(krb5_context context, krb5_auth_context *auth_context, krb5_flags ap_req_options, krb5_data *in_data, krb5_creds *in_creds, krb5_data *outbuf)¶
-
- -
-
param
-

[in] context - Library context

-

[inout] auth_context - Pre-existing or newly created auth context

-

[in] ap_req_options - Options (see AP_OPTS macros)

-

[in] in_data - Application data to be checksummed in the authenticator, or NULL

-

[in] in_creds - Credentials for the service with valid ticket and key

-

[out] outbuf - AP-REQ message

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Valid ap_req_options are:

-
-
-
    -
  • #AP_OPTS_USE_SESSION_KEY - Use the session key when creating the request used for user to user authentication.

  • -
  • #AP_OPTS_MUTUAL_REQUIRED - Request a mutual authentication packet from the receiver.

  • -
  • #AP_OPTS_USE_SUBKEY - Generate a subsession key from the current session key obtained from the credentials.

  • -
-
-

This function creates a KRB_AP_REQ message using supplied credentials in_creds . auth_context may point to an existing auth context or to NULL, in which case a new one will be created. If in_data is non-null, a checksum of it will be included in the authenticator contained in the KRB_AP_REQ message. Use krb5_free_data_contents() to free outbuf when it is no longer needed.

-
-

On successful return, the authenticator is stored in auth_context with the client and checksum fields nulled out. (This is to prevent pointer-sharing problems; the caller should not need these fields anyway, since the caller supplied them.)

-
-

See also

-

krb5_mk_req()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_safe.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_safe.html deleted file mode 100644 index c1125e04..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_mk_safe.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_mk_safe - Format a KRB-SAFE message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_mk_safe - Format a KRB-SAFE message.¶

-
-
-krb5_error_code krb5_mk_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data *userdata, krb5_data *der_out, krb5_replay_data *rdata_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] userdata - User data in the message

-

[out] der_out - Formatted KRB-SAFE buffer

-

[out] rdata_out - Replay data. Specify NULL if not needed

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function creates an integrity protected KRB-SAFE message using data supplied by the application.

-

Fields in auth_context specify the checksum type, the keyblock that can be used to seed the checksum, full addresses (host and port) for the sender and receiver, and KRB5_AUTH_CONTEXT flags.

-

The local address in auth_context must be set, and is used to form the sender address used in the KRB-SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message.

-

If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in auth_context , a timestamp is included in the KRB-SAFE message, and an entry for the message is entered in an in-memory replay cache to detect if the message is reflected by an attacker. If #KRB5_AUTH_CONTEXT_DO_TIME is not set, no replay cache is used. If #KRB5_AUTH_CONTEXT_RET_TIME is set in auth_context , a timestamp is included in the KRB-SAFE message and is stored in rdata_out .

-

If either #KRB5_AUTH_CONTEXT_DO_SEQUENCE or #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the auth_context local sequence number is included in the KRB-SAFE message and then incremented. If #KRB5_AUTH_CONTEXT_RET_SEQUENCE is set, the sequence number used is stored in rdata_out .

-

Use krb5_free_data_contents() to free der_out when it is no longer needed.

-
-

Note

-

The rdata_out argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in auth_context .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_os_localaddr.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_os_localaddr.html deleted file mode 100644 index 732658cb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_os_localaddr.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_os_localaddr - Return all interface addresses for this host. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_os_localaddr - Return all interface addresses for this host.¶

-
-
-krb5_error_code krb5_os_localaddr(krb5_context context, krb5_address ***addr)¶
-
- -
-
param
-

[in] context - Library context

-

[out] addr - Array of krb5_address pointers, ending with NULL

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Use krb5_free_addresses() to free addr when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_add_buffer.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_add_buffer.html deleted file mode 100644 index cfeb870d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_add_buffer.html +++ /dev/null @@ -1,172 +0,0 @@ - - - - - - - - - krb5_pac_add_buffer - Add a buffer to a PAC handle. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_pac_add_buffer - Add a buffer to a PAC handle.¶

-
-
-krb5_error_code krb5_pac_add_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type, const krb5_data *data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] pac - PAC handle

-

[in] type - Buffer type

-

[in] data - contents

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function adds a buffer of type type and contents data to pac if there isn’t already a buffer of this type present.

-

The valid values of type is one of the following:

-
-
    -
  • #KRB5_PAC_LOGON_INFO - Logon information

  • -
  • #KRB5_PAC_CREDENTIALS_INFO - Credentials information

  • -
  • #KRB5_PAC_SERVER_CHECKSUM - Server checksum

  • -
  • #KRB5_PAC_PRIVSVR_CHECKSUM - KDC checksum

  • -
  • #KRB5_PAC_CLIENT_INFO - Client name and ticket information

  • -
  • #KRB5_PAC_DELEGATION_INFO - Constrained delegation information

  • -
  • #KRB5_PAC_UPN_DNS_INFO - User principal name and DNS information

  • -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_free.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_free.html deleted file mode 100644 index 282b4fff..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_free.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_pac_free - Free a PAC handle. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_buffer.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_buffer.html deleted file mode 100644 index 1b18f026..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_buffer.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_pac_get_buffer - Retrieve a buffer value from a PAC. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_pac_get_buffer - Retrieve a buffer value from a PAC.¶

-
-
-krb5_error_code krb5_pac_get_buffer(krb5_context context, krb5_pac pac, krb5_ui_4 type, krb5_data *data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] pac - PAC handle

-

[in] type - Type of buffer to retrieve

-

[out] data - Buffer value

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Use krb5_free_data_contents() to free data when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_client_info.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_client_info.html deleted file mode 100644 index 73ea56b1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_client_info.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_pac_get_client_info - Read client information from a PAC. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_pac_get_client_info - Read client information from a PAC.¶

-
-
-krb5_error_code krb5_pac_get_client_info(krb5_context context, const krb5_pac pac, krb5_timestamp *authtime_out, char **princname_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] pac - PAC handle

-

[out] authtime_out - Authentication timestamp (NULL if not needed)

-

[out] princname_out - Client account name

-
-
-
-
retval
-
    -
  • 0 on success, ENOENT if no PAC_CLIENT_INFO buffer is present in pac , ERANGE if the buffer contains invalid lengths.

  • -
-
-
-

Read the PAC_CLIENT_INFO buffer in pac . Place the client account name as a string in princname_out . If authtime_out is not NULL, place the initial authentication timestamp in authtime_out .

-
-

Note

-

New in 1.18

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_types.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_types.html deleted file mode 100644 index 49061b7e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_get_types.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_pac_get_types - Return an array of buffer types in a PAC handle. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_pac_get_types - Return an array of buffer types in a PAC handle.¶

-
-
-krb5_error_code krb5_pac_get_types(krb5_context context, krb5_pac pac, size_t *len, krb5_ui_4 **types)¶
-
- -
-
param
-

[in] context - Library context

-

[in] pac - PAC handle

-

[out] len - Number of entries in types

-

[out] types - Array of buffer types

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_init.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_init.html deleted file mode 100644 index d54e2f05..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_init.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_pac_init - Create an empty Privilege Attribute Certificate (PAC) handle. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_pac_init - Create an empty Privilege Attribute Certificate (PAC) handle.¶

-
-
-krb5_error_code krb5_pac_init(krb5_context context, krb5_pac *pac)¶
-
- -
-
param
-

[in] context - Library context

-

[out] pac - New PAC handle

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Use krb5_pac_free() to free pac when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_parse.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_parse.html deleted file mode 100644 index 99fd68ad..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_parse.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_pac_parse - Unparse an encoded PAC into a new handle. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_pac_parse - Unparse an encoded PAC into a new handle.¶

-
-
-krb5_error_code krb5_pac_parse(krb5_context context, const void *ptr, size_t len, krb5_pac *pac)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ptr - PAC buffer

-

[in] len - Length of ptr

-

[out] pac - PAC handle

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Use krb5_pac_free() to free pac when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_sign.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_sign.html deleted file mode 100644 index 3339fd13..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_sign.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_pac_sign — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_sign_ext.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_sign_ext.html deleted file mode 100644 index c09f4cfb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_sign_ext.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_pac_sign_ext — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_verify.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_verify.html deleted file mode 100644 index 97c18d61..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_verify.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_pac_verify - Verify a PAC. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_pac_verify - Verify a PAC.¶

-
-
-krb5_error_code krb5_pac_verify(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock *server, const krb5_keyblock *privsvr)¶
-
- -
-
param
-

[in] context - Library context

-

[in] pac - PAC handle

-

[in] authtime - Expected timestamp

-

[in] principal - Expected principal name (or NULL)

-

[in] server - Key to validate server checksum (or NULL)

-

[in] privsvr - Key to validate KDC checksum (or NULL)

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function validates pac against the supplied server , privsvr , principal and authtime . If principal is NULL, the principal and authtime are not verified. If server or privsvr is NULL, the corresponding checksum is not verified.

-

If successful, pac is marked as verified.

-
-

Note

-

A checksum mismatch can occur if the PAC was copied from a cross-realm TGT by an ignorant KDC; also macOS Server Open Directory (as of 10.6) generates PACs with no server checksum at all. One should consider not failing the whole authentication because of this reason, but, instead, treating the ticket as if it did not contain a PAC or marking the PAC information as non-verified.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_verify_ext.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_verify_ext.html deleted file mode 100644 index 13fa7f5b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_pac_verify_ext.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm.¶

-
-
-krb5_error_code krb5_pac_verify_ext(krb5_context context, const krb5_pac pac, krb5_timestamp authtime, krb5_const_principal principal, const krb5_keyblock *server, const krb5_keyblock *privsvr, krb5_boolean with_realm)¶
-
- -
-
param
-

[in] context - Library context

-

[in] pac - PAC handle

-

[in] authtime - Expected timestamp

-

[in] principal - Expected principal name (or NULL)

-

[in] server - Key to validate server checksum (or NULL)

-

[in] privsvr - Key to validate KDC checksum (or NULL)

-

[in] with_realm - If true, expect the realm of principal

-
-
-

This function is similar to krb5_pac_verify(), but adds a parameter with_realm . If with_realm is true, the PAC_CLIENT_INFO field is expected to include the realm of principal as well as the name. This flag is necessary to verify PACs in cross-realm S4U2Self referral TGTs.

-
-

Note

-

New in 1.17

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_parse_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_parse_name.html deleted file mode 100644 index 09e3ab99..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_parse_name.html +++ /dev/null @@ -1,172 +0,0 @@ - - - - - - - - - krb5_parse_name - Convert a string principal name to a krb5_principal structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_parse_name - Convert a string principal name to a krb5_principal structure.¶

-
-
-krb5_error_code krb5_parse_name(krb5_context context, const char *name, krb5_principal *principal_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] name - String representation of a principal name

-

[out] principal_out - New principal

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Convert a string representation of a principal name to a krb5_principal structure.

-

A string representation of a Kerberos name consists of one or more principal name components, separated by slashes, optionally followed by the @ character and a realm name. If the realm name is not specified, the local realm is used.

-

To use the slash and @ symbols as part of a component (quoted) instead of using them as a component separator or as a realm prefix), put a backslash () character in front of the symbol. Similarly, newline, tab, backspace, and NULL characters can be included in a component by using n , t , b or 0 , respectively.

-

Beginning with release 1.20, the name type of the principal will be inferred as KRB5_NT_SRV_INST or KRB5_NT_WELLKNOWN based on the principal name. The type will be KRB5_NT_PRINCIPAL if a type cannot be inferred.

-

Use krb5_free_principal() to free principal_out when it is no longer needed.

-
-

Note

-

The realm in a Kerberos name cannot contain slash, colon, or NULL characters.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_parse_name_flags.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_parse_name_flags.html deleted file mode 100644 index 2cdcba32..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_parse_name_flags.html +++ /dev/null @@ -1,178 +0,0 @@ - - - - - - - - - krb5_parse_name_flags - Convert a string principal name to a krb5_principal with flags. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_parse_name_flags - Convert a string principal name to a krb5_principal with flags.¶

-
-
-krb5_error_code krb5_parse_name_flags(krb5_context context, const char *name, int flags, krb5_principal *principal_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] name - String representation of a principal name

-

[in] flags - Flag

-

[out] principal_out - New principal

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Similar to krb5_parse_name(), this function converts a single-string representation of a principal name to a krb5_principal structure.

-

The following flags are valid:

-
-
-
    -
  • #KRB5_PRINCIPAL_PARSE_NO_REALM - no realm must be present in name

  • -
  • #KRB5_PRINCIPAL_PARSE_REQUIRE_REALM - realm must be present in name

  • -
  • #KRB5_PRINCIPAL_PARSE_ENTERPRISE - create single-component enterprise principal

  • -
  • #KRB5_PRINCIPAL_PARSE_IGNORE_REALM - ignore realm if present in name

  • -
-
-

If KRB5_PRINCIPAL_PARSE_NO_REALM or KRB5_PRINCIPAL_PARSE_IGNORE_REALM is specified in flags , the realm of the new principal will be empty. Otherwise, the default realm for context will be used if name does not specify a realm.

-
-

Use krb5_free_principal() to free principal_out when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_prepend_error_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_prepend_error_message.html deleted file mode 100644 index e25835a1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_prepend_error_message.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_prepend_error_message - Add a prefix to the message for an error code. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_prepend_error_message - Add a prefix to the message for an error code.¶

-
-
-void krb5_prepend_error_message(krb5_context ctx, krb5_error_code code, const char *fmt, ...)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] code - Error code

-

[in] fmt - Format string for error message prefix

-
-
-

Format a message and prepend it to the current message for code . The prefix will be separated from the old message with a colon and space.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal2salt.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal2salt.html deleted file mode 100644 index 324eb1e2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal2salt.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_principal2salt - Convert a principal name into the default salt for that principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_principal2salt - Convert a principal name into the default salt for that principal.¶

-
-
-krb5_error_code krb5_principal2salt(krb5_context context, krb5_const_principal pr, krb5_data *ret)¶
-
- -
-
param
-

[in] context - Library context

-

[in] pr - Principal name

-

[out] ret - Default salt for pr to be filled in

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare.html deleted file mode 100644 index e91ef239..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_principal_compare - Compare two principals. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_principal_compare - Compare two principals.¶

-
-
-krb5_boolean krb5_principal_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)¶
-
- -
-
param
-

[in] context - Library context

-

[in] princ1 - First principal

-

[in] princ2 - Second principal

-
-
-
-
retval
-
    -
  • TRUE if the principals are the same; FALSE otherwise

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare_any_realm.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare_any_realm.html deleted file mode 100644 index 23b8e214..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare_any_realm.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_principal_compare_any_realm - Compare two principals ignoring realm components. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_principal_compare_any_realm - Compare two principals ignoring realm components.¶

-
-
-krb5_boolean krb5_principal_compare_any_realm(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)¶
-
- -
-
param
-

[in] context - Library context

-

[in] princ1 - First principal

-

[in] princ2 - Second principal

-
-
-
-
retval
-
    -
  • TRUE if the principals are the same; FALSE otherwise

  • -
-
-
-

Similar to krb5_principal_compare(), but do not compare the realm components of the principals.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare_flags.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare_flags.html deleted file mode 100644 index b32ea27c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_principal_compare_flags.html +++ /dev/null @@ -1,172 +0,0 @@ - - - - - - - - - krb5_principal_compare_flags - Compare two principals with additional flags. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_principal_compare_flags - Compare two principals with additional flags.¶

-
-
-krb5_boolean krb5_principal_compare_flags(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2, int flags)¶
-
- -
-
param
-

[in] context - Library context

-

[in] princ1 - First principal

-

[in] princ2 - Second principal

-

[in] flags - Flags

-
-
-
-
retval
-
    -
  • TRUE if the principal names are the same; FALSE otherwise

  • -
-
-
-

Valid flags are:

-
-
    -
  • #KRB5_PRINCIPAL_COMPARE_IGNORE_REALM - ignore realm component

  • -
  • #KRB5_PRINCIPAL_COMPARE_ENTERPRISE - UPNs as real principals

  • -
  • #KRB5_PRINCIPAL_COMPARE_CASEFOLD case-insensitive

  • -
  • #KRB5_PRINCIPAL_COMPARE_UTF8 - treat principals as UTF-8

  • -
-
-
-

See also

-

krb5_principal_compare()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_process_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_process_key.html deleted file mode 100644 index 374053af..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_process_key.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_process_key — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_prompter_posix.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_prompter_posix.html deleted file mode 100644 index 67b03c04..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_prompter_posix.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_prompter_posix - Prompt user for password. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_prompter_posix - Prompt user for password.¶

-
-
-krb5_error_code krb5_prompter_posix(krb5_context context, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts)¶
-
- -
-
param
-

[in] context - Library context

-

data - Unused (callback argument)

-

[in] name - Name to output during prompt

-

[in] banner - Banner to output during prompt

-

[in] num_prompts - Number of prompts in prompts

-

[in] prompts - Array of prompts and replies

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function is intended to be used as a prompter callback for krb5_get_init_creds_password() or krb5_init_creds_init().

-

Writes name and banner to stdout, each followed by a newline, then writes each prompt field in the prompts array, followed byâ€:â€, and sets the reply field of the entry to a line of input read from stdin. If the hidden flag is set for a prompt, then terminal echoing is turned off when input is read.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_random_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_random_key.html deleted file mode 100644 index cd4338f8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_random_key.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_random_key — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_cred.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_cred.html deleted file mode 100644 index 4ef508fd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_cred.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_rd_cred - Read and validate a KRB-CRED message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_rd_cred - Read and validate a KRB-CRED message.¶

-
-
-krb5_error_code krb5_rd_cred(krb5_context context, krb5_auth_context auth_context, krb5_data *creddata, krb5_creds ***creds_out, krb5_replay_data *rdata_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] creddata - KRB-CRED message

-

[out] creds_out - Null-terminated array of forwarded credentials

-

[out] rdata_out - Replay data (NULL if not needed)

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
-

creddata will be decrypted using the receiving subkey if it is present in auth_context , or the session key if the receiving subkey is not present or fails to decrypt the message.

-
-

Use krb5_free_tgt_creds() to free creds_out when it is no longer needed.

-
-

Note

-

The rdata_out argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in auth_context .`

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_error.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_error.html deleted file mode 100644 index 9eadc789..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_error.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_rd_error - Decode a KRB-ERROR message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_rd_error - Decode a KRB-ERROR message.¶

-
-
-krb5_error_code krb5_rd_error(krb5_context context, const krb5_data *enc_errbuf, krb5_error **dec_error)¶
-
- -
-
param
-

[in] context - Library context

-

[in] enc_errbuf - Encoded error message

-

[out] dec_error - Decoded error message

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function processes KRB-ERROR message enc_errbuf and returns an allocated structure dec_error containing the error message. Use krb5_free_error() to free dec_error when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_priv.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_priv.html deleted file mode 100644 index 490134e6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_priv.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - - krb5_rd_priv - Process a KRB-PRIV message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_rd_priv - Process a KRB-PRIV message.¶

-
-
-krb5_error_code krb5_rd_priv(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, krb5_data *userdata_out, krb5_replay_data *rdata_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication structure

-

[in] inbuf - KRB-PRIV message to be parsed

-

[out] userdata_out - Data parsed from KRB-PRIV message

-

[out] rdata_out - Replay data. Specify NULL if not needed

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function parses a KRB-PRIV message, verifies its integrity, and stores its unencrypted data into userdata_out .

-

If auth_context has a remote address set, the address will be used to verify the sender address in the KRB-PRIV message. If auth_context has a local address set, it will be used to verify the receiver address in the KRB-PRIV message if the message contains one.

-

If the #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in auth_context , the sequence number of the KRB-PRIV message is checked against the remote sequence number field of auth_context . Otherwise, the sequence number is not used.

-

If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in auth_context , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays.

-

Use krb5_free_data_contents() to free userdata_out when it is no longer needed.

-
-

Note

-

The rdata_out argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in auth_context .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_rep.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_rep.html deleted file mode 100644 index e9f96fbf..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_rep.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - krb5_rd_rep - Parse and decrypt a KRB_AP_REP message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_rd_rep - Parse and decrypt a KRB_AP_REP message.¶

-
-
-krb5_error_code krb5_rd_rep(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, krb5_ap_rep_enc_part **repl)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] inbuf - AP-REP message

-

[out] repl - Decrypted reply message

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function parses, decrypts and verifies a message from inbuf and fills in repl with a pointer to allocated memory containing the fields from the encrypted response.

-

Use krb5_free_ap_rep_enc_part() to free repl when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_rep_dce.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_rep_dce.html deleted file mode 100644 index 6c1b92be..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_rep_dce.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC.¶

-
-
-krb5_error_code krb5_rd_rep_dce(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, krb5_ui_4 *nonce)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] inbuf - AP-REP message

-

[out] nonce - Sequence number from the decrypted reply

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function parses, decrypts and verifies a message from inbuf and fills in nonce with a decrypted reply sequence number.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_req.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_req.html deleted file mode 100644 index 9f25dad0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_req.html +++ /dev/null @@ -1,178 +0,0 @@ - - - - - - - - - krb5_rd_req - Parse and decrypt a KRB_AP_REQ message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_rd_req - Parse and decrypt a KRB_AP_REQ message.¶

-
-
-krb5_error_code krb5_rd_req(krb5_context context, krb5_auth_context *auth_context, const krb5_data *inbuf, krb5_const_principal server, krb5_keytab keytab, krb5_flags *ap_req_options, krb5_ticket **ticket)¶
-
- -
-
param
-

[in] context - Library context

-

[inout] auth_context - Pre-existing or newly created auth context

-

[in] inbuf - AP-REQ message to be parsed

-

[in] server - Matching principal for server, or NULL to allow any principal in keytab

-

[in] keytab - Key table, or NULL to use the default

-

[out] ap_req_options - If non-null, the AP-REQ flags on output

-

[out] ticket - If non-null, ticket from the AP-REQ message

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function parses, decrypts and verifies a AP-REQ message from inbuf and stores the authenticator in auth_context .

-

If a keyblock was specified in auth_context using krb5_auth_con_setuseruserkey(), that key is used to decrypt the ticket in AP-REQ message and keytab is ignored. In this case, server should be specified as a complete principal name to allow for proper transited-path checking and replay cache selection.

-

Otherwise, the decryption key is obtained from keytab , or from the default keytab if it is NULL. In this case, server may be a complete principal name, a matching principal (see krb5_sname_match()), or NULL to match any principal name. The keys tried against the encrypted part of the ticket are determined as follows:

-
-
    -
  • If server is a complete principal name, then its entry in keytab is tried.

  • -
  • Otherwise, if keytab is iterable, then all entries in keytab which match server are tried.

  • -
  • Otherwise, the server principal in the ticket must match server , and its entry in keytab is tried.

  • -
-
-

The client specified in the decrypted authenticator must match the client specified in the decrypted ticket.

-

If the remote_addr field of auth_context is set, the request must come from that address.

-

If a replay cache handle is provided in the auth_context , the authenticator and ticket are verified against it. If no conflict is found, the new authenticator is then stored in the replay cache of auth_context .

-

Various other checks are performed on the decoded data, including cross-realm policy, clockskew, and ticket validation times.

-

On success the authenticator, subkey, and remote sequence number of the request are stored in auth_context . If the #AP_OPTS_MUTUAL_REQUIRED bit is set, the local sequence number is XORed with the remote sequence number in the request.

-

Use krb5_free_ticket() to free ticket when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_safe.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_safe.html deleted file mode 100644 index 7559b1cf..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_rd_safe.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - - krb5_rd_safe - Process KRB-SAFE message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_rd_safe - Process KRB-SAFE message.¶

-
-
-krb5_error_code krb5_rd_safe(krb5_context context, krb5_auth_context auth_context, const krb5_data *inbuf, krb5_data *userdata_out, krb5_replay_data *rdata_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] auth_context - Authentication context

-

[in] inbuf - KRB-SAFE message to be parsed

-

[out] userdata_out - Data parsed from KRB-SAFE message

-

[out] rdata_out - Replay data. Specify NULL if not needed

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function parses a KRB-SAFE message, verifies its integrity, and stores its data into userdata_out .

-

If auth_context has a remote address set, the address will be used to verify the sender address in the KRB-SAFE message. If auth_context has a local address set, it will be used to verify the receiver address in the KRB-SAFE message if the message contains one.

-

If the #KRB5_AUTH_CONTEXT_DO_SEQUENCE flag is set in auth_context , the sequence number of the KRB-SAFE message is checked against the remote sequence number field of auth_context . Otherwise, the sequence number is not used.

-

If the #KRB5_AUTH_CONTEXT_DO_TIME flag is set in auth_context , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in-memory replay cache to detect reflections or replays.

-

Use krb5_free_data_contents() to free userdata_out when it is no longer needed.

-
-

Note

-

The rdata_out argument is required if the #KRB5_AUTH_CONTEXT_RET_TIME or #KRB5_AUTH_CONTEXT_RET_SEQUENCE flag is set in auth_context .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_read_password.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_read_password.html deleted file mode 100644 index 0e5d899f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_read_password.html +++ /dev/null @@ -1,172 +0,0 @@ - - - - - - - - - krb5_read_password - Read a password from keyboard input. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_read_password - Read a password from keyboard input.¶

-
-
-krb5_error_code krb5_read_password(krb5_context context, const char *prompt, const char *prompt2, char *return_pwd, unsigned int *size_return)¶
-
- -
-
param
-

[in] context - Library context

-

[in] prompt - First user prompt when reading password

-

[in] prompt2 - Second user prompt (NULL to prompt only once)

-

[out] return_pwd - Returned password

-

[inout] size_return - On input, maximum size of password; on output, size of password read

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Error in reading or verifying the password

  • -
  • Kerberos error codes

  • -
-
-
-

This function reads a password from keyboard input and stores it in return_pwd . size_return should be set by the caller to the amount of storage space available in return_pwd ; on successful return, it will be set to the length of the password read.

-
-

prompt is printed to the terminal, followed byâ€:â€, and then a password is read from the keyboard.

-
-

If prompt2 is NULL, the password is read only once. Otherwise, prompt2 is printed to the terminal and a second password is read. If the two passwords entered are not identical, KRB5_LIBOS_BADPWDMATCH is returned.

-

Echoing is turned off when the password is read.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_realm_compare.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_realm_compare.html deleted file mode 100644 index 72baaeef..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_realm_compare.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_realm_compare - Compare the realms of two principals. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_realm_compare - Compare the realms of two principals.¶

-
-
-krb5_boolean krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)¶
-
- -
-
param
-

[in] context - Library context

-

[in] princ1 - First principal

-

[in] princ2 - Second principal

-
-
-
-
retval
-
    -
  • TRUE if the realm names are the same; FALSE otherwise

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_recvauth.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_recvauth.html deleted file mode 100644 index 85e5983a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_recvauth.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - - krb5_recvauth - Server function for sendauth protocol. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_recvauth - Server function for sendauth protocol.¶

-
-
-krb5_error_code krb5_recvauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer fd, char *appl_version, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket **ticket)¶
-
- -
-
param
-

[in] context - Library context

-

[inout] auth_context - Pre-existing or newly created auth context

-

[in] fd - File descriptor

-

[in] appl_version - Application protocol version to be matched against the client’s application version

-

[in] server - Server principal (NULL for any in keytab )

-

[in] flags - Additional specifications

-

[in] keytab - Key table containing service keys

-

[out] ticket - Ticket (NULL if not needed)

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function performs the server side of a sendauth/recvauth exchange by sending and receiving messages over fd .

-

Use krb5_free_ticket() to free ticket when it is no longer needed.

-
-

See also

-

krb5_sendauth()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_recvauth_version.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_recvauth_version.html deleted file mode 100644 index 6729f343..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_recvauth_version.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_recvauth_version - Server function for sendauth protocol with version parameter. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_recvauth_version - Server function for sendauth protocol with version parameter.¶

-
-
-krb5_error_code krb5_recvauth_version(krb5_context context, krb5_auth_context *auth_context, krb5_pointer fd, krb5_principal server, krb5_int32 flags, krb5_keytab keytab, krb5_ticket **ticket, krb5_data *version)¶
-
- -
-
param
-

[in] context - Library context

-

[inout] auth_context - Pre-existing or newly created auth context

-

[in] fd - File descriptor

-

[in] server - Server principal (NULL for any in keytab )

-

[in] flags - Additional specifications

-

[in] keytab - Decryption key

-

[out] ticket - Ticket (NULL if not needed)

-

[out] version - sendauth protocol version (NULL if not needed)

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function is similar to krb5_recvauth() with the additional output information place into version .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_get_challenge.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_get_challenge.html deleted file mode 100644 index ce371663..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_get_challenge.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_responder_get_challenge - Retrieve the challenge data for a given question in the responder context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_responder_get_challenge - Retrieve the challenge data for a given question in the responder context.¶

-
-
-const char *krb5_responder_get_challenge(krb5_context ctx, krb5_responder_context rctx, const char *question)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] rctx - Responder context

-

[in] question - Question name

-
-
-

Return a pointer to a C string containing the challenge for question within rctx , or NULL if the question is not present in rctx . The structure of the question depends on the question name, but will always be printable UTF-8 text. The returned pointer is an alias, valid only as long as the lifetime of rctx , and should not be modified or freed by the caller.

-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_list_questions.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_list_questions.html deleted file mode 100644 index a4b4449d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_list_questions.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_responder_list_questions - List the question names contained in the responder context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_responder_list_questions - List the question names contained in the responder context.¶

-
-
-const char *const *krb5_responder_list_questions(krb5_context ctx, krb5_responder_context rctx)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] rctx - Responder context

-
-
-

Return a pointer to a null-terminated list of question names which are present in rctx . The pointer is an alias, valid only as long as the lifetime of rctx , and should not be modified or freed by the caller. A question’s challenge can be retrieved using krb5_responder_get_challenge() and answered using krb5_responder_set_answer().

-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_challenge_free.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_challenge_free.html deleted file mode 100644 index ce409406..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_challenge_free.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_responder_otp_challenge_free - Free the value returned by krb5_responder_otp_get_challenge(). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_get_challenge.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_get_challenge.html deleted file mode 100644 index 6ab6f1ac..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_get_challenge.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_responder_otp_get_challenge - Decode the KRB5_RESPONDER_QUESTION_OTP to a C struct. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_responder_otp_get_challenge - Decode the KRB5_RESPONDER_QUESTION_OTP to a C struct.¶

-
-
-krb5_error_code krb5_responder_otp_get_challenge(krb5_context ctx, krb5_responder_context rctx, krb5_responder_otp_challenge **chl)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] rctx - Responder context

-

[out] chl - Challenge structure

-
-
-

A convenience function which parses the KRB5_RESPONDER_QUESTION_OTP question challenge data, making it available in native C. The main feature of this function is the ability to interact with OTP tokens without parsing the JSON.

-

The returned value must be passed to krb5_responder_otp_challenge_free() to be freed.

-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_set_answer.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_set_answer.html deleted file mode 100644 index 52b7433c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_otp_set_answer.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_responder_otp_set_answer - Answer the KRB5_RESPONDER_QUESTION_OTP question. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_responder_otp_set_answer - Answer the KRB5_RESPONDER_QUESTION_OTP question.¶

-
-
-krb5_error_code krb5_responder_otp_set_answer(krb5_context ctx, krb5_responder_context rctx, size_t ti, const char *value, const char *pin)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] rctx - Responder context

-

[in] ti - The index of the tokeninfo selected

-

[in] value - The value to set, or NULL for none

-

[in] pin - The pin to set, or NULL for none

-
-
-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_challenge_free.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_challenge_free.html deleted file mode 100644 index 2de5e9a2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_challenge_free.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_responder_pkinit_challenge_free - Free the value returned by krb5_responder_pkinit_get_challenge(). — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_get_challenge.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_get_challenge.html deleted file mode 100644 index 04b4a7ca..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_get_challenge.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_responder_pkinit_get_challenge - Decode the KRB5_RESPONDER_QUESTION_PKINIT to a C struct. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_responder_pkinit_get_challenge - Decode the KRB5_RESPONDER_QUESTION_PKINIT to a C struct.¶

-
-
-krb5_error_code krb5_responder_pkinit_get_challenge(krb5_context ctx, krb5_responder_context rctx, krb5_responder_pkinit_challenge **chl_out)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] rctx - Responder context

-

[out] chl_out - Challenge structure

-
-
-

A convenience function which parses the KRB5_RESPONDER_QUESTION_PKINIT question challenge data, making it available in native C. The main feature of this function is the ability to read the challenge without parsing the JSON.

-

The returned value must be passed to krb5_responder_pkinit_challenge_free() to be freed.

-
-

Note

-

New in 1.12

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_set_answer.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_set_answer.html deleted file mode 100644 index 50e905eb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_pkinit_set_answer.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_responder_pkinit_set_answer - Answer the KRB5_RESPONDER_QUESTION_PKINIT question for one identity. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_responder_pkinit_set_answer - Answer the KRB5_RESPONDER_QUESTION_PKINIT question for one identity.¶

-
-
-krb5_error_code krb5_responder_pkinit_set_answer(krb5_context ctx, krb5_responder_context rctx, const char *identity, const char *pin)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] rctx - Responder context

-

[in] identity - The identity for which a PIN is being supplied

-

[in] pin - The provided PIN, or NULL for none

-
-
-
-

Note

-

New in 1.12

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_set_answer.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_set_answer.html deleted file mode 100644 index eebea59e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_responder_set_answer.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_responder_set_answer - Answer a named question in the responder context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_responder_set_answer - Answer a named question in the responder context.¶

-
-
-krb5_error_code krb5_responder_set_answer(krb5_context ctx, krb5_responder_context rctx, const char *question, const char *answer)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] rctx - Responder context

-

[in] question - Question name

-

[in] answer - The string to set (MUST be printable UTF-8)

-
-
-
-
retval
-
    -
  • EINVAL question is not present within rctx

  • -
-
-
-

This function supplies an answer to question within rctx . The appropriate form of the answer depends on the question name.

-
-

Note

-

New in 1.11

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_salttype_to_string.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_salttype_to_string.html deleted file mode 100644 index ad9d90d1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_salttype_to_string.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_salttype_to_string - Convert a salt type to a string. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_salttype_to_string - Convert a salt type to a string.¶

-
-
-krb5_error_code krb5_salttype_to_string(krb5_int32 salttype, char *buffer, size_t buflen)¶
-
- -
-
param
-

[in] salttype - Salttype to convert

-

[out] buffer - Buffer to receive the converted string

-

[in] buflen - Storage available in buffer

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_sendauth.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_sendauth.html deleted file mode 100644 index cdf295e6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_sendauth.html +++ /dev/null @@ -1,185 +0,0 @@ - - - - - - - - - krb5_sendauth - Client function for sendauth protocol. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_sendauth - Client function for sendauth protocol.¶

-
-
-krb5_error_code krb5_sendauth(krb5_context context, krb5_auth_context *auth_context, krb5_pointer fd, char *appl_version, krb5_principal client, krb5_principal server, krb5_flags ap_req_options, krb5_data *in_data, krb5_creds *in_creds, krb5_ccache ccache, krb5_error **error, krb5_ap_rep_enc_part **rep_result, krb5_creds **out_creds)¶
-
- -
-
param
-

[in] context - Library context

-

[inout] auth_context - Pre-existing or newly created auth context

-

[in] fd - File descriptor that describes network socket

-

[in] appl_version - Application protocol version to be matched with the receiver’s application version

-

[in] client - Client principal

-

[in] server - Server principal

-

[in] ap_req_options - Options (see AP_OPTS macros)

-

[in] in_data - Data to be sent to the server

-

[in] in_creds - Input credentials, or NULL to use ccache

-

[in] ccache - Credential cache

-

[out] error - If non-null, contains KRB_ERROR message returned from server

-

[out] rep_result - If non-null and ap_req_options is #AP_OPTS_MUTUAL_REQUIRED, contains the result of mutual authentication exchange

-

[out] out_creds - If non-null, the retrieved credentials

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function performs the client side of a sendauth/recvauth exchange by sending and receiving messages over fd .

-

Credentials may be specified in three ways:

-
-
-
    -
  • If in_creds is NULL, credentials are obtained with krb5_get_credentials() using the principals client and server . server must be non-null; client may NULL to use the default principal of ccache .

  • -
  • If in_creds is non-null, but does not contain a ticket, credentials for the exchange are obtained with krb5_get_credentials() using in_creds . In this case, the values of client and server are unused.

  • -
  • If in_creds is a complete credentials structure, it used directly. In this case, the values of client , server , and ccache are unused.

  • -
-
-

If the server is using a different application protocol than that specified in appl_version , an error will be returned.

-
-

Use krb5_free_creds() to free out_creds , krb5_free_ap_rep_enc_part() to free rep_result , and krb5_free_error() to free error when they are no longer needed.

-
-

See also

-

krb5_recvauth()

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_server_decrypt_ticket_keytab.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_server_decrypt_ticket_keytab.html deleted file mode 100644 index 119bad02..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_server_decrypt_ticket_keytab.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_server_decrypt_ticket_keytab - Decrypt a ticket using the specified key table. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_server_decrypt_ticket_keytab - Decrypt a ticket using the specified key table.¶

-
-
-krb5_error_code krb5_server_decrypt_ticket_keytab(krb5_context context, const krb5_keytab kt, krb5_ticket *ticket)¶
-
- -
-
param
-

[in] context - Library context

-

[in] kt - Key table

-

[in] ticket - Ticket to be decrypted

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function takes a ticket as input and decrypts it using key data from kt . The result is placed into ticket->enc_part2 .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_default_realm.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_default_realm.html deleted file mode 100644 index a8fb3c4c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_default_realm.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_set_default_realm - Override the default realm for the specified context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_set_default_realm - Override the default realm for the specified context.¶

-
-
-krb5_error_code krb5_set_default_realm(krb5_context context, const char *lrealm)¶
-
- -
-
param
-

[in] context - Library context

-

[in] lrealm - Realm name for the default realm

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

If lrealm is NULL, clear the default realm setting.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_default_tgs_enctypes.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_default_tgs_enctypes.html deleted file mode 100644 index 16d311c4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_default_tgs_enctypes.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_set_default_tgs_enctypes - Set default TGS encryption types in a krb5_context structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_set_default_tgs_enctypes - Set default TGS encryption types in a krb5_context structure.¶

-
-
-krb5_error_code krb5_set_default_tgs_enctypes(krb5_context context, const krb5_enctype *etypes)¶
-
- -
-
param
-

[in] context - Library context

-

[in] etypes - Encryption type(s) to set

-
-
-
-
retval
-
    -
  • 0 Success

  • -
  • KRB5_PROG_ETYPE_NOSUPP Program lacks support for encryption type

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function sets the default enctype list for TGS requests made using context to etypes .

-
-

Note

-

This overrides the default list (from config file or built-in).

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_error_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_error_message.html deleted file mode 100644 index 95d6cab5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_error_message.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_set_error_message - Set an extended error message for an error code. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_kdc_recv_hook.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_kdc_recv_hook.html deleted file mode 100644 index b26d79d5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_kdc_recv_hook.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_set_kdc_recv_hook - Set a KDC post-receive hook function. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_set_kdc_recv_hook - Set a KDC post-receive hook function.¶

-
-
-void krb5_set_kdc_recv_hook(krb5_context context, krb5_post_recv_fn recv_hook, void *data)¶
-
- -
-
param
-

[in] context - The library context.

-

[in] recv_hook - Hook function (or NULL to disable the hook)

-

[in] data - Callback data to be passed to recv_hook

-
-
-
-

recv_hook will be called after a reply is received from a KDC during a call to a library function such as krb5_get_credentials(). The hook function may inspect or override the reply. This hook will not be executed if the pre-send hook returns a synthetic reply.

-
-
-

Note

-

New in 1.15

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_kdc_send_hook.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_kdc_send_hook.html deleted file mode 100644 index 7d617965..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_kdc_send_hook.html +++ /dev/null @@ -1,158 +0,0 @@ - - - - - - - - - krb5_set_kdc_send_hook - Set a KDC pre-send hook function. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_set_kdc_send_hook - Set a KDC pre-send hook function.¶

-
-
-void krb5_set_kdc_send_hook(krb5_context context, krb5_pre_send_fn send_hook, void *data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] send_hook - Hook function (or NULL to disable the hook)

-

[in] data - Callback data to be passed to send_hook

-
-
-
-

send_hook will be called before messages are sent to KDCs by library functions such as krb5_get_credentials(). The hook function may inspect, override, or synthesize its own reply to the message.

-
-
-

Note

-

New in 1.15

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_password.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_password.html deleted file mode 100644 index 322450d8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_password.html +++ /dev/null @@ -1,173 +0,0 @@ - - - - - - - - - krb5_set_password - Set a password for a principal using specified credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_set_password - Set a password for a principal using specified credentials.¶

-
-
-krb5_error_code krb5_set_password(krb5_context context, krb5_creds *creds, const char *newpw, krb5_principal change_password_for, int *result_code, krb5_data *result_code_string, krb5_data *result_string)¶
-
- -
-
param
-

[in] context - Library context

-

[in] creds - Credentials for kadmin/changepw service

-

[in] newpw - New password

-

[in] change_password_for - Change the password for this principal

-

[out] result_code - Numeric error code from server

-

[out] result_code_string - String equivalent to result_code

-

[out] result_string - Data returned from the remote system

-
-
-
-
retval
-
    -
  • 0 Success and result_code is set to #KRB5_KPASSWD_SUCCESS.

  • -
-
-
return
-
    -
  • Kerberos error codes.

  • -
-
-
-

This function uses the credentials creds to set the password newpw for the principal change_password_for . It implements the set password operation of RFC 3244, for interoperability with Microsoft Windows implementations.

-

The error code and strings are returned in result_code , result_code_string and result_string .

-
-

Note

-

If change_password_for is NULL, the change is performed on the current principal. If change_password_for is non-null, the change is performed on the principal name passed in change_password_for .

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_password_using_ccache.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_password_using_ccache.html deleted file mode 100644 index 58450ef5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_password_using_ccache.html +++ /dev/null @@ -1,173 +0,0 @@ - - - - - - - - - krb5_set_password_using_ccache - Set a password for a principal using cached credentials. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_set_password_using_ccache - Set a password for a principal using cached credentials.¶

-
-
-krb5_error_code krb5_set_password_using_ccache(krb5_context context, krb5_ccache ccache, const char *newpw, krb5_principal change_password_for, int *result_code, krb5_data *result_code_string, krb5_data *result_string)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ccache - Credential cache

-

[in] newpw - New password

-

[in] change_password_for - Change the password for this principal

-

[out] result_code - Numeric error code from server

-

[out] result_code_string - String equivalent to result_code

-

[out] result_string - Data returned from the remote system

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function uses the cached credentials from ccache to set the password newpw for the principal change_password_for . It implements RFC 3244 set password operation (interoperable with MS Windows implementations) using the credential cache.

-

The error code and strings are returned in result_code , result_code_string and result_string .

-
-

Note

-

If change_password_for is set to NULL, the change is performed on the default principal in ccache . If change_password_for is non null, the change is performed on the specified principal.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_principal_realm.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_principal_realm.html deleted file mode 100644 index b50b287d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_principal_realm.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_set_principal_realm - Set the realm field of a principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_set_principal_realm - Set the realm field of a principal.¶

-
-
-krb5_error_code krb5_set_principal_realm(krb5_context context, krb5_principal principal, const char *realm)¶
-
- -
-
param
-

[in] context - Library context

-

[in] principal - Principal name

-

[in] realm - Realm name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

Set the realm name part of principal to realm , overwriting the previous realm.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_real_time.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_real_time.html deleted file mode 100644 index 2786085b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_real_time.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_set_real_time - Set time offset field in a krb5_context structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_set_real_time - Set time offset field in a krb5_context structure.¶

-
-
-krb5_error_code krb5_set_real_time(krb5_context context, krb5_timestamp seconds, krb5_int32 microseconds)¶
-
- -
-
param
-

[in] context - Library context

-

[in] seconds - Real time, seconds portion

-

[in] microseconds - Real time, microseconds portion

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function sets the time offset in context to the difference between the system time and the real time as determined by seconds and microseconds .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_trace_callback.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_trace_callback.html deleted file mode 100644 index d307a729..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_trace_callback.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_set_trace_callback - Specify a callback function for trace events. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_set_trace_callback - Specify a callback function for trace events.¶

-
-
-krb5_error_code krb5_set_trace_callback(krb5_context context, krb5_trace_callback fn, void *cb_data)¶
-
- -
-
param
-

[in] context - Library context

-

[in] fn - Callback function

-

[in] cb_data - Callback data

-
-
-
-
return
-
    -
  • Returns KRB5_TRACE_NOSUPP if tracing is not supported in the library (unless fn is NULL).

  • -
-
-
-

Specify a callback for trace events occurring in krb5 operations performed within context . fn will be invoked with context as the first argument, cb_data as the last argument, and a pointer to a krb5_trace_info as the second argument. If the trace callback is reset via this function or context is destroyed, fn will be invoked with a NULL second argument so it can clean up cb_data . Supply a NULL value for fn to disable trace callbacks within context .

-
-

Note

-

This function overrides the information passed through the KRB5_TRACE environment variable.

-
-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_trace_filename.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_trace_filename.html deleted file mode 100644 index b3cb27ed..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_set_trace_filename.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_set_trace_filename - Specify a file name for directing trace events. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_set_trace_filename - Specify a file name for directing trace events.¶

-
-
-krb5_error_code krb5_set_trace_filename(krb5_context context, const char *filename)¶
-
- -
-
param
-

[in] context - Library context

-

[in] filename - File name

-
-
-
-
retval
-
    -
  • KRB5_TRACE_NOSUPP Tracing is not supported in the library.

  • -
-
-
-

Open filename for appending (creating it, if necessary) and set up a callback to write trace events to it.

-
-

Note

-

This function overrides the information passed through the KRB5_TRACE environment variable.

-
-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_sname_match.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_sname_match.html deleted file mode 100644 index 254f7841..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_sname_match.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_sname_match - Test whether a principal matches a matching principal. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_sname_match - Test whether a principal matches a matching principal.¶

-
-
-krb5_boolean krb5_sname_match(krb5_context context, krb5_const_principal matching, krb5_const_principal princ)¶
-
- -
-
param
-

[in] context - Library context

-

[in] matching - Matching principal

-

[in] princ - Principal to test

-
-
-
-
return
-
    -
  • TRUE if princ matches matching , FALSE otherwise.

  • -
-
-
-

If matching is NULL, return TRUE. If matching is not a matching principal, return the value of krb5_principal_compare(context, matching, princ).

-
-

Note

-

A matching principal is a host-based principal with an empty realm and/or second data component (hostname). Profile configuration may cause the hostname to be ignored even if it is present. A principal matches a matching principal if the former has the same non-empty (and non-ignored) components of the latter.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_sname_to_principal.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_sname_to_principal.html deleted file mode 100644 index 342e0811..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_sname_to_principal.html +++ /dev/null @@ -1,176 +0,0 @@ - - - - - - - - - krb5_sname_to_principal - Generate a full principal name from a service name. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_sname_to_principal - Generate a full principal name from a service name.¶

-
-
-krb5_error_code krb5_sname_to_principal(krb5_context context, const char *hostname, const char *sname, krb5_int32 type, krb5_principal *ret_princ)¶
-
- -
-
param
-

[in] context - Library context

-

[in] hostname - Host name, or NULL to use local host

-

[in] sname - Service name, or NULL to use “hostâ€

-

[in] type - Principal type

-

[out] ret_princ - Generated principal

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function converts a hostname and sname into krb5_principal structure ret_princ . The returned principal will be of the form sname/hostname@REALM where REALM is determined by krb5_get_host_realm(). In some cases this may be the referral (empty) realm.

-

The type can be one of the following:

-
-
-
    -
  • #KRB5_NT_SRV_HST canonicalizes the host name before looking up the realm and generating the principal.

  • -
  • #KRB5_NT_UNKNOWN accepts the hostname as given, and does not canonicalize it.

  • -
-
-

Use krb5_free_principal to free ret_princ when it is no longer needed.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_cksumtype.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_cksumtype.html deleted file mode 100644 index 6d8b1382..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_cksumtype.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_string_to_cksumtype - Convert a string to a checksum type. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_string_to_cksumtype - Convert a string to a checksum type.¶

-
-
-krb5_error_code krb5_string_to_cksumtype(char *string, krb5_cksumtype *cksumtypep)¶
-
- -
-
param
-

[in] string - String to be converted

-

[out] cksumtypep - Checksum type to be filled in

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - EINVAL

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_deltat.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_deltat.html deleted file mode 100644 index a87380da..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_deltat.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_string_to_deltat - Convert a string to a delta time value. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_string_to_deltat - Convert a string to a delta time value.¶

-
-
-krb5_error_code krb5_string_to_deltat(char *string, krb5_deltat *deltatp)¶
-
- -
-
param
-

[in] string - String to be converted

-

[out] deltatp - Delta time to be filled in

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - KRB5_DELTAT_BADFORMAT

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_enctype.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_enctype.html deleted file mode 100644 index 0e89d17f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_enctype.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_string_to_enctype - Convert a string to an encryption type. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_string_to_enctype - Convert a string to an encryption type.¶

-
-
-krb5_error_code krb5_string_to_enctype(char *string, krb5_enctype *enctypep)¶
-
- -
-
param
-

[in] string - String to convert to an encryption type

-

[out] enctypep - Encryption type

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - EINVAL

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_key.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_key.html deleted file mode 100644 index 3a3bd918..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_key.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_string_to_key — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_salttype.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_salttype.html deleted file mode 100644 index 8c6def7c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_salttype.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_string_to_salttype - Convert a string to a salt type. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_string_to_salttype - Convert a string to a salt type.¶

-
-
-krb5_error_code krb5_string_to_salttype(char *string, krb5_int32 *salttypep)¶
-
- -
-
param
-

[in] string - String to convert to an encryption type

-

[out] salttypep - Salt type to be filled in

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - EINVAL

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_timestamp.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_timestamp.html deleted file mode 100644 index 9e9dd025..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_string_to_timestamp.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - krb5_string_to_timestamp - Convert a string to a timestamp. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
- -
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_timeofday.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_timeofday.html deleted file mode 100644 index f60f4bd5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_timeofday.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_timeofday - Retrieve the current time with context specific time offset adjustment. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_timeofday - Retrieve the current time with context specific time offset adjustment.¶

-
-
-krb5_error_code krb5_timeofday(krb5_context context, krb5_timestamp *timeret)¶
-
- -
-
param
-

[in] context - Library context

-

[out] timeret - Timestamp to fill in

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function retrieves the system time of day with the context specific time offset adjustment.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_timestamp_to_sfstring.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_timestamp_to_sfstring.html deleted file mode 100644 index 8ce57c5e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_timestamp_to_sfstring.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_timestamp_to_sfstring - Convert a timestamp to a string, with optional output padding. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_timestamp_to_sfstring - Convert a timestamp to a string, with optional output padding.¶

-
-
-krb5_error_code krb5_timestamp_to_sfstring(krb5_timestamp timestamp, char *buffer, size_t buflen, char *pad)¶
-
- -
-
param
-

[in] timestamp - Timestamp to convert

-

[out] buffer - Buffer to hold the converted timestamp

-

[in] buflen - Length of buffer

-

[in] pad - Optional value to pad buffer if converted timestamp does not fill it

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

If pad is not NULL, buffer is padded out to buflen - 1 characters with the value of * pad .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_timestamp_to_string.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_timestamp_to_string.html deleted file mode 100644 index 62370c13..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_timestamp_to_string.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - krb5_timestamp_to_string - Convert a timestamp to a string. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_timestamp_to_string - Convert a timestamp to a string.¶

-
-
-krb5_error_code krb5_timestamp_to_string(krb5_timestamp timestamp, char *buffer, size_t buflen)¶
-
- -
-
param
-

[in] timestamp - Timestamp to convert

-

[out] buffer - Buffer to hold converted timestamp

-

[in] buflen - Storage available in buffer

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

The string is returned in the locale’s appropriate date and time representation.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_free.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_free.html deleted file mode 100644 index e7122d6c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_free.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_tkt_creds_free - Free a TGS request context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get.html deleted file mode 100644 index efb93e70..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_tkt_creds_get - Synchronously obtain credentials using a TGS request context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_tkt_creds_get - Synchronously obtain credentials using a TGS request context.¶

-
-
-krb5_error_code krb5_tkt_creds_get(krb5_context context, krb5_tkt_creds_context ctx)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - TGS request context

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function synchronously obtains credentials using a context created by krb5_tkt_creds_init(). On successful return, the credentials can be retrieved with krb5_tkt_creds_get_creds().

-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get_creds.html deleted file mode 100644 index 4b73a258..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get_creds.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_tkt_creds_get_creds - Retrieve acquired credentials from a TGS request context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_tkt_creds_get_creds - Retrieve acquired credentials from a TGS request context.¶

-
-
-krb5_error_code krb5_tkt_creds_get_creds(krb5_context context, krb5_tkt_creds_context ctx, krb5_creds *creds)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - TGS request context

-

[out] creds - Acquired credentials

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function copies the acquired initial credentials from ctx into creds , after the successful completion of krb5_tkt_creds_get() or krb5_tkt_creds_step(). Use krb5_free_cred_contents() to free creds when it is no longer needed.

-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get_times.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get_times.html deleted file mode 100644 index 5cfbf4c0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_get_times.html +++ /dev/null @@ -1,163 +0,0 @@ - - - - - - - - - krb5_tkt_creds_get_times - Retrieve ticket times from a TGS request context. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_tkt_creds_get_times - Retrieve ticket times from a TGS request context.¶

-
-
-krb5_error_code krb5_tkt_creds_get_times(krb5_context context, krb5_tkt_creds_context ctx, krb5_ticket_times *times)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - TGS request context

-

[out] times - Ticket times for acquired credentials

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

The TGS request context must have completed obtaining credentials via either krb5_tkt_creds_get() or krb5_tkt_creds_step().

-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_init.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_init.html deleted file mode 100644 index 05298502..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_init.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - krb5_tkt_creds_init - Create a context to get credentials from a KDC’s Ticket Granting Service. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_tkt_creds_init - Create a context to get credentials from a KDC’s Ticket Granting Service.¶

-
-
-krb5_error_code krb5_tkt_creds_init(krb5_context context, krb5_ccache ccache, krb5_creds *creds, krb5_flags options, krb5_tkt_creds_context *ctx)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ccache - Credential cache handle

-

[in] creds - Input credentials

-

[in] options - Options (see KRB5_GC macros)

-

[out] ctx - New TGS request context

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function prepares to obtain credentials matching creds , either by retrieving them from ccache or by making requests to ticket-granting services beginning with a ticket-granting ticket for the client principal’s realm.

-

The resulting TGS acquisition context can be used asynchronously with krb5_tkt_creds_step() or synchronously with krb5_tkt_creds_get(). See also krb5_get_credentials() for synchronous use.

-

Use krb5_tkt_creds_free() to free ctx when it is no longer needed.

-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_step.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_step.html deleted file mode 100644 index 7eeb50f2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_tkt_creds_step.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_tkt_creds_step - Get the next KDC request in a TGS exchange. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_tkt_creds_step - Get the next KDC request in a TGS exchange.¶

-
-
-krb5_error_code krb5_tkt_creds_step(krb5_context context, krb5_tkt_creds_context ctx, krb5_data *in, krb5_data *out, krb5_data *realm, unsigned int *flags)¶
-
- -
-
param
-

[in] context - Library context

-

[in] ctx - TGS request context

-

[in] in - KDC response (empty on the first call)

-

[out] out - Next KDC request

-

[out] realm - Realm for next KDC request

-

[out] flags - Output flags

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function constructs the next KDC request for a TGS exchange, allowing the caller to control the transport of KDC requests and replies. On the first call, in should be set to an empty buffer; on subsequent calls, it should be set to the KDC’s reply to the previous request.

-

If more requests are needed, flags will be set to #KRB5_TKT_CREDS_STEP_FLAG_CONTINUE and the next request will be placed in out . If no more requests are needed, flags will not contain #KRB5_TKT_CREDS_STEP_FLAG_CONTINUE and out will be empty.

-

If this function returns KRB5KRB_ERR_RESPONSE_TOO_BIG , the caller should transmit the next request using TCP rather than UDP. If this function returns any other error, the TGS exchange has failed.

-
-

Note

-

New in 1.9

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unmarshal_credentials.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unmarshal_credentials.html deleted file mode 100644 index 2f2c3594..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unmarshal_credentials.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_unmarshal_credentials - Deserialize a krb5_creds object. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_unmarshal_credentials - Deserialize a krb5_creds object.¶

-
-
-krb5_error_code krb5_unmarshal_credentials(krb5_context context, const krb5_data *data, krb5_creds **creds_out)¶
-
- -
-
param
-

[in] context - Library context

-

[in] data - The serialized credentials

-

[out] creds_out - The resulting creds object

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

Deserialize data to credentials in the format used by the FILE ccache format (vesion 4) and KCM ccache protocol.

-

Use krb5_free_creds() to free creds_out when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name.html deleted file mode 100644 index 8e3a717b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_unparse_name - Convert a krb5_principal structure to a string representation. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_unparse_name - Convert a krb5_principal structure to a string representation.¶

-
-
-krb5_error_code krb5_unparse_name(krb5_context context, krb5_const_principal principal, char **name)¶
-
- -
-
param
-

[in] context - Library context

-

[in] principal - Principal

-

[out] name - String representation of principal name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

The resulting string representation uses the format and quoting conventions described for krb5_parse_name().

-

Use krb5_free_unparsed_name() to free name when it is no longer needed.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_ext.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_ext.html deleted file mode 100644 index cdb3f3f5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_ext.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_unparse_name_ext - Convert krb5_principal structure to string and length. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_unparse_name_ext - Convert krb5_principal structure to string and length.¶

-
-
-krb5_error_code krb5_unparse_name_ext(krb5_context context, krb5_const_principal principal, char **name, unsigned int *size)¶
-
- -
-
param
-

[in] context - Library context

-

[in] principal - Principal

-

[inout] name - String representation of principal name

-

[inout] size - Size of unparsed name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes. On failure name is set to NULL

  • -
-
-
-

This function is similar to krb5_unparse_name(), but allows the use of an existing buffer for the result. If size is not NULL, then name must point to either NULL or an existing buffer of at least the size pointed to by size . The buffer will be allocated or resized if necessary, with the new pointer stored into name . Whether or not the buffer is resized, the necessary space for the result, including null terminator, will be stored into size .

-

If size is NULL, this function behaves exactly as krb5_unparse_name().

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_flags.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_flags.html deleted file mode 100644 index 68687f4d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_flags.html +++ /dev/null @@ -1,176 +0,0 @@ - - - - - - - - - krb5_unparse_name_flags - Convert krb5_principal structure to a string with flags. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_unparse_name_flags - Convert krb5_principal structure to a string with flags.¶

-
-
-krb5_error_code krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, int flags, char **name)¶
-
- -
-
param
-

[in] context - Library context

-

[in] principal - Principal

-

[in] flags - Flags

-

[out] name - String representation of principal name

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes. On failure name is set to NULL

  • -
-
-
-

Similar to krb5_unparse_name(), this function converts a krb5_principal structure to a string representation.

-

The following flags are valid:

-
-
-
    -
  • #KRB5_PRINCIPAL_UNPARSE_SHORT - omit realm if it is the local realm

  • -
  • #KRB5_PRINCIPAL_UNPARSE_NO_REALM - omit realm

  • -
  • #KRB5_PRINCIPAL_UNPARSE_DISPLAY - do not quote special characters

  • -
-
-

Use krb5_free_unparsed_name() to free name when it is no longer needed.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_flags_ext.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_flags_ext.html deleted file mode 100644 index bfda9aca..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_unparse_name_flags_ext.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_unparse_name_flags_ext - Convert krb5_principal structure to string format with flags. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_unparse_name_flags_ext - Convert krb5_principal structure to string format with flags.¶

-
-
-krb5_error_code krb5_unparse_name_flags_ext(krb5_context context, krb5_const_principal principal, int flags, char **name, unsigned int *size)¶
-
- -
-
param
-

[in] context - Library context

-

[in] principal - Principal

-

[in] flags - Flags

-

[out] name - Single string format of principal name

-

[out] size - Size of unparsed name buffer

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes. On failure name is set to NULL

  • -
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_us_timeofday.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_us_timeofday.html deleted file mode 100644 index 3b2b4322..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_us_timeofday.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_us_timeofday - Retrieve the system time of day, in sec and ms, since the epoch. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_us_timeofday - Retrieve the system time of day, in sec and ms, since the epoch.¶

-
-
-krb5_error_code krb5_us_timeofday(krb5_context context, krb5_timestamp *seconds, krb5_int32 *microseconds)¶
-
- -
-
param
-

[in] context - Library context

-

[out] seconds - System timeofday, seconds portion

-

[out] microseconds - System timeofday, microseconds portion

-
-
-
-
retval
-
    -
  • 0 Success

  • -
-
-
return
-
    -
  • Kerberos error codes

  • -
-
-
-

This function retrieves the system time of day with the context specific time offset adjustment.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_use_enctype.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_use_enctype.html deleted file mode 100644 index dd9fbcd4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_use_enctype.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_use_enctype — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_authdata_kdc_issued.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_authdata_kdc_issued.html deleted file mode 100644 index 4cdbb644..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_authdata_kdc_issued.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_verify_authdata_kdc_issued - Unwrap and verify AD-KDCIssued authorization data. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_verify_authdata_kdc_issued - Unwrap and verify AD-KDCIssued authorization data.¶

-
-
-krb5_error_code krb5_verify_authdata_kdc_issued(krb5_context context, const krb5_keyblock *key, const krb5_authdata *ad_kdcissued, krb5_principal *issuer, krb5_authdata ***authdata)¶
-
- -
-
param
-

[in] context - Library context

-

[in] key - Session key

-

[in] ad_kdcissued - AD-KDCIssued authorization data to be unwrapped

-

[out] issuer - Name of issuing principal (or NULL)

-

[out] authdata - Unwrapped list of authorization data

-
-
-

This function unwraps an AD-KDCIssued authdatum (see RFC 4120 section 5.2.6.2) and verifies its signature against key . The issuer field of the authdatum element is returned in issuer , and the unwrapped list of authdata is returned in authdata .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_checksum.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_checksum.html deleted file mode 100644 index aaca4728..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_checksum.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_verify_checksum — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds.html deleted file mode 100644 index 7f705b7b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds.html +++ /dev/null @@ -1,164 +0,0 @@ - - - - - - - - - krb5_verify_init_creds - Verify initial credentials against a keytab. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_verify_init_creds - Verify initial credentials against a keytab.¶

-
-
-krb5_error_code krb5_verify_init_creds(krb5_context context, krb5_creds *creds, krb5_principal server, krb5_keytab keytab, krb5_ccache *ccache, krb5_verify_init_creds_opt *options)¶
-
- -
-
param
-

[in] context - Library context

-

[in] creds - Initial credentials to be verified

-

[in] server - Server principal (or NULL)

-

[in] keytab - Key table (NULL to use default keytab)

-

[in] ccache - Credential cache for fetched creds (or NULL)

-

[in] options - Verification options (NULL for default options)

-
-
-
-
retval
-
    -
  • 0 Success; otherwise - Kerberos error codes

  • -
-
-
-

This function attempts to verify that creds were obtained from a KDC with knowledge of a key in keytab , or the default keytab if keytab is NULL. If server is provided, the highest-kvno key entry for that principal name is used to verify the credentials; otherwise, all uniqueâ€hostâ€service principals in the keytab are tried.

-

If the specified keytab does not exist, or is empty, or cannot be read, or does not contain an entry for server , then credential verification may be skipped unless configuration demands that it succeed. The caller can control this behavior by providing a verification options structure; see krb5_verify_init_creds_opt_init() and krb5_verify_init_creds_opt_set_ap_req_nofail().

-

If ccache is NULL, any additional credentials fetched during the verification process will be destroyed. If ccache points to NULL, a memory ccache will be created for the additional credentials and returned in ccache . If ccache points to a valid credential cache handle, the additional credentials will be stored in that cache.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds_opt_init.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds_opt_init.html deleted file mode 100644 index cc849396..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds_opt_init.html +++ /dev/null @@ -1,149 +0,0 @@ - - - - - - - - - krb5_verify_init_creds_opt_init - Initialize a credential verification options structure. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.html deleted file mode 100644 index e126c5b7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_verify_init_creds_opt_set_ap_req_nofail - Set whether credential verification is required. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_verify_init_creds_opt_set_ap_req_nofail - Set whether credential verification is required.¶

-
-
-void krb5_verify_init_creds_opt_set_ap_req_nofail(krb5_verify_init_creds_opt *k5_vic_options, int ap_req_nofail)¶
-
- -
-
param
-

[in] k5_vic_options - Verification options structure

-

[in] ap_req_nofail - Whether to require successful verification

-
-
-

This function determines how krb5_verify_init_creds() behaves if no keytab information is available. If ap_req_nofail is FALSE , verification will be skipped in this case and krb5_verify_init_creds() will return successfully. If ap_req_nofail is TRUE , krb5_verify_init_creds() will not return successfully unless verification can be performed.

-

If this function is not used, the behavior of krb5_verify_init_creds() is determined through configuration.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_vprepend_error_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_vprepend_error_message.html deleted file mode 100644 index 94277fe3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_vprepend_error_message.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_vprepend_error_message - Add a prefix to the message for an error code using a va_list. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_vprepend_error_message - Add a prefix to the message for an error code using a va_list.¶

-
-
-void krb5_vprepend_error_message(krb5_context ctx, krb5_error_code code, const char *fmt, va_list args)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] code - Error code

-

[in] fmt - Format string for error message prefix

-

[in] args - List of vprintf(3) style arguments

-
-
-

This function is similar to krb5_prepend_error_message(), but uses a va_list instead of variadic arguments.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_vset_error_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_vset_error_message.html deleted file mode 100644 index f53ce2d3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_vset_error_message.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_vset_error_message - Set an extended error message for an error code using a va_list. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_vset_error_message - Set an extended error message for an error code using a va_list.¶

-
-
-void krb5_vset_error_message(krb5_context ctx, krb5_error_code code, const char *fmt, va_list args)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] code - Error code

-

[in] fmt - Error string for the error code

-

[in] args - List of vprintf(3) style arguments

-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_vwrap_error_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_vwrap_error_message.html deleted file mode 100644 index 0609d8f7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_vwrap_error_message.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_vwrap_error_message - Add a prefix to a different error code’s message using a va_list. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_vwrap_error_message - Add a prefix to a different error code’s message using a va_list.¶

-
-
-void krb5_vwrap_error_message(krb5_context ctx, krb5_error_code old_code, krb5_error_code code, const char *fmt, va_list args)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] old_code - Previous error code

-

[in] code - Error code

-

[in] fmt - Format string for error message prefix

-

[in] args - List of vprintf(3) style arguments

-
-
-

This function is similar to krb5_wrap_error_message(), but uses a va_list instead of variadic arguments.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_wrap_error_message.html b/krb5-1.21.3/doc/html/appdev/refs/api/krb5_wrap_error_message.html deleted file mode 100644 index f0568ced..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/api/krb5_wrap_error_message.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_wrap_error_message - Add a prefix to a different error code’s message. — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_wrap_error_message - Add a prefix to a different error code’s message.¶

-
-
-void krb5_wrap_error_message(krb5_context ctx, krb5_error_code old_code, krb5_error_code code, const char *fmt, ...)¶
-
- -
-
param
-

[in] ctx - Library context

-

[in] old_code - Previous error code

-

[in] code - Error code

-

[in] fmt - Format string for error message prefix

-
-
-

Format a message and prepend it to the message for old_code . The prefix will be separated from the old message with a colon and space. Set the resulting message as the extended error message for code .

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/index.html b/krb5-1.21.3/doc/html/appdev/refs/index.html deleted file mode 100644 index 9d77bd5b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/index.html +++ /dev/null @@ -1,146 +0,0 @@ - - - - - - - - - Complete reference - API and datatypes — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_ADDRPORT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_ADDRPORT.html deleted file mode 100644 index 4a690bd9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_ADDRPORT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ADDRTYPE_ADDRPORT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_CHAOS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_CHAOS.html deleted file mode 100644 index 1ba3684f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_CHAOS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ADDRTYPE_CHAOS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_DDP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_DDP.html deleted file mode 100644 index 17b6bc4f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_DDP.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ADDRTYPE_DDP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_INET.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_INET.html deleted file mode 100644 index de1e0ea9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_INET.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ADDRTYPE_INET — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_INET6.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_INET6.html deleted file mode 100644 index 3c049203..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_INET6.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ADDRTYPE_INET6 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_IPPORT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_IPPORT.html deleted file mode 100644 index 8a8e968c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_IPPORT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ADDRTYPE_IPPORT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_ISO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_ISO.html deleted file mode 100644 index 9ae4173d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_ISO.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ADDRTYPE_ISO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_IS_LOCAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_IS_LOCAL.html deleted file mode 100644 index 56b8c503..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_IS_LOCAL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ADDRTYPE_IS_LOCAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_NETBIOS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_NETBIOS.html deleted file mode 100644 index a202f72a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_NETBIOS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ADDRTYPE_NETBIOS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_XNS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_XNS.html deleted file mode 100644 index a2aaa371..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ADDRTYPE_XNS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ADDRTYPE_XNS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_EXTERNAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_EXTERNAL.html deleted file mode 100644 index 5a47c981..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_EXTERNAL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - AD_TYPE_EXTERNAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.html b/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.html deleted file mode 100644 index c9cdcd8d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - AD_TYPE_FIELD_TYPE_MASK — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_REGISTERED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_REGISTERED.html deleted file mode 100644 index f4a358dc..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_REGISTERED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - AD_TYPE_REGISTERED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_RESERVED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_RESERVED.html deleted file mode 100644 index dd39e3cd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/AD_TYPE_RESERVED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - AD_TYPE_RESERVED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.html b/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.html deleted file mode 100644 index ec6f3da7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - AP_OPTS_ETYPE_NEGOTIATION — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.html deleted file mode 100644 index 168ed1b0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - AP_OPTS_MUTUAL_REQUIRED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_RESERVED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_RESERVED.html deleted file mode 100644 index 0767b785..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_RESERVED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - AP_OPTS_RESERVED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.html deleted file mode 100644 index 744de31d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - AP_OPTS_USE_SESSION_KEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_USE_SUBKEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_USE_SUBKEY.html deleted file mode 100644 index 1e30f4c1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_USE_SUBKEY.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - AP_OPTS_USE_SUBKEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_WIRE_MASK.html b/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_WIRE_MASK.html deleted file mode 100644 index 6008a911..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/AP_OPTS_WIRE_MASK.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - AP_OPTS_WIRE_MASK — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.html deleted file mode 100644 index d9321d28..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - CKSUMTYPE_CMAC_CAMELLIA128 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.html deleted file mode 100644 index 589c5898..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - CKSUMTYPE_CMAC_CAMELLIA256 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CRC32.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CRC32.html deleted file mode 100644 index 1bf66b00..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_CRC32.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - CKSUMTYPE_CRC32 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_DESCBC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_DESCBC.html deleted file mode 100644 index 042bf661..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_DESCBC.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - CKSUMTYPE_DESCBC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.html deleted file mode 100644 index 23c1f670..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - CKSUMTYPE_HMAC_MD5_ARCFOUR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.html deleted file mode 100644 index d35c0a29..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - CKSUMTYPE_HMAC_SHA1_96_AES128 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.html deleted file mode 100644 index 08b21dc0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - CKSUMTYPE_HMAC_SHA1_96_AES256 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.html deleted file mode 100644 index bf3433cd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - CKSUMTYPE_HMAC_SHA1_DES3 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.html deleted file mode 100644 index 91b508c0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - CKSUMTYPE_HMAC_SHA256_128_AES128 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.html deleted file mode 100644 index 357b75e3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - CKSUMTYPE_HMAC_SHA384_192_AES256 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.html deleted file mode 100644 index 561e2406..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - CKSUMTYPE_MD5_HMAC_ARCFOUR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_NIST_SHA.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_NIST_SHA.html deleted file mode 100644 index 78169f07..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_NIST_SHA.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - CKSUMTYPE_NIST_SHA — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD4.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD4.html deleted file mode 100644 index 8763a528..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD4.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - CKSUMTYPE_RSA_MD4 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.html deleted file mode 100644 index 4828b9fc..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - CKSUMTYPE_RSA_MD4_DES — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD5.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD5.html deleted file mode 100644 index 3a231320..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD5.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - CKSUMTYPE_RSA_MD5 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.html deleted file mode 100644 index 47bb1428..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - CKSUMTYPE_RSA_MD5_DES — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_SHA1.html b/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_SHA1.html deleted file mode 100644 index 03a47722..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/CKSUMTYPE_SHA1.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - CKSUMTYPE_SHA1 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.html deleted file mode 100644 index 84907dbe..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_AES128_CTS_HMAC_SHA1_96 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.html deleted file mode 100644 index cf7d6dbb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_AES128_CTS_HMAC_SHA256_128 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.html deleted file mode 100644 index b1236939..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_AES256_CTS_HMAC_SHA1_96 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.html deleted file mode 100644 index 45cb40b1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_AES256_CTS_HMAC_SHA384_192 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.html deleted file mode 100644 index 81404587..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_ARCFOUR_HMAC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.html deleted file mode 100644 index d8540d50..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_ARCFOUR_HMAC_EXP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.html deleted file mode 100644 index e4ac076f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_CAMELLIA128_CTS_CMAC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.html deleted file mode 100644 index 4188976c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_CAMELLIA256_CTS_CMAC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.html deleted file mode 100644 index ef5824a1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_DES3_CBC_ENV — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.html deleted file mode 100644 index ac77c0b8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ENCTYPE_DES3_CBC_RAW — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.html deleted file mode 100644 index d1339c5e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ENCTYPE_DES3_CBC_SHA — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.html deleted file mode 100644 index fffeb10e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ENCTYPE_DES3_CBC_SHA1 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_CRC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_CRC.html deleted file mode 100644 index d27ac671..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_CRC.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ENCTYPE_DES_CBC_CRC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_MD4.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_MD4.html deleted file mode 100644 index 713b165d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_MD4.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ENCTYPE_DES_CBC_MD4 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_MD5.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_MD5.html deleted file mode 100644 index ff8f67f3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_MD5.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ENCTYPE_DES_CBC_MD5 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_RAW.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_RAW.html deleted file mode 100644 index 2b00c5fd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_CBC_RAW.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ENCTYPE_DES_CBC_RAW — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.html deleted file mode 100644 index ce2ba381..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ENCTYPE_DES_HMAC_SHA1 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.html deleted file mode 100644 index 25cbe168..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_DSA_SHA1_CMS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.html deleted file mode 100644 index f8ddb844..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_MD5_RSA_CMS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_NULL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_NULL.html deleted file mode 100644 index 470a8321..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_NULL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ENCTYPE_NULL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.html deleted file mode 100644 index 723f07e7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_RC2_CBC_ENV — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RSA_ENV.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RSA_ENV.html deleted file mode 100644 index 954a7b4b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RSA_ENV.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_RSA_ENV — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.html deleted file mode 100644 index e6850077..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_RSA_ES_OAEP_ENV — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.html deleted file mode 100644 index 036a26da..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - ENCTYPE_SHA1_RSA_CMS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_UNKNOWN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_UNKNOWN.html deleted file mode 100644 index 87adccda..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/ENCTYPE_UNKNOWN.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - ENCTYPE_UNKNOWN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.html deleted file mode 100644 index 2588bf41..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_ALLOW_POSTDATE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_CANONICALIZE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_CANONICALIZE.html deleted file mode 100644 index d09d2419..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_CANONICALIZE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_CANONICALIZE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.html deleted file mode 100644 index 77c24f7e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_CNAME_IN_ADDL_TKT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.html deleted file mode 100644 index 6991b8cd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_DISABLE_TRANSITED_CHECK — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.html deleted file mode 100644 index cab56838..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_ENC_TKT_IN_SKEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_FORWARDABLE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_FORWARDABLE.html deleted file mode 100644 index a498762a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_FORWARDABLE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_FORWARDABLE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_FORWARDED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_FORWARDED.html deleted file mode 100644 index 2406fb8f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_FORWARDED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_FORWARDED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_POSTDATED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_POSTDATED.html deleted file mode 100644 index 3e592eef..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_POSTDATED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_POSTDATED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_PROXIABLE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_PROXIABLE.html deleted file mode 100644 index 9a1d6329..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_PROXIABLE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_PROXIABLE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_PROXY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_PROXY.html deleted file mode 100644 index 9afc01d4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_PROXY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_PROXY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEW.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEW.html deleted file mode 100644 index 1530a3bd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEW.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_RENEW — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEWABLE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEWABLE.html deleted file mode 100644 index 7e6cce5e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEWABLE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_RENEWABLE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEWABLE_OK.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEWABLE_OK.html deleted file mode 100644 index fa7a46ff..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_RENEWABLE_OK.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_RENEWABLE_OK — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.html deleted file mode 100644 index 86f81fe8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_REQUEST_ANONYMOUS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_VALIDATE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_VALIDATE.html deleted file mode 100644 index 2c5e3a25..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_OPT_VALIDATE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_OPT_VALIDATE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_TKT_COMMON_MASK.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_TKT_COMMON_MASK.html deleted file mode 100644 index fdb24401..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KDC_TKT_COMMON_MASK.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KDC_TKT_COMMON_MASK — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.html deleted file mode 100644 index 1b17d417..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.html deleted file mode 100644 index cf18a4da..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_ANONYMOUS_PRINCSTR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.html deleted file mode 100644 index 86788b7c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_ANONYMOUS_REALMSTR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AP_REP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AP_REP.html deleted file mode 100644 index ee080adb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AP_REP.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AP_REP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AP_REQ.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AP_REQ.html deleted file mode 100644 index 39d61c1a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AP_REQ.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AP_REQ — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AS_REP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AS_REP.html deleted file mode 100644 index dcb25ad5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AS_REP.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AS_REP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AS_REQ.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AS_REQ.html deleted file mode 100644 index 42bcd972..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AS_REQ.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AS_REQ — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AND_OR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AND_OR.html deleted file mode 100644 index 70fff114..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AND_OR.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_AND_OR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS.html deleted file mode 100644 index 4e0a933d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_AP_OPTIONS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.html deleted file mode 100644 index 82afcd62..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_AUTH_INDICATOR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.html deleted file mode 100644 index 7082a8b7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_CAMMAC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.html deleted file mode 100644 index f418aa0c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_ETYPE_NEGOTIATION — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.html deleted file mode 100644 index e5a1920c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_FX_ARMOR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.html deleted file mode 100644 index 98120239..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_IF_RELEVANT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.html deleted file mode 100644 index 39c6ac2f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_INITIAL_VERIFIED_CAS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.html deleted file mode 100644 index 7e813f0a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_KDC_ISSUED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.html deleted file mode 100644 index 9b124c94..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_MANDATORY_FOR_KDC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.html deleted file mode 100644 index dfcc6487..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_OSF_DCE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_SESAME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_SESAME.html deleted file mode 100644 index 120e7ce8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_SESAME.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_SESAME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.html deleted file mode 100644 index bbce7738..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_SIGNTICKET — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.html deleted file mode 100644 index dbb62a3b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTHDATA_WIN2K_PAC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html deleted file mode 100644 index 41ae605a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AUTH_CONTEXT_DO_SEQUENCE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.html deleted file mode 100644 index f33df20c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AUTH_CONTEXT_DO_TIME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.html deleted file mode 100644 index de82c37d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.html deleted file mode 100644 index 52ff5672..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.html deleted file mode 100644 index 1c589911..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.html deleted file mode 100644 index 24f41b7c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.html deleted file mode 100644 index 82dad6a9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTH_CONTEXT_PERMIT_ALL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html deleted file mode 100644 index 7e0adf83..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AUTH_CONTEXT_RET_SEQUENCE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.html deleted file mode 100644 index fc0b6ce3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_AUTH_CONTEXT_RET_TIME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.html deleted file mode 100644 index 57bbb1f5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_AUTH_CONTEXT_USE_SUBKEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRED.html deleted file mode 100644 index dff7b7b8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRED.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_CRED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.html deleted file mode 100644 index 715b25c3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_CRYPTO_TYPE_CHECKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.html deleted file mode 100644 index 226fc9eb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_CRYPTO_TYPE_DATA — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.html deleted file mode 100644 index e895e4c3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_CRYPTO_TYPE_EMPTY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.html deleted file mode 100644 index ced3ac96..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_CRYPTO_TYPE_HEADER — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.html deleted file mode 100644 index a6c2bcae..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_CRYPTO_TYPE_PADDING — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.html deleted file mode 100644 index 1c1aeaf0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_CRYPTO_TYPE_SIGN_ONLY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.html deleted file mode 100644 index 79997368..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_CRYPTO_TYPE_STREAM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.html deleted file mode 100644 index f3b67981..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_CRYPTO_TYPE_TRAILER — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.html deleted file mode 100644 index ab69e2ca..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_CYBERSAFE_SECUREID — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.html deleted file mode 100644 index dc467886..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_DOMAIN_X500_COMPRESS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.html deleted file mode 100644 index 7d555dbc..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_ENCPADATA_REQ_ENC_PA_REP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ERROR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ERROR.html deleted file mode 100644 index f62c0f80..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_ERROR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_ERROR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_FAST_REQUIRED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_FAST_REQUIRED.html deleted file mode 100644 index 93accd57..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_FAST_REQUIRED.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_FAST_REQUIRED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CACHED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CACHED.html deleted file mode 100644 index a14f2dfa..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CACHED.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_GC_CACHED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CANONICALIZE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CANONICALIZE.html deleted file mode 100644 index 4b95ab58..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CANONICALIZE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_GC_CANONICALIZE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.html deleted file mode 100644 index fa83ca8c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_GC_CONSTRAINED_DELEGATION — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_FORWARDABLE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_FORWARDABLE.html deleted file mode 100644 index 1c902021..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_FORWARDABLE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_GC_FORWARDABLE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_NO_STORE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_NO_STORE.html deleted file mode 100644 index 0d295ef1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_NO_STORE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_GC_NO_STORE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.html deleted file mode 100644 index 5bbb5a91..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_GC_NO_TRANSIT_CHECK — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_USER_USER.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_USER_USER.html deleted file mode 100644 index f29ef86e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GC_USER_USER.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_GC_USER_USER — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.html deleted file mode 100644 index 23e88cf0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.html deleted file mode 100644 index 7a30c695..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_ANONYMOUS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.html deleted file mode 100644 index 1644df0b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_CANONICALIZE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.html deleted file mode 100644 index c246fe80..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.html deleted file mode 100644 index 16fb25df..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.html deleted file mode 100644 index 74a0055c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_FORWARDABLE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.html deleted file mode 100644 index 52a7f824..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.html deleted file mode 100644 index c26dce11..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_PROXIABLE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.html deleted file mode 100644 index ff000ba6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.html deleted file mode 100644 index 373b1277..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_SALT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.html deleted file mode 100644 index 01cd6a15..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_GET_INIT_CREDS_OPT_TKT_LIFE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.html deleted file mode 100644 index 355450bb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_INIT_CONTEXT_KDC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.html deleted file mode 100644 index 54eb8e4a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_INIT_CONTEXT_SECURE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.html deleted file mode 100644 index bdb4060b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_INIT_CREDS_STEP_FLAG_CONTINUE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT16_MAX.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT16_MAX.html deleted file mode 100644 index f40df445..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT16_MAX.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_INT16_MAX — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT16_MIN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT16_MIN.html deleted file mode 100644 index 4dfa1b9f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT16_MIN.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_INT16_MIN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT32_MAX.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT32_MAX.html deleted file mode 100644 index e1101c51..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT32_MAX.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_INT32_MAX — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT32_MIN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT32_MIN.html deleted file mode 100644 index 96792cb3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_INT32_MIN.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_INT32_MIN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.html deleted file mode 100644 index 15ce11f0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_AD_ITE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.html deleted file mode 100644 index e5132d76..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.html deleted file mode 100644 index 1390823c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_AD_MTE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.html deleted file mode 100644 index f29a8003..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_AD_SIGNEDPATH — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.html deleted file mode 100644 index 157bb001..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_APP_DATA_CKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.html deleted file mode 100644 index 148b4241..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_APP_DATA_ENCRYPT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.html deleted file mode 100644 index 42a81593..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_AP_REP_ENCPART — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.html deleted file mode 100644 index 2afec23e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_AP_REQ_AUTH — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.html deleted file mode 100644 index fe7b9a02..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.html deleted file mode 100644 index 684eab34..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_AS_REP_ENCPART — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.html deleted file mode 100644 index ee4b5c97..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_AS_REQ — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.html deleted file mode 100644 index 347d8084..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.html deleted file mode 100644 index 55ef8a23..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_CAMMAC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.html deleted file mode 100644 index 07e06c93..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.html deleted file mode 100644 index eb1dad66..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_ENC_CHALLENGE_KDC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.html deleted file mode 100644 index 05d84c73..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_FAST_ENC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.html deleted file mode 100644 index 8cac3ee3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_FAST_FINISHED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.html deleted file mode 100644 index 468a1372..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_FAST_REP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.html deleted file mode 100644 index 04a5fda6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_FAST_REQ_CHKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.html deleted file mode 100644 index 644df17e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_GSS_TOK_MIC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.html deleted file mode 100644 index e8f10482..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.html deleted file mode 100644 index 3007f386..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.html deleted file mode 100644 index 2c95a450..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_IAKERB_FINISHED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.html deleted file mode 100644 index acd0b536..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_KDC_REP_TICKET — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.html deleted file mode 100644 index e11c08f5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_KRB_CRED_ENCPART — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.html deleted file mode 100644 index 060342a2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_KRB_ERROR_CKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.html deleted file mode 100644 index 68a4880f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_KRB_PRIV_ENCPART — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.html deleted file mode 100644 index ba018d6d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_KRB_SAFE_CKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.html deleted file mode 100644 index d9c80b7a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_PA_AS_FRESHNESS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.html deleted file mode 100644 index e8292e4f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_PA_FX_COOKIE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.html deleted file mode 100644 index e89df956..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_PA_OTP_REQUEST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.html deleted file mode 100644 index 40868aa9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_PA_PKINIT_KX — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.html deleted file mode 100644 index ae63d69b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.html deleted file mode 100644 index 6274c41c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.html deleted file mode 100644 index a0e3d1bb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.html deleted file mode 100644 index ec6428aa..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.html deleted file mode 100644 index 44e7ff24..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_PA_SAM_RESPONSE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.html deleted file mode 100644 index 10c5646b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_SPAKE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.html deleted file mode 100644 index 3d08678f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.html deleted file mode 100644 index 2c588309..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.html deleted file mode 100644 index 7a7f6dbe..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.html deleted file mode 100644 index 41e1cfaa..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.html deleted file mode 100644 index d2797ff5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_TGS_REQ_AUTH — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.html deleted file mode 100644 index 656d6db8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.html deleted file mode 100644 index 8cca01a4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KPASSWD_ACCESSDENIED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.html deleted file mode 100644 index dac7c727..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KPASSWD_AUTHERROR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.html deleted file mode 100644 index 8c7797e6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KPASSWD_BAD_VERSION — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_HARDERROR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_HARDERROR.html deleted file mode 100644 index 548a9491..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_HARDERROR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KPASSWD_HARDERROR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.html deleted file mode 100644 index ed33f90c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KPASSWD_INITIAL_FLAG_NEEDED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_MALFORMED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_MALFORMED.html deleted file mode 100644 index 02531d2e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_MALFORMED.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KPASSWD_MALFORMED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.html deleted file mode 100644 index 3e148d5c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KPASSWD_SOFTERROR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_SUCCESS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_SUCCESS.html deleted file mode 100644 index 5a34deae..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_KPASSWD_SUCCESS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_KPASSWD_SUCCESS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.html deleted file mode 100644 index 4df404e2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ALL_ACCT_EXPTIME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.html deleted file mode 100644 index 3fa64341..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ALL_LAST_INITIAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.html deleted file mode 100644 index f5c91b47..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ALL_LAST_RENEWAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.html deleted file mode 100644 index b8ca647f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ALL_LAST_REQ — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.html deleted file mode 100644 index 1cad65d9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ALL_LAST_TGT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.html deleted file mode 100644 index c640d128..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ALL_LAST_TGT_ISSUED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.html deleted file mode 100644 index 922f0cb7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ALL_PW_EXPTIME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_NONE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_NONE.html deleted file mode 100644 index 94908791..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_NONE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_NONE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.html deleted file mode 100644 index 04158f6e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ONE_ACCT_EXPTIME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.html deleted file mode 100644 index c636173c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ONE_LAST_INITIAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.html deleted file mode 100644 index 699a6e6b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ONE_LAST_RENEWAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.html deleted file mode 100644 index 67cc996d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ONE_LAST_REQ — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.html deleted file mode 100644 index db11dfd5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ONE_LAST_TGT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.html deleted file mode 100644 index e577d4a4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ONE_LAST_TGT_ISSUED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.html deleted file mode 100644 index 19aa6125..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_LRQ_ONE_PW_EXPTIME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.html deleted file mode 100644 index 1fac3dc6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_ENTERPRISE_PRINCIPAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.html deleted file mode 100644 index 3f8c4a54..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_ENT_PRINCIPAL_AND_ID — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.html deleted file mode 100644 index a4c6d64c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_MS_PRINCIPAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.html deleted file mode 100644 index 4f094861..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_MS_PRINCIPAL_AND_ID — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_PRINCIPAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_PRINCIPAL.html deleted file mode 100644 index 8417f080..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_PRINCIPAL.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_PRINCIPAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SMTP_NAME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SMTP_NAME.html deleted file mode 100644 index 713f7d04..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SMTP_NAME.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_SMTP_NAME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_HST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_HST.html deleted file mode 100644 index ea39be06..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_HST.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_SRV_HST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_INST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_INST.html deleted file mode 100644 index e06767b5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_INST.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_SRV_INST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_XHST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_XHST.html deleted file mode 100644 index 58ff5a38..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_SRV_XHST.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_SRV_XHST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_UID.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_UID.html deleted file mode 100644 index 9f07d918..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_UID.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_UID — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_UNKNOWN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_UNKNOWN.html deleted file mode 100644 index 1fafad87..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_UNKNOWN.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_UNKNOWN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_WELLKNOWN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_WELLKNOWN.html deleted file mode 100644 index ae4e8efd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_WELLKNOWN.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_WELLKNOWN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.html deleted file mode 100644 index 97cd623b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_NT_X500_PRINCIPAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO.html deleted file mode 100644 index e06554a7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_ATTRIBUTES_INFO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS.html deleted file mode 100644 index cbc6f1b8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_CLIENT_CLAIMS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CLIENT_INFO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CLIENT_INFO.html deleted file mode 100644 index 0baaa306..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CLIENT_INFO.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_CLIENT_INFO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.html deleted file mode 100644 index 4a8affa0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_CREDENTIALS_INFO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.html deleted file mode 100644 index f64e5e49..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_DELEGATION_INFO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS.html deleted file mode 100644 index fd4c885b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_DEVICE_CLAIMS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DEVICE_INFO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DEVICE_INFO.html deleted file mode 100644 index 013bb185..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_DEVICE_INFO.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_DEVICE_INFO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM.html deleted file mode 100644 index 353d4dd9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_FULL_CHECKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_LOGON_INFO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_LOGON_INFO.html deleted file mode 100644 index bfc0234b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_LOGON_INFO.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_LOGON_INFO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.html deleted file mode 100644 index 3ffdbb29..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_PRIVSVR_CHECKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_REQUESTOR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_REQUESTOR.html deleted file mode 100644 index 47817b39..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_REQUESTOR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_REQUESTOR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.html deleted file mode 100644 index d24eb72f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_SERVER_CHECKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM.html deleted file mode 100644 index fb62d2bd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_TICKET_CHECKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.html deleted file mode 100644 index fd41ee25..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PAC_UPN_DNS_INFO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AFS3_SALT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AFS3_SALT.html deleted file mode 100644 index dbcf8818..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AFS3_SALT.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_AFS3_SALT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AP_REQ.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AP_REQ.html deleted file mode 100644 index 79e93cdc..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AP_REQ.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_PADATA_AP_REQ — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.html deleted file mode 100644 index e792ee2c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_AS_CHECKSUM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.html deleted file mode 100644 index 591d530e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_AS_FRESHNESS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.html deleted file mode 100644 index cdec0985..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_ENCRYPTED_CHALLENGE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.html deleted file mode 100644 index 0aabef98..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_ENC_SANDIA_SECURID — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.html deleted file mode 100644 index d2ded004..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_ENC_TIMESTAMP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.html deleted file mode 100644 index 3bf213c5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_ENC_UNIX_TIME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.html deleted file mode 100644 index a3f9dec3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_ETYPE_INFO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.html deleted file mode 100644 index 26dcb563..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_ETYPE_INFO2 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FOR_USER.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FOR_USER.html deleted file mode 100644 index a27a4a42..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FOR_USER.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_FOR_USER — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_COOKIE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_COOKIE.html deleted file mode 100644 index 441bf7a7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_COOKIE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_FX_COOKIE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_ERROR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_ERROR.html deleted file mode 100644 index cc138b81..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_ERROR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_FX_ERROR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_FAST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_FAST.html deleted file mode 100644 index ec6a02d8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_FX_FAST.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_FX_FAST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.html deleted file mode 100644 index 694b3a39..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_GET_FROM_TYPED_DATA — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_NONE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_NONE.html deleted file mode 100644 index 53ac73b9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_NONE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_PADATA_NONE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OSF_DCE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OSF_DCE.html deleted file mode 100644 index e52e1823..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OSF_DCE.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_OSF_DCE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.html deleted file mode 100644 index 73b98513..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_OTP_CHALLENGE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.html deleted file mode 100644 index 9b40085c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_OTP_PIN_CHANGE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.html deleted file mode 100644 index e1555bde..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_OTP_REQUEST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.html deleted file mode 100644 index 127483eb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_PAC_OPTIONS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.html deleted file mode 100644 index 33f40044..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_PAC_REQUEST — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PKINIT_KX.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PKINIT_KX.html deleted file mode 100644 index bd7cb1a8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PKINIT_KX.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_PKINIT_KX — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REP.html deleted file mode 100644 index 6c26c165..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REP.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_PK_AS_REP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.html deleted file mode 100644 index 6720716b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_PK_AS_REP_OLD — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.html deleted file mode 100644 index 1381c3f6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_PK_AS_REQ — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.html deleted file mode 100644 index 2f6f8a02..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_PK_AS_REQ_OLD — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PW_SALT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PW_SALT.html deleted file mode 100644 index 82779459..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_PW_SALT.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_PW_SALT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2.html deleted file mode 100644 index 90a848b4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_REDHAT_IDP_OAUTH2 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY.html deleted file mode 100644 index c7716401..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_REDHAT_PASSKEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REFERRAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REFERRAL.html deleted file mode 100644 index 60769bc8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_REFERRAL.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_REFERRAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.html deleted file mode 100644 index dab60d42..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_S4U_X509_USER — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.html deleted file mode 100644 index d9470ce8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_SAM_CHALLENGE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.html deleted file mode 100644 index 93c5e28c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_SAM_CHALLENGE_2 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.html deleted file mode 100644 index 9afb8585..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_SAM_REDIRECT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.html deleted file mode 100644 index 90dd4098..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_SAM_RESPONSE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.html deleted file mode 100644 index 35cfcc56..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_SAM_RESPONSE_2 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SESAME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SESAME.html deleted file mode 100644 index 29d865fb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SESAME.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_SESAME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SPAKE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SPAKE.html deleted file mode 100644 index ff33e801..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SPAKE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_PADATA_SPAKE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.html deleted file mode 100644 index 73c39f7b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_PADATA_SVR_REFERRAL_INFO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_TGS_REQ.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_TGS_REQ.html deleted file mode 100644 index e9373351..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_TGS_REQ.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_PADATA_TGS_REQ — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.html deleted file mode 100644 index 26579093..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PADATA_USE_SPECIFIED_KVNO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.html deleted file mode 100644 index 299fcdce..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_COMPARE_CASEFOLD — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.html deleted file mode 100644 index 30caf5b2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_COMPARE_ENTERPRISE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.html deleted file mode 100644 index 17e389d9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_COMPARE_IGNORE_REALM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.html deleted file mode 100644 index d9344c89..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_COMPARE_UTF8 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.html deleted file mode 100644 index 70a1e25b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_PARSE_ENTERPRISE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.html deleted file mode 100644 index 39d64c35..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_PARSE_IGNORE_REALM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.html deleted file mode 100644 index 3f72f4e0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_PARSE_NO_DEF_REALM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.html deleted file mode 100644 index 5fd992a2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_PARSE_NO_REALM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.html deleted file mode 100644 index f5095cbd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_PARSE_REQUIRE_REALM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.html deleted file mode 100644 index 31fe3d22..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_UNPARSE_DISPLAY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.html deleted file mode 100644 index 966c02a1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_UNPARSE_NO_REALM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.html deleted file mode 100644 index d3428444..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRINCIPAL_UNPARSE_SHORT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRIV.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRIV.html deleted file mode 100644 index cc916c5c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PRIV.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PRIV — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.html deleted file mode 100644 index b7804380..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PROMPT_TYPE_NEW_PASSWORD — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.html deleted file mode 100644 index 804677e0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.html deleted file mode 100644 index 502e9e54..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PROMPT_TYPE_PASSWORD — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.html deleted file mode 100644 index b171ba7b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PROMPT_TYPE_PREAUTH — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PVNO.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PVNO.html deleted file mode 100644 index 38745ac3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_PVNO.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_PVNO — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.html deleted file mode 100644 index bc709d69..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_REALM_BRANCH_CHAR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.html deleted file mode 100644 index b46c6741..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_RECVAUTH_BADAUTHVERS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.html deleted file mode 100644 index e082baba..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_RECVAUTH_SKIP_VERSION — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_REFERRAL_REALM.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_REFERRAL_REALM.html deleted file mode 100644 index 0b9a4ac2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_REFERRAL_REALM.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_REFERRAL_REALM — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.html deleted file mode 100644 index 623466c8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.html deleted file mode 100644 index cebd9b69..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.html deleted file mode 100644 index 7ddab447..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_OTP_FLAGS_NEXTOTP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KRB5_RESPONDER_OTP_FLAGS_NEXTOTP¶

-
-
-KRB5_RESPONDER_OTP_FLAGS_NEXTOTP¶
-
- -

This flag indicates that the token is now in re-synchronization mode with the server.

-

The user is expected to reply with the next code displayed on the token.

- ---- - - - - - -

KRB5_RESPONDER_OTP_FLAGS_NEXTOTP

0x0004

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.html deleted file mode 100644 index 82e90dd4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN¶

-
-
-KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN¶
-
- -

This flag indicates that the PIN MUST be returned as a separate item.

-

This flag only takes effect if KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN is set. If this flag is not set, the responder may either concatenate PIN + token value and store it as “value†in the answer or it may return them separately. If they are returned separately, they will be concatenated internally.

- ---- - - - - - -

KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN

0x0008

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.html deleted file mode 100644 index 54e9f962..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.html deleted file mode 100644 index bddbd49c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_OTP_FORMAT_DECIMAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.html deleted file mode 100644 index e914ac60..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.html deleted file mode 100644 index 112c8885..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW¶

-
-
-KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW¶
-
- -

This flag indicates that an incorrect PIN was supplied at least once since the last time the correct PIN was supplied.

- ---- - - - - - -

KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW

(1 << 0)

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.html deleted file mode 100644 index 2bf60dd7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY¶

-
-
-KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY¶
-
- -

This flag indicates that supplying an incorrect PIN will cause the token to lock itself.

- ---- - - - - - -

KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY

(1 << 1)

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.html deleted file mode 100644 index b1a4bfbe..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED¶

-
-
-KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED¶
-
- -

This flag indicates that the user PIN is locked, and you can’t log in to the token with it.

- ---- - - - - - -

KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED

(1 << 2)

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.html deleted file mode 100644 index c0a0447c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.html +++ /dev/null @@ -1,183 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_QUESTION_OTP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KRB5_RESPONDER_QUESTION_OTP¶

-
-
-KRB5_RESPONDER_QUESTION_OTP¶
-
- -

OTP responder question.

-

The OTP responder question is asked when the KDC indicates that an OTP value is required in order to complete the authentication. The JSON format of the challenge is:

-
{
-  "service": <string (optional)>,
-  "tokenInfo": [
-    {
-      "flags":     <number>,
-      "vendor":    <string (optional)>,
-      "challenge": <string (optional)>,
-      "length":    <number (optional)>,
-      "format":    <number (optional)>,
-      "tokenID":   <string (optional)>,
-      "algID":     <string (optional)>,
-    },
-    ...
-  ]
-}
-
-
-

The answer to the question MUST be JSON formatted:

-
{
-  "tokeninfo": <number>,
-  "value":     <string (optional)>,
-  "pin":       <string (optional)>,
-}
-
-
-

For more detail, please see RFC 6560.

- ---- - - - - - -

KRB5_RESPONDER_QUESTION_OTP

"otp"

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.html deleted file mode 100644 index 02444d31..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_QUESTION_PASSWORD — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KRB5_RESPONDER_QUESTION_PASSWORD¶

-
-
-KRB5_RESPONDER_QUESTION_PASSWORD¶
-
- -

Long-term password responder question.

-

This question is asked when the long-term password is needed. It has no challenge and the response is simply the password string.

- ---- - - - - - -

KRB5_RESPONDER_QUESTION_PASSWORD

"password"

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.html deleted file mode 100644 index 9555cd40..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - KRB5_RESPONDER_QUESTION_PKINIT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KRB5_RESPONDER_QUESTION_PKINIT¶

-
-
-KRB5_RESPONDER_QUESTION_PKINIT¶
-
- -

PKINIT responder question.

-

The PKINIT responder question is asked when the client needs a password that’s being used to protect key information, and is formatted as a JSON object. A specific identity’s flags value, if not zero, is the bitwise-OR of one or more of the KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_* flags defined below, and possibly other flags to be added later. Any resemblance to similarly-named CKF_* values in the PKCS#11 API should not be depended on.

-
{
-    identity <string> : flags <number>,
-    ...
-}
-
-
-

The answer to the question MUST be JSON formatted:

-
{
-    identity <string> : password <string>,
-    ...
-}
-
-
- ---- - - - - - -

KRB5_RESPONDER_QUESTION_PKINIT

"pkinit"

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAFE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAFE.html deleted file mode 100644 index 28aa5416..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAFE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_SAFE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.html deleted file mode 100644 index 91e0a11f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_SAM_MUST_PK_ENCRYPT_SAD — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.html deleted file mode 100644 index fc84dd56..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_SAM_SEND_ENCRYPTED_SAD — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.html deleted file mode 100644 index ab16bebd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_SAM_USE_SAD_AS_KEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.html deleted file mode 100644 index a0f0bc2c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_MATCH_2ND_TKT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.html deleted file mode 100644 index 56fd2b0a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_MATCH_AUTHDATA — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_FLAGS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_FLAGS.html deleted file mode 100644 index ba64fc52..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_FLAGS.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_MATCH_FLAGS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.html deleted file mode 100644 index 9277e5f9..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_MATCH_FLAGS_EXACT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.html deleted file mode 100644 index 05f51208..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_MATCH_IS_SKEY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_KTYPE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_KTYPE.html deleted file mode 100644 index 26a09f4e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_KTYPE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_MATCH_KTYPE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.html deleted file mode 100644 index 21a46395..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_MATCH_SRV_NAMEONLY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_TIMES.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_TIMES.html deleted file mode 100644 index 706fa811..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_TIMES.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_MATCH_TIMES — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.html deleted file mode 100644 index b4ced03c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_MATCH_TIMES_EXACT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_NOTICKET.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_NOTICKET.html deleted file mode 100644 index a538e81c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_NOTICKET.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_TC_NOTICKET — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_OPENCLOSE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_OPENCLOSE.html deleted file mode 100644 index d29a659d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_OPENCLOSE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_OPENCLOSE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.html deleted file mode 100644 index 804f3f96..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TC_SUPPORTED_KTYPES — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_NAME.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_NAME.html deleted file mode 100644 index fc50c9d2..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_NAME.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_TGS_NAME — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_NAME_SIZE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_NAME_SIZE.html deleted file mode 100644 index 17165999..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_NAME_SIZE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_TGS_NAME_SIZE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_REP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_REP.html deleted file mode 100644 index 1de7c9e8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_REP.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TGS_REP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_REQ.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_REQ.html deleted file mode 100644 index 17b6805d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TGS_REQ.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TGS_REQ — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.html deleted file mode 100644 index 6f4074cd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_TKT_CREDS_STEP_FLAG_CONTINUE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.html deleted file mode 100644 index 209ec907..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.html b/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.html deleted file mode 100644 index b26465ae..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - KRB5_WELLKNOWN_NAMESTR — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.html b/krb5-1.21.3/doc/html/appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.html deleted file mode 100644 index ab9812dd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - LR_TYPE_INTERPRETATION_MASK — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.html deleted file mode 100644 index c54eaae6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - LR_TYPE_THIS_SERVER_ONLY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/MAX_KEYTAB_NAME_LEN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/MAX_KEYTAB_NAME_LEN.html deleted file mode 100644 index 9bae5d74..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/MAX_KEYTAB_NAME_LEN.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - MAX_KEYTAB_NAME_LEN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/MSEC_DIRBIT.html b/krb5-1.21.3/doc/html/appdev/refs/macros/MSEC_DIRBIT.html deleted file mode 100644 index e706689f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/MSEC_DIRBIT.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - MSEC_DIRBIT — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/MSEC_VAL_MASK.html b/krb5-1.21.3/doc/html/appdev/refs/macros/MSEC_VAL_MASK.html deleted file mode 100644 index 8e39c74c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/MSEC_VAL_MASK.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - MSEC_VAL_MASK — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/SALT_TYPE_AFS_LENGTH.html b/krb5-1.21.3/doc/html/appdev/refs/macros/SALT_TYPE_AFS_LENGTH.html deleted file mode 100644 index fde0badb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/SALT_TYPE_AFS_LENGTH.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - SALT_TYPE_AFS_LENGTH — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/SALT_TYPE_NO_LENGTH.html b/krb5-1.21.3/doc/html/appdev/refs/macros/SALT_TYPE_NO_LENGTH.html deleted file mode 100644 index e63ffe42..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/SALT_TYPE_NO_LENGTH.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - SALT_TYPE_NO_LENGTH — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/THREEPARAMOPEN.html b/krb5-1.21.3/doc/html/appdev/refs/macros/THREEPARAMOPEN.html deleted file mode 100644 index 48e6dbe5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/THREEPARAMOPEN.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - THREEPARAMOPEN — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_ANONYMOUS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_ANONYMOUS.html deleted file mode 100644 index eb6bf255..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_ANONYMOUS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_ANONYMOUS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_ENC_PA_REP.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_ENC_PA_REP.html deleted file mode 100644 index 9d8646f5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_ENC_PA_REP.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_ENC_PA_REP — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_FORWARDABLE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_FORWARDABLE.html deleted file mode 100644 index ae4dea63..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_FORWARDABLE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_FORWARDABLE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_FORWARDED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_FORWARDED.html deleted file mode 100644 index 6c11f1ef..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_FORWARDED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_FORWARDED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_HW_AUTH.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_HW_AUTH.html deleted file mode 100644 index d24e78cd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_HW_AUTH.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_HW_AUTH — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_INITIAL.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_INITIAL.html deleted file mode 100644 index fdbd605f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_INITIAL.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_INITIAL — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_INVALID.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_INVALID.html deleted file mode 100644 index 59690bdd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_INVALID.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_INVALID — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_MAY_POSTDATE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_MAY_POSTDATE.html deleted file mode 100644 index 90215b3f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_MAY_POSTDATE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_MAY_POSTDATE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.html deleted file mode 100644 index f8720858..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_OK_AS_DELEGATE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_POSTDATED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_POSTDATED.html deleted file mode 100644 index 7876d7fb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_POSTDATED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_POSTDATED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PRE_AUTH.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PRE_AUTH.html deleted file mode 100644 index 7986b172..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PRE_AUTH.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_PRE_AUTH — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PROXIABLE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PROXIABLE.html deleted file mode 100644 index 6442711a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PROXIABLE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_PROXIABLE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PROXY.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PROXY.html deleted file mode 100644 index e92bfd30..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_PROXY.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_PROXY — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_RENEWABLE.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_RENEWABLE.html deleted file mode 100644 index c64c3421..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_RENEWABLE.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_RENEWABLE — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.html b/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.html deleted file mode 100644 index 1948ba86..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - TKT_FLG_TRANSIT_POLICY_CHECKED — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/VALID_INT_BITS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/VALID_INT_BITS.html deleted file mode 100644 index 8667fdf6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/VALID_INT_BITS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - VALID_INT_BITS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/VALID_UINT_BITS.html b/krb5-1.21.3/doc/html/appdev/refs/macros/VALID_UINT_BITS.html deleted file mode 100644 index e3369ff5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/VALID_UINT_BITS.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - VALID_UINT_BITS — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/index.html b/krb5-1.21.3/doc/html/appdev/refs/macros/index.html deleted file mode 100644 index c29da0e3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/index.html +++ /dev/null @@ -1,538 +0,0 @@ - - - - - - - - - krb5 simple macros — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5 simple macros¶

-
-

Public¶

-
- -
-
-
-

Deprecated macros¶

- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb524_convert_creds_kdc.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb524_convert_creds_kdc.html deleted file mode 100644 index 43b9edd6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb524_convert_creds_kdc.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb524_convert_creds_kdc — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb524_init_ets.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb524_init_ets.html deleted file mode 100644 index c9e8d245..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb524_init_ets.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb524_init_ets — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_const.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_const.html deleted file mode 100644 index f7a465cd..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_const.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_const — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_component.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_component.html deleted file mode 100644 index 9213f53f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_component.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_princ_component — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_name.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_name.html deleted file mode 100644 index 1d74bab1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_name.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_princ_name — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_realm.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_realm.html deleted file mode 100644 index b823d83c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_realm.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_princ_realm — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm.html deleted file mode 100644 index 46911bbf..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_princ_set_realm — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm_data.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm_data.html deleted file mode 100644 index 7efffde6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm_data.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_princ_set_realm_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm_length.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm_length.html deleted file mode 100644 index f40014ca..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_set_realm_length.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_princ_set_realm_length — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_size.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_size.html deleted file mode 100644 index e3c40b40..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_size.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_princ_size — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_type.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_type.html deleted file mode 100644 index 3f4cfe16..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_princ_type.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_princ_type — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_roundup.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_roundup.html deleted file mode 100644 index 5760e26e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_roundup.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_roundup — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_x.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_x.html deleted file mode 100644 index 5dbad632..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_x.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_x — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_xc.html b/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_xc.html deleted file mode 100644 index 936738c5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/macros/krb5_xc.html +++ /dev/null @@ -1,155 +0,0 @@ - - - - - - - - - krb5_xc — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/index.html b/krb5-1.21.3/doc/html/appdev/refs/types/index.html deleted file mode 100644 index 5e9535b8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/index.html +++ /dev/null @@ -1,248 +0,0 @@ - - - - - - - - - krb5 types and structures — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5 types and structures¶

-
-

Public¶

- -
-
-

Internal¶

- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_address.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_address.html deleted file mode 100644 index 294f8cd3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_address.html +++ /dev/null @@ -1,176 +0,0 @@ - - - - - - - - - krb5_address — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_addrtype.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_addrtype.html deleted file mode 100644 index b628f07c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_addrtype.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_addrtype — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_rep.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_rep.html deleted file mode 100644 index 9e545b12..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_rep.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_ap_rep — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_ap_rep¶

-
-
-type krb5_ap_rep¶
-
- -

C representaton of AP-REP message.

-

The server’s response to a client’s request for mutual authentication.

-
-

Declaration¶

-

typedef struct _krb5_ap_rep krb5_ap_rep

-
-
-

Members¶

-
-
-krb5_magic krb5_ap_rep.magic¶
-
- -
-
-krb5_enc_data krb5_ap_rep.enc_part¶
-

Ciphertext of ApRepEncPart.

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_rep_enc_part.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_rep_enc_part.html deleted file mode 100644 index dc828802..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_rep_enc_part.html +++ /dev/null @@ -1,185 +0,0 @@ - - - - - - - - - krb5_ap_rep_enc_part — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_ap_rep_enc_part¶

-
-
-type krb5_ap_rep_enc_part¶
-
- -

Cleartext that is encrypted and put into _krb5_ap_rep .

-
-

Declaration¶

-

typedef struct _krb5_ap_rep_enc_part krb5_ap_rep_enc_part

-
-
-

Members¶

-
-
-krb5_magic krb5_ap_rep_enc_part.magic¶
-
- -
-
-krb5_timestamp krb5_ap_rep_enc_part.ctime¶
-

Client time, seconds portion.

-
- -
-
-krb5_int32 krb5_ap_rep_enc_part.cusec¶
-

Client time, microseconds portion.

-
- -
-
-krb5_keyblock *krb5_ap_rep_enc_part.subkey¶
-

Subkey (optional)

-
- -
-
-krb5_ui_4 krb5_ap_rep_enc_part.seq_number¶
-

Sequence number.

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_req.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_req.html deleted file mode 100644 index ca351ebf..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ap_req.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - - krb5_ap_req — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_auth_context.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_auth_context.html deleted file mode 100644 index ed1bad76..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_auth_context.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_auth_context — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_authdata.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_authdata.html deleted file mode 100644 index 80b6c041..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_authdata.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - - krb5_authdata — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_authdatatype.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_authdatatype.html deleted file mode 100644 index 46a50acb..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_authdatatype.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_authdatatype — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_authenticator.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_authenticator.html deleted file mode 100644 index cdf6a7b3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_authenticator.html +++ /dev/null @@ -1,204 +0,0 @@ - - - - - - - - - krb5_authenticator — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_authenticator¶

-
-
-type krb5_authenticator¶
-
- -

Ticket authenticator.

-

The C representation of an unencrypted authenticator.

-
-

Declaration¶

-

typedef struct _krb5_authenticator krb5_authenticator

-
-
-

Members¶

-
-
-krb5_magic krb5_authenticator.magic¶
-
- -
-
-krb5_principal krb5_authenticator.client¶
-

client name/realm

-
- -
-
-krb5_checksum *krb5_authenticator.checksum¶
-

checksum, includes type, optional

-
- -
-
-krb5_int32 krb5_authenticator.cusec¶
-

client usec portion

-
- -
-
-krb5_timestamp krb5_authenticator.ctime¶
-

client sec portion

-
- -
-
-krb5_keyblock *krb5_authenticator.subkey¶
-

true session key, optional

-
- -
-
-krb5_ui_4 krb5_authenticator.seq_number¶
-

sequence #, optional

-
- -
-
-krb5_authdata **krb5_authenticator.authorization_data¶
-

authoriazation data

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_boolean.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_boolean.html deleted file mode 100644 index 4e87bd02..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_boolean.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_boolean — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cc_cursor.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cc_cursor.html deleted file mode 100644 index 5863dd69..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cc_cursor.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_cc_cursor — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ccache.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ccache.html deleted file mode 100644 index a6049bd5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ccache.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_ccache — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cccol_cursor.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cccol_cursor.html deleted file mode 100644 index 32946183..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cccol_cursor.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_cccol_cursor — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_checksum.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_checksum.html deleted file mode 100644 index e4cfae98..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_checksum.html +++ /dev/null @@ -1,175 +0,0 @@ - - - - - - - - - krb5_checksum — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cksumtype.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cksumtype.html deleted file mode 100644 index 8fa5a316..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cksumtype.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_cksumtype — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_const_pointer.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_const_pointer.html deleted file mode 100644 index 9c53bc7c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_const_pointer.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_const_pointer — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_const_principal.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_const_principal.html deleted file mode 100644 index fa0778d0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_const_principal.html +++ /dev/null @@ -1,182 +0,0 @@ - - - - - - - - - krb5_const_principal — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_context.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_context.html deleted file mode 100644 index 888b289d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_context.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_context — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred.html deleted file mode 100644 index 7971ac68..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - - krb5_cred — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred_enc_part.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred_enc_part.html deleted file mode 100644 index eaa49890..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred_enc_part.html +++ /dev/null @@ -1,196 +0,0 @@ - - - - - - - - - krb5_cred_enc_part — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cred_enc_part¶

-
-
-type krb5_cred_enc_part¶
-
- -

Cleartext credentials information.

-
-

Declaration¶

-

typedef struct _krb5_cred_enc_part krb5_cred_enc_part

-
-
-

Members¶

-
-
-krb5_magic krb5_cred_enc_part.magic¶
-
- -
-
-krb5_int32 krb5_cred_enc_part.nonce¶
-

Nonce (optional)

-
- -
-
-krb5_timestamp krb5_cred_enc_part.timestamp¶
-

Generation time, seconds portion.

-
- -
-
-krb5_int32 krb5_cred_enc_part.usec¶
-

Generation time, microseconds portion.

-
- -
-
-krb5_address *krb5_cred_enc_part.s_address¶
-

Sender address (optional)

-
- -
-
-krb5_address *krb5_cred_enc_part.r_address¶
-

Recipient address (optional)

-
- -
-
-krb5_cred_info **krb5_cred_enc_part.ticket_info¶
-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred_info.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred_info.html deleted file mode 100644 index a97bbe15..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cred_info.html +++ /dev/null @@ -1,197 +0,0 @@ - - - - - - - - - krb5_cred_info — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_cred_info¶

-
-
-type krb5_cred_info¶
-
- -

Credentials information inserted into EncKrbCredPart .

-
-

Declaration¶

-

typedef struct _krb5_cred_info krb5_cred_info

-
-
-

Members¶

-
-
-krb5_magic krb5_cred_info.magic¶
-
- -
-
-krb5_keyblock *krb5_cred_info.session¶
-

Session key used to encrypt ticket.

-
- -
-
-krb5_principal krb5_cred_info.client¶
-

Client principal and realm.

-
- -
-
-krb5_principal krb5_cred_info.server¶
-

Server principal and realm.

-
- -
-
-krb5_flags krb5_cred_info.flags¶
-

Ticket flags.

-
- -
-
-krb5_ticket_times krb5_cred_info.times¶
-

Auth, start, end, renew_till.

-
- -
-
-krb5_address **krb5_cred_info.caddrs¶
-

Array of pointers to addrs (optional)

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_creds.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_creds.html deleted file mode 100644 index fc4068e0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_creds.html +++ /dev/null @@ -1,221 +0,0 @@ - - - - - - - - - krb5_creds — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_creds¶

-
-
-type krb5_creds¶
-
- -

Credentials structure including ticket, session key, and lifetime info.

-
-

Declaration¶

-

typedef struct _krb5_creds krb5_creds

-
-
-

Members¶

-
-
-krb5_magic krb5_creds.magic¶
-
- -
-
-krb5_principal krb5_creds.client¶
-

client’s principal identifier

-
- -
-
-krb5_principal krb5_creds.server¶
-

server’s principal identifier

-
- -
-
-krb5_keyblock krb5_creds.keyblock¶
-

session encryption key info

-
- -
-
-krb5_ticket_times krb5_creds.times¶
-

lifetime info

-
- -
-
-krb5_boolean krb5_creds.is_skey¶
-

true if ticket is encrypted in another ticket’s skey

-
- -
-
-krb5_flags krb5_creds.ticket_flags¶
-

flags in ticket

-
- -
-
-krb5_address **krb5_creds.addresses¶
-

addrs in ticket

-
- -
-
-krb5_data krb5_creds.ticket¶
-

ticket string itself

-
- -
-
-krb5_data krb5_creds.second_ticket¶
-

second ticket, if related to ticket (via DUPLICATE-SKEY or ENC-TKT-IN-SKEY)

-
- -
-
-krb5_authdata **krb5_creds.authdata¶
-

authorization data

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_crypto_iov.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_crypto_iov.html deleted file mode 100644 index 49488104..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_crypto_iov.html +++ /dev/null @@ -1,168 +0,0 @@ - - - - - - - - - krb5_crypto_iov — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_crypto_iov¶

-
-
-type krb5_crypto_iov¶
-
- -

Structure to describe a region of text to be encrypted or decrypted.

-

The flags member describes the type of the iov. The data member points to the memory that will be manipulated. All iov APIs take a pointer to the first element of an array of krb5_crypto_iov’s along with the size of that array. Buffer contents are manipulated in-place; data is overwritten. Callers must allocate the right number of krb5_crypto_iov structures before calling into an iov API.

-
-

Declaration¶

-

typedef struct _krb5_crypto_iov krb5_crypto_iov

-
-
-

Members¶

-
-
-krb5_cryptotype krb5_crypto_iov.flags¶
-

iov type (see KRB5_CRYPTO_TYPE macros)

-
- -
-
-krb5_data krb5_crypto_iov.data¶
-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cryptotype.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cryptotype.html deleted file mode 100644 index f985b312..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_cryptotype.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_cryptotype — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_data.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_data.html deleted file mode 100644 index d1502f2c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_data.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_deltat.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_deltat.html deleted file mode 100644 index 29f739e6..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_deltat.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_deltat — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_data.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_data.html deleted file mode 100644 index 94dd49d4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_data.html +++ /dev/null @@ -1,175 +0,0 @@ - - - - - - - - - krb5_enc_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_kdc_rep_part.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_kdc_rep_part.html deleted file mode 100644 index 22f821c5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_kdc_rep_part.html +++ /dev/null @@ -1,222 +0,0 @@ - - - - - - - - - krb5_enc_kdc_rep_part — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_enc_kdc_rep_part¶

-
-
-type krb5_enc_kdc_rep_part¶
-
- -

C representation of EncKDCRepPart protocol message.

-

This is the cleartext message that is encrypted and inserted in KDC-REP .

-
-

Declaration¶

-

typedef struct _krb5_enc_kdc_rep_part krb5_enc_kdc_rep_part

-
-
-

Members¶

-
-
-krb5_magic krb5_enc_kdc_rep_part.magic¶
-
- -
-
-krb5_msgtype krb5_enc_kdc_rep_part.msg_type¶
-

krb5 message type

-
- -
-
-krb5_keyblock *krb5_enc_kdc_rep_part.session¶
-

Session key.

-
- -
-
-krb5_last_req_entry **krb5_enc_kdc_rep_part.last_req¶
-

Array of pointers to entries.

-
- -
-
-krb5_int32 krb5_enc_kdc_rep_part.nonce¶
-

Nonce from request.

-
- -
-
-krb5_timestamp krb5_enc_kdc_rep_part.key_exp¶
-

Expiration date.

-
- -
-
-krb5_flags krb5_enc_kdc_rep_part.flags¶
-

Ticket flags.

-
- -
-
-krb5_ticket_times krb5_enc_kdc_rep_part.times¶
-

Lifetime info.

-
- -
-
-krb5_principal krb5_enc_kdc_rep_part.server¶
-

Server’s principal identifier.

-
- -
-
-krb5_address **krb5_enc_kdc_rep_part.caddrs¶
-

Array of ptrs to addrs, optional.

-
- -
-
-krb5_pa_data **krb5_enc_kdc_rep_part.enc_padata¶
-

Encrypted preauthentication data.

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_tkt_part.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_tkt_part.html deleted file mode 100644 index 407dbe92..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enc_tkt_part.html +++ /dev/null @@ -1,203 +0,0 @@ - - - - - - - - - krb5_enc_tkt_part — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_enc_tkt_part¶

-
-
-type krb5_enc_tkt_part¶
-
- -

Encrypted part of ticket.

-
-

Declaration¶

-

typedef struct _krb5_enc_tkt_part krb5_enc_tkt_part

-
-
-

Members¶

-
-
-krb5_magic krb5_enc_tkt_part.magic¶
-
- -
-
-krb5_flags krb5_enc_tkt_part.flags¶
-

flags

-
- -
-
-krb5_keyblock *krb5_enc_tkt_part.session¶
-

session key: includes enctype

-
- -
-
-krb5_principal krb5_enc_tkt_part.client¶
-

client name/realm

-
- -
-
-krb5_transited krb5_enc_tkt_part.transited¶
-

list of transited realms

-
- -
-
-krb5_ticket_times krb5_enc_tkt_part.times¶
-

auth, start, end, renew_till

-
- -
-
-krb5_address **krb5_enc_tkt_part.caddrs¶
-

array of ptrs to addresses

-
- -
-
-krb5_authdata **krb5_enc_tkt_part.authorization_data¶
-

auth data

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_encrypt_block.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_encrypt_block.html deleted file mode 100644 index 3e0ce11b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_encrypt_block.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_encrypt_block — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enctype.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enctype.html deleted file mode 100644 index 918ec935..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_enctype.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_enctype — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_error.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_error.html deleted file mode 100644 index 5210c84c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_error.html +++ /dev/null @@ -1,215 +0,0 @@ - - - - - - - - - krb5_error — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_error¶

-
-
-type krb5_error¶
-
- -

Error message structure.

-
-

Declaration¶

-

typedef struct _krb5_error krb5_error

-
-
-

Members¶

-
-
-krb5_magic krb5_error.magic¶
-
- -
-
-krb5_timestamp krb5_error.ctime¶
-

Client sec portion; optional.

-
- -
-
-krb5_int32 krb5_error.cusec¶
-

Client usec portion; optional.

-
- -
-
-krb5_int32 krb5_error.susec¶
-

Server usec portion.

-
- -
-
-krb5_timestamp krb5_error.stime¶
-

Server sec portion.

-
- -
-
-krb5_ui_4 krb5_error.error¶
-

Error code (protocol error #’s)

-
- -
-
-krb5_principal krb5_error.client¶
-

Client principal and realm.

-
- -
-
-krb5_principal krb5_error.server¶
-

Server principal and realm.

-
- -
-
-krb5_data krb5_error.text¶
-

Descriptive text.

-
- -
-
-krb5_data krb5_error.e_data¶
-

Additional error-describing data.

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_error_code.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_error_code.html deleted file mode 100644 index e4208b21..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_error_code.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_error_code — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_error_code¶

-
-
-type krb5_error_code¶
-
- -

Used to convey an operation status.

-

The value 0 indicates success; any other values are com_err codes. Use krb5_get_error_message() to obtain a string describing the error.

-
-

Declaration¶

-

typedef krb5_int32 krb5_error_code

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_expire_callback_func.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_expire_callback_func.html deleted file mode 100644 index b0c5bd00..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_expire_callback_func.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_expire_callback_func — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_expire_callback_func¶

-
-
-type krb5_expire_callback_func¶
-
- -
-

Declaration¶

-

typedef void( * krb5_expire_callback_func) (krb5_context context, void *data, krb5_timestamp password_expiration, krb5_timestamp account_expiration, krb5_boolean is_last_req)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_flags.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_flags.html deleted file mode 100644 index 866bac03..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_flags.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_flags — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_get_init_creds_opt.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_get_init_creds_opt.html deleted file mode 100644 index d1fc0b89..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_get_init_creds_opt.html +++ /dev/null @@ -1,211 +0,0 @@ - - - - - - - - - krb5_get_init_creds_opt — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_get_init_creds_opt¶

-
-
-type krb5_get_init_creds_opt¶
-
- -

Store options for _krb5_get_init_creds .

-
-

Declaration¶

-

typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt

-
-
-

Members¶

-
-
-krb5_flags krb5_get_init_creds_opt.flags¶
-
- -
-
-krb5_deltat krb5_get_init_creds_opt.tkt_life¶
-
- -
-
-krb5_deltat krb5_get_init_creds_opt.renew_life¶
-
- -
-
-int krb5_get_init_creds_opt.forwardable¶
-
- -
-
-int krb5_get_init_creds_opt.proxiable¶
-
- -
-
-krb5_enctype *krb5_get_init_creds_opt.etype_list¶
-
- -
-
-int krb5_get_init_creds_opt.etype_list_length¶
-
- -
-
-krb5_address **krb5_get_init_creds_opt.address_list¶
-
- -
-
-krb5_preauthtype *krb5_get_init_creds_opt.preauth_list¶
-
- -
-
-int krb5_get_init_creds_opt.preauth_list_length¶
-
- -
-
-krb5_data *krb5_get_init_creds_opt.salt¶
-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_gic_opt_pa_data.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_gic_opt_pa_data.html deleted file mode 100644 index af32551e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_gic_opt_pa_data.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_gic_opt_pa_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_init_creds_context.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_init_creds_context.html deleted file mode 100644 index 19258a09..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_init_creds_context.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_init_creds_context — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_int16.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_int16.html deleted file mode 100644 index 8a1f56d5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_int16.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_int16 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_int32.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_int32.html deleted file mode 100644 index 04bf44ce..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_int32.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_int32 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kdc_rep.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kdc_rep.html deleted file mode 100644 index 4b8d42a3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kdc_rep.html +++ /dev/null @@ -1,197 +0,0 @@ - - - - - - - - - krb5_kdc_rep — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kdc_rep¶

-
-
-type krb5_kdc_rep¶
-
- -

Representation of the KDC-REP protocol message.

-
-

Declaration¶

-

typedef struct _krb5_kdc_rep krb5_kdc_rep

-
-
-

Members¶

-
-
-krb5_magic krb5_kdc_rep.magic¶
-
- -
-
-krb5_msgtype krb5_kdc_rep.msg_type¶
-

KRB5_AS_REP or KRB5_KDC_REP.

-
- -
-
-krb5_pa_data **krb5_kdc_rep.padata¶
-

Preauthentication data from KDC.

-
- -
-
-krb5_principal krb5_kdc_rep.client¶
-

Client principal and realm.

-
- -
-
-krb5_ticket *krb5_kdc_rep.ticket¶
-

Ticket.

-
- -
-
-krb5_enc_data krb5_kdc_rep.enc_part¶
-

Encrypted part of reply.

-
- -
-
-krb5_enc_kdc_rep_part *krb5_kdc_rep.enc_part2¶
-

Unencrypted version, if available.

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kdc_req.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kdc_req.html deleted file mode 100644 index 9c66ff83..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kdc_req.html +++ /dev/null @@ -1,251 +0,0 @@ - - - - - - - - - krb5_kdc_req — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_kdc_req¶

-
-
-type krb5_kdc_req¶
-
- -

C representation of KDC-REQ protocol message, including KDC-REQ-BODY.

-
-

Declaration¶

-

typedef struct _krb5_kdc_req krb5_kdc_req

-
-
-

Members¶

-
-
-krb5_magic krb5_kdc_req.magic¶
-
- -
-
-krb5_msgtype krb5_kdc_req.msg_type¶
-

KRB5_AS_REQ or KRB5_TGS_REQ.

-
- -
-
-krb5_pa_data **krb5_kdc_req.padata¶
-

Preauthentication data.

-
- -
-
-krb5_flags krb5_kdc_req.kdc_options¶
-

Requested options.

-
- -
-
-krb5_principal krb5_kdc_req.client¶
-

Client principal and realm.

-
- -
-
-krb5_principal krb5_kdc_req.server¶
-

Server principal and realm.

-
- -
-
-krb5_timestamp krb5_kdc_req.from¶
-

Requested start time.

-
- -
-
-krb5_timestamp krb5_kdc_req.till¶
-

Requested end time.

-
- -
-
-krb5_timestamp krb5_kdc_req.rtime¶
-

Requested renewable end time.

-
- -
-
-krb5_int32 krb5_kdc_req.nonce¶
-

Nonce to match request and response.

-
- -
-
-int krb5_kdc_req.nktypes¶
-

Number of enctypes.

-
- -
-
-krb5_enctype *krb5_kdc_req.ktype¶
-

Requested enctypes.

-
- -
-
-krb5_address **krb5_kdc_req.addresses¶
-

Requested addresses (optional)

-
- -
-
-krb5_enc_data krb5_kdc_req.authorization_data¶
-

Encrypted authz data (optional)

-
- -
-
-krb5_authdata **krb5_kdc_req.unenc_authdata¶
-

Unencrypted authz data.

-
- -
-
-krb5_ticket **krb5_kdc_req.second_ticket¶
-

Second ticket array (optional)

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_key.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_key.html deleted file mode 100644 index 00522596..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_key.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_key — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_key¶

-
-
-type krb5_key¶
-
- -

Opaque identifier for a key.

-

Use with the krb5_k APIs for better performance for repeated operations with the same key and usage. Key identifiers must not be used simultaneously within multiple threads, as they may contain mutable internal state and are not mutex-protected.

-
-

Declaration¶

-

typedef struct krb5_key_st* krb5_key

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keyblock.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keyblock.html deleted file mode 100644 index 794bc5c3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keyblock.html +++ /dev/null @@ -1,176 +0,0 @@ - - - - - - - - - krb5_keyblock — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keytab.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keytab.html deleted file mode 100644 index 7c677bde..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keytab.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_keytab — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keytab_entry.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keytab_entry.html deleted file mode 100644 index dfe62e01..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keytab_entry.html +++ /dev/null @@ -1,185 +0,0 @@ - - - - - - - - - krb5_keytab_entry — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_keytab_entry¶

-
-
-type krb5_keytab_entry¶
-
- -

A key table entry.

-
-

Declaration¶

-

typedef struct krb5_keytab_entry_st krb5_keytab_entry

-
-
-

Members¶

-
-
-krb5_magic krb5_keytab_entry.magic¶
-
- -
-
-krb5_principal krb5_keytab_entry.principal¶
-

Principal of this key.

-
- -
-
-krb5_timestamp krb5_keytab_entry.timestamp¶
-

Time entry written to keytable.

-
- -
-
-krb5_kvno krb5_keytab_entry.vno¶
-

Key version number.

-
- -
-
-krb5_keyblock krb5_keytab_entry.key¶
-

The secret key.

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keyusage.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keyusage.html deleted file mode 100644 index e67cdeaf..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_keyusage.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_keyusage — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kt_cursor.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kt_cursor.html deleted file mode 100644 index e104a8ff..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kt_cursor.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_kt_cursor — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kvno.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kvno.html deleted file mode 100644 index 6fbdbbba..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_kvno.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_kvno — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_last_req_entry.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_last_req_entry.html deleted file mode 100644 index d3d35412..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_last_req_entry.html +++ /dev/null @@ -1,173 +0,0 @@ - - - - - - - - - krb5_last_req_entry — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_magic.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_magic.html deleted file mode 100644 index 67dc66b8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_magic.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_magic — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_mk_req_checksum_func.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_mk_req_checksum_func.html deleted file mode 100644 index 89a5e6d3..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_mk_req_checksum_func.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_mk_req_checksum_func — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_mk_req_checksum_func¶

-
-
-type krb5_mk_req_checksum_func¶
-
- -

Type of function used as a callback to generate checksum data for mk_req.

-
-

Declaration¶

-

typedef krb5_error_code( * krb5_mk_req_checksum_func) (krb5_context, krb5_auth_context, void *, krb5_data **)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_msgtype.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_msgtype.html deleted file mode 100644 index 1e9a840e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_msgtype.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_msgtype — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_octet.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_octet.html deleted file mode 100644 index 295e7db1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_octet.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_octet — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_data.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_data.html deleted file mode 100644 index a79a22a5..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_data.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - - krb5_pa_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_pac_req.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_pac_req.html deleted file mode 100644 index c527b344..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_pac_req.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - krb5_pa_pac_req — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_server_referral_data.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_server_referral_data.html deleted file mode 100644 index aa7f2d81..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_server_referral_data.html +++ /dev/null @@ -1,180 +0,0 @@ - - - - - - - - - krb5_pa_server_referral_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_svr_referral_data.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_svr_referral_data.html deleted file mode 100644 index 37e22bdc..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pa_svr_referral_data.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - krb5_pa_svr_referral_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pac.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pac.html deleted file mode 100644 index a17a0861..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pac.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_pac — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pointer.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pointer.html deleted file mode 100644 index 5e0f69af..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pointer.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_pointer — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_post_recv_fn.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_post_recv_fn.html deleted file mode 100644 index 6d869a24..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_post_recv_fn.html +++ /dev/null @@ -1,154 +0,0 @@ - - - - - - - - - krb5_post_recv_fn — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_post_recv_fn¶

-
-
-type krb5_post_recv_fn¶
-
- -

Hook function for inspecting or overriding KDC replies.

-

If code is non-zero, KDC communication failed and reply should be ignored. The hook function may return code or a different error code, or may synthesize a reply by setting new_reply_out and return successfully. -The hook function should use krb5_copy_data() to construct the value for new_reply_out , to ensure that it can be freed correctly by the library.

-
-

Declaration¶

-

typedef krb5_error_code( * krb5_post_recv_fn) (krb5_context context, void *data, krb5_error_code code, const krb5_data *realm, const krb5_data *message, const krb5_data *reply, krb5_data **new_reply_out)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pre_send_fn.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pre_send_fn.html deleted file mode 100644 index b1169b03..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pre_send_fn.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - krb5_pre_send_fn — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_pre_send_fn¶

-
-
-type krb5_pre_send_fn¶
-
- -

Hook function for inspecting or modifying messages sent to KDCs.

-

If the hook function sets new_reply_out , message will not be sent to the KDC, and the given reply will used instead. -If the hook function sets new_message_out , the given message will be sent to the KDC in place of message . -If the hook function returns successfully without setting either output, message will be sent to the KDC normally. -The hook function should use krb5_copy_data() to construct the value for new_message_out or reply_out , to ensure that it can be freed correctly by the library.

-
-

Declaration¶

-

typedef krb5_error_code( * krb5_pre_send_fn) (krb5_context context, void *data, const krb5_data *realm, const krb5_data *message, krb5_data **new_message_out, krb5_data **new_reply_out)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_preauthtype.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_preauthtype.html deleted file mode 100644 index 2f60eae8..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_preauthtype.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_preauthtype — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_principal.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_principal.html deleted file mode 100644 index 686e1594..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_principal.html +++ /dev/null @@ -1,181 +0,0 @@ - - - - - - - - - krb5_principal — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_principal_data.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_principal_data.html deleted file mode 100644 index 26bf9e45..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_principal_data.html +++ /dev/null @@ -1,181 +0,0 @@ - - - - - - - - - krb5_principal_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompt.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompt.html deleted file mode 100644 index 0161b756..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompt.html +++ /dev/null @@ -1,175 +0,0 @@ - - - - - - - - - krb5_prompt — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_prompt¶

-
-
-type krb5_prompt¶
-
- -

Text for prompt used in prompter callback function.

-
-

Declaration¶

-

typedef struct _krb5_prompt krb5_prompt

-
-
-

Members¶

-
-
-char *krb5_prompt.prompt¶
-

The prompt to show to the user.

-
- -
-
-int krb5_prompt.hidden¶
-

Boolean; informative prompt or hidden (e.g. -PIN)

-
- -
-
-krb5_data *krb5_prompt.reply¶
-

Must be allocated before call to prompt routine.

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompt_type.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompt_type.html deleted file mode 100644 index 959791e4..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompt_type.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_prompt_type — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompter_fct.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompter_fct.html deleted file mode 100644 index 2b37cc81..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_prompter_fct.html +++ /dev/null @@ -1,152 +0,0 @@ - - - - - - - - - krb5_prompter_fct — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_prompter_fct¶

-
-
-type krb5_prompter_fct¶
-
- -

Pointer to a prompter callback function.

-
-

Declaration¶

-

typedef krb5_error_code( * krb5_prompter_fct) (krb5_context context, void *data, const char *name, const char *banner, int num_prompts, krb5_prompt prompts[])

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pwd_data.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pwd_data.html deleted file mode 100644 index ac55ef76..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_pwd_data.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - krb5_pwd_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_rcache.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_rcache.html deleted file mode 100644 index 46104344..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_rcache.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_rcache — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_replay_data.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_replay_data.html deleted file mode 100644 index 05316c4a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_replay_data.html +++ /dev/null @@ -1,175 +0,0 @@ - - - - - - - - - krb5_replay_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_replay_data¶

-
-
-type krb5_replay_data¶
-
- -

Replay data.

-

Sequence number and timestamp information output by krb5_rd_priv() and krb5_rd_safe().

-
-

Declaration¶

-

typedef struct krb5_replay_data krb5_replay_data

-
-
-

Members¶

-
-
-krb5_timestamp krb5_replay_data.timestamp¶
-

Timestamp, seconds portion.

-
- -
-
-krb5_int32 krb5_replay_data.usec¶
-

Timestamp, microseconds portion.

-
- -
-
-krb5_ui_4 krb5_replay_data.seq¶
-

Sequence number.

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_context.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_context.html deleted file mode 100644 index 3c33214d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_context.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_responder_context — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_responder_context¶

-
-
-type krb5_responder_context¶
-
- -

A container for a set of preauthentication questions and answers.

-

A responder context is supplied by the krb5 authentication system to a krb5_responder_fn callback. It contains a list of questions and can receive answers. Questions contained in a responder context can be listed using krb5_responder_list_questions(), retrieved using krb5_responder_get_challenge(), or answered using krb5_responder_set_answer(). The form of a question’s challenge and answer depend on the question name.

-
-

Declaration¶

-

typedef struct krb5_responder_context_st* krb5_responder_context

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_fn.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_fn.html deleted file mode 100644 index e285563b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_fn.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_responder_fn — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_responder_fn¶

-
-
-type krb5_responder_fn¶
-
- -

Responder function for an initial credential exchange.

-

If a required question is unanswered, the prompter may be called.

-
-

Declaration¶

-

typedef krb5_error_code( * krb5_responder_fn) (krb5_context ctx, void *data, krb5_responder_context rctx)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_otp_challenge.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_otp_challenge.html deleted file mode 100644 index df3f3346..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_otp_challenge.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_responder_otp_challenge — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_otp_tokeninfo.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_otp_tokeninfo.html deleted file mode 100644 index 6d4517de..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_otp_tokeninfo.html +++ /dev/null @@ -1,190 +0,0 @@ - - - - - - - - - krb5_responder_otp_tokeninfo — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_pkinit_challenge.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_pkinit_challenge.html deleted file mode 100644 index 9dba192a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_pkinit_challenge.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - krb5_responder_pkinit_challenge — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_pkinit_identity.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_pkinit_identity.html deleted file mode 100644 index 2124232f..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_responder_pkinit_identity.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - krb5_responder_pkinit_identity — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_response.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_response.html deleted file mode 100644 index a1b4a297..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_response.html +++ /dev/null @@ -1,180 +0,0 @@ - - - - - - - - - krb5_response — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ticket.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ticket.html deleted file mode 100644 index f0e8c51d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ticket.html +++ /dev/null @@ -1,180 +0,0 @@ - - - - - - - - - krb5_ticket — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_ticket¶

-
-
-type krb5_ticket¶
-
- -

Ticket structure.

-

The C representation of the ticket message, with a pointer to the C representation of the encrypted part.

-
-

Declaration¶

-

typedef struct _krb5_ticket krb5_ticket

-
-
-

Members¶

-
-
-krb5_magic krb5_ticket.magic¶
-
- -
-
-krb5_principal krb5_ticket.server¶
-

server name/realm

-
- -
-
-krb5_enc_data krb5_ticket.enc_part¶
-

encryption type, kvno, encrypted encoding

-
- -
-
-krb5_enc_tkt_part *krb5_ticket.enc_part2¶
-

ptr to decrypted version, if available

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ticket_times.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ticket_times.html deleted file mode 100644 index 47f1592b..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ticket_times.html +++ /dev/null @@ -1,180 +0,0 @@ - - - - - - - - - krb5_ticket_times — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_ticket_times¶

-
-
-type krb5_ticket_times¶
-
- -

Ticket start time, end time, and renewal duration.

-
-

Declaration¶

-

typedef struct _krb5_ticket_times krb5_ticket_times

-
-
-

Members¶

-
-
-krb5_timestamp krb5_ticket_times.authtime¶
-

Time at which KDC issued the initial ticket that corresponds to this ticket.

-
- -
-
-krb5_timestamp krb5_ticket_times.starttime¶
-

optional in ticket, if not present, use authtime

-
- -
-
-krb5_timestamp krb5_ticket_times.endtime¶
-

Ticket expiration time.

-
- -
-
-krb5_timestamp krb5_ticket_times.renew_till¶
-

Latest time at which renewal of ticket can be valid.

-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_timestamp.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_timestamp.html deleted file mode 100644 index c685c841..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_timestamp.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - krb5_timestamp — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_timestamp¶

-
-
-type krb5_timestamp¶
-
- -

Represents a timestamp in seconds since the POSIX epoch.

-

This legacy type is used frequently in the ABI, but cannot represent timestamps after 2038 as a positive number. Code which uses this type should cast values of it to uint32_t so that negative values are treated as timestamps between 2038 and 2106 on platforms with 64-bit time_t.

-
-

Declaration¶

-

typedef krb5_int32 krb5_timestamp

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_tkt_authent.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_tkt_authent.html deleted file mode 100644 index 0994a78d..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_tkt_authent.html +++ /dev/null @@ -1,176 +0,0 @@ - - - - - - - - - krb5_tkt_authent — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_tkt_creds_context.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_tkt_creds_context.html deleted file mode 100644 index d2a79447..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_tkt_creds_context.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_tkt_creds_context — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_trace_callback.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_trace_callback.html deleted file mode 100644 index 6c2bb4e7..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_trace_callback.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_trace_callback — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_trace_info.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_trace_info.html deleted file mode 100644 index 94b0e15e..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_trace_info.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - krb5_trace_info — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5_trace_info¶

-
-
-type krb5_trace_info¶
-
- -

A wrapper for passing information to a krb5_trace_callback .

-

Currently, it only contains the formatted message as determined the the format string and arguments of the tracing macro, but it may be extended to contain more fields in the future.

-
-

Declaration¶

-

typedef struct _krb5_trace_info krb5_trace_info

-
-
-

Members¶

-
-
-const char *krb5_trace_info.message¶
-
- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_transited.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_transited.html deleted file mode 100644 index 0fadf97a..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_transited.html +++ /dev/null @@ -1,173 +0,0 @@ - - - - - - - - - krb5_transited — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_typed_data.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_typed_data.html deleted file mode 100644 index 17519a0c..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_typed_data.html +++ /dev/null @@ -1,175 +0,0 @@ - - - - - - - - - krb5_typed_data — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ui_2.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ui_2.html deleted file mode 100644 index 9306af05..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ui_2.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_ui_2 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ui_4.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ui_4.html deleted file mode 100644 index f9086331..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_ui_4.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - krb5_ui_4 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_verify_init_creds_opt.html b/krb5-1.21.3/doc/html/appdev/refs/types/krb5_verify_init_creds_opt.html deleted file mode 100644 index 464cf4e0..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/krb5_verify_init_creds_opt.html +++ /dev/null @@ -1,166 +0,0 @@ - - - - - - - - - krb5_verify_init_creds_opt — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/refs/types/passwd_phrase_element.html b/krb5-1.21.3/doc/html/appdev/refs/types/passwd_phrase_element.html deleted file mode 100644 index 392020e1..00000000 --- a/krb5-1.21.3/doc/html/appdev/refs/types/passwd_phrase_element.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - passwd_phrase_element — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/appdev/y2038.html b/krb5-1.21.3/doc/html/appdev/y2038.html deleted file mode 100644 index f0be8657..00000000 --- a/krb5-1.21.3/doc/html/appdev/y2038.html +++ /dev/null @@ -1,157 +0,0 @@ - - - - - - - - - Year 2038 considerations for uses of krb5_timestamp — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Year 2038 considerations for uses of krb5_timestamp¶

-

POSIX time values, which measure the number of seconds since January 1 -1970, will exceed the maximum value representable in a signed 32-bit -integer in January 2038. This documentation describes considerations -for consumers of the MIT krb5 libraries.

-

Applications or libraries which use libkrb5 and consume the timestamps -included in credentials or other structures make use of the -krb5_timestamp type. For historical reasons, krb5_timestamp -is a signed 32-bit integer, even on platforms where a larger type is -natively used to represent time values. To behave properly for time -values after January 2038, calling code should cast krb5_timestamp -values to uint32_t, and then to time_t:

-
(time_t)(uint32_t)timestamp
-
-
-

Used in this way, krb5_timestamp values can represent time values up -until February 2106, provided that the platform uses a 64-bit or -larger time_t type. This usage will also remain safe if a later -version of MIT krb5 changes krb5_timestamp to an unsigned 32-bit -integer.

-

The GSSAPI only uses representations of time intervals, not absolute -times. Callers of the GSSAPI should require no changes to behave -correctly after January 2038, provided that they use MIT krb5 release -1.16 or later.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/basic/ccache_def.html b/krb5-1.21.3/doc/html/basic/ccache_def.html deleted file mode 100644 index 9728a8b5..00000000 --- a/krb5-1.21.3/doc/html/basic/ccache_def.html +++ /dev/null @@ -1,279 +0,0 @@ - - - - - - - - - Credential cache — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Credential cache¶

-

A credential cache (or “ccacheâ€) holds Kerberos credentials while they -remain valid and, generally, while the user’s session lasts, so that -authenticating to a service multiple times (e.g., connecting to a web -or mail server more than once) doesn’t require contacting the KDC -every time.

-

A credential cache usually contains one initial ticket which is -obtained using a password or another form of identity verification. -If this ticket is a ticket-granting ticket, it can be used to obtain -additional credentials without the password. Because the credential -cache does not store the password, less long-term damage can be done -to the user’s account if the machine is compromised.

-

A credentials cache stores a default client principal name, set when -the cache is created. This is the name shown at the top of the -klist -A output.

-

Each normal cache entry includes a service principal name, a client -principal name (which, in some ccache types, need not be the same as -the default), lifetime information, and flags, along with the -credential itself. There are also other entries, indicated by special -names, that store additional information.

-
-

ccache types¶

-

The credential cache interface, like the keytab and -replay cache interfaces, uses TYPE:value strings to -indicate the type of credential cache and any associated cache naming -data to use.

-

There are several kinds of credentials cache supported in the MIT -Kerberos library. Not all are supported on every platform. In most -cases, it should be correct to use the default type built into the -library.

-
    -
  1. API is only implemented on Windows. It communicates with a -server process that holds the credentials in memory for the user, -rather than writing them to disk.

  2. -
  3. DIR points to the storage location of the collection of the -credential caches in FILE: format. It is most useful when dealing -with multiple Kerberos realms and KDCs. For release 1.10 the -directory must already exist. In post-1.10 releases the -requirement is for parent directory to exist and the current -process must have permissions to create the directory if it does -not exist. See Collections of caches for details. New in release 1.10. -The following residual forms are supported:

    -
      -
    • DIR:dirname

    • -
    • DIR::dirpath/filename - a single cache within the directory

    • -
    -

    Switching to a ccache of the latter type causes it to become the -primary for the directory.

    -
  4. -
  5. FILE caches are the simplest and most portable. A simple flat -file format is used to store one credential after another. This is -the default ccache type if no type is specified in a ccache name.

  6. -
  7. KCM caches work by contacting a daemon process called kcm -to perform cache operations. If the cache name is just KCM:, -the default cache as determined by the KCM daemon will be used. -Newly created caches must generally be named KCM:uid:name, -where uid is the effective user ID of the running process.

    -

    KCM client support is new in release 1.13. A KCM daemon has not -yet been implemented in MIT krb5, but the client will interoperate -with the KCM daemon implemented by Heimdal. macOS 10.7 and higher -provides a KCM daemon as part of the operating system, and the -KCM cache type is used as the default cache on that platform in -a default build.

    -
  8. -
  9. KEYRING is Linux-specific, and uses the kernel keyring support -to store credential data in unswappable kernel memory where only -the current user should be able to access it. The following -residual forms are supported:

    -
      -
    • KEYRING:name

    • -
    • KEYRING:process:name - process keyring

    • -
    • KEYRING:thread:name - thread keyring

    • -
    -

    Starting with release 1.12 the KEYRING type supports collections. -The following new residual forms were added:

    -
      -
    • KEYRING:session:name - session keyring

    • -
    • KEYRING:user:name - user keyring

    • -
    • KEYRING:persistent:uidnumber - persistent per-UID collection. -Unlike the user keyring, this collection survives after the user -logs out, until the cache credentials expire. This type of -ccache requires support from the kernel; otherwise, it will fall -back to the user keyring.

    • -
    -

    See Collections of caches for details.

    -
  10. -
  11. MEMORY caches are for storage of credentials that don’t need to -be made available outside of the current process. For example, a -memory ccache is used by kadmin to store the -administrative ticket used to contact the admin server. Memory -ccaches are faster than file ccaches and are automatically -destroyed when the process exits.

  12. -
  13. MSLSA is a Windows-specific cache type that accesses the -Windows credential store.

  14. -
-
-
-

Collections of caches¶

-

Some credential cache types can support collections of multiple -caches. One of the caches in the collection is designated as the -primary and will be used when the collection is resolved as a cache. -When a collection-enabled cache type is the default cache for a -process, applications can search the specified collection for a -specific client principal, and GSSAPI applications will automatically -select between the caches in the collection based on criteria such as -the target service realm.

-

Credential cache collections are new in release 1.10, with support -from the DIR and API ccache types. Starting in release 1.12, -collections are also supported by the KEYRING ccache type. -Collections are supported by the KCM ccache type in release 1.13.

-
-

Tool alterations to use cache collection¶

-
    -
  • kdestroy -A will destroy all caches in the collection.

  • -
  • If the default cache type supports switching, kinit -princname will search the collection for a matching cache and -store credentials there, or will store credentials in a new unique -cache of the default type if no existing cache for the principal -exists. Either way, kinit will switch to the selected cache.

  • -
  • klist -l will list the caches in the collection.

  • -
  • klist -A will show the content of all caches in the -collection.

  • -
  • kswitch -p princname will search the collection for a -matching cache and switch to it.

  • -
  • kswitch -c cachename will switch to a specified cache.

  • -
-
-
-
-

Default ccache name¶

-

The default credential cache name is determined by the following, in -descending order of priority:

-
    -
  1. The KRB5CCNAME environment variable. For example, -KRB5CCNAME=DIR:/mydir/.

  2. -
  3. The default_ccache_name profile variable in [libdefaults].

  4. -
  5. The hardcoded default, DEFCCNAME.

  6. -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/basic/date_format.html b/krb5-1.21.3/doc/html/basic/date_format.html deleted file mode 100644 index a32cb472..00000000 --- a/krb5-1.21.3/doc/html/basic/date_format.html +++ /dev/null @@ -1,331 +0,0 @@ - - - - - - - - - Supported date and time formats — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Supported date and time formats¶

-
-

Time duration¶

-

This format is used to express a time duration in the Kerberos -configuration files and user commands. The allowed formats are:

-
-
----- - - - - - - - - - - - - - - - - - - -

Format

Example

Value

h:m[:s]

36:00

36 hours

NdNhNmNs

8h30s

8 hours 30 seconds

N (number of seconds)

3600

1 hour

-
-

Here N denotes a number, d - days, h - hours, m - minutes, -s - seconds.

-
-

Note

-

The time interval should not exceed 2147483647 seconds.

-
-

Examples:

-
Request a ticket valid for one hour, five hours, 30 minutes
-and 10 days respectively:
-
-  kinit -l 3600
-  kinit -l 5:00
-  kinit -l 30m
-  kinit -l "10d 0h 0m 0s"
-
-
-
-
-

getdate time¶

-

Some of the kadmin and kdb5_util commands take a date-time in a -human-readable format. Some of the acceptable date-time -strings are:

-
-
----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Format

Example

Date

mm/dd/yy

07/27/12

month dd, yyyy

Jul 27, 2012

yyyy-mm-dd

2012-07-27

Absolute -time

HH:mm[:ss]pp

08:30 PM

hh:mm[:ss]

20:30

Relative -time

N tt

30 sec

Time zone

Z

EST

z

-0400

-
-

(See Abbreviations used in this document.)

-

Examples:

-
Create a principal that expires on the date indicated:
-    addprinc test1 -expire "3/27/12 10:00:07 EST"
-    addprinc test2 -expire "January 23, 2015 10:05pm"
-    addprinc test3 -expire "22:00 GMT"
-Add a principal that will expire in 30 minutes:
-    addprinc test4 -expire "30 minutes"
-
-
-
-
-

Absolute time¶

-

This rarely used date-time format can be noted in one of the -following ways:

-
-
----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Format

Example

Value

yyyymmddhhmmss

20141231235900

One minute -before 2015

yyyy.mm.dd.hh.mm.ss

2014.12.31.23.59.00

yymmddhhmmss

141231235900

yy.mm.dd.hh.mm.ss

14.12.31.23.59.00

dd-month-yyyy:hh:mm:ss

31-Dec-2014:23:59:00

hh:mm:ss

20:00:00

8 o’clock in -the evening

hhmmss

200000

-
-

(See Abbreviations used in this document.)

-

Example:

-
Set the default expiration date to July 27, 2012 at 20:30
-default_principal_expiration = 20120727203000
-
-
-
-

Abbreviations used in this document¶

-
-
month : locale’s month name or its abbreviation;
-
dd : day of month (01-31);
-
HH : hours (00-12);
-
hh : hours (00-23);
-
mm : in time - minutes (00-59); in date - month (01-12);
-
N : number;
-
pp : AM or PM;
-
ss : seconds (00-60);
-
tt : time units (hours, minutes, min, seconds, sec);
-
yyyy : year;
-
yy : last two digits of the year;
-
Z : alphabetic time zone abbreviation;
-
z : numeric time zone;
-
-
-

Note

-
    -
  • If the date specification contains spaces, you may need to -enclose it in double quotes;

  • -
  • All keywords are case-insensitive.

  • -
-
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/basic/index.html b/krb5-1.21.3/doc/html/basic/index.html deleted file mode 100644 index 0a84a1d7..00000000 --- a/krb5-1.21.3/doc/html/basic/index.html +++ /dev/null @@ -1,142 +0,0 @@ - - - - - - - - - Kerberos V5 concepts — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/basic/keytab_def.html b/krb5-1.21.3/doc/html/basic/keytab_def.html deleted file mode 100644 index e92a57ff..00000000 --- a/krb5-1.21.3/doc/html/basic/keytab_def.html +++ /dev/null @@ -1,182 +0,0 @@ - - - - - - - - - keytab — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

keytab¶

-

A keytab (short for “key tableâ€) stores long-term keys for one or more -principals. Keytabs are normally represented by files in a standard -format, although in rare cases they can be represented in other ways. -Keytabs are used most often to allow server applications to accept -authentications from clients, but can also be used to obtain initial -credentials for client applications.

-

Keytabs are named using the format type:value. Usually -type is FILE and value is the absolute pathname of the file. -The other possible value for type is MEMORY, which indicates a -temporary keytab stored in the memory of the current process.

-

A keytab contains one or more entries, where each entry consists of a -timestamp (indicating when the entry was written to the keytab), a -principal name, a key version number, an encryption type, and the -encryption key itself.

-

A keytab can be displayed using the klist command with the --k option. Keytabs can be created or appended to by extracting -keys from the KDC database using the kadmin ktadd -command. Keytabs can be manipulated using the ktutil and -k5srvutil commands.

-
-

Default keytab¶

-

The default keytab is used by server applications if the application -does not request a specific keytab. The name of the default keytab is -determined by the following, in decreasing order of preference:

-
    -
  1. The KRB5_KTNAME environment variable.

  2. -
  3. The default_keytab_name profile variable in [libdefaults].

  4. -
  5. The hardcoded default, DEFKTNAME.

  6. -
-
-
-

Default client keytab¶

-

The default client keytab is used, if it is present and readable, to -automatically obtain initial credentials for GSSAPI client -applications. The principal name of the first entry in the client -keytab is used by default when obtaining initial credentials. The -name of the default client keytab is determined by the following, in -decreasing order of preference:

-
    -
  1. The KRB5_CLIENT_KTNAME environment variable.

  2. -
  3. The default_client_keytab_name profile variable in -[libdefaults].

  4. -
  5. The hardcoded default, DEFCKTNAME.

  6. -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/basic/rcache_def.html b/krb5-1.21.3/doc/html/basic/rcache_def.html deleted file mode 100644 index 3e8d53a4..00000000 --- a/krb5-1.21.3/doc/html/basic/rcache_def.html +++ /dev/null @@ -1,231 +0,0 @@ - - - - - - - - - replay cache — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

replay cache¶

-

A replay cache (or “rcacheâ€) keeps track of all authenticators -recently presented to a service. If a duplicate authentication -request is detected in the replay cache, an error message is sent to -the application program.

-

The replay cache interface, like the credential cache and -keytab interfaces, uses type:residual strings to -indicate the type of replay cache and any associated cache naming -data to use.

-
-

Background information¶

-

Some Kerberos or GSSAPI services use a simple authentication mechanism -where a message is sent containing an authenticator, which establishes -the encryption key that the client will use for talking to the -service. But nothing about that prevents an eavesdropper from -recording the messages sent by the client, establishing a new -connection, and re-sending or “replaying†the same messages; the -replayed authenticator will establish the same encryption key for the -new session, and the following messages will be decrypted and -processed. The attacker may not know what the messages say, and can’t -generate new messages under the same encryption key, but in some -instances it may be harmful to the user (or helpful to the attacker) -to cause the server to see the same messages again a second time. For -example, if the legitimate client sends “delete first message in -mailboxâ€, a replay from an attacker may delete another, different -“first†message. (Protocol design to guard against such problems has -been discussed in RFC 4120#section-10.)

-

Even if one protocol uses further protection to verify that the client -side of the connection actually knows the encryption keys (and thus is -presumably a legitimate user), if another service uses the same -service principal name, it may be possible to record an authenticator -used with the first protocol and “replay†it against the second.

-

The replay cache mitigates these attacks somewhat, by keeping track of -authenticators that have been seen until their five-minute window -expires. Different authenticators generated by multiple connections -from the same legitimate client will generally have different -timestamps, and thus will not be considered the same.

-

This mechanism isn’t perfect. If a message is sent to one application -server but a man-in-the-middle attacker can prevent it from actually -arriving at that server, the attacker could then use the authenticator -(once!) against a different service on the same host. This could be a -problem if the message from the client included something more than -authentication in the first message that could be useful to the -attacker (which is uncommon; in most protocols the server has to -indicate a successful authentication before the client sends -additional messages), or if the simple act of presenting the -authenticator triggers some interesting action in the service being -attacked.

-
-
-

Replay cache types¶

-

Unlike the credential cache and keytab interfaces, replay cache types -are in lowercase. The following types are defined:

-
    -
  1. none disables the replay cache. The residual value is ignored.

  2. -
  3. file2 (new in release 1.18) uses a hash-based format to store -replay records. The file may grow to accommodate hash collisions. -The residual value is the filename.

  4. -
  5. dfl is the default type if no environment variable or -configuration specifies a different type. It stores replay data in -a file2 replay cache with a filename based on the effective uid. -The residual value is ignored.

  6. -
-

For the dfl type, the location of the replay cache file is determined -as follows:

-
    -
  1. The directory is taken from the KRB5RCACHEDIR environment -variable, or the TMPDIR environment variable, or a temporary -directory determined at configuration time such as /var/tmp, in -descending order of preference.

  2. -
  3. The filename is krb5_EUID.rcache2 where EUID is the effective -uid of the process.

  4. -
  5. The file is opened without following symbolic links, and ownership -of the file is verified to match the effective uid.

  6. -
-

On Windows, the directory for the dfl type is the local appdata -directory, unless overridden by the KRB5RCACHEDIR environment -variable. The filename on Windows is krb5.rcache2, and the file -is opened normally.

-
-
-

Default replay cache name¶

-

The default replay cache name is determined by the following, in -descending order of priority:

-
    -
  1. The KRB5RCACHENAME environment variable (new in release 1.18).

  2. -
  3. The KRB5RCACHETYPE environment variable. If this variable is -set, the residual value is empty.

  4. -
  5. The default_rcache_name profile variable in [libdefaults] -(new in release 1.18).

  6. -
  7. If none of the above are set, the default replay cache name is -dfl:.

  8. -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/basic/stash_file_def.html b/krb5-1.21.3/doc/html/basic/stash_file_def.html deleted file mode 100644 index b993668f..00000000 --- a/krb5-1.21.3/doc/html/basic/stash_file_def.html +++ /dev/null @@ -1,150 +0,0 @@ - - - - - - - - - stash file — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

stash file¶

-

The stash file is a local copy of the master key that resides in -encrypted form on the KDC’s local disk. The stash file is used to -authenticate the KDC to itself automatically before starting the -kadmind and krb5kdc daemons (e.g., as part of the -machine’s boot sequence). The stash file, like the keytab file (see -The keytab file) is a potential point-of-entry for a break-in, and -if compromised, would allow unrestricted access to the Kerberos -database. If you choose to install a stash file, it should be -readable only by root, and should exist only on the KDC’s local disk. -The file should not be part of any backup of the machine, unless -access to the backup data is secured as tightly as access to the -master password itself.

-
-

Note

-

If you choose not to install a stash file, the KDC will prompt you for the master key each time it starts up. -This means that the KDC will not be able to start automatically, such as after a system reboot.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/build/directory_org.html b/krb5-1.21.3/doc/html/build/directory_org.html deleted file mode 100644 index 783269a3..00000000 --- a/krb5-1.21.3/doc/html/build/directory_org.html +++ /dev/null @@ -1,244 +0,0 @@ - - - - - - - - - Organization of the source directory — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Organization of the source directory¶

-

Below is a brief overview of the organization of the complete source -directory. More detailed descriptions follow.

- ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

appl

Kerberos application client and server programs

ccapi

Credential cache services

clients

Kerberos V5 user programs (See User commands)

config

Configure scripts

config-files

Sample Kerberos configuration files

include

include files needed to build the Kerberos system

kadmin

Administrative interface to the Kerberos database: kadmin, kdb5_util, ktutil.

kdc

Kerberos V5 Authentication Service and Key Distribution Center

lib

Libraries for use with/by Kerberos V5

plugins

Kerberos plugins directory

po

Localization infrastructure

prototype

Templates files containing the MIT copyright message and a placeholder for the title and description of the file.

kprop

Utilities for propagating the database to replica KDCs kprop and kpropd

tests

Test suite

util

Various utilities for building/configuring the code, sending bug reports, etc.

windows

Source code for building Kerberos V5 on Windows (see windows/README)

-
-

lib¶

-

The lib directory contain several subdirectories as well as some -definition and glue files.

-
-
    -
  • The apputils directory contains the code for the generic network -servicing.

  • -
  • The crypto subdirectory contains the Kerberos V5 encryption -library.

  • -
  • The gssapi library contains the Generic Security Services API, -which is a library of commands to be used in secure client-server -communication.

  • -
  • The kadm5 directory contains the libraries for the KADM5 -administration utilities.

  • -
  • The Kerberos 5 database libraries are contained in kdb.

  • -
  • The krb5 directory contains Kerberos 5 API.

  • -
  • The rpc directory contains the API for the Kerberos Remote -Procedure Call protocol.

  • -
-
-
-
-

util¶

-
-
The util directory contains several utility programs and libraries.
    -
  • the programs used to configure and build the code, such as -autoconf, lndir, kbuild, reconf, and makedepend, are in this -directory.

  • -
  • the profile directory contains most of the functions which parse -the Kerberos configuration files (krb5.conf and kdc.conf).

  • -
  • the Kerberos error table library and utilities (et);

  • -
  • the Sub-system library and utilities (ss);

  • -
  • database utilities (db2);

  • -
  • pseudo-terminal utilities (pty);

  • -
  • bug-reporting program send-pr;

  • -
  • a generic support library support used by several of our other -libraries;

  • -
  • the build infrastructure for building lightweight Kerberos client -(collected-client-lib)

  • -
  • the tool for validating Kerberos configuration files -(confvalidator);

  • -
  • the toolkit for kernel integrators for building krb5 code subsets -(gss-kernel-lib);

  • -
  • source code for building Kerberos V5 on MacOS (mac)

  • -
  • Windows getopt operations (windows)

  • -
-
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/build/doing_build.html b/krb5-1.21.3/doc/html/build/doing_build.html deleted file mode 100644 index 4b5b1b64..00000000 --- a/krb5-1.21.3/doc/html/build/doing_build.html +++ /dev/null @@ -1,270 +0,0 @@ - - - - - - - - - Doing the build — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Doing the build¶

-
-

Building within a single tree¶

-

If you only need to build Kerberos for one platform, using a single -directory tree which contains both the source files and the object -files is the simplest. However, if you need to maintain Kerberos for -a large number of platforms, you will probably want to use separate -build trees for each platform. We recommend that you look at OS -Incompatibilities, for notes that we have on particular operating -systems.

-

If you don’t want separate build trees for each architecture, then use -the following abbreviated procedure:

-
cd /u1/krb5-VERSION/src
-./configure
-make
-
-
-

That’s it!

-
-
-

Building with separate build directories¶

-

If you wish to keep separate build directories for each platform, you -can do so using the following procedure. (Note, this requires that -your make program support VPATH. GNU’s make will provide this -functionality, for example.) If your make program does not support -this, see the next section.

-

For example, if you wish to store the binaries in tmpbuild build -directory you might use the following procedure:

-
mkdir /u1/tmpbuild
-cd /u1/tmpbuild
-/u1/krb5-VERSION/src/configure
-make
-
-
-
-
-

Building using lndir¶

-

If you wish to keep separate build directories for each platform, and -you do not have access to a make program which supports VPATH, all is -not lost. You can use the lndir program to create symbolic link trees -in your build directory.

-

For example, if you wish to create a build directory for solaris -binaries you might use the following procedure:

-
mkdir /u1/krb5-VERSION/solaris
-cd /u1/krb5-VERSION/solaris
-/u1/krb5-VERSION/src/util/lndir `pwd`/../src
-./configure
-make
-
-
-

You must give an absolute pathname to lndir because it has a bug that -makes it fail for relative pathnames. Note that this version differs -from the latest version as distributed and installed by the -XConsortium with X11R6. Either version should be acceptable.

-
-
-

Installing the binaries¶

-

Once you have built Kerberos, you should install the binaries. You can -do this by running:

-
make install
-
-
-

If you want to install the binaries into a destination directory that -is not their final destination, which may be convenient if you want to -build a binary distribution to be deployed on multiple hosts, you may -use:

-
make install DESTDIR=/path/to/destdir
-
-
-

This will install the binaries under DESTDIR/PREFIX, e.g., the user -programs will install into DESTDIR/PREFIX/bin, the libraries into -DESTDIR/PREFIX/lib, etc. DESTDIR must be an absolute path.

-

Some implementations of make allow multiple commands to be run in -parallel, for faster builds. We test our Makefiles in parallel builds -with GNU make only; they may not be compatible with other parallel -build implementations.

-
-
-

Testing the build¶

-

The Kerberos V5 distribution comes with built-in regression tests. To -run them, simply type the following command while in the top-level -build directory (i.e., the directory where you sent typed make to -start building Kerberos; see Building within a single tree):

-
make check
-
-
-

On some operating systems, you have to run make install before -running make check, or the test suite will pick up installed -versions of Kerberos libraries rather than the newly built ones. You -can install into a prefix that isn’t in the system library search -path, though. Alternatively, you can configure with ---disable-rpath, which renders the build tree less suitable -for installation, but allows testing without interference from -previously installed libraries.

-

There are additional regression tests available, which are not run -by make check. These tests require manual setup and teardown of -support infrastructure which is not easily automated, or require -excessive resources for ordinary use. The procedure for running -the manual tests is documented at -https://k5wiki.kerberos.org/wiki/Manual_Testing.

-
-
-

Cleaning up the build¶

-
    -
  • Use make clean to remove all files generated by running make -command.

  • -
  • Use make distclean to remove all files generated by running -./configure script. After running make distclean your source -tree (ideally) should look like the raw (just un-tarred) source -tree.

  • -
-
-
-

Using autoconf¶

-

(If you are not a developer, you can ignore this section.)

-

In the Kerberos V5 source directory, there is a configure script which -automatically determines the compilation environment and creates the -proper Makefiles for a particular platform. This configure script is -generated using autoconf, which you should already have installed if -you will be making changes to src/configure.in.

-

Normal users will not need to worry about running autoconf; the -distribution comes with the configure script already prebuilt.

-

The autoconf package comes with a script called autoreconf that -will automatically run autoconf and autoheader as needed. You -should run autoreconf from the top source directory, e.g.:

-
cd /u1/krb5-VERSION/src
-autoreconf --verbose
-
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/build/index.html b/krb5-1.21.3/doc/html/build/index.html deleted file mode 100644 index afee334f..00000000 --- a/krb5-1.21.3/doc/html/build/index.html +++ /dev/null @@ -1,190 +0,0 @@ - - - - - - - - - Building Kerberos V5 — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Building Kerberos V5¶

-

This section details how to build and install MIT Kerberos software -from the source.

-
-

Prerequisites¶

-

In order to build Kerberos V5, you will need approximately 60-70 -megabytes of disk space. The exact amount will vary depending on the -platform and whether the distribution is compiled with debugging -symbol tables or not.

-

Your C compiler must conform to ANSI C (ISO/IEC 9899:1990, “c89â€). -Some operating systems do not have an ANSI C compiler, or their -default compiler requires extra command-line options to enable ANSI C -conformance.

-

If you wish to keep a separate build tree, which contains the compiled -*.o file and executables, separate from your source tree, you will -need a make program which supports VPATH, or you will need to use -a tool such as lndir to produce a symbolic link tree for your build -tree.

-
-
-

Obtaining the software¶

-

The source code can be obtained from MIT Kerberos Distribution page, -at https://kerberos.org/dist/index.html. -The MIT Kerberos distribution comes in an archive file, generally -named krb5-VERSION-signed.tar, where VERSION is a placeholder for -the major and minor versions of MIT Kerberos. (For example, MIT -Kerberos 1.9 has major version “1†and minor version “9â€.)

-

The krb5-VERSION-signed.tar contains a compressed tar file consisting -of the sources for all of Kerberos (generally named -krb5-VERSION.tar.gz) and a PGP signature file for this source tree -(generally named krb5-VERSION.tar.gz.asc). MIT highly recommends that -you verify the integrity of the source code using this signature, -e.g., by running:

-
tar xf krb5-VERSION-signed.tar
-gpg --verify krb5-VERSION.tar.gz.asc
-
-
-

Unpack krb5-VERSION.tar.gz in some directory. In this section we will assume -that you have chosen the top directory of the distribution the directory -/u1/krb5-VERSION.

-

Review the README file for the license, copyright and other sprecific to the -distribution information.

-
-
-

Contents¶

- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/build/options2configure.html b/krb5-1.21.3/doc/html/build/options2configure.html deleted file mode 100644 index 0acd915d..00000000 --- a/krb5-1.21.3/doc/html/build/options2configure.html +++ /dev/null @@ -1,465 +0,0 @@ - - - - - - - - - Options to configure — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Options to configure¶

-

There are a number of options to configure which you can use to -control how the Kerberos distribution is built.

-
-

Most commonly used options¶

-
-
--help

Provides help to configure. This will list the set of commonly -used options for building Kerberos.

-
-
--prefix=PREFIX

By default, Kerberos will install the package’s files rooted at -/usr/local. If you desire to place the binaries into the -directory PREFIX, use this option.

-
-
--exec-prefix=EXECPREFIX

This option allows one to separate the architecture independent -programs from the host-dependent files (configuration files, -manual pages). Use this option to install architecture-dependent -programs in EXECPREFIX. The default location is the value of -specified by --prefix option.

-
-
--localstatedir=LOCALSTATEDIR

This option sets the directory for locally modifiable -single-machine data. In Kerberos, this mostly is useful for -setting a location for the KDC data files, as they will be -installed in LOCALSTATEDIR/krb5kdc, which is by default -PREFIX/var/krb5kdc.

-
-
--with-netlib[=libs]

Allows for suppression of or replacement of network libraries. By -default, Kerberos V5 configuration will look for -lnsl and --lsocket. If your operating system has a broken resolver -library or fails to pass the tests in src/tests/resolv, you -will need to use this option.

-
-
--enable-dns-for-realm

Enable the use of DNS to look up a host’s Kerberos realm, -if the information is not provided in -krb5.conf. See Mapping hostnames onto Kerberos realms -for information about using DNS to determine the default realm. -DNS lookups for realm names are disabled by default.

-
-
--with-system-et

Use an installed version of the error-table (et) support software, -the compile_et program, the com_err.h header file and the com_err -library. If these are not in the default locations, you may wish -to specify CPPFLAGS=-I/some/dir and -LDFLAGS=-L/some/other/dir options at configuration time as -well.

-

If this option is not given, a version supplied with the Kerberos -sources will be built and installed along with the rest of the -Kerberos tree, for Kerberos applications to link against.

-
-
--with-system-ss

Use an installed version of the subsystem command-line interface -software, the mk_cmds program, the ss/ss.h header file and the -ss library. If these are not in the default locations, you may -wish to specify CPPFLAGS=-I/some/dir and -LDFLAGS=-L/some/other/dir options at configuration time as -well. See also the SS_LIB option.

-

If this option is not given, the ss library supplied with the -Kerberos sources will be compiled and linked into those programs -that need it; it will not be installed separately.

-
-
--with-system-db

Use an installed version of the Berkeley DB package, which must -provide an API compatible with version 1.85. This option is -unsupported and untested. In particular, we do not know if the -database-rename code used in the dumpfile load operation will -behave properly.

-

If this option is not given, a version supplied with the Kerberos -sources will be built and installed. (We are not updating this -version at this time because of licensing issues with newer -versions that we haven’t investigated sufficiently yet.)

-
-
-
-
-

Environment variables¶

-
-
CC=COMPILER

Use COMPILER as the C compiler.

-
-
CFLAGS=FLAGS

Use FLAGS as the default set of C compiler flags.

-
-
CPP=CPP

C preprocessor to use. (e.g., CPP='gcc -E')

-
-
CPPFLAGS=CPPOPTS

Use CPPOPTS as the default set of C preprocessor flags. The -most common use of this option is to select certain #define’s for -use with the operating system’s include files.

-
-
DB_HEADER=headername

If db.h is not the correct header file to include to compile -against the Berkeley DB 1.85 API, specify the correct header file -name with this option. For example, DB_HEADER=db3/db_185.h.

-
-
DB_LIB=libs…

If -ldb is not the correct library specification for the -Berkeley DB library version to be used, override it with this -option. For example, DB_LIB=-ldb-3.3.

-
-
DEFCCNAME=ccachename

Override the built-in default credential cache name. -For example, DEFCCNAME=DIR:/var/run/user/%{USERID}/ccache -See Parameter expansion for information about supported -parameter expansions.

-
-
DEFCKTNAME=keytabname

Override the built-in default client keytab name. -The format is the same as for DEFCCNAME.

-
-
DEFKTNAME=keytabname

Override the built-in default keytab name. -The format is the same as for DEFCCNAME.

-
-
LD=LINKER

Use LINKER as the default loader if it should be different from -C compiler as specified above.

-
-
LDFLAGS=LDOPTS

This option informs the linker where to get additional libraries -(e.g., -L<lib dir>).

-
-
LIBS=LDNAME

This option allows one to specify libraries to be passed to the -linker (e.g., -l<library>)

-
-
PKCS11_MODNAME=library

Override the built-in default PKCS11 library name.

-
-
SS_LIB=libs…

If -lss is not the correct way to link in your installed ss -library, for example if additional support libraries are needed, -specify the correct link options here. Some variants of this -library are around which allow for Emacs-like line editing, but -different versions require different support libraries to be -explicitly specified.

-

This option is ignored if --with-system-ss is not specified.

-
-
YACC

The ‘Yet Another C Compiler’ implementation to use. Defaults to -the first program found out of: ‘bison -y’, ‘byacc’, -‘yacc’.

-
-
YFLAGS

The list of arguments that will be passed by default to $YACC. -This script will default YFLAGS to the empty string to avoid a -default value of -d given by some make applications.

-
-
-
-
-

Fine tuning of the installation directories¶

-
-
--bindir=DIR

User executables. Defaults to EXECPREFIX/bin, where -EXECPREFIX is the path specified by --exec-prefix -configuration option.

-
-
--sbindir=DIR

System admin executables. Defaults to EXECPREFIX/sbin, where -EXECPREFIX is the path specified by --exec-prefix -configuration option.

-
-
--sysconfdir=DIR

Read-only single-machine data such as krb5.conf. -Defaults to PREFIX/etc, where -PREFIX is the path specified by --prefix configuration -option.

-
-
--libdir=DIR

Object code libraries. Defaults to EXECPREFIX/lib, where -EXECPREFIX is the path specified by --exec-prefix -configuration option.

-
-
--includedir=DIR

C header files. Defaults to PREFIX/include, where PREFIX is -the path specified by --prefix configuration option.

-
-
--datarootdir=DATAROOTDIR

Read-only architecture-independent data root. Defaults to -PREFIX/share, where PREFIX is the path specified by ---prefix configuration option.

-
-
--datadir=DIR

Read-only architecture-independent data. Defaults to path -specified by --datarootdir configuration option.

-
-
--localedir=DIR

Locale-dependent data. Defaults to DATAROOTDIR/locale, where -DATAROOTDIR is the path specified by --datarootdir -configuration option.

-
-
--mandir=DIR

Man documentation. Defaults to DATAROOTDIR/man, where -DATAROOTDIR is the path specified by --datarootdir -configuration option.

-
-
-
-
-

Program names¶

-
-
--program-prefix=PREFIX

Prepend PREFIX to the names of the programs when installing -them. For example, specifying --program-prefix=mit- at the -configure time will cause the program named abc to be -installed as mit-abc.

-
-
--program-suffix=SUFFIX

Append SUFFIX to the names of the programs when installing them. -For example, specifying --program-suffix=-mit at the configure -time will cause the program named abc to be installed as -abc-mit.

-
-
--program-transform-name=PROGRAM

Run sed -e PROGRAM on installed program names. (PROGRAM is a -sed script).

-
-
-
-
-

System types¶

-
-
--build=BUILD

Configure for building on BUILD -(e.g., --build=x86_64-linux-gnu).

-
-
--host=HOST

Cross-compile to build programs to run on HOST -(e.g., --host=x86_64-linux-gnu). By default, Kerberos V5 -configuration will look for “build†option.

-
-
-
-
-

Optional features¶

-
-
--disable-option-checking

Ignore unrecognized –enable/–with options.

-
-
--disable-FEATURE

Do not include FEATURE (same as –enable-FEATURE=no).

-
-
--enable-FEATURE[=ARG]

Include FEATURE [ARG=yes].

-
-
--enable-maintainer-mode

Enable rebuilding of source files, Makefiles, etc.

-
-
--disable-delayed-initialization

Initialize library code when loaded. Defaults to delay until -first use.

-
-
--disable-thread-support

Don’t enable thread support. Defaults to enabled.

-
-
--disable-rpath

Suppress run path flags in link lines.

-
-
--enable-athena

Build with MIT Project Athena configuration.

-
-
--disable-kdc-lookaside-cache

Disable the cache which detects client retransmits.

-
-
--disable-pkinit

Disable PKINIT plugin support.

-
-
--disable-aesni

Disable support for using AES instructions on x86 platforms.

-
-
--enable-asan[=ARG]

Enable building with asan memory error checking. If ARG is -given, it controls the -fsanitize compilation flag value (the -default is “addressâ€).

-
-
-
-
-

Optional packages¶

-
-
--with-PACKAGE[=ARG]

Use PACKAGE (e.g., --with-imap). The default value of ARG -is yes.

-
-
--without-PACKAGE

Do not use PACKAGE (same as --with-PACKAGE=no) -(e.g., --without-libedit).

-
-
--with-size-optimizations

Enable a few optimizations to reduce code size possibly at some -run-time cost.

-
-
--with-system-et

Use the com_err library and compile_et utility that are already -installed on the system, instead of building and installing -local versions.

-
-
--with-system-ss

Use the ss library and mk_cmds utility that are already installed -on the system, instead of building and using private versions.

-
-
--with-system-db

Use the berkeley db utility already installed on the system, -instead of using a private version. This option is not -recommended; enabling it may result in incompatibility with key -databases originating on other systems.

-
-
--with-netlib=LIBS

Use the resolver library specified in LIBS. Use this variable -if the C library resolver is insufficient or broken.

-
-
--with-hesiod=path

Compile with Hesiod support. The path points to the Hesiod -directory. By default Hesiod is unsupported.

-
-
--with-ldap

Compile OpenLDAP database backend module.

-
-
--with-lmdb

Compile LMDB database backend module.

-
-
--with-vague-errors

Do not send helpful errors to client. For example, if the KDC -should return only vague error codes to clients.

-
-
--with-crypto-impl=IMPL

Use specified crypto implementation (e.g., --with-crypto-impl=openssl). The default is the native MIT -Kerberos implementation builtin. The other currently -implemented crypto backend is openssl. (See -MIT Kerberos features)

-
-
--without-libedit

Do not compile and link against libedit. Some utilities will no -longer offer command history or completion in interactive mode if -libedit is disabled.

-
-
--with-readline

Compile and link against GNU readline, as an alternative to libedit.

-
-
--with-system-verto

Use an installed version of libverto. If the libverto header and -library are not in default locations, you may wish to specify -CPPFLAGS=-I/some/dir and LDFLAGS=-L/some/other/dir options -at configuration time as well.

-

If this option is not given, the build system will try to detect -an installed version of libverto and use it if it is found. -Otherwise, a version supplied with the Kerberos sources will be -built and installed. The built-in version does not contain the -full set of back-end modules and is not a suitable general -replacement for the upstream version, but will work for the -purposes of Kerberos.

-

Specifying --without-system-verto will cause the built-in -version of libverto to be used unconditionally.

-
-
--with-krb5-config=PATH

Use the krb5-config program at PATH to obtain the build-time -default credential cache, keytab, and client keytab names. The -default is to use krb5-config from the program path. Specify ---without-krb5-config to disable the use of krb5-config and -use the usual built-in defaults.

-
-
--without-keyutils

Build without libkeyutils support. This disables the KEYRING -credential cache type.

-
-
-
-
-

Examples¶

-

For example, in order to configure Kerberos on a Solaris machine using -the suncc compiler with the optimizer turned on, run the configure -script with the following options:

-
% ./configure CC=suncc CFLAGS=-O
-
-
-

For a slightly more complicated example, consider a system where -several packages to be used by Kerberos are installed in -/usr/foobar, including Berkeley DB 3.3, and an ss library that -needs to link against the curses library. The configuration of -Kerberos might be done thus:

-
./configure CPPFLAGS=-I/usr/foobar/include LDFLAGS=-L/usr/foobar/lib \
---with-system-et --with-system-ss --with-system-db  \
-SS_LIB='-lss -lcurses'  DB_HEADER=db3/db_185.h DB_LIB=-ldb-3.3
-
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/build/osconf.html b/krb5-1.21.3/doc/html/build/osconf.html deleted file mode 100644 index 39d694c4..00000000 --- a/krb5-1.21.3/doc/html/build/osconf.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - osconf.hin — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

osconf.hin¶

-

There is one configuration file which you may wish to edit to control -various compile-time parameters in the Kerberos distribution:

-
include/osconf.hin
-
-
-

The list that follows is by no means complete, just some of the more -interesting variables.

-
-
DEFAULT_PROFILE_PATH

The pathname to the file which contains the profiles for the known -realms, their KDCs, etc. The default value is /etc/krb5.conf.

-
-
DEFAULT_KEYTAB_NAME

The type and pathname to the default server keytab file. The -default is DEFKTNAME.

-
-
DEFAULT_KDC_ENCTYPE

The default encryption type for the KDC database master key. The -default value is aes256-cts-hmac-sha1-96.

-
-
RCTMPDIR

The directory which stores replay caches. The default is -/var/tmp.

-
-
DEFAULT_KDB_FILE

The location of the default database. The default value is -LOCALSTATEDIR/krb5kdc/principal.

-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/build_this.html b/krb5-1.21.3/doc/html/build_this.html deleted file mode 100644 index f6d3e32d..00000000 --- a/krb5-1.21.3/doc/html/build_this.html +++ /dev/null @@ -1,202 +0,0 @@ - - - - - - - - - How to build this documentation from the source — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

How to build this documentation from the source¶

-

Pre-requisites for a simple build, or to update man pages:

- -

Additional prerequisites to include the API reference based on Doxygen -markup:

-
    -
  • Python 2.5 with the Cheetah, lxml, and xml modules

  • -
  • Doxygen

  • -
-
-

Simple build without API reference¶

-

To test simple changes to the RST sources, you can build the -documentation without the Doxygen reference by running, from the doc -directory:

-
sphinx-build . test_html
-
-
-

You will see a number of warnings about missing files. This is -expected. If there is not already a doc/version.py file, you will -need to create one by first running make version.py in the -src/doc directory of a configured build tree.

-
-
-

Updating man pages¶

-

Man pages are generated from the RST sources and checked into the -src/man directory of the repository. This allows man pages to be -installed without requiring Sphinx when using a source checkout. To -regenerate these files, run make man from the man subdirectory -of a configured build tree. You can also do this from an unconfigured -source tree with:

-
cd src/man
-make -f Makefile.in top_srcdir=.. srcdir=. man
-make clean
-
-
-

As with the simple build, it is normal to see warnings about missing -files when rebuilding the man pages.

-
-
-

Building for a release tarball or web site¶

-

To generate documentation in HTML format, run make html in the -doc subdirectory of a configured build tree (the build directory -corresponding to src/doc, not the top-level doc directory). -The output will be placed in the top-level doc/html directory. -This build will include the API reference generated from Doxygen -markup in the source tree.

-

Documentation generated this way will use symbolic names for paths -(like BINDIR for the directory containing user programs), with the -symbolic names being links to a table showing typical values for those -paths.

-

You can also do this from an unconfigured source tree with:

-
cd src/doc
-make -f Makefile.in SPHINX_ARGS= htmlsrc
-
-
-
-
-

Building for an OS package or site documentation¶

-

To generate documentation specific to a build of MIT krb5 as you have -configured it, run make substhtml in the doc subdirectory of a -configured build tree (the build directory corresponding to -src/doc, not the top-level doc directory). The output will be -placed in the html_subst subdirectory of that build directory. -This build will include the API reference.

-

Documentation generated this way will use concrete paths (like -/usr/local/bin for the directory containing user programs, for a -default custom build).

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/copyright.html b/krb5-1.21.3/doc/html/copyright.html deleted file mode 100644 index 7d624bf5..00000000 --- a/krb5-1.21.3/doc/html/copyright.html +++ /dev/null @@ -1,130 +0,0 @@ - - - - - - - - - Copyright — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- - - - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/formats/ccache_file_format.html b/krb5-1.21.3/doc/html/formats/ccache_file_format.html deleted file mode 100644 index 0218ef0c..00000000 --- a/krb5-1.21.3/doc/html/formats/ccache_file_format.html +++ /dev/null @@ -1,295 +0,0 @@ - - - - - - - - - Credential cache file format — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Credential cache file format¶

-

There are four versions of the file format used by the FILE credential -cache type. The first byte of the file always has the value 5, and -the value of the second byte contains the version number (1 through -4). Versions 1 and 2 of the file format use native byte order for integer -representations. Versions 3 and 4 always use big-endian byte order.

-

After the two-byte version indicator, the file has three parts: the -header (in version 4 only), the default principal name, and a sequence -of credentials.

-
-

Header format¶

-

The header appears only in format version 4. It begins with a 16-bit -integer giving the length of the entire header, followed by a sequence -of fields. Each field consists of a 16-bit tag, a 16-bit length, and -a value of the given length. A file format implementation should -ignore fields with unknown tags.

-

At this time there is only one defined header field. Its tag value is -1, its length is always 8, and its contents are two 32-bit integers -giving the seconds and microseconds of the time offset of the KDC -relative to the client. Adding this offset to the current time on the -client should give the current time on the KDC, if that offset has not -changed since the initial authentication.

-
-
-

Principal format¶

-

The default principal is marshalled using the following informal -grammar:

-
principal ::=
-    name type (32 bits) [omitted in version 1]
-    count of components (32 bits) [includes realm in version 1]
-    realm (data)
-    component1 (data)
-    component2 (data)
-    ...
-
-data ::=
-    length (32 bits)
-    value (length bytes)
-
-
-

There is no external framing on the default principal, so it must be -parsed according to the above grammar in order to find the sequence of -credentials which follows.

-
-
-

Credential format¶

-

The credential format uses the following informal grammar (referencing -the principal and data types from the previous section):

-
credential ::=
-    client (principal)
-    server (principal)
-    keyblock (keyblock)
-    authtime (32 bits)
-    starttime (32 bits)
-    endtime (32 bits)
-    renew_till (32 bits)
-    is_skey (1 byte, 0 or 1)
-    ticket_flags (32 bits)
-    addresses (addresses)
-    authdata (authdata)
-    ticket (data)
-    second_ticket (data)
-
-keyblock ::=
-    enctype (16 bits) [repeated twice in version 3]
-    data
-
-addresses ::=
-    count (32 bits)
-    address1
-    address2
-    ...
-
-address ::=
-    addrtype (16 bits)
-    data
-
-authdata ::=
-    count (32 bits)
-    authdata1
-    authdata2
-    ...
-
-authdata ::=
-    ad_type (16 bits)
-    data
-
-
-

There is no external framing on a marshalled credential, so it must be -parsed according to the above grammar in order to find the next -credential. There is also no count of credentials or marker at the -end of the sequence of credentials; the sequence ends when the file -ends.

-
-
-

Credential cache configuration entries¶

-

Configuration entries are encoded as credential entries. The client -principal of the entry is the default principal of the cache. The -server principal has the realm X-CACHECONF: and two or three -components, the first of which is krb5_ccache_conf_data. The -server principal’s second component is the configuration key. The -third component, if it exists, is a principal to which the -configuration key is associated. The configuration value is stored in -the ticket field of the entry. All other entry fields are zeroed.

-

Programs using credential caches must be aware of configuration -entries for several reasons:

-
    -
  • A program which displays the contents of a cache should not -generally display configuration entries.

  • -
  • The ticket field of a configuration entry is not (usually) a valid -encoding of a Kerberos ticket. An implementation must not treat the -cache file as malformed if it cannot decode the ticket field.

  • -
  • Configuration entries have an endtime field of 0 and might therefore -always be considered expired, but they should not be treated as -unimportant as a result. For instance, a program which copies -credentials from one cache to another should not omit configuration -entries because of the endtime.

  • -
-

The following configuration keys are currently used in MIT krb5:

-
-
fast_avail

The presence of this key with a non-empty value indicates that the -KDC asserted support for FAST (see RFC 6113) during the initial -authentication, using the negotiation method described in -RFC 6806 section 11. This key is not associated with any -principal.

-
-
pa_config_data

The value of this key contains a JSON object representation of -parameters remembered by the preauthentication mechanism used -during the initial authentication. These parameters may be used -when refreshing credentials. This key is associated with the -server principal of the initial authentication (usually the local -krbtgt principal of the client realm).

-
-
pa_type

The value of this key is the ASCII decimal representation of the -preauth type number used during the initial authentication. This -key is associated with the server principal of the initial -authentication.

-
-
proxy_impersonator

The presence of this key indicates that the cache is a synthetic -delegated credential for use with S4U2Proxy. The value is the -name of the intermediate service whose TGT can be used to make -S4U2Proxy requests for target services. This key is not -associated with any principal.

-
-
refresh_time

The presence of this key indicates that the cache was acquired by -the GSS mechanism using a client keytab. The value is the ASCII -decimal representation of a timestamp at which the GSS mechanism -should attempt to refresh the credential cache from the client -keytab.

-
-
start_realm

This key indicates the realm of the ticket-granting ticket to be -used for TGS requests, when making a referrals request or -beginning a cross-realm request. If it is not present, the client -realm is used.

-
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/formats/cookie.html b/krb5-1.21.3/doc/html/formats/cookie.html deleted file mode 100644 index f35a5e6e..00000000 --- a/krb5-1.21.3/doc/html/formats/cookie.html +++ /dev/null @@ -1,222 +0,0 @@ - - - - - - - - - KDC cookie format — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- - - - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/formats/freshness_token.html b/krb5-1.21.3/doc/html/formats/freshness_token.html deleted file mode 100644 index dda48da4..00000000 --- a/krb5-1.21.3/doc/html/formats/freshness_token.html +++ /dev/null @@ -1,149 +0,0 @@ - - - - - - - - - PKINIT freshness tokens — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

PKINIT freshness tokens¶

-

RFC 8070 specifies a pa-data type PA_AS_FRESHNESS, which clients -should reflect within signed PKINIT data to prove recent access to the -client certificate private key. The contents of a freshness token are -left to the KDC implementation. The MIT krb5 KDC uses the following -format for freshness tokens (starting in release 1.17):

-
    -
  • a four-byte big-endian POSIX timestamp

  • -
  • a four-byte big-endian key version number

  • -
  • an RFC 3961 checksum, with no ASN.1 wrapper

  • -
-

The checksum is computed using the first key in the local krbtgt -principal entry for the realm (e.g. krbtgt/KRBTEST.COM@KRBTEST.COM -if the request is to the KRBTEST.COM realm) of the indicated key -version. The checksum type must be the mandatory checksum type for -the encryption type of the krbtgt key. The key usage value for the -checksum is 514.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/formats/index.html b/krb5-1.21.3/doc/html/formats/index.html deleted file mode 100644 index ac18e321..00000000 --- a/krb5-1.21.3/doc/html/formats/index.html +++ /dev/null @@ -1,142 +0,0 @@ - - - - - - - - - Protocols and file formats — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/formats/keytab_file_format.html b/krb5-1.21.3/doc/html/formats/keytab_file_format.html deleted file mode 100644 index 69572421..00000000 --- a/krb5-1.21.3/doc/html/formats/keytab_file_format.html +++ /dev/null @@ -1,179 +0,0 @@ - - - - - - - - - Keytab file format — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Keytab file format¶

-

There are two versions of the file format used by the FILE keytab -type. The first byte of the file always has the value 5, and the -value of the second byte contains the version number (1 or 2). -Version 1 of the file format uses native byte order for integer -representations. Version 2 always uses big-endian byte order.

-

After the two-byte version indicator, the file contains a sequence of -signed 32-bit record lengths followed by key records or holes. A -positive record length indicates a valid key entry whose size is equal -to or less than the record length. A negative length indicates a -zero-filled hole whose size is the inverse of the length. A length of -0 indicates the end of the file.

-
-

Key entry format¶

-

A key entry may be smaller in size than the record length which -precedes it, because it may have replaced a hole which is larger than -the key entry. Key entries use the following informal grammar:

-
entry ::=
-    principal
-    timestamp (32 bits)
-    key version (8 bits)
-    enctype (16 bits)
-    key length (16 bits)
-    key contents
-    key version (32 bits) [in release 1.14 and later]
-
-principal ::=
-    count of components (16 bits) [includes realm in version 1]
-    realm (data)
-    component1 (data)
-    component2 (data)
-    ...
-    name type (32 bits) [omitted in version 1]
-
-data ::=
-    length (16 bits)
-    value (length bytes)
-
-
-

The 32-bit key version overrides the 8-bit key version. To determine -if it is present, the implementation must check that at least 4 bytes -remain in the record after the other fields are read, and that the -value of the 32-bit integer contained in those bytes is non-zero.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/formats/rcache_file_format.html b/krb5-1.21.3/doc/html/formats/rcache_file_format.html deleted file mode 100644 index bacb4db8..00000000 --- a/krb5-1.21.3/doc/html/formats/rcache_file_format.html +++ /dev/null @@ -1,173 +0,0 @@ - - - - - - - - - Replay cache file format — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Replay cache file format¶

-

This section documents the second version of the replay cache file -format, used by the “file2†replay cache type (new in release 1.18). -The first version of the file replay cache format is not documented.

-

All accesses to the replay cache file take place under an exclusive -POSIX or Windows file lock, obtained when the file is opened and -released when it is closed. Replay cache files are automatically -created when first accessed.

-

For each store operation, a tag is derived from the checksum part of -the RFC 3961 ciphertext of the authenticator. The checksum is -coerced to a fixed length of 12 bytes, either through truncation or -right-padding with zero bytes. A four-byte timestamp is appended to -the tag to produce a total record length of 16 bytes.

-

Bytes 0 through 15 of the file contain a hash seed for the SipHash-2-4 -algorithm (siphash); this field is populated with random bytes when -the file is first created. All remaining bytes are divided into a -series of expanding hash tables:

-
    -
  • Bytes 16-16383: hash table 1 (1023 slots)

  • -
  • Bytes 16384-49151: hash table 2 (2048 slots)

  • -
  • Bytes 49152-114687: hash table 3 (4096 slots)

  • -
  • …

  • -
-

Only some hash tables will be present in the file at any specific -time, and the final table may be only partially filled. Replay cache -files may be sparse if the filesystem supports it.

-

For each table present in the file, the tag is hashed with SipHash-2-4 -using the seed recorded in the file. The first byte of the seed is -incremented by one (modulo 256) for each table after the first. The -resulting hash value is taken modulo one less than the table size -(1022 for the first hash table, 2047 for the second) to produce the -index. The record may be found at the slot given by the index or at -the next slot.

-

All candidate locations for the record must be searched until a slot -is found with a timestamp of zero (indicating a slot which has never -been written to) or an offset is reached at or beyond the end of the -file. Any candidate location with a timestamp value of zero, with a -timestamp value less than the current time minus clockskew, or at or -beyond the end of the file is available for writing. When all -candidate locations have been searched without finding a match, the -new entry is written to the earliest candidate available for writing.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-A.html b/krb5-1.21.3/doc/html/genindex-A.html deleted file mode 100644 index 5df5a686..00000000 --- a/krb5-1.21.3/doc/html/genindex-A.html +++ /dev/null @@ -1,159 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-C.html b/krb5-1.21.3/doc/html/genindex-C.html deleted file mode 100644 index a835f4e8..00000000 --- a/krb5-1.21.3/doc/html/genindex-C.html +++ /dev/null @@ -1,153 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-E.html b/krb5-1.21.3/doc/html/genindex-E.html deleted file mode 100644 index ef547165..00000000 --- a/krb5-1.21.3/doc/html/genindex-E.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- -
-
- - -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-K.html b/krb5-1.21.3/doc/html/genindex-K.html deleted file mode 100644 index b1845589..00000000 --- a/krb5-1.21.3/doc/html/genindex-K.html +++ /dev/null @@ -1,2077 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- - -

Index – K

- - - - -
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-L.html b/krb5-1.21.3/doc/html/genindex-L.html deleted file mode 100644 index 8e047258..00000000 --- a/krb5-1.21.3/doc/html/genindex-L.html +++ /dev/null @@ -1,123 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-M.html b/krb5-1.21.3/doc/html/genindex-M.html deleted file mode 100644 index a9db824e..00000000 --- a/krb5-1.21.3/doc/html/genindex-M.html +++ /dev/null @@ -1,125 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-P.html b/krb5-1.21.3/doc/html/genindex-P.html deleted file mode 100644 index 4c8a2c2d..00000000 --- a/krb5-1.21.3/doc/html/genindex-P.html +++ /dev/null @@ -1,127 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-R.html b/krb5-1.21.3/doc/html/genindex-R.html deleted file mode 100644 index 0f04f26b..00000000 --- a/krb5-1.21.3/doc/html/genindex-R.html +++ /dev/null @@ -1,184 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-S.html b/krb5-1.21.3/doc/html/genindex-S.html deleted file mode 100644 index e6748716..00000000 --- a/krb5-1.21.3/doc/html/genindex-S.html +++ /dev/null @@ -1,123 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-T.html b/krb5-1.21.3/doc/html/genindex-T.html deleted file mode 100644 index f7366661..00000000 --- a/krb5-1.21.3/doc/html/genindex-T.html +++ /dev/null @@ -1,151 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-V.html b/krb5-1.21.3/doc/html/genindex-V.html deleted file mode 100644 index b538ae78..00000000 --- a/krb5-1.21.3/doc/html/genindex-V.html +++ /dev/null @@ -1,123 +0,0 @@ - - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex-all.html b/krb5-1.21.3/doc/html/genindex-all.html deleted file mode 100644 index 51736b6a..00000000 --- a/krb5-1.21.3/doc/html/genindex-all.html +++ /dev/null @@ -1,2419 +0,0 @@ - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- - -

Index

- -
- A - | C - | E - | K - | L - | M - | P - | R - | S - | T - | V - -
-

A

- - - -
- -

C

- - - -
- -

E

- - - -
- -

K

- - - -
- -

L

- - - -
- -

M

- - - -
- -

P

- - - -
- -

R

- - -
- -

S

- - - -
- -

T

- - - -
- -

V

- - - -
- - - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/genindex.html b/krb5-1.21.3/doc/html/genindex.html deleted file mode 100644 index 6da01634..00000000 --- a/krb5-1.21.3/doc/html/genindex.html +++ /dev/null @@ -1,131 +0,0 @@ - - - - - - - - Index — MIT Kerberos Documentation - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- - -

Index

- -

Index pages by letter:

- -
-

A - | C - | E - | K - | L - | M - | P - | R - | S - | T - | V -

- -

Full index on one page - (can be huge)

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/index.html b/krb5-1.21.3/doc/html/index.html deleted file mode 100644 index 7f0a29e3..00000000 --- a/krb5-1.21.3/doc/html/index.html +++ /dev/null @@ -1,136 +0,0 @@ - - - - - - - - - MIT Kerberos Documentation (1.21.3) — MIT Kerberos Documentation - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/mitK5defaults.html b/krb5-1.21.3/doc/html/mitK5defaults.html deleted file mode 100644 index 5c604f27..00000000 --- a/krb5-1.21.3/doc/html/mitK5defaults.html +++ /dev/null @@ -1,361 +0,0 @@ - - - - - - - - - MIT Kerberos defaults — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

MIT Kerberos defaults¶

-
-

General defaults¶

- ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Description

Default

Environment

keytab file

DEFKTNAME

KRB5_KTNAME

Client keytab file

DEFCKTNAME

KRB5_CLIENT_KTNAME

Kerberos config file krb5.conf

/etc/krb5.conf:SYSCONFDIR/krb5.conf

KRB5_CONFIG

KDC config file kdc.conf

LOCALSTATEDIR/krb5kdc/kdc.conf

KRB5_KDC_PROFILE

GSS mechanism config file

SYSCONFDIR/gss/mech

GSS_MECH_CONFIG

KDC database path (DB2)

LOCALSTATEDIR/krb5kdc/principal

Master key stash file

LOCALSTATEDIR/krb5kdc/.k5.realm

Admin server ACL file kadm5.acl

LOCALSTATEDIR/krb5kdc/kadm5.acl

OTP socket directory

RUNSTATEDIR/krb5kdc

Plugin base directory

LIBDIR/krb5/plugins

replay cache directory

/var/tmp

KRB5RCACHEDIR

Master key default enctype

aes256-cts-hmac-sha1-96

Default keysalt list

aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal

Permitted enctypes

aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 des3-cbc-sha1 arcfour-hmac-md5 camellia256-cts-cmac camellia128-cts-cmac

KDC default port

88

Admin server port

749

Password change port

464

-
-
-

Replica KDC propagation defaults¶

-

This table shows defaults used by the kprop and -kpropd programs.

- ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Description

Default

Environment

kprop database dump file

LOCALSTATEDIR/krb5kdc/replica_datatrans

kpropd temporary dump file

LOCALSTATEDIR/krb5kdc/from_master

kdb5_util location

SBINDIR/kdb5_util

kprop location

SBINDIR/kprop

kpropd ACL file

LOCALSTATEDIR/krb5kdc/kpropd.acl

kprop port

754

KPROP_PORT

-
-
-

Default paths for Unix-like systems¶

-

On Unix-like systems, some paths used by MIT krb5 depend on parameters -chosen at build time. For a custom build, these paths default to -subdirectories of /usr/local. When MIT krb5 is integrated into an -operating system, the paths are generally chosen to match the -operating system’s filesystem layout.

- ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Description

Symbolic name

Custom build path

Typical OS path

User programs

BINDIR

/usr/local/bin

/usr/bin

Libraries and plugins

LIBDIR

/usr/local/lib

/usr/lib

Parent of KDC state dir

LOCALSTATEDIR

/usr/local/var

/var

Parent of KDC runtime dir

RUNSTATEDIR

/usr/local/var/run

/run

Administrative programs

SBINDIR

/usr/local/sbin

/usr/sbin

Alternate krb5.conf dir

SYSCONFDIR

/usr/local/etc

/etc

Default ccache name

DEFCCNAME

FILE:/tmp/krb5cc_%{uid}

FILE:/tmp/krb5cc_%{uid}

Default keytab name

DEFKTNAME

FILE:/etc/krb5.keytab

FILE:/etc/krb5.keytab

Default PKCS11 module

PKCS11_MODNAME

opensc-pkcs11.so

opensc-pkcs11.so

-

The default client keytab name (DEFCKTNAME) typically defaults to -FILE:/usr/local/var/krb5/user/%{euid}/client.keytab for a custom -build. A native build will typically use a path which will vary -according to the operating system’s layout of /var.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/mitK5features.html b/krb5-1.21.3/doc/html/mitK5features.html deleted file mode 100644 index 6a5397db..00000000 --- a/krb5-1.21.3/doc/html/mitK5features.html +++ /dev/null @@ -1,789 +0,0 @@ - - - - - - - - - MIT Kerberos features — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-
-
-

MIT Kerberos features¶

-

https://web.mit.edu/kerberos

-
-

Quick facts¶

-

License - MIT Kerberos License information

-
-
Releases:
-
-
Supported platforms / OS distributions:
    -
  • Windows (KfW 4.0): Windows 7, Vista, XP

  • -
  • Solaris: SPARC, x86_64/x86

  • -
  • GNU/Linux: Debian x86_64/x86, Ubuntu x86_64/x86, RedHat x86_64/x86

  • -
  • BSD: NetBSD x86_64/x86

  • -
-
-
Crypto backends:
-
-
-

Database backends: LDAP, DB2, LMDB

-

krb4 support: Kerberos 5 release < 1.8

-

DES support: Kerberos 5 release < 1.18 (See Retiring DES)

-
-
-

Interoperability¶

-

Microsoft

-

Starting from release 1.7:

-
    -
  • Follow client principal referrals in the client library when -obtaining initial tickets.

  • -
  • KDC can issue realm referrals for service principals based on domain names.

  • -
  • Extensions supporting DCE RPC, including three-leg GSS context setup -and unencapsulated GSS tokens inside SPNEGO.

  • -
  • Microsoft GSS_WrapEX, implemented using the gss_iov API, which is -similar to the equivalent SSPI functionality. This is needed to -support some instances of DCE RPC.

  • -
  • NTLM recognition support in GSS-API, to facilitate dropping in an -NTLM implementation for improved compatibility with older releases -of Microsoft Windows.

  • -
  • KDC support for principal aliases, if the back end supports them. -Currently, only the LDAP back end supports aliases.

  • -
  • Support Microsoft set/change password (RFC 3244) protocol in -kadmind.

  • -
  • Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which -allows a GSS application to request credential delegation only if -permitted by KDC policy.

  • -
-

Starting from release 1.8:

-
    -
  • Microsoft Services for User (S4U) compatibility

  • -
-

Heimdal

-
    -
  • Support for KCM credential cache starting from release 1.13

  • -
-
-
-

Feature list¶

-

For more information on the specific project see https://k5wiki.kerberos.org/wiki/Projects

-
-
Release 1.7
-
-
Release 1.8
-
-
Release 1.9
    -
  • Advance warning on password expiry

  • -
  • Camellia encryption (CTS-CMAC mode) RFC 6803

  • -
  • KDC support for SecurID preauthentication

  • -
  • kadmin over IPv6

  • -
  • Trace logging Trace logging

  • -
  • GSSAPI/KRB5 multi-realm support

  • -
  • Plugin to test password quality Password quality interface (pwqual)

  • -
  • Plugin to synchronize password changes KADM5 hook interface (kadm5_hook)

  • -
  • Parallel KDC

  • -
  • GSS-API extensions for SASL GS2 bridge RFC 5801 RFC 5587

  • -
  • Purging old keys

  • -
  • Naming extensions for delegation chain

  • -
  • Password expiration API

  • -
  • Windows client support (build-only)

  • -
  • IPv6 support in iprop

  • -
-
-
Release 1.10
-
-
Release 1.11
    -
  • Client support for FAST OTP RFC 6560

  • -
  • GSS-API extensions for credential locations

  • -
  • Responder mechanism

  • -
-
-
Release 1.12
-
-
-

Release 1.13

-
-
    -
  • Add support for accessing KDCs via an HTTPS proxy server using -the MS-KKDCP -protocol.

  • -
  • Add support for hierarchical incremental propagation, -where replicas can act as intermediates between an upstream primary -and other downstream replicas.

  • -
  • Add support for configuring GSS mechanisms using -/etc/gss/mech.d/*.conf files in addition to -/etc/gss/mech.

  • -
  • Add support to the LDAP KDB module for binding to the LDAP -server using SASL.

  • -
  • The KDC listens for TCP connections by default.

  • -
  • Fix a minor key disclosure vulnerability where using the -“keepold†option to the kadmin randkey operation could return the -old keys. [CVE-2014-5351]

  • -
  • Add client support for the Kerberos Cache Manager protocol. If -the host is running a Heimdal kcm daemon, caches served by the -daemon can be accessed with the KCM: cache type.

  • -
  • When built on macOS 10.7 and higher, use “KCM:†as the default -cachetype, unless overridden by command-line options or -krb5-config values.

  • -
  • Add support for doing unlocked database dumps for the DB2 KDC -back end, which would allow the KDC and kadmind to continue -accessing the database during lengthy database dumps.

  • -
-
-

Release 1.14

-
-
    -
  • Administrator experience

    -
      -
    • Add a new kdb5_util tabdump command to provide reporting-friendly -tabular dump formats (tab-separated or CSV) for the KDC database. -Unlike the normal dump format, each output table has a fixed number -of fields. Some tables include human-readable forms of data that -are opaque in ordinary dump files. This format is also suitable for -importing into relational databases for complex queries.

    • -
    • Add support to kadmin and kadmin.local for specifying a single -command line following any global options, where the command -arguments are split by the shell–for example, “kadmin getprinc -principalnameâ€. Commands issued this way do not prompt for -confirmation or display warning messages, and exit with non-zero -status if the operation fails.

    • -
    • Accept the same principal flag names in kadmin as we do for the -default_principal_flags kdc.conf variable, and vice versa. Also -accept flag specifiers in the form that kadmin prints, as well as -hexadecimal numbers.

    • -
    • Remove the triple-DES and RC4 encryption types from the default -value of supported_enctypes, which determines the default key and -salt types for new password-derived keys. By default, keys will -only created only for AES128 and AES256. This mitigates some types -of password guessing attacks.

    • -
    • Add support for directory names in the KRB5_CONFIG and -KRB5_KDC_PROFILE environment variables.

    • -
    • Add support for authentication indicators, which are ticket -annotations to indicate the strength of the initial authentication. -Add support for the “require_auth†string attribute, which can be -set on server principal entries to require an indicator when -authenticating to the server.

    • -
    • Add support for key version numbers larger than 255 in keytab files, -and for version numbers up to 65535 in KDC databases.

    • -
    • Transmit only one ETYPE-INFO and/or ETYPE-INFO2 entry from the KDC -during pre-authentication, corresponding to the client’s most -preferred encryption type.

    • -
    • Add support for server name identification (SNI) when proxying KDC -requests over HTTPS.

    • -
    • Add support for the err_fmt profile parameter, which can be used to -generate custom-formatted error messages.

    • -
    -
  • -
  • Developer experience:

    -
      -
    • Change gss_acquire_cred_with_password() to acquire credentials into -a private memory credential cache. Applications can use -gss_store_cred() to make the resulting credentials visible to other -processes.

    • -
    • Change gss_acquire_cred() and SPNEGO not to acquire credentials for -IAKERB or for non-standard variants of the krb5 mechanism OID unless -explicitly requested. (SPNEGO will still accept the Microsoft -variant of the krb5 mechanism OID during negotiation.)

    • -
    • Change gss_accept_sec_context() not to accept tokens for IAKERB or -for non-standard variants of the krb5 mechanism OID unless an -acceptor credential is acquired for those mechanisms.

    • -
    • Change gss_acquire_cred() to immediately resolve credentials if the -time_rec parameter is not NULL, so that a correct expiration time -can be returned. Normally credential resolution is delayed until -the target name is known.

    • -
    • Add krb5_prepend_error_message() and krb5_wrap_error_message() APIs, -which can be used by plugin modules or applications to add prefixes -to existing detailed error messages.

    • -
    • Add krb5_c_prfplus() and krb5_c_derive_prfplus() APIs, which -implement the RFC 6113 PRF+ operation and key derivation using PRF+.

    • -
    • Add support for pre-authentication mechanisms which use multiple -round trips, using the the KDC_ERR_MORE_PREAUTH_DATA_REQUIRED error -code. Add get_cookie() and set_cookie() callbacks to the kdcpreauth -interface; these callbacks can be used to save marshalled state -information in an encrypted cookie for the next request.

    • -
    • Add a client_key() callback to the kdcpreauth interface to retrieve -the chosen client key, corresponding to the ETYPE-INFO2 entry sent -by the KDC.

    • -
    • Add an add_auth_indicator() callback to the kdcpreauth interface, -allowing pre-authentication modules to assert authentication -indicators.

    • -
    • Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to -suppress sending the confidentiality and integrity flags in GSS -initiator tokens unless they are requested by the caller. These -flags control the negotiated SASL security layer for the Microsoft -GSS-SPNEGO SASL mechanism.

    • -
    • Make the FILE credential cache implementation less prone to -corruption issues in multi-threaded programs, especially on -platforms with support for open file description locks.

    • -
    -
  • -
  • Performance:

    -
      -
    • On replica KDCs, poll the primary KDC immediately after -processing a full resync, and do not require two full resyncs -after the primary KDC’s log file is reset.

    • -
    -
  • -
-
-

Release 1.15

-
    -
  • Administrator experience:

    -
      -
    • Add support to kadmin for remote extraction of current keys -without changing them (requires a special kadmin permission that -is excluded from the wildcard permission), with the exception of -highly protected keys.

    • -
    • Add a lockdown_keys principal attribute to prevent retrieval of -the principal’s keys (old or new) via the kadmin protocol. In -newly created databases, this attribute is set on the krbtgt and -kadmin principals.

    • -
    • Restore recursive dump capability for DB2 back end, so sites can -more easily recover from database corruption resulting from power -failure events.

    • -
    • Add DNS auto-discovery of KDC and kpasswd servers from URI -records, in addition to SRV records. URI records can convey TCP -and UDP servers and primary KDC status in a single DNS lookup, and -can also point to HTTPS proxy servers.

    • -
    • Add support for password history to the LDAP back end.

    • -
    • Add support for principal renaming to the LDAP back end.

    • -
    • Use the getrandom system call on supported Linux kernels to avoid -blocking problems when getting entropy from the operating system.

    • -
    -
  • -
  • Code quality:

    -
      -
    • Clean up numerous compilation warnings.

    • -
    • Remove various infrequently built modules, including some preauth -modules that were not built by default.

    • -
    -
  • -
  • Developer experience:

    -
      -
    • Add support for building with OpenSSL 1.1.

    • -
    • Use SHA-256 instead of MD5 for (non-cryptographic) hashing of -authenticators in the replay cache. This helps sites that must -build with FIPS 140 conformant libraries that lack MD5.

    • -
    -
  • -
  • Protocol evolution:

    -
      -
    • Add support for the AES-SHA2 enctypes, which allows sites to -conform to Suite B crypto requirements.

    • -
    -
  • -
-

Release 1.16

-
    -
  • Administrator experience:

    -
      -
    • The KDC can match PKINIT client certificates against the -“pkinit_cert_match†string attribute on the client principal -entry, using the same syntax as the existing “pkinit_cert_match†-profile option.

    • -
    • The ktutil addent command supports the “-k 0†option to ignore the -key version, and the “-s†option to use a non-default salt string.

    • -
    • kpropd supports a –pid-file option to write a pid file at -startup, when it is run in standalone mode.

    • -
    • The “encrypted_challenge_indicator†realm option can be used to -attach an authentication indicator to tickets obtained using FAST -encrypted challenge pre-authentication.

    • -
    • Localization support can be disabled at build time with the -–disable-nls configure option.

    • -
    -
  • -
  • Developer experience:

    -
      -
    • The kdcpolicy pluggable interface allows modules control whether -tickets are issued by the KDC.

    • -
    • The kadm5_auth pluggable interface allows modules to control -whether kadmind grants access to a kadmin request.

    • -
    • The certauth pluggable interface allows modules to control which -PKINIT client certificates can authenticate to which client -principals.

    • -
    • KDB modules can use the client and KDC interface IP addresses to -determine whether to allow an AS request.

    • -
    • GSS applications can query the bit strength of a krb5 GSS context -using the GSS_C_SEC_CONTEXT_SASL_SSF OID with -gss_inquire_sec_context_by_oid().

    • -
    • GSS applications can query the impersonator name of a krb5 GSS -credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with -gss_inquire_cred_by_oid().

    • -
    • kdcpreauth modules can query the KDC for the canonicalized -requested client principal name, or match a principal name against -the requested client principal name with canonicalization.

    • -
    -
  • -
  • Protocol evolution:

    -
      -
    • The client library will continue to try pre-authentication -mechanisms after most failure conditions.

    • -
    • The KDC will issue trivially renewable tickets (where the -renewable lifetime is equal to or less than the ticket lifetime) -if requested by the client, to be friendlier to scripts.

    • -
    • The client library will use a random nonce for TGS requests -instead of the current system time.

    • -
    • For the RC4 string-to-key or PAC operations, UTF-16 is supported -(previously only UCS-2 was supported).

    • -
    • When matching PKINIT client certificates, UPN SANs will be matched -correctly as UPNs, with canonicalization.

    • -
    -
  • -
  • User experience:

    -
      -
    • Dates after the year 2038 are accepted (provided that the platform -time facilities support them), through the year 2106.

    • -
    • Automatic credential cache selection based on the client realm -will take into account the fallback realm and the service -hostname.

    • -
    • Referral and alternate cross-realm TGTs will not be cached, -avoiding some scenarios where they can be added to the credential -cache multiple times.

    • -
    • A German translation has been added.

    • -
    -
  • -
  • Code quality:

    -
      -
    • The build is warning-clean under clang with the configured warning -options.

    • -
    • The automated test suite runs cleanly under AddressSanitizer.

    • -
    -
  • -
-

Release 1.17

-
    -
  • Administrator experience:

    -
      -
    • A new Kerberos database module using the Lightning Memory-Mapped -Database library (LMDB) has been added. The LMDB KDB module -should be more performant and more robust than the DB2 module, and -may become the default module for new databases in a future -release.

    • -
    • “kdb5_util dump†will no longer dump policy entries when specific -principal names are requested.

    • -
    -
  • -
  • Developer experience:

    -
      -
    • The new krb5_get_etype_info() API can be used to retrieve enctype, -salt, and string-to-key parameters from the KDC for a client -principal.

    • -
    • The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise -principal names to be used with GSS-API functions.

    • -
    • KDC and kadmind modules which call com_err() will now write to the -log file in a format more consistent with other log messages.

    • -
    • Programs which use large numbers of memory credential caches -should perform better.

    • -
    -
  • -
  • Protocol evolution:

    -
      -
    • The SPAKE pre-authentication mechanism is now supported. This -mechanism protects against password dictionary attacks without -requiring any additional infrastructure such as certificates. -SPAKE is enabled by default on clients, but must be manually -enabled on the KDC for this release.

    • -
    • PKINIT freshness tokens are now supported. Freshness tokens can -protect against scenarios where an attacker uses temporary access -to a smart card to generate authentication requests for the -future.

    • -
    • Password change operations now prefer TCP over UDP, to avoid -spurious error messages about replays when a response packet is -dropped.

    • -
    • The KDC now supports cross-realm S4U2Self requests when used with -a third-party KDB module such as Samba’s. The client code for -cross-realm S4U2Self requests is also now more robust.

    • -
    -
  • -
  • User experience:

    -
      -
    • The new ktutil addent -f flag can be used to fetch salt -information from the KDC for password-based keys.

    • -
    • The new kdestroy -p option can be used to destroy a credential -cache within a collection by client principal name.

    • -
    • The Kerberos man page has been restored, and documents the -environment variables that affect programs using the Kerberos -library.

    • -
    -
  • -
  • Code quality:

    -
      -
    • Python test scripts now use Python 3.

    • -
    • Python test scripts now display markers in verbose output, making -it easier to find where a failure occurred within the scripts.

    • -
    • The Windows build system has been simplified and updated to work -with more recent versions of Visual Studio. A large volume of -unused Windows-specific code has been removed. Visual Studio 2013 -or later is now required.

    • -
    -
  • -
-

Release 1.18

-
    -
  • Administrator experience:

    -
      -
    • Remove support for single-DES encryption types.

    • -
    • Change the replay cache format to be more efficient and robust. -Replay cache filenames using the new format end with .rcache2 -by default.

    • -
    • setuid programs will automatically ignore environment variables -that normally affect krb5 API functions, even if the caller does -not use krb5_init_secure_context().

    • -
    • Add an enforce_ok_as_delegate krb5.conf relation to disable -credential forwarding during GSSAPI authentication unless the KDC -sets the ok-as-delegate bit in the service ticket.

    • -
    -
  • -
  • Developer experience:

    -
      -
    • Implement krb5_cc_remove_cred() for all credential cache types.

    • -
    • Add the krb5_pac_get_client_info() API to get the client account -name from a PAC.

    • -
    -
  • -
  • Protocol evolution:

    -
      -
    • Add KDC support for S4U2Self requests where the user is identified -by X.509 certificate. (Requires support for certificate lookup -from a third-party KDB module.)

    • -
    • Remove support for an old (“draft 9â€) variant of PKINIT.

    • -
    • Add support for Microsoft NegoEx. (Requires one or more -third-party GSS modules implementing NegoEx mechanisms.)

    • -
    -
  • -
  • User experience:

    -
      -
    • Add support for dns_canonicalize_hostname=fallback, causing -host-based principal names to be tried first without DNS -canonicalization, and again with DNS canonicalization if the -un-canonicalized server is not found.

    • -
    • Expand single-component hostnames in hhost-based principal names -when DNS canonicalization is not used, adding the system’s first -DNS search path as a suffix. Add a qualify_shortname -krb5.conf relation to override this suffix or disable expansion.

    • -
    -
  • -
  • Code quality:

    -
      -
    • The libkrb5 serialization code (used to export and import krb5 GSS -security contexts) has been simplified and made type-safe.

    • -
    • The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED -messages has been revised to conform to current coding practices.

    • -
    • The test suite has been modified to work with macOS System -Integrity Protection enabled.

    • -
    • The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 -support can always be tested.

    • -
    -
  • -
-

Release 1.19

-
    -
  • Administrator experience:

    -
      -
    • When a client keytab is present, the GSSAPI krb5 mech will refresh -credentials even if the current credentials were acquired -manually.

    • -
    • It is now harder to accidentally delete the K/M entry from a KDB.

    • -
    -
  • -
  • Developer experience:

    -
      -
    • gss_acquire_cred_from() now supports the “password†and “verify†-options, allowing credentials to be acquired via password and -verified using a keytab key.

    • -
    • When an application accepts a GSS security context, the new -GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor -both provided matching channel bindings.

    • -
    • Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self -requests to identify the desired client principal by certificate.

    • -
    • PKINIT certauth modules can now cause the hw-authent flag to be -set in issued tickets.

    • -
    • The krb5_init_creds_step() API will now issue the same password -expiration warnings as krb5_get_init_creds_password().

    • -
    -
  • -
  • Protocol evolution:

    -
      -
    • Added client and KDC support for Microsoft’s Resource-Based -Constrained Delegation, which allows cross-realm S4U2Proxy -requests. A third-party database module is required for KDC -support.

    • -
    • kadmin/admin is now the preferred server principal name for kadmin -connections, and the host-based form is no longer created by -default. The client will still try the host-based form as a -fallback.

    • -
    • Added client and server support for Microsoft’s -KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be -required for the initiator if the acceptor provided them. The -client will send this option if the client_aware_gss_bindings -profile option is set.

    • -
    -
  • -
-

User experience:

-
-
    -
  • The default setting of dns_canonicalize_realm is now “fallbackâ€. -Hostnames provided from applications will be tried in principal -names as given (possibly with shortname qualification), falling -back to the canonicalized name.

  • -
  • kinit will now issue a warning if the des3-cbc-sha1 encryption -type is used in the reply. This encryption type will be -deprecated and removed in future releases.

  • -
  • Added kvno flags –out-cache, –no-store, and –cached-only -(inspired by Heimdal’s kgetcred).

  • -
-
-

Release 1.20

-
    -
  • Administrator experience:

    -
      -
    • Added a “disable_pac†realm relation to suppress adding PAC -authdata to tickets, for realms which do not need to support S4U -requests.

    • -
    • Most credential cache types will use atomic replacement when a -cache is reinitialized using kinit or refreshed from the client -keytab.

    • -
    • kprop can now propagate databases with a dump size larger than -4GB, if both the client and server are upgraded.

    • -
    • kprop can now work over NATs that change the destination IP -address, if the client is upgraded.

    • -
    -
  • -
  • Developer experience:

    -
      -
    • Updated the KDB interface. The sign_authdata() method is replaced -with the issue_pac() method, allowing KDB modules to add logon -info and other buffers to the PAC issued by the KDC.

    • -
    • Host-based initiator names are better supported in the GSS krb5 -mechanism.

    • -
    -
  • -
  • Protocol evolution:

    -
      -
    • Replaced AD-SIGNEDPATH authdata with minimal PACs.

    • -
    • To avoid spurious replay errors, password change requests will not -be attempted over UDP until the attempt over TCP fails.

    • -
    • PKINIT will sign its CMS messages with SHA-256 instead of SHA-1.

    • -
    -
  • -
  • Code quality:

    -
      -
    • Updated all code using OpenSSL to be compatible with OpenSSL 3.

    • -
    • Reorganized the libk5crypto build system to allow the OpenSSL -back-end to pull in material from the builtin back-end depending -on the OpenSSL version.

    • -
    • Simplified the PRNG logic to always use the platform PRNG.

    • -
    • Converted the remaining Tcl tests to Python.

    • -
    -
  • -
-

Release 1.21

-
    -
  • User experience:

    -
      -
    • Added a credential cache type providing compatibility with the -macOS 11 native credential cache.

    • -
    -
  • -
  • Developer experience:

    -
      -
    • libkadm5 will use the provided krb5_context object to read -configuration values, instead of creating its own.

    • -
    • Added an interface to retrieve the ticket session key from a GSS -context.

    • -
    -
  • -
  • Protocol evolution:

    -
      -
    • The KDC will no longer issue tickets with RC4 or triple-DES -session keys unless explicitly configured with the new allow_rc4 -or allow_des3 variables respectively.

    • -
    • The KDC will assume that all services can handle aes256-sha1 -session keys unless the service principal has a session_enctypes -string attribute.

    • -
    • Support for PAC full KDC checksums has been added to mitigate an -S4U2Proxy privilege escalation attack.

    • -
    • The PKINIT client will advertise a more modern set of supported -CMS algorithms.

    • -
    -
  • -
  • Code quality:

    -
      -
    • Removed unused code in libkrb5, libkrb5support, and the PKINIT -module.

    • -
    • Modernized the KDC code for processing TGS requests, the code for -encrypting and decrypting key data, the PAC handling code, and the -GSS library packet parsing and composition code.

    • -
    • Improved the test framework’s detection of memory errors in daemon -processes when used with asan.

    • -
    -
  • -
-

Pre-authentication mechanisms

- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/mitK5license.html b/krb5-1.21.3/doc/html/mitK5license.html deleted file mode 100644 index 43f82902..00000000 --- a/krb5-1.21.3/doc/html/mitK5license.html +++ /dev/null @@ -1,1301 +0,0 @@ - - - - - - - - - MIT Kerberos License information — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

MIT Kerberos License information¶

-
-
-

Copyright © 1985-2024 by the Massachusetts Institute of Technology.

-

All rights reserved.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met:

-
    -
  • Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer.

  • -
  • Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  • -
-

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -“AS IS†AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-

Downloading of this software may constitute an export of cryptographic -software from the United States of America that is subject to the -United States Export Administration Regulations (EAR), 15 CFR 730-774. -Additional laws or regulations may apply. It is the responsibility of -the person or entity contemplating export to comply with all -applicable export laws and regulations, including obtaining any -required license from the U.S. government.

-

The U.S. government prohibits export of encryption source code to -certain countries and individuals, including, but not limited to, the -countries of Cuba, Iran, North Korea, Sudan, Syria, and residents and -nationals of those countries.

-

Documentation components of this software distribution are licensed -under a Creative Commons Attribution-ShareAlike 3.0 Unported License. -(https://creativecommons.org/licenses/by-sa/3.0/)

-

Individual source code files are copyright MIT, Cygnus Support, -Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems, -FundsXpress, and others.

-

Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, -and Zephyr are trademarks of the Massachusetts Institute of Technology -(MIT). No commercial use of these trademarks may be made without -prior written permission of MIT.

-

“Commercial use†means use of a name in a product or other for-profit -manner. It does NOT prevent a commercial firm from referring to the -MIT trademarks in order to convey information (although in doing so, -recognition of their trademark status should be given).

-
-

The following copyright and permission notice applies to the -OpenVision Kerberos Administration system located in -kadmin/create, kadmin/dbutil, kadmin/passwd, -kadmin/server, lib/kadm5, and portions of -lib/rpc:

-
-

Copyright, OpenVision Technologies, Inc., 1993-1996, All Rights Reserved

-

WARNING: Retrieving the OpenVision Kerberos Administration system source -code, as described below, indicates your acceptance of the following -terms. If you do not agree to the following terms, do not retrieve the -OpenVision Kerberos administration system.

-

You may freely use and distribute the Source Code and Object Code -compiled from it, with or without modification, but this Source Code is -provided to you “AS IS†EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT -LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A -PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED. -IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS, -LOSS OF DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR -FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS -AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE -OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR -ANY OTHER REASON.

-

OpenVision retains all copyrights in the donated Source Code. OpenVision -also retains copyright to derivative works of the Source Code, whether -created by OpenVision or by a third party. The OpenVision copyright -notice must be preserved if derivative works are made based on the -donated Source Code.

-

OpenVision Technologies, Inc. has donated this Kerberos Administration -system to MIT for inclusion in the standard Kerberos 5 distribution. -This donation underscores our commitment to continuing Kerberos -technology development and our gratitude for the valuable work which has -been performed by MIT and the Kerberos community.

-
-
-
-

Portions contributed by Matt Crawford crawdad@fnal.gov were work -performed at Fermi National Accelerator Laboratory, which is operated -by Universities Research Association, Inc., under contract -DE-AC02-76CHO3000 with the U.S. Department of Energy.

-
-
-

Portions of src/lib/crypto have the following copyright:

-
-

Copyright © 1998 by the FundsXpress, INC.

-

All rights reserved.

-
-

Export of this software from the United States of America may require -a specific license from the United States Government. It is the -responsibility of any person or organization contemplating export to -obtain such a license before exporting.

-
-

WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of FundsXpress. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. FundsXpress makes no representations about the suitability of -this software for any purpose. It is provided “as is†without express -or implied warranty.

-

THIS SOFTWARE IS PROVIDED “AS IS†AND WITHOUT ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

-
-
-

The implementation of the AES encryption algorithm in -src/lib/crypto/builtin/aes has the following copyright:

-
-
-
Copyright © 1998-2013, Brian Gladman, Worcester, UK. All
-
rights reserved.
-
-

The redistribution and use of this software (with or without -changes) is allowed without the payment of fees or royalties -provided that:

-
-

source code distributions include the above copyright notice, -this list of conditions and the following disclaimer;

-

binary distributions include the above copyright notice, this -list of conditions and the following disclaimer in their -documentation.

-
-

This software is provided ‘as is’ with no explicit or implied warranties -in respect of its operation, including, but not limited to, correctness -and fitness for purpose.

-
-
-

Portions contributed by Red Hat, including the pre-authentication -plug-in framework and the NSS crypto implementation, contain the -following copyright:

-
-
-
Copyright © 2006 Red Hat, Inc.
-
Portions copyright © 2006 Massachusetts Institute of Technology
-
All Rights Reserved.
-
-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met:

-
    -
  • Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  • -
  • Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  • -
  • Neither the name of Red Hat, Inc., nor the names of its contributors -may be used to endorse or promote products derived from this software -without specific prior written permission.

  • -
-

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS -IS†AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER -OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-
-
-

The bundled verto source code is subject to the following license:

-
-

Copyright 2011 Red Hat, Inc.

-

Permission is hereby granted, free of charge, to any person -obtaining a copy of this software and associated documentation files -(the “Softwareâ€), to deal in the Software without restriction, -including without limitation the rights to use, copy, modify, merge, -publish, distribute, sublicense, and/or sell copies of the Software, -and to permit persons to whom the Software is furnished to do so, -subject to the following conditions:

-

The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software.

-

THE SOFTWARE IS PROVIDED “AS ISâ€, WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE.

-
-
-

The MS-KKDCP client implementation has the following copyright:

-
-

Copyright 2013,2014 Red Hat, Inc.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met:

-
-
    -
  1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  2. -
  3. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in -the documentation and/or other materials provided with the -distribution.

  4. -
-
-

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS -IS†AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER -OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-
-
-

The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in -src/lib/gssapi, including the following files:

-
lib/gssapi/generic/gssapi_err_generic.et
-lib/gssapi/mechglue/g_accept_sec_context.c
-lib/gssapi/mechglue/g_acquire_cred.c
-lib/gssapi/mechglue/g_canon_name.c
-lib/gssapi/mechglue/g_compare_name.c
-lib/gssapi/mechglue/g_context_time.c
-lib/gssapi/mechglue/g_delete_sec_context.c
-lib/gssapi/mechglue/g_dsp_name.c
-lib/gssapi/mechglue/g_dsp_status.c
-lib/gssapi/mechglue/g_dup_name.c
-lib/gssapi/mechglue/g_exp_sec_context.c
-lib/gssapi/mechglue/g_export_name.c
-lib/gssapi/mechglue/g_glue.c
-lib/gssapi/mechglue/g_imp_name.c
-lib/gssapi/mechglue/g_imp_sec_context.c
-lib/gssapi/mechglue/g_init_sec_context.c
-lib/gssapi/mechglue/g_initialize.c
-lib/gssapi/mechglue/g_inquire_context.c
-lib/gssapi/mechglue/g_inquire_cred.c
-lib/gssapi/mechglue/g_inquire_names.c
-lib/gssapi/mechglue/g_process_context.c
-lib/gssapi/mechglue/g_rel_buffer.c
-lib/gssapi/mechglue/g_rel_cred.c
-lib/gssapi/mechglue/g_rel_name.c
-lib/gssapi/mechglue/g_rel_oid_set.c
-lib/gssapi/mechglue/g_seal.c
-lib/gssapi/mechglue/g_sign.c
-lib/gssapi/mechglue/g_store_cred.c
-lib/gssapi/mechglue/g_unseal.c
-lib/gssapi/mechglue/g_userok.c
-lib/gssapi/mechglue/g_utils.c
-lib/gssapi/mechglue/g_verify.c
-lib/gssapi/mechglue/gssd_pname_to_uid.c
-lib/gssapi/mechglue/mglueP.h
-lib/gssapi/mechglue/oid_ops.c
-lib/gssapi/spnego/gssapiP_spnego.h
-lib/gssapi/spnego/spnego_mech.c
-
-
-

and the initial implementation of incremental propagation, including -the following new or changed files:

-
include/iprop_hdr.h
-kadmin/server/ipropd_svc.c
-lib/kdb/iprop.x
-lib/kdb/kdb_convert.c
-lib/kdb/kdb_log.c
-lib/kdb/kdb_log.h
-lib/krb5/error_tables/kdb5_err.et
-kprop/kpropd_rpc.c
-kprop/kproplog.c
-
-
-

are subject to the following license:

-
-

Copyright © 2004 Sun Microsystems, Inc.

-

Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the -“Softwareâ€), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions:

-

The above copyright notice and this permission notice shall be included -in all copies or substantial portions of the Software.

-

THE SOFTWARE IS PROVIDED “AS ISâ€, WITHOUT WARRANTY OF ANY KIND, EXPRESS -OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

-
-
-

Kerberos V5 includes documentation and software developed at the -University of California at Berkeley, which includes this copyright -notice:

-
-
-
Copyright © 1983 Regents of the University of California.
-
All rights reserved.
-
-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met:

-
    -
  1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  2. -
  3. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  4. -
  5. Neither the name of the University nor the names of its contributors -may be used to endorse or promote products derived from this software -without specific prior written permission.

  6. -
-

THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS “AS IS†AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE.

-
-
-

Portions contributed by Novell, Inc., including the LDAP database -backend, are subject to the following license:

-
-
-
Copyright © 2004-2005, Novell, Inc.
-
All rights reserved.
-
-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met:

-
    -
  • Redistributions of source code must retain the above copyright notice, -this list of conditions and the following disclaimer.

  • -
  • Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  • -
  • The copyright holder’s name is not used to endorse or promote products -derived from this software without specific prior written permission.

  • -
-

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS†-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE.

-
-
-

Portions funded by Sandia National Laboratory -and developed by the University of Michigan’s -Center for Information Technology Integration, -including the PKINIT implementation, are subject -to the following license:

-
-
-
COPYRIGHT © 2006-2007
-
THE REGENTS OF THE UNIVERSITY OF MICHIGAN
-
ALL RIGHTS RESERVED
-
-

Permission is granted to use, copy, create derivative works -and redistribute this software and such derivative works -for any purpose, so long as the name of The University of -Michigan is not used in any advertising or publicity -pertaining to the use of distribution of this software -without specific, written prior authorization. If the -above copyright notice or any other identification of the -University of Michigan is included in any copy of any -portion of this software, then the disclaimer below must -also be included.

-

THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION -FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY -PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF -MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING -WITHOUT LIMITATION THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE -REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE -FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR -CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING -OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN -IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES.

-
-
-

The pkcs11.h file included in the PKINIT code has the -following license:

-
-
-
Copyright 2006 g10 Code GmbH
-
Copyright 2006 Andreas Jellinghaus
-
-

This file is free software; as a special exception the author gives -unlimited permission to copy and/or distribute it, with or without -modifications, as long as this notice is preserved.

-

This file is distributed in the hope that it will be useful, but -WITHOUT ANY WARRANTY, to the extent permitted by law; without even -the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -PURPOSE.

-
-
-

Portions contributed by Apple Inc. are subject to the following license:

-
-

Copyright 2004-2008 Apple Inc. All Rights Reserved.

-
-

Export of this software from the United States of America may require -a specific license from the United States Government. It is the -responsibility of any person or organization contemplating export to -obtain such a license before exporting.

-
-

WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of Apple Inc. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. Apple Inc. makes no representations about the suitability of -this software for any purpose. It is provided “as is†without express -or implied warranty.

-

THIS SOFTWARE IS PROVIDED “AS IS†AND WITHOUT ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

-
-
-

The implementations of UTF-8 string handling in src/util/support and -src/lib/krb5/unicode are subject to the following copyright and -permission notice:

-
-
-
The OpenLDAP Public License
-
Version 2.8, 17 August 2003
-
-

Redistribution and use of this software and associated documentation -(“Softwareâ€), with or without modification, are permitted provided -that the following conditions are met:

-
    -
  1. Redistributions in source form must retain copyright statements -and notices,

  2. -
  3. Redistributions in binary form must reproduce applicable copyright -statements and notices, this list of conditions, and the following -disclaimer in the documentation and/or other materials provided -with the distribution, and

  4. -
  5. Redistributions must contain a verbatim copy of this document.

  6. -
-

The OpenLDAP Foundation may revise this license from time to time. -Each revision is distinguished by a version number. You may use -this Software under terms of this license revision or under the -terms of any subsequent revision of the license.

-

THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS -CONTRIBUTORS “AS IS†AND ANY EXPRESSED OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT -SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) -OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, -BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN -ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE.

-

The names of the authors and copyright holders must not be used in -advertising or otherwise to promote the sale, use or other dealing -in this Software without specific, written prior permission. Title -to copyright in this Software shall at all times remain with copyright -holders.

-

OpenLDAP is a registered trademark of the OpenLDAP Foundation.

-

Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, -California, USA. All Rights Reserved. Permission to copy and -distribute verbatim copies of this document is granted.

-
-
-

Marked test programs in src/lib/krb5/krb have the following copyright:

-
-
-
Copyright © 2006 Kungliga Tekniska Högskola
-
(Royal Institute of Technology, Stockholm, Sweden).
-
All rights reserved.
-
-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met:

-
    -
  1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  2. -
  3. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  4. -
  5. Neither the name of KTH nor the names of its contributors may be -used to endorse or promote products derived from this software without -specific prior written permission.

  6. -
-

THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS “AS IS†AND ANY -EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE -LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-
-
-

The KCM Mach RPC definition file used on macOS has the following copyright:

-
-
-
Copyright © 2009 Kungliga Tekniska Högskola
-
(Royal Institute of Technology, Stockholm, Sweden).
-
All rights reserved.
-
-

Portions Copyright © 2009 Apple Inc. All rights reserved.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met:

-
    -
  1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  2. -
  3. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  4. -
  5. Neither the name of the Institute nor the names of its contributors -may be used to endorse or promote products derived from this software -without specific prior written permission.

  6. -
-

THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS “AS IS†AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE.

-
-
-

Portions of the RPC implementation in src/lib/rpc and src/include/gssrpc -have the following copyright and permission notice:

-
-

Copyright © 2010, Oracle America, Inc.

-

All rights reserved.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are met:

-
    -
  1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  2. -
  3. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in -the documentation and/or other materials provided with the -distribution.

  4. -
  5. Neither the name of the “Oracle America, Inc.†nor the names of -its contributors may be used to endorse or promote products -derived from this software without specific prior written permission.

  6. -
-

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS -IS†AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A -PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-
-
-
-

Copyright © 2006,2007,2009 -NTT (Nippon Telegraph and Telephone Corporation). All rights reserved.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met:

-
    -
  1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer as -the first lines of this file unmodified.

  2. -
  3. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  4. -
-

THIS SOFTWARE IS PROVIDED BY NTT “AS IS†AND ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, -INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-
-
-
-

Copyright 2000 by Carnegie Mellon University

-

All Rights Reserved

-

Permission to use, copy, modify, and distribute this software and its -documentation for any purpose and without fee is hereby granted, -provided that the above copyright notice appear in all copies and that -both that copyright notice and this permission notice appear in -supporting documentation, and that the name of Carnegie Mellon -University not be used in advertising or publicity pertaining to -distribution of the software without specific, written prior -permission.

-

CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND -FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR -ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT -OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

-
-
-
-

Copyright © 2002 Naval Research Laboratory (NRL/CCS)

-

Permission to use, copy, modify and distribute this software and its -documentation is hereby granted, provided that both the copyright -notice and this permission notice appear in all copies of the software, -derivative works or modified versions, and any portions thereof.

-

NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS “AS IS†CONDITION AND -DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER -RESULTING FROM THE USE OF THIS SOFTWARE.

-
-
-
-

Copyright © 2022 United States Government as represented by the -Secretary of the Navy. All rights reserved.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met:

-
    -
  • Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  • -
  • Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in -the documentation and/or other materials provided with the -distribution.

  • -
-

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -“AS IS†AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -OF THE POSSIBILITY OF SUCH DAMAGE.

-
-
-
-

Copyright © 1991, 1992, 1994 by Cygnus Support.

-

Permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation. -Cygnus Support makes no representations about the suitability of -this software for any purpose. It is provided “as is†without express -or implied warranty.

-
-
-
-

Copyright © 2006 Secure Endpoints Inc.

-

Permission is hereby granted, free of charge, to any person -obtaining a copy of this software and associated documentation -files (the “Softwareâ€), to deal in the Software without -restriction, including without limitation the rights to use, copy, -modify, merge, publish, distribute, sublicense, and/or sell copies -of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions:

-

The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software.

-

THE SOFTWARE IS PROVIDED “AS ISâ€, WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND -NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS -BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN -ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN -CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE.

-
-
-
-

Copyright © 1994 by the University of Southern California

-
-

EXPORT OF THIS SOFTWARE from the United States of America may -require a specific license from the United States Government. -It is the responsibility of any person or organization contemplating -export to obtain such a license before exporting.

-
-

WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute -this software and its documentation in source and binary forms is -hereby granted, provided that any documentation or other materials -related to such distribution or use acknowledge that the software -was developed by the University of Southern California.

-

DISCLAIMER OF WARRANTY. THIS SOFTWARE IS PROVIDED “AS ISâ€. The -University of Southern California MAKES NO REPRESENTATIONS OR -WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not -limitation, the University of Southern California MAKES NO -REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY -PARTICULAR PURPOSE. The University of Southern -California shall not be held liable for any liability nor for any -direct, indirect, or consequential damages with respect to any -claim by the user or distributor of the ksu software.

-
-
-
-
-
Copyright © 1995
-
The President and Fellows of Harvard University
-
-

This code is derived from software contributed to Harvard by -Jeremy Rassen.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met:

-
    -
  1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  2. -
  3. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  4. -
  5. All advertising materials mentioning features or use of this software -must display the following acknowledgement:

    -
    -

    This product includes software developed by the University of -California, Berkeley and its contributors.

    -
    -
  6. -
  7. Neither the name of the University nor the names of its contributors -may be used to endorse or promote products derived from this software -without specific prior written permission.

  8. -
-

THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS “AS IS†AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE.

-
-
-
-
-
Copyright © 2008 by the Massachusetts Institute of Technology.
-
Copyright 1995 by Richard P. Basch. All Rights Reserved.
-
Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved.
-
-
-

Export of this software from the United States of America may -require a specific license from the United States Government. -It is the responsibility of any person or organization contemplating -export to obtain such a license before exporting.

-
-

WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used -in advertising or publicity pertaining to distribution of the software -without specific, written prior permission. Richard P. Basch, -Lehman Brothers and M.I.T. make no representations about the suitability -of this software for any purpose. It is provided “as is†without -express or implied warranty.

-
-
-

The following notice applies to src/lib/krb5/krb/strptime.c and -src/include/k5-queue.h.

-
-
-
Copyright © 1997, 1998 The NetBSD Foundation, Inc.
-
All rights reserved.
-
-

This code was contributed to The NetBSD Foundation by Klaus Klein.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met:

-
    -
  1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  2. -
  3. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  4. -
  5. All advertising materials mentioning features or use of this software -must display the following acknowledgement:

    -
    -

    This product includes software developed by the NetBSD -Foundation, Inc. and its contributors.

    -
    -
  6. -
  7. Neither the name of The NetBSD Foundation nor the names of its -contributors may be used to endorse or promote products derived -from this software without specific prior written permission.

  8. -
-

THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS -“AS IS†AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -POSSIBILITY OF SUCH DAMAGE.

-
-
-

The following notice applies to Unicode library files in -src/lib/krb5/unicode:

-
-
-
Copyright 1997, 1998, 1999 Computing Research Labs,
-
New Mexico State University
-
-

Permission is hereby granted, free of charge, to any person obtaining a -copy of this software and associated documentation files (the “Softwareâ€), -to deal in the Software without restriction, including without limitation -the rights to use, copy, modify, merge, publish, distribute, sublicense, -and/or sell copies of the Software, and to permit persons to whom the -Software is furnished to do so, subject to the following conditions:

-

The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software.

-

THE SOFTWARE IS PROVIDED “AS ISâ€, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL -THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT -OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR -THE USE OR OTHER DEALINGS IN THE SOFTWARE.

-
-
-

The following notice applies to src/util/support/strlcpy.c:

-
-

Copyright © 1998 Todd C. Miller Todd.Miller@courtesan.com

-

Permission to use, copy, modify, and distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies.

-

THE SOFTWARE IS PROVIDED “AS IS†AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

-
-
-

The following notice applies to src/util/profile/argv_parse.c and -src/util/profile/argv_parse.h:

-
-

Copyright 1999 by Theodore Ts’o.

-

Permission to use, copy, modify, and distribute this software for -any purpose with or without fee is hereby granted, provided that -the above copyright notice and this permission notice appear in all -copies. THE SOFTWARE IS PROVIDED “AS IS†AND THEODORE TS’O (THE -AUTHOR) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, -INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. -IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, -INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER -RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR -IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. (Isn’t -it sick that the U.S. culture of lawsuit-happy lawyers requires -this kind of disclaimer?)

-
-
-

The following notice applies to portiions of src/lib/rpc and -src/include/gssrpc:

-
-

Copyright © 2000 The Regents of the University of Michigan. -All rights reserved.

-

Copyright © 2000 Dug Song dugsong@UMICH.EDU. -All rights reserved, all wrongs reversed.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met:

-
    -
  1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  2. -
  3. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  4. -
  5. Neither the name of the University nor the names of its -contributors may be used to endorse or promote products derived -from this software without specific prior written permission.

  6. -
-

THIS SOFTWARE IS PROVIDED “AS IS†AND ANY EXPRESS OR IMPLIED -WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR -BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-
-
-

Implementations of the MD4 algorithm are subject to the following -notice:

-
-

Copyright © 1990, RSA Data Security, Inc. All rights reserved.

-

License to copy and use this software is granted provided that -it is identified as the “RSA Data Security, Inc. MD4 Message -Digest Algorithm†in all material mentioning or referencing this -software or this function.

-

License is also granted to make and use derivative works -provided that such works are identified as “derived from the RSA -Data Security, Inc. MD4 Message Digest Algorithm†in all -material mentioning or referencing the derived work.

-

RSA Data Security, Inc. makes no representations concerning -either the merchantability of this software or the suitability -of this software for any particular purpose. It is provided “as -is†without express or implied warranty of any kind.

-

These notices must be retained in any copies of any part of this -documentation and/or software.

-
-
-

Implementations of the MD5 algorithm are subject to the following -notice:

-
-

Copyright © 1990, RSA Data Security, Inc. All rights reserved.

-

License to copy and use this software is granted provided that -it is identified as the “RSA Data Security, Inc. MD5 Message- -Digest Algorithm†in all material mentioning or referencing this -software or this function.

-

License is also granted to make and use derivative works -provided that such works are identified as “derived from the RSA -Data Security, Inc. MD5 Message-Digest Algorithm†in all -material mentioning or referencing the derived work.

-

RSA Data Security, Inc. makes no representations concerning -either the merchantability of this software or the suitability -of this software for any particular purpose. It is provided “as -is†without express or implied warranty of any kind.

-

These notices must be retained in any copies of any part of this -documentation and/or software.

-
-
-

The following notice applies to src/lib/crypto/crypto_tests/t_mddriver.c:

-
-

Copyright © 1990-2, RSA Data Security, Inc. Created 1990. All -rights reserved.

-

RSA Data Security, Inc. makes no representations concerning either -the merchantability of this software or the suitability of this -software for any particular purpose. It is provided “as is†-without express or implied warranty of any kind.

-

These notices must be retained in any copies of any part of this -documentation and/or software.

-
-
-

Portions of src/lib/krb5 are subject to the following notice:

-
-
-
Copyright © 1994 CyberSAFE Corporation.
-
Copyright 1990,1991,2007,2008 by the Massachusetts -Institute of Technology.
-
All Rights Reserved.
-
-
-

Export of this software from the United States of America may -require a specific license from the United States Government. -It is the responsibility of any person or organization contemplating -export to obtain such a license before exporting.

-
-

WITHIN THAT CONSTRAINT, permission to use, copy, modify, and -distribute this software and its documentation for any purpose and -without fee is hereby granted, provided that the above copyright -notice appear in all copies and that both that copyright notice and -this permission notice appear in supporting documentation, and that -the name of M.I.T. not be used in advertising or publicity pertaining -to distribution of the software without specific, written prior -permission. Furthermore if you modify this software you must label -your software as modified software and not distribute it in such a -fashion that it might be confused with the original M.I.T. software. -Neither M.I.T., the Open Computing Security Group, nor -CyberSAFE Corporation make any representations about the suitability of -this software for any purpose. It is provided “as is†without express -or implied warranty.

-
-
-

Portions contributed by PADL Software are subject to the following -license:

-
-

Copyright (c) 2011, PADL Software Pty Ltd. -All rights reserved.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met:

-
    -
  1. Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  2. -
  3. Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in the -documentation and/or other materials provided with the distribution.

  4. -
  5. Neither the name of PADL Software nor the names of its contributors -may be used to endorse or promote products derived from this software -without specific prior written permission.

  6. -
-

THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS “AS IS†AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE.

-
-
-

The bundled libev source code is subject to the following license:

-
-

All files in libev are Copyright (C)2007,2008,2009 Marc Alexander Lehmann.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met:

-
    -
  • Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  • -
  • Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following -disclaimer in the documentation and/or other materials provided -with the distribution.

  • -
-

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -“AS IS†AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-

Alternatively, the contents of this package may be used under the terms -of the GNU General Public License (“GPLâ€) version 2 or any later version, -in which case the provisions of the GPL are applicable instead of the -above. If you wish to allow the use of your version of this package only -under the terms of the GPL and not to allow others to use your version of -this file under the BSD license, indicate your decision by deleting the -provisions above and replace them with the notice and other provisions -required by the GPL in this and the other files of this package. If you do -not delete the provisions above, a recipient may use your version of this -file under either the BSD or the GPL.

-
-
-

Files copied from the Intel AESNI Sample Library are subject to the -following license:

-
-

Copyright © 2010, Intel Corporation -All rights reserved.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met:

-
-
    -
  • Redistributions of source code must retain the above -copyright notice, this list of conditions and the following -disclaimer.

  • -
  • Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following -disclaimer in the documentation and/or other materials -provided with the distribution.

  • -
  • Neither the name of Intel Corporation nor the names of its -contributors may be used to endorse or promote products -derived from this software without specific prior written -permission.

  • -
-
-

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND -CONTRIBUTORS “AS IS†AND ANY EXPRESS OR IMPLIED WARRANTIES, -INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS -BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR -TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF -THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE.

-
-
-

The following notice applies to -src/ccapi/common/win/OldCC/autolock.hxx:

-
-

Copyright (C) 1998 by Danilo Almeida. All rights reserved.

-

Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met:

-
    -
  • Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer.

  • -
  • Redistributions in binary form must reproduce the above copyright -notice, this list of conditions and the following disclaimer in -the documentation and/or other materials provided with the -distribution.

  • -
-

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -“AS IS†AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS -FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, -INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -OF THE POSSIBILITY OF SUCH DAMAGE.

-
-
-

The following notice applies to portions of -src/plugins/preauth/spake/edwards25519.c and -src/plugins/preauth/spake/edwards25519_tables.h:

-

The MIT License (MIT)

-

Copyright (c) 2015-2016 the fiat-crypto authors (see the AUTHORS file).

-

Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the “Softwareâ€), to -deal in the Software without restriction, including without limitation the -rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -sell copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions:

-

The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software.

-

THE SOFTWARE IS PROVIDED “AS ISâ€, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -IN THE SOFTWARE.

-
-

The following notice applies to portions of -src/plugins/preauth/spake/edwards25519.c:

-

Copyright (c) 2015-2016, Google Inc.

-

Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies.

-

THE SOFTWARE IS PROVIDED “AS IS†AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/objects.inv b/krb5-1.21.3/doc/html/objects.inv deleted file mode 100644 index 002ef306660d6b5817a87c1274c59000222c0c21..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 49033 zcmXtfV{|3o({*e+nc&8@ZCexDwmq?JJDFr++qUgwVsoN5`TgJL!(F{rpYGEKb*pym zU56N;Y;SI1>khE6bv3bdwsZ6VxSBXRS=iYEm|%zj3XXP`CPvO&09i>DfV7FDp^2lN z)7Sl<|9gfDz(~i$NXPtjN5$L(;AmoFU}0-);s~%a1vr~qH~~y8tW5x4S0g(cdq)!| zClh0Ui<5<|8Nk!p!jKNeeQlw0-Eo6siOh3bK0j;~bF+5+lG06e`18|^O460mTAHd@ zJG9dXGH|MhM9wt9B7suNhqaoqnq9umfhfEmqy}R|#)Ga+TCVEBhrk~kX~1FA`-AfJ zW>S8&t}3TaNBQTtW2&88%BM?rb&8IL8aaQ~LHp)!_kZHb8_l01ZioC!HS=e~w(T!= z6kL?ev1w-X2f}WaI6cAjv;Y zCS&h=T(Yxzz-7V$&d6_|pOo)_t*^R{` z2f|z^cnUf@UBVIlykT6I_&WlL-oT$ z88;)v&Ah&9itT}ETfI|@K6U@Vw9qO+`QMZ;Os+LQV2_2D_@(NBhXwDb#_> zL&u*d+LJ)kYY@Yc#@64|LcX4y9b?o1*k>EgX?#{lP@8w~`NkQzGQS~Sv9_#!f~Ufsdbn->~h z2h--bO#`QmP92upjy7v;Ms^<^)E(R6)R6A9WMxUm!P)lgH49C$&5ol0ZhSNz{6r-#XzdN^Yw_L%j-4aHMJH(E9JN9YmSduY=$lMI@|*sL=G zMwtm$qp`t}`srRjz?Q4DuSH{d;(QqmG5$KGjDlG=6#9SMzOyyB78&hD(ic}dy! z7(@zi=-3feK6L3lnWQ6(sg^Bs#}5tb50xO5jxc}MF{V(A?uq~r!-Z0W$)3T@HI4X7>#~T+`5vJgE;W?Z(I1~xOXV(1NkDNi!d*i z+TT!56KWB7#;m#hFUs}QF|E7+V>&KNX`~Ck329f-H&(wLWr5csJ>>I#~RZI-w9QHry9bW#uy>WnZXDX!k@(m6U^s991_I6B*P35 zf1l0ePV&AUne;j3L19M4#XvcPa!G7~3jX`}aeEq1NmJiGeace6T3{ zK^Ryp_YM^dFE$$*viqtiefrh0o(NCU)MEgt+>R2FhhnK;f(y(Of^TjV)#CN4F zPhr61F=^h&$UYi;)I9A9Mfu1+cphb*k=D`-gPAnXEQN`5>2FGcF8qTXJN1 zC{30tCe++#Y<>nz7bmN z{D8_!*P=$l7Bt!LJY&(Z2YQ~w`iEIr9(KO`9Nh{gCgoX`5Wk>6Vilxzp5MSHV7Op( zjqVDn)ofRDOdG{g9pz@+vY8*3%K#%PO6RIwSZcfZrN1` z8ktPg1R9+tEMq_zml=C_)YhXcKswTlM_HK<{T%hgw|TXBWM)aH=a>x+We=XnAN*Bf zlzx~~V$|l=dF;XA4FA9PY*+srMr1jg@1iJBrBPq(~ zVUK7e*U)JsZkzr%?#rn29uSpb7C~IWg+wShQ$z;DWplUL#9@D(WGy`BOi17k(5faEz0A<~I*0hGe&fe&tiiUFiki}4)wZ_w{8J9Z(74`Zp2 zAQh~>y`{gB(p?6p2Xp)hL|RosR8Wl=lBHnBaD6H|qS;ni)>g8$`;V^bheDA*a;x*Z z$Ol*u*ofz zvmV9*8)!7hH~!8QDez`v4tXap z{vg$E=e+Z16&UHjfxKz3`}1I(2;cibRdIMrA<|LKLo(lGf&4@Pm!g1N8S(1fePUl+ z9tFx#ow|_L#9*TX1j?yYhNh8h2dfkV6)Vs*@^^F${%cdFMoJ}eYj1-YE4BFwQcHm? z#zCM^9Koe)w+ZhIxRoN`5lY zlt4HMCxpb9J1lKoihNk>!ipxUH|T0qV^~!2AIOa?G!j}E0s?fvAfm%p;cfH;HLJ7h z{hUlZva{C0phSXnb8#bRM15ubXgFgG^Jw_T7+Ih-26hRrh4e9I#8tkaHx1 z_8`b7zpqI$-c5y%ldYjHJ4P_os zAE|gmDzmB2!c5MkYN#Hg_cFGPc~r=;lt1A-6Z)ED)o>jb0`iF!QFaJRW2(UYA5_qa z6%@52`+z6Ja@uszvoTN$ls>BH5u6)-Gf6$YeEiXIYl(341%;8bfBDD=FfYt2YHm{ zkw@j`2*C0`-s}PcKQEGcKbN>GH-!4fY;Je_xRA@+bL517yvhHSe5sVvFQkXA>GZB; zbFlD_9iryzk@NnPFCv>LZODH~V)NiDewgHM=y?<7HsB+T5BqmoJnQT+KU?w$k6A+j z2kPh`a9yKKPugj23MlriB6D1VFNWk@>nCO9DaK5Mhm#0ON0A~=k6Z~ZV!Ci^&q$qL zM(N~Qz6X{bY>*hCkLx2|8<)nllqM}U&gLIi`KcI)wFF}&LkWe}g@UKmJUZ#$Kz|1B zd-2yCR|G}PE^ln$HoS1oX;%0vkp3lYnx40)9j}u~wZ|a)llSW@0_)D*pGzOSEzLSz zXX23mvVbZO*2T2iH8l4ca-{0RD=?( zAKJV&+A6%$&iBhkJ!EB|VBw>k8Ie4MmfY2@b-sFvbd{LDxEF*q95DOo;viDrCCoGF>ldbnSkf6?X!J zHiRC)IR@wiAjSWqxA;wzE;FSOx2_J8?Mf$B^yiuYX@P%N9F%b4lg(4t@gFuB>NC6Oma*u3%?De4SDUVFItbhNiN1&FKOBvjsovsCg z+W~=K-r_D@nzd8Tk?oVy_F+5m+YtZ`60{O(>W`<|m6adQP|mNHvl+OEs1#oEqxbTO zFhjo}M1E4{C^!~#EbIrCd2>o(nWi@(EHs{T3G z$4SLAek8n`*nN&m&ap0w>Wd{MW&;7T?ONr?@3u}8D-N#>he2|Bu`7d{Q!-Eu4<82B zI#NBULbNB%98WeslrAaC#1S%X%95!hfuKP_Xn;L>$X*ySP$2tLU~SlzqbE4CD<2mu zG^o$ng!F?C1FxIw;@Z1%xtnfAN6G>|HPSOhiGr+>7(t&QI~*j{ z_?93tLhpLjInAJ!VkA?N;&@hs{?|mhD~wo)i3E>4&6sz!6=sgbWSV0L#9J9M|SCr)S%QmILU`YBabaJCDp zv`4{kHMDmvzfCiGv(Z95=-&=#x@fp3p#ly9|AMO$7=QgoPTM}o&t%VeAQ(?uEbx%& zTqqn{Vf1q*9PM$d(`yEdAIap&85yb)tyqcNklfYwjUewl(GJ)Z!bY1BW`7NY`uuG zYZMMcsCx+{CtNH z?*})~FQLmNysn$$=s=0R^+ww@LbG zcXp;lgBONq7e1m##Fl1xGEkk0K78=f_JQqQkf%X9vYe+Zo&4%K>@6E{03g5Iz+)IT z(94L(RkkQEfrXtJFoRdg#bPwx_Np`MI-D;Oo5jVKzaxRe{lMhT5^6sG%NWPTvnSd|iXg7&w-wAyPZwY5i_?&W&nK>H4z0I$&q(lM z`-av95ctXBlYe*WAhY~u@JUUg5Wd%XpCB9=uesJ zxV5TT&?){44=MN7>pXSD!sk!fRs5_(d*>_z#J?J+vkrj&I$oL(!FOaQ_ASaBww5{q z-+JHbpWp!s(uy)moH@)rTx(0(aLw-IL`Wk$YRhFwsc9+lP2PotD#)@iTv$avNnFeX;`b99=qP1X|mrIn)q(T)8^mzcf~TC zv0u%SGX1}&g%x#`9yz!TM&>XXTWoSTySEGAdW}cUY1wMWzqR`~i$QmdyvnAgVKx$)b4vm%%q+ z_dz!-P!bG7PKa3bh1zH3V{R9&$VcRwWb{!sZI&AiD|)bV^kB2|$wBdA;-bLJKWITg zb0?N4EwvXa3L1?-l3H(9y5V;7nuavJlyGxw`*iz7uuPxafKdY*rz-paaqb-uNs4;} z!cz!+{&aOSCOr^}O?qe`LMS38%WV*Kpi&dkh(A#$NG9mMZ#>6eEW)V^(iX2N0;>OD zVQ?;ZQ^_|L5n(~J_0$uAe!n{bP#rHG1DMLT!9tO0n^LfEB6k^^^(mgY)e$;rt~G^JVVQ!FkPCk#s(H1DL+ zms}?+OblV!sNt&>V&(@IY=tBhif=mbT}$@t3j)>Cpz^Xva8@jLNa z2RMV7%%qUvi3v#+vNuC`wzJoRpl5n>Dzwt*s*GjuQlx4qd9lY2a=`$O|vQCk9&&@ZZ7{7pf11(6N zo9Cvvil=Fzsy4muxh+RAgAbyU5ePbvlO)&#rkzmBWJb{|42AYLB6Zw5upI+D;1{i6 z|1dEzX(oX77#ARsqnj71@-Iydagbp&p|-m8!d55{c0WH7=P`#6GO!MXiGmVO?&yOc z4$Y{AjFCbN&Kh8jpXZ+x<)jLj&jzp->h#?kMwBjB3R|$yE2SZMks)yb(Ka9cEq?(! z%R2y8yg9Jz!;F{Jd3obC&&kKY)2w^$a!x@(QnduEcowx6RT}r0_mpJjIj6Kap_R`Y zU12fR4rc=5Q3~i!0B8lcN~TE3kW6=fp zQUbfvhZq)bcActLVeU+^|LzC(K7cI#ZZo;4_Y%pW=J%F=VW(z2r%2bVIz3wam z{cuQe1=(5*xISoTTpmM8LLK5AH|~Tg<6oBuA~S^*ht^_!QU{9xo&!*1g_kMDPk3gf zYYV!rH*EMhrcpwFaI2y{uhebMm=5OA8{kAk&6!eo!S9rrw)HPFB5miv(QfghrKy4J z6%WbWxO8}32os|1vp=wvCJ7p$#5bS4nG8;gXl7uO!o5agO+kvZi}Gxs3`wYcf?g?jATOXG;5aoUVEgxK_V}e#PAD4P zw)R)D*gVV<;FcUf0ch1X12o?~QQVIh)zZW&I7IwyxDxtCzT#=PT%%EvwFzTl>5o|f zF&xnxpu{dQwh&VPv^Q9kx`u##FgTAff4gOp_N&LpYyP2Od%vA$1D2^Cr z{y9?)D?;=Y#|Dx}FrTxi$|?|!Quh$X2wRhlDv!PDElBO+gHcf8@P5Q&ff2 zt^*0C_`O6&)8t8iAP^%S7)#KNh_w0yHc7hbxQMWKe{Ey0NMOd7-qtp6{*{g9lA5Rq z1@&>yKsovkZ7GdA$MlJ=L$ZcP;8=^~kX8SDVC&aGHTCETuI81e^u_!}i8SXFd@O_t z4hXW6>Zx&KOBmz4{Cv@Dgr=Uovj(e0B2Y5>==?Qq{BN*~!F`oLhnxJ{`re-}Ll5YQ zj8BKcO;%%;8ke{5Wc**$1`{X$JB#iOuq#C{bPpe&5c}S_< zp+zWxGy84sPBga7!YGe0!#we`m|w`7z=k_+(NnaPav1h1KwtG z6Y9bIzv-5u4#^$DD5*?@93CmW)R11nd)Ha*PM+gkOi^>++amJmn< zwj-w>>;(j1ki{X-6v~iJ_DZ1kOvJTMZ0WIRcZsWESAWXAkLA+$(Ib6V^)j&HdtO(P z3HEZ)vXxgYCYLK0P6WA=)3?Smzm=JMhpP-Pl}Q6v0iE6MghJ)OIT5V1fhFVs2^dl^ z{D&WGAe3ap>ZP#T1Yep^0b_0=EcAa0g(P-P&!Y;<;XCu6eWMqkR#Pn`Zhm}_SYv+b z#s<^9;zsu`NdUxzOwRC?3$V)eJ63iAo9Q z^T~S&Xjt0M_P+`Ye@al%E1zGk+mAi5O#UueJiOKfQ#5(-Lkw&!uF}~Z1$i=qF0uJh zq&n?1Af{WMmk3=rs;ZTMxEwm_$V^|;j{yGd-T7r#|CF6=GStJ9lLoTd=3SC~xyoA3 zi%L@VRWM9?4Y)q99t*S` zJ!`g_Bq}`r@voT*@20zlsY;3|GgCv-)iL$gbJT}X4fns(h3Lc(h&uhui#)W^kX#;V zAQ)1BRq%etVuJrjb&?szc}$fJ6?&=!m2k}UVQJ34gFTqW9zQ(74k!HLBP>^-vU~SM*LG*WZrow)SqR-2%!^7t&M#lR4SmCo#Y7<^;HG=Rx3wR zd;vIp0tE5GJ|f?eNNn4{$W4G$UtJz1q|A53QQeh35s}HOS_jGWn?Rdl`v8zOvj`~1 z!OL+Afk$`RX*&386cHZN<_{zaF(7%J2>zvXY_9YYR%$FNFjMWKm1rg80ns4JCI1@< z{N?Z%G@&^m@LuI!pYl1MxQ$QF-SqR%-6&0Jw>keka>HWyu|QzNF9nGaMp`B}4q_hM z{Qhz(ssD^Tb3k_D6cBZ`@9~18H@p*92l`xuVyzoOVZ^+o=rJ*Ikf0qE+f78s9DbAW zMM5}Hgbsz?!#VnYF}TP#D@l|h4Tcg$glZ8Y__rF6Cn~ph=lUeiRibtmu$u#P!SH8c zpy~+`=~6=H6-7$c5vTSvE3{&Tjn&SHO_;4UF&zG+<<9XWu`h{SxFtf5?9PZ3PEmjF z;eLI^Gkh^eQ&Oa#Zy_LkTDA?LOfp_l({$hCaZ>a$J5gCk)!{;Iy$@Hpox$|rBXa%I zat1CMU?dz1P7tl;?Vr7coROGa7vt!9q@zrKceEP}R&-xYlL!9JOths(cTS&HnF#OBrP@UAyB@R;1~a>9dK@0fxYgTc&7>cCxR zhUx@VDQ!tM?eq*!AkW&fxYZi`f$!sla6_h1tXaRy3LJ{h-SR?K7I1$?J5Zpy`cx5g2GHo}M!R)yMyYx2_Vz#G#3nO%O{tSX_%sv_>MbalFGnkXY@xZEE z<0c#}CKh}p7{pNDsr{JL`%C{U_BL*0d~ori4KwlXvQz=Yt`BVKRk%6>Rf&x_uy*h zSH-trQ`~D`G`FZ%rK-pZL$W^loZQ@My%43NYP&Qo(6iHY;{l3|C@_jTI~oW zo+*v1P$(zNCSTcVjRY$7MV3TaYIfQhf)_0Ha`WVOed6_gG*WL_CSwXd0xK5yyqeTO z$9g^VbRJo7LTdkVIZ7$g%$ZdrN2T+i$1bYpp)Z2VB6q7`wss0Ds+{BXm6o`k&p}> z$ecqPFk>?NZATP>$7DXehZn8Hp*(KsC&;6Y&-@1ug0f>0-BE~$!-wf&ThpI?9!K_$ zO7tbah7nx(zhT%G`n!3|8@?j-VaT+5C&amf&Y>LcpcZBX$xdkDxGv)YWfDY$({R|r zq-46!bZ=AOxQHmnN9Q1+x!YU*g^rbpf&^i3$pppD$t_GrUc#S;S}=Rbzh-9sX_&UL z@ndz*z|#3_q)I4^l5y@tgi=x7OtK6ZnxwpuFr2Eo#)M8>$figM$qEXauh^C(PGL$%EiHmgU#-7E?r;917kuH`sRDUF^} zcm6oRkUgG?HzpB!-jFMrjA(2Vad92b9&)T_nc##{$NYlEPAN@lLFh zdQmL}lcH<)D1oNZlys`V2X)|q62pIGKir(+c`~rUlu@XGfkHZ|l}P);A5`4z6qdEp zUN1?TYEW^rE25SWm4|;d4E@Elpu{_@8Lj+Tw4ls}DF<@0t+g7KYy!3n{om}5E5-g? z$7Ae47XfJUULOnIp4KnT-;CIaFi6HwCDZwn~l(0o-d|Wo2AK#nrm4I!rl1%9O2PJ*GfW%iWc4hFSM!9Fbo5 z^=PF*LzkDE0K$B3mRmO`<6hdgKp}doiz`WDg$K#;9 zDZ>RSe5-}yJ8TsnU-fX4K$~QQ4b*J9gk=m(=2c?wr&c7ZyCTO1AWh_%;K04|ZScs8 zj>Zwg2mXO9HLrUmW%DbpC9qIyK4jOvn877-ujc=&DvFf>QA?Q3@S{^qu7FrJQ2u}@ znnLby&2CZtqLu(E>TWArXMfIE3-;ktg%C(kbh zqGyjd_C_g1;gXDC-^2hXg66rOFcqCvxweIJ5jb))SCWCB=Mq3~0W~OeDyU0VP&G8b zheX2)rI7cwZeuEQu&Q5JTN;%x4dE1T<3cx$Oo1{ME2glB{?S8<(~D^x;2QwT{BX{Q zs=REJUm5}p@+wesZ!h3KXWQRXFt;>kpxEx%N@qIx^I%u>OWIjD=#Qk45snA<<1n_A zFmO=b+E+gxuoXhf(GzJLUw^dP%;Q^d_F`v>DqR2x$^(uEEHj9B(fno?-?fae-B$7L zIHYiXgSnS+#E-G7C#6|oIL~*V&zakw4E|0v8p>x*RO}GM8ol=}IDS(UQ7XWk0z0i= zqp#A63!bqm%Bms=k5PvX*ehJWE(X|B!h)I44CJ6dXRhcG8K8Q}qFDn5j9NM)n=j!Y zl!-P>15{tr^n#LfiOFt@7m_TJELhEP%rqx6hSGoTmpG7hS%($1%YH;<0xwtx{O04c z8k7*U&VY{`a{Jf#jXc9fyVz3_ch_`uZW0ZLOGs0EQpAB!Ywd*D5dh))&iHrmdQ8D* ziNA8xA;zjgp;Q?Nkg){-g)&l= zmE5=s`wXmVcQHpC=WTfm__xwzjZRNp6wB{65GI0oc^MDn_B=biH)i?=<#FV3rBtNg z2sBmhe9EN!{%~%^OVsMxl?VK?nAr?6Kr2oe?nPtW4lGJZKTv%|cY!OPW<|ltFmO!J z`R{wKCJ#PP7G0S%Cu3K_;(l6B(vq{=J4w2uJDBANg*sgxBV*{Tg#zSrdcdJar{Zb| zQ_Ae?9o!(uo|s?y^v$vZ$X!?aq{j21;Ce*qt9+g0uqgpq)^%ls^h9@IBK6OS?ePJ{OQKE$Fmy-@NkSd3I(~13B2NQ+wd%@=#IfFzE_~ z(msnEK!SMKr|X3YsiKx>a$32_2^5+j0kI!S;=uhln$q}nBm^-`>`is>m|Lbb;tJ)_oxS~MYG_Ap zcJjZ^S=dULl}!t*^EPPomc^-!zi0<)SYpYIXoN9j<)x+lat>a%)+{p<eL(~9ws>RjHY4ghooVeC(5_<|Ig2B#+s2SQ7|Kp(oA`L zv79^mv>mfVwb!`+onDaIl_d*ix>J}4lC5mxR5#woSQ^fn-hcRv13B*CouTmSznZzVl<^W4xr7W^6ZTo!Q8RBY^23iIrfMp$*$_+5?G`P_AVCEm zDO|oK_urRVtVA+BvUzWJoC>hhqgpI##2)P^sF)!5ssi%0a_~ISrf2sC&fKlW<1+9i ztN!o@+Dq-lJ*Y68Kg6R{E|vy}CkMRA3+ZNj)1nrZ7+?9}Dv8q9f(tx8V4QYCW1Bm; zt9XSg-!a5vxJ3sT5R7yNjl&6iRRxWRp8ClX7U<+MghzPB_K`51{hsbe0mAV+KdNOxAPQ%#8+kZ(pDECsj9Eofy-9xW zT%CX!Cu%u4LT;x$eN~M)0fTGuMLQke4rmbJe14k^F)E~`ez%LyBL#qXp9 zzVFXRZ6*Wz(gnjL0q2SwVL>`wo{GN5KHfa&77iidbtjA%(&{uCi3L_nF9VLnH`VP? z-3td>;SxVs*4jwRc*ot=ex@C3fxuFIYSG;xxb#3^U~cLN?!j-imHXeqFrA;|#C*AP zkFJmtq+a4~e?fbRvQUKXF&B_U;n{em(|o8yZoiByS)4B+_eg4#m@BqE7ebWi6XtJ9 zU3!8U*;nElmR%QTXL~t-lGV52$22Q7KR*s>O_p3DxQ|X?C_gznI^o)dpOcyEEI=i3 zi9{iMlhzc4G!)|OxuO(E8c+A9iaen>$PfqJ!R!{Stw~rX%A5<#P>x3~1_TcmYDq*F~27uJA z%W2om6^2Ydqx!iUcTOK>f1-AQ(7AlOi(GafjW2}cCiloo$(XK!|994*5n)r-4z>K% zZUtk%(+|u_G=5Jk20~HwXN4{DtMU%{`6-^9^fRrZ%G7CBFS9?+MkQ_`i z$C_jE1%750;+9>6jd3c@ao#YTwZHm)N*IkFFI>a(UyCxU%LXblEtbN6n1QDcZxqR#dPZ5^yC z;Hv71PX3Cnx|+zJj~(-6zqDPxlmP3YI+t!=G9+7D#kh^u3iI#$9+8$d4Tg;8%LW~-|w!;y#tbn<@gcLW9!-Fj%R zlk%TZeWt#E$BR||?L6RC#vn)ET8`HjI9TF8gjsqmd$E7{O-h^1?5g=U4Uuj5=^yt} z=LzaQ-_%?^YXN8|I}ru|H1r)DQ+@5D68 z683?9VL^4&{gKDOn(CDwffYT5kB>-87kfz#A7Q~tN5CYyeIhKEd*W~5A&<&H;Z+yp zxor3o>J+xzhT7WMqkIivv*%HbXP%p|fnr&TG`|x_P$~W5BKf7|kPo5^6&D%PC0;rh~XN!pH(hm3UQe{hjKIXW~hH%qKwYtkQ_3|}$F#8i8=J-_{lt7Ug|b$IxJp!Ni{ zvzhZDH(-Ph++kh;>k)M0n+N&d^kxziGLNg>P$5six1--ueCFr%81hq*6%r_VbbwgW z2yu+4ov*WnupnBF?l%Rp($E<`-BxMEliG5(-fmvfP1x3oxkxKBvye%Q_fRtR{bD)NJ03CY# zIyLfKy3n6*?(Y@>;EfyF2ixk=L(SBkjp6;&y{iwyvCC><@w7dH!tL)bu_7JrJLpZEFpT4ZN2d0 z@c<%_1di}ZuXd|@Z3~v>31m-KzZDaSomv*dwUj1ws@_WFX9m75595TV2VQ3GwTFj; z$Fq)Zc0J}1o?`XxNx#{)`s@|sNPnn!7JV4UtNPYQFP}C4+->30je%~L$<6KVUh{kf zH%#Txk!V+&@yScvyQ_oO%VWY5o}8p2$jfVsd!c))x_3lZ0@qQf=r$-_I}+Ro_Boh`Kp7x z&;lmagB9(O{OZdO8KmKzoz*ihFs))(mvsCkc}~qpx7d`#ueg=SEnk9%~S&o0|o;!@8~ zzJ%82-VP)4ef;gBoj6mr*>1h77rE?i%judvPJ~Ak3KCUXK zO3z>neytq5-7TcQq)LHK;VbA<)vm&7#;EC&667D%0Q!l>hR%ku z9e-9ADt@Y3?ll~~U+CFosGkXe{HMS!l@`|iEljL~$D!fd9lUO6Loj0vSJ9u~-mY;z zTDk3;tGn}Cgv9kP@*q|;4tIRKCf6MJ3TRrq?lM+z^UZ31@9pUR{{f^xTfgoXBJAks zMZdYpKI?Mx?~x=1Dmls#0oQC{yT(~!>-`U3^ zK2Mo71-$nOV!mas#|7@w7IqAxTd-+>34R`jjT%NwaxcxaPdMsBT1E1^T%^i9c%j4WT2tW7*u&?iK`jtmSbj>q>fAd~^!@U24h(7oQuopjm;-kF(DF?GywLy)( zM-T{nDY*t>gg8$>>aTNZ6vGH;zPsDgv-g+hlNc37gp;sh%;)N3SlqByn}RDGd}w#? zjIONMjEb8)j6t9ov9pyCgfQQ);)s_hm={*{jUYX}h^sk%!9krt_d zrw5-Lsiu>Kdc}vcSli1!S{D~`Bf{kks@Oc9ApZDRtffcw+&!Ky{>KGXx9$B7_N9A;TjH#n14y^OWxt?48AoFnwVQKS*-^0QG#rmfI(&oKX8N zEn^qu_lpl72sneeizJqf5rfC{u`qA=X(4xax0gSEy1Q7gvUq!qKn1)2TsgeY{&RZy zae+iNeEgUMotg)Pcgs4)SNt_bO1$j`Adic`D8QB%i2K{+*##|E4Ie)yN$21J;EA>0 zgeAg`4}kgM`W-DRM+X3n56>=syQPY>-2h}YYKHpqG3)^>aX1-Sq~!(R$^m>TuH^;b ze!98J&aX%{Nq2D&}6rOe|3I&DiHtII#In>rvj53)M)6InSd zpBUzw6wo&?D&MAuT&`<*c<>05M7E0;5j(zQd3f>oOg0IQJHTjsx!~K|>yKhv!Z~(N zi{BY$K@Kix)-Vo!*QM#;L1SMS39XCa=10D{yy9kL=+V!Qjh{4gonTb{hQn_Qcb)vG zWUZQ$2bC}xYP z>;vhXh~xYW!T{XE#%(*z8A4;FIfUpMz4{dPM0itZ5?%w`K5({_qqBDy{a-P}F5tiiqa@`|LSJ&D3#oJ^i z-964Ufd#{$w(KU;82(u%NQc^XNd=Z(HZJnT=Dx#3 zq-8(fo?e~(!aHb~j;Q0~V4nRZ7IXc~UZm{5d_5Bi)^+nCFWz6?5LQ=#eh#+kn_z3M z>ENL8?%nytt@v{1E29?db;Y{BXLo#n00kdJAn@H?zrUEuC@>J5R~LWWv4179DQ^VN z;)1ng{0yM<%+w*mjMujxPx%2rH@}=-efoHDi`rNc#lUc$v+n0d)F)@i9mDj?#UG~= z*)#|*qZ-GNB_M)It^gN%0y}V+z`|kG7+4KyENqRn9pS?#d z@S(tYm5A{>K08dU&bnh9o$!JUcq4d3P9(AjUyFlpib23}Gsp8|_VLr=jt{`8nJ)I* zISLH)1n?IZSLfO^8Xn$t1klB&@##4qKEw^PxlR`9-C4$(5Z0e~!|3B@aYHUX#QqFJ z3S{r&!xR;Y0w^4UXc=og&+f>W(#?l_xyX4~?&;;%mf^Cx(H3 zK5Q}hN&yuPK{R?9X>Km^)iru&q-O2nT;H$?`{8#aknv z*NFS^^bh`;yF2|^M&gIqCm7(Mp)D@Xvh&N^pJQDZ&Cv4xjrBa^d1jc72z*XYrug*j zf=hcB8@YfyAiS$`i;27o#W4qvZZ8N0*jqz5s8it_a~SDQJj$Og0`f)_$J|BgkD9!>{&0Err(8&h z&2-pz%P^eJ%fT(H zvdfCDMZxvPCJJY1yEuTfvwU|=SuNR z|Az4VX8SBLPFn4Jz5c0OvFI+l=fD2+x0AM8{nsY{Tx?EW{cy5xi{>Bv|9FMEFCYFf z+Dd@&->-f;(U3UmrhX_Z45TpZ@x(tQnE3NA`RC6~@l@trSyv|1=e#YK|6oZivirK( z=0gQN)m&Q6xH>7TlkTx>PgeDEzhxR3Y`yOU9{Y)-i5~>Q$yr@>P5F7>mDR&ZS2NGz zkdTQ?KYW6Mbm2T+~XDVI9;uH7>a+FyL{8~h+G%X9Sge=n?FgH zIv@zO(q_H-3;~wx#hPz6;~Tzrc*Pxta9+sUp1l(`5(Kw z>9A#Zek(sG*&jFB@&)I?$gq6O>y`+A_RHz@!oe25j=-zcjtF~xe&c|$-$ux?DyTVe zd3E9D0{_uO{Z|6)zd+o7X~4ULqPx5S3r_y5VYjbDq*Bor@&+6iUp>$nYBKmWfO|bc zvW)&*lB11f>d%)zys6(u_-_>z`j0CYmi_h@uz@J6Rq@SuEqblwyYh6b?feDJ+Nt`X z$+s;Gzy7Ihp4fYJ6Qvj|CC%{9zeL-$IJDgep2%N9&?_YBN(Wqd5Lc`Vwpr!743`sz zxxzPo3((*hEbss>E8<-olUpe~{$~Jdg#%k@XsZAm>o(#5nV|;B{^bE>J!bwD9L1D& z3R3>VgV^DUrPIo!^A|`fI}cGjWhVjEKL*67yjm73fBn~=_cdSs#@_I|a@pEQP0^LC zU-9s2RkQ&>-Av-%s$WjdFNQ`+>mmVIb_eR@l>JgJ)hB~|&?D`;$BZR{KdqrGGoC9n z_8b4KQGmnK9`kd)T<>?;W8HQxp!QIr{VaZHPwIOnZMkoX6aK8n;vYrXeYq*TO|fk; ze6p~Qsl952-}1*UB5##`%JStVh&ot}P1#Sc**^ii)lz)Lh2fM@-?l7Y^M3(gYTPD* z)?1C$%)#UBq6dUOGBb<^+R!)sT6T{o*Sn(naDIAo!i(-zF|^`+$JK@IpGf5M-Yz#@ zjXla|{u&3OSUs>X#BaT8x#U23^9*I9zp#R z33yR0o9CT~E?rYmJ!MaMQ|6yHFoyQH2YM=-y5gVDC&MF!#%qEa7jUt(hZ5-*Ug4H{ z;P)_Hw*$n8pOx#~-OYmcRlYrg2%fs9Rk*jT^)SD5{$hL}LC)fVbib7Ukk$2JU#<$% zJ(G=E^W?=DEF>V`2X3@`3!~lZotB%DWqj*LRR)Gi9!2a8GUOEhx8Re;C#=W$$UZP^ zF7Tyke?RIR@6XSA4AwbY+XFQE0~O`VWxZzt)Q`%y?ttpgew03Z728cySJ948KggzXm{E#tZWquukiK0%~-ntWRm_= zqWmU*Ibq?^w^+mbD?Tv6MgsvR$+Z};7_=z(Z-f0SWq;cL zpaSGC`R-M{>)Ka^`YL>2`5-bB`S~WU>0bEnr}i2Q%-empXCKc^@nv7)N8uFg$4_^k z#FBRN7Cq17fs;5Mr_h}7IP3QTe%}_aTK-;R*|;vAX)I#h;l+Y4`PUa7dLEmc`_E}~ z#!m3?!< zf8s4^z8P@ji{O#z-4p>}uTFShoX;Jf%^Pd|(NE)}*RbqF1v^Y+aZ>65tG)L*l&MZV6&M_(ORX?y5G9WaDl zPH%SEvzmox!#;<^GxmYTUrqn}fBr94uNd9E0$?QQ{lMi$#C(E z`m{5;^s*Ys@n`|$6FGD{(Jd9=W5{$7na-d0wkU9H~Zq`zNxo;$c|mALX58P z>NX5U#pSc_5Z-tY)JqRoyh1azs~=~Q&WANT2q|KE9*T;$Wi4J)?*Zu=(3rM&MOCnmMW&BEJ?VvMO)AgQoIj{oKC(8ot(WVf ziwkCN+pL?V(v&hsvi=iQL! zWBAH!J`w9y+GLgEKt|or)asr-)dsq*UQ{&WX<`EIH~9lCn}vr*utd{^%3o9@PpX9- z`#dHIW%eGK9Ldg2_07-My?}XnlD9ks#q(!A6o`|Xt*L^uwO=wrql!kz6dj1R_)_h+ zp9@+Do30+=7QUSVHJ@I5+4HaN6J<3iEn*-gAtAyqm`IL}hqnl6ii0jH;7Uh%Zn@EFMYTHOitaQ3#G%-LGJXCVFbyuWS zOUu`rD3ifW7k@ri%~WhDkv2MpQ-Z9VZBeZfbc}8u6&kMFO7q1%Ge*bAMGSV`F`5qW zeG^VeOuIAp6}5&`3Kafj%s%IM@44cOuf=dEUz4vSY0D`H;>su1)28&~G$)_b9+NB1 z_if=6Kl_m9KeI38M^V*TqGDRx^ge!z>EpLhAAeEsQ3$t(UslvOkUK2CWCBR+fgs5@ zTz&FQd?kMnFMd?Q$=ZqECT-x`q}9Gn7U~;H_KA2{t44VIBuvU`VjsT^^zmD*k1xYP zb@2IDlu$RNlh4rkQeT=@;o;FL(UevvTlv%e`!6YDsU5vG)X{78j$R)MMjtOtV?qzF zjrH(ayN5UGwR%IYW;tDlf8VvKox3*Pxoh3d9U&zMe&r*!Hwk}NY2d#XdCe zaau-ocEz(3;o_4pbVJoH-nb6S!w_SmjfzCiOa55j4;{sRV$-qdLz zY13Jn#{6Wvte>dLxsPAHK;%;~V6S*Hz^d>K_e`B?}$)COISA}3hXjYbn(%zftJ6C^-oKTmFM-~Qizu_~Go zDwU-nulHuU)H?IY<*Xo)<*Zpl!uoPH#LZRCJqNm7G95s@W6N|VU&DQK!`@~>yz&ib z;*An|MUUfQt1{56RXtWq*m_m*Y2!?cz#s&T#)cLRW1N822X}bi<%usk-aLynCri-{ z`~2Jkh_!yg@~{3fz5kXi@87W3>UOt5iPh~*y#|t2pkh zMm3?&^Oc33Tv@&=b~};0P&Yt!kfP?^NLqGjJ+k449I<@OL%d%}IhLi$(2F(jJhcd?@A)f{Z8Iu=5uF!yRx zV14Jx-S2~UGjxKuMsG+hL=%RlYJM(<_$rX!y%oAY#IX843MvW8*cRSnjB>}Wo4KG* zeK>x8?gCBIHeVM*P9TIC_J%eSNvrT$u@m1g1|;&0==k_W+FeLZXt6287a#j|=qq~E z2gNt68LPJ$X3)U#aD{7V#zG$vgkrnK&{>zJdT???pH|g5#=pu<2ScfarB^F8+s7ic z?~T{Xjvtog)z#c%#5DJ&0_LUXkCQpOw%D)gS1OOf6@-BivSl!~1!>vQFKVjy9q+P^ z)z_58=SSp0K;l~w-_YPY-cXNQ>uL`f2;`UQ;u^hduObz<{LmLxshWC+sSU1^q0@aF zVHY(>#v7hpbAs4)%t(gCGN*3oc{BPz;>M>D>b59Wcv5Z+(ed9SMC{`o*Ag1`5Sc=X zwSvQpvMPzd8r`K@jfxj(*c&2EBxAL;THX5Bb}v@E@A9_&S~sh|$#vJEHrfEqc<+NX zwfw{qs#M+AFWX=UB%uXUp?XKGkr!LIHzxw9==ezoz63t84)=;MdFyx>iLudG5`HV1 z^8T5%y?Li~lbk+jej=`RMD<)5VT+V4=*`<+G0{5a)aZY3*D zmbf4-suk;Rec>zXFua<%$*<$c%3QXh+OkHmP)Ggnm6{?Cc1^uhN3%Eq#5b8$7)$X$|tXC2-7+XqDsD*n%t=<#jdg`4TDHlK1#BA&G zrlWMH4F^k^fyLC_G=*F*P-|W3%`-nUV0FT(4Quc;rPKoFv4gJFqqVJhKpEmuufSAM za#cyzvg(B!YcM@5aVDDhK9j3V3w>VMso|olBYjz<31|P28=MEP7E(E=`^ZnLg9M3F zLCP&Z%~I{HtecavlN0swKm)HjW|A%UOUbEhn*6kJ?V82Sy_9GtYGJ z3FKI2Eh;-X+|SQjk==w*BcHLa>aUfPkQS%=TSpcCt@A6F>vj7cy!f}1!DVHoAt>}Q z=PzEq0KCE~)msXy-p^lM%zT>9?}&jMH*+dHSYTCCdapkhom8YfLDc_J&FmNzdV2T%*EX7uy{l zw&z_D6$|3LATeMn7BO>2)q7`=)$o$yo+0sk7#p{^TDP`^_rLpyc3-o8p>UjMG&X27 zjA6Wm^>}%=VpxRCN>LQIST4}?hbL(T?aPXO>W5EgAzGvu;-#|O8Th#~E9&tO!iVXjLw zafadXN=>Nf=YIvI?7PR|%*nVCW$g&*QFI;bx4J3+t&UU_%TE0}KL!~5i7l=RB+EFX zMNJ_Ln}>9=$Pk~Hia<{{>DIO?b9L7!NJGbH88&cYq^Ov*l_(5b2y$;IWs(P+;en=i zX|wGD8^bbItjzl zhPkcFIz3e6Q*^k5JF+%vT_9_^w6&=ff)(fkZn&DQievor;DrCKfIDx`tgkc%Gav~wJXNm`=oyH!EU;| zBlO2?2ZPAMGJ0Z7!H*k$l9v^#(X@DftdO-2yN1U!*R+`rJX}?3Y;y_QuWnRmxZ9=FFF{z`cZ+W95(K_l`VBoSYET2Dmc7YkAnDQPEY+2vCucs{H|eI# z+t*Qn$SUG^z#@T4;*lAyA>Vd+wGy`i;WE&)*R@$l;vAc*u2`>DP2u&A{(iEn+qV3? z>G%6d=AwBjm%f(&zGT?wF9gF{(`cd$tDW4MqgIBsel=zLh+0-UnwmP)k3oFGW&_8= zWgDM)Ncn~|{P&<~uG5(~{b;0^VvvPbH}WD}^!K5J++|I%<8^?qV(pLuO(#dDg=rrJ z>rjUKClV7KrMk7FOpnq&|9IB%K6cKk&qF0{Jkv7KJkBc6HyH@b;t$%qzp(Uf85d;WU3^h%Tk?PcH5tgg_7X@8FyXXtQ%8vK*Hp+K z+)ed-5?@;X^>4gqFMi}FP4V|vB+E!+aIOoeSs#Nlwf7Gm)NU!Ws14_^ZgH6*AxKAi zTd{_u*RE}`tsCeB11@y*39Cep4jR_BLVa{lZd=i8S$3Cy7CQ)^ z>C#BPo+;S!RLANDlOZHdOPXSh=x9S&8;cc4D$HCtQK_!+MPQvG05 z7uCV(HxP#ubq^h-*D#pdx<(wZzc(%=7-BEjf+L4PHCso}Fa)YHDmdOLT=o^emyGqy zP$L_zi!H&#bBc_8De_APt8O^^1QA7FSCk^tt#x$<$}sVMUpHU#hR@L4y}J{A7&%(Z zuhqK!`PJF&#d-f8@yHX~C$yDgF@cu7CecRfMOONr(qNHV2<)waS(gNQ`E|+XH~~-n zjzX%2-Z3DfH}NZ>^)DR{i`(g48jHD&K4zeJXni2Z!_wsRfclkJe;tMo`zgr3*>jNc zFur;f3T$y7YF1YFHBRbaZtEOz^o&!z-@l)<`KA-KuYI#t+ponO>HG7ufVz8iY&NBX z=JB)i0v3K5M0PK!**WY>a#+D7pU5kSW#Nf?>ixRPD(lvr+|w?59w>dTo2An=z-d6Q zf%7>Abo3@TB`s#S7;*|IXuX5R(z3sFlvWg$m&0$Ps=z7TJ57!A`9!DkHA-&1>*Q&& zRKKZ%;r~R-;F~G>J2}OSdrj8L$slf;()-aeoz2-`A zeoEqYmmI?|8X^y16?Se&vsb;@D`hr!p2!~Nl)5}3#M7>^_4SyqU{^ym=BVwgsrO)mTTnN~9gfOtAbuCeKnr=LUH%jQa9y`S3nj0o{GYHVX7)q$CZOyw?5 zP2Db!r)nqWw-@`}Zu30uS+4os^TJw=Gi#dow*4>rBE3JLL10oj^6_ukb}a{Q&d
h|auh;-_VDoWjgoW0+}I*s4TDUIp? zfJtJ{1vRMS)47{dF|5uq_C7h0BSJit8k=^$fto=Q4_P|+W3iZg)?~K3x>_ODe8&JV ziR`(I>&W^a`^myNlP5;96H~^0v>-yTXAJ;%T);aK&5$%Om8ussT5r7s6e;7E+gcs=HLn(u~gBkF%S8hTp`e(5ERuW z+G4(R5;gtpcv$L8G$l{{sMn!>_N|Xl?MQ*qDxg}PFO)U-&a>fRsW#D!1F+3|J>@=7 z6_MhEBY8{kiZu!aYb-(;&0CbLzQ1oVho##NmS6+RJo8gDT>YaVM)`@$(NO4TyeYw8 z`B*w_L=_Oj&+egCs#oh#DVsm!`eof%(`8`jhrAJ1FzXoTMh9~8=+c{^puVAnAI}Nv zkwePG3j{T1W!XD=MZra(CPQy?*oWjL~T zC?CwC9W`5N*~5wjlHOSK?Soj!A;L#q)aa;O48KM8s-Twb$oo|QCRyV{gVmEP~=^eXRhjoj~l9GB_Nk&3R^k>oRbk8X}+ z9{|Ril74J#l3Mf%cf;CNs;_X@kI!XYT-Hf{w$_b@^bq!*TK2Z4*uGPFQ(v*%HwCSG zW%}5(79z4UQ&*d3>zj*rXuL(&s*^tnYt#WBT|0p2-n%zG6IX=TABo{b$0c9pde7d6 z`3AYP&+#w?TWG_vXmTZ=yjnt>&HDcK=by6Mi?sfzl&-&07k7c?YJ}=*F601H%s5Y`FhO zUEC~o`SVXe{$M=wA##??8hswf8aNSTO}`Df-sSv2YWDlzVv-*o0Jzdcypb`_^VKB`d zZF-kMJNug-*3_RSdbXH4?^Q;<8EqZ78Eu_#Ga4rMQtn1uNA5;j&wDo- zA{nb?#`jcWxBpr8x^xSPe>bv!%2fv1c|vmafqaejq|7c4wNb0#&NzZh!^0A4qUrJA z6N{DF4cDV0YLsTI3)C_A5anv6HYLcPh6^7<+b9@_y#5V+v6BpaME=VYwuMNYxkN6`{trCR|5A#a2&){YSPT& zx35xDgLAPmpj@S9nw$LARcg1aLCpJb;5vfm=dZi|2n=LZ9j#3jr6u=GrGj#>oL1IsA+3F1kLZMhDTl*+>mF59290 zPNuj{3Y~$vy)92e8gHgbsCC%;s76y;$#5T)ta7q_RbzJu0kqq8YzI?}bKA~>{~*e1 zxV2JUSS4@FGY=67#QvU@c#Zg0mUg--b=-MHlhgB8@6XRJ<#Y5o$J@MVAM*|A zmbtD>dJCBy~%DbZczN$3NaHrnmRg!KVFL{ob$7bliQoKkghK{O4|h|>{;!hF>a9P!_HG>ch%tU}zvX~P;&?K?M z`j8v;f+{x!Yi&+DRm=&jR6M!v!6wdC8Ic`sl}lDtwHG5F+z00Mstuj zQ%i3=BjBnMj_Zd*Cya?$z>P4CriQA)-?&;t9p5*8&IuDa4lew(l|A9<&XEDR`P+5? z)s9=cQ#6YuEE3!!n)S^1SSRi9Hqc9#526mQOZND_{Kf^#BVvu-xcqhqoZdF1?hR^3 znrUu`G;oX@wz5{VIr{MTusf}L%)984tKoUJtheIkQ?%&b1JXU9sp)WWr7HU-9SmBm zo-D7Pk&D3sz9EeogIDbdYY%I6m?k&mu5}f-h{I(;Ry^1*s9&pwpmurt_;{LSxYE^2 zep(V{tW&c!^bNmyDcCE$XfoE?vZ{t)(acRE9Yu#yy9L>gN^ z+N^LlW-B`#d8OTY&$@~Hi}Y!n3r8N3+N_WxCB31kU>GUsul5qWnBfs|E)ilVLfM(L z{ZPb>j3fM51oOp=MMyJ~Q;kL3s7~GLq+du#7>bZEsG*3_)REB-Mc||$Mj{047o4Oo zwwy0fDZj>Z1@)=lI16N(ab;{D3dk>gF~x%3++bMi{07QU6SbWTypPCNpw)S^lINoM z1#PzI7p!4z3er&Y=3cBdVh_au=BU?fQ!JnO_%K3@G&FQ5Upe;ur0?mMdqCy21bok3 zS1;>LL<8@Ui*3wUExiMvX~4p2lP|~KOPqqsCsVwV)hPz@gZ?q!Y>MguQ>37ukpLLk zp2r-Y$lE@|5c)&;R8%KouZKE$z&vsxy!C3N=Cc7=57QD-Wjcb%vangYKJZQMT<9QN z9<$ru3%E*8NZswmJj9J?g`B|z0UY|_{c^a;x$ngEH_F<3(L}(9n5=m8xeQ|mKIAn%T>x&7M?m3#Yq%=hm1ExY=GP+8B>F`ks;{BtpizXMqGsmU)s0i}v(V>$N zRiq4c9lfturYQ#ZlR8K0@Qr@gkX(n0-EbUoHnavfv^`40ie)*`C$6R$21a8Gaa!_~ z5N+T}h!(mM;+mzRDObRi5NaGu*Bc2-4ZnM6@u&Xy96j0%Y_&acSxX4?x|BW~yt7SNsuL8Tu>Nvu_`>SzjA*Rx|x$Wr|Mq z>jar_$DZx!_4LR$(XnX}*64%`L$COj%<{3tTZqPqd7=U1*E!;@Y?5d1F(`4^5k}i! zZK)bjdOhRuNlH;#d(<`gl5mi=>tYGD@QgznhF^{MukbiwU(^1f`w^ILut!bnxh|m4 z0nZRBjx-WKbAhXpwN7FSD@LlAhLii)qZ&tBU7Usx+RZO4_&I9wFJq1`D30~V@Fx(s zE{;?K&pedue!tn+(_{Tau3Ad#rx!~NeA+o=DMggd>o(n%IeQY3V#!h5SV==hBYXp-$C+R zEgze@s`o8Fqx~}<^9GNpO;n0Jg%9xYsivL5m#iCiZXMv`)r~r}E=ezHsiSEQs`Q>z z$7%|X7a)7t_u~KlpZ}{pxsyqG*W{JxHZIf=XEEuh^T$kcPvo&-Mzrqx1U2w{N zN588kAb>Aclz(mVom}W8mn5g{dZZp9<3B*gdJ?1?52M5qjvg+hhBmIyhK`iYANcO_ zZrFSN8YvQgDW=~wBzwfSPP^0(dlz2)Wf9m*R$(eJL$?!qwyOF*FE@$la&V%FbeYwN zVLyiCOK{nW{sHeh`jVQq{`)Dm0Q_m572ren{3*`@yJ(;2(=bn=d6=g;CStJKd6PsH z@A~NK0Yo6<^OIG1FV4>DG}WTFYwkIWr63^zLH%>dH|3VB%)INM#X~89ulL&&oqn*` ztCQ24OSv|ay%WS#p#ia}uRDo_tD_Osg1O>`8nz zN|DHT=t?ja++jy~mo|CvW|8dA&*u|_enOPHRJ@@9x_)6-h&ngDcDKX;GOfFiyNR#LxloW+nNRh>hwEg{W z3bBw{+5jfMPaRl4*=awu@M1sIyYgpc5gI2m_%OD&cMK6`MoXJVce@B?ys$A|_%H?) zTWhKHEVRv=CxDa3=&ao2dWVL7U8 zQh}??0VyuvkDP1m0)l(q8taX5pRWwB(}1o`7Da(p=?c*fweKZ*l|G$DFi%3^I?#a}eP)+g#LxXgZsY z2GMx*e|(9>5SdoAI7z3dv67FbFzY(bvzyG9S&dWZRkKUOaFj-0#&Mn{(KH=p@h~4; z$AcSBC6;JekHyKQ3Kbd<4w*>X$I&fOvI@oMV!xav4^c7%(Vomggv=@!JQ!Q2Ml^pT zn|X4CIkCsVmy7$$Ts+yymCU}50(@ll!E7>_O?~F&3=s{TVlXnomLt(Pi|(@PJjyayT{9lX)2o?yL~1UK@nH}b8Dd}~Ke zy)~z*=G3h@_12uKnp3xCR4&nj8KHYK%x8YLSPl`nWQzwWo=G3gT9*LX!i?nH>LCCg z%h7a*nx0u`?xj$p5Xqxm%pjVykL#I2OytDUP8zz#rX|`W#cREd9CG%s9S}rdbfX5N8q~m_0O1N9aCRSqcARS#zv(ext4tq+PFe5p)whMR|P0w%gd0>UfqfGSN=wwH&%V`#WMZNSH zx>~3uJ@vomrdUOZ$;DewHkx$O0&xx9;<0Q%!lzfzVaTyvIZ+cj6N<& z0W+a`giPKx6H48tsGpe45??yzE_1Qe79u(!?Kk6X3Dbxrt4jcClqL8dPiF2fQ}Sdx zSDfLYG2B>7$-)TKeL!_rJ|3lBBOWafq9V6vkVxNo!nXJpdCqx5OHgnH;f8Q4^s7J& zao1P*{9%~S6VzVps#3&gktw={=p;kxCzQnoz^$PCH;_KY7%B+C)O4L_(G*wJkKx3(G`vzP45Dv zSO7Fp7C(o)?9-q5B>L(ng*r>LG_8$dG!38_O?8UV)J5_6JRlduS*9RqZ4}ZYjtXE^=c{O0n zC?3wE>^hXYiL^*)96XfF=Q&wa5q?jkP@@*fBS1_%#iL8ztzfEcDZAt@gllPJ~CB#a8>q`p5 zet2zr+JU|awhL)|+9mlf`cgtn^ev0NxF3jX7NQQuqj(xt9!vlxK_$ytPJe%F1_GDO*5aLWa1hc<}hXlP3Q1dpv>LjHJcPVPT0)^oN>pSa$=vGwJmCV4EV*$4?TT;q7*XnoygZ#-m*fYWJWP&}9;**Hh2=V_U3A zj^g5_=kjYln9XiRai|y`Xi>uLUNUCcoPBl`DntmiND(}|#E_$v^P8`sQh1<62)BF5 zNdLHlg#mw)2{}|%`7JtWfv`w3cyVX zuJtm68R!LTtAK0RG9onZJjg)KZLQSoi#0#^c#+AQH{b(c zOQ=Id+lRo+fBw+rF=(O;5*nkEeL9v&2 zbM74Yn5%I%4L*;#;C$PG|JKfZ>&F}Ln2Rws-nPeFbPRmV4WSMdK94#0hd<_WltF^W zV?Kq+In)f8C!;hb`{j)0ekITnD(J9yw1{aO@fIt711FYHO^oK@5;IAIuZS2TlZzH# z(y$9)h_p-a$bM+vEgAR9bvnuB`P6fV2hm^V;>k{~o*Xv5zQqd5Fj35FYL?Gx1~>7ycG7 z^Z}BCWLDW`rJlo)A6b@+zT9PTiptLA%!k|%CeRzKP61>I4Eiq`O;TTaDM%rgY(CT> z`4&RVwC(v#;vsTG&AhNHuEweKirJ~5`EV~tf)b`EP^>Ki?ni?-@TN;a8o6Nep$^M8 z4>8lW<`?g`5wd-O7NihMHYfFXb`^M=n+S!pF*q4vx<0*6g7d4!DeS7*se#TC`VD|d z0SYTmchUiKJ&eNP;{?NVtb{4liq$EAENKZApoA#`6suFf-F%u4r(so^7^6^&CI>Is zRq!(X?EQI@8YA(_rdD3>eKVy11EYHvP3Dyb-d;7zK%DyAT;>|Iip3CSfuJbxa{;5yEMxt_rPS>`HD09o^onACjoPk|5`)HVtrVtP=q6svsXzV^R0+#vd zQDy;c3;C!kv<3sV#MYy9cERYw9-en0%FOPY_mE|&YK(!obulV;4A{C|jWO}IZRf5! z=Ckpz3pd0$_`&R};kE<+t)2VUo3~@$Z{2yn^~(E0Xg`WZ7!CL5wqK5Y0gv^7F1L^79rQ`MHl0RB%Q~JjeoNurRX*X7v-`zu?;tW)sk|%-i4_ zd@Gtjw+N3L;k}`}6kworZzj*Ye3!P1{suDVvUcWlpYR$Yw70Cq8Z@XbZF=b9-vAXf zLg%K2Hb%U&@jM=o^B!*Qry-X>57u?)K6Xib${qFwjS~2RJ&iAYn*`QqQIypwKvlC; zqnoZK-l?o{3(z*Yn$D7#oT$`IorvJnCprcwyvr{C>ZS}Lor=K0LkaRtyWd4M+Nel% z@>bRT{^{`!Wr6pO1Wjl8Fuv@rO^kPF6Wv0zoubP_Qb(5!A4n%Pk^Lu_fU;?iVC=oEF`_2`F+}L33ckh9xgHWp3L_$&AkH?RhC&! z58-;iowA2n;`xd-$4cC0mtZ}4bQSsS?dC@C&_*1+6n4E@Emtb&D$)HzgC&qKn*w6B z3-E0jDvdx_dk;T}`IjV`4z8hR=+*Dmf&@0r=Aa(j<1g&KpjImSA3pW+W7p#(0lK+e zLwYlshkU_i3^b__?G72VgW_HH$`KN=XmBt>*K-&rcqkmcDoarlZahYPau}KSli-Aq zG&wyxiOgm<@yRkVh^J8O8zglaf6dUZt|Do8i#+NTBrJ{5n-5N7I^j->7%dV-S6`j8 zWD>!dO!Mn#dN+v^za5=gLF`I(-!Q2|)V-eg4Vb#(+XPa#Fm2cI*XUGz0!Eug!PP@2 zofINP1wUkDpA9@eIJ=u>`FQpaCff_rm)wEk+vki4Gx3LfW;CaJQz`R<0=qU+}K7aBzz#>|>P# z`(634gP%YIKOLBpd~%m&Fh5C`-J!IhAB{0oVm5j>#ia3cC@cUB(4t2wQgjEW5>MV#C zN0>;l!ILpZ@9IGo&P(E~?8MxzVT4+To`p<}F>zBUl1e6kuS&=}tP& zm1fjcp>VA$3z$sSXOY{ckKufoQw~va#fvg-Ivk;Lk9yFTkJ>S1WQ+Xi>@pg8bwxd3 z1f?F{R>Ay3SzKh&%xfT23lhX=HWT$Y$?3X!JWCm8x5cLP=L2tz3KCmb_GPi&_|sr_jR&W;5Y^=&l#GXH zgxumwnlFn((SaGq+3B&_Tf@5CJ|AAXs34IJ9mJtc$?CrWB?`QCMwHmXa(LebuzMG#V6f5{oA6TIh&VSmW7G78j5lpT{;WD(m8Uz>N&45#T#de9p z_Q%EHxG!r1GUhCnOJuFx1fr*)m!`O&U8TX`s(@<+K@8cUvcL1e#*QK~PH^MqB`Sxz zVt?=^;1L=Vw>T-k`!ao33BFr#kB1j{!5zw*z++X41={B-&RkbdQtp^SD6bNXF4SIpv8OMF?l?U!Cwu)Gq zouF8}lwRoIC_zJl9d}W!L$o*U5=WD4WqK(Wuk~@`!$Ms}2AX6=2cu_s<-Q_5OS2L{ zyEWfcEA(7?T`AFDZU3_L7BYA_uXe@SpN>W7gv{cg^sKh@8mpzUfbSGU z;d<^o-*UU%mTUA<^1;N8A}UU>;X*m`RLfiiY?kCgN8NthzVR&eYKX!nnp~`h z*Fy*+b640{vV#fALjG-CEnfYo8h@FqNq3NWmRjm56S&H2x!-%eNwJ>@3%{M9sG41t zzR1{Fg~y3jj-R{LzRVZJdi||fyyj2G?ZSu65GL{(%r*s2>*Cp`9>jhE2mWmXeMWtD zJeoyD&Z?bHIo5*&I^AgHUM;|k%Dr#JphSqQvc*Oz2=jlV>p=psZnSeBKKim^SKQA`P>Fdt3D4{>L~!z6gTvDZ|LtDw6%NrTE6?hmhU2D`R;)8t!$aA z4D768k^NA7^TS4tGBQeVtNp>(D>*BfeW5KR615UD{AN+e=+*iau zwDh-L-?lz2R&Wzx(N7!Vx~O6N^Sk%OmjeVA*Z++P~%LFvh z!BLm{w{nl1o=`KWSO;Xs6e+WtJX})Vy6Jdxi+J-^u<#;WNch&G>^~f$4}`P~f$S<= zMJ(R(r>z%$<1Udj$yO%RKCR2`(vzt1mgZ4-s)GhbDLo&3!CR(bsdgIwK_k;}QR_ev zcknL0QhMAnOBpdqPcK~{?4nXgn1JI}`y)NE;g$v#yLz8N!sdv?OS?&Y6MOutRso2_yy{Z?{ z-AHGzU>cw5utQA|)a5R>Ud>laq>*3p@RM?=UdyfL0IDU@DusKrOWD1Wu570ZqXruV zsZQRSR!f+?I=pw0#A02Fn2%df?SDyX{Q}h1>>gH&SFdI%aTJhAf*Tk8w<&9HbmFdY zkYqa(G9HS}&WncnN*pxJN`Sg^bPm&pqVX0OEEa-mykiVfCcdIGNiTeTx5GrJo2BU``o}+V=>8I86abM~{nhVV(N$wr0 z9=9;i8d3~MIGu#EzgJrllpkJJwHAU?Nx*gW1Gvbw!p_L?2=xfL&`+qhC|qia`gWld z1m)WNf)o14&3KVWp>6u?!eh!I>66DEcU(S&C-xVd+~*j5iZSP779;_2?TW)oZK|l? zQeog`H43?mzx<>3ZyNWXGb&)gtC?TleR?o9`KZw=X>ka>^gIp^>OG;h6Nk!o>*MoExgaDBUTw^c=_SAVG)NOm z%;W_`nR>snsNc>O_#=szVztdncopZ{sz$E~Q+5vf>i7+1=B26_ISTIM;64uS)8M86 z^l+Pjy#k*KbTO9y+q)SKdM`!Yg9#V%PQou^x)cFC@dy#X!#g$j+Ojy|+R~)9YfIgl z?BRDh4WgSQK{Ck`dWRx&wPzK!c!g;!y2397>e}YG8B^_-#>NEv3m;x=&^sAri2Pnx z3p&#H3&H4fj6OkyIv(Zz@OA{2ZWr-Ls89i5~L@Go%PHp`2Cv0pr)w^}IC zHC&a+@FI_r!R72O(J56AmArl_KK1|pvtN{TheCtV)9dI{{`a4G6sN{=V{me)=umo8 z0%HL(I2l!-JN~)50Ca~xySTw_poL7s&KdT#HcB=_t)0S2`K92qgQuK)L)Qlp{$a zB>fMaf*MQ=W!;el%B+L|4%Y})dYkn?V`MFT?Lu!OD8hFlid`LZ8tm#x| za9fE7!f?Rra>0J`woHA7zg1|av)UTz)w)l;2i2N3KJg$6P6RkCXJ7s()@x&PXt!I_ zbpkcR+&=Yr$bj}4q1Ez^p57j}piUlYAHDW|tWXZ5&KPj6m&ML{eZVM?VPBDmqhajX zuH24?(YyzPs{L}iL=3z4{p$He8i?VEbQFjEJVPyH7@b*uGwE4v>jTOS|EBpD;@wBy z1N;|mt3e~0HSf+~KnIWI7;ca{4utM{+epyzTVCz>Kv`?Ma`~+%_+FS>$q5QMwJRZX!s_k_5WU9^aN9SYeLLW{!zW?c5G`W0Qs zRb8MiFA%?0M`I_Sny4z`-)H{tjH0IjKUUiXdC-c*qB?F5J?e9|tb{>4Ww1#d#`|Si z^@%eda)Rmz^-a-x1pQj060k4P<5g{-N8fzU?)^p}k$n>RZxII-@FRJyJu8_EY7`c8 z)^zT3YpJ$AXiadR1jq7FL48KQGGOi8#i5ql|6Z@!csd}PWZ~v(KFCt3anCZ=;^xxA zn&YR+p$%;hMbuLi1tLzqK!EFUflO{LEv$oZsvO$%_fSMV8&R}NfE9(wAWeOYtPu+~ zGgbL>*PSkpzs_BhVCS^rSPoqKMQ~1qu^N0W2ZkJ*d^8E{_IH=SZl_Cv=))yIJ0C`1 z7W+VE)R4~yUj{IuqY?@xjmNt;rh*CmF@wp#bJ3OO!p?J{@$8Eq-FTAd!N!A35|1!= z63WCY91|Beifo^8w#w~WFxh7;KAzqixVTNH>T(4?J1*g8(={Yi-op(VoG{>EvKgs9 zb?5rzA`@;G>a1g;#ikAhBOYjUz~R<)5+l6R-^?}!-FnQI0wqV37;g(*mb`u%3Vi}G@nKB+{)FMIVUbz zo$fgi2q~&gJQd_4m~oSfhW>>*z13#Ni~=nq!DNK`C4(DrDayvJ%!7ItLk-C8ey@8 zE`C8>I_jy!KcU{_%NF%0$s$`5km5oR>9iuZ^{}nxxY{BO$v`po)uCEcYqG17kh=zk zF28BHg1Q%5^MgN6G+np7*R9!GZcQRA=8@o^VVyF|IWKiAl?0FA&olVI_=NEZ6y6L@ zV62lyCNP{ZECGmQG^Os0$Ko*>9T7u!Q#EEa4#EgpZY%l+^0LBr;G zLu0XXpE_T`4;XBqzYi4|ccnuaXU}zA>{fU&ExI{*aX9Rabs6!a1o-bhjp^f3neCwTzGYIc6+VYQH6WA_6u1a6Q@BPX>e>;0Q9CpTXi49EU zb(YOj7n&R1-aVI5S?_qk&-yO9ibn1F(-OVmZqUyt>P1&{0XWt`LOa( zTFv$Ar+=P*`se50&V+@k;cHtU7_Vfi<+Uw-Ygc+dUZ5&N&mVqn@Ny-1`SABpefD}$ z@86Dx)%w>@zxh-Q%$>;NKaoHG`wVK2i+>i2^{*GdwUtD0MYRFLgP-VmU-vJ19OaBU z18)*niAe5wiNNkQ3Ym&oK%?hg*XkuZ7C+S`PrK%v2ZP_+D%nF|WZAo>ime&1HRdUX;g$6%<-U;pyY z_)^4L_Wz=pUY@-!;iLLxvCHuT=m#mqP-K*brwaS{QA7lilfskJcJGI9QLMh1BQLkh zkK}`IDhL^ zeXtRJk8UVW=M#7K0kC@YT z69u*p&ZThs;_3Y;nN270G*kJ>!}>9_6svFM__*v5Je;$)Rr$k0_mQ`dGTLsU#Q5R) z6mBGB*YX?&v_;yPg;t4?<>T^50dejIv&kfy4pWu1c~(D$Q^4!nxjrtB4JOW}^di>y z1Dbyx%tAxZ%=3Y{q=-0=u(CQC;T1V5GnC6X_)6=wYs1w6-L!N> zisNQ?5;ny56~L1PBMj2gtcs<84L?u8#qoUw@KmvYfyEa4R{=Wk4QxVI-n(62xejQ< zi?(_1oq|sQ`YPn9vM~sG22l|a(F0$UMsVfz*!j)q0yn%57jQTF#d=*q#arXq2EVz? zo8f>Q-8vr69^{kfe)&hwY~_TDVq0xji(JIT$!rE z;>NX<+Xc=$49UHg?_nC?3`;mW4P}y_>Mn3AX3qIk?SB;eCB6nheCpYj0+)EYrNV=* zZx<#SG6EUoQwjx!=A1&#u&;iu!mpHkWT42v4-FI<-ow!!O~}nX-k00* zM;IzT15ic9i85;V)sPPzRMDlY(J)l69ZB-pjg<%41gh^x)ClTBmG{1>j&&&C?OmK^ z%4xO|sp7zy-%$M;UZLaD1PxU=OULj~m%xjs+V(d^9dHTpN#*FJFP?)qj+0D8`{(yq0M(=Eo(`P8^#QgU={PM^c;=V{X5l z3E!>#fB63Gm3Bh3IXAp+0{#&jQN)+!gmzy(^sb+JC+vDd)cP9pmx@`n7vqvIHrZq(!0n?u>n=NIx@+?#{$?<1@za((PZKKk3g zNoY7IgN+HAz<3$7LUc>)quW&WJ5WtZl z-~n%hK&EEM-dA22#Fe6uAAm#tLP+~+=Q->Ft_%nL3Bw)mKf!<^1Y0K~cF*;I1O$ck zSr|_FU--ImOSdLr7P4w$K@G4eMb#r8f>QQv1xF;BhgodY+p14uDDSlDk>3a$YSeaC z*r^yVRw#dxoj5}1S#X~RQynR$KzaYah!$nOkoODwbxA%vW$`^0{~Hx7`Wr+aD!k7t zGS^-onG&^lxe$$-)3rF{dsDtd2N9LU;-yFZpmrvd%YXv56iAn>h|zMouAT#skhg$^ zelaxk=NZ)ZeR>RJpBy%6Z)RA|l0N!AL7f$|NJMO3`o4S`*g9cPLIUO!8= zMeVZByPH(RgC#WM;~_gW?~;Ge-z>85<`_c+h=@!<>Rji{aEx zUTBnaJ4LQw3InnL_&xMu-0BzOR>BJv_+1zHodVXOcPrKJRw~@BIyA$np5au;Fg(h1 zr`P_nLazeUmD?_Yo@0122eWAwf6emYEKi}gHXSHWu*J!&0u}?GpdcGf-0a|BV17nj z<~{T#@hUG|fp%4Kh5E?}>PqJ0*&rIj$XQ}nWN>a*_XHo~e4xb3yK$gS9^n$ZFEPw&2n zL)i|WMgq{GR?V_sg+2$cH3(|64D*>@;02pXwc~STUFhaH-H60O$?Ynwv<-46YPgc4 z>2NfNGHZ?{A4S5V*m!?XF2fF@iSQx0$)-@zj|0l*>afBcw=S$P`F1nDnq{L1uBlmo z=B8+Q`q?k`n{LJLbqPk!l-$&ETOe;93%;bxT zKG|Os=EjOnr5rxJ8==?jeVmLgM=v7XJHW?*kKwSo}@>ZzXC3^2+d8=Qq@oWW$+seL(kI7d}w%aiAII3F6&~` zi7buNXky_aHkE4iyd_6pbfOzwO|#M9Cbksx#;($ay%70%2I9*QpJyP${#b3#Us0E| zQ&D*sP0w%gxviSyW|=d1v_yzAW=R+|X-2}(0}#l;12qzEAuQjjYF!rF5PTXUA=5O1 zxmfhcsgxn8i-mZ+CBx;Z3>j}^9R$k{qG~YlrrHz`@9ft>E#5!SB)Bn93VIx55Il{M zp=lz8ZFXG@z-2))FiWM#c%sH@e73BVbi667axI+62rmlk2OMs6v1FFM8qP(afK|ty<<_Cf1 z5kJWyu)u*k!3_N99tjD@#rAG(9ij9<^)SmEt!Wdx(nR&I8O_l|V&WS%`*`LIuR%+L2p~cv*w(G9f7utmRY&y1I zWA0%fhY$R_7T+{W;>ccjiCO17?BRTet~WPJqS4rKcd1>Z4SuKdC__acyw%^omHWDQ zLf9p0o|LPg*TUnMI7y>RbeZD8T@sI!mxN{}oS}_Sf4dd;#BTpn;Zx;yhB5;47?<@tHTl-ShDVE z7yOC_B(l_Mr@y6DV?zfE-nvl1iGfBMX5bX4mV+w=6Ii6_5jZy%PY0+fgAQC0-{M8N z^GKU5vpI1U@F?}a!QQrkIfcL+2dY_ZESx3u!KWcAa`VWS`#tK_EUIM~EJWoHB_s1> z5j@~dB#AN(hf_qbP?5SmiiWq@>a*h^`%gzybV9&!JU?DChj^LG;6SLKikd8LU4^x~ zFQb$!S{MdlXT$j(GD5xvW)})77erE?576%Y~ZVcuv*lf{DHkX<^?aS-I42l-eAvipbYS>($eVlJIvr zDD#)Cni@~5D7*~+Bspm`ZoOmRW0&CHK7!pW4F^QC#*%Kfl0uK@^jiTR{rKDn=11kM z=tpfuaQ700Lbg!fOYdbWHo`@+O~()**vRljS3)vCVdo@vkrvt>C#KA^rXwA3;EYI_XNH7+V?7SHp`add@qIhx*?@^A5Eq7I+_>~D&n zK?1T*f98|ut3pOoCE(RI9C$P}0gt94aM0~S0m>ahDID$dd3gRmpPTYeQYGNf`~!rZ zf08N!hvmOH;j>90Xlz_50FRCsNr*H}#QYwP`Q3m?*G|Lww-CJYUB)WkIZp6!4~tO| zg+U(rkyg1q>_c_JM_)Kjh35u|A{g8N%K?vd@eJ#6`>R7p4RjMf-lfqMtf$RKnOx^6 zHk}IHR=VgYbjnJEMsEJbg=bv`qaosKg@P{H~Of|_Y3M3zsgzt2DYv+59ztEtoR~@%rb#rJrO+_oe#!QB} zPq_s1oUHJ4ME3>AJNFLw+_l%Gu5sj zQ!I6NQkcfT`;eqA`o>EU61?7+0~^*GD>j7+a@u?uxLB{sZKwMT`DniO8;nQs)N;2? zo=#C=og52~+TF3cDO&Kn0-HDtlz?Xt5P_MQSxtoS)q5Q_Ga%z$qP|6{P7|12O#ESU zeKM{($){P(gx}FE?^@%ssTy=A?NzSgq^NkVYdG=&AN|ll!Bv{(+3W^&11xu2aIi4{ z*rS&oEP#7HMZiOXUTvsL5?{G>G=45QyZ!3zWHs|-bnhVs+!QUV0`{gj>1h~6H*xZ% z<#|w?6cwxw7Q9}YpRvjf=e$5B7+07`n@^cTJygKao)>hrUS$;^_~;UL zWWSczpB)8|gS+yZuU2~Qp_A8t9AQP(-(&_C_R@IoC?oyj4%SZnO(t+rjijs?Z1HWE zcFIjs3Ej8L=xq>KY{WKj*C!bWqlwtIwLj5j-!^H7eX)35Ek8tDmPCV_(a=*K^)?Ia zu%C#^WZX%_=A@{occ_)ng*%<2*S?t%n^c~lkv$xvj_u(@1@`bPcd~0#iHChn%vEPs zQcoJbJWJKjirbvq)P;WPZ0FNId2aDFO8bsS?oPdCw|H!>{c?$Z4ml@YB*M~qeFQg~ zmXn6^I7`b|p6=(8bE1%T36z{}T1L(oT$bBaSpQ)jrRl>kj|KyDw}Oh#;!>d@g^(AR_MLr|Vdk>9pKpR|F$jE52k)S8V{ z10FfO56*(zm>bS*wGCyO&Zas(BsQo3dctFgu-uQO>L4?p@K^${^RZMN z49wjgOAc&%EL8_1^Y`wow=Tw816%lG$pKA|rD(LUb$TpCT-#%5@R22Sek=jm@mR`c z!nrA6sbs)=69-7IOPoT{Ug@+E{kS^xYopC8e($n){c9tW1EsE?Lq8g$Au<6;BbZy5 zXB2llfW5tfMti0(pO}$-Pe*guop6fUuX35N_=pn9JLK+NgQ zboMaSa7i-9{!y;i9nc@*@z{vZ4V(dg@ZGV%0I7DyDFm&< z%6`*|erY8?Oc@oyD{&D7iqaP2Hpv{EY~K#sf7;9)?`~7{{lCU2C#j3GWv3t#VM*XE@x7aGuRtix`t}8E>@d5kd&;3 zLjOghNvcswR*kSj9x0$Pe}YY*+Lue%#;jO(x~8zM0D+>uh2^5E4h^&LVQ~lI=3`+q zuVNQz-&TvV+sz!t_oG24CF7v&B+69FLJ{n)rIk!EcO*VS{k z+c%zF+3s9pYItB}2vj^B^9IX3()+}oJ=LLMrjy%2BeQ@=r>2!rS;^9n(0aXN?$S89 zj~$s)>;i2_#l2AK=|zJ>S5bA8PgY0Sux^Hhf_Cfy7rx=cUopJA#-nJx5i1%{@du^?GwlDgY%BY3IpuBm2~v&-712GzW*$zYdg zVa0Ea`kt$TeD)aBlBeLXv^Yh5%TYu=Zd4lgRxeEm49?VtVzcX}0mfg_ESk)1^xQ#X zK5kb(L$_}ifbXWGulnxoCI^)nK6}7Nl(MxiUHIXP27LA?UB+Tjp}NUh@HkI!ts!i% zZKyUBtA+6V6vlHm<+;QO8$AbZ{Xr37+h%R|55*=^byy|H@Qe!tRinxlI#b%<>GPzD zO{Kys*}E{o(sT}%g_xTDKLD}ewoZBcrU!6zSX1MP0|uL#X?cF zSr#E(f)C&Qn0l|F2-96+e!JnZOiAaA)n!kyE&+7UAJnK*?x5FIm{od{RV21c=qM; zr8x9gOH^=Rxmt%7M-mUOqbwf{QQ3fXX~uSk=44UayAqS-?)J;wc-YBLqHZIWX+uv>VSxJCDUwAd30&;YkhG=# zqCsX5r!2bl`(SX8)d1G+pXMZ~U`wWhx#>!16C*WAJoxysUAZ8q9^ti;!Ib!LvUxlp z=NR4GPmTH2y{M4zb0kbBNJwW#>?*uuXz|v6+J*t+wU~>y{AsJ8HwH?vFY#H-p$z*H zpZ}~8H0c~4-pHY=OoT8MpQSVW6?|o1ZBRAg{mnmxLXkO-RA?ldNaeoU~n8|K*#AKd|e(oQlLmH4Y%2;y7L((OAQWYW_U~ceyCxDCIC)$;v(^TZ)_?8 zq979wN*1yCQ5YfEhG&Q+3)pxq0~GiIZ+u;sPk~(%z6uHUs*e)brz4FowGN8a&89_I z$aRXEW~Ek(p2pFpX!X2>U6TWzBn#E(YC20|a@KZ>D$&)Z>v(wj>m)sQ+2vm?I>1Hc z4_*(!A}tR$H>pG@m-Wd70%arhC=RNdS`W|{DPgPWx$Hn}lsL01H$?$Sj@7Be8r>x#hNfw5qbUuzA zE!kAOY(h@D|BR!h1gLH{E%i$kw9AIhkY3M}JvJ;pT*6xz-@OWc&ycE3*rvoJLMb(n zBmvTcdVkV*)N`ppzTEG33@qXIX#8<0S`|-%#vXqT}8?sqi)w0U8gJZ(xR(4 zQ9&!agPHDQ-jSH>M{egOcAYl3keM2pJYB>`9ptA)hf-Yba};M_AO=bi*zMPP_)Ta2 z$1=QG^J8gf(9lEzyAM8nbg!R2x))9#B^B$peX(79bChxqdXR? zSsCHt4VTDo#S;F9@3ezB2lx2%`Y+KC{)Z2-6~^cLatdS8!#Kfn&+xT=ih5t;aXiRi0$eFV zPTzKEhw8QbC~?{BCia(yz3l?Gr~tvQ)1*z~uNnH)DvJ8q<DZ#BHaXm&Tv^6~7!ax=YR zL$dO;+M+@TJ8^t;RxU?V)V|1)#|~NHu_0N3lL~@9|Mt@|o(*o4Z^AZ-5T( zCzWvq;x6LMOI3mwb3r?{>$?uG*n;nU?5{b|#me8Ii)&yo_H-S7b~)q@ohAmCi&iPv zOB7OfsPt-66<4zg4OLak<1S$0hDOMkB#l7gy;}XR4s5zAT?j~ENSprVSRY_b8r!D7 zE|x*ylYDZQX0Ymvu0ls?Lxs=i(@4Nm(9L@Ja0O{R9SV!!O#*b6h99pVK%_<84_mth zz<5bOG=w#G>cTDEOgImVK5B)aPWw5^H=Oz9&zKEz)Q~{E@^h4(>_#r(s!?Hs4s_s3 zYmNwAV{L)8W>pBuTcQISuFlO=*kt5EZMwywGh2?DW`oSZNgNdB73v*?6&VgXLJfSi zz^F!r?bUw@ScbcS5kE5%HYq%?qX4W0D?qq^r;f4xD*g1#iEe!D+XKE!Tx~4qxq1CAzNaz%nwMqk3^XOSKZh4V>eE!H4x5~MlClpX>+;9O{ois6SMwKM2%YxnDiKYe$%qFT%IgQ?Uves=JSq(dDCd zKsh-tZ92P*M)GK#hrdf^z$G96uJeM89)!Kw-w0k^h&AAn@V$)iODfIe89&WR2!96j zTYpNq_(=g4Aqeu03qQ$*3;#rQ)zhyRzbP2Y&1(BQnDVF9nq6J^O)xM!{On)!I10u) z{{zy|Rc3e4`)n=}ozrM~b5OLX+GJ<6xYU%sXR=W=TnLc)?UHsbj8FXIKm|H4}4 zO|e}POfH!I=>OHDf1SP7$6r4wI552TJNzS{)JKX?ACU+87e)S9p;onDG!_BlvH~2ma#>zC!T28hoc_ z{M`bIhnrR&t5c(XUPZ8NttWz)>41@|sXjO$~w+X}_T0Ef_dIOg4*2m}7R>mZ0@N9BF zs*3&W)37ll^dP0$ul|d-d1_dCzjFWIfbq3D9!%n?iRq0Nc&ejElTqX|qIz!2_Hv=z zWD@oth)35})@ZVfD;1i{kon+!)g2{GP4%eY*1lUZz_f$Zl7gqJH(O^u|d} zw|Bs6Z{v(?Xf=t_8+TN&7{4-bhcR?ZZ4#%Wmzo%S~6gS-eiR=sn(Hv<3#AiMu<-q4zzxI)jo zH^YCzLr+FI>K{XzM+f)x|wj4Hc6cAo9ZJuVqggY*tB zWp6x;<~zXH&we(DLUFI@IR3o4tX+0s0NVoTc@6+8I4kWcRW!;G2|n zx$z$@BC$D%&1o#VB1YpGoaXLRUk%Cc9`Q$&L+=i@zFMzd(d~V&4<&kakjYikWg!-Z zMW#mi?WGr3p3n}wxbnn%FU4Q%zC+2UWZWdyY@~HX-5p&Wy+mQN1$q#Sb zEf#eNi{ivLjBX`W(|~Uv+QX}Hd&H=;_gKttA`9vk@^Y@TP%B|!HvlEBo}h%6_O>O9 zl(^R7L#2~3GtCp;f3>$$pDBrjg@`oIXgIm(VSf!9QYGx=LTJqB(9BGchl3t<7m=Bh3ha6?8oL1PdMug% zkw)&KYAkYRGNA7$LmWyw{DC%$Q``;0U0)OKp%g)P`wA*=Gb%OG8bho}MNsM`q5k-O zv=wk-qjer#h}455@*-$pu^&SXALyWQ|2cDwZ^#WQ^cJMPBUN0zzZk{**V;!U1IJHfp6&UJ(s?L)ccGUxt0MO zvH1Q%f3U$DkJ2o01hq#bD%LKM8QF73UKBV-J6zhzWnONL<{5UBn&|v_s`{P`CfM(S`})6fCraG39opZ&~~qzTICn=H@nkbbxhM6 zZRw`Y-%*vlm3yn?8?79*&ha5v>Vu2Q@M`gU<3vQ#ufv2O^8F5JVxEzKpWsT5g#8DF z!#L52op}Nxb>=}MdL`n4FE|_6gbPQX6zg>}Q9^_8uonztL4z9JWbnI3hP6oVg*w73 zxJFcUb=)uHQ6!#7?nc6Xg7=}?mpN=QnlFzVkM1)KA^VczkRkd9x+my*px0-y#D5DT zLaZ~rFAu9d4CF0sqvme~YV0n57aiF>N@!Yd7^i1=!#q5KSv=K2dziqscw}@kx=dm4 z?yC9r(_|BC8&RO=mSZ+QDZogt`(m`U82=zs~Bi*e{eZ0+PlWI@msk_LNH?R!Hw?0iZS#ks6{WH8H zmXgHJgfP#C^wb4p`|_2IEqfBlBg8F zHeldMcwUH!4oIPTWK-X>wMXcx8u7 zO486i3r%q{+%cvdY6hv6I=t*l{JGc$7UTInP}y}7<4?UNu;7l}Y&rD|7V$i-pZmqO z+P-h9qvs?tti`z;U**wsHhrAT?)aKJ&A=I8%k*90ziy2o!B*(=NL;<9TQ~`--hUMP zCG=p!ST1MDLzE1oFXLFH5lkwN?`J6rRP))1X5b7jKLU;fXE4_f(mCKtGRF=&B$I(C zM`J3<0ygSvtd^nJ_tAJX)Uk0g$KDk0c>B5~d^H(FFo_=X`7F(bQKsEr(Z;DNyqhjP zStpQehIh)P=jLd1vXv9Ed<9-PCS1FA+|V$fMo4&(nkTWbOtEwUzWTWefAHqX?CZ$% z*l~lz@E(r-XhMGEsN~$%VBO?6R)cPC;0$yX9-RXt$ApC5=PZe)=_o_Dbvzn8lH)-1 zn{M_xBP$FYll*#DjjV8FAsPJY(O+kxw;vi(D5L?#afh;x=eAchUU_0^<;!hp7S*Rw zxS4-P6Y<-h8lX+paBPYiW^ckMNRZAz(g^{yHMK$8Cbb!_g|wRZ!|ok0W2c2MgED4? znpddhi6?BN89yyvnhNY?c-BvgmRrVV?FJu$d4~)=W-#HsE@Aax_1*%>+~^=N{bdB? zvq}y$KEFg~H%&gU*ryE#d?*h5X~ZEjX>CZvi(-)MpwOuRm-1rYmiH2li|#X3t)Eb2t>0{wL+UEbEtc5~T&!C!Fm zK&A3HtkwZb5lNeJh5GH^R=x{eaoZ7=bLC$~8SkLTsTBCw1^Lbleb->G${$|KHoy@t p+PFu5=u0+mW%QG*^MVH4w*4(ey!*s^fHc>13R3Cf|360%d|)-k<8=T4 diff --git a/krb5-1.21.3/doc/html/plugindev/ccselect.html b/krb5-1.21.3/doc/html/plugindev/ccselect.html deleted file mode 100644 index bd694cbb..00000000 --- a/krb5-1.21.3/doc/html/plugindev/ccselect.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - Credential cache selection interface (ccselect) — MIT Kerberos Documentation - - - - - - - - - - - - - - - - -
-
-
- -
-
-
- -
-

Credential cache selection interface (ccselect)¶

-

The ccselect interface allows modules to control how credential caches -are chosen when a GSSAPI client contacts a service. For a detailed -description of the ccselect interface, see the header file -<krb5/ccselect_plugin.h>.

-

The primary ccselect method is choose, which accepts a server -principal as input and returns a ccache and/or principal name as -output. A module can use the krb5_cccol APIs to iterate over the -cache collection in order to find an appropriate ccache to use.

-

A module can create and destroy per-library-context state objects by -implementing the init and fini methods. State objects have -the type krb5_ccselect_moddata, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object.

-

A module can have one of two priorities, “authoritative†or -“heuristicâ€. Results from authoritative modules, if any are -available, will take priority over results from heuristic modules. A -module communicates its priority as a result of the init method.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/certauth.html b/krb5-1.21.3/doc/html/plugindev/certauth.html deleted file mode 100644 index 881f7489..00000000 --- a/krb5-1.21.3/doc/html/plugindev/certauth.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - PKINIT certificate authorization interface (certauth) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

PKINIT certificate authorization interface (certauth)¶

-

The certauth interface was first introduced in release 1.16. It -allows customization of the X.509 certificate attribute requirements -placed on certificates used by PKINIT enabled clients. For a detailed -description of the certauth interface, see the header file -<krb5/certauth_plugin.h>

-

A certauth module implements the authorize method to determine -whether a client’s certificate is authorized to authenticate a client -principal. authorize receives the DER-encoded certificate, the -requested client principal, and a pointer to the client’s -krb5_db_entry (for modules that link against libkdb5). The method -must decode the certificate and inspect its attributes to determine if -it should authorize PKINIT authentication. It returns the -authorization status and optionally outputs a list of authentication -indicator strings to be added to the ticket.

-

Beginning in release 1.19, the authorize method can request that the -hardware authentication bit be set in the ticket by returning -KRB5_CERTAUTH_HWAUTH. Beginning in release 1.20, the authorize -method can return KRB5_CERTAUTH_HWAUTH_PASS to request that the -hardware authentication bit be set in the ticket but otherwise defer -authorization to another certauth module. A module must use its own -internal or library-provided ASN.1 certificate decoder.

-

A module can optionally create and destroy module data with the -init and fini methods. Module data objects last for the -lifetime of the KDC process.

-

If a module allocates and returns a list of authentication indicators -from authorize, it must also implement the free_ind method -to free the list.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/clpreauth.html b/krb5-1.21.3/doc/html/plugindev/clpreauth.html deleted file mode 100644 index cd008ab9..00000000 --- a/krb5-1.21.3/doc/html/plugindev/clpreauth.html +++ /dev/null @@ -1,187 +0,0 @@ - - - - - - - - - Client preauthentication interface (clpreauth) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Client preauthentication interface (clpreauth)¶

-

During an initial ticket request, a KDC may ask a client to prove its -knowledge of the password before issuing an encrypted ticket, or to -use credentials other than a password. This process is called -preauthentication, and is described in RFC 4120 and RFC 6113. -The clpreauth interface allows the addition of client support for -preauthentication mechanisms beyond those included in the core MIT -krb5 code base. For a detailed description of the clpreauth -interface, see the header file <krb5/clpreauth_plugin.h> (or -<krb5/preauth_plugin.h> before release 1.12).

-

A clpreauth module is generally responsible for:

-
    -
  • Supplying a list of preauth type numbers used by the module in the -pa_type_list field of the vtable structure.

  • -
  • Indicating what kind of preauthentication mechanism it implements, -with the flags method. In the most common case, this method -just returns PA_REAL, indicating that it implements a normal -preauthentication type.

  • -
  • Examining the padata information included in a PREAUTH_REQUIRED or -MORE_PREAUTH_DATA_REQUIRED error and producing padata values for the -next AS request. This is done with the process method.

  • -
  • Examining the padata information included in a successful ticket -reply, possibly verifying the KDC identity and computing a reply -key. This is also done with the process method.

  • -
  • For preauthentication types which support it, recovering from errors -by examining the error data from the KDC and producing a padata -value for another AS request. This is done with the tryagain -method.

  • -
  • Receiving option information (supplied by kinit -X or by an -application), with the gic_opts method.

  • -
-

A clpreauth module can create and destroy per-library-context and -per-request state objects by implementing the init, fini, -request_init, and request_fini methods. Per-context state -objects have the type krb5_clpreauth_moddata, and per-request state -objects have the type krb5_clpreauth_modreq. These are abstract -pointer types; a module should typically cast these to internal -types for the state objects.

-

The process and tryagain methods have access to a callback -function and handle (called a “rockâ€) which can be used to get -additional information about the current request, including the -expected enctype of the AS reply, the FAST armor key, and the client -long-term key (prompting for the user password if necessary). A -callback can also be used to replace the AS reply key if the -preauthentication mechanism computes one.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/general.html b/krb5-1.21.3/doc/html/plugindev/general.html deleted file mode 100644 index 35c1ce70..00000000 --- a/krb5-1.21.3/doc/html/plugindev/general.html +++ /dev/null @@ -1,242 +0,0 @@ - - - - - - - - - General plugin concepts — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

General plugin concepts¶

-

A krb5 dynamic plugin module is a Unix shared object or Windows DLL. -Typically, the source code for a dynamic plugin module should live in -its own project with a build system using automake and libtool, or -tools with similar functionality.

-

A plugin module must define a specific symbol name, which depends on -the pluggable interface and module name. For most pluggable -interfaces, the exported symbol is a function named -INTERFACE_MODULE_initvt, where INTERFACE is the name of the -pluggable interface and MODULE is the name of the module. For these -interfaces, it is possible for one shared object or DLL to implement -multiple plugin modules, either for the same pluggable interface or -for different ones. For example, a shared object could implement both -KDC and client preauthentication mechanisms, by exporting functions -named kdcpreauth_mymech_initvt and clpreauth_mymech_initvt.

-

A plugin module implementation should include the header file -<krb5/INTERFACE_plugin.h>, where INTERFACE is the name of the -pluggable interface. For instance, a ccselect plugin module -implementation should use #include <krb5/ccselect_plugin.h>.

-

initvt functions have the following prototype:

-
krb5_error_code interface_modname_initvt(krb5_context context,
-                                         int maj_ver, int min_ver,
-                                         krb5_plugin_vtable vtable);
-
-
-

and should do the following:

-
    -
  1. Check that the supplied maj_ver argument is supported by the -module. If it is not supported, the function should return -KRB5_PLUGIN_VER_NOTSUPP.

  2. -
  3. Cast the supplied vtable pointer to the structure type -corresponding to the major version, as documented in the pluggable -interface header file.

  4. -
  5. Fill in the structure fields with pointers to method functions and -static data, stopping at the field indicated by the supplied minor -version. Fields for unimplemented optional methods can be left -alone; it is not necessary to initialize them to NULL.

  6. -
-

In most cases, the context argument will not be used. The initvt -function should not allocate memory; think of it as a glorified -structure initializer. Each pluggable interface defines methods for -allocating and freeing module state if doing so is necessary for the -interface.

-

Pluggable interfaces typically include a name field in the vtable -structure, which should be filled in with a pointer to a string -literal containing the module name.

-

Here is an example of what an initvt function might look like for a -fictional pluggable interface named fences, for a module named -“wickerâ€:

-
krb5_error_code
-fences_wicker_initvt(krb5_context context, int maj_ver,
-                     int min_ver, krb5_plugin_vtable vtable)
-{
-    krb5_ccselect_vtable vt;
-
-    if (maj_ver == 1) {
-        krb5_fences_vtable vt = (krb5_fences_vtable)vtable;
-        vt->name = "wicker";
-        vt->slats = wicker_slats;
-        vt->braces = wicker_braces;
-    } else if (maj_ver == 2) {
-        krb5_fences_vtable_v2 vt = (krb5_fences_vtable_v2)vtable;
-        vt->name = "wicker";
-        vt->material = wicker_material;
-        vt->construction = wicker_construction;
-        if (min_ver < 2)
-            return 0;
-        vt->footing = wicker_footing;
-        if (min_ver < 3)
-            return 0;
-        vt->appearance = wicker_appearance;
-    } else {
-        return KRB5_PLUGIN_VER_NOTSUPP;
-    }
-    return 0;
-}
-
-
-
-

Logging from KDC and kadmind plugin modules¶

-

Plugin modules for the KDC or kadmind daemons can write to the -configured logging outputs (see [logging]) by calling the -com_err function. The first argument (whoami) is ignored. If -the second argument (code) is zero, the formatted message is logged -at informational severity; otherwise, the formatted message is logged -at error severity and includes the error message for the supplied -code. Here are examples:

-
com_err("", 0, "Client message contains %d items", nitems);
-com_err("", retval, "while decoding client message");
-
-
-

(The behavior described above is new in release 1.17. In prior -releases, the whoami argument is included for some logging output -types, the logged message does not include the usual header for some -output types, and the severity for syslog outputs is configured as -part of the logging specification, defaulting to error severity.)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/gssapi.html b/krb5-1.21.3/doc/html/plugindev/gssapi.html deleted file mode 100644 index 95db08fb..00000000 --- a/krb5-1.21.3/doc/html/plugindev/gssapi.html +++ /dev/null @@ -1,259 +0,0 @@ - - - - - - - - - GSSAPI mechanism interface — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

GSSAPI mechanism interface¶

-

The GSSAPI library in MIT krb5 can load mechanism modules to augment -the set of built-in mechanisms.

-

A mechanism module is a Unix shared object or Windows DLL, built -separately from the krb5 tree. Modules are loaded according to the -GSS mechanism config files described in GSSAPI mechanism modules.

-

For the most part, a GSSAPI mechanism module exports the same -functions as would a GSSAPI implementation itself, with the same -function signatures. The mechanism selection layer within the GSSAPI -library (called the “mechglueâ€) will dispatch calls from the -application to the module if the module’s mechanism is requested. If -a module does not wish to implement a GSSAPI extension, it can simply -refrain from exporting it, and the mechglue will fail gracefully if -the application calls that function.

-

The mechglue does not invoke a module’s gss_add_cred, -gss_add_cred_from, gss_add_cred_impersonate_name, or -gss_add_cred_with_password function. A mechanism only needs to -implement the “acquire†variants of those functions.

-

A module does not need to coordinate its minor status codes with those -of other mechanisms. If the mechglue detects conflicts, it will map -the mechanism’s status codes onto unique values, and then map them -back again when gss_display_status is called.

-
-

NegoEx modules¶

-

Some Windows GSSAPI mechanisms can only be negotiated via a Microsoft -extension to SPNEGO called NegoEx. Beginning with release 1.18, -mechanism modules can support NegoEx as follows:

-
    -
  • Implement the gssspi_query_meta_data(), gssspi_exchange_meta_data(), -and gssspi_query_mechanism_info() SPIs declared in -<gssapi/gssapi_ext.h>.

  • -
  • Implement gss_inquire_sec_context_by_oid() and answer the -GSS_C_INQ_NEGOEX_KEY and GSS_C_INQ_NEGOEX_VERIFY_KEY OIDs -to provide the checksum keys for outgoing and incoming checksums, -respectively. The answer must be in two buffers: the first buffer -contains the key contents, and the second buffer contains the key -encryption type as a four-byte little-endian integer.

  • -
-

By default, NegoEx mechanisms will not be directly negotiated via -SPNEGO. If direct SPNEGO negotiation is required for -interoperability, implement gss_inquire_attrs_for_mech() and assert -the GSS_C_MA_NEGOEX_AND_SPNEGO attribute (along with any applicable -RFC 5587 attributes).

-
-
-

Interposer modules¶

-

The mechglue also supports a kind of loadable module, called an -interposer module, which intercepts calls to existing mechanisms -rather than implementing a new mechanism.

-

An interposer module must export the symbol gss_mech_interposer -with the following signature:

-
gss_OID_set gss_mech_interposer(gss_OID mech_type);
-
-
-

This function is invoked with the OID of the interposer mechanism as -specified in the mechanism config file, and returns a set of mechanism -OIDs to be interposed. The returned OID set must have been created -using the mechglue’s gss_create_empty_oid_set and -gss_add_oid_set_member functions.

-

An interposer module must use the prefix gssi_ for the GSSAPI -functions it exports, instead of the prefix gss_. In most cases, -unexported gssi_ functions will result in failure from their -corresponding gss_ calls.

-

An interposer module can link against the GSSAPI library in order to -make calls to the original mechanism. To do so, it must specify a -special mechanism OID which is the concatention of the interposer’s -own OID byte string and the original mechanism’s OID byte string.

-

Functions that do not accept a mechanism argument directly require no -special handling, with the following exceptions:

-

Since gss_accept_sec_context does not accept a mechanism argument, -an interposer mechanism must, in order to invoke the original -mechanism’s function, acquire a credential for the concatenated OID -and pass that as the verifier_cred_handle parameter.

-

Since gss_import_name, gss_import_cred, and -gss_import_sec_context do not accept mechanism parameters, the SPI -has been extended to include variants which do. This allows the -interposer module to know which mechanism should be used to interpret -the token. These functions have the following signatures:

-
OM_uint32 gssi_import_sec_context_by_mech(OM_uint32 *minor_status,
-    gss_OID desired_mech, gss_buffer_t interprocess_token,
-    gss_ctx_id_t *context_handle);
-
-OM_uint32 gssi_import_name_by_mech(OM_uint32 *minor_status,
-    gss_OID mech_type, gss_buffer_t input_name_buffer,
-    gss_OID input_name_type, gss_name_t output_name);
-
-OM_uint32 gssi_import_cred_by_mech(OM_uint32 *minor_status,
-    gss_OID mech_type, gss_buffer_t token,
-    gss_cred_id_t *cred_handle);
-
-
-

To re-enter the original mechanism when importing tokens for the above -functions, the interposer module must wrap the mechanism token in the -mechglue’s format, using the concatenated OID (except in -gss_import_name). The mechglue token formats are:

-
    -
  • For gss_import_sec_context, a four-byte OID length in big-endian -order, followed by the concatenated OID, followed by the mechanism -token.

  • -
  • For gss_import_name, the bytes 04 01, followed by a two-byte OID -length in big-endian order, followed by the mechanism OID, followed -by a four-byte token length in big-endian order, followed by the -mechanism token. Unlike most uses of OIDs in the API, the mechanism -OID encoding must include the DER tag and length for an object -identifier (06 followed by the DER length of the OID byte string), -and this prefix must be included in the two-byte OID length. -input_name_type must also be set to GSS_C_NT_EXPORT_NAME.

  • -
  • For gss_import_cred, a four-byte OID length in big-endian order, -followed by the concatenated OID, followed by a four-byte token -length in big-endian order, followed by the mechanism token. This -sequence may be repeated multiple times.

  • -
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/hostrealm.html b/krb5-1.21.3/doc/html/plugindev/hostrealm.html deleted file mode 100644 index d7d1840b..00000000 --- a/krb5-1.21.3/doc/html/plugindev/hostrealm.html +++ /dev/null @@ -1,170 +0,0 @@ - - - - - - - - - Host-to-realm interface (hostrealm) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Host-to-realm interface (hostrealm)¶

-

The host-to-realm interface was first introduced in release 1.12. It -allows modules to control the local mapping of hostnames to realm -names as well as the default realm. For a detailed description of the -hostrealm interface, see the header file -<krb5/hostrealm_plugin.h>.

-

Although the mapping methods in the hostrealm interface return a list -of one or more realms, only the first realm in the list is currently -used by callers. Callers may begin using later responses in the -future.

-

Any mapping method may return KRB5_PLUGIN_NO_HANDLE to defer -processing to a later module.

-

A module can create and destroy per-library-context state objects -using the init and fini methods. If the module does not need -any state, it does not need to implement these methods.

-

The optional host_realm method allows a module to determine -authoritative realm mappings for a hostname. The first authoritative -mapping is used in preference to KDC referrals when getting service -credentials.

-

The optional fallback_realm method allows a module to determine -fallback mappings for a hostname. The first fallback mapping is tried -if there is no authoritative mapping for a realm, and KDC referrals -failed to produce a successful result.

-

The optional default_realm method allows a module to determine the -local default realm.

-

If a module implements any of the above methods, it must also -implement free_list to ensure that memory is allocated and -deallocated consistently.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/index.html b/krb5-1.21.3/doc/html/plugindev/index.html deleted file mode 100644 index b10153cb..00000000 --- a/krb5-1.21.3/doc/html/plugindev/index.html +++ /dev/null @@ -1,185 +0,0 @@ - - - - - - - - - For plugin module developers — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
- - -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/internal.html b/krb5-1.21.3/doc/html/plugindev/internal.html deleted file mode 100644 index c6dfca91..00000000 --- a/krb5-1.21.3/doc/html/plugindev/internal.html +++ /dev/null @@ -1,171 +0,0 @@ - - - - - - - - - Internal pluggable interfaces — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Internal pluggable interfaces¶

-

Following are brief discussions of pluggable interfaces which have not -yet been made public. These interfaces are functional, but the -interfaces are likely to change in incompatible ways from release to -release. In some cases, it may be necessary to copy header files from -the krb5 source tree to use an internal interface. Use these with -care, and expect to need to update your modules for each new release -of MIT krb5.

-
-

Kerberos database interface (KDB)¶

-

A KDB module implements a database back end for KDC principal and -policy information, and can also control many aspects of KDC behavior. -For a full description of the interface, see the header file -<kdb.h>.

-

The KDB pluggable interface is often referred to as the DAL (Database -Access Layer).

-
-
-

Authorization data interface (authdata)¶

-

The authdata interface allows a module to provide (from the KDC) or -consume (in application servers) authorization data of types beyond -those handled by the core MIT krb5 code base. The interface is -defined in the header file <krb5/authdata_plugin.h>, which is not -installed by the build.

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/kadm5_auth.html b/krb5-1.21.3/doc/html/plugindev/kadm5_auth.html deleted file mode 100644 index da95cd89..00000000 --- a/krb5-1.21.3/doc/html/plugindev/kadm5_auth.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - - kadmin authorization interface (kadm5_auth) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kadmin authorization interface (kadm5_auth)¶

-

The kadm5_auth interface (new in release 1.16) allows modules to -determine whether a client principal is authorized to perform an -operation in the kadmin protocol, and to apply restrictions to -principal operations. For a detailed description of the kadm5_auth -interface, see the header file <krb5/kadm5_auth_plugin.h>.

-

A module can create and destroy per-process state objects by -implementing the init and fini methods. State objects have -the type kadm5_auth_modinfo, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object.

-

The kadm5_auth interface has one method for each kadmin operation, -with parameters specific to the operation. Each method can return -either 0 to authorize access, KRB5_PLUGIN_NO_HANDLE to defer the -decision to other modules, or another error (canonically EPERM) to -authoritatively deny access. Access is granted if at least one module -grants access and no module authoritatively denies access.

-

The addprinc and modprinc methods can also impose restrictions -on the principal operation by returning a struct -kadm5_auth_restrictions object. The module should also implement -the free_restrictions method if it dynamically allocates -restrictions objects for principal operations.

-

kadm5_auth modules can optionally inspect principal or policy objects. -To do this, the module must also include <kadm5/admin.h> to gain -access to the structure definitions for those objects. As the kadmin -interface is explicitly not as stable as other public interfaces, -modules which do this may not retain compatibility across releases.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/kadm5_hook.html b/krb5-1.21.3/doc/html/plugindev/kadm5_hook.html deleted file mode 100644 index bcba2445..00000000 --- a/krb5-1.21.3/doc/html/plugindev/kadm5_hook.html +++ /dev/null @@ -1,162 +0,0 @@ - - - - - - - - - KADM5 hook interface (kadm5_hook) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KADM5 hook interface (kadm5_hook)¶

-

The kadm5_hook interface allows modules to perform actions when -changes are made to the Kerberos database through kadmin. -For a detailed description of the kadm5_hook interface, see the header -file <krb5/kadm5_hook_plugin.h>.

-

The kadm5_hook interface has five primary methods: chpass, -create, modify, remove, and rename. (The rename -method was introduced in release 1.14.) Each of these methods is -called twice when the corresponding administrative action takes place, -once before the action is committed and once afterwards. A module can -prevent the action from taking place by returning an error code during -the pre-commit stage.

-

A module can create and destroy per-process state objects by -implementing the init and fini methods. State objects have -the type kadm5_hook_modinfo, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object.

-

Because the kadm5_hook interface is tied closely to the kadmin -interface (which is explicitly unstable), it may not remain as stable -across versions as other public pluggable interfaces.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/kdcpolicy.html b/krb5-1.21.3/doc/html/plugindev/kdcpolicy.html deleted file mode 100644 index 5e93921f..00000000 --- a/krb5-1.21.3/doc/html/plugindev/kdcpolicy.html +++ /dev/null @@ -1,160 +0,0 @@ - - - - - - - - - KDC policy interface (kdcpolicy) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KDC policy interface (kdcpolicy)¶

-

The kdcpolicy interface was first introduced in release 1.16. It -allows modules to veto otherwise valid AS and TGS requests or restrict -the lifetime and renew time of the resulting ticket. For a detailed -description of the kdcpolicy interface, see the header file -<krb5/kdcpolicy_plugin.h>.

-

The optional check_as and check_tgs functions allow the module -to perform access control. Additionally, a module can create and -destroy module data with the init and fini methods. Module -data objects last for the lifetime of the KDC process, and are -provided to all other methods. The data has the type -krb5_kdcpolicy_moddata, which should be cast to the appropriate -internal type.

-

kdcpolicy modules can optionally inspect principal entries. To do -this, the module must also include <kdb.h> to gain access to the -principal entry structure definition. As the KDB interface is -explicitly not as stable as other public interfaces, modules which do -this may not retain compatibility across releases.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/kdcpreauth.html b/krb5-1.21.3/doc/html/plugindev/kdcpreauth.html deleted file mode 100644 index 294aedc9..00000000 --- a/krb5-1.21.3/doc/html/plugindev/kdcpreauth.html +++ /dev/null @@ -1,207 +0,0 @@ - - - - - - - - - KDC preauthentication interface (kdcpreauth) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

KDC preauthentication interface (kdcpreauth)¶

-

The kdcpreauth interface allows the addition of KDC support for -preauthentication mechanisms beyond those included in the core MIT -krb5 code base. For a detailed description of the kdcpreauth -interface, see the header file <krb5/kdcpreauth_plugin.h> (or -<krb5/preauth_plugin.h> before release 1.12).

-

A kdcpreauth module is generally responsible for:

-
    -
  • Supplying a list of preauth type numbers used by the module in the -pa_type_list field of the vtable structure.

  • -
  • Indicating what kind of preauthentication mechanism it implements, -with the flags method. If the mechanism computes a new reply -key, it must specify the PA_REPLACES_KEY flag. If the mechanism -is generally only used with hardware tokens, the PA_HARDWARE -flag allows the mechanism to work with principals which have the -requires_hwauth flag set.

  • -
  • Producing a padata value to be sent with a preauth_required error, -with the edata method.

  • -
  • Examining a padata value sent by a client and verifying that it -proves knowledge of the appropriate client credential information. -This is done with the verify method.

  • -
  • Producing a padata response value for the client, and possibly -computing a reply key. This is done with the return_padata -method.

  • -
-

A module can create and destroy per-KDC state objects by implementing -the init and fini methods. Per-KDC state objects have the -type krb5_kdcpreauth_moddata, which is an abstract pointer types. A -module should typically cast this to an internal type for the state -object.

-

A module can create a per-request state object by returning one in the -verify method, receiving it in the return_padata method, and -destroying it in the free_modreq method. Note that these state -objects only apply to the processing of a single AS request packet, -not to an entire authentication exchange (since an authentication -exchange may remain unfinished by the client or may involve multiple -different KDC hosts). Per-request state objects have the type -krb5_kdcpreauth_modreq, which is an abstract pointer type.

-

The edata, verify, and return_padata methods have access -to a callback function and handle (called a “rockâ€) which can be used -to get additional information about the current request, including the -maximum allowable clock skew, the client’s long-term keys, the -DER-encoded request body, the FAST armor key, string attributes on the -client’s database entry, and the client’s database entry itself. The -verify method can assert one or more authentication indicators to -be included in the issued ticket using the add_auth_indicator -callback (new in release 1.14).

-

A module can generate state information to be included with the next -client request using the set_cookie callback (new in release -1.14). On the next request, the module can read this state -information using the get_cookie callback. Cookie information is -encrypted, timestamped, and transmitted to the client in a -PA-FX-COOKIE pa-data item. Older clients may not support cookies -and therefore may not transmit the cookie in the next request; in this -case, get_cookie will not yield the saved information.

-

If a module implements a mechanism which requires multiple round -trips, its verify method can respond with the code -KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED and a list of pa-data in -the e_data parameter to be processed by the client.

-

The edata and verify methods can be implemented -asynchronously. Because of this, they do not return values directly -to the caller, but must instead invoke responder functions with their -results. A synchronous implementation can invoke the responder -function immediately. An asynchronous implementation can use the -callback to get an event context for use with the libverto API.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/localauth.html b/krb5-1.21.3/doc/html/plugindev/localauth.html deleted file mode 100644 index 07321c6b..00000000 --- a/krb5-1.21.3/doc/html/plugindev/localauth.html +++ /dev/null @@ -1,176 +0,0 @@ - - - - - - - - - Local authorization interface (localauth) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Local authorization interface (localauth)¶

-

The localauth interface was first introduced in release 1.12. It -allows modules to control the relationship between Kerberos principals -and local system accounts. When an application calls -krb5_kuserok() or krb5_aname_to_localname(), localauth -modules are consulted to determine the result. For a detailed -description of the localauth interface, see the header file -<krb5/localauth_plugin.h>.

-

A module can create and destroy per-library-context state objects -using the init and fini methods. If the module does not need -any state, it does not need to implement these methods.

-

The optional userok method allows a module to control the behavior -of krb5_kuserok(). The module receives the authenticated name -and the local account name as inputs, and can return either 0 to -authorize access, KRB5_PLUGIN_NO_HANDLE to defer the decision to other -modules, or another error (canonically EPERM) to authoritatively deny -access. Access is granted if at least one module grants access and no -module authoritatively denies access.

-

The optional an2ln method can work in two different ways. If the -module sets an array of uppercase type names in an2ln_types, then -the module’s an2ln method will only be invoked by -krb5_aname_to_localname() if an auth_to_local value in -krb5.conf refers to one of the module’s types. In this -case, the type and residual arguments will give the type name and -residual string of the auth_to_local value.

-

If the module does not set an2ln_types but does implement -an2ln, the module’s an2ln method will be invoked for all -krb5_aname_to_localname() operations unless an earlier module -determines a mapping, with type and residual set to NULL. The -module can return KRB5_LNAME_NO_TRANS to defer mapping to later -modules.

-

If a module implements an2ln, it must also implement -free_string to ensure that memory is allocated and deallocated -consistently.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/locate.html b/krb5-1.21.3/doc/html/plugindev/locate.html deleted file mode 100644 index c17cc6ee..00000000 --- a/krb5-1.21.3/doc/html/plugindev/locate.html +++ /dev/null @@ -1,165 +0,0 @@ - - - - - - - - - Server location interface (locate) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Server location interface (locate)¶

-

The locate interface allows modules to control how KDCs and similar -services are located by clients. For a detailed description of the -ccselect interface, see the header file <krb5/locate_plugin.h>.

-

A locate module exports a structure object of type -krb5plugin_service_locate_ftable, with the name service_locator. -The structure contains a minor version and pointers to the module’s -methods.

-

The primary locate method is lookup, which accepts a service type, -realm name, desired socket type, and desired address family (which -will be AF_UNSPEC if no specific address family is desired). The -method should invoke the callback function once for each server -address it wants to return, passing a socket type (SOCK_STREAM for TCP -or SOCK_DGRAM for UDP) and socket address. The lookup method -should return 0 if it has authoritatively determined the server -addresses for the realm, KRB5_PLUGIN_NO_HANDLE if it wants to let -other location mechanisms determine the server addresses, or another -code if it experienced a failure which should abort the location -process.

-

A module can create and destroy per-library-context state objects by -implementing the init and fini methods. State objects have -the type void *, and should be cast to an internal type for the state -object.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/profile.html b/krb5-1.21.3/doc/html/plugindev/profile.html deleted file mode 100644 index beef56c0..00000000 --- a/krb5-1.21.3/doc/html/plugindev/profile.html +++ /dev/null @@ -1,229 +0,0 @@ - - - - - - - - - Configuration interface (profile) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Configuration interface (profile)¶

-

The profile interface allows a module to control how krb5 -configuration information is obtained by the Kerberos library and -applications. For a detailed description of the profile interface, -see the header file <profile.h>.

-
-

Note

-

The profile interface does not follow the normal conventions -for MIT krb5 pluggable interfaces, because it is part of a -lower-level component of the krb5 library.

-
-

As with other types of plugin modules, a profile module is a Unix -shared object or Windows DLL, built separately from the krb5 tree. -The krb5 library will dynamically load and use a profile plugin module -if it reads a module directive at the beginning of krb5.conf, as -described in Configuration profile modules.

-

A profile module exports a function named profile_module_init -matching the signature of the profile_module_init_fn type. This -function accepts a residual string, which may be used to help locate -the configuration source. The function fills in a vtable and may also -create a per-profile state object. If the module uses state objects, -it should implement the copy and cleanup methods to manage -them.

-

A basic read-only profile module need only implement the -get_values and free_values methods. The get_values method -accepts a null-terminated list of C string names (e.g., an array -containing “libdefaultsâ€, “clockskewâ€, and NULL for the clockskew -variable in the [libdefaults] section) and returns a -null-terminated list of values, which will be cleaned up with the -free_values method when the caller is done with them.

-

Iterable profile modules must also define the iterator_create, -iterator, iterator_free, and free_string methods. The -core krb5 code does not require profiles to be iterable, but some -applications may iterate over the krb5 profile object in order to -present configuration interfaces.

-

Writable profile modules must also define the writable, -modified, update_relation, rename_section, -add_relation, and flush methods. The core krb5 code does not -require profiles to be writable, but some applications may write to -the krb5 profile in order to present configuration interfaces.

-

The following is an example of a very basic read-only profile module -which returns a hardcoded value for the default_realm variable in -[libdefaults], and provides no other configuration information. -(For conciseness, the example omits code for checking the return -values of malloc and strdup.)

-
#include <stdlib.h>
-#include <string.h>
-#include <profile.h>
-
-static long
-get_values(void *cbdata, const char *const *names, char ***values)
-{
-    if (names[0] != NULL && strcmp(names[0], "libdefaults") == 0 &&
-        names[1] != NULL && strcmp(names[1], "default_realm") == 0) {
-        *values = malloc(2 * sizeof(char *));
-        (*values)[0] = strdup("ATHENA.MIT.EDU");
-        (*values)[1] = NULL;
-        return 0;
-    }
-    return PROF_NO_RELATION;
-}
-
-static void
-free_values(void *cbdata, char **values)
-{
-    char **v;
-
-    for (v = values; *v; v++)
-        free(*v);
-    free(values);
-}
-
-long
-profile_module_init(const char *residual, struct profile_vtable *vtable,
-                    void **cb_ret);
-
-long
-profile_module_init(const char *residual, struct profile_vtable *vtable,
-                    void **cb_ret)
-{
-    *cb_ret = NULL;
-    vtable->get_values = get_values;
-    vtable->free_values = free_values;
-    return 0;
-}
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/plugindev/pwqual.html b/krb5-1.21.3/doc/html/plugindev/pwqual.html deleted file mode 100644 index 0a8c20fb..00000000 --- a/krb5-1.21.3/doc/html/plugindev/pwqual.html +++ /dev/null @@ -1,161 +0,0 @@ - - - - - - - - - Password quality interface (pwqual) — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Password quality interface (pwqual)¶

-

The pwqual interface allows modules to control what passwords are -allowed when a user changes passwords. For a detailed description of -the pwqual interface, see the header file <krb5/pwqual_plugin.h>.

-

The primary pwqual method is check, which receives a password as -input and returns success (0) or a KADM5_PASS_Q_ failure code -depending on whether the password is allowed. The check method -also receives the principal name and the name of the principal’s -password policy as input; although there is no stable interface for -the module to obtain the fields of the password policy, it can define -its own configuration or data store based on the policy name.

-

A module can create and destroy per-process state objects by -implementing the open and close methods. State objects have -the type krb5_pwqual_moddata, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. The open method also receives the name of the realm’s -dictionary file (as configured by the dict_file variable in the -[realms] section of kdc.conf) if it wishes to use -it.

-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/resources.html b/krb5-1.21.3/doc/html/resources.html deleted file mode 100644 index dc9875e2..00000000 --- a/krb5-1.21.3/doc/html/resources.html +++ /dev/null @@ -1,180 +0,0 @@ - - - - - - - - - Resources — MIT Kerberos Documentation - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Resources¶

-
-

Mailing lists¶

-
    -
  • kerberos@mit.edu is a community resource for discussion and -questions about MIT krb5 and other Kerberos implementations. To -subscribe to the list, please follow the instructions at -https://mailman.mit.edu/mailman/listinfo/kerberos.

  • -
  • krbdev@mit.edu is the primary list for developers of MIT Kerberos. -To subscribe to the list, please follow the instructions at -https://mailman.mit.edu/mailman/listinfo/krbdev.

  • -
  • krb5-bugs@mit.edu is notified when a ticket is created or updated. -This list helps track bugs and feature requests. -In addition, this list is used to track documentation criticism -and recommendations for improvements.

  • -
  • krbcore@mit.edu is a private list for the MIT krb5 core team. Send -mail to this list if you need to contact the core team.

  • -
  • krbcore-security@mit.edu is the point of contact for security problems -with MIT Kerberos. Please use PGP-encrypted mail to report possible -vulnerabilities to this list.

  • -
-
-
-

IRC channels¶

-

The IRC channel #kerberos on libera.chat is a community resource for -general Kerberos discussion and support.

-

The main IRC channel for MIT Kerberos development is #krbdev on -Libera Chat.

-

For more information about Libera Chat, see https://libera.chat/.

-
-
-

Archives¶

- -
-
-

Wiki¶

-

The wiki at https://k5wiki.kerberos.org/ contains useful information -for developers working on the MIT Kerberos source code. Some of the -information on the wiki may be useful for advanced users or system -administrators.

-
-
-

Web pages¶

- -
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/search.html b/krb5-1.21.3/doc/html/search.html deleted file mode 100644 index c4cd9353..00000000 --- a/krb5-1.21.3/doc/html/search.html +++ /dev/null @@ -1,144 +0,0 @@ - - - - - - - - Search — MIT Kerberos Documentation - - - - - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -

Search

- - - - -

- Searching for multiple words only shows matches that contain - all words. -

- - -
- - - -
- - - -
- -
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/searchindex.js b/krb5-1.21.3/doc/html/searchindex.js deleted file mode 100644 index 867f9959..00000000 --- a/krb5-1.21.3/doc/html/searchindex.js +++ /dev/null @@ -1 +0,0 @@ -Search.setIndex({docnames:["about","admin/admin_commands/index","admin/admin_commands/k5srvutil","admin/admin_commands/kadmin_local","admin/admin_commands/kadmind","admin/admin_commands/kdb5_ldap_util","admin/admin_commands/kdb5_util","admin/admin_commands/kprop","admin/admin_commands/kpropd","admin/admin_commands/kproplog","admin/admin_commands/krb5kdc","admin/admin_commands/ktutil","admin/admin_commands/sserver","admin/advanced/index","admin/advanced/retiring-des","admin/appl_servers","admin/auth_indicator","admin/backup_host","admin/conf_files/index","admin/conf_files/kadm5_acl","admin/conf_files/kdc_conf","admin/conf_files/krb5_conf","admin/conf_ldap","admin/database","admin/dbtypes","admin/dictionary","admin/enctypes","admin/env_variables","admin/host_config","admin/https","admin/index","admin/install","admin/install_appl_srv","admin/install_clients","admin/install_kdc","admin/lockout","admin/otp","admin/pkinit","admin/princ_dns","admin/realm_config","admin/spake","admin/troubleshoot","admin/various_envs","appdev/gssapi","appdev/h5l_mit_apidiff","appdev/index","appdev/init_creds","appdev/princ_handle","appdev/refs/api/index","appdev/refs/api/krb5_425_conv_principal","appdev/refs/api/krb5_524_conv_principal","appdev/refs/api/krb5_524_convert_creds","appdev/refs/api/krb5_address_compare","appdev/refs/api/krb5_address_order","appdev/refs/api/krb5_address_search","appdev/refs/api/krb5_allow_weak_crypto","appdev/refs/api/krb5_aname_to_localname","appdev/refs/api/krb5_anonymous_principal","appdev/refs/api/krb5_anonymous_realm","appdev/refs/api/krb5_appdefault_boolean","appdev/refs/api/krb5_appdefault_string","appdev/refs/api/krb5_auth_con_free","appdev/refs/api/krb5_auth_con_genaddrs","appdev/refs/api/krb5_auth_con_get_checksum_func","appdev/refs/api/krb5_auth_con_getaddrs","appdev/refs/api/krb5_auth_con_getauthenticator","appdev/refs/api/krb5_auth_con_getflags","appdev/refs/api/krb5_auth_con_getkey","appdev/refs/api/krb5_auth_con_getkey_k","appdev/refs/api/krb5_auth_con_getlocalseqnumber","appdev/refs/api/krb5_auth_con_getlocalsubkey","appdev/refs/api/krb5_auth_con_getrcache","appdev/refs/api/krb5_auth_con_getrecvsubkey","appdev/refs/api/krb5_auth_con_getrecvsubkey_k","appdev/refs/api/krb5_auth_con_getremoteseqnumber","appdev/refs/api/krb5_auth_con_getremotesubkey","appdev/refs/api/krb5_auth_con_getsendsubkey","appdev/refs/api/krb5_auth_con_getsendsubkey_k","appdev/refs/api/krb5_auth_con_init","appdev/refs/api/krb5_auth_con_initivector","appdev/refs/api/krb5_auth_con_set_checksum_func","appdev/refs/api/krb5_auth_con_set_req_cksumtype","appdev/refs/api/krb5_auth_con_setaddrs","appdev/refs/api/krb5_auth_con_setflags","appdev/refs/api/krb5_auth_con_setports","appdev/refs/api/krb5_auth_con_setrcache","appdev/refs/api/krb5_auth_con_setrecvsubkey","appdev/refs/api/krb5_auth_con_setrecvsubkey_k","appdev/refs/api/krb5_auth_con_setsendsubkey","appdev/refs/api/krb5_auth_con_setsendsubkey_k","appdev/refs/api/krb5_auth_con_setuseruserkey","appdev/refs/api/krb5_build_principal","appdev/refs/api/krb5_build_principal_alloc_va","appdev/refs/api/krb5_build_principal_ext","appdev/refs/api/krb5_build_principal_va","appdev/refs/api/krb5_c_block_size","appdev/refs/api/krb5_c_checksum_length","appdev/refs/api/krb5_c_crypto_length","appdev/refs/api/krb5_c_crypto_length_iov","appdev/refs/api/krb5_c_decrypt","appdev/refs/api/krb5_c_decrypt_iov","appdev/refs/api/krb5_c_derive_prfplus","appdev/refs/api/krb5_c_encrypt","appdev/refs/api/krb5_c_encrypt_iov","appdev/refs/api/krb5_c_encrypt_length","appdev/refs/api/krb5_c_enctype_compare","appdev/refs/api/krb5_c_free_state","appdev/refs/api/krb5_c_fx_cf2_simple","appdev/refs/api/krb5_c_init_state","appdev/refs/api/krb5_c_is_coll_proof_cksum","appdev/refs/api/krb5_c_is_keyed_cksum","appdev/refs/api/krb5_c_keyed_checksum_types","appdev/refs/api/krb5_c_keylengths","appdev/refs/api/krb5_c_make_checksum","appdev/refs/api/krb5_c_make_checksum_iov","appdev/refs/api/krb5_c_make_random_key","appdev/refs/api/krb5_c_padding_length","appdev/refs/api/krb5_c_prf","appdev/refs/api/krb5_c_prf_length","appdev/refs/api/krb5_c_prfplus","appdev/refs/api/krb5_c_random_add_entropy","appdev/refs/api/krb5_c_random_make_octets","appdev/refs/api/krb5_c_random_os_entropy","appdev/refs/api/krb5_c_random_seed","appdev/refs/api/krb5_c_random_to_key","appdev/refs/api/krb5_c_string_to_key","appdev/refs/api/krb5_c_string_to_key_with_params","appdev/refs/api/krb5_c_valid_cksumtype","appdev/refs/api/krb5_c_valid_enctype","appdev/refs/api/krb5_c_verify_checksum","appdev/refs/api/krb5_c_verify_checksum_iov","appdev/refs/api/krb5_calculate_checksum","appdev/refs/api/krb5_cc_cache_match","appdev/refs/api/krb5_cc_close","appdev/refs/api/krb5_cc_copy_creds","appdev/refs/api/krb5_cc_default","appdev/refs/api/krb5_cc_default_name","appdev/refs/api/krb5_cc_destroy","appdev/refs/api/krb5_cc_dup","appdev/refs/api/krb5_cc_end_seq_get","appdev/refs/api/krb5_cc_gen_new","appdev/refs/api/krb5_cc_get_config","appdev/refs/api/krb5_cc_get_flags","appdev/refs/api/krb5_cc_get_full_name","appdev/refs/api/krb5_cc_get_name","appdev/refs/api/krb5_cc_get_principal","appdev/refs/api/krb5_cc_get_type","appdev/refs/api/krb5_cc_initialize","appdev/refs/api/krb5_cc_move","appdev/refs/api/krb5_cc_new_unique","appdev/refs/api/krb5_cc_next_cred","appdev/refs/api/krb5_cc_remove_cred","appdev/refs/api/krb5_cc_resolve","appdev/refs/api/krb5_cc_retrieve_cred","appdev/refs/api/krb5_cc_select","appdev/refs/api/krb5_cc_set_config","appdev/refs/api/krb5_cc_set_default_name","appdev/refs/api/krb5_cc_set_flags","appdev/refs/api/krb5_cc_start_seq_get","appdev/refs/api/krb5_cc_store_cred","appdev/refs/api/krb5_cc_support_switch","appdev/refs/api/krb5_cc_switch","appdev/refs/api/krb5_cccol_cursor_free","appdev/refs/api/krb5_cccol_cursor_new","appdev/refs/api/krb5_cccol_cursor_next","appdev/refs/api/krb5_cccol_have_content","appdev/refs/api/krb5_change_password","appdev/refs/api/krb5_check_clockskew","appdev/refs/api/krb5_checksum_size","appdev/refs/api/krb5_chpw_message","appdev/refs/api/krb5_cksumtype_to_string","appdev/refs/api/krb5_clear_error_message","appdev/refs/api/krb5_copy_addresses","appdev/refs/api/krb5_copy_authdata","appdev/refs/api/krb5_copy_authenticator","appdev/refs/api/krb5_copy_checksum","appdev/refs/api/krb5_copy_context","appdev/refs/api/krb5_copy_creds","appdev/refs/api/krb5_copy_data","appdev/refs/api/krb5_copy_error_message","appdev/refs/api/krb5_copy_keyblock","appdev/refs/api/krb5_copy_keyblock_contents","appdev/refs/api/krb5_copy_principal","appdev/refs/api/krb5_copy_ticket","appdev/refs/api/krb5_decode_authdata_container","appdev/refs/api/krb5_decode_ticket","appdev/refs/api/krb5_decrypt","appdev/refs/api/krb5_deltat_to_string","appdev/refs/api/krb5_eblock_enctype","appdev/refs/api/krb5_encode_authdata_container","appdev/refs/api/krb5_encrypt","appdev/refs/api/krb5_encrypt_size","appdev/refs/api/krb5_enctype_to_name","appdev/refs/api/krb5_enctype_to_string","appdev/refs/api/krb5_expand_hostname","appdev/refs/api/krb5_find_authdata","appdev/refs/api/krb5_finish_key","appdev/refs/api/krb5_finish_random_key","appdev/refs/api/krb5_free_addresses","appdev/refs/api/krb5_free_ap_rep_enc_part","appdev/refs/api/krb5_free_authdata","appdev/refs/api/krb5_free_authenticator","appdev/refs/api/krb5_free_checksum","appdev/refs/api/krb5_free_checksum_contents","appdev/refs/api/krb5_free_cksumtypes","appdev/refs/api/krb5_free_context","appdev/refs/api/krb5_free_cred_contents","appdev/refs/api/krb5_free_creds","appdev/refs/api/krb5_free_data","appdev/refs/api/krb5_free_data_contents","appdev/refs/api/krb5_free_default_realm","appdev/refs/api/krb5_free_enctypes","appdev/refs/api/krb5_free_error","appdev/refs/api/krb5_free_error_message","appdev/refs/api/krb5_free_host_realm","appdev/refs/api/krb5_free_keyblock","appdev/refs/api/krb5_free_keyblock_contents","appdev/refs/api/krb5_free_keytab_entry_contents","appdev/refs/api/krb5_free_principal","appdev/refs/api/krb5_free_string","appdev/refs/api/krb5_free_tgt_creds","appdev/refs/api/krb5_free_ticket","appdev/refs/api/krb5_free_unparsed_name","appdev/refs/api/krb5_fwd_tgt_creds","appdev/refs/api/krb5_get_credentials","appdev/refs/api/krb5_get_credentials_renew","appdev/refs/api/krb5_get_credentials_validate","appdev/refs/api/krb5_get_default_realm","appdev/refs/api/krb5_get_error_message","appdev/refs/api/krb5_get_etype_info","appdev/refs/api/krb5_get_fallback_host_realm","appdev/refs/api/krb5_get_host_realm","appdev/refs/api/krb5_get_in_tkt_with_keytab","appdev/refs/api/krb5_get_in_tkt_with_password","appdev/refs/api/krb5_get_in_tkt_with_skey","appdev/refs/api/krb5_get_init_creds_keytab","appdev/refs/api/krb5_get_init_creds_opt_alloc","appdev/refs/api/krb5_get_init_creds_opt_free","appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags","appdev/refs/api/krb5_get_init_creds_opt_init","appdev/refs/api/krb5_get_init_creds_opt_set_address_list","appdev/refs/api/krb5_get_init_creds_opt_set_anonymous","appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize","appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt","appdev/refs/api/krb5_get_init_creds_opt_set_etype_list","appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name","appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags","appdev/refs/api/krb5_get_init_creds_opt_set_forwardable","appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache","appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache","appdev/refs/api/krb5_get_init_creds_opt_set_pa","appdev/refs/api/krb5_get_init_creds_opt_set_pac_request","appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list","appdev/refs/api/krb5_get_init_creds_opt_set_proxiable","appdev/refs/api/krb5_get_init_creds_opt_set_renew_life","appdev/refs/api/krb5_get_init_creds_opt_set_responder","appdev/refs/api/krb5_get_init_creds_opt_set_salt","appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life","appdev/refs/api/krb5_get_init_creds_password","appdev/refs/api/krb5_get_permitted_enctypes","appdev/refs/api/krb5_get_profile","appdev/refs/api/krb5_get_prompt_types","appdev/refs/api/krb5_get_renewed_creds","appdev/refs/api/krb5_get_server_rcache","appdev/refs/api/krb5_get_time_offsets","appdev/refs/api/krb5_get_validated_creds","appdev/refs/api/krb5_init_context","appdev/refs/api/krb5_init_context_profile","appdev/refs/api/krb5_init_creds_free","appdev/refs/api/krb5_init_creds_get","appdev/refs/api/krb5_init_creds_get_creds","appdev/refs/api/krb5_init_creds_get_error","appdev/refs/api/krb5_init_creds_get_times","appdev/refs/api/krb5_init_creds_init","appdev/refs/api/krb5_init_creds_set_keytab","appdev/refs/api/krb5_init_creds_set_password","appdev/refs/api/krb5_init_creds_set_service","appdev/refs/api/krb5_init_creds_step","appdev/refs/api/krb5_init_keyblock","appdev/refs/api/krb5_init_random_key","appdev/refs/api/krb5_init_secure_context","appdev/refs/api/krb5_is_config_principal","appdev/refs/api/krb5_is_referral_realm","appdev/refs/api/krb5_is_thread_safe","appdev/refs/api/krb5_k_create_key","appdev/refs/api/krb5_k_decrypt","appdev/refs/api/krb5_k_decrypt_iov","appdev/refs/api/krb5_k_encrypt","appdev/refs/api/krb5_k_encrypt_iov","appdev/refs/api/krb5_k_free_key","appdev/refs/api/krb5_k_key_enctype","appdev/refs/api/krb5_k_key_keyblock","appdev/refs/api/krb5_k_make_checksum","appdev/refs/api/krb5_k_make_checksum_iov","appdev/refs/api/krb5_k_prf","appdev/refs/api/krb5_k_reference_key","appdev/refs/api/krb5_k_verify_checksum","appdev/refs/api/krb5_k_verify_checksum_iov","appdev/refs/api/krb5_kdc_sign_ticket","appdev/refs/api/krb5_kdc_verify_ticket","appdev/refs/api/krb5_kt_add_entry","appdev/refs/api/krb5_kt_client_default","appdev/refs/api/krb5_kt_close","appdev/refs/api/krb5_kt_default","appdev/refs/api/krb5_kt_default_name","appdev/refs/api/krb5_kt_dup","appdev/refs/api/krb5_kt_end_seq_get","appdev/refs/api/krb5_kt_free_entry","appdev/refs/api/krb5_kt_get_entry","appdev/refs/api/krb5_kt_get_name","appdev/refs/api/krb5_kt_get_type","appdev/refs/api/krb5_kt_have_content","appdev/refs/api/krb5_kt_next_entry","appdev/refs/api/krb5_kt_read_service_key","appdev/refs/api/krb5_kt_remove_entry","appdev/refs/api/krb5_kt_resolve","appdev/refs/api/krb5_kt_start_seq_get","appdev/refs/api/krb5_kuserok","appdev/refs/api/krb5_make_authdata_kdc_issued","appdev/refs/api/krb5_marshal_credentials","appdev/refs/api/krb5_merge_authdata","appdev/refs/api/krb5_mk_1cred","appdev/refs/api/krb5_mk_error","appdev/refs/api/krb5_mk_ncred","appdev/refs/api/krb5_mk_priv","appdev/refs/api/krb5_mk_rep","appdev/refs/api/krb5_mk_rep_dce","appdev/refs/api/krb5_mk_req","appdev/refs/api/krb5_mk_req_extended","appdev/refs/api/krb5_mk_safe","appdev/refs/api/krb5_os_localaddr","appdev/refs/api/krb5_pac_add_buffer","appdev/refs/api/krb5_pac_free","appdev/refs/api/krb5_pac_get_buffer","appdev/refs/api/krb5_pac_get_client_info","appdev/refs/api/krb5_pac_get_types","appdev/refs/api/krb5_pac_init","appdev/refs/api/krb5_pac_parse","appdev/refs/api/krb5_pac_sign","appdev/refs/api/krb5_pac_sign_ext","appdev/refs/api/krb5_pac_verify","appdev/refs/api/krb5_pac_verify_ext","appdev/refs/api/krb5_parse_name","appdev/refs/api/krb5_parse_name_flags","appdev/refs/api/krb5_prepend_error_message","appdev/refs/api/krb5_principal2salt","appdev/refs/api/krb5_principal_compare","appdev/refs/api/krb5_principal_compare_any_realm","appdev/refs/api/krb5_principal_compare_flags","appdev/refs/api/krb5_process_key","appdev/refs/api/krb5_prompter_posix","appdev/refs/api/krb5_random_key","appdev/refs/api/krb5_rd_cred","appdev/refs/api/krb5_rd_error","appdev/refs/api/krb5_rd_priv","appdev/refs/api/krb5_rd_rep","appdev/refs/api/krb5_rd_rep_dce","appdev/refs/api/krb5_rd_req","appdev/refs/api/krb5_rd_safe","appdev/refs/api/krb5_read_password","appdev/refs/api/krb5_realm_compare","appdev/refs/api/krb5_recvauth","appdev/refs/api/krb5_recvauth_version","appdev/refs/api/krb5_responder_get_challenge","appdev/refs/api/krb5_responder_list_questions","appdev/refs/api/krb5_responder_otp_challenge_free","appdev/refs/api/krb5_responder_otp_get_challenge","appdev/refs/api/krb5_responder_otp_set_answer","appdev/refs/api/krb5_responder_pkinit_challenge_free","appdev/refs/api/krb5_responder_pkinit_get_challenge","appdev/refs/api/krb5_responder_pkinit_set_answer","appdev/refs/api/krb5_responder_set_answer","appdev/refs/api/krb5_salttype_to_string","appdev/refs/api/krb5_sendauth","appdev/refs/api/krb5_server_decrypt_ticket_keytab","appdev/refs/api/krb5_set_default_realm","appdev/refs/api/krb5_set_default_tgs_enctypes","appdev/refs/api/krb5_set_error_message","appdev/refs/api/krb5_set_kdc_recv_hook","appdev/refs/api/krb5_set_kdc_send_hook","appdev/refs/api/krb5_set_password","appdev/refs/api/krb5_set_password_using_ccache","appdev/refs/api/krb5_set_principal_realm","appdev/refs/api/krb5_set_real_time","appdev/refs/api/krb5_set_trace_callback","appdev/refs/api/krb5_set_trace_filename","appdev/refs/api/krb5_sname_match","appdev/refs/api/krb5_sname_to_principal","appdev/refs/api/krb5_string_to_cksumtype","appdev/refs/api/krb5_string_to_deltat","appdev/refs/api/krb5_string_to_enctype","appdev/refs/api/krb5_string_to_key","appdev/refs/api/krb5_string_to_salttype","appdev/refs/api/krb5_string_to_timestamp","appdev/refs/api/krb5_timeofday","appdev/refs/api/krb5_timestamp_to_sfstring","appdev/refs/api/krb5_timestamp_to_string","appdev/refs/api/krb5_tkt_creds_free","appdev/refs/api/krb5_tkt_creds_get","appdev/refs/api/krb5_tkt_creds_get_creds","appdev/refs/api/krb5_tkt_creds_get_times","appdev/refs/api/krb5_tkt_creds_init","appdev/refs/api/krb5_tkt_creds_step","appdev/refs/api/krb5_unmarshal_credentials","appdev/refs/api/krb5_unparse_name","appdev/refs/api/krb5_unparse_name_ext","appdev/refs/api/krb5_unparse_name_flags","appdev/refs/api/krb5_unparse_name_flags_ext","appdev/refs/api/krb5_us_timeofday","appdev/refs/api/krb5_use_enctype","appdev/refs/api/krb5_verify_authdata_kdc_issued","appdev/refs/api/krb5_verify_checksum","appdev/refs/api/krb5_verify_init_creds","appdev/refs/api/krb5_verify_init_creds_opt_init","appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail","appdev/refs/api/krb5_vprepend_error_message","appdev/refs/api/krb5_vset_error_message","appdev/refs/api/krb5_vwrap_error_message","appdev/refs/api/krb5_wrap_error_message","appdev/refs/index","appdev/refs/macros/ADDRTYPE_ADDRPORT","appdev/refs/macros/ADDRTYPE_CHAOS","appdev/refs/macros/ADDRTYPE_DDP","appdev/refs/macros/ADDRTYPE_INET","appdev/refs/macros/ADDRTYPE_INET6","appdev/refs/macros/ADDRTYPE_IPPORT","appdev/refs/macros/ADDRTYPE_ISO","appdev/refs/macros/ADDRTYPE_IS_LOCAL","appdev/refs/macros/ADDRTYPE_NETBIOS","appdev/refs/macros/ADDRTYPE_XNS","appdev/refs/macros/AD_TYPE_EXTERNAL","appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK","appdev/refs/macros/AD_TYPE_REGISTERED","appdev/refs/macros/AD_TYPE_RESERVED","appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION","appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED","appdev/refs/macros/AP_OPTS_RESERVED","appdev/refs/macros/AP_OPTS_USE_SESSION_KEY","appdev/refs/macros/AP_OPTS_USE_SUBKEY","appdev/refs/macros/AP_OPTS_WIRE_MASK","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256","appdev/refs/macros/CKSUMTYPE_CRC32","appdev/refs/macros/CKSUMTYPE_DESCBC","appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3","appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128","appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256","appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR","appdev/refs/macros/CKSUMTYPE_NIST_SHA","appdev/refs/macros/CKSUMTYPE_RSA_MD4","appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES","appdev/refs/macros/CKSUMTYPE_RSA_MD5","appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES","appdev/refs/macros/CKSUMTYPE_SHA1","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP","appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC","appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC","appdev/refs/macros/ENCTYPE_DES3_CBC_ENV","appdev/refs/macros/ENCTYPE_DES3_CBC_RAW","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1","appdev/refs/macros/ENCTYPE_DES_CBC_CRC","appdev/refs/macros/ENCTYPE_DES_CBC_MD4","appdev/refs/macros/ENCTYPE_DES_CBC_MD5","appdev/refs/macros/ENCTYPE_DES_CBC_RAW","appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1","appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS","appdev/refs/macros/ENCTYPE_MD5_RSA_CMS","appdev/refs/macros/ENCTYPE_NULL","appdev/refs/macros/ENCTYPE_RC2_CBC_ENV","appdev/refs/macros/ENCTYPE_RSA_ENV","appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV","appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS","appdev/refs/macros/ENCTYPE_UNKNOWN","appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE","appdev/refs/macros/KDC_OPT_CANONICALIZE","appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT","appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK","appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY","appdev/refs/macros/KDC_OPT_FORWARDABLE","appdev/refs/macros/KDC_OPT_FORWARDED","appdev/refs/macros/KDC_OPT_POSTDATED","appdev/refs/macros/KDC_OPT_PROXIABLE","appdev/refs/macros/KDC_OPT_PROXY","appdev/refs/macros/KDC_OPT_RENEW","appdev/refs/macros/KDC_OPT_RENEWABLE","appdev/refs/macros/KDC_OPT_RENEWABLE_OK","appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS","appdev/refs/macros/KDC_OPT_VALIDATE","appdev/refs/macros/KDC_TKT_COMMON_MASK","appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE","appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR","appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR","appdev/refs/macros/KRB5_AP_REP","appdev/refs/macros/KRB5_AP_REQ","appdev/refs/macros/KRB5_AS_REP","appdev/refs/macros/KRB5_AS_REQ","appdev/refs/macros/KRB5_AUTHDATA_AND_OR","appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS","appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR","appdev/refs/macros/KRB5_AUTHDATA_CAMMAC","appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION","appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR","appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT","appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS","appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED","appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC","appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE","appdev/refs/macros/KRB5_AUTHDATA_SESAME","appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET","appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR","appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME","appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY","appdev/refs/macros/KRB5_CRED","appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM","appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA","appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY","appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER","appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING","appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY","appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM","appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER","appdev/refs/macros/KRB5_CYBERSAFE_SECUREID","appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS","appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP","appdev/refs/macros/KRB5_ERROR","appdev/refs/macros/KRB5_FAST_REQUIRED","appdev/refs/macros/KRB5_GC_CACHED","appdev/refs/macros/KRB5_GC_CANONICALIZE","appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION","appdev/refs/macros/KRB5_GC_FORWARDABLE","appdev/refs/macros/KRB5_GC_NO_STORE","appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK","appdev/refs/macros/KRB5_GC_USER_USER","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE","appdev/refs/macros/KRB5_INIT_CONTEXT_KDC","appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE","appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE","appdev/refs/macros/KRB5_INT16_MAX","appdev/refs/macros/KRB5_INT16_MIN","appdev/refs/macros/KRB5_INT32_MAX","appdev/refs/macros/KRB5_INT32_MIN","appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE","appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE","appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT","appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS","appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC","appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC","appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV","appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED","appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET","appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART","appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS","appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE","appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST","appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE","appdev/refs/macros/KRB5_KEYUSAGE_SPAKE","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM","appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED","appdev/refs/macros/KRB5_KPASSWD_AUTHERROR","appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION","appdev/refs/macros/KRB5_KPASSWD_HARDERROR","appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED","appdev/refs/macros/KRB5_KPASSWD_MALFORMED","appdev/refs/macros/KRB5_KPASSWD_SOFTERROR","appdev/refs/macros/KRB5_KPASSWD_SUCCESS","appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME","appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL","appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL","appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED","appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME","appdev/refs/macros/KRB5_LRQ_NONE","appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME","appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL","appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL","appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED","appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME","appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL","appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID","appdev/refs/macros/KRB5_NT_PRINCIPAL","appdev/refs/macros/KRB5_NT_SMTP_NAME","appdev/refs/macros/KRB5_NT_SRV_HST","appdev/refs/macros/KRB5_NT_SRV_INST","appdev/refs/macros/KRB5_NT_SRV_XHST","appdev/refs/macros/KRB5_NT_UID","appdev/refs/macros/KRB5_NT_UNKNOWN","appdev/refs/macros/KRB5_NT_WELLKNOWN","appdev/refs/macros/KRB5_NT_X500_PRINCIPAL","appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO","appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS","appdev/refs/macros/KRB5_PAC_CLIENT_INFO","appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO","appdev/refs/macros/KRB5_PAC_DELEGATION_INFO","appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS","appdev/refs/macros/KRB5_PAC_DEVICE_INFO","appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM","appdev/refs/macros/KRB5_PAC_LOGON_INFO","appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM","appdev/refs/macros/KRB5_PAC_REQUESTOR","appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM","appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM","appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO","appdev/refs/macros/KRB5_PADATA_AFS3_SALT","appdev/refs/macros/KRB5_PADATA_AP_REQ","appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM","appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS","appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE","appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID","appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP","appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2","appdev/refs/macros/KRB5_PADATA_FOR_USER","appdev/refs/macros/KRB5_PADATA_FX_COOKIE","appdev/refs/macros/KRB5_PADATA_FX_ERROR","appdev/refs/macros/KRB5_PADATA_FX_FAST","appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA","appdev/refs/macros/KRB5_PADATA_NONE","appdev/refs/macros/KRB5_PADATA_OSF_DCE","appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE","appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE","appdev/refs/macros/KRB5_PADATA_OTP_REQUEST","appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS","appdev/refs/macros/KRB5_PADATA_PAC_REQUEST","appdev/refs/macros/KRB5_PADATA_PKINIT_KX","appdev/refs/macros/KRB5_PADATA_PK_AS_REP","appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD","appdev/refs/macros/KRB5_PADATA_PW_SALT","appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2","appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY","appdev/refs/macros/KRB5_PADATA_REFERRAL","appdev/refs/macros/KRB5_PADATA_S4U_X509_USER","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2","appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2","appdev/refs/macros/KRB5_PADATA_SESAME","appdev/refs/macros/KRB5_PADATA_SPAKE","appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO","appdev/refs/macros/KRB5_PADATA_TGS_REQ","appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT","appdev/refs/macros/KRB5_PRIV","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN","appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD","appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH","appdev/refs/macros/KRB5_PVNO","appdev/refs/macros/KRB5_REALM_BRANCH_CHAR","appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS","appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION","appdev/refs/macros/KRB5_REFERRAL_REALM","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED","appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT","appdev/refs/macros/KRB5_SAFE","appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD","appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD","appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY","appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT","appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA","appdev/refs/macros/KRB5_TC_MATCH_FLAGS","appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT","appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY","appdev/refs/macros/KRB5_TC_MATCH_KTYPE","appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY","appdev/refs/macros/KRB5_TC_MATCH_TIMES","appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT","appdev/refs/macros/KRB5_TC_NOTICKET","appdev/refs/macros/KRB5_TC_OPENCLOSE","appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES","appdev/refs/macros/KRB5_TGS_NAME","appdev/refs/macros/KRB5_TGS_NAME_SIZE","appdev/refs/macros/KRB5_TGS_REP","appdev/refs/macros/KRB5_TGS_REQ","appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE","appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL","appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR","appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK","appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY","appdev/refs/macros/MAX_KEYTAB_NAME_LEN","appdev/refs/macros/MSEC_DIRBIT","appdev/refs/macros/MSEC_VAL_MASK","appdev/refs/macros/SALT_TYPE_AFS_LENGTH","appdev/refs/macros/SALT_TYPE_NO_LENGTH","appdev/refs/macros/THREEPARAMOPEN","appdev/refs/macros/TKT_FLG_ANONYMOUS","appdev/refs/macros/TKT_FLG_ENC_PA_REP","appdev/refs/macros/TKT_FLG_FORWARDABLE","appdev/refs/macros/TKT_FLG_FORWARDED","appdev/refs/macros/TKT_FLG_HW_AUTH","appdev/refs/macros/TKT_FLG_INITIAL","appdev/refs/macros/TKT_FLG_INVALID","appdev/refs/macros/TKT_FLG_MAY_POSTDATE","appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE","appdev/refs/macros/TKT_FLG_POSTDATED","appdev/refs/macros/TKT_FLG_PRE_AUTH","appdev/refs/macros/TKT_FLG_PROXIABLE","appdev/refs/macros/TKT_FLG_PROXY","appdev/refs/macros/TKT_FLG_RENEWABLE","appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED","appdev/refs/macros/VALID_INT_BITS","appdev/refs/macros/VALID_UINT_BITS","appdev/refs/macros/index","appdev/refs/macros/krb524_convert_creds_kdc","appdev/refs/macros/krb524_init_ets","appdev/refs/macros/krb5_const","appdev/refs/macros/krb5_princ_component","appdev/refs/macros/krb5_princ_name","appdev/refs/macros/krb5_princ_realm","appdev/refs/macros/krb5_princ_set_realm","appdev/refs/macros/krb5_princ_set_realm_data","appdev/refs/macros/krb5_princ_set_realm_length","appdev/refs/macros/krb5_princ_size","appdev/refs/macros/krb5_princ_type","appdev/refs/macros/krb5_roundup","appdev/refs/macros/krb5_x","appdev/refs/macros/krb5_xc","appdev/refs/types/index","appdev/refs/types/krb5_address","appdev/refs/types/krb5_addrtype","appdev/refs/types/krb5_ap_rep","appdev/refs/types/krb5_ap_rep_enc_part","appdev/refs/types/krb5_ap_req","appdev/refs/types/krb5_auth_context","appdev/refs/types/krb5_authdata","appdev/refs/types/krb5_authdatatype","appdev/refs/types/krb5_authenticator","appdev/refs/types/krb5_boolean","appdev/refs/types/krb5_cc_cursor","appdev/refs/types/krb5_ccache","appdev/refs/types/krb5_cccol_cursor","appdev/refs/types/krb5_checksum","appdev/refs/types/krb5_cksumtype","appdev/refs/types/krb5_const_pointer","appdev/refs/types/krb5_const_principal","appdev/refs/types/krb5_context","appdev/refs/types/krb5_cred","appdev/refs/types/krb5_cred_enc_part","appdev/refs/types/krb5_cred_info","appdev/refs/types/krb5_creds","appdev/refs/types/krb5_crypto_iov","appdev/refs/types/krb5_cryptotype","appdev/refs/types/krb5_data","appdev/refs/types/krb5_deltat","appdev/refs/types/krb5_enc_data","appdev/refs/types/krb5_enc_kdc_rep_part","appdev/refs/types/krb5_enc_tkt_part","appdev/refs/types/krb5_encrypt_block","appdev/refs/types/krb5_enctype","appdev/refs/types/krb5_error","appdev/refs/types/krb5_error_code","appdev/refs/types/krb5_expire_callback_func","appdev/refs/types/krb5_flags","appdev/refs/types/krb5_get_init_creds_opt","appdev/refs/types/krb5_gic_opt_pa_data","appdev/refs/types/krb5_init_creds_context","appdev/refs/types/krb5_int16","appdev/refs/types/krb5_int32","appdev/refs/types/krb5_kdc_rep","appdev/refs/types/krb5_kdc_req","appdev/refs/types/krb5_key","appdev/refs/types/krb5_keyblock","appdev/refs/types/krb5_keytab","appdev/refs/types/krb5_keytab_entry","appdev/refs/types/krb5_keyusage","appdev/refs/types/krb5_kt_cursor","appdev/refs/types/krb5_kvno","appdev/refs/types/krb5_last_req_entry","appdev/refs/types/krb5_magic","appdev/refs/types/krb5_mk_req_checksum_func","appdev/refs/types/krb5_msgtype","appdev/refs/types/krb5_octet","appdev/refs/types/krb5_pa_data","appdev/refs/types/krb5_pa_pac_req","appdev/refs/types/krb5_pa_server_referral_data","appdev/refs/types/krb5_pa_svr_referral_data","appdev/refs/types/krb5_pac","appdev/refs/types/krb5_pointer","appdev/refs/types/krb5_post_recv_fn","appdev/refs/types/krb5_pre_send_fn","appdev/refs/types/krb5_preauthtype","appdev/refs/types/krb5_principal","appdev/refs/types/krb5_principal_data","appdev/refs/types/krb5_prompt","appdev/refs/types/krb5_prompt_type","appdev/refs/types/krb5_prompter_fct","appdev/refs/types/krb5_pwd_data","appdev/refs/types/krb5_rcache","appdev/refs/types/krb5_replay_data","appdev/refs/types/krb5_responder_context","appdev/refs/types/krb5_responder_fn","appdev/refs/types/krb5_responder_otp_challenge","appdev/refs/types/krb5_responder_otp_tokeninfo","appdev/refs/types/krb5_responder_pkinit_challenge","appdev/refs/types/krb5_responder_pkinit_identity","appdev/refs/types/krb5_response","appdev/refs/types/krb5_ticket","appdev/refs/types/krb5_ticket_times","appdev/refs/types/krb5_timestamp","appdev/refs/types/krb5_tkt_authent","appdev/refs/types/krb5_tkt_creds_context","appdev/refs/types/krb5_trace_callback","appdev/refs/types/krb5_trace_info","appdev/refs/types/krb5_transited","appdev/refs/types/krb5_typed_data","appdev/refs/types/krb5_ui_2","appdev/refs/types/krb5_ui_4","appdev/refs/types/krb5_verify_init_creds_opt","appdev/refs/types/passwd_phrase_element","appdev/y2038","basic/ccache_def","basic/date_format","basic/index","basic/keytab_def","basic/rcache_def","basic/stash_file_def","build/directory_org","build/doing_build","build/index","build/options2configure","build/osconf","build_this","copyright","formats/ccache_file_format","formats/cookie","formats/freshness_token","formats/index","formats/keytab_file_format","formats/rcache_file_format","index","mitK5defaults","mitK5features","mitK5license","plugindev/ccselect","plugindev/certauth","plugindev/clpreauth","plugindev/general","plugindev/gssapi","plugindev/hostrealm","plugindev/index","plugindev/internal","plugindev/kadm5_auth","plugindev/kadm5_hook","plugindev/kdcpolicy","plugindev/kdcpreauth","plugindev/localauth","plugindev/locate","plugindev/profile","plugindev/pwqual","resources","user/index","user/pwd_mgmt","user/tkt_mgmt","user/user_commands/index","user/user_commands/kdestroy","user/user_commands/kinit","user/user_commands/klist","user/user_commands/kpasswd","user/user_commands/krb5-config","user/user_commands/ksu","user/user_commands/kswitch","user/user_commands/kvno","user/user_commands/sclient","user/user_config/index","user/user_config/k5identity","user/user_config/k5login","user/user_config/kerberos"],envversion:{"sphinx.domains.c":2,"sphinx.domains.changeset":1,"sphinx.domains.citation":1,"sphinx.domains.cpp":4,"sphinx.domains.index":1,"sphinx.domains.javascript":2,"sphinx.domains.math":2,"sphinx.domains.python":3,"sphinx.domains.rst":2,"sphinx.domains.std":2,sphinx:56},filenames:["about.rst","admin/admin_commands/index.rst","admin/admin_commands/k5srvutil.rst","admin/admin_commands/kadmin_local.rst","admin/admin_commands/kadmind.rst","admin/admin_commands/kdb5_ldap_util.rst","admin/admin_commands/kdb5_util.rst","admin/admin_commands/kprop.rst","admin/admin_commands/kpropd.rst","admin/admin_commands/kproplog.rst","admin/admin_commands/krb5kdc.rst","admin/admin_commands/ktutil.rst","admin/admin_commands/sserver.rst","admin/advanced/index.rst","admin/advanced/retiring-des.rst","admin/appl_servers.rst","admin/auth_indicator.rst","admin/backup_host.rst","admin/conf_files/index.rst","admin/conf_files/kadm5_acl.rst","admin/conf_files/kdc_conf.rst","admin/conf_files/krb5_conf.rst","admin/conf_ldap.rst","admin/database.rst","admin/dbtypes.rst","admin/dictionary.rst","admin/enctypes.rst","admin/env_variables.rst","admin/host_config.rst","admin/https.rst","admin/index.rst","admin/install.rst","admin/install_appl_srv.rst","admin/install_clients.rst","admin/install_kdc.rst","admin/lockout.rst","admin/otp.rst","admin/pkinit.rst","admin/princ_dns.rst","admin/realm_config.rst","admin/spake.rst","admin/troubleshoot.rst","admin/various_envs.rst","appdev/gssapi.rst","appdev/h5l_mit_apidiff.rst","appdev/index.rst","appdev/init_creds.rst","appdev/princ_handle.rst","appdev/refs/api/index.rst","appdev/refs/api/krb5_425_conv_principal.rst","appdev/refs/api/krb5_524_conv_principal.rst","appdev/refs/api/krb5_524_convert_creds.rst","appdev/refs/api/krb5_address_compare.rst","appdev/refs/api/krb5_address_order.rst","appdev/refs/api/krb5_address_search.rst","appdev/refs/api/krb5_allow_weak_crypto.rst","appdev/refs/api/krb5_aname_to_localname.rst","appdev/refs/api/krb5_anonymous_principal.rst","appdev/refs/api/krb5_anonymous_realm.rst","appdev/refs/api/krb5_appdefault_boolean.rst","appdev/refs/api/krb5_appdefault_string.rst","appdev/refs/api/krb5_auth_con_free.rst","appdev/refs/api/krb5_auth_con_genaddrs.rst","appdev/refs/api/krb5_auth_con_get_checksum_func.rst","appdev/refs/api/krb5_auth_con_getaddrs.rst","appdev/refs/api/krb5_auth_con_getauthenticator.rst","appdev/refs/api/krb5_auth_con_getflags.rst","appdev/refs/api/krb5_auth_con_getkey.rst","appdev/refs/api/krb5_auth_con_getkey_k.rst","appdev/refs/api/krb5_auth_con_getlocalseqnumber.rst","appdev/refs/api/krb5_auth_con_getlocalsubkey.rst","appdev/refs/api/krb5_auth_con_getrcache.rst","appdev/refs/api/krb5_auth_con_getrecvsubkey.rst","appdev/refs/api/krb5_auth_con_getrecvsubkey_k.rst","appdev/refs/api/krb5_auth_con_getremoteseqnumber.rst","appdev/refs/api/krb5_auth_con_getremotesubkey.rst","appdev/refs/api/krb5_auth_con_getsendsubkey.rst","appdev/refs/api/krb5_auth_con_getsendsubkey_k.rst","appdev/refs/api/krb5_auth_con_init.rst","appdev/refs/api/krb5_auth_con_initivector.rst","appdev/refs/api/krb5_auth_con_set_checksum_func.rst","appdev/refs/api/krb5_auth_con_set_req_cksumtype.rst","appdev/refs/api/krb5_auth_con_setaddrs.rst","appdev/refs/api/krb5_auth_con_setflags.rst","appdev/refs/api/krb5_auth_con_setports.rst","appdev/refs/api/krb5_auth_con_setrcache.rst","appdev/refs/api/krb5_auth_con_setrecvsubkey.rst","appdev/refs/api/krb5_auth_con_setrecvsubkey_k.rst","appdev/refs/api/krb5_auth_con_setsendsubkey.rst","appdev/refs/api/krb5_auth_con_setsendsubkey_k.rst","appdev/refs/api/krb5_auth_con_setuseruserkey.rst","appdev/refs/api/krb5_build_principal.rst","appdev/refs/api/krb5_build_principal_alloc_va.rst","appdev/refs/api/krb5_build_principal_ext.rst","appdev/refs/api/krb5_build_principal_va.rst","appdev/refs/api/krb5_c_block_size.rst","appdev/refs/api/krb5_c_checksum_length.rst","appdev/refs/api/krb5_c_crypto_length.rst","appdev/refs/api/krb5_c_crypto_length_iov.rst","appdev/refs/api/krb5_c_decrypt.rst","appdev/refs/api/krb5_c_decrypt_iov.rst","appdev/refs/api/krb5_c_derive_prfplus.rst","appdev/refs/api/krb5_c_encrypt.rst","appdev/refs/api/krb5_c_encrypt_iov.rst","appdev/refs/api/krb5_c_encrypt_length.rst","appdev/refs/api/krb5_c_enctype_compare.rst","appdev/refs/api/krb5_c_free_state.rst","appdev/refs/api/krb5_c_fx_cf2_simple.rst","appdev/refs/api/krb5_c_init_state.rst","appdev/refs/api/krb5_c_is_coll_proof_cksum.rst","appdev/refs/api/krb5_c_is_keyed_cksum.rst","appdev/refs/api/krb5_c_keyed_checksum_types.rst","appdev/refs/api/krb5_c_keylengths.rst","appdev/refs/api/krb5_c_make_checksum.rst","appdev/refs/api/krb5_c_make_checksum_iov.rst","appdev/refs/api/krb5_c_make_random_key.rst","appdev/refs/api/krb5_c_padding_length.rst","appdev/refs/api/krb5_c_prf.rst","appdev/refs/api/krb5_c_prf_length.rst","appdev/refs/api/krb5_c_prfplus.rst","appdev/refs/api/krb5_c_random_add_entropy.rst","appdev/refs/api/krb5_c_random_make_octets.rst","appdev/refs/api/krb5_c_random_os_entropy.rst","appdev/refs/api/krb5_c_random_seed.rst","appdev/refs/api/krb5_c_random_to_key.rst","appdev/refs/api/krb5_c_string_to_key.rst","appdev/refs/api/krb5_c_string_to_key_with_params.rst","appdev/refs/api/krb5_c_valid_cksumtype.rst","appdev/refs/api/krb5_c_valid_enctype.rst","appdev/refs/api/krb5_c_verify_checksum.rst","appdev/refs/api/krb5_c_verify_checksum_iov.rst","appdev/refs/api/krb5_calculate_checksum.rst","appdev/refs/api/krb5_cc_cache_match.rst","appdev/refs/api/krb5_cc_close.rst","appdev/refs/api/krb5_cc_copy_creds.rst","appdev/refs/api/krb5_cc_default.rst","appdev/refs/api/krb5_cc_default_name.rst","appdev/refs/api/krb5_cc_destroy.rst","appdev/refs/api/krb5_cc_dup.rst","appdev/refs/api/krb5_cc_end_seq_get.rst","appdev/refs/api/krb5_cc_gen_new.rst","appdev/refs/api/krb5_cc_get_config.rst","appdev/refs/api/krb5_cc_get_flags.rst","appdev/refs/api/krb5_cc_get_full_name.rst","appdev/refs/api/krb5_cc_get_name.rst","appdev/refs/api/krb5_cc_get_principal.rst","appdev/refs/api/krb5_cc_get_type.rst","appdev/refs/api/krb5_cc_initialize.rst","appdev/refs/api/krb5_cc_move.rst","appdev/refs/api/krb5_cc_new_unique.rst","appdev/refs/api/krb5_cc_next_cred.rst","appdev/refs/api/krb5_cc_remove_cred.rst","appdev/refs/api/krb5_cc_resolve.rst","appdev/refs/api/krb5_cc_retrieve_cred.rst","appdev/refs/api/krb5_cc_select.rst","appdev/refs/api/krb5_cc_set_config.rst","appdev/refs/api/krb5_cc_set_default_name.rst","appdev/refs/api/krb5_cc_set_flags.rst","appdev/refs/api/krb5_cc_start_seq_get.rst","appdev/refs/api/krb5_cc_store_cred.rst","appdev/refs/api/krb5_cc_support_switch.rst","appdev/refs/api/krb5_cc_switch.rst","appdev/refs/api/krb5_cccol_cursor_free.rst","appdev/refs/api/krb5_cccol_cursor_new.rst","appdev/refs/api/krb5_cccol_cursor_next.rst","appdev/refs/api/krb5_cccol_have_content.rst","appdev/refs/api/krb5_change_password.rst","appdev/refs/api/krb5_check_clockskew.rst","appdev/refs/api/krb5_checksum_size.rst","appdev/refs/api/krb5_chpw_message.rst","appdev/refs/api/krb5_cksumtype_to_string.rst","appdev/refs/api/krb5_clear_error_message.rst","appdev/refs/api/krb5_copy_addresses.rst","appdev/refs/api/krb5_copy_authdata.rst","appdev/refs/api/krb5_copy_authenticator.rst","appdev/refs/api/krb5_copy_checksum.rst","appdev/refs/api/krb5_copy_context.rst","appdev/refs/api/krb5_copy_creds.rst","appdev/refs/api/krb5_copy_data.rst","appdev/refs/api/krb5_copy_error_message.rst","appdev/refs/api/krb5_copy_keyblock.rst","appdev/refs/api/krb5_copy_keyblock_contents.rst","appdev/refs/api/krb5_copy_principal.rst","appdev/refs/api/krb5_copy_ticket.rst","appdev/refs/api/krb5_decode_authdata_container.rst","appdev/refs/api/krb5_decode_ticket.rst","appdev/refs/api/krb5_decrypt.rst","appdev/refs/api/krb5_deltat_to_string.rst","appdev/refs/api/krb5_eblock_enctype.rst","appdev/refs/api/krb5_encode_authdata_container.rst","appdev/refs/api/krb5_encrypt.rst","appdev/refs/api/krb5_encrypt_size.rst","appdev/refs/api/krb5_enctype_to_name.rst","appdev/refs/api/krb5_enctype_to_string.rst","appdev/refs/api/krb5_expand_hostname.rst","appdev/refs/api/krb5_find_authdata.rst","appdev/refs/api/krb5_finish_key.rst","appdev/refs/api/krb5_finish_random_key.rst","appdev/refs/api/krb5_free_addresses.rst","appdev/refs/api/krb5_free_ap_rep_enc_part.rst","appdev/refs/api/krb5_free_authdata.rst","appdev/refs/api/krb5_free_authenticator.rst","appdev/refs/api/krb5_free_checksum.rst","appdev/refs/api/krb5_free_checksum_contents.rst","appdev/refs/api/krb5_free_cksumtypes.rst","appdev/refs/api/krb5_free_context.rst","appdev/refs/api/krb5_free_cred_contents.rst","appdev/refs/api/krb5_free_creds.rst","appdev/refs/api/krb5_free_data.rst","appdev/refs/api/krb5_free_data_contents.rst","appdev/refs/api/krb5_free_default_realm.rst","appdev/refs/api/krb5_free_enctypes.rst","appdev/refs/api/krb5_free_error.rst","appdev/refs/api/krb5_free_error_message.rst","appdev/refs/api/krb5_free_host_realm.rst","appdev/refs/api/krb5_free_keyblock.rst","appdev/refs/api/krb5_free_keyblock_contents.rst","appdev/refs/api/krb5_free_keytab_entry_contents.rst","appdev/refs/api/krb5_free_principal.rst","appdev/refs/api/krb5_free_string.rst","appdev/refs/api/krb5_free_tgt_creds.rst","appdev/refs/api/krb5_free_ticket.rst","appdev/refs/api/krb5_free_unparsed_name.rst","appdev/refs/api/krb5_fwd_tgt_creds.rst","appdev/refs/api/krb5_get_credentials.rst","appdev/refs/api/krb5_get_credentials_renew.rst","appdev/refs/api/krb5_get_credentials_validate.rst","appdev/refs/api/krb5_get_default_realm.rst","appdev/refs/api/krb5_get_error_message.rst","appdev/refs/api/krb5_get_etype_info.rst","appdev/refs/api/krb5_get_fallback_host_realm.rst","appdev/refs/api/krb5_get_host_realm.rst","appdev/refs/api/krb5_get_in_tkt_with_keytab.rst","appdev/refs/api/krb5_get_in_tkt_with_password.rst","appdev/refs/api/krb5_get_in_tkt_with_skey.rst","appdev/refs/api/krb5_get_init_creds_keytab.rst","appdev/refs/api/krb5_get_init_creds_opt_alloc.rst","appdev/refs/api/krb5_get_init_creds_opt_free.rst","appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags.rst","appdev/refs/api/krb5_get_init_creds_opt_init.rst","appdev/refs/api/krb5_get_init_creds_opt_set_address_list.rst","appdev/refs/api/krb5_get_init_creds_opt_set_anonymous.rst","appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize.rst","appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt.rst","appdev/refs/api/krb5_get_init_creds_opt_set_etype_list.rst","appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback.rst","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache.rst","appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name.rst","appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags.rst","appdev/refs/api/krb5_get_init_creds_opt_set_forwardable.rst","appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache.rst","appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache.rst","appdev/refs/api/krb5_get_init_creds_opt_set_pa.rst","appdev/refs/api/krb5_get_init_creds_opt_set_pac_request.rst","appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list.rst","appdev/refs/api/krb5_get_init_creds_opt_set_proxiable.rst","appdev/refs/api/krb5_get_init_creds_opt_set_renew_life.rst","appdev/refs/api/krb5_get_init_creds_opt_set_responder.rst","appdev/refs/api/krb5_get_init_creds_opt_set_salt.rst","appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life.rst","appdev/refs/api/krb5_get_init_creds_password.rst","appdev/refs/api/krb5_get_permitted_enctypes.rst","appdev/refs/api/krb5_get_profile.rst","appdev/refs/api/krb5_get_prompt_types.rst","appdev/refs/api/krb5_get_renewed_creds.rst","appdev/refs/api/krb5_get_server_rcache.rst","appdev/refs/api/krb5_get_time_offsets.rst","appdev/refs/api/krb5_get_validated_creds.rst","appdev/refs/api/krb5_init_context.rst","appdev/refs/api/krb5_init_context_profile.rst","appdev/refs/api/krb5_init_creds_free.rst","appdev/refs/api/krb5_init_creds_get.rst","appdev/refs/api/krb5_init_creds_get_creds.rst","appdev/refs/api/krb5_init_creds_get_error.rst","appdev/refs/api/krb5_init_creds_get_times.rst","appdev/refs/api/krb5_init_creds_init.rst","appdev/refs/api/krb5_init_creds_set_keytab.rst","appdev/refs/api/krb5_init_creds_set_password.rst","appdev/refs/api/krb5_init_creds_set_service.rst","appdev/refs/api/krb5_init_creds_step.rst","appdev/refs/api/krb5_init_keyblock.rst","appdev/refs/api/krb5_init_random_key.rst","appdev/refs/api/krb5_init_secure_context.rst","appdev/refs/api/krb5_is_config_principal.rst","appdev/refs/api/krb5_is_referral_realm.rst","appdev/refs/api/krb5_is_thread_safe.rst","appdev/refs/api/krb5_k_create_key.rst","appdev/refs/api/krb5_k_decrypt.rst","appdev/refs/api/krb5_k_decrypt_iov.rst","appdev/refs/api/krb5_k_encrypt.rst","appdev/refs/api/krb5_k_encrypt_iov.rst","appdev/refs/api/krb5_k_free_key.rst","appdev/refs/api/krb5_k_key_enctype.rst","appdev/refs/api/krb5_k_key_keyblock.rst","appdev/refs/api/krb5_k_make_checksum.rst","appdev/refs/api/krb5_k_make_checksum_iov.rst","appdev/refs/api/krb5_k_prf.rst","appdev/refs/api/krb5_k_reference_key.rst","appdev/refs/api/krb5_k_verify_checksum.rst","appdev/refs/api/krb5_k_verify_checksum_iov.rst","appdev/refs/api/krb5_kdc_sign_ticket.rst","appdev/refs/api/krb5_kdc_verify_ticket.rst","appdev/refs/api/krb5_kt_add_entry.rst","appdev/refs/api/krb5_kt_client_default.rst","appdev/refs/api/krb5_kt_close.rst","appdev/refs/api/krb5_kt_default.rst","appdev/refs/api/krb5_kt_default_name.rst","appdev/refs/api/krb5_kt_dup.rst","appdev/refs/api/krb5_kt_end_seq_get.rst","appdev/refs/api/krb5_kt_free_entry.rst","appdev/refs/api/krb5_kt_get_entry.rst","appdev/refs/api/krb5_kt_get_name.rst","appdev/refs/api/krb5_kt_get_type.rst","appdev/refs/api/krb5_kt_have_content.rst","appdev/refs/api/krb5_kt_next_entry.rst","appdev/refs/api/krb5_kt_read_service_key.rst","appdev/refs/api/krb5_kt_remove_entry.rst","appdev/refs/api/krb5_kt_resolve.rst","appdev/refs/api/krb5_kt_start_seq_get.rst","appdev/refs/api/krb5_kuserok.rst","appdev/refs/api/krb5_make_authdata_kdc_issued.rst","appdev/refs/api/krb5_marshal_credentials.rst","appdev/refs/api/krb5_merge_authdata.rst","appdev/refs/api/krb5_mk_1cred.rst","appdev/refs/api/krb5_mk_error.rst","appdev/refs/api/krb5_mk_ncred.rst","appdev/refs/api/krb5_mk_priv.rst","appdev/refs/api/krb5_mk_rep.rst","appdev/refs/api/krb5_mk_rep_dce.rst","appdev/refs/api/krb5_mk_req.rst","appdev/refs/api/krb5_mk_req_extended.rst","appdev/refs/api/krb5_mk_safe.rst","appdev/refs/api/krb5_os_localaddr.rst","appdev/refs/api/krb5_pac_add_buffer.rst","appdev/refs/api/krb5_pac_free.rst","appdev/refs/api/krb5_pac_get_buffer.rst","appdev/refs/api/krb5_pac_get_client_info.rst","appdev/refs/api/krb5_pac_get_types.rst","appdev/refs/api/krb5_pac_init.rst","appdev/refs/api/krb5_pac_parse.rst","appdev/refs/api/krb5_pac_sign.rst","appdev/refs/api/krb5_pac_sign_ext.rst","appdev/refs/api/krb5_pac_verify.rst","appdev/refs/api/krb5_pac_verify_ext.rst","appdev/refs/api/krb5_parse_name.rst","appdev/refs/api/krb5_parse_name_flags.rst","appdev/refs/api/krb5_prepend_error_message.rst","appdev/refs/api/krb5_principal2salt.rst","appdev/refs/api/krb5_principal_compare.rst","appdev/refs/api/krb5_principal_compare_any_realm.rst","appdev/refs/api/krb5_principal_compare_flags.rst","appdev/refs/api/krb5_process_key.rst","appdev/refs/api/krb5_prompter_posix.rst","appdev/refs/api/krb5_random_key.rst","appdev/refs/api/krb5_rd_cred.rst","appdev/refs/api/krb5_rd_error.rst","appdev/refs/api/krb5_rd_priv.rst","appdev/refs/api/krb5_rd_rep.rst","appdev/refs/api/krb5_rd_rep_dce.rst","appdev/refs/api/krb5_rd_req.rst","appdev/refs/api/krb5_rd_safe.rst","appdev/refs/api/krb5_read_password.rst","appdev/refs/api/krb5_realm_compare.rst","appdev/refs/api/krb5_recvauth.rst","appdev/refs/api/krb5_recvauth_version.rst","appdev/refs/api/krb5_responder_get_challenge.rst","appdev/refs/api/krb5_responder_list_questions.rst","appdev/refs/api/krb5_responder_otp_challenge_free.rst","appdev/refs/api/krb5_responder_otp_get_challenge.rst","appdev/refs/api/krb5_responder_otp_set_answer.rst","appdev/refs/api/krb5_responder_pkinit_challenge_free.rst","appdev/refs/api/krb5_responder_pkinit_get_challenge.rst","appdev/refs/api/krb5_responder_pkinit_set_answer.rst","appdev/refs/api/krb5_responder_set_answer.rst","appdev/refs/api/krb5_salttype_to_string.rst","appdev/refs/api/krb5_sendauth.rst","appdev/refs/api/krb5_server_decrypt_ticket_keytab.rst","appdev/refs/api/krb5_set_default_realm.rst","appdev/refs/api/krb5_set_default_tgs_enctypes.rst","appdev/refs/api/krb5_set_error_message.rst","appdev/refs/api/krb5_set_kdc_recv_hook.rst","appdev/refs/api/krb5_set_kdc_send_hook.rst","appdev/refs/api/krb5_set_password.rst","appdev/refs/api/krb5_set_password_using_ccache.rst","appdev/refs/api/krb5_set_principal_realm.rst","appdev/refs/api/krb5_set_real_time.rst","appdev/refs/api/krb5_set_trace_callback.rst","appdev/refs/api/krb5_set_trace_filename.rst","appdev/refs/api/krb5_sname_match.rst","appdev/refs/api/krb5_sname_to_principal.rst","appdev/refs/api/krb5_string_to_cksumtype.rst","appdev/refs/api/krb5_string_to_deltat.rst","appdev/refs/api/krb5_string_to_enctype.rst","appdev/refs/api/krb5_string_to_key.rst","appdev/refs/api/krb5_string_to_salttype.rst","appdev/refs/api/krb5_string_to_timestamp.rst","appdev/refs/api/krb5_timeofday.rst","appdev/refs/api/krb5_timestamp_to_sfstring.rst","appdev/refs/api/krb5_timestamp_to_string.rst","appdev/refs/api/krb5_tkt_creds_free.rst","appdev/refs/api/krb5_tkt_creds_get.rst","appdev/refs/api/krb5_tkt_creds_get_creds.rst","appdev/refs/api/krb5_tkt_creds_get_times.rst","appdev/refs/api/krb5_tkt_creds_init.rst","appdev/refs/api/krb5_tkt_creds_step.rst","appdev/refs/api/krb5_unmarshal_credentials.rst","appdev/refs/api/krb5_unparse_name.rst","appdev/refs/api/krb5_unparse_name_ext.rst","appdev/refs/api/krb5_unparse_name_flags.rst","appdev/refs/api/krb5_unparse_name_flags_ext.rst","appdev/refs/api/krb5_us_timeofday.rst","appdev/refs/api/krb5_use_enctype.rst","appdev/refs/api/krb5_verify_authdata_kdc_issued.rst","appdev/refs/api/krb5_verify_checksum.rst","appdev/refs/api/krb5_verify_init_creds.rst","appdev/refs/api/krb5_verify_init_creds_opt_init.rst","appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail.rst","appdev/refs/api/krb5_vprepend_error_message.rst","appdev/refs/api/krb5_vset_error_message.rst","appdev/refs/api/krb5_vwrap_error_message.rst","appdev/refs/api/krb5_wrap_error_message.rst","appdev/refs/index.rst","appdev/refs/macros/ADDRTYPE_ADDRPORT.rst","appdev/refs/macros/ADDRTYPE_CHAOS.rst","appdev/refs/macros/ADDRTYPE_DDP.rst","appdev/refs/macros/ADDRTYPE_INET.rst","appdev/refs/macros/ADDRTYPE_INET6.rst","appdev/refs/macros/ADDRTYPE_IPPORT.rst","appdev/refs/macros/ADDRTYPE_ISO.rst","appdev/refs/macros/ADDRTYPE_IS_LOCAL.rst","appdev/refs/macros/ADDRTYPE_NETBIOS.rst","appdev/refs/macros/ADDRTYPE_XNS.rst","appdev/refs/macros/AD_TYPE_EXTERNAL.rst","appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK.rst","appdev/refs/macros/AD_TYPE_REGISTERED.rst","appdev/refs/macros/AD_TYPE_RESERVED.rst","appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION.rst","appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED.rst","appdev/refs/macros/AP_OPTS_RESERVED.rst","appdev/refs/macros/AP_OPTS_USE_SESSION_KEY.rst","appdev/refs/macros/AP_OPTS_USE_SUBKEY.rst","appdev/refs/macros/AP_OPTS_WIRE_MASK.rst","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128.rst","appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256.rst","appdev/refs/macros/CKSUMTYPE_CRC32.rst","appdev/refs/macros/CKSUMTYPE_DESCBC.rst","appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128.rst","appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256.rst","appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR.rst","appdev/refs/macros/CKSUMTYPE_NIST_SHA.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD4.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD5.rst","appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES.rst","appdev/refs/macros/CKSUMTYPE_SHA1.rst","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96.rst","appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128.rst","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96.rst","appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192.rst","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC.rst","appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP.rst","appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC.rst","appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_ENV.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_RAW.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA.rst","appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1.rst","appdev/refs/macros/ENCTYPE_DES_CBC_CRC.rst","appdev/refs/macros/ENCTYPE_DES_CBC_MD4.rst","appdev/refs/macros/ENCTYPE_DES_CBC_MD5.rst","appdev/refs/macros/ENCTYPE_DES_CBC_RAW.rst","appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1.rst","appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS.rst","appdev/refs/macros/ENCTYPE_MD5_RSA_CMS.rst","appdev/refs/macros/ENCTYPE_NULL.rst","appdev/refs/macros/ENCTYPE_RC2_CBC_ENV.rst","appdev/refs/macros/ENCTYPE_RSA_ENV.rst","appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV.rst","appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS.rst","appdev/refs/macros/ENCTYPE_UNKNOWN.rst","appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE.rst","appdev/refs/macros/KDC_OPT_CANONICALIZE.rst","appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT.rst","appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK.rst","appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY.rst","appdev/refs/macros/KDC_OPT_FORWARDABLE.rst","appdev/refs/macros/KDC_OPT_FORWARDED.rst","appdev/refs/macros/KDC_OPT_POSTDATED.rst","appdev/refs/macros/KDC_OPT_PROXIABLE.rst","appdev/refs/macros/KDC_OPT_PROXY.rst","appdev/refs/macros/KDC_OPT_RENEW.rst","appdev/refs/macros/KDC_OPT_RENEWABLE.rst","appdev/refs/macros/KDC_OPT_RENEWABLE_OK.rst","appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS.rst","appdev/refs/macros/KDC_OPT_VALIDATE.rst","appdev/refs/macros/KDC_TKT_COMMON_MASK.rst","appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE.rst","appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR.rst","appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR.rst","appdev/refs/macros/KRB5_AP_REP.rst","appdev/refs/macros/KRB5_AP_REQ.rst","appdev/refs/macros/KRB5_AS_REP.rst","appdev/refs/macros/KRB5_AS_REQ.rst","appdev/refs/macros/KRB5_AUTHDATA_AND_OR.rst","appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS.rst","appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR.rst","appdev/refs/macros/KRB5_AUTHDATA_CAMMAC.rst","appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION.rst","appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR.rst","appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT.rst","appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.rst","appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED.rst","appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC.rst","appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE.rst","appdev/refs/macros/KRB5_AUTHDATA_SESAME.rst","appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET.rst","appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME.rst","appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY.rst","appdev/refs/macros/KRB5_CRED.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM.rst","appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER.rst","appdev/refs/macros/KRB5_CYBERSAFE_SECUREID.rst","appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS.rst","appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP.rst","appdev/refs/macros/KRB5_ERROR.rst","appdev/refs/macros/KRB5_FAST_REQUIRED.rst","appdev/refs/macros/KRB5_GC_CACHED.rst","appdev/refs/macros/KRB5_GC_CANONICALIZE.rst","appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION.rst","appdev/refs/macros/KRB5_GC_FORWARDABLE.rst","appdev/refs/macros/KRB5_GC_NO_STORE.rst","appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK.rst","appdev/refs/macros/KRB5_GC_USER_USER.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT.rst","appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE.rst","appdev/refs/macros/KRB5_INIT_CONTEXT_KDC.rst","appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE.rst","appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE.rst","appdev/refs/macros/KRB5_INT16_MAX.rst","appdev/refs/macros/KRB5_INT16_MIN.rst","appdev/refs/macros/KRB5_INT32_MAX.rst","appdev/refs/macros/KRB5_INT32_MIN.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE.rst","appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH.rst","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT.rst","appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH.rst","appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ.rst","appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS.rst","appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC.rst","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT.rst","appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP.rst","appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC.rst","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG.rst","appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV.rst","appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED.rst","appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART.rst","appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID.rst","appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE.rst","appdev/refs/macros/KRB5_KEYUSAGE_SPAKE.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH.rst","appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM.rst","appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED.rst","appdev/refs/macros/KRB5_KPASSWD_AUTHERROR.rst","appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION.rst","appdev/refs/macros/KRB5_KPASSWD_HARDERROR.rst","appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED.rst","appdev/refs/macros/KRB5_KPASSWD_MALFORMED.rst","appdev/refs/macros/KRB5_KPASSWD_SOFTERROR.rst","appdev/refs/macros/KRB5_KPASSWD_SUCCESS.rst","appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT.rst","appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED.rst","appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME.rst","appdev/refs/macros/KRB5_LRQ_NONE.rst","appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT.rst","appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED.rst","appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME.rst","appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL.rst","appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID.rst","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL.rst","appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID.rst","appdev/refs/macros/KRB5_NT_PRINCIPAL.rst","appdev/refs/macros/KRB5_NT_SMTP_NAME.rst","appdev/refs/macros/KRB5_NT_SRV_HST.rst","appdev/refs/macros/KRB5_NT_SRV_INST.rst","appdev/refs/macros/KRB5_NT_SRV_XHST.rst","appdev/refs/macros/KRB5_NT_UID.rst","appdev/refs/macros/KRB5_NT_UNKNOWN.rst","appdev/refs/macros/KRB5_NT_WELLKNOWN.rst","appdev/refs/macros/KRB5_NT_X500_PRINCIPAL.rst","appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO.rst","appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS.rst","appdev/refs/macros/KRB5_PAC_CLIENT_INFO.rst","appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO.rst","appdev/refs/macros/KRB5_PAC_DELEGATION_INFO.rst","appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS.rst","appdev/refs/macros/KRB5_PAC_DEVICE_INFO.rst","appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM.rst","appdev/refs/macros/KRB5_PAC_LOGON_INFO.rst","appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM.rst","appdev/refs/macros/KRB5_PAC_REQUESTOR.rst","appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM.rst","appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM.rst","appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO.rst","appdev/refs/macros/KRB5_PADATA_AFS3_SALT.rst","appdev/refs/macros/KRB5_PADATA_AP_REQ.rst","appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM.rst","appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS.rst","appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE.rst","appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID.rst","appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP.rst","appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME.rst","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO.rst","appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2.rst","appdev/refs/macros/KRB5_PADATA_FOR_USER.rst","appdev/refs/macros/KRB5_PADATA_FX_COOKIE.rst","appdev/refs/macros/KRB5_PADATA_FX_ERROR.rst","appdev/refs/macros/KRB5_PADATA_FX_FAST.rst","appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA.rst","appdev/refs/macros/KRB5_PADATA_NONE.rst","appdev/refs/macros/KRB5_PADATA_OSF_DCE.rst","appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE.rst","appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE.rst","appdev/refs/macros/KRB5_PADATA_OTP_REQUEST.rst","appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS.rst","appdev/refs/macros/KRB5_PADATA_PAC_REQUEST.rst","appdev/refs/macros/KRB5_PADATA_PKINIT_KX.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REP.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ.rst","appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD.rst","appdev/refs/macros/KRB5_PADATA_PW_SALT.rst","appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2.rst","appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY.rst","appdev/refs/macros/KRB5_PADATA_REFERRAL.rst","appdev/refs/macros/KRB5_PADATA_S4U_X509_USER.rst","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE.rst","appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2.rst","appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT.rst","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE.rst","appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2.rst","appdev/refs/macros/KRB5_PADATA_SESAME.rst","appdev/refs/macros/KRB5_PADATA_SPAKE.rst","appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO.rst","appdev/refs/macros/KRB5_PADATA_TGS_REQ.rst","appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY.rst","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM.rst","appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT.rst","appdev/refs/macros/KRB5_PRIV.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD.rst","appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH.rst","appdev/refs/macros/KRB5_PVNO.rst","appdev/refs/macros/KRB5_REALM_BRANCH_CHAR.rst","appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS.rst","appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION.rst","appdev/refs/macros/KRB5_REFERRAL_REALM.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL.rst","appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL.rst","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW.rst","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY.rst","appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED.rst","appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP.rst","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD.rst","appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT.rst","appdev/refs/macros/KRB5_SAFE.rst","appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD.rst","appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD.rst","appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY.rst","appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT.rst","appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA.rst","appdev/refs/macros/KRB5_TC_MATCH_FLAGS.rst","appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT.rst","appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY.rst","appdev/refs/macros/KRB5_TC_MATCH_KTYPE.rst","appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY.rst","appdev/refs/macros/KRB5_TC_MATCH_TIMES.rst","appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT.rst","appdev/refs/macros/KRB5_TC_NOTICKET.rst","appdev/refs/macros/KRB5_TC_OPENCLOSE.rst","appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES.rst","appdev/refs/macros/KRB5_TGS_NAME.rst","appdev/refs/macros/KRB5_TGS_NAME_SIZE.rst","appdev/refs/macros/KRB5_TGS_REP.rst","appdev/refs/macros/KRB5_TGS_REQ.rst","appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE.rst","appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL.rst","appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR.rst","appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK.rst","appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY.rst","appdev/refs/macros/MAX_KEYTAB_NAME_LEN.rst","appdev/refs/macros/MSEC_DIRBIT.rst","appdev/refs/macros/MSEC_VAL_MASK.rst","appdev/refs/macros/SALT_TYPE_AFS_LENGTH.rst","appdev/refs/macros/SALT_TYPE_NO_LENGTH.rst","appdev/refs/macros/THREEPARAMOPEN.rst","appdev/refs/macros/TKT_FLG_ANONYMOUS.rst","appdev/refs/macros/TKT_FLG_ENC_PA_REP.rst","appdev/refs/macros/TKT_FLG_FORWARDABLE.rst","appdev/refs/macros/TKT_FLG_FORWARDED.rst","appdev/refs/macros/TKT_FLG_HW_AUTH.rst","appdev/refs/macros/TKT_FLG_INITIAL.rst","appdev/refs/macros/TKT_FLG_INVALID.rst","appdev/refs/macros/TKT_FLG_MAY_POSTDATE.rst","appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE.rst","appdev/refs/macros/TKT_FLG_POSTDATED.rst","appdev/refs/macros/TKT_FLG_PRE_AUTH.rst","appdev/refs/macros/TKT_FLG_PROXIABLE.rst","appdev/refs/macros/TKT_FLG_PROXY.rst","appdev/refs/macros/TKT_FLG_RENEWABLE.rst","appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED.rst","appdev/refs/macros/VALID_INT_BITS.rst","appdev/refs/macros/VALID_UINT_BITS.rst","appdev/refs/macros/index.rst","appdev/refs/macros/krb524_convert_creds_kdc.rst","appdev/refs/macros/krb524_init_ets.rst","appdev/refs/macros/krb5_const.rst","appdev/refs/macros/krb5_princ_component.rst","appdev/refs/macros/krb5_princ_name.rst","appdev/refs/macros/krb5_princ_realm.rst","appdev/refs/macros/krb5_princ_set_realm.rst","appdev/refs/macros/krb5_princ_set_realm_data.rst","appdev/refs/macros/krb5_princ_set_realm_length.rst","appdev/refs/macros/krb5_princ_size.rst","appdev/refs/macros/krb5_princ_type.rst","appdev/refs/macros/krb5_roundup.rst","appdev/refs/macros/krb5_x.rst","appdev/refs/macros/krb5_xc.rst","appdev/refs/types/index.rst","appdev/refs/types/krb5_address.rst","appdev/refs/types/krb5_addrtype.rst","appdev/refs/types/krb5_ap_rep.rst","appdev/refs/types/krb5_ap_rep_enc_part.rst","appdev/refs/types/krb5_ap_req.rst","appdev/refs/types/krb5_auth_context.rst","appdev/refs/types/krb5_authdata.rst","appdev/refs/types/krb5_authdatatype.rst","appdev/refs/types/krb5_authenticator.rst","appdev/refs/types/krb5_boolean.rst","appdev/refs/types/krb5_cc_cursor.rst","appdev/refs/types/krb5_ccache.rst","appdev/refs/types/krb5_cccol_cursor.rst","appdev/refs/types/krb5_checksum.rst","appdev/refs/types/krb5_cksumtype.rst","appdev/refs/types/krb5_const_pointer.rst","appdev/refs/types/krb5_const_principal.rst","appdev/refs/types/krb5_context.rst","appdev/refs/types/krb5_cred.rst","appdev/refs/types/krb5_cred_enc_part.rst","appdev/refs/types/krb5_cred_info.rst","appdev/refs/types/krb5_creds.rst","appdev/refs/types/krb5_crypto_iov.rst","appdev/refs/types/krb5_cryptotype.rst","appdev/refs/types/krb5_data.rst","appdev/refs/types/krb5_deltat.rst","appdev/refs/types/krb5_enc_data.rst","appdev/refs/types/krb5_enc_kdc_rep_part.rst","appdev/refs/types/krb5_enc_tkt_part.rst","appdev/refs/types/krb5_encrypt_block.rst","appdev/refs/types/krb5_enctype.rst","appdev/refs/types/krb5_error.rst","appdev/refs/types/krb5_error_code.rst","appdev/refs/types/krb5_expire_callback_func.rst","appdev/refs/types/krb5_flags.rst","appdev/refs/types/krb5_get_init_creds_opt.rst","appdev/refs/types/krb5_gic_opt_pa_data.rst","appdev/refs/types/krb5_init_creds_context.rst","appdev/refs/types/krb5_int16.rst","appdev/refs/types/krb5_int32.rst","appdev/refs/types/krb5_kdc_rep.rst","appdev/refs/types/krb5_kdc_req.rst","appdev/refs/types/krb5_key.rst","appdev/refs/types/krb5_keyblock.rst","appdev/refs/types/krb5_keytab.rst","appdev/refs/types/krb5_keytab_entry.rst","appdev/refs/types/krb5_keyusage.rst","appdev/refs/types/krb5_kt_cursor.rst","appdev/refs/types/krb5_kvno.rst","appdev/refs/types/krb5_last_req_entry.rst","appdev/refs/types/krb5_magic.rst","appdev/refs/types/krb5_mk_req_checksum_func.rst","appdev/refs/types/krb5_msgtype.rst","appdev/refs/types/krb5_octet.rst","appdev/refs/types/krb5_pa_data.rst","appdev/refs/types/krb5_pa_pac_req.rst","appdev/refs/types/krb5_pa_server_referral_data.rst","appdev/refs/types/krb5_pa_svr_referral_data.rst","appdev/refs/types/krb5_pac.rst","appdev/refs/types/krb5_pointer.rst","appdev/refs/types/krb5_post_recv_fn.rst","appdev/refs/types/krb5_pre_send_fn.rst","appdev/refs/types/krb5_preauthtype.rst","appdev/refs/types/krb5_principal.rst","appdev/refs/types/krb5_principal_data.rst","appdev/refs/types/krb5_prompt.rst","appdev/refs/types/krb5_prompt_type.rst","appdev/refs/types/krb5_prompter_fct.rst","appdev/refs/types/krb5_pwd_data.rst","appdev/refs/types/krb5_rcache.rst","appdev/refs/types/krb5_replay_data.rst","appdev/refs/types/krb5_responder_context.rst","appdev/refs/types/krb5_responder_fn.rst","appdev/refs/types/krb5_responder_otp_challenge.rst","appdev/refs/types/krb5_responder_otp_tokeninfo.rst","appdev/refs/types/krb5_responder_pkinit_challenge.rst","appdev/refs/types/krb5_responder_pkinit_identity.rst","appdev/refs/types/krb5_response.rst","appdev/refs/types/krb5_ticket.rst","appdev/refs/types/krb5_ticket_times.rst","appdev/refs/types/krb5_timestamp.rst","appdev/refs/types/krb5_tkt_authent.rst","appdev/refs/types/krb5_tkt_creds_context.rst","appdev/refs/types/krb5_trace_callback.rst","appdev/refs/types/krb5_trace_info.rst","appdev/refs/types/krb5_transited.rst","appdev/refs/types/krb5_typed_data.rst","appdev/refs/types/krb5_ui_2.rst","appdev/refs/types/krb5_ui_4.rst","appdev/refs/types/krb5_verify_init_creds_opt.rst","appdev/refs/types/passwd_phrase_element.rst","appdev/y2038.rst","basic/ccache_def.rst","basic/date_format.rst","basic/index.rst","basic/keytab_def.rst","basic/rcache_def.rst","basic/stash_file_def.rst","build/directory_org.rst","build/doing_build.rst","build/index.rst","build/options2configure.rst","build/osconf.rst","build_this.rst","copyright.rst","formats/ccache_file_format.rst","formats/cookie.rst","formats/freshness_token.rst","formats/index.rst","formats/keytab_file_format.rst","formats/rcache_file_format.rst","index.rst","mitK5defaults.rst","mitK5features.rst","mitK5license.rst","plugindev/ccselect.rst","plugindev/certauth.rst","plugindev/clpreauth.rst","plugindev/general.rst","plugindev/gssapi.rst","plugindev/hostrealm.rst","plugindev/index.rst","plugindev/internal.rst","plugindev/kadm5_auth.rst","plugindev/kadm5_hook.rst","plugindev/kdcpolicy.rst","plugindev/kdcpreauth.rst","plugindev/localauth.rst","plugindev/locate.rst","plugindev/profile.rst","plugindev/pwqual.rst","resources.rst","user/index.rst","user/pwd_mgmt.rst","user/tkt_mgmt.rst","user/user_commands/index.rst","user/user_commands/kdestroy.rst","user/user_commands/kinit.rst","user/user_commands/klist.rst","user/user_commands/kpasswd.rst","user/user_commands/krb5-config.rst","user/user_commands/ksu.rst","user/user_commands/kswitch.rst","user/user_commands/kvno.rst","user/user_commands/sclient.rst","user/user_config/index.rst","user/user_config/k5identity.rst","user/user_config/k5login.rst","user/user_config/kerberos.rst"],objects:{"":[[49,0,1,"c.krb5_425_conv_principal","krb5_425_conv_principal"],[50,0,1,"c.krb5_524_conv_principal","krb5_524_conv_principal"],[51,0,1,"c.krb5_524_convert_creds","krb5_524_convert_creds"],[805,2,1,"c.krb5_address","krb5_address"],[52,0,1,"c.krb5_address_compare","krb5_address_compare"],[53,0,1,"c.krb5_address_order","krb5_address_order"],[54,0,1,"c.krb5_address_search","krb5_address_search"],[806,2,1,"c.krb5_addrtype","krb5_addrtype"],[55,0,1,"c.krb5_allow_weak_crypto","krb5_allow_weak_crypto"],[56,0,1,"c.krb5_aname_to_localname","krb5_aname_to_localname"],[57,0,1,"c.krb5_anonymous_principal","krb5_anonymous_principal"],[58,0,1,"c.krb5_anonymous_realm","krb5_anonymous_realm"],[807,2,1,"c.krb5_ap_rep","krb5_ap_rep"],[808,2,1,"c.krb5_ap_rep_enc_part","krb5_ap_rep_enc_part"],[809,2,1,"c.krb5_ap_req","krb5_ap_req"],[59,0,1,"c.krb5_appdefault_boolean","krb5_appdefault_boolean"],[60,0,1,"c.krb5_appdefault_string","krb5_appdefault_string"],[61,0,1,"c.krb5_auth_con_free","krb5_auth_con_free"],[62,0,1,"c.krb5_auth_con_genaddrs","krb5_auth_con_genaddrs"],[63,0,1,"c.krb5_auth_con_get_checksum_func","krb5_auth_con_get_checksum_func"],[64,0,1,"c.krb5_auth_con_getaddrs","krb5_auth_con_getaddrs"],[65,0,1,"c.krb5_auth_con_getauthenticator","krb5_auth_con_getauthenticator"],[66,0,1,"c.krb5_auth_con_getflags","krb5_auth_con_getflags"],[67,0,1,"c.krb5_auth_con_getkey","krb5_auth_con_getkey"],[68,0,1,"c.krb5_auth_con_getkey_k","krb5_auth_con_getkey_k"],[69,0,1,"c.krb5_auth_con_getlocalseqnumber","krb5_auth_con_getlocalseqnumber"],[70,0,1,"c.krb5_auth_con_getlocalsubkey","krb5_auth_con_getlocalsubkey"],[71,0,1,"c.krb5_auth_con_getrcache","krb5_auth_con_getrcache"],[72,0,1,"c.krb5_auth_con_getrecvsubkey","krb5_auth_con_getrecvsubkey"],[73,0,1,"c.krb5_auth_con_getrecvsubkey_k","krb5_auth_con_getrecvsubkey_k"],[74,0,1,"c.krb5_auth_con_getremoteseqnumber","krb5_auth_con_getremoteseqnumber"],[75,0,1,"c.krb5_auth_con_getremotesubkey","krb5_auth_con_getremotesubkey"],[76,0,1,"c.krb5_auth_con_getsendsubkey","krb5_auth_con_getsendsubkey"],[77,0,1,"c.krb5_auth_con_getsendsubkey_k","krb5_auth_con_getsendsubkey_k"],[78,0,1,"c.krb5_auth_con_init","krb5_auth_con_init"],[79,0,1,"c.krb5_auth_con_initivector","krb5_auth_con_initivector"],[80,0,1,"c.krb5_auth_con_set_checksum_func","krb5_auth_con_set_checksum_func"],[81,0,1,"c.krb5_auth_con_set_req_cksumtype","krb5_auth_con_set_req_cksumtype"],[82,0,1,"c.krb5_auth_con_setaddrs","krb5_auth_con_setaddrs"],[83,0,1,"c.krb5_auth_con_setflags","krb5_auth_con_setflags"],[84,0,1,"c.krb5_auth_con_setports","krb5_auth_con_setports"],[85,0,1,"c.krb5_auth_con_setrcache","krb5_auth_con_setrcache"],[86,0,1,"c.krb5_auth_con_setrecvsubkey","krb5_auth_con_setrecvsubkey"],[87,0,1,"c.krb5_auth_con_setrecvsubkey_k","krb5_auth_con_setrecvsubkey_k"],[88,0,1,"c.krb5_auth_con_setsendsubkey","krb5_auth_con_setsendsubkey"],[89,0,1,"c.krb5_auth_con_setsendsubkey_k","krb5_auth_con_setsendsubkey_k"],[90,0,1,"c.krb5_auth_con_setuseruserkey","krb5_auth_con_setuseruserkey"],[810,2,1,"c.krb5_auth_context","krb5_auth_context"],[811,2,1,"c.krb5_authdata","krb5_authdata"],[812,2,1,"c.krb5_authdatatype","krb5_authdatatype"],[813,2,1,"c.krb5_authenticator","krb5_authenticator"],[814,2,1,"c.krb5_boolean","krb5_boolean"],[91,0,1,"c.krb5_build_principal","krb5_build_principal"],[92,0,1,"c.krb5_build_principal_alloc_va","krb5_build_principal_alloc_va"],[93,0,1,"c.krb5_build_principal_ext","krb5_build_principal_ext"],[94,0,1,"c.krb5_build_principal_va","krb5_build_principal_va"],[95,0,1,"c.krb5_c_block_size","krb5_c_block_size"],[96,0,1,"c.krb5_c_checksum_length","krb5_c_checksum_length"],[97,0,1,"c.krb5_c_crypto_length","krb5_c_crypto_length"],[98,0,1,"c.krb5_c_crypto_length_iov","krb5_c_crypto_length_iov"],[99,0,1,"c.krb5_c_decrypt","krb5_c_decrypt"],[100,0,1,"c.krb5_c_decrypt_iov","krb5_c_decrypt_iov"],[101,0,1,"c.krb5_c_derive_prfplus","krb5_c_derive_prfplus"],[102,0,1,"c.krb5_c_encrypt","krb5_c_encrypt"],[103,0,1,"c.krb5_c_encrypt_iov","krb5_c_encrypt_iov"],[104,0,1,"c.krb5_c_encrypt_length","krb5_c_encrypt_length"],[105,0,1,"c.krb5_c_enctype_compare","krb5_c_enctype_compare"],[106,0,1,"c.krb5_c_free_state","krb5_c_free_state"],[107,0,1,"c.krb5_c_fx_cf2_simple","krb5_c_fx_cf2_simple"],[108,0,1,"c.krb5_c_init_state","krb5_c_init_state"],[109,0,1,"c.krb5_c_is_coll_proof_cksum","krb5_c_is_coll_proof_cksum"],[110,0,1,"c.krb5_c_is_keyed_cksum","krb5_c_is_keyed_cksum"],[111,0,1,"c.krb5_c_keyed_checksum_types","krb5_c_keyed_checksum_types"],[112,0,1,"c.krb5_c_keylengths","krb5_c_keylengths"],[113,0,1,"c.krb5_c_make_checksum","krb5_c_make_checksum"],[114,0,1,"c.krb5_c_make_checksum_iov","krb5_c_make_checksum_iov"],[115,0,1,"c.krb5_c_make_random_key","krb5_c_make_random_key"],[116,0,1,"c.krb5_c_padding_length","krb5_c_padding_length"],[117,0,1,"c.krb5_c_prf","krb5_c_prf"],[118,0,1,"c.krb5_c_prf_length","krb5_c_prf_length"],[119,0,1,"c.krb5_c_prfplus","krb5_c_prfplus"],[120,0,1,"c.krb5_c_random_add_entropy","krb5_c_random_add_entropy"],[121,0,1,"c.krb5_c_random_make_octets","krb5_c_random_make_octets"],[122,0,1,"c.krb5_c_random_os_entropy","krb5_c_random_os_entropy"],[123,0,1,"c.krb5_c_random_seed","krb5_c_random_seed"],[124,0,1,"c.krb5_c_random_to_key","krb5_c_random_to_key"],[125,0,1,"c.krb5_c_string_to_key","krb5_c_string_to_key"],[126,0,1,"c.krb5_c_string_to_key_with_params","krb5_c_string_to_key_with_params"],[127,0,1,"c.krb5_c_valid_cksumtype","krb5_c_valid_cksumtype"],[128,0,1,"c.krb5_c_valid_enctype","krb5_c_valid_enctype"],[129,0,1,"c.krb5_c_verify_checksum","krb5_c_verify_checksum"],[130,0,1,"c.krb5_c_verify_checksum_iov","krb5_c_verify_checksum_iov"],[131,0,1,"c.krb5_calculate_checksum","krb5_calculate_checksum"],[132,0,1,"c.krb5_cc_cache_match","krb5_cc_cache_match"],[133,0,1,"c.krb5_cc_close","krb5_cc_close"],[134,0,1,"c.krb5_cc_copy_creds","krb5_cc_copy_creds"],[815,2,1,"c.krb5_cc_cursor","krb5_cc_cursor"],[135,0,1,"c.krb5_cc_default","krb5_cc_default"],[136,0,1,"c.krb5_cc_default_name","krb5_cc_default_name"],[137,0,1,"c.krb5_cc_destroy","krb5_cc_destroy"],[138,0,1,"c.krb5_cc_dup","krb5_cc_dup"],[139,0,1,"c.krb5_cc_end_seq_get","krb5_cc_end_seq_get"],[140,0,1,"c.krb5_cc_gen_new","krb5_cc_gen_new"],[141,0,1,"c.krb5_cc_get_config","krb5_cc_get_config"],[142,0,1,"c.krb5_cc_get_flags","krb5_cc_get_flags"],[143,0,1,"c.krb5_cc_get_full_name","krb5_cc_get_full_name"],[144,0,1,"c.krb5_cc_get_name","krb5_cc_get_name"],[145,0,1,"c.krb5_cc_get_principal","krb5_cc_get_principal"],[146,0,1,"c.krb5_cc_get_type","krb5_cc_get_type"],[147,0,1,"c.krb5_cc_initialize","krb5_cc_initialize"],[148,0,1,"c.krb5_cc_move","krb5_cc_move"],[149,0,1,"c.krb5_cc_new_unique","krb5_cc_new_unique"],[150,0,1,"c.krb5_cc_next_cred","krb5_cc_next_cred"],[151,0,1,"c.krb5_cc_remove_cred","krb5_cc_remove_cred"],[152,0,1,"c.krb5_cc_resolve","krb5_cc_resolve"],[153,0,1,"c.krb5_cc_retrieve_cred","krb5_cc_retrieve_cred"],[154,0,1,"c.krb5_cc_select","krb5_cc_select"],[155,0,1,"c.krb5_cc_set_config","krb5_cc_set_config"],[156,0,1,"c.krb5_cc_set_default_name","krb5_cc_set_default_name"],[157,0,1,"c.krb5_cc_set_flags","krb5_cc_set_flags"],[158,0,1,"c.krb5_cc_start_seq_get","krb5_cc_start_seq_get"],[159,0,1,"c.krb5_cc_store_cred","krb5_cc_store_cred"],[160,0,1,"c.krb5_cc_support_switch","krb5_cc_support_switch"],[161,0,1,"c.krb5_cc_switch","krb5_cc_switch"],[816,2,1,"c.krb5_ccache","krb5_ccache"],[817,2,1,"c.krb5_cccol_cursor","krb5_cccol_cursor"],[162,0,1,"c.krb5_cccol_cursor_free","krb5_cccol_cursor_free"],[163,0,1,"c.krb5_cccol_cursor_new","krb5_cccol_cursor_new"],[164,0,1,"c.krb5_cccol_cursor_next","krb5_cccol_cursor_next"],[165,0,1,"c.krb5_cccol_have_content","krb5_cccol_have_content"],[166,0,1,"c.krb5_change_password","krb5_change_password"],[167,0,1,"c.krb5_check_clockskew","krb5_check_clockskew"],[818,2,1,"c.krb5_checksum","krb5_checksum"],[168,0,1,"c.krb5_checksum_size","krb5_checksum_size"],[169,0,1,"c.krb5_chpw_message","krb5_chpw_message"],[819,2,1,"c.krb5_cksumtype","krb5_cksumtype"],[170,0,1,"c.krb5_cksumtype_to_string","krb5_cksumtype_to_string"],[171,0,1,"c.krb5_clear_error_message","krb5_clear_error_message"],[820,2,1,"c.krb5_const_pointer","krb5_const_pointer"],[821,2,1,"c.krb5_const_principal","krb5_const_principal"],[822,2,1,"c.krb5_context","krb5_context"],[172,0,1,"c.krb5_copy_addresses","krb5_copy_addresses"],[173,0,1,"c.krb5_copy_authdata","krb5_copy_authdata"],[174,0,1,"c.krb5_copy_authenticator","krb5_copy_authenticator"],[175,0,1,"c.krb5_copy_checksum","krb5_copy_checksum"],[176,0,1,"c.krb5_copy_context","krb5_copy_context"],[177,0,1,"c.krb5_copy_creds","krb5_copy_creds"],[178,0,1,"c.krb5_copy_data","krb5_copy_data"],[179,0,1,"c.krb5_copy_error_message","krb5_copy_error_message"],[180,0,1,"c.krb5_copy_keyblock","krb5_copy_keyblock"],[181,0,1,"c.krb5_copy_keyblock_contents","krb5_copy_keyblock_contents"],[182,0,1,"c.krb5_copy_principal","krb5_copy_principal"],[183,0,1,"c.krb5_copy_ticket","krb5_copy_ticket"],[823,2,1,"c.krb5_cred","krb5_cred"],[824,2,1,"c.krb5_cred_enc_part","krb5_cred_enc_part"],[825,2,1,"c.krb5_cred_info","krb5_cred_info"],[826,2,1,"c.krb5_creds","krb5_creds"],[827,2,1,"c.krb5_crypto_iov","krb5_crypto_iov"],[828,2,1,"c.krb5_cryptotype","krb5_cryptotype"],[829,2,1,"c.krb5_data","krb5_data"],[184,0,1,"c.krb5_decode_authdata_container","krb5_decode_authdata_container"],[185,0,1,"c.krb5_decode_ticket","krb5_decode_ticket"],[186,0,1,"c.krb5_decrypt","krb5_decrypt"],[830,2,1,"c.krb5_deltat","krb5_deltat"],[187,0,1,"c.krb5_deltat_to_string","krb5_deltat_to_string"],[188,0,1,"c.krb5_eblock_enctype","krb5_eblock_enctype"],[831,2,1,"c.krb5_enc_data","krb5_enc_data"],[832,2,1,"c.krb5_enc_kdc_rep_part","krb5_enc_kdc_rep_part"],[833,2,1,"c.krb5_enc_tkt_part","krb5_enc_tkt_part"],[189,0,1,"c.krb5_encode_authdata_container","krb5_encode_authdata_container"],[190,0,1,"c.krb5_encrypt","krb5_encrypt"],[834,2,1,"c.krb5_encrypt_block","krb5_encrypt_block"],[191,0,1,"c.krb5_encrypt_size","krb5_encrypt_size"],[835,2,1,"c.krb5_enctype","krb5_enctype"],[192,0,1,"c.krb5_enctype_to_name","krb5_enctype_to_name"],[193,0,1,"c.krb5_enctype_to_string","krb5_enctype_to_string"],[836,2,1,"c.krb5_error","krb5_error"],[837,2,1,"c.krb5_error_code","krb5_error_code"],[194,0,1,"c.krb5_expand_hostname","krb5_expand_hostname"],[838,2,1,"c.krb5_expire_callback_func","krb5_expire_callback_func"],[195,0,1,"c.krb5_find_authdata","krb5_find_authdata"],[196,0,1,"c.krb5_finish_key","krb5_finish_key"],[197,0,1,"c.krb5_finish_random_key","krb5_finish_random_key"],[839,2,1,"c.krb5_flags","krb5_flags"],[198,0,1,"c.krb5_free_addresses","krb5_free_addresses"],[199,0,1,"c.krb5_free_ap_rep_enc_part","krb5_free_ap_rep_enc_part"],[200,0,1,"c.krb5_free_authdata","krb5_free_authdata"],[201,0,1,"c.krb5_free_authenticator","krb5_free_authenticator"],[202,0,1,"c.krb5_free_checksum","krb5_free_checksum"],[203,0,1,"c.krb5_free_checksum_contents","krb5_free_checksum_contents"],[204,0,1,"c.krb5_free_cksumtypes","krb5_free_cksumtypes"],[205,0,1,"c.krb5_free_context","krb5_free_context"],[206,0,1,"c.krb5_free_cred_contents","krb5_free_cred_contents"],[207,0,1,"c.krb5_free_creds","krb5_free_creds"],[208,0,1,"c.krb5_free_data","krb5_free_data"],[209,0,1,"c.krb5_free_data_contents","krb5_free_data_contents"],[210,0,1,"c.krb5_free_default_realm","krb5_free_default_realm"],[211,0,1,"c.krb5_free_enctypes","krb5_free_enctypes"],[212,0,1,"c.krb5_free_error","krb5_free_error"],[213,0,1,"c.krb5_free_error_message","krb5_free_error_message"],[214,0,1,"c.krb5_free_host_realm","krb5_free_host_realm"],[215,0,1,"c.krb5_free_keyblock","krb5_free_keyblock"],[216,0,1,"c.krb5_free_keyblock_contents","krb5_free_keyblock_contents"],[217,0,1,"c.krb5_free_keytab_entry_contents","krb5_free_keytab_entry_contents"],[218,0,1,"c.krb5_free_principal","krb5_free_principal"],[219,0,1,"c.krb5_free_string","krb5_free_string"],[220,0,1,"c.krb5_free_tgt_creds","krb5_free_tgt_creds"],[221,0,1,"c.krb5_free_ticket","krb5_free_ticket"],[222,0,1,"c.krb5_free_unparsed_name","krb5_free_unparsed_name"],[223,0,1,"c.krb5_fwd_tgt_creds","krb5_fwd_tgt_creds"],[224,0,1,"c.krb5_get_credentials","krb5_get_credentials"],[225,0,1,"c.krb5_get_credentials_renew","krb5_get_credentials_renew"],[226,0,1,"c.krb5_get_credentials_validate","krb5_get_credentials_validate"],[227,0,1,"c.krb5_get_default_realm","krb5_get_default_realm"],[228,0,1,"c.krb5_get_error_message","krb5_get_error_message"],[229,0,1,"c.krb5_get_etype_info","krb5_get_etype_info"],[230,0,1,"c.krb5_get_fallback_host_realm","krb5_get_fallback_host_realm"],[231,0,1,"c.krb5_get_host_realm","krb5_get_host_realm"],[232,0,1,"c.krb5_get_in_tkt_with_keytab","krb5_get_in_tkt_with_keytab"],[233,0,1,"c.krb5_get_in_tkt_with_password","krb5_get_in_tkt_with_password"],[234,0,1,"c.krb5_get_in_tkt_with_skey","krb5_get_in_tkt_with_skey"],[235,0,1,"c.krb5_get_init_creds_keytab","krb5_get_init_creds_keytab"],[840,2,1,"c.krb5_get_init_creds_opt","krb5_get_init_creds_opt"],[236,0,1,"c.krb5_get_init_creds_opt_alloc","krb5_get_init_creds_opt_alloc"],[237,0,1,"c.krb5_get_init_creds_opt_free","krb5_get_init_creds_opt_free"],[238,0,1,"c.krb5_get_init_creds_opt_get_fast_flags","krb5_get_init_creds_opt_get_fast_flags"],[239,0,1,"c.krb5_get_init_creds_opt_init","krb5_get_init_creds_opt_init"],[240,0,1,"c.krb5_get_init_creds_opt_set_address_list","krb5_get_init_creds_opt_set_address_list"],[241,0,1,"c.krb5_get_init_creds_opt_set_anonymous","krb5_get_init_creds_opt_set_anonymous"],[242,0,1,"c.krb5_get_init_creds_opt_set_canonicalize","krb5_get_init_creds_opt_set_canonicalize"],[243,0,1,"c.krb5_get_init_creds_opt_set_change_password_prompt","krb5_get_init_creds_opt_set_change_password_prompt"],[244,0,1,"c.krb5_get_init_creds_opt_set_etype_list","krb5_get_init_creds_opt_set_etype_list"],[245,0,1,"c.krb5_get_init_creds_opt_set_expire_callback","krb5_get_init_creds_opt_set_expire_callback"],[246,0,1,"c.krb5_get_init_creds_opt_set_fast_ccache","krb5_get_init_creds_opt_set_fast_ccache"],[247,0,1,"c.krb5_get_init_creds_opt_set_fast_ccache_name","krb5_get_init_creds_opt_set_fast_ccache_name"],[248,0,1,"c.krb5_get_init_creds_opt_set_fast_flags","krb5_get_init_creds_opt_set_fast_flags"],[249,0,1,"c.krb5_get_init_creds_opt_set_forwardable","krb5_get_init_creds_opt_set_forwardable"],[250,0,1,"c.krb5_get_init_creds_opt_set_in_ccache","krb5_get_init_creds_opt_set_in_ccache"],[251,0,1,"c.krb5_get_init_creds_opt_set_out_ccache","krb5_get_init_creds_opt_set_out_ccache"],[252,0,1,"c.krb5_get_init_creds_opt_set_pa","krb5_get_init_creds_opt_set_pa"],[253,0,1,"c.krb5_get_init_creds_opt_set_pac_request","krb5_get_init_creds_opt_set_pac_request"],[254,0,1,"c.krb5_get_init_creds_opt_set_preauth_list","krb5_get_init_creds_opt_set_preauth_list"],[255,0,1,"c.krb5_get_init_creds_opt_set_proxiable","krb5_get_init_creds_opt_set_proxiable"],[256,0,1,"c.krb5_get_init_creds_opt_set_renew_life","krb5_get_init_creds_opt_set_renew_life"],[257,0,1,"c.krb5_get_init_creds_opt_set_responder","krb5_get_init_creds_opt_set_responder"],[258,0,1,"c.krb5_get_init_creds_opt_set_salt","krb5_get_init_creds_opt_set_salt"],[259,0,1,"c.krb5_get_init_creds_opt_set_tkt_life","krb5_get_init_creds_opt_set_tkt_life"],[260,0,1,"c.krb5_get_init_creds_password","krb5_get_init_creds_password"],[261,0,1,"c.krb5_get_permitted_enctypes","krb5_get_permitted_enctypes"],[262,0,1,"c.krb5_get_profile","krb5_get_profile"],[263,0,1,"c.krb5_get_prompt_types","krb5_get_prompt_types"],[264,0,1,"c.krb5_get_renewed_creds","krb5_get_renewed_creds"],[265,0,1,"c.krb5_get_server_rcache","krb5_get_server_rcache"],[266,0,1,"c.krb5_get_time_offsets","krb5_get_time_offsets"],[267,0,1,"c.krb5_get_validated_creds","krb5_get_validated_creds"],[841,2,1,"c.krb5_gic_opt_pa_data","krb5_gic_opt_pa_data"],[268,0,1,"c.krb5_init_context","krb5_init_context"],[269,0,1,"c.krb5_init_context_profile","krb5_init_context_profile"],[842,2,1,"c.krb5_init_creds_context","krb5_init_creds_context"],[270,0,1,"c.krb5_init_creds_free","krb5_init_creds_free"],[271,0,1,"c.krb5_init_creds_get","krb5_init_creds_get"],[272,0,1,"c.krb5_init_creds_get_creds","krb5_init_creds_get_creds"],[273,0,1,"c.krb5_init_creds_get_error","krb5_init_creds_get_error"],[274,0,1,"c.krb5_init_creds_get_times","krb5_init_creds_get_times"],[275,0,1,"c.krb5_init_creds_init","krb5_init_creds_init"],[276,0,1,"c.krb5_init_creds_set_keytab","krb5_init_creds_set_keytab"],[277,0,1,"c.krb5_init_creds_set_password","krb5_init_creds_set_password"],[278,0,1,"c.krb5_init_creds_set_service","krb5_init_creds_set_service"],[279,0,1,"c.krb5_init_creds_step","krb5_init_creds_step"],[280,0,1,"c.krb5_init_keyblock","krb5_init_keyblock"],[281,0,1,"c.krb5_init_random_key","krb5_init_random_key"],[282,0,1,"c.krb5_init_secure_context","krb5_init_secure_context"],[843,2,1,"c.krb5_int16","krb5_int16"],[844,2,1,"c.krb5_int32","krb5_int32"],[283,0,1,"c.krb5_is_config_principal","krb5_is_config_principal"],[284,0,1,"c.krb5_is_referral_realm","krb5_is_referral_realm"],[285,0,1,"c.krb5_is_thread_safe","krb5_is_thread_safe"],[286,0,1,"c.krb5_k_create_key","krb5_k_create_key"],[287,0,1,"c.krb5_k_decrypt","krb5_k_decrypt"],[288,0,1,"c.krb5_k_decrypt_iov","krb5_k_decrypt_iov"],[289,0,1,"c.krb5_k_encrypt","krb5_k_encrypt"],[290,0,1,"c.krb5_k_encrypt_iov","krb5_k_encrypt_iov"],[291,0,1,"c.krb5_k_free_key","krb5_k_free_key"],[292,0,1,"c.krb5_k_key_enctype","krb5_k_key_enctype"],[293,0,1,"c.krb5_k_key_keyblock","krb5_k_key_keyblock"],[294,0,1,"c.krb5_k_make_checksum","krb5_k_make_checksum"],[295,0,1,"c.krb5_k_make_checksum_iov","krb5_k_make_checksum_iov"],[296,0,1,"c.krb5_k_prf","krb5_k_prf"],[297,0,1,"c.krb5_k_reference_key","krb5_k_reference_key"],[298,0,1,"c.krb5_k_verify_checksum","krb5_k_verify_checksum"],[299,0,1,"c.krb5_k_verify_checksum_iov","krb5_k_verify_checksum_iov"],[845,2,1,"c.krb5_kdc_rep","krb5_kdc_rep"],[846,2,1,"c.krb5_kdc_req","krb5_kdc_req"],[300,0,1,"c.krb5_kdc_sign_ticket","krb5_kdc_sign_ticket"],[301,0,1,"c.krb5_kdc_verify_ticket","krb5_kdc_verify_ticket"],[847,2,1,"c.krb5_key","krb5_key"],[848,2,1,"c.krb5_keyblock","krb5_keyblock"],[849,2,1,"c.krb5_keytab","krb5_keytab"],[850,2,1,"c.krb5_keytab_entry","krb5_keytab_entry"],[851,2,1,"c.krb5_keyusage","krb5_keyusage"],[302,0,1,"c.krb5_kt_add_entry","krb5_kt_add_entry"],[303,0,1,"c.krb5_kt_client_default","krb5_kt_client_default"],[304,0,1,"c.krb5_kt_close","krb5_kt_close"],[852,2,1,"c.krb5_kt_cursor","krb5_kt_cursor"],[305,0,1,"c.krb5_kt_default","krb5_kt_default"],[306,0,1,"c.krb5_kt_default_name","krb5_kt_default_name"],[307,0,1,"c.krb5_kt_dup","krb5_kt_dup"],[308,0,1,"c.krb5_kt_end_seq_get","krb5_kt_end_seq_get"],[309,0,1,"c.krb5_kt_free_entry","krb5_kt_free_entry"],[310,0,1,"c.krb5_kt_get_entry","krb5_kt_get_entry"],[311,0,1,"c.krb5_kt_get_name","krb5_kt_get_name"],[312,0,1,"c.krb5_kt_get_type","krb5_kt_get_type"],[313,0,1,"c.krb5_kt_have_content","krb5_kt_have_content"],[314,0,1,"c.krb5_kt_next_entry","krb5_kt_next_entry"],[315,0,1,"c.krb5_kt_read_service_key","krb5_kt_read_service_key"],[316,0,1,"c.krb5_kt_remove_entry","krb5_kt_remove_entry"],[317,0,1,"c.krb5_kt_resolve","krb5_kt_resolve"],[318,0,1,"c.krb5_kt_start_seq_get","krb5_kt_start_seq_get"],[319,0,1,"c.krb5_kuserok","krb5_kuserok"],[853,2,1,"c.krb5_kvno","krb5_kvno"],[854,2,1,"c.krb5_last_req_entry","krb5_last_req_entry"],[855,2,1,"c.krb5_magic","krb5_magic"],[320,0,1,"c.krb5_make_authdata_kdc_issued","krb5_make_authdata_kdc_issued"],[321,0,1,"c.krb5_marshal_credentials","krb5_marshal_credentials"],[322,0,1,"c.krb5_merge_authdata","krb5_merge_authdata"],[323,0,1,"c.krb5_mk_1cred","krb5_mk_1cred"],[324,0,1,"c.krb5_mk_error","krb5_mk_error"],[325,0,1,"c.krb5_mk_ncred","krb5_mk_ncred"],[326,0,1,"c.krb5_mk_priv","krb5_mk_priv"],[327,0,1,"c.krb5_mk_rep","krb5_mk_rep"],[328,0,1,"c.krb5_mk_rep_dce","krb5_mk_rep_dce"],[329,0,1,"c.krb5_mk_req","krb5_mk_req"],[856,2,1,"c.krb5_mk_req_checksum_func","krb5_mk_req_checksum_func"],[330,0,1,"c.krb5_mk_req_extended","krb5_mk_req_extended"],[331,0,1,"c.krb5_mk_safe","krb5_mk_safe"],[857,2,1,"c.krb5_msgtype","krb5_msgtype"],[858,2,1,"c.krb5_octet","krb5_octet"],[332,0,1,"c.krb5_os_localaddr","krb5_os_localaddr"],[859,2,1,"c.krb5_pa_data","krb5_pa_data"],[860,2,1,"c.krb5_pa_pac_req","krb5_pa_pac_req"],[861,2,1,"c.krb5_pa_server_referral_data","krb5_pa_server_referral_data"],[862,2,1,"c.krb5_pa_svr_referral_data","krb5_pa_svr_referral_data"],[863,2,1,"c.krb5_pac","krb5_pac"],[333,0,1,"c.krb5_pac_add_buffer","krb5_pac_add_buffer"],[334,0,1,"c.krb5_pac_free","krb5_pac_free"],[335,0,1,"c.krb5_pac_get_buffer","krb5_pac_get_buffer"],[336,0,1,"c.krb5_pac_get_client_info","krb5_pac_get_client_info"],[337,0,1,"c.krb5_pac_get_types","krb5_pac_get_types"],[338,0,1,"c.krb5_pac_init","krb5_pac_init"],[339,0,1,"c.krb5_pac_parse","krb5_pac_parse"],[340,0,1,"c.krb5_pac_sign","krb5_pac_sign"],[341,0,1,"c.krb5_pac_sign_ext","krb5_pac_sign_ext"],[342,0,1,"c.krb5_pac_verify","krb5_pac_verify"],[343,0,1,"c.krb5_pac_verify_ext","krb5_pac_verify_ext"],[344,0,1,"c.krb5_parse_name","krb5_parse_name"],[345,0,1,"c.krb5_parse_name_flags","krb5_parse_name_flags"],[864,2,1,"c.krb5_pointer","krb5_pointer"],[865,2,1,"c.krb5_post_recv_fn","krb5_post_recv_fn"],[866,2,1,"c.krb5_pre_send_fn","krb5_pre_send_fn"],[867,2,1,"c.krb5_preauthtype","krb5_preauthtype"],[346,0,1,"c.krb5_prepend_error_message","krb5_prepend_error_message"],[868,2,1,"c.krb5_principal","krb5_principal"],[347,0,1,"c.krb5_principal2salt","krb5_principal2salt"],[348,0,1,"c.krb5_principal_compare","krb5_principal_compare"],[349,0,1,"c.krb5_principal_compare_any_realm","krb5_principal_compare_any_realm"],[350,0,1,"c.krb5_principal_compare_flags","krb5_principal_compare_flags"],[869,2,1,"c.krb5_principal_data","krb5_principal_data"],[351,0,1,"c.krb5_process_key","krb5_process_key"],[870,2,1,"c.krb5_prompt","krb5_prompt"],[871,2,1,"c.krb5_prompt_type","krb5_prompt_type"],[872,2,1,"c.krb5_prompter_fct","krb5_prompter_fct"],[352,0,1,"c.krb5_prompter_posix","krb5_prompter_posix"],[873,2,1,"c.krb5_pwd_data","krb5_pwd_data"],[353,0,1,"c.krb5_random_key","krb5_random_key"],[874,2,1,"c.krb5_rcache","krb5_rcache"],[354,0,1,"c.krb5_rd_cred","krb5_rd_cred"],[355,0,1,"c.krb5_rd_error","krb5_rd_error"],[356,0,1,"c.krb5_rd_priv","krb5_rd_priv"],[357,0,1,"c.krb5_rd_rep","krb5_rd_rep"],[358,0,1,"c.krb5_rd_rep_dce","krb5_rd_rep_dce"],[359,0,1,"c.krb5_rd_req","krb5_rd_req"],[360,0,1,"c.krb5_rd_safe","krb5_rd_safe"],[361,0,1,"c.krb5_read_password","krb5_read_password"],[362,0,1,"c.krb5_realm_compare","krb5_realm_compare"],[363,0,1,"c.krb5_recvauth","krb5_recvauth"],[364,0,1,"c.krb5_recvauth_version","krb5_recvauth_version"],[875,2,1,"c.krb5_replay_data","krb5_replay_data"],[876,2,1,"c.krb5_responder_context","krb5_responder_context"],[877,2,1,"c.krb5_responder_fn","krb5_responder_fn"],[365,0,1,"c.krb5_responder_get_challenge","krb5_responder_get_challenge"],[366,0,1,"c.krb5_responder_list_questions","krb5_responder_list_questions"],[878,2,1,"c.krb5_responder_otp_challenge","krb5_responder_otp_challenge"],[367,0,1,"c.krb5_responder_otp_challenge_free","krb5_responder_otp_challenge_free"],[368,0,1,"c.krb5_responder_otp_get_challenge","krb5_responder_otp_get_challenge"],[369,0,1,"c.krb5_responder_otp_set_answer","krb5_responder_otp_set_answer"],[879,2,1,"c.krb5_responder_otp_tokeninfo","krb5_responder_otp_tokeninfo"],[880,2,1,"c.krb5_responder_pkinit_challenge","krb5_responder_pkinit_challenge"],[370,0,1,"c.krb5_responder_pkinit_challenge_free","krb5_responder_pkinit_challenge_free"],[371,0,1,"c.krb5_responder_pkinit_get_challenge","krb5_responder_pkinit_get_challenge"],[881,2,1,"c.krb5_responder_pkinit_identity","krb5_responder_pkinit_identity"],[372,0,1,"c.krb5_responder_pkinit_set_answer","krb5_responder_pkinit_set_answer"],[373,0,1,"c.krb5_responder_set_answer","krb5_responder_set_answer"],[882,2,1,"c.krb5_response","krb5_response"],[374,0,1,"c.krb5_salttype_to_string","krb5_salttype_to_string"],[375,0,1,"c.krb5_sendauth","krb5_sendauth"],[376,0,1,"c.krb5_server_decrypt_ticket_keytab","krb5_server_decrypt_ticket_keytab"],[377,0,1,"c.krb5_set_default_realm","krb5_set_default_realm"],[378,0,1,"c.krb5_set_default_tgs_enctypes","krb5_set_default_tgs_enctypes"],[379,0,1,"c.krb5_set_error_message","krb5_set_error_message"],[380,0,1,"c.krb5_set_kdc_recv_hook","krb5_set_kdc_recv_hook"],[381,0,1,"c.krb5_set_kdc_send_hook","krb5_set_kdc_send_hook"],[382,0,1,"c.krb5_set_password","krb5_set_password"],[383,0,1,"c.krb5_set_password_using_ccache","krb5_set_password_using_ccache"],[384,0,1,"c.krb5_set_principal_realm","krb5_set_principal_realm"],[385,0,1,"c.krb5_set_real_time","krb5_set_real_time"],[386,0,1,"c.krb5_set_trace_callback","krb5_set_trace_callback"],[387,0,1,"c.krb5_set_trace_filename","krb5_set_trace_filename"],[388,0,1,"c.krb5_sname_match","krb5_sname_match"],[389,0,1,"c.krb5_sname_to_principal","krb5_sname_to_principal"],[390,0,1,"c.krb5_string_to_cksumtype","krb5_string_to_cksumtype"],[391,0,1,"c.krb5_string_to_deltat","krb5_string_to_deltat"],[392,0,1,"c.krb5_string_to_enctype","krb5_string_to_enctype"],[393,0,1,"c.krb5_string_to_key","krb5_string_to_key"],[394,0,1,"c.krb5_string_to_salttype","krb5_string_to_salttype"],[395,0,1,"c.krb5_string_to_timestamp","krb5_string_to_timestamp"],[883,2,1,"c.krb5_ticket","krb5_ticket"],[884,2,1,"c.krb5_ticket_times","krb5_ticket_times"],[396,0,1,"c.krb5_timeofday","krb5_timeofday"],[885,2,1,"c.krb5_timestamp","krb5_timestamp"],[397,0,1,"c.krb5_timestamp_to_sfstring","krb5_timestamp_to_sfstring"],[398,0,1,"c.krb5_timestamp_to_string","krb5_timestamp_to_string"],[886,2,1,"c.krb5_tkt_authent","krb5_tkt_authent"],[887,2,1,"c.krb5_tkt_creds_context","krb5_tkt_creds_context"],[399,0,1,"c.krb5_tkt_creds_free","krb5_tkt_creds_free"],[400,0,1,"c.krb5_tkt_creds_get","krb5_tkt_creds_get"],[401,0,1,"c.krb5_tkt_creds_get_creds","krb5_tkt_creds_get_creds"],[402,0,1,"c.krb5_tkt_creds_get_times","krb5_tkt_creds_get_times"],[403,0,1,"c.krb5_tkt_creds_init","krb5_tkt_creds_init"],[404,0,1,"c.krb5_tkt_creds_step","krb5_tkt_creds_step"],[888,2,1,"c.krb5_trace_callback","krb5_trace_callback"],[889,2,1,"c.krb5_trace_info","krb5_trace_info"],[890,2,1,"c.krb5_transited","krb5_transited"],[891,2,1,"c.krb5_typed_data","krb5_typed_data"],[892,2,1,"c.krb5_ui_2","krb5_ui_2"],[893,2,1,"c.krb5_ui_4","krb5_ui_4"],[405,0,1,"c.krb5_unmarshal_credentials","krb5_unmarshal_credentials"],[406,0,1,"c.krb5_unparse_name","krb5_unparse_name"],[407,0,1,"c.krb5_unparse_name_ext","krb5_unparse_name_ext"],[408,0,1,"c.krb5_unparse_name_flags","krb5_unparse_name_flags"],[409,0,1,"c.krb5_unparse_name_flags_ext","krb5_unparse_name_flags_ext"],[410,0,1,"c.krb5_us_timeofday","krb5_us_timeofday"],[411,0,1,"c.krb5_use_enctype","krb5_use_enctype"],[412,0,1,"c.krb5_verify_authdata_kdc_issued","krb5_verify_authdata_kdc_issued"],[413,0,1,"c.krb5_verify_checksum","krb5_verify_checksum"],[414,0,1,"c.krb5_verify_init_creds","krb5_verify_init_creds"],[894,2,1,"c.krb5_verify_init_creds_opt","krb5_verify_init_creds_opt"],[415,0,1,"c.krb5_verify_init_creds_opt_init","krb5_verify_init_creds_opt_init"],[416,0,1,"c.krb5_verify_init_creds_opt_set_ap_req_nofail","krb5_verify_init_creds_opt_set_ap_req_nofail"],[417,0,1,"c.krb5_vprepend_error_message","krb5_vprepend_error_message"],[418,0,1,"c.krb5_vset_error_message","krb5_vset_error_message"],[419,0,1,"c.krb5_vwrap_error_message","krb5_vwrap_error_message"],[420,0,1,"c.krb5_wrap_error_message","krb5_wrap_error_message"],[895,2,1,"c.passwd_phrase_element","passwd_phrase_element"],[422,4,1,"","ADDRTYPE_ADDRPORT"],[423,4,1,"","ADDRTYPE_CHAOS"],[424,4,1,"","ADDRTYPE_DDP"],[425,4,1,"","ADDRTYPE_INET"],[426,4,1,"","ADDRTYPE_INET6"],[427,4,1,"","ADDRTYPE_IPPORT"],[428,4,1,"","ADDRTYPE_ISO"],[429,4,1,"","ADDRTYPE_IS_LOCAL"],[430,4,1,"","ADDRTYPE_NETBIOS"],[431,4,1,"","ADDRTYPE_XNS"],[432,4,1,"","AD_TYPE_EXTERNAL"],[433,4,1,"","AD_TYPE_FIELD_TYPE_MASK"],[434,4,1,"","AD_TYPE_REGISTERED"],[435,4,1,"","AD_TYPE_RESERVED"],[436,4,1,"","AP_OPTS_ETYPE_NEGOTIATION"],[437,4,1,"","AP_OPTS_MUTUAL_REQUIRED"],[438,4,1,"","AP_OPTS_RESERVED"],[439,4,1,"","AP_OPTS_USE_SESSION_KEY"],[440,4,1,"","AP_OPTS_USE_SUBKEY"],[441,4,1,"","AP_OPTS_WIRE_MASK"],[442,4,1,"","CKSUMTYPE_CMAC_CAMELLIA128"],[443,4,1,"","CKSUMTYPE_CMAC_CAMELLIA256"],[444,4,1,"","CKSUMTYPE_CRC32"],[445,4,1,"","CKSUMTYPE_DESCBC"],[446,4,1,"","CKSUMTYPE_HMAC_MD5_ARCFOUR"],[447,4,1,"","CKSUMTYPE_HMAC_SHA1_96_AES128"],[448,4,1,"","CKSUMTYPE_HMAC_SHA1_96_AES256"],[449,4,1,"","CKSUMTYPE_HMAC_SHA1_DES3"],[450,4,1,"","CKSUMTYPE_HMAC_SHA256_128_AES128"],[451,4,1,"","CKSUMTYPE_HMAC_SHA384_192_AES256"],[452,4,1,"","CKSUMTYPE_MD5_HMAC_ARCFOUR"],[453,4,1,"","CKSUMTYPE_NIST_SHA"],[454,4,1,"","CKSUMTYPE_RSA_MD4"],[455,4,1,"","CKSUMTYPE_RSA_MD4_DES"],[456,4,1,"","CKSUMTYPE_RSA_MD5"],[457,4,1,"","CKSUMTYPE_RSA_MD5_DES"],[458,4,1,"","CKSUMTYPE_SHA1"],[459,4,1,"","ENCTYPE_AES128_CTS_HMAC_SHA1_96"],[460,4,1,"","ENCTYPE_AES128_CTS_HMAC_SHA256_128"],[461,4,1,"","ENCTYPE_AES256_CTS_HMAC_SHA1_96"],[462,4,1,"","ENCTYPE_AES256_CTS_HMAC_SHA384_192"],[463,4,1,"","ENCTYPE_ARCFOUR_HMAC"],[464,4,1,"","ENCTYPE_ARCFOUR_HMAC_EXP"],[465,4,1,"","ENCTYPE_CAMELLIA128_CTS_CMAC"],[466,4,1,"","ENCTYPE_CAMELLIA256_CTS_CMAC"],[467,4,1,"","ENCTYPE_DES3_CBC_ENV"],[468,4,1,"","ENCTYPE_DES3_CBC_RAW"],[469,4,1,"","ENCTYPE_DES3_CBC_SHA"],[470,4,1,"","ENCTYPE_DES3_CBC_SHA1"],[471,4,1,"","ENCTYPE_DES_CBC_CRC"],[472,4,1,"","ENCTYPE_DES_CBC_MD4"],[473,4,1,"","ENCTYPE_DES_CBC_MD5"],[474,4,1,"","ENCTYPE_DES_CBC_RAW"],[475,4,1,"","ENCTYPE_DES_HMAC_SHA1"],[476,4,1,"","ENCTYPE_DSA_SHA1_CMS"],[477,4,1,"","ENCTYPE_MD5_RSA_CMS"],[478,4,1,"","ENCTYPE_NULL"],[479,4,1,"","ENCTYPE_RC2_CBC_ENV"],[480,4,1,"","ENCTYPE_RSA_ENV"],[481,4,1,"","ENCTYPE_RSA_ES_OAEP_ENV"],[482,4,1,"","ENCTYPE_SHA1_RSA_CMS"],[483,4,1,"","ENCTYPE_UNKNOWN"],[484,4,1,"","KDC_OPT_ALLOW_POSTDATE"],[485,4,1,"","KDC_OPT_CANONICALIZE"],[486,4,1,"","KDC_OPT_CNAME_IN_ADDL_TKT"],[487,4,1,"","KDC_OPT_DISABLE_TRANSITED_CHECK"],[488,4,1,"","KDC_OPT_ENC_TKT_IN_SKEY"],[489,4,1,"","KDC_OPT_FORWARDABLE"],[490,4,1,"","KDC_OPT_FORWARDED"],[491,4,1,"","KDC_OPT_POSTDATED"],[492,4,1,"","KDC_OPT_PROXIABLE"],[493,4,1,"","KDC_OPT_PROXY"],[494,4,1,"","KDC_OPT_RENEW"],[495,4,1,"","KDC_OPT_RENEWABLE"],[496,4,1,"","KDC_OPT_RENEWABLE_OK"],[497,4,1,"","KDC_OPT_REQUEST_ANONYMOUS"],[498,4,1,"","KDC_OPT_VALIDATE"],[499,4,1,"","KDC_TKT_COMMON_MASK"],[500,4,1,"","KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE"],[501,4,1,"","KRB5_ANONYMOUS_PRINCSTR"],[502,4,1,"","KRB5_ANONYMOUS_REALMSTR"],[503,4,1,"","KRB5_AP_REP"],[504,4,1,"","KRB5_AP_REQ"],[505,4,1,"","KRB5_AS_REP"],[506,4,1,"","KRB5_AS_REQ"],[507,4,1,"","KRB5_AUTHDATA_AND_OR"],[508,4,1,"","KRB5_AUTHDATA_AP_OPTIONS"],[509,4,1,"","KRB5_AUTHDATA_AUTH_INDICATOR"],[510,4,1,"","KRB5_AUTHDATA_CAMMAC"],[511,4,1,"","KRB5_AUTHDATA_ETYPE_NEGOTIATION"],[512,4,1,"","KRB5_AUTHDATA_FX_ARMOR"],[513,4,1,"","KRB5_AUTHDATA_IF_RELEVANT"],[514,4,1,"","KRB5_AUTHDATA_INITIAL_VERIFIED_CAS"],[515,4,1,"","KRB5_AUTHDATA_KDC_ISSUED"],[516,4,1,"","KRB5_AUTHDATA_MANDATORY_FOR_KDC"],[517,4,1,"","KRB5_AUTHDATA_OSF_DCE"],[518,4,1,"","KRB5_AUTHDATA_SESAME"],[519,4,1,"","KRB5_AUTHDATA_SIGNTICKET"],[520,4,1,"","KRB5_AUTHDATA_WIN2K_PAC"],[521,4,1,"","KRB5_AUTH_CONTEXT_DO_SEQUENCE"],[522,4,1,"","KRB5_AUTH_CONTEXT_DO_TIME"],[523,4,1,"","KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR"],[524,4,1,"","KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR"],[525,4,1,"","KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR"],[526,4,1,"","KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR"],[527,4,1,"","KRB5_AUTH_CONTEXT_PERMIT_ALL"],[528,4,1,"","KRB5_AUTH_CONTEXT_RET_SEQUENCE"],[529,4,1,"","KRB5_AUTH_CONTEXT_RET_TIME"],[530,4,1,"","KRB5_AUTH_CONTEXT_USE_SUBKEY"],[531,4,1,"","KRB5_CRED"],[532,4,1,"","KRB5_CRYPTO_TYPE_CHECKSUM"],[533,4,1,"","KRB5_CRYPTO_TYPE_DATA"],[534,4,1,"","KRB5_CRYPTO_TYPE_EMPTY"],[535,4,1,"","KRB5_CRYPTO_TYPE_HEADER"],[536,4,1,"","KRB5_CRYPTO_TYPE_PADDING"],[537,4,1,"","KRB5_CRYPTO_TYPE_SIGN_ONLY"],[538,4,1,"","KRB5_CRYPTO_TYPE_STREAM"],[539,4,1,"","KRB5_CRYPTO_TYPE_TRAILER"],[540,4,1,"","KRB5_CYBERSAFE_SECUREID"],[541,4,1,"","KRB5_DOMAIN_X500_COMPRESS"],[542,4,1,"","KRB5_ENCPADATA_REQ_ENC_PA_REP"],[543,4,1,"","KRB5_ERROR"],[544,4,1,"","KRB5_FAST_REQUIRED"],[545,4,1,"","KRB5_GC_CACHED"],[546,4,1,"","KRB5_GC_CANONICALIZE"],[547,4,1,"","KRB5_GC_CONSTRAINED_DELEGATION"],[548,4,1,"","KRB5_GC_FORWARDABLE"],[549,4,1,"","KRB5_GC_NO_STORE"],[550,4,1,"","KRB5_GC_NO_TRANSIT_CHECK"],[551,4,1,"","KRB5_GC_USER_USER"],[552,4,1,"","KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST"],[553,4,1,"","KRB5_GET_INIT_CREDS_OPT_ANONYMOUS"],[554,4,1,"","KRB5_GET_INIT_CREDS_OPT_CANONICALIZE"],[555,4,1,"","KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT"],[556,4,1,"","KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST"],[557,4,1,"","KRB5_GET_INIT_CREDS_OPT_FORWARDABLE"],[558,4,1,"","KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST"],[559,4,1,"","KRB5_GET_INIT_CREDS_OPT_PROXIABLE"],[560,4,1,"","KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE"],[561,4,1,"","KRB5_GET_INIT_CREDS_OPT_SALT"],[562,4,1,"","KRB5_GET_INIT_CREDS_OPT_TKT_LIFE"],[563,4,1,"","KRB5_INIT_CONTEXT_KDC"],[564,4,1,"","KRB5_INIT_CONTEXT_SECURE"],[565,4,1,"","KRB5_INIT_CREDS_STEP_FLAG_CONTINUE"],[566,4,1,"","KRB5_INT16_MAX"],[567,4,1,"","KRB5_INT16_MIN"],[568,4,1,"","KRB5_INT32_MAX"],[569,4,1,"","KRB5_INT32_MIN"],[570,4,1,"","KRB5_KEYUSAGE_AD_ITE"],[571,4,1,"","KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM"],[572,4,1,"","KRB5_KEYUSAGE_AD_MTE"],[573,4,1,"","KRB5_KEYUSAGE_AD_SIGNEDPATH"],[574,4,1,"","KRB5_KEYUSAGE_APP_DATA_CKSUM"],[575,4,1,"","KRB5_KEYUSAGE_APP_DATA_ENCRYPT"],[576,4,1,"","KRB5_KEYUSAGE_AP_REP_ENCPART"],[577,4,1,"","KRB5_KEYUSAGE_AP_REQ_AUTH"],[578,4,1,"","KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM"],[579,4,1,"","KRB5_KEYUSAGE_AS_REP_ENCPART"],[580,4,1,"","KRB5_KEYUSAGE_AS_REQ"],[581,4,1,"","KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS"],[582,4,1,"","KRB5_KEYUSAGE_CAMMAC"],[583,4,1,"","KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT"],[584,4,1,"","KRB5_KEYUSAGE_ENC_CHALLENGE_KDC"],[585,4,1,"","KRB5_KEYUSAGE_FAST_ENC"],[586,4,1,"","KRB5_KEYUSAGE_FAST_FINISHED"],[587,4,1,"","KRB5_KEYUSAGE_FAST_REP"],[588,4,1,"","KRB5_KEYUSAGE_FAST_REQ_CHKSUM"],[589,4,1,"","KRB5_KEYUSAGE_GSS_TOK_MIC"],[590,4,1,"","KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG"],[591,4,1,"","KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV"],[592,4,1,"","KRB5_KEYUSAGE_IAKERB_FINISHED"],[593,4,1,"","KRB5_KEYUSAGE_KDC_REP_TICKET"],[594,4,1,"","KRB5_KEYUSAGE_KRB_CRED_ENCPART"],[595,4,1,"","KRB5_KEYUSAGE_KRB_ERROR_CKSUM"],[596,4,1,"","KRB5_KEYUSAGE_KRB_PRIV_ENCPART"],[597,4,1,"","KRB5_KEYUSAGE_KRB_SAFE_CKSUM"],[598,4,1,"","KRB5_KEYUSAGE_PA_AS_FRESHNESS"],[599,4,1,"","KRB5_KEYUSAGE_PA_FX_COOKIE"],[600,4,1,"","KRB5_KEYUSAGE_PA_OTP_REQUEST"],[601,4,1,"","KRB5_KEYUSAGE_PA_PKINIT_KX"],[602,4,1,"","KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY"],[603,4,1,"","KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST"],[604,4,1,"","KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM"],[605,4,1,"","KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID"],[606,4,1,"","KRB5_KEYUSAGE_PA_SAM_RESPONSE"],[607,4,1,"","KRB5_KEYUSAGE_SPAKE"],[608,4,1,"","KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY"],[609,4,1,"","KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY"],[610,4,1,"","KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY"],[611,4,1,"","KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY"],[612,4,1,"","KRB5_KEYUSAGE_TGS_REQ_AUTH"],[613,4,1,"","KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM"],[614,4,1,"","KRB5_KPASSWD_ACCESSDENIED"],[615,4,1,"","KRB5_KPASSWD_AUTHERROR"],[616,4,1,"","KRB5_KPASSWD_BAD_VERSION"],[617,4,1,"","KRB5_KPASSWD_HARDERROR"],[618,4,1,"","KRB5_KPASSWD_INITIAL_FLAG_NEEDED"],[619,4,1,"","KRB5_KPASSWD_MALFORMED"],[620,4,1,"","KRB5_KPASSWD_SOFTERROR"],[621,4,1,"","KRB5_KPASSWD_SUCCESS"],[622,4,1,"","KRB5_LRQ_ALL_ACCT_EXPTIME"],[623,4,1,"","KRB5_LRQ_ALL_LAST_INITIAL"],[624,4,1,"","KRB5_LRQ_ALL_LAST_RENEWAL"],[625,4,1,"","KRB5_LRQ_ALL_LAST_REQ"],[626,4,1,"","KRB5_LRQ_ALL_LAST_TGT"],[627,4,1,"","KRB5_LRQ_ALL_LAST_TGT_ISSUED"],[628,4,1,"","KRB5_LRQ_ALL_PW_EXPTIME"],[629,4,1,"","KRB5_LRQ_NONE"],[630,4,1,"","KRB5_LRQ_ONE_ACCT_EXPTIME"],[631,4,1,"","KRB5_LRQ_ONE_LAST_INITIAL"],[632,4,1,"","KRB5_LRQ_ONE_LAST_RENEWAL"],[633,4,1,"","KRB5_LRQ_ONE_LAST_REQ"],[634,4,1,"","KRB5_LRQ_ONE_LAST_TGT"],[635,4,1,"","KRB5_LRQ_ONE_LAST_TGT_ISSUED"],[636,4,1,"","KRB5_LRQ_ONE_PW_EXPTIME"],[637,4,1,"","KRB5_NT_ENTERPRISE_PRINCIPAL"],[638,4,1,"","KRB5_NT_ENT_PRINCIPAL_AND_ID"],[639,4,1,"","KRB5_NT_MS_PRINCIPAL"],[640,4,1,"","KRB5_NT_MS_PRINCIPAL_AND_ID"],[641,4,1,"","KRB5_NT_PRINCIPAL"],[642,4,1,"","KRB5_NT_SMTP_NAME"],[643,4,1,"","KRB5_NT_SRV_HST"],[644,4,1,"","KRB5_NT_SRV_INST"],[645,4,1,"","KRB5_NT_SRV_XHST"],[646,4,1,"","KRB5_NT_UID"],[647,4,1,"","KRB5_NT_UNKNOWN"],[648,4,1,"","KRB5_NT_WELLKNOWN"],[649,4,1,"","KRB5_NT_X500_PRINCIPAL"],[650,4,1,"","KRB5_PAC_ATTRIBUTES_INFO"],[651,4,1,"","KRB5_PAC_CLIENT_CLAIMS"],[652,4,1,"","KRB5_PAC_CLIENT_INFO"],[653,4,1,"","KRB5_PAC_CREDENTIALS_INFO"],[654,4,1,"","KRB5_PAC_DELEGATION_INFO"],[655,4,1,"","KRB5_PAC_DEVICE_CLAIMS"],[656,4,1,"","KRB5_PAC_DEVICE_INFO"],[657,4,1,"","KRB5_PAC_FULL_CHECKSUM"],[658,4,1,"","KRB5_PAC_LOGON_INFO"],[659,4,1,"","KRB5_PAC_PRIVSVR_CHECKSUM"],[660,4,1,"","KRB5_PAC_REQUESTOR"],[661,4,1,"","KRB5_PAC_SERVER_CHECKSUM"],[662,4,1,"","KRB5_PAC_TICKET_CHECKSUM"],[663,4,1,"","KRB5_PAC_UPN_DNS_INFO"],[664,4,1,"","KRB5_PADATA_AFS3_SALT"],[665,4,1,"","KRB5_PADATA_AP_REQ"],[666,4,1,"","KRB5_PADATA_AS_CHECKSUM"],[667,4,1,"","KRB5_PADATA_AS_FRESHNESS"],[668,4,1,"","KRB5_PADATA_ENCRYPTED_CHALLENGE"],[669,4,1,"","KRB5_PADATA_ENC_SANDIA_SECURID"],[670,4,1,"","KRB5_PADATA_ENC_TIMESTAMP"],[671,4,1,"","KRB5_PADATA_ENC_UNIX_TIME"],[672,4,1,"","KRB5_PADATA_ETYPE_INFO"],[673,4,1,"","KRB5_PADATA_ETYPE_INFO2"],[674,4,1,"","KRB5_PADATA_FOR_USER"],[675,4,1,"","KRB5_PADATA_FX_COOKIE"],[676,4,1,"","KRB5_PADATA_FX_ERROR"],[677,4,1,"","KRB5_PADATA_FX_FAST"],[678,4,1,"","KRB5_PADATA_GET_FROM_TYPED_DATA"],[679,4,1,"","KRB5_PADATA_NONE"],[680,4,1,"","KRB5_PADATA_OSF_DCE"],[681,4,1,"","KRB5_PADATA_OTP_CHALLENGE"],[682,4,1,"","KRB5_PADATA_OTP_PIN_CHANGE"],[683,4,1,"","KRB5_PADATA_OTP_REQUEST"],[684,4,1,"","KRB5_PADATA_PAC_OPTIONS"],[685,4,1,"","KRB5_PADATA_PAC_REQUEST"],[686,4,1,"","KRB5_PADATA_PKINIT_KX"],[687,4,1,"","KRB5_PADATA_PK_AS_REP"],[688,4,1,"","KRB5_PADATA_PK_AS_REP_OLD"],[689,4,1,"","KRB5_PADATA_PK_AS_REQ"],[690,4,1,"","KRB5_PADATA_PK_AS_REQ_OLD"],[691,4,1,"","KRB5_PADATA_PW_SALT"],[692,4,1,"","KRB5_PADATA_REDHAT_IDP_OAUTH2"],[693,4,1,"","KRB5_PADATA_REDHAT_PASSKEY"],[694,4,1,"","KRB5_PADATA_REFERRAL"],[695,4,1,"","KRB5_PADATA_S4U_X509_USER"],[696,4,1,"","KRB5_PADATA_SAM_CHALLENGE"],[697,4,1,"","KRB5_PADATA_SAM_CHALLENGE_2"],[698,4,1,"","KRB5_PADATA_SAM_REDIRECT"],[699,4,1,"","KRB5_PADATA_SAM_RESPONSE"],[700,4,1,"","KRB5_PADATA_SAM_RESPONSE_2"],[701,4,1,"","KRB5_PADATA_SESAME"],[702,4,1,"","KRB5_PADATA_SPAKE"],[703,4,1,"","KRB5_PADATA_SVR_REFERRAL_INFO"],[704,4,1,"","KRB5_PADATA_TGS_REQ"],[705,4,1,"","KRB5_PADATA_USE_SPECIFIED_KVNO"],[706,4,1,"","KRB5_PRINCIPAL_COMPARE_CASEFOLD"],[707,4,1,"","KRB5_PRINCIPAL_COMPARE_ENTERPRISE"],[708,4,1,"","KRB5_PRINCIPAL_COMPARE_IGNORE_REALM"],[709,4,1,"","KRB5_PRINCIPAL_COMPARE_UTF8"],[710,4,1,"","KRB5_PRINCIPAL_PARSE_ENTERPRISE"],[711,4,1,"","KRB5_PRINCIPAL_PARSE_IGNORE_REALM"],[712,4,1,"","KRB5_PRINCIPAL_PARSE_NO_DEF_REALM"],[713,4,1,"","KRB5_PRINCIPAL_PARSE_NO_REALM"],[714,4,1,"","KRB5_PRINCIPAL_PARSE_REQUIRE_REALM"],[715,4,1,"","KRB5_PRINCIPAL_UNPARSE_DISPLAY"],[716,4,1,"","KRB5_PRINCIPAL_UNPARSE_NO_REALM"],[717,4,1,"","KRB5_PRINCIPAL_UNPARSE_SHORT"],[718,4,1,"","KRB5_PRIV"],[719,4,1,"","KRB5_PROMPT_TYPE_NEW_PASSWORD"],[720,4,1,"","KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN"],[721,4,1,"","KRB5_PROMPT_TYPE_PASSWORD"],[722,4,1,"","KRB5_PROMPT_TYPE_PREAUTH"],[723,4,1,"","KRB5_PVNO"],[724,4,1,"","KRB5_REALM_BRANCH_CHAR"],[725,4,1,"","KRB5_RECVAUTH_BADAUTHVERS"],[726,4,1,"","KRB5_RECVAUTH_SKIP_VERSION"],[727,4,1,"","KRB5_REFERRAL_REALM"],[728,4,1,"","KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN"],[729,4,1,"","KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN"],[730,4,1,"","KRB5_RESPONDER_OTP_FLAGS_NEXTOTP"],[731,4,1,"","KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN"],[732,4,1,"","KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC"],[733,4,1,"","KRB5_RESPONDER_OTP_FORMAT_DECIMAL"],[734,4,1,"","KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL"],[735,4,1,"","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW"],[736,4,1,"","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY"],[737,4,1,"","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED"],[738,4,1,"","KRB5_RESPONDER_QUESTION_OTP"],[739,4,1,"","KRB5_RESPONDER_QUESTION_PASSWORD"],[740,4,1,"","KRB5_RESPONDER_QUESTION_PKINIT"],[741,4,1,"","KRB5_SAFE"],[742,4,1,"","KRB5_SAM_MUST_PK_ENCRYPT_SAD"],[743,4,1,"","KRB5_SAM_SEND_ENCRYPTED_SAD"],[744,4,1,"","KRB5_SAM_USE_SAD_AS_KEY"],[745,4,1,"","KRB5_TC_MATCH_2ND_TKT"],[746,4,1,"","KRB5_TC_MATCH_AUTHDATA"],[747,4,1,"","KRB5_TC_MATCH_FLAGS"],[748,4,1,"","KRB5_TC_MATCH_FLAGS_EXACT"],[749,4,1,"","KRB5_TC_MATCH_IS_SKEY"],[750,4,1,"","KRB5_TC_MATCH_KTYPE"],[751,4,1,"","KRB5_TC_MATCH_SRV_NAMEONLY"],[752,4,1,"","KRB5_TC_MATCH_TIMES"],[753,4,1,"","KRB5_TC_MATCH_TIMES_EXACT"],[754,4,1,"","KRB5_TC_NOTICKET"],[755,4,1,"","KRB5_TC_OPENCLOSE"],[756,4,1,"","KRB5_TC_SUPPORTED_KTYPES"],[757,4,1,"","KRB5_TGS_NAME"],[758,4,1,"","KRB5_TGS_NAME_SIZE"],[759,4,1,"","KRB5_TGS_REP"],[760,4,1,"","KRB5_TGS_REQ"],[761,4,1,"","KRB5_TKT_CREDS_STEP_FLAG_CONTINUE"],[762,4,1,"","KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL"],[763,4,1,"","KRB5_WELLKNOWN_NAMESTR"],[764,4,1,"","LR_TYPE_INTERPRETATION_MASK"],[765,4,1,"","LR_TYPE_THIS_SERVER_ONLY"],[766,4,1,"","MAX_KEYTAB_NAME_LEN"],[767,4,1,"","MSEC_DIRBIT"],[768,4,1,"","MSEC_VAL_MASK"],[769,4,1,"","SALT_TYPE_AFS_LENGTH"],[770,4,1,"","SALT_TYPE_NO_LENGTH"],[771,4,1,"","THREEPARAMOPEN"],[772,4,1,"","TKT_FLG_ANONYMOUS"],[773,4,1,"","TKT_FLG_ENC_PA_REP"],[774,4,1,"","TKT_FLG_FORWARDABLE"],[775,4,1,"","TKT_FLG_FORWARDED"],[776,4,1,"","TKT_FLG_HW_AUTH"],[777,4,1,"","TKT_FLG_INITIAL"],[778,4,1,"","TKT_FLG_INVALID"],[779,4,1,"","TKT_FLG_MAY_POSTDATE"],[780,4,1,"","TKT_FLG_OK_AS_DELEGATE"],[781,4,1,"","TKT_FLG_POSTDATED"],[782,4,1,"","TKT_FLG_PRE_AUTH"],[783,4,1,"","TKT_FLG_PROXIABLE"],[784,4,1,"","TKT_FLG_PROXY"],[785,4,1,"","TKT_FLG_RENEWABLE"],[786,4,1,"","TKT_FLG_TRANSIT_POLICY_CHECKED"],[787,4,1,"","VALID_INT_BITS"],[788,4,1,"","VALID_UINT_BITS"],[790,4,1,"","krb524_convert_creds_kdc"],[791,4,1,"","krb524_init_ets"],[792,4,1,"","krb5_const"],[793,4,1,"","krb5_princ_component"],[794,4,1,"","krb5_princ_name"],[795,4,1,"","krb5_princ_realm"],[796,4,1,"","krb5_princ_set_realm"],[797,4,1,"","krb5_princ_set_realm_data"],[798,4,1,"","krb5_princ_set_realm_length"],[799,4,1,"","krb5_princ_size"],[800,4,1,"","krb5_princ_type"],[801,4,1,"","krb5_roundup"],[802,4,1,"","krb5_x"],[803,4,1,"","krb5_xc"]],krb5_425_conv_principal:[[49,1,1,"c.krb5_425_conv_principal","context"],[49,1,1,"c.krb5_425_conv_principal","instance"],[49,1,1,"c.krb5_425_conv_principal","name"],[49,1,1,"c.krb5_425_conv_principal","princ"],[49,1,1,"c.krb5_425_conv_principal","realm"]],krb5_524_conv_principal:[[50,1,1,"c.krb5_524_conv_principal","context"],[50,1,1,"c.krb5_524_conv_principal","inst"],[50,1,1,"c.krb5_524_conv_principal","name"],[50,1,1,"c.krb5_524_conv_principal","princ"],[50,1,1,"c.krb5_524_conv_principal","realm"]],krb5_524_convert_creds:[[51,1,1,"c.krb5_524_convert_creds","context"],[51,1,1,"c.krb5_524_convert_creds","v4creds"],[51,1,1,"c.krb5_524_convert_creds","v5creds"]],krb5_address:[[805,3,1,"c.krb5_address.addrtype","addrtype"],[805,3,1,"c.krb5_address.contents","contents"],[805,3,1,"c.krb5_address.length","length"],[805,3,1,"c.krb5_address.magic","magic"]],krb5_address_compare:[[52,1,1,"c.krb5_address_compare","addr1"],[52,1,1,"c.krb5_address_compare","addr2"],[52,1,1,"c.krb5_address_compare","context"]],krb5_address_order:[[53,1,1,"c.krb5_address_order","addr1"],[53,1,1,"c.krb5_address_order","addr2"],[53,1,1,"c.krb5_address_order","context"]],krb5_address_search:[[54,1,1,"c.krb5_address_search","addr"],[54,1,1,"c.krb5_address_search","addrlist"],[54,1,1,"c.krb5_address_search","context"]],krb5_allow_weak_crypto:[[55,1,1,"c.krb5_allow_weak_crypto","context"],[55,1,1,"c.krb5_allow_weak_crypto","enable"]],krb5_aname_to_localname:[[56,1,1,"c.krb5_aname_to_localname","aname"],[56,1,1,"c.krb5_aname_to_localname","context"],[56,1,1,"c.krb5_aname_to_localname","lname"],[56,1,1,"c.krb5_aname_to_localname","lnsize_in"]],krb5_anonymous_principal:[[57,1,1,"c.krb5_anonymous_principal","None"]],krb5_anonymous_realm:[[58,1,1,"c.krb5_anonymous_realm","None"]],krb5_ap_rep:[[807,3,1,"c.krb5_ap_rep.enc_part","enc_part"],[807,3,1,"c.krb5_ap_rep.magic","magic"]],krb5_ap_rep_enc_part:[[808,3,1,"c.krb5_ap_rep_enc_part.ctime","ctime"],[808,3,1,"c.krb5_ap_rep_enc_part.cusec","cusec"],[808,3,1,"c.krb5_ap_rep_enc_part.magic","magic"],[808,3,1,"c.krb5_ap_rep_enc_part.seq_number","seq_number"],[808,3,1,"c.krb5_ap_rep_enc_part.subkey","subkey"]],krb5_ap_req:[[809,3,1,"c.krb5_ap_req.ap_options","ap_options"],[809,3,1,"c.krb5_ap_req.authenticator","authenticator"],[809,3,1,"c.krb5_ap_req.magic","magic"],[809,3,1,"c.krb5_ap_req.ticket","ticket"]],krb5_appdefault_boolean:[[59,1,1,"c.krb5_appdefault_boolean","appname"],[59,1,1,"c.krb5_appdefault_boolean","context"],[59,1,1,"c.krb5_appdefault_boolean","default_value"],[59,1,1,"c.krb5_appdefault_boolean","option"],[59,1,1,"c.krb5_appdefault_boolean","realm"],[59,1,1,"c.krb5_appdefault_boolean","ret_value"]],krb5_appdefault_string:[[60,1,1,"c.krb5_appdefault_string","appname"],[60,1,1,"c.krb5_appdefault_string","context"],[60,1,1,"c.krb5_appdefault_string","default_value"],[60,1,1,"c.krb5_appdefault_string","option"],[60,1,1,"c.krb5_appdefault_string","realm"],[60,1,1,"c.krb5_appdefault_string","ret_value"]],krb5_auth_con_free:[[61,1,1,"c.krb5_auth_con_free","auth_context"],[61,1,1,"c.krb5_auth_con_free","context"]],krb5_auth_con_genaddrs:[[62,1,1,"c.krb5_auth_con_genaddrs","auth_context"],[62,1,1,"c.krb5_auth_con_genaddrs","context"],[62,1,1,"c.krb5_auth_con_genaddrs","flags"],[62,1,1,"c.krb5_auth_con_genaddrs","infd"]],krb5_auth_con_get_checksum_func:[[63,1,1,"c.krb5_auth_con_get_checksum_func","auth_context"],[63,1,1,"c.krb5_auth_con_get_checksum_func","context"],[63,1,1,"c.krb5_auth_con_get_checksum_func","data"],[63,1,1,"c.krb5_auth_con_get_checksum_func","func"]],krb5_auth_con_getaddrs:[[64,1,1,"c.krb5_auth_con_getaddrs","auth_context"],[64,1,1,"c.krb5_auth_con_getaddrs","context"],[64,1,1,"c.krb5_auth_con_getaddrs","local_addr"],[64,1,1,"c.krb5_auth_con_getaddrs","remote_addr"]],krb5_auth_con_getauthenticator:[[65,1,1,"c.krb5_auth_con_getauthenticator","auth_context"],[65,1,1,"c.krb5_auth_con_getauthenticator","authenticator"],[65,1,1,"c.krb5_auth_con_getauthenticator","context"]],krb5_auth_con_getflags:[[66,1,1,"c.krb5_auth_con_getflags","auth_context"],[66,1,1,"c.krb5_auth_con_getflags","context"],[66,1,1,"c.krb5_auth_con_getflags","flags"]],krb5_auth_con_getkey:[[67,1,1,"c.krb5_auth_con_getkey","auth_context"],[67,1,1,"c.krb5_auth_con_getkey","context"],[67,1,1,"c.krb5_auth_con_getkey","keyblock"]],krb5_auth_con_getkey_k:[[68,1,1,"c.krb5_auth_con_getkey_k","auth_context"],[68,1,1,"c.krb5_auth_con_getkey_k","context"],[68,1,1,"c.krb5_auth_con_getkey_k","key"]],krb5_auth_con_getlocalseqnumber:[[69,1,1,"c.krb5_auth_con_getlocalseqnumber","auth_context"],[69,1,1,"c.krb5_auth_con_getlocalseqnumber","context"],[69,1,1,"c.krb5_auth_con_getlocalseqnumber","seqnumber"]],krb5_auth_con_getlocalsubkey:[[70,1,1,"c.krb5_auth_con_getlocalsubkey","auth_context"],[70,1,1,"c.krb5_auth_con_getlocalsubkey","context"],[70,1,1,"c.krb5_auth_con_getlocalsubkey","keyblock"]],krb5_auth_con_getrcache:[[71,1,1,"c.krb5_auth_con_getrcache","auth_context"],[71,1,1,"c.krb5_auth_con_getrcache","context"],[71,1,1,"c.krb5_auth_con_getrcache","rcache"]],krb5_auth_con_getrecvsubkey:[[72,1,1,"c.krb5_auth_con_getrecvsubkey","ac"],[72,1,1,"c.krb5_auth_con_getrecvsubkey","ctx"],[72,1,1,"c.krb5_auth_con_getrecvsubkey","keyblock"]],krb5_auth_con_getrecvsubkey_k:[[73,1,1,"c.krb5_auth_con_getrecvsubkey_k","ac"],[73,1,1,"c.krb5_auth_con_getrecvsubkey_k","ctx"],[73,1,1,"c.krb5_auth_con_getrecvsubkey_k","key"]],krb5_auth_con_getremoteseqnumber:[[74,1,1,"c.krb5_auth_con_getremoteseqnumber","auth_context"],[74,1,1,"c.krb5_auth_con_getremoteseqnumber","context"],[74,1,1,"c.krb5_auth_con_getremoteseqnumber","seqnumber"]],krb5_auth_con_getremotesubkey:[[75,1,1,"c.krb5_auth_con_getremotesubkey","auth_context"],[75,1,1,"c.krb5_auth_con_getremotesubkey","context"],[75,1,1,"c.krb5_auth_con_getremotesubkey","keyblock"]],krb5_auth_con_getsendsubkey:[[76,1,1,"c.krb5_auth_con_getsendsubkey","ac"],[76,1,1,"c.krb5_auth_con_getsendsubkey","ctx"],[76,1,1,"c.krb5_auth_con_getsendsubkey","keyblock"]],krb5_auth_con_getsendsubkey_k:[[77,1,1,"c.krb5_auth_con_getsendsubkey_k","ac"],[77,1,1,"c.krb5_auth_con_getsendsubkey_k","ctx"],[77,1,1,"c.krb5_auth_con_getsendsubkey_k","key"]],krb5_auth_con_init:[[78,1,1,"c.krb5_auth_con_init","auth_context"],[78,1,1,"c.krb5_auth_con_init","context"]],krb5_auth_con_initivector:[[79,1,1,"c.krb5_auth_con_initivector","auth_context"],[79,1,1,"c.krb5_auth_con_initivector","context"]],krb5_auth_con_set_checksum_func:[[80,1,1,"c.krb5_auth_con_set_checksum_func","auth_context"],[80,1,1,"c.krb5_auth_con_set_checksum_func","context"],[80,1,1,"c.krb5_auth_con_set_checksum_func","data"],[80,1,1,"c.krb5_auth_con_set_checksum_func","func"]],krb5_auth_con_set_req_cksumtype:[[81,1,1,"c.krb5_auth_con_set_req_cksumtype","auth_context"],[81,1,1,"c.krb5_auth_con_set_req_cksumtype","cksumtype"],[81,1,1,"c.krb5_auth_con_set_req_cksumtype","context"]],krb5_auth_con_setaddrs:[[82,1,1,"c.krb5_auth_con_setaddrs","auth_context"],[82,1,1,"c.krb5_auth_con_setaddrs","context"],[82,1,1,"c.krb5_auth_con_setaddrs","local_addr"],[82,1,1,"c.krb5_auth_con_setaddrs","remote_addr"]],krb5_auth_con_setflags:[[83,1,1,"c.krb5_auth_con_setflags","auth_context"],[83,1,1,"c.krb5_auth_con_setflags","context"],[83,1,1,"c.krb5_auth_con_setflags","flags"]],krb5_auth_con_setports:[[84,1,1,"c.krb5_auth_con_setports","auth_context"],[84,1,1,"c.krb5_auth_con_setports","context"],[84,1,1,"c.krb5_auth_con_setports","local_port"],[84,1,1,"c.krb5_auth_con_setports","remote_port"]],krb5_auth_con_setrcache:[[85,1,1,"c.krb5_auth_con_setrcache","auth_context"],[85,1,1,"c.krb5_auth_con_setrcache","context"],[85,1,1,"c.krb5_auth_con_setrcache","rcache"]],krb5_auth_con_setrecvsubkey:[[86,1,1,"c.krb5_auth_con_setrecvsubkey","ac"],[86,1,1,"c.krb5_auth_con_setrecvsubkey","ctx"],[86,1,1,"c.krb5_auth_con_setrecvsubkey","keyblock"]],krb5_auth_con_setrecvsubkey_k:[[87,1,1,"c.krb5_auth_con_setrecvsubkey_k","ac"],[87,1,1,"c.krb5_auth_con_setrecvsubkey_k","ctx"],[87,1,1,"c.krb5_auth_con_setrecvsubkey_k","key"]],krb5_auth_con_setsendsubkey:[[88,1,1,"c.krb5_auth_con_setsendsubkey","ac"],[88,1,1,"c.krb5_auth_con_setsendsubkey","ctx"],[88,1,1,"c.krb5_auth_con_setsendsubkey","keyblock"]],krb5_auth_con_setsendsubkey_k:[[89,1,1,"c.krb5_auth_con_setsendsubkey_k","ac"],[89,1,1,"c.krb5_auth_con_setsendsubkey_k","ctx"],[89,1,1,"c.krb5_auth_con_setsendsubkey_k","key"]],krb5_auth_con_setuseruserkey:[[90,1,1,"c.krb5_auth_con_setuseruserkey","auth_context"],[90,1,1,"c.krb5_auth_con_setuseruserkey","context"],[90,1,1,"c.krb5_auth_con_setuseruserkey","keyblock"]],krb5_authdata:[[811,3,1,"c.krb5_authdata.ad_type","ad_type"],[811,3,1,"c.krb5_authdata.contents","contents"],[811,3,1,"c.krb5_authdata.length","length"],[811,3,1,"c.krb5_authdata.magic","magic"]],krb5_authenticator:[[813,3,1,"c.krb5_authenticator.authorization_data","authorization_data"],[813,3,1,"c.krb5_authenticator.checksum","checksum"],[813,3,1,"c.krb5_authenticator.client","client"],[813,3,1,"c.krb5_authenticator.ctime","ctime"],[813,3,1,"c.krb5_authenticator.cusec","cusec"],[813,3,1,"c.krb5_authenticator.magic","magic"],[813,3,1,"c.krb5_authenticator.seq_number","seq_number"],[813,3,1,"c.krb5_authenticator.subkey","subkey"]],krb5_build_principal:[[91,1,1,"c.krb5_build_principal","context"],[91,1,1,"c.krb5_build_principal","princ"],[91,1,1,"c.krb5_build_principal","realm"],[91,1,1,"c.krb5_build_principal","rlen"]],krb5_build_principal_alloc_va:[[92,1,1,"c.krb5_build_principal_alloc_va","ap"],[92,1,1,"c.krb5_build_principal_alloc_va","context"],[92,1,1,"c.krb5_build_principal_alloc_va","princ"],[92,1,1,"c.krb5_build_principal_alloc_va","realm"],[92,1,1,"c.krb5_build_principal_alloc_va","rlen"]],krb5_build_principal_ext:[[93,1,1,"c.krb5_build_principal_ext","context"],[93,1,1,"c.krb5_build_principal_ext","princ"],[93,1,1,"c.krb5_build_principal_ext","realm"],[93,1,1,"c.krb5_build_principal_ext","rlen"]],krb5_build_principal_va:[[94,1,1,"c.krb5_build_principal_va","ap"],[94,1,1,"c.krb5_build_principal_va","context"],[94,1,1,"c.krb5_build_principal_va","princ"],[94,1,1,"c.krb5_build_principal_va","realm"],[94,1,1,"c.krb5_build_principal_va","rlen"]],krb5_c_block_size:[[95,1,1,"c.krb5_c_block_size","blocksize"],[95,1,1,"c.krb5_c_block_size","context"],[95,1,1,"c.krb5_c_block_size","enctype"]],krb5_c_checksum_length:[[96,1,1,"c.krb5_c_checksum_length","cksumtype"],[96,1,1,"c.krb5_c_checksum_length","context"],[96,1,1,"c.krb5_c_checksum_length","length"]],krb5_c_crypto_length:[[97,1,1,"c.krb5_c_crypto_length","context"],[97,1,1,"c.krb5_c_crypto_length","enctype"],[97,1,1,"c.krb5_c_crypto_length","size"],[97,1,1,"c.krb5_c_crypto_length","type"]],krb5_c_crypto_length_iov:[[98,1,1,"c.krb5_c_crypto_length_iov","context"],[98,1,1,"c.krb5_c_crypto_length_iov","data"],[98,1,1,"c.krb5_c_crypto_length_iov","enctype"],[98,1,1,"c.krb5_c_crypto_length_iov","num_data"]],krb5_c_decrypt:[[99,1,1,"c.krb5_c_decrypt","cipher_state"],[99,1,1,"c.krb5_c_decrypt","context"],[99,1,1,"c.krb5_c_decrypt","input"],[99,1,1,"c.krb5_c_decrypt","key"],[99,1,1,"c.krb5_c_decrypt","output"],[99,1,1,"c.krb5_c_decrypt","usage"]],krb5_c_decrypt_iov:[[100,1,1,"c.krb5_c_decrypt_iov","cipher_state"],[100,1,1,"c.krb5_c_decrypt_iov","context"],[100,1,1,"c.krb5_c_decrypt_iov","data"],[100,1,1,"c.krb5_c_decrypt_iov","keyblock"],[100,1,1,"c.krb5_c_decrypt_iov","num_data"],[100,1,1,"c.krb5_c_decrypt_iov","usage"]],krb5_c_derive_prfplus:[[101,1,1,"c.krb5_c_derive_prfplus","context"],[101,1,1,"c.krb5_c_derive_prfplus","enctype"],[101,1,1,"c.krb5_c_derive_prfplus","input"],[101,1,1,"c.krb5_c_derive_prfplus","k"],[101,1,1,"c.krb5_c_derive_prfplus","out"]],krb5_c_encrypt:[[102,1,1,"c.krb5_c_encrypt","cipher_state"],[102,1,1,"c.krb5_c_encrypt","context"],[102,1,1,"c.krb5_c_encrypt","input"],[102,1,1,"c.krb5_c_encrypt","key"],[102,1,1,"c.krb5_c_encrypt","output"],[102,1,1,"c.krb5_c_encrypt","usage"]],krb5_c_encrypt_iov:[[103,1,1,"c.krb5_c_encrypt_iov","cipher_state"],[103,1,1,"c.krb5_c_encrypt_iov","context"],[103,1,1,"c.krb5_c_encrypt_iov","data"],[103,1,1,"c.krb5_c_encrypt_iov","keyblock"],[103,1,1,"c.krb5_c_encrypt_iov","num_data"],[103,1,1,"c.krb5_c_encrypt_iov","usage"]],krb5_c_encrypt_length:[[104,1,1,"c.krb5_c_encrypt_length","context"],[104,1,1,"c.krb5_c_encrypt_length","enctype"],[104,1,1,"c.krb5_c_encrypt_length","inputlen"],[104,1,1,"c.krb5_c_encrypt_length","length"]],krb5_c_enctype_compare:[[105,1,1,"c.krb5_c_enctype_compare","context"],[105,1,1,"c.krb5_c_enctype_compare","e1"],[105,1,1,"c.krb5_c_enctype_compare","e2"],[105,1,1,"c.krb5_c_enctype_compare","similar"]],krb5_c_free_state:[[106,1,1,"c.krb5_c_free_state","context"],[106,1,1,"c.krb5_c_free_state","key"],[106,1,1,"c.krb5_c_free_state","state"]],krb5_c_fx_cf2_simple:[[107,1,1,"c.krb5_c_fx_cf2_simple","context"],[107,1,1,"c.krb5_c_fx_cf2_simple","k1"],[107,1,1,"c.krb5_c_fx_cf2_simple","k2"],[107,1,1,"c.krb5_c_fx_cf2_simple","out"],[107,1,1,"c.krb5_c_fx_cf2_simple","pepper1"],[107,1,1,"c.krb5_c_fx_cf2_simple","pepper2"]],krb5_c_init_state:[[108,1,1,"c.krb5_c_init_state","context"],[108,1,1,"c.krb5_c_init_state","key"],[108,1,1,"c.krb5_c_init_state","new_state"],[108,1,1,"c.krb5_c_init_state","usage"]],krb5_c_is_coll_proof_cksum:[[109,1,1,"c.krb5_c_is_coll_proof_cksum","ctype"]],krb5_c_is_keyed_cksum:[[110,1,1,"c.krb5_c_is_keyed_cksum","ctype"]],krb5_c_keyed_checksum_types:[[111,1,1,"c.krb5_c_keyed_checksum_types","cksumtypes"],[111,1,1,"c.krb5_c_keyed_checksum_types","context"],[111,1,1,"c.krb5_c_keyed_checksum_types","count"],[111,1,1,"c.krb5_c_keyed_checksum_types","enctype"]],krb5_c_keylengths:[[112,1,1,"c.krb5_c_keylengths","context"],[112,1,1,"c.krb5_c_keylengths","enctype"],[112,1,1,"c.krb5_c_keylengths","keybytes"],[112,1,1,"c.krb5_c_keylengths","keylength"]],krb5_c_make_checksum:[[113,1,1,"c.krb5_c_make_checksum","cksum"],[113,1,1,"c.krb5_c_make_checksum","cksumtype"],[113,1,1,"c.krb5_c_make_checksum","context"],[113,1,1,"c.krb5_c_make_checksum","input"],[113,1,1,"c.krb5_c_make_checksum","key"],[113,1,1,"c.krb5_c_make_checksum","usage"]],krb5_c_make_checksum_iov:[[114,1,1,"c.krb5_c_make_checksum_iov","cksumtype"],[114,1,1,"c.krb5_c_make_checksum_iov","context"],[114,1,1,"c.krb5_c_make_checksum_iov","data"],[114,1,1,"c.krb5_c_make_checksum_iov","key"],[114,1,1,"c.krb5_c_make_checksum_iov","num_data"],[114,1,1,"c.krb5_c_make_checksum_iov","usage"]],krb5_c_make_random_key:[[115,1,1,"c.krb5_c_make_random_key","context"],[115,1,1,"c.krb5_c_make_random_key","enctype"],[115,1,1,"c.krb5_c_make_random_key","k5_random_key"]],krb5_c_padding_length:[[116,1,1,"c.krb5_c_padding_length","context"],[116,1,1,"c.krb5_c_padding_length","data_length"],[116,1,1,"c.krb5_c_padding_length","enctype"],[116,1,1,"c.krb5_c_padding_length","size"]],krb5_c_prf:[[117,1,1,"c.krb5_c_prf","context"],[117,1,1,"c.krb5_c_prf","input"],[117,1,1,"c.krb5_c_prf","keyblock"],[117,1,1,"c.krb5_c_prf","output"]],krb5_c_prf_length:[[118,1,1,"c.krb5_c_prf_length","context"],[118,1,1,"c.krb5_c_prf_length","enctype"],[118,1,1,"c.krb5_c_prf_length","len"]],krb5_c_prfplus:[[119,1,1,"c.krb5_c_prfplus","context"],[119,1,1,"c.krb5_c_prfplus","input"],[119,1,1,"c.krb5_c_prfplus","k"],[119,1,1,"c.krb5_c_prfplus","output"]],krb5_c_random_add_entropy:[[120,1,1,"c.krb5_c_random_add_entropy","context"],[120,1,1,"c.krb5_c_random_add_entropy","data"],[120,1,1,"c.krb5_c_random_add_entropy","randsource"]],krb5_c_random_make_octets:[[121,1,1,"c.krb5_c_random_make_octets","context"],[121,1,1,"c.krb5_c_random_make_octets","data"]],krb5_c_random_os_entropy:[[122,1,1,"c.krb5_c_random_os_entropy","context"],[122,1,1,"c.krb5_c_random_os_entropy","strong"],[122,1,1,"c.krb5_c_random_os_entropy","success"]],krb5_c_random_seed:[[123,1,1,"c.krb5_c_random_seed","context"],[123,1,1,"c.krb5_c_random_seed","data"]],krb5_c_random_to_key:[[124,1,1,"c.krb5_c_random_to_key","context"],[124,1,1,"c.krb5_c_random_to_key","enctype"],[124,1,1,"c.krb5_c_random_to_key","k5_random_key"],[124,1,1,"c.krb5_c_random_to_key","random_data"]],krb5_c_string_to_key:[[125,1,1,"c.krb5_c_string_to_key","context"],[125,1,1,"c.krb5_c_string_to_key","enctype"],[125,1,1,"c.krb5_c_string_to_key","key"],[125,1,1,"c.krb5_c_string_to_key","salt"],[125,1,1,"c.krb5_c_string_to_key","string"]],krb5_c_string_to_key_with_params:[[126,1,1,"c.krb5_c_string_to_key_with_params","context"],[126,1,1,"c.krb5_c_string_to_key_with_params","enctype"],[126,1,1,"c.krb5_c_string_to_key_with_params","key"],[126,1,1,"c.krb5_c_string_to_key_with_params","params"],[126,1,1,"c.krb5_c_string_to_key_with_params","salt"],[126,1,1,"c.krb5_c_string_to_key_with_params","string"]],krb5_c_valid_cksumtype:[[127,1,1,"c.krb5_c_valid_cksumtype","ctype"]],krb5_c_valid_enctype:[[128,1,1,"c.krb5_c_valid_enctype","ktype"]],krb5_c_verify_checksum:[[129,1,1,"c.krb5_c_verify_checksum","cksum"],[129,1,1,"c.krb5_c_verify_checksum","context"],[129,1,1,"c.krb5_c_verify_checksum","data"],[129,1,1,"c.krb5_c_verify_checksum","key"],[129,1,1,"c.krb5_c_verify_checksum","usage"],[129,1,1,"c.krb5_c_verify_checksum","valid"]],krb5_c_verify_checksum_iov:[[130,1,1,"c.krb5_c_verify_checksum_iov","cksumtype"],[130,1,1,"c.krb5_c_verify_checksum_iov","context"],[130,1,1,"c.krb5_c_verify_checksum_iov","data"],[130,1,1,"c.krb5_c_verify_checksum_iov","key"],[130,1,1,"c.krb5_c_verify_checksum_iov","num_data"],[130,1,1,"c.krb5_c_verify_checksum_iov","usage"],[130,1,1,"c.krb5_c_verify_checksum_iov","valid"]],krb5_calculate_checksum:[[131,1,1,"c.krb5_calculate_checksum","context"],[131,1,1,"c.krb5_calculate_checksum","ctype"],[131,1,1,"c.krb5_calculate_checksum","in"],[131,1,1,"c.krb5_calculate_checksum","in_length"],[131,1,1,"c.krb5_calculate_checksum","outcksum"],[131,1,1,"c.krb5_calculate_checksum","seed"],[131,1,1,"c.krb5_calculate_checksum","seed_length"]],krb5_cc_cache_match:[[132,1,1,"c.krb5_cc_cache_match","cache_out"],[132,1,1,"c.krb5_cc_cache_match","client"],[132,1,1,"c.krb5_cc_cache_match","context"]],krb5_cc_close:[[133,1,1,"c.krb5_cc_close","cache"],[133,1,1,"c.krb5_cc_close","context"]],krb5_cc_copy_creds:[[134,1,1,"c.krb5_cc_copy_creds","context"],[134,1,1,"c.krb5_cc_copy_creds","incc"],[134,1,1,"c.krb5_cc_copy_creds","outcc"]],krb5_cc_default:[[135,1,1,"c.krb5_cc_default","ccache"],[135,1,1,"c.krb5_cc_default","context"]],krb5_cc_default_name:[[136,1,1,"c.krb5_cc_default_name","context"]],krb5_cc_destroy:[[137,1,1,"c.krb5_cc_destroy","cache"],[137,1,1,"c.krb5_cc_destroy","context"]],krb5_cc_dup:[[138,1,1,"c.krb5_cc_dup","context"],[138,1,1,"c.krb5_cc_dup","in"],[138,1,1,"c.krb5_cc_dup","out"]],krb5_cc_end_seq_get:[[139,1,1,"c.krb5_cc_end_seq_get","cache"],[139,1,1,"c.krb5_cc_end_seq_get","context"],[139,1,1,"c.krb5_cc_end_seq_get","cursor"]],krb5_cc_gen_new:[[140,1,1,"c.krb5_cc_gen_new","cache"],[140,1,1,"c.krb5_cc_gen_new","context"]],krb5_cc_get_config:[[141,1,1,"c.krb5_cc_get_config","context"],[141,1,1,"c.krb5_cc_get_config","data"],[141,1,1,"c.krb5_cc_get_config","id"],[141,1,1,"c.krb5_cc_get_config","key"],[141,1,1,"c.krb5_cc_get_config","principal"]],krb5_cc_get_flags:[[142,1,1,"c.krb5_cc_get_flags","cache"],[142,1,1,"c.krb5_cc_get_flags","context"],[142,1,1,"c.krb5_cc_get_flags","flags"]],krb5_cc_get_full_name:[[143,1,1,"c.krb5_cc_get_full_name","cache"],[143,1,1,"c.krb5_cc_get_full_name","context"],[143,1,1,"c.krb5_cc_get_full_name","fullname_out"]],krb5_cc_get_name:[[144,1,1,"c.krb5_cc_get_name","cache"],[144,1,1,"c.krb5_cc_get_name","context"]],krb5_cc_get_principal:[[145,1,1,"c.krb5_cc_get_principal","cache"],[145,1,1,"c.krb5_cc_get_principal","context"],[145,1,1,"c.krb5_cc_get_principal","principal"]],krb5_cc_get_type:[[146,1,1,"c.krb5_cc_get_type","cache"],[146,1,1,"c.krb5_cc_get_type","context"]],krb5_cc_initialize:[[147,1,1,"c.krb5_cc_initialize","cache"],[147,1,1,"c.krb5_cc_initialize","context"],[147,1,1,"c.krb5_cc_initialize","principal"]],krb5_cc_move:[[148,1,1,"c.krb5_cc_move","context"],[148,1,1,"c.krb5_cc_move","dst"],[148,1,1,"c.krb5_cc_move","src"]],krb5_cc_new_unique:[[149,1,1,"c.krb5_cc_new_unique","context"],[149,1,1,"c.krb5_cc_new_unique","hint"],[149,1,1,"c.krb5_cc_new_unique","id"],[149,1,1,"c.krb5_cc_new_unique","type"]],krb5_cc_next_cred:[[150,1,1,"c.krb5_cc_next_cred","cache"],[150,1,1,"c.krb5_cc_next_cred","context"],[150,1,1,"c.krb5_cc_next_cred","creds"],[150,1,1,"c.krb5_cc_next_cred","cursor"]],krb5_cc_remove_cred:[[151,1,1,"c.krb5_cc_remove_cred","cache"],[151,1,1,"c.krb5_cc_remove_cred","context"],[151,1,1,"c.krb5_cc_remove_cred","creds"],[151,1,1,"c.krb5_cc_remove_cred","flags"]],krb5_cc_resolve:[[152,1,1,"c.krb5_cc_resolve","cache"],[152,1,1,"c.krb5_cc_resolve","context"],[152,1,1,"c.krb5_cc_resolve","name"]],krb5_cc_retrieve_cred:[[153,1,1,"c.krb5_cc_retrieve_cred","cache"],[153,1,1,"c.krb5_cc_retrieve_cred","context"],[153,1,1,"c.krb5_cc_retrieve_cred","creds"],[153,1,1,"c.krb5_cc_retrieve_cred","flags"],[153,1,1,"c.krb5_cc_retrieve_cred","mcreds"]],krb5_cc_select:[[154,1,1,"c.krb5_cc_select","cache_out"],[154,1,1,"c.krb5_cc_select","context"],[154,1,1,"c.krb5_cc_select","princ_out"],[154,1,1,"c.krb5_cc_select","server"]],krb5_cc_set_config:[[155,1,1,"c.krb5_cc_set_config","context"],[155,1,1,"c.krb5_cc_set_config","data"],[155,1,1,"c.krb5_cc_set_config","id"],[155,1,1,"c.krb5_cc_set_config","key"],[155,1,1,"c.krb5_cc_set_config","principal"]],krb5_cc_set_default_name:[[156,1,1,"c.krb5_cc_set_default_name","context"],[156,1,1,"c.krb5_cc_set_default_name","name"]],krb5_cc_set_flags:[[157,1,1,"c.krb5_cc_set_flags","cache"],[157,1,1,"c.krb5_cc_set_flags","context"],[157,1,1,"c.krb5_cc_set_flags","flags"]],krb5_cc_start_seq_get:[[158,1,1,"c.krb5_cc_start_seq_get","cache"],[158,1,1,"c.krb5_cc_start_seq_get","context"],[158,1,1,"c.krb5_cc_start_seq_get","cursor"]],krb5_cc_store_cred:[[159,1,1,"c.krb5_cc_store_cred","cache"],[159,1,1,"c.krb5_cc_store_cred","context"],[159,1,1,"c.krb5_cc_store_cred","creds"]],krb5_cc_support_switch:[[160,1,1,"c.krb5_cc_support_switch","context"],[160,1,1,"c.krb5_cc_support_switch","type"]],krb5_cc_switch:[[161,1,1,"c.krb5_cc_switch","cache"],[161,1,1,"c.krb5_cc_switch","context"]],krb5_cccol_cursor_free:[[162,1,1,"c.krb5_cccol_cursor_free","context"],[162,1,1,"c.krb5_cccol_cursor_free","cursor"]],krb5_cccol_cursor_new:[[163,1,1,"c.krb5_cccol_cursor_new","context"],[163,1,1,"c.krb5_cccol_cursor_new","cursor"]],krb5_cccol_cursor_next:[[164,1,1,"c.krb5_cccol_cursor_next","ccache"],[164,1,1,"c.krb5_cccol_cursor_next","context"],[164,1,1,"c.krb5_cccol_cursor_next","cursor"]],krb5_cccol_have_content:[[165,1,1,"c.krb5_cccol_have_content","context"]],krb5_change_password:[[166,1,1,"c.krb5_change_password","context"],[166,1,1,"c.krb5_change_password","creds"],[166,1,1,"c.krb5_change_password","newpw"],[166,1,1,"c.krb5_change_password","result_code"],[166,1,1,"c.krb5_change_password","result_code_string"],[166,1,1,"c.krb5_change_password","result_string"]],krb5_check_clockskew:[[167,1,1,"c.krb5_check_clockskew","context"],[167,1,1,"c.krb5_check_clockskew","date"]],krb5_checksum:[[818,3,1,"c.krb5_checksum.checksum_type","checksum_type"],[818,3,1,"c.krb5_checksum.contents","contents"],[818,3,1,"c.krb5_checksum.length","length"],[818,3,1,"c.krb5_checksum.magic","magic"]],krb5_checksum_size:[[168,1,1,"c.krb5_checksum_size","context"],[168,1,1,"c.krb5_checksum_size","ctype"]],krb5_chpw_message:[[169,1,1,"c.krb5_chpw_message","context"],[169,1,1,"c.krb5_chpw_message","message_out"],[169,1,1,"c.krb5_chpw_message","server_string"]],krb5_cksumtype_to_string:[[170,1,1,"c.krb5_cksumtype_to_string","buffer"],[170,1,1,"c.krb5_cksumtype_to_string","buflen"],[170,1,1,"c.krb5_cksumtype_to_string","cksumtype"]],krb5_clear_error_message:[[171,1,1,"c.krb5_clear_error_message","ctx"]],krb5_const_principal:[[821,3,1,"c.krb5_const_principal.data","data"],[821,3,1,"c.krb5_const_principal.length","length"],[821,3,1,"c.krb5_const_principal.magic","magic"],[821,3,1,"c.krb5_const_principal.realm","realm"],[821,3,1,"c.krb5_const_principal.type","type"]],krb5_copy_addresses:[[172,1,1,"c.krb5_copy_addresses","context"],[172,1,1,"c.krb5_copy_addresses","inaddr"],[172,1,1,"c.krb5_copy_addresses","outaddr"]],krb5_copy_authdata:[[173,1,1,"c.krb5_copy_authdata","context"],[173,1,1,"c.krb5_copy_authdata","in_authdat"],[173,1,1,"c.krb5_copy_authdata","out"]],krb5_copy_authenticator:[[174,1,1,"c.krb5_copy_authenticator","authfrom"],[174,1,1,"c.krb5_copy_authenticator","authto"],[174,1,1,"c.krb5_copy_authenticator","context"]],krb5_copy_checksum:[[175,1,1,"c.krb5_copy_checksum","ckfrom"],[175,1,1,"c.krb5_copy_checksum","ckto"],[175,1,1,"c.krb5_copy_checksum","context"]],krb5_copy_context:[[176,1,1,"c.krb5_copy_context","ctx"],[176,1,1,"c.krb5_copy_context","nctx_out"]],krb5_copy_creds:[[177,1,1,"c.krb5_copy_creds","context"],[177,1,1,"c.krb5_copy_creds","incred"],[177,1,1,"c.krb5_copy_creds","outcred"]],krb5_copy_data:[[178,1,1,"c.krb5_copy_data","context"],[178,1,1,"c.krb5_copy_data","indata"],[178,1,1,"c.krb5_copy_data","outdata"]],krb5_copy_error_message:[[179,1,1,"c.krb5_copy_error_message","dest_ctx"],[179,1,1,"c.krb5_copy_error_message","src_ctx"]],krb5_copy_keyblock:[[180,1,1,"c.krb5_copy_keyblock","context"],[180,1,1,"c.krb5_copy_keyblock","from"],[180,1,1,"c.krb5_copy_keyblock","to"]],krb5_copy_keyblock_contents:[[181,1,1,"c.krb5_copy_keyblock_contents","context"],[181,1,1,"c.krb5_copy_keyblock_contents","from"],[181,1,1,"c.krb5_copy_keyblock_contents","to"]],krb5_copy_principal:[[182,1,1,"c.krb5_copy_principal","context"],[182,1,1,"c.krb5_copy_principal","inprinc"],[182,1,1,"c.krb5_copy_principal","outprinc"]],krb5_copy_ticket:[[183,1,1,"c.krb5_copy_ticket","context"],[183,1,1,"c.krb5_copy_ticket","from"],[183,1,1,"c.krb5_copy_ticket","pto"]],krb5_cred:[[823,3,1,"c.krb5_cred.enc_part","enc_part"],[823,3,1,"c.krb5_cred.enc_part2","enc_part2"],[823,3,1,"c.krb5_cred.magic","magic"],[823,3,1,"c.krb5_cred.tickets","tickets"]],krb5_cred_enc_part:[[824,3,1,"c.krb5_cred_enc_part.magic","magic"],[824,3,1,"c.krb5_cred_enc_part.nonce","nonce"],[824,3,1,"c.krb5_cred_enc_part.r_address","r_address"],[824,3,1,"c.krb5_cred_enc_part.s_address","s_address"],[824,3,1,"c.krb5_cred_enc_part.ticket_info","ticket_info"],[824,3,1,"c.krb5_cred_enc_part.timestamp","timestamp"],[824,3,1,"c.krb5_cred_enc_part.usec","usec"]],krb5_cred_info:[[825,3,1,"c.krb5_cred_info.caddrs","caddrs"],[825,3,1,"c.krb5_cred_info.client","client"],[825,3,1,"c.krb5_cred_info.flags","flags"],[825,3,1,"c.krb5_cred_info.magic","magic"],[825,3,1,"c.krb5_cred_info.server","server"],[825,3,1,"c.krb5_cred_info.session","session"],[825,3,1,"c.krb5_cred_info.times","times"]],krb5_creds:[[826,3,1,"c.krb5_creds.addresses","addresses"],[826,3,1,"c.krb5_creds.authdata","authdata"],[826,3,1,"c.krb5_creds.client","client"],[826,3,1,"c.krb5_creds.is_skey","is_skey"],[826,3,1,"c.krb5_creds.keyblock","keyblock"],[826,3,1,"c.krb5_creds.magic","magic"],[826,3,1,"c.krb5_creds.second_ticket","second_ticket"],[826,3,1,"c.krb5_creds.server","server"],[826,3,1,"c.krb5_creds.ticket","ticket"],[826,3,1,"c.krb5_creds.ticket_flags","ticket_flags"],[826,3,1,"c.krb5_creds.times","times"]],krb5_crypto_iov:[[827,3,1,"c.krb5_crypto_iov.data","data"],[827,3,1,"c.krb5_crypto_iov.flags","flags"]],krb5_data:[[829,3,1,"c.krb5_data.data","data"],[829,3,1,"c.krb5_data.length","length"],[829,3,1,"c.krb5_data.magic","magic"]],krb5_decode_authdata_container:[[184,1,1,"c.krb5_decode_authdata_container","authdata"],[184,1,1,"c.krb5_decode_authdata_container","container"],[184,1,1,"c.krb5_decode_authdata_container","context"],[184,1,1,"c.krb5_decode_authdata_container","type"]],krb5_decode_ticket:[[185,1,1,"c.krb5_decode_ticket","code"],[185,1,1,"c.krb5_decode_ticket","rep"]],krb5_decrypt:[[186,1,1,"c.krb5_decrypt","context"],[186,1,1,"c.krb5_decrypt","eblock"],[186,1,1,"c.krb5_decrypt","inptr"],[186,1,1,"c.krb5_decrypt","ivec"],[186,1,1,"c.krb5_decrypt","outptr"],[186,1,1,"c.krb5_decrypt","size"]],krb5_deltat_to_string:[[187,1,1,"c.krb5_deltat_to_string","buffer"],[187,1,1,"c.krb5_deltat_to_string","buflen"],[187,1,1,"c.krb5_deltat_to_string","deltat"]],krb5_eblock_enctype:[[188,1,1,"c.krb5_eblock_enctype","context"],[188,1,1,"c.krb5_eblock_enctype","eblock"]],krb5_enc_data:[[831,3,1,"c.krb5_enc_data.ciphertext","ciphertext"],[831,3,1,"c.krb5_enc_data.enctype","enctype"],[831,3,1,"c.krb5_enc_data.kvno","kvno"],[831,3,1,"c.krb5_enc_data.magic","magic"]],krb5_enc_kdc_rep_part:[[832,3,1,"c.krb5_enc_kdc_rep_part.caddrs","caddrs"],[832,3,1,"c.krb5_enc_kdc_rep_part.enc_padata","enc_padata"],[832,3,1,"c.krb5_enc_kdc_rep_part.flags","flags"],[832,3,1,"c.krb5_enc_kdc_rep_part.key_exp","key_exp"],[832,3,1,"c.krb5_enc_kdc_rep_part.last_req","last_req"],[832,3,1,"c.krb5_enc_kdc_rep_part.magic","magic"],[832,3,1,"c.krb5_enc_kdc_rep_part.msg_type","msg_type"],[832,3,1,"c.krb5_enc_kdc_rep_part.nonce","nonce"],[832,3,1,"c.krb5_enc_kdc_rep_part.server","server"],[832,3,1,"c.krb5_enc_kdc_rep_part.session","session"],[832,3,1,"c.krb5_enc_kdc_rep_part.times","times"]],krb5_enc_tkt_part:[[833,3,1,"c.krb5_enc_tkt_part.authorization_data","authorization_data"],[833,3,1,"c.krb5_enc_tkt_part.caddrs","caddrs"],[833,3,1,"c.krb5_enc_tkt_part.client","client"],[833,3,1,"c.krb5_enc_tkt_part.flags","flags"],[833,3,1,"c.krb5_enc_tkt_part.magic","magic"],[833,3,1,"c.krb5_enc_tkt_part.session","session"],[833,3,1,"c.krb5_enc_tkt_part.times","times"],[833,3,1,"c.krb5_enc_tkt_part.transited","transited"]],krb5_encode_authdata_container:[[189,1,1,"c.krb5_encode_authdata_container","authdata"],[189,1,1,"c.krb5_encode_authdata_container","container"],[189,1,1,"c.krb5_encode_authdata_container","context"],[189,1,1,"c.krb5_encode_authdata_container","type"]],krb5_encrypt:[[190,1,1,"c.krb5_encrypt","context"],[190,1,1,"c.krb5_encrypt","eblock"],[190,1,1,"c.krb5_encrypt","inptr"],[190,1,1,"c.krb5_encrypt","ivec"],[190,1,1,"c.krb5_encrypt","outptr"],[190,1,1,"c.krb5_encrypt","size"]],krb5_encrypt_block:[[834,3,1,"c.krb5_encrypt_block.crypto_entry","crypto_entry"],[834,3,1,"c.krb5_encrypt_block.key","key"],[834,3,1,"c.krb5_encrypt_block.magic","magic"]],krb5_encrypt_size:[[191,1,1,"c.krb5_encrypt_size","crypto"],[191,1,1,"c.krb5_encrypt_size","length"]],krb5_enctype_to_name:[[192,1,1,"c.krb5_enctype_to_name","buffer"],[192,1,1,"c.krb5_enctype_to_name","buflen"],[192,1,1,"c.krb5_enctype_to_name","enctype"],[192,1,1,"c.krb5_enctype_to_name","shortest"]],krb5_enctype_to_string:[[193,1,1,"c.krb5_enctype_to_string","buffer"],[193,1,1,"c.krb5_enctype_to_string","buflen"],[193,1,1,"c.krb5_enctype_to_string","enctype"]],krb5_error:[[836,3,1,"c.krb5_error.client","client"],[836,3,1,"c.krb5_error.ctime","ctime"],[836,3,1,"c.krb5_error.cusec","cusec"],[836,3,1,"c.krb5_error.e_data","e_data"],[836,3,1,"c.krb5_error.error","error"],[836,3,1,"c.krb5_error.magic","magic"],[836,3,1,"c.krb5_error.server","server"],[836,3,1,"c.krb5_error.stime","stime"],[836,3,1,"c.krb5_error.susec","susec"],[836,3,1,"c.krb5_error.text","text"]],krb5_expand_hostname:[[194,1,1,"c.krb5_expand_hostname","canonhost_out"],[194,1,1,"c.krb5_expand_hostname","context"],[194,1,1,"c.krb5_expand_hostname","host"]],krb5_find_authdata:[[195,1,1,"c.krb5_find_authdata","ad_type"],[195,1,1,"c.krb5_find_authdata","ap_req_authdata"],[195,1,1,"c.krb5_find_authdata","context"],[195,1,1,"c.krb5_find_authdata","results"],[195,1,1,"c.krb5_find_authdata","ticket_authdata"]],krb5_finish_key:[[196,1,1,"c.krb5_finish_key","context"],[196,1,1,"c.krb5_finish_key","eblock"]],krb5_finish_random_key:[[197,1,1,"c.krb5_finish_random_key","context"],[197,1,1,"c.krb5_finish_random_key","eblock"],[197,1,1,"c.krb5_finish_random_key","ptr"]],krb5_free_addresses:[[198,1,1,"c.krb5_free_addresses","context"],[198,1,1,"c.krb5_free_addresses","val"]],krb5_free_ap_rep_enc_part:[[199,1,1,"c.krb5_free_ap_rep_enc_part","context"],[199,1,1,"c.krb5_free_ap_rep_enc_part","val"]],krb5_free_authdata:[[200,1,1,"c.krb5_free_authdata","context"],[200,1,1,"c.krb5_free_authdata","val"]],krb5_free_authenticator:[[201,1,1,"c.krb5_free_authenticator","context"],[201,1,1,"c.krb5_free_authenticator","val"]],krb5_free_checksum:[[202,1,1,"c.krb5_free_checksum","context"],[202,1,1,"c.krb5_free_checksum","val"]],krb5_free_checksum_contents:[[203,1,1,"c.krb5_free_checksum_contents","context"],[203,1,1,"c.krb5_free_checksum_contents","val"]],krb5_free_cksumtypes:[[204,1,1,"c.krb5_free_cksumtypes","context"],[204,1,1,"c.krb5_free_cksumtypes","val"]],krb5_free_context:[[205,1,1,"c.krb5_free_context","context"]],krb5_free_cred_contents:[[206,1,1,"c.krb5_free_cred_contents","context"],[206,1,1,"c.krb5_free_cred_contents","val"]],krb5_free_creds:[[207,1,1,"c.krb5_free_creds","context"],[207,1,1,"c.krb5_free_creds","val"]],krb5_free_data:[[208,1,1,"c.krb5_free_data","context"],[208,1,1,"c.krb5_free_data","val"]],krb5_free_data_contents:[[209,1,1,"c.krb5_free_data_contents","context"],[209,1,1,"c.krb5_free_data_contents","val"]],krb5_free_default_realm:[[210,1,1,"c.krb5_free_default_realm","context"],[210,1,1,"c.krb5_free_default_realm","lrealm"]],krb5_free_enctypes:[[211,1,1,"c.krb5_free_enctypes","context"],[211,1,1,"c.krb5_free_enctypes","val"]],krb5_free_error:[[212,1,1,"c.krb5_free_error","context"],[212,1,1,"c.krb5_free_error","val"]],krb5_free_error_message:[[213,1,1,"c.krb5_free_error_message","ctx"],[213,1,1,"c.krb5_free_error_message","msg"]],krb5_free_host_realm:[[214,1,1,"c.krb5_free_host_realm","context"],[214,1,1,"c.krb5_free_host_realm","realmlist"]],krb5_free_keyblock:[[215,1,1,"c.krb5_free_keyblock","context"],[215,1,1,"c.krb5_free_keyblock","val"]],krb5_free_keyblock_contents:[[216,1,1,"c.krb5_free_keyblock_contents","context"],[216,1,1,"c.krb5_free_keyblock_contents","key"]],krb5_free_keytab_entry_contents:[[217,1,1,"c.krb5_free_keytab_entry_contents","context"],[217,1,1,"c.krb5_free_keytab_entry_contents","entry"]],krb5_free_principal:[[218,1,1,"c.krb5_free_principal","context"],[218,1,1,"c.krb5_free_principal","val"]],krb5_free_string:[[219,1,1,"c.krb5_free_string","context"],[219,1,1,"c.krb5_free_string","val"]],krb5_free_tgt_creds:[[220,1,1,"c.krb5_free_tgt_creds","context"],[220,1,1,"c.krb5_free_tgt_creds","tgts"]],krb5_free_ticket:[[221,1,1,"c.krb5_free_ticket","context"],[221,1,1,"c.krb5_free_ticket","val"]],krb5_free_unparsed_name:[[222,1,1,"c.krb5_free_unparsed_name","context"],[222,1,1,"c.krb5_free_unparsed_name","val"]],krb5_fwd_tgt_creds:[[223,1,1,"c.krb5_fwd_tgt_creds","auth_context"],[223,1,1,"c.krb5_fwd_tgt_creds","cc"],[223,1,1,"c.krb5_fwd_tgt_creds","client"],[223,1,1,"c.krb5_fwd_tgt_creds","context"],[223,1,1,"c.krb5_fwd_tgt_creds","forwardable"],[223,1,1,"c.krb5_fwd_tgt_creds","outbuf"],[223,1,1,"c.krb5_fwd_tgt_creds","rhost"],[223,1,1,"c.krb5_fwd_tgt_creds","server"]],krb5_get_credentials:[[224,1,1,"c.krb5_get_credentials","ccache"],[224,1,1,"c.krb5_get_credentials","context"],[224,1,1,"c.krb5_get_credentials","in_creds"],[224,1,1,"c.krb5_get_credentials","options"],[224,1,1,"c.krb5_get_credentials","out_creds"]],krb5_get_credentials_renew:[[225,1,1,"c.krb5_get_credentials_renew","ccache"],[225,1,1,"c.krb5_get_credentials_renew","context"],[225,1,1,"c.krb5_get_credentials_renew","in_creds"],[225,1,1,"c.krb5_get_credentials_renew","options"],[225,1,1,"c.krb5_get_credentials_renew","out_creds"]],krb5_get_credentials_validate:[[226,1,1,"c.krb5_get_credentials_validate","ccache"],[226,1,1,"c.krb5_get_credentials_validate","context"],[226,1,1,"c.krb5_get_credentials_validate","in_creds"],[226,1,1,"c.krb5_get_credentials_validate","options"],[226,1,1,"c.krb5_get_credentials_validate","out_creds"]],krb5_get_default_realm:[[227,1,1,"c.krb5_get_default_realm","context"],[227,1,1,"c.krb5_get_default_realm","lrealm"]],krb5_get_error_message:[[228,1,1,"c.krb5_get_error_message","code"],[228,1,1,"c.krb5_get_error_message","ctx"]],krb5_get_etype_info:[[229,1,1,"c.krb5_get_etype_info","context"],[229,1,1,"c.krb5_get_etype_info","enctype_out"],[229,1,1,"c.krb5_get_etype_info","opt"],[229,1,1,"c.krb5_get_etype_info","principal"],[229,1,1,"c.krb5_get_etype_info","s2kparams_out"],[229,1,1,"c.krb5_get_etype_info","salt_out"]],krb5_get_fallback_host_realm:[[230,1,1,"c.krb5_get_fallback_host_realm","context"],[230,1,1,"c.krb5_get_fallback_host_realm","hdata"],[230,1,1,"c.krb5_get_fallback_host_realm","realmsp"]],krb5_get_host_realm:[[231,1,1,"c.krb5_get_host_realm","context"],[231,1,1,"c.krb5_get_host_realm","host"],[231,1,1,"c.krb5_get_host_realm","realmsp"]],krb5_get_in_tkt_with_keytab:[[232,1,1,"c.krb5_get_in_tkt_with_keytab","addrs"],[232,1,1,"c.krb5_get_in_tkt_with_keytab","arg_keytab"],[232,1,1,"c.krb5_get_in_tkt_with_keytab","ccache"],[232,1,1,"c.krb5_get_in_tkt_with_keytab","context"],[232,1,1,"c.krb5_get_in_tkt_with_keytab","creds"],[232,1,1,"c.krb5_get_in_tkt_with_keytab","ktypes"],[232,1,1,"c.krb5_get_in_tkt_with_keytab","options"],[232,1,1,"c.krb5_get_in_tkt_with_keytab","pre_auth_types"],[232,1,1,"c.krb5_get_in_tkt_with_keytab","ret_as_reply"]],krb5_get_in_tkt_with_password:[[233,1,1,"c.krb5_get_in_tkt_with_password","addrs"],[233,1,1,"c.krb5_get_in_tkt_with_password","ccache"],[233,1,1,"c.krb5_get_in_tkt_with_password","context"],[233,1,1,"c.krb5_get_in_tkt_with_password","creds"],[233,1,1,"c.krb5_get_in_tkt_with_password","ktypes"],[233,1,1,"c.krb5_get_in_tkt_with_password","options"],[233,1,1,"c.krb5_get_in_tkt_with_password","password"],[233,1,1,"c.krb5_get_in_tkt_with_password","pre_auth_types"],[233,1,1,"c.krb5_get_in_tkt_with_password","ret_as_reply"]],krb5_get_in_tkt_with_skey:[[234,1,1,"c.krb5_get_in_tkt_with_skey","addrs"],[234,1,1,"c.krb5_get_in_tkt_with_skey","ccache"],[234,1,1,"c.krb5_get_in_tkt_with_skey","context"],[234,1,1,"c.krb5_get_in_tkt_with_skey","creds"],[234,1,1,"c.krb5_get_in_tkt_with_skey","key"],[234,1,1,"c.krb5_get_in_tkt_with_skey","ktypes"],[234,1,1,"c.krb5_get_in_tkt_with_skey","options"],[234,1,1,"c.krb5_get_in_tkt_with_skey","pre_auth_types"],[234,1,1,"c.krb5_get_in_tkt_with_skey","ret_as_reply"]],krb5_get_init_creds_keytab:[[235,1,1,"c.krb5_get_init_creds_keytab","arg_keytab"],[235,1,1,"c.krb5_get_init_creds_keytab","client"],[235,1,1,"c.krb5_get_init_creds_keytab","context"],[235,1,1,"c.krb5_get_init_creds_keytab","creds"],[235,1,1,"c.krb5_get_init_creds_keytab","in_tkt_service"],[235,1,1,"c.krb5_get_init_creds_keytab","k5_gic_options"],[235,1,1,"c.krb5_get_init_creds_keytab","start_time"]],krb5_get_init_creds_opt:[[840,3,1,"c.krb5_get_init_creds_opt.address_list","address_list"],[840,3,1,"c.krb5_get_init_creds_opt.etype_list","etype_list"],[840,3,1,"c.krb5_get_init_creds_opt.etype_list_length","etype_list_length"],[840,3,1,"c.krb5_get_init_creds_opt.flags","flags"],[840,3,1,"c.krb5_get_init_creds_opt.forwardable","forwardable"],[840,3,1,"c.krb5_get_init_creds_opt.preauth_list","preauth_list"],[840,3,1,"c.krb5_get_init_creds_opt.preauth_list_length","preauth_list_length"],[840,3,1,"c.krb5_get_init_creds_opt.proxiable","proxiable"],[840,3,1,"c.krb5_get_init_creds_opt.renew_life","renew_life"],[840,3,1,"c.krb5_get_init_creds_opt.salt","salt"],[840,3,1,"c.krb5_get_init_creds_opt.tkt_life","tkt_life"]],krb5_get_init_creds_opt_alloc:[[236,1,1,"c.krb5_get_init_creds_opt_alloc","context"],[236,1,1,"c.krb5_get_init_creds_opt_alloc","opt"]],krb5_get_init_creds_opt_free:[[237,1,1,"c.krb5_get_init_creds_opt_free","context"],[237,1,1,"c.krb5_get_init_creds_opt_free","opt"]],krb5_get_init_creds_opt_get_fast_flags:[[238,1,1,"c.krb5_get_init_creds_opt_get_fast_flags","context"],[238,1,1,"c.krb5_get_init_creds_opt_get_fast_flags","opt"],[238,1,1,"c.krb5_get_init_creds_opt_get_fast_flags","out_flags"]],krb5_get_init_creds_opt_init:[[239,1,1,"c.krb5_get_init_creds_opt_init","opt"]],krb5_get_init_creds_opt_set_address_list:[[240,1,1,"c.krb5_get_init_creds_opt_set_address_list","addresses"],[240,1,1,"c.krb5_get_init_creds_opt_set_address_list","opt"]],krb5_get_init_creds_opt_set_anonymous:[[241,1,1,"c.krb5_get_init_creds_opt_set_anonymous","anonymous"],[241,1,1,"c.krb5_get_init_creds_opt_set_anonymous","opt"]],krb5_get_init_creds_opt_set_canonicalize:[[242,1,1,"c.krb5_get_init_creds_opt_set_canonicalize","canonicalize"],[242,1,1,"c.krb5_get_init_creds_opt_set_canonicalize","opt"]],krb5_get_init_creds_opt_set_change_password_prompt:[[243,1,1,"c.krb5_get_init_creds_opt_set_change_password_prompt","opt"],[243,1,1,"c.krb5_get_init_creds_opt_set_change_password_prompt","prompt"]],krb5_get_init_creds_opt_set_etype_list:[[244,1,1,"c.krb5_get_init_creds_opt_set_etype_list","etype_list"],[244,1,1,"c.krb5_get_init_creds_opt_set_etype_list","etype_list_length"],[244,1,1,"c.krb5_get_init_creds_opt_set_etype_list","opt"]],krb5_get_init_creds_opt_set_expire_callback:[[245,1,1,"c.krb5_get_init_creds_opt_set_expire_callback","cb"],[245,1,1,"c.krb5_get_init_creds_opt_set_expire_callback","context"],[245,1,1,"c.krb5_get_init_creds_opt_set_expire_callback","data"],[245,1,1,"c.krb5_get_init_creds_opt_set_expire_callback","opt"]],krb5_get_init_creds_opt_set_fast_ccache:[[246,1,1,"c.krb5_get_init_creds_opt_set_fast_ccache","ccache"],[246,1,1,"c.krb5_get_init_creds_opt_set_fast_ccache","context"],[246,1,1,"c.krb5_get_init_creds_opt_set_fast_ccache","opt"]],krb5_get_init_creds_opt_set_fast_ccache_name:[[247,1,1,"c.krb5_get_init_creds_opt_set_fast_ccache_name","context"],[247,1,1,"c.krb5_get_init_creds_opt_set_fast_ccache_name","fast_ccache_name"],[247,1,1,"c.krb5_get_init_creds_opt_set_fast_ccache_name","opt"]],krb5_get_init_creds_opt_set_fast_flags:[[248,1,1,"c.krb5_get_init_creds_opt_set_fast_flags","context"],[248,1,1,"c.krb5_get_init_creds_opt_set_fast_flags","flags"],[248,1,1,"c.krb5_get_init_creds_opt_set_fast_flags","opt"]],krb5_get_init_creds_opt_set_forwardable:[[249,1,1,"c.krb5_get_init_creds_opt_set_forwardable","forwardable"],[249,1,1,"c.krb5_get_init_creds_opt_set_forwardable","opt"]],krb5_get_init_creds_opt_set_in_ccache:[[250,1,1,"c.krb5_get_init_creds_opt_set_in_ccache","ccache"],[250,1,1,"c.krb5_get_init_creds_opt_set_in_ccache","context"],[250,1,1,"c.krb5_get_init_creds_opt_set_in_ccache","opt"]],krb5_get_init_creds_opt_set_out_ccache:[[251,1,1,"c.krb5_get_init_creds_opt_set_out_ccache","ccache"],[251,1,1,"c.krb5_get_init_creds_opt_set_out_ccache","context"],[251,1,1,"c.krb5_get_init_creds_opt_set_out_ccache","opt"]],krb5_get_init_creds_opt_set_pa:[[252,1,1,"c.krb5_get_init_creds_opt_set_pa","attr"],[252,1,1,"c.krb5_get_init_creds_opt_set_pa","context"],[252,1,1,"c.krb5_get_init_creds_opt_set_pa","opt"],[252,1,1,"c.krb5_get_init_creds_opt_set_pa","value"]],krb5_get_init_creds_opt_set_pac_request:[[253,1,1,"c.krb5_get_init_creds_opt_set_pac_request","context"],[253,1,1,"c.krb5_get_init_creds_opt_set_pac_request","opt"],[253,1,1,"c.krb5_get_init_creds_opt_set_pac_request","req_pac"]],krb5_get_init_creds_opt_set_preauth_list:[[254,1,1,"c.krb5_get_init_creds_opt_set_preauth_list","opt"],[254,1,1,"c.krb5_get_init_creds_opt_set_preauth_list","preauth_list"],[254,1,1,"c.krb5_get_init_creds_opt_set_preauth_list","preauth_list_length"]],krb5_get_init_creds_opt_set_proxiable:[[255,1,1,"c.krb5_get_init_creds_opt_set_proxiable","opt"],[255,1,1,"c.krb5_get_init_creds_opt_set_proxiable","proxiable"]],krb5_get_init_creds_opt_set_renew_life:[[256,1,1,"c.krb5_get_init_creds_opt_set_renew_life","opt"],[256,1,1,"c.krb5_get_init_creds_opt_set_renew_life","renew_life"]],krb5_get_init_creds_opt_set_responder:[[257,1,1,"c.krb5_get_init_creds_opt_set_responder","context"],[257,1,1,"c.krb5_get_init_creds_opt_set_responder","data"],[257,1,1,"c.krb5_get_init_creds_opt_set_responder","opt"],[257,1,1,"c.krb5_get_init_creds_opt_set_responder","responder"]],krb5_get_init_creds_opt_set_salt:[[258,1,1,"c.krb5_get_init_creds_opt_set_salt","opt"],[258,1,1,"c.krb5_get_init_creds_opt_set_salt","salt"]],krb5_get_init_creds_opt_set_tkt_life:[[259,1,1,"c.krb5_get_init_creds_opt_set_tkt_life","opt"],[259,1,1,"c.krb5_get_init_creds_opt_set_tkt_life","tkt_life"]],krb5_get_init_creds_password:[[260,1,1,"c.krb5_get_init_creds_password","client"],[260,1,1,"c.krb5_get_init_creds_password","context"],[260,1,1,"c.krb5_get_init_creds_password","creds"],[260,1,1,"c.krb5_get_init_creds_password","data"],[260,1,1,"c.krb5_get_init_creds_password","in_tkt_service"],[260,1,1,"c.krb5_get_init_creds_password","k5_gic_options"],[260,1,1,"c.krb5_get_init_creds_password","password"],[260,1,1,"c.krb5_get_init_creds_password","prompter"],[260,1,1,"c.krb5_get_init_creds_password","start_time"]],krb5_get_permitted_enctypes:[[261,1,1,"c.krb5_get_permitted_enctypes","context"],[261,1,1,"c.krb5_get_permitted_enctypes","ktypes"]],krb5_get_profile:[[262,1,1,"c.krb5_get_profile","context"],[262,1,1,"c.krb5_get_profile","profile"]],krb5_get_prompt_types:[[263,1,1,"c.krb5_get_prompt_types","context"]],krb5_get_renewed_creds:[[264,1,1,"c.krb5_get_renewed_creds","ccache"],[264,1,1,"c.krb5_get_renewed_creds","client"],[264,1,1,"c.krb5_get_renewed_creds","context"],[264,1,1,"c.krb5_get_renewed_creds","creds"],[264,1,1,"c.krb5_get_renewed_creds","in_tkt_service"]],krb5_get_server_rcache:[[265,1,1,"c.krb5_get_server_rcache","context"],[265,1,1,"c.krb5_get_server_rcache","piece"],[265,1,1,"c.krb5_get_server_rcache","rcptr"]],krb5_get_time_offsets:[[266,1,1,"c.krb5_get_time_offsets","context"],[266,1,1,"c.krb5_get_time_offsets","microseconds"],[266,1,1,"c.krb5_get_time_offsets","seconds"]],krb5_get_validated_creds:[[267,1,1,"c.krb5_get_validated_creds","ccache"],[267,1,1,"c.krb5_get_validated_creds","client"],[267,1,1,"c.krb5_get_validated_creds","context"],[267,1,1,"c.krb5_get_validated_creds","creds"],[267,1,1,"c.krb5_get_validated_creds","in_tkt_service"]],krb5_gic_opt_pa_data:[[841,3,1,"c.krb5_gic_opt_pa_data.attr","attr"],[841,3,1,"c.krb5_gic_opt_pa_data.value","value"]],krb5_init_context:[[268,1,1,"c.krb5_init_context","context"]],krb5_init_context_profile:[[269,1,1,"c.krb5_init_context_profile","context"],[269,1,1,"c.krb5_init_context_profile","flags"],[269,1,1,"c.krb5_init_context_profile","profile"]],krb5_init_creds_free:[[270,1,1,"c.krb5_init_creds_free","context"],[270,1,1,"c.krb5_init_creds_free","ctx"]],krb5_init_creds_get:[[271,1,1,"c.krb5_init_creds_get","context"],[271,1,1,"c.krb5_init_creds_get","ctx"]],krb5_init_creds_get_creds:[[272,1,1,"c.krb5_init_creds_get_creds","context"],[272,1,1,"c.krb5_init_creds_get_creds","creds"],[272,1,1,"c.krb5_init_creds_get_creds","ctx"]],krb5_init_creds_get_error:[[273,1,1,"c.krb5_init_creds_get_error","context"],[273,1,1,"c.krb5_init_creds_get_error","ctx"],[273,1,1,"c.krb5_init_creds_get_error","error"]],krb5_init_creds_get_times:[[274,1,1,"c.krb5_init_creds_get_times","context"],[274,1,1,"c.krb5_init_creds_get_times","ctx"],[274,1,1,"c.krb5_init_creds_get_times","times"]],krb5_init_creds_init:[[275,1,1,"c.krb5_init_creds_init","client"],[275,1,1,"c.krb5_init_creds_init","context"],[275,1,1,"c.krb5_init_creds_init","ctx"],[275,1,1,"c.krb5_init_creds_init","data"],[275,1,1,"c.krb5_init_creds_init","options"],[275,1,1,"c.krb5_init_creds_init","prompter"],[275,1,1,"c.krb5_init_creds_init","start_time"]],krb5_init_creds_set_keytab:[[276,1,1,"c.krb5_init_creds_set_keytab","context"],[276,1,1,"c.krb5_init_creds_set_keytab","ctx"],[276,1,1,"c.krb5_init_creds_set_keytab","keytab"]],krb5_init_creds_set_password:[[277,1,1,"c.krb5_init_creds_set_password","context"],[277,1,1,"c.krb5_init_creds_set_password","ctx"],[277,1,1,"c.krb5_init_creds_set_password","password"]],krb5_init_creds_set_service:[[278,1,1,"c.krb5_init_creds_set_service","context"],[278,1,1,"c.krb5_init_creds_set_service","ctx"],[278,1,1,"c.krb5_init_creds_set_service","service"]],krb5_init_creds_step:[[279,1,1,"c.krb5_init_creds_step","context"],[279,1,1,"c.krb5_init_creds_step","ctx"],[279,1,1,"c.krb5_init_creds_step","flags"],[279,1,1,"c.krb5_init_creds_step","in"],[279,1,1,"c.krb5_init_creds_step","out"],[279,1,1,"c.krb5_init_creds_step","realm"]],krb5_init_keyblock:[[280,1,1,"c.krb5_init_keyblock","context"],[280,1,1,"c.krb5_init_keyblock","enctype"],[280,1,1,"c.krb5_init_keyblock","length"],[280,1,1,"c.krb5_init_keyblock","out"]],krb5_init_random_key:[[281,1,1,"c.krb5_init_random_key","context"],[281,1,1,"c.krb5_init_random_key","eblock"],[281,1,1,"c.krb5_init_random_key","keyblock"],[281,1,1,"c.krb5_init_random_key","ptr"]],krb5_init_secure_context:[[282,1,1,"c.krb5_init_secure_context","context"]],krb5_is_config_principal:[[283,1,1,"c.krb5_is_config_principal","context"],[283,1,1,"c.krb5_is_config_principal","principal"]],krb5_is_referral_realm:[[284,1,1,"c.krb5_is_referral_realm","r"]],krb5_is_thread_safe:[[285,1,1,"c.krb5_is_thread_safe","None"]],krb5_k_create_key:[[286,1,1,"c.krb5_k_create_key","context"],[286,1,1,"c.krb5_k_create_key","key_data"],[286,1,1,"c.krb5_k_create_key","out"]],krb5_k_decrypt:[[287,1,1,"c.krb5_k_decrypt","cipher_state"],[287,1,1,"c.krb5_k_decrypt","context"],[287,1,1,"c.krb5_k_decrypt","input"],[287,1,1,"c.krb5_k_decrypt","key"],[287,1,1,"c.krb5_k_decrypt","output"],[287,1,1,"c.krb5_k_decrypt","usage"]],krb5_k_decrypt_iov:[[288,1,1,"c.krb5_k_decrypt_iov","cipher_state"],[288,1,1,"c.krb5_k_decrypt_iov","context"],[288,1,1,"c.krb5_k_decrypt_iov","data"],[288,1,1,"c.krb5_k_decrypt_iov","key"],[288,1,1,"c.krb5_k_decrypt_iov","num_data"],[288,1,1,"c.krb5_k_decrypt_iov","usage"]],krb5_k_encrypt:[[289,1,1,"c.krb5_k_encrypt","cipher_state"],[289,1,1,"c.krb5_k_encrypt","context"],[289,1,1,"c.krb5_k_encrypt","input"],[289,1,1,"c.krb5_k_encrypt","key"],[289,1,1,"c.krb5_k_encrypt","output"],[289,1,1,"c.krb5_k_encrypt","usage"]],krb5_k_encrypt_iov:[[290,1,1,"c.krb5_k_encrypt_iov","cipher_state"],[290,1,1,"c.krb5_k_encrypt_iov","context"],[290,1,1,"c.krb5_k_encrypt_iov","data"],[290,1,1,"c.krb5_k_encrypt_iov","key"],[290,1,1,"c.krb5_k_encrypt_iov","num_data"],[290,1,1,"c.krb5_k_encrypt_iov","usage"]],krb5_k_free_key:[[291,1,1,"c.krb5_k_free_key","context"],[291,1,1,"c.krb5_k_free_key","key"]],krb5_k_key_enctype:[[292,1,1,"c.krb5_k_key_enctype","context"],[292,1,1,"c.krb5_k_key_enctype","key"]],krb5_k_key_keyblock:[[293,1,1,"c.krb5_k_key_keyblock","context"],[293,1,1,"c.krb5_k_key_keyblock","key"],[293,1,1,"c.krb5_k_key_keyblock","key_data"]],krb5_k_make_checksum:[[294,1,1,"c.krb5_k_make_checksum","cksum"],[294,1,1,"c.krb5_k_make_checksum","cksumtype"],[294,1,1,"c.krb5_k_make_checksum","context"],[294,1,1,"c.krb5_k_make_checksum","input"],[294,1,1,"c.krb5_k_make_checksum","key"],[294,1,1,"c.krb5_k_make_checksum","usage"]],krb5_k_make_checksum_iov:[[295,1,1,"c.krb5_k_make_checksum_iov","cksumtype"],[295,1,1,"c.krb5_k_make_checksum_iov","context"],[295,1,1,"c.krb5_k_make_checksum_iov","data"],[295,1,1,"c.krb5_k_make_checksum_iov","key"],[295,1,1,"c.krb5_k_make_checksum_iov","num_data"],[295,1,1,"c.krb5_k_make_checksum_iov","usage"]],krb5_k_prf:[[296,1,1,"c.krb5_k_prf","context"],[296,1,1,"c.krb5_k_prf","input"],[296,1,1,"c.krb5_k_prf","key"],[296,1,1,"c.krb5_k_prf","output"]],krb5_k_reference_key:[[297,1,1,"c.krb5_k_reference_key","context"],[297,1,1,"c.krb5_k_reference_key","key"]],krb5_k_verify_checksum:[[298,1,1,"c.krb5_k_verify_checksum","cksum"],[298,1,1,"c.krb5_k_verify_checksum","context"],[298,1,1,"c.krb5_k_verify_checksum","data"],[298,1,1,"c.krb5_k_verify_checksum","key"],[298,1,1,"c.krb5_k_verify_checksum","usage"],[298,1,1,"c.krb5_k_verify_checksum","valid"]],krb5_k_verify_checksum_iov:[[299,1,1,"c.krb5_k_verify_checksum_iov","cksumtype"],[299,1,1,"c.krb5_k_verify_checksum_iov","context"],[299,1,1,"c.krb5_k_verify_checksum_iov","data"],[299,1,1,"c.krb5_k_verify_checksum_iov","key"],[299,1,1,"c.krb5_k_verify_checksum_iov","num_data"],[299,1,1,"c.krb5_k_verify_checksum_iov","usage"],[299,1,1,"c.krb5_k_verify_checksum_iov","valid"]],krb5_kdc_rep:[[845,3,1,"c.krb5_kdc_rep.client","client"],[845,3,1,"c.krb5_kdc_rep.enc_part","enc_part"],[845,3,1,"c.krb5_kdc_rep.enc_part2","enc_part2"],[845,3,1,"c.krb5_kdc_rep.magic","magic"],[845,3,1,"c.krb5_kdc_rep.msg_type","msg_type"],[845,3,1,"c.krb5_kdc_rep.padata","padata"],[845,3,1,"c.krb5_kdc_rep.ticket","ticket"]],krb5_kdc_req:[[846,3,1,"c.krb5_kdc_req.addresses","addresses"],[846,3,1,"c.krb5_kdc_req.authorization_data","authorization_data"],[846,3,1,"c.krb5_kdc_req.client","client"],[846,3,1,"c.krb5_kdc_req.from","from"],[846,3,1,"c.krb5_kdc_req.kdc_options","kdc_options"],[846,3,1,"c.krb5_kdc_req.ktype","ktype"],[846,3,1,"c.krb5_kdc_req.magic","magic"],[846,3,1,"c.krb5_kdc_req.msg_type","msg_type"],[846,3,1,"c.krb5_kdc_req.nktypes","nktypes"],[846,3,1,"c.krb5_kdc_req.nonce","nonce"],[846,3,1,"c.krb5_kdc_req.padata","padata"],[846,3,1,"c.krb5_kdc_req.rtime","rtime"],[846,3,1,"c.krb5_kdc_req.second_ticket","second_ticket"],[846,3,1,"c.krb5_kdc_req.server","server"],[846,3,1,"c.krb5_kdc_req.till","till"],[846,3,1,"c.krb5_kdc_req.unenc_authdata","unenc_authdata"]],krb5_kdc_sign_ticket:[[300,1,1,"c.krb5_kdc_sign_ticket","client_princ"],[300,1,1,"c.krb5_kdc_sign_ticket","context"],[300,1,1,"c.krb5_kdc_sign_ticket","enc_tkt"],[300,1,1,"c.krb5_kdc_sign_ticket","pac"],[300,1,1,"c.krb5_kdc_sign_ticket","privsvr"],[300,1,1,"c.krb5_kdc_sign_ticket","server"],[300,1,1,"c.krb5_kdc_sign_ticket","server_princ"],[300,1,1,"c.krb5_kdc_sign_ticket","with_realm"]],krb5_kdc_verify_ticket:[[301,1,1,"c.krb5_kdc_verify_ticket","context"],[301,1,1,"c.krb5_kdc_verify_ticket","enc_tkt"],[301,1,1,"c.krb5_kdc_verify_ticket","pac_out"],[301,1,1,"c.krb5_kdc_verify_ticket","privsvr"],[301,1,1,"c.krb5_kdc_verify_ticket","server"],[301,1,1,"c.krb5_kdc_verify_ticket","server_princ"]],krb5_keyblock:[[848,3,1,"c.krb5_keyblock.contents","contents"],[848,3,1,"c.krb5_keyblock.enctype","enctype"],[848,3,1,"c.krb5_keyblock.length","length"],[848,3,1,"c.krb5_keyblock.magic","magic"]],krb5_keytab_entry:[[850,3,1,"c.krb5_keytab_entry.key","key"],[850,3,1,"c.krb5_keytab_entry.magic","magic"],[850,3,1,"c.krb5_keytab_entry.principal","principal"],[850,3,1,"c.krb5_keytab_entry.timestamp","timestamp"],[850,3,1,"c.krb5_keytab_entry.vno","vno"]],krb5_kt_add_entry:[[302,1,1,"c.krb5_kt_add_entry","context"],[302,1,1,"c.krb5_kt_add_entry","entry"],[302,1,1,"c.krb5_kt_add_entry","id"]],krb5_kt_client_default:[[303,1,1,"c.krb5_kt_client_default","context"],[303,1,1,"c.krb5_kt_client_default","keytab_out"]],krb5_kt_close:[[304,1,1,"c.krb5_kt_close","context"],[304,1,1,"c.krb5_kt_close","keytab"]],krb5_kt_default:[[305,1,1,"c.krb5_kt_default","context"],[305,1,1,"c.krb5_kt_default","id"]],krb5_kt_default_name:[[306,1,1,"c.krb5_kt_default_name","context"],[306,1,1,"c.krb5_kt_default_name","name"],[306,1,1,"c.krb5_kt_default_name","name_size"]],krb5_kt_dup:[[307,1,1,"c.krb5_kt_dup","context"],[307,1,1,"c.krb5_kt_dup","in"],[307,1,1,"c.krb5_kt_dup","out"]],krb5_kt_end_seq_get:[[308,1,1,"c.krb5_kt_end_seq_get","context"],[308,1,1,"c.krb5_kt_end_seq_get","cursor"],[308,1,1,"c.krb5_kt_end_seq_get","keytab"]],krb5_kt_free_entry:[[309,1,1,"c.krb5_kt_free_entry","context"],[309,1,1,"c.krb5_kt_free_entry","entry"]],krb5_kt_get_entry:[[310,1,1,"c.krb5_kt_get_entry","context"],[310,1,1,"c.krb5_kt_get_entry","enctype"],[310,1,1,"c.krb5_kt_get_entry","entry"],[310,1,1,"c.krb5_kt_get_entry","keytab"],[310,1,1,"c.krb5_kt_get_entry","principal"],[310,1,1,"c.krb5_kt_get_entry","vno"]],krb5_kt_get_name:[[311,1,1,"c.krb5_kt_get_name","context"],[311,1,1,"c.krb5_kt_get_name","keytab"],[311,1,1,"c.krb5_kt_get_name","name"],[311,1,1,"c.krb5_kt_get_name","namelen"]],krb5_kt_get_type:[[312,1,1,"c.krb5_kt_get_type","context"],[312,1,1,"c.krb5_kt_get_type","keytab"]],krb5_kt_have_content:[[313,1,1,"c.krb5_kt_have_content","context"],[313,1,1,"c.krb5_kt_have_content","keytab"]],krb5_kt_next_entry:[[314,1,1,"c.krb5_kt_next_entry","context"],[314,1,1,"c.krb5_kt_next_entry","cursor"],[314,1,1,"c.krb5_kt_next_entry","entry"],[314,1,1,"c.krb5_kt_next_entry","keytab"]],krb5_kt_read_service_key:[[315,1,1,"c.krb5_kt_read_service_key","context"],[315,1,1,"c.krb5_kt_read_service_key","enctype"],[315,1,1,"c.krb5_kt_read_service_key","key"],[315,1,1,"c.krb5_kt_read_service_key","keyprocarg"],[315,1,1,"c.krb5_kt_read_service_key","principal"],[315,1,1,"c.krb5_kt_read_service_key","vno"]],krb5_kt_remove_entry:[[316,1,1,"c.krb5_kt_remove_entry","context"],[316,1,1,"c.krb5_kt_remove_entry","entry"],[316,1,1,"c.krb5_kt_remove_entry","id"]],krb5_kt_resolve:[[317,1,1,"c.krb5_kt_resolve","context"],[317,1,1,"c.krb5_kt_resolve","ktid"],[317,1,1,"c.krb5_kt_resolve","name"]],krb5_kt_start_seq_get:[[318,1,1,"c.krb5_kt_start_seq_get","context"],[318,1,1,"c.krb5_kt_start_seq_get","cursor"],[318,1,1,"c.krb5_kt_start_seq_get","keytab"]],krb5_kuserok:[[319,1,1,"c.krb5_kuserok","context"],[319,1,1,"c.krb5_kuserok","luser"],[319,1,1,"c.krb5_kuserok","principal"]],krb5_last_req_entry:[[854,3,1,"c.krb5_last_req_entry.lr_type","lr_type"],[854,3,1,"c.krb5_last_req_entry.magic","magic"],[854,3,1,"c.krb5_last_req_entry.value","value"]],krb5_make_authdata_kdc_issued:[[320,1,1,"c.krb5_make_authdata_kdc_issued","ad_kdcissued"],[320,1,1,"c.krb5_make_authdata_kdc_issued","authdata"],[320,1,1,"c.krb5_make_authdata_kdc_issued","context"],[320,1,1,"c.krb5_make_authdata_kdc_issued","issuer"],[320,1,1,"c.krb5_make_authdata_kdc_issued","key"]],krb5_marshal_credentials:[[321,1,1,"c.krb5_marshal_credentials","context"],[321,1,1,"c.krb5_marshal_credentials","data_out"],[321,1,1,"c.krb5_marshal_credentials","in_creds"]],krb5_merge_authdata:[[322,1,1,"c.krb5_merge_authdata","context"],[322,1,1,"c.krb5_merge_authdata","inauthdat1"],[322,1,1,"c.krb5_merge_authdata","inauthdat2"],[322,1,1,"c.krb5_merge_authdata","outauthdat"]],krb5_mk_1cred:[[323,1,1,"c.krb5_mk_1cred","auth_context"],[323,1,1,"c.krb5_mk_1cred","context"],[323,1,1,"c.krb5_mk_1cred","creds"],[323,1,1,"c.krb5_mk_1cred","der_out"],[323,1,1,"c.krb5_mk_1cred","rdata_out"]],krb5_mk_error:[[324,1,1,"c.krb5_mk_error","context"],[324,1,1,"c.krb5_mk_error","dec_err"],[324,1,1,"c.krb5_mk_error","enc_err"]],krb5_mk_ncred:[[325,1,1,"c.krb5_mk_ncred","auth_context"],[325,1,1,"c.krb5_mk_ncred","context"],[325,1,1,"c.krb5_mk_ncred","creds"],[325,1,1,"c.krb5_mk_ncred","der_out"],[325,1,1,"c.krb5_mk_ncred","rdata_out"]],krb5_mk_priv:[[326,1,1,"c.krb5_mk_priv","auth_context"],[326,1,1,"c.krb5_mk_priv","context"],[326,1,1,"c.krb5_mk_priv","der_out"],[326,1,1,"c.krb5_mk_priv","rdata_out"],[326,1,1,"c.krb5_mk_priv","userdata"]],krb5_mk_rep:[[327,1,1,"c.krb5_mk_rep","auth_context"],[327,1,1,"c.krb5_mk_rep","context"],[327,1,1,"c.krb5_mk_rep","outbuf"]],krb5_mk_rep_dce:[[328,1,1,"c.krb5_mk_rep_dce","auth_context"],[328,1,1,"c.krb5_mk_rep_dce","context"],[328,1,1,"c.krb5_mk_rep_dce","outbuf"]],krb5_mk_req:[[329,1,1,"c.krb5_mk_req","ap_req_options"],[329,1,1,"c.krb5_mk_req","auth_context"],[329,1,1,"c.krb5_mk_req","ccache"],[329,1,1,"c.krb5_mk_req","context"],[329,1,1,"c.krb5_mk_req","hostname"],[329,1,1,"c.krb5_mk_req","in_data"],[329,1,1,"c.krb5_mk_req","outbuf"],[329,1,1,"c.krb5_mk_req","service"]],krb5_mk_req_extended:[[330,1,1,"c.krb5_mk_req_extended","ap_req_options"],[330,1,1,"c.krb5_mk_req_extended","auth_context"],[330,1,1,"c.krb5_mk_req_extended","context"],[330,1,1,"c.krb5_mk_req_extended","in_creds"],[330,1,1,"c.krb5_mk_req_extended","in_data"],[330,1,1,"c.krb5_mk_req_extended","outbuf"]],krb5_mk_safe:[[331,1,1,"c.krb5_mk_safe","auth_context"],[331,1,1,"c.krb5_mk_safe","context"],[331,1,1,"c.krb5_mk_safe","der_out"],[331,1,1,"c.krb5_mk_safe","rdata_out"],[331,1,1,"c.krb5_mk_safe","userdata"]],krb5_os_localaddr:[[332,1,1,"c.krb5_os_localaddr","addr"],[332,1,1,"c.krb5_os_localaddr","context"]],krb5_pa_data:[[859,3,1,"c.krb5_pa_data.contents","contents"],[859,3,1,"c.krb5_pa_data.length","length"],[859,3,1,"c.krb5_pa_data.magic","magic"],[859,3,1,"c.krb5_pa_data.pa_type","pa_type"]],krb5_pa_pac_req:[[860,3,1,"c.krb5_pa_pac_req.include_pac","include_pac"]],krb5_pa_server_referral_data:[[861,3,1,"c.krb5_pa_server_referral_data.referral_valid_until","referral_valid_until"],[861,3,1,"c.krb5_pa_server_referral_data.referred_realm","referred_realm"],[861,3,1,"c.krb5_pa_server_referral_data.rep_cksum","rep_cksum"],[861,3,1,"c.krb5_pa_server_referral_data.requested_principal_name","requested_principal_name"],[861,3,1,"c.krb5_pa_server_referral_data.true_principal_name","true_principal_name"]],krb5_pa_svr_referral_data:[[862,3,1,"c.krb5_pa_svr_referral_data.principal","principal"]],krb5_pac_add_buffer:[[333,1,1,"c.krb5_pac_add_buffer","context"],[333,1,1,"c.krb5_pac_add_buffer","data"],[333,1,1,"c.krb5_pac_add_buffer","pac"],[333,1,1,"c.krb5_pac_add_buffer","type"]],krb5_pac_free:[[334,1,1,"c.krb5_pac_free","context"],[334,1,1,"c.krb5_pac_free","pac"]],krb5_pac_get_buffer:[[335,1,1,"c.krb5_pac_get_buffer","context"],[335,1,1,"c.krb5_pac_get_buffer","data"],[335,1,1,"c.krb5_pac_get_buffer","pac"],[335,1,1,"c.krb5_pac_get_buffer","type"]],krb5_pac_get_client_info:[[336,1,1,"c.krb5_pac_get_client_info","authtime_out"],[336,1,1,"c.krb5_pac_get_client_info","context"],[336,1,1,"c.krb5_pac_get_client_info","pac"],[336,1,1,"c.krb5_pac_get_client_info","princname_out"]],krb5_pac_get_types:[[337,1,1,"c.krb5_pac_get_types","context"],[337,1,1,"c.krb5_pac_get_types","len"],[337,1,1,"c.krb5_pac_get_types","pac"],[337,1,1,"c.krb5_pac_get_types","types"]],krb5_pac_init:[[338,1,1,"c.krb5_pac_init","context"],[338,1,1,"c.krb5_pac_init","pac"]],krb5_pac_parse:[[339,1,1,"c.krb5_pac_parse","context"],[339,1,1,"c.krb5_pac_parse","len"],[339,1,1,"c.krb5_pac_parse","pac"],[339,1,1,"c.krb5_pac_parse","ptr"]],krb5_pac_sign:[[340,1,1,"c.krb5_pac_sign","authtime"],[340,1,1,"c.krb5_pac_sign","context"],[340,1,1,"c.krb5_pac_sign","data"],[340,1,1,"c.krb5_pac_sign","pac"],[340,1,1,"c.krb5_pac_sign","principal"],[340,1,1,"c.krb5_pac_sign","privsvr_key"],[340,1,1,"c.krb5_pac_sign","server_key"]],krb5_pac_sign_ext:[[341,1,1,"c.krb5_pac_sign_ext","authtime"],[341,1,1,"c.krb5_pac_sign_ext","context"],[341,1,1,"c.krb5_pac_sign_ext","data"],[341,1,1,"c.krb5_pac_sign_ext","pac"],[341,1,1,"c.krb5_pac_sign_ext","principal"],[341,1,1,"c.krb5_pac_sign_ext","privsvr_key"],[341,1,1,"c.krb5_pac_sign_ext","server_key"],[341,1,1,"c.krb5_pac_sign_ext","with_realm"]],krb5_pac_verify:[[342,1,1,"c.krb5_pac_verify","authtime"],[342,1,1,"c.krb5_pac_verify","context"],[342,1,1,"c.krb5_pac_verify","pac"],[342,1,1,"c.krb5_pac_verify","principal"],[342,1,1,"c.krb5_pac_verify","privsvr"],[342,1,1,"c.krb5_pac_verify","server"]],krb5_pac_verify_ext:[[343,1,1,"c.krb5_pac_verify_ext","authtime"],[343,1,1,"c.krb5_pac_verify_ext","context"],[343,1,1,"c.krb5_pac_verify_ext","pac"],[343,1,1,"c.krb5_pac_verify_ext","principal"],[343,1,1,"c.krb5_pac_verify_ext","privsvr"],[343,1,1,"c.krb5_pac_verify_ext","server"],[343,1,1,"c.krb5_pac_verify_ext","with_realm"]],krb5_parse_name:[[344,1,1,"c.krb5_parse_name","context"],[344,1,1,"c.krb5_parse_name","name"],[344,1,1,"c.krb5_parse_name","principal_out"]],krb5_parse_name_flags:[[345,1,1,"c.krb5_parse_name_flags","context"],[345,1,1,"c.krb5_parse_name_flags","flags"],[345,1,1,"c.krb5_parse_name_flags","name"],[345,1,1,"c.krb5_parse_name_flags","principal_out"]],krb5_prepend_error_message:[[346,1,1,"c.krb5_prepend_error_message","code"],[346,1,1,"c.krb5_prepend_error_message","ctx"],[346,1,1,"c.krb5_prepend_error_message","fmt"]],krb5_principal2salt:[[347,1,1,"c.krb5_principal2salt","context"],[347,1,1,"c.krb5_principal2salt","pr"],[347,1,1,"c.krb5_principal2salt","ret"]],krb5_principal:[[868,3,1,"c.krb5_principal.data","data"],[868,3,1,"c.krb5_principal.length","length"],[868,3,1,"c.krb5_principal.magic","magic"],[868,3,1,"c.krb5_principal.realm","realm"],[868,3,1,"c.krb5_principal.type","type"]],krb5_principal_compare:[[348,1,1,"c.krb5_principal_compare","context"],[348,1,1,"c.krb5_principal_compare","princ1"],[348,1,1,"c.krb5_principal_compare","princ2"]],krb5_principal_compare_any_realm:[[349,1,1,"c.krb5_principal_compare_any_realm","context"],[349,1,1,"c.krb5_principal_compare_any_realm","princ1"],[349,1,1,"c.krb5_principal_compare_any_realm","princ2"]],krb5_principal_compare_flags:[[350,1,1,"c.krb5_principal_compare_flags","context"],[350,1,1,"c.krb5_principal_compare_flags","flags"],[350,1,1,"c.krb5_principal_compare_flags","princ1"],[350,1,1,"c.krb5_principal_compare_flags","princ2"]],krb5_principal_data:[[869,3,1,"c.krb5_principal_data.data","data"],[869,3,1,"c.krb5_principal_data.length","length"],[869,3,1,"c.krb5_principal_data.magic","magic"],[869,3,1,"c.krb5_principal_data.realm","realm"],[869,3,1,"c.krb5_principal_data.type","type"]],krb5_process_key:[[351,1,1,"c.krb5_process_key","context"],[351,1,1,"c.krb5_process_key","eblock"],[351,1,1,"c.krb5_process_key","key"]],krb5_prompt:[[870,3,1,"c.krb5_prompt.hidden","hidden"],[870,3,1,"c.krb5_prompt.prompt","prompt"],[870,3,1,"c.krb5_prompt.reply","reply"]],krb5_prompter_posix:[[352,1,1,"c.krb5_prompter_posix","banner"],[352,1,1,"c.krb5_prompter_posix","context"],[352,1,1,"c.krb5_prompter_posix","data"],[352,1,1,"c.krb5_prompter_posix","name"],[352,1,1,"c.krb5_prompter_posix","num_prompts"],[352,1,1,"c.krb5_prompter_posix","prompts"]],krb5_pwd_data:[[873,3,1,"c.krb5_pwd_data.element","element"],[873,3,1,"c.krb5_pwd_data.magic","magic"],[873,3,1,"c.krb5_pwd_data.sequence_count","sequence_count"]],krb5_random_key:[[353,1,1,"c.krb5_random_key","context"],[353,1,1,"c.krb5_random_key","eblock"],[353,1,1,"c.krb5_random_key","keyblock"],[353,1,1,"c.krb5_random_key","ptr"]],krb5_rd_cred:[[354,1,1,"c.krb5_rd_cred","auth_context"],[354,1,1,"c.krb5_rd_cred","context"],[354,1,1,"c.krb5_rd_cred","creddata"],[354,1,1,"c.krb5_rd_cred","creds_out"],[354,1,1,"c.krb5_rd_cred","rdata_out"]],krb5_rd_error:[[355,1,1,"c.krb5_rd_error","context"],[355,1,1,"c.krb5_rd_error","dec_error"],[355,1,1,"c.krb5_rd_error","enc_errbuf"]],krb5_rd_priv:[[356,1,1,"c.krb5_rd_priv","auth_context"],[356,1,1,"c.krb5_rd_priv","context"],[356,1,1,"c.krb5_rd_priv","inbuf"],[356,1,1,"c.krb5_rd_priv","rdata_out"],[356,1,1,"c.krb5_rd_priv","userdata_out"]],krb5_rd_rep:[[357,1,1,"c.krb5_rd_rep","auth_context"],[357,1,1,"c.krb5_rd_rep","context"],[357,1,1,"c.krb5_rd_rep","inbuf"],[357,1,1,"c.krb5_rd_rep","repl"]],krb5_rd_rep_dce:[[358,1,1,"c.krb5_rd_rep_dce","auth_context"],[358,1,1,"c.krb5_rd_rep_dce","context"],[358,1,1,"c.krb5_rd_rep_dce","inbuf"],[358,1,1,"c.krb5_rd_rep_dce","nonce"]],krb5_rd_req:[[359,1,1,"c.krb5_rd_req","ap_req_options"],[359,1,1,"c.krb5_rd_req","auth_context"],[359,1,1,"c.krb5_rd_req","context"],[359,1,1,"c.krb5_rd_req","inbuf"],[359,1,1,"c.krb5_rd_req","keytab"],[359,1,1,"c.krb5_rd_req","server"],[359,1,1,"c.krb5_rd_req","ticket"]],krb5_rd_safe:[[360,1,1,"c.krb5_rd_safe","auth_context"],[360,1,1,"c.krb5_rd_safe","context"],[360,1,1,"c.krb5_rd_safe","inbuf"],[360,1,1,"c.krb5_rd_safe","rdata_out"],[360,1,1,"c.krb5_rd_safe","userdata_out"]],krb5_read_password:[[361,1,1,"c.krb5_read_password","context"],[361,1,1,"c.krb5_read_password","prompt"],[361,1,1,"c.krb5_read_password","prompt2"],[361,1,1,"c.krb5_read_password","return_pwd"],[361,1,1,"c.krb5_read_password","size_return"]],krb5_realm_compare:[[362,1,1,"c.krb5_realm_compare","context"],[362,1,1,"c.krb5_realm_compare","princ1"],[362,1,1,"c.krb5_realm_compare","princ2"]],krb5_recvauth:[[363,1,1,"c.krb5_recvauth","appl_version"],[363,1,1,"c.krb5_recvauth","auth_context"],[363,1,1,"c.krb5_recvauth","context"],[363,1,1,"c.krb5_recvauth","fd"],[363,1,1,"c.krb5_recvauth","flags"],[363,1,1,"c.krb5_recvauth","keytab"],[363,1,1,"c.krb5_recvauth","server"],[363,1,1,"c.krb5_recvauth","ticket"]],krb5_recvauth_version:[[364,1,1,"c.krb5_recvauth_version","auth_context"],[364,1,1,"c.krb5_recvauth_version","context"],[364,1,1,"c.krb5_recvauth_version","fd"],[364,1,1,"c.krb5_recvauth_version","flags"],[364,1,1,"c.krb5_recvauth_version","keytab"],[364,1,1,"c.krb5_recvauth_version","server"],[364,1,1,"c.krb5_recvauth_version","ticket"],[364,1,1,"c.krb5_recvauth_version","version"]],krb5_replay_data:[[875,3,1,"c.krb5_replay_data.seq","seq"],[875,3,1,"c.krb5_replay_data.timestamp","timestamp"],[875,3,1,"c.krb5_replay_data.usec","usec"]],krb5_responder_get_challenge:[[365,1,1,"c.krb5_responder_get_challenge","ctx"],[365,1,1,"c.krb5_responder_get_challenge","question"],[365,1,1,"c.krb5_responder_get_challenge","rctx"]],krb5_responder_list_questions:[[366,1,1,"c.krb5_responder_list_questions","ctx"],[366,1,1,"c.krb5_responder_list_questions","rctx"]],krb5_responder_otp_challenge:[[878,3,1,"c.krb5_responder_otp_challenge.service","service"],[878,3,1,"c.krb5_responder_otp_challenge.tokeninfo","tokeninfo"]],krb5_responder_otp_challenge_free:[[367,1,1,"c.krb5_responder_otp_challenge_free","chl"],[367,1,1,"c.krb5_responder_otp_challenge_free","ctx"],[367,1,1,"c.krb5_responder_otp_challenge_free","rctx"]],krb5_responder_otp_get_challenge:[[368,1,1,"c.krb5_responder_otp_get_challenge","chl"],[368,1,1,"c.krb5_responder_otp_get_challenge","ctx"],[368,1,1,"c.krb5_responder_otp_get_challenge","rctx"]],krb5_responder_otp_set_answer:[[369,1,1,"c.krb5_responder_otp_set_answer","ctx"],[369,1,1,"c.krb5_responder_otp_set_answer","pin"],[369,1,1,"c.krb5_responder_otp_set_answer","rctx"],[369,1,1,"c.krb5_responder_otp_set_answer","ti"],[369,1,1,"c.krb5_responder_otp_set_answer","value"]],krb5_responder_otp_tokeninfo:[[879,3,1,"c.krb5_responder_otp_tokeninfo.alg_id","alg_id"],[879,3,1,"c.krb5_responder_otp_tokeninfo.challenge","challenge"],[879,3,1,"c.krb5_responder_otp_tokeninfo.flags","flags"],[879,3,1,"c.krb5_responder_otp_tokeninfo.format","format"],[879,3,1,"c.krb5_responder_otp_tokeninfo.length","length"],[879,3,1,"c.krb5_responder_otp_tokeninfo.token_id","token_id"],[879,3,1,"c.krb5_responder_otp_tokeninfo.vendor","vendor"]],krb5_responder_pkinit_challenge:[[880,3,1,"c.krb5_responder_pkinit_challenge.identities","identities"]],krb5_responder_pkinit_challenge_free:[[370,1,1,"c.krb5_responder_pkinit_challenge_free","chl"],[370,1,1,"c.krb5_responder_pkinit_challenge_free","ctx"],[370,1,1,"c.krb5_responder_pkinit_challenge_free","rctx"]],krb5_responder_pkinit_get_challenge:[[371,1,1,"c.krb5_responder_pkinit_get_challenge","chl_out"],[371,1,1,"c.krb5_responder_pkinit_get_challenge","ctx"],[371,1,1,"c.krb5_responder_pkinit_get_challenge","rctx"]],krb5_responder_pkinit_identity:[[881,3,1,"c.krb5_responder_pkinit_identity.identity","identity"],[881,3,1,"c.krb5_responder_pkinit_identity.token_flags","token_flags"]],krb5_responder_pkinit_set_answer:[[372,1,1,"c.krb5_responder_pkinit_set_answer","ctx"],[372,1,1,"c.krb5_responder_pkinit_set_answer","identity"],[372,1,1,"c.krb5_responder_pkinit_set_answer","pin"],[372,1,1,"c.krb5_responder_pkinit_set_answer","rctx"]],krb5_responder_set_answer:[[373,1,1,"c.krb5_responder_set_answer","answer"],[373,1,1,"c.krb5_responder_set_answer","ctx"],[373,1,1,"c.krb5_responder_set_answer","question"],[373,1,1,"c.krb5_responder_set_answer","rctx"]],krb5_response:[[882,3,1,"c.krb5_response.expected_nonce","expected_nonce"],[882,3,1,"c.krb5_response.magic","magic"],[882,3,1,"c.krb5_response.message_type","message_type"],[882,3,1,"c.krb5_response.request_time","request_time"],[882,3,1,"c.krb5_response.response","response"]],krb5_salttype_to_string:[[374,1,1,"c.krb5_salttype_to_string","buffer"],[374,1,1,"c.krb5_salttype_to_string","buflen"],[374,1,1,"c.krb5_salttype_to_string","salttype"]],krb5_sendauth:[[375,1,1,"c.krb5_sendauth","ap_req_options"],[375,1,1,"c.krb5_sendauth","appl_version"],[375,1,1,"c.krb5_sendauth","auth_context"],[375,1,1,"c.krb5_sendauth","ccache"],[375,1,1,"c.krb5_sendauth","client"],[375,1,1,"c.krb5_sendauth","context"],[375,1,1,"c.krb5_sendauth","error"],[375,1,1,"c.krb5_sendauth","fd"],[375,1,1,"c.krb5_sendauth","in_creds"],[375,1,1,"c.krb5_sendauth","in_data"],[375,1,1,"c.krb5_sendauth","out_creds"],[375,1,1,"c.krb5_sendauth","rep_result"],[375,1,1,"c.krb5_sendauth","server"]],krb5_server_decrypt_ticket_keytab:[[376,1,1,"c.krb5_server_decrypt_ticket_keytab","context"],[376,1,1,"c.krb5_server_decrypt_ticket_keytab","kt"],[376,1,1,"c.krb5_server_decrypt_ticket_keytab","ticket"]],krb5_set_default_realm:[[377,1,1,"c.krb5_set_default_realm","context"],[377,1,1,"c.krb5_set_default_realm","lrealm"]],krb5_set_default_tgs_enctypes:[[378,1,1,"c.krb5_set_default_tgs_enctypes","context"],[378,1,1,"c.krb5_set_default_tgs_enctypes","etypes"]],krb5_set_error_message:[[379,1,1,"c.krb5_set_error_message","code"],[379,1,1,"c.krb5_set_error_message","ctx"],[379,1,1,"c.krb5_set_error_message","fmt"]],krb5_set_kdc_recv_hook:[[380,1,1,"c.krb5_set_kdc_recv_hook","context"],[380,1,1,"c.krb5_set_kdc_recv_hook","data"],[380,1,1,"c.krb5_set_kdc_recv_hook","recv_hook"]],krb5_set_kdc_send_hook:[[381,1,1,"c.krb5_set_kdc_send_hook","context"],[381,1,1,"c.krb5_set_kdc_send_hook","data"],[381,1,1,"c.krb5_set_kdc_send_hook","send_hook"]],krb5_set_password:[[382,1,1,"c.krb5_set_password","change_password_for"],[382,1,1,"c.krb5_set_password","context"],[382,1,1,"c.krb5_set_password","creds"],[382,1,1,"c.krb5_set_password","newpw"],[382,1,1,"c.krb5_set_password","result_code"],[382,1,1,"c.krb5_set_password","result_code_string"],[382,1,1,"c.krb5_set_password","result_string"]],krb5_set_password_using_ccache:[[383,1,1,"c.krb5_set_password_using_ccache","ccache"],[383,1,1,"c.krb5_set_password_using_ccache","change_password_for"],[383,1,1,"c.krb5_set_password_using_ccache","context"],[383,1,1,"c.krb5_set_password_using_ccache","newpw"],[383,1,1,"c.krb5_set_password_using_ccache","result_code"],[383,1,1,"c.krb5_set_password_using_ccache","result_code_string"],[383,1,1,"c.krb5_set_password_using_ccache","result_string"]],krb5_set_principal_realm:[[384,1,1,"c.krb5_set_principal_realm","context"],[384,1,1,"c.krb5_set_principal_realm","principal"],[384,1,1,"c.krb5_set_principal_realm","realm"]],krb5_set_real_time:[[385,1,1,"c.krb5_set_real_time","context"],[385,1,1,"c.krb5_set_real_time","microseconds"],[385,1,1,"c.krb5_set_real_time","seconds"]],krb5_set_trace_callback:[[386,1,1,"c.krb5_set_trace_callback","cb_data"],[386,1,1,"c.krb5_set_trace_callback","context"],[386,1,1,"c.krb5_set_trace_callback","fn"]],krb5_set_trace_filename:[[387,1,1,"c.krb5_set_trace_filename","context"],[387,1,1,"c.krb5_set_trace_filename","filename"]],krb5_sname_match:[[388,1,1,"c.krb5_sname_match","context"],[388,1,1,"c.krb5_sname_match","matching"],[388,1,1,"c.krb5_sname_match","princ"]],krb5_sname_to_principal:[[389,1,1,"c.krb5_sname_to_principal","context"],[389,1,1,"c.krb5_sname_to_principal","hostname"],[389,1,1,"c.krb5_sname_to_principal","ret_princ"],[389,1,1,"c.krb5_sname_to_principal","sname"],[389,1,1,"c.krb5_sname_to_principal","type"]],krb5_string_to_cksumtype:[[390,1,1,"c.krb5_string_to_cksumtype","cksumtypep"],[390,1,1,"c.krb5_string_to_cksumtype","string"]],krb5_string_to_deltat:[[391,1,1,"c.krb5_string_to_deltat","deltatp"],[391,1,1,"c.krb5_string_to_deltat","string"]],krb5_string_to_enctype:[[392,1,1,"c.krb5_string_to_enctype","enctypep"],[392,1,1,"c.krb5_string_to_enctype","string"]],krb5_string_to_key:[[393,1,1,"c.krb5_string_to_key","context"],[393,1,1,"c.krb5_string_to_key","data"],[393,1,1,"c.krb5_string_to_key","eblock"],[393,1,1,"c.krb5_string_to_key","keyblock"],[393,1,1,"c.krb5_string_to_key","salt"]],krb5_string_to_salttype:[[394,1,1,"c.krb5_string_to_salttype","salttypep"],[394,1,1,"c.krb5_string_to_salttype","string"]],krb5_string_to_timestamp:[[395,1,1,"c.krb5_string_to_timestamp","string"],[395,1,1,"c.krb5_string_to_timestamp","timestampp"]],krb5_ticket:[[883,3,1,"c.krb5_ticket.enc_part","enc_part"],[883,3,1,"c.krb5_ticket.enc_part2","enc_part2"],[883,3,1,"c.krb5_ticket.magic","magic"],[883,3,1,"c.krb5_ticket.server","server"]],krb5_ticket_times:[[884,3,1,"c.krb5_ticket_times.authtime","authtime"],[884,3,1,"c.krb5_ticket_times.endtime","endtime"],[884,3,1,"c.krb5_ticket_times.renew_till","renew_till"],[884,3,1,"c.krb5_ticket_times.starttime","starttime"]],krb5_timeofday:[[396,1,1,"c.krb5_timeofday","context"],[396,1,1,"c.krb5_timeofday","timeret"]],krb5_timestamp_to_sfstring:[[397,1,1,"c.krb5_timestamp_to_sfstring","buffer"],[397,1,1,"c.krb5_timestamp_to_sfstring","buflen"],[397,1,1,"c.krb5_timestamp_to_sfstring","pad"],[397,1,1,"c.krb5_timestamp_to_sfstring","timestamp"]],krb5_timestamp_to_string:[[398,1,1,"c.krb5_timestamp_to_string","buffer"],[398,1,1,"c.krb5_timestamp_to_string","buflen"],[398,1,1,"c.krb5_timestamp_to_string","timestamp"]],krb5_tkt_authent:[[886,3,1,"c.krb5_tkt_authent.ap_options","ap_options"],[886,3,1,"c.krb5_tkt_authent.authenticator","authenticator"],[886,3,1,"c.krb5_tkt_authent.magic","magic"],[886,3,1,"c.krb5_tkt_authent.ticket","ticket"]],krb5_tkt_creds_free:[[399,1,1,"c.krb5_tkt_creds_free","context"],[399,1,1,"c.krb5_tkt_creds_free","ctx"]],krb5_tkt_creds_get:[[400,1,1,"c.krb5_tkt_creds_get","context"],[400,1,1,"c.krb5_tkt_creds_get","ctx"]],krb5_tkt_creds_get_creds:[[401,1,1,"c.krb5_tkt_creds_get_creds","context"],[401,1,1,"c.krb5_tkt_creds_get_creds","creds"],[401,1,1,"c.krb5_tkt_creds_get_creds","ctx"]],krb5_tkt_creds_get_times:[[402,1,1,"c.krb5_tkt_creds_get_times","context"],[402,1,1,"c.krb5_tkt_creds_get_times","ctx"],[402,1,1,"c.krb5_tkt_creds_get_times","times"]],krb5_tkt_creds_init:[[403,1,1,"c.krb5_tkt_creds_init","ccache"],[403,1,1,"c.krb5_tkt_creds_init","context"],[403,1,1,"c.krb5_tkt_creds_init","creds"],[403,1,1,"c.krb5_tkt_creds_init","ctx"],[403,1,1,"c.krb5_tkt_creds_init","options"]],krb5_tkt_creds_step:[[404,1,1,"c.krb5_tkt_creds_step","context"],[404,1,1,"c.krb5_tkt_creds_step","ctx"],[404,1,1,"c.krb5_tkt_creds_step","flags"],[404,1,1,"c.krb5_tkt_creds_step","in"],[404,1,1,"c.krb5_tkt_creds_step","out"],[404,1,1,"c.krb5_tkt_creds_step","realm"]],krb5_trace_info:[[889,3,1,"c.krb5_trace_info.message","message"]],krb5_transited:[[890,3,1,"c.krb5_transited.magic","magic"],[890,3,1,"c.krb5_transited.tr_contents","tr_contents"],[890,3,1,"c.krb5_transited.tr_type","tr_type"]],krb5_typed_data:[[891,3,1,"c.krb5_typed_data.data","data"],[891,3,1,"c.krb5_typed_data.length","length"],[891,3,1,"c.krb5_typed_data.magic","magic"],[891,3,1,"c.krb5_typed_data.type","type"]],krb5_unmarshal_credentials:[[405,1,1,"c.krb5_unmarshal_credentials","context"],[405,1,1,"c.krb5_unmarshal_credentials","creds_out"],[405,1,1,"c.krb5_unmarshal_credentials","data"]],krb5_unparse_name:[[406,1,1,"c.krb5_unparse_name","context"],[406,1,1,"c.krb5_unparse_name","name"],[406,1,1,"c.krb5_unparse_name","principal"]],krb5_unparse_name_ext:[[407,1,1,"c.krb5_unparse_name_ext","context"],[407,1,1,"c.krb5_unparse_name_ext","name"],[407,1,1,"c.krb5_unparse_name_ext","principal"],[407,1,1,"c.krb5_unparse_name_ext","size"]],krb5_unparse_name_flags:[[408,1,1,"c.krb5_unparse_name_flags","context"],[408,1,1,"c.krb5_unparse_name_flags","flags"],[408,1,1,"c.krb5_unparse_name_flags","name"],[408,1,1,"c.krb5_unparse_name_flags","principal"]],krb5_unparse_name_flags_ext:[[409,1,1,"c.krb5_unparse_name_flags_ext","context"],[409,1,1,"c.krb5_unparse_name_flags_ext","flags"],[409,1,1,"c.krb5_unparse_name_flags_ext","name"],[409,1,1,"c.krb5_unparse_name_flags_ext","principal"],[409,1,1,"c.krb5_unparse_name_flags_ext","size"]],krb5_us_timeofday:[[410,1,1,"c.krb5_us_timeofday","context"],[410,1,1,"c.krb5_us_timeofday","microseconds"],[410,1,1,"c.krb5_us_timeofday","seconds"]],krb5_use_enctype:[[411,1,1,"c.krb5_use_enctype","context"],[411,1,1,"c.krb5_use_enctype","eblock"],[411,1,1,"c.krb5_use_enctype","enctype"]],krb5_verify_authdata_kdc_issued:[[412,1,1,"c.krb5_verify_authdata_kdc_issued","ad_kdcissued"],[412,1,1,"c.krb5_verify_authdata_kdc_issued","authdata"],[412,1,1,"c.krb5_verify_authdata_kdc_issued","context"],[412,1,1,"c.krb5_verify_authdata_kdc_issued","issuer"],[412,1,1,"c.krb5_verify_authdata_kdc_issued","key"]],krb5_verify_checksum:[[413,1,1,"c.krb5_verify_checksum","cksum"],[413,1,1,"c.krb5_verify_checksum","context"],[413,1,1,"c.krb5_verify_checksum","ctype"],[413,1,1,"c.krb5_verify_checksum","in"],[413,1,1,"c.krb5_verify_checksum","in_length"],[413,1,1,"c.krb5_verify_checksum","seed"],[413,1,1,"c.krb5_verify_checksum","seed_length"]],krb5_verify_init_creds:[[414,1,1,"c.krb5_verify_init_creds","ccache"],[414,1,1,"c.krb5_verify_init_creds","context"],[414,1,1,"c.krb5_verify_init_creds","creds"],[414,1,1,"c.krb5_verify_init_creds","keytab"],[414,1,1,"c.krb5_verify_init_creds","options"],[414,1,1,"c.krb5_verify_init_creds","server"]],krb5_verify_init_creds_opt:[[894,3,1,"c.krb5_verify_init_creds_opt.ap_req_nofail","ap_req_nofail"],[894,3,1,"c.krb5_verify_init_creds_opt.flags","flags"]],krb5_verify_init_creds_opt_init:[[415,1,1,"c.krb5_verify_init_creds_opt_init","k5_vic_options"]],krb5_verify_init_creds_opt_set_ap_req_nofail:[[416,1,1,"c.krb5_verify_init_creds_opt_set_ap_req_nofail","ap_req_nofail"],[416,1,1,"c.krb5_verify_init_creds_opt_set_ap_req_nofail","k5_vic_options"]],krb5_vprepend_error_message:[[417,1,1,"c.krb5_vprepend_error_message","args"],[417,1,1,"c.krb5_vprepend_error_message","code"],[417,1,1,"c.krb5_vprepend_error_message","ctx"],[417,1,1,"c.krb5_vprepend_error_message","fmt"]],krb5_vset_error_message:[[418,1,1,"c.krb5_vset_error_message","args"],[418,1,1,"c.krb5_vset_error_message","code"],[418,1,1,"c.krb5_vset_error_message","ctx"],[418,1,1,"c.krb5_vset_error_message","fmt"]],krb5_vwrap_error_message:[[419,1,1,"c.krb5_vwrap_error_message","args"],[419,1,1,"c.krb5_vwrap_error_message","code"],[419,1,1,"c.krb5_vwrap_error_message","ctx"],[419,1,1,"c.krb5_vwrap_error_message","fmt"],[419,1,1,"c.krb5_vwrap_error_message","old_code"]],krb5_wrap_error_message:[[420,1,1,"c.krb5_wrap_error_message","code"],[420,1,1,"c.krb5_wrap_error_message","ctx"],[420,1,1,"c.krb5_wrap_error_message","fmt"],[420,1,1,"c.krb5_wrap_error_message","old_code"]],passwd_phrase_element:[[895,3,1,"c.passwd_phrase_element.magic","magic"],[895,3,1,"c.passwd_phrase_element.passwd","passwd"],[895,3,1,"c.passwd_phrase_element.phrase","phrase"]]},objnames:{"0":["c","function","C function"],"1":["c","functionParam","C function parameter"],"2":["c","type","C type"],"3":["c","member","C member"],"4":["py","data","Python data"]},objtypes:{"0":"c:function","1":"c:functionParam","2":"c:type","3":"c:member","4":"py:data"},terms:{"0":[3,5,6,14,15,20,21,23,28,35,37,39,41,43,46,49,50,53,55,56,61,62,63,64,65,66,67,68,69,71,72,73,74,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,121,124,125,126,129,130,132,133,134,135,137,139,141,142,145,147,148,149,150,152,153,154,155,156,157,158,159,161,162,163,164,165,166,167,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,231,235,236,238,245,248,260,261,262,264,265,266,267,268,271,272,273,274,275,276,277,278,279,280,282,286,287,288,289,290,294,295,296,298,299,300,301,302,303,304,305,306,308,310,311,313,314,315,316,317,318,321,322,323,324,325,326,327,328,329,330,331,332,333,335,336,337,338,339,342,344,345,347,352,354,355,356,357,358,359,360,361,363,364,374,375,376,377,378,382,383,384,385,389,390,391,392,394,395,396,397,398,400,401,402,403,404,405,406,407,408,409,410,414,534,621,629,647,679,733,735,791,803,837,908,910,914,915,918,919,923,928,932,933,934,935,943,946,948],"00":[3,5,23,898],"01":[5,23,42,898,924],"02":[34,918],"03":[14,35,939],"04":[924,939],"0400":898,"05":939,"05pm":898,"06":[924,939],"07":[898,939],"08":[898,939],"0h":[20,34,898],"0m":[20,34,898],"0s":[20,34,898],"0x0000":478,"0x00000001":[440,498,522,523,752,755],"0x00000002":[436,494,525,529,749,754],"0x00000004":[521,524,747],"0x00000008":[488,526,528,753],"0x00000010":[21,496,527,748],"0x00000020":[487,530,746],"0x00000040":751,"0x00000080":745,"0x00000100":750,"0x00000200":756,"0x00008000":[497,772],"0x0001":[444,471,544,562,726,729,762],"0x00010000":[485,773],"0x0002":[425,454,472,560,725,728],"0x00020000":486,"0x0003":[455,473],"0x0004":[445,474,557,730],"0x00040000":780,"0x0005":[423,469],"0x0006":[431,468],"0x0007":[428,456],"0x0008":[457,475,559,731],"0x00080000":786,"0x0009":[453,476],"0x000a":477,"0x000b":482,"0x000c":[449,479],"0x000d":480,"0x000e":[458,481],"0x000f":[447,467],"0x0010":[424,448,470,556],"0x00100000":776,"0x0011":[442,459],"0x0012":[443,461],"0x0013":[450,460],"0x0014":[430,451,462],"0x0017":463,"0x0018":[426,464],"0x0019":465,"0x001a":466,"0x0020":552,"0x00200000":782,"0x0040":558,"0x00400000":777,"0x0080":561,"0x00800000":[495,785],"0x0100":[422,555],"0x01000000":778,"0x0101":427,"0x01ff":483,"0x0200":554,"0x02000000":[491,781],"0x0400":553,"0x04000000":[484,779],"0x08000000":[493,784],"0x1":[564,565,713,717,721,761],"0x10":712,"0x10000000":[492,783],"0x1fff":433,"0x2":[563,714,716,719],"0x2000":434,"0x20000000":[437,490,742,775],"0x3":720,"0x4":[710,715,722],"0x4000":432,"0x40000000":[439,489,743,774],"0x54800000":499,"0x7fff":[764,768],"0x8":711,"0x8000":[429,435,765,767],"0x80000000":[438,744],"0xfffffff0":441,"1":[0,3,4,5,6,8,11,14,15,16,19,20,21,23,24,25,26,28,33,34,35,37,38,39,40,41,42,43,44,46,48,87,89,91,93,119,132,143,154,155,160,165,166,167,169,192,194,195,203,209,211,219,229,245,246,247,250,253,257,265,286,300,301,303,307,313,336,343,344,365,366,367,368,369,370,371,372,373,380,381,386,387,397,399,400,401,402,403,404,513,535,541,551,567,569,581,619,626,634,641,658,665,681,708,734,735,736,737,801,802,896,897,898,901,905,906,908,910,912,914,915,918,921,922,923,924,925,928,929,930,931,932,934,942,943,945,946,948,951,952,953],"10":[3,5,14,15,21,23,35,38,39,42,43,44,132,143,154,155,160,167,195,219,342,506,578,637,652,664,897,898,901,918],"1000":[20,23],"1022":915,"1023":915,"1024":[21,43],"10d":898,"11":[0,6,8,14,15,20,21,23,26,41,43,165,169,250,257,303,313,365,366,367,368,369,373,505,577,648,654,672,740,910,918,939],"1100":766,"114687":915,"12":[3,14,21,23,34,35,37,41,43,211,307,370,371,372,576,663,696,760,897,898,915,918,922,925,931,932,939,946],"1234":46,"127":15,"128":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],"129":[511,640,674],"12h":[20,34],"13":[3,4,20,23,39,43,596,651,699,759,897,918],"130":[638,695],"13135":12,"132":666,"133":675,"1332348778":41,"136":677,"137":[452,676],"138":[446,668],"14":[3,14,16,20,21,23,504,594,656,690,898,911,914,918,929,931],"140":918,"141":681,"141231235900":898,"142":683,"143":508,"144":682,"147":686,"149":542,"15":[6,14,20,21,26,39,43,194,253,380,381,503,597,655,688,915,918,919],"150":667,"151":[702,911],"152":692,"153":693,"15552000":3,"16":[3,19,20,21,37,43,548,575,662,689,896,910,914,915,918,921,928,930,939],"16383":915,"16384":915,"167":684,"17":[3,14,20,21,24,25,26,37,40,43,229,343,574,650,687,912,918,919,923],"18":[14,21,26,38,43,265,336,595,660,901,915,918,924,939,953],"180":[3,35],"1812":20,"19":[14,20,21,26,43,203,209,571,657,673,918,921,939,948],"192":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],"1964":911,"1970":[23,896],"1983":919,"1985":[909,919,953],"1986":953,"1989":953,"1990":[905,919],"1991":919,"1992":919,"1993":919,"1994":919,"1995":919,"1996":[3,919,953],"1997":919,"1998":919,"1999":919,"1foo":21,"2":[3,5,6,14,15,19,21,23,26,34,35,37,39,43,166,320,412,533,545,593,600,617,623,631,644,653,670,683,707,732,737,908,910,911,914,915,918,919,923,934,946,953],"20":[9,20,39,43,91,93,300,301,344,572,703,705,741,898,918,921,939],"2000":[26,637,639,703,919],"200000":898,"2001":10,"2002":[10,919,953],"2003":919,"2004":[9,919],"2005":919,"2006":919,"2007":919,"2008":919,"2009":919,"2010":919,"2011":[919,953],"2012":[35,898],"20120727203000":898,"2013":[918,919],"2014":[898,918,919],"20141231235900":898,"2015":[898,919],"2016":919,"2018":953,"2022":919,"2024":[909,919],"2037":37,"2038":[45,885,918],"2047":915,"2048":[20,21,37,915],"21":[21,26,570,573,698,718,918,939],"2106":[885,896,918],"2147483647":[568,898],"22":[531,589,678,898,939],"2253":21,"23":[9,39,590,898,939],"24":[20,46,591,939],"25":[604,694,939],"2500":[20,23],"255":918,"256":[14,20,21,40,915,918],"26":[23,603,605],"27":[602,606,898],"2743":43,"2744":43,"2782":39,"29":939,"2m":20,"3":[3,6,14,19,20,21,23,26,32,36,37,43,44,166,417,418,419,467,537,579,615,627,635,643,682,691,898,906,910,915,918,919,923,946],"30":[35,39,543,697,898,939,942],"300":[21,23],"30m":898,"31":[14,700,898,939],"3187":34,"3189":34,"32":[10,12,14,24,550,896,910,914],"3244":[382,383,918],"33":35,"35":34,"36":898,"3600":898,"365":37,"3650":37,"37":9,"384":[20,21,40],"3961":[458,664,911,912,915],"3962":[447,448,459,461],"3de":14,"3h":939,"3h30m":939,"4":[6,9,14,19,20,21,23,34,37,39,43,166,321,405,515,536,546,600,610,620,624,632,638,640,645,681,682,683,706,908,910,914,915,918],"40":[35,39],"4096":[20,21,915],"4120":[320,412,540,664,669,670,671,672,673,678,680,691,698,701,705,901,918,922],"42":[9,592],"424":9,"44":601,"4402":119,"45":600,"4537":511,"4556":[20,21,687,689,918],"4557":42,"464":[15,20,21,39,917],"47":[3,34],"4757":[43,446,463,464],"48":939,"49":939,"49151":915,"49152":915,"4gb":918,"5":[0,3,6,10,12,14,19,20,21,23,31,34,36,37,43,119,320,412,507,539,611,614,625,633,646,671,723,898,903,908,910,911,914,918,919,941,942,943,945,946,947,949,953],"50":588,"509":[20,21,37,43,918,921,948],"51":585,"512":[24,519],"513":[599,911],"514":[598,912],"52":[34,587,939],"521":[21,40],"5280":43,"53":586,"5351":918,"54":583,"5480":21,"55":584,"5587":[918,924],"5588":918,"56":[14,580],"5801":918,"5896":918,"59":[14,898],"5h30m":942,"5m":20,"6":[3,6,9,15,19,37,39,320,342,412,532,613,616,628,636,649,661,669,758],"60":[5,35,46,898,905],"604800":3,"6112":[686,918],"6113":[48,668,675,676,677,910,911,918,922],"64":[500,517,547,582,885,896],"65":[518,607],"65535":[566,918],"6560":[600,681,682,683,738,918],"6649":14,"6680":[43,918],"6803":[442,443,465,466,918],"6806":[43,542,910,918],"6820":703,"7":[3,6,23,26,33,39,41,43,247,538,612,618,622,630,642,659,701,897,918],"70":905,"71":512,"730":919,"749":[15,20,34,39,917],"753241234":3,"754":[8,15,34,41,917,953],"7546":43,"7553":39,"76cho3000":919,"774":919,"7748":21,"785900000":3,"785926535":3,"786100034":3,"7d":[20,34],"8":[3,5,6,8,12,23,26,35,43,46,247,350,365,373,516,549,608,680,709,898,910,914,918,919,942],"8009":[450,451,460,462],"8070":[667,912],"816":42,"823276":41,"823381":41,"85":906,"86400":3,"86528":42,"88":[10,15,20,34,37,39,917],"89":39,"8h30":898,"9":[14,19,20,21,26,35,41,87,89,192,245,246,386,387,399,400,401,402,403,404,514,540,609,905,918],"9138":41,"96":[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],"97":509,"9899":905,"9h":19,"abstract":[920,922,928,929,931,935],"boolean":[6,20,23,36,48,55,870,894],"break":[32,902],"byte":[20,43,46,48,99,104,287,311,910,911,912,914,915,924],"case":[2,3,6,11,14,19,20,21,23,24,28,38,39,43,46,195,245,280,325,330,350,359,375,389,416,706,897,898,900,919,922,923,924,927,931,932,944,946,951,953],"char":[43,46,49,50,56,59,60,91,92,93,94,107,136,141,143,144,146,149,152,155,156,160,166,169,170,187,192,193,194,210,213,214,219,222,223,227,228,230,231,233,235,247,252,260,264,267,277,278,306,311,312,317,319,329,336,344,345,346,352,361,363,365,366,369,372,373,374,375,377,379,382,383,384,387,389,390,391,392,394,395,397,398,406,407,408,409,417,418,419,420,803,829,841,870,872,878,879,881,889,934],"class":[3,23,944],"const":[43,49,52,53,54,58,59,60,91,92,93,94,99,100,101,102,103,106,107,108,113,114,117,119,120,125,126,129,130,136,141,144,146,149,152,155,156,160,166,169,172,173,174,175,177,178,180,181,183,184,185,188,189,194,195,197,213,214,223,228,231,232,233,234,235,247,252,260,264,265,267,277,278,281,284,286,287,288,289,290,294,298,299,300,301,312,317,319,320,322,324,326,329,331,333,336,339,340,341,342,343,344,345,346,351,352,353,355,356,357,358,359,360,361,365,366,369,372,373,376,377,378,379,382,383,384,387,389,393,405,412,413,417,418,419,420,792,820,821,865,866,872,888,889,934],"default":[2,3,4,5,6,7,8,10,11,12,15,19,20,21,22,23,24,26,29,30,32,33,34,35,37,38,39,40,41,43,44,46,48,59,60,78,132,147,148,154,223,229,243,253,265,269,275,278,315,317,345,359,375,383,414,712,898,905,906,907,908,910,918,923,924,925,939,941,942,943,945,946,947,948,952,953],"do":[3,6,14,15,20,21,22,23,26,28,29,32,33,34,37,38,39,40,41,43,46,223,267,349,408,549,905,906,908,918,919,923,924,928,930,931,938,939,942,946,948,953],"export":[20,34,918,919,923,924,933,934],"final":[19,21,112,158,904,911,915],"function":[3,6,14,25,29,34,35,43,46,48,49,50,55,57,58,59,60,61,62,67,68,69,71,72,73,74,76,77,78,81,82,84,85,86,87,88,89,92,93,99,100,101,102,103,104,105,107,113,114,116,117,119,124,125,126,129,130,133,136,137,139,148,150,151,153,156,157,158,159,167,169,171,172,173,174,175,177,178,180,181,182,183,192,194,195,198,199,200,201,202,203,205,206,207,208,209,212,215,216,221,228,235,236,241,245,246,252,254,258,260,261,262,264,265,266,267,271,272,275,276,277,278,279,287,288,289,290,294,295,296,298,299,301,308,310,320,323,324,325,326,327,329,330,331,333,334,342,343,345,352,355,356,357,358,359,360,361,368,371,373,376,378,382,383,385,387,389,396,400,401,403,404,407,408,410,412,414,416,417,419,856,865,866,870,872,877,903,904,918,919,922,923,924,927,930,931,933,934],"goto":46,"h\u00f6gskola":919,"import":[5,6,14,15,17,19,21,23,34,35,918,924,938],"int":[43,51,53,56,59,62,91,92,93,94,97,111,116,120,122,166,223,241,242,243,244,249,254,255,279,306,311,345,350,352,361,382,383,404,407,408,409,416,805,811,814,818,829,840,846,848,853,857,859,870,872,873,891,894,923],"long":[3,14,15,23,25,26,37,38,39,41,43,99,287,365,366,739,766,897,900,918,919,922,931,934,948],"new":[2,3,6,14,20,21,23,24,26,34,35,37,41,43,48,87,89,129,132,138,143,154,160,163,165,166,167,169,172,173,174,175,176,177,178,180,182,183,192,194,195,211,219,229,235,243,245,246,250,253,257,260,262,269,275,280,298,300,301,303,307,313,327,330,336,338,343,344,345,359,365,366,367,368,369,370,371,372,373,380,381,382,383,386,387,399,400,401,402,403,404,407,719,720,897,901,915,918,919,923,924,927,928,931,938,939,942,944,953],"null":[19,20,21,43,44,46,48,54,64,92,99,100,102,103,107,113,129,136,141,154,155,156,164,173,195,198,200,203,209,220,223,224,228,230,231,235,240,260,264,267,269,273,275,287,288,289,290,294,298,300,301,315,322,323,325,326,329,330,331,332,336,342,343,344,354,356,359,360,361,363,364,365,366,369,372,375,377,380,381,382,383,386,388,389,397,407,408,409,412,414,793,918,923,932,934,953],"public":[21,40,919,927,928,929,930],"return":[3,9,12,20,21,22,38,43,46,48,50,52,54,56,57,59,60,69,74,91,92,93,100,103,109,110,119,127,128,133,135,137,141,142,144,145,146,147,148,149,151,152,153,154,155,156,159,161,169,176,189,192,214,223,224,227,228,229,231,235,260,262,263,264,267,268,271,279,282,283,284,288,290,301,302,303,305,306,308,310,311,314,315,316,317,318,320,323,325,330,344,345,352,355,361,365,366,368,371,375,377,378,380,382,383,384,386,388,389,396,398,400,404,406,407,408,409,410,412,414,416,731,865,866,906,918,920,921,922,923,924,925,928,929,931,932,933,934,935,942,946],"short":[14,19,21,41,306,900],"static":[46,923,934],"switch":[14,28,31,43,48,161,897],"true":[9,14,20,21,22,23,24,25,26,33,35,36,37,38,40,41,43,52,54,105,109,110,127,128,160,192,245,283,284,285,300,319,343,348,349,350,362,388,416,813,826,860,952],"try":[21,25,32,35,38,39,41,43,906,918,938,946],"var":[5,8,20,21,23,34,37,901,906,907,917,953],"void":[43,46,57,58,59,60,63,80,171,179,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,215,216,218,219,220,221,222,237,239,240,241,242,243,244,245,249,254,255,256,257,258,259,260,270,275,285,291,297,334,339,346,352,367,370,379,380,381,386,399,415,416,417,418,419,420,820,838,856,864,865,866,872,877,888,933,934],"while":[3,12,14,15,16,20,21,23,24,34,35,43,46,897,904,923,938,939,946,953],A:[3,6,8,15,16,19,21,23,24,25,26,28,32,34,35,36,37,38,43,46,169,229,342,344,366,368,371,388,740,850,876,889,897,900,901,910,911,914,915,917,918,919,920,921,922,923,924,925,927,928,929,931,932,933,934,935,939,941,942,943,953],AND:919,AS:[10,21,23,25,26,253,505,666,918,919,922,930,931],As:[3,14,16,17,26,34,35,37,39,43,46,908,928,930,934,942],At:[14,23,33,34,165,910],BE:919,BUT:919,BY:919,Be:14,But:901,By:[5,6,21,23,24,28,32,34,37,40,78,253,906,918,919,924,939,942,943,946],FOR:919,For:[3,10,14,16,17,18,19,20,21,22,23,24,26,28,32,33,34,35,36,37,38,39,43,46,99,100,103,142,287,288,290,738,896,897,901,904,905,906,910,911,915,916,917,918,920,921,922,923,924,925,927,928,929,930,931,932,933,934,935,936,938,939,942,945,946,951,953],IF:[195,300,919],IN:[826,919],IS:919,IT:919,ITS:[42,919],If:[0,2,3,4,5,6,8,9,10,11,14,15,16,17,19,20,21,22,23,24,25,26,28,29,32,33,34,35,36,37,38,39,40,41,43,44,46,54,56,99,100,101,102,103,113,129,152,154,156,158,159,161,169,192,223,224,229,230,231,235,245,250,251,253,260,264,267,269,279,280,287,288,289,290,294,298,300,301,310,315,317,325,326,327,330,331,336,342,343,344,345,352,356,359,360,361,375,377,382,383,386,388,397,404,407,414,416,731,865,866,877,897,898,901,902,904,905,906,908,910,911,918,919,921,923,924,925,931,932,934,938,939,941,942,943,944,946,947,948,951,953],In:[2,3,4,6,8,14,17,20,21,22,23,24,26,28,29,32,34,35,37,38,39,43,247,359,375,389,897,904,905,906,911,918,922,923,924,927,932,936,939,943,946,952,953],Is:14,It:[3,5,8,9,10,12,14,20,21,23,24,34,35,36,39,46,55,124,203,209,243,245,280,382,383,739,876,897,901,910,918,919,921,925,930,932,938,949,953],Its:[20,21,910],NO:919,NOT:[5,34,919],No:[3,12,21,34,151,325,919,939,953],Not:[20,21,44,51,151,614,897],OF:[911,919],ON:919,ONE:5,OR:[740,919],ORed:151,Of:[17,35],On:[15,20,21,23,34,37,41,43,100,103,144,271,279,288,290,330,359,361,400,404,407,408,409,901,904,917,918,931,939,942],One:[3,20,23,34,36,38,43,342,897,898,938,939,952],SUCH:919,Such:[14,37,39,46],THAT:919,THE:919,TO:919,That:[21,904],The:[0,3,4,5,6,7,8,9,10,11,12,15,19,20,21,22,23,24,25,26,28,29,31,33,34,35,37,38,39,40,41,43,46,53,62,69,71,74,78,80,91,93,99,100,102,103,113,117,119,121,125,126,129,135,136,138,144,146,148,153,165,166,173,176,189,198,200,217,220,224,228,229,245,248,252,262,268,274,282,286,287,288,289,290,294,296,298,300,305,307,312,315,320,321,322,325,326,331,333,344,345,346,354,356,359,360,365,366,367,368,369,370,371,372,373,376,380,381,382,383,389,398,402,403,405,406,407,408,412,414,420,618,730,738,740,745,746,749,750,752,756,807,813,827,837,850,865,866,870,876,883,896,897,898,900,901,902,903,904,905,906,907,908,910,911,912,914,915,917,918,919,920,921,922,923,924,925,927,928,929,930,931,932,933,934,935,936,938,939,941,942,944,946,948,950,951,952,953],Then:[3,6,17,24,34,942],There:[20,21,23,34,35,897,904,906,907,910,914,939],These:[14,16,20,21,23,26,34,35,37,39,43,733,904,910,918,919,922,924,927,951,953],To:[3,14,15,16,19,20,21,23,24,25,28,29,34,35,36,37,38,39,40,41,43,46,344,896,904,908,914,918,924,928,930,936,938,939,946],WILL:919,WITH:919,With:[0,3,6,22,23,39,952],_:42,_kerbero:39,_kpasswd:39,_krb5_address:805,_krb5_ap_rep:[807,808],_krb5_ap_rep_enc_part:808,_krb5_ap_req:809,_krb5_auth_context:810,_krb5_authdata:811,_krb5_authent:813,_krb5_ccach:816,_krb5_cccol_cursor:817,_krb5_checksum:818,_krb5_context:[135,156,822],_krb5_cred:[823,826],_krb5_cred_enc_part:824,_krb5_cred_info:825,_krb5_crypto_iov:827,_krb5_data:829,_krb5_enc_data:831,_krb5_enc_kdc_rep_part:832,_krb5_enc_tkt_part:833,_krb5_encrypt_block:834,_krb5_error:836,_krb5_get_init_cr:840,_krb5_get_init_creds_opt:840,_krb5_gic_opt_pa_data:841,_krb5_init_creds_context:842,_krb5_kdc_rep:845,_krb5_kdc_req:846,_krb5_keyblock:848,_krb5_kt:849,_krb5_last_req_entri:854,_krb5_pa_data:859,_krb5_pa_pac_req:860,_krb5_pa_server_referral_data:861,_krb5_pa_svr_referral_data:862,_krb5_prompt:870,_krb5_pwd_data:873,_krb5_responder_otp_challeng:878,_krb5_responder_otp_tokeninfo:879,_krb5_responder_pkinit_challeng:880,_krb5_responder_pkinit_ident:881,_krb5_respons:882,_krb5_ticket:883,_krb5_ticket_tim:884,_krb5_tkt_authent:886,_krb5_tkt_creds_context:887,_krb5_trace_info:889,_krb5_transit:890,_krb5_typed_data:891,_krb5_verify_init_creds_opt:894,_passwd_phrase_el:895,_profile_t:[262,269],_tcp:39,_udp:39,abbrevi:[904,943],abc:[906,953],abi:885,abil:[14,368,371,952],abl:[15,16,19,20,21,23,25,29,34,35,39,897,902,938,939,946],abort:[802,803,933],about:[0,14,19,20,22,23,26,31,39,41,43,46,251,901,904,906,908,918,919,922,931,936,939,942,953],abov:[6,14,19,21,22,23,25,26,32,34,37,41,43,46,901,906,910,919,923,924,925,939,946],absenc:[20,46],absent:942,absolut:[20,21,896,900,904],ac02:919,ac:[72,73,76,77,86,87,88,89],acceler:919,accept:[3,4,8,14,15,16,20,21,26,34,38,39,41,151,389,898,900,904,918,919,920,924,933,934,939,942],acceptor:[8,918,943],acceptor_cred_handl:43,access:[3,4,8,9,14,17,18,19,20,21,22,23,24,25,26,28,29,32,33,34,35,37,39,43,46,897,902,904,912,915,918,922,927,928,930,931,932,937,939,945,946,951,952],accident:918,accommod:[46,901],accomplish:[23,26],accord:[3,19,21,36,38,43,154,167,910,911,917,924,946,948],account:[20,21,24,25,28,30,48,56,245,336,897,918,932,937,942,946,950,952],account_expir:[245,838],acknowledg:919,acl:[3,4,8,18,20,21,22,23,31,917],acl_fil:[4,8,19,20,34],acquir:[3,6,8,43,48,245,274,402,548,910,918,924,948],acquisit:[43,403],across:[17,20,21,34,43,928,929,930,938],act:[10,19,21,26,901,918],action:[4,6,14,901,919,929],activ:[3,6,8,14,21,23,25,37,40,169,941],actor:19,actual:[6,14,23,26,35,46,98,99,100,102,103,113,129,287,288,289,290,294,298,901,939],actual_mech:43,ad:[3,6,8,17,20,21,23,24,25,26,32,34,38,40,41,48,195,300,302,740,897,910,918,921,948],ad_kdcissu:[320,412],ad_typ:[195,811,910],ad_type_extern:789,ad_type_field_type_mask:789,ad_type_regist:789,ad_type_reserv:789,add:[3,6,9,11,12,14,15,19,20,21,22,23,31,33,36,38,48,300,343,712,898,918,939],add_auth_ind:[918,931],add_mkei:[14,23],add_polici:23,add_princip:[5,14,23,25,37],add_rel:934,addent:[11,918],addit:[3,18,19,20,21,22,26,29,34,37,38,39,40,43,46,48,301,363,364,414,836,897,901,904,906,908,909,918,919,922,931,936,942,946,953],addition:[10,21,36,930,939],addpol:[3,23,35],addprinc:[3,23,34,37,898,928],addr1:[52,53],addr2:[52,53],addr:[54,232,233,234,332,825,826,832],address1:910,address2:910,address:[0,15,20,21,23,24,30,33,38,39,44,48,260,325,326,331,356,359,360,523,524,525,526,805,824,826,833,846,906,910,918,933,939,942,943],address_list:840,addresssanit:918,addrlist:54,addrtyp:[429,805,910],addrtype_addrport:789,addrtype_chao:789,addrtype_ddp:789,addrtype_inet6:789,addrtype_inet:789,addrtype_ipport:789,addrtype_is_loc:789,addrtype_iso:789,addrtype_netbio:789,addrtype_xn:789,adjust:[14,29,33,34,37,48,100,103,288,290,410],adm:[20,22,39],admcil:19,admcilsp:19,admin:[3,4,5,8,14,15,16,19,21,22,23,26,32,34,897,906,917,918,928,946,953],admin_serv:[3,8,20,21,34,39],adminhost:3,administ:[4,15,34],administr:[0,2,3,4,5,6,11,14,15,16,18,19,20,21,22,24,25,26,31,32,35,36,38,897,903,916,917,918,919,929,936,938,942,952,953],adminjohndoefoo:21,adtyp:811,advanc:[14,30,150,314,918,936],advantag:[14,21,26,32],advertis:[21,918,919],advic:31,advis:[14,919],ae:[3,14,15,20,25,906,918,919],aead:48,aes128:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],aes256:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],aesni:[906,919],af:14,af_unspec:933,affect:[4,19,20,21,26,28,40,126,133,229,918,942,953],afford:32,afs3:14,after:[2,3,4,6,10,12,14,21,23,24,25,33,34,35,37,80,98,136,228,272,380,401,885,896,897,902,904,910,911,914,915,918,938,939,946,953],afterward:[23,929],again:[14,28,33,34,720,901,918,924,938,939],against:[2,14,20,21,25,28,34,39,40,46,48,129,298,342,356,359,360,363,412,901,906,918,921,924,945,951],agent:20,agre:919,agreement:919,aklog:55,al:3,alexand:919,alg_id:879,algid:738,algorithm:[14,26,126,915,918,919,946],alia:[3,11,43,48,144,146,312,365,366],alias:[3,11,15,22,38,39,918],alic:[11,23,28,951,952],all:[0,2,3,6,9,14,15,17,18,19,20,21,23,24,25,26,28,29,32,33,34,35,37,38,43,46,48,153,163,164,282,342,359,414,747,748,753,817,827,897,898,901,904,905,909,910,915,918,919,930,932,939,941,943,944,945,946,948,951,953],alloc:[43,46,48,61,78,93,98,99,100,102,103,107,115,117,119,121,124,148,280,287,288,289,290,296,355,357,407,827,870,921,923,925,928,932],allow:[2,3,4,5,6,8,10,12,14,15,16,17,18,19,20,21,23,24,26,28,29,32,33,34,35,36,37,38,40,41,43,46,48,111,252,279,359,404,407,898,900,902,904,906,908,911,918,919,920,921,922,924,925,926,927,928,929,930,931,932,933,934,935,938,939,942,945,952],allow_des3:[21,26,918],allow_dup_skei:3,allow_forward:[3,5],allow_postd:[3,5],allow_proxi:3,allow_rc4:[21,26,918],allow_renew:3,allow_svr:[3,23,25,35,40],allow_tgs_req:3,allow_tix:3,allow_weak_crypto:[14,21,26,41,48],allowedkeysalt:3,almeida:919,alon:[34,923],along:[0,36,827,897,906,924],alongsid:34,alphabet:898,alphanumer:21,alreadi:[6,14,22,34,36,43,124,333,897,904,906,908,942,946,948],also:[15,17,18,22,23,24,25,26,28,29,32,33,34,35,37,38,39,40,43,46,126,342,403,896,897,900,906,908,910,918,919,921,922,924,925,927,928,930,932,934,935,939],alter:[14,37],altern:[8,15,20,21,22,24,28,34,37,43,500,904,906,917,918,919,942],although:[39,900,919,925,935,938,939],altogeth:20,alwai:[14,15,20,21,23,24,39,44,51,55,61,63,66,68,71,80,83,139,142,155,365,716,910,914,918],am:898,america:919,among:46,amount:[20,21,35,39,102,119,121,289,361,905],an2ln:[21,932],an2ln_typ:932,an:[0,2,3,4,5,6,8,9,11,12,14,15,16,19,20,21,22,23,24,25,26,28,29,32,33,34,35,36,37,38,39,40,41,43,46,48,55,56,61,93,99,101,119,126,144,146,154,229,235,236,241,243,247,260,263,265,276,277,279,287,300,301,312,315,320,326,327,330,331,342,355,356,360,365,366,373,375,388,394,404,407,412,414,722,735,736,738,813,821,827,837,868,869,877,896,900,901,904,905,906,910,911,912,915,917,918,919,920,922,923,924,927,928,929,931,932,933,934,935,938,939,942,944,946,948,953],analog:15,anam:[56,946],anchor:[20,21,942],andrea:919,andrew:5,ani:[0,3,6,8,9,10,14,15,16,17,19,20,21,23,24,25,26,28,32,34,36,37,38,39,40,41,43,46,48,56,137,147,153,154,156,224,260,268,275,278,279,310,315,359,363,364,404,414,740,837,897,901,902,910,911,915,918,919,920,924,925,932,938,939,942,943,946,952],ank:3,anl:21,annot:[16,23,36,918],anonym:[3,20,25,28,43,48,501,502,918,939,942,943],anoth:[15,17,21,24,32,41,48,101,171,826,897,901,906,910,921,922,928,932,933,939,953],ansi:905,answer:[21,46,48,366,731,738,740,876,924],anticip:[33,39],anyon:[938,952],anyth:[21,37],anywai:[20,39,46,330],anywher:[938,953],ap:[92,94,195,199,327,328,329,330,357,358,359,503,807],ap_opt:[329,330,375,809,886],ap_opts_etype_negoti:789,ap_opts_mutual_requir:[330,359,375,789],ap_opts_reserv:789,ap_opts_use_session_kei:[330,789],ap_opts_use_subkei:[330,789],ap_opts_wire_mask:789,ap_req_authdata:195,ap_req_nofail:[416,894],ap_req_opt:[329,330,359,375],api:[0,14,41,43,45,98,100,103,186,188,190,191,196,197,245,250,251,262,281,288,290,351,353,411,740,827,847,897,903,906,918,920,924,931],appdata:[21,901],appdefault:48,appear:[14,20,21,24,34,37,39,41,46,910,919,923],append:[3,20,23,38,387,900,906,915],appl:[903,919],appl_vers:[363,375],appli:[3,10,14,18,19,20,21,23,24,35,41,43,171,919,928,931,939,942,946,950],applic:[0,12,16,18,20,21,28,30,31,37,43,46,48,59,60,156,250,329,330,331,363,375,504,528,529,718,741,896,897,900,901,903,906,916,918,919,922,924,927,932,934,938,939,945,949,952],appnam:[59,60],approach:43,appropri:[6,14,21,23,24,28,29,34,37,39,43,46,154,373,398,920,930,931,942,943,946],approxim:[905,918],apputil:903,aprepencpart:807,ar:[0,2,3,4,5,6,9,10,11,12,14,15,16,17,18,19,20,21,22,23,24,25,26,28,29,33,34,35,36,37,38,39,40,43,46,52,53,66,78,80,83,92,100,103,105,107,153,154,164,166,217,224,229,230,231,241,245,248,252,269,279,280,288,290,325,330,342,345,348,349,350,359,361,362,366,375,381,382,383,404,408,414,731,827,837,847,885,897,898,900,901,903,904,906,908,910,911,912,914,915,917,918,919,920,922,923,924,927,929,930,932,933,935,939,941,942,944,945,946,948,951,953],arbitrari:[3,43],arcfour:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],architectur:[904,906],archiv:[42,905],area:[34,46],arg:[3,417,418,419,802,803,906,946],arg_keytab:[232,235],argument:[3,4,6,8,10,14,20,44,46,48,63,80,91,93,245,257,260,263,275,325,326,331,352,354,356,360,386,417,418,419,889,906,918,923,924,932,946,948],argv_pars:919,ari:946,aris:919,armor:[20,37,48,229,922,931,942],armor_ccach:942,around:[23,906],arrai:[3,36,43,46,48,100,103,111,173,240,244,254,288,290,322,332,352,354,821,825,827,832,833,846,868,869,932,934],arrang:23,arriv:901,asan:[906,918],asc:905,ascii:[6,23,39,910],ask:[6,37,39,46,48,738,739,740,922,938,939,942,946],asn:[48,911,912,921],aspect:[15,28,927],assert:[20,43,910,918,924,931],assign:[3,19,20,34,39,48,82,84,946],associ:[3,4,9,19,20,21,23,35,38,43,537,897,901,910,919,953],assum:[14,21,26,34,36,39,43,44,107,124,155,905,918,939,942,953],assumpt:26,asynchron:[403,931],athena:[3,5,14,15,19,20,21,23,24,28,32,34,906,919,934,938,939,953],athent:260,atom:918,attach:918,attack:[2,14,21,23,29,30,32,35,40,46,325,326,331,901,918,942],attempt:[0,3,6,20,21,24,29,35,39,43,243,250,414,910,918,946],attr:[252,841],attribut:[3,5,6,9,16,19,20,21,22,23,24,26,36,37,48,253,650,841,918,919,921,924,931,942,946],audit:918,aug:3,augment:924,august:919,auth:[16,20,39,43,48,61,329,330,359,363,364,375,504,811,825,833],auth_context:[61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,90,223,323,325,326,327,328,329,330,331,354,356,357,358,359,360,363,364,375],auth_gssapi:3,auth_to_loc:[21,28,932],auth_to_local_nam:[21,28],authdata1:910,authdata2:910,authdata:[184,189,224,320,322,412,826,910,918,926,942,943],authdata_plugin:927,authdatum:412,authent:[3,5,6,10,12,14,15,20,21,22,24,25,26,29,30,32,34,35,36,37,38,39,40,43,44,46,48,61,62,63,64,66,67,68,69,71,72,73,74,76,77,79,80,81,82,83,84,85,86,87,88,89,90,166,201,223,224,250,322,323,325,326,327,328,329,330,331,336,342,354,356,357,358,359,360,375,437,500,506,615,738,807,809,813,859,876,886,897,900,901,902,903,910,911,915,918,919,921,931,932,939,942,943,949,953],authfrom:174,author:[3,19,20,21,48,153,224,253,300,614,746,826,863,918,919,926,941],authoriaz:813,authorit:[19,21,154,920,925,928,932,933],authoritykeyidentifi:37,authorization_data:[813,833,846],authtim:[340,341,342,343,884,910],authtime_out:336,authto:174,authz:846,auto:918,autoconf:903,autodoc:908,autohead:904,autolock:919,autom:[904,918],automak:923,automat:[3,4,6,8,15,17,23,34,897,900,902,904,915,918,939,941,946],autoreconf:904,avail:[3,6,11,12,14,20,21,23,29,34,38,43,46,56,170,187,192,193,227,252,306,310,315,361,368,371,374,398,416,563,823,845,883,897,904,915,920,926,941,943,947,953],avoid:[3,14,19,24,38,46,245,906,918,939],awai:[14,41,938,939],awar:910,awk:6,b7:6,b:[344,918],back:[19,20,23,24,30,39,40,897,906,911,918,924,927],backend:[14,906,918,919],background:[4,8,10,34],backslash:344,backspac:344,backup:[23,30,32,39,902],backward:[8,20,21,24,26,34,948],bad:[34,135,156],balanc:[14,38,39],banner:[46,352,872],bar:[6,21],basch:919,base:[0,3,20,21,22,23,24,25,26,34,37,38,39,43,46,49,59,60,62,91,93,98,117,296,344,388,897,901,908,917,918,919,922,927,931,935,939,942,951],basi:[14,18,23,39],basic:934,basicconstraint:37,baz:21,bb463167:42,becaus:[6,17,19,20,21,23,24,25,35,37,38,39,41,43,46,251,342,897,904,906,910,914,929,931,934,938,942,952],becom:[0,6,14,17,21,23,34,39,136,235,260,275,897,918,938,942,946],beeblebrox:34,been:[6,12,14,20,21,23,26,35,124,897,901,915,918,919,924,927,939,943,950,953],beep:[939,941],befor:[2,3,4,5,6,14,15,20,21,22,23,26,35,37,39,41,44,98,100,103,155,288,290,381,389,827,870,898,901,902,904,919,922,929,931,939,942],beforehand:43,began:14,begin:[4,6,15,21,23,28,36,43,91,93,99,100,102,103,203,209,287,288,289,290,344,403,910,921,924,925,934,951],behalf:948,behav:[3,43,407,416,896,906],behavior:[3,14,20,21,28,39,46,228,414,416,918,923,926,927,932,941,945,950],behind:[14,28],being:[3,14,20,21,23,29,39,44,46,245,372,740,901,908,951],belong:[33,161],below:[6,20,21,23,28,36,43,740,903,919,946],benefit:39,berkelei:[906,919],besid:[15,21],best:[14,25,34,38],beta:6,better:[23,24,847,918],between:[3,9,20,21,23,25,26,29,34,35,41,45,136,158,385,885,897,918,932,939,941,942],beyond:[915,922,927,931,953],big:[910,911,912,914,924],biggest:14,bin:[34,904,906,908,917,946],binari:[21,32,906,919],bind:[3,5,20,21,22,39,918,945],bind_dn:3,binddn:3,bindir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],bindpwd:3,bison:906,bit:[14,20,24,37,46,66,83,142,153,157,359,885,896,910,914,918,921,946],bitwis:[151,740],bjaspan:3,blank:951,bleep:[3,11,939,952,953],block:[14,20,24,48,99,100,102,103,287,288,289,290,918],blocksiz:95,bob:[946,952],bodi:[846,931],book:15,boot:[34,902],bootstrap:21,borrow:939,boston:39,both:[3,12,21,22,23,24,26,28,29,36,37,39,40,43,159,245,251,904,918,919,923,946],bourn:34,box:36,brace:[21,923],bracket:[20,21,28],breviti:911,brian:919,bridg:918,brief:[32,903,927],broken:[14,906],brother:919,brute:[14,23,35],bsd:[918,919],btree:6,buffer:[3,23,43,48,56,98,99,119,170,187,192,193,279,287,300,301,306,331,336,339,374,397,398,404,407,409,538,827,918,924],buflen:[170,187,192,193,374,397,398],bug:[0,23,42,903,904,936],build:[34,39,41,48,49,136,897,903,906,916,917,918,923,927,945],built:[21,24,28,46,48,378,897,904,906,918,924,934,939,945],builtin:[906,918,919],bundl:[21,919],bunni:39,busi:919,byacc:906,c89:905,c:[3,6,19,21,22,23,48,107,228,365,807,813,832,846,883,897,905,906,919,934,941,942,943,946,947,948],ca:[20,21,29,37],cacert:[29,37],cach:[3,14,15,21,23,28,43,44,48,78,138,140,223,224,229,247,264,267,323,325,326,329,331,356,359,360,375,403,414,522,545,549,755,899,903,906,907,913,917,918,926,939,941,942,943,945,946,947,948,951,953],cache_nam:[3,941,942,943],cache_out:[132,154],cacheconf:910,cachenam:[897,947],cachetyp:918,cacreateseri:37,caddr:[825,832,833],cakei:37,california:919,call:[14,16,20,21,23,24,28,34,43,46,91,93,100,103,113,120,122,123,125,126,136,156,158,176,228,245,251,261,268,275,279,282,288,290,294,301,308,317,323,380,381,404,827,870,877,896,897,903,904,918,922,923,924,929,931,932,938,946],callback:[48,260,275,352,380,381,387,856,870,872,876,918,922,931,933],caller:[43,46,71,85,99,100,102,103,117,119,121,136,144,146,245,252,269,279,287,288,289,290,296,301,312,314,330,361,365,366,404,414,827,896,918,925,931,934],camellia128:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],camellia256:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],camellia:[20,918],can:[0,2,3,4,5,6,8,9,10,11,14,15,16,17,18,19,20,21,22,23,24,25,26,28,29,32,33,34,35,36,37,38,39,40,41,43,46,50,56,136,138,154,224,254,271,301,307,331,342,344,366,386,389,400,403,414,416,737,865,866,876,884,896,897,898,900,901,904,905,906,908,910,911,918,920,921,922,923,924,925,927,928,929,930,931,932,933,935,938,939,942,946,950,953],candid:[915,946],cannot:[3,23,24,25,35,37,43,46,91,93,135,151,260,344,414,885,910,939,942,943,948],canon:[4,15,22,23,38,39,192,300,928,932],canonhost_out:194,canonic:[15,21,22,33,43,48,301,389,546,918,942,948],capabl:[32,918,938],capac:25,capath:20,card:[3,20,21,918],care:[3,14,19,28,43,927],carefulli:37,carnegi:919,carri:[3,25,953],cartoon:34,casio:14,cast:[885,896,920,922,923,928,929,930,931,933,935],cat:6,categori:25,caus:[3,4,6,14,20,21,24,25,26,34,35,37,38,39,40,43,48,245,247,388,736,897,901,906,918,919,943,947],caution:3,cb:245,cb_data:[386,888],cb_ret:934,cbc:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],cbdata:934,cbrown:953,cc246071:918,cc246091:918,cc:[223,906,919,945],ccach:[3,23,41,43,48,132,135,164,224,225,226,232,233,234,246,250,251,264,267,321,329,375,383,403,405,414,817,906,917,920,944,948],ccache_typ:21,ccachenam:906,ccapi:[903,919],ccselect:[28,918,923,926,933],ccselect_plugin:[920,923],cd:[42,904,908],ceas:[0,6],cell:14,center:[10,903,919,953],central:0,cert:[16,21,37],cert_fil:948,certain:[23,32,236,906,919,948,953],certauth:[918,926],certauth_plugin:921,certid:21,certif:[3,20,21,29,40,43,48,253,695,912,918,926,948,953],certifi:21,certlabel:21,cf2:48,cflag:[906,945],cfr:919,chain:[20,21,918],challeng:[20,21,40,46,48,366,367,368,370,371,697,700,738,739,876,879,911,918],chang:[2,3,6,9,14,15,19,20,21,22,24,25,26,28,33,34,37,39,46,48,78,136,158,245,260,382,383,620,719,896,904,908,910,917,918,919,927,929,935,937,944,946,952],change_password:[23,26],change_password_for:[382,383],changeov:34,changepw:[3,14,23,26,166,245,300,301,382],channel:[14,21,36,43,46,325,918,946],charact:[3,19,20,21,23,34,38,39,344,397,408,715,944],charg:919,chat:936,check:[12,20,21,23,26,28,34,37,43,48,59,60,153,283,356,359,360,550,904,906,908,914,923,934,935,939,943,946],check_a:930,check_tg:930,checkout:908,checksum:[3,43,48,104,175,202,203,300,301,329,330,331,333,342,343,532,539,657,659,661,662,666,813,856,912,915,918,924],checksum_typ:818,cheetah:908,chiefli:23,chl:[46,367,368,370],chl_out:371,choic:[21,38,43,46,250,942],choos:[14,22,25,34,38,39,43,902,920,938,942,951],chosen:[16,21,22,26,43,46,229,905,911,917,918,920,951],chpass:[3,929],chrand:3,chunk:[114,295],ci:19,cipher:[14,26,48,99,100,102,103,287,288,289,290],cipher_st:[99,100,102,103,287,288,289,290],ciphertext:[25,99,100,102,103,104,287,288,289,290,807,831,911,915],circular:23,circumst:[20,37],citi:919,ckf_:740,ckfrom:175,cksum:[113,129,294,298,413],cksumtyp:[81,96,111,113,114,130,170,294,295,299],cksumtype_cmac_camellia128:789,cksumtype_cmac_camellia256:789,cksumtype_crc32:789,cksumtype_descbc:789,cksumtype_hmac_md5_arcfour:789,cksumtype_hmac_sha1_96_aes128:789,cksumtype_hmac_sha1_96_aes256:789,cksumtype_hmac_sha1_des3:789,cksumtype_hmac_sha256_128_aes128:789,cksumtype_hmac_sha384_192_aes256:789,cksumtype_md5_hmac_arcfour:789,cksumtype_nist_sha:789,cksumtype_rsa_md4:789,cksumtype_rsa_md4_d:789,cksumtype_rsa_md5:789,cksumtype_rsa_md5_d:789,cksumtype_sha1:789,cksumtypep:390,ckto:175,claim:[651,655,919],clang:918,clarifi:37,clariti:946,clean:[23,268,269,386,908,918,934],cleanli:918,cleanup:[46,934],clear:[3,6,11,15,36,46,48,136,156,377],clearpolici:[3,19],cleartext:[808,824,832],click:34,client1:37,client2:37,client:[3,12,14,16,18,20,21,22,23,25,26,28,31,32,34,35,36,38,39,40,41,43,46,48,145,154,223,224,235,241,242,258,260,264,267,275,276,277,330,333,359,363,403,651,652,740,807,808,813,825,826,833,836,845,846,897,901,903,906,910,911,912,917,918,919,920,921,923,926,928,931,933,939,942,943,945,946,948,951,953],client_aware_channel_bind:21,client_aware_gss_bind:918,client_cert:37,client_kei:918,client_keytab:43,client_princ:[46,300],clientauth:21,clientkei:37,clifford:953,clock:[21,34,48,267,356,360,898,931,942],clockskew:[15,21,359,915,934,942],close:[21,32,48,71,85,132,137,138,148,164,167,265,301,307,755,915,929,935],clpreauth:[28,926],clpreauth_mymech_initvt:923,clpreauth_plugin:922,cm:[467,476,477,479,480,481,482,918],cmac:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],cmd_path:946,cn:[5,20,22,37],cname:[33,34,38,39],code:[0,20,21,23,41,43,46,48,49,50,56,62,64,65,67,69,72,73,74,76,77,78,79,81,82,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,117,118,119,121,124,125,126,129,130,133,134,135,141,142,145,147,148,149,150,151,152,153,154,155,156,157,158,159,161,162,163,164,166,169,170,171,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,231,235,251,260,261,262,264,265,266,267,268,271,272,273,274,275,276,277,278,279,280,282,287,288,289,290,294,295,296,298,299,300,301,302,303,305,306,308,310,311,314,315,316,317,318,321,322,323,324,325,326,327,328,329,330,331,332,333,335,337,338,339,342,344,345,347,352,354,355,356,357,358,359,360,361,363,364,374,375,376,377,378,382,383,384,385,389,396,397,398,400,401,402,403,404,405,406,407,408,409,410,414,730,836,837,865,885,896,903,905,906,918,919,922,923,924,927,929,931,933,934,935,936],coerc:915,coexist:19,collect:[21,43,48,132,154,728,729,903,918,920,941,942,943,947,951,953],collis:[48,901],colon:[5,20,21,28,39,152,344,346,420,953],column:6,com:[3,6,9,11,16,20,21,22,23,28,35,37,38,39,41,42,911,912,918,919,938,939,951,952,953],com_err:[837,906,918,923],combin:[3,8,20,23,26,43,48,254,911,943],come:[21,46,359,904,905,938],comma:[3,6,10,20,21],command:[4,8,9,10,14,15,20,21,22,23,24,26,29,32,34,35,37,41,898,900,903,904,905,906,918,937,938,939,941,944,946,948,953],command_opt:[5,6],commenc:34,comment:[0,15,21],commerci:[21,37,919],commit:[9,919,929],common:[21,23,25,34,43,906,919,922,938,952],common_appdata:21,commonconfig:21,commonli:[8,41],commun:[0,21,23,25,29,34,37,43,865,897,903,919,920,936],compani:939,companion:36,compar:[47,48,129,298,911],comparison:21,compat:[8,20,21,36,43,904,906,918,928,930,948],compil:[0,904,905,906,907,918,919,945,946],compile_et:906,complet:[5,6,14,20,21,23,39,43,45,158,272,274,359,375,401,402,738,903,906,907],complex:918,compli:919,complic:[37,906],compon:[19,21,28,37,38,43,46,48,92,93,223,344,345,350,388,645,708,710,763,910,914,918,919,934,939,951],component1:[910,914],component2:[910,914],compos:37,composit:918,compress:905,compromis:[14,17,21,32,897,902],comput:[14,20,21,29,43,44,46,48,91,117,129,229,296,298,912,919,922,931,938,939],concaten:[731,911,924],concatent:924,concept:[916,926],concern:[25,35,919,939],concis:934,concret:908,concurr:[20,24],condit:[37,154,301,918,919,946],conduct:29,conf:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,22,23,24,25,26,27,28,29,30,31,32,33,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],conf_keyfil:5,conf_req_flag:43,conf_stat:43,confidenti:[26,43,918],config:[20,21,23,141,155,269,378,903,906,917,918,924,937,940],configur:[3,4,5,9,14,16,17,19,20,21,23,24,25,30,31,38,41,43,46,48,50,78,154,167,194,251,261,269,388,414,416,563,564,898,901,903,904,905,907,908,918,923,926,935,939,942,943,946,950,952,953],confirm:[2,3,5,6,23,130,299,918,948],conflict:[15,28,359,924],conform:[21,905,918,944],confound:104,confus:919,confusingli:46,confvalid:903,conjunct:948,connect:[3,4,5,8,12,20,23,32,34,38,43,48,897,901,918,919,939],consequ:14,consequenti:919,consid:[0,14,21,24,33,39,41,342,901,906,910],consider:[39,45],consist:[21,39,344,900,905,910,911,918,925,932],consol:20,consolid:0,consortium:[936,953],constant:[46,57,58,727,733,821],constitut:919,constrain:[3,333,547,654,918,948],constraint:[919,951],construct:[0,43,46,277,279,329,404,865,866,918,923,948],consult:[21,932],consum:[24,896,927],contact:[3,7,8,14,20,21,23,29,39,260,897,920,936,949],contain:[3,4,5,6,8,9,15,19,20,21,22,23,24,28,29,33,34,37,38,39,41,43,46,48,54,67,72,76,152,154,169,172,173,183,184,195,231,245,247,276,279,300,301,320,330,336,342,344,355,356,357,360,363,365,375,404,414,847,876,889,897,898,900,901,903,904,905,906,907,908,910,911,914,915,919,923,924,933,934,936,938,939,941,942,946,947,948,951,952,953],container_dn:3,container_reference_dn:5,containerdn:3,containerref:5,contempl:919,content:[0,6,9,11,12,14,23,27,34,37,43,44,46,48,82,84,124,133,137,147,148,174,175,177,178,180,182,183,198,199,200,201,202,207,208,212,215,221,280,333,334,805,811,818,827,848,859,890,897,910,912,914,919,924,942,943],context:[21,41,43,44,46,48,49,50,51,52,53,54,55,56,59,60,61,66,70,75,83,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,172,173,174,175,176,177,178,180,181,182,183,184,186,188,189,190,194,195,196,197,198,199,200,201,202,203,204,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,245,246,247,248,250,251,252,253,257,260,261,264,265,267,276,277,278,279,280,281,283,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,367,368,369,370,371,372,375,376,378,379,380,381,382,383,384,385,386,387,388,389,393,404,405,406,407,408,409,410,411,412,413,414,417,418,419,420,564,793,794,795,796,797,798,799,800,838,865,866,872,876,888,918,920,922,923,925,931,932,933],context_handl:[43,924],contigu:43,continu:[2,6,17,34,911,918,919,946],contract:919,contrari:[43,46],contribut:[101,107,119,916,919,953],contributor:[909,919],control:[4,14,15,18,19,20,21,22,26,28,34,36,37,38,41,43,46,243,279,404,414,906,907,918,920,925,926,927,930,932,933,934,935,950],convei:[14,23,39,43,837,863,918,919],conveni:[46,323,368,371,904],convent:[39,406,934],convention:953,convers:[21,911],convert:[14,21,38,43,48,169,258,389,918,951],cooki:[599,913,918,931],coordin:924,copi:[15,17,23,26,29,32,34,37,41,43,48,86,88,269,272,342,401,902,910,919,927,934,939,946],copyright:[903,905,919,953],core:[922,927,931,934,936],corpor:[919,953],correct:[4,10,14,21,23,33,34,41,124,735,897,906,918,919],correctli:[12,43,865,866,896,918,938],correspond:[6,19,21,37,39,43,44,46,56,152,245,263,342,884,908,911,918,923,924,929,953],corrupt:[6,17,918],cost:[23,29,906,919],could:[0,14,16,17,21,25,28,33,34,35,39,901,918,923,938,939,946],couldn:12,count:[3,6,43,48,87,89,111,286,910,914],counter:[3,35],countermeasur:32,counterpart:[19,33],countri:919,cours:17,courtesan:919,cover:33,cpp:906,cppflag:906,cppopt:906,cpu:40,cpw:[3,14],crash:[17,21,34],crawdad:919,crawford:919,crc:[14,26],creat:[3,4,7,12,14,15,19,20,21,22,23,24,26,28,31,32,35,43,47,48,67,72,76,93,113,114,125,126,135,138,172,173,174,175,176,177,178,180,182,183,205,236,262,265,271,294,295,307,308,324,331,345,359,363,364,375,387,400,414,710,897,898,900,904,908,911,915,918,919,920,921,922,924,925,926,928,929,930,931,932,933,934,935,936,938,939,942],create_polici:23,creation:[14,21,23,37,911],creativ:919,creativecommon:919,cred:[46,48,150,151,153,159,166,232,233,234,235,260,264,267,272,275,321,382,401,403,405,414,531,918,946],cred_handl:[43,924],cred_stor:43,cred_usag:43,cred_usage_stor:43,creddata:354,credenti:[3,8,12,16,20,21,23,28,33,35,37,45,48,138,166,177,206,207,223,224,229,321,329,333,354,375,402,405,440,549,618,653,747,823,824,825,826,877,896,899,900,901,903,906,913,918,922,924,925,926,931,939,941,942,943,945,946,947,948,951,953],credentials_cach:3,creds_out:[354,405],criteria:[37,897],critic:[46,936],crl:[20,21],cron:[17,20,34,39],cross:[3,20,21,342,343,359,906,910,918],crt:[20,21],crypto:[14,121,191,903,906,918,919],crypto_entri:834,crypto_test:919,cryptograph:[14,43,918,919],cryptographi:[14,40],cryptosystem:14,csv:[6,918],ct:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],ctime:[808,813,836],ctx:[43,72,73,76,77,86,87,88,89,171,176,213,228,270,271,272,273,274,275,276,277,278,279,346,365,366,367,368,369,370,371,372,373,379,399,400,401,402,403,404,417,418,419,420,877],ctype:[109,110,127,131,168,413],cuba:919,cultur:919,current:[2,3,6,8,9,11,14,20,21,22,23,28,39,48,136,179,330,346,356,360,382,440,742,889,897,900,906,910,915,918,922,925,926,931,939,944,951,953],curri:15,curs:906,cursor:[48,139,150,158,163,164,314,318,815,817],curv:[21,40],cusec:[808,813,836],custom:[21,908,917,918,921],cut:39,cve:918,cybersaf:[540,919],cycl:918,cygnu:[664,919],d:[3,5,6,7,8,10,19,28,898,906,918,923,939,943,953],daemon:[8,19,20,21,23,31,36,37,38,897,902,918,923,953],daffodil:[15,939],dai:[3,5,21,23,37,48,396,898,939,953],daili:14,daisi:39,dal:927,damag:[897,919],danger:[17,946],danilo:919,dash:21,data:[3,6,9,14,20,21,22,23,24,26,32,43,44,46,48,63,79,80,98,113,114,117,119,120,121,123,129,130,141,151,153,155,169,178,203,208,212,224,245,253,257,258,260,262,275,294,295,296,298,299,300,323,326,329,330,331,333,335,340,341,352,354,356,359,360,368,371,375,376,380,381,382,383,386,388,393,405,467,479,480,481,537,538,678,722,746,793,794,797,811,813,821,823,826,827,829,832,833,836,838,845,846,856,859,863,865,866,868,869,872,875,877,886,891,897,901,902,906,910,911,912,914,918,919,921,922,923,926,930,931,935,943],data_length:116,data_out:321,data_set:43,databas:[2,4,5,6,7,8,9,10,12,15,18,19,20,21,22,26,28,30,31,32,35,37,43,900,902,903,906,907,917,918,919,926,929,931,942,945,946,953],database_modul:[20,24],database_nam:[20,23,34],datadir:906,datarootdir:906,datatyp:45,date:[3,6,8,20,21,23,26,37,167,224,398,832,899,918],datebas:4,david:[15,938,939,953],db2:[3,6,20,23,35,903,917,918],db3:906,db:[24,35,906],db_185:906,db_arg:[3,4,6,8,10],db_header:906,db_lib:906,db_librari:[20,22,24],db_module_dir:20,db_princ_arg:3,dbadmin:19,dbdefault:5,dbmatch:21,dbmodul:[3,22,23,24,35],dbname:[3,6,10],dbutil:919,dc:[20,22],dce:[43,48,641,680,918],dcmd_path:946,dd:898,de:[13,20,26,41,467,918,919],deactiv:20,deal:[897,919],dealloc:[92,925,932],debian:[31,918],debug:[3,7,8,9,20,28,905],dec:[34,35,898],dec_err:324,dec_error:355,decid:[34,39,245,939],decim:[6,43,910,953],decis:[30,919,928,932,953],declar:[43,924],decod:[21,46,48,159,184,359,910,921,923],decompos:538,decreas:[21,900],decrement:48,decrypt:[3,35,43,48,79,354,364,827,883,901,918,946,948],dedic:34,default_ccache_nam:[21,136,897,953],default_client_keytab_nam:[15,21,900],default_cr:43,default_domain:21,default_kdb_fil:907,default_kdc_enctyp:907,default_keytab_nam:[21,900,907],default_principal_expir:[20,898],default_principal_flag:[19,20,918],default_profile_path:907,default_rcache_nam:[21,901],default_realm:[21,28,33,34,925,934],default_tgs_enctyp:[21,26],default_tkt_enctyp:[21,26],default_valu:[59,60],defccnam:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],defcktnam:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],defeat:40,defens:25,defer:[43,921,925,928,932],defin:[3,12,20,21,33,34,39,43,101,119,228,740,901,906,910,911,923,927,934,935,946],definit:[10,16,20,903,919,928,930],defktnam:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],del_polici:3,delai:[24,39,906,918,942],deleg:[3,20,21,333,547,654,910,918,939,943,948],delegated_cred_handl:43,delent:11,delet:[2,3,5,6,11,19,21,23,151,901,918,919,938,941,946,953],delete_polici:23,delete_princip:23,delimit:[21,311],delold:[2,14,26],delpol:3,delprinc:[3,23],delstr:3,delta:[20,48],deltat:187,deltatp:391,demand:414,demonstr:[12,14],deni:[3,19,25,28,35,928,932,946],denial:21,denot:[6,19,898,911],depart:919,depend:[25,33,39,43,46,126,365,373,740,876,905,906,917,918,923,935,938,939],deploi:[36,37,38,904],deploy:[14,24,37],deprec:[14,20,26,70,75,94,120,122,123,131,168,186,188,190,191,196,197,225,226,232,233,234,239,281,309,340,341,351,353,393,411,413,918],der:[911,921,924,931],der_out:[323,325,326,331],deriv:[3,6,14,20,25,48,99,100,102,103,113,129,287,288,289,290,294,298,911,915,918,919,944],des3:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],descend:[897,901],describ:[0,3,14,16,21,23,24,25,28,32,34,37,43,375,406,827,836,837,896,910,919,922,923,924,926,934,939,946],descript:[32,39,43,836,903,917,918,920,921,922,925,927,928,929,930,931,932,933,934,935],descriptor:[62,363,364,375],deseri:48,design:[28,34,46,315,897,901,953],desir:[14,15,23,28,43,119,121,250,251,329,906,918,933,946],desired_mech:[43,924],desired_nam:43,desired_object:43,desktop:46,dest_ctx:179,destdir:904,destin:[32,904,918],destroi:[23,43,48,136,147,148,386,414,897,918,920,921,922,925,928,929,930,931,932,933,935,937,941,942],destroy_polici:23,detach:8,detail:[10,14,15,22,24,26,28,33,34,36,262,738,897,903,905,918,920,921,922,925,928,929,930,931,932,933,934,935,946],detect:[6,8,14,323,325,326,331,356,360,901,906,918,924],determin:[3,4,5,6,8,20,21,23,24,28,34,43,48,62,102,105,117,136,154,230,231,261,289,359,385,389,416,889,897,900,901,904,906,911,914,918,921,925,928,932,933,939,953],dev:[20,21,41,953],develop:[0,904,916,918,919,936,953],devic:[3,20,21,46,655,656],devicenam:20,dfl:[21,901,953],dget_tgt_via_passwd:946,di:19,dict:[3,21],dict_fil:[4,20,935],dictat:23,dictionari:[20,21,23,29,30,34,35,40,918,935,942],did:[23,34,223,267,342,939],didn:[12,28],differ:[3,6,12,21,25,26,28,33,34,37,38,39,43,45,48,107,119,159,265,375,385,865,901,904,906,923,931,932,938,939,942,946,953],diffi:[20,21,942],difficult:35,difficulti:38,digest:[20,919],digit:[898,953],digitalsignatur:[21,37],dir:[20,21,37,897,906,917,942,953],direct:[21,22,23,28,41,48,919,924,934,953],directli:[3,18,20,21,23,29,34,43,46,375,618,924,931,942,947],directori:[3,5,12,20,21,22,28,33,34,37,169,342,897,901,905,907,908,917,918,938,946,950,951,952,953],dirnam:[21,897],dirpath:897,disabl:[3,14,20,21,23,24,26,28,34,37,38,39,41,380,381,386,550,901,904,906,918,926,942,950,953],disable_encrypted_timestamp:[21,25,40],disable_fresh:[37,942],disable_last_success:[20,22,35],disable_lockout:[20,22,35],disable_pac:[20,918],disallow:19,disallow_forward:5,disallow_svr:23,disassoci:[4,10],disast:39,disclaim:919,disclosur:[19,918],discoveri:[25,33,34,918],discuss:[34,901,919,927,936],disjoint:0,disk:[4,5,6,15,17,24,32,34,46,897,902,905],dispatch:924,displai:[2,3,5,9,11,23,37,42,46,245,730,900,910,918,919,942,943,949],display:169,disrupt:14,dist:905,distclean:904,distinct:23,distinguish:[5,21,919],distribut:[10,903,904,905,906,907,918,919,939,953],distributor:919,divid:915,dll:[28,923,924,934],dn:[3,5,20,21,22,25,30,33,34,35,39,44,333,663,906,918],dns_canonicalize_hostnam:[21,38,918],dns_canonicalize_realm:918,dns_lookup_kdc:21,dns_lookup_realm:[21,39],dns_uri_lookup:[21,39],dnsname:21,doc:[22,42,908],document:[5,20,21,29,33,34,43,896,904,906,915,918,919,923,936],doe:[3,6,8,10,14,20,21,22,23,24,25,26,34,37,38,39,40,43,46,56,119,144,152,160,301,311,313,345,375,389,397,414,897,900,904,906,911,918,919,923,924,925,932,934,938,939,946],doesn:[2,6,23,161,897,938],domain:[12,15,20,21,33,34,36,37,38,39,918,939],domain_realm:[28,33,39,951],don:[12,712,715,897,904,906,938,946,953],donat:[23,919],done:[8,22,23,32,34,39,897,906,922,931,934,946,953],dot:38,doubl:898,down:39,download:[8,919],downstream:[23,918],downtim:14,doxygen:[0,908],dprinc_look_ahead:946,dr:14,draft:[694,697,700,918],drift:15,drop:918,dry:6,dsa:476,dst:148,due:[14,19,23,41],dug:919,dugsong:919,dump:[4,7,8,17,20,24,34,917,918],dump_fil:4,dumpfil:[6,23,906],dumptyp:6,dup:20,duplic:[48,826,901],durabl:[20,24],durat:[3,20,21,884,942,946],dure:[3,4,8,17,20,21,23,26,34,35,40,43,352,380,414,719,910,911,918,922,929,939,946],dynam:[21,923,926,928,934],e19253:42,e1:105,e2:105,e2big:119,e:[2,3,6,9,11,14,19,20,21,22,23,33,34,37,38,39,46,870,897,902,904,905,906,911,912,934,938,942,943,946,948,953],e_data:[836,931],each:[2,3,6,8,10,15,19,20,21,23,24,25,26,28,33,35,37,39,43,44,46,252,263,265,352,755,897,900,902,904,910,911,915,918,919,923,927,928,929,933,938,939,942,943,946,948,951,952],ear:919,earli:14,earlier:[20,23,26,34,224,932],earliest:[6,153,915],eas:36,easi:[14,17,25,35,939],easier:[0,14,918],easili:[14,34,904,918],eavesdrop:43,eavesdropp:901,ebaa:42,eblock:[186,188,190,196,197,281,351,353,393,411],echo:[352,361],edata:931,edit:[2,11,12,31,906,907,938],editor:0,edt:3,edu:[0,3,5,12,14,15,19,20,21,23,24,28,32,34,42,918,919,934,936,938,939,946],educ:33,edwards25519:[21,40,919],edwards25519_t:919,effect:[14,19,20,21,23,37,39,731,897,901],effici:918,effort:25,eight:33,einval:[260,373,390,392,394,395],either:[15,20,21,22,23,25,26,34,35,36,37,41,43,44,195,245,253,274,325,326,327,331,402,403,407,731,866,897,904,915,919,923,928,932,939,946,952],eku:[20,21],elaps:3,element:[43,46,48,189,320,412,827,873,911],elements_stor:43,elimin:[14,40],ellipt:40,els:[34,923,938,939,946],elsewher:17,emac:906,email:[0,642,938],emailprotect:21,embed:678,empti:[3,6,19,20,21,23,36,43,46,48,93,229,231,279,345,388,389,404,414,901,906,910,942],en:[42,918],enabl:[3,4,8,14,15,20,21,22,23,24,25,28,34,36,37,39,40,41,43,55,78,897,905,906,918,921,926,946,953],enable_onli:[21,28],enc:[3,6,20,199,301,826,918],enc_err:324,enc_errbuf:355,enc_padata:832,enc_part2:[376,823,845,883],enc_part:[807,823,845,883],enc_tkt:[300,301],encdata:911,enckdcreppart:832,enckrbcredpart:825,enclos:[20,21,898],encod:[21,43,46,48,189,300,323,325,355,541,883,890,910,911,921,924,931],encompass:43,encount:[21,34,943],encourag:21,encrypt:[2,3,6,14,15,17,21,23,25,29,30,32,34,36,40,43,46,48,79,95,98,99,100,112,113,114,116,124,125,126,129,130,153,229,280,287,288,294,295,298,299,310,315,325,326,357,359,394,480,481,539,599,671,750,808,809,823,825,826,827,832,833,845,846,883,900,901,902,903,907,911,912,918,919,922,924,931,936,943,948,953],encrypted_challeng:21,encrypted_challenge_ind:[20,918],encrypted_timestamp:21,enctyp:[6,11,14,20,21,23,48,95,97,98,99,101,104,107,111,112,116,118,125,126,192,193,211,224,280,287,310,315,378,411,831,833,846,848,910,914,917,918,922,948],enctype_aes128_cts_hmac_sha1_96:[447,789],enctype_aes128_cts_hmac_sha256_128:789,enctype_aes256_cts_hmac_sha1_96:[448,789],enctype_aes256_cts_hmac_sha384_192:789,enctype_arcfour_hmac:789,enctype_arcfour_hmac_exp:789,enctype_camellia128_cts_cmac:789,enctype_camellia256_cts_cmac:789,enctype_des3_cbc_env:789,enctype_des3_cbc_raw:789,enctype_des3_cbc_sha1:789,enctype_des3_cbc_sha:789,enctype_des_cbc_crc:789,enctype_des_cbc_md4:789,enctype_des_cbc_md5:789,enctype_des_cbc_raw:789,enctype_des_hmac_sha1:789,enctype_dsa_sha1_cm:789,enctype_md5_rsa_cm:789,enctype_nul:[101,229,789],enctype_out:229,enctype_rc2_cbc_env:789,enctype_rsa_env:789,enctype_rsa_es_oaep_env:789,enctype_sha1_rsa_cm:789,enctype_unknown:789,enctypep:392,end:[6,20,21,23,24,30,33,34,39,92,93,164,332,825,833,846,884,906,910,914,915,918,927,946,953],endian:[910,911,912,914,924],endors:919,endpoint:[62,919],endtim:[224,884,910],energi:919,enforc:21,enforce_ok_as_deleg:[21,918],engin:39,enoent:336,enomem:[119,223,231,302,323,325],enough:[3,23,26,99,102,167,287,289,766],ensur:[14,15,17,20,23,24,25,26,34,37,46,171,865,866,925,932,939],enter:[3,5,10,14,23,34,37,325,326,331,361,924,938,939],enterpris:[38,43,345,710,918,942,948],entir:[3,14,20,39,538,910,931],entiti:[43,919],entri:[3,8,9,11,12,14,15,19,20,21,22,23,24,26,32,34,35,37,38,39,40,41,43,46,48,153,173,195,198,200,220,245,309,315,320,322,325,326,331,337,352,359,414,832,850,854,897,900,902,911,912,915,918,930,931,939,943,946],entropi:918,enumer:[14,26],env:[21,37,41,953],envelop:[467,479,480,481],environ:[14,15,20,21,23,24,26,28,30,34,35,37,38,41,43,56,136,268,269,282,386,387,897,900,901,904,917,918],envvar:21,eperm:[928,932],epoch:[48,885],eq:22,equal:[15,24,914,918,946],equip:953,equival:[20,36,166,382,383,918],erang:336,err_fmt:[21,918],erron:41,error:[3,20,21,24,34,37,39,43,48,49,50,56,62,64,65,67,69,72,73,74,76,77,78,79,81,82,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,117,118,119,121,124,125,126,129,130,133,134,135,137,141,142,145,147,148,149,150,151,152,153,154,155,156,157,158,159,161,162,163,164,166,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,231,235,236,238,243,248,260,261,262,264,265,266,267,268,271,272,274,275,276,277,278,279,280,282,287,288,289,290,294,295,296,298,299,300,301,302,303,305,306,308,310,311,314,315,316,317,318,321,322,323,324,325,326,327,328,329,330,331,332,333,335,337,338,339,342,344,345,347,352,354,356,357,358,359,360,361,363,364,374,375,376,377,378,382,383,384,385,389,396,397,398,400,401,402,403,404,405,406,407,408,409,410,414,543,615,617,713,714,836,837,865,901,903,906,918,922,923,928,929,931,932,939,948],error_t:919,es:[21,942],escal:918,escap:715,especi:[15,26,34,38,918],essenti:20,est:[35,898],establish:[37,43,901],et:[903,906,919],etc:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],etyp:[6,229,378,672,918,948],etype_list:[244,840],etype_list_length:[244,840],euid:[21,901,917],evalu:21,even:[14,20,21,23,25,28,34,38,39,43,245,388,896,898,901,918,919,942,946],event:[39,48,918,919,931],eventu:[26,39],everi:[20,21,23,32,34,48,318,897],evid:43,evolut:918,exact:[22,905],exactli:[21,34,153,407,748,749,753,911,946],examin:[21,37,922,931],exampl:[3,5,6,9,14,15,16,20,21,22,23,24,26,28,32,34,35,37,38,39,41,43,56,100,103,288,290,897,898,901,904,905,918,919,923,934,938,939,942,946,953],exce:[896,898],except:[3,19,21,23,37,39,43,329,918,919,924,946],excess:904,exchang:[34,40,48,224,247,279,363,375,437,877,911,931],exclud:[6,17,32,918],exclus:[3,915,919,942,946],exec:[906,945,946],execprefix:906,execut:[3,6,22,34,46,380,905,906,945],exemplari:919,exhaust:32,exist:[0,2,3,5,6,14,15,20,21,22,23,26,28,32,34,35,43,46,48,137,147,155,329,330,359,363,364,375,407,414,897,902,910,918,924,942,944,946],exit:[3,10,11,897,918,939,943,948],exp:[3,20,21,26,37],expand:[21,915,918],expans:[906,918],expdat:3,expect:[14,21,34,41,267,301,342,343,730,908,922,927,939],expected_nonc:882,expens:[20,25,35],experi:[0,14,39,918],experienc:[0,933],experiment:918,expir:[2,3,6,15,19,20,21,23,26,33,37,43,46,48,224,243,260,832,884,897,898,901,910,918,939,942,943,946,953],expiri:[14,245,918],explain:34,explicit:[14,19,21,22,24,28,39,919],explicitli:[3,14,19,23,28,34,44,253,906,918,928,929,930,939],expos:[3,6,14,46,848,942,946],express:[3,21,898,919],extend:[20,21,37,48,420,889,924,953],extendedkeyusag:37,extens:[37,39,247,908,918,924],extent:919,extern:[20,22,43,910],extfil:37,extra:[19,39,40,766,905],extra_address:21,extract:[3,15,19,34,229,900,918],extrem:3,eytab:3,f:[2,4,5,6,7,8,11,14,22,33,34,908,918,939,942,943,946,948],facil:[4,15,20,43,918],facilit:918,factor:[21,911],fail:[2,3,6,14,15,20,21,23,24,35,38,39,43,46,228,260,279,342,354,404,865,904,906,918,924,925,939,941,946],fail_count:6,failov:39,failur:[3,6,14,24,35,46,119,129,130,159,260,298,299,310,407,408,409,918,919,924,933,935],failurecountinterv:[3,35],failuretim:3,fake:[21,46],fall:[39,40,897,918],fallback:[3,20,21,38,40,46,918,925],fallback_realm:925,fals:[14,20,21,23,26,28,33,36,37,38,39,43,52,54,105,109,110,127,128,160,192,245,283,284,285,319,348,349,350,362,388,416,952],famili:[20,186,188,190,191,196,197,250,251,281,351,353,411,933],famou:34,far:37,fashion:[26,29,919,946],fast:[20,21,25,36,37,48,229,544,599,910,918,922,931],fast_avail:910,fast_ccache_nam:247,faster:[25,39,897,904],fatal:154,fd:[363,364,375],fdii:939,feasibl:34,featur:[24,29,368,371,916,919,936],feb:9,februari:896,fee:919,feedback:0,fellow:919,fenc:923,fences_wicker_initvt:923,fermi:919,fetch:[4,5,6,10,11,21,23,71,141,414,918],few:[906,938,953],ff:939,fiat:919,fiction:923,fictiti:939,field:[3,6,20,21,35,36,37,39,44,46,48,153,256,310,330,331,343,352,356,357,359,360,412,749,753,889,910,911,914,915,918,922,923,931,935,939,951],file2:[901,915,953],file:[3,4,5,6,7,9,10,11,12,14,15,16,17,19,22,23,24,28,29,30,31,37,38,39,41,46,48,50,152,262,269,317,321,363,364,375,378,405,755,897,898,899,900,901,903,904,905,906,907,908,916,917,918,919,920,921,922,923,924,925,927,928,929,930,931,932,933,934,935,937,938,939,946,951,952,953],filenam:[2,3,5,6,7,8,15,20,21,28,34,36,37,41,43,387,897,901,918,953],filesystem:[20,23,34,37,915,917],fill:[46,48,50,56,119,121,134,150,152,224,230,231,303,306,311,327,347,357,358,390,391,394,396,397,914,915,923,934],filter:[20,21],find:[12,21,23,38,39,43,48,50,910,915,918,920,938,939,942,946],fine:[39,43],fini:[920,921,922,925,928,929,930,931,932,933],finish:48,fip:918,fire:39,firewal:[29,39,41],firm:919,first:[3,6,9,12,16,19,20,21,22,23,26,28,34,37,38,39,43,44,52,53,93,105,136,228,258,279,300,322,348,349,350,361,362,386,404,763,827,900,901,906,908,910,911,912,914,915,918,919,921,923,924,925,930,932,939,944,946,951,953],fit:[311,919],five:[3,21,34,898,901,929,944],fix:[6,915,918],flag:[2,3,5,6,11,14,19,20,21,22,23,25,26,28,33,35,39,40,43,46,48,55,62,69,74,78,151,153,192,269,279,325,326,327,331,343,352,354,356,359,360,363,364,404,728,729,730,731,735,736,737,738,740,747,748,825,826,827,832,833,840,879,894,897,906,918,922,931,939,941,942,943,945,946],flag_rsa_protocol:942,flagnam:19,flat:897,flavor:3,flexibl:[21,38],flip:14,flush:934,fmt:[346,379,417,418,419,420],fn:386,fnal:919,folder:21,follow:[2,3,6,10,14,15,19,20,21,22,23,24,25,26,28,29,34,35,36,37,38,39,43,62,228,245,248,263,333,344,345,352,359,361,389,408,897,898,900,901,903,904,906,907,910,911,912,914,918,919,923,924,927,934,936,938,939,942,943,945,946,950,951,952,953],foo:[3,6,21,23],foobar:[39,906,952],fool:25,foot:923,for_us:948,forbid:3,forbidden:21,forc:[3,5,8,9,11,14,19,20,21,23,25,26,35,39,40,136],foreground:[4,8],forev:3,forget:[5,34,156],fork:[10,34,946],form:[0,3,15,20,21,24,25,28,29,34,39,43,152,317,325,326,331,373,389,642,876,897,902,911,918,919,942,951,953],format:[0,3,6,19,20,21,36,39,43,48,321,346,405,406,417,419,420,733,738,740,879,889,897,899,900,901,906,908,912,916,918,923,924,946,948,953],former:388,formul:21,forth:21,forward:[3,15,20,21,23,33,34,36,38,43,48,354,531,548,840,918,939,942,943,946,953],found:[7,10,12,20,21,23,34,39,59,60,151,153,154,195,301,315,359,906,915,918,938,939,946,947,953],foundat:919,four:[21,24,35,40,910,911,912,915,924,946],fqdn:29,fraction:25,frame:910,framework:[43,918,919],fred:28,free:[46,47,48,49,65,67,72,76,91,93,111,115,141,143,145,150,153,169,172,173,174,175,177,178,180,181,182,183,194,195,224,227,229,236,261,272,275,280,286,310,315,317,321,322,324,325,326,327,328,329,330,331,332,335,338,339,344,345,354,355,356,357,359,360,363,375,389,401,403,405,406,408,919,921,923,934],free_ind:921,free_list:925,free_modreq:931,free_restrict:928,free_str:[932,934],free_valu:934,freed:[44,57,58,61,78,85,106,136,144,146,198,199,200,201,202,204,207,208,210,211,212,215,216,217,218,219,221,222,228,262,312,334,365,366,368,371,865,866],freeli:919,frequent:[14,33,38,39,885,938],fresh:[0,15,17,20,43,598,913,918,942,946],fri:9,friend:939,friendli:918,friendlier:918,from:[0,2,3,4,5,6,7,8,9,10,11,17,19,20,21,22,23,24,25,28,29,32,34,35,37,38,39,41,43,44,46,48,49,93,99,100,101,102,103,113,119,121,129,148,166,169,180,181,183,195,241,245,250,258,269,287,288,289,290,294,298,322,327,330,342,346,352,356,357,358,359,360,375,376,378,380,382,383,414,420,440,832,845,846,897,900,901,904,905,906,910,911,915,916,918,919,920,921,922,924,926,927,929,934,936,938,939,942,944,946,948,951,953],from_mast:[8,917],front:[20,344],fsanit:906,ftp:[32,34],fubar:[21,953],fulfil:946,full:[4,8,9,14,20,23,39,48,331,657,906,918,927,938,946],fulli:[3,15,19,21,23,29,32,34,35,46,942,953],fullname_out:143,fulvio:42,func:[63,80],fund:919,fundsxpress:919,furnish:919,further:[10,34,901,952],furthermor:[14,245,919],futur:[21,23,26,37,43,156,228,889,918,925],fx:[48,911,918,931],g10:919,g:[3,6,19,21,22,33,34,37,39,46,870,897,902,904,905,906,911,912,934,938,946,953],g_accept_sec_context:919,g_acquire_cr:919,g_canon_nam:919,g_compare_nam:919,g_context_tim:919,g_delete_sec_context:919,g_dsp_name:919,g_dsp_statu:919,g_dup_nam:919,g_exp_sec_context:919,g_export_nam:919,g_glue:919,g_imp_nam:919,g_imp_sec_context:919,g_init_sec_context:919,g_initi:919,g_inquire_context:919,g_inquire_cr:919,g_inquire_nam:919,g_process_context:919,g_rel_buff:919,g_rel_cr:919,g_rel_nam:919,g_rel_oid_set:919,g_seal:919,g_sign:919,g_store_cr:919,g_unseal:919,g_userok:919,g_util:919,g_verifi:919,gain:[14,25,34,928,930,939],gcc:906,gen_sym:946,gener:[2,9,12,14,15,17,19,20,21,23,25,26,32,35,41,43,48,113,125,126,260,283,294,327,330,342,440,523,524,525,526,824,841,856,897,901,903,904,905,906,908,910,918,919,922,926,931,936,939,946,951],generalizedtim:911,generalstr:37,generic_trusted_ca:[20,21],gennadi:946,genrsa:37,german:918,get:[3,12,14,16,19,20,21,32,33,35,38,39,48,59,60,163,236,254,258,275,906,918,922,925,931,938,939,942,946,953],get_cooki:[918,931],get_cr:46,get_princip:23,get_tgt_via_passwd:946,get_valu:934,getaddrinfo:38,getdat:[3,5,6,19],gethostnam:[38,43],getnameinfo:38,getopt:903,getpol:3,getprinc:[3,6,14,26,35,918],getpwuid:3,getrandom:918,getstr:3,getusershel:946,gic_opt:922,give:[6,14,23,28,38,904,910,911,919,932,938,939],given:[2,3,5,6,8,10,14,20,21,23,28,36,38,39,41,43,46,48,49,59,60,124,135,317,329,389,866,906,910,915,918,919,943],gladman:919,glob:[3,6],global:[5,19,20,21,22,141,155,918],glorifi:923,glossolalia:14,glue:903,gmbh:919,gmt:898,gnu:[904,906,918,919],go:[20,24,939,946],goal:46,good:[12,15,23,34,919,938,939,953],googl:919,gotten:939,gov:[21,919],govern:[23,919,944],gpg:905,gpl:919,grace:942,gracefulli:924,grain:43,grammar:[910,914],grant:[3,14,19,20,21,23,26,28,34,35,37,39,43,46,48,224,235,260,264,267,760,897,910,918,919,928,932,937,939,942,946,952],gratitud:919,great:[19,153,267,752],greater:53,greg:953,groff:0,group:[20,21,40,911,919],grow:901,gs2:918,gss:[28,903,910,917,918,924,953],gss_:924,gss_accept_sec_context:[43,918,924],gss_acquire_cr:[43,918],gss_acquire_cred_from:[43,918],gss_acquire_cred_impersonate_nam:43,gss_acquire_cred_with_password:918,gss_add_cr:924,gss_add_cred_from:924,gss_add_cred_impersonate_nam:924,gss_add_cred_with_password:924,gss_add_oid_set_memb:924,gss_buffer_desc:43,gss_buffer_set_t:43,gss_buffer_t:[43,924],gss_c_accept:43,gss_c_both:43,gss_c_buffer_flag_alloc:43,gss_c_buffer_type_data:43,gss_c_buffer_type_head:43,gss_c_buffer_type_mic_token:43,gss_c_buffer_type_pad:43,gss_c_buffer_type_sign_onli:43,gss_c_buffer_type_stream:43,gss_c_buffer_type_trail:43,gss_c_channel_bound_flag:918,gss_c_dce_styl:43,gss_c_deleg_policy_flag:918,gss_c_inq_negoex_kei:924,gss_c_inq_negoex_verify_kei:924,gss_c_ma_negoex_and_spnego:924,gss_c_no_credenti:43,gss_c_no_nam:43,gss_c_nt_anonym:43,gss_c_nt_export_nam:[43,924],gss_c_nt_hostbased_servic:43,gss_c_nt_machine_uid_nam:43,gss_c_nt_string_uid_nam:43,gss_c_nt_user_nam:43,gss_c_null_oid:43,gss_c_qop_default:43,gss_c_sec_context_sasl_ssf:918,gss_const_key_value_set_t:43,gss_create_empty_oid_set:924,gss_cred_id_t:[43,924],gss_cred_usage_t:43,gss_ctx_id_t:[43,924],gss_display_statu:924,gss_error:43,gss_export_cr:43,gss_export_nam:43,gss_get_mic_iov:43,gss_get_mic_iov_length:43,gss_get_name_attribut:43,gss_import_cr:[43,924],gss_import_nam:[43,924],gss_import_sec_context:924,gss_init_sec_context:43,gss_inquire_attrs_for_mech:924,gss_inquire_cr:43,gss_inquire_cred_by_oid:[43,918],gss_inquire_nam:43,gss_inquire_sec_context_by_oid:[918,924],gss_iov:918,gss_iov_buffer_desc:43,gss_iov_buffer_desc_struct:43,gss_iov_buffer_flag_alloc:43,gss_iov_buffer_t:43,gss_iov_buffer_type_data:43,gss_iov_buffer_type_head:43,gss_iov_buffer_type_mic_token:43,gss_iov_buffer_type_pad:43,gss_iov_buffer_type_sign_onli:43,gss_iov_buffer_type_stream:43,gss_iov_buffer_type_trail:43,gss_key_value_element_desc:43,gss_key_value_element_struct:43,gss_key_value_set_desc:43,gss_key_value_set_struct:43,gss_krb5_cred_no_ci_flags_x:918,gss_krb5_get_cred_imperson:[43,918],gss_krb5_nt_enterprise_nam:[43,918],gss_krb5_nt_principal_nam:43,gss_krb5_nt_x509_cert:[43,918],gss_mech_config:[28,917,953],gss_mech_interpos:924,gss_name_t:[43,924],gss_oid:[43,924],gss_oid_set:[43,924],gss_qop_t:43,gss_release_iov_buff:43,gss_s_cred_unavail:43,gss_s_duplicate_el:43,gss_s_unavail:43,gss_store_cr:918,gss_store_cred_into:43,gss_unwrap_aead:43,gss_unwrap_iov:43,gss_verify_mic_iov:43,gss_wrap_aead:43,gss_wrap_iov:43,gss_wrap_iov_length:43,gss_wrapex:918,gssapi:[15,16,20,21,45,896,897,900,901,903,918,919,920,926,945,953],gssapi_err_gener:919,gssapi_ext:[43,924],gssapi_krb5:43,gssapiauthent:28,gssapip_spnego:919,gssapistrictacceptorcheck:38,gssapiv2:43,gssd_pname_to_uid:919,gssi_:924,gssi_import_cred_by_mech:924,gssi_import_name_by_mech:924,gssi_import_sec_context_by_mech:924,gssrpc:919,gssspi_exchange_meta_data:924,gssspi_query_mechanism_info:924,gssspi_query_meta_data:924,guarante:14,guard:901,guess:[21,34,918],guest:[3,21],guid:[15,30,32,926],gz:905,h5l:[21,44],h:[5,6,9,22,43,262,898,906,919,920,921,922,923,924,925,927,928,929,930,931,932,933,934,935,939,943],ha:[0,3,5,6,12,14,15,17,19,20,21,23,24,25,26,27,28,34,35,37,38,39,43,46,78,124,260,263,279,356,360,388,404,739,897,901,904,905,906,910,914,915,918,919,924,928,929,930,933,938,939,943,946,951],had:[6,28,34,37,938,939,952],haddl:85,hand:[14,34],handi:34,handl:[3,6,14,19,36,43,48,71,132,135,137,139,141,142,143,144,145,146,147,149,150,151,152,153,154,155,157,158,159,161,164,223,224,235,246,250,251,265,276,300,302,303,305,308,310,311,312,313,314,316,318,335,336,342,343,359,403,414,918,919,922,924,927,931],handle_error:43,handle_out_of_space_error:43,happen:[3,17,20,34,39,41,939],happi:919,hard:[20,23],hardcod:[897,900,934],harder:918,hardwar:[3,20,34,46,921,931,939,943],harm:901,harvard:919,harwood:953,hash:[6,21,37,901,911,915,918],hat:[692,693,919,953],have:[0,2,3,6,8,12,14,15,17,19,20,21,23,24,25,26,28,32,33,34,35,37,38,39,43,46,101,153,230,274,402,897,901,904,905,908,910,911,914,915,918,919,920,922,923,924,927,928,929,931,933,935,938,939,942,946,950,952,953],have_getusershel:946,haven:[906,953],hdata:230,he:[19,23,938,939,952],head:21,header:[6,21,43,48,535,538,809,906,920,921,922,923,925,927,928,929,930,931,932,933,934,935],headernam:906,heim_org:21,heimdal:[42,43,45,897,918],held:[919,943],hellman:[20,21,942],help:[21,23,37,901,906,918,934,936,939,945,953],helpdesk:14,henc:12,her:[39,939,952],here:[0,15,19,20,21,23,28,35,41,43,46,898,906,923,938,939],hereaft:919,herebi:919,hesiod:[21,906,919],heurist:[21,154,230,920,946,951],hexadecim:[6,918],hh:898,hhmmss:898,hhost:918,hi:[19,23,939,946,952],hidden:[46,352,870],hide:[3,942],hierarch:[4,21,918],hierarchi:23,high:[14,16,24],higher:[43,897,908,918],highest:[3,6,14,21,310,315,414],highli:[905,918],himself:939,hin:905,hint:[3,20,149],hist_kvno:6,histor:[28,33,896],histori:[6,26,906,918],hit:[48,946],hmac:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],hold:[3,43,78,170,187,192,193,397,398,897],holder:919,hole:[32,34,39,914],home:[5,21,28,938,946,950,951,952],honor:[41,939],hook:[48,865,866,918,926],hope:919,hopefulli:35,host01:953,host:[3,4,7,8,12,14,15,16,20,21,23,24,25,26,29,30,31,33,36,37,38,39,43,46,48,194,223,230,329,331,388,389,414,643,645,901,904,906,918,926,931,938,939,942,943,946,950,951,952,953],host_based_servic:[20,39],host_realm:925,hostaccount:28,hostnam:[3,12,15,20,21,23,26,33,34,37,38,41,43,48,329,388,389,906,918,925,948,951,953],hostrealm:[28,918,926],hostrealm_plugin:925,hotp:3,hour:[5,19,20,23,33,898,938,939,946,953],houston:39,how:[14,20,21,23,26,28,32,34,37,39,43,224,416,905,906,916,920,926,933,934,938,942],howev:[3,6,14,17,20,21,23,25,32,33,35,37,39,904,919,939,953],html:[0,22,42,905,908,918],html_subst:908,htmlsrc:908,http:[21,22,25,30,38,39,42,904,905,908,918,919,936],http_anchor:[21,29],hudson:953,human:[169,898,918],hundr:24,hw:918,hwauth:20,hxx:919,i:[2,19,34,38,793,904,906,919,939,942,943,948,953],iakerb:918,icr:43,id:[8,20,21,141,149,155,302,305,316,646,897,938,946,953],idea:38,ideal:[15,23,34,46,904],ident:[3,15,20,22,43,48,361,740,880,881,897,918,922,938,939,942,944],identif:[918,919],identifi:[4,10,21,28,43,166,265,315,317,733,826,832,847,918,919,924,948],idp:692,iec:905,ietf:918,ignor:[3,19,20,21,26,28,43,48,235,260,264,267,269,278,282,342,345,350,359,388,534,708,711,865,901,904,906,910,918,923,951,953],ignore_acceptor_hostnam:[21,38,43],illinoi:42,illumin:953,imap:[38,906,951],immedi:[6,14,21,23,39,918,931],impact:35,impend:46,imperson:918,impl:906,implement:[0,14,20,21,23,24,28,29,36,38,40,43,44,46,51,113,119,151,294,382,383,897,904,906,910,912,914,918,919,920,921,922,923,924,925,927,928,929,931,932,933,934,935,936,939,946,953],impli:[8,919],implicit:20,impos:928,imposs:[23,35],improv:[0,14,20,21,35,918,936],in_authdat:173,in_cr:[224,225,226,321,330,375],in_data:[329,330,375],in_length:[131,413],in_tkt_servic:[235,260,264,267],inaccess:39,inaccur:21,inaddr:172,inadequ:41,inauthdat1:322,inauthdat2:322,inbuf:[356,357,358,359,360],inc:[919,939,953],incc:134,incident:919,includ:[6,9,15,16,19,20,21,23,24,26,32,33,34,37,38,39,43,48,99,104,144,287,311,325,326,330,331,343,344,359,407,685,813,826,833,846,860,896,897,901,903,906,907,908,910,911,914,918,919,922,923,924,928,930,931,934,938,942,946,953],include_pac:860,includedir:[21,906],inclus:919,incom:[20,38,924],incompat:[904,906,927],incomplet:21,inconsist:24,incorpor:[0,20,24,918],incorrect:[35,39,735,736,938,939],incorrectli:939,incr:177,increas:[20,24,40,100,103,288,290,926],increment:[4,8,9,14,19,20,24,31,35,39,48,87,89,325,326,331,915,918,919],indata:178,inde:939,independ:[21,26,138,163,245,307,906],index:[6,22,29,42,369,905,915],indic:[3,6,14,19,20,21,23,26,28,30,36,37,39,41,43,46,154,245,327,728,729,730,731,735,736,737,738,837,897,898,900,901,910,911,912,914,915,918,919,921,922,923,931,939,942,953],indirect:919,individu:[9,20,919,939,953],inetd:[8,12,34,41],infd:62,infer:[91,93,344],influenc:38,info2:918,info:[20,34,229,652,654,663,672,826,832,888,918],inform:[3,4,6,7,9,11,20,22,23,26,28,33,34,38,39,41,43,46,48,169,185,229,250,251,282,325,327,333,342,364,386,387,416,651,653,655,656,658,740,824,825,863,870,875,889,897,905,906,909,910,911,914,918,922,923,926,927,931,934,936,942,953],infrastructur:[21,40,903,904,918],infrequ:918,inherit:[938,946],ini:21,init:[4,10,920,921,922,925,928,929,930,931,932,933],init_cr:46,initi:[3,5,12,14,15,21,22,23,25,26,34,35,38,40,45,48,99,102,115,124,229,269,287,289,336,401,506,877,884,897,900,906,910,918,919,922,923,938,939,942,943,945,946,948,953],initiator_cred_handl:43,inittab:34,initvt:923,inject:25,inop:14,inout:[98,99,100,102,103,114,287,288,289,290,295,329,330,359,361,363,364,375,407],inprinc:182,inptr:[186,190],input:[23,43,48,49,99,100,102,103,107,113,117,119,124,144,194,195,224,287,288,289,290,294,296,352,375,376,403,920,932,935,948],input_assoc_buff:43,input_ccach:942,input_cred_handl:43,input_message_buff:43,input_name_buff:924,input_name_typ:924,input_payload_buff:43,inputlen:104,inquir:[3,19],inquiri:19,ins:32,insecur:[14,32,39,43,230],insensit:[39,350,706,898],insert:[25,825,832],insid:[15,26,195,911,918],insist:946,inspect:[16,380,381,865,866,921,928,930],inspir:918,inst:50,instal:[12,14,15,17,21,28,30,32,39,902,905,908,927,941,945],instanc:[19,21,23,28,33,35,43,49,50,643,644,901,910,918,923,953],instead:[3,4,6,8,14,20,21,23,24,34,37,38,46,239,246,278,309,340,341,342,344,417,419,866,906,918,919,924,931,941,943,946,952],institut:[909,919,953],instruct:[22,23,34,37,43,906,936],insuffici:[223,231,302,323,325,906],int16_t:843,int32_t:844,int_max:787,integ:[3,20,21,23,36,37,896,910,911,914,924],integr:[26,33,43,46,326,331,356,360,903,905,917,918,919,939],intel:919,intend:[3,10,23,41,43,46,352,946],interact:[2,3,21,23,39,368,906],intercept:[28,924],interest:[21,35,901,907],interfac:[3,11,14,19,20,23,28,34,46,897,901,903,906,918,923,926],interface_modname_initvt:923,interface_module_initvt:923,interface_plugin:923,interfer:904,intermedi:[20,21,23,43,224,910,911,918,939],intern:[24,36,41,107,731,847,920,921,922,926,928,929,930,931,933,935,953],internet:38,interoper:[37,382,383,897,924],interpos:[28,926],interpret:[3,36,43,46,152,245,924,942,946,948],interprocess_token:924,interrupt:[14,260,919],intersect:26,interv:[3,8,23,34,35,896,898],interven:23,intervent:[14,26],introduc:[3,20,21,921,925,929,930,932],intrud:939,invalid:[14,21,23,50,136,139,156,260,301,315,336,939,942,943],invers:914,investig:906,invis:25,invoc:[6,41,43],invok:[4,8,9,11,12,21,23,24,46,80,136,245,386,924,931,932,933,942,944,946],involv:[21,931],iov:[48,100,103,288,290,827,918],iov_count:43,ip:[15,20,39,918],iprop:[4,8,20,918,919],iprop_en:[4,8,20,23],iprop_hdr:919,iprop_listen:20,iprop_logfil:[20,23],iprop_master_ulogs:[20,23],iprop_port:[20,23],iprop_replica_pol:[8,20,23],iprop_resync_timeout:[20,23],iprop_slave_pol:20,iprop_ulogs:20,ipropd_svc:919,ipv4:38,ipv6:[21,38,918],iran:919,is_last_req:[245,838],is_skei:[153,749,826,910],isi:946,isn:[20,23,333,901,904,919],iso:905,isol:39,issu:[2,3,14,20,21,23,26,29,32,35,36,37,39,43,46,320,412,884,906,918,922,931,939,942],issuanc:3,issue_pac:918,issuer:[21,37,320,412],issueraltnam:37,item:[253,731,923,931],iter:[3,20,23,24,48,164,359,817,920,934],iterator_cr:934,iterator_fre:934,its:[3,4,8,10,14,15,17,20,21,23,24,26,28,29,32,33,34,35,37,38,39,40,41,43,46,48,87,89,92,107,117,203,209,228,269,296,301,356,359,360,381,412,898,909,910,918,919,920,921,922,923,924,931,935,941,942,943,951],itself:[3,4,8,10,14,15,20,21,28,43,46,198,199,200,201,202,203,206,207,208,209,212,215,216,221,334,736,826,897,900,902,924,931,939],ivec:[186,190],jan:23,januari:[896,898],jellinghau:919,jennif:[3,938,939,953],jeremi:919,jimi:12,job:[8,17,34,39],joeadmin:[19,23,32,952],joeuser:953,johndo:21,jqpublic:946,json:[3,36,46,368,371,738,740,910],jul:898,juli:898,just:[6,14,15,20,21,33,34,43,326,641,897,904,907,922,939,946,952],k1:107,k2:107,k5:[20,34,917,919],k5_gic_opt:[235,260],k5_random_kei:[115,124],k5_vic_opt:[415,416],k5ident:[21,28,937,950],k5login:[21,28,937,938,946,950],k5login_authorit:[21,28,952],k5login_directori:[21,28],k5srvutil:[1,14,26,900],k5user:946,k5wiki:[904,918,936],k:[2,3,4,5,6,10,11,14,15,20,23,26,34,101,119,900,911,918,942,943,946,948],kadm5:[3,4,6,18,20,21,23,24,34,903,917,918,919,926,928],kadm5_auth:[19,918,926],kadm5_auth_modinfo:928,kadm5_auth_plugin:928,kadm5_auth_restrict:928,kadm5_hook:[918,926],kadm5_hook_modinfo:929,kadm5_hook_plugin:929,kadm5_pass_q_:935,kadm:945,kadmin:[1,2,4,5,6,8,10,11,12,14,15,16,19,20,21,22,23,24,25,26,32,34,35,37,39,40,166,245,300,301,382,897,898,900,903,918,919,926,929,944,945,953],kadmind:[1,3,5,9,19,20,21,22,23,24,26,28,34,39,902,918,926,944,953],kadmind_listen:20,kadmind_port:[4,20,34],kaduk:14,kbd5_util:23,kbuild:903,kc:0,kcm:[21,321,405,897,918,919,953],kcm_mach_servic:21,kcm_socket:21,kd:20,kdb5_err:919,kdb5_ldap_util:[1,3,4,10,20,22,23,24],kdb5_util:[1,4,7,8,10,11,14,20,22,23,24,26,34,898,903,917,918,953],kdb5_util_path:4,kdb5_util_prog:8,kdb:[4,22,23,24,35,903,918,919,926,930,942,945],kdb_convert:919,kdb_log:919,kdc1:39,kdc2:39,kdc:[3,4,5,6,8,9,10,11,15,16,17,18,19,21,22,23,24,25,26,29,31,32,33,36,40,43,46,48,101,107,119,166,224,230,235,241,245,247,258,260,269,300,301,333,342,343,414,544,546,563,657,659,738,832,845,846,865,866,884,897,900,902,903,906,907,910,912,913,918,921,922,925,926,927,933,935,939,942,948,953],kdc_cert:37,kdc_default_opt:21,kdc_err_more_preauth_data_requir:918,kdc_listen:[20,34],kdc_max_dgram_reply_s:20,kdc_opt_allow_postd:789,kdc_opt_canonic:789,kdc_opt_cname_in_addl_tkt:789,kdc_opt_disable_transited_check:789,kdc_opt_enc_tkt_in_skei:789,kdc_opt_forward:789,kdc_opt_postd:789,kdc_opt_proxi:789,kdc_opt_renew:789,kdc_opt_renewable_ok:[21,789],kdc_opt_request_anonym:789,kdc_opt_valid:789,kdc_option:846,kdc_port:20,kdc_princ_nam:37,kdc_princip:37,kdc_principal_seq:37,kdc_tcp_listen:[20,34,37],kdc_tcp_listen_backlog:20,kdc_tcp_port:20,kdc_timesync:21,kdc_tkt_common_mask:789,kdcdefault:[10,34,37,40],kdcissu:48,kdckei:37,kdclist:34,kdcpolici:[918,926],kdcpolicy_plugin:930,kdcpreauth:[918,926],kdcpreauth_mymech_initvt:923,kdcpreauth_plugin:931,kdcproxi:29,kdestroi:[33,897,918,937,940,942,943,947,948,953],keep:[3,9,15,23,35,901,904,905,938],keepkvno:3,keepold:[3,14,23,918],kei:[2,3,5,6,9,10,11,12,15,16,19,20,21,25,28,32,34,36,37,38,40,41,43,46,48,73,77,87,89,100,103,105,106,108,113,114,117,119,129,130,141,153,155,181,216,224,229,234,258,276,277,280,292,293,300,301,307,308,313,320,325,330,342,343,351,354,359,363,364,412,414,439,440,671,740,750,756,813,825,826,832,833,834,847,848,850,900,901,902,903,906,907,910,911,912,917,918,922,924,931,939,942,943,948,953],kept:[3,17,20,23,32],kerb_ap_options_cbt:918,kerber:[14,33,34,946],kerbero:[2,3,4,5,6,7,8,9,10,11,12,14,18,19,20,21,24,25,26,27,28,30,31,32,33,36,37,38,42,43,45,46,47,48,56,62,64,65,67,69,72,73,74,76,77,78,79,81,82,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,117,118,121,124,125,126,129,130,133,134,135,141,142,145,147,148,149,150,151,152,153,155,156,157,158,159,161,162,163,164,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,235,236,238,248,260,261,262,264,265,266,267,268,271,272,273,274,275,276,277,278,279,280,282,287,288,289,290,294,295,296,298,299,300,301,302,303,305,306,308,310,311,314,315,316,317,318,321,322,323,324,325,326,327,328,329,330,331,332,333,335,337,338,339,342,344,345,347,352,354,355,356,357,358,359,360,361,363,364,374,375,376,377,378,382,383,384,385,389,396,397,398,400,401,402,403,404,405,406,407,408,409,410,414,897,898,901,902,903,904,906,907,909,910,926,929,932,934,936,937,938,941,942,943,944,945,946,947,948,949,950,951,952],kerberos_db:8,kerboro:18,kern:20,kernel:[897,903,918],key_data:[286,293],key_exp:832,key_stash_fil:[6,20,34],keyagr:37,keyblock:[48,70,75,90,101,107,115,117,215,216,224,280,281,331,353,359,393,826,910],keyboard:[4,6,10,48],keybyt:112,keydata:6,keyencipher:[21,37],keyexchang:107,keyfil:[6,20,22],keyfilenam:21,keyid:37,keyindex:6,keyinfo:[6,26],keylength:112,keylist:[11,15],keyprocarg:315,keyr:[897,906,918,953],keysalt:[2,3,917],keyspac:14,keytab:[2,3,7,8,11,12,14,17,21,23,26,28,31,41,43,46,48,304,310,311,312,314,317,318,359,363,364,416,897,899,901,902,906,907,910,913,917,918,942,943,945,946,948,953],keytab_fil:[8,942],keytab_nam:943,keytab_out:303,keytabl:850,keytabnam:906,keytyp:10,keyusag:37,keyutil:906,keyword:[21,898],kfw:918,kgetcr:918,kile:684,kill:34,kind:[38,43,105,897,919,922,924,931],kinit:[3,12,15,16,21,22,28,29,33,34,35,37,41,46,897,898,918,922,937,940,941,943,946,947,948,949,953],kiprop:[4,8,23],kkdcp:[29,39,918,919],klau:919,kldap:[20,22],klein:919,klist:[14,15,33,897,900,937,940,941,942,946,947,953],klmdb:20,know:[21,33,35,37,901,906,924,939],knowledg:[0,14,17,414,922,931],known:[6,20,23,26,38,43,46,48,152,231,317,647,648,907,918,951],korea:919,kp:[20,21],kpasswd:[3,4,14,15,20,21,23,29,33,918,937,938,940,953],kpasswd_listen:20,kpasswd_port:20,kpasswd_serv:[21,29,39],kpclientauth:20,kpkdc:21,kprop:[1,4,6,8,15,23,24,34,35,903,917,918,919,953],kprop_path:4,kprop_port:[4,917,953],kpropd:[1,4,7,9,23,34,41,903,917,918],kpropd_rpc:919,kproplog:[1,8,919],kpserverauth:[21,37],krb4:918,krb524:21,krb524_convert_creds_kdc:789,krb524_init_et:789,krb524_krb4_disabl:51,krb5:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,22,23,24,25,26,27,28,29,30,31,32,33,35,36,37,38,39,40,41,42,43,44,45,46,47,49,50,51,52,53,54,55,56,57,58,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,206,207,208,209,210,211,212,213,214,215,216,217,218,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,270,271,272,273,274,275,276,277,278,279,280,281,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,790,791,792,793,794,795,796,797,798,799,800,801,802,803,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,946,947,948,949,950,951,952,953],krb5_425_conv_princip:48,krb5_524_conv_princip:48,krb5_524_convert_cr:[48,790],krb5_address:[52,53,54,64,82,84,172,198,232,233,234,240,332,804,824,825,826,832,833,840,846],krb5_address_compar:48,krb5_address_ord:48,krb5_address_search:48,krb5_addrtyp:[804,805],krb5_allow_weak_crypto:48,krb5_altauth_att_challenge_respons:789,krb5_aname_to_localnam:[48,918,932],krb5_anonymous_princip:48,krb5_anonymous_princstr:[57,789],krb5_anonymous_realm:48,krb5_anonymous_realmstr:[58,789],krb5_ap_rep:[789,804],krb5_ap_rep_enc_part:[48,357,375,804],krb5_ap_req:[789,804],krb5_appdefault_boolean:[48,60],krb5_appdefault_str:[48,59],krb5_as_rep:[789,845],krb5_as_req:[789,846],krb5_auth_con_fre:[48,78],krb5_auth_con_genaddr:[48,82,84],krb5_auth_con_get_checksum_func:48,krb5_auth_con_getaddr:[44,48],krb5_auth_con_getauthent:48,krb5_auth_con_getflag:48,krb5_auth_con_getkei:48,krb5_auth_con_getkey_k:48,krb5_auth_con_getlocalseqnumb:48,krb5_auth_con_getlocalsubkei:48,krb5_auth_con_getrcach:48,krb5_auth_con_getrecvsubkei:[48,75],krb5_auth_con_getrecvsubkey_k:48,krb5_auth_con_getremoteseqnumb:48,krb5_auth_con_getremotesubkei:48,krb5_auth_con_getsendsubkei:[48,70],krb5_auth_con_getsendsubkey_k:48,krb5_auth_con_init:[48,61],krb5_auth_con_initivector:48,krb5_auth_con_set_checksum_func:48,krb5_auth_con_set_req_cksumtyp:48,krb5_auth_con_setaddr:[44,48],krb5_auth_con_setflag:[48,78],krb5_auth_con_setport:[44,48],krb5_auth_con_setrcach:48,krb5_auth_con_setrecvsubkei:[44,48],krb5_auth_con_setrecvsubkey_k:48,krb5_auth_con_setsendsubkei:[44,48],krb5_auth_con_setsendsubkey_k:48,krb5_auth_con_setuseruserkei:[48,359],krb5_auth_context:[48,62,63,64,65,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,84,85,86,87,88,89,90,223,323,325,326,327,328,329,330,331,354,356,357,358,359,360,363,364,375,804,856],krb5_auth_context_do_sequ:[66,69,74,83,325,326,327,331,356,360,789],krb5_auth_context_do_tim:[66,78,83,325,326,331,356,360,789],krb5_auth_context_generate_local_addr:[62,789],krb5_auth_context_generate_local_full_addr:[62,789],krb5_auth_context_generate_remote_addr:[62,789],krb5_auth_context_generate_remote_full_addr:[62,789],krb5_auth_context_permit_al:789,krb5_auth_context_ret_sequ:[66,83,325,326,327,331,354,356,360,789],krb5_auth_context_ret_tim:[66,83,325,326,331,354,356,360,789],krb5_auth_context_use_subkei:789,krb5_authdata:[173,184,189,195,200,320,322,412,804,813,826,833,846],krb5_authdata_and_or:789,krb5_authdata_ap_opt:789,krb5_authdata_auth_ind:789,krb5_authdata_cammac:789,krb5_authdata_etype_negoti:789,krb5_authdata_fx_armor:789,krb5_authdata_if_relev:789,krb5_authdata_initial_verified_ca:789,krb5_authdata_kdc_issu:789,krb5_authdata_mandatory_for_kdc:789,krb5_authdata_osf_dc:789,krb5_authdata_sesam:789,krb5_authdata_signticket:789,krb5_authdata_win2k_pac:789,krb5_authdatatyp:[184,189,195,804,811],krb5_authent:[48,65,804,886],krb5_bad_enctyp:[116,286],krb5_boolean:[52,54,55,105,109,110,127,128,129,130,160,192,253,283,284,285,298,299,300,319,341,343,348,349,350,362,388,804,826,838,860],krb5_build_princip:[46,47,48,92],krb5_build_principal_alloc_va:[47,48,91,94],krb5_build_principal_ext:[47,48],krb5_build_principal_va:48,krb5_c_:[186,188,190,191,196,197,281,351,353,411],krb5_c_block_siz:48,krb5_c_checksum_length:[48,168],krb5_c_crypto_length:48,krb5_c_crypto_length_iov:48,krb5_c_decrypt:[48,287],krb5_c_decrypt_iov:[48,103,288],krb5_c_derive_prfplu:[48,918],krb5_c_encrypt:48,krb5_c_encrypt_iov:[48,290],krb5_c_encrypt_length:[48,102,289],krb5_c_enctype_compar:48,krb5_c_free_stat:48,krb5_c_fx_cf2_simpl:48,krb5_c_init_st:48,krb5_c_is_coll_proof_cksum:48,krb5_c_is_keyed_cksum:48,krb5_c_keyed_checksum_typ:48,krb5_c_keylength:[48,124],krb5_c_make_checksum:[48,131,294],krb5_c_make_checksum_iov:[48,130,295],krb5_c_make_random_kei:48,krb5_c_padding_length:48,krb5_c_prf:[48,119,296],krb5_c_prf_length:[48,117],krb5_c_prfplu:[48,918],krb5_c_random_add_entropi:48,krb5_c_random_make_octet:48,krb5_c_random_os_entropi:48,krb5_c_random_se:48,krb5_c_random_to_kei:48,krb5_c_string_to_kei:[48,126,393],krb5_c_string_to_key_with_param:48,krb5_c_valid_cksumtyp:48,krb5_c_valid_enctyp:48,krb5_c_verify_checksum:[48,113,294,298,413],krb5_c_verify_checksum_iov:[48,114,299],krb5_calculate_checksum:48,krb5_cc_badnam:223,krb5_cc_cache_match:48,krb5_cc_close:[48,132,154,164],krb5_cc_copy_cr:48,krb5_cc_cursor:[139,150,158,804],krb5_cc_default:48,krb5_cc_default_nam:[48,135,156],krb5_cc_destroi:48,krb5_cc_dup:48,krb5_cc_end_seq_get:[48,158],krb5_cc_gen_new:48,krb5_cc_get_config:48,krb5_cc_get_flag:48,krb5_cc_get_full_nam:48,krb5_cc_get_nam:48,krb5_cc_get_princip:[47,48],krb5_cc_get_typ:48,krb5_cc_initi:[48,145],krb5_cc_move:48,krb5_cc_new_uniqu:48,krb5_cc_next_cr:[48,139,158],krb5_cc_nosupp:151,krb5_cc_notfound:[132,154,165],krb5_cc_remove_cr:[48,918],krb5_cc_resolv:[48,144],krb5_cc_retrieve_cr:[48,151],krb5_cc_select:48,krb5_cc_set_config:[44,48,283],krb5_cc_set_default_nam:[48,136],krb5_cc_set_flag:48,krb5_cc_start_seq_get:[48,139,150],krb5_cc_store_cr:48,krb5_cc_support_switch:48,krb5_cc_switch:48,krb5_ccach:[132,133,134,135,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,157,158,159,161,164,223,224,225,226,232,233,234,246,250,251,264,267,329,375,383,403,414,804],krb5_ccache_conf_data:910,krb5_cccol:920,krb5_cccol_cursor:[162,163,164,804],krb5_cccol_cursor_fre:[48,163,164],krb5_cccol_cursor_new:[48,162,164],krb5_cccol_cursor_next:[48,162,163],krb5_cccol_have_cont:48,krb5_cccol_last_change_tim:44,krb5_ccselect_moddata:920,krb5_ccselect_vt:923,krb5_certauth_hwauth:921,krb5_certauth_hwauth_pass:921,krb5_change_password:[48,169],krb5_check_clockskew:48,krb5_checksum:[48,113,129,131,294,298,413,804,813,861],krb5_checksum_s:48,krb5_chpw_fail:260,krb5_chpw_messag:48,krb5_chpw_pwdnull:260,krb5_cksumtyp:[81,96,109,110,111,113,114,127,130,131,168,170,204,294,295,299,390,413,804,818],krb5_cksumtype_to_str:48,krb5_clear_error_messag:48,krb5_client_ktnam:[15,900,917,953],krb5_clpreauth_moddata:922,krb5_clpreauth_modreq:922,krb5_config:[21,34,917,918,953],krb5_config_cantopen:50,krb5_config_notenufspac:[56,306],krb5_const:789,krb5_const_point:[131,186,190,413,804],krb5_const_princip:[50,56,57,141,155,182,283,300,301,310,320,340,341,342,343,347,348,349,350,359,362,388,406,407,408,409,804],krb5_context:[46,48,49,50,51,52,53,54,55,56,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,171,172,173,174,175,177,178,179,180,181,182,183,184,186,188,189,190,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,245,246,247,248,250,251,252,253,257,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,375,376,377,379,380,381,382,383,384,386,387,388,389,393,396,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,417,418,419,420,804,838,856,865,866,872,877,888,918,923],krb5_copy_address:48,krb5_copy_authdata:48,krb5_copy_authent:48,krb5_copy_checksum:48,krb5_copy_context:48,krb5_copy_cr:48,krb5_copy_data:[48,865,866],krb5_copy_error_messag:48,krb5_copy_keyblock:48,krb5_copy_keyblock_cont:48,krb5_copy_princip:[47,48],krb5_copy_ticket:48,krb5_cred:[46,48,51,150,151,153,159,166,220,224,225,226,232,233,234,235,260,264,267,272,323,325,330,354,375,382,401,403,414,789,804],krb5_cred_enc_part:[804,823],krb5_cred_info:[804,824],krb5_crypto_iov:[98,100,103,114,130,288,290,295,299,804],krb5_crypto_typ:[97,827],krb5_crypto_type_checksum:[114,130,295,299,789],krb5_crypto_type_data:[114,130,295,299,789],krb5_crypto_type_empti:789,krb5_crypto_type_head:789,krb5_crypto_type_pad:789,krb5_crypto_type_sign_onli:[98,114,130,295,299,789],krb5_crypto_type_stream:789,krb5_crypto_type_trail:789,krb5_cryptotyp:[97,804,827],krb5_cybersafe_secureid:789,krb5_data:[48,58,59,60,99,100,101,102,103,106,108,113,117,119,120,121,123,124,125,126,129,141,155,166,169,185,223,229,230,258,265,279,284,287,288,289,290,294,296,298,321,323,324,325,326,327,328,329,330,331,333,335,340,341,347,354,355,356,357,358,359,360,364,375,382,383,393,404,405,804,821,826,827,831,836,840,856,861,865,866,868,869,870,882,890,895],krb5_db_entri:921,krb5_decode_authdata_contain:[48,189],krb5_decode_ticket:48,krb5_decrypt:48,krb5_deltat:[187,235,256,259,260,275,391,804,840],krb5_deltat_badformat:391,krb5_deltat_to_str:48,krb5_domain_x500_compress:789,krb5_eblock_enctyp:48,krb5_enc_data:[99,102,287,289,804,807,809,823,845,846,883],krb5_enc_kdc_rep_part:[804,845],krb5_enc_tkt_part:[300,301,804,883],krb5_encode_authdata_contain:[48,184],krb5_encpadata_req_enc_pa_rep:789,krb5_encrypt:48,krb5_encrypt_block:[186,188,190,196,197,281,351,353,393,411,804],krb5_encrypt_s:48,krb5_enctyp:[95,97,98,101,104,105,111,112,115,116,118,124,125,126,128,188,191,192,193,211,229,232,233,234,244,261,280,292,310,315,378,392,411,804,831,834,840,846,848],krb5_enctype_to_nam:48,krb5_enctype_to_str:48,krb5_end_seq_get:150,krb5_error:[212,273,324,355,375,789,804],krb5_error_cod:[46,49,50,55,56,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,129,130,131,132,133,134,135,137,138,139,140,141,142,143,145,147,148,149,150,151,152,153,154,155,156,157,158,159,161,162,163,164,165,166,167,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,186,187,189,190,192,193,194,195,196,197,214,217,223,224,225,226,227,228,229,230,231,232,233,234,235,236,238,245,246,247,248,250,251,252,253,257,260,261,262,264,265,266,267,268,269,271,272,273,274,275,276,277,278,279,280,281,282,286,287,288,289,290,293,294,295,296,298,299,300,301,302,303,304,305,306,307,308,309,310,311,313,314,315,316,317,318,320,321,322,323,324,325,326,327,328,329,330,331,332,333,335,336,337,338,339,340,341,342,343,344,345,346,347,351,352,353,354,355,356,357,358,359,360,361,363,364,368,369,371,372,373,374,375,376,377,378,379,382,383,384,385,386,387,389,390,391,392,393,394,395,396,397,398,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,417,418,419,420,804,855,856,865,866,872,877,923],krb5_euid:901,krb5_expand_hostnam:48,krb5_expire_callback_func:[245,804],krb5_fast_requir:[248,789],krb5_fcc_intern:135,krb5_fences_vt:923,krb5_fences_vtable_v2:923,krb5_find_authdata:48,krb5_finish_kei:48,krb5_finish_random_kei:48,krb5_flag:[142,151,153,157,224,225,226,232,233,234,238,248,269,329,330,359,375,403,804,809,825,826,832,833,840,846,879,886,894],krb5_free_address:[48,172,332],krb5_free_ap_rep_enc_part:[48,357,375],krb5_free_authdata:[48,173,195,322],krb5_free_authent:[48,65,174],krb5_free_checksum:[48,175],krb5_free_checksum_cont:[48,113,294],krb5_free_cksumtyp:[48,111],krb5_free_context:[48,136,176,268,282],krb5_free_cr:[48,177,224,375,405],krb5_free_cred_cont:[46,48,150,153,272,401],krb5_free_data:[48,178,321],krb5_free_data_cont:[48,141,229,324,325,326,327,328,329,330,331,335,356,360],krb5_free_default_realm:[48,227],krb5_free_enctyp:[48,261],krb5_free_error:[48,355,375],krb5_free_error_messag:[48,228],krb5_free_host_realm:[48,230,231],krb5_free_keyblock:[48,67,72,76,180,280,315],krb5_free_keyblock_cont:[48,115,125,126,181],krb5_free_keytab_entry_cont:[48,309,310],krb5_free_princip:[46,47,48,49,91,92,93,145,154,182,344,345,389],krb5_free_str:[48,143,169,194],krb5_free_tgt_cr:[48,354],krb5_free_ticket:[48,183,359,363],krb5_free_unparsed_nam:[48,406,408],krb5_fwd_tgt_cred:48,krb5_gc:403,krb5_gc_cach:[224,789],krb5_gc_canonic:789,krb5_gc_constrained_deleg:789,krb5_gc_forward:789,krb5_gc_no_stor:789,krb5_gc_no_transit_check:789,krb5_gc_user_us:[224,789],krb5_generate_seq_numb:327,krb5_get_credenti:[48,375,380,381,403],krb5_get_credentials_renew:48,krb5_get_credentials_valid:48,krb5_get_default_realm:48,krb5_get_error_messag:[48,837],krb5_get_etype_info:[48,918],krb5_get_fallback_host_realm:48,krb5_get_host_realm:[48,389],krb5_get_in_tkt_with_keytab:48,krb5_get_in_tkt_with_password:48,krb5_get_in_tkt_with_skei:48,krb5_get_init_cr:[234,250,251],krb5_get_init_creds_keytab:[48,232],krb5_get_init_creds_opt:[46,229,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,275,804],krb5_get_init_creds_opt_address_list:789,krb5_get_init_creds_opt_alloc:[46,48,237,239],krb5_get_init_creds_opt_anonym:789,krb5_get_init_creds_opt_canonic:789,krb5_get_init_creds_opt_chg_pwd_prmpt:789,krb5_get_init_creds_opt_etype_list:789,krb5_get_init_creds_opt_forward:789,krb5_get_init_creds_opt_fre:[46,48,236],krb5_get_init_creds_opt_get_fast_flag:48,krb5_get_init_creds_opt_init:48,krb5_get_init_creds_opt_preauth_list:789,krb5_get_init_creds_opt_proxi:789,krb5_get_init_creds_opt_renew_lif:789,krb5_get_init_creds_opt_salt:789,krb5_get_init_creds_opt_set_address_list:48,krb5_get_init_creds_opt_set_anonym:[46,48],krb5_get_init_creds_opt_set_canonic:48,krb5_get_init_creds_opt_set_change_password_prompt:48,krb5_get_init_creds_opt_set_etype_list:[48,229],krb5_get_init_creds_opt_set_expire_callback:48,krb5_get_init_creds_opt_set_fast_ccach:48,krb5_get_init_creds_opt_set_fast_ccache_nam:[48,229,246],krb5_get_init_creds_opt_set_fast_flag:[48,247],krb5_get_init_creds_opt_set_forward:48,krb5_get_init_creds_opt_set_in_ccach:48,krb5_get_init_creds_opt_set_out_ccach:48,krb5_get_init_creds_opt_set_pa:[48,254],krb5_get_init_creds_opt_set_pac_request:48,krb5_get_init_creds_opt_set_preauth_list:48,krb5_get_init_creds_opt_set_proxi:48,krb5_get_init_creds_opt_set_renew_lif:48,krb5_get_init_creds_opt_set_respond:[46,48],krb5_get_init_creds_opt_set_salt:[48,254],krb5_get_init_creds_opt_set_tkt_lif:[46,48],krb5_get_init_creds_opt_tkt_lif:789,krb5_get_init_creds_password:[46,48,233,243,245,352,918],krb5_get_permitted_enctyp:48,krb5_get_profil:48,krb5_get_prompt_typ:[46,48],krb5_get_renewed_cr:[48,225],krb5_get_server_rcach:48,krb5_get_time_offset:48,krb5_get_validated_cr:[48,226],krb5_gic_opt_pa_data:804,krb5_init_context:[48,205],krb5_init_context_kdc:[269,789],krb5_init_context_profil:48,krb5_init_context_secur:[269,789],krb5_init_creds_context:[270,271,272,273,274,275,276,277,278,279,804],krb5_init_creds_fre:[48,275],krb5_init_creds_get:[48,272,274,275],krb5_init_creds_get_cr:[48,271],krb5_init_creds_get_error:48,krb5_init_creds_get_tim:48,krb5_init_creds_init:[48,270,271,279,352],krb5_init_creds_set_keytab:48,krb5_init_creds_set_password:48,krb5_init_creds_set_servic:48,krb5_init_creds_step:[48,272,274,275,918],krb5_init_creds_step_flag_continu:[279,789],krb5_init_keyblock:48,krb5_init_random_kei:48,krb5_init_secure_context:[48,205,268,918],krb5_int16:804,krb5_int16_max:[567,789],krb5_int16_min:789,krb5_int32:[66,69,74,83,266,363,364,374,385,389,394,410,804,806,808,812,813,819,821,824,828,830,832,835,836,837,839,846,851,854,867,868,869,871,875,879,881,882,885,891],krb5_int32_max:[569,789],krb5_int32_min:789,krb5_invalid_princip:50,krb5_is_config_princip:[47,48],krb5_is_referral_realm:48,krb5_is_thread_saf:48,krb5_k:847,krb5_k_create_kei:48,krb5_k_decrypt:48,krb5_k_decrypt_iov:[48,290],krb5_k_encrypt:48,krb5_k_encrypt_iov:[48,288],krb5_k_free_kei:[48,68,73,77,286],krb5_k_key_enctyp:48,krb5_k_key_keyblock:48,krb5_k_make_checksum:[48,113],krb5_k_make_checksum_iov:[48,114,299],krb5_k_prf:48,krb5_k_reference_kei:48,krb5_k_verify_checksum:[48,129],krb5_k_verify_checksum_iov:[48,130,295],krb5_kdc_profil:[10,20,34,917,918,953],krb5_kdc_rep:[232,233,234,804],krb5_kdc_req:804,krb5_kdc_sign_ticket:[48,340,341],krb5_kdc_unreach:260,krb5_kdc_verify_ticket:48,krb5_kdcpolicy_moddata:930,krb5_kdcpreauth_moddata:931,krb5_kdcpreauth_modreq:931,krb5_kdcrep_modifi:267,krb5_kdcrep_skew:267,krb5_kei:[48,68,73,77,87,89,287,288,289,290,291,294,295,296,297,298,299,804],krb5_key_st:847,krb5_keyblock:[48,67,70,72,75,76,86,88,90,99,100,101,102,103,106,107,108,113,114,115,117,119,124,125,126,129,130,180,181,234,281,286,293,300,301,315,320,340,341,342,343,351,353,393,412,804,808,813,825,826,832,833,834,850],krb5_keytab:[232,235,276,302,303,304,305,307,308,310,311,312,313,314,316,317,318,359,363,364,376,414,804],krb5_keytab_entri:[217,302,309,310,314,316,804],krb5_keytab_entry_st:850,krb5_keyusag:[99,100,102,103,108,113,114,129,130,287,288,289,290,294,295,298,299,804],krb5_keyusage_ad_it:789,krb5_keyusage_ad_kdcissued_cksum:789,krb5_keyusage_ad_mt:789,krb5_keyusage_ad_signedpath:789,krb5_keyusage_ap_rep_encpart:789,krb5_keyusage_ap_req_auth:789,krb5_keyusage_ap_req_auth_cksum:789,krb5_keyusage_app_data_cksum:789,krb5_keyusage_app_data_encrypt:789,krb5_keyusage_as_rep_encpart:789,krb5_keyusage_as_req:789,krb5_keyusage_as_req_pa_enc_t:789,krb5_keyusage_cammac:789,krb5_keyusage_enc_challenge_cli:789,krb5_keyusage_enc_challenge_kdc:789,krb5_keyusage_fast_enc:789,krb5_keyusage_fast_finish:789,krb5_keyusage_fast_rep:789,krb5_keyusage_fast_req_chksum:789,krb5_keyusage_gss_tok_m:789,krb5_keyusage_gss_tok_wrap_integ:789,krb5_keyusage_gss_tok_wrap_priv:789,krb5_keyusage_iakerb_finish:789,krb5_keyusage_kdc_rep_ticket:789,krb5_keyusage_krb_cred_encpart:789,krb5_keyusage_krb_error_cksum:789,krb5_keyusage_krb_priv_encpart:789,krb5_keyusage_krb_safe_cksum:789,krb5_keyusage_pa_as_fresh:789,krb5_keyusage_pa_fx_cooki:789,krb5_keyusage_pa_otp_request:789,krb5_keyusage_pa_pkinit_kx:789,krb5_keyusage_pa_s4u_x509_user_repli:789,krb5_keyusage_pa_s4u_x509_user_request:789,krb5_keyusage_pa_sam_challenge_cksum:789,krb5_keyusage_pa_sam_challenge_trackid:789,krb5_keyusage_pa_sam_respons:789,krb5_keyusage_spak:789,krb5_keyusage_tgs_rep_encpart_sesskei:789,krb5_keyusage_tgs_rep_encpart_subkei:789,krb5_keyusage_tgs_req_ad_sesskei:789,krb5_keyusage_tgs_req_ad_subkei:789,krb5_keyusage_tgs_req_auth:789,krb5_keyusage_tgs_req_auth_cksum:789,krb5_kpasswd_accessdeni:789,krb5_kpasswd_autherror:[166,789],krb5_kpasswd_bad_vers:789,krb5_kpasswd_harderror:[166,789],krb5_kpasswd_initial_flag_need:789,krb5_kpasswd_malform:[166,789],krb5_kpasswd_softerror:[166,789],krb5_kpasswd_success:[166,382,789],krb5_kt_add_entri:48,krb5_kt_client_default:48,krb5_kt_close:[48,317],krb5_kt_cursor:[308,314,318,804],krb5_kt_default:48,krb5_kt_default_nam:48,krb5_kt_dup:48,krb5_kt_end:314,krb5_kt_end_seq_get:[48,318],krb5_kt_free_entri:[48,314],krb5_kt_get_entri:48,krb5_kt_get_nam:48,krb5_kt_get_typ:48,krb5_kt_have_cont:48,krb5_kt_name_toolong:311,krb5_kt_next_entri:48,krb5_kt_notfound:313,krb5_kt_nowrit:[302,316],krb5_kt_read_service_kei:48,krb5_kt_remove_entri:48,krb5_kt_resolv:48,krb5_kt_start_seq_get:[48,308],krb5_ktname:[43,900,917,953],krb5_kuserok:[47,48,918,932],krb5_kvno:[310,315,804,831,850],krb5_last_req_entri:[804,832],krb5_libos_badpwdmatch:[260,361],krb5_libos_pwdintr:260,krb5_lname_no_tran:932,krb5_lname_notran:56,krb5_lrq_all_acct_exptim:789,krb5_lrq_all_last_initi:789,krb5_lrq_all_last_renew:789,krb5_lrq_all_last_req:789,krb5_lrq_all_last_tgt:789,krb5_lrq_all_last_tgt_issu:789,krb5_lrq_all_pw_exptim:789,krb5_lrq_none:789,krb5_lrq_one_acct_exptim:789,krb5_lrq_one_last_initi:789,krb5_lrq_one_last_renew:789,krb5_lrq_one_last_req:789,krb5_lrq_one_last_tgt:789,krb5_lrq_one_last_tgt_issu:789,krb5_lrq_one_pw_exptim:789,krb5_magic:[804,805,807,808,809,811,813,818,821,823,824,825,826,829,831,832,833,834,836,845,846,848,850,854,859,868,869,873,882,883,886,890,891,895],krb5_make_authdata_kdc_issu:48,krb5_marshal_credenti:48,krb5_merge_authdata:48,krb5_mk_1cred:48,krb5_mk_error:48,krb5_mk_ncred:[48,323],krb5_mk_priv:[48,79],krb5_mk_rep:48,krb5_mk_rep_dc:48,krb5_mk_req:[48,80,81,330],krb5_mk_req_checksum_func:[63,80,804],krb5_mk_req_extend:[48,329],krb5_mk_safe:[48,326],krb5_msgtype:[503,504,505,506,531,543,718,741,759,760,804,832,845,846],krb5_no_2nd_tkt:267,krb5_no_tkt_suppli:[223,267],krb5_nt_ent_principal_and_id:789,krb5_nt_enterprise_princip:789,krb5_nt_ms_princip:789,krb5_nt_ms_principal_and_id:789,krb5_nt_princip:[91,93,344,789],krb5_nt_smtp_name:789,krb5_nt_srv_hst:[223,389,789],krb5_nt_srv_inst:[91,93,344,789],krb5_nt_srv_xhst:789,krb5_nt_uid:789,krb5_nt_unknown:[389,789],krb5_nt_wellknown:[91,93,344,789],krb5_nt_x500_princip:789,krb5_octet:[804,805,811,818,848,859,882,890,891],krb5_os_localaddr:48,krb5_pa_data:[804,832,845,846],krb5_pa_pac_req:804,krb5_pa_server_referral_data:804,krb5_pa_svr_referral_data:804,krb5_pac:[300,301,333,334,335,336,337,338,339,340,341,342,343,804],krb5_pac_add_buff:48,krb5_pac_attributes_info:789,krb5_pac_client_claim:789,krb5_pac_client_info:[333,789],krb5_pac_credentials_info:[333,789],krb5_pac_data:863,krb5_pac_delegation_info:[333,789],krb5_pac_device_claim:789,krb5_pac_device_info:789,krb5_pac_fre:[48,338,339],krb5_pac_full_checksum:789,krb5_pac_get_buff:48,krb5_pac_get_client_info:[48,918],krb5_pac_get_typ:48,krb5_pac_init:48,krb5_pac_logon_info:[333,789],krb5_pac_pars:48,krb5_pac_privsvr_checksum:[333,789],krb5_pac_requestor:789,krb5_pac_server_checksum:[333,789],krb5_pac_sign:48,krb5_pac_sign_ext:48,krb5_pac_ticket_checksum:789,krb5_pac_upn_dns_info:[333,789],krb5_pac_verifi:[48,343],krb5_pac_verify_ext:[48,301],krb5_padata_afs3_salt:789,krb5_padata_ap_req:[704,789],krb5_padata_as_checksum:789,krb5_padata_as_fresh:789,krb5_padata_enc_sandia_securid:789,krb5_padata_enc_timestamp:789,krb5_padata_enc_unix_tim:789,krb5_padata_encrypted_challeng:789,krb5_padata_etype_info2:789,krb5_padata_etype_info:789,krb5_padata_for_us:789,krb5_padata_fx_cooki:789,krb5_padata_fx_error:789,krb5_padata_fx_fast:789,krb5_padata_get_from_typed_data:789,krb5_padata_non:789,krb5_padata_osf_dc:789,krb5_padata_otp_challeng:789,krb5_padata_otp_pin_chang:789,krb5_padata_otp_request:789,krb5_padata_pac_opt:789,krb5_padata_pac_request:789,krb5_padata_pk_as_rep:789,krb5_padata_pk_as_rep_old:789,krb5_padata_pk_as_req:789,krb5_padata_pk_as_req_old:789,krb5_padata_pkinit_kx:789,krb5_padata_pw_salt:789,krb5_padata_redhat_idp_oauth2:789,krb5_padata_redhat_passkei:789,krb5_padata_referr:789,krb5_padata_s4u_x509_us:789,krb5_padata_sam_challeng:789,krb5_padata_sam_challenge_2:789,krb5_padata_sam_redirect:789,krb5_padata_sam_respons:789,krb5_padata_sam_response_2:789,krb5_padata_sesam:789,krb5_padata_spak:789,krb5_padata_svr_referral_info:789,krb5_padata_tgs_req:789,krb5_padata_use_specified_kvno:789,krb5_parse_nam:[46,47,48,345,406],krb5_parse_name_flag:[47,48],krb5_plugin_no_handl:[925,928,932,933],krb5_plugin_ver_notsupp:923,krb5_plugin_vt:923,krb5_pointer:[186,190,197,281,315,353,363,364,375,804,815,852],krb5_post_recv_fn:[380,804],krb5_pre_send_fn:[381,804],krb5_preauth_fail:260,krb5_preauthtyp:[232,233,234,254,804,840,859],krb5_prepend_error_messag:[48,417,918],krb5_princ_compon:789,krb5_princ_nam:789,krb5_princ_nomatch:[223,267],krb5_princ_realm:789,krb5_princ_set_realm:789,krb5_princ_set_realm_data:789,krb5_princ_set_realm_length:789,krb5_princ_siz:[789,793],krb5_princ_typ:789,krb5_princip:[46,47,48,49,91,92,93,94,132,145,147,154,182,218,223,229,235,260,264,267,275,315,319,363,364,375,382,383,384,389,412,414,804,813,825,826,832,833,836,845,846,850,861,862,883],krb5_principal2salt:48,krb5_principal_compar:[47,48,349,350,388],krb5_principal_compare_any_realm:[47,48],krb5_principal_compare_casefold:[350,789],krb5_principal_compare_enterpris:[350,789],krb5_principal_compare_flag:[47,48],krb5_principal_compare_ignore_realm:[350,789],krb5_principal_compare_utf8:[350,789],krb5_principal_data:[47,804,821,868],krb5_principal_parse_enterpris:[345,789],krb5_principal_parse_ignore_realm:[345,789],krb5_principal_parse_no_def_realm:789,krb5_principal_parse_no_realm:[345,789],krb5_principal_parse_require_realm:[345,789],krb5_principal_unparse_displai:[408,789],krb5_principal_unparse_no_realm:[408,789],krb5_principal_unparse_short:[408,789],krb5_priv:789,krb5_process_kei:48,krb5_prog_etype_nosupp:378,krb5_prompt:[352,804,872],krb5_prompt_typ:[263,804],krb5_prompt_type_new_password:[263,789],krb5_prompt_type_new_password_again:[263,789],krb5_prompt_type_password:[263,789],krb5_prompt_type_preauth:[263,789],krb5_prompter_fct:[260,275,804],krb5_prompter_posix:[46,48],krb5_prop:[15,34,41],krb5_pvno:789,krb5_pwd_data:804,krb5_pwqual_moddata:935,krb5_random_kei:48,krb5_rc_close:265,krb5_rc_requir:[323,325],krb5_rc_st:874,krb5_rcach:[71,85,265,804],krb5_rd_cred:[48,325],krb5_rd_error:48,krb5_rd_priv:[48,79,875],krb5_rd_rep:48,krb5_rd_rep_dc:48,krb5_rd_req:48,krb5_rd_safe:[48,875],krb5_read_error:48,krb5_read_password:48,krb5_realm_branch_char:789,krb5_realm_cant_resolv:260,krb5_realm_compar:[47,48],krb5_recvauth:[48,364,375],krb5_recvauth_badauthv:789,krb5_recvauth_skip_vers:789,krb5_recvauth_vers:48,krb5_referral_realm:[48,789],krb5_replay_data:[323,325,326,331,354,356,360,804],krb5_responder_context:[46,365,366,367,368,369,370,371,372,373,804,877],krb5_responder_context_st:876,krb5_responder_fn:[257,804,876],krb5_responder_get_challeng:[46,48,366,876],krb5_responder_list_quest:[46,48,876],krb5_responder_otp_challeng:[46,367,368,804],krb5_responder_otp_challenge_fre:[46,48,368],krb5_responder_otp_flags_collect_pin:[731,789],krb5_responder_otp_flags_collect_token:789,krb5_responder_otp_flags_nextotp:789,krb5_responder_otp_flags_separate_pin:789,krb5_responder_otp_format_alphanumer:789,krb5_responder_otp_format_decim:789,krb5_responder_otp_format_hexadecim:789,krb5_responder_otp_get_challeng:[46,48],krb5_responder_otp_set_answ:[46,48],krb5_responder_otp_tokeninfo:[804,878],krb5_responder_pkinit_challeng:[46,370,371,804],krb5_responder_pkinit_challenge_fre:[48,371],krb5_responder_pkinit_flags_token_:740,krb5_responder_pkinit_flags_token_user_pin_count_low:789,krb5_responder_pkinit_flags_token_user_pin_final_tri:789,krb5_responder_pkinit_flags_token_user_pin_lock:789,krb5_responder_pkinit_get_challeng:[46,48],krb5_responder_pkinit_ident:[804,880],krb5_responder_pkinit_set_answ:[46,48],krb5_responder_question_otp:[46,48,789],krb5_responder_question_password:[46,789],krb5_responder_question_pkinit:[46,48,789],krb5_responder_set_answ:[46,48,366,876],krb5_respons:804,krb5_roundup:789,krb5_safe:789,krb5_salttype_to_str:48,krb5_sam_must_pk_encrypt_sad:789,krb5_sam_send_encrypted_sad:789,krb5_sam_use_sad_as_kei:789,krb5_sendauth:[48,363],krb5_server_decrypt_ticket_keytab:48,krb5_set_default_realm:[44,48],krb5_set_default_tgs_enctyp:[48,261],krb5_set_error_messag:48,krb5_set_kdc_recv_hook:48,krb5_set_kdc_send_hook:48,krb5_set_password:[47,48,169],krb5_set_password_using_ccach:[47,48],krb5_set_principal_realm:[47,48],krb5_set_real_tim:48,krb5_set_trace_callback:48,krb5_set_trace_filenam:48,krb5_sname_match:[47,48,359],krb5_sname_to_princip:[47,48],krb5_string_to_cksumtyp:48,krb5_string_to_deltat:48,krb5_string_to_enctyp:48,krb5_string_to_kei:48,krb5_string_to_salttyp:48,krb5_string_to_timestamp:48,krb5_tc_match_2nd_tkt:[153,789],krb5_tc_match_authdata:[153,789],krb5_tc_match_flag:[153,789],krb5_tc_match_flags_exact:[153,789],krb5_tc_match_is_skei:[153,789],krb5_tc_match_ktyp:[153,789],krb5_tc_match_srv_nameonli:[153,789],krb5_tc_match_tim:[153,789],krb5_tc_match_times_exact:[153,789],krb5_tc_noticket:789,krb5_tc_openclos:789,krb5_tc_supported_ktyp:[153,789],krb5_tgs_name:789,krb5_tgs_name_s:789,krb5_tgs_rep:789,krb5_tgs_req:[789,846],krb5_ticket:[48,185,221,359,363,364,376,804,809,823,845,846,886],krb5_ticket_tim:[274,402,804,825,826,832,833],krb5_timeofdai:48,krb5_timestamp:[45,167,266,336,340,341,342,343,385,395,396,397,398,410,804,808,813,824,832,836,838,846,850,854,861,875,882,884],krb5_timestamp_to_sfstr:48,krb5_timestamp_to_str:48,krb5_tkt_authent:804,krb5_tkt_creds_context:[399,400,401,402,403,404,804],krb5_tkt_creds_fre:[48,403],krb5_tkt_creds_get:[48,401,402,403],krb5_tkt_creds_get_cr:[48,400],krb5_tkt_creds_get_tim:48,krb5_tkt_creds_init:[48,400],krb5_tkt_creds_step:[48,401,402,403],krb5_tkt_creds_step_flag_continu:[404,789],krb5_trace:[41,386,387,953],krb5_trace_callback:[386,804,889],krb5_trace_info:[386,804,888],krb5_trace_nosupp:[386,387],krb5_transit:[804,833],krb5_typed_data:804,krb5_ui_2:804,krb5_ui_4:[333,335,337,358,804,808,813,836,875],krb5_unmarshal_credenti:48,krb5_unparse_nam:[47,48,407,408],krb5_unparse_name_ext:48,krb5_unparse_name_flag:[47,48],krb5_unparse_name_flags_ext:48,krb5_us_timeofdai:48,krb5_use_enctyp:48,krb5_verify_authdata_kdc_issu:48,krb5_verify_checksum:48,krb5_verify_init_cr:[46,48,416],krb5_verify_init_creds_opt:[46,414,415,416,804],krb5_verify_init_creds_opt_ap_req_nofail:789,krb5_verify_init_creds_opt_init:[46,48,414],krb5_verify_init_creds_opt_set_ap_req_nofail:[46,48,414],krb5_vprepend_error_messag:48,krb5_vset_error_messag:48,krb5_vwrap_error_messag:48,krb5_wellknown_namestr:789,krb5_wrap_error_messag:[48,419,918],krb5_x:789,krb5_xc:789,krb5cc_1984:946,krb5cc_320:939,krb5cc_:[917,946,953],krb5cc_p11795:939,krb5cc_ttypa:939,krb5ccname:[15,136,897,941,942,943,946,953],krb5kdc:[0,1,2,3,4,5,6,7,8,9,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],krb5kdc_err_key_exp:260,krb5kdc_err_more_preauth_data_requir:931,krb5krb_ap_err_skew:167,krb5krb_err_response_too_big:[279,404],krb5lib:34,krb5plugin_service_locate_ft:933,krb5rcachedir:[901,917,953],krb5rcachenam:[901,953],krb5rcachetyp:[901,953],krb5srv:39,krb:[48,918,919],krb_ap_rep:48,krb_ap_req:48,krb_error:[48,375],krbadmin:[20,22],krbcanonicalnam:22,krbcontain:[20,22],krbcore:936,krbdev:936,krbprincipalnam:22,krbtest:[16,23,35,41,911,912,951],krbtgt:[3,19,26,37,41,43,278,301,644,757,910,911,912,918,939,948],ksu:[919,937,940,953],ksu_opt:946,kswitch:[897,937,940,953],kt:376,ktadd:[14,15,23,32,34,900],kth:919,ktid:317,ktrem:3,ktremov:15,ktutil:[1,2,900,903,918],ktype:[128,232,233,234,261,846],ku:21,kungliga:919,kv5m_context:[135,156],kv:[5,6],kvno:[3,6,11,14,15,16,23,26,29,32,34,41,310,414,831,883,911,918,937,940],l:[11,19,897,898,906,939,942,943,945,946],lab:[5,919],label:[21,919],laboratori:919,lack:[37,378,918],lag:946,larg:[20,23,24,34,36,39,46,100,103,119,288,290,904,918],larger:[24,32,37,896,914,918],largest:35,last:[3,6,9,20,23,24,35,44,48,173,198,200,220,245,314,322,386,735,854,897,898,921,930],last_fail:6,last_req:832,last_success:6,lastpwd:6,latenc:24,later:[3,19,20,21,23,26,33,37,38,39,41,43,136,247,740,896,911,914,918,919,925,932],latest:[34,224,884,904,918,939],latter:[388,897],launchpad:42,law:919,lawsuit:919,lawyer:919,layer:[918,924,927],layout:[43,917],lcom_err:945,lcurs:906,ld:906,ldap:[3,4,5,6,10,20,22,35,38,906,918,919],ldap_conns_per_serv:20,ldap_kadmind_dn:[5,20,22],ldap_kadmind_sasl_authcid:[5,20],ldap_kadmind_sasl_authzid:20,ldap_kadmind_sasl_mech:20,ldap_kadmind_sasl_realm:20,ldap_kdc_dn:[5,20,22],ldap_kdc_sasl_authcid:[5,20],ldap_kdc_sasl_authzid:20,ldap_kdc_sasl_mech:[20,22],ldap_kdc_sasl_realm:20,ldap_kerberos_container_dn:[20,22],ldap_serv:[20,22],ldap_service_password_fil:[20,22],ldapadd:22,ldapi:[20,22,24],ldapsasl_nocanon:38,ldapuri:[3,5],ldb:906,ldflag:906,ldif:22,ldname:906,ldopt:906,lead:[20,946],learn:15,least:[15,23,32,34,39,99,102,153,165,287,289,407,735,752,914,928,932],leav:[3,14,24,28,32,33],left:[20,21,280,912,923],leg:918,legaci:[26,46,885],legal:[280,946],legitim:[25,46,901,946],lehman:919,lehmann:919,len:[12,118,337,339],length:[3,20,33,43,46,48,91,92,99,100,102,103,116,117,119,124,191,203,209,244,254,260,280,284,287,288,289,290,311,336,339,361,397,738,798,799,805,811,818,821,829,848,859,868,869,879,891,910,911,914,915,924,944],lengthi:918,less:[3,20,25,53,897,904,914,915,918],let:[99,287,933,952],letter:[34,39,939],level:[3,5,10,25,37,39,43,904,908,934],liabil:919,liabl:919,lib:[37,904,906,917,919,945],libdefault:[15,20,26,28,33,34,38,39,40,41,43,44,897,900,901,934],libdir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],libedit:906,libera:936,libev:919,libk5crypto:918,libkadm5:918,libkdb5:921,libkdb_ldap:22,libkeyutil:906,libkrb5:[21,28,43,896,918],libkrb5support:918,libpam:42,librari:[3,18,20,21,24,26,29,38,41,43,46,48,49,50,52,53,54,55,56,59,60,61,62,63,64,65,66,67,68,69,71,72,73,74,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,101,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,121,124,125,126,129,130,132,133,134,135,136,137,138,139,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,169,171,172,173,174,175,176,177,178,179,180,181,182,183,184,189,194,195,198,199,200,201,202,203,204,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,227,228,229,230,231,235,236,237,238,245,246,247,248,250,251,252,253,257,260,261,262,263,264,265,266,267,270,271,272,273,274,275,276,277,278,279,280,283,286,287,288,289,290,294,295,296,298,299,300,301,302,303,304,305,306,307,308,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,342,343,344,345,346,347,348,349,350,352,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,396,399,400,401,402,403,404,405,406,407,408,409,410,412,414,417,418,419,420,865,866,896,897,903,904,906,917,918,919,920,921,922,924,925,926,932,933,934,945,953],libtool:923,libverto:[906,931],licens:[905,906,909,918],life:[3,5,19,23,942],lifetim:[3,6,14,21,23,48,153,365,366,752,826,832,897,918,921,930,939,942,946,953],lightn:918,lightweight:903,like:[3,6,8,12,14,15,19,21,23,32,33,34,37,38,39,41,43,192,897,901,902,904,906,908,923,927,939],likewis:946,limit:[20,23,24,25,34,39,919,946,953],line:[0,3,8,10,12,15,19,20,21,23,28,34,35,37,352,905,906,918,919,938,946,948,951,952,953],link:[0,30,34,901,904,905,906,908,921,924,945],linkdn:3,linker:906,linux:[897,906,918],list:[0,2,3,4,6,10,14,15,19,21,23,26,28,32,34,36,39,40,43,46,48,93,153,164,184,189,195,214,230,231,320,378,412,417,418,419,833,876,897,906,907,917,919,921,922,925,931,934,938,939,943,946,951,952],list_mkei:23,list_polici:23,list_princip:23,listen:[4,8,10,20,34,39,918],listinfo:936,listpol:3,listprinc:3,liter:923,littl:924,live:[6,15,923],lk5crypto:945,lkrb5:945,ll:34,lmdb:[20,23,24,906,918],lname:[56,946],lndir:[903,905],lnsize_in:56,lnsl:906,load:[8,14,17,20,24,34,38,40,906,924,934],load_dump:6,loadabl:[20,21,924],loader:906,local0:20,local7:20,local:[3,5,8,12,14,15,20,21,22,23,28,32,34,36,39,43,46,48,62,64,80,230,231,325,326,327,329,331,344,356,359,360,389,398,408,523,524,717,898,901,902,903,906,908,910,911,912,917,918,925,926,938,939,942,943,945,946,948,953],local_addr:[44,64,82],local_appdata:21,local_port:84,local_realm:946,localauth:[918,926],localauth_plugin:932,localedir:906,localfr:28,localhost:15,localhostnam:43,localstatedir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],locat:[4,7,8,10,15,19,20,21,22,24,25,29,34,39,41,43,48,897,901,906,907,915,917,918,919,926,934,939,941,942,943,945,946,947,948,953],locate_plugin:933,lock:[6,20,23,24,34,35,736,737,915,918,939],lockdown_kei:[3,19,918],lockit:3,lockout:[3,20,24,25,30],lockout_polici:35,lockoutdur:[3,35],lockouttim:3,log:[8,9,23,24,26,28,33,34,37,39,46,48,737,897,918,926,938,939,941,946,952,953],log_:20,log_daemon:20,logic:[39,918],login:[20,21,33,38,41,46,939,946,953],logon:[20,333,658,918],logout:[939,941],longer:[11,19,23,25,33,39,43,49,65,67,68,72,73,76,77,78,91,92,93,111,113,115,120,122,123,125,126,132,141,143,145,150,153,154,163,164,169,172,173,174,175,176,177,178,180,181,182,183,194,195,224,227,229,230,231,236,261,265,268,272,275,280,282,286,294,310,315,317,318,321,322,324,325,326,327,328,329,330,331,332,335,338,339,344,345,354,355,356,357,359,360,363,375,389,401,403,405,406,408,906,918,939,942],look:[0,8,12,15,20,21,23,28,37,38,39,43,389,904,906,923,939,942,946],lookasid:906,lookup:[21,22,33,38,39,194,815,906,918,933],lose:6,loss:[23,919],lost:[17,904,919],lot:39,lower:[3,19,21,43,230,934,944,951],lowercas:[23,38,901],lowest:21,lpr:20,lr:[3,11,854],lr_type:854,lr_type_interpretation_mask:789,lr_type_this_server_onli:789,lrealm:[210,227,377],ls:946,lsocket:906,lss:906,ltd:919,luke:39,luser:319,lxml:908,m:[3,4,5,6,10,14,19,20,21,23,26,34,39,898,918,919,939],mac:903,mach:[21,919],machin:[4,8,12,14,15,17,18,21,31,32,34,37,38,39,897,902,906,938,939,952,953],maco:[21,342,897,903,918,919],macro:[97,99,100,102,103,108,113,114,130,184,189,287,288,289,290,294,295,299,329,330,375,403,421,827,889,946],made:[8,21,23,34,41,136,253,269,378,897,918,919,927,929,947,953],magic:[135,156,805,807,808,809,811,813,818,821,823,824,825,826,829,831,832,833,834,836,845,846,848,850,854,859,868,869,873,882,883,886,890,891,895],mai:[3,6,8,10,11,14,15,19,20,21,22,23,24,25,26,28,33,34,35,36,37,38,39,40,41,43,46,99,107,126,158,195,224,228,229,241,245,258,262,287,330,359,375,380,381,388,389,414,731,847,865,877,889,898,901,904,906,907,910,911,914,915,918,919,922,924,925,927,928,929,930,931,934,936,938,939,941,942,946,951,953],mail:[20,897,939,946,951],mailbox:901,mailman:936,main:[368,371,936],maintain:[0,9,15,20,23,904,906,953],mainten:[3,6,23],maj_ver:923,major:[43,905,923],make:[0,3,6,12,14,15,17,20,21,22,23,25,26,28,32,33,34,35,37,39,41,43,48,112,236,241,250,301,368,371,403,896,904,905,906,908,910,918,919,924,938,942,947],makedepend:903,makefil:[904,906,908],malform:[166,223,619,910],malici:[3,46],malloc:934,man:[0,3,21,901,906,918],manag:[5,19,23,33,918,934,937,953],mandatori:[23,113,114,129,130,294,295,298,299,912],mandir:906,mani:[3,17,21,28,35,39,41,927,939,953],manipul:[22,23,45,827,900],manner:[5,919],manual:[0,6,10,15,23,33,34,904,906,918],manual_test:904,map:[21,28,33,34,43,906,918,924,925,932,946,951],mapsiz:[20,24],marc:919,mark:[3,6,20,21,34,342,919],marker:[910,918],markup:[0,908],marshal:[910,911,918],masachusett:953,mask:[66,83,142,153,157],masquerad:[17,938,939],massachusett:[909,919],master:[3,4,5,6,10,20,26,34,35,39,41,902,907,917,918],master_kdc:[21,39],master_key_nam:[5,6,20],master_key_typ:[5,6,14,20,34],match:[0,2,3,6,15,19,20,21,28,29,33,37,38,43,48,59,60,119,151,153,195,223,224,267,301,310,359,363,375,403,745,746,747,748,749,750,751,753,756,846,897,901,915,917,918,934,948,951,953],materi:[14,46,918,919,923],matt:919,matter:[17,21],max_keytab_name_len:789,max_lif:[6,20,34],max_read:[20,24],max_renew_lif:6,max_renewable_lif:[20,34],max_renewable_ticket_lif:5,max_ticket_lif:5,maxfailur:[3,35],maximum:[3,5,6,10,14,15,20,21,23,24,33,39,46,311,361,896,931,939,942],maxlif:[3,19,23],maxnumb:3,maxpathlen:766,maxrenewlif:[3,5,19,23],maxtktlif:[5,23],mcred:153,md4:[26,919],md5:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],mdb:24,me:41,mean:[3,12,14,20,21,23,33,34,37,46,902,907,919,939,946,953],meaning:3,meant:939,measur:[25,896],mech:[28,917,918,953],mech_typ:924,mechan:[3,16,20,21,22,23,36,37,39,40,43,46,154,250,692,693,901,910,911,917,918,922,923,926,931,933,942,953],mechglu:[919,924],media:[5,21],medvinski:946,meet:951,megabyt:[20,24,905],mellon:919,member:20,membership:46,memori:[15,41,43,48,93,142,223,231,302,323,325,326,331,356,357,360,414,827,897,900,906,918,923,925,932],memset:46,mention:[20,22,919],merchant:919,merg:[18,20,48,919],messag:[3,8,20,21,24,34,41,48,78,363,375,381,531,538,718,741,807,832,836,845,846,865,866,883,889,901,903,911,918,919,923,938,939,945,946,948,953],message_out:169,message_typ:882,met:[919,946],metadata:6,method:[21,25,39,230,910,918,920,921,922,923,925,928,929,930,931,932,933,934,935,942],mexico:919,mgluep:919,mic:[532,918],mic_token:43,michigan:919,microsecond:[266,385,410,808,824,875,910],microsoft:[20,21,26,29,42,43,382,452,918,924],microsystem:919,middl:901,might:[14,17,23,28,29,34,35,38,39,43,904,906,910,919,923,938,953],migrat:[14,23,41,918],miller:[919,953],min:[3,19,898],min_ver:923,minclass:3,minim:[6,14,23,24,918],minimum:[3,20,23,33],minlength:3,minlif:3,minor:[14,43,905,918,923,924,933],minor_statu:[43,924],minu:[20,915],minut:[5,20,21,23,898,901,938,939,953],mismatch:[43,260,342,938],miss:[267,908],mission:946,mistak:938,mistakenli:171,mit1:911,mit:[3,5,12,14,15,17,19,20,21,24,28,30,31,32,34,38,39,41,43,45,46,896,897,903,905,906,908,909,910,911,912,922,924,926,927,931,934,936,938,939,942,953],mitig:[23,25,46,901,918],mitiys4k5:34,mix:939,mk_cmd:906,mk_req:856,mkdir:904,mkei:[3,6],mkey_convert:6,mkey_fil:6,mkeynam:[5,6,10],mkeytyp:[5,6],mkeyvno:[5,6],mkvno:6,mm:898,modbi:6,mode:[3,6,8,14,20,41,467,479,730,906,918,942,946],modern:[14,15,23,38,918],modestli:40,modif:[6,9,19,21,34,919],modifi:[3,6,9,18,19,23,25,28,34,40,43,100,103,114,136,144,146,158,288,290,295,312,365,366,866,906,918,919,929,934,942],modify_polici:23,modify_princip:[23,26],modnam:[21,28],modpol:3,modprinc:[3,23,35,37,40,928],modtim:6,modul:[3,4,6,20,21,23,35,252,268,906,908,916,917,918,920,921,922,925,927,928,929,930,931,932,933,934,935,942,953],module_nam:21,modulenam:21,modulepath:21,modulo:915,moira:919,mon:[3,35],monitor:25,month:[898,918],more:[6,14,15,19,20,21,22,23,25,29,32,34,35,37,38,39,41,43,46,262,279,344,404,565,738,740,761,889,897,900,901,903,906,907,911,918,925,931,936,938,953],more_preauth_data_requir:922,morn:33,most:[2,6,17,20,21,23,24,25,26,28,33,34,37,39,40,41,43,48,154,897,900,901,903,918,922,923,924,939,941,953],mostli:906,move:[20,27,34,48],ms:[20,29,39,48,383,684,918,919],msdn:918,msec_dirbit:789,msec_val_mask:789,msg:213,msg_type:[832,845,846],mslsa:897,mssclogin:21,much:[14,25,38,153,938],multi:[35,37,918],multihom:21,multipl:[3,10,14,16,20,21,22,23,24,28,34,35,36,37,39,43,46,847,897,901,904,918,923,924,931,942,951,953],multipli:35,multithread:48,muse:919,must:[2,3,7,8,11,14,15,19,20,21,22,23,24,26,28,29,32,33,34,35,36,37,39,43,46,57,58,69,74,78,99,100,102,103,113,117,119,121,125,126,136,146,152,153,158,173,176,195,198,200,220,224,228,241,247,268,270,271,274,275,279,282,287,288,289,290,294,296,312,314,317,322,326,331,345,359,368,371,373,375,402,407,728,729,731,738,740,742,745,746,747,748,749,750,751,752,753,756,827,847,870,897,904,905,906,910,911,912,914,915,918,919,921,923,924,925,928,930,931,932,934,938,939,944,946,948,953],mutabl:847,mutex:847,mutual:[34,330,375,437,503,807,942,946],my:16,my_cach:946,my_proxi:21,my_respond:46,mydir:897,mydomain:20,mymodul:28,mypreauth:28,myrealm:46,myremotetokentyp:20,n:[3,6,10,21,28,37,344,898,942,943,946],name:[2,3,4,5,6,8,10,12,14,15,16,19,20,21,22,23,24,28,29,30,32,33,34,36,37,40,46,48,49,50,59,60,141,147,153,155,159,214,222,223,227,230,235,246,247,252,260,264,267,278,300,301,310,315,317,319,320,329,333,336,342,343,350,352,359,362,365,377,382,384,406,407,408,409,412,414,501,638,640,641,642,643,647,652,663,740,751,813,833,862,872,876,883,898,900,905,908,910,911,914,917,918,919,920,923,925,932,933,934,935,939,941,942,943,944,945,946,948,953],name_s:306,name_str:37,name_typ:37,namelen:311,nat:[21,23,918],nation:919,nativ:[33,368,371,896,906,910,914,917,918],natur:38,naval:919,navi:919,ncsa:42,nctx_out:176,ndnhnmn:898,nearli:3,necessari:[3,14,21,22,23,24,33,34,37,39,43,120,122,123,260,343,387,407,922,923,927,938,939],necessarili:14,need:[4,6,12,14,15,19,20,21,23,32,33,34,35,37,38,39,40,41,43,46,49,64,65,67,68,72,73,76,77,78,91,92,93,99,100,102,103,111,113,115,125,126,132,141,143,145,150,153,154,163,164,169,172,173,174,175,176,177,178,180,181,182,183,194,195,224,227,229,230,231,236,258,261,265,268,272,275,279,280,282,286,287,288,289,290,294,310,315,317,318,321,322,323,324,325,326,327,328,329,330,331,332,335,336,338,339,344,345,354,355,356,357,359,360,363,364,375,389,401,403,404,405,406,408,565,739,740,761,897,898,903,904,905,906,908,911,918,924,925,927,932,934,936,938,939,942,945],needchang:[3,5],neg:[28,885,914],neglig:919,negoex:[918,926],negoti:[910,918,924],neither:[3,325,919,942,943,946],nersc:21,net:[21,42],netbio:54,netbsd:[918,919],netlib:906,netlogon:452,network:[3,15,17,21,23,25,29,32,34,38,39,40,43,46,260,375,523,524,525,526,903,906,938,939,952,953],neuman:953,never:[3,14,15,17,19,20,23,24,35,100,103,228,288,290,915,938,939],new_message_out:866,new_mkey_fil:6,new_princip:3,new_reply_out:[865,866],new_stat:108,newer:[6,14,20,23,906],newest:23,newli:[3,6,26,37,107,113,125,126,176,294,329,330,359,363,364,375,897,904,918],newlin:[344,352],newprinc:3,newpw:[166,382,383],next:[3,6,17,23,34,35,48,99,100,102,103,287,288,289,290,730,904,910,911,915,918,922,931,939,946],nf:[38,938],nii:946,nippon:919,nist:[21,40],nitem:923,nktype:846,nl:918,nlgilman:12,no_auth_data_requir:3,no_host_referr:[20,39],noaddress:21,nofail:46,nofork:4,nokei:[3,23,37],non:[2,3,14,19,21,23,26,33,37,43,44,99,100,102,103,113,129,130,155,224,241,245,250,269,287,288,289,290,294,298,299,300,315,330,342,359,375,382,383,388,865,910,914,918,942,945,946],nonc:[358,824,832,846,918],none:[3,20,21,22,26,36,37,57,58,132,273,285,304,369,372,901,911,946,953],nonexist:[23,918],noninfring:919,nonrepudi:37,nonzero:[21,224,948],noout:37,nopw:3,nor:[919,943,946],norandkei:3,norealm:[14,20],normal:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],north:919,nosync:[20,24],notabl:23,note:[3,5,6,14,20,21,23,26,32,34,154,241,245,898,904,931,939,942,946,952,953],noth:[8,901],notic:[17,24,919],notifi:936,novel:919,now:[8,14,34,37,39,235,260,275,730,918,939],nowait:[8,12,34],nrl:919,nss:919,nt:[638,640],nt_wellknown:763,ntlm:918,ntt:919,num:9,num_data:[98,100,103,114,130,288,290,295,299],num_prompt:[352,872],number:[2,3,4,5,6,8,9,10,11,12,14,19,20,21,23,24,35,36,37,39,46,48,66,78,80,83,100,103,112,135,156,288,290,310,315,325,326,327,331,337,352,356,358,359,360,521,528,723,738,740,808,827,846,850,875,885,896,898,900,904,906,908,910,911,912,914,918,919,922,931,943,944,945,946,948],numer:[6,34,166,382,383,898,918,943],numwork:10,o:[3,5,6,898,905,906,919,939,943],object:[3,5,6,20,21,22,23,24,25,28,35,36,43,48,262,269,740,904,906,910,918,919,920,921,922,923,924,925,928,929,930,931,932,933,934,935],observ:[25,29,35],obtain:[2,3,15,16,17,20,21,23,25,26,33,34,37,43,46,48,80,135,230,258,271,274,329,330,359,375,402,403,414,440,618,837,897,900,906,915,918,919,934,935,937,938,942,946,948],obvious:32,occasion:34,occur:[3,6,9,78,342,386,918],occurr:171,octet:48,odd:939,oeap:481,off:[15,21,24,25,28,33,35,39,352,361],offer:[21,24,40,906],offlin:[14,25,942],offset:[10,48,410,910,915],often:[20,22,23,28,33,38,39,900,927,953],oid:[28,43,918,924],oid_op:919,ok:[5,20,21,23,24,34,918],ok_as_deleg:3,ok_to_auth_as_deleg:3,okai:[3,939,943],old:[2,3,6,14,20,21,23,34,37,243,346,420,918,938],old_cod:[419,420],old_princip:3,oldcc:919,older:[14,23,918,931],oldest_kvno_to_keep:3,om_uint32:[43,924],omit:[11,22,28,39,408,716,717,910,914,934],onc:[3,6,14,15,21,23,34,43,46,78,361,735,897,901,904,929,933,938,953],one:[2,3,5,6,9,15,16,17,19,20,21,23,24,25,26,28,32,34,35,36,37,38,39,40,41,43,46,48,153,165,243,263,264,270,271,275,279,330,333,344,356,360,389,740,897,898,900,901,904,906,907,908,910,911,915,918,920,922,923,925,928,931,932,938,939,942,944,946,947],ones:[21,25,34,904,923,939],onli:[3,4,6,8,9,10,14,15,18,19,20,21,22,23,26,28,32,33,34,35,38,39,41,43,46,48,54,114,153,224,228,241,245,295,325,361,365,366,545,731,751,862,889,896,897,902,904,906,910,915,918,919,924,925,931,932,934,938,939,942,946,948,951,953],onlin:[14,25],onlyrealm:[14,20],onto:[17,21,32,34,906,924,939],opaqu:[48,286,847,918],open:[6,21,24,46,48,50,305,315,317,342,387,755,771,901,915,918,919,935,942],openldap:[3,5,23,24,30,906,919],openldap_ldapconf:20,opensc:917,openssh:[28,38],openssl:[21,37,906,918],openvis:[3,919],oper:[2,3,5,9,10,14,15,19,20,21,22,24,26,28,33,34,35,37,41,43,48,62,119,121,136,156,158,382,383,386,755,837,847,897,903,904,905,906,911,915,917,918,919,928,932,942,946,953],oppos:37,opt:[46,229,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,945],optim:906,optimist:[20,40,48,254],option1:21,option2:21,option:[2,11,12,15,19,22,23,24,28,29,34,35,36,37,39,43,48,59,60,224,225,226,229,232,233,234,235,253,260,269,275,325,326,329,330,331,344,375,403,414,416,546,738,808,809,813,824,825,832,836,840,841,846,884,900,905,918,921,922,923,925,928,930,932,939,953],oracl:[42,919],order:[3,4,6,14,16,17,19,20,21,22,23,32,33,34,35,37,38,43,46,48,245,738,897,900,901,905,906,910,914,919,920,924,934,953],ordinari:[14,904,918,953],ordinarili:[2,15,245],org:[5,21,22,42,904,905,908,918,919,936,952,953],organ:[905,919],orig_hostnam:194,origin:[3,14,21,23,39,43,46,906,919,924],os:[20,34,48,904,917,918],osconf:905,osf:680,other:[3,4,6,10,14,15,19,20,21,23,24,26,28,34,35,37,38,39,43,46,154,279,310,359,404,644,740,837,896,897,900,903,904,905,906,910,911,914,918,919,922,924,928,929,930,932,933,934,936,938,939,944,946,951,952],othernam:37,otherrealm:21,otherwis:[3,6,14,20,21,23,29,33,34,36,37,39,43,49,52,54,62,64,65,67,69,72,73,74,76,77,78,79,81,82,84,85,86,87,88,89,90,95,96,97,98,99,100,102,103,104,105,106,107,108,110,111,112,113,114,115,116,117,118,121,124,125,126,129,130,134,142,150,153,157,158,162,163,164,166,170,172,173,174,175,177,178,180,181,182,183,184,185,187,189,192,193,195,217,224,235,236,238,248,260,261,264,265,266,267,271,272,273,274,275,276,277,278,279,280,283,284,285,286,287,288,289,290,294,295,296,298,299,300,301,319,321,322,324,325,326,327,328,329,330,331,332,333,335,337,338,339,342,345,347,348,349,350,354,355,356,357,358,359,360,361,362,363,364,374,375,376,385,388,390,391,392,394,395,397,398,400,401,402,403,404,405,414,897,906,911,919,921,923,930,939,942,943,944,946],otp:[3,16,25,30,46,368,696,698,699,722,738,917,918],ou:[5,22],our:[20,36,903,904,919],out:[3,8,12,21,23,24,33,35,36,37,41,43,49,50,56,59,60,63,64,65,66,67,68,69,71,72,73,74,76,77,78,89,91,92,93,95,96,97,99,101,102,104,105,107,108,111,112,113,115,116,117,118,119,121,124,125,126,129,130,132,134,135,138,141,142,143,145,149,150,152,153,154,158,163,164,166,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,194,195,223,224,227,229,230,231,235,236,238,251,260,261,262,264,265,266,267,268,269,272,273,274,275,279,280,282,286,287,289,294,296,298,299,301,303,305,306,307,308,310,311,314,315,317,318,320,321,322,323,324,325,326,327,328,329,330,331,332,335,336,337,338,339,344,345,347,354,355,356,357,358,359,360,361,363,364,368,371,374,375,382,383,389,390,391,392,394,395,396,397,398,401,402,403,404,405,406,408,409,410,412,532,533,535,536,539,897,906,918,919,938,941,948],out_cr:[224,225,226,375],out_flag:238,outaddr:172,outag:[20,39],outauthdat:322,outbuf:[223,327,328,329,330],outcc:134,outcksum:131,outcr:177,outdata:178,outfil:6,outgo:[15,924],outlin:[0,29],outprinc:182,outptr:[186,190],output:[3,6,9,15,20,23,26,34,41,43,48,99,100,101,102,103,107,117,119,166,181,224,279,287,288,289,290,296,352,359,361,364,404,866,875,897,908,918,920,921,923,942,943,945,948,953],output_cr:43,output_cred_handl:43,output_message_buff:43,output_nam:924,output_payload_buff:43,outputinto:102,outreach:14,outsid:[15,897,953],ov:3,over:[0,10,14,15,20,21,23,24,28,32,34,36,38,39,43,46,48,107,113,114,117,155,164,294,295,296,300,301,325,363,375,817,918,920,926,934,938,939],overrid:[3,6,10,14,20,21,26,36,48,378,380,381,386,387,865,906,914,918,942],overridden:[2,10,11,19,21,901,918],overview:903,overwrit:[6,23,384,941],overwrite_cr:43,overwritten:[20,827],own:[0,3,15,20,21,23,24,25,34,38,381,918,921,923,924,935,938,939,946,952],owner:919,ownership:901,p27:42,p:[3,4,5,6,7,8,10,11,12,14,19,21,23,40,897,918,919,939,941,942,943,946,947,948],pa:[253,911,912,931],pa_as_fresh:912,pa_config_data:910,pa_hardwar:931,pa_real:922,pa_replaces_kei:931,pa_typ:[859,910],pa_type_list:[922,931],pac:[3,20,48,340,341,650,660,685,860,863,918,942],pac_client_info:[300,301,336,343],pac_out:301,pac_privsvr_enctyp:3,packag:[29,34,904,919],packet:[20,25,36,330,918,931],pad:[43,48,99,100,103,104,287,288,290,536,915],padata:[845,846,922,931],padl:919,page:[0,3,21,23,905,906,918],pair:[6,20,21,26,841],pam:33,parallel:[10,39,904,918],param:[49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420],paramet:[5,6,10,20,28,35,36,43,46,48,169,229,323,325,343,906,907,910,917,918,924,928,931,946],parent:[21,39,897,917],pars:[3,28,43,45,46,48,235,260,264,267,278,356,360,368,371,903,910,918],part:[14,21,23,26,32,41,199,264,267,278,283,301,344,359,384,823,833,845,883,897,902,910,911,915,919,923,924,934,946,953],parti:[28,36,43,918,919,953],partial:[14,19,23,46,915],particip:[21,34],particular:[2,11,14,16,17,19,20,21,37,43,46,317,904,906,919,938,939],particularli:[14,17,25,39,938,945],partit:39,pass:[14,20,21,28,36,43,99,100,102,103,228,250,270,271,275,279,280,282,287,288,289,290,325,368,371,380,381,382,386,387,889,906,924,933,942,946],passcod:669,passiv:25,passkei:693,passwd:[5,33,895,919,946],passwd_phrase_el:[804,873],password:[3,4,5,6,9,10,11,14,15,16,17,19,20,21,22,23,24,25,26,28,29,32,33,34,35,36,37,39,40,43,48,233,245,258,618,620,719,720,721,739,740,897,902,917,918,922,926,937,939,944,946,952,953],password_changing_servic:3,password_expir:[245,838],past:[3,936],pasword:25,patch:23,path:[4,5,8,20,21,22,25,28,29,34,39,359,904,906,908,918,946,953],pathnam:[4,8,21,23,24,28,29,37,900,904,907,953],pattern:[6,21,28,951],payment:919,pdf:0,pem:[16,21,29,37,948],peopl:20,pepper1:107,pepper2:107,pepper:48,per:[3,6,9,10,14,18,20,21,23,26,28,36,39,43,46,897,920,922,925,928,929,931,932,933,934,935],perfect:901,perform:[3,4,5,6,12,14,19,20,21,22,24,25,26,34,37,38,39,43,46,62,91,250,254,258,359,363,375,382,383,386,416,437,847,897,918,919,928,929,930,939],perhap:[3,14,20,23,24],period:[6,8,14,17,20,21,23,24,35,939,942],permiss:[3,18,19,20,23,34,43,137,147,159,897,918,919,939],permit:[3,19,20,21,26,36,48,194,251,356,360,917,918,919,942,952],permitted_enctyp:[21,26],persist:[21,897],person:[17,34,919,938,939],pertain:[10,919],pgp:[905,936],phase:946,phrase:895,physic:[32,39],pick:[20,25,37,904],pid:[4,8,10,918],pid_fil:[4,8,10],piec:[35,265],pin:[369,372,728,731,735,736,737,738,870],pipermail:936,pkc:[21,740],pkcs11:[21,906,917,918,919],pkcs11_modnam:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],pkcs12:21,pkinit:[3,16,23,25,30,40,41,107,649,687,688,689,690,740,906,913,918,919,926,942],pkinit_allow_upn:[20,21],pkinit_anchor:[3,20,21,37,942],pkinit_cert_match:[3,21,37,918],pkinit_dh_min_bit:[20,21],pkinit_eku:21,pkinit_eku_check:[20,21,37],pkinit_ident:[20,21,37],pkinit_ind:[16,20],pkinit_kdc_hostnam:[21,37],pkinit_pool:[20,21],pkinit_require_crl_check:[20,21],pkinit_require_fresh:[20,37],pkinit_revok:[20,21],pkinit_san:21,place:[2,8,14,15,21,26,28,32,33,37,39,43,44,46,48,107,117,229,264,267,279,296,301,336,364,376,404,827,866,906,908,915,921,929,941,946,952],placehold:[903,905],plain:911,plaintext:[116,533],plan:23,platform:[24,885,896,897,904,905,906,918],pleas:[0,15,20,738,936],plu:[20,939,946],plug:919,pluggabl:[21,28,918,923,926,929,934],plugin:[3,20,22,903,906,916,917,918,919,934],plugin_base_dir:21,pm:898,pnl:21,po:903,point:[3,14,15,21,23,32,34,43,330,407,414,827,897,902,906,918,936],pointer:[24,43,44,46,91,135,136,173,198,200,203,209,213,217,220,230,231,256,262,263,322,323,330,332,357,365,366,386,395,407,825,827,832,872,883,920,921,922,923,928,929,931,933,935],pol:[3,19],polici:[3,4,5,6,16,19,20,21,24,25,34,35,169,359,918,926,927,928,935,939,943,944],policy_nam:5,poll:[4,8,20,23,918],pool:14,pop:32,popul:[14,24,44,148,915],popular:34,port:[3,4,7,8,10,12,15,20,21,23,34,36,41,44,48,62,331,524,526,917,953],portabl:897,portiion:919,portion:[21,36,153,266,317,385,410,751,808,813,824,836,875,919],portmapp:23,portnum:10,pose:14,posit:[6,19,28,35,885,914],posix:[6,885,896,911,912,915],possess:[37,939],possibl:[3,5,6,14,15,17,20,21,22,24,25,26,32,34,35,37,38,39,43,46,48,93,166,224,740,900,901,906,918,919,922,923,931,936,939,951],post:[48,897,936],postdat:[3,19,20,267,939,942,943],potenti:[14,32,34,46,902],power:[20,24,25,39,918],pp:898,pr:[347,903],practic:[14,21,46,99,287,918],pre:[0,16,20,22,43,48,91,260,329,330,359,363,364,375,380,859,908,911,918,919,929,942],pre_auth_typ:[232,233,234],preauth:[20,672,841,910,918,919,922,931],preauth_list:[254,840],preauth_list_length:[254,840],preauth_plugin:[922,931],preauth_requir:[922,931],preauthent:[3,16,20,21,23,25,28,30,37,41,46,48,250,722,832,845,846,859,876,910,918,923,926,939,942,943],prebuilt:904,preced:[10,14,21,39,914,946,953],precis:33,precomput:48,predefin:39,prefer:[3,21,38,43,236,900,901,918,925],preferred_preauth_typ:21,prefix:[20,39,48,344,904,906,918,924,945,946],preiniti:[117,119,121,296],prepar:[48,79,318,403],prepend:[39,346,420,906],preprocessor:906,prerequisit:908,preselect:942,presenc:[21,910],present:[8,14,16,20,21,22,23,28,34,36,37,43,46,165,245,301,325,333,336,345,354,365,366,373,388,618,711,713,714,884,900,901,910,914,915,918,934,939,943,948,953],preserv:[6,919],presid:919,pressvr:14,presum:901,prevent:[2,3,19,20,21,25,26,29,40,330,521,522,901,918,919,929,938,942],previou:[0,3,21,23,34,37,42,44,156,250,261,279,384,404,419,420,910],previous:[3,6,23,43,48,904,918],prf:[48,118,911,918],primari:[3,4,7,8,9,14,17,20,21,23,24,31,35,38,39,41,43,48,145,897,918,920,929,933,935,936,941,942,947,951,953],primarili:[24,55,949],primary_kdc:21,princ1:[37,348,349,350,362],princ2:[37,348,349,350,362],princ:[3,6,21,49,50,91,92,93,94,388,793,794,795,796,797,798,799,800,911],princ_flag:6,princ_lockout:6,princ_look_ahead:946,princ_meta:6,princ_nam:[37,941],princ_out:154,princ_stringattr:6,princ_tktpolici:6,princip:[2,3,4,5,6,7,8,9,10,11,12,14,16,17,19,20,21,22,24,25,26,28,29,30,31,32,33,36,37,40,41,43,45,46,48,78,141,147,148,153,155,159,166,223,229,235,242,260,264,267,275,300,301,310,315,320,329,333,340,341,342,343,359,363,364,375,403,406,407,408,409,412,414,501,641,648,663,707,709,751,763,825,826,832,836,845,846,850,862,897,898,900,901,907,911,912,914,917,918,920,921,927,928,930,931,932,935,938,939,942,943,944,946,947,948,951,952,953],principal_databas:8,principal_nam:37,principal_out:[344,345],principal_seq:37,principalnam:918,principl:710,princnam:[25,35,40,46,897],princname_out:336,print:[3,6,7,8,361,918,945,946,948],printabl:[365,373],prior:[6,8,14,20,21,23,39,41,43,136,265,919,923],priorit:39,prioriti:[14,20,39,230,897,901,920],priv:[48,918],privat:[21,37,718,906,911,912,918,936],privileg:[3,19,34,43,48,253,918,938,952,953],privsvr:[300,301,342,343],privsvr_kei:[340,341],prng:[121,918],probabl:[6,12,14,34,904],problem:[14,23,330,901,918,936],proce:946,procedur:[6,26,32,34,903,904],proceed:23,process:[3,4,6,8,9,10,14,15,20,21,23,24,25,34,38,43,46,48,136,154,169,355,414,897,900,901,918,921,922,925,928,929,930,931,933,935,942,953],procur:[37,919],produc:[6,21,46,104,124,905,915,922,925,931,943,945],product:[34,919],prof_no_rel:934,profil:[15,18,20,21,48,136,388,897,900,901,903,907,918,919,926],profile_module_init:934,profile_module_init_fn:934,profile_releas:262,profile_vt:934,profit:919,program:[2,3,4,6,8,12,15,20,21,23,26,28,30,32,33,34,37,38,39,41,43,46,56,268,378,901,903,904,905,908,910,917,918,919,939,945,946,953],programm:945,programmat:46,progress:[14,20],prohibit:[3,919],project:[0,701,906,918,919,923,953],promot:[14,919],prompt2:361,prompt:[2,3,5,6,23,34,46,48,260,361,719,720,721,722,870,872,902,918,922,938,939,944,946],prompter:[245,260,263,275,352,870,872,877],prone:918,proof:[48,939],propag:[4,6,7,8,14,17,19,20,21,24,31,35,903,918,919,938],proper:[12,23,37,359,904],properli:[29,34,37,41,896,906],properti:[21,937],propog:8,proponli:[4,23],proprietari:36,protect:[6,15,25,26,32,35,37,40,43,78,247,326,331,740,847,901,918],protocol:[2,3,14,21,23,29,39,43,48,247,301,321,405,674,695,723,832,836,845,846,901,903,916,918,928,939,942,948,953],prototyp:[903,923],prove:[46,912,922,931],provid:[0,3,4,10,15,21,22,23,24,26,28,29,32,34,37,38,39,41,43,46,98,229,359,372,414,896,897,904,906,918,919,921,924,927,930,934,938,946,953],provis:919,proxi:[20,21,25,30,36,39,43,918,939,943],proxiabl:[3,20,21,48,840,939,942,943,946],proxy_imperson:910,pseudo:[48,903],pto:183,ptr:[38,43,197,281,339,353,802,803,832,833,883],pty:[903,919],publish:[38,919],pull:918,punctuat:[3,21,34,944],purg:[3,6,14,918],purge_mkei:23,purgekei:[14,23,37],purpos:[10,15,21,23,26,28,34,906,919,942,949],put:[4,10,34,344,808],pw:[3,918],pw_expir:6,pwchang:20,pwd:904,pwexpdat:3,pwexpir:[3,19,26],pwqual:[28,918,926],pwqual_plugin:935,pwservic:20,py:908,python:[29,908,918],q:[3,11,14,37,941,946,948],qop_req:43,qop_stat:43,qualif:[21,918],qualifi:[3,15,19,21,23,953],qualify_shortnam:[21,38,918],qualiti:[21,28,918,926,937],queri:[3,21,39,43,46,918],question:[0,20,39,48,368,371,738,739,740,876,877,936],queue:[20,919],quietli:941,quit:[6,32],quot:[3,6,344,406,408,898],quux:21,r13:6,r18:6,r:[3,4,5,6,7,8,9,10,14,21,28,34,284,939,942,943,946,953],r_address:824,rabbit:39,radiu:[20,36,918],randkei:[3,14,23,26,34,37,918],random:[3,6,14,20,21,23,25,34,48,911,915,918],random_data:124,randomli:[2,26],randsourc:120,rang:942,rapidli:15,rare:[24,37,898,900],rassen:919,rather:[3,4,5,6,10,15,20,21,23,32,38,39,56,279,404,897,904,911,924,942],raw:[20,904],rc2:479,rc4:[20,26,918],rc:34,rcach:[43,71,85,265,323,325,901],rcache2:[901,918],rcmd:21,rcommand:643,rcptr:265,rctmpdir:907,rctx:[46,365,366,367,368,369,370,371,372,373,877],rdata_out:[323,325,326,331,354,356,360],rdn:[21,33,38,43],re:[3,5,6,14,23,34,41,730,901,924,938,953],reach:[20,21,24,164,314,915],react:243,read:[3,5,6,9,11,20,21,22,23,34,35,37,46,48,250,260,262,318,352,371,414,906,914,918,931,934,938,943,953],readabl:[15,21,32,169,898,900,902,918],reader:[21,24],readi:[6,34],readlin:906,readm:[903,905],real:[21,350,385,707,946],realiti:0,realloc:44,realm1:10,realm2:10,realm3:10,realm:[3,4,5,6,7,8,10,12,14,15,16,19,22,24,25,26,29,30,33,34,36,37,38,40,43,44,46,48,49,50,59,60,91,92,93,94,153,214,230,235,251,260,264,267,278,279,284,300,342,344,345,350,359,388,389,403,404,408,502,708,711,712,713,714,716,717,727,795,796,797,798,813,821,825,833,836,845,846,862,865,866,868,869,883,897,906,907,910,911,912,914,917,918,926,933,935,938,939,942,946,951,952,953],realm_try_domain:21,realmlist:214,realmnam:[37,46],realmsp:[230,231],reason:[14,17,21,24,28,33,39,342,896,910,919,938,939,946],reboot:[20,34,902],rebuild:[906,908],receiv:[3,4,8,9,14,20,21,37,39,41,43,48,223,245,273,325,326,330,331,354,356,360,363,374,375,876,921,922,931,932,935,939,953],recent:[2,6,17,20,25,26,37,48,901,912,918,939],recipi:[824,919],recogn:[3,20,21,37,41,942,951],recognit:[918,919],recommend:[5,6,15,17,20,21,23,32,34,39,40,43,904,905,906,936,939,941],recomput:136,reconf:903,record:[6,10,21,33,34,38,39,901,911,914,915,918],recov:[6,918,922],recurs:[6,24,918],recv_hook:380,recvauth:[363,375],red:[692,693,919,953],redhat:918,redirect:[21,34],redistribut:919,reduc:[14,21,33,100,103,288,290,906],redwood:919,ref:5,refcount:918,refer:[3,5,15,19,20,22,23,39,43,45,48,87,89,138,286,307,862,918,919,927,932,946],referenc:[22,910,919],referr:[20,21,39,230,231,343,389,694,703,727,910,918,925,939],referral_valid_until:861,referred_realm:861,reflect:[23,34,100,103,136,158,262,288,290,325,326,331,356,360,911,912],reforward:939,refrain:924,refresh:[15,43,910,918],refresh_tim:910,refus:[12,14,34],regard:919,regardless:[6,19,21,43],regener:908,regent:919,regexp:21,region:[43,114,130,295,299,827],regist:[4,21,23,28,39,919,926,953],registr:21,regress:904,regul:919,regular:[14,21,34,37,43,946],regularli:[17,39],reiniti:[148,918],reject:[12,15,16,20,21,34,166,620,939],reject_bad_transit:20,rekei:14,rel:[20,21,48,898,904,910,946],relai:10,relat:[4,6,20,21,22,28,29,35,37,39,169,826,918,919],relationship:[21,932],releas:[0,3,4,6,8,14,15,16,19,20,21,23,24,25,26,33,35,37,38,39,40,41,43,46,48,68,73,77,82,84,91,93,113,125,126,154,163,176,203,209,214,230,231,265,268,282,294,314,318,344,896,897,901,911,912,914,915,918,921,922,923,924,925,927,928,929,930,931,932,942,948,953],relev:[34,38,78,195,300,911],reli:[15,34],reliabl:24,relianc:21,relinquish:85,remain:[3,4,6,14,20,43,44,245,645,896,897,914,915,918,919,929,931,946],rememb:[34,37,910],remot:[3,4,7,15,20,23,33,38,43,48,62,64,169,223,325,326,331,356,359,360,382,383,525,526,903,918,938,939,946,952,953],remote_addr:[44,64,82,359],remote_port:84,remotehost:949,remov:[2,3,6,20,23,26,28,37,38,48,155,904,918,929,938],renam:[3,906,918,929],rename_sect:934,render:[14,904],renew:[3,5,6,20,21,23,48,846,884,918,930,939,942,943,946,953],renew_lif:[256,840],renew_lifetim:21,renew_til:[825,833,884,910],renewable_lif:942,renprinc:3,reorgan:918,rep:[185,199,327,328,357,358,807,832,845,860],rep_cksum:861,rep_result:375,repeat:[6,20,21,34,847,910,924],repl:357,replac:[3,5,21,23,28,34,70,75,94,186,188,190,191,196,197,225,226,232,233,234,281,351,353,411,906,914,918,919,922,942],replai:[21,43,48,78,323,325,326,331,354,356,359,360,521,522,875,897,899,907,913,917,918,953],repli:[12,26,46,107,245,258,267,279,352,357,358,380,381,404,730,845,865,866,870,911,918,922,931,942],replic:[8,34],replica:[4,6,7,8,9,14,15,17,20,21,23,31,32,35,41,903,918],replica_datatran:[7,34,917],replica_datatrans_hostnam:23,replica_dumpfil:8,replica_host:7,replicahostnam:8,reply_out:866,report:[6,38,903,918,936,942,948],repositori:908,repres:[3,21,34,43,158,885,896,900,911,919],represent:[21,43,48,344,345,398,407,408,813,832,845,846,883,896,910,914,919],representaton:807,reproduc:919,req:[21,26,37,245,329,330,359,504,846],req_pac:253,request:[3,4,6,8,9,10,14,15,16,19,20,21,22,23,24,25,28,33,35,36,37,38,40,43,46,48,153,166,195,223,224,229,235,241,253,260,267,276,277,330,359,378,403,503,505,506,619,674,695,752,759,760,807,809,832,846,854,898,900,901,910,911,912,918,921,922,924,930,931,936,939,942,946,948,953],request_fini:922,request_init:922,request_tim:882,requested_principal_nam:861,requestor:660,requir:[3,4,6,8,9,12,14,15,16,20,21,22,23,24,25,26,28,32,34,35,36,37,38,39,40,43,46,48,98,112,116,117,236,241,247,248,301,323,325,326,331,354,356,360,544,738,862,877,896,897,904,905,906,908,911,918,919,921,924,931,934,939,944,952,953],require_auth:[3,16,918],requires_hwauth:[3,931],requires_pre_auth:23,requires_preauth:[3,5,14,23,25,35,37,40],requires_pwchang:5,requisit:908,research:919,resembl:740,reserv:[909,919],reset:[3,9,35,46,157,386,918],resid:[15,39,46,902,919,951,952],residu:[21,39,152,317,897,901,932,934,953],resiz:407,resolut:[15,33,38,43,230,918,946],resolv:[15,33,48,260,317,897,906,918,943,946],resourc:[43,46,904,916,918],respect:[3,11,34,82,84,224,344,898,918,919,924,938],respond:[4,48,367,368,369,370,371,372,731,738,739,740,876,877,918,931],respons:[3,4,37,40,46,85,166,229,245,279,357,404,503,505,543,565,739,759,761,807,846,882,918,919,922,925,931,942,949,953],rest:[28,906],restart:[12,14,19,20,23,24,34,37,41],restor:[6,23,918],restrict:[3,5,14,19,21,23,48,224,919,928,930,942,946],restrict_anonymous_to_tgt:[20,37],restructuredtext:0,resubmit:942,result:[0,14,15,21,23,37,39,40,41,43,46,48,99,102,107,117,124,144,156,158,189,195,228,287,289,296,320,375,376,403,405,406,407,420,906,910,911,915,918,919,920,924,925,930,931,932,939,946,948],result_cod:[166,382,383],result_code_str:[166,382,383],result_str:[166,169,382,383],resum:23,resync:[4,9,23,918],resynchron:9,ret:[46,347],ret_as_repli:[232,233,234],ret_princ:389,ret_valu:[59,60],retain:[2,3,14,20,23,919,928,930,952],retir:[13,23,918],retransmit:906,retri:[20,36,38,39],retriev:[3,6,23,24,41,43,44,46,48,158,271,310,366,375,400,403,876,918,919,948],return_padata:931,return_pwd:361,retval:[49,50,51,53,55,56,61,62,63,64,65,66,67,68,69,71,72,73,74,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,121,124,125,126,129,130,132,133,134,135,137,139,141,142,145,147,148,149,150,151,152,153,155,156,157,158,159,160,161,162,163,164,165,166,167,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,231,235,236,238,248,260,261,262,264,265,266,267,268,271,272,273,274,275,276,277,278,279,280,282,285,286,287,288,289,290,294,295,296,298,299,300,301,302,303,304,305,306,308,310,311,313,314,315,316,317,318,319,321,322,323,324,325,326,327,328,329,330,331,332,333,335,336,337,338,339,342,344,345,347,348,349,350,352,354,355,356,357,358,359,360,361,362,363,364,373,374,375,376,377,378,382,383,384,385,387,389,390,391,392,394,395,396,397,398,400,401,402,403,404,405,406,407,408,409,410,414,923],reus:23,rev:[6,24],revers:[6,15,21,33,43,919,943],review:905,revis:[918,919],revoc:[20,21],revok:[20,21,35],rfc4120:29,rfc:[14,20,21,39,43,48,320,382,383,412,442,443,446,447,448,450,451,458,459,460,461,462,463,464,465,466,511,540,542,600,664,667,668,669,670,671,672,673,675,676,677,678,680,681,682,683,686,687,689,691,698,701,703,705,738,901,910,911,912,915,918,922,924],rhost:223,ricciardi:42,richard:919,ride:20,right:[5,19,20,100,103,288,290,827,909,915,919],risk:[14,23,26,30,46],rkt:11,rlen:[91,92,93,94],rlogin:946,rm:37,rnd:38,roam:21,robbi:953,robin:15,robust:918,rock:[922,931],roll:23,rollback:14,rollov:[6,23],root:[8,12,14,15,17,19,20,21,32,34,902,906,938,946,951,952,953],rotat:[26,38],round:[40,918,931],rout:34,routin:[21,870],royal:919,royalti:919,rpath:[904,906,945],rpc:[20,21,23,43,48,616,903,918,919],rpcbind:23,rsa:[37,477,480,481,482,919,942],rst:908,rtime:846,rule:[3,19,21,23,28,38,39,43,154,946,948,951,952],run:[3,4,6,8,9,10,12,14,15,20,21,23,24,26,28,32,33,34,37,39,41,897,904,905,906,908,917,918,941,943,946,953],runstatedir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],runtim:917,s2kparam:48,s2kparams_out:229,s4u2proxi:[20,43,910,918],s4u2self:[20,43,343,918,948],s4u:918,s4uself:20,s:[2,3,4,5,6,7,8,10,11,12,14,15,17,19,20,21,22,23,25,26,28,29,32,33,34,35,37,38,39,41,43,46,48,50,113,192,203,209,230,231,245,263,279,294,300,363,366,375,378,398,404,740,807,826,827,832,836,876,897,898,902,904,906,910,911,917,918,919,921,924,931,932,933,935,938,939,941,942,943,944,946,948,949,950,951,952,953],s_address:824,sa:919,safe:[28,48,741,896,918],safer:938,safest:939,sai:901,sake:946,sale:919,salt:[2,3,6,11,20,23,25,48,125,126,393,840,918],salt_out:229,salt_type_afs_length:789,salt_type_no_length:789,salttyp:[6,20,26,374],salttypep:394,sam:[696,698,699,918],samba:[28,918],same:[3,4,5,10,12,19,20,21,23,24,28,36,39,43,52,53,91,101,105,107,136,138,151,155,171,180,228,250,270,271,275,279,307,348,349,350,362,388,847,897,901,906,918,923,924,938,942,946,948],sampl:[12,15,22,34,903,919,938,939,946,949],san:[20,21,918],sandia:919,sasl:[3,5,20,22,38,43,918],sasl_authcid:3,sasl_authzid:3,sasl_mech:3,sasl_nocanon:38,sasl_realm:3,satisfactori:25,save:[37,40,66,83,528,529,911,918,931],sbin:[8,12,34,906,917],sbindir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],sc:20,scalar:911,scenario:[14,918],schedul:[14,23],schema:[22,24],scheme:39,sclient:[12,937,940],sclogin:20,scope:5,screen:939,screensav:939,script:[3,4,10,34,903,904,906,918],search:[5,20,21,38,48,151,153,195,224,315,897,904,915,918,941,947],search_scop:5,searchscop:5,sec:[48,813,836,898],second:[3,10,20,21,23,28,36,37,39,43,44,52,53,105,153,223,228,266,267,322,348,349,350,361,362,385,386,388,410,745,808,824,826,846,875,885,896,898,901,910,911,914,915,923,924,939,942,946,953],second_ticket:[826,846,910],secondari:34,secret:[3,20,21,36,43,46,850,938],secretari:919,section:[3,10,19,22,23,28,33,34,35,37,39,41,43,48,119,320,412,600,681,682,683,901,904,905,910,911,915,918,934,935,946,951],sector:6,secur:[3,7,14,15,20,21,23,25,30,31,34,37,39,41,43,46,250,325,564,902,903,918,919,936,939,953],securecooki:911,securid:[669,918],sed:906,see:[14,15,17,22,23,24,26,28,32,34,35,36,39,43,46,97,99,100,102,103,108,113,114,130,131,168,184,189,229,262,287,288,289,290,294,295,299,320,329,330,359,375,393,403,412,413,414,600,738,827,897,898,901,902,903,904,906,908,909,910,918,919,920,921,922,923,925,926,927,928,929,930,931,932,933,934,935,936,938,939],seed:[131,331,413,915],seed_length:[131,413],seen:901,segment:39,select:[6,14,21,23,28,43,46,48,117,296,359,369,897,906,918,924,926,942,946,951],self:21,sell:919,semant:46,semfiajf42:20,send:[0,4,15,20,21,23,25,26,32,34,41,48,229,245,325,363,375,380,901,903,906,918,936,938,942,953],send_hook:381,sendauth:[12,34,48],sender:[325,326,331,356,360,824],sensit:250,sent:[6,20,25,36,37,41,43,325,375,381,866,901,904,911,918,931,939],sentenc:34,separ:[0,3,5,6,10,16,19,20,21,22,23,24,25,28,39,50,301,344,346,420,731,905,906,911,918,924,934,938,953],seq:875,seq_numb:[808,813],seqnumb:[69,74],sequenc:[25,37,48,66,78,80,83,325,326,327,331,356,358,359,360,521,528,808,813,875,902,910,911,914,924],sequence_count:873,sequenti:[48,314,815],seri:[48,915],serial:[9,43,48,405,918],serv:[4,10,21,23,918],server1:5,server:[2,3,4,5,6,7,8,9,10,12,16,18,20,21,22,23,24,25,28,29,30,31,34,36,37,38,39,43,46,48,159,166,223,224,264,267,300,301,333,342,343,359,375,382,383,414,504,617,661,730,760,807,825,826,832,836,846,883,897,900,901,903,907,910,917,918,919,920,926,927,939,945,946,948,949,951],server_kei:[340,341],server_port:12,server_princ:[300,301],server_str:169,serverauth:21,servic:[2,3,5,8,10,12,15,16,19,20,21,22,23,24,28,29,31,32,33,34,43,48,166,224,235,245,260,264,267,301,329,330,363,382,414,643,644,645,738,878,897,901,903,910,918,919,920,925,933,939,942,948,951,953],service1:948,service2:948,service_loc:933,service_nam:942,service_passwd:5,sesam:[46,701],session:[3,14,15,21,23,33,34,43,46,48,224,320,325,330,354,412,439,440,813,825,826,832,833,897,901,918,939,943,948,953],session_enctyp:[3,23,918],set:[0,3,4,5,6,14,15,16,18,19,20,21,22,23,24,25,26,28,29,31,32,33,34,35,37,38,39,40,41,43,44,46,48,62,68,69,73,74,77,78,98,102,145,153,154,161,164,203,209,224,229,253,279,280,286,289,301,305,317,325,326,331,352,354,356,359,360,361,369,373,377,387,404,407,408,409,420,546,731,747,865,866,876,897,898,901,906,918,921,924,931,932,938,939,941,942,943,946,952,953],set_cooki:[918,931],set_str:[23,26,36,37],setstr:[3,16],setuid:[41,918,953],setup:[23,34,904,918],sever:[3,15,16,20,21,23,24,37,39,897,903,906,910,923,953],sf:[5,6,911],sfu:684,sh:34,sha1:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],sha256:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],sha2:[3,20,918],sha384:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],sha:[14,20,918],shall:919,share:[0,14,21,23,28,46,330,906,923,924,934,938],sharealik:919,sharp:19,she:[939,952],shell:[3,5,23,34,41,918,938,939,945,951],shorter:21,shortest:192,shortli:[33,938],shortnam:[21,918],should:[0,2,3,4,5,6,10,12,14,15,17,20,21,22,23,24,25,26,28,29,32,33,34,37,38,39,43,46,71,85,144,152,223,245,249,255,269,279,308,317,325,327,330,342,359,361,365,366,404,740,860,865,866,885,896,897,898,902,904,906,910,912,918,919,920,921,922,923,924,928,929,930,931,933,934,935,938,939,942,946,948,953],show:[2,6,20,41,870,897,908,917,939,943],shown:[20,21,897],shrubberi:42,shutdown:24,sick:919,sid:[21,638,639,660],side:[23,43,363,375,901],sighup:[10,41],sign1:43,sign2:43,sign:[3,19,20,21,32,37,41,43,48,896,905,912,914,918,942,953],sign_authdata:918,sign_onli:43,signal:10,signatur:[48,412,476,477,482,905,924,934],signedpath:[3,20,918],signific:[25,35],silent:943,similar:[6,21,22,26,29,43,92,105,113,114,126,129,130,246,294,295,296,298,299,326,329,343,345,349,364,407,408,417,419,918,923,933,939,946],similarli:[15,344,740,939],simpl:[5,12,17,23,107,421,897,901],simplest:[28,43,897,904],simpli:[28,36,37,40,43,46,739,904,924,938,939],simplifi:[251,918],simul:946,simultan:847,sinc:[3,12,14,17,21,22,23,37,48,330,735,885,896,910,924,931,952,953],singl:[0,3,14,15,20,21,24,26,28,32,34,37,39,40,43,46,48,189,320,345,409,710,897,906,918,931,946],siphash:915,site:[15,23,34,39,918,939,942,952],situat:[14,20,24,28,39,948],size:[9,20,21,23,24,37,41,48,97,98,100,103,114,116,130,186,190,288,290,295,299,361,407,409,827,906,914,915,918],size_return:361,size_t:[95,96,98,100,103,104,112,114,116,118,130,131,168,170,186,187,190,191,192,193,280,288,290,295,299,337,339,369,374,397,398,413],sizeof:[43,46,934],skei:[20,826],skew:[48,267,356,360,931,942],skip:[22,23,37,414,416],slack:39,slash:[344,953],slat:923,slightli:906,slot:[11,21,300,915],slotid:21,slower:[14,24],sm:19,small:56,smaller:[21,914],smard:21,smart:[20,21,918],smtp:642,sname:[389,948],sni:918,so:[2,3,5,14,19,20,21,22,23,24,28,29,33,34,35,37,39,43,85,93,136,144,228,386,885,897,904,910,917,918,919,923,924,938,939,941,942,953],sock_dgram:933,sock_stream:933,socket:[20,21,36,48,375,917,933],soft:918,softwar:[14,15,21,24,25,28,42,46,906,919,936],solari:[31,904,906,918],solaris9ab:42,sole:[21,28],solut:34,some:[2,3,6,14,20,21,23,24,28,29,31,34,37,38,39,41,46,48,99,151,154,287,389,766,897,898,901,903,904,905,906,907,915,917,918,923,924,927,934,936,938,939,942,951,953],someon:[17,21,34,938,939],someprinc:23,someth:[12,14,20,38,901],sometim:[23,25,38,942],somewhat:[37,901],song:919,sophist:46,sort:38,sourc:[0,10,22,23,28,34,39,42,43,904,905,906,916,919,923,927,934,936,946],source_cache_nam:946,source_us:946,southern:919,space:[3,16,20,24,37,38,56,99,102,117,119,121,287,289,296,306,346,361,407,420,898,905],spake:[20,21,25,30,918,919],spake_preauth_group:[20,21,40],spake_preauth_ind:20,spake_preauth_kdc_challeng:[20,40],sparc:918,spars:915,spawn:4,special:[20,23,28,35,43,408,648,715,897,918,919,924,942],specif:[3,4,6,8,10,14,18,19,20,21,24,26,34,39,43,48,49,56,155,301,315,317,363,364,410,740,897,898,900,906,908,915,918,919,923,928,933,939],specifi:[3,4,5,6,7,8,9,10,11,14,15,16,18,19,20,22,23,28,29,34,36,37,39,43,46,48,92,93,99,100,102,103,113,125,129,224,227,229,235,260,264,267,287,288,289,290,294,298,310,315,318,325,326,331,344,345,356,359,360,375,383,414,752,897,901,906,911,912,918,924,931,939,941,942,943,944,945,946,947,948,953],speed:[22,25],sphinx:908,sphinx_arg:908,spi:924,split:[3,39,918],spnego:[918,919,924],spnego_mech:919,spoof:[21,25,39],sprecif:905,spuriou:918,sqlite3:6,sqlite:6,squar:[20,21,28],src:[22,148,904,906,908,919],src_ctx:179,src_name:43,srcdir:908,srv:[21,33,34,39,918],srvtab:11,ss:[898,903,906],ss_lib:906,sscope:5,sserver:[1,949],ssh:[15,33,939,952,953],sshd:21,sshing:953,ssl:[29,37],sspi:918,stabl:[918,928,929,930,935],stage:[14,911,929],stai:3,stale:[0,21,26],stamp:[6,9],stand:34,standalon:[8,41,918],standard:[3,6,9,14,20,37,41,43,900,918,919,945],start:[0,3,4,6,8,10,14,15,19,20,21,23,24,26,31,37,41,48,825,833,846,884,897,902,904,912,918,939,946],start_realm:910,start_tim:[235,260,275,942],starttim:[884,910],startup:[34,918],stash:[3,5,10,14,20,22,23,34,41,899,917],stash_fil:6,stashfilenam:[5,6],stashsrvpw:[3,20,22],state:[6,9,14,20,34,46,48,78,99,100,102,103,287,288,289,290,847,911,917,918,919,920,922,923,925,928,929,931,932,933,934,935],statement:919,statu:[3,837,918,919,921,924,943,946,948],stderr:[20,953],stdin:352,stdlib:934,stdout:[41,352],stduser:23,step:[6,14,22,23,34,37,946],steve:953,still:[3,4,6,10,14,20,21,23,32,33,34,35,39,148,269,918,942,946,948],stime:836,stockholm:919,stolen:939,stop:[4,10,24,923],storag:[46,48,57,58,82,84,159,170,187,192,193,280,361,374,398,897],store:[2,3,4,5,6,8,14,15,17,20,21,22,23,24,26,34,37,46,48,80,99,100,102,103,224,235,250,287,288,289,290,325,326,330,331,356,359,360,361,407,414,549,731,840,897,900,901,904,907,910,915,918,935,939,942,943,946,948],str:43,strategi:35,strcmp:934,strdup:934,stream:[8,12,20,34,36,43],strength:918,strengthen:14,strict:919,strictli:34,string2kei:14,string:[3,5,6,16,19,20,21,23,25,26,28,34,36,37,39,43,46,48,101,166,169,192,228,229,258,264,267,278,336,346,365,373,379,382,383,417,418,419,420,738,739,740,821,826,837,868,869,889,897,898,901,906,918,919,921,923,924,931,932,934,942,946],strip_realm:[20,36],strlcpy:919,strlen:[43,46],strong:[16,122],stronger:[14,16,21,26],strongest:26,strptime:919,struct:[43,48,51,262,269,805,807,808,809,810,811,813,816,817,818,822,823,824,825,826,827,829,831,832,833,834,836,840,841,842,845,846,847,848,849,850,854,859,860,861,862,863,869,870,873,874,875,876,878,879,880,881,882,883,884,886,887,889,890,891,894,895,928,934],structur:[43,46,47,48,92,100,103,135,156,169,173,182,212,221,237,240,241,242,243,244,245,249,252,253,254,255,257,258,259,269,275,280,282,288,290,322,324,334,345,355,356,365,368,371,375,389,414,416,421,538,805,811,823,826,827,836,863,883,890,896,922,923,928,930,931,933],studio:918,style:[3,21,39,417,418,419,638,640],su:946,sub:[5,21,903],subcommand:14,subdirectori:[21,28,903,908,917],subdomain:[21,39,951],subject:[0,20,21,23,37,919],subjectalternativenam:21,subjectaltnam:37,subjectkeyidentifi:37,subkei:[48,80,325,354,359,808,813],sublicens:919,submit:[26,43],subprocess:10,subregion:43,subschema:22,subscrib:936,subsect:[16,20,21,22,24,25,28,29,35,37,40],subsequ:[9,10,14,24,136,275,279,404,919],subsess:[26,330,440],subset:[39,903],substanti:919,substhtml:908,substitut:[21,34,37,919],subsystem:906,subtag:21,subtre:[3,5,20,22],subtree_dn_list:5,succe:[20,21,34,43,46,414],succeed:[12,34],success:[3,6,8,20,24,25,35,46,49,50,56,62,64,65,67,69,72,73,74,76,77,78,79,81,82,84,85,86,87,88,89,90,91,92,93,95,96,97,98,99,100,102,103,104,105,106,107,108,111,112,113,114,115,116,117,118,119,121,122,124,125,126,129,130,132,133,134,135,137,141,142,144,145,147,148,149,150,152,153,155,156,157,158,159,161,162,163,164,166,167,169,170,172,173,174,175,176,177,178,180,181,182,183,184,185,187,189,192,193,214,217,223,224,227,229,231,235,236,238,248,260,261,262,264,265,266,267,268,271,272,273,274,275,276,277,278,279,280,282,286,287,288,289,290,294,295,296,298,299,300,301,302,303,305,306,308,310,311,314,315,316,317,318,321,322,323,324,325,326,327,328,329,330,331,332,333,335,336,337,338,339,342,344,345,347,352,354,355,356,357,358,359,360,361,363,364,374,375,376,377,378,382,383,384,385,389,390,391,392,394,395,396,397,398,400,401,402,403,404,405,406,407,408,409,410,414,416,621,837,901,922,925,935,946,948],successfulli:[3,6,12,35,43,46,245,301,416,865,866],sudan:919,sudden:20,suffici:[3,5,14,24,906],suffix:[21,28,38,43,906,918,953],suggest:[0,245],suit:[34,903,904,918],suitabl:[6,904,906,918,919,939],summar:943,summari:[8,9],sun:919,suncc:906,sunw_dbprop_en:23,sunw_dbprop_master_ulogs:23,sunw_dbprop_slave_pol:23,sunwaadm:42,supersed:[10,14],supervisor:10,supplement:20,suppli:[3,11,43,46,48,223,245,258,262,267,276,277,278,331,342,372,373,386,735,736,876,906,922,923,931],support:[3,4,6,8,10,11,20,21,22,23,24,25,26,37,39,40,43,46,48,153,161,247,253,378,386,387,544,756,897,899,903,904,905,906,910,911,915,918,919,922,923,924,931,936,942],supported_enctyp:[14,20,26,34,918],suppos:[939,952],suppress:[3,6,20,906,918,941,946,948],sure:[3,5,12,14,15,22,23,26,33,41,938,939,942],surpris:14,surround:28,surviv:[20,897],susec:836,swap:[34,39],sweden:919,symbol:[6,344,901,904,905,908,917,923,924],symmetri:20,synchron:[9,14,15,21,24,34,41,48,271,403,730,918,931],syntact:21,syntax:[20,21,37,918],synthes:[381,865],synthet:[380,910],syria:919,sysadv6:42,sysconfdir:[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300,301,302,303,304,305,306,307,308,309,310,311,312,313,314,315,316,317,318,319,320,321,322,323,324,325,326,327,328,329,330,331,332,333,334,335,336,337,338,339,340,341,342,343,344,345,346,347,348,349,350,351,352,353,354,355,356,357,358,359,360,361,362,363,364,365,366,367,368,369,370,371,372,373,374,375,376,377,378,379,380,381,382,383,384,385,386,387,388,389,390,391,392,393,394,395,396,397,398,399,400,401,402,403,404,405,406,407,408,409,410,411,412,413,414,415,416,417,418,419,420,421,422,423,424,425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444,445,446,447,448,449,450,451,452,453,454,455,456,457,458,459,460,461,462,463,464,465,466,467,468,469,470,471,472,473,474,475,476,477,478,479,480,481,482,483,484,485,486,487,488,489,490,491,492,493,494,495,496,497,498,499,500,501,502,503,504,505,506,507,508,509,510,511,512,513,514,515,516,517,518,519,520,521,522,523,524,525,526,527,528,529,530,531,532,533,534,535,536,537,538,539,540,541,542,543,544,545,546,547,548,549,550,551,552,553,554,555,556,557,558,559,560,561,562,563,564,565,566,567,568,569,570,571,572,573,574,575,576,577,578,579,580,581,582,583,584,585,586,587,588,589,590,591,592,593,594,595,596,597,598,599,600,601,602,603,604,605,606,607,608,609,610,611,612,613,614,615,616,617,618,619,620,621,622,623,624,625,626,627,628,629,630,631,632,633,634,635,636,637,638,639,640,641,642,643,644,645,646,647,648,649,650,651,652,653,654,655,656,657,658,659,660,661,662,663,664,665,666,667,668,669,670,671,672,673,674,675,676,677,678,679,680,681,682,683,684,685,686,687,688,689,690,691,692,693,694,695,696,697,698,699,700,701,702,703,704,705,706,707,708,709,710,711,712,713,714,715,716,717,718,719,720,721,722,723,724,725,726,727,728,729,730,731,732,733,734,735,736,737,738,739,740,741,742,743,744,745,746,747,748,749,750,751,752,753,754,755,756,757,758,759,760,761,762,763,764,765,766,767,768,769,770,771,772,773,774,775,776,777,778,779,780,781,782,783,784,785,786,787,788,789,790,791,792,793,794,795,796,797,798,799,800,801,802,803,804,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,897,898,899,900,901,902,903,904,905,906,907,908,909,910,911,912,913,914,915,916,917,918,919,920,921,922,923,924,925,926,927,928,929,930,931,932,933,934,935,936,937,938,939,940,941,942,943,944,945,946,947,948,949,950,951,952,953],syslog:[20,21,34,923],system:[3,6,14,15,19,20,21,24,29,32,33,34,35,36,37,38,41,43,46,48,56,136,147,169,282,382,383,385,396,694,697,700,876,897,902,903,904,905,918,919,923,932,936,938,939,941,942,952,953],systest:3,t:[2,3,6,10,11,12,14,15,20,21,23,28,34,37,44,50,161,333,344,712,715,737,897,901,904,906,919,938,939,942,943,946,953],t_mddriver:919,tab:[3,6,344,918],tabdump:[26,918],tabl:[3,6,23,48,276,307,308,313,359,363,414,850,900,903,905,906,908,915,917,918,943],tabular:[6,918],tag:[20,21,34,910,915,924],tail:34,take:[10,14,19,20,21,23,25,26,28,32,39,41,43,46,91,124,126,325,376,731,827,898,915,918,920,929,938,939,946],taken:[6,14,39,245,901,915],talk:901,tamper:43,tape:32,tar:[904,905],target:[19,21,34,43,897,910,918],target_nam:43,target_princip:19,target_principal_nam:946,target_us:946,target_user_login_nam:946,task:[14,46,91],tcl:918,tcp:[8,10,12,15,20,21,23,29,34,37,39,279,404,918,933],team:936,teardown:904,technet:42,techniqu:[40,46],technolog:[909,919,953],tekniska:919,telegraph:919,telephon:919,tell:[4,10,938,939,945],telnet:[21,643,946],temp:21,templat:903,temporari:[3,21,34,37,900,901,917,918,953],temporarili:3,ten:[33,939],tend:15,term:[3,14,23,25,26,37,41,739,897,900,918,919,922,931,948],termin:[4,10,48,173,195,220,230,231,240,261,325,352,354,361,366,407,903,934,946],ters:3,test1:[3,898],test2:[3,898],test3:[3,898],test4:898,test:[3,9,10,12,14,21,37,48,903,906,908,918,919,942,949],test_html:908,testdir:41,testus:3,texinfo:0,text:[6,23,28,36,37,46,169,365,827,836,870,911,945],tg:[3,20,21,25,26,35,48,224,300,403,759,860,910,918,930],tgt:[3,14,20,23,26,37,46,48,220,342,343,910,911,918,939,946],th:21,than:[3,4,5,6,10,12,14,15,19,20,21,23,24,25,26,28,32,35,37,38,39,43,53,56,230,279,375,404,897,901,904,911,914,915,918,922,924,938,942],thei:[3,6,9,14,15,20,21,28,33,34,37,38,39,41,43,46,229,325,375,731,847,896,897,900,904,906,910,918,931,938,939,950,953],them:[3,14,15,20,22,23,24,25,29,32,34,37,39,41,46,82,84,253,330,344,403,731,897,904,906,918,919,923,924,934,939,941,953],themselv:6,theodor:919,theori:919,therebi:952,therefor:[22,23,25,39,910,931],thereof:919,thi:[0,2,3,4,5,6,8,9,10,11,12,14,15,17,19,20,21,22,23,24,25,26,27,28,32,33,34,35,36,37,38,39,40,41,43,46,48,49,50,55,57,58,59,60,61,62,67,68,69,71,72,73,74,76,77,78,81,82,84,85,86,87,88,89,92,93,98,99,100,101,102,103,104,105,107,113,114,116,117,119,120,122,123,124,125,126,129,130,133,136,137,139,141,144,148,150,151,153,156,157,158,159,167,169,171,172,173,174,175,177,178,180,181,182,183,192,194,195,198,199,200,201,202,203,205,206,207,208,209,212,215,216,221,228,235,236,241,243,245,246,252,253,254,258,260,261,262,264,265,266,267,270,271,272,275,276,277,278,279,287,288,289,290,294,295,296,298,299,301,308,317,320,323,324,325,326,327,329,330,331,333,334,342,343,345,352,355,356,357,358,359,360,361,363,364,368,371,373,375,376,378,380,382,383,385,386,387,389,396,400,401,403,404,407,408,410,412,414,416,417,419,728,729,730,731,735,736,737,739,832,850,884,885,896,897,901,902,903,904,905,906,910,911,915,916,917,918,919,920,922,924,926,928,929,930,931,932,934,935,936,938,939,941,942,943,945,946,948,952,953],think:[38,923,938],third:[21,28,36,37,910,918,919,953],thorough:39,those:[3,6,14,19,21,23,25,26,34,39,43,46,906,908,914,918,919,922,924,927,928,931,948,952,953],though:[14,904,939],thousand:24,thread:[24,847,897,906,918],threadsaf:285,three:[14,24,26,35,39,40,375,910,918,939,953],threeparamopen:789,through:[15,16,20,21,23,24,28,29,33,34,35,39,46,230,282,386,387,416,910,915,918,929,938,939],throughput:[20,24],thu:[23,901,906,946],ti:[369,929],ticket:[2,3,5,6,12,14,15,16,19,20,21,22,26,28,33,34,35,36,37,38,39,41,43,46,48,153,159,183,195,223,229,235,247,260,264,267,322,330,333,342,359,363,364,375,545,548,551,652,662,745,760,809,813,823,825,826,832,833,845,846,883,884,886,897,898,910,918,921,922,930,931,936,937,938,941,942,943,946,948,949,952,953],ticket_authdata:195,ticket_flag:[5,826,910],ticket_info:824,ticket_lifetim:[21,33],tightli:[14,28,32,902],till:846,time:[0,2,3,5,6,9,10,14,15,19,20,21,22,23,24,26,28,34,35,36,37,39,41,43,44,48,136,158,224,228,235,245,260,275,356,359,360,398,735,752,753,808,824,825,826,832,833,846,850,884,896,897,899,901,902,906,907,910,911,915,917,918,919,924,930,938,939,942,943,946,953],time_offset:10,time_rec:[43,918],time_req:43,time_t:[6,885,896],timeofdai:410,timeout:[14,20,36],timeret:396,timestamp:[6,11,14,21,25,37,40,48,66,83,325,326,331,336,342,343,356,360,396,522,529,671,824,850,854,875,885,896,900,901,910,911,912,914,915,918,931,943],timestampp:395,titl:[903,919],tkt:826,tkt_flg_anonym:789,tkt_flg_enc_pa_rep:789,tkt_flg_forward:789,tkt_flg_hw_auth:789,tkt_flg_initi:789,tkt_flg_invalid:789,tkt_flg_may_postd:789,tkt_flg_ok_as_deleg:789,tkt_flg_postdat:789,tkt_flg_pre_auth:789,tkt_flg_proxi:789,tkt_flg_proxiabl:789,tkt_flg_renew:789,tkt_flg_transit_policy_check:789,tkt_life:[259,840],tktpolici:[3,5,23],tl:[9,22,29],tlyu:3,tmp:[3,21,34,901,907,917,939,946,953],tmpbuild:904,tmpdir:[901,953],tmppolici:5,tn:42,todd:919,todo:938,togeth:15,token:[16,20,21,46,368,598,729,730,731,733,736,737,913,918,924,931,942],token_flag:881,token_id:879,token_len:43,tokenid:738,tokeninfo:[369,738,878],toler:21,tom:3,tomorrow:23,too:[3,23,56,100,103,119,267,288,290,306],tool:[6,23,903,905,918,923],toolkit:903,top:[10,39,897,904,905,908],top_srcdir:908,topic:[0,30,34],topolog:4,tort:919,tortiou:919,total:[20,25,915,942,946],toward:[0,23],tr_content:890,tr_type:890,trace:[48,889,918,953],trace_log:41,track:[3,6,9,35,901,936],trademark:919,tradit:[6,35],traffic:29,trail:[20,38,946],trailer:[43,48,538],transact:[24,953],transcript:911,transfer:[4,23,37],transform:906,transit:[20,21,24,359,541,550,674,695,833,890,939,942,943,948],transitori:14,translat:[21,56,918],transmiss:17,transmit:[23,43,279,404,918,931],transpar:953,transport:[23,39,279,404],travers:6,treat:[3,21,36,38,43,54,342,350,709,885,910,942,948],treatment:39,tree:[0,22,23,24,34,905,906,908,924,927,934],tri:[20,21,25,44,359,414,918,925],trigger:901,trillium:[15,32,939],trim:[99,287],trip:[40,918,931],tripl:[14,20,26,918],trivial:[25,918],troubl:42,troubleshoot:[30,34],true_principal_nam:861,truncat:[915,939],trust:[20,21,29,37,43,268,942],tryagain:922,ts:919,tt:898,tty04:20,tty:5,tune:[22,39],tupl:3,turn:[8,21,24,33,35,40,352,361,906,946],twice:[3,24,34,910,929,938,944],two:[3,18,20,21,23,24,26,28,34,35,37,38,48,53,361,898,910,911,914,918,920,924,932,939,942,946],txt:[6,34,39],type:[2,3,5,6,10,15,16,21,23,25,28,30,32,34,38,39,46,48,91,93,95,98,99,100,102,103,104,112,113,114,115,116,124,125,126,129,130,151,152,153,161,163,184,189,195,223,224,229,280,287,288,289,290,294,295,298,299,310,311,315,317,331,333,335,344,389,421,500,541,647,678,750,756,800,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895,896,900,904,907,910,911,912,914,915,918,920,922,923,924,927,928,929,930,931,932,933,934,935,938,939,942,943,946,948,952,953],typedef:[43,805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895],typic:[4,15,20,21,26,33,38,39,43,46,98,253,908,917,920,922,923,928,929,931,935,942,948],u1:[904,905],u2u:948,u:[919,948],ubuntu:[42,918],uc:918,ucb:946,udp:[10,15,20,21,29,39,279,404,918,933],udp_preference_limit:21,uid:[21,43,897,901,917,946,952,953],uid_t:43,uidnumb:897,uint16_t:892,uint32_t:[885,893,896],uint8_t:858,uint_max:[769,770,788],uk:919,ulog:[20,23],umich:919,un:[904,918],unabl:[17,21,23],unalloc:280,unam:28,unambigu:245,unansw:877,unauthent:32,unavail:[23,34,39],unchang:[3,14,946],unclean:24,uncommon:901,uncondition:[228,906],unconfigur:[39,908],undefin:946,under:[3,5,6,10,20,21,22,38,155,159,901,904,915,918,919],underli:43,underneath:22,underscor:[21,919],understand:46,undertaken:0,unenc_authdata:846,unencapsul:918,unencrypt:[32,356,813,823,845,846],unescap:6,unexport:924,unfinish:931,unicod:919,unifi:0,unimpl:923,unimport:910,uninterrupt:14,uniqu:[3,43,48,265,414,644,646,897,924],unit:[898,919,939],univers:919,unix:[6,15,20,21,28,31,36,43,923,924,934],unkei:46,unknown:[12,38,41,616,910,948],unless:[2,3,6,11,14,19,20,21,26,28,32,34,43,315,386,414,416,901,902,918,932,946,950],unlik:[14,23,40,897,901,918,924,939],unlimit:919,unlink:6,unlock:[23,35,918],unlockit:[3,20,23,24],unmodifi:[919,946],unnecessari:23,unpack:905,unpars:[43,48,407,409],unpleas:14,unport:919,unprint:3,unqualifi:33,unquot:6,unrecogn:906,unrestrict:[32,902],unser:43,unset:[43,48,171,953],unsign:[91,92,93,94,97,111,116,120,279,311,361,404,407,409,805,811,814,818,829,848,853,857,859,891,896],unspecifi:[21,953],unstabl:929,unsuccess:37,unsupport:[37,906],unswapp:897,untest:906,until:[3,6,14,21,23,43,896,897,901,906,915,918,939],untrust:[43,953],unus:[149,265,352,375,918],unusu:[28,37],unwrap:[43,48],up:[4,8,10,20,21,22,23,28,31,32,33,34,37,38,39,43,46,98,269,386,387,389,896,902,906,918,934,938,942],updat:[2,4,6,8,9,14,20,21,22,24,26,34,35,99,100,102,103,224,287,288,289,290,697,700,906,911,918,927,936],update_princ_encrypt:[14,23],update_rel:934,upgrad:[21,23,26,34,39,918],upn:[20,21,350,637,639,707,918],upon:[6,8,946],upper:[3,19,39,944],uppercas:[21,932,953],upstream:[23,906,918],upstreamhostnam:23,uri:[3,5,20,21,33,34,39,918],url:[20,24,29,39],us:[0,2,3,4,5,6,7,8,9,10,11,12,14,16,18,19,20,21,22,23,24,25,26,28,29,33,34,35,36,37,38,39,40,41,42,43,45,46,49,55,56,65,66,67,68,69,72,73,74,76,77,78,81,83,98,100,103,105,111,113,115,117,121,125,129,132,141,143,144,145,150,153,156,163,164,169,172,173,174,175,177,178,180,181,182,183,195,223,224,227,228,229,230,231,236,239,241,246,247,248,250,254,258,261,267,268,272,275,277,279,280,286,288,290,294,298,300,309,310,315,317,318,321,322,324,325,326,327,328,329,331,332,335,338,339,340,341,344,345,352,354,355,356,357,359,360,363,366,375,378,389,401,403,404,405,406,407,408,414,416,439,447,448,563,564,598,599,618,740,825,837,847,856,865,866,870,876,884,885,900,901,902,903,905,908,910,911,912,914,915,917,918,919,920,921,922,923,924,925,927,931,932,934,935,936,938,939,941,942,943,944,945,946,948,949,950,951,952,953],usa:919,usabl:48,usag:[20,21,37,43,99,100,102,103,108,113,114,129,130,287,288,289,290,294,295,298,299,847,896,911,912,945,946],usc:946,use_mkei:[14,23],usec:[813,824,836,875],useless:14,user:[0,3,5,6,8,14,15,16,19,20,21,22,23,25,26,33,34,35,36,37,38,39,41,43,48,56,90,136,169,224,227,326,330,331,333,361,551,641,663,730,737,870,897,898,901,903,904,906,908,916,917,918,919,922,935,936,938,939,941,942,944,946,948,951,952,953],user_dn:5,userconfig:21,userdata:[326,331],userdata_out:[356,360],userid:[21,906],usernam:[3,12,21,34,36,37,43,319,674,939,942],userok:932,userpolici:5,userprincipalnam:20,usr:[5,8,12,20,21,34,906,908,917,945,946],usual:[3,10,12,20,21,23,25,35,37,39,46,99,287,897,900,906,910,923,939,948,953],utc:23,utf:[46,350,365,373,709,918,919],util:[22,34,39,47,904,906,919,941,953],uucp:20,v4:[11,14,21,48],v4_instance_convert:21,v4_realm:21,v4cred:51,v5:[3,7,11,21,32,39,48,903,904,906,916,919,939],v5cred:51,v:[6,9,42,934,942,943],va_list:[48,92,94],vagu:906,val:[198,199,200,201,202,203,204,206,207,208,209,211,212,215,218,219,221,222],valid:[20,21,23,39,43,48,66,83,109,124,129,153,160,224,235,248,260,269,275,298,301,330,333,342,343,345,350,359,365,366,408,414,884,897,898,903,910,914,918,930,939,942,948,952,953],valid_int_bit:789,valid_uint_bit:789,valu:[3,5,6,10,14,16,19,20,21,22,23,24,25,26,28,33,34,36,37,38,39,43,46,48,66,83,117,125,126,136,151,153,156,166,224,245,248,252,263,265,269,296,301,333,368,369,371,375,386,388,397,722,728,729,731,733,738,740,796,797,798,837,841,854,865,866,885,896,897,898,900,901,906,907,908,910,911,912,914,915,918,922,924,931,932,934,939,941,942,943,945,946,951,953],valuabl:[46,919],vaniti:38,vararg:91,vari:[15,33,905,917,941,942],variabl:[2,3,4,5,6,7,8,9,10,11,12,15,16,19,20,21,24,25,28,30,34,35,37,38,39,40,41,43,48,93,136,141,155,269,282,386,387,897,900,901,907,918,934,935,941,942,943,944,946,947,948,949],variad:[91,417,419],variant:[23,906,918,924],varieti:26,variou:[14,30,43,359,903,907,918,939],vendor:[738,879,945],verbatim:919,verbos:[3,6,23,904,918,942],veri:[14,20,21,23,934],verif:[20,21,34,43,46,48,414,897,937,939],verifi:[5,20,21,23,34,37,43,48,241,356,357,358,359,360,361,901,905,918,922,931,938,939,946],verifier_cred_handl:924,verify_ap_req_nofail:21,versa:[37,918],version:[0,2,3,5,6,9,10,14,20,23,24,26,29,38,42,43,44,48,155,228,247,310,315,363,375,616,723,821,823,845,850,883,896,900,904,905,906,908,910,912,914,915,918,919,923,929,933,943,945,946,948,949,953],verto:[906,919],vesion:[321,405],veto:930,via:[0,3,6,8,20,21,34,35,46,48,274,386,402,826,918,924,926,946,952],vice:[37,918],view:[8,23,34,937],view_polici:23,viola:15,virtual:[15,21],visibl:[14,23,25,918],visit:939,vista:[26,918],visual:918,vnder:14,vno:[3,14,310,315,850],volum:918,vopt:46,vpath:[904,905],vprintf:[417,418,419],vt:923,vtabl:[922,923,931,934],vulner:[14,23,32,46,918,936],w:[3,5,10,24,481],wa:[0,3,6,8,12,14,17,20,21,23,24,26,39,41,43,44,48,155,205,245,273,314,342,359,735,900,910,911,918,919,921,925,929,930,932,938,939,942,945,946,953],wai:[21,23,28,39,43,46,126,236,250,375,896,897,898,900,906,908,918,919,927,932,938,939,951],wait:[8,20,23,39],wake:15,walk:[6,938],want:[3,23,28,34,545,551,904,933,938,939,946],warn:[3,23,26,245,908,918,919],warranti:919,wasn:44,we:[0,22,23,28,32,34,43,904,905,906,918],weak:[14,20,21,26,41],web:[34,897,918],week:5,weight:39,well:[14,21,23,34,38,43,46,343,648,903,906,918,925],wellknown:[37,46,502,763],went:939,were:[14,15,21,34,43,414,618,897,918,919,939],wg:918,what:[6,14,19,20,21,26,38,43,901,922,923,931,935,938,939,945],whatev:39,whatsoev:919,when:[3,4,6,8,9,10,12,14,15,16,17,20,21,22,23,26,28,29,33,34,36,37,38,39,40,41,43,46,49,65,67,68,72,73,76,77,78,79,85,91,92,93,111,113,115,125,126,132,136,141,143,145,150,153,154,163,164,169,172,173,174,175,176,177,178,180,181,182,183,194,195,224,227,228,229,230,231,235,236,250,254,258,260,261,265,268,272,275,280,282,286,294,310,315,317,318,321,322,324,325,326,327,328,329,330,331,332,335,338,339,344,345,352,354,355,356,357,359,360,361,363,375,389,401,403,405,406,408,738,739,740,897,900,906,908,910,915,917,918,920,924,925,929,932,934,935,936,938,939,941,942,943,945,946,948,951,953],whenev:46,where:[3,4,6,7,8,14,15,17,20,21,23,25,28,39,43,46,317,389,896,897,900,901,904,905,906,911,918,923,939,942,946,953],whether:[4,6,8,10,14,20,21,26,28,35,36,43,46,48,105,223,241,242,243,245,249,253,255,319,407,905,911,918,919,921,928,935,939,946],which:[3,4,5,6,7,8,9,10,11,12,14,15,19,20,21,22,23,24,25,26,28,29,33,34,35,36,37,38,39,40,41,43,46,126,173,195,229,230,245,250,280,310,330,359,366,368,371,372,884,885,896,897,900,901,903,904,905,906,907,910,911,912,914,915,917,918,919,920,922,923,924,927,928,929,930,931,933,934,935,939,942,945,946,948,951,952,953],whichev:15,whitespac:[3,20,21],who:[0,5,16,20,25,34,37,938,939],whoami:923,whole:[23,37,141,155,342],whom:[919,938],whose:[3,5,10,17,19,21,34,38,40,43,46,132,217,229,910,914,939,952],wicker:923,wicker_appear:923,wicker_brac:923,wicker_construct:923,wicker_foot:923,wicker_materi:923,wicker_slat:923,wide:[21,29,36],wiki:[42,904,918],wild:3,wildcard:[19,20,918,951],willi:14,willing:[20,21,26],win:919,winbind:28,winbind_krb5_loc:28,window:[21,26,28,29,42,301,382,383,637,639,685,703,897,901,903,915,918,923,924,934,939],wish:[16,21,34,39,43,250,904,905,906,907,919,924,935,938,939,953],with_realm:[300,341,343],within:[3,15,20,21,24,34,35,39,43,48,132,154,252,261,356,360,365,373,386,847,897,912,918,919,924,942,951,953],without:[3,14,19,20,21,23,24,28,32,34,35,36,37,43,133,368,371,538,866,897,901,904,906,915,918,919,938,939,946,953],wkt:11,wl:945,won:[21,37,939],worcest:919,word:[21,34,939],work:[2,3,4,6,21,23,34,35,36,39,40,43,897,906,918,919,931,932,936,938,939,953],workdai:33,worker:[10,24],workflow:14,workstat:46,worri:[22,904,953],wors:21,worst:14,worth:32,would:[5,6,14,16,17,20,21,23,25,28,32,34,37,38,39,40,43,46,902,918,924,938,939,945,952,953],wrap:[23,48,300,320,924],wrapper:[889,911,912],wrfile:[14,23],writabl:[15,34,316,934],write:[0,6,8,10,11,20,21,22,23,24,28,34,35,251,352,387,897,915,918,923,934,953],writeabl:302,writer:0,written:[3,4,155,850,900,915,919],wrong:[35,37,919,939,946],wsgi:29,www:[22,42,908,918],x11r6:904,x509:[37,918,942],x509_anchor:[21,942],x509_proxi:21,x509_proxy_ca:21,x509_user_ident:[16,21,942],x86:[906,918],x86_64:[906,918],x:[3,4,6,8,10,16,19,20,21,23,37,43,771,791,801,910,918,919,921,922,942,948],xconsortium:904,xf:905,xml:908,xore:[21,359],xp:918,xst:3,xvm:14,xyz:953,y:[22,771,801,906],yacc:906,ye:[3,5,23,906,942],year:[23,45,898,918],yet:[6,21,23,26,34,37,38,897,906,927,939],yflag:906,yield:931,you:[0,3,5,12,15,16,17,20,21,22,23,24,28,32,33,34,35,37,39,40,41,737,898,902,904,905,906,907,908,919,936,938,939,941,946,953],your:[0,12,17,20,21,26,32,33,34,37,39,904,905,906,919,927,937,939,941,950,953],your_princnam:37,your_realmnam:37,yourdir:34,yourself:[939,953],yu:3,yy:898,yymmddhhmmss:898,yyyi:898,yyyymmddhhmmss:898,z:[771,898,946],zanarotti:46,zephyr:[14,919],zero:[3,21,24,39,43,44,48,129,130,203,241,245,260,261,284,298,299,310,740,742,865,910,911,914,915,918,923],zone:[14,39,898],zonetest:14},titles:["Contributing to the MIT Kerberos Documentation","Administration programs","k5srvutil","kadmin","kadmind","kdb5_ldap_util","kdb5_util","kprop","kpropd","kproplog","krb5kdc","ktutil","sserver","Advanced topics","Retiring DES","Application servers","Authentication indicators","Backups of secure hosts","Configuration Files","kadm5.acl","kdc.conf","krb5.conf","Configuring Kerberos with OpenLDAP back-end","Database administration","Database types","Addressing dictionary attack risks","Encryption types","Environment variables","Host configuration","HTTPS proxy configuration","For administrators","Installation guide","UNIX Application Servers","Installing and configuring UNIX client machines","Installing KDCs","Account lockout","OTP Preauthentication","PKINIT configuration","Principal names and DNS","Realm configuration decisions","SPAKE Preauthentication","Troubleshooting","Various links","Developing with GSSAPI","Differences between Heimdal and MIT Kerberos API","For application developers","Initial credentials","Principal manipulation and parsing","krb5 API","krb5_425_conv_principal - Convert a Kerberos V4 principal to a Kerberos V5 principal.","krb5_524_conv_principal - Convert a Kerberos V5 principal to a Kerberos V4 principal.","krb5_524_convert_creds - Convert a Kerberos V5 credentials to a Kerberos V4 credentials.","krb5_address_compare - Compare two Kerberos addresses.","krb5_address_order - Return an ordering of the specified addresses.","krb5_address_search - Search a list of addresses for a specified address.","krb5_allow_weak_crypto - Allow the application to override the profile\u2019s allow_weak_crypto setting.","krb5_aname_to_localname - Convert a principal name to a local name.","krb5_anonymous_principal - Build an anonymous principal.","krb5_anonymous_realm - Return an anonymous realm data.","krb5_appdefault_boolean - Retrieve a boolean value from the appdefaults section of krb5.conf.","krb5_appdefault_string - Retrieve a string value from the appdefaults section of krb5.conf.","krb5_auth_con_free - Free a krb5_auth_context structure.","krb5_auth_con_genaddrs - Generate auth context addresses from a connected socket.","krb5_auth_con_get_checksum_func - Get the checksum callback from an auth context.","krb5_auth_con_getaddrs - Retrieve address fields from an auth context.","krb5_auth_con_getauthenticator - Retrieve the authenticator from an auth context.","krb5_auth_con_getflags - Retrieve flags from a krb5_auth_context structure.","krb5_auth_con_getkey - Retrieve the session key from an auth context as a keyblock.","krb5_auth_con_getkey_k - Retrieve the session key from an auth context.","krb5_auth_con_getlocalseqnumber - Retrieve the local sequence number from an auth context.","krb5_auth_con_getlocalsubkey","krb5_auth_con_getrcache - Retrieve the replay cache from an auth context.","krb5_auth_con_getrecvsubkey - Retrieve the receiving subkey from an auth context as a keyblock.","krb5_auth_con_getrecvsubkey_k - Retrieve the receiving subkey from an auth context as a keyblock.","krb5_auth_con_getremoteseqnumber - Retrieve the remote sequence number from an auth context.","krb5_auth_con_getremotesubkey","krb5_auth_con_getsendsubkey - Retrieve the send subkey from an auth context as a keyblock.","krb5_auth_con_getsendsubkey_k - Retrieve the send subkey from an auth context.","krb5_auth_con_init - Create and initialize an authentication context.","krb5_auth_con_initivector - Cause an auth context to use cipher state.","krb5_auth_con_set_checksum_func - Set a checksum callback in an auth context.","krb5_auth_con_set_req_cksumtype - Set checksum type in an an auth context.","krb5_auth_con_setaddrs - Set the local and remote addresses in an auth context.","krb5_auth_con_setflags - Set a flags field in a krb5_auth_context structure.","krb5_auth_con_setports - Set local and remote port fields in an auth context.","krb5_auth_con_setrcache - Set the replay cache in an auth context.","krb5_auth_con_setrecvsubkey - Set the receiving subkey in an auth context with a keyblock.","krb5_auth_con_setrecvsubkey_k - Set the receiving subkey in an auth context.","krb5_auth_con_setsendsubkey - Set the send subkey in an auth context with a keyblock.","krb5_auth_con_setsendsubkey_k - Set the send subkey in an auth context.","krb5_auth_con_setuseruserkey - Set the session key in an auth context.","krb5_build_principal - Build a principal name using null-terminated strings.","krb5_build_principal_alloc_va - Build a principal name, using a precomputed variable argument list.","krb5_build_principal_ext - Build a principal name using length-counted strings.","krb5_build_principal_va","krb5_c_block_size - Return cipher block size.","krb5_c_checksum_length - Return the length of checksums for a checksum type.","krb5_c_crypto_length - Return a length of a message field specific to the encryption type.","krb5_c_crypto_length_iov - Fill in lengths for header, trailer and padding in a IOV array.","krb5_c_decrypt - Decrypt data using a key (operates on keyblock).","krb5_c_decrypt_iov - Decrypt data in place supporting AEAD (operates on keyblock).","krb5_c_derive_prfplus - Derive a key using some input data (via RFC 6113 PRF+).","krb5_c_encrypt - Encrypt data using a key (operates on keyblock).","krb5_c_encrypt_iov - Encrypt data in place supporting AEAD (operates on keyblock).","krb5_c_encrypt_length - Compute encrypted data length.","krb5_c_enctype_compare - Compare two encryption types.","krb5_c_free_state - Free a cipher state previously allocated by krb5_c_init_state().","krb5_c_fx_cf2_simple - Compute the KRB-FX-CF2 combination of two keys and pepper strings.","krb5_c_init_state - Initialize a new cipher state.","krb5_c_is_coll_proof_cksum - Test whether a checksum type is collision-proof.","krb5_c_is_keyed_cksum - Test whether a checksum type is keyed.","krb5_c_keyed_checksum_types - Return a list of keyed checksum types usable with an encryption type.","krb5_c_keylengths - Return length of the specified key in bytes.","krb5_c_make_checksum - Compute a checksum (operates on keyblock).","krb5_c_make_checksum_iov - Fill in a checksum element in IOV array (operates on keyblock)","krb5_c_make_random_key - Generate an enctype-specific random encryption key.","krb5_c_padding_length - Return a number of padding octets.","krb5_c_prf - Generate enctype-specific pseudo-random bytes.","krb5_c_prf_length - Get the output length of pseudo-random functions for an encryption type.","krb5_c_prfplus - Generate pseudo-random bytes using RFC 6113 PRF+.","krb5_c_random_add_entropy","krb5_c_random_make_octets - Generate pseudo-random bytes.","krb5_c_random_os_entropy","krb5_c_random_seed","krb5_c_random_to_key - Generate an enctype-specific key from random data.","krb5_c_string_to_key - Convert a string (such a password) to a key.","krb5_c_string_to_key_with_params - Convert a string (such as a password) to a key with additional parameters.","krb5_c_valid_cksumtype - Verify that specified checksum type is a valid Kerberos checksum type.","krb5_c_valid_enctype - Verify that a specified encryption type is a valid Kerberos encryption type.","krb5_c_verify_checksum - Verify a checksum (operates on keyblock).","krb5_c_verify_checksum_iov - Validate a checksum element in IOV array (operates on keyblock).","krb5_calculate_checksum","krb5_cc_cache_match - Find a credential cache with a specified client principal.","krb5_cc_close - Close a credential cache handle.","krb5_cc_copy_creds - Copy a credential cache.","krb5_cc_default - Resolve the default credential cache name.","krb5_cc_default_name - Return the name of the default credential cache.","krb5_cc_destroy - Destroy a credential cache.","krb5_cc_dup - Duplicate ccache handle.","krb5_cc_end_seq_get - Finish a series of sequential processing credential cache entries.","krb5_cc_gen_new","krb5_cc_get_config - Get a configuration value from a credential cache.","krb5_cc_get_flags - Retrieve flags from a credential cache structure.","krb5_cc_get_full_name - Retrieve the full name of a credential cache.","krb5_cc_get_name - Retrieve the name, but not type of a credential cache.","krb5_cc_get_principal - Get the default principal of a credential cache.","krb5_cc_get_type - Retrieve the type of a credential cache.","krb5_cc_initialize - Initialize a credential cache.","krb5_cc_move - Move a credential cache.","krb5_cc_new_unique - Create a new credential cache of the specified type with a unique name.","krb5_cc_next_cred - Retrieve the next entry from the credential cache.","krb5_cc_remove_cred - Remove credentials from a credential cache.","krb5_cc_resolve - Resolve a credential cache name.","krb5_cc_retrieve_cred - Retrieve a specified credentials from a credential cache.","krb5_cc_select - Select a credential cache to use with a server principal.","krb5_cc_set_config - Store a configuration value in a credential cache.","krb5_cc_set_default_name - Set the default credential cache name.","krb5_cc_set_flags - Set options flags on a credential cache.","krb5_cc_start_seq_get - Prepare to sequentially read every credential in a credential cache.","krb5_cc_store_cred - Store credentials in a credential cache.","krb5_cc_support_switch - Determine whether a credential cache type supports switching.","krb5_cc_switch - Make a credential cache the primary cache for its collection.","krb5_cccol_cursor_free - Free a credential cache collection cursor.","krb5_cccol_cursor_new - Prepare to iterate over the collection of known credential caches.","krb5_cccol_cursor_next - Get the next credential cache in the collection.","krb5_cccol_have_content - Check if the credential cache collection contains any initialized caches.","krb5_change_password - Change a password for an existing Kerberos account.","krb5_check_clockskew - Check if a timestamp is within the allowed clock skew of the current time.","krb5_checksum_size","krb5_chpw_message - Get a result message for changing or setting a password.","krb5_cksumtype_to_string - Convert a checksum type to a string.","krb5_clear_error_message - Clear the extended error message in a context.","krb5_copy_addresses - Copy an array of addresses.","krb5_copy_authdata - Copy an authorization data list.","krb5_copy_authenticator - Copy a krb5_authenticator structure.","krb5_copy_checksum - Copy a krb5_checksum structure.","krb5_copy_context - Copy a krb5_context structure.","krb5_copy_creds - Copy a krb5_creds structure.","krb5_copy_data - Copy a krb5_data object.","krb5_copy_error_message - Copy the most recent extended error message from one context to another.","krb5_copy_keyblock - Copy a keyblock.","krb5_copy_keyblock_contents - Copy the contents of a keyblock.","krb5_copy_principal - Copy a principal.","krb5_copy_ticket - Copy a krb5_ticket structure.","krb5_decode_authdata_container - Unwrap authorization data.","krb5_decode_ticket - Decode an ASN.1-formatted ticket.","krb5_decrypt","krb5_deltat_to_string - Convert a relative time value to a string.","krb5_eblock_enctype","krb5_encode_authdata_container - Wrap authorization data in a container.","krb5_encrypt","krb5_encrypt_size","krb5_enctype_to_name - Convert an encryption type to a name or alias.","krb5_enctype_to_string - Convert an encryption type to a string.","krb5_expand_hostname - Canonicalize a hostname, possibly using name service.","krb5_find_authdata - Find authorization data elements.","krb5_finish_key","krb5_finish_random_key","krb5_free_addresses - Free the data stored in array of addresses.","krb5_free_ap_rep_enc_part - Free a krb5_ap_rep_enc_part structure.","krb5_free_authdata - Free the storage assigned to array of authentication data.","krb5_free_authenticator - Free a krb5_authenticator structure.","krb5_free_checksum - Free a krb5_checksum structure.","krb5_free_checksum_contents - Free the contents of a krb5_checksum structure.","krb5_free_cksumtypes - Free an array of checksum types.","krb5_free_context - Free a krb5 library context.","krb5_free_cred_contents - Free the contents of a krb5_creds structure.","krb5_free_creds - Free a krb5_creds structure.","krb5_free_data - Free a krb5_data structure.","krb5_free_data_contents - Free the contents of a krb5_data structure and zero the data field.","krb5_free_default_realm - Free a default realm string returned by krb5_get_default_realm().","krb5_free_enctypes - Free an array of encryption types.","krb5_free_error - Free an error allocated by krb5_read_error() or krb5_sendauth().","krb5_free_error_message - Free an error message generated by krb5_get_error_message().","krb5_free_host_realm - Free the memory allocated by krb5_get_host_realm().","krb5_free_keyblock - Free a krb5_keyblock structure.","krb5_free_keyblock_contents - Free the contents of a krb5_keyblock structure.","krb5_free_keytab_entry_contents - Free the contents of a key table entry.","krb5_free_principal - Free the storage assigned to a principal.","krb5_free_string - Free a string allocated by a krb5 function.","krb5_free_tgt_creds - Free an array of credential structures.","krb5_free_ticket - Free a ticket.","krb5_free_unparsed_name - Free a string representation of a principal.","krb5_fwd_tgt_creds - Get a forwarded TGT and format a KRB-CRED message.","krb5_get_credentials - Get an additional ticket.","krb5_get_credentials_renew","krb5_get_credentials_validate","krb5_get_default_realm - Retrieve the default realm.","krb5_get_error_message - Get the (possibly extended) error message for a code.","krb5_get_etype_info - Retrieve enctype, salt and s2kparams from KDC.","krb5_get_fallback_host_realm","krb5_get_host_realm - Get the Kerberos realm names for a host.","krb5_get_in_tkt_with_keytab","krb5_get_in_tkt_with_password","krb5_get_in_tkt_with_skey","krb5_get_init_creds_keytab - Get initial credentials using a key table.","krb5_get_init_creds_opt_alloc - Allocate a new initial credential options structure.","krb5_get_init_creds_opt_free - Free initial credential options.","krb5_get_init_creds_opt_get_fast_flags - Retrieve FAST flags from initial credential options.","krb5_get_init_creds_opt_init","krb5_get_init_creds_opt_set_address_list - Set address restrictions in initial credential options.","krb5_get_init_creds_opt_set_anonymous - Set or unset the anonymous flag in initial credential options.","krb5_get_init_creds_opt_set_canonicalize - Set or unset the canonicalize flag in initial credential options.","krb5_get_init_creds_opt_set_change_password_prompt - Set or unset change-password-prompt flag in initial credential options.","krb5_get_init_creds_opt_set_etype_list - Set allowable encryption types in initial credential options.","krb5_get_init_creds_opt_set_expire_callback - Set an expiration callback in initial credential options.","krb5_get_init_creds_opt_set_fast_ccache - Set FAST armor cache in initial credential options.","krb5_get_init_creds_opt_set_fast_ccache_name - Set location of FAST armor ccache in initial credential options.","krb5_get_init_creds_opt_set_fast_flags - Set FAST flags in initial credential options.","krb5_get_init_creds_opt_set_forwardable - Set or unset the forwardable flag in initial credential options.","krb5_get_init_creds_opt_set_in_ccache - Set an input credential cache in initial credential options.","krb5_get_init_creds_opt_set_out_ccache - Set an output credential cache in initial credential options.","krb5_get_init_creds_opt_set_pa - Supply options for preauthentication in initial credential options.","krb5_get_init_creds_opt_set_pac_request - Ask the KDC to include or not include a PAC in the ticket.","krb5_get_init_creds_opt_set_preauth_list - Set preauthentication types in initial credential options.","krb5_get_init_creds_opt_set_proxiable - Set or unset the proxiable flag in initial credential options.","krb5_get_init_creds_opt_set_renew_life - Set the ticket renewal lifetime in initial credential options.","krb5_get_init_creds_opt_set_responder - Set the responder function in initial credential options.","krb5_get_init_creds_opt_set_salt - Set salt for optimistic preauthentication in initial credential options.","krb5_get_init_creds_opt_set_tkt_life - Set the ticket lifetime in initial credential options.","krb5_get_init_creds_password - Get initial credentials using a password.","krb5_get_permitted_enctypes - Return a list of encryption types permitted for session keys.","krb5_get_profile - Retrieve configuration profile from the context.","krb5_get_prompt_types - Get prompt types array from a context.","krb5_get_renewed_creds - Get renewed credential from KDC using an existing credential.","krb5_get_server_rcache - Generate a replay cache object for server use and open it.","krb5_get_time_offsets - Return the time offsets from the os context.","krb5_get_validated_creds - Get validated credentials from the KDC.","krb5_init_context - Create a krb5 library context.","krb5_init_context_profile - Create a krb5 library context using a specified profile.","krb5_init_creds_free - Free an initial credentials context.","krb5_init_creds_get - Acquire credentials using an initial credentials context.","krb5_init_creds_get_creds - Retrieve acquired credentials from an initial credentials context.","krb5_init_creds_get_error - Get the last error from KDC from an initial credentials context.","krb5_init_creds_get_times - Retrieve ticket times from an initial credentials context.","krb5_init_creds_init - Create a context for acquiring initial credentials.","krb5_init_creds_set_keytab - Specify a keytab to use for acquiring initial credentials.","krb5_init_creds_set_password - Set a password for acquiring initial credentials.","krb5_init_creds_set_service - Specify a service principal for acquiring initial credentials.","krb5_init_creds_step - Get the next KDC request for acquiring initial credentials.","krb5_init_keyblock - Initialize an empty krb5_keyblock .","krb5_init_random_key","krb5_init_secure_context - Create a krb5 library context using only configuration files.","krb5_is_config_principal - Test whether a principal is a configuration principal.","krb5_is_referral_realm - Check for a match with KRB5_REFERRAL_REALM.","krb5_is_thread_safe - Test whether the Kerberos library was built with multithread support.","krb5_k_create_key - Create a krb5_key from the enctype and key data in a keyblock.","krb5_k_decrypt - Decrypt data using a key (operates on opaque key).","krb5_k_decrypt_iov - Decrypt data in place supporting AEAD (operates on opaque key).","krb5_k_encrypt - Encrypt data using a key (operates on opaque key).","krb5_k_encrypt_iov - Encrypt data in place supporting AEAD (operates on opaque key).","krb5_k_free_key - Decrement the reference count on a key and free it if it hits zero.","krb5_k_key_enctype - Retrieve the enctype of a krb5_key structure.","krb5_k_key_keyblock - Retrieve a copy of the keyblock from a krb5_key structure.","krb5_k_make_checksum - Compute a checksum (operates on opaque key).","krb5_k_make_checksum_iov - Fill in a checksum element in IOV array (operates on opaque key)","krb5_k_prf - Generate enctype-specific pseudo-random bytes (operates on opaque key).","krb5_k_reference_key - Increment the reference count on a key.","krb5_k_verify_checksum - Verify a checksum (operates on opaque key).","krb5_k_verify_checksum_iov - Validate a checksum element in IOV array (operates on opaque key).","krb5_kdc_sign_ticket - Sign a PAC, possibly including a ticket signature.","krb5_kdc_verify_ticket - Verify a PAC, possibly including ticket signature.","krb5_kt_add_entry - Add a new entry to a key table.","krb5_kt_client_default - Resolve the default client key table.","krb5_kt_close - Close a key table handle.","krb5_kt_default - Resolve the default key table.","krb5_kt_default_name - Get the default key table name.","krb5_kt_dup - Duplicate keytab handle.","krb5_kt_end_seq_get - Release a keytab cursor.","krb5_kt_free_entry","krb5_kt_get_entry - Get an entry from a key table.","krb5_kt_get_name - Get a key table name.","krb5_kt_get_type - Return the type of a key table.","krb5_kt_have_content - Check if a keytab exists and contains entries.","krb5_kt_next_entry - Retrieve the next entry from the key table.","krb5_kt_read_service_key - Retrieve a service key from a key table.","krb5_kt_remove_entry - Remove an entry from a key table.","krb5_kt_resolve - Get a handle for a key table.","krb5_kt_start_seq_get - Start a sequential retrieval of key table entries.","krb5_kuserok - Determine if a principal is authorized to log in as a local user.","krb5_make_authdata_kdc_issued - Encode and sign AD-KDCIssued authorization data.","krb5_marshal_credentials - Serialize a krb5_creds object.","krb5_merge_authdata - Merge two authorization data lists into a new list.","krb5_mk_1cred - Format a KRB-CRED message for a single set of credentials.","krb5_mk_error - Format and encode a KRB_ERROR message.","krb5_mk_ncred - Format a KRB-CRED message for an array of credentials.","krb5_mk_priv - Format a KRB-PRIV message.","krb5_mk_rep - Format and encrypt a KRB_AP_REP message.","krb5_mk_rep_dce - Format and encrypt a KRB_AP_REP message for DCE RPC.","krb5_mk_req - Create a KRB_AP_REQ message.","krb5_mk_req_extended - Create a KRB_AP_REQ message using supplied credentials.","krb5_mk_safe - Format a KRB-SAFE message.","krb5_os_localaddr - Return all interface addresses for this host.","krb5_pac_add_buffer - Add a buffer to a PAC handle.","krb5_pac_free - Free a PAC handle.","krb5_pac_get_buffer - Retrieve a buffer value from a PAC.","krb5_pac_get_client_info - Read client information from a PAC.","krb5_pac_get_types - Return an array of buffer types in a PAC handle.","krb5_pac_init - Create an empty Privilege Attribute Certificate (PAC) handle.","krb5_pac_parse - Unparse an encoded PAC into a new handle.","krb5_pac_sign","krb5_pac_sign_ext","krb5_pac_verify - Verify a PAC.","krb5_pac_verify_ext - Verify a PAC, possibly from a specified realm.","krb5_parse_name - Convert a string principal name to a krb5_principal structure.","krb5_parse_name_flags - Convert a string principal name to a krb5_principal with flags.","krb5_prepend_error_message - Add a prefix to the message for an error code.","krb5_principal2salt - Convert a principal name into the default salt for that principal.","krb5_principal_compare - Compare two principals.","krb5_principal_compare_any_realm - Compare two principals ignoring realm components.","krb5_principal_compare_flags - Compare two principals with additional flags.","krb5_process_key","krb5_prompter_posix - Prompt user for password.","krb5_random_key","krb5_rd_cred - Read and validate a KRB-CRED message.","krb5_rd_error - Decode a KRB-ERROR message.","krb5_rd_priv - Process a KRB-PRIV message.","krb5_rd_rep - Parse and decrypt a KRB_AP_REP message.","krb5_rd_rep_dce - Parse and decrypt a KRB_AP_REP message for DCE RPC.","krb5_rd_req - Parse and decrypt a KRB_AP_REQ message.","krb5_rd_safe - Process KRB-SAFE message.","krb5_read_password - Read a password from keyboard input.","krb5_realm_compare - Compare the realms of two principals.","krb5_recvauth - Server function for sendauth protocol.","krb5_recvauth_version - Server function for sendauth protocol with version parameter.","krb5_responder_get_challenge - Retrieve the challenge data for a given question in the responder context.","krb5_responder_list_questions - List the question names contained in the responder context.","krb5_responder_otp_challenge_free - Free the value returned by krb5_responder_otp_get_challenge().","krb5_responder_otp_get_challenge - Decode the KRB5_RESPONDER_QUESTION_OTP to a C struct.","krb5_responder_otp_set_answer - Answer the KRB5_RESPONDER_QUESTION_OTP question.","krb5_responder_pkinit_challenge_free - Free the value returned by krb5_responder_pkinit_get_challenge().","krb5_responder_pkinit_get_challenge - Decode the KRB5_RESPONDER_QUESTION_PKINIT to a C struct.","krb5_responder_pkinit_set_answer - Answer the KRB5_RESPONDER_QUESTION_PKINIT question for one identity.","krb5_responder_set_answer - Answer a named question in the responder context.","krb5_salttype_to_string - Convert a salt type to a string.","krb5_sendauth - Client function for sendauth protocol.","krb5_server_decrypt_ticket_keytab - Decrypt a ticket using the specified key table.","krb5_set_default_realm - Override the default realm for the specified context.","krb5_set_default_tgs_enctypes - Set default TGS encryption types in a krb5_context structure.","krb5_set_error_message - Set an extended error message for an error code.","krb5_set_kdc_recv_hook - Set a KDC post-receive hook function.","krb5_set_kdc_send_hook - Set a KDC pre-send hook function.","krb5_set_password - Set a password for a principal using specified credentials.","krb5_set_password_using_ccache - Set a password for a principal using cached credentials.","krb5_set_principal_realm - Set the realm field of a principal.","krb5_set_real_time - Set time offset field in a krb5_context structure.","krb5_set_trace_callback - Specify a callback function for trace events.","krb5_set_trace_filename - Specify a file name for directing trace events.","krb5_sname_match - Test whether a principal matches a matching principal.","krb5_sname_to_principal - Generate a full principal name from a service name.","krb5_string_to_cksumtype - Convert a string to a checksum type.","krb5_string_to_deltat - Convert a string to a delta time value.","krb5_string_to_enctype - Convert a string to an encryption type.","krb5_string_to_key","krb5_string_to_salttype - Convert a string to a salt type.","krb5_string_to_timestamp - Convert a string to a timestamp.","krb5_timeofday - Retrieve the current time with context specific time offset adjustment.","krb5_timestamp_to_sfstring - Convert a timestamp to a string, with optional output padding.","krb5_timestamp_to_string - Convert a timestamp to a string.","krb5_tkt_creds_free - Free a TGS request context.","krb5_tkt_creds_get - Synchronously obtain credentials using a TGS request context.","krb5_tkt_creds_get_creds - Retrieve acquired credentials from a TGS request context.","krb5_tkt_creds_get_times - Retrieve ticket times from a TGS request context.","krb5_tkt_creds_init - Create a context to get credentials from a KDC\u2019s Ticket Granting Service.","krb5_tkt_creds_step - Get the next KDC request in a TGS exchange.","krb5_unmarshal_credentials - Deserialize a krb5_creds object.","krb5_unparse_name - Convert a krb5_principal structure to a string representation.","krb5_unparse_name_ext - Convert krb5_principal structure to string and length.","krb5_unparse_name_flags - Convert krb5_principal structure to a string with flags.","krb5_unparse_name_flags_ext - Convert krb5_principal structure to string format with flags.","krb5_us_timeofday - Retrieve the system time of day, in sec and ms, since the epoch.","krb5_use_enctype","krb5_verify_authdata_kdc_issued - Unwrap and verify AD-KDCIssued authorization data.","krb5_verify_checksum","krb5_verify_init_creds - Verify initial credentials against a keytab.","krb5_verify_init_creds_opt_init - Initialize a credential verification options structure.","krb5_verify_init_creds_opt_set_ap_req_nofail - Set whether credential verification is required.","krb5_vprepend_error_message - Add a prefix to the message for an error code using a va_list.","krb5_vset_error_message - Set an extended error message for an error code using a va_list.","krb5_vwrap_error_message - Add a prefix to a different error code\u2019s message using a va_list.","krb5_wrap_error_message - Add a prefix to a different error code\u2019s message.","Complete reference - API and datatypes","ADDRTYPE_ADDRPORT","ADDRTYPE_CHAOS","ADDRTYPE_DDP","ADDRTYPE_INET","ADDRTYPE_INET6","ADDRTYPE_IPPORT","ADDRTYPE_ISO","ADDRTYPE_IS_LOCAL","ADDRTYPE_NETBIOS","ADDRTYPE_XNS","AD_TYPE_EXTERNAL","AD_TYPE_FIELD_TYPE_MASK","AD_TYPE_REGISTERED","AD_TYPE_RESERVED","AP_OPTS_ETYPE_NEGOTIATION","AP_OPTS_MUTUAL_REQUIRED","AP_OPTS_RESERVED","AP_OPTS_USE_SESSION_KEY","AP_OPTS_USE_SUBKEY","AP_OPTS_WIRE_MASK","CKSUMTYPE_CMAC_CAMELLIA128","CKSUMTYPE_CMAC_CAMELLIA256","CKSUMTYPE_CRC32","CKSUMTYPE_DESCBC","CKSUMTYPE_HMAC_MD5_ARCFOUR","CKSUMTYPE_HMAC_SHA1_96_AES128","CKSUMTYPE_HMAC_SHA1_96_AES256","CKSUMTYPE_HMAC_SHA1_DES3","CKSUMTYPE_HMAC_SHA256_128_AES128","CKSUMTYPE_HMAC_SHA384_192_AES256","CKSUMTYPE_MD5_HMAC_ARCFOUR","CKSUMTYPE_NIST_SHA","CKSUMTYPE_RSA_MD4","CKSUMTYPE_RSA_MD4_DES","CKSUMTYPE_RSA_MD5","CKSUMTYPE_RSA_MD5_DES","CKSUMTYPE_SHA1","ENCTYPE_AES128_CTS_HMAC_SHA1_96","ENCTYPE_AES128_CTS_HMAC_SHA256_128","ENCTYPE_AES256_CTS_HMAC_SHA1_96","ENCTYPE_AES256_CTS_HMAC_SHA384_192","ENCTYPE_ARCFOUR_HMAC","ENCTYPE_ARCFOUR_HMAC_EXP","ENCTYPE_CAMELLIA128_CTS_CMAC","ENCTYPE_CAMELLIA256_CTS_CMAC","ENCTYPE_DES3_CBC_ENV","ENCTYPE_DES3_CBC_RAW","ENCTYPE_DES3_CBC_SHA","ENCTYPE_DES3_CBC_SHA1","ENCTYPE_DES_CBC_CRC","ENCTYPE_DES_CBC_MD4","ENCTYPE_DES_CBC_MD5","ENCTYPE_DES_CBC_RAW","ENCTYPE_DES_HMAC_SHA1","ENCTYPE_DSA_SHA1_CMS","ENCTYPE_MD5_RSA_CMS","ENCTYPE_NULL","ENCTYPE_RC2_CBC_ENV","ENCTYPE_RSA_ENV","ENCTYPE_RSA_ES_OAEP_ENV","ENCTYPE_SHA1_RSA_CMS","ENCTYPE_UNKNOWN","KDC_OPT_ALLOW_POSTDATE","KDC_OPT_CANONICALIZE","KDC_OPT_CNAME_IN_ADDL_TKT","KDC_OPT_DISABLE_TRANSITED_CHECK","KDC_OPT_ENC_TKT_IN_SKEY","KDC_OPT_FORWARDABLE","KDC_OPT_FORWARDED","KDC_OPT_POSTDATED","KDC_OPT_PROXIABLE","KDC_OPT_PROXY","KDC_OPT_RENEW","KDC_OPT_RENEWABLE","KDC_OPT_RENEWABLE_OK","KDC_OPT_REQUEST_ANONYMOUS","KDC_OPT_VALIDATE","KDC_TKT_COMMON_MASK","KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE","KRB5_ANONYMOUS_PRINCSTR","KRB5_ANONYMOUS_REALMSTR","KRB5_AP_REP","KRB5_AP_REQ","KRB5_AS_REP","KRB5_AS_REQ","KRB5_AUTHDATA_AND_OR","KRB5_AUTHDATA_AP_OPTIONS","KRB5_AUTHDATA_AUTH_INDICATOR","KRB5_AUTHDATA_CAMMAC","KRB5_AUTHDATA_ETYPE_NEGOTIATION","KRB5_AUTHDATA_FX_ARMOR","KRB5_AUTHDATA_IF_RELEVANT","KRB5_AUTHDATA_INITIAL_VERIFIED_CAS","KRB5_AUTHDATA_KDC_ISSUED","KRB5_AUTHDATA_MANDATORY_FOR_KDC","KRB5_AUTHDATA_OSF_DCE","KRB5_AUTHDATA_SESAME","KRB5_AUTHDATA_SIGNTICKET","KRB5_AUTHDATA_WIN2K_PAC","KRB5_AUTH_CONTEXT_DO_SEQUENCE","KRB5_AUTH_CONTEXT_DO_TIME","KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR","KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR","KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR","KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR","KRB5_AUTH_CONTEXT_PERMIT_ALL","KRB5_AUTH_CONTEXT_RET_SEQUENCE","KRB5_AUTH_CONTEXT_RET_TIME","KRB5_AUTH_CONTEXT_USE_SUBKEY","KRB5_CRED","KRB5_CRYPTO_TYPE_CHECKSUM","KRB5_CRYPTO_TYPE_DATA","KRB5_CRYPTO_TYPE_EMPTY","KRB5_CRYPTO_TYPE_HEADER","KRB5_CRYPTO_TYPE_PADDING","KRB5_CRYPTO_TYPE_SIGN_ONLY","KRB5_CRYPTO_TYPE_STREAM","KRB5_CRYPTO_TYPE_TRAILER","KRB5_CYBERSAFE_SECUREID","KRB5_DOMAIN_X500_COMPRESS","KRB5_ENCPADATA_REQ_ENC_PA_REP","KRB5_ERROR","KRB5_FAST_REQUIRED","KRB5_GC_CACHED","KRB5_GC_CANONICALIZE","KRB5_GC_CONSTRAINED_DELEGATION","KRB5_GC_FORWARDABLE","KRB5_GC_NO_STORE","KRB5_GC_NO_TRANSIT_CHECK","KRB5_GC_USER_USER","KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST","KRB5_GET_INIT_CREDS_OPT_ANONYMOUS","KRB5_GET_INIT_CREDS_OPT_CANONICALIZE","KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT","KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST","KRB5_GET_INIT_CREDS_OPT_FORWARDABLE","KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST","KRB5_GET_INIT_CREDS_OPT_PROXIABLE","KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE","KRB5_GET_INIT_CREDS_OPT_SALT","KRB5_GET_INIT_CREDS_OPT_TKT_LIFE","KRB5_INIT_CONTEXT_KDC","KRB5_INIT_CONTEXT_SECURE","KRB5_INIT_CREDS_STEP_FLAG_CONTINUE","KRB5_INT16_MAX","KRB5_INT16_MIN","KRB5_INT32_MAX","KRB5_INT32_MIN","KRB5_KEYUSAGE_AD_ITE","KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM","KRB5_KEYUSAGE_AD_MTE","KRB5_KEYUSAGE_AD_SIGNEDPATH","KRB5_KEYUSAGE_APP_DATA_CKSUM","KRB5_KEYUSAGE_APP_DATA_ENCRYPT","KRB5_KEYUSAGE_AP_REP_ENCPART","KRB5_KEYUSAGE_AP_REQ_AUTH","KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM","KRB5_KEYUSAGE_AS_REP_ENCPART","KRB5_KEYUSAGE_AS_REQ","KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS","KRB5_KEYUSAGE_CAMMAC","KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT","KRB5_KEYUSAGE_ENC_CHALLENGE_KDC","KRB5_KEYUSAGE_FAST_ENC","KRB5_KEYUSAGE_FAST_FINISHED","KRB5_KEYUSAGE_FAST_REP","KRB5_KEYUSAGE_FAST_REQ_CHKSUM","KRB5_KEYUSAGE_GSS_TOK_MIC","KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG","KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV","KRB5_KEYUSAGE_IAKERB_FINISHED","KRB5_KEYUSAGE_KDC_REP_TICKET","KRB5_KEYUSAGE_KRB_CRED_ENCPART","KRB5_KEYUSAGE_KRB_ERROR_CKSUM","KRB5_KEYUSAGE_KRB_PRIV_ENCPART","KRB5_KEYUSAGE_KRB_SAFE_CKSUM","KRB5_KEYUSAGE_PA_AS_FRESHNESS","KRB5_KEYUSAGE_PA_FX_COOKIE","KRB5_KEYUSAGE_PA_OTP_REQUEST","KRB5_KEYUSAGE_PA_PKINIT_KX","KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY","KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST","KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM","KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID","KRB5_KEYUSAGE_PA_SAM_RESPONSE","KRB5_KEYUSAGE_SPAKE","KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY","KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY","KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY","KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY","KRB5_KEYUSAGE_TGS_REQ_AUTH","KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM","KRB5_KPASSWD_ACCESSDENIED","KRB5_KPASSWD_AUTHERROR","KRB5_KPASSWD_BAD_VERSION","KRB5_KPASSWD_HARDERROR","KRB5_KPASSWD_INITIAL_FLAG_NEEDED","KRB5_KPASSWD_MALFORMED","KRB5_KPASSWD_SOFTERROR","KRB5_KPASSWD_SUCCESS","KRB5_LRQ_ALL_ACCT_EXPTIME","KRB5_LRQ_ALL_LAST_INITIAL","KRB5_LRQ_ALL_LAST_RENEWAL","KRB5_LRQ_ALL_LAST_REQ","KRB5_LRQ_ALL_LAST_TGT","KRB5_LRQ_ALL_LAST_TGT_ISSUED","KRB5_LRQ_ALL_PW_EXPTIME","KRB5_LRQ_NONE","KRB5_LRQ_ONE_ACCT_EXPTIME","KRB5_LRQ_ONE_LAST_INITIAL","KRB5_LRQ_ONE_LAST_RENEWAL","KRB5_LRQ_ONE_LAST_REQ","KRB5_LRQ_ONE_LAST_TGT","KRB5_LRQ_ONE_LAST_TGT_ISSUED","KRB5_LRQ_ONE_PW_EXPTIME","KRB5_NT_ENTERPRISE_PRINCIPAL","KRB5_NT_ENT_PRINCIPAL_AND_ID","KRB5_NT_MS_PRINCIPAL","KRB5_NT_MS_PRINCIPAL_AND_ID","KRB5_NT_PRINCIPAL","KRB5_NT_SMTP_NAME","KRB5_NT_SRV_HST","KRB5_NT_SRV_INST","KRB5_NT_SRV_XHST","KRB5_NT_UID","KRB5_NT_UNKNOWN","KRB5_NT_WELLKNOWN","KRB5_NT_X500_PRINCIPAL","KRB5_PAC_ATTRIBUTES_INFO","KRB5_PAC_CLIENT_CLAIMS","KRB5_PAC_CLIENT_INFO","KRB5_PAC_CREDENTIALS_INFO","KRB5_PAC_DELEGATION_INFO","KRB5_PAC_DEVICE_CLAIMS","KRB5_PAC_DEVICE_INFO","KRB5_PAC_FULL_CHECKSUM","KRB5_PAC_LOGON_INFO","KRB5_PAC_PRIVSVR_CHECKSUM","KRB5_PAC_REQUESTOR","KRB5_PAC_SERVER_CHECKSUM","KRB5_PAC_TICKET_CHECKSUM","KRB5_PAC_UPN_DNS_INFO","KRB5_PADATA_AFS3_SALT","KRB5_PADATA_AP_REQ","KRB5_PADATA_AS_CHECKSUM","KRB5_PADATA_AS_FRESHNESS","KRB5_PADATA_ENCRYPTED_CHALLENGE","KRB5_PADATA_ENC_SANDIA_SECURID","KRB5_PADATA_ENC_TIMESTAMP","KRB5_PADATA_ENC_UNIX_TIME","KRB5_PADATA_ETYPE_INFO","KRB5_PADATA_ETYPE_INFO2","KRB5_PADATA_FOR_USER","KRB5_PADATA_FX_COOKIE","KRB5_PADATA_FX_ERROR","KRB5_PADATA_FX_FAST","KRB5_PADATA_GET_FROM_TYPED_DATA","KRB5_PADATA_NONE","KRB5_PADATA_OSF_DCE","KRB5_PADATA_OTP_CHALLENGE","KRB5_PADATA_OTP_PIN_CHANGE","KRB5_PADATA_OTP_REQUEST","KRB5_PADATA_PAC_OPTIONS","KRB5_PADATA_PAC_REQUEST","KRB5_PADATA_PKINIT_KX","KRB5_PADATA_PK_AS_REP","KRB5_PADATA_PK_AS_REP_OLD","KRB5_PADATA_PK_AS_REQ","KRB5_PADATA_PK_AS_REQ_OLD","KRB5_PADATA_PW_SALT","KRB5_PADATA_REDHAT_IDP_OAUTH2","KRB5_PADATA_REDHAT_PASSKEY","KRB5_PADATA_REFERRAL","KRB5_PADATA_S4U_X509_USER","KRB5_PADATA_SAM_CHALLENGE","KRB5_PADATA_SAM_CHALLENGE_2","KRB5_PADATA_SAM_REDIRECT","KRB5_PADATA_SAM_RESPONSE","KRB5_PADATA_SAM_RESPONSE_2","KRB5_PADATA_SESAME","KRB5_PADATA_SPAKE","KRB5_PADATA_SVR_REFERRAL_INFO","KRB5_PADATA_TGS_REQ","KRB5_PADATA_USE_SPECIFIED_KVNO","KRB5_PRINCIPAL_COMPARE_CASEFOLD","KRB5_PRINCIPAL_COMPARE_ENTERPRISE","KRB5_PRINCIPAL_COMPARE_IGNORE_REALM","KRB5_PRINCIPAL_COMPARE_UTF8","KRB5_PRINCIPAL_PARSE_ENTERPRISE","KRB5_PRINCIPAL_PARSE_IGNORE_REALM","KRB5_PRINCIPAL_PARSE_NO_DEF_REALM","KRB5_PRINCIPAL_PARSE_NO_REALM","KRB5_PRINCIPAL_PARSE_REQUIRE_REALM","KRB5_PRINCIPAL_UNPARSE_DISPLAY","KRB5_PRINCIPAL_UNPARSE_NO_REALM","KRB5_PRINCIPAL_UNPARSE_SHORT","KRB5_PRIV","KRB5_PROMPT_TYPE_NEW_PASSWORD","KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN","KRB5_PROMPT_TYPE_PASSWORD","KRB5_PROMPT_TYPE_PREAUTH","KRB5_PVNO","KRB5_REALM_BRANCH_CHAR","KRB5_RECVAUTH_BADAUTHVERS","KRB5_RECVAUTH_SKIP_VERSION","KRB5_REFERRAL_REALM","KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN","KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN","KRB5_RESPONDER_OTP_FLAGS_NEXTOTP","KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN","KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC","KRB5_RESPONDER_OTP_FORMAT_DECIMAL","KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY","KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED","KRB5_RESPONDER_QUESTION_OTP","KRB5_RESPONDER_QUESTION_PASSWORD","KRB5_RESPONDER_QUESTION_PKINIT","KRB5_SAFE","KRB5_SAM_MUST_PK_ENCRYPT_SAD","KRB5_SAM_SEND_ENCRYPTED_SAD","KRB5_SAM_USE_SAD_AS_KEY","KRB5_TC_MATCH_2ND_TKT","KRB5_TC_MATCH_AUTHDATA","KRB5_TC_MATCH_FLAGS","KRB5_TC_MATCH_FLAGS_EXACT","KRB5_TC_MATCH_IS_SKEY","KRB5_TC_MATCH_KTYPE","KRB5_TC_MATCH_SRV_NAMEONLY","KRB5_TC_MATCH_TIMES","KRB5_TC_MATCH_TIMES_EXACT","KRB5_TC_NOTICKET","KRB5_TC_OPENCLOSE","KRB5_TC_SUPPORTED_KTYPES","KRB5_TGS_NAME","KRB5_TGS_NAME_SIZE","KRB5_TGS_REP","KRB5_TGS_REQ","KRB5_TKT_CREDS_STEP_FLAG_CONTINUE","KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL","KRB5_WELLKNOWN_NAMESTR","LR_TYPE_INTERPRETATION_MASK","LR_TYPE_THIS_SERVER_ONLY","MAX_KEYTAB_NAME_LEN","MSEC_DIRBIT","MSEC_VAL_MASK","SALT_TYPE_AFS_LENGTH","SALT_TYPE_NO_LENGTH","THREEPARAMOPEN","TKT_FLG_ANONYMOUS","TKT_FLG_ENC_PA_REP","TKT_FLG_FORWARDABLE","TKT_FLG_FORWARDED","TKT_FLG_HW_AUTH","TKT_FLG_INITIAL","TKT_FLG_INVALID","TKT_FLG_MAY_POSTDATE","TKT_FLG_OK_AS_DELEGATE","TKT_FLG_POSTDATED","TKT_FLG_PRE_AUTH","TKT_FLG_PROXIABLE","TKT_FLG_PROXY","TKT_FLG_RENEWABLE","TKT_FLG_TRANSIT_POLICY_CHECKED","VALID_INT_BITS","VALID_UINT_BITS","krb5 simple macros","krb524_convert_creds_kdc","krb524_init_ets","krb5_const","krb5_princ_component","krb5_princ_name","krb5_princ_realm","krb5_princ_set_realm","krb5_princ_set_realm_data","krb5_princ_set_realm_length","krb5_princ_size","krb5_princ_type","krb5_roundup","krb5_x","krb5_xc","krb5 types and structures","krb5_address","krb5_addrtype","krb5_ap_rep","krb5_ap_rep_enc_part","krb5_ap_req","krb5_auth_context","krb5_authdata","krb5_authdatatype","krb5_authenticator","krb5_boolean","krb5_cc_cursor","krb5_ccache","krb5_cccol_cursor","krb5_checksum","krb5_cksumtype","krb5_const_pointer","krb5_const_principal","krb5_context","krb5_cred","krb5_cred_enc_part","krb5_cred_info","krb5_creds","krb5_crypto_iov","krb5_cryptotype","krb5_data","krb5_deltat","krb5_enc_data","krb5_enc_kdc_rep_part","krb5_enc_tkt_part","krb5_encrypt_block","krb5_enctype","krb5_error","krb5_error_code","krb5_expire_callback_func","krb5_flags","krb5_get_init_creds_opt","krb5_gic_opt_pa_data","krb5_init_creds_context","krb5_int16","krb5_int32","krb5_kdc_rep","krb5_kdc_req","krb5_key","krb5_keyblock","krb5_keytab","krb5_keytab_entry","krb5_keyusage","krb5_kt_cursor","krb5_kvno","krb5_last_req_entry","krb5_magic","krb5_mk_req_checksum_func","krb5_msgtype","krb5_octet","krb5_pa_data","krb5_pa_pac_req","krb5_pa_server_referral_data","krb5_pa_svr_referral_data","krb5_pac","krb5_pointer","krb5_post_recv_fn","krb5_pre_send_fn","krb5_preauthtype","krb5_principal","krb5_principal_data","krb5_prompt","krb5_prompt_type","krb5_prompter_fct","krb5_pwd_data","krb5_rcache","krb5_replay_data","krb5_responder_context","krb5_responder_fn","krb5_responder_otp_challenge","krb5_responder_otp_tokeninfo","krb5_responder_pkinit_challenge","krb5_responder_pkinit_identity","krb5_response","krb5_ticket","krb5_ticket_times","krb5_timestamp","krb5_tkt_authent","krb5_tkt_creds_context","krb5_trace_callback","krb5_trace_info","krb5_transited","krb5_typed_data","krb5_ui_2","krb5_ui_4","krb5_verify_init_creds_opt","passwd_phrase_element","Year 2038 considerations for uses of krb5_timestamp","Credential cache","Supported date and time formats","Kerberos V5 concepts","keytab","replay cache","stash file","Organization of the source directory","Doing the build","Building Kerberos V5","Options to configure","osconf.hin","How to build this documentation from the source","Copyright","Credential cache file format","KDC cookie format","PKINIT freshness tokens","Protocols and file formats","Keytab file format","Replay cache file format","MIT Kerberos Documentation (1.21.3)","MIT Kerberos defaults","MIT Kerberos features","MIT Kerberos License information","Credential cache selection interface (ccselect)","PKINIT certificate authorization interface (certauth)","Client preauthentication interface (clpreauth)","General plugin concepts","GSSAPI mechanism interface","Host-to-realm interface (hostrealm)","For plugin module developers","Internal pluggable interfaces","kadmin authorization interface (kadm5_auth)","KADM5 hook interface (kadm5_hook)","KDC policy interface (kdcpolicy)","KDC preauthentication interface (kdcpreauth)","Local authorization interface (localauth)","Server location interface (locate)","Configuration interface (profile)","Password quality interface (pwqual)","Resources","For users","Password management","Ticket management","User commands","kdestroy","kinit","klist","kpasswd","krb5-config","ksu","kswitch","kvno","sclient","User config files",".k5identity",".k5login","kerberos"],titleterms:{"0":911,"1":[185,911,916],"2038":896,"21":916,"3":916,"6113":[101,119],"boolean":59,"byte":[112,117,119,121,296],"default":[14,28,36,135,136,145,156,210,227,303,305,306,347,377,378,897,900,901,917],"do":904,"export":43,"function":[118,219,257,363,364,375,380,381,386],"import":43,"new":[108,149,236,302,322,339,946],"null":91,"public":[48,789,804],"return":[53,58,95,96,97,111,112,116,136,210,261,266,312,332,337,367,370],"switch":[34,160],"while":41,A:946,For:[30,45,926,937],No:41,OF:946,One:46,THE:946,The:[14,32,36],abbrevi:898,about:32,absolut:898,acceptor:43,access:938,account:[35,166,938],acl:[19,34],acquir:[15,271,272,275,276,277,278,279,401],ad:[14,15,320,412],ad_type_extern:432,ad_type_field_type_mask:433,ad_type_regist:434,ad_type_reserv:435,add:[34,302,333,346,417,419,420],add_entri:11,add_mkei:6,add_polici:3,add_princip:3,addit:[31,126,224,350],address:[25,52,53,54,62,64,82,172,198,240,332],addrtype_addrport:422,addrtype_chao:423,addrtype_ddp:424,addrtype_inet6:426,addrtype_inet:425,addrtype_ipport:427,addrtype_is_loc:429,addrtype_iso:428,addrtype_netbio:430,addrtype_xn:431,adjust:396,admin:[39,41],administr:[1,23,30,34],advanc:13,advic:[32,38],aead:[43,100,103,288,290],against:414,alia:192,all:332,alloc:[106,212,214,219,236],allow:[55,167,244],allow_weak_crypto:55,also:[2,3,4,5,6,7,8,9,10,11,12,19,20,21,941,942,943,944,945,946,947,948,949,951,952,953],alter:897,an:[53,57,58,63,64,65,67,68,69,71,72,73,74,76,77,78,79,80,81,82,84,85,86,87,88,89,90,111,115,118,124,166,172,173,185,192,193,204,211,212,213,220,224,245,250,251,264,270,271,272,273,274,280,310,316,325,337,338,339,346,379,392,417,418,908],ani:165,anonym:[37,46,57,58,241],anoth:179,answer:[369,372,373],ap_opts_etype_negoti:436,ap_opts_mutual_requir:437,ap_opts_reserv:438,ap_opts_use_session_kei:439,ap_opts_use_subkei:440,ap_opts_wire_mask:441,api:[44,48,421,908],appdefault:[21,59,60],applic:[14,15,32,38,45,55],archiv:936,argument:92,ark:6,armor:[246,247],arrai:[98,114,130,172,198,200,204,211,220,263,295,299,325,337],ask:253,asn:185,assign:[200,218],attack:25,attribut:[43,338],auth:[62,63,64,65,67,68,69,71,72,73,74,76,77,79,80,81,82,84,85,86,87,88,89,90],authdata:927,authent:[16,23,41,65,78,200,946],author:[28,37,173,184,189,195,319,320,322,412,921,927,928,932,946,953],autoconf:904,awai:26,back:[17,22],background:[0,901],backup:17,behavior:[19,38],berkelei:24,between:44,binari:904,block:95,buffer:[333,335,337],bug:953,build:[57,91,92,93,904,905,908],built:285,c:[368,371],cach:[71,85,132,133,134,135,136,137,139,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,246,250,251,265,383,897,901,910,915,920],call:48,callback:[46,63,80,245,386],cannot:41,canonic:[38,194,242],capath:21,caus:79,ccach:[138,247,897],ccselect:[21,920],cert:41,certauth:[21,921],certif:[37,41,338,921],cf2:107,chain:41,challeng:365,chang:[23,166,169,243,938],change_password:3,channel:936,check:[165,167,284,313],checksum:[63,80,81,96,109,110,111,113,114,127,129,130,170,204,294,295,298,299,390],choos:26,cipher:[79,95,106,108],cksumtype_cmac_camellia128:442,cksumtype_cmac_camellia256:443,cksumtype_crc32:444,cksumtype_descbc:445,cksumtype_hmac_md5_arcfour:446,cksumtype_hmac_sha1_96_aes128:447,cksumtype_hmac_sha1_96_aes256:448,cksumtype_hmac_sha1_des3:449,cksumtype_hmac_sha256_128_aes128:450,cksumtype_hmac_sha384_192_aes256:451,cksumtype_md5_hmac_arcfour:452,cksumtype_nist_sha:453,cksumtype_rsa_md4:454,cksumtype_rsa_md4_d:455,cksumtype_rsa_md5:456,cksumtype_rsa_md5_d:457,cksumtype_sha1:458,clean:904,clear:171,clear_list:11,client:[15,29,33,37,132,303,336,375,900,922],clock:[15,167],close:[133,304],clpreauth:[21,922],code:[228,346,379,417,418,419,420],collect:[161,162,163,164,165,897],collis:109,combin:107,command:[3,5,6,11,940],common:12,commonli:906,compar:[52,105,348,349,350,362],compat:26,complet:421,compon:349,comput:[104,107,113,294],concept:[899,923],conf:[20,21,34,59,60],config:[945,950],configur:[15,18,22,26,28,29,33,34,35,36,37,39,141,155,262,282,283,906,910,934],connect:[41,62],consider:[36,896],constrain:43,contain:[165,189,313,366],content:[18,31,181,203,206,209,216,217,905,926],context:[62,63,64,65,67,68,69,71,72,73,74,76,77,78,79,80,81,82,84,85,86,87,88,89,90,171,179,205,262,263,266,268,269,270,271,272,273,274,275,282,365,366,373,377,396,399,400,401,402,403,946],contribut:0,conveni:48,convert:[49,50,51,56,125,126,170,187,192,193,344,345,347,374,390,391,392,394,395,397,398,406,407,408,409],cooki:911,copi:[134,172,173,174,175,176,177,178,179,180,181,182,183,293],copyright:909,correct:15,count:[93,291,297],creat:[5,6,34,37,41,78,149,268,269,275,282,286,329,330,338,403,946],create_polici:5,cred:[223,323,325,354],credenti:[15,41,43,46,51,132,133,134,135,136,137,139,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,158,159,160,161,162,163,164,165,220,235,236,237,238,240,241,242,243,244,245,246,247,248,249,250,251,252,254,255,256,257,258,259,260,264,267,270,271,272,273,274,275,276,277,278,279,323,325,330,382,383,400,401,403,414,415,416,897,910,920],cross:23,current:[167,396],cursor:[162,308],daemon:34,dai:410,data:[58,99,100,101,102,103,104,124,173,184,189,195,198,200,209,286,287,288,289,290,320,322,365,412,927],databas:[3,14,17,23,24,34,39,927],datatyp:421,date:898,db2:24,dbdefault:20,dbmodul:20,dce:[328,358],de:14,decis:39,declar:[805,806,807,808,809,810,811,812,813,814,815,816,817,818,819,820,821,822,823,824,825,826,827,828,829,830,831,832,833,834,835,836,837,838,839,840,841,842,843,844,845,846,847,848,849,850,851,852,853,854,855,856,857,858,859,860,861,862,863,864,865,866,867,868,869,870,871,872,873,874,875,876,877,878,879,880,881,882,883,884,885,886,887,888,889,890,891,892,893,894,895],decod:[185,355,368,371],decrement:291,decrypt:[99,100,287,288,357,358,359,376],defin:36,del_str:3,deleg:43,delete_entri:11,delete_polici:3,delete_princip:3,delta:391,deprec:[48,789],deriv:101,descript:[2,3,4,5,6,7,8,9,10,11,12,19,941,942,943,944,945,946,947,948,949,951,952,953],deseri:405,destroi:[5,6,137,939],destroy_polici:5,determin:[160,319],develop:[43,45,926],dictionari:25,differ:[23,44,419,420],direct:387,directli:48,directori:[903,904,906],discoveri:39,dn:[15,38],document:[0,898,908,916],domain_realm:21,dump:[6,23],duplic:[138,307],durat:898,dure:41,each:34,edit:34,effect:946,element:[114,130,195,295,299],empti:[280,338],encod:[320,324,339],encrypt:[20,26,41,97,102,103,104,105,111,115,118,128,192,193,211,244,261,289,290,327,328,378,392],enctyp:[26,115,117,124,229,286,292,296],enctype_aes128_cts_hmac_sha1_96:459,enctype_aes128_cts_hmac_sha256_128:460,enctype_aes256_cts_hmac_sha1_96:461,enctype_aes256_cts_hmac_sha384_192:462,enctype_arcfour_hmac:463,enctype_arcfour_hmac_exp:464,enctype_camellia128_cts_cmac:465,enctype_camellia256_cts_cmac:466,enctype_des3_cbc_env:467,enctype_des3_cbc_raw:468,enctype_des3_cbc_sha1:470,enctype_des3_cbc_sha:469,enctype_des_cbc_crc:471,enctype_des_cbc_md4:472,enctype_des_cbc_md5:473,enctype_des_cbc_raw:474,enctype_des_hmac_sha1:475,enctype_dsa_sha1_cm:476,enctype_md5_rsa_cm:477,enctype_nul:478,enctype_rc2_cbc_env:479,enctype_rsa_env:480,enctype_rsa_es_oaep_env:481,enctype_sha1_rsa_cm:482,enctype_unknown:483,end:22,entri:[139,150,217,302,310,313,314,316,318,910,914],environ:[2,3,4,5,6,7,8,9,10,11,12,27,906,941,942,943,944,946,947,948,949,953],epoch:410,error:[12,41,171,179,212,213,228,273,346,355,379,417,418,419,420],etc:38,event:[386,387],everi:158,exampl:[10,11,19,46,906,945,951,952],exchang:[41,404],execut:946,exist:[166,264,313],expans:21,expir:[41,245],extend:[171,179,228,379,418],extens:43,fact:918,fail:[34,41],fast:[238,246,247,248],featur:[906,918],field:[64,83,84,97,209,384,385],file:[8,18,20,21,32,33,34,282,387,902,910,913,914,915,941,942,943,947,948,950],fill:[98,114,295],find:[132,195],fine:906,finish:139,firewal:15,flag:[66,83,142,157,238,241,242,243,248,249,255,345,350,408,409],format:[185,223,323,324,325,326,327,328,331,409,898,910,911,913,914,915],forward:[223,249],free:[61,106,162,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,237,270,291,334,367,370,399],frequent:[41,48],fresh:[37,912],from:[14,15,26,59,60,62,63,64,65,66,67,68,69,71,72,73,74,76,77,124,141,142,150,151,153,179,229,238,262,263,264,266,267,272,273,274,286,293,310,314,315,316,335,336,343,361,389,401,402,403,908,923],full:[143,389],fx:107,gener:[37,62,115,117,119,121,124,213,265,296,389,917,923],get:[15,41,46,63,118,141,145,164,169,223,224,228,231,235,260,263,264,267,273,279,306,310,311,317,403,404],get_init_cr:46,get_polici:3,get_princip:3,get_str:3,getdat:898,given:365,grant:[403,938],gssapi:[28,43,924],guid:31,ha:41,handl:[133,138,304,307,317,333,334,337,338,339],header:[98,910],heimdal:44,hin:907,histori:[3,14,23,953],hit:291,hook:[380,381,929],host:[17,28,32,34,41,231,332,925],hostnam:[39,194],hostrealm:[21,925],how:908,http:29,ident:[21,372],ignor:349,includ:[253,300,301],increment:[23,34,297],indic:16,inform:[15,21,336,901,919],initi:[41,43,46,78,108,147,165,235,236,237,238,240,241,242,243,244,245,246,247,248,249,250,251,252,254,255,256,257,258,259,260,270,271,272,273,274,275,276,277,278,279,280,414,415],input:[101,250,361],instal:[31,33,34,904,906,946],instanc:36,instruct:946,interact:46,interfac:[21,48,332,920,921,922,924,925,927,928,929,930,931,932,933,934,935],intern:[804,927],interoper:918,interpos:924,iov:[43,98,114,130,295,299],irc:936,iter:163,its:161,k5ident:951,k5login:952,k5srvutil:2,kadm5:[19,929],kadm5_auth:[21,928],kadm5_hook:[21,929],kadmin:[3,928],kadmind:[4,923],kdb5_ldap_util:5,kdb5_util:6,kdb:927,kdc:[14,20,28,34,35,37,39,41,229,253,264,267,273,279,380,381,403,404,911,917,923,930,931],kdc_opt_allow_postd:484,kdc_opt_canonic:485,kdc_opt_cname_in_addl_tkt:486,kdc_opt_disable_transited_check:487,kdc_opt_enc_tkt_in_skei:488,kdc_opt_forward:[489,490],kdc_opt_postd:491,kdc_opt_proxi:[492,493],kdc_opt_renew:[494,495],kdc_opt_renewable_ok:496,kdc_opt_request_anonym:497,kdc_opt_valid:498,kdc_tkt_common_mask:499,kdcdefault:20,kdcissu:[320,412],kdcpolici:930,kdcpreauth:[21,931],kdestroi:[939,941],kei:[14,23,26,67,68,90,99,101,102,107,110,111,112,115,124,125,126,217,235,261,286,287,288,289,290,291,294,295,296,297,298,299,302,303,304,305,306,310,311,312,314,315,316,317,318,376,914],kerbero:[0,15,17,22,23,34,39,44,49,50,51,52,127,128,166,231,285,899,905,916,917,918,919,927,939,953],keyblock:[67,72,73,76,86,88,99,100,102,103,113,114,129,130,180,181,286,293],keyboard:361,keysalt:20,keytab:[15,32,34,38,276,307,308,313,414,900,914],kinit:[939,942],kldap:24,klist:[939,943],klmdb:24,known:163,kpasswd:944,kprop:[7,41],kpropd:8,kproplog:9,krb524_convert_creds_kdc:790,krb524_init_et:791,krb5:[21,34,48,59,60,205,219,268,269,282,789,804,945],krb5_425_conv_princip:49,krb5_524_conv_princip:50,krb5_524_convert_cr:51,krb5_address:805,krb5_address_compar:52,krb5_address_ord:53,krb5_address_search:54,krb5_addrtyp:806,krb5_allow_weak_crypto:55,krb5_altauth_att_challenge_respons:500,krb5_aname_to_localnam:56,krb5_anonymous_princip:57,krb5_anonymous_princstr:501,krb5_anonymous_realm:58,krb5_anonymous_realmstr:502,krb5_ap_rep:[503,807],krb5_ap_rep_enc_part:[199,808],krb5_ap_req:[504,809],krb5_appdefault_boolean:59,krb5_appdefault_str:60,krb5_as_rep:505,krb5_as_req:506,krb5_auth_con_fre:61,krb5_auth_con_genaddr:62,krb5_auth_con_get_checksum_func:63,krb5_auth_con_getaddr:64,krb5_auth_con_getauthent:65,krb5_auth_con_getflag:66,krb5_auth_con_getkei:67,krb5_auth_con_getkey_k:68,krb5_auth_con_getlocalseqnumb:69,krb5_auth_con_getlocalsubkei:70,krb5_auth_con_getrcach:71,krb5_auth_con_getrecvsubkei:72,krb5_auth_con_getrecvsubkey_k:73,krb5_auth_con_getremoteseqnumb:74,krb5_auth_con_getremotesubkei:75,krb5_auth_con_getsendsubkei:76,krb5_auth_con_getsendsubkey_k:77,krb5_auth_con_init:78,krb5_auth_con_initivector:79,krb5_auth_con_set_checksum_func:80,krb5_auth_con_set_req_cksumtyp:81,krb5_auth_con_setaddr:82,krb5_auth_con_setflag:83,krb5_auth_con_setport:84,krb5_auth_con_setrcach:85,krb5_auth_con_setrecvsubkei:86,krb5_auth_con_setrecvsubkey_k:87,krb5_auth_con_setsendsubkei:88,krb5_auth_con_setsendsubkey_k:89,krb5_auth_con_setuseruserkei:90,krb5_auth_context:[61,66,83,810],krb5_auth_context_do_sequ:521,krb5_auth_context_do_tim:522,krb5_auth_context_generate_local_addr:523,krb5_auth_context_generate_local_full_addr:524,krb5_auth_context_generate_remote_addr:525,krb5_auth_context_generate_remote_full_addr:526,krb5_auth_context_permit_al:527,krb5_auth_context_ret_sequ:528,krb5_auth_context_ret_tim:529,krb5_auth_context_use_subkei:530,krb5_authdata:811,krb5_authdata_and_or:507,krb5_authdata_ap_opt:508,krb5_authdata_auth_ind:509,krb5_authdata_cammac:510,krb5_authdata_etype_negoti:511,krb5_authdata_fx_armor:512,krb5_authdata_if_relev:513,krb5_authdata_initial_verified_ca:514,krb5_authdata_kdc_issu:515,krb5_authdata_mandatory_for_kdc:516,krb5_authdata_osf_dc:517,krb5_authdata_sesam:518,krb5_authdata_signticket:519,krb5_authdata_win2k_pac:520,krb5_authdatatyp:812,krb5_authent:[174,201,813],krb5_boolean:814,krb5_build_princip:91,krb5_build_principal_alloc_va:92,krb5_build_principal_ext:93,krb5_build_principal_va:94,krb5_c_block_siz:95,krb5_c_checksum_length:96,krb5_c_crypto_length:97,krb5_c_crypto_length_iov:98,krb5_c_decrypt:99,krb5_c_decrypt_iov:100,krb5_c_derive_prfplu:101,krb5_c_encrypt:102,krb5_c_encrypt_iov:103,krb5_c_encrypt_length:104,krb5_c_enctype_compar:105,krb5_c_free_stat:106,krb5_c_fx_cf2_simpl:107,krb5_c_init_st:[106,108],krb5_c_is_coll_proof_cksum:109,krb5_c_is_keyed_cksum:110,krb5_c_keyed_checksum_typ:111,krb5_c_keylength:112,krb5_c_make_checksum:113,krb5_c_make_checksum_iov:114,krb5_c_make_random_kei:115,krb5_c_padding_length:116,krb5_c_prf:117,krb5_c_prf_length:118,krb5_c_prfplu:119,krb5_c_random_add_entropi:120,krb5_c_random_make_octet:121,krb5_c_random_os_entropi:122,krb5_c_random_se:123,krb5_c_random_to_kei:124,krb5_c_string_to_kei:125,krb5_c_string_to_key_with_param:126,krb5_c_valid_cksumtyp:127,krb5_c_valid_enctyp:128,krb5_c_verify_checksum:129,krb5_c_verify_checksum_iov:130,krb5_calculate_checksum:131,krb5_cc_cache_match:132,krb5_cc_close:133,krb5_cc_copy_cr:134,krb5_cc_cursor:815,krb5_cc_default:135,krb5_cc_default_nam:136,krb5_cc_destroi:137,krb5_cc_dup:138,krb5_cc_end_seq_get:139,krb5_cc_gen_new:140,krb5_cc_get_config:141,krb5_cc_get_flag:142,krb5_cc_get_full_nam:143,krb5_cc_get_nam:144,krb5_cc_get_princip:145,krb5_cc_get_typ:146,krb5_cc_initi:147,krb5_cc_move:148,krb5_cc_new_uniqu:149,krb5_cc_next_cr:150,krb5_cc_remove_cr:151,krb5_cc_resolv:152,krb5_cc_retrieve_cr:153,krb5_cc_select:154,krb5_cc_set_config:155,krb5_cc_set_default_nam:156,krb5_cc_set_flag:157,krb5_cc_start_seq_get:158,krb5_cc_store_cr:159,krb5_cc_support_switch:160,krb5_cc_switch:161,krb5_ccach:816,krb5_cccol_cursor:817,krb5_cccol_cursor_fre:162,krb5_cccol_cursor_new:163,krb5_cccol_cursor_next:164,krb5_cccol_have_cont:165,krb5_change_password:166,krb5_check_clockskew:167,krb5_checksum:[175,202,203,818],krb5_checksum_s:168,krb5_chpw_messag:169,krb5_cksumtyp:819,krb5_cksumtype_to_str:170,krb5_clear_error_messag:171,krb5_const:792,krb5_const_point:820,krb5_const_princip:821,krb5_context:[176,378,385,822],krb5_copy_address:172,krb5_copy_authdata:173,krb5_copy_authent:174,krb5_copy_checksum:175,krb5_copy_context:176,krb5_copy_cr:177,krb5_copy_data:178,krb5_copy_error_messag:179,krb5_copy_keyblock:180,krb5_copy_keyblock_cont:181,krb5_copy_princip:182,krb5_copy_ticket:183,krb5_cred:[177,206,207,321,405,531,823,826],krb5_cred_enc_part:824,krb5_cred_info:825,krb5_crypto_iov:827,krb5_crypto_type_checksum:532,krb5_crypto_type_data:533,krb5_crypto_type_empti:534,krb5_crypto_type_head:535,krb5_crypto_type_pad:536,krb5_crypto_type_sign_onli:537,krb5_crypto_type_stream:538,krb5_crypto_type_trail:539,krb5_cryptotyp:828,krb5_cybersafe_secureid:540,krb5_data:[178,208,209,829],krb5_decode_authdata_contain:184,krb5_decode_ticket:185,krb5_decrypt:186,krb5_deltat:830,krb5_deltat_to_str:187,krb5_domain_x500_compress:541,krb5_eblock_enctyp:188,krb5_enc_data:831,krb5_enc_kdc_rep_part:832,krb5_enc_tkt_part:833,krb5_encode_authdata_contain:189,krb5_encpadata_req_enc_pa_rep:542,krb5_encrypt:190,krb5_encrypt_block:834,krb5_encrypt_s:191,krb5_enctyp:835,krb5_enctype_to_nam:192,krb5_enctype_to_str:193,krb5_error:[543,836],krb5_error_cod:837,krb5_expand_hostnam:194,krb5_expire_callback_func:838,krb5_fast_requir:544,krb5_find_authdata:195,krb5_finish_kei:196,krb5_finish_random_kei:197,krb5_flag:839,krb5_free_address:198,krb5_free_ap_rep_enc_part:199,krb5_free_authdata:200,krb5_free_authent:201,krb5_free_checksum:202,krb5_free_checksum_cont:203,krb5_free_cksumtyp:204,krb5_free_context:205,krb5_free_cr:207,krb5_free_cred_cont:206,krb5_free_data:208,krb5_free_data_cont:209,krb5_free_default_realm:210,krb5_free_enctyp:211,krb5_free_error:212,krb5_free_error_messag:213,krb5_free_host_realm:214,krb5_free_keyblock:215,krb5_free_keyblock_cont:216,krb5_free_keytab_entry_cont:217,krb5_free_princip:218,krb5_free_str:219,krb5_free_tgt_cr:220,krb5_free_ticket:221,krb5_free_unparsed_nam:222,krb5_fwd_tgt_cred:223,krb5_gc_cach:545,krb5_gc_canonic:546,krb5_gc_constrained_deleg:547,krb5_gc_forward:548,krb5_gc_no_stor:549,krb5_gc_no_transit_check:550,krb5_gc_user_us:551,krb5_get_credenti:224,krb5_get_credentials_renew:225,krb5_get_credentials_valid:226,krb5_get_default_realm:[210,227],krb5_get_error_messag:[213,228],krb5_get_etype_info:229,krb5_get_fallback_host_realm:230,krb5_get_host_realm:[214,231],krb5_get_in_tkt_with_keytab:232,krb5_get_in_tkt_with_password:233,krb5_get_in_tkt_with_skei:234,krb5_get_init_creds_keytab:235,krb5_get_init_creds_opt:840,krb5_get_init_creds_opt_address_list:552,krb5_get_init_creds_opt_alloc:236,krb5_get_init_creds_opt_anonym:553,krb5_get_init_creds_opt_canonic:554,krb5_get_init_creds_opt_chg_pwd_prmpt:555,krb5_get_init_creds_opt_etype_list:556,krb5_get_init_creds_opt_forward:557,krb5_get_init_creds_opt_fre:237,krb5_get_init_creds_opt_get_fast_flag:238,krb5_get_init_creds_opt_init:239,krb5_get_init_creds_opt_preauth_list:558,krb5_get_init_creds_opt_proxi:559,krb5_get_init_creds_opt_renew_lif:560,krb5_get_init_creds_opt_salt:561,krb5_get_init_creds_opt_set_address_list:240,krb5_get_init_creds_opt_set_anonym:241,krb5_get_init_creds_opt_set_canonic:242,krb5_get_init_creds_opt_set_change_password_prompt:243,krb5_get_init_creds_opt_set_etype_list:244,krb5_get_init_creds_opt_set_expire_callback:245,krb5_get_init_creds_opt_set_fast_ccach:246,krb5_get_init_creds_opt_set_fast_ccache_nam:247,krb5_get_init_creds_opt_set_fast_flag:248,krb5_get_init_creds_opt_set_forward:249,krb5_get_init_creds_opt_set_in_ccach:250,krb5_get_init_creds_opt_set_out_ccach:251,krb5_get_init_creds_opt_set_pa:252,krb5_get_init_creds_opt_set_pac_request:253,krb5_get_init_creds_opt_set_preauth_list:254,krb5_get_init_creds_opt_set_proxi:255,krb5_get_init_creds_opt_set_renew_lif:256,krb5_get_init_creds_opt_set_respond:257,krb5_get_init_creds_opt_set_salt:258,krb5_get_init_creds_opt_set_tkt_lif:259,krb5_get_init_creds_opt_tkt_lif:562,krb5_get_init_creds_password:260,krb5_get_permitted_enctyp:261,krb5_get_profil:262,krb5_get_prompt_typ:263,krb5_get_renewed_cr:264,krb5_get_server_rcach:265,krb5_get_time_offset:266,krb5_get_validated_cr:267,krb5_gic_opt_pa_data:841,krb5_init_context:268,krb5_init_context_kdc:563,krb5_init_context_profil:269,krb5_init_context_secur:564,krb5_init_creds_context:842,krb5_init_creds_fre:270,krb5_init_creds_get:271,krb5_init_creds_get_cr:272,krb5_init_creds_get_error:273,krb5_init_creds_get_tim:274,krb5_init_creds_init:275,krb5_init_creds_set_keytab:276,krb5_init_creds_set_password:277,krb5_init_creds_set_servic:278,krb5_init_creds_step:279,krb5_init_creds_step_flag_continu:565,krb5_init_keyblock:280,krb5_init_random_kei:281,krb5_init_secure_context:282,krb5_int16:843,krb5_int16_max:566,krb5_int16_min:567,krb5_int32:844,krb5_int32_max:568,krb5_int32_min:569,krb5_is_config_princip:283,krb5_is_referral_realm:284,krb5_is_thread_saf:285,krb5_k_create_kei:286,krb5_k_decrypt:287,krb5_k_decrypt_iov:288,krb5_k_encrypt:289,krb5_k_encrypt_iov:290,krb5_k_free_kei:291,krb5_k_key_enctyp:292,krb5_k_key_keyblock:293,krb5_k_make_checksum:294,krb5_k_make_checksum_iov:295,krb5_k_prf:296,krb5_k_reference_kei:297,krb5_k_verify_checksum:298,krb5_k_verify_checksum_iov:299,krb5_kdc_rep:845,krb5_kdc_req:846,krb5_kdc_sign_ticket:300,krb5_kdc_verify_ticket:301,krb5_kei:[286,292,293,847],krb5_keyblock:[215,216,280,848],krb5_keytab:849,krb5_keytab_entri:850,krb5_keyusag:851,krb5_keyusage_ad_it:570,krb5_keyusage_ad_kdcissued_cksum:571,krb5_keyusage_ad_mt:572,krb5_keyusage_ad_signedpath:573,krb5_keyusage_ap_rep_encpart:576,krb5_keyusage_ap_req_auth:577,krb5_keyusage_ap_req_auth_cksum:578,krb5_keyusage_app_data_cksum:574,krb5_keyusage_app_data_encrypt:575,krb5_keyusage_as_rep_encpart:579,krb5_keyusage_as_req:580,krb5_keyusage_as_req_pa_enc_t:581,krb5_keyusage_cammac:582,krb5_keyusage_enc_challenge_cli:583,krb5_keyusage_enc_challenge_kdc:584,krb5_keyusage_fast_enc:585,krb5_keyusage_fast_finish:586,krb5_keyusage_fast_rep:587,krb5_keyusage_fast_req_chksum:588,krb5_keyusage_gss_tok_m:589,krb5_keyusage_gss_tok_wrap_integ:590,krb5_keyusage_gss_tok_wrap_priv:591,krb5_keyusage_iakerb_finish:592,krb5_keyusage_kdc_rep_ticket:593,krb5_keyusage_krb_cred_encpart:594,krb5_keyusage_krb_error_cksum:595,krb5_keyusage_krb_priv_encpart:596,krb5_keyusage_krb_safe_cksum:597,krb5_keyusage_pa_as_fresh:598,krb5_keyusage_pa_fx_cooki:599,krb5_keyusage_pa_otp_request:600,krb5_keyusage_pa_pkinit_kx:601,krb5_keyusage_pa_s4u_x509_user_repli:602,krb5_keyusage_pa_s4u_x509_user_request:603,krb5_keyusage_pa_sam_challenge_cksum:604,krb5_keyusage_pa_sam_challenge_trackid:605,krb5_keyusage_pa_sam_respons:606,krb5_keyusage_spak:607,krb5_keyusage_tgs_rep_encpart_sesskei:608,krb5_keyusage_tgs_rep_encpart_subkei:609,krb5_keyusage_tgs_req_ad_sesskei:610,krb5_keyusage_tgs_req_ad_subkei:611,krb5_keyusage_tgs_req_auth:612,krb5_keyusage_tgs_req_auth_cksum:613,krb5_kpasswd_accessdeni:614,krb5_kpasswd_autherror:615,krb5_kpasswd_bad_vers:616,krb5_kpasswd_harderror:617,krb5_kpasswd_initial_flag_need:618,krb5_kpasswd_malform:619,krb5_kpasswd_softerror:620,krb5_kpasswd_success:621,krb5_kt_add_entri:302,krb5_kt_client_default:303,krb5_kt_close:304,krb5_kt_cursor:852,krb5_kt_default:305,krb5_kt_default_nam:306,krb5_kt_dup:307,krb5_kt_end_seq_get:308,krb5_kt_free_entri:309,krb5_kt_get_entri:310,krb5_kt_get_nam:311,krb5_kt_get_typ:312,krb5_kt_have_cont:313,krb5_kt_next_entri:314,krb5_kt_read_service_kei:315,krb5_kt_remove_entri:316,krb5_kt_resolv:317,krb5_kt_start_seq_get:318,krb5_kuserok:319,krb5_kvno:853,krb5_last_req_entri:854,krb5_lrq_all_acct_exptim:622,krb5_lrq_all_last_initi:623,krb5_lrq_all_last_renew:624,krb5_lrq_all_last_req:625,krb5_lrq_all_last_tgt:626,krb5_lrq_all_last_tgt_issu:627,krb5_lrq_all_pw_exptim:628,krb5_lrq_none:629,krb5_lrq_one_acct_exptim:630,krb5_lrq_one_last_initi:631,krb5_lrq_one_last_renew:632,krb5_lrq_one_last_req:633,krb5_lrq_one_last_tgt:634,krb5_lrq_one_last_tgt_issu:635,krb5_lrq_one_pw_exptim:636,krb5_magic:855,krb5_make_authdata_kdc_issu:320,krb5_marshal_credenti:321,krb5_merge_authdata:322,krb5_mk_1cred:323,krb5_mk_error:324,krb5_mk_ncred:325,krb5_mk_priv:326,krb5_mk_rep:327,krb5_mk_rep_dc:328,krb5_mk_req:329,krb5_mk_req_checksum_func:856,krb5_mk_req_extend:330,krb5_mk_safe:331,krb5_msgtype:857,krb5_nt_ent_principal_and_id:638,krb5_nt_enterprise_princip:637,krb5_nt_ms_princip:639,krb5_nt_ms_principal_and_id:640,krb5_nt_princip:641,krb5_nt_smtp_name:642,krb5_nt_srv_hst:643,krb5_nt_srv_inst:644,krb5_nt_srv_xhst:645,krb5_nt_uid:646,krb5_nt_unknown:647,krb5_nt_wellknown:648,krb5_nt_x500_princip:649,krb5_octet:858,krb5_os_localaddr:332,krb5_pa_data:859,krb5_pa_pac_req:860,krb5_pa_server_referral_data:861,krb5_pa_svr_referral_data:862,krb5_pac:863,krb5_pac_add_buff:333,krb5_pac_attributes_info:650,krb5_pac_client_claim:651,krb5_pac_client_info:652,krb5_pac_credentials_info:653,krb5_pac_delegation_info:654,krb5_pac_device_claim:655,krb5_pac_device_info:656,krb5_pac_fre:334,krb5_pac_full_checksum:657,krb5_pac_get_buff:335,krb5_pac_get_client_info:336,krb5_pac_get_typ:337,krb5_pac_init:338,krb5_pac_logon_info:658,krb5_pac_pars:339,krb5_pac_privsvr_checksum:659,krb5_pac_requestor:660,krb5_pac_server_checksum:661,krb5_pac_sign:340,krb5_pac_sign_ext:341,krb5_pac_ticket_checksum:662,krb5_pac_upn_dns_info:663,krb5_pac_verifi:342,krb5_pac_verify_ext:343,krb5_padata_afs3_salt:664,krb5_padata_ap_req:665,krb5_padata_as_checksum:666,krb5_padata_as_fresh:667,krb5_padata_enc_sandia_securid:669,krb5_padata_enc_timestamp:670,krb5_padata_enc_unix_tim:671,krb5_padata_encrypted_challeng:668,krb5_padata_etype_info2:673,krb5_padata_etype_info:672,krb5_padata_for_us:674,krb5_padata_fx_cooki:675,krb5_padata_fx_error:676,krb5_padata_fx_fast:677,krb5_padata_get_from_typed_data:678,krb5_padata_non:679,krb5_padata_osf_dc:680,krb5_padata_otp_challeng:681,krb5_padata_otp_pin_chang:682,krb5_padata_otp_request:683,krb5_padata_pac_opt:684,krb5_padata_pac_request:685,krb5_padata_pk_as_rep:687,krb5_padata_pk_as_rep_old:688,krb5_padata_pk_as_req:689,krb5_padata_pk_as_req_old:690,krb5_padata_pkinit_kx:686,krb5_padata_pw_salt:691,krb5_padata_redhat_idp_oauth2:692,krb5_padata_redhat_passkei:693,krb5_padata_referr:694,krb5_padata_s4u_x509_us:695,krb5_padata_sam_challeng:696,krb5_padata_sam_challenge_2:697,krb5_padata_sam_redirect:698,krb5_padata_sam_respons:699,krb5_padata_sam_response_2:700,krb5_padata_sesam:701,krb5_padata_spak:702,krb5_padata_svr_referral_info:703,krb5_padata_tgs_req:704,krb5_padata_use_specified_kvno:705,krb5_parse_nam:344,krb5_parse_name_flag:345,krb5_pointer:864,krb5_post_recv_fn:865,krb5_pre_send_fn:866,krb5_preauthtyp:867,krb5_prepend_error_messag:346,krb5_princ_compon:793,krb5_princ_nam:794,krb5_princ_realm:795,krb5_princ_set_realm:796,krb5_princ_set_realm_data:797,krb5_princ_set_realm_length:798,krb5_princ_siz:799,krb5_princ_typ:800,krb5_princip:[344,345,406,407,408,409,868],krb5_principal2salt:347,krb5_principal_compar:348,krb5_principal_compare_any_realm:349,krb5_principal_compare_casefold:706,krb5_principal_compare_enterpris:707,krb5_principal_compare_flag:350,krb5_principal_compare_ignore_realm:708,krb5_principal_compare_utf8:709,krb5_principal_data:869,krb5_principal_parse_enterpris:710,krb5_principal_parse_ignore_realm:711,krb5_principal_parse_no_def_realm:712,krb5_principal_parse_no_realm:713,krb5_principal_parse_require_realm:714,krb5_principal_unparse_displai:715,krb5_principal_unparse_no_realm:716,krb5_principal_unparse_short:717,krb5_priv:718,krb5_process_kei:351,krb5_prompt:870,krb5_prompt_typ:871,krb5_prompt_type_new_password:719,krb5_prompt_type_new_password_again:720,krb5_prompt_type_password:721,krb5_prompt_type_preauth:722,krb5_prompter_fct:872,krb5_prompter_posix:352,krb5_pvno:723,krb5_pwd_data:873,krb5_random_kei:353,krb5_rcach:874,krb5_rd_cred:354,krb5_rd_error:355,krb5_rd_priv:356,krb5_rd_rep:357,krb5_rd_rep_dc:358,krb5_rd_req:359,krb5_rd_safe:360,krb5_read_error:212,krb5_read_password:361,krb5_realm_branch_char:724,krb5_realm_compar:362,krb5_recvauth:363,krb5_recvauth_badauthv:725,krb5_recvauth_skip_vers:726,krb5_recvauth_vers:364,krb5_referral_realm:[284,727],krb5_replay_data:875,krb5_responder_context:876,krb5_responder_fn:877,krb5_responder_get_challeng:365,krb5_responder_list_quest:366,krb5_responder_otp_challeng:878,krb5_responder_otp_challenge_fre:367,krb5_responder_otp_flags_collect_pin:728,krb5_responder_otp_flags_collect_token:729,krb5_responder_otp_flags_nextotp:730,krb5_responder_otp_flags_separate_pin:731,krb5_responder_otp_format_alphanumer:732,krb5_responder_otp_format_decim:733,krb5_responder_otp_format_hexadecim:734,krb5_responder_otp_get_challeng:[367,368],krb5_responder_otp_set_answ:369,krb5_responder_otp_tokeninfo:879,krb5_responder_pkinit_challeng:880,krb5_responder_pkinit_challenge_fre:370,krb5_responder_pkinit_flags_token_user_pin_count_low:735,krb5_responder_pkinit_flags_token_user_pin_final_tri:736,krb5_responder_pkinit_flags_token_user_pin_lock:737,krb5_responder_pkinit_get_challeng:[370,371],krb5_responder_pkinit_ident:881,krb5_responder_pkinit_set_answ:372,krb5_responder_question_otp:[368,369,738],krb5_responder_question_password:739,krb5_responder_question_pkinit:[371,372,740],krb5_responder_set_answ:373,krb5_respons:882,krb5_roundup:801,krb5_safe:741,krb5_salttype_to_str:374,krb5_sam_must_pk_encrypt_sad:742,krb5_sam_send_encrypted_sad:743,krb5_sam_use_sad_as_kei:744,krb5_sendauth:[212,375],krb5_server_decrypt_ticket_keytab:376,krb5_set_default_realm:377,krb5_set_default_tgs_enctyp:378,krb5_set_error_messag:379,krb5_set_kdc_recv_hook:380,krb5_set_kdc_send_hook:381,krb5_set_password:382,krb5_set_password_using_ccach:383,krb5_set_principal_realm:384,krb5_set_real_tim:385,krb5_set_trace_callback:386,krb5_set_trace_filenam:387,krb5_sname_match:388,krb5_sname_to_princip:389,krb5_string_to_cksumtyp:390,krb5_string_to_deltat:391,krb5_string_to_enctyp:392,krb5_string_to_kei:393,krb5_string_to_salttyp:394,krb5_string_to_timestamp:395,krb5_tc_match_2nd_tkt:745,krb5_tc_match_authdata:746,krb5_tc_match_flag:747,krb5_tc_match_flags_exact:748,krb5_tc_match_is_skei:749,krb5_tc_match_ktyp:750,krb5_tc_match_srv_nameonli:751,krb5_tc_match_tim:752,krb5_tc_match_times_exact:753,krb5_tc_noticket:754,krb5_tc_openclos:755,krb5_tc_supported_ktyp:756,krb5_tgs_name:757,krb5_tgs_name_s:758,krb5_tgs_rep:759,krb5_tgs_req:760,krb5_ticket:[183,883],krb5_ticket_tim:884,krb5_timeofdai:396,krb5_timestamp:[885,896],krb5_timestamp_to_sfstr:397,krb5_timestamp_to_str:398,krb5_tkt_authent:886,krb5_tkt_creds_context:887,krb5_tkt_creds_fre:399,krb5_tkt_creds_get:400,krb5_tkt_creds_get_cr:401,krb5_tkt_creds_get_tim:402,krb5_tkt_creds_init:403,krb5_tkt_creds_step:404,krb5_tkt_creds_step_flag_continu:761,krb5_trace_callback:888,krb5_trace_info:889,krb5_transit:890,krb5_typed_data:891,krb5_ui_2:892,krb5_ui_4:893,krb5_unmarshal_credenti:405,krb5_unparse_nam:406,krb5_unparse_name_ext:407,krb5_unparse_name_flag:408,krb5_unparse_name_flags_ext:409,krb5_us_timeofdai:410,krb5_use_enctyp:411,krb5_verify_authdata_kdc_issu:412,krb5_verify_checksum:413,krb5_verify_init_cr:414,krb5_verify_init_creds_opt:894,krb5_verify_init_creds_opt_ap_req_nofail:762,krb5_verify_init_creds_opt_init:415,krb5_verify_init_creds_opt_set_ap_req_nofail:416,krb5_vprepend_error_messag:417,krb5_vset_error_messag:418,krb5_vwrap_error_messag:419,krb5_wellknown_namestr:763,krb5_wrap_error_messag:420,krb5_x:802,krb5_xc:803,krb5kdc:10,krb:[107,223,323,325,326,331,354,355,356,360],krb_ap_rep:[327,328,357,358],krb_ap_req:[329,330,359],krb_error:324,krbtgt:[14,23],ksu:946,kswitch:947,ktadd:3,ktremov:3,ktutil:11,kvno:948,last:273,ldap:[23,24],ldapsearch:38,legaci:[14,48],length:[93,96,97,98,104,112,118,407],lib:903,libdefault:21,librari:[205,268,269,282,285],licens:919,lifetim:[256,259],lightn:24,like:917,line:[5,6],link:42,list:[5,11,20,41,54,92,111,173,261,322,366,918,936],list_mkei:6,list_polici:[3,5],list_princip:3,list_request:[3,11],lndir:904,load:[6,23],local:[56,69,82,84,319,932],localauth:[21,932],locat:[28,247,933],lock:3,lockout:35,log:[20,41,319,923],login:28,lr_type_interpretation_mask:764,lr_type_this_server_onli:765,machin:33,macro:789,mail:936,make:161,man:908,manag:[938,939],manipul:47,map:[24,39],master:[14,23],match:[284,388],max_keytab_name_len:766,mechan:[28,924],member:[805,807,808,809,811,813,818,821,823,824,825,826,827,829,831,832,833,834,836,840,841,845,846,848,850,854,859,860,861,862,868,869,870,873,875,878,879,880,881,882,883,884,886,889,890,891,894,895],memori:[24,214],merg:322,messag:[12,43,97,169,171,179,213,223,228,323,324,325,326,327,328,329,330,331,346,354,355,356,357,358,359,360,379,417,418,419,420],mic:43,migrat:26,mismatch:38,mit:[0,23,44,916,917,918,919],modifi:5,modify_polici:[3,5],modify_princip:3,modul:[19,24,28,923,924,926],most:[179,906],move:148,ms:410,msec_dirbit:767,msec_val_mask:768,multithread:285,name:[38,39,43,56,91,92,93,135,136,143,144,149,152,156,192,194,231,306,311,344,345,347,366,373,387,389,897,901,906],negoex:924,next:[150,164,279,314,404],note:941,number:[69,74,116],object:[178,265,321,405],obtain:[400,905,939],octet:116,offset:[266,385,396],older:26,one:[179,372],onli:282,onto:39,opaqu:[287,288,289,290,294,295,296,298,299],open:265,openldap:[22,38],oper:[23,99,100,102,103,113,114,129,130,287,288,289,290,294,295,296,298,299],optimist:258,option:[3,4,5,6,7,8,9,10,20,21,46,157,236,237,238,240,241,242,243,244,245,246,247,248,249,250,251,252,254,255,256,257,258,259,397,415,906,941,942,943,944,945,946,947,948],order:53,organ:903,os:[266,908],osconf:907,other:36,otp:[20,36],output:[118,251,397],over:163,overrid:[38,55,377],overview:23,pac:[253,300,301,333,334,335,336,337,338,339,342,343],packag:[906,908],pad:[98,116,397],page:[908,936],paramet:[21,126,364],pars:[47,357,358,359],passwd_phrase_el:895,password:[46,125,126,166,169,243,260,277,352,361,382,383,935,938],path:917,pepper:107,perform:35,permit:261,pin:46,pkinit:[20,21,37,46,912,921],place:[100,103,288,290],pluggabl:927,plugin:[21,28,923,926],polici:[23,930],port:[39,84],possibl:[194,228,300,301,343],post:380,pre:381,preauthent:[36,40,252,254,258,922,931],precomput:92,prefix:[346,417,419,420],prepar:[158,163],prerequisit:905,previous:106,prf:[101,119],primari:[34,161],princip:[15,23,34,35,38,47,49,50,56,57,91,92,93,132,145,154,182,218,222,278,283,319,344,345,347,348,349,350,362,382,383,384,388,389,910],priv:[326,356],privileg:[23,338],procedur:14,process:[139,356,360],profil:[28,55,262,269,934],program:[1,906],prompt:[243,263,352],prompter:46,proof:109,propag:[23,34,39,917],properti:939,protocol:[363,364,375,913],provis:38,proxi:29,proxiabl:255,pseudo:[117,118,119,121,296],purge_mkei:6,purgekei:3,pwqual:[21,935],qualiti:[935,938],question:[46,365,366,369,372,373],quick:918,quit:[3,11],random:[115,117,118,119,121,124,296],rare:48,read:[158,336,354,361],read_kt:11,realm:[20,21,23,28,39,58,210,227,231,343,349,362,377,384,925],receiv:[72,73,86,87,380],recent:179,refer:[31,291,297,421,908],refus:41,reject:41,rel:187,releas:[308,908],remot:[74,82,84],remov:[14,15,151,316],rename_princip:3,renew:[256,264],replai:[71,85,265,901,915],replic:35,replica:[34,39,917],represent:[222,406],request:[26,279,399,400,401,402,404],requir:[416,946],resolv:[135,152,303,305],resourc:936,respond:[46,257,365,366,373],restrict:[240,953],result:169,retir:14,retriev:[59,60,64,65,66,67,68,69,71,72,73,74,76,77,142,143,144,146,150,153,227,229,238,262,272,274,292,293,314,315,318,335,365,396,401,402,410],revers:38,rfc:[101,119],risk:25,rout:41,rpc:[328,358],s2kparam:229,s4u:43,s:[55,403,419,420],safe:[331,360],salt:[229,258,347,374,394],salt_type_afs_length:769,salt_type_no_length:770,sampl:[20,21],sclient:949,search:54,sec:410,section:[20,21,59,60],secur:[17,32,38,911,946],see:[2,3,4,5,6,7,8,9,10,11,12,19,20,21,941,942,943,944,945,946,947,948,949,951,952,953],seen:41,select:[26,154,920],send:[76,77,88,89,381],sendauth:[41,363,364,375],separ:904,sequenc:[69,74],sequenti:[139,158,318],seri:139,serial:321,server:[14,15,32,41,154,265,363,364,933],servic:[14,26,38,39,194,278,315,389,403],session:[26,67,68,90,261],set:[55,80,81,82,83,84,85,86,87,88,89,90,156,157,169,240,241,242,243,244,245,246,247,248,249,250,251,254,255,256,257,258,259,277,323,378,379,380,381,382,383,384,385,416,418],set_str:3,setup:35,shell:[38,946],should:48,side:946,sign:[300,320],signatur:[300,301],simpl:[789,908],sinc:410,singl:[323,904],site:908,size:95,skew:[15,167],socket:62,softwar:905,some:[32,101],sourc:[903,908],spake:[40,911],specif:[38,97,115,117,124,296,396],specifi:[21,53,54,112,127,128,132,149,153,269,276,278,343,376,377,382,386,387],sserver:12,ssh:38,start:[34,318],stash:[6,902],stashsrvpw:5,state:[35,79,106,108],storag:[200,218],store:[43,155,159,198],string:[60,91,93,107,125,126,170,187,193,210,219,222,344,345,374,390,391,392,394,395,397,398,406,407,408,409],strong:14,struct:[368,371],structur:[20,21,61,66,83,142,174,175,176,177,183,199,201,202,203,206,207,208,209,215,216,220,236,292,293,344,378,385,406,407,408,409,415,804],subkei:[72,73,76,77,86,87,88,89],sun:23,suppli:[252,330],support:[14,41,100,103,160,285,288,290,898],synchron:400,synopsi:[2,3,4,5,6,7,8,9,10,11,12,941,942,943,944,945,946,947,948,949],syntax:19,system:[410,906,917],tabdump:6,tabl:[217,235,302,303,304,305,306,310,311,312,314,315,316,317,318,376],tarbal:908,target:946,termin:91,test:[35,109,110,283,285,388,904],tg:[378,399,400,401,402,404],tgt:223,thi:[332,898,908],threeparamopen:771,ticket:[23,185,221,224,253,256,259,274,300,301,376,402,403,939],time:[46,167,187,266,274,385,391,396,402,410,898],timestamp:[167,395,397,398],tkt_flg_anonym:772,tkt_flg_enc_pa_rep:773,tkt_flg_forward:[774,775],tkt_flg_hw_auth:776,tkt_flg_initi:777,tkt_flg_invalid:778,tkt_flg_may_postd:779,tkt_flg_ok_as_deleg:780,tkt_flg_postdat:781,tkt_flg_pre_auth:782,tkt_flg_proxi:784,tkt_flg_proxiabl:783,tkt_flg_renew:785,tkt_flg_transit_policy_check:786,token:[36,37,43,912],tool:897,topic:13,trace:[41,386,387],trailer:98,tree:904,trivial:911,troubleshoot:[41,42],tune:906,tutori:42,two:[52,105,107,322,348,349,350,362],type:[14,20,24,26,36,41,43,81,96,97,105,109,110,111,118,127,128,144,146,149,160,170,192,193,204,211,244,254,261,263,312,337,374,378,390,392,394,804,897,901,906],uniqu:149,unix:[32,33,917],unlock:3,unpars:339,unset:[241,242,243,249,255],unwrap:[184,412],up:[17,904],updat:[23,908],update_princ_encrypt:6,upgrad:14,us:[15,48,79,91,92,93,99,101,102,119,154,194,235,260,264,265,269,271,276,282,287,289,330,376,382,383,400,417,418,419,896,897,898,904,906],usabl:111,usag:14,use_mkei:6,user:[46,319,352,937,940,950],util:903,v4:[49,50,51],v5:[15,49,50,51,899,905],va_list:[417,418,419],valid:[127,128,130,267,299,354],valid_int_bit:787,valid_uint_bit:788,valu:[59,60,141,155,187,335,367,370,391],variabl:[26,27,92,906,953],variou:42,verif:[41,415,416,938],verifi:[46,127,128,129,298,301,342,343,412,414],version:[364,911],via:101,view:[5,939],view_polici:5,wa:285,web:[908,936],whether:[109,110,160,283,285,388,416],whitepap:42,wiki:936,within:[167,904],without:908,work:15,wrap:[43,189],write_kt:11,year:896,your:[15,938],zero:[209,291]}}) \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/index.html b/krb5-1.21.3/doc/html/user/index.html deleted file mode 100644 index 5a053fde..00000000 --- a/krb5-1.21.3/doc/html/user/index.html +++ /dev/null @@ -1,167 +0,0 @@ - - - - - - - - - For users — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/pwd_mgmt.html b/krb5-1.21.3/doc/html/user/pwd_mgmt.html deleted file mode 100644 index ccb2a404..00000000 --- a/krb5-1.21.3/doc/html/user/pwd_mgmt.html +++ /dev/null @@ -1,229 +0,0 @@ - - - - - - - - - Password management — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Password management¶

-

Your password is the only way Kerberos has of verifying your identity. -If someone finds out your password, that person can masquerade as -you—send email that comes from you, read, edit, or delete your files, -or log into other hosts as you—and no one will be able to tell the -difference. For this reason, it is important that you choose a good -password, and keep it secret. If you need to give access to your -account to someone else, you can do so through Kerberos (see -Granting access to your account). You should never tell your password to anyone, -including your system administrator, for any reason. You should -change your password frequently, particularly any time you think -someone may have found out what it is.

-
-

Changing your password¶

-

To change your Kerberos password, use the kpasswd command. -It will ask you for your old password (to prevent someone else from -walking up to your computer when you’re not there and changing your -password), and then prompt you for the new one twice. (The reason you -have to type it twice is to make sure you have typed it correctly.) -For example, user david would do the following:

-
shell% kpasswd
-Password for david:    <- Type your old password.
-Enter new password:    <- Type your new password.
-Enter it again:  <- Type the new password again.
-Password changed.
-shell%
-
-
-

If david typed the incorrect old password, he would get the -following message:

-
shell% kpasswd
-Password for david:  <- Type the incorrect old password.
-kpasswd: Password incorrect while getting initial ticket
-shell%
-
-
-

If you make a mistake and don’t type the new password the same way -twice, kpasswd will ask you to try again:

-
shell% kpasswd
-Password for david:  <- Type the old password.
-Enter new password:  <- Type the new password.
-Enter it again: <- Type a different new password.
-kpasswd: Password mismatch while reading password
-shell%
-
-
-

Once you change your password, it takes some time for the change to -propagate through the system. Depending on how your system is set up, -this might be anywhere from a few minutes to an hour or more. If you -need to get new Kerberos tickets shortly after changing your password, -try the new password. If the new password doesn’t work, try again -using the old one.

-
-
-

Granting access to your account¶

-

If you need to give someone access to log into your account, you can -do so through Kerberos, without telling the person your password. -Simply create a file called .k5login in your home directory. -This file should contain the Kerberos principal of each person to whom -you wish to give access. Each principal must be on a separate line. -Here is a sample .k5login file:

-
jennifer@ATHENA.MIT.EDU
-david@EXAMPLE.COM
-
-
-

This file would allow the users jennifer and david to use your -user ID, provided that they had Kerberos tickets in their respective -realms. If you will be logging into other hosts across a network, you -will want to include your own Kerberos principal in your .k5login file -on each of these hosts.

-

Using a .k5login file is much safer than giving out your password, -because:

-
    -
  • You can take access away any time simply by removing the principal -from your .k5login file.

  • -
  • Although the user has full access to your account on one particular -host (or set of hosts if your .k5login file is shared, e.g., over -NFS), that user does not inherit your network privileges.

  • -
  • Kerberos keeps a log of who obtains tickets, so a system -administrator could find out, if necessary, who was capable of using -your user ID at a particular time.

  • -
-

One common application is to have a .k5login file in root’s home -directory, giving root access to that machine to the Kerberos -principals listed. This allows system administrators to allow users -to become root locally, or to log in remotely as root, without their -having to give out the root password, and without anyone having to -type the root password over the network.

-
-
-

Password quality verification¶

-

TODO

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/tkt_mgmt.html b/krb5-1.21.3/doc/html/user/tkt_mgmt.html deleted file mode 100644 index 18939ed7..00000000 --- a/krb5-1.21.3/doc/html/user/tkt_mgmt.html +++ /dev/null @@ -1,449 +0,0 @@ - - - - - - - - - Ticket management — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

Ticket management¶

-

On many systems, Kerberos is built into the login program, and you get -tickets automatically when you log in. Other programs, such as ssh, -can forward copies of your tickets to a remote host. Most of these -programs also automatically destroy your tickets when they exit. -However, MIT recommends that you explicitly destroy your Kerberos -tickets when you are through with them, just to be sure. One way to -help ensure that this happens is to add the kdestroy command -to your .logout file. Additionally, if you are going to be away from -your machine and are concerned about an intruder using your -permissions, it is safest to either destroy all copies of your -tickets, or use a screensaver that locks the screen.

-
-

Kerberos ticket properties¶

-

There are various properties that Kerberos tickets can have:

-

If a ticket is forwardable, then the KDC can issue a new ticket -(with a different network address, if necessary) based on the -forwardable ticket. This allows for authentication forwarding without -requiring a password to be typed in again. For example, if a user -with a forwardable TGT logs into a remote system, the KDC could issue -a new TGT for that user with the network address of the remote system, -allowing authentication on that host to work as though the user were -logged in locally.

-

When the KDC creates a new ticket based on a forwardable ticket, it -sets the forwarded flag on that new ticket. Any tickets that are -created based on a ticket with the forwarded flag set will also have -their forwarded flags set.

-

A proxiable ticket is similar to a forwardable ticket in that it -allows a service to take on the identity of the client. Unlike a -forwardable ticket, however, a proxiable ticket is only issued for -specific services. In other words, a ticket-granting ticket cannot be -issued based on a ticket that is proxiable but not forwardable.

-

A proxy ticket is one that was issued based on a proxiable ticket.

-

A postdated ticket is issued with the invalid flag set. After the -starting time listed on the ticket, it can be presented to the KDC to -obtain valid tickets.

-

Ticket-granting tickets with the postdateable flag set can be used -to obtain postdated service tickets.

-

Renewable tickets can be used to obtain new session keys without -the user entering their password again. A renewable ticket has two -expiration times. The first is the time at which this particular -ticket expires. The second is the latest possible expiration time for -any ticket issued based on this renewable ticket.

-

A ticket with the initial flag set was issued based on the -authentication protocol, and not on a ticket-granting ticket. -Application servers that wish to ensure that the user’s key has been -recently presented for verification could specify that this flag must -be set to accept the ticket.

-

An invalid ticket must be rejected by application servers. -Postdated tickets are usually issued with this flag set, and must be -validated by the KDC before they can be used.

-

A preauthenticated ticket is one that was only issued after the -client requesting the ticket had authenticated itself to the KDC.

-

The hardware authentication flag is set on a ticket which required -the use of hardware for authentication. The hardware is expected to -be possessed only by the client which requested the tickets.

-

If a ticket has the transit policy checked flag set, then the KDC -that issued this ticket implements the transited-realm check policy -and checked the transited-realms list on the ticket. The -transited-realms list contains a list of all intermediate realms -between the realm of the KDC that issued the first ticket and that of -the one that issued the current ticket. If this flag is not set, then -the application server must check the transited realms itself or else -reject the ticket.

-

The okay as delegate flag indicates that the server specified in -the ticket is suitable as a delegate as determined by the policy of -that realm. Some client applications may use this flag to decide -whether to forward tickets to a remote host, although many -applications do not honor it.

-

An anonymous ticket is one in which the named principal is a -generic principal for that realm; it does not actually specify the -individual that will be using the ticket. This ticket is meant only -to securely distribute a session key.

-
-
-

Obtaining tickets with kinit¶

-

If your site has integrated Kerberos V5 with the login system, you -will get Kerberos tickets automatically when you log in. Otherwise, -you may need to explicitly obtain your Kerberos tickets, using the -kinit program. Similarly, if your Kerberos tickets expire, -use the kinit program to obtain new ones.

-

To use the kinit program, simply type kinit and then type your -password at the prompt. For example, Jennifer (whose username is -jennifer) works for Bleep, Inc. (a fictitious company with the -domain name mit.edu and the Kerberos realm ATHENA.MIT.EDU). She would -type:

-
shell% kinit
-Password for jennifer@ATHENA.MIT.EDU: <-- [Type jennifer's password here.]
-shell%
-
-
-

If you type your password incorrectly, kinit will give you the -following error message:

-
shell% kinit
-Password for jennifer@ATHENA.MIT.EDU: <-- [Type the wrong password here.]
-kinit: Password incorrect
-shell%
-
-
-

and you won’t get Kerberos tickets.

-

By default, kinit assumes you want tickets for your own username in -your default realm. Suppose Jennifer’s friend David is visiting, and -he wants to borrow a window to check his mail. David needs to get -tickets for himself in his own realm, EXAMPLE.COM. He would type:

-
shell% kinit david@EXAMPLE.COM
-Password for david@EXAMPLE.COM: <-- [Type david's password here.]
-shell%
-
-
-

David would then have tickets which he could use to log onto his own -machine. Note that he typed his password locally on Jennifer’s -machine, but it never went over the network. Kerberos on the local -host performed the authentication to the KDC in the other realm.

-

If you want to be able to forward your tickets to another host, you -need to request forwardable tickets. You do this by specifying the --f option:

-
shell% kinit -f
-Password for jennifer@ATHENA.MIT.EDU: <-- [Type your password here.]
-shell%
-
-
-

Note that kinit does not tell you that it obtained forwardable -tickets; you can verify this using the klist command (see -Viewing tickets with klist).

-

Normally, your tickets are good for your system’s default ticket -lifetime, which is ten hours on many systems. You can specify a -different ticket lifetime with the -l option. Add the letter -s to the value for seconds, m for minutes, h for hours, or -d for days. For example, to obtain forwardable tickets for -david@EXAMPLE.COM that would be good for three hours, you would -type:

-
shell% kinit -f -l 3h david@EXAMPLE.COM
-Password for david@EXAMPLE.COM: <-- [Type david's password here.]
-shell%
-
-
-
-

Note

-

You cannot mix units; specifying a lifetime of 3h30m would -result in an error. Note also that most systems specify a -maximum ticket lifetime. If you request a longer ticket -lifetime, it will be automatically truncated to the maximum -lifetime.

-
-
-
-

Viewing tickets with klist¶

-

The klist command shows your tickets. When you first obtain -tickets, you will have only the ticket-granting ticket. The listing -would look like this:

-
shell% klist
-Ticket cache: /tmp/krb5cc_ttypa
-Default principal: jennifer@ATHENA.MIT.EDU
-
-Valid starting     Expires            Service principal
-06/07/04 19:49:21  06/08/04 05:49:19  krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
-shell%
-
-
-

The ticket cache is the location of your ticket file. In the above -example, this file is named /tmp/krb5cc_ttypa. The default -principal is your Kerberos principal.

-

The “valid starting†and “expires†fields describe the period of time -during which the ticket is valid. The “service principal†describes -each ticket. The ticket-granting ticket has a first component -krbtgt, and a second component which is the realm name.

-

Now, if jennifer connected to the machine daffodil.mit.edu, -and then typed “klist†again, she would have gotten the following -result:

-
shell% klist
-Ticket cache: /tmp/krb5cc_ttypa
-Default principal: jennifer@ATHENA.MIT.EDU
-
-Valid starting     Expires            Service principal
-06/07/04 19:49:21  06/08/04 05:49:19  krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
-06/07/04 20:22:30  06/08/04 05:49:19  host/daffodil.mit.edu@ATHENA.MIT.EDU
-shell%
-
-
-

Here’s what happened: when jennifer used ssh to connect to the -host daffodil.mit.edu, the ssh program presented her -ticket-granting ticket to the KDC and requested a host ticket for the -host daffodil.mit.edu. The KDC sent the host ticket, which ssh -then presented to the host daffodil.mit.edu, and she was allowed -to log in without typing her password.

-

Suppose your Kerberos tickets allow you to log into a host in another -domain, such as trillium.example.com, which is also in another -Kerberos realm, EXAMPLE.COM. If you ssh to this host, you will -receive a ticket-granting ticket for the realm EXAMPLE.COM, plus -the new host ticket for trillium.example.com. klist will now -show:

-
shell% klist
-Ticket cache: /tmp/krb5cc_ttypa
-Default principal: jennifer@ATHENA.MIT.EDU
-
-Valid starting     Expires            Service principal
-06/07/04 19:49:21  06/08/04 05:49:19  krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
-06/07/04 20:22:30  06/08/04 05:49:19  host/daffodil.mit.edu@ATHENA.MIT.EDU
-06/07/04 20:24:18  06/08/04 05:49:19  krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU
-06/07/04 20:24:18  06/08/04 05:49:19  host/trillium.example.com@EXAMPLE.COM
-shell%
-
-
-

Depending on your host’s and realm’s configuration, you may also see a -ticket with the service principal host/trillium.example.com@. If -so, this means that your host did not know what realm -trillium.example.com is in, so it asked the ATHENA.MIT.EDU KDC for -a referral. The next time you connect to trillium.example.com, -the odd-looking entry will be used to avoid needing to ask for a -referral again.

-

You can use the -f option to view the flags that apply to your -tickets. The flags are:

- ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

F

Forwardable

f

forwarded

P

Proxiable

p

proxy

D

postDateable

d

postdated

R

Renewable

I

Initial

i

invalid

H

Hardware authenticated

A

preAuthenticated

T

Transit policy checked

O

Okay as delegate

a

anonymous

-

Here is a sample listing. In this example, the user jennifer -obtained her initial tickets (I), which are forwardable (F) -and postdated (d) but not yet validated (i):

-
shell% klist -f
-Ticket cache: /tmp/krb5cc_320
-Default principal: jennifer@ATHENA.MIT.EDU
-
-Valid starting      Expires             Service principal
-31/07/05 19:06:25  31/07/05 19:16:25  krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU
-        Flags: FdiI
-shell%
-
-
-

In the following example, the user david’s tickets were forwarded -(f) to this host from another host. The tickets are reforwardable -(F):

-
shell% klist -f
-Ticket cache: /tmp/krb5cc_p11795
-Default principal: david@EXAMPLE.COM
-
-Valid starting     Expires            Service principal
-07/31/05 11:52:29  07/31/05 21:11:23  krbtgt/EXAMPLE.COM@EXAMPLE.COM
-        Flags: Ff
-07/31/05 12:03:48  07/31/05 21:11:23  host/trillium.example.com@EXAMPLE.COM
-        Flags: Ff
-shell%
-
-
-
-
-

Destroying tickets with kdestroy¶

-

Your Kerberos tickets are proof that you are indeed yourself, and -tickets could be stolen if someone gains access to a computer where -they are stored. If this happens, the person who has them can -masquerade as you until they expire. For this reason, you should -destroy your Kerberos tickets when you are away from your computer.

-

Destroying your tickets is easy. Simply type kdestroy:

-
shell% kdestroy
-shell%
-
-
-

If kdestroy fails to destroy your tickets, it will beep and -give an error message. For example, if kdestroy can’t find any -tickets to destroy, it will give the following message:

-
shell% kdestroy
-kdestroy: No credentials cache file found while destroying cache
-shell%
-
-
-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_commands/index.html b/krb5-1.21.3/doc/html/user/user_commands/index.html deleted file mode 100644 index 0448a826..00000000 --- a/krb5-1.21.3/doc/html/user/user_commands/index.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - User commands — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- - - - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_commands/kdestroy.html b/krb5-1.21.3/doc/html/user/user_commands/kdestroy.html deleted file mode 100644 index 1cb0c518..00000000 --- a/krb5-1.21.3/doc/html/user/user_commands/kdestroy.html +++ /dev/null @@ -1,212 +0,0 @@ - - - - - - - - - kdestroy — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kdestroy¶

-
-

SYNOPSIS¶

-

kdestroy -[-A] -[-q] -[-c cache_name] -[-p princ_name]

-
-
-

DESCRIPTION¶

-

The kdestroy utility destroys the user’s active Kerberos authorization -tickets by overwriting and deleting the credentials cache that -contains them. If the credentials cache is not specified, the default -credentials cache is destroyed.

-
-
-

OPTIONS¶

-
-
-A

Destroys all caches in the collection, if a cache collection is -available. May be used with the -c option to specify the -collection to be destroyed.

-
-
-q

Run quietly. Normally kdestroy beeps if it fails to destroy the -user’s tickets. The -q flag suppresses this behavior.

-
-
-c cache_name

Use cache_name as the credentials (ticket) cache name and -location; if this option is not used, the default cache name and -location are used.

-

The default credentials cache may vary between systems. If the -KRB5CCNAME environment variable is set, its value is used to -name the default ticket cache.

-
-
-p princ_name

If a cache collection is available, destroy the cache for -princ_name instead of the primary cache. May be used with the --c option to specify the collection to be searched.

-
-
-
-
-

NOTE¶

-

Most installations recommend that you place the kdestroy command in -your .logout file, so that your tickets are destroyed automatically -when you log out.

-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

FILES¶

-
-
DEFCCNAME

Default location of Kerberos 5 credentials cache

-
-
-
-
-

SEE ALSO¶

-

kinit, klist, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_commands/kinit.html b/krb5-1.21.3/doc/html/user/user_commands/kinit.html deleted file mode 100644 index 89910d0c..00000000 --- a/krb5-1.21.3/doc/html/user/user_commands/kinit.html +++ /dev/null @@ -1,341 +0,0 @@ - - - - - - - - - kinit — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kinit¶

-
-

SYNOPSIS¶

-

kinit -[-V] -[-l lifetime] -[-s start_time] -[-r renewable_life] -[-p | -P] -[-f | -F] -[-a] -[-A] -[-C] -[-E] -[-v] -[-R] -[-k [-i | -t keytab_file]] -[-c cache_name] -[-n] -[-S service_name] -[-I input_ccache] -[-T armor_ccache] -[-X attribute[=value]] -[–request-pac | –no-request-pac] -[principal]

-
-
-

DESCRIPTION¶

-

kinit obtains and caches an initial ticket-granting ticket for -principal. If principal is absent, kinit chooses an appropriate -principal name based on existing credential cache contents or the -local username of the user invoking kinit. Some options modify the -choice of principal name.

-
-
-

OPTIONS¶

-
-
-V

display verbose output.

-
-
-l lifetime

(Time duration string.) Requests a ticket with the lifetime -lifetime.

-

For example, kinit -l 5:30 or kinit -l 5h30m.

-

If the -l option is not specified, the default ticket lifetime -(configured by each site) is used. Specifying a ticket lifetime -longer than the maximum ticket lifetime (configured by each site) -will not override the configured maximum ticket lifetime.

-
-
-s start_time

(Time duration string.) Requests a postdated ticket. Postdated -tickets are issued with the invalid flag set, and need to be -resubmitted to the KDC for validation before use.

-

start_time specifies the duration of the delay before the ticket -can become valid.

-
-
-r renewable_life

(Time duration string.) Requests renewable tickets, with a total -lifetime of renewable_life.

-
-
-f

requests forwardable tickets.

-
-
-F

requests non-forwardable tickets.

-
-
-p

requests proxiable tickets.

-
-
-P

requests non-proxiable tickets.

-
-
-a

requests tickets restricted to the host’s local address[es].

-
-
-A

requests tickets not restricted by address.

-
-
-C

requests canonicalization of the principal name, and allows the -KDC to reply with a different client principal from the one -requested.

-
-
-E

treats the principal name as an enterprise name.

-
-
-v

requests that the ticket-granting ticket in the cache (with the -invalid flag set) be passed to the KDC for validation. If the -ticket is within its requested time range, the cache is replaced -with the validated ticket.

-
-
-R

requests renewal of the ticket-granting ticket. Note that an -expired ticket cannot be renewed, even if the ticket is still -within its renewable life.

-

Note that renewable tickets that have expired as reported by -klist may sometimes be renewed using this option, -because the KDC applies a grace period to account for client-KDC -clock skew. See krb5.conf clockskew setting.

-
-
-k [-i | -t keytab_file]

requests a ticket, obtained from a key in the local host’s keytab. -The location of the keytab may be specified with the -t -keytab_file option, or with the -i option to specify the use -of the default client keytab; otherwise the default keytab will be -used. By default, a host ticket for the local host is requested, -but any principal may be specified. On a KDC, the special keytab -location KDB: can be used to indicate that kinit should open -the KDC database and look up the key directly. This permits an -administrator to obtain tickets as any principal that supports -authentication based on the key.

-
-
-n

Requests anonymous processing. Two types of anonymous principals -are supported.

-

For fully anonymous Kerberos, configure pkinit on the KDC and -configure pkinit_anchors in the client’s krb5.conf. -Then use the -n option with a principal of the form @REALM -(an empty principal name followed by the at-sign and a realm -name). If permitted by the KDC, an anonymous ticket will be -returned.

-

A second form of anonymous tickets is supported; these -realm-exposed tickets hide the identity of the client but not the -client’s realm. For this mode, use kinit -n with a normal -principal name. If supported by the KDC, the principal (but not -realm) will be replaced by the anonymous principal.

-

As of release 1.8, the MIT Kerberos KDC only supports fully -anonymous operation.

-
-
-

-I input_ccache

-
-

Specifies the name of a credentials cache that already contains a -ticket. When obtaining that ticket, if information about how that -ticket was obtained was also stored to the cache, that information -will be used to affect how new credentials are obtained, including -preselecting the same methods of authenticating to the KDC.

-
-
-
-T armor_ccache

Specifies the name of a credentials cache that already contains a -ticket. If supported by the KDC, this cache will be used to armor -the request, preventing offline dictionary attacks and allowing -the use of additional preauthentication mechanisms. Armoring also -makes sure that the response from the KDC is not modified in -transit.

-
-
-c cache_name

use cache_name as the Kerberos 5 credentials (ticket) cache -location. If this option is not used, the default cache location -is used.

-

The default cache location may vary between systems. If the -KRB5CCNAME environment variable is set, its value is used to -locate the default cache. If a principal name is specified and -the type of the default cache supports a collection (such as the -DIR type), an existing cache containing credentials for the -principal is selected or a new one is created and becomes the new -primary cache. Otherwise, any existing contents of the default -cache are destroyed by kinit.

-
-
-S service_name

specify an alternate service name to use when getting initial -tickets.

-
-
-X attribute[=value]

specify a pre-authentication attribute and value to be -interpreted by pre-authentication modules. The acceptable -attribute and value values vary from module to module. This -option may be specified multiple times to specify multiple -attributes. If no value is specified, it is assumed to be “yesâ€.

-

The following attributes are recognized by the PKINIT -pre-authentication mechanism:

-
-
X509_user_identity=value

specify where to find user’s X509 identity information

-
-
X509_anchors=value

specify where to find trusted X509 anchor information

-
-
flag_RSA_PROTOCOL[=yes]

specify use of RSA, rather than the default Diffie-Hellman -protocol

-
-
disable_freshness[=yes]

disable sending freshness tokens (for testing purposes only)

-
-
-
-
–request-pac | –no-request-pac

mutually exclusive. If –request-pac is set, ask the KDC to -include a PAC in authdata; if –no-request-pac is set, ask the -KDC not to include a PAC; if neither are set, the KDC will follow -its default, which is typically is to include a PAC if doing so is -supported.

-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

FILES¶

-
-
DEFCCNAME

default location of Kerberos 5 credentials cache

-
-
DEFKTNAME

default location for the local host’s keytab.

-
-
-
-
-

SEE ALSO¶

-

klist, kdestroy, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_commands/klist.html b/krb5-1.21.3/doc/html/user/user_commands/klist.html deleted file mode 100644 index 699b3712..00000000 --- a/krb5-1.21.3/doc/html/user/user_commands/klist.html +++ /dev/null @@ -1,254 +0,0 @@ - - - - - - - - - klist — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

klist¶

-
-

SYNOPSIS¶

-

klist -[-e] -[[-c] [-l] [-A] [-f] [-s] [-a [-n]]] -[-C] -[-k [-i] [-t] [-K]] -[-V] -[-d] -[cache_name|keytab_name]

-
-
-

DESCRIPTION¶

-

klist lists the Kerberos principal and Kerberos tickets held in a -credentials cache, or the keys held in a keytab file.

-
-
-

OPTIONS¶

-
-
-e

Displays the encryption types of the session key and the ticket -for each credential in the credential cache, or each key in the -keytab file.

-
-
-l

If a cache collection is available, displays a table summarizing -the caches present in the collection.

-
-
-A

If a cache collection is available, displays the contents of all -of the caches in the collection.

-
-
-c

List tickets held in a credentials cache. This is the default if -neither -c nor -k is specified.

-
-
-f

Shows the flags present in the credentials, using the following -abbreviations:

-
F    Forwardable
-f    forwarded
-P    Proxiable
-p    proxy
-D    postDateable
-d    postdated
-R    Renewable
-I    Initial
-i    invalid
-H    Hardware authenticated
-A    preAuthenticated
-T    Transit policy checked
-O    Okay as delegate
-a    anonymous
-
-
-
-
-s

Causes klist to run silently (produce no output). klist will exit -with status 1 if the credentials cache cannot be read or is -expired, and with status 0 otherwise.

-
-
-a

Display list of addresses in credentials.

-
-
-n

Show numeric addresses instead of reverse-resolving addresses.

-
-
-C

List configuration data that has been stored in the credentials -cache when klist encounters it. By default, configuration data -is not listed.

-
-
-k

List keys held in a keytab file.

-
-
-i

In combination with -k, defaults to using the default client -keytab instead of the default acceptor keytab, if no name is -given.

-
-
-t

Display the time entry timestamps for each keytab entry in the -keytab file.

-
-
-K

Display the value of the encryption key in each keytab entry in -the keytab file.

-
-
-d

Display the authdata types (if any) for each entry.

-
-
-V

Display the Kerberos version number and exit.

-
-
-

If cache_name or keytab_name is not specified, klist will display -the credentials in the default credentials cache or keytab file as -appropriate. If the KRB5CCNAME environment variable is set, its -value is used to locate the default ticket cache.

-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

FILES¶

-
-
DEFCCNAME

Default location of Kerberos 5 credentials cache

-
-
DEFKTNAME

Default location for the local host’s keytab file.

-
-
-
-
-

SEE ALSO¶

-

kinit, kdestroy, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_commands/kpasswd.html b/krb5-1.21.3/doc/html/user/user_commands/kpasswd.html deleted file mode 100644 index e3799af3..00000000 --- a/krb5-1.21.3/doc/html/user/user_commands/kpasswd.html +++ /dev/null @@ -1,184 +0,0 @@ - - - - - - - - - kpasswd — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kpasswd¶

-
-

SYNOPSIS¶

-

kpasswd [principal]

-
-
-

DESCRIPTION¶

-

The kpasswd command is used to change a Kerberos principal’s password. -kpasswd first prompts for the current Kerberos password, then prompts -the user twice for the new password, and the password is changed.

-

If the principal is governed by a policy that specifies the length -and/or number of character classes required in the new password, the -new password must conform to the policy. (The five character classes -are lower case, upper case, numbers, punctuation, and all other -characters.)

-
-
-

OPTIONS¶

-
-
principal

Change the password for the Kerberos principal principal. -Otherwise, kpasswd uses the principal name from an existing ccache -if there is one; if not, the principal is derived from the -identity of the user invoking the kpasswd command.

-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kadmin, kadmind, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_commands/krb5-config.html b/krb5-1.21.3/doc/html/user/user_commands/krb5-config.html deleted file mode 100644 index db556ad8..00000000 --- a/krb5-1.21.3/doc/html/user/user_commands/krb5-config.html +++ /dev/null @@ -1,229 +0,0 @@ - - - - - - - - - krb5-config — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

krb5-config¶

-
-

SYNOPSIS¶

-

krb5-config -[--help | --all | --version | --vendor | --prefix | --exec-prefix | --defccname | --defktname | --defcktname | --cflags | --libs [libraries]]

-
-
-

DESCRIPTION¶

-

krb5-config tells the application programmer what flags to use to compile -and link programs against the installed Kerberos libraries.

-
-
-

OPTIONS¶

-
-
--help

prints a usage message. This is the default behavior when no options -are specified.

-
-
--all

prints the version, vendor, prefix, and exec-prefix.

-
-
--version

prints the version number of the Kerberos installation.

-
-
--vendor

prints the name of the vendor of the Kerberos installation.

-
-
--prefix

prints the prefix for which the Kerberos installation was built.

-
-
--exec-prefix

prints the prefix for executables for which the Kerberos installation -was built.

-
-
--defccname

prints the built-in default credentials cache location.

-
-
--defktname

prints the built-in default keytab location.

-
-
--defcktname

prints the built-in default client (initiator) keytab location.

-
-
--cflags

prints the compilation flags used to build the Kerberos installation.

-
-
--libs [library]

prints the compiler options needed to link against library. -Allowed values for library are:

- ---- - - - - - - - - - - - - - - - - - -

krb5

Kerberos 5 applications (default)

gssapi

GSSAPI applications with Kerberos 5 bindings

kadm-client

Kadmin client

kadm-server

Kadmin server

kdb

Applications that access the Kerberos database

-
-
-
-
-

EXAMPLES¶

-

krb5-config is particularly useful for compiling against a Kerberos -installation that was installed in a non-standard location. For example, -a Kerberos installation that is installed in /opt/krb5/ but uses -libraries in /usr/local/lib/ for text localization would produce -the following output:

-
shell% krb5-config --libs krb5
--L/opt/krb5/lib -Wl,-rpath -Wl,/opt/krb5/lib -L/usr/local/lib -lkrb5 -lk5crypto -lcom_err
-
-
-
-
-

SEE ALSO¶

-

kerberos, cc(1)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_commands/ksu.html b/krb5-1.21.3/doc/html/user/user_commands/ksu.html deleted file mode 100644 index 34d5033f..00000000 --- a/krb5-1.21.3/doc/html/user/user_commands/ksu.html +++ /dev/null @@ -1,516 +0,0 @@ - - - - - - - - - ksu — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

ksu¶

-
-

SYNOPSIS¶

-

ksu -[ target_user ] -[ -n target_principal_name ] -[ -c source_cache_name ] -[ -k ] -[ -r time ] -[ -p | -P] -[ -f | -F] -[ -l lifetime ] -[ -z | Z ] -[ -q ] -[ -e command [ args … ] ] [ -a [ args … ] ]

-
-
-

REQUIREMENTS¶

-

Must have Kerberos version 5 installed to compile ksu. Must have a -Kerberos version 5 server running to use ksu.

-
-
-

DESCRIPTION¶

-

ksu is a Kerberized version of the su program that has two missions: -one is to securely change the real and effective user ID to that of -the target user, and the other is to create a new security context.

-
-

Note

-

For the sake of clarity, all references to and attributes of -the user invoking the program will start with “source†-(e.g., “source userâ€, “source cacheâ€, etc.).

-

Likewise, all references to and attributes of the target -account will start with “targetâ€.

-
-
-
-

AUTHENTICATION¶

-

To fulfill the first mission, ksu operates in two phases: -authentication and authorization. Resolving the target principal name -is the first step in authentication. The user can either specify his -principal name with the -n option (e.g., -n jqpublic@USC.EDU) -or a default principal name will be assigned using a heuristic -described in the OPTIONS section (see -n option). The target user -name must be the first argument to ksu; if not specified root is the -default. If . is specified then the target user will be the -source user (e.g., ksu .). If the source user is root or the -target user is the source user, no authentication or authorization -takes place. Otherwise, ksu looks for an appropriate Kerberos ticket -in the source cache.

-

The ticket can either be for the end-server or a ticket granting -ticket (TGT) for the target principal’s realm. If the ticket for the -end-server is already in the cache, it’s decrypted and verified. If -it’s not in the cache but the TGT is, the TGT is used to obtain the -ticket for the end-server. The end-server ticket is then verified. -If neither ticket is in the cache, but ksu is compiled with the -GET_TGT_VIA_PASSWD define, the user will be prompted for a -Kerberos password which will then be used to get a TGT. If the user -is logged in remotely and does not have a secure channel, the password -may be exposed. If neither ticket is in the cache and -GET_TGT_VIA_PASSWD is not defined, authentication fails.

-
-
-

AUTHORIZATION¶

-

This section describes authorization of the source user when ksu is -invoked without the -e option. For a description of the -e -option, see the OPTIONS section.

-

Upon successful authentication, ksu checks whether the target -principal is authorized to access the target account. In the target -user’s home directory, ksu attempts to access two authorization files: -.k5login and .k5users. In the .k5login file each line -contains the name of a principal that is authorized to access the -account.

-

For example:

-
jqpublic@USC.EDU
-jqpublic/secure@USC.EDU
-jqpublic/admin@USC.EDU
-
-
-

The format of .k5users is the same, except the principal name may be -followed by a list of commands that the principal is authorized to -execute (see the -e option in the OPTIONS section for details).

-

Thus if the target principal name is found in the .k5login file the -source user is authorized to access the target account. Otherwise ksu -looks in the .k5users file. If the target principal name is found -without any trailing commands or followed only by * then the -source user is authorized. If either .k5login or .k5users exist but -an appropriate entry for the target principal does not exist then -access is denied. If neither file exists then the principal will be -granted access to the account according to the aname->lname mapping -rules. Otherwise, authorization fails.

-
-
-

EXECUTION OF THE TARGET SHELL¶

-

Upon successful authentication and authorization, ksu proceeds in a -similar fashion to su. The environment is unmodified with the -exception of USER, HOME and SHELL variables. If the target user is -not root, USER gets set to the target user name. Otherwise USER -remains unchanged. Both HOME and SHELL are set to the target login’s -default values. In addition, the environment variable KRB5CCNAME -gets set to the name of the target cache. The real and effective user -ID are changed to that of the target user. The target user’s shell is -then invoked (the shell name is specified in the password file). Upon -termination of the shell, ksu deletes the target cache (unless ksu is -invoked with the -k option). This is implemented by first doing a -fork and then an exec, instead of just exec, as done by su.

-
-
-

CREATING A NEW SECURITY CONTEXT¶

-

ksu can be used to create a new security context for the target -program (either the target shell, or command specified via the -e -option). The target program inherits a set of credentials from the -source user. By default, this set includes all of the credentials in -the source cache plus any additional credentials obtained during -authentication. The source user is able to limit the credentials in -this set by using -z or -Z option. -z restricts the copy -of tickets from the source cache to the target cache to only the -tickets where client == the target principal name. The -Z option -provides the target user with a fresh target cache (no creds in the -cache). Note that for security reasons, when the source user is root -and target user is non-root, -z option is the default mode of -operation.

-

While no authentication takes place if the source user is root or is -the same as the target user, additional tickets can still be obtained -for the target cache. If -n is specified and no credentials can -be copied to the target cache, the source user is prompted for a -Kerberos password (unless -Z specified or GET_TGT_VIA_PASSWD -is undefined). If successful, a TGT is obtained from the Kerberos -server and stored in the target cache. Otherwise, if a password is -not provided (user hit return) ksu continues in a normal mode of -operation (the target cache will not contain the desired TGT). If the -wrong password is typed in, ksu fails.

-
-

Note

-

During authentication, only the tickets that could be -obtained without providing a password are cached in the -source cache.

-
-
-
-

OPTIONS¶

-
-
-n target_principal_name

Specify a Kerberos target principal name. Used in authentication -and authorization phases of ksu.

-

If ksu is invoked without -n, a default principal name is -assigned via the following heuristic:

-
    -
  • Case 1: source user is non-root.

    -

    If the target user is the source user the default principal name -is set to the default principal of the source cache. If the -cache does not exist then the default principal name is set to -target_user@local_realm. If the source and target users are -different and neither ~target_user/.k5users nor -~target_user/.k5login exist then the default principal name -is target_user_login_name@local_realm. Otherwise, starting -with the first principal listed below, ksu checks if the -principal is authorized to access the target account and whether -there is a legitimate ticket for that principal in the source -cache. If both conditions are met that principal becomes the -default target principal, otherwise go to the next principal.

    -
      -
    1. default principal of the source cache

    2. -
    3. target_user@local_realm

    4. -
    5. source_user@local_realm

    6. -
    -

    If a-c fails try any principal for which there is a ticket in -the source cache and that is authorized to access the target -account. If that fails select the first principal that is -authorized to access the target account from the above list. If -none are authorized and ksu is configured with -PRINC_LOOK_AHEAD turned on, select the default principal as -follows:

    -

    For each candidate in the above list, select an authorized -principal that has the same realm name and first part of the -principal name equal to the prefix of the candidate. For -example if candidate a) is jqpublic@ISI.EDU and -jqpublic/secure@ISI.EDU is authorized to access the target -account then the default principal is set to -jqpublic/secure@ISI.EDU.

    -
  • -
  • Case 2: source user is root.

    -

    If the target user is non-root then the default principal name -is target_user@local_realm. Else, if the source cache -exists the default principal name is set to the default -principal of the source cache. If the source cache does not -exist, default principal name is set to root\@local_realm.

    -
  • -
-
-
-

-c source_cache_name

-
-

Specify source cache name (e.g., -c FILE:/tmp/my_cache). If --c option is not used then the name is obtained from -KRB5CCNAME environment variable. If KRB5CCNAME is not -defined the source cache name is set to krb5cc_<source uid>. -The target cache name is automatically set to krb5cc_<target -uid>.(gen_sym()), where gen_sym generates a new number such that -the resulting cache does not already exist. For example:

-
krb5cc_1984.2
-
-
-
-
-
-k

Do not delete the target cache upon termination of the target -shell or a command (-e command). Without -k, ksu deletes -the target cache.

-
-
-z

Restrict the copy of tickets from the source cache to the target -cache to only the tickets where client == the target principal -name. Use the -n option if you want the tickets for other then -the default principal. Note that the -z option is mutually -exclusive with the -Z option.

-
-
-Z

Don’t copy any tickets from the source cache to the target cache. -Just create a fresh target cache, where the default principal name -of the cache is initialized to the target principal name. Note -that the -Z option is mutually exclusive with the -z -option.

-
-
-q

Suppress the printing of status messages.

-
-
-

Ticket granting ticket options:

-
-
-l lifetime -r time -p -P -f -F

The ticket granting ticket options only apply to the case where -there are no appropriate tickets in the cache to authenticate the -source user. In this case if ksu is configured to prompt users -for a Kerberos password (GET_TGT_VIA_PASSWD is defined), the -ticket granting ticket options that are specified will be used -when getting a ticket granting ticket from the Kerberos server.

-
-
-l lifetime

(Time duration string.) Specifies the lifetime to be requested -for the ticket; if this option is not specified, the default ticket -lifetime (12 hours) is used instead.

-
-
-r time

(Time duration string.) Specifies that the renewable option -should be requested for the ticket, and specifies the desired -total lifetime of the ticket.

-
-
-p

specifies that the proxiable option should be requested for -the ticket.

-
-
-P

specifies that the proxiable option should not be requested -for the ticket, even if the default configuration is to ask for -proxiable tickets.

-
-
-f

option specifies that the forwardable option should be -requested for the ticket.

-
-
-F

option specifies that the forwardable option should not be -requested for the ticket, even if the default configuration is to -ask for forwardable tickets.

-
-
-e command [args …]

ksu proceeds exactly the same as if it was invoked without the --e option, except instead of executing the target shell, ksu -executes the specified command. Example of usage:

-
ksu bob -e ls -lag
-
-
-

The authorization algorithm for -e is as follows:

-

If the source user is root or source user == target user, no -authorization takes place and the command is executed. If source -user id != 0, and ~target_user/.k5users file does not exist, -authorization fails. Otherwise, ~target_user/.k5users file -must have an appropriate entry for target principal to get -authorized.

-

The .k5users file format:

-

A single principal entry on each line that may be followed by a -list of commands that the principal is authorized to execute. A -principal name followed by a * means that the user is -authorized to execute any command. Thus, in the following -example:

-
jqpublic@USC.EDU ls mail /local/kerberos/klist
-jqpublic/secure@USC.EDU *
-jqpublic/admin@USC.EDU
-
-
-

jqpublic@USC.EDU is only authorized to execute ls, -mail and klist commands. jqpublic/secure@USC.EDU is -authorized to execute any command. jqpublic/admin@USC.EDU is -not authorized to execute any command. Note, that -jqpublic/admin@USC.EDU is authorized to execute the target -shell (regular ksu, without the -e option) but -jqpublic@USC.EDU is not.

-

The commands listed after the principal name must be either a full -path names or just the program name. In the second case, -CMD_PATH specifying the location of authorized programs must -be defined at the compilation time of ksu. Which command gets -executed?

-

If the source user is root or the target user is the source user -or the user is authorized to execute any command (* entry) -then command can be either a full or a relative path leading to -the target program. Otherwise, the user must specify either a -full path or just the program name.

-
-
-a args

Specify arguments to be passed to the target shell. Note that all -flags and parameters following -a will be passed to the shell, -thus all options intended for ksu must precede -a.

-

The -a option can be used to simulate the -e option if -used as follows:

-
-a -c [command [arguments]].
-
-
-

-c is interpreted by the c-shell to execute the command.

-
-
-
-
-

INSTALLATION INSTRUCTIONS¶

-

ksu can be compiled with the following four flags:

-
-
GET_TGT_VIA_PASSWD

In case no appropriate tickets are found in the source cache, the -user will be prompted for a Kerberos password. The password is -then used to get a ticket granting ticket from the Kerberos -server. The danger of configuring ksu with this macro is if the -source user is logged in remotely and does not have a secure -channel, the password may get exposed.

-
-
PRINC_LOOK_AHEAD

During the resolution of the default principal name, -PRINC_LOOK_AHEAD enables ksu to find principal names in -the .k5users file as described in the OPTIONS section -(see -n option).

-
-
CMD_PATH

Specifies a list of directories containing programs that users are -authorized to execute (via .k5users file).

-
-
HAVE_GETUSERSHELL

If the source user is non-root, ksu insists that the target user’s -shell to be invoked is a “legal shellâ€. getusershell(3) is -called to obtain the names of “legal shellsâ€. Note that the -target user’s shell is obtained from the passwd file.

-
-
-

Sample configuration:

-
KSU_OPTS = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin"
-
-
-

ksu should be owned by root and have the set user id bit turned on.

-

ksu attempts to get a ticket for the end server just as Kerberized -telnet and rlogin. Thus, there must be an entry for the server in the -Kerberos database (e.g., host/nii.isi.edu@ISI.EDU). The keytab -file must be in an appropriate location.

-
-
-

SIDE EFFECTS¶

-

ksu deletes all expired tickets from the source cache.

-
-
-

AUTHOR OF KSU¶

-

GENNADY (ARI) MEDVINSKY

-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kerberos, kinit

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_commands/kswitch.html b/krb5-1.21.3/doc/html/user/user_commands/kswitch.html deleted file mode 100644 index 808bceea..00000000 --- a/krb5-1.21.3/doc/html/user/user_commands/kswitch.html +++ /dev/null @@ -1,189 +0,0 @@ - - - - - - - - - kswitch — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kswitch¶

-
-

SYNOPSIS¶

-

kswitch -{-c cachename|-p principal}

-
-
-

DESCRIPTION¶

-

kswitch makes the specified credential cache the primary cache for the -collection, if a cache collection is available.

-
-
-

OPTIONS¶

-
-
-c cachename

Directly specifies the credential cache to be made primary.

-
-
-p principal

Causes the cache collection to be searched for a cache containing -credentials for principal. If one is found, that collection is -made primary.

-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

FILES¶

-
-
DEFCCNAME

Default location of Kerberos 5 credentials cache

-
-
-
-
-

SEE ALSO¶

-

kinit, kdestroy, klist, -kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_commands/kvno.html b/krb5-1.21.3/doc/html/user/user_commands/kvno.html deleted file mode 100644 index 18c4079f..00000000 --- a/krb5-1.21.3/doc/html/user/user_commands/kvno.html +++ /dev/null @@ -1,247 +0,0 @@ - - - - - - - - - kvno — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kvno¶

-
-

SYNOPSIS¶

-

kvno -[-c ccache] -[-e etype] -[-k keytab] -[-q] -[-u | -S sname] -[-P] -[–cached-only] -[–no-store] -[–out-cache cache] -[[{-F cert_file | {-I | -U} for_user} [-P]] | –u2u ccache] -service1 service2 …

-
-
-

DESCRIPTION¶

-

kvno acquires a service ticket for the specified Kerberos principals -and prints out the key version numbers of each.

-
-
-

OPTIONS¶

-
-
-c ccache

Specifies the name of a credentials cache to use (if not the -default)

-
-
-e etype

Specifies the enctype which will be requested for the session key -of all the services named on the command line. This is useful in -certain backward compatibility situations.

-
-
-k keytab

Decrypt the acquired tickets using keytab to confirm their -validity.

-
-
-q

Suppress printing output when successful. If a service ticket -cannot be obtained, an error message will still be printed and -kvno will exit with nonzero status.

-
-
-u

Use the unknown name type in requested service principal names. -This option Cannot be used with -S.

-
-
-P

Specifies that the service1 service2 … arguments are to be -treated as services for which credentials should be acquired using -constrained delegation. This option is only valid when used in -conjunction with protocol transition.

-
-
-S sname

Specifies that the service1 service2 … arguments are -interpreted as hostnames, and the service principals are to be -constructed from those hostnames and the service name sname. -The service hostnames will be canonicalized according to the usual -rules for constructing service principals.

-
-
-I for_user

Specifies that protocol transition (S4U2Self) is to be used to -acquire a ticket on behalf of for_user. If constrained -delegation is not requested, the service name must match the -credentials cache client principal.

-
-
-U for_user

Same as -I, but treats for_user as an enterprise name.

-
-
-F cert_file

Specifies that protocol transition is to be used, identifying the -client principal with the X.509 certificate in cert_file. The -certificate file must be in PEM format.

-
-
–cached-only

Only retrieve credentials already present in the cache, not from -the KDC. (Added in release 1.19.)

-
-
–no-store

Do not store retrieved credentials in the cache. If -–out-cache is also specified, credentials will still be -stored into the output credential cache. (Added in release 1.19.)

-
-
–out-cache ccache

Initialize ccache and store all retrieved credentials into it. -Do not store acquired credentials in the input cache. (Added in -release 1.19.)

-
-
–u2u ccache

Requests a user-to-user ticket. ccache must contain a local -krbtgt ticket for the server principal. The reported version -number will typically be 0, as the resulting ticket is not -encrypted in the server’s long-term key.

-
-
-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

FILES¶

-
-
DEFCCNAME

Default location of the credentials cache

-
-
-
-
-

SEE ALSO¶

-

kinit, kdestroy, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_commands/sclient.html b/krb5-1.21.3/doc/html/user/user_commands/sclient.html deleted file mode 100644 index 1f5ff902..00000000 --- a/krb5-1.21.3/doc/html/user/user_commands/sclient.html +++ /dev/null @@ -1,169 +0,0 @@ - - - - - - - - - sclient — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

sclient¶

-
-

SYNOPSIS¶

-

sclient remotehost

-
-
-

DESCRIPTION¶

-

sclient is a sample application, primarily useful for testing -purposes. It contacts a sample server sserver and -authenticates to it using Kerberos version 5 tickets, then displays -the server’s response.

-
-
-

ENVIRONMENT¶

-

See kerberos for a description of Kerberos environment -variables.

-
-
-

SEE ALSO¶

-

kinit, sserver, kerberos

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_config/index.html b/krb5-1.21.3/doc/html/user/user_config/index.html deleted file mode 100644 index 4154d2de..00000000 --- a/krb5-1.21.3/doc/html/user/user_config/index.html +++ /dev/null @@ -1,147 +0,0 @@ - - - - - - - - - User config files — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

User config files¶

-

The following files in your home directory can be used to control the -behavior of Kerberos as it applies to your account (unless they have -been disabled by your host’s configuration):

- -
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_config/k5identity.html b/krb5-1.21.3/doc/html/user/user_config/k5identity.html deleted file mode 100644 index e4ebf6b1..00000000 --- a/krb5-1.21.3/doc/html/user/user_config/k5identity.html +++ /dev/null @@ -1,195 +0,0 @@ - - - - - - - - - .k5identity — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

.k5identity¶

-
-

DESCRIPTION¶

-

The .k5identity file, which resides in a user’s home directory, -contains a list of rules for selecting a client principals based on -the server being accessed. These rules are used to choose a -credential cache within the cache collection when possible.

-

Blank lines and lines beginning with # are ignored. Each line has -the form:

-
-

principal field=value …

-
-

If the server principal meets all of the field constraints, then -principal is chosen as the client principal. The following fields are -recognized:

-
-
realm

If the realm of the server principal is known, it is matched -against value, which may be a pattern using shell wildcards. -For host-based server principals, the realm will generally only be -known if there is a [domain_realm] section in -krb5.conf with a mapping for the hostname.

-
-
service

If the server principal is a host-based principal, its service -component is matched against value, which may be a pattern using -shell wildcards.

-
-
host

If the server principal is a host-based principal, its hostname -component is converted to lower case and matched against value, -which may be a pattern using shell wildcards.

-

If the server principal matches the constraints of multiple lines -in the .k5identity file, the principal from the first matching -line is used. If no line matches, credentials will be selected -some other way, such as the realm heuristic or the current primary -cache.

-
-
-
-
-

EXAMPLE¶

-

The following example .k5identity file selects the client principal -alice@KRBTEST.COM if the server principal is within that realm, -the principal alice/root@EXAMPLE.COM if the server host is within -a servers subdomain, and the principal alice/mail@EXAMPLE.COM when -accessing the IMAP service on mail.example.com:

-
alice@KRBTEST.COM       realm=KRBTEST.COM
-alice/root@EXAMPLE.COM  host=*.servers.example.com
-alice/mail@EXAMPLE.COM  host=mail.example.com service=imap
-
-
-
-
-

SEE ALSO¶

-

kerberos(1), krb5.conf

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_config/k5login.html b/krb5-1.21.3/doc/html/user/user_config/k5login.html deleted file mode 100644 index 97afc40c..00000000 --- a/krb5-1.21.3/doc/html/user/user_config/k5login.html +++ /dev/null @@ -1,186 +0,0 @@ - - - - - - - - - .k5login — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

.k5login¶

-
-

DESCRIPTION¶

-

The .k5login file, which resides in a user’s home directory, contains -a list of the Kerberos principals. Anyone with valid tickets for a -principal in the file is allowed host access with the UID of the user -in whose home directory the file resides. One common use is to place -a .k5login file in root’s home directory, thereby granting system -administrators remote root access to the host via Kerberos.

-
-
-

EXAMPLES¶

-

Suppose the user alice had a .k5login file in her home directory -containing just the following line:

-
bob@FOOBAR.ORG
-
-
-

This would allow bob to use Kerberos network applications, such as -ssh(1), to access alice’s account, using bob’s Kerberos -tickets. In a default configuration (with k5login_authoritative set -to true in krb5.conf), this .k5login file would not let -alice use those network applications to access her account, since -she is not listed! With no .k5login file, or with k5login_authoritative -set to false, a default rule would permit the principal alice in the -machine’s default realm to access the alice account.

-

Let us further suppose that alice is a system administrator. -Alice and the other system administrators would have their principals -in root’s .k5login file on each host:

-
alice@BLEEP.COM
-
-joeadmin/root@BLEEP.COM
-
-
-

This would allow either system administrator to log in to these hosts -using their Kerberos tickets instead of having to type the root -password. Note that because bob retains the Kerberos tickets for -his own principal, bob@FOOBAR.ORG, he would not have any of the -privileges that require alice’s tickets, such as root access to -any of the site’s hosts, or the ability to change alice’s -password.

-
-
-

SEE ALSO¶

-

kerberos(1)

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/html/user/user_config/kerberos.html b/krb5-1.21.3/doc/html/user/user_config/kerberos.html deleted file mode 100644 index fcc718c8..00000000 --- a/krb5-1.21.3/doc/html/user/user_config/kerberos.html +++ /dev/null @@ -1,303 +0,0 @@ - - - - - - - - - kerberos — MIT Kerberos Documentation - - - - - - - - - - - - - - -
-
- - -

MIT Kerberos Documentation

- -
- - Contents | - previous | - next | - index | - Search | - feedback -
-
-
- -
-
-
- -
-
-
- -
-

kerberos¶

-
-

DESCRIPTION¶

-

The Kerberos system authenticates individual users in a network -environment. After authenticating yourself to Kerberos, you can use -Kerberos-enabled programs without having to present passwords or -certificates to those programs.

-

If you receive the following response from kinit:

-

kinit: Client not found in Kerberos database while getting initial -credentials

-

you haven’t been registered as a Kerberos user. See your system -administrator.

-

A Kerberos name usually contains three parts. The first is the -primary, which is usually a user’s or service’s name. The second -is the instance, which in the case of a user is usually null. -Some users may have privileged instances, however, such as root or -admin. In the case of a service, the instance is the fully -qualified name of the machine on which it runs; i.e. there can be an -ssh service running on the machine ABC (ssh/ABC@REALM), which is -different from the ssh service running on the machine XYZ -(ssh/XYZ@REALM). The third part of a Kerberos name is the realm. -The realm corresponds to the Kerberos service providing authentication -for the principal. Realms are conventionally all-uppercase, and often -match the end of hostnames in the realm (for instance, host01.example.com -might be in realm EXAMPLE.COM).

-

When writing a Kerberos name, the principal name is separated from the -instance (if not null) by a slash, and the realm (if not the local -realm) follows, preceded by an “@†sign. The following are examples -of valid Kerberos names:

-
david
-jennifer/admin
-joeuser@BLEEP.COM
-cbrown/root@FUBAR.ORG
-
-
-

When you authenticate yourself with Kerberos you get an initial -Kerberos ticket. (A Kerberos ticket is an encrypted protocol -message that provides authentication.) Kerberos uses this ticket for -network utilities such as ssh. The ticket transactions are done -transparently, so you don’t have to worry about their management.

-

Note, however, that tickets expire. Administrators may configure more -privileged tickets, such as those with service or instance of root -or admin, to expire in a few minutes, while tickets that carry -more ordinary privileges may be good for several hours or a day. If -your login session extends beyond the time limit, you will have to -re-authenticate yourself to Kerberos to get new tickets using the -kinit command.

-

Some tickets are renewable beyond their initial lifetime. This -means that kinit -R can extend their lifetime without requiring -you to re-authenticate.

-

If you wish to delete your local tickets, use the kdestroy -command.

-

Kerberos tickets can be forwarded. In order to forward tickets, you -must request forwardable tickets when you kinit. Once you have -forwardable tickets, most Kerberos programs have a command line option -to forward them to the remote host. This can be useful for, e.g., -running kinit on your local machine and then sshing into another to do -work. Note that this should not be done on untrusted machines since -they will then have your tickets.

-
-
-

ENVIRONMENT VARIABLES¶

-

Several environment variables affect the operation of Kerberos-enabled -programs. These include:

-
-
KRB5CCNAME

Default name for the credentials cache file, in the form -TYPE:residual. The type of the default cache may determine -the availability of a cache collection. FILE is not a -collection type; KEYRING, DIR, and KCM are.

-

If not set, the value of default_ccache_name from -configuration files (see KRB5_CONFIG) will be used. If that -is also not set, the default type is FILE, and the -residual is the path /tmp/krb5cc_*uid*, where uid is the -decimal user ID of the user.

-
-
KRB5_KTNAME

Specifies the location of the default keytab file, in the form -TYPE:residual. If no type is present, the FILE type is -assumed and residual is the pathname of the keytab file. If -unset, DEFKTNAME will be used.

-
-
KRB5_CONFIG

Specifies the location of the Kerberos configuration file. The -default is SYSCONFDIR/krb5.conf. Multiple filenames can -be specified, separated by a colon; all files which are present -will be read.

-
-
KRB5_KDC_PROFILE

Specifies the location of the KDC configuration file, which -contains additional configuration directives for the Key -Distribution Center daemon and associated programs. The default -is LOCALSTATEDIR/krb5kdc/kdc.conf.

-
-
KRB5RCACHENAME

(New in release 1.18) Specifies the location of the default replay -cache, in the form type:residual. The file2 type with a -pathname residual specifies a replay cache file in the version-2 -format in the specified location. The none type (residual is -ignored) disables the replay cache. The dfl type (residual is -ignored) indicates the default, which uses a file2 replay cache in -a temporary directory. The default is dfl:.

-
-
KRB5RCACHETYPE

Specifies the type of the default replay cache, if -KRB5RCACHENAME is unspecified. No residual can be specified, -so none and dfl are the only useful types.

-
-
KRB5RCACHEDIR

Specifies the directory used by the dfl replay cache type. -The default is the value of the TMPDIR environment variable, -or /var/tmp if TMPDIR is not set.

-
-
KRB5_TRACE

Specifies a filename to write trace log output to. Trace logs can -help illuminate decisions made internally by the Kerberos -libraries. For example, env KRB5_TRACE=/dev/stderr kinit -would send tracing information for kinit to -/dev/stderr. The default is not to write trace log output -anywhere.

-
-
KRB5_CLIENT_KTNAME

Default client keytab file name. If unset, DEFCKTNAME will be -used).

-
-
KPROP_PORT

kprop port to use. Defaults to 754.

-
-
GSS_MECH_CONFIG

Specifies a filename containing GSSAPI mechanism module -configuration. The default is to read SYSCONFDIR/gss/mech -and files with a .conf suffix within the directory -SYSCONFDIR/gss/mech.d.

-
-
-

Most environment variables are disabled for certain programs, such as -login system programs and setuid programs, which are designed to be -secure when run within an untrusted process environment.

-
-
-

SEE ALSO¶

-

kdestroy, kinit, klist, -kswitch, kpasswd, ksu, -krb5.conf, kdc.conf, kadmin, -kadmind, kdb5_util, krb5kdc

-
-
-

BUGS¶

-
-
-

AUTHORS¶

-
-
Steve Miller, MIT Project Athena/Digital Equipment Corporation
-
Clifford Neuman, MIT Project Athena
-
Greg Hudson, MIT Kerberos Consortium
-
Robbie Harwood, Red Hat, Inc.
-
-
-
-

HISTORY¶

-

The MIT Kerberos 5 implementation was developed at MIT, with -contributions from many outside parties. It is currently maintained -by the MIT Kerberos Consortium.

-
-
-

RESTRICTIONS¶

-

Copyright 1985, 1986, 1989-1996, 2002, 2011, 2018 Masachusetts -Institute of Technology

-
-
- - -
-
-
-
-
- -
-
-
- - - - - \ No newline at end of file diff --git a/krb5-1.21.3/doc/index.rst b/krb5-1.21.3/doc/index.rst deleted file mode 100644 index 543a9d1b..00000000 --- a/krb5-1.21.3/doc/index.rst +++ /dev/null @@ -1,18 +0,0 @@ -MIT Kerberos Documentation (|release|) -====================================== - - -.. toctree:: - :maxdepth: 1 - - user/index.rst - admin/index.rst - appdev/index.rst - plugindev/index.rst - build/index.rst - basic/index.rst - formats/index.rst - mitK5features.rst - build_this.rst - about.rst - resources diff --git a/krb5-1.21.3/doc/iprop-notes.txt b/krb5-1.21.3/doc/iprop-notes.txt deleted file mode 100644 index b620773d..00000000 --- a/krb5-1.21.3/doc/iprop-notes.txt +++ /dev/null @@ -1,140 +0,0 @@ -Some (intentional) changes from Sun's submission are noted in the -install guide. - -Bugs or issues: - -The "full resync" part of the protocol involves the primary side -firing off a normal kprop (and going back to servicing requests), and -the replica side stopping all the incremental propagation stuff and -waiting for the kprop. If the connection from the primary never comes -in for some reason, the replica side just blocks forever, and never -resumes incremental propagation. - -The protocol does not currently pass policy database changes; this was -an intentional decision on Sun's part. The policy database is only -relevant to the primary KDC, and is usually fairly static (aside from -refcount updates), but not propagating it does mean that a replica -maintained via iprop can't simply be promoted to a primary in disaster -recovery or other cases without doing a full propagation or restoring -a database from backups. - -Shawn had a good suggestion after I started the integration work, and -which I haven't had a chance to implement: Make the update-log code -fit in as a sort of pseudo-database layer via the DAL, being called -through the standard DAL methods, and doing its work around calls -through to the real database back end again through the DAL methods. -So for example, creating a "iprop+db2" database would create an update -log and the real db2 database; storing a principal entry would update -the update log as well; etc. At least initially, we wouldn't treat it -as a differently-named database; the installation of the hooks would -be done by explicitly checking if iprop is enabled, etc. - -The "iprop role" is assumed to be either primary or replica. The -primary writes a log, and the replica fetches it. But what about a -cascade propagation model where A sends to B which sends to C, perhaps -because A's bandwidth is highly limited, or B and C are co-located? -In such a case, B would want to operate in both modes. Granted, with -iprop the bandwidth issues should be less important, but there may -still be reasons one may wish to run in such a configuration. - -The propagation of changes does not happen in real time. It's not a -"push" protocol; the replicas poll periodically for changes. Perhaps -a future revision of the protocol could address that. - -kadmin/cli/kadmin.c call to kadm5_init_iprop - is this needed in -client-side program? Should it be done in libkadm5srv instead as part -of the existing kadm5_init* so that database-accessing applications -that don't get updated at the source level will automatically start -changing the update log as needed? - -Locking: Currently DAL exports the DB locking interface to the caller; -we want to slip the iprop code in between -- run it plus the DB update -operation with the DB lock held, whether or not the caller grabbed the -lock. (Does the caller always grab the lock before making changes?) -Currently we're using a file lock on the update log itself; this will -be independent of whether the DB back end implements locking (which -may be a good thing or a bad thing, depending). - -Various logging calls with odd format strings like "" should be -fixed. - -Why are different principal names used, when incremental propagation -requires that normal kprop (which uses host principals) be possible -anyways? - -Why is this tied to kadmind, aside from (a) wanting to prevent other -db changes, which locking protocols should deal with anyways, (b) -existing acl code, (c) existing server process? - -The incremental propagation protocol requires an ACL entry on the -primary, listing the replica. Since the full-resync part uses normal -kprop, the replica also has to have an ACL entry for the primary. If -this is missing, I suspect the behavior will be that every two -minutes, the primary side will (at the prompting of the replica) dump -out the database and attempt a full propagation. - -Possible optimizations: If an existing dump file has a recent enough -serial number, just send it, without dumping again? Use just one dump -file instead of one per replica? - -Requiring normal kprop means the replica still can't be behind a NAT -or firewall without special configuration. The incremental parts can -work in such a configuration, so long as outgoing TCP connections are -allowed. - -Still limited to IPv4 because of limitations in MIT's version of the -RPC code. (This could be fixed for kprop, if IPv6 sites want to do -full propagation only. Doing incremental propagation over IPv6 will -take work on the RPC library, and probably introduce -backwards-incompatible ABI changes.) - -Overflow checks for ulogentries times block size? - -If file can't be made the size indicated by ulogentries, should we -truncate or error out? If we error out, this could blow out when -resizing the log because of a too-large log entry. - -The kprop invocation doesn't specify a realm name, so it'll only work -for the default realm. No clean way to specify a port number, either. -Would it be overkill to come up with a way to configure host+port for -kpropd on the primary? Preferably in a way that'd support cascading -propagations. - -The kadmind process, when it needs to run kprop, extracts the replica -host name from the client principal name. It assumes that the -principal name will be of the form foo/hostname@REALM, and looks -specifically for the "/" and "@" to chop up the string form of the -name. If looking up that name won't give a working IPv4 address for -the replica, kprop will fail (and kpropd will keep waiting, -incremental updates will stop, etc). - -Mapping between file offsets and structure addresses, we should be -careful about alignment. We're probably okay on current platforms, -but if we break log-format compatibility with Sun at some point, use -the chance to make the kdb_ent_header_t offsets be more strictly -aligned in the file. (16 or 32 bytes?) - -Not thread safe! The kdb5.c code will get a lock on the update log -file while making changes, but the lock is per-process. Currently -there are no processes I know of that use multiple threads and change -the database. (There's the Novell patch to make the KDC -multithreaded, but the kdc-kdb-update option doesn't currently -compile.) - -Logging in kpropd is poor to useless. If there are any problems, run -it in debug mode ("-d"). You'll still lose all output from the -invocation of kdb5_util dump and kprop run out of kadmind. - -Other man page updates needed: Anything with new -x options. - -Comments from lha: - -Verify both client and server are demanding privacy from RPC. - -Authorization code in check_iprop_rpcsec_auth is weird. Check realm -checking, is it trusting the client realm length? - -What will happen if my realm is named "A" and I can get a cross realm -(though multihop) to ATHENA.MIT.EDU's iprop server? - -Why is the ACL not applied before we get to the functions themselves? diff --git a/krb5-1.21.3/doc/kadm5-errmsg.txt b/krb5-1.21.3/doc/kadm5-errmsg.txt deleted file mode 100644 index 76404bca..00000000 --- a/krb5-1.21.3/doc/kadm5-errmsg.txt +++ /dev/null @@ -1,59 +0,0 @@ -Proposed approach for passing more detailed error messages across the -kadm5 API: - -We've already got too many init functions and too many options. -Multiplying the number of init functions isn't feasible. - -Create an (opaque to application) init-options type, create/destroy -functions for it, set-creds/set-keytab/set-password functions, and a -kadm5-init-with-options function. (Optional: Reimplement the current -init functions as wrappers around these.) - -Add a set-context function which saves away in the init-options object -a krb5_context to be used in the new server handle instead of creating -a new one. (Destroying a server handle with such a "borrowed" krb5 -context should probably not destroy the context.) Calls within the -library should store any error messages in the context contained in -the server handle. Error messages produced during initialization -should also be stored in this context. - -The caller of these functions can use krb5_get_error_message to -extract the text of the error message from the supplied context. - -Unless we determine it's safe, we should probably assert (for now) -that each server handle must have a different context. (That's aside -from the thread safety issues.) - -These contexts should have been created with kadm5_init_krb5_context, -which will decide whether to look at the KDC config file depending on -whether you're using the client-side or server-side version of the -library. (Same as for kadmin vs kadmin.local.) - -Notes: - - * The existing API must continue to work, without changes. There is - external code we need to continue to support. - - * We considered a variant where the application could retrieve the - error message from the server handle using a new - kadm5_get_error_message function. However, the initialization code - is one likely place where the errors would occur (can't - authenticate, etc), and in that case, there is no server handle - from which to extract the context. - - A function to retrieve the library-created krb5_context from the - server handle would have the same problem. - - Using a separate approach to deal with errors at initialization - time, in combination with the above, might work. But we still wind - up either creating the init-with-options interface or adding - error-message-return variants of multiple existing init functions. - -To do: - - * Write up specifics (including function names -- the names used here - aren't meant to be definitive) and discuss on krbdev. - - * Implement library part. - - * Change kadmin and kdc to use it. diff --git a/krb5-1.21.3/doc/kadm5/adb-unit-test.tex b/krb5-1.21.3/doc/kadm5/adb-unit-test.tex deleted file mode 100644 index 0595c672..00000000 --- a/krb5-1.21.3/doc/kadm5/adb-unit-test.tex +++ /dev/null @@ -1,135 +0,0 @@ -% This document is included for historical purposes only, and does not -% apply to krb5 today. - -\documentstyle[times,fullpage]{article} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Make _ actually generate an _, and allow line-breaking after it. -\let\underscore=\_ -\catcode`_=13 -\def_{\underscore\penalty75\relax} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -\newcommand{\test}[1]{\begin{description} -\setlength{\itemsep}{0pt} -#1 -\end{description} - -} - -\newcommand{\numtest}[2]{\begin{description} -\setlength{\itemsep}{0pt} -\Number{#1} -#2 -\end{description} - -} - -\newcommand{\Number}[1]{\item[Number:] #1} -\newcommand{\Reason}[1]{\item[Reason:] #1} -%\newcommand{\Call}[1]{\item[Call:] #1} -\newcommand{\Expected}[1]{\item[Expected:] #1} -\newcommand{\Conditions}[1]{\item[Conditions:] #1} -\newcommand{\Priority}[1]{\item[Priority:] #1} -\newcommand{\Status}[1]{\item[Status:] #1} -%\newcommand{\Number}[1]{} -%\newcommand{\Reason}[1]{} -\newcommand{\Call}[1]{} -%\newcommand{\Expected}[1]{} -%\newcommand{\Conditions}[1]{} -%\newcommand{\Priority}[1]{} - -\title{OpenV*Secure Admin Database API\\ -Unit Test Description} -\author{Jonathan I. Kamens} - -\begin{document} - -\maketitle - -%\tableofcontents - -\section{Introduction} - -The following is a description of a black-box unit test of the -OpenV*Secure Admin Database API (osa_adb). Each API function is -listed, followed by the tests that should be performed on it. - -The tests described here are based on the ``OV*Secure Admin Server -Implementation Design'' revision 1.14. - -\section{osa_adb_get_lock and osa_adb_release_lock} - -\numtest{1}{ -\Reason{A shared lock can be acquired.} -\Status{Implemented} -} - -\numtest{2}{ -\Reason{An exclusive lock can be acquired and released.} -\Status{Implemented} -} - -\numtest{3}{ -\Reason{A permanent lock can be acquired and released.} -\Status{Implemented} -} - -\numtest{4}{ -\Reason{Attempting to release a lock when none is held fails with -NOTLOCKED.} -\Status{Implemented} -} - -\numtest{5}{ -\Reason{Two processes can both acquire a shared lock.} -\Status{Implemented} -} - -\numtest{6}{ -\Reason{An attempt to acquire a shared lock while another process holds an -exclusive lock fails with CANTLOCK_DB.} -\Status{Implemented} -} - -\numtest{7}{ -\Reason{An attempt to acquire an exclusive lock while another process holds a -shared lock fails with CANTLOCK_DB.} -\Status{Implemented} -} - -\numtest{8}{ -\Reason{An attempt to open the database while a process holds a -permanent lock fails with NO_LOCKFILE.} -\Status{Implemented} -} - -\numtest{9}{ -\Reason{An attempt to acquire an exclusive lock while a process holds a -permanent lock fails with NO_LOCKFILE.} -\Status{Implemented} -} - -\numtest{10}{ -\Reason{Acquiring a permanent lock deletes the lockfile.} -\Status{Implemented} -} - -\numtest{11}{ -\Reason{Releasing a permanent lock re-creates the lockfile.} -\Status{Implemented} -} - -\numtest{12}{ -\Reason{A process can perform a get operation while another process holds a -shared lock.} -\Status{Implemented} -} - -\numtest{13}{ -\Reason{A process that is running and has opened the adb principal database -can retrieve a principal created after the open occurred.} -\Status{Implemented, but not working} -} - -\end{document} diff --git a/krb5-1.21.3/doc/kadm5/api-funcspec.tex b/krb5-1.21.3/doc/kadm5/api-funcspec.tex deleted file mode 100644 index b633cef1..00000000 --- a/krb5-1.21.3/doc/kadm5/api-funcspec.tex +++ /dev/null @@ -1,2015 +0,0 @@ -% This document is included for historical purposes only, and does not -% apply to krb5 today. - -\documentstyle[12pt,fullpage]{article} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Make _ actually generate an _, and allow line-breaking after it. -\let\underscore=\_ -\catcode`_=13 -\def_{\underscore\penalty75\relax} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -\setlength{\parskip}{.7\baselineskip} -\setlength{\parindent}{0pt} - -\def\v#1{\verb+#1+} - -\title{Kerberos Administration System \\ - KADM5 API Functional Specifications} -\author{Barry Jaspan} - -\begin{document} - -\sloppy -\maketitle - -{\setlength{\parskip}{0pt}\tableofcontents} - -\section{Introduction} - -This document describes the Admin API that can be used to maintain -principals and policies. It describes the data structures used for -each function and the interpretation of each data type field, the -semantics of each API function, and the possible return codes. - -The Admin API is intended to be used by remote clients using an RPC -interface. It is implemented by the admin server running on the -Kerberos master server. It is also possible for a program running on -the Kerberos master server to use the Admin API directly, without -going through the admin server. - -\section{Versions of the API} - -The versions of this API and a brief description of the changes for -each are: - -\begin{description} -\item[KADM5_API_VERSION_1] The initial version of this API, written by -OpenVision Technologies and donated to MIT for including in the public -release. Originally called OVSEC_KADM_API_VERSION_1. Most everything -has been renamed in one way or another, including functions, header -files, and data structures. Where possible, the old OVSEC_KADM names -have been left behind for compatibility with version 1, and -KADM5_API_VERSION_1 is compatible with OVSEC_KADM_API_VERSION_1 at -compile-, link-, and run-time. - -The OVSEC_KADM name compatibility will not be extended to new -functionality in future versions because no existing OVSEC_KADM -clients will use that functionality; new clients should be written to -the KADM5 API. - -\item[KADM5_API_VERSION_2] This version contains the initial changes -necessary to make the OpenVision administration system work with the -mid-1996 MIT version of Kerberos 5. Changes include -\begin{enumerate} -\item The kadm5_init functions now take a structure of parameters -instead of just a realm name, allowing the calling program to specify -non-default values for various configuration options. See section -\ref{sec:configparams} for details. - -\item The KADM5 API has been extended to support new features of the -Kerberos database, including multiple encryption and salt types per -principal. See section \ref{sec:keys} for details. - -\item kadm5_get_principal now allows a principal's keys to be -retrieved {\it by local clients only}. This is necessary in order for -the kadm5 API to provide the primary Kerberos database interface. - -\item The KADM5 authorization system has been completely changed. - -\item The functions kadm5_flush, kadm5_get_principals, and -kadm5_get_policies have been added. - -\item The KADM5 API now obeys a caller-allocates rather than -callee-allocates system. kadm5_get_principal and kadm5_get_policy are -affected. -\end{enumerate} -\end{description} - -\section{Policies and Password Quality} - -The Admin API Password Quality mechanism provides the following -controls. Note that two strings are defined to be ``significantly -different'' if they differ by at least one character. The compare is not -case sensitive. - -\begin{itemize} -\item A minimum length can be required; a password with -fewer than the specified number of characters will not be accepted. - -\item A minimum number of character classes can be required; a -password that does not contain at least one character from at least -the specified number of character classes will not be accepted. The -character classes are defined by islower(), isupper(), isdigit(), -ispunct(), and other. - -\item Passwords can be required to be different from -previous passwords; a password that generates the same encryption key -as any of the principal's specified previous number of passwords will -not be accepted. This comparison is performed on the encryption keys -generated from the passwords, not on the passwords themselves. - -\item A single ``forbidden password'' dictionary can be specified for all -users; a password that is not significantly different from every word -in the dictionary will not be accepted. -\end{itemize} - -\section{Data Structures} - -This section describes the data structures used by the Admin API. -They are defined in $<$kadm5/admin.h$>$. - -\subsection{Principals, kadm5_principal_ent_t} -\label{sec:principal-structure} - -A Kerberos principal entry is represented by a kadm5_principal_ent_t. -It contains a subset of the information stored in the master Kerberos -database as well as the additional information maintained by the admin -system. In the current version, the only additional information is -the principal's policy and the aux_attributes flags. - -The principal may or may not have a policy enforced on it. If the -POLICY bit (see section \ref{sec:masks}) is set in aux_attributes, the -policy field names the principal's policy. If the POLICY bit is not -set in aux_attributes, no policy is enforced on the principal and the -value of the policy field is undefined. - -\begin{figure}[htbp] -\begin{verbatim} -typedef struct _kadm5_principal_ent_t { - krb5_principal principal; - - krb5_timestamp princ_expire_time; - krb5_timestamp last_pwd_change; - krb5_timestamp pw_expiration; - krb5_deltat max_life; - krb5_principal mod_name; - krb5_timestamp mod_date; - krb5_flags attributes; - krb5_kvno kvno; - krb5_kvno mkvno; - - char * policy; - u_int32 aux_attributes; - - krb5_deltat max_renewable_life; - krb5_timestamp last_success; - krb5_timestamp last_failed; - krb5_kvno fail_auth_count; - krb5_int16 n_key_data; - krb5_int16 n_tl_data; - krb5_tl_data *tl_data; - krb5_key_data *key_data; -} kadm5_principal_ent_rec, *kadm5_principal_ent_t; -\end{verbatim} -\caption{Definition of kadm5_principal_ent_t.} -\label{fig:princ-t} -\end{figure} - -The fields of an kadm5_principal_ent_t are interpreted as -follows. - -\begin{description} -\item[principal] The name of the principal; must conform to Kerberos -naming specifications. - -\item[princ_expire_time] The expire time of the principal as a Kerberos -timestamp. No Kerberos tickets will be issued for a principal after -its expire time. - -\item[last_pwd_change] The time this principal's password was last -changed, as a Kerberos timestamp. - -\item[pw_expiration] The expire time of the user's current password, as a -Kerberos timestamp. No application service tickets will be issued for the -principal once the password expire time has passed. Note that the user can -only obtain tickets for services that have the PW_CHANGE_SERVICE bit set in -the attributes field. - -\item[max_life] The maximum lifetime of any Kerberos ticket issued to -this principal. - -\item[attributes] A bitfield of attributes for use by the KDC. The -symbols and constant values are defined below; their interpretation -appears in the libkdb functional specification. - -\begin{tabular}{clr} -{\bf Name} & {\bf Value} \\ -KRB5_KDB_DISALLOW_POSTDATED & 0x00000001 \\ -KRB5_KDB_DISALLOW_FORWARDABLE & 0x00000002 \\ -KRB5_KDB_DISALLOW_TGT_BASED & 0x00000004 \\ -KRB5_KDB_DISALLOW_RENEWABLE & 0x00000008 \\ -KRB5_KDB_DISALLOW_PROXIABLE & 0x00000010 \\ -KRB5_KDB_DISALLOW_DUP_SKEY & 0x00000020 \\ -KRB5_KDB_DISALLOW_ALL_TIX & 0x00000040 \\ -KRB5_KDB_REQUIRES_PRE_AUTH & 0x00000080 \\ -KRB5_KDB_REQUIRES_HW_AUTH & 0x00000100 \\ -KRB5_KDB_REQUIRES_PWCHANGE & 0x00000200 \\ -KRB5_KDB_DISALLOW_SVR & 0x00001000 \\ -KRB5_KDB_PWCHANGE_SERVICE & 0x00002000 \\ -KRB5_KDB_SUPPORT_DESMD5 & 0x00004000 \\ -KRB5_KDB_NEW_PRINC & 0x00008000 -\end{tabular} - -\item[mod_name] The name of the Kerberos principal that most recently -modified this principal. - -\item[mod_date] The time this principal was last modified, as a Kerberos -timestamp. - -\item[kvno] The version of the principal's current key. - -\item[mkvno] The version of the Kerberos Master Key in effect when -this principal's key was last changed. In KADM5_API_VERSION_2, this -field is always zero. - -\item[policy] If the POLICY bit is set in aux_attributes, the name -of the policy controlling this principal. - -\item[aux_attributes] A bitfield of flags for use by the -administration system. Currently, the only valid flag is POLICY, and -it indicates whether or not the principal has a policy enforced on it. - -\item[max_renewable_life] The maximum renewable lifetime of any -Kerberos ticket issued to or for this principal. This field only -exists in KADM5_API_VERSION_2. - -\item[last_success] The KDC time of the last successful AS_REQ. This -is only updated if KRBCONF_KDC_MODIFIES_KDB is defined during -compilation of the KDC. This field only exists in -KADM5_API_VERSION_2. - -\item[last_failed] The KDC time of the last failed AS_REQ. This is -only updated if KRBCONF_KDC_MODIFIES_KDB is defined during compilation -of the KDC. This field only exists in KADM5_API_VERSION_2. - -\item[fail_auth_count] The number of consecutive failed AS_REQs. When -this number reaches KRB5_MAX_FAIL_COUNT, the KRB5_KDC_DISALLOW_ALL_TIX -is set on the principal. This is only updated if -KRBCONF_KDC_MODIFIES_KDB is defined during compilation. This field -only exists in KADM5_API_VERSION_2. - -\item[n_tl_data] The number of elements in the \v{tl_data} linked -list. This field only exists in KADM5_API_VERSION_2. - -\item[n_key_data] The number of elements in the \v{key_data} -array. This field only exists in KADM5_API_VERSION_2. - -\item[tl_data] A linked list of tagged data. This list is a mechanism -by which programs can store extended information in a principal entry, -without having to modify the database API. Each element is of type -krb5_tl_data: -\begin{verbatim} -typedef struct _krb5_tl_data { - struct _krb5_tl_data* tl_data_next; - krb5_int16 tl_data_type; - krb5_int16 tl_data_length; - krb5_octet * tl_data_contents; -} krb5_tl_data; -\end{verbatim} -% -The KADM5 API only allows elements whose tl_data_type is greater than -or equal to 256. Values less than 256 are reserved for internal use -by the KADM5 or kdb system. They are filtered out of the list -returned by kadm5_get_principal, and generate an error if given to -kadm5_modify_principal. - -The libkdb library defines the tagged data types -KRB5_TL_LAST_PWD_CHANGE, KRB5_TL_MOD_PRINC, and KRB5_TL_KADM_DATA, all -with values less than 256, which store the last password modification -time, time and modifier of last principal modification, and -administration system data. All of these entries are expected by the -administration system and parsed out into fields of the -kadm5_principal_ent_rec structure; as described above, they are not -included in the tl_data list. - -Tagged data elements with types greater than 256 are handled without -interpretation by KADM5. Note that an application that calls -kadm5_modify_principal with the KADM5_TL_DATA mask bit set is -responsible for providing the {\it complete} tl_data list, which it -necessarily must obtain from kadm5_get_principal. It is {\it never} -possible for an application to construct a complete tl_data list from -scratch. - -\item[key_data] An array of the principal's keys. The keys contained -in this array are encrypted in the Kerberos master key. See section -\ref{sec:keys} for a discussion of the krb5_key_data structure. -\end{description} - -\subsection{Policies, kadm5_policy_ent_t} -\label{sec:policy-fields} - -If the POLICY bit is set in aux_attributes, the \v{policy} name field -in the kadm5_principal_ent_t structure refers to a password policy -entry defined in a \v{kadm5_policy_ent_t}. - -\begin{verbatim} -typedef struct _kadm5_policy_ent_t { - char *policy; - - u_int32 pw_min_life; - u_int32 pw_max_life; - u_int32 pw_min_length; - u_int32 pw_min_classes; - u_int32 pw_history_num; - u_int32 policy_refcnt; -} kadm5_policy_ent_rec, *kadm5_policy_ent_t; -\end{verbatim} - -The fields of an kadm5_policy_ent_t are interpreted as follows. -Note that a policy's values only apply to a principal using that -policy. - -\begin{description} -\item[policy] The name of this policy, as a NULL-terminated string. -The ASCII characters between 32 (space) and 126 (tilde), inclusive, -are legal. - -\item[pw_min_life] The minimum password lifetime, in seconds. -A principal cannot change its password before pw_min_life seconds have -passed since last_pwd_change. - -\item[pw_max_life] The default duration, in seconds, used to compute -pw_expiration when a principal's password is changed. - -\item[pw_min_length] The minimum password length, in characters. A -principal cannot set its password to anything with fewer than this -number of characters. This value must be greater than zero. - -\item[pw_min_classes] The minimum number of character classes in the -password. This value can only be 1, 2, 3, 4, or 5. A principal cannot -set its password to anything with fewer than this number of character -classes in it. - -\item[pw_history_num] The number of past passwords that are -stored for the principal; the minimum value is 1 and the maximum value -is 10. A principal cannot set its password to any of its previous -pw_history_num passwords. The first ``previous'' password is the -current password; thus, a principal with a policy can never reset its -password to its current value. - -\item[policy_refcnt] The number of principals currently using this policy. -A policy cannot be deleted unless this number is zero. -\end{description} - -\subsection{Configuration parameters} -\label{sec:configparams} - -The KADM5 API acquires configuration information from the Kerberos -configuration file (\$KRB5_CONFIG or DEFAULT_PROFILE_PATH) and from -the KDC configuration file (\$KRB5_KDC_CONFIG or DEFAULT_KDC_PROFILE). -In KADM5_API_VERSION_2, some of the configuration parameters used by -the KADM5 API can be controlled by the caller by providing a -kadm5_config_params structure to kadm5_init: -% -\begin{verbatim} -typedef struct _kadm5_config_params { - u_int32 mask; - - /* Client and server fields */ - char *realm; - char *profile; - int kadmind_port; - - /* client fields */ - char *admin_server; - - /* server fields */ - char *dbname; - char *admin_dbname; - char *admin_lockfile; - char *acl_file; - char *dict_file; - char *admin_keytab; - - /* server library (database) fields */ - int mkey_from_kbd; - char *stash_file; - char *mkey_name; - krb5_enctype enctype; - krb5_deltat max_life; - krb5_deltat max_rlife; - krb5_timestamp expiration; - krb5_flags flags; - krb5_key_salt_tuple *keysalts; - krb5_int32 num_keysalts; -} kadm5_config_params; -\end{verbatim} -% -The following list describes each of the fields of the structure, -along with the profile relation it overrides, its mask value, its -default value, and whether it is valid on the client, server, or both, -or neither. -\begin{description} -\item[mask] No variable. No mask value. A bitfield specifying which -fields of the structure contain valid information. A caller sets this -mask before calling kadm5_init_*, indicating which parameters are -specified. The mask values are defined in $<$kadm5/admin.h$>$ and are -all prefixed with KADM5_CONFIG_; the prefix is not included in the -descriptions below. - -\item[realm] No variable. REALM. Client and server. The realm to -which these parameters apply, and the realm for which additional -parameters are to be acquired, if any. If this field is not specified -in the mask, the default local realm is used. - -\item[profile] Variable: profile (server only). PROFILE. Client and -server. The Kerberos profile to use. On the client, the default is -the value of the KRB5_CONFIG environment variable, or -DEFAULT_PROFILE_PATH if that is not set. On the server, the value of -the ``profile'' variable of the KDC configuration file will be used as -the first default if it exists; otherwise, the default is the value of -the KRB5_KDC_PROFILE environment variable or DEFAULT_KDC_PROFILE. - -\item[kadmind_port] Variable: kadmind_port. KADMIND_PORT. Client and -server. The port number the kadmind server listens on. The client -uses this field to determine where to connect, and the server to -determine where to listen. The default is 749, which has been -assigned by IANA. - -\item[admin_server] Variable: admin_server. ADMIN_SERVER. Client. -The host name of the admin server to which to connect. There is no -default. If the value of this field contains a colon (:), the text -following the colon is treated as an integer and assigned to the -kadmind_port field, overriding any value of the kadmind_port variable. - -\item[dbname] Variable: dbname. DBNAME. Server. The Kerberos -database name to use; the Kerberos database stores principal -information. The default is DEFAULT_KDB_FILE. - -\item[admin_dbname] Variable: admin_database_name. ADBNAME. -Neither. If the dbname field is set, this field is set to the value -of dbname followed by ``.kadm5''. - -\item[admin_lockfile] Variable: admin_database_lockfile. -ADB_LOCKFILE. Neither. If the admin_dbname field is set, this field -is set to the value of admin_dbname followed by ``.lock''. - -\item[acl_file] Variable: acl_file. ACL_FILE. Server. The admin -server's ACL file. The default is DEFAULT_KADM5_ACL_FILE. - -\item[dict_file] Variable: admin_dict_file. DICT_FILE. Server. The -admin server's dictionary file of passwords to disallow. No default. - -\item[admin_keytab] Variable: admin_keytab. ADMIN_KEYTAB. Server. -The keytab file containing the kadmin/admin and kadmin/changepw -entries for the server to use. The default is the value of the -KRB5_KTNAME environment variable, if defined, else -DEFAULT_KADM5_KEYTAB. - -\item[mkey_from_keyboard] No variable. MKEY_FROM_KEYBOARD. Server. -If non-zero, prompt for the master password via the tty instead of -using the stash file. If this mask bit is not set, or is set and the -value is zero, the stash file is used. - -\item[stash_file] Variable: key_stash_file. STASH_FILE. Server. The -file name containing the master key stash file. No default; libkdb -will work with a NULL value. - -\item[mkey_name] Variable: master_key_name. MKEY_NAME. Server. The -name of the master principal for the realm. No default; lbkdb will -work with a NULL value. - -\item[enctype] Variable: master_key_type. ENCTYPE. Server. The -encryption type of the master principal. The default is -DEFAULT_KDC_ENCTYPE. - -\item[max_life] Variable: max_life. MAX_LIFE. Maximum lifetime for -all tickets issued to the principal. The default is 28800, which is 8 -hours. - -\item[max_rlife, expiration, flags] Variables: max_renewable_life, -default_principal_expiration, default_principal_flags. MAX_LIFE, -MAX_RLIFE, EXPIRATION, FLAGS. Server. Default values for new -principals. All default to 0. - -\item[keysalts, num_keysalts] Variable: supported_enctypes. ENCTYPES. -Server. The list of supported encryption type/salt type tuples; both -fields must be assigned if ENCTYPES is set. The default is a list -containing one enctype, DES-CBC-CRC with normal salt. -\end{description} - -\subsection{Principal keys} -\label{sec:keys} - -In KADM5_API_VERSION_1, all principals had a single key. The -encryption method was always DES, and the salt type was determined -outside the API (by command-line options to the administration -server). - -In KADM5_API_VERSION_2, principals can have multiple keys, each with -its own encryption type and salt. Each time a principal's key is -changed with kadm5_create_principal, kadm5_chpass_principal or -kadm5_randkey_principal, existing key entries are removed and a key -entry for each encryption and salt type tuple specified in the -configuration parameters is added. There is no provision for -specifying encryption and salt type information on a per-principal -basis; in a future version, this will probably be part of the admin -policy. There is also presently no provision for keeping multiple key -versions for a single principal active in the database. - -A single key is represented by a krb5_key_data: -% -\begin{verbatim} -typedef struct _krb5_key_data { - krb5_int16 key_data_ver; /* Version */ - krb5_int16 key_data_kvno; /* Key Version */ - krb5_int16 key_data_type[2]; /* Array of types */ - krb5_int16 key_data_length[2]; /* Array of lengths */ - krb5_octet * key_data_contents[2]; /* Array of pointers */ -} krb5_key_data; -\end{verbatim} -% -\begin{description} -\item[key_data_ver] The version number of the structure. Versions 1 -and 2 are currently defined. If key_data_ver is 1 then the key is -either a random key (not requiring a salt) or the salt is the normal -v5 salt which is the same as the realm and therefore doesn't need to -be saved in the database. - -\item[key_data_kvno] The key version number of this key. - -\item[key_data_type] The first element is the enctype of this key. In -a version 2 structure, the second element is the salttype of this key. -The legal encryption types are defined in $<$krb5.h$>$. The legal -salt types are defined in $<$k5-int.h$>$. - -\item[key_data_length] The first element is length this key. In a -version 2 structure, the second element is length of the salt for this -key. - -\item[key_data_contents] The first element is the content of this key. -In a version 2 structure, the second element is the contents of the -salt for this key. -\end{description} - -\subsection{Field masks} -\label{sec:masks} - -The API functions for creating, retrieving, and modifying principals -and policies allow for a relevant subset of the fields of the -kadm5_principal_ent_t and kadm5_policy_ent_t to be specified or -changed. The chosen fields are determined by a bitmask that is passed -to the relevant function. Each API function has different rules for -which mask values can be specified, and can specify whether a given -mask value is mandatory, optional, or forbidden. Mandatory fields -must be present and forbidden fields must not be present or an error -is generated. When creating a principal or policy, optional fields -have a default value if they are not specified. When modifying a -principal or policy, optional fields are unchanged if they are not -specified. When retrieving a principal, optional fields are simply -not provided if they are not specified; not specifying undeeded fields -for retrieval may improve efficiency. The values for forbidden fields -are defined in the function semantics. - -The masks for principals are in table \ref{tab:princ-bits} and the -masks for policies are in table \ref{tab:policy-bits}. They are -defined in $<$kadm5/admin.h$>$. The KADM5_ prefix has been removed -from the Name fields. In the Create and Modify fields, M means -mandatory, F means forbidden, and O means optional. Create fields -that are optional specify the default value. The notation ``K/M -value'' means that the field inherits its value from the corresponding -field in the Kerberos master principal, for KADM5_API_VERSION_1, and -from the configuration parameters for KADM5_API_VERSION_2. - -All masks for principals are optional for retrevial, {\it except} that -the KEY_DATA mask is illegal when specified by a remote client; for -details, see the function semantics for kadm5_get_principal. - -Note that the POLICY and POLICY_CLR bits are special. When POLICY is -set, the policy is assigned to the principal. When POLICY_CLR is -specified, the policy is unassigned to the principal and as a result -no policy controls the principal. - -For convenience, the mask KADM5_PRINCIPAL_NORMAL_MASK contains all of -the principal masks {\it except} KADM5_KEY_DATA and KADM5_TL_DATA, and -the mask KADM5_POLICY_NORMAL_MASK contains all of the policy masks. - -\begin{table}[htbp] -\begin{tabular}{@{}lclll} -{\bf Name} & {\bf Value} & {\bf Fields Affected} & {\bf Create} & - {\bf Modify} \\ -PRINCIPAL & 0x000001 & principal & M & F \\ -PRINC_EXPIRE_TIME & 0x000002 & princ_expire_time & O, K/M value & O \\ -PW_EXPIRATION & 0x000004 & pw_expiration & O, now+pw_max_life & O \\ -LAST_PWD_CHANGE & 0x000008 & last_pwd_change & F & F \\ -ATTRIBUTES & 0x000010 & attributes & O, 0 & O \\ -MAX_LIFE & 0x000020 & max_life & O, K/M value & O \\ -MOD_TIME & 0x000040 & mod_date & F & F \\ -MOD_NAME & 0x000080 & mod_name & F & F \\ -KVNO & 0x000100 & kvno & O, 1 & O \\ -MKVNO & 0x000200 & mkvno & F & F \\ -AUX_ATTRIBUTES & 0x000400 & aux_attributes & F & F \\ -POLICY & 0x000800 & policy & O, none & O \\ -POLICY_CLR & 0x001000 & policy & F & O \\ -MAX_RLIFE & 0x002000 & max_renewable_life & O, K/M value & O \\ -LAST_SUCCESS & 0x004000 & last_success & F & F \\ -LAST_FAILED & 0x008000 & last_failed & F & F \\ -FAIL_AUTH_COUNT & 0x010000 & fail_auth_count & F & O \\ -KEY_DATA & 0x020000 & n_key_data, key_data & F & F \\ -TL_DATA & 0x040000 & n_tl_data, tl_data & O, 0, NULL & O -\end{tabular} -\caption{Mask bits for creating, retrieving, and modifying principals.} -\label{tab:princ-bits} -\end{table} - -\begin{table}[htbp] -\begin{tabular}{@{}lclll} -Name & Value & Field Affected & Create & Modify \\ -POLICY & same & policy & M & F \\ -PW_MAX_LIFE & 0x004000 & pw_max_life & O, 0 (infinite) & O \\ -PW_MIN_LIFE & 0x008000 & pw_min_life & O, 0 & O \\ -PW_MIN_LENGTH & 0x010000 & pw_min_length & O, 1 & O \\ -PW_MIN_CLASSES & 0x020000 & pw_min_classes & O, 1 & O \\ -PW_HISTORY_NUM & 0x040000 & pw_history_num & O, 0 & O \\ -REF_COUNT & 0x080000 & pw_refcnt & F & F -\end{tabular} -\caption{Mask bits for creating/modifying policies.} -\label{tab:policy-bits} -\end{table} - -\section{Constants, Header Files, Libraries} - -$<$kadm5/admin.h$>$ includes a number of required header files, -including RPC, Kerberos 5, com_err, and admin com_err -defines. It contains prototypes for all kadm5 routines mentioned -below, as well as all Admin API data structures, type definitions and -defines mentioned in this document. - -Before \v{\#include}ing $<$kadm5/admin.h$>$, the programmer can -specify the API version number that the program will use by -\v{\#define}ing USE_KADM5_API_VERSION; for example, define that symbol -to be 1 to use KADM5_API_VERSION_1. This will ensure that the correct -functional prototypes and data structures are defined. If no version -symbol is defined, the most recent version supported by the header -files will be used. - -Some of the defines and their values contained in $<$kadm5/admin.h$>$ -include the following, whose KADM5_ prefixes have been removed. -Symbols that do not exist in KADM5_API_VERSION_2 do not have a KADM5_ -prefix, but instead retain only with OVSEC_KADM_ prefix for -compatibility. -\begin{description} -\item[admin service principal] ADMIN_SERVICE (``kadmin/admin'') -\item[admin history key] HIST_PRINCIPAL (``kadmin/history'') -\item[change password principal] CHANGEPW_SERVICE (``kadmin/changepw'') -\item[server acl file path] ACLFILE (``/krb5/ovsec_adm.acl''). In -KADM5_API_VERSION 2, this is controlled by configuration parameters. -\item[dictionary] WORDFILE (``/krb5/kadmind.dict''). In -KADM5_API_VERSION 2, this is controlled by configuration parameters. -\end{description} - -KADM5 errors are described in $<$kadm5/kadm_err.h$>$, which -is included by $<$kadm5/admin.h$>$. - -The locations of the admin policy and principal databases, as well as -defines and type definitions for the databases, are defined in -$<$kadm5/adb.h$>$. Some of the defines in that file are: -\begin{description} -\item[admin policy database] POLICY_DB (``/krb5/kadm5_policy.db''). In -KADM5_API_VERSION 2, this is controlled by configuration parameters. -\item[admin principal database] PRINCIPAL_DB -(``/krb5/ovsec_principal.db''). In KADM5_API_VERSION 2, this is -controlled by configuration parameters. -\end{description} - -Client applications will link against libkadm5clnt.a and server -programs against libkadm5srv.a. Client applications must also link -against: libgssapi_krb5.a, libkrb5.a, libcrypto.a, libgssrpc.a, -libcom_err.a, and libdyn.a. Server applications must also link -against: libkdb5.a, libkrb5.a, libcrypto.a, libgssrpc.a, libcom_err.a, -and libdyn.a. - -\section{Error Codes} - -The error codes that can be returned by admin functions are listed -below. Error codes indicated with a ``*'' can be returned by every -admin function and always have the same meaning; these codes are -omitted from the list presented with each function. - -The admin system guarantees that a function that returns an error code -has no other side effect. - -The Admin system will use \v{com_err} for error codes. Note that this -means \v{com_err} codes may be returned from functions that the admin -routines call (e.g. the kerberos library). Callers should not expect -that only KADM5 errors will be returned. The Admin system error code -table name will be ``ovk'', and the offsets will be the same as the -order presented here. As mentioned above, the error table include file -will be $<$kadm5/kadm_err.h$>$. - -Note that these error codes are also used as protocol error code -constants and therefore must not change between product releases. -Additional codes should be added at the end of the list, not in the -middle. The integer value of KADM5_FAILURE is 43787520; the -remaining values are assigned in sequentially increasing order. - -\begin{description} -\item[* KADM5_FAILURE] Operation failed for unspecified reason -\item[* KADM5_AUTH_GET] Operation requires ``get'' privilege -\item[* KADM5_AUTH_ADD] Operation requires ``add'' privilege -\item[* KADM5_AUTH_MODIFY] Operation requires ``modify'' privilege -\item[* KADM5_AUTH_DELETE] Operation requires ``delete'' privilege -\item[* KADM5_AUTH_INSUFFICIENT] Insufficient authorization for -operation -\item[* KADM5_BAD_DB] Database inconsistency detected -\item[KADM5_DUP] Principal or policy already exists -\item[KADM5_RPC_ERROR] Communication failure with server -\item[KADM5_NO_SRV] No administration server found for realm -\item[KADM5_BAD_HIST_KEY] Password history principal key version -mismatch -\item[KADM5_NOT_INIT] Connection to server not initialized -\item[KADM5_UNK_PRINC] Principal does not exist -\item[KADM5_UNK_POLICY] Policy does not exist -\item[KADM5_BAD_MASK] Invalid field mask for operation -\item[KADM5_BAD_CLASS] Invalid number of character classes -\item[KADM5_BAD_LENGTH] Invalid password length -\item[KADM5_BAD_POLICY] Illegal policy name -\item[KADM5_BAD_PRINCIPAL] Illegal principal name. -\item[KADM5_BAD_AUX_ATTR] Invalid auxiliary attributes -\item[KADM5_BAD_HISTORY] Invalid password history count -\item[KADM5_BAD_MIN_PASS_LIFE] Password minimum life is greater -then password maximum life -\item[KADM5_PASS_Q_TOOSHORT] Password is too short -\item[KADM5_PASS_Q_CLASS] Password does not contain enough -character classes -\item[KADM5_PASS_Q_DICT] Password is in the password dictionary -\item[KADM5_PASS_REUSE] Cannot reuse password -\item[KADM5_PASS_TOOSOON] Current password's minimum life has not -expired -\item[KADM5_POLICY_REF] Policy is in use -\item[KADM5_INIT] Connection to server already initialized -\item[KADM5_BAD_PASSWORD] Incorrect password -\item[KADM5_PROTECT_PRINCIPAL] Cannot change protected principal -\item[* KADM5_BAD_SERVER_HANDLE] Programmer error! Bad Admin server handle -\item[* KADM5_BAD_STRUCT_VERSION] Programmer error! Bad API structure version -\item[* KADM5_OLD_STRUCT_VERSION] API structure version specified by application is no longer supported (to fix, recompile application against current Admin API header files and libraries) -\item[* KADM5_NEW_STRUCT_VERSION] API structure version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application) -\item[* KADM5_BAD_API_VERSION] Programmer error! Bad API version -\item[* KADM5_OLD_LIB_API_VERSION] API version specified by application is no longer supported by libraries (to fix, update application to adhere to current API version and recompile) -\item[* KADM5_OLD_SERVER_API_VERSION] API version specified by application is no longer supported by server (to fix, update application to adhere to current API version and recompile) -\item[* KADM5_NEW_LIB_API_VERSION] API version specified by application is unknown to libraries (to fix, obtain current Admin API header files and libraries and recompile application) -\item[* KADM5_NEW_SERVER_API_VERSION] API version specified by -application is unknown to server (to fix, obtain and install newest -Admin Server) -\item[KADM5_SECURE_PRINC_MISSING] Database error! Required principal missing -\item[KADM5_NO_RENAME_SALT] The salt type of the specified principal -does not support renaming -\item[KADM5_BAD_CLIENT_PARAMS] Illegal configuration parameter for -remote KADM5 client -\item[KADM5_BAD_SERVER_PARAMS] Illegal configuration parameter for -local KADM5 client. -\item[KADM5_AUTH_LIST] Operation requires ``list'' privilege -\item[KADM5_AUTH_CHANGEPW] Operation requires ``change-password'' privilege -\item[KADM5_BAD_TL_TYPE] Programmer error! Illegal tagged data list -element type -\item[KADM5_MISSING_CONF_PARAMS] Required parameters in kdc.conf missing -\item[KADM5_BAD_SERVER_NAME] Bad krb5 admin server hostname -\item[KADM5_AUTH_SETKEY] Operation requires ``set-key'' privilege -\item[KADM5_SETKEY_DUP_ENCTYPES] Multiple values for single or folded enctype -\end{description} - -\section{Authentication and Authorization} -\label{sec:auth} - -Two Kerberos principals exist for use in communicating with the Admin -system: kadmin/admin and kadmin/changepw. Both principals -have the KRB5_KDB_DISALLOW_TGT_BASED bit set in their attributes so -that service tickets for them can only be acquired via a -password-based (AS_REQ) request. Additionally, kadmin/changepw -has the KRB5_KDB_PWCHANGE_SERVICE bit set so that a principal with an -expired password can still obtain a service ticket for it. - -The Admin system accepts requests that are authenticated to either -service principal, but the sets of operations that can be performed by -a request authenticated to each service are different. In particular, -only the functions chpass_principal, randkey_principal, get_principal, -and get_policy can be performed by a request authenticated to the -kadmin/changepw service, and they can only be performed when the -target principal of the operation is the same as the authenticated -client principal; the function semantics descriptions below give the -precise details. This means that administrative operations can only -be performed when authenticated to the kadmin/admin service. The -reason for this distinction is that tickets for kadmin/changepw can be -acquired with an expired password, and the KADM system does not want -to allow an administrator with an expired password to perform -administrative operations on arbitrary principals. - -Each Admin API operation authenticated to the kadmin/admin service -requires a specific authorization to run. This version uses a simple -named privilege system with the following names and meanings: - -\begin{description} -\item[Get] Able to examine the attributes (NOT key data) of principals -and policies. -\item[Add] Able to add principals and policies. -\item[Modify] Able to modify attributes of existing principals and -policies; this does not include changing passwords. -\item[Delete] Able to remove principals and policies. -\item[List] Able to retrieve a list of principals and policies. -\item[Changepw] Able to change the password of principals. -\item[Setkey] Able to set principal keys directly. -\end{description} - -Privileges are specified via an external configuration file on the -Kerberos master server. - -Table \ref{tab:func-overview} summarizes the authorization -requirements of each function. Additionally, each API function -description identifies the privilege required to perform it. The -Authorization checks only happen if you are using the RPC mechanism. -If you are using the server-side API functions locally on the admin -server, the only authorization check is if you can access the -approporiate local files. - -\section{Functions} - -\subsection{Overview} - -The functions provided by the Admin API, and the authorization they -require, are listed in the table \ref{tab:func-overview}. The -``kadm5_'' prefix has been removed from each function name. - -The function semantics in the following sections omit details that are -the same for every function. - -\begin{itemize} -\item The effects of every function are atomic. - -\item Every function performs an authorization check and returns -the appropriate KADM5_AUTH_* error code if the caller does not -have the required privilege. No other information or error code is -ever returned to an unauthorized user. - -\item Every function checks its arguments for NULL pointers or other -obviously invalid values, and returns EINVAL if any are detected. - -\item Any function that performs a policy check uses the policy named -in the principal's policy field. If the POLICY bit is not set in the -principal's aux_attributes field, however, the principal has no -policy, so the policy check is not performed. - -\item Unless otherwise specified, all functions return KADM5_OK. -\end{itemize} - -\begin{table}[htbp] -\caption{Summary of functions and required authorization.} -\label{tab:func-overview} -\begin{tabular}{@{}llp{3.24in}} -\\ -{\bf Function Name} & {\bf Authorization} & {\bf Operation} \\ - -init & none & Open a connection with the kadm5 library. OBSOLETE -but still provided---use init_with_password instead. \\ -init_with_password & none & Open a connection with the kadm5 -library using a password to obtain initial credentials. \\ -init_with_skey & none & Open a connection with the kadm5 library -using the keytab entry to obtain initial credentials. \\ -destroy & none & Close the connection with the kadm5 library. \\ -flush & none & Flush all database changes to disk; no-op when called -remotely. \\ -create_principal & add & Create a new principal. \\ -delete_principal & delete & Delete a principal. \\ -modify_principal & modify & Modify the attributes of an existing - principal (not password). \\ -rename_principal & add and delete & Rename a principal. \\ -get_principal & get\footnotemark & Retrieve a principal. \\ -get_principals & list & Retrieve some or all principal names. \\ -chpass_principal & changepw\footnotemark[\thefootnote] & - Change a principal's password. \\ -chpass_principal_util & changepw\footnotemark[\thefootnote] & Utility wrapper around chpass_principal. \\ -randkey_principal & changepw\footnotemark[\thefootnote] & - Randomize a principal's key. \\ -setkey_principal & setkey & Explicitly set a principal's keys. \\ -decrypt_key & none & Decrypt a principal key. \\ -create_policy & add & Create a new policy. \\ -delete_policy & delete & Delete a policy. \\ -modify_policy & modify & Modify the attributes of a policy. \\ -get_policy & get & Retrieve a policy. \\ -get_policies & list & Retrieve some or all policy names. \\ -free_principal_ent & none & Free the memory associated with an - kadm5_principal_ent_t. \\ -free_policy_ent & none & Free the memory associated with an - kadm5_policy_ent_t. \\ -get_privs & none & Return the caller's admin server privileges. -\end{tabular} -\end{table} -\footnotetext[\thefootnote]{These functions also allow a principal to -perform the operation on itself; see the function's semantics for -details.} - -\subsection{kadm5_init_*} - -In KADM5_API_VERSION 1: - -\begin{verbatim} -kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, - char *service_name, char *realm, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) - -kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, - char *service_name, char *realm, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) - -kadm5_ret_t kadm5_init(char *client_name, char *pass, - char *service_name, char *realm, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) -\end{verbatim} - -In KADM5_API_VERSION 2: - -\begin{verbatim} -kadm5_ret_t kadm5_init_with_password(char *client_name, char *pass, - char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) - -kadm5_ret_t kadm5_init_with_skey(char *client_name, char *keytab, - char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) - -kadm5_ret_t kadm5_init(char *client_name, char *pass, - char *service_name, - kadm5_config_params *realm_params, - unsigned long struct_version, - unsigned long api_version, - void **server_handle) - -kadm5_ret_t kadm5_init_with_creds(char *client_name, - krb5_ccache ccache, - char *service_name, - kadm5_config_params *params, - krb5_ui_4 struct_version, - krb5_ui_4 api_version, - void **server_handle) -\end{verbatim} - -AUTHORIZATION REQUIRED: none - -NOTE: kadm5_init is an obsolete function provided for backwards -compatibility. It is identical to kadm5_init_with_password. - -These three functions open a connection to the kadm5 library and -initialize any necessary state information. They behave differently -when called from local and remote clients. - -In KADM5_API_VERSION_2, these functions take a kadm5_config_params -structure instead of a realm name as an argument. The semantics are -similar: if a NULL pointer is passed for the realm_params argument, -the default realm and default parameters for that realm, as specified -in the krb5 configuration file (e.g. /etc/krb5.conf) are used. If a -realm_params structure is provided, the fields that are set override -the default values. If a parameter is specified to the local or -remote libraries that does not apply to that side, an error code -(KADM5_BAD_CLIENT_PARAMS or KADM5_BAD_SERVER_PARAMS) is returned. See -section \ref{sec:configparams} for a discussion of configuration -parameters. - -For remote clients, the semantics are: - -\begin{enumerate} -\item Initializes all the com_err error tables used by the Admin -system. - -\item Acquires configuration parameters. In KADM5_API_VERSION_1, all -the defaults specified in the configuration file are used, according -to the realm. In KADM5_API_VERSION_2, the values in params_in are -merged with the default values. If an illegal mask value is -specified, KADM5_BAD_CLIENT_PARAMS is returned. - -\item Acquires a Kerberos ticket for the specified service. - -\begin{enumerate} -\item The ticket's client is client_name, which can be any valid -Kerberos principal. If client_name does not include a realm, the -default realm of the local host is used -\item The ticket's service is service_name@realm. service_name must -be one of the constants KADM5_ADMIN_SERVICE or -KADM5_CHANGEPW_SERVICE. -\item If realm is NULL, client_name's realm is used. - -\item For init_with_password, an initial ticket is acquired and -decoded with the password pass, which must be client_name's password. -If pass is NULL or an empty string, the user is prompted (via the tty) -for a password. - -\item For init_with_skey, an initial ticket is acquired and decoded -with client_name's key obtained from the specified keytab. If keytab -is NULL or an empty string the default keytab is used. - -\item For init_with_creds, ccache must be an open credential cache -that already has a ticket for the specified client and server. -Alternatively, if a site chooses to disable the DISALLOW_TGT_BASED -flag on the admin and changepw principals, the ccache can contain a -ticket-granting ticket for client_name. -\end{enumerate} - -\item Creates a GSS-API authenticated connection to the Admin server, -using the just-acquired Kerberos ticket. - -\item Verifies that the struct_version and api_version specified by -the caller are valid and known to the library. - -\item Sends the specified api_version to the server. - -\item Upon successful completion, fills in server_handle with a handle -for this connection, to be used in all subsequent API calls. -\end{enumerate} - -The caller should always specify KADM5_STRUCT_VERSION for the -struct_version argument, a valid and supported API version constant -for the api_version argument (currently, KADM5_API_VERSION_1 or -KADM5_API_VERSION_2), and a valid pointer in which the server handle -will be stored. - -If any kadm5_init_* is invoked locally its semantics are: - -\begin{enumerate} -\item Initializes all the com_err error tables used by the Admin -system. - -\item Acquires configuration parameters. In KADM5_API_VERSION_1, all -the defaults specified in the configuration file are used, according -to the realm. In KADM5_API_VERSION_2, the values in params_in are -merged with the default values. If an illegal mask value is -specified, KADM5_BAD_SERVER_PARAMS is returned. - -\item Initializes direct access to the KDC database. In -KADM5_API_VERISON_1, if pass (or keytab) is NULL or an empty string, -reads the master password from the stash file; otherwise, the non-NULL -password is ignored and the user is prompted for it via the tty. In -KADM5_API_VERSION_2, if the MKEY_FROM_KEYBOARD parameter mask is set -and the value is non-zero, reads the master password from the user via -the tty; otherwise, the master key is read from the stash file. -Calling init_with_skey or init_with_creds with the MKEY_FROM_KEYBOARD -mask set with a non-zero field is illegal, and calling them without -the mask set is exactly like calling init_with_password. - -\item Initializes the dictionary (if present) for dictionary checks. - -\item Parses client_name as a Kerberos principal. client_name should -usually be specified as the name of the program. - -\item Verifies that the struct_version and api_version specified by -the caller are valid. - -\item Fills in server_handle with a handle containing all state -information (version numbers and client name) for this ``connection.'' -\end{enumerate} -The service_name argument is not used. - -RETURN CODES: - -\begin{description} -\item[KADM5_NO_SRV] No Admin server can be found for the -specified realm. - -\item[KADM5_RPC_ERROR] The RPC connection to the server cannot be -initiated. - -\item[KADM5_BAD_PASSWORD] Incorrect password. - -\item[KADM5_SECURE_PRINC_MISSING] The principal -KADM5_ADMIN_SERVICE or KADM5_CHANGEPW_SERVICE does not -exist. This is a special-case replacement return code for ``Server -not found in database'' for these required principals. - -\item[KADM5_BAD_CLIENT_PARAMS] A field in the parameters mask was -specified to the remote client library that is not legal for remote -clients. - -\item[KADM5_BAD_SERVER_PARAMS] A field in the parameters mask was -specified to the local client library that is not legal for local -clients. -\end{description} - -\subsection{kadm5_flush} - -\begin{verbatim} -kadm5_ret_t kadm5_flush(void *server_handle) -\end{verbatim} - -AUTHORIZATION REQUIRED: none - -Flush all changes to the Kerberos databases, leaving the connection to -the Admin API open. This function behaves differently when called by -local and remote clients. - -For local clients, the function closes and reopens the Kerberos -database with krb5_db_fini() and krb5_db_init(). -Although it is unlikely, either of these functions -could return errors; in that case, this function calls -kadm5_destroy and returns the error code. Therefore, if -kadm5_flush does not return KADM5_OK, the connection to the -Admin server has been terminated and, in principle, the databases -might be corrupt. - -For remote clients, the function is a no-op. - -\subsection{kadm5_destroy} - -\begin{verbatim} -kadm5_ret_t kadm5_destroy(void *server_handle) -\end{verbatim} - -AUTHORIZATION REQUIRED: none - -Close the connection to the Admin server and releases all related -resources. This function behaves differently when called by local and -remote clients. - -For remote clients, the semantics are: - -\begin{enumerate} -\item Destroy the temporary credential cache created by -kadm5_init. - -\item Tear down the GSS-API context negotiated with the server. - -\item Close the RPC connection. - -\item Free storage space associated with server_handle, after erasing -its magic number so it won't be mistaken for a valid handle by the -library later. -\end{enumerate} - -For local clients, this function just frees the storage space -associated with server_handle after erasing its magic number. - -RETURN CODES: - -\subsection{kadm5_create_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_create_principal(void *server_handle, - kadm5_principal_ent_t princ, u_int32 mask, - char *pw); -\end{verbatim} - -AUTHORIZATION REQUIRED: add - -\begin{enumerate} - -\item Return KADM5_BAD_MASK if the mask is invalid. -\item If the named principal exists, return KADM5_DUP. -\item If the POLICY bit is set and the named policy does not exist, -return KADM5_UNK_POLICY. -\item If KADM5_POLICY bit is set in aux_attributes check to see if -the password does not meets quality standards, return the appropriate -KADM5_PASS_Q_* error code if it fails. -\item Store the principal, set the key; see section \ref{sec:keys}. -\item If the POLICY bit is set, increment the named policy's reference -count by one. - -\item Set the pw_expiration field. -\begin{enumerate} -\item If the POLICY bit is set in mask, then if pw_max_life is non-zero, -set pw_expiration to now + pw_maxlife, otherwise set pw_max_life to -never. -\item If the PW_EXPIRATION bit is set in mask, set pw_expiration to -the requested value, overriding the value set above. -\end{enumerate} -NOTE: This is a change from the original semantics, in which policy -expiration was enforced even on administrators. The old semantics are -not preserved, even for version 1 callers, because this is a -server-specific policy decision; besides, the new semantics are less -restrictive, so all previous callers should continue to function -properly. - -\item Set mod_date to now and set mod_name to caller. -\item Set last_pwd_change to now. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_BAD_MASK] The field mask is invalid for a create -operation. -\item[KADM5_DUP] Principal already exists. -\item[KADM5_UNK_POLICY] Policy named in entry does not exist. -\item[KADM5_PASS_Q_*] Specified password does not meet policy -standards. -\end{description} - -\subsection{kadm5_delete_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_delete_principal(void *server_handle, krb5_principal princ); -\end{verbatim} - -AUTHORIZATION REQUIRED: delete - -\begin{enumerate} -\item Return KADM5_UNK_PRINC if the principal does not exist. -\item If the POLICY bit is set in aux_attributes, decrement the named -policy's reference count by one. -\item Delete principal. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Principal does not exist. -\end{description} - -\subsection{kadm5_modify_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_modify_principal(void *server_handle, - kadm5_principal_ent_t princ, u_int32 mask); -\end{verbatim} - -Modify the attributes of the principal named in -kadm5_principal_ent_t. This does not allow the principal to be -renamed or for its password to be changed. - -AUTHORIZATION REQUIRED: modify - -Although a principal's pw_expiration is usually computed based on its -policy and the time at which it changes its password, this function -also allows it to be specified explicitly. This allows an -administrator, for example, to create a principal and assign it to a -policy with a pw_max_life of one month, but to declare that the new -principal must change its password away from its initial value -sometime within the first week. - -\begin{enumerate} -\item Return KADM5_UNK_PRINC if the principal does not exist. -\item Return KADM5_BAD_MASK if the mask is invalid. -\item If POLICY bit is set but the new policy does not exist, return -KADM5_UNK_POLICY. -\item If either the POLICY or POLICY_CLR bits are set, update the -corresponding bits in aux_attributes. - -\item Update policy reference counts. -\begin{enumerate} -\item If the POLICY bit is set, then increment policy count on new -policy. -\item If the POLICY or POLICY_CLR bit is set, and the POLICY bit in -aux_attributes is set, decrement policy count on old policy. -\end{enumerate} - -\item Set pw_expiration appropriately. pw_expiration can change if: -the POLICY bit is set in mask, so the principal is changing to a -policy (either from another policy or no policy); the POLICY_CLR bit -is set in mask, so the principal is changing to no policy; or -PW_EXPIRATION is set. -\begin{enumerate} -\item If the POLICY bit is set in mask, set pw_expiration to -last_pwd_change + pw_max_life if pw_max_life is non-zero, otherwise -set pw_expiration to never. -\item If the POLICY_CLR biti s set in mask, set pw_expiration to -never. -\item If PW_EXPIRATION is set, set pw_expiration to the requested -value, overriding the value from the previous two cases. NOTE: This -is a change from the original semantics, in which policy expiration -was enforced even on administrators. The old semantics are not -preserved, even for version 1 callers, because this is a -server-specific policy decision; besides, the new semantics are less -restrictive, so all previous callers should continue to function -properly. -\end{enumerate} - -% Here is the previous, and confusing, text of pw_expiration semantics: -%\begin{enumerate} -%\item If the POLICY bit is not set in aux_attributes, then -%\begin{enumerate} -%\item if the PW_EXPIRATION bit is set, set pw_expiration to the given -%value, else -%\item set pw_expiration to never. -%\end{enumerate} -%\item Otherwise, if the PW_EXPIRATION bit is set, set pw_expiration to -%the sooner of the given value and last_pwd_change + pw_max_life. -%\item Otherwise, set pw_expiration to last_pwd_change + pw_max_life. -%\end{enumerate} - -\item Update the remaining fields specified in the mask. -\item Update mod_name field to caller and mod_date to now. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Entry does not exist. -\item[KADM5_BAD_MASK] The mask is not valid for a modify -operation. -\item[KADM5_UNK_POLICY] The POLICY bit is set but the new -policy does not exist. -\item[KADM5_BAD_TL_TYPE] The KADM5_TL_DATA bit is set in mask, and the -given tl_data list contains an element whose type is less than 256. -\end{description} - -\subsection{kadm5_rename_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_rename_principal(void *server_handle, krb5_principal source, - krb5_principal target); -\end{verbatim} - -AUTHORIZATION REQUIRED: add and delete - -\begin{enumerate} -\item Check to see if source principal exists, if not return -KADM5_UNK_PRINC error. -\item Check to see if target exists, if so return KADM5_DUP error. -\item Create the new principal named target, then delete the old -principal named source. All of target's fields will be the same as -source's fields, except that mod_name and mod_date will be updated to -reflect the current caller and time. -\end{enumerate} - -Note that since the principal name may have been used as the salt for -the principal's key, renaming the principal may render the principal's -current password useless; with the new salt, the key generated by -string-to-key on the password will suddenly be different. Therefore, -an application that renames a principal must also require the user to -specify a new password for the principal (and administrators should -notify the affected party). - -Note also that, by the same argument, renaming a principal will -invalidate that principal's password history information; since the -salt will be different, a user will be able to select a previous -password without error. - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Source principal does not exist. -\item[KADM5_DUP] Target principal already exist. -\end{description} - -\subsection{kadm5_chpass_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_chpass_principal(void *server_handle, krb5_principal princ, - char *pw); -\end{verbatim} - -AUTHORIZATION REQUIRED: changepw, or the calling principal being the -same as the princ argument. If the request is authenticated to the -kadmin/changepw service, the changepw privilege is disregarded. - -Change a principal's password. See section \ref{sec:keys} for a -description of how the keys are determined. - -This function enforces password policy and dictionary checks. If the new -password specified is in the password dictionary, and the policy bit is set -KADM5_PASS_DICT is returned. If the principal's POLICY bit is set in -aux_attributes, compliance with each of the named policy fields is verified -and an appropriate error code is returned if verification fails. - -Note that the policy checks are only be performed if the POLICY bit is -set in the principal's aux_attributes field. - -\begin{enumerate} -\item Make sure principal exists, if not return KADM5_UNK_PRINC error. -\item If caller does not have modify privilege, (now - last_pwd_change) $<$ -pw_min_life, and the KRB5_KDB_REQUIRES_PWCHANGE bit is not set in the -principal's attributes, return KADM5_PASS_TOOSOON. -\item If the principal your are trying to change is kadmin/history -return KADM5_PROTECT_PRINCIPAL. -\item If the password does not meet the quality -standards, return the appropriate KADM5_PASS_Q_* error code. -\item Convert password to key; see section \ref{sec:keys}. -\item If the new key is in the principal's password history, return -KADM5_PASS_REUSE. -\item Store old key in history. -\item Update principal to have new key. -\item Increment principal's key version number by one. -\item If the POLICY bit is set, set pw_expiration to now + -max_pw_life. If the POLICY bit is not set, set pw_expiration to -never. -\item If the KRB5_KDB_REQUIRES_PWCHANGE bit is set in the principal's -attributes, clear it. -\item Update last_pwd_change and mod_date to now, update mod_name to -caller. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Principal does not exist. -\item[KADM5_PASS_Q_*] Requested password does not meet quality -standards. -\item[KADM5_PASS_REUSE] Requested password is in user's -password history. -\item[KADM5_PASS_TOOSOON] Current password has not reached minimum life -\item[KADM5_PROTECT_PRINCIPAL] Cannot change the password of a special principal -\end{description} - - -\subsection{kadm5_chpass_principal_util} - -\begin{verbatim} -kadm5_ret_t -kadm5_chpass_principal_util(void *server_handle, krb5_principal princ, - char *new_pw, char **pw_ret, - char *msg_ret); -\end{verbatim} - -AUTHORIZATION REQUIRED: changepw, or the calling principal being the -same as the princ argument. If the request is authenticated to the -kadmin/changepw service, the changepw privilege is disregarded. - -This function is a wrapper around kadm5_chpass_principal. It can -read a new password from a user, change a principal's password, and -return detailed error messages. msg_ret should point to a char buffer -in the caller's space of sufficient length for the error messages -described below. 1024 bytes is recommended. It will also return the -new password to the caller if pw_ret is non-NULL. - -\begin{enumerate} -\item If new_pw is NULL, this routine will prompt the user for the new -password (using the strings specified by KADM5_PW_FIRST_PROMPT and -KADM5_PW_SECOND_PROMPT) and read (without echoing) the password input. -Since it is likely that this will simply call krb5_read_password only -terminal-based applications will make use of the password reading -functionality. If the passwords don't match the string ``New passwords do -not match - password not changed.'' will be copied into msg_ret, and the -error code KRB5_LIBOS_BADPWDMATCH will be returned. For other errors that -occur while reading the new password, copy the string ``$ -occurred while trying to read new password.'' followed by a blank line and -the string specified by CHPASS_UTIL_PASSWORD_NOT_CHANGED into msg_ret and -return the error code returned by krb5_read_password. - -\item If pw_ret is non-NULL, and the password was prompted, set *pw_ret to -point to a static buffer containing the password. If pw_ret is non-NULL -and the password was supplied, set *pw_ret to the supplied password. - -\item Call kadm5_chpass_principal with princ, and new_pw. - -\item If successful copy the string specified by CHPASS_UTIL_PASSWORD_CHANGED -into msg_ret and return zero. - -\item For a policy related failure copy the appropriate message (from below) -followed by a newline and ``Password not changed.'' into msg_ret -filling in the parameters from the principal's policy information. If -the policy information cannot be obtained copy the generic message if -one is specified below. Return the error code from -kadm5_chpass_principal. - -Detailed messages: -\begin{description} - -\item[PASS_Q_TOO_SHORT] -New password is too short. Please choose a -password which is more than $<$pw-min-len$>$ characters. - -\item[PASS_Q_TOO_SHORT - generic] -New password is too short. Please choose a longer password. - -\item[PASS_REUSE] -New password was used previously. Please choose a -different password. - -\item[PASS_Q_CLASS] -New password does not have enough character classes. Classes include -lower class letters, upper case letters, digits, punctuation and all -other characters. Please choose a password with at least -$<$min-classes$>$ character classes. - -\item[PASS_Q_CLASS - generic] -New password does not have enough character classes. Classes include -lower class letters, upper case letters, digits, punctuation and all -other characters. - -\item[PASS_Q_DICT] -New password was found in a dictionary of possible passwords and -therefore may be easily guessed. Please choose another password. See -the kpasswd man page for help in choosing a good password. - -\item[PASS_TOOSOON] -Password cannot be changed because it was changed too recently. Please -wait until $<$last-pw-change+pw-min-life$>$ before you change it. If you -need to change your password before then, contact your system -security administrator. - -\item[PASS_TOOSOON - generic] -Password cannot be changed because it was changed too recently. If you -need to change your now please contact your system security -administrator. -\end{description} - -\item For other errors copy the string ``$<$com_err message$>$ -occurred while trying to change password.'' following by a blank line -and ``Password not changed.'' into msg_ret. Return the error code -returned by kadm5_chpass_principal. -\end{enumerate} - - -RETURN CODES: - -\begin{description} -\item[KRB5_LIBOS_BADPWDMATCH] Typed new passwords did not match. -\item[KADM5_UNK_PRINC] Principal does not exist. -\item[KADM5_PASS_Q_*] Requested password does not meet quality -standards. -\item[KADM5_PASS_REUSE] Requested password is in user's -password history. -\item[KADM5_PASS_TOOSOON] Current password has not reached minimum -life. -\end{description} - -\subsection{kadm5_randkey_principal} - -In KADM5_API_VERSION_1: - -\begin{verbatim} -kadm5_ret_t -kadm5_randkey_principal(void *server_handle, krb5_principal princ, - krb5_keyblock **new_key) -\end{verbatim} - -In KADM5_API_VERSION_2: - -\begin{verbatim} -kadm5_ret_t -kadm5_randkey_principal(void *server_handle, krb5_principal princ, - krb5_keyblock **new_keys, int *n_keys) -\end{verbatim} - -AUTHORIZATION REQUIRED: changepw, or the calling principal being the -same as the princ argument. If the request is authenticated to the -kadmin/changepw service, the changepw privilege is disregarded. - -Generate and assign a new random key to the named principal, and -return the generated key in allocated storage. In -KADM5_API_VERSION_2, multiple keys may be generated and returned as an -array, and n_new_keys is filled in with the number of keys generated. -See section \ref{sec:keys} for a description of how the keys are -chosen. In KADM5_API_VERSION_1, the caller must free the returned -krb5_keyblock * with krb5_free_keyblock. In KADM5_API_VERSION_2, the -caller must free each returned keyblock with krb5_free_keyblock. - -If the principal's POLICY bit is set in aux_attributes and the caller does -not have modify privilege , compliance with the password minimum life -specified by the policy is verified and an appropriate error code is returned -if verification fails. - -\begin{enumerate} -\item If the principal does not exist, return KADM5_UNK_PRINC. -\item If caller does not have modify privilege, (now - last_pwd_change) $<$ -pw_min_life, and the KRB5_KDB_REQUIRES_PWCHANGE bit is not set in the -principal's attributes, return KADM5_PASS_TOOSOON. -\item If the principal you are trying to change is kadmin/history return -KADM5_PROTECT_PRINCIPAL. -\item Store old key in history. -\item Update principal to have new key. -\item Increment principal's key version number by one. -\item If the POLICY bit in aux_attributes is set, set pw_expiration to -now + max_pw_life. -\item If the KRB5_KDC_REQUIRES_PWCHANGE bit is set in the principal's -attributes, clear it. -\item Update last_pwd_change and mod_date to now, update mod_name to -caller. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Principal does not exist. -\item[KADM5_PASS_TOOSOON] The minimum lifetime for the current -key has not expired. -\item[KADM5_PROTECT_PRINCIPAL] Cannot change the password of a special -principal -\end{description} - -This function can also be used as part of a sequence to create a new -principal with a random key. The steps to perform the operation -securely are - -\begin{enumerate} -\item Create the principal with kadm5_create_principal with a -random password string and with the KRB5_KDB_DISALLOW_ALL_TIX bit set -in the attributes field. - -\item Randomize the principal's key with kadm5_randkey_principal. - -\item Call kadm5_modify_principal to reset the -KRB5_KDB_DISALLOW_ALL_TIX bit in the attributes field. -\end{enumerate} - -The three steps are necessary to ensure secure creation. Since an -attacker might be able to guess the initial password assigned by the -client program, the principal must be disabled until the key can be -truly randomized. - -\subsection{kadm5_setkey_principal} - -\begin{verbatim} -kadm5_ret_t -kadm5_setkey_principal(void *server_handle, krb5_principal princ, - krb5_keyblock *new_keys, int n_keys) -\end{verbatim} - -AUTHORIZATION REQUIRED: setkey. This function does not allow the use -of regular changepw authorization because it bypasses the password -policy mechanism. - -This function only exists in KADM5_API_VERSION_2. - -Explicitly sets the specified principal's keys to the n_keys keys in -the new_keys array. The keys in new_keys should not be encrypted in -the Kerberos master key; this function will perform that operation -itself (the keys will be protected during transmission from the -calling client to the kadmind server by the AUTH_GSSAPI RPC layer). -This function completely bypasses the principal's password policy, if -set. - -\begin{enumerate} -\item If the principal does not exist, return KADM5_UNK_PRINC. -\item If the principal you are trying to change is kadmin/history return -KADM5_PROTECT_PRINCIPAL. -\item If new_keys contains more than one key of any ENCTYPE_DES_CBC_* -type that is folded, return KADM5_SETKEY_DUP_ENCTYPES. -\item Store old key in history. -\item Update principal to have new key. -\item Increment principal's key version number by one. -\item If the POLICY bit in aux_attributes is set, set pw_expiration to -now + max_pw_life. -\item If the KRB5_KDC_REQUIRES_PWCHANGE bit is set in the principal's -attributes, clear it. -\item Update last_pwd_change and mod_date to now, update mod_name to -caller. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Principal does not exist. -\item[KADM5_PROTECT_PRINCIPAL] Cannot change the password of a special -principal -\end{description} - -This function can also be used as part of a sequence to create a new -principal with an explicitly key. The steps to perform the operation -securely are - -\begin{enumerate} -\item Create the principal with kadm5_create_principal with a -random password string and with the KRB5_KDB_DISALLOW_ALL_TIX bit set -in the attributes field. - -\item Set the principal's key with kadm5_setkey_principal. - -\item Call kadm5_modify_principal to reset the -KRB5_KDB_DISALLOW_ALL_TIX bit in the attributes field. -\end{enumerate} - -The three steps are necessary to ensure secure creation. Since an -attacker might be able to guess the initial password assigned by the -client program, the principal must be disabled until the key can be -truly randomized. - -\subsection{kadm5_get_principal} - -In KADM5_API_VERSION_1: - -\begin{verbatim} -kadm5_ret_t -kadm5_get_principal(void *server_handle, krb5_principal princ, - kadm5_principal_ent_t *ent); -\end{verbatim} - -In KADM5_API_VERSION_2: - -\begin{verbatim} -kadm5_ret_t -kadm5_get_principal(void *server_handle, krb5_principal princ, - kadm5_principal_ent_t ent, u_int32 mask); -\end{verbatim} - -AUTHORIZATION REQUIRED: get, or the calling principal being the same -as the princ argument. If the request is authenticated to the -kadmin/changepw service, the get privilege is disregarded. - -In KADM5_API_VERSION_1, return all of the principal's attributes in -allocated memory; if an error is returned entry is set to NULL. In -KADM5_API_VERSION_2, fill in the fields of the principal structure -specified in the mask; memory for the structure is not allocated. -Typically, a caller will specify the mask KADM5_PRINCIPAL_NORMAL_MASK, -which includes all the fields {\it except} key_data and tl_data to -improve time and memory efficiency. A caller that wants key_data and -tl_data can bitwise-OR those masks onto NORMAL_MASK. Note that even -if KADM5_TL_DATA is specified, this function will not return internal -tl_data elements whose type is less than 256. - -The caller must free the returned entry with kadm5_free_principal_ent. - -The function behaves differently for local and remote clients. For -remote clients, the KEY_DATA mask is illegal and results in a -KADM5_BAD_MASK error. - -RETURN CODES: - -\begin{description} -\item[KADM5_UNK_PRINC] Principal does not exist. -\item[KADM5_BAD_MASK] The mask is not valid for a get operation. - -\end{description} - -\subsection{kadm5_decyrpt_key} - -\begin{verbatim} -kadm5_ret_t kadm5_decrypt_key(void *server_handle, - kadm5_principal_ent_t entry, krb5_int32 - ktype, krb5_int32 stype, krb5_int32 - kvno, krb5_keyblock *keyblock, - krb5_keysalt *keysalt, int *kvnop) -\end{verbatim} - -AUTHORIZATION REQUIRED: none, local function - -Searches a principal's key_data array to find a key with the specified -enctype, salt type, and kvno, and decrypts the key into keyblock and -keysalt if found. entry must have been returned by -kadm5_get_principal with at least the KADM5_KEY_DATA mask set. -Returns ENOENT if the key cannot be found, EINVAL if the key_data -array is empty (as it always is in an RPC client). - -If ktype or stype is -1, it is ignored for the search. If kvno is -1, -ktype and stype are ignored and the key with the max kvno is returned. -If kvno is 0, only the key with the max kvno is returned and only if -it matches the ktype and stype; otherwise, ENOENT is returned. - -\subsection{kadm5_get_principals} - -\begin{verbatim} -kadm5_ret_t -kadm5_get_principals(void *server_handle, char *exp, - char ***princs, int *count) -\end{verbatim} - -Retrieves the list of principal names. - -AUTHORIZATION REQUIRED: list - -If \v{exp} is NULL, all principal names are retrieved; otherwise, -principal names that match the expression exp are retrieved. -\v{princs} is filled in with a pointer to a NULL-terminated array of -strings, and \v{count} is filled in with the number of principal names -in the array. \v{princs} must be freed with a call to -\v{kadm5_free_name_list}. - -All characters in the expression match themselves except ``?'' which -matches any single character, ``*'' which matches any number of -consecutive characters, and ``[chars]'' which matches any single -character of ``chars''. Any character which follows a ``$\backslash$'' -matches itself exactly, and a ``$\backslash$'' cannot be the last -character in the string. - -\subsection{kadm5_create_policy} - -\begin{verbatim} -kadm5_ret_t -kadm5_create_policy(void *server_handle, - kadm5_policy_ent_t policy, u_int32 mask); -\end{verbatim} - -Create a new policy. - -AUTHORIZATION REQUIRED: add - -\begin{enumerate} -\item Check to see if mask is valid, if not return KADM5_BAD_MASK error. -\item Return KADM5_BAD_POLICY if the policy name contains illegal -characters. - -\item Check to see if the policy already exists, if so return -KADM5_DUP error. -\item If the PW_MIN_CLASSES bit is set and pw_min_classes is not 1, 2, -3, 4, or 5, return KADM5_BAD_CLASS. -\item Create a new policy setting the appropriate fields determined -by the mask. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_DUP] Policy already exists -\item[KADM5_BAD_MASK] The mask is not valid for a create -operation. -\item[KADM5_BAD_CLASS] The specified number of character classes -is invalid. -\item[KADM5_BAD_POLICY] The policy name contains illegal characters. -\end{description} - -\subsection{kadm5_delete_policy} - -\begin{verbatim} -kadm5_ret_t -kadm5_delete_policy(void *server_handle, char *policy); -\end{verbatim} - -Deletes a policy. - -AUTHORIZATION REQUIRED: delete - -\begin{enumerate} -\item Return KADM5_BAD_POLICY if the policy name contains illegal -characters. -\item Return KADM5_UNK_POLICY if the named policy does not exist. -\item Return KADM5_POLICY_REF if the named policy's refcnt is not 0. -\item Delete policy. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_BAD_POLICY] The policy name contains illegal characters. -\item[KADM5_UNK_POLICY] Policy does not exist. -\item[KADM5_POLICY_REF] Policy is being referenced. -\end{description} - -\subsection{kadm5_modify_policy} - -\begin{verbatim} -kadm5_ret_t -kadm5_modify_policy(void *server_handle, - kadm5_policy_ent_t policy, u_int32 mask); -\end{verbatim} - -Modify an existing policy. Note that modifying a policy has no affect -on a principal using the policy until the next time the principal's -password is changed. - -AUTHORIZATION REQUIRED: modify - -\begin{enumerate} -\item Return KADM5_BAD_POLICY if the policy name contains illegal -characters. -\item Check to see if mask is legal, if not return KADM5_BAD_MASK error. -\item Check to see if policy exists, if not return -KADM5_UNK_POLICY error. -\item If the PW_MIN_CLASSES bit is set and pw_min_classes is not 1, 2, -3, 4, or 5, return KADM5_BAD_CLASS. -\item Update the fields specified in the mask. -\end{enumerate} - -RETURN CODES: - -\begin{description} -\item[KADM5_BAD_POLICY] The policy name contains illegal characters. -\item[KADM5_UNK_POLICY] Policy not found. -\item[KADM5_BAD_MASK] The mask is not valid for a modify -operation. -\item[KADM5_BAD_CLASS] The specified number of character classes -is invalid. -\end{description} - -\subsection{kadm5_get_policy} - -In KADM5_API_VERSION_1: - -\begin{verbatim} -kadm5_ret_t -kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t *ent); -\end{verbatim} - -In KADM5_API_VERSION_2: - -\begin{verbatim} -kadm5_ret_t -kadm5_get_policy(void *server_handle, char *policy, kadm5_policy_ent_t ent); -\end{verbatim} - -AUTHORIZATION REQUIRED: get, or the calling principal's policy being -the same as the policy argument. If the request is authenticated to -the kadmin/changepw service, the get privilege is disregarded. - -In KADM5_API_VERSION_1, return the policy's attributes in allocated -memory; if an error is returned entry is set to NULL. In -KADM5_API_VERSION_2, fill in fields of the policy structure allocated -by the caller. The caller must free the returned entry with -kadm5_free_policy_ent - -RETURN CODES: - -\begin{description} -\item[KADM5_BAD_POLICY] The policy name contains illegal characters. -\item[KADM5_UNK_POLICY] Policy not found. -\end{description} - -\subsection{kadm5_get_policies} - -\begin{verbatim} -kadm5_ret_t -kadm5_get_policies(void *server_handle, char *exp, - char ***pols, int *count) -\end{verbatim} - -Retrieves the list of principal names. - -AUTHORIZATION REQUIRED: list - -If \v{exp} is NULL, all principal names are retrieved; otherwise, -principal names that match the expression exp are retrieved. \v{pols} -is filled in with a pointer to a NULL-terminated array of strings, and -\v{count} is filled in with the number of principal names in the -array. \v{pols} must be freed with a call to -\v{kadm5_free_name_list}. - -All characters in the expression match themselves except ``?'' which -matches any single character, ``*'' which matches any number of -consecutive characters, and ``[chars]'' which matches any single -character of ``chars''. Any character which follows a ``$\backslash$'' -matches itself exactly, and a ``$\backslash$'' cannot be the last -character in the string. - -\subsection{kadm5_free_principal_ent, _policy_ent} - -\begin{verbatim} -void kadm5_free_principal_ent(void *server_handle, - kadm5_principal_ent_t princ); -\end{verbatim} - -In KADM5_API_VERSION_1, free the structure and contents allocated by a -call to kadm5_get_principal. In KADM5_API_VERSION_2, free the -contents allocated by a call to kadm5_get_principal. - -AUTHORIZATION REQUIRED: none (local operation) - -\begin{verbatim} -void kadm5_free_policy_ent(kadm5_policy_ent_t policy); -\end{verbatim} - -Free memory that was allocated by a call to kadm5_get_policy. If -the argument is NULL, the function returns successfully. - -AUTHORIZATION REQUIRED: none (local operation) - -\subsection{kadm5_free_name_list} - -\begin{verbatim} -void kadm5_free_name_list(void *server_handle, - char **names, int *count); -\end{verbatim} - -Free the memory that was allocated by kadm5_get_principals or -kadm5_get_policies. names and count must be a matched pair of -values returned from one of those two functions. - -\subsection{kadm5_free_key_data} - -\begin{verbatim} -void kadm5_free_key_data(void *server_handle, - krb5_int16 *n_key_data, krb5_key_data *key_data) -\end{verbatim} - -Free the memory that was allocated by kadm5_randkey_principal. -n_key_data and key_data must be a matched pair of values returned from -that function. - -\subsection{kadm5_get_privs} - -\begin{verbatim} -kadm5_ret_t -kadm5_get_privs(void *server_handle, u_int32 *privs); -\end{verbatim} - -Return the caller's admin server privileges in the integer pointed to -by the argument. The Admin API does not define any way for a -principal's privileges to be set. Note that this function will -probably be removed or drastically changed in future versions of this -system. - -The returned value is a bitmask indicating the caller's privileges: - -\begin{tabular}{llr} -{\bf Privilege} & {\bf Symbol} & {\bf Value} \\ -Get & KADM5_PRIV_GET & 0x01 \\ -Add & KADM5_PRIV_ADD & 0x02 \\ -Modify & KADM5_PRIV_MODIFY & 0x04 \\ -Delete & KADM5_PRIV_DELETE & 0x08 \\ -List & KADM5_PRIV_LIST & 0x10 \\ -Changepw & KADM5_PRIV_CPW & 0x20 -\end{tabular} - -There is no guarantee that a caller will have a privilege indicated by -this function for any length of time or for any particular target; -applications using this function must still be prepared to handle all -possible KADM5_AUTH_* error codes. - -In the initial MIT Kerberos version of the admin server, permissions -depend both on the caller and the target; this function returns a -bitmask representing all privileges the caller can possibly have for -any possible target. - -\end{document} diff --git a/krb5-1.21.3/doc/kadm5/api-server-design.tex b/krb5-1.21.3/doc/kadm5/api-server-design.tex deleted file mode 100644 index 2cf0fe84..00000000 --- a/krb5-1.21.3/doc/kadm5/api-server-design.tex +++ /dev/null @@ -1,1054 +0,0 @@ -% This document is included for historical purposes only, and does not -% apply to krb5 today. - -\documentstyle[12pt,fullpage]{article} - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Make _ actually generate an _, and allow line-breaking after it. -\let\underscore=\_ -\catcode`_=13 -\def_{\underscore\penalty75\relax} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -\setlength{\parskip}{.7\baselineskip} -\setlength{\parindent}{0pt} - -\def\v#1{\verb+#1+} -\def\k#1{K$_#1$} - -\title{KADM5 Library and Server \\ Implementation Design} -\author{Barry Jaspan} - -\begin{document} - -\sloppy -\maketitle - -{\setlength{\parskip}{0pt}\tableofcontents} - -\section{Overview} - -The KADM5 administration system is designed around the KADM5 API. The -``server-side'' library libkadm5srv.a implements the KADM5 API by -operating directly on the underlying KDC and admin databases. The -``client-side'' library libkadm5clnt.a implements the KADM5 API via an -RPC mechanism. The administration server kadmind accepts RPC requests -from the client-side library and translates them into calls to the -server-side library, performing authentication, authorization, and -logging along the way. - -The two libraries, libkadm5clnt.a and libkadm5srv.a, export the -identical kadm5 interface; for example, both contain definitions for -kadm5_get_principal, and all other kadm5 functions. In most cases, -the client library function just marshalls arguments and results into -and out of an RPC call, whereas the server library function performs -the actual operation on the database file. kadm5_init_*, however, are -substantially different even though they export the same interface: on -the client, they establish the RPC connection and GSS-API context, -whereas on the server side the open the database files, read in the -password dictionary, and the like. Also, the kadm5_free functions -operate on local process memory in both libraries. - -The admin server is implemented as a nearly-stateless transaction -server, where each admin API function represents a single transaction. -No per-client or per-connection information is stored; only local -database handles are maintained between requests. The RPC mechanism -provides access to remote callers' authentication credentials for -authorization purposes. - -The admin API is exported via an RPC interface that hides all details -about network encoding, authentication, and encryption of data on the -wire. The RPC mechanism does, however, allow the server to access the -underlying authentication credentials for authorization purposes. - -The admin system maintains two databases: -% -\begin{itemize} -\item The master Kerberos (KDC) database is used to store all the -information that the Kerberos server understands, thus allowing the -greatest functionality with no modifications to a standard KDC. - -\item The KDC database also stores kadm5-specific per-principal -information in each principal's krb5_tl_data list. In a prior -version, this data was stored in a separate admin principal database; -thus, when this document refers to ``the admin principal database,'' -it now refers to the appropriate krb5_tl_data entries in the KDC -database. - -\item The policy database stores kadm5 policy information. -\end{itemize} - -The per-principal information stored in the admin principal database -consists of the principal's policy name and an array of the -principal's previous keys. The old keys are stored encrypted in the -key of the special principal ``kadmin/history'' that is created by the -server library when it is first needed. Since a change in -kadmin/history's key renders every principal's key history array -useless, it can only be changed using the ovsec_adm_edit utility; that -program will reencrypt every principal's key history in the new -key.\footnote{ovsec_adm_edit has not yet been implemented, and there -are currently no plans to implement it; thus, the history cannot -currently be changed.} The server library refuses all requests to -change kadmin/history's key. - -\section{API Handles} - -Each call to kadm5_init_* on the client or server creates a new API -handle. The handles encapsulate the API and structure versions -specified by kadm5_init_*'s caller and all other internal data needed -by the library. A process can have multiple open API handles -simultaneously by calling kadm5_init_* multiple times, and call can -specify a different version, client or service principal, and so -forth. - -Each kadm5 function verifies the handle it is given with the -CHECK_HANDLE or _KADM5_CHECK_HANDLE macros. The CHECK_HANDLE macro -differs for the client and server library because the handle types -used by those libraries differ, so it is defined in both -$<$client_internal.h$>$ and $<$server_internal.h$>$ in the library -source directory. In each header file, CHECK_HANDLE first calls -GENERIC_CHECK_HANDLE, defined in $<$admin_internal.h$>$, which -verifies the magic number, API version, and structure version that is -contained in both client and server handles. CHECK_HANDLE then calls -either CLIENT_CHECK_HANDLE or SERVER_CHECK_HANDLE respectively to -verify the client- or server-library specific handle fields. - -The CHECK_HANDLE macro is useful because it inlines the handle check -instead of requiring a separate function call. However, using -CHECK_HANDLE means that a source file cannot be compiled once and -included into both the client and server library, because CHECK_HANDLE -is always either specific to either the client or server library, not -both. There are a number of functions that can be implemented with -the same code in both the client and server libraries, however, -including all of the kadm5_free functions and -kadm5_chpass_principal_util. The _KADM5_CHECK_HANDLE macro solves -this problem; instead of inlining the handle check, it calls the -function _kadm5_check_handle which is defined separately in both the -client and server library, in client_init.c and server_init.c. -Since these two files are only compiled once and put in a single -library, they simply verify the handle they are passed with -CHECK_HANDLE and return the result. - -\section{API Versioning} - -The KADM5 system was designed by OpenVision to support multiple -versions of the KADM5 API. MIT has not adopted this level of support, -and considers the KADM5 C API to be unstable from release to release. -This section describes the original design intent; bear in mind that -only the most recent API is supported by current MIT krb5 releases, -and that the API version does not necessarily change with API changes -unless there is a need to do so for wire compatibility. - -Historically, three versions of the KADM5 API have existed: -KADM5_API_VERSION_1 through KADM5_API_VERSION_3. The first version -was equivalent to the initial OpenVision API, -OVSEC_KADM_API_VERSION_1; the second was created during the initial -integration of the OpenVision system into the MIT release; and the -third was created for MIT krb5 1.8 to add lockout fields to policy -entries. MIT dropped wire compatibility support for version 1 in MIT -krb5 1.8 (as version 1 was never used in shipped MIT code), but -retains wire compatibility support for version 2. - -Implementing a versioned API in C via with both local and RPC access -presents a number of design issues, some of them quite subtle. The -contexts in which versioning considerations must be made include: - -\begin{enumerate} -\item Typedefs, function declarations, and defined constants depend on -the API version a client is written to and must be correct at compile -time. - -\item Each function in the server library must behave according to the -API version specified by the caller at runtime to kadm5_init_*. - -\item The XDR functions used by the RPC layer to transmit function -arguments and results must encode data structures correctly depending -on the API version specified by the client at runtime. - -\item Each function in the client library must behave according to the -API version specified by the caller at runtime to kadm5_init_*. - -\item The RPC server (kadmind) must accept calls from a client using -any supported API version, and must then invoke the function in the -server library corresponding to the RPC with the API version indicated -by the client caller. - -\item When a first API function is invoked that needs to call a second -function in the API on its own behalf, and that second API function's -behavior depends on the API version specified, the first API function -must either be prepared to call the second API function at whatever -version its caller specifies or have a means of always calling the -second API function at a pre-determined version. -\end{enumerate} - -The following functions describe how each context is handled. - -\subsection{Designing for future compatibility} - -Any code whose behavior depends on the API version should be written -so as to be compatible with future, currently unknown API versions on -the grounds that any particular piece of API behavior will most -likely not change between versions. For example, in the current -system, the code is not written as ``if this is VERSION_1, do X, else -if this is VERSION_2, do Y''; instead, it is written as ``if this is -VERSION_1, do X; else, do Y.'' The former will require additional -work when VERSION_3 is defined, even if ``do Y'' is still the correct -action, whereas the latter will work without modification in that -case. - -\subsection{Header file declarations} - -Typedefs, defined constants and macros, and function declarations may -change between versions. A client is always written to a single, -specific API version, and thus expects the header files to define -everything according to that API. Failure of a header file to define -values correctly will result in either compiler warnings (e.g. if the -pointer type of a function argument changes) or fatal errors (e.g. if -the number of arguments to a function changes, or the fields of a -structure change). For example, in VERSION_1, kadm5_get_policy took a -pointer to a pointer to a structure, and in VERSION_2 it takes a -pointer to a structure; that would generate a warning if not correct. -In VERSION_1, kadm5_randkey_principal accepted three arguments but in -VERSION_2 accepts four; that would generate a fatal error. - -The header file defines everything correctly based on the value of the -USE_KADM5_API_VERSION constant. The constant can be assigned to an -integer corresponding to any supported API version, and defaults to -the newest version. The header files then simply use an \#ifdef to -include the right definitions: -% -\begin{verbatim} -#if USE_KADM5_API_VERSION == 1 -kadm5_ret_t kadm5_get_principal(void *server_handle, - krb5_principal principal, - kadm5_principal_ent_t *ent); -#else -kadm5_ret_t kadm5_get_principal(void *server_handle, - krb5_principal principal, - kadm5_principal_ent_t ent, - long mask); -#endif -\end{verbatim} - -\subsection{Server library functions} - -Server library functions must know how many and what type of arguments -to expect, and must operate on those arguments correctly, based on the -API version with which they are invoked. The API version is contained -in the handle that is always passed as their first argument, generated -by kadm5_init_* (to which the client specified the API version to use -at run-time). - -In general, it is probably unsafe for a compiled function in a library -to re-interpret the number and type of defined arguments at run-time -since the calling conventions may not allow it; for example, a -function whose first argument was a short in one version and a pointer -in the next might fail if it simply typed-casted the argument. In -that case, the function would have to written to take variable -arguments (i.e. use $<$stdarg.h$>$) and extract them from the stack -based on the API version. Alternatively, a separate function for each -API version could be defined, and $<$kadm5/admin.h$>$ could be written -to \v{\#define} the exported function name based on the value of -USE_KADM5_API_VERSION. - -In the current system, it turns out, that isn't necessary, and future -implementors should take try to ensure that no version has semantics -that will cause such problems in the future. All the functions in -KADM5 that have different arguments or results between VERSION_1 and -VERSION_2 do so simply by type-casting their arguments to the -appropriate version and then have separate code paths to handle each -one correctly. kadm5_get_principal, in svr_principal.c, is a good -example. In VERSION_1, it took the address of a pointer to a -kadm5_principal_ent_t to fill in with a pointer to allocated memory; -in VERSION_2, it takes a pointer to a structure to fill in, and a mask -of which fields in that structure should be filled in. Also, the -contents of the kadm5_principal_ent_t changed slightly between the two -versions. kadm5_get_principal handles versioning as follows -(following along in the source code will be helpful): - -\begin{enumerate} -\item If VERSION_1, it saves away its entry argument (address of a -pointer to a structure) and resets its value to contain the address of -a locally stack-allocated entry structure; this allows most of the -function to written once, in terms of VERSION_2 semantics. If -VERSION_1, it also resets its mask argument to be -KADM5_PRINCIPAL_NORMAL_MASK, because that is the equivalent to -VERSION_1 behavior, which was to return all the fields of the -structure. - -\item The bulk of the function is implemented as expected for -VERSION_2. - -\item The new fields in the VERSION_2 entry structure are assigned -inside a block that is only execute if the caller specified -VERSION_2. This saves a little time for a VERSION_1 caller. - -\item After the entry structure is filled, the function checks again -if it was called as VERSION_1. If so, it allocates a new -kadm5_principal_ent_t_v1 structure (which is conveniently defined in -the header file) with malloc, copies the appropriate values from the -entry structure into the VERSION_1 entry structure, and then writes -the address of the newly allocated memory into address specified by -the original entry argument which it had previously saved away. -\end{enumerate} - -There is another complication involved in a function re-interpreting -the number of arguments it receives at compile time---it cannot assign -any value to an argument for which the client did not pass a value. -For example, a VERSION_1 client only passes three arguments to -kadm5_get_principal. If the implementation of kadm5_get_principal -notices that the caller is VERSION_1 and therefore assigns its fourth -argument, mask, to a value that mimics the VERSION_1 behavior, it may -inadvertently overwrite data on its caller's stack. This problem can -be avoided simply by using a true local variable in such cases, -instead of treating an unpassed argument as a local variable. - -\subsection{XDR functions} - -The XDR functions used to encode function arguments and results must -know how to encode the data for any API version. This is important -both so that all the data gets correctly transmitted and so that -protocol compatibility between clients or servers using the new -library but an old API version is maintained; specific, new kadmind -servers should support old kadm5 clients. - -The signature of all XDR functions is strictly defined: they take the -address of an XDR function and the address of the data object to be -encoded or decoded. It is thus impossible to provide the API version -of the data object as an additional argument to an XDR function. -There are two other means to convey the information, storing the API -version to use as a field in the data object itself and creating -separate XDR functions to handle each different version of the data -object, and both of them are used in KADM5. - -In the client library, each kadm5 function collects its arguments into -a single structure to be passed by the RPC; similarly, it expects all -of the results to come back as a single structure from the RPC that it -will then decode back into its constituent pieces (these are the -standard ONC RPC semantics). In order to pass versioning information -to the XDR functions, each function argument and result datatype has a -filed to store the API version. For example, consider -kadm5_get_principal's structures: -% -\begin{verbatim} -struct gprinc_arg { - krb5_ui_4 api_version; - krb5_principal princ; - long mask; -}; -typedef struct gprinc_arg gprinc_arg; -bool_t xdr_gprinc_arg(); - -struct gprinc_ret { - krb5_ui_4 api_version; - kadm5_ret_t code; - kadm5_principal_ent_rec rec; -}; -typedef struct gprinc_ret gprinc_ret; -bool_t xdr_gprinc_ret(); -\end{verbatim} -% -kadm5_get_principal (in client_principal.c) assigns the api_version -field of the gprinc_arg to the version specified by its caller, -assigns the princ field based on its arguments, and assigns the mask -field from its argument if the caller specified VERSION_2. It then -calls the RPC function clnt_call, specifying the XDR functions -xdr_gprinc_arg and xdr_gprinc_ret to handle the arguments and results. - -xdr_gprinc_arg is invoked with a pointer to the gprinc_arg structure -just described. It first encodes the api_version field; this allows -the server to know what to expect. It then encodes the krb5_principal -structure and, if api_version is VERSION_2, the mask. If api_version -is not VERSION_2, it does not encode {\it anything} in place of the -mask, because an old VERSION_1 server will not expect any other data -to arrive on the wire there. - -The server performs the kadm5_get_principal call and returns its -results in an XDR encoded gprinc_ret structure. clnt_call, which has -been blocking until the results arrived, invokes xdr_gprinc_ret with a -pointer to the encoded data for it to decode. xdr_gprinc_ret first -decodes the api_version field, and then the code field since that is -present in all versions to date. The kadm5_principal_ent_rec presents -a problem, however. The structure does not itself contain an -api_version field, but the structure is different between the two -versions. Thus, a single XDR function cannot decode both versions of -the structure because it will have no way to decide which version to -expect. The solution is to have two functions, -kadm5_principal_ent_rec_v1 and kadm5_principal_ent_rec, which always -decode according to VERSION_1 or VERSION_2, respectively. gprinc_ret -knows which one to invoke because it has the api_version field -returned by the server (which is always the same as that specified by -the client in the gpring_arg). - -In hindsight, it probably would have been better to encode the API -version of all structures directly in a version field in the structure -itself; then multiple XDR functions for a single data type wouldn't be -necessary, and the data objects would stand complete on their own. -This can be added in a future API version if desired. - -\subsection{Client library functions} - -Just as with server library functions, client library functions must -be able to interpret their arguments and provide result according to -the API version specified by the caller. Again, kadm5_get_principal -(in client_principal.c) is a good example. The gprinc_ret structure -that it gets back from clnt_call contains a kadm5_principal_ent_rec or -a kadm5_principal_ent_rec_v1 (the logic is simplified somewhat because -the VERSION_2 structure only has new fields added on the end). If -kadm5_get_principal was invoked with VERSION_2, that structure should -be copied into the pointer provided as the entry argument; if it was -invoked with VERSION_1, however, the structure should be copied into -allocated memory whose address is then written into the pointer -provided by the entry argument. Client library functions make this -determination based on the API version specified in the provided -handle, just like server library functions do. - -\subsection{Admin server stubs} - -When an RPC call arrives at the server, the RPC layer authenticates -the call using the GSS-API, decodes the arguments into their -single-structure form (ie: a gprinc_arg) and dispatches the call to a -stub function in the server (in server_stubs.c). The stub function -first checks the caller's authorization to invoke the function and, if -authorized, calls the kadm5 function corresponding to the RPC function -with the arguments specified in the single-structure argument. - -Once again, kadm5_get_principal is a good example for the issues -involved. The contents of the gprinc_arg given to the stub -(get_principal_1) depends on the API version the caller on the client -side specified; that version is available to the server in the -api_version field of the gprinc_arg. When the server calls -kadm5_get_principal in the server library, it must give that function -an API handle that contains the API version requested by the client; -otherwise the function semantics might not be correct. One -possibility would be for the server to call kadm5_init for each client -request, specifying the client's API version number and thus generating -an API handle with the correct version, but that would be -prohibitively inefficient. Instead, the server dips down in the -server library's internal abstraction barrier, using the function -new_server_handle to cons up a server handle based on the server's own -global_server_handle but using the API version specified by the -client. The server then passes the newly generated handle to -kadm5_get_principal, ensuring the right behavior, and creates the -gprinc_ret structure in a manner similar to that described above. - -Although new_server_handle solves the problem of providing the server -with an API handle containing the right API version number, it does -not solve another problem: that a single source file, server_stubs.c, -needs to be able to invoke functions with arguments appropriate for -multiple API versions. If the client specifies VERSION_1, for -example, the server must invoke kadm5_get_principal with three -arguments, but if the client specifies VERSION_2 the server must -invoke kadm5_get_principal with four arguments. The compiler will not -allow this inconsistency. The server defines wrapper functions in a -separate source file that match the old version, and the separate -source file is compiled with USE_KADM5_API_VERSION set to the old -version; see kadm5_get_principal_v1 in server_glue_v1.c. The server -then calls the correct variant of kadm5_get_principal_* based on the -API version and puts the return values into the gprinc_ret in a manner -similar to that described above. - -Neither of these solutions are necessarily correct. new_server_handle -violates the server library's abstraction barrier and is at best a -kludge; the server library should probably export a function to -provide this behavior without violating the abstraction; -alternatively, the librar should be modified so that having the server -call kadm5_init for each client RPC request would not be too -inefficient. The glue functions in server_glue_v1.c really are not -necessary, because the server stubs could always just pass dummy -arguments for the extra arguments; after all, the glue functions pass -{\it nothing} for the extra arguments, so they just end up as stack -garbage anyway. - -Another alternative to the new_server_handle problem is to have the -server always invoke server library functions at a single API version, -and then have the stubs take care of converting the function arguments -and results back into the form expected by the caller. In general, -however, this might require the stubs to duplicate substantial logic -already present in the server library and further violate the server -library's abstraction barrier. - -\subsection{KADM5 self-reference} - -Some kadm5 functions call other kadm5 functions ``on their own -behalf'' to perform functionality that is necessary but that does not -directly affect what the client sees. For example, -kadm5_chpass_principal has to enforce password policies; thus, it -needs to call kadm5_get_principal and, if the principal has a policy, -kadm5_get_policy and kadm5_modify_principal in the process of changing -a principal's password. This leads to a complication: what API handle -should kadm5_chpass_principal pass to the other kadm5 functions it -calls? - -The ``obvious,'' but wrong, answer is that it should pass the handle -it was given by its caller. The caller may provide an API handle -specifying any valid API version. Although the semantics of -kadm5_chpass_principal did not change between VERSION_1 and VERSION_2, -the declarations of both kadm5_get_principal and kadm5_get_policy -did. Thus, to use the caller's API handle, kadm5_chpass_principal -will have to have a separate code path for each API version, even -though it itself did not change between versions, and duplicate a lot -of logic found elsewhere in the library. - -Instead, each API handle contains a ``local-use handle,'' or lhandle, -that kadm5 functions should use to call other kadm5 functions. For -example, the client-side library's handle structure is: -% -\begin{verbatim} -typedef struct _kadm5_server_handle_t { - krb5_ui_4 magic_number; - krb5_ui_4 struct_version; - krb5_ui_4 api_version; - char * cache_name; - int destroy_cache; - CLIENT * clnt; - krb5_context context; - kadm5_config_params params; - struct _kadm5_server_handle_t *lhandle; -} kadm5_server_handle_rec, *kadm5_server_handle_t; -\end{verbatim} -% -The lhandle field is allocated automatically when the handle is -created. All of the fields of the API handle that are accessed -outside kadm5_init are also duplicated in the lhandle; however, the -api_version field of the lhandle is always set to a {\it constant} -value, regardless of the API version specified by the caller to -kadm5_init. In the current implementation, the lhandle's api_version -is always VERSION_2. - -By passing the caller's handle's lhandle to recursively called kadm5 -functions, a kadm5 function is assured of invoking the second kadm5 -function with a known API version. Additionally, the lhandle's -lhandle field points back to the lhandle, in case kadm5 functions call -themselves more than one level deep; handle$->$lhandle always points -to the same lhandle, no matter how many times the indirection is -performed. - -This scheme might break down if a kadm5 function has to call another -kadm5 function to perform operations that they client will see and for -its own benefit, since the semantics of the recursively-called kadm5 -function may depend on the API version specified and the client may be -depending on a particular version's behavior. Future implementors -should avoid creating a situation in which this is possible. - -\section{Server Main} - -The admin server starts by trapping all fatal signals and directing -them to a cleanup-and-exit function. It then creates and exports the -RPC interface and enters its main loop. - -The main loop dispatches all incoming requests to the RPC mechanism. -In a previous version, after 15 seconds of inactivity, the server -closed all open databases; each database was be automatically reopened -by the API function implementations as necessary. That behavior -existed to protect against loss of written data before the process -exited. The current database libraries write all changes out to disk -immediately, however, so this behavior is no longer required or -performed. - -\section{Remote Procedure Calls} - -The RPC for the Admin system will be based on ONC RPC. ONC RPC is -used because it is a well-known, portable RPC mechanism. The -underlying external data representation (xdr) mechanisms for wire -encapsulation are well-known and extensible. Authentication to the -admin server and encryption of all RPC functional arguments and -results are be handled via the AUTH_GSSAPI authentication flavor of -ONC RPC. - -\section{Database Record Types} -\label{sec:db-types} - -\subsection{Admin Principal, osa_princ_ent_t} - -The admin principal database stores records of the type -osa_princ_ent_t (declared in $<$kadm5/adb.h$>$), which is the -subset of the kadm5_principal_ent_t structure that is not stored -in the Kerberos database plus the necessary bookkeeping information. -The records are keyed by the ASCII representation of the principal's -name, including the trailing NULL. - -\begin{verbatim} -typedef struct _osa_pw_hist_t { - int n_key_data; - krb5_key_data *key_data; -} osa_pw_hist_ent, *osa_pw_hist_t; - -typedef struct _osa_princ_ent_t { - char * policy; - u_int32 aux_attributes; - - unsigned int old_key_len; - unsigned int old_key_next; - krb5_kvno admin_history_kvno; - osa_pw_hist_ent *old_keys; - - - u_int32 num_old_keys; - u_int32 next_old_key; - krb5_kvno admin_history_kvno; - osa_pw_hist_ent *old_keys; -} osa_princ_ent_rec, *osa_princ_ent_t; -\end{verbatim} - -The fields that are different from kadm5_principal_ent_t are: - -\begin{description} -\item[num_old_keys] The number of previous keys in the old_keys array. -This value must be 0 $\le$ num_old_keys $<$ pw_history_num. - -\item[old_key_next] The index into old_keys where the next key should -be inserted. This value must be 0 $\le$ old_key_next $\le$ -num_old_keys. - -\item[admin_history_kvno] The key version number of the kadmin/history -principal's key used to encrypt the values in old_keys. If the server -library finds that kadmin/history's kvno is different from the value -in this field, it returns KADM5_BAD_HIST_KEY. - -\item[old_keys] The array of the principal's previous passwords, each -encrypted in the kadmin/history key. There are num_old_keys -elements. Each ``password'' in the array is itself an array of -n_key_data krb5_key_data structures, one for each keysalt type the -password was encoded in. -\end{description} - -\subsection{Policy, osa_policy_ent_t} - -The policy database stores records of the type osa_policy_ent_t -(declared in $<$kadm5/adb.h$>$) , which is all of -kadm5_policy_ent_t plus necessary bookkeeping information. The -records are keyed by the policy name. - -\begin{verbatim} -typedef struct _osa_policy_ent_t { - char *policy; - - u_int32 pw_min_life; - u_int32 pw_max_life; - u_int32 pw_min_length; - u_int32 pw_min_classes; - u_int32 pw_history_num; - - u_int32 refcnt; -} osa_policy_ent_rec, *osa_policy_ent_t; -\end{verbatim} - -\subsection{Kerberos, krb5_db_entry} - -The Kerberos database stores records of type krb5_db_entry, which is -defined in the $<$k5-int.h$>$ header file. The semantics of each -field are defined in the libkdb functional specification. - -\section{Database Access Methods} - -\subsection{Principal and Policy Databases} - -This section describes the database abstraction used for the admin -policy database; the admin principal database used to be treated in -the same manner but is now handled more directly as krb5_tl_data; -thus, nothing in this section applies to it any more. Since both -databases export equivalent functionality, the API is only described -once. The character T is used to represent both ``princ'' and -``policy''. The location of the principal database is defined by the -configuration parameters given to any of the kadm5_init functions in -the server library. - -Note that this is {\it only} a database abstraction. All functional -intelligence, such as maintaining policy reference counts or sanity -checking, must be implemented above this layer. - -Prototypes for the osa functions are supplied in -$<$kadm5/adb.h$>$. The routines are defined in libkadm5srv.a. They -require linking with the Berkely DB library. - -\subsubsection{Error codes} - -The database routines use com_err for error codes. The error code -table name is ``adb'' and the offsets are the same as the order -presented here. The error table header file is -$<$kadm5/adb_err.h$>$. Callers of the OSA routines should first call -init_adb_err_tbl() to initialize the database table. - -\begin{description} -\item[OSA_ADB_OK] Operation successful. -\item[OSA_ADB_FAILURE] General failure. -\item[OSA_ADB_DUP] Operation would create a duplicate database entry. -\item[OSA_ADB_NOENT] Named entry not in database. -\item[OSA_ADB_BAD_PRINC] The krb5_principal structure is invalid. -\item[OSA_ADB_BAD_POLICY] The specified policy name is invalid. -\item[OSA_ADB_XDR_FAILURE] The principal or policy structure cannot be -encoded for storage. -\item[OSA_ADB_BADLOCKMODE] Bad lock mode specified. -\item[OSA_ADB_CANTLOCK_DB] Cannot lock database, presumably because it -is already locked. -\item[OSA_ADB_NOTLOCKED] Internal error, database not locked when -unlock is called. -\item[OSA_ADB_NOLOCKFILE] KADM5 administration database lock file missing. -\end{description} - -Database functions can also return system errors. Unless otherwise -specified, database functions return OSA_ADB_OK. - -\subsubsection{Locking} - -All of the osa_adb functions except open and close lock and unlock the -database to prevent concurrency collisions. The overall locking -algorithm is as follows: - -\begin{enumerate} -\item osa_adb_open_T calls osa_adb_init_db to allocate the osa_adb_T_t -structure and open the locking file for further use. - -\item Each osa_adb functions locks the locking file and opens the -appropriate database with osa_adb_open_and_lock, performs its action, -and then closes the database and unlocks the locking file with -osa_adb_close_and_unlock. - -\item osa_adb_close_T calls osa_adb_fini_db to close the locking file -and deallocate the db structure. -\end{enumerate} - -Functions which modify the database acquire an exclusive lock, others -acquire a shared lock. osa_adb_iter_T acquires an exclusive lock for -safety but as stated below consequences of modifying the database in -the iteration function are undefined. - -\subsubsection{Function descriptions} - -\begin{verbatim} -osa_adb_ret_t osa_adb_create_T_db(kadm5_config_params *params) -\end{verbatim} -% -Create the database and lockfile specified in params. The database -must not already exist, or EEXIST is returned. The lock file is only -created after the database file has been created successfully. - -\begin{verbatim} -osa_adb_ret_t osa_adb_rename_T_db(kadm5_config_params *fromparams, - kadm5_config_params *toparams) -\end{verbatim} -% -Rename the database named by fromparams to that named by toparams. -The fromparams database must already exist; the toparams database may -exist or not. When the function returns, the database named by -fromparams no longer exists, and toparams has been overwritten with -fromparams. This function acquires a permanent lock on both databases -for the duration of its operation, so a failure is likely to leave the -databases unusable. - -\begin{verbatim} -osa_adb_ret_t osa_adb_destroy_policy_db(kadm5_config_params *params) -\end{verbatim} -% -Destroy the database named by params. The database file and lock file -are deleted. - -\begin{verbatim} -osa_adb_ret_t -osa_adb_open_T(osa_adb_T_t *db, char *filename); -\end{verbatim} -% -Open the database named filename. Returns OSA_ADB_NOLOCKFILE if the -database does not exist or if the lock file is missing. The database -is not actually opened in the operating-system file sense until a lock -is acquire. - -\begin{verbatim} -osa_adb_ret_t -osa_adb_close_T(osa_adb_T_t db); -\end{verbatim} -% -Release all shared or exclusive locks (on BOTH databases, since they -use the same lock file) and close the database. - -It is an error to exit while a permanent lock is held; -OSA_ADB_NOLOCKFILE is returned in this case. - -\begin{verbatim} -osa_adb_ret_t osa_adb_get_lock(osa_adb_T_t db, int mode) -\end{verbatim} - -Acquire a lock on the administration databases; note that both -databases are locked simultaneously by a single call. The mode -argument can be OSA_ADB_SHARED, OSA_ADB_EXCLUSIVE, or -OSA_ADB_PERMANENT. The first two and the third are really disjoint -locking semantics and should not be interleaved. - -Shared and exclusive locks have the usual semantics, and a program can -upgrade a shared lock to an exclusive lock by calling the function -again. A reference count of open locks is maintained by this function -and osa_adb_release_lock so the functions can be called multiple -times; the actual lock is not released until the final -osa_adb_release_lock. Note, however, that once a lock is upgraded -from shared to exclusive, or from exclusive to permanent, it is not -downgraded again until released completely. In other words, -get_lock(SHARED), get_lock(EXCLUSIVE), release_lock() leaves the -process with an exclusive lock with a reference count of one. An -attempt to get a shared or exclusive lock that conflicts with another -process results in the OSA_ADB_CANLOCK_DB error code. - -This function and osa_adb_release_lock are called automatically as -needed by all other osa_adb functions to acquire shared and exclusive -locks and so are not normally needed. They can be used explicitly by -a program that wants to perform multiple osa_adb functions within the -context of a single lock. - -Acquiring an OSA_ADB_PERMANENT lock is different. A permanent lock -consists of first acquiring an exclusive lock and then {\it deleting -the lock file}. Any subsequent attempt to acquire a lock by a -different process will fail with OSA_ADB_NOLOCKFILE instead of -OSA_ADB_CANTLOCK_DB (attempts in the same process will ``succeed'' -because only the reference count gets incremented). The lock file is -recreated by osa_adb_release_lock when the last pending lock is released. - -The purpose of a permanent lock is to absolutely ensure that the -database remain locked during non-atomic operations. If the locking -process dies while holding a permanent lock, all subsequent osa_adb -operations will fail, even through a system reboot. This is useful, -for example, for ovsec_adm_import which creates both new database -files in a temporary location and renames them into place. If both -renames do not fully complete the database will probably be -inconsistent and everything should stop working until an administrator -can clean it up. - -\begin{verbatim} -osa_adb_ret_t osa_adb_release_lock(osa_adb_T_t db) -\end{verbatim} - -Releases a shared, exclusive, or permanent lock acquired with -osa_adb_get_lock, or just decrements the reference count if multiple -locks are held. When a permanent lock is released, the lock file is -re-created. - -All of a process' shared or exclusive database locks are released when -the process terminates. A permanent lock is {\it not} released when -the process exits (although the exclusive lock it begins with -obviously is). - -\begin{verbatim} -osa_adb_ret_t -osa_adb_create_T(osa_adb_T_t db, osa_T_ent_t entry); -\end{verbatim} -% -Adds the entry to the database. All fields are defined. Returns -OSA_ADB_DUP if it already exists. - -\begin{verbatim} -osa_adb_ret_t -osa_adb_destroy_T(osa_adb_T_t db, osa_T_t name); -\end{verbatim} - -Removes the named entry from the database. Returns OSA_ADB_NOENT if -it does not exist. - -\begin{verbatim} -osa_adb_ret_t -osa_adb_get_T(osa_adb_T_t db, osa_T_t name, - osa_princ_ent_t *entry); -\end{verbatim} - -Looks up the named entry in the db, and returns it in *entry in -allocated storage that must be freed with osa_adb_free_T. Returns -OSA_ADB_NOENT if name does not exist, OSA_ADB_MEM if memory cannot be -allocated. - -\begin{verbatim} -osa_adb_ret_t -osadb_adb_put_T(osa_adb_T_t db, osa_T_ent_t entry); -\end{verbatim} - -Modifies the existing entry named in entry. All fields must be filled -in. Returns OSA_DB_NOENT if the named entry does not exist. Note -that this cannot be used to rename an entry; rename is implemented by -deleting the old name and creating the new one (NOT ATOMIC!). - -\begin{verbatim} -void osa_adb_free_T(osa_T_ent_t); -\end{verbatim} - -Frees the memory associated with an osa_T_ent_t allocated by -osa_adb_get_T. - -\begin{verbatim} -typedef osa_adb_ret_t (*osa_adb_iter_T_func)(void *data, - osa_T_ent_t entry); - -osa_adb_ret_t osa_adb_iter_T(osa_adb_T_t db, osa_adb_iter_T_func func, - void *data); -\end{verbatim} - -Iterates over every entry in the database. For each entry ent in the -database db, the function (*func)(data, ent) is called. If func -returns an error code, osa_adb_iter_T returns an error code. If all -invocations of func return OSA_ADB_OK, osa_adb_iter_T returns -OSA_ADB_OK. The function func is permitted to access the database, -but the consequences of modifying the database during the iteration -are undefined. - -\subsection{Kerberos Database} - -Kerberos uses the libkdb interface to store krb5_db_entry records. It -can be accessed and modified in parallel with the Kerberos server, -using functions that are defined inside the KDC and the libkdb.a. The -libkdb interface is defined in the libkdb functional specifications. - -\subsubsection{Initialization and Key Access} - -Keys stored in the Kerberos database are encrypted in the Kerberos -master key. The admin server will therefore have to acquire the key -before it can perform any key-changing operations, and will have to -decrypt and encrypt the keys retrieved from and placed into the -database via krb5_db_get_principal and _put_principal. This section -describes the internal admin server API that will be used to perform -these functions. - -\begin{verbatim} -krb5_principal master_princ; -krb5_encrypt_block master_encblock; -krb5_keyblock master_keyblock; - -void kdc_init_master() -\end{verbatim} - -kdc_init_master opens the database and acquires the master key. It -also sets the global variables master_princ, master_encblock, and -master_keyblock: - -\begin{itemize} -\item master_princ is set to the name of the Kerberos master principal -(\v{K/M@REALM}). - -\item master_encblock is something I have no idea about. - -\item master_keyblock is the Kerberos master key -\end{itemize} - -\begin{verbatim} -krb5_error_code kdb_get_entry_and_key(krb5_principal principal, - krb5_db_entry *entry, - krb5_keyblock *key) -\end{verbatim} - -kdb_get_entry_and_key retrieves the named principal's entry from the -database in entry, and decrypts its key into key. The caller must -free entry with krb5_dbm_db_free_principal and free key-$>$contents with -free.\footnote{The caller should also \v{memset(key-$>$contents, 0, -key-$>$length)}. There should be a function krb5_free_keyblock_contents -for this, but there is not.} - -\begin{verbatim} -krb5_error_code kdb_put_entry_pw(krb5_db_entry *entry, char *pw) -\end{verbatim} - -kdb_put_entry_pw stores entry in the database. All the entry values -must already be set; this function does not change any of them except -the key. pw, the NULL-terminated password string, is converted to a -key using string-to-key with the salt type specified in -entry-$>$salt_type.\footnote{The salt_type should be set based on the -command line arguments to the kadmin server (see the ``Command Line'' -section of the functional specification).} - -\section{Admin Principal and Policy Database Implementation} - -The admin principal and policy databases will each be stored in a -single hash table, implemented by the Berkeley 4.4BSD db library. -Each record will consist of an entire osa_T_ent_t. The key into the -hash table is the entry name (for principals, the ASCII representation -of the name). The value is the T entry structure. Since the key and -data must be self-contained, with no pointers, the Sun xdr mechanisms -will be used to marshal and unmarshal data in the database. - -The server in the first release will be single-threaded in that a -request will run to completion (or error) before the next will run, -but multiple connections will be allowed simultaneously. - -\section{ACLs, acl_check} - -The ACL mechanism described in the ``Authorization ACLs'' section of -the functional specifications will be implemented by the acl_check -function. - -\begin{verbatim} -enum access_t { - ACCESS_DENIED = 0, - ACCESS_OK = 1, -}; - -enum access_t acl_check(krb5_principal princ, char *priv); -\end{verbatim} - -The priv argument must be one of ``get'', ``add'', ``delete'', or -``modify''. acl_check returns 1 if the principal princ has the named -privilege, 0 if it does not. - -\section{Function Details} - -This section discusses specific design issues for Admin API functions -that are not addressed by the functional specifications. - -\subsection{kadm5_create_principal} - -If the named principal exists in either the Kerberos or admin -principal database, but not both, return KADM5_BAD_DB. - -The principal's initial key is not stored in the key history array at -creation time. - -\subsection{kadm5_delete_principal} - -If the named principal exists in either the Kerberos or admin -principal database, but not both, return KADM5_BAD_DB. - -\subsection{kadm5_modify_principal} - -If the named principal exists in either the Kerberos or admin -principal database, but not both, return KADM5_BAD_DB. - -If pw_history_num changes and the new value $n$ is smaller than the -current value of num_old_keys, old_keys should end up with the $n$ -most recent keys; these are found by counting backwards $n$ elements -in old_keys from old_key_next. old_key_nexts should then be reset to -0, the oldest of the saved keys, and num_old_keys set to $n$, the -new actual number of old keys in the array. - -\subsection{kadm5_chpass_principal, randkey_principal} - -The algorithm for determining whether a password is in the principal's -key history is complicated by the use of the kadmin/history \k{h} -encrypting key. - -\begin{enumerate} -\item For kadm5_chpass_principal, convert the password to a key -using string-to-key and the salt method specified by the command line -arguments. - -\item If the POLICY bit is set and pw_history_num is not zero, check -if the new key is in the history. -\begin{enumerate} -\item Retrieve the principal's current key and decrypt it with \k{M}. -If it is the same as the new key, return KADM5_PASS_REUSE. -\item Retrieve the kadmin/history key \k{h} and decrypt it with \k{M}. -\item Encrypt the principal's new key in \k{h}. -\item If the principal's new key encrypted in \k{h} is in old_keys, -return KADM5_PASS_REUSE. -\item Encrypt the principal's current key in \k{h} and store it in -old_keys. -\item Erase the memory containing \k{h}. -\end{enumerate} - -\item Encrypt the principal's new key in \k{M} and store it in the -database. -\item Erase the memory containing \k{M}. -\end{enumerate} - -To store the an encrypted key in old_keys, insert it as the -old_key_next element of old_keys, and increment old_key_next by one -modulo pw_history_num. - -\subsection{kadm5_get_principal} - -If the named principal exists in either the Kerberos or admin -principal database, but not both, return KADM5_BAD_DB. - -\end{document} diff --git a/krb5-1.21.3/doc/kadm5/fullpage.sty b/krb5-1.21.3/doc/kadm5/fullpage.sty deleted file mode 100644 index d5a2bf5b..00000000 --- a/krb5-1.21.3/doc/kadm5/fullpage.sty +++ /dev/null @@ -1,9 +0,0 @@ -\marginparwidth 0pt -\oddsidemargin 0pt -\evensidemargin 0pt -\marginparsep 0pt - -\topmargin 0pt - -\textwidth 6.5in -\textheight 8.5 in diff --git a/krb5-1.21.3/doc/mitK5defaults.rst b/krb5-1.21.3/doc/mitK5defaults.rst deleted file mode 100644 index aea7af3d..00000000 --- a/krb5-1.21.3/doc/mitK5defaults.rst +++ /dev/null @@ -1,79 +0,0 @@ -.. _mitK5defaults: - -MIT Kerberos defaults -===================== - -General defaults ----------------- - -========================================== ============================= ==================== -Description Default Environment -========================================== ============================= ==================== -:ref:`keytab_definition` file |keytab| **KRB5_KTNAME** -Client :ref:`keytab_definition` file |ckeytab| **KRB5_CLIENT_KTNAME** -Kerberos config file :ref:`krb5.conf(5)` |krb5conf|\ ``:``\ **KRB5_CONFIG** - |sysconfdir|\ ``/krb5.conf`` -KDC config file :ref:`kdc.conf(5)` |kdcdir|\ ``/kdc.conf`` **KRB5_KDC_PROFILE** -GSS mechanism config file |sysconfdir|\ ``/gss/mech`` **GSS_MECH_CONFIG** -KDC database path (DB2) |kdcdir|\ ``/principal`` -Master key :ref:`stash_definition` |kdcdir|\ ``/.k5.``\ *realm* -Admin server ACL file :ref:`kadm5.acl(5)` |kdcdir|\ ``/kadm5.acl`` -OTP socket directory |kdcrundir| -Plugin base directory |libdir|\ ``/krb5/plugins`` -:ref:`rcache_definition` directory ``/var/tmp`` **KRB5RCACHEDIR** -Master key default enctype |defmkey| -Default :ref:`keysalt list` |defkeysalts| -Permitted enctypes |defetypes| -KDC default port 88 -Admin server port 749 -Password change port 464 -========================================== ============================= ==================== - - -Replica KDC propagation defaults --------------------------------- - -This table shows defaults used by the :ref:`kprop(8)` and -:ref:`kpropd(8)` programs. - -========================== ================================ =========== -Description Default Environment -========================== ================================ =========== -kprop database dump file |kdcdir|\ ``/replica_datatrans`` -kpropd temporary dump file |kdcdir|\ ``/from_master`` -kdb5_util location |sbindir|\ ``/kdb5_util`` -kprop location |sbindir|\ ``/kprop`` -kpropd ACL file |kdcdir|\ ``/kpropd.acl`` -kprop port 754 KPROP_PORT -========================== ================================ =========== - - -.. _paths: - -Default paths for Unix-like systems ------------------------------------ - -On Unix-like systems, some paths used by MIT krb5 depend on parameters -chosen at build time. For a custom build, these paths default to -subdirectories of ``/usr/local``. When MIT krb5 is integrated into an -operating system, the paths are generally chosen to match the -operating system's filesystem layout. - -========================== ============== =========================== =========================== -Description Symbolic name Custom build path Typical OS path -========================== ============== =========================== =========================== -User programs BINDIR ``/usr/local/bin`` ``/usr/bin`` -Libraries and plugins LIBDIR ``/usr/local/lib`` ``/usr/lib`` -Parent of KDC state dir LOCALSTATEDIR ``/usr/local/var`` ``/var`` -Parent of KDC runtime dir RUNSTATEDIR ``/usr/local/var/run`` ``/run`` -Administrative programs SBINDIR ``/usr/local/sbin`` ``/usr/sbin`` -Alternate krb5.conf dir SYSCONFDIR ``/usr/local/etc`` ``/etc`` -Default ccache name DEFCCNAME ``FILE:/tmp/krb5cc_%{uid}`` ``FILE:/tmp/krb5cc_%{uid}`` -Default keytab name DEFKTNAME ``FILE:/etc/krb5.keytab`` ``FILE:/etc/krb5.keytab`` -Default PKCS11 module PKCS11_MODNAME ``opensc-pkcs11.so`` ``opensc-pkcs11.so`` -========================== ============== =========================== =========================== - -The default client keytab name (DEFCKTNAME) typically defaults to -``FILE:/usr/local/var/krb5/user/%{euid}/client.keytab`` for a custom -build. A native build will typically use a path which will vary -according to the operating system's layout of ``/var``. diff --git a/krb5-1.21.3/doc/mitK5features.rst b/krb5-1.21.3/doc/mitK5features.rst deleted file mode 100644 index 10effcf1..00000000 --- a/krb5-1.21.3/doc/mitK5features.rst +++ /dev/null @@ -1,699 +0,0 @@ -.. highlight:: rst - -.. toctree:: - :hidden: - - mitK5license.rst - -.. _mitK5features: - -MIT Kerberos features -===================== - -https://web.mit.edu/kerberos - - -Quick facts ------------ - -License - :ref:`mitK5license` - -Releases: - - Latest stable: https://web.mit.edu/kerberos/krb5-1.20/ - - Supported: https://web.mit.edu/kerberos/krb5-1.19/ - - Release cycle: approximately 12 months - -Supported platforms \/ OS distributions: - - Windows (KfW 4.0): Windows 7, Vista, XP - - Solaris: SPARC, x86_64/x86 - - GNU/Linux: Debian x86_64/x86, Ubuntu x86_64/x86, RedHat x86_64/x86 - - BSD: NetBSD x86_64/x86 - -Crypto backends: - - builtin - MIT Kerberos native crypto library - - OpenSSL (1.0\+) - https://www.openssl.org - -Database backends: LDAP, DB2, LMDB - -krb4 support: Kerberos 5 release < 1.8 - -DES support: Kerberos 5 release < 1.18 (See :ref:`retiring-des`) - -Interoperability ----------------- - -`Microsoft` - -Starting from release 1.7: - -* Follow client principal referrals in the client library when - obtaining initial tickets. - -* KDC can issue realm referrals for service principals based on domain names. - -* Extensions supporting DCE RPC, including three-leg GSS context setup - and unencapsulated GSS tokens inside SPNEGO. - -* Microsoft GSS_WrapEX, implemented using the gss_iov API, which is - similar to the equivalent SSPI functionality. This is needed to - support some instances of DCE RPC. - -* NTLM recognition support in GSS-API, to facilitate dropping in an - NTLM implementation for improved compatibility with older releases - of Microsoft Windows. - -* KDC support for principal aliases, if the back end supports them. - Currently, only the LDAP back end supports aliases. - -* Support Microsoft set/change password (:rfc:`3244`) protocol in - kadmind. - -* Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which - allows a GSS application to request credential delegation only if - permitted by KDC policy. - - -Starting from release 1.8: - -* Microsoft Services for User (S4U) compatibility - - -`Heimdal` - -* Support for KCM credential cache starting from release 1.13 - -Feature list ------------- - -For more information on the specific project see https://k5wiki.kerberos.org/wiki/Projects - -Release 1.7 - - Credentials delegation :rfc:`5896` - - Cross-realm authentication and referrals :rfc:`6806` - - Master key migration - - PKINIT :rfc:`4556` :ref:`pkinit` - -Release 1.8 - - Anonymous PKINIT :rfc:`6112` :ref:`anonymous_pkinit` - - Constrained delegation - - IAKERB https://tools.ietf.org/html/draft-ietf-krb-wg-iakerb-02 - - Heimdal bridge plugin for KDC backend - - GSS-API S4U extensions https://msdn.microsoft.com/en-us/library/cc246071 - - GSS-API naming extensions :rfc:`6680` - - GSS-API extensions for storing delegated credentials :rfc:`5588` - -Release 1.9 - - Advance warning on password expiry - - Camellia encryption (CTS-CMAC mode) :rfc:`6803` - - KDC support for SecurID preauthentication - - kadmin over IPv6 - - Trace logging :ref:`trace_logging` - - GSSAPI/KRB5 multi-realm support - - Plugin to test password quality :ref:`pwqual_plugin` - - Plugin to synchronize password changes :ref:`kadm5_hook_plugin` - - Parallel KDC - - GSS-API extensions for SASL GS2 bridge :rfc:`5801` :rfc:`5587` - - Purging old keys - - Naming extensions for delegation chain - - Password expiration API - - Windows client support (build-only) - - IPv6 support in iprop - -Release 1.10 - - Plugin interface for configuration :ref:`profile_plugin` - - Credentials for multiple identities :ref:`ccselect_plugin` - -Release 1.11 - - Client support for FAST OTP :rfc:`6560` - - GSS-API extensions for credential locations - - Responder mechanism - -Release 1.12 - - Plugin to control krb5_aname_to_localname and krb5_kuserok behavior :ref:`localauth_plugin` - - Plugin to control hostname-to-realm mappings and the default realm :ref:`hostrealm_plugin` - - GSSAPI extensions for constructing MIC tokens using IOV lists :ref:`gssapi_mic_token` - - Principal may refer to nonexistent policies `Policy Refcount project `_ - - Support for having no long-term keys for a principal `Principals Without Keys project `_ - - Collection support to the KEYRING credential cache type on Linux :ref:`ccache_definition` - - FAST OTP preauthentication module for the KDC which uses RADIUS to validate OTP token values :ref:`otp_preauth` - - Experimental Audit plugin for KDC processing `Audit project `_ - -Release 1.13 - - - Add support for accessing KDCs via an HTTPS proxy server using - the `MS-KKDCP - `_ - protocol. - - Add support for `hierarchical incremental propagation - `_, - where replicas can act as intermediates between an upstream primary - and other downstream replicas. - - Add support for configuring GSS mechanisms using - ``/etc/gss/mech.d/*.conf`` files in addition to - ``/etc/gss/mech``. - - Add support to the LDAP KDB module for `binding to the LDAP - server using SASL - `_. - - The KDC listens for TCP connections by default. - - Fix a minor key disclosure vulnerability where using the - "keepold" option to the kadmin randkey operation could return the - old keys. `[CVE-2014-5351] - `_ - - Add client support for the Kerberos Cache Manager protocol. If - the host is running a Heimdal kcm daemon, caches served by the - daemon can be accessed with the KCM: cache type. - - When built on macOS 10.7 and higher, use "KCM:" as the default - cachetype, unless overridden by command-line options or - krb5-config values. - - Add support for doing unlocked database dumps for the DB2 KDC - back end, which would allow the KDC and kadmind to continue - accessing the database during lengthy database dumps. - -Release 1.14 - - * Administrator experience - - - Add a new kdb5_util tabdump command to provide reporting-friendly - tabular dump formats (tab-separated or CSV) for the KDC database. - Unlike the normal dump format, each output table has a fixed number - of fields. Some tables include human-readable forms of data that - are opaque in ordinary dump files. This format is also suitable for - importing into relational databases for complex queries. - - Add support to kadmin and kadmin.local for specifying a single - command line following any global options, where the command - arguments are split by the shell--for example, "kadmin getprinc - principalname". Commands issued this way do not prompt for - confirmation or display warning messages, and exit with non-zero - status if the operation fails. - - Accept the same principal flag names in kadmin as we do for the - default_principal_flags kdc.conf variable, and vice versa. Also - accept flag specifiers in the form that kadmin prints, as well as - hexadecimal numbers. - - Remove the triple-DES and RC4 encryption types from the default - value of supported_enctypes, which determines the default key and - salt types for new password-derived keys. By default, keys will - only created only for AES128 and AES256. This mitigates some types - of password guessing attacks. - - Add support for directory names in the KRB5_CONFIG and - KRB5_KDC_PROFILE environment variables. - - Add support for authentication indicators, which are ticket - annotations to indicate the strength of the initial authentication. - Add support for the "require_auth" string attribute, which can be - set on server principal entries to require an indicator when - authenticating to the server. - - Add support for key version numbers larger than 255 in keytab files, - and for version numbers up to 65535 in KDC databases. - - Transmit only one ETYPE-INFO and/or ETYPE-INFO2 entry from the KDC - during pre-authentication, corresponding to the client's most - preferred encryption type. - - Add support for server name identification (SNI) when proxying KDC - requests over HTTPS. - - Add support for the err_fmt profile parameter, which can be used to - generate custom-formatted error messages. - - * Developer experience: - - - Change gss_acquire_cred_with_password() to acquire credentials into - a private memory credential cache. Applications can use - gss_store_cred() to make the resulting credentials visible to other - processes. - - Change gss_acquire_cred() and SPNEGO not to acquire credentials for - IAKERB or for non-standard variants of the krb5 mechanism OID unless - explicitly requested. (SPNEGO will still accept the Microsoft - variant of the krb5 mechanism OID during negotiation.) - - Change gss_accept_sec_context() not to accept tokens for IAKERB or - for non-standard variants of the krb5 mechanism OID unless an - acceptor credential is acquired for those mechanisms. - - Change gss_acquire_cred() to immediately resolve credentials if the - time_rec parameter is not NULL, so that a correct expiration time - can be returned. Normally credential resolution is delayed until - the target name is known. - - Add krb5_prepend_error_message() and krb5_wrap_error_message() APIs, - which can be used by plugin modules or applications to add prefixes - to existing detailed error messages. - - Add krb5_c_prfplus() and krb5_c_derive_prfplus() APIs, which - implement the RFC 6113 PRF+ operation and key derivation using PRF+. - - Add support for pre-authentication mechanisms which use multiple - round trips, using the the KDC_ERR_MORE_PREAUTH_DATA_REQUIRED error - code. Add get_cookie() and set_cookie() callbacks to the kdcpreauth - interface; these callbacks can be used to save marshalled state - information in an encrypted cookie for the next request. - - Add a client_key() callback to the kdcpreauth interface to retrieve - the chosen client key, corresponding to the ETYPE-INFO2 entry sent - by the KDC. - - Add an add_auth_indicator() callback to the kdcpreauth interface, - allowing pre-authentication modules to assert authentication - indicators. - - Add support for the GSS_KRB5_CRED_NO_CI_FLAGS_X cred option to - suppress sending the confidentiality and integrity flags in GSS - initiator tokens unless they are requested by the caller. These - flags control the negotiated SASL security layer for the Microsoft - GSS-SPNEGO SASL mechanism. - - Make the FILE credential cache implementation less prone to - corruption issues in multi-threaded programs, especially on - platforms with support for open file description locks. - - * Performance: - - - On replica KDCs, poll the primary KDC immediately after - processing a full resync, and do not require two full resyncs - after the primary KDC's log file is reset. - -Release 1.15 - -* Administrator experience: - - - Add support to kadmin for remote extraction of current keys - without changing them (requires a special kadmin permission that - is excluded from the wildcard permission), with the exception of - highly protected keys. - - - Add a lockdown_keys principal attribute to prevent retrieval of - the principal's keys (old or new) via the kadmin protocol. In - newly created databases, this attribute is set on the krbtgt and - kadmin principals. - - - Restore recursive dump capability for DB2 back end, so sites can - more easily recover from database corruption resulting from power - failure events. - - - Add DNS auto-discovery of KDC and kpasswd servers from URI - records, in addition to SRV records. URI records can convey TCP - and UDP servers and primary KDC status in a single DNS lookup, and - can also point to HTTPS proxy servers. - - - Add support for password history to the LDAP back end. - - - Add support for principal renaming to the LDAP back end. - - - Use the getrandom system call on supported Linux kernels to avoid - blocking problems when getting entropy from the operating system. - -* Code quality: - - - Clean up numerous compilation warnings. - - - Remove various infrequently built modules, including some preauth - modules that were not built by default. - -* Developer experience: - - - Add support for building with OpenSSL 1.1. - - - Use SHA-256 instead of MD5 for (non-cryptographic) hashing of - authenticators in the replay cache. This helps sites that must - build with FIPS 140 conformant libraries that lack MD5. - -* Protocol evolution: - - - Add support for the AES-SHA2 enctypes, which allows sites to - conform to Suite B crypto requirements. - -Release 1.16 - -* Administrator experience: - - - The KDC can match PKINIT client certificates against the - "pkinit_cert_match" string attribute on the client principal - entry, using the same syntax as the existing "pkinit_cert_match" - profile option. - - - The ktutil addent command supports the "-k 0" option to ignore the - key version, and the "-s" option to use a non-default salt string. - - - kpropd supports a --pid-file option to write a pid file at - startup, when it is run in standalone mode. - - - The "encrypted_challenge_indicator" realm option can be used to - attach an authentication indicator to tickets obtained using FAST - encrypted challenge pre-authentication. - - - Localization support can be disabled at build time with the - --disable-nls configure option. - -* Developer experience: - - - The kdcpolicy pluggable interface allows modules control whether - tickets are issued by the KDC. - - - The kadm5_auth pluggable interface allows modules to control - whether kadmind grants access to a kadmin request. - - - The certauth pluggable interface allows modules to control which - PKINIT client certificates can authenticate to which client - principals. - - - KDB modules can use the client and KDC interface IP addresses to - determine whether to allow an AS request. - - - GSS applications can query the bit strength of a krb5 GSS context - using the GSS_C_SEC_CONTEXT_SASL_SSF OID with - gss_inquire_sec_context_by_oid(). - - - GSS applications can query the impersonator name of a krb5 GSS - credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with - gss_inquire_cred_by_oid(). - - - kdcpreauth modules can query the KDC for the canonicalized - requested client principal name, or match a principal name against - the requested client principal name with canonicalization. - -* Protocol evolution: - - - The client library will continue to try pre-authentication - mechanisms after most failure conditions. - - - The KDC will issue trivially renewable tickets (where the - renewable lifetime is equal to or less than the ticket lifetime) - if requested by the client, to be friendlier to scripts. - - - The client library will use a random nonce for TGS requests - instead of the current system time. - - - For the RC4 string-to-key or PAC operations, UTF-16 is supported - (previously only UCS-2 was supported). - - - When matching PKINIT client certificates, UPN SANs will be matched - correctly as UPNs, with canonicalization. - -* User experience: - - - Dates after the year 2038 are accepted (provided that the platform - time facilities support them), through the year 2106. - - - Automatic credential cache selection based on the client realm - will take into account the fallback realm and the service - hostname. - - - Referral and alternate cross-realm TGTs will not be cached, - avoiding some scenarios where they can be added to the credential - cache multiple times. - - - A German translation has been added. - -* Code quality: - - - The build is warning-clean under clang with the configured warning - options. - - - The automated test suite runs cleanly under AddressSanitizer. - -Release 1.17 - -* Administrator experience: - - - A new Kerberos database module using the Lightning Memory-Mapped - Database library (LMDB) has been added. The LMDB KDB module - should be more performant and more robust than the DB2 module, and - may become the default module for new databases in a future - release. - - - "kdb5_util dump" will no longer dump policy entries when specific - principal names are requested. - -* Developer experience: - - - The new krb5_get_etype_info() API can be used to retrieve enctype, - salt, and string-to-key parameters from the KDC for a client - principal. - - - The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise - principal names to be used with GSS-API functions. - - - KDC and kadmind modules which call com_err() will now write to the - log file in a format more consistent with other log messages. - - - Programs which use large numbers of memory credential caches - should perform better. - -* Protocol evolution: - - - The SPAKE pre-authentication mechanism is now supported. This - mechanism protects against password dictionary attacks without - requiring any additional infrastructure such as certificates. - SPAKE is enabled by default on clients, but must be manually - enabled on the KDC for this release. - - - PKINIT freshness tokens are now supported. Freshness tokens can - protect against scenarios where an attacker uses temporary access - to a smart card to generate authentication requests for the - future. - - - Password change operations now prefer TCP over UDP, to avoid - spurious error messages about replays when a response packet is - dropped. - - - The KDC now supports cross-realm S4U2Self requests when used with - a third-party KDB module such as Samba's. The client code for - cross-realm S4U2Self requests is also now more robust. - -* User experience: - - - The new ktutil addent -f flag can be used to fetch salt - information from the KDC for password-based keys. - - - The new kdestroy -p option can be used to destroy a credential - cache within a collection by client principal name. - - - The Kerberos man page has been restored, and documents the - environment variables that affect programs using the Kerberos - library. - -* Code quality: - - - Python test scripts now use Python 3. - - - Python test scripts now display markers in verbose output, making - it easier to find where a failure occurred within the scripts. - - - The Windows build system has been simplified and updated to work - with more recent versions of Visual Studio. A large volume of - unused Windows-specific code has been removed. Visual Studio 2013 - or later is now required. - -Release 1.18 - -* Administrator experience: - - - Remove support for single-DES encryption types. - - - Change the replay cache format to be more efficient and robust. - Replay cache filenames using the new format end with ``.rcache2`` - by default. - - - setuid programs will automatically ignore environment variables - that normally affect krb5 API functions, even if the caller does - not use krb5_init_secure_context(). - - - Add an ``enforce_ok_as_delegate`` krb5.conf relation to disable - credential forwarding during GSSAPI authentication unless the KDC - sets the ok-as-delegate bit in the service ticket. - -* Developer experience: - - - Implement krb5_cc_remove_cred() for all credential cache types. - - - Add the krb5_pac_get_client_info() API to get the client account - name from a PAC. - -* Protocol evolution: - - - Add KDC support for S4U2Self requests where the user is identified - by X.509 certificate. (Requires support for certificate lookup - from a third-party KDB module.) - - - Remove support for an old ("draft 9") variant of PKINIT. - - - Add support for Microsoft NegoEx. (Requires one or more - third-party GSS modules implementing NegoEx mechanisms.) - -* User experience: - - - Add support for ``dns_canonicalize_hostname=fallback``, causing - host-based principal names to be tried first without DNS - canonicalization, and again with DNS canonicalization if the - un-canonicalized server is not found. - - - Expand single-component hostnames in hhost-based principal names - when DNS canonicalization is not used, adding the system's first - DNS search path as a suffix. Add a ``qualify_shortname`` - krb5.conf relation to override this suffix or disable expansion. - -* Code quality: - - - The libkrb5 serialization code (used to export and import krb5 GSS - security contexts) has been simplified and made type-safe. - - - The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED - messages has been revised to conform to current coding practices. - - - The test suite has been modified to work with macOS System - Integrity Protection enabled. - - - The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 - support can always be tested. - -Release 1.19 - -* Administrator experience: - - - When a client keytab is present, the GSSAPI krb5 mech will refresh - credentials even if the current credentials were acquired - manually. - - - It is now harder to accidentally delete the K/M entry from a KDB. - -* Developer experience: - - - gss_acquire_cred_from() now supports the "password" and "verify" - options, allowing credentials to be acquired via password and - verified using a keytab key. - - - When an application accepts a GSS security context, the new - GSS_C_CHANNEL_BOUND_FLAG will be set if the initiator and acceptor - both provided matching channel bindings. - - - Added the GSS_KRB5_NT_X509_CERT name type, allowing S4U2Self - requests to identify the desired client principal by certificate. - - - PKINIT certauth modules can now cause the hw-authent flag to be - set in issued tickets. - - - The krb5_init_creds_step() API will now issue the same password - expiration warnings as krb5_get_init_creds_password(). - -* Protocol evolution: - - - Added client and KDC support for Microsoft's Resource-Based - Constrained Delegation, which allows cross-realm S4U2Proxy - requests. A third-party database module is required for KDC - support. - - - kadmin/admin is now the preferred server principal name for kadmin - connections, and the host-based form is no longer created by - default. The client will still try the host-based form as a - fallback. - - - Added client and server support for Microsoft's - KERB_AP_OPTIONS_CBT extension, which causes channel bindings to be - required for the initiator if the acceptor provided them. The - client will send this option if the client_aware_gss_bindings - profile option is set. - -User experience: - - - The default setting of dns_canonicalize_realm is now "fallback". - Hostnames provided from applications will be tried in principal - names as given (possibly with shortname qualification), falling - back to the canonicalized name. - - - kinit will now issue a warning if the des3-cbc-sha1 encryption - type is used in the reply. This encryption type will be - deprecated and removed in future releases. - - - Added kvno flags --out-cache, --no-store, and --cached-only - (inspired by Heimdal's kgetcred). - -Release 1.20 - -* Administrator experience: - - - Added a "disable_pac" realm relation to suppress adding PAC - authdata to tickets, for realms which do not need to support S4U - requests. - - - Most credential cache types will use atomic replacement when a - cache is reinitialized using kinit or refreshed from the client - keytab. - - - kprop can now propagate databases with a dump size larger than - 4GB, if both the client and server are upgraded. - - - kprop can now work over NATs that change the destination IP - address, if the client is upgraded. - -* Developer experience: - - - Updated the KDB interface. The sign_authdata() method is replaced - with the issue_pac() method, allowing KDB modules to add logon - info and other buffers to the PAC issued by the KDC. - - - Host-based initiator names are better supported in the GSS krb5 - mechanism. - -* Protocol evolution: - - - Replaced AD-SIGNEDPATH authdata with minimal PACs. - - - To avoid spurious replay errors, password change requests will not - be attempted over UDP until the attempt over TCP fails. - - - PKINIT will sign its CMS messages with SHA-256 instead of SHA-1. - -* Code quality: - - - Updated all code using OpenSSL to be compatible with OpenSSL 3. - - - Reorganized the libk5crypto build system to allow the OpenSSL - back-end to pull in material from the builtin back-end depending - on the OpenSSL version. - - - Simplified the PRNG logic to always use the platform PRNG. - - - Converted the remaining Tcl tests to Python. - -Release 1.21 - -* User experience: - - - Added a credential cache type providing compatibility with the - macOS 11 native credential cache. - -* Developer experience: - - - libkadm5 will use the provided krb5_context object to read - configuration values, instead of creating its own. - - - Added an interface to retrieve the ticket session key from a GSS - context. - -* Protocol evolution: - - - The KDC will no longer issue tickets with RC4 or triple-DES - session keys unless explicitly configured with the new allow_rc4 - or allow_des3 variables respectively. - - - The KDC will assume that all services can handle aes256-sha1 - session keys unless the service principal has a session_enctypes - string attribute. - - - Support for PAC full KDC checksums has been added to mitigate an - S4U2Proxy privilege escalation attack. - - - The PKINIT client will advertise a more modern set of supported - CMS algorithms. - -* Code quality: - - - Removed unused code in libkrb5, libkrb5support, and the PKINIT - module. - - - Modernized the KDC code for processing TGS requests, the code for - encrypting and decrypting key data, the PAC handling code, and the - GSS library packet parsing and composition code. - - - Improved the test framework's detection of memory errors in daemon - processes when used with asan. - -`Pre-authentication mechanisms` - -- PW-SALT :rfc:`4120#section-5.2.7.3` -- ENC-TIMESTAMP :rfc:`4120#section-5.2.7.2` -- SAM-2 -- FAST negotiation framework (release 1.8) :rfc:`6113` -- PKINIT with FAST on client (release 1.10) :rfc:`6113` -- PKINIT :rfc:`4556` -- FX-COOKIE :rfc:`6113#section-5.2` -- S4U-X509-USER (release 1.8) https://msdn.microsoft.com/en-us/library/cc246091 -- OTP (release 1.12) :ref:`otp_preauth` -- SPAKE (release 1.17) :ref:`spake` diff --git a/krb5-1.21.3/doc/mitK5license.rst b/krb5-1.21.3/doc/mitK5license.rst deleted file mode 100644 index e23edbfb..00000000 --- a/krb5-1.21.3/doc/mitK5license.rst +++ /dev/null @@ -1,11 +0,0 @@ -.. _mitK5license: - -MIT Kerberos License information -================================ - -.. toctree:: - :hidden: - - copyright.rst - -.. include:: notice.rst diff --git a/krb5-1.21.3/doc/notice.rst b/krb5-1.21.3/doc/notice.rst deleted file mode 100644 index 498e287d..00000000 --- a/krb5-1.21.3/doc/notice.rst +++ /dev/null @@ -1,1271 +0,0 @@ -Copyright |copy| 1985-2024 by the Massachusetts Institute of Technology. - -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -* Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. -* Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -Downloading of this software may constitute an export of cryptographic -software from the United States of America that is subject to the -United States Export Administration Regulations (EAR), 15 CFR 730-774. -Additional laws or regulations may apply. It is the responsibility of -the person or entity contemplating export to comply with all -applicable export laws and regulations, including obtaining any -required license from the U.S. government. - -The U.S. government prohibits export of encryption source code to -certain countries and individuals, including, but not limited to, the -countries of Cuba, Iran, North Korea, Sudan, Syria, and residents and -nationals of those countries. - -Documentation components of this software distribution are licensed -under a Creative Commons Attribution-ShareAlike 3.0 Unported License. -(https://creativecommons.org/licenses/by-sa/3.0/) - -Individual source code files are copyright MIT, Cygnus Support, -Novell, OpenVision Technologies, Oracle, Red Hat, Sun Microsystems, -FundsXpress, and others. - -Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, -and Zephyr are trademarks of the Massachusetts Institute of Technology -(MIT). No commercial use of these trademarks may be made without -prior written permission of MIT. - -"Commercial use" means use of a name in a product or other for-profit -manner. It does NOT prevent a commercial firm from referring to the -MIT trademarks in order to convey information (although in doing so, -recognition of their trademark status should be given). - -------------------- - -The following copyright and permission notice applies to the -OpenVision Kerberos Administration system located in -``kadmin/create``, ``kadmin/dbutil``, ``kadmin/passwd``, -``kadmin/server``, ``lib/kadm5``, and portions of -``lib/rpc``: - - Copyright, OpenVision Technologies, Inc., 1993-1996, All Rights Reserved - - WARNING: Retrieving the OpenVision Kerberos Administration system source - code, as described below, indicates your acceptance of the following - terms. If you do not agree to the following terms, do not retrieve the - OpenVision Kerberos administration system. - - You may freely use and distribute the Source Code and Object Code - compiled from it, with or without modification, but this Source Code is - provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT - LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A - PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED. - IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS, - LOSS OF DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR - FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS - AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE - OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR - ANY OTHER REASON. - - OpenVision retains all copyrights in the donated Source Code. OpenVision - also retains copyright to derivative works of the Source Code, whether - created by OpenVision or by a third party. The OpenVision copyright - notice must be preserved if derivative works are made based on the - donated Source Code. - - OpenVision Technologies, Inc. has donated this Kerberos Administration - system to MIT for inclusion in the standard Kerberos 5 distribution. - This donation underscores our commitment to continuing Kerberos - technology development and our gratitude for the valuable work which has - been performed by MIT and the Kerberos community. - -------------------- - - Portions contributed by Matt Crawford ``crawdad@fnal.gov`` were work - performed at Fermi National Accelerator Laboratory, which is operated - by Universities Research Association, Inc., under contract - DE-AC02-76CHO3000 with the U.S. Department of Energy. - -------------------- - -Portions of ``src/lib/crypto`` have the following copyright: - - Copyright |copy| 1998 by the FundsXpress, INC. - - All rights reserved. - - Export of this software from the United States of America may require - a specific license from the United States Government. It is the - responsibility of any person or organization contemplating export to - obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of FundsXpress. not be used in advertising or publicity pertaining - to distribution of the software without specific, written prior - permission. FundsXpress makes no representations about the suitability of - this software for any purpose. It is provided "as is" without express - or implied warranty. - - THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR - IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - -------------------- - -The implementation of the AES encryption algorithm in -``src/lib/crypto/builtin/aes`` has the following copyright: - - | Copyright |copy| 1998-2013, Brian Gladman, Worcester, UK. All - | rights reserved. - - The redistribution and use of this software (with or without - changes) is allowed without the payment of fees or royalties - provided that: - - source code distributions include the above copyright notice, - this list of conditions and the following disclaimer; - - binary distributions include the above copyright notice, this - list of conditions and the following disclaimer in their - documentation. - - This software is provided 'as is' with no explicit or implied warranties - in respect of its operation, including, but not limited to, correctness - and fitness for purpose. - -------------------- - -Portions contributed by Red Hat, including the pre-authentication -plug-in framework and the NSS crypto implementation, contain the -following copyright: - - | Copyright |copy| 2006 Red Hat, Inc. - | Portions copyright |copy| 2006 Massachusetts Institute of Technology - | All Rights Reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are - met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * Neither the name of Red Hat, Inc., nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS - IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER - OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -------------------- - -The bundled verto source code is subject to the following license: - - Copyright 2011 Red Hat, Inc. - - Permission is hereby granted, free of charge, to any person - obtaining a copy of this software and associated documentation files - (the "Software"), to deal in the Software without restriction, - including without limitation the rights to use, copy, modify, merge, - publish, distribute, sublicense, and/or sell copies of the Software, - and to permit persons to whom the Software is furnished to do so, - subject to the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. - -------------------- - -The MS-KKDCP client implementation has the following copyright: - - Copyright 2013,2014 Red Hat, Inc. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS - IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER - OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -------------------- - -The implementations of GSSAPI mechglue in GSSAPI-SPNEGO in -``src/lib/gssapi``, including the following files: - -.. parsed-literal:: - - lib/gssapi/generic/gssapi_err_generic.et - lib/gssapi/mechglue/g_accept_sec_context.c - lib/gssapi/mechglue/g_acquire_cred.c - lib/gssapi/mechglue/g_canon_name.c - lib/gssapi/mechglue/g_compare_name.c - lib/gssapi/mechglue/g_context_time.c - lib/gssapi/mechglue/g_delete_sec_context.c - lib/gssapi/mechglue/g_dsp_name.c - lib/gssapi/mechglue/g_dsp_status.c - lib/gssapi/mechglue/g_dup_name.c - lib/gssapi/mechglue/g_exp_sec_context.c - lib/gssapi/mechglue/g_export_name.c - lib/gssapi/mechglue/g_glue.c - lib/gssapi/mechglue/g_imp_name.c - lib/gssapi/mechglue/g_imp_sec_context.c - lib/gssapi/mechglue/g_init_sec_context.c - lib/gssapi/mechglue/g_initialize.c - lib/gssapi/mechglue/g_inquire_context.c - lib/gssapi/mechglue/g_inquire_cred.c - lib/gssapi/mechglue/g_inquire_names.c - lib/gssapi/mechglue/g_process_context.c - lib/gssapi/mechglue/g_rel_buffer.c - lib/gssapi/mechglue/g_rel_cred.c - lib/gssapi/mechglue/g_rel_name.c - lib/gssapi/mechglue/g_rel_oid_set.c - lib/gssapi/mechglue/g_seal.c - lib/gssapi/mechglue/g_sign.c - lib/gssapi/mechglue/g_store_cred.c - lib/gssapi/mechglue/g_unseal.c - lib/gssapi/mechglue/g_userok.c - lib/gssapi/mechglue/g_utils.c - lib/gssapi/mechglue/g_verify.c - lib/gssapi/mechglue/gssd_pname_to_uid.c - lib/gssapi/mechglue/mglueP.h - lib/gssapi/mechglue/oid_ops.c - lib/gssapi/spnego/gssapiP_spnego.h - lib/gssapi/spnego/spnego_mech.c - -and the initial implementation of incremental propagation, including -the following new or changed files: - -.. parsed-literal:: - - include/iprop_hdr.h - kadmin/server/ipropd_svc.c - lib/kdb/iprop.x - lib/kdb/kdb_convert.c - lib/kdb/kdb_log.c - lib/kdb/kdb_log.h - lib/krb5/error_tables/kdb5_err.et - kprop/kpropd_rpc.c - kprop/kproplog.c - -are subject to the following license: - - Copyright |copy| 2004 Sun Microsystems, Inc. - - Permission is hereby granted, free of charge, to any person obtaining a - copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to - permit persons to whom the Software is furnished to do so, subject to - the following conditions: - - The above copyright notice and this permission notice shall be included - in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS - OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. - IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY - CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, - TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE - SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -------------------- - -Kerberos V5 includes documentation and software developed at the -University of California at Berkeley, which includes this copyright -notice: - - | Copyright |copy| 1983 Regents of the University of California. - | All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are - met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -------------------- - -Portions contributed by Novell, Inc., including the LDAP database -backend, are subject to the following license: - - | Copyright |copy| 2004-2005, Novell, Inc. - | All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - * Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - * The copyright holder's name is not used to endorse or promote products - derived from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -------------------- - -Portions funded by Sandia National Laboratory -and developed by the University of Michigan's -Center for Information Technology Integration, -including the PKINIT implementation, are subject -to the following license: - - | COPYRIGHT |copy| 2006-2007 - | THE REGENTS OF THE UNIVERSITY OF MICHIGAN - | ALL RIGHTS RESERVED - - Permission is granted to use, copy, create derivative works - and redistribute this software and such derivative works - for any purpose, so long as the name of The University of - Michigan is not used in any advertising or publicity - pertaining to the use of distribution of this software - without specific, written prior authorization. If the - above copyright notice or any other identification of the - University of Michigan is included in any copy of any - portion of this software, then the disclaimer below must - also be included. - - THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION - FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY - PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF - MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING - WITHOUT LIMITATION THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE - REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE - FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR - CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING - OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN - IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF - SUCH DAMAGES. - -------------------- - -The pkcs11.h file included in the PKINIT code has the -following license: - - | Copyright 2006 g10 Code GmbH - | Copyright 2006 Andreas Jellinghaus - - This file is free software; as a special exception the author gives - unlimited permission to copy and/or distribute it, with or without - modifications, as long as this notice is preserved. - - This file is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY, to the extent permitted by law; without even - the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - PURPOSE. - -------------------- - -Portions contributed by Apple Inc. are subject to the following license: - - Copyright 2004-2008 Apple Inc. All Rights Reserved. - - Export of this software from the United States of America may require - a specific license from the United States Government. It is the - responsibility of any person or organization contemplating export to - obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of Apple Inc. not be used in advertising or publicity pertaining - to distribution of the software without specific, written prior - permission. Apple Inc. makes no representations about the suitability of - this software for any purpose. It is provided "as is" without express - or implied warranty. - - THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR - IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - -------------------- - -The implementations of UTF-8 string handling in src/util/support and -src/lib/krb5/unicode are subject to the following copyright and -permission notice: - - | The OpenLDAP Public License - | Version 2.8, 17 August 2003 - - Redistribution and use of this software and associated documentation - ("Software"), with or without modification, are permitted provided - that the following conditions are met: - - 1. Redistributions in source form must retain copyright statements - and notices, - 2. Redistributions in binary form must reproduce applicable copyright - statements and notices, this list of conditions, and the following - disclaimer in the documentation and/or other materials provided - with the distribution, and - 3. Redistributions must contain a verbatim copy of this document. - - The OpenLDAP Foundation may revise this license from time to time. - Each revision is distinguished by a version number. You may use - this Software under terms of this license revision or under the - terms of any subsequent revision of the license. - - THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS - CONTRIBUTORS "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT - SHALL THE OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) - OR OWNER(S) OF THE SOFTWARE BE LIABLE FOR ANY DIRECT, INDIRECT, - INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, - BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER - CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN - ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - - The names of the authors and copyright holders must not be used in - advertising or otherwise to promote the sale, use or other dealing - in this Software without specific, written prior permission. Title - to copyright in this Software shall at all times remain with copyright - holders. - - OpenLDAP is a registered trademark of the OpenLDAP Foundation. - - Copyright 1999-2003 The OpenLDAP Foundation, Redwood City, - California, USA. All Rights Reserved. Permission to copy and - distribute verbatim copies of this document is granted. - -------------------- - -Marked test programs in src/lib/krb5/krb have the following copyright: - - | Copyright |copy| 2006 Kungliga Tekniska Högskola - | (Royal Institute of Technology, Stockholm, Sweden). - | All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of KTH nor the names of its contributors may be - used to endorse or promote products derived from this software without - specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS "AS IS" AND ANY - EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE - LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -------------------- - -The KCM Mach RPC definition file used on macOS has the following copyright: - - | Copyright |copy| 2009 Kungliga Tekniska Högskola - | (Royal Institute of Technology, Stockholm, Sweden). - | All rights reserved. - - Portions Copyright |copy| 2009 Apple Inc. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of the Institute nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -------------------- - -Portions of the RPC implementation in src/lib/rpc and src/include/gssrpc -have the following copyright and permission notice: - - Copyright |copy| 2010, Oracle America, Inc. - - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - 3. Neither the name of the "Oracle America, Inc." nor the names of - its contributors may be used to endorse or promote products - derived from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS - IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -------------------- - - Copyright |copy| 2006,2007,2009 - NTT (Nippon Telegraph and Telephone Corporation). All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer as - the first lines of this file unmodified. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - THIS SOFTWARE IS PROVIDED BY NTT "AS IS" AND ANY EXPRESS OR - IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - IN NO EVENT SHALL NTT BE LIABLE FOR ANY DIRECT, INDIRECT, - INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -------------------- - - Copyright 2000 by Carnegie Mellon University - - All Rights Reserved - - Permission to use, copy, modify, and distribute this software and its - documentation for any purpose and without fee is hereby granted, - provided that the above copyright notice appear in all copies and that - both that copyright notice and this permission notice appear in - supporting documentation, and that the name of Carnegie Mellon - University not be used in advertising or publicity pertaining to - distribution of the software without specific, written prior - permission. - - CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND - FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR - ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -------------------- - - Copyright |copy| 2002 Naval Research Laboratory (NRL/CCS) - - Permission to use, copy, modify and distribute this software and its - documentation is hereby granted, provided that both the copyright - notice and this permission notice appear in all copies of the software, - derivative works or modified versions, and any portions thereof. - - NRL ALLOWS FREE USE OF THIS SOFTWARE IN ITS "AS IS" CONDITION AND - DISCLAIMS ANY LIABILITY OF ANY KIND FOR ANY DAMAGES WHATSOEVER - RESULTING FROM THE USE OF THIS SOFTWARE. - -------------------- - - Copyright |copy| 2022 United States Government as represented by the - Secretary of the Navy. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - -------------------- - - Copyright |copy| 1991, 1992, 1994 by Cygnus Support. - - Permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation. - Cygnus Support makes no representations about the suitability of - this software for any purpose. It is provided "as is" without express - or implied warranty. - -------------------- - - Copyright |copy| 2006 Secure Endpoints Inc. - - Permission is hereby granted, free of charge, to any person - obtaining a copy of this software and associated documentation - files (the "Software"), to deal in the Software without - restriction, including without limitation the rights to use, copy, - modify, merge, publish, distribute, sublicense, and/or sell copies - of the Software, and to permit persons to whom the Software is - furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS - BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN - ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN - CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE - SOFTWARE. - -------------------- - - Copyright |copy| 1994 by the University of Southern California - - EXPORT OF THIS SOFTWARE from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to copy, modify, and distribute - this software and its documentation in source and binary forms is - hereby granted, provided that any documentation or other materials - related to such distribution or use acknowledge that the software - was developed by the University of Southern California. - - DISCLAIMER OF WARRANTY. THIS SOFTWARE IS PROVIDED "AS IS". The - University of Southern California MAKES NO REPRESENTATIONS OR - WARRANTIES, EXPRESS OR IMPLIED. By way of example, but not - limitation, the University of Southern California MAKES NO - REPRESENTATIONS OR WARRANTIES OF MERCHANTABILITY OR FITNESS FOR ANY - PARTICULAR PURPOSE. The University of Southern - California shall not be held liable for any liability nor for any - direct, indirect, or consequential damages with respect to any - claim by the user or distributor of the ksu software. - -------------------- - - | Copyright |copy| 1995 - | The President and Fellows of Harvard University - - This code is derived from software contributed to Harvard by - Jeremy Rassen. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - - This product includes software developed by the University of - California, Berkeley and its contributors. - - 4. Neither the name of the University nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -------------------- - - | Copyright |copy| 2008 by the Massachusetts Institute of Technology. - | Copyright 1995 by Richard P. Basch. All Rights Reserved. - | Copyright 1995 by Lehman Brothers, Inc. All Rights Reserved. - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of Richard P. Basch, Lehman Brothers and M.I.T. not be used - in advertising or publicity pertaining to distribution of the software - without specific, written prior permission. Richard P. Basch, - Lehman Brothers and M.I.T. make no representations about the suitability - of this software for any purpose. It is provided "as is" without - express or implied warranty. - -------------------- - -The following notice applies to ``src/lib/krb5/krb/strptime.c`` and -``src/include/k5-queue.h``. - - | Copyright |copy| 1997, 1998 The NetBSD Foundation, Inc. - | All rights reserved. - - This code was contributed to The NetBSD Foundation by Klaus Klein. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. All advertising materials mentioning features or use of this software - must display the following acknowledgement: - - This product includes software developed by the NetBSD - Foundation, Inc. and its contributors. - - 4. Neither the name of The NetBSD Foundation nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - POSSIBILITY OF SUCH DAMAGE. - -------------------- - -The following notice applies to Unicode library files in -``src/lib/krb5/unicode``: - - | Copyright 1997, 1998, 1999 Computing Research Labs, - | New Mexico State University - - Permission is hereby granted, free of charge, to any person obtaining a - copy of this software and associated documentation files (the "Software"), - to deal in the Software without restriction, including without limitation - the rights to use, copy, modify, merge, publish, distribute, sublicense, - and/or sell copies of the Software, and to permit persons to whom the - Software is furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be included in - all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL - THE COMPUTING RESEARCH LAB OR NEW MEXICO STATE UNIVERSITY BE LIABLE FOR ANY - CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT - OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR - THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -------------------- - -The following notice applies to ``src/util/support/strlcpy.c``: - - Copyright |copy| 1998 Todd C. Miller ``Todd.Miller@courtesan.com`` - - Permission to use, copy, modify, and distribute this software for any - purpose with or without fee is hereby granted, provided that the above - copyright notice and this permission notice appear in all copies. - - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - -------------------- - -The following notice applies to ``src/util/profile/argv_parse.c`` and -``src/util/profile/argv_parse.h``: - - Copyright 1999 by Theodore Ts'o. - - Permission to use, copy, modify, and distribute this software for - any purpose with or without fee is hereby granted, provided that - the above copyright notice and this permission notice appear in all - copies. THE SOFTWARE IS PROVIDED "AS IS" AND THEODORE TS'O (THE - AUTHOR) DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. - IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER - RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR - IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. (Isn't - it sick that the U.S. culture of lawsuit-happy lawyers requires - this kind of disclaimer?) - -------------------- - -The following notice applies to portiions of ``src/lib/rpc`` and -``src/include/gssrpc``: - - Copyright |copy| 2000 The Regents of the University of Michigan. - All rights reserved. - - Copyright |copy| 2000 Dug Song ``dugsong@UMICH.EDU``. - All rights reserved, all wrongs reversed. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - 3. Neither the name of the University nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED - WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -------------------- - -Implementations of the MD4 algorithm are subject to the following -notice: - - Copyright |copy| 1990, RSA Data Security, Inc. All rights reserved. - - License to copy and use this software is granted provided that - it is identified as the "RSA Data Security, Inc. MD4 Message - Digest Algorithm" in all material mentioning or referencing this - software or this function. - - License is also granted to make and use derivative works - provided that such works are identified as "derived from the RSA - Data Security, Inc. MD4 Message Digest Algorithm" in all - material mentioning or referencing the derived work. - - RSA Data Security, Inc. makes no representations concerning - either the merchantability of this software or the suitability - of this software for any particular purpose. It is provided "as - is" without express or implied warranty of any kind. - - These notices must be retained in any copies of any part of this - documentation and/or software. - -------------------- - -Implementations of the MD5 algorithm are subject to the following -notice: - - Copyright |copy| 1990, RSA Data Security, Inc. All rights reserved. - - License to copy and use this software is granted provided that - it is identified as the "RSA Data Security, Inc. MD5 Message- - Digest Algorithm" in all material mentioning or referencing this - software or this function. - - License is also granted to make and use derivative works - provided that such works are identified as "derived from the RSA - Data Security, Inc. MD5 Message-Digest Algorithm" in all - material mentioning or referencing the derived work. - - RSA Data Security, Inc. makes no representations concerning - either the merchantability of this software or the suitability - of this software for any particular purpose. It is provided "as - is" without express or implied warranty of any kind. - - These notices must be retained in any copies of any part of this - documentation and/or software. - -------------------- - -The following notice applies to ``src/lib/crypto/crypto_tests/t_mddriver.c``: - - Copyright |copy| 1990-2, RSA Data Security, Inc. Created 1990. All - rights reserved. - - RSA Data Security, Inc. makes no representations concerning either - the merchantability of this software or the suitability of this - software for any particular purpose. It is provided "as is" - without express or implied warranty of any kind. - - These notices must be retained in any copies of any part of this - documentation and/or software. - -------------------- - -Portions of ``src/lib/krb5`` are subject to the following notice: - - | Copyright |copy| 1994 CyberSAFE Corporation. - | Copyright 1990,1991,2007,2008 by the Massachusetts - Institute of Technology. - | All Rights Reserved. - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of M.I.T. not be used in advertising or publicity pertaining - to distribution of the software without specific, written prior - permission. Furthermore if you modify this software you must label - your software as modified software and not distribute it in such a - fashion that it might be confused with the original M.I.T. software. - Neither M.I.T., the Open Computing Security Group, nor - CyberSAFE Corporation make any representations about the suitability of - this software for any purpose. It is provided "as is" without express - or implied warranty. - -------------------- - -Portions contributed by PADL Software are subject to the following -license: - - Copyright (c) 2011, PADL Software Pty Ltd. - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - 1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - 2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. - - 3. Neither the name of PADL Software nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - - THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS "AS IS" AND - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -------------------- - -The bundled libev source code is subject to the following license: - - All files in libev are Copyright (C)2007,2008,2009 Marc Alexander Lehmann. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are - met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - Alternatively, the contents of this package may be used under the terms - of the GNU General Public License ("GPL") version 2 or any later version, - in which case the provisions of the GPL are applicable instead of the - above. If you wish to allow the use of your version of this package only - under the terms of the GPL and not to allow others to use your version of - this file under the BSD license, indicate your decision by deleting the - provisions above and replace them with the notice and other provisions - required by the GPL in this and the other files of this package. If you do - not delete the provisions above, a recipient may use your version of this - file under either the BSD or the GPL. - -------------------- - -Files copied from the Intel AESNI Sample Library are subject to the -following license: - - Copyright |copy| 2010, Intel Corporation - All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above - copyright notice, this list of conditions and the following - disclaimer. - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials - provided with the distribution. - * Neither the name of Intel Corporation nor the names of its - contributors may be used to endorse or promote products - derived from this software without specific prior written - permission. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND - CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, - INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR - TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF - THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - SUCH DAMAGE. - -------------------- - -The following notice applies to -``src/ccapi/common/win/OldCC/autolock.hxx``: - - Copyright (C) 1998 by Danilo Almeida. All rights reserved. - - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions - are met: - - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - - * Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in - the documentation and/or other materials provided with the - distribution. - - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS - FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE - COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, - INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR - SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - OF THE POSSIBILITY OF SUCH DAMAGE. - -------------------- - -The following notice applies to portions of -``src/plugins/preauth/spake/edwards25519.c`` and -``src/plugins/preauth/spake/edwards25519_tables.h``: - -The MIT License (MIT) - -Copyright (c) 2015-2016 the fiat-crypto authors (see the AUTHORS file). - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to -deal in the Software without restriction, including without limitation the -rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -sell copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -IN THE SOFTWARE. - -------------------- - -The following notice applies to portions of -``src/plugins/preauth/spake/edwards25519.c``: - -Copyright (c) 2015-2016, Google Inc. - -Permission to use, copy, modify, and/or distribute this software for any -purpose with or without fee is hereby granted, provided that the above -copyright notice and this permission notice appear in all copies. - -THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION -OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN -CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. diff --git a/krb5-1.21.3/doc/pdf/GMakefile b/krb5-1.21.3/doc/pdf/GMakefile deleted file mode 100644 index e4653f23..00000000 --- a/krb5-1.21.3/doc/pdf/GMakefile +++ /dev/null @@ -1,64 +0,0 @@ -# Makefile for Sphinx LaTeX output - -ALLDOCS = $(basename $(wildcard *.tex)) -ALLPDF = $(addsuffix .pdf,$(ALLDOCS)) -ALLDVI = $(addsuffix .dvi,$(ALLDOCS)) -ALLXDV = -ALLPS = $(addsuffix .ps,$(ALLDOCS)) - -# Prefix for archive names -ARCHIVEPREFIX = -# Additional LaTeX options (passed via variables in latexmkrc/latexmkjarc file) -export LATEXOPTS ?= -# Additional latexmk options -LATEXMKOPTS ?= -# format: pdf or dvi (used only by archive targets) -FMT = pdf - -LATEX = latexmk -dvi -PDFLATEX = latexmk -pdf -dvi- -ps- - - -%.dvi: %.tex FORCE_MAKE - $(LATEX) $(LATEXMKOPTS) '$<' - -%.ps: %.dvi - dvips '$<' - -%.pdf: %.tex FORCE_MAKE - $(PDFLATEX) $(LATEXMKOPTS) '$<' - -all: $(ALLPDF) - -all-dvi: $(ALLDVI) - -all-ps: $(ALLPS) - -all-pdf: $(ALLPDF) - -zip: all-$(FMT) - mkdir $(ARCHIVEPREFIX)docs-$(FMT) - cp $(ALLPDF) $(ARCHIVEPREFIX)docs-$(FMT) - zip -q -r -9 $(ARCHIVEPREFIX)docs-$(FMT).zip $(ARCHIVEPREFIX)docs-$(FMT) - rm -r $(ARCHIVEPREFIX)docs-$(FMT) - -tar: all-$(FMT) - mkdir $(ARCHIVEPREFIX)docs-$(FMT) - cp $(ALLPDF) $(ARCHIVEPREFIX)docs-$(FMT) - tar cf $(ARCHIVEPREFIX)docs-$(FMT).tar $(ARCHIVEPREFIX)docs-$(FMT) - rm -r $(ARCHIVEPREFIX)docs-$(FMT) - -gz: tar - gzip -9 < $(ARCHIVEPREFIX)docs-$(FMT).tar > $(ARCHIVEPREFIX)docs-$(FMT).tar.gz - -bz2: tar - bzip2 -9 -k $(ARCHIVEPREFIX)docs-$(FMT).tar - -xz: tar - xz -9 -k $(ARCHIVEPREFIX)docs-$(FMT).tar - -clean: - rm -f *.log *.ind *.aux *.toc *.syn *.idx *.out *.ilg *.pla *.ps *.tar *.tar.gz *.tar.bz2 *.tar.xz $(ALLPDF) $(ALLDVI) $(ALLXDV) *.fls *.fdb_latexmk - -.PHONY: all all-pdf all-dvi all-ps clean zip tar gz bz2 xz -.PHONY: FORCE_MAKE \ No newline at end of file diff --git a/krb5-1.21.3/doc/pdf/LICRcyr2utf8.xdy b/krb5-1.21.3/doc/pdf/LICRcyr2utf8.xdy deleted file mode 100644 index a9ca1c82..00000000 --- a/krb5-1.21.3/doc/pdf/LICRcyr2utf8.xdy +++ /dev/null @@ -1,101 +0,0 @@ -;; -*- coding: utf-8; mode: Lisp; -*- -;; style file for xindy -;; filename: LICRcyr2utf8.xdy -;; description: style file for xindy which maps back LaTeX Internal -;; Character Representation of Cyrillic to utf-8 -;; usage: for use with pdflatex produced .idx files. -;; Contributed by the Sphinx team, July 2018. -(merge-rule "\IeC {\'\CYRG }" "Ѓ" :string) -(merge-rule "\IeC {\'\CYRK }" "ÐŒ" :string) -(merge-rule "\IeC {\'\cyrg }" "Ñ“" :string) -(merge-rule "\IeC {\'\cyrk }" "Ñœ" :string) -(merge-rule "\IeC {\CYRA }" "Ð" :string) -(merge-rule "\IeC {\CYRB }" "Б" :string) -(merge-rule "\IeC {\CYRC }" "Ц" :string) -(merge-rule "\IeC {\CYRCH }" "Ч" :string) -(merge-rule "\IeC {\CYRD }" "Д" :string) -(merge-rule "\IeC {\CYRDJE }" "Ђ" :string) -(merge-rule "\IeC {\CYRDZE }" "Ð…" :string) -(merge-rule "\IeC {\CYRDZHE }" "Ð" :string) -(merge-rule "\IeC {\CYRE }" "Е" :string) -(merge-rule "\IeC {\CYREREV }" "Э" :string) -(merge-rule "\IeC {\CYRERY }" "Ы" :string) -(merge-rule "\IeC {\CYRF }" "Ф" :string) -(merge-rule "\IeC {\CYRG }" "Г" :string) -(merge-rule "\IeC {\CYRGUP }" "Ò" :string) -(merge-rule "\IeC {\CYRH }" "Ð¥" :string) -(merge-rule "\IeC {\CYRHRDSN }" "Ъ" :string) -(merge-rule "\IeC {\CYRI }" "И" :string) -(merge-rule "\IeC {\CYRIE }" "Є" :string) -(merge-rule "\IeC {\CYRII }" "І" :string) -(merge-rule "\IeC {\CYRISHRT }" "Й" :string) -(merge-rule "\IeC {\CYRJE }" "Ј" :string) -(merge-rule "\IeC {\CYRK }" "К" :string) -(merge-rule "\IeC {\CYRL }" "Л" :string) -(merge-rule "\IeC {\CYRLJE }" "Љ" :string) -(merge-rule "\IeC {\CYRM }" "М" :string) -(merge-rule "\IeC {\CYRN }" "Ð" :string) -(merge-rule "\IeC {\CYRNJE }" "Њ" :string) -(merge-rule "\IeC {\CYRO }" "О" :string) -(merge-rule "\IeC {\CYRP }" "П" :string) -(merge-rule "\IeC {\CYRR }" "Р" :string) -(merge-rule "\IeC {\CYRS }" "С" :string) -(merge-rule "\IeC {\CYRSFTSN }" "Ь" :string) -(merge-rule "\IeC {\CYRSH }" "Ш" :string) -(merge-rule "\IeC {\CYRSHCH }" "Щ" :string) -(merge-rule "\IeC {\CYRT }" "Т" :string) -(merge-rule "\IeC {\CYRTSHE }" "Ћ" :string) -(merge-rule "\IeC {\CYRU }" "У" :string) -(merge-rule "\IeC {\CYRUSHRT }" "ÐŽ" :string) -(merge-rule "\IeC {\CYRV }" "Ð’" :string) -(merge-rule "\IeC {\CYRYA }" "Я" :string) -(merge-rule "\IeC {\CYRYI }" "Ї" :string) -(merge-rule "\IeC {\CYRYO }" "Ð" :string) -(merge-rule "\IeC {\CYRYU }" "Ю" :string) -(merge-rule "\IeC {\CYRZ }" "З" :string) -(merge-rule "\IeC {\CYRZH }" "Ж" :string) -(merge-rule "\IeC {\cyra }" "а" :string) -(merge-rule "\IeC {\cyrb }" "б" :string) -(merge-rule "\IeC {\cyrc }" "ц" :string) -(merge-rule "\IeC {\cyrch }" "ч" :string) -(merge-rule "\IeC {\cyrd }" "д" :string) -(merge-rule "\IeC {\cyrdje }" "Ñ’" :string) -(merge-rule "\IeC {\cyrdze }" "Ñ•" :string) -(merge-rule "\IeC {\cyrdzhe }" "ÑŸ" :string) -(merge-rule "\IeC {\cyre }" "е" :string) -(merge-rule "\IeC {\cyrerev }" "Ñ" :string) -(merge-rule "\IeC {\cyrery }" "Ñ‹" :string) -(merge-rule "\IeC {\cyrf }" "Ñ„" :string) -(merge-rule "\IeC {\cyrg }" "г" :string) -(merge-rule "\IeC {\cyrgup }" "Ò‘" :string) -(merge-rule "\IeC {\cyrh }" "Ñ…" :string) -(merge-rule "\IeC {\cyrhrdsn }" "ÑŠ" :string) -(merge-rule "\IeC {\cyri }" "и" :string) -(merge-rule "\IeC {\cyrie }" "Ñ”" :string) -(merge-rule "\IeC {\cyrii }" "Ñ–" :string) -(merge-rule "\IeC {\cyrishrt }" "й" :string) -(merge-rule "\IeC {\cyrje }" "ј" :string) -(merge-rule "\IeC {\cyrk }" "к" :string) -(merge-rule "\IeC {\cyrl }" "л" :string) -(merge-rule "\IeC {\cyrlje }" "Ñ™" :string) -(merge-rule "\IeC {\cyrm }" "м" :string) -(merge-rule "\IeC {\cyrn }" "н" :string) -(merge-rule "\IeC {\cyrnje }" "Ñš" :string) -(merge-rule "\IeC {\cyro }" "о" :string) -(merge-rule "\IeC {\cyrp }" "п" :string) -(merge-rule "\IeC {\cyrr }" "Ñ€" :string) -(merge-rule "\IeC {\cyrs }" "Ñ" :string) -(merge-rule "\IeC {\cyrsftsn }" "ÑŒ" :string) -(merge-rule "\IeC {\cyrsh }" "ш" :string) -(merge-rule "\IeC {\cyrshch }" "щ" :string) -(merge-rule "\IeC {\cyrt }" "Ñ‚" :string) -(merge-rule "\IeC {\cyrtshe }" "Ñ›" :string) -(merge-rule "\IeC {\cyru }" "у" :string) -(merge-rule "\IeC {\cyrushrt }" "Ñž" :string) -(merge-rule "\IeC {\cyrv }" "в" :string) -(merge-rule "\IeC {\cyrya }" "Ñ" :string) -(merge-rule "\IeC {\cyryi }" "Ñ—" :string) -(merge-rule "\IeC {\cyryo }" "Ñ‘" :string) -(merge-rule "\IeC {\cyryu }" "ÑŽ" :string) -(merge-rule "\IeC {\cyrz }" "з" :string) -(merge-rule "\IeC {\cyrzh }" "ж" :string) diff --git a/krb5-1.21.3/doc/pdf/LICRlatin2utf8.xdy b/krb5-1.21.3/doc/pdf/LICRlatin2utf8.xdy deleted file mode 100644 index 1d768259..00000000 --- a/krb5-1.21.3/doc/pdf/LICRlatin2utf8.xdy +++ /dev/null @@ -1,239 +0,0 @@ -;; style file for xindy -;; filename: LICRlatin2utf8.xdy -;; description: style file for xindy which maps back LaTeX Internal -;; Character Representation of letters (as arising in .idx index -;; file) to UTF-8 encoding for correct sorting by xindy. -;; usage: for use with the pdflatex engine, -;; *not* for use with xelatex or lualatex. -;; -;; This is based upon xindy's distributed file tex/inputenc/utf8.xdy. -;; The modifications include: -;; -;; - Updates for compatibility with current LaTeX macro encoding. -;; -;; - Systematic usage of the \IeC {...} mark-up, because mark-up in -;; tex/inputenc/utf8.xdy was using it on seemingly random basis, and -;; Sphinx coercing of xindy usability for both Latin and Cyrillic scripts -;; with pdflatex requires its systematic presence here. -;; -;; - Support for some extra letters: Ÿ, ÅŠ, Å‹, Å’, Å“, IJ, ij, È· and ẞ. -;; -;; Indeed Sphinx needs to support for pdflatex engine all Unicode letters -;; available in TeX T1 font encoding. The above letters are found in -;; that encoding but not in the Latin1, 2, 3 charsets which are those -;; covered by original tex/inputenc/utf8.xdy. -;; -;; - There is a problem that È· is not supported out-of-the box by LaTeX -;; with inputenc, one must add explicitly -;; \DeclareUnicodeCharacter{0237}{\j} -;; to preamble of LaTeX document. However this character is not supported -;; by the TeX "times" font used by default by Sphinx for pdflatex engine. -;; -;; **Update**: since LaTeX 2018/12/01, the \j as well as \SS, \k{} and -;; \.{} need no extra user declaration anymore. -;; -;; - ẞ needs \DeclareUnicodeCharacter{1E9E}{\SS} (but ß needs no extra set-up). -;; -;; - U+02DB (Ë›) and U+02D9 (Ë™) are also not supported by inputenc -;; out of the box and require -;; \DeclareUnicodeCharacter{02DB}{\k{}} -;; \DeclareUnicodeCharacter{02D9}{\.{}} -;; to be added to preamble. -;; -;; - U+0127 ħ and U+0126 Ħ are absent from TeX T1+TS1 font encodings. -;; -;; - Characters ÅŠ and Å‹ are not supported by TeX font "times" used by -;; default by Sphinx for pdflatex engine but they are supported by -;; some TeX fonts, in particular by the default LaTeX font for T1 -;; encoding. -;; -;; - " and ~ must be escaped as ~" and resp. ~~ in xindy merge rules. -;; -;; Contributed by the Sphinx team, July 2018. -;; -;; See sphinx.xdy for superior figures, as they are escaped by LaTeX writer. -(merge-rule "\IeC {\textonesuperior }" "¹" :string) -(merge-rule "\IeC {\texttwosuperior }" "²" :string) -(merge-rule "\IeC {\textthreesuperior }" "³" :string) -(merge-rule "\IeC {\'a}" "á" :string) -(merge-rule "\IeC {\'A}" "Ã" :string) -(merge-rule "\IeC {\`a}" "à" :string) -(merge-rule "\IeC {\`A}" "À" :string) -(merge-rule "\IeC {\^a}" "â" :string) -(merge-rule "\IeC {\^A}" "Â" :string) -(merge-rule "\IeC {\~"a}" "ä" :string) -(merge-rule "\IeC {\~"A}" "Ä" :string) -(merge-rule "\IeC {\~~a}" "ã" :string) -(merge-rule "\IeC {\~~A}" "Ã" :string) -(merge-rule "\IeC {\c c}" "ç" :string) -(merge-rule "\IeC {\c C}" "Ç" :string) -(merge-rule "\IeC {\'c}" "ć" :string) -(merge-rule "\IeC {\'C}" "Ć" :string) -(merge-rule "\IeC {\^c}" "ĉ" :string) -(merge-rule "\IeC {\^C}" "Ĉ" :string) -(merge-rule "\IeC {\.c}" "Ä‹" :string) -(merge-rule "\IeC {\.C}" "ÄŠ" :string) -(merge-rule "\IeC {\c s}" "ÅŸ" :string) -(merge-rule "\IeC {\c S}" "Åž" :string) -(merge-rule "\IeC {\c t}" "Å£" :string) -(merge-rule "\IeC {\c T}" "Å¢" :string) -(merge-rule "\IeC {\-}" "­" :string); soft hyphen -(merge-rule "\IeC {\textdiv }" "÷" :string) -(merge-rule "\IeC {\'e}" "é" :string) -(merge-rule "\IeC {\'E}" "É" :string) -(merge-rule "\IeC {\`e}" "è" :string) -(merge-rule "\IeC {\`E}" "È" :string) -(merge-rule "\IeC {\^e}" "ê" :string) -(merge-rule "\IeC {\^E}" "Ê" :string) -(merge-rule "\IeC {\~"e}" "ë" :string) -(merge-rule "\IeC {\~"E}" "Ë" :string) -(merge-rule "\IeC {\^g}" "Ä" :string) -(merge-rule "\IeC {\^G}" "Äœ" :string) -(merge-rule "\IeC {\.g}" "Ä¡" :string) -(merge-rule "\IeC {\.G}" "Ä " :string) -(merge-rule "\IeC {\^h}" "Ä¥" :string) -(merge-rule "\IeC {\^H}" "Ĥ" :string) -(merge-rule "\IeC {\H o}" "Å‘" :string) -(merge-rule "\IeC {\H O}" "Å" :string) -(merge-rule "\IeC {\textacutedbl }" "Ë" :string) -(merge-rule "\IeC {\H u}" "ű" :string) -(merge-rule "\IeC {\H U}" "Ű" :string) -(merge-rule "\IeC {\ae }" "æ" :string) -(merge-rule "\IeC {\AE }" "Æ" :string) -(merge-rule "\IeC {\textcopyright }" "©" :string) -(merge-rule "\IeC {\c \ }" "¸" :string) -(merge-rule "\IeC {\dh }" "ð" :string) -(merge-rule "\IeC {\DH }" "Ã" :string) -(merge-rule "\IeC {\dj }" "Ä‘" :string) -(merge-rule "\IeC {\DJ }" "Ä" :string) -(merge-rule "\IeC {\guillemotleft }" "«" :string) -(merge-rule "\IeC {\guillemotright }" "»" :string) -(merge-rule "\IeC {\'\i }" "í" :string) -(merge-rule "\IeC {\`\i }" "ì" :string) -(merge-rule "\IeC {\^\i }" "î" :string) -(merge-rule "\IeC {\~"\i }" "ï" :string) -(merge-rule "\IeC {\i }" "ı" :string) -(merge-rule "\IeC {\^\j }" "ĵ" :string) -(merge-rule "\IeC {\k {}}" "Ë›" :string) -(merge-rule "\IeC {\l }" "Å‚" :string) -(merge-rule "\IeC {\L }" "Å" :string) -(merge-rule "\IeC {\nobreakspace }" " " :string) -(merge-rule "\IeC {\o }" "ø" :string) -(merge-rule "\IeC {\O }" "Ø" :string) -(merge-rule "\IeC {\textsterling }" "£" :string) -(merge-rule "\IeC {\textparagraph }" "¶" :string) -(merge-rule "\IeC {\ss }" "ß" :string) -(merge-rule "\IeC {\textsection }" "§" :string) -(merge-rule "\IeC {\textbrokenbar }" "¦" :string) -(merge-rule "\IeC {\textcent }" "¢" :string) -(merge-rule "\IeC {\textcurrency }" "¤" :string) -(merge-rule "\IeC {\textdegree }" "°" :string) -(merge-rule "\IeC {\textexclamdown }" "¡" :string) -(merge-rule "\IeC {\texthbar }" "ħ" :string) -(merge-rule "\IeC {\textHbar }" "Ħ" :string) -(merge-rule "\IeC {\textonehalf }" "½" :string) -(merge-rule "\IeC {\textonequarter }" "¼" :string) -(merge-rule "\IeC {\textordfeminine }" "ª" :string) -(merge-rule "\IeC {\textordmasculine }" "º" :string) -(merge-rule "\IeC {\textperiodcentered }" "·" :string) -(merge-rule "\IeC {\textquestiondown }" "¿" :string) -(merge-rule "\IeC {\textregistered }" "®" :string) -(merge-rule "\IeC {\textthreequarters }" "¾" :string) -(merge-rule "\IeC {\textyen }" "Â¥" :string) -(merge-rule "\IeC {\th }" "þ" :string) -(merge-rule "\IeC {\TH }" "Þ" :string) -(merge-rule "\IeC {\'I}" "Ã" :string) -(merge-rule "\IeC {\`I}" "ÃŒ" :string) -(merge-rule "\IeC {\^I}" "ÃŽ" :string) -(merge-rule "\IeC {\~"I}" "Ã" :string) -(merge-rule "\IeC {\.I}" "İ" :string) -(merge-rule "\IeC {\^J}" "Ä´" :string) -(merge-rule "\IeC {\k a}" "Ä…" :string) -(merge-rule "\IeC {\k A}" "Ä„" :string) -(merge-rule "\IeC {\k e}" "Ä™" :string) -(merge-rule "\IeC {\k E}" "Ę" :string) -(merge-rule "\IeC {\'l}" "ĺ" :string) -(merge-rule "\IeC {\'L}" "Ĺ" :string) -(merge-rule "\IeC {\textlnot }" "¬" :string) -(merge-rule "\IeC {\textmu }" "µ" :string) -(merge-rule "\IeC {\'n}" "Å„" :string) -(merge-rule "\IeC {\'N}" "Ń" :string) -(merge-rule "\IeC {\~~n}" "ñ" :string) -(merge-rule "\IeC {\~~N}" "Ñ" :string) -(merge-rule "\IeC {\'o}" "ó" :string) -(merge-rule "\IeC {\'O}" "Ó" :string) -(merge-rule "\IeC {\`o}" "ò" :string) -(merge-rule "\IeC {\`O}" "Ã’" :string) -(merge-rule "\IeC {\^o}" "ô" :string) -(merge-rule "\IeC {\^O}" "Ô" :string) -(merge-rule "\IeC {\~"o}" "ö" :string) -(merge-rule "\IeC {\~"O}" "Ö" :string) -(merge-rule "\IeC {\~~o}" "õ" :string) -(merge-rule "\IeC {\~~O}" "Õ" :string) -(merge-rule "\IeC {\textpm }" "±" :string) -(merge-rule "\IeC {\r a}" "Ã¥" :string) -(merge-rule "\IeC {\r A}" "Ã…" :string) -(merge-rule "\IeC {\'r}" "Å•" :string) -(merge-rule "\IeC {\'R}" "Å”" :string) -(merge-rule "\IeC {\r u}" "ů" :string) -(merge-rule "\IeC {\r U}" "Å®" :string) -(merge-rule "\IeC {\'s}" "Å›" :string) -(merge-rule "\IeC {\'S}" "Åš" :string) -(merge-rule "\IeC {\^s}" "Å" :string) -(merge-rule "\IeC {\^S}" "Åœ" :string) -(merge-rule "\IeC {\textasciidieresis }" "¨" :string) -(merge-rule "\IeC {\textasciimacron }" "¯" :string) -(merge-rule "\IeC {\.{}}" "Ë™" :string) -(merge-rule "\IeC {\textasciiacute }" "´" :string) -(merge-rule "\IeC {\texttimes }" "×" :string) -(merge-rule "\IeC {\u a}" "ă" :string) -(merge-rule "\IeC {\u A}" "Ä‚" :string) -(merge-rule "\IeC {\u g}" "ÄŸ" :string) -(merge-rule "\IeC {\u G}" "Äž" :string) -(merge-rule "\IeC {\textasciibreve }" "˘" :string) -(merge-rule "\IeC {\'u}" "ú" :string) -(merge-rule "\IeC {\'U}" "Ú" :string) -(merge-rule "\IeC {\`u}" "ù" :string) -(merge-rule "\IeC {\`U}" "Ù" :string) -(merge-rule "\IeC {\^u}" "û" :string) -(merge-rule "\IeC {\^U}" "Û" :string) -(merge-rule "\IeC {\~"u}" "ü" :string) -(merge-rule "\IeC {\~"U}" "Ü" :string) -(merge-rule "\IeC {\u u}" "Å­" :string) -(merge-rule "\IeC {\u U}" "Ŭ" :string) -(merge-rule "\IeC {\v c}" "Ä" :string) -(merge-rule "\IeC {\v C}" "ÄŒ" :string) -(merge-rule "\IeC {\v d}" "Ä" :string) -(merge-rule "\IeC {\v D}" "ÄŽ" :string) -(merge-rule "\IeC {\v e}" "Ä›" :string) -(merge-rule "\IeC {\v E}" "Äš" :string) -(merge-rule "\IeC {\v l}" "ľ" :string) -(merge-rule "\IeC {\v L}" "Ľ" :string) -(merge-rule "\IeC {\v n}" "ň" :string) -(merge-rule "\IeC {\v N}" "Ň" :string) -(merge-rule "\IeC {\v r}" "Å™" :string) -(merge-rule "\IeC {\v R}" "Ř" :string) -(merge-rule "\IeC {\v s}" "Å¡" :string) -(merge-rule "\IeC {\v S}" "Å " :string) -(merge-rule "\IeC {\textasciicaron }" "ˇ" :string) -(merge-rule "\IeC {\v t}" "Å¥" :string) -(merge-rule "\IeC {\v T}" "Ť" :string) -(merge-rule "\IeC {\v z}" "ž" :string) -(merge-rule "\IeC {\v Z}" "Ž" :string) -(merge-rule "\IeC {\'y}" "ý" :string) -(merge-rule "\IeC {\'Y}" "Ã" :string) -(merge-rule "\IeC {\~"y}" "ÿ" :string) -(merge-rule "\IeC {\'z}" "ź" :string) -(merge-rule "\IeC {\'Z}" "Ź" :string) -(merge-rule "\IeC {\.z}" "ż" :string) -(merge-rule "\IeC {\.Z}" "Å»" :string) -;; letters not in Latin1, 2, 3 but available in TeX T1 font encoding -(merge-rule "\IeC {\~"Y}" "Ÿ" :string) -(merge-rule "\IeC {\NG }" "ÅŠ" :string) -(merge-rule "\IeC {\ng }" "Å‹" :string) -(merge-rule "\IeC {\OE }" "Å’" :string) -(merge-rule "\IeC {\oe }" "Å“" :string) -(merge-rule "\IeC {\IJ }" "IJ" :string) -(merge-rule "\IeC {\ij }" "ij" :string) -(merge-rule "\IeC {\j }" "È·" :string) -(merge-rule "\IeC {\SS }" "ẞ" :string) diff --git a/krb5-1.21.3/doc/pdf/LatinRules.xdy b/krb5-1.21.3/doc/pdf/LatinRules.xdy deleted file mode 100644 index 99f14a2e..00000000 --- a/krb5-1.21.3/doc/pdf/LatinRules.xdy +++ /dev/null @@ -1,607 +0,0 @@ -;; style file for xindy -;; filename: LatinRules.xdy -;; -;; It is based upon xindy's files lang/general/utf8.xdy and -;; lang/general/utf8-lang.xdy which implement -;; "a general sorting order for Western European languages" -;; -;; The aim for Sphinx is to be able to index in a Cyrillic document -;; also terms using the Latin alphabets, inclusive of letters -;; with diacritics. To this effect the xindy rules from lang/general -;; got manually re-coded to avoid collisions with the encoding -;; done by xindy for sorting words in Cyrillic languages, which was -;; observed not to use bytes with octal encoding 0o266 or higher. -;; -;; So here we use only 0o266 or higher bytes. -;; (ÅŠ, Å‹, IJ, and ij are absent from -;; lang/general/utf8.xdy and not included here) -;; Contributed by the Sphinx team, 2018. - -(define-letter-group "A" :prefixes ("¶")) -(define-letter-group "B" :after "A" :prefixes ("·")) -(define-letter-group "C" :after "B" :prefixes ("¸")) -(define-letter-group "D" :after "C" :prefixes ("¹")) -(define-letter-group "E" :after "D" :prefixes ("º")) -(define-letter-group "F" :after "E" :prefixes ("»")) -(define-letter-group "G" :after "F" :prefixes ("¼")) -(define-letter-group "H" :after "G" :prefixes ("½")) -(define-letter-group "I" :after "H" :prefixes ("¾")) -(define-letter-group "J" :after "I" :prefixes ("¿")) -(define-letter-group "K" :after "J" :prefixes ("À")) -(define-letter-group "L" :after "K" :prefixes ("Á")) -(define-letter-group "M" :after "L" :prefixes ("Â")) -(define-letter-group "N" :after "M" :prefixes ("Ã")) -(define-letter-group "O" :after "N" :prefixes ("Ä")) -(define-letter-group "P" :after "O" :prefixes ("È")) -(define-letter-group "Q" :after "P" :prefixes ("Ê")) -(define-letter-group "R" :after "Q" :prefixes ("Ë")) -(define-letter-group "S" :after "R" :prefixes ("Ð")) -(define-letter-group "T" :after "S" :prefixes ("Ú")) -(define-letter-group "U" :after "T" :prefixes ("à")) -(define-letter-group "V" :after "U" :prefixes ("å")) -(define-letter-group "W" :after "V" :prefixes ("æ")) -(define-letter-group "X" :after "W" :prefixes ("ë")) -(define-letter-group "Y" :after "X" :prefixes ("í")) -(define-letter-group "Z" :after "Y" :prefixes ("ð")) - -(define-rule-set "sphinx-xy-alphabetize" - - :rules (("À" "¶" :string) - ("Ä‚" "¶" :string) - ("â" "¶" :string) - ("Ä" "¶" :string) - ("à" "¶" :string) - ("Ã…" "¶" :string) - ("Ã" "¶" :string) - ("Ã" "¶" :string) - ("á" "¶" :string) - ("ã" "¶" :string) - ("Â" "¶" :string) - ("ă" "¶" :string) - ("Ã¥" "¶" :string) - ("Ä…" "¶" :string) - ("ä" "¶" :string) - ("Ä„" "¶" :string) - ("æ" "¶º" :string) - ("Æ" "¶º" :string) - ("ć" "¸" :string) - ("ĉ" "¸" :string) - ("ç" "¸" :string) - ("ÄŒ" "¸" :string) - ("Ä" "¸" :string) - ("Ĉ" "¸" :string) - ("Ç" "¸" :string) - ("Ć" "¸" :string) - ("Ä" "¹" :string) - ("Ä" "¹" :string) - ("ÄŽ" "¹" :string) - ("Ä‘" "¹" :string) - ("ê" "º" :string) - ("Ę" "º" :string) - ("Äš" "º" :string) - ("ë" "º" :string) - ("Ä›" "º" :string) - ("é" "º" :string) - ("È" "º" :string) - ("Ë" "º" :string) - ("É" "º" :string) - ("è" "º" :string) - ("Ê" "º" :string) - ("Ä™" "º" :string) - ("Ä" "¼" :string) - ("ÄŸ" "¼" :string) - ("Äž" "¼" :string) - ("Äœ" "¼" :string) - ("Ä¥" "½" :string) - ("Ĥ" "½" :string) - ("Ã" "¾" :string) - ("Ã" "¾" :string) - ("ï" "¾" :string) - ("ÃŽ" "¾" :string) - ("î" "¾" :string) - ("ı" "¾" :string) - ("İ" "¾" :string) - ("í" "¾" :string) - ("ÃŒ" "¾" :string) - ("ì" "¾" :string) - ("Ä´" "¿" :string) - ("ĵ" "¿" :string) - ("Å‚" "Á" :string) - ("Å" "Á" :string) - ("ľ" "Á" :string) - ("Ľ" "Á" :string) - ("Å„" "Ã" :string) - ("Ń" "Ã" :string) - ("ñ" "Ã" :string) - ("ň" "Ã" :string) - ("Ñ" "Ã" :string) - ("Ň" "Ã" :string) - ("Õ" "Ä" :string) - ("Å" "Ä" :string) - ("ó" "Ä" :string) - ("ö" "Ä" :string) - ("ô" "Ä" :string) - ("Å‘" "Ä" :string) - ("Ø" "Ä" :string) - ("Ö" "Ä" :string) - ("õ" "Ä" :string) - ("Ô" "Ä" :string) - ("ø" "Ä" :string) - ("Ó" "Ä" :string) - ("Ã’" "Ä" :string) - ("ò" "Ä" :string) - ("Å“" "ĺ" :string) - ("Å’" "ĺ" :string) - ("Ř" "Ë" :string) - ("Å™" "Ë" :string) - ("Å”" "Ë" :string) - ("Å•" "Ë" :string) - ("Å" "Ð" :string) - ("Åš" "Ð" :string) - ("È™" "Ð" :string) - ("ÅŸ" "Ð" :string) - ("Åœ" "Ð" :string) - ("Å›" "Ð" :string) - ("Ș" "Ð" :string) - ("Å¡" "Ð" :string) - ("Åž" "Ð" :string) - ("Å " "Ð" :string) - ("ß" "ÐÐ" :string) - ("Èš" "Ú" :string) - ("Ť" "Ú" :string) - ("È›" "Ú" :string) - ("Å¥" "Ú" :string) - ("û" "à" :string) - ("Å­" "à" :string) - ("ů" "à" :string) - ("ű" "à" :string) - ("ù" "à" :string) - ("Ŭ" "à" :string) - ("Ù" "à" :string) - ("Ű" "à" :string) - ("Ü" "à" :string) - ("Å®" "à" :string) - ("ú" "à" :string) - ("Ú" "à" :string) - ("Û" "à" :string) - ("ü" "à" :string) - ("ÿ" "í" :string) - ("Ã" "í" :string) - ("Ÿ" "í" :string) - ("ý" "í" :string) - ("Å»" "ð" :string) - ("Ž" "ð" :string) - ("Ź" "ð" :string) - ("ž" "ð" :string) - ("ż" "ð" :string) - ("ź" "ð" :string) - ("a" "¶" :string) - ("A" "¶" :string) - ("b" "·" :string) - ("B" "·" :string) - ("c" "¸" :string) - ("C" "¸" :string) - ("d" "¹" :string) - ("D" "¹" :string) - ("e" "º" :string) - ("E" "º" :string) - ("F" "»" :string) - ("f" "»" :string) - ("G" "¼" :string) - ("g" "¼" :string) - ("H" "½" :string) - ("h" "½" :string) - ("i" "¾" :string) - ("I" "¾" :string) - ("J" "¿" :string) - ("j" "¿" :string) - ("K" "À" :string) - ("k" "À" :string) - ("L" "Á" :string) - ("l" "Á" :string) - ("M" "Â" :string) - ("m" "Â" :string) - ("n" "Ã" :string) - ("N" "Ã" :string) - ("O" "Ä" :string) - ("o" "Ä" :string) - ("p" "È" :string) - ("P" "È" :string) - ("Q" "Ê" :string) - ("q" "Ê" :string) - ("r" "Ë" :string) - ("R" "Ë" :string) - ("S" "Ð" :string) - ("s" "Ð" :string) - ("t" "Ú" :string) - ("T" "Ú" :string) - ("u" "à" :string) - ("U" "à" :string) - ("v" "å" :string) - ("V" "å" :string) - ("W" "æ" :string) - ("w" "æ" :string) - ("x" "ë" :string) - ("X" "ë" :string) - ("Y" "í" :string) - ("y" "í" :string) - ("z" "ð" :string) - ("Z" "ð" :string) - )) - -(define-rule-set "sphinx-xy-resolve-diacritics" - - :rules (("Ĥ" "£" :string) - ("ó" "£" :string) - ("ľ" "£" :string) - ("Ř" "£" :string) - ("Ä" "£" :string) - ("Ä" "£" :string) - ("Äš" "£" :string) - ("Ä¥" "£" :string) - ("ÄŒ" "£" :string) - ("Ä´" "£" :string) - ("Ä›" "£" :string) - ("ž" "£" :string) - ("ÄŽ" "£" :string) - ("Å™" "£" :string) - ("Ž" "£" :string) - ("ı" "£" :string) - ("Ť" "£" :string) - ("á" "£" :string) - ("Ä" "£" :string) - ("Ã" "£" :string) - ("ň" "£" :string) - ("Å " "£" :string) - ("Ň" "£" :string) - ("ĵ" "£" :string) - ("Å¥" "£" :string) - ("Ó" "£" :string) - ("ý" "£" :string) - ("Äœ" "£" :string) - ("Ú" "£" :string) - ("Ľ" "£" :string) - ("Å¡" "£" :string) - ("Ã" "£" :string) - ("ú" "£" :string) - ("Åš" "¤" :string) - ("ć" "¤" :string) - ("Å" "¤" :string) - ("Å‚" "¤" :string) - ("Å„" "¤" :string) - ("À" "¤" :string) - ("Ź" "¤" :string) - ("à" "¤" :string) - ("Ń" "¤" :string) - ("Ä" "¤" :string) - ("ÿ" "¤" :string) - ("Å›" "¤" :string) - ("Äž" "¤" :string) - ("ÄŸ" "¤" :string) - ("Ù" "¤" :string) - ("İ" "¤" :string) - ("Ä‘" "¤" :string) - ("ù" "¤" :string) - ("Èš" "¤" :string) - ("é" "¤" :string) - ("Å•" "¤" :string) - ("Ć" "¤" :string) - ("È›" "¤" :string) - ("ò" "¤" :string) - ("ź" "¤" :string) - ("Ã’" "¤" :string) - ("Ÿ" "¤" :string) - ("Å”" "¤" :string) - ("É" "¤" :string) - ("ĉ" "¥" :string) - ("ô" "¥" :string) - ("Ã" "¥" :string) - ("Å" "¥" :string) - ("Å»" "¥" :string) - ("Ä‚" "¥" :string) - ("Åœ" "¥" :string) - ("ñ" "¥" :string) - ("Å­" "¥" :string) - ("í" "¥" :string) - ("È" "¥" :string) - ("Ô" "¥" :string) - ("Ŭ" "¥" :string) - ("ż" "¥" :string) - ("Ñ" "¥" :string) - ("è" "¥" :string) - ("Ĉ" "¥" :string) - ("ă" "¥" :string) - ("â" "¦" :string) - ("û" "¦" :string) - ("ê" "¦" :string) - ("Õ" "¦" :string) - ("õ" "¦" :string) - ("È™" "¦" :string) - ("ç" "¦" :string) - ("Â" "¦" :string) - ("Ê" "¦" :string) - ("Û" "¦" :string) - ("Ç" "¦" :string) - ("ì" "¦" :string) - ("ÃŒ" "¦" :string) - ("Ș" "¦" :string) - ("ö" "§" :string) - ("Ö" "§" :string) - ("ÅŸ" "§" :string) - ("ů" "§" :string) - ("ë" "§" :string) - ("ã" "§" :string) - ("î" "§" :string) - ("ÃŽ" "§" :string) - ("Ã" "§" :string) - ("Åž" "§" :string) - ("Å®" "§" :string) - ("Ë" "§" :string) - ("ï" "¨" :string) - ("Å" "¨" :string) - ("Ã" "¨" :string) - ("Ę" "¨" :string) - ("Å‘" "¨" :string) - ("Ü" "¨" :string) - ("Ã…" "¨" :string) - ("ü" "¨" :string) - ("Ä™" "¨" :string) - ("Ã¥" "¨" :string) - ("Ä" "©" :string) - ("ű" "©" :string) - ("Ø" "©" :string) - ("ø" "©" :string) - ("Ű" "©" :string) - ("ä" "©" :string) - ("Ä„" "ª" :string) - ("Ä…" "ª" :string) - ("Å“" "ÿ" :string) - ("ß" "ÿ" :string) - ("Æ" "ÿ" :string) - ("Å’" "ÿ" :string) - ("æ" "ÿ" :string) - ("e" "¢" :string) - ("t" "¢" :string) - ("L" "¢" :string) - ("Y" "¢" :string) - ("J" "¢" :string) - ("a" "¢" :string) - ("p" "¢" :string) - ("u" "¢" :string) - ("j" "¢" :string) - ("b" "¢" :string) - ("G" "¢" :string) - ("U" "¢" :string) - ("F" "¢" :string) - ("H" "¢" :string) - ("i" "¢" :string) - ("z" "¢" :string) - ("c" "¢" :string) - ("l" "¢" :string) - ("A" "¢" :string) - ("Q" "¢" :string) - ("w" "¢" :string) - ("D" "¢" :string) - ("R" "¢" :string) - ("d" "¢" :string) - ("s" "¢" :string) - ("r" "¢" :string) - ("k" "¢" :string) - ("v" "¢" :string) - ("m" "¢" :string) - ("P" "¢" :string) - ("y" "¢" :string) - ("K" "¢" :string) - ("q" "¢" :string) - ("S" "¢" :string) - ("I" "¢" :string) - ("C" "¢" :string) - ("M" "¢" :string) - ("Z" "¢" :string) - ("T" "¢" :string) - ("W" "¢" :string) - ("B" "¢" :string) - ("h" "¢" :string) - ("x" "¢" :string) - ("X" "¢" :string) - ("f" "¢" :string) - ("E" "¢" :string) - ("V" "¢" :string) - ("N" "¢" :string) - ("O" "¢" :string) - ("o" "¢" :string) - ("g" "¢" :string) - ("n" "¢" :string) - )) - -(define-rule-set "sphinx-xy-resolve-case" - - :rules (("Ú" "8" :string) - ("Ÿ" "8" :string) - ("Ç" "8" :string) - ("Ĉ" "8" :string) - ("Å”" "8" :string) - ("Ľ" "8" :string) - ("Å®" "8" :string) - ("Ã" "8" :string) - ("É" "8" :string) - ("Ë" "8" :string) - ("Ș" "8" :string) - ("ÃŒ" "8" :string) - ("Ê" "8" :string) - ("Ň" "8" :string) - ("Ä„" "8" :string) - ("Å " "8" :string) - ("Û" "8" :string) - ("Åž" "8" :string) - ("Ć" "8" :string) - ("Ã’" "8" :string) - ("Äœ" "8" :string) - ("Ñ" "8" :string) - ("Ó" "8" :string) - ("ÃŽ" "8" :string) - ("Ã" "8" :string) - ("Ã" "8" :string) - ("Èš" "8" :string) - ("Ã…" "8" :string) - ("Äž" "8" :string) - ("Ü" "8" :string) - ("È" "8" :string) - ("Ô" "8" :string) - ("İ" "8" :string) - ("Ű" "8" :string) - ("Ù" "8" :string) - ("Ŭ" "8" :string) - ("Â" "8" :string) - ("Ť" "8" :string) - ("Ń" "8" :string) - ("ÄŽ" "8" :string) - ("Ź" "8" :string) - ("Ž" "8" :string) - ("Ä" "8" :string) - ("Åœ" "8" :string) - ("ÄŒ" "8" :string) - ("Ä´" "8" :string) - ("Ö" "8" :string) - ("Ø" "8" :string) - ("Å»" "8" :string) - ("Å" "8" :string) - ("Ä‚" "8" :string) - ("Äš" "8" :string) - ("Å" "8" :string) - ("Õ" "8" :string) - ("Ę" "8" :string) - ("Ã" "8" :string) - ("À" "8" :string) - ("Ĥ" "8" :string) - ("Ä" "8" :string) - ("Åš" "8" :string) - ("Ř" "8" :string) - ("Ã" "8" :string) - ("Å’" "89" :string) - ("Æ" "89" :string) - ("ì" "9" :string) - ("è" "9" :string) - ("Ä…" "9" :string) - ("Å¡" "9" :string) - ("ú" "9" :string) - ("Ã¥" "9" :string) - ("ă" "9" :string) - ("Ä™" "9" :string) - ("ü" "9" :string) - ("ź" "9" :string) - ("ò" "9" :string) - ("Å¥" "9" :string) - ("È›" "9" :string) - ("ĵ" "9" :string) - ("Å•" "9" :string) - ("ż" "9" :string) - ("ä" "9" :string) - ("ý" "9" :string) - ("ù" "9" :string) - ("á" "9" :string) - ("é" "9" :string) - ("Ä" "9" :string) - ("ň" "9" :string) - ("Å›" "9" :string) - ("ø" "9" :string) - ("í" "9" :string) - ("Ä‘" "9" :string) - ("ı" "9" :string) - ("ÄŸ" "9" :string) - ("î" "9" :string) - ("ã" "9" :string) - ("à" "9" :string) - ("Å™" "9" :string) - ("Å‘" "9" :string) - ("ů" "9" :string) - ("È™" "9" :string) - ("ÿ" "9" :string) - ("ë" "9" :string) - ("Å­" "9" :string) - ("ç" "9" :string) - ("ű" "9" :string) - ("ñ" "9" :string) - ("õ" "9" :string) - ("Ä›" "9" :string) - ("ÅŸ" "9" :string) - ("ž" "9" :string) - ("Ä" "9" :string) - ("Å" "9" :string) - ("Å„" "9" :string) - ("û" "9" :string) - ("Å‚" "9" :string) - ("Ä" "9" :string) - ("Ä¥" "9" :string) - ("ê" "9" :string) - ("ô" "9" :string) - ("ĉ" "9" :string) - ("â" "9" :string) - ("ć" "9" :string) - ("ï" "9" :string) - ("ö" "9" :string) - ("ľ" "9" :string) - ("ó" "9" :string) - ("æ" "99" :string) - ("ß" "99" :string) - ("Å“" "99" :string) - ("N" "8" :string) - ("V" "8" :string) - ("O" "8" :string) - ("X" "8" :string) - ("E" "8" :string) - ("P" "8" :string) - ("K" "8" :string) - ("T" "8" :string) - ("Z" "8" :string) - ("M" "8" :string) - ("C" "8" :string) - ("I" "8" :string) - ("S" "8" :string) - ("B" "8" :string) - ("W" "8" :string) - ("D" "8" :string) - ("R" "8" :string) - ("H" "8" :string) - ("F" "8" :string) - ("Q" "8" :string) - ("A" "8" :string) - ("G" "8" :string) - ("U" "8" :string) - ("J" "8" :string) - ("Y" "8" :string) - ("L" "8" :string) - ("o" "9" :string) - ("n" "9" :string) - ("g" "9" :string) - ("x" "9" :string) - ("f" "9" :string) - ("y" "9" :string) - ("q" "9" :string) - ("h" "9" :string) - ("w" "9" :string) - ("s" "9" :string) - ("d" "9" :string) - ("v" "9" :string) - ("k" "9" :string) - ("r" "9" :string) - ("m" "9" :string) - ("z" "9" :string) - ("c" "9" :string) - ("i" "9" :string) - ("l" "9" :string) - ("b" "9" :string) - ("j" "9" :string) - ("a" "9" :string) - ("p" "9" :string) - ("u" "9" :string) - ("t" "9" :string) - ("e" "9" :string) - )) - -(use-rule-set :run 0 - :rule-set ("sphinx-xy-alphabetize")) -(use-rule-set :run 1 - :rule-set ("sphinx-xy-resolve-diacritics")) -(use-rule-set :run 2 - :rule-set ("sphinx-xy-resolve-case")) diff --git a/krb5-1.21.3/doc/pdf/admin.pdf b/krb5-1.21.3/doc/pdf/admin.pdf deleted file mode 100644 index bf21d4e21c889f72b3e7c460021d1735aea4a3b0..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 648892 zcma%iV~{Az)@Ao;+qQMuwr$(CZQHi(?$fqy+qT_3XJX#Wyom4qxb-75cV%T&L`Ckk zwvt3nNQ9c6h8dD%c5!GGk{+K9-`2nal8XzHR?67M)X5B=jfoNe|6Gu?BIZ_3#t!(j zB3AlN#zMx1wnoN~JUoz&P7cQU){t)N*2>bh`*iSKC#r66$?HHvGNY=&aaloP*v-|D z8du4rC6P*q$h)(?JwA*`>ov~+9=JW}?hjdPth_lZNE^?!Hi%o6Px~@o#%7yEpKaWr ztgOmATCg>oyc{d-E}PukWheQz%hy#l6Ut5J&nKL+I?huc#m+<*KSljrR~@pD?`0d& zAKYtc;h_4BygeV$mQwC{EFyEqw5(ar-YMD;r*q>EmI=)%c*LCME-gLQ@XOTNx*`aXr4ro%jAGJw+Ii1mt; z)XDUc$TjREM*2DhB!;3ODJ177qe#%1(U}>!hJP2Hl4FOOeOrO0ueb_iumnY7(3Q;U zrvr!vQArh<4%VMm8pf#hLKs42IoLpE*=N17pDg#L9MnmpZKkr3j6m&1L<>qI+0*QY zFe3*k?wdJeo@avBVASC82kyO#2jDFqon*vRziTOGAEAAZmiLVGLhWg@L7nNThXS(B zMbXQSyQAV7A2!`Bdsv|lT>LhIwpJf(O;RjWlrY(Wqt2u^4+rJ|79=%>Fl3rm7#O~-(qfE-3ArNS8KtTK>#8be1q&>yoHM#n$tGkBbGuS5UL0xJxq`YWA| zsrw4FeZt3oXFZh;ntnmtsryPisryE#J1plKr2M_btNOOzoY-Hk&OSPnM&?<#`v_d z1{R7=){wL^`1Evi|64a59G&pl7})=x=F&4WF#lW4ol=*!#bSl;x=_7EKiU1=BaSbo z&m=9+Mh>|O0=dXuMKXj)sHr(7bK$!q+JqU=F|oB2x_~QXNpU@y={}H7K%&+Moe0tx zB{}5Q*GeDdNXlk{jD(q(Ax?tfD#hV-lm7gwLr1hJCT5at*iT1BXP(~367~>B%>EE^ zpnc4}y#!B1Vzk>c)PjqdF9~r|MV6=-q zjM+R*6`<^TC^NotG<_KH6qioiG{QJ})Cagi$#Y-(C0o34IF9{^ zcNg6u&mx9ij{LZ01htf^M_UzDCbcup3x2dkH!RQ`&?nY(oFJJ|yAa}-fdIIqnEk|5id`)y}^PBDZ=MH{%Xhtt1 zHFW39i$6OsT}A2Wt9SNm@Lq`T?sHBP%9M^vVhCicdJ@w*B^d44FEJPZfVb^ z%ftq@zCjGcC{L%w>B)zS_StIxT$gL-o(_1=FKHxEe+>=u?mXQ%Ft&+s4b!daEzex|!b(n~O0z2SzlEokIAF)mLzX}@`8RrJ`hUnWIk_uSxCJ;y$6 z1EsJX0bYzE$%>rU>c6JPeJ#V|5G-kRYdh~GR1`Fv^#a_cC)h(i{Vb)Iqry-t*H3() zA&0DeEeGFGO8e_BjQEHMNs@VN<(##1#s|uR2benSFiicLa_nDORGm_8AwDigkfUdg z;?ziNp0?U@4kz-kT;mcoXKWMZ%2m`UHJ_gpK7J07#NIA@0^JSu&pgzH3rA}^M!Z_l z65Ui?3{-N$Syee~q@TJ1R_bv|kLQs#UM4@i_7RqR`S8pzusIkqS|8<}YZs09lHFQ& z64AW6ZOoJA7AhM9&n|k)m#XZ8No`hij#bH=!(? zWJ%qHl~>>X+x+V+ehers*?cam3z{K0JYRUdT=oOr*yDJ;`X2WeSY{fnbcajx;c)XX zVP>t&&0ES~JHF5Xa(_!WNM?Ajxd+C(gI)q&wbpUUVM501>a;Fvja20TW%FY?OP)mH zX_l48HQPPR0H^H5lwibXy}c!!tmd%WhFj0boBN1~GWPjd-_(};D zBsFqkW>3$&4q?j9_C~0-Slcqwukv{buOzS+o}KcP_XmISFEQRIo$Tmu(D{fZ(ErIX z40KHYl4V$#{)=T8+5Rod45{7NBC*4N<@EI9or(YXzS4#u01O72)1e|KlUezwBQ{5h zXOYi9ed_69^`Bf;_hf|-7OQq;ZQhyebjS5nl_V;fWdK*)RR~jns!oz?A5?}?&QoRo zEYx(*4;*Sj2KCmE)bH$D0#^*lSyox)o8f1}x6lSZp_?J!179)QGw-zTPd#PT2|9A5 z_{FVB0U2s)DI^atqtPlj!=I$HrvXkvon>z)hk9y%D+eOw3`>)kJDqrAH=itkp|+?4 zX-wVkPhkwPqM45k_~C~o@XYtj#0{_pqzr}+cAF0r7g#*%uO+t%I2sH@yDNf1QZj&| zeBMwBg`b+15A{lnB85DdIrtm16h2>vK?*koT{PipT;r3CK4;u_iS!gcK}9^Vj*u@ZrUys>(e6Zh8oYRcP8i> z9L${&_ZOX5*4=KX8xy}}hCfy)#%MMLaZVhUqM8!{i(_;SPRaOhP2MouCn6AWf1U5XNJ|z6fYn(P}(@?I;Jsskjv= z#^Z4ODS?rqTxw`TK7Amxhb}&w&^}PkZ-!GSvx7B8`&)VJPj>Fih(N)+!{cYDFPM+W zyT|ufZ_Ag#hm$U{lUu}}J#36Gu_;TN>EdK3Z~iF+IJPxO17EQ1l@AMD*8Cm?#=H{Q zDV`na^0ty=gW3ht)H`?nsjLi5P@UU@2E*0pYsS+7bVuwC?*-r-<%e?zohcCj80lGG zq#)?kSrBFvPG0>E*2T{io9a=uOh&JvJk`vA6pY#88C~2NPclvzZTgqM)nPkDEJ{Pe z{?XLUDE6^bEc^@T`y}=>W4Yy^Qz@jgq>Puv&cb8bZcfiug;FbH!QvWC8RXy*L#`!B=~)td~1R zjSYv0D2FhmKVgcG^;qSv&LlfV5 z-e;}1xe9{b3oV+_rxn-V;x=kkPRmJHjwQ5hKa^GDF$X!lwAoq6b9f(ZpO;_}v__7M zS3`0oJ%)nKQ&wwLQbe%DwGmgU9c}+4YdyT44Rp6-&$ye`;FZEueV!FkpKj8y8IKAN z%nNhjuZN37uYcvNOjd^Ss$#$A-8pKH55rJw4RUSXmHAvej{t74piJ#gRnOoW2beb{ zts3lH6DB}!ZM5z)c6c*Vhu*zcQT1w1et2iL#jS~-bI8{hRkD>+@tV}nn{queXxiO3 z&3t$As%zI|2OMj*wh&I1NNi9PMjtfpu^k)E$9rW~SUw@@B7L-8K&uy)WPJ~I!ys}o zMVgctMIjE#95~uLF<`rp&znqWN#Aa*$H#l)xFBZ5t%!T!+wPDsYW9;lJ4b%$*ZJ>r zI^-aq6Xb%_v_FqZP1Wu|UMMez+-hRX_DDUc)>B2YWl@9N_(YP%s=?E`g>w^r&=mJH zwgxPH3fWezMY!hrH0=ZxuzVwNURMS&rA{p@A7~PPZ2-Tm)CYcLyX3{)xgytYOk5d% zG3(?(<+QBwFNddIxQ5G;4ZN~B<5b!-RR6~N(nBn77b|}!wm)umXRybd{b$zmccT9S=DE=9=c?>|4{fcqLsy#b?tJ>DTxQp!C{+SoZDEpt3!$imY zFDZwO_5V{23-iBsY&14({yH|^E2_8jfEuRmC%^dp{)jIS@*^&q=YAU09;)36R}hcb z^>mvyqo@{=lt&tu!j*_1vvWBf3(%~TFcct`KnhTKEee1VMJWl0hssj_fp~Qi0E14{ zQL_w|Pp<1bP=v%g?Lgpv_m@{0l~54%(=!8RqCEHaD2Im75JO@DCM!xNb|c8{zb^^U ztM85%c!z|-1mYKDG#Qr@B-kC*SV+S}Cjpk!s}9NwW?-7&05^(#g1125r_BG&hd~y6 zkAmt98qf@MP&JDJ%?OMACrz8$sdAPI9C#@Z>?m(G5M0?%{-zK543K)=Y!#(wmYM=z zj?)+vbkYn?QOeKcrryKvIAgUezYWw*QBc?tBtK~o4x>D8DS-s@b5$at30Aaj_ z`rEuG0ON92vkb^7<|#igYwI&IS}kL7brAm)0Jc)fb9(qc7;3A>PMoBC_+T&KUxL%_UA%18L6sRY2_JdXTeaUa`5KyLF`2SK?` zslR~XJS2_!18*TbdYj;c5V=k*1-WOnJXz~*_4w)v$oP71P;sFvnuYwpGsJ$K`4{*l z{i1ksL%>FLzSXnq-RA?YLlPHD(i_-4lDykj>vUs%V?dzY4l{j_Z$y{1iP?y$-kZr)Qhs7&MzXLeV=pz4no_l}DNi5j&U_sZH>P~&DlQ41B9^fTrBMmh83MeT zmE`fc>-5unviHq55t`zvdDNyq=NVoB({yt_W!g(5^~n~AtW_a%Ce9WyS7I3X8{3eb z%0y?9TxvWGH`j8(=FfJxaf%=ATzH1g-8Ofzq$-^oSD#E2|MZxmHs9a<2~M`Lq&h)( zC9KHtG3CsNTsSje;=Bi=)wyYtoq1gmCpKdLra8BuZdd!dLV`}n%sWqcT8Du@oX-jE53JzZrATC=0p)a z-V{DGUUPioBSP$0zL7t2*1Fy(Ommz*czurxA!%;sCG?vo?Zolx6m9oJ)LHKvF6ZDz?~0?58I?tSRE<|K!xEmpsX9M)Z!dr0E#x^eJI! zQrI(lEsB{m8R$kpvyE}DtX2C9*qAZfS|1b$Bz1*t@D*`!9o752R` z_9R5%6=k%63TyA@Jv@xUT`<)K1be)U+2Vz-QLc$z%Cp+?B4S7`w;QQHi&5x#LcKnp z2H~xWF*MP_L#*EJ@v}B^7>5!nEyMfGnOXmvxZxb@R&if%og1uFyDJQK(aV(qX`4t4=eT=_s+YG=MuZFWaI?dHL&j< zi5;$W_nvn;RIsEBzqz1{&}6CFH}6Z8Ce=g>L~IrJ7|X{cltpCWcN$(ZLwv%1AWZAY zi`fHV#ipmf4;O5UFU=Z;DMGU+lZ}OanGITUKZ{4 zHyz)m*+yzdS@&$WxSKp?uGERmlks)TKNz&y#ftaev^wpflh@PxSa`ftn2M9*O{~xl zz;RLP9X-US_-#^FvTsj(=U(3UDzb$u%Z+89kNOKgB=((4UBg);dOs3xMGYvmpFdkj znr#>=*JiB)k|Rg&s-O1;;}3NkitR=3`pQ#brd#scA+65Dg!|OAT8uswl#_W29&Ox2{!}nzk$!JF@po?X6)4-0qE~q;m0fvqd~=8Dxc0 zIGWh6=vVMe;P%fC?wklt`(egJ;08Fh9E^`m$D6k9=DT?aiq5Eh^u1){@jZErd;yQ< zemy_cpc%j(ezv3F6$v)1yUJj)&J~$B1)$n4aL@iN}y8*Z~K>*J>CgZbaW4TrYYEr@6BVGSyu76_4t}^wA_qW74LZS*e56ai zTfJ(DTt6!UOoCGuki=U*v^o%wYEgJ_H5Tz`wgRMH49N9Ez&=gMa028%{O5rFSukTb z7~a~8tFb{T;Fd~ zQDEPR8KGV}AZ)%HLlUg&*@yU!&0N-LJ;(X76SXIw?;)N|p^|FZi&BZ}y5()Povm>bNq2TlxM_M=GHkB za5@Rxpp?vIhfZIohEpT(>FdI}{tCG~Jj(2ZeUM8oSey*A=%u~pW?sxaqT%w*WH^wo z@s+HYx+iyrP@Nn%p$p-ixj{Qv%PBA+?=Ct{%B<~-%C+7+srlNt^?prYx|EBNaJJpb zvYoT*Q_f5Ga#mOh`29|ZnSsnpmxyBN>JAWMSv|ELFTXL_e(ppcO)VvwRo7H5-VIl! zDy)KNY;3&sj1s4o@R4y+JO3M>TkCgV@@~c8cYH?SBK8S}uiVqSKNQxEXpIY5R`Cw{ z0~Kv85R2!cZE0O3PD_9F*jBUMPj8y?jqG)Ho#_lmPgY?GRJh7a*hu#&B)a|BoOmWQfeISGy8^J_a^ zQJpZ)ZNfS>jZMi?%8%7p^l<;P%D`7Q>`QL9*96Y3pR8x87kXt(9q&7R`O&#<_I5Yp zd&_5;TUspVRSS|v%wsNQ=;Hb9D=Qq^b*I~@Gz~6Jr9OncY75*K?-tJ^tPNhf)5j`* z&gneN0rUOfpTn`RAI_r`v@by)!|t;KYnNoE&u5|vs1%ln{X zW%;+LJf*r}fh`K}om+b<%DJoTs`^yii!MbhfZq_H3XJtgDA_773aJO@^=x6D= znm%dONp+uho|BWKnCjSWsqF2ty|jy?4BZ!uOy2-iFfk?!i(VNiOczlY_Joc@av6KL z$~b(PW~gXruT>|rT^vUbn%b&olv=?}5T#l#?lBrsdOFEIF>K}3pD%h1MmtK~RcB&XQH zH#dl2P0c5RK|v4|mskV9P6fLe)Xyg}m~WPWGMZeE(FXFHwdt2S@LZwC9MKgeU?SvA zKTSv(6**-dJ->2ciYzda%qYEq0tS*pd_awn6e4Sek5McK{#98Y)M$j36UgY;1!SCJ z$FIZ9zi(eT2aX#0D1gQjQYL|@JXQ2cQXep1VkBIHwZ$ix1t;aYn%1;FBh+J_k zPeG^U#~CrI$%l)uNT?TEhHo+}3f%?%iVrFr5TJlXiB6mx;>SM@=;tP_VFwtP1XA0J ze;S}jCsw?Vf=(P(hd?KWqKslBnUOdi0IURwZnX6G@i3&mK+0zgWx7#*z&`xYfZ8|+ zQEF23Lp2Ga(ID}^w}=>|0wS7-zP5eiWz5uQ=+fA5IGG?|dUH0aojL)5T@`(JZc)w9464 zABw%PLnSlqQbQi~#Hil|re5qP8^YTJI9f(}M&ga|+eMjkmwt=#+g(@}Y-;dWbEP85 zc|iKw6t|@V^a25-noQfRXqd2y47@<>a&z%$6xaG7a={_rwo6{cg}ST&vvRkqYYphk zcpN$ysm|%T9Ccl7dyZ^*mmc_dBr&qaO-FyM*BrVGh{HWYww{o0sS&Iv6gf-SbQIC7 z>~OoNx8Y2Lo9g42zNn-rzocnWoE-GpBfZX^Gqs@JFVlHqEw<+Vn9dw_Jx#*z%Ve5> zbI1EMGkTjFytCZ}z;KToR_6b?^Um~BaNU^@d^~Xd0ZwAOBlDlSt_Gb5KNH;!IgFZiL-at^*zBl;2 z_@`DRHK%N@xLf2UQJV6Jxt!(FRb;Kc&1{SlbHoets@U6{7S7CetqWDeH|5xyf`&JK z{~i}P6%3_C)A^7GuEt zJ2Ejc{9BY-`j72+^S^D!c~IY&5oP6aN@Qitbrd7j4n$h`UqZzYk^&uHFP=37EB3>Q z(B$ENl06(p40mcBy{`Dh&w`O9C`qKGdo&hPe6r;<5)~kh_A~L7dIJ{~P9t>8iK2>z z)*%nflAr7Lb@|GJqo1P?mlr4tg9j|hWm?DM6~ZBF^MU1+>u9QxbFd{XgIq(9sVq=* z-Q_tOtSk|bs~seOC1tWv^GlScxq(5Vx!zw9Ba;ivsDvuGhLrRpN;-{#DcTFl#L(6I z_=72iXVXHlkOE)m^qA9M;8Rk>J@$~-9&Y!rtIPHZ=aIEx@KD;4lw@qpgrh08v0lsS zt5}egdk-_P$NWZi&4m480 z9lh<>R-aM@;CR3_1U4y6VvY+yr~D_%co@qA>Q+ilJ}_3#KlInJin=f`pe{PI zLs+9_`zplcVGbZi%LB-yX^wvIFo8(*UygCaG45tL_W;M_j7!KO*4E~@korIfu%l3- zp7L|Jj&MAFZH?r>yK((XAsTH{F0;eB2E_kblg~pFXJ2nl zY-!P?2RV@3JB+o18!fatIROi=H?qY^x?-O)1+x1@vEHQi_ZHRC8-L#Xsl5s9XXg?u zH8^&~zKt?R+`~lQI=?-5l^13pu)_C|qr-f5>|y_=X9BK_T5U4EB=%DVal#>Zw{H)Y z+TAX4EW%%GWjOrZ`i(i%ZPi#|ZpeDYI!^+8t&YY#cr#12wF|aTM-@`V+8`Q&P#Y%2 zHXB(YjMUMLS5bxgW5^LDklkl4V%0hiyq;Bwdz*dFC=~I>VNzW%skZtg{6Xy{;l#7z zTf?+^oeA{U`fT#izVr@=j{9!ahrJhG{T^iFcc?LaMXVvCZvwc9b*F^(2hw(i*nC{< z)KKwSuQMZUGKLFktLeXoK2E}3&Iax}w~uXP zj_axu)yGn7F3=0Zc3)1IbV*v4y!G8#uh3#9W#B`II!MBx(52L&9mDW&S3oP9L95nL z>MAb!GU&2XfBe44W@FLFu#fI?=uASlXurViSkc(o)(@p^?7Uq#v9_O_@*A=3C%=RX zdya&-X7I=+m)<^|f^_ZyU1z}LFVgSR8faXK2R@~wu4h(nhd0sCeI{9KACR1TX&Nl9 z7&T7@ifzkVuOpfk+sU#{hZ7j6H(Z*ge!n9hIs-jO!hYD;zrx87A3xEC>pnpGNT*hg z2+!Tld?F%}d0C1lvR7-k9HwENl85R~nxtN9KB#q{xK1JP=A5VwD$Aq1F3t?J(yAW{ z$f^;CL~V5Uo`hY@)104dn9P!Y^{;S8)_g;n`%rFi;b}{!u{^~8DZg=Gkyd>cbI_J} z9vJ_y4tNhaOF^(plid=EYY)y5cGL#quno%XChtCab#5C&gKbKQahd9FP#eh-Mg8J# ziQnLwQx9cHXuvIsC1`G{u${gy$5`{VLoM{Wm?G0U()F9@u(dxYw{>dlR5v z_D_(c>exNj=uXQ$B){+&=)BNIo$gdlmNgw$a5luQ<-|_^kqmJ5tFUNW&8fe$-@emK zb8LQW2_I4)aCi^wtO;+bT~Sw?^4AC34DkYLos!)LQ*k2C^6lR#Zw%sLC2w?kW=TwA zPSHAP*;-4~7{fP}Z6AbPc1}@Gzoy0u`2oBEr=j`>CSYLu?=qnO6zDOt{l^@|{}%;% zN)s`E3-mfqs5-%jk9&8)i0LBY@ZrJ-U<(1OpCQBbiTDvo_Ih_}D>Hj1E#QQfjv6{D zuS{+a3^_H9m-=ERE0J@Xt81i9MCWF_uV6s!leKA^FSo0wthZ~MZTAby8>+7c=`=9HZ(WZCfd1FbkHO2 zN;R!IjzyL_-43J^H%iE54NlMP@18YQOd~f1JR*ZfujX(LxVmm=RibiHaiKait%FO{ z>_OC%H=4Iio7YmwE`k+kgwTtiW>VgGEg84%*?f{Ef@9M&gNcrNB?(g)Ma>TCp83UK zf^*odRHXRy6+%m;*e-(?(1iqo26Rq|`1wL5Lc8evIKu22ltLh{Br`_42QO#3?Lo|G zVAG5AJAdWS$@rCO)dD|bB&Pe>Rr#Ave)MWp-5i9nc?>%a-Z93&lj%Nok$z3{m$qht zqM|S>X9B1-qCQdFCDdxkEJnft^?~JyDKWb zs$No&aC=6GCDws@%U=fGTMV^Cyf+I6_44F~Tr~c>XB>v+GfRG|F)J zTD_1wj;9JsAKAv&hxYD$+P#{q%v1FXjRN$97ICr0WMyOuWN8ok9+gKiwFL*H(6Qf{*MvzZ}z70giRqG^40@Nj&SibVRXGau`==) zOWs%k9P^S{GX)z?5h!88@AsDjLohAXMu08H9a@^dm7^_;bC0$j!#CvabEV%5iykGo zE+ePMC8rk?{H`aW)mU3m^9$VWxbGg7GlweH5z;F;zL-bSs=iv7+!kND;^!~T50qho zHo8x_YXc_FP>{7(Zv)_@xb(p8tMF8x)uD z2&E`Q0Bl&nktapxXA5S9rmaBoP|z?IA%r0|wRh8yDV!8nwYS`su%RSHs1Z#E#jSB!t_rTarA>o;H*>#Vty{e$nvNFujG=&yiNttGTW)xh$C)$NDL# zI63-kxK@r<5uJ^S?X-Umn#rV3p;Ym&Yr#u%89>)TKR*{Xl&py@i53(4eLsI!-TgFx z{2nJKsmL7$s5XFAGRjSZul{)9EMYg&Wm((z!TU`H#A zdtIy+cn7qFWc_${cj7wyv_-C5(BmCptu23Z**pph>&A@1n{&Rw%lV#o) z4f%U9b-N&!681&IJ3N$~3U^w7WFhPFscz+0Dzd3>`^u9s`Xoim52$B~ecXnOY)`DA zZ&0%LrLXB{I3Tz394{W_g#JJ3)PHA3|D#iX{Q>%aYuQ_?NZW3(A$NYLn!y3i3tISy zC2669ijDnpFjHLYGpLOjG=dpyAlL}~{8;L&A1GK2j7E5R-R>k{U)<8=WrgeJ?HmOA zP&V$_KeNN=c$M?r!8LVtoyzaHJh1ylFvR=V*jQ+}JaIc^xy#yGiJdyA(p(s~ZqXS8ncS;?-Iz2CVib)k2Eu;&>0I=J;nqfTA> zTzR~A!sQK``a3kgJZQz*ZukhFdF*V%j=e!>Vr15=Zs6&bF)zvSv3jA;EJfwf)jCV` z#`O7S8=f3(B(1-m9a*s77_#T=99mN-S8lf2So#h7g?9sO+S#ci=*S(6>ho?%smb(I zpfi_OL2IMl?%Q(EltaHR<%ohvi6Ws#)QVsQf(4faWn(Llps(CmH&OOJZhKaeGWYH>aV zy~$}h4Z9T|lojTC_ybk#^&`)3Y)3#-`kS52?7lWHlk^Aj%i`X3R)TeKw|1;2$^M>} z-X^F=Cog4gaMT={-h(~`{Y_d1`nv>QM0Xe=Ff;$VZ4k~}u$$x;%6n6P4|thzn{U8j{Fh<%-{n{GD+<0K z-zo1@=@-U5?p2Y+-;ft(W4aS;Z`hH&nTnc`T0q9NGGv$}us)&NVWZub^;kxjWT+TH4;Yi;ShT7O4$&Od6wnVQU zG9)3Nj;D$`-k@BPdpFje50&Ouv$kX22EEmX?8)9b_gUlLv^ez31&2JT4+<*%jdAFE zwNZ;tgNS&i^1CXKz9+=p1SwpW2I02h@ulxqSsvM33z?awCJTYmC1(#t8Qo$fXW9(X zx}*z_$_&yyew`G=(I3hiF*+&g_4Ez!M`ZVW|X3xt+{>`v^$14U)tO9~-=raS-cgqNc zcG~BwPj~Bq;17e4tLxqK$|0BTuxr$@{nZekVg|n%?ZF|J6osn$M z^ptdm_io;Hw+V{hG3;IuIe5HXxmr?L3VK(wZ4c%)KK;v~H_vo(%&mUWRP=_~Lb?q`%Y$ZpB34SKv)*%Hr0R5efz!_NHE zZ8W197Xh6I?f7U~Xhs9h{LNZuhYmGRt4mr)b*kULI@zrE=biDYC(%}HwEFC{@(wy|HT#`$s_p}C;UU|>Rwn6s*ufy2Bpsld zdDeDO#G3xn?wD$t3NfJDRN`+KWyM9CQlKo^rE_`<>X@4oaWL#+k}e=F;w*<0R1K1K zmJKkgFl+Fo83&X*N(zhbrQe~4B#e@0Lgd{b_f zY4V6U$xuNz6lAGt`^c*$-D4;H+C|EL#>B9wmCt|9_`Rr;7`krhRMusJW>HHaaK%iz zsG}IXZh0=}DLt@miBwZAEqK*LxTr(*x1(It$^1L_Am>>P+q7~maMdJS*0mh8ZfRZC z)ePOVqLTl-&atSoaof@)^}3-^lK-4SxVWtlvaVTi#GP(q@emDtZDlv4RTFaMj9scp zv@Lk|3tY8F@Fu15+?=iN_vaqY%1*k!57QiP&_RXcKVr&%2O|H2DGc=g{(P8mEVpex z9ejxEPXyML|3x;AuThagWZwDgGL}JJbU7gcJVaQ}4%C@k@>$dL&BJNTE*3ay#P^YS zJu#r*ANcgy4glS34O?)`^jg2V8Xzs(YS@Z6;+Na}?Q5-Ab#5+Bu;%_WLcwi7(NHU* zAiX(cEOSYrY8_ER7AmsDv83dnK)_%Z3r3x?ROj*gs$cfdF<(UO1q zP3-?X~Tt+KOeI!0y@pr>kV0&UKflEH5Q4yqt49RbSiKFhTpCS zz|%(?@2iV2IA4r3c8LGaFYFMjQ4BrUW_r=y*xp2YeT4)4LpafHb9qApo)1?bGs9Cr zGo+RH+L#eO0<^76ug(+#a*)kq=tj~2VXkgSeS$Enkk$x)DfW=rR_TcfccuVh2+H{4 zl3)rZlcq2O6tw|KB?G}X$5onJ_TPFu%!ym4_RUfz_*6|W zljE|;A0;+K?J zp??UYQmQ)0)Z?d-r@th4hL~uigrcjI8gB|RDoaDTWO{Tnk}ypTnHgc$dHGJK0yOImLvKg(=gRE`NG z)p}}zALH_ei1w^rhgl$qTS5xs5>pys{x+a~7Pde5I0%Q#p{li!cr$&&`yzdDmqK8D9n0BtNo&b3utumQ7s6ydxC~=_ z$jQREla{y5W@LF_q6!#7$jdJdQ%*L+MyVj zIUl^K1kv2G{{H?}0;5_MfVydvz&^l^hY!PF=`{lIi}Fbo9O>U)N|ZUiiDghw@8ha^aB*J8B8B zx-z!QpP}MRRFI!l!>Pzfi74EhxP?$DL|VPa25YbZI@Xtd(3c^|#EJbd82=EjXGGmO zFPH3jQmKouYzs`2Xw3ao)rv)Qw26D`XawNqBOe7_HCzvZ^|Inh>|y{1BSAtwlIqBF zoy=s$UiF{;AmcwEBLl;~&!;b`YyS0TQGI4=XA7Yhu@#bp%5B$Ju8e4|tPc9PoWP)l z6b!75$Ee0&8hU(Yq?@bC%om{R)PTcA1#<=l91lb_JX>;}w{y(jzCR{=RXv9t{ZFD) z;-kBso-Yq_*C+hH6HApdhPQF1);;vIdRy*mroVljTb9<~Y^$CWl85;(t8F^zm?`Im zBNzBEaNH|5KTdlzeiQwSJnX2T;i3B0_z2D^7>VD%<_Zkj{#bPpGFn9HQCLrY7`l5+nTiOw~n|Ec|*9F8EqH`f!aj-bMVm zx=F27&+oI+z*wzU;kVlBiH=_B?*-ZqZ86=R&j?G=8dhmjb1_R|M|pMX!%K}{{;n*! z=Km_V?l6TkQp89WK}eSCP?z>c&?Clr)HTEmvAcUxuA3Tj7%)1836rp8+^ zkqf3&%>bcsc+Wu6U7qxM;VUJnqaZ>Gi2W3#t@BUXZt9;}h)ZinK z`@l-KL50)}786tasc3|jim)cVG{f+Wa>$QEbuJHl1wrBDTpc&i#cjx>JJ(d}L{8)F zc%A$*)w2WyPBWDerqGlQu}c&9=6Wn=K!d)gVy+*7$9!W(MybwQI3lhK$Bn=ImcS*c zB&`~?G}826kGu<7G0;f<7!D!v#4Yxr(|DUjxs8T{F1<^!BcF;d0t~%!zy31IHOtf8 zR&cj%%#Z}V&jMy>hbPs#@x-mdGLM1=S7`LoTqaowU>Tq!jB-^ie zTf1}Bm7Q-W*kzgid2(PzgS4)lZpl!mG$nU z@q*UeH-0k<_TwLl?O5*LSxfBc&g^u#!-OQp0pEAnLt_&7|xzwFBvi;;Wf^-K_j zlzKCr;};M_5{(#+b!duPaUo4z$g2||h(*J7UPD0(dFc}FZsEu`(~6}4$OtCzK}OB6 z17wOq=~qQLX`3X77AZQh{4(H#VL}MtAzirEhl|JApmctu7|ddurlzAkcP@_ z)W!yiFqYC1%vt1aX$c6NXouI=Zlr#7^V{o? z9;ljPHjs}X#&3~k3?sgnBFMoFu=S-HRUk~~BD+-#QYib(Mz8q@>S?akq=y%fSI|ta*rYQ7{xyOHVYev5=W~euU{Qv4eBo`4qEPm>yut zcd(IqN9QHhFLOG?4GXiXAjIL44EZ2^zC+FNnelmL2&^2=cSz7K#A4I!X>$<(q7h3o zZ$Vekg7+t1p z?_HfaG}@ypE2~X>5IqL~b=z6sfgCu_t*bTd4#5h%MqdC`_r`78Hjllpa_I~By(3Zv)s09*c8HDaLmCz-=>28ei_0Mda`N5xD5{urxosUGip3Kav(md`= z`QE+1lwPi6(B7ot*4Krbe_RQW)j#kJ$j&vgy#AOT(2gjrm~Mqwdnu|6{azkADJnJl z7*N_Ml~4eUcl)1E`s$OeCI30JIpC z3;AW8)O1XbkPmeRJgb}FZ;>{#ls3-B?r`}y>VJ_3d-SKrzobdrrw^Thf*E zIZu3UASoSj_{N-XkH_l&#n?LqixwK1BSKEhU4)E4o$%2y}o~b8X&_K^tQs)PZe6m_0+HS;6y{Ewa`f4I^ z7)aNMA65&=0FHx@qdr*V$E)IFk0sPZ$;!)(kbjZ7p|bMwqBf#vCt9rg)QpdIw#SP! z2tAQ~FQB#SMerurSNKcaeR9c*$&2CCv7~}ZCHdLAf6)BJeCCLH+gL=EZP}a9Od>Hk zxc${TwfJHyicX~_K{Fj%l>Lw4kL&y6`r`4rof%9@DIU}0J8@Bd>rPg;hg3Jp8J|~D z82iJ{WhrY8zVKb9SMBVNuW0pI5`A165*~y%r@k&I+e=vLDC;2x(?U`+2JtnlRL z7Cl*(Xj|l5=&vtI8f;8>YFk&7=Oh!YI8Ff2)WdBBm4tr#r4rF+)|`Jkg+#n83Lybv zay7{LMUA}Y>ixO&;<+``Ty@d2ZS;&+ zBnq#Tr4tzqn}jMgW%3cW&^qxZC=|4-F=9UB6IxWfx@Mql;{n)d1izIeJb|n^ovgni z)t{kTrvOCba*+lFma%~;6EYg@t@Ft2?uCcAcfmV#=wHop3(@^ObZTcxUyphmshIqm zBDrN2UDD1jj`K@~&}6MqOzY7!iCbeGTh$2yV)}k@3 zQZ$T>Jb`Q^9^8T0U}Cg^V7+M3(PZMQ+l?=*efv0btpRc>(bg9ul(5!uZT3Q}341pF zHyynbE)}kj@a{+6NhdBrFq7w+ZXoP7ukP%LbyEW0Y?cbq(!0X-2UQi-pdr``$3n6G zcpn)@0#4>JA7p6ct@qIS&IY+&4yK*?FyVc}fY&?(t! zLR59FdDZPaE#=oxn;hfdOu$NPKMi$Ea9t-rU!;(H2QVCG+6p=??DbH~&$XOcg86LB z529fnh-?Jr!iue^6fAZWqzNGSU=eAfHN8N=Koes=uMpmNgG_rp?H_WrScTx;E>G9{ zEoqE2lBoTsNU?X{A?JN50iYB3>KczhhW3w563%P7S=yhEr#_%4$$_uF>O3f177Z1& zIEaj%b(xf@gvzaSy;7gI?UZz{rFd)Wg`7uNo_rpwCzawki;SrttC-8}X(5h52qeQ7 z7^Pe(iV=|$m^7P~_KzJ;mLCJ}Grlm$lYM;osXYP{00$s>7NZ;(kbMAdfD?jk`29Gz zKe4045k$3$J1qX0KB_cZnBSK2$a92c@rZ#=sanZ?YbmH@aswsNLQOLO6n&+-uX3Zm z{y)oNjF-e-&R z3G6EuHso3Sb0P#Zh{IquHjYdhwp%WDi53D-Y6%-O8iT&zix#-+VwLaHC5_1XCdeEp zp*g~R)&UX6_k>aNF(}J~@Y?c3anw8ZX`pjOLyd6+Og0ZPmDfA^Q}U}9&U-QVbIM!zu>rL=y(m>*bU(q!jU zvDm?7IhO?c45&s$CY~lZf`S%DLT$w6))T9AQ=OD#3}O7EP?CHFdB?PU_hP@YLmQY- z;Xi(2DvgIZcZ(;qaqiu6LB0om5S}6-ma1+r%YDRex8w|4wh{h97103Dc>5~jP(#D1;+OPzokajP zAdm~jP=Sr?L4ba9OONjXhb1uJ<3Ml6?>W@5;2*Pp4plfBc*vENGrYk6X)6zpP2uD5 zc{WF~9ClqvdY8-nvgGo09bFSPnHlB$#j+d%J8k{*YpnFuxp@T9vb!ez8z(|cq%uA$wJy)70aV2F@!iBE<+Ff|#RP95!tWTE6^w^TmHwxg1krqM%Rq{v5 zt;xf9M*^_(4QgmBs^@w-3aCfVZ zH1t;O1~dumdhHiR77DQ6-VdHs0C%4cMe?9--+yEA2iE%HkQ@?EGa%I8Oad)w@>b zOSi@xPab``kPmrdfi0y<+3VZO#iS(#4s@FA&OvMGNnbf8qiVBf>5b~goM#xhwDPpc z-8%s8ZW1$icEOGfgTG3L;xN{6buVE+FWrP?;*ry6!u?sk`bJHRb4W@}@nY$juPi~V zpUNHjA1v0Cdo?3;oHgWCZT2ifyX3Y0;dop2!@M06SLaf`vU%p^tCrJ1SZ~_4TY^zY zbz6Wj26MiEV9?{N(I7zo9H1)!sQ%;AJrvdB!>9oO(M`N9Qnn8%p>K;N18;Uw%R_j`V)*Bw?%qG#>Nb0+1XBl^HG0Az-Y;*g z>ofKB7Max_P9yI`cZcgD3Tz*recZP`MDBrl0&rh2!r#bTf)W4K*Qft~`hWjF5H1e3 z{~N-^$i(`;4Z{C(I&WBW(-E5u$>&sUk6|1*Op1+Gt45jQ#WQiDgwn*LwgI0!BECsc z7*)dKx_5Um4{XVPjF2R@QRSr!9Havt%SQm%C|hEJ{IW`kcT%smOG*&rSO|rvBI$_C zOxbl|Rl_8jLIxxvOTMaV7(*VzCS5eIC^8;Vx5M4wvb&+j{{HN$y-5J3evIggU!x7d zILHP2e?7)(8}!tn0GLUr^o5Z|;FO;EU4L;f`vH}W^9uw!$6&#f5!(AH(W9dvKq~AZ ztF#-6X#$Ai5efcir3(f{QPa<9c^Fm6%O_D787c3iw37fw1WPsKMSLJJUuj!RPIxI4 zNMQit@{5ulmy`1bGIiFeCYqu7ruE2)sA2wbM5E@QXjqs%t`aXX2@sE;EimLSWI;bf z3Dy_Q>neZ{$P-sUv)HLKM9z{Is0a0uSEzq2rlAqc88+W8j$pgu>VsJ0Z%of zyaJIpLJW$Z!ZpfbR_RFj=x=h01KLPF(ASxi$Dlf;#XV;@F47QC7_HkSe~8TTGx@cx z9j#Ysm-1@%V8^PXGi}$q2ykEh@$)&)cIyN4hQEt#RCDY=78}fc^876K;BGfIwyXBs zy7`edZbTWI%w4mglMx@e@yzD2HEE==IfL)^UCT{NRhzj{c}~xRB=Ww0a6hJkyWV6? zj}nB>R=bP0V&q$cC-)+`UETP5m1d~skXW&rQNw+J#T`pE|e5+36s+PU>kVW0R$k zYCBurDa#Tw&1&=EsgLDmLZ{L4kE)375~lQpW;2Wf6@)d-eznIMFCRM}ims|nw5ylRpNrQc37z6jEXf=M{M2rS zFASTu-(1!iPAk71*||)5&8G%VL(U$$r7zuo6=~Wf9InLO4a>Lhd%H}X5#vOam^4Ti zGe^aD8){SJAyr)AM_Jb0qKe1}^9_v<9aWd*7<@5dT24;gF5AtIBCOG(=#ukasn6Es zo9xNiOwh~m2rl`b?gqUko!g$qJ2o4x4&Eea3pLvhF)yzA^cfv4!6&X4(V-q?m)<{* zIx2{4p_rdMQRp_X+08UI8l`NtvDeo#y7dQ;Td1E(ToP4mj<}?y#ak>F)mXjlnm!1$ zbh=R^x4gU4OK+>=!`95cEWJ9@wrW!4e~%#!uFbz(Te5cPN*a$l7-?;Kr)FwN`KI{F zl>$TjH7QMB4M0etqf!o9$1r)s&BK3Adw-$@5r3mPx_jH-=bSx(=Oqz(;};=Pr-2nI zEEUdD*_?5IJJRIjOsQO;rfPS~?mO2@lPk1eq)DCJ7|CaIn9^z9!HFls2U?6NigJlP zz8+p&;cQDUg}~>9Ih@=H6ormh2*KgtgKQvH5qb#A2-^q+g@!`JVdw2zV9hrF->=S- zuHr_<&iS{aA8VDJUr!e=9;{z_y{uU@5vG&Dx6ymKL$%VDt}w<@b$|2be&#hX+@b?G zStiq|BxaFVTe{^Q_EtEqz=FD}Kg#BX0;m@#oq6f)=)u@HpeD6{xK{yX5OgpW`b%|D zeBDvzFR4Q<*DW}(ijJI}y9vzQ5t3X|62)4uWQF?Aj6VeK?g+Z(Md4c5%?)E;iQq2V{zZM=Q9y8shpLjC^*OXeC2Zh_sF}E7BIP9@H0|e5?r$1IYpy~Wysw0z79C@9 z3PJ=?kPuQxUkWjJT{|$GA&{CG*Cy9#tS;P;xV*2NublaJ+;%R7`4PKJFJiS^-_Fhv z+6+@Fv&#}i1PQ4mTJT5i?iVqKq&SSl{@H>Lnkm$q@J4R{mdHRQv;N4<6r@Nb(=US< zyniL97!wu{MkQ*-h=jPl$wOlEQV|`NW{!z16th(k`pJK- zQq8wx-p!M>F!;#pIYE;l5CYt4M0(9E3 zd7DATYa3|DBxqD?>|JhVscqk;kbnl^H3)+yR4l@RPPWN8L-A<1q(fm{jUr>KYi-hJ zTSRtwl;Wt)%r*<`BrPo?tZze_M2Il*2T%AcauwOG*pk+6Vk zE#X)zBvO}gtQDM$MP&pDPRC=i?My}cJ?7ckFuCGU5Oqx6r(SI-jIf8_=(2`;@sx9n z)}Rjs<~gjvkiK9uWBStGjuv9pH8{;h2jhpDM{v1c9Y%YuAKM$W?V!oPlI+}DBr0DGYmAs(sdJD9x|8Byl|;|wtB zA6z?1JFTe|fH0Ajq(~PxYQ>Z%d1NikdmNyqy_Y->xG9 zV4DXiw|&kD?=5!I4UKYo)>d#&xip#K^mR8XwNnYY0KMhUlk2@R)-=7<8xzGM!I^9} z&=#gzywEu`Sxy+x|oi9~mm&A4l9OCC2g(4cp%9^PRl)kAbGQ|}0 zis?Wh4#lG_09ylmdGZEi#iiZojG0c8F2JUpw3-0t3+MzM`VN?k6xEC^XnC)!l`BY7 z4*mKy(ZAdz3b~GjHV5t5%O~1({7`ZIM%p08iF|{e1qr(=7K~CCPXQPDB_a*heWVqd zyB7lm;)@5oyzVrHN0KMx3y$f7o~o= z(n01azGe?9%(L2H-=0nbl$+TqJ@(dUoU(o~zXuT8L;L7k(Mpr0P3p7;JiQ3BWMh1H zl!H!nS>#`_8|f$aM3xI5-g{DZex4%1H3(gP#tID$iGs|E9&1QX?PM=H2tnst<{L^mi^v`?x5%~j65#>=)v#&tSilWcMD zDLQmf!X#6C#agj{JA4*$7ENlyYioCPy4n2~&m8+eTRc6M+?$pe4xdTcgTTFnL-OO3 zSAD7v9%yNQ>sU3k){kE4Tj0R_*4m#hnA39x=D6+$5bB=#A@cZcocqU&?59}gf)Lh2 zf~i0c{TpNU0S(=?)%_vT(I>jg=D_#PI%ycU4)!~Ep$Qi7`;5W}+43>sDxm2X+=xAH zq6GslnKOpXZw2d>%`oQ0@DAU zt5+XtWFs($Xz@h(w7RTz=Y*BG;+Wc1_k799=BZA*fLEG^QX^nRdiNa_V>s0bei?>N z6PszbT)t2_4;|vjS|P^R7S_{SB8lMMY|`itdNoKWUglWY6j7H`Ceskke<6Vl01e^C z#Ue##m_HVQ2%%-<4j}LkAAyFbcy?@OGmh!_XPcrFy6++pl~aqxXF@gNQ_CoXgELCb zhM{jzevjcUL&S;V2KCs;&IT9IpK$N?YcCZU_( zRO{Kw6>g2&v0?aMiluYz(F#mHm%~vB*~_tUFB#d47^w1>n3Irl%Le$0cdaMa9#+)^ z@mKnMCQpnQsiPlERLCIe39#)LWwQrAosX{m7&Z;($`oV8^)MwCIh z3`y41f%1(&5G(qNmul>(ulRbTEVf-%6Sh`GXn-<+DML`c2+6u$(R!tUbDYc(>Ol7* zYpe(drOClv1ifuh@hQBhoSMXQ4{|eJ=*8j^FXF-|^rv!h)k!9-Dnpg;s(d&ct(l|y z&-N{#n5B`)iGD7c$hR^Zs{c@tpS!%bB@Ce-9M}&vkLl(^96wN|L;!zuQqr}@XubRD zf9^I1YF>M496Xg}9y|*Xj$Jle|3-hq0qBmTLY)i5lnYfLXr*b`i;d)V2Nm4UhvJjh z1gumM1~R#2urrSfeM)!?2}r2Y6(>nyd~g`BQxd7uaCMTMNS-gkO8Ezx3GMS?I z-zNpzw^Ah#&+gT%8#pRc^yWXzNh$Lk!C3K$m(bjj*(Mg``XsN!ea zmwnLKm^!rd$6b-(t;BxB00;5!pyF{3V>crp}@@!dOq z8NQQjCAMwq5YvG(dg3wl{v7ZKV!aNZ_i*bPxnh${{B5!uzka#p7M9%dsngGFXYY3;wgztmx25Nmo>PL)y7Edf1JmGcYZ6?dNvRUgDh-f5XOuX%qa zAF9R9WM}rI=@e18@p4+C8|h%$e&cmQ1TiDBm+b(H4ec<3fx91e*xLSk;}qnS%?mmH zcDIh*AP~%;tR41z*eb9xi^%A2kLunV$+D~4^ZRK*gY{R06}`rb#Ia@AMnKYynyr~bbcb5GA^JpfUTHqu-+^iu@mxp6rRWlG zPOi8Ic-$*k*WWIfUi|G;@ItzE0WnYBFG{$W0XTjCbHeN6Z?DK%xYk!0Bmgj5{2I#+ z2M_A!fQFfI*Une(Hnz)eGLEzSRr;ND3-d9?(|a3;>NTGC%R| zPl5FSnxna{EC<$}J7acFm7@!Vb?sM)*>h49L-OTcfK0>V>i@PlV5k2t+v%)~|6^Rn ze-;OuV~D>uy?@#B{6Vr-KKCBttpc2~k1jg3Yf{VbBaYuK=k(1HQ2+}g9USAR@h+ZH-sie3lDb5F@i?V|4u5y3g{PSkYEy60kp@UiW3Jab9; zWSX;$Hz%#NR2S3X3dh%#*Cje;BD*SD7t^zeU3Af&u0nNkOm`JOg<2*OC<|kdG$EP3 zZGH~NGvCMgFNTk0jtXozTM@r1VYelksF>OWAa@G6iiy#Et*0Ec-rdoL4M9v*ULfl?ipc}Nm zR~oh~G^bc1TRUNB?vpyY7f7eCpwuq#N0Sml7$?KDd770D?VVI396QfeOdF0kvwRL} zcXbV+etvZ9#a%-680gvlQKkJ$9)z+@j26(?77uL(Oi(l>m}wS`7LJryRgtEA^NyQ| zG3y8vc4e}wKsBV`*Q$b_;&Pgji#Q`?V4_SzY)jpN^>;G!)$HIjvfcgh!|rLuzi|zH z!mgRnygZWXqdW7%QSqiMG37}siG{`1VUYy%H367$y+?W;ES9D!M4k{H_TZ78bW$v`NE7+%s*TjcEc_ zFep#t4~=tKsH$%yoT{zGv`f3m>|`WWDH)R8HUKQQh3}}Yw)SqTQz);F38qK#oVluj zpuXyx!k$h4^a~gtyIr*BgGFUf^q}Z~9_#uFCagwP2=~gF#%J8$#n&{izQtsGXjHc! z;VUY4h%Yd(cUY8qK0N0uczxd!DT)E|CsWbzFoA?P9+Dy15QJF9q?&01f6=z?sf;y% z9M_*1&ZB(zaN>SYpFR4#=iS4PCQK_BqWaxUviNKijTA+z`soDDLRZB(x+)s7ND)<) zB|f@HPpz7=#~7a=&)niUGv66HF06{C~oM}I4{PHd3BHBpf?wo zU>>juBJ3HX2f%Wl6W0iwo5`8U$!cI)V5t?7R!aa3KKVqB!i@8y{!#9h$}F&am+*~_ zLRPzn(|;*Yaem+JH&S7!VJ#+~u`f~-g{7Wk()A4+%%iYj%_i2MnQKP9JSZH1i}($V zK9_~WOQ{@#+Z0b@CAQO%^*B%1bh>xSPSvkw>SH8RviyCcnRy;+4qIo(bZ@9bh{{~`~5j~@qv;wb`x{T?`r z9Np`>n)3Y=CX)JDVn@g*{U#uay~@nnu^HJ?E#qqZWqV^miRvsdjn;tDZ};c_gpxU@@yR|Z@O#65$H=VHc$>GBTi zpwHGY$bi{f^-<$7sAWqz*uWnjbmHmU)efR2t4NzohlQ~6^g++dVnX-WTmf4r1M{Gp z=6d$YuQ^c&1LJVpeWb6aTe@63oinQ}irm`P7Q{ad_uaw&SlgNB1>)uTH9PGEExr%? z=rXX2#?49_ZRi2!CIWG`w-W^p1f9s&2xlmUfc7<(GKD;lb#m$*KjZSaR)qAs{=>kr zfOm0u{w!WPIp7PxOuZ3LSA1=V7>m^x%}+*sY(rj$UoJeFtb1a^u!%JRC)`qU0^?2z zCg4)5FIA^Dk3)a_dBu(tYCI4Ql$kxREOROHFhjL|(8WOm*_xZY63!!6mj zCpC^tHM8JU1V2lK@4>-B4Heynj_%+A=BhKy0JaK1am+I3PJ*^nJ2YycceWQCf(H}r z!teqLPyp_;nb%ha|8RX;5khT5yt-A3YXV9iq|E{-SK6@r%mA%tj z$5l28=cIFu$%iH|1=y`=N+o+AMAvondEQ3Xu*Wv~aiQ<@GM+G)}Js?KOA90C~N z)(zH)fG{IR^`0F}AAESR~2Y>^vd@k)V_y7|B-Wd*e> z9&at@5rgHe*MuKf%ov6}@ki}oyqX*VKqzilr=NF>(D%9g*u}eo<6L&mAJn6MRbft? zj;qis3Su)O5fi%8`x<^nge-|rk1`+(S-X%E%gB^Nt`X3asFMk}l zWiP1zf-V{op9f43L{gapsfnL^8>0@D&9l`d^sXhz2mtfH7gs_^9wsC3)DW3Nq}Lhg zm4xMe@td3IHigZlyTYW=X%vgc0!`=G-i~suJo%(~z`%xZnFt|*-7Ca}TffD7z!@VU z#OMGyG8(nR-H}?nok zMnn(|SuS^$dqlIbj8^?%8%1Aq{#QNv-&&O%tp8)g{k5h|>}DI{PfxEPdmcMx7-syE z)km>Kf|QfMBI~v<`9fYCi6>1JO}pp#&d=wJy|_j~^FMgFP5_a*zKlZFzCAlrmIwK4 zyCe7M_b@&ko$e2Dabg`YO1@LOD{-s_4vFm1=#*TMQ#zO4RxC7PTZL|Uhb5X6;_%HS zDEyYUT9U}(%D=KoiH$Om*8n`mCg!lb7d_Bv%tj`3UZt>7@5{m28&fyuC-w5 zZQJ;Bnr_+YIu(_5i3r@A7?^{4at%$a1n%46^=MFkJWFry&y&$$e1Boj`+fU+sm2eI zQ))mKOWZDHo0o=}6X#_58;Q!wiky9jsIE4(Qd7{B)s}P15Iqcfz{ZUJ--n`J6`10b z8$N?kpl*FcciVDhSsHD;AKQiCr!6~Z$Q4;0if@czwoJcMD2{<6bgWrRr89yHYjF*YtP%TBwh>2Q*!_I8(VGgk#V0Q3u)gF)y>zMkWreb9 z%n6M7^w&PB>}7CE;$$o9l+x>lXRlkdbf#!f=Q>q zgl+dpx%Q=$Ml(<{N9a+m=eE7Y{%l6$Tm5`z`6Je|V;h4(9$8!hQ<&&DGrJ0;-ZUZI&x)d^OI@{!t9bAV&@<>|UwBA`7(D&T4DJ z+*Ge!E2f<92F+l`k`iFuNWW}y)F4RU(FdK*YOsbHOOZ(Qz|jKeFk=rJ-Tg5L&j^wL54n3NrO~hG46E&=N%JhAf!&?xP9P4!6YOZve4_M8D&M6MUJ%j34VX=?28Dr-_OK!^TFq>=n{6usq-G?Zu!m_fLhbLOGm+P3!ZXFYOhAGn|my6udW|B9k&67D-L>|Ipx@F22?WVdH3h$Gz!Hb9&!JabHaEw ze}oiciH1-o_`v-fyqx6g{(SOul;x#f6}DnrGFYJJ;avFr+JC4@+S}gr%W^})tvb0; z8d{snCY#6PzM=pUQ6e6ElqEtK?z{Ax4EO1RD{VRq3 z!w8sBk(TLZTk3V}XZ;ga*?#Gi0Hu8}IDXCLd%~eG)s|<;(=+tj2R&XAu7B-9wt{4T z>eRqNtes&?8rCj!fX&uiY(hOc@HYF0NOXM=C}Vxt=7ea3OJzE2q=e1VhwK}Mjks`< zXh{=`N^M(9(Y8tCy>!$%C7g322~bK$^Lxq6QG~y~V&fw_B3i%`u3?XkNp(~aamoba$DW=Yo<>(% zKeDtALup`IxsLq)L%;lV8_mEf@+8 zUzDlc;xu;x2Q!2pY3X07Nx{NV35kfz0@}$#@OgHdiCzQN*dS;ONsumNf<%pvQj*Ux z3dBWL@OT*_b;^wI3+sdcVSPF#z&^&i)0*Pwm`|WwFf$jh#mS0W<14f5F^zD<%^ZNK z9ldXAI#NEM8@FbO)+yH&r1&Cyk7Xi|!DstY$cr#I3M81K@>--Hm7K-?~Bt?!mr0i+M6 z0mRq502GmJ_5IGaU)iQH&S4g^+|l&^C3$n=L#}ET`kW8aV-4zyX#joU^FZNl5#htx zgLfwZ6}0StMQ_U6-T*6aE_)T9fp@>-Du1wd=(L^0xQiNF7D?numH&zd-%-+8vOvgh?ex3~hkjz)4#EPNyX^}g&FkpN-sd6j zqtVFx{!6v{Yc=V-10}JJgTPz`=c%kT!xu2TyjZpZpL(!xvXt`kba=j<&3>KUK7$-? z?d4|efBT$~-DFlQ&3Uaa;0EGDorLWcNh@SuJ`X6Lc zw6~r9$$Y<8z5Z53CPYE+`#*9r+1eSC+b*6i_?&KRxEVpzD@f%D%HBV>oqd0E3vf1_ zZ9Qp5nb6t*&?bis>py{sXWJdPPX~u{YiM=-2HTP2$IN=1njL^nK#2aGV=|+1@pa^@ z$#7orpqVVvtl3E5yjxS|yy%l+rlM1`vJib)HCBH!$RM>$Mg3dmN?C)#D?dQKU#VBq z)9vo(a(@dAHRuI5ybl7|)hF?S&i8%5K{40s!aYzp*UnV^5_2c?w#DJs`F0s>Ch{t+ z<8i3JKMLQc^p9Z$otR{6%twS53?GXqN6*ty66v2v4uLDl5g%YLd2FperzDz~b z&zML50C6H;^@23ZuoMuKOMwy3GnYr=De;Gr#}bLVhJqwMsjTAFLuW^8Bxj#Mo@mgW zA8;h^wXW0+4h)@9-$LCc!jb;WJRwbtXoZzGNh8NN)V*~oDm(pD8UPju=|Q#JO{3e# z9?Dy=u;uysw5tx7?__$KyT1Oe*8WF1C+QXZuo&-?awfw8(h@QROk)>+$sB=6u!@rO z`&5n&A)zB<*{?G;Q3IyJM!L5nK=h~RV?kMiP91%Pq2iOXXXJqmzt`*6bOlJ+h0zW$ zb=7f&v7z?S8_nu4|Lg!C{r7G64F8+%Lu_JTn2+|y;XXFfPy1l>cm6Ft^x!hndZk6G0GPOHyA%XK43rN5pf<0&G(^c^NDoZE7gAc zumYbwy;JZKbuIIpZYBFLR`bEacQfr_(aZz3HHy*lb%aO9j?;XQ%kqdl&3*n3rL{)I zAgz>Pk*}v)_!9BXwLVARQ!YDlw29mw!5NFN2l_=o8z@iX73=9anzc7Jy zOKiRUZo~r=HuJ`u{awZ<%v(%Lm8BMrTOJB2&#O5cMjpZ;c$KAlx90kV<~6*?I&86p zk%`5|EFL=7WVuR~L0z;JwZ$snWBs(_;wwBA;kIQ&;WPFuXATA}Id?uno;>`CzOx`8 z6SDY^AUKMmBGJI!72xn;ci6e}fxBJq#QqTe%IDxM3-6g7wNzFk&I2{#SwayV!3mNh z9p=XYeyUK;fBwZil@L-l%msIb{$sgQ*bojLnsgj586I^lhksC*HbO|ccy@>LxVq{wE%Qp)huE;z&2QX724o_HN+_-MlS-i_;#VnaY1-HH7h66+ z?k)0>%cQT=5gfA66@ z{1^dJTfBX+*R(;v3>2H^WA7c*_{>eMCSCGA5GP8o-fB$3gLLB4%BxB1IhOPMRLApx zKTL@uqCRrQ$o_^BNC5l{W_-^^dBTU|Bki|RGU$R$**?yZTU{|4B{9Flg3YhU92mcz zDXcMxu8*RP(8|>*5<5dT#SURTr9vX5?=`+g>}DQ6Yy2t!^9^}UhP|p~@2J>+({Hm< z#be+%3Dx(Ed!n3_Xp|>()EQr5l@0Hxp?J$F-Zq8rXwgQmPHqCuxbswjr%Klel=>#s z4}gj6nB`I>v(_r3E74Nh;>-Ym-Es%&k_9h6Wou}Gdo!kw*+0vS!x;Z@Vsf^ltU4{M zMqZW6@j>Q%TBTUAnJ|oPc3JdLRKUxTNecl*+JNJ!6?2GWdd_WZJLH~)WXuM2kyr!l z-XZiEJ98LpUhWxth6CjJ1$6y04H%o!*bB-WQmprH2%zA3iG$mw@NvCyloM=j zT*inp*F;*NhK#!f54KsYT%nMKlUp3jXzPF&h6bF0Ira}G6gN8_KZB1m@m|5HapCE& zCla8sN1Fwk6N~Ua#K_3A>v{gb`|hPrWaAEIAg4FHPAcvjUPpENxhIZ(o?M-(V(VL~ zr7b~WrE_JdpZ>*a0mj!~^^b8lpdQuPW=v7+eBYZ`2Rz)8Ms(utc=LsJMf0KSDdtqN~65Z#%F1Uv`#RXI;?Kbks*#Q`W zBVUH%I4WFH6=x}ka>fgxPnBVhroN!lP5|Qd$!5E@C}XNP}B*dfF|q3 zWVY4}3C?{U1e~7MhE2|+^E}F)JsqwO3v#}jcz)iRYQr2Voyf4k9(KvhfC>e>fVVW@ ztj+ub#~5s{CHm8tvVx<p6uzkyUI$Z{3_lM(jYAP!#Kt-l1W7OEyq?q7U}X8NgRC zmeYnX(1BMLvbZ7ECr32dhPuk2i2ZxDo=-{VFGeee(R^+$@6CfEA^9_gLB8L^u(dS5 z9w|sMo;4ruWnQ-5#cKb*(q4$Pk=?8jlGIdWCx#%f5^ZEbj!*TudUB&7adhmpsY6*! zqqlCFsdOKnx`Br*`CR5Jc#UrXY8Eu;$z9!M8{8lWtXVLSCJY^n?o}P>QMT1}AQa&h zXmWr=!AJlwY(V1N2X0vdgd}^ka%lAKJPp~mEWgCqQQvJJ>kEgJGRwXT5PZtY9$pz< zA-ulW%Svg98TO}!5$s=agTS9lwxHv*9i!`f<>U#Q=zDb)m#tPh!@uy61dIn_*3P}B z)EnO9S1mSfg%#b#899QJhdjbi17BjlQNu@ccK%ICnr=szuv@R`UhUEFR5XcjC>eT- z>eW7o?f8!sti65po6o*MhoZj_qv}h)0KwQA_y0xAGSmOJ3h*pbi&BiadANObBaH{g z4x&EUB&+|G&dp+#NhMu|$y-z|7893M3{tWUT*IJj@h!lB$`)DV0xYHyL ztwZOsw^l0KHA9yjnjLvk&(624 zt*8C%`)?pj&uBNf|21*s*Vtr5Bz*6OF5DA7cWyZG%gt2PM4|!A?84{$fgXBK@-Ex% zMl2rePA_QA8$3C4S}~3*9P){iw=i`S$xVziCS;0m{pg<*e@D&h?SY(8Z#c!MT+zyW zzB$UAxm0R-NQx(=PSswUO;f9+eJ0wyx`|QbOd3*@waL#qB!eQf_=KjB>v3XPN582J z#NjF(?HDw`{MoIY07tI!xRqG)Iy|^Su+V*pDSntegCObF-6b* zz!Lm%p%BCWi?MeK5-nJ}Y|FN7+qP}HcG!4Mj+TAfK!kRZD~T!>Qq7FI#rl$`_kIe(ABRTDOQaX;ryJ>OdRNiP z>d0%h4p+}fE#0#Yd1<0}D|$guIsiD1GcMgUF7mCKHvD=5B(-6-hHu<7wzBokqsYw3-zL-%FtYw#aYjyd`!u)4z-NeKgkh6v!;{ZwbwByOuK5yE4y#bt+E{`a>ofb zCJ0-gOw4xES0eGmDP0;;&8OK>i9#8J;I}Sq0)&Bq5V#^T;m3S2eK;uKtHiMqc0VN0 zSao`dO#l-l2r!P$Jg+U=2QG0hdHMBnjj%B=n>Wo6AWQqe=qSMuL};Bl`(8_C^NCtE zFagpg*_L_T-s(0Mk5Tl-N^z7@aCHC%9F5XOA6Tqn6XSGO z`9y09pG=a9k0f!vCFGL;klW-vT#?|hBYlPOuQ!^mr-Dz&M1fyCU6q`n;Irl^Bn}5p zi?Sh#5r{ao<%&Kr9O1D+>;NXOwrUqV(^A>;Ifb0Q42sTZVFWaW1X?n{(m9>j3?ESQKAz$yb-?>pvx zX8{#44B=}Q5U`kv2dIKUsmLi)*3ci>FpwbL+a^k;nJOnDSwI*wyUSe#WArRYG2O{n8`2~OUjpqF$o4(`4==%E$RA*k?o&PRg4JnK>Q>52nZiY1G9DJw zyb_cQzcBw2TCui?Jx2)rHeNcw2s+qI9UvkdxPo^P7C6c*rFv~Q^~WqpBBj!0AJml| zu@;kN>FE1{WzC(o4l1Rn(M*XUND<;Y737@qRcr|bn9Vf{Of-s;KD(Ku?{J0R`ryRd z)!$!8o6ow9*zF%L9S=1$UHQEiyT{iN!|_Pw@GF=Ai(tmezWLq^6Azs_MKb0K`m{!q zF%(d{`8gFhQx*yufbVr&!(*yJP%+EhMv~nF`Q&NESl17cx91NfBb!*C*sUIA0qb2d z_++6Ki)-Qfq;w4kq=Y{S^zwm>$;6QZjewd29MHu)Kunlzr?l-+)`?h25@*ix!CR@h zl=F=%EVll)H>SLLLVG4={4YyYqH4q}f@#As`Jky_|YCq*J7CkqJpfnod`opS_+?-=<{cX><#^Ifp2zc0gj<~QIbgg_9jz!=+3{H2MD1pqLpG6J201lgXss9UBu8dR5_ld?qI`y*);+t$XQ&_^q<&fC#ceSba z^+Cl@1gmiyW!yECDLgS^l-0-ROU`-$56u8bA z0G#Y=>hcsd3Uu89d%GH148z;Uv9o^*mjsG@OSL0cP~!XZd?qn#CJ} zk*spuH)5@7!y7M`ZnYBGL3Mi%t^#}R&&Yq0?VJ~P9FTy3hgQ(nR+9-Xys+>yqu|<5 z#ijX}X{EK=@v^7XWQsLtmrZJX`gG{k1UGBCV#s(KqB69elLm-gHs}hFv7B!+pX8WUXu>sRaL2;G8BKC26-Caz zdSh|~Hi|hSHY3Dw<+5|P3XyuNA-Jgx4F=k_MM$M zDF6)gsy@<|0RG7@%*)d0WlkR*|_~JxV%=#2vJ@|Ln;`)Y+5W< z2}!UsJFwwjYAzjSdg+;?;{2^xX@UOmwBLdj3g8|}+P=INl|#s+IJU?vFoPtC{eGdg z+9*JX!Rd#9iQ?X9vhplir3~B%mqD^IMH#O0$jlc5*5va3q#(2zbN&|jQx4#b8=ljO zbA#gaM+BoTI3O!jW411S4AD44XC&B}HP4UyA#ex^rv#OyURUcm6tD;wh%t~y^S}6f zf?f}=hsa!-p?UUu1G>xMs}e5g1F->jWG zJel12#|f0G+3CT4BH$f9H6I6pT#AFl#}Pl8nPBiONtx^T1a2PUz55@p>x`58-i#Bi zZPUKf7^T4k9O46J$VQCV2MAn*@DLLL%U&==Z+OgB60D|Ty@lg(G!x*|7*Qr=ctcaO zSfr)vDYa)|BVy21)aeN+bkqW#bXx7mybT!UV^6`saY+Mz5o|W0O_Sx-IM5R7s6C3T zZ8kAcuVBM+1Sia-1h7{eq`tg_#_MsMW*q$CAUfwt9R&ljxivV$#2Hd!zzfXtr&P?| zo!S|X3H7SrWDhFpA*}N$Oh2OeX>Pe)dtHXYP53-!=Hc3EX(Fvdq>(QcS(@omQTJ}k zj{%OyLZ0@uXHNVYPLPjI#U;gD@R*Vb%pwKLX1C%i`-juk6ehiH26Hpi2d~aXs{(wx zL3BKV?9*bct89Z=GWtDJGb4A8xNGL!VVb|AB+-}k9200b3b%mc5P#)(WpPBAqb<1i zt}8LeOkUMQ5g~w;h_ii}l*ztP5S9D-9;te#+?KR(PcxcI&E;F-`zmHwo$eJ$qND4- zv_)GJ=|%Qw9z0kG`OZHD+!)Vox6W&0+_!xt1${QVq?(B)}9x z4NpreHD1pgtp^kjBxAfcBd4b13wrU=5nnjjg5*b!Xgdt-1SETRpC4#L=@k~O3tgyw z`(>0I2(6t`gmDkYpTo98!lyuDy4#lY;_apELeSuu{|K+_jiiHh%2khZZW=M@wGO|f z@lwcr(@)IsSlP``J}hSbCc)ShBmP2Ru1}R}Fxij4hK)_P0O7y}RF5*(1>?vdB^imYX&C6_f#_{re3kiKlHv`3u>p*04he z0}%7F5fH1;3;OreUuP;xU1De+r&D~>5JnEr${_U>b0la|g)pZ=NhLB5y)+vD9uvTc z-`!7LH^KWldySb+@rfkR_8OE$qpcnMpIjoU1+y27jQE3sHll`XiVr zSa%9;sN zDv)M`M+MJeQ-9|M2vSMQEy+foW)~R3`vnv{D@?ZT?fv-SBa7b;H8g8;7CFcIIxb7W z#5eUgi)G@I0-pUPY})H)qdJy%@k(a(c|$wLbbCu}csrjis{y~`%H|SPc%7~5`AGwB z%8bX?ic0x0lzd`!0=|`h%g^cI=xe&y7G)Q~dWme=UiYw6uw#9d{l*W94cylRzdz z>j=0Y_z1t(^x>Ng4(P^Z5q>DAf+`FASZE%{z0NKRKZwB-qtoK*gT3~LFiO=TGho!E zp8r<~hRy+q8bI7?;8aQ6#%qdoEkE|aBQg(4!<7!M_huK=dg9pwz?RdAhM*9zis~|( z*RZaB(0{uv9{+G_ga8ipO@Uy8A+l}sOG5&!44L!d!O%PXXM^HCd*NaVuzBZB_x^px zQ2i^cqEOt{RlW1{I^5Ya_Uu1|DiJlKnHVED1c6TDWJDm}@8eF+S%;^6*vs%ZyC4wG zFGl=~X$U@Q2kQ~F9nBcL;&>E>WuJ%r+w1!h+k1x$@&Xi|2!wt5y1{Z&2HKx11jd|B@gXi|T=K(YF z-9uCZoEgO=BrrzkM!l=3?jA_t@Tw(0T9A7NOrx&^c#%}`)E7Wkja7%Y*@*NYXK(QN ziYl@~E)* z4`DD3TCZ(qkbkaRS=N1V3j7pRlL}694F9~d>T2^!su1k6&J*omu$n(C5M!8wyk#76 zn84Z}$Y9XUEXjrZR{$N#7YQV0>)qiF^GI+gdsc1{pEJ{@SApc@8PipACpBiDv-cK@ z%Y>1zD$sw+Kpe?U0RFPvI>;a80=^BQ1vgWxC2$DpL;!%<>*i6%0gtFJG&v)NKrK9f z3PS{eExET!0-x61vj#Cj^IpWhLG={bPD!1e_ef9SE=UcCdiq8{P(Ky7{yrI&@1sl6 z=8sSnQ8=kyn&b$<(!n|kEwZ(yo%h;_8<1*(Glcnpud=}PfTYIBqNtsr&*4!?^rb(l zr%Cp4xo8~eK~(e6DNDS@(hrXhzU1fX@QtkkU8VfRM9P?sYl5} zw?h3Xjzz*2!0*((1cr{KPr%HFDt<;jhR*l{HBN27uQ8QwTX*eQREJ2G2bv~=3zIwF z1_GE`A4O`+5Rb7=4SyV7MKfag+77ILl2K6c)(BbvNl+pDp=t*f$(&3iA|Qf7HyzNJ zEx&8BTe>$i@uJ!;EW%3s@8{P>@5Dddz!}pX!!+$nJ8Ra9CbTWhi3vAXKYza##SYa) zzujfD*4cWB?`J?kVuqyb=t}ih!W0U#JNNVx`jj%I zha^c_ZmPnp??~;rf2)ln4rOw@ElZJ!R_RJ&@V$AC-cC$cmkewZEg3A?xKrya;EQX^ zYH*xE*QwnZg|1LlhZtcg$oTRjlj`~hR0kCHrXY5&&6`dmep%qYc*B({*9AS^!)>4 z#-z+5CXefnm<%AVQ8UKIn=G7pv|&YZt07@OCCrs8hV3vc>fZOiCXP;~Zh>$b&Xj>u ze{~N|Y}<3Q{tkh&1<_%YQ%nTMMmH`PCRak)Bg$tBJI|H(d;$}6+wmD+9M9iF_wE&= zt)m0U>vS++@bDUtYI6?x6At59(P8Zg#sbXLO^fqSe2ib<)vOXq8J0hc3d}x6Bc_r? zt_egeDK(F{Zatrbfl^*grCoLh?X$*Z4B0T-z%W)q(%yV8rj1ztQDY1@!St5(s^Z7uQQR zDoU4>wI2@$l0Y?ZF@gAHWl=ZbI_xWV=96W*nm=imdNl#Ph?@S(0OyS=N{3$}B%4^M znn#;4a@gt0Y_i{#ydH|pH+^ODUV-ngC){m&;qP|J4L!UJzOAbys$4zOhHJ&{_!Q%C}6iiIlr$ZISh*pm|62iz|6^szW%S!u5kQ+|G zPYApzo7t_B#@i{5VdfzVfWkV_zUoAMJIZu695jBBaF@n;4_47STj8`{ z4HS#Gq|u^bIVGi5b~W8{vaEh@k8dAb88eMkElk4v(gSa*te-nw6*IL(ZYNHll<%8A z-e$76Z-!;u?_RmGH@g@q!X-T%>=35tL>-cy3ZYF|ex`Q8%yo3u1rwK>cSgz)@E{-- ziUKV0iv*4t%O;n#=1C7KCbMZb*vxD8!RYTeylC0|Hq=muI+2PTYvWt|U|aw>INSqA+S@Q*{-G`= z(k@j|iK5SzXluzf!{Kes&C#Z!n!Dog$@VkiybAjxtb&--V4rj- zL31*?k4(>^9Cd)&;dU6PR*^8e+{V%!KGDOpv9L8H>AGnKWT2}qOeN+KW+kXe0lE-JdWL) zvh9V@xF)a0NA=Si1E2A6j_)}f`7RW-#X%5tm`~mhYsshTW^~{=Ol$D%ad6$`AaT87 z@bQoqjOY#sAw3!yt+(^7p?Gxn(Y7Gw;eifZBx8%NEd0-Ii>Z zb;+ekR+kMwFJUj}#K>h=VHE8Bq3-VPftePQSt5NLsh6DW@b2tE3X^-}#I!U+~ zHkZh}-H4iW)2d~^Ntk`Wr-!pii~fa9UFxK{6EXW|@v2JKDziRn6DDTYXx7Uxb?BmT z^Ty>yvdY%b9?1%F4Kn(rL#yn$4|`A~5Y7w}hOV&)H*MCG%>&WMcM?rs@Cgf0*N#Ko zJdx!L6Rz3vY*sw!^nu`nrV6HsmM3<406fPZpPt~P)D`rgSbPAf)NQ264|0gOLFl(IO5~tZeE4E)N;CIfdf-eXA1O*i~lHH{g7Yq|#_eK@jC{T6ZK@ z2U@pRxSj*ZJZ;P27`eVksc&~5?Fvu3culf-kuy}udh>OZ=a8~AKG#9rY%OJjB{7F2 zZO86Xxu`eVkBYy*?7UZk)hk&MDbuRcUhSWc?erIe zc3>@W&cEK}kNSnhRa;y0wQ`fKT=vUG#J`ra+&p^0j${q6sOxC6qenfh@U)#+~k_ye{gj^ zI)e#hLN{V6Fq}>ie$JUFJj3wxwpwsk!RabQhjGT>&seN1ery|k`pipLigb)SHB}cn zUkwLL3R!@TK!79wS8fPf?h{nlohTfxPN~PRxnf(y?$g}nN5X24Sl$*1)4VM_{qqE4 zx-r1p(*qQ;tvp>XohAj~iLx}ku0XjCUppsTBXQ9xMkFnvP>KV22`rsl z!F^XMRHMcM!{acw)d7DLr_>9wYHe!-Rb!D--&2AK93+hXEpWI7Q^aPSAJoT&9_D9p z`T{Sx;(P_Cb!J{?;y?qdpCkZ*Qh*x5;lcXT3DJ%%ynG#j0rQVCr7;wEkFWeWoTKAB zXjj0T144@MNz;j-*+I8I`}*(mh9EQzsFN?hz4Qq&2~e5f#uhfZ=t+*K>wJ_&BnFHD z_@ht|8ZK_2uQSA6IGy$u`9U7vrsf&g7N>=Jiz)z9MP&}T#D^t`4ZlX9F4q>ntl?Y( zedwsj&h(GF??Y+S%SjL^-r%Z)0iFQRk*+14!{@>Bv@*$dmfzj;$%$>2zYbjhis3mXi!gxv1@k0Uu4Xe^e`RACGRO=EgXrFop=@nCU5Ko z85{um`;IO@TjKz(Eb;IEp`A_pa6kWS%0Qn$)>g*pGhGG9c)d{4PjygaQ#(-F>N7lQ z^EH9u<3IRHg_hp`(za*&;!=kcs&3o{+2Nkg*Wdp&J~h+zf@a}--Bzim@g=X>Myv9l z?nVzn5*T}@E6A1KzKGftfrEdqB>J+qpG))xY<#WdmQAGfD_`zgS8bT+;48^qzwjnR&%^3vTJ1P>^l;iE3GHXj>|viVeSN`WO<6x2Q>1Ne_4SRXb7+cLQy zm?a)|7W%J{(XCQaoSx-9Mc|l;>!~Gg7zerO%lovOFg&q$BFm{l*SavpIGlOp3xw97 zRU$e=X;B!T4&|T0W{8Q3Rf_k@)lfKHuEQcd<1dmLghsQ7R%JCXwe(}Kf=x5$^HEE0 zPQE+K?4Ssd1M~xByJKEYuIEiO~TZH zO?nB4wq*>yV6`l|Ps1KhpgK<&r6^OsBxhZ+cF<1LW-ToLY(|lw8SKE56_a{ar<8sX zvU0+}^);G2S;QKjODhutkEoG3sjFp~f2gV{mI4-GP{G^TEAkE2SWc@Eg^1YhM%Ean zG9o)NumpZRx1LBJ1>hVjK7TV|baVY{Ze_;o?NXPT0}Lz=8MD4j0`T4`X)`N^)u4dg zL+^MwY2NX*>=3`?fgvHTF(1q8Ak5p=O~w~s8Y){A4)Nr%s?u4hnJ4LFavLOJE*Y<& zbBmF4Z61vsW+w~At%9D`D~c?oObEDaRw-dFV0XAv-O(!B17ldnSp?H*NLA+12Xojo8-*ikxRs;dtgb}C(fqZ=M z7=xgTVz2~;pk&}RWG*?g3!SPhN#zp4GNfIH=`$HbMcCfXT2q*@NicH;gk8=3bEaQU zaG$`4bG%D?RRADvl=jxGu8vhAF739=8pXDv#h~sQ69T%MLu{jg3q$LuHT?Thcg~Z( zr)Plet7hbriLJxVQX8qG7$p{o-5O$FEciMP!_+;q!U4p_R;pPj(+{}`9@oud2oYa? zwr)D^v&r^M#^o5>-fDf#mVAU5{@2y}oDpo7*P?`W&IjIw1E3ciEdu`$@d_zvpc>3A zb$kWjoHlZ)?_i@}5Pwx(F&u|A8SMivy7wXg4Q4YFAsHKuSlfc?d-u18C=jc=^@Efb zb`Q^$+*=y*H{9~)sxjVGGg`K!`lT2+G^-0f2j9S25d8WT;W=5TKd6cpXy?!#kI-1n z>8kx3_~c}CVblrN=vcZ*H4-yC8Ev|(MPqh6_vr?*!gCk(2;u#*Q^=8m&0lfdvBNDp z*kq?dH1qIz=+tX0cbBmNoE!>Ds!(hnb8mLF;(DOxYYEWrWuBe5G7yb({9}#tQ&Oxp zYD(+RlZ@*Q3MbZ*jS)XV8*Xu_Pi(E1!avF5QG5WY{Dhgf&u_bXE55zKyK!5r!G$TK z{>y2y^=U@A%-xb+;q1SlM7g?0s6M-^s0?$`pfZ2WcAxkGqQ$iS!+GL=>{S1sv+DoP zmB7XXMgMA(!f>rJs>#C6fHGvZ^OFr$q*@stct3 zI+MVSyQLGQ>Z7WzQUvs19!q0wrfx$Yo|a=ekXGxif9k2WvwO=9D?opd0RR@q+!6@# znprVx>7VY9P7HwKQqKCn?)ZkRHM=i#!IwZ6F=W>}DlH&`>X5$pv zL9CEIH87AAP_1Fj@-Mq(&8SOymab5zD#kXP_RPLh#|~d?G>vu`s5Q_kn5$x9^ z3Dl^NaaecY-IIT5>T}u$2W_hi3qtB=-O|paB+rm$6#2JX8u3V8HwETTh~fFm9QgKw zfvox{-_MBR8l>-u1%(5I0~H)Jf~~bR$rsz1)Xgucfz;J^)f$Od%6@7(DO2P~pXf<} zhz4uREZj24ctar_nSd2)pU2-kbW(oA-i5C6s%loA5I%&kKA`|%)+)$6;+-trPK?8VR_c%qgtEHsPzr{;`2 z+By2|g~aSUgJT7Kyg^UhUR^q37-Gv|RghfBpIO=hdT`Pq&8K|JL*M;r8NovT}_+{0*cqM$5-vxsSMe z{)?&xG3*u#zBhC$iSL4b^R{$(G6g%goc8+GVH*kg)PaN!nJWIfZ)UX}52hGBF`WtuxcA{`l` zyO5!xHo#o2XU~y5KF-dz{`K^TF1-{3tI;8DsQ2gKuYo914mfT5L!6meZLc-NY;Ylq z{c7kQi)$P9!^@jN5;dC#3A5qRhMqh9jw4J`@rd0)0#=Jh(bAwtQFN7}*b0S(_32t& zeS#g<(@NWvB;%MRUWR^QoCJu(dyhbwF*5%Cb(>o4!&_a^DKmfu;!b=-er^|Im({(h zv%bb;^t?)=*-S{?!<-P=xS8HUz4FJo`MX%GAPhJtl&JM!oDt~VATo^cVgVn~xWvc+ z%S87fCA^Y=RA3LIN#7{t0~7fXAs|>dQ@Dow6SFCxITgImy(mkozwfQf_o2qL^s4-E zIdXn;Ld9W1zrUUjnLgTss0J1#5dZ~nY8A@2)T zq zM4g*0C(n#~Gi2xR@bY$O)*&XHJ&D0cH3Ov&2e$>y$9tr8YK06O{^bMGYuBtTh^TKe zBdaprfkbu!zFQRk$ZchF ztqtx!gQ2(~!9Ouv_qoC!fL+Q8kA}v?@UTs+l^GqF{zP)u{?FKqOQzG8(nYHAU+it%LH4T!jQRsCx3ZQ@QM@P{R{+M# z^9z!5uc4_O%6d}wb8`|npX^j-yT5`5HV|$CQK?fIS)~kHFL3p%jJd3#}+SsnI$r*%?EwNSnw4#*PeR;i7sy#<>_b8SLgnKHG1Z8 z-L#^pCUUk3G=v=kGzl~mTFSt2e70Br#HD#z0CuF8P4>z>Pu)yX>>n@NHCC~=_&;kK zSz@mQTz*@a{+>ug`Ly)9itob6Rsj1VujgZ79OPQr>ilDN<=zNc`w{f|4Na2(f)XTX%}Mn-I!J>&^U7>3SLTH zY%2iUt~e%YFK8?>w0!zA-AuL<5JZ_C;Z}TdzMOl<$c;<7Aj_3#Vk?tDW+vcbGK~A| zSUBDAS16=~g!a2y?$#6NSU*mcO;%7d&P>0Bu?{Y#y7^@!l;X8%qox}OCCd8AgxE$9|H=NW+DrNb% z%b5kS0DJky!i06mW8H%iS;(+%o*I~%KXm{|BjEO7w=4}4 zdvw3}WI+PD?Q*q*guWlnkN8St6`@Gb$g*jz1dR`hgIKaacXPivR^Z%3Esgp#yx<0nH7A3xVFylwhbyVQ&2Vn45^ zy~~fme4|vVUWFq~U})RufMOAKeaT+957NHBHF9)cmOkE&EtlrRMjq5`_f!YTEQNDH28Z1uO_sSa!{K+aL63(g%JYpQFo@Zc+MbJL{xWC|uD%I>6Io zB->1LM5>XgRcMoaul)2tXT8I$>h$W$lElbS8e#A$&P~;^F%ZpnM8%?~AgtdT?6o!e zKTlf^qC{WIPaEt664|e{HGb|Mg9DTE9%)*ZlO_@OBvU6|$(`o^BV(`Qi~clHUrW7v zDEaPO+PkWses3tZz@Sv^clro5HC0`vX}Y@!&$f9s(RGD3`NUgcyR!ClqqukchzQr6 ze=+fy^y;u-ddG=$1zbAfn@rfKse;aIo#|*mR@+emL0Ter#u@lwi0DH5Jc@q3W<5oX zc3TLSGeRU~G~ce+Z*{c+$@Y-eSwAz?f&nH>TB03?3#$Mz=>xLEJXaZVIHXNMDmM&k z5LZKD9fH+K)DCeK;dHh4wtVgk#G0Xj%>boPZMSVi`?v7Z6dwHpGtPJh9qJTcc+?k+O$uMRcbD1C=I)%KGtpFQOV!?D@DySd2k}U5`$cGR{q0ZiDSivovSMcpJPU$ z3Z+JM%6&`ECPHyBnn5QQ%;Z_ON%m74x){2)5LqjTn8&-oKDM}%ABuIJt%Jj*IjQ`d zCvD%q0V?uwhQV7qe(HqBWO0iBFH~az2ZBMbN6);8j4}NkRO!C!bd6m>B!2llBakMK zm{pZi12NVZ$uH>%6GS|qdub=xCgBBj;?n{V`zHahkmQgS8P-#uW?qxci@2eygWWn> z;SPZ<9;>QKbD5RIOt~>SRSs(atpZ`RIzJxZ#9OSop_EX;V}}j3k*99-Mp_|9l~k!U zDjo+9{W1%d1iw-p2fNV}G%P_OonjQq)e|+zNGgBVKd(cg@Vt*oEy<~1`H-blcx-WyS{L{ zwwlNNiY3!zx=g2Nk>-J|UQde`MMkNJm7gLVp^xU{3)lo2Zx_@jyMORy1L*D&j~_+5 z7e{~;09Rt!R2S_N9c>9p#ZFKnMVyF^O?*NS_+WWCEL=W-NcY7ICK{v6mujPYQ++^i zS9mn;WqMJO#~kQf$ebxaVo7oQTlgLMJOIt?-`{|iib#Qw8`htb^8@Uk6doQplwDq$ ztl=<5*wB!Pmv|-$YrtBJS2R9E&=&c8&ZwNAA^|8o1^@$t=$n!QDibL=3xWg6^A47b zXC@wIgaJI?sv!ZHO435R1YopnwjobxdM05H9u`x0?&!}uWxfy0B`oC)|7sCc)mZbN zBxnu`|1emeio4oOfKpA5Q~*Q2`+Eo!M=KO)84Ge`A_~Ni#^oDLqzwK`?jLZ1a$dTT zLW|q`%fnAHcTE6XKbIX84>iAYHysM0tBeZQX@LJgf91Po^5igU(KDr~uLy)-P(o*= zal3@0)H1vQCNj~XyT_%*^on-@J2jTI5(x~_(q;%cm_{Q2tvjStWJ{6La4Jc43=7p*EAnTcYCS6Etntr~a17 zpw|IB*_kppJ-|WF?rt*qrUZohXz^T=D7h5|swWN}YQHzdXz^)UNo!a8m9`!q5uM58 z(*CfJ6W@n1{ecVhveft@%gtf$(&3H;S9Zrp_IgSEEb%G)(&D$fFfsTm%Q+x2xmQ3g z7NR-=#iCOm;iD$xjc%4W7*ej6AQbyIu%Y+m9I%WDc3kT-m680#;m?~_i79TE6&!FFPY-l5Ua5(iGHF@P4-zoa#>IR>+XR%RSwx8b&9iPURcGiQrR*; z@lf%%#R(w*(1x_D-<1_N(;!Xp6V(u?7QhwOFM-kprdv;3b6 zl)h~iRki(sa_+w3EEKd6OH?EZMs70{Da5+&8WFP&NKb(l%HOtk(sPw+1}!vP6{1Wo zH(t0+uxyS{UIc?x^=mz!@M5@>8*W=TU*S5c3QunTdDXW)XEK0kF@{u$2yVYTOKt{S z{esBqDkBi^@*m*4fCFg^7&!^pAtYU^kj}snRYZtX(9cW7bF}7*9GBNL*hFTr!DA2t zYz^M5g_fI+yqvimda3Gb_FUqd=412?S%9Pn#?1CzcEpUqLjPMnsOn?AuldJe*cy#M zX$`MIB3~zOe+6X&<}r-#MICB4>Axj0*1O;=hY1LFBR6*;F*VJrJZwJ6c3k-89x$cLLJF{FXXB2-s22{ zdU{erg5-U!(k1W7AAqa23*rA1wK)Dm)M932`>zp0M_OA+8~>}79d|ENg)FIv-(9Mc z)N(eeOTWG?U6Yhxa;??aa46;2a;EPG0639I(|KV_M$gX8T_S-15`YhQORTX;A2{5~ z{?pd|w!tn%tHd8;+|<^sJ>-ZO7J*-4>Cma!_2R1`b(LXili8tLW1Q_ypC;s$rK^Z) zvr41>Z?dDHrtE4%xSo-|>~kfV%nH^ALLW+>*01~P`}pZ<+KwG46do-w6#9!J9R2P3 z_^Y=65Af3tJ&=C!`2M`o6`EmkpIy7V+rv$kzbL%5wo`B3z=mA_`L`e}s;N~hv3NN? z#H(Zz{v?X{=sSa&FBUm;#=B%94OU}Y5TpDXPBF%hR)|=?NWS2ybWWmB6cs%@wn7xx zu@wqmQ}Sy>{NQ@-qRZ~F+&N#v zT>d@i5`P$YI3i?ocnFw7K@?dWAZq>fwC@1$@Lbw(`aK4wB)Ji>s3J^`(L#6gq!Jh& zH4fVNTnX2$Xk>iTkc%)0aV*g-a0(Yv)0T%TAq5K*u1#k({E=xpQvLG^n4d6x>AJOn1`Ci+WB3#Ol4Eu zN-X;ODa|*HuU6XNf%=_c@hf2GPF#$%mQs?pxq}7M2)z)%Tv`%=T>N{>G*4Lam0pDk znN!ZoV5-DT6e3E)MU`#HHWfmcZVj*96cAVhRu~?ttgXalV?)EZR2UGLn=4#_6)kM8 zqbw=LrkbwW!ijNK<#8|%xnH}fS0L&iy;<-;Z`PK!Ngp+?!)&~r0&T8fPD+!{40NAU|| zg4hrJ2aF!SXQYUqP7l9*pKk6ZY6Ugsw!Uj*qZ5Y=NJWHwPUJ|}pdMls^Q9tb**qg% zG2~^w@^3$dFOE#Ii>I<|?pjuFQJ2Bn)RivI6ApeRfaP=Gr}3TwMY!U%@knv^%p0)|-ng4S$-f1*b!WPW zpJI$L>pUlBDG{w2?KHPxPY6I?Um2Pn1X4ktUGp!L0dk4>l33**f#}%K3Wn7D$}j{Y z+)?Q3`8m6J#Puqb70|vHMrx)0_dTMnQ&6Zf^~e_>VP zeCMEVF#2GSLKLCn?}kY0N6t!+(pD9OsBiTva>DRg*+m56BI#LWlEZZXhb%5F4NAVi z`*>QZ%{6Tbw^Mx`Y(}8@eJpnzzHvx{2kUG9d0xKaFf9>yTgtny%sv_M7ZvC;R^J)K92NDz)ld>sY}=QZ+h#Oi*C$03tIawhH6q)Go@6ADbY?^#H0- zU7vOcl|ObG(YD-#e|B?{dx{RWXRK=L`irDD<}`a#>@ zU=+FIE^%DO-LV?55!Cf-T7LsOC_-X;vJE1DD$Uo@fiM8=ZCX#S3ql8_dX{~eLJKp! zF9Jo78ix7S-3x5p*2#g^roV&0gf;S!!&_bM5Xq}Zd0Aq^T7b85L~w!jA(Zt>1LOx zM?GY>5D(WvIyHf+uA?yM6^pC;t;ExydK;7w9YY~F zqTwQuKzJsEz7v5#usl>PBM%}jI!k@33^Ye;Ss6@NY>jih@DizAeXdc+Oae^OAi@mG z@~%zSlylK}Vu%^*cqE8*Vn{Orw-iq|Y!sO;P$ZsnLPUZocm@%qhAdmpXKw2K4~|g0 zdwM#*?|8PN&vtkq1w$Zp2)aK*_0X{i{SN!<)K#oOBtaYBz8KnnzsG`(;Px|Vsj*{;zLU+2yj=M*PK`q>|_-2 z%ZQ(+f2|fsarx)vz%HCP-$h3021v%C<4V&eEP1fh+OTU3BuNH{DIe)2{Ih%^xWWr*?G?5nUGTNLYZA#-1$0}obs6L6O+ zPOqI7P3Be!r8)w|R5-qtE!ThR_ zYS~;}Hm=6Ha*$kiaBI)FngzaxIEaE^DQ)ai_hNwaJJNL`FK2e)eL!qF>J){(mrrc} zVf(5OvCNU>+zCf7e10ydKgVz+1F^l4As7k6f3Xgr3u2gXV4Dq>yq0?|C#sH1vuRge zv_?DYBz$?qm#uRSkC8#hM@SH%Z6xByNXYI&)JPvY@n^Hae@9RS7>TrzSq}Qr&z={- zGQ3a|Pivc#oen!lk=NaI$kIc^nB^X|ZT7&_h0Mk*E>x6JEu7;rjH{3S9a9p6>0`9{ zjVW^6o9z1HdjMJO6w;g2RqRyEFakT{stf-JRbxt28tbwngcew#W7%dH9;x~`!BJ={T~P^Rt~QJ*#U6<&vAUz`u{kNGumRR*x01+ zhCu|AT_&K{ERicB6pr$9iVlv+6{TmP*8ay$>$-MMkwa!uzIRA@Cc z^xkjfN_E?KzCLEyw(#3n)_a{%!g!BbB6KTlQg9h{@tspn7u@;$d$2PzGKWcUxA&`C z{%XiE2({~;LQwznF1d@k;ByXlP1(B9t3ab%9*O*}hGPvAVAwv`$D1pOrEn6&#=qvI zKCL=lP0{zXbM5C5P-(=HKDi@+L>mSHHJFP8WkRVWu&nfIyK^|*aT38+P9tpw%TDd@x@ z^wX@gKEY0!x8InF8`PJDYq_E>&c+-K$utXk1ibKhsoqsaDZP@3O1uZaz5hNLd277#a)@!x+K}tlOwZIe`c;Qzm ziWCLs?0qt_Ryc)e%WxhV$ru!d~_$(6bdrm*m!(|dJ~+{ zez?h3%{{9uKCMz3~YFzlU^JeN#QnxV*e02W!iNPhb-U1pP zKpsir0LVXtY_plEoborJw8;b-_|CHO;bOPn>-S9dt)o-#_f%JUC@SzlU`{EnZizlp zyTZ}C3q0yXkh2^aXG73V{ZH5Ih{6kez??ShLDL0=PS#59bsTTak_pzUju13w7}nvf zQt;|~!wiQVl#1x6OW<0%I!rUt-Md$8m5f&BmU1egF@sgdOPx&yWOInvjGJ7?y_iZy z_Bj?t0*P_38=Pu|X;W2ZnbAN5M7&??DNENzZn~{CmdIi@4Yk4v=wEQoK52bX%7>MT+Tk**GS01~JR(wG$r-U~faAUz ztM-6J7Bs!YOz1S~%u~;Aiz3gG(~3-`w@wRhVX(aF*KQmCIECPq$Dz^<*pQ7A{j44) zq%91FHG(XLX9V0xdpPkw#{Eh-I)q?0FA#GDY`po^ENzEFi&pM1*aw>m?KtapGL)*D z_^=C`SltivhD)35<=4?I9PWBju{s~nFt}xLn3Sr&!Nb1c%bv`?MDhKEe{|&hK=uY1 z5Yqy2=YTj3Kx(;ZE8d{@6sj=lBiZKEEzsZ|T>9nV_aqd38dZFs1+ttG;wqBGFvO!p zpFhw8Mm=(uUny)SN%=D=E30HkDDM|LYQM*fEFPdU&g*C(m@?GMG40*=LL+xT04P8k zzh8Y_q@L0o4;c}il@=F`Qt5$#p z00h$s$2`ibbXtFxBT*DF1P(UV z!QwxTXKXILTqM3tKbz;KTRLkd#+i@gL+RF{lqQ*I)2 zJe{xNH%Ib*p4PtLACw&U5{FQKEI+X|Aw;u7YZ?YL>{3tP<)VYRZI{S=c}S_s5LGvF zwV}2NIjq?lVpyrlIeVvQbSc`qn}-;Wr7=q{s;_n3&5Ma zF*v4df(u?^xFVnMv$DW$P)tG(c?Q2Rx1(_^{w5vrCt1?v5arCyJ!;pFaLP+pb$f8Dw9oP5ytnC{lc0R|>3<(*T^(^$moVRQeqa)Qw(h71mE{cb{Q;7@V# zE97mNdgV)TwSELG;A;~^->+H$22@u~{sU}_>fYGfOjoEi9pHNhp@Qv`l$gj^3cTnx zR}~)obKRDc5AedNis}Qy8S~U*4JZrz!AJaF-+BY*K7GXwKjnhhkilfCw!Bk(HCKO$ z*K;NC+{(k9UlZ)7a1})b8|^3O$lL^-Mva@sY7w?RLL;rA9c1qcO(@4`3qw}sgB&G# zh;CfCABQ36yRlUEZ8W~CDX(Q<-Q{3!V>4*ppof(#=PVzcfETyUa$>_o8QOT`|IN@# zH@ysa{h_~!VJvv9^DrN*q(yyea5HDhRn~6)+H7ah(vlH%GNtnFlxCTkNE8#W>EJmC9?_(Pq@T*Jdti*mTr4VZ+;Sl`GrjZR1sqa}jzSvZ^+ zS_7f5fHR^2mZQtgbfU}1a3Wd0Uvt-5t^+AkDMTGTF9)??1D`enlN)GBxk0h$y~Yy{ z8O|-BI&oya>xwF}z97qwx{NFirdA+vY8=f#%4r5sz-S<+%Yb3J&l{5F0+zgB&p8q; zzU6ho5eOPozhmQi>)`6BDyS9R|KqrOJoEQGY&i!LCoq-lc8u0A5>Z25Tk<(;ji7hfc@FBW!Q(} zNFy@Y^O(eG1OAqZlIl2=&{ztENG}2(1HrvzaG}R!iaZ?scK&1OGv-*-gFShl~0nCATKXTBRPL_RiO5OHAa&!n3k zTuoIEsU8mO4ZI`yxzV5==+5B@A#Z7_9K*PWl~0%v!q99pOgpHeDxndP#ZIeXC|-&B zroo7)tsYd^Vc19LQG-AHkBFw|)Vv8)<{a#bEJbkG;T$^ZxrN@h99X*d5a}xiL@?`5 zqQsZINL-aVj%^?&@FgU1aG^S>i z;ksZzOcCvOPDK769{tGgLAqpfvWQ<@D@QA^Cr}D0w41@?Cqkl*2wqV{*kKLFeqD&% zA{5WC0R5Z2^0@wW{f#$&pe+baqMa-D9*&tte`bR)Mren8D#2D@_NGFQ>3C+}>FeJ@ z9Z?@5g1K{)?3y5xF8R4SG$Po=J+-0s`>-kRbhnv<{LF?0nG~d1mY}15c(FGhglHr} z@2^*(PuQ{TNXFEtU;=jROcJ607V@f}8}L4zSij%Ra3-$V8A5k@VyyVudNnj#jn@UM zxs*|HEhAboOmIc-Mze8CQR)x%0@%ZM;QT7xR$mW36S>~-F*ICfq&ZuZE@t789v3VR znB!CiNFKVK4w3({y=hs1P{9za;|Ow8f;wCd;OJ9C=Hy?nF&I{0V-kj(x&-BCYnN~d z3nCt&M1dUteD0Vdp)9?{RT@_zx>hbNI#&zr`Wn+5B1T7lBtVtt1n!vuEoMU}=Be7r zl6MM`8_8y10nbJ)CfmylXjdKQ>P_Cj`okvJ3Y$}pf}h}{V% z^Lo{FH4+h$q?+QjRLFXj{Pw_A%oC!J#p^KH@#ji=X@zx=W+~K#ZCk>M!mx+v(6-v=!*0I&UyI4VOKeJ%hHB)s<;?!-mms2ecqyI_sw<3de^0#)F->O}Ct*`CYyG=EE@v*gvH=cg zcDIaZ4wzn*`3#dUCu@LDaqzo724BYMrV-Q`8%*V-fm{Fk?~_~3UeQj6#5_s^1W%P? zAO8%NzoPmtqQ6tdz8|d7-}_}}9A2x(4PVA;A2cqR;L<&Ku`4co%sRPlC?R|c*1nWS zafQRTA-^BAV1o&jnb>dc$xwN}@ngvL#Jy-!?bw>X{b8X6Et4oquQ7!g5Fif?X^ zodov?%zMrWIY-(nf$l*?qAK$WUCD|+*HyhhL_@DWK2~_-ACH?wHSW$0{jo3+?{a{3 zdtz)}_V`>%(*QjIeK3c|Q~AB8_s$j7o!MC?bGLGEe~|oy^b}_dB-&c0ZAMMH>S+Ca zHdk0&HjyFQ98j|F+)jLi(?aM{(#N2a0fM#BPV!sO09N-Uu;wwxYA;xI2}#T<-;HNf z&`}+NyFYiB=LOWJGoJxglR9BpC>uV*0ncFJ1mV~dNo&kE)0>QjHdwUF{$ko;M8i|t z5Q(?sjtAeG_vc9-i5Nl+TH#)2;=*JsvF3HZ;>iS>;)+@eo#4m`&@vJ5(FD-nUme#u zOI!VbV!}J^jD{-cUN{;Hzx_&;;w6@st@*Z!!0F$0aM^;tK$21BG!TbQdUI1kVWU+DOw`khy&YA?(Lul-_NnUmlHO>sMq4mE~NOmIepQtkt^yf#DMh;QWlr` z<%F52s;va_AkZxzvj3I=WsFtPEF9z#R4rs89@tmfXbV3KwL8G&vHavW;Tq7U*OGEs zUxV9y{dZw0fyj#?cIMETLqa-2g}a!Q??4~xJ`nL7ZK38nY6$W@;2M*ONb?shPm!#t zdOW-86sdrlFjDyQ6qTHvOR5#7S92Nc)~Fm16e@N>WDZIy)2OK$NO%5@A3XF%0u0iu zrc^X`=O3a)W zX-L-2rI3X#Hy7xY3|jfiA0LK34ao2Z6Qwy~gC#;MLz!z`l@JI=Xlyy=1;JWaPSOrX z51@K6XIS_!7p7YuYi~LXG@;u*`M<^-nqg&dX`IS##P(0O0eT;>hKZ-ervj6kPPp(q z{n=c~e`K{#>z4Tns>N&8(ag08@0>2eXKD${Ypv=|BWc0|Em0B-sm{WUQbHsByfY{i zXd;HFEI$44TAAmtE+42?x%eNAHarqW`Wxdtt)Q4CLumsAShAlnRF0!4r=6KH+>lE2 zH}Hf67`0Noz!It5{SYUB<4I(gw8k^VD>ouSg@?jTO6Z-Ia~S&nx&lXF!$Y!(xy$$( z+%Z9t`*Lxs61239=HH8AWP zT!8$WkL}u+Xy9HZoNhfUTK?sZ$RpEL80bt^Yb49Q$#N!ytfKGKaEOpts7Kc1gG(}V z_nz_hsy-lzgMt#iG$Jd6luLn6$$4GK4yz`-*Pe?n8s>htR#?l-&x$KNGY+k*CigCa zpSMA5&iV3zr=H4|U-&sa!wVb8}RO&3- zdrEMn_TO2bfF&?No&E~JY)wjgM2W$Ds~+Oa?PSzO=!eBlgPSVHvl9aSc%(Tffe-sF z?>}G?!NO{&LS>r`iPEp+YC&os^-ZU4P`1q~iO3gs}Q+_ zb>qHtzSxW#DpMC>a5{4@S^!n=bve)3%BFYygEs~;M6rhUFJu;GHtsv*vl zaZ1mP#;20<@_ya}eM~Ap+vG_${GWb@7a(xc6Q1^5r!il8XesLtiBQ>~!c!&@Yt#~n zFB+z#jc-9;TZ`g-h=#zqa=|8r3&9qsj27uK(x(%VY@;V$>~a?bb}e=M>V{m#~(G2!L@W zm-Lg@rmN27I6nqQDdKMEs^w}fdR0bsUXu%u3k;X{tEVRCmGQVJsKSB^UB@vaq>+s1 zVDJ;p`;w5`Gh{HIGjEB5bYnBND1P|LFKf4d3P%_X3;sO)%PFXa zQgRq$ZNbo!2$0obj>f#%W#R8?`w~ns-W4XjS|WeT9t?3m?)5i~r)+%P?Oh-AKz4dd z!&G91H{|*3fT*E(1A9$mLdW!^?5Fe<8g^}hM|6*K9{Ksy?j~weo17ky2Mg7KET4BpXVS^R&(>`t8G%uW&WyU%cnz||NEz+ zZJF;$wD_bW$&4d`X29dU1FFw+5hjIFu=3ur!m9#B);U5;7U9*EoRcMCg|PfVJ(5u7 z1Sd)@@+yy5;w!Qz7s=r$RH^2B_$4>b#FnQmL;a|d%a!);obnG-eV1GtVbs1mmwVf8 z?XS&Pb9mdmmxersakV`gOuT4r^gL6oa2cmaUA@w1{L+)8UU)fxyEGc z_0fEbb?pPl+MHt)4ArlIMsFKSGw!`<8`#6_#67AN;Qk{C$UF;7ww%Y3%oR7$I`>uS zSfZJ~Cz<6ME>*bP^JMqS-6;!y>34dRkJ1P#eiq6Fk1u_RUV^@6y7F&01pB`4pBZVv z!FoSW9R5){cAY);qeD1z7M7cz-?mfN5Wss3tnALnaS&VjrPh1tm3`-~>EzeS-pusT z21bRY-+|R(6yJ@$mV7t z%rMF?Dj6k~O!hwA&wy4FF;Il(c@EFWUf}fT4uCrOIE&PbJj)&baheuJu}?e+H3Lb# zfe^(iDZCpF`4ihLXAM-2TMsxgAr7Y z+D#D{xI(0Ty7!P(v#o=W5kPvaO1$HxqM^6u`f1yF5FsX9h3*hG#jolC%=0kdcErCO-B zY>Gr_%N6#FkW~5HPP@#bsBwwqQ74IRmQRpV2iIg(^B|NJ-5u|9cM63J*^gzZ9>3qY z{h-h|qqO@v7IfOCK0V)Pb@|mx%?3_R5sb+uKeyC%;bjSclu-I8$=^T@#NpIvLIg$l zAbrWcze&rQUF!{k?veYgkP|KE+7I*D&0XO74F59ws-(>1V7y3Gq8TE0)Mb@3-V9AL zI{+M|FLF1DhU^;&#dIS92DFY$oHR}grcWiBJpHIxgI=<)(Ho~6nJ(ERBc&}O+UB3FEq@25(`2Wqvd3o#A{EGF8SJu|aoXQxTq;2RUvHaK?OcRYmFQ4K-l z|FbwLJkqe8jTiNcZK}Z&*S2G7XZ66W@;hY?DRKxFbN%!+_WbIQkqFg&^t++h>X9+} za2z&i?z{f&plyCnCN)W_mV|BzB$eLqI%){!5Xz9$bO6`LAAZqy#RIF3Fz!*Y7{K)k*?MOGbww$WP?PVLL*a84>Q`ZXic_|bZdA0Uy~1QV%FK;q|1u+|2v6w zE-mh6%+7lE=SlhPCjq#%Gk=^_2^k9>bN;*aJf|tBXZSD0RRF4cCr)F;gI-RjZ|APr z_c@9IJ|AFEuVrE3bldI@n~L>jNWW|NbsFXMwc&}c6Tce7!X2F{XAS+~KA~;qkdE@* zx=gj2mqqw~-5IdHHA{_I5^TLLMRv+}A|aBV?Ab%VfQ23ZP-T;*BKc}XA!)iWq|#8q zjU)<~|CxPR-g2NVux;~82ywaH&BSauu)nqVc0!G2^Vn(_@}leh z)9c>4Ij;B0ioBo6WLCQWGM&+cM9<;t4x}vH>2KjhrbCd zfZ7X6L~2~-0q{_rQmGsq#<3A!moms{S| zS%FL^kp979*z zFdXt`;aVsZ@TYjw)Kpf)4lrKcrvm<%d>B8IqPb?aMVo_76jgtty%f4$Lb?y4a#XKD zub1M9oEF{mbWV2nFB>Qe^}peWRw_utB?-zqPhwo{{Xr#$nHH_XOk(_;?#YL}!Ppi8 zd)64Z%wQ))H><@PS2!sId`$7@Ac&<*NzKTTYsnNda-foYIMK>`b6dgdRyXLGA}k2u z2{~IPX5b88zUJnzT5OO=w)?_#9a+Ix8mlE6gxO`I+&2g{x?)P6&|`{+ZVX*WktfQ}qy!!9+)83x z+a(w!kq}4rqHL~IL!Jp`uI?nb*Dz*w_Ut%u4Vab9NJK_j{&ys&ACMonz4Bca0N#yx5{@fd zOXjQEtdk+<-%d`7`rk2uwYYO~K7bizRYe1|(m8*n{IH7Cwp~vi?tF#61I~EiR7oO+ z5jM@1+Bs&dnxT&6$qPq3@Ta~9=n^SOI{A~aw;Pbl_LDultU)KkBT&GRqXL)Nv1I_H>@E|ONmX%R@pu#*Wub{sqRZ--+R+6P!3H>ierp{ z?%tmu#=f6%ECs+a_iF{XsBboHH(TNC;H}Y0oJQL0cC(spLC_o*hmFFrr?G*d%#=F) z5I37ha1B0O;z5>NWV|+_^;~M;_dA{&1lvMR1V%RQGN`c#)<)jf50(3qBaQ(BG?h&q z&!>N4*vVW_50k;%)bN}rL>0iE8W2;GkH>d^WPBhHb@OY1MbBn!0ku9pl9)rcPB0iX zTuxVZ1|Gvlvu-6F;-LGUXv8;aC=JQX!#u;6;RX4cZ+}DsjUAy9CVQJ!uA3(AlN0>7 z2$U$M!}D+U0)OhUKi8Zr){2rBLa~>f3`)|va_MEliS2G4F#-d_)5LVq#o&`97eJ2= z2B?=D7je6dns@II52+D$fJGtCB zdhqYv zkYJA7WoPYx+t^G5>-O;(vgD`2-B}F#W*pGr3&x#i3|f@Os43IADdQkaR|YFXV+mdY zO5pytstHMfs2OcpJC(Rv5+i0?s>frin7&ik1PJ@Z-KWc`vi13E)^Htk3nFcvr$>Ko zLLIjw*kL;;nZgm|(OSsw2jlVkv@U>%C||Ai3v+!vL9|8g>TFwtWSr*$za>)RBZ;Wi(v`{+Wja z$h|^J9R2LyvVd`Y zZ6PK1n~W?0Q5-w*h{s@jf|%qPT>xd=FP|cXM19U6KWf?L0>d4pXL`aJDA4DT*AkJW z#=xH*9z>%xv1us)1jq=(m?${(k{g{nD&#?Q4KzZ(QtLskF>ohZ3lfH3s zcs|^uFHc}|iQdC>V6UsO&&+%s6Poas&QCEUjrAUg0j3&5LS?m_6kUa@zJePaN&8kO z8?Xb!{Yy+3T!~X*7*%f;{n!X8p7YsfC`G6LeVPD;!}a|4?Nrdqm#?nEAw8>1k{X2PCzHZJK(!9ino|Et`l=VCKyBlx2 zPp3_i>D;9YyOZ$&*;JmK^sB{1?GXD+^sfTWE;z@E#mdAX7x2e9bkUX05=mGNH`?X} zKn`;=1P7qQ4Y2PY5}_SL9kIJT+se-Km5I6WwB=ay>)m2W&42#1h5FQlvM!jiPY+5l zVdqfx?t22#aN^-BYx~Ygf2gw^)yt`TQfumb2$e>v#p(@bmt>E3o&r%(1PsyHFzdvo zndOFd&et=Ogmy>3GgDM5bhNAme3kxTa_*=G&TxRwf4QLinRKWU8qk$9$*4v%($+Tm zo{ufGnjppOqXVNpXfHtRSQK(b_}dCo=Hv6k*7Sk%Gbc!+Z5DZ_w|g(A8=>@UQ{ysw zab$IhoXOgxY=-cx>@lOnD59Ug4~8T=*84vZVX4*97zm!LzDQzJ-*)JC z^*^17vE8VB`?aEoG}?JyFzLIwvV47_qzqvyQAi#_%8JK5K5mLf7wkX)6AK>Bz{3&C zcPA8vq>QanMGxFT|VWq{)+ z&~mb|ax`ym*@kX7^Szqs*Sv)9;OERyCt`PwaG4Gg;5ZJjXtRm;tA<RnPS=Y}-$cM@` z!>d5@ihu^ks!JJzQsp~lJ$O?F%FXe-JV~hYq$bizuPi<|!K$}U**uHfP^~4)46D?{ zoY>62@T83dqM}p^5Xti)p!wilAg5qG7t7)M5Xt@Y7EBccP3eQjk^rmMVMkc~t503E zuOFh|YOmcIwD9!AUcjsv<7oEkDF1K>u@f;flmHuOX~{9XlF9^Oi`l=Z73C$MTRF)H zsS!wAWIKF|6^Rzjpn2Z?o$eAAjOw8lTltYUg@E0c=j+Z(C$Q*>)}}iyBsifLucZX`Ku!suYPXGy z_ys83Wlzx}c|^ov6`+!}LJ+dv*DPdjI*;y~TB8Yhv79p132-djv>G2Dm>OhGjGZbA z;~DL5n4_6f3(Z!{35 zrigC(?}&4sXtSOGm*Tz-Z}2pGvT2p!Li9`!_BR(7h0#yAg9O(EW{HIyK&Yocbs{&G zRs@7-@+{+~x8j+++H$-fvMJf%8}cugloTmQb__D~ATZKel@l>02~7x9z9;Bdiui>H zmi?(SSS>LUb&TjnQ>H@~X>q&}ixJ2%0hx-Rwp36Ns>WqbSOZ^Z5G*q^mXtPAr63f4 zGwzRjO>Ak%Zmr=-l-(j;MuK@vT>?4dQ67_{W1z*`TD|fpj130chhE7J(VB2V%nf0h zq-CBXTFM=xnQ~8#E?@nt0gtY?j7X(0jJ=RUKGa09Zz8qyNkxdi)YZL2*=J~&^+S)Q zIXE_n=4sD+znTLsp`Oy{oBh{AtpEAq^ZKzlp2>Cj^V!m;4W@m7Tc9Am>Lper4*?_| z&|7&11RHc2m#xpnZH4z5kiU)=6P}3f3;?+8i1u7Opd2Poy zmIxwMfb)m8TW}*8?gpfG1Y}{;P7L33eZbz)pE$jT*#<$WN;K@Zpb6yf>RpZO&h|y) zT-hmNB{|fPL<}QH>&yt0t~1fQ1MR!%zPihJgup$T#eSV>Nj2hC+TX}V9_!C+tHO0G zL11tvlL!5xGC;qy|5%%V0OMl1QHNIDuM^nX$4O^DpXg-ccU?{-M)8^<5|!RD!S?7W zm{g^nkp(wsSQIkjTl056=FtLvgpU+!Zsap#lxFoZyD0EU+x018+bs3AD&`{t!0I7R#Y>11iH4X z3+isz_FFq18!hf4svH6!vcQE^M3ysIF;Nn?*l>@0F;LdNW|41KK2egNtq#%8Md?=N z1z+agAzwWX6T_*qwu1E5oU5KgoJcG-nLEJ}NFbO=@S!BpL`@#0-Rt1aVLv4JN9C;V zpXKch_A>+rMc!s z>CPEqB});FL{E!HwB{Yob1TBDAK=}%R(--!|6(}ThZ=ruHu=x^$qpX&>c4?dS% zq8WS3Zp-K@T6=a&8zhKtj1Gtr6zuX2oNn*SLPI>PgM6Q95*h+m0$8QL#|S+Rt)y1d z{6!ChtgzRAC3U^OM+5;^b^iLEnJj4?+y02hpj(rk6SrrOh|G^2Ia31_#wjc!7z6^z z0S>J`{{aV`j{u5g8phic+!_OdR+Q|CA;pT2a3+Z5j){Dt4S%AgW3GJTDp>+|ML3s8 zy&|@b##g4J8z!;vJJTmN2n~vJQ=+2zwT1@HaUqy!6=6iBodXlV+z@9cl;N`7)INUSaJLeu3(PTGAqKe{eaLaW*KuQE7$Afj8XzO4n#7T$t^6# zmor$&iuk)O2WlSU=+%j$joi=3_F~dHRZgBMP!xvJ(TvrJyh%9beg^r+IPNcEagIOT z&;Dg%_Z}_f?SSauTlAs=g9X)y7?6YcnGquF&#Jg+1A{`b?}g#GzNfijl`NvhG!I4V zv3i(I()=*yd3QUX`EOcG_{4jTeopSQeEkhC5Ck6r62V_nPEx#Lgn#263r5D*tOGJfD0eO<-oowcugP2TIyXAnaEstAbEEN+DjjPGNrJDVxkte$DopxPvi6A zH?jBIbAe%-69*C59gLW&?}ofZNQQD_H%{NqKrLBxyH1lJz;5T51x^2!>WoZ|?TO*}on(P{Q|EmvY$4A!G?E zCj$u^x(-w%Ic|T33F!iihKMdCRTjEm#eHlHKUf~#MEz$O)#-aj%&d!g^mN9%?34t|E{POFR z`33F~OuL=m0*$6IlSPz2h+9io@V}2PB1m^YSa{=f5#)y~8vj8=y7JRApK1fTnHT1A z4!zOEWh!^E^Zz};Wl{0*0}^=fx%{D4|FG^$#@5(m?P8)q9;t6!bH~{ziZ~}oIW{iwotoif^_4DyV_f{|y6CA<|FHie8x~$ixKNi;;x4prHftRF7E@J@hW|a<1~) zF8q=9ph-NBUoug*y}cL!%~(4^Y*)TfaQNu$n4#r)=;X&G8A;gPh}kE+S|y8SiyMch z0embU>A#M{M{L-mH?#t4TlUR}@L+CC7l#0`8yBGmW_7eH0-KPB5GqN;U}>`D|J(y0BSnsb^To zZP{+&vIAF*A3yuLO}V;kbCEbk$vt{?R43!z5`Y4c{MxjSK69wv{#h^dF(gr`k8Quj z7XdB#5IX*lx(oQlt-NxN&#MICH+kd&st&IztKn(7N4QNBuA8ZQQ;e}cFSheE(f7sF z#BBAbalw+Bd?n$bK3s%LcluVhcF`CICzUEA5PsCqw2!uC#O9E(f6u#mNA_`E;7tH9 zDo;kye@fT?FO>NIEji)*Cuslg`X5S8a5kLr+U|1=8yvJXBJcJxWGnfYP_F0W(6vp} z6eeg^uV$5UtUN6EA+5jtIv3!l8$@*)4L%c0&@q>+fMRbX42A07+hH^Sxu0JbN7)W7 z2BjpiYR#RU+W+2HWD1%M(xKAN7c_=FhChx~gKi6UQDwgr=hSlk%qg0;&;Cm>wCcNf zW7Ia){-M42sAYUSz-|Gcb&=S@z9)!C7b*(s`2{#TxjkG)g5dW#ppvHs)Xthfg} ze2dmk0)KzeAo0j+ykgk)u_%M|b**eA=PLv=e;IQX3C4=SJPxxU1;s^vrl&jP9aaTq z#VDmB3#Sb7VNf#~6V_MKY+*)p^BjJ&Vn?f0o73$XFr64ck#%9q9;q9xYHz)Kkc`DU z?yP`qqit&=<54iQ>hJ8Wy$8MDI84z${7n;Rb6YVtUs(*qq)K+Vp?1WRGx$caYMSXR zLNB)@ntcBIOOk56f!5Pb8@ayAoF+~aaqYDf_tJ`9!L9xKS`Fe7j?C~VfLvgqY_0^& z8tZ=5AtA4yp}<<=?EwC6jCp4HUKR-g;rw|dez~2SeIV<6%MyQY+)`GSX<@!mY{&tC z(P4BRk4~Ne^K!7#wZx{!cp*)N!UavYQq5#+w2ploMG*+b;*9x*EHq9aRNsli6BI>O+7Hd^SLHm0yKS^0M$IOsB4o zU%eUcCC=@(9`w-!8#fl4R-LTmJ{TlY;D;M-@p8@K`}r}T)-Z>0oJ3lT#+35_o8B!z zmkqqmd)OMA-qAY}gPH`tBQqdAP74NGCR|=5iH>Ya1a+8%`939F!}$en8J3KS9)S9uz!t$+UR5~QdI=7zODXfF!W!KeH^NpE-wJLhMvdk**C-}xq@58B_{684) zNWGd;=H@=&J_4uncJlx663U}V`A9M{k5G9>vRBL{h1pdq|+skai;>29p zl12~mciaDxV6Pg3-){o^nZXs z%s_D0eZFWa#a0VrT6UWd_~juuu=Zm5r6Ku0=Z?Lvu+iBxdt(uyJYA4Nmrp}*-@|_5 zJ$>IVXjyl9IHL!jxjy{NOKctCD5@g6|JJSai@>x1O55bN*dqWLvT(B6gF~F%JYKe# zhq+8Ez0j!=Npyw&jrOXZj6g|M0q~U&Bc;I8U}kRwZ4eqTH66^nhme9b91MXJWSY?L z#Atq$OwZi!qn6HUZzd*-s=`$`?|V&>W&2T;w%YV0^`pOwptFn;v_b6qF#r!obJ z*hEyTKH3RS91k%faX$B#=?=doy8ewrD&(A-_Q0F=ex&Wdcn>G^{tVi@Fe%4pc6eu5`M_Mhsl^ zcsAF%oy=C)=c={q{F z?@}NVj`Kz0jF&5mlewJ0GYb`oqGoaA*uN72m*f8g}Kke>PX`k6Xw2V#VTq?G za%NkgXgX0YmPn0?+EoK{UmXn7dy3%9NCB%wd}NM5=EH2tD{k2?+~KTBUNnmrnvr8v z8ylj&y@jdE!5VRUO$-!3#G|GfyF~*lppDE=Q|Z1BkjD$E+knO@NbIn$2mnd+yRK1Y zHajb*5WJD1)#uB2EkTyA#HuPGeet-S*>YW3kF&V65F0G<44&1;=MS3m4#%Zz`?d0N zFvvFyNE>QbX4p{$;4=?U&%3Qp`2l?3$X%}MM^4mkb2m@_GB39ak)I4zOYn)pT6Tp2 zS_YuL2hZ9s$|0N8&+SAOlYpY`nZ0TRV{>hISvaR9W+zz@=4jq%O%xG>LS0WEkbnNx zTryssf^4d3qn$wVa;}Jseb8ckWIIa?>>UI+JTB5Y$H4(!z&BBSBuAY=A(gpbCJBgC z`x1&o%qqcw5zV0&$tj>s&D0R%F?9TF$z+Ba|6sR#)bifEAgbI&#UqLUjEh3cnJ~Ov z!BKSo4x#f=lL-pZDC4TXz_cOoyB#;IHM!QxL^gW*OfVEe>CfELve?(!U6`Xdiemr@ zX$nl+s;Vy#I$U47LYfXV0rXEMNr4kH_=Xd6=ihn$UO6`GqM?e-MAQ>yko?mpdknw2 z49F|31w3=bZwM@*@39--OBiS-C{HFl{?LFLA0%2JN;8ejNC;68s#8lHijd7cAoP#} z>)sF`BX?yN?-{NUKI5Ek;E-|DAHX22$hdJG>NCOwnnmFtg@D&;2zEw>KeDQQw;VF6 zGW8vt?-mABqYv-3-J#JXF15)_aoS+#Q(J$PLe&7vGaT$Tjjw5`qajrX`6?NaA>y2z zh5Y9Y*S(kDh;DoJzce69Z|xd6Y3?o#u9wvi9eti-Bh^mzSchX%^~45-Cw+Z?-qOE$ zGic~1TU6K^dU)Wd{+TTaa3NPrJg>C=r4&`nxoa3n>PP9QVH~!ZpaHW`@}FGXn*alvl>JH| zS5n?hJP3lZ1QFe~t4K$6+jvs*4krpbQ9gO@Mnb=lV=K z05H43`oQT`^~fM%&!sS+yt~}gEC&jfqZ%iz0WpQkaRfh^VI8}H{#H|Bh9@9~Q%O?d z0-f<*mZb;}PdbFrBiJU$Fvn`;rIO0E7IC zrrQO2FV6*E=19 z8cF%@@{%`&=7^ar9`5fXiqzPm2p5Jj0{7I$r)rJlqMPvg8mqqoSg~Zx=PVgmeAPG&VAX$9z*wM9GEJPT5aKNA@s7<)t7JEUOT~H$&l9fbz`ST zIlOYLwWQt5fYkfAzYEH*7W<;4GCJyZlKWaO)VcR=qrKz^Q@88yJ=qg8BeWolCVxqy zYfC|wdng_C@apel`@~&F;v(Z>RtJa+5t3rscE8u#b*YmVA0z3~>Ar>v&FdFLqESPx z-e~T|+k2VhMI$OO9eryv_uOQF_pq3!>OP7fsGSi$-nJP+PbS^qW``6h&CqG?2F~m^ z2NhU_zXVE6@8>lkZ^j!<3!z8T7vMMKUt@~UKcwj8f6STx0R3SR6v_Pt_;}lAlQu~5 z!w7o;k?~qLU3iYff*3;Q#bHTf2mjCrWYQwS*(w7K zQ1C*0=N0#s#^HA0aHnxtu5$RW)Zom7M#}i0dWMIT2ep`HLeQ@HW#_FIgz3e_sUouj zHbt@cM}ff5*IPqbWRta@>E*Gej9S~Xg?8lwaYpY_@w9pb{2%Ma;Li5h%b`p2s~&+r z#}jB=MB3pvTZe9^>u?8aZCJs0$43 z#jh3~l9J;vUyyJ&>sak?tHrJc7%nKs5O`=CctYJ0<%t=!=*CkoMjUv%E*AwX^QRz1OCV^Kw63 zp;O^m(x;irb4uv^aLYL@;=4$sQSq~8?dVsvix^G-Dr>b3i(|4~swlLmHlaG&D8)@2 zopn^Z9c##<(zXsb;cIgV>!jnPhj4@m;raDg9AL>L5W>M%2ZdA`X?m}S?>;{q=$;Ss z2T?hPB*14>*YbuQ_sVMg0 zAZ7Y6hiX=|Yo6ytBY=4ieFgL=MfPPzmt`cJL+J`{2Z^Anoe&WMPzOKZN@I^I0p_Ee zTca)rlr4bPn9}9B>6F9S12prv>%3XsA2GnYb1L?UNZ5QJWusw6`_m*-TUhuA2$L|| z`q&Wh;vX_{yp3y0fOCUBel|`EWkW`5@v!pTD|J5#%@OTt6vj=6^I0sira^5%}6P;sk-c z0UR@I9~{hWP7#}qgtY;R`)2lUowSS<8v#72MQB*#a1ynk>%-w*SB?hNVEx;x8hONh znoIg^77n?{Qb@BgNOfA_=ebYz6;`SYX-i3!sny2c7t|`~jo@Rc~M> ztTOx}S8}juKEuHkM&g3SaAu7OJS&RGtF(zKzcU!D#-f{Qmv zN*DquOrlYku<>^I`ZyW~EK(RzOzy}&i}ZWxFpn-#f+F$Lr%g2chZ9kTJk+2+zK8U5 z=*mbWG$gvlblNdIGDqy}9^d;**V*4Nxf?GXJyDIDnlG+i)KFizPTlpYYocv(P!OT* zOcidZJsdN3;Q}-D6})S^7b!z;kEVX4h0~!bH4%G;<|@?fw5wgi>v|Qw=)R$^RG2C zPXGY^%E%xZCV+9MR*v3?ejGkI2hH6rZm8o_et0=o{oAm}S5P4GLE`1zG7sa*{do3T zo-tqYOi3*`&F*Rc2kDkQXT&7P@VlApNG+c_Uq)=tfpbGvqS;DJZBOR@?=)&FeEnx4 zS+Bz377DxGpHci4=?A~YRqJW)>Wxv?bj9rPu?NrLkp=4+qU_dpN5;FazZ4mK*sec?%hZ!ZbIWfNxsCG0`8Hlj zckSXo=i#{16yG~NY?Wut4h}azX!o?vl5c%0Klgm%-{B?4ek}R4KieaJd%ITMfoh)WQtPeN z&Rm7cKf0_n5oP!&qlrnAwf>Y?zd+ZEGXb77SN)6JhX_V2`8JH#0#Q%_zg{pulR~FR zB)!Xh7`i>EY%Lam_=n;_Uj0B@Nx<^{r+TyhUn>i|I{17_f;>yb)0|j zUTA65kH;!J&9;sHiK?P-de~n>`%h0%+9Ux zjgI>kSB4jRuGhEpzeTSEg^*p(LsFOq4yi865RG^eyPiksPpne8w^DXyMO7&{Q^faR z`P`3VHmb(9@*?ncsf;Qbi(Aup$_ZrjZpKzob3Xb%3AglM`!!(7l=I1inDh4>h$IPv zRv#j^tIx^Gaj=7Y!snh*M)F*BUEY8mz{qKLV|uq3$o|=yQ9;Lp-NAEVHpYAE_SL1TS~s&eS4?2UE3dc#z{74juZ2@QPYHqbFm_t#=^#`f*5`l|6xP zc)0sja<#*KJ*sqo`4w6nn<-$RlNw9_X4M_@8E>yXd#C|W*zexY2Ob7VS_EeV6cNnl zF8iX94&bWv1py#jzy(@6@b?gQyJS3J9D!mlMn(vSLxoo1_xU+qAZSDM&pi!Aq0_MF)=Y;(k=m=P8lAUuW3AC!fpW8g-9#9L;q_UG2+lQ^N_V-a}ks8 z@KsS<9;R9o_5@fjkzpr&y^`{zoiRdp%nQKQx_u7`u)vaP?UBd-;x*hK|BOSMFp6a z%)%{GTa#j%Z2M5ci=9=h5N41WrM@M&rP0AJ?io(C;l2l8sKpWB0t#b|t<`jc-&4 ztFrZb#zM7v0=LfrCtlD(q;>96};qEJnq%PSIK5-=8vJt*!Kj-8mP0|$Ng^l=)=7i z_sroZ$)(ZIo1M`1PPI3>0gGU;auz$Bv+ky$tRJu_Ts;yB?AONxO~dkNRU1bC3UAbz!0OWeeuK!LGQs1Q zrBu~aD>1uz<~-#gQ6ZElb2o+bCf5R1pJA=EV!*d+{hP>w<#Lf5;;}npwLfNKc={oo zfd+bl5HRLJX6zyYf(Fum$YyM{4Hvv*2G?st|MlZ%)t6G-Jy(+3h8{wW*gh1KhOqm| z!rdiiy4;mRD=chpy9#O2Sj^=JAJ`?Q!o?geTFBif{5UzXHI&Tef-Ew=ap49cu+Opk zK<1T}N!|ggs});iH2*+o;=oFc;rH1F`2_LH=lI3#$V~6GnB0uukk^?KvVk{cWr-Dl z?X07r?5*yVZLd*#5CcN#=ia;}24`e}o63tjZf1jSba-hgLu6CtarU^--yo6NCbL2$ zCHxr7n}SQH>}go8!zow!$#Fy}@{y!93mkZ0-{8yUlk)Qsb6s9qOnG10b>57WkC$dq z8BP=Zl~YQzH?};GmI1RJmd$5oImZWHEqMBhyJ~Q9{?p8r%^)OOD3TW2Ozps=e~%&V ztn2rkD_c#W@ah<_XL%N+o4Xa+szM#2m=aX;c)q(T3C$PU39;$nmH0v@T+tm;k1I9n zbXZdLhjrTR8?7g;26V(Fa0I1v^`@b<@w8-CKad@^#}rgX=`tjV7hC;fnWe572)$Zq zwEbJ9IK(f6$}$@3qVDkI{B{3kQP9fn(+F;8^;mub&ch|TM?NmI@pu8H(792@eBE>( z?ePU*zgUz)>;Xf{0fnF5n_XsXt9M_VpXk8Obko_! zq3!6K8XGPH=FX>B%QZfDJ!>)mul7Sf0x?+Wsf7lMl0Ah_`v5=apC*cVO7etyO<%x* z_mrOh5=Q3#h$J#Gv;5D(*sUS;4`hMVGh4f7Q%(g92Fcr4N|HQIRxY{hK~BDTTp&Ib zh8dwOK7suE>0AhikjFByCh3X^uiq$rZeD}1OB{!a_x!7!vD*-C!Hj6S7eGCKtjFO z3;pBvxQksQa!Laf&Kb$<-`GfjVXznVcEU+YJkvHNG2S|Q^ECIe=t-J)ocF7@TT(NC`SljK2CKgv_^`03lQ)N9&O7 z`7|t{-{`%|n_L?PElO&{zuj!2QwGin4*|9SX63*aZ^lz1=$MA`gTx9Jogk)nuB~0mePkm|N9(3&z}5)2Bd zjJ6A#*X9VaSx`86wBX=pa@7qiac&+ZEh2@0zzI|&YPa?@Upkk)6v}I?rPfAuj7zY( z+!J`OpA1jiBRDH&PSO((Oq%T!hZ`am=WP&W)ad(n2L(}|bO8f_+DQ(VMCt-`4`hpd zhD6PI%f{CQQymn8gS-0&avmePx8^t@j<9zK!5bF*bFzUNToSfOS*TR!T((4$7EN!x zA5lbC7ZwxhEyl9fRPk17;ZqK%@@h3e5rBp_{L{L-rZs{NIdv>DQKH6xPy1@4mOF>Qv=3GCDe~}ZL9y|KeeItss692x znuPS|l#>fvZjDHcRDeG(2r(FxCMa;7dVs9qJFqUSnSkQ-l5o9udwX45Q1D2V9*3Ca ziD3@VL1DLJ#^e^h?3>7P5H%8yC2E;J_adPYSfz2j1bAyL(sXMt0rnPCP&w)4D^_EY z*i@P#JQ{4F8`PS(c~W8qnIxb@{q0GV&cYf$ir9j|z0zbL^n<#nlp=@~6;Ke%wpbmD zG~p5PMF>3*o9Sd2Z*(kPz}GOSPc3D$QX&^oz`XG>wtX%^9CXk3ifRWh3u{YvSFT`56Y+AiOAB)vl9I zS6h1%rLH@R<}UqWL^JAHAE5^UW_^hk7PD~s)K_cRG?jlcef&&#aGIdx`N)YSijISs z5@sa9#>phS^vVWF-7S_-yX0Ab9B|~@k?_4#93Iur5;t6cN6r#0J+U%+8a?^rayM*u z40$4nSNz@thYkV=j!guhY711eiVSj{!s2Y8SUi`M-~pY`HqCqG^Q*k-mZ812N@6By z@9Y11m?$~--XJ*>aGE@J;ggjfEeDnjF6{GLE7)4ibRd&Mgy|oyG)VnDYlW7n~1n+LL%y31VErJ%8K1fe_hv`=&U#9P8?bd96 zOb5`6>1a&RC7JosVJ2SS%5l8-c4(-^RictkqA01Z_is)ZeDXVC=}(!D^bo&38*Ng_ zNw0mOkm%1FW1hQ@>}H(%W^{6$j|exWoK_+=q#8}SB zA%d5G!bY}yR31I#z<{k-?~6fx#c)wieEUi%wC~<0Z0FephM6r{=yVhcU0u}FvnC6k z+q&;xMWdu9r@&H;5ELGh7x_iAVoDae{$9+zvQ(vVuz2AA-AH;1D^dP6D-o_Rl1vJg zwpgn`B8*Wd@p4z!dX@6uV9SE4N!5C`sjyxC#p^=jcB;Kt?u=YhhocRPE|jHB`1jCv z5RB)0<(7~K(T!EH7-N(z#socXC?<<-*+4CKg|`%Kst%jv{VFIPhR!OBs>GgNl}Z8p z7)!zVUQl^cGgA3kd_^steRg#AqE4%&qFz63Ef1aUIW4X{s&Gf7b;rHA(p!P7h!yfY z1IRmbC~EH6>qDmV2Pxy7S;F)}QH^c&zWyPoBo-ZejsiO6KYE#*z&=Kc0yNqgoIgrv zgm72I=`M|RaI_3Pk>k}8nPd+`U%z8XPiVRBrcSYJCoXvpq@|KZ`3?nXc;D?757g)o z{()?#%jIHxt=vn`>eF5YxtX!mh#>8E>5K>MGIqxS?5_pG%acp;PFc^B;ez8Sy0qAa zAB%*{s`z#Z(DZGUL3RneADC@H=Nll?_YYMj$xT z+91hhu_=+Mk+V1fb8?Jf1XtTT=) zgdo397>mu?jwW`$8fJ1ZM(`9M%G&P#d)u?~mS1^crJ^=%dO5lFj}V{l$#HD5)AVeL z-C>cbMq2&tJPv=M_2E+qmCP0aw)NOf&W7*Gr`Nrv^X)P$0Cr+8_F=ERCqb5d<^22u z>;%W~+c?M_KQxnF@`qCZWzcTFtMlVK0`on6RKWV=J)Zv}jEj|Kifot8BBIpsgpp8U zeDld3>UFfDgVf@&VLNYy!SF^VgOaw52Q#f6kolw!kG=(L6IbDw1dmyUgsB;4zGO^g zG5gYzSnw5Dy@ru__}EA{qhDtSk2Ww$WPMI4*y6(B~`6psNJ z2qv!ZOrW8P(Ryql0itGls8}IHO>2H4d%lPjh4MSjBuqGQK-)<#p~*$%L3;N06is2Al^cwS&Wtt0dIk=yTo0j1pUAQ0v-0wnwUS8?Kdce`7`IVc|!BB;4>OV z$0(VdLX353AS`jk^zxaMUh`v#D#V=a(vAgoU4>rm`a;3a$3as10T2Zl$I&+p_FN?M zT%v&x&8URIwoe+Rm*L+W1|wTuIY_z~58$)`R)4#qgXu4Ea}N>58QlQ&iUJ!=&_Ex| z6u9HaU>+)XbRvy1{6_gper=MDjee;yu-$27YxvJV1UGRL0NjKS?}s}vq=s?^5z<~Y zrn0`UM5AM%^NBGYDVQ3}1;b>6tiD7Ti_HZI{_H2NSa8M?Tn;s+l$poGz#Co_e|o{gY8p%$oa7rAr61}#4yT7xzbh92fe{rDCPj}(7Pe5O4$VpMtN}qycJP!h zVN5c5i%>wplV%YGHi4EqoQA~Y*DHXd&>~Il(h_vP*ERGih`Iil*C7NteD=aiO#al) zfZ~dewl8>IK_f#8x-Y6A@l9}rYtC{;tU#{>+CSZx*1t>>SRp$ja$UItWsK>a=Dt(8eg> zN-2jj11|&aRj>vXy#b6a78`#?8Vmm|l)TESAmkkOI|T~XTP(}!&cLN0SZmwa{vK}~ z0UfSBHoBmgSRSm2J^-JQt>y(b7FmnNZMZnbRmU_v<+6!ypH@#4UGZlK|y zD!=@q6QdZzYYVSo{h(@?HTK#ez{$J9AVSES$ma|h9Qx66Ee%%(2$_c296YsyDGFHH z@C%n;j2aO0uk+XCDW9ezEr|S4I;7dOW_sQ(or<&Hdud6at0jc=NcNy$TD1th_bJ4B zkrPcmwn_bJz+b#Y+L=~+R*Tgy@-*^qi@`GxHo>f!;6MK58M3?|Z`aS2>{!}Fahcf4 zkM&?8o7Jo0#1rCxDyGlhe}Mr3-kaE~A_NU&1chqM!K%Z@YnNeWNw+*~Y4PxLclx(d zvB$T}Zsl{bT}oV01@$nhscnk16*{KnDlEzybL4{_D^>si0!o)O@oR}$d9v|e&ehat zi0|qQajBg$RV^GmsJ3XmkECq+9-hJHu)&zmV4d1EF7w%806adyJO(KOp@z2Md<+t^eQL5}0tm+~#Y8a^mm~ zH#C>u{+!@WBZ*p@yYeGthS5Y^vJBEWN|8wEB6X*Rg&`@f<@u%8 z%RIG{-G2>vFC!_apou%np*SrDy(2iw^L`bjm~E29&0zEjUm4dmT5lHwok z6w~$n!7p4z63|Ud?4ex;{z3460?5;Z{X>7X`QanC!48eL9>H*b=XvyyZr0O08ytGm z?ifKtXBJjUbG^ejYfniZ4Icgc%)Z>%KVrbegg6&pgbVDctI>@1_acPH1E(4_W$kyL ztyt?qsRta)aR@oYdp@)uCK2RB18BuV8YmEu%zu856G7A)JXiofg~42m3E^{iwU3|I zPbR=UNXD;blq?cgqt%B-3Y13_$0;Z|-nmvqs+P5aBw^gsg~fZx&O8^8)B)bDFXU-0 zZ%`uJ98=GiE{;1*#lcu0OdE{w9wKN+2!ZI7z*zmUFin3n;NcfG2nOrI@;x9gI&pLt z0F8<(mb<@`>icVWQU*pXTLz`W_bcG`y)*a^&~hnPS2v&B$E#pFk}is?nf}%Frlnks zHUM;7tMvkVM5HC};|Ex470EyH(MqZd#p!1b{n6rjedU-PqsPzN@o<2L&%yB5{Rwg` zlir*8BcSl%&(U*&E$F3uTCLWsUfBusGYeB`x#PL60ZZt3LHpdWuZ+ZiEB?0Gmc;7kl@VAyEoKiW;3xT1IfC7nD z*{~y);+3bxbt- zNcZkt2$sdN0gtj59lAO^C~b@!Ubi!Yi7CZv9F;&?n3Ga7!{=3`2mX-5BPELI@@%v` z9w!Je+wbQ4{KRxASoB6s!Yb>d$R}!|BFTKY>8P%Wq>_Om7Hma#F7?C)mQ}9OAF>W;NRa;54k%0)gb+R6O5kh8jD zAvN|Ct zmlAJTyx9r$W-s#nHNrb-Dd<8PR&*bzQW~VdTKoqu&rI-LukQ`Pj24rl%IzWx5<+EW zkCdd|p72uwb(wbUHmp>HABglLXQYrz?vRU0LBP*R{#!5GI^4Sow_Ey=)!f|NW?9S7 zr8SAAn$4sWdr3og=fw?k^okyB={76U_@L<{nW|zBz41t|JT92mmZY?*8PN@o>aW9+ zAU6@?v2R##2mfY zb2^N0oVlV6s0}P-kVEyW$$j-9d1kl7qK~v~N_#korT*K2qsq7#c9NjuNRrfBS3d_p z@a4T6WwR7h1`x;cn>dW{sJgz9SOcy7oPv7dOKtYHbcu^XPlvgfqcO&(g(8dFZoa|e-*C9ZMrgMvIb)aE`Vql4NZ0*;89N zMHJM5ah?<84bX5hS^aq|0+gW@lT0@*p-GMh_Gli;C%)5|r<+r?)LOJgh=lnWjMKeH zRu#9TX`8jWts@aGG5WoNY6pjkPzN4pj-zeOT`=cVA0ww9cbZoVe9YC{Jj>Qq8Aq09 z(yj?Y4#|2cZ+HCCo+G+jeb)`@0aG?!txmu~`f;gIzIu2w)5jm5#xHW=b{%hB=Z;ha z{oMJ0nA_s|;fZM1lE8k|63t&Wqoq-*K(3x(oA=}GV(-7PL^*mJB9%qW_qGGTrP1bx%rvmltTheX@!`Rw<8qOGb7Q((j~$%cnP8=4MsOLJ_vderRpIZ&U^BjFW% zHZdYOhCvVR>dpn-1<3v&7>Kq5gx)N;4pffKBu$9mhgA!r> znpSzBVNgP=;^u;by<<1;&Kh=If)4e8_>zJ7To71oV{>3L%ZhlWTB)h!A+h(|9OX#z z$)P-X=Fz6}5i3@hpAbnz=|#)hkM}W8z~A6%!xZfokzi}W9;nrZ#w+uWl0X!!i#vtE zmDSNTwZubp?4{kCRzVBb)fqHy{j-*AcPMeGe0Qo`EDMoJ1?&770h|#6n2*-lc)GO^ z20iBYVWsJ|3uxH`rTH1!Kxg4adbT~mKU4{?s|G*0)wHa=prRmw{;nX zrrP(r%TZo5MmZOVfg$ITH-E}zO9=SyJ4Nyc(c|;5b%z==R%?7P! z-Rr2_nAW@m2&Z_B&xmj6tcJb=)X+U!wG;*bqfPI-kW(x9F}s zH&7(ZAwa-m2U3`>OjYR_cfmV}z-x4)YfOl&B>ig+8{_^0jPOn`da6QzMrs^GR*s9y zlv5HOZR)}#URv&g1iPuTT&mfIPQu;gbG8=jK%S^ z_apA+;n;>^`x0*|Nh@{f_`r^zQ1j3-zyh*@>fD2Ld-BOv%0N$+Vs%A3`<&;vf5138BD^ zRVCqWum6{d;e8i20eJ+c#vbm~Y((RTuUBenwEPC%#UKcG9f#(OuU7J^+m?OM*VR29 zz2lb@I_q5zY#h+*zkVpJtpC?r!pzG4Keu`|Yic=dwxRmG*3M1wDqjdg@FS3o7n&L4bP5(b<8kwtST(?}Z|es^`K|EhypVydKX?66e5Bv_eLqs~v+)X_bW z(W+gsOmF$CqPRO7>Xpe;c)D0Mwm?>h-VfA&baDAkPi{9W_v1Db_i1z4S zzn-n_bsS0C^xLo}P3GZXCi;&DU$oz=p7k$q8Km{WiOkPtCP3ogOoGPhjKiAq;Tlm1 zHPaSlk!bd5ov62cdd#Zuc|7Iqz(d~W&r&T zbP<<$)-Db;f0EC+Ok|a`8)h_)3 zrdG8HLF#R-*C#w?>@si!#{nRf;oh4?5;ekP!$35MS6>osh9`p7Lm=_Pw43LFkWVBT zl=H&aE%7SQV26pgia|Kr=E7V{L5|d?g|3GygfRo6s9a(_5O2qKvFkn;2^lriT=N|PHxmB_ zOQ?=%VahzmAs&9RtmXFgskdrQ_P3?AqfGrB-upF3N)0{yaSO(H0uM?pf7Aj7V*y(p<0yCp937Nbf=K#sxk#$mAX-#KWcRsly!Y61=V{vf7z90}y+GtEwZ-dOX z$G>L3M4tPwX>KJE8dV8CHVoDQ z_xIV%s-{P2w*v8wF*@E8WVqy+c6}78R^bkmo5Jue77|<@*=*#lAQ16r?d&T*W)9-0 z9j2n=;Up_Z1bb1Ed(H&mFv7L>Bu>whBCmXJ< zoFRny#L~Yyn7{VIr~O7gYQZ0|k!RjaPi=$AUPVeo;U3uo=u4FG6vzuQW)i>f!!}o; z819SH_gJhqsME~PJ8N=3bKIuoDpUzlFo=X{1aG!%l)|;VZ&+!#`pol6%i?|(^yNIo ztN-HO7Hq-*Tl?OBf;TnP)U5o7>r5wo9_*E@_&vK7YgQzO&mm-A(7WpKf-MZxAD9`s*R(LiC{6l~kLtf=*?{S6V4#k9F1GN8T@XV^ikK~(EZ z6K)R;)qHf#%=B87?hH<%*$fX>di>3xaWgz=jZQGC z6l?A5*)=($`(O4U(OJB5ew<}LJU=m6!W`X}G}Lf}y|}iF_;7cJ`pTA2qR)^j_xELD zLO?27&o8LKQ>bR*dhIUr2q@O>=~jC005zJZEO5X2>p#05rosBDPa+ew==7SGO=)ggk`hVSi=LDYRhb%bMpEfba@nnf&m;up+=ySdS)h za`@3#e}661oFx=Ekg7?Lea3Ol8Y76(3=+y-v+)unNBPM7*om*VMMO8fwjmp7Gl1r- zC-1N3_t9QpkTX$@12qAPm-?ZgU4+Sklt!11&gj%}xPHI}C{J)y*x~c_z6ZhhJl|gj zn(=3xn*$)n)Pv)h2n&rKTKiO0@f#F@ALpOyxUy%^imNZ-n_|X3F2F+ruS?N4`=fE1 z9>M(ruP6m7z`V68m>G@6r}qu!*Tatp?(r4#sfkXohZ0p+KlQ!cIY$+tuW#QjU} zc$R8|+Mx6FisrnR>2F$nb|tYue}UXTEa0wUg8=mCSFh|3+xD|1P@kR$A+yaBA zbs$3+ZbQ`LK3)R)El(TKnBTbTJRZjuZnx(C)JrZccw!I&;wv$t@QQc5fW$nlqY0{qm=9HkVZ*5mT|cLSxZHkV)h33`Q?&sa{Rhn2B~sSX~v08!6DksifW zJgbHDuBAt1mNe0sgVNzwVIyYF>_uSiqB^1nn$3@ec!>Rh`L;Ip>yDTJ9Jq$pJ33lG zNCqd+?-zUrR}A3EOk8;;S!|&w>Y>=$l>k!E0Y+7uC*CR zM>8Wm(+-0R=6g{iJE6nvcWMj}m>0NLo6|>t1G>hvi{8>X?G~ufIKmc-g#LC`QRDg& zh|N_5EyvQQ5}qI0faA_k3ceOu3}-n}E4oOMH0BvoIkJN`5XLx@zayW&e->4=ajiX| zcVzN%C}75>JsV&QA>weQw#Y9x+m$zbAwC}spuOrUhsnc{4Q1%NH5?9K!_BH4qD#+= z4RW=&1vhz}L4w?9D)MWwY1-M1Yl`cqAXa?evhl`p?{})?2N$(XNL8REK-N?AWF~Bt zqfK*}44?TOVoH|gr)epw#0qq~%0G4u_xJxX_KwY&c460GY}-zE%q!~Hwr$(CZQHhO zyJOq7lj&z>>aCipyK0`Z_W29;hrQNuEZ9#h8io5Wqs0P7z&TqQQmuE98-}^AES!_T z7G2_j6{ThGihSr`X6sJaOfH<=NT+b^UA#%_a_Fx^<>%W*mB#yx{;v^YJr@kAfC$?tR z*RgBiohB!9KE~^o5o~8HPGJ=zf{!aoK4AzD`?3Q(vW2YMH5B=|_eeSC!-K8HqofiE zXzxaEM%-o8F1OU`xj41HM+>axQ^|JNru}~jY_@E;`V|w8E@#iIE#G(4@2sqyj$y)r zslgZ!6Kpb+H`5|X;mF2v>GdIl{yA}ezh zEr}-??=zlVo$xbc-HS>4+ph*;%Og$I#m(7%fmg8P4jfHSPpBQ4x&6FrNN6*2r|Wiy zw4EU_wKlt}a~oVrMxK6&C}i33+l;-n=2`7>B!NYH?sFRN67fSGdMr;`%d3ro+B4TWKy2TKaUZP z+P_yyrk@NTDdsRjs*1b++(>AOYyJ-Xe$CvA>nu>&CbNmS0EPs`;2<*%$$~Tu!3A&S zN9$sL+rK|tbEFK+ItmvHn9L+X=dWNYalqE13m`P1KOxCEd)8=`WdWW@y~nod4G6!aA_Nf%DL z^>)pXs6!VWoLE+!4xHBPge2oEc};QE$| zoU_Yzo}Jq0S9oY7i?(cF=YKXY(RfMU^M$b-#ubt^A$mI6+#J6>B6=kF>xX|A*&?HS zP2mGky`NQ5LXbh)Qt%RkV&u>Ey-l(u4uMZD$z(ol5Wp+1z;;93Ja*b`ptm|Y#qGg3 z#RYo!U_k~gVfF(+N%Wc4)vpHuds@kis^o5OHL3ej}9M^XW zl#A-YWy(O3%xKQBr_Mtq!-`;+U{uO4RYW zWw296e?oUNOLkT{!?b{w5V@UYqebcZua-RPHab3nsgUKx9}0GjWEq z^%?sVqss)=v-G1-+!ey*EQ}@VCCtjm^A@^y>q=i$?yim80e5Yc%;FM0qi#eM5{$~J z-}c`a%>`<KVsTcLnh|9pm3&+z!d=|86l`w}>Q7(0G5X8C{=#PX~xsQ$p3;xNMb zy8cX&Al~C}i|z|YGnp{0X;b@h{(L`f-1Kn#nCXaMm|J@?MT7ON@%E6*k}2H2%v0FD z-=tqBj*jh)|CVR`C(5cd7_>Vthj(|`n<2$65W4xPIV3KaClogSd98TFeM^tZDcKLU z?_!D(R>(m#h!2&hi+|8j3f?jdOE%(~^ns1Qo6PGI`js9acCSW^RZwIl2gfr6Oy)Mj z3o&X$c7%?nfGkF=j&_oxa?yE(u1w$@K7WL-!WBDI*jKQr96*;^a-JgGXkrL!jh*X^ ztDW(xz0vPkvBGbeOKLa^dv1S3R5p62Ehnp8fwJF0KWp}_-@%7!wY_)x7#-@ju^4|{ z4n|@{_tj;jh8ac-TKQ2>!H6nX)c!v2e0__g7*i@bhv zcKSZ@>ZzCLh)es4bqGYdq@OWnCabRtS4ZL$l7va=X8RmMZ)IEf1M`5Ocadlfzg^C@6AM}I$T zX_J`gubLU070^g3cm`#8j%KBKnMP1i4U>*Vi2 zkhh~Pxi=s!xH};kIW4W4FHF?7hXpchCSh`Mt|W8Rx2(51=IIEj#GOacMfwoj %N zWpzZ+gobEj7UjYHKXPuif$(}5apo?*sPj0mhDG0rlI})WqT|s8121)?cgmrD@4=wQ z&x+19O?7))kf6n3W)}z*Z@{tgsue8!~lUi zfh)bqFTg`!H18fKzi8mjKfi|gYQuL7L`BB-nDyRD9k3{tW3bI2Ne#`Q%*nI>HN6<# zE#3Vg%Po>0Ykz3HvaWU1SpJHt~dk zX*h1yXp|`De?Dx`pqmfOReXM-Q!0jMwawJ*YUlVA1Hd_*ojMb$?{u=97KxmWKQ!}Z8=GyM zBVbYwi%V$%(RCA@L9V!~6DrUAy-x&^janF#@JNDv3f{C5+?kzcXaM;dqZNCr6-%@- zND=W>(JIDW3rdkP?P9FDp|wS)vyQ!u5AjtD4`+$O%lG^*i7>_qo(q9Wh%ud0GvHvZ z@w_v1Ky(ppCuWrQR}?zxIOI=?-Tg^y+@77y4s-ATF5j({OA8IFBV3p@AjO0kI5e}& z%O#{WU8!~Bu9i4gwQ|1rpFJ27%N)Y&KX5nT|FgnTa;r&v(Yq$Z4;7(7^iy`9Q#P0%o2_l>T z?()wFm02M^w+Leee)|2v9s0K@g+|@bJ?kp4dNN(|{?;ckD^0<^e>mwa);A?PNuZz& z4LAIpM)W?6nqLcUJh|w#x<=_Se80kv*hIB4D__)+){pqkI&7rJOrjJfr`$Orutf-_ z&;(s!m-K**<}^Lma4|lFZ*MT?>9vp{6pR zBAmPO54``w$|0bHCxjyzhe2>!M)9z!nO$2lPq@^$y8(u(-gb~;iCt81$K)&BPk>p2 zAr(Z84?I-}xBOHgB5jaJI*jc;{ZEym82`1jM=ThXAy?$Q`q-DXBZg;e*-X+a*t`5e zUt9`hs%1Spvp*diQ)`w7q|?=VKwdTVR32lcw-%sU{xGE6F^`L-6OYuNF9%yOae#S# zCPhm{amw$FSyk#|yretOzkmvO>PX5PCn>oSDJ!7%NJd!IATP_W9O`Hs7zRwDqU|rH z|H-feW+yd=6A{sS1yG5emRuUaWTh8G%dg;By$s?9Y%68~H{=i<{TLz?sC5(_)qWC# ze0)%cMrY3>+@z5Tt}-*I}3gXbYloL0Hz9u!dW}D`9YW;nU z7lXIA_toaD(^GgC8yOtND>|I6W)3&%f;uTwb0OW5cogxx@aYv2}*!2@+lv4-B(>RI>a8?gX{tH*7mWKx!pr;BH5 ztPMGanV9b_AkODsX{+h$oV-X{KI&+o#^w=JXx84y7G6WKL0*S>? z6Xx`2WMyQlDkkBM_W?OKNRphlKA-IxbLuZ>q*-|~R$dge-(RYE=}?@c4R|qvUIC;q^KwAj`P?fmMo*fM+nY(OUQ&h@A2ug;|Q(R3=-f77mTJr;))B4>755Q z@}+T*5o*2{hz+q>5vo@dvI8Xusq6h@V(s)0q4byJ=K}_=A)id06+pQ#(rd$Jo4w9} zNTQuRKjB2dJ7HR4``S7Enht;u<2rYo_Roy(&#rT9Iz1CV+CQd?*|@#WLJQZpB8`z& zwP|LPe$g%uRIiSpRuS~M`85+8kv+!5wan7g^I-mnz28a_*prFC2+5Re6@}#^-l7S`9OTXY>FcfCu2vze{b7QuJh~rj_U%>s+D}!r4Rx*D;ek`_ z?V==Co*h|%#IpcdjOr*#ZGdutncdqiTt?9L@a9ES62!=cweSZ>zQHvM&fdvFvlto@ zy+bPTwdM>FAX4F{pESjy44T*YQ`<(^*)Hx~$P>9k8Ux~2^79>(%6<^jDC zjd%Vvv)}1hDIEo(83lP==8~?K8k!Z$9Kqk)83pNRXowa5!X=kUDOuF^dsnI}tf8nC zBxc6LcIZ;Bg2RfNdsA5M(`@=v2SmO&+bMFq7O6yCEW<9ceKHC4mv9RAM4FqQ?!CPT z?X61Mn7l}by>fc%0MAyf>chnI(DdOq`7>|yt(mZq&KR2)6 zp9zYAK$wq2E8}S!>Y2w!KRv_l`nNyEHDi5|=stuYQpkpZNR=m}LK^VmRoOm%UY`^~ z8h8HS!2rTKE}I|?V}E3?xHTC8A*9FW>>#y_Qy9&tP>@xG#M`R8#Zb}stL(SW-@`2@ zmgJ3)Mm2Y& zf4K0dAhvAJT+!aBb{z7`4I|~G18Bs7`Mb38d9V0mbM@*GRF;U!rm^WpwhO16E~XV# z@suHB0~@TpsIa@#vsqEog~FW}tW!SjV{p77ag@2fOxhS8-~4U7Q(n)cFp5Wlr?TMR zUr0X8H}9u}qKoIUnJyGdb)fD{5@k?P(36mJ%^m6(!X@Z-wgGQVcNr*TaulMyPTf)_ zXSGUWVABXoWgVi50vr<&>5W)p!`W}r4^+Umc7HU;9so6$yXn6MHZm}~PFK0NOPQSx zyW6#g4EaTOrX*X#iEAc}Y-((9WvfXn0F!^oYO7p=lT~R_)D_5Sv-bwdTIl4Bf^}~F zWCVu0pbg1De#|SQCF~ws~!PBn}6h?ojx!y--27g{V{8vvQ;-U!lqkRPY(D}G3yYMXaIMoR`{ir03~2M0D=NN z50ko-=D*jQA8@g_xjCicmbr!1oVbQ%6)>;+5{!NjA+{5|goca^z?)9woT|bCum;ho zl6<|?_kk^bJH|F?-tIXlPbD+}*ka97(kt0L7pJ0UcPC=Z&aB0f6~z$0wR=-c?yO73 z=gpFd#Hsi8bwm*hlPJj7_Y#j?4WawigzU`s6;X3}aFfLipw6<1hmKpA#%#@c%vNtp z^untlP4%v6zyfPfkX2Tryw>*jWZH1*R-ZKyXJTUkUu>SzTspA!$CFyBIzYn;h?Gk^ z#Cq#oo(z*K$;uhTCVX!&?g~5Ch{BRot%$d=Pi-QouuomwM+o|jf|uizgy`kSyeVe) zsci+cG#qkg-sgn)HzF8wU}3EC`u1G+(3OiOOv%}v{wC77WPygs5$!WY+?dV@JZk+q zR8t$0^aQs}4MY9UhY4Xy%6JEzk%yU;drfL$McS0Le;Cs5kC6fCCt72z_4Qkp3EQP# zp{eUIdP?gvy%6;|%$4DoN&mtP)iJu18sOd)`+2KEByeL8c%k&C*(mbK~jN%)_C*a z?=7}Oo`2Oin{&dn*`>+D;+%OLhig645Mk-^zG}=OSbY-EqGI8<>8&7(u3@USEtnL} za?ms=BeaAgdQIvfGzp9(Cf#6>F<^=>vBp`cF28)Jddf^_y)Mozy=o(}Bb!PEA^s(5 zbUIt{Z~lcCi(&{V=7u9)!^K85HL2?#1_@2BUo6yAhab$FU#r%@BOywf66Rrzo&rR( zv05TQg%OUGy*~dECA>^2hf;z&PmW$eFb)Q5L0(Q2#MGmfG8t$g2#fpXp2Ol1^+LYNooOn67?yYp9$LINcJ z{764joT3eqC5B@Bh0%ZS*8&`3BftjT0~twzR1WF@0BHF-nmt=P3iZ9AvmkcOKQavz zJLZ8@4YD3zV5~Yz7;aD-t{&i$RUNOQ!m}1-#1B1V zBwm)(wQd`KOq{=f;XE8~S&ulBU#1TwojFwN9?l6=tR~-5!bUK)PwN*^rh?)OJhF)+ z><*tDft4g=R^K3G)qDRq35Wzd=x;#EA|hTEVeM?qjO+{WAHPeSxsprEEQIMM!+y64 znngFfDhWt}zQCK4I}k22pd%hE2tIr`IB~kV4VIDl0TBR zy^ZDUTC>_!aiK6qvQ+{y5a%yKr-Qc9OBWBWvwBOqPVmZ#PHZZz=HJKKBOCR#giR>J{qjf_X2)#tbds@{?ehkWS7Kek(|8$4@6r*@47e0p_}mtFZMH7ED_XS<^yoL&jgu zv|M55|F)z_UZc*<(Y_Y+1md=6%Jkrhd``?{D&|Jd=Z&Jz$TNNDUL~-SfNbdt6yaVe zU?Vs7923dhYvembGID;w#{*b<^(*g^yPwjo(AKoXY3cw%mzC63h3z>2Q!w z1lp{{1qTJI!D({}%?#W7arQaQgZ5D=AGoS?ppM3ymKgl64=U5;?cU3RjzFb#0%MnC z^d_Q(c2M#~{;n9dG|>9e4^J(u?4*VOQ7@l3WNqodpNtr@6Cd;a(|8OqPa57^G1D}k zml6Y(?cy7&50SMR)P9$Ln4kJ6)pu>1+Z&h94N9%?@`LWr2(j;L zg0mPB2=YUhe{UO8njkNJ@Qpk=_h+NyyQ~l8#(3I(Xy!&Yg*Bc$c++b;3od%i4~o1m zgBh~m(GZYrGRzdFBrkt*+y|IHMcqprsn&8P*B_L`1V(Tl7IRVtXEZjrLlXoDFHQ$R zXC?d#*_DN^Z8eSjbk93*lqW$KtV-rR zGMjG#8&QWPxb>X0ldAxN4(Cf7>SqG7z;bQz(=MIQ-pD^6OykgoD$Z?W2jTRjW(JPl zs|>YHO&6f@X8GJEqsr8MeAPcdTy%i%|ANVE{{fR3S^jO?|L^brzm8^0{U1zbMfztV z6CgCsGkHa#gdXH6D&J_9&X~FLgI7l$LotM%A6y{SX1Mg-kuNe5w+{qEXsLoi5*NKE z;N8Z*F|(?swd&67(vgYTW-@sj!&Fk6w45wXxo{i1OK*;<&&dV_{U}>qPbWXWQULFtjwhN{I<%LkMfd;9@f(Qd;x+G%=+>0dVX{AiCav3Xf*Y| ztrh9_uIMe3PVj{|V~vNrgCdT-T#NqsJG1789MS|-s3om0M2{o)NOEsm@WAx2;E2N& zr8ys~$t|=CJ)V0SKS?1A>Q@xUpWw45jEKGeETw*=*A|<~JI#wvSTwQram0UdV(YUO zXaZ}BWff?l=z}|+YS_9r>*sost1d*4M&ig z)zw7Xa;s#=)AeN_AEuXF8St=apPmiBiIKL*lA;H5V+>_+1oXi@EN_xVWNLMmZ*2I** zq+F{hG+08_sAjCM&+_~tKm{{AWvnl^4&CV1)wZJ=b=@FeQH0!Z&wpCSc=Px}x=I(& zv}obGHI(0BwR(!puP;@0-C~bL7QX(MQ+lFtE4A*T;p`N*L%kA`r-#FRX@Eh`noI@P z9g6}@!{a=jheCV4moOoHko~?xVn|3XP8jk!hOZ~X=+W$7n$6`Yv2hygrCTQzj8TT^ z^cSQhz(NOM1d3>%yEk0rv!Z7IkiQpLCuV`}tP>_xmtYu@2RT&pQvd_LSJ2UJnx6}2oQ?gG6vOkBLbES+L zgGb$Kd6OKXgFseHYDQbA`tFG-HeK3}|00Of(=)RBGrb|v;stXw|DG~Y72Zh2X7yMY z)#z-10mN*4)Iqn7%T=8>gHc9Zu64+qxWyw~9=(DY20LN~AG#n_XXwBhHg|CA8 zl(n@h9yUOVVF3FO2JC5R?uW#^+J&MlQR2oXA+)<&$5|gJhPV>OOVHQJhnkt?h?VYM zs=fTzHY-;&Nx#I)2oTjxAWSpjPX3+!U50LdjE=VsMaW4--fAFRKN|Fm>zvsFR91qW zg_&%T$EBlZI~#=RpPZB!QbJ zsdz3ue+g&<-b8HxF1iHmR9%L@YT*fGvec4`Ji4>m(lmazmjkjr{ehEk&;+&d3Cnx& zb_=v=kP&u~16=L|zKOQn^)VsFaK-A#Vfhl2es=8hU!7LHPfc)FJy3!##o_M(oFJ5g zA*He=@o>{ztAHz|w|r=)GCN8mh`rZm@e{2=Le1@waGKHcZ%|{y?W+HJYB>JmsbOMa z`d_<&x^c8)H(2kzeS_zIW3w|C37r@AabJ>e=wxVRPIky<_QhGRV;D%*keOz3Zu<6O zBRsWhjK<9C`6siJg$};u#J4xvw>>;e^O~^H``ml~HnHCYpRu}nB{7i4;>?dqi}E&Y zaUj@aLzQjsP&*}||E)+LwYd>4cWsetVy=#!SniNWHO-vy@s?KexO4i|y?s`+2tb-b zoyzsf`f_k&>wG&90fOH|mO1UWPYC96O8LkPjonlS{=^Jr=8ee`ZM3)!Qe|Y&Y^1N9SIf>K6KUPL&YI)6EpowIl~DDWYYn z#f^D*OSY0+^LQ;ogs_d?)x{)N%In%EADE^*0Z_=VY^x(n=K8Qjm-{;5E!7C`FDW@2 zD~tULWSE5BA%MuJo-lhq1G8UkBE(Uf4ER9j6ilL?A)z#`&!OL-*y5TwRD+ z*xnnes=cNF0aEz1UjVvvq)rKmkkHSUx?6-+GN!ZQb2X9w<~)a;IvN8oBVbGL$6W@6aU6ntOtybsnq=0R75pOBOlaQVQ6-MYcn;bWZQ(r!bbMaj9 zY|&4*F`eK@FiUGF$XapY);Ep4uEY(rxof$bEf+2lBQ2swdchH$cwS|Z1jb>;uasq`QJr5 zOkAsRa?%&W#A~2w<>0jSZL##T-P|%k=2T^nax`K?#$6Q&@ zZ74Y#ulS+g|^WY5=hh2}5`r6I2Q~S;*6; z`KA9X(Vx~?IGE*S^Of?Y<}xm4kxRZ~ldDb`W9Sb4N6r?pDZm!XP<&2xA4Z~&fnl5O=+xl(Q6=h>7NYZ`#F=c zAhP8(BEYKJT9UX>UsuI(%%Q1v2IhO~P*?O^7SUYYwL^DB5Iqh=kksQ?rcpWJaSK3n zEuWz)u9Gfr}tn`zl^39Gs{SOI_j`?+dEy+c_C^&^dar zP$Vw#Khs|!I@bSLTvNpXGPG$a7wzPk7ZI!AMGmdWR>ehRB(1=w_Io6Bi!`*rub-(P zlx6gLp%jI_N#s4Ll#aioeL>`eo6tQrekb&vfQ5bp&8cd4*G<(v#_5V-(rUNk>)^eH z_5ezy-Xtfu8wdM|*gXa`cCG)yXpv$9N#FI0-1Pus#QTMT4tV*fbmil5#ik`n2kIhh zXtNN+m@XyvCyxb1l`65HDuVhTHr974{448S_@3eN2#@hepiO|1mbiI@A|R;b_yVf> z>8x@VJsrt^52t6q6fBGsziZPYH{__hcqxSR=Y1y0!5`uBE&qYRP=Uz1s?@oqyybCQ zD3QQsfr=mM$Rf%tZRwTsb69_YZLnVeHF7WwJm<90E%kaqVne`d-n`|@WoP!&8Y`!H z{;FLB5njSa%J>jlH6A zH1CF*K1}%EOAQ4gkbN(p6MtS{l88^YJbO|?JhI0&U$*de&yVAnkhgr0o`j(V^8WXx z!7DZIhUKg9k+&yxGPkh-HT8DzQnx0`Tco@uyt@L%9@d^`A4^3>6+YFf{feuc1rF$yENUziNnRi99bEUM>|g zW2TT#liC6+AjMIJQ=NC@OozBY4Oqa4tZ*=xq*MYKN?0qzgUDtpqc$m*SGey&SrTTe zwF347dLlXjv{UC__^p41|L)pS(n9OaD;6uDVzkFY~SDRJ^uRY?EV`#oa z(uaZtwA48Hf74#Ofo3(yC#B?<$tT8i4#})wCi!<0fsFpe1hT~Y4ll{RMC9yjsk(6M z(?Th$zBK%61NLk_dyyLQd_5k#B{5^FwzMUK7WCx1{S`swJ^B6Q!5U5kv)%pPtzy}x zko~z!SW)u^>Wr?oL>iW(qI-qo_1( zTHU{Z_62-{`9%VgW|47L-OlF@Wn+d!ZW|BUx~xX-y6!uo;E6;8=JHrb02JrAaw!^< z+e^4v;PAuKr|tPe%zsaGT~S1B56r@ zhd_S$F=^LYrqW8wCPVO3CPwIZ8R{qS&^a}2D<5EKwH_c$hmwREPmMdt=VNXX?!8&! zOcE%Gz!I5qM!dH6B`(igr~POM@MR^6hcA-eTU zm5{XZFZ;NgS4sCY`EdL6uNscup`7@9WFdi%r{z#YN0*GeB?VU6C?aoE63OdeWZPM> zfe6|#Yvf6w58GjL_dZ65xqCM2NF9aE`9N!L_t3`Z;!OH8we*i{S2Il{;k2A3SuQmVO zIO8cBBX>Ny{hEE4z#@gXu#S!7>hV{YzjMaNpB*!VW|3sc_(1bS-#?U`l?{KJiaaj_ zUv^vW;Ow32qt|S2{ZIPxQmaA@YyYqCgr%)7s%Vw+36SRa%1*DR#+R=@5!{Nl(%LMR zyb{be7tLYapK3|M3(JzYCk0whnz4BJs*nT^rGM(-r1+(Ym5e*O} zQRc^8xLiffEocIrv>GPo{_~pc#{i)O{p$|p8$q60-Rcdpck7H1K#ULWE%1WUldAdx zthu>n=5hv~?Z&iAwsXUwN&oKbGH zj!S-x1yW4KiIoTFCX-j<$fd)72el2a0kL5V`)!U8zc}`gdjNWM3dQgs^{F;XKAK^= zCqNqRlhOE7MyPee^gylb&{~I{GZWX)!2*D>2fr5$XKf}KJ_k; zCxM0|pn_ijVRzj{c4eaFLfgtjN|4YgoXQ_Y{-luhx9 zeR)ZN6Zr?VbYyuelfmg5Nc#IQUT7Z0iH!cBLvo2)b+PRTt&VZE09@vBAbvDK%N78R z2oTQW@LUJ7<*i}BB*@)L-Nr;8(vId3V;=v0^$h*ABJ7iR=9gSEorP7uuC}B{Xt=l~ zS;dN@z1@{l`?s>&2CEh6kI__1_BOB(a|V?3lnzHuz#qP)S)D zr|-8vhc@+Y06-gPu%$e6o#L&If~b|cGn|;05EeLz_{hFt^pCUQ`gr^o;@T_EbtL|N zPwDmiX+z_hVB(hH@bi*a2(7je*&ORK;yinXx6f z=ZI1O@Ky(E%gHjWXw2SWl;OYohvOV$?8w_SKTZoin9<(A)yxC1V@%Ehj3wY#*XX5; zT+6ZwBmx20>K~w6+Rj`Sy^N=iSUk|gpw`6%d*s|DToM8aeyP?kfbZVkpJ*J-K|ic> z+^umKEwK&!s0>8g=cTu}&abZ8A+-?5@#_PY@6U|jFhjfYxUb@ZPNlMMh5pn5Umd`+ zilt95b1y1~@Cxxe(Tx%d?L-TF_i+lGmPmrJ&0S^i!=hb3w}`9qmzi*N3-nNNAY+zP zjMnoH$W37Or;OM}~FpHICKZ ztY{c)xwSRO$b|9&8tYvjf#6-NWeE@7&I^r!PSp6^$7l?MEi$L&Ns)sIlI9GAUM7Bu zQp7YcEz9ET_q3&j9E^W;f%y#A25=~`!(^yyNotIfYm7Hgi5SWKwi+sPpd1Gjtty#_ z6zYdf#z>O2{~L_lS>i!Mh+X2R^Myn1GRHF`5FKLxwPfpD`!kPP+hw-=VnevAj$ECj z7lG?8Gs4z^F-hiz zuGm2s$+o7Xj#*rW`> zhY_=p)a+VMPm&oT~$#F`*NUC=Nv_mB(>+g zAF(S+kC_0n47B|mLzt;a+I|$s3dCjBvys{9ey-KWl5PvA1ok+4E`<;phlx1&g7YXU z=T}}ih&=uIzZ7ZTE%qDmEH0rSZu<}{twgHh<2$$S*>vUn{p^4aD4caoo+vqxdpnYN ze?oHMp={HgB>~W8ISdl`3u`Tw{Li@LTQx+OPILU^WN5DyB}bH*kBoNYH8s|(u4-F2_>DbP;1$W2-DbWI*dsMBE`=ieBztwO81LyuZiv<3=NX!bauc#Zs3EwM9AM2jsfJ ztW#>TC)=AmSuJopU6q+1Ao%oB9#f04!0yr(V%=8q)a;P8p=y{}0B#C4Sug^Xiu~d? zjITSRs7%PLIeqhmHN1d@E5(|Fv}2BGNfD=kc*<-$tIL}&GPo^fCK-oE;w3qGdy@+S zX+EYBVOt+j<^1a2{a)|5dOZQtQrrbKyif?C_6SxDeQz%OC~cCv^vM~E_r~^LeIIOa z034i5LyM&z-iIKS>{-%LKS!;YU1sabjZmDRAEAmA$dll3yGI~y&m`ximGp#Pe>3XN zHx=fe^Uq;MuX<``5ItA+G_2Q_N)ek33n0|`ucmRjp@^Pd2{Eu$TWd~%RKbt+@-pKc zy$$$6C>l(01@1sPvAN}sy2_N*i5631v(K@ka`gqFALCivL-6CN>)sa9ix50 zNlSu&_lFzbdnl7=a=#ucdK;gvA_k^N>$X?HC7!s+qm|4gfQ(#SpAus;mM9VWN5=kg zb;@9X$X~+JJzGcPns@bFyjpTf_3Q4C`kkR)s}tM;+_Csh9>1AUu)AR7MS#U;(aramNSJ* zZW(+NC4q#(gL;*`_LFt(2qEIs+Gg;4NK;jM7ccyq!`VYEYUb{|XGi)F_yRqhA-d3b zBX675r-+iUKN6mT5OzsVT72*J#R3lD%3Y#7iCz$L&AMA{XKlo<+$bMSJSk@Immj3! z+x7qA6pa7HDOed<|F`?jBizZD4Uu~u-TVy&zL4wRgr1I8zwP#=yPjzr>;izv9cTs; z%HooKZ`bZr)Yvqv6&zwC)~V?sf;y}AR$OQ=;kCTB=|vLO_Vl)UJO?I4a?PN|)7V^N zB$(Q#97ie{*H0YnmuPu~`RKslD_>PuWZJmX{-yEgIs8NA`qXp%?&4luSWuhE9sT82 zHF?fy(OcP~Jg>aCSHD}Y^=<#KuvD2@$y>|5+lS#555q1qOeu+Zv9%P+yIKJDDhrD- z$))+vO57Rzk6&!jZR>tLM5uqJ`yy6%d+z3B4NH|c1vgwrEVXoSqge*}X+p1E7xNr0`!jrzni7r zp$`jBQEu27_*d%?Ey;ojmJ@pfGG9411hpe6?A@@uL-PY zbaAIf``h!Gxx=qFYP7NLi=Z?sKT#= z3snf+3Qg4P+LLRh41ZwcK-v{axwYvuP#VsB+D6;-w6?Iv(UZ7++G-bv=y_ZVIV2j& zey)lu*&nX@y35?SG`r~M>6I{`Q1Qq^uPGx0bgQT<= zj=h?;bT4(3%bm-SO?qXghEHHZlW63`L)$rZHI2E>c);|)HnXGl4+H%YivvCR@R4|v zjZ5c#M0!>@^+R6H6 z$gifnVg=EZNo)NT{Pp7u_KZ_CCT?SjEKa8S0aBh!X`1W{&UbR<;1Rz&H?;d%nCA|j z-Fg#a(cTdl14Gp&GCdUx7*66Ym;sfsd;0$Q3u}0gd#D=N4g>hpe&Ff7mi0pS&Y}CD z;dGS78vdg3a7(!?S#+%5Teehv*y0H#Vu>y5z}q2o3>p~T^$puh{Kt4Oh8hq%8AxZl zsdK`XQ73UMBly3TS4SrZ%+ax;T(4}4qDz;mwtMr#>i%buTk%xdTPZ& zHpuN3_z9k>|2?Pg8h$Ue1K7Lz+g0qi=>(E$r&0NJe!yF zI)MJPY2#%uK?4D68jzHsFrper%;EmdR;)2&-TS{NJBRR0fVFAI_QZZ;+qNgRZQHhO z+qUgwVoq$^`eyep&RLv))tlaSUse5d)g4)en9XQfv#Ay3V6;5057$?OLo7Yk2g_nW zGIhrJQfh@5#Q)5ygq@qpFUsO7x~g^+L=wz=JGUSiUQi^JXs&lDBaKKC$O}S(f^0Rq zwcs(plOmpD(RR42fR89Td5{1~izLz9KD)@{83Tc1fZyQYYcn8j)Pba^F0ps5e{81~ z@>Fk%RDFI{0tCRLPL;cQ7@{jPBn@*v7`}H6^8MGln|0Kn?0L>C4yG9$SviER{diRX z+~yq6kr8c@`hNb?xbZB2T7VjiGj3>|aKsNCWo)iua6UTR_OfJg?RijO-xRY|MY>cj zj7-Xcq|h}~em}R4SP7JK09@V3eOhbdI0} zpd-I8LGH@@dCX+G*dI*9zpZEdv!a>1k-#a52%bG=Ih%3wERG0;^`s*S8z3Z+Q|4=7;Rti|Tq_u5@YlcD?oGFq zzxurty%^bO4TyA|0?_)2ahTWh8BK;L@oKPedgg+?q2=1xB2HL^wj`hy!=?AUov%hC^wqa^HI$L;3DI0^>LCvs7bQAIXRgQ))O9yP;99`^a%CoX zCD$I~UG+m%kj%HN;VGNPE1wIX$^sBlZvu=`M-v6MTk{w*xnfi@^RQXEo=RM7eBV7%O$9|)Od5&b&!W_i$EW}`@;VSM6Z%YNm$&CbS z`!ITmCHJ4Io(ztu{@BoqH*LwKO{l>4q1JQiEblTV*cN?whyJckoFb9Xs75SyLzjyFrGiR3I zlO+TUApna_A)x41d$1sGCBNh46Tt025$TX`%iOPR9umrZ=Y7nOa$Z3`L2GNY}CXc@<)c7d8hVhnGu_sC#jDvmc*PYVz#WeuzV$} zGE)mJYIHm(;EUwjLMU~Tq7odaKpxy#PL3AV8|NgP>h*NVR+B=6SnPiPHZJu{AMqfQ zt$xJd8ciL#3@9~_m{aJgT9K75VFlWrmb;QtnzF!of`|)~-0<15GdJEq#SS=dSw_t2vH8Y7EVZpar@MFS&}EX^R+?T~kj_F&b zHX7hl|1I3H!Fq&zc}?It;cjPvl4U;vp;&O?qV%t&FB8oFL6jewXJ4B)wMMZL5`31< zDwWAo<7o&3(d%T2p}HdrjF?<8O?Z;!*OJ_&u{nNHdfde3>g23ZFzeDy>})2Yl8v#+ z@{XTRX5&;hG|s=8re5{WsfNh%(m3(f@>~B6y+{I*@}?2~1j@u2nLP9#dj^Vc;2#jV zgpN#p7ARWFtaAce9OWPT>8kIH+M4e@>$-PwkfdQ6$stIM6XRlEPj@ONhR_|9oP9T7 zgD1H_{Fr5agI<_hZ_vlEa{|{>Vj>$D=T~mEFXjW`CpihFuV4LPk`P5@%lz5L6o+gC z)PxY~iblR^dz)d=KY6M@k3Y^&i2U#m-b6n)YCw0~G(<$ag9r3m!(r;9%yHfer>p%i zrjZUw9lnB@O%=?^!mI$AQNdE$`+;0;SdUWFG<$pDA!AgotSdRBhT-)z(EZuL-}A+U z&_d5F&Nk-uN-2I*IQ#6$&x6u>uXBfr8i;?tEHvmR2F>z@AuyOG$Z0^^CEc@msP~A`P9O0+$wb}w2f`MhZ@lRUB{wLcRWCN(E-xn9p84A|6SQtX5oPl@P?$> z^Y#Qz^!OPAIQYOZj(Z#bK3<+$y#Wc8N!(KoiXm8dH%nLZqgws5FURHka{iX(H*GFo zYsl9-2iF)TLwGe^Y62?9{l^9xt3yJzml+!+C=dQ6^oNkaw|@=&$8e7y+`l&baNy^c z{d*r=eF#eY{JJ$rCS%VT0;wbCc|;`~P+ zVt9dis)L4sw=UP$cX8LWioMGEX=Vn)jXlqg_NY>dnt1yB+CU{-rC?H7#nGir=PSLt z9gWLE_GPAmz;?BeBB^idm}?z>qZV&;@k*2YY3&*B$;ZjIZHC$Nr(m7^X-=M4PBeFN zGw-Ii>+SsdI4uje^^Yp2P1ynwwQAPTOdP*i742M~mPtkR_?)L}Fpo5|#vJmtEqmQdzxCq!*Omx}JNk5>FszbbT+V}1Y17Z;MgvytQ>n%f zz%k*G+(U60zZq^We|ZPoiU{1?MgF}$HT>%?Mf~~c}Bo!R7aTl^J6OQ zuDaB!i(RC$ZBvOEjzyfzrR^)54Siz1x8MHSt6fE7pUc6)t5?~W6sBJORxQQUB@k2( z$xi_KlqueyCQ8|APvrL5xlYh|)wora@PtaO$|bi9jbcFd@5)TU&B7)troz2S&j9GP z08xfaCchC*~4Lswf zv#ti)E=(2#{DNncU#3HS)=77VZ0EP3 zoqAMW5c@K%-Ia&W&UIVXd$SHtm6mk*U@fU~Ms}EK)&fyGd!oG^F3LE@1nr+_w=w*C zRCmA&5I6u*+A6;+m6UT!g)Y)!9z&0h943Pbd18En_YXnF(MRj%C@KShNt5ImQQEN} zXOf8r3%T3vK(K0%3hj*Wh_{E6uiS*4wg>n1^i;clB4^WdbFTU!H?2t#s`P;pB=X;* z0sCPbwkpfsS_Yf{eoKOwBLhj8-~KDa$P>P}$%^Zp$NdB_wnyfLGrCz}I6|TQEM;|CxP4yL{|{QPhz0*1$rY&=!vtK z`7V}6f`eI$F!8@+&-1>lEV?K9lMCk4Q<=DrJ|$~P?9~f&gPza|dPq{W8;Q;7rzT`a z%xSIPJ^^+zH0xyGpvI7pzz+E4YbrT7gi$ra*^HQNmj>^8r<44s8h?qgs_jf z`D{T2=heQ{N~~!pd5r8s<0B=b5Xyrw1-1Dh*R%g~fVKDEUGH2)TfLxtFTbmF= zqG1CUFYd$boP5BSm`OsG?n|`AOvwy@QSEkc*V+D9;HudESm$|k$Q@ok$z-gxfnK1? zHL@T)tWl5a2h#)eAC@LH56j@llqb}tGz*oy7F#w+#@mP@I9_auw@z&ct zpg5LLCc3%tGnszS7-#>nKTT(I<S%7aqDMJR=FzE_K8&GP7_s$U%DCb+y&`BboAd zOLdn{WV=<^r|)D0qZ=s**|nf75SZ79E;FIiW>6Dp6m??GlHsz5bX|$CfD?BN(OSV( zd^V|_8fB;LAa=hTnwJKHjMf;{DJZ{ng)pRV;h^ac`XB?CfyQh1aBYNT0}t0W4Ty-X z&c2YLKTsJc^r-B!d5@dc$rK2(zV|iKg9apueId_kRH}%8JaQ+76el5+9Wat|G?l+6 zFc_)6H%MUl85Go@ec;fdGo%?gOpzfPh~Ozgeox_2%_EB|!juaX7_Btpqp++yeA)yC z+&OVTel+bN`#;n8urNM0pkD!%+W&w8m&%A)jozQ1NCgqZ5VqS2a|_FYi&@QsS&WQ; zk<5rmlanZgW-4l>Mb&ghjdGAoS@H=w38F0J;i)2Ut}K_n$(eoxevqJy%p}6~RF&=! z1((q259dNj%T#QeN+U~T9B$mX2udjuiXxxaBL=!fB#bL*fI$%qmvEQ>NW@6k!;Y4m zvV_Q@2U`0JqLN8Tp7DdhLNnE@=tRJ|GIZn<>ChB}_cvQGU6&FdO6w3QNcf z7>jBqgfQJS!5}4MBsTId{A#4MfkwYoJfLVj#bqTVc+_3SN_1Sl{E&7t%?2!77$!Du zkkrE42{n$xUj2`>!fs$%`J{0e`ePuu!>y(7)08FQRgTeb2mHl_ex4H`qN+dgsd0`(RioKi~9@qVaD2XM3rQU*>hiB(T^M|+p6BwDNZn8Oj_dAK$JtLE+&z~aHPBAo6{WUs2 z61ob>UXyx9E23~iksYr#bUHL|M!iTh;k-M2C&y4eNP&drN@YWE2nN1*n}8uSgDIl| zqDzvMhwVA;9Qg++Lm~#n>Bk+n9kqhtTlUyVZS%I)+iKt(bn*c2+ag>Nzr*IZjEgR3 z5F0b+(e?z)yuO~Tiw|D-qqNCv$)RyUL)~E7R7z-4MiQ=v?h#pl!T!+f5gpT>0|=D2 z=grz2I14eI;HD=G+u6bMYbA1l?!8mk-*co|8c7~q$6nXqUpv`0LM?D*%wDFe2ErW~ zh6Hn#d0}mlmc=6e1@F8-_gAS2hd;`ol@AYmtdQ(5RY9{%AXRfuF{rqkt-E)`GF`{) zIoN`+MM3vP-|HshDH`@k@4GDL%tPkcFFEb{Mk?p8M z(VXfQiKZwiab_r+l`IGK8-yoQ-pg}uoeWYN=LSk3|2wJzRlL>U`I89ugJh{lpy zN;4t5aG?A;*CwpG6aPmn9a(+^q|XDO^w~~p4~q}lze0Pd9Znq!0JSVZM6)3b4FuO9t#AKo4(xGO`@?GgDWm=OuIPCttF9FPD!_yI!=3^RKf8l}&gh&0O7^u-t8)!xK?-;Kxf-tC=C&PwZC0813UW zlv-CNnCGU?ibbXejS(%K2Z0rI-;dV^#rNq*maGMGBS&ZWm#?tw6M)DG!su@<=MLw~ zbxl`2Q%x@Q$5* zuU8Fv<_L-a<4;UY;HzguX&wLT{y8A?1}x?Qn|ljBuOFiI9kQ*H7cNEnHI{A8EB;ph z=$C&&%ay4b6(Hsh)tJLlGX}|cj9tCOg+a6n)okx`NC-6ict;EPR?3&d{+*0|w_`5B z46*DbHPKf9dVZ%Khpo~<;q)XB6^XKv!WVR2&Bx#Su8TTw>~82j+TyHUuXY$?k;;D< zzmg4hzXHAX7DVl^8Q}3O$BJi?o^p}^$UQzFLWA5cYcn~Y7oHxxP-c|@6ZP6;!5DQZ@6Z@+fm1i+ej%&9J|4q& zbMxT}EG*Eu-&xW=g8>30?HqJ8*azbpn|a&Nm7Xwhf9z$_Q^5W5nkTHI+4GHi2`>Lc zfQwu=^|`^e?9%skV&V5wTTvCDd=vdPnA<%fNKoPKl&*;?dBGKXnE`#tiHnwdUvFvS z!+*IVdo6TISRAy#7YBw&r#;k0x7fb0u`v4kTjiPXTCrgB>$?z@4z${5PV)~4ek_F9 z!V^xWfF7ySiu45kpncw41kj4~8Hi@n`vkMvk=q50wYW}T45nY=exF18{qI!V(}Sw~ zPKIxPlfHj1F%*e?TC}}J=%0xBb>!z`%nK&8q7rdC?+3*r6XtCUa401~gf2{~= z7&xzXyi|zoYEu<&PL8F{b(!4~7H)X>dKnVyuSdAjQG8A&4SmA)k|$6#-hA=0eVvZ$ zfpz=DQ~6{@@mW6TtUHvpeI6_|Fr!pI=jXP`KQSw(e+~qyl+($7h6eV3Bm~eWoxay| zrWwA%yJd23&JSo!EuXIoWx&31Aq5Vd(62qd>3`|9eP~1gt$h)2SG2YLH>1nU^q)qT ziHYNXrZ)Fr>HMSp+->y*+Lf5fG63H)GyB-1oSZvlc110hkrWk3tQiU?a0NzYxnB3V zVZbT|SDWv1J-Lq(Vf>?>`}qgBoq%uuF{8&YJFzQ%WJ(<&dPZ-{J*1RQnwB0+4#{{# zFL@d0%Z(UU+mdpr$(<2Re8*tMe>*C*q}p<8@;E&4S!Qc~eyF8dmV5lvU8Y)%)aCe< zJ+WRkLT{E9)xReL3Xe0*>={K zAC~54KslBob3A~>qaP$A9%?HZvKPd(s!;D3{+0^#=c07$%w&h|qiegKbq=%y?3ZD- z84Vm54VETB5QY1CD20rSv;EgQ8t-2qoiquKCh)vId|t@vYu+tR?G=78vG`$l$&ewlQ_r=ea;d z7Yo$q7=F-IE9D-PB|ivX(g3*^^oD{RTR407fM4r^xSWEV7=S6l$rB!fjOGbZyN5p% zy_&X^5(-Nu%gO)T*`2YrBYKFeHn!4ZP|)_eKb+|0jk8aDkU!sAtX1F3G z34RZoG@yN5y~QauWyiIs`mGES)my+rE!;rS1p$hSn*MvpKpqxxQxo9OT<5|#lMV2q z!#G07^K5VJVS~^Cp32@H)9md1N-Z@tuusbnKCcS0klT;$b(=PAHmg;R6`6%Uoht9i zMI~5K2lnS?cGOZGr&>S+dd=!^WBLS$tJ>!3Uo8#!OhyeH=of^(0s;F1jyc z;l?y;PU7A%$oV!<#mH{Lgs6dkF~IFVLDj~^V_5&pG(gmtvsYCz;+Kj~z<&p2`bQaE z7dKI91#(!D!RW9vpn<>sTs^ zA{V14w~pO|arGkmPt&XDqH7i|SWG;4NryyV#KW8l>ANLK7&F7%0cvGA;kPKwXD49ImQl~~H)4xpt_?;X@Au@SFe>}GV9=s&?6g8in&(X^!`W5X*Nkadf@e*SE z8k!#(@F1|rD)n2&K^=_FFhYAcJDm#*yEGf!C$}`(2}#A#d^zGU%n@8R5TTGi#}Lf1 zPC}iF<#}|7!?~*2&z>nCSRVMDnxc(3GM5Yyj6*l#)T;<-@HExbtE<5*#Urmy=6&?{ zX7?0(rCQEt0wCWOZeA4~&$BjBzDg_b@mDRoO-I%8_^mDLt#|Q4a!unEyb7;7#Rh~l zP0yi`3l>*^If_;(7rYN@a4M}LyVTWc?y(46bgKUN zK@e`Td3J<|L{-bv`5HzsMQhte-Sa+Os)rF3(Arz_f{ZGL(YMB0d2YU-KFZR9@zsP5 zfZ)Ugu;_FT4D~V(v~_B_JhP2mk7wOu79PQpAIQ9?b-1W=k@OXXotsMwsbGZ~i}NH5 zCrQN~w2|$GZy(}_5-N2$*p?BTE4-++Fv6=gn|lHSX=tB>^NyT#+oq}>$n)FgY@f_e zbGa~PNS?xokyATqO)Hp4qdbgTGZ3_PxFrSAn$4xG>1cOdT%=YgV%PZizf8FZXR(j?SOxLEE}c;oWa5(j5QJs)6$JARw-|uFJFk0 z5$Kn4qFl_xf^Fl56o?MQhcBmVG!Z1wU;qgm@tW{c zeSN%S?LF5)vcTQ)djUeYty5D*tqx3bE_^H8L<^d~0pibFvh(p5xK=J7W$TX9g<<$d zp3;+wbY$E2HGk*^cDWyqOymGCqz4x7s3`p+a0je%psAr{{NE%1=|uBSpvQO!dt~uX zMiyLxv@kyWVw(N+fu}e2dw3F$EQM!`{M$xsrnn?|@|SeiU1ukLTgZU36de znM`lr!dbFx@I4OpjSKDE*E+q(w{iP``t(Rlx(zFR69>vgV4knwrB(Sj=fixHpdB6=^@c!69Xy!M(INj; zIdT4{a$;urr>FkM5{??|O~=jF`z^f!anDjQNo|SS?h=Ou$t2f};T%q8n=#>p<`E-F zWsiz1@2~X{5E2Q6#*5pZ2%C{h67OJPc%Of?A>t*+vo>)wk>YHvT~s;9CM!z^@8jUhL{EsZng- zwkkP{KJDP=(*n6bMP`)3_z)rhO61d3t0ud~!}{e78OUA%yR;|`oDwFZlPw!sJdOpv z^ExkEVg3e&O0G*uke!s}WmAsLvRg1GoXth`_=?shbt9b?POQG28pc37KGY-^9GCA&)>ZFvvf-Rn+o%$HIWg~>3UG!=O~*bt%rT7?4pC8c8E_5*oA>mdHxcy=~j3)-Ib5 z9{SDa?9dXxf%on>w>&yR>QX8mYp16|uMGL*%volyb|I%RCBb2o%way)*WO%zguI@^ z+skTQ#XJGbf+4=--()uS?tsx703yFJ?M6FqTFGVYjw1gBu*XgTt^XFNuZZ*)K8!|T zBaxy_1vlZ1aD7fUm$4QPw`H8E0*ex{`g~z#Q3Z$jBtQKC%ljm)L)-ti&;C8>;yps?L2Yum@<(%an%aY2Sy3?f-fpc%#D7Co&3+ph)Y6ufI$OnSCDQlrF zAx`G_9(X+G?sIv?9u-|P8FAO-!%%ylmTHgz+M3vEQ#^S2w?Pc;q5ZitRb=(W!bmLw_NV*m<(YvaE&$~_N93&V0f>-yJ?Sp5Z zon64fW~+7fOy2w_1**)21yoS3L;H=tirQ7dG&QQ5Y!F%RKq$rzX1jul`Q^vf#w)fc zGQ#)%#3ZiCdA-%U&ZcA+oI9wW7-NB-JvE#e<3@&gDw!cw;fmA>G8~OJ;0HhQvsEBr z7&!x;%Mg2l!JpRt5tmS#iH{67u(KM%0V!pZ#g+Z;BcSTHA&`ellcXlYJR|61H= zL7a`cUj%^KUhs)FsP}yrTU?7v_1dXngeLy($Dwy*(ck0uJftTLB9*ExG0~-uA#i43 zNx@jAR8p>L>xL$mvSA!ZniC&$kW%ff7NK}DQyE$9ax}400s?tFe{0eN`S!JV49du8 z55w7B20 z^Y7GMvcMT7CF)D~?mcZ*Z0)wlqywcgVj+JH7fvcb^p&&exB|*lE z_q+w{D>bIgdP%J?q_OntgJ`xtUyf(S@^pRFce{fx{b)?}#Z0NO*g~&#qTiqt*jhr% z2gbM+-Z;<*!*|Jxt3B|o8}X&h^vAV+3xYIin(MZpR!9UA@yR~r`#jnI9}96Ax%R_i#%AxB%5HZERs5SuNtcmQIb=)%b8P?LdEw`=vL z*YDx%_?g+eBn8Jn5&9x1x6=KJrABWpR+5K{l(YmDY zz44NNY1q&F=mXKFss)Jj2N>vrABg205iw2#66lYgxyzuRL;~2&b8uf(m;}b{L*>Lr z4%!nRduzo+txXC9-yyST5YeVAr?!*UQQzVv zC(h=>JUG$%CR#H~Q2Pgq|D4&{uXza8!Ptb{Y_P1vKy9A7W(WH3jc!B=gb+zH^2^VS zfq||bFOEAa18FHkH8<9mIn@E-Dv~t{ovUd)GhX+sYb&qhq;mlh!xY#&I!&5xm*m5s zF5BEn6bC3r6h7K6gHkuHO9_&ct@^!`Ex2q)2|-D6AQ@U$+<0{_=9HGv*t#FJW4xA} z)#v$|PNef?b=24cjq=E;=IdF;f*^AEaiP8F5m+pqRQf-B@s#iu)0fb$iGu`;C{-Y# z3GsIy(YRIMlJzy88^H$T`d*W>Nga)d(#Bg!C1FPu9nkspf+>nx$>qPzQM*8J#egNg zl##vzT6pVoan=t#9Ii@*MtbK`GlFbzFqijaT3+OhoM&agq7jiCM5(g#M!)?WCMFvXs8XzQ@Mg^K zO)he$iS!AC30PF<-LcaeEr}2$LrwA&s#LKDH|lI!(Q_92J5qXFer|V)mGhPQnj0#6 zi%8+efHL!}K7=@FgL?nJJh`TS7wV>^wZ{1ohQL{hUNg`xk}XQ|DAp|qc|3jBRh>%r z0~|Zi>rbI9S+YN|jI|>;7)uH(3L-K|~^VW@YGw@iwRA$&;q!yFR23Fp&Jzx_rgun_4U~q{X@_Ib{hK zi)UZ=Q1%5FBA(VND_(ZTx>jr?`nvA%Ig=6s27wux;tjj+h@fL_bOT-phHnRkKHwsy zy*z+80$($A>$k546y_2RZ(AVsWyv;H!M$1NVZ4jUalJYGm`MZcvsq-!w60_#u*v#m zm2D|tKMWBLMvJQQE3#H{EwIa^rhYO1Op7DuBhbrd_2~#H@*pdX05G$%E8~aMBHjlmKUmn!$)v!SXL0(V*obP(j>4)dB5B?omPNne1&KhPatrZ96i%Yo{rf ze5lxzWP`?U6{Rf|12J8;W!S}o5k&4!FlB;2gjMbV-p?){9zRQ7<Kpmds!b<~3O->p z-?`|xJr_|@{@(4sucW-{`Fk zzA5Vx?Roh>q_;=n;z-RDjP+o^#>}|z&vu{4xV863tdo*NAaU&+Ga%~j4k!ROA8&2r zc2zd(vvD7Ol)(j||IN9vu>YrXW8!4^pW{R`nl^TS+mXMo^$P5kLCi8yo-A3wQ8p!g z?nc~N7m04c16)aOU{-2d6IXgaKW6PEB$p;5mC9BJ{nfm2W_fUDvxaL*Mrzz3?Q9WZ zw_yxMXb}GPcXl)d|7xI!u9=HU$AG;cYq7n0VP0)(vdmR6;pKK78u#UO^5)h#$?CSP zTraRA|E+6lez`>_*OYhqMn&CNJX^lUuxeoV{C0d2)bvl=<8kzZw&7Ac8*s;k@HC@e z1a1ELD^>7g7R8J#zEYIk(%MZJxHH(v_j=_|{q3QLuyZpJz=Aj14ka19RZ4-uoVNMm zk))Cc*@KC++mk}*jugT`w3@RsgOEemcu_qNwq`4(?fuAhT8EtNp-{ZavP@Sb31N`d zwC3_i0yG}s-KBBFdS(AU%3IyGPV|!lYgfP~oyyWK;p$RKRtN-Ro2_K4q67~bblhh41Y}Swz5g5 zR(|-`Q4N{?kU^~eaOp(@<~8p4fMG%HJ3Lh+&g=8m^nvR?UOmwZh2WrVMZ#;ntZCq; zUc=tHQ%m`>-UNtqu}2DRCWy(G6mKFWNilop?-Q%t&hhgXEvJ?DBzfrICl0#vJq!hCVswdFtgul_5~5BE%k2? z3-*F%NfJ-+bkKuxRsW!*(zXR!c|xO3a4D1E$>gw1b8cZnl8%y9iE$S!YxNSs@@XD{Df;z}GIl$2?QqM39g<1ns zjXzQ6nU#%2F2Mh+ zVbcqAlzo#%Sy&wDszyPq27_gC_OCP~@EGs(Ah$Ob78mzzl0JH#E2u>yt!YEFzK_Iycs|LX>ZmVhxSk zjO%K-XvuazxD1Qas(BON49`w)Z@YIHQ6Z2sC&SmKMI0$Vb|Vn-ReTFd_-$e4ZH-EQ4yxuRKM@4wE8$2{klOE`7D6hvN(N;9zkT zmJEdJmNPp%nr$MrEu!`LI2!pPt1BR5w;W0k0{LyY0?%v&)vpNsr$RrsPOG^-+)z8s z35d6-6Hba>vp3LaJGpwKJaT{jiY+ib;CHW+X;giV=0o)YTs5gFI{cU5pb6rT z(DmPV{jzV9I_NO1@ev1?#+eb26P0s(_K^S(h?D)me0~F3#i86z5Es)^L~3b|T{IS< zw!|tR`8RCZI|cGbm^?{#9~AjsiV15OzlL%#aO z%eeMZe%R&c4K}k$mZhK=#Si6nfWvaG?#>ISnBs9kFhOT6Cl35QKEvKs*;im0^358l z{D~PEFVr+)xEq)URqcb8K2F}Q&P-)#sKT!R)$6QORq7X?oPrc#a_+gw+%fG`Q!Q*+ z3$0?8&{Lj@jzV8M$)zdu`;tC4t^}wI(%ao9hQ$(7O!!P1>;W}CjS0U zL$FPLWSJ&sBHk(*BjAr6C|gc<)N6$6b#m?K1bB2ayRpv@$cn-p(@K|T|6b%}>-BZ_%{@GZFex2SGRa!6<|+}0$1x#JgoUr_Sb9sId)F3{g-xx z7*iqJRD{Z}9|}-W?=>W<*Dj0&Hy>N_8IyK0D~6Z{bs5-m!Mn)rrCOzHdE_S4pJ+-G zsX;mwrpfA~lT+voVMU4LLda;GWa-$@IN8+G>zO-inLu3tuJGy_`mJ7g*S_xq^+J{7>NjtTNRlpapt`Be!X9&O))m~ z14IWs*lJeI!T7d6eQ*iI-IbCNc%e=~&tN?x9qukL!~zfoClBLunkhSvE@#IX)w zW%Mq2vKGeT$opcA@WBR}Dzdc;u;YkgKcNnIaWbW;hTvHj4gOjHdfIsevGnwA8=Rao z7SUX@R8+20s~E{C1>6RC6ZbGBXSwo1T?Y%I!QZx$AGsN1=7_Jxb4}bjd?z4<#T08- zE}hO_k${JH>O3Y71`HVT5J8%pXz1K0g?5J|bZL3Sd*ZSTBAk0t0L61R!S*T_RSk?3 z9sQQxHq2|{z0E_Ajs&m4xwvNRNBXsqS`~n;z0>BNK{!S+#6x_s>3U5%2=XwiIn7+6 zNn>i<`)3A~J3=vFBrl+FA0V)lOsAAk0f~YtTn^Q$-2!-$cLC_LV3G*7zNBR7Ao2pG z!7pWJ|NePlMLb|`@yG3CfGP1aOt^S@c>U-6b{8?!XI$nn z^@~{R^HwkM{5&|)O}F8dRA+_-MSMLjG`@&)wGjIo;QJeqAB-u^HbuT#*; zx@dE4mt1EJORv*`xUK#7Uu3jnCj{HN_<5~-F6D+>T?Aj-Cn1}yqAg~Mjd2jl*7ENd zHINCq&AL9tw|FFL@xh(tKQ8r@UO)J%znOk0Mf88^f;m{piPhcA`KGr53=LZgKq?lkwxhXfvv$}>$UAqfpKq^R#gkegfepY1wq$u%hoX$7-TXr(^()v zOpv*@)YOQIDI^3kmpX*T6*+t1+g0VpL^$+^MZVA${um6B>(%I|t{n>@ zC50d*ZT&lzYm);kbx9rt=GfK&JCjv1KIcLiJWTmchdyyfl1f{hH2U%BRyXj&>Xwmj zVv&)03nMnJyTjsCeSzQ#43GA~-?xk0J4Uv*m-IK!eVAY(nb2`STDv39lF+%@ zzCogSq8>5QA=m9PWG7ZyxL6es4s_ViLcO=w9ZB0;v-R@1eoKU#oNJp)zP}0 z8AvN4ui$0{A-s}Z4|mr)swe5=&uK`&H1o~M^o9r3#IA-H!K^PQ?AxgU;qI^j5-Exq z`Jk1-uI|Z^uuLQal!=s#E-NhZ``2C)XZ{v2dPtFI0c18<2HJF$VNBo}-K+`b+m^%f z87s6<=z<;FlHW3+%3?Ja_IX<-*Yk*MS5p)(?+)$G!{1|56D1w$E#RKGu?1gpkJS;e>HUhV9FJ1Vude|cIi)#%;#6~?wfY=>*oTQ|&)9CvWx-gUbNC7b!`8Zj({k+{%SQMYodY_y zRbQ-eIA=yyYBa{DJM&YKYA%pHwet0y-fRuDNL5B!$K}X)XzGoBc?|!-$EYIohpRPg z=llC_eLjkt$j@_w&6^9%%3h9)zX^3tyX)Ya(5vN37y5Q%SvBd{;0|tS!WUW#OpMPt z{Kcedj{Q?rmmXaSXI^<>_#}O#>$w;P8m(Pcku`+DRJ?P+V8G7S&cf-;`wMXL;QZmw zh^cJ!z69+|ny9JR0&6vje#aZsqum4IJt!x@XP9~zRsE_x@Xh;AX~PHM94J(7)l8rT zmzp0I(uLU;tihnN2cW8+uevb)rBUr-(D`W;Vjx1&>U4FrWo1aPvLvt}rQpf#A4_#c z*pJ@N^yCTrVEspM^x;?JXr#kApx}=)T?ULwy=qa=fP&j+A<`EMx6DDS<1`$=erI&3 z(x^n{hQtilJ)5-9dCq)+KNTu1X97?={ooI7UA5rT;dFw;_dn78LHFRH#B=*`Sa-^4 zc7cXwe#F(7Hx!7*m+Aowbm7STxA@bm`u{}rE&^yd+(MHZosm6SN;{p?C0sE%Wswk! zd^_26JNF}x&}n?^9N-CYWKA;K$asY@(ZI;kF3V`93pFf=PSX;{4`)$)rj@)|@~d;> z0cmt%UfT+MsiW~VO5{U!HH+WqI^i`wG#P9SLQRUios=Y?m$ouf0Z+hEE1(D1X>@>i zrueh2j_KXB7MlfyAdRVG-Xwb-gLe)vIdoR6L?m%{SK*#uCwxA3+Ihi5ZG9htfBhoFUOHBE`fcae- zaNF9Zwts-i4Z>Fr{FXJrTx%c?xLm8$@FG0F+^c2oM`<618CLdAKt3mNMW+%=8#R1q zv}8Q`XBMc&# zd+qjI)~wu|DUxO^>1-{V!|ypk-9WDw)CtJYf+qDLlVCG+V^&Uzdb8LTJff*7xoknN z5f;lWc&`MLSU0>@Z0VW!;xfs(hCO#id=TEMEa^NCQDI2Ss#jmsELvVo+3GKcGV_%^R|G^7tHr$F)&2=ur zU&v8(`aj0rAxM_4B@nAl%`A``M8iKLR?6WNZ13ZAbYAYnz~*= zCJ`*FDZlvp+_+GSrDvczqx1m;?#|VZyMg0^aGGDv zZWcrJ*0xW+7SZ%zv%ge4KR%l1?Ioe>tP@tu?IBS^_0X3sH_n{v7(+=pEPmifFf0E&=E5s_oFbhC=Er|V?T9tOa+zUr`5C3WZDb>Bd)(Ls*7S;Yg{ zr^e#-HNlwM$&--iJo#TUNcPA1>;Fe!1%jW^jl^Vnu#t}9jM9Ne&(M?MeaJaNO& zqi&Q~>yzgQhE*~Ey;l@J>P`!3IO4(1QJy+>Q|8=qiqxy7D9=r3Z~`xg+ItGzIxoQW zL$TRd&_%Df$$xX4{Q~{4cxXQPwO>dEWFFdUMs!EL=PsWjSP9+FqKq%CZxDMXue5$G zyh=`22MqSU=Odj0ijD;O^Oiw}TEeBy?Nd(!(?iYv7oabKA2(v+8(rv!@qIONRfUIQ zz2D&%dc;U+{lCUn*8d_`(KGzdCZXm3m(;8StRaddQSHpnS0wA0>XcX#8-y1R4O30L zS<$>8x{z~-_I;bZ5A)peKw7VqC*mKDlQ_8F#m#iI;ZlRM`u=`KcPb{QCwVSR2=&#+ z(d%4<9%+xtL4^v1Dsjr~!b>X~=hHoQ;i9TGeZQa=5@j};qg#~OHI>=It9v1`b)q6+ z#CQ9^>?L^JST%M)S{O^_EjM;3ciM~B&Cd7XeG~vwbI3u3-=buAT$5$&^mLzeS;YUl z><|(yc=~USWv7JL*J8ho`*A&L_^QFIti`d+`i9}Y$Coc-kUDpZEeh|Ng9MTbz6;q- zs8J@~`g>|lp-RA?&5>Gn%A2bjdB1ATVh^qv1BBRru3CfC6DwYhe@RWtI!(3|cGyYy zz+-mqLAa1X+Vyt5p6OPrhvCyM7+}2Z=YGHdIut+>NZN?Q&;EXyd8^*Lq<_jM=Zq+rlpS+1}ANWE@n{-)W>pN!pe|C}k#aEoq^M4gZCB91^1(F8`3OEgP_oiCLag4f( zHh8T)wlV7|POhJ=={%=Pi}6^)l)_UJQK5)VdR-l?zU0PUXqpoHA^U~y{uo$8>K<6? zAm9eTfgCveqj>NrME8tW(5I)2g;qrrlSaU9Ma5i{Jd8_(RG z3c9?qw(z7ByN;dZtD3~9;m-U(m=XLgK;h%c{)N65il8-f0KZapB!m>D;vvmWajK7- zpaAt7*c2~rY85b-b~M%C;z6h@VklZTq2oTTu(qH8{7b%87r!@_tu+;BJ$MR8Nul}? z>oDw_-?p_*no^(6o4LGv>6`PC8uP8=wURq|WBst<w0I-Hm_PXBTWjPE$cY0X#FIj4wKT3I{;Ax+AHF05j2<@NBz~!n=S&$WWa!f zA{Q+V?dgGT-3_DUqm6`$bM&g;#2ac-Ay$SLBzpF;*RriWMAJf~K$Q?J7a#YKEmdZ! zCM-~)Y_aLuf3vnnPJQugSj^-O==60Nm*QjA_>QGoVjORExL+~16`JW>k~9~OBRVGP z@OFPq=?ATP^=7WY6>%JLZYyWy%7X&aWF>A&r{+ zrxD&#TzXA(tU9}Ar&4$j%Ev%cZN~+UF&kRm_!6hh?^++JCgJ#4X4QFd15UUWNfi9G zKdAjUeNyfFGFP29Exaj<(Nbk)?}`zHiL1v_w~y9bakD#>&qa79?^uvCiU!Hwrq zVc4x!eA}Yua7*PCV2T9B{kLB;(^eO{lGzwX7O;Swb56()pbj5m!_A39HMM!6*tBsPor}0; z#OK65#g*7UPZ|a-5F~9-qo*6JUhr_Ob#YF3qzauF^le#58N9D$X$19VPwHq_w_LnW!#VfKkNWR5m~@*vDY#^M$R3@W-7Uc_kc?NB?8+_ zW*FD7t@*fw3y~=$_rWXcMXb4{?V3qdJBB`kBq6EG1sqg-?gk2jVNQ0Li=<@Dd$?dy zSzAN-HD~cVp6d9Iiq?wLujf(`AhF*Gq&0J#C3bIk0Gwc;0eG_>CM@Mps%BJ%)Zi64 zw|1Y1QDJ?$y+APv7SB-orW$GijA1%nvBd|h9yoqd8weHstnh(^m1s~9E8!rj=CmEl$kbO}y%D4y0B^SPW! z2(Z(!XPiB2WTE%TMNAfmjPt+kWjHicma&F`p#)eXmbG`b+#iE z8VPtBZ5a_;Tvp_%ftyzeXc^#BMB`0YBfJ8|d|!e^=^gwvP4OUJ{4jra$hV+*+iJkJ zU0iO*?i$!X^3Sul3+VqVn44}d%r^HCc=};Z>o;Kbo=s{5TO((==clmgJWCB<7 zhvK-r*T|?mSz|i5ZEiqVV-}$;r}XepcB0Eq#KV zJ07O+?_%(ad#AaB+A`c~zbEeJu~OuP-At`&Ds>D7s1GFRfcmV;1&X)Szvo!kF*LUM zjkHib97ls-nbx0CO@`uB);4TXZJMPq2?(2zYtQt`LI>9BOkPR$$<~TK^d80Fq6M9P zNTOnxE}!HGn;G3Y?7pJLzI%^A&?eAxPB(jb2k_;9K+UT50N&Wdo-Xr%#pwO;Mp)xL zDOdae{+&fF{^L}@^8Yy%D0|qO5YWjPS}Hl)K+(w(FwoQgp9W7yCuaf; zLqfNpuvo$tmi#R8Ex3dR16dx`Fp}Clp@SS9$|KvE>s#rqQ)s~x7Rc=d!zQA^O3Knw zk$2dnr$Ek2BKN66Ev6YTe#}k|*}@k(Ks6A-!4Ow29Q(#Yyk}H_SFiNeH1|w@=KU!n zaKZ6HB!_WC1&E(H*uyJc`|c8PN%9qNNRq4|IgQFHIp3@!Q=-tl3!4t&r2|RTbXlP# zC(PV410AJkO92nr><~3EVsR>6vr+ZuCWf_0%pdiqmwuAjU-5aA-R>6zytgDkBKPOMsj;dd$v-FfXlN|JI{FE>q0E z)=`a0K2A)gt|T&uLkhF2++`&iwuK4`Nu?9RZxf>f_d)N}X)n|#S^7nvF}8d_m8tIOCN9u4DM)E@F(^d&j4#=rS~}8=%^SNiviBn?aenpnW$pRi3m-+# z)83(3GgES#vf4{sqesH-<;nAH^WpG;2cLHFy#D0v&<<6*L~Kat?Nuc&m4fEvn1w{u zz7`e7S4)5N^y;Seo1T-E`wCe?mRjjHS$RJEG<(YTv8!gMRte9xE4^sh?(K)XOQYI5 za{Qcmetpqco%ARb3SX70trQ5a$=99@73WqX3HWQBGeu(Y^yp^t z4Yw#aTa%hfhbFI_mh*kbEKP^rTRlM2(AZIyew8>cMZsv);3Bux_G$Qp|EH^XMSh?^pk6}^|m;IDfk-txgGT} zXiwLGgG?^27?}A-RU*QlNEopQpq@-;kZ#~<^?1^x@4(yT@%}VZ#I1HLfzSun*Dak7 z3@jEG8_m{#Jfk3>4PUr1KoITGTU;{+tn+Av&_miVM1Y7kQ$WiF9U%uEB3;z}iv|ge zARyp2Lij`|u!@K=5aARJk%whjozfpQN*o^#WWYj}KwFEN2R7)Pf)Nj9Hm8~;LSmxO zrsYv)JGK9UmBB(HP5A{u8pmnJNO&ISo`vf;%~3gDh;ZJl-i&L*TQCP4xoBG`zJ*Re zvr{NuhV^LGnfbvydA_WWVXX<4wYk59b#2LA6{#8oTTC~DMOALMU06;*s+{5eTlQoB z;NxKWc{r@qFGADoC<;&na|O^YBoiz7cuw+fw)_TSoI5x0$3IL_V3HagEQKe_(cB&sSN>cUa|MGD&mB6?_A3FEZc8~bYW9Mn zd`wkP)*oEq=AnOx7|5i4xCdI|Dkdi)UgcaHbbO~|Y?AS8^9wz9d*)_D85?8*pINgJdkCjN`cQnE@HqwbWNAp(G z-61Y_y@PxpkIfdddcBTO-*fxV=Pf^@78B+R^QQSa4P@>i(LfQaP?CRCN!B&w#9tsG zJ`?#lq!4)oqD&)ofWjk#x_T54Xf6^YL-+VwU1a5WZ=pFJXh>M11c_3ZWWpYZo>nlB zVYYVA{Ek}{F(Zy**#%F!;R?BEPZY>nJ3=xHDc-)}b8*_A7ib{k4o zKIk>((Avd27pxvxqUigxVdm1;IGgfK_m=e(Px3rmGpz~7CYSoT*?dof;W8u5q6)In zgoJ{~TsUj{JhV9Nw_tXN^bm^hwm&?#X6zIn`5~GS^p(hj^P!edJ$!`1rh-3xmk9H+ zl3`E)5QwOv`(!@iTa{tqra3^_NRWxtd{jtnG5+8x7-L;?!S5?{DR8aJz({qNR9r4R zZvwi{)!NUCbava2qU7i<5j(NTlAW`6ReAbKGxf;P{VwMtI)ToMf<{BTP8Z z&t;|DFkUk`8_3!{H^kYPY_gt=XQwN9d^XKwSVy$*AB8Qs2D4+_zRW2G92|dc6|Or; zi?Q3760;h{#wGU8u{2|R?evEvtlpY)>}L&ebLzNH+<=ma4iPJfxB?fuHPYsMJ5e_S z!$U*7gx4s>Fy_j7MB^=np)_8Cf;ZG4T$Fq|)Dp^3A2ay}ze)5%kV|-05gp`(;G(U+QShcjZ>2G;_5y)NlK;nJ&i9r?E}t6)Z!& z2!0gYWK*PEsU^vKY(m!Z@zkMDL7F|`6xOO zD@@;?_4TTfc)||+MuX(L@#J?Sqw!MwOd)v93VKxdw*Bmw>(@=YEuUn9t?D zZ$}`L)-Z1+Xm78;abCFZ>u%DRNOYXtvCrqz&nv_l|GyuKMm$Fds4uXmc84l)vmS4B0$pL z$;a+$%=nO~MYx%{E=Kj^W(0o%e#cj4EswR%}>7Vi8N?m=;SqB!Gi^7r$+HmbbIV@VK4bFDK8(Z7vEihN$LRvBgn^v$z2Q zLjh{B#o;rz+rc$8UCrqQ%VtcuFZu`DQ9+L=LaN5;7A(2sRO?0+iQS#s29b}@1^h*B z8CD7tkVnv@L%tHeoh>=LpAJNNZhS~ATKzxpVvh$WuY7OjfX95X>`4yHo{Y_r3VB3t zvtsaUza9H%oOY3U%3>h>n5lmv>VAOKTm4jx`n#X#gnK8+A5V$C?NUrS)-jx2TJz9$ z&XoAW5aIWd&L0f2XBy?S!6+z2#C8@Lw`mulnCe?~6bwQN9dKxh;UBrBCaY}(n+@rx zPTy@46b%GT;#6YBRlgZu0L>)UtBN#xec$#|@k_4j0T3YCw(IVNMeEsgO2}8tktooH z_st1Gq6D-=BSk*KuSh$+p|i#a#Uz}%w94; zTuIx1cFD#mj?1_yYLRTEkPk62pUlZTU?Kxb1c6Q_BR#4_c>C?BG`9=UP>;tz^2d~# zu!w=K^KL5Ytp{tqMvt2o{qEXETMYSG57|v)YD*ErI0mlp(QD!n(#wf z$@f!FHeNHKPP=MJCR1hl|4|i5NP*^GOWxfW=@F_s#@+DS1u5ZBr%NrB)t_#W9=aD7 zK|B<2uHsoDRbK*?*_0`SBO(>zQLNY3&2XvPQRC?fq@J4KucP5Y? zWhaVXuX5s|=<4>%1JN%OuGd_%V^L1(_b|01bw#p(1lTjsL_>#|Gn5zk6BYR82-a+D zVDIg$*Pz}tria1AhlKmXItju}@MJ`(i55X~$*`_kIG#F;xS$8Sp|B(D!+I>Y?kZ7! z>(_%zb-e8(2DC~#mjxAz)t?U3ECYa5x#tKC026?+N)HHXrDN`bw39WD?+9~<^Y3{h zi8(_|b#t4yD14J?q@IxiJRv?Snde+*f|PTX0k~hl`6^L$x~%}uc0S@E;Npz9tp0~K zO@9-VhPoaX@p9G-e5WOjKX1G(JL|rN4_=$LyL{~|Ty!}Kw962L zE?qEFU+>YkP)+S@$+ZW0Ro+U|-w zW+CovP1Ee*rzhY^rVSYN-m@VGwE2X~uZ@hDzMWOvM&FBuslx{5jrEsJq5lde6dfxR zW)Rxo8J1|j5vj2BL?)R?#;Jy4?TwT3C*B6vbErlSknE@<@>w>h{lSLs>p_+;>l|A4 znkJr|PnImKmlv*Hfb3dbAFXhcMMdfzFsF-MH<5D>o|%jpbXnnJ6X+KR=Pc+(39{y+ z8hh!&Tz$s~Z2A&T3)at1!x03V8pd+MB93cE6NokVt;E?x_n70C-$-un;0>jkUQTvp}eEjMvkj0TQg2t^s1aJI+;gpL}<`usA^ z#=J^x65ZW$XN;BC-rS15|3V{)l@ipnoNG58>sJDPK%~|P^k|f98vMSS;ibKOlt4Nw z%+JfuHv7TOwK~;pYwk$?L&;JJiza}2P@An#fV2g0`d#m4+8sfWG_ewx?qA*mgVEqc z9S7X*U|}v>noD(ZV(C0&&oZNUMHWN%X7;SkCSkW(uJtTJ7*v8y72?78$I;?zk_Blp0_daO-(|U zz4DgpRr3y!Y%e;|>88y%3(-f3_XJhP%-CLqDVk!y8IYP8f5OH75_C#JL?cDZ7OS3s ztSpqzM<4KH^aK0S*|VJ^)jaXg8VZ7DSW6&i#C4oLtN~-yZc+ zH=~KUQ=F};!H^E9v1~s(mo+c>yL(pS&^^Dp?Q8tF0Q}|BsMWbiMr5|R-%tOLCCQf- zMtYNv<*iw*E5T@)RHjGIB;U@4?)5JC78SZNA;C8 z&G(vD9euB_*J)(6B-UsA)%&o$0X;5aP{@g2aLxGA~;p@qYby zCabhuCaeulz-~lBkc<|!%>NdZ4aLoQ-Lud8t z3ZXFoHh%3RxqKXce_N~%WL1XpV6$4|B0S>rBJK0`?YaT71 zw3A$Rq<}YmfF#v=SpT6QvaVWWKC;_4DhHDnFdd$~r@0tqvVz=b`+_F^gy&2$H4 z+s*j4vVYpklq2Vddu?fKaU=(m!w{0`|1m^#L5pxY{BbyWuc=CDpuAk)f);!|jDE9C zEEUmYTeiOGERdKS==wBGB7N9O?oCZcX=dhwcz`Hqq>H+psX;UQwFK)2D#{UqAyT5<33kyA9RP9oqFHDsx@1?h(iQyW_Vy%spfE?bgx%>|6Y<_ zE(0Nw4*DTp?#fy2)ijP#;0oec(Y$n3j}P`rtYdn`fH`stw4c>fIO9Fbz#JyP0-JA6 z@M1GsqoGLHlcc$x1k>9A~yjlu*Iqx;Tmns)M|ERYU2dq#4!Wt5`chSw3$) z!~dycbHF$&lAunLx1@@m%V6@FSuw0ARV7S|U8!}%N;OZeRK|fENVq$r!LLSXWWpf3 zU)5SCksl{(YWZnG(il&CZ{9IQ_eQ@GIa|(r}Lf@QQAIE0|9|tN#R7QH2 zkrrx|pxXQ(HM12~pzP||Faa5J8)n6KMF$#3bVEh9tmGX(YYB3RUY)XLW4#+7MIT#- z-lPKvHPP-xV#rdx-1LXDT~ba-vKml0--fp|Aj};BPR6bpNXY*RXpWKOP)Eb`q&!sN zr(lPAI<13x%E(GVG7X6_GpM~^H8~J1#A2!H>a+ULkd5t!o-tdDB9h+j6rNIcEu0@4 zsl|r2WGK&H%m&yd50awpfpDj>={Dr1lu!bH5hNu}!DnIRLgdooM2+^b*wuwasvD-+ zp-2;SddwRO!JY&qBmp!S8~5o0=ue zsati?0$U37E^Y!@q-W+R#Dwy>bWHvi5D-c1TOfu)dId&3T?_)*-5o{2A1O^^xe-7f z7@Zg}(qES9dOMZK9X+3(*fkpxRc(qIA&8;VFJlv&g+AU1IQ;X* zn}2TN)U-o)Y~%4AaKV*iSjI;oS%tR2DPFYePI%!dlVUO^AA11kKHc3%{RLEdE6~{R zL^XJpoY25M8Ad(``NCclp>RLSfy;jm?@i}w=P#gTyqe*!_()&o*;*z&^+aDoA!Jyl zG&sja#xm{Gfw#@n*OLL59;qyTrGs`yw zPcGD{HKRt}w{d_aDXaDQ>mh0wNR*qhIkz9)ZH%0NST!a1+F$UoM)I==;MH9s+Zh5t zsB|`B!8{+P{?q1ZVE-EBw0Q-LiA+wK8yN*@3V)s>r`~1#PD{~3p}PC>-8kg2Ii`FZ zM0axZm#NKRY9OwGG-`nFia`{YnHwE0SX5XmrHzf zRUIi^q@onKZ}TLfc~n3*CPE8)D2*U4kr;9I(tSP|O)C6uHHj z)>oNi^$b;)VzduC&_9raZjB5;CDt(dL34*)wm`#2d9Rf%2<>q^SjY6Qteph#l|6!t zi86Y@y~Pia(?)SUUUE(!0hU_rPDq~O_hvIB;ZP-^C21LS`rd%K-onr*8LE`9Gr`uIf1_g4+?r!7%ZdJ6FOn9rt%$P6G1pfk64_ zu@qKoJz2Hj4%)Z<4tHX)+<%m=Sn`@wW6Lztr9B=VY*zMqb05(I#J~gpd|5as|5oyS zU9%UiPx#r8oyQ<7WF8!$IX<0K?jzTkZ`e@hA03F;e|4xrjX;r#$=#b-o9b6xya@2_UIaZVRShg=so*X9{f&Af2Yi-{ ze}#6(mbM+zi>5pg&rcYy{$^GD1)7zEoQ>Jcac_0y?*H@g+kh*PX_3gf_+<~f9`ca_ za-w`%&Mb&$Z3t%TV;jr63|D9+j&QP#KA{)W=c&^uGaH^Y#N-on#WXzb!;AUon6r@Z4O2Y8h?#jc)Sv;lAPE)nOlXsjSUhoDh!R)?AL&0dKE)wVRUJ*HQ56L#=UMAw0jw z;-m9f0)2bK+Z=wx>60vxn_B}Qre~e8D@BcNrv9tb% zY{>AxU+#8mY};+JBl-QKjqB?j4Q8N9DBy$M||4AQN?U<7&JP%>& zPtWqv`SNtFXa9VR9(>6ewBX7O(LF25Y}~BPNdo*<8#Q8#%@Sj>I(!oVnH^~7_*_jl z6M3C#^*o;2`%wA~Nq)$RAI=|DpwJtk4ksi#!h;qT&-mU{($)NHqkH2Frbs!fv$7m2 zx~W-s0PoRkMNOiCsno}4`^1jo&-DgR&de@}X@Ng9b$Exs09^<`+Wjo8%LP|Jv`m?q2>zDZ@AfMI4Yr!-7I)|CjSblxW#>HmZ$5PvAouu)o z$zFJ!PT7cp;(JJa;5UO~)N;QGBM#bTh>$ik&0~f#h&bNOm945G0S= znG0>`rxBMf_yVV*=MwjhpFtU=Cv>!rM1C)C0_+SN(^)qip*GhaoDwempvAzutE;0e zeZ`4R5G_A00nvrTN3d(ev9bWrDqLiLaHeHM&xb=S?|vU@qxN)%+EfwoNnQKP(c@ct z8xHl+2T%_t*KPO0>zPJsx8Dz}zPsuEOA%WdhQ4*{G_i4vFd{Pw8ak%Nw&zRTXsu2R z7i{3wb25Ji!qI!@{JU}aF$U<3I@S|g6PdTOU7tJJZ||g=aM#r7rd^^%fm$M}-a`*} zek4;_KG?x*=uaj|n^FULT^hP_z54Stwt>te_v@xZ`!1Fb1{zdwoWz_St?f)Lou8Jr z@B3Gl9cg+q|JsmHz}k+}==E6)oKhsD$6g&y->TCe{Sa0sLBkYC!|@b6AJ(uynxX*uqs zJbwEtB^T;ToZ3rxEIIkc5}8|r5u?spW_Uu$9+q1@yaxqP>Cn5?d7~MPNs}UKMaV^l?m}B| zs2(f8p^hmoc0e+%6vD7aOK^nqojb5CN-_I2P-zmPs93@$Eg;)A6I*Uh<7eVfbl)3^GE^GVdvNGl_jI+CfyUxy&^=;Ip!u7KX6UL*<0 zhsm#dL&k84JAcZCYcba)8X5y21Q=RcbwYTW$#|95y$UX%TZJDfR*gQ|0Vx~^XRjwA zNLgnqQlRrI=pr|iqFRfv!H*rIPHXy3uifI~r87kY8N8*V=v(D? zya*O`q4~4g;?Yj{V6;>7I#ZZ##bsr+`=}y8R26pAte_7i2cUg6^|*-G3unctqDW-A z?cuDV+B|~+QjjbkNgVl}hNq6`#cf`;9zc(e0-YEzTV zCcCsm$Gey-x|S?E1Z;xOC$_%C{es#V3f?O=!QbplJlh#fkfH5i*BOnoZu!hsQJ4Yw zPp;$3?}6=taG>I$ID$R-6Oa}cuaTh|Q=de&uOIQNFt@nu6pdtf#Z1|Z6Ls0iI@u(_ z^h@^~v89okb<5vsVu|&PuIF-0H>wLbv3*8ycFPCWgm+%IUN@66@-wN8eg>sK)UgBb zpD?VbvEdRMu0;&Gd9#0Mv>{pO8HdY!3`9W2A-bAJ+3U$9ho2ra$k`*s?yYdS9hvJe zxv;q6?mCmhU{t#UXPF`O^n=z{wQkvhxqPnW`c~-q7lnEmUZT9++OZRUhr%~VL}GWC zTQ}&Ek-l2P~XV09Lfo$Nbko5*=Z(yrA5WdG^h9F>Nf&(DyfR!7Y*!aO8d`_>1R(cu z>8B4&s#0ftgNffR8O$Zl=+%*OnVl8ZuVH4NWob^li6NNL#`}z=57YqR$}XV8nUbu1 zeRRK0$ip^;O~Q;ax(H84S2oG30)T-7$sUhC_}c)={W13SF%rTb+HS>24|o&J1*7Dq z377&O4v+5V`SC1<8e+1&I)O36!2fZKM~`e1Gc=6{J2Zi+FDn55@EUR@Y}xkX^Ln%^ z?TZxb;0In=3diNYrW+21|NnHu^bd>szgpL>wY1_kM^Jrt^#tBt2Z+Xm2#qUXPEQ_01G%?f@gl5t?PPtz5eQsACyHnBs z4bkpDn5Vkpg2TyfE{6^k5paTZ2pQq=UTP7q+Xs^*Nm0&T*|w9G?S=um+O*}`#Qzwy z6`q~i<08stCI-3PTP6}8Q@XvfkIWT{UP6$C!E}CY9|s4+%foW$C@*_nOVAk9Wa4|^ zx?MeQH{iQc`d`qqWZX+T-5yrgkj49KuRGdb#{+JkyNh|g{K-hV{5}J3+<(?WK+v!a zeF!xjeht^3awzC{B@lrg{%q&<= z#2OIR(B$^aqKlyb;ilz=6s3^r?r_v8agk(;|5|Ye9do2OtG}#xV@zUPKhRRzHXgY8 zn<=Zjve#~r+OAA1IuqdT`CzOUwrBFAnU8s3#qqQ51%p3OkAXpjmi={P47%b-v5vp4 zd8coHbYFPXI-mcN)`w&^&yyWeR5)PrM5F#oFtMsya}JYos@~Aw(0MYbUh;ON(;agV zhR|$empUc=fPPEUKIo4(y#$gsL6%XE3>fkyATY!Wo|lM78iH!e3VinO8vxfe9td+) zZx#~Y!?aFm#kSlXv~JHHFi++=q<2HgwmBn2cSleM@$Aq!IH6U>kC@D}_4+|4zQbWL zOtX|Q1<&Mx167aup3G**X+W@&#}R3aa0Q&uMbrQS;HpEHnDVoAhCvo?<6#OqsS+>U zvm!XzeBpSLOCVYNgz`_q>;{M|dO|!{a+HuZ6}{6iIsaAz*z|8T{;dMd z)eg)u1)Lo%A{1Lbw^Dv;#S(|}u#NIUg3REeK!AQBsyk>9~nsJ8`pT2C}*yyJ7MWpycU+z7l zX+*Gkk;n|Ik!N?*A+0dg-I(vanf+flQk+v>Rz2;F=F}Gy{)sMG$IGGAYFUrN$MiC9 z9FvP$ivpD|w4)agKM{*EG1NT2($6pX%*iSSMrY+d#jPq57^QKKAfr;If>iz^<-P>` z`#B`X@qlAtOp{+?Oq>p}B-q(!HSeUFY_QB>mt2g%ee;`X008Fp4$8&XnGP_zC%c!a z-z}BNs^j1&!@xFbM1R)KbOptutOlBpXV}sNQ`K>n&qt9fCVdX|vu<>^iHq*>_1u?=rbQt+E>)&|fujhUQmz@RYuRc_Gl! z3tM*9EBbeIIz>7Y2u3Y#Y3|D^8a4@K=1j;zzt}o6*Ldi!s+om-@Z6~i|IARt7$U%L zzw84kW>jNSUfY$P>w}BxfHHYD(yRh&$_xbZ_z0jYB&^-T&Dy(N@AL$ndR*wX&t7nO zf%d~U8DxsyxWv=Q0`P5E(+^aCS!*VzXXY5IWTh_KUYcjlLH4eDF0vn$(Q^Xc)n>h8 z>`T+5o0na0v2TI)>96C+U<{a!!FI*mIUl}@xvo)%7H(dCwAhM*y8!!BlxMiajd$Jr&^3PhRZok}9+UgqbtrqfuHS6H!mc30vOIVi7%t=jgH zbdFhDh_MprsxOA~x*TXbf*9o~iOZxSg(HszPhwLOlipM#1TMEbg!4 zm>NvTr`%TuoR3M%8le6u5n!yQwg{TaA1{M^^YTkw2Zl65*p{>)K}q%k{@y53)xCtl zG1idQ02HPMTg=K@Q4qtd&2;YqjI+w7Ix?aoYz6n?R}8!)m!B*}tu`<#6*40t0OTXfT#^)ea?=M+!!dkAGCXM$jxHnor6z z0(-tR-ettc2V9(vH&i?>4~iv(EQb|YB`U&N8M}+j}h$K+>;)`E*3*UII~3su+bKA8?86q+g_v3 z8cL|#zU@GlQj-T53wZc__|#MTZDPEJj4Vjw#5v%NiJ27_*$YUynGMLcG)WT2Wq#JP zP788CmS}#AJQ0!4VsGe&+WE!Ic1*rioI)fB>1enGUD*%djvnls*|sK=^)h-S#=VMA zTM^rDtk76BW&Etx$Oe_ov%IXd=1I@xS3nJ4;Y6ah2cX(G#>IayYOJn5QN*7>SdneL z;w&PXT*1t+dW#XCBmJ;TN*gk9U~+>@w&Tc&kN>5>-9r*>5I`^vYVF3J4V9X0|kFO%Y6 z+6`;Azq7eEicsk2<#H|BadrTL-KntiXWsE&+m-J#tgRW4+g4+W5L{Rvc(CMh#3d`n z+S1Z+u;}DQ43XWCO3xnh6F+**hFofmOkVw8DLRz)Q-^K4`6=Q267PRl_1sqxi3L8m z0jDDD*E*2fZH|9Y3JM;j$dUqs2C2_bm0b}RWV>Q*?*|np3=NzrEAp05`ypNFSQtzE zGOy%OVTcN=3|@BHx*CwjV|jo18ylrtu!YdW+Nq0~SkkWx;eF8x(A2Qb_REQmY*u>6O`2qHotn1?OMq65NIZx+Aa-GZxkPj2Fp>x9wiZLImo&NlQ#pvRi{UvxS+T~A}AzAi}OY$agewS9*q!WC@hfmz=Jdz za?7N!{k_X_J1qy53h6T@@~*efC`(Gf0_ZPcQR_%dI>a_^Uh>a+zCFC!GN-6}R9@p1SW8~?+(0QE;B zDX@V0nboD9-ycps$zgfnxj5@eaKP ziZ0$Lv9~zn@d9eZ8IJSFd+fP?%9->Uv`ovZe8WK>wVM*V5RL!a*=m0GdsU@RTo~w< z;%RlTV*}}KLb4;@02U#)RYkNUC?ob>@9S;M3Q;n?NtcA`%mGEanU>)4!XOgN?e0)> z3nh+5L1aR>U3C86x0bK36QeM-e4A%r9TX7XJRP1VCYZu!=_JQ%`Mv8!1N0isv1V4ojAANeFx zLrqv$1H9Vmicg9nyUQSPZkLHi#@0kxja>0k4m%(FVp__p3gME>vd-gaUhIOH=td{w zETTWeanzIY4)|RQ1z ztCV_r&lfFJUGb4&9+rSf_2dm>o3;B@sA6wwTHV#g2>ea=GK*N*3`Ci`!S8UJ&HlLa z8ar=V-(3^cWuNEeueqh6cz+@6vjWQXx0G`39eh9WWp}Zmyb`pKO35F>>xu82ez(F4 zoB?vJx)dnP{1ovXwjBy=#v9=U1(B67T>^ymC&uh2smlK#Se#7%L9m#)xtRY~f>o*s zNG|3;@qaN8K7uYE)g~hbL)1u}Fn6QuoVGJt?Mx?29W2039@qui?%6WPw{J~=AG#!4 z$0RM0_Rm^&L8xz4~3C$XVu%R z=M*X5d&;VA;8T-dMg({j5BgMWgw5#ZS1styzvouUZ{vFH$vIN2_SyF70Bkk->bV-? zK@={H%SiFj!j~2M#Dt+gcEFL7wQzh|)WV4rR6JG&K9&)yElIrCP;({elCs2pxK)(( z*dY$%#8K{JL+}+CH+u#`5fppQlxi^RlP0?sQtqgLC7#Q6w3CZR|6zC>N;;Y5M8|wy zb5Fg+eW+CjF*JgzUP#ub;pLiAn4fULP;LYZYVOwr}7#qA*+fzV*8PtdPjh96CM zZ|$pUKVgpn)HE_5v~%itavZIAHT3a+sf_zFAVh&)HFLW8yDbvN1QsAIk~C<1TP}-C z6-=MLKik{epC?(qKUZl0pNE4WEWQOfOGbLHs{}-Fm}beHNU`u!30>fXxp3Q_#7YM}Marf!p`CS8E4I4OovDks{_^O01` zFIBa%?y?>uheSA9kX`^wOGnEQiY4i|4c`ZBLIxFIxY3~zR%nu;?XSwHCz@ z8$76rC(5X)psqfzIA#I4W>)E}GUA^kJDgNiTpJZr#Dp2lh7|P>z{*k0 z6t#gn4D_(j>ih|7;Y4Xgpy$kLP8cQ9C^qg7JHWW@K%`OAQ_g219fjLa&m%kqLafCR z*q)o;%`*`E$|$$OaWRt@mnT=aX5*pIb+%`dYGbI;PL5RxbI-^U_AuoBL~0bjQVf@{ z`VXCR3u`5BaX5{vG%y^cDwUlzMky*EbF_9zTpn2aQlay1*b!wvedhk%!!AT<{=cWm zU3KJOq#xd0^)s|hM^@o>W<3F}9;kkl>RC%;YJ3kPcN+bhqijE&W6|E=Fr-Ad&IR=> zO2$=>&LQ_05ry2vm0!xrzlkQ=r7wM8aY-rZ;&{UJ>zz|faFN3g6ddBX&mz0r^}I7w zM>UqPFXa;Ry;upnD}X2HicurkDf8OoV~?KUkk z1!(#`_#7q@omY}nWg#<}WGvWyx64UK3;EsGv+^Gr4~+}eoHQ1lesx;RXKo!U`V^iI z4vFe$Tf~1P9BzSQP;{(e?dyzsgXRc!)Sh^888ECSm=nq)%oY-mmP$V?$NQ6mh4zDXS33 zdl;WGho>X76GkF+cDCG6q)_7k_+Bf!hrPUDE;EO#l@D+>M!hnOZ86h|^_PWS)i6%8 zJ438|Gb6XV_L=3F)%5G<`9RYjFOPn5>6$5OAZI~Y$bsy6W_#7Tsnn@IEhUWZfL+2i z?_6M-%l$d0J~zOh!#LI)4;xJOYZy4D6G9Jw7@vhJ$~b#adsf1j9YYd(^d!RFSQoQF z7#n~eN|7Bq_w;Ax612x-fhR5LZkf~z<)N8-H+X#Aj|L|t-yM?6C4Fy}nWKO>5<7-L z)_eONMK8SIyxCE>ypOjNNUJ<_z|zx0fYHc5`<+($sSI3EKqbHQd-m<84@M&Qkn!iM z>owk$jtC0uE}nGL^Onu0b2i?FuGeHnMiiKuC$jmrv_8C9u)*M0hC9Ougwqe$0l{R% zf58D}rvLxm`VS8L&qly$Ev?@N9RIf;b9Yna7qTc4P`vMNiacyer<~SQxi$(_ofa@H zx(6jGnwifJmtx?ElDNy^=1O{vNTGvsT!W#)m($Sg?C3ck{~p6zc>ZJZ#PkNH1it6A z<&h7>!gi2%PJJv>txNt3tyIc=wBAy8|GWC=dJIg1-s7#wAi6kXhsI~I(I7Tc{Ty*% z*wS`Q&zmoe=FZ0*{qKg3KiR&TKE>%w$p2R8I?M?mNbZl35m`npNA|A(%jh#b9ojM6 zF=i-ax;`}F!3RZXnzE(;#$lm&uCLGUyRz5$WK?#4y|?f5_4+*=0FLP3zeb*}UfAxR zma8wkPXV~tgMn)gP-x-VGl@M*wjZh5vtp;5wL$o%r9!@&I(&Wt{WT9I2CZGuDFzf46W9y>?ZA zU~5nHSIEZ`BvPuBQPVe&i+445vV@fHhQwisp}^EQcrG0}w7Lb){ z=>uwmU!hknQ9fVo##W_Uv=*zCk&*L)9nmpgQ-7EP9}6y3FrjD4)sd?E9eZg%Dxv&~ zN!50Py^*zB>7&iAQ&w_a&B}*PV*i=+mB;~Q>#5a^41ditU#y>YCSQwm9fuv_DMRVC zdMifHW+previjzwF4VtxOm-!zu4P@a;w_3jHaRvwk&98#_@DlC&l29xm|wJ2QlKiF z4u~hjdbRH=qJg%fMPNcGPwl0TP5mo84e)q5-rdNNBpDwZ&VFDUk3qc+h;{!tRPBEG zjUD!#JMro`eSYXS%0TQ0f+saJXto}#A!xikkyMCkcE*N2*wLd^(7AL*V16bAG$`;` z@Z0m}{5>n{uyGXOiIfbVz}#bR|8ZxIu^%yN^in+|xy5K#=SVRNmUSb0K9;+sxEe0( z{#q$y*ns_){?d}f^zIqln-F>-0~V+rR!-}tJ+TSQ*=+huxy`)xdfmy!)dc3Kp^@d;VZ{c1J3>pW$TL}W#@KPU0d zGM6J*h%n|9^Ywh`G+|6qDi$}!@kXMj=2|<6?4c4~x1DhF?h6RIAuoKv9&)dGYi}3) z7HoV;Z=US0DQ694zOTHzPvVy|k5D0yx@}4~#WW@5nH~N2cxHJvZUe!?5mhKhVykYB%cnu5E2 zVsUec9MFuaV=pw1nkhvSNN zq=`EcyHHc~HHCss8F4578{=}AgMllDCuS5?CIbdxiIa?8E(X72#xv(Syvq=$%m0wq z^x?0KhUNOQms7Y8W?eX3ceRwXTW9ns?&D+`Hf8^{Bp?+K@$`_xuC@ zP4zS#p=)JZkKX-j()cT}0-ZbKS(?g(%(l{?gK1#2CEK%JlrgQB0SP7O;96K83DhhiCM5fe6nT(eO$KJinI01rG$fdt*=(&5IT0A44_nglA zhDIQ8n5&&Ef5Dtjr%KqWkGPx*&YhYsY{y5YZq5BZuXi`RC(UwGmPUpyLtgP%+Y{Z4 z^tB3`Dp8`m^1@*XJNa&+>v!iZN_v3ufoFxaBt^KqqFtXaG(Xx^LzwA(Q5XIuox^vb z8ETuUWtw*+mLM`_mVkE|j0=(6hjY~Xz&YZmR zI*QHI6s!xYNRHQ zhZ7!PMKo6|`ZMxqHP<5}99#HY8nmQ=GEWKYw4VzdVvqa5b41XF@HT%R3w-!!z@q{L zBt1h?(fso}DT1VE996kLqq7n`o8S%d4b!LNKVbpa{|^gTxS84h*DJvhj!k^d_}#~M z)EkDxy(2*AVZ43V-OZ;w8pYdH##9Fb^b$cE;@I*w@8Lp~5hnw`epX8|3az#Upw?G) zp|@Pj(T>~d>G^bWQGKHyvPbdI%oV}8%9%~JMy7l&snyZR!0FJF-xhdR^>Vw(+PhNPIPrxF{(S)$4&V9dQg0KJkH@AD*SQR5-HJ}kDPCjkSntO$6 zRCT8jpJ8e~Yq=N`+ z?ZBko8t3z(OV)xLq2-BRb!zxlzz;vu{@}LsX}A#w{bxi`1}poy&yL!7jgmJzi~$xB zzjA*HVFemFRphRJ%4jx$*fH?!lPnTZGDBQ6s37ya%hqO|(qwkA@9am^VJvMZEXT7_%^D7a6GHWMv6jED8QCn5j;N9mDV?kAnZs@HwiXkcNQAMqYxr* zSPqYkjUmI3gOZbGNpNWtgb!#2aTdPE&d(FPd)<%Iw5abd7hh=@gtUU*PNGa9(4Bxg z>Qg3gchlXR|O>{;)Ud``MJ2(gWjzz{7!*qU`4t z1IS7@Hf#$Oqy$WT8(`qYqiO0|YNS8Ka{9VkGO22f)`nLPy7zhfLUB#88-)y{)yWnD zyCy0}3z%>U<`l`QfLu7l%oP@fMPW1l-TpMHF7tStn=Q1}=XJP1bZi3wP=uSE&HYLHviW=a?kuD~?_WPRsASAHi$MglszF8vbT zHIXQYc18u7e*EHzLr^`250(onX6luOixsP{=spI$9@sl#p~9q$K@4<= zn6TqS3g}B4B&Mx+K+KY*Z8&TRii2sW5%_%&A|nq`)RhmK>%^S+4$hG*^gE~o(-N{x zZFc4awnf%rnsj5H9DFm<&EuZ1E%A=-K*w!tOPLv*Uv5=QOnYcrRJ;zJoeH!m`73w^ z+BC}&$ah=%ctM^uafl9y59*)0M-RO9OA2R>4wE!o?!0FWf+TD*mG;_zC{@NcnH#bX z@&rYOZfOwC;1OY%ll8~=?_m()0?<2kH%?hQ<+~?aA}ht!?arRxpNt}gHh4k zYQg}Y8KMwr*xZ&Wwk@(i)|CiU9@(f_H{uHr8=B^D{o28N%{rK&f3W2Y+=RaKpXHeQ zbwEz&GnUIEg8?|u7`w!@0{;6<_=5#Khxhopscdh;X7jXnRCjJ^Uxw&szdc+VRB!-@ zkgecd;HR?NmWmWI#KwVT#|4whNT4u941%K&TBCc7hx7Kz^LW7rPT1x$H^2Y77m)#e zB|FHN?mj%nJ7}j3U`|_326L(1| z8h4RFhz^uu;C52y9{8p9SxUXI7?D<_XiA-Cb5kBDwL5U$={RCBmr$k()?9!TGe{wt zAHi$SPS4Nr)eP0q7yKJB^F7hPKDmZRXrJxa#@XX)LJ3~*9lXb2p_e;dal(J(LoH!NjAW?hJuyX2P%$PJyJjpX> zsKUwG84C{-Gq}EPeW^euNf_yyO5GM#ipOtg7j}|SWOWp&XC}1a$`>`9Oi}4d2fc*e z(n007g_ zNp1o>8z1xIb0#-zfCpH#4u)`6NO$JH(Iz{;TH~etiHtc~W6WWvrteCTknsS`R7__? zt~3JVKA>?iY#UQR*w05!LIm**z6xPW85DKWJlWyF<<$71f?N1eymR;+ySiGRlepI% z+T;w|crj+Klrz_t6GXs84UYY(!4mq_$Oas&yP`>6_=l#SzM(dOn{2paS{ntJWeI$c zD-Opk`Co9v1qY*HVeO0SP%0N^h8&2G{k5V>2k&tm z1qKcMdknu@(VP+cp@4mqoglKpistq7zYc`z@ph2xwJ&P=Ja`^*EFamUm!mo)tS6Sh zeFjTKd3`neJ7nK%2n&Fbq1XXr8-x%pEL32dkm5B9_G)uBC*aDM0@9{}kbF7g(&GGJ zMiSi(-+XqDe58N5e>vv++L+3R0v`)EMw1l;J5&E(_CEZ#UfnfqCV42=DgC8GL&a~A zd;&yANru0oY(f%n7Oq!7fu(T2Nz-t>R;An`g-+#}q%0Kn!H&raiE)c=F`oVndlN+l zc{WsPErkwZY62baD4@*%K0w{$p012CV1!jDt>2!4;EVy|UolV^Zik-1EheqCs7uS( zGaa(d%?y&$e2{yj(>>#VIRVPYz@GGLQF&Zc`^xR&tZ8*g>{?{WwFa9-OnNu(40Gqq zv}y0km!A&?>Z>bQN^ooD1ihy+qv5-CsZNrJIbx4XK)B1JvPnu}ZN|czz`)GfS zEK!Rvf*3T>z$S^Y%~GJKxS8zCHle%g$MKBa|Mh(|9sccIxHino>jXmc&F`_?V~~pd z!Qyn2(>|8CC3FOhKIYNV2FpDy72h@b0}Q9RJKRrnLE!Hg;EKP;&1sne_E7P9<{i%s0G7yN2T7gNt3x`Xey zUW25{Arri>h%0O<;>^(-{rmev1$-dW+g{waz`C}%i@3U!F|Y_~&}wWkoUsN&&K_;1EX<5wDQl?oGv0?k=+e=}&3|Ebmj9Tg zWM$%J|6ehCEskFNCda+6f2b0kBMVY93AOSD`y^;7xH|f4Z{H4G}lsV2}NBq;Y@8Zgp@ejaE<% z|CbEW{qp-bSbk~O@Yi+X5=FZuLT}KUTKI<|!>ir4%MrC$Woj$0{oN^ZI$YrOnf8Hqux?EAj z_XM-+>Z60(*f#4u&^YK_{k)t2o?ZQwMbLyrhV(3HltD9(57nE?S>;x1=XSrjPQ6x* z1Ytiuipp0GXdoWT(~hw}A^Z$#Ows&wr45N=(b*hrpA>#DCOTGlaZX!CmM@_lzi?Is ze%`!64vy)sa>Dw=r62d7bh@CSAf!S%>i{J*fp_>*`$VvO=|=7w`#Ijc_H{p3vg|#s zbZ7_CFzuY}-@B$WQ;(<3ZmO#}pqVJz4V-L1DC3$SR%{$#x@eXJp+|)UqolE*krm2I zU7^jlR3^wL56v}igH|X5rf6N2vltBnMx{JMwBF+-MT9DfuNk13%i+Wi{!wtcGW7dpBS9?sT^}qt{fLko- zS%ie>t0BmDy`8fw*+AcJqYC2r%sN{z?zqog(s0EG>gN@0eJnYlTe+g|gggoCt5FcF zHEgE?@2P6C?B;DiFdnU3mGQrOqmt(oDCkGk{dYLZyS&fmz6zbrPX*?Dyqjf`Z#BZl zX=v<2qGZY-E*UqfG>505!2YO3cKbCl{@nW6AnY+f$8kn7_YFY-|H6sqhTZ36y4BJ>7Ru1C0_C zpx`Z_aX+pm1!E65O2!k=*c^z^Tdu?lUC(3U1_|tI++iiof)Ns(dN-IXb&Kh6F&S<$ zNX=f=5AY{ETgAoCJ81`Oqya%H$c8i|7wQ`Q>^5>`OU+@UJf-^{3{iooU@ zKi{DEQ0uTwb1s)(R_@&;(A1FNNeZarXwg)N0C%RNwMG$<%U}UbIFoAmF%NoVvpsW= z&zER_VMpXblm6=ne`6x~pTZg%Ydbbyde!1B76=?j+Wi*A<{NfsDYRY*5uH75IWQ!Q z*fx9~fbZ`rH}y(%)XIBq-P9q3$a>DXX_gbBnnXt3EyDuu*>p`_MZaqh$W;<^&lG`) zF+cCbcp5XU8XtkbAtAVZ#j*-1W0H9Plqviufr7?NAcuNL0pl0cLy4{8^f1q~tukK` zldxFmUya#jSdhbShjXfXxARnJi2Hd!&PM_-S)%KRIO^BA<;$S7HCY@A^XH>YEB{J( z1)}e^d#PMjGBGj0#qj~Q^|{-)ua(Y4Z0wGxj5`RPP%c84M?b=vE8#^Kg~=d&c?@OdiwzWM$ z)0as*_dWQyL+#iWRS*hl^O&Y$0uJ;ZcQ-I6q@VXHCnR)=jZTuq(wC7cwO8Z*8ZIBT zONo82U#TZw4B^>dmFFJ2?AMX`Ycoo;h2d9btUajBI7{K>iQO=5FJZv7dzlN<3royG z^oM)HRY=4uC_#boc=0jSu!Ts`{{X9TE-|+009=pCa9)alX?Lm3IXpa7h_HyPT1^x# zEiD=5VDYwel1<=Nv;>%M+XqP9WwB@KGBf)g$i~Qb5iHho$vLQxy$u{{q5yl+H)+BT zbTW4_DlD!5k~`6DGP#2soUmL80SHF=B=KKJqv$NwJ^c6v3RZ#Fx?-A^w%J3C z3q9-xGh0tX;P3YZwYgh4UN#`!P5LxO^Lzrtt|vs4s8+Qfi>JX(w#8?%#3_NA1~aN> zO*m73ir`eM*+$uDRXHxQfT=J3mI(yMBSHkAED;iJG2AHzS;#_s<8L0%)YwFW;!j}7 z*|W`zjvv4BV`cXa%em7Rv-zAAA>e@>4P6fYLCrHOjySlLqWar4g>uEDgE9rCKAu9& zToQV$elu{+o854`M%tVqTzAHLRy?mrs{)=04kvY9Ps-aXRwh~({l*t8WbdDN&8>QO ztKy=iKH!lJVzGPxq!bgYj!#Qu zdz}K9s?Harx|o8QjVWuq9#J~)H^{hmRB7XY*QI4tb+UXoU|Gc#CdC@_Jkx zuG8fRT8Yt6=CzIaK$RBCgUx!(|1JhR40ATEWCZpV;r0Bud#;V=>QT-S%J)~ID!wLj zFK^P1w#RP275`hrWi>k?Nwg$ZFt=5XaD*gkUvo2D9JGG zOy!oEaK}Df5)7;hRJ`iMJsT|7>pfR=usY;NwE>1>F8X{~s${(gh=7JE^}*k$rJe1q z?)Sari)EgFoY{&)95(K?Kds}|uL4b&1;*I@BVUKkTIeD>-C^73_*!y#JkFywAGog>XZ1<*PVuRRJ_m%3T;ElGT5qH=6hG0yV-rT70 za~_{`GGoU{c?E|PcalLtj?$)xA)p$gEP5Go}+ zAhu2(#%QQnm7iAt;;)N=hDU|F{gD#cR(@3|Rwwq4{ak8K-g4pbkBf{k#gfI({Mjd> zb^r(+-ih&Rb5iYv&rDxz5SKC?X0Ya{v){@Oa4cCg^M4TyR`&lA2RQ#{abOz9#$l`D zuFF5P_ZO@OwhG$QZ97}M&2^H^%v~$^0@0jIi$<&Z#v*Cl&8mBts1?-9bhJL@ z0?8xfp!K2n>c4QG6g~bRzEW@MpL=~3&xyAg>HL_S#B8}s_e@qFA7UKmfQJiyzA{B7 zii%eV;I&~i-$E5z_-*Qa*||*4zthv%ALdej5lfO_C<44lo^G#w_{a7tg^jv05lvpa zwn#?923WG}4F9wx_&4wKQ9WVBy!}O0*T#ZzUw$94W$j|s%w>-M?-46n$L?_$gVFIQ zDw6N1z>^NGQi<%;1(QI;&*JI4K0o0M(b7X-xqI^DqI_^us5b2nVE3Klu5NY^E9vfu zO}jqASghPuIP~aLmlctIRw6vY8I3~cpTIHHb$Mf6H%1KscUnHq>+7VnfG$&VZoFcA zfJ^8VlP*|>zVwlw-9QZhHfA4_Se3$BqGu}kxvA?*SSEbv!l1&G| zql0dV*$gO8pUgq>%HMHukwIee;qqFNeHYj`*K@Ohf-#~X?*K$1#5ii#9+X1VCv>-m zNhu#aOKbfT(l5 zXqxQMLxNfZDuY={pQY>yN(a-_q?M3)wn zuCik7UW!yVGe zSRkVD8Ld#LAnrhMADG~c3WV00ID_tP2ck0CcV>4~hNi+TlFXO}BVsTI*%8#}_azv33MYhU5$csx2r=;-W=3nXVzx;&K`N5!((09$_5~0x&h5PF3 zo5hRxxXP5KdPIUV8n+&#hUPmxB z{0Z*S3s#A12m$i%>hSmp%<7L+-3&*D4w~u#!$msY{lXT-2U$C74mI3o9n!p%nQ8;( zDc-i-c+i@%K=|l{XR+ebM@a(o_9bK08bo}3=*$mOd~2n?BSB*P=_A@jbT~bRY6%43WF%5T4=^17W$%9P^z55N#onM-PoFCxtp4E^T!3z1aaTD|?yc#AR8!opK96 z-dt5{DLE`62)HBoQ=BjbW`s;lZG-ME_vQ6@|2!`zJN`?4@U~n(lR=@5V#)3Cty@Hl zBFP|Tauw$ z4SdOqmVt*v`%PecnU4^kfy8>-Uo{ctpRxj6ILZz!TLlErb_c+pF8i)=|e-n6o zf>U996DD|@Ei-5yVd#ZEkchxmpa903dCT4LqHii}0s;X78aq$vFnbbsAt1Rz`@?Yr zS((cf)RGGe>@NLfMb!|5&|ay`7|4Bi6)S*3+=PXrq08UiRhnNNNa2h^rjaV3oFq7b zqf_5=s|2uXhd59*1sB5Z2ldXI_OD{q8k^ZdHIw&e(SFq=@Y4iVYqHyF%ks5WAdlG ze#@^I1DcJRSpis*SUvQuf(B3AKCR^oMOi8n%C1YUi2Zz#Pq`(dQn-ZCAZG#SFBqt$ z+CIqbsBt@PKqiNsje7SvOh05l@glftgUC9&W4r*+(7;kgDOAdenAzcX`Gz6?e3CA5 zLp}ZsNsabRG@m$HUJE(=9BPMEI@sS`ZQI{Bd5{{;sy&5uliHj2vs5N0PZM}p{M%%y zZ3XU9sU&|)`&P-Fr=ktp5+!h4lQF?#say9D_iLe=q@#wbb{aB5KFFnE}wb|H8$hlpuOXC@t7`?>fh=%=Vfb?%UH}u6t1lHISS)h6DiJ1B`p@c z_xo`y9g>yr5-8LkOD>(aRjy4^dI*_jXvlyXu{F3PKGBR5$y4Rw@ni7yclKuJ2YMM- z;C3=>eCp9?GI`)ER#xA>UbZnf{nW{(+C&vH_*zfWA%dcr)PJstH725 z=UZ9KTa>((0z|oqSCRw-zrmmJB0yN{5Y*v*%gK(Iv+!lWu(E^=#hFf(wAfmx1ZOUR z`$-2{wW3p;R?t>^iFMu$%_m05YjAVi0JY^0%T;E~;&&p0WxFPtVE_g0?L)$(_mmS1 z4_=5W>SQ%}Hg@U;r%{N;8mH(5W5?!^TvfxV?vI7mBi}_KN)S&pZIy9TzG6%dLe_qW zXsYtl&Yr+F3jgHz_m}P}pz*za)Q%|5_{2jS zkrM83mXV=d!#XLfCyVgPfS3BF?Tq@!v2KGa{TS@9 zc&z>x-e><0kMKV;5YzuEEF5VAes4-3{EG|?oJ}e(MgWfd5~g}`9_Cl3$rVtasIN>d z6Wh4Uq*7D%kNX4-fmL*6?#Nts>{(1y*7WEC!2N*IkO$<6g7Rm;1b_IFZ_xtblDMQw zB4U~byna9LAtIv*{g5Lmr>*a9Pj7&2l-Qz#Uaf}#$Lr$XALaN1K9A+_OLQZZB7}A`Q!cG|V z4Z1r$`k404@#X(?_zeAthV0pY zWawrcR@g(??w4Uvw#88Q+P|dKfzjn39}V9@b~?LdUB(t51p9jUm^OHAu*=>QmcMX> zetyf>?o4AF4O6S*=V^X#DiYD9GA3NF8J>f1NFn+h^b`HCzwyHJ6>lBIUe_lY%LhJS zt}r&qwqA|`;olP@jDhWuE5(KkayJTsk+?{DKcGKHN|IG$56BiG!KZU1+(%O1I(B}s zI~{Rlc?N|EiKMldZnkn7av;0Cg@sycwRTsweemq0=FLo8YC4_n(!bJLSYO8=)LVhw z9cO-jx7ErrC80p$JLF`J=?sk`Nfy)RsLv=8G=&ARBXyS728tB2v$Txns%BRl(tG}H z4p?OH_NT#yfii10QN$?=p!-f4aNafDFyFfwjF=1?%fc8vPf|}g-SywgckOf~kcayS zH0mXV;nG-5K4QfuXUWsr_AHDd_ayG+GD3^+JSnOdA}0GxWV_rPrnfvh(=jp)YmB+n zPI>M%Vp!~ti|Cr?&;{HN^77EM-+N5zxX}1ix_$0D8MNa%t{Q7;$a~T(Rhw%pDC-v2 zyy4_BasmqV_+@f+BTE{BK{&ajRmBsWtW?ONm?cp43XG$7 zn>+8XSk@~3+QU;Wfm&xC-Y%QME#r~}vVv#o{e7H>v}UGvA5T`Z*=@*UWP^h7F}-5K zH3Wf`;n9(#<m!L2LsKs(+Y4GEWP3> zx>AJ4&3@{U;&RRd+K^wKYV9t|4KUnyc=nXP0itsZ+5EaDL>Q@``uDYUkFWz3Nw-RM z{fG-1Mx(+@*7xRm3lYDWUC~U0xEZRAQ#}(VA2$AIi?ZxPAD#-`VB-n?8q)85Dbmb{ z@=Ah39X17ldxAQ}+H=C_-4lU6?$rh-59DJ-Vp$8;%GPV0;dZ6K1B`WYxzZWtDFyl;ePRy}?x&NxXc4LzBDrE1(+wX}+{u4Ul=8VHb~}w!E*T{|$ng0a zalc5ocFoujq8Lyh z=%avh{+`vLkV}iboAF#i<__p)7hob93CFQ!yIP7oAd5ETE5eul7>Y<_O%E?y`s?Jp znQI6Y+sENNdUG=QQjK~EM;7WbWqZp0!eG56C+KRPh-|X(4$@V+LW7b}#g|@`rGp^O zhgQA?W-Nw0(kVrOpt|<@%EKx^TF$}Iolzg8UDK}`%4GraQaSWm=rYK!Ne87%cdSQr z9pN_4)ZbfE5&s-Qd^mgf84$_ZYUx~|*`H>`6R7+PllMaf*P9gZ_GDj zRz}GtxW!MWjy5C=rCO0(wXVQ%Mpq+8uqK#_)879rWd~G;Ui4?a9l{U-0CU$Y{2$-G- zaV@ivde6*s&PJ@;<(9pGz}boe@=guU8+^*xT@gGR$7+Z`Rkc{JP_nB;1fmQPDhyT6 zBz(9CPn!)3cO8BK{|b@T@rRPKi~kWU8Mx}ZGhn!jk($rD=$Mjev_cBsXbO{gQsjtR z;n^+}_mw#`g_IL~!*$i(<1wwg$LsDBdNKkyoY6bo$V$EU1LJ$9Ri4A$3&%-;#0+EI z)=jWKk!hM&_p+C9Qt}1*tnljfeS;gf-U5M%Lq3mNy-@8??TL6ZPT%|$=1wRl4Kz9I zH%}rd-MuMl!aCi#HTtOPMjxL^MqpptXY}?QzoMjsas+&TWuGlKedrTVyhEIS zFE>F14?59wscU=3TaKgKj+7e-24%VV*80L<9P)gc>j zB%ccAKFER{(cpz(b@F|Hv6bN}`Q`Su|D~X7`F$nCt?E5jp-h;9$9CFN8Uq>Ua@`+c z3ksyr#v<*5DAA7qvD?j@gbZ#Y@C`v6PF5-rME9i=@pkk>DBKM(?JQ|&`uuyB&v2R!f1)5vXiz0n9kbhN z>;>1NB06bM_)yfxIX!IM{4cMdWn|m?Mc-c!-Qc#As6v~X3J)Ku_b5;hn6N$)+F;>= z*8zMm!3;GY+pIW_{LX_8rX4w~d>xF?+9th%ffkHs&bTKXw1nN)g*~C0VEnQ)8=J*k z8qKO2vMQ&oqaVXI=VKIkd+uH!D(i=Fo*-1Gm*#5|_uB+V1uyQ+Xdmpb6Ief9D!gU5LWV7tod+wnUz0+u9q%4EW2Oklh|&iAKBqB2C6 zBRN4iKW0*YhSI+okDAz`Ran#DO=>}68k}7*; z^xodYfQ!($N}ev_%PBvAEeQ&er2v45$Ah7Skrb7bk+9&RsW@Km_Sd!T7;Z4O2o`tM z%T|wVy98uP1wx&&?z?&}M2JDfN>if$!`L|mXBPEeI<{>m9ox2@PRB;awr$(ClQ*_) z+qTp3=1H9t-M&1Mpl4mqfWE_)RhFys=3;ashIE zNzvZ^ZiG=%^LM3Qj7b`%hPyG&kwCHgeP!q|zQaEE7tD9w@i+Xanb|@DB|82%7Feum>E^K0WSkU@gQ-+iTnJWDh>IcEf!InWB}(ZA{XU#&?NH5@xZ~ zBs`Fy6GZDV#fVh)RmVF**j`>Qi|leW^Aixzq(S=!1}Pue#kRVDhWrf|XtmVbf9kLD z$$*gCeOuX5K`uN9A3Mv_^)bO~#M~>JLrw~+GJoAZZyZfCLTnc$N3 zT_iCj1nq_G+u$m0jcInUP0DXEmUTaZ>?GnZtD0DY%1M&ZLSLJ)>|@)PyG z7$MNIRbDhWVBmAYm6Gjk>0c4Na_f9GEqX>_XaG^JQyuf$Vjxy1p`_HgJYMO{UE{i` zpzJFLq&wq}PwT8IKFc^lRHUhGG(mihTn{=}HCwXjTj(n;@g^zEUF6WrWWE)>MyhfP zgbQ^^uHC_@<4*lNIX!!mu#zZ&5PO`ZSzo%9) z97+CTQYb@L{o#0gr?e{R^#vu3lG~s&-<`e>Gr4*_oTvnZGlt`Nh)HHnbUnno9AF=B zP@`@i@W4MWxgfwJFgXToM~n8%6if%77Uzm|5*zE|Nsc@i21HPi2Z?TeSST@+hQwi{ zgtSzoW!!~zG&C=6d04H3sBWBMd01%v3FKr^Bu2OZDPeC;9|C1xRnym}<;DdF84LN( z4~vDeb)*T)4UM$YjIi17gcbEr4tIN_GE1Jh!3Y_V&C@qroT+|xS#*;u2(Plxl)NvX zL%_0S(OV}hzeh+1Rj(R$BkJ*yMKZ=3tfj;V+DVOA`WtVQ(8=yr;9J%&G6*d$1#bch z{VoGWWzztRX_eechKo++>Ydv03hJ9H^j_xN%KC^49lfVIPQ;Bc66+{?%8sF2c%&O9 z)MzZ<@3T)tz)H{bXr=F`16<-?qp(ssDz!DjSaH4$t|+qQ1cdxKDqc;pJ}VU2S2R{( zCM>fLZ8J3Ky2j_2+F0>)&5B_|F%JS`10iAVG{G-ah=s+0RS+g#6g_M$kVnrPxO#Fl zGU@3My0ivy(piuQ#@TyDm`*DtBP|=*!tKlW>xBY)$B1VvHfsaiKMEm_a^g6gMJ^0$k7Xw;sw!)I;Y<~`MoDA`edO#Qc1j4px3*pi zpj(g>`qePTyOXqjT4hOtx-yWA#k@cr`cp3s=w5a!1~Lf2z|2sQ9tBobCr?d zJ=W0S&;9maz+``NJv*P&Vwj90fYTv*MJZIM(!UYXAB%7|ina!+r!IXm#Z+xq2K9U83$S z*C6kk&n~4Znq54k@oU-PNFE*`r~OFkF6uzoJy_7#Cl^eon@ojCH|GYb^wh&qxmiLHNrdO7{5`PDpvF1DbhD!IeR8VFiA| zcp)X|SQzJ5H3VxpV7JJ7s}S!dYz}1FhIDksS{jI9?X3`Ob$(%j4nHGB;Nf?=@_wi+ z??QA$n@8V=&WuXMXq%WxtK6ZUwTGAS1-Sv94!HS!v7`o@7LixIBW^*Bi=E3AOgC=y zl8hq_8q_@3C8D|Q1HR*r=x?<4Ry#))Kp9~$U>Vs(9*cO9BF4!_58@k;%6Ft!7J!C+ zwDjTNUd87V^>$nJM+Uo?nM=tS+-S?!0T^f%PTOS_?5tfMx~1tH zdI4w^_+|tmWx#D5!;@E84QBJ5v+VfSty-A`sg>HM?~_*zE$jX((EtO_r;P&J6Gn~o zA~o}BZLouP{zyHl_ZrPd;Hiu#xKE~;MpZ&#IDf~!d&-pNM;xT4+MsDUs#bUpNzYfV zbY`?+5BHe{d{@l66MEKw)7=^1wv6siFOADg>7-q*IgtlQn*(pLv} zhdsn;2!!IVIGmiOa1YIF-LBjQbIH-nhIjS*(+d|S7jH!l>{c;nWs7Z=q5<(b(5N^zp2H3vrmG0`ynv`oOYCd!5Z3;lN3x(V>FE=edx4sA>^yqnSBz}AWP_oNZ0wa&drhGRH&dT zjI65aq1zcRsuAYl-fhaqYw0?s+f!WU1P_$s{jV7Lw;0k4XRTNYUf?Q9u_2$lZ1j)} z!$;~2-lk~-rdJ>-`GBb8d~Ca3ucbzybn%AeFBeXky1|thPuUV@?8%J_1s;+v8!K*` z;WRL9yLy^2d!Lw886J6d|CXX)YPgfV`*L?Ug%P_&gr7Qiv)^+b&51(y?1E1*JYW9O^-xl#Tzsw?=4I>T9M2J7Y!oLx{ZO<;= zdLN74ds6VBJ_Y7am|^~d++t_{zYF>Qe>8Rumj8>!&hcN*Wq19smVRjLJ}W;ob^s#p zp|%@URDo3c8pf7kwp&%x zpbmN?ViVgC*{BX<+0cw#899$ZwOnjShje0W1S`H6hqsobdLNch;6IX7=S9TIT<9-{ zR08?E6auYj?O`XksLnu?xLVQzUnUpp%!F7n5|LJVr)NzPcjT9!91Wn30Uf=K!bja8 zQ^f}`*&b+&J*xo@lGelaTfrKTDY%D=kl+J%xzdPl}JJ39^8W9)-`lPm1DtR_AgdQ2X; zO98dZ+&;;gwV;7Z=`aczO4o1{>)=Zm25}6vqIC*8MRNN>*qTGD3mK>43{8{E8i;y; z|EVSIa6QywC$v)DZ2>#1WW}F8oCxG*VBU!ujD<6+d#HbqUyGV)xzS`nB`yKq!cpwQ z6tHB&G3A!KRx}mS^JX$QFT};H+&s9>Hzh5Ot}e&zuB+Cp#faB@9wqv4%b0x41nixs z>Elf7U6%%?!>{T$nYQ9vGk~+DSL17XotFpK8*NvnSI2AqsN3=7j(;~>U<|{AzY4GE zmUA|zZ{S(itqQL{4}IR;UD(?6fTTR17YCm$_Gk!bp z>Qbj8B#pxmn}(!clcR*m6Xykrw#elFQMFYaHDxKNzX^ZxkOp;M{@{%V64~j1;$k2Cd2$Mj1u@r+10s0`vStb0jRvuH;Uaoc^S<$Dcy8COw`H{Z z^th~Y`!Qa`MM)a(J%=Iq&p0a1ZAuI4_2UARf&YyYkAjy>`P)7y+etZj~Oa&jWEOfFwC2TMSWjA6@w0FG@P?cU^9%X;Stz z1xz?p1R~KSs98?GIO3YD2PT_cCcoM?|7s?QmuV3C!SWfwUoWq+$UPx(v^n zLomeiOc+>vT~?=e>Jx(I2g>-2kAlpA8viG39Cggj<`2jGh$cjF3&N;Heys99i*mGo z%7-HQu(E`)MuDM_P?*HmU9G;CeY$ihUJJBX+ zxLbxBbCXFc8T6Dbg(FImY82`v)eov|;TiD@gG+<16D#@=Vj<&s&;(xV8)H(?J{A&G z*gN|+d?!g_wUI6wGZ5R~0ngnt)wE?84rBgaXs9V+;uDcmsV$MIwJ=#Q349l?9k*9h zH6^puu41j=CoM=kGG2Ei320@xHaU#Psflw|n#{toIhMx1l} z0!qSzw|}ld(7c6hLOj-Pk#y6+HPhcZkzRj;o}XDm2oEl?DX2k`2Ym>bY&WdTd_cJ? z!^OFFW_lfF>!Ji{%l&2MMPPMDE%*4LHGE(wdca7is#j&Cr&x1=hLVoi9=o9Q5~SguH`Tu}t0`JK39$?q?KQlP}au#8wx zfYVROxYp&b1(&#rEzRv!bOQu!BgxLai|wjoKbQcKJLWIX0a|Iuf+?825XOr#GjEzK zJb3J?i@3fIxKVXon^nHchB+h1g@-thFP6Q>$;=H7@Bp;x{?KB>=Tr!hh^p}cl3{F-L+M+QgeFAbiAzj9ST%VIaEPGjs4~t$1lMe|0#_uNN|pLe?>nB10a< z>AT`(2#F+ro?MXd=V*TWdB}ZUvjRPt%6biK<;iKk7wsh~6rUgXEeoQ?r%@zeh`+>~ zxW?pzi@a3(%Ht@ANmvgJTpb5&$P81cNhtmgSH5Igp&E_f`cS+{4F&cfwV1!?QxIlM z6gr?J2f6Puc|1Sr^j5+sorRW!L;_V5v0zw_H$MhSV~(ZC44Kg*R02OY1*A*lG;szy!BAU>pi7*t3?CTtU9t3<$F8HD7bWLY@9nD0SocCb`e z$3}c5sUk9^4w7e&(8#KkwVk&nM+X;U2L~bWPfBtlBk=1yKKPB#*ub;Neh_o~yZ%x? zHDDJcC2}*P9WSLsbajIKM$bDbRktNW72EF6vXCW2zEQQd#|yP194l&xw!U89$NRM> zm|s@{J|0h^EY1qn7ry93;H&>ZxN)%mhrk>&JL7+SuRWw`9edD>{MFqfObD}xFs~&Dy(7|7)5m zPDqO5?fLZfeEwFAq$J*uHZpgmL#8f0PZo)ij*=dJ>Vof`)|KhVwlJm4;mo6VOP1Z0 z!NR6x8(Cr2VcM+-=%hJ^>GAGhSbhU<_FXKV){16`vJ)TtIN7+V?QZLOdy42IFdHlg z8gNJ;V-5eaQHdz9U z&s78>Ui4X9PFlDh9G_X36!ov@oSa}R2^!QDqsD+LG=(iqUQ0|7un&#HZDYOTh!p(F zBZdXE763Zhg5a+!*}B({cEj7t^367YC9;er)`y~l(Q9^wKLd^Mw83gHhn}t-9YbrP z85XC2M-UOXmBP2aE zFZe$Ed1p%f)U|b(v9zID#&MLV0feQ?28ApEF}Y<0pvjGEpWl<@lPw*}9obG#Nq;Z3 zTpzE~Qrj=8_AO5H!vc;!5P9Hfm^mtO-DfL?`4F=q@Zg`{$0*ZN#d_gce9i@zPXAE( zRxY05Q#=GC8M^Sylyy~G^p}0Y%VVj^5fD7?$9X@^8>GB4jhgua!D|@%;;7Y#L%^i zG$MNM_Z;aNS>y5d`qA7BDX&@fLm%pn`rC|wE4!=qElp1iN3HsD$eR;!8a2;-(f&-| zb?Fojq+UeE8l#_4kx$4Ix1LiqC?FUTsADTt2bj_;fMvy6*M)$!Wul%dV9Xi=EfOt9m22noWod8&PA8hDkoG7|q> z*eGB^(3WX?nO)*w1ByB0*t8Y64ZVs{_)$zYYezC};NIsI*oi(gIIansr z1$=Yvu!plS28fA8Hzzf`+jHV8n}b_kFY|E>(t!79>)+cSz4b1Tv9F?J;RL5Yo11@F z2YS?eJAN7lozMjCrs|LJNFh!gx-a)({p%8|;Eu<#CC;B~xNQ=Y#{9AINTIB93|#sO z1hKSyjw_yGwumXiXw!VEdOoLymu)o>0>g3&6j(0aOO@Z0Y)n!X^qu_gX+I}d5;Qp# zpODLI`r&NB8<2i9Z8A!7o87moQPnz9uY6BdfO;Z21e=~eun`<^%HhyregCSx-f3MP z$PLz(b!yMJdy_+;HKRX+b@YuyQP6ZU=H6V{`KDRd1U`G8T4!#YIl8sw&thUlY+UR3 z1mfE3-RCoCLbBwl(QGxZx(vGRH4^lKwj-(qxSlb{ zSi(XdKgzBv&%V8Y6-|L}D5->YZ^Xb{KX#YF^r>Ouv&i2G{4(~hf*NFkA@+1rpjXcO z=sZ{QIVq?z(m#%Nhf?4o`Pq0!PqRt2Edtr?i5lwa6$D$JRMue8x{bwduI?xW2=kJ{%z1<+-aQ?+eq3gUienJY1iyo=>|6oSR@~)g5Hgs+IS701B@9V{mhbWlj;W zs0{?zaFPtcks4DV`XbYo(xfWucA6KN;)+)U{_9Uju_dMxbAmvqebV0;q6C&~PtGV2 z?$*?$syuBJJ#BL;a}I-0DMLwqUlbk+)epD?hyjwz^0r2`yhBKhF(Sc026(A#X8iuYfBa@ zT&7=)UAXy#{@gx3j&)*Kj4w|L8m#+->iiCkzFL&+>k!7KPyD&*Dhqlz+z#uc!q4`8 zJSWwB2Yut)W>3ITMQGgks~r{3hHr ze35=Lj#3oy`bS{>>+z_069|kVNVt7FpIEupv%9#YGiN1t`LS+Z zq@zjTm@w#2HuUbw@ZtZW(4??P&wA^at4$O#s3d|g7EWag|M+%J^ZW3)lVlq280Yt|OVYLVlNpOU#ZpR5!kk*%Qx3@`8hu>{$; z*#Fy!$|g-~+YND)uWP+N(Ca{_I`(&Y=3IKYOGjeHv5iPVNQH>ySW%BZWA2+rx ze_tEWj@DBU5&E}|x~HdE9wx(BTcOQv7lsfYBGm+7kO#?@wILszk?x6-kmKv2jw^Rp z#-5TYr8Md18_G&p2*eXPR7xl+byEJS>d61KNLbW}Kj_FsSflP5yiaw?q)?4O7w053 ze0%>G7+U(+pMiy#Sn%6(NC;wuOX-Nz^DXUzSr-6H3gd*iwyM=3at52RzJ1!?!CbWN z@>#V3iUnKoAjHjKNY+1lA8#ajL z%Sd%jKU`X$OicM_>dOcoC#O`LJcmJ`fY1tg+HF5Vo+U0`kstJJQlzvyFw7uMM12k| z3MDV>NK6^Gu_XLyUk11m43mBumTZ;6<`5CI5g&Om9TZ&GPUK9H8!@Th*lWsoICk^< z!OTFJl7!g*hGhB8iKkpOHCN78LZ{v1snzA;$>MvQ^o%G!4DtX;r;cTPw_9W+j18Lv zf$UcTS|r;62Od5^sh@;AwVx*&$VPPLRzq5RlL;;7&61A}snKfmiSLAN(}>z!T>!#f z?A$CihLs$Q-zVNxAG!2zbWLH?6iv`B^6X;!2^YVv>63RHMvp*pV_6zEo8n0{MQ_wDWUXe>Es?&0~Tci2qYQR zh|Is4BqcT~1gL2pW^^Zq*kp@bdO%aU zgpaEAGB4ym0G&6eJiGQ^IDVzhgrRo;p|!+UbKW*w&fqb}W3yc{v_0Wma4GCU1~)3n zjOlm`P-&y&9_BL8j*HE|`<-PoR&b}>rUyi)`f3j4?#4JNwr z7{x%)Xd>f>p6tOl6F2&Bb>3lF`SA{K7$9<59tY!@0jyA+j7~dTjk`P{VWhz~nlN2d~>}p^Tp$%C#y^*?*#c zt^P+BLR2(B^n5gYqG!}^754=%ES(1I>+0Y5ufSOlD7wMB+7WFjtMc}R`yMF}Uu zq8xCux=?>RLeCrlV~{ifLj4(8#t4Bh*8b6vTo&449J1+=6S3&v%*zfr#=}%nnowc` zk40p}KTTgP@YgpDA-R~Q*EiM>pzM253fTyv&voWxzi3ApNhydV_j$c4_&a}#%i4*N z^mRmG`KCv$a%3Wc8Z?eEB;lgDNU17hyXAXCdh|tY`HG%T49)1lLsn@C7-7a&*o!Gr zZ$y#(2AWJgVdBL-7x$IA3!$cPn%GXbT0T!vJ%@P-X7&de9ju5)k4Pdyvq6VDP+9== zp7g`_y0Q8@W@_)l;AZ-vMuaB{@BO)A#WCGU9r^)Hr4(O}O&+?tE}O_4&``Hb7)Eo^ zQ*h-gzuG6jXY^?Okgbj5tpRU7I2F+8(?Ll5xeW4tRk73xC_kgCvljc8h^Ay(;p{4` z&l7U>wu#nm0>B5N)WDE}kcNo8VLOmdF95k)HjY7)2_Y9~jO)A4r;e7?Rp3m-S15FY zIs*K9>C;3&#g~z5=C&H?p9m%RJ#9-#CL`E_i7L_ScG?PS-F9uu^ke$S3#o-$V1?Se zz>Xjoz}qaTz$J#<%}!atN{<(_5x)pFnaN0}>szl7Vv%7t|K>)fJymk_0sF+yhe3kUUK#O0qtiG z!K?-a$N^3EhVaTR15+r)g5XaXxb(4kj^h<7-qYHWRafd8fYFW|F}<3r<%|3+&tp8M z&Rc7Pq2xQICc=SVg4P2jt_80Koi7`J62gc-VbmXDtwk_dzg+lOHd^Dex4sBtSgy)%l7J-4;)v$!;|v8hWyAq0BAsN}?e{awifoeKTrAV-lcZCC zcR!m*X)891eG(!i9TwVyeFr7yZ3*Y1XodDfzYdjQ>BHISkTL%BlYAjX1|;*cq(?6Y z3*MNd_YcynU_+y`a%^BTg$YV!PdI+Txk3c{Crr_r$MgT7(%G0IwulSNexvSnEr?R` z6@?>-I}XX488&D>vD&kb>*yaCU>a(u29YcMZtVffyib`D99kHr#4#gv>RmEH>;8#eYKe*HHyErWqR8r&;drDZZar(dDlHuu*m2xY2eOlRl2Zq4i#>jdC7@b$CO z1+G_eKLxyZ62Ty)`ZAHu^Fwj5(V7C@WDY=Xh2n!|~%p9-G0GJ_qxEpWFZOJ2%)-{>Sg6L@3j)(&#=Xf5|sXpfFp|U3c;yAf^LZOK}ZO zCSOSatoiO>BT&gSbY>1x*{vdyP{n6qPd`lBb@H|%xZU3GpDhiwFeJe!r-(Dd)GYg> zK+Ej2hB@~;RRmP3-m-hKB~nbfMtZ4n0NSDwZ{O1y_bgO?i!EH6I-;6dE2%wRA9brA zr7rp;rn)a5E+Wgql$iSJemdO^EDh;lf*9}mLm5JEm}5L}s@u?Se~ksAM}4E&mCTd1 z0`#mw@X2p!19upFI(FrK_-6xO9wk{9#KG%#qbk!D87Hr=eu3Mbggo4`g;g6OAFrV# zx94xu@1zVd7fx56%+S{liOj0r+v)8I?{tT~@xYj;Eu*9~XKvMC9B*~gN!KB$*Mf<3 zZEPODz{}x7(YW=aVft8TEi~W!g_*Kxp)0`o*=ZrfG$od%T4}TNW1FK)%Tt&$Vg?is%Tlj3YB;jw>-B3?6n1;e z`}N8L*h{;YAaS$#SI;g2KmGY#H2E^N@$p@DPrGx>k)qohF{I5qeC>)SybduQelx*) z4AZJ20L_`tD8=(YaaL9@m?bJ5J& zM?4=Bp?cx@@s!Yp56&*&Vc<+Kj~5wqmHa9Pi4LTm#V!N+?52)~zT-@woW$|Sv~KBG zC)8aI5Sb*!`r47TLtXZKGfRKXZW(pf&?q3jHm_PcmI8g+e^iWz1@T_*Bh1TM@r-svXCIu=ME3R_d7Scos!XaN_-?u zj8L~S0s=N>$K;)4gs6tt#dFV$SnJzh_iSL6YPIVJMn<7ikML(vk0%Xao%GWNjdcAh zm8HUIn7YyxsrbspKB3R*9Oys#gF8wjf2*~Ak4*49cvIw%0Ir`hwAJQox@*qiv_@hO z2|69|49cCdj%6nSWj2YyE+e4O5Y*Oey<#RoK+2q7`C?g6;F zvwOwM1begRNC;Qn$@!}{baZGY&6Hb_9hv3)n`e7;Enu)mp}7e>Z_Yk3Z+8f7o{E1qR%-Skx>|P(%>8Cv1|TWc8)B zly<#pVn<%TwAxG*0+ocgkxGxjuucf^C@ULuw@DoEjM_Aeqr#4TKpYG_`VR~WDCW?0 zKwCsYf7Olv*!qDn{|wd{{g#NBe@%(4RFx^5#?N2+C61iZWTap#r5&XWyG>v^m*sV_ z+-l$Nj08xzt$^D!9N#NtmJ~){9X(*WaPkj9QG-MppbE_AQ+}=^27Bez3tlUL#Pi^Qoq0v23w8dp^@~Pa4Sa z)@y^#mi*+Bzlrb@LzQ^2K@{RXot%46K(a~aNV%R(5;?P;zqWhrRzIf6J@^J6(`a># z-;i_0uCdlEb=C81uSywWf9Pwm*fRT43Qfs@>jhm&hw7a!qz}zuM)%vht~T}pdH6|R zaSM0{gQX|S4!c&7-~KtGV@7GBSBurFx01b}nI=w*WHg9Gqp*rA-T1KPHGANY)D1F~ zmPn|H!?}h?Qz#EAp00{BfKUBCwEmD%e|8CmQY*eihgQbM5fG4QdHYgJMLm$iF?Cz! zOcr*KFq5HvokKvx4>Ir_XtC1_h&o#{i)XKZg zuX`cRA`=E8ZRdD^_8IU;(|H?d6m0{!;WfsI;QHHcwRlm+87KGQs*_{LM2wU;M`$Is z_BuX(C&ODYx*7>p#Lg>uW*q9`W;eN1%gVJO%7wYw_@*wFA zWKsb-1XT<^nd;|ZJ#Wclz!M|Pvv?o0E+-ER1uyZ@?FD(>>+ zS(--_SAxiepPl(sosV=KsXGZ$7{frY1pdM!k)lw~=4p{EKt}f1p~o66p!>xx3o;27 zDQFxx-C@N*nML|*i$EDzAj*mb6CAOym>E|qP!Q=gnPb7N!=QH;g@U7PBSsO2!ToW= zBU!IIRornj#0wOqqF68kL+P9*qwwVeX<7h@R#cs44;^1#n@J8$i*H$+hlJlTK zeVYW?;Qg;)k=7`%LvmkJB*Z_|zFa#W3{KBwK6u){7b?5Ff8j%E!_a60EEl;>MVSa< zzH`CkgZ#m+VtU&qI0ElSu-t3fyDK?z6RK*o!41?7yidDj_F(l?)R$Ew*`{V7nP8X$(HRZ!V~H~RsvIkCPziS`XW-Yk#~V^y2(!X^7yF@1j}9QL0#T5lTB zt$qo2?;P#4!I)(Dd3i{hs-N22w7dp^Ni!yo#{N0sw=IbRkus(x&=l=$a=lgIi-0Fm z$LxS#Ug&YenY-`fO`wet*X;ChK0|Ew_4qys9mew9HST^58T9#TMWL7WK5Raz&_|So zTP^OMQM;`Aw`df)P(Sn&mi*^5jlWIkHo+zO2pCM9&P#H;yAs5yR1Yze+h_Gi# zS{eyMC@He|_TB8twpGrL{Yo7|dPT09!Em}UQ|V-yGy9M}Caa9&ahHCZj`zj(^>pgw z^>{WKy7$^!x`zhq&Y3nH%l|P1$zt~H+?yU%*cV-#f%qG#&z9ZI_3;GRwSc2%5^{_S z)qhaeUx0FV;LpLDX+!snVYL{aRxS&@NJh0`#_ON)P(+r0jPqHZ2Tl>=ZQ|DH`OnnK zgIZoQ0H^kn7cX;mX<8nUz`9NoYFLb&*MWbwyB3TYL?0S z4e7}@M~UAV=Blywj^KxkS2S;&au|z7`w)`j%(*2}CRtS+=FY(xy;O?;#n4#o^TP&X{W(R?gZyM;%TZ00)dBNycx^0?v|?6lech}1L9zIOq@ew2 zALi$jydm5yDc#A_M0|=NslAtUs#5v=aCsPZ&1EYFI*>f7WVeY)XfA8<&{oCAR8sBxJ7^qm(>;L_~W z%NmCLvL^vmVt@wp+e$6p*d7c1BW{Su+5iF*sBojI8L2j#6l8k}+2608MC{=oZYz&^ zhpoC5>Bb^Vy&NgjSU>F~yl75-$qm@&bb|9MK3@PIOu&Fn!n5jmRTUgMITmhN7Y zGG&vMx*2&op_u0#5EFGL~&LwUv&2gZF`T<)! z*#JD!fu(*Rv}VgbBtM%z;trj53y)L$9ds}!cv?}E5q=Id!5*tH_;)2`UevlR?|^7o zq08nS(0O86Ou@w-)c$mU2!ppvf$AGAm`e@nVaubTcQ>uYzwMYMM!)vFlJ8MA$bUN! zzv{9_L72{RZnYW6�>;);1vbHO8Xn4x+r=-4N@HI`b= zIBMVbWq$5tCRkTpsW)GG>}( zFN$7ym^&_{oA8S=%P-ETOW|X!>(({klg2jrtPRn1wW~-vz&|ry8#HgA_^`nyUwTNM z(Nx;|vI8Zu30aUKV{x5@0hEs~Q5}K7o2J8vh;4jsi+dy@C8CXbqyAXD2#A;tSp${Z z2yK&e0v=5IjA`AhGKmwlu>H%LxBkw}DY6$O77%+C8#GqM8f63>{eOVbP<3>pag-Ytde63$+rvwqCauZDI4g-8fIwnCij~x1&<-^!EYSqoMwSTndZ_Zbu)ZpqOWZ3t zCIq1W&MWjREU!e8mXk_3;y5`v3E2MDO;f0BWF-InMxkNwB`_J#R2&NVx5C?PQHaDq z>fquNWGWPeNEs5A6+4u6(U51Bzcf2L=etrd(r#~uR>e~4W)%;`MdrvpP%gmPxv_~0 zjEX%9F}d9siH&KYI^i<_}v?|H_^xe~C@V1{}54LDe3 znwK{$#Uu4bJzt?`AH` z8|^37jqze{eqQ^_CRvM9Y2`J7U|iL}hfET+?i{v1kH>v8wrW`hAOdzKBI?}*WeKn( zi0cVl?THMZSu_2Ginw>_;@jOS8Odd1^>u1$jK_Q<{7C5Y4+0i=ebDE2>A|Bln45(( zHlw}^r~};y5#sV^!SpAHd4>%cdNJal3e^R`>RveOL&@?3-UfC5F-|a+DO?5)WUcg2 z-Z$W_0o)Re9l5hd?zd@)_-64#J>^gOgf4KNlBZ~&8JBY``wze=2)HFm6H(0GuMWZa zir7B;k%abw{FVSHf@|Ui*YSdd=8cO|CouvyMSdb2s1caKP;IZ zKnk8l$h&jgw@*OKn<#Ew`kr&+Lb%BD?BWc?lTdJbjh>BS5>`{XnGp>Baa?5|i)Z1V zN}x_BEADC_Ns*RL#K3kU-f%TthjWyG1wnY{+GRnH1{ZltD^^EdM zZ(&v!E9W1@gNbRD*%`REj+RTMj)yuHFM4WsN82u}ZOX!X5^o$_ETPBt-*AeOcA-z) z102a*LAi$OUKU~lCJc_Hk-LAX3p=rEnQBHZ9``;keW_^hTsF=(y`xAD%7A9B&zZZ- zmRg0iNP+E3&6S|I4^^6@{MDwAs#7OhgJiCuMQW5Xl1yG>G-h&7F2?k!H&-H$lC2cn z3fw&ot^m9vbD59a>!ldPQw)hYzH{i?dJfstCk0oUYL2KOptK5SIn6UlK^AmZMBq$C z;8azll>-{1%B9sE7f&mzA)Zchb@6a@H#O*Xb;n(l6^_W=pYIaUz;ZAuZie>bEpS+v zgwi}blbL$eF_0P?Uv{D34^?`C>cV7c*3e(&Yrq|3OA>hR82WApSu6N82sylil8FHS70OYN}GJkiuD+Kwa>P1s{o(YK^A(R`W6rjhG7x-Jn z?uYFp5W+@&dnTPLSRw3F7wM73E5pgA(pNplggo`2D5mY zc;)!@_vBYk4%9BOc35yqoi^I3A_IFzVy+J~CirZRMv(vb{1DHEWlLBB+W6J})7XxJ z@UcLn_0&=Tb#2Z-);~nb-(1qzf8-m8&=jH2jqA{=Vjd+2O64(0(1b`D#EdXf>rTB2 z{NZ~V4dwdd)$Jn<&_+2)!<$!3JDL)p0-=^KeeD?d!I%AkeT%0%fsk_i7KLayxGeVg zS-=<4o1Z9p5E)#yo}4fSSVplr#BUQRGx`eQSU!d__YNTF9T&zqHEi3TrBpe1MqWNC z?$knZn~;PsMv8C}C?h!-BD_`pWI{%kGW8IQ4>#IAM~@+Hv02u(oz}F!o88`RE>~-VBJUi7Mm4(m<8<`vbiUj!PbboBP{za|! zNvj^Sj}(m)AD`kj`gexN5Z|ay18xHuHNfHrs9=FV`LB@;}|8b)=j>?{_2u>Z}UEaz3f;_VM z*N0nXf+Q~H%gX#4F@=JNCLCQ$^FB06I%m?S5N1v0yQHqbnGx$Brjh5z70hpF8vHPO7>yK&`-DMYz%zi$f>;;#BeJ6OD=@Ufkfp&HHG=-AIg6SiqzB|5QwBr`Fovq zyrxat^C0ZyW zm3*EZ%1mV0G?JzRChk&4H8%DsG2PF*JY=l%XVz_%_#`P@-oiC?TS{!UaH=)5qQBEA zc5Le3az=4aH_`+6x0BNh^s77A2di6n(*1;8CeQqZ^CU zAx-gLT=$;c3YBRHbO&eclXJ`n2E8xEam_G7AKTM;1OTBW9s`q3L^D6=M-IfsQ{c*)Uf2E9!!VCzzCSS8opB^Q?ZG6&1QK6b0B6Z_)MH8tBLd!eO_FZ(dpKE zBx<=R5|4K#@Bri%nqt_283$;)#M~cmZgUIJ`$e%{_Dy9G`=%YN^*n zC_fXYVSAUlg-e5KI&qp;7TexlxH_YU+vv=vDsSS!nonOk8}<_rV#}h`(XAz_PYmT+ zp8<9;tbVos?7$(R@Z{GQSC7-n$?<)A99NJf0jV?}|9fqCX4~M9UQa`us|cqnp34L} z@F#-69rCw3KCYj@ME(#ZG2#9eYYC8&`3^;#_@;ST`B=wSppJcBm$9XKvUa-dq;E&t zKEJ$#F;-XrSsa}^UCvnKLePLGOxxEc=Z9;%egN!jQh(_^mIPGV2j zSk6b~@U@8W(Qcjc*5)tv7!R0Q=bIO{HtO*9Q14rYD>_uVTc*6NX1Vv*HD!w?KC|t` zB<@;uor0&iVaCFkc=i04sbqg1D&(dI7*<(qykdjDwVWjC=Y_!Js`R7iCI)sZ z2L?)$8ws}ktmc?1G^=Zu{uf9?|rD_i7hAUARzW z%^~jz&J7y79}|?>>%g=7Bvyp40!;QR&cUqtvB6Yce^`qH2tXUDIy^K%ohVYE_grp% zBX9Gq|N4N97d`iac!N#90BayU8M!X-Uj?Ie#d`rY<3!xh`HgxN#R%6}3G=-G(p7K! zYjGtWtND&vn3;9mC({7)7;XD^4o8*nMuHj7b^{+Hx!#SnEh9!%3xr5#Pn!CsHRVrL z&Q+}gH*4v%G-^ObfgDdkH*{P2JNm5c_OdY3ROC4AK?;}BBpckl@J)EfF+W#&fxhf4 zzYt|dtESVCjaPXIx< zvWL-bzk6;r>+HNd_3MD(VqU!XI=+8HAgH%?roZj)I8WaWP2n+y3++gr1QJ)p2T7q6 z_IfE3n7n;M=h6hzNToK0=`58|Cr=^~z_4tGAJBOi;yoQ#;f4-Yh0X}9L;_p;X;_4? zS3%f|-5Dk3f!i)iLvw9whY8-q8#+j)T%>L0E2Mke4Ij=|N;eeZh9Ba8HI<5>i@rt% zuq>(mYQ3F!yfKI>#{m}X6pOeYWHt_9?=4L5XkqXU5wwmJd@V3?^%xIj9A$wXm@0j$ zox0Er8Rw^Nh1JF(Ex*(2u%4{Ng7wugaef!l%>UOlfQ_z%m zs%$*mpfrtr0}YJWeO8;wj-#wDnyGkMJivv_a`ZyHj_*>D<4pkrt&jb_#4RKAFYC2E zmn@DA(IV3lIlggk(r{3Lj2F%Qt%=WT1Go=Uw40q<%q*qoj*r2WK^kb_% z$Y4EJQg-e4w&_FEOHGitAE&#E9x#wO!(iiQ(7DZ}sSgh)XmdZSYOg@6MSM?q=emW; zegM4kas{==elf512+@=oYTZhDo;B9ss#GTkc)$c|LWkh# zJD%LWBy*b6PJn^KEibJpv%b@VEyTnX#eiixFk&=L{JAtUz@RXb1DwE6k;a+Miq_XX zXAqE1O15EmsSfV|@uImPB$tQ-ke?s9g{v#J=;ZD@J!`#~Xv(${$hH!PU}ZI-*s`*! zSwE~sy;M8V60Hmosyu*8QyfXw~wJ2-Xjbxl6 z-BCY5(RkwO_s67R1vVR z;LGaas_#D?AkX2Wi&I;E2v8CF(*_!3Pb7{jyRsZsW%cR*Rpcqmu5UEz(39^fh~M%C z2gE~9z!GxBJcW|bK7|Wcq15PI%oy!Dl&ve9&!n3V@+3?;L+;i@0NgF_6M&IT87uH1 zdlhV>^ch3S3s^yTBanzs60jfS&poSKm+VB#zp)|`ae>kUH~xX0c*v$f;U#;6@=+4C zC!721T$#p4gzlAgk8(_wjDvQv2G)jupe!RiZ!rx0*xJTH>oVN)2n+@Eblr;`UZ&)Z zPdydJXG(X4h;twJbI1AgYZ`2qwg_hN<_wuAUU=PW7x#V-v*^Ed8NBriFq7sV`CrD0 z;Xf7yOl(XH|MO8c_J-p&>!XeygPoL$281{OccYx_wQ-Iy+lIP|hrJ^0EDUJ_vyiO2 z`qlU6jVN2c5&O~kI=B~qc8uuWPGZ$oinfp6!_3Qw+8$-gq%fM;!{w)Gig1;1nV^}a zOOK8Zgl~7Wv^?`wVa3)|6@^65T3P{Q>sKSyR&7T&qrh&8i-^(Q+exdt$cP2x--(QA;$CHbr67#l!fXCmF(Iq^!CdiSN0q7&?QIXJE~-YSHZSbB9;c;pM+KLYNC_- zIxP+Dl&>Ny8YDLmh+EmbYj`YSrM$;&z(jd&ygT$L84RzXjxHtpe_q~@52m*7&*a3x zLAMzb2g(}TnFof9&HRO9A)o;w03IBqP|=H^-0r?I)u z*OUlluB7TL0HsvW!?b??$g8$7v(>dS7g;@4{>xyUg>`lXV%-D4eb753sd4A-5eskk z)M4lDrg*J&7Ij$2w|1*6q{{T}J``q2(FAoCG{6GE{(-R7onHwj6b9`XOY(b{JsrB0?- zZNB5ypr%n9#^`0n*>a#cISs~F>!%H1aT(y=iVl%Y7^pqB43%TY0unoSSxBGpi(-9! zSw+RV6Rl6t%j5b)qb5x|E70>ke_jI0nwp!__W12r2dm@af)f^D56E@! z!IVq1ON)|{D5FqbhWT&ZQu^^t_mZS@QtWZLVnnzM7)8BWUt4ij5$|p;avv312CHpK zAJ2qVyTtf<1;)R=F^Vf1eb+HJq3s}q1)@~X9}quXpnqS3Slxf7NZQE-=dFV|sZXCGmyrt^|XM086N>uNsOffc5*xcNAZaY;1oz&Gv z7sEnZorgtG+PrJ>?K8ly4ex<&=K@?bP&IDI0nkZtptR1fHVk8U5QYc8;o9h&SIrXmKa#yisl6GRWC57UtnNuZ^J8Z_TT=`} z@}fCmK;_h+YKKzYc+pr<6q3J4cJq${nL{)@9f@NwO4+|)ygSr*VpBMFBRAWKwcmrVt zZNcHk+SJ?NA5ujg)4NfUAvA&q#}E=B(u$A_Mr#i~Jj{xSq#Uo$yvD8HM9cXtqVWz$ z#EpJ3kc&{Nug@Kkq=*p7=n5X4LmU}Tq$h-)Pe{;uZhlNjGXw79G*LfJprg(}=TA0G zU@X6d87dVP2{bT@9nWKk=g_ z<|t{g+Ui{~9z?K==9<@Wz|-ny!^jYeZSy=fewrTtBs96iTHt+yh;avT4Np9&j}8;1 zK1kh1OSV9iWK!k5I<v4WeoG)+Hbc zOk15m?-v(LD5t~nfI_Xv6ehABUITNJZCpnNR5xv402vy1BCmV&amb9*1tQLk8wHSg zhhV36Z~sFNTda8Y&Y$-tsd$wlUj`j-P-cdQvu|>Kwf>I%8j}b>FaM|^-t*pb>NGA> zgN=QZhQHDqwM-CNIveK`>{rltdW-VFT%S~vb<>G0*ps^-? z|0i@a?8&L7?C6AA=UQ*%^zB^5dU1C&>h4iUYH4+Z>`rU;`eTHzrz3c7t#3Z9>=ZPm zeb$GcXUbo*b(!FbD&)q;6%Ce6_Pi6MQf~e8oT>R^w@9Wm?L=6LnMCt6u2d0G6u77E z?WGmm$?D+5nR<{Kn~@AoCVQdERDbtm=G9Wkh&SobhoDrMc`8vF*vm5>Z7klBwEX&@ zj-fPEh?_z4_#aJFwTh1Pd@8mHE&nI`a22IH!r57pQ~#V^#aEBs74UDzVfuh!a(D~* zN70|AKfCD8_d*u1&=}>Hv7OuUwkvEbC*vm-D6KEj_S;@$>szT>kq3Ys z&$I)fz)Qlov1dy#9xasc$suW}T5ZAm?nKB6S8ynfb~Xuhx0kJ40y`EI(RgNlBo(Je zYO0DPn@lv;5kFfMHZBx{&eKc~&2t}4=lFM8%-H)qYQmvdFvRsXWya<+Mp;B5zqR95 z({9x1@~xtntC`EFWJ(W892#gB2|c(C6aGhN?)=3j(wo>T5t%tOQ^%v$Dqk%LW zRO^A1vaa+P$5DgR8jGl=j*!ub&T+30+~|uVw;xePd-^TZW4G}FIn&G=+;a&rfB@+g zcH_K?liwMl0nx#Xxv#t3-?w63F;-QMdcRLM98dkm`qU;z)WrntwK?M%|NP~u;wuGX z+GN>q>^=0^wUZ~#7lT};8LtIgGZ9<)`OioDBNECos zttJ!}%?c$|2F#`5qpLoN|JPId*iuk|+q1j)2D7quM)?fa}}VSt_OfSF9`%{)^O5nK?EuUl@Q7r%Xikg1 zX>(QdQ}8HBT#vG$X_Q`TaX>Edm*RXZUcHyuOb#6m&=tvJ3l?u2czz9T_ba3)Ows6l zZ=c2%2D$Xqf2auxji+MMfC=?1^@Cb!MneD7-v$rr)h3Y&EdbRnca8 zl3+|os+I&yCcJ?;@!5-PFIm_j@RZ`@87;X8h&sl&2nc&CopxcV^&9ggV^*!Uzvo&t zl&Hssxh`ZyDiz^Map}^jiphOkLJL!^6Oe*6G}%&qcSa6NBgTN{gjU)PO(p5co|-nL zl_A^;DZ#}%IjT(KUw7I5t(qRBfv5L=9ho~}RD6|zi^|ho8%^No zuT`p+Wsafo{_Uf&PyLHtT*x_4fSx>7+E@XvtsZ^#aIT}Gjb6;YluT*=AL}|}B%1bh zPF!1up}G=AV5G6~*k>JI3sc0YM+`?CyQj7DDRi8TNyvE|wj;sL`zP&h3rh4+V=7rZ z77?O@B3fft@l=(>Wb=4?!*pJCieZ`ApQ>D2j@I*@bX6QgMvm4mFtkgZVw<;FKr&9( z>mOjJra2GxIf&GscnXrH!V5r=9E}kho#$_V=nv%6UJvKZrf8fQqd)pfWjX32yxg9@ z?A18Qa;(|8DZJfx0GKihZ{D~q22WJwkpO~8@=e$ ztwr;%;AP*DQPW)Z;6xcxbz88>>R$>4E-!mzQ|vmW*{?vsZB$TbZ_ik6{?ZvlqbdAN z`$aH)uybP$;iiF-G5#~(pYn}1yiQt4n@T8wWxl-13B8N+%_Hgiw~dD>{})^o=-BeV zOfKVpuv{28*cks;lbfS1m9)hQ(|cDpU-KwkP5PqhwMiypy2UJmyq7o&N5f#{@?!t8 zo^w-2$M4^0Ty=3|m_Pstv>z6iAL4WeaW=E^)>U=2Ca`a;i}uyf^mPcr__9dilt}+F zNNw*L@-*>naU@oI``T&s4{RZ)_-0B>+*UqSdL3rl6r;_OY$If3H`+K)SN<)arumY| zx%gCqZtc7E?fx=!dl~l!k`+RXGXj1qM3)GOysnP-n=BjXn2&Q1x^dZqvB{D=TIpSN zcC1RTZg|j_p$Xqb;vj;6aLKN(f49L|MM!VQ8t8yGRcC9t6I0w>o@cI5u7vaXZns^g z(6oBM$Fi-uX=$u-S|zS`G(fAdRr3ICZh7PBQ}E5C>=o55ER{_-C1I<=w0FaPo~32d z)L^|}Ip@-m`IdgG*xC~XRufeU8a}cc^ajBNVnbDuE{Z4;*1Bl}OtDj}S+L!tru;$r zP*>^A0U2XSo)r(8A$ICkFGGmpdKmH>(zCb7ReVC`^5Fk@`1IF69 zCJM=0D}A<=a{Xqp+6Dnc7ouE8_yrKQadcH`BEfEGTQp6wPhHqoky`bgI4`Y zGcXI7_}kBVA~`Tk;ZP%U|DXH%doOFk=ecFux4t3FH@rb+dpoRBz@`W5%}QS3lm)MJ zX&$-1sG06mRhFC;4OppSPbS$hylfwsBr6ul2vx%1XtG8Ef(tOm!8 z8hkyUxmYe*(WrAZVn75!uH3V;V5BNpb_DG3{6%{WPuz)BquErgZ>%n!#apD-d%c^( z30_aWE8%|l3BNHKdf_aIVhoB|7VF^xVzWX->nzz)Z)y8SsNsQ*`m6rCwJsVf}p@!id{{D(uq)P;!Ii zA>eCGs)-CQoayZe|K5jA;tO`!9o~fLh9<);=Z@ms&r9+6bqx6Jj(;@A^cTb#IekCf z#6l4jBU0xwrx3}Ds4)8{SKrQERu=xH4&+~oBnvD4fdUJDAPMIPGtiPh{Nfjb#X-mG zpu@}~u))NBGcl6(Z|J6RzlSDE$NzG}FZngq;VPn1`{m3B+V+MJDNQvcEr23o8;`{+j*h1XtefC*BLuQuU&C_k+R z6%u2SXKz;dc0|m`V3=BYvLD8Y9r2k+1_v)EpENwEh>m%`&1}*x1B^yAu4ljpasTkz zZ^&lNacCzjU?x112F3tF34U81G96J${hLKbcyISLzmz|6Xu?2Nur38~EA92Y&b@=` z6}+2c3*%6;99BR+G)(K!P>Pxy>L_DTh^9R#|D7R8ftGMC0TXJaq(@X+7aEdu5a0xqq`ld6t4^2E6 zV6ViIncz0`hwcuciLT=5fQRiA3US>hz7$a_ppsNwkGeExqc!!T$ER$^$rDI) z20FqP8;?bv>(uM1m>=@Arqa{5aHdK{-8?T6S=6dL-^DC`j!tGb@ESxyH)TmFsUdpi z!JXAk*OfXq+t8Cva1(|KpWa?xew%g4D*;Q~<~RKbLsWm8oOX?HV49}N(Q74`m2>_w zBEA501Zpgc+(BjUi3T3&={opMLtG$GN1DfdMj16r zrZ>xF@WkRefxpLXEzGs1Rm+kqJ`rGNHLF#OI4zQ-$o zbVEm{@H?Xgd=|$wE%S7@cN?bGhCeGg4?3AR4n1`7!vx?(@o4q>3}+?$gw*@B*+*mn zpr&5mzFzu0`zstRNYU~8;uoIw>k}9`|5p4gr}Arx9fs+DV|V#1sNlx;J=USv@nzqu zU~l`O7Xp}8{GTe|zxqcQ+5RsPK=7}r*23D^#F2nb)Y`z=MA*d0&e#Nsmlw*(+0n$n z2FiUiCcZ-!m;oWwi*F>kbr=i(s0v1{SRU}U5CzU^P;vvr75(9pok2jbI6qT~>GutK z-QS<1Bl7rB)(V1K-Gs2$Uul2d2?om$TFP@SxxhpH%z&>^lta!;8f)`)rxv>`fF<u}P=dE#6-?zGbV$kYRr-OUN zeE8YXjhWk4aW>lkB1j;~LZj8>az$nBqI17Hw^JB9#v8J#=L!UUIQTQi+p{dpseL7a zAbi?lzn>$)14>|25>D}Cl-1z@Pp^mDAQ;yCUlj2K69@Y{Pn#eL*@x=DHgvyUcL$$` zF11mRjB!I;@HIApWXc3d)Zq*?$<2LFqsH!W%-QFHeYL~>oR%O<|TUk|Yxn3Md?iNHBrCLZv6?yka#3ooj-SdppnJNp*;DyEq zWOh#~z7+5OkZ=qhCy*zudZ=55YiQU%_Ij;te=BxTr7P{y=XY5{$ZKLvR%oYi{V?hh zLcU7LE_lSpsNf76nD;+ze3o|Unqi+x2^tC(N)(Bj zc1z#dPCNly5ZpA7QoCGs@-2pZc8+Zv^c}sl?2qE=>M9aK-DV~kFV52ToQ$%PI`Q90 z>)=@0M5Di0H2JEE_U_yTPxDG0{sw(hL=0Zp9%PA-40TqzOLu$?9}hXWP^{W$+`)0r zl(JV#0AQw8X#{AX{PF53;#lO`O-E+#Ci@`Wv*~p3UGCiNNhAAo4le8mK!*P^)IsvN z@ml*XuQ~sa5C$`I{p${S)X?#;%6sh-mGh_RT3h&h&7~E5#0wp^i)Oup@OFQjO2j-9 zMyiXHttw8X!}9UefDEBf*;r!P<$Jnz2x>+x#cZI$QvFsC${lZTZC)I)#9^M`4-e7L zCvf3~NigTejUj8SE%w+;w=hp*)n@bzyW&v4f zl0@7{y&Q4$iy9x*Wf&c9o-Vf(*cADM_{LCSNimW1N)TYIi@Z)m>uC4Ogt)aVO)wR> zNg66xrP=Ys zGy`!jpmp5AWcs=$mj0OMEdxsAH4q zIiZ6KL9{6EwDqs*tW|k>^Hvkufkj1K9}s3Wez@fEYL9nlRM@vg1|) zMpVMm?|MU_UC5hqIoKc}=2_*c)LG>^*)cWY!`o`qv}fhAeRHaeGpNAhYSwMB5*E91 zNoT6ShPRty6!ztOVI8DKbtsF0!*n|JcfgR#Em|V4mx_iJFYZI>%wLr&kaBr$V)9*r z6j2eoxTos54p4f-owtC#{lYjbxbmmxUaI|r1J$&{FV!ZX>DHld32ucrTO{l)NIl&GDxH)y~(nflm#h3d%K;) zvs#m^y@r9MQ=~kmKG(sq-JE%lFFIN7dmV}(s}{Zl2sK8I#N3r+61dIL*SmB^V*#hV zGKe3XQqwPn7JY$@0qT*-$9vi&vR~Tx~ z9gLfpw|_rZ6jH>Oepaw36F|9nZc7VD2BmAXJ(!b2`@Hu_t6}Ti2%>EzPr*$xckL*^ zN9lI;gf~yh6|vBr9;Rq=Vlim`c@_EwP9W2lX`2J-&@0bkgG!igQS(6XD;zGjp$ zeP9~NnV3r5gxB5Z=RXV=hf4}(fR~wOBbr^$iT(LOV4FC*coRb!04gmkNy04C1TXYKnm`bJ3!uBbE zA{94%gEPbq>EBGI&(N3p!*1WyY{{ZeVPF^`41ubbpANwY!ijpmyXr@p_61S(rh~f15kboCeEd?DNa7TS?5}i zaQY8U5R0aX(WAJp`?_j2Y5O)h_tukDH^AF-Pp8lQ=o;eVE^Em#|| z+oKOYeTH}){$U1gNivH9c+^r3##(@ecDW=&`!F3`(Wc`J@HJ}!KRhlhbqC|B%>zJO zJ1c4`E;}>&PxX+jd)wXZT^~z&F&o9cmMuHmJ9dUW5ktf9N=^TA&vrd`wl2r0GqvWI zudY=`!(W%GBD%g*RgE{9TQd1?*@VTJ~ZenjfdHWnFf5x;s06 z9gFtg^^4xy=i`FhoA`FRzbV&`0e)SP-^pZHZ5_~dMo6%IoUvwehR9; zR0%eK8-P+N3y+WhTL$?2?Tt_wi*`$W^Y_O@dt;a#0S*kT0iKMJsrVpgN-0_2_}@-c znLKUiJA_MMXj&>>QY6xMz2BZ1wplcuhR?qUaajKfah@Wu8$7vU1J3v%dVa72o^r+L z1K6ZIE{#7@`nXiT-A&b+=bj}0>!Rc|tpes-(S(b7um7D-WSOO|Go5`MmP^iU{Lb75 zy+u-g9i=Ipe}^Kubb19~u4crJ_t`5w5If-mLyagB0H=NB|5vx>J&7k}laT>{J=(hv z+3^=ES&MWPc!9DW)yr%C3T;`tq#}*sTzfBb+^d@fP#rqgFYYrjWo(zG$|V05j+-3J zVIwFd9(a>nd!f+hA`)579Ns7GX_xUT`G8OkE~%FWLsvC_#)fjL%15J_yDT}xz7ja! zJy6&~#r3$sNrqqJLERNxy@hC(zeaU+s)=^1!69h3t3Ozb(QDJ)rcVq8j(Zum5$;Wc z!aVa`GOV7%=970%gzrrUvOV7PrHrXALr>~Bi`~`gRYPS37k?22H%X~+LC_Y`a^qn< zrfC|WH=8K{b)~-61fo&0DqVwxbh&RQkUO4&UZbSie5#floZvVuFsX}lQ3n)_21top zX%`pA00_9+Zp+cFIQO+Pvp~&!kWv_Vw&KoYX27O}00}$+2yZ81n;@C|RYgS={?A)c z3~2Dn7;U)bR_Xeij8?UF+Ttji<@(@4NGiisFjArwSH3$N8R3C ztcvcUU+XqX!eQ!QI$PQkhyEpUb`@Fcc-6>W`L@Au4`NsL;*^c+0<1J?{S#;M#_Xh1 z2(}+7-`27&Wvveb4m*a(_(+%#TJ%*40BY?4hQG_kJ&ad(0;j7!E7ORlDI<%4OZq&k z;a1*=jBnh%_6F^}&Hffil{U11Uzd)XWcZg`J=W<6=C>p!z@01{99pC|vKxo%!v;f> zPdt%yNVtQ%S;(#!x22h~S6kdDS=J`&MJVV?kkOE&#IsDLUY&^;x{)qR7vZGnT^GsJ z;D|XJ2~6EUGbyFeF}-Vf%#qHuWcRyj-A$@WL{M0@!Bp&EF<)dEpq|juJ=6LT5zX3Y zA22<{>~H|>DGF7zxS&q3OFvj1TxuLxn$F&{WoGc7I+WW0Ety@>EGM8HCGqM#6;E3{0bWan$&PM{5Q%Z9XC$#WH9 za+^T+3Lxak=}P@OdXj^_v8?qQ+wFI~`vH~rv04Y&#h8#scJUk>%o{;&7QI~t&WqOG4 zEz;{Y*W?!82%nXRs$noZX=8=JaqO_#v895if@n`cw`D!%nQ7U`WJB1xvL+DdV2op! zLeYR@NE?7MC^{icM_`A|gqVOuL#Q0QUJum2BMBiwp%OT(Puvjn-0!?R5(kp*0)VH z?mm!-t1vrUauZ3IRvzhXp$Cr4@OYBh)4qI(NwtvxY!mAyG7IQSFwQ*jSz}Iu{Kfw# z)@R`}s9mP|DoQYtPqYll$;c{PvmxnWPC^k*_7^cer$fM^BlRDK`lv=<&KC5JNxGsn zU|!T+gEh*j|Lrgm9O3ovo2>2B-f_IdsJK^wfqD~DNR?&)Dlr_m;?m$KGeQ|w8_b@mp3Jxv&P&yE5q%o~U44z){BCe$&T8{AO$etrqx zWTL?1+OdBvvjleuvh^^55qxORl1W=DvgZ?gl@H#3+2@@qX^3$XN?=Na1 z^JV`&1*L9-n!^b=!VoIu`1f>wP^V#0$PkV=yesf9piCU31dOYistoRi8BMC;B`54D zF3?DND`#1S^DBls7iDd*WU$90LJz}-B&+Fi=BY51?RCifv+lh}!g|C=LE<>yRg1P3 z>*xA_G9?j(h-a-oMCXPCloo*l1GoRcfQ?HV1@mY+Q{**wJR_r?35VpBHkIB+)7cT| znolQ8eU|||&qLxgdN0<;V+;81D_TFgy^kZAP<0X%@R@c`xN8oZdEwTc3|c5VeVt!h zRegRhkaAABeeS7GyWPEC)h~6rKTjIDV81*_9qwq}r)jdaIJM^o!Z|;0LO_+-Ux>0y zwW*vT(a<8fVt;?&;|h^0dVcaL8NF{5o}FIf!DVp&=x?6!L=s_r9@#bJJyTRBuB#z= zJ9byNKp&G_&Fh~~wW$Gq@z-ov=ECu8_@Q9akg6GDlmb9aqwC=-mtPTc`~%11G%872VN znXToAYs~WnrUfj4qr(sbdsQzx1B`m$0I+vk?-re$N=%Np;h1WA1T-(b;Z_Zs4BUdw z<{Wp^CnPAHYlGBZN(z;Hua6edeZQQ6?I7#zM9S@SqB8x|aIA^Pr!U)=Mq8M!(3;OY z5mJtI^E)OwQ!%4Rb{s>DZI(q2p+ea9JGL|$P75bFCq|HE<1ZvPmJ~t}xX)QY0FbvZ zozG0dw>M8zvTjM)b8kdh@ifv^Lh@A^QQzC>5i;`&EC7Y{j+1+@Nw0eEIiku|j= zizt^pq%yXm?hmi3RZmvNX=*KB*Y#sBlw)H~gRv*Fx0N2!+AX<$Z>x2mt%n3UsrjS( zhnUbk(*z810}=#(G7R``6|n9zY^Wnm$+SzaY6+3k=)P|dike6O#`D^#LNd@}d{cE= zbT)9IiBe350g@`hI|a_cNhOJ-T6it9N_C9}pm4-QvOxtv z-zzy1q8QMGJW=N*q!>HNprVYyUWaU{g1#771N-m!P#l`d$DRkM2F>JlM`VH$rKciN z%HW90f-XwgteFP_8bsL7nNbHFI%(N~NR%!}7}ko}3XBWJhXv=l3%ygiQ~R-#=3Sm{ zj{=G|c+}$A$&OHXY2m@`+Y2N!eIEG86de(RMU&rq(D;fSyU@)a^eW+0+sX9hxFo=n zI{0{Y!l{vg;Ry7A&P{q9kBGb6S&^>ck3LrK8u9!@2Q62}t~uK_}WSgY|MGo+EfyRgjS5s8v1!fAx13jn%(YdZij zwnSJy>pdLTw7bxVCnRznSh%&s1B{6m+>4CFjOYsmk+p|%kZKK>v8MG#jc1%udgRh0 zDq3zY?64EMBO}UNaA&;JE+)DM?~BZ(7_dJE!AwMnc42W{dhlI$TwoaH!$dO&>=Mi? z3LCezy$j_)Ut{4&31$m5ZzM!GPY9?o`{A$s)kg+>E-rBGV*@ zj3>0lZrm%vk}(UF{tv(SNIEyDB@btA5%LdLeDt5Is!qu1?~h5>AN@3rwbE|8w1hoYeB5pqb_QzJ`4GB3n~VStS%qGF)9qG z<~d`XT^igAAP&WZaBiUkGQX|^1L_OuBwhm^-r|l}TF;q1=k@Km^Y_FF^c>*ROhh9U zi>`VV@oY~BtNR0%PWGSY`uQ^tLm2l(@p%(DaQ^qs7}90*{wSqyiWt;J7X;bTTI}zF z!+OyIln`YZ$VyW0DH@TSe9XF>4a%-^)MOYFj-dJ6>1|f(3#n9Qqt+CPe1m|J)DQu@{+vdhVb)9Y!tB74WT6Mn!p6g8L~yL%DOgKhF{gdcope zdZYbuPdIpi_b3>|*+KcN$_I`)A>hEI){R$mtPT;YDPInll5(jdE-A8ul62{l1vG7o z9Y+=nXqD8d(K#n4?c`!~Q60p+HME$C`tEX#oLs%1=Np<$E8EcKG&9M({#lk1pIkg? zV#Ir!mG(a4)KfX-1Y^(4ke7S1cXIpgd66k$gRd)oup?=E~uD5VTTG)Y+j=r-Ep|`e_t%?bULhws!uRs89t2`o-b<+R2$( z`%R86ZFW*l7S*v{Da6!rYCACjI&<94%pw}BeQiD?&e<$y4vrNN^$&FFtStNa4g2cY z=nhw))S9Abdk9#za3YkPCijQsbJ+BZ@|z6%V$um%TdVUY*D*=`)oKe!X4i;d*c=Bupw3BWt>? zpi#cTjoB;bGmA7cRPCP5pDb8KJWtpi){LRW&z&ZO^~cK{NzJqwk-`0g6&4KYF{=@{jgw_bh@X_<}!>)9P{2 z|M}MZ*9Md6|GxeDAJ@J^{0O06K9Q7eq}MAwg{Vl(K<65D%~Gx`DyM z0xV^xzkLVyKsc$#REbkuB?S8Qi-Ow$N&C%WxG2M5tIxR-LP~uy-wygI&bhSd^vxHW zLR`nWDxs?#Jb07VAG@ptwa#HY9e!(T_O72}|egL1(emY&e+> zeL%5P?(gYsob#)34)Aiv0rz%SXYW_33lukfa^Dhlq)>#=-497d@>KaxNz>aszBO{w z^V6kcDBMBSjhypYoOAdaKmKQPN?4}1O$Q0T&|!1xkpD3`HrD_5+1&ppOrQVFHs9%v`$LyCZpBsG5}b8!PFc9(*S;@uAW3Ub#aq(O(9e-1KG^B$z3zyV=v#T~kG zt`>=)AVG4VEf?~rld}&r?-5F(oVm`0n|eU2kQBx`8R5yA~`(emt=)h~?Ap)jBRXHho`-}St3k}Fwc5S^E=lUy@#qGQmSqY0`D+*o!xz# zP|giTUl$jbm=)UAf!N1reK)yrVe7UA@&$Ld7T>3fur7!1H+Z#QjhepR-VX;SrrxaG zn%~Z!tF(}+hEtGx`^H|XT!`L|li4tvHx@_CNW!tuG+qh-hwr$(C zZQHi1`u^QL=!kxU7m50hLE6!ePeL(&E^+!-WwILciLC<)tJT7K^ zPwG5;YbbLEDwgog~A>z?9cP?}xmN5|iauEWTU#59ta_E%wL@oy;-n(osQO=DVl z>XtrAkgrU2k@jP3$SWOO z!=%tP_=XYjnnuZplhJVKr8yE3!>Cz3|Ihhuh9YuQ%Y=b^0SWMVEb&GmP8T2a30!wg z=VzmbQdHawq0`VD1xX;Fhd<9NkOC9;!QgZRJbLAb+c@hm#ZxlCeDz#3_bptf+w&y2 z>#6T7i)yN|ortH|y*+w%gFKJ^47}DU0Dq=HT&fCMtaefdQvaB4d$;fd8UyZ?WE}5^ z41tX75}N`y&&5Y0p~GmyOav5;?QS^bDDU=%UE%r6TlLrQb8k=F5{=yjGoAq}2|&%~ ze$N0MG!~tW?9-b!$|cJx`{FgL1J?C)?mFi#yzN$$-Jz50L6}-=jDYknmuw_&ix@SOU2f>1v%(m*9Mmgc_e2iQXGFR8KQOA>}4w9V>l~ z!ZNUG^4Xht{6#|F- zK`-RVbh5&*d>Y1(5I4o0wQ1s2MX+gfz+fl?4datTJdO@O-*y zKuChr)C!0PC?y813GY(mMvZ%?(mVIm?!W!v ze;X9&*06EhY(xAXL>YWG1&gcTz2M!S+zdy@c5M%djIu?SgiIKbepc-8rFdnppV#eS zAQXvt+3$rIQ|T^Rw8(8U{66kBn185Ba$<`puBMA*YeW zaK0Wtw$BIO2dm4oE)ijA5r*N8MW);e{fd++kOE4)T_0p{Jf8JfR2Y{*e<(X@0|J+o zOVYyxg!0veBYE`5adUF%oZen;?NlR+r5EmMp@#=sPixV!wA5tnc-Jlz{RhY`!a0j| zRiPi5a97ZuY^GL@s{18z0&IHps8M4FZzkk_FMG3;^y1Z)8eDipbi5BJJGhxmg=lnS zgj${Jk<6|$yHe1hA-|7TYLoE!`zxp- z|EEOlq~T&cY|uaL?$#2?i-BIMLS zVJY+h_F_cdLMfpC;GoW#XGNDDiFwvD5|$Zf{W3OE zJhb|9eDeh>yTCT;`dDSCUc_L-g`22!)@^l4G<_6k2IP&^j8XMY&EJk~ z&SBy0=U76yUsq*&^9b>Y)^=t1?(Gf4_l|f!L6(!C6mQG&47tp#Mt$h6I+c41{ z6xL*<4aIv3Uq|l#Xz7_=`qDBo-a$wxOUlclypiwE6&EBgj=zDxHpVTQU>|l2r$kP@ zI7wdS@_DBz;hwRt76dMyWJOc%t8!mlmO#ETBP{zRiC?{wkAzf9Ng(~AcE~Tke_q5U znxzsatOZa&0t$%anxz0FxZs%zi#wA#e3r&Uy^?RaCG!M}HE+mlG9V_bish>aV2d9d zhL}M;jm&YzMxgUjGR%yRYTYysU(nk&(XH- z5q#F`*A#67w67UXHMP%-r*hN>3~gmkFS;k2Hqo~B-|gQUQ#f)cjqH)6qej!17Q<~Z z*&Ie#`t_=Rg5;G-3s`|zt}3~doRlfJBDK#U|Nhw*QM%2NC+h-ZS^BG`8gh}@z@Idm zJ-xk$Xj(AI{Jj5QS+sL;3{J^>*60^TAP*1{(CQ4g{|kDZR$#8ZuR=gY6#<=fs7wev zU6R((0X$MR9g-OgKUi2Tr4$W`lX3hhYyBrZ~hA*)B{QbgcmNMIiwk zUkB6I&d?7^pQofimUq>YLNz=X4Y(WOHXxk9?y0WC4J_|}eRVO7C*N)l7VBpJWmL^$ z=@19^*n^#pR21+Cu%?lBDR9FJl&a*9k%$u8^1J=1W;e6T{d*jY%VrjP?jIGM-Jm>{ zUmrT8WMU!5-Ok42Fk1+L3#cHyC^inj;#UtAFMj%VD=(ZROfBIw>n~?w-;~!C8xS>9Kc)$ z-9%Oc?m`%&&dFTn@PYOy4yHz#n3?Pm4Hz7do>;>4H(?ns*tX$`(v$qEqOL<}IcrM;p>;p)?X0MFP zuI$GW!o*XjG2GgorN|0G2iV5O1_#;&$wR^Mz1^A&O$6$6D5v2yo+nk4KF9PB_y-@; z$x!AJ>W>?6TYkMY-Uz-SPu!cw9psp{(@2P1)-_yfM*mp^EHcVpUIuH9 z2u{fCP^x|AJ9(pwT0EVbeAy2GZxZlJ*|y4cWh4J_W$^bDMJnv*1X<+%1QP~ zGT={75Sj-@xTHxx?IV&{+-rxTNyjTbJVL=10m?Ts_A0m2dysIM*M+!HElJ*GEby+! z$H`PRI%GZHhvs{yZoz4uz3ctXg;$Owq_-{^O&?Ca+e^I7u=q_F^#SE?SX*dCTCZ+O3*GVN0qz%5nIlny zFQnmWR4M%2yfO!<`gP=vw+X%k${?>o75>9NKAapUu5P+7_lROTOVbW-xq7|72G0kB z5!t=p$Lm|#R6B&<>Tqq=+srTR$d#*Ve>joQ=y=8p3{2Dt%#1*33$bA!yYS%AKTlHd zU|vU++HuRbF}FirViETJG=*`5$He@-D>Nz&N4XIIJ!SnwH_`14a_JOm?vSWXwK#K8{P2mhLrWSuOE+JNAZnh?~f9F>qE))-jH6TK-IkEo$sXy>_ zB?e~xC)vgJA4-TAnHc};eC9OP`rl3Vhi$$7&}yu5%OOCB93Rb54olL+^{P=j2|RMB z1`RX`8hFpI*TraCc@pQLm~Jhtaz=mA!g<)IYKYSj#F@}WwpFvEIZn%8o6mM;w>7grj->l;`{JB4uEdBO8V)bVnf9sxzte~{l7^@K`lvDZ zBX`^EzB%8Y()5=DRm*H}ur<6-R3u6EL~P+f!uejwZ3Z}8@hG-uA|&f-h+$Qfn_X8= zP;D?n);emS(JjrQ{kM-5Ru~C8X_bC93uE=OeolAz{O0xuj0wEb+JyVaDaw! zF#ByjMWG4ye?bh<8<~V}t9uBUaG25#RKRIW#R%_FsRiJ61%cHe zN*?iz;K3RX@=cEF4o6TL@$XKF3yz1wayWu0v zZ0R{|oTp_&6@4>>`*q-P8)V?+%sgQ&vTBH)acGY#ZY^@O7N`PbX|wkXJDFdK2qQbwWZ zI6}kMt_%AzPBiC7u*0H$`|MFoHr;E#9Z`5tVgf}d2mNDLF1=(okRl0Rik%8C!h1)| zy`w6TV#4flcXrebK`tpA^J^3&5%CDh2JP<-AeVkqT>L%uT9FM-wKjfD!LLzS41usS zc@f?A+U+C0t1uiu91>&iZYfNGCjv~Ou^0GFqlQsj}3c1jt5>=EDt>2a;oC) z<;P~emz$Wybj>|^vK*>eq@D8!I>mi3u(9?!wIRel3Q$X!1m(k1_CjXQ;X4ytF2#Mr zwPnNh-O}a7;_%&&a@=@g55D%Vi*ni;yYtT#Q*N!>!LQJ+Z&L=w+x%fNfakK&@{p9d z{hvLu9BlrK-vmpbbqLu;hpLP^+`#xxHHIWGhul9DzI@}N7%0A&V0T(slH_RE0ZP?j zg}j%2;+;gyiQan!ke5MnyMylmG9LDJYBx$v4)|iBhdqjbTO#;^Xuy=+9>$L@u3L%iAJ4Iqe6+mXo(gIP_6(yoX|?BR_->G}Ee5ERX3Z?%hOZ*MON8R#X5Rjrvi|G=;v_&8Y?!Q9=;1{G46mAE{ZpPwSQhAR%a_$PQL$;JFa!DcTSF>Vb{JWFp*m3zay*V3NjbcqwW%5njy3 zcYjZiO8Flp`{_qt6V_03uApi5kdlfvaykgf2aIZ6mslbdO`B;6aR01(#kDeCTM2Y~ zRITRGdlojLSRz%NB%cb<5Wp|hDf}~du&D!$w$y>C*Dlwe-GgaHH72M6X22b&$W$uN z4&;eL%8p@-{MD6sce?n~XFdsPr&|rdby^r(rpAxN2UMP%@?iuD@U?aGoe^uaIvguEDbM6=l> z3vI*6DCvikHOcvC2^*RUe7rm|j zv#Ul@nPgxh-)%OY6BaARS{wE!tc!Y1vnZP{LG-uEDi^G-2|{R z6U%;X*`o>_=fX$i6)DXx7$4cpq0TN90Hiz<(Ss*yh_Y^5rcJ{8QJfqVlpd$0wFJz6 z9+#J(_VIu`g+TvdD2~0sB7%B6i^eHc^&uz)~j_=6Umg$4PfFo82uIA&zwK_OSeuM_46A@Ap_VB zFF{7jXkGuF{}u4?()%+Oq(YE&Mb_8R!ppfyA=6A@lohrc>qSW6f^Dlds%U=^HvM-v z&mEzs=L6jp_^*=RZM$N_-w+JTF8=ZLW1Eg_BPG7QHasC)4!t0shwt4!QkY-Zg|_{L z|D>_l|KDYvw27^mlQ{tc3(J4aL2Xvo_{Tv-_!s1yD}*t|#3Q0WJri26S-?4qr=1J6 zK^RNOQdv#G!Cgla`SmnoUo!D@WTrq#?{`A`=zKRE;QhXt0PQ)FMh_^7g1}N|A?V3qMTV7+i7R6cJ5CmiCA5TCgx>c; zL)OqSpYBIa-iqG~0kS4=Z`FXpUz+Bsrn50X})T z=yA8jF-SF$T+QymB_$A$h^4b%S$^1lZo}Q)(`7}}SuMc4?=D=B8K&6RYsv!eR1_x$G zt(Kk#d_ul;nt+2^B@&=BAl~qh#fupG&#&0#<#HxNCho=Eb8VOvO zzD#Kzp%49howO{$kfCPJw2Cm1zCW&vRPzX{Bk;Mgop3}QFXrm>zP2kg6nLK783a1K z%4#2Dhc5au)JyiSw{(ve{?{;GXEAr$ooTigSL$pv!P!A}*mo=5kxX^M{2BH zYikwYzF(pYJVX6VoB?rEZwOc)BOeGDH{)a+{F5HKI%C<0&Se1DfZT>JbaWtdIiAhR zBt24qlXlFiwy?*8Ppr znqL}oRSyXL@N(C*$-n_YR*Y*?a4q5oCuaHzZk9y+Ys_+Tr{kT}y3U5q{CS%Qc!Cx$ zDz69Z{Wnw~0u*IAjxK>IHJ?EKXt3|k!QaQ5Hcc{|Km^=czM~p=r7bq78SK$lP`<_f zc7$wBcJA{WKz`mg^O}Z-xEpQmN%Or+E|o1dPp>}f!&IeHa`AKSj^Re*qS-iFP$V03 z$2&m4#dlV!eZKMRb`& zqZo`{D@7!K#fccb+}l|>y`GpHGRCo9%knc*_m5-o6#0s=&#i+u@0|Mv!SKLDWT_mr z_PL9l#33v>ont>nRh_nXPTwAs!>Z+e91fnuQ1uZdNQW@Cu&nh9jxN6i z{U!kTh-04L&}&$%8UEvp`48zUMyCHeV*V?uO{eT2JxYix-!P_4IL7B2S}dqQF(cqk z1sov*Gf_CBCCzFoRKSP<)R8G_YUN&nNGg5WzSxc>75t6Bo)x>9%; z*yuwkoW&t1r$5{D7UqksLR{0tR4~;itg!AaIvb?A$6pjK^%;h=Bx2*JTtT?)&_{`5 zD!P7Ce>1rD^KQm}2=X*Oxe&D9k$Psdc+9nG>I2Ol#D``tQ~$?mgY$o^Ht|y7m^(yN zC|G~auj@bbLuRgwMMWF3P*p###B@qc(jN1qp2t&MLjp=nc!l(OboP4zT`N@||I^uV zu>Svq8%Fm3KDl_uBCT}*o{j&Pnen|gP2*|T!n(5)1k?3 zx!m$ZfN!$U1p22eE*`6MaXLS%o2=V!tJ~$_ogZw%thgY&*Q`h?v5+W`Bo5s%$ij(s z@hrKUee0U7R`61EF|)>5biVUH(ny3nF;*u@;`vz|=p@Ed)Es;tuk(Z;$JpiR)PkucPZ(pZ=deXIH4=uyV7o`+T>w zI~nt%i-n1Yt4#S@fl5N|EXYed{1f}1>B=`>XGhIDLX}o=K`%)xuP6%2?2cQC`XUC# zbwlsWYDpdV1)G?qww#$#l-nLU=kb3tv88|{xQWAa;#3KcoO|==*+mUiGg&S3{8;CaP9>TqeAaebTdrr5_Fxs8ko|Ep zr+LP=7b2V-yngmFi{#A7Kjchd=eXUXClAypkDfQC=2b;H zRw&^vo-Iw@+GQq}wfO@2vM1>+U0V^&XV~K<2bRh5_e@j07FgitE)zjq$cpd9aJp7+ zG-(zps$h#_9QfGI85v*6J#5X`j?LdkvhQ!au4crWY`N80*HTQLZl+&8YbyS7s8?)l zTIN^f9d|@r50PYAHM(Btb2^(lD_d+OiPqIJ+4OmKsf!N`uJBw^?&uv~TGieD*fgw( zwXV-Lf=1CjzpYqCJIN-KtuH5Sg7XTmj$H=_lnwCM;84y=Ep28$!{awVZ2iEQx)vT& zwmPmlYihxt#&r(Q_1hHiuVRu$;8#iQ;e#dr1o9ig{QwTbkWvIL;TgWb6CC`3Bse1M zCe{(GDdC+GV?&Wm=2VMYYSoxmP_e4z{DzN0^dKqfAqEyLLbpYd0-?438(cJVk}Hb> z95IdrWoXF@1^(L0B*XUsO1VAWe?RlJgXKfo&l`~0$+!2Urp4U7UO8G}2I z4jCRnC?CVVSes`Eh)H-3*lUxUABHX|cAp_#1gxDcP98pp81NrAHbsm<0}tMAqG806 zsOa;fh&8Zg;Se^3AX3rXFX0_28ru!6I4aC6j96t(&VqL-wWd#>uv6wB)UT9(t9%1g zA^z&cr!Ie%^UJyNzA=P*JWvqiyMn#yPE`gAtfe zrg70rImLcmODV@$Ygy?Bz$=oqYdQ+@GhPSC?4y_}Hq%qsZ9O5MQG`Vfpk@n`P6A=c zc+|@kT7x0msr;P60m&tfgfu{l?zg||!!*udecy;RidpEX%Gt?P~xV<)>{jy}BlxDF&eq_ZYf#t!^sN z*VA;GIG@72=eHZ-t|q|6zNNMmr%!S>B`*60T!i})g244kY{7x`agjy{>y8w3A(OQp!hmlhB!51j+m5&Ttf8!l%AJkyLWw;Y{Im!BOFS7tx3_S4jNCUwPPR;updWNDiO;KF=wgDJw0JddV`A?oZU-*y! zICjgw6?h$I5o$^mdYA>Dr6XFic^IFRi_SvCW6?TRi&x^p32P!jI*qg@0k9-v#c4wU zO2vt{yDvmFGNthi@_Z46cy0K&ht?%O@ue{)0vcJTLAEg5478{_fuyUmk@2wmohlc6 zJuOXDMS;aHxti&BW3QO^NzYL$s5DQb-;aWZ7G{?8`1g8b)f7y$v1d^$mhgOIH^QLY zELtTa+pI93R|5q$%>OXynN%5H!1GqB!`#S_`TMN?QTIFo4BUwaN8Zf+h;yS?n&9EC zxt>_iUL?{yGP1=IKj_Pf>+1s;2XD(Xs=_l`^Jdg1+UB|hnO^z)c(yY0|o9WED);( zZwB0sYHd~O%2bI2~*6a8}xFTuAA}kY&2;HqiHoW7dYcgrxW-xSG zBGOGXB-`o@yLdW3!_wB=S8_6!QzyGsnkwkM?it%p3d({t7&*8!@@)0B{$oX8$;Ohr z)Fb?xcFeWpuHD5Q`h<9S`?b4fdZA&xB3WXe{@{_&jFN5K?USCy__!NwB3Jn!m9oa_ zHt}@QGzH<8CeS)bV@gm+%>!Z1`Lu0zM>X~p7L>Eu+*Bs#TwACI$D4(RA3qq2uiJNR z(|pzh?)@_#+8f**QOL><9mYp+Hqn#I4f8yo{@`OD}0 zb%b06tM0ycH!hg^DO>mN=akE34?e+|yQU>mCkS!dl7kunSN9|Jo^W!!^&cFV1E+!P z{Uk&ij!Htkbb1Qx9&qZF@lK(pt1{Q`e|*qe1mg(qlt5c@lj z#*_Fk)EB&${0sa@s^Rq?~B$t?PD?JX_Z-l{@{4aZ_=jG44OAT8SGyH=Lq?Fe-D zs@bk?4$r471Rd-`+UU-4b7@vnec zFMR+!PBN9;}bY_Uv4~pd4s96egZz1any8 zkP?sMp98hb*W*-VZPo zEE+}PVkwch#(@YV@b_pLV3AZhSbo4WHxyBhNAye0{$6PpDR|6aJSwJ=zyLCx?4e(H z5L{O~SvxRf=hN>#UxrhQIc_cnu4D zU=owt!8qpl^Yp}>_vR9QzvtPXO*;cwIyLDSVOB`E5;U2$DWsuqTe)aLaTs@(B zg3FfA!sQPW%57D;n}=(xrjPoy3qIj`<2xfIr;+B9m@nV_L+ah{Sm!U6$E&{!StdoL zHgEjQKG912C)2RrDOU1@oW}UyQfn6w$2viN>lu?1g zPLb_By+5L~cE*|Jk=hDz?rJ9wmyBa+b=2E2q+lxY*((^)QeX&hcz-`c>M&X$^a*xj z-b`?B(%tRPaSMO-J{s7DUq%y{@+&cBfc?4o>ulyZUdel}jfj>WN?$$G8Y^qI7J3p( z^A9F#ncI9_Z~IVrS&*fA?bd=taGMCVGA4mn!?I$6SD_}izb^@!3Ye5hmP~~rMEU;b z_~Ks(Mf?tCUm^!Y@UNmzLz*fbK^Rvz${MR(YuZ3gN}M3%K_%g{Z2{FGWM~aJ{-gv$ zpU?`~-l>u@M-oCm(1yBTAQyHgZP4xxD{WcIbv2u`FYCk zkS7M=2MnAhM(eR4Sioy&{9z+()^Due$2|FA2t3;bE&eRb7)emhS>ucFw++8!JT;&bzFc#_nWDWd z3v8g$=U>3S0%{8nTXlkTDy+x&?$Y!-#}r`Nz~esEJTrgNP1NnX;c|ROdXuTbS^Fbl zQL-4AD_EEj0o_FAlL$yiF>a)M*xVThJHGX$&=@B&c~{E{PUJnFgNw#>Wq-If%vXpH zN*1W2+qqGkwe@AVa+>{Z$5gu7XgUr*xw{q2S(I11?*;5FIQ>45aIQ z*56I4r0ZiX4`7rWo4bj(_^!#IfT#`ZX^%=jX1wCYB3Frbe%N>Zb<&^_5h=NeZjNsC zUlbzuzEO1)@PgT75Fzn?KdZTUnihZikS7)(_Qyc}*7S)cv1ZS18Xve|rvP~{W!g## z7>KN14(9a9wh1xGa)$b1M4UEz7J~h_`NeYR6@Ap#a${O)1CV$vCBJsYAmt4VFgs~o zM?OG;V-i*)fp+{8azzrCxQ=C&)0VzSzt7|ddg#%7RF{!x`p$C)~yKT#YChC zslD8-&vf3=?dMMZHQb3Bza$Pp^y^ZmfO8^a_wYZ&qcll=)D3Zc#V~IGGtaeBHGl;6 z>OcUis>Fj!xHn0S;y{1E$QP}5I-no%8?$xS$N-(tUj(dBfUy0@uy85FS3HTbjVbby zoxQ<%@zzDW?CIopH3e0?R(EY3t>1wt6s3s)>?kUy!kprRs_Z&#cX@qZV4|wO4)5C( zh*X=pZAZM3W< zCj+?Ass#}GztjVQs;CL9Hta+XXfbB4Rx~O^|J9OxMF!HC)2kUC^pqBh6()nbR9kM) z7w!Vdh!+6E%$eY&L%2rP*!Q^cB6L_|C^M0dcfpsR=P+3T9HFNjgj&6T36m=jp~D2h?X?1JkuGX|yYx0zP{#q)0pN zuVyI-XIMzz!VoybWo*Z|I@6d0j1^aVewEfZm2Ks4QWpYI`{CLvusDsUy(36m7S5cM zW)lmD@S_o~GbuPRfMQX_zMHC6!6YjUH7mY1<-&e~WIp`3V^(?CK#FYz)q!8Q46h}o zTN(`FQcmrlY|*fAz4Zn?Da$Q_MQ?^TVh13fjPp zET7OGH7t^qz=ufC*&G|y@Qb|vt|%9}OERJZ9mG-%7eJ7~m#fRL{nmePfKvxL=QPeO z2Yw@u`uAn7)gj=5=}1WdrOR^)qa6WyVQlfrYBR8(nO^ zVJksjUcX~<;*Y-@Rv4g^Zvnqm`~(3?V_Hr|llPV73g?BPptmQ|(EM2a{csUR(7K9V zxjIa8C0APuV=1VRv6j;Q-gG527S1_akOA#WtBJuKB@#A(soyR`V|qDfEXwl*_Hne5nj3ea@7J|E}0@&l%S|;2}S_Z8N6@)(0O178kvwb{i?~ z10W&$RW#=+w{*7Y2I1824Ml(`!Osz&r{4W~RpTMaQc>l&=X3s^?y?1jQ>fE zGqSM%x4DXI&Fz27XC&XE9tl44_rlG((&!ow=V{SHpCl>LZVQn-_`c| zN(SSY+XYK1Du=q6E|Wnh2dTN-8yxPX`(fyG`;iPI_)~sBnMM;pZbFhzEl)ufHKCsZ zjz5^1SPrwR-IJ-)o%_Y5?J6Ho{33M!nNnGx9;@hotk|AB9e|%SJ7{hJCD38FsWm4u% zRa6XvV(bJ?LItWS167Y6T{IoKtm~w-Z6pI2s($StK7!OCGySJ2XoCMKUOJ!k$*@p?0pScn!^|>()bi%I;_~N{9RIv%W5MW$V-^!R`t*$)EFnCoXbUO@ z;pEYq`FHP7Suv0oBOtFc6ik7ulj9I~A5pTJYlj{T%3dh1~dw^R5cHn4a znii4pCbHY)&Z_$<>+#2yWAwCh|6@;8q=nXQQs>$;3E3*tZQMJ)MMG!zu)`!78zqo= zpX6>I4Z^7H`9KU)t_GeX1(6sugv&mqKp^Lg$s$T?^)lGoN^E#0-wy!J#O|hHqnlDI z0KDvuw2|(`I?)AaAWs0Nw0gsTs}i?Nt5XDAMfQfMmH3sIE5iNFWz~QNu4c2k-DKl* zdPNW}&u1P-Q3+luE_+Uu7PbWvn$fuMR3^1M#rAA2sCnFXp(ZAM?S8Ho@GFQ*dW@hy z@K1~|BePuCN^Gw@g5D=fhZ1E-Uns?A%~rKedt9|mP9xOu3YkNcMpM-jA5F)@727>LQNw?rI#Dz6v6X3+(z-nx+?gfpU?JC@EYR=&PMH%dF_8Mv# zdZ?Aht4C(rl5L97IeuF2EqfSJu1QfcH8Iwcm*7SoG>yqFhZ8+qMGV1SeOm9mX&lQ! zOCWzZumpl1=NhhFc_b=wLg8NYtc4rUTN}SCFm1UCq_l{u-4Nw&!Y3}$Fq z=K$G?pXqV!0~FBJ-8y=*EWIT1lqx+5N5klBz+9u1#lGRf(&3-PU_<@=KECbQOOOjp+&f5uwk1MAc*o zM<%E6q7xzUkcZRZ0i0XbYjomOFFQiKex`V@Ev*!)UMGP1Ph8ZTA#>sEmr*=e=L0FB zz~j`xUI4<22bV)##x4aAtcfHf!@rM0k9`?8p zgNO{(dA`5@zMNc)P9o-g*DDi0LyMqXrrnHx)?Thle0G2Qm|@dp6$=kf#HLmjl;h#} zT4ETy7|P<~ndspM08TurK8R>U*UfH{md+hI1#-!MTXn1ys*Ix;Pqit*x73RzmlJ4n zVd!{MO19E-BE`3*m?Lk;9W>yWXT=8ln$q~|n>t)YwjQvv!fWvuTAroXuV2y$5Ef4x(UaUn_|%LCxyKZqmX4f~k$G@i$b1;)eN6*6t^;zi@+ z-h+u86q#u5np~Z0eKUeXDLK#0x!34a^l1(n!`nm(clkPh4=zV0257TACZ5z*V7n{& zbzZMwp@UJLq_&wc^Aw)v#+F2p{qHwD2pRYmy2GFG+i0W&dfuz(kX}M4bCZo-1dC0I z^;|?xG^DMlKjRYrHc(aDpoe#wct(iBh~Y---&yUWz{B#&+##cjv78|ASLqSg-@QBGP%X!(H5<6Znwq9`p5VLujzoI|u0(ad`~ged zz(}5Ld1Ac?)g4CN_Xgob!Xn=W62YSq5C8J^!Z?0`u`x0|F9N_ub2}4nay;gJ zQ#gQZzj^)&OX`7WpGC8wur&j~&t&th9%~2!DN=`z27~R~yz+S11<@~G<(Xl~00}qn z=wRL7Ykj*K5J#+%hGf}d4htfd>Y-jWBu9QhI^;f=#jE&gdqm-35x;blcli!EC=@=0 zKB5IoNZIjcS|UWxG{o~to?8MMKSy}4D0nq|CJZi+WX)|bACtnQrA=)+d|@Ua*C+Eb zxWAE&L%v;r>_)D`TlkPkPf=iC@AwT+(y9MRBQgC4gB}wD>wg`B7}nIV+ZsdkS*^t& zfZqqe%aCEMJ(8$w#;slTREI+IcQvpN;lUH-9w8akJYFrWsO)fuX|~c51p+i|oW0=e zrHpCy=zUP7qwQ&Lcl+RmP%Y0C^=ax@uQl{Vog7NGsOuP4v&&Yq;&W2&RIypCX7kBn zPqjkibXQptS#7H415I-dL8o^T9g*4RGRSe6upAYpxZCTo_ z4L)V&c76p6l?^_jX0lU5tGH>G0p@T*(O8!;58iYqR`95drt`0eyLp++CwCCq1(w{) z)da_rPq5*-n9}5-%qp3VwgRts;{9wXcN5pk z6B@oFF6En>=T2GfQd?(fvaiJBy#;23UK>>6hrSoqWGmQ%WCY{jA0UM@Hd(IW}VrKG?7759M@iIn;CX%wiVmwl#djk1F7GGXGwf`2N@WSj= z2s5v8vX;&RG|y>sMXXx7|0-=rP{$EQ)v{YFm3e)s*`^ zfxLY$T2_Y91NM$zopuxn-20I@gi!tI4=J46CVJ$L2Hzb~(Cr zK?nW|Ms8Xy)s)kyo@A(;Vuf?e0dYs!wy*fo^$|rQ@5{CK$lK~IG#G=omc&3}{ELi|d&+KDT-o_Q>$)$-Clh`&qBSo-?nM##o4W+A`F zWVlyO&!2$ymI^a4@03{zD1h7}^v%(0RA-EH#1z2~WwM~>ZDyZG|M(yr+|2}FYwB7D%e*?DY^8T_Oi+kl3B-Gt=D>RGD~w~**&U~1GwY^{x*FYZ>G?u7jW5Tge7>G!WQ3rj zJsU9Jl{XpM{6t$BXL9>#-GF9rHWFZD_5HYfL$BDSof?YZ=64>WawgrWc$lQ&Ac5W- zL{;8^$FOZcuVDH&uq&OPS@Wn#dAjt*O6ytA7T#N#3#iKPYQG@kn^|JIaaQ83dw)9 zWvZ@eISY&#=70B$Cy5fUghvU zzst-g=w4lKZ(s}HK>T0p*@{mXdh`cU9b@m zX`*e$G#adCGxges(;&o1hqCSn=do6O<+`TU&Jj!uyg{;q3Mx@N?d(*86MPi`4;&bs z<2l1&LysWCteG)G*-W`Z<{2xvP`x1M2RJh#9-96gt3_6f^P-6(xH&@E1GGz;iS^ar zKJ1i1)}gfD-13KcL3^a}1`#G;!NPSbKd7RbixdtG2?abAx&hWLy_VJuueO5^gGD-R zz$Dh7n3z^a<3r=1Ygn~+Rq`CsVU_4KTb$f$yKFT7u zJ-@*BVDRuLK3bCB^qjtc@*i@IzXWAR7j*)MC6H4bI`gAZfv|8)$XJKYbDJ|$xDgq3 z&2@*^mMq+(G)B)Q?QoL!itrPwqu~Bt`N%PYt*U=YX!Ad^)5+1hGq@VgS}yf0#m?Yb zbdWcys(>hnN=tNUiD4??*6{lC2}z%J+B$+F8l>M6Z>XfznPbv|%~m9#bk$dIp9ga? zHDg?Y*agbILn#JvGkYRkuc4D4gTDV;`j1!M+dkU=m;(9xUvU%orZOWUR{Z_zwsU+n zI=oqVqB^h?13w%16=+uQnttmiw4gYe3Oi_0C4Uas61XZyU&hB)JxWc_;O|S_ zE#w<^eyt_{N^2L7=4x>hTSje~f$R4f`=J$>wUKMp%G$6dWJZbX8BY*p(k-s1<<$im zD})>gSLg>WrrYUW5uoYVzM#@B)M=(}Zw=MkwrB;u8XM1T^ONY3NfsD`%63+GJP<1$ zS%^`{X@V>Y&QJ1MQ6M4=r$j@8Iaz@C>x5CJwG$3877+X>SG%E=ChA9T8FCWOw(}~1 zponsg>~g&LC4zY{uh67pc*q#r{#Z;ELAWCCqMfE43m`98&e!*aRNJzPHnv2cgIcJs zqx>8>H*X-+VE0aM1;r@&TA&tYAk7qe8P9Aki6)giSE^Yj83!dQUn3?d-b>C)Ml{XP z%>SS3EV|@d%w>|xtSD;*H1*<+rtwpH{)k7ohtL1FX38v%1L1b_rVMY;@VD_k?&k)Q zIS>uqCLSTQ-I%$VEV+>25jCX=o?Rvf)&vv$EEbQ6NpOOE$Mi(*Y5EaYnNG`K>f8|P zVz&9Ccx7Epkz#zBcT(M~=VVj-r3Vw!YRu$~+=R-@R~+Pn8f_QgTgtghSfZ($-zKPpch zrMs6|55k1T5S6SZPaf@px^@$?3zywEY<}=4R z?Ue<^s!FQ0t{8lOubu-=;{+__jiEWki{_UELBxXDu?h$p;e|T~c>)Jo&1T8EmTu*Z z!ldFL5T;F24tNM>`z~Rf8CvVA!PGz++=oA z{oLp*3O6mrXS4uOL@JBfxvf=us@R)n(w!XYU4BC5-qszMBHraa_ze;aJ4i4JND-cV z2Ef_V>CL=(9!D!n`31PY!+8L5Og9ymx6EUQiR!G2Z zgpXuJ1sY~Loy{8G^v1QZg&!`owtY_uf2%zrdVZaw{L!$zd-0if3(+S-6NB>Q9bK(K zSVOiVvKroS*e3(}MVii?it3C23c88Likom8ef|T2Df`p*pK2A>|4^$iGco^yI^c&4)>cfae{zP!Z{ZOZWy2 zG&&d~;3T|hxUdHjE-j2LQGln{)5+3ORF5P!x>Q0WtCkJv*aO*2B$cv90StCE`&{bl zm+k59)wm(DeHm!+pG!}5cM+Ki0jZGy^}w}5wn%xr2N5zri{oYA4$ zO2XRhsv6&peIn2(_he{|U*y;m1yA4S6SaVKpwE$T@`lkuuc)Rtl?;)ND1P0quSl-9 z^lU3TlJn0`4EKFP!7?Wd=9(-F=!4lZk}>6oN>UvYX6goBX_rI`>?Vr!{)|#@aq9kM zOEweK>V1TC>0o-ve7#CjbuBSQpnh?-f!sw~^59<)a5 z!1f8A{mY{Chz93Fndu~9D>MCv+0+%$->F^?kd&Fi#Gi40==}Yy=P+d+Ni+yYORIi1L=Q!N{65-| zbi?UIF$-YlLQaL9iT}^zk0uHImyDVt2@H|spi3ggW>R}L)u#Ga+11O`#SDgXjVE*M7MNH*tGr{pl~RUB72}|HeyF7gDQvZI|HG#y zuV6HqH#;cDl*jwjyGltSU_m72JQy-Eq2!#JH!$*F7A;w643!QX`+Cc@{!olS0Du;i zNeX|BnK)F!#(Iux*>TMd_Sm8t)&*h&2kX^ETI(66snlo_Q>xoyYINRB`P z67`j2v8;X(qJM|~owhwtypElAq(N*frn8L85K>+q)&!u1VBQ0*5hIR1UL}l;HFDd) zbBhh5EZX8M=UE`}_-xY3bb87ImHTH&S2Ca7#b7ea4}6|TMns>KVDSDWMZ`dcv_VgW z3Y9t7_C0C88;>+}@7*ip3kHCCSTqe-q@2Q@6=ynxszE7N5;EaS@59mjo9v;)Svrb} z-r#r7oaTicrN_pGbA7z3_5_daL^xY9^{+8Jz0O^yX>QMhpW1;x^$3gLzSz_9^*kL@ zk~|vT;?=hCS1(ud&NyZ~j&d;{IKB{c4sD&o*n#{~_xc~Y;addN z=Q>H3=!A;-*7bS%;Y|=8hc@tDA=`lZ89IOCY|{cF%$YJ|4iS2VWwe#p^JSHP`xnM* zIwV%i*WuR;#*`6wsD*2rBA162FP!;HGLz*O;CJQb;iIeEXSwfKbzza1OK`D}7!fh3 zkD-y*b|r+)5l*gmw*_}vrS4%)H`i=z%^6+fVGLwD+hNI-%Y~DKsYa9c((NgF zC1?ZHve1>0wUA9a(G^|bo7Cj|&lg$Ksn1x-RLi%>dnvR)GSXA@eOY5Oa3D=7hJnYe zT9(f$3LSu^Kuag?lT1Qbrm?%Sn9!X{47XJPs}|bNe*_Ti>Fe-#n(%n)vv~URrc{Jd z9uoWH#K-TfQ<)`Su#lS?F@AAb8MIVvwUN3A-i-nS-+qk0jN-@76W{=0J4b_pD6zjp zDPG)D{L<=JH?F0mHfl$p-(uT~Bz-ueerf$^=I8#^Lgvg4Hh4JMnBaD4htuBOXa00f zYOwLaA$%+AoPKbKhSwm>jyT8LVmry3>+pt65^OeVPO;6pflMYFhY!*G>#Tu8PSos? zwKWXsz-8w5-56h;z+AEZi3@cr3$9_SHF4HP3_ITO+w$fw&J!}|?`{B%9b4w=E#_yD~%c z6D~x(z`V}Ug}SpnmFx19j*S8)E+u$sx9JlMVLD&~9hi^X_+*yh503%|YEcgEy~T0M+fphq}7*mGDVnG6tq(R>>?X}7qRj20x1grWKsJwv$t z6*Mcb_F@sHb~zVndb4W^AGi9wHyOKYFdcfnj%d5Iw>`MO@(5L-lh#?ldwIS0Z?}Uf zP3eAOMrMfv*`Zvq@+eXuWVm=~PW6+n8_)ntP}&M;1!DIum*{zxga~E|#_^9sF?#1? z&j(@6uOCG?4XOlt{uCS{p@FT(9wl0hdtnxW(lzgi9|&st`IrAlC;xxO(8?WrdZNMS zq)k9NRq=%n0*i~_9sE})W6Hr$Ko{E1KTm$JI)Q@V+o8?dQc!rG#Ic|x>OiU-RXm{c z1Ms^kg%3D+NA|L$$g2iu``K*UouxhSB#RyRN*>B5*>B1tq7ns$*_XLe0+sv9$v*1D z+ejilqvhaBwI>lxN-`CHKc`LURL z{UT)h5}syzDMed)!9`_n)E1U^)NK5svoYG%5YK_09d zNQX*e`9Hn8e`eqRJ~zw8^nWeM|KF12YEA99jb;?z9ld-B>~Kv*G8YTQybaSN>kTqK zO~?~sXpr@kmHzQW+Oe&qhl?4wutgj68>tp3q`83!xRZByj$7NVUM~;i)tg*QyzYRJ zF3v|o0!DHYJEzvyTk6|p!Jj2qjSTVaE=`wPXr4u36YwB!xm{yeaiiC=y;@6X~XC9t102P$|2@xR3x=GyPeKf-?#6rBNFJ( zrKb%JwR3&@xnd|Xf<{pf6t7tm#a-fnp4tp>b>EF$`RkQi=uc(M<0Cq{R~z8qs^4ZV zCM&El@Z{pM6POo0cjT!}{{^xPbVUQtplU$#S8$IT~PCPz7ex`rscE6c0A{ z1$=xfGiuHOc0{Co!5eV2D4})93tQKD|_; z@a-B+MKGsVQWjMpc`95V#pE*jxHqgeKh~#V>2P(a_3`LIaU#JisrHNNsOPAxFKcAHzKSJ@WF;Y~4-OW3(xYAs z$^(1-a;_fB&Bq?B;1*;t!<>eJKtrivg>g$)OllV>xx~xTz-sHnzZDKIY?@hMAl@?M zPehf7LGQMfDK_#x1aQZ|Cl?uIhIRw9C5TCXMf0z~5;$|G-9`vw6xDC2W~zotWuwy{ z&h9ldr*p3F(uk%7_i%y6Hgf@Zvb%Y29Rz*Fx8ca?+iH)x} zcBpD+{=9`lA`RyLf;WrSk(Jerri_NY;H|73-Xbz*L*oE$D|piq<*!2U;EK4&E{79S zG>G0-cDR87Rkgxm+mUZbm4@thstc3s{UD|kI_AK9#k$|s8J6h{E|(Gg*)~(7m&+}z z_CKN!I1e;0c2#9;S>ZWvX9~f;QB+r>r7O;SUNgeB&XaQ6FXv%s`O{oQ6%&ghoJQjx z+8^<=&`~+Dqc>BeO{{_9Ho?BMr|~DfvN_hwX_B3*KiPU>+5-FDa(G6vUmb-^^^8zvkcU!U`j*fQ%$uL#H(Ry%xUiwWOB`>dGM_8x3F zYdC+R$8LKISHQhvG+~UyO?NcO`ak8<^9k@HvBM)6Vyoz%af=auBPK^EE!Wu^+yFw# zLJJLv6!7uY2F3#btkX+!oxY07626I?h66VW6GtB?X#X5OuFxAM#UpCIX+c_IHuy~g z!!E#?*))-ar<6GYk2@>!*8uoY$M45E8z-;KhK3BRj+^DyVa%P4c0d?E zo@LX((#Cn-1B!kPQJNQqhDbGn*U#xkpU|^ovBT9QD*y*kcTA-;f!09qubkQ?fs`GV z^B!vF$9f9cZA<4DR+;~RpSKoDW=-(ah%ZgP#!J24^bmiTc*zBdppoN?-AB65yF`hBvqEKyVqd}=1cRpES(gr`?r~9 z*h)GY>^LbGZXvPI*84O>a##6h*k<{os+e4#C@f{|4g7Xf`=W>xCQg?=Kt{F>=+zLeY| zvAK>Zx%f*82B%4XK~3Ia=A_au{L6txoPusX)1#>=T9WOPtDI2=JKNdoR6iX(L%e~b zyxh}V8G~w*XoRd-PFy*_Nxvz?{01(DCgc^RKf2f8wM|Qy2cp+(o7%K0?bZ7)<%t#} zv~rG2gkj5*WL!6}Nwv}jlPw>Jro9sesQDwZE@<1T2vj5L5TUStw-CNpA0l#F`}sYP z~w}tJut!`k_W_LUr=2c=(}nhTnp^OyvuIY+QXVo z+@VZ?Xk<^_e<@k=tGaJAsIyC}C_t~RON|}WK<+y6yM7i|W|@Tsod!P;WyDE5Td6@b z61a23H^G>JrWY8ib3ZTaT7;G9i?kNRCEKr%|3}?CL?29_R21f9*`&~U{NC@k-rtJhoH9zk6Myd9z&~&Z! zf1Lg>!VBxIaJ1KCoM|Faeh;Yxe;a0}dMqq2G|tYfcha0~b=Y*z)|UGe!)CK(5P-pg zB`wS}-cY7Cj@h9CAGcACW*IWYb-j7s-?6-45dCZ)$d*L7+5KJ4i9~s&>-3ZNO}`De z@Sbt$!%k&t+g8)(f%~N61P-0q5%;+wG6d1ea$c)7P~18ur$z_`e=(-Y+NY#f&Bw)Q zD?8S##C#?C>?AW_&sE=OC=OF?T3*yTY|3dt7X|G4)?}`b*{UzMFligcFT?X8q;|FuedW!d_ zkxQ8!8YS!i9#JaEHZW`+(ji);)*l$)G~!*E?DPpv37l`IlVvsWB(~F$03jM!F&?H_ z$G(ko58iKrh}d6nAeMSll?_vQ%oEz4HPUkM(zs0=?aiQ9%tK!`>D6p3)AqL{rsaQS zc4_f=k$vql(mK)RTZ=f>Bz?pZ`5M|u&=D)6Ag1a^6MJ_S+vkdz(u;hz6Vc4H)WwYO zSDR_owftI(f|li$Y9x)6**r3LuX<$JNKyblH;B@(qQ>}b#) z@$MLhT)`w10$_6LfJ#^QSz4~h%-<$tf%q-21sMY4fI5c-2+8Nt7EvJ{0tA* z&#}AzEiB?sr^4Bakb9b7G^ReZjz4mFrmd+YrT#S_aV@A6b1CR=;t~Sg8f3Eq<9V@J zu!+TvW&M{EDU5$_TNA8u<#k7-XDtCfGNN^YKBLvP(rObiDgjzFenP(pjhhvTK?#QB zSBFxWgV1@EMs5uVHs~B@6^Olc1ntP+l&4uy*L?v8+j^dx3J1}~l^T?o=7uGVpGWib zI#*36`jx_M#>}zf}rt* zoPoJk#pU8In_MfEtk70c5FaYGUm0vkBs>~oj`|EJD>k`OKC_7;(B5$g{elw~qA zJ=h}jDugfu8Tt_nDhlOqpenV&SzRxg-I6e)wuX%#woA5kqgn$J4SoS6uG^G1N~%?$6~r*g%<&5DaE~x0hvml>u&JXiuhRDx-Hv zu))R2T1%?BaYBsAQItde*@t4M2YI*mkiY^deaN3?3>>N!;oPapCkQIsl)hd>&q4Uj zb6gPr7%tKBr77sf^d_KElOLTJ#GW#kX9W4TxYEr0Zjggx-*yX(WUcH{Ety*1R*rm7CV5gSSnNjcmBA?NiyXjo*IYzkS^O z-b!d+58epk!q`F{f%42+?R6a+w@~=IbvoXFBvAyPBQc=x@{VRMIxDL;5fp$l1(3xd zQ9D4!b3!RepPmL^wJr;{9NiPtFs$U=lyak^5s2p?x!h8*H$WT;a2 zokG0{l9CLv7>R2n{xD$AF&Y0iYGhm% zCYX$;8|X$RJ}zvs9^Ki?8Y}YigWxxK%IMIj0kHyK1{NnhcnmQ$aDWl(ELjFr489y3 z9@hri8*hv5@|r0q(TWC7Ygzdwcowq?XVps(C<7x;haN=vkr7b?Ep#TvK8|suqA`kv z%9X_sL8XwxMj8wAU$`wDFD=h{wEqJTS7=YP9V*q-Am3pe@eGs_qY1dx&o4l2qNTHczOIN z1^SQ%Fkdx$k8aa-1~_=iG$xkxB8!Cdg2NgvY!WgEm7a#)3l`5)9ZTZsll@tC;Ov1F zgFeY6LYkFxPU~ZguLTMIZTL_hZ~}%7kVY|sXi*SrV37NxndtiPDM)jEEiX&% zTNYcg7nQdXu@?kPz?Z{I?PtP{pEti}3p&i`6Z%0w35vl8c@N7K5yLQd*1$o}(4X@h z^IU@h(D#bte(b2-c`YfsP?}xJC8oyzs4>0stl*3e$ zmyAKsomRC%l=^=>|JancTgB=LoZ*_nbT}0${b+;1kgjdTTy+Osdwd9h3d@)L2c+R- zHzzyOE+x-%w)Wf^kouVzjvEh*C5W zrC79nsv(=Ojv9MGt5ReVl5TP2&Y`6=OGFw|ur(e`gLq$m{|@8QV)IjKRP zKA#BvrPZ9hT+4%z46eUi*3#pR8Ze?&&@w1oFdFhy0Z2xp;3`bt{jpT5&yj%@R|F7@ z8|*aKOy7G1!Qgy)SFv0f?iX~v$1rY3ADurMwHccxM6P zeQ0QA5o}bgXc?1ajL5v`>>$#Z^z_IO5lB$76p1?fOFGEOY1WK6WJ_d}F4XmBV3AT> znK@J)#<;QQ+A~7=fHMBDb=!mqM#@60qrVw+9a$UJfnpojy{L{h_lD|i8GR}S>V`@1h%iI!{(|LlVSiw)A!YPe#3n6h ztpA#`0qY|$KCn0UCp1jKaT&ljV|i2ea)C3eY*h4mSXy7E;f5I{_37q!a`SL!xYVXZ zS-CkMwyV#Asi5qx+HE2VOt$OMrxI>Y*KT>OeBIywx!9iS(djtACRl5A`{_tK=o=e( ztNMU;n#5dDKW<+eo@wWJs63iF3VT}`&)(?znU6x?4IN=R%?BMK5Rv#AU6fajQbN^kFS3yGQyls?biVZHNP~LxjW>N# z6!Kc5SY;O9KEy%1q>av)V|$$`F;&8iyiadbhF*U`0gi0z%4Y3^7T=Tm%AQ+R{ zxds8@aNUD=pdDB3p{d+11ETR7$cH7a<@yvw39wjrit-_+*NVH{Gc&pkGu=}MGatW; zkT7&ECeaEDFId%K8{l2r2_2dCA)%&i6!I6*vxslSt2>qdbB_2-dnTqGa_G0$xW=(- z*Lnp!fF)IdLbR#{MTb+oy-&EOoZ2xZBy2*i#Tp;3ZC)-iSDs&{N-r*=DsMWjA5La` zJ(%>ea&vTEkB&yJo!|0#xV}ED=X7)R-sD&Oa{WF8wFpyO|BT3qqj9SpVV4A6&N(T+ zK8(G;`hy5&ES+;uVT2l;ZH%Kx^$NQn<(~&b{aIU?{EXDOEMOYra@LjsTU&i z6dDWw_NuaGxsV(7Zj%poYiO2%Z7q@J~pBv=qHR;kIj zS{%7T!*!iJg%FWlwOC5SYa%hy1pN{AP&1U7&9P#iU-n!-+pWgrKs1O*FETvK^V!pF z{fToiy2JtV3c3Xe{y&}-XO5k^=fT=Z zksP1o8XxAyl-`8CTJjW#rA4KgtFC&TFnrU4*R;YpT@1fnAi);vkrZ0GL_HZ2y4O?w z9q!_t%?wLKn8G&1Uv3OkIxm^f2?k zW%~MNTR%rYkB+4{;VdRigpr81(jT#bS6f|u*z9+KlsLbZHWbB13QX~XGC0!EBn{O$ zY?5X?Z?#S@4ELyiZ?B-ay}J3d`&sQ!FKo{>xjA>O@O%hVP0Z5&2fpEA=lm~x^M4mW zGqe29^Ce4KdUglH$bK)SyV}&df46_gKp%;1JcZ`LBpK)<_Z_LIBAQnVC9@@mm?C{& zrY`|w~c#bIVz8)qk6>VyW?u>#Rj zSu>jUHPM@c9{Qq)sDTPj)+2dXt%c2DQXRxMQj_w#O&o^lRRp z;70-fM%pe}w~)s~{otxs z)q$ZWy19vh{5d4yM{J^M?UeQ8w1$U~F|tdLklxByGncUO8zVwf-9*t%bb~PRbJb?A zOUH|lROYwcr;^@RI>9=KE2%?>ix97>2+O7x`|lIq>xw*V{X~>21$V`*=UKd)W^{paYW_3N-Iwq7{Vxz%m8VQPowo~FR=Z9vfJ)mlZ_b*&P%24{5^tP$ zl&u1Z)S#$PBk)K1pVR&BV&X{byd7>1CFg7N$u*czN6#-F&u)4@V#AIpDJgebwI2vv z)D`(ndzFj#YIr^n>q!cW8`RmdX*X~y-2H6#8Of5?YfYiN+X+1L2*13TanA)na>NbO zMf2e8lG_enx#)QM(wa_~oNBf*iGjFWvOT5v$c}quv;!jSyHNlPIvTAO7G`sjMnJ2} z_f#c}O=+vp0nK)pCYB86Di1Q3CuO@-Q|^^(t`Ux-Fiyd*LM(}Kgnh*b>qVS5cKDcP z-|c$3i;my9fzcopkS8!oRg3wUip9zY)b_6IST_nP{M7p-U%onrZBv&oVW#p4>c`nF zxebXXTEDJV2-F8GhA%^qVZ!DoK>E}0@wQlkPNIM9XXad(nKhkjAgL3+mwx=&WUS6< z+**vb9^sGL*K#Y4i!3h);s^*=lvKI58f}^BpyT5@$%%9qIZniJw5TvWrXkAfEpV4* z6O5D)EidL-5Y*!M!x9&WY({{GI}gqnZ!6iwu$RTD<+Op$hOC}beR0y9qsN(*h46$8 zDyA^(uliFr>+H*h4f0T;7JtLN5BQQEd0!=Ps_nz6AQym)dk2~&rqXH%P!^dBRm}@l zGFk_D|7yl-VD3!m@KL=4n)$lisy`p^Vu?I|C?~{0Exn(1xQNGBP}%aB?Qt<^q4yRC z6)M*AQQx-tGTM3#Q{6-Pg(Ap0NyV7vs|h8Dp@Liu4hBij$j$X?MiZR1Tgae$`zCwF zOajMOsLgIRUtWjwqJ-e^vul#gMa*q9i~wzr0)hX_)eK`c<&NykO!q*u^*ZCiAphZ( z*nL=ujf@&`(5PJ;lyzjB!TSbPUfp|-7Upwceeg?&kA&nC6oxOWSeC{mlZjr`IM^^k zL8F>fmon1C-yfn(p^h-}6vOiIpR*0zWi>>05|q4+DFwQ4CRsebLxW;y@#liZ9y!@K zL*hU{Jx-3QTQaQd>!4`;e()#yV)Fhmjhf-NvHde90}`g*jHn_(m#E;14y%tNXAW)1 zRIx&*NV9;^!w>hd(;X|~sYRVIC9N@5Ra{d_C!+2-y#%tjNJvfz=0ABGK$eXi7V>F+^wDyWkt4ZTPjpmXE};J|5p z&soOUUqbuK0t$XH@cVQ=4RIx#M3FB(RKIZ)T7$RD6cxvUh@jX2*pYLDvRj1mya%Xz7p)n0eaVmGu4&#wZJQ z*NVZ+50TzuyGt!{SI^s(jnQpMd%XNUhAtmq8cD6+vbP(EN$j6C)T^4u^NoVNS#;)P3b2wnR?50^UIVt4~?MoR&6Q+rdv7eBmVs|FGZ(D>>3G2N5 zz1X@1j~t}Uw!3+(JAbFa`O?!%wx`q61~qxf@N zM?6lsIm%QEg~~-(4aZY6BDh<_bS$(o0s4rl$zH4b`q{9I8)@rh@b?+RsyBTxf*~YC zr^L)hN$6wrqG9XHwv4t~e>0NnTx$TOkRSD2m_mP@Y({MB>x;7U(t~`msdlzFvF_)E z;%SJ&!~c7+=%Vr z0ttGknEie3*}g_W?`s$1<9vi|`AO7>Fadi|kR5ic8Yo0s@Ig=8@OP|?^dEsu@iX{#w`%HqIuP%=Uqf@# z>m$c?E`9GGm|a&Je453v{2AO1(rkJOWDK?2+tT~I2-IHQN`>CdV!@`_M2D#jjcDxa zNU9UA6SZ2CqUAiGA+bO$Nn_OE|HisG&~du{xxdd4WvEb<7x}RC0W_G}L)Z^_QS5H( zKnTjA%Ga7EexRFcL7&~+LoDqW5{5pgYV8K!TFttsvgdh`le$H&EvP-}s+wr4yMEPV zP+tkmM(?5H%85Jo>>I0b{AI6Z$zU%qwmM%`_8$Y*g7<&l=(LKR^N@W=;r~4F1 zsJVBvO5f02pQ0by%EMFvS_?;0p!>#u=4CLkxo>$9o?nXShGQ zc~TNlp0#$;sd>OT)tK^Wd}M!Y$}EoSFh5nmYw?gOEUeCdo*NUIL+tPlDY!A8;oiub zJ*zjzolq4kF-;sfB~=9a3F0Js!A9K9XE|*>f!l=uAphIXfN5vv=jq|aai3Fn!zay{ zExPqClYEjW%JhrlzKPLL3dOlHUGaz4pM_06RL$O&3Utrxl+bS)>_xe*vF$G4{$}Be zIU9WQX9O_oDOX0L`xAaYM6#`50* z5^_?cn-dJCOdgC4VA0`xX3gSdA8x6$hzD8uXAY)nD1AfT#KFj|a{0l{@$!qwczyb+ z{MlFLhFH&kD7RVADOje+5;l5uDc!9Wks>0B-e z+1VfLK+M~^EgQfZ@4e@a)JGR*C@-i11XRXi2THxdRo-~9JwpkZ5ez32bc8}LDPz(O z*#-vLSK)1=9rkzYiGp7Z(s}f_(WTwrtJH7!0D=^Z#PlSNwDrIg`n_1;uM?x8>-$xU z2>ber+potTu2t6JqWV9f7(_Q`n!8?S3^$iT*tZeE5U)rMpJX__;!qW{$dV9l&$SJ= zP$*B59kQQU5Ou`g88J*T0S9IE2ZB|7mxG+swI-?Z7n1q6P$fQSvkIzbn!d(*)cs?BJPtJ0WO&MRi@ zQvh9vQIaP0FDN95ctiTQ4Z31(M#uq*nD|5yZ-RX*#kG(~+8=vSkaYnSxn)^s{D4Wy z$$<$E`bMbqeFHsnGC3|@)^;?RyWTM2I%}sv_A2VhOVhudga!3>&KR88=}qW9sjd@@ zobnOGq+=v|(U1iGCEGqD;Q^Nt!@u$tD*!`S0sYR_tAbFPxN#b2;vzoE`~gR@hs^Te zdkf{@!{zZ&b^hs(yx7cp_k-v9qGEuoU0tbT&L6PTRJ-uU{LopYW=678Z|(BFz2M3% zW@Qjxa1l-Za)s#j41l9Yo8uVDaw?6#hQzdr`pCRZ=^r9)U3%W7Q)!^@i-d|4wm}If z^PYpAs%&S;5aRKzI)vg8f^)6Aq^f58`_|w2gg=znO?EpTLnuNi z=5P2PdbHlPGt(7~yKXE>1d0hJLN|!NE1F4mGKC#ij#$=bq`^9BJ#_zg&7#2jvY9mcEJ~(^u(3g{v#^EJJI}A- z%pOd1WL|LS)g*wA658p>zd@!(OWXmK?sZaF#iWpE({f`(7Me6_TV#W2S+FD)l}r9P zF-J@?TVq2|s^Dmer(0~3LN3jzG(Tw8QZBWWX+(&l?f)EElt~C~hH1hO)Mo`fV#n7xu~#kYUfuG& z5rc>&h)139&%tw_+aPvX*w|c=1y2|NEj{VkXKk|%ps7Z&~EX;KvH}C)oF{O3`*hb5!AyNr+G|JA*cz@raV2>QhB;|@k6AI14j1`C4m1IWAE79 z>GQ>5#qV7s}C>sb9p~r+&08EY5%^Zk9J#C)8p4${P-O040%{}&jj>H{@wDy z9!FDUL^hh4@Y_AdaSbc~?vfPl#kP-s#Z{#%nDZlBnL|;XU-)bImo2^}S_A6r`Lr&0 zUJ1l;({wGFtQ7fM;N{n4sB)rU@9}sUxZT?#NqkSfPArr#>0`SZZo(&NR3d(^?=Jg0 zsw(7Bp1pa{Fbf9l_el;hyVv$oSLgaeMTN^x2-8r3#Xk>oLHE*Pq<-m!LbfvUiI+Na z2t77~h%xPXSW)wGE)e_*%KG1KCFK^nb;J4{YCl`ra`1#@*3@v|No@$!r;u9(-taW^ z!Xdpvo%b<}LZqZTO@!(0Kr&6?r2Y&QCluc_@CX?4Z}6=ZJ4^4Xu>4;>%S#Y;IbvT% z+j)e%`?K9Qo9}} zqBpsm_Y0fh_tDgVv(WjLiXdnxwc)xTZo!THKaD-VDl%+0*n@~mtM*!$tsBBf`mojKUka^ogct8I?+MdL-_L+|vov)EHYH)SpwJ@4h&pW3ijtkH;bUL`Oy2fRGt@D_Tyu7LQop{EkRApt!wYgFEk;sATgOt1NWhWZBf+oIw#PXtKj1r zlr5V!{WGsvtcp}<2$n{LqT-QYbUL48BAhlg@ArT=rG%ayX?8Z~H=OunT5ZnvBpzh` zC*|79?INmrh~PP!;zn(%z&@5Qhhx?VF~<$rSEV|#2Dap!v|O?ZHU1)$^fPi$P87>U zt{KZ!v$c1@ymS=~2a_Ga_4{KG(p@i=1@2R(4l(IL!nH1I!hwT=K5a|ca9z-rS(JKy zB94M%;_qq}Jd;r`G4=!a2p?K$X~ig2?4iiE5X&nluN$2aZW)!*ZB7ewNdp0v!ZG}- zJORjCwa+v%%^fgJf0MU-j9^QJP5-fZKnVJJ z5^?dxn5@a*bg`G2broTVzco_}bHESF! z+x%I(qW?ewds)8SlOhqUp)j!dGN|S_h8)R8hr41tkGKen2g@)nU1i1=;RF$((8IgD z(cQ?|(y{SEZuR-~C{A?yQaiDFe~ah9?^>!TDub|?bq51fMXHe&xUL}Gnhn|vUQ}#4 z?-_uk@)RGt6qj3QvX_~h1oGlq_Vmwo z1q-RC8=T}9kC-rLF_SBmb$DU8k~2p|z>QgBzEtIUh8(oJYhtmYC!C6MkBN@CAWGWh zK~}Z7M_K%tLu?p}rPg0 zi_J+kW+P}OdnS&oZxJhme>Tp4r*>t_AppY}TFPDf0n&rSCWasETdeY?KGi0(1%eST zZ62l64KEL4e!v;Rr=|aSy8hR*!4Hf7 zzdjp8#|bD5G9eAS`99pmgT= zlHO18 zfHT_fYJd56FgiW#rcmsRk`hef%;7bvz>DED3ys>(OTd+xeZS(Hs^cn)LLCec6R{RKI!7M(*}s)6l*-C%^LBSHjdRr>uVaO><^NkK$n zc4+o;oPf#6vPB2Bv;S4q}cQcc; zZl*un*`fG!=SDaKwGyeX(u6}(Zc8-wr>4IYs+n6OzP;%~0NZKrlvA*VwzD@OpovenM2L$$5L2B_2MAKbM{bOmFzrvo zjnq{e{N?pTEfN!!)fQ>rDsI-mN4Y2QkU>u&?|O~PCCVFJkc?;)Qf7SG_EzZAs(y&! zZz4Yk-ip)@_Op#>Gnbu@%f%)HNnOe>=MepkiwV-?u-$4@htTbFJ}No>bO;{u;2Pq1 z$Te2ID82nIs(MhqszaDvL+LTfA#DR=+zT<R>l782WVSdC8wa@ zj!Pqp6yY{4u}jX($;UMEY-sr9sgS^ewXrcicRlnW$`RCsn=$zg3u4W*wSv@kqRXX= zMn>8eocRvAmo5WxiI4bV#C9W-<^k(q@iV(UmTzGHEA4s-dV-M<-kB*aWCA)HhPV55 z=P!t#JK-Co+aC7|D3lxqapDe8rRQHlvQyb-MyN+pbDDxRWa!AlwesY~u$;ZDx%Bch zB{#%;AHZCIB%?tNTeh@|vdN-g4T7MuyW@#9DCZY6+U@P>nX*1TRMHyheTFqy%*Qo)3thB@KjHDB@tkC0)FYcQeI`)?)7M)W~VW=FtO zl_55%h$!g=>@~d#CNd8VN^Jgm3I9Vx&toDzY`Obu1pL=&QRs@}K4$w%afD7#ayL|b zw`q&v(?u0T;=evWE6i+U46KBTFlf6Bd;L?%DpX*Pd>CmrKer^dc(vYHQIrN|sQYW` z+Av*wjQhfZbPV1&zK(0K* ztP-kdNkm#netbGKwf+iFhO13(N1)qUIVEqoIEX6imCdd2`#1PI*LF0TH%J^9HXk?3 zT%3i(KWI;b(JgoLE_;=BMXYn*J(+7K{Z`zX18m zhTTPLh)RnDF7A5jM<-4>nxSC4-)f?JBIn(`cx}&q*JHj_}oi0W_iY3A1n z+a0*aTWyoCNW5=LzO>L08f%ozs|TZcaUAqyS1t0Ys&eDJyJ{DU$y?c7u*IK(?T*Qg zNH6#U0s&Wl7q?r@?mK_1Qe4)vbn=@X@?*kQ_5ANIe>9+{{H&NqqbXJzM>Mr`nF7pA zw{t$-N8m0xO9um-PQv?!TS07->+G348ZlFxDDQmcB`4Ddx8jOI$oEtlUmxGq2}k*j zp0v^@#RXmymXH8R)UOyb@)L>QpjXr7aOLp`K!+m(p zq_@cI?qXu_4cA?oPExQ6E$e&MZ`zEv{q5z)W&G)qh@9dNm!Wi>(qdVtN*Z$$^jK|E zKZ5qLDqW@Fjk&6O&1DDi#j)Ti6mWw5yFZ^@(wKjFX@zx06-eWBXoPhw6+pAGeTb!- z6Rb3sy8;arL5&3$`kryqcXxUu%CYN#tN3aK6Fp6psyHR6=y235CS;pqXJYxBv&A?Y|;q_FXJ^20J-QUi1}i3K8jV6Cu3} z{2?hkid7gtAn>kyTVfUxtVFDr#!MAM*at#WE{~jCf0(}f{O3KUtKj%9G%Vv0kNFzC zwIo$BIO>tWut+mwyJ$k7=0ZIS?2yB_FfE;8m9EB>LoY+^z$B{v^?RH*e!SBZG@Mf& zXms5TOz>+CP~rO`#z5nKOat6-W<)a?sagfWM_*H^s#LPv5{cklJnm7U0&ixw$F7-f zvh328g2|S_5Ham4nH-uA(Fs&agPhS4g6!9u{rzI#>%*N}pu=I3!Fc7=XGsNP54F>< zMR2%?6jmJ7_&EF_ARxQmj-aU@S|K|6IeC45;ipi_dB6UC{RMcaD9N%tko~pF_VP;X zh9e@xYr*Q?XAs0bMz+vf+k$I>)!osP*_*v9JFH|}Z1O^)a2|=Xh!sRooBArIrlD{w z(p(i|DW&}pU<;{WEnw<=*guqRKOX}*%AokO4Cg;r7B4v$H{(YxqW-*=(wLr1L&9L*_zH>sJZi)Rkp)OpT z5#kOOOq?2BbE`zMCER@EJ)uexLO{O|Uf_3}eCvAU+4|S=TCZA7-?tQ1kRGQ(AM#+g z`5f~*J1aZsr~12Dk0R^|f6Nsw=YVk&ZNjsiY_!n04Kd1&1Z{g{WGIv(e=j}iwlbf& z8Re7W2r05rPzYB)9*K*oG%)xb95)pDA`LZBL|JHqPw)rpQUxo}Kd{}i%LOk zPg6OB{asS2va{~^=`t{-wJ2Pvvy`eEm29ps0dtm=Eqg*a@qQ)r&PTrE2$-MvKdQ^Y z>23-qzIR)B6#&QAwAp;6%bjJnuul;)ucOYVq1g$kiO8&Gomc)*>m+#>hJ zmYZ-YXIrT~DgDsw*5em%alL;B&0SzkJz|mv_h$PV3BOL%i|2*z42~_6z;|z>Q-irZ zjA?>W)#ZW^pm{_?Vk-QNCbw zaZ`m$1wlj!4wVI1`lp^mjvXz|`9`LoPQR7;Zgo(8ely|e47MC8`gC0dw#5h$LU4&@CAkT9j=_DZ}%zY%cl3{Bwt`Yp6>$<&ni z6`lW8bu6+l;>qJumC9_Joe=1`!ntdugb7E66#;@cqFU38 zU8VL!+=y^K0WZ0O)UUgH4%8v-^7GF_!n95mBTPYdW-g4L0+)%&Gox*LfltFs8^F)u zB@kM}v=t%Lfjd-Q^pU`hN(71ZP(r>*`o$TD5R3~&iKe@X_#49LQX+@H?L}4@JjaBj zNmuZbDDN>y&`AD#aUL&3F}Nw~-?MFbqjZqQ?{q{)ZoGz)&mh{>4Q?EoYy`w`JlPxE zp!NPal5*q-PF(C%h~J7nd5-M=`)u$uj+Nc!*lnjDxBwazxVqQYv6dRt+6a>miz&6Uk+t!DCm+wshsUQxDGy{C-yp z!Rc_UV^I+>2}|N`y7D-#KpC^&>%oF>36KS2xPoa@9T=EDQuQ*N(YSmEiH$mHAH?G< zS{zWGKKU7g-I4Pdt=F5-Ub!3RBnvf3ndo9M(ngQbDZa*E)uQ-6Lpwa10(43XiAFPE z5X)YME;H3IQ!zRHg8=k~lpNuo81*V(NyZg<^H+I_k*0$j>1{Ee4hJBhO*IkO*!Xur zJY?%4Y0yx+#x2U$EH3+^oQZ4oup15YPoN3r{)vqHY5G?SmNJEe&n&$?zR?Rp%yBSM za2J0dmym$w-X-hCH!Se~NHuNKc#s(3NIH$N7;}iBVRp^Z%cx9G3dms!{NOL(A z&&-@QV&1Q=Ml$d19(`&hTOX~{Y!|5}=#*yimLnANh9rY)4*pI7VNM z6(wtTS1=1V=>reJ=}!*B%#~cIq?m1r+Kl=qiZs(tG<94Df$E)| zv#Fi~C z)LY?wG|eXKs@^?AVpjr-dx$g{%`ad-*5-#jcVjMaW9nS{Q1$XeGyaOPad;t^l9*qN10n@>tM0>`iVd2j zctf%bn6pdxL`FCo3^2ci!s{+OL@0oVZ&A`ea5{P(WT-ZX1Fuzq$YWc4 zr_(s613qLc9rjf;Lz`z>9`dDJ2HI0TMPK6{OO_hfkC zi+&1@5s0d1h^_ zTM-;H#H*k8S_<2~6IFhozuKf0M?51U_96+2luj71U@GG5)z13Pof5|{-1#Gb%C^uz ziNSoFhkIBBxJu36N}0_ZZznqB<$X~)dU2@o|H*BT6YdTq{+1+j&hUZ@X(SHG_4^?L zgbLfUzUzppk_dBRo~Ds=X~$ScMznyYHO5{UeopLb&G&xFikr~jETWLoXl<}B=olPm=}XNkH?okj zi4GMywWDt8``4ey2B>l*; zx)xofJ+)!vca$o!XwdzJOQt{ZtgW1nxUTDxS_o0g$|d zXFu^dMCKYp?9?haS{v^uaNW#1K?X6*#atGfZIUkzDx&}y@lg_CPR#et9ky?X8?JdB zaxAn63;09Ch0yE(i?6F}V*1p;jZK#Z!A`f8@lWn@Pzr|A{GG({0)QE+D&^=;HN<3d zo^4EDHwi|s4wUVoy|#!bD_+zKKG5bjEY%svokNfDnZWohW@~D>dsxM?Rkn2*L7N@1j%spo`km(Y4 zi2bob%J;sCWp~QaKDdM)k~UTI4`3Z0tmKQMKo56$uJG0Q#EoBc|3z}FaAQE8cq>7& zh}YIyO94SF;(|ea46>#d>fA1O?56*W4LISH*`^ zfV|U(0$cx8Ytb940?gJEA3k?jdmp7l?QMT_s z-_}M}6rr<}G|8|m!s=y3E*_|Znjf_Z$649Ce=A0z5W;iaV7p}&j(3h3XQ`e4E*Rs} z1?HegSS3iPT`~RZOi>!?;B&0H-O`H6o)iC+I=DwsdtvgX_op2Hzvk zPD4nH2{j@X6zLek5YD$t*p$P!E27XJQhxw*3UC>ZGsC>o#d1y`$-GF#F1k@C!vXy} zNU5e zuwi2MaC_6RE)6PLdI|JpRzt-T`O}>7$dEHgDEmTy+K>6Id+_2$@UjkS9S}KVM?kUI z7x~ZW(+hn4vwt8+Kp996ey?F$G?)pG<&&`8GJ^X5`&9N*Q~tks`u~SF_%^FuCyyfbpBrGoJgp}%D|d8~@3rEy2q9{jF}L-v417y%+m!tlFI+d(2hd*pSztc41vZ`0Fib#zooU?FRcf zJ*Zq@cbfQndd!FoWO0$>uS)^1V%To!yI6Mb9D&c< zU5U|e_qT_e?Tf-g)NcX6=I!Q&!=mklK8M_TCMkOT*r|@pzYNOR_2`lcbYjr{4=Nlo z&?UtltdJfsm!;|}lt77)28VQ97Dae$2)Fq8O#OQ1erah8uq=v$BM={5aU&hsV9u|U z>IuXANF3I|TTX2S=qlW+=tkp|3m8h1K{Ibg(;k?75z={ifa>KVeV#5>r>7M2E(M*j z@7}Y??KibmeT{wgDqGTDGC`@EpS(VvXz*6nOq3!dU3{N3)sf_cA zf~H&Gk8WatWv*n!g#045a@_WX&a6`Fa?H4gYRN+^tz)`>5&6f5McVR23WYPPeD!JD z^svWkk3$r{h`BbLJK)8t^P_3Kn(pXWzf?{Hg2Bi1j`ODH0Mcq%SxZY zJ!r+3Xw1hr#YNB<8w~0A>Qn*$n-p&^2TY5^TOU#QkNWQUTOTOWW8}|23jb-53zU zF%5}tzhps{#524&P1=#JAtIE>q>w8w8FFA8As6#hs;Sr&+1i;~Z?pXL6FZGz-Nw!SS=$(nXh1*!@!u#*s-E7) z=)Nq74fvyo>|yI%k=FM@~NdBzn43(LiGslZ?l9A+4m8cI=F2Hsm`0b zo?&dNUB1zI1VgoSNK69}0X}eCmsy7Gz3Ar-7}TAp@A?>o^wmQs{(LrfpyTe1O4q>O zG1*Ri8>~|v1(-1+T*{48mr~KMnv9%W!@s}c55^c00tHJ9o8S@i)rgeXT(S!p2skJu zoKIpr+*!1KU9m3{gETdSKtBqJ(f^gjM-##)DN-pE0m?Tv?X*eed;ujlUE;OAVPq|p zRjkuKLr4sXKfp$hx+*JMsgd`IS6$jlU?gaV-Y$x@XjccyxWcUglkNRMIYMZOxepg+ z_Dlj(W!;9$&nVbm&a-q4RUd5CX^w8U@eZ%{YO)VWW`bAo&;>U7diBU_+-8))|Ak*Je*~NOI^E^>;qv+3f4tqlz0ZxgTJ&*a+Y0M8@_KtTXUyBW{o@sM zhlGux7=n^FLnJFsA87CAr3oCM2Ii{pj;vH8WYpQKY)dX;xvZT$069eUmBt|2kkRnN zu2*W)M0e)xr9t) zb8EFUTTMFbxbGmcjk#=2Hgp@K1^q;GIKd{V+xD5oD-L#6+ThAiNu9=MhsQf{->~(p zJcp6csd+*e;EhOo?#qfFb#KM^J`r+n*Ui3=@zFuvl27FIgW7v6o>e)z#&iex+S~2n zlMLpUlwuK%g?gYhQ0?scCJ!n@t9tF9-`O#@3P zUt?qlBiX%LW^*G+SJ;%=K=?l+paPo(Bp||~0zaUCoG6i`&njeM0$T5yEtC$(2Sw~# znT)-6p%yyEK9P<6;acC4M~(3iM35ANDnI{~awDc)KgBcFoZa*|<=X7DI=G=DwO9I= zbv9OdK0}r?t+N`wjg0$IE;-BJ=SXetxEH@HE3Hxk9t zqGUM6@qp;7B@9O>7>>Td+YpR(u`bUOjMWo$t4OGxSiJlfQ)@+?a8auo5nPh(G>NX7 z0>H7Zy6RfO_|eQrYaeLy9OGdIeQXxe{VH_{o@B7ys$jSJr)3H|;(8h}sqMACX5&WP zguqtAtMUYDe_RGj?R1YKBHda~YCRH>w@5&TteO0sbN9ELPG?W?l)H8ouiI_o1v3ZM zX81a{A9K^r%w~-F=6b>&Eur@|=?LR|Cm#K(dFpi=Q{pho>U&HxKau)JodUf#I?EYH zBF9Pw6R4Ai=JEp_T<>bK>#EQ|7ir^nI?>`}KGC9=$&t)Sx?4+0X0JDw=hszf^kH|7 zp)mHt_C6VAFHedV$IW1NA=$%QX>6`;7dH>@>;3*MD;}@K=b?}2XI*ODhUZ{+;W-d8 z2hp3sly@v5OhuU()|(e>1wWVt`N5O@6UF6A-ea~9<-uOFTqUkP>CNXE#G3vN28uj5 zL|91F=(39vYOVUP4F3Ai>ixf8;=(S5ePD6TMl^^b7qGdo^MbGxbFhHKmq7Snt@IKvmMq~Rqo+N!t%D?QjfL%_cPDDs0fFxM)f zSb!qNzX2xp#%?qm#=i+CN4n}g!6x@r(r}1>hh)w&aZ;DAni}?yU{l# zezyE=l$#fmk7w`!oMuE%>O+Uq*e{1EMn#Y@YX0y-WgLg-u^M1&jk)gV5>xjo*YxJ^ z2+qN+dRx0TGIfQG`+JZWdvTs~gZ?X;o&9SYwwO7HNI#>bBD&-d``qThn`7^N?eG6S z=VRdXCm$=nP0cQHv4sS0e7xjQ#rNKs>Edqp#Tv5qY%+X={rv#Ju`Q}dt)f^goA1p} z3UM6>K#8w<(7$M2|EuO_{*RiUm5qu0e{GNd)3UMK`oCjA?Uq66X(EcK(AyAu*r*qZ z#&r$~s2s(JYR$E7YMPd1ynFQgSn-tYD&=fyo%rw&Am}1$MI2wISVe69>UiWo502~2 zD)jh_x2Hl_;0^D*7LRJ6kkLFQNrJ>XUh_WlztyV6Ke+hhUsPyhi__fB{+4}vZJ~-R zsa7jpnB6F#DZdP>8GB@v?p?+G$p+O`N2>R)^#y$29u2>aUsJ*vL-C!ILxrLSz$CZs zU^y{9y8;r<; zX%8XGV}~KC5(O8mvrrx#O5F12OfWsC4>}q zLv=4wK`Ud&YtPETn&VS^v0H;(3Px@s)A()9)1vE|d)B<~yU0IoL`d7u7R==~k&OQw zn{pC&!jV;0wX_vFO>Qdtj^x6*EbpchexILCfT|IazpZ`qs~VL-%hYD&-;U_;|5z+l z&(RS-H_=nSAeyHT@}(Ls4S%t%l6@+Vwt2S6)|r$iHOaF6F**xkxYJ!=Ymrf~XpMW| z(3GH?RBV~0%Cz}&XzT10mY^)xU7TRuy#jwFZmEWS_XeD6^vMc%`69DkWzjbCv8Y?r z8Z&HpX32Gt@~T@`q1vXm!8Bg=Jd`JaQcfz;1+F5XDMh)_BV#`M$9vC5lP6mO!=<~P z`6djJr;@6ttceUBC821TfkyQQu6iqO%(b&)WBp$};KdzS6>NMB{;7WCb79?d^W%ve zxgCaNxz(~GQoQzGK|pXDa;un^kDzX1=j6r(%jP*m>t6r><12sb1ku=p;7bUB9K(r% z3#(LUY!5lW`%k~{6lMfuxioJ{Aew*W$__cvp0AphIs3>9S5{R9rV{~KeaQ1R{GR(e zHSMasJsk-+$wR20DS(0-<492Tn?=Ji^Yv~y6LXg@kMes{gR#eURiatKgs%eB32QUV z8F{MHpVhh{g~O_b{+ApO=~O{I1ztl${vs?(lnAEsjX(Lgl8-+Y^Pw)CF_HS4*kM(l zFYP++-%ozQD5N0|K|)mU6DM$ld6to)zFLOyKCGnv;Cit%bz!Y3MjUS(TH^}U&FY#} zu@(pMa2j^}4FXxt3?~07A)higHg;YDurr%8LfFK&%^i&W&5|}DuX0M14FQ z;MTQX_qP*qs|Cj>F~gpX6PkWZ%k8|shb$q+rEx)E@MIwn>Tq1XJ4;^@$`+1^4)jq0 zw4Q%A)gRBbK^(6-vkZDA^|4<1JiRp&$gcD>*9n|Im@mOz1_Z# zPs`lJ_>i=#!wijs>U#kT6A@1bxz!9#l%G}ua6xLYNUu(bI@q%*ieiO|YdydWYrIa1 zte_R-2hriFr{Io~q&SA=*Ip)|&2)6UD{pQ<+P$E8leu`~!Z(se%n}V$@FcJ@*^ATzeEgwCHDt7dz%a;}UyQC^9)0s*M2I6CeT4utdT{P&d% zv6cvlJQaK-77iL*n6J0)JXDJYbU!U+B!$?&g9gNqW{M4kH!4MC19#&$Dr9g>JD!RH zE}1QBHdBT{ku;+-rf?|*ZXAeI|Ek_qz!EwsW{Nr2i1D}+(T@A0ERrClWj}zW{l!() zOl}$F*0m^$sEh33jjszmf~pjULVp{nM*1u?BV&ve<)#CHX35Ne0LQ$5>CPg#_tz8j z@!$34IswKeD{V{{%$WL!#{;B5Rsm=lL@)DmIT=R83eJ9}GDuW-lQ*mi`Uk$&;ev$n*x=La5F&fHV{^ zcb=^puoRO)7nJFR`g07M=HS#A!hgTQmuv5U|Cgnz@bG@`)a;jG&%vvZgii?85T0)<~Rh>3!za`f*n1q0>l62=617TV(_ zMGZKpa}*X0SeLtIWiKnhZL+A8bKuB&LGGu3c8J zv_1$vT^_SWY`A%|9#A&MkBI#(T@RQZmlY2%;X~Dr&l&oK6wkrL)mp|kij6^z=L#nJ zYD#XO9}BZSOcIWItn!FVEVkh+Q`Teajx3KPLx`@E^xZr!hLET%^`Oe9lQZEj!!Fc7 zGJ3y@@%9ZYF0t@82_IYE`>D4Miu3JC0lp~)VYu)RV)S93%M!{s{!gJhLj*DEmoaZD zC;+*y`(4lqt<$P(P3LX+DwKvmr^dk4rjmFfzyUnzA_zp?Wk?&IyiQ1*>YN*cjbS`R zDPUjY1`KBb4HNg>RF+qzc{PJvsR)|RAq9fYxO-nnQ4^c$3`d7BFG7$JHMxx=d{fno zJXp#SGoh_vk$h)3K)-}0`?kHxVv62O_4L#`XiHQVzDud+UD0H0=r7&k>AyaLQp8zP)LnAI5-oCDw&ZDH6VlkDNh zVPl6m>#Bx0AJ95m)Vi}xW6k5c^4CeLdlT3FI}AEs zKuTZ##Vl!rl1;0QhWde3>ST-|IM_f#JsAOOLI_ZPIiDlcCDchnKRrtR-Vo`2R4gzs z>qrhbHS!WRZG5{;zm4$Brqb&k>mKg#v$W3UB!)o>unf(bH_B&=xixm*(niemnWbb~ zC7JKuQz+`4!F2k=);5R|A?(|J8M|%V-pV|hbsA#N5jx-a;!rThX2znHRb(mZaF%Y! zZLx%jEF<7U@m0qHz<$F(g7&ccBd5s~+nGzuT9uDmx z8$*J6u-FB^76C=XqrzHOef9xC9ET z-OszH&BoU2ov*jW&RhXHI-2>F3u67pDFp3;A6 zakvdo+S=Z?7zPoo332GTv)@O0JF(J+DzGj=MihYS9Aa)64cSp7#Pwl3v))ZlnzkxC zZ!e9J9!r=e?{(ligb~&(;5$Qzf$m)eISF_k+$rde?cEV&kL#I(;(2&^OzmX}S9Z;q z@qh)NjSL~ELRA#pI7j@Gh;NA*%LZgT5$sv+@7!Vfnm{=fi00B`^X1sz<59b1@er(8 zoVctrH!lWWHD5Z$t5A(I*8YM%nlVB!*)V3ti4Mgd-^Rg@{0ZUzYiuQPNeM)S-Cmo) zktBxM?X^qPsl+u*al;))>V7uG#^mBFv` z(?#`w<-og$M4fVUWhvWJxuo$A0D)VT`^y_1<>(_XDHOy|($t`(Qn zkw&M`t3JJw-Kk+QJu!PG+uiLn838ynL>1>>m~06Hi)nEqfThAT338HRRPgF`I~1Cd zv@tqbvQYMT#np@hBjQQp0)!I-8OUlj+UmntjMGM^DxNrY=zHmR?nb5Scp#}OJYINK zOS%ph`d^|5jjpQdPVx?1hr0Lg`P#|l#hq`JRMz@Z;(Jw|)Z5)O=V8Eq zUC&t9|AWrv;Nt#YuV>5ZHb3+e(pQdNzFne!206Jh<1iE3zXTGwOxx-(Tggb__;U3! zx^_>C6u({o0l7>}Vhz=k0h4}q%+cUs_s!K%wpAE_F(!vTmLL}*AhC|@LBuQ_5PvPo zV#)%Ybv)7TJjT7cxOn!#nm z(i3?KlkSF}L60DtF17~`dMyVK*pf(h5T9rh!yw>j2L6$XU?zkD;51zsi8p|oUGQ*w zct_6tGxIEpnRQD{*Iy1lgaK`Tv;PIxiUj| zvOr1;ixnCK4g?+c)V`_ao-tawuL71!TQYzI#)jezLGF@AqPRaGpDRTN9%;ffCH}(Y zaB%`u7Y@wH6=jv9u$zO|>*?e0@pjb5ANWr9XQ{5MQQD%FhxSfOIe^ciaM5wFOAIUY z%CQ=GDj*<@oW&92Ck2OE*ur@;RYyrDhzHHBljL5IKKE9^jh@*qqJhjZyI`W%6WBdb zr>+HzI`uEj_Fs`vMADKZ0ldA>@k+H*OuHRDUj80;r`y#FPQNZMp1Yi=F3^k{kG=$T z1i>lyqdny;=(OSV*bLJ=_|kv?z*H+Em3gpn0Gv;-4p_WC4O9S-+$$KugtF7e_0DL! zHr34bFF0XTs}3Etj^_9^4-mW$){(-RjrHGNqbD;1ko`$ST;*BYA0 zz*#->t_wW>ASN0h28p}nrw_2UNI*^hpzI=u(2^|BWnN0n7T|I$W2wP>`~^icPH}Zj zqz}=$MMsukfVM7Ji$q&<$R~4~b;Oyz<|FK2ZS}=VU|AS>G1&X4B>{IPl(8!mlT?{ow-R71=JR4m0g)K1;Ou9UrFeL+ziw7v0~hZsJF5nQr~ z=I&y9iU`2d=OWgDZ|3u^VofyMyeVfsgdE- z!riiHCMmFUBkm@y06W7$gyJBPpo6wn<`#Jcs>1#S)&)gDQX~uuM<)yntTfvr&`gV< z@QJZIo*>xtiGe12Wh@JoR|xH}zafuDA6glvg&YJFxx$etDgCYu(*+qIh!xo*sb zoNhE1FpY5n12kaUK}f{q%%0x6(0;2hh9K_TJ~>21={c{tX>6b_<~#REF(SU3frHy^ zXFm-Xf!JZt0}#&q!hpR94L2tqRnUgmctVjmt5kWs`GN^ds5R5a@4WN5!ypF#Zf zPQqd11?5AW`J6V>-zwe&)Qs?01)#rrEqRYR-s@RoBh!Wlaz}=JY(NPMf_cL5!QKE= zS7A&)*J!!|G(ob1{wwl8h*6c@X9It%tjg7PN47 z8&yiG(0w4bHsEqHm4J+uYMV_U11?&x()@OIpT$xL7yk^!GU)p|>e5oxk$eOigB}4_ zMHT;bOS*0vW+CYSv47h;Vxh9+Mx*oW-TX_bf{gpIO4dB8L#)Xy!6(+Rk4K812Ky5G zC-+#NWCNQ*BgA4`{EJ}!2W9UVBwDmYX_j%zwr$(CZQHhO+qP}vmTeoiY)|!c&qPP` ziP_`5j*kgvE*wmvcjDq@i=X3-9daW5A?fX>IPoJREp#VFKU^IGgSvZWgsg z&`?ICvNok>ceM&zjlAJ8l5fxikZdRw3EqnY@wWi;8Sd%9Z^22W`AjX(6~VKgV!zl? zd0IVIDaj^>q;H#Vl6m4;Zb4|sEVH?r?zHFbTMdh(KwjD7 zj{jFc(f=rQWWZK56p@}3o}i9h7Fo~n+on0s{>~05G@Piab}2`t1N+|})Ar&TiQCSL zkH0KP00I_bv(N`YSUjfF8G{)$v#DmjJO}fPp`39y!WnJ~K{KV??Orokutz)W6B3ED ztxJs(q+o{TkcaDkT}^(~GrGPM!Ab5CXJIpzmmrWYhNC(3cRVx2O%vH#FUy7$+jXc@bB%Wkb*<_4ynDjh%*+`mJN?3A44O2Xpl~Qef=(GXjK)h1<~E& zAacvD#G2yDY>tAo-Tokb8n072J)n0A|9X3R+4Ue!cB*@O+ckB12fyD4Lm|`bYNvG9 z%s=YM=b_WeHLW!)U8!9kVmFdAOI6N$cPlDq*(~x_Q4*wDH0;l>7btHe32o2-oi0)N z5MQ*GiOPkhrBCEvH)CZhW)kX=;UndzoiwLT@gu6+rJ?PsU{;bj=-GcspG z_}DD*l3TI&vz<3nIHC(g`FEscdqptMtVVUvD|zhse!QoM6{92sGr&7H2k6TJYgSBA za}W5Fvs`>ZeJjx@EJT);TNcF}^D_4wKO7SRo%SqVlSHyOmHZ*vq25KNv_T7SPODeY z|FMF@gwl2|4q~`h?=v-CP(qc6>g)`va5&pJ{fhOBAq?oRBbg|z^))7J-)v)LHIx|b zKd;&Otb==$Xe?N)%tOoW@RI-YyppBRMBbA0z^cV+QKeMvhd;A=T1RKMGar3z07x_} zm{R|OzgO>eg@dlD(n*{AR{rwUxI-%tbe!qT*>WnQ!&)EXqI;y7Z|r(ACsjegPZaMS z)`*f&>C>_D?C;yd(gY=*Wv!nW@Sq>?HlwVxluixDNzGUo*n$}uru|eA0gahy+wuT* zOhgyZBuG^k=TAL34`X349J1g8NZoJtgv$X2&ugMoj(FeCNe%JqC=vySCtnF*Opy-i z*V(+y4Snnux*h@<5$87KD{6s@&?35-zkY!I`4|tL? z>hcU)e-y|Q;}i+5HwaW!Gd^d$feC32gB5<8svrfqkkOP^6O$Hk6&@?CZ2r3A2xC$b z3R9l>!-A9&F!oTG6_JJAwQ)WaGR_Sf#_{ke-|vUuSQZjMbnv7m)&`j_HLQD()WW{y zuQV!$y0=A3Vsvd40xlqO9ja9!HnxH{2U5vc90rEXlgiqa!Ow>0oYdQ+i!=?yV^%Fj zJ3kxvcyMC30%-{xnnJA#J+;wH+uDKI!U2k5lgEKuD23h5)gopVZ;$%daP z$N}C(%@4oY^&XylxlX$c|<&}u)LB;!%#tgf_{`LhZcEAtOpKg zg@wyJa%>Gih+04UD=h)n){4)=jys|L%zmEhP;el@l~BOR!}-Ad+wcW{xnj8jZ{~5$ z#|U*0pXt2fAjZc_hOx|N9Pejy;rBlfy@L!n=6e2k-lowt) z?uFo~*xq|Wqto8?7AimI-nV3H13Og(6bS`{VT>1xHWYQ9E-%IH-w?BiOtGsO!zF_| zPDT>~6dsZLH0)iqjn`lBNKJ_#gay-A(=Tc)Iq6hSS}Pa*>eGD%{!|lkW(_VnLl3`& z7@NqaORcZvse7V+ql#~TKV~J2a&LCmO+_uthfZ!=>t{JycKiLI(@0ZkSa<5nL55*e z10;J2)yzOBL_mEqAPhQq?C{k?nm++Pkk3Dp^Lc2@9YkSIBmtX0j|kU3&%FUzZl9qd zWVjmj-iVyYCrDH0;zh(bs(wHZYC9JDz6PS?x);baV%@!I^|# z=y00ca2^1nYj_ zoIQ({>mr8mt>i;Xy3NK*=&q+6xwUZlC}2zs4XiWaLgpi}vC&X00PcYu6zHJi0;=+v z4Y{DgN?VJF%C*}BHo+k}@5T$crQF+aAT+pky)7JabzIr!*v2~1a3F^hh#Z+ZvJ$G; zT{-4lUf5J5v^buHbFY%h&mchE+nRk&&c;=WM(Yji>#vjKObk9sz@pqt*72++MFmEY z}cJEV+ z9K+ogokvra`#mZ{SRM9)Ww^Cn;M9;8?Ts(=uuAYhb|wE|Kl=X%k2a#N@ymUM_g$^S zzZV9accpXutLwjrEsi;CLCr@Y%CFTtEn0}25QzZtc9XM?qj(hQh%;tx(7&YXgttoz zR||yOjn0!1>+4yo9N);C>OkKE9St2Vn=Y$Dp99`>JKGRF=CNiH;>n8Rg9)iW3%tK(VcHH! zn_9Gv0e3?GL%AniB4KajMgxpPcB=zIR@5h&Eo|2(?SGX0SAD-i9Ry2#Ez7%2N!7g6 znHtNc!$1?OtR`Msli+5SBwdDZX6T&7f_Ij#>8j8*$dlT={XHCY>aX!rn#+z6B;$Ro zkUM<>q!iIPF?XO6f>`AldLc9ti+swK!U%z4OJC%KPn!yFSw`c`fJ1%P6e<+)!wAim zHrv?bGERl+I8TUM!1wyF<{FPi^F^5lV|Pf8sQHuQj)VWC-0Q?_ZDD$B9sV zRToG)R4QVZAVoF4r0rX{ZG)eFP{Mw`bO$~#GfxHdvS_H+@Nfze21Ey4tP#Z|kOV`p zK!+soGENzAxGBs=rQ)rS^Yn8fL`3Qc;R7nKsU;s5S+o$uUQ?atTGFgdI zf#T;pnBE;|5#03SHeKfVqg5QV^-~}T?P@;jd+P>oc-ge|!bU(C2d@6>EFLCf;oT@7 zI1*}v#>)bsmO!>|$74e=!iC5P;x__Jd{Js;c%goNf{q$P4020S%c>P#$aq0-yck_= z3cA|DCHk2VrbZfG$r6K;3+9z9&!pw_H1?jU(MY3}!+z3aDfz6{f+`sK@omp-_{(J& z=OVOiLIi0j7{>Sg%ZREyvqaVpPL|QeCKfP1l@Z77WHRhLx8PDjg=Dp2a^J*TLzRQi zWmh2?$W`0O_YI|ziBy?rLA?d-r=aFwla(7_x7r`ysDSsHeBa5|fpTz5dLtx{nqu;* z4c4Rkz|7eh+%8d{7hNWtGI_@VLrtK#f8GHriM4Pyc)yl7E`bXIK+G6l-I z$d}fD?ffGM9Ds1pAY|B@w%f^@OU}S-gH5ct{YqR7CYAZVZ2@hAq*`_0Kyv7$&RFil z8N%I!1sA3#-dah$JS>-&(ZZKj;M>$-y*D1ia*h{g()S=ZX3VKG#IC$gWHxic5@ItE zhJ-n_` zarOUr2w^bN(%;kHI2{=lvl;-A+<--)Qq7m$k5?`EIIjhfW52IMl;!ex)5dE3Nh3$# zhkL|*f*k@x9=|b15;NG}^_UU0o6sGb>l77cqM)i3QOHdaX8!edVzlc89R3(>S5HMZ zFfAyGP|NVxpImja$zB$(7(|OixI&bDLBIfMaK;ose51=RB1(I9q3?n&F{5t{TL3TB z3sVvZy{OD}ZL82u}nAu*9--!#$SdVn-^J8!ni{zm&p<*9RsBTkvQcC4Bv|oGoSlwcc^-v zjIpniVreA?2~p4U0~K8$fwrcc9DrqW#p-NZ{VETLQ<|SLlhf%KcCidU6{A>stfOxW z4Y*`EgPjDtjaI3%aal=1pd42^irZp0-D?>0_`5uuFsoWI%wi*TygX&DrPdwN6OrKB zl0eEe^jlS6_b`%Z&d2!m^~>yn-^Awja`Oy0RfHAZ7Sb)=9+zkls}+0I!gD2jtVPZc z_i+kDOP4q0Tp+yOu_kWzM zJw*|)S+)b71F~W6#zcV1(f5&Ksz(>0gt)YVdQ4(+bcnHEj-)yvjo8{jrp{VA(qs!f zWyiAI31%s%Vt1o*cAK6n*bD~DHh<6?8-*%ATOSeh2E34Z!8MJtP^&!J-($P6)JZ>1 ztO>;Lu-q~f$QNePt+MpEzp0>}!Vkce^aQvjH&?K6VF8WJWf?U%Q3+nt!qyT%Tm2YN z{RHcKY00N{8aKD%mq;$aQckbk-kM`S+&;4C{*(r(auxGuHm)@M8tIo!fojY0V4PuL7 zVhg${cs|&Ax`H`bwR~up9rYuKV>b6b1-~C)^P$OrFIFZD;NZu^`F6;u8B?;=JL7qCBKJ5QJlyaxYkwCNhr}#P=iRl&ePp1@u+p&P(imZl1yoh^v}M7cy@T-Xsaxd>H3nCLZh95Q(N~k|5kZs9!wb7HQHt(5y_UwU6aDl-;4Obm{l<`D1ISr zB~DjI-hiUz&CSWP$t8lArjNM##*4@(EHcxz^6A%7A%b`+6IT!^f<9cfBo5)GYqpjQ zD(|#WTtLMb8LH=>y;&&#i1-yPiO?W=K<&Jf=C1 znoN%nmVGL*p}5_`5|PX2UsSYk0_WE$Anf1ZZ4+@3t8dutKTX^PaL>{_xhtAMx!X_z zpDUceJQQ|+>G9y`c$KEJFexur1_wj;2jqp%uU^dkhX@dvx9JYtoRvDw=5gcoZ?q zADxW<>&-(bV+FKQb_Z-XI{h>1XG}$L25wx%Z@_zceWLqhh;GrXpwY8kN!f;pJI*9& zLE#^2q$W-r1+FIlX0&ls0|AsvExajTPyTpyqF3#UX~OL6`wZ!^KDVlDOasVpMjMYH zg$f!3KD1)L?~A~Q8$MtMclSyi@#Zf&`VBSrNa_(T2XXRt=T8s+NfG?jLaK*9GYUaU zqjeZ}<=a*j(^QrH&x7X6pCmUu^QlfBhC9H$*jC}=y!W4TapV|S92RcWHSVtA6=fK= zJ*-N=k0H(n^?k`UcPl|Rl(qP7aphyFu#gabCpu8muW`gyhP!9o4Oqn!kGDP46{qI; z2)MdvDFynHnkxPkt3;pcwzSgaSfEFFF`svED3w3_5nBU%{&SOr#)_d~kPrFlFCpN8i0Y9< zTXFfJafV{V)Uifo3Ntjwdtv3>8fb=joyvK)aL2uL1Gc~%4CMpq*!lPfOm#x1{A2a9 z1~>;0P?Bb^Wj3BbfCt%B;k5xDZ4niid)nVo-P0jlDB4qow4;GoFZ76t`Bw(qRHBwf zV8{V<7~rp3_5c`jpX|PS0z;|XVS{n~MMe2`Wv~tq|GbZ^?4=)RPT!wFuvugF$f6?< zar_uaC1-@!yvE>=A^QyT{V_HCnh#&w_ZS&c_k3WllWvYs$3qcrfEP8vamed&>o)DC zfh741_gaNeQw2O%5z*2MZY_Yrj?~E%nJXI&!%DbnhYABIrHvFFbqWukZ+9v}M5vyI+nWI1MN z+E1;-|6OjKeW$xr#*1n!W}^)GwURbIQ6`OLa~joLM9)J+w; z&3qZz%Mne)gf-u$@3lHddm*?#5*$5s-6~J$B#h6`5>S8c&##SzB#y5|dx&t`eele+ z%-ujSa#vCwSv&WuaVoxa3=TBAx~No9M<+|DZAmC-&cate-nHpZ*Mz_YV*W!p#wX; z`dxZ8EggGL8`(3zX1;&dTMB6#K5FCNI#Qgv8HG+poL??3PcASsG`L2kw(LUrf>LGvv5F>koELtA#>&o;^9 zxfSkZA?8zmJPKbl0ThYAptFed46mv%nJvK$Q}1^Dj0w}+UwH{|Dms`MBVoCvLW>U#{?0bK#e7hS=;sz%8`NRm$uU~Z}@IAXhA{F_MHVTue8 zp&{B=9HD3nf-4Lkjw&pr@hmC6f<(({-)BRnj`@il*L-LPYz$3HaV8Q8uh#9s} z%>jv?g|vp?u*Afp!Ma90VTylx&DuM&t|h4~O1c6Ke)WWyiD5%SZ+ktA>)>yp`x{gqP5__my<(*c@k~v@n2`#YvO+?l3LYLr01IW|_@%#`4!;rhCU_Z6y zoKhu8jXYw^vP;+z-~vOi>nMnA1lGwSWkd{6Mp&^B436hNQ3{rZDnS_fEnxUPNrPBC zqpbE&VF~hRMSbglcK_fK3oM&V{abpn{@189BKn>ny>8Lpz#l`FEfXp}yz@p1ZFA#m{APHcv6fEZTbqmmU!ZnCNy}9?z^A? z^d+KEfBZ@q%%K>blY>;x%Gz&cnG(PNC+EHx=*djbAZ8gLwo^xR&8RVZZUZQfN7Xzrn8f74NYu#vl^k01G z^QRFOPceu^t&s+pJche)g8;MPdib4LVM9Gr$=z$E4*Ru9F7`a0Ys< zVEQ>WX_5Ro31NbfTsyK^v&T<&my9a2jicDB)0tAjnBskiKpy=0B4@5lMboTgMxIo(`NDEI(rfN zsd3sSBD;h_d$>6Cqe(e8dBt%E$axGDtbju=iTSp zo;(8`uNy&+j8@&0$zr8?wn=mWr(yH);FhY5KL5_()*TGT1y>>z{UP_s9F6P7T?@-8 zJI-_~|9smhwk!rH_msV&tKg9r>`cSBY(_wH=bC55-uf9D`gE&oma6E;)>qjVW+q* zC=@78phi6+Q6Ge94)>`>y$VG|N9B`g9L2%2*cJlKwufs%F+y@e+RU7ZMBk%>X0s-b z$vT8YTtLl^_pDtKbihn!m{By^b_x-JuCw2OJouI5twpc56MnSv`Lip^Hv}a-au9h= zl5-ydF|oadcJ_|PYZl6`sRhrtrwls$E+eZ0nF4{i?sq#yiN}fu4pE=s@oxDMFlbx0 z6mW2kz_0T@b1bSu)Xuc(j7{&*U82Uy$=stgS8WSqYm5HhGjqYYvaF$`JYjtIOvo1N zg_Vrl!jl0@mYcXEe>aDNNjS0XO_pia=}=wGUe1n7Kkm*1lr}N$9*myM)1*`0g1wdA zFWeHC>4KJi$|x0t5&wx58O?fq>LjugrQou# z*|70qI)x=k9nL{Kt5LM;<}Jp>wjgsV>fP;B^tS_HTC+jyA3XLrd8`5!o9I5T?h!%u z8%G6sjai)5m=>|--te#+;rir=h184VT`nQF8Qr>64qMaCljfm$CWGBVG+Y;YV4>~8 z6lvy@#BED|lP-!uw=_*{xaYO=hvwASrrE5h^YvW5zE*G`WDJwzW|@Bh$AB~O21~*L zJ>fC9$-y@df}<=7=b?@r2^NcZ2nXjDp+f{(C_-JejT|xWr{~?dsSAviZMJABupH4M zU_t=iP7cAbV-x%8w|c%|L6nAn2p0s{ zPojfi({^b@I8A97ZTn&tL*>Vxs`GB~*UMfvv}X&0w&P$|7W|wNYBFje~Kr6^OOJQa0&na zd%6@O-(@>UkG%bb;?`U;`t-rD5J@;77{xXWAFf56Fh?r-^+k#vDv86H^RduziVcR> zuOE;LK=t1wB8t=YWIU_SbWh@P@D@bXj% zYO)nhwwA9pY`bvt8YM+VIn`J3?fgH;`^XQnG8Zu>uW#yph%rnVgY6oL$;zT0-5N+m zch)R)4^J$~>U#GKt{ga$+({2zM+^aYtScJS|LNo zcGh~4*{qr@%;We#I%A}mVtkN0q{_%bB4w$SWm_SpNOsqU=MO+}VPIy~*m6u61tI|t zBCtoa*6VcnIx`8C*XO4V@%kQXpV%)EeDjyyHS%y|Y}dOCi*=@hk4#(kM3v)85KrsQG+$L(*hy(E-_SDu&` z)>VmdL5O$Jx(~b6V8KQHdd(orQ@nf=k(Q9?*xDCkfgK$0RiT==`V zNyhtbh|uS5!QMD==L3i@!}^(=nHfgtO#>oJosJp+u)^!VB#Y z@Zc>PL&|I3d{N2rbz}~d!4o(YRvtv7B`KpT#y8#t6u;qn?1-NOtVky2c3;Uc}~S24o7G{Tdznf0SQGPhX# zuiEUJc(UJtG}C0~&T?;O9I(tkTDlupP3# zt^uv|uQOe$E3R?s^0P2`G7f)%UEH!f9#tt77yo?+d4K$~*<)ya`6sH_smo$f1F_~7zH-$G3Mlx| zjK;{rh>~0YC2+*b9nV~maVGiPLPJb-Hi~*V_q2G)n+T&<%A?)>;<;k=>&CqwCvQz; z!ht#Yfq!h4%BtKUryitixU2b2N#a+dQLH)KIG4se@qfgs_znFkDX%M97|qNB*_GvV zqQD_iOzL<|*_H}RlZgbM!VIJxgAE3E5Xfa%>IM0b3dZF;6yRQ#ZbVstfsZMM+_B3I zz@80TRjD8@6gIhRnD})zq|xQJ!D8iYfwgSi(a9@GSM!lWeP%r8{dUb};hYtk%?4!v z`9pxzzB+i|;@-~K9~a2ycroFipf|P=kpJ`#K73bGgHmRSe*^sy;#wQ0b@l=X_|gq& zGBj_AWrh!0W(v#1z;<$kM{&OI}y_IuCB# zRfXQA?Ea@0W~m>)^35@4mzyx@HmQ-L&96bT)U zA|9OAS(%H_6I}%Kk1pfVxGWQP`?0tHk-(?c91P5a|AxjJ*(f9X-!F+AOLE`)62Aj3 z$StH*Z-DoP71(1`iC6A;XK$F&w+T^(SvyWny*l>}hz1>WwGLhV0g8xri) zxh`YbI4ugGh!z9lWQSZTGP7YpoO7X>QKPQrZAl;Ku-kc9$8hkiL2%wCBh1Qx4VQDl zxz(GXUAtMo@}8Pt`r4J%+3u!iMfqW(;-X+Kw{OmRzP zvyfC>H=yl%|5gkWT|m$%lzu;83IHcu>K5Ga;!i+A9V|-n;i?s$r>lXpO$IFgUY@Po z`+z2Jt3Mz?e`RKZx-eoI?FO_%dF;*ekXAVZ;Lc7PUb+NVqHn-9e>@ zJwEj$b;~!eBKIxExb@_WSA+mL8qrUWL&^-F%fgh8hg zYK}G+0PJ-t8_=v%r|jl)B9iSG7CP0%i}0yWAJ==jM+KXe;adw2r(Y;_ibvHmIETv0 z?xyO7KP({Bfs$>DpIyiK?ZTGek^VGY#UBJ* zjVsEHi(fiIA=HT&^nLI6ovSM2jpRlbRa~HKfXlT4l5H<&duX^CKjBXtvHvY08;MRX zTnxJfUYR7?V~s`T7%;?tam!X6bR3yH9uE;gtRxfYC!r*XB)>;Y;004&hjLs>{eHpU z*(8gVTNdu9Em!!QxPw`Qe@P&j&)mKsP6Kjq_u+@&cjrv`5vJ~_m&4{tQ zmi@hgR3B0p+6xWa#QxVeXwPL9-YV%@xsg&Vt@(2sKCi0lCo_P%(V0B>f?MO@h5GDSXFZ z6rZlJWe#F2Wfs2q5Cd}_idiNB#BuIUA^y+?#SsnNQIj(La;U+^(h)fF0UHS-2r}Oz z64Jjv9YBF=A1L2K+u!hP^3SdjVGhio6;uh(i39Etp&OJ#ShvFr8bC3Hy>GE16hfQg>Zft9m63?-MIZ;8Qx{$8*p)sLk~)sEt^)i zbgqO?s$i0Vjnn2Rz5}&t)ajYt(2sM{;_sC2M0gLmbXi8GT)-{fWKhXo>D1+z3NY#O z(0T{Fhvf9bJ5TSp?r##H#AAFs!2#9{e6?Fm$Hl)2 zn^ObMmi%Lnr?p6HBe$=w=yQ#dF-7OC!A6FgKzj6X+4ki-6MZOkFi>-A)$S!ug0v*& zBZi9~_l#^N#zR^R5eGKG!4eay*-E|grK!{eA4$VdoBNr5{xsn2UwBa~Jyf?l4M{<@ z`dgx%cQ=|_K!ibt!bR!(&)OBUgPt`aUR}bk0%KQJ!H(iug-iK2z|n!18P{(!-?6%B zmlZ#z4Y>0ns`~Hf=*hWNE~`q6yS7)7u42*q-!m>GM$^M{0Hd_lrs7uyrWwR`iQp5L zR*S3;Bd=2W`sJD=8^52Er_I%_F;@a;ZjRnpMNLpYX~Hk_40gCi`zJG?f>>~j!b$^Z z@Hs{p@Ns@3F!H#1C=c?r6pJ;`L^@E>p{plS&cphA%l7#3(;5b-XpvXV5M_-6Qfe0gTqH$|q+k?wXp0%684s--jSnhfH#v>E~-R-vh4*UQS7ysCx=<$dVzScL2W@@6AO(g@SugysVcsq;04k3twP)LVkLK62YIu3E$!Jr# zXSgHo@h{O3Sz%e&?TGXwGTp&wbYK*67V4f-7R92~W_QCP8cF1F36>|fXR|Hl4dsU~ zbH?1tK1nfG5n)&DMon$`;zs4qiAHiEhlEqA*psV^+iW4&*$t7Xh=%Yk_bO|m2A~yM zjhbJLx_u6fko+-WFwhp7NOD;;V}cQSp2tM@lLqvlsT2lf6Cy14gGwEn&L-bz#8Gy& z-C<&a8k?Fe)wnIQC!Y_?*U}1s<5a5 zI=!KDTgyutBZ=e01Cgt1UqdM@XgN9tuDy%wdtRp%fy%z$86Oh?-b;}jHV>1NqHu&V zG9{Atlm*4`PkEu-N?L&b()mtJ;-`X2n-%fZC;@8Zr&B+YO~MwsR@kSFG*U5J?$f%D zwi9Fnw8@F3m$uK5tVuX_x?e;I;Xwaly8?1CUc7~~|KVS_Gvdh8qxXH2zoE4G>kTuu zJKe4qg~ai4lmPGfxP}m4>uNy#0F(QOI}0%ppX&Lx{E)KGD+Yrhbl!63VCE`8%rV8F z-?mmTg|YZ?4aUPU3<+;r9vtP2+#--XGM%nFyd809;I%ceJ&U;}Oik~y+MLa80kQ5A3(fih>33`J1-RQc8~|%F z2019tL(Zk^R_$BjYshrhL}phu*+ay-T>Vw>888JoPceL2&oCnG?ZqUML2TGC-Oa;L zn#fH}ZEUM}wN+6MQVW8(SU~W;2{!GA$kG-0SF;z-i5BgF`?R?kPiKx0XrgCmxe4HE zFTCelFv+f#E@4@VRI_cP+{Oa7X!$pnu4P>wTkIXSXLv~zODm`rYxHYm-1ers+XIAJ zuO+vRF48iWW8LK<&D+i|^XhgIe?)tIqSq>h71Dwf!+>FW^`LNV3Y#_{jg;|QSuB7ndic>GCJ z7pUH+=g9WULyAA0UU*0%6bXCOkZ}W#cF)f^8t9y#mVK(p--Ce}PU=G95W5a{x2L=+ zzuLOoo>fLa<)M^g5?{8U8lWmi6m%INE5gOmYO)7sd7E{;8`O%Q+WwP#{2*x}Ga$s&mC5%D6#x6_+h zo5zy3dn40XCWzp(KP}o4DPV0<=0A7$I8V8|--0oEw!0lYw*${=j1ts`D3$4)D}8h% zaL!HhGTVce7~q==XO&Gk#A_!g3Q?I5IPW(S~5*hPk`Z)t}6aTyDs8BcNPw) zy5&?{&jIP1a`#iahWT&;x#dc;#w35bQwto=ETJHHrlc7_D{WdWL7}#Y^{{wo&THS;m;rHzGi3zdVv!oo_xFR|UDcu0LOTv*Fi9AS zObw^s!9l5a>y2cC-;92P(E3@=)Pm?-N)l-#=>tp?o1=0q=Mr@xS6A}U5lqSIoB0hU zngO!w3NT&EsKD3kARG@S8BDDsiq@b3kL1E2KJPieGjCfaah0w!bN3D)7YP~ja{3D9 z`COxT@{iS?ZW(Fe#kz!`-@Y7E28K@b{dDDosg%fHakcEm{f@u;8*Xd3JLT3gM+)vlR9 zUgo$m8H)`bSL0j%^twq$7ro{3*`O@uXz;NPW`BTK9Wi{`vu6Jhq9=2?vR}MAW>1l~ z@B%uQS~j+q+rKq$dfgt%8`-98&`kGnX1CC?tjYzmwSY+jfIZIJVpc zF^8@=5D8oTzZ4LtsiJhbP4-Cx9VNGpI(9M+Y2rW%YW*#fL)6NrjBL;nam1%4%$}O8 z!BsO^h^1{m6_r**3^N3|a&{yQy_~;4N-nJJ`0^uPr%)|e^kIT(qV$8Kcx+adTWneB znzgU3R}0pe*-IY7SxCW(nWkx&Yk%GUz2>Z#TcY2)Dou#4*2kMim~Xjhsp%-CkcIN)($Wx>A1gVH{jgcA^VA`KA z-jHxnV8kWoy<^n40I|5m=(^_gJXK9(pg# zyAt}dDTW4V)_*cEu%k5A49>Y9sLIk=Gl?{U`Rv25kClh`8RJ8;5KXdIg@)#KZUtXa zxOXz07B0S*KU*zaNE)k&jGxdLTetyE*8a5U2^}VT#T`5u&xG>y62Y}iV5f9t*-VCM zHF^u_E`^$>V}Wuvx4Xf=(ojKAz`m{hXKb4XcV6cm8J0;Pbrb$6>OEd59Dvr8LR+S> zp=1MzH^w_;J)zJUqr`SIA=4I%+*E8=@=_3Ol{wGS)_l$b7LjGj+aXFUEMm%acKy%E zrZq}M6Mt5#wH2$mAnp*Vr?%iWzT*kEMm;f75jpLF95xD-UZ zBLa25Gd%To<3Y709N|GCWJ+{Z6tA)HQ5-sr+^jNx77P*Q#5phuJ;W27d?q?{?zVZV zi_N|c7UrQ9t~Vx3O2M(-`U2?5mU7NBaamCm`UN)%biovQ+%Z1-T#_$2`kcF>I!#sJ z1al*l#4|eNcos#LvFLS9o6T>%IJK$=U+jP?={mXJn|`mUnyfaP(S6Jnyj8Ev6S5x& zju(0v&PsKWj4G1Dcc1uh?gG}!eVPc4P=}62lSG?+Sd~nq3958Oo7l(w<7ZRcg&3{q zZFp(Q*8l0T^Xe{)o+E)OG{C@_*~!TlIat!Nu!PRdsE_tFO#eZe4EXNstGImZZq(9K z`Rqi%RQR#zvn$&y2jP)qHxRJNtKyN=AN`$S^7!iM>%jYXoKLd(Vr|{bY4-^%GVWE} zVuakcw!u#Ec2`aXB<&r~)b-}3y8UQZ`8}h*dn-5v=A@zz#4_HI_#yR&3Q>CY%ss#% zSjjK0Knmq7w3JuR0+2miVqbNRBmz9dV%EE>=X}@A`ozH{DV!v#I?9{wA0z4DV_6~W zA5{`DIv>G~a-{TsW<{}Zb(-)l$E3SEv-WXlVk;E6gro~)%Xft3@uju%U*>t(whIjlxkc`nev4OVD2(#cjjWU(bGhVIOjZCP#^HXbxynt0*P> z0Dt~KO#G(~mi<4h`hI2j|26o(<=1-u|3E;?KrK^}%iDn82V`mmJOvV~zGxtUYKET> zS0+^#R&KxEv-YEP)nFG^z=2UYh{KNTPxhI#_qVtPJ)E8%wwL4jKmw9HEsn%ywg)17 z$W$ZB7WzA=vgNM(+SGA<1h6`Ut%eh&1IK$YfB%vrInb$N9+rh zi)1SlnXgdD*hWC-pKX0T-^)^)?fZ!Nc`IgE{fU7F{an#W7f}@J`!p$icdBhYfF{f| z5lK23@k91y;1qlZPvyv9yF@iJ_-Clnr508Wg4YP6B)Rk2w%Ni#SA zlyiel2N~@|GTh)uK7G3V)-saR#kdlST9Q*GEt zmgl5m&b61)u234e>nzzPX&RY-%u&6(xyw$oh*-*B68&r*%VblL`HNVpZHh@2Y{&TE z>rLRl`kOSD)8+B)Apt02Zyo<)P72~m`4rE04rbd|jxh9^|6CfXpFM1fZ}qM>f`=Bi z6!MU>hvfF*_`K9Jo10Rc)$7$0QhwZ}nd3G|9FX`zGpSG8CF4mM;5*3o#KigR zM_9`Yj75m2Q9F?zia+;JpXE6u4;k8sv zJnGRBvz&i>j$CF9C8GK}oh25!aWMA(ec@#B%<;|9pB zq8W&q+;%6ST~hpDCu3md1Oa6YoM>|5tGtt9PZ zP7g4@%eLlD&4Ul0EYZz7BaR}=a!j}aVj{5^mf2rkYN?8Ke;9?>EyQ9ABuG2#{YZZq zT;rTDtzRW$S`Uzwek6qIWNA%_H8Uza8M@My$`7NsCjkwEp#a7r49tb>w6uA?wKl#+ z!o#bNtiH7OTTPD29r2n7A7#Fu;EM7=nEI00TZ*ST5(qsEvOW#;@U+>?=yLbX^lVlid)TPnI*uF zSX6%zD@5Q64KQ$zDE336Cy};~XCKM`wX?Oe?oWPilB`lJ%JV@hWGSA!>~TTJ!0JJ zAE7gvKSEB2kJGsF!g<;LeJgMAe~JE@ymAj$ahX;ZTW5k}!5vVpT&+Bga9W_wxBH_j zuGu-{lTIlDPi2;jmAetNu=?O3;Bf)s&ZcU#U@l$~*1%NB_2rv9tjd@et*HO-*2)2mzs`1w~aSv-kGw` z36-kzB4lh0F6@^g@&gn3hVGFNFz)e+DRX~t5X^5Jm(7{o_#EfcKgGrIz4oD_Zs2RU zhe(OjO#=E}f3w|Hm{BfMRNE^8E-YK*VGyRab;k2~D~1>nq*Zg$Py>hwq?7wvbFo+7BNi{{r@s9xRAbw1LqbFIl99~@cj#PHT z_PvnG`U9W8nJ_!cJ4ZEe(`GgPVlWNyHrG=RphAMjIh*LDd-`__}~m(Y8mbx9jKb^6)+6)tQ~?X~Yx( z;00&I8bd?~5x8)0x{D`LuZT2CHf4mfGq%E7bV8&$Sa&!a0*Vhs<}cRM08qk>7zgeC z@_u}1Xou|u)QK2JchX6Q+$y6JW4D*g(il{Dmge8|?ZTj}zj5>J;PCJw?~RcRBP0>H zh9ENO<1#G^fxzX9KY-66WFIeH5`QC80PKj(IlWO3{VY@G|Ev|x5n81NlE-U7cPC_O2iJPP)OVR?PMkWIgXu9+BW=XM) zpT64ZWPo@f@x7OX>1M}h=L)sxZnX+R^jJg}%}Zl=Ft|+Dqto+)=^+;2XT!)qp?D{0 z-Q`|5b4cCGO^r|6r?>C@pVVv*5%nVb)AJ3Fg0R6X5gp9|y1Fn9F*7PKKAnnJMIb?>`_pVLFlj-N}Do?`}?M!LhDS%jT!7Ovc9Uhl5o6E463^~(#uYJ3)#VJ^o#7*6_1I?#-gYsf_iX zTob(vlh-Y-RC+b|!C8Yv3vC`m5J{>4avF}YK5r@~jCU|z+>mtpBT>%;wD6xn=D2~h z!g}%Xn?Ly&V;QO~c%iZ>%Uq)(5xXW{oXRo6m@NEO+v|2I_+w|1Z|&b8N}T)d-IyzCY$EIag~@<8gpxzhht|JF7+jNFeSkWdZ*!y z19O8AkCTJ!N4HZ0abD`}0KFYO;RFN&5B1>*g2|x^NOyT;dp)p7qo3H!U;YhhEbPym zLFIZ+HyW^q_4zH1h*MLRl zY2>#A!0OqXll&e=F7{?-;75OMouw%7A=oZoQOxSDA6Ech3eEsJ`$XzvmGIuYxY6HA z4A5WrYcW*K5!aA*0Q1wpi0h^_*1C{+iq;Ps)VVz`6*|!+L;)_~1gyqW$=4w6mK~tV&*FS=CZKTzH{`Jxymeqk327q$?bqqJ zUu>_9F(`4HT};5|i!OFa+BPSYfX2#DIL`fi(b@qos<;VhP^%3PKEK=X#F*ah2}XC^ zkiIG(;e9X5&c~ZBUB%GMehy_w&+T>y)kZzmDXE7&rh2L~ta^Z~tL!{kvl1gW?l z4x1zF1!LGe5TdDiTzabUc2eQu@K~9xb0j1r>f49B*VMzKk+AA)27KS;D!(sP3O^qU z4gL*XIya!VOs{V-HL{U5P#&mJ)UT^deHnDh+gc{kQLk*7fWLv}0t0|#8S zFZWDE3@hOHysut&5;yY}xn0|6QsNLc>z;(X77%!YIcE@<-?%dw2$i6UpT!HsHiLuy z)>8O3KeI?=6^T&_NhvFKgZjSj?`4L#xXX6tNaf%BC;`rn#8KIzEyjN$&7~LSGL#V| zE0z^X5`b$8et-Gp$gO4waQpipd-y|m`SB|Ctxh2fAf~7N#@CzKKmaHT~#p* zJ2SOtMBz?~blTP1*HX|-5Ivs{pww#HD)ye`6_Y+EEHIB{}x zM&i^v(e2S3II83BYTCC#bE`^g$#^OH zmZ?H^`&ld@`!=IxaZAFmPxJW8sqlV+3D|Vxd!nioOdX4^!rPX@rL}6I1#!Ril;v%6 zVBKkzwLH`eaB@VMGh)8g2vlj!{|m#ZzgGaE|)R^afby?v4?efM|; z`Qp5@R2@Dm*ee#-8!?vKeD1y2Wu>r7DQ0Nq#eDpr2ngA0Tsy44-GBeG%x1bWz2W`! zE@{%)ADCbkd)nz<%DHf8sy9mDP0!y-t7$GBip9v|u4?;34G^)_4LgQ5}1iY=EJFx5r>yPc1MohGJh z{f66SaDBi+xTNrmQkt@H4%$jQ+Un!vpRq~|_atI)1!0tWah?SEis}&=VgbvXLN~Du z9!3&$kGh`Cm446s&6v)%r(1OrvPe=$k2siHli4=`WsRgX;Lco^b?;uOTOG^2sFF2H zUArg7GFge2iaYp@4;A6xm{aqU*B|u>|Gi4Q03R!#DFVarJC{JWLgEMP=wQwEpE2V< zw@3d!mg4_R;csh7C2jt4QZ}R1FHp z-VPpXUQj>lLlTNEpY@h6SM)NCThpn;J^R|sO8m|%TF75BBCL-WpK91WxuqY)h2j%w zPd&XU;jVA**Vpm()r=k+Olll!bSkm|R!P=@_rsY}GY7!eiww#=_a^tL?nz8MCilh6 zSQeih(NL#XC=7etpt>Ut>3V4pyxK7Ql4%A+M|{J!O>(GUakCZ~Y|?J;R;xp6pAv}YWTmr6*OUXT5wook(jQ1Aq=Fx-Xwxv#V7WQxF+*O zh%h?P*uo$AYUf7JmcLBqPTNp~W=cW%F?|*b!mS>{2JV%g5KKuG`FWQUSmz<~ZzYFv2rGy;F?1*xfnZ!{=?Q@|d<<6K4bX)6o$^{( z>^}2!$KAG_yfQa*rYi;f+B9&B9pZJc$5vZ3OlnF-~EC zBdp$tA!U)x{E)4foCwsl3OaD@>N48V^Z>Y=frh`WO1oKzzlF9`?-@98scJfCWb_GO zlTwg;Gx{_dR(tNG#|Ga=Pm;O{SREAR*~w?Zjka8W!F#!=M$w;=E9r#GGYdP*IkUye z)x=6oZh`L{AV?daeGb4wc+0LtTyNQIbzM?6R`t*7;2qmkb4hACS6Dyww?60kB>k*` zCZrMO#(Ib zC)m={)Px?yWXW#AljQ^lS*#2w+1qG8#DJ&KA3sFKO0`F$=NSY0OwL(*C&>9E2q6N= za;{MsLB<=bFr=YByUbJSgpylMH&aMX1N0&4g-#k({o?V-B?9T@K2KZd4&X8R))m0= z4ed8A!K7>MpCCVxWMmMc zX%dA^QYr+3MRp{LVw{oS%d~xH?qEZMC;tEm+?W3N7h+`JRX(88K!muo@H8WsFYIVn= z+2wo-c|ua`+`G(8nJedbEj1&-Q9d47VVN*N))AnitMm%SMTQw^xyjI1X7jQ(hUG!p znp_ymdzkX14C=C^$M`r!@HQlbS}6P|BPgB9Y94wS!lepB8r&rJpML(nhbobJiZ1zI zoJP+K^4<8Bn@f45Naj0Z78`IJ5yfx+<}Z$U#@I45Q+e#Z?t-%VETMjlAlqc@hrm(k zVQ~U#At58oT)b3bwO@E$U7bQcvU5>`t@Xlkmof;wa4mS_@90cAICroh76fbgb;VyW zWu>BRiE16{SPwhiYu@e;reY9j{D4Ap$=TA!d6R^qG%ec3_i;M*{ZlCoW%Vk`Qy&hdCt=7ZqPj zx)ngd!Y9-PDql<|y(nOVYw3E1u>b@x@IYJl+p~TCwF~Ua(^B<4017zpdEGq#u-ZL< zcT61qseS&vrzIAcXpybnHugQDRrda}Q9#ydUhCQ*nkZoFIS2n_O6vo2c<@)>7~o=B zd;elmIQQHS_I_GkxZ4~M8w?$(B<)Xrsh^*r0ng57>4>yvJw>36luF(%#V?Zbo0?@t zILv(emYxrxJHwjPG6Xr?J?oHGJ@K(FaOaNe)h(KC1Ysr2QSLl0_)ZK@m-DPJ#Yn3@ zL})ERq&p%J#I0f6*TNSfZ4HanDo^@0`rD_%%Gnvv+J9ZnC}Q)uiFsZ&>QFxs_U;05 z+(uEEobdUkHX|!p(XDk)w+Lf$bkziJ5MhNjx6VzxXNuI_oDu{ z-`1{6=qHHQ3+Mb;jdvohc1N+hpX+cW?u1IuZ~38tx(|7raavJL)x8X!p*$|i z)pp6@fmD55n~Pj+?6&RX>u2ki3FK*b0Y~$3=Ac;HX!+GCe^|u#zU3_|i zDV{+sWeChp?q8FrwyV*GLp?{5+%p2Cg!p*^7j!orHyUF7m%eiVY3~2XvkVOX@!5=t zh5dhw`?Y9kBptRQ`sV2sh*emIjL0yeZnkK6>D=ALKe7AP>u8~jU^b{Cq2lFE_sOx* zCZLF6)ug8(t^q7;_pgFu;c$9oFRZ_~{j~RaeF%hW2qMiqU49#osY@SFWQZ`5F(Nj7 zJYBxL#X;8|d$deeHR@7(pv>*kq-WN-jr5jhSvDv?G*eFYTz&M?th`}wey7_#G|yfE z6K5kfygqz~b=_Rwd^?TtgK-))g#&X*5Mj+UZg1cCEv{po@=a49N^pBI7P&H27`<-K z`gVM*;=0`9pXh5MV~#Y1D-4dTN4O^={4q(d=8K3e%#bw{H1f4Y!k85=OwJmjCApv` ziDHjP$redQtU>OIf8({vg?~Fkx)nwS!ztUNrXUw2^_i7}7CrI!B@dN$1P9vHWrwsx zNLH%nKAc(cvp8LzdD6$^3W`G^X}6W5eG)lA?zbLbNn|N+7VqE zh!Ev!bs;$eIdRE_=}puOb5^IUQ)rt0a0PWkwtM}1YUiT~7TCeulNs0mtQ&j3fl>Ct z^iZmI8NX=wdZ&`5102LXXajJBUMOV)_F%A~;8NXte{+Xg@26n0sd-}6?3W5~itD6(sOtk->xu59T=V?vvVJ|~;|u1b)`UBNgXb|j zcLy~M2^-;`4dw)7uKLkDiHDXrJJqTw&Z1}Qde)(B3q%NX8!Oli<*HQwT+h`gIvNM(oGkxdZKhkIN7XTF13a05ZgX+N-(e6UicN$CpMeD;6 z+EE8n&Jc1xSojyCMi8l`Pb}*6ZlhJWNv^L89XuIE^P2;y00nne5(FovAu@w%#pTm( zLPK;Ki~t2PKa#WUpipM;^XHbB3KwMNh{PTaWF^J2$ zF8@3%6&eDFlexq4%v{AK;w4@ioA?;j25DH5kBQyoU9R3~M+H5$XQ!UlBCE~)DAOI()qJJMFX;;(54Fd$Cyp;=W~}{IPL+*86G)kwxN`3^xuSp+`1@E9UCVpJJvUQ z+s%F3)tpl*YIN>H-CrmDc3~&y3b5~deCsAyFp}W3A8li0^%OXY=E9p@`ex>ZQTh|) z*h*^=@qLFu!dF8k|Bw~XOcB}byb?ez7gT?eQh)CX>UtGQf^hiGx55Hyg5*};_+kzH z{OutB4Zd>u<3b|W2+spdW4gk_Nzg|#u?K1*zD}Xt;-GnlKPU^+F}C;E3=>>Jq+3)Fqn;MomfRJ%c`gu&=I5qbh>f!GxQ#iUJ<<>f@** z?C}+JtPeCBL1@O=N#{?)J;pDH5WUM#VV@tA!vB@|QiD;YIk=PBRmWh-dRgfOFJahl z0^!?Ml8kPJ2_LE|Z@GLj?Ee87pSy@QKKkCzo(VKFQ?MUs=a%)@^e1>5{nIDKci713 zx&1z3!D?|BYF)$r(O*^1S%Z0qyk* zAo=D3p}4wvEs%QK9dw$BOMq~Vn3p{!W{#cAjqGd$Q<6KX9y;+;vY$Y0r3D-*4XjY*v-z@^B)nU(hqYMz4s08;%5K{5baz=9o?W`OvO&QrAmhSQr z9`Y3C{5m_t^d||1iqBC>fZIK;I`uDxz2RB0UE8$0K6ya#*u`(IZ9#FRkdScWeESZN za8`J`aDm{10GybUC_vS`AVV1n#>}tv$C25;!e34Ds&)GRY0gPaV^h;)qX%q_DSxrW zLzcs(qp9nQ9`{kh$?X98H#rbb>xng*VaK>2;R^vZwITRN7p;|bc_%lauLcX4zd3u6 z7&YyBu*+c{Sm}bdF=k^7nRWI-WR(@JM;j|rmkK}VH|K}|Hv4fFyVwM>T#|pEMC4d% z3|M-%rk*Tgq;eRnDrW~T)%;>iYHJ4LSr~pEVIkfe=Zv^yKX+H^^(GE&jSiL%+^u(z z=@`JlCbl{%)7hrCWyqO(6TxJ!S0Q8!j`j?JTpwr&S-N;vT5H6q1{`Y?r&vvPZAhgH zu+$WvF|2Up=!0O8yP!h5B|GzX)_0u9VZmzk0TEn<+kS4|UoE4UpmEhB21U1=OILC1g^Ov|Z`)`ltkiuzb2i~K;@ussT$04q1T>x=&qwbelZKWoH66`dmhZY7U zye%>fJZUKs)#RZ~QbtN0%bnZ%a5&ZaxL(wIw}5>|;VSyNqQ&vHeNO~77o`KXLcV8p zytrCE=V=I7RBV>8XG>~I{l;w!`wY<1w%97)C{kLIm9 z;}jfvv`bpu}c!h|mU8z_%EwMm2>gi5ETWLIq34QNmH8}B zJ2E00eJNqbiPZ$B^BfDjjAA?H>r)U;SVF2qvgOn-w#&(uU;?QB=^>#gU7babL6LXC|VE{2~8Q=T7T(DwX`=Y|K+RbLn6 zkoe#~l!GA7O*oYCw9nf^a}{yw@LlU*d8=|tP|mkDk8eo#>(8OuRv6ZVGo%R#PwGkv zrsIi?7>StIBT%K!D8=cz1@tN+^m={ng1_}_vGD(?0ER7!& zmeBXCelxM4n8b~fSkWo2`s)_6`T~>Rd7_?Hj~;fdVpBgFXC88MbTR3>ni%i3DqB)Dq`uEb0b{*UDKi?-= z{{zGLEyMbsj*rE}^T-X+BZRvBL}Je&F+9If;Q^*dngDgH;0hWMC?=(nKs@axjnW_? z0WbOVbiU*!-GU*dUa~e`c-0Vw?~Mz1gUap6P)g4uSg9WZlSftfNqqV4fxaQxwKuA_ z$*jT{%|S;kuU&R=Yx%OebWXl0ZIoDwcgP1O&wC@QStG84D<$=Sq+CVcE)KPtT*L%> zp4ah1;Yz+{s?cDl$vS|~T_#LCoTa^5rLhEV^{IVH*ojk!VDci+H9L;(Z+p4yp^5o= zj$%$g>aru-FWAV@M2%_OKSbZTiw{M6cen`tfUW;kgZ;0iWBf0{6T|Q9?*H@qKW{Bv zVXixFvEJ+G4Yb);azpUnN~_>?M_y96;?$UCU#7046pF`&GQ=^!%RIhp#(>EwY$T4w zX;otR!{*aHLOLAI?u~9T)sE4b0g2i|3^l>X*&mCqhTk`3$!&!Len$;xAheGvTus7m zJ{e3$&#d#!eK+uYe8(h<_5-at#$3(T0}pu9!m!n+@5MI6#9%*ox42H{>FL?f)vD#S z_LUP4nl8H1a5ts$It2`FBvK;;&RWy@_Py5kw7>e3&(gLk@#>5jb0o`jd9z%|i~ z*@qajCVYBy^=wqHq@HA{tx}DB+K}Qt=>3q5a{%#ncX)r?y+2K!96#T;!E0jhCi>Z| zEAHzMhxLwnYXBfku?(@xW;OrSlaV;INknsFcbUFrl`4(0sR6|I>nxPeSZL?z!?JUk zE}wpA6)&n^5Ibm=EF{w!*Z>xYwP;$cp1-{=bNbRjPHbLL-XN2TA}Os?Zu0&*-aT?-? zRlgI|8J}&JHN#s_LLrq@SWu+lsTC5;el;&@AdpmVk@z`3AEt;LU93=C>Gt$;oe@?! zEcNqYFvIao%$_5DWtE#Z18v5n4IOJX3VGX3{}EuxTNu2+W*JiLTy6QkqAWjDTBLb zlTE5kArLHLoMGf6trfJJ+�rkcSZA`G|Q_r6d!Qi8iGaK|Rg7#nnUK_618y>NHs6 z8lv8(uRtPwnRF(Ri0A+wTp5JMG*cfnklj{T+%~0rOIqG_242RKrE=-iBgv$_K}{-f zF1VQLr9@+g)*N?_q~%D}>)*=RV-28+3W<9G7M zBzpJ*4;EtC^2>is-_3KFn+vxv9i&l8fxxW2rqyF!2HZ?GGELUX0lQ zY7?uSHb_@KPT~5$4F`&vGm{e-qCU(Eb7A{hZxWwo116=&68gc2lV#__0?$_r`hTuD zmUP_0$khCa_%Hznf!8F`ydH6Vd6s(T`dvA5?f#^E4pGc8o-*}(*5*#ZUw ze>d3wD9Z;R%a>v+zG8p_dw_x3Y|1G6JfOts4>5~M+e^o&%f_zTgXsj+87sIM^@~YV zm?tI1KMyvIBaH@2V?H)uDkkmQ#4X=u9_r^2_&Y)dBHO6RFQcOQx0&J6U%4@QA%=pc zv~sV)_@uJ;!~v0vFj`{u0!Z;>R2)MaQ==OF55t)0;FXb{hr9{R*4LH&i-L*rtB$ExX<6?n*Xl3|lS)MdzZ3B) za03T}fYfdX#$LC0fjNY&TjAUkaV-|3`1C(Or*@_m%u2;y7T1?~ePON7(Ej1@$;(D- z=zG0t>NUk^CD!Mn*s6d4q1sdfJ)ak3(Jsk_X47n|^`rDGi$u%$<2~5=qXiS``Vg=7 zUouR`2NF8D$(fsjvr5Wed)_;k_mil%&%Vl^w93BDVoZ+pCC~`hjxx(kCHvFBVMhXk zY~@7)WW}}J>f(le$B;TLkL3+Go~M63==*=}2)gao5Y=I`;Pt5yD7&hwJNF3hMmjI> zWuc#{;mlp8wA+LNh;I#~R1lNQP2UtHHce8R#j`>Tha5BP-={w<0TD^OcGBqcZlW9^ zq0ItF!Kfe26^5m}2UP9K@tjR{edEpCI+Esf}2tVCnP`6-0Euq{~2fgiv0`kge`8$$f%?zZ9Ny#Lrx6kbDDg1`|oN74_Klnko^yx)a z{uZjqX%2AlcInF1;A(E7@r;5WNkuoQ=i zTSG`ZM6QXxv3<4{A|Y=t6@1%N0vzb;-D(m&4w?rStM~lOcoQIp#uJK)7)N(H5b#r5 zT#wts7l%w~o3%csidV6G>@pCu8_1D#R`OcH|Fwcl?EjIa8Cd?u0`VG+tKYhGZOheQ12Q-OhOED7KqL{@n}7*ZYu-u3q6dfM(AW>T9eZkW58{H zEBou_vg~aAjcd+{d8q&<=Pc*YYJi9~TV9IHeNWnK7X9VQ9H$+hwze!SPfV|@FP(JI zEEiu=n<*6#IXAR!tohf&;CTN%^mu;{g`TY=`!NOsJd%9U_n4l;!?Pw8-VYfv=Dl%e z_|M^`?JR7n>g*p)E1f8!TUnBvT2X^?0$0a-hZMfVweP#P5#2BsqyGoQkazT0G}iO7 z`K7}y&Go5PX%us<;(5RK4=Qtr<3&e_&*vKrOCo#OXbrAJ~+sg%G4q^%I?L~(} zF1m~MriV-F9wq)QdCk>##&+K}xrVWYt`e6nFh`h6|4^f@nuf2P*qKs{@ZO3EpfP5< zg~VT#jL{2*NZ^0GXn|+_m3<}|sP2fnPH7f_+{X^NDpEu$RzwPPwb45qNjQJUxsQhG z@Iz!FMY}{kKk**1g>g|KNi^{s+n~ zGv5#U2M*?tK}xZxrC}b6zUpIAYoVH2u2H4iA9!MoPLLZfQ3?Rm-C*SoSoLnq28+jQ=MhW^6b<31F@;1}vw>VFnRiSduM`66dEzzz? z?WWm&R+Ib-A}pV7wbHq!gFO`-+#eynJ84{KbgEIWu3-!>g_4=cS)d?kYYce(*O^pI z{t%3PhVP|W>MWWpQQdj;TlU&TPka6Pz~jkCi`$6f$)$v2+S(+f+t}#hwNzl3XJ;U% z+(u7XVl=~0%V7{^W^df~y6{La#YJ56b|YryAX+$LXNO{xncfLQ9xFIjZWx!mW6|_b zIqSAp-7*qE9%o4+kfbVe2xCT}to?!yxExB`h{NZ_$*l$1VldqiVX!qjV3%8*=#QE# z4IY2h3%e{Y>oFu!4EU_KVi7BeyQ{(Ll%p{ZDtti$f=n4aQ%K;ME!@Xcz=rMi>H=fd z${)Cfe$o_Mo;^Z`XrGFV;1M33>-Z?;K%CITm1-1Ce><^^e{gInl3oC#JjXpO9RQ!6p~vP z#Xh`Y_FfxYSG5ny!)Wi@BMAx>uV6ty|GhW;l z9pjD#8eVY(r)7ZJLC&oy;Lfyj@4kfV8su?`Z0ScYyXEf6RC-w*l3Ga zL5q#~W1S&*)If1C72>e&aB)#rnYn^qiToA%Onv^Bkh$ll)X-6gD z6B3h63{J0c_C^zD$f#=n>K6vIQm5xiva@X^;3Q3gtq?==Ml-+$hRj{mLNm|QJ_yWB zWMZR8xP&uS!-|X4)V<8Hv+*_nAg3kIE&9bZ+SK{QfIGyFV#}LvOK;60h{@{)?I0g_ zz*~?`NRS_Y!Kkcc-7#!|sQ=^|v`}eDg;&Bg6-BzrKlLF>r4zWyZ5vf@`Fl1!CG@Z! zXQ4rze4-UkzfhpXr;esKhQccaeW{Zvb^s-hrKC(!Rb{S&@!BT1kY#k?VWRRS&cIV% z0C!GHd;oW1G*95QdIcGRQwf}oJx~2CH}qM{8~;9dxCopt@Z$I zMj#<}MB8G+gvL5GzUb%@zVyMEjlKFmFcWK`gLS-lW-m_9;cX`Qd1HTL1N0TjQQpDb zEqF}KcUcZ9Jp(~PkGD}%LCIoIOfT^He7`L`J(x`F_`Y7A9Kx+g+wrMYbG-mxZZw$H z@0cG-IN|K|*cueIqq2>@krGbh0Q4W*>OZ<)J{UiSI4JcLeVXWE)bH=!+HFeY| zY7g7O>%90zwJd~e)n_8P2N)hY)|;$MU@pjF;c~ABik&S`H?(-*u!9nLKBxs;pBu5F zT9*C&{;*QK__3- zV`l#ET#M_KkZmRny?OA4bhS9}Wyg1onAbg9^}3)epJL{FOqh7HVQ}AFtN>@`l(>3~ zgw@H;^jr5ob0*f9{}o<-)!Os~c7~Qv+}u!f|F3iI|4LUL|NoDF2U8Fbe^MaFRb3!j zHZ?7g#I^61h;Qakiq(x^#!Jb(iMn8pc-c;o?u}e zF@A{ig{@Gz)hlHXDnNW!2bL%LWWO6YJ>Ieq0?0HSP^+&4#hDW2(I{phix}0923%e} z8UL^m>CoA#_%4yq5D_VDSExC-p&|PM%}4EL-qzpF&L1DQsM$GmWR{f~$r{3Q ztB%D>_aGyjQ7Fj7gOT)l-YzabFD(g&mXE4L1c#Q_N8Su44oSS-AdArL==8o^OrFlH z#UO)hlm=7$`ve>E10uwN((L5)ofI`9q)5f9w`eoStS9f@vg^_k7jKm^?IzEE{)MO- z3QJkk2nUt;w;2~-)h)hQB2L`)>FbFOMY*Y&DGl|0%1kOKD?}q69ayYUQAmq93nHQh z36pe*MnaMcfJAWx9)*N~Tj%}RPVj!Y1&A`=d0>CJ^QV^NjLaHQG(TP*HO)HJV2LHk zs7$KQRck_Ere1s+B}Qos6Me5xEYdw+Ax}xdSYc1JQBu|DkXiLjA`cSD>s_7mt%x`+ z@zv!wzl;J?U%bt-8^RHMSP1QD1eGAUFfsGx8grPVmSQqG`#2Cvv4x7e6c=KAsoe2? zk&p>L5UTdMAA!8|pDY`@m@Q)u3EbR#Qo6HA+j);JfxsQNwe9_pH_!_ty?sQU^}RjA z1(dM6wb^KeAN|(?d$)yd0cnuPr{{k0!iww2K9d$orY_1zG_RYg4&;FJXC`b#WFI}t zH--+61XEb|XNDN*GVif;bC6Z$X!9+Qh)lX-KxsaZ1h%fpvq_=~XLr$b!1%R+v_E9Z z{@v-YVM38qJ`u#4h75}tcUhsamdVaiC`m==?9IWM_4_nB6v9vS?I7V9DuitK@$P&i zf37L7Qdcba{;(w~A-pNCPDgIj#+RS*iu9xn{0|zlBj(+SZOiS4^6gHUNXlE_8h;0` ztM?lKuBmyGO($Tl$NFPFH`jc_XfZ;2)r<=Ju|26MC&Y1LgUwx>73-setY$-l2(Frp12Q~ zc-5}OYngD0?oG7}#EjZ09gSwcum$zP6|$X&dmhw6bAk^jZGgy)jBTIJU)lSBy^4}C zS6NVr1XI1V)}s|}6W?yPE0v-@vV~T+zZ&IG*oWg4^QpJ-c$>bJ|AW+S?=@P&)%hqo zHZi!bmAXFc`Ob@thR^UTK{gp#q#-~#i6jcxn)m$ZJ;_&dur!{2{8g>$(5L!V1O#4@ zLO?Ev!?VC*`S5d?jExYvqG;%TpzZvqyZlGv>oFQ0O zI!jGMXM_f67<15>!f+^} zZQHhO`ySi2ZQHhO`ySi2&HuinJKckq?w8bH535px{jK#aXlhBf-)#0W6cq}4B59n) z*0Pb&askP>W7y?T_9bT^|5yar_VX}Xmb6_K<^<;q#`KjX#*PQnhY*T+Y6S&xEYw=B zi8E@r0{61~oj}-S$gPoD$+?^&SfjpzE?r z76Xk(fbWd~G&kT6PKp+wsK^nb^D+hZH4&rj0x@mpLrl-YzB+0ypZG%Qw0*~!*SD&31ewv0M^Q6eS zaTT_ndQo#3Lr`PwP`!yYUi(E}gjYE9 z**p@~eKvHy2j~HF}fj$&3s) zeiCx1!Z~6s`bvO~-T*LawqS6Sz!LGjF7#?)A8Y!thr>=7)>$VN?5OlNAWPeNx>%LK&!>%vxAWL zkngMsi^9+24A9(sl^frKY|iZ}n~KTT8IVbD*YqCm;hQ!(M3C-`_O)-oq#&02`37n) z;NGZKR2{Fdb6-@g*O*T=dyZQpC`^LBvu$xMaM2qp_$aiOTK5AJ_m66RmtWukcaNW; zb-Ule(Dz~iGvHVjQ`^yQ%_|fL68pY<=Srf;3wX5iO+$D8;kobi7cU%J&{F^<=ZlGP zMtT(pD=n$+ZKl?sP9!XP{K-GVx8O0MlSp>?zTu@mCz5&2ha|eKe|#t~dTER2(x2iw zr`Pw;i10A7F3&F7PBor^2AQCn<}_CXBw-pW#?^{Cu-paH6MPp&45u1YG(fqg7}a!Y z-<)aeDZ*DX-sVPbQ{Z!S>Gqv2^(f%&Ztx%xltNqk4b|U$7o^Ngfj-=udl?iz%B;?f zcFQeE7j9NF+OpJUxCHlWX7^1bbsKl)nH6fumr@oN6> z8Z0eX+2~QG-Ci7Gui}54;2n7s^Ht2T{vsVOHjJ~orAso!diz5oA%?@0g-PQG4};Ja zjq6lf(;}UFMqPBqGu2dY3;8(>oroCRCRzI_FW^?mJ}qMdgr8)a>xqXw=q24pY#7Vq zgqfu%kL&TKm%%jjLqJbxzEPfYT5ed$mX_t7DgAwE8M7FBexpWwYTA~5Jnipk2J(Z^ zUx3h~%h`UuUv9Uj(!H+cqG4_8D?U^n;@4woVUZ(UUeJ2L^RpsyMWBl49tkJ4WnAz?S|#A2923_{w78=nr8gQzLcKA| zXF<#;E=_M(*fUhn$VZD(rCEt;i{UKKm7pbSNG(s(ki->&7+G^iG)iw$tJE00D{OsZ zD>ZzCjf&23_AaPK01&oJ)tdeTl3)mBMTity6(j2s?SYBEGF*a%c9x03v>%j<5mzzN zMFk6@r~0+pO>zQ-hmJ51y{x&y%t!&*5LjhlT`Zil!D|Yxf2t5>q&BA4vP2RB1p!Q$ znhYU=pX7m5DfkDl0tw1NZjg6)>|$ZXP8&&e1ZXYoDbNRTR!j$EalhmhY*3lHg{%ff zNH_v+-J)JNP)+hsSSm(12V`FBP;eibm9uJKi;DyVG{qeUbbpJb7|?{#3$}8|K>_$5iq2UcQ*a5+(!mRaCsoQA(sXQEt#BnJf@97^yIBoi3yU~ zzh;1ka;3C>v3>*N{=Sxsd6Y0rs>W#=EQ{^5AvFMsIv}M~Z*UDV$r%fKD3_~ljKc-; zlZa-U6)wk~VVlHsptwi78ZhnwDCB}b3j${9sU^3VtnSZEFtQ^aIY5?MDgqRj};JnPdaZ)#zWn9xm;k&)c%8=8v0$v8kqI_EmMaGy3%AHGVq3H~0JJXZrJQ0|5t)ljm_6y@lDl_&+?;$2ZBBJL!%6n}Fet18nr&M7KZQu&$9*FLC_)#A~%@&5*(&qTR*=%zPcU0-{RN( zIJJI!e4K<$Wf4kx^nF}j*j3rhTJQwl;n!bl70_jS63@`?6B= z(68RsB0K+-X?wrle^5!+`oWRX5rr$#)wAS_hqeI4u)1N8&ruE0zf9immqp3DrLk+K zB>~wcdGz-f_e+JaTp_xXcs-Ms5a=nv%!0lN$vU3q36-Jh4y8&piK>k@O|0kvnE-a6j`B9OoS6z|_B zwl^zEy!q*V?n-3B_*rr1V4SS6F5oprW3=3hlZdpK8SBU&BGE#`wH#xepOb`%%vnAj zm2;aLJg>nRZvJuG`k@s6g(bncJ?kBtw<#@h+i-9usetBUtTK(M#!v$;fz*+VHx_cs z=)`|I&|PZfLvCrqc+G#|E0yp^$@ml$GaitDJxb@e>j!C_HbM+K^Fmsj9m5u>lg1h* z8?iFvw6p@M6lSdfG_>jC-SYkM9c;*?T#S``>Imqbf=P1kFHV3ilHeK-7ee<~jW*GQ zewe`Ymar}~{Fn9Qh?apsZx9_A2<|E zqHK`&Rj#{}b%MT*Hq8MX2G&H3B?O*ng{Y(Jmp>G@aJwFvcH8KilWTU! zt7yNQ(4EMbXhY;oWKDzyyV_tVvfMwrLcD3?fPMjL$;8=`zlv7N*#U9hskz=uTrt%? zGp=2)475T_grT26?{U-p1&xDlOmZm^kD*bNW?_-XIe!3aUXcz*mf7y7*5 zFo7d~1iNy6F9sX%U!X$_0+SA3$SpD;w3zP0`yp7U z*3AT)KE%o5&`NUI)<_FdLWMIi%s@1vUM#f@m;vMR>-eRy(Uf$ugaN}n>~pPRG*p=# zZOB!k1_OKxK>pf?C}C)Q2;p-yHF(R05mq-I^^GHM5~J_&l0@QWe(xodb_1vGw@jF1g6__mi~C$N8PVhy0Rpuz4#W9Wr#=KE zpz@MLY4Wk|FZEJ7L3|8;hxu=QOCnm>xId%`yZEr&!0VBf~_C;4xsVtf7SQC zy^s^4MdSqwwrlLt78)Qw61cXxNpWOeG+22#AxrRjKN=_;bytkS4Y zN_Q33o^AgPGfd(yI9>I~D6^4+y#e1spK`m@r_ZgS=hL%a%cbS8A^#2+jk0#TKf%?u z&i`EneH2Ba$9pQ@77AtjN{h;h+NDn?%z=%|Upj)wewPt(4puFBZ9(4aw`RzM=1*wv z#{1O5e?3fOzKw5lUx169*$1%z4MUm!Y^;JWwc1_M+-VhcxusVRB;CO}p}hS=nXJAT ze>26$UUb>T3=No;uCAilATQnZCuvdGYwgww2XOcZyJ=ZoI^DmAGtD&d8&%lHpg9SbZ*sVX6jVlubADU zr670Td(DUl9S@p6xxnQ42e@3}m9K`$__5ViE0Z}<4&$T1Q8^M3vffDz&0~3A^S32= z(n@m9x8HCnUt+K>dPo#Fk^jOwrZWFvz?AAKXs%)~>_qL|zOc(_gBXcJ$)GIXdaz&H z&Pn*JfHjzCWDG|!0zYhUmW(&2lKeF#(N&^nwKeoXTN3a64@1J9@Vt$rpwd@XC0dV= z?66yA%$h@6aKG2BFWo^d+q_O^tb&ciU}mc4@hk z8)pxx(qy9;v8TYq2{x8fm8z$Z$41S@L2sd6P1wy<#OjenN0E9v;M|a)5Y&#&HX?k7 zVQ-@0^pKA&hoUpCEgne0CQhE@=N=#ofDbMP9v-q6S!$U$I_Aa>xQ##VGcSrkU30Bw zFq(;Z2B1PV- zOVv8i_87OoDViYwpQfB3`jd)o0G2s>1L2e`GsxcWJ1epG2m2jxL2LT z6uRknZE1P3giXR26rJDz@MzYlpe$;=`0 zkB-1#P%5ZUqhce3lBW)Kv(U3#_WvCX05`Yi_Z5;Ky=T4!6(wbZvMvo9M5jmXw!Hs-qxK)kTR(6&Z{Rl)XE3pQJ96mTxJ!5Fo*8f-)HY7oc9mtm_C z5NP4iGC(%`Tx-vnW1u;Talqd*4qN!b6B#3}J3CV?6(;2|A4~N2nhx(QoDUwrKIGbu zfCv!WASB*(?}N<0^#W+yqgJ~98H)EV%`L+OLWVV1=vg97hQx|(fFdJ4B_8fR^f)6XNuGQB7)tNy3=Xvco+x8ti4#ixuR&% zZtTe|pzV@`ggM$_0xbP)sc!1nzdV#pjm&p@ZJgIyBW7j5kdBx8XnS}>F5UguyMB@C?AEB2xy&uAfS-p!P)s+cD7us|mF|f=~N9X|*Yf*hw z6+zUpaRCb+o$5oiFhP;jqf|s={-&=G8|O4R;Ikfedq~*U=`KbKWX}-rSh=d=Hn&(> z?&iF*6IwBZaV_zl!|RfqF@P*t?0(cAzcUgk5A=C59FW0%ccR9xR5ghx2a6gLu_2P^vgyzV* z6Qbo`4u4EsD?-K>(o7vhV`W9eg_vFcv_(x$JuTv(40pi## z8?8JAq5NBZ^6&uLn4bVK|D{mJuANg6vg3fJJ}n`LkOL$!2vVWA#;e`vYU#m0Q&;|@ zkGEsss%q+_nlZ;EAp%?J=bXC)o)VP-6&`@c`)<_=s79AVsf5QK`d1E46rn5k5X;DS zy&H+>^J{q^4E;^cY?$neJ0zlRhmVQOhkpX5z2k;B z4TE_J;}ZD;mh_p|Qg=os$Yq+De1SJ=XZIBr6Vo30`}t%C*UaDp8!Lt{3ia;eaDA-U&PQl7j;2w`nHULE-gL)2 zfgMZ)HNk#4T0{Kzy2RyI2DPz!dtd~E0M$_o$j9P>`get;xEd~V{@iV-N0Jf#&L%&!GC65S=QBuo;HvT?F3-glhaoW9)IZwp}ob~nRr9bsFOgb(mIZ?fn`-rZEU>VGePCn zfHBD@hGP6e39c9SId4##9)xRS%{_4Tp|Bb z@sJ&fvRFx2fR*MZU%#y|mGL*gu^#-(bpV~P?8tnhB8hm8%}`0eG+AH=M2#ePR`)5w z;{X_Zl>6&E2hC0`lJT}eY=0`<F~o71dO20IEOMj@<=|-VY)amHYI#FYENx zn}{h3-J>b@0kfR`e+}w0wjx=($8*20>$5rj? zQ+MW0$qh8gw#|Z&rrSr&iI2I-1;>_GQwJ%v^{%2{mK&}QFU5f7cW^LDOx1Hg zOt>)Y^!OPzh2zGWozq4JvQQ{BUd2nlx$j^m{PHT6Kaf10=onZ(G8+qkH5@F!<~P~W zis1<)z6y5zW(FXe=l8&hh985x;Xr$C^=nU&9}7oKc+m_Ftcq+D0U?IdgGkC|#(p(@ zqbbL`r%2abgg+(JD-fR8@x&{=a)Ml6fhtnrzPg_f_vdmQjQ1>Tt*jv~z3A0oU z@k%*|?_^fLgHT5HHv$IzX@%XY9OW;5{}hMke*=4L|IJ{<#`!--1dnKKCvCPO`t|h* z#Vrj7LIwgzx_#`8x@6LGKkJsl*PezVdAOw~NrV*N5ZnB`UKs+07gKC=R+PyT0oph0 zzFiCLUwNX<_Hur1j;v3$2~9JlR!Gdy)tUyD(a1JxB9+n14qp|f`@r<(i8E1TnXE5e zdn1xs+(Xj*Fzu-po|a(5O*<)ta4}{qjJAe}(b>B%r}- zQXm8G}~UZeo`ZOy`#O|U=o`0h+d~JUlQ%!_zTXp z<6ZF}=}Np&x#;KEO{M&}Q5-b#Qfg}#Uj4CWM>jX>YAxMW)m1&N#D=3gC4#}LVJnsR z`P$cJGjz^R44F(<$XJfRxG=7$Dl9K;Mxxfh<$kx{Hc`w`k(fln+dP$Yr{zm@eE-^2zSSs2q{I2}E8slK#; z5TVk6TZI_tn%Hz0EoCPKJF|PSqvW{F;zD)3m8EB;`HTJzYGFP!o;^XI*t-V0Ey`9O zV_>LYyt9$}WQFpa)y__=moxEiI~&zv9aAi;y#(Ams!(s+&wQW>XRw>sBAeT$*N4HL zJW`|6k<(J;j}*I6!3hQ~)B<@R5FoZt_#SR8B_qwvb!Mb5b{y$m2s53WHb%YJ zXc98mtlRdClzgcsN50T;PS+&+F=dk&q;f{R6lAuQ%V9v_1% zeAO8wtzbZu^95qh4kCzM7&vF*!ZvKeUmL0zO)OYg&p`?LP_<`B)4@d9_bD8vQ91S- z@0zNI-#-ibef5%{ZIS)pTlHi;m-;oD4%yR@@;BDbrX!4YYQj}`^H(F(dHrS_5~i#$ zS2L4MW}DB_Yoxq?(!g|!rdP8hr|iL&Ll<3wDp1mLS>z{;smNx4`!iG~l#_uWGZ-6z z;SzD}r#A<@RTi7S+u>F0-}>R&gRlB!-7^AuX76oKq(_yYE~x0lz(1J}px=HQ9bATe zMLV{19^%teB@C)masX2)X*hyRKWj*W%}`jR1zXpb(L z>?HV$;op32__@wK!$)U~0jB@gbRSkO_0gWgC$2W=@xlN&8jU_z){++S4B`sx(fteo+Y7WZ&Cw+{9zfY|0_2v zvzJ)Upnv^Ku1@+Em1F+n$egl(cDu|Esx+=LNxKpwGRFA*!Wb{SAlzj>B)elpN;hV~ zAQrduUsT-R#}2&}X6t^!Nu^Ed$*2Rz&9i^Hk@t_dC->;fa^m695vk$eJBY(Wkx?WW z`@E2gntSNQw#;!2%qYXWO+HzKqx+rS`<10uN(aBN#Z%K)reXYSSJ_1vI> zlo<>lw8zbPdKWG0up-d!Dh|jW#l!M*`DeIOuo$xu-2!bzIbpt0q^Tk#`u0dolEXh> zTyz{1e1|&&H_uqd2sk=LMd1DS&tzi@Fs1&h;@s9M!he_S2g&~y)Wg!_SV@TK-fr-P z1ei*wG{2g1Beas4jwMtDFjFWJW4Pr zueo&8dO1LM`w*RJ8p6ERtSP$6=rD+flR>XYIsbsMKqUXVoH_{j)&Q;Wf{hv9)xPxU z)@ps|;&2G}f{nZydo6e%Y3Oe+9=gzwfX9IvVC0~CanHz#@fSHNkcNQNt>I0PSp}(F zdg7OS<#D}{myBYWOS~w+mRQ*9KU%k%&?t(yH{O5I<7Zn7Gg*F%bzfQjUwh8!l5Y7o zpeg{kXH%0Zy|FRNc8vwpnis|2-H6YwzxP=rhLTJ-RDkG5G$}Pf{@2J-AS`7<>&iqe zi~x^&=zr(Sp+1k#(-zGSNe3T{&+A_mD)`{QFYJERu}%@osqrknUf}#U3QUP9V3hMJ zw+f4B!GsP9xZS1H`!3{&-3QPUOWh(Y0wgb8bg$W_PIV3>XA@;&nB{KQaKNz4ggiOA z^<7m`VW@%wD1@SKYp27(p%+}R_a~mQ@74v;Jq$`hf+ObuOwyapC0-aAh*&M`dOfpn zg&HZ6Xrzu82~hSY`F1%*U!tw1Vp^wR8cITVAkFqM9u20iDp_~hWwVb6rQN?c0m$*# z{J~NH!Pb%K@B-zH9gnb!Y~ps1M`%=ifAcc&ylZt(fS|U#>gkOccnWMAU&l*s(XJVL z1%uXB(gCz6aZIFmbtf?7(Tu(^UNI>zB6^L82-?N%ulS>WeV?&a5C8@4v6N@Nk6UeJ z2eI|+vu0zV(8O0_01Krws$bMkWqpd$Hq4caZ`d?Rz>nc(wNeJHd#)TM$i!+G0I{*! zie+aa6(^06J!1*VLOuuIs!k#65diE}P++IT4;AtFxRw1MOniA&e%|QW_ly%fU-)g| zeknmn4E+;$E?6(?@1_E^FE$N|N0l0A9tus@(@S;%N4x%Q|4nR-otzy_{@DEI^dFHm z6C?Y73-V)PW&B^$18TJNoi^JM{a(xFv@6Jl0YN0gawt5No-0AU0*`C!Q_a`raQobxdc!9wQkt2g^YP8+9ru zL%+5z9`|w3wwkAh#K8qlAOo0bnXz~HzkPK-Z7;<1+t-yX2RlR0Gg^*ymH2n|7B+Cn zwyqufb=vOF6Y!v~UrnX~DDUB*2@q@esf;i<7Z$1h}@SCv6-g z+*mx7)x9iLv)Di>)7nJ5gJe`#h8hJn7Yj#RVS!)YlG(9v}X{f4&}v3NMgmh<2=fzq?76~uFZTv*fzViSQHSd|EnR-0lhT9{eDukr(P z%Q~Fku|s5r_ub~O*Kp2$DSL2X!l{lfq#Z(M(av>!1~56|(4J69D!IjwW}iZeis^B1 z&!NE$Qd(fTWMN1C@c{&2HR7F~vx43goX8vVXHzan6hTG{lJ-jE>-YBCTZa~~TD`L> zgNF@LspIG@L?XA=jfDfqz^6(Uw`)hwS|Pc+YP}Z1c2^~1FLd;R!!JUDlRM}8z__^D zwRjF6p&AW`AOJIy>=86Pm6#io$!S~+258U%bi zI!GJq!r1+k&;-U63d;{&&Ya)%Id0J1+y_z_^{Kzo|QXz~ZM^n>df_i~vfLHA}fQ(TiS99_pT z!v+YpdBB!8 z7W8#=9^klvu*?LbalC{hK%R8o<}SKQIM-;xZTPYY#)HcYEmSlfE13K$9Xtp3u>)$_ zT=dt8J5-LE*1EKL7#C!TZMua;Gd8Z+%o}f=Z=0mR0P7(+!nsD+AI0DXp&q#dNz#6U zPymP2XdZXNuXn9E)Jve#xBtrKD5PcwetglFV1)*5_|SLHK@15k)bR?;-s%vnJ^(>n zvRLBLO9)eJ^2IP{P8D=OWu%;g z<%r>72h%>|OTg=MNo-gU!)RQ#NB0K-9z0-Y>80e!T|JrBWz7oyqtzvs5M?2!#O9{* zkgjMzR?de+l0#MMo*srb->G0kyq!#86wPV_4?`U{V>!{y`R+O|Bm*L|;0KPf*3h9i zSH>ah?=#MB63nDh`&?*}MFvetgM+mw2rP)2mhH82NPrkmRH6MKOv)VR8%&e&pRO{4 z;Wq`*9eGmN6(36aQKj6uC8??C)}4SQD;;#=781M%ZXp|-1`V$KYi53wo*~b6l(+)m zOB}T(HdK1#uRncWGlr)P!Ol(U4~b?7lEXyH=+(JtyB7cm46l&&nqlPiNtN6?2fX+J z90w&r156w$Jam#hI75+P2>Lt``!B5>H@076Re*3MQ5Gc`FdrDToJX5LYbqTRR9(=l z@rg_}pzHJp_SL?>!a1ocCIAB^Ns-hXuH$ulI)i!nC7lwC*IzsXP)}t@}sK-HYwlBu7m0@R9V^EE>6(T+<45i z2c#49xgr6%M{ec0lN11Bo|WEOCmyY$G`l6ov?+n9K;Mu%6oJZhlO4=+EsF~(E zAqY9evXB0B^_9$67_`x`^G|;Of|tbf*8+}D<~|n|l<`+GLvrd@rmM`OjYDe6SV>9@ z1hU!|P z`NKY$aRE+oS*3abhU{fDbJW0v^O4c>jNgecdEy6?=(1YbhHyw>4Jh87wa=Pqr!{4u z#45Bvc=DlBK5v!1SqPg#86~(aBPRY8);AaC?-nLzT_!&k9;M9Wu9s`0bx}dM!yK|W z%V5GZ7ZB4ua$U*a_1EJDg{G$o>Px;2gOwxK;fS>YWMqxLmi5-kXk$BS zzs=TJR@<~RvttN6a-T04<=!creFd8DD{F zr}N6&!S}F6Nm4ltF3MB0tN}=4{=s@`%0^Zh+kB`x( zZZd};qM$p`)%Zz%X({rVKt@U&e)UWuzz$RRR!&@pt{v{(!$O2zM(v7zW^uisb-^l& zJkm_jmXk3FY^`_+OXUiSqqkqkRu0X}g;W5c(QA3f{`3V~ARsMeKO8>^&93BHqc$(* zhCVu>yN&dU`7SKv(8$71Y3b;(fLATM0d!q#HUZ&!q#UQ9y1@x=5-=KqOV;n@Kduna z+3cNeZ;JhX7fjEiABbU=aN%A$I(Ds)DNe_6>}H3q63Av!Va{}3&DAhrI9$zFN5tSR z>JyKTA)BxJk#GDVXncTtLW$=%(EAyWFSrU8H!jkE=p~WFChC`ZOa~C2 zeY@M2RrJNyep|m(AnyI!3X|B8CC=M!O66!JIP7;p5jsgzFFKfWyV%(UbyZJEk%zl0 zFav$FLO%tT0HdE`jQs^Mg8mk={K8dZho9mEf&l;7!Jm@hQDOm$zSs_{gXs&udc7vf z>f@gz--$0h_4DJ48?v*hUxuv#uVykPCxOt_n{jvTi-${vCSvA?+w&&a29=JmvIsHT zV2C^%@OneXTdmme7SQ%B!yQm0M&&hVysbX-!hN+A&{M_Nu?rjCOg0stK zqInBEwKN;bNQKk)EU5T^4Fag$?2oI@%TQb}2^1*dt}U0L>^f z|IsC(Z1(ish$#9*L!kEX8MGsR9OTulX4la9&bwXD*cD=2rEcl)s<_nDMYdu-RBFxv z9E&p_4^6_cz*(s(t8{I3dl6Tjti+#-@P#AMg4i!1D+Ll|f)UCoh#9K$yDV>gx`3z+ zX8)`@FJZxMtA;$ab&X`jXdt_Hl3A-t!+&3l|KeQF$md)&SXG&F)QF`L&UPpgJ1kSo zbig?@17$_ZfkvxW@CaIrRu@Jihu=I}JP%GtPJUm^C>0gcWSpHpD=N7++evlts59~~ z+LcK^4-^4E57bWbD1!xkVn4EJ5G6DD`x1pB-DM*fB?myEF2;FL?umvX_j!hW{#jj7 zy$bCd{{M)qnEQR_V{VPv63UpaPn>O_2h-B#LZ2td)<|q3-%R zw*~&E$QcC{2R7~}Kah4Wc5+Wf%t-(a=YfjBQSMi-74;>L*{vPW1b66Vkz|Xr45XOR ziSmwiaF*(bmqc-`npw@qHK7k9ALl|Of5gxbi}js=1&l0oXK~y~<{N}Wz#9@F&I&_` zP{@wi+{l?W9W@o*VYxO?RQtUiv!|vthhcVps29XMFb>F;?k5QsK5=muD6>W!wFoq< zADpVWcWr`$%yG(@EdnCo8H!_+T{CZQeN+gDKecf6w?pdsHVxqlH~`j`V0)AshwfHF zOQ4P=Jpv-ov|&3osYonDRnToGgfM~HKU!PdnLD3W&eDV_{!^Ze7H>-E0teh1%q(u= zLv7N&?Y2??HwnPexsz$VjO)jS7@D=XQ-nKE0l?FHn7(k2+s8i~&g6-a6f116fa4b` zEI=qRCRNyH_3CmyS_IPv9P|8{Re+2(T(i(y#F`tl8y%=VMh|8$jvs%H0bpvFbMp`d za^u}qC4QyX7!3RlO#Ly~bx=RUjPeIZ0mekE8Yxbv3{p@t5v+p7%X}`v05}^jQETNi zmd2Y9ngY<$`7q$MgboVs0u&I!e%S0@=(f#R&pEnDq z+qmU!HR`fYzqd<(zpqCut!}q3IN6Jj=4+iGYxtYPiB%_3wzm!(v|OnxXx{zMQm-nL zY9v$t!re?1|F&>(p)hTR;7~DP_VcIUTF-h6#31V4$n+`0e420an?->}7l9*z^zcpE z;h-AFF;P%cN<55-Oeg)uVVjnNOab#?zG7~ne2-w)0F`0*^7V9s-jE1&T9;cl;#2`X zZE56{xv6UFH|u@GG*pW<26=V5FB)qhj0e;pneKO0K#q}>`luJNrai0m2v47jN0aCd zrNm%evzC_)ILi8DnRHMjQ1IS=@hQt302>D=N)*#jp)L<=gcOAo5?eY27%LGL?H{?z zn1KrXYamrS7-eLWaD0$r=MFgn5|A3s#C*5eYSQxl;c@zLldxet-!P)GY=Z!6kH;-% zr$sZ)( zYAHg|&W; zXb@R}6LfG_Ov)j6&q5GnTFcsfhKjUSmvD)PmNr=(F zh#e+M`(R5&k#y>0ISFnr~F0{WW?|4;lu(-_nE>_0S7PEUoDjKCLl zX~ZJ{FRRpg$IF41mzPaslqvYrAI134TcOQ7$ID1d4B7s9mT_y69eXR;;Zcnfa=0uZ z3+E&KeP*x*@L8O>A$A7)*ul-yH3d5(hf??8k-4m! zBHtRnk6+VDJt)U>YEW;IDC%>4O-E}s+H&Jqy}=Trtj;x48Kv-+{nPWO#*D0%0d*tk zGEDRyVIx}pNJl=Zj?X5NY&Y^&LBw7fSztieNmHV@pH?3Y=}Lp}U)YI*7ApCs`;gdt7@Lz0D?Oy9v{DwseN)H=!XuacOuc$mmCcr^1%{j7>)@Dsq%}H=EG44 zh`k-mazn62bYT(YFIyZ0Fvz;f)C5kN7}!+_0`b~ZmhS2WLXwhfiT_4vX#^HzYsXAf zbTvRge-U|%`y3{cV>a*hcmWR4B-9Y3VUnwhPDXk+>)Ap(Catf7m{C+Tnh}$*vpylA zcF3uBH>D`;6FOC%7kNBZ;^9O?+dAS#EXO|mWGtCu$;%iFtJu#2KNd#zP~I0j?2cY2 z5P^{qqIr2eO@@W3rz|O)2@`QFTnusd(K$a_2v6dF8?iY43(x$IeP;V#dFEqHX{SRr zq~1&QI||hp1Re;aC(4Q1q)8(ya^zE%jLbsPaZ^ns)WpWa%J2Kl7;wqC_$y3#N68MF z1cIfru~$|s*~~2xmUrKm>*cGe+h7SOC1W1xS~khqBpy`~S`o(WnSM#t*$HM?t=+>_vE#s~#b;%H_76+up(K$n z$g>r##@z&(nS-KoQ2PY;cJ)<@{$PatW^EgK&EP$izGXzqm*a_4+WVz%p1+W|DxQ1*oQfV7Wvk%Q@JqlfA?FiJsM!)4MiUs6#X(cDE`9!-p7PTq zSX|qg6QsD)!&zd#0SMe`F|KikYz(0=SBh)`%(ZN|ww*10Qh)b)sM@MbGjZoFBbmhTKx z5I`qJ@exgdNjRHfgazUsR!~fZLWqV4J*WxW^6`iaGweyqlm9(X>~!`$OHD$K zZpqWr>TNTbgIlo?G2FV8nMgEvmal zUdj;f8GU`-Dt5;Eq_u7{7*J&0JjN&Rh=)pBW#iGaj4nu&MZvz#WC(%(%>vWquiMsk zslF|{*q;*+opRXJPogLT90z~tKU9uzbLwtWvw?T*>Nr_kqD;dw-GzJ6j?Cf&85oQF z#JTy{a2;N=6-1LohV88auKbYy#@J^e%l3-bF+egF^=?-~4Dhpbz;g)=f>X2Qc3xba z9UQc1q5c8UA0w9Y!?RSg*tB}mJlOI#Cf!ydp)sCxOpTrHPOQkmeN!AJy+!&HL+uzD zVToEY8iP>hzUqnoi-iUauSrDly(H3 zFxIzyvj&iYYtp|ptm_${b9a;qdlTvEXZkAR(@(Qai=nuPwp!aRXcAjS3`7&LSedb9 zAuO!@$pD_$k&LmbAcz`$i6}f4k^hIXcWM?z3zjvfZQHiBrfu6;)3$Bfwr$(CZQHu* z^g~BK?C3c6PmIcuS(RV?c^>6Rz%{<*-x-gO@4rs&LvpqXCbU3RO{X{%`|2YflHhN5 zRLysBVxHAEE7T1YubGaQ&>Urdz3q|Oy0bt=QXcAr1sdbTc-ev2H=!C{NDiBG1t2m< zpYwNeW{u@f95F)#@DZTXNBK{fLmLN)AVrA*CbT87e%+jYkR;!rK=A;ojL-kR*Bg1# zv}&Qent{JKpVG0AMJyED+gG9cR6X@i|2aEpc|v=0!UEeo2$19oFCr8>t7y`2r1}!oOl}*j<=(?HTKoW{()9CT)T7VG=P@Rr_5p)+ zQHA*#nlv*DD%CakbyFphq!O7sHKczdAv#|a8EF#w?-H;JzRNr;VS1_=TAl*UtROH~ z*-nXkt__6uUP=|myVAX8+g#B!-aduW>f=2ijYERV39ac5)v;nXvW5bwznHrk9dZkL zGr_N#gVXv0qV z>4YfFs^j4G{e0#^hcc-06EgSj{mISE)kAL_R_^$55TH^VSop%nCm{?UdteZ^)jQu{ z!FL7HJJ{%O7MBn};Q@<{c15zhrhA zW^ugX7;1Fb;pnRFY4+td6#LSM?X)h=#2yd|Oz#>{Dw03~yq0U*W(0_QegRPsGBf*Y zSPId1G{^b^y0!h?6Z15?0CO?Jn<%U)F|zqt!Q0~PFIG>yoxHq*W2=vrQh7q8s6B9YtE?zv1JRP) zC%AYW%b{3YLRCnAIgB;F7~qb@Gh&cj*w+bAW-r2*pW$-`&$>zMgoaD zkqyCLl1J-+*@P&tJ@5VyO>cl{#W+DKGzv$tQy)ctr@adN{B!i1O_zULtT(C(w|U!gaK(eHZ7388DgXSu^0dVvQA*BN%itN#rV&7R zak%c`V0gabz3gazF|@nAXDHH(GQzj9w?9%KiVN4H2LlB&K9hyJ9{zGerPWT9Q$<>^ zz!B~DVj-T8KeEVGcHl&((_c1?UAMANvMA77eQFv@s!sGEpdbi~wI=4$)sUg%(?iVp z@f?T%(x4YWi0xSU*gHmcgM9ctFcj3^y?-$GxVjfMfNV}NE|%xAfg zdaa#x;T*a8MMyxY(wLx?rvXKl2(3WMVk$;&Y5Yf~i^cSa`96K^WC!HrVagMi$sX^bpj zB*d{7%ty>m@(rgS()&ry}5GS=Uq3RGn1x#_FWxGT!E*~ zlW~EBSAeMWO)-d}FkARX5Zi#!-Kzb$Hek@#>YA91VFpFQbFGg!f zvQ{e&x8|6-r7j8w$RGOm5;+$$yNk0joc>g$%^KGbay&{IuS!TA^V;sGBaoO)N@w^k zSq?VE|BDn)C`GJ_rKApwGRi#U(4(CO1|@xvpVUBAD!EX)MQf#g;3tW5``EYbC^|90OSQyG)c>bpz!~cgS#A6 z(j+e*`*8IwHMTX5@xzGb4hl86rGN}6DheQLt7Cg#IT&87eL=X(Lb$?=*y8G z-D4OCazp)0_?tj@cJM_}L=Xdt(#qouIvsBdG;I!Tpv6lk9kyW~r}_0!8%|DxmlwW} z23ax0dmalL>|9*Ao4*SY$}j#f5;iXaqW~;T%Gw3N0dHHF$)w(9a5%c(Bm?+oP~84t z1j)`e$1HmBfFR)nW;VOrf5Z1`>vUg&eejH3jHmy*gw$LW@ec6)y0$jD%!|q?*Ynma zD&FL8c0&r|l~rVK_fS5z7AxDD`4CZU#%+pIc~(ve_s--Q`|3&mZRz)F?s9!t5I|*| zhOlm#e8wZTXATD8$-m-bzIya^?>pe#CzpXQ+;I|GT;?MOhbD;eOnSQRAa-+3!@?cW zdZ)~$Kb>J*SO-6D$|!cdc#u!HN4O04s)0Mf%`F1<+Bxt1t6HJWGj3iYi=gF1SHEAY zVO1H%NT2XTr!wA3ajzx}x%mrj;`ZUILHqaT_=PKi&~~qXw|f=vcId`6Nzf2IWD}-d zbH=2i;wB~CJ5`DU?*su%28ZV_a#y0=oeZ3?{Zp52=H|9EVY|Ykh)y`wuiZk_u=PzTv_l??P3LY{oA`YGWcm1-OKW z8~0ETAr+jowFOEZ&t4PXBj@GK5cGWY?m;}M=T0HF)JsY#F&<9&; z>(8$?VDNLCQjIqk)x-M5FgnN4ZKcov(aEBb%dDUN6*S(<%cr-gBLeqmK8HhxZWa!& z;}l_ejE35HyuN)Ortv5q5s_$M90&_H763)xhiNIh_j*(^XxPD>Ws9+qQv9Ai_M4jy zj%_T@bu_4m_MOd`Wk5O}r?TQXx^o98wm%5u3N+j1#ZnvX?waN^RA4X)BB3m>zYXqc zpLHC>`%Hj4h*)h{v&bVXjEvYA+yIBtK2I2=dU2h{_<}_>higWlYMp&)J z;OqLj;_LJGJSQ-Gm0w1mYF46%X0iH3UGK3>bDDHWI7Mnem8 zr3`TO!TnAuTP5opiB(qW2h9@qQmCn~QWmKZW{nQbcWL@3f=PulIJi7*X@cOh<*6g- zTp}9!>^3w8l!%mcUzqLYygVNCE)0Hv$XG3FpH~e44thkr)emqp!adV!-0dwmeME@a ztg3;#vT8t>0G+)R1{cc-KCcK zjSLL}`~_HJh}xQg9{jmz{-_pUtU;C#cBuLlZeu5mtYGoIJ#j0c$86n#F(%@3^26@% zZ>DAX*_Q1HQfiY8UZ+N7rcAB!;$*1-Mlr!59(YX}<(wvVJ&{|@TI#c#VX4;+Xt3Iv z&b?yS?dI=@*fZ$;l|-j4JO_lkQx%HMu49XvLm&wEHdp-C)9E^Owj24tL0d9 zTn31o0GKT%ZxiGNwb?6-t?HtIoI!=Q!=H<-RkgjfkGi?e?g*keVXu-&YC+Hlb$V>l zwH+w7g1Y8Mm4>!e#P7~+a3B7{(VW$OG)S%X-_J_?Uq^4}2Y(&%CfYMmMV@vKKF*-; zXyjkpUmkN0&q2`A%COMw!qya%JDH49Nyllnadz_@g^Wq4mu+HDEF|%vGd)82k7sBW zB(lIOh$kHP7Yoz%9Kud-6Ri|)prFZE$iVxzCLHWC0(&pzi0ho}-^9Q`;@IVt=^e93`7p|M+O&7W=&X)QZ`|`R&mIW4`di;vcLbOG&q_5qZ5^d>Hk7$Y};;f zAo6-=B(Y;y&HD&(fRuad&@tYDSP9NQeuaIi3h_Lk4ApM%ve=%Z|P2#7wQJ zK(C<7T+b4#|MWVMa%~@PbzfX*YN!965mMi=2q*C6XxOj{Dl%C?%>*4Wq zc7HjZ0>95WOlX$110ObB+gf7whoRenu_$MTE{ z1riJGQ5uW{KDgD>D!OHq6K)#2T;F=tW=*v51dW_%U5!?4PGt4q^`J}rC$JC*&Hc9dI?1d$G+GbJ8E%r9_WzlLq@ z(LNJBRkdZcaGk)_{1HI5aons@u0vgzh;tSMxFj*rs%IC?U|sUfmY=Rq6!*zGw_y7y zsB`Jp(jj;yq0VzYVgB?;B$sK5ta%sq?qiky!VLq*2I%M@A4B9|<2D;SYlxgI!$*LR z6KgP9g&wJtkHIjT7^=Iv>6&SS@_vdoor=~;SvWhGM#_ut@gvy0r@23BBN-cbw{#1( zFVS><_QWA2yUBETmL-MQj(*mBxX|1YpSdC$t5cY=WFgfUq@#jr7Up@OR*?g`kiE&# zSTg9U(f)lDzUQHq$-QnGG+z_k?fE`X2BZ}zs6-==2WT0sR0u?*cGIJ&oPTiLuMBR4-W zuSVF)d4TLBdLK&hrEww|w~QuJ_M|Dr)m;IhFn9)UJHc0d(-&sGqG>qdqqaYncTBLCqqw`8C-hCRme1Bg);2Xvu9zW=ROx zEne!D8aisP`lKc^jho?&z}w7~AiBlO8Z1t6sXd=+k^Y{)J8%p;9Cs9J!GXC8ze1E~ zgen#!q!5maVk0~^3dayB7*=5le-13cem+>S%pP zp3J)#Hk7*B$$|)5U+_J}azMDVNeDbv2`Y{dp6ko8aSG$;Zkh3&$k1S++UQn#D(#8F zL9!LhwOTZNA>^lQgzd^q_)}tR1X1ULNe_2%B^DE4Z|3a0U@kvh_~sq$S;FuYsgQ1U z7;Fr`E|qN>7mQzne%fp+?=%(vX=E{|LiJEMa_Z$p+-YM_O!bJts-Va5t{CPm@WK;8 zLg$&RO;A!Kc5%)K1FQi=j_dSPM(%RW+tdCh2O@NsxnC0yEiID-kAx=0P`P)WMW=jw zBcsAmAp1qK3^vZ;o<6yG8u_ApNtNQN`Z;JbMz4G^x>=dy&W$J?-*pW2b#Z9{6#8rC z0W2(vQ)CLdlLTU{Y-R2)4zo{!kSp?1Sc9e)adzOc)GQFH0-M9UMJ>Hzvr=XQ3mOOV z79*t|JWNP@&tAuMf4-gw0Rkm>{u|tF?yp`^^JP=0av zza&9SU(l-57f;E+O^hsnp;Tgt5m_N2%bC{jHDN z>&bVfln3Y5Lfdp3XzHDdnOITObr?%`tf5lR=LU;YU0Ann%AB+Wyi&F(f4)v?%TwmC zEWzC1p%w@S;l;zS+MxxGtUSgc-NB@VUJ9O;sqoZS5%ki(n%G_)GbFSdsYM|_MK>V% zgf>_)aJRlNwYVr-1zATetsy7rbr3egR7YJSSjtQ3RID)52tR@>zklYl#^ov(^3A9e zg{Yrm?rf2h-W&uMR6n*u{)GI3OylO<R?HE+K6OvJJjIn_3Gd;AS<qSv^-QMoh0tm#I$CO+d0zao@!}L< z7Ya6!6IcKnja{BN{Pd9WAaWOSu*zR+SvZmnsj&wQt&MSH(K;jpQ!M^k<_$c;GBB0X zrA!XUIn*5lNf)0N51*HhNr0rkvKdNZ1--8&HcE7l%ikz&hct2bkmyc8ahZI|_e0Pf zC7oHB9hD8}Hr`eD7w}o}HhX#2^mKRdkL^E!I5&UZz)>uu6~WlI{7iXv!9l1r2#~st zMLiH8Q-tdW0ZD-vDw7+zKCJ_mS8cwYvR?qw0gFyE%5}V4SJ_kbuYS)p zS@Zmq(|(=e))_~Wk6))u58pGpyqCP1x8^0`X09@zJcm#3U&Yg6Nde~Yt`_Vz5+FRH zaq{V%ruk@1`R7Ubu2R1!LdtIYhWK=IbK!5D<>tJOT;T44J_D)Welm2kekCu^8O2%ywa#&10Rgz)mf;Cn)ccb_BxPxZlpds8ahuHai8A{O7owA86` zzoyyjZI`}}TtV9M5Knx|p_aW-;(ShL13#)b?}cbjW51#Zer$b30ZNLA2ac@GhJd2;rR+#qrENs-bSA|AVZSp265fBYlU9n!B<{!(`-46S1 zue7pPPp|unF(M$!xIQZIQV1bDsaOJygvyvIGT_qtj@PR(o{MEV+Wf+$FjG*{UY?Ta<>-bt`8WI1Sv&{ zW?!Q2k8byGUm#DPFC0f?14~=0`Y8V}CHLgs_HwP-*8OZcKnrK0eb8Dx1QrGdaF5O= zWepX_p@LxM)a&PO&PBr-k2+i^DcWo*p9N1o5$dGhEiHGUdaXi$@%!I^2@E+u9zkz8 z46f`7KM|sPh-XOB=mBfBu<7D#wYFHnG@Ssq~g$kft6(8Gu8P#Jv3 z2M-(-GPEwqb2#N?sdzjW!kcIwUX~{Ym<$Aq5}gHvEh8M?=^4%8eUW3QSVzN|u)8B*cWwWqkQcfD^sz5oITZOV4=sNscPFZf{3eF>qH9 z%0`*RN{}N(Jre3`Z(+`VcJLI(u{^a8xRS~Rl zH`+7AV9YWYLZ+DK5_%*2n=T#^jfc2Hujo%3xw6#q8}^qyvfj;?9+&WNOd#K%odwL- zl)LGv-oe@*>N?ICw>bNhpVx~Suj4)?9^xE2+uT*3?o1^grc}D-rEaLP9bkFOtlR=B zE3@a9i=u{8fcCul9A@Tt0&;Mn4MD_-f2eesIuDXk%O1o(v?C(3wY&UZ2N0_*#A-oV z6%e5QSjs^q#yT_eJ5F8R>FwGY;`aOm_w0E6!ZX2_F&h`1oa`@lJ??qzrk-GC_{aJ3 zuk-s{Vzaz8>sOH?8w~?0(OpVdQtUUh=Ma&aSH2xQ2i=yDd!6vWsOi)@=3^Uxr+Ry8 zB@-Nta9pQhO4Q3Ez@phGYTU~A7a2dTrkN^tO|LdR$mY)>-)rwU^8UT548jnUR5{oK z_Wxs-IIakSa}CLR;?*Jyf)l?LWkytIV^S6Wet; zb-&c?6Q6=9(s&a47zChm0Gz>AT5Np0%{bL2s;>O=?Lf~A?J+p>8(9cYj!T1 z8({1(D=)h9t$HTI4-hpNClUNU!kh(tppR5SfKB9Zi%f>N1)IsqnX2QJS-wUs0DPT3Gf~?FO*?oOZ zxSilf{li@S8Pe7ur*vb(ZCdLNM|0bgl(at8Z6rpuhtsU1IK8+jlH{opFLxg&;mnUS z?PMu4&IA#EE_)fPLSo!t(2N>YePdR@n7y%kdGpmg?kn-vT-d zij~I(%iISZyN&Vr{my>*s`Ssjss?l9JEZWA{U2qICFAj!y6{Znyz&c|OY2KHzcK;ewQ#+N%}r1_Z>zJi|;1bG97=&lkpS*5ZcX+!XjB2KXgR-=YcOZ!Mf zsfAl$fyF|`sqxVvd|vww?G{fDR-&LGaY-(BAhQ^JriLn=)Iu$BWB943V+ib<==X#g zVn#0ADW`!8jJ3@2vjKL7Xz0U%xLkzU~0g1MCBBvzocd7_oDB|GuDzqGDHjHdS z6f);y6Wu*9Vd`;WPWS1bE{f`BIO= z8BjVJ?zYlRk#gZg&xP@C@d>gCi2U=wmqguJfYd-{G;Itchiph)brZpyJwI|a5Kj?vKW2!sw|w$vkWTnGlEN75Zm=ts z?v(*%hu$q8PJ=X;DGl-%Nwp!1RHrES26v9835hXDmET6jNXxjAZ9siLa;O8v!5jT_!SxtR^*>Jpo!9Uk)~9Y1h%{Q zf9anf_~PhA<`R7CzXEE6k>=`1Im%X}7)6Bl`uoW9>*DXgXewAh{Pm}**|5NuwndHI z`B0IbG&AHRT;vD5BmZ@ej<*LpC#hr%Qh1O-9m$ zA~tdj4q;eZqT9@-^@d=t?82;pjC5w&LtvS8vV!5_X^6`qpn=dI09sItAz(V_+oR-p z_0^T+;2Qd;+iOP>#xetD7e$Dh2U_!F3mmYhyOL!Eeu;&sbHD*-lZTTJ81aYpHBo~# zN}?Z|VFIZGCHer_^+N)P0TT@&>>W5{3YS0_@d_lPFA-(y-@Jl>Bxr8JzgLLWfd>}= z2j4v-pg3G0-(*7s3!p=J&wgWj`nPRxTQuBi`fd1S?`f4a@>-4qh#EJA$jSov962{v zWA~w6&1(y5X46!&6MeF*C8}+72_hpwrMxc-8I zjjXdPqo>GZvaG)*_{CH;YJmGAcxY0BmpK!mxG-I~$EoLFBez3@2S~E^37-THJ5nBp6y-Us}6@ zRXN&ZiqPbBBUzND&I`ROt2&L1dq=RH>heBeXT8pxxBgbwb7`q%l4n+q9G4@yYh(|Y zZ$=>+y*R5|<;l`jq?pC`t?I1g)*$m;1oDY4jUiX|tHJJDi)~(vCmbt`vwIXnXVY4_ zc8pzKofDN+!nky)lvihlj_fq~XHjO6dv;#Sv;Z|R1ny*joI%Xu6qRO{U&(#vdb!m0S7Uo{rQ{?Fm? zU&J;RrvLR`?6&5m?O_|@?@h1ZE)~8ZU9QKGRHk9$YWF4Z_GCW(f(W6O6OnLAS4x)E zO>Hk`f`_I{qFXHm93V{uQRx2!JGLSDJK190x2C>5>D`|MLFkDbd;YGCFCdZPC?mQQ z#6(8>+eJIozlT}WdbcSaYO0T*@Wj6sGfBBN4Mdd}+g|x!MKcovKA%3h#UBGLeCOKa z$u0lSkobC>hHt#gTu;RW#w#1`iW_uD2x56s&0N1Wy(pgh4HOFxBfcGv+HhkE+e`Q4 zoBrV}jPaGksFQ(&2Z@18YYl`4&(1AziKt|fEQ7cvb6lJ7Z86TNX41hV+f)&qb;VD* zKs-no>iYo7A(9sh>py5>7h^=C(qD+_X(m=)QUgJxu>w1*-Q3oe*Hc4{c#q3DV#s10 z_7P=jH#(-HPi-lVcUK>x)&IEoENZD% zIp|O|Rv_2-+>UpjcyOwhbScLUg5De62jCl5Jc5;ZhI`T5UwC+kY? z9|j>6`MU)7b^`&pqM!~T`CTMVF7BUVw4AYU3aP1o(!k2bq$f`LOp z-Ya229aGiTh+n;wXHVdOk#n^*THRPxuu`sdak!yCA3Mt)!M-T<^#MUgV(qeRXK`x0 zf`g+~wZE(06%{V;P?l{X7r{lgoFDufv%p@M${Sk6=(@7PR(dUJ1QJOAu}Sd2b?arV zIQhDjBY8R|Yd>&cz1EthO9_kTv?vb=P_Dh@x>#`MQBwecKf#RFx4j6 zJ4q{X4VnPJI1Kn76p)72#&t!pbxn*X?=kMNKvCcwbbw!Sw2;CAg0c}}@jw7R8ERqg zEw1Z&CyaByX?~7EP+|Tg1n(!9I7DPDA2Um9&(xjFcKxN{2;?N6 zwMxJ=?m?fS7wuYdn1}^}tT3&V`Un-qBs(9^7uE&@EwS_98gI^&FXqp_^u(zuZ{;Mj z1`oUjIAOA7b~#zl0xNCkvNZoK>mRGUbH$I$U6DBHHjugtn^lFli&(zTh_tL99rrQD zu3;4?MTTm*&Q(k4a*06`R+OTPQrM!t=S8bw)G)HZi6&XOK06kdYNIhA-V0?Ifg1GJ z(hiaEglCSdDH-Tpmd`2w018zr=Qc>{MU|9#L>tP!xO->mI@Y};OHIa(aE%a9CpwTA z@DM71o#jy%of)z^d)0w0OMW{9K&c*TUREb`@d}dKlxzE`1E{@U9|ocIzk(^qg;Rj7 zL&!1pZd|B@46xD3F96%-Vw6h;?#Vb0&0NM{a#QPc7C?I07nSQ_P{}R+yiN>=`$h>l!Gof6!~21Vafv z`$PJ*HlXFjEJ}}cOLB(T6)E&0V$$z#qiWA_-yTowv@)x8J%Y^$od}sez=XaqdlS*1 zu{Q&^$?rAM(oW1}0AG-7oI6X!=t?rjdQzx|ZC6g@VC-DK)w!5cfEK*tUu6~Q=st06 zpk8>=jdZ6Bi1EO+l6_p8XlJ$$1`B6U>+?}PSqgw;{I7Dg)SoCHX}8R6g5WZeh?C07 zfb=rohWQ75*?p=gP;++BlCle1sf>MdRXG#xq;~S5%Ocr_%d%%M#>DaU_)^mL)FveA z)VATH>YZy_E_=q(PHmQ+E+h~&1`4GhaKjS&#Z$n_%~nie>fM0z(3Nxt6AZTYlkwk+ z8LBv>kK)SC>)X-sKKZ;`tLr_=fW+<=nm5@A|MtB(n%Vf``TcX+su>-0#bd?Eynmdu z4ie-Xel=(`e}>5}hC)Z0fn?rW`Y2^M^(mrsvsXj4I*5TW*P;G00FCJB>t}D%mT)fT zG^}EmLafP(*@u0)Yn!mF0aEc9l2od)LDNGiu!0$BQPQ5vVa(0;a`&zVxf z?e5_BoXf!-m|}Tf2Mrm_T#3M_l%-I)9E>q_-cBDduSO3LSQbYV&qkkmp}g8~-*n@5=S1uFBrZg1;Jo>>YkB0~22&YQrR-Sk>qPU(dhxIg zH&Z@1Fg*{NeOVAaxz$UwnromYmgAADWZ0f>e|mQ?(4YM@j!P?Ic_2)oOUw4m_~7fz zh_(^~PCClXIYb0=Kb>UGFRR_q^8a*>rbiLq?!;`kQHAYgxcf%`;MkXPnF6t#Ou>`H zzy+!GMH26yDv3hPw84yzv0@ssacX*of?-u!Hmcu#JY=uXa_iM&(4-BhfPMH;whb%e zFcc4hsJK~HJfz3*`fW(4y~AZ|_!P%;SwtrxpaQrOyNYyVmv)k1_a!kVa$7Kj)}^6L z`#o>7;q&+VEerkN_Q^|&O#6{wD+-IBjDA?facgA(gkvFGV&1WUr-u5oqY_3IPcF~0 zsrBzG{s|SDh`dFf#O+fPO-HHEPCcMCr?FR;8? zd^<}-wh?ryMqC-kZ#xY{b>!N7n=&9xBp#kUV0gpWjwv^@;jatGt;fe8QcA4g1I|uT zo2do4t*!W5@FxxuFkJvhSst$U9rFevIGgWPrA?XqLQn*nG*!pua-;%G6%Az;mk2pD zT5mvTJ6@@&C2abeclDrSQ%&~jLuDgjRIIh1q`CYt_*Z6THnv*zLr2_B>2d`c*F06X z1}0PR&Kj)s?HD0L$ti+3C+WdGzMlZqR%vndrh;8x_h688LpNd7%SqjBwccDr5rw73 z!Qb(en)4PW_9ekNLi&)ecq{vclbP&}UOfeeTW)~X8LqZXl4YD}-TA`D%9Csr$acHL z*e`~-t;S^Rs|b5w`}uRoZoE0*^qSf&u+VR?##$YT(3Qmsp8)$SwHi3=DzI+W4r399 z>I{>6SM!hx6bi)m(X{W27#>~L*+fDqdZ1mCwJfR9tAD(* z3G})EVn8JTbNpo7Ot%ufMZlOqFIaq2W}Hd#fc?6!f^ZXCgZr-KgN5ah1jP&yuR3Dt zaO^xp&XFYNS{nuWf66-Ljt$`H%3+(Bnh$Am8`oZAHHLo=b8<+5njR0yBCTKDr&9dF z*KUy~<3UfQ4>cReF0981=^9FVP!$Jge3rrxEVALatg3`=Fjvc<&tR*j30p{I|DeL8 zp5=9>vZ6e5T$n6&!spV_=b(xJSKn|xt`0Z*Kmq&#GLr_!CY z9zdxVf4d%Vx}X@lWD+Uu2M$tA2&eEs11m%12Q$wH9PoV-#u~_HU79X`f)E0&s}A;o z8j<5#r!u>acL+~CcH~~K!M9BA^0fN~QS!Q4oBIhEQ{Fp{?)jIYhAjL1I481SM}C+1^<2OA8xVa_q4tM+flM|K&L!(Y9|{Qry*T%8 zl-+qk$}-;*?Gf7VYf05a>5;7DXzAZ5*beuftWAZ21ifv)4;g z&?Jl^U3of^fzDZ@p`Rt-Vnil996cC=awhNZ3-_(8${5Sjpvyp<-r@zMZnu{>ZuAc7 zdo+(6%J>MPy(h}8-K}iSmey_Rc2WIbuX*z8b%Vp!HFp8`4mVvI7$Uy7W$%(2e*-Ue zlIhVTy31Q%=_M#2hnLnN#2lmVG5lT)(oRUc`t5QgK8q2AK>p!aAEe>9 zcq^qBm0x&j8~ld<8dOaG)o9N0zaLc1|BiA0EtK|rs@=6HCkF$7^pD;ccZZv*B9Fdo zRFq4SQliT!vPq$g6PCMu-L_%_nmKYCi+&(?R*ckqbAHb za$9!Sb3lvlg{Its4Z*fI%U039j0O{5HTB3{HfYe`^3~0vNw1C5Q8$!Sqe~fxS*xO1 zT(5ek6qQ z+h~Ym_!k8Ia^YW2D#}~@dOCL^ym;)(e_ojM2Y=IjT05Z}<`ihbuMjq*!!&FCnX`Xnw`4jA7x@ z!xTow6hgPC#5W6T+5z}vCH5T_n%(V^Va?F{>TUCL zYwP%M^=jiILbjS$pzOq0Jtsq548ki(Wd=(nf9?}1`bumJZQL&FH#-#mn1+O6LcoTF z-)iWfbvBtTAGw|@cFQ>BmQMdJF76R~MAHOU|{xSbJ9Nkix;n zh29R-V!K6rdnr~>1kB$AB*caE30u<{sffBhBuH-s=Wlj9eTuO-100XMz z2L1s;;_7D4YP}y`$-CbKf#(LbLP)J+hsp_tPX18zxV-p4vv^z5kdO4i;SX$JuI-4b zi*wffE}$UOvIiQq6|4JFQi?i+d^)XJj3;?@jY~y9gOB#dcMa3;D*OghKvwe^%%WT=C?jdx?It>fgs<#&DJ)M3FWs+9rgiVx7~|T8G(*H_OX6w0xqj%mro{j z)uVKMTspdl1L>!>rW_D3byWTosJ&xrM|b^Xo4lps$Ip8&^zQ^u$Bt4KEvj?kNp%Cv z1q%7iHp7=8vOj?L?+Qk+V*t@b8b=*++^!eMv&e)cl8Qa)VZ|PT^#*>WLz}uG!Dgk5r-LimgED2QNVat*P`xS4e{{Wq*N5>Tjw~J>r0jfYpEv+qbnLf! z-szcx>45dbq=MaW!RqGu6>n;X@FM|qw)2ydi`9ri;>)OOTPUtl3X07!fmvzc^Kq*+ zNhpiH$p<89!){i~gv@soFWcE=Z=}WjJQy56epzoOT1y`1O_d>&eqkYlCVtlD5s3<6 zg>)3RmG2f;diO9xH?9QBW?xb&|9!s6-xmJEvmr83q(OL%1P38OCuX0eYF)@K<7%Ag za>!Tra-~$9U$VB;U>i8!hP@Cut?Mawz4e8Yaohu(+|S&%jy_Mb*MRpToSovBS53`< z8Z=N}Yju5|QoAHGJ=R@rT^jd>#$2NJi&WbF%#{dHD<@K&< z^6N7mSP^5n>jFyGp9mu$N$V)qR|Fu)Qa-<=;#k2kTn%9`m2aMg@Oz*;ke%8!*ydHL~Stu(Q`(uD=0fGvt#@LzuS7a z7dn!n9#;#xlm>0^oJe>Oq#D}10cilruwI)-rajvG5T$fb^Q!OC*`0y8&TaVT9BGEY zoyxG!$|lcYpp2WV7P%8d7u_j%BzDN6Q+VZrcWBZH>OcT3d#N(L4*ppEg;IXCT}w42 zHOTR9K^XAy^@krAp^6w4EktKbzF<;=Z>LNDs1R439|Qyl=W^Fe4FrIyU$UQ3xt70q14|89RkX^H<_Gg1Y(9md{dyjb-f&WzgE z!pDMD67Xl1D0i+7{w8p<-8WArl*zAxw7er_`;_(s$avwpE#aGl2!hbSeYZ?oyIX8G zM@QV;W)*|@L8|{l+ms1DPX*TG^fPpMT3XN60U3Z*{mI3*wfYt`?R=Xg+k^~C=PcNx z-btI0?kIWSsE%(FM=)HdjY94U+?`EAJ}+Juko3^WgHG+U<=iBLWfzAZp&Of@AN=;I zPYJ6r`Ll-iIhbl33qZm+OCX==svTcGbCh@o0GJA-H6H2#?_@Lff4TDQ4{>DH${CB~ zk`xl=i&e7Po_*u2qln*j^N!NI#Zv(C;mJ5;KA1^{qVM1FhpOeMd0VjRVszY9S?DSl z3gj+|KtwX<^v}!jTLC`0q4?rS=g-Z68s0*NijM-flZ(rcA>10^#v92SS#y&PWavD} zmw{vzd|w-U-#FKn2!S;2D1o%BeBaVbR?=@0n<9Y3hGYJOdO$8~(hIjzKv-pOythRr zH}A#|Czr=}>cbm8+nHH9Ud*Nko`E)Y4EedzQDwZz{6hA=S*P6Pps3WkOFJQ(4un4E zu_8RpK4K6hjXj+}4=)-O`ATwbFT^CpnnjS4q^5*GlViX0yO1_t(0=f=T~LxP#r%$? z4r!p4n_hIGYr{I94b+*cbKdvq2Neo=8tBs=+ImV1oy4&Mh=wO|dMvKa(4N#Qw8nzV z$`8qCiQU!+Z|&J$J?K=9ok~7Ed>@xkT5YRDv0dFexG`Ar>o95ttB=CCc{{o#UqI)i znYsTEa*VA1U&rD9kDJcI`Tug$89A6Z{cow;Kaqmm9LkplMtE6dd(`SRD~qj2Kq z5$X!rV20%^q_091P(@}r1B!r>9Yx_IVjWnO1r9T+!9kY`R)BpJ2`&LsB-s!s$4Q~g zs`@BE{&CGIP_UsgWXk6OPKOMIC=L|S0*zBi^s`VYBuqpsrK)z#tdr)<^42G+qYpTe zR4d?G8U*^6qGGcLWT*U1u~0zg=EBU6MGL`3+vm&ND6Mo#cqv3=d`jRN5 z6ByO%7^YH*qoA<>NvoNY3MPfY2BnZ1!C+DhFw(I2(#zGubw(^p&p1t|5)wLS+@f5~ z1UaTJ9r-cXVT@)O`VAK=Ai;gmz(_h@Xk!E*S0oo`O<(D!V&b#Cu`f31KpZ2#1!P3Z-W@82J<7ieBsu>Y7i zba!>Xx3%etc06C6442N_=+X9ez!v_BqgJ^?!0+xISOJ>HdHuY1j98{uLtc7q3h$sl zR69ks$eld4v*q7xdY8{-_{o~mqpjtmtI>4Z+xiT9i+xDNtXGZR6OaA_>Oqg;y9$6K zs2>tbS! zJ_^l0%5z{y|IN1p%!iLV-M)4lgRmO01bMpI2)|{vkd*zD)3A4`;nUCDas`4b@PPgl z2=rx44`kfzcE=iqwCxI&ACEx1fk13<1&LDn7(})oMTe=<%{KKq5zaZ#Kgw%cmvaJj z=v=UH3QEE&ZjL}>Ys{byogR2nWJH$QLKcQ@oOQ_VZ~uE0411c0eraFzoYUfYsEv3r z=kpon$(+e@lX%245UUy0D4m@O5G#WG#x!K^p;g02WD>0aoX|@d8wA45wKXTG6#g7` zh8G=#6DsN<9QN8l8gLndcX!veC|JMtU3o0h-*OC4{-z%1y|7?SQ2oydu8s;XFQoP zPgpfg2eSn+JWY8>E!yR-X6P>SjWD!(Ijd+&J{FKJ=Z(^<`PAde3{6ROXViCk%o#q- z??Bl>ur~N!oC+?{_RVg-Va__vSYsMMcyn|c*Q_Z9M8wZWe78)g*G4-1a>gGu`lSnq zjv-#5bq_a+EFI9BEQLM_6wlfOPconSOJ>57EDi zoWZQ4O99F*KtgI}11#nn&n4zo%v;MgQ6|GBEjbzodRp@Fc&c(3U0PvrI;%~?$%tJ| z?Osw=HHbnH2r@>;5vP<@2=C7~S%s}5V7NWcza}%_svDQWzXB=9!dH)rWDxlV`0sQ< zS%z%FQoVymi&47Nb+A7wABRc|(DmZ}=VmFfmOnZU;j-f7G8UhjmE(Y zD2p%I3A`||P_S{};#IfMG`&|2oPaPDyDH6=RBs%Qy+-KGR-7k+z-6)|1N{+SzGQBY zF`HU`5Ud157m=0dC%RijOeNfl#ebxdJB@q((4cY9|9F*|S=j$0ugk*qzup5h|HH{{ zwxIma9^imJ&SWUcmQ&s)5zRt#gOVKvuP7itxv8a2Q*w#C=I0CBQR2Meo;zj>GYaQ_ zlDc;EhwCo?67+9RmnRpEt%RIzBq(o_ZZ&RleOUs*A|jjZa@h=(@>a*y4W^lFs-4?) zMA~0XCELGv4^6gRr#ug;_vve;KA){}OV@Dm{H7ymZCSkYgB1r>^lJTnd-?f1zhHyk z)d(wQ5e49Kj_+Mg09GUezB3O{2tua2GhFP02?rYOYo@=wjxCq25*21Q$tO=7ljXA^ z`0$YV5i^UEL~=$aZOf!hEQMAFnAMvpl4*mEvw=;>?ub+h#7n7uywAH>Amvf)wd zHihZf|7brxgPLkGS~=0>SFswzW%r~*%Qt2R zt8Zd%#j`KjvcDk+K%HhroNdsOvk1#vcJ2{JknCBT3y{>rcXL_%K1bz;i@r+0GWKW1 zF*h+60EA&B$7943&bLLi!ra|g$80?7;*?t|W$mcGnpB!yCP8>GSV0QD{z)|xwERLQby~?f_ni0Ip0_g z$hrE#=Ph9?Xq&B2^ z#7&zY7OMvA`6*^IhP$_tdULXzY-JQr#2q;UDx;Q~t3yC=NBQ}y8a*?(0!n4U*o4;M zsakq z@696(RE{()eME32ac)pfwV)z|Pi2)>#8+3u_(a)N_!9qA`5WK*%OcDk!8tp{{`%xY z(=CgJQ!9xCjB^}|C8RPILaMS~{Z|&df=|(TA!(sTI&51)#L3Ai;t)oRk|C0<)E}T@ zydiQ7L_EhHP&!5UiQKFkkj)EU#ihlNdpo_bzqN1MS~T<3z`)% zuHKRr4U;J2AaE_nz@YjT#U(Bn$J0$WwqR&ErbLQE&(TJe`@4P*^p`7i$+;2 zP$7h~7qAg?j09p%bbY92m;(brYI1{Ja29A>VaN6F1Fa+%jDP5pLmxScXwh zu;`IS@Pbp-wZP4rZnE5uTM^r72#P4CN)Yfh9MVizT?vA&zdF53^I_U;#yAowR+;W>Wf`d>L^lDFR)VELFebZOW>tA-zCVt} zkQD3m{T7I_oCBr3kLkDrLXWi}f)uBcYfFOv-ce!8r(cP zs-ALrWu6^I*`mUgT2jojd#UyCec8ARU}ckQJH`1sU4N#5T*<6mQ$S*QT|&0u<@U|% zo=gxg5rpK5MMkcPAG|=W407W{Z=`VT%18v*AS?* zc%@fZ^5C)w;%qdt>QpQgm6DYG8DZGDYK1D;i504#mo^L0pjez?f^SA36S{3NxIjVQ zm3esh>2MG~8@;d4;cW~$x+5|-o{fdkkaERibv@IiGyZ|_fzc}cd#{f6MA>H=qP0!d zV6`TI&adqMJWg*TNk(9@vE%IKD&q#ydnRe=ZeOBMTuu$@7PBYg$gQJoTCKn_CfUg7 zZDg6g*QAqEzU1!sL~!?(gZsTIz^38F&7Kr~Xx?$ZG~dkpe7<^IRnt%Zxcm9~{Kad$ z(2PL2q!2F!c<^GvwJM?(4j&&oEfTB?$Fx82@WGh5*Qao(Qp?UkX&lqg}?})z?~_we2ch7t@cv( zNF2ON;(MFBn!nbb>TB=Db8?jjq)Ba5i6=k ze3(S!+mRDIuL-{>F#LrJzgRH4as087EbAhG8x{KDNi}e*Ka^Ut3OBoXiY2cnaCUK~ zeMbI(fgm`V*}g#GEE3oGS*u##O8CBab!sa~^l`;(b#n)EH>SxUN`jnW-#JQfKTT-M zCaF9XBdiNSOf0Z~{Pzoo1AEVuW(DX^_S6~1x+gr#ADOPMPXf4auF2Et26GFs))Bey zFPS)Eg9nSN+Q-%X!=o3?a|{MXnWIgem1Q@cJW{6*?F+JHLmz(Jfkv5sI)C;I?)+GR zj*~KeiRi4!*2h)*wntqwcj+?n{|R9}spaSim;2s<$hx$RcQrq$_#s>s&_Vt$sm99j zA5x8(>3@w@S^BpL+x-8rv}5J>ePI1&M~7psYU7%6v{%QwF6EqL;`@=pa<6p-ez~@+ z0w8F-a^pRR%t01Ff5Z+hPTZ%f54iZVzubME@2ipI{?3oZW?giXx(_69y6h7f2>!~t z7vBMdCsgRq`a<#N8H+1U{mFH&a^o-6<%UzeOXXPKZ3>aqq<c z{&GF0ek-*b5%i9Ii|^AxcH>TS7y4w}NpngG&5s3)9JG(}ATQW>`~`a`PMhH$eQSf~ zo$>iPKK~pXu3f>rVW0~o3Nka_a%%Af(h^SC?O6@sI8a#1;~;3)&}qd*?m&Endj-n- zs8V!#gnGpjPKCD-Ul5jF7)623>D&R!*_eM7kVep0f-^~E^C(|-wb8{e0z5xz^-$h- zD8u@C_{b%Z;5Oj%&}>+T+;rA1$&+i=m~52$cmPa=HM#`gcU2`{oR!5#hb+YxeXK(#-pw1go8^ls94HArp z1CruLuzi5fc|o59xQxlFR4Q&az1j^)73|ynOB%nYdDc_hzC_hnl>xcM?E0do?K+hL z0z)xnS2;ar5&HU)SnDVw`4c5UhAA*6TfIBU@V_XTl7skx)$TKc@o?QSkcVv9khpL| z@9psxNxU&7r+!xL|0Pz*Q4AB{&1BXNElQpb)x7QSn#Aemn%4Zau|%(XlLVm-cV{$# zv!$p}jqy7C{(`?rOhdmN+OVihL6vDKdH}WyWHbOk`bDL%lEV(We4EKcGNs|?ofeQ8 zYzE+uzLQS7b%Yl<#a=3%yPAZ{>X@fddM<)MI*k{pLy#%#T^2)Ki)8K(ZBc8 zZJ3tl^J&5JU`b=|+*O3AU|uCdJP+84s=`3^E6rNue>Qr&u^D$0gzCsp#JZ4nD0Q>! zgkHWn-D>Ie?0$S4-a_|}y|DRf)a2dYFm!LD0*p8IN>c5Jho-EEmcj9i7z}hZ4b%wb zhAH_C3`ibRzSWP>NksT(4}CG{QNL1*yRWNEGh1R?Y@5)br5E}}mRi(1G0lLBkfg>8 zSB%5%7mGzEN#bjCrR=X-iM%EG5?I+ooOKz!+bSJd(|>CgVvHh*6bq`z>f$$Mn6orF zSQNh|4may)d;)>7(p|wgNVkiR#{YS$VDAem&2h^qYKPl;gJ&^7E6&vIMzk$4Ut@%yUp7MA!+v-gYX;sf$g-UdJ=r3H99 z$Y9Ci0fKPJB<;JFB`mg2aq)E6YK@GDZ2A@Ri{O`d9B0+y@r=^S(N>qS8kIZuYDfH7jW1SJjG?5V&_FzOZb$Li&3rXlb@Mmp^uqWr! ztr?cZS03#*% z*@{ttOIf}>9!Q*nz!im-k$TR!rezi^%7!%}ZPxgD)?DZ%#T{ZxC{cj`nSztT%|hQ8 zp0iRLchc*es2Pt1c#?}zh)htQ)Tkz%5tLT07pkpoQHyV^v-t&z+H&URu9*n6$bVho z#vKJeP$3KxOO`wU3Z%G(s0kgh*Jc=0@YnXHL7Kx5>WiWL1GCe>+gi7NF?oTC9Xy;t zQA)f97ZpEDND168flchuTHJTFBHBROLC+*~rHsE#H9B^te1$+TYkOVOnr{z21^uZ%gN8v5haNYUv(DErPL zF``X5_ve>LnYgBVV9tgzrev8^AH$xNLap~)Ye7u9GA;o6XI9Y=M2eV{xA&ge$=n=W zYKv4c8QTRjMYIji9qi=g4ucP5>3M1^cG-5wx4iq-rOsJPFhQPgvrLy?X_#WLyI&ol zzjHn2F5k~gii1Wm)>j((-Fb0`T2Oggcjey|AyR^0(4^}>a(gUo*%GDdtzs+OXeO0# zSCysrRxLx%Hz~(|%QZI@tMZ}{{oy^tI1dgrb-4ky&J{G*b0#7v@1|xbQhJ`{MfGej#hWW$bSR&`$GY6xbiPP%4{tCG{QZC7TTR?zms-}1;9_=@qQ z6SIfP!ytCNl(P42#%MRGId8F!fBJY*`G=u3u-9l(_smH__qfpP$6ojhTM6#Ruac%<|wFg_=D6NxdY1{y&xxI=wZ zQQdGv=aq|%)&Nj!Cr}N9RqjVrw92&D>=|+nH;-5$RiT-!gPqz)FTZ}^zd;p~stQS= z{L5DpUxWGCUxocQt8KV{e(efG*~ch@`BGv|dV9{qbOZb1PpmQ`)&{YqXz_G4+7~^I zbFVQ<`UZ(rDB}GOu(bK@Ki8iq*NJrfH^{pid*Oen9=88N*Zx10zD{Xq*&X~F zP|eidYMJ~WqiV5T=aof0UF7~H1SjH#D3O*U$xwEIKO`i%w>p^#aJAW)p`Ptfi`xWlG zw<|ekA?L#ZIuE8sF3|jp~0J&HFwCHG?wuATu%c1gJr}3c#?b)chfLv~R<^ zoYz!0@z2rviC2q0waiytq+h)>GY=l{hwIu$rB}BJ#B#1u!$pr&Z+z;Ru{;D1VWGlX zMXAOL)_sUmq?FAthIMsRQ{J{y%8X>6^KM^W{=ok+(YH~ULuKV6H3& zB*D8#)O>5NI0y;SK>Y!b`hYyhqWvzjX+l93?zYXESVq)?aV9G=mbNH>Qa`n;l5H3!&HxxmvdwH+y z_zJ_D-pWG~VO{NIHt^*k*a*!g0>^g17vUhFsbB5(JBp4F%~a@tqz!09sglcij;XVV z$hHL=9w<@?qp2u8fc_T)vHpkq2(bU67=USJjdmI9}L79 zZ6V!~14Z-vqT3R8x?duS>YVj%6b@OzW;45?JSnFTMQD1tHXnsfk*WJ6(D15CJFZG~ z)xd8MX*=Z!52~L#A4XUH>GgDs`=kd{z#vTC(liFz8(G5Zipgi6Y7<)Ct?(d}fGv>6 z_$g+Pv~7E<;O0yL?3Zu%Dv|_e(HEat0T2;^Fa6S1dj>~5a=gYqn`V(zgREwp&nm}mY19DJt)H4cD~H~Z=L|Y zwI|CC?LGl0uOyn)q8D3vBeImnjt|#pA?YV{X9%uvdDkkql!URiBqKX2tY|u|aIJxRs$G(Yba(@u4!o*^) zhE5sv6<+Ev;q8EIS`oQ&zYp`YP?nq&n{SNN%CryFTH|0|a_@R$sOb047vslFzS+t06*B-QU?3vcq znp0%nuG5OtCw5Y83|0Z;#B{F!j7DioXd#2bJci&~mw{n*E=CVDFX%rGOwxpdR;)GH zx+%f{JnRcMWbZa?j9B);L;FTt_rHjcno`tK_u!b~R35~2>>Bl?SA3mj$?hXEsLPuq zRc>YCsVZGokwnqh)4*qiK@jW34CO>#JAB3yd2QZo`dRoFm$O=-qZ+e&G>WizLV6&> z&^>=kYHtyK);AzGRUpj6gPUCUzUxmlAg)ihs$*0!qNUlWUdBs7!pO`aVktN`XfTI* zY%HP$Kz58+G$Ttn=a9xyPUlrBPyL^8o5CBk5&Fl-3-F$*yiAyN#*Ct6+|Tn&$ek!_ z1Li8r9-H6!;d94L9GEDDS{k-oeihTi!kiY%2x0?F#)L9snKNiBn|xk2&9R%-pi&4? zm%->O8@67FVIfCtM@!id>G}7Ei;Iv;Q7-K%oP=#KK)c^wO$pTzD}2z?W47>3Xtci{ z<5VZ@YTZ89lLtAP8!M0TrJCX>2ug>;*tb(Vzu%L5nDI)&ieSDC$Vo*i}a^{svNP7!KY@d2p7qFeqnrDG%(1 zctnr`hDhbfn}c7~a83$f7LVoipfO~wEB(8q#j3~aCn#QyPBm#UWv)%f`sxe}^~)Lz zZ?=w*>9K^gayvnULmMB{WfAP#T)lY1;bdgi+*{+6JqorTrQ z6y&G@cT`X02gBy}DR#ToTDSR~<5Xea@{KLs(7ER~xz~+LZ57cC9ak^EOlMJ@xmLmt zl8M~8_m{58MD|k5{vv(Lm+$A3Oh7A#-zHREfZY&9l70555P|Ld!_>x$cVhqd4DPfF zp3ODeqQ?O^GS9?RudQ$AUa0RhSlm=P9GVcMp;G{2)YQ%j=dc#InRdvKu?A&&iH!iC zm+wo^&F_=qQNuiUM0xaAWjuRyH$kqbA}}(XQ#wJJIO-A+bKvJNd+-Q_f3b7ehaGgX zz~MZms6&!PoD`(Psva=uM-AE=!EQdiBN_@FEaTE5-s%X*cE4ZjetpjtrA?~K`g+nu zf6eltdeVk^#uIGObB*%}V_u;Y4+UOn_v^vkN0R}^s*bvY&8f`BDArzxfzio#4SId< zv)!NWnX{l0k_d-_Yf+z57-kDcb{#^1vOfgP^E)wAsIByy1* z%+t^vj92^J2ZTR(HTQ>vC5rgq7K`v5Bl0A7mVlIsBsC0)yomCO{+c@ks&WD0qDd}j zpNHOJ>LXK;KzaOZQ^(1tx6%cW^3rTyN@IkVVxfz4Gcl@r#8!zEcI8%YqDq9vJwGO| zHokOW(MOax$}w;$1atpMZee%#-}Z0!@{X@L>o0Ap=>QA#d5Yh@_$!67BQbZ3WP`qR znAk7^TPc_u2})u-&DoIh)Q#-HvB{PvKyqJUbyo9k9$p(~DJEV5G~$yMmpx{_O;5yr?4=Q25)TGi2#Ya)YnxJ;i)67k-n0!7ZTI=bNUx+xHDo zlXE_})hYYQc<%UAsgXIFI3t`=J#MB5lS^?_9!~bK-rH;ZXB9fHrR@-VA-a&9<$8GG z_CZWb@8gRMa(Zlkfs{g#Yj%MaxLAa7wNw~VX~c(=O`UUpk6;*Wl{c++Jw^L=r7WW! zF91JRu4kO=N8>`s#!GX6;>+Z7}4(zh~)cl4ee;0#SON%+5WCVh&wJ-yzAG;z6J#bjKKaW z^pL%lLdGuZ0>(cZifM#zVg|1!3ad$wm5fN_U`Ic#0|m88fX5XDz~f0J&8t-O7l|YGap{;E^I!rqAx=io z4e`&kUmUX^_c|%}B)A+GR>mQUVfpG@!9VkP-(rs0@jLlbl2=;fKzYk`6pB$@B=sRE zLl7DB`U>sfcYfy~m(7&>vPR}cUKO4tuQ1&uax=j%-s+i?uD{`$@=C92g*@w{&`b>g zt6{n>N=)G+ono3SFDJN3i{g8U@%5JABD;=y^SoqwRR_i8me9IT&0^8Sq$|Mcag|Sp zX#s(mAkQPO#XMpUGa7Hl1aT?%Jd3;%+NQ;yWo&6#9gMTV#SH`}ir*K_5$&C)C87ur zpvv3Y$$@*pMMRh(OKiYYr!K0j5UR5nEf$gDC5VIQqU7pnK%<5E@Po}Qklka<#-fDf zXAyr#DHRR*&XF$nbyVu=a68y45o_&$Hk0N=E2XW=E4@S*RbDdwGJPMI(6yJu(JBqB zn(ng0h`lGW3yjX@k1Z!VFfT|cPSFmx)Y&GUuMPkKQiYRRD4h(ylnQ%!%{SN>eT+Lr55^A))~d{JiNMQeCZiH2wpwGN5@7G0Tlw_wl3v;)=Jb<4 zyiEv*{c+ivkUWxW5R>+OKI_ z2dkeMf`%lpjer(+DUB7Zlyp%?wDj~k16$;4;!p6Gf#A4> zrc8*!kPZ95a9?;qZDGC-ntt{V*&~)JF1W&Ve1L^=>}NWIC?B?*vGiVPR$7XbdgjRX z^Q@aQPoTbe!voBkN8_L)q9&0rw`O22kxv}6W^K?ebhzSJ6z zegQH=)H$I9fxdOeGF*%2=j`Z-|NaMrKrU(6a2cw%e50k0Rh(Ck7VE{7h4F8wNp5Q_ z1tfzhkN0M=5r)XNrR{8zU}cN7#wHSPeT2rCZmkjIkS){4WJ-U?#wTs#K~WKX%t9!H zPL~kVkIe~uI}P=oglTxXGl*&4g}6fT)WFKzY8#m>^a|qPB;s*06ws`_vchO!6||tp zKMW_1PR42nqO5ws@dy1dB9D4zL|yYImX|wu+#WMCUwglZ98!$YYb1;3|eV^BMjonw06 zVo)sZC^;@i0e-VjMCS0apfQ?xeL@VWch9oP$IqG>rf`!dfAaA+OknT`(768Q#!5Q_ zPQLvehi$_21Rze*QysZ|_L+X`VI`D2ZC|tY9wQTv3os+YEuc`L@oR|-g0jb0Ln^kL zvj1p7?*zfzjr;woe-A^{-%3+`%m#VKnw8xhR$gY$VMvP%-6S>TM+egQ0Tn}wg847O z$njs*mh6oG>-O*^obiT(mb>pBA#rMxesw7Nb}qTgAqSIRIhcAQ%F0Pll2xNqBwQ0a zrMU3+s3&wewnGd0MzFi*^Ut6vGRLzp=D1Ysp{MJPr|4%DJbNdXt zUCYm=WH;MNQ2X+gEkmLE$CliwjoPv5w(H84uH6ECEltKp{S3sh??^DqWRCdfD-%xS?CNhG(TcFYjNixK3P2T)p zC^mzGMS#PVb_Urc#g6SAGbWLxR-{1oCUSt5fT3gA>W|Ic2HIo%!_w`l}7uPs~ zaTUq%YCQAUrL1Ze2g@ELN;ss5l@v5gh$^C8Nym~G#mUF))Z%eR{a#dwBE{S!rHzj$ zP_8SGo@z;2ll3V`02&vXOxUD$ zn)X2EUSX@(#Y?boaPX!9V;pV>oFFhom!~Dz*d2-LonFlIHPPuJyhX} zQetq{9yJmi7%d7EO?AZ}b553Xu6`;+wbr^iVl`IZW%HVij4GH;s&EZM+cfi7q?8O5xqM)N`a43R`!&Hj5NcXRWDUl!oXlS6GR z4lPs?&S)wA)XPhKjoOE>ckC>xTZ%o5jI0?U0+=FWFZNT;yFRgvB_^+LdhcN+y*bsv zlYmDQ&p<8iMfnaGcoRs>3045Z{N@VW@LH%ow z=ePb!3sB&yu&N7z!FlUSWPReKCjFDax=Lj)VjE@@=xXFOwrv6KfMC0({k-Zcat3n1<}RFW9c z5k6|T;yuZQq`lT1CigIeqa6dRUJ@q6$X-cR-5Zv2+D}vt3Re(8@T{TF8O5_#(TV93 zWm&sd;&vBsGJXuoC!f}9i3tap)y?PIl`-;%eL8DOqa_>Z8<(?guwsF&*NU;)W zMX&5=LOHcztUuBTGpPWifO+}h(BxXP1=Qw=RWNJ`4(C$=X^CX~KVe@9Hm5dmVTTaz-XfUi7pKx1{X^7wEt1 zE1IH#A%2H>8RPZGe3(xGuKmT+iUEF$fn!beV>w2>r-x8_a!}1wg!&L|iSwCuE>K4^ zz}A0+7zx|Qeo7_tVdx@3*;EYdkMH%L+0RmcZ68x+3}@pp)uoW&!0o8iFrJ+Soh6Ae zUk*?mWN`TPqGy0nNXilp5c-)p2CK#s^(>B1L zvnD!?)e#^;vkexw7ceX1qT+Q+-C`q0mW)#*}oA-+1HEYkTz#>jTI4bixHJJpmd%Pd&m8 zqP8c)qJZN&orzwMH`69>ES8MJSNPCD6y@H%TeDz^rtheH7yCiAK=Ao9o%Ax`WIvBJ zEm>LfX0sPnFV+&}O`68S=&8A*EK+v|YmR0qdp{_1@=ZP<*y)AlJ1y9S4^zWd< z>^wAx@=pB(m2O{LBw_J;Ia3G$4^gj2;gj42yOl@Ob1Y2o-kY`CT=wkTxMSRNALx}U z2vmRH;Fmy>O_>NiPl>ih-k~oetDOn@hXbHe+1TkDRLx+Q*j1fgO&D+@Czr~xqRZ&n zSs5YpKL6_MWpu3n=6!5w4khGx0dcM6gUlO9UIvAd(~(t{*Wp1fY&S3qt^SSu9%tR! zQKAtODwEuqcUbwCzr!L(?4$l6*|%FSD)ZDUJE%|2LZ|5;0Uw~%31O}~J>Fo1-VPw^ zkl;nm_DolQ-02-j?)6+$?@-PQcuRs%pyONj+^)uLM3JM88Vc8aG%=Y$m@jCg z;d@pAKGe_Sv_9LiDH!V=>>DmhAJsTazEiKHpQ1_q<4~I)6WzqxLRbR=1r847{50va zpsl#dC-aV5T=|AiQ?mUka1m(uI|`QuIuS$}<=mmROdX5t;q}C}EOKBs?X;2$`>P$l4UYcmvVzNZW>1l77jV2O0J}znzsaL%o>t2?&%wF6W^pwwwss03x zb?$g2kx@k`Ga#U%l`MA7bnAWEaR5Jvwxa4R*tG~|z1Fe^zj>%GiZXOgrMzil$X56I zu%WfP=jZyN74LS>GJt`D%}v$5>}>jY{8OL!!1#6IU7SD;#E}k{CQDlky@m{7cXm9{ z<{9qt2UUMz3&Flqw=+8luj}Rr2{-yzMxM@dfccc6uhCneu&RxvdF%9PSDhBcQlg_XS+Ig}Gg zD*cqlL4N7<1MZZ1KYNH*32`(QV=WCMzY4C=|0>;T%Ue8aw(($nIo1!<_>5@9NA*p=l+GriJJ6>AY>IVHTWun+%d$7WWIUAy^(Keq+Dej z?1Ork``gOdrv>5%?FgbjIR^v=;lBeh zT4ZI35D zm*Hz2=(^+1MK}1IgE~n*oioL)@AFfA{$q*{(NY}h65rB+nvp5w)vwQo?RAN$p|Zbv z)ny6bYiYata$#P&n(1d&=Yp#awLIhElorfbU2Egm-LoG8rdV? zzqnO9hEuf)%~&e!0aq3uJt_6a2H(8QX<=1g=DNA8P8w_>7K8?CL|@dSwWLPzJ`Y6R zklwLa2L8!$5>-Z@mCHi`Gu8wd0`pXBN=yxi^n7e*Lx+OcvC$WZN>@-fVNQEDd{0Ui z=A%T+88=w}Fvgutmq%jxbfzlV#o{=R1*ZGU0wXv5>pb~4jcwOrwgf?9JT4?#7 z#z;QQ8sJ?V1VSM}kr?SaTx(iaRD`Xpq(jzuU?Fwrq{rW&k;uBnAVuuJUP8vQ2t zH)B-hpZWEM+3?>si|=c2--WhWV`5MY*+UWP*{+?wCBF_m%quq~F6ijkWFTBeFLc54ks~M%o|6Gv0Rs1(1bX8poUPSl<$vkG%m84@{aBvo}40r+0bI!-lBV{IZr6N^+br&* zi=XMAZJJcYJHjqX)BQeSiB~p_UQKvP^>*?u(QM%06V8BBbGGbbG{&JcI}R+ZaqWpi zAAH&qDP3$BS3&B~zyKR54^Vs31 z9^lyO(l!7jf!@AoM#Ycp{RHNb-y8|^8>jz`t7#ZUf;Y>^;p*KuYqpe;xAmVGN+OG{ z`qFPY1`YP3i<0pgl0>Nv0^cb6(H#fb6}{#uAfqC=z4GHCUoMQSz{}pUGJw$mj{(poCo6na(clN@W2e`_AxaMW;a)GejfXl2J^ZhK!lIB$;?Wq;FjNj)zC zTHMvQIC=7}-oNIEAIGIOZ>isMy9xyHmLt92#zd?9oqqA6wje_<9~<1A**G1QS^3t7 zWu6ZbcsR&rJOEXH#C>i@;>7qOUE<>Y&FDQ8Vshf9M~`rsb11ANTor@Y-~PEhA;-p1 z@!7|;pz(8nrD)lzR=H!TM!8h%$HV+~RMBniG55s57Ix8dM4A-xgqTh%BIx{ZlUCZ> zJAe`Q1;vC@8Aba<6Up6i^!u4{%s%?m?yOGKvahbN;A`j}a$UhsIay%GZj!DRWY~(QC70d4vD@k|H}{k4lpoLycQKy#!mGl2lnoY6PI|(JLg$2 z`m}8u3p7OwCni@IVT#NV(KvH%7oKJV+nVnJ%^B>^V?Ma^-Qu2*mjqEPGY-!*2seig ziJLIVeT_x~mn^ZRycTUD`mdT6Ua!UGrZ6m%>PX%S-hT|x0#bG*oK19xa>OAZU{3vn zHeoQ5;%^))lNkdgh?WD-;d@IzT_utci3ysrisJqF)IC&n?Ae&|KH!=RUbQsg(7?Qa z;mFy-P198+9JerK3sixL41xO1sC?}Rpc;z`H%X^7i395f_EF&?-1J*s6qM-VeQ!4S!6D@zqAk4)cpMG8lF>A9bqGx!GR{Tk4E8Uzn zq+bl|t*$$>ZXs{mr`62EX&PUSX_;p5)RyftBfwp%?mo=ot2&%jADyh3fNf&24)Jxc ze~uxMUk~5sol~$@J_bl~U}DuZ&3QO2%?e3XMZ!!IFl~b)lYP#vPY{MCWB{z_K*gYp zjsg`LAk3Xml)^gk@I{7v?m~ua&s@C_hgLY_qVSEVG64!9u?}tlF|kp``pM0gH1u$sHi+!Nv5*iK?z#Od z&D$=;I)^0Sl$#It=B)-2Wj)FGNx)AHsO1zJS(~a z+`BN2^P0^l7ZsH^Rr@fX;u#lvBL{~yWvT7{U7Yx->3)0d`)DO=5w1U5@GcxOC!>6S zT!pD&3KIQ(5Y%P}`!KoTQ}DV6dkHu?wJKMkIZdd!R!Ae9O$ zcwU(X8_Rj*%6y~jGIY74i)M)tXN~+h+17K#tI8KT2tS*NIF?=w`7~W0FUB=;*PIG; zpZckXg)VSDTuo8(_0+ff3FkQ#$ft~mZ%xfKegu{5E~Y3DA@uCIp=&4bjQ<~F@6@DO z+XZ2kZQJHkwr$%+mu=g&(bZ+!wrzFUcGdLE9Lz+_8x!Bb{s%i^<(+F~UiT{{$et7y ziqkI!qtjuzKHT2!>`Tj4E$gP&da13Qe3)KqEwJ5lwA>L$Oj0`WoV}Uo*)?KV18vj7 z(KIx*162|jhe#P?A`RNiGYtk9>*w-=1WJ42dAr=#N2SkO{D~nXJ#LOCw!O0Bo4i$3 z?No<;g##zma|A|nAA2ili@b8dRq=c$a?I<@Den1&aC2(IZE+y2D=d8e-k#;3DKr4gb3FWusm*yjg^i$ycnum z%6}l^oUbkZYYcGx*Vcf8`F|b*%Q$+@n{9X7y+QE{Q_%gC0t;ojIl9i>YgPwtzmq51 zQY3Y%$QH=U+w$58cfm0}fxySzlK3CRz=RCl>vubm;O#(hKAoN)me-?Og~6bugb5%t zI06lsB8$l)Ol3_;f-31=c|Rs|Dz)?(A3Cg$VF`vCHJpE&uh&pT|E@lPWs}(~qPg2- z{C8#IKX5ndlU*hk_kY*^PcGM5*#Ap_`;G)a;M5Tv1jr{vi1%B&Kfl4kGiUs;6^N2K zI@qgUfnbl^Zb9VFe0z!0e|;qbi1JYgV7h5dh2RMhC^OS_eLdwjb z6GL#Bd+`-+JqxLFb9>(&-w!(xHEtLf@d5-v@f~v^U>S@mg<;s&mG$f!AFsW3F?0;` ziW*%ytB-}Jubb&`cr-RBrG+O;sux=-96PFS+hrynS0a#hFL<}Fv+{4jO=Tn+LNh5= zKh7?H)lYbfW`b)~J-)}TFCA>@HPfq$?I5L_DVQ&-67<0lOX5W(at_5Kk6yHA>Gk;k zoFDkyZFWX;{7Fj}=gsfJ((h6`Z_B}G-g!Krx16hkP?ch?-Y}Q46F4RSW?Y|5|b#3ResVNxT{+;fhr|M#b(VAE-eq8Pn(alYV-BT0V@ zUJ9|*G~O>M0Wr&v{3s2~5r9LSsOv@FyBVQTBlRWStroW|D9yln z*kuVcI6$RTbe41Vw~4&ad0-eNGaTZRWbd4WlL;6zgEOPompd%E(OW)49XT}AZOh&( zty?E2>1O4fV~4YF*o`*xzieR56yn@ky%UhA%p8+Eqv|;Qay8$L%gC;T?81sIYCGk`0rR4gxbA{EGnz=Ke8{R0cx`AnpMI?fO? z_eTdhfCj9pd~L|~HAaX#cF#&2@8U*oIf;4G@KHIQloQp|c5?oDgDjkVKz7AM6?L4hBCEYrj@F5=&!s@PsT#8 zWFFhw$Ol5C#;gy5BUi;k{yb(RkuY7QBH6n1Hj8`d5G5W3a;*yLXRpdBe7Q>{I?Dgu zbLY31OcZ7_kcU=bLb>xhaYqG-hFD%RtsG62B3_$8{mK|JBkngPo#A_n{+xfCEW0UO zm$O8}BNEcqph%xxbgM}gV;uKu-5jP##t-EK{C3V~e;Ed$Z`2qFu-4S}o3;fL_aWF(94S_+7ZMWV|x2cKCM ziHNHv6~1p;!Khyts;ZU9)^!e$L>rzh16ji3<-nt-?^`GG_Ce+@0bK51=$Q|)-Jgzp z9<=EmeXr$8LW$qMk!>iB81j_h#g%P)I76e<>l1X!eb4cGXi<;|i?A0-C>@oBCnDWH z#pO+F5US@QjG9#W_s)5KltR`oMbYL*wXNO`dlT+NaB9ln^Yc;>+vC_Aomp&u)xYlb z!zd|qtQTSUnxPRr)Z-|7Etk3bzutm;ge9}@kTHQ_?hs;JG1;zgSFRmP%v6*8ZJvLa z-S#jPQ%vK{3=Mw2UifLscGD?{^_Xc!LT*Dcj4$4(yV6ddsIyAW=04d7-RCC0Dj%gO zEpCi&1LJ!a#Le=_{5AH1GYc&(A}_qbBBf#}$In3@>e4=)FT_$zj720M?BWx13JrqP zD{b$4pM<0c!ErxKVN)O$3AMfT?V7u}G*g|>`InBiz|GQD>je<6s^O`dta z%zXfW<020=JsdnR=7$lvDlZ|68Nsg6(TZS*5AI({n|U>#fXyRn=+d$A#!9E>}8Tr4T?^aIoxRwRMia)py=K{5}J1RnIMcJk{eWuIp$Td_u zFZX2EFVQ>%9I7>6S&QZh7sCllu;}skJetqy#?VGe&`gk#Aivf`Qp5zc7lS5zC|#Qa z$yxwyjRVD*k0j7Hkba?(^Bj+3gD?*k+7_ntw=O`fQhnUziL4L)C6GS%g25v%Ruc?U z2Y>vou!3JY4+ER*>RhQgquL7i7-Lmj~3Ycp>kwJAq%c;nwxaT4N zeKOb)7r^|DmA2N5q73qQD=vG>zh0Rj1?s{zxxlXXJJt=2`O-Kv&mBhwU^E1aG*S(n zp&tjWbJ9bCL{d@YG^UM1bmL_bkTJa~aSocCerKg0#y@#3VXe3R;x7Dnq&DQQ3VJ~F ztw@!30Lu4%u2O>JG;c*rYD4U-nocr+`g0YG)UsX!+48iUK~asgU$u3UHUil%aVR`e zIl57T$@A~SQefMew_42KWBXnFR?lvw7+MO4_bp6rY;N5Qv&CsRhj>XGc8PIi z07#9IqARV$A4JcV_iD5UT)*&VQeF1prFlw#gY=8P9fHbKF`l?&P417P@FcjnWY6Es zgN}|-yABs&Vv&})tT8b=jrGPlb40|Hg@qPh*F6uph!UZg6tHt9A7MP$K=QLTHb_d2 zQKVBH=FHyUct{=;x*p!aNmNWoT4;9He;as#A>8-l^XiQR2bx zPN6lV;-=4|*sn?e-K8Id+vU_|SRncOlZK8eztXO<;0o;z5{dQNO1U{UGn0t(FAKP~V1&?T%tx8;% zzuY-j-G8DPi{hh65MP__HPlfN>sJf^W6 zN_kRC;a6kU;O$2)_s(EOf^e5@J_Ru}4Tab3oOG^o2EX}l9p7YsgnpBiXeoSyuJ04> z0)>E?82PyT;xGsa=eWqSfmV%fv*0$FPigr9F?+6c`A^CFU#u$@_WwC-e}(hQezWD- z+b=k-R;lA!DaZ_`r(N%Cvv3EHP0d~<(~Xr*idW;iyrrlcyCNQN7Aq^h9_6v zEfF3cE{lDWF1ePn`mo1A>;cUrukE>DyY5c7^hz19ht-WsaDpp$$soLTK1tQ4P?PkXr|tA^t7~j zs_ubvl2(FIARVRyPC;^&5|uT3uXQ@`etf>Se)tabOXOrGi&2c|t#~p%V|t@&qG_}# z{Lr}^MzW85$n7r*`uk;?86fIwrO=dPhJ995V>sQ{o3I`gpw3nbM)aTVx=DX|su%0I z)Y8W*bkOi0W5!ty`B!c$8A zfZ*VMY?;Wf2*nXRL_e`VkD79wfkaA3+%e1tjbqd$&fw>r@D;UlX~rK*>NdO45jV_( zIY(RBrIQ|fo2pXQYuCzUUuB+l(|v(6osp0m?DbeMdo!b6eu?-%R*y}HVw2}eekd_r zZTy*8>5{R=3U7arYzTA`;x@og&$mS6w+DJth9R};L<|%7W7L#$n+zB@UUp}xBj4Rj zqbop4?`_`i51ty69lW0wA4|S4PkOO^A-#3Slb@=$rYePLI12TDKHd$|qJ8L*vs-(= z0w^3M#d}B0Jkv2{oJp1oQhm)q6q?MN`ky-?HsPV*MQy!n`?l9#B(R;gu5kla;6R#U z+J%!=fqJ>Ha_%M9RZPP3*t>Y)1~`2E_=OPO_hd+BkM|U`l*t{lJ~K^M$8ODZhn>+s z@y1m~c!j?lFjZcdWy3L>5ql7Cf)S{I=M~lh-mg`ayh1p#0^Rfay2;P4@qyc;sXR1x z!k~ArOlCtm37|aF#0)G$d3mg-Vv^5>h@+ud4N`ABv(HVXP|cj9K1QCr_TT zsS)ye+kG6Fs#nQJ7HR}QIbv3H-W?O!;C_xiM~O45xS88i^XCK=aVJW7si6|WNsQW( z4;jIb#?eXGu{@qh4R|WxrN%rcE4EW}=P5>p;i|#++k@%=ywG7V2SO*G0mv9vq5BXC zk`VgI)OP)fmUY2`O%PFm_d!Y^I$%6LVI-Fd`qyKB_>hqZuv0aUWRRk4f4q9T(PBHv zg21pZv2q%~OVeSXg+50ZdT=FQ|MBAfV9L6z6)BUTckCHYwu=;v;>d(Whidccm^Y$b z6J1t?p@@p(knM=PW6ufc63MkD^kFqfYCM_zWfTQh8X_8b~yld%IOYijRD}4N+cK>wRfrJyGvXm3; zmODQio;n|>^hOsN728CSLGDdaAzeP;ONR56WSe+Hx}1yiy)tY~&)N6?nujVN2C=tN zBhc@Ut)`WNfxJ3fCaR%PY09*(c(10}I8A?5S&a!nD(2{DQK4)eqzK-yK-6`vG(B!$ zxNFOBukmcIeFY(|r;&nFn`--W781yg*(c|-0CxW;nWJ3GIo^fH)>a=E!$_*)vJYvD z3}_h;30ZvBS6(;NcT?>4-61+23UZy|TWT%Ede4l7%QgK&iJ6M5O}*-feDR*+l|zgE z9&#v_cTPeL=U+x3hP~#PI6X=!f>Dhs4~k}vW?T_W4BjD9rJnVV`qAdTi-8C)1OQ|*K-P1h zYw#hSoGskIE3a=iRx1G7$I}`F1?e4%^R;VziZ$vCbJNX=U|X!0A#Jl3Mq z31xv@-cKWYg3KD!Vvd1{Dxu`ZrGHDW#XIETcGKdR*>J4371>=To8T*J8gCuG(v=74 zy5PHSJ~_JhR+tow>aDImSkeqShnsDxtvsx@@Ued_SMLD({E?LiDUhqhN)UmD-x z9benk@i_!9YRZJa(Ss}5yHexpkG!sxZ1gDtr?Z?MWn^eus~C>`>w>)p+P__iw)1q` z3=@gj_S)WP%pM8fIf?zdyXMFU#r+(re{rnPtop>X#BNJsJ)=v@H;AbN67rC|Y;G2^ z@++mFn+fZz?0Lsaq=n!EMjY7M#A518-+9=_ko@NCZ5NUZ!^BnaU>z8m5K0okkS%yE z7TkxU7JIkhyli$7Vrbgv&&cB zeLW|SWf;MRE8GhqP`Qb+IRFYG4B3Vbq2X05GH-DKUr8Fii0uVe}jod64rWA^|d|s)Ii! zlY4%!;*g!2LbHZAu6ZdJtRo$8TSutUj;@U-`OxY?5guD#MfEU;4zuUa1A}E^i1`@4 zrTG|dKLYs}fvz3i5fD9F;T-85-(d#OL$rVn104ouo38n+kK(~tRKX0%Kxkm1HK}>= z0I_k>Ab2?9KcL2lRD&zz5d>j-pF!`Nc4}NIVmoA;tk)Z8Ma-AZ8BT}XBOuuf#qb}; z|4O6%|6I2t{oVTDdFn?RI|^Y!jRIg)*dKb1NeJu&h-uj3>T!-D9+NWXz1lUsIR8Tz z8ys#;FeCw=`vaTwgPZ<`7GnW${(rYn%m9x6xubGg+x8!;3h6t~fEW$S9F&PZsze_K zEtsd%cBSbo3GQnSJ5ske1&<++x^)Zrn2i9{|gr=pr!RF$r zfAS&tj&`If0IcRv`$Q&MDgRa9&~uBD*Kozt)EB1M?nf^QL{pA9_YytA3r zu0rJZZK;O(+pEQH6lkw^q5mtolb;v$;&Sf=baT!A!u@SxVC3xL9p1}ahX9&4n`V|1 zHsazVO~Uqoo51V2jQ&zAEzPkb6)eSg)XThAn)SzmV?WmBpvq|g$_%rICn3=s9Z znQViVZ|pjwEL6!u<+3Wm4S#z$EztI7ZXa=&F1@@9;Uv-r#;Eui6=BoU#FakTK`kSd zi;p`Sk1*e-%fr>_-O-6Vw~IG#KYMZg#vd^=ksa$@7J&HAa7c^)}`i2tUUtV$plMc!UHa{vNf^LzDn=LI~K303l$3 zG>|hZv{9OIJi@CI18p>lQs6Q*zGWM+bLNV?#Zs!KID6T@tH8flu8iG&AF3DclrWO)GP z3|B7mTMurgPyiz}gR{)!{opP^N`0azpV&bx#@`AoJ&j-oGt7B9mTi`aXZ$HEI&pmnRj3)qpIt9&AAQKE>3lA7 zT`x32ZxnfVL8Dthba7y7%_BL}0ew^V+c-#!YhSmCPra(6YkiCW7AptH=cJRbBT>vi z7Yxn)JppC!b*q{?B~y!Ct0U&2ndGJyD_)Uri89=yZbwHyr;D#jU4kW0LBKvF0W!&i zeUG1LmkQ?vw27MdCGeA<8%_{*tUZOK8x;JkSNxkGTLCi!zN|P%orYH+?aE>?P4=gVk5mcZmA?$Js>>|4iVtt?7}|r8e>iyg0y#S zaQ({UJg-<%0<7qX}r!R;E>9ZvX&!_Web#eG)3Wd9Yn5kp`ak0p&wk%wKW6i0) zsw^rxrK0#ZOUIC;@r3o@mi56X%kgC*8gKeIXKJ?hRI7f{cF-uU(3t}eUacp7Ha`ivG&!?<)n=eQbw z5a-92Jd0AOc0!KGCzk6==j*domrJ{0R0&z-xDdTBj^JTP+f`{9wpJ@B&g zw*j>ihJde@Xmw%DuC0JC+*nQ5G8)QFfRObrk}!YG$h##;q|EJs<^*Q4apPn@n7wTX z@m%$kmK`16nXzl*m|0j#ufXNjxcM|ug86AY=kEDEbFj&=Lpgn^2UctGVjMO=$#j!! zpk*RNJ*Lt|xD~%(?c$841fgi4r=Je~@BTkkEc0KRp#A?`tDiF=#&c&#^_2Ax zRwBH#mdW5elb&I*3y_qBf?t~gY%TSR{~dz+&w=}HZ9RKk z4g}wPgTm2meoN82e}$uHmbj*^f|yiEyq9(fkR13;La;n__yu1td?~)$Q{jB8$+!YT z1*{Ss|BNAJWot7z@?~wEq7h;b;{_xy6kDV=vMUsj(h;_htgd0IW6@F%Nh}3zWoH+q zGBxMNA)9JcunQzsWK=-6$Q)Ck2nbLTSrSvHCQ0gRL5e5@fNW}?w$m!i{kYStpANkiP96{4^ZK7XPCd|hJtj9rb=#4FQceD_XMrh4L z;Qn10P<&IMxJ*LcwIGG?Xf~SEio|fF*5ONo$`g_Q$N`2}L^u`L<|^?9u_zn_zHIgJ z^h`3!h8*FZC0lTo34lKAUgVYuBih1xYRybl7}!GUIp%lX$fZ}oLA)qz{1IeYco4rv z0D2nrF${2W3k=+2l6j%PvqBjCufaBb8CiQN*jWCslDoo{PE-SnPfkH;d)Ugdt;h?p-WUcgpV47qs;nO)@3Y8RA!td$=t2HID<}5iO zzgb7VN#*x8>ToH9(oy*Pz=?}B9piV=XvH<;;H5{#AgEWS)*!$TLWhtk`AQsiUWG3U zB>p^|!hC2D>UmtvWIs5sd1DiozrdK{qPA?CSPP%7T zW)tE1{;Yp~eqU}z3oK*@A&3Yz>F?G6#>vG&H7DS2vmYK{r=E|)i051fky?d&(c5G} zDCx?k5HpRRA6E^my1jX$#|)KWP)VoYcD*gBM}Q0^RDH3hBsFoja~lN#qVLN7L?)uZ80lLOfre zN3=uEIsYhi{*0q``rle{s1Yh{_>jEX|DC78XdA~!jYl~u55e^B7yy|>GQeHP^6Djv-4p%Cu(<{e=J z9mKZ#`Ju2v6?<;R-rRBOyT_W_6Ms3AtR9PBBPdd-6ORVQCF(DD#nWyD%cQE+y#9~}yc_l>Zv zC>fghXuqPBZT!Bl#cZ_P&J&k+uLu3RO(3o^}v_W8e7Lrob$fraK7nh%lB&;yALIuh9y8PkvGEvsQg-Df|zI@hN%_lb(?O#E-L+_v7gPa^LEF2Na3Qz!1^rns+d zF!p7ySa1mIRrZ+cBX|}D5p9WQUBIu=uK3m@&cgIxrO5!c|2cJX^^b4ye{!y8YmuH!O;|>GNreML?o`Selk#|GR!nFRbeSlKh`rA9Z*igBq2b-Dn7ev&{)a|GAiJBG z?$vw@zMM5(?wJ0%duiuwg1Xx4qc3r zDG;p|u~W)!NoQ)dUv>4Kbi4y(**JTi*5*J@S0rLzfQBrTP#}^Up;Q|?3s^vB^Qdo^ z_IjhzL8_vwZ z*o<|jPylDf?lg#^7Z@tQU=G73ut$co5Di&=vK;a{lumsLGr|PekQxnuDP8-GjVfr; zt#xKGqc%0#rh5m>L7Mm07r}RiZ#5hbheY8(wD+-BjwE89LmLKiC0mX%eM4|NiC0H~g2cUPp>Dfi&az`Z&On!xwMSfCs*VQRr z(-?nuSyfF?059|;$1NGns-ro2v$=m`ly|d8=R~_FoHAY=vW~7zD%Ox%ZCZ(>u7;Db z8Byblp`;|AE^qj22*!rnxzH4S&>)w-rf$PI{If*xrd?!Dm&?F4(Z}2|C4mEEe&p^7 zKr6z(ni;z^Ef@`kmsH?o6P+--M$$drnBBdZxh}z9I6dW4)zNR3*8(n2FYFK&af6ry zY%N(=s2Wf=tAL>ea}FS{5WY}^_*3ZP8W)4(4H5>?1#F%{92wfn^ZG0)M&pAda2KWb#qqIHSqiZh_zCawGUo!8AJni<6y@rr^yIGFLG?nP-G1ap--Rf8jF&7l~0N z-!aAiZq&2WxZ7IdGV@%FArVTrtz-pjRVdtJ=3s25u5Vp@-fCfn=&Atv0^~WAdbtLH z4V>dlP?@!6S(19$V{jK1{T)lMDmPZ&%IZs=SLIi{%PC~-M=_F$x4d$1K0b=gMK5?p z-zT}z0?G)9OqTvG+=Hexml5J=)Xr9jwtiMTFL}%`XL=!F**T!uoKveWphOFjc_`K6 zyWARI8I#hx!k|>jIa_CMemcC;j10m8u)o`yoL_%xg)24DMdu1XhV%+uvd%#xRr>yZ zG&ryWpDJ)q~ zSZTlrdG-ARl@KQBs57DltW}7A#`H^rTycE2~SMMD$u(_Y}t-m?qjX~&lNY{X# zq=n1d;`SrosQg`pUWKr(-^e+W>RPwt} zDn4u_YcwE43TY8j&NLA&EaXZd*~p9o@SGE3*>QZG+E^F_va=og*k@%bd1T`28x`St zPnFbnm&XGLf=VRN>W8XosfvSm~qnmwk!7Yiv%Z zQTvwI<=$Q_%*IEYWI>5D7sKILG$kt)IxCmYb%LvDVRdSCY9XozQAetPz!_Yt`-hB& zBziD4^A1TV4Oa|p^wxfws9VLD(WG)(c$OZn?6Muad83b&vdFIxS_kQ(POLAVm~o;{ zDz-6Ikbet*{hz{OV;90+r(5VkB02zJjU-LNhzrtltx>#jWthVzw(zGq6dBg%f+9Uj zEAC>@**dqCzqxLOkQBt)L{yKWRL__k;85APYg(?G`Y$F^7W0W6$=+(ufO*G?Q|&}Q zX=Xh;h&n?nxg-R9x)Vt0{Du>21d3q(ma3IQa>)~rK1o|Y>B)&IowgrkGwQ5_gj6ZQ ziw5YX9aZYc2y;qJ-6Cvf!P{JSFT^pTa1S%)!C_!2lsJ@&6jRs##D+By^{iJuuZgx}0-?Aepco`VA6Kf$lAkVA=ALsi+?wiDKvgk979IOmxg| z)PyP^-!DLSwI0PtjtId{#CD^>=SR=xx>qLH2hmBVW>mzF3qL%1(hNf`m2E7rd9s$b zC5AwAuH)3<)^8LFtDWbn%b#@@c-&7(0{RHso8TrCnNq`B=RsVHbUT^gs%W~rg&fkWQig#}%5=>Js%3b{qxTiQ+lFp5uCeZdG*4F(n21wITsWe(p6I261()dYHo zC)d#BLo%B|Hq%3H#kVV1S*wFpouhAf2>rdH<^th(h7OV&Su*Ar$7@ZpS^#R{NBmtK zSwTuTwG&s4Dh*sCzZ~d4c)ws2C$&1*?j_vZcV&=>5`C<(sdSHEGWA`T(5xXenf0Z2 zc-88woN38TDVUSek}oNCU`jR#-R`0=EO`Rwa!2HEm1UgsdNGt)jLa(2zqOH%PC0*?CGK<& z%C#*qYMSw2=qZjkQPHE2UpI^#Q zI>RHFu#nI|grWf|(ehyt;(+1;QI3^1uDU-u-`UdC%dOYn?_2uX`xChf-y_05KD->L zWGyKAt0zffB8$1Ag*%U?v0Z<-amWIylYIJHCK^j9+LFs|O+9!5y0ejf!MRj3!_xL& zM4fHHj6~mhwSRa5bhhb-_Lx(LUNjgYMi6VEla(m6Pr5{oV1EpL>_!kO;r$-Tq8_2s zgFi9}+fqW`IvS1F!8?lA5HSq>AGftmswW=gz|M9xH+$&1sb)wykxktDu1VT&ZK~d- zWo>Bjxql9CvL9?d;9rMh3C_^T52!*huu#ZpkQq+tdJkANcEyZOmR%>ywB-U%O^Ia5 zG3>}_ZxmEWw8B`iz8G2@l;hbV>_{1Ai~=JT;W4-gJv3jpl1~mtRIjgN#xzDYq*bb>@scSeA!NLt#95y-pMr`7~M5wOmW#)c#^9t@n&t_+zV zLdszcDyyzi+8}&|?4LI`jFxKwD%8I_|21;{6Vu4X@jpLfo3*$9C2)}aUknOcm02jm zfS?j`_)F`v-<_nk##S@s8IlVnCk`@5TuICfzCRf1VErP~s>ytrgd76(E>G-iJvS;{tZjN=i*ZoqjD!qF4gigEiSk6i| zyQVJ81q>u9?d~gv?ClXfv%Z236|@qEUBeisj;7Eb7+ZVwb+`3DJ^KT?IZVc8+(8*L z$Ty>B4Z5^o9(reZHAMF>=M`-&dSLdorqVEfdTu2jpU;>Rww&8hyi$!D`FuFDK9}&* zm^hM>HW!&^pF{)7%n~m;7b4!ie9ZGP7anpd5r5jhS<`1m5pQbww-BDen7Z<2y4Qm~ z>a>fHCS_^myk@>~ywzX)Jr-d15C;`5+Hbg)2@H&VO0;rMv1iBKO;IwcS6+QqH{mQA zoEUgdh<7!P*lBTdeCD3xtg=1SOq+RBN28YkD{MK+P#mg7W!6v5s@+{3B)gxsZ;oUP zFT!$!ueYm+=yq&*tOpafR@qy#m~d#-+uteVTzD`;gKWJy4F~b3Xn*fh=g&Z}8AMOT zyOu8$oc2Dxq<6~35$)KIAZ{_-7CJ5|J^Q!PXZ!`QWPH2+Wt}9_lAH#5qAoXcT}_o0 zZO24@EzU|Ztx2~9HG@U>Mikx1I{1vVlS^qB5cl;_U!PO^ZKYN{6*6wru9Iz!p_5pz z|6a5~x4_?I-Z59f``0?=$3FUD6({tsNAP3CXH(7*tQKC)gMIWx1+Vl1aw5ql@C3E& zvHik#l-hl2u$LVMxN5m@^BDdz z8@XtabN}gnxpR^Ohwk$SDT7S*dob0{ASsV*`^ zS_6q9U0=r&gNze?wpJ|a2!4p-%+96Rv35+g0Re|+5q&H6+@So*>nSU1dpUww)Zuo| zLOwwOlQ4qote);^{s59oVltjDaVry7oPP7fNK#owPl;10T-f?AZ>lUGjf@?c%oszj z);=qm931Ib=PxnfbKrj)Q;V&3eNrhcxh&ZZm@4ju^*SdZW2m7u6tBq~vd&4RH09!B zMMWPFp{!~-8IXm2FfB>O1tXMImy$eV2Mgiz-A&*+Di_bCLhLaTJLS|16@CU1jkhZl z>s7(D(Jm^*ziQ%Y60Zz|nYNaxOCj9|xEO7TNR)#V0oDWgput_VWD3DTl1NE}TGF>h zQ>W0Z$Z%8Y0OOfL*=cOU2223x0e)!@^SHZXptIH15N#K2Kr0zV9Bo#gU`TgAJ~$$k zE^BX(kChoXZ6yTcot=i|$y*q=23{POYCCj(jH}pcMH}~B^unG$B?rVCi9y0YVjM!jqb+k5loapBfj%*muBAtC z5cK$qKU;B0foyHq_3Mvb`$pO8KC<-*T3ynd$@nen^V7#14W+#8%Bwe~S^#V~Mayq| zbCe;Fu*7qgBoINjU%i}_?W)lw<(S#FIdtc8Qy7U^C6|{?xz7 z-+OsDTK$W6xEyXJN6&v1TW<@?xNfN09`nGsA3elWf1%>TQyj$b*Ssvd4OLpSs-bV< zzc3+P>HtsP-DhCoG97va!(b$Ai@y&uoZ=k?33Wo4HDoSzr;Wz-<#Ir{=P67q=OeZB zqj7@I7%tDL{I)(V-wuTERIwPw={-KO3|GssEZv?heClPv1oGA^N}y>8j=Wmzg4k4( zBH(CJ8GKEuvvwcJG#sMqTRrJTo z(gzMg{K)+GzzHdNP8gIRJZD>bPf2D&`ERn2xZK7YBqsgh9XJ-Bq=&4Y$$AhxHwY_- zXjVfQA!s;tva3S&yCoh(BA-*Z)!kE<>?zTBCgOCUxmT4?Xtu>)@=8=gF}G1(+$m=I zJFz&j(FR1pS?q_2>@?05j@|iS=ldw8%2(n*RQ(3%M3fXw;4T0u^;L_3c}afv@R6X? zQg_RW_#qx5vJt_tXLtaXy7xX$uffh9rYZrP-R|5}+|1S*AV> z%J8dX#TC2$(mF#JSq;7#WAnmUjf&RE%F=7Gg5%gNIa#bGg{e+ z&hS~fkjU@IhX$Q5k=#s%{lr!C`q`I%xNEnsBh~Phx@d`94P!=QlGtQ_MP3at{4Ry$ zlTGo+O}Ad$Ku`5>h$E{T;I@0fmnCt2gOat6f=bJ(JTgd**snw|YVF1gegmp7Uw$7d zTHTcg*e~k^R3AGf4tZ1}MQ-{hkCkPkd{Y-JI9xWc{gD??@MA*}=f}hPbd14US)Y|J z0KhkT>SOqJxOHs7S%h8bSySUVgWh{9jZfSxXk8bujn&}y@|BCC)H8EVyenh}(tpV- zHNh>V^R$SN0eFJk!d{I>MONcBzzfF|@3}d(QAN`#L`_f~aR4Z&NumlupR82F<_MSk z#?(3X3bn%{;84q*Z{-~plHV=#0tU=n(%sq94W{KefGSr@Wl8y?^n5QX#}zJOC5P$h zTQgZH)U^Gf&9MrGvX6XJ&0$T8X`(KGFsgsTQOvULMmP@SiHy>a_H}* zQdOSUXBxP;f4}PW>lG^E?gcf}(s^)+Vgj}1Jx#aOcGPT+v#?H5pz`Qzh}X%!d~9J~ z`ta;96V5c^6J~s)GSjrQjezKa7F_=+tmAo7#_}ooh73C-eF;GR;s~X9g?)v$zZm_w z0)aR>AO5*ye*59#cgJq*eRi(7LH8WX<;eEnSmjEV4*F*YLGcQ|&5!@A2dZrCZ?zCa ze+$g5uaEtgw){`7B!K0Aj=Bv0BP?yU{a*<1Vz{dIu80(uosP|>u@*Te6ca~;j(>zD zSyIuK=A^C3UI7-Ib7L*3WVxtdAY?W?_;BYhN#~o!(eBp9-Lyu7U8#MMn-}Q~uJros6^ni~}X z9Ubx$?SH>dqC5~W)NoSbb$0ZGS`?LE)r?lx4RpaGl@Ia*_mqI-kn*U#*SGw%GGk+QR~AYN4Lj zR$);5-KvNz2_s?;%n(ZqheJFwHP&ZDVOp<@C@wqZLe>$XB`+b1=SIhKTMeR897!oG zPGjyh+C)s+&I^Yzh*Pq~WTIg!NCfwU(ZP)bx1GmyX>L}DXrLjtEOp-i5I@mY=*9aF+4I>ic$ zU?$)Re{(48e4YP!vK$`$LWwv`Q^f%KI`uf;ln}+!IcS(XwJ)G8EA+ZCqWzt2bM-3y z@q*`Md{d=?+}uhhy>{ZN{&yQvs>jjB-*K8_yw#>LeCVD-RMlw=iVj4NR<2fu@!uI5 z@&%Foi zIUSiMr|RU{{V0mDHdwr$(CZQFMDZriqP+qP|M_PHM>CgQ#^aaPnnSQS-S`6N33*=P)} z9S}iE+C_brPk!SUq~f!p6e2!OD~Zg3K90vLU-5>1P3Rsgv8<1HG1*R#!Me&W z)q{KFf^#4W%m>zCQ0`DwHCk*e%?~RR$U25;<{1NPD{ zZLvpuLqvdmLy*;N?g{&RT3^8`V7v5TN#X)~yFKE|h8oF)RV$QZdp-=9%T(hoPr6yT zDG#z)(-m2(B82pKPK2uAD7Bs=xc=csW-Oe}N7~W(DXAr>s-dG*7D)M&7D#X)C?;PLl4Q}^Z@La!$lhCwn$#cnpWC>zIl zQIqNtu~?nEYqetA%nPA=s|Catr`QrG+MWo&_%r<@4|k2fTKD;?F6IQ*4scm{T`|^c6`5`yA9@66Fn0a!lt6x7eC;( zbIdott%qtt=U!St$$}j7(RG6HUeF?3=Bd|g+GqQHc=>#JObraiFH2vG|Y_FBw7@Iue9S@_z(*W&9MQ-eRflDtOkMVY$zBv0r8V0mBV z=jpC|Xv}t>G6D-+^w3M0j;#(>yBn?)g6LRaEIqrevTpC|`Ny_UvYm5u zsNn1qERp**>|Lg>1h#Hz>0=l$^K)d=J^^eGI`Bd!7Z>5cmy@W|Tv3)gTFQslv^aIy zf;10dk5WEW$4vgd_-TK`V%`++#a}it8e;wC7Xd-O3;pJ}eh3hSLFBoI^X?BcSi?VO z&OtTlQCuJ)%10=_;UKYl{r(FQwDgo&Q{f6q?+k6D)e;h$NScZ0t=yeOx&4X&G2 z$GCOXHFFCGcAGGsgad(4N>^$}|Mz>^K6Gg?a+8?@B)lAf1AE3R^dU=Y)XA6kbM$%r zovS!&NJbEYa}|p$QTAxGCYSt_)2)ZvS7$oJ63W55;MkCdxRj(#c zWFuKd=GK?@ug87lNN!Yx_+}t(FjYupie9ZBM`s)F=b?1pOAe7a*KSPL*m#SXUXQ0N z?42I=tct`H_nC&)D4fw-b=JSh#|$^=_D=^8`KvYtr8Wwr85~`#f9~fX4x2im5nFh&hGR2T!-JdLJ18XM9qP7@Kv1`6QP{NUgDn_g zX!V4RWKb{o7V6X6sban-HQ zE=M8W9fv-D+J*DvES%eL5Bf9&+Pgs~l_OAw)2c?h6jk7{MQV*iF^wo@s%dAa?<({z zwa?yp{*2$isd>FFr6GYK6|1?{dHw}ylO<;gRs9&*ClDUL(iXY2e}ZO|nDs&;g+_;q z5ZPLZO33Gzh_-VvT49AK@7L>Le3LumR~0Ba+#B{l%UcGk_wPN7XTa+1GpgEZ8R!O` zwq95F7k7dh`(HKWwjMf|oX5{^&bHacN1yu23F_|tLf6kGTM4F-0#(4Xcnwd@ZR5l? zpeMsByWEp2$qrm}T%&D*Rgkk^iB6yuvWHFA;sn4;u28loFY_n{e5(uE=?>rLMq(16 zU6dS>TU=%gb92}Caw3X-&w&S5%k3k~3!>I~8&2F^0cU`Fx7~QiH#LM|YLszB4v92* z+pM9`I=K-_t`isCD!A5G6Q9Wmy`*7`<Kl_b{{x{&(i-_HX&`f)pY=6{bJ zmm*6>B)-$F+wPag4XeFSOwkoy-j!FeQVVeHclb;b09;IVgbD%dCp}VFUGF!xwqX7H z`$0ZBUhUk2bz*2;6e3c2*oRIucZ4sbrwTMS?jljLjp%1%x2X+1urYAOrLkSUNgpM< zsEp}5x$8^}nU0#smtypr={in#3{^cHZTr}lpNqrbExadEq;&6Gw*Da@%|f4NZoiXG z32T^hUOh0ju$n5_4cxT`<=@n63hnGI?G8ixCnU%(Y!{$}H-h!rJO9o2noDFU&EiO1 z(PI8RC4=5*2=Hk&scI_SF_4sa`tR2u*aJL19Ua~5haaX1nkq-R;|rl+=otOpxo8B| zV@iZ{2+}aTFjM)4xmzdq<I_L>8*sPZr-#YY~xUI1xgLc-`af1wwu5$%Ay#YjII%)9e=-uWy-%|JbgX z_4{8Im5ew%DI==coyuOe2f)jTvYZy-1BH`4P8W3&$xan@#xV`5)qo!)oOB7BQttm# zbQF3+SU;Hr4sS+PvgOjbj&UT(61WM7X|eUWQxyD}G2mh)19J8_F=0nQtM$&TOLjUrAx z$j<@g^vFC0o@}80NqVk2l6)Uqy$iP@OPT}-?bZTS3$-=QwVh62yJ{zv&x@K4I0Yhu zHlZ?p?~{rLH+z&>!8R&BPWq=%CU@#AA?CD^8M$*!^;C zv}@U2bq4mhBm_ZmRImLxt(p5)%Vp@xTTK%07gGIOghkUWdoD)iX4)U_s5w>ygMgQW z`iFBm#-^q$wM0Yps>8Km!*xwxdIL%c%!Y-y`sB5favHkZ#B7!ak@P`CVVkU-)_0gb z=FcA-1~AcX8y+b$r2UE>m}ec(2)MStI)XNMpv8U}NXOLf%a36Gz%6~54J9T);}$FR z${zRn0ovSK$rzCjv8$~hyiK4?p)l_nT>#~smhfafwcL?^WV(_cK;4%bObS86{5>Yc zXY`H!9W{V7Ff;ieY*G&NMpWRqsqf$%mX;RGFyFWvr>@(C;*G~hJQ`<^B%zi9U>7`y zx%F3X(B0u-Lt47(mAM>tP+hRbO>bzCK4CeqWa;f-^s6n~*p!Gt|BB+^>(K=X>B$I| zMD5HrRE!tbf-ues*qWvke&^oG)?22mksk7^*1~p*rA%}kKTBD6T$Wj=V$Gd|W3tPd zWSwVIRgC;#{15R18sB)UY&kLWEG*>EVYv&48=MEayMfD4zPSD2z` zM`r}4s_FcTquE%D)sZBmbZs@%O+iJ)5R%F^P_?*)LSEqwen|;^VVDvQofn7fQHvD4n|NdTxoD#i) zbmDG&BgJFaj=H)&Q$t^4P91Q7M_-=;3GJ0LinFsDDxKRL6 z#~8kEvOv`K) zX*S4WQ8LKN&t693k=*TA776{yvam>N*>A?-7IjC$dVBKcUBl1gXVs)Xl-KflPBNOL z34~wS-Y37pIVocW0|W_3b5$I{0X`31AXR|bb;N&g6e_dhV5(x!)jxV&I)LP0*JqsB zW#x#Yr{0rP0{`nJRCk<_!x|mK?uUr=tlP65^e(b_VYLwIi|LJmXPJZ?* z_Y&(*+%c;W5{xCF$$Nl%q{TIt?4ps3Q_64&oOv^GoZU-RMGQqzNd9FW&C>Vcmj zZ;43aK8NSqN9P867C?7|J`8x89@@k1-sN{*>bkScy6H8Z`!5*!GOlBsW3UUfffUoK%2X1`I0aS0^WIST> zL|r4hbO?-G8?7WCu%0t5+&_b!Fdq?j3XhWcJ7E-9KnbWN?3y3%9&{zh6N3?`G;M|k zsJ}@xiDl3Mabv|iIhk6}MNJ`&mhH*Yxcu#4O!2vD#oDSm!3p!*^8s)>K4_7SA9y!; z-^~wz^K+Wg9s^QF7MGaRDk1v#U|Od`%g}HH2jmNpC15es*YSZ%)tU;)dQ(>77mq-| z)%U+%3~c{V2EfS3!ur3JP*wlq9Jg3e{{;)rZO#B-WFSlE$WzzZUW3>wam9drCL)KL z5^ri+5v!niJ>I^?hZWEgQQdIL5mH2Quik14XM2Tl;>r5%KdI+UbHq-sYx_TRTSvjY4fRPSEp+ahcU}tmT1}?QCcn#j=JG(Fw5@j zzd0q6C}i&iBcvkq{5XAHjt{>a)gt|2mJj3Tfm($)P}*I`lkNGE$VOlBb0Ob1*yFy` z0TXivkUj$M{!G13x&w~a{Ym_U0fYkd4w%hz@3Gk5 zXaos&Qu19;!E~4h*P7aaaty$F`&PI;?tvlBCVMEf9w^r>vanzy6UNOZB?g`K1{6v^ z&a_Bo6FLSvk$b~LLRz#*VZfhqZ{;vjD~{lCQDmB%KJvl^1q*9%G}H;voz`(s@BoXg zh3)G)Gm8#O;{4)c@#W#;!t{lHE*RTt0OhVdOxc>UNzeW*AUy~Z+d+PN@&uOSZFD1MyoS@B#d@4E+Mw};4x?a`CC=~8Z@mDg`_1u3UffWIoK$>gCkiF)g@ERard=^{pm=w6qZe>;6OQi+mK+1 zAk7hX>gmZ3057O=zWLGZXx^ppR{^2@nZ&Ps?%ZyDr@okEz8qtG)D!f`5wC+6`GPAS zsxt4~l36bO>O_?ha78-a%x@AcFh})3EI)iimD^Db0 zD&=_ACZDb!k$Jxtg{TA5N@_tfs?Dg!$yuc8XeBU-;JW?Wr}~ZYQFlL2HI%STA!RlR zmQ;Fq0d7mX-&me@g8dCtFancD-zA_K= z(Tosqo;p-4fn5w1jHSsaQ^%=3(vD1h=k zLS=?#Mk&ymrHT5Ro|qTVO2nf8+TxeJoxDlMA3rMNeBy>x^{%8=n$39S4Ltxfd+ z8%-<$BL_>|`0Fk-ABJnZ)`BZS#}26~+#p~xnc_0e4(#_rI`P$1CJl&B9(V6KhA!KY zNIrp?)O8$>k>QQW=8|l%gX=26;uO04jo)Tc?f~rMn-G+5Kclu8RwI6qBa%Zg?bpbH zp{#S*;G~D`YQan0qlhJqmxw_E4vEl%)^}nm3kC2wfa$GJv6zZNpsYh%%8oXT#-Cp& z3V+?Wd23dv4Zs^lH>}R)9Ahy6U{r<0h|E^ChR(I2W;nyJW~P@v10EmhR3rz=ee#k{ z+J$bG;Z)kGg9G#0#j@rAKGJRXRY&Yd0h00Mh#zmH1p#U>;H5)tET5({K6*T%b}_*i z!=^I;6aFxZ(TVWa-3Jy1uWQ8CUu6|9L{a6*@)j6Bx`B}GXA4y2nE#Ismm1#E+%Rq* zI$7!|o$`jmUu;f25PLdPO`V!O;TM<|2D-%qK4O8pi6b0E8bTIxxa@y@c7MP$=8OtB z6>H(iuy0?+7;@Xi=-fIxXl$~l@~?mBl3AM0>D$hqeH2-@X~|cN#N`&qD^pDffZ_X< zk$-&vs6AZK|F!hW6{ zyY4%dLSfXq#rck=a;%!e_kUoJ`%7?TaGO63H;p8M0T^F06Hu0HEQG99{j%?be_6a!t9=p0YvWV zVVnCFQn!}s{8t)B9=N-gnj=Ll?|7B+FxqxJyxdE`msojOxl32mA_Xn`r5Nyv-;&>> z+<*A`8#RJZeaW-zWn^KJTjJ(1=nw=o0c3wv+C=#f^ga1h!m8_KU1J>BbkNRH-iJkfX7MU|LGyJco zvdx;8a!2flzcYFW=RHNm=T&$PxS!{37^cHBQv*Pyor~0*#aw`d9Z5Ufp(ei{m5%Ek zE@vSDNQ$Ero5z%^wYaYOGu4Axxv@VEE>DAE6xnN0zzFPWY_jB8b8*~!DKjb;-Y$GJ z!H$iV$^XJY)FbH~_jC4gw6*oV zy`3Fho<0%6j?)J%ICh~l&Z=6)^lHh5509LN46%DkQxng>1Ic$ zdHM;l@jmV@#Q^Iw5CfLs@Kl)TVVzP2!c34Qym~9=IFD_IaGZ^UI0W4tps6h;xG+Du zf!=hn9VRb%b;^HRWO_K7x}dw&$9^XtmL<1KFN30>;>5l;r1I0edf}&lKG;gs!TGkH zjzw0A#G~Wc>(`y8<nGE#^1(pylOnSdXu%+GTWr>qy&o zZe?}jdK1j3y^nuRQ$eqyy25gtVkBZhsznWZ(7{E88Xd>4{daD;7m*pCO3`gb z91lNN-faOJjVIrhs{``t)1{;D33b8n@@8rG^s@8xa`Jp0$GgeJJGg+gi#F7`fxAO( zxwLPSib(2M=-#r93o^bU5Shs=jm&7LiX@@P$S_T2O1zfB-IkNdWEdAaVI^+jbY;4> zS}P&ui(;|h^DAOtOth>w$AG0LNxU{OP?3R7YiX3Yn2rFGt${41MC(`84yv~R_r29` zDvx7Aygo%HLh%KB6LJtp8F!9z)2nn?WD`I`{P=O5S!v@RN+PXyltIv}3 zBZ3O0!UlEMJY%^;ZCFF=vnPQmICyiwnmf6;#Y8=G?|u!q~Jsqt(d~a9R2W-w$=iqAD*Poc(LZ<>J>Dt9aL;>PkOTcY)z^V zT;A(>50pQ8%62nSHR%QhQeAb4=YwxLh4%8ffCTWyILFIe=nbIx}xlZ$KnCczN+8hPL!F(hHH zRl5i>!9xKC_|IbtX6$_l#MrZzJziPWawjRR*U&q$6B@CcSksvkKz@B zk;fAKgG3516*XdQV!A>d1xs_cg5^sd+Rx|qXgZTNR8KRNlRSJSn!N+R7nPWE3@fL6 z(q>{0mu{R|?X*NMH7`KOvZaRJmb>}n?74L98V;|06uOp3xsT5%gq3zc`!F|#3bd5a z_;QozC};VG+}(OH!b=EzJR_N9eX+j9S_ol0BAhvYWMc5hh{!pf&%;b~LXDdQImc29 z#7I2_In){lz)u7$WQ5rwlXXB;T*sP*;_FYM-hY>aUaUk@SFyfP;LFx31LyXRc{rZU z(^bW0W4YZ31+RLeJxY$xkI^v^{d)NvTF54WRzS*7II*H3J5ic6w=gYx(V=}xKkRy> zMFpBHu(=Jj^1M@~Z^D#Z;hib@ER9y4+BgN9Ym|Z(_Q0T~JJykO6C&&8655GG)o5`K z@XF7Oi!}uA>VgZB0ikg@)zi8WqE9NkIU3lflq~X7+A}c!NaToiR6`}7Rr(E_6OnEG z9TZGqO~n8N`v-*e%kqI4>V>=6Jp3MAGD{y(xVf$bfQMy_VSz#^kDG`DQv#tRGiJC6 zwW&p;wp5N}_-ONGn_T`HhqI-i-Uu}omn~M@$2EF z)o1|SnbZEtsv62Gm$hCR2yeM3G&;Gh6#l!DZ5z{G(EcW0B?5v%J+8W*yx?chykk@P zAtZbI0-iK+z;SM^=GImZ2dP>nfh5z~h7-W%=__GstS1Swlz4VhK%3vHCqplv&nW%_ zJ`>2Nd*}q&x%9Z}tHIO-I&|hF7V)sNI=Bs1pjM&pKj-*8amH!)g$hW&^eC5n;=Nn_e0lOlDU2U80H)y{N5O)AYU*|@a=URnr~`NK z6TrvH=}t~hm(Zo%j0SJd#OOEP*ydUg5b3EpDmQbXm~X&2qZXWK z?V(6+DsHvRY2f}=(TR$wYA0e;90l=-g_*E`pL1kWy}4hXZ*r z?m079*Q$ffX{vLjEKiz56F;sa^<;yzU%DzbuJGihZ%KvjKaVoZ$>lejZ zL~Bp#cUS3-mXoP#!^!)VC7%bK$EH{Gn6U(bn|sv=4ynkkO5EID?f0j0J}l@F_kpL` zbhFy?z7x0>CO&p7NGLP=X>anXqP*nb8TD&SN_jm@7PngSx_rJc*QNqXQI14 zxKW*1pX8KgnX7}jaf^~md-Rzyjn9Z&X9eCD4i%m-QSpO;2!d<7*7(MNkaU^fQhG*# zi}oD85K$Mi*gu+T^9rDHzD@jIauK}a!#9&U!Jm9AiML+e#%%*kirNK7{TRaYB_Y1v z_V~!JDjrhIH$8)$=r4Z(PyzsQ{|mh_{C_9n|9?3`EFAx@g^-b+{eNvC?ADaA!)8P5 zo~_+;Xas|edKLi^_4n@Ugt`I}xDs*&#X~lWN5>KmB?eyi>#b$C948vTNLk1TGH{hk z@TNx9>o%-RO_8jS{##Te%fb>lno*|897)0$%a)SHy&pMaik<*a)Nh zv@}=0nwSwR!mJ6Ul(vj(M=wx6pD1h``)a;~sEQt45o{q;sL=%kThntM9cyhQFGuX< zB`9S`FDgeBz}E5M9`;@qBY;jt!{SMgDq)0-YjsiXq;9_M4B@A5phK(@;DP3h;C~I7 zO5QIAX|#NYJSgtfCV4j#HN?f;g3D_ttL;9uHsH69a}zO$aHfDL1wAYn(F|r=9+5p- zd$!5F2N;fw+1o-K?9qwBOmD;X70NK*C%0^}*iDKN>na31`1;4_#wcg4tKK*$8TOal z*99gTU45f&P_TJuL7jubqe{7c_YPS#FGG1`#L#&e)qFYW0~`Z7M9t_Zrz!3pVAcE$ z&>e;z5Hbc3DZqfiVAL_1%dQ{_!n9Oz4sNdi)Tx*OHNTjFE0n=%A8pZi8YqkaTneIV zO_vN78x@d~J3_{ppdYh~cy&!~kw=Ts~&rlfHe;VhepimD&-Id zh7VA*5;Z?40+W^E#Js#b)(w4l#K6J<*>Wm0=#LqgB70qGtUpco5pLRiBrqttIl&!e zNfF|vwoB7N*Heqfvt{EqZ#I4)&gk1{)A#xAuLJ^sh|}%))#7b$@22tM;A`#T%k@oMrE}2L^)K(u-Qam`=kyC# z-d47b&L6oL5t|mi8`@buovvM-n|7(*1W-YeP>>f`N~+f6^~UatIm z_`V$@iM?Lz(&4D%KYs8nNeAiNoh)lUOj|#sHovYvFWd&BKaTI`r&7*8_P!}rCEC4^ zbk%{PZO4$RqFKhEUIC1a0fs|XsuggB?V*A^i>KnE=KF2Cp{TOuoT?gl;r+lub>ih1 z#`IRDwCkRkY{JeaH%)!<<*3B{|R zN<C(&WtOz77xrBtp=C$ACYA74^P<0#WSVGUn3HpU&_{{zt_eE)@> zh~@-Uj?eprDzkb84miW=Yqxr~=1R||%hoY<=87}fd9i9?t z9r=<}U~&Yfp=mIl4Jk#{B6bQhEVZ(MhHeOk(8!ReIx4p=O&%V1rgZBP!v%3siR-2>8PJer7Cr^p!?`*`u3YOMx78 z4|yJonC;!$Ucw=iOw7jY2Lc<}kxESF4G(Zlyt9$@zEPV)NYuhZC2@B7M3(ZUMa4F|iSQs)`Ghw5PG9>RmVCbbdkfQs( zo=DZpB?=jTPh-6Ue>&YXjTOlf?x(9i2Jh9PZ^><@`*D0I&w;(O{jWc;wt!Omwi5F6 zv=TBiI8a8gpEO@TNxn{k{Eb+^I}u-3@8D)uV2Gz@FT^>_&?bDeG~_w=$N<|?UPcid zTp6NFU*7T14-^9bZybdIX6U5@YajqZ8G|=HBN!kqlOEI1v)g@v; zPc+vld08HrUA%bnRX2``o@Ojlh#x-0bJBa(&^?;GR z?$H3btst_rih^?|2!vrJwX;mn%`sW=wZJMZ6w*?Ff%X?6r^`;PLSd8SW2g#AYcc5Q zK3VRuTT7)ks2a&P<~W^@DU+d&rZll zhCW=&Rwo5WquG$KNT5d~kXZws@aU?)mj7V}gF*1c(f*BhRv9b) zU(n=V*wX=yMKAotwfwPIQiIJVL2_!Esq?5CwiGdBI`$o08 zjZ-E&{LhVEzgQYYg>F2^E6wT~rv;rX-AmD;1QXlP7>p4#FaG$^u3JcO41|kQOD}qS z%5o3)=au2rmwnx%!_%qt(+}N97Pv?tq*;qSI)nl_k=P#sNWzmT#M71UD}|ei2i;_m z<9FrIn{=_Z%&GWhWPcC1y4gv{=^IE#Xv^iQkg@;1ej0DMXK#~agJ(Zlt#UIaj_ zIw5R{{Wbsz>g;z*XRokqkQF`-^m=mV9IWzWq;U9}bS9i{rh%28X%qx{JR-_8Un%&~ z;25>2RjoJ(0fbZK&Z;;vbOX|uR${?DFQb$FQ}$Ng(KQ@7TiP0)8(kUN(WLcQS$beM zpg5e|KXofg>5n4Zd3Kac!n*gy8hb*%y9MX#1$ErC|4y`nTYB%s3#xo zg;P~!TSjX>l9Pmb_la4!<0w`9-dxRD5!Y#{KZ@V^Ahm8y&T|o;X%I)Ny zG{OlxAgrA;>S!-VIj3WnSU`Z?AzMcX9SM=$0o{6KxO4SiFD9Q1H>6Nbf!|SBdx2|k zW1eIM;dx@>P7lw+E~DrgqbkR>(1$(QyZ}TEl$&e^c-&5hEm2M**2Q7a+@a}h0kkm6 z*RI@xIlxyZ=!XgnqS}{x$fJ@I+o=2ZI?3=VIL2z_lKiilawx7*|edcH`A0Dh7 zd3i?Gbf_KcxEWha=~3!@1{jj8tF&f)Df z=Onk%xnV6Lqfb>A9r=}l=}~{Rk}&6p70~0WNn>pIj>Hqe;b|3ysG(;TEwhJV23Vk7 z6zKO?WbT>HXYgQ9Crj2Zt7Rq5a;H*Am;S_+dDWxWrObi%N4N0>2j1Htc~=YJPaW^9 z_2YLW&w=y_;U^sNC@=CWau5by{nNF;t`ingXkYs^t3E2PHc4&>HB`{gOLF#KjUd=A zpll(mf>7yJXSyBBGRyQq;ZJncRNaL3r=3)Ld^f0)#t|oq`&)1+7i*L&Z**|luxprb z=F?>e%!O`prt?iMw0#)ivnmq`vLZ#;*oUb$*fpR3!QF^xe+L5C_;K@aSBX+ZVZN!Z z*x~=90XzIhRjOFR8-KBJZmB-5!s>y8BHURSq-1NZ#09mrSY*WHjq}wzVK}Ey8xp{Lz5O9-euLejoDuXM_J5vu|3RfQurmLzsq||N zDZ5Qk_?}C(J8{5yQ$6j(^L!U#1HvC7-&sxkzjH~0*X%2&EK7MFp31t^@e0r z9`ryFPrThJZze9T%HbU~I4?U>PVJ*Jaka#UsaQzp71-7%seqm%5?oseH!X<$87 zwFb(|`{2+7KSt7kT-rv$%1ldch_9mYiGinX4YP7@(;dD^ZPI4u-~TBxKBPOf6Eiz4 zv?BsKs27W7j}^rBTs%HIfO=6h_q#M0IvDGmFHFHjL*RD0U7asQXsIv~<~NEi)3>__`9ndGrv-OUJe&9tlCZ1B zE*wlw%2t8t1y|zOcQ`~Si!P9G%m~^VC&2QSl$zIDfApem$U+Sm3w>72Lbs8D3bLoL zlA(55TrzeX2EXHx+oa~dI~IUf^%3d(?WdYXrmxkDd`UtL6UNAoYnac@k2M!KwB4tn zLK_zq3b79j3V#p>0V(1%@BLdQzVO8LM<~kmGA{{An9cd;ybgUqMtBo2X*dm(CRO$n z92|w~jSdV`z@bY(i^RpJ5Pnj!R3bGHdcKV4%MQ#q+4^@Z5mJom(G(yGA@0KGR_lI;t2qu4f=z>DBG)Rt7($;b=B3M6IKKk3_$wLZ!om_k z*g&Z80T1u>BXDiDRHh?z;(!l_fQ#r)$4q2x=b?RN&AB;D^Qiv!pE3*&buaKmdd7zmyye1}vv47Lel9mO1%Gy9RDH zqnaX%^mCUj>Evan^bFY~nO13k?g8{j71zMJIN(hAoo>!=Kx5&lB6oLIr(*n=GCmfO zXj`Xw_~CFSPUtTj)IjsGz(8%%6(q@p~jZ{`)M1>$h)Ireu_mw%L2;NFCDFE>sgE?g5KndbkhV z^DvQ4yqgQ4Ox`QE*ZSUMS56fG$97w^h>zQeo7T>PBto34@$#(l0d|d3*9Hj9XH!8Z zEPEX(EANOeK{2ZEoKw0yhbk`@Ddz2pRAVU+ z*h)avqOIDmhx18^0ydnYbbY|*gW#yV&j z;#fy7wkmWutv(F~nqlLq7WomT9w(8UgO7|Lx-$pIGabdb61VvK?d| zKHPIo+ya2e9Gg`PKNB&$yy&Qgpg6f){i^4Q0u43|U+i|p>sUYb;UoaaNiU9@hpARx zB)G#3W5J5*P-rqkAY&$E2rD?i{P50pUiCyb1_=6>SzoUAyZi5T0BN5k;qQR{AtgL> z2D+J)opD~)P3nI6IHVHU*NW^QxQM+uX?&MqU6O7L>C zYqP?M;E|~NVEtz9);KtRbg=0Tx@pzgVMWkNj|CzL6^jbfK+kjcyn0)?2Wv_i^u?M6 zJj%$UC>0hqHJ zdE2(@`0-#^&Hti-kPN|B%BuN;w~vfv%%1=*UH40`Z=T2AA59o}AoFs_j_v`%+K1vq z^r+_|3?)CFw?=;?`!%WA{4v{B8?d(Oj`ybX-Bne2(u4AvA)A&b7@{H}g@HcwYRl1H zQn4}nB4aH=ovh;Hb6`{H@VSzV7j&+FEWuxv>mFhzD0-r^W^?a3p3{!X|)5@LmPY z;N*l@&?&gqC+DHxhwDdIJ?NI|_8-(Z+~eXog~2Hehqs*Nk`I?LFY{&P%qFXR@hxvi zjbgx*1Btus%FtFhR$FYj`Yi(J`34h`&yoC(yNj9rzp9t%|HZ-lFVXt4hKAh{>;Ez5 zYAy9K3q>w9+hxYE*~4;SZ~>ww^$Ttn*z|L9CVG|77ap=CYcXINBqi%Y@?*sapQ0obnhl=-Jny>#mX`oHBH~ja-}GlBJ5~niFY%Ne7Q89jmzN%%KPs-K#&fp&WYFiA1M2q~WXP33OY;ZkYM0N+>r>dR#S zp(in6MY>Co-B$VR_jDt4YC5h}t(B=XWM48*FMg$k%8-QGx;9Itm3B0f{W&mLYG2z1SS)z`3`e)5i(9*Rfnu$1GVl0YZcj zc3BU#LM=E@s+jvY-j}s~&ctN5dK}bWQY_OayP_4P97tJ3`D;XCAaE6;wU*BA_xa^w zw6ikvGBt0Cd`@({IXU2=vB8>^@rf^^?ZUjOgiNpp@V95$Gl+*V-gkG;SwiV8L}avY z@-ck*#~g6d4$wxD=_mRy1gTzq%Z!WMND(wB%XHN&wx>lHPa(l20a!Nn4G(<#!pC83 zBDLaA3Ja<5DyMuJh2?z;|2lbenf65vK)3D1wfaJvU>r*;_%7=*$WH0Pzi1q+X8@q0 zFDOt$@w|&OZ1do2@xzjpMb-kpr9;>uP-z9euS4zR%|v?T_yz#O5$|gjZe)jlk7JC4hzaA!M++SXpNNR zduWXNVi>&m20}lTj{nJ3St;a0$F@{F*V{gHZ&CjU>33VuM`SeZ3yDt1W$UPv$yr1B zmY$JrWy&(d6Y8~a;iV8(p1kHg^mp%{Tryxp^(`&mC`4xBvj#?G_X`9@P7PIvx%`t- zk})SS>+MTDfw+5P6GI_Mul1MIoOQt@VqGAyPMpLnGxjfuWVB`oy%&E9D8;Az9<61i zOn6yJojnx zAmVczdxQ$4u47ETJGEEQJWF<1?zYETJRhF*b2N&|llunO8pb9OBa+TUuNQT=Z|<`A z?Nh_uKI23nr!Dg=i$tSkO%v?pPuRbZ)S<58><>IUQPLkU5fk$7%mpCjuE=l%>o{`@o)uSQIbCt`F(Nb=Yr+|L5^0$6nB z>!jg>p#E=*a-p9aEfu8q9&M_yZ3O`IkE~f!QrmOjsF?T_8T-_IGKHP3E%dia z(LsP$jtPyr;4MBks>KW>`RTZa@ZOweSg2eF{=UtPG9pGk3JT8#PE0ef4yB`tcv zqh(CMAr98W>)wV&$pb$X3OM+Rm%{EER`$W@P}&m2gWd>k^y<#r3P^{Gp!%FoPUjHE zQ9Lo+8xmmxA!alXt*Qg*=Qb$`cA^byITjv641!_oFmjMAIwIL4~7-DJhm z3qt)TUU)QCaSY^Aux8lJrW(vO%FG%z)6n-OvTL%uUgo%5?MyRd0X_0RnCWGQ-_%n( zuw*@KcX)n5oTk^80Xfba7R-k0Qj@HojFx8c@4NW!;cyczsWb}5M*1GbHOuIOCxbl$x*8Cb2 z{099RoctDq*gJ;nevxfF%<}2y1Cb650oxZSolmfIl?wJ7GZuw`FSI-Q0XR6F{Fj)F znc=@s1S|9Z8bx&fPlK8`?7s%Jd^SZwJ1a;9JsT8%5M*Yg)nUo*ai=9lQVG{Tx|ex7%c+vTnL}i!YC|Mph+KhExR6 zvLI%Tt}ds;8i%LXZ_Th%Ua@5-DNsH08#l6i-Y+<;^8D<%Nr|q#*&116A(_8SXCAJ0 z&2mt>zfG`-U(>*ec~R_3gR#7ZE^QmL8pmEm8ntd1>4>UekJ>&#uu<(^_wzo+)s!p*3Y-J`3f zJL+0Ycp|k-<1k@xwq-HXtdBjjt1Vd)^y8p^V6t^_ZTNoj@sOH1Ih%_c1&jo15{KZi zoE4Ujb!vre-l}P0k+_PE)fNHc+$nwLD!r=Gv2L2uB+DwIyPsYql^JIbdEcI<4%24c zs?ouigs~yf`RgP85CD)Ok#IU*QFErMv$i}cog8)_BQ_vomC@16baSUGa3~XEDd-cQ zE&l&d_6|OpM_-q3*|u%lc2$>ccG*^!ZQHhO+qP|6)9;;kZYG(|o!?E)AMiZ;B;T{M z_S&C?UrUTAl4{kZTMsJLSs_@uK5oubLBhMYwGI(k;1xvFBz=w>=Qt2k$o`N4tH~C! zyfc4b-YwN)FV=Vie+I?+B|y_dEEIb6sgtC>)-HpuZ6Jjh@RhGq=tOVH<&creBrcl5 z__c{XlrH8hgr{GF_ZK~D4NU=Ghr3B87Qj&MQlX-#;@Uwo0Q*H?VUa~OT|Zc@co=ZR z&PYi-g}i)C@jI>&;C$Fh2h7GY&&in5y|a$Ef(>KKu=dp;XO*2we(c@N6V&FI%>_hA za}Apj4@NnA_PQtjk1;`7BpkzMwh3m`_~8pCNU4sdW?LoP6oq+c%QJg1etj4s_CQIV zpG0Hqn&he@m?5k2yPvmoAPksBFtC(W9Juw}eqO1?B9Rt)2FDa;v`@Qk=l5Hu#47+Fm<&Mnp>5b9EfYI z7x3C~rnSaq#>u!Fu;+uyZybarUNr#g016BXuNjZs`5t#g1ASKTUc5w|rih>O--AnG zP_cLmL>ABYE_c@jccB?_6opMEguJhDeO^^MQ_1ciyLc86UC5k(=qwKe!qL0^v#wwS zMXT%W;I7%mpm>zX&{e}+IXC`8T%cQ09Fp!^A^pNn19=k}aZUYPZOjTTDN8P3!h4NZ9vUToJR;QwN+I0V&UY^7 zoGFZ*rCLo3>u~4=!yYVpBER%%OeuTei+RLGpsp1*yA30gRNY=JX=bFGNO9)VbIQ9-RM zQkgh6NuHs>X^T$07al?IODl#E9Z=qX)vW{xp$(phc(!M z+Ym7)YE5Y5E|+34gzp8dsCrBBgtPw`^$0<5N&+E7I40V?Ac&A2;HrX*1iG&|QO{1_ ztvp8L6}M*KEpjxNBoZXNJ+=;Ve(F8oke(Le6(5DwIwmp`Fx%{RLQpm}JaP{IpiL zaqt`^x7A)kV95PU6i<1mr&g4i2wtK=Z~V2iaF;%Antpes?S1p3cJ3;-303Y)eVaAa zNIOe6P5W@ll(rVvkd8VXC;2k~-Xy> z26~vDBKP&C5a|p6sK839OQSQ~sf)uPROugxvfs5j*)5-=n&B_+L;_dnN+OJIdWg$G zYr-7xPNm}5K8m!l__z2*k6}U_tfVbA7Y^3cHd{{l5>{bbnU01V(xom%xU5OsJlc!! zEEa_orPvJhIg5vjx7;*4temW$Z003Z3)J~9;?3- z#t4J~W3qzuCmG`=Ep51J++|g{m&Y6V&FPnOs~Gz)xWhM}gKVLiD;P5sc;PxG6U9_@ zl8sbskRn|wrb`ZdVZ(}d_d8cdz&xzJ2R!e$i^=YJq+| z?%ki?uictNUH}h!F`6|!zPLNPKV&l5+`J8K{A7Y;wg=c@JggeoL;PhW_8a0MQjj(A zK(gndXx|yxE&S@j1vh4(k9?<(KAh;}@L+z}no(2B;h*EaA9`X%sy;insMAi*#wROz zi8wlp|JdThfz^$D=whF6aRw%^O2qFbIcwRXsAx4-=vJ?dCZGZ4Iv^;5a>K4d9keTz z1PnH}>p>4)R_G<7D9`&2mKdi+8)+(DmjCoj;o8&$n#h}uvZC15o=Qp^wt^v94*#3HO zY;h95@8UrVaI(?b<05T;^9{JCU2~N5M-2;h4qnj$XGlT0xGmIRUM)v&>kL%npvk9o zN=&fFeThzjUV$LMLFb!;phqfxAlh|Ch#R+X)CN25Ym^2^kbZ8yc#r%*dbC-F1O zQegbN;r_@KQ4GiW1&4r9JG$p!;$qVMW)c?g0RV0*?jtRJ;=_bSQAmUZx}eb;D#D~H zI7zx64!S_|isFr-gn0fgyRu}#lUE0$7ZV22AgX&@QH&=ilFH()(r#+I;$A$n`4mOx zR6l-Xv9i>Sop)>wfC7(?=j z)^~MUgZTVy^ikOjzd1CeHEaGYuuu0a)trnf96m~*$QVw-z8sb57-R<%VN^)K(FA9r z@2EDj9PwQfWf91&pn|Aa+kxRI667GLlLBx21i^@mu$ffdb6ob!K4z$4hD{#H;nw(O z>aw2Vi=BJ1N&EaPI9oWelUeUny%1u0T2FsuW#a2eE-Cd=@eA0^ zLV5LLb7Ce>WSVg5Ic=gTX{NHM-MQEDf%H1?Y+i?EtG-t7>pl%3xRm79@_wIvl+Q>I z%$N-kL%Bp0PL?aF$!2-F$Qq_o<0^7V==ER%>}l z$3YDP%xfL+H-4~tbAWKxkqo$=dszmIV7aMms>k4Btfegx(q5Y9s{gf5)S|CS?gQD~ zt)(AqGtaYWRCNp7(UF&FnDYsN;TKAukM1B8p+evgLLG_}K=|_!0`)!yB3hfX819(iL@~}c;;}?CIp9LBp3CDeuu3#P`--;8blptwX?d6-x%Ht23mub@bz_EE z$@Ov|Iu8Bi-2m&!zx4A2lNXJ75?2#>o_Tms>!6XU>k;?uX}J%bvyLv^wD91gzCb1h z1abLR5K6*7`A%u17bf0{FPDj{E!;Wut+viHN=~oSIfo4XtybJvu<6K0bg zTM3YB&r)QG__~p^EFcm?1SRnWp$%*$HoY7p%qE>6x=k%6C>CE0(0iMKEhl6j!8MK;)0}w*+pqNj zh4x}##_ToAL1(=p!LI9H#Z9tU)p4;>a#FGXzckR*nSLK0DA^J zgtJ#uZ8pByx{Z+y%1!i`&5V7NT@_&;?zNumN{7f+Yh%)lP(2BX7gk5lbIM;b+ZzWa zWfv|L4h_HK+`6uZ+O`>wK{m=3IxmNH-STqOAFR$m+|!OH3hmYi5{c=+)^368*8b)| z=3Vd}RNb8J2nX+nOhH28E zW-U^`Dea^3= zJhSV}eFIENWs56&@d1{d=T|a-b?{TXTcyWy;e4tKclsujR3Jb4~YWb-)(2G zLFSF@kNwk2M@Ah)O%0!}whX*IVe@wFXu+rIOaDzNz9w(9beOH4Mqo_w7{Z*v)pAhf5gYnqA6+cirj{DPd1nLqR{qf80I4BIP~vS^7xH zT1~-$ZgQUZ=jI1|TG%Y%{;sHy%Je?QphEcwXU+PL zLB7=VGtyEa)7f9}HMm+;q%6$cAYoi!uUtCL`r4@%aJs9=38rT$?*}QY64yI5-p;lV zN%@Al=3L_?0-x7id=L}l_R61+W!M99?v%s~5iSp7bJi z612u&Zc1bTiQ1kbXhyd~e=Sc@&vR1KE4G ztu*YlH|nS>7S0N@V1(zI$vj%~xXq!K>y{V4=1e`XF_w$0{0TEz9;FXR6FS012l=c(5xxTn(V zH#2@2=rWqBSIud!iQsEUgNZVDH}ZGe5xB$VW@uG1s}_L zSC3m}kcD36B8gLn+T74=_|(kEtXNo-Sdv z|pZ~Io&`;6MBCa;ZOZm`?j<6OogEm18BAD3}>NWJa z?<;k&=jXz!f(n=bTO}ThiY1e0|!S_n1E1un3RzdZJEG*)Y zOgT(bx}UP-qwcrBFRX5JOzJ_t9xn%S6)s5N{u3o_8&pFh2exy24HoYEfZ>E%FisFj zR*&nSN`T`sK(Hhc=%mK8uXAT6NUci?t3xkOrO-ECm^CwsNAOWu!w(HI!Gj-SFk;V4 zEMYa!U=<`-9|q133K@FuV_ibBs;PJ|WA$CqGYR*R7}Pru;;P1e5MJ*|6uv1pv?{nH z@JwNDf?=7ed^*}cI0~n@qrEa1(g3go(6^gds}txu7CT=afaEI}(pO3+Z3oH=2HtZ; zl*b3iP6nnK5_?*;(j$Gq9MG?ELl^HkB;pE>NrdjI;oy`0m^P|4J9Y|kCPe`EC6MMM z|3_Y78|n|U>4sYk7k7nZb#M;eh{=POo2#Q*10@Hvg28qqnr4#`-X*XI2F}fTf;Tj4-6=u@ zFb>e}_QKncMTB!2ck;mGq)VQm?kdv>w`a5|%T{OAjeea7P8e4PoE3QfFX7r%63ANuZUjye}( zp{hSkcp!6VV|5>cZbNqM^XtC#G+$n=&*d*C!INK8RI1q$B z#+aJBOSV4UDmX37iz9K%>e&?H6$t~}62NLADB$K-LP7E>2`5z$pt1h`KeJx5;f*Es zzcI;WP#2xjLKuqSU!4%O&dw!GuJ;2B$zouHj*pBvMaRQ^$4;2r5(?a`#xgPT4;Kzi zx~Z0={i%eKkW1n@oKUG1qalA-a{zDs`%;@aP7L=WX6ZacB!>QInerXG4%K&=GHzJK zm(fNDxG;v1@Miy|*qa*X(`?s?D318c08a2oKllbdo+=-^zfNa+DWMJKJfKEEF5f+z zUvS}frG|fQaA=Y|ywR*z;||m;r<4ylYGF3dtZBG3KM_vS7LU@M63DDCT`3a;bx>?@ z3MNL(S8x(J8+$h5zL*Rp-?Fpf>RZ0K+$8-1`fD7C=Bze58^)T^PiOQ4vC)tkIMB(g zKnfEg!^SZ%-dM$)wx&I``Jj?4cT-o|X{|CVvq_iLx4^!Y?Z{`(CC9E}_QIxk9dPl4 ze=cD8ve|6W)N;+RX{UUaRZ|rPRvaXiq4&-R7s-3iMsLAY!4ABxs~Jr z>Y~wwE)KnE)FS!6cre|-_UD@&-LnXpWSjmPe?Eb6rQS4|z%BJ^Vu9Ho2zkSV< zOU~hKc_+od2bDtlhZ85N#Y67r)Hdkiy9749WUB|WvYKNhL2~}cq!S5G^2~R2bh&=L zvyS%kkD!-QxwmA#;$6yPziGvt2{PfHv*HR_Z9hhhE+n!EKP2tk7x}*WU;g@mOg$dp z9^mi6bCPJ)jt&r(zPk(~&Xjk)IduAM1o>8Qu+{^?Lf8z$n>MF==3uOB0pNH~!}Rrf7f{j>;4P=FEZf|7@Fhya#I5jY}1^^x19=HWUmuf!%7)CMZ7s;WYX!F=ayOUCCltSN&Gp=fhSCFV@Pcwad~h$m!&A))fklKT65V_y-bBJ7iCPz7f6=f2~eIaMqip7xxnm3>5w02XHX z-m!|X0|FzW(@K20v~scZ3;dy^TL=6JjwH?OSmBhivEa3W zOMZ*9NAEVR+p~6d_jKe)v9@)2c6M}$6Pfbw*gv7$j{>Idc5i?O)-j1n^-|qjGl?2z zO3!I!eKSJl*SfK}H#=bK?1SL*8BJ4!{c!0G(R1v}Xwv@p;ok$fbj-EO0iB^a%FzLL z_%FK{D26#PuF@t*=;Q3a<1l+vXC9udZ`Sd?l_#^u;x(N?$AK6es8)7tL}wCPd5v%#bxC{2?14=wWmWU6k}?fm5%mQLtLzw(b> zNKkjv1V=J@Gl#Sx+u#>)N%E#{ZpMpDBf7;siTVawA?pNJnV#K-y$Usx^!Q0b~lshi2jul!(HTF4k&`3)Edg|tr4%B+MSRb6(r19@)5KM zgIW}ke*gsForLfpYNWO{hyAjaCFxS_3i1KU9;fy$2Du-OrW~7 zv5*lB@D$?E%DzSw!*ySy^02f`kg$20Esu7@PtyE_KZhznO)nH%M z7S^h+EjIfh?b>^=J1QWtQXV9B{rw!=p(G$}Z@bWn`20Z?$uj#PAl?!iol%6 zTtTO(nyPm^jjzu#{LYdvbJG>Hh2Jkk8!j|o#Ac;;)@Ei;ntK}?mI1nm^7|78ge3sa zoBD~dO0NijAMNWYtz!#2+*GD2o2=dgfl7`;kxC@P$96Do*j=FDX&?$V2~qUk(chD-Q@ zsxk#t7l7guJ`7&>c0pR_8*=PhPT7S8xUyOyqNd6;T)Q~eJthr%Jxi8T#(Fg}G<()$ zAwk8n`hiev{fhJ`gJapNUeJ~)!-I{RM2lza17@D_CB+V{<>}+Wl@}Qm6>_1+M_3OMm4$SWfBh~9;POULRuagftL|c7Hgjs<&D<01d)~8 zvhH;IETN5X(iM7z%ijS3Di6weRGK7|=yGUO>$Z0f_Aa(j!i%g1if!6K6MB4-NrD6^hl`AI_78{a+?_5b2!J+xeEY z>*Y8DAWQkoyr|#-2?@{@_v2~-)~|>SXz1jUMjtng@vNvO@(0&{?NcA`LfU%8uC3B%iuxRZgnyuj!i?y>#V`ydNKl8I$ z<3%sKk0%pb4raAK#WhLBU->+Mh#{DE3|M?ngMXM-OZCs+p5s5`d=r#OeQ`|2yO0KTyA-#GE|}P(bi#w1co5 zASJvjf`Zbu`K~aqQwNTCuE>_N?jC)GdFH3hTP!h^jEz|xTg}&KA9P0z>-@)jElSk^ zhZJpw7p){KaeojrPC-YdO4^X&biwL1p(Q}|{CBC`UU{@(bF1i^Ldfq024fzLzMdw` zqMvtaWZPFpiv}%psk9C~OK7`1EO*lKm_K9-JcRl*jGS{{TIz^=2Bh2vults*q=^z_&rdBX-t>bJ_=~dbbaTkYTRuIfg2ZWqHka$j{)?AXjpw>W4e$=!h^sWr`$RQrM3^XQ1 z?2_~BNwcy@KWTH!(DiHzCgV39Mk)CEPhIti8gbFBnef+)rUqRP>+gwoUw^i?!dSAn zvdL z{?n+bzX{4z0nL3nAFwsoef|D%3(Oq<`z`!`0ZBNR|6d>pBL@fL|GcLEyBa>E`Rgx` z1g86@X14B1kXo^j0#MACC$?Dt8blJ#8W#Uv9Yqk>)__~!{pLfVd#Qlac~h8`^f-y)h-|@P3)$&1UM-dFlh22Sc2s*8%D%U zVH>7Ga1+xp*d7e7hS(0p@){UDi*Z?lE~0N1)Yj#9rONrz$yMIW1a93>VKR2W<-kc! z?j-@tNJ8yn7(G8G`SU*z(k}S>Iy_06YKZd1big+jDS%myh%e9v#=@Zjd*;^F&?Ua2 zo7lAw-S#qRh@LLycn`|$jcEFMDXIctN;HD%s7x3y_0OJ|%8oiHFNGhXmI$aXSn761 z^9U%EZc#-f@=H&SrK~X-0y;Wxp#F(ig258<9DO(D@}2w2fIvzmG^Jr$aDtj@7p%SU z?Tsi*TcmEkc< zamrov2!E?A851Z`O=jZaP94*yl%VgOQcUV`CAN|tzFBG$q6sKz>9yr%UfjYQn}9ew zgGNc3w^B|2m3}$NaT>bsStl%}$mL8P)J!MfZPC#8I41SF+%S)A(e>#2$6#W#8(Mz8 zI(h?KedtXdPG%kKJ?yW|7g;l>^ysHk^rrb}rqzn_cRsxSMyzz0PSotJra?IjVdV(S zb})BdNv^0y%E`&4s9(9MjA`f4)@2#6`8*tbiS~S7Eu8T;yfqxHjSOk%@nlW(v9<+!9?6Mat zM+7y@M5M&wEg8lf%g?uoVlts(l-V_!t^=gQj$|jDQ1!4XoL>6f#(!#z{up%w_Fge; z$ejvS2|JwO+cb1&S5p+lTz+Uq0aXy$kCu19VKj~8m4a^!@*bPcL))40blt3PtJ1@} z$Svt4bGp$u`)i#03C=V9Vu3r0RRO;g$k0dx_V9G$dk{-P&2smJ(jSf1gW9nS(gJdy zOChdPTok}@Y+F%N8WbBBx4lO5A`blbWZyCn!$%nEwQEc0&I z+8_k6DXlV!nMufEW9hptykXWR*h9-}2j(d+m%Mle#4;Zy5Oy%&(CTP4wCBhQ*iOki zG830&4@zWIS!Vs4rB5EgD_>9vmvPacP-YI>G_o1-VGGc!|CETDAPN!46Z`$o=aZQM zO=zl$%~Ie3A2cRdTemrp5dtdyG74|}Yc3{Z{7zTw+@g?}5)`I2dOenYangUB|N!Vi{FYanxE z2Q`Bx$Z5}jNN4olnKxkd70K|B_F5P<>|fhtm9nC2GV)zLkeXyf_5pY4n(e0C6RcZt z-r}w#jW&MEW*6cmc$S1cMhY zN>WdQZ_R=CNJPPuK_j;k3${EcO@uFn2q!EDZU0P7$G6FUB4XhPT+h6C^7!NKQzli| z)vTqg7KJxnm@|dd4#6Ki3>NnmD{GE}S>P@P9G(UdhEeop&%?D(qLkV1DK1rw2Fp40 zdsapjalyrH^mw1R>1`x+w9_Sio|vM4b>vHUb)9&1%@>cmljt%k%EuH7MQ~vB&nwAs z=By6HEtFTePeU(>X~OM0fUF?+18i0Hc+?@HVL*KR7J8~pg%4I>jMTyawGb?8RSd2K z{@qP7g+&t%4hbya*m;hLk?6g=(EO%<+^^J66cty^TPEjFnvM}guD3w^xrdt$S8m1i z%ZQsTp*7a3d>Lz0>yv~Op9t+HR%5eNt5d)KKKjjF&jOLF4Ksq_)=T`lXarL|x%>1f zb%K?b_B|u2`#P&dWTS{uJSxZ=1!R1wW9J`X_>YHy<)N$Sb)_z&Q&)<}(j&BE>@wQS z6u|{?w`wJpM%Mvp#P>pfKsJhB1iPRjbkr?=W>|;b&W1F}i5h=euUc z{e+un2^J3peK-7NJ2btXlod&?6BaVA)D>znHBPs}ftuBfg4b64KMAoPWdC@|SvdbO zz+__nZ*&3{k2~g&bRTzRLziLkdTd_vy8n4krO4 z{ZiKP;ttyB@5|a|J@(Y4xZ7G$7yJy06)2`vo#o#gK zZLdqFig}*GQOu;}GfbzQ^hx>HH*2 zBVSC66BXcdm&<+~O}^Sjz?$nVor3x?n!L3zyz-NkpoA1l9N8OxSOnP7L^GU59HCl6&4AOg#=FLz2SDJK`7ysx15c%ntB@I43>c9|k@i zTyMOdW#LqUzk3GJn2o}~^B2WN>*N{+VDQ2i2e5 zFcQ5(&G#*Vdx(q1r>~L72BMs}QZI)G5iKF6HL|jH_jh-mvEl9FnxR;dQW(AhVJD8S zCwz`jX05_JyjUE>*X|zaaWj&;8?3-l&YU(gZ+}QAfl%dJ1Xd5qfM)$?vrZZ`(x_A?p9~3!^2oe#E6u} zpchzTs8ulLS*BsE^I;4S$;ai(JJW1Oi#)T)nt!G1z<{!DQoxkXZ!(3Ezm=DBr*W2M z3_WyuV9^a7kg{AQx1iXeB~ zsA!j-FqIFIlu}t@F}}nnQ!kkI50z(-w;=O!d>8s==JVo%DfF~6`zop;-6SrN8F?wD^RO-N#98zLVc!uhSM&&-fU0bP4#Gh9<|73Htt8_SAuDZkPToO47QZfPY$i@*xsZBMtgiKG;;*V1=eN}xE371br8 zbCaav|7?fOi5cg6*IrX6m@2SAAnd3bmS=`7GN!Dm6!~4JbtPd!Sz%FTUBfF?LoyxT zDnX;&O^|)rXB-?qd<%pmNHH&C`X=OABY;cau8U;xF;CEh!6;uz^Qsw>(-W8GTwR`8pM~EcWPLcmja_>okUi=9Rep|ui9eXCh)77u!o_Dk?Slk zeqr+dGL;-+@-nqQ(NdiT7#iApNUc?8wV8x=v60DHB!Bb-+tf6wNzmEanm|PjWuXtG z%;oW(mMj?CImd_NS~D%`rbgMo)9f=ZQbs}d7!B{iTA2-m;$X<3I$c(xyRLt(X||D; zMW+K|aRm{_bmH=oERe9}k7kH7j++7I3Upihv;zx?BYjsGwqG!k5W61qylWVs7 zY;IRJ0o~xPHCY$)_ONXioN`+gYJ!F8)gXodCVqBQ%bwsn51j0_H5XN;R&i?=LKuyk zmxQGf%tGj0?aa#q8Vn0wWWZG@1B4Kg2TuR*oP+MZD+v{oilG?uJR}a%!n;lu5D4v{ zth5WG!mkBpSBerh?Z5^{%bO?6xLsJ6k=HKZ8#K1X2N*zhh`G!89mQT?)KYX#k4TN5 zyz865Mos}f zkJfJS%YOZOsgp5T94gQ{Mp~EsxnWGW(6|xrN{M0N=O_u6@^T`Tm8hXhln(s>^b5~{ zA6^$fetZ5`%#Lj35akAh;ab)cIOBz2$<_B`Z-v8%>`LYQ00H>c63uAq@M#>zod6Zj ztp+}@5nYoKR~ayITa#~0u^gsIzG0+Dq>PR?*vnEtcl#y`e=CtzNR_E9Djl?R^rG# z@!iARS!f&I{eP(ct~c0Dc}Nx2gI86i@EhClC%%S*THIRW7!{r<;lV0kOg11PzKc!s zDHstB@ZFHHe;mgECw#R>TJO_MSS#8zY3Gkdw#y7h)iB#oWeCAOB>c(}woJ@jbOt;caFG}UBU26eqt5Jf27cl>wGC$_(xdU2U?IgBuDMO|BN7?KI zi~cbJl7@F}WCY>6i@}>l=(B^s3Bk0MYMI1?*3dqP#S&C$N#g>=Q+wFl#NHy^QbJ1@ z`*d-|*dnP8(eInN8fCYsuWRmMTg~juzF&9-5rH9f%7q!v`8b&K2b72zl;|IiGwVNB z6`B8k2oV|@2^+(R-aC4JExsy5k$sZwRPbRm)b$hL`CB}aR7(grbO?R`Q3DrGHFA0Z z5t~&>sFY1A5u6?#?VjyD*O>3qRR`SkHQ(NjPg^ktr&e9oNF>u!eUiZBQEa-6uvr;h z57S@nsDst!F2!XVOI#A{*E_0IE-xebRO{6mRYq#AqB?h*6WyyBrkmcDQUzKAxJRJl z&}#TL-t8Xtj!zd!{#Rb&cP?=$?_~+NHQQddS-g=yhp)P=TO6(;&QAHifp_NHy5Col z==0(AXSL9mBtYVMDzyLxwW3Cux$3S|13 z=)iY~ZrmCUVHYN!7RvgRYUFlmmJKl4Ys$dyhr1`3y+UO5-5}Pxv!?rgp};BJ(9uf~ zj-Qt^X{af;oJ42>yFhupw4iV zuilF;W8wmQ`ECr~LiFzVNZ74vLTBmYsa+(+L#v`UMx#`OW^gnk_(VppnMmRi6KcYE4eAHn z_lIX$CCtEn=An%*OPX}hm2;mP$%SU0R|C7GJ-vswSh#R@lb_K*!FUK#M#L(d?qu1i zX7p=sh!x(a|I%Q#?#8}7$O-!mk|C|m#_D+pPHdaL#wK-FsUgB$-M#Em1kvARcXQN* z!r2rHQcwWEt_-HiuMP|By4&ojnuS&_-if2rsL#yK7LFqCdSW^t%6~CF=(*JQk>mu# z650T)bWI3%4k34U8fEA`!DWTC-(WQYJ4z!1 zYHCb}37O3Wx!D8$Se}jx72;(pW^6GifT4&=Y*s79*z4sE&gz-bvUgCw45RRq+NZsk zebPulzfkuuBpIBp->XC0|73`4U`RBP&UbjA4y#v1iaOgwD=JzV znA>5+j9qpKwn`F8*r91<2m~xe(U(me^m}j{M+HmR`EaedxyLj3O3JY_O;BapwmVO} zCyU$7%tPquT%kh;Cj>m}C?s!MNSlPu5rj4kK6T;0+F}hv*LORKA>RO&;&y?nQsHI1 zQl+9M2#zkDVULX*f(ndcnsAdT;V5S-mP(_9!Z8d>2?r!a|4~TaaDrjwA4QH0tmFv%Yh3HVi9m(nVjlllmmO}pj6f$a15xRdeaKu)~O zEBmv^lh$^?sgk{w#=7-d3hPUHh8QqiMg^1-db9cjV-U4N%SMSDE)qg=I-mdDp)a$y zaUmJKGGpej7BA_&%73p__FT2VypeNx9oL3#Gq}I zyPH#+D1M@%T^_d9E1Yeg53|s_(F<#G45__hVJX;8n&iMzF*PWtKg%V7P$%9WTm8x{ z>~%WBtFxvFQ6eF0!^9fMf}+_LS5#8me3Vp~ik3NR+^l?2b_NPoOmN5;WM8$?q`VCp zn>k5Jc@pYECRz1AP0^id%cL7$ui%70H;NOlj7 zke7|&5W?JdtSZ-#l-lw;K8}Pc@7F5uP9>TT$Pi*`d~CzMwh#m(AjvvSBo^~F+qk0J zmGnqUfx*pZzMNJK*LfPTBwKdtPA-ki04oq`M@FAlvl~FePQoc^cGmEmnq%7n3JEc5<0NyIhTq9bH4%&BOLS3{zZX&UF4Q0K!R5l%YJIk#Jgy1MWXuf%i``BUX! zHU*djj(X-#>q(v`3=P>d-MIq&5#n_Il^WgegB{!BNdgCpQjl+i>_1?Qv>_0PF;GgJ z6i5qgGAofM#S|j+q=9?4#l8G^czIPg+l|lYG8J8PcYK7BK|Tb1$99n-o9x18HP#Nb zJ1*U%Xo7mQ&DH3Pf8kjkXGtO3;5L>G;=17s9*0vU>@uGzbHwyr(&NYrJQgLLKjLxN z^a%rPYdtx4nBER)%M}qh+J__A*bzB8_AC#=mN(RNM!B2dDX92qfG0qp7NBmGx<#`M3> zk)(}nOr6XKnAkX2|5NRxNn`7;dmhQ>T_6A=K$vcR=i{(*~(qEl) z``hj5%ykb{;AaiF&m_Su#${bpvgi{AbAm_rtb^-^$iTt;g1f?bmOVQVK}>DK0<3JAH7-B@8_$lDcJhf_BB~hxqTK1mB%W7ZbcEIK&3%lA{B%qVz`-_aS%3Odwby?r<27TlZlF^z9nrG*YBpKKV zEI*r=UNg%*A@i%wygQ`x zc`Z8EKoezhBjIqsXmw40WNNZMWpnUmy$kloP)O#ih;E}b-ZzAT;$VA|$kaJ7Wauni z+Rp(~fw2;hn)xbp(93~ayM%ppsQeBBuaahmSG6Qn`e_l?Fi)3%e&oi(<@zYT9v5mk z_MN?X{N79ljmvoe;-X|5FYpGGfixOIA1L0&{&H%}ucTc$INLm-5Z6Vd+(}Yd<5xI| ztx3G?A&5?MuCREf@MpUvWM8f+Fe#d_p8G)c!p(;2aR* zNwP08#!-g1Xf;#;ZQ^M*jVf1xZPLE*%YxH2SdRuKcQnjjKL142A|N}(_%PaWpSB&d z7ITXx5-6@8Ecos!Lv4^4tPT|yZ zD6hqMrG~^4{{6!zOb{V1VbHGtY3x)23P5^U;BUkFjn&dOOwu`fY3{~UVO7eg3tXzm zKwJZzeq(jSRBc_`zkT{GBVH@&`}{6JQ>hMrMOT~*1LBL-bO$&zCW-1LDMSWvw-ENU zKo4jK!%y|($w!iDC<6yA0#b}6j4MC9TfhWC6y(P+D|6_p7Y@nR3k*nOqb>a!W9&n) zzSUM<%8D2_94W6N`Yk^9e(}k?i=S^A63Zi#8o;@7`fBut+H9Yvm7d}^*13vA-go-+ zkH3pMPa+D384wOY;at#lDg5|;*vl}PaaG!qxdnbIBQMW1BU|v!7^QtVj52{4j1p-) z2DkuWqF}(|`-uj9DF8cB5Y-Ruh(J&s3dfxy3qm@J^p{Xhul%e}y(GxAm4iElhJe*t zCARLNGX@R8*Y&-uqwCIj=Dah90NALEN@^u0)C)+bNjEVa3j{D0sDagK*L8cQ!E|&> zF5rFp9}wfqL|Ffjjp1k9n*YJrJH?3BMccY%+qUgmW!tuG+ji9|+qP}nwr#uWuAOsk zav%QW?qojn`93q#+8C{Wjdb8lh4BXsfyEsv5rBas6`c{cp5u|%!-3{9p>@n_vN#wh z)O~K1X;goB{i(;plrBp4$)n4g8)1^4s4+KSs1lDG6Q#s;{2!Ec|kLug_8gBecN-5*Als+DSic=pZw#>sGl^$i%?)0{O~ zS(8(Ij|qXz?AYV(@=r+c?N`YTL&ELQUGi;PHB6#`Ka?onBl~-=fbkXgyU0J6XzW3X zCWppG>HMUL4w9x?zHr6vbU|hUNiZ%@!yX6|qHtFdziCcA))vmHz(4-#10)8~;dlqp znV>8Le+=`e32c9TEX!n(txW><{n_Gykyx&`(=V`W0Y>t{a~4)S;ow(i&1DzyQ;gYz zjckeeB|zJc_?NtkPv|ZIU6$O_z;@h~@js_mW}KHI)m@gcW<{K`fS?Qyo9vO#!noED z7&7}+9%5}TBdqoqq^3kNWxj5X>Aj2H$OED#X_}l|V_`yinAd-_pZj6Nkgp891EDx` zz^3g4@sl-mUc>kN?|SH}3_=;g(j9z(1>OXZKFA5d$=1x3216KXIf-^)-5s4Fp4NS= z0{9e>{WMZKTR0S{PrGs7WoqK~bILErvo;v~y0rO|8nmXeJNy_2w>wvBt>KoVQ7Wda zn|Rz3hbA=J;pzQd-D+NW$bHCC}+qmI{A*iSt$Re=YXT{ zAJqz7Zd0&}gMFILBgGQg|6DGXQ@yrC`+IB`@ta4uN7U1}KC$v9_iZ&QfUsze?Sj!m zcOoxS2GnP^b|nCjv!LliD2E!D+D=i7ql7}+8_G{4#gHMdn)8FPV_H#Tu+~GIX$xmi zsjLrE8X=yvr|pvt)*lx*^%EsN8Fzr_5l`e)l4M!+NdRH#h$*$3*n1|+7{mP^%dd`SE5s}p?uu43{E*2^kR9-BiQ(WWXh z8G!;;bFCdX*eIREm(XaiX7lIgMF^Qm@jHfY19!KcN7WiL;swfH(FtuUwx z{w}KH>w%I)r4h40<+9%ddxy#&&7PoUu2R;QMvk6TI&B3=%Oauhk zt^W7qI7ETKU=63hA6-HSQiO<-hE6scxV+(u$R@uV4`}hENkz6N@{;F51yLxw&bzA> zCs@~Nw1f_2mssIoQo-V|iGDJJDZVr{rpl)e+oR$x^{hyR6hSo9|7(p361bUt3l^wB zp+p?Y&*IrS#es42q%b!%SoLYeD?E9-Yvfb&usUQw#~`a5GQ17MvA({%Sjlley8V+p2_thna z%Z`EQ^*tCU0U#_1+n+m6%fU;D?U%fjh7$)8NgwPZ4UjU?4_w;OCt>K_q!`&#xVIGK z5f@_NA`}e%c?SPWrGucD{yEb%{|Cv&l${EP%F36!f=aes+~#6^z@v#N%?Q-H86q6% zvkbIa_11+$8=UAf0$dbq=QxKFfa?PzWZ~tj-N@U6ExLRwWJR$}##*|R-F$G-_B6?8 z&S~JSk!U)~^3mXg{3j21m_Wq7roi6s6GwX6i3j#_oaI4Xk0V$5B|dY=$7zu6VOVbh z57*_-zc0WiSHPQ)wv-?QZnzw#TzSzj3eOi-t&nc;RN6gnC$`*2Rx<~(@bbnQec@Zk zb^&wD-WsmK;wFvD83)uLVdh)IXE>L>w`-J8H%;hEnS}JSA^OOB_7}j@4=m-sFfYA@7Zy8~O!PFtz?? z;e&(Y(Ej&36h|?|m{f-Synyy!fdwmxS?J(CGjmdT>r>h5&Cx#+-(su5SushB`;m^e z7vrm8JVJcv&hS9z)9!5BlM0WT%kmTu9{CSDGuiiW2}M*%wOPPZV@sLjl~*e@+68LM z?6Rgw%mDhoZIAt{i-WMl#;8O&a+o2dxcol?hFD(jCr1yFp3r%}dkRP;5pHIpHr$A$ zciLWjxnGyTaLT2`%b27r(F!hwNzq@{ojU04i;5$@h5UB1-KuM<#`p@7 z5-6}b!`@I|&vJqT+~fxe<+)UbqN|7x-uG$phTERY#2qon=KQ%yW}^7?V%;#sCBOBa z=GW=&L1?cS*H=_((71$@fjNlv!m^Kn{%mA-tD~McN5%#XtX5gLVw-$!sFZZGq__qJ zJpD|&t(jL`zQ}fJos`rtanWi8#nHUHF{xDyt=M*EfkuC@n)lXOQ*#01XIdJ3_sQ1Z z%&B)FoGsmTm7h9R8U0$bD&1(Sn%tdSnPDJ46bcmzPy_>4utEuqqJbSO1Slt4@i@jE zY1%OPH#u62noYyHVhmbJhTL}2;s74EQIVK>bWW~_XZ`8%)HI4-GFr-xCu+U2e6|1s z+wS*e>^5hD7Q`Doas6KRWHvpG-3tytvs6kRs|0&vwo2R>GL>mKrP&uV)O#Y*-Ir%4rM@qJQvDID%(Q8-3K1Tn*uN7p$4Sb=xj;BVWAEE^R53+^ zqoV$@EwT#qI4!zYA=c!%{!> z9|a_N-Yd{CpcWDZ|66D)*xV8nhF9xVb6?J*OP^J$zYwzW{X~1UxgQ*+jFe%n&rIFF z2q5VVk|##M?gUo$SD55DKT|O&oFI5ncuDEmmH>q8dOe3fm=Z=(%%QwN0205|^u*K52r~G#!?7MX4o|*cD>g8>pJ{tF zf{hWj8{So!R+rGG$BJAuCAs(jv6XTD`6n_B5UZz$yopin7Z4OXF-hPpN>LE=QFs6% znG?jaAzUb7BqFs40X;;G`W6dlm$9@EVR<&IK;eYML{iYrnr?dCyk;r~QWOah&P^IP z#Dz|vdywx?12_`Wofq>B7J+4q+oT7qbaWP;rJR34sqb+An0ehpy7Iuo0?qcK)*(>+*>f9EQkZKrjX^K$LiF3>@zjY7h~3*+LBA=Kb zQhW;(p_^)K{)J7pGsJW?X1uQ(LGeBqzWFT|kqI;eUKLY85NX7V!Ap-&68Fro-eHdb zGzko$I=2rfDZI~?se~ltROr|q2GxnCGvhQoOq@dE$j;ziUxk)P)-VM|G6qF3+tSr4 zIe< zMiI}Mwu}R5hrk}!@_YLa{D~^-8#ZdH(x*70pO!}8zIj&}vzsPfoCxfMqQb)B zY-moo$9WU^B$7jV6!~8kt?AUA>>a_ZElQswIg|r}t)Kaw?-xpN<7n8C*byGJFSYUS zHX1zf%`*}|4COdQmdNdwxf`UqeP`?aW9If7#lS{CETBK*g$fkXp!tkm0{Qe&f)8=f zLW!eqa_0#1&|u#+7)iAaj^! z-^GKJ#mGV~WJdNz3yv0>`n65AG5cU=b45Q8{zWrF6DDfz73*03ZA7vI%fR?WNNVi?A zbNzFHgu*!83c8*)7q4@h`lHt^ROrIwTGuuEq{c?SuY|(!4-Q-yb8r5;HP2xq{p^po z!^;sgr5U7@AYYb__DoT@1`cVX_^>poqicOe_lxe#ci-Z%VyXzM-kZV|Pi9n~*7bvr z?((rWqPs;lx|ipxNn-7j5moNLt{iF^_`vtT@%POryBS^WtZ!#Be{f#p#<8${lqh$W zNmsMl-G_Cki{5kxvP5@R8_jD|s_1<;E-#mtRc71wQ)z(BtoQt(mHf2iyMwX^Z_AQD z6?@T>;bb25_0~Pqsm~oPCRwE;wb&Knuhdjs-aqdS$Zr)>UpPSwWVbQnX3%1U z=n0o(JbCKLx67g66f}>|8(md@O=Xf*di3m`11p{as2;cTX-=5#YVM?NpLSYi95|A$ z%vCw9^sBvZj-O#wP*V#Xn7g+(Zc<3~gS;$yR;ee~wH;?&$z>(G^?(C-?AZ%m;65*O z!Le#bm9ov&La|n$lW?IVAW}e7#rc)(Yo%XVVgK$)o8zf@l$4+7lef%12zB^GJLh;K zzKGDfPYLFYM^Mo|BtD|g_I$@`!lO|=X`oQ8zQMi@ekF)ju!}N@8T}a4*xyfQ?sp+m zOTSG+X;?@e38J!gW>Mdu(oS!w!jlTxZF6N{D9?=q zWOUU$y&%Dc^nq(>C{Wj7v9}lruwIghkj`z)7p8->Sk29ddq{C9t6uHem#@e`ZfvSm z{}nbC4|1+Jv1e$^uLfg1->J?~uKSl(y*kma#%U_EgX<_bcm^{D;W7}4>-6rfH-;fb z8tz!us8*{BU5M+hoeJ$9A!NC6Y!xO@MhT0qZpw2lrmq*-u%?wj${muhRV=bk#$JKN z-(X7p*TQ}cBDzlqWd7r`@h2WR~|CQpo%FOtZz0ZK6Td$)qoyH_f`UJiZ zaIz|1Xs%tl1@SR4<&assu#q4)tr;4szxPc{t|X*1Fdx^1WTB!`NV~nXUcKUvl@l`q zfNtbv@CQ_=W#MMnlVv)JK7MbQyFA6ThouZgC8PoY;?`<1 zPj;T@P2i|_sY;8*9RmxcDDCE&VMBEi#tce&djE@%<6(xQ zuc4>?vQAEL-)Wn>w820dLStW?I>Zc!yNr4*(Rczy zjtJtL;&|0kqtsn;tVHw9;@Rq(c#sgXcM*XCLkeqJ?LXjYby@L!%~fjrW8Me^#})KC zd^&_TdE9J6(?nGK7g*5b-;jY@+_nBrm6sJ-maHS1y|-i4c0Hj&a2`v^I&}%LYq!0| z0xwX{aM!Q6@)~|CbPXL^woVo;0^s7V-r)2bjP5dRoCZE6k??oS|(?~dQ*jk+g;zcAJEU6 zOX!z__qdm7xu;JGF6~V$ncm*t(nh#nN8vsN(M-D>-V_PGOQOZchPrIb)|Px3D;!^`r&VuL@#^hX*&3e<0mM^wl&wP>TK+8>7X{v7LJrL??5UVfpEdfY1a(2kP)-KU2e9qWhGR~iES{GrJuX8M4 z;K}FINR(tB)}-(~_ZXx0 zF)ls!TK7}7-VZ@^TuFdP)58xF%>l3p&4tH+(fk{I(Y>)K(L@BG^YP~S*_O7gqb-~P zhtySp?b-Jrp$~{}mgxOE$#5V84gM4)KoGU3Jw15AAVR~;T7EkN4JQJz*OzO9D)Qrmv^Ix3IZjgPz`efGm=0s;;`PQ zD40l{<*O~@+`WFH3OmsX7PmcfG5K7>z_kQB195TIhlt%htOSNF4&2^@xA{9L;%Y%Z zCQEaMG6d&VrxdtbQgFsy62TvXnHEXRf@n!5AGAhIGc60kLSjG?;b!~y?nUQn2)Gt! z&p(?!Q?m0xt_&qcWcHdt#zg32sGmqe4|U`w0GTr6L+#TLsya^)z7mrNWKS2SFH%NR z!JxcZgfG^asICngwyqPF8N*Co8H1^20NjR&Bk~nO zyXIl*@qL_4_NV@XPp0w?VUb3B*eJ@1q0Qo^eJW2DQ81R;viWaTex9Y2Vb@OS>lYT* zVS!W|U3vj=-dp~QKMez930hLcS`6-g1~R7GhKpJG^Wk;V_@YHNe-bKlLidy+&k@FL zULdR_buhJYCet*Td^|bDrh`VzC|^OC3>-I@gGO^eUvUp+3{VZwxFjp{7zc~}({8D1 zA4rSs4DFKDn#i$I%l#*S)F~rCa4=dHiska+YOFnp^{_$$Ts<}?kie>2wTmWosrpFl z22>I4>wG%z^Busw2P=Jv0PtEppr;>;cv3`>&dU?eu%pLbr$U1_d>=wlcHBmRx{8?z znZ_HkB_zdm`on>B7oLcuk5SWgS;=<6o^3Fm`TwlLd#|*E)%N|P=aaygT89=TA*}2I z5{@R2I?Rd4L#GSxz`L%t8xtzpD6JeG5zmZ3RdMKhnmnhu<|gGkyn-E&1u|MMr=0$& z4*;XAOY5rqr84Zua!SYY=|(v6cDDP#KJw+DRiJ~E|`c{ z05I%^{THuq$hzUG1P%S?0os&i+T$m4Zi@msv+B> z*R-6q`aA@$$%4hywmmiWp6gSrhmb7nO1V3mvYt2K;`&DmTY1C`2P7t|<62rZH1qDB zfXQvW0dK;^M>){9S#je!S#)&fN& zHchLog4Un!m&lF8jku$Mn6bm}8CoT5^GVDMxF1OM_;A+V+_Uozu9aQ)KTTVgTy5qg zm>U+^led*_lg}8l1G(n6Qa?^85l7{(bBez2rSWEUh-Tmizq#&yzDWH-0OO9{MT6a&FzdI{G{kT90vLi42j! z6bCMknu>rQ5I^9@Ii!J7dC?KvwT>2cl28$tuxIs1>V?9lOr$+o1Er}dx@n?tpDA4E ztr^c|{PUu^>K(nmQ7>W4Lty*0Xf^MmM|C9?qAY~?mPUk z$2>%I7JvuFTTpk3v(`wRb5r2SMODyl5OIx%x@CHHXs*7ckxw0XV`a!|wZIvb8oCw4 zZa$D7eXK-D0~mywYnTe)kevtdD6Gm&G0x5hpR0pG#h%zN_9^~EMa9%y1y51!4^@M_ zG2oH)k(|&(6y}HUL@tmHz>$#$7Na@*6?A5#Gzea*D@u@{%FL`ko=_x|M*6_qD!ER4 zA$F@et0od|PGg1)E-+5@kXZ!^CHWkr1@o54PvB8dc2-I`LY0&+aA{;6_n#w_J6F9KWNQWw)_P@ zlpg17*SVnj8dqn`2(sR`JNVhg2TClEx|8h}#H|{;TB4+f0XqpyJD)6xAIP7eEPY7fQ6@DJrHA)lxe$fYm%(NEd00|HKjE@~yDZc8zMiP`RV zb)e_BR|dY@HoweZ(NxMmt2@YuZoSvl_q(^{7#t_Jc>kQi&&cO}`%5nOv#I_r-FJYs z;-gM>_b8a`e(D)3t0R$`Sg=+EKYvul&w$zbsY}5jPq%lst1_R)@}JK1ztSMA49x%A zG{`lMmEB?6y_auD$2B;1IA(kTg+&0G*Qyknmrs5tC6u!p-xv}ybPH)M33)2@$1c}k zK8l1ZUQ5ultt^DTMA4rtb~909>&u0P>Q*tn9Q^Doj#$(Nc_@o)J@uYCZ+3m#GxgJm zXNRZM`a98zvRtyH$&V*z=!m&9XA(r@r*P zDNH}!-}kepud_+SuydQJMQ6H4o88D%F?_yFRiJA=EjFitzK#_;T3R(QdmVNB*dGsL z>?NCRHEm7j#~+(TA>s9uS;5^C@ubUOX|RA}r%Z``WRqO$+1SS_$;M_$0I69#9hCQk z8`TiOf!YOcos5(-#YUh|2bobapsfKu^Zd+eTHFhhF>5$AA=nklzA**3MQ$+JdFl)CmnZ#xH6)xpkx4L0@ze# zA>;;e#{$V0HYG9CRau&WUNZDxoK%u$LrUUH? z-!LF^JDd2h`HKw_V68f20=qD_c0Z4Cy}7Pr?l7u6j-U*i$gJWkqpxc<&2%OmFqr+LYxDku`0?bs~+(<{-46ZfQP)TWLb>}O<`G)9qXxh295G8 zkuLG*JoAvXcyzFRvXf}@gngk$YFt4<0#4O&8_Mw1wBY{fMjy%B{>)3-|WVoc+iucyOHndJ9o%$+A8VIck)TaKl+ z`Rm;+mdG4n8@J=Fe`(f;;;ihLDbF?#VV=G7FDu<$Y&21He(&^>hnJ@%lYc7%{6S9g zT0YK^-L`~uMv7j9a2>uZGM`Ru{91EIqsgl{LnGJwTrPkgLFHab$crbej(l{hPg@V#58QNm{2PlqV-*nU(P}~ zE3-bJR75O9Z4g++L~zd}f1`~Z~H5VRI7 zAg)f`0J;|q%o-D2iHh{J%wJR*)bk!|+RyLBz4n+h z6m(0|7tOcN}YYImaBFT6`(*ih@qgy#sE+(*} z&dvcnr^B5+mz}1zwmcgR`!n0O*^zo#fQHk>Y2$#WC+L?|qgsTnxRjTbB3^c=8n=nu z5*#FY_V#j?H3iBU;dxDOFQ4CI4i6p8L|-MvOfLYUo0a9Et7fy2m7eCtSuxDGWEUvN zV3hXc*u4Y?eHkFrKyU>RGdyZP345{ByjpfWW(A&&*R?be(hQ@;G3M$6KG_Ld+ z$;}Z_>ByuddS8?!;*B)1iU21-;qaAA4d)Mw-cKjdZ(MjFp9~%&Mu!6ez|qDBkWGc< z!1;WzW}7dNev5KL#+ z(#6icdU1({k56tDvmnYSqjE1W{Ks%afIz+h9ChqOlAJ3J98fx>*;VMZ_e$QW*zrmC zxqwPCK^L);UY5DfG=PDnNsBF6%N||#-tyXZdB{z~epFMFT=pUTX#gvXcB0qG1&#@} zzYpMJVz<5pS>C`Xk-SWDs%%h*%*)-PCbh}O$mNB+ZVE1ZTk0Ap4FgQ5{JUTA^9Jt9 z=#PI@#&--zAL3*=oI9jU4OB6X*vrer$iE@RsB|RW2Gv=%k8V#?T_cj z2SMCJ=9EgPijg|2Z&c+-qbh6I|IE5~6@>q1*r~Yh!guVcWEJZC>Ia5*_}mKshyNp;Ej3NalVY)b+fZ)*EKO?PTm}F2A^uxqe2g>~tN$2N|-q8s)i+ zwTIiligO?PykE1h>bi5_%ht1dExNWT-Z_qTdroN+q}9S^lG&ZwI)ZlEa&sa#dquEk zF6fkN=0b8lTFXLM@uJ)}-LRf3DjaINWmCP1VBft*C?aQP+m(oW&v_K~x(&u=((75W z;nda8uC8q2C3n9Mr~i%6%=_31dV8s69aQ@wWWnw^fY-YZ>$0`S+jZAHwdSFO0$f&c zl78w7krGqa@mTl#2K%@CT6fumaizUpU&VDL&yTZoce!VMV$gf&xW$L*T)8)U=oZ># z_1jg6Dz}@>lz#S6({zb|;W9$fuMl+0Lvks|@}_$le`$5f$KpYU{4oEUXL0$PkSOvXe)RCZhvHrPwEK{AR`$o<*YP9CiJT;V zl>78+V4sB`0H3o5A{?UKDd&%!82yNJ?1E!PiU?~C10MztmJ){~nnsR_3rEhFg0h)N zO)ig?iNptgs$S_MONFA35M*I++-~--x1+1?LoG7YpEfubZ?HkggU%jgdfA;Gr)-c5 zKUeL6!M=9oYP8rppthN8c5**n2iPCFeE$}yw9)!zv1}wfYvrCDHYJ?oj-lh8oT41X zgyUP*7KZu)O20lc%Ad{wzfg!pMyGtix1o1wA zzao1UAMn(A#I(k9Cd_gOYDB;kn%?4uNa*jwGDnAi@!D(%u!>me+_YNGor`8|s&l2x zh;+nA^6B!Df)*)zOqFH~8W)$O`Yag7P!Ec$B_34~4$UlAF*3C&ZE$Pu6=Dj@eE@%O zm;eEVF|e~|nHK4$17@(s^lD2rvlP`tJ?RNUtkNVEu*9>-cyHy9tvJIE034!H_|nj% z@x$r4l2G_1_nU`qt17veuDz0SSpawrR4OgBY0wmM2)2V192_vD+yV1*b{&JO{8`41 zD>*ZF$IufX#7_mRnW!%h^#kVGPVNFNu%{$q^Z)* z-D!VL59wElz^ z1BTet)_OoS|imtt$xt?C6mS*8Q9lYfv+PD6C8A~lKTyT%ZOZJKo#uM27f%<+osD6Mj8 z<(=dQuytLPkKAv}q`;Qvb|1jT}| zyU!G8rkW}ge?}Q<3qH1)XQaQ}LwWt>PwCo`{ENpVodN3~@@GOu#?Z2fSBW6U_7lmZgu7Ww+NR`;JNC)GClmK(3sh1~s=hK9Bhz2ZdGF;d+xk=pL zI_%(t@NEe{2;wX=McnQMu49~UOIizNS2b%D1rFJvY@y?I& z=J1&)BNoR1;Fy1bpm5-+t%blhCk}~_6|!E*VCluASt(`QG%)}V93}RhgZYX8m0O6! zZ`oQLRJ&}$zzqoqrSMU}8aCP53zBO&FUnWEqUOHKqr9Z*y42QeRq)%W)NvyOC1-(v zy8xcM^LOHb`hxWKN;JC;dc2-o>D)O3p8upgI*w$XdK zsIQlWNEprji$q&*DBZs$fp2?np$@?eooVB>lO~KmQ4V6JyzAdxZNt>1QPnhEbz4&6 zlYX%wzG*g*HT<#i!VacpvSFv5a^Yc66VEuXr1McZ>4CMnifK5A0A-DPz*LV;`QG<8 z;f!{&4)Wgx`Ggn1tLS@^x+a>2u2IscNsJZ(9IZ~-`pKGMHWkkxA~ zzZy^*q2^2z==EfLB#?XI=^U!j{+!4oNk>JrlTmD=J~0Ep@NP^;16`GHhuk=>lEB5;{HV&=J&(AqP>MBY+Y z4s4mB^-R|ox!lZ-_Nhu4#&qUW-&;I>;KFmpwO0wZ1CDVyMB)4}ZZn%lD>!@~2c!oz zm}lq8oYn#$s^^S~)UG*?dGd;QrfE&>!-&ynPao|xxUIV1qJCi&mMi>a;UEwY*^F`S zf#rO#D`9FgU9DO`nAVqr^#W70`Cr6uP^G%>aiiJFVPylFXbhBzPkNPTLe_5!sQbD@ zBdAv_?v8p|;Garr9onXDUkG`BNU{z_B3wL0SD|P}l~HIinMu5C-!}nvoIcX?t~7Ej zXJHH=_!dOUz6iWc$`aekpAK0@bh;`gt^_rjHvj(UDXOReka9@1eTPT6>rUMmHs{XF z*me@*>X>gM#T#oA_`ih-?u1sHTMR=CSgz0Z=vp^^z|s1p7?V0|1;tv0j29uI&B!(k zAJ?kB8jl)c6;CIu_rOF)1Z!XBpqVtajejgj$O+DgL3tL`E$TN71Ek=gBOXN+i3c#G6rShiU$oBOLQaPfz(CNS1A zy>nw7{i}hMpZK)W4nq+}W>D}Spwf~uOGV5)babyL`LmGlnrIvplGq>MEh$ZlbCNyv z>X$y#&`q~Chtg549tm&YStbt|i#hVUuBD~p&Ul_zPc=PCu8j6=ZMuU{j-uu5^qX&~ zK>29*@dEUmSL1(Qyo>xCAKt!VbdyEmi#{Dy5&r)5Ty*@6@AoI+kS*VCb9lH~GxBV(veQbFi^;_j64id|}!iqO; zwX)Mg8wXs8Hu0m40cjBYn`!=nHvG@aH5M}qW3euU|23kgG8wPSYyXFHZL2izq5S9K z;O^UVI4;pQaVkCt-Jngsz8BRCsN66{YH+O|%C!{->c6Jx-8;PZqTKf2kbX7itO8!F zo^QM?2zCG>7~R7IuPEe~W8$aq%!R~YhswLEfkvoVs;Bv!j_< zS$;wWS?|y6;ds9h=kLbW7c=SV=w^JIja z=&`0&`~a@m7g^Y4iBEeU%~CSRA(!@ixQihYS0q8C^TwbAAwoRC2A>2Wn`s^t_h9Bh zV=4`(RSEWc#em6xefgevmBi1?a`F0PN!RFVv-pXCL9TWF`Y!cpD_lbrxdIHOq%&?( z4 z<>Yjd3L1N{MM z|GzX56HCm~=AnPKa9>_t-Zz1dWa!9tjxGy(b8x%gBqt=M4){S58;?m)66HmthaDYT z(z>#HG9djbDxGvtpRMTz%srV7f1K;bAF6CC*0*xWWK@q>UY^;s&Q6zn3s*VIS-0)U z{v zc~9mvp8f!OeI2udQkGsx(@Ox^%l#dXmD+|M!^i$+)Z9`P3ESM_0u*PD60<)x;Y1*< zE=RF9T>3ntiiwoqt!XyBVxb*rQOqup(phg55!d&Qr8#NR^T zusugGErVqwi&QmL6OSFEyGXLZ^5p6qV_5H$DCrhqB6>dOSEGeT7wvP}5txi-Tkb9J zSaXdGl*4b3ul&cX-mbWzx;Y(Fmbq~mV(8ugtYCYix?|tzV5$kZqv%rl6gG3ZIK0%X zaV-;#rB33?6sBKBzzd?(MCI=emCovtNh<4NJ9`wNg^>a~2}2fE_iiIsFro zSi*HjJ)V&vfM>)z@GJ({Uw`OORW1mE3tm7FmUU=?f9D-gvYVbUS?Fc6qWHwj!1#b+ zM|(wh)4T$4;Y1K&G6@H~7LBOSDIzkG1DMU-3n4W9Eyz-&n@LvP7N6HkPS^_3&ilR` zz&dCu6|X5JpU_>5KM^Zy#3Ct3B0Sm75gY3sW<^EEjoi}{#xW%*V#Xf~YgGv&7^7Pg z#ivw3DsM|eiDRPLZRAnGvCdXOrQ6)OKS%F7RGsP?r5Sp<$DmIR8NFg2+4J0Yw4_PU zIt+8@aqKSNB0Zv+o%yjU4vUIzp%Q6;M zB?MHti03667l>R3+Dxb;u{lOkr;v5^d18b+SnE_Z>O+S;_7bi{{C1{mP^EkqBVd|m zBlq7r!o0}3Ry}?-e+^*tew;JsWxjigL>of3T4&vd2%W%Vfr6p<>ZvoH2q@P2ZFcR; zYMZw+O4y3XG0x8+*XhqJ2au4aw}~!kRtL>;l&*HJfZ(|mYi07fM41`sEQ%7;^B)NG z>)FYaVP^ELm{_1C=3g0^p&rfMRyD3q_L$VjVoffG){ta}efI37Jm{7A0YJXr1z5gI z25TjrMw+OSFsru^>FAGfGI$Kx+d>}n<0=O=>@ltsiHR&`2U)(SrEkIyKIj@V}zw$Z`s!a zIJs!G18=-BB6rqxN4b)HvgFl&^rVlf@!BKsQ9Z)sSJHz(w>#TUPDHn9XxCo?8?fAy zLJNc^=gr-gR@w+$6A6E+qJaZWhL^g`UA}#m&y8BpOD|#eu$1zUm z{_78W)RQ>HmF3na79DCWIx=P1j7E$r zJ3#y$^(`3M3bcf*zX`Y^eR%xEb9m$WwO~V}E|JeB2%?L2*Bu&@KB<`vk_(}Cu2Kk4 zRgMAt(G?~M0==5LMKF1|sw@;?{ ztS-rxlc@Y@A}x6}HnBsJ-2F0+QjIMk?Zg_H6EZHbvC8hN10`M-l|-G6J@zzdQpJ-l zDI1yEmm-sAW95tOTm{vUGJqG|^p@aZ29e-$fg2`gz(PZ_t!P$e&A_|L1M>k+kk*{( zO$1xGVy)mFB@@_7GFCF9f67A+-TyYNJSqUli2!GRYhaCBdX`HBXG!$ZX3lI04qXrE$wzk0##JUaN1m*TRiPYWh1>aKb*}_-v#5AL=Ygzgg4f&++ z{lg5=DW*=GqUzMw7|3TbRMDFs0qf)zA2(-0!+Dh3U2PYym;}VexbZoZ<3;C!0i`*~ z)%QVv`hLBuGYW{lBS736LJ;!iOU{%j?kk8Aa80=IJbg9(JO(``C({0Lf-5IsEaeqm zeZ)bvJ%90hkzos-J8dO*mGDVzcgzKKfX;CfqZZ|>EZ~*q8j;7p^q7gwy3Ee{MHF071P~}b(>kJtK#ALm zyHlspgiG}w`Kb78>xF5J2GP>;dC_<5WLb+z)O!j%AvWj5hPJ^lj*@w)(chg@Zdnetr#;u#+JbgiX zt!^w1u#;)2kE=q02Au~#e|AhQ7_UC@XZ@!tK2!~lvbsW6-DxUE0S>F@UhDrzQ&32{ za}ODyIda3oA(!FK{^EuK!ZDX|DR0A|hss|~&U7}<5xw7R;AB;0E7?{;!=6>=xF9S= z89-py96F&1d$-Nl6l79Eg2LyW;st&V)k%z|@B&&l1m(wxk@-OX;-+8yjqo?j3G0fJ z_O%y@x(_8^Uq>j6-iNQZi+c_GRgUyo=osFO@1`?1FqlRF#x@l|$#y3XRclmQuqLO+{*vROw{h*qF>ntd(nM(c z<#TYSg%}>Ga48EA;!blejJ&$B66=DDGNoZ`qH&o!wc(SND6~j19Z%T(JrcWbmK)l| zVOM;McK69%;?5WJ9a=k;iFc?4_x>iI96=gdlf z|2bGGiT``*gl!x%VLkNSJjN>Cu^z=gxVYKdxo3wrc<1@~IQq6tEdE?wB4_1b=*4i{ zF!nEItSIXSfArDu3m_k}?0>OS6sIta^||muH12qW?0v{c@_8UWzeQVxKl4?_3DLcU z>CwHN z)#_TeRs3OOIl)-py}<7JMnzwS$d~KFtDRO#pyX}GG3plQm%s7yE)#-*!OJ@0L0cOADZazxFF<6`*&Jyr9N9KPTla+q>AFq z9c_+WE@kMvvbgtrnc-&~y4qXjQMm^@*dT0=4($ZZ^{Q0ggCF3Hec?dR^|7bK| z@sn z@5{{9)PqZtbt&iudayzBHir?!cXf*Q-qmHg33^qE=- zi-uJhp$I_;r;pqF;rQ_Jco;Gy_gl`>0YK~`(TkB?BbUeH%&X(s@BCwkB=YUd%!UW2 zf)&B^^ILw<>>)rZtcd5BK2D1j&nK3R zwyo*O&@I|hlnV?6&33^Ew_E%GSrRwB(+`8!ZtN!8EiUQFBBIzokK4Bq{tgUC1*@Mu z@GD=}r+hl$sk8LM!-;zCUHP{IWB(6h?-V3Tw1sJwZJ)Aj+qP}nwry9PI%V6oZQHh8 zQ{6E=F+F`F=H^QxB45_d+_Cri*ZMyipB>2}vdfUcVLW$DHctI7E1f?MR@WVukzsth znzM@B^NGrN;!3NtwvVtg7#9pE0geYPI;kg0*}M*`f$<|@;P$P7+2FEz73@d`NOGXO ze9l_HsvUqW6}G2?l|?t*6y-8?Gvi@RK5EWd*$if0)G_MwFCt4UFO9qHw!Rm2U4JN9 zg_LYEKX^cqtleI`2I@0dAqt*~tyVU4L|xlW!HGZ8rV)#r2F2un&nyy16*Y8%7UW{y zqZe^b=cp+@#oIq#w+=yG{^`gQ?+?<56PdEj!2Xp`!=rkusmbR3IoscmJN1OUlK@8k zafzA0f0MJ|{_Gj%tGKg3z?FEaowq?+_|D(|E~!4RxG`bam|D1EP62XF=wnaug_3@y ztwYMjXohG)LXz+AX#lT93>XHO2`68IH_XJ)m&1N;JvNV{j}`#}yr6ncC(4B+ga8B? zvM+lU^{r<8P5G!+R8mK*1{HySM^1GXP20GZe=dzEfgVfos0}L%vw$HHRMN8_ZOe}J zEjHDt$GZkMX`2J&V|&eJdhJ}5bAQjWkU>F8E4qD5iLTQ zqtXs!V1_H@So*oVd`~+jZ*_~+aHVuN32vS;_*5f~1m=da{wtM|r19Q5@g4LwL!om< zfykKVCapl=Cv|M1fF7L^2d9Gg=ic93Dm_s^&WRMWwls=!@uW^(Rv7Pl8zQ)u8g~{H zu3Zf`!AOA!=f$`@#G<9dd^k^di`-bJKJddCQQ3pzvW|~LTF}+!1jNE$bWDi?P*p?b zU^pBL*X#FALjO@!^Ej2~umnOM%2Q-fmo2WCUcZqR$`5~zPBW+*q1bE4*p;9I*uc-z z_)lHF4$M9+Sg&}`$b?jr{8k2ihtUy4i$H=Jmz9)ld8n4B{UX$}askw#c0Fxvn5JVR zGgM9eM*xVmkGYSD^(k-CVh?qOx%G=0g@3zI2uOed&YI>a{5kB$av^Hj! ztH8`iZrHE#>1ffBtB{GM#cFq5wuPDbQOB?3-fL0|0NfGvdY&B=O8}f3t5CBZdZ-i1 zg6?|2P+P$Rwy|Jz`PgA2zz}JA$l|h5(JVzehvik?uBnyO=Mm(vk1%}lOn+Hotr1A% zl5wymUXR|mn>;BrrI^L%vlX^Rq!uGwE;?sFRhRxj2KMFR3xk@9_ek0tWT>a90n9;; zY@y^3+b=rxk5!BSkV6vTsY?oge+CKQQ8~03LKQXC;zD6Iom6AJZI`6#jQ%jM1O%h} zVqogI3Qu?q*JoR_CAG0HUpkqgU7y4#{uJ19Up}{s{EtI+DB}1yKendO;9E}4LKZB$ zu9Oe!Z+Ce+p}m(F({;R$Jd2%(DVTVg*-EF2Xv2#>G^UiV=`j1hgRF{58v0$TqGJOl zZ3g}^8>re(>x{KjBQ#rM*TogHydlnKa5R3Ie6^rvBbR^eT73htGDr-Xm|w@2dBTa0 z6?>6)!ZNO?=FL?2)XxHjW{i*Mn3L|D+JC}SwQ?qBv8FL}_*l(cL$zkZ5&;kni1oQ5 zIix(mFnFvup2q1B3>c}ZbyDXO?SdU4n5!HJ09`LfJ+=|u-@ec9nM1-Qly0jW)IQg1 zSQ@tIgLl&g0s0+zve(lqHxVV&r=AhrDqCentll>6_WbY+ff|PemY~>S%U4-c+j&fH z+d#QMvT3>_PW3;VAFBX_8*PTSg?)mb^Evz*eS#_cOBo0dBrpLD1tu`lJ2o*}2q+*% zZH8eG=EW>wNK4Hi9#d)RC5-!h50-eXv@W1s2BM>?!dj9 zpfwQqV*#Pzko5(|m(g#FbSQ!4XVLz!52D37+g3XWx{`CrOM-Z57VXNXHML0F*vu6u zD7^LQveeHmRWEEYaP7f9;Z=Izvn+u>ONSU=D@Z^?{Rtrq51P|=5wZ_%dL)%&{paGc zp!j0|&ubMh%6bW14ad^sxf0U1}vivU_hq+hJ(7dyWy?K!egG^th5feQr8HdeRYfw^nR}USRu)NV4JF z;Gv~-y@zB+_Q4>8#SG5iBl6A(Aq$2`PpKL&SKyC=L=Fhy_a<{0HFLXNDU?G5DELT* zv4StI{lsV9HMxGhi0TaaBOQwF{zC$hO?Q*1kDI>SU6yCe&FsDAVdL&UPRpE!WOw(f z21KEhSI`~rb9Z{=Rzo}O=h+6pc9P2A_`5Uz8hnW<#`Lb5YQn9Z4 ziPW2_2~J~5*3$s}sfVIJUI-P#iO@m{ayiDyTvx7?C{no86!j+>ISkB7QUk+~^4tvC z1-af;O2*S>HstynWN_p;nKNVB^I8-&L|63noj^_*e7`q?u)|3@o)oA42K8c%> zcs9r&2i?CU)pY8}+r1L*Bwz%s5O9!!4@YA*@TzjFGGhK}iColNBSO(%oNee9Ef**Z zP9Kwl_hq@$*_2*Vc5-qXSDLOIbUKe8sOJmjgc0owU}>&Ve8PTq5@8R+EZo_GeI$at zH@sesj9k>A0p~ud9-b~9 z0u39+@;AF7lQtyiQrT%AKdzaP%{^YKqA{Bxl*nB!ZmI6AjTEIV{Hhrz2$T^+V)MYhT~p{v!(X;(Hw zu*K9qG_XxG@iA_1nIykiwzqV?z{G$}cSRDSi|DEi(NjnQAI|=5d$yO^e@|0VjGoya^7I&XJ|e;B$a887O+1katU^z- zyJ_cpxyl$nu=dC1g0%-~2QPQnhx~?WcJa0ZWM}t7tmC#kzPIvQt(kge=f-vnv_seP?C?aTcTcD@US&-zkljpiwr36qgOaAq`$S{WhuRcP#N@wRhZqM549vzV%D{x z0(0cT=f=iLoUU}xkIpWG19KTkD6XtoBKjdFS-H=+BnuBbE0{d1p@|_cOg3?KVd0Z> z^>8~}*xPoT_RujA!=^W%4y~E_w{JV9A()Cw=syWeTXYx=fk8xd!BTjHXpiTKp>= zee{=Nw^`(nu1@l=gbfBZM(6tBmuSb>nDH>1wtdbt;;gcN(kM5TEE%XxsAjEIGv*`1 z3qgAUs;}`sh<59-*3Cfsih4o+gJ{Pq$zw3ugxeZ=u;=8fhc~mKHBTl5qclU;E$w^o=Ai0<~95S2*P2+m0lF?iyM)K+*$fjjRYgTH)|81f~- zR)BhWf6n#y0`B&QKth1**Odfm#0z-&C}T-M1uLiv-Zm;Dypv} zHZ%zAHYIm_F_!^Pvs_XdDgy!sc9Mo_D}Rg(ag*0mD*@_1t-jw3?sL{7|AhG~Y`T(G zz^C})eGh`+T4@Eg6gPbd+=Wm;CAkzi@a44o#Kl{wl|OmfaKw*@vql5E2iF3U^P#}@ zioLGH{nVTJlH*HtQaWCl=sZO=H$mb_J3aK67c{+Diz_|;VQ{g@Tz)L16l+n< z^i?ryX6$Aku;6q{qN@03G0utrWfy!Ar@O86LJqs=Grm&o8Ps zvqSU2JVaoTYGbfLL3JL9QZ=HPY@1aVOoiCrCBtAcjmC5ZqgXcD@^@i8qYLX)OC#Iw zhnvpBURO$qpQrE1UaZOzd$R5&$&2R6ki;M{*?_`8aT!M#q;bjBt?uB2mP!}?WJC2UfZcl)t$dU!Zb%j8Js zEB0*_rrRR!-SrY`rjqrIQj7CEYMgqa@>v&Q8a+sr`@6XHLXrBQbznaX+FH4Ak1;hP~xu z@{-BU%bB2#aa?npQvFB}DiWEO$u^YH{#EE+Mis8VbzmHv4!A~;kr5&?YxJlzy&n=x z!$c@Ot!q5Mq?gjj(JD!0xs{yglOedR01<+89Aal({+a`k0@{%91b|d?^er4T|888A z>IH_Bgpsk|8xmPRn5dK^5hmy1*ZiX}K0?G}Q}; zy!go^)hw^80KeA&K`cKtY3NUCFT@NZU?H$+8c1PMh7x&_VR^FnGC<&^u_Abzv`9f^ zXCK~X)VP*Xchh(Wg7Klgua>Cp8wMy3>1}diWkRx9+K_&{Q9g3C_*<|>( zxVm$Y#3;0rAqaz!0KB9E^=ZKn`9uSNgtQ1PrRFubdEamZ2?O-sdQsw`X8fVhdb)}L zd+bhq(hBza)yQ7o=K2%$G>-A?Am+(7?~7dx-Q`|Vr)fq!tQ2XaN&ke(q$PGEW$PJL z52H%Qm%PRy!Ojj#E|Y!#a3QcLIeFXIdaihz$7tm|W6`CRH=rWEL5XkMB_49_&1gZt@x<5+m5rpO7IXy1 z1Eh${QAUf-X4Ce)VSayC_@0-swcJpj<)QXfrk1g1O%~E-7y@(qdo|}vO ziJT`mfELe5*W9MOl=HVjw6C(}I11}6tVC?;P|HT>RdjNR2oppRr`Kqv5)u(PKx;#K zYj$vZ&VCtC_PBltY0a8-J>e!a6gOYPF_Fu2KXeyPZj&UqHkSn88r7M@LQsF54x=F! zXRs65h6_RyXn}LmJb)g*qlf)n89jU-O~TPdhLft?G2x{d(gkJTSF_R{#a1w4@$AdL1T71uY4! zVe^hn%8q}l3^r0y;mj#YB^ziC#ByAS_~yhDIk;?M6b=Z5r669j9zFdkE++(L1d2tE zzO(|-{x!OAS3%M4Hr1&~6vYj?GdA<@tc!qC;HpEvj?w6B@&W2IJM6qF__(vqty*j} z?-f7JnzY>)F*WCEs8zi56+zS9n6jFsLqc=14E!Vgynb{gFSQoNuvUxB%dRdnndKsS z53g~bma8!ohs0a{(9lrN@1o1y-CpVI`yu+>({8nK_6e`D#5(0(E#~r}%hmwDr1N2+ zJ+%#=5Kx~QW%mxHw5%0_B%SBJEZXiHWTh<9UwY}P);`eD*H~q?uIRUigwx6jv2BID z-FtEQz`hKKoMFbL-yZ98T)e9U_>eH0v~*?E$KMOqe1-Z*u9b22N~k28;9bilHLV*d zebeGIw?X91P@_Hjmlt{zKUlC0Q>lM=L@{mjkGe3N6t8m`n6}@eDKx#Kc1ly$jru{n zxI{?!a(`FW=C%v*ODKLlkx zUvC4kIh0uP%)pzZH%0f+3{UZSgp{w;hlhAXH~8@IJgav2I7SXaMiXA&iVnMLQi^Q2 zG;llb&4j!I#6O&cDwog~$~Ye~OSnr7ofra7)M7G#8slTo@jN9wKYx{JnmSB8NRkks z>hPp9sq@rQrsr>piq8-wg;o9KMmdr?sf0lf293nmN6?dxLtg8wrVw=S0_>BHW^jUW zRq3&>aV)~zX7{!cy?mezGx~Tb9VkXWSoCB+2ni&4U2GdY+QqnU|ssi5N+g+vh-KL?f9C5Q$JK^A2wOrq7y^ zR#pKL6vn`m6Ym$G%&KJ9uA$R>qbd)%5?zE4pvgE0CqF=omZzHIl7IZ2W*%NG?AWs^ zJiyi7OtiP?72msdVhgb(c(DsX z+&io(U%^h%={stf9(z(67cHfBwUojD_Pr!qfk6;^Ke9 ztd#GN9i&IN{6f`QN7DF=K0rdqa#r>iacU<-07moRPeksCL*79ZM^U@-ay4b|1P+63 zdp^9ErLaGh)Clwgrs_L~YEs(8TAlMEg@rwk!U&5%omYK~gcSNq`|OY@ri!6C<8b<5 z?G!H4I{Id0F2oa}4Ur6ly758N_H_6+{4qOd^oCi}cCU%3gC~sisijw;4a#@93eH)h zXtf{N1OHR}3*|@uPfR^G*16u3Wzi-w^H$67 zIOD$Lz1cpV%@>ny{ctK+HsVr$g$O9Wf{R%wbT`ef3J+2Jwf$9+!jC z+hkX-?`fW2C%*O1n}8nA>c0E|kXkr1D*8`=6u35Ze$qemm)2pjd&ckGkb=ME0-b?U zDGSEh(Fc8j(l3GOHM>yQKWBt=Q&HpIn3GcA5CQzFiD2$qe?2es(*`Pv`6F+)BA z_R$d#;#aB@CIKBJ4&e94Mu#(fs?lnap%7hp!bJ^*aLA8`DYIA2#C>lm4^_#!zXDk&P9M=oA~+3 z%ggJHuO`Ra8dg9}2Hy)FX%B=U$W4H|jX=M9(hHyyPj&cW>!pN$3bj8*xC)eHRU#0CJ!8{n7rk@VGofbvZB z$Jh?u%>}scGnZb>A9xWIXjW3|9RMHWl?>r_^yt16vFo1C_VDx_W?}hM|lAO=*{Wz>(MAU1q~h0{`?O8S*PpCOgsj55xU+% z{^2Svg?Ir4frtQf2Nm%rZ-{9y0fo2EqoADp4@3Ggd zN5t(gswkrd@Zu>N*0=wpGrD{uHrjP;q2=T>$pR4Fd2*p}%KXjrPb5rY5iXDU`=f&~ z-tAFuERSeqVZfz}PJ;!n^~<>O5Hr#CdH09B(zEv8MA?4lpD2R-q3RuXp+hVduWj^| z!rCVHigf8MYg3vtw=|G4-X&uyAK)+O!>vag2RY_0A-32XF~U)m!uPY}5QhpGbSUxa z2g$CN`WukdvaOUI;1^|TCsX_jXSsjNaxaw`t(zTs%nEJ?SLjw1MZD9~a@gW2c(P@0 znT9Mne?Ya`PpIhcb>UcphnQJ?NvK7-%YyD!d*f;k9^5}eZ|6it3e~S<$0R0;8q0gi8sxjOaw)iLd@dEjF`5F>Ws+p@jtkx(*E=gBGp;LKju0?z!t4_~73*xT@Cf*!GF3&0LH>bv>B`M_Xj#y@Y zsPy|vrU6>u{2bPADa6v(91^m21*bH%otYaY)lP${m!GWhU9;Sk{P0(__fmpGmk3Pl zMbG1m&%;*JsZWS#;%aW8<&a-jA*k9d@jn(dc=mN(zWZrDm-lsG=3fm^l=@DI{~Sg| z%++g8$O+BApI*IwJWbB$wJJ#k;<%)F(%tj3&{W}eCN9ELOnYc4r>Un}8)JkKU0e6^ zyulyuD2rMy(#w7{HwUL{l}ripV|bG+ZyQd_)kx(E9| zR~gD0eqxsqLmrW(0HbHlWt@M%7fRR|00CK%p&vMvIdzgK`h}TYTZ!|Xk5?FKIP4Pw z-ly^0rDjdpQCKx*Xxsm>JnlK7UZ9N6{EV-On9a`0{xBw5+VLeh3@fUYk<3T3z$!nU zicM1D@ir4SIW<}~6+P^&KTzP!oeqv?=FcHO8l zKLvJ58b^CdyRw4wM(!ZtN-INn_`0R_kK@T%>V)z$APnP_Lj3MQLj7(Jq_uAs3v!XKY5=yOX9*xe>e1$jfP~HKc zvsva8O{z-_kiNc!Rqa{6qj*_0ey4x9F>VhhZy|+n*zXoHm@aQ+tEl2ile)j($B?%# zgXrQw(f0_c?T4nb^-k%5vBYRUiS6}ZwSLsK-=Ny8F7rzIy5yqeFywuS;H}w?w%K*w zx<4YBdA26JXVMKW4$MX&NLZJ_@a{I7nZ`w`={vVeFRPMyXW^;qq1JwRVsibT923Y^ zUGUPPBWg?p1!h-IDofh@>bd~}tZ=Uerew3L61OZlzyOsGSHU}Kp|uu~45IH1Fdq$= z*pI_e7GqM3$O&PbJ+R~YCoT#Q~HfaY6P;%jN!UG z`(=U4?sPReYr02qk9&R^XQ$n5en+7}3wXHevhmtPxiJB%Q>T{WJoXWCAadV>;yP-_ zE=vh|b%9=Kz5<@ZyESX37isDt?~=e0Q`flN0vM8avj;_GMUbO)9l>w5OQo21&Ap<< zAo6TYBb|#*0e%q@ZX6>Wo}_*{8>8*+G!gBklKbV33y!)c9^Y#;=>p{sbIOe4cVyAd zB|nUZZ-d5-k0Vci_k8;)$JcNHQ)QL+aq7$Q;XLaRjg0#)fEA4kKFv^E^=3Z?EyHrK z0vqIsIi8%R6zBo?j!Rio5!%}Ozo>wg{j5hU7855yQ4EIhA;MQo)P{dB9bJ$cRtl^% zpvp5H1Mi+{@4^;$?1v#NqtXbVjH?k(g~bZD7}dqpq;Iux45^k0W$wr3W>);Dra;Sd z_EUimyQJX&pgfL>ebxVr?T-YD-kQ|iFuJh@AVu58`jZeEpmnHa{V=b$9w?g4+?WdR zRufKLn}4$`_!B#!-0%{TRdy9M*y*lX#^;SjdtP?hSaW`&h1mlPA;rv|tlXh9@B;%| zjW*tfKh4VCUbJN|^3ys1+%U7G)C(O;$nR*gB1Jp7wp0f{9A05PS*A5MIqs_jQ6QF# z^Sz$_Qnns`{}xMW$=I;v99r0l_NYP6YA0=hM45$W`(n^|nCllu9mzj#N&2NSmx3M# zx6oiel|z%*mblgp|M6qpucR@hYG}T{+J$yTY&*15xQ^4UQ^a#2wL^*wu+>NydSbmN z!KC&Sk0Q8em$f~?U(;HONQN8wnP0j>VbOb>7fEls(+t`lW3uy9Kl}Wn14dfTpi~HL zM3&ucta=)oca-(Jq*$Q84zbN-bdxKqQq64HWNpA#GH<2TMttMWZ&a2b=XJ}k`j|cC z_6br%6MdMbF4_mFVy!5OjXj%i`wl&?nqbwv<7ys21{GSpfhB%uktlwE0`i2TPEV$Z zgXE%Px{x_xmKzlIBD3VLkJ$-jk|eanXgPc@?5hcqs;vQlxT=JzoF}D z1pp`uKmG8y^EOsp-nhy8QaHYq+;fcSu>cJv8^LE?zmRQWUwg=;3LXauWQE%b4iH%A zRoo{aDw*R#FLS4^Sb$+W!FXwbiyY*W?YIGqa3mrI_?l$fn2c0~+MX^#%rRUfBA#O4 zW!%`i?bc=5blaOsY>*`2)Uc3}X6BktnX~hlZV5h;0N%ICRwZsSVa^K7ymB$y(q046 z-^(Uy2315PVX)4v8HoM*Bs%n0u?kS{FPb@_>lVaF0q4fiI|qo>y7EHJLf}lSeYIJT zsCLUdrxpAds|r0Vm-i|;E+g{aUtCO$=Aw(V2{GpL0b)$p<)I{eLa;OLP*+Za2%UZh z$1O3Rr8$i1BI8}${o_OnHvKaR2_~Lr#4jBt=dZ|#b^lWks#&FM^1Ijb@g>h$Mvviu z5ICx~=%uD&NKi=NBh8`DR?)f=YczEUQk)3JdKlsimkTr5{r-zt@yCs6CMTk~5!whO zfv6{*bnb>~*#>&?(C}=x$2VMoOh{^TX|)4WbAm73{=6tB2if!l28&0<;*EEk58s>yN3by2yL0=ljYE%xUGW#G- zzuKdt>C7bUZFLMvEXQ+^+A+0@zzl*mz3Zl7bX|I~z^_;wg%FS~s)?akqU&L7qIOwj zf0wu^oR;&twx61c59FAQ4Qt_y|1a%rlFg@Ps3m&`B6nN)W5VCW~HAqmAIfzrHxL4 z6g*B*>ghv0!cno?*mRYFTNXSVa{F(FpCYdr0LjEmYeeQ79q zQXO~7B7jw%TiFe*$ytBbi!a)3OQ~ zln29kuG-95K5D}EN1Vo`>>W!G@h`B^0UJjpo!P@*a58DGr(P#JYx0ip*&9J#M*UEC z2~=F~@aV{FP9kZh_d#s>`ghq!4Q#9j@R}@(6BiSaFK~|;_-1TVtwW!1%)bi^Zt53R zvtTbA+#~4B9Czx~pF^dX4MA|46`}T@%=4=p%}#LO<7X@7PO)2>ya4b$BgpBGQ6oM3 zBgNu%pdF`9Aa%pjgJ~<22uEIx*Bi0UP2LwOM6;9t3hfL&($aoJK z7Y-xIVevvOr<}Tp)NWEj_NFkbX&oe*c4h(fZCFR& z*Hi9OS0yUt_5m-;-4lzdUYpv{WZW56l8+Mj@ij*jM%D zlfX;oYtyTLBdPzwJ1IJ>;K*oai3aLK?G8+KitWeH|HTD%Un-D_Sm?VHtD9n4+?^j1 zj875!oQ6CAy~{MyWv|a=_ox=&Ao)&uxx%qu4C*B<`p(Fk)?pQ8X`Yw0k~@QVzN+Y2 zuQ#7vi*f6%7@JzJ%L}m{fM14a8?h`S{2QKfkRNbm>7KO`ouA_c0G7e8>Tf{as1~;? zjtm@1N)SzY_Yr7L(L9!3y>1}(6ACfvfSsy4Is;~Hid&PUgK&+es8#wT1V%p+r-SL< z?uhz{0jVmiVbV7L(muFa^o|Ie0Y_NpM4NN0o0FWdPg1TBivT1J~b$H6GQA^g!6nl@kNsF64el-cOrL zfyzCV+auZf@k%d9pcU)-7++k2uatMtP*XRd8vlo0adM%VH zcNtNi!CJjn+Ad0rq%ig53f-bhv*Lnt{S^F-Smbn=9mbW?9_WMk{a-RS#;~ zzb&FR(K;O*kPk)2WRGLQ^{J_#mzI%CNAp07omf56GjvBSj_8@oCVlfkb&dm>vl`6B z|GVf~_3GOJu{kKu#U)Qm!u-%&AzF2F>uGrMj^bM;&9~B>vHP$-up8v0#fnV29A*9- zaG-QTl;^aNXpD9-pqok%ba|5}rCo8G%B?q_p&`3Z*pIC>MKs5j#aD_-(p+3CK!=EZ z5CLWMwc_(Zx4GNGr0E z3=2)+S*8JXo&y~q{^Q~IbU?D66m z9Pfx$ohP~(p1&I|?{}fP%FxfN1WAH-{%=?Q9e>(w-!#ETmcA4c+Fif;J97xdH6cHD zQXxfhnf6AlPFx|9qoYhSgC4ES5Ey!1Fr0NSD%OF{oSGX$g|zdfSf|;X?_|vMaR>_e zC9V#(x7zIjP3`))^~#C-(q2X*Gt|O7cO;kX+WD4V`DUCic8d04j_b8@tla~B&gUEs zE|SzBx+!{iEWh&2sdYG>3OU+Dr}fA@6-?rQ5**=?x6r4MZyOvQ8J+&;wQ%sq^2aH6 z>ZS^RoL~sK0DA)1)Wgn_sE=bOb z)AVK@OBe>(O3HNz3o9(F!q;*S^VO}VE7q3f)}j06b`o|?*Fg=1OqbuU9n+;Y9qvse z@|m0=(E_2&L{0freKiq&D@z1;5@QWc(!#3JgSw`y_G|-cp<#lR=L*3TpzI`VF&n3W z^)$r9M5Sglny(hMPLM#u0DFhgK$!O%ir)QX;}EYLpK7*X-EhPit6P)u5ow3nZzEd5 zB>7SHKFg4QLOlA^2VIvkvcwy-;3nG+Gg~h7v$Ms=@Pajp0m+$JNLj+SsTl`E=*3;g z-#%Qc(0wI9yT`Z*E^woca#!P)qg4~}iL%y8v&Ihi)R9p5O2=Dm)G$`ilare_ib4?K zBJoQ3W$NpYispRq7d*}IQV1EYX1hgN+74t(NeZ^gM2qw()AAA4H4?&jXio&=eqNTzk-Uhr3BN&FNV%Zg+=r z3C{MnG{mJdH$&4H_=dljI!-lqH&Az|m44W0|5Q@1_)P5zxg@V>EcX9ZTI1wvpHS0r zbNR?p;7byQU%rxaj7Ae%xgG_lmM4`DT*aR|g!!y#Z{2l%(HAq{N6xJ0rf(}b zckq{*OJ-b@>@rd9#=S$Ql2Ogr2>F5(2YWu871ShPqRCe?Go0R@-%A0~R`nb+`5qrN zd%uq7ZN%DG7R^ivurEyUuPjakH!@zGp?=WA`xWCJD08b43}hHv`{4MS`Cpd~#u};o z13=ds6KT^qt+6FEc22P@ciF(QjZ}~bBJR)^BTWFpxkzpABC7P=C|5uWWrZ$dTFEP; z`FZ;F+n})?5#_SBg zU1Df&^f~*8Ft{Ai+UOm+_cpTG--#pWU;)>J46$h71=E`{YX zuX8S4c@V67G{RIHn(AbEs4VwkE(yC$>+;vaw~*4SIYoT=5jWa&>?xM`-Ifzj*H>Iv z*@F;sp+tl(lOodQnHW?1!RA7p`{=M4lNbQ|TT+=j_L5dz6kiGik4>|x3(5{!_fuDO zz9Gs4M9=h8H=kMb1PORU3%avC|wRY*1Q}~d*rG^LT*(Spgt1s$z!GYfC3l>Ixk=!8mw|DQ%(PYWh07RuG3SwHgm!bw zi{o#ZWAZXc;8S>deiNe82C_0rtYf+A5B}lvEDtZN)JOZ{fcKHXY5>lTL_O2g*S;A~ z#LQneH>iH~DD*1~-Y81lgH2X>T|f@KINQl+=)&i7y_skN_)qwEasz9>xorX4UWagx zJJLVVgEy%%7n)!XO7xF*K8T6fp&zQL2C!kq^4&^`)WcANTZ)BPRkT$MR@_uVW`;{D zaMexXz4&9!G4hYL5&DoGo9jn@e}0M&cVlZpzt$tC7Nn^dqYja!@Jt={V=SSIP*C-~ zA_(0T7PQEGrm!}5A#FCAG6w;?q--H7M6)a z&Itq@w-1L0J|dg%&Zlzb10*stGXGG9ZM|)`uIbP%clsV)S*#?iE)~C3JAi^VkHR5 zZt^5XKdj~2oBMdAR9VFSdHN@fBm&kApQ3};Zm4GM`0@k2US;;5O7>X)16BTisB3Kh zo4UsS|43^8o4UsF`||%h{{I^$v57&jL-T}^!2rhu+QCfy2~5ND zI+7EUlaUIsMA}J&1vLdEIhFY>l7BE>wtsGXcQkieOskkqwm#NAwm!CIoTm4VX9J){ z2j-R`P?@2K@IgYwfg>~JjTiuc5CMho`wKTW-^HVm_iHkeHvsmIV}%O}f6)2oU;zj8 zZ6xVo&`Kgi0nc$|{o^6ih~TF;8D1n zTryywTL=iy(b3UQuHi(xHgrsY19iq@c=5yU#o9jz_Xg;}0&CKn4dzVu7H;}?^UQz6 z;Y2nMx%X`%04(nYHwxr#)*<4Ov-iXH+QRWKT?4PvLM-Cle(?by+`d=?5Y*20EPTa$ zr$9u!JywYH=~>j4R7M9<<^TJKNFL2~R`Z@5ZwrBSS@!|) zol!{ybro{|(NQaszuVlC>F?DF!OKse!-HTc=|`ZBeCB8E3IT%;mVktgjtY)Y4bZ4S$pXjd{z$J87Iz=z%ltsi9rgy`QWqW>fQwP}zI0dQ~}0CD@V6YEzk9uf?| zJ`V=0PIMVhKL2Apl8M;tx4gR7LC^)L1d-|`2ynP^v*UKG?%6j-PL}i2>o=n&zdb50 z1nzkuH}dmLL7v+M$Y(&n&o8Nrf`EjY0zzCE?CTJN6ywT}QO_>rn&I3WsE5^b^M5cM0!HF$EbRc$&MF(1S~}N)B<@B^zw*-yf?ltp$i+w*Jt^0p|5%*H$4N z_X~*_?x?ihb^5)1M=#|-2fIRyP&3k*nQvZ&;`7#uK-A9r^$q5KFGcVp#a|k)Jz3H2 ze_c#Ms0+6zhIYwcs>v@QxxJj;t0v$aaAHlHu~NjNH1pmvOD9B4Od{<(nbz#z2?g`D zj0-Hk-r`(eV3EskdjF7f<{yij^l_)oSnRYR8BO*zMgL)DEr=~}VUl^7Rr8{MKahlB zyjIU+Nj+OM8)Bw4viJ4Huc%>@ImFj1DADY^C%{4Os^Juy-YE1X4IQL@0&~O01+60* znokbKk`9@M_dvU?Bu1MiyZ_Kc`ViqhziLDg8f^p))Ai^yCe2-<`oLBi#_bEg4qOh# ze=Fnk=y!LRF(Rgx(Ci^=rTim*6JgI3L3Pa19^hR%6w*lBe>ef<@Lo}t95N9tm-s+c z)-xP9;q$;0YL|P&EU5p3DCATfwsDi0Zs_L2?sU z!_2CF_ln@iie13FCA^}90Lb4KX!>y z&~sKPea$-A)IaB4p0_yyoY?Qhqq<=CMsZzXeI9a}>$9&

tOH`cgWT6jgQ%p7Fkr zcVq7|-n()#1@hLF`=(}gNGas0)2j-yoQ!P-IGeoZCy9@BzdV(Q0l zCSC4wG5JPwT($%QYo+97M)eQrvGu04lDo(zp;d}e%tA<9WuPg>&he4`$7{U5OSf7| z%!_+pJjrToirPVvdQgw63Aof`bw-aMo%uQ*pd1Mft4+hZueIakDYv~VxpSPbTM;>I zej&kY0?`)vlXwrrj%;S1ba2%#-NhMm=G7Q?a(srg)YdxzIis>-2{j6BZmiCw<4b>9 zUX9N7(E~<3kY+~DaQ`l?%MNQ(09ao1gUEgcbgcp!k2&I$mxh>!%{sgyS-hYu^+Y=E zrG#=O4gHxjhIS6kgLA8w=t~W+0qD=x8*W$1A5V>j?ahM>n)YAI=DF>kdG3bveT&l* zpKn?COa;N1W--b~K9l)E@Gc6OaPE=WoWF!QJBa=-n~fnoUEksQO!Aiy$R6S=gZ#>K zN$9@qZ!*AqKMhi*glmxsrz$`1ii>LrjDfeh`W;Va=JXw62<*axploxk+FVu~TsmA% zBq1pyy(-8+kd^n|%IGTHIW>g6KTw?v&qfOD^%>=!POH1IDLsXbEo(~Sb-q@mHrb!* z$+FKTTo?X@rgf-)jEYiZ669&aD+)GeSq~8-dURqen7+DeFg{uq&znst5u-d9k@%{* zx&qnwXg+aa8OSd-jcN$@-M75ju~lz*ft^>k#J?${j#m-%8;}x!?(wYXG%1)Xa-EAU z>X8d9pKv98qa{sE8*aic?>35gfhoz}Sl5erh2kVq_{;71U{vNG(kA?Z-EfaiTU$`m^I;8RL zN*9fg5q#+1kINN@7mz==W9s&&z{a*EzX5RUyxM}weMI=lVwwkup%ykW)XVUU;c!j#cUDHO$ym-V~OT0P_9*@E9~EWY-I~I;4m(|>siXY>ezNBH=2^( z55J5ucpk@z`m935Pn*Ki$18CA`*k#~C>~tK0`gHJs>(Rll;@PLE+Hes>Z$wnuiLi7 zA~vC_E5}un)LmAIz|{g(W%7{<*)C>oR;Z%kLU(P|R7)Q1QqNf-C3tehYEv;4%m#h38Hr7lH5nx<>0B|{b=-IlVZ`H!t&m2XpHY6ix~}Fmp~S(D<=+Pt(-6eR!4{KO zuzL!xzSAnw$=fA|j*&W+qh z#%LwZ)f7R)iLK4x;Es%INF?mk%#$f7RM}&;ram(I^>d#D8>Ze+Qs8H_>Jg>1ojrD)3!sojO^WBor4f2aZ zkty!&of05usDudryFumcHtE7g;5nPmD~pts4z&r97}lR{LXK~(ageAI@6DC}8>w8) z#0^Fkz?1E?u~eqbfSKsE)PsMOgi`Vqrgg*e?u}tasKMW#d6@fWo)dkf-^+S%2OJOX zxEWb%wP(19fY4{K*4|sIb60V2uw0g8LRx~gPx#zj5Od9(hLX{6NMRwS&$o8_!=kpC z^2pu9emD0}I*;5`gs$YH{AK+a@k`!r?ATpA(K~__e2H6NXqq|Q7v}oH@Z!wET=XQP zhIoQtVurPg)J}cw=%-PQ?eYM%`arbIv5lzZw&a|@-ivj-nOB?zfD z5XVZ8=HLV;GOyE3?6SS%fRB&m-P&T|2TOZ&HQS*L6aGL9y-V;_fTJ)?Yob%!(XLa9 zi_vh2(NWLT(`s9>vI?u-cKVBiX*SuuX;`3<`YO?D|KUx0zDY3lB=G!QBlP#coS@|4 zdd){zCwR>W{AzPax)%bT0cW`TmJdx?AI8Gej0aPZ%UDg>=~i>8;&-lqh=0xEPHd&k!kWX$np3vn6r*RR z!4YjUTTIA4=U}mVXvM44WNhZ;^=`k;Xz~ROt>M7esmvErHye>qpSdB&T`?okX30Z0 zUWGGI^z2eL;gV59vA(!~T<&v$1a~2=*~(PG&6zaM-m%g~6P?0{Df#O#ZjQR*EmmfD znG_RXZ4C}&fZPI6)01Z!oM5W(e*Ux-O&P57u*r$}`86{Y4X5479?Otqt0N@45o^Y6>JM6{ z3>kPy0yx|NTsnlUZq(hD4^)RTDN0R@c7OH})@q{)Q{k=olvmUz<+*X#akEm%dZ}HD z!Nt8bo~dcQnCNqi3vIDbK>2XW?=n;>ZvO=4tU_-k&K1ymLq9i@#t0QUH-(}Yq6Et@-_nobqP~@zf zV*F;1Q8S-=xds8ugFKpx8gW-hBW}87p8!ng_Z7qlWFGa$k+Vj8G*)ojVVqKfJ=(jD4{1+tKvOL@Z7Cn`h{GLaJ>=kGu%h=u zS6uj97+(#A(=9`r%o6RFOW~poEAWnxE=Q-`v6O__e?rIH@53*@T(FtCU$uNfTpNO|K*$vykn81MCnx zXOucl7ujru@YWj%l0|KNUK|TIpK_Nr4g~Ey7q)|%-%A}nt;*0>_#B%&ixr8P2#e}5 zkg0fTn5~<<`Ix93%oeQsr;n=L!$a%`jhpo;=|2zqU28JJSG0(hRsKz*B?Xy)5;DaQ z!FEjJh)F>vI4W;P6erEGp%eNfpVjR@Wo3*i2h7vtJ&WuuB2H&TY`^sKMYi6ql4}p< zaqozK{M8(;A=~o}6i5d6gyrjLD1mtuw@8-=BW{=zcak+84q>XJ|uOeTluJK;Dps!aPf}(j z0W`|wQ%rxOugf%NS#Qv%3R#70!6jY4=+sz@?(AttZVl>x6Ld zM9Zs4!@ie#X5C#2FES>APo6K7U7uc*23?4!%_>&H2n`g1X*cIa6L$w2f_H5GKBhMt z-xBnBh9=~=^TIpbDFRzf)ySvpd3dwll=_)Bh&xFzM3+5B!w}OhK4A?{hMtF4D}k=G z$C4hjhk0V)E%oTd2r@_QEf@{8U)ZW~9fs)*?tR3^EYbjtXK8FJH$jrQget&`a0eh$ z1f(&;vv0wRFJ5i)J%f_EOYTI-Y+(mzBesHwVZCF8%0MC?4xRvcIB{!cd#{!3A3r|~ z7Hdy})lUv4MpG9)Gniaqg8d1`CIkoQcQTx`;U1=w(N=K4o*R2nrnqR?nS!VSPjy-^t{*;IITBJS(}N^ zWK7_-^76Ieb6@BrzJ|QG&etvS5jkp2-anf+cJLV(v*Mk2W3>Nc7$30J=*S9bt5HhE zEAbxtcUXA&c-+nG$O^4gWceD9GEPLn3cfl5jwsZ8FGK$>I?ZO<;FI1KJ{1Y`D7Q;3 zJ&-*)>x{I!^iq&iKWw3PL$YT2ea1g$JkuXKOZ#|t9K0r=Hpe?=>vl;P@WLg!XT-Ia z6KcQ09YAciwCvvcfb~`}M+BI-!;ZS&0Jl&liZ34UbpDABfv5TsCz2p{KeKoO_4)Jy zy^_?c%?vAq9#4sf5*%WJMYyjzul!D6<(Tb&E9ct-PJB!A1 z0pGB$^-=9~dw?^~Iag=&%duSc^kzO7E>F?)jojQ?&eL(JX&q=_Er;rLvQ%XMTf|xH zO1A4h$i4MdH)(p6q8^SgINvm&e8mNu5uX;X!d7^lC{XxADNIRgU%w5$*lCaioK+o_mpsSi5of>28~*%tKWxdBaPD zry>_`7ctVn!FNh?G*j^js~)iJzWhz`$#al28%W0n*MTuCsv{(k_RGWk zI#}HxFR4JnGVTbX59CVE3Lo zP<;s#{EkA1qbAs1Rtm^lq}Q+}65;>Yyh`J!Ap`8FXs>*Jyw`{JJ1t-xUXNa(%MhG# zZ)39o{|22=(_79tGhd!0-p+bQz396T-w?6pNHY?8)h8<{>1p;YAmU&<+%m#RUU&S0 z0--=^nS@Ozx#-35V*QW!?pob;t+7;xNii1KBN2$x&a+xya()llkuDm z=xJ27jWbFKS|ckMsyl$8$7hd~CG=Gp#Uv{*halcxgR^R%s0i-c%4msOMYL@c30C^k zlSbqWHMERZfoIlI&QMPs&ysv6{pOFSz91>r&d!A;X@hrwuEX@(OOjCKL68AQwf^*M z1BWmFiw~8WQ3BgO&c+Yjl?Z`WrE_IyASEeXl(5>42(9< zo1t*W$0LjLr5cvmPrTyKM#-!v$%EvpEO?`02!zh7dJyMHn$+A2<4Lp=Rm~R z?XMGsaT_f&xx(X7Z=RZpw6*PrFm$!Ou6?+I*$d|hUi=1fA->qmWj>o`YwMDxd0n>V zq_)K^7~)NvS@a5RpU6*0318l1KCCSkJ^5X~2nsGp%npTM({5^EfA3wYsQy8uHFr@R zd0LAfI2h^Xg6G-cLVrEfN_KpPm)jd){{*D97cgGC*q>@9J~drS40qkJCDtD7-sxt# zVj=C=ix=ESE#LX1-H7%|k`@%FkeF6}aQsZMcIeLh(}hL;HV=Dc-foltDf@+NjZI)! z6lCfvxHXR3ve;2O+K`8GMk#}zT76z|)b5wkR zFW#Iz)^al;pQHEIF@^Ctp`w1{7=SA+i4tqtlW+!d6ckBc%p~ZjWh!{ETPS5hwhJux zx!ZY+#^~|wW_n~pGCKj^%U@O+{PAx-X(eG_)(h?0lYsow^hW^=Of zJWHrW;z_~0rd!5lO?hGyjIr~V;_UTV(Et0uIe@e2V|)f9Rsj`rQ*|#4Md+%@I@6l* zkiO?xdLb53>uxZhKTIml<9fZ;@ z?^?AZ49I$u<`^Trvbm7GNrg=lxXen3l7|r<8e#7zc>4WCO%EgYyT+>KB zba=f{&zhvr*rRkb%3LJ9up=8gMKkl6n^>Nu4NK8gcPQ~*+G$lrn4Y+(QenAJH8g=< z(XnQ#O`SBBEvD@YJZWbrg*wk46Z#O7It=*4f#qWoK#!=IROwC}<~cMd| zmd8Cey`C+yus#pfH$E{l6D=%6bPUG)TIUERk?9El3aEXB+XBEM1%GG220+Hu34jF4 z4+jC%;oqzZ0IlZ-H8-fexe7W4n8)@DyOh1nqfR}w-EV;BxQW*jWGk zb{rUcoJ!=^+_+gw572u60N~B-hwn;X{Yh7vPz503Ck7{0$1w(#H&!tKCGY$K z27L|iG=uL4I=8YlkGW^{y%`*n5>EYG}(NOR1>Djp9*5O&l*|}cV!Or+aIM>n)e7bja0s!FK35et0 zD|H3g0K_%|oHb?(-irw%-_i)OiuA@sfq&PkC?cpLpeibr393z#q6cdFzU{6Gj~BaJ zZZ;tiY&81ul7dbDi01ar=T=y~m3O z*z)JEEBwvI&SYUXac%L<=xF?&2ozD3QOOk15RepAkvegWo3Zi5c5~bK()|22-}gnC zS=st_9hNVa2Hxqe}O#lW|%(1cQRaAOUow(jz z|E|PHnAvlR!u|%H?*8?(nij~p@$q&3c#SID^_5PHC~~h48)g*E5LGGq9ro z`qs(P0a!VSx#{EQvc!Lb9^c*Gg67V)$?4<&?M3|!k7IuWP<2Vc-NS+Bm5%fAR0Gi9 z0tWdZ026zlTjnc`{dtub0pJ~}$`Xj_*$ZzLHBfSX0hopS{@tC;|BcXGS)5luz4H6{ zbvo^ZozA|(_Wq4M_tiKD@-3GAKo{P-{riE(&F^`w?<2jJdV(K<)=&Hjd;_pj^hMzFllg#00;n7R!n&^qUNic|hXcsm z!W)9rPy7vR1F(YfMM%>*hX-n;`W4W3N#=u?s`&u-Utj)-e(S%w_*ayBga>*w{}$K+ zV7>lN_3>X-@B81~?f;x!|DB%yEt>YFocJQFEgZlDsSN;eufg%di{&+s;&H6@9{;Y{ z{HprtX#HT_`(1n5id;lb|}`Th3y^~2S~KI4r+ znl!b1Hu_znKYdIN(m9&Swf18B$yoga?8RCAfHW@Q z*~Iut{x&jg?Um{H*|^O3E@uF1L$2~^9iTsebo}l-`C9cIzgN0p?`gLEO6;Knd3>u- zW$@W<_o_-sa(=!w z-r3m$sJHbUj`R-`-C3f!0sR_QAM@2P_UdKsJ-+F^tS-zR%Ia#Ehux-umxCY{j*CZ~^cXBdPO54^m7f(Eu`5o|%+Vd^jN5o`N`lQ{@T4G_ z-G01>I39pL5=JkS6*$x2t#rD@6he+pBTkw^29^c7nO6WW93GR&8g#kG4ly29X$YX~ zlo4i4rqW(@Q><#0Lpe@O@1$FUl*J{-;0oTRNLL9LqX*n@$O!%|4o;+dQ6v<$&)Xzl zYqZm9qds_zC&3t)FA^Ez=9>IVgv4&_*;-4$4vNXzLmk9k3h%;;58VAS^gnZpUVdB`9%69793|MB*fXNar3=F-_Zf01U zu3(g8eVX}Z)03xvs8z3i{Eq`A*lkNl)QrhDR*xoieq+_alsISFUnzn6cE%{z@BgXn z6Un>yLStJ2W)o{D*#a-|8B`Hf`8!~SdpwwA!6PF-Z}CHAN%q^rJE6E`vG_Uj-ObIS zE6Uof0X3BOk6cHliH)l|dlV9a=Zc0#hx+P<+Pu<>it3YDTAPJD9v56Q^N9UG7?9zb z9l9C1TgMk)TlOvwnwv+{+jLgLbv}?M_i91%WSKq_I{@YD+`Mtb?NnUBOu216#NogM z7K99n(azG7H#EG&ba>c;H9wX)`(vpAwE#p}Z=jaRg7FaAvYzC^jGO5d76}|;LoNF} zRf-V1GqaeccWL7Q8vIr*e1iG)6{vZtWnl+AUvm@6e0PiaQ7F|Z%7WQlo(AqBHk2mp z{Z*tXo@?lkl4D8`)_E&)UwO4Luh2XP`whnoREnXAi{t@lDAz;E2>pZ_)O~juL>M>~ ziZ0j1q_tuG=cw{dp@Y*mjLTS~BN`<14}|Ma8qV(HWczO7XighUq%dYo2hsB4~Dcj~VdkLyhR=Ub8W zm$2AE*|jQ{F?fbs8O$9-SF!v*l7q?*$Ro}4bUhnh!9vI1LI z8ores)w=|v2&TR@-hmI~xe3njquEPP)xbq?90#iTOUl*FpFQ77 zh31eU5%M-7Z zSdfwvMQh{fCW+qenktTjI=USv7u{=Ru~*@HZ9sB`(f;>W)wKOq8k0cB!U4MITtl7V{4 zm%SqH8V45O=H8ph8lztMqNH8!c1!a4lr$Y^tIqnC;ojx{_CWu@56l0S&Ak`9S=k0D z+!<_3sC0kv-jM2_a!AXoTmhHvRi9|iHyI9<{5ie@pxAJZMLB=n2PE+5X?lo7#9hjL zT_!U2q$z{C^peUro7PMP)gW2=aJj)aHT%MK;-%>FZg1fwe|HO|6ba(-K6Qwri9!LM z9Y*SOmQdY7W504Wrf)L?y39k*^p-XW#=FilgF zZw0Pr!Hug^A#5n(K@I>qOhV?cA`FqA6MKC_zwMk?%quq%148O3GLwDY^}GniF-s!M zSE)HuOV8vz(KmZ5RLs*KX?DjKv9+_7hTpiPL_9gLs?qsSljQ+H(?MoF75q(dgWhnr zvLd9cn1tPjcJ-T@gz73RD5#n)aoF!^!0a1`VdCCq?l&QzAfPdF&qT7Bh$8T@WqW<_ zDRbm^iLrcy!PzMMIwb3WPqfi0?Fr@@v;zXtku;^dg*h$_8gu=EBab(0xds!Dq^66h z$yj&?f?Ujof6qS|NjbNF6h(qCXFtYHjTwin*%u=M<$(8u;(7J`n5s|z1FjZo0OV!e ziSR8gvzumfkR;(gsV{t+tm;<0Dts?dXNwCF9g?uag)ORqJK8b4XQuWGIGr=rq?Ihe{HDs@0 zZ!BpKej)gokx5rtC4pjpA}z3Yp{)91gQw=BnfoJ+A=Eu;}IZ*r5W zY=hHX$=Pc%D`s)XuUfzUHFqZj312H~gh?{{V|{VrspK$#R$g}GGbZq1i5!!3*b^dW z%a2(gT7-})5nhU+;3@`{WkdUNaC!~hEdkR$PE0Ha2R3wIh(gDMap7oat+8_1BM^=~w;5lR;ly{>!bgn`x>^hO2Y>d)Pj5xl*$`NN=KH+OV- z#r{~3RdXx2%dyg-p*+C3kPM2QZd;?4vPYpDM{%t5etDJx=D8Xb9V+uOGy}+@2YFxf zN9|4-n&_Z@q#QPCQetWJF6N^57ekDJex=Iz_m7<|a5*2c(D6W1TT^zF3$s&A1Gs;W z)R}qI9vNvtc&l=M;HzeaLxncvIv8z8E70gn=9HGE0vv``LM{&CrhOVYLHOIxoad|X z@54rl28{t@yKU4LyXTZsz23JrzG=bwYu0#B*aL^~o&Uh|`aj#pVjz4^4fwS7o32SJ z{}2bG2q76(>pGCqzSD_UAWq4%mrY4K=riD!iFkuEOpo1J9tF@vrwrWtUDRqogtX0j zF0?5G?@*X182hW&I)?EFh=YIG0U>S0)u<-c(E>)oe%CZ~uAUyPiLlfj-a;a&Lz2_g z_?&2eeB5KGL7_0tRsHtMI3Z*-%g>*)dFj3d@?VH|)W*+%EvVJ1vSdbNT^7YFt7~yw z92wI{7fa`gmTb`{pCy%3xWrQ=>qRli@n5sEsdQ64>1rS(-&~0*BfnP9sv>ZHn>I}U-iL~Ux>jZph`_)>>c?IgT3#-JRhIAMUSSwG` zP0=tI{`>zL(RyrBu_;#3L3TnhqgLJ?cR=ub7Q=;My{?toS=x?ur`%|@8GvI! zbGPQ=_l?O8f#_Xa2YYXZ*Lb|(D|FjPXXWNRsrIe#%5k!atPW2{aGNtdFIC3211T-2 zXALN!Ck1N-X@^5Xw1;MTQLCZD1@+Q7AraKPc-wp*1e&oujU}5#&J+B8uuoyxmyvld z>nlyx(GG|iRbA+>fdUQdSxf(#md_I;Os!3GvoDe$QKj9j=Vw7z+QA@ipTMd_@Z@9T ztq?lB_0a9Sj4RjFx$N+?R`j&#ygGbESbtl4^{Huobaswd?9~3{x@bd+Qsnle3X+O= z_J%>qkwlQn^}{943FM&tsSMjsww3K5!j2lVBtD-J`BiPGb&Jz0@*2G}tB2zhfka>5 zG?dfz<1ugJqaT-Yl<#F40un(5+k>7c#1l0|UQZ1Ta0jE>=cw#_kYqx_&D=%q;YH%; zn5B&p5Xs02ghLuzk7Q2@lS=Cp?b-^GvkUSInD@9ql*6bXH@ zsS_$$5223_cutUq7e{-x`dKtQ_5>AWiQ7%af{g6qdWK})W&wRh(TFi(5>ssQ?G4Yk z6-{C^Pah*U5)hV!z2BZ*s=^tBzZLeMkSR~eI>@lY27g>aC^3EHV>;L4>i`Yx!KNuy z%4C@%guwQ7L8?^{r6o_sx?`K5kP2&cc2liYI7eE)1Ix1T-Zqn3iV3R-VU!4l`Di<7 zC)*4jMttsvM#ZBG*=1M?_N%BO=TL$Udmy6>&=LDo@_HO*0SQUArtjdPXx2>n&u1={ zpa@QEb#d6;?bS*S-`j%;cj^9#7MY-_k^sS3GrV_@3eHoW339eM+xnF)is@( zJfe=0@{~QK>hD7gV@GC4&N0Tn<9%iL8}dGWMHq<+@AbZy271s)@1x{RA{7``jdpmRh$@rrMO1Nbrd{-2Sk)c>TL;jx;p`^>to} zcXmW>U5Ndc)XiX25FGRJ>jG~M~uRUj5#cz~!X(KvkLSN42z18r1^DCrQ& z3m+FsK{j_Z1?Nj25$TfFTQ5iaSeJ7>c#`eq5V|B;n2f{+lLR4e3rAL2l=D! zb~R0Q;l`tV!8Aw)d~1rFz1x&HAI2cb)Mi*c_+VwQIT9I# zCEoBrS)id^C9H-^WV0Jco5%;Tr7YZu9bvzudLsm-5Fz9uw#!0dwolMdb!TE3wQG<~ z+vC?n3qnd|4Yhr+#<9k0B%To2u$x+P1h*_Jfp$|BJJT?|qX(RA6E;RsMf`%#&WNH3 z;&c<0_lo6f{+Ht6wOj-rUf~kuiomG)#jRlsie6%T?NQSfGk?11)T(VoaGUyh58HSu z&S@T~gEjo8fA*=JFu5VeA`KaPq;ZPKNt%oantKpFvzmNfJU98m3bc)H_C&|Wr(1r_ z`-&TC6iou5WXD1H5KiyHeuguK*}h5uCM~nK81N-rfMJN%+Z*?sDp)mx5ia*CURPU$ zqnU_q%+-v9hA2~xdNFoYfIlEJ_68ek{9!A~w-`M_>#mu~r&zSi5%r~VzwA?AteUa@ znTYEXx{UPuW#`rDwR>Akm)QF6FQx_psAzJIt~z@nm+GnO?1n#HcqxzT`+t>TOA^Gl{yy!Q!vbRm|JtH%3+3|gOc&*d!n_Fv|%PtPE4|uxpJWr zokymP0uTo=6P=hSk3YuMeAlGF&&xQ~3}$|1T{$fv*>A0ah}mPMo?fQe`({elXB&O` zm>(PsI)iYA)&q^r6=>_d;SYP1ibMS8CTAsU6b`PhSAvm>5=8?Xn@8I?8iv=WKMNzP z8mWfR`U;7*d&a&ThP}p34f31#@&lvEwdGYg2S5{Ma0ik!+t zcs1fw>O|F^$b>2MyvZ@mV>a#J;vlZnvH5j-`3^L*U8$f`IkGS~>g9jzHb^% z9CC0VU=Uk-JS}HW$N8>rcwj|PzlJgI1_~wt5Vk_)42dmNkfa|A`w51=ETk{QC{dDT z)xC7PK=x|RYZaXO8&W~&l&=E->)>zqG#wV;{jWy|?%o3S8iVdh{Z)b=?sPyG@Q~w7 zh}A}f@*&L>gODeV{^!?lx~VMCU`Wl|-EnOeVou_)hkX4SUYYM$Ef->0`z>o(4O||Q zp(yq1@+DW8RR}doXVa<|oWc>~;L1{~tJ&?2UES{C2AysjK>H>zv?kip4AOM;)1nFp zm?1l4Qb#C?>O-}&zJ-xgTf3JUX4H-W8itqxs6$i58D(Y4&DqRIgCwrq>nCe6kt@<7 zDe*!P`D^Q_%pDg6uhY8U6!bYFC(n(vU8;MNhV=k5;)G5spRCJr2OWPT<}qh)2Nk+G zL6QX+bjFvMzSv_K_;K}Qq8$G|$QjEFXq)eJY0umyg^JRAT;>It2Z~ukCA~mAG9kZE zpcKZU5lz?_oTnAwq;Zc8_=&G~DMW6ZEm^<<53`D+Bu?SoLCBX?Ex}Ley6y6^8tMd( z*l4woFm2G?oCwEl5~mdH*W+I3EYSMS9Xk}I=v;e-syM|(9Sy7H5aVtJjv$y~SBRWE zcO?x0MpQ|)DPO92gMrVu6NPpoyqTQGE14QI%+>*l@W9qT%?%rk(hck6oyz4mIk%rU z&d8)hAK8AjM{MdKmI^;5=;}D5&wCkr&aPaD95UuBCr-m?rt2&jCg5+AD;a8$RaV9> zsSc657}LkoL3&sF`%N_ zs4+wwJXexrw~axtcNaNq^xaRVtctB5>d4fVx>2tPgnmW(SHf!-=Hd=IlJeFy2>`A{ zy`#lT>QcbNm=A}mQeZ;D4`KEn+AhYgMYc24b1=ehFZE(&iu%tFT_4xv#Th)t=3E_r z;+utR0de6yR&am1ZB|(!H5?fzOzrH!J$yVm(A9Im%mNpmW~vR_`S zW)HF*slKaiY!NN+ZR;Bw345ySXZXZy^^lPS9J`NvQu?(8j6)vL=M>MsSlfSej8;2} zC|AA*3e%;y*2&yaytcIw7QR?N3oDzQeEPisgCI4+jiJ*Ww@OZ=Ef?p47?cpvHdI8N zC4F*woke2QWaT=OhUhXp5xV(?y!5LatvRUcw+LCan2Hk7htA(h~ z3|*w&?6pmP%IZ0v5N1$=^m2rH%NDg5M)g6Cv8Pg58b`nudDo*ID=vg^KPuT zn@w~XnhR;nV)2iq#}2wVxFn=h6;0$7yLY$4qBemsp0!}L#GMT5(Df{2st`ct1ZR+t z)%{@vf(3WzW!_rp-V>uriP6A^(ry_+RePDF{S)b7713KULWM1B2gyciOH3^ znjXUjk|j`zZ4huM)M~u_mw$Y5cvfI5^{|h+lKwHfAQeH7elwKI&w7T-A}`45l_G2_ zrC%KQnWV~sjia$#iB?8fgHzR04;4pr1xu|pIc(XGAWwdfrQ7Li3%&dMu97!czY5J3 zWf*iV6Z4vTZ*`CK#Uqo*trU=OcYC_ zwRL};B}a6UxABuO1`E(a|ZYm)~nfz*H);6l=bBT-69R zr5(s)(MRsYH;pr?+~&;NZRw2~<+VDS=EnX1Nbxm{(Q6PCa$Ku1#T*yR5UhEb;VMfn=}eIUiU7rPP@Bvdxr z!LGLl?w`Cfwe*}nrdv+D4q!s~+S*a#WNeP$RPhs;JDCDN74nIZ8j=YLDApK|4%Njs zmH*@p_W_uP1rzc3iL11DTFri3SAK|NFvVh#X^RFp zqf`WRB;;G$^96@fOuC+TyHqIqMPybGEJht~m>?pEV_zA|vFp|Rf(gwN;7E|gZjT7B zr5C6)_R@Zgqgmq4ddP1eS^-iMtJyvHn7lnVK!*kd<)?bRlS%~Cwdz@>twXt!fMFq* zP%(KL%als}@%DA11=<2Fh`o@KU>c<_esQ{L zEDF=h)`@$vDQV!wH*s=q4tB5x#fR3qp7HBByBEa(lR3i3)3CcXV`Sj^LS2erDN&{HbA55! zy{tZVr4Kd*o(&NUuvw zVicHYuaz#$Nshy~$(zQeM;F*=Iry-1F0((*#8r-Wm1?1cxvTpr?w{V?7+u5k3$uV};ezlI>dwrhJb1cCvqcKsc{F@`j5Jiu-55he|ljHngbb(UmJ! zF;KQPHi~*Zepv~|!PFFcI(qccCfL$zMPs^ke~i%yI&3q@`f5zH;_GIYYBQH#=EZvm zlnw6Y2;)o8KX0znBo90-=U_dXHmjY>)H(*tEJ2?P$GXP1Pl67Kro3I1L5E>JC|%A^ zrRCxer<dIe@vF=hJQ^7XeZj(iW;*HSnQ!zcG&pr|-Gr$}K7Rit3w)cgX;k!5&m1B`lPk z955UmYM|IQN_;c7{tS!jvAcP?&OLq~CdQ54ch;XFVLC)SibMDfy0<0Vj0dAnXZ>i% zudp=Ie-x7sn;J}W)_Xm?@GveA?^?QB2w1t)zlPC3Jt_#ipp|-_b_`=pA%{EOo5~vK zg5;qpXS3P(?mgC*)uql09Wa2Xuiy{2uVWcBK3A&+D$y80^eDech{yI2DksnE463>t zo+9^*F#OjxtOcVBmxH=~w>1~9P4e-slh+`R9@Zq~rW+(jfS@NGZdL8QrU}wse|cmtQeh-X_zac5bX;!gzc` zNMcLQ&D%*dq2VEv(_G)&pfwTc9mcHHTAL|MV(=j=iY?<;h4(o)yyCrvtQ*PQMor)G z0?qSKR|&2)b~&U2QB&G{t>a9>JhD6$*=1i|Gg4bO!gD`VAoH;ePplz1U^V%otZ}Oe z_nFHRon#nD)XjoVxO>8I$(PVWXxf!CvZf4OBCds*E?ukR&|`)^#!Ktildh6pWcF*d zG9+5w`)F_FQ1rdUE;B4;%^cpsjfLwTx6ByeAD?VAk;QX+ts{dBMag7|xMWj02oBBr zh+%x>rroL%3uK#LG>VJrOPoClJwjR%bwa$V@=r9Di(kt|K<_5S!Y1v#TVnhPc{ z=3knVasNz=ZTpo)E`!ww7#uV&PRJ0|(ZJbE4!EF!3VciK6|EuX#j7in<>%uOw2)_gK;4+P2VlvC6tbH4at* z=qs+;ZHN}!wBQkHEct0@t+0k*1`)kBhL|xC*#Q?;x7G6ZobdIqU$-EqB+QkIV!#JB*_&|M;E#C0x6TzE@(aF~Sy| z+7tS-iYGBY@_(u-0xGpAP6?UV=I#pP?T(8>s}W~Y+7#xT+x9ksZ&R5v zAt?flb#F=6UgWV^RMW+Sfo?_;No-Pyuj@>`#?uzJl*3Kr@aWo$*12YMYR*eAxS2nsk9?>hgcNEsKI9QiOO#AAZ} zM%w(_=SyFFWVJu8DsXO^KFuEM*_^?A%eixrT7p_HW@b{dB0MaA+JHN#ZGJw$v;SL! zGSzuU(raUR9uOaq)FWKy_N=loVZZs*DYcIs;oy5rQ4$=} z$94@n$g4cu6u9SO5i3eZftZ>lO`)Qa@Z@VhiH<>`iqvL(P{*EnpU_Y4@`UqMU>UcB zBagI&?IczYfaRld-i%0@-QHTXcNkq?axBnd`^ayS+NaS7V~=gjS|ycrnQ(`p5o+C? zRc#x^G`>?0+|Y+bbBQD;eft+|g*;k>*boojP$++KvloRG4d4@g5zDjis%w=BAQU8Dq=w!kLT>13hEt(x61P{5?t4|4 z;U;N*N`c>|9Z!D|WWpBvFaoi&q@>Ct)y~FB-Z0WSuB_RpHk24`IHb=WWaUzdD_#l4 zzWQ(puBh2D8x}u!?5yFqN#TMX#fVoqmJR>0sby)Mh_ zamIi&0=n3#B~|b5J7guI&Vmk(Jq((JR7^GQO=m**%4t<=S2t>AP4n1jm{7Ikuzgdr zJi%-STLS7b%1IYQo$B_o$>laxL#_yW=WS$ll|B^h2{r-thav=R=`95?gL;JBzGeLN zB^~>4^2-=Xc1&S@0=AVa#F1<+nA~M+ZsHeB^SqJZ%_$Bk9*4@VB=Xn z)VtBGqr?WiPyLoBvQ!*B=u~7M!4)ULrFlzKEXCBjzXj&yf>tH6gN3N&?u~&d>+Ch( z3h7_j(Bo`OQAUvBdhUPRcr&BB`@OVc+X{7c zp)cryN#`MK^R;q6Kz@Dr_?WbD84WOY#}%E+RSDA}x zV4>6yVC>et;3P~4Xea%- zpiU);{_udBcm`J8u-2!T7-e(98Km2NTxd;IBx*>a!qzx9c)y+To+=NjCpA~_Y#JF$ zqGBnkuqF~}GM{Cvaq3EUDdy%nR2CEoKlP#UUG~*eP3*uep{Bipkn#vdnw}eo|8i@0 zuRRgwr~u>Ny)|e(WF6-Ix+CLV#*7Q20c?WYu>EAO?HTiO9rEwfHbkrHAbswD;Ap#XlV!7A)4Lcy@B+Rkb; zrseoUmvGUpyNAoBy~fv(lpRia*&#lMaiyLU*~m1CMcLAx+?Cz)Y6hkkYC|LKLDC$w zA(4?J{AO~<_zXY`^U!IHr3W>{e6IgG2vsD z@B~M-)o^UHMT4aU5flSp5=1P*sIjaMq|&{osjtsGhSpu6%0o5Qeo*LHG&e(mW`wTO40#G z9V~&``JWX-?gPH|l70tCu7rs{v-QIv^KRTh%fOG@YDv}IOo40z5xUFiUGZECSBCO(2D<_+anYj;Z9yczMfCv9>;#94-1j)vK(RwZzbnv8sr(ihiyV}NVly;V~NkbK(CXg7^IgV z>JZx3mAvT0q7(68x|ta~L5OC4VWJ9}+2H)Hd^9BW*In3Q7n(JxV23Ma`OQxPkU@($ z){}7moMRUD7gacuz&LvgC3Wdmhu_Uc@N9eq1`+DizTL|GNE4JE7C%#{+7zd36|Q4} z`cP#QgYE-L8Tp*-=0#HfIwa7tZ*OC{QSj7mrB0=&@S-cU42OZjKd1iP(AH@`9h6jZ z9L`-QkIp-4R-v4ir#~k-)2YSE*48l>J5ZwP7MTFz-#Y>Ol%>aAkfr%?sb$KA{ z&fA_ot2 zBu9bvcTE(LSIJ1LycH|8bny*PyZ?@H6Y(t)VIR1eK4?jLV3xg{- z0k!@uYmDotJH}`y;vzY^Wto3A2`6cMde4a>o8_;M?MnlL2-A{MYyd0=*j988GwbfuE|FG(gMq97)yaF;mbt|O3ZTpIaQCK0T2 z@1i*bnONL$ENNi!yhE&_RPdX?g~z9)d}_!Tc6>DnO2Eh^_?a9YjRd`u5KJ&U{gGMj z{6j|t?mMTp@L%EK;m zoZk>Se`$;Ny0xrAiMP{7+1Dmo6);1BC~*thlYCzjJ1T^>qQ=b;n{ffZHoO0~OXU^z zuW!P;rdM>)SK;P^0m|mMI4?=G!#Ljjk(0L4!ZFIXtpPVHwJSkex+ z8%*F!0&9_BHceP;>F87IcomBd7gbQnFM?FS+0@u-(hP1;oX=mKr;oWH)JkGIC0b-Jg>u4s()Pm%8i5tLzIc zl3h20Duzmq9wbmKt~tq!6E!JK=iOnZbzD@uj#3k3WQo%DS;(Q)`w3>ZCQOrDu9D;i z-1wcptf=VXuLWtgG zp84RL6cJYbs)M{h*l2c)b0<9+x0Q0P_B4_Wrlr)m@>&sW(x@@d_^f+FyCDdC-yg`w ze3(}Z;+d0eNA_UNw83zK&Xt9TNnhn(TOkE^O&v|`J-%b#7hRv(kS}EkaZmBuKXx$I zG>Ep(Zo+a|_aIo_T8>1Ay`KTDtLUL-FTet9)$;W}FD>4 zhz1vO^Y}QD2pKxZy)#Zrd{e2Ys%$&FMwKe97bwnJL1=uv!D%5&f^>a}OnmCGc4rYg zeyrKfg4K7kgvt$__B$9OjvE5PGG(5=yew?C^zvGzN_I?8R01q;9~?n`KZAbKVwF2X zYLR-4mbR%=iKuCtzVv^%HM0WO@+2&vam=(SmFjstkp5;7i5(s`W6)tlal0_61=wN| zj0k_3+y>RJRABD8OwN0MXPHL^rz;p65(`fvvR42v*=f{C`C)QEgW6*=_r@2M>-g(K z0Z`Z+*oERenmIR@0c)VxB@`zurJv|LJf#hMci^*WyPzn^L{<^sIWm)T&{%qv20S8C zO!rWEix)0{NPX-g--pP2bDzKAs^3_g6?5cA1)+dMFnix;%{|0kZFHc@5ulrl9he=A zI`{-Li>BfM#{KW3(boM=X}f5Csp4qz=>_{9+%%L>I0&^zKU;@$fd5GKT|2>n#=>3c z+ESN#t0z)Ic;mCP z$}Dzv7zMXxs6Kq3aQMYNLZKK@4+Tih!vXFz1pE6Tmb9@<7m8KF>?gl#mQcViqdU5d z(2ah6eR-`0X6hYD)Q@C7ncns}BU4KyqjV>KEg@(t$i7ja8oPjYWGaW_UHqWbxN!+l zLf1hchtkK9bzgt!XA86kxjZ2UCsYJY$`rkRGz{nY`3+oS>SZiV=_&ZV{N{@qp~UT= zN+oPgxyx~thc>dh>jr-#y$xBsE4*Jo2uKh^f*nFqC%|G1+o+w`Xh)NK<9Tudnf=>_ zW&d0|(V0~{4egnQC&Ps#5jQ`#y7gMX_7>hju9s_%3<|c+;C}UFi8Z7DSy)_%0y^tE-x;mtd2ta+Va8oY^r)h*A5>?b{b}W-dMhQzHaXe6WOrI ztIhs=s%vm#QZvn%EkM}3g_C$3q$92G;#VxB&=4O!ARiq0EJ_u(IQqm@@0!mP+rYS; z(c%^V$h>?$8dKcs2%?yay&=4*X|P9+&~tdmJ5$4?l3|MGAjWt-E^JT0GfW}iu z={k&F)j&2bQksC!$UfMTq*g`N;}B`|b<|e7M#FzoStME8I;iVtxe^qo4P$e#Y65mF zs$5Hwci3P5=-?$Kzy0jc9+Qz-a^lPq=WQ3=Bhk+cD+^)WqS}`R#OK(rau`eG4?U7g z#5BgrSXHuEv>Gb^Ec)8en=qr0rG#QXZwp?nr(_i@1ryP;KpNAKY=Azoc6#A7GL~to zM1W3Aqy*XA1zs+Q{N$*Mt%x2-mNl%+1|H+*7v~`c)}F~@EeLlj@3Dv0urp~_aiifN z-e2`nC~G%5gLjf^fqR3f0deqeP)5`8|VU! ztPsZTvKH;94g*~6UCd#EKQMZOV5nBW@hswk_}ib3NVz8xJu%PZ%|>=vj1&bZkQ7q# z>%IH^psWmIb&4uwO-foQhNJS94lb;2@dHo~Nn}ZJ+S(UY73yR^c#2We&iEeHIvsAH z;ja_eDLVk63h*+^ZOh8{MlUjV$xVN8kYNX5?now>a|*if`Q1}mjFQ?I!uv0fEG;kB zF%mn_vDBuQHt@uvEzP=AL8)7&iI8#<8`U${((YValiDI$3MZfdMpG!#gZc9*Hj&X5 z;VZ{tI{PX;OEN^2hE%b6!MP32lHX=+v5B)v!U84D=CR?pq#_nD+iU|^Xc z%T({p%avIg>zQYN^3@J#6 z`Ub*U&;^$_<&uYSAxA8loKD$QJ1{b$go*wE59IB{48zasOj5!@&Kp_mv=$BMUmHcIR0>126(U2xb$+Lp8#jj zzU$igQ-}rFXn3;9INN2(Pt|u2`L>0G1>JOvw0GU|VwJ?|Dhv7C14GNexJZHy5fFD4XJg zIO8uk$ygt=A3dSUA$^C$kz^?4;@*3iJ^$6}heoC75s_V}zuSB@ufRY@v|KmKz)oT% zI*foa#TYsXz0A*K;})P`5*0$f+l}%+N3L_>-X;w^7hk~U3}zsTUi%vFusw9V>wLi& zv<8^g4hFymkJN`*0jAz=3URa?7;-+uwYbX~Y&AcSGC2K%mp2hX9=yqgkRYM2jjF9i zmqTWOci%{H#sNhxgj-8uR*7LJ%XU1D17$ocFcNviz|m3Go2Vb(IRQB(Y>Dtrv}y#P zvnac!8ucKqyUj->OeBW5O%owUbA@?;Aw{r=&7IW2+?*T7)63JT%P5<#X>Q0$ou>M= zuv1-+6DRe-KWyIx_Ogt=w$z0ql{*#=ndx(q*$cFo!4e^q&SB5sa46q^~ubR(1_#SEoUjJe-%v{jwvm%;-)=k z5NNRe>$-9dg(J*tUjUqdgy#m{fgrfM0-8DLqkkyDmU---@;Kycyq`B!SuRFh%7mC? zjo+t#Idyay)CSBE39AItmcbF?H$4TG_v(=%?B~EpmF=M+q@{6)%SkiT@QEv3kxts+ zE?I;;j)HIIyqKSt$PT@K@3Ho%dxE4M?mrjx8+616R6Qt~gj!(?fUF4mo$kwDvZzmB0<-bA1{E`iiKuD8+IpHUz&{m;m zWN57psmPH{q}iig#QyP_I5}%%nn`uoU8XJf#M%-q)g8r9V$R}N>&^|O{Gn)Zg=xqQ z1PZ+4Rt0v08^zHQuQ}++KbtLgrHK7G zBp=-1ca^Wh1wFXs7Ibs>4zXu`7`om`ihiQJ8_3ZiMomSk_Pvaa$20~4DL<8sPk|CN zmhE}GG7ZbLd^Bajp%bjYB>L_s?M%5w3!rVk zi9t<+7WI4)#+&v(gzp+mZ%EeS(!G!i3;eba3irfLjm!MqHWO4>wQ)nK+_(g)b4HAk zPHyf_^*1V228_$d=XSDCbWW-5_egyz~veEiQF za$cU;ScGX|DFf13qN`Tb^a7_m*?o%I>BXxjhyVJVz>abZbhESLbyyhlPzdksoQTi4dWBlidYH1W@zn689s0@HoFEf$7ipI@ zXrWs5?~cv%+bBQtjbB#t7+;jkO~eG(ggQkaAcpNe@4hgEjq@{Zf;<^I4F1|FNgD^( zhkkEH2_{k<@EV~HShVcoz{3n&2vjN_EH4-*BK;@>bB#jn+?T7J*~pUP#gdbPx5yiV zjjJ9ojAZ3$2$8|r$@#BUC=ZMGM5$*L|1tc>RttbEu{p?qRaCAcKG)xQ<#IE~kf=D* ziHNz80MzEQy1YNUxxag`^5E4mlS#C$P$~&5vkN1=%6oSJ12G#DJJ&L(;|l|~`@P|% zGKoEfr2Aq0Co(V2{xL~TawQ$8wCN~iEa6MOHREv?kaYP9+0p5GM}Bhh4mwtWnxuX0 zr4Ef)Yug&5R#TBlyf{*rL?hgCH^BkD>(fxrgf$0X$f@IrZJ(on?VZ%xcRGJffeTy# z$U&%<#?KgU-&vPU;19_{e37&zeSg{YX@5a#^1D8O!_qN&g?udtG7iwiocfYgcY%3h z)r{k(yk~hA9|4tD6=%ko6qs@jx9VG+;n;)iAN_b9J;i{aQ%Lpp{-3?y zOluW`<#{ZmGcC7?7K&6B^kRjRHi$nV2$H>tG2gb}Pk!jaKqAtp<@>w-_8nDZwVhR* zW4toGS)u~7Bl##;bdG0njSgnwTe{D`8twI+rH}qG*Fmj6c?B!|FU#fVk6m1JL;Pf% zh%z)!!Ug4~()z1*29mJfp+VNS%}!Wn|jV5OJcHpg?d^9T7JqNv=q^4=V$SAPw44eQ&D zt-!@>W*M0-D%>o>-xUtaID^;YQ8 zEf$yYW&PQ0!e1GJ5H0`SY1+I8VO#LIJ_w@O|H6oPYl4UyTfUAs85u9ciKgBm3fD4j zA)USgv!S-E`?UWxlc!_fh^Ip#yK5gPn*WmgypG@p7h(mQUF8_FJ^nqb3(?K?nkT(3cm?}`dlou?=f8;P1J~gG?6v8k zo|BGAxMZtbnbNx%!*Ln4ayHdRpy`U1%J$2+(@7elrcoJ^sZtxWAF0 z1uk9Yk7KLh`5Ib&!C0KY<-X#QFa5@Jks8}eoEGB~=z^339iF2!XQ_X(f|;xWA$Z*4 z_4V{>-TwOxH!KP|Q$VFk$HPH%3k5J8SnLB&wi$UANF*ap<+8dWR}0K43lOatWE zrF&?NtgP-``F7r*k>X-J^az#K79$LpPr>ZwoymdmnXeI0k#Tv4FCjvGV zX8^G0;%w&rJz0mJg5?VKSnO*<_gdgY_QT60AZE4EQL(*M0X(f2lHEjg=m>byv;^yg zB`!lw>x6=5_j`cL{v0L*y}GO;OGoUV#k-&{+v&81y8M-hywzup<&g+w3kqzS(3vI0 z_R02X$7^JlOajQFXw6K(#M-SH09wix4oEHDE-E5x^A7addN?VyEcf9E6V_V69g41+aHkIi+DVNJ&s}#~ zc5!!InYq#(Z9R5dH|Ab=Tm8px5yCs9sReOgZH(`yeM!1b#8@L!ly}~;C#e|jaX!*C zH1BIo=+!JhUfm)$nzzg94l`K_5R6+;+4vYqA_xyMo>k-L;-det_1NjApHkd zzqGi)4{>Nr`AF#JrkPdU#GZRLU8%*8v}nt>Boq1a7LQ;Gt&&oTFi}UOZIJw1UIXq+ zLFX2zo1E}}ZfzpTV=H$Y`#AlKQ!)oUgq%}$>l>bFVyJc~i6=_<;~g`J8f!}OO@(=G z6FT&k4vU*F zCgAQvAZ~NnYr@j>v887Bg%=Uu1P=*feKcvfE%Ogp4vdD+-i2XNb-cHXvFTs|Q6)*Z z__CY>JGOBQhYp(E2*z6sAbpFJrv-rZrPw1R|u*5)O_O^u#RHN#;&IRgwE(mkNU z;q+Je5}P;pkEs(goEyGxQJGj##cTpqb=FQk9tXo9A}5i^5Dr{es=ij&%vWO|_FNJ< zMVTuql#*$~c9zEHfFPT9wAeR;hk?tRkukpC0ufPC>;^hi!CA>1BE9Bv(zE9%>vAQ& zc+C()0`uY@S!lTNq3)r5`zybOVof!BCRebbBV9h|+gjug17DJ5Ae=PC2;yQ^z!r^_ z$FoJqbKmZKtQ5R0ry9PcUc?=B1EylP42Q_w%Z1;RP-cIR3b=D0Y^e>Kh4F?YKC&JK zD|ok<%2_AkR+pCz6^yAo^*2x05I>^uLxKyWn_P&0%F^sQyF8^kjzRH3Hi$Z`Tca@rwfW=>QZg_W51CRsHnOXG%bdy(=a=MAVb`Jhe(+h8dNy2 zi>h}z>Gb{s{yky;X2CTzc`1*08ge3um&L@N^+-MsC`kf1$N0u73=l`~qvq}hG5aN* zQo(heQ+)2Y_YGceW zyUH3tIldsUO3%xzWxs>WlC2`1(H^ssVl05vFF@95o3=ac`Bjz8 zqV(amJg7)k0MbXswe;z)-i?_-HO*F$8?u%K7R0Hu?@DJu($Nzw$9Tp9@G~w%lpb

Ni!@?UJL3(GXbQ90!#4Z=kpYtzFOEs*Hw+cPLlumm(pf$ z#|auAMq?v)KelOzSQ+@awzLj0q}SCQ`C_iF1Z1^Awu5bvU+A$<=7PZ4$>S`=wFuZ) zQ;0e10lauV|LtqGGJY38o0~7K@cdt8$z9kdMHkm+vN4YsVf`JS+m;gbz*-HZveTv{ zG(alK+cX!SdGas7pVXQW3FZxPmt?Yq$4JsQ4xr{+crOc3`0)BhW1WTIxt@AWG{UZ= zT3dgPix7dZK#M5`6<0N5Wgv$um)1vVpVqr#PC+Ht$n!bIemW)6%h6=EyK8)JI1P~+^`2+Av-=JnG3+7gDevYrGX z3Qs*=*yif@NO+vXOdF8-zY>#Y`!_b7-*cgde7J-|`|2B{9Vw1=1RDe^ks*muJ|GK{ z_xzF>9cbqr{d{$KXmiY(t=d9`h7G@A+{-RaPE0m@p*h^U}iliB(nb zkiTt#&_x~Fp{)SpFtDWcVtBy|B#z@1{fMMm)upqjoR*%y+MrVl_M8^WJ)e5+D2@iu z)tHA6z>S)I0fcsgd*~sX+sbWO4tfnK+Nr531fp%d5gxM0oojx7^Km55S82QTt1o~r zfNtrsE{1gCb@9K8eo@hD!-K?vKpw6hwz_Z*nUCkWHc1(cxty$XD`4A2u8V_D>} ztExyI7xw9jeahJlSv9AE75C5_Nf0Xd!=Wu3BUZd=RKa(+TJ8Tx?e2q$I*WxYC^UbM zeYM|V`bNNQ6javp+PKR-Il0@~ked0>}@so2EYcZ3A~2 z9P-G=v72xoy}o#v4fcoQ`6q`?tFU#(s-9+9*0P21n?E4nw90u-Pa8 zt{C}1C0Ulgi~6QxNJh+pWTGx|=1L;pG(?deF}dHDo4WN#Evo2EwDkvh!qD2yrq#C7 zn;6puK8`$T@5YXQBCV`H2C&-g`$4zC%AJASS~#knJwTRr7@8~W%Ie;T13haUB|a#2 za?%5U#K?IIVzGpx(prW#aAwZ5_xN(i1!6C|tdVyxOhD{Q>xK+H^J;gGp^0@l| zqEoFecb?V$t0nspmPB5^@kR9xji#nJ$3=>HUQ#SPUZknwTNVhE8dbzBop{KAifP1} z6AuI13T_IcNmq|wSKC$X=56nAd>mi#)WwZ$(y6t~!*lWtKy?XV88j67=Kr_N_AX1=Lnr>CYCp1Yr;0}@*ebA*gNT~pL2Kn#i(EGP%iep* z?)w6tW`B*FLMT=mS4(Lhk|@wLb&}B%E%bU8IH}3guq_IVY`+uxO4cX9&7S@4cs=M@ zwjQ>4ok4plmXrbAf{6BFmzOwWcv?5(ATA=!a*pcqU`7WWV6}i0)6s|eLDEHg#TZbm ziEQT+WUk_Zj(=7d8LZS>FDO;$=;NvK8uy#ijWp;$)+0Yl*q*9lyu8NELH6U-Y1|ZO zlE@H0V{V$(+Tzd*5l6Jh9ARM=kE!|T!hOOHF=+l)39Dt_%;)z;y{R}%WwzFddIWIM z6i7`0)RwZU`VuC|=lo_>d5vJk%FgBGz%Y`67~Ip}d7G6$0sDA6^Qz#M6(sht>TOOK z(=~o20iX6sF?eO2VuXlE;^sZA};9}(Kcqn#2wn5OC(39}ofS9MDXa?$whZO1R z?b)jk@{||Z+x;{8?T6c&tSI5*8Agf#2;5{%UP?iE`jrbpFi-LuHdik8UyjquP*6Cp<#M%OZSONXPgx8Klh- zPIm~2RyRim3n7|(ex<}uOFI5TzT+W`3F@!A%3{*(1|Zm9ba!FX*V_=vOC)zBt zaSSmDkyzzme-AIlTlR$ON$L1@7N3o2IH+3n?^aOscY93Zbw3Wc00wk(L7yAIr0vR^ z0*g*_CEw{miAm1pHiL+5q#VN?N&qxu--MW{|j$S2nP%jpWodHfyS-NXvX0CelKhV@2lxiXf3_MKFRzO{l z2#;Yd^U=8{gf|}FrCx;MBSd-@uTTw3T*$a{ulk?`2*}NQxAiy9@v)&fjzm}pxPIqb z#6{Zxa1~-I=ulyfs?D8&2=IQ z^kN=RF3rA8LcS&GDnt+uH( z$Fz-pzzhT__{8RA9YDK|j)5=sC&@O3QMp&~Ig612;&Eo)D(gwp!b8 z5q5eZQY2#*{lTg#(<7IL;_a{NW)vOZ|SIG?4phl{+KA5*pxUAkOl z>t8Dn64Iq=@pO_-P-VqqAPnfM18j>w7DEMvHOQ2Nh%WuqkjCzGd5B6M+Fnghhn9P7 z0*@YeOy7Zkf+5@{-9$*hY}^Rw+>8`71k*Qe*0Q#EH@Ob$uqVWMST@@QQz^QIMgNbB z*>^0)v5x4}E~A_EW`fP`5tpmy91Gp}n9w`Nm$yehzYHh2ypL*f=Sik&4=NvquvMj@8zV~@=zgj9l%4A{G*f>K zjx4zqywnfsGD;?8FlJsQp8@GYg#0~TptTaSedh3+Wx;MW2J>A|V7fuLow!!}c;Ypm zL1viSUu}HD_;6MOFY}#yd3^tEX1OxODfi-c_s2Y@TuG_*vYhQylfGTGoqn_1BA&38 zlh4EP2WBNxF+wlo${ZmP0b1a8Fr?H>KSpz)ke+yB_g}3yX;LpTDG5}cEMFkRhiXDh zAe6%BS4awM$~jLyewk5v06tSFCy+fnd7~sPJTCU(qcI0*w5VSYBUNcZwHg{o+5ylo zABR;}*ncjnLy;aW$yL`=3U#XE1fXR;Xpvt5-OB3#Oli2{1zgZ{^Ti!IV2^^gg~A9? zk?!e8krQ5*^3$(lbF@5t2gQ4|wnmq~)<@`0Wms9JZtt_$HDB!(3_8BWS)aOK#8Kh) zDVrOYOK}3a;7FL<;uB7WF7Jf?M(#2NV})24l)l`$jElk$Bwc28x-(jQ-Q4C@+h{sH z4&}5zpC1{xkMKz{l^Bv5NJ~^hilG54y4XTy|H%G>E-Iz=jK%5I@@Ob?)JP%bgOnhE z5#b=94?O{t|C?o&oX!0$<|AA&RX7c?)L2BBuUglbsKqj@svAxfSMea&q_3Yl+o7SC zd7*#d8u)}?^i9*kD%PBH&YpukJA8yTHRT|b4Ds;6suW+Jv6ypAM{a9HU|%WR21qmh zJ>tCf`cty2F%z?j-|nJa0^XhhPDz>1GswMq%p?uL&Su;lRrk+t z0hSeBK)}btfm4N|LN$nG#PT&>6)vc_eM??L;tp?xPU+~3S;_M|@xR6RsqsLTDyr7* zIK^kuSO9dz*L7I-D$LRO$Wif>CjKmow5tAo6{4-UO>pB0Hq+|>a{g8xWOQbw0|2#X zD&!NBc)k-)YQhV@;i*K61V3hE>p;1VQ~k#biO!5{k4px`E>_y_P~B*r_7mW^z1qNq zB+!gN`~XFatMjY>1}ZZ4pz}1aO9n3jD?L3P|LS0qFet(M#)NM(7|gNqb8o!+T$jr4 zGN7QymJPWe;u&g{LMI>*9h>N<_`sD7R5qsVKdKm#Ff_?(8m(cB*l-PUZ3R226uBcb zfswzxW_*53VC?FcvXlB$-xV(J1XAWNrMS`K_TfCeJ4w2W2nu=m5mH7Bu*Jtm)uA0l z=6PoviCf{l7rC@iho&F2%4^oRXrE0HjjF=oC@BUwZe0~5_D3;hS2>uEEu3~2Z2r=X zx-u7cyP&YJS<}D>osIb))<u6c(2KnMOD zv$vx|1M~n%)2R|j3B2J29P#OBagiEFg6mk9E7x{<#5WuV$N_Hf|cEM zawUTX*uVb{H<6BY0L!O;(nwVt`33@K03n6zfNF@@&Sik1bRTHnN?|ObQF#&`sF4)EU3}T1*70arN74 zyG;V2{$fZ0DCFSm+0jy$z~wBy+Do!7zWingjf3Ph@dgbRl~Iinu1hqe5jo;~Xo`6# zP%E~Y?uTUZ3GfKq`z+XBp!=KW03afu(2N1)Oz#8;2SKJVm6qa?5!i2&?o^hJ78%@$ zq&v29`^y{k!jn(OiJ!i@Hd4Gt%CjSGoEympbJXuLh9@W}JZuYm z$&C*V7|=FmPuabEPFX#VEcIZn7=&zbFAt2sTfmoaZk)aOV4VUM;#xL8(bFud&K{Si zaGGE~O^!+E()$Un!=rL7j!u8sRC!!e-R6>@y|3xmP~W&yAiYUSn;y^k(fD8S^x&ra6mebkQwd9sV1rTVU(d70> zP>(X)b5)WTyIQ(9(C`;7_fNi>l#_QdSJ>U-ee)58Io_+7T&}n-s8PsXHxPqge|kIi ztJ1BTHGTEQCIUR1L<1PXb)K&i)dh}@UAj(}OrkrRjY1V_1g#v`*d}`J5!}_OI~UWm z`UPqA^6kQlC=?*>-Tl29QBA)%MJT_xK zq9hz9Z0@=lR62>C;ZcBGKA2$$hY8|6dXh zW(EQV0(&DXC?1~wX*(DRm>AiZ|2HuaFfws4aQ<&(CSdsAm4K0jftBt5Q{pkx`Jcq& z28k{T%sm_ccwi@Y|Mr%t|G(oFDX2@ho?rkHVS5KRs7srJWbd`hedpy4*`A8X?G-N$&Fplx&(>k_j}3&O#rYc-X5XC! zAfbzSeDz|cX34&25C*_9zacd@J2@2;z``0R!7RZTV0^2ihmjUQ#jO>9IDvD16UD&% zb1Wn)Dx(ofKuA+iRxvaSFy9W)sTFiHAV&be*g2ngejW4p9K->*=L0Y+;~TY&WF9Tw z3eKx5p!F2Sp0KigeQS&JmzEk4Rh1QzE1*1~yAlJSSPncvL0Pc`c)Y5Y@lV1J{N)vp zz|`6Z@VkbNyp*cAvV>xE`n?Maz%1Y@TRwU(@mHJ+#eM?dH*+StvZ5$=1|J-N%Guo9 z8&6D(ot+(w8J*l5j9Z);%-i~M4^Cx$odg1=1H5#ALcs@ zlfc^WTTOaCuUH_TUx<^?lhTn9RrRyYYT=KL;|Kp6GiN9FuegwgjD(8(Rlm4zsHq-| z^GEQijWn4(g0?yrV^`;Aq~3Gri}oLT`t0BM2Q1pz-htL1Dr7$-h!^woUa~QZZ}djw zgS~hzhX0u$eJw$q6g@R55m_D4E4c*sm_L?-8{=2amw(B-eJC?H*AJwonxZ0_0dRA@ z?-gf$&4aejtbjQ>Ilu+}?iMH$;ZM~uK|n-w(b3)V@h_dzx44@>xbXTdEv~LLJ%0X{ ze=F_$>d3^C{`{{yLG0e<&fvtx1$}gWpX%mk>`Pd6=*=I!Q{UWQD+LMF6!5-@IZ%DK zu8ci1jhQu(k-6~`S{w5BT^d4*2k`jD>_YH^zieM>O>TD0+8;``)_T@A9ee-q$UnuI z)xiN!64Foh5_Yt2eor$3a{y$3<9oJ+(bJf|+`r85J)6_L>$b*skBzMjV41*GIRboW z<@qh_?sVk&ml|bUT>(D5KdN_ksDGKr21bV0-)ukj(V)Nau9Vu!+yHO-*KHENbf4Pf zNXEE2bd=}IeT7Vmwzw0&-jYbT^ia`eVF;5_!vKDj`^{nEn|P; z2mErD0ezID6~1TGk=4Z^uPMEAvQDBf&gA-X?+=1eQgOZTMpf{ z{?U8v@q0w2e+fM=Jq@X};}ekm13%&*Uet&FAU|N|cL{(oSXz@(n^MhxRrr57XicoG z%nkLd-qzl50P_oo=YVt1t0pwp*8udVZ6Az)9e)=>0K~yHxlh?p{ktO@XY8Z*ecYkZ zp#A0F*)QRTryvYKe}at6jKCOze?m@x7&U)_jgG(=H#UEiW=8-Fo547=*D}8q1JiH@ zE}!5Nzh<)=+lbHdxowiBE^bXkiD3utJq&Tob0=Eh+2O-znJ85_H$fti`1 zD`$Hyv45Lk{-rmty?sl4=!gIyPT-hB^s^h7Phi@mEMaLMQK&L0!pY9eIQ|2_<&?Pq zEg5_ZVgb}yU7}D(6fhQ#bNLj_$*IQ+PqJ|Jw5ufWqm92UtKSt)-c% zEuhc`eapMCXRA43c;rt}U%q0P@$zQ3Quscbz@FZMY9@_AD(`z zXQ$Z^00_0cR{o;M_dC|pp0=^vWpeY{IBXdHT8=yNok1{tcUMA__1oIm>$N+KwR=T8lN@nq zr)fn7C3+nZ^4c1_L|&tndUaBjK3&T9!6X9t)~3|Bg0Cz+j@@p9&OY$U87eo zIvpUpPYKy)VL|~lXbNlVcGRVN$ECVvmRZOdBd_t|-{q=70 zF?Aj>vI=W=`ttK0!t{Z=T~KEv5FJ@=#_tQf;1(#UEBOWlD)d6dv3}(FUEg@{t}bAj zmj8@}-bpwp`zGIj#c|t&&~}uJ&))fxGEq@Kqmsif8VeicHZI$< zi~I*#%HWu!P5$9KSu`nd&`;L)d5&}#WXUI=;!TKU7pHjC)3)34pAe(TC-NRNd%s?q z2jIb;Fl_7!%>_$&6Nb|OOx4A#9ZzvN9hsO&?OW6d4dZ+U&3Q(KJhQXKbt?LV&YDrX zI)2LyuzT6<8c8J*`=RYcdB;K76chQmvZ}^&+`ZEU$cWEVFL}EmkbuqeFF2Xb(0WCn za9xqx8^+WW1q2m$eKPDa;-Hi_;X}@mhPtaj4==5sEW)(I^hsZhKbya z3C~d4NZcLnD0%jl)bLeUZl_@D8@d-UiAEOg=LpU~e;S3|ZS3yoL1)q}yjg&{v6xgL zLh&!JEJy!z_~pnK?br$8;WRQH*_O1P>Y1u)vHO=8P!AG6j6*m@zBZf4rya$jpr&#V z_@!aohxuK5#I3V4`J`@9TFuiyWXr{T6dT$q5n|0$1VOC-XnScu^7J%m9Z03T#U$2B zF*$`&9sYPi8jy%|oPHFJaBXG_NXWdSEIyY8`(l94riS(k@g8Qppa*D+_o=aC@%)@u z1^m0M5@>gV#K%yBO;>P#UCtdSi|$^d$-6Lmmw%5r25w@E%6Et%9vCVe{p26cn=as& zn`h72;Io6bBkCxdMVoWgOeOkrsy}fjN3!>o+SW|~6EmWIQ(v*azdI;xaU;U`5{;Hz z8RzK9_K<=L8nSY%?x*g44vZD?v-3nI<`>WNlD8C2>rB&}c z9NwC#MuVY^T+&w`u9?kyxFXe8Dj1S6 zcY6^|RUi)^pkjSh)kuP258`xxqg?PF_=YGkUO|8NIfZP2v*8^B z05b^wG8lmo{Bw+9go8*|C-$b-1?K8fPDJ&kUd2%`Yem=LyLcV4H%5%puvl5er0Gh! zQ;S8Kx)8(f2qn!S(+K# zs@0-3sQ{r*m})$M=#tzsQzJ>MSXaBC+|m&%seHWuDBDp;=RtM3jF|C;5(CAc<96-%-Jnk1<3QXbTsb;4`2R3=4nd+sTNW+bwr$(CZQHhO+qPcWw(FH`+wS)VKcWXc=p5{b zjL7+ob5E|deV^BdM4giPb*ixzM{cZAuQ7c|von{aR)Q{~)W52VC$b{KS^1_lE1Jy* zn4ule(P>nf94CWzkCv5}(?1|~bISi9

;s9=@E6!|G9w+}=lRi@L?0qr~1yp&ab& zc*tqD-*uKA$RE5Ks4go^VYF;L$;+~o4mBx1jTPfL)Ggr(qjqyu|3DS8( z@&)r}h$wfcz+R@EEm5BL)0Bh1xDEYPLMk(szLJ1or}E(m_!Y_poV((YwZ>d~RCOS+ zedTE6B*yW68SX1rHID?o1&{(JYS!`#kpbhw8Lp81TW!VuM@Ns4qjTuHW*-mRgFr`jI$HOxMhj>NTv>!r7yV&T@!Bsq%;Imt+iasey zUYXgVIdw{viJpV&?^x+rDdcFQKr`W_z<2uR!8y_XwX_lquIxqgb}h1<5VrB+*~w6x zWCv~9^ggSSmgdRoVTSciiR|V(i%OUP++D-|6Ta3IUDS=I-;U2(Jcpq!;z7)^jd@R+GpIx#6mPCaU}Due@{*bzsAY!e zJw5G`fBX&mHzkvNsTnEOy#HzF=7y`*98fFFeq1GkuN5~9LTPB(L1MPwnuT|G?MiuH zdHEV_>HShZpjufL_A}xi2~}E-2sRB`7w=0B(SA>0NpHHB6o(M?Lv0S}up&ZR)bY*+ z%zdkRw*#nz?2+jMw64f^CB5JG7-MYjMTCjD2r6?bm*r|{xlLvppbIkMR$wROCH6#* zS#2fX^;}~oHUwvRh`JqUQn{M}qU=WirjILd!93z-vjcebX(kC@@T6znbo|?rwLBGs zHEQI)vjpTh)G!jqc`A1K`>tU3XH$2S`|T9_h)|og5ihMV>*)#Olk`22Qsf~N5g6p8 zQDve1XNKS^qGhOL>K_jEbTNxzO(SRWL;Hg5yj_Ih0Bd_#q+}vdFjTnrk=~rLCdo?C z+-u6exoBJ=rt0XylMeSvS>Q$sB7hHReC)mBkxDA=4vAbQHa#X|;is^J_RyLJsKXi5 zy51W)Teh%3!e_lVDn)=&i39rRvv9rj8}MHcfxG%#;=Wfe1ZjL^p@=Ok3j#ua4v9q7 zhDRkY?|uqe7N7Gz)oquXCZ-QvyOX!v(L>?^IJ>GXj5ZTdli(2h?yCu9i5&co7UqOu zc_Aekd_T5q%D5|mRV<3Tq{dulsH57Jd6Z*>a%W z)in*)1D_^FwcoT3XDqiJ zvNt*pdTi6KWvDxHTA=c%ZM-^5Z~7&Yq)&zS%T|3I&WgVt!_8_NI#Q$Zu49Qq41JJoXm0!yh4J-CS2s28N+KeKI zmf0ZcAWlv4H+D0$?PUvjy_05y26O|;u5$iN6Yo5Q37t1k` zWSk9N-5sT$CFWb&6#{!9vcjk1!=0vV2Rv6R?QsZ_${CRwP3SN03&V(KY`G5r)Fs9O zu)`8JA9P_dbVo?%O372g_Ze}WyBZxk{pr~jm;p{R^b#^&V}=2~rL#|bOzh4erHvj@ zx+tUZ%WOqwc?~6rmwVNqg@1$P=XI6;bUiW}wSe-^bBsC3=Y2IXtw=N#FBfFaGl&&( z=7=0#KVv0McfFvf5evDPWkEZ*03CPqU9Uo43?*CHG1<{FQsoiKMWLYEK_=FOs2r=G zw=8f`bE*QREu*(Cr4&feoI@iP`1I@uNSw>?qVbD{^GeS@h(_8+|0#gQO#0}5py+wC zz}#oz-BM7$xbx;ymxAS0~D_Q1tZ%R2d_LrqUW6raJ|Vohbq~ zc9FQZG{iYHY1u_ZOc-#;_Y!EFvD2iV6R`{3XyXycCgKBNHch4Y}GtCNR@SdFdrQ*lWfSdacS57}M@8zkyvbzNe*g`Q; zr!!#akZaDq>|zZjs{OH|#?~;|PFnbW7z>-L^cni^<-x$v?2T29ss^Wm68-3)^mlzC zQ*Z>ErdRDX+u%3YHHs^;uqZbA^F#3C7hk>PaN7MY$TG23SFbQ12%B)*X9nj5ST5(D z>u*JcT9AKLC;|-vu88-@3KL3WjMmZz39zzQ%Gep7(=y`=69`-}^wQb3KR1Sg3-ieK zmC&(8`+a+0jG?3Yy)qdlx^D!E@Et)UzCKSbHj`)wi)GgJpS?}uE-;x+XTDJmoWX!G z;PS0%o@n_WUb4R{ekyIxaAOV_OH_q9KZi5Lr6ANq5VXSyaMpbHVX9VntBpkLNQN_( zJ(bjI79$~mzMs&JG7;_RNpI|0+tN;=KfL zwxFptA%#3T&`VeJLCsEPj`_A~% z*g%6pB^-JQ62GMUpW0N%$UhWc&#~TiF}@3;L1Chnq8M}S7At^1%S|SwOo|KC#0S1>Z5TrY?u`jD3$xSbe&qkby|^aZs)~jV`Wvhs2u5h9y`c8GTxy36 zrcZOR(HQr(>5!WYl0p$1&xIymR+gEj=388%2_fv%*OQVW(clmM6%NR{c8($hz5vGp zcl_P<2!p|aHcUo+ilGZlCYdxD`d%n_HSL8*eT&OWJ$d`>{IC{Urr;Zs$lTP(8I242 zo^oIW6C~RaVS7jwx_a6`H>Jkcn(mJBYd2-Zyf75)ZX1bMLK#hU3pLo!~5gbv%;BL4EBcIP0(lpx&JZ8guq(#JJDiHo@eB3qrffo3>Ftv zseXD9zgryg8%Ms(sizmuPyOwS=8BHC<+l5HHdtloUPP$ZC)n&7Wu`J&lBFw}>GWv` zGf6mc2TmrKhuA~0pIJPF8@Ei;u|c#t&tvqWKB|(s5&mM<5T&#(;rRGx;`ukS_kB7H z+A4>i5SWHU6wpF;DX=v{Z)rQYvW#Nl9_6N;K<^J3-eUZYr!52fp7~u54s(o@QN%_Caw4yxfuV!gZiGaQ1~+ly;$LOG zp$8t+WZKEZ#&t}KLkgH+qH06Cvc~*17A|1Q%1^`5WYRusMBfat==?g^a&>`tAY!_* zQP-8~Zg}j2lANT&2*#5Q!(V}ahC;*)cg@;IfslT@2g?71?&r~=cjI>THxo3i{PUHe zNqPzTDe+#vX0E-+ik`IHL*`Q0o;!Oi?@SlHS#5UJu)$1WvL*eSCV^olwi4z%BLq*9 zc*ry)LDvr+4!ZTOP`ee)wvuqLj|_ulCjXwBFB0B4S~ah4d&h~m%g)0aMbMX%-8v78 z>7_C}mNpb@6gNwLFsTQnlGk}v6Q7W%pwA^{UC_s*bRnekSLJ_)z?zpDjgCasd7@2IZ)L1}4kQCW8R|!V_|i6+C7$F^Fx|z)k|9J6A?JfFOkt$_PLVB-ZsP@u=7SFNm`?U09^+?f(D-@m&L zyf{4W4lM8wNHuu#>3R3V-7^nDbcaX3p7)qGnPYW?`%l6fUAkgEa#puq!G_Su{j|o* z3Tjf$H|?(O;`!kHs<_8q=0qH7W7%pB<&3Vk#oBM2x2Pb8H4qM62|$h@N^Z>Y<4uGb zkR8@l`MV-54C@pd2LC~GTJ!i<3>hplC@Kf6DWLQt*fRaYTe`{g!pfYidIVP@?}Ygh z>kt%%7Ckwum9qn7A3d+}Eq))25~j99XtcY#T{>In^@pz zt6SLc5U`VWH_SZR0zxCml%e7VrrW+IB6n#A(>OO{y`RU8Tj8CzpK_ES{IHd{{L`&6sTaytDQ z5<%!Ap^MbhL{+=*$L(BEeN&p*rQ>AnE(pdj?+f*R`M%=rLr124R!=!*J5AFP`g^Uz z>bqQ?LN)G0K4>sDZljIZk5PUVnv5sO#qpJX*XNJ7uBJi|!!pji=q$2sSeOKa(M3a! zsOIX7wg>NY?0o)!0jmm}ACS?iqF;m`$x&`ax}@DqAq)N1a_PKXuVV`y0~vw>#UC+= zrv`d2(z#UF3L_dKpm z4Q*XYB|r|`4!vZko%6`aNK+o%%SuC_zGaT!vjY@#$yuEpnoD^eze$z_OqF{W@UG+N zC-50@rx+JO)Rq}g65d2|?3w2S%+j;x#D?^cv(jxQ3~fy~COSGp-*c*=avqL3=~`QC zHf2!S*R(6*^0dc${3P>hne{5&im8JCj1MX9ne*G#E<^u7rs$!*5|J;41qQBU8U3|1 z39*LgETAOx)qN&1Z=cL60JI744)wt}30+JU;#@cz@395EdRiQ>_5$uQNNUF)hbq3q zX_i;cT7p53OK9addiA(ph zeL0GAvOv>o6Qq@~Iai-gSnb7rJ%k9X*gulH9Dx|nLDuAnxr#PAbO}jCwoZdIAx>3V zRi#t5O2wy@-gfq@0fRjCLhTp)HZq}cva&fTpN!@s?-;s_>=x=)SkuqYM!5 zakU@WfK0DxeC|u$$e&%x3?AF4;qfeHm*6-9Mc##SSt_YUD9IukNof07mzjV@Sr^m4_`nrVTn(8ng2Tk+6-9nSNtPty zFGTF#BFj71bhDkc%k~IgZ1IjS%SbURhFw{k-JFnqyWIL^0$Y>Y zidIRwZG&@@b$%XKGgW>Q$^*I>W|Db#8^!1!9QTHORF2U|Qvun|h%rsd9F$vu1k4&d zQ2d7SKo{G5*DEXLJ!k0`0<4-ki;ylUI?Ch}%rX6yYu`Bv>f!y$+}EGCn)~fn2zw<7f6O>lid8qBcYpS} zBV+Y_;o9Gl_%K9%a~%do6p08=Pe^CEpmD9g6{z$@~S8_r!^}t)g z;wd)l8j=zRLlm>Y?viN45W4SLxRfslb-~=u2*d@5$Z<3`Z zz=L$E6->Lbe?p9p$_MuK}xxbJm(SB z;f>3(Rm#uhgtjW~Dr;sW*Rnin>A575B(9eY$e}`>%6$?F9ae%v!k>n7)WX!y zuX>GNKrD`ra8k$^k0Rb6q@OX?Ww)vY=OPG5$OVrr|DoZy z=07k(^+fO0TV`>WXLQ*#RR9`cPFQ`>mYAzlcAfF}g)8d#F3MT@Yh>_a9p(pDG%dn5 zuhMFyhD-DtoH9P?U2vP*Ng;)yWEeX{fJr7YpebS8!DhuwPR9Nh4_aEkYJCuuFPff)Y5GH5h$7Vrx}F!9L0*+wn47y zC>~XIn$)Ua8VgP^Jf622nc9e2Itjp{6rE+j=-)x?9)CTx5_M@phzh8)2`yv_4PU{Q0YNt6lknb|2I7p&r10lM;Vu&&5H^G4v9Q9uADk?$H=LWkk$B&atZt)EkHk?j zWza}p^WyBy`@zwG(*Ka25XS&Vrja1|I4Dx%Z8@5m?dWLKEMn*>DKU$@#QGJFEi~nI zG%aBaZzm^H#~Rp6dJ?YY2Amv3H?)vhm5vv$tsl$;E76=nKWAm|b2D|xT&HJFo@+Up z74V!D+xYC|eNIqO$Mq=drMN%Pac+^-6(8qakb_ZBla^1Y4$drsz+j~U{d;O}5`e7c z>j8nMGJ6jZF0p(wIG^XL-|!!%`%m_cs*?~?_S@D$h&p*3Fs2WXq}BeOnsKb*#~o?+ z*J%>S+oTy2JX+M7uZgMIoh5wh9XoT+#eB9qI|OSolR-Bld620$XJ?9^aKT0UFPGdV zju9SE4Go)f&iKwX)MrT)c{lqb1q{OFWe=q82)#vI-kt9^6B~r50;5fbo(ITdsBlUj zweG1o)Ex$|s2CYfThhHG3t_ry_cFQs(1}OPoECp)Mr29Jtv$@-)ds-IYt z2WXEql6hkLnj}>iGD^2i0ahxGX^a%k2N~DBpIJ_jh*{5+^}TlQd+bdO1GgvLTk^$3 zk|gVzzIQ~+fpb+dE9*9WPxaQyZ0w^BdyxNJmc`22Z{OprP+%Uq4EwAeE!Ue zZP8>K8|Oq#BNnACZom{#oj-0!7de?b<%YQ}k#^CCb97Si`u$7EQV#;pCXF%|SMeDU z=6*9Uh*#xTA8l?%v9>i)w)q~&<-K$y&4s>>8l^6=9M={Sr=b!|eHM<0Sio{EC~Kd- z7QwGD;q@eE9Evf|p*e(m{^0o<**GxBSqg}!7*BXT5oMD{5mkr^F2ig{)glW6e8; z9x(K!k)Qezi_X=s6HPw)ao}pXM@)I8@4#=PjArPTNvO(ExbN_{T0!K_O2CSXe0a}s z3@qg!+iF4r%?{PC6KemDduleYD%&V+2JUX?5$s2N6R;5h&!hon6U z+KEZ|(a|ek$*kV;03W3HKeu=C=n8)Zy)Hi8+X`TUS;0%fvtuV-L!3^!pDJ$+mA*MR z96_Xb;^-wQ3fpC0tXOflpEHi$s|nt!bI}^YR~G zs|r#cdT_2ev709kjUqej_h5O*i-@G{WekX|e^zF+9+uhy4+;xG+(fUpMe4A*abbtR zRCUpjX{|h)eU*%{Tz3tNzwcks@`JDs>!d&`{TbT4gU`i2j)@)ZAq3F=vF&*VD`3Kg& z2Y&m0S|KPp%2N;}41&LN)&q8BsyB4d5?V^c>6-^({DB|=6bpwU(zX~+@G&LCU%*;8T7DZIw)$~W?03(a9B zK}dP5k$VR{q5f#OdSs~4gSJZQxi45J8haqUy9{sMV@>q4a;xT?6LxU+$h8LP&u$?C zMi1H7!;SbrcJ*09G-(}i7gQf3^1$@H{1e#vj8OBr)tY=VW9hJJ*EGXTHmjVa#J@|7 zG1pE{FUKcHCS~+&C9WkI?+w$7T2wC=~Zh>Qa7b@u?Ng zh>r&JaZyb!Yyd+RN3!7KD0pcbeGT2vQ(NxLSr;9wb6p;pOM~NUgOIeRkzvyu@DSHD z;0sGTW@Xf3eLqX1Z=&U}~ zO)+Ebj*VV84f4Yt)7tYC3{Ru>3^a_90T#3VjPeOVMA67D^ZcQCLKp?#jvAPxij2*^ zTh74o5tB%vjvDs#^tuUpo*dca*<29O(n7FLO81)BUsVA=1;)O4ME>e5K)R8FBFp+R ziLTCJuef{h8MaJQg^#U$NUFs2=OZzT(L1MJ0S;uPS8jp9y~l_wj}boi&%JuttpJu5 zOADoixIISjKYi1+E2DKWKPC}L9^R5IE8IcaaJJ)>|HbLTN>dVpvxjYNX44m|JjvM7 z;IeA9sbi-et!4T9r4na*As~jO+0%M%bKiUjL#tKuJQVA3&< znA$1j`w^&;bFK%mq?R71#US{xNhmts_v%u2N)S=S%5bg$-#hM}FD*v#gh;aW3z7M29HgGIWA^g)NeA9s%;$!6}57?HFyqHx?tFKcr9 z?lG@&u+bP^S-905;Pmt;NheP@AE_E^fc(ARemWe8b3=T#Z9*JdB0=K1pl zW-I4O>B7A+yS9C+=e0=8!_T5}97fHkalP?o<2mzP3o8Quq3)2bD_y2>V!rnBz*u=~ zKgnSS@%)qii}(-pVp@dqF1QvVQ_i{&JCw+Y5U~0w`@ZvqY(9k-yR%**UaOmi43vu3 z$E5!W2PGEU^1-vi(|R~V~pac{OJ)sH-Kb?fw%KJ6mi1PEp&UdjmFvH88kznXw-qF0$LAl0HmG!T7$pw+z7W1GABNg`Lyd=mz$Aw~8pE5% zx73BS{a=sh&4p0hB|{~5=GM>6w4mU|^O-}enioDvu-NH(bZ)Y}lZ^Tfs46wH>49(x zhG%qOWZsqQt{54YqtkFiE!Bt7W9+~KTmhef4NM4!NY0gATI-^KfHs}rg>7w1j}@ol z1Fz5TM8f94{P6K1xi3~*q@fsSE#za^^4fA{9!{PLx9hG;i!4#U=}gbE(7N-)g{<)B zw^t(DBg-akaRgUmg|;RnolYktp+%cDp5fBz;*ZB-#G@iyHqZy*D9g)o*tgDdjD!_G zr^s!9$b5x;y#m|4KZ;5JvQWg-LZO*t$FjeMCT3Q;I^h9_1YrqrWVme-iXa@vqdk*b zXaV#&JOMw41Bm$Bo zsmU%ds$`&%hpr@Wih7dDUST2`AGkWDz_!uF^2xEkm>wQ+2_p^voZ*}|ox5dCkdo1o zwf5T_JPKz4<*PGrXlJ>PzviFk>5O05&Qq)e7x_%D&muNed$W;)`6=t9Gs@7fv!e?* z*~l76|Iw_BC8wOhu3b*WbxOPJq%&kRww330I#`Wz`4TujaS(rQYTAXm#2O`6^^6w{ z)qWVdxMwW)34NDXbEV7CEqgVB$@MRwQ0$982mu%C;BXC7qVHGyWiC7rHMl(xN*iZa ztbIvHFFMp|n)UoQ#Lv>N7N+r3XutA?Q;~hZ__g?n#-K%QBUEVI=p)47WMn@-%Vn<- z?2i*kIq9EC`?*otvQ2K&MEs?QlujX7StvI@_0CXY!9#nO_Q`B-)0~{!c8p>yW9C8X zag!CnJ5gT|g@jTd24qkxLPYR{w`%Zu-5hK=jKn#cn%ot4TqCp4SZ@*{kvoZHqXXMo zf3!_qB|RC9r21=$Qq29P?8xz=rtjKRKXnSN(h{wrPs@Y^2J0>?b{e!VC}se#DUcu( z>#Usrpwku3V841(?hvC9LiwkzPv2M^K#C~TO|G)NVHgV#D0!-^74g#wix%9Z zDoT&`8Qa3kX+6{HN9Swg-ArzK8w%FeAt{Mf{+}SRH?b~u3u@~$0QnUs6I8qy<%q>? z9}x8dUfUtV3)Z;iVME+5jpwBtep>NTPdBu5K4*oD zd{Xyawf{wypM3XjBVuI5kUusZ2QSXe_xJCbtoTJw{|9_(sc$h8UP3Hq+{;{{li(vW zNLG+R{r7`?`QNp#+Q7uTxZ77TIR=sGV1O>^6W1uMb|82kx`c#X4D7pM=QC!uQmN>Q zr&PF9(xe}FGsh?P|C6v|`o9P}77mX8a&-R)J5C06rvJYFZ^Dj=frX9j|4GhCI$&jV}iJ}I5nVycLsR?+DzA_0gx)IH}H8tGc&^zfeJvGz&nA}X93D|13(d| z7j&i*M}P{zenC@kx3@E80O?0MKZyB5#aCQieyLwrAr%opE%BAU%>Ptl zBS`13dKpj3>=0RNql+<6_e0tMyox;yezo|#%NRU$@DW~j-IoENBS6ql_=|^=%$e~A zdg<53)$juuJh&vOh%2}|CL^RMYgnHIH|Lja@51a}{Pj2W;8!w-bpDur@?moF0f4(8 zmACyg;HAvKuTDUn9UWj@pXm;miTG1}QV@WV-Ta@0n)2&5>9Mc)bJr+>D`04$?fC`N z>&txepNLk6@4I;8w=JP;&#leL(e*uDbpF?51C0hqeP#0J*Z%nD>epCNL?;iue`Em0 z0F-}vkD12Mp6tZH9Q@=u=&hV|xV9hE$<^V-=%ZeIcXVf9Xy>!9K2v)=`&*Kwe|jcS za%g9A0+xjMhabxT@nDw;I)OR>6Tk^5-&9$;jNk5;3(|j>#(#J(Mkfb=Zq5GiQJAB5bzq_A?NZ|wU3 z#5;SC7xM>pAa90mb|XWxe;vNxz)b)d0>1$UKqtRpIR8@Z=2r(ix#5f5?WYe_aD$dyJbp0%#FWTg46!)>%Tg){)VjT=HS=~ zX{nfRsHgbaC;@e|YI$DMd+!54X~Dlguh|2?jso|uXP@D%6&1nd?7-mE@Bx9STNpGp zdrE=9r!U|9on^nBsy|t}dxv*@Z*v0R0Rnjh%EP6e;L5!Omnmfli*rct%BBn`JTc^` z96=jRj`Pyz%D5oy2b`NG1cgELv_HEP&^Sk>p0Ir6zK!&YWe|g{zPkVVfOERplo59T z{nXxM0;mX?(rPCv5btCS7y4?VV@?#m`zIf~8t};H^x5-A08Y+EhQ@yFz|1rW%+b)H~=C+=@>ddSn3eRwC zYjsC%LWe4uOKZ%5OMbi=@A1sejY&9Y(`su#ZBPqNeLo4}}`_`YBSn_ABdZ|FJ_dVx@cAY@5t z0I~Jx_G3oup^$=o_;wiX+-7EFJ)@&|qTGsKR@!%f)6kbMYR$+cdby7p1KcM0;9Ejo zAAjp2CfP`06ePQk(DZ7M!B52sI6$wI+jY}}9mb>~FE*`ZJzicMW32ER z>~d=Lb{;f(V`_-+bwqsH>Zp`I8f-foVfUa&bm$1TRfEmzk7a7dyLl&P2o5@t?@r0z z>pO=y&-Wtsg|IGw=jE&k7?tH(cozc39GtZaylS8+v{kD=Z4^NC;rPkk*(@S;_j;nq zXWNr1uAmP7R(a?e_icUXeH@I3BZN7xw0S=}337>P*C@Dlh8hXusY0 zHuCb<({mAy3&&bgpPAfLlYAs;iFxE8@!zX-S2$1Y=S7zD0mbxQ3}vjC1qeLAfXuG% zmndP1!jPd9czYjj>#&r0CFtK-k*Cm~mgf@`E+QmuJ4n&2ge8;ej>i6GzC11L-v~Tq z9ssj=Zh)GIPB1b~jgPK=1C=ypF9%i$`#e{Hmg3-2!p{61TLX zXqeqc#QmHn`FS!|-ybkkc0KzW30-gOWzuQm~OOB%oDP{_u1`!z*tRMbr;bAtK7DNFU2xnhX%#s1P1*=K;mtI-uQ7 zr*OL?mc{6N4GIG1Tp|C9uU`|3!H39Gl=TkwPO4wok+%tNo)M~gXzE3J16eMCG2Gduu81N9 zJo?Kt?@2zfkNv?cRw*VwN*6qqL*0wTZej6(u4iw>d{2;?u&gwZL{;RFeU;P zp4~l|`3dbDljO8U<;OJPhTv#cEWV=%Lpk?N(7`8FF>IhFsc#Roo${AwKQXHhOi=?k zlR**RewKtd<>4N>Kzb=2=r#b0Ph&YLM}wTkqw^mmT!K;WXVgl%ldBy^xl{#t32lL} z_kk2dQ!;m4GiDF02f3gzPeod>p3}>zf+L03h5D$O@@c4J6$2`2a)Ws)PvxVpub7Lz zw(GP;haxU{bqsu#%COk4_$${{KA2R1kLIUIhc;3RVd#> zf}E}n(^f6Uq4cMa6rnLfR{k82B6&{8^4Y#TO<->PwPFOlibjffE&EG$_JD;$73SmF ziUOM$djNS0Fsd{N%*?FK{krwkS=g8he;KJO4dZAp5RHX8C5( zw+JdTz#H1aht$ehjsgLkU}^bb@=Ey>*4v?C*z$q?YPnt|*xu#_&gqD9tz{i;q3``s2a62!cd~NmtspfOP(m z{QztyH=js7=tV+`*$7yD|GnBYCE*6z3LvkL$-dSK&=R10o#2W5%tWt%4ozyPb8UHB zS~InWAxY`T{c%s^GdXcKBN@899@L3vO&+gOvVh>GrEWl2uv?*%e&q26xK+)oz0)3KS$xV!&=J2i1awhLLlSakI}XdKrVb)UPh@ws#4D- zK<5a%y2XLsXeLW1ZK2rQ5^>6+s)73`Ji0wBPyt!``KJi)~6ZKz7I$H857FT$oPxXIUkM9zl!L6uYGS%sTf z#m_PN?$%1PJ>L)Qu`zLc#y<{Zj}H#IP{*aX5jckew>1%EBCpO&i-k|K=ur{-A!aL) zGqZdPN>y#%bYP`=ZF4lTh{de>bZlsg?0bI`K@f(f%QppYo4z_?7P~M0K2ap5SH-eI z-`wpRHj{^=BlUcY7g^t|iOn)>${xV2;ii!m_9!S{{HYL8%DbM}1)>GdK<60GM4rT3 z-i1PZ=Y1mSQJ@*!zbT+P%cUb&=MyJ=d%=R*o%%(oim_WOd*#Y-Q5E`{TzFlO%_PrS zc>@#YL%DHVN5XeBi@;$Oh%p3#zC*6$er~;k_ZYTI?>lRoLNE zXaLddtx>^%zWn?$;ZJysy1#RW-5JvRS1ckI*5Q%?SrFdoLtI_%Jt{qL!7Mq5LE}PH zC59q2ujk3$T8WR(mR+6UW;rOLs3{@JWBG~~-9+hPe_(_iAJptr;fOPQGc21Uw0DUV z_=Ej%7i^{B#>MYfh}PmaFLwp5m{N1AD}&V3OPHaYY=-J}NT+fmHWEX0vs7E(?8}!} z!D~^wUK0y84v4SW4Ig>JKYQkXM%G-f9Hr6FDgQt$ywh&8Rqch0=~@!bOD4~JQcl)e_-f8oVRg-ywiVSuZnu#Rb3 z^3N`MtGwSQtCpPjV5XQ%+eT8y-kkC}KVN#;`}LW-0iRGOUzH>4d$paFll-94q`#MD z;LVxs)*!JAIXM8(HfrfNR=#_2Lj5W09{=1p1jMcOov67#^SDseTOUl^ir(k}_|#mN zaEJ%Wvzn%@icpnkmlD$kEGrQ$q7oMg2J`}K11hwJ0(#vNGeX`G8mc;>hx0Jin&_*V zX0jDMPc)$4yt`Tdpx!l%@xCJUyF-ajNV?&%a_4!TmY^f0jbe2UaT38(Ks#Y43Lz?` zjrHu^jq+6d`5vJ#!l2)I-8=v`KhV#Ly*~qYe|7h0(eadplOWrjM&;_X3FSgL8+sed z&cTTJ=xjNIFHkWehTDa14CeRBHY3Po{8a;$=z15E=v!axWDkJ@A z^aBKh6D_(!S~o7ly0%{lA#&Od-OTYfQUaJ85RcJ<2l8f?;DsCl=j_#Kc;y*Io>xza zrNAw_S&!(b%--VyY(5HCoh|+1tdU-Of*U^H#(|sxT0gL2!F*tO1Zi>#Stk$|r*`5G zk2b26$Po+9We8Z~g38*^YE_9o;K8=Lzs=qQKp$lH0RN{fSHk+uAFx}!hi z4OH}|8G|BarbExM5f%}@POkVC-(%IhxeAqHbb};26D!tG37^9`s3o3Yue27G88_PT z;jY@_u|vYj*N_~Oso0fvUVL3tRDZ0Sr0|9UvRkv$j5(BYJ(4o?EU>k;) z)702$oCmk;p>Q@zqM2^IY-lEQf^pwJD|{MCenzlUQ!E;tpI1f;V@O+39s5-_P}%+P z#kmXEp?B2V`GrU*b^htanS@J+ypT&fnAjx#k;wW{R2-_WQz;AcWZ*}CZCg&%b2IgE zfa(lXe(k5@5hG>35{1h{BeU_(d7xKDso%Byx1<&Y{5Lul%Ke+YRrD}CadxWoplr#B zJm15em!icP_UEMCMwtB-7yEwAmD~{@i*LldC+b=;%iVmAAEiV^QdOZ)-fVl@&7*~L zmP9^q)EbtU(uF>#&|8^4CJVPJ$TQr&oVIbu%v4NlOhQ{$=^UR(OgcX@J#{Lj z0T7C8f!1Fi)NWOuRN58Ktl-veQq#3?tH}#F)v_-&HY66DDB9;hke$?NY91&pilH0M z);sRxpuCbt^BS;IrN0(u@555M`IJv_N?`peV&T04LwY(| zQQ;^5Wvn0_Z)G{!Vm;FgLvJ}IsXLizU_b#f1J*8 zw{Pg2dw1G{{SRa35S|Oqh3ncjckOo9wr$(CcWv8t`_{H?+qP|;?@Z3lypW;r&e>dBrqOZmwJYImo@Mcfp(Cs&9Z`cblRR$N~*^67j zvDl@vGs27TRs(fYp739ZkgGDIG`sPz_NBykX}H0mf_yKrxg#a*#RKbHYby_IaK`v#&)vtkBJ z*7U_mY&%5EJ{d9e&mUqt;qo}a(a+kC&ka$<9Ldvn15@f&7Yaj2C(p(ful~~#%%V0> zT{*gsS2yYUV5Lig&BA2bdk!84<4(Z6q(E}hkLqacj!bN)sglfETZ!slryEJp&MLMCarim zXN&^~UeI1}G{t<_EbRNW>KST)e9 zg4QL2Cv9YhgGdKKH37o@CQ|JZJpN6S6y__YyXz8UQayyPy@*m~#e7?Kt8Afz#F1pV zBa8n}lcl$jK1vY&CDC-mJVh}RDG(C?S8c#?9E~5EC%o;UR5W?QEyQb~L^D!7>$O>h z_sRL)IX+SRPl3i6wfK(M)2u@H>X_>Cw_ib_CNyk|5&b%!e}2!1<{Ie1PV4Y%fH!?m_p zTfewmyitFVcWEJcLAlHtO)Pzdc$S6&6bz1QT1;M*zv zU0wBv{?whsJG|e+D7am+J^zMRKU%i%?}Auu?)xAi&6mmiWn-ZzJMV$2AiRH%^%S+i z&mGz|z+HLuoAj`0tQ2EWFCQ8782dyhme!6CQe2v_)i<`Si$%-+@s>B4gf^mNyMElg zSaAJ`{L0np-3>U4wT_4ta@W0v=G&wqlTKrX5}TH+T+JAyQBH2KfWeQs6~-L0PjCFd z%<`D!&+_09Ny55Cc!$;S>@;!E3NIq=~Y5OqIoL5C=TpCxJ~ z`$I!z_Wm1ofL6MXlEzbTsQyhGxVs7hrf)~{0XY_pbheM;BqsGMcnyD^YBc2t!@X;9 zG)hdrioaB@+U4v?x`L-ng055n@-q~A#kaHYJn$L!L!ylO51ck88;I9znAlqEg|u|RdCXsc#BhnMduoZ1< zocXk7xRW>tyV5;YjtzugzS6yWnF-ckpxz>Rbf#!7V8k}AXnT=lg+0ho6f_}oQ z+^0{_|LrTk%NIamFGTM*@YD&_`Ti>Rhdyg;r5L9_XbMP&mroS&Rimw7#lCh+ri2Z_ zV%7)(ZlE)o9JC#ox8^^9rb}4x4czNzR2uhX(w||4D^i$^Jlduf)u6Y>9?PauS-grr zeHp%URXz>SHU7?%ehvcQ9tkTgIC2^M+rNdVaIny+q0Ef9|+Zg}T_he;iOobI*`=P!*f&k6!dX zY^Pv0`JUVY9v}`bSmTDWC!nAn1JYxm7%&SKG+QNdn7Ao9|rUN3EpozK{w;03x~ zDA|8ggsggQDQFF{!}Ig-Zf@i8|idhA#xjtp_qMScytX91i} ztsQyL?m64<_J5|>e9w#*hG0T>$EI*ucM5&NuDceqs(JTJ^m|^jFV+TaWLwpo&d}7U zEFYLc7Gmtx;(FOkN_ThBzkvY0%Br9f3rSQ_Kleba$Iqnq}++x1C`)~ zO*RtFmo&VV99F}~GtE(yL+o_wzbZXmm_$sI7uTJ$EpLXz9HW;L;C3tRfNe0mwGgz- z?L(|!!N|mNwBCDV-~bC*5KnkW;=)_)oKSgA-P0+-wEEr-?tR}au(s^i`UG%+`8)b? zz~XbMai5oci_U-tyHuimehg~yshTFW(c{&4@my(L;t@yxIg9Kf-m_f~XBr5MzWx*f z$|<_U%QkDXFSrZ8jQ(xB%;=36kFkIybo82Y^<2hVOLNKkv9WMqV zr13{f58i*5<6fzJx$}S|JZt%H5TgvaW7ElNCrKLvt^Cdw%p6#?$Hu>l*y&G7c_H)< zUmU%1sw7V?p%1K;U{WtQAC%a#t1Z?w1mirorf4+>gE~4{1@vdot-`hI(Zoane6Xfd z+C`B2cuM5Fl_|aHCdHo=*v3W}=Pi-u%A%6{@$fjqo94_h`3LmX^FI|9#AOOVoqJ!J z<$+}5a;9cU&n1E1S@}VBSl&MeyToQEbLpQiq%o}2(~q|7qR?w!k~kX-X@TO74|I+ z!l&G1k02&D-$!aTMR%aVE%uD67a%+lO+zm*LDOp$1w)b{Y~a_WoKoM}h@iyN2iiO` z)(FW%pKA;U#Fxtm_1*{9{rI%*k`Ztaf4EchM!j3y3EU#o$iP?0p*lEC%MZt2%&Ed_ zA`BfSkC?ZlA!DoSDG*K;##lnjP1@$p(j;Fg;_J5c-Wf?tKaHP3`ffAQj-R}7#j6Gg zHXaT^z0f>ftLsyDTPS*@tcwjRi%c0?*^oCXnEf^nwtj|0y}pGpgF_N!FK^nO=m1* zchm*?sNuX(H~Tc`3cF?pAI{yyi-kW9dPj3=b_&_kzc;y^7M-s~YR&|MPn+b(`a1-G z9&*j$PrFM1L@JWazxd9IhwB~jAxzQzu&S#1?+Voeeh$ng3O3qFYbx-jzKI{}qT<(?s9!Q;QkWVzpXSb4S$>;FnSLE!qxVl`bgOoRV=Dn$NMf-)-b5!2*1L&swARfo;L{Wj? zqR-eZ_MK~}@yzGkV>GcnGEO7r-O!M=ejA^7i;Q&}QTE?|Rl~qvSBg4UvU<$wAWt$4 z?b0Ge{YYdg2e?iek=#RoEI^w1CouwCwZ!>1TwY{IYi-O-7{s~OI(j4;d^M$|Q|v#{ zikiAsHVGHyy+oU=RZ0bUkV?>Si#iScypwN@c&rh6R9P|-mvQWB*6+scqM{)x`Ctd` zyU8g@Smo6&7yB=l_081_f6>UZNz;ThO!Ni;<^cO)UCLK|?Np0T*x)%sj)G|BuY;)t zBm!xh0(nia(Vb{<@Me>i=Fc>c)q@nfr5CGnd>;d|Tx-cSO41VQ@Mx_HuBo2niOpI3 zX^XxtFLSej^2`TfIW9*p%^3@+n!*HktQ@g`ut)=@2u!zkqQPGlAl^%u3xnUxd3HDC z#_oV00R^Flz#xZd(8!7BrJ95U&m(Jjnv^5p5`9Mz5X;7BWu+OFgD95*`D-b5;1_Ed zAg#yOe|Tm_U3QT>n*7rD|+qwIiD`IoZbb;*2d%W!=P-fkZB#$ftpYX z^7xb#d}F99jKaG|<2}8F+aMcRyP;^xQT|~3K3{m|=_reXZfBm~ucsRKO#2|+P-_uL z+sV?TfJHGY=}`Zks^`Jjbsu`5DM>+7fYSFSMLUo!IiJ4-F(A%+VoFHfj0bnHdIe6P z)|Ymlw4=|MOrV#=73z@u;8JwkGy*PK;y!B4!X|Z(Gx3=qaG{I%b6=%gd%WY2T+(a= zsJUnWJTue9vHmVe^Q>AceFuO|B2?^Q{%mF96QSN{50gk^Ez(NHbn1=V4N5kWQclcv z=Oe=L?RSrtdz;jMobu4RwotxHsG}etzO?RwZHZES!#*3^Pe^7$`z1Z* z<&Yj_CZ%CrE6Ru6euu^R07-F^h=>sJ`(~+MI;hs*R%?-~q~da&khjViU%|N|u>$0v z*dI%;T+SRZviJ5!8saVEMKZlzL?#aD2{i#q+LP}AIMX8?&qO+<4&0uvaSbYX4|;lg%nz!4`_C@Uwl}BL);)1MXcK4%c!!#DRuQuMLhL)(vZFE`jaPq*19NLw!Q;n= z7ga~3l=+GuR@9}sukw)-DJxU6I~)GI9tX)pKL~3rS`lJ|HaMfZ^@cEc^ie6HMEkCI z$gg^;;au4&=GI~b#Ii*hWq;Prkm0ZK8MVNOC03z;rELEjDop1dp=(pWbuxA2gW z#Pt*+lBCH}?T$$|p+F$(Snq#V6mvkRr^1VybtX7(tl6i@)gh@-fM8yFj zc5HYu6E^kO*4HF=4-Gj&YjEArwwFzlB!sJOr|E{7MDY8mwhy#-o(IKB@KcdNnYa6q zfn2c5lW=9}Cu;V8nGe#fMqzxDC(g-OP5Qq{}5? zUM`c>-EtAG`DmrYT#|91FH+s7^TiBwI0m?g_X@~h*)iw+}RV7ZH>AXg1LRqv>hKw#fR z5ic-{P2dX0d7*~XTGWN};1d4oF?*t^#aX-jwyGhp42Vx!d#*{OX-oJ$Yeywp}~ z({k9+cL^-n2wJJX(kGUqnOnx(p~#s*gpmPO(LviqUtHmbvf5s8Cv|zj$XTEv^D(QT z8SY^^X(w2F(w8AS-4%*oL@b&pu#Z87Q$)5*07OWA{2!IMclXu3wqyYvAu>2;b*LqL zn$A}i(rBSNymeRH@TmJkSPXIH)FAJ#m@(od7UxVbLb}60*awa*<<{6v1d$ z#^=TSR@;9Zg?e19r!sgNr4O8Bczr%vnzj2Ln4A>n9Xl&aoy+u7jgq0IJQ8BG*K&7r zz9a&>L)zNhrQe`KU?kDze-=iddlJXCp(xDA**W$o1a68_-G=|ekae7Ex*-pw-wJygvV>z>dlfq7{3LBlCQu@21+J2a zx(9b#-Uv&C`6e%p%gxI(P5->>Tn3Na$CRf=Fsi)y0<5r5Z?BKO3LWpX20(L7GI7lh zodbVZIr+)dxJ_{QZ{Rgm)IzLA+_IM$mMAeG8U1wufH*Wcy9LdzL^=L;@gSjh$9}Yp za(zVmW-EE2aSjq4w!UFdnz~iM%?zp1AAPMz6qxqsb+(G9p4Vq#UW#6XKxqAi;yqwx z8p7py8U$txm^hZ42443*wd2c?BN*skfGf{{4W}lGMLkJO(qAf~cUe24a-^E)uA%1z zTu`N0#A``nCnn7RMut*f43Kr*xhvydMSu}DU|!*@FVX;6=^K$dmt1Vs5>gu{cj$_Vs3)boN>{_=-&U1DS7>)l!9fqr4TrW^>&A z9#~vpoDMw;QV6>qzV3evzeO(hQruJPgqIk%NjkPzGAWI3c^ShiDJhP)o|6V0Eu+S+xp?{Rhl*n0TkfAjcg~rCJ?#glStPUf z>X9o?fuHQa5Wjuyq~r&xA=jXcVv(z^Zx+sh*B1=`*!kJdey)#N{-lG4UY3TT{u%3F z@#>{o9$croAE99|kItNm9-+;+rK%fw&S>U`lVE`a0aj@C)%`y37KR?3)Oh%!S?dBq zb}^Tyv$u>PB7vLJ#eJVg0FeR$&i~VA2l@A zpr%18&|~p*>w3pU7%Lw)e^$8;A*tSp_9nb6>uDW0#x zlJ?^VMFL*hcDr#T{3FQc>(R@PL#aEfcc*qJh_6?O0i~C@p z`C;~aVScZ^K*424D#j08K7#&C1jcB+%?7+bZ>9mk&C?KGK=9=D9BLlW;1JCGeX5^- z-JIaB5eBe|P;(XqwE#!Z+%i_4%z|2b8$OoWO$Ob7D6vRnkgu`&L==3oz}n zE4W;%DLi(uTiTu@Pxc^lPM1zCYdEZ9Im%w@@PmAaJ>o&^U-#{q>DHQ?HXsPTw!c8xU;G z_}Y}h$im&CObmZUns=%_gOxU^DnO%{eJ%LUbotDRMQi^gm$&~1bJDI7s8QTfy}8cb zDlw`fOjrW2G$Tl|?zv>IpMy!6UJ<2}*qdl6c+Yb$>We*Od&lgXe63_=`*(MsDTUXo z4y#_&_umE@_p9NTtExh(>-2?@G&-}JWRRjYs6lAw4h>j6eb4w?1>_j8pEsmM;lDZK z?w{gjVR<&>=Xg=sh=-T*aS^)H!M*|0r|O86_23-~w)zAnNIaCAkc;jYLzpNvtjRkmWo>j8Tt-6B_oBi` zIuPiHp6Zl$p;YKe=;P?piLPo-;?HymqfXwu0f=Fa!yaB}W4;gUG%sqcyn>c&8q8>?)n6{?mfF}9k80k<3DcH zZSLsqX`E0fL(jl-Ks&I=Y0@71nFf;b(CiV!0u1 zv26c%*yKg=O7Wl2w7;&=86ly7|W2#R@#Z9Ci}gp!1a z?di}d~1zVQI4y0&ciCSbcfucHa zZQ`K3TZE1GtC8=mC3Dp`;ctVCgslyf!D5$skw=8}j-qVFedFeW8|2zu`F^{|b%G~c z{R^hvO!?>_-1=;zgnq0N&ov%GN-8Qz0kS!t%Ul38R^T=Dse+JzdDWu5k*5NopHeTt zXpudP`GmbJe;a{D$rTa!=Dh@Dm0Z)RCd86mj^^ABch)Z(c)i5znUxt36t-KI^4e); zXJGe=gKZss*NGghzUA9>uRSm8?Px21z*XJuE}v(LeErQ79I_?sQ_^RN7-wf3*I8?v zlrxF8*{^*)yFFb?hVo`t;{A+QnES$6_ve~5GeV%VYZhjf*)~=_w;P7!t9A3Vr`)Y^ zA*7D(5ZnoYGn}CK&}@vR@4ZBCn!A$oMi{g3Zk$<}uOD{XJtQ_)lw@grcha~>ctFJK zPL(?x^CPbMk&?qOrPrO!wKJUiexNgX653JXyGfjilzds}U!##J629D+_`Jb+pVP!< zRvylO2S3!gXHEBV_s@O;H^P0vr$k7y5qiU^wnHtRyDezsMgi}l-Qn=+o>~7QX9l$P zPZpNI#xVUW`!Lmr0F8R2{>LNIhr=RzxXzNa_f#D}StQH~_p;_+BRR?57c&%ZSo|f+ zEc$=s1k1;j!3Ze$6oR;zK~!c^R;F*=k?HreyJEe0It6>dE{TZ6u%gYPCIEAUx^n4@ zTP)Sc#-p}+w7|@#cTz+qWdUa0oUeA3#f-YhbvzFYOGn!CrYtS0?r`CwIQQ?LjSr%e z%((EcWGjv5h7=;N2?_yCruT;8qD`5<1wI~cY*a8yf&7or-PAUsM@HAL>m=Bk^V<*G zL_r$vRffcabdw&1-rRJ&r7hrcRtJ@mO^jjkB1TG2RXD%Jn-AEX^6mxyRR5h6+|BO) zBva4SW~9sfafG<0SBxNsbDqo$64x>QuJ`2oC&q;OMXR`Wj@{MNPf}3_dldR3rrb`S zBxQwN6nsy^JFmavOD}`XftyvaBrqaqKnXCPL6P4%9lnh`d;galGV;H=##k@>yE6<@ydAW?9k*`-8FUKqs2PKY z+?I8^)zVYLsds!2_+D*aD<55vIApnmj9L1CHvjz(s`AFr1ccQQ%ptGwu2?6_=ZjYY zVRE}Vbn(a{<52EzPBEPqvC{^&qE1uxP8(Q;9YY+#UAdtS)dzxy?mT4&(<~)&SbT2b zrl3msHAP})9nu^&I#LnI;G7SekKW&5z8~A2n~ID>gx}+1|pC2HK@nR zIiyi{J*DiIL_D$Vpe&|H!P}_{&qIi0p3Aocg@2c{ur=kXK~f#UP|Ue`A?Z~ZTgqh0 z$J_zcr?Sps)(C)RyH4K~d4SIco44SrarrS&4`kNQn9ov5XobUvdUU@jUSSo28V>%K(DVPs(*&DiF- ztyHy8%0KGrX;mz*+}vA9FZV3X;eDCX5?ZydJ-5D%{V2#ztBl<#JCmS_hNTkompdLH zex0RWL5O$V)NnXux4-Vb$|(L{D8D|<{J1V5ycyOu^_O5{Ax_)(&Fp=sq`|hI0ckx@ z6_>NQ*VEWONO|Vko3HSOKq$3mE06S_+pDN?N7Y6qgVG6jki$5Q%Ras+wX2I>oPc=+ z15i{M3rX4$QBxOZyQFy5);wmOH3%mU^&*#wr_ayckXF{>UXtXkG)1ERVxcNBCBwcc z*_Kx^tifORa+T6;^U{uAQ5V4XV*RX0A$`R4WdKf-uuqqhvH{aiM*A+(BNwDI!Q(!# zH`XkN>&5wJ2=}5JoW`QAlH?hOP@@5HXfcpR9xJLRF6yyMneR=wO-c>o&>(JaLogM; z{c|jaNaX-Z= zlzD8s7u`FY#{=&^(q`Ygd&K$aBkRba!(d6z-Qy#kp7fZz@2d2U$$k+!fPS*xYkSoK zg_^Ds@w+evdgY+k4e??*+hJ9Bl6f+)YCTfAu8C~afcNsQcdDVBJVChnZa0UY+$gel z?f9Sq>S8#$JD6v3A&%P=7w2{(Trj^_Dkw7KO03w8WP>YIeyN1*2(stJSJ|@DYNc7q zad;H=L=j2eJW6T$_j%&apzy9B_b{)~Z>=@^)TC z&*=W#q9<&X?~$!%4-V6>e-UVqoiUwKMw01lK)eT>muof%-mIJ? zs~HcZ+dg|_&=b*IqtrB{be9*A7-w^v8&16qB(3FCCrdBHK4ZpzdysYq^78B@liN3+ z3sVLUS(GI^X(?xw(gFD>Q?5`Vz5V<6&2M-5wfo8 z=VZi=w7!6XlrK-`^mn(vjoH`W6kvAL0^@+wNxD;60EvJr%-L*ZD&IcQnH#snFU@n$ zMZPcb^vk*bVu;?r)zWhD8j82F2sn$3O-Ur5LGUS%d@^iDz(siDW9Qvj5d}QiBA~~ zdh}qmdC9UlViGsT4VMKT!x$Tr^fjq=brO9J50(6(uLOmBmz7CWIr`kGBEgR$#KqNw z5Di&}QIi_e>?9g}o6wcw4r_t^O_i&)V&V3vz_m`edqvZRUmU_NoN&kH>!0F6IsEEu}mtqbP{lRENxlbx0 zGdRsQNZhu&x;s-8qVvdt^79fnl##FhBJFw!^35co7UVlmwZ%UMzjeq(`8ihkm^-LW2EulLhsJ>*m+>|yZPl%$O4HNrdpE&y|Aq8_z|T)+A*iH~>7 zc8ROj(G>XRl2NQ1g1&HD+%8$Y@kRhQSWq1q5gtbMgbK|gX;MMgO(97~JqJ=zttnH* zLY7XrDVa)!2Ev(SW>nMICqitB1M1wK?j8C`Uv3@u-{9hKUK#CIK1VX*a2Zm}*W+O~ z#Gh3O8R|(s36<%?FiC?~81U}47)QN(68v*(6(!Nssd6}JofC)9vG0a_C-g}6-`ucy zDjdW49nlOS(99rxsdtZmc@Nvr_~_a9;F&K6zs zwkPp*;as{*BP2RD#ZFTpbQzIlYtT{n>qfGI+m^&j)zP(IimSU0uy~HzCsTAnj z+2@VzZsIs>^X_7-aZ*BsnYrWE4+^96oV@&ZIDy27L+11=nWf#v7MN>)=j5Ob(;rr@ z(kyD$@a|A<>v{iSHqaAs#0^WY^!`;g-JKqX<}aggrn0DR?ZPO)lF);7wQ3y_`G_m9 zh(DPP;VnRPMYc?@kwkx!P9v$}?k{b&B^;q)Nue+I>m_o61%P26pPV_xM1#A_JU9U5 zSY+dhU>}T>49h81Y$d+Q(|(R=!-=I$oaC<8EF4CN@aGi}2Tzh~`)EOvrbV7VLsEaB z#X@_|QZ}+E-vVmZUzh9i$*7zfwf(4UT^v>a4hfqLLRNDl=XQ^6`~!}t0&m80@{<+Y z4lR~*J?5RYdMk|Atk09JftOuoIsD}Zrbbx4uRRb}!-hJFqA}nmfYR^{SiG(3E6MsN zh9jBuhggj*V~GM5D%(CG2yf`n=h}hTDuq_j9~w7!$G6X&I`w@1LC93$=XY@>pn`U4eybwr$?3K4@rDOlWGtHlWCo6n+OMiV{w zKEhf*8M#6R?p^5uK3mXjx$1K$CQ<@YSiL!5g+TmKl|B$KI7__`aT8|thALrM{HXqv zb?4>{YfoZGM!g$yDm-}E2kGkh+Qynn*w<8J_)tov?VXQpn_NG@UpiEB^K zMn_Dob18pKBj|BLr;vs;BCCU8qjn|ieS$7`2hD4+*IPBsQ zxJ7{k@J%RS=Svil+fj2iZ&S^1jn(qTbfgY;Tv$Rdm~n2dku{~ep>Y%UaF(Xwoa8ewZ_T!X!2Dm23Y(XN?Yba?T8QFq#V~Q5-GV$Qu zZ!9)$yVT`!^R!%j-zbtd;SVkF9^)d&83e&R52Rwa?dkrZoP;5{fpjAjtpGrc^Bgx# zf+cjcEh%FZLHKh14BL4P=#=o>e)AWX4(BEx0?%GLLl`(zQs}Win6l6A-nN1{M3h%T zt34z@>F@)EAZr_}^&%3e0pNe~n%hCvIZ-flpUtOx85Dr3I+A5M`%_-%m&P%fvu}mn#Tmr=g2okC(}MLJH4;iXFQAJIn4Dm!e4J2OhQ zye^3+$3zvQ=z|TU(Oz4a!bKhZ6sk8T-@qFLD-RSr!ycl&u+$Qz+{$Yo`UBm`I4N%! z(dJ1)%s@U4#WLv6e~~CLW$Y=qxerWMv*Bm2pfrQNH@c{j+cn~}ynvT#Bul`o!)2C? zt>SHH3-_kFZcU!=AJuAx=yh)Z*MwCwdNPCUk0GIW&+nX(W`o)^4%7?Xf5VJe>t%VK zJp)4E5gb|LdxyA}6^ak5+A_geNXM=J<;4(gSo%f`h#y7ar9P z(A6J$sx6qy-Dfh1C092#$B;^%|3&qUu-(04z(9pPdpsRD=-XB@cQdCYXgUSVL|k|$ z?y-%6R_pxpW-k_oGf)lT=TRvxDI+O^>~N;J%D-^lzkR7f&&?%8fZ3Yc%`GKZRPV4( z7R;l~3OUoZsjs#yFLw$&+s!NYB;3;j`KJ`d|0^`33sXtCkOiQn*`psF{~D*q#W6c5 zE~Yy!UOiS)7^ZFvxyU#ZFp@lMl!7f)k3uWhUTCwEFugyd0V2WmE!Mo=gI>zo{jO;b zu@YO<{FKAjg}mq(os0jgA61wN3Laz^CH5y4e zl_$!3%WN`_Y%xeC5u~#G!oOPnqs?EFH=~WySYQ|vqS_grQnq$m{}J*};22jMgvWbN z4Vfh4l!c&zv;c2%sz+HLDIR48O?X;_O8$>oqc53_X@$t`%scx)xge>x zn#{Gef%~b+u}A6HmLGfq{#UEM0}tLrr1rhS&yB1X8KBDP;8*-&Q%KJd1-r8B!Q^wB zw#i^1#KX@{ZaJj^(XXgH3I~Tw#y9FneGAK-+-;jS5Lg#lRBN0eSF2!Aw5e+(UJ^n3 zRIr{_!N6e%Y){LE#8JyYfD-K?n`8I79~%S=20l?#s~Sb&Fo{dS{038y6bGt|#M{O* zn;`sHP%6p`YKVW?%pk&-c_j&qQ7(fWc(ZFP=Fg$Z>rh8m_>@jDb@!OHH!f3~3w&+r z1DR8Y$n4><0oJ(`(yhh-Uz&WaI8?yF+7jNHqh^mesxlmP@2+cztlx<3KPdmFoz%W> zY#sCp24`Apq#t+CKZ>_>k^mfS=W2kA0Soo$>SQINt~gUh#K!#&d@XHVgbV}d6wnB^ z?Y0*w>#A=si&OA)=0|`f&psAoJ!(iAVif6xD8(s2_}vQ|vbps4#KeRnyh^CgTff%* zZ7{k_EY{H6@njsD*O$ekZu3~a2br_vk(oThkqaMzd@zw1is=&!`@{Ctidb>fWAn}= z4}HOYPOsj|9W;uc5nrQFXd1~e2anc7!3fel=lX?qf7s=^_E7 zsA+**3v}w5(pdyi(9TnY-2P853!ms3i6ck1qIR#o*u2Mknr8*`NkzbToC3%l9iJE5 zaCQ%vB8pP56t=1og(9o!%r24&3&tn!?S|X2FO0$db?&!xp&Mf-!EBW>eNx() zNxA+NJgW)84G=l30uI0>QPxIZTi$jMTk@ek@x^N=!nVQD}eD zAr4JQJ(TJ9g%ezDUeBu}+DYQK{0;i**X6^DqvEdnWP_3@wMpfS=uHaQb$ zJ5NvMZMxsK(p5ZMB%6SqNvj5RdfuV!{zeBxG>X@-K;7$>}objB)-oRYMDyQos!f5QS0^wXc#G#z6X|ysv+<9hFe2s1MB$bFxkjxcW z;tZ1Kn`uZfvmW7ps#F_he~L=4qb<#6>Q!43m<*Bc3`77A>t5e-gbe!2>go$F^OtKbgP#;Nn)g?1X^3m&LueagI zGLQ97F)mQdE`KGwF>bjPf}M3RPT0dmXpCAZ>btO?govuI^_F-}z=}qT?)!NjPGwDh z%X^GsSQ9WfNS;d3(2EY^Ey_CAiVs?17rjF7#?8q2dc{B)RWvC}O+O`hl+US#&?1W6`Izq{bTo@loMhFovkVx;}iS3C9Ujr zNC@&r*@hK^eR$X#$5qNb{TraN#!W1aCNB__$Aa<4mgC447t)8dU_39*vZb4S`Hnvc z&7B4Etln!jzgNk{P%f+!i8KhlSnQbN_?0q99qWWV#sJ#SR}f1}`V_1*M4X23*SDy>^v3de!C6B!>@=hHvBDN1m>3cCJPn34c) z`D44R3I{O{ZzzF!z6%3x>>yXJf3TGfRkb*x_+rg~8(x!jEUf?mXKK*6=>p|7gsN4} z;+qy7y0#2Ov$#(;mtb!)peMMo(S>6^t)7lemPpaF@)zc7Av(?R$(1wzfYq+lWJA$O zz##-}0Ob@+1^^i& z`lCR>Ej>8^)dQdT`vI$ZnKL9Y&S4iqtY>I%1n3FNkY3^QWYbR5_4WEVFn_y&F*Le= z$b#NwK>{5iK&*2L7jpf&QP04|LuP7hc5-TKgZR4vfIQ5|%={a=aYZbk^BY@1v4Uv* z+01~v8hdptEG5dVflQWEn^ai!m_eK91P!&Y<53QC%q+CCLlFazE6j zCScCr<=WjI86w%1CP%YSuup9R*mI6xWKznvyegs?;9qi^M|MnqW+*Vnr`|tC8dzmyq}voB0jQB_q@f4aE^ z1SVGjZd53K2BfP4xcoP1h0>fVa?Wq5L1lFDG@7nx z@pT295`Q@nk%{;xrvwdvXn>BOG)+-qQ+J7ewSsqzT6T>jSiQUOuJD1(1aQsc<4Ulh z9zfS8vCm+z6)7;|<5u$`{YXsM{`i-dKw~w$#Q*o3hyK>d&FlrJr*{~M{I~RD7HHwy zHLE*R#}x45#`Y(^fK}K`u?13CEac|*GHu?kKGm(hUNMv-|I@GKv{xR)md=*vC(r!% zG9BT}{lVpTFrcKdsf2q>Wf{fB=-xf=Cv`F)Af61hk+~IE(DN%z;_`La7<3(C%*X!y z^Ae2K-2Uy3iQXu}}8`E5Z#*Z1IPU7-noKk}MD~{;vGCw&dqPx5# zhtp)B9aw;ZA|H~8#-w4by$wjuCSI2jy#1He69~hM+lyfcY;OD{%-=Z_Oe^dcXIrYa8!3j!azi9h$#w#B*OTm0h|;4HM@;4c&V?TpJwwCq&p_#Q-uD{}CbJ#Bvk z;`DQg@_7nJF>7DWd*rpYcC!08KK@zt?(V?GCb9f$0fJjRG;7%IOA>!cz`GZS=icJt zX9g2-Zu5A`QeQ9l;DOKwE{S8a5B6b9Ni+=Hx&CVibie=51sb33$BUdJdzJH3#Xt(V z`rjfz?fhgYhsrWP-dnXKx}9Y?aa!TIMTN zFj)>y&BuIHfh+t*J|1o{eX^YhUo!U_1xTbY;FEs_O`*M_EWd$oa)4d&8|q*jn_p`! zNtF{(?X`5N{GM4PbEA364Oi|$Lpu>>?%8$1#{kL8l9$c zZvSNR5nY>LROQO`Lq1`%-Yo80t937i?#S`$vYF`$s2l^!N6557bk^&bu0 zzSxDp!jU4-j;O=uWp!p;jAiCs7*d`$Mp>l{lco5ii3J@1xUUrOq;h*+nGf}m5qF6; zgda9ymcA*RpFVYzA>SgKKhR@X`_i^cSf~ENtB<1S!(iO2YLaxBX7kB`pc)~{V{wAu zCxV31WteXjUo(lWKPz&Vj*zFh?1cP)Vrb%ndMG?ru&k#)+!`#OzWkzOusG~MFF`_9 zw?ahYRD@Tj#-`d>(*3#ea*|q11StlA#aSiU>FF~`iffk6M=rftpR&c$ajSFVC(&%T zZ`$%YRhZyk3GG%zg(7}09kQ!3ay7s5sag<{Ky@rD^OSFOyA-@eC)MMGA@Dc+q}x9Y zqt~u@VpcxpA#g%{MJJftge2f$_X`oaJiFd`R}saZ^!v_WkUVOg9u-|z?tF&#JHSVA z1tAHY6zsv-wa$*ps;%^63d5bmzz+%0OoaJSJ$VsyBExiPlX<#tv)9vD)PCeqtJcjC zoXb=0tx%&M(3I!B2;gpeSnebehJ7O(p+jI&Nk6p3ek|g!X`ge{K$U7iBRs;L+%vb_ zM|l$#eTj!Gc|w}HEEmfGuMy6b%%t#i0-X zKnQo0IvCy2@hFoU5i>>+KUE))6O)h05x8;`|AwDY_nLJ@8>Li}Qkv~ZnM~Q%{+IPP zK8)S-fJxa4-oPwzv=s}OULq~va!+l>gCyIx0aN$1qX+Sk6V7Jw8g&~I>o9u4g)45+ z8#=kS@Q)mKJaI=p4Zu$q;>qc$Q3Ar1urCGd+Z<3mp+kj~T78{cDT7uH;wpHBB?mEA zqomH0+y=t1twOVK+URCdX*CS9f8~BV7u%5v`nly+x(C(uaHEf#qNS#;3_~X;zmrHY z!*4IVmc0%W1w~*({U*?L;9*nvvj|09t*ozqY#Ob)r+fwfXFjC8Rsqs(n)HXR!`~d+a9^X5lG4}l$H@9`2ia)`8jpL zmjR-8`}qd+rg;QVX38_)HFZEn++KH+DdL=q?}df22ndAq6b7k%X4KUz=Vb_|?9&er zS?k0N&1t`|$KQ2-K$2oa*{wFf8ij|#u+F}I|HGAa_-s;#a)T22j7KCHEP!JvY+o&9W`X; zP%oVwnu*r7Y;v4wKhVL7ZykL)c;)^LV;bH(!iLVUBBS5;*UU~RmA2ByipZ0l&Jrhp zJ9$V(ZTxJH#;du5pO1Ze-}St+Hu%?-ZINcBO?gb5fwJfRv9!bU2Qn8N6ph!ll{sd3 zw-WWPZ3-fR?)0wE@(T=#fQj-VYEv$ujTHR1>A=+%=0V?nI$Q}AryLK?(R=|te8Qq8 zw3X{xTgr-rmGi{h6*Oco6n<0R#GU%;j+yEyKvY|YtGa?{@a*ztqBNa)MA&g=9dd^Z zqUz3*Qv*64mGBx{nt>ao(9Zfz0)aNIdFzXQg;-LH&MscR9@*Ob%uX}HS$Y#kG!-AB zg%IDqrdRLYV}l7k1TTc>*>x?8sP}wP)S6&sy7=NY6_%}_=ZC=)nX1lb;Fn@foaMd! zir5ZI!QZWph-2_`VuU|`yU}_*(eGLr)kP zjSt@`V2KmmhV!;w zboS0){lanHOjnt2l?qxe^Zp2m8ghsBlsO#UB0cux5;$b4g=HXZ1q)u zY(YU3>bwrh;!jK=2h${_h(l(Zl5q6a(Odysl5j;*=!AziY;3)?1rIRzKWIH8lGv6! zPBk3o{HmG*^BJQtV+C(lc)(bmp;^^l>zDoP957$cij7T)R});@1bxDnDoqditz0iz zRQ8Pp#i7v062W<9h$JCj$=D5pxNa@syhJv!1$!KYw80Jp2CYnHp3|cpYuP3%@m{969RU)5IUWhL2UM%x>4P zr2k_gw(+z%5o_g}Wh-k<2%4Uo}a(oOdHNCCd#* z4tA1rKq)kTsVgwh&rphCi^ipFCcNvqyYDp5A;57ws8bDy-09oJLs${_DzY(1ef1;j zLtyj!uY(xbLh71dYD#3Y=F;=#;*yo-y-+`YqJr}D8u*#wWKtui&qJ!@Lu!I!glAo~B*A_PTtt z3gOS|HzXQUffFC#x2J2X@|DG<$Sfr#F1fuVpDHlAbk*o1D(tLc9AgcK!6$hh&7yAn z$waO8-`N9uZQ_T-SNxKoWGXR{ia9EpxKL{ctQ+Ku=Aqt*L4~`cgeS?>J*RJ#qb0~~2smriz0>dxAOv8mYjgy9E=x@5xz3y@f?>5X7foaf)#9IwwU{4tK#sV<{Gp88cf6vI9GmKjk`_(GTWRZ%rn`Vr0pS5TBEr24*nR~;JEI<6y>qt{$ z&tHLMs18D>FW0({-)OX}D5HPply#qcTHfx%4!M|F2bVr&xcb$`k?f8WMnYRyB2!3y z^EQX#jGCWh@ZT(zaHH(hua--oNhRyl{WoUcHQHZ&<1CqRS1K{#Y;j8NDtwWJoxLy8K1fS{E!Wj4 z`U#rMQd3LErfWGJ33{hmlRT!28X7Uuocuh0&t@u3Ma<|8y^U(hk!r71`}}u=ez0y? zibg%B#-ZExry(P|p`u-U5rsBGAKrr?Tode`-JE^oI4wBHJHCDvHkH<6p3m!iA#8%p zj@o$4D?E`6YkPTn;BIYoZ!sit zA|9*th^P@A^h{yP#+^MDkt=i`!k~M3!^N7>uLqk zJ!9YMz5P{Gb-Zk`kXAFr6yL11c^{|e$n`AHw02AB_8&F#3ue6Q)Sihxr6CsFl;Z8K zHb6XiteBUu=qOVpU1s1bQ?k)>8 zVa-edk8X*}4~=#4WBk;ufYtt0`UN~`D>{BD$rRoh@~2LB}Df^D#ee< zr!0>g)9RD>kVpB+r8zS3Hm@Ht#obQzW4gX3(DdWqKsuv@LWgE-VWw&lw2^*|jt9n~E zAl^5HLB+9u-|>9v;U?jJqA;q646osc8^(pGbVk0m;H;IAthd9cd6SrHBC1YTdEb;F z_}C7iK411_u1k4BrXqJ2CXIV&PDU4HfMCHF1EfT_Y%@!@%?dS<7zG?HzBsGi zNTGb^)02sKml&8|)buy+CXD;df=UU$wFY(4or*FhG-pJ?aG^Y=iZ? z3b%2t2_5#K+(RL0F}g_Q>NckEORU*|>>v@oBU+A>20!Nn3^e~RtAPZ7rg^X}kM zj-!$H`sJVBe}_KaV4tGGrSq?z&R)A~RM}8KQl=qum^>E){X8YcMaC_71FF%vHB4>! zUzd~Yrx|$JvM*2>VWM(kwLR}IE7Us}XBqgsGrkDDnfqZq2O4?FsG8s~AYfR`4}53s zTN>Px=U76A7JF6kQZbS|?Fe7e?q)B2j!EOLu(c;JEsK(n1x45;Q48S=>BuR9$~H`3 zR>DFl!CTh@{|CZO{EO_n@fuirc6>5XC}aO6p<_m7K@lpDOGQ zUFn2#W#7={V?n7JpU2CJOgXgzt4fI!y{`M&Ukpbv$nxeh`);Cei7WCHrsm}8b#^N!FxPthn@Ql{Q5(-vS(sB zw7$zRMj_dghwt7f&GnrRMLV8Zv5ZR?j%24aw=g+t_rc36qX8LapEo^W(&6w$(>Gv6 zJ0=sEVKwBzIp5?9L?;l>_Po_M9EAkhj|N!{&2%ccJF%cw4i3aZnbJE0LJ7&cXW0J`j8;NQqG3r?Ya)_yMlE6@H{7LMRXU zK@##ug@wIc8G=x0;&mhi-9~o{T{8;t?H>{NhI?Et@ijT8q~XwY83UZjy((3(uOqpF z`WP!HF=_I?wCrBnuvUbai}M2xZMPglHMc74UjyHma$TPS zJYVF^kmmsg_e&a&^MRo{fs_Mi4ek|UY)9!rBNmAB784H*qaUmd79?y5JNgdKqxXJ= zjNi8G+-Ova%v(7O)ay~k?M#Y3jc16QZY9~2^3?odPHD=`ASHfSmD3@H0V%!M<t9!%llK$2O@%#Q1*h4|2uuMP0Q&fCD^h$;v#$Y;2Ne?6~B z2k_^R91T{SIBU{PyY5;Zy0pF7Z=%%bEAz@2Hk;^>BSLaev|-Fn))d*Q=T*ENsY9C-Bqm95QkrF1_ zQs6Ue=8Y)DCEY)!k^ZFvJMqR1VBn;-($_Eng%pmAYm!LcrH1{8`IV*I_8H^#&-7KqY9b&5G_?pVnf{JGwt@*PLy@r=zql9wk#1hLoWf zsnt;__7aQjB?mcH#mf7gSLp)cTYfGAio399h%!wUSutt_*&!L?gcuG`ID z1>V5h%bFexX1)nUww)Cp96?9|?G($SMdBcFxez=0R6jb3==T&p#tX)qoml%r!(F^T z5jrC(4BuzI@uJIHeLaQhb+WXJU2#t9;~@mB9xpXh6=HXYa_vKDtwK*0dK-xeIGX}Q z3o=)t%vPrC=vQDM@0e(-^c>)xl8YHca}7@B)w7dh*JyWWA74K}+tKW2ra_@Rn6^dk zXa_1OXqDIJD&Mb4>Xh=^w1jPTOETrO@oJ>+G${)2ymVVkawdky%14_|;LwcXp~-OE zj)5t*YSl6h8M~IF5}*XJ>+!3=#Dn0SWeRPmtL>YJzY?Axu$JA1J_n@Y=bLzls58N`Tyz9RYoYont;23ILEqmGm4^iLq}%(F&*OEHFRCQlcN;2I|Gd3hVRh@fqppv@5 zpEz2PDqXbo3PKdz4U6v^&yNeOdqQc&_IiSH*ER_kq7F>B)4zecWgh;T&k0t$Jk2Ga zWPn+=MPk>W*Z0Qmr@6UP`XsNJfZ3yix_Y_+6NB>&ue^V}fh59o=CN^mRgK6hOApo8 zd)GL)>Qw~7?GV>8)kl>NZg=530%^ktPEWkyr4lY^pua3&ha zTvXPmx*I9zyMSvfaI4sh}-RhuJBcC(oDzUK4zd6r~Wsr_2Y z8Rqn(uT(nc-k|c$<*}LvKw*q>AO;emGRmQYg>xzEy@Wm zb17zR6iYC_l}}jZ2O&s#;3^DB(nhW7e_RIg?KmwElHRzsrriuLC6FC&}R{fCpY2V_L$iW5f< z3pc!58W+|KQHYrwp}W35VyNvT%ur&+aU#M9rU06Q>g}VAfa2SAlHaXDBzyrau0exY z#mL#46Vkti-1sCs)m06fq*NKwG=1ZTO^C&Y6stzMLUAjTe`ZhD634%wF&sOkt|Nq;M&#$n2pA}>B#fLK-^)^7iTWQ|MkdpmFQSQv>_K> z2J@cJQ*sMamN%7FjEIv?<|2W={Rc9rm@`ex~5kLY3;s#bHF zBZ6_mFQIxb)}?YJ!;_jtb@eMa!H+GKCkqKVChf9uX?pn1mfaPbIRZveNCEUBe25A> zh%@1M1K$SY!F>8T(LqPrUenADTIFC?b$eo+0~_`)w&-Z@^Ro&$>!6rZs~Jto-NX2J43)#PicNqguMfUNrTG(BwMU9uMo<8;QY zwaoGHm>$)Z^kI=5gB$b(h9mF&(eTdp{R;!yK8!Y#OJ?B@^l0FF=>vjZYX^xWafT^eHKZSrJT%aWdw`mQ#O!8sQekted67qTZdG4SYeV zqDUk(aQQav*jMm&YYqU!ve%~mLsbpR{8I||z9;MFIQ)%{^+!4-IBx)BW%96F;_Pkg z1@jseJlEXTVtj8>vF%peI)bX4iR0{)+^NvZUOVW2DEQ z8I4L_^+HVsDup4^kQ?nHywR&T1ZOzd49liG^LAbzgen8Xf^fG4C4&Zg-tzUFcaAQ+ zuTws)_O!D-Wz-YD2Eap49kV9C%|=@2fNLrc*^Y43xYOb7A`z|HY%Ao^)R%D$17dcv z_+Q@mUbMHPF#T}QC*EQgVVWU#S>YKv4vY%7z({*Py~sQ;G9+fF{ACYiN70Rw0ZMY` zsjoQdDBzJnjC(*9w6#Z_!vB@w&-pNmbz9_!kr0YzeBKz(3O(5GvCx9kJp2Sq`mu@r@X>G<6 zC1@&)gI14#H{6z~2PROz{*>PLYXvOqa_aKXui{5k#n20q)BvS|3h}Z^l`R3DpLax0 zlnPu>Z41~gOo$Swo*#p>L)H%Y!&HGQdrisw(aq3Zp0Sx^NJSiTVwBKj;Y5qa`a6O+ zWiS$sD|lyW)^cg$J9a;Sd}`5wOx-3g3_9GiEaq#L*0Hz%xmWv%tWdd*h`LRa-o&k@ z{x7lvUGan@d4nqupx85wyxf994?wSSD~P+1pn~XsDFlYz@%U#Lg78Lg2cZLlx39&?{1sGV8M< z+4c-qE!XquB&<{!U0h~<6~P*5w12Y6Tm|_ntm3LeR6spB4mVX984p= z&1XD@0uVgwQ&dK_)fYn$=)H9Yv`wm_k62b&u#S&@BPohvdMkZo2b2>g-v!$DIAj{NEuV4Wopdzth# z^XzTsfsw3G36SGJf5bAWCYJ}f{&QS-tFU33W^b(K`1%k%HpXl>5iQ3Za$aIAtOkbA zC&7t$iOalv1G`DpV{a|2n%xgClYI$-{JzrGtDk67YD6|knkHB6>L@4?5! zh?cv`%q?7L#95v}hM(SdE7#Q~uj|PppQ7ni9priOiG{abT}9LoXtGl02VO8HVf&c2 zuBkg@!mS_@P77cLfnYYKa;^=~7{0-gjdUHhKZy9Rn|j;*to{&(!L()8(FNu0$nWzZ z?6d(phj7*=&L=N4&FmxP=S1W;z+eZYk4n0rxf(_^Qs*)#wOeRk@@<68cPiDQ@MFXqYTnKQn|K$X6~%~j)Ud1D+EyJ6W;I*_bCoDJH6*q zr|8*lN$fC{fwMcM-^1V{@*A@}VYrt5;6T-&1r2ugfL$}+bukkNsqb7zo+eyC8DLFX z;LW5S>0`lNWsSDgn`X9+-eo5JygEg+EE8x5zCd-R%!k?RY(z4? z#qWVP>U9s96v7XgB+D7YB1CFH=5G?)GS0gytzZj$_vPT@AvTrBy@GSa`R$}0Y>cqv z8X_EjVas)B9|w!}5s2+;adKI#ldIna&HLjZyoaBS>;z;5`maOuUX@LLd>q2Ofvd}Q zg+Ar_VeiO_()P2U_@=}rX6X#xRBHhP=P(_nCQ>X9ekr(8ns9Q#Kuauer8+H+iOKAq zsfbjS*;{RZR;(+4aX7mw={zoi?g7ZOZ^Ph0VkrGyNq)cEyVD;&lRl^>%FXtA)b4|i@%yJfCcltBNxm;Uw2&QM`Nl#pk+%Q9>RwbSiZ_yF9u8o-5x{pC)rCV4T zo-ug0Ui|e8-hd;fu4Po~>>%82!=8b8O1m znPy=ZSn&#=dgyiqTwTQUacAf!c$S+)H=&LNL7(kR_nL%`US96ydue(lG_XK_!VBy-dn_C!ELc?+P86ROs*DA(kE_)C6|_y z$R#Z}4h~_tlZsEMO54CW)N!{rD+rpR`fU4#Ybow42cg>S+Tpw7ktukEpXg_Ae5TT~ zNPRoC7PLx5XKQmoS59S7iSv03{-k5vW!u~W(X?>=jb7=2G>KRGB_AD9U56S`RF!Oy z#AnL3DemN8WCd+(04MKYxnSZaiG{I95WSgUJ&Co;y!uYeGPV&n7baY?d>c&$rY|4= zz!n`y1vP>|YR1FdE1F7b5A&#y$h=Xa>kFR0?J>3(uB}_Z%mS+TI?e+sg~%a%tchXS zXf^o?(IY+;^I>sOm6SMTP2YICAPl6HDAza(~6LLxspd|_c~q%x~! z8=I_~rusySPn|x=xUBZRu)i{vhWJ;Pgg?3>b_unpB(Q~vWQG@} z7{;Y;R*X%{z7RI9#We6xlK*pW^8$N>TmJRp94}T`Qr`XEPtCn`(tebkSMpDw2ZwL> zA4T90ratdnvDOF6ZykTsVF<8+8K;E;82FM%bOsK{Aw%s4i`UoELwgY-mI0ZOw;v+g zVDp9pf>EtnXtK$E3YoG~lE~CM<@n`<#@FX673&HHTaz_wa@5J6-;BR<5YGym4$%&# z+>{!uTje!DzX@;3kquZRiS&Mdw)O=P(+a+EZibdsDr-jhlabV#p1J*N$u&D`lT4ny z?Tne?vp8W?PN#KM;fR1`bJXk6$!t738vS$Ge5kmg=u_V3-$HS(v_V%IO4hz(x^kDnU35N3en#kgd@+(6 z!IG?*vq;3hU)h(AT8+YZ8j~U>i55(`vp)9jwu}6P&FVPUdx+OADVQO?tg4H=xbZM} zcQWLKX8EtM3#Ce?BcjL&i<0d!b;@ZX1BNM7Cxxy`Z|MAHMhe6x8ypGbMLrZ=z#AjJE z^<0!lOGVwNpQJGnrXvkb%t?yEVewuz2;`x<(v_7K0b)AG-a242GXuYLr!klFp=I{2|LF<<<1h zcw8@PIn{_3YDFIWyBys)&McXk8k>0Bow`-RU9ptk8W@lSkiB*RG_ekD3)HeM$hQC^ z6-&H^C?1Rmfs}>OjWoWhM9F)tqbP6%98F^QJLN*jZHfh+IdQxQm&lhc6oIj`Yr?&N zA%Z6UL+) z@E-9pQL|x_A+D!y<&$cl&r`p@^Af+gdR+9rbg{?sq;%6*o3PHrrzZ1?aEa(S^S6Ok zd7q(1%)kjKDP~GTBQf<@4!E&wr*D%q4$>RnpgUKvQ0;kK6u*2e>@fx%Ulq;vLcXv> z$*zjue!4$MUXKLBeWhPgc?;=NQF+xVrw`J$he@QB5cxYB)H~=9a-A?~!qf!hbib%zlA^?s zBP#4oodNjarLkzW%8JO~2%5q63WztC0lMbUwd6(V#mcR{_Q%u78hW#}-4b}Cykg!5 z4BhpTK7m`qT*Y{5J z7bjyF?i*`3XXt>SDm&&jqgm%O_(u>66i32JotSIRc==XtI#hK%tBd+`^_)lo$z5r1 zeYw*Ib*MIWrxW-0^M#NqOKz-$hLnIbpW0(skF0N#^eRk?EH7o|Pw0WN8-sUms=0^p z)I<*uz%`9D+R`vf2Xu)xk_M$JqU$Viqi%8a#^D<#e(wHC%Av_=H&hRF&18+0yR8;Q zG&y!OWk#7TRl%k^)EGBe&gDJ&r2;XtP6iU?<|;YfRTWIK_epEMA&l7Dw?GnaguU8C zcR~u!?eB!*OR`q*{vQu*ShQb{?*aFB=x*NDCniu>b)jP15<_(hm{7=aAZ*f4fcwk_ z_AqVTR}!L{5!+)R(ZN@x9?${Nb!$^tVlSt@GX$mGZ&KFv&Sh_|jE4$_%c963 zs-tbP;Z(DE`izU|8s8vSh{==~wHc0W?c98r8U8O5!-^j1zM9D?3gZY3?s?l`-T~g^O)f zLM4_|whH)>m!BSM=(nAfFwNDNFdh8+>$ z>%k4MN#a)vIYOI>@^>NyG?GQeyd}{+JuI_|yMk?YWS1|9@Q)2;L5H%xB2ap54|C94 z*xqtzqBpO^k9t#Z##t|9*zC55sM9$|4z3{UC4H%1yk2rqj-(L5=u^OBk_!2;zGTZW z!@#y3AuXhsm}b5reSGxwmB`0aju|g2qM@sOWpJvhBIASy5?`b*%8Pof8_+zdQbk=K zrGFbXbRpdx`(fOn`sGR zTn&kNc&H6v_sBB6oXXd`7&EwJ6=#_Qw46z$s`&YgBEL*n0~;PSbIOMpHa|BJpbHgO zjM)yFCd^yY|1jMDd`7o^5A^~W)^~I1%7&5#x_bKID=!8geJpV1(Ieu-{i&|rYi3k< z(C?1a*I2Wc+ch&FNO<8opEIMCpEg19r_F9)^bRXFCAC#5KixYmDsOCX3j=l!Bg2m` zIPOK>$DNnJ`1HrXz7}HtDclbo^SN0f)#!+S< z0{iaW4m(P}09=oKFq#c~qYOtsOqr>RzC`EQdq}@MsWHQrKFYoKHOxFDvCSKibIyx> zze&gs@>Zzk)Jr5uY}|2KGiwUDT_&C1+#atFq>s%78UDa>XGCTLA12=GGRpIG>!|F4m*6@P+(v+gtdfkZ-jdMxGO9o;lmCI%5%) zm1mJ`uIuh+C6n!qqhSKnebm(W2a1*@AfI48yU6Bn_eyRc-KL|Ng<`nNE!RqpxWX_8 z&P+am1ZFwwy|iELNLRYEu5#vd1x9kNCt)t9xe)JwMD%#u9V06v=gnH8Pw!)*K12xE7wzJnYk8YS(`Hym)fGiT0OAA-DFea5K$?h&I2peW^4FgDB26e!Hw zb|OM~Q(4aAE&QAWU~&zM?hQQ7*P@vwNlbUWJD z*hi%oGW9N5SsqoEX*R(KR-y_&B5NF`z?C zt+?c{Z%eF$<}2rz5%Yav-mR4O$6Dk2Z*BGkXsK#J>H46x&Z9z_+@v{ubv|bhL%V)= z`D)|1CMMcT7IeuXvQu0A(fUAU&xMC{4j+tFk?0EznnQ$ik5R?XcKu=9#D2RCBVGdQ zX8|wUwXq3jK9-Yr+VGS2;&P@U3KPJ?w{$TuSUteCT(n^$vh%?j{-n2ED|wo&9X2K5`ku0x-mOdH9bUH;%>d`j z#G#0ZGaWS)?2EHbFv^klYl zV9TclB){z=j*h2j+<+Bu+M5b!hEn0QxHpma+o&?T^y_VbMOUX`z72q>gv8Ptx%4M=ECnR26a1Etb(3Dil}P77-kgT0lJh zOh9l;>)pMM@lTQK(xFcbA{{WOgyv#9wjTUK2m@p>f=)8&W;nNz9za_twr!Du5FvsB znA}c7s{=y#Ee99kW^qa+;Z|Aj@xE_l$zpKAyIjFKqB%HRkUZPqTX)M|M>V{RSUE?I z5+&VJW`G-3oe|;V-nn>It>miallc37miiz~m$RJc&zP!&H0=AU^T!7RHfjMb))H* zg(Vj$N%JEf6d0-QZfJtoIs}>Q4doRgg5CG%g{GjiKA}_wS3||AG?Rk_U&uV3b+n=z zA=o!3^Zsy2eZluh5J-o*$AMtVPo}1fRFC2H@ntny(3c;$H+Js^Bry_UIk|Y1?K1#j zWvLUx%!N`fs;mml?>znAi67(`;Qro0EU9hT9sg-LZ~^aAnx2ZM0peXdtuUCAY3 zg%wu#9;tAsCW@`s7Mw)7`qz+DV4$dT9@MFj(Ny;!hF=ohzd@eW{rUXB$pPO5Hsj>Lo%SQz9 zActG^xkjRSmW7NtD|x=L3rP@1gvYzX0K>)TOLh_K%>VHpZJo(v!0d%bxreAaoM^t7 zKn%>6KPB$pMIq&lDJM@PuP!`!L{*6HHGBSil>mFC{`urnvT)^I6ZdUfnApr$8*!?x zu#%Dx|8jN0jdz))m&L>=vQ$eeY&C@NGLv0&%0U|NLk#1jMx!h-zPX{1P^+(PQfK>= zf3&(Wd_Zi^{G@W1>B$HMTEfm^Bbv*NtGVpM*XAn1`R2Z1Dbrp!v)#vVJ(iDqSw>!I z2$Jf@=Ctqla+C8K--`pj+KRuzFRb=wD4?h~IfRAfmUzm(c+u{QeN)LKrs__8EGNc7 zC1^zeqvUmDDLCShKA0XWbqoqWh(m$^W{<%v|BUeKCz#`1`A!F|>rImn%k?*sm?Jn- zVwLY2(yF` zsTnRkh-T0LO6_>m`ypbNDtFCTXp22j@v;-GrihdidcU#VD2lcJ-5ssAl6$k3zn%lK zZbHBZBo?RHhth^T-(vpcA-%iBfVvW=y?rpIY-8G6`W=U_O(X$PKJgu-F*D8L2XQ*IA>K%D2+MOdlLFdfi9C`}>7gSGw=sxYn$!?BMf2pC z?2+Ouq4+X}5N~VJ^F$19gi$fyh`n^m$H9Dcc+iW9ZBQ-E-yU|A|HRp^k4w_0fD+>T zLT`q5lW2T|=qBhzcroe=`AHO%98JE4p*G(No3Fs+vMh`_LpEf)@+o;$dY3{~dN@Rm zj*B@TD&^0WV60RKDy!zm?i+eTY!?sx&&$LfOc3ZP{Wr350| zVA9)V`yfercSh0Cl4=;jn(tp638A)UExX)6+}hhlcI|7SX%=5;IE4KG5HVI?p|zEl z&9Zb8Jk&#$D`Sews1P;ZrQ^1w-P9Y#?V^?IlDbehA-swP?boysMyjbRi_c6vHSH%x zXnQtSf5!YN)(wR>TvzgbSeB9+=rI<`4o-&X5Jw$)rk~)4UYUHkQct^97Y>@<@FZlV zeGI^-P=t~DqVT)OA|G3E^&P3TW8X0FZfV|8ZIM#%{$zg`GzZ7&oi#lV!^Xm;MFht zf*cpMhXM24G*c?`bKXH;L{SD3dVi4axIm71$M6l8j|mUouyo=gwnA-+^>?MW@~|0D z4v)GDy3wbq(lIJ14-5xWLr*i*IK7VTXkG_x2L?y9=V+gqF3RNDrK%bh(icCN3A_vPc^x@v~_)0c@ec)3#lk+hoqRP>UlK< zj?rZ((vDE$d%m&JRYe12UB{@@3jd;#(YhqyGewOzC+$m?8}LX|vf4rJp{8j68+%bg zA6{jmr~DJQh$Dx{QFQz=rW<&7X_!!X)(rO%F_(S=9W~$BL+0oMFeiNwGq)pKou4M9 z4|*o}9-Ns97uycsDhN(`KC%_Tb#VKNzCE)uiis#WMs6|jnCXkY4f)6tI7KPOKB6oCBQ=-BaY7S23CoaMBo44RxHq8y@9iE)<-6}QiB&iap)#BZ^ zOvJ=3+@E%YZ=G@66Y?>ms3O$T@&*w*JTQIRQ`R75Rb7G3VZaMk@{a=h9}(BYgf;2f zd@MV1Qk^r7B0wrI$RpilU93kVTDmWq4|>@KoH9Dn;jSp)NKN@Ii;rJ>A?~wEH!`)O zZ@m)VEc%^;2i;vlQ9D{mJT+yLwf5~|3SwJNjGU?XM}mc;nC@C;Ch3OhWga?1Zm=}n z3jT)@XQ!3J=aDESyONKzpItHZpH@<2G&4o3_@K$NT(tW+Ci%f_gL+Fra<#Zti%JDI zkW>LDa*yTo&j1M{hawtjQSl&@PiLAhQuyJ7Spp+8j$C#In%QU^r}!}Iv?Dx3Kb$tD zL$YvIADXJ;0*Y;@Y2DyPaa>inM$($XK|+ui9dGr9MW&B(C||NwB_y+=w6O=Xw717y z@7o*zY(SI0yVFWTtcJ9rW{D7u3sh6ak<(5m(!!;;XXa6IVvxd@ptG1orsEY@;#LO29*j!U^wLRlY>7cHo7(q$5r%SY3ypL9*veZ^jNrhfAu!=ZO$milWw7n`TF0_F?qWXRw5 zAuVyBYu5=EzHQFeJdAe}Meh4Y3{*T>*6#F=bj<))thxrYtLcVET}vY8rKY(pe9AvSL9r(BE%aa8&!lDUhbqyYc<=x0?T z0;!^90}bYl$3p#@Jwm6)vv^vO#X{?m_7u>kByNS+*qJCm`ZjMKB7@HTq?aTX5*+mK z>ZaT2IL(NpJXG@uTaSWGZKb(epB(}MR&anReSW1jyopd&>p>eV2jw@55~UkM`Dn*K z?nOjY>!j_tWdc!ZyQdmBH_nahob^I1a3#=z1KF*>D}UO*;corrrNZ$q(oCjmqSU6u zNVA~i)jXWV0&?eaXvc_KBk0Y|?w{GKrl$`+u=QOzlF7d(AoEa!50mC1IHdt0&%t3C z@zL7_S|Is0xjez0UFE!$uj2_*bY3KqY@Q*IO=aMRBHZSsb}rk8>Ppxk!&x8^5BIB? z=pcXntH6Z3-@>8-@mpS54(C%Z%+?wj1-dvmhOpt8oF&!g;LXR0@hF$&1DDgR^%EO1 zTTzZ{&(LtcbU=ak9&D0J43VyGuWB!m4p|%QJ(7l} z^_rA208V%K7C`||Lv*ga2FfEYOUF{kt~h@kOcQiA0DuB<`^?$jsYV7)FkSzgF>LjVbdHN?RaQi7oP)giGO-c2f@amvl ziK1Rd0(lwa?H2-t^xgW-Babo2(_OKKlWC~hsXoy~@wQQKGNX1Li^ta;kWR57ZjtX% z#I9y|ffsCw+l+M}?+`*(rC0U8b&%;N{nB^b+G@yez?v3ghLz<1K0X{^ICVvFhOi)_ z=**DF`0|PA1EhGLKAbWb3s+-HmQJ%h`w;~_$!wA`1`WOxNBlZsEL zx(lqRS1H&xHl5IvcMKXEgm)xPhLyJ3@Oi!lD~7u;VZs$c4|S=~iO0O&#RXZoE*Q6Y zvTXs_?JFyA=2-B>9+zdSTf2`1puQc~_&npxWBnZYV(jG1pz(_if9IN|kHO_|O+3m9 zDnsPkl>Rd~O~=@j=`Z=r>=~xz5$jyH(7-A^5E)``*^jfh9f1rhQO}PK^AJq|VV8s( zq1y4m$hK4R(dvMG2k~x^RRhcG*gF?JYVRd_#v*Pm^N+LE|IUeZM6EB8?|5Ev7k|w>TAB+r z%7X}*p4kDL+Loss>j;`L;fN-mFqHrpC3;C%gA)N#9uqP@u5PNr;a2%sqWA=bP`91) z-s^3aXB7ciQI;8cH}bmBbP9?|hVJ{#Kz)DX`XxnYcuuRh0$~aZ_NU#wD-uC?UgYD! zESMF%5{A4lNEQwyd+uOYZT7$hwpxL`2A&tm&KFjg&oU~8E3^_1ZRyc=Mr%EHTh@VK zN?aH=)GFjo6Ji2lKL0y7br3z)bkQq!K|nILIT}_0Ezf2slGlCSs_s2E=wuz}0hey0 z!sF8>VJ^RNaGQK@DENLhIna@kFG-YV8zS%2AM^XA4y~EyXpO;6qR>l2=T1sYSMfvf z?^`^4g*T=A(3w!hoeOzJeC=~>p5gj{%m8mY6?*~bu^X^2Bx2jEO@$?wtg52io0T;z z-27O$Ag~EymR*+ly;S>z6@EqqlW$0G)?qbf#ECoemi&#{qG^?CRWj2JlmOd1e_=POGKJEv8+Jfs{yztc|)au z4QfCdYm)A?B=hO)KwW}Wl9JA`rTj+GI@C+T+=G*cD0@9~qCSHc2KtC#j9!ae;{buS zvR^~K=;*Mp3=GgNo1`5OR_N7dujg-;OP_Ij(ub)``OBU3_5{Mp#|J0!Ottc|K9i%% za64l7U?1Ly!)0oHkd=^H=$;7#tdws2Eun0!%gz;_e2`KHOW>845r|Dxmz-SMsEWJZ zY*?uJL7y=SxV;9@XZ1co`{GcW-A$sZEcbxg+tU7w1LR2e2jwlyB)ppGFf#sbz;fdWZEiIc!{zGp*A}t*$9D|b&Oe95F)Mg4RO8a>S6as ztA=73+lk6C@`JpGYHYQ{VqnT7Fz_L8^Teb8Pb^X|l^}P~y4o zm0dtA{a6=ayoXdQAOGXjIEB%|mH+eFmPG#zDM4XLHoWvR)c!{Y20gpQ5Ad_tZ`&nh zD<;|jMs3^8~?A4IUDQ0lZ&+G zPD^VS0Io8%qr8zs%f+8rQDR(G(^*HYG6z-_YRekbECW3u)qss-YTS5hMr@?#Idw3S zPo!ryJ+|SBiWRt28)l5x3spD-r>$woy|R^EaVNB3mdLaw~FF$oov$O{7O zt?k5z#3@N>FrsuI2d*t%hri|%0=HQgV3@$pBxKe@XM4uz?Wi^{>3<-brF6B`&^f1j zq-BsXdysylAX*EPabzqDYl+bkCXYOq zAbdXQyVcFbcN<2LmPmC0VGnKdyZ9O&$4W#zBob%7?QnIrbv6?pc`s4BDkL$_agi?5 zXG;fM6PELCw@@c;%Sr=A(B?}}df7P!`OoTeWyfXiL8>cLxgcl1$*kUt%@t*vR8GgL zgtx!BVmm#4S(Oh*n?kb#G4AO|G18vbou0IAFP4T+?IuG0^8<@8UFP-@Lr-dY#3wI3d|>v;WD5wm)rJ>+uoSCJbWxV7_dfVQ3jio!4IvgHov0>o~-RwM=fOIw{Mqt368L@5Th+a|f*)OvZ5J6XugPT9h48 zat>QB{4)x+yk0Eq){B{evcB=I*w6|(;0P4MY!Esi*etE%1j9qkpdL3IMQ`%zVfB6h zuA8+??HAr$bUlT9&V62Ww=gXr$gLe~z=mFa8w(fk1>9NbOK`5kw1Otl*W5UVMLa%< zUH3CQ5NGAuS#B34^O6;5NRoztzUl<;6HO-xvQ7~8s4=SWPvDXY4>cx+b{c#K4yRE- zGaY&j)pH*XIbHcM%+|Zjc_E3RFUdA*rxQ;7XQC@k7M=aRCe-0im9do(p6ZkhVF?>f zvIQN~m+c;d#vbr9MuE(6^AwmOQLPN$%J)|ss=v2I%lA>3lW{M;iPENv5XX50jch6! z44NcMDu}>;Xf?4&wB%O@10yrC87K>|e(fgg3jb2}SO|SwXV(I*zYB|k{EUN(zzsB& zSJfMP5=><1i30t+!4T^}^uBMk6)`F_U-63;n-URK%mIVG33xCX0|8k9{W>hy)s>6M zXAd_bSI;czof?dMDr{w+KIYcd@b71IlHlKq3W;3w>v zS6=e$s>fuJlY~8KPHd%<7{C@dg#!#xZZUy6{Gcwvt7y?HvB6bkjAOoSW-Wvy54}j* zNIta}je1#BxpezjnBh|fMC4!{DIK79zGK-;o6ARP-Gzj!s8V>R1gdj%F4_j=^R+NJ zdCn||F=9}(Ne72Y8z^gi&J9glQHD!2A5-YJ16D`DL39X#AT20r{J?ygrHLdI+}~Sy zW9ICUd&d4J9_GS7zf&sS=B$MjuRk{5U)SShmzEGeTLC?Z+-tN#3IImW07~@NY=kuC zYTI(QaS9kPx8ULclqDwdC6L&nIk>EF;~6F@_M{m@z^o9PVi5Nc=SQ+E%1E`ie=_^2^?Jbuo5LmkXi2*Ng{(p&xeHnn%KMvgRi~5$*?f4dJ+dx;%hwF9i9I& zY3fNjhgtxYXH!m^453s6Do4oeb+#?RL@ z6|3<>;-XW}eojW{^|mFrix5UbsPIOJqsa=s4GX z+xs^Fbq?-+gk%5ru%JJCSuv|581QNBQZLw~HK+gJn3ofbCwB!9*Qj+}+iaN}#bH#O8nnFR+Z1h1r@(sDkK;dZ17R(S=f5p%pFv(aUI zo{h`ewIbp4sO*&Sk(kx)ntie@SWm~c`NLdC);al}-3F^GG9>Tq7@ zvBoP2xCm4QOQJ!QC+m}?;u*tpzh-T*CaQ>qZ?7M`(bSPuRL`GPm9=V+iarymyt6*2 zNsiZYeF!H%_6ELPRmh7luO?QM(vZ4`t5IH0gyw9W`~PpK&T1W$#n~99y(AWveo$um z?dA0off^1VEI(4yNk`z8O%9HU_5?f)E9tEr6Vj%L0z34RJ$th;7|#l&=`LFw`-w#` z=Of;1JOHG>ZH#nUV~*6>-N+(|k(y|N+ca@HU= zbCA4nNr{PSYx%(%xNpD<^gf=I$CQv^@ivZeo;p2TjQZwEGSZ3rnXe6hq}me}!^J0; zXA~_HFJkVuA%*eqZM*&oN{UG+Rg}qJevDWmoby>+BH7$F8V~<0#>ts!t@^ci2uGWJ zF@6jW8?;vhj?{A{q9N%W$vea;zp6k9CrshZ0?|lvOC@2e9#p1stSG?P_6L$}t_z{9 z!DC+4VMcYmNV|%RSq$htt=~0rlF0H6NhfhV?ZmFCmZGE3@j{^K8D>#lBnR+CjVL)V zEd7i>$M39L#r7jcUV(LwsAG6YTrdn|M3Yd>ZRryQJ9=kb4+R;uxAmzpgotUKH2Wy} zXtQ`o!B6=!&Pc9d?O%lGFvyLz>Qot4xdhvh9RQyTAe;Tgau(V%w3{KlP1ST1m8hRb zA1}Yl?HzGK){71|2cl+;_zeJ61<0%yGoaZE(D*fv)Wz8GPqNm#rLpf|^u5n+y^;Qs zD9GiG8RPSmO2B)G@00odV+yI7`;*gDgIL#Ms>w#ea3iZYG=?!NuEa>Oq;+*17Zg&2-C{`NU%WH8dU&GWpKz)wO?Ad$oX%H*=0SK^KcXt zR;7*;wI>l_j{(Q2f|Z!(aOIukoqIa@hj9<1WQ$k`iB=xh@3X`>@3F8ITc;^1#Fer> ztB12WrpMrJ@n9U-?Vb%pNhqi?ZSr#Z<6!0=>^_-kU;JHTFTJGXGJn_6^!uq#m`wdx|q zI@TQCw7`vH#EYJ;qGG+j=Ua7wRP7NZRzjc>DhyR7@S9fV&th(LRXHj~l_WGBj91J* zFVYzLixmv-QpAi$j;-?LjXbf+Bcn5ckG(;BoH|FjMTT8M$_5(FKoJG1{{MmKD=7=; zOJ|x(E$?FRCtB)989`{)YN+W@`YenP_O{P}6|)TGN5T7n2gZ#zt@9vT4ZKM0{Yt(4 z@1?L1MI)z3+u%xPdjv5O+;bJ9LPN&unONpista{z;2=S6M3Kw&4jQXXv4>p{eSv^E zYo-KiY23t60txo;^}~M%*$OA&`>`N;mk0p;M@ESbQJpYb0~7b1v$#xSqWjjc8u4yZ z-u)sGRpAm?XPr{OQo|9pZi=clC{B&_OCsDW0vIX~Pc;RK0Jm4x`P`yL#I^I+s%R#{m4v&X3P7xXEbuKxV=F@`mj^dlq>CL&<%>*G zmLvjBHCAti5NBiy`>AALDOQDNd8+k7_Pum+bG6{J@GYWNFtJs1 z+#l}1FQ?-Orgd~G8!aX_XJnQ~!t&1PBC!lIc4WQ-+8=G7F? zY?=rfZadx0=`zfteqb}}F+OnK#(!)|w&0VQ^} z$J9NQtF~}dz1pa2g_bn66%c@OV4UtO8pg(O=!VD#?B)U724{8 z9E$eQ;h%*_)BhKL1$(OtL2C@XhNJ8RP@P%`>Xas-e7ldW6x9*mJdevQGCzXm4B%pRSZ3;jbAxhzai*8 zC6r6{v2{ke%VOl94m)ZGK!8Kb`q`tp-TY|W&u8V~U);cTF1M%$7bJD@-?vG=s#Nqt z#3?RLty)a$I5>5E_O-Urbx>3@hx=lw8@Gid9GL%_`rPwglUiXwX*50>1#Qz%qt4z$ zEjB*XII&a-tB`{{m3xT-c2!8o;x3yG{%l}Bsbw<5M<=!~ zDB#$kMm#C4kCrmc8Y?;8y=P$DpQDddRdC0zDO=5{N+TH~gyDM3?F14nAOBXqsJmU& z=ED*1nL(k468E<+0-DqYmKH*%HY3@KSKe+;JD{-G_1_L>xq~uu9r*?xDC>`SbXo%5 zM!A&bc8kl@rNEb3cxDcZNeRPz>#Xi_aOwwP73g+CZ$&3dd-$c~b!sh3l`2_aB$s(( z7fn;caN*1m5B1Ll|KAw>2*D}zYi2@i|z4~)phNayGaz(rT?GX74D$SY?L;;1VPcP{!3;lVi@7? z#lCHYM(LOxN=N!q;UXLdD~y;sii5wNZHOn#CVO=AAOI~GD)>olI*!S4Ba zSIr2;(xgdEh}PM&=I=3)J7dvPez*TYleJLHZ647es=j_qMI(Q-QN%vAm}O((p-CBx zIY7HPa*HB(^0G|nhF>6%En`?j4*Z_0Yv74*t&zPfZ!yH4D`>AHvCJ{ zG3LuNHRXySkRjCI8fP)P2L=C%gR)At@aN@Wwxme*cOWRfPpD#ao>EIfobFYcg$Y<1 zF{o3@zZtl}B*o`j#1V$aUKKJZ3K{!2Rb=7jis=I~t3ILi*jJpEQ7-CGFR9*EG-_nU z=BEV9;NR=CwV5cT?i_WxQ_XR#ieAwd(@cVMT6w)C`rWFtAgfD~c;-^V^AGU|R~o|0 z+o{r9X$Xd<_RA?u!k?PpAhW`2Us+tO=JD;XvhuLB(yjO^?=X045w?Mb0!-1bY-5h~ zP9~~|g>SDOja0MBn;$t+(E--ZV9}tde3|XD`q|K*_f0q~X%Rv{g2r>bdS7QK@9n=mvEt%Wle>^2B}j^)d^3bOJo0OmYuFdvJy&(Eh=9JY9-n8fm=5D&Hd-^?)+CsRjDG>b!&1n!0tjLhnCTu+V{A z@_z02mN^R>id%}Yy~65&S)r+8cE2$Cvz)el(uhBCH0F&JYUI9aK$Q((%*Yfx%}O;eFRa4Dgw=)E25H(6_#5*tZ|)46 zJ9e-s&~@7osS|gceXOt^junU5!h||PZ`U)>t;`|eW>-0lUBrI2fD$=Re(Q@k9JG@F zx|zyksN7$T>VIr@P>8x5cTbRrueESDdNpnAYVi>I56LG8 z4)QtA53}1k05wBXwG5jr$$H0_)c*c2Amwj&t2`$Alcp_Q{-AmcfWW9Iq$ezfr((7uVL)N6ehe>5GLqAPk&2UIRypVTt&%4j9C8~+A*GKrC#Ur5HEZ55T*}44^AhiyLXgp=T1eP#JE$LEI`d%AEV#sm~P|V>(3WiOX^5VC{X0 zsg;!B+NIaRp0e0ZIO29x(&QUA-NR?ikdGRJRlPvZJz8~lk8k8q7i!+4cUc2rQFzRr zy}CXR80hYibosDc6(0er?wmx)E_}*lkkx^fHAg3@LdrYPJ6N7s{WV^ouFpUBHA1Yc z%bAE*51(m;qfi!Glrr3V9JvgLWYQj2^i!<9Sp4t^gvD|Lz(=@1ZY?rw3-3&T5?M5| z`<;IJps9<&REFm<8USNErO@PU?M{fpYtz-8l-RM!}VfGsKg?`V6k5nk(`4>JoKW2)zdWt(evFl5RAmpw z+3f!=tt!c7M!$RRznwBWRGh6?9~avZaewDe4@il}re`&Z9Ss-eV`Y1FGlr4r?@W0; zFUN*>wflOVHyodO5N4`csA4LW}Vewim!)yf3r+r}HB7PzjKP+r$a-&iok2U!TQ zM%dT)yfd>)^XuCS8BJFGxUcPE^4yX)F#eT4L^!`b%)Rc}|b05Zg*nzySWp;bW z;4Ua_dfE1`2`428j6SzmQVHNKP9*+D$0>GV*2)1%tB~EY@^Q{ zQ5*>~g13gF)zHPPA^sA_tD{4SI_QA`*$Ga=rK~8vounui!IMWnD|PpGOXrw|5>GE0 z7SJD8e2SkeKZ$at-1v)h&($kgIHs$% z+hf2d{-Hv(9h?KurC+wnj~$Qkl9?>=7{1qpI}gN5a7?)0YYtJnL+u zVU$|D>Kz^Yn7JJ*2+R<08m8Xkd3Jq^V}mxmniIw0Hts%SEZoOX{$PPS5ZY)SSD!V3 z(GOK6+K3CYV*A2Paw}$`)AM2<=uTUfQsQ!KwTxV*WgfQOlA{@TO;>qSzI*HfG{u!v zwN;ntBs@wa@VV>&KFW8O90S;f#Je|mGgEI1!|IGGjsc%Yc?+6%-LBV7$!+0&b2>9( zxi?bs>sFe*ScJJRtW+8q|DJDnf+dL^p)!RKCXEU|)`Ii3_+pRT`YglO_8lzjb-?BQ zS|1pmA-ak1R7Ni$>7w(&jD5vrLVSR#TZH2O9ST-U71|TNzdZI2M^|RzkM@f*X|$_n zf}f!}bOlCa>2c4zbp@rK;z4s?nltjAt0Uid+f7LFoygT-)g;I|D9;Me?|Zc2RYP!8 z4<3(cu7)0X_2chMA{~mVxM2I4;T2HE>%~@Gd$&-sg->sz_kf${`t+V^hHsmEay-E) zl2+l-*GopGc+psSIw3D%>oXEORjqNp%Ad*-jx1=Ngb)5$318aH^OW)=Tbn z#$nBy$$WrACG1%;0S$q5QWjuo^}UTKrq)FX6=kuZ9@Hc4fFO%Y$&ICm>sSLzbCv-I zcV9^_;IN~}m;Y+l3>A_`56G+iG%IPU5@Xk5ETd20#ls=VvGz55zr3DyS*%Kp{Gh2i z>U@J6NuY%8$HI}x3*r?kM&XCv5%%XoUF~6TMyYtQYF6QSv61c-_+k2KgprClBZ}4X z0_C6K1**KhT*5CWH`coilJpf%+jlyBp1DQr_HFR&=QZKgk<^=kWHi@OA!D+K9oyy! zT`XCg%rX;N`bp4;(I>2mf5njcq518|O>(7})d6kEjA!BZ)j+9g!MCx0uT8CO|Dp#- z`Cr{*A_Ks%j*K<~$&!MPo%(_^&Z1nNBvtzJD&QD!L95Fu;sc!F!6NcvSh*!@2Dl=- zw3__k(=A$YdC(=89VPeh8!8u)`n+_cxrilA&V~)C$hv;_M9Aaltq+?)sQ@ocjTjNo z6NB6B7oj+8gEv*9?7sQm3_*DUWXz8enMYK}$v5YjHnM%TL3Rkr;Be|!GnrFuIHGCY zDI#o@wYB5HE)U+A+Fng7$BuFY8RB?_4aXa}X#-GYgNeWbWHzjloUn?2C0uJZ?Jc(t zhLVlbNSD4}zZ9J)g8{~oX*!A$kBcl&ZB~x#vO-pI?4m|el8M<6>if!0FlYudc)ZXD zv4u;HE1HbQnyz0pi!jrTI_gm)B1!Pst;NGwBe>HpX@+wjL@!`aB~_qBQ?@`?1wQ~j zU``KyiY2P#i@fN4U*o&Ef@zDQo;TGgKI9X_>OpdM$b5BlNLcQMKkz%$B@u&jL)|azqoPw(X*!=USUkY&)N>5FpWtjQ>r;66T~-bq8Dbv*|Rn zo`Y^op^kXl<5P>D_HB6AIQkhe!|Kl>AIOEK@`MM_`&kVo^-2KSI#@8C2$GqLTFSy-b$Ti$UX5HG5-Ng37-gxCxcpUpA=Y^_v?JVr=igLp8{l=*WyeEXRFKs zsr@F2dV* z>^V+pD~{T+JoRhY=pqGiQ##d$s;?7QxPfJySDFJTIOc0~d#cOmUp+g8&)!3eM1wk9 z^x(V5@e4Uqay3|Vd!nPN#@1R5j&4&+^M7XAgOc_IiiG zcVNM$ft-LKSGQ_cM>sYM8f=!xKF|}Df5~mM|J%Gn5JV)8EwC_^u9qFVJf$>48MVkN zghL5h0#HF7fzF&(xBTJP8Q)Jx1Nzm4_)INJOEf4IqlgYy4vg?lg}S;3C=op^+4v@! z!zcdK!nf=btDsA|I==6djH| zQl?h1rG1Orla1K~gE(^~8uZ1lL6`RbQ6Nnn-2nVUy4srNAxYhMw@wUcm4;o0$5YHt zLK&sR__F8d{zK{|x=#*B$1=Mb=BH8L&R{6NQtR}Y(r2!o5h__Es)$?PmM~U2KQn!IupW(NjX9gQS^O zrs6Ym`zuM+4dp^Pkb6=I9E@i$1~{+v5;e`fOFbHf_O-mx!;t3Hb>EIHvT59U4rr=x z%i*$*9A50{+|Jb@l@ewfGd8qdGmO1CrC~VjwuV&5^bUag4DmTWs!iWsk7yyL z51n0Eh<)$|!X>l*NNxteqlF#Yg7mQ@l_~f{Hd{XwYKO4Ge}%j!a!7d9;P_jX)M*1} z2v`Hp%t=R_qexuK<-^%0F|4qXrlNKvT&DcTFz+ zFln-f%n851Hr+xb+kJ}*4P(LIEZ+2e;EF;Kt#(VA4NcQ+jzGP=^zg`B!sZ({$^Ee@ zLPx4o1~-eqrIb)+Dhd}&smNdn3`82S(7ko1;7_FS=*#)tvq>Y|do60M{)81wvL@JF zbKnI*zibuyJanIxNN=8USv~PS!bsENF-7S9N(5AlhCY+ju>0wX*JBI@HuiYCm7 z!~-;nor)#Q84THm$1{6Q=*X(+rZY=JEJFf>j~wt9`RH(0RLs&amqOh4T#m-*?UlS zBPh!SK0k-5_s|BzST$jUvEaUOtflDTK3*BgCz1rj{{?s2f!svr$8AcK{kA|8BH>vL zww)j*-8J1~U9vUlXBPGCKhcz=!;DDnlQ1(^JW;u2JNd*>0a&`udy2oUCCI&U`|6&> z%`>_n8xOnxF#p-lmH2M3;Il;%DA!S%y5ypen_-3z}T>Eo_ zb?(H}+EOl4mSr8JP6Y-4$kX>aF=|l~0kAS?Qz5UW=Ohj7OY`X|-zbjLDI~nSK%m#Ml%bp`EI(U-E-3RW*@r{i+NcYd zGoYMz!vN;L#?&#t5giwx#Z{g2p(L#f1zIz>v7{*6g+}xfXJ%Pd?&dbxIs18(UQnDc z>`}AbmndU=H$7Sz)mB6IOQ43PSDr8XK1Fir^aix7a26LJnR+ABoBHRihIs5HEK4zT z5`DIPmo2u;eh-r|xqWP^D7~>?UIvVpC(UZgnds{2 zBX2}yYYV>I;k~851TU1ZNkbXOBa)LJ=(4!bmYE8$Jo1}343LCi#s_rYjX`<7XytA? z`$@N8b|D0lacD6H*HmKqbpMS^d*^;C0=X!C{u+;Hl0bRxFqP2S zmF2(>qtn&TIu>T5g+MOI%c#GCEMoCw;6ZHRU3A9qGf=oB!jq6ZhwAYY7>)$s?>jpR#iM~HA@g!By+ z#rzl|zwNE|G9N5#o{DY!dSit5eu7baSQ0NmFRdwo|BffG z7E{nBY*p;#JlAQ!np%M*X>bKbWg(D3A6O8fnaoD{Fl9ntCoEzW@b0dQ+xmjNnhGBB ziH8WLCil7>VAhoy%j5x~m#ic}&~`P051pzl@YmRbVXNIX#~iVO>6fM`;Xyj|+cJ&j zC1lxK*cgDw7nJ;qIL=CQQ7Vn{tF|wA=$TR9{9cR5MRV5`gGHD&TgMZtHr;9n6UNF#nl&BzYu9%Z zoiu9olb)3{B^#CgHGB4QaVzO+cNFkl2ip(C9cpOBQf6=T9mmX&=`af%k^iEs5@1X^ zXz{SnO`vT-zF9Erc3CcV!u_GBr5(l0HituKnoPS`m^7qJviif#W@ZBE;|K>8sfno%I01nfV9#cxwdf zWC~?&WOHbY*fNFGg%( zbY(y+qUh-Z0xj+ z)!0sB^IPq+-~Bv$pYI*#{CUP2_gL%tXII&>6@J;Bqzx$QwI@ zLO23gnVESIC;$>bTc9IIX#z0v0LTKJ4OKksfh+)O!#_a5&dHg<$j}L-2HKig*aB%l zE+TgJ9*!1f=FY!ka5DT31TeL8{7nY%n+*Wy?hLeb02S1*n(ZxBm7oWR z3dyO60f1`s00~uP6?%Z23P|`z^P3dt2SCc!#KQ2myR4Xskcy^)7z@+yY5-UOuAnt7 zelz{AbSOc|0RGMf5&F=+N%q>7U z*g0AOK;Mo)Yv7*}yV#n58siK~vt>@P?IgJoftuj{UxvgbsWS9w5apH zvj#QB`8Q$fzqkOLfIv{7|9g5&rXbc%O#d=o8PHzkU4NYlx|FS{9f0RAF^I|ksQxvK)PGJk8ql$3VrOgZ0UBUa1SUB;j=zMezYim8&<+9J0T#cn5Ri(Q`M-3a;WxIj1v)taxVitRfS@w| z7i&;Ue{%*f$tZ|uDNED+uOs=#T+G(k&cwpj3^eBIA0ZfdxcFrIdfW3>e_wP0%{2mrAZUB?qZ_!_f2f!r%Z^X?BU{d=x;^6`?8UBqx zenx*Ike~6t5j#5wfwte@*1rqEWbzNl0$>9E1F`~`O#g;0YU8lkql_$ znEtUg3n+l|KOl&?%ipa5+5WjFos8`q|4~C0P(rT%fFS;E|7Zb-zxzKRh`+}l_@A?? z@cUNybGkAAJ-q*V1^9!NogMA0fa(?|pckosn8+GBJ6gDFGlPyM7LXkD`JZ39|FHnY z->2$7yoH7B+`SmsK|6?njg=iV4jkOS8^r4UAHK$a-CTc;MbIw$AN>2y004pRKx2f( zc{^jiAj{O|ka8cf!pRC~3LeIjDr|lY>3FEcjL8lHT+zHOQlLPQf2&_6Ws#kXB(JVd zvcGMK21O8-_3K(&QuV~OiK5`Pp^vN&0g9N=_gpnb)qqUdpMDixq%?=pxdob~?9-X; z@$JL_)$d0lJRRK+(X8WdXqPFZIu-3J`Ot2~vn(x`j@IbzKT+{J34Ts?f;+!GV8%un z_6aT0&KMMgV1Ji}vG481*vn}@;NQLKS_>hqFgn85o}aRM#QI=b!0;<-R_g=&4A zoxD^nCxB&k;Yxfxh3V#2uiEKV>{SpYO0ELOI1Q2?H)nM7*k&R$sf>>aDn3~+EBTv6 z&zKD&(>;kM?|X1oLdYM4*-{dg$vVpkr9VFRo|5<^NCqU!mL#@3PrZ;QC~O(AcrU2m zo<6MF_Z=u(&tkovNZi}E)!A56E*7dDoo*ai!kUe8{+Nf|``C!v698Youa&lSxod=& z2Q2p5C#0^7oHXo!PdP)^h(Sw6`gP8YC)WLZDG~K!7gW&H-CXEoE@J z+4T|sg;6!1&EF>Tb(}htuWNCIecFTBQR}LWL(S9H74PF!-mMHyyjI!KE;G{2B&>J8 z{H+k)9E~d}vHW#-re&E907XE$zmyXumGbAPc4qP2Zo*RW>N7TdgO(8HN|h9VBm9DQ z!^Qmg`j@WITGwHC2br&?&1&|sUcBXsgN(?qQWNtlnt+%7?jl=Io}GPW95Gk#JPUzvFmpN1GAiVJSqM5T zKt8+Q90xus?C?=VyN#xuM7_I+hUgsRn`J%5@K$>9Wj1h=l_6x)=y5aBxGHk*?A~9_ z%7Bj$o)P)Tk@g)08CUC);Yo;-819TE{o9dgf;hcTN(_5MI%)SAG^qjsOQe_BQ<-UH zp>~zhoO|K+jm#-Ac}g`u?L!xh7*}|z=QSx~KF``?T~(&Iods@kh^_%g4@k3^7uIEAwdX~p zNcCFMGBgXOQ+!s%oGox;Lo$>Oqo#_@A!19EWsi@Cy`~k~%7lppsAaOT59Ed^^|J^r3SCDo@?5M(A*69mRc_RxByW? zl6+{AX$@ul=xdFsBULe}yqvq;51?I5&u(S)c2IL9#Br13JZpY+%@g#{l})|D(dM1h zGqS6a{1iT@(RO(Z4OMUtMn{0LRg~hAdriflhX+%Th$tc_mN!IBp~plwAj)V@7_R_1 z61?kn2>*Ep*J=x=;A-LP2%0eX29F`QYD)LYWb9YLIxPN3CSsj?E!=_6y*BwiwR@Lj z6~qwezF4kA+Z0R^>|9Ow#^L|eLG%peSYDa86i7dhj{GSe7Yynn?3HvoSc$C|eK6#q>1OAKw z(re1-yPiAUn^+7g38c*pSq|u>=~^G68n+B@WPu5ydCS0;e0X6oj70H~oDFBCK>vYl z(xi+-NG{RbEY+0|V^6G2^SoNJwN1S4WEVx@auO%Vf-}*mR>UNcD>)~W#HRwS9lUFc z1Tm+%Pe1G#iwjhm;QDl+HxtQDMx~6*M4gA41mo5cqy{Ve00}A8Qb9+Rs<~cu#;&Tj zMVaKh{eE(1bL7HqPl-X#BTy_f#ZMovqxL%F{Z7Br*I*4y*K@{IWlUW7_#X5_J66NY zXQUmrw%fSAs|x*U*$U4w)BXBT&qkO92Y{m)t)!m|SY&AjP!q15)=?Wg2!`Ygglf(k z*Q{hsjS$39rIvD_e4yrk=v+!_T^!hg{#e9-j@Cz^8@G87FiqWhL87_z$hxYJag|7q zlKe^9ro_-^^yP8N;T51yXl=7qz~^VtukB4%)iA@aD_NehyG-(dEra=RY8BVT@B_ln zqexotiLD`7CA2&p(`FYNu_KJYADfiQ3zRLTL`|4djr3n-d zvsVwN8zM;B#KiM&Pz{uB2Gt+m(+6vce<`pJr=`_gU_&yy+0@YsFRjQJX--7I zUazki`_&~H`ygiY6?5V8b~elHN2{8I3=ykIH80`bpm9Ef1hIbx zrVvb{*gmGu&Ua~?w(!f#tOB z`uw>S#Lw7Dq=HQ%Ij!V=6bx!;`6=ozoRdz+*d5bW3rcI#r4^*Fr3sKr87J<_Si3DF zu_e0sjT?0Ua0S6!2a8|>L;20E=B|%1cohpfejbm(Myd3Q{!_uF6i-;__0h6LG6t0} zGzBA$@L96k6s|v6rhB*rc(~Ikk>KZM+ctT{?dp{gow#fkxP?&t3oI=5wa>{1Ge?9B zTsCQt5g~8z2AE*_DiWGgsHL^n#<73uWmN6@`ErQKiK&$(erZR0C_bO7+rGDMz%qJv z99rNpmC6$M)I^?qWV_Khx-G|xv8a3G9INyhJH%*Is;HFgI}XlE;+L+6XlY{} z_~H{*)L?Jo)BTKxq6C^E?{3MPVA4Kl1b zHeQn-tZv@4nvq%rM+b5i*LF;d<`GT5;ehe`GjH=4zG?>Qzh6Obe;*ov`6~Zze$ry{1 zXvf381P8QZf`gY(Cw@5~>X5iU*M&Lr+L-rb_bda9XD|e?=d?zqdSe+Uv1ERZO!X=C z#Nq^3SVl~CE@OT;Q&8si?)KFT$r>$~+e;64C-XoLKis_r>1h#pVxfydA-5wEG}i4X zvmQz;&t4Tjo#Ud6R)v<}N1x7tp1v{q+SKuRHW|xC?L@cG2*X@Qahm_2*zSZ5t^Fd< zdF?RTME*TIzisaX4}@Sda(vey5ya{GqFkOkIcrvj9pVG3MK)c!DSg)Ny!v zmXyfEWME!>Q9%5;;xaA5bg&g4_tVzOM+)wiU#9Fe8})rs7CG-J;Qd{>gLJuZsn5QH zH)thK9@2>8OM{y>e1UPD6$T2E_0x5}EawlK;E0P?f4(HoKws^7l7#gVrRdIj;a3x^ zC^yz3zTXj*K9MYBnN{$6<@>l!LvJr3Pn7DV&+aOso&d?)MowuH%FawsOs|+Ja7{K* zkHA01P>m=>E@hvJ{t)XGM-!i6&FS^`PgUrEKtS zl>Bn_hPMte-B^|R+G68iaD9n4yeyt9O%p;Nw5*2L58AW6c07l!%pMeDMWBm6D zzdrOT$zaRBr|T?aK(9lY1~0!zaEVN};tN%H&cCz7tdwyYp^c`r+=+9sJYE&&#Vg53 zub?r`se0FDk4iD8J*l#xF>{EMDoL_oKdAOGG9(jrW(BL>5+8ikbS`WV$pbr^p>}vJ zod~Vu)vJgMm>c1>3sFq)*VNJreX(j%r%X3^skLfko@#Fld|uCU9kgjof3?{e@>FyQ z;@~_@r7Ukl@U6LTX#)=JN7nY%>};t%Jyl4x(U}k_na*s1j;;0hb>u5#1JH zRab9&s1YPx$1)f@DAO-cADLkXS9&TL)HooJDVxZb#$J)5Cz$X$*A-E5_Pw`JBtv`l zTQBo|2Hp2$XaorkAdy?_%&?@4tCp?>Hk7RR)PwSo` z-4+e^BphMk+i@AGW7D`PNt9Fp*Ph00W=po;Z>vs^1TQ9_o_NP<{u|i(KJ{^k`1RA(HoEebL@W2dFrI=yM~g z6Q7y%?3b3L!T0 zi7WqDsys&;R#6Sc5b?4_y0L&-wQ)(%rc5WVrO(#UY=895?u6G>_8r$lJ6(kw(%o;H{kdO0=;41~q?W1bP zQPV#z^^pxfu-2+1IIXya?B{_zyp=4wn~n$@UA<=C6r8rv}A+wZQsVGLKE-`GC<-C`9(->o~)vSz0czm@MSk z;`lUz{5?1mRHTGKN#7nL?B-WYwLbn6?pzY}{d~Ar3+X6NlHwjdTUZe*ph5E|FCzZ- z(IML4+DATbzz8_Ne?@@%mJah$8@{>4rjPeuK$Fi|$U$lgYntJNmi zkX&kA&DBKk1&?~B)m@R`!$9nj$kT_@c3vo(zT9KOqsIZFRc9dBfPq04Aid_-Pq6z= zB)Ycm;^@&S2&nNfoH=H#h31D5F-&t|2hv$epZjHvr(U1rW#oBAw%Eq5y8L-_C{)qu z#Pisa4w8|x1CSSY7gY$!+n<%sifH5V(DaYH@=L$(K`C-wFxmt%{&O4i*|jQYpe zBT7XMe2jddRl%f0!!DyWnS@zXvJJREtsvv&ZGWxp z(Hqz+CCr$tc*lO|8o9{*8TfR`XNC3zD$$#oD#D(3)?ew%YnYcH*v*X*&NWL{V9)NM z(9>E9Y<6GS_QhuK+_!ROue{Zp2~&!w+DcwgqYEW-As^Zqu5>qSMnsxKEmMHw_z)zW zO0p=4^f;N9xUsMNN2B*s$v+D>VmW^_lDfX1an61V2#*0Ljb$bOY5vIEnADi(^)uW5ZaUTC)!4nz!P@ zY&}GHmy{O4^kb3W`ABbIEr?-Z3Jy{V>7 zn}+_Bof6OzIX#4$^HE93*#FgphEKm6fh!P3EDM53i0X0+;6y%*E4q0d_S~=eb>9DlCdJwiH4`dDy2NWCK(8TZ1(yPhqZq7$X>Lhl`-YEw<_v)1ZII_=U;le)9R zL2#dHOC4N#H~pWX(L5Ihb;$C1F?I=PQN&>a=LAhg-JVfXLt}zp8?@9yZ0jY(X=GII z<4$m)*}YM5vzO1FF=u(is8zmr2r4^ojOiC-#>|$z_gV?=BYT{VB8q$`Zp*i)a}l#k z^=wK&JXgfah`xX~6C*}%z&(t>MPH&ZKkxY~qHcY@yQbKABy$MBdTr2GRegz@s;)-+ z%e~|=HlH7A(yU28C|NZ5=%e748LU^bkXWiV!-7EvfR+rb2{K`ntQfhbilCxT42wfQ zjbcP(a_DP==`ge(KNQi!kO(hxTa*&pbkk|?@H;!|H||UxG3m0bAxg7OL21~{c0_3W znNx;icd}*ID3)y<9v!}0PmlY$DjFv4O2#|74n|L6XPri2YeWrUeAm0{o?$0mYw7$j z6n%upda2mWg>;opWy7pOSMX;EN&XTkOG$IA5-cP?sHeTLF({o1U;{V6MUII z@^0xSWM@RTAYZ4*=`8)8-c(T1(9GUIXc_T7qUn$>DN@(^Yi{0=&qzBJz3Wekqo*10 zgv^cH;HT5{X#zzmkInZmRuT~xYM*Ns#V@ZnFwk22I<_xh_!YXcu$k5r;CFM_abBmC zm%mX*51T1}es*N0HM>*cN3|mEx0Ap!~;^d^v8zT+y#YV zq$Cuw;P(f)vQ6E)^F?2Wq8rs|pUG4Hooy&WN77@<{3aAi*d$H8IR&faoVtWhvv{$2 z(8Qdwko73U2wmT92T%m(XgBzb;*Jo`1*#JJHs{sRPI-<$e9rmOFzX~a;GGaT64<(L zU~`02wl#@fN#IyioUx!Wd57cg%MAO9hs)%vCa__>LFBzK7*Y2_F}7k-klEjmDEz9$ zDgoXzsrfxE4qRQi`7!IwWmCZNjuRqhd21X@8fy4kJ~Mmk#M2YG@92D^8fNA5HO}n| zPASxYX{=okZ=Cmdg2v)loNBew}=A9?+b+FeMi|&)TNL;Lo-Eg0zHtDI8O^ z%eeVTe_yHw{ryqBPUzz+l+32Dqmib;8B-beE#KQ?O$2FQAl_X9_Ry?KnMrue;XMa) zTRe8pZjgG31v(8;1w7XNydbJR&v?@!&(^t$sjb5K{}8`c3ZIfJU{VEncmz;|p! zs}bT^3ma4H%oUS}ax%bdv_e^U_Oz_*%}*zb7zc%PRdNW+?4T}lA5TAhj0u!_;V505 z{Hx3{XXS8l83sO>K3_BCKgwqW)EC?lPvyQiw9;%Vs zeYC;_BR@g7gY)}$OSVovyFq`|$y1L94pn2&+s|V;A6n+a#ED#Ys;3q6yK{`u4?)tM zAOLcYoOm7yKeih(O;@jcGVBCE2%KB$^WiIgkyIFZnQtp4&zP4_prGtma@C=QBA6X) z$10M1e=L)F!&bZ$`H5T|vpl6pHu|t%YGq@|iM09WlwS9n-{cW?^LG2iN z3*i};I$A|lo5A$giAv|uBSXB4Y5l~!Ak5wIYSqEZ6GJRyM!zQR^@0il1(!LFO16Ev zm+wK&a8u*t6Q4U3JUi#6!VZ6vgQKPMx-`Ket2&z%v~yCCOjfpiHx#!CfG; znGF`OglqO<$7ad#eSFK1QE5jZ~SbvU}JJQ+FjQTKKatxq-V?Q2Igj^sho&O5y*v}L#K6bG#G@jxsHp+AdULq9A z{sdAu)+ew*?ucbY`)7xDG>sFMEq+B?`A&446vauy%RP_KAqrO6mPTJ)(-&Si`kn$B z##rkIpBvB|PDD7-X`l$t(a@P~)|&L&c^tlBUYs8ksk#XpZAL1b-Z3%uf3}BsS&wAL9Dz*-0RI!dHk?-fF z4-0RmTvONVZARBn%O9-zanIDO5%Me^_Byg~HQM2oh0B`t9F~a|xzt#Uck%lMja!qA zCnR4Nb0fVn?ES_Oq|n7+@vk+?GR4%pKVx2kO~VD$>T%%}{QM7> zh@l1TVpzNVHpNGAwwhSQd@rI=XN4*s1>r2rCO-Vy=ALmCdslJ2Ag+qB!>AH#QjD?? zaguGc@i1ZdOF8rZ@}6o6=h&#=*)2ev${#8JvD&xHu};6Dk_CSFU3W)?OG+ww>vg7y zh#7fo*HuEHeert%ACtXbT^bDRKEl{^hCkl3RMUuHMUwpJi>B$h z6vZ0@rw2z-v9431QBQgT<}jGs&)Y}x?AvmeyUFFNa+zXxD6xF~$+8A88>N?=XgC16jJYf=yD#am0OVtI(f9*A zjLO8$P$A}WUJ=?OCCS*~c%XGIiZ6%cd5Oj#!&@%abI^v(6$FQYsRqHc%^B-;7O~6A z$39OM#>?y!r@*T8#Uv^d6a^JoBih5^U-PJ)9$BUdwr1Eh3c zZIY0L&4ceFb~mzYmSKs>`wruMDG*XNOfvmo8YVzwa`+;#%+U!ix>AddubV#pH%iUW z6r_gnI4hP{j>78Jav5sfmoxh~>&1^a`C?vs$%Pa6I@qDnqFvmmKCC`NyWg|;H|H>X z-MtgOgn`c}&D=x7Pa!&EHA&(ObFr*0KO!K4Z@@eVXfB_oz!8kOWQ~UY=-wWstsNaM zR~nG)SpE6QDxCL>D%v;SMxHCw`#DzZ`G*KnB%R?FSrIp_F&L7V29MGABztY*6&Fm_ z`2oZUNj^sY9!=~tDOYYYp^u~ZcgcH2`#gp;!aRamg{vu2l+BWs+h$V9RC zKBK&nBno13g~Qo4wXZ(YQ@qskv!u6nFy(e;r3BhTr(Mw{Dy&oMw_-~PEE6A_FCskjLIAM0Q*TmMj*OUk-(K1F2 z7jIkhX(~k3UMI46QuZaD<7~DA$#$`)`6WMhL|@oC?SfGM-iwp~-^0X@_~IEnkf|c1 zi8Jgef}N6wH!49|qHm3siR0S`d6e7%DonnpAJHs7hm;{@Mxx~noD;CGL43U~?zEXz zGlR&?Y2e#&_PqEAX>ruWe26kJj`zBaBlaEs+j2QcWMJ>0tDhBx!6!jn-3wgH;_~sQhr~xplqh zKTX}3p+UV$OrIjRR?B9&rrxx zXq?ek@{&Y^e#}sWfhGG6+Tr=R_lJ|E$ZZ83W%*i$p5v?g@R33D`O2u@%mgD+7$@KP z^GiV@-obG2$S2ThY!*YyyYvl$S-pKc&!_@>dE+TYI($Lg|K?ZlsY(!!>R3z7T_k6? z6RRnK|WcXU&ohuPPNzcpLQ1t+l1g5{pt?~7pmNwTj`)lZ+L{=S-2+Yqk ztV|YP9`zHn_lY7$a=`3+sxz?!gA)T*zvM2`!{h0}n{du#%@OiPCdttfF$|OyA*0Wq=vn&0E$nSS^jOnh!56nW|-zfk!_lCi$U7U{c$!SJspyT|+;@$mrao!6Du@JnWmtuxRqCR6W@0As8+8E1J_aC?-J9 zdC_m@C&k|`%nv(U&gQk2!`40(69`EmdnZ5QgEmh-k&B#^3UK*Myu=nri)Nq@qwJ7n(p4 z(B@$Ifg6YQ33OG&xaP1;*6&~kc=%OImZd>2uyFecAQqsYAJTpII*b$VyR5{)wxq}3 z=9J7Y4uUy2Y{gVp1voV>M?i~>3e9Cbimv&Os!_9yk*y7&0K*K&t{|Ai7{K=WuR~A+ z!VfQ+wsLggZGxfw6H~<==1xz-Qabs?wF+`vY9ihr6v+vTkywa|Tn%hJCku_R%W}B+ zyzcICP=-cxb>St9SFK~!3*c(=%dz(a?oA=suQ*yhcc|^};Kimc(0G0IRD$raPoLi} zGO-~HJZz_^Vq(CIZYqnXE)`~bP49CJHFV`gj}O-Vh72b+WU{}CC!$kN=C8?OCA{~m z#P}qv7T0v;yZQV#Ba4%7^ju*)jMjw7v504j0 zEjtuEmCDdIqPSwUHz|~DT-ku{_-QN{caJv~I_mifO{g(zvhh)^BS>MT!j5LRFbE9W zH5g_JDyk|k3pkt~QNB;iQQdmSvzC{kJVcj5O;}G0RT|^zOQ5m4buM+M+E1y5?4oys zExB2L>?A+{zSj7iNXVeb?rZHKD+En7p}t7iV1 z;RrKZbVQozMb|aJq&X(2Qs9Ty8P~FX#(CH}D^^@wRa@B9P8|JL?i$%g@Y*lim8CUM zBSUdbBV0)BbD?ZB_0qGYB9{|Wk(6~9oo4!0K4n3@`3|MjD6!X7$TAV{(@$TlJl(h` ztS$Wrut$EOsc@AYMa@v(Twt_n6WArYA#%!GWFI9U5d8uMevDtEvJTfyq*+(Z*|}p+ zd6{mCjl@Kj(2pO*0XwewxN}v&`h5$3MJRkzN?=I;Q(QXoianeB?LwpYt=ApG@s$?s zCecvcxKoIkTd4}Hwamv`;yO+R#-&=oz{5rx%M-%H7h=Kcj>2HT+Ix&V-y}vum*ZyR zMBZA#c=aJnlXFv(YIK-X*J7ougcEpoaA_8rTolwY81$uQE<;0dcm?frWMkE7h7>X) zE@F`q4#sDfQV02I-SsCGvlHSjbMKzP*%U!as;3m*xP}4lv$`gtZOqX|JmOSrL{Y-M z=yGZHI$R1PlHAOX@3dPn@&U-lNXL~?fO{q>Y1ZBw%mFkksR)ModCY{DrCZb=eq->_#3_-ur|>oK(*?u*s$+G2`uX5P^13Kj#4Iu0D^|Isru0m=2R+RR4rgp*aDo0s8b=-aT@_z9 zi_$&D#s46no#dRu=6dxsMIu9E7jX`8(35JLXt;;fZ?2-}NjxZ7rxqCku} z5>jpN;ShCr|C4SshQqH`y~iC05&jvAKz$|s>Qlm%2#$UFB-k$v@5J5ZEBL6Vf3b{W zcB#?_r-r+|XT0#-b?<3}Wju^Wn&qbgTn6RHeDE^bQ;y>{s}xd9e@!`GW_MyBE@>cT zZaDQCBEE!O6jS>`D07NVAv=F!zP3mES%HK5;n>#a-ENWzO@o3PVu_92BIWEHN&Ul| zx6L;Iud?uU-cXgC92UEl%*q^a7U>RK;w0>yX|MU`IjwrXHgnNcc+!H zByPULf9O$E_<$4KgbGV&b0OlB)zA`Fo1|fEntHh%DCsEt$Pn}m@ybihIQP^u5-b6~ zv9yj`@B_~$ar@BR5oMaK{ctDhUpq~r*&N6x)bC?Z>l$-_g(@iATPTx-I!+I3kVm<2>{3m2T;%n@wR4#KInVTB1k_?FA`e5?>7Hs}#JMvK@*EiMZDVD66b zAur$)?j~F-sgc=OAqJ*4OmSD*AAS(g`Ypty|6ApyW{dF2d`Bw(<1ouN;W6qA_l?Xf+%S zYw#I->NnQnx6v{ey5DPQe{sUVHkx?jIW;>=8we63ApSIQs7jfu&9x9m&47pdB_bxc zb(|%!#7k;Tle`%ZL!>VOzX{3+C&kLZyn}<>Am~yJ<|hjPl~F5`k@p%5<8D<;!^Mi} zSD{aKQ84ESl*UB9Kg6g|b8+kwH>*cc z`#?j*3O=^O?;X$gxeI^CKc_f9gZUkQ#D@l{*oF*-Z^ZYWxWQAm(%*>gsH1YGM(1mf z2#28zieP$?Pw$!U6!C1-(qi<#*}1$O`que7obt4#1Ry6=4t;$)KEFdkS*4rLC5&`v znOXLRRv{u|;5gCen5%|m_p(?X)U%lmyzNik_#z+SWg=CqQ5G$1WesJU0T)}U>+a48 zk8fmfiL*!~S8&<<6uPwm)zb$D;n64*7VZ+vtwk`?uW&_TYgo!wjY8FxDjIj$m;dX+ zp{e-p7kR@+dVv&q1EZhOYhNB5_gh}l!?M~|#sr2jf-m7oD9Xu>vL%?g7+Jr;;WSe6 z+$0%fgup_n#y9tZ0HdyiSSm4oG=sVH(vCbnUe!rr58LzLHmEQ z{ONK|@)hD!R5pbdnc2AKQR>0~dtUY#Y9{V2L@4IjJzLBPlIE3*(zTv&QmX3QuTSEx z-&YvFzta$!yM-X!Bb7?a{e{p#J>xXqP^05mXVeA5I0f<9JC2rYGkR2rX`oaI9MeNn zOh~`S3Z>VA+DU4VfyXVo;;IaJTOl+wQt$oyPtJAZO|P6Cy8b9#n4xdp8Pagq?VP4s ze#1*x6{??A_o>(myv@l|tvueT3e*dRjsc*}nV)!&IGH14FnY=oiw7n|GY; ztqh}DQinEP!;UEa%(_D|q2S|8zol}KGngtnJvOmzq~`69tQr=d6*BrVMK zV?2oY-i>Nt!hLRVq1-SWEUiEOB)=tKc)31deMR|)aKfQlDx5O7V4}U-CNv zORakH4b#@v#Z2D^N|)AsuN4-f7+O7qyX=>!On1^m6))2LyZyJR;iAz^UtIR?vS#Yx zFFZKt(OUprs_9>j4j0xt0j9Wyx+OEj2C7?{x*oKQ_K?OI7<*Sis_%NF}vw4JJO!R?tmSEj}>vVa1*_1n2k(aeBh34#x zF@3El8~?~8^Q&PsW4FH6ZGc=AV?0HdFcbdRL_MW}DKU1C9^uHug%StiG4B`G>%4MP z4`zr|hcLls7f9#BY8V&!^h+2ITx-u#@<^ld1iRYJmDeT)0B`(O&5cQd-_^JqlT5UE zATjjR*}&P4Oni>{6Dux-%dBk6ey3P|pN*-Ovr$M1SIO!{5(2B(-pl~jj<-Pkf4X= z>c+VVp6VS}``RCT>z$`s8gr$p`sV*mx7FkJxe;p|xM{bK2nT2AGi{qjHfX zT2}1@zQjH9lz1^JUA7&hsATym+~{#Me#v}Z{E&6Yv+X7gJkFK~sBNVne7Tx(2X_bD z4NgC>Xp}g{G$}p81E_(ROb1iUhyg@S8xg(&k%PN|7?7f$lOQR!1|SgzJng}T0!Swa zWk;bKI4v%nzdH?k1SviaJ=is*i)FL50eW%Xo##WM*iFKTvT$%{uERcN4t-nR9805G zbh~{S;`vI9+U(eYdPUYq=v&dmEJ+|a4FjL;lY~>m%q%R5#}}!ycWOMo_~sjW@G32c z;2?C_NNw_^1k3fu=Z^0JselNd+kvT!x*C~%f5YCs zYX^rAQ~<8KlQC;je8R4v9O?~R z>XyOn_!tAGdBAvE5Q*;=tYtoUh4MQ=s9L&rd{#jNIv`6fo!-!Vte4!gk2t;+aE+(b zUG&;#Z~~S$cRtu#*Gwx2P|+cujdt0m^i_hmxEn8H4U!oWw<|-34vYl3ajjgJUy~Io zcdRw}3g~)$oYs2y+;nUji4&Z+92QTek#S9O35i>j)jf*an|{&>lZjV$C47|=(%V>Y zvkGB4SsRKUXTH@%s%dg#CJ-ouDoxB#H8k<7m#TGhZzvcSu;TCH*@WVL(P!1eI5yuZX?9XzOA32YOUx56E zYVVX~^Nf{OAG1Qy^>i{VUJ*3O;#i^8!99Nv*p^e93hsRW5e*9IV zYwgv%gJMi%4IrUErUS|sSZeANw;5EkExoH^)C|vt| z-(}`PVD5!@2|=b+HcSVBqq6nZ5m$gd8S7L_71XKS$GY&0Wm1?PS|7uB3`KOvFj?tn zy^sE)_sbnEg?2ImqqIuSEhwI${>u`_td*EId=Hf7cOzQ2$XI$4?VSz3`e=guc1|ya z&|fYd8CngfoCT(XM?-xzAN550(=BupN`m z&k5fsT|+~5`tn29u7!KVIcB~4)KRDxWMvFdHy6WD+2A6y9tM>~LICgF6^gdEiPGBp zNVg6*z@Ug=CZgLUdzx;bw{ktUqxU3U`t*Z5wG-;H%sFLD`?m@(Pt)7*%R4 zV+}=*A;rJjWQdwC87kb#SB#+>J5OKojwU_*HvUoHwr+4iX;4w3SF56SSvQ$eZu*os zfKni)c(oSvvSRj01MI1J-9lu2{RO_0uF%eZS7;~g2h~!sY{_8}TFuLMki0)_ZSu;w@kJXEkam1%G|FK~kd-5P{F)ZhYA1?; z_Nl&QNHl%crSMgQb)NAw<0#?2y2&4vO}vn((`EH7`Nrhfvs8od38pXvCyXZX$D8lu zbGVT*LK>IVv^5W`ZccA`XqTHMju7$M9Ok7kO0!^NO;&A?tn%Pj8F)2iM!a4Ka7Tpj z$lh6ck3A*KHvIL zyW35uGDlp#dcCQuvqJH?iNUt$7R_e)jwwCYl$@e(%k;g4YN9PXtlXG|JfBuA2R;!m z%tP%a(+TuNl^eCUArK0`-W_HH7E6|TQ!6fLp3%7J6c=zui1^i^cL;D3(9?x&i!eus zcuj_0$bW2a9SA2fFEw1l7j#tco2s7^(2g*zgI$DTraHJm0 zw8RIA-OGZdPC;H5Ghl^$J}@rF|33j280hD#m&>Vi98#Cr_oe8m!PQ0&=SS8zz?IXb zYdtdtP)Ldx<2YA|C(Flg25FnHgz!n@D{12S1w!fN6-fYjfm|Q}xK_bR!7Xz1%tlj_ zr{1^P2(tkynfout_Wye2c2+3EZ@2PTFjaRB|7XBqr~SJf`LS^%qt|9kM~)dC-x_d8 z9{ZeK;vLhxQ`V=!6(YbFR@OtXHEz5011n&FeP1^(6zN+CBG~=m(OaKm`dkutjiMi@ zOy9j0?5eif;@FUOaU_Ll1y4cG5_v72q+`PScD#s_aG*_wg3zu5+9)FjELxeTAQ{q} zxJB>^7k;f6h)3qZE5>^IA@qV1wlpqI29syS5py<6ZL%@B=9Q}usprx+N1PF_`%VqC zz+6fdR&U`BUgAOA!*_8phFj-hgc|kaWHul5(|oTAXGP*?8?`SH9)rL_OA+}?i+O*r z3vedW%H_P%m%1O^q&@zH+d)O%>@-ybkHk^D+eq9&O64g!U|L>{0@pZUq`Ty7&62r* zdbT1wV@jlUgcQ4%chgc^G zcT{(>I<_wp087UJpKqNdKdPK;%`xG##nfzQrR4iPg$dLDI*1HUQ;k#csO=Im#9ie- zY|>j?f+{AoR`(wsA(ch?Iu(w%RC4|08_nU?EvTIav{3}-Za79!TqVUlzhV0}6t{@* zZQ3Bozq$XD9?tGnYs{QObn0s?&fZy&dikUo_Ej>~+HpLnYqX5}Qhj*!N8N%(q)@4S zF|WfLdPgO~-rdc< zR9)s3$45s~qle`GYncb~hzQ)0FS?oi3>aqCgKt$=^n}@SJL)C6(ZRsk%_y;igll%I zX{Q9F4vFmR}NA$6- zqGz<=ryGc)dD9bYLC87%B6fBPdru+s0&1bevd4){T9p$=- z$T~_dUyF5xiqp0346YeIupZN6{B8IE&Ehw`sQW}V;Um+W@FyoLI;(`{LYt3Igo`OaMfL7Wg4hg>hi z*y-KVloI8Tjox))j4+@U6@zf5GV=p7wPo!*R(`fPADwq2umfu3jLTg~EU!-Ic0*#K zAgZR0Ebih1$B-n6)bzs2!v2m)&VzW!SRLm}i4a3p-V6lhPQ~T@uZdOr#+m$te+PPj z1aKkWM)sQ2aAv!JMWWYMF_uoLqev6?F;;o2BjG+MY~52-a0e7+o8jeE z-{C8Ifd1jHJ;_+MhxSw*p={PMZSv!?SL{c)2yS*f7;5y>Xmp?Vz%NQ-Npv^a(H>R3 ztzly{8{mqby=PCSQUmfHdT_Pol7%Mt>KYw#y)8M5An7L;oze<#yTKA0`JI*A&px=d6$<<&IiUuuBe zAA`j=aEsKW4%E_hqeoQdCxHASPMQbcR0T%#v7gjME(h7aqu(A<>idsLzE~{mnGn| zo%zzXZQHhO+qP}n)=S&AZQJZu)vJ5e;2+d@$0$ZOPMrJgX~Z$EWo*?NZCdd;Y&bL# z5t`fL1|u~0O*9P0n~-wMZcf|~U`s~;EMkwp5lnEMVs#Aypa*b>j0w@J{RkFp1enlO zNH{$7=9tJ~HE4*)(cL?ZPs@;+pT_2(r7$&>g^2@o67Za95;J_zQC#c~3|Ke!`^wl} z6wqJq9aTA^(+yls37L|0yh1C=I5;V4?3Cp2Ax{L@24;PDl4v}-ToKZGHN7_sR`MwE$H zGIIjSd`tnPMo>%Xw^5uKa%(x#`(PAEXEnjG>_aju5)-`~__&ZkgOE3-RQNgV+{&h@ zn2ku~im*+5&aLWU&Z&4-J`7wTP{mE=M=^Dks>$z!Dz4pC5XZgyWnVKa8|6vIlfHFt z(P73dkz7rzCzkjQznjE!`Gm>33dKV$By|`Cqe7e?KlD zkxa1fy&Kye4oZh6%9({3U*H@)p7pQ~6H?990HCh0mG;IZhtw7b4^}-Dy!&Ly&}qA5 z>gL=JhNJ6v{W0y~l?i-7j4R^VS8~Kx@wzGS5gA}7DSj~2d%UpM%gROgvN+8<9dT80 zX|U#u*XebgAQp`S)|!78 zSCvigTcDGmcLC{MwyagcIJPf4e+}$AW}F8A;ktmxa{q`}JB}~U70Z!`jWKrcWMF|N zHECDMNt^a<5y^aRWg(x?g1`?-oiVk79PJPeNQez08SI`#Ce_MXyJT#0wqmr7h8M0j z78GI^e3MW*OThLV&$n+N-|$Ez*;9$;|(Uz6?gHnG=0A28;G^N$jfrD5@ngn&G_t0IM9N zpGCWSDi+YoLZB}P7yJhU`JbwB0Yt_t8|8^kC@@48NE|N=Xc&Z`mDC0tW8fM$)*n;h zs=gY0AI$A-gv#U!PK?xKK{=hLY=s`|1o-JXT8utvGSc?x8pEVznvp$>T zkNO(aiPYcM-t4Dmo1p{6zoXF;;aMw+0lvZ=oq}F?xq@`kccnW$qN@$uNmr!B~dUR0~xSI z1xN(e#$0flRK@L{kn=Y%O`Z;%hbpGDE!2UKc)*b0hpkvS3yPB#W&Kp*Csm7$h+hRO zBPoAX8^bx{H1`u+aginwI6#tDQW{EH{vDpd}sDJ?LG9W67UX!Gg%-+0@R%jiMGEJekXPP za`OJIcK0>#J}G^nNzZeMJiCCDrV8XU*Nf5OWDX70A;6ZRi?G1-!^@Ky~U;0}j%Dt{dw|*d|6JnHcg#>Bs&9l$M z{!B-8fTm#{d3vt^Zu$OkE+_@ZQ)@>hYkEUM$`$+r>J}-G;(A7@da93%EANuIN2ZY> zQ#)R?5Vh`~cLV+{nv5}tQ3i|-hTVTBGL$8)5P-OZSR$CbiWjmaJ zj0Ysc+LGf%n`M=!KkXPE{D2b6j%uVMnvRhX-Nd%p@S@VOz8S906T{#967CX)e)AD< z8I0n})=W?dxDAL)YlJ|Q`ET_vw_3DO-ddn@p;XwKMDgLE6B;4IY|=G#jz0mX4V=Fc zF13P}vyNwgZwsd}&9%yXv6pi|xb!a`^WtR9PDILD z7ob@Y{8%Gswh%c+Yx}14KNtdD6zSzc@o%maJ?5aS@5(&f7;!D9r*0qD6{>(b!Oo)= zaZ|+%`k+9R-_xG{^d{)6BZkuD^dfWKy}e|rQ#&$EHr$`pX;#8FQ7mEdwPPIb&wvbF z5f){~Q~|!x(Z;O|t8EvAjl&a)D&_lH!)FY$Bdqh>Hq>Fk1!6y1tu&iC&qeY968JID zu{~9XK9H0ad041pS>Ta}qhtQVdKrnE55L8oS`R2>Z)yt%jI8#-K@Xf9Qicvg~#VBw;sf;wldQ^ZJc1mT@c%*=~bYU#hT1+ zj<3$y8JgE%Me!c3%-g}Bh;g#0u#j@8+lfJA&yYprg@~Com15J$Ql&jP$`_D*2VZCT z+^M85#f#|<*}XqiI3+fiJnC8TqJxpJ7c`Kiu`e~@z^K#+y<}vxm|joLr4FKlYwSh& z<&pIb)qDguhs*`^+X25|cN~fp(Tp@AM*!KDZ-dV=JE%`jr#c)*vJkN<642(3zb=C3 zu)d{xH@Pk0ePORwz-h9iGt4YDTL3+_GAyb=`8}lK)PK#Dz^k>zlqyEZR^bW7zpVgo zmbRL?pfN1oqmEt18*}S06|&TSW{wip-uyJ$E2kMstkHy%&6nMR%~Xybu}~{KbGkkL zswCTG=qO#^sC?vGZ4`Tu)vS`JKAl`9oEFD(x#o6`wfzA9QhVx%tr#Z3C1w)DmE&HYib=wY4qWbg12m&Ya9A9VIsUPhWpjl zZ%dwY6(>!mTSz8@=*cmsRyGf#bAZl3OnhbtNTcVi=-fSCxY9DjgcP7l#2E^%BU1PX zjj|VJ;v{#+CdMiB17mamw{Qrxt^|V@qI^7vYm4Dr67CgRD*9sc4Gk|Kl9rla504PK z{v`D!A9VDU>+<>&{LzSKWNN)kwArw(tviyDj9BSf(a}Z4LT z

r_2K2;`EMDCOx7>7*vDZ;rZkP4jW!UdUpX9HQ75tVHUjCGNkxcXCHfKA410F>6 zl%Pa^ApQHLI=`ob2eaJ102+%Z7=I8+`V(Q~U2v@bQ>9~FsMa6_O74knMkJ5#-gSb# zs8b=2+tJrqW=C01OHCsH6;QXbx+qJ{r|Dk4CQyWol7_e8vr#f%#X&Z6*& zTf!rsBUSpPrGxzq68I*o?3O2}pF+TiYO;frB1dlvJ1>;X7L|lsGq}yPm_swI$qDjC zIp#1>$0G%qrWT=K$^IigU&3_m(ps0Vy3NNoi1!De&VNZ@kGNVM$ydc=WY6Nk>wcp^ z>gsr;|EQh?5v13F<01zbh1xgI*M%PYJ}MZ$@xc>Dq{MEA1%r!LyNQm$WFoO`Nb9)T zz?(Vt2dEQ!TN<@CW=fzV2K-LSLpb$&tjnh)=Doq+gu+C%$4xwF9FMLPt?#Z9yDoew zrzjju$-3)Z9C3>;{?IR2i)k8hzd#Jc2$GsQ9&M-0L@z8P#TY>9R;SoQUf|t4>q*f# zhuH17_$N@QpasQ&CDcM2yg#%fRPTOFZ~3g`-%P2|a&#hmt%GIY+D5L0&o{N|#_KPs zn9(e$gS|C7cp8`zm`PJm#=otPB2A!hEpYVSd3Sl}`hYMM9`+S5Jo_L%rJS6;a%chy zBE=cT44yc;muE~?tv1!#u`X&k(a|Kk%d_EfE~guf4FmvUtr9@EjjI~{VQX;eKjT52 zOX_5Gd6YePT({UDKw`}!Krt${;Jr5v0?9eWkKKC%v2LF303G_E)9jA3;LvN3VB$f4 zcY{P4TI<$qK!$d1|AN_6_C00i3(qz<9K9ENchGg;3lbsWy|fjV{Mk4m8EDUjgYfOm zn1(%*%Am{*Q7o)83!k$a%XyC?ew_qR*+jjCE+5_to@2iWLCnNbopZx0|JcIpd}%4n zq{IxLMQf-l!&sa$R9e^m?W3;LPS1jrJvPuh0?1^!Yd?9`cg2lB`sXA8<6+Zxm;6+) z_4|dzd;47Hd`O}(gmspTFJ9hU@6weFFv=bnefd4C2Gz->r(QH{*67L$ce|B?-uNx2 z3RL6_N5Iz4O7e@yv62IpdxFBTopN5!>oGJDc&yPyX@#smP$b(6a&b@vSo;H!k$?LwR4 z+nIZBsD+)rjB)k|S4(+);|9OwBGDCIAYOIS~~R z%)>KsTiZmLn?dJUu;qb^`JjKXfGQg!;9!1}&FF~j(4*47$NF!@4&sp5BM*}~-f^rk z_4ria&Ff6pa_k*0y-Yzi^|{7fxMucszB373kzmInfO1p7kYNXqzV(%`V*2Bs0d^8r zBhL2$kxV){i2z9fQ4uN$3wNDEC}^P$LCN!+H?s{>?Bz(saVVoffnjd?ADwCT|KLnB zu`)3KKUkU(pNWZ?;s3MK|I?XfVqs!r``a-Cb1*kINZNs&mjFRp z_GIeudp9?z+-+RJdk7F9Zf=nFVcoNxrI1NNOo}fD+|D};){Wq#Ah_I%mMaIj7?3&iVF~20041ntgS}^=J0m` z(2_a%2R0z9<8=jPWPm3C;X^ipa`>ak0EpfIaKt0aFK^=x0p)}JfTCPu=b%UX$L^WL z*JOmygo9NRTAJP7=o^^cJXr@N?XM&BEzRs_K<;Hg0UVuxG`fIzxp=cu4nV|%VQQ_n zb82b;__vY*Scr0n`gi3}shb1lw>E*I2TTR5lmc)q_DYvmgi}=k5U2cELQyeC2fRSV zC)2`bXGQ2+!#)FGb_L>K2htYM=i^6C>h3)q+@dXN+32NgNOS)B-nfd>Vo!ygqe z`&RT^uy7o9Y#l2(yZlQ(HrlzB_4&g%&)?4Ek-gBr_Rfx9n}lb4 z8LePZeJw5Z-@kgDW+7%t1BQ)z8vo5q>rL%Zp#Eh+Z28AbBfANE-#{@y+lORdVQ*#p zygq5IZ?tcC{`{&l|6`^-W?1@$)^jDMR}O-h#3irzDD@E!qNZSuK=i@hDh7XPPA zBh9R=Jm>>2{Wb~yc4L?u8C?JTc7OM_TKMN4mi_FqQe%@)Z}F2xqRNh(_^DmmwI?GZ zaN7^Gny%p6m;54C@Zbrq?2QBDeWT9C!2tk6Kl;@LWbLd?pdOt;?7ewGg2*2D&4Zym zWib0o2uKPED`nmIxgF|x4co+AOH*4<_rcCW0&ubeY$Im$(~L~?1Kt?}#>GO8UDx4) z&@*goa0I9Tyv)e%%>EJezCo6S14z1SIW6~{wqBG7nb+@3tP}YP6~el`?Q&L5z?bh{yjAR0er}{M~>-&G-ZE;17wpsS(8Woman>N5aZV7r+|_kTi~m zAPxLv2$-!o*W2yLZCB3#$eH;|0K5qRKas~cb83T^9kB8%zSbAu@3oC-{ust)pDFVz z4x8RnF&yRAYIgP@7#0G1HTE=2JlfQe^N7b`23D2c9S=~K#iNHJ;AabXx)(ym)rNU; z^Kyc}$>-{Cg6hX_k3{|JzbD%80UVh0H4u(0J@@hc=B@!g`Xn|)y$4HI%ih;&-9I`b zmDpEnlVcN|n+Id+CvON?ws;f5yjHr6r%6q{$A7Jt+Ru9xuy@(liy4t~%(vk87ZEEx zkY{Ya&TF1ei{m#@W38JRjElYDWo5<>WCSSH+a2-?gChw0ms4F&Gx<`(61;~DUE|ja zYOP&Q^{2CrS80@psh~)t={My>&Soa`1eCdOL%BzIw>G11-Y*e ziua;_aq^v88++$>f#v7(fz%a+BII0D?6K+zM5D4=4jmcN4aI!hxbGrN}ao0q%R17iH>Z@%VS@-5^ zP)OVi_muER!2bsgcU;j-`B5$@>sNh4R*y6e^Mjyw^ z(HHam2lbh2QtN+U#t9WsdMpc=;Uh56~I@#ccEE~~6{j(Ns zs%Gj0Cm<%F#rk>`js3y|T2F4p_6l@-q1=}hSud5%$cNuRadJ{qC1V zze*V7=eaEQxBEvp0-!TN%y`C-_4f8Tg7KEMbZYY;vSUl_I59(19AQ)U7yDD6N&B)E zKMJRJ3!rO8EF(%xi&HHH&sdJEFK=|q!u~AJ);|(v=M*7&lSDcB<&t?EJNBZ`=2ST7 zx<--*)+E*}oEDH2Z#yl6Rj!|2q5U%I)XL35U_1CIED+7dR_zCK<@}$-RD-&JfWLH- zq>;}jA*lJTh*{9wJ^TvYn|6rL2wP0U%6jjz@P%aD67P(Sgwu~BZ6m`*MX}&77}lxX z(0C%_*sZtE-kh*NvXui?cd@xmtu5e z8QR!6-+23xzs$knW5CN)5Npg-4p&dQF|7WQYQB7qC?u3r_hw#)7Kj0067x23i5eEj zRy}BCI13>j>aCqjY-fUQC;C9RLEvOu{pI?k@i`qC(hC>-uuU4DQIX)4iBBJ3z&@Fu z6`Jp${|G2q+jDERd#U3PaZtr)VA+RoQ(EJ2L#i1s`-FlB&&G;gnf20H>Uay{N!aMY zaeV5oqXre!x~M9U-`ok=X5Vn+V^o*akL_#j4ym2I_Ulxv$+|u{F=nM7##A^pAcjsE z!^dm%v3qTaD~-;^`%b&V*`kY}V>nO>EO0M9h+y6(*kV|wb)+2f?s!DD4IAoh@J;4| zn&rnM|8`x`Nc7syNfn3gP(q61lB*tXk&Uub8H}THpn4KwR<(Y&i3GZ^TW4)`Gw}%W z0j;T(tvGy%VxRg7umMkHr2=a-3?z&rE^r|BDCbN)bY-AAeg50WJJsSHN~R?;+Nso^ z3>=d!>SxQsbOAVAC!4I)P>H z+Hj3Ff0r4Jg$-Ue6^AGkPZ9%qIV9}y&4|;oF`*vTFi=bvotHRl@UOWpc8N{tLLw^4 z1PNPxrOfD@mO4rW%N&hrST&gmQ)0T^*9N=ut;D2WIunHJ?`e$*wsx5Q@iDl(psW8! z1W()`0NpO9qi-1;t5vUJ^yU+VgeoPR?k{(IOpYr>)xo_WUVN~WDSm^+_O5ZfA=|WF(>CjWvB<=!GVFe3NrC^ z``>TxyHPRfE%_5BcV*MAK3cw65Zp4x7KNt1aJD*bO*PdB(SmHxH?}{EAO3_okvX5j z%bzitqoXIxPRL4M7)q&dU-q-_!~y3q-N(ptn3n zT)C!DpIgH6WT7|cb@H$38~?;UXtv0w28_qk8c?zY}2Iw zFBP|n7T@1Ez3t;^np!-_P?;dHf*Ztc0$lO00qb5WfC<_C4u0eE@TfdBYci5#k9vHM zBv#btmruL0F8S37s^eQI90xe2JMD2RCPSa9<%uoBG0gU0>%r`bm2u1%J8Q?-g;WEr zQzFueIA6$we^3>xVF+SvyP`|>jRkzip0jIK6|8Y=51ZSEdTZ5ONXKszv4ALnEp27l ztLoIACm)}uRbi5~c@CF~+jUzXDn9J;+~G09WR))aK=opJkV;vJ*9aq-x^_hRtV;j%XCUNu|W)So{t}0 zH~nD4jt-}enfs!vv)3yHdVzo<)?aoy%S&zTKm}-3Goy+3gILNZ}0OB@%49-O5pS znmpEL=+QuJ&`TTlZHLn`9gA}>sI;8gm0cYau&vVg!R*C)VI{UCUz+zLZJ@9=Ze9s$ ziD%7O7;lz+q!TDKQVf@QCUOA8n$5*hcp7PqgZ2-j7c4)(cldh!#^v*_ah*%0{Hcj< z!AKb0VIX6q(dHthF|-E90cP=5+V~B6D}F;k;*JoG57$@8Ou%IBxkPb@DDz&mm7-zg zPg!)R#>XdmJ1fxCtr`ht`6l2+6M@yq%Y2T|#?Oe4yPjK56nE~e$?)20!_bJQ3s>af z;oOy~t-W*h>dE!6&x-{WuN#GFjiN&|eu2t-3XuEq+-$p|POdYkqT5F9Msg#-i>w1T z!GJ_zx^7mSN!p+B)rLS~{$pL4lP9h6wtHS)Q&0E#VBR0NqByBVjXD_2#A0^4#Zp{H z{3S@>R}Zk36Vi1lC%ca@P8McI-`hU#Wli3o-RvDDw#9xWP=+D7KLXGD@S$f8j264iJ0ijSTh3A-Okk6l*V*#Cr1ND8BEnkbnpT_gI31cuN_0$f~;AEM+YPbwLwz z8$&CwbT5R7%1`pUVG7i9DI-U6Y+Bgtm?pxK*q=0@vseX736w(!2)d!ZPY7lUJ-n;J zbIgi{kR7e51CUOh!^=YE$PusCfTbDfM@dQ#a3x<(mrEfaqifin>m8=kefs#|a2Y+y;aYlH~xz9s~*3^9F1YCdyvh z@<9xw74g@rp_b2^PNgmROeaM$A1c7pKk%2jKEpWeFLS5!B%3vmDM6@C{>Lfcm1B=$ z;OC+h9d=8It~l%JsVWAyxJk%&<+fgt8U^HgNZ?zIM5b%Lg`yzav|p_0XzhI^$|W0= zu5>0@`Cq1A_D{KO_7S9sqvM!C+-$&cdpZd1u#7-G;7KVq?`03ydVIOkP`oPn$?XZy z2yYS=h525?Eu^849k7@ys_!dd-k6%RbzBG-ak?ZHelTc#CXqkkIiK&uG%F_tkN?hi zXN!QoF=}v^Tl#xcCAqBlr;w*w6RfEBfZG7OR4~{5j4AkYkrt9Ax$RDsjDabgGmQWy zA{si%Cey_nN^m>a$nP#yYpDevb^;G#TAR3IzFy_!MqBkb--lCw$SAs-mV>~6q&|#i z_u=C*k?#I|gVecT?u#gI%(NtaAxXSrT23gX4C&&OXUxd1X47vkisIp~_xTc}S?nsX z2$7F;A2i<(1P8oFSo`xBWoY%&9HJ`!9z%>o;FjSjG{10K+68XZfkC=OFU)5>MhuID z5ndp4OW6QL%0{Io#S)QA5J=yf>mV2zmrA)1LmOmvEN$a4`DYBPh6M|XrW!3v_;)>@yVkC9*lnLtI?p>I6;HXs2Oz1Osltj`&aQg zq32*7Dla9+hQnb7^U}cElTgpud~X9H;L4aCUJ;LdId)@7L;>=9A2?YGU$}o^a1tb4 z3oSLdd3)T!Iv0O=i)&xEmw+#6sij;*db*y?@_0Qx5q3*bK(jU2abR`t)OwKGa4PwPHD{9f13vN5o&XbZmd}cO?KJXLTuC+M) z=F*g`@)6F13aEEDHH$>t?)9ujhsh(5vM2Y){jzG9T1LS%9>Pqp?V!T1rE@2^o46Ic ztF>WiXv<_Fz3iG6Bw{-5ASBzOiHs$Z{*cY3jAk-Q$#7Mk#Vim*gpk=T0zsX>B;a?AExVZOoPP9;9||LmG*z zyUdE(W*NO~OQ$D@>4aVdy~sbr#u@!Dmu2&12>OG#OF&b^89a%f1dL#pX~l!)vpt=k z3(tRzVu5qvmBCzZ0E5#Qe-b#$rSa^!BuvBq1!<(Nj1e?3ySo}s>UEF0zL8ikO0C5?cn_Nblwen1L`X`MlL=*E!LT@ z;Bx%&K?ICdVa-BK@rj-n4l-H?Wjb-pWEpO|SfYZ+fgya0*4=XxC0G z({QSVU87Bp8nHV^(df2Z3Xcg8ik#~^TsfcUlVaVnGpZ^unD~^&@A-Ya!gwp{!BKLC z;Hr<~wKJjDOf;9m@V(25h4j!;v*l>`jH}4=lq*}#H^-7mw0E6k$3A-3tGK52fbOSo zQzTl4OGg{C%5v&M8bs>PyTe5(wog^u&A+_>n;S5|$CJ6w&dUCXT>V6)s|{YA-PSs? zj1~pm{o$4K0=`Ui6;O@B0A+r=jpdPe9yRI(A4FhWeoi^)d1CDbxIFkggfWI0B(Je=$Cf#Up?`f&9AwsOR0@mAGANI%Ag zDTT2p{su|0mkk1DpOBYO*lv9B_scZNHA1ul#Ogkcd3a#MnjJF^e=Ma5NQ_eSTRnH< zOe7k#zaeCXMc?8WHA03XhW7FsQunuuqN=1ll)`5n3}}{q<*0C%gr*c(RGl-POq9ml zwBXtW3=YM-c@x46#=qREWbHhL5H?ULWvsJ{!aiL94x)EV?hyorEhe-(izMEq1};Ob zA`YnpC;c)S$^r*O3C~6~j3Te}chAyS!&o7Wq7~dslMvcG4K{&KMbN2Wo?R7!1l;?_ z*u!tow!~!Yi3Ej-@E`=KcGj5Tph?ehXeT>$m&Q#fqpP9z*^p~|(ctSw{KIvO!KE~bVp=Naqmxyan5g)1wb>5GMyU{EeqC;m^H?}L=WfJF}A{F-Tsa$PLzF1vsXy?aVR(p~-dhY@znQW0_)F=Up=x?+}}=1zulQbp~!5*Du&e`5S5g+aTO+Rt2X;PiD>ll~@nzqZ>W>$3@OH-`f~F+Z z{4-xDcyDy3gQ@uTj0*!t>u`f^aPEE}aRyXjG^ftsd+Ss3alZpREN!uvRTy9!ss3Y^+x>dd3U`7816t>LpO*xcNhR+5>>}IZ0 zdIIB-bKKr8R(OX?5`Y*v;giJ;K9(^9urUPJJNjZ*4%B&@Z|5pIpT?%WDMv=UPR^8bSDQ*|hu7TAAZhbcXXD>$GrbRszWl z+y)RMxAD3{Xj>PCm9DnfUxkGp2=07td(lm%-0=n(!Wap5PV@6=rC$u{{J6>5nYk1b zl2&bsILuJyBTbnMvqP8bfj!4T#Ws&hMBEwaPVg)G3Z(8{46a>;GJX{7{^e`=xqzQV zykn3GwdPi{$D^A!J$QPyM7}}kl;6ORbfFF}haPgxHr%^mcx@xdwR;5 zTZ@!SgkJ)Em=4w4FC(Me)%3RsaC-$+!^cP*x-nu?TFbU$F;tX%m!ld*5za_{>vqqT zlef#n=?4+2d%*MOqVreC59LNEQ3ZgEqkA`h`w$<%zx6-d0YBr zDW+r+gNzUR4u9&jz?fo;qNA3V5@eiJ#>f}8plCGdX9kALmVl2do{cOxpN?sIS|H-B zmnroZETS@70W)J$zp2(xaa|Fwx+n};j;y3M-oD9FO`I1wqa*_t^ofZMZO(tt`?L3A#K^YYdHqB+)-SQIO!_#hRm(6JyT1;n=vHIHV~Q=}@i1b9 z2v3}|_G~hAtR89gV|k^DuqyR1r*FGILzc8O4O+;&iqhH1L&N+=l! zuj_wHtWxv9Kx|uTk?~5_#tEWd`k682c3i`DO#Y|APBI9A@jx4m7AVvfgvZF*cZR)I zcwQ62)hSrmxQ7Vu4YI?(Q--DPt{i5jMB3&SedYQ7x67oJi(hhsoa%CiXB!`(su2y- zWXYfG8h{TkL(EC7E|vye2s>Hi98c9%IoiC_q@sC)<%~8=^0=YZ8a)M!@j&(@ic3^xtCI0eK=bo{Z=CH z4t2wRW@|ugkHbB`FuUU~H}_Q5n_C)LyJz9@TogB%^a(50b9i^^-2p+I^)aOgp~BLj zYmg>QjA5O&a?Y2NX0~_qu_oV8YJ-sP?nKnhW@|jW1)7>Lo8>52g7K(HY2>(+ur^8) z4MhQ}uZSUn6h$+N2|alzYV1k4_@4^HaQm=PH6*$qE)Hql->-P&YYYbp&}mPY0-%Vl zFV#)sSpvh7gGZ{9dqrP;k9-h@q_O99%HgZc%GDs8iW{`vIUrN@un$6GEYi#%9c(Wf z^fLUhm-j`DIXE@l>tkHJTk7w(YF6&lIx=Df5{C6q`n(|s3Y})uJv^}{NoqYCkSxdk z@k5$eZkYXIEaz}gCHoVJ9HUZVVXZ^e=y(aLuPANmP&<}!V9tAU>3yip_#JtF^h++f zuYI$tpl!SCQ?m0^74kJb=23CCmun~cSnn?&X`L}|p^rOT)LAAkm=(^Mo|}r^MEzG3 z8iX7JgkabiIYmpSWgyuZG|ft$7`U6b=izT{=}h=H9BS+buHlbzo~SmA5a8PpSXHFj zJ5vVJJo*ql!-ozc-H1Y0@i6ivdg2+A1xsK_5!y|4lXF@gbRj*q=>tTCDC*4T<UAWz3VA)z9pz+wt8`h0k=Y{qmPpyAC3+>c&-#z3>HHw>=$OoAOv-Xt^$92!t7( z@GQ1S7WgsL0V)r}*ItzqN`sgLa7ptjG%!IRWy{g+`mbFE!!`8P1#4~xS?Nw2yA6$& zh<1I(izssT*7EC{_De`xa?3S>B`7DBf=GjoY&pllXkwr*B9C`rSHCC=4#)zx0OC(@ z)nUWJ+GwcQyAJk*X0b02w-?DU+&3L@L6#?A#jw{XmHY~(SBbVk9Sis}shwTt0$N-Z z;o&PI+rQ}43+(!8E zSN+0xU*8~wI3ylR`+6yC<=e1rK!R9p$`k!(gZ9`>PMtwN!uOsjPOl%<@RGzzwc-yK z-e;s_460IuP(RO9=6q}hH=KuLYktb=&J{rFg@I$*;OpxDa1tI)o)~~;yfTQ0L)uy7 zI_|-qsM0i^8`xg7)6bulUy8o*hEW5oT&IrNaVcNEvs3i}**|_~odMHbC69j@cLc_W z))fU_^*qhOkqIe2q3F_#Mv{kDw1)1LEOqhzm_>vrt1t;mVh%DJ(61iG%VAwat{O$K zRZC;5%Mi=#yy7EaWLA^73+gk~=@iY&CtPz9-2QEr;>vfzg+~#=uYQ+*)$MGWliY0yQ z-<5p)*uoJV@STO;JZjcDm2O!mw{A_3iRUBFMG+9WWPVZ4NToR%Kn{G( zf_fYqmh~gN{9bZ*nlNT)GX;e_&UwrfS%JjB5sHJ0&~3~7Rqvc8Qeor^{LqV}7xdTc z&18VX5lR4?$c|;1`H>Y+Gv)rww`kk!pr~PTR^qc9@x~YeML^&_d*|^IK_8<+@A)X}OMGZw5G^Q+N+ID7)6Gh2Q#we6U1S=iOg%Kf)6w$K3K+j1C2Y%IOq%l})9s zWTuz({$=CIj})(WCFJiS%-9?uKJA4dELSv})={f`Dgby@=oLmP=G}t|2CcWy0a^F6pcn0R{}f7k z0Jro4h#*h&9#m7j@r+|^D=9KKH_-Xm&716?G^xUE!=Tti1h!wOZofk@dv75o-LgyK zmRxU@{0=QdDUd}6;a=^vbZr z84{7d$XyJA5V9!$r2>3ApB(suz&ARnr90^s9hl zyLifkl(}oV%;<&0X_IvvXbZKs85V6dPDPUX0@J_h??1jrxA~58hWfT=P``PG+G%9d z||LUV$6ueo$uHL^=1lue;b0V$`FgSGSTmrd-ZdQFh(kaF^;0UHRa#RvsG zclq<>d-i~&lLju~7KG>U0w0-gK5V7~+Bmka%u`LKNhI028<2@#X~R{r zuG=Dqaj@$XzL1Jng8TSvW2x}Mg9e8sTZ#{1CmZ^Y$+DIQ|-6-z;A$#T{S%6w@ zB!jf?&QrOxld}b$C&{aLcelDKa^LWL+Li(r zOoHSztZ(M!+2&5egv0!9zDg}09SPrs{*ipWwARqmNE4g`dwGIWy#ZAPRoZ{JR6$as za!{pn3upAWxy~zs--UYeuI}}-W?-7w-c_s83huuSKs2SAQA;+?a~fO{vRa2Coz`93 zAtUWyDwIkheOh=(WND^WcYWNEH#xyB^H|bm)U3ods@GttL9AJ16Cp>Xpz2OUxVC3!aT)*~;)T4jrb#q0 z^&ojFh9@bX7HvQUa==Mo)!p~HcwZ!y;jDd90k)j6bdMvtm8t;qGPUF20+}ZI^C95B z?-Dbiv8NpXI!Du^0R>jg={)ok?yVGaqIHz&d|C+T&vEZWPf;+U8T5*fNxMG7?rEAc zWhKgW3{tm}Je|H1e+!2fb=>VLH_>!bI2bP(+k5Ivvr1us*{U_GDOKm0gM%^o-71_*`xi+&)}~b;%s437pyNKJd|U|4{hQQzkW9l;`5l{e5LxMHh`*{wKi*etZXF3zp9Fvv z&dwJdVXOLCDHR9glHgP#U6x10yI%qn>p5386+4ME*l(8)9=P_8Hg zl=L5tIx=@mB`}Qa=vLXXs2|IQpfh)L5*w0+a`1c%G1xqYk<;Gf zW{*;FG>=iJ$4A%9mZV>U$uv{b*yQ!~KY~yu(_H_KV@tFP?}n&cUwn1*{%OPl+cvTk z!5|Ld0}bQ@v;uFLxc=994To8Bep6hi#kTPfcyBgAY^1Y+w@`9GBCzOFe z`5$?_lt?7UN{Xg*bLg^GSfxtMjz+h5{Cl5o?YDw68nu~C`e5KVzvJbsNK z)p^I_N2}0S5{s6D&?=;(_(>&IsVoRIA|HH6{kK{0A&gy2Q3m>h)%0%rwCBwhGD?Ww za~x4fnDX^dwyknH(8L7rqkL7&R7qKctJ}Z>hWc#Zi^Ivka=!^uW8;y>i2rt$63a zsU1hlr-2D%QM(OHr4;uHF}-@i>CZxJqmM+M>xqUpwwTfr(1z#d^QfXBY^X-^ICna9 zE8X0Xq~OTh5f*DCr7rNA*8FArJ;3k$x^ON_`G?hbLTm2MOs(hxw? zP9GQ)?k;V)iymuNLjXy~m{Tv13!^p;X*3|NL=^Je%~E+r%z6r=pjRXj`Tr)~`V_T3 zZn)&BU1Zw(OVv5~OUj1QO#^K9MbCOgvxPc*Kz&}le+shXQDK*l!qQFYT4r;_e(Lpd zP;|4%S!$mU+gfE2^5%z+lm_Tc;-9U2A^6^z<5Kdg9t16XJer!ha8@suVYpROhkEyL zd-!2`13P(UCN7j6#jN@$q~VrMAD{H`Bkw)QhevGz&6;~RTn*<*0k@uwj`fD$4K5;7 zr83y7L_=m`&_7p#u{e}3<=_aF0oQQ-C$$59A%?4q78kuw3lD(t#TtLCQYOyrtsERe(8JX%O+{nAHp-KJ+*ow}5)%VAb{G<*48p6Lp1d{@pj4Jqs<8hJ zDb)l?5n3!Zq07cuP1QO{@51&ly+@zjFY1(&q|&QL<%?Sxs~ITWz9F|>zX&A5u}pvO?rHd+Vb4n!O%{ovQWMNpUa!A?T~5T5@*r&uxXnr zjS@JS$C6`oUfwtLQORE+`7zSZD{^KgSQuk^%4*=)29u@W2qnD0^%;wH#pfp`Y|!+(MRk{#rHpJZfzejKx#a$WT7# z*YT8n1^+eYy~Ul+l*kIEywJn8vJI}Ij!iQu-_T+f3962M3R%qn`i0Tt>DHRWQ{K1{b}2mg z5aPJ?_hG;IMHfAIsP{eb#))t21tf^WW^&?{O+L&XZZs^U!8r{+)WWLp>N{t7twTmD>zR7J zLV-zW_ppmaDmPQU(mBh*{NZ(BPtK#SXSx-2HfrHb*}b?P)!sk5i$~ho(M5)2WX>TC zpiVX}A3LA__O6f$8(G7!#qLA0gEKTGfj{xyon#yH>qK4g0*xHyu4(1W!e|vwOpDOr z1P6&va{|W5o)@M2E65wSiIPj~b9b1nwW~hJn_k_Dq`3mzpMB^jnQ*rnTkt@9>D$GY zrlxB;WqNhia{#2=Yh?xcI(4xv^t?_6myepwbV-M1{y4wP{M+f?6d5=uOZ7e2DHWLO zPV}IIuTvp+o%j0AYYv6A)Y;faXO%>9q;N1x$3mIl{+WzK0(#aH%2c3d{(>l|KJ?EGrK2rwR79D)seJJ7X4A`;##;c;(L77G#PAHx(- zg%m3Xlnd?FLwa*vqFJA2mRd!Quml9ux3=MQ z5Bn_-BfgH7x8kd@)22t}Cmd@(WmO?`+LQY0EhlI0XAgzJ?U7u~9sFK&*lBxl?c`jZ zna`*$DufZ_-Y%&(nwk7kW`1c>D}_c)NHlnRSdUF4vOTa;nav^0zYn%?T1Z1-hswos zYihJgV+LVoiw%3oMDI}axqjgB?s5D2O(eXAq~n(%6-r^)n!;1Y#RJ8$q~SN^e19yC zwr^vf++AiEL~pa}G3?j@RndNxmQ<4-Vmq(+mj3p7wW5pLeBjg}tWksnndX=jLG1#Q zW&yIcaWS*lvGJN(Ybg#pnj%Dig}Gn-lHEv+y+rN|AsJG{u%NLrX#_tKx6(8M+3Q#N zMHQvKYGC>2LInIabUUrUmMmnNkrI4=34gW~WYn=Q6oB9T!?KKL`vQmBkbL##hU%P` z$X5?sHM2Sj<)KI_Gvz;U>JyVu^{yh6qEAsb@)-qg7<(qfY@GN4j>F#cot0r^+`U@o z`4F_-0DJA()uYS(gO6DHr2PTGl&FYs!=!#_-!^N1NaH9P-9DRqHe*>BKC363neFF- zQdr|g35k2nI!+e?EfeH{ZgsoUSORIMd1BL+uo-V~oo8NVUELYY_#>g8QFX~@^wx*i zn3^4Q@s4N&z2Uc~Ml5A@FgM>h2OGb&T1snA^5-`uED0*4sk=1=_V8N#V0B-?Zms?X zx22^vStOa@?N(4QOwZMZoyIHeQM%fP8W4@FWMIUMCGq71>ow~Rjr_GE>P+TO zEw*1gg5kqHRiZ38+&HZKyWt4&>Gryufy+<+7U^grwbS?&$7!bY*>`fmA?S$;mz#nV z)Hz`ystbD!Ux@uSro|?N?Zp!H(3E63squv_XzfB*xtsSu33B50y+9JOv3eGPX zgd)I(Q08`XH)0tU96EiPv2=8fiiCtzCW9XM{gmm2B1Ke%Ks^!JH|G)A**qLD#9MhG z>f=vLc*)wWWV-<+@DwJNy+LQw&caX&PaBdm$~sr7EFBzX(_tL#U2g@bER{$Ht7_3%lDKx>q4PGRF4jojF1nLd$5-3m4*F1YhB?mzIR(xV*kX zr5?yW6N#2W%HpD*^`w7ymKDG5&4RBiO=ES zY(1dX^Lxk?-#r`Yn;}dZNvV;rlTf6XnVT9|kndL)V-Ydj9U(^Qt^$5Frv&Rd?V23K zhB#q9{I7XBpm`1W6!Rr%JATg1qSUyXbs||Ly5=5=wiZW)BL?k88FdWA2Fq4`eIB@v ztXOWYIuX?2xqMc--92c^_;Lh@z`{_Jvdj_Ol?~xovDZ|bc?4@f89FNS$s1@NNkwVa zoO+u{6bZA``i3|RcBrvnAJr~V%65F3QGIK|QKiba3}5&6MoT?^9jY*)W4I%s8AK}` z;okh_0r8!^hb6sy{^^&1Pus?Qrsn;bA02y~+5XKtpSNs!6If5Df>H$2XN;eD^`WDG zYM2mKe2dxzUSF?&)*RA0`AW?H)o$2&^#Kay{_`tlYHlbac$MpRmd-z*kTF z-sjL-S2#V8?mE8zIF|JwE;BA7RLs0I6?-day-FivBus2`?JX@WJ9qm-fd=a++ggrq zV?KY)-yF{9dLBXDSxW&&{TZ#YPt*iF)@-AE?_x<~1zj;mWsac-y(mH4{@R9wFs*69oenSks(^(2R z4t;QK2HTH7es%yV{;+SVRE9fJ3En8Du5TrWM(@sfl%6`JbrpXf zuM5p^&;(v#yH!EQP?f2fudI294_Lx|UA@@B#}+S*G73ZsWR$N;#%FRt^zYVvCF?Ud zr&lAjQE*lU^+coc>S7AbwiYtam$+x2AXAv&WDh2~yihMy)JqU!<~x?@q0BxRdo zl*S90vnB56&G}8D2KF|DVwmY)Q!9r*Wh**L+ZE}x1jf3*mk*VN1X0Ja`N|4uvclgXWHK>?jm;Z>RLb#XCa#3~T)s>^yCC_&vLLm)LNYmMUP}qR!(PiY(5HwS%Hu=8~mN#~2<-lA^5p_0Dt)n&IoUwY`hQMqz3eD#sm2LLvtc$cL zLsAo~o6y)-aUO#xfR|MYSz0^}J3^@ZE-3Pdn|J$gze5DBiZw&pK!)6Nfms>r_!cs1 zp5Rje@fNDaP)uZ^ZbW6Vyf+Tq%!HQ}T$Xw8B7b!@@@YsTs8lfl>NR4m1(OrEQfleZ zi7rW6B0rh7Rx2JsU{gcxyl2qaTb^rV*mTiG!}^jw{FC-m!oeLKSPvmGi3JJ^MhUr% zZvrkuY)RKCVGr6Sv(bFV!+cCdTQ2eX>i-`$?qRVKhHDmZY}I0s+5$Y)KxSM=*n zgZJ6~()pUkiybsH)$_Tn%7hY~1z?b`*o$nmhG&8m%T5mo8};M}vz!Ag7X7Nbjjfq< z$HR0%n!&RXjF7sC*g)cxmI}3HlaQ++LAqawx9_P_*ZUZZJfV_|>AIPQ>}%zYos;hK zHKMMr3dFMz7r=GU?C0Fu7_LLi8%8_|@rJT9YgOlcYQg>RdC%B-(bvUSOB>sCZp8X6 zM1RQmZZXyMh$LHRJkV*8Gtr!qj(5~MJVel0KKvn1j7WqeuF3TG05Wp$D?gyKqk=&h zM^zA!1T2_u3;EUEGo89zyNo^UB%5TFd@#jl3_`|wO+*SW%?@0V*ObB#V{ajFs|Oz% zG-a6>TFpF$HORS(KW#Df=ivP44AuvsEIyDEGced^eoogkYlbAi7_B@%dXLXl&Z&OZ z&r-35R^K3_^X5f9wh$@9G_6a$hBX%RUk&};KT;uuy$^rWqw5f8blQhGilE!tJCb=}Ks=x<@K*Z#=<(j%*1 zks)Cf8ovQH(vW{6)k{*w2Z-_Z8cR7D8sXr_peX2)$1F)nU?C9>rp&6u>98nEG?%3c z$2E}Z@$8}ct|ZeuL#sgWTw(^fs<0A+l8%jDiMBfUf3+A#`QH)wHmVM2sS|PJ1cwHm04`__oc{c>>w_pC?trl>{hzOI6s4R-xd}Y|_t|>-Q_3#)0nuk5mB0a70s! zq12=?In0_g9_9tkCcZ290A(}0Jay|4zyt!nFDQrTb!U{mG8@0$ipSN5Wt5%=;dC3C z--arb;I9(w!<`LSf`5nn!XsjJlA!o+OS9$9Q%(Lkaa&M~kHIVXg8AZR1&_Z)!gs}> zVfkpb;wYK8$ zcS78w=}n=LWWQ(JY z*}r=8aVWKY!RLB|g;GkBoS|Jlvi++mh zTF9D6vt}s-Tqvx@8}Ey3tyvu+$LxRf}+n6-B6eC0EOo)>}WA;&AI z*L&ZGCOy-ZIv)z@x6Q(j8knZNcEc_Q&1ldA)L6#s_(-*N39@c}zl1Z(dJxB_VA0wQ zI!!F4P2ROdJsP{XhWTM+(u-DT58UgBY>9SbM@X2@r88~Qr%^{KQG)SRaE;)G+C7MH zm)U7Q(a&yVjqqqw&&WxHoun_*VNn3ulcoW&&BHd7IGaS?2n=8$HN{|HGWR$LZRs7& z?lIc>x`oTIsua!`Y#|I=_rT?KxWR?POrfg&{ZVS?ScKtSUH781tQ)jRYcJNFC_V=s!^Nt z5IVZ%T&j>FjD_4(bVK`x393!yOx6Rr!0t%KiuuVxXvWr_Kk_($*XE|jEV!2_0}9%1}9 z$@uj8R1i0XJosT?5xvl$Txo4|c(^5WTOmRW1YPKhl_qR`gF(3t{UCmRD%h<;IGn~;ziR^cm)N|bp+Q(G% zu`N#Su~mHK)d6$Q$BGVagH#+Kr!1h1Oj3OJ@q9aXm_gs$K}JHkNdd^Vv*g6FMdyQz z)^b+rq`Nia`l@7m#vTZO<6>Mr7vd8G8f2v{6sI?&s#r6ax(_9!9cknb?;sOtH5YwgB%4A$E3=gkPsL*z5e%!O&O6!WMZwJ9Z5zv+IF{%d3*kuKKX*86~1&Db}d?*PJVNjvX5#+t2A=0o!@&g_51=lo^cxr(yMm~Bc zLlZEV%LcT~p;EQrxqr^JAszTjuy%!9E8}F&0LkL~vh3vebr|vE6ah16`H2f#nLS5Z zWkq&1HngvtZS;zu~4O+2RH2n|F+;KY=2MU?_y`oDmSEs~ma*YEUoYp77qD5$ zrE*tVITVI^TX#>lr-9ScMy>sYKn+by5GZy0EF=97`GDLwfp40rs$W>AIl@)?WTTE; zB+2aY)^cz*`#>aE^-sPj&Ev*E!FVJ7JM1-DF@{`4 zQv?qzZ7EH(7Hk}{NA^Ph{0b_Zvn7^2_08L3i+SXJ%$bC2sU}>X9utH z=&&+{c@$r;D!3=~3-O2v&1bPXb}lM%;!Q{6X9xCnbw8j9vSv!$aiahK#TMU2~44GwXY5T+I?Qp%L*Wo`AT zNRS}T%H2L`D04Gw!n@7%DmkkOEx3R4h+8GTUNYLf2}w0n8rL%(M|w&C7@D{su`(uM zd&l{|7#$y3aEg3l8Fhh7X&J~p4uKAN$N%8pdW`BFY|4fJU0fBt0Fyl0@~*z;G!UcI z#Wj8ZUfcH+*i3XCldMQ)BwQiqq@!65lck%@*G7ZvBYpg+lg;PI6J> z5(Xjo6*C;m{j@+soE*`8 zs!w>M%lJ3Z z8tkTIgU3sP8vFw%6<8DV>EM)pm^z+2!4_NgH201r6FWn`D#0~x73rHsUV$dt>wUmE z8o&~m1Te^(K2zdq>OG)&#e?a`vpd9aa> z6!5<{evx0*G9IDzBI)yb?3RKji)=?O%2QDBXaEU*;#D)$l(_2ub`L2Gl8BLUc!EeAX+>ox`` z9Y^O6q|tDcH^h}mo3HaIN;mpu%*0*5g=w4r5OF2=#~6eh{qw*zc&^+aY2ynd6{k>9 z`wUdwPxYJvp3c+*HvLSJVJwIrj}r723#CowycjJtVHod~Wn^}j|BeMAXKlO{U$)L=X*Vrb7QUeR!EW!<#&_0F%L@ie)kK(`mX6SJ)u zR&mV5OFeT(BWV2WvY3vmXEL{F%R&x?oPAuI&)Xm+Rah+U-p2cP%w7I#GX@#SExRNm zjUR>H+9<#n;-!!r79ofkBG_?1a|KS7Z&UX)M)sH_SKGc@$hE?CFRrIJvashkW}$Ej z7*g(~-2pCZGLDkeKo4KjA;9hHUj#oaBGPF=YCd4{d5|EHpUeN|=rRI9Jp-M+s2_#u~C`}5*G<*ZD7+C%p#RQ_&g zOGZ*2!-!=s?D(DzA0Y-G5e!j@&WJo@?@75i+2+F|?W%_1Uj!F<<-hs;6V{Fe?Zhzi zXeQha97vJ8TRwlNzCA~yLAsiAW$v!PH2rA{<6VTbf3JqYBfhMmdMSySYjoS@im6Ai zbh9)F7a>PJMJ(7MpBLm=KXqcQ0bJy&Q%FL2^e*lUop+={Q$=haG+Q zhAdO7OE^JS5v6t6(ei)rsiKv9NtE*}tc2PNg!Sg@lF6DEpD51Ptl!+VQVD#c?I!VG zooQ$SjHfWA5S--J>QN2MGyWcDJl3d^3jD7`$5Rt0&2|QdpAx>#9#Kk7ps`Isun>|z z-R*W6Cm6Y=U1%GOA3Z_yP?K-u*HWlfy4_iyHwKNpWz=gX3jR5vk%dJyr01eb+hv$q zR48|cJ%xx@1+6{JH9HRc$W^a10UpjxSajxZG;*We+#J&WsxCp@TO zSI0thOuxs+{W`oCW!Jp>aa@Z zD~CuqNUuS0w6q1Zb)J)C=pC9x_n#*gFoLLV4mg79w&&PL&%^fKnQ4bJpxhR)-qCsJsuHB+!%Op8D6$`@>K{#R(~={)*&Sum1c^b zd_?ocOHnGKDq`8E*PX=Xez~KD!{eUh*DC$QJ{~sr=8FUZlyLpdGH`1SF$H$Vd@NMw z@((I=vXXrda4P{JC46{gXPsGmDH5eErta*UAB=3}o*TKpQy{2+^sxStRfJZQOeqa} z+{%*EwL_TZ6OnmGyha}hAwt5%q2#=iom+Pg9!&3{yean;4b@2p?LTbffkN3~33M8; zBVMcA7oPr`WxXj16G=U4X5dnq#NOV2v`T0n+JIMcgk#RAK@_JD|K=UP09XDCoukC& zyS_0|zGBKN{PF>&SZ|+0Y{+>u=)G|iP<6{+Tt+%Gun`*y`F2y>uS8*Nz|$r&ttZ-)5Hm+biA$OOtkn zw5!lpZ4?Hl91b7&?~Afj?np4b{me4=v#ectWJmgkkbB)6lx#^N|!xWC0a*^|F&a zuTb0%5`CQ`lw2X7>iC;`#Wk2=bnaQ1A(1 zaFCzSoA1I!kYRij$)snr?i^-<9v5!>!!;FFjG2e*O|XicHwNMgQBD&`4Y?sKxs#e; z>6up7o#JaC%#WSaW_kn0dl%)mm%3OdgdTq+2H8yvv(%#vYXCBf$lVeX(j$i&m)pj{ z4CYLN3oG}-S4i(24-9mo4pm>Nk*Rz(PLcGp$_Kdp3CUsmMSSGEU4xSVs_e&qk&38& z($J~rBW07_|C?FPR*c13(I(p?O+z*<>=x*rg%o1(YfxT-Qk%5(r5uLmt6qhV2X%?+c`5aY?CCk8 zZe>OoZV`Uos_#&Q*c)ia@Q71XCqlV%ar@SRfFs>TBWrmxCl2?<0LspGsl%<{`--)H zw$(<=o*Z@z0@-9)EjS&#`Nn=NC+B}5$daK0-l-w2G-p!eV+Mt?T_ zJiVNmdcIM!^l@N6@dIoB-5rY?85Ofi`dHFaF7?pFAN0P+b^a8ZWQJ$*qCIURq*rF> zd3;@f3l9a6w=oT!HH>}ExWJr52m~77k8B58o<%lPvEo0Y01~cmImk*Kt5Q*?U|`hh z+XpF3@?XL7)>LCh%9Izeg}V+QSC+-qEuG)vU0e68#$QNR>62xYgH3dos8-r>2bQI# z)K$L?v;2u%N}SZ>$s&J^A0qjbSwYBd(s1zCy}M|UiVJnI4&DDMiFS-#9<=%Y>Ijj&bC$a8> zZo_nrCBohIaXobp?E^5#u zO+DXvPn`JwSsVVP0V|aDtCYD}OuKr6y>c|9N6_(OsSvl54%O|U$-dQe?r8Kwo$k&V z_`VQPyv=fYjK7FNsSa)EO|oCnu^>yy^l>M z=E4sltx_5~{w6ucPi>i=A3gep`gZFR;Ve|h8my-;JwT-awh(rd}A62ACbF{55T`o}7w2g?fAN73%g zk~1S>@KWPJ>GjJU9yf)jg94;@C=kn@tNQsJLAfXdoC)ftBC$b^mnVygsF9%Xx7MU= z8YY>UpsGplbRDNs6k?T<(M^P}A&=ZfHEIO+GcozNz;rMuBNNBdg5D)1pRzM!AJpNk zZos>$y>EAaE|&4HOnX{T;2|+frG$`e5orMDG@6sM25#SmW^R59rA2*A{el#{G;Cn9 z!t-RLENNE>Bd>x~(mbE1O$+pE1%5`e)H75dtsdLw$jU0FlZ!$%(H-l?VHgXL83q?X zNjE`mb38Le#S)HMY=Q1-ZV&-~pK#vw!oXAe{&Jk?vxu$&evoN`HuH{8G93sQMQ-r=s&!-Dz63jYlij{%17+;@UNj;}G(HUP@Ooe}07 zoCoBNiAphCLH2U}NU>k8D6eCLk9YP8x8L)OW4$k%SjorT|D;jYmBr`&#$?h}$Q4Gl z0uCb3$wrRDry{Ed_l7rnT^f7`c?M82f4pQ!Ofd|v{%Gw@ssH-w*tX38uyRSxnfG5* zgFCD=8cR*m8XRC8@dq~kN)iw?$LP%xSYrA_Xwpzd&c7<`m-nUfav*IYZi`Athdl#EcFp663HOPna92{9BlZbR zT^u+B{P@W1_cCVCELNx0Uk0=B4TG1MC7`02wk~)pvKmCj?OG$!D`IA}os_pH7zjeQp^Rn1L>Gljf)r3PUpcDbx*173)S7rLRY;*1~)vw*{uyiZN(+~quf~RsOSBe5}>j3QW`wUK*ed9 z_ihiQr9?{1HR&K^Hp90-g_-M4^jA>}EPwDvDU?f?skj0y`QEJq`+(;*&EVGEdIo=g z=frd@`46vRE)NJMdGIWnR1#tqq<}cJ5=aA~LFc4}`Kj`#-|Pn%K5|s(D~ymw0XH8q z^#GB4>im5ULYDAeq(w5!r2}{=g(RL4epY!M>%H%opbH&0gynuSf{h!?Eq*!297{wG z&#F~Nudc~>lAIV zSy&rPXu?Pn#|PU0tIOA*0z)LgK%t&FTdniRTZYdbh0~s~TLt*uCp5b|jc$G3QOyK- zOc6x2Hj)c>?VKdFAy3cHKb#UBg^s40L1Kkz14VFW?`AGAyp#H5TYt{UvkU2 z#AI`{vbqyXSKzlU(docuQ5}#&ufd`pZnTj}jV)E3Qent5r|1;TOgK+eVcRQfU2sRn zrH7X=%}4sFKva#FoXN?#NG~s3bX_OdkDV)5x6X}=y@C}a_nO_@a%NBh;|!)(UA@Lc zN(JvwO9KNUPawF_va+tQdmUmKXSsM?ZD@#chuBlLOyMMh{g6{>!pWBieABln6#sXY z#Dp0z$$)w3u%7fh*?p_%cyVeMqTeHQt6T_p5tT=hjPYO|7DSvX%aeSroTiw|`xe7B z8w{<0(1MVBv`YkEqC7=k+ZbkZEaN8oj8RG1rCh8ELg&czyeFtNj}vFk8+~DW9Q_!i z;xhj4UTO4icsOjyE_H_qQ%w`BHh09xfrco=d=x&I)}d{rwIp>q2q>GQTAt3G^H3}( z7P$o_AhV6IqKisFpmDfrnzfq3#rYt=-yQJfE2e=uyLk@OXy%j|CB0@+alMPwO6oD* z&|7(@#fQr}FQBXbgG!Rs-Id|H!sf&My#L2NGIuPKHamG6Fr9%Xm-~!YA4s};w`xzJ zi7qeCIy$MGM|}r#hb5%Xc5qR7`(Iw18fMPNS97Bg^MB^za_TFZtM46bXxJJ0$s*ID z3*T*lyKukuA*|HZ(nR*9!co(r(_EMcE#GW%bvWhqz6Chb7oH1GR*8Y$Dr-P``Gplm z(p{ETEI3aL-AC-|-$IMXIct&WtW@D>Y$K#vZDSwgl~!3q|Ith2YJtn+S?;ux z=;RJ<=mgsNqxdLDoO0rKhPrJVQE|tj)Hye z(hGmI93%>6XIP*Z(wf5Mr1+3|5Hat)eaasnQ-(ezRX`PwCuEszees`CPyNqJ+MCZn z@;K!2{DP0xscJ+J7E{K1Gg?V>*KZ)73GRI0#dwXr-0#cEg_ooj0O;@SMI!dMo+S#C zk5{rSD?4kT|4xaQVCW*w7@bS0oE+AN)g3rv5Qjj{pwPRIBI*=`6mF3;D5?|8EOU5h z6uFa1IYbhP8@!WIz-s}=@xSo}A#t}eAf} zw#Gpzp2SU$2THWh+%qJ#0N7V~u(lxfI zc;n30SFd7M{>Iug{U~kz*~=%1gcbkKP1h~$qvDN zxqn>+s_kW-)|&Nzj|wx;dDx`TEr62O9JGXS{d(FQ50AX6rE13V8_5+AfU$2S_&OpG zp%{G?B4s|VK0vG=2-LL~M7{ivss0pF%gkPwv^V!{ft)yNcd4S}j`Zfp}{o@PDmI0S+2H;-glGw&I;dS6s&9We7M9D=i z7fxJCK7^&uCFNL4RDbGfw}COFOl+Bx>P=sjreV&3e8>}Jq^dZ1*Jcnq>&!Ihs+@ui z@-Z zMDZ<$d5gmKz5oO{4D9c;jg}41m6akxIX_rUZ|@|h14BbK?obefHHgH!Skt77S?X+* z4b|(oY$xb!AGktaW8#_1n5CshSLrL_X6%Z}?aTb?-l-xOHzmn$1u31bMlcY3wl|Qb zy}RISQL5;FhD80JKNG&=5^%jnCT8z2+LW;gvIZK0?ZEX zE?YpCDc6y^!%f`j^8te<*i0vBEDq7th5chWjC(@*6)duY4>k`hq_>PnsiWt4@7oe= zjJJa?KL+byX>EA73XkgKBQFP4*9Rizst$x1q#OQR`}kjLuRPm=7CoPag7j?L_REX# zybRtY^7fKO-PM-it&jhtvdfGQHg++AI8~6lM*n921YYke$G3Z9l^U|JYVMHunX|7) z>Q1}+6pjqh_J7R6Ig7|QU<3O%Iu$1yPV|{UG*x1JiJ!xM-57P3@HZPz6n^C}-K(Gf+J{Rd zr)Iu-CLAPd3ag_nqhQSth5o@ozy3?5)3#YEiX1u3RX(zV!-gd<$pLkD2Wnc#?y<9?;swD)^@i=%(r%FDN5Ag`bvdK&hAGnV#ZO?&%&%6Cw?XK z)Ka5zt}6>$wIod!s~TE4D+P11J=~U7BllM_kkhK)_lRv~eC}>mDK!sDaJ8~$!0&gk zw-J}ODd)f8jvE=eifOIqBB7PWgM>APqh+pPb%5Icj&1j?s{=8~>YNeRKwUu;y1hI7`CewMvPvKdHi(WE_CHDLFxFG)>W2CDDp4p*I@RXT@g1 z)$XW_VQ8K}78+q$815Mh&5v`25);eaM}{rA8F`Br3-LNkuiI43O(ksVP=h@2afSw4 zhq5j6J0QI*r%dQByqoWzv}Ku+M+_s5_PL~W2+Icy9glA~R{W7BF_)#t*f$o(?kB5j zO!OQ3szn0xoQ^TUy~F?Scki`mTq0vXPNxhM6VBik(&R39O}BYCK)=NF z7w%&wds9k(Uewdr7sr7rhPR91YY#`n!jR8cQp3z~qsvHP-oTHJeu}5^Zvm##mXOJh z7?6d$k3CE#6H`6p(A@xpPh-%HrV!>=^d!RX@F!>8%tazO#$!-aO28^+T7pRIr+_fl z$iams{NnPy*1>^Faz?rXy$e2Y+XlivE1ygsu5Bj?To0zp@!B3!KV~+X+l};E;t_QY zTjEa#TMBX<;xr0aJnMH`HG^j!`3TcV&af=Mb{3zy-++S^Hgp)PCdn%;qWM1t5FXoM z>{71=N9x6YS|2(3bzkHHe>j9TSe4`CiH!9!KH5T;#?Xw}#OyCkfyb$W?pn31uyh zZE{Fpqs(NbV_K(iUMX{r{BdBk?e{iNF{Br%elfsA_D`$9gPwY#Y@?#U6t@VSesrDH z?N_?#8gkwl`nXz2pdS)<0ZO9!yzv6Y0VVjH!MkOts*bk2GQ+Jtg8)r^g>?` z!b*V;KI0(_4iKRmu~~^JmBT|Vro(dwL*(^+St_Fr@B(H`BI6%rpkl9arIX5;He3F* zH;xcb;_}XU+4*ya+woB3ZXtI@mn$w1ev13@BBAULqz)_Ycu`mkM%e=bS@P{m4BWex z1J315G}8oTYe8tLkQxO)%NA_!*IqX@qy^JN_Z6vBMiGhI-DU&I;j+YMtlN8a8+vZG zW!PCoe|lyO404S7=a5jul*Sz#UlHz3{Lk>kwjFl?PTbt5_A1f%cSZmnW!_t9VXsf2 zjb^Y^sQy1~exzx1T*WYadLo5w1;Ip-VAUv#(Rbvwk@_!5uVcGvA-R}5P73IO!m7*x z+T^^(0_f5**k!(=S}WH&39zGtA&s4h<>@FV39-Ab#xZ^rxrM>yqGV~^q%%HI;q=!R z_I(yHPn#OQ^vOhjj-^yrFoS`V6!?CDzxqObf(6fJX2Bf$g z>MB6txV!Sa$OGR@d^74eDv;(d6kCM;diP%%w@=t1UM=4KCglFX!^ux*)sx~^FOg(G z|8B*(!_g{-H^4uw^|uEO1wSZ5YS?rAU*07Mixvkvp7)a+oF{_70% zOxr<*=%lCQ$O=Wl>3I~9eNN?9N*%6Z>#pb_N1rWm8xaA|>3TEt!Aar8x_&qh@+q~Z(0 z{v;;gK@(13V`5uXphHY*ABEv30*NT&v4hl0hPK3Vd_#hje0Sy+n$0aW-SU#lbZMRMl^4nf=8?8r1A>(42?mzKWYm3wn|82D&z59M z(WIWFwRJ$R`l!4kj5XsUo0ix8-J{aGsAtm6YR7W~VT#ku0^%g}wBw1+9&2PQak1<> zRr7MqW-0c&RZ8rvVfcfPoV0!01eRQXj7k90K6vv%9zCAi&OEbEdK55u+$AFz2T^9&ST3OF@9aGo1H-20QS2NiZ03s#ocIx1QP{tiK?FAcB-y%&Soqi6< zeGh7Ba9sA&y820ByvtSFHRL~)V^hyPNt-s>VAJKD{nHcIB?r6h)rIl+Y`|&on=50p5H)*2U&PvjeZdI&*lq<0KoO1uy?Rx*`gqt17*$;~mQ{1qn8WMh z7`xDnmi;v8hM(o_EGb1G0gl4Z7u}Gbyg^8`)ANnJ%JOk&)dgeYbXL?`P<(%HvY0mQl&pBW4Ue-F#Fy)H zF3b?VFYQ=)A~|06+gKTzTtvkduyH4Ms1jG2J)L| zecL~rk@!3dtNPpo6fvC*iN%EdjdV_bFYXC2>A z2-={!u+qY0d~%IoM(pyJNg2x%zaR^Gj57mFd{6>T^qF)dlyL=w91NtC2u@Ne(`05G z^1gx>MrK*N3mHR0*(gK&i6c&YJ@r_EA;Y4Ts4K|7iL&ryMWR$^-*+STEv~c~6=4~G zK#y?-Y%n97dd+M|&k(c9a}*V^%OZ4$Nvz)^z?eP3G6~Xo-My3borc5qSYlG_=r9^u zL>p~aSG`~09a@-jRoz38OKjjnT&8e4g>DE4SL5XpUwASh;K@qN-ptUQX-9L%v%CnM zm7Ry*{Jbk@?7n>-{1UJ=W*_a_5e6z8H_dg8MR>IN?qaYoUT<@ACK;Gw(~$FCYPMs} zARIs!5U%S?lH0R}m6#b~DASHXD!F%qDr}bsz9RQ^>8Ps>@_C(ezC$xMA2~5TCpL1i zWGy85s2e|>$Fi7~(5y0pIEvWGX2`|o)5$grmcGzA^r!t8(=VeWG5$U@> zz3eaipfUrNVsTyduuhy`ghO&_<}SOD*rU1dZJ_gn6cBQat|ES4yepzr77j2}%;r;wF$V8QG$vLFjO1c@G+l<3iAG&A1ks^m z$mfUbn-O(NX|zSY<31wyPD?9k5OoytT`ODh%6w71rhlTzh;_2DOKu?7(GPaQDT8`8 z`*y~sPUV=x$TG{@1z(K7N{FO4j-DSrI zY#hkv?7J*}vcsz%D@;1m3!>YzAUGy{HE+FnGW9MR$7_W1Teq5L+`|fC%AH~Qib0nr zLuATDTb}f5o!-?7D%(NIiFKv>A=xwtq_;zI0PZNhaBwNBF4`9nu1o^i`&HK7DK3f> zSJEB=nZ#RvOcwjzt+Ms^VNCU_G@ur*=Ty=DdNb`L@^l)HrmvY~Yn|fMon^Irt~?Ww zSmF!oX6c)@(|^dPj6v91A$&mUXU4~%ER{rp$yG1;T!YqxfUGDxpIN54&YRq&%@^c6 zze|E2!xU|EX+UKPKM%^fT5<2XwnaHgak`=~d=7zKtHZT{2E;JE7<7}@lEfPrua6(GH& znSFO)AL}_sd@S`^3J`C>sfvo?Ur1b&nd(b*72H(G!>BYab%*B^#gVk}9#{LRP$qEq zsrNQHo-Z0=+pzUP{gCWSabmm}_*qtr1PAy*63MJt3IbnNZ-RxlT>E+cZ0*aSS@6*9 zK%2Qh8GAB?!YAcox7C~EJd|ys!brXm7SB;Gea|pOEe4k)outS&SaUODLhIcFfhL= zNE>U93DK?8CL7E~uy-}%G>q~dyO9pM$fx0t+j^7e0mZrt#3?i9ALCam#@$_M*}b}d zZfM{m+@K5a zX+S2&XJ|L;5;B6eoVK2|I#*CiKxtG$&>BHQDTVHJSF83ANwJPdR4q zH1+mu(O#@fg{nDg97mQT6@Z(0~oyF1yN-W75w_R->{S z{-@9?_QvotEozDVq9pz(2VMM8Ea;DLZO+iU03aPUA7R{A3bl_RV97SblE^u^cKL7WKH!xGz!TC}s#jZn+vs ze4M+%&eAU(P~KI@E`rw&E^Wi*ksW2zf}Nkj4I|sG)#fetoqOU5Wbyk*n4}eAU5EhK z-TI=@Wil=L+;ffdo-1A}MAb+fLja{JUZB}O*N=7oa!$kW(;`$s?Ml^&>&=L-Ll~?j zI5l2Y-p)B7+@goEF7^Yq%_zKmC1g3nk(YNeD$sCC)NM)C75}hGUA_qFmskW(p?R;v;xzy+Xb4DtpOe83v;H0}Ui3$m8* zwyF7}H{Jz_5^x74)I~WSU`tQg=K){~EZ4ME=hqt`j9LbC?^6*6VrOLHL;5auNO34bl5px>ke&vl#?&sOp_RNOiH7Xb>*fO8BkfZmKkn@DwtYwc3&h zPl^~-wG1>$f4SxA1FE42q3?i}V{Qx^dPC>k$zX6_|a@TEQG zm^pp06k}&72Kicsf9PVQ7t89y3xc#k+61=aD8Cs*p*wJUJuf_i`ICjyIZpLs5Kr&0 zn5Kpz|B|=0hJ9QNpzga9V(VhTP(Pd1u+GL0bTph2GoURJ>^l_(3{`?qqN92MNV|tJ zx%i7FQop5mWw6=5_|;O?TA3W7_w*VZ1I)3We8c;3l?z>YjS4~iG>tc!u7ogkPAY!H zr}R%pSE7o1=ON_vFl_#yjP0BxUi+|Fi{A)~sP!b-Ij?`1FDxlf+9G`DAH+hMT2 zFG$Pj`7sK#5XP*AD=ukgua@+}hs1`$IU(5uAnWA3ov3ztQ_yY9v_k7|9`yxcaK|+} z0G2hc%YNS3E{1}vIeB1?4{cQS)&v1F+@7K>l*ON24UR>$`tvxlB^+bUCD`H-R~*!= z?+}&}^7CNqCT9}Gij0^q>HC09kEbAE*kdGQ0mW)Ryph=z@;kD)<2om3Ud&wN7)oE& z>-Uq8mHNDa4-D`WSonyPLz0 z$iNf8{h14fi2YM_@yYQ7$aVBDCQ)&XlUbdfn0yz2j2f-B6Mgz~91biNtg+6txC91T z#Um>-ev`Mx^i(ae75XQcACI~y0{Vd5iC^bOSgLO?0ZfVU!Jf#i%pT4H9n1NBS@8>Mg(!IAea2T!zTuW`~ns1xBdL%aYQb5Hl z3pc|2FLK3sP~JMIa1^(Jm$vzqhicnnJ3(A#tRW3s4uRV4rE2m-0~Bw#oM9GKkTYA) z3+tDU4(sNvf|wd#*04oFOKr0&g8nBl-;MPPvB{pIWoDh zo}KjC)^t$c>e0Q;R&LeO+_o13%*O3at4S^X+1uN$9p-{vJ3k! zUjsoV1-Qg)yRBaUQ(5^fcK8{nMi&L9?L+r<9haZb7f0@s$&D=IE}8kKi3qoSw|U=| zD~R7`%PJKw5|Yr%sd8c@K%-utlt z<$_M6#AGPmF0fdB9p}aOadtIi@FOG#iI8lT3Q86hZg zG%FqGoAxKo<``iFG5%yax*TdJ%W#Ql2B9*eGLm?mDY5I?6#I=?+p; zhJ`mY5ts(ArUcxE5dm#{3eRmZlZ6W+L`ayK#HbAEs^^~uf+Ob1p%tUxMK0|$Pw_3# z6=Ssa>S@=n#eY0+M{k7DuEuqfygiVM<)x`Rwq*|d_ z7LL0tH#k8p^gs9?Jtm5p52J@*nFNX3)nwf_HFO3g?2@Ft*o45_g24nTY#8Wf>o)E!r)D8vfH=nNU45i31$)F3T7$$%j=8Fo0T);u=|Wt~*y{sP zK9V%L%gg{-%&^!Xinil|g~38siX2#$=Cj1TO=CE;mg}nI376TvYJQxzAoLVmP@&yV9CpZMx#@*fBHCV9Vjk~)`aCdhLEHsuwGPku6GjIa(063k@0E$LVpzRI- z7A7WcIC6j_&<5xLavB2+-2w7ICj(V?J0LTF%HTIpvUPN#H#Berxq&vO<~BfT&=yf! zJ9h_jQ!}SuF*xXd1p=7ZI{YF6_{9VObaMjQID)b|{t7C>0FW^-vb1$|v@{18*cbz3 z7~~lM3bw8wqd9=e)&^h*G&8U=0oa=S4xy$ZuB-x(R8~||QlVx5sG9?wYz#osfB+*i z0|x^mC!m8Pz!eC}V_Xsd~Xt@ZB&04g&lCp#WSMpsu?22*E8Ck9&wQwBRL>R$;|&CEd>Y#l5C zpl=7D74Ub7oo$Rkjd21A`5oX_ive=xMxa^(e~SVFe>>%c6{ID^RaEIg)uR7ZaQc6G z&*0?d^jnLvxUiVK`2TYMB4};}bo||~U$KlqO*Xf3WB?`m$6yWWIEWD_snfqzgBs)X zi?G!{TmX(hASlrPmd9uUV(rNIuceNRzm(8RC@QGZ%SnrhE2xP7W@+p2CxDZ)>94*2 zuQvWi>C6lqe^ZuIQj!B$8<^XGrp~~|2*l6Hz{%MWK=RuL`T&hd{wX>TAnNSk@JpKf z|G6Cgt?vKYAz}-XqhsaiZQ%OfgKJ>p?C9}VzyGt9MxcQ=cXV?6CnE4)m9_$zK)p4$ z`TyU$UmJdf6c&>MomF-w01N2D1UkjyHpZg1*47~6j&Q%GLd+c0Atzf0cgFvD_$_U0 zU2Q!7x6j1f#`ssI0mjaDjA}OK_Rc_Qv48CVnc)7|Oo2`SCIHYLbexUM7=NYxeHeb3 znSYr<74i18v$X@57+5(1z0FO4pf5O2M*|nom^wHEy*>YS{3n8A<^&j<8##fFKIm3~ z`yE}{#>5uD{f`;MtJnQ^m##+{P3%?Hm9D2L}UpI4019v9PlPJefh~#u(`K zdjtWD3^uk-pe+D9XD9Dp4Tk$QCLHVlM&Vzke-H~0gRG=5DS1&>JMTCFiQVHpzN}L5GcFc9|X!S{|AAxEBryA?27+JT%hbq ze-J32@*f1sr}77}0T@;PAW(L-KM0gv{SN}=)A)lx`85BHxIxSe{vgmw!#@b5-4Ha@ zmOv*fpo!BTJL|vg|D3gdJ3yh0{*Bl{!HjIJK!fvtmS6M3X#5uhB>?^fL26C@Ko(Fm z6Z1deSbss6zt*#YqM2CzwI8&?^e+f1klDW>8>m2L?sjItzv+N%=6^v@)hzykpwd|W z1wnHDP6lFU{Rc9Gxcn8F8KlhiPj1j!TbsX_GlP`c{c(f#+8KZzM*mS|Hs*g>|Fgzy zAd+@K2XouM>c|WdZvPhq33vDlf>b*G1wjFv{(>Nt&VM=xTKoIm!_mmr;cvnq@h*Qs zkRaE;It3Eo_7?;(cmECl^CnRG^`!m%(f>Ni$#ao&dqT28B;(*CJu5beex?F zwpi{D5};tAf3sf(MWL;n6wgPWB!8P?4e}ritCzKw#L9^)a20rpWcu3;HBRT2} zY5^JYi+<%DB-HydIr*9;Y||O7ajk>^wUGl+?ysHqQ7q%Hs29m3I_0e^c~GuJv&>)6 z9jwsY7Ey59@fIiB!JJ<2(PJVFdW4r~X7uwzFh^vd?YcYP?Pj;`3H-2{@!uE6&Z}rM z=_)b2hdVq+rR@C@res6kg1>^kgHGOD0cLS>uwC*z`Y37?j~0#JtDPe z@zGgMp~Y)|M!pX$v3Gt}SaBQB0w;CeP&vj8!5qZCi1#fJ{DqQqeqCsi0VO*=?Lz15 z8PN?W^twqC;gUeM6?r<~GH)I}f$F2;z|CPZ=|{--xMd^~;qgsBu$z2=B~-cTon^Yv zx#KV?e;4IFRLE*rE#%NA7Vef;0nX94;=)sgr5Mp+mji|3vVC`%Yp| ztsB{5roUxl2K}Q5NssldIT{Z=qI`v%ZuU~dJWbWxDJtwEu8D{)Mc!Vnnz!_am?)S4 z>FJfl58`f1{e`$H>QGFLq?#1Gthz#;@uB`JJnDD%9fs?2970 zsW)@s*M|7hE+ZLv747ubCxV*fqS}??)~<3`l);3)HLq}`z;GkQ_CriEevT^80+(O4wj z>CPexMWIZNlbGT2VM7;$eu(xI7L>8)7t>A#v>KjAma!_qwuI1>PxlevsD^_uhe%Hg z-^0s!q?6LH!Lyw5g-DI&TH#%hjK}zt(zW0JfZQm2w+DFHAp#>&3JeV_n%~Wk)i@oS z&+5>+>ueXnA{yfnx%faM(r}fPRP^HM@r~Hd1e3u&}sKy9lD zhl!oQN$BG#H=x1vWrKG&TGREA{}T$MqYewEMI$#Xb&45;4-j1>4v8ZaioUrz^E(y? zSQMkWWy5Z0Q?T6h2+nVY= z!eGcbmDg@H3(hm1L~5hqIt{r^X_E4?Epdx^q;e6tUH@SoR|zXkMR&pOu_U4OOeayZe5YnvY7h7K+C= z)tql`5vNqZ($+NfW@FYS$sQ_) z6eq~G`k+wwA~63rU`lUPa2X3d=zh)u(kYOLZ%41RBCWX9Mj)HZ=wyR$r%0%Q<_9uV zN;xZF}(1$|8?1+(F%|k+iot*rP&5lk$cMjo;q2dUnRr;Gik9?lQGHz{-oa$Of>H zh*rmz)Gmo91EIMK&MhnUMR?pJhrR(f+!xSBpgw)GwbFp|$AEW~orXwLQiPCwkpuiJ zct_#Js?m3hK~Ix7ymd*|fhYF7su|!xPS=c$v-i2VVaKB40{Fx}2!_2)Txl{>CiJ0{ z$EqcCvrCLVr;SS`eWyuIVCOBZ!~Q-;TR$RIV|OrjMt{$HG*64r_ctG}4#A|ZLxT2J zXN~dP$HAkNm+kBI!yyl*)b-{eG)U8<_DS8{Q>6I=w9$KByzXtsaU#}U)UA%OFD825 zict!T)_HzJMO8gG4oAJEkMpIX8efd)@cmHe@?3DryM4|Bz^f|`Q(3v*gmP6+|Ar6k z$lrQ+=(0g(9`(gm$+VV6{i_H!@AUqZrR5XkLsv*S@pO>UnaqHzVvwO>g`wX>s+Y$) zH0^zD<$lB zq`8!?#0n~byM$8bv6zee6r$I6hTw(*ue@B2Un^E%ebAY$4^H=sCO1mHb&We`{5YUA zsd4>Do7eJi`O!%aahDDvR1XoVl3(cvy^zIygEB!ftFA7+)!<#ZIFyE@OqrJTph4-5 zlqE~Ho0k7OZsTuJjzaZ%VPXkLYtT4fr(k zVm<{s^v?b`BSq@5-qCWOq!`c9b}KT#@UMvV_tzYU7ZGb+{jjVFDZ21rH~A4mQbYd( z2K)RO-(ZTy{Esmv^F3lP73gm|xtENN?gl0>ICwEv7Pps5%Ls?J@!lVOu@TI8UZ$(* z%4~^2_TQf!R$t_5>$uRdQZXg zlwU({;%u+aH<(;4-TmZ=5>;fK#xt72fO{QR)eD$?+i$_5 zlKfS5s6O;Lnfu@Kw~oFvCV<&waP7Q1#$*v0%G+&abn$9Ky(>8;UWJBnxZ9DOI9^UM z8I2v75gHE6(kR#nr;)YKumXl75lwdi;(StQ745qcoqv!x=2YZ#+$nQB^OIhS&hy4% zGrTl}=CYy; z%pxsAuJt`1mb7LUVw1Xh`sp|QNnMS+R;(W>p^?o_L4rm~x8uxF1&WvK>`{7-`Vn(o z?P{o`(8nfN{-yu>d6q(o2TUPJX#V$E8ZW*lc-OXI&?IpW6)m;ceU@PmaZp0mVFpw5 z+Nn?6=`%~@OUNgw1m3~86L24HXy_pUqkb%9KHm577`J3%=7P6Fq2^d0Rzmf_-J*+$ z;7+ZrG~o~%91bt+dAI~)?ychF&&%Bk#{_i5hNw3jbTB1V(+;`fMWIA^Z9^$3jG5<% zG_CDVF|`U0^GLHQfd`2W9JJo@b~m)DP-*Jy(PW1`qlFf(@No;tTFtxQE1VdFGu=` zmS_(g)4QDxW$IwXx@9&+LewdTlCF?8z8~i8e{HHKncw z{YMlul%U+_q3cj~Tx1qWh%|{o<95KOf>Wr{Ra(xtnN7S;50Ms*2TXZwu0R zM)q#izdoT^9$$US|&c!pRA_B3*~-AhgFi3^g`$^0XHo zBlY89>-tQ75}SQq_d2!zysKUT*6r)7VxZ?fAJ$Yu&T{zEkt6LrSvj~2*fHaYhKh$lgH$In+f&+a@MAQoTGKPG|h#oov(V9aUdX_Kb>OtCp)xU`zx$iXj zN~GOraAtxpFzK#Ub&0vL6syQZVq1Yx$2Gx$ZEC*yn^B^?;0~Hmd2_BCl^xZGtM~TBFl7uhB5o~DZt}x-b&{w3EgKpS8a3Ssv=)?y5!9Gc^iBw7^INir?a4N z;AK}@`tcp~;k$_heC1&h++emmgAm9u8fIU3yc!4EdIUJ}<|(f)vde{?H_MG&2%QEF zmrhg^W{4^3dfQV!Fv|wb3RR80>)j`!#t`C=H|Zniiw6p}^WI0(j-92gHPMe5_Jb4C zjLD3f=p@huS1a+jolB%@y#mW6=Q7q(*Kg@ejhQOa^)F(Oa-vu9e zo9Qcix6>LrBVh86j)x|sLLihAH&PZucA~SkxS{vq@o77dDB~v$l=4D5J6KGSH{|(a zca6X*HW&@2I?1ILLggUQ%XQ&8Wki|*<;(jn1n7|C-N(w>I<0&LC83XIUzS--K5Hh% zj#52y`tc0(s?Y_-yIT_q1 zwPF=9UTVOfy`e@A6{Yp_!=%+Js~b~TiA4U9ea9wW^tz}f>f|aHhh13~gPOaQ;&%f< zkG)})#{ywF%%lfVufh;!a{w6Q&5D&;DEI1N+pB?H>$p=7w2N{*JId{)m8RT_06h(w z8Fm_?u~n4j`ppbITJr6K79oFk!_Rs^i0ym{O zSvI>N8kNjBpLGHuKEZTPq?%WJHp+mpO#+OuTRLETSuUgkI?IxjF9TT+bo|s!@Pq<3Vf20kE!$G#k?@m{jJf08E9jVI?x8xPT!6k<5MsT)j-pC^<5)N zsx^$L-WVT5N|GwcIa&MRTW-j$AyP?29Sl&i&!U|-YJX6Q&E6?9B80s0WtzjbRJxq1uC<+b(H+^FF0y>Lo*?xR!o+ za;lVuN3+8X|27%;G7cD1i9PMs7n>Oqiedgl6ZZ{w0s_m=aEEXt^GqKu<%iaipBkMdwGS_3CssT0(gu_j_N@=ld2KkkrN6)g zdzBaqPjeULHy+hLyCt{D#vgmP&iAaC(%!#27AwT1$A7MGB}2gYSH(1AL^t^lVthY?;Rg86xjSz-zIbY>A0SOf+(U&0w{M)I>j-%*T@j=)WohP zm*MLtT;6}WLz&ST(gdImRZYqe$XZts{4y8+BV3GmvlmX8e?+>HklRWf`JVkY)hYDo zR_+16H=j`4`s+Q`&;fyU7|c6;4?0vY7=78WEJ$FTxMQ=p*h?(Q)wrE*kt#wcor*rw zWq2LztZpwU-mxv1jHlQ3RQRTF9LX`7d9`%@LCfflX9RjbZ$5>Vv<}rYeKowNpnD?& z8I^2IO(Nbc!A@zHOwZd||A|oNusY~G4qmdQyKT1DLnWW07`Anjlz2&9K%pfmvKosI z`;+YFhiZ%)XFKc~Rwv05u3Sc!9(K4*zn<|=AA=qn?NUx1JD+uh_bM#Uq3+y6W|I=% zem9iticp4IBw2w>rT;dAHm=a&ud{4*O<3O5h2NTo@P=jYCzljQ`(Cl-+*dWJPYDMS z{lnbuB4E6#h|_VLba-Ii`HW9CpL!o7lzfBtQ7NB}#M9b1M+=H|(-qRSY5hLM7V>BN zYNE(gPPjYGiy$+*p$F_Ldn38UL?qv16OJck zg?5nSC-FPVb3uRB%5g6o?aLaE{CZVmt*xI2ga!E?U+(QTH#36V+Bfa>Y*Iz)qIO!x zL}(~SBOlCg?rCp=NGdP_?ophPRCaNlIuIb_wl5p|ts(H>yBFhw=zRLY?J+DByujKP z-X^WT;dTA#fR>BHg{?<$qC9uYJvFhKs5xir2#3ngAKd1TBA@A#7ByP4T#J7$4;sc z-pM{pW%ts{Yue+FIx=yieLv)sQsvkz#0U}PC}P^sPZJ2+o?}k>c9G?wlZFm}% zSmfS9oAQ403b-8Q?h;?!{DcT(nmV<9gS$ZQ#fT70G+Q>FPwzLqJ#B<;M2fz zQy`a4u9%z@a?h8`9mE54@ulsNi8s`o%F@B*Bu`{*@p*pO4&wWUa!m;8MjH*C9bAK{ zCSRxI=;Fna$lF76Y!fT97F!<^;3aMT3hY#ymO`?U>1D~vc4SB+9~XtG@N zVpXLqW>-ctB*}5bFJ6hmvyyy;;g%<&LRjtMITK+IOdC|Vuoax(#!kK?GZM(zegZ`i=10dUUDv?&0X&kcMhW8luMK zMCTcCD$aT#{hHT{qiNqT%GUQ<}|nDMK?64DXPnda-Rln zroTa2s@c7%+Kpd}4C`3eSZ-oflzL;Xjj>R|=cy`ysUXHy`;i9}#& zw2sxdX7y**vEyU9b}ZLOI50lH!#rU8oEDP}yB;UEZF0>e*r$@krw+!BgbME6xed%Z zAwo?YSlfDVVy5tFI`T;Fk3H-jbz~>1#SDXlsn23-ifF=nQ!6pOcbnM#;j#CkehD63 zY*$qpJGJ;hJ+ZRYRK)+X0Gi-T*f*^=YS^f%i-Y&mFn$P{9JiMz+vNF#MJ|8k8FZir zoi3?%_MxH$5%SxXo+b`;IvuZedbTtX%4g5+JJz&JyZw{Mj;B7wjqRs0>Wx4#^>RNR zyDi4;snvCN~Y{@PJ&9w+zBvD9YD!^N*Cj>`?V~^>i+|-$35EZJz)Y!kc+!RI98v*oR z?jSgZ1Km;|^34``B^bNfQQF#~zSPpzf)VZq>`Vv+pcj^hPEX4w&FFC9mQ1fs9=(0@ z&V>AhQqE!!x)F2aTu${3e9xCJxVVe7JRHlBjXSaTZEIm~@ao<~JNG+S4BLo7BM`{d zJ8%GEl|nv#>7&1)h_K()=rs4WW3Ito+q$kwx%^8TXWVWftm= zulKB;D_O()n~5Q(=qQ@gI;F(Y!`YmxD}$yRpd8na3Sy3{m{Be6#A7V@TI{?w7IN@8 zw>u0LPx%B^ilyQ9q)D0fZJ(DxLTSev>iYO`HfNM#=;w>CVOOf$c+r+te3W}pAhw4nD3G~OORUO6;7zofd=DiD zr1l`BFUzjw!`qbF;T^U{2?i{U$0aNi8xr4%JR=JZNL1C_)}iFtV!NkO=#_U2kSnv3 z&B6}RTd-27%UFKwrS@&e@p$liG}oRDs0`il44$*jhZ#=$b|fdJU0c(rydNH66je;V zWmVfdca+jHl?-|HO#%s@ZVM(A+Gt@hLMH#KWQtimZ6;I}uMYNjDM=9g(1QT@QX}AY z&+X&O1^M@S7ZOU**y<1NcuN(*Ys{=M@0mC5_R+tbWFt68CNq*L$O@E*__EgE^oWzQhXRcXY_ax_83TYaSdsKL)Nbz4UaAKI`o8;{la@Muf!FCGX*~hoo zWCsFZ)t3=@aURrGv;}+@Wj95KiXRZRD}D~;1p|^M#rHnu>b`sa&{ua8Qu*lM?0W)H zG}{85=B>VoQBBZE-fRv|(d)keEoml!+u({CEfY&$Rk9w?ZI_ii#xJQ;Pvjg4A1xLk z7iRoD09LpOy-!eUERG@tjJW39mclf6pU)d6L8+^C@vwuaEGu5-Z5=YfeY5Y1EyX!? z9bdtW_zzn_`+)Z4d|#R_!A}Qh&fd!1$d?gfxydNiE4?Q_Ma4Mv3ksn_^V6@ z-@W99kEwX77oOZPj6^cM1nNcM4l-aqLSI6&Z!)jV14~eX?Y@>Piicyp9Q+ zt-c$+M^yOmgy$~<5iBNfL;7>_8NnKsZ;X;5T)Y2ecD9)%qbMT9Lwm}<>Wy(dYf62!BxCkY8SAT@e zYDlMAY~kdN>Ji-Mh*aD?&i%DPq=>$EW)FCYBk}58V{+qye)?bD1TfTo=G&Kq^UyzgG)yFsHCx(GkZGS7!5;~ea+od$%*_$r$uiz`-b07F2$zlv-J zRpr|QU0bP})zo$FeZ zZYROMK+www>oijf`>|2AYIGVt9b0h!bc^VYRKdh|!h3#)D#n^za{6iUt_LN^CI-i%^8%^5@F5T@Yw$5Ixn{H4NCASd?N5)e9}3I5=(k)T(%+8jkJX?E?ou^P zHR-@6niX(2KZG_%UQ<-ia6>t2^wRna5R&K0CnqfU8?_T#3yjw&O~1UC+;+IUO5~3C zM5OeL0b^GT5%enacvgGT1L#koAXVJ;#{V%LNL087Nmp9&wH|GLlW(WScO$7cxvnaY zT3GVV=f-FE`w8jbhvcy3t`%NU>{|H1s$GM!oKPJbiwMd|#rn8M!ZSAgpa6Dxu+MuC zLEa5^B5=##^{SCg*Q``HIz)08Z^qgcq=PP{5-W$fgVa)LGI63Ae2Ygy#XOl1_3J7R z1sbIH<(x7W-)%Ws$P@=!pTZ?;2Kh#;=%vOv4<%@JT(GBglJEpB5I=(S>SOA<-}6rE&7ZEDlkXQwKr%zjk5$V( z0M2Ln$XvHr{IF2GauH#ayZ7@lrDKKsFFr1=&TJgu4Mi(6rQz5@WH*|2)>w8#tQ_7U zd`gkG_Y&uJq_0Gycu|r7JPEji>mx-!cZZ7N7!k_t?kzhC-o~~vGGkiF4Lu6E*!Xi< z@hwAmoW#^js@Jy<^|V4bBM5)dAq*_^4fNjPeylv*d?T+#pQ!TDU?2IWbyIfXL?Y#_ zTQuyt=;j#R1*0fK3jHTU-fBc%Isw@uwa7v&gUCJhOzM!7KJxhI3)bj%qikjm63vYB zD5NQ*I4LdHNLu(EZFv3bcR1$ zjrmxP(}LEk^?bC)1}{pE*i|`<1M=8)v+`-Qa^P+(#}<`ZU^~9@0+duZLRx*gvWXOr3i>7>(DWiCP&%1kz)uO8>4&_6%j#!semTgjF16rmCasH z2Bs^XLQ$_K;1aiaqM4`8vlLI_oxk*ZM*=TOH=HRf(ME~MfW|FuW{VAq&D3W+3{FT` zjYGi?-x~y$<*MtKw|X-Ovy@3n1+%%g_q1|$T)tT`69mmp+ILInByDI<-84az3-3J) z(#Ryr9(Dlc+_k$KYoA(ezvB4l!6$ruu11Ri{IN?7hb+RtJ7v3u4A65S54F0N-Hr+JD~j>b@hz#ggwh-(5V%r z|3F0FnY(7j`ka3p#y;7TT~M(pyBRh^N^_lK_Kja-jF6f-|Ika!6*7aH^<5x^t5Bgm zAJ7o-?cM2%tI2V@*M^00mv!^~d7ajM^qJyPAq6yYOyZjyHAk#nX0f*5ugteeiS!>` zw<_Had97}-c81hOR++9_>*gk-n0mPdGSi)Aw|T~C<9onYuP zC|$K@GXsCZ4k0qP9)2%1)*{Y9#n$@CBoP?+<~7}cl(M7*mX<^dtv5hmY3k|K^8IP? zoYPKL`)5DGBE_E$J_RHsFnh*>mnn`$(Y({o%P6RZ?)W~Pw&Dsh`)Fq4ry9Lu(hS>c zp5Q`Y<8OSKZ(DFk&)!>^U`ZD)hhOxaV9c#T)Ka|&?+gkoYa6VO(nB61#AgUx(%IaQ zUMQUn?6(Oi?n%!0m0!{e>UJz*fm1!LKkifM{IF{iV$Uc@$$DQ=`q-#J9P-A$F7z61EX$wu=BkIC7fKvqMV6an6_|-YTWnq@%7lF6 zyO56WImyE{g?C@DSF-~Phm-ilEL*o9P7Q&%-IpeBP5db(D7MWUgTHtllgJJH%wZLI zMyn+Mo2;5WxNw%>(+M>b=K6{c?!&1&g+4}TO6x?s*ZgAx(QRvuqdVi3u3i2v%Zyb> z%kwqL!Z)e(X-*ke7Y85Y=z{|$w2X#JNQ`cdv`qVvp)8f+VKv2xhUTl~_q!x_izFu7 z?IogMtG>I=m_I5MFqZ(bl5tw5g37^M@UzXm4 z5I{OXJdd4+AG0(6W7Nwqj!E_Yp>s7IHb6jeixTBKz`gIn`n;ncf7|u64)Q}c{2IjW z_fndaV>PUDbLon)%aZD&kN#e7JwKCQ0j5GQI3R16Fw2%|11L=SDt9*LYx+rjJ<(lTw5D<4#CN zMCV@PHD^}L1iPI=YQgsu2dx9-obf_0A>xvV_ot{dw`+aS-7tN)>eaM zLM8L;oJ@R_AzWW|PdD@ipSL}=R9x!;KI7Ja=lZ_<+12#Lg6%tPbCKBKJ{8Ke(78&Q zw?5$f>CqnovuHW6Ppp?^r7v8sI$^1E-UKfoZc=&vpVfcav~=rxy|e=>TjtX2(gk1<+p2rBG)or=$;F*~AMc*|2rNF1B31*I#uy8e zJXAHX)svpO{7vW_roPu27+K3|avu8{Spy-=VKVZgC6~>>@cg*rd6wjM)pb?g1wgLV zbox;B)vKW@q|@i^Gj{_Uj_I{H=h4UjHs+jHeqdIli7uuEm3A$7rkP6d3XhdVr5;!r zY~*o1srxvW#k-dl^%#@$kF+#d&byq`Ka^Ydsk7~Jrs?zcevApW^94+%o2RNbF$yqv zV!o=h@rmf;SAInJ)Z|!hOA+iIdDw_p#XAd4Fd(EvU(g)6c~i7Wbo>*XBXbh}ay(Zi z@?reRa!%3_cc#YoiO44+Ia9ii!Yu2ktI4oVi`e3cD`Q`K9U1jIc_Yb)YGW?}X(IwH zGhdhek(D3(&m3J?vg(=)x*zxFxCWCqaWCXp%$aGQ=$;po`xx0oPqV)4#YycBFEA*H zlx_R6He2>RtDv}e^}WLpS{L`NWSl4wnWNQ2Z`QA8-B z2g49G;mJMDg%4Oh>^^0#H8f0}i^=o>r&2&6{v)qg>O1Ur2e~LwX=uF?N;>i^2n+Di zTPBaDj<83ia^=fh9$+0s7J3CP4Kyqgy%Qy}x@&io@ILST$-`sdU{DC2)(fG>tE!|L zS$f9vG1xWWOA7KSYw<_!rJ(wJ@07>qVwMosV`CY6=I9+%H%gIm{* zN3nr+hL<+2n^aN!ANcAH)^sg4>CgIvD=Rp!8j6!NV-N$S3b^R6CJDHvJ8jw0pDB8MnbX#p`JcHJKx=a zSUMh32TsbeF%)+`p4yt;{APkMXXndR7UhW3ce)-UVXjY8ea&cuJ^iyK7!e)t!{8Lp z-lHU@?CDm+z{^hm1FIrUr?kdNSmMAr+$3>}y*pJE0{g7FM^4XT(w!rLHsUD6nSrTu z|I8l}U>#(2erQt3g5e~j`VncC*>l68-d+4~bL!o>f=Qq9oFnO3wgT6b;Dxd+6Hz3C zG#Gy%z^8A4tu@s9vENF3 zG^loYMH50yM_whn-^$3kv*$kP1;Wc?0zB2$1(fzXFG&#VGij74S|&(ouOAA+vl5_rrz&H*mlsh{4aPyJG03gpbOvs9sH z>j6>mw&zGyg}GSKy==1%&B*;$8_$51V&oP&^;%Z>a^Rp|Fi~Rv%UJx-mJ3-yF{Hrz z^jQhJ0Uo(sGh&8E`qU7zgB9!|Rg!W_g_SQ3kN6KdX=G5gtVb2rIHIs24NFg?oZzX@ zm?=#1AMOmQrQVo^+PobSwW!OVcw#v;_kt6OGjJezbQ~7u9RuJsb4XM2pP`u>V*1|b zEr{yxuzzk{%lv7hlHV3L80)*}9zMd_f?z95C(rQh=VBWX@({eS1!GsFzneHD(%fvz zCXa+|-QCew1ZA)sH45!w9de~R^zTerYZ+MQvV{>QQLb+x7yE<R6)piy`yRT((H~t#RX{{bdPJJKQ6a{oC>d+<7Q-qb zO*+1xV!6wxdd>evC!@ZbC>kAlvX;nId_;)1$AN66KcH3=&QZgcXf6iHxk@;l_8I&O zUyM5*X4QJEoVRFFCozVkxJmL$!i^uw7bQr5KqjSP_t|xpN60+R3zWz?nEElJZ)tC~ zdGfPT_zuRtqd<>Q33#TwQI$>bYDa+WBD$v86R9tnKfT*wv$5Ypti$$B2w>uIXkZ6T z>4G*e{4y{5#!VuYOi&W2SeXtVBc)3CGH1XelEvrfzo?KZjM86S^?tH+Y{5115?>@D zi;WfUAu}De{q3`o>JV2{DIGJd3Eqa}hjDi8*6e;B$)BAmZ&sS}5pO(fYMitvC4&&#s+#fn^nxY7aMY8NLu=G;}hX zb9aY}Zje4}ve1w6IJt2w5#9dbD?2i}jWc;2uQ|@%W$U)ZpZX%bztx|m!eq@Ahf#>$ zMtIFH5$rshCU2%L^nw>X_IM}IwE=~qPTHuW35&P3PO3Q;Eww%9PT@Z>Z<0)$^sG&| zl(*D>WyX+v)39X`reU>%Jlt(YMWlK4QMw}l!p>;v)Qlxdrz-o&c?F|PS|QW`@?MBW zqtLw}A6>fcLir1Vf(3&G+e%U{pf_s+A=FL>hiYU<);E4-u~2}`4z|WKdDfMTzlzMM z*Wst{PgcXJ``lRZh*|uf%m1szFBJJiV3LSF9Kt@Mt*LQ6F;D zYTiluT}llbsqRgJXCD-;=~1+N_bOh)Td`~P_S=;=;QSUx(ppBUnLjr%Z0nb%g>Ad! zRGiZhzQ{-t2??}3#|iH?HR~q}U7RjQW26x93Vp?fpPCl%mK5DhPJoThXCoZ5pHvQY z%AxgyL=0Z0z!zqpCL>w7fs;vKC_E=^VS@WOOmt1DL0-*tx9%7zLI0llQnfnJ@p6^D z#KkaHN1@Lp<3U{|ieNe#rs`K)dZRpw)Zzg8XE3IJ&6#q{lfnMk6LaR9vqHUn$9pYK z2=~(j4Kln9CZ!y*w`yhCR_N`f1EdiOMDbrSw=x#Q@Tot{yymOrS&y=`c{a-ZSkasd zd6%75f$>(+iCRk^$uLe9;%hD~Lzn!5pHW`9!}gk~7y78V$SN5b<(mnPG0{itg#H+p zt(btGlMDJeB~tK~jQe+@?dNf5x!s{1JiM;y9_YI8z)PUu4mxx?iryf%|0yXKwJA zw16q13$57hHvA}AvH#e(0$m2OwS@d^2^w!SK&k$)v3hBM-LoVUS4QdS<2ZP`LIIc+ z0t>v{9z)7OO$Vb7!h=tz{brcQ_$jJ^LUrobiBcX8t2^EF<@K#t#*53e z&Y*_!*2o5W;xa9Bc_sCG>q_vU3Nzc{8`AG{K?T0=GBdcTTkTF&-`-KAw3w^$eszZt&43(F5p)!hvp5rzsD#rsASQ zmOnQGb>Obho|)KbC7K?s;Zr;>73&Y^gg#4!87wriNG)CX4UZ9fi-jdl9evn33yW-9 zv(hMi5YAzSYi@_0G`$uOe%yk(-!Jkvx|_EU(KYg(bw?N~3?763;K?|I=-1UUzbWe` zsJxsa?as|AI|nDlI21axSkN$}AUG;yp-aaq9XE&LYZXmk(JJ_HKbpYA&WH{*5%nbp!ta|jDz-e=q~tlW5g+GU|b$T z&WHuADPxyzNQXF8lKDz?!^EJgw(9Tw{NhJ@UpCHe#rK{{6GrbX@6n#_Yu~HRygG|f zRbfmn+yy#@T%k@?Ajpo~qqaRR2w)O#D+OQ-H|f8Rl$O@Eg5lVun;LJ@7twDbHEg^WyLjJ*FbwGMnD%X@mCmL%4PqZ+gPjQFgL$%b*UbuM{ z+auM3S-qQ7x8gnPxKx$F@kf%x>{lXgBW6HEuvndW(wVC=6b)y?ldOE%1kcxy;o^(4 ztiu-F|EG;}YRCjY0ARLlYqM>;&9-fQ>8m!|wr$(CZEm&MxO=&``w#OtGd$!75s2~D zS0$8TxMZ3t5^K@TOeiK8zcA<*>i{Tn$pR6pJQknn8Qaw zS6|HT;k8EI+sRg348_Lbly`?_J%*pE7#HwYXQ7_`Jb<_P&L6bua+d|bM>lqbfb&Dq z66tSPj22hm0veyRt~!4F@xXBIBjPu%>vo(^H0rZjXwnDBy*yKbyg$>E{ojaA2how; zpG1$XXd%+0cyZL}b=G1||BC)FiHfe@#}$cFlLlxZl_-|WPJ#T2``}_8+4KKL3Ay_K zx%}xq*hPThZenT(w|z3}Sr30mi5RJ0g&kTxFVC&69-Bjy7lOWuF{P zaOT?>pDGhkx8GxAT|Ii7U7C`MkmP;x(ZqjB{)4Q!4kljW0Xe)XlR?oYm=8dx9N z73_>wC@9N)f|W0Zgy z!#7uB0_(&VqpsVYb+4pDbd;(#qT8Ha1dtXStq4@3V&;FXR9rtxZ}aVj*&w=h6NyJ<}4l$|!#V=OxOzCSS#s)jLbZB#zF9#8>6>ts_l2&pUMj=KRRF9t=UMvuhco z-mKvLyXYt-DbrCB5MLV>cTwy(--e$zuSnMk0Pazj;n`sp3Z`!(;>r7Bkt0l4ySxLv z=vZ~&`JY*RGZ<=$T%vOYVUmWunqI^OGTBH$m&8c7NG9&t)C42^vf4@ii!(NH3quuLwxZYl^Gu)@5t_&|WdHKcD2;8?5}GwCi{Ow2 zMK!D=R6__SDb`o`YA^?k6;h%re>;|%#NC`i2I|Gp*UsC`8!gOmux{;R0pD#h*;&pn zim@0oye*LcrRpA?H^jrteJPGVXclHKI>#-~B8yLeZ3RC`qN!SB!@iXQjiY}^ms|!G z@%l0mbWU0^E{^C)*C^WOtXl5cBe5(LEju(H`&$xo@-fUM*rkhizb3Yc=g#Gfdvnt z!K=6+DRcDi-oqJQ6|%YtF7fNUpyLSsxCYnHlcKLpjMx@usP~1GKLEpo+BWlh(}pkF z#e5OO79Rz5E&H@%xcjo+LzNf$9uqM)e+0*zgVxYc9?wnStvglw7qpx|!P-!lJx%^K zUkD;{>nw`H(z{0|ju(gI0vum9DK*OwfS>l@7a(=zRY0vM;*->6Gilh5?2ruRx~Z0^ zr00XUkaBicI5YVC;1{V8$6dtKdX`Z%^_g9|BBcDG7RU~zDM1_=WNN7#{tjB#zZ8^U z_B4NFE1Q(0Zz{_)B1zKdaL)$TZ|`>)&eA{axYKHe&q$`R)O;YJC(3xj3&V7{8%|SE z0~NzkF6XrWrtj^=hu-Be19YP`qKqJ)(&NdtCHdU>fPUvy9Y^KddvK5gi_kjP>Z z?szYBXW$51`RN_9AnveDyN5E@>wLPbrw=Q=e&5H$~>}WpoOBRffo&T8T!;L^eC7Ktw@K{_>R#0yoWCc|tZp>DzciEtq2q{k&eG09j-T3$ypt{Pn_o^u|9J+t}VNS$Er^0D9rG;tBH#u&>KU#0^B6;w}KJnQ`lf^6=l&0Z( zm5IVK4EkG$#t<|^(%3Fhe#)=M6_que3yr3|&N+-DaO)*~*C(0%jl@@*fBx1NnoVA< zf!E#k=7~If7S6%Hphya#n{|7D_xA!+`fG`LD^$?qPR5S+?m~)7iMr5%G*6LPgdjBD z*F8-N5u^i3mepGQ<{ml+N&e$S5;I7?GqiT=D#o@zyyFgLO)-{voM>ew;pgzg4}k;z zMF=xF!fp!f9K2_7EyuN6%Q0?=s|5PpM^lhZ^`mswIYL_>KLOD+iU)|P*E1Wh9w*BDa$&3h+Upe|i%o|6bz*@Kp)%t}6KkTb8V}^X(4C|)zADrHs=&4v^O+ppy3 z9t>w@3j)YIAK();g4L@hi{!by*y7@C#4?ch-L4B8E;w1!H^*t7`gF7{cg2iu8`Vjp zV09;GOMt`eJ;mdp$Kbv-AB*NY&6R9(K7ki-Qf(Mmgs}}tYKkO9Gas|#ndT5@*jU?OO~ zF3(+2%8{Kkr|J7=&_ai(fOO~NIqcD--tC@BgYoCYHPN>P_ssPHgZmV5(kpKOfz$ek z%;C!k;HI@&Xc{9Z&(|^|k$nm5)7lE0UXM^FGq;1kjCi7diHtEhm-OUw8UaD5j6Tw7 z+oPq)mhp0D){T4)02_8=6B7GVvDWsMW_IKp{ZzSjNNv7TfxzHL3C;IJ>;0|w-4lpS zFKD$KEH~t}Z3T1h;S2f3nh2*&930!a!ze~bS`dzDIZf5hBmAtOG<-M8tA7zz`PYBA zz)tiv^TJjmOwIIs2-1`f0OKF($Krvnm3 z?GSC4miKeG>63RJj$Ar%xN4|To)XCq=SnlCJ<1_+Rr!_X`~ZRV$%xe%s`TYdl^r_o z(3X0|3D_c6y~5KK1TtIKkBFROG}J8|l__Dsv;;Lu9=21`{#!C*kR5)*2i(UWe|)?p z9UbcjvWWFq+_;}s5`H!9^I(ijh5#jsFw!)ok&u$&H-~e~JL7xjyHTFJ@2! zv)U6^){{eKF$EFKR0{SXZz_~x=>T{6=luHgGL5==eKq^%n2g_?-2SOUF*G!}kCDPI zf;??k-uFvE^o|mxm9t$vs{1i{1LdaLS#z1r0SZI7%`G{^!UKMojc)0SW+w$1rVOLT zdVh|+iX4J6JE&R_WdY4tVMm2ux7mNRx)Rva#ci;c$iNllcX=-2VgENOfc}Cq8c}>{ zRloMe^zV zvCKx{zi>{)P#fvO8G*3_s_%PxLVc|klYutXBa7Ee2uO75XZ~(b#Z~95wQ&gkM1+`B zUy$tlwxC*&V@mMb!zI^}?0S4Fy%nDxWG3%Y+xJUu2wS5~QjR9Dva2!Q*`KbE>L|Z~ z_7yY)uR^Z zXiT~QR({kEa)@@A$hIw*_%z0q=(Py4iDoZ#ybt$|(E&=N;FY(+=tYn6@jxZiFgYK= z32*420?R8rfROU@LL6g%(pM8KbayZ)^P% zW9^wQ?&w$^sqMU(E$>CBb1T~^Zuq8kJP8|}1IF~2CjM}@bu?g}U6Mtwz6Ax0D)tzi z&M95v#pfS_GJFV3g8_J4l}bS^gSol%Cja!rbJ)*hH+!Tudvij>U%@_<@$ZAv3yzT!ca6@Lwqb+iZNS0B`vAP?9)PY}ki=kyk zIyUHa2$OeukR2W?`kHgOf#o_SB^AH!jE9!v9Ta1lfw%g$$1Ea}al>4iMa|c0B=(oJ zp)!Uz-xCHD3<|ZN267Pp6K=mEfIAl!Dn;i#s|@hp{A<4G@PQ5nhR0Uq;|bx#462tw zvOK53OrEJlmow^8sk%tEF5hh*cX@z7?~%iU7X`AQNt7ZIMRVPvoPXJTv*>4*+*E{% z9}gszF^I8;)Q#g(8R{{H9o|wr1satTVcf7X10T0u0Jz@b2YZldi7swstbx2T#je+F z7vZ*c5=I&!rzi|}foM6`9i{3w?0K*nTlOYaqf;E!9`1t$0V&YHsAte7zXB80N9>Tk zpZwHBeXcl^;=xNe58(21n>wsauzk$Cu+-TZ#M!-mw6>tI8G$%dNj;mSla{J#5i} z8Oi`bg;>rfKk|Udi8uUO3-)h(hRd;mo6lwk`&CV;ia@d0n!s_xqB($?ss9(|WwegxNDv=Il6Ez_hGaj=zbXlPaNy;z*KodI*wkl|OT5787XJeqBLz{8%hzC*P6 z-Y=YArAppN9x&nGx*<1b`5D9_JbDZmFZus z=XO-9?DT)XM{TwMo>4Jqz90`BsssNvNP;2YU+^-sI5RvT4d~XvB<^L-F|zVX*C*P( z>gku1(OA{}mFUxx=<+PS+O98!dY=uJ^z36<784YO zbIh9J>$?SR_qlZALWRpTT}>mzc2nDjFRv&S%wYm-pg0~^5d?JfbxIT@EQV|dkA00C z*jGt(55+`qpnc;1C=Xu;i!4TP$pp=5Yg5DEk1*RxcjKp37&8sb@9wGz_S@`rx)EpQ zBJXVAny>^R?Y#f&#PR69?ZPe!hUW>0+i%HztO zuPnm3@x=e17%R1};0hIC8qHo6L5<(*$b%Lor@Td1x9gjf(N2-C<1b%u>$GEJ9fBhb zE2PVX_?*#0n9;6lTxLG42ep#l?5Fj4qY$KNy$~vx4lvo0--;^GVRo5rCp2>k!x?aL zfZ3X`xdU8MJnSlEDJ9SwqDfL)5Sziv-Cl6vy3V$EQ%^=z25|2=YTes3)yi5TDZJ@& z2R!ST&e10N8#1_}U(#!!kmS^*)Uyn{Fs+J}wbSvh@B0&Ni;QC5Y!C(^0%nyInPuWO z`lK)Od69w)vF)`PmJxIk?~umY!(A>ay!2rvu$2eF`LEQfZYJi*0?6Z~x##UDn)X1x z8PBnf3;wpd#`~_b(`*4>)em|Lt0rY0x=V<4?0RBzFz>Hasn0^xbfA|1fo^=y=y~f` zCKps!2`OiB$Wx=WMTZcGoj*BYT9QRQfr(`@{XNEqAe2)m;5MdR;}Exb=KORIMC#eu zT^%O~-wwkJ+`4nk?Ma$d-3w90AsrM{I9Ss9`nD&#aJP(3zlw~vt{p$*a$)GyB=DMQ zBFkf)N6u)0*uet(m?ohghj7?Q*8S~5!JTDckD`8Q!Mb8FxV0enE>KCb1(AtXVn%`3 zCDRH@R5?LYytX=>9q-lk`82m$tohhrjuwrwQNpsLVtKx6xLa7()HzD3v5N_OrlsQR z9Zg@Dx=~M!%}qDn-d_e~6ECLIe*5OnN^~I?g@oCMw%b)DzKBXfjK}Qg&?)E=Z|#}l z-?+d%fK?@*_kj;d1mvM606gW6+t|0ddtg0HGDs`(b5ue~KD7iut%s~29^HFo@Fm^{ zQdmsDSm-_!3=Bf1LkV5|(j{=W5@ffS_xh^c-OuMBL~Mu; z1i1Bm3p!DS;;ZAH%|X#!vL%ch%k86jKj%K$%k{xHhjz16u4j+kK9$GPbfp|OpN7q`pyI`^{%0!!s+841oBhi!b(0>r>^McjtMiB4|#u8ORB~# z+N^{JLrzVr6;^?$s5KJd2h}#=yZ2%fb)@w%z?#2RPHV@S4F1BLi;TGy!w2lM>P<_4 zN8@)%#6>#T^`$YyUCba6Keptm3R(!IFlik+I)I5_BLDs%;feoizsG(Kb@L%^Or8@9 zRGG$X;fwdj2GYghV{+sk7$2;w_s^Ea1G_*Drkz}E#bfEx%=%Sb+Z+7Rr@ONUzAnXn z|I2iFh`Wr$+P}_Dt&#b2S*4zb_~{K!XV*qf^5FCL}ITH?;=U;=BOqS zD6`c7t^khlC}NhmgZ_--Gsg_{@7>ip)L@C(5X>)^9?Y&6XW;s z%7UscEaJ~Ptz{$7$6*}YWxqH>nhh~Ao(6MD3BE7+z%PZ?B79oun+{W@z%B3#DtpfA z6_?6vbJOikp68&q0N*~GE1jZj$yprB-NLg8v~6lM7sX*e;AbViciVX~ zbGaI=J|mAmAPpW#QYBo-%LV7zV-U-G$*&&C%-Bt6bSl-n?p5um9JG0UlM z)h)xCnY|cAMYC&@)3d1`pn9NMg71))A@+H~XKZ!NOjuf@;|ktc*jVS2svqCa1%RdxOw5Z#f7@N}4Wd6D4FI_t>iWv%0g-&=+GtZ1#_ zO+IzLm1=@xv7F1|J=0AL+H@e7SQPa1qkYqmULYTlM#wOKFxE2|XY#9uG8<7633M^{ zpUrVW^>_YB-qU=%XVPi=-;*PwuGN5FGScz#aai!(4uRr%u}(*(hb9LWmzwcIKt@hnvbzDhNB(2Z2uknfxV}cBqfXi)6&>z#9 zKdz-qQ->M5o7k|YOW>!xhA*i3uc(%y{6bt**3(-3idj(@Rs?jg6Va>6>&W`BVCBN1 zvVX3hcgk(X(I@L+Ri9;kjoEDEp#lS&f`cY+X1o_HQ8H35k$$Z1NS9_%e$gngBBj*$nJv zf`C2$jZNkRNyE)LK#@F?13yuOCYt9XM+c8iJx2VW}8ZlRV>{5Mzzdv$ir zdMl}@2g5`ZLcKRV$7p;?r)pcvZAo}in!z0Ak;UNITlU(f%1YB2iFV6N--OyTz>%SFZb}9iOl$+sbyL2Dm(^S$ zu|_JRLSgiQR)?p@?BeEzUJpl5Dq8l6zZ36RIpZBTtE&LW?(wq@>h?U^;=Y*jV*G-S z%(<>&|I?8<8cIk!=KNPbpE^}O`yYNM!e-Zblq=7enKft`$8}oQUgyENi~(odf~Vnj zs9$TC2DYYB)MZ8VH_ah4Qyv zP^^`A(Ab6SF|Wlb9}MGluA44)bt{LzRS=?B#wfU^A|)5;on1Ke1yy)Tr&2nAA5T5k z^U7<1e`^fvxOz3oY0L{zsXMBrxQ|TYXj{x;g~^XPB#iuw=pSY7l{|igSkG18uXz^j z*EEyheZC6j=MH=~Z4IEyM{k)q8h;3P8H9&#Y#seM->hV!rLh<04@Xy)RLpp9igk`? zZ6j0QYg@t!TpQ*Kx{$Bc!rUW zfz5PZ&lz`d_8{wy_MiFI|K_^HK3%G3Is2RLdz)5KZ6%XwnXF8M%bo0CQEzFE{m;g- zeJ^#!V=&tapg>~yS!h)ljNab=GEe}P)Y1{4D_nWHQH>*hhXez1sTdkeJGVtfXovZ) zvW>iK9BX+i@A|0UeE4KTVZ}DCe8_$MC$Kwktl?OMcuG_!d@SL958x8-=_pk%{P8q; z=xJUA%WxM=p6g`49_v@YxC77X?qz#TkAUCSm=gET>29tJJTdY#qf)^OJgH2=^Pxlbeuuh(fA~i~g2k0G}919c= z^vq)-l8K3jljSy$j96m|eAfK6)E}n22ljlv45n9A8Pj-)^8HU>Cgz zp&LY5CQ)&zsNRy1gy!>esT}b{YCu5H*&!dV_9#;)$59FdHAcoI^q|TEBS?Y~H%yM; zr8$X3W7|Pcv#?iU{F__13;3;d+;)E&QV^AH@1})C-&4A#jU>EcR)QIeApLBBeyXMqEgZ73%TK)rkVldzqFn! z)=p;A`Tr$81jWL0k#Q?c+9uY^27td(#Au@SO6q$nPIG5VG0WiCK0s zyfZj;1tq;8%UVqHCjIsF#SCr%KwO|4P2g7@60)DSrD+EKI{v=t1NK>C5`6N zmMabgOB<=oAMc8mDj7f|`o~p3YnnA;${rBIV^6jNB3w6!G&5Y8uFX2Yo9l9Dgu`a0d$p~8V?$BMl_265=*?2V|&0_w14btQCo^NFZI- zrhAJsxsz4BE191bai$8U9?qGF@~4*$sIl(;X+R&|f&<|L9=S4cmV4{*(eeMrfOeY0!=u%}cMOUBg7=GNf6Hv&OVkej5s7aEXLrD*Ejht*)lL9G! z5k+AJ(Qu8TC|Eb~K(Roc74x~Zr`ME(mblqF2Ij2}ID&x?+j+-hGdK){6 zp0TCU8iqL8fid|Ut5FnuWAivWnk$Vz)?lQ?tOYTAY{ac=Bn8p=pgJ7%Cf1ThSaPG2 zlBG@80o9bULN*0WXs~sgQgBcaz1}<8P54$kckTN){-ddM_6i{3a);quq(AG_i=&)H zh7*N#@VIa8qNzs+ghp%k&PcGQe48$`o7=CVhcS{(L%c0=%qJDZ1&ol@%@UDhM4O?O zlL?W~UIJ$83#Yh`y(BZH!m%AW(Z7@Z?BHx?X8zdHhl;!D0W7cQbAu}W4f$A;|Jdc! zy%30g)80!m)H<15pvLU0?f~x8nT2I^2J{keq0fVOg>;V=W;AnQAVk}VhUHUwjj-tVpj!Fw4#=Mk6|0N!aliofqz z%c!P`&6;l?lFI|ISBNcxHpYpYlr_bs;`SR|)3Wv=Q@*%!=|G+|VUqt~F!rINJ6k*7 zzLjSu;ClEfQg;LWcSel{x*s}x&fPnl6L}g-J&a{lx(zT_?&q#*`K{Nh0MlCI-r?>E|$CB>7#uE{3mbX*L9W4z0ftc7)` zVX(&xfey%`)0rU2oPH8Ol*$@_Rf2ip_Nu47U;8E#;M9~f)QWQ0%F!%sNj^E=cxd;2 zcIt*?VQ5amY+c8%vX-aKI=(>xdh`J{DaJ6@Jz~kU#6vdep`tIk_SlqeM=xN+gQ6SW zy5Xo?ZT;bh#o}m%-yJa1o75M66@!}{@UGbB6_@(B9Dc+Zka;16_XGPP12!~X+Jp+~ zNMYd9@XFpYSJ7^I=G3sp=wpueA?(~n4?>n&1-zvhh0I$7)cVHD9Eg#*@JDxZdT+)~ z0N;`T)lJY1ylYD33dbS)weA$@ zi(qVa(XjH5ap1C@)d5}QMxW3drX?Z8)jc+HMULDKh<*$g^8)&BNb2$={?zWez)eGV z8Mx^hR{eL?m?SS#UFHjX+XN+F52pKF!6t}gPvNYtVNSpM+B`5UnDA6L!tsGL{~jA} zH=9Fg6_etIl;n!a4b!=b56i-^xiL7JCa!?t72{juTb93ODa;{lf}`aAdl8rnlyZF- zt+Q&;tI>#z$~B(Qyo*ek$&Nl`D*vZD95(88T<=ppNo8yKb>3@W$-r80=ychVOmPZ* z-l(u5R{P2E0Eh1%M+%Thc^mj*0m5XAQO9Tzr*$~Ec#2r%h;X1jy!NZrkcJbio5o^Z zS8?$RQWpuIdk3nt?X+pO$OwTA*kgD;w%+0|BmL!tMTH9)yZeYsxW7w8KLTk&?$c(m z3Y~YCeU)}7mW^DT$W%2|L0G)XxaAg@XS{z;Ss+}CB=$NI)=dfq(F8lgHpyQF=r^j| zg8rp`qB7-ik>H8vnCx}TA-h_z604i_n?AgD*3MXn6^#^EaG4Kc`89n5IQaQy`bF{1A*`-gv<3Kw8;uFI$Inj~oCb zdmBFlUctfiiO;b#({I}qM}w~I#di6)j(SB>l+5g1rSENI8FK52+Fdwk!K%V)L6WS# zKiGP>VJ|s4yip3^ADPm8`unkMO`&8ZGkD%}G*~N~Z1Hb|EeWpnCrJQXAjXEGtyA(^ z$fzE*O4D{VF}F$9g$W&Tx|lZo)I7Z#*p2A|{er#INDfxgb5YHb&lUrJR5{RwGeB%E z*Yg2;dNutGDsvhA$y>GUxE3nxlJKW~Gal{tD|||9RMo@A{Q^h$>*V`isbLKNg&IcB$j118 zY%m5qW=1xq|6BdP&@dKycGmx8hW&p)!@N_R)s!q(M|9HKXDagXV(hToO*uu;{eExZx1>RDAOi#T$*?>Dpw9n%a$4=d1mk1x z&(P5g!2WnD0(1d=ef=gcwuWx9u?=o*0TBF(n-j{}VKuQ2{{EXf6v62etUK|=@@LO? zz0LK3XT?fmgu?rQ6V&(pSJfi+NTJ>~$Uk$N=q@tA@@eM9sOV;_Up3FATf_L9gW0LcBg zp4lRT0-)H4!2l?A;X?w*z3U<#f&(bqh`|FWb>rg$$X$m70rEX#30#_Q!E4AqhRk_r zuoC?Nu-Jvy_@3`2ictao_oV$AGI!y@8lo0K54m+1pEk_XLLw0HE)S*AaY;8>SPm9nHpJ{_3fw zKgKID7jyN?_cXBQi?`7|h#U5D>9z=GJ$(Oa>Xj(!>D<8&=;Z(S?{&l*@ce`?IszZ% z?>v+@2!Q-Qeb^^%80teCKfjY{ZSS40@0}jR7Dn;y@x$%fPmW)&+Mex-AU?t$Izl#N z<6qNoRFL2x&y4%W`@+}M-`D5a?ZaPAc_=6dSzH}{dw|+JKX^VqkZUb1t+`uYl#MpR z__Ot|OF6;WV_qw0(OfdRG}5UMI|mqjLX@u}uD1Q7K(1==TLs*k+4d4NdXnsY0y*QM_9z3_s$e0p7tn(9O!*~gWpQ%3QMbTXLZ8PH(toh#bX&uSMs zFtUT5e>0a4k-?jr^&C$|DkiN{YlqPzGy+2#K`Iidk2INEDpJHO05X07gbpP{8cIoC zB8y-uMUabu>`JlW?Cww4Md}fqJsJId#42^@lf{_B9s_>vWo1UQhjCyawvoKk+Za(% z0HW*5-<7nE)$M*QoS1E)k*?30TrtzxygfyY{D@EFMb}2{JWERe-smkC03s`5pUNoq z%uE1(lULElCY@R(w@GK23ma82l>$t*cnsNoQruRQ+MYnqTwL=w?TG3I4d>m5U}!C$&J zjtC9O$Zn~mM>jsYP)4PQaLH`mUmqWGoO|>oj4QoAK)k+|XkKkFR#ljMBIgbnFN$=|5DizN_*2U}?l0*CF@WTPvc?}6XdPj1*GyoI$!C0Il@ z*CacdUvd)LGVZM0LDhEp<#FelAU2%uBXyUsqD72lOFQje@dt8$CV^&d8 zW2)I=O(srwmr9`)+b_HVdHrMCxdP&)Aoom!WFQ&MxQGVDhA9MQ9&^E}WIEvJXb)eK zU{Zu{Cq7LsyPG|*F?vTdARt5zYAP2;#o^Q~SP3Kg zaHqej9JFxU z(5mvRHIj3FtgFmf>(2^u7<%aLsC9I-lxfNt^~&SSC=@4d-bX~|m<;t; z`VFQkUo!x$4rZ+KE3}ad76ZR}%sfb$g)NTPM#Om#&V2!zZbJ=^ID5S3@4A$yjFE{; zT20*Di{t3TaiPJThYm%iKUHasfJ~%6avwH-OswW9oA<5>OC~2n{|rvy?pk)xVl=kk zH6!*yDX(?&WHg~XL&#o+r!*5L7Q9Kf;TS+3C6tlyfPnYTRl3^9`p6-79%FMQvK3mU zw)L>OQZ=%^IJ32z)tcS0Y3O$zCB{}pVT@4;e8mk{261di*|1oKS9}oo=CfQfhDmCf z`we4|h6R##T-wN;n`Lr9RAUeNIjue6G zwv*An*BxA_g%l!xIB#R z?hZCbJrqM*gCib7E@h(K?~?hBc|Q&JwlNZ)JOrW6tW4#6kY#hYM%}!NEHPqyM_VZn zV1*^9ZX}um5@#wW9t;Yo7Ov1QvsNI!ct~wmJl$fLm-FZoH6^{y@Q25~8eo;EhKScu z*t74xbNN{J<#6%TGudvfcSt$djT(J!myZRfwi>+ln15%b-e_9{aD}jeVU3wD(6ToC zv41!lSq^9fD*yzV9CdbM|L)!*KR$G~MTeEBlh+q1C1+%>{zjjIyrtfn#;2Qmy}CW; zg!2_oix7>eyd*tJL7YGr(w&Bz7ArAVFS$ZV$>`05N{(R#l-o)0Qq$sj$~t(jw71R9 zS@Uq~fR?eU{|wXc-I`xQpI*nG-%!R=H{ZS6;#|Rt{G$VJ_N-ht z1bk{q>*$968-%r@@1y9>=B;jYLJAo@CN3YGM44MinHvEklKE-7V6K}^K@Bo!wz-zb zct4apXxAt(4OOWyx?0r0qdy(DU^IQA+=N*EHHG%t@RU(iU-mFtR$sT4%XrhY%|V91 z*s-jY)i1Ka8}Iz}BIkSSes-|`XuwYQHjKI1S-INexB%Ak@b73;1qkF;Ud?~zOx(tp z>&jB{oa%0R^UFqP?_iRO*GYs1?;HzvIZM=BYuMzD1+rTr_3yd3k%Qcky| zdvgyvy}Z&OQw$NlwHp$k)htN`mBwOD2zIqggZeDLUE>00S_*)z&f(o{_41&aGne*$ z{N){DB!B&{Hsa^4Sf88>6PSHY0%6=?EBSkg6Sk0gq6)V4 zlq{;Tl7znN`l6%je-M1^(P2-u|MrB*NlX^$MA|s7SB?(LU-Wckp)b&8|L(ldGunBA ztr~rmeUFG}*~VnJ!4Pif^E*0Py%}|eWejMR($f>P ziLfyo7WMTNaD2(v__7)AqPz-ga{w}P90wxw7pp@;Tp+e z#9IlD$d*(?8G&{RRgY|@B;LrD1!YoD8lA4eo>-cGfKM}@9cG*5K=v$GkMOb7B38a0 zZ)@&P8?SWY%NWG`xN`KJ!&5(;tq-w-B3K2I!j|9%5U1s}f+Fw(MLVn?hh|>B=0eX` zM3Q;~0dwW##;RW+ShleHH4qh2*8tejydk~(VEfGvsRdd+vlawxhhJS&GBp5UR~shd zRa;)AmtLX%$&&*GqOq_G%WtcWc>f3|z)LvD%jC)3Pg@tqE_sioTo5m6G>1c#l|CsOBoH6! zzI&-ngZqJc^x6ZsQs~5SS8X6n^L`QcYeh}W^))F6fh+n{qJ(m?SdRtB`E~iI)?vY*6sP|jVBo^ z^?XZ6o~o(R;7BXL@I1o!I?&lJ`+6gSH*;uua}83CAhpnFJY9dC4(j*5#;s0_4VYWHy_E%!roes971>k&$0rB zbft5Pb16!%D-Y`Bh?q~>YkDRuXet6@P%2eOT7JP7L5Vmwuj8s1=0vPBumkm5kX z?o82!rA*bFsj}@r*SOtg+S``JG-3$3Q?33e+ioJgVj4BY=}=k|QfC)*m5y$FYLX(` znGU0@SO8LYGKr#lh*od6Nx@R1q@QY!**gQq-upde|6KmMKM`^D2BaYU=0I#-=Q(fY zEcfumDYXVlZda%6vjH`Lahz>%WCQ|P#*A^mG&oo%LM}?SZ>ER2jLf~rcFBDByxcj6 zlp9&-H2Ezf!vjWCvViDp37T?S6v|80(A#NTbe0rIPxo9EGs$4iCwBOqMh=*JS7)1~ zNOOShY9~n%Y&+@I=4*+SAqulco3A<+g-h~Z#4NCOjvWG4vGc9HKn}%^i0F&%qOt0V>uM1?&ijl5HPz#3_Yb zB`W1m*hz`F>&9$;yP*rqILs&u`NDA`PvWUskAw{~$+Qil+l5a<8MGsFTrtb{PCjAH?& z5Jys=rg-3jZ^ZtYsGUvBxyq>VlQ7@iEa9m6T6=#|+8H16ej9%A$_p8Fb~N63R+i-C z7O@K0R@pkE0BxsrHK=ZOMM%}h(bg@-_L!3U$rS|K4`h{b~^H!J5o=>Pl|)oXBS-1%d<;bow1S~J(DZiqSy*+{p*as1Sy zS;g0Zy{^uSQ2o*FAXh)|8W|kF$pb8aYVq>P2+Khs=x&?sJ;4N8vcWEZQdtL?8%0qZ z9L?6$vHD_yE)+MSHgm%9Rj{EvENAca2uAO+7q?sijd|R&3?*9Q+|J^Dxy<_5Vw_@_ zAuqEcD*?gtMRJfhP%9V-N%n~<)h_fZD6w@dVL`l`s{wHlLfdEr>QF$3E$i!m$+ovY z<5Vn>yme|Z+MUu%Y&(wSoU+0wm(e}5Iy=s6uz}o?h0q_I&-utS>)loGtYj_xE{6BC zfNA@VLulc%QZZk@%~(e5^JFLZQ*UfQ&mAv}b-C#r@`q*k?%bmo6jTyIgq>u{N0iNC zve(eFOf~l_QzEH6W&4_Sg6YYJLG*^70a;DIDtm7FRgs4fM<V{I_Vsrd_5@md=YY=JI^@*o+$Q3vcLe~W8`LhuHu{N^KU zdy+EeW-H`}>RR;zC8qDxRcbak$tRhY1D(^Q=wCLj#H`WtLD4Ks4eAWl*3GL)?Y0DO zt$o(nNp(7s2em&#K|HQ%PcykKTAT}QqwiXg0kKx~(aH$o{F6TnxOPT4u0fz>H?`?~ z7hRu1(^hu07UzoDgT2K%NYTkNv)JzH4~bZqKTO9wPgFie9oRB(XNg5qGhe(^ z=yA=$DTu*oTZ$ImyYoIosk+#=O8J$OR&ogilE_*D(&rN<;OjW`p zLi|H^fJyPS`l)Bry5z}1s4aIZM}&~n9DG3!%+!^T*{)>~-(tpCZg-_(f#dXLgBxjS z3)n;=kGiR5)YlNtTL!B70*M1jCesWi;jMto4rHsRWmcQqH*_BlGqCteAKrGPX?DYI zwZO@=xz4V|3x&uQvt!h{4{W6oYo(!)e#=c25$r8#;k)L|mcWR^$;V0Xx{Plj> z<~&kxVs=GcY_T<7(Hdei^K`l&dZTFX7TFYz6+k@a%2uMYzd2>6~gYs2mdWffJtWC<5mlz*JJd^o|B<-ELPZ%KD+5r zgSA?m@3pAencG{`AHLJ0`y^uNN|q35n*_SbT*EDNQw{9G&5_*}WryB{7e5in{RjlJ z5fP*4Mv{J3Z|%<(blx{Y$?V#|lsdn#>@}lNB+3lv(n^dSJMpA^S2ftn6;?SvwYV3r z!#n{ZX9oJ{b~YQcoLD6vbnxB}=t2Ow_7x|ImOpvr&44_=an*h=G9?7Tw@aEYJBTUp z?EjK=g4G=mEWIpUb#a z4vjw4{N+Nx(a0D3U6?9Q3s9}cyjC`P+4*t`@q<&Wh}b-=mw-lREx1_}e4Al?+@H!4 z+aMpsgbi@joP!2s*o~ez7&E=J`9f&O-o+*R#J)`yZ{eyd{NyJH#N;?H!w#;+W_)4% zBKz~HF{P9#@14?rViVVhn%z``j5QbM%@ajYr#g04ooYd-PP<&?^$=MFPq{qKxBRde zM-8dn;7uV@R}Nr~Y?n3;vOYpDkEHeb>^<}gfW9HL_g~!#rvKtrFfg#w|DQj>fJaY9 z&;DQS3VM1bM&|$ZE1+ma%&nY^9q?#Htn{6Xg^Uetjf|mqc%U4e9E|m?q1-mSU7XdH zEFXEuvKNROn8ZdGwyC$9`+y`RL!HDV#32{(7Qz;`xAC^cTwiUuPrc!CUOlyYEq~WN zO>)vbZ`= zzJ$1Ubq4gaS*33Z=F;T9=AV3>jn_*INLOFq@DnS$jc8zD4esIq1n_&P(BK-9CeUvF zQz~p08UAqz1fd=AOq-t`WC&(}`Ii%*7@ObT*b z@DY@!we%n9$3N-(f20}zkzW3jn*B$V?F&zv6nTRbPy_rO$d-4>*YamB8#v(4S1vjk z^ck2xpA>#f2~ErI+WK1i&!Jt&TAKfFy<@{K3uhoU{=d7#;CuGaJ2`1n!uY>W&;h1v zaIX7hQT>kn3--Bs3k9r*2`3ywwgP5x{TYP$ie102O?;JAY3ZF_(L41WesuUU{LKZG z%a{7)=OYtV^u#(t_$Z~H*+tddB<=UX6-yy4X3GmmTi;y!8c#==I1tA=^Vb9Xtt4Bu z{nbQ^n^r_6<2}2t1N_Ekrc}azETx)*a16V|HTUhj*8ZV_hOKv_0D9K^>QV3a4dL5# zSI9)7C@2mMBwo9Tg(!o401rxN{Qwqtjd{j}uUJ(?(vs7+^4XP?^(pJ{bs7SLb)x|N z$0iQkF_k6YliX}y%lPUUruxYn0!yC!31?y|{l=|aTg!{);A+oj{>vAm*XcW*n|RH; z;wzgAECJZ@{M+&R19|*030Ci$K~Jir29A}=i)k3BvBSgsgVpYr{nJtZJ3jrsX?6?4 z!dU-qh`;nP%C(k9&07pApy>#-De%(`>fdYFSK|u<2_by|V()tZZhh!GgYX1s&I`7DMxmiPtq*_`?uuf7F-Miq~1~G)$Z*Sr~4GI3^L4ekT1&=8v zG<*9~*S>@%X0H0^YZVRbDgBFjcyIwDuRL0*meTf=$X1~zd|c%DB9c*Uf;Z! zoJypW5&2B&k#TWS0q{QYX-$*fun}?Khv@jc7QayOR!j$13%32Twd9?aWWtDTP|T$! z9Gl+wStqwe!%sJT9Z3_$kuQyG`xiMnkRA&zf{BiW^vy49&l5hc3oIo#qjM%9iH{Lo9bp}RR0^EriUkR z56rU!6_+4OIL(O{E5CX%bSHV`FCSJ5*T6eRj7Q{VagVm}k))#N5r2JC;Z*Aa)Wg8B z;RrSr0yEH#vaT*G6Mz*_t8O=$A~%^si8Uu#pgTNxyBXH&onH&NOf4l6INIM+)%l5< zr=#!P78EV!&qI1waMEaY%$xS%#QNjeS6W93!i~?E(O27zM&uhKNZ&6axXNyI!q*T% z-k4plAEzVA)nYZdR3Vha{qkAh)Ac0j8`ATSyD3NR_}D7S9H~GcOQKq5O!c()Y<8wu zKSo!BJ>{PDGV{vjHsUXA1qJ4Sy?p`Pxp^FrKKk52?)6{D#Jq-PlM)t^Odh-|F3X#Y zHoeuK5JmJu%xTIa^lL5x)Xv}rzG~S^L5v*r^-lXH3XMfac{{Y4ZTm@#`o^)oY7Ir~ zv|BIJ&H{zE?2Qr4pb*Ul*34G#K0&JxB9LWaE0p~vI7YaCi3n3zy5tfMqePOSWK@54 zKmY28FP5kE0UG=I=)HM$ttz{vmfWK1B0UoPIYctn+@6^aC7PWE_6QYFu2Vw@Wh$b; zK7pnuc&#x}ui>4bfDRbozq(|kA}N79z+PkRy=vs}&6-wk?eGn?B`2HowN zmG)C_onRN2*JeL2=$)na)<4QeB9GwBRN}ksgkR^QADAA;h3H4Q+?txYxU-5^0fuT! zo#K5}DMiByN1ciXt1%9h=LptI49{To<+WTbqBZtc&Ysv{401$I1s%Y%4Q^jhR$omv z6s4Q2Br!?Nj-jDonq5V~e8_>QrxHFpry;jSgoZDFg>>_c2bgA(aS#wEnk%rBH(XrWht0y&0@BqjSvCFJ%KlE%I-C)Q8lo?eUm-zZHv2X9!Gcjv%`bh) zZTB*L-Y|cdfQb+c}#f-4+E^q3wi-G|BLJt>j6?)wxH{?%MN?K1BD52dVL*PIW>< zdLU|FO#h4FAIPON@bzQqw-Zu;0lryBOxa&Asa#d0LJxS{_>?{Jl0rNB2lHDE6PK{J z3rWR~hn?jKH{o!EFm2tWP$VVA@4SQPJ)l!L+~u~NAetrUKzBuDiL|POVH2@AH&|LM zB!`9<=?!o`O^aFACpLllmr7d$6K_&#o zF+?HruBIYF%PHd&e0!~hZBi0QIsHIO6tR?0AP78~WVym zfd(1>FKrKiR~Epfa$SojIt|5apL~R|ty5g?jKD~u%W8}M#E~jnn#>hTN z)za2$nW@JNF-*=%L+=h-M2?Z^fd|{IzQ`W7I{PUqi{7tkonL%?yXdXe zN>8XZ`{((;|JXc68?*Mwloi_DTZ9Js7t%itf~tT9nn%{&e2@xi;0dCW1xOy-qa~3$ z4iJdF#O26mnVq;=j>i41lcJeg81Z_HS(ujYo{GqWvE))x+nw38iGhxNq~8!H;+3MF z5G)Yu&e^%4uw(z`*ykfvK5>;w@16>sbu{gr9)HAo4_CuS2^8n(XeL-9RxO#oEO-#r zy!XZ^>f>Z8#UiJ02U(~v2o@d|is!Urb)C)9&oDA->qf@)p9}|Dr(F}pms6=X8wYUK zDU%8nd0L)@g|!bKN@hZlo00g=4bW2F_4hoi#2!QYSho#B4-tSg)6Ri92fVyCUOiQ^ z=vot%UVDoH^CJZeXFM(>fgGLhl~qaYwcr1#Uh|C}5XLWFc!Xv`L+embe_ zv_^l5#B;)@;XV>T(`e%is3wr@>!^0SAU~>~VfOPTwR+Xbvpy$2+{eq&vAF}ra~H_3 zkEtq<3s9K6?|jISyve0GMTyrDT=UwV@cYsUHW*z;|YQ*j?%0j5ElK@&2mMwC{7N`tZqs zbgJqIh&b1B1Jl4tMe;zm5701R$~1##l&^|m?m-QPs;Zd_L;>gry<%;Q)=eiK1gO(k zXhcFbnP5o29k{A7XUGtdASH85B3XIBGj*hnh5mh{hunZ4GhU33XaV-^RF}n)-R|&H z_SHeScbrh?A-r^NADlPTs|`v%j~8nrbl*~K9^^72n78D(Z7(8PCr3P3>`*FHbWes% zjBXPhf_%w55vM`*#qs`KFE7a8YHG%u%WkYM>kg!R;6~pLha7cmEkoslhCVEXM$*On z5|@`JS)dRxegIk(!@g!tsRHfO3WjX)+rtrM4Z~{v(NELwS{cDb94_JbnHx(k;$p1H zN+fP$|Jq2@W602V>6c4Dzwjh1$TWUV-F%{@{RYMw6GVYWCxG zX;L__RP>Oi8o7gp*@aOj30RRt{2d?iOISRm%$S8hrmCu(r`Sv2A!B z-aB@%M%Fnolvf!`B=;JUnuY=y%6T;@YEDByo$|Ufsm`cqLlSH%=ExB@9kg-$Q`%&v zA!d1V!q>+pyw)nhy=6vq*ARJA2w!kRq~+dqgac0{j2^FwNA{_K4yzOmg3~U?X7ty$lS*MVa!Og-&BYnOI_F?_? zCk0SR%URVub)CV0^Tn#6UJ)=etG7-y36cIluU*%2+p3Xq|8SQF#-nQ@5t|?$XY+MI ztwn64lkt$D{+9^`S1*In5AOqKO`De7`eb1!y3aQG2#sl!f$8-vfJTeJaV#uJMq-}u z@ZukmVB4KezZK|kY6Kvz)`=^ff;PWQ)QeyQ8D*OnrGDxwK<>qgm#_VjSeY+|b*$Xp zPoA`dr_i#nqBw##U)&pA0$<3Nm8Nt#Wp|a0^#VPc?cVXHlW%Adij=sGIM0~sYUCCh ztWvkfqY)l;ZZ{NxEdb-2RI64Rh{%^SFpSOIpc@?ccMESYbq`~V<8rUBvtGbcx27{p zk|tkF5d0-f(!KknVY|(Y8gd4%pwV5c{V(xl`FNQ{DS8BCnQ z9IF(Q9+CZgCGoI@!^Ut2nM-lbSBRH`*47dbesiE7($O~6S5dJQ;4Eb=Af3MJmVi1s zvv6;XF+s>4eS@UrizBWglAMwmT_F;kG>q;Fc39^QpSR-9_`p=!@ha0S)3`*Vh3uz_ zMmmpc2d6@uMAvw=dmR2yx2QbFU|BNi^E_lME?ctv{l21<9&Feq3yI0PfUFw1x5$-= zZx~*ufRxwwpXVBidios}iQYq{~3P^$iW1cK-m8+%u{ zj~eYI!BIAn4p0`;_g#mV(8@*XH+Z?cFq{F?rH~LIRf!Vq-cELhu5Iu`UwD;~uZRY$ zBwmEN_ul`HWayRwiQVfLDPzj5tZ zAcgUIDOu7Rj5&ix#MYvJvx~7jSrwuh#mD)XyHf)q8Ud7)c&VTiGhE8BO|^*R!!j~% zNw(TiP&LP?zfiV^69dvt>>Pb2yuzAW5V}2!Xt1(}^d|O+0 z@+>r#*r#?n)Rh2*bc}1giOUh!9wW@elSzHEHag&h)n-ENi?X$Lx(vnax~1;y8E9TC zwyM(}ZLZ=jupept$(@)TS^Qg9`~p{ZD^*9xWi5OapEp(wH{bEE?nIJGIK=#iu+RP6 zQ29UP0iE`*^@0%OsTcXEcT(+E+FaL->D-LUw~3y+>ew?JB+>UcTZ&Er#NPe0t2id| zd)9c%Vz!GDXcG?OdkST^ArnaWE&N8xY?GZhc7z#N)&vi!QMGNwYUMrIW{8AyMztQ+ zCTdqj!QjWyeSI)f8|4BH2px>0SI)4PL6Zp>s5(hpxVdYJPbMk0H1bS5QIBd$zE5p@&MV%*o4#OJ-Do!~N0=)z0u(H1-hZpHvZ#c^4QQq93kuSK49$JVA-d6ufPz zqvoJKJA{>lK^j{+CM>Bp=C##mnWSp^!*MbyPq%Z0P`*uq(? z5i9eCJ5S`#)Mo3y>Q#+}2R1~h(ZEQM-Q@PcVBkW;x;1dms<2MHZlA3|&Q@(@In%82 z7R#efr|IH&;(P(f*s4#;%xHM5J3qh1F>ps!^AqRMlYHui;nF3inqTMuW zmELKzVhuai3==1{#74Z5)HLlbOTz9uKE&_6>gH_dFL8_{!zq(`!7m9hLiO`GMa

=YdImYwICMrQg@dr z&(R~xC*QC|H*?ef(Cm~?0t<9`=-;mR&$hWxHVC6jD0rbV3X-}Jzh62)TSH64O;$Af zAdy9D)OtxsW$$3J)3Co%w<*@CJzq=W~RQZrwc|j2Y(F^&fg?S+fT-S}$11i35K2 z9W_F64s7B!mu+qRHsHZj6s(H0OVUKLLq9*+JQ+883KyVpRlv13)Rpdn2n~QZ(FC{@ zytE(Jf`XDU$fL9FpUE#O2)WWWt+s&$((DHt-i1A;Ez{94U&h%*0lK*r|yvO8)7?iJLdXdS=Yd#Yy6XS$x(Xz$ur z2+N(W;X+ly_G%S_$tONqmx!z%pg2R)+L+BElA}D1W0FV*n^M)9G_dFv$(Kjq|KS_B7Qn64TVkg zMZhutJI4|_^?jdsax!92Dqhef9y@Z?b<;G+C;X?mcwJ?Tziaop7Ps>1dl?#8ksyB7 zd+gwjKx+pH1hR!*<+p;t`~KP^!|`8_k(!aziZg%?iSl;5PF-fff{xbmsN5sx0Ljk8 z139U>wKTYQJT;i&^Xi+DhYRF+f~lN0$bR2U1+kQ9wEtL*Q~Ms#44BfRqN4d@x}I&h zhF7BS5p_%5%nDSgm*4=JiaM%C!+w=8kqyXjl!T>zQHIs0WR!?{EKGEO2jnTg*N4La zo_OHgSU?u0AGBTZH}*LUFIP5X)|!oP4ci$T+Q#r{(Z zsiJ;M+46^l>pwDlx^=V%@r7W9<<%BeUru<7_d1V5-u(W!U3RzY>w9c}K6^mM(da;? z&|c;tbU>zmF|ZJSKG=QS)IQHXUzY9*NO9d#$6fp@-tcPc_VFh~FN@~4h7-zFI#6ll z2?y+IGLsAV;Ddzrl%MHe0RT2yT@H5gS>c#^hLbocN}PGjrlYhhhzHK+Hp@8D7kV==6C=-vL}tMykTnOqI*(<{1rYGDP%N#T|W- zVsJ(5e`(G2)XiY`*4y*z+qK@V%p8}%7`>ca%(niPXy zlgD#$I1jiXX$|@I}3qxLazE^H#Pgv z*KloSOjFLy+B04M;XM#a4a>aVSyjrOkabSs-T|4raSUE~P}A(5XP7W_8;YxbH*L{9mWpj1Q%YJW+kPbeCRe%@i;_T?eGc!> zr{w8BT6pz12!_h0Z8j>fl!ZAXv=4+cwHClg-q!n?d0zAsCC+Deu&sJHY1w%=j zcn{8(%*+mp^5tUw@_78FQN>Se?l@PXzKqPZJvM3|a^yyB?9YiXUaklFGi8Q3IX+h0W6$|v_32=$p1YDa0@H#j>Mr0$33hrjhGPRG1-X2JI}}%| zsuAu@ay=yV&6P?*@A6dvm3d9DUzgVv`Y6 z;a;xjB6}8xW@%B+{#ZUA7OWBdM~|2LY#JQ~8knkf6G*)OX0T7DiCW>;CG`0jXDP~v zC#R93+<|HLix~sLJL5R;ft5!V+Fb>;&Y!WynaqqAMP1dIh?wB_YsE&BmGO&?1jXWvmcPtPv;>mq0kJC`pw z0mxpJ75$epGnvlrFE?Pt$LU4ET@KP^YG{W^j*KynY3_T^u`y`1XCa$1@L4YUY#nWi(j@s z61AH6J^a>idBRyH%#LAGJ=YxZR66*#(gIcriV?T|yvLc$DXEHY4EvMlIT+BaT>){?Boumgo3Plw#Y|rYBy8&mxDhSBfisOhNFlUkZF7Ze^V~1!J+yc zm){od#YueE2*n%8C^!mQL^YPW1K`1lBOx?Z>} zumBy?J_2L295Di>CTT7Fl06ITPo}ZfSQmglE9^R2${TOpkfeK(t<>~bBXAZ+D|e4S zl*P5mK_!w#0h~68xIZR^Uo&r+u_w9{#F&WfWEmG2zi<0liac6{MRoLwz6xcm=-h|c za>46Tov#wVu_RpUUTK}QVo}K3)PJGBmnKvi;2H%)L_0uzS%(v8aRrrY8Zk_ zN5n|F6xJf>9Gfmm;*IyCyXJ~HI-g)UdT^g1&|`Eh^->NGTj3E24N6Vp`6ut2dDOTy zCAH7Dp=_Xk$zP6d*d3ge;r)phxMCc3{}iySp}U7`Pq$ zmcysO6n^@BiqpRGImbr2vS+>l*Wn;P!Gb5-T{^=veDIzu-MllGxme~THlzXBcb39s zdq?XxuIhT1iQp|1`e$~1n-}=G#PAjD0ku~T*rJqS`VJZiHwxUai0p~&qS~RU$7NX% zzE3rgs-}WXKBM6jK`Fc0+P;W0f1v}BIxu2zgxel;>pQuchJA>$1iFNxz7F>Sm_w8L zhMX*@&YsCc-~C-uhLT|#-CD5AJJ;^!frS@iaCj~TfMcYS+xJY7GVdp#IjGjtXa}N+ z)~5C(RMh~m3Rh_Or3yxI#Gyn0Yj1o%%1k`hi}Nq_G}=Piqdx8QDpDBQ-RH!+BbkIK zQo3F(){eW+35HMPJDp(`K50=sYq4shamRB~1UeF8(EtO6F;uCj3fXeKGaN^;Y?FA6 z?vk$P?0yw*yA<#t`7R5?wsICH=;}-T$393@yUNfH<50N8TQe%n+}Kj4%7XlRlzPfH z2{0PwL<*pHr^jy2@}`4^wfHn#4GvuS9RimGMcd12t>(X(pG$#a=`I+RZZI=L0-p!N z=!CZ2?4@3EK-xV*o7mpjz<@e%P(vUq)nv_Ed$6AQ8o`6zS5y-eM-?RoEEbO@dxhyq z=Tsyd>&iW znSI0?p}(MP3*qgb+4GJ0C@g03n6iL~z5YS+6I=XPNDpwj~l z-3X|m(#bT6U+mn-r5EE@a4_VEuvjIn(Z_&eU)4tzKjq$M{ijf87rHF?Hw}mo6yGQN zHt-Ai8}1j=2Aw?bt-lf2g1{IU?fT8{iZ4g<-v5T{Pe{MXQIIym2_WcIi>VppAC|T> zAJRXHn}+ z)~%$rCXLSh6F-{PE+VX233q=l>>UCl(ra1BWzSAT{nA`4Xaj?)OQ!O zE)K=~m}zB>Ya&B|i`ZJ;hv0O_YtH0HZaMWL6{@WiWxn!3$GUEXLNo0S`H)hYG#&|n ztPwcHC~GqWC-$k*9Xk;GizU-l;j!fl5?b*?nYO-`m*5r_;w}cU@Q*+?vmq~VT(m`r z$h}E~$Y_MPKL$LQ{&5GDW<-Jk$rXgLXGB~^vL1)%KKU%#V<=k2zMW|4%mI1@C>gSQ zm1q>im(Q@Hcp9}z0cJ#i*M73`dy^k7S?xkc!VIT%59FK+;*svaXzrWuQ%*~*qRCOZ zDP|{6K?ZT20aKR%V!S+GnK(%ox6{1f|7;vgX-~C9^hQ>#6P~{dvgdA~UzVkv%8uU{ z>==gDIW0$c+0A9Z-zam2vMaQ)M{G#bZJ7BwHvoW!ARdF{Njksqx`FFNgeAo3VcZWj z;&IJ#Z~3m$FI^Q~!@=$O4)Gtne;CV5@?^^FrIoFwbHWTC{*r)}y?S$QJ}?!>hP1?- zKV5P{^TnXWrYWCdr7dW-+9{6PT8)@sKa0sw*{$&O3_k+#^5ssUaB|IYYHMAL*^;cX z$>$mLX~h*pa-8$Tt$r^=S)}@@v8olAjz0}teqq^~{UutK8_`J)8jGQJS^ZYaFe zY0tw~G1W!jyI01_yS@4#xOt|7PQP!lK6$P2$ixL|xjk$q{^w==&`t7eV!q*3cROq~ zsjHH_XrFBPXLSE77$bvGr9`rZ&WRjXF_8Jj_34Z)xj9DM4M}2qS7Vk8E=Y|&yVWa| zm6_scz&zeiflEU-nf7+Uj1fQ5yDE`O2ED)@0(;^YUn@rcr^Peg{!ePGVB*tuTRGd% zgkT7N_c!S7KEcOVrDl=YELtHdULW{l)OM^$Q6`Gy-w60ZG*CQl+Z~-sQ#RvRT8)Qg z4GH#aE*D=6Y4w6_@qnmqiH|OKh{NR&r=1x;uX!?#_JuRD#gLs`hgto2B1(XG6mnB< z%Z`OXq)y`dl<|whsm9?LwR17Si}7si&Mv2UtOjuX)S|0Es^#I0*2>Jgo>B~5pcpNQ zS|mQM+Y_GK8l{$z)*K|V`CixIr}oKjzvVRwKtn_dm1YDYxlBBCVb~DCf?~c*B3uh4W*1Y-X1yPUfqa14LExh9I4kY!XAPUc+W)aD8F%14KL= z-NW88pGXWdMQttCOL-y+1%Kv4Pu_9bb8zMH55ycNAN3VkBR@s8j#D`0XVWCy_;&ji z3iXDqLF!;f(+i0N(|PhwyXcXgNa#xt=8I;nOkViO1$!%P%m%*SRC{N~F#j5l$fYt& z1Of9%z6xy;SY3{O%svklYDHK5m4;RTq6jcYE)ZEbcQG3Nvpg*w8X)rE7-4+dFl6G% z*cV;M8PVi!w61#UaYAEn_n}NL)bTE%J#h;MzDJ6fh4Ynyi_s`noQN??Y19Q+JozxY zJvIO2Om&F~miYL7&Ku1!*x3wK&Oz!j{|qI1m}_Ew)Ei7OF0d;%d3SjL#rgQ++W4g| zoRh$F#w64OJ-YW9W*-ssFsY;w=*kzx`6Rp@ahgF+9WpPHv_iRCCqcZHu097HYhuUd zt9O0$iRD;1>*d~3oODWcFRA+^mCQfn>HP~jki^2g>jLwQi=|~ z_MGjSzcW)vh%ap;@z^jCB~UN}iFUQ`VR;|Mzea5-&Ty!IK5EY}vMH)nOy42IT4`jQ zek+W_5MNlNyK3!2V?rqF-+#HRA~#-HkP%o)MU&OMu~?~xkZHA{vb!`PG+o@$+1GqOjis z(0soEzlo~XaWJ(5DeN`>p5ZQxJ2uS4~FQ z3Bu$qm>HlOg@^K@%~-pxv8;6f{BtM&_IdWViQwkWfKft5lpYeQ2&yJWxGFxQjsUKe zkgXoNVe3WGh$~fTd*_)^NL$cf(UH`Z#G8;-;3^VQ)L4Q<4SJT%xSKYA>ZAhTS(PXV z#0&GapKTq6iB$JHXxLH7V_&o0HAGp{hQ%eqehEKq?Yvg39>0RXhxRJWc|yFG2?9DD}Dg8qT&GgIr{c?bdoqMD};YELs2Ie2(U1J zQBjeWWKoe2XOc}E?5_KaBP{pq?W6neMh#c(<VLeM7Dr3PVo;8V;Fst z1%#&J^-&QI&Bjho{sGw3BmhW(x6~4|y5W0P!PeskrsPmV`_l#16fZ( z@w0*m;oRu_(-(&}#*OCbDHHbxxbFe2_V*B!V{N1J*B1zypk;*>93T=D*y{4&u2&ZY zcx-1ya%6r37ibT8{{Za-;eGS(WtG__D4^vgVU-mCcpKD_ZDS7+I#6q?bC8)(w)HPG zXdi?y?0&De2WyKe9S*_F41oV{8*@Im78S8j;4iqy#Ss9xdF3x1PS_uZfZwG*99ja{ z2mt%O^ym+*{;zzXVMK4fq5fI-dWCx{%WU)uj0V4!gjpRg_+mjE^73c5XAk00$vS)6>V`BKS%G^k_kBdmzX$->1{SAOKs8 zzS6!#0syU7G>AZUliP%U0b0Lk5CQF|z9NI%0JkPu!{GX=9U|j!mTV9jN=9e|SC+a& z#xgX23IE~(w7$?BfZ1Jc6B@~UYXwa)eV~QoKj!Qb8u881SQ?=m)%;!xx3qSNh$E!n zSEkOq;G1UpR`cr?VM?)&K^nlh`?ndQzQtnvtcw0<0gn$~=n?x_>4P+j-Hh>}`uy;r zf`w|y`m)AgebF5W@dBb-*un+uh64b#5wsHi;FF=neOtpO5I#g-3&6TM#98QWAqt3g z)p3Gc;XT{yHtFb;jd3L|!B1Mw+VM{`Yq9=MSKnKyR-i66SY;Xm5b+wmWhSljg< zW7sBu5{}txX#ikcMtGm>Tn@cDIy=yRKYcav4h4kgfH^P{9RU`0u z{cc|%zn=$YfmS#O9yj#hey1;Bc|R-w(!aOniOIno?hcUnay9gL0OWqq$S23oKeg;sXzbYTM86+_0z0F=cTieK z-l6`AI8*f)x9FxHrR> z+@y8%qHHFz%vo)as1~PMR65h$Huk!nv<)D307u#I3nWSe1;&h8Epvp?XXvT$-J+yH z48nGY%4j?&-~ErP{GHV6DvQ`GH&JeZHd$B83b$Gdgotp+AT7T?mBfX3OMB5l1uCDA>T&6@D0zOMBi z5g%*mvRgBQUCg9TGbSxc3K^K^bvbQ#@CI6fK%M^!kKk8F}9^^0fD$^0bD?4LOS#myq>neRo z6teaSON7>-l{599b3%J=vu}~`xSQT3YjeLaTw5Ejilm1H9s2>Zj-qAF&MTBPA_KX8 zH%_@CqGSXn=R=#O$!0}yy#%%bc}{-YZnTR=*OH+E!*JR>MvTFq7yZu4Gs?jsmU`M4 zdO*JD{O-Swe5AvM)~P5j`^A*oNSv2pyEvW6jXBQtxAetFw78!H==F4i>8Y@EU$#%0 z2bu|WULC87Jtd9NmJn;V>Zl~i7xxzEWuBu)@acl`0iR54Kp;9>sRK4H$(D@@a5No4 zs-Vo8umUSCCPD8Bc0i@I^@-?xR4hUTRXXr#4H%{HTizW&t!*jO9%xt@d?is} zxPtXu!Y%?MJe048S0h&#m-yg<^`50E&hV9)2koC~sw>>4p5W9VMIGiZOvl8#Nr$Vt zh6Wj|((uuNE5UijaxE3JF?Ac6_3i!!oHD;#?Q!VPmAoeiC>p50$ih6Hn4UAMv|T<7 zySxyu!sY5EgYhw@X^fiTsk@*b*#LaMP0xu*f_A+Rm*B1P`Ha$! zi=4k=IX!4JnkI^LC*85D)!L`zodjm;{uSR8=O`X7L;#dX1RyCLhn_x6ePpiNS_2_U z#0f=-*sGAz5RI@(PaAN8e(CXuhin>GliRr{50^be9;bj15&qq}ODHi7?hiI&So3HO z7PcJaZeAphq&{`e?f`+si~FHn4Z9%9oyZ*j!vAz0oMq12x6^d>`qOMumL_) zvbSPq22KtwZ`nL$Fbpj@hB@9*{Ruz}*=dYb#y zi9FK1xDyQ2rV-G1I6>6K3rJNeYtO0aDiS>%o$BHB#!={m@bn~+Hs9BCHTZ;hK?fM; zen9W8`8oyG7Z*xTX+k^8Vf>3ohd#M+^se(OlxpGtA1U ziyraL9#F;HEDS|cmr&d2Z!M@GOYR7RCcwKtZ)?|uE_E_vpiWwNE}K%XKWqhN*~SW_ z6OIvl@>0t6u{4ukBco_E>|$0`obq;B{d_o3$Tfhj%BQp;=vjTj@=?p4wt4jCob{W=C)d1K~Bi?#x()u*4Dz6bj9yRvD`! zw29l^6W8mmE`wxaE+;wgv4K!~W&@@@-BhgQxx%_+>NijGi@xf@p>Bk+1`b0^8_Q|!TQ*U%-$aE)<-#cQAlwTJ7@|3=vu$cKAyh2WeQ$y3$JS^0;UpO7Ci;4B#1~d3daonXE);kUA9Q} zZQmEDJD+5cF%P_CoZ;I%?9u5Er^bw1tG2+@9|EVkI7iX9IB&@kNL)JR4WUjsO>F>; z>v+Co`n1}sGqKHhRvz?Lc-b=$0cp)@iNoi-{MTP!=Jleq0a6#H=(iEgS4TNvZnpS- zdLj(CJV)A;F>&dBe`Te$`+}g99E%qRb{*gS-cQ#&o+c@4&UbM4@2(puNkF&JfX%cl z;*lftJY9pU@*YOKKQ*Q?)rc;RuO8o;0||hF;)O^XtI}9do-fAbj665}4wD|uj7QeG zMRa7fUP)!JT79L%LKP;X6Nq=E-=Y8(g**?~Qe*}FjgL4K^_5;3!W&wL)Q2>f-N)H^ z%~7tv)+&mL_NsyHT;-3d-UJ079jr>zByB8H>ErdVeeEwE=ZR|uFdOIgJM0`TIgmH0 zXzO`s%m4uQ($`r;TY6boVdM6%eJYG46TbUlm9QpVepLEG16C0`157QB5QJ5P!4IFG z@2X3X2(El~57qWKPxBno;5J@_%1`}w&DnGcQ}~9weI6lmA0yGC@faW?48YmQ=HnD4 z)i=H$N~D|E5Q~6!uSLn$XwrmBf?4kVrH@OT1@4Ad^EL=|9NfR#t;^^I)&w;BcXwiGo|GC@Pls&{{~3fkHMjPM zSdfKjdELocCPwXRm&f~|Rj`+=oE4a>&7I%1P5qM!^Qm-yq^|i4!*Wki!+P^5+QM75 znQ%6L6m}w0C1T;K?Qwb-nSS5w zc^B(025K8qyp$pz8{OmWa>on@!>_X7X17O#b-D8>%mj*3>6u%i6I@h!?;R5xy01K( zp?0u2C$9M?1+YfQ&^9=UAn+RQWEJ^wP+q%!+S%F3mI}Ummme*J$YP2l`@`~;t}DF= z-UY`Fa_q|!8)v&zU@<73(1MPzqZJh>dT!Mu=Oa_I%^jN}N2W+LE=3AS=@%HLkn`tjmWZnY@=sSe6VF|zp)#-~4Hg(!da91!TDxit9;>kWCF4-d+G65SGkVpv{7 zGXtHXptQ#ucb6_@2ed6=U80#jO9Dl8mSmadqsYnkY8%Qp2DA|Z!s~QtXhgT-k?7PF z9dZ739Wd!k``APAcJWffxy9Ja)fIM#0j2|lSs%62D>i_S?p>0VieU=gjxxBO!8k(A z7z@h0{c>qqM-EgQv{VRp?-)>*_GJV-U6=w6$^7Vy=kop`Xy$XlXX?zC#pHyDTwsk; zxPivVNLT|@nMF5BTYjj%Nc2xS$Av;ow;T_CLw)ic=c^RB8SJ7({EPiYM?4Qbrjd0$ z^nM?#sIzwo*JjM3bN15d1eI}_*vL$;zV}&Dv)p@Q0qaTrhYAXw$FEwonzaSjfF4+n zr~%FIN*EwqUy|f9mc1YNBVBn0Pdx|--*ne$?5@Vgu|6BaRF(miA%u}jML&d;UYFM^ zGnauEUss+{mtZq3fwjSQj8Wu#xq7j43u)KI{uguzb*H{N_y^k{8xz(3Dep0B6OAZ> zM*0ILu+pS(01^>->ef86<_U8G0j^G^98k|mCpJ@dft-3lI_2kCEKad0t!`0Qit^H^ z8+o#vP^Iud0b7#=1_ zV`7CvTtA6bcE5a-`CZyAZ%J!?1zq@&Bhy5weap-RNR~xGc_1BjUDr^(p8FsE;g^Wv z04BbT1P$6+NYFht%GHpyjNXaep59hQx|XN0*q%k;#OVZbEd`)Uclj;vP?L_(wf^NM z1_4f=tO=hCIG)11X(FNya?%dX%E{`{=ypC0V9}m1mxORPZkp%VxC=ZSMg2^=WNyr7 zGcNMat1e{XJaXBuaZf~2k_s%x2AO2zI@ucgg^z|iKaf`bW_|h%ysSc$hKiozBTA70 zonh{d1E-CZzikP6++GYl&WYdCUEB0z;CmToMpV7ETiZLt(uFX~eIjJyBWs{aF~={u zd>oMc#t)?Q+dA{einwG&oMSDgMc6BnJ6Fk1<2*YObNKKmgC<^_(eHy!M$*4I9(B=yHg!oaboZP@@soW|x}eW6SAh!B zTtlvbKxy^LF#ec*9f#v>bqzDd{T+C^t!6kK#upOm9iXMJ#bLwnnd{M${?hRhfr}0I zON*9#fN^oK3nK4VgFY6zMFe2aOtItK%j$9Yb+cVB6iYWdCvQ_if0|tH24|Eg4X;$_ zUKFj{ASpK#Ovr3@P?)T?ju@my$;lsC%Zs7&5hwN2vUB;Bip9E)`)m8>jPN^Oj&7~g z6kUiJy$bkyLpyQexPS15z*_ESSbyaJ%xRo1``t(dWsy{jSF31$t9x`n5nmVRgyCwr zopeg9Sij=AiEGj4R(WeYTUU|!_5`Op$gd1el5Z0ec{#~VP(Yi23)ytNEMLd*{T%Ij z)lP|f$)zx4Mi;pvx;`}--4?#1Nx?vXdTP*M5r6Pm+EB2YmvH^Bfv8AlDd;*HMv;SX8K+Evt+Q|iO1#epD& z2cvFyJ&;rgH2=Z7)Zg%{Rd!71HtrC!Fc-w{AI#h%_awPxM*|nenKZnzVz2^7@y5SUC)$!5Pt>w7P?WdPcW<-TJt=Dg+uIbL)F5 zWyiQfsZiIfm&_NWaN7M9^?7Sf!7OI)P-a)Dn#jnGwc)Sz6AxC3yc9`~JgU2@zWsq? z@7;3p`spd;?Uo5k+thVOOGQ!(+LnbT`Wb32OBuTj{!_7p8*Yg+)Aga()iZN5j3IRO zgUdY&{z=`~SqO@gqPV`Mcx##1Z_Z27ub|so`d_Q&a%XXtL+#zTCjum*AaCZZgtkMn z5K11RXEpr7XnVo=Ec)|6RSehr%fV4h9mU(FhX^!GjV1{u%O=Q@j|w#(`upXB`6#qu zh(}b*E_ur-bcPKuudTcg<+3HDg&#)Z(Unt+S<8dcH3T!pDOt2zKYy95`?q9b} z^Mi2mx+#}DFWfK>+K3spi+4Mv9!Fhs`=iGPi;O%p{vfiOgyw*gk||oDMHXhXuUuI* z=ehg516X6D14+8>9V37Ck#?5$w!EZYYz}rP%`5GVTZP1p$z|zg32UUgq3-}gfiE?z zIxU5{@;st)3O$p8wxocpcgi$*sq;J{+L!+I!NdBL`#DY=UqJxA=&pTVyc@R^M2*tM z8q9TxX2oKVN^zK1;NeNz-SaxJf4F706+i zDxiUS8NMFwG6@vs3F2XgaDVyv1h(b$%o@ZmEZY?TXhXou=+tPCQD{H$3q?8mOORun0 zq@wXG_5S>5{mdltdf|a$1vK<2R5btx>`6#4657G<&hF<4fQSLde~_y4>Cq&phpR4v0>6a1Sp%J;Gpv)EhJ$$y9K4^|lr;#WQ=B|$W>Ilg{U#Y80heaneCGE+gGw$FZY(^p~oSpznBan@O1M-#rPc_rDzz44eJSX2fmBvcAJ zRAYlCulWei_909gXn%p>U5DU(ZfFFUSox?;WP=;amy%Y$aiQ8_D3>JIo|8-Pj}EF6 zAf1TmMq#_wma)rUwvjWCuBzgtknb}-)oR{-_edL_y~$0b&QbfS8KgRB%W9EM^ZhxXo*Ttwpce~+YkVD@Y-b0!ITF0b8xr1b@<&}JSG zx@6#ms@++G;uNr(QJ}Ipu8>Wi>^S#^^2WTJCy&e=?oQ{F0&+*H~(E#0z09Gy7K^!I&%zuW6#-Jq-%x1G{W0Mh>G46~^6L}vEn#oMl= zFMlc*YI(3FGnVqZPg<>@s?VdEwEb{{Dw3nC)st;zjY6iYXG(`>yM_7dn$lfZOmEsk z@o%KqG1SMikEpBTga{*1>3$kD97=%S!#l-clwpi#lah%0Xc}`&wtyTZVA-_)^hWSE zxks4d_me>s);?aLI&S{978IuJqdMO5QXNGbmU@gjtLjO$%3myMj@=V30*6Gg{$ z(?k|w)G5Gv z@X&}d^o{ICkd`l6>oea3H3qT00KLiPzx)}ZWCgy9?jOYHXKq`qdSvtY5(i)`fhv8g z5M6@vDPa0bq6c6GW@1e5tGsMM{4tj6tsE{bvBaIX>*>6;Z12fbB&SC-9hW@NgK%C4 z-agb5C9Ae(Zr(3Pl!THbj(;-G=8-1g?tN%wM=07=(KTQRU!&JMR8~e0+;nfPK~%V< ztLl!5dLr!G3rft4rX`L@2&N;rG$G=rs& z$?@Gs=|8ijQ;7E(M^Pk55TWr59z9Qg-@h&%(br}>H<&0~Y}$j?WeR0*B}HZ7>=}jq z!VWV%qNG(H0|BVApHdC8(lhKKtU|Ti-oGn8NWA(?=h_|G=E>t`IsrEV)J6oC$%k0= znXlK6hVM2pm|SVK+4((xt@M=LN*I{qvmtX@jH$dC(8w{7WN7k=tlY`o4*=3|&HG3X}yqeCExR9$lY zk#saI*o<^00=miUdE>R2Mtw1XT!FfL2s$WkTxFTq2L`Vv1Hv2Wp~l)A5+(5yD%qh% z(9jA(Ot+CEBZpCoBqW52?|4Y1WP!u!Jz}hwyyTy4;s!bbW88PPZA!lF#C8nWpgGq= zfy7RCcvpcFd_JFbOs{op9yXs>g5faNB1YE>zckdOS`BHOh$cy% z>U><0OD44@YV7AdoiLo6GE1Ml(>NyCnlOfcs-3Au6Y}Wal3GYJ551=Ki)|k3ef6`; zDGVIUpkhakYvG+?=Dx?kxTh5HZD*3>2fd=mC<&{RJo0!J5VMJV0!fsX+~2V|AMo?# zrqUdvwJgYYCL0L3<(pTS2+W^d8YW$L<-5N*QEUd#6YajgN65eLpsDFiPFj(rnQJyU z9xa)A@JQxm?4At80!@i$7G951aGS{#Sg(7{kL-REwJzij(hfvbubSv=j!@jGUAENO zAZwr+sCbXjh1xfi*co}*HyvEwEaV6DJQXsBooSCh{*1~k2Tj~!gY-hi7C2`*FLPFq z-|5vtGYVHE+!xhdgJRHzGqJmV9M;_x_juXpD>S_pwSz8;+*z`UQCQE$Y;qnPlBtRX zt`vPjK~v+I0c#&3A?v?pYMXvho7@H@za=@ zUr*#+qJOZpMGs>joq{`TZ=3m8kkFtzPG11L)X^@R_8x6Cp@QUT6hstKSAM~426+$u zBjUjR9}ovNHkSWJIIuDP@5O%y92l4w{^yxBik9+7YUm(DY2)ApDq@ibFchk~PBLWIdC<1lrk$L21PDzSh zP4s3o>hl(xGI6rQ=`%m=r&+fIXc+t zAe0JG{q;R`LyGo&DAIS3)+a?NAP_Liz|@5q9zYevK%>g*{D4a3o|?&$)RTVt>C>y0 z4b*>BjDO_>sD+cwiPcF1AeA#2R8SHaQ7GYtlPJOCARw2kM4aUb1SH%s@gZok@(LM1 zh?U7fN!mc0MS;B9!5KvoOY$F_pe>mFeiac9i789FhP$xiGv>gA#R*F>{V|kX5^u+u z9m3-A^%1G|fcrfq_@xwQpkR|rc=}}eU%ztSR#>Ih_N${b)By8%xEd2`C6mpXuDnbb5S`A^@L+NsWt4)`eTz5E}cPAKOMBYaid(%5w-ZH zJ9X-3gg1h7v7kSvTTenu3#%p1O8Rz{T|U)NVP<^VJP!{v#vvAwc4#B7J#%h-S8jjy zJ;C&tEpK|!*r6HuukmQ7Ak`ey%$y(ZnsDx?T0zI4?!#$^9m9estCi8WzYQ|xbDss- zUCrcN4gB%Tn8;_7oU?}46yh9=gRV-^c4yxY?$i2`7SE3!-FUt>?nEVxqD>Yj?RZkU7Fej z*Ggi_C#dYn>!+j|xDfPq4>n9VoOp?9L}xdgRxUr0HFLVgdsgCU3;z9Q+NqA-eIJuA zv->?H2FdqaRn7xc2~D562b)o!|CE@qOWwktlJFF*Ylw= zjz(95QdGMyxTSx) zXWR9gr|y55l1;nN8X%3!KK+i3i!+RQ@#A8IoL zEA#(v%K6WulZl1nKUHT&2Il`UepapQu8p*c%1Tb&hTK%(Hz|VJ4==s;C!(rB1ln>9 z5;mOxnv}^s9fFuL5=(wv8CgIcUf~j`pF4Z{ zuiAHd>v8)r`~-nu#fYSzr^zrfn|_1XcD1`_&+N3%@Di_^Rs$ZGseUw;JM z5z7Gnj4a7<6Ald%0uxb0^j@R;;rm62@IzAy`(0Ytl%>{!(cj;}0O5j%h~pFNNfri^ zy(!y5#}D%yla#fG88VZak1B1pn7@$p08 z$MK^}Jo^m+M%)K0s>cHu$Mz>fgp;s43km;4#y}$z51mKYH%B4qVf zr0+8<%cP%4rIb`OK!yoUfR8}%6E-R$RAmOzPlAUc;6TYFM3Ry>##96v2F_)q|AQzD zAfZnn2#*XiTzxiE%Gr-s5jtd$uYDd(W$Qf!NCF{@ZdlXbkZ159LD>Q@%$!1LG7J^j z4;aZ|5?Xu!r_N2Nz&a+(z*M4)2p?rA$l(`{9$nnSE)fh&>MLjbI7{|m8u!)+{-tsB zZF&&1dIlH!mfLfBzeH6mm`_Js0IF{_3ScqLkDm7ey$3K{fFPK__s&nKO#Vw%d*A9l zrrzNza3Uh8td+$8NCFdRZDTxY6bndRkC;qAk4Exdj}MBd=&iI7NRJ*5t^l3?q|$;) zuP%MUPEC(`Tsw>`s2(c-4jNkKBLELY@+Rod%VP3B@Q+ zE86#aaId<5HyRi)Hw=>M{|ucHjiax=R$sO%UOduLC;7$KpDbJ@cd7zUAz+N3Wj!tAY$n|rG zD7Gt=`zK#ltF4U|&fQ*Lx4{4WSg{)R5US;AG&4mMH(hsbc2fKI0rs@Nh#t%2?yv^$ z`-=z;u5!B9zF(2?_*iQZIq+>Ei4F#Am?`1Sv%=BDw^D=augP(LkI&&&?k+5C&&Heg zU~`9_3LW1<;q9yfn}gp8@%7E(uE@ly_|DRum`dn@bvTl1U<9h1lm; zbFlT5mD5GyMwDu-S0Ll%j6$_O64`8}E99V}YhO;kG}kmx@7!M0@pOx-N(WWc7LKVA zyGjW&?&k8b6FJobP2RUQCCC>D{$AZx@2XQi)$wndN&N<%2 z%C)oSkkwA2*`;8;uB2O=ZgY>x2$pHN+NBTdn+(EQbMWV`C$9lE-iw&^9uf)F&cP2c zldW)G_v)4vYVO0+u+Y)xh?&kKlojj7^POY*UU=x9riB~U7(E0h{M(Nw<@J_kCe4Og zm6<1-A{b#B6#C%q9Tb9#<-UDE^^vW+vqH%2B?wv7b!YDU z?xQUB!8P%%!X5(Np1YfugoB55P#!e2Eu3}2YQAP4Hf!0lY9WM!3?O??$1ctJ@2=~5 z<9SQpJ+-ORW0`_!NGpe~GuH{N+p;QlUDUP~$2g^NM;c%rQYxj%1Xij7O+F(%wfF-P|5a`8Kky7=1-Zhl1;SQ?A+A*on*R< z;*M#=;{G4U!j`Ms7e_@Ue*eHgYTsl> zy*)RMn3|insaog-qn_K2e>4KuiF!?inB~*Ag)g0{<&b4}W9)WLQTGL}=2i-(%jj!X z`DIi}_w#%F4uZ?c#whxlE38!)nh8crD6wlrYZHWro{NXh`qn+@&8;9fde+Tc1CUGXJeHhbzMm2x`+q==ENIxvm|A?VeV5M>it8}0=*?*YRhz4xck zAzcg%whkFY)mFXHO$Sy9*#T}63dzBW%&6leO@Mj}D{OIZQ!bu8<^+c1-5K4#K=p8w z3N<TdAs(tL(CcH|H(x#!Su*Ym5{&s_OHVfvvA1&o~;hl2_$^7-KN&lAd%m zeC(3)^5=K1XK7QN;`UH#Lm4iy*4wnFXC}PsaQnc&T%BsxHrO23r6rB#8L&gsn$`iK z%&9%*_H6h0)~@?irmoQWa+T1##Vy(5rRK=zF3DV1;Vl!Q2EeRz(4AFeBr~q8dKgju zF$*hYPT#`0Gk?+Mi=hx|2dvgPw4Uqzb{jmJS>LK*B^9n=pP?NhZD@Nqvn%QDxBJz$|C6&;oBk{Lx5(=L(A~7t=yITuHzX#71 zN^xbTJAV|H51hhotT!!DZY~oRZr$5cs?#my4f}JcyQAnbQ9AEdeVXtW30_m1_L9c_ zIo|8?{_bzdspq&^MtBh$-Yy;&e}8lC(uI6wE-04VqZ)%b3Gl$DQA%TWUs*w78CwC_U zzWeJA+)0;pjCGTG-Ff8a8r)0v*0#tZnHGi?8<~se@#KA{)M__|n?AQDt%h+-P1fbR zy)UcPM{{$m-|FiOy@cgHPO`P}hm9U)r>!ihrd^LwO%l(M`VdS9=Kk zD=DJWh$%0ewd3(Uq`GGoU@f<3E_Z1;csPUo!6OI#c_exZ$oXX28`U-P<&g!>SNQra zHh09599|-lV{JR=47lTho_h{+H(hHaELs`bX%bdTklh;HTf*O)Il1=HGdcIH{y;=! zB?DZ^5A-P^1v$aNKu9b|TZzyfPDrV5B(o1vu6 z7oLQh5Idk;PBQ}CQ18NA$xrQrK-81MK-7z~ykK8hG#{I}g(8+o3Q}w^GvnY~ErcKb zk3+jTI|484y$6G8u1zP)x$rfnEcZ_Z`95IqxU-9$oI%!_NZ?ziY}-VIq&0-4tJzhy`*=# ze}d1(RtCqgVl8kG)0><9Y2)K!__gVajr%8f2$|amm1OJV5F5P?pWUu@eVSv@sz?K* zwvvxqtpSYCL*$ASUS*M={9;J9eokSVw71YCT(C>GefzE=aF_wJ*y#vD?ib*K=)Z*b zK_W0%h=1b^;%zvF4dw8M9U_X8kcDT2B`0bzQ!6V^9%g%TOA;9c|CX~G0z&I3mLkxz ztZG1Z=^HcLCA>qk8(8_NWpx6@q?fv}4j}i1xQ`{Ld@4#$bb-vQNh~R6*uzF;Xp+oT zA&%6^8lra3+37aQMr$y87Uzo<)~-a@O>mzqT&0M5>&VxFI0y}$slZzQ9ce#9Ihhjr z4R8~APNf>Tvrcbh1<|GtX$gBHAJAs7j$C=eGn~jqB{{(ns7*6X8jGGj)vo{6&P+4; zi)ZjMooAcH6fzUU!#pN~x&`&CBlwv{HI;Vvg87y!-I!-G;32pqO??l^M7nr&N0YBR ziQVFKkkA5J8=S^jsCy7)c@HYu>F4vK2=w! z!1Cdd(Qvd=YG$*-_2y|sqU%inXc}6tGl|Yt6Jpzp(}6m^ZjD$&)X`G zmt7WLl&r~%N=5mJ85^#1;;Hj_IjqXhs{S(SMPKvN&jo`Cmu0y*q&fO)I!Yb{731w% z^_S!%Y+oh!jG{kROOPy!X!3Sgyg}Wg5wDtof-PCHuAhcM)_+pL1D)ecRm3V?rFUq zaTAS4j^3zsWc9nLBd$pe51xcxT@YsP@_+GFu&{IdH_4#nY6BpolQS?=bg+b>ll_Xo zLjO0yik-c~7s|-`U!sGVfr0hkbuK*DJhfhJLjTO_79?OpW!S6^H{egB^(?eZD=>}A zYq7ClxjtDcrExz0cyUJ%8A*6^!af68Rp}Q)8NU6vj$v(OB+tiEO#+OSM%a!s(K4fO z?uu^x$bu%{4$V!Khsh3+X16djA`k5S&W{-$FoJ5&#eXDi%2zkc3=m(EmcrB)5VEv2 z8f47pCSokFiOf%RoDx-x

4k+!_NzPzw95XR#Lv0t8?zY7rVSmd?K#X^p@#f%BJ_ z57R8rvnj*+dF97ZjnJ|6yV>7r&7^=IOMeeRp1!1}N0sSqw}#FzHD`qgoHdu-$5;>6 ztd?#`9BP{qJSgv@aw4Fy1gSoCPlI^B$0Q0AQMT6%BHK2JazY+`qSp%M)h^ceVJM?q z8a9f=p1w$s#7tfT=Pn3cPedM!G8XF+0^SVE5cLY^QH|)0DOugJrrId=n~5S#@0e(g zC`yG?DYLkrLg~Vim>}2XuzdN?}zj=L=Kr@4wQ|-R3uXkT>MfJQwTocb{6bZ zf^D#O!GJLW4xw|DKa-V!2swL;h!4`1A{=`!J(YsXQ~ouu_((w976Dm}KX7B})YBZ1 zAyF)s@{$lR!EmWH(Bsdi;vCK|6;A?g(>!{%pb=9j1L$~7rGJRtk-(GCI)Wl0@>)hIWsC4P)$I}0n!ma6`V>GLlwgVyBP15UWigunMrsqoxC^_BC$vw16=Vmq?fHlVTrDSi$o|IftPdXU-82~YFq8Q8ND21s zJEo;V2)4c>tO0`7n%z&q{Pa}jV;(^_qQcPxd%=WYj(o#d+*n<9bT=JVeQx6 zP_1cN(VFiMMpLb==FXb_9fa}a!#OE2V!PW$bHftd&W?*+>z%{y&FfCt+YNC4esl#286I(3QH7d9UT@au6eA zpFk{+S4J!-k)-&wHUd2~GUXLQT3r5gjeVR@jq%>mv4E)T?WKrHr!;5JfU$px~qV}E933+-cR8yWa6*j}ca zll!xLVBk;zs)JON7A8n4mV)9+9K6aT0eDqk9VUCIyOa>SzdQQfhcy>bORs5ZM)24m z_0~E-gi^^u*(}JB++$$0o2iAh-~*p8Uu2=R%oZ+FCkrE6+RieAO*dbg|~nVJfT3e984j;pYwFli(d3E8VrA~>GMai7H*2RynIqkM}}pODBmm-o)<1if^=)~jRW zqJ8Cd_X;y)NfR=>YtX+P9W6yAVpX@3z9CR0WEaG#ih^#L>G(G8IqVA;Mz%c)2O9o? z&E}FV4=qS5`R$nz(cyvoBorFc6q#*n5c=4K#~VHCk|KVkXxHVCC+S!|5_ZL%`f@0z zqz{*X%r_cJC6AWu;tH8dIE$t5y)kTmKsPbJL|a>7i}pMzs>~RGNuonhw`)-p7BV1% zM<$3iT|q%L$V>&(QIjO~Bf25)s!?l>$976uBz7cA1@#t$!B#0h>4$be`+@jtoJ(wB z-Y#`@K!4_gDJ8{-0i&q;Pnee~C!Gaeewrh&N@~7l7&)_EHAhwa-q!++$1JIV>#zd< zg)o896ApBkmZxQE2oZ|T*s75$QZx^OvHCsjS;yboyo~*FHtR({Qbz)YB_ZaWeN+@i z3t>|sUM%WkN;Tyd(5V@=cZ#8)l4*UYU=337V_A|;yd?5^8J{X8J;F*ORTGUxW%Jn! z=;ibw#A@r@9;y=$HCj);^mga|QUk}L;8myD2fGs`&Z=-?`<$OLujm`xtKP03Z%@-7 zr;Bu`+?UPOgQ?Uw+}G_nTYt0zpo2DJF*EjtH(LBPb5{iV-XGR)JDfcgx0(~Vz*4u` zwS(w%QO~`q>)Bc^4zIxQGf(pnBQ)V+23X+`7pYZ z>~QaLxE8gFGzZJ?R=D`Q9UVa2GPTAQVf}0|cm@iX1 z<~toq>Ex7?oXZGv7BHP5LS8*SG|9A)e$OI#mgep2#(#TFil6Ko4$+FovAf;9ASZ~y zfA;qv^0bqJFq*>IGZGKFdW>4zp6L9wQySN=&3gjhzW3vqb9nGWsu>w8-u44t6#KC& z-nN^kiwK<3O4L<0j4#+oklf#j7uz`~Kf{B>JMMB1@;UqsT*u^T&T3~C5o7R@c60ot zq2Uu`a^y%|qVt!?iMsM*g~q|M_CRqL8my-~+{Z|7(?(9={($1_+&qRuehhCbx2uzy z>L+`5*4=78c$+<>o7!6*PPdTp40+qA#=*;~uyZ?MnRXd_a_J6$zZ-u0wKv#uP;Bpz z5hngByq7H?rCdZAxYi%|Hea8jD>N5@mNvVSGbD&}T&($dX0I7r5G>gmq+8+_HAB2u zg9y-IsaC?7T@Vn{H*nh=o}1@vRq>c)i8coQJ%8FF%MZtyi+C`q z7i5|$F;|?Yi9At0f@n7XsP+$|jGe*7;hLd#RnJZCjRYPq?1qrYgPy+p_tE%dd%-XL zthhOm&0Dnel{4nt4QaO;yk^7pD9A4i&EP40(%5 zXbv{>xgZv{G>^@$r>niUI{k4p`9kC}4}=|6G^$h|bN<90RP6+hgzxA|4)J^LZ1G;n zrXWq>m3CKVAh}(nXx5`j(oBq>8^_JoeaulG{eLpz^Utka%Q5R6>mBJ^J3+)As~~@T z!?5fS0eNjdzGW`Ab}#(k``*n)g}2e^ac}ThfgC$(uPMmCbJ_A1-C811?s{(48rdvi zRUX)C3DCH|v6TGX2>aUy4&Ek36QoM@y%HA9E8cv{MZH)k_)mRvTD^Sc&ul z(!K>mRv>8sFZZVyy(K!3@Ho8H#9oA~8aG3Ba*Dj5z@ZdYU+s*2>oK^+T z+nclD{%OdDW#V{B`OUn3ii%-Z0|rZnaRap@OS9VXkyP*yH&|O1E5tUR%1oW=SsX|5 zW-{%&mvs*ayZp>cT_DF`&y=8|tyP~@qt3fWy^{yM=SsE9+qZR!l zOGdK-kyG90&C%U^eqKE$CG`tjcZ#2KOrh~>-DpT)*NyABdEyM*F20i`MborLm$S>q z$Nj08wOg}l{Pp$K!}t{53yi&T2&1J?uEhJJHY5Cu=x|jMO=vu!GVJJh;7S=s{NAPi zL=CK^uleQeA+8Omx7D*kjYEo@`MtiIL}-$&%6wYa%~(rlpdcT5dMXmp3sY`f&qP2d ze-d=^f{Q&vwV!RY6Cf$@EHs^j7apn5V?Yl-0c*Q{{4jG89nqi6=v6EH2-9}P&@QzR zx%r0)IO&pcnq*PJSm;Vc97iJgX~U6>Gf$N#{FRtzbAHpff}n$+w5`*v^ulf9>?{B% zO9rYuQm(!<;q489KroEgG}``CsOjLqiROCb8_7p<2W01TOV3kK;V}Y-#dkIWxAh%k ztt`N`rCjhO+TF#!f(_h{#aP+DCC zy)UH0V$@c2D^<&Y1?M&`a=8zx!>!L;^eok5*C{s>%M-I!^^AIa=!})&9(1_F<1&}B z&gh3tzVQJh%;Eh=dC`%XsKcAFb=Xj&Fmrv}Y0)08_j`Bk)i_Nc7VIQYP*FGywU-|U z4(tP#uQ3qtV-Sk3169liGzg8>+;~WnM_lE1Bt<@iXijRxK(z*yuhzJdoh*N7 zH?V^iyo0ceC|5k>*ch_A?0dkk#sL>KbHDK9|q+P)x%Ri-s0hw&_PjI4_0Om>4U2bK>{P^92eHbBD(Ay8Dg&q13hK0 zfp){j>G-wgskUr$5vxv4f}FB?^y3GJ{f~Z6wbCKU{_8xI1>pmR_R3C-a!g-Zh^$>S zWOjDsQ20hh78TikUqf^byo>{B`ALxs2bIlWuhgCqbsu@hgyv1x-+TE7Eq#erxKdB_0e zG8dnI655VfjtRyM;hQ5M*XxH$Ov-}sI3p=s84$HAf){`m3zbUFnsIenVZ?1st1bdo zNs7n~@DalwiLz8rWsd;FLVe!_G*ni|4%AbYe*#z2sAK*MH3Tc`e>XMxAJh;Wtp8;h zNXWp!#`N!MAqv%}%V?V6JvVh3_>ihdHS6Gsal+^2h^yW3Q3nF5g$hz@!g61KFseDpI-pn4-G`r z(dxSw6i5Y>iHf%grxD>OiD-(o6|icGolH|BQI;4Rxsh7J!$76E8h-<4zNJngGdXBgOUg+-WsFxSHT4}6TDKcb zgETpS8|G%VUl1p6E&)UWr*V8s4{lT_Ym#L;r2YcGSg-k+e$~SG8c&FXl9(K5VVlE^ zXP7h4Vu#?Q2OHDs+4&pOnw0q&(}D%%0jB9rdhGCtG`Ij|ELVbZc(N;P-_ZnmZ?093Op|!4DR-NTRc1`D3DyLe{jmP zDw$hn*SWryWRl;_j=t<_hwTrSUkT-kn6pY)fVb=`CW_G!5$DAbAOI;nmu5)hfj;-; zNxCTM8!E-A^pc?-=5pn6<<#4@QW{#{vSQw<4xLZol8qLLX=9gnKepJs3>s4XL+n@8 zjn~~i?N%|TxX@QSJJjx1t`_oG`@nTr{J!8C*yr&gQ9XETbt1|U;fBd%#`pHIzZl(( zb)w7b^-}TPcKf_KX~uV1akz^g`*ipIw72)OXg^suL-MM?^%$A>G z2k9q2yEa0ApCVWrQb8qhf&JUZx%cFq3q;H10KyQP59IHJIHO>n(>lFypLbi;T>}rO z-#RhYGwnmNNVK5NVg2H>XUovP^9e&iLFDRxeHXVf55NWArYt-I8-4?!KVkZnlF5s; z=tFrj3mxrKbym6tgby|A8KbqV=thJ)fE%2|f%%xUy~KF=U}I;epea^FvDo21G%Vr) z>Ov@ePgIN;`LY#5+mH8qd+3F{yU*$8_RCOR=zKiS!v_{e;LxC9bcCUi1IjL8E&TMh zQpy5&rjq<36rnGdY@y!{&@C)~n2%ym3@#xxaP2(M60{h9=awA*d;UJSUPAddeBfo^ z8ThRz8+u&iE5VX{7#1h_#3{z_{Tqy!k3|u=X12LEG9~`hV?zsjNTLE!AG|A_qIHnZ znP=)5vPlE-{SwN1RIC{1Sl?~KQQo)p3iJA(3&35t{y#z zTCzi!rEMkbwq}^@Kx6fTYEMY)F72NP4(>C?+#eAz0J*DN&5l7R=hs?yzC_RlG1d#Hn%`< zw>?}wCF2gbKx_y-^ave&;WKMj_A~tIJHTQcrSgObbd}fiJ2G-S?0h;63kNpq1mv4k z8s*7c)hk5>YHv>%Ps5GP@Y5#=CN#PVyTK()6ZnlySckWoisgXgbMWKOS^4ED;%-L!9`|TXi8m+>y0tsh) z@2shXKa%0%k~Rb&QilnX;nq~taE(%KcBCK<$W)L-jPtI@V0K}Cyjt%dd zxLrz{ENC55aVHi!#}JJhxnVDe5@PW30l!3eC<|9AB5Q-k|(wfXtl#0L?1F z$@`bXg#W&d{XYy7*xCQfMwO6(?f+pXMD_6zTsEYROT{r*FsTy)2_!i37)2b>7JWL%7pY=wa#&I(q*r&eL<_CAQr|?x1|x<7 zWe0_>-1#H| z77`aE^>2P$Ev1+-voT0tTOG280W-kQ^^$7w7Z~u9+vH=$Knqeq7zGK20jsm~p@P== ziTC>u;xk~z{BTi$8-nNl0kMaWg$61~1@y<~hB^$GjICdUGhnLTfIn9SKMa^ij}sL% zjNX7ghk{%ljv}A3--j_o36283bhp-F&6HS6$;ja@fs;{GPOS`)8&Y_Hq=E|X6tc9X zCmR6g!(ijPRqJI0N52q#WH0_l586Qf&yb!`LX1H6UNBUEgr4-%up_}YI4pU;AbN0h zW+mLAgy1R{rK~tmtT`oL>A1lSKWV=MsvH8ok0+PM!9#0rFHTNuxxve5X9Am4-Q;f1 zx0~Z?>&ecCw$Gd6%|i&!jrW)1ZtIZB$@a%fJe9VZpX&ypeR)8z06}bAf`klS+OzsbjM!FW!@e=^mHs=}KRfmC(x98DC z>xBb4g6^o`!*x0DPtXhkI~_CD#Oh;{&Xg%jC^R92($8 zYqLr2c5C*3c(5KD_Pf|GD0i|VUhDn?>%x2ljC$IxC5OBktR2!kF5Bu7U)0-XZ*F~z zMJ=(;T81CfzAmO-aKj$>#$Q5Cto>Y^)?P>}8o66wGrQ?DHkz<}dF-LmtZ*0%8*7#M z{P0;r|Ek}cr&DGWPo1l?!=l|_T9FMS$0~Q~S$lrF>>w^#ytNCuYoY~>i3>JY-Ip23 zC1XT3G;k88%Cf;az$Kq9KDP-^ML8HP^ruY12*W~ZW}d}vb5Uf$uK8ysQKyt!<8y+; z3>#TuVL=*2nbfcoflj{dywOzMxD%rZsec;W469n1)l&@}1D4S;&dE!hiEZdGp=t6t z013Wk=?SoI&?-Xk&_BSMOp|1oPSUizRMgZ*{KYDR^a#t9IvFcin+EWqmSUR6ep@-@ z$Nm;N&5Q8eEaHoBTivELj6u)P7PkSuN@{ftZ@H0`GC7+s{tFUGHu#y-R{ytm1I@9Uc1uT=5wS9dG#Qt%~4*t zd8U}8OZwI97O+yBC_PIHs5C9J@KnvbG}~)8>neBOL@Sp32P?m%Rg*=FRARtbm=FBV z%jK7D#hHJyIYVakN4!s_7Kq9F42Jq0Ts`&MPh)OL52-m1UD3x~u{Uw5^X57fF7?H_8Juh3LIeNdZdW2v)ZIb9(AYH_^E=s!uB&Zk0m zA645LWrr`~k2DO8F1ya9MW>Km4xcL`Rn4Q5aXc=$MA|gzJ7>SbXWSD!J2hetbSt$$ zyUf@gA6%Pmux$i&AwPZ=u>2riCEmkE*ys^A>>J^#aPtObTGg$Ic+zNA+o|zm`|(pI zNK%vfyJVzrDS22I(MT#D4HQe0@`KdUdGMZ2rIu$FjP+(%cp6pPChLyTv^YA8dVy8% zkiSS<$T4v^?VPsZwAnXBzgODyOj?xV-$k&a=%eR;HFT_99D{1r7Ew^fBqRQEH52QtVzx0v82j?C%K_dwx}Aa zL|G)MBb&b`8-pv87`Z9EYT^8`cl!2Bu&P>5|1ah4f480acjYcS^S|$)r#3orCyKEC zsQ3gPlwjrPiv;Cc5kwTw!H@n)Oh49>4SV}!UuM~?f#&F$PV1c%Rba0~wkqn7&?m`7 zwJU~DW_N@M+3c&!6@cS)EZ_g>?jO0Wig5ZwU~%&1U7ugd+b})dimS0Y&9$o<#qg5L zia>?NHikf4sx~DcO+Ov=xrg+p3xWdF? z7(Bn#HHCa1CVX)%xB@nzU%-XjK+z)p6AXmw4Cw34T?C(bL+`bOP=~b1_tUAis@@o z&lU#|MSWL{k~E74SfP6ie8f>p@}beg(BgI@QB4d*A>C-|Lv0jHANrA)si*xpHDacd z=gv#=>hbj6&Oi!&!UIFQsuJdfe#I;|0NyPEhsAXEi|lRra$_FIe}DuoN23>=st}l6 zP81W8%9X=G_hhZWl`%Frns~5Kqo0Y$T8{)L{?^+vaRjz&ynlV(9Bu9Od>-xXoeE~~ z`2O~E;2y&{u`k!{^?sAhm!)~*`d&@<*@w2`uH*T*-tK&SVHw`s;eP9QziX}Qovr7f z^KrX)IFI%e{P_Vr={W}NNig{9`DGtnWsWX)VH z#UN+rt#rm|lZ|J*qwx%NjN^BwSdn(}nFA1(Wr*Czfa*I8>hE1qxTiN08ikzK^G%h+ z=qb_j&5ty9dCx-k^WbIS{LV2<1%P`MjG>hUE>bPBUdF{}@!j{Ux5AX{ZSbGyz{g;vYB$7>gq=CX!yvn|4C*O_Zl6X;~7vr`xULeNGY z{3q?Sji3F{$lHzMwLR-jdAwCCM!8lIAJx(~0N>v{&O9-)1nUE1J})x_?nW9&>iOo@#HPWFg)`qj%O^P_`RrZ>W4W` zIUhc6+r-e~Go7&L@@@z=RcsuLHK(~}-#bloWIi|1Px?Nq2>Pm0srq8vX%kipXvM8K z3z#9506>&6N=^_)-Fm37lD_F;?9k+|WSEt=FJYgwl(&_%uO1at-CQszj@{Ra5Jc`9 zgQtC~=6U2*Y=|&(EOV4UBhPf+MoI{(ggQd)EtTrG{YSE}GAyaSNQ5tpn zAKlqJ@Qa3XGh7^IlDg+1mtX&qHGdkPu_)2y(tX;K zZ=|-P1_++ta2&e5aUCD+(5YqC1C%}89RS?AYh*9ahJ8J$ZyA$HJG%WD0+&A}&nS0f zmV&K0&Ti9^UElq9{O2n8v!^IKG*FAo_LELUhYQC=nTaMw&4EF`{uM3Jd0^LnbEEO6CSVy*I~s=I`LMSHom zYihl$`3-bn0aTBurvrKAhZco7y!6mJ^5%O!n_j>1g*BX8hFJ{Grfz0STT}9OT-Q$O z79nbG!NtjFJ%o+|oF9-R*avqcgttk*Tnlc+Fdllx$hywD{W5S9_X^WSPw%q^mRx3C zygLsqP-l;#0GeL`1d=e|9jRCJ?;qtbos(b}PG@26pG^1nJ@v^5Xi8Kclh$4%*2NCa z-t042}2^eh@jh&?D4)@5P2R+I`Qn%ld2zw zchvWnbcUah0c*YZ|58x1{Cnnn94!C89-WEp%hB_nzrV(Q77hSALOM|keFuOrz|h(V z0K>}*WA9)G(6@wfSqaq847Y5C_sZ6-#b@%(pqALXiC!+P-2S zSjOwUj-5e1=0+i4*e_O#+8ad%pdyPp8$H7vQ(SX{jJBL1m^v3n?DuVFs9jyykb>4N z0nl;s4%eTB^A7uALUoWhzE02LPiR?&i=TT!b9Fwb0?-cf5ehZ06}lkVYo)q3@rJH( zbXXKIC4UOwQ}3lBjH*4q;dx}O#LOMa-;KhOGEnJm>t#=|;p6sWJWGOf@XKjYP=-a4 zPPFE@J#%x%8z75y(3#Q1Utw4ectRwd1tzUfc__DYzyKOq@Om*Cllmty=Yo(h8BL>! z=aMRTgvmHvbdEwisEo0g-JtzEo=HS+UeK7;POL+Nha8QFSTnEk_edn>`bDQrB)2G` z$tXi!Z}v&|q+dkDM$FhUJ&fqHWUGC}5K}>Lr-h7VV{%4R=|XX zDEem^nQ^Atar((p9p)Pl$4z27&~MMTR@l=*>qp7@DODh6#)PpLV4`P43HIt4MAm&f ziIdgg?UYonU^s4&U^K*qEM5qJ7?c3bbogyQ-I%0S;c5UrY%uQbV^n*3$zQwN6_9-*5YtzsUkQlc^!My+J(qA<~+YEVp>q$Dbc;OmO?5wc z_j9wFyY+9C=~V0p0c~cFiR_!NN2tH@$1eXfn$^74akL!bfEePy6N`bz@-QdoKouRA zW^U2WvWm9vr?&{@WRt%3tw7B^fjmXsf(+-_=HJ`W5q=w3&j$K(v z)shrgWf~tXawvt%Y%J05qfOYlXg+TboCvo5OR<2)-cu-+RjoDw;h(Dyc_n#ijC2Yp z3X-Bfgc95od?})V($9;Ug2cAUenrbhm{hsh* z0tq?oHePmI)Fg@l_5K=&o=~bc1UsTM1Ob~e^8TfFrh2pjXV;b5fz~l8SNVF69wk}`*n;>FNhv|>8n9Fm{_;Tm+o17{HycaIz& zefsNO7v50xA1aG>$S*OH?tRQN}MwN$B2AKta&|&)q zL_swmnIRyLDF!&8jHxCSlY+~?*;7HrbroY@iAQjP0Zr#u}vDb-SkOYu?`PORn#j>Q)Ac!qszHs=Gm@`YD z7f+=u;J`Ic*{$_T9a#r~DUw&xr!cCEOxLR8;6Gv)EBx*ZvNv})ey(Z~J+y^3Fzy&6 z3rXF;PbMs)xNTX2g3t*ViU`EXY1w%6D0g_Pn!3JkD?yAMbc`(>07*GHhoD!Eh+|Bg z^h!IDm;yBGG<7Mn>o;564^cH5O#0%hi_C#8kd%+E-D25*??omtCi?p(XP=rs!|0g2 zYAvC$x)~+bHL_JWoo7{xsU*ulBljkxx*|)b<`MsXu9Kz8Rc5wTo%-XZKUWUW3BgNs-S#->kXYVO7#P!eB?#V5NplO6v<4Mw1KW} z_=hY{n&Vqu91){R0_Crf?&y}Bll2#X@(Zu8(1?)5tS z{mVX!;e`@f)<55<5nZxU_r;5tN54sCECc(SA6*Z@qpElTW6oMbL}(CC+9e>mI{jIE z4N;Gh3cBh+9+@iIsn z`Acfw?4NIhRxNJ~+iKd)H#)m^TDH=naB^5_RlVlRM*WCC4Qq~TNUN=`JZ-a$eXVN14k@Ho zTAot$lvS80k7&CD0U6%7ToQWfd5tq@uo!-%FzFrrPyE=qz9AREN=&ie-+l^U@1~kh zH)qS-Su{Rw)#^_xuW$6LA$tAs*ADv~0=bG380+`*TMXW-|Ll()p8KVKw{<)x(?9DU z9B|${+XWFS`m7nYD2DBM5*6-<<0~(3z3tDsMC$iE9>t;c+HcGZz$L{J75ttVe_RSV zzSn}l?=Arw7V~)N)xEewf)ExihX_i#e(g6S9j~T7WQ#JI0Ry=EQ3iS~tqJKD$?tK* zue8rzAc9sO)uV+*@j=Q-7ZN;4&{)w#S}gio)Cpp}hjDKR-Zn{n+Z2PJA*cBaCnEo@|#2)Z|M7 z8QS%#0Aut)1jLJ@J++(~10k+zeH&LAj`sNl6b&kDq{&w$SKz=`C2Mr|;PCML=>2%8 zu|D)x2JZakbt+JWAE9l`RsoSEZeofkM`pVm5bR^W902Lt2pZVH( zsMpD3E!tkzRI~yJZ^@bjgu7(juG!(xw%D&1iL4kbOUq;6sUl#bRo<|s- zN&}{=m2?fb*x)TSsBA?|5FjBq@Xm9UTnp!d)QR((rEAcB&k>*V=Q`jnNMonj7+BZ6P@6}Ha zTW{U1+F{l&b08aNg+hN<^4LdOmQ=94H*`#NSlzB9ZP+@a0W^|U{UxV>)jUS$@@bX_m{9;7_*qfvNtn(raOOn~>^V^BfKje}Mow{El?Oxw&eSv9m}4u$g9 zSB=DO2eR-T4$AkzcSI(gaYf+O-caZz^LK9BWN>MG7c46*ZP&@8l3Hquqq;B@x^0*{ zE-9=aMmY199R3rO(2R2CQA|p1EGde?@;EV5<3?U`rJZ2iYZ1#fkJ5Ep88Ih0<{z}q zUbiviFjV4@Oe|d%Y~A(pRJV2QT2)=lpg2@rR5?d!t!rE3wzi$Fw;^9t*?X1x{N{SK z&}q@EvV8c&)yHW17xQ8^_W!TH~CL#`hT&1lK;^CQ`$eo|5=*YUjoPfy8WMW0hDx# zjs|7`Lk9{hB*2Qa3jlLELpTiY4gQ+(C@A3{@W zE8(w+KOu!MCnG&0Gd(LKD+4P%0}BfcJ@a>Z`tM(KGS)`_HxeZ~eH$Bq(U%rM-@+aM zLnp5!qDCv~XklTXZ)NqD?Mf!5_Jm*m|G|E0LKT3W{nw)jnP?f98CWcrvxgl@0nzC4hz2>sg4b%N0aG5#og^2UuUzydu)Hvk$y zCB%RyBz*kAVRHr?1W^DSm{4M-Bsfy}nIS}#%2Gz8Y=u3{2R#B#FX44Sy(m6Fm(zy~ zR#JkMAQV-Rj}(-Ve}EDwy(5r^!dSmRhJb1KsSVG*T!4-w6^~6;rjOTJ;G-OFj~v1( z!XaN!WspBR~tWkF~x1dB8 zO9+@hk|H63hbmWZ`Z`4@m$EE3Au-aB-aMUmo-?EdEI66U$%rWkIAXMEs>7i@5KrUt#K`5H|(@zC+f3s*a{O~$)Sf7wu-M)XRej& z^4b$!oa?Bj#~zmLr~0RttMC* z0Q`UzRf?vSCOvPd8bm7wI`@=!q&xX>5*G33?eI(1l<`ZH=V$xRAsZbNJ!3C~ganGh3M65w-5-+sja+D;izCbUq`a)1RdI6GF+3&&7w7%^#AxjrdjOY&4mV zP#m=Q{sz~m^$ukbDL4Dlqj@U*@==G3ubi)Ieo~Mp=Os)wuBnONzn*uOlay*tZ%}{- z3y~G~%Unxc_+mQD&*vZCDi;H)g!DW_$k0 z(y$hICFfI*((L|lcm9s44f9rsy4R_ihH6^$aLx*qapxW5B0b0H7BBfI>Na~1={y9z z-6T7_p2M^32Y1PfV6)%w^USbjeuYH&O9GmM&^4vG%6M_bO6HlO%DF7QyqWXOia;qR zB*fQ)<{x%|M4QEMdxjzwzJ!qfH*Sv~iq%$pV8IaAG3WOPp;a5QEYn|fQj zjv0U!HoDU6MJ>Ne?Ow7Gkitr)va&)i`I!l%gGQlKcPVjyzI+@m4z9l|l)XExZCc4j z_o^83o`}cL@WT#)+%i;-7PA!DI?{H2HnekHT;9htP#ZKYTd3Ca&>foxO7cJ{nq?7m-I%+|xZIhIB0 zH^nb!VOT?tNsWwhZi-zFdc20Yy*v+_k&%dt#zg4xR!Qi2&Dhy`VB*M9`Km%k0RKHI zvh}QdL=y>R2^R2q=K#eCL_U9yM&|U)4AH_92s#4qVcFpyDUqZ&60C6+p5w+;x6g9x zlpKz(iWzmHiIFgs%_dP(xI|fWukZf*M^agdB0_>ff~QPrB+O!{*>@6=8Er;3{~YJ! zx1w^cJls6VJW4EIVvMl~CEJF=j+L5LR3)MUQ=OsCz^E`|wMH~N*)q^VlW0|Cs0ocR z9X{xK=brDN&@$9QlXx|0NGppTwlk^rdI^7cZQ_1^EN1c%^4ay%Jq=Dz_4DJ=ilC|c zBC35-mruvyGXVnk4rtolq1N;M{OS2%)B(CkYBsgxlcnlYSMlTNMZf#~u%DT5;EdTB@16jJO4X&$a{~=ql@j#oUdfkAfdXl5sqrUb6z?^!x?yQz4 zj!eDIXxIu9J|+(;29=uHNDqTbHMXEBM~$@`OG2C0gz12zdT_fstOm+Q$4C@-EP;Dr9wd#uzpgxh>qXnFO-3!tN-wKOXbQ#*A*EEC0VVxf_ zV}L`_75FG{mfd{m)yJy^(nfy-SP$s}NHz{0xX)&WM4SU8;zf%A=6ma)Pq>Y;%}J!K z9tZ+Y6uyEih@y>cOK`$$4_S-x*Ukr6dgxW)7e00fDZw~??)5{?EeOu=7x??wHlP>eYpnY+gz(8ht9c#Z zYeDVc%@VGVLp|H6`Rxg(JrKAW_?Gf!gXC-4?09+cR(+Pg0Thk`TsHq-S=SxaMDVQ> zLJK9JK@gd+%`2EG!Oa$LhDx?136b%d)vNPz z&2D(#KsoRf7{~6EjjD{c4!17pby~GT#^TbPSgk5?g`>%ps4u(TJoAdk^Sp$a4+2a6 zON@dNfipJ(r8&Y2am0-Fd6HYE95yAr+pFeC8JXV}ecP+!n3m6vbqDV$LHc`rH1^UY z0?&k5;lrcCe9mGoBOJcS73_V;Xb)mHjBeJ5o%vvc(bu{aPy&Qk#4KP;@jy)KDG2WK z-{5pNC~v3&mw*Hb+h<( zgm4evlC=JVN;k~6b#`5uH9zE0UGyD;V2EMxtY)kb5sgf2|Jr4;I)`ET`2*ivlN~mW z)U(RIyNDgn$Snl2H$Wzq&63omH!X|ym4I={LBuOKezb#oIcvKh+ zrL?7-uFyxA{&-oG0D&T9LgA|tc`TLGyQEIE#?<|$-#7m82ykBgBhomwY@$nGsgf{h z`i(9pay+5Zbd%e9X(Hnvk&r_h|A^!P`45rMk=M^a*DcPY23v`NIU8!T-x9=zrJ*ORS~9`w$dZS)4eGMM3Gy0he7) z1gk*t7zKm6K)m46bzm&p!9+eg<|F|Z|8#G%X7c`LQmyK5sqW(D!dq{>C7;JSG`v_S zX@j1M(8sey{D)NzQK<_>Z4k#L!>)zmyA-lZR?D)81_yX0ts!osXb$7DEQxQ)V?(lM zTISrl;lq*i9ub&@g4EFA(kyK<$qzsqm2)fQYUNL<10C0`X9(eO{Hg(9IYOO?j55D|>RPF=d75x4?l-%LjQ zyV$XKhLF^!QJni1Lej3;KAJo zU*y!^QrP)hD3DqX#;8ma(*;P5D;AXYu^~)`+-w@gL;M6k`uN?KNN0z5#>R3t-|VciFjH7 zBJ=*$L|4YbB(JGanR4XJf(|lAmnn9}ri0GeP0%kQW5LXHOEUFe%t`#;am!SD8qaRO`pNQXomjsNWAs6^W=yh1nB3WB`5~USa8xwpR7IsXDqC~)|b_n z1M;$f7xG>s0g%zu0GB#)R=f-nQUht4DVZXvjgug7jC4sw$P3bvC0DhdT&vO;XwsG3 zU~M_bV7CPDx~G3+dd>I~yh?&$PSP1!ENvqZ?mlRZYrpk^q_X<}U%&THo)q|YY=~Eu zSXdR&d&ZR{Q_BImvnPlt>^00`X1l>-xOUH|+cD#+$dWAUv*PxD3MFAV`$%vqj26kS z7Z`!MDZ3n?GApkkun=8nyG>Ip>PnFmQsehzVK5lku{PTzC`11f6ExJ|hi2)8AkDS> zGf^Z8kq)Q^KkFEagQ3L>H7uL3#m+U%D_dxHjY2JRI#rG-v^}HCUxK@y(LP4ff5QAzlFzxSzPqe!v-2-3+M%&w z9Z0_wyZ>7Z%9G70pf>3Ofu1jHt*b8+Mkx_8O$IAKs)w+#N* z7A0>cJN&Kdmr?g`Gn+FsUKDw-)VbV|n2o@*h!5u4zjNL4mYL2_>?!g*G1Wy3<}RO5 zS_7&j5g4sAy9>yc-7(Fx`U-oLkNq)?Eyp&XT>Q?%;+C@j_hg)h_Z^#B5nh_WxdUqF zQYmhkiMRHA8&NWfy(W~gV8Wpd=vUWv()kiAkc6E-uC%hEk+6MbaCf5nuYv*2K4-%u zDx*DohAr_2Gmsa6<`-$;`G>~64$cI=j(;J|g_OTEVLop+odZ?VDUT>AfD@-m?k@{y zfVn;T=I?e;ytUA>>P0OTVLQpW{Tbd1RChD;C=-zk08)$v5N-eywO_5^{eYg*Ju)a+ zfE~-XxUGv}ecLc2jn-ULC}rKvAd5P`>o&YV@RXj);tAT?n3{m{89>aiF2ZR)8@(aa z1dcR*<^{EDSSDcu1d(+Xd|1t!>(L28()nhpoakLtpH!ZU?`PBTR0+a1Wy4}a+$FXd zJ5BD;MEXH?Nk$wjB|zW=UU4#gNIDkS1ZF_i!pN2+ zt4WKn_x@0^+H_sP@+CD4e3Gmtc|&4hU{_+)Zv**+%_5Lv7D$~#H3P>%)YsxmGmDiY z%RjN?4SSGS6J#-T(_sIwp9J=5It9*vkr#WJgfZ&bFEtJonFN0Q^EP|dQ z0s1i1w4dvhAKOwsdLi;A`E7^{wxCd6B`oD~fitH)$#Lj6;r=l4C5F5a0cbr~gn$22 zTaxMbaTub1lk{UI0WP<*18M>D$povULlqSB+nKOn70W^TJW^*;&PO`Q;3APtFKhyz zBJ}B-A`5H?{B&V>BWRpJqmrAN3(?jevjBOg`ciSS>41{Z4l#7|8A{^$Yz#AsRde>*ZTt1;sBSu6GsOh$Ft5 zxP&8AN?6<*@A^sLQDfmVd=Q4~o8L7?C!BR9G?rtZN*qV)zBBYv;Tn@r88xBJBWS-j z8q8=?$~T%gLmlSdQWggR@1FaU(XOHP-Wkh@cud84p~DYWds#$Af5bZnQp@DsG^l-_ z@#v!UB05*_(eyX+frqJ)((er&7C*mH7X<+>80*R}M@m1yt7DzoEB;=|A>`-Kc`v0n z>}e~n0C+6ztF%gAYBqQcE8(DYA$ERMRnHsDsjG7jOlh1dL}-(Ed2x;H7B*EMm=!Oy zQ|Wmh4`mFK`3|tCP^Pw#(FgPTrAJwAY> z=YesW$C+G4QeU?~l08A{oW^Fjwa4!QiN7!NyO#KpaQ7-?u3!0_$YK&{c9Vy%&Jo% z|Mc(dB=sL{-zAHNc--01KeV%KN!Ii++et93Nd@n9ozCwYS+_nbSgoZSU{qUHM{gvT zKfXOwXm_tEuH&o~6ux#zIyw9-5G1)~A|CpIbn4=EsoJiB*X!b8T{Fi+8fyyv=7z$R zAT!&*SP?N&&I%^5@rb&rm}|Hv>Q+F&XLUU~5ykq${c;QU@V(P0n5xwt61&sR4>Afw z&Zwj5%oKTlSn2Nvca|sHKcsUA9M}O&u%hn|<4JY1y*B8@T8dIwIeYjM%5V8uI6p<( z4=xkxxy}!?hI-yF-r=MV4Uhgozo_m=m!ha~Oh2RU=-ErEd=@AV<_?V6=BikyKA*82 zhe@B{14J{IKI~n>4dh-n!XM*(3hGOJ;b=vt%o||77us7QFP4N}PD1gH_a7Qfy}?`# zZl{I++Jdl!@3VUc#&Mj0qLMbYb~2Wf%{GxC%GI*aj@wGoU7qbW*2(&=o0i21aaYu_ z-My4~lm}Ps^!I;;7Oj+@@|h`14TE@f%2@Ki`%!;Jb=XRq_mLws(wR%4oz^$;WY;Ht ztX`aT#@!@COqj+^kt15&DDcyMps&7VU`}*+r|YE4%`guFNz4X{2^9YJHV0wK-Yvd@ z3p*hqL-MqtxDSiA8;LCUmfu9Gbf;yK4ospVF=fmuHw<8DEsko5%HslSAn)pl%PQy3 zTgZy^H+)gJHy~h|TRfoU+|*qFOA>6B8lgvRt1*)AmTtJCaj z#91yhQK<^GC2wdf4&r8_f6EyheB{ze^opv6zP(XzM)nlWMBhO#lYa=Gy+mQ$f~}8| z$Np-ePL))*QyTNGUO`h+8Ku;SJF0Q~N`Yy8Cdp)C zNG^DwnvalVWQe-Ho-LW59AxzJ4hXoko~k+}Vmlm4W$jcqpF0AevsD8Sn))^Wq2Q5O zm~DYbuMnrZ>PebJemc9`9yw>j(?(9SlQ0Sbc%O1wB7b;q6OO}eUY>3;#9E zp+{oCf0*MltG8soQ|koIA)w*s%XAItFMl{JfRtPM$+4pF^UX)~CnVye`|u|ZNjdrA z4M;lFL;W@T6T#!4XC?{n5n5wcvLFLZ_o+c;=E7w9FEG`rFZpb%E2}jW_e~|wz3*lV0ratqIn6AshcS_;9LCJK{^yd zmgZl7fu^OFe|V0;G~eU&t0jy04oXCL>Qe1z>M| z;;iSuQKjzuLG`cNiFbcuJ>Vg8P%k3NM84FKA=rl~_tW6i#^@XUyF#KI&=%=EAE{jZ zrv2A-w1lW!{h&z3{@x%Ohtl)?AQ*9*ut9xJadWnn1i^b(YI(h-SJ3mec8r#sW`rwV zJ&sjvbz@<9w^hGXe&z|ysXuBjngB>7DUPXB^WfS76iIV z@iA*)AV#S~^Bb4-Gpu(fS_S=?CNIGgW?b6@LJYS8TR}L#q>UM%eN>AMv zHEb<+Xw2tnL=x9WgwTC`Dcu-`t<#9pw5m<|kRJ`FWr~Flaa|t~qxN=EL@zBY4E}f> z8XWHRkp`^m)CY1BDCGa%AqGqpahgD_W$Kk|d!&>U|99VH*o&jiYi;W_bbDmEq>B`7 z9H+FLbU~m~&V7b`>3y!H9>R}gIWsEb+FDYCktG;kkY^6uSY>g-XXKe^$pOv?BBK7q zWBA!fQYGDx)W9=K=@hz7rQU&zx6}{MLw`NH+eJ-?CzJ+JlKQH~WOH%9=X57WOKE34 z20hFexV7fj@iRfunW&A0z|T$_{YP?=G(sG?heI^NZV@!x5*xX(du>deRVWFHV;=^` zUhq3w6ZqMRkGuw&d}s-gMet1;qtIVR__&herAMyAl)RI&2J|WoRo0QGLp307jZ#`p zq_680oVnKqEycPVa+r${1P;IAWW4G%{}~k;38H;q6Ke)K~4$@UrYt zn5Gl4%Xn5*)n!2=Bwy!)iT~ilI%0NKVl<%2Kd-9Ll{$ru%qrDHg3(J{Dzv-1;bU$r z|6*RM{zvYsjoQH?+&1wvQ{43p+Usu~!2eYI8R?3wF|UY~RW3}OG7$;4h%cJtwrUta zi7d)A)N6eG%@l8OB&_(EMZbRa<&ov;t+s5plya-KR5w8(ZiR+JH};yGVlhfmA4Z*Q z&2P>_BvioxQqy0|?Bbj1gnuW@xfE1nonQOSFMn_B6E=47#ptKJ*bt?>3NHBX19f-W ztn!&Ev|I1(-~&1L#LPQB8rBZ{$G@Jz&+&Wj?n}T!4;(H8F5WEShT8{W z=8n+z^%ABz@ALJmeQ{=1;XrY+RI6&<%#m&H?IVh$IAq+(<2$^ZwP@vVmNszE@Iuo% z{6EFaN=>Y0vqGl5q)$yWWu=`n%@YcgimAhHE5knzBf@`~KOLcVllxtlc+ncIZz%R= zlU9cDQ7r576}=V>0HJPI^l0+Xn?aLnt>887Mdq~O2&|$cx;U8?_pXTKu z>Q7Ig|F@+1LK%ag<^j<5n35aAhvhF8MaDlkJ_$^au`l>a_tVz?Km!_zfBGiUk&jo1 z%M#j(H+~)Iq8m{1@1PNB!(AtO36+k~g`VK=B&YA|Lx=JI?;x%NUDl(tRXe@holf5o zxz86V#ufBmO-Grh78j$PO`V|<`+w3lUQ++}4`4pN_TIh$z+)^_veFWAGO|>Be40jD GRR06+Vfh*W diff --git a/krb5-1.21.3/doc/pdf/admin.tex b/krb5-1.21.3/doc/pdf/admin.tex deleted file mode 100644 index 8a67a6d0..00000000 --- a/krb5-1.21.3/doc/pdf/admin.tex +++ /dev/null @@ -1,12287 +0,0 @@ -%% Generated by Sphinx. -\def\sphinxdocclass{report} -\documentclass[letterpaper,10pt,english]{sphinxmanual} -\ifdefined\pdfpxdimen - \let\sphinxpxdimen\pdfpxdimen\else\newdimen\sphinxpxdimen -\fi \sphinxpxdimen=.75bp\relax -\ifdefined\pdfimageresolution - \pdfimageresolution= \numexpr \dimexpr1in\relax/\sphinxpxdimen\relax -\fi -%% let collapsible pdf bookmarks panel have high depth per default -\PassOptionsToPackage{bookmarksdepth=5}{hyperref} - -\PassOptionsToPackage{warn}{textcomp} -\usepackage[utf8]{inputenc} -\ifdefined\DeclareUnicodeCharacter -% support both utf8 and utf8x syntaxes - \ifdefined\DeclareUnicodeCharacterAsOptional - \def\sphinxDUC#1{\DeclareUnicodeCharacter{"#1}} - \else - \let\sphinxDUC\DeclareUnicodeCharacter - \fi - \sphinxDUC{00A0}{\nobreakspace} - \sphinxDUC{2500}{\sphinxunichar{2500}} - \sphinxDUC{2502}{\sphinxunichar{2502}} - \sphinxDUC{2514}{\sphinxunichar{2514}} - \sphinxDUC{251C}{\sphinxunichar{251C}} - \sphinxDUC{2572}{\textbackslash} -\fi -\usepackage{cmap} -\usepackage[T1]{fontenc} -\usepackage{amsmath,amssymb,amstext} -\usepackage{babel} - - - -\usepackage{tgtermes} -\usepackage{tgheros} -\renewcommand{\ttdefault}{txtt} - - - -\usepackage[Bjarne]{fncychap} -\usepackage{sphinx} - -\fvset{fontsize=auto} -\usepackage{geometry} - - -% Include hyperref last. -\usepackage{hyperref} -% Fix anchor placement for figures with captions. -\usepackage{hypcap}% it must be loaded after hyperref. -% Set up styles of URL: it should be placed after hyperref. -\urlstyle{same} - - -\usepackage{sphinxmessages} -\setcounter{tocdepth}{0} - - - -\title{Kerberos Administration Guide} -\date{ } -\release{1.21.3} -\author{MIT} -\newcommand{\sphinxlogo}{\vbox{}} -\renewcommand{\releasename}{Release} -\makeindex -\begin{document} - -\pagestyle{empty} -\sphinxmaketitle -\pagestyle{plain} -\sphinxtableofcontents -\pagestyle{normal} -\phantomsection\label{\detokenize{admin/index::doc}} - - - -\chapter{Installation guide} -\label{\detokenize{admin/install:installation-guide}}\label{\detokenize{admin/install::doc}} - -\section{Contents} -\label{\detokenize{admin/install:contents}} - -\subsection{Installing KDCs} -\label{\detokenize{admin/install_kdc:installing-kdcs}}\label{\detokenize{admin/install_kdc::doc}} -\sphinxAtStartPar -When setting up Kerberos in a production environment, it is best to -have multiple replica KDCs alongside with a primary KDC to ensure the -continued availability of the Kerberized services. Each KDC contains -a copy of the Kerberos database. The primary KDC contains the -writable copy of the realm database, which it replicates to the -replica KDCs at regular intervals. All database changes (such as -password changes) are made on the primary KDC. Replica KDCs provide -Kerberos ticket\sphinxhyphen{}granting services, but not database administration, -when the primary KDC is unavailable. MIT recommends that you install -all of your KDCs to be able to function as either the primary or one -of the replicas. This will enable you to easily switch your primary -KDC with one of the replicas if necessary (see -{\hyperref[\detokenize{admin/install_kdc:switch-primary-replica}]{\sphinxcrossref{\DUrole{std,std-ref}{Switching primary and replica KDCs}}}}). This installation procedure is based -on that recommendation. - -\begin{sphinxadmonition}{warning}{Warning:}\begin{itemize} -\item {} -\sphinxAtStartPar -The Kerberos system relies on the availability of correct time -information. Ensure that the primary and all replica KDCs have -properly synchronized clocks. - -\item {} -\sphinxAtStartPar -It is best to install and run KDCs on secured and dedicated -hardware with limited access. If your KDC is also a file -server, FTP server, Web server, or even just a client machine, -someone who obtained root access through a security hole in any -of those areas could potentially gain access to the Kerberos -database. - -\end{itemize} -\end{sphinxadmonition} - - -\subsubsection{Install and configure the primary KDC} -\label{\detokenize{admin/install_kdc:install-and-configure-the-primary-kdc}} -\sphinxAtStartPar -Install Kerberos either from the OS\sphinxhyphen{}provided packages or from the -source (See \DUrole{xref,std,std-ref}{do\_build}). - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -For the purpose of this document we will use the following -names: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{o}{\PYGZhy{}} \PYG{n}{primary} \PYG{n}{KDC} -\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{o}{\PYGZhy{}} \PYG{n}{replica} \PYG{n}{KDC} -\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{\PYGZhy{}} \PYG{n}{realm} \PYG{n}{name} -\PYG{o}{.}\PYG{n}{k5}\PYG{o}{.}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{\PYGZhy{}} \PYG{n}{stash} \PYG{n}{file} -\PYG{n}{admin}\PYG{o}{/}\PYG{n}{admin} \PYG{o}{\PYGZhy{}} \PYG{n}{admin} \PYG{n}{principal} -\end{sphinxVerbatim} - -\sphinxAtStartPar -See {\hyperref[\detokenize{mitK5defaults:mitk5defaults}]{\sphinxcrossref{\DUrole{std,std-ref}{MIT Kerberos defaults}}}} for the default names and locations -of the relevant to this topic files. Adjust the names and -paths to your system environment. -\end{sphinxadmonition} - - -\subsubsection{Edit KDC configuration files} -\label{\detokenize{admin/install_kdc:edit-kdc-configuration-files}} -\sphinxAtStartPar -Modify the configuration files, {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} and -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}, to reflect the correct information (such as -domain\sphinxhyphen{}realm mappings and Kerberos servers names) for your realm. -(See {\hyperref[\detokenize{mitK5defaults:mitk5defaults}]{\sphinxcrossref{\DUrole{std,std-ref}{MIT Kerberos defaults}}}} for the recommended default locations for -these files). - -\sphinxAtStartPar -Most of the tags in the configuration have default values that will -work well for most sites. There are some tags in the -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} file whose values must be specified, and this -section will explain those. - -\sphinxAtStartPar -If the locations for these configuration files differs from the -default ones, set \sphinxstylestrong{KRB5\_CONFIG} and \sphinxstylestrong{KRB5\_KDC\_PROFILE} environment -variables to point to the krb5.conf and kdc.conf respectively. For -example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{export} \PYG{n}{KRB5\PYGZus{}CONFIG}\PYG{o}{=}\PYG{o}{/}\PYG{n}{yourdir}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{conf} -\PYG{n}{export} \PYG{n}{KRB5\PYGZus{}KDC\PYGZus{}PROFILE}\PYG{o}{=}\PYG{o}{/}\PYG{n}{yourdir}\PYG{o}{/}\PYG{n}{kdc}\PYG{o}{.}\PYG{n}{conf} -\end{sphinxVerbatim} - - -\paragraph{krb5.conf} -\label{\detokenize{admin/install_kdc:krb5-conf}} -\sphinxAtStartPar -If you are not using DNS TXT records (see {\hyperref[\detokenize{admin/realm_config:mapping-hostnames}]{\sphinxcrossref{\DUrole{std,std-ref}{Mapping hostnames onto Kerberos realms}}}}), -you must specify the \sphinxstylestrong{default\_realm} in the {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}} -section. If you are not using DNS URI or SRV records (see -{\hyperref[\detokenize{admin/realm_config:kdc-hostnames}]{\sphinxcrossref{\DUrole{std,std-ref}{Hostnames for KDCs}}}} and {\hyperref[\detokenize{admin/realm_config:kdc-discovery}]{\sphinxcrossref{\DUrole{std,std-ref}{KDC Discovery}}}}), you must include the -\sphinxstylestrong{kdc} tag for each \sphinxstyleemphasis{realm} in the {\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} section. To -communicate with the kadmin server in each realm, the \sphinxstylestrong{admin\_server} -tag must be set in the -{\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} section. - -\sphinxAtStartPar -An example krb5.conf file: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{libdefaults}\PYG{p}{]} - \PYG{n}{default\PYGZus{}realm} \PYG{o}{=} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{n}{admin\PYGZus{}server} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - - -\paragraph{kdc.conf} -\label{\detokenize{admin/install_kdc:kdc-conf}} -\sphinxAtStartPar -The kdc.conf file can be used to control the listening ports of the -KDC and kadmind, as well as realm\sphinxhyphen{}specific defaults, the database type -and location, and logging. - -\sphinxAtStartPar -An example kdc.conf file: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{kdcdefaults}\PYG{p}{]} - \PYG{n}{kdc\PYGZus{}listen} \PYG{o}{=} \PYG{l+m+mi}{88} - \PYG{n}{kdc\PYGZus{}tcp\PYGZus{}listen} \PYG{o}{=} \PYG{l+m+mi}{88} - -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{kadmind\PYGZus{}port} \PYG{o}{=} \PYG{l+m+mi}{749} - \PYG{n}{max\PYGZus{}life} \PYG{o}{=} \PYG{l+m+mi}{12}\PYG{n}{h} \PYG{l+m+mi}{0}\PYG{n}{m} \PYG{l+m+mi}{0}\PYG{n}{s} - \PYG{n}{max\PYGZus{}renewable\PYGZus{}life} \PYG{o}{=} \PYG{l+m+mi}{7}\PYG{n}{d} \PYG{l+m+mi}{0}\PYG{n}{h} \PYG{l+m+mi}{0}\PYG{n}{m} \PYG{l+m+mi}{0}\PYG{n}{s} - \PYG{n}{master\PYGZus{}key\PYGZus{}type} \PYG{o}{=} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts} - \PYG{n}{supported\PYGZus{}enctypes} \PYG{o}{=} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{p}{:}\PYG{n}{normal} - \PYG{c+c1}{\PYGZsh{} If the default location does not suit your setup,} - \PYG{c+c1}{\PYGZsh{} explicitly configure the following values:} - \PYG{c+c1}{\PYGZsh{} database\PYGZus{}name = /var/krb5kdc/principal} - \PYG{c+c1}{\PYGZsh{} key\PYGZus{}stash\PYGZus{}file = /var/krb5kdc/.k5.ATHENA.MIT.EDU} - \PYG{c+c1}{\PYGZsh{} acl\PYGZus{}file = /var/krb5kdc/kadm5.acl} - \PYG{p}{\PYGZcb{}} - -\PYG{p}{[}\PYG{n}{logging}\PYG{p}{]} - \PYG{c+c1}{\PYGZsh{} By default, the KDC and kadmind will log output using} - \PYG{c+c1}{\PYGZsh{} syslog. You can instead send log output to files like this:} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{log}\PYG{o}{/}\PYG{n}{krb5kdc}\PYG{o}{.}\PYG{n}{log} - \PYG{n}{admin\PYGZus{}server} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{log}\PYG{o}{/}\PYG{n}{kadmin}\PYG{o}{.}\PYG{n}{log} - \PYG{n}{default} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{log}\PYG{o}{/}\PYG{n}{krb5lib}\PYG{o}{.}\PYG{n}{log} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Replace \sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}} and \sphinxcode{\sphinxupquote{kerberos.mit.edu}} with the name of -your Kerberos realm and server respectively. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -You have to have write permission on the target directories -(these directories must exist) used by \sphinxstylestrong{database\_name}, -\sphinxstylestrong{key\_stash\_file}, and \sphinxstylestrong{acl\_file}. -\end{sphinxadmonition} - - -\subsubsection{Create the KDC database} -\label{\detokenize{admin/install_kdc:create-the-kdc-database}}\label{\detokenize{admin/install_kdc:create-db}} -\sphinxAtStartPar -You will use the {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} command on the primary KDC to -create the Kerberos database and the optional \DUrole{xref,std,std-ref}{stash\_definition}. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If you choose not to install a stash file, the KDC will -prompt you for the master key each time it starts up. This -means that the KDC will not be able to start automatically, -such as after a system reboot. -\end{sphinxadmonition} - -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} will prompt you for the master password for the -Kerberos database. This password can be any string. A good password -is one you can remember, but that no one else can guess. Examples of -bad passwords are words that can be found in a dictionary, any common -or popular name, especially a famous person (or cartoon character), -your username in any form (e.g., forward, backward, repeated twice, -etc.), and any of the sample passwords that appear in this manual. -One example of a password which might be good if it did not appear in -this manual is “MITiys4K5!â€, which represents the sentence “MIT is -your source for Kerberos 5!†(It’s the first letter of each word, -substituting the numeral “4†for the word “forâ€, and includes the -punctuation mark at the end.) - -\sphinxAtStartPar -The following is an example of how to create a Kerberos database and -stash file on the primary KDC, using the {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} command. -Replace \sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}} with the name of your Kerberos realm: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}util} \PYG{n}{create} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{\PYGZhy{}}\PYG{n}{s} - -\PYG{n}{Initializing} \PYG{n}{database} \PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{/usr/local/var/krb5kdc/principal}\PYG{l+s+s1}{\PYGZsq{}} \PYG{k}{for} \PYG{n}{realm} \PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{ATHENA.MIT.EDU}\PYG{l+s+s1}{\PYGZsq{}}\PYG{p}{,} -\PYG{n}{master} \PYG{n}{key} \PYG{n}{name} \PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{K/M@ATHENA.MIT.EDU}\PYG{l+s+s1}{\PYGZsq{}} -\PYG{n}{You} \PYG{n}{will} \PYG{n}{be} \PYG{n}{prompted} \PYG{k}{for} \PYG{n}{the} \PYG{n}{database} \PYG{n}{Master} \PYG{n}{Password}\PYG{o}{.} -\PYG{n}{It} \PYG{o+ow}{is} \PYG{n}{important} \PYG{n}{that} \PYG{n}{you} \PYG{n}{NOT} \PYG{n}{FORGET} \PYG{n}{this} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Enter} \PYG{n}{KDC} \PYG{n}{database} \PYG{n}{master} \PYG{n}{key}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{=} \PYG{n}{Type} \PYG{n}{the} \PYG{n}{master} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{KDC} \PYG{n}{database} \PYG{n}{master} \PYG{n}{key} \PYG{n}{to} \PYG{n}{verify}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{=} \PYG{n}{Type} \PYG{n}{it} \PYG{n}{again}\PYG{o}{.} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This will create five files in {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}} (or at the locations specified -in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}): -\begin{itemize} -\item {} -\sphinxAtStartPar -two Kerberos database files, \sphinxcode{\sphinxupquote{principal}}, and \sphinxcode{\sphinxupquote{principal.ok}} - -\item {} -\sphinxAtStartPar -the Kerberos administrative database file, \sphinxcode{\sphinxupquote{principal.kadm5}} - -\item {} -\sphinxAtStartPar -the administrative database lock file, \sphinxcode{\sphinxupquote{principal.kadm5.lock}} - -\item {} -\sphinxAtStartPar -the stash file, in this example \sphinxcode{\sphinxupquote{.k5.ATHENA.MIT.EDU}}. If you do -not want a stash file, run the above command without the \sphinxstylestrong{\sphinxhyphen{}s} -option. - -\end{itemize} - -\sphinxAtStartPar -For more information on administrating Kerberos database see -{\hyperref[\detokenize{admin/database:db-operations}]{\sphinxcrossref{\DUrole{std,std-ref}{Operations on the Kerberos database}}}}. - - -\subsubsection{Add administrators to the ACL file} -\label{\detokenize{admin/install_kdc:add-administrators-to-the-acl-file}}\label{\detokenize{admin/install_kdc:admin-acl}} -\sphinxAtStartPar -Next, you need create an Access Control List (ACL) file and put the -Kerberos principal of at least one of the administrators into it. -This file is used by the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} daemon to control which -principals may view and make privileged modifications to the Kerberos -database files. The ACL filename is determined by the \sphinxstylestrong{acl\_file} -variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}; the default is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/kadm5.acl}}. - -\sphinxAtStartPar -For more information on Kerberos ACL file see {\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}}. - - -\subsubsection{Add administrators to the Kerberos database} -\label{\detokenize{admin/install_kdc:add-administrators-to-the-kerberos-database}}\label{\detokenize{admin/install_kdc:addadmin-kdb}} -\sphinxAtStartPar -Next you need to add administrative principals (i.e., principals who -are allowed to administer Kerberos database) to the Kerberos database. -You \sphinxstyleemphasis{must} add at least one principal now to allow communication -between the Kerberos administration daemon kadmind and the kadmin -program over the network for further administration. To do this, use -the kadmin.local utility on the primary KDC. kadmin.local is designed -to be run on the primary KDC host without using Kerberos -authentication to an admin server; instead, it must have read and -write access to the Kerberos database on the local filesystem. - -\sphinxAtStartPar -The administrative principals you create should be the ones you added -to the ACL file (see {\hyperref[\detokenize{admin/install_kdc:admin-acl}]{\sphinxcrossref{\DUrole{std,std-ref}{Add administrators to the ACL file}}}}). - -\sphinxAtStartPar -In the following example, the administrative principal \sphinxcode{\sphinxupquote{admin/admin}} -is created: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kadmin}\PYG{o}{.}\PYG{n}{local} - -\PYG{n}{kadmin}\PYG{o}{.}\PYG{n}{local}\PYG{p}{:} \PYG{n}{addprinc} \PYG{n}{admin}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - -\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{admin/admin@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} -\PYG{n}{assigning} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{default}\PYG{l+s+s2}{\PYGZdq{}}\PYG{o}{.} -\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{admin}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{=} \PYG{n}{Enter} \PYG{n}{a} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{admin}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{=} \PYG{n}{Type} \PYG{n}{it} \PYG{n}{again}\PYG{o}{.} -\PYG{n}{Principal} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{admin/admin@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{created}\PYG{o}{.} -\PYG{n}{kadmin}\PYG{o}{.}\PYG{n}{local}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{Start the Kerberos daemons on the primary KDC} -\label{\detokenize{admin/install_kdc:start-the-kerberos-daemons-on-the-primary-kdc}}\label{\detokenize{admin/install_kdc:start-kdc-daemons}} -\sphinxAtStartPar -At this point, you are ready to start the Kerberos KDC -({\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}}) and administrative daemons on the primary KDC. To -do so, type: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{krb5kdc} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kadmind} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Each server daemon will fork and run in the background. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -Assuming you want these daemons to start up automatically at -boot time, you can add them to the KDC’s \sphinxcode{\sphinxupquote{/etc/rc}} or -\sphinxcode{\sphinxupquote{/etc/inittab}} file. You need to have a -\DUrole{xref,std,std-ref}{stash\_definition} in order to do this. -\end{sphinxadmonition} - -\sphinxAtStartPar -You can verify that they started properly by checking for their -startup messages in the logging locations you defined in -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} (see {\hyperref[\detokenize{admin/conf_files/kdc_conf:logging}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}logging{]}}}}}). For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{tail} \PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{log}\PYG{o}{/}\PYG{n}{krb5kdc}\PYG{o}{.}\PYG{n}{log} -\PYG{n}{Dec} \PYG{l+m+mi}{02} \PYG{l+m+mi}{12}\PYG{p}{:}\PYG{l+m+mi}{35}\PYG{p}{:}\PYG{l+m+mi}{47} \PYG{n}{beeblebrox} \PYG{n}{krb5kdc}\PYG{p}{[}\PYG{l+m+mi}{3187}\PYG{p}{]}\PYG{p}{(}\PYG{n}{info}\PYG{p}{)}\PYG{p}{:} \PYG{n}{commencing} \PYG{n}{operation} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{tail} \PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{log}\PYG{o}{/}\PYG{n}{kadmin}\PYG{o}{.}\PYG{n}{log} -\PYG{n}{Dec} \PYG{l+m+mi}{02} \PYG{l+m+mi}{12}\PYG{p}{:}\PYG{l+m+mi}{35}\PYG{p}{:}\PYG{l+m+mi}{52} \PYG{n}{beeblebrox} \PYG{n}{kadmind}\PYG{p}{[}\PYG{l+m+mi}{3189}\PYG{p}{]}\PYG{p}{(}\PYG{n}{info}\PYG{p}{)}\PYG{p}{:} \PYG{n}{starting} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Any errors the daemons encounter while starting will also be listed in -the logging output. - -\sphinxAtStartPar -As an additional verification, check if \DUrole{xref,std,std-ref}{kinit(1)} succeeds -against the principals that you have created on the previous step -({\hyperref[\detokenize{admin/install_kdc:addadmin-kdb}]{\sphinxcrossref{\DUrole{std,std-ref}{Add administrators to the Kerberos database}}}}). Run: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kinit} \PYG{n}{admin}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\end{sphinxVerbatim} - - -\subsubsection{Install the replica KDCs} -\label{\detokenize{admin/install_kdc:install-the-replica-kdcs}} -\sphinxAtStartPar -You are now ready to start configuring the replica KDCs. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -Assuming you are setting the KDCs up so that you can easily -switch the primary KDC with one of the replicas, you should -perform each of these steps on the primary KDC as well as -the replica KDCs, unless these instructions specify -otherwise. -\end{sphinxadmonition} - - -\paragraph{Create host keytabs for replica KDCs} -\label{\detokenize{admin/install_kdc:create-host-keytabs-for-replica-kdcs}}\label{\detokenize{admin/install_kdc:replica-host-key}} -\sphinxAtStartPar -Each KDC needs a \sphinxcode{\sphinxupquote{host}} key in the Kerberos database. These keys -are used for mutual authentication when propagating the database dump -file from the primary KDC to the secondary KDC servers. - -\sphinxAtStartPar -On the primary KDC, connect to administrative interface and create the -host principal for each of the KDCs’ \sphinxcode{\sphinxupquote{host}} services. For example, -if the primary KDC were called \sphinxcode{\sphinxupquote{kerberos.mit.edu}}, and you had a -replica KDC named \sphinxcode{\sphinxupquote{kerberos\sphinxhyphen{}1.mit.edu}}, you would type the -following: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kadmin} -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{randkey} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} -\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{host/kerberos.mit.edu@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} \PYG{n}{assigning} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{default}\PYG{l+s+s2}{\PYGZdq{}} -\PYG{n}{Principal} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{host/kerberos.mit.edu@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{created}\PYG{o}{.} - -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{randkey} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} -\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{host/kerberos\PYGZhy{}1.mit.edu@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} \PYG{n}{assigning} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{default}\PYG{l+s+s2}{\PYGZdq{}} -\PYG{n}{Principal} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{host/kerberos\PYGZhy{}1.mit.edu@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{created}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -It is not strictly necessary to have the primary KDC server in the -Kerberos database, but it can be handy if you want to be able to swap -the primary KDC with one of the replicas. - -\sphinxAtStartPar -Next, extract \sphinxcode{\sphinxupquote{host}} random keys for all participating KDCs and -store them in each host’s default keytab file. Ideally, you should -extract each keytab locally on its own KDC. If this is not feasible, -you should use an encrypted session to send them across the network. -To extract a keytab directly on a replica KDC called -\sphinxcode{\sphinxupquote{kerberos\sphinxhyphen{}1.mit.edu}}, you would execute the following command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{ktadd} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption} - \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption} - \PYG{n+nb}{type} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption} - \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption} - \PYG{n+nb}{type} \PYG{n}{arcfour}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If you are instead extracting a keytab for the replica KDC called -\sphinxcode{\sphinxupquote{kerberos\sphinxhyphen{}1.mit.edu}} on the primary KDC, you should use a dedicated -temporary keytab file for that machine’s keytab: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{ktadd} \PYG{o}{\PYGZhy{}}\PYG{n}{k} \PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{keytab} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption} - \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption} - \PYG{n+nb}{type} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The file \sphinxcode{\sphinxupquote{/tmp/kerberos\sphinxhyphen{}1.keytab}} can then be installed as -\sphinxcode{\sphinxupquote{/etc/krb5.keytab}} on the host \sphinxcode{\sphinxupquote{kerberos\sphinxhyphen{}1.mit.edu}}. - - -\paragraph{Configure replica KDCs} -\label{\detokenize{admin/install_kdc:configure-replica-kdcs}} -\sphinxAtStartPar -Database propagation copies the contents of the primary’s database, -but does not propagate configuration files, stash files, or the kadm5 -ACL file. The following files must be copied by hand to each replica -(see {\hyperref[\detokenize{mitK5defaults:mitk5defaults}]{\sphinxcrossref{\DUrole{std,std-ref}{MIT Kerberos defaults}}}} for the default locations for these files): -\begin{itemize} -\item {} -\sphinxAtStartPar -krb5.conf - -\item {} -\sphinxAtStartPar -kdc.conf - -\item {} -\sphinxAtStartPar -kadm5.acl - -\item {} -\sphinxAtStartPar -master key stash file - -\end{itemize} - -\sphinxAtStartPar -Move the copied files into their appropriate directories, exactly as -on the primary KDC. kadm5.acl is only needed to allow a replica to -swap with the primary KDC. - -\sphinxAtStartPar -The database is propagated from the primary KDC to the replica KDCs -via the {\hyperref[\detokenize{admin/admin_commands/kpropd:kpropd-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kpropd}}}} daemon. You must explicitly specify the -principals which are allowed to provide Kerberos dump updates on the -replica machine with a new database. Create a file named kpropd.acl -in the KDC state directory containing the \sphinxcode{\sphinxupquote{host}} principals for each -of the KDCs: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{host}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\end{sphinxVerbatim} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If you expect that the primary and replica KDCs will be -switched at some point of time, list the host principals -from all participating KDC servers in kpropd.acl files on -all of the KDCs. Otherwise, you only need to list the -primary KDC’s host principal in the kpropd.acl files of the -replica KDCs. -\end{sphinxadmonition} - -\sphinxAtStartPar -Then, add the following line to \sphinxcode{\sphinxupquote{/etc/inetd.conf}} on each KDC -(adjust the path to kpropd): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{krb5\PYGZus{}prop} \PYG{n}{stream} \PYG{n}{tcp} \PYG{n}{nowait} \PYG{n}{root} \PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{sbin}\PYG{o}{/}\PYG{n}{kpropd} \PYG{n}{kpropd} -\end{sphinxVerbatim} - -\sphinxAtStartPar -You also need to add the following line to \sphinxcode{\sphinxupquote{/etc/services}} on each -KDC, if it is not already present (assuming that the default port is -used): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{krb5\PYGZus{}prop} \PYG{l+m+mi}{754}\PYG{o}{/}\PYG{n}{tcp} \PYG{c+c1}{\PYGZsh{} Kerberos replica propagation} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Restart inetd daemon. - -\sphinxAtStartPar -Alternatively, start {\hyperref[\detokenize{admin/admin_commands/kpropd:kpropd-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kpropd}}}} as a stand\sphinxhyphen{}alone daemon. This is -required when incremental propagation is enabled. - -\sphinxAtStartPar -Now that the replica KDC is able to accept database propagation, -you’ll need to propagate the database from the primary server. - -\sphinxAtStartPar -NOTE: Do not start the replica KDC yet; you still do not have a copy -of the primary’s database. - - -\paragraph{Propagate the database to each replica KDC} -\label{\detokenize{admin/install_kdc:propagate-the-database-to-each-replica-kdc}}\label{\detokenize{admin/install_kdc:kprop-to-replicas}} -\sphinxAtStartPar -First, create a dump file of the database on the primary KDC, as -follows: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}util} \PYG{n}{dump} \PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{krb5kdc}\PYG{o}{/}\PYG{n}{replica\PYGZus{}datatrans} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Then, manually propagate the database to each replica KDC, as in the -following example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kprop} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{krb5kdc}\PYG{o}{/}\PYG{n}{replica\PYGZus{}datatrans} \PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - -\PYG{n}{Database} \PYG{n}{propagation} \PYG{n}{to} \PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{p}{:} \PYG{n}{SUCCEEDED} -\end{sphinxVerbatim} - -\sphinxAtStartPar -You will need a script to dump and propagate the database. The -following is an example of a Bourne shell script that will do this. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -Remember that you need to replace \sphinxcode{\sphinxupquote{/usr/local/var/krb5kdc}} -with the name of the KDC state directory. -\end{sphinxadmonition} - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZsh{}!/bin/sh - -kdclist = \PYGZdq{}kerberos\PYGZhy{}1.mit.edu kerberos\PYGZhy{}2.mit.edu\PYGZdq{} - -kdb5\PYGZus{}util dump /usr/local/var/krb5kdc/replica\PYGZus{}datatrans - -for kdc in \PYGZdl{}kdclist -do - kprop \PYGZhy{}f /usr/local/var/krb5kdc/replica\PYGZus{}datatrans \PYGZdl{}kdc -done -\end{sphinxVerbatim} - -\sphinxAtStartPar -You will need to set up a cron job to run this script at the intervals -you decided on earlier (see {\hyperref[\detokenize{admin/realm_config:db-prop}]{\sphinxcrossref{\DUrole{std,std-ref}{Database propagation}}}}). - -\sphinxAtStartPar -Now that the replica KDC has a copy of the Kerberos database, you can -start the krb5kdc daemon: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{krb5kdc} -\end{sphinxVerbatim} - -\sphinxAtStartPar -As with the primary KDC, you will probably want to add this command to -the KDCs’ \sphinxcode{\sphinxupquote{/etc/rc}} or \sphinxcode{\sphinxupquote{/etc/inittab}} files, so they will start -the krb5kdc daemon automatically at boot time. - - -\subparagraph{Propagation failed?} -\label{\detokenize{admin/install_kdc:propagation-failed}} -\sphinxAtStartPar -You may encounter the following error messages. For a more detailed -discussion on possible causes and solutions click on the error link -to be redirected to {\hyperref[\detokenize{admin/troubleshoot:troubleshoot}]{\sphinxcrossref{\DUrole{std,std-ref}{Troubleshooting}}}} section. -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/troubleshoot:kprop-no-route}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop: No route to host while connecting to server}}}} - -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/troubleshoot:kprop-con-refused}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop: Connection refused while connecting to server}}}} - -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/troubleshoot:kprop-sendauth-exchange}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop: Server rejected authentication (during sendauth exchange) while authenticating to server}}}} - -\end{enumerate} - - -\subsubsection{Add Kerberos principals to the database} -\label{\detokenize{admin/install_kdc:add-kerberos-principals-to-the-database}} -\sphinxAtStartPar -Once your KDCs are set up and running, you are ready to use -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} to load principals for your users, hosts, and other -services into the Kerberos database. This procedure is described -fully in {\hyperref[\detokenize{admin/database:principals}]{\sphinxcrossref{\DUrole{std,std-ref}{Principals}}}}. - -\sphinxAtStartPar -You may occasionally want to use one of your replica KDCs as the -primary. This might happen if you are upgrading the primary KDC, or -if your primary KDC has a disk crash. See the following section for -the instructions. - - -\subsubsection{Switching primary and replica KDCs} -\label{\detokenize{admin/install_kdc:switching-primary-and-replica-kdcs}}\label{\detokenize{admin/install_kdc:switch-primary-replica}} -\sphinxAtStartPar -You may occasionally want to use one of your replica KDCs as the -primary. This might happen if you are upgrading the primary KDC, or -if your primary KDC has a disk crash. - -\sphinxAtStartPar -Assuming you have configured all of your KDCs to be able to function -as either the primary KDC or a replica KDC (as this document -recommends), all you need to do to make the changeover is: - -\sphinxAtStartPar -If the primary KDC is still running, do the following on the \sphinxstyleemphasis{old} -primary KDC: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -Kill the kadmind process. - -\item {} -\sphinxAtStartPar -Disable the cron job that propagates the database. - -\item {} -\sphinxAtStartPar -Run your database propagation script manually, to ensure that the -replicas all have the latest copy of the database (see -{\hyperref[\detokenize{admin/install_kdc:kprop-to-replicas}]{\sphinxcrossref{\DUrole{std,std-ref}{Propagate the database to each replica KDC}}}}). - -\end{enumerate} - -\sphinxAtStartPar -On the \sphinxstyleemphasis{new} primary KDC: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -Start the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} daemon (see {\hyperref[\detokenize{admin/install_kdc:start-kdc-daemons}]{\sphinxcrossref{\DUrole{std,std-ref}{Start the Kerberos daemons on the primary KDC}}}}). - -\item {} -\sphinxAtStartPar -Set up the cron job to propagate the database (see -{\hyperref[\detokenize{admin/install_kdc:kprop-to-replicas}]{\sphinxcrossref{\DUrole{std,std-ref}{Propagate the database to each replica KDC}}}}). - -\item {} -\sphinxAtStartPar -Switch the CNAMEs of the old and new primary KDCs. If you can’t do -this, you’ll need to change the {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} file on every -client machine in your Kerberos realm. - -\end{enumerate} - - -\subsubsection{Incremental database propagation} -\label{\detokenize{admin/install_kdc:incremental-database-propagation}} -\sphinxAtStartPar -If you expect your Kerberos database to become large, you may wish to -set up incremental propagation to replica KDCs. See -{\hyperref[\detokenize{admin/database:incr-db-prop}]{\sphinxcrossref{\DUrole{std,std-ref}{Incremental database propagation}}}} for details. - - -\subsection{Installing and configuring UNIX client machines} -\label{\detokenize{admin/install_clients:installing-and-configuring-unix-client-machines}}\label{\detokenize{admin/install_clients::doc}} -\sphinxAtStartPar -The Kerberized client programs include \DUrole{xref,std,std-ref}{kinit(1)}, -\DUrole{xref,std,std-ref}{klist(1)}, \DUrole{xref,std,std-ref}{kdestroy(1)}, and \DUrole{xref,std,std-ref}{kpasswd(1)}. All of -these programs are in the directory {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{BINDIR}}}}. - -\sphinxAtStartPar -You can often integrate Kerberos with the login system on client -machines, typically through the use of PAM. The details vary by -operating system, and should be covered in your operating system’s -documentation. If you do this, you will need to make sure your users -know to use their Kerberos passwords when they log in. - -\sphinxAtStartPar -You will also need to educate your users to use the ticket management -programs kinit, klist, and kdestroy. If you do not have Kerberos -password changing integrated into the native password program (again, -typically through PAM), you will need to educate users to use kpasswd -in place of its non\sphinxhyphen{}Kerberos counterparts passwd. - - -\subsubsection{Client machine configuration files} -\label{\detokenize{admin/install_clients:client-machine-configuration-files}} -\sphinxAtStartPar -Each machine running Kerberos should have a {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} file. -At a minimum, it should define a \sphinxstylestrong{default\_realm} setting in -{\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}}. If you are not using DNS SRV records -({\hyperref[\detokenize{admin/realm_config:kdc-hostnames}]{\sphinxcrossref{\DUrole{std,std-ref}{Hostnames for KDCs}}}}) or URI records ({\hyperref[\detokenize{admin/realm_config:kdc-discovery}]{\sphinxcrossref{\DUrole{std,std-ref}{KDC Discovery}}}}), it must -also contain a {\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} section containing information for your -realm’s KDCs. - -\sphinxAtStartPar -Consider setting \sphinxstylestrong{rdns} to false in order to reduce your dependence -on precisely correct DNS information for service hostnames. Turning -this flag off means that service hostnames will be canonicalized -through forward name resolution (which adds your domain name to -unqualified hostnames, and resolves CNAME records in DNS), but not -through reverse address lookup. The default value of this flag is -true for historical reasons only. - -\sphinxAtStartPar -If you anticipate users frequently logging into remote hosts -(e.g., using ssh) using forwardable credentials, consider setting -\sphinxstylestrong{forwardable} to true so that users obtain forwardable tickets by -default. Otherwise users will need to use \sphinxcode{\sphinxupquote{kinit \sphinxhyphen{}f}} to get -forwardable tickets. - -\sphinxAtStartPar -Consider adjusting the \sphinxstylestrong{ticket\_lifetime} setting to match the likely -length of sessions for your users. For instance, if most of your -users will be logging in for an eight\sphinxhyphen{}hour workday, you could set the -default to ten hours so that tickets obtained in the morning expire -shortly after the end of the workday. Users can still manually -request longer tickets when necessary, up to the maximum allowed by -each user’s principal record on the KDC. - -\sphinxAtStartPar -If a client host may access services in different realms, it may be -useful to define a {\hyperref[\detokenize{admin/conf_files/krb5_conf:domain-realm}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}domain\_realm{]}}}}} mapping so that clients know -which hosts belong to which realms. However, if your clients and KDC -are running release 1.7 or later, it is also reasonable to leave this -section out on client machines and just define it in the KDC’s -krb5.conf. - - -\subsection{UNIX Application Servers} -\label{\detokenize{admin/install_appl_srv:unix-application-servers}}\label{\detokenize{admin/install_appl_srv::doc}} -\sphinxAtStartPar -An application server is a host that provides one or more services -over the network. Application servers can be “secure†or “insecure.†-A “secure†host is set up to require authentication from every client -connecting to it. An “insecure†host will still provide Kerberos -authentication, but will also allow unauthenticated clients to -connect. - -\sphinxAtStartPar -If you have Kerberos V5 installed on all of your client machines, MIT -recommends that you make your hosts secure, to take advantage of the -security that Kerberos authentication affords. However, if you have -some clients that do not have Kerberos V5 installed, you can run an -insecure server, and still take advantage of Kerberos V5’s single -sign\sphinxhyphen{}on capability. - - -\subsubsection{The keytab file} -\label{\detokenize{admin/install_appl_srv:the-keytab-file}}\label{\detokenize{admin/install_appl_srv:keytab-file}} -\sphinxAtStartPar -All Kerberos server machines need a keytab file to authenticate to the -KDC. By default on UNIX\sphinxhyphen{}like systems this file is named {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFKTNAME}}}}. -The keytab file is an local copy of the host’s key. The keytab file -is a potential point of entry for a break\sphinxhyphen{}in, and if compromised, -would allow unrestricted access to its host. The keytab file should -be readable only by root, and should exist only on the machine’s local -disk. The file should not be part of any backup of the machine, -unless access to the backup data is secured as tightly as access to -the machine’s root password. - -\sphinxAtStartPar -In order to generate a keytab for a host, the host must have a -principal in the Kerberos database. The procedure for adding hosts to -the database is described fully in {\hyperref[\detokenize{admin/database:principals}]{\sphinxcrossref{\DUrole{std,std-ref}{Principals}}}}. (See -{\hyperref[\detokenize{admin/install_kdc:replica-host-key}]{\sphinxcrossref{\DUrole{std,std-ref}{Create host keytabs for replica KDCs}}}} for a brief description.) The keytab is -generated by running {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} and issuing the {\hyperref[\detokenize{admin/admin_commands/kadmin_local:ktadd}]{\sphinxcrossref{\DUrole{std,std-ref}{ktadd}}}} -command. - -\sphinxAtStartPar -For example, to generate a keytab file to allow the host -\sphinxcode{\sphinxupquote{trillium.mit.edu}} to authenticate for the services host, ftp, and -pop, the administrator \sphinxcode{\sphinxupquote{joeadmin}} would issue the command (on -\sphinxcode{\sphinxupquote{trillium.mit.edu}}): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{trillium}\PYG{o}{\PYGZpc{}} \PYG{n}{kadmin} -\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{root}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{root}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{ktadd} \PYG{n}{host}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{ftp}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{pop}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{ftp}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{pop}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{quit} -\PYG{n}{trillium}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If you generate the keytab file on another host, you need to get a -copy of the keytab file onto the destination host (\sphinxcode{\sphinxupquote{trillium}}, in -the above example) without sending it unencrypted over the network. - - -\subsubsection{Some advice about secure hosts} -\label{\detokenize{admin/install_appl_srv:some-advice-about-secure-hosts}} -\sphinxAtStartPar -Kerberos V5 can protect your host from certain types of break\sphinxhyphen{}ins, but -it is possible to install Kerberos V5 and still leave your host -vulnerable to attack. Obviously an installation guide is not the -place to try to include an exhaustive list of countermeasures for -every possible attack, but it is worth noting some of the larger holes -and how to close them. - -\sphinxAtStartPar -We recommend that backups of secure machines exclude the keytab file -({\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFKTNAME}}}}). If this is not possible, the backups should at least be -done locally, rather than over a network, and the backup tapes should -be physically secured. - -\sphinxAtStartPar -The keytab file and any programs run by root, including the Kerberos -V5 binaries, should be kept on local disk. The keytab file should be -readable only by root. - - -\section{Additional references} -\label{\detokenize{admin/install:additional-references}}\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -Debian: \sphinxhref{http://techpubs.spinlocksolutions.com/dklar/kerberos.html}{Setting up MIT Kerberos 5} - -\item {} -\sphinxAtStartPar -Solaris: \sphinxhref{https://docs.oracle.com/cd/E19253-01/816-4557/6maosrjv2/index.html}{Configuring the Kerberos Service} - -\end{enumerate} - - -\chapter{Configuration Files} -\label{\detokenize{admin/conf_files/index:configuration-files}}\label{\detokenize{admin/conf_files/index::doc}} -\sphinxAtStartPar -Kerberos uses configuration files to allow administrators to specify -settings on a per\sphinxhyphen{}machine basis. {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} applies to all -applications using the Kerboros library, on clients and servers. -For KDC\sphinxhyphen{}specific applications, additional settings can be specified in -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}; the two files are merged into a configuration profile -used by applications accessing the KDC database directly. {\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}} -is also only used on the KDC, it controls permissions for modifying the -KDC database. - - -\section{Contents} -\label{\detokenize{admin/conf_files/index:contents}} - -\subsection{krb5.conf} -\label{\detokenize{admin/conf_files/krb5_conf:krb5-conf}}\label{\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}}\label{\detokenize{admin/conf_files/krb5_conf::doc}} -\sphinxAtStartPar -The krb5.conf file contains Kerberos configuration information, -including the locations of KDCs and admin servers for the Kerberos -realms of interest, defaults for the current realm and for Kerberos -applications, and mappings of hostnames onto Kerberos realms. -Normally, you should install your krb5.conf file in the directory -\sphinxcode{\sphinxupquote{/etc}}. You can override the default location by setting the -environment variable \sphinxstylestrong{KRB5\_CONFIG}. Multiple colon\sphinxhyphen{}separated -filenames may be specified in \sphinxstylestrong{KRB5\_CONFIG}; all files which are -present will be read. Starting in release 1.14, directory names can -also be specified in \sphinxstylestrong{KRB5\_CONFIG}; all files within the directory -whose names consist solely of alphanumeric characters, dashes, or -underscores will be read. - - -\subsubsection{Structure} -\label{\detokenize{admin/conf_files/krb5_conf:structure}} -\sphinxAtStartPar -The krb5.conf file is set up in the style of a Windows INI file. -Lines beginning with ‘\#’ or ‘;’ (possibly after initial whitespace) -are ignored as comments. Sections are headed by the section name, in -square brackets. Each section may contain zero or more relations, of -the form: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{foo} \PYG{o}{=} \PYG{n}{bar} -\end{sphinxVerbatim} - -\sphinxAtStartPar -or: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{fubar} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{foo} \PYG{o}{=} \PYG{n}{bar} - \PYG{n}{baz} \PYG{o}{=} \PYG{n}{quux} -\PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Placing a ‘*’ after the closing bracket of a section name indicates -that the section is \sphinxstyleemphasis{final}, meaning that if the same section appears -within a later file specified in \sphinxstylestrong{KRB5\_CONFIG}, it will be ignored. -A subsection can be marked as final by placing a ‘*’ after either the -tag name or the closing brace. - -\sphinxAtStartPar -The krb5.conf file can include other files using either of the -following directives at the beginning of a line: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{include} \PYG{n}{FILENAME} -\PYG{n}{includedir} \PYG{n}{DIRNAME} -\end{sphinxVerbatim} - -\sphinxAtStartPar -\sphinxstyleemphasis{FILENAME} or \sphinxstyleemphasis{DIRNAME} should be an absolute path. The named file or -directory must exist and be readable. Including a directory includes -all files within the directory whose names consist solely of -alphanumeric characters, dashes, or underscores. Starting in release -1.15, files with names ending in “.conf†are also included, unless the -name begins with “.â€. Included profile files are syntactically -independent of their parents, so each included file must begin with a -section header. Starting in release 1.17, files are read in -alphanumeric order; in previous releases, they may be read in any -order. - -\sphinxAtStartPar -The krb5.conf file can specify that configuration should be obtained -from a loadable module, rather than the file itself, using the -following directive at the beginning of a line before any section -headers: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{module} \PYG{n}{MODULEPATH}\PYG{p}{:}\PYG{n}{RESIDUAL} -\end{sphinxVerbatim} - -\sphinxAtStartPar -\sphinxstyleemphasis{MODULEPATH} may be relative to the library path of the krb5 -installation, or it may be an absolute path. \sphinxstyleemphasis{RESIDUAL} is provided -to the module at initialization time. If krb5.conf uses a module -directive, {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} should also use one if it exists. - - -\subsubsection{Sections} -\label{\detokenize{admin/conf_files/krb5_conf:sections}} -\sphinxAtStartPar -The krb5.conf file may contain the following sections: - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}} -& -\sphinxAtStartPar -Settings used by the Kerberos V5 library -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} -& -\sphinxAtStartPar -Realm\sphinxhyphen{}specific contact information and settings -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/krb5_conf:domain-realm}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}domain\_realm{]}}}}} -& -\sphinxAtStartPar -Maps server hostnames to Kerberos realms -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/krb5_conf:capaths}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}capaths{]}}}}} -& -\sphinxAtStartPar -Authentication paths for non\sphinxhyphen{}hierarchical cross\sphinxhyphen{}realm -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/krb5_conf:appdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}appdefaults{]}}}}} -& -\sphinxAtStartPar -Settings used by some Kerberos V5 applications -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/krb5_conf:plugins}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}plugins{]}}}}} -& -\sphinxAtStartPar -Controls plugin module registration -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - -\sphinxAtStartPar -Additionally, krb5.conf may include any of the relations described in -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}, but it is not a recommended practice. - - -\paragraph{{[}libdefaults{]}} -\label{\detokenize{admin/conf_files/krb5_conf:libdefaults}}\label{\detokenize{admin/conf_files/krb5_conf:id1}} -\sphinxAtStartPar -The libdefaults section may contain any of the following relations: -\begin{description} -\item[{\sphinxstylestrong{allow\_des3}}] \leavevmode -\sphinxAtStartPar -Permit the KDC to issue tickets with des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 session keys. -In future releases, this flag will allow des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 to be used -at all. The default value for this tag is false. (Added in -release 1.21.) - -\item[{\sphinxstylestrong{allow\_rc4}}] \leavevmode -\sphinxAtStartPar -Permit the KDC to issue tickets with arcfour\sphinxhyphen{}hmac session keys. -In future releases, this flag will allow arcfour\sphinxhyphen{}hmac to be used -at all. The default value for this tag is false. (Added in -release 1.21.) - -\item[{\sphinxstylestrong{allow\_weak\_crypto}}] \leavevmode -\sphinxAtStartPar -If this flag is set to false, then weak encryption types (as noted -in {\hyperref[\detokenize{admin/conf_files/kdc_conf:encryption-types}]{\sphinxcrossref{\DUrole{std,std-ref}{Encryption types}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}) will be filtered -out of the lists \sphinxstylestrong{default\_tgs\_enctypes}, -\sphinxstylestrong{default\_tkt\_enctypes}, and \sphinxstylestrong{permitted\_enctypes}. The default -value for this tag is false. - -\item[{\sphinxstylestrong{canonicalize}}] \leavevmode -\sphinxAtStartPar -If this flag is set to true, initial ticket requests to the KDC -will request canonicalization of the client principal name, and -answers with different client principals than the requested -principal will be accepted. The default value is false. - -\item[{\sphinxstylestrong{ccache\_type}}] \leavevmode -\sphinxAtStartPar -This parameter determines the format of credential cache types -created by \DUrole{xref,std,std-ref}{kinit(1)} or other programs. The default value -is 4, which represents the most current format. Smaller values -can be used for compatibility with very old implementations of -Kerberos which interact with credential caches on the same host. - -\item[{\sphinxstylestrong{clockskew}}] \leavevmode -\sphinxAtStartPar -Sets the maximum allowable amount of clockskew in seconds that the -library will tolerate before assuming that a Kerberos message is -invalid. The default value is 300 seconds, or five minutes. - -\sphinxAtStartPar -The clockskew setting is also used when evaluating ticket start -and expiration times. For example, tickets that have reached -their expiration time can still be used (and renewed if they are -renewable tickets) if they have been expired for a shorter -duration than the \sphinxstylestrong{clockskew} setting. - -\item[{\sphinxstylestrong{default\_ccache\_name}}] \leavevmode -\sphinxAtStartPar -This relation specifies the name of the default credential cache. -The default is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFCCNAME}}}}. This relation is subject to parameter -expansion (see below). New in release 1.11. - -\item[{\sphinxstylestrong{default\_client\_keytab\_name}}] \leavevmode -\sphinxAtStartPar -This relation specifies the name of the default keytab for -obtaining client credentials. The default is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFCKTNAME}}}}. This -relation is subject to parameter expansion (see below). -New in release 1.11. - -\item[{\sphinxstylestrong{default\_keytab\_name}}] \leavevmode -\sphinxAtStartPar -This relation specifies the default keytab name to be used by -application servers such as sshd. The default is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFKTNAME}}}}. This -relation is subject to parameter expansion (see below). - -\item[{\sphinxstylestrong{default\_rcache\_name}}] \leavevmode -\sphinxAtStartPar -This relation specifies the name of the default replay cache. -The default is \sphinxcode{\sphinxupquote{dfl:}}. This relation is subject to parameter -expansion (see below). New in release 1.18. - -\item[{\sphinxstylestrong{default\_realm}}] \leavevmode -\sphinxAtStartPar -Identifies the default Kerberos realm for the client. Set its -value to your Kerberos realm. If this value is not set, then a -realm must be specified with every Kerberos principal when -invoking programs such as \DUrole{xref,std,std-ref}{kinit(1)}. - -\item[{\sphinxstylestrong{default\_tgs\_enctypes}}] \leavevmode -\sphinxAtStartPar -Identifies the supported list of session key encryption types that -the client should request when making a TGS\sphinxhyphen{}REQ, in order of -preference from highest to lowest. The list may be delimited with -commas or whitespace. See {\hyperref[\detokenize{admin/conf_files/kdc_conf:encryption-types}]{\sphinxcrossref{\DUrole{std,std-ref}{Encryption types}}}} in -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} for a list of the accepted values for this tag. -Starting in release 1.18, the default value is the value of -\sphinxstylestrong{permitted\_enctypes}. For previous releases or if -\sphinxstylestrong{permitted\_enctypes} is not set, the default value is -\sphinxcode{\sphinxupquote{aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha384\sphinxhyphen{}192 aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha256\sphinxhyphen{}128 des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 arcfour\sphinxhyphen{}hmac\sphinxhyphen{}md5 camellia256\sphinxhyphen{}cts\sphinxhyphen{}cmac camellia128\sphinxhyphen{}cts\sphinxhyphen{}cmac}}. - -\sphinxAtStartPar -Do not set this unless required for specific backward -compatibility purposes; stale values of this setting can prevent -clients from taking advantage of new stronger enctypes when the -libraries are upgraded. - -\item[{\sphinxstylestrong{default\_tkt\_enctypes}}] \leavevmode -\sphinxAtStartPar -Identifies the supported list of session key encryption types that -the client should request when making an AS\sphinxhyphen{}REQ, in order of -preference from highest to lowest. The format is the same as for -default\_tgs\_enctypes. Starting in release 1.18, the default -value is the value of \sphinxstylestrong{permitted\_enctypes}. For previous -releases or if \sphinxstylestrong{permitted\_enctypes} is not set, the default -value is \sphinxcode{\sphinxupquote{aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha384\sphinxhyphen{}192 aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha256\sphinxhyphen{}128 des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 arcfour\sphinxhyphen{}hmac\sphinxhyphen{}md5 camellia256\sphinxhyphen{}cts\sphinxhyphen{}cmac camellia128\sphinxhyphen{}cts\sphinxhyphen{}cmac}}. - -\sphinxAtStartPar -Do not set this unless required for specific backward -compatibility purposes; stale values of this setting can prevent -clients from taking advantage of new stronger enctypes when the -libraries are upgraded. - -\item[{\sphinxstylestrong{dns\_canonicalize\_hostname}}] \leavevmode -\sphinxAtStartPar -Indicate whether name lookups will be used to canonicalize -hostnames for use in service principal names. Setting this flag -to false can improve security by reducing reliance on DNS, but -means that short hostnames will not be canonicalized to -fully\sphinxhyphen{}qualified hostnames. If this option is set to \sphinxcode{\sphinxupquote{fallback}} (new -in release 1.18), DNS canonicalization will only be performed the -server hostname is not found with the original name when -requesting credentials. The default value is true. - -\item[{\sphinxstylestrong{dns\_lookup\_kdc}}] \leavevmode -\sphinxAtStartPar -Indicate whether DNS SRV records should be used to locate the KDCs -and other servers for a realm, if they are not listed in the -krb5.conf information for the realm. (Note that the admin\_server -entry must be in the krb5.conf realm information in order to -contact kadmind, because the DNS implementation for kadmin is -incomplete.) - -\sphinxAtStartPar -Enabling this option does open up a type of denial\sphinxhyphen{}of\sphinxhyphen{}service -attack, if someone spoofs the DNS records and redirects you to -another server. However, it’s no worse than a denial of service, -because that fake KDC will be unable to decode anything you send -it (besides the initial ticket request, which has no encrypted -data), and anything the fake KDC sends will not be trusted without -verification using some secret that it won’t know. - -\item[{\sphinxstylestrong{dns\_uri\_lookup}}] \leavevmode -\sphinxAtStartPar -Indicate whether DNS URI records should be used to locate the KDCs -and other servers for a realm, if they are not listed in the -krb5.conf information for the realm. SRV records are used as a -fallback if no URI records were found. The default value is true. -New in release 1.15. - -\item[{\sphinxstylestrong{enforce\_ok\_as\_delegate}}] \leavevmode -\sphinxAtStartPar -If this flag to true, GSSAPI credential delegation will be -disabled when the \sphinxcode{\sphinxupquote{ok\sphinxhyphen{}as\sphinxhyphen{}delegate}} flag is not set in the -service ticket. If this flag is false, the \sphinxcode{\sphinxupquote{ok\sphinxhyphen{}as\sphinxhyphen{}delegate}} -ticket flag is only enforced when an application specifically -requests enforcement. The default value is false. - -\item[{\sphinxstylestrong{err\_fmt}}] \leavevmode -\sphinxAtStartPar -This relation allows for custom error message formatting. If a -value is set, error messages will be formatted by substituting a -normal error message for \%M and an error code for \%C in the value. - -\item[{\sphinxstylestrong{extra\_addresses}}] \leavevmode -\sphinxAtStartPar -This allows a computer to use multiple local addresses, in order -to allow Kerberos to work in a network that uses NATs while still -using address\sphinxhyphen{}restricted tickets. The addresses should be in a -comma\sphinxhyphen{}separated list. This option has no effect if -\sphinxstylestrong{noaddresses} is true. - -\item[{\sphinxstylestrong{forwardable}}] \leavevmode -\sphinxAtStartPar -If this flag is true, initial tickets will be forwardable by -default, if allowed by the KDC. The default value is false. - -\item[{\sphinxstylestrong{ignore\_acceptor\_hostname}}] \leavevmode -\sphinxAtStartPar -When accepting GSSAPI or krb5 security contexts for host\sphinxhyphen{}based -service principals, ignore any hostname passed by the calling -application, and allow clients to authenticate to any service -principal in the keytab matching the service name and realm name -(if given). This option can improve the administrative -flexibility of server applications on multihomed hosts, but could -compromise the security of virtual hosting environments. The -default value is false. New in release 1.10. - -\item[{\sphinxstylestrong{k5login\_authoritative}}] \leavevmode -\sphinxAtStartPar -If this flag is true, principals must be listed in a local user’s -k5login file to be granted login access, if a \DUrole{xref,std,std-ref}{.k5login(5)} -file exists. If this flag is false, a principal may still be -granted login access through other mechanisms even if a k5login -file exists but does not list the principal. The default value is -true. - -\item[{\sphinxstylestrong{k5login\_directory}}] \leavevmode -\sphinxAtStartPar -If set, the library will look for a local user’s k5login file -within the named directory, with a filename corresponding to the -local username. If not set, the library will look for k5login -files in the user’s home directory, with the filename .k5login. -For security reasons, .k5login files must be owned by -the local user or by root. - -\item[{\sphinxstylestrong{kcm\_mach\_service}}] \leavevmode -\sphinxAtStartPar -On macOS only, determines the name of the bootstrap service used to -contact the KCM daemon for the KCM credential cache type. If the -value is \sphinxcode{\sphinxupquote{\sphinxhyphen{}}}, Mach RPC will not be used to contact the KCM -daemon. The default value is \sphinxcode{\sphinxupquote{org.h5l.kcm}}. - -\item[{\sphinxstylestrong{kcm\_socket}}] \leavevmode -\sphinxAtStartPar -Determines the path to the Unix domain socket used to access the -KCM daemon for the KCM credential cache type. If the value is -\sphinxcode{\sphinxupquote{\sphinxhyphen{}}}, Unix domain sockets will not be used to contact the KCM -daemon. The default value is -\sphinxcode{\sphinxupquote{/var/run/.heim\_org.h5l.kcm\sphinxhyphen{}socket}}. - -\item[{\sphinxstylestrong{kdc\_default\_options}}] \leavevmode -\sphinxAtStartPar -Default KDC options (Xored for multiple values) when requesting -initial tickets. By default it is set to 0x00000010 -(KDC\_OPT\_RENEWABLE\_OK). - -\item[{\sphinxstylestrong{kdc\_timesync}}] \leavevmode -\sphinxAtStartPar -Accepted values for this relation are 1 or 0. If it is nonzero, -client machines will compute the difference between their time and -the time returned by the KDC in the timestamps in the tickets and -use this value to correct for an inaccurate system clock when -requesting service tickets or authenticating to services. This -corrective factor is only used by the Kerberos library; it is not -used to change the system clock. The default value is 1. - -\item[{\sphinxstylestrong{noaddresses}}] \leavevmode -\sphinxAtStartPar -If this flag is true, requests for initial tickets will not be -made with address restrictions set, allowing the tickets to be -used across NATs. The default value is true. - -\item[{\sphinxstylestrong{permitted\_enctypes}}] \leavevmode -\sphinxAtStartPar -Identifies the encryption types that servers will permit for -session keys and for ticket and authenticator encryption, ordered -by preference from highest to lowest. Starting in release 1.18, -this tag also acts as the default value for -\sphinxstylestrong{default\_tgs\_enctypes} and \sphinxstylestrong{default\_tkt\_enctypes}. The -default value for this tag is \sphinxcode{\sphinxupquote{aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha384\sphinxhyphen{}192 aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha256\sphinxhyphen{}128 des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 arcfour\sphinxhyphen{}hmac\sphinxhyphen{}md5 camellia256\sphinxhyphen{}cts\sphinxhyphen{}cmac camellia128\sphinxhyphen{}cts\sphinxhyphen{}cmac}}. - -\item[{\sphinxstylestrong{plugin\_base\_dir}}] \leavevmode -\sphinxAtStartPar -If set, determines the base directory where krb5 plugins are -located. The default value is the \sphinxcode{\sphinxupquote{krb5/plugins}} subdirectory -of the krb5 library directory. This relation is subject to -parameter expansion (see below) in release 1.17 and later. - -\item[{\sphinxstylestrong{preferred\_preauth\_types}}] \leavevmode -\sphinxAtStartPar -This allows you to set the preferred preauthentication types which -the client will attempt before others which may be advertised by a -KDC. The default value for this setting is “17, 16, 15, 14â€, -which forces libkrb5 to attempt to use PKINIT if it is supported. - -\item[{\sphinxstylestrong{proxiable}}] \leavevmode -\sphinxAtStartPar -If this flag is true, initial tickets will be proxiable by -default, if allowed by the KDC. The default value is false. - -\item[{\sphinxstylestrong{qualify\_shortname}}] \leavevmode -\sphinxAtStartPar -If this string is set, it determines the domain suffix for -single\sphinxhyphen{}component hostnames when DNS canonicalization is not used -(either because \sphinxstylestrong{dns\_canonicalize\_hostname} is false or because -forward canonicalization failed). The default value is the first -search domain of the system’s DNS configuration. To disable -qualification of shortnames, set this relation to the empty string -with \sphinxcode{\sphinxupquote{qualify\_shortname = ""}}. (New in release 1.18.) - -\item[{\sphinxstylestrong{rdns}}] \leavevmode -\sphinxAtStartPar -If this flag is true, reverse name lookup will be used in addition -to forward name lookup to canonicalizing hostnames for use in -service principal names. If \sphinxstylestrong{dns\_canonicalize\_hostname} is set -to false, this flag has no effect. The default value is true. - -\item[{\sphinxstylestrong{realm\_try\_domains}}] \leavevmode -\sphinxAtStartPar -Indicate whether a host’s domain components should be used to -determine the Kerberos realm of the host. The value of this -variable is an integer: \sphinxhyphen{}1 means not to search, 0 means to try the -host’s domain itself, 1 means to also try the domain’s immediate -parent, and so forth. The library’s usual mechanism for locating -Kerberos realms is used to determine whether a domain is a valid -realm, which may involve consulting DNS if \sphinxstylestrong{dns\_lookup\_kdc} is -set. The default is not to search domain components. - -\item[{\sphinxstylestrong{renew\_lifetime}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} string.) Sets the default renewable lifetime -for initial ticket requests. The default value is 0. - -\item[{\sphinxstylestrong{spake\_preauth\_groups}}] \leavevmode -\sphinxAtStartPar -A whitespace or comma\sphinxhyphen{}separated list of words which specifies the -groups allowed for SPAKE preauthentication. The possible values -are: - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -edwards25519 -& -\sphinxAtStartPar -Edwards25519 curve (\index{RFC@\spxentry{RFC}!RFC 7748@\spxentry{RFC 7748}}\sphinxhref{https://tools.ietf.org/html/rfc7748.html}{\sphinxstylestrong{RFC 7748}}) -\\ -\hline -\sphinxAtStartPar -P\sphinxhyphen{}256 -& -\sphinxAtStartPar -NIST P\sphinxhyphen{}256 curve (\index{RFC@\spxentry{RFC}!RFC 5480@\spxentry{RFC 5480}}\sphinxhref{https://tools.ietf.org/html/rfc5480.html}{\sphinxstylestrong{RFC 5480}}) -\\ -\hline -\sphinxAtStartPar -P\sphinxhyphen{}384 -& -\sphinxAtStartPar -NIST P\sphinxhyphen{}384 curve (\index{RFC@\spxentry{RFC}!RFC 5480@\spxentry{RFC 5480}}\sphinxhref{https://tools.ietf.org/html/rfc5480.html}{\sphinxstylestrong{RFC 5480}}) -\\ -\hline -\sphinxAtStartPar -P\sphinxhyphen{}521 -& -\sphinxAtStartPar -NIST P\sphinxhyphen{}521 curve (\index{RFC@\spxentry{RFC}!RFC 5480@\spxentry{RFC 5480}}\sphinxhref{https://tools.ietf.org/html/rfc5480.html}{\sphinxstylestrong{RFC 5480}}) -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - -\sphinxAtStartPar -The default value for the client is \sphinxcode{\sphinxupquote{edwards25519}}. The default -value for the KDC is empty. New in release 1.17. - -\item[{\sphinxstylestrong{ticket\_lifetime}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} string.) Sets the default lifetime for initial -ticket requests. The default value is 1 day. - -\item[{\sphinxstylestrong{udp\_preference\_limit}}] \leavevmode -\sphinxAtStartPar -When sending a message to the KDC, the library will try using TCP -before UDP if the size of the message is above -\sphinxstylestrong{udp\_preference\_limit}. If the message is smaller than -\sphinxstylestrong{udp\_preference\_limit}, then UDP will be tried before TCP. -Regardless of the size, both protocols will be tried if the first -attempt fails. - -\item[{\sphinxstylestrong{verify\_ap\_req\_nofail}}] \leavevmode -\sphinxAtStartPar -If this flag is true, then an attempt to verify initial -credentials will fail if the client machine does not have a -keytab. The default value is false. - -\item[{\sphinxstylestrong{client\_aware\_channel\_bindings}}] \leavevmode -\sphinxAtStartPar -If this flag is true, then all application protocol authentication -requests will be flagged to indicate that the application supports -channel bindings when operating over a secure channel. The -default value is false. - -\end{description} - - -\paragraph{{[}realms{]}} -\label{\detokenize{admin/conf_files/krb5_conf:realms}}\label{\detokenize{admin/conf_files/krb5_conf:id2}} -\sphinxAtStartPar -Each tag in the {[}realms{]} section of the file is the name of a Kerberos -realm. The value of the tag is a subsection with relations that -define the properties of that particular realm. For each realm, the -following tags may be specified in the realm’s subsection: -\begin{description} -\item[{\sphinxstylestrong{admin\_server}}] \leavevmode -\sphinxAtStartPar -Identifies the host where the administration server is running. -Typically, this is the primary Kerberos server. This tag must be -given a value in order to communicate with the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} -server for the realm. - -\item[{\sphinxstylestrong{auth\_to\_local}}] \leavevmode -\sphinxAtStartPar -This tag allows you to set a general rule for mapping principal -names to local user names. It will be used if there is not an -explicit mapping for the principal name that is being -translated. The possible values are: -\begin{description} -\item[{\sphinxstylestrong{RULE:}\sphinxstyleemphasis{exp}}] \leavevmode -\sphinxAtStartPar -The local name will be formulated from \sphinxstyleemphasis{exp}. - -\sphinxAtStartPar -The format for \sphinxstyleemphasis{exp} is \sphinxstylestrong{{[}}\sphinxstyleemphasis{n}\sphinxstylestrong{:}\sphinxstyleemphasis{string}\sphinxstylestrong{{]}(}\sphinxstyleemphasis{regexp}\sphinxstylestrong{)s/}\sphinxstyleemphasis{pattern}\sphinxstylestrong{/}\sphinxstyleemphasis{replacement}\sphinxstylestrong{/g}. -The integer \sphinxstyleemphasis{n} indicates how many components the target -principal should have. If this matches, then a string will be -formed from \sphinxstyleemphasis{string}, substituting the realm of the principal -for \sphinxcode{\sphinxupquote{\$0}} and the \sphinxstyleemphasis{n}’th component of the principal for -\sphinxcode{\sphinxupquote{\$n}} (e.g., if the principal was \sphinxcode{\sphinxupquote{johndoe/admin}} then -\sphinxcode{\sphinxupquote{{[}2:\$2\$1foo{]}}} would result in the string -\sphinxcode{\sphinxupquote{adminjohndoefoo}}). If this string matches \sphinxstyleemphasis{regexp}, then -the \sphinxcode{\sphinxupquote{s//{[}g{]}}} substitution command will be run over the -string. The optional \sphinxstylestrong{g} will cause the substitution to be -global over the \sphinxstyleemphasis{string}, instead of replacing only the first -match in the \sphinxstyleemphasis{string}. - -\item[{\sphinxstylestrong{DEFAULT}}] \leavevmode -\sphinxAtStartPar -The principal name will be used as the local user name. If -the principal has more than one component or is not in the -default realm, this rule is not applicable and the conversion -will fail. - -\end{description} - -\sphinxAtStartPar -For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -[realms] - ATHENA.MIT.EDU = \PYGZob{} - auth\PYGZus{}to\PYGZus{}local = RULE:[2:\PYGZdl{}1](johndoe)s/\PYGZca{}.*\PYGZdl{}/guest/ - auth\PYGZus{}to\PYGZus{}local = RULE:[2:\PYGZdl{}1;\PYGZdl{}2](\PYGZca{}.*;admin\PYGZdl{})s/;admin\PYGZdl{}// - auth\PYGZus{}to\PYGZus{}local = RULE:[2:\PYGZdl{}2](\PYGZca{}.*;root)s/\PYGZca{}.*\PYGZdl{}/root/ - auth\PYGZus{}to\PYGZus{}local = DEFAULT - \PYGZcb{} -\end{sphinxVerbatim} - -\sphinxAtStartPar -would result in any principal without \sphinxcode{\sphinxupquote{root}} or \sphinxcode{\sphinxupquote{admin}} as the -second component to be translated with the default rule. A -principal with a second component of \sphinxcode{\sphinxupquote{admin}} will become its -first component. \sphinxcode{\sphinxupquote{root}} will be used as the local name for any -principal with a second component of \sphinxcode{\sphinxupquote{root}}. The exception to -these two rules are any principals \sphinxcode{\sphinxupquote{johndoe/*}}, which will -always get the local name \sphinxcode{\sphinxupquote{guest}}. - -\item[{\sphinxstylestrong{auth\_to\_local\_names}}] \leavevmode -\sphinxAtStartPar -This subsection allows you to set explicit mappings from principal -names to local user names. The tag is the mapping name, and the -value is the corresponding local user name. - -\item[{\sphinxstylestrong{default\_domain}}] \leavevmode -\sphinxAtStartPar -This tag specifies the domain used to expand hostnames when -translating Kerberos 4 service principals to Kerberos 5 principals -(for example, when converting \sphinxcode{\sphinxupquote{rcmd.hostname}} to -\sphinxcode{\sphinxupquote{host/hostname.domain}}). - -\item[{\sphinxstylestrong{disable\_encrypted\_timestamp}}] \leavevmode -\sphinxAtStartPar -If this flag is true, the client will not perform encrypted -timestamp preauthentication if requested by the KDC. Setting this -flag can help to prevent dictionary attacks by active attackers, -if the realm’s KDCs support SPAKE preauthentication or if initial -authentication always uses another mechanism or always uses FAST. -This flag persists across client referrals during initial -authentication. This flag does not prevent the KDC from offering -encrypted timestamp. New in release 1.17. - -\item[{\sphinxstylestrong{http\_anchors}}] \leavevmode -\sphinxAtStartPar -When KDCs and kpasswd servers are accessed through HTTPS proxies, this tag -can be used to specify the location of the CA certificate which should be -trusted to issue the certificate for a proxy server. If left unspecified, -the system\sphinxhyphen{}wide default set of CA certificates is used. - -\sphinxAtStartPar -The syntax for values is similar to that of values for the -\sphinxstylestrong{pkinit\_anchors} tag: - -\sphinxAtStartPar -\sphinxstylestrong{FILE:} \sphinxstyleemphasis{filename} - -\sphinxAtStartPar -\sphinxstyleemphasis{filename} is assumed to be the name of an OpenSSL\sphinxhyphen{}style ca\sphinxhyphen{}bundle file. - -\sphinxAtStartPar -\sphinxstylestrong{DIR:} \sphinxstyleemphasis{dirname} - -\sphinxAtStartPar -\sphinxstyleemphasis{dirname} is assumed to be an directory which contains CA certificates. -All files in the directory will be examined; if they contain certificates -(in PEM format), they will be used. - -\sphinxAtStartPar -\sphinxstylestrong{ENV:} \sphinxstyleemphasis{envvar} - -\sphinxAtStartPar -\sphinxstyleemphasis{envvar} specifies the name of an environment variable which has been set -to a value conforming to one of the previous values. For example, -\sphinxcode{\sphinxupquote{ENV:X509\_PROXY\_CA}}, where environment variable \sphinxcode{\sphinxupquote{X509\_PROXY\_CA}} has -been set to \sphinxcode{\sphinxupquote{FILE:/tmp/my\_proxy.pem}}. - -\item[{\sphinxstylestrong{kdc}}] \leavevmode -\sphinxAtStartPar -The name or address of a host running a KDC for that realm. An -optional port number, separated from the hostname by a colon, may -be included. If the name or address contains colons (for example, -if it is an IPv6 address), enclose it in square brackets to -distinguish the colon from a port separator. For your computer to -be able to communicate with the KDC for each realm, this tag must -be given a value in each realm subsection in the configuration -file, or there must be DNS SRV records specifying the KDCs. - -\item[{\sphinxstylestrong{kpasswd\_server}}] \leavevmode -\sphinxAtStartPar -Points to the server where all the password changes are performed. -If there is no such entry, DNS will be queried (unless forbidden -by \sphinxstylestrong{dns\_lookup\_kdc}). Finally, port 464 on the \sphinxstylestrong{admin\_server} -host will be tried. - -\item[{\sphinxstylestrong{master\_kdc}}] \leavevmode -\sphinxAtStartPar -The name for \sphinxstylestrong{primary\_kdc} prior to release 1.19. Its value is -used as a fallback if \sphinxstylestrong{primary\_kdc} is not specified. - -\item[{\sphinxstylestrong{primary\_kdc}}] \leavevmode -\sphinxAtStartPar -Identifies the primary KDC(s). Currently, this tag is used in only -one case: If an attempt to get credentials fails because of an -invalid password, the client software will attempt to contact the -primary KDC, in case the user’s password has just been changed, and -the updated database has not been propagated to the replica -servers yet. New in release 1.19. - -\item[{\sphinxstylestrong{v4\_instance\_convert}}] \leavevmode -\sphinxAtStartPar -This subsection allows the administrator to configure exceptions -to the \sphinxstylestrong{default\_domain} mapping rule. It contains V4 instances -(the tag name) which should be translated to some specific -hostname (the tag value) as the second component in a Kerberos V5 -principal name. - -\item[{\sphinxstylestrong{v4\_realm}}] \leavevmode -\sphinxAtStartPar -This relation is used by the krb524 library routines when -converting a V5 principal name to a V4 principal name. It is used -when the V4 realm name and the V5 realm name are not the same, but -still share the same principal names and passwords. The tag value -is the Kerberos V4 realm name. - -\end{description} - - -\paragraph{{[}domain\_realm{]}} -\label{\detokenize{admin/conf_files/krb5_conf:domain-realm}}\label{\detokenize{admin/conf_files/krb5_conf:id3}} -\sphinxAtStartPar -The {[}domain\_realm{]} section provides a translation from hostnames to -Kerberos realms. Each tag is a domain name, providing the mapping for -that domain and all subdomains. If the tag begins with a period -(\sphinxcode{\sphinxupquote{.}}) then it applies only to subdomains. The Kerberos realm may be -identified either in the {\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{realms}}} section or using DNS SRV records. -Tag names should be in lower case. For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{domain\PYGZus{}realm}\PYG{p}{]} - \PYG{n}{crash}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{o}{=} \PYG{n}{TEST}\PYG{o}{.}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - \PYG{o}{.}\PYG{n}{dev}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{o}{=} \PYG{n}{TEST}\PYG{o}{.}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - \PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{o}{=} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\end{sphinxVerbatim} - -\sphinxAtStartPar -maps the host with the name \sphinxcode{\sphinxupquote{crash.mit.edu}} into the -\sphinxcode{\sphinxupquote{TEST.ATHENA.MIT.EDU}} realm. The second entry maps all hosts under the -domain \sphinxcode{\sphinxupquote{dev.mit.edu}} into the \sphinxcode{\sphinxupquote{TEST.ATHENA.MIT.EDU}} realm, but not -the host with the name \sphinxcode{\sphinxupquote{dev.mit.edu}}. That host is matched -by the third entry, which maps the host \sphinxcode{\sphinxupquote{mit.edu}} and all hosts -under the domain \sphinxcode{\sphinxupquote{mit.edu}} that do not match a preceding rule -into the realm \sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}}. - -\sphinxAtStartPar -If no translation entry applies to a hostname used for a service -principal for a service ticket request, the library will try to get a -referral to the appropriate realm from the client realm’s KDC. If -that does not succeed, the host’s realm is considered to be the -hostname’s domain portion converted to uppercase, unless the -\sphinxstylestrong{realm\_try\_domains} setting in {[}libdefaults{]} causes a different -parent domain to be used. - - -\paragraph{{[}capaths{]}} -\label{\detokenize{admin/conf_files/krb5_conf:capaths}}\label{\detokenize{admin/conf_files/krb5_conf:id4}} -\sphinxAtStartPar -In order to perform direct (non\sphinxhyphen{}hierarchical) cross\sphinxhyphen{}realm -authentication, configuration is needed to determine the -authentication paths between realms. - -\sphinxAtStartPar -A client will use this section to find the authentication path between -its realm and the realm of the server. The server will use this -section to verify the authentication path used by the client, by -checking the transited field of the received ticket. - -\sphinxAtStartPar -There is a tag for each participating client realm, and each tag has -subtags for each of the server realms. The value of the subtags is an -intermediate realm which may participate in the cross\sphinxhyphen{}realm -authentication. The subtags may be repeated if there is more then one -intermediate realm. A value of “.†means that the two realms share -keys directly, and no intermediate realms should be allowed to -participate. - -\sphinxAtStartPar -Only those entries which will be needed on the client or the server -need to be present. A client needs a tag for its local realm with -subtags for all the realms of servers it will need to authenticate to. -A server needs a tag for each realm of the clients it will serve, with -a subtag of the server realm. - -\sphinxAtStartPar -For example, \sphinxcode{\sphinxupquote{ANL.GOV}}, \sphinxcode{\sphinxupquote{PNL.GOV}}, and \sphinxcode{\sphinxupquote{NERSC.GOV}} all wish to -use the \sphinxcode{\sphinxupquote{ES.NET}} realm as an intermediate realm. ANL has a sub -realm of \sphinxcode{\sphinxupquote{TEST.ANL.GOV}} which will authenticate with \sphinxcode{\sphinxupquote{NERSC.GOV}} -but not \sphinxcode{\sphinxupquote{PNL.GOV}}. The {[}capaths{]} section for \sphinxcode{\sphinxupquote{ANL.GOV}} systems -would look like this: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{capaths}\PYG{p}{]} - \PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{TEST}\PYG{o}{.}\PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{o}{.} - \PYG{n}{PNL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} - \PYG{n}{NERSC}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} - \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} \PYG{o}{=} \PYG{o}{.} - \PYG{p}{\PYGZcb{}} - \PYG{n}{TEST}\PYG{o}{.}\PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{o}{.} - \PYG{p}{\PYGZcb{}} - \PYG{n}{PNL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} - \PYG{p}{\PYGZcb{}} - \PYG{n}{NERSC}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} - \PYG{p}{\PYGZcb{}} - \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{o}{.} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The {[}capaths{]} section of the configuration file used on \sphinxcode{\sphinxupquote{NERSC.GOV}} -systems would look like this: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{capaths}\PYG{p}{]} - \PYG{n}{NERSC}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} - \PYG{n}{TEST}\PYG{o}{.}\PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} - \PYG{n}{TEST}\PYG{o}{.}\PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} - \PYG{n}{PNL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} - \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} \PYG{o}{=} \PYG{o}{.} - \PYG{p}{\PYGZcb{}} - \PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{NERSC}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} - \PYG{p}{\PYGZcb{}} - \PYG{n}{PNL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{NERSC}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} - \PYG{p}{\PYGZcb{}} - \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{NERSC}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{o}{.} - \PYG{p}{\PYGZcb{}} - \PYG{n}{TEST}\PYG{o}{.}\PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{NERSC}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ANL}\PYG{o}{.}\PYG{n}{GOV} - \PYG{n}{NERSC}\PYG{o}{.}\PYG{n}{GOV} \PYG{o}{=} \PYG{n}{ES}\PYG{o}{.}\PYG{n}{NET} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -When a subtag is used more than once within a tag, clients will use -the order of values to determine the path. The order of values is not -important to servers. - - -\paragraph{{[}appdefaults{]}} -\label{\detokenize{admin/conf_files/krb5_conf:appdefaults}}\label{\detokenize{admin/conf_files/krb5_conf:id5}} -\sphinxAtStartPar -Each tag in the {[}appdefaults{]} section names a Kerberos V5 application -or an option that is used by some Kerberos V5 application{[}s{]}. The -value of the tag defines the default behaviors for that application. - -\sphinxAtStartPar -For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{appdefaults}\PYG{p}{]} - \PYG{n}{telnet} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{option1} \PYG{o}{=} \PYG{n}{false} - \PYG{p}{\PYGZcb{}} - \PYG{p}{\PYGZcb{}} - \PYG{n}{telnet} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{option1} \PYG{o}{=} \PYG{n}{true} - \PYG{n}{option2} \PYG{o}{=} \PYG{n}{true} - \PYG{p}{\PYGZcb{}} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{option2} \PYG{o}{=} \PYG{n}{false} - \PYG{p}{\PYGZcb{}} - \PYG{n}{option2} \PYG{o}{=} \PYG{n}{true} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The above four ways of specifying the value of an option are shown in -order of decreasing precedence. In this example, if telnet is running -in the realm EXAMPLE.COM, it should, by default, have option1 and -option2 set to true. However, a telnet program in the realm -\sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}} should have \sphinxcode{\sphinxupquote{option1}} set to false and -\sphinxcode{\sphinxupquote{option2}} set to true. Any other programs in ATHENA.MIT.EDU should -have \sphinxcode{\sphinxupquote{option2}} set to false by default. Any programs running in -other realms should have \sphinxcode{\sphinxupquote{option2}} set to true. - -\sphinxAtStartPar -The list of specifiable options for each application may be found in -that application’s man pages. The application defaults specified here -are overridden by those specified in the {\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{realms}}} section. - - -\paragraph{{[}plugins{]}} -\label{\detokenize{admin/conf_files/krb5_conf:plugins}}\label{\detokenize{admin/conf_files/krb5_conf:id6}}\begin{itemize} -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/krb5_conf:pwqual}]{\sphinxcrossref{pwqual}}} interface - -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/krb5_conf:kadm5-hook}]{\sphinxcrossref{kadm5\_hook}}} interface - -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/krb5_conf:clpreauth}]{\sphinxcrossref{clpreauth}}} and {\hyperref[\detokenize{admin/conf_files/krb5_conf:kdcpreauth}]{\sphinxcrossref{kdcpreauth}}} interfaces - -\end{itemize} - -\sphinxAtStartPar -Tags in the {[}plugins{]} section can be used to register dynamic plugin -modules and to turn modules on and off. Not every krb5 pluggable -interface uses the {[}plugins{]} section; the ones that do are documented -here. - -\sphinxAtStartPar -New in release 1.9. - -\sphinxAtStartPar -Each pluggable interface corresponds to a subsection of {[}plugins{]}. -All subsections support the same tags: -\begin{description} -\item[{\sphinxstylestrong{disable}}] \leavevmode -\sphinxAtStartPar -This tag may have multiple values. If there are values for this -tag, then the named modules will be disabled for the pluggable -interface. - -\item[{\sphinxstylestrong{enable\_only}}] \leavevmode -\sphinxAtStartPar -This tag may have multiple values. If there are values for this -tag, then only the named modules will be enabled for the pluggable -interface. - -\item[{\sphinxstylestrong{module}}] \leavevmode -\sphinxAtStartPar -This tag may have multiple values. Each value is a string of the -form \sphinxcode{\sphinxupquote{modulename:pathname}}, which causes the shared object -located at \sphinxstyleemphasis{pathname} to be registered as a dynamic module named -\sphinxstyleemphasis{modulename} for the pluggable interface. If \sphinxstyleemphasis{pathname} is not an -absolute path, it will be treated as relative to the -\sphinxstylestrong{plugin\_base\_dir} value from {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}}. - -\end{description} - -\sphinxAtStartPar -For pluggable interfaces where module order matters, modules -registered with a \sphinxstylestrong{module} tag normally come first, in the order -they are registered, followed by built\sphinxhyphen{}in modules in the order they -are documented below. If \sphinxstylestrong{enable\_only} tags are used, then the -order of those tags overrides the normal module order. - -\sphinxAtStartPar -The following subsections are currently supported within the {[}plugins{]} -section: - - -\subparagraph{ccselect interface} -\label{\detokenize{admin/conf_files/krb5_conf:ccselect-interface}}\label{\detokenize{admin/conf_files/krb5_conf:ccselect}} -\sphinxAtStartPar -The ccselect subsection controls modules for credential cache -selection within a cache collection. In addition to any registered -dynamic modules, the following built\sphinxhyphen{}in modules exist (and may be -disabled with the disable tag): -\begin{description} -\item[{\sphinxstylestrong{k5identity}}] \leavevmode -\sphinxAtStartPar -Uses a .k5identity file in the user’s home directory to select a -client principal - -\item[{\sphinxstylestrong{realm}}] \leavevmode -\sphinxAtStartPar -Uses the service realm to guess an appropriate cache from the -collection - -\item[{\sphinxstylestrong{hostname}}] \leavevmode -\sphinxAtStartPar -If the service principal is host\sphinxhyphen{}based, uses the service hostname -to guess an appropriate cache from the collection - -\end{description} - - -\subparagraph{pwqual interface} -\label{\detokenize{admin/conf_files/krb5_conf:pwqual-interface}}\label{\detokenize{admin/conf_files/krb5_conf:pwqual}} -\sphinxAtStartPar -The pwqual subsection controls modules for the password quality -interface, which is used to reject weak passwords when passwords are -changed. The following built\sphinxhyphen{}in modules exist for this interface: -\begin{description} -\item[{\sphinxstylestrong{dict}}] \leavevmode -\sphinxAtStartPar -Checks against the realm dictionary file - -\item[{\sphinxstylestrong{empty}}] \leavevmode -\sphinxAtStartPar -Rejects empty passwords - -\item[{\sphinxstylestrong{hesiod}}] \leavevmode -\sphinxAtStartPar -Checks against user information stored in Hesiod (only if Kerberos -was built with Hesiod support) - -\item[{\sphinxstylestrong{princ}}] \leavevmode -\sphinxAtStartPar -Checks against components of the principal name - -\end{description} - - -\subparagraph{kadm5\_hook interface} -\label{\detokenize{admin/conf_files/krb5_conf:kadm5-hook-interface}}\label{\detokenize{admin/conf_files/krb5_conf:kadm5-hook}} -\sphinxAtStartPar -The kadm5\_hook interface provides plugins with information on -principal creation, modification, password changes and deletion. This -interface can be used to write a plugin to synchronize MIT Kerberos -with another database such as Active Directory. No plugins are built -in for this interface. - - -\subparagraph{kadm5\_auth interface} -\label{\detokenize{admin/conf_files/krb5_conf:kadm5-auth-interface}}\label{\detokenize{admin/conf_files/krb5_conf:kadm5-auth}} -\sphinxAtStartPar -The kadm5\_auth section (introduced in release 1.16) controls modules -for the kadmin authorization interface, which determines whether a -client principal is allowed to perform a kadmin operation. The -following built\sphinxhyphen{}in modules exist for this interface: -\begin{description} -\item[{\sphinxstylestrong{acl}}] \leavevmode -\sphinxAtStartPar -This module reads the {\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}} file, and authorizes -operations which are allowed according to the rules in the file. - -\item[{\sphinxstylestrong{self}}] \leavevmode -\sphinxAtStartPar -This module authorizes self\sphinxhyphen{}service operations including password -changes, creation of new random keys, fetching the client’s -principal record or string attributes, and fetching the policy -record associated with the client principal. - -\end{description} - - -\subparagraph{clpreauth and kdcpreauth interfaces} -\label{\detokenize{admin/conf_files/krb5_conf:clpreauth-and-kdcpreauth-interfaces}}\label{\detokenize{admin/conf_files/krb5_conf:kdcpreauth}}\label{\detokenize{admin/conf_files/krb5_conf:clpreauth}} -\sphinxAtStartPar -The clpreauth and kdcpreauth interfaces allow plugin modules to -provide client and KDC preauthentication mechanisms. The following -built\sphinxhyphen{}in modules exist for these interfaces: -\begin{description} -\item[{\sphinxstylestrong{pkinit}}] \leavevmode -\sphinxAtStartPar -This module implements the PKINIT preauthentication mechanism. - -\item[{\sphinxstylestrong{encrypted\_challenge}}] \leavevmode -\sphinxAtStartPar -This module implements the encrypted challenge FAST factor. - -\item[{\sphinxstylestrong{encrypted\_timestamp}}] \leavevmode -\sphinxAtStartPar -This module implements the encrypted timestamp mechanism. - -\end{description} - - -\subparagraph{hostrealm interface} -\label{\detokenize{admin/conf_files/krb5_conf:hostrealm-interface}}\label{\detokenize{admin/conf_files/krb5_conf:hostrealm}} -\sphinxAtStartPar -The hostrealm section (introduced in release 1.12) controls modules -for the host\sphinxhyphen{}to\sphinxhyphen{}realm interface, which affects the local mapping of -hostnames to realm names and the choice of default realm. The following -built\sphinxhyphen{}in modules exist for this interface: -\begin{description} -\item[{\sphinxstylestrong{profile}}] \leavevmode -\sphinxAtStartPar -This module consults the {[}domain\_realm{]} section of the profile for -authoritative host\sphinxhyphen{}to\sphinxhyphen{}realm mappings, and the \sphinxstylestrong{default\_realm} -variable for the default realm. - -\item[{\sphinxstylestrong{dns}}] \leavevmode -\sphinxAtStartPar -This module looks for DNS records for fallback host\sphinxhyphen{}to\sphinxhyphen{}realm -mappings and the default realm. It only operates if the -\sphinxstylestrong{dns\_lookup\_realm} variable is set to true. - -\item[{\sphinxstylestrong{domain}}] \leavevmode -\sphinxAtStartPar -This module applies heuristics for fallback host\sphinxhyphen{}to\sphinxhyphen{}realm -mappings. It implements the \sphinxstylestrong{realm\_try\_domains} variable, and -uses the uppercased parent domain of the hostname if that does not -produce a result. - -\end{description} - - -\subparagraph{localauth interface} -\label{\detokenize{admin/conf_files/krb5_conf:localauth-interface}}\label{\detokenize{admin/conf_files/krb5_conf:localauth}} -\sphinxAtStartPar -The localauth section (introduced in release 1.12) controls modules -for the local authorization interface, which affects the relationship -between Kerberos principals and local system accounts. The following -built\sphinxhyphen{}in modules exist for this interface: -\begin{description} -\item[{\sphinxstylestrong{default}}] \leavevmode -\sphinxAtStartPar -This module implements the \sphinxstylestrong{DEFAULT} type for \sphinxstylestrong{auth\_to\_local} -values. - -\item[{\sphinxstylestrong{rule}}] \leavevmode -\sphinxAtStartPar -This module implements the \sphinxstylestrong{RULE} type for \sphinxstylestrong{auth\_to\_local} -values. - -\item[{\sphinxstylestrong{names}}] \leavevmode -\sphinxAtStartPar -This module looks for an \sphinxstylestrong{auth\_to\_local\_names} mapping for the -principal name. - -\item[{\sphinxstylestrong{auth\_to\_local}}] \leavevmode -\sphinxAtStartPar -This module processes \sphinxstylestrong{auth\_to\_local} values in the default -realm’s section, and applies the default method if no -\sphinxstylestrong{auth\_to\_local} values exist. - -\item[{\sphinxstylestrong{k5login}}] \leavevmode -\sphinxAtStartPar -This module authorizes a principal to a local account according to -the account’s \DUrole{xref,std,std-ref}{.k5login(5)} file. - -\item[{\sphinxstylestrong{an2ln}}] \leavevmode -\sphinxAtStartPar -This module authorizes a principal to a local account if the -principal name maps to the local account name. - -\end{description} - - -\subparagraph{certauth interface} -\label{\detokenize{admin/conf_files/krb5_conf:certauth-interface}}\label{\detokenize{admin/conf_files/krb5_conf:certauth}} -\sphinxAtStartPar -The certauth section (introduced in release 1.16) controls modules for -the certificate authorization interface, which determines whether a -certificate is allowed to preauthenticate a user via PKINIT. The -following built\sphinxhyphen{}in modules exist for this interface: -\begin{description} -\item[{\sphinxstylestrong{pkinit\_san}}] \leavevmode -\sphinxAtStartPar -This module authorizes the certificate if it contains a PKINIT -Subject Alternative Name for the requested client principal, or a -Microsoft UPN SAN matching the principal if \sphinxstylestrong{pkinit\_allow\_upn} -is set to true for the realm. - -\item[{\sphinxstylestrong{pkinit\_eku}}] \leavevmode -\sphinxAtStartPar -This module rejects the certificate if it does not contain an -Extended Key Usage attribute consistent with the -\sphinxstylestrong{pkinit\_eku\_checking} value for the realm. - -\item[{\sphinxstylestrong{dbmatch}}] \leavevmode -\sphinxAtStartPar -This module authorizes or rejects the certificate according to -whether it matches the \sphinxstylestrong{pkinit\_cert\_match} string attribute on -the client principal, if that attribute is present. - -\end{description} - - -\subsubsection{PKINIT options} -\label{\detokenize{admin/conf_files/krb5_conf:pkinit-options}} -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The following are PKINIT\sphinxhyphen{}specific options. These values may -be specified in {[}libdefaults{]} as global defaults, or within -a realm\sphinxhyphen{}specific subsection of {[}libdefaults{]}, or may be -specified as realm\sphinxhyphen{}specific values in the {[}realms{]} section. -A realm\sphinxhyphen{}specific value overrides, not adds to, a generic -{[}libdefaults{]} specification. The search order is: -\end{sphinxadmonition} -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -realm\sphinxhyphen{}specific subsection of {[}libdefaults{]}: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{libdefaults}\PYG{p}{]} - \PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{pkinit\PYGZus{}anchors} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com}\PYG{o}{.}\PYG{n}{crt} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\item {} -\sphinxAtStartPar -realm\sphinxhyphen{}specific value in the {[}realms{]} section: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{OTHERREALM}\PYG{o}{.}\PYG{n}{ORG} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{pkinit\PYGZus{}anchors} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{otherrealm}\PYG{o}{.}\PYG{n}{org}\PYG{o}{.}\PYG{n}{crt} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\item {} -\sphinxAtStartPar -generic value in the {[}libdefaults{]} section: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{libdefaults}\PYG{p}{]} - \PYG{n}{pkinit\PYGZus{}anchors} \PYG{o}{=} \PYG{n}{DIR}\PYG{p}{:}\PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{generic\PYGZus{}trusted\PYGZus{}cas}\PYG{o}{/} -\end{sphinxVerbatim} - -\end{enumerate} - - -\paragraph{Specifying PKINIT identity information} -\label{\detokenize{admin/conf_files/krb5_conf:specifying-pkinit-identity-information}}\label{\detokenize{admin/conf_files/krb5_conf:pkinit-identity}} -\sphinxAtStartPar -The syntax for specifying Public Key identity, trust, and revocation -information for PKINIT is as follows: -\begin{description} -\item[{\sphinxstylestrong{FILE:}\sphinxstyleemphasis{filename}{[}\sphinxstylestrong{,}\sphinxstyleemphasis{keyfilename}{]}}] \leavevmode -\sphinxAtStartPar -This option has context\sphinxhyphen{}specific behavior. - -\sphinxAtStartPar -In \sphinxstylestrong{pkinit\_identity} or \sphinxstylestrong{pkinit\_identities}, \sphinxstyleemphasis{filename} -specifies the name of a PEM\sphinxhyphen{}format file containing the user’s -certificate. If \sphinxstyleemphasis{keyfilename} is not specified, the user’s -private key is expected to be in \sphinxstyleemphasis{filename} as well. Otherwise, -\sphinxstyleemphasis{keyfilename} is the name of the file containing the private key. - -\sphinxAtStartPar -In \sphinxstylestrong{pkinit\_anchors} or \sphinxstylestrong{pkinit\_pool}, \sphinxstyleemphasis{filename} is assumed to -be the name of an OpenSSL\sphinxhyphen{}style ca\sphinxhyphen{}bundle file. - -\item[{\sphinxstylestrong{DIR:}\sphinxstyleemphasis{dirname}}] \leavevmode -\sphinxAtStartPar -This option has context\sphinxhyphen{}specific behavior. - -\sphinxAtStartPar -In \sphinxstylestrong{pkinit\_identity} or \sphinxstylestrong{pkinit\_identities}, \sphinxstyleemphasis{dirname} -specifies a directory with files named \sphinxcode{\sphinxupquote{*.crt}} and \sphinxcode{\sphinxupquote{*.key}} -where the first part of the file name is the same for matching -pairs of certificate and private key files. When a file with a -name ending with \sphinxcode{\sphinxupquote{.crt}} is found, a matching file ending with -\sphinxcode{\sphinxupquote{.key}} is assumed to contain the private key. If no such file -is found, then the certificate in the \sphinxcode{\sphinxupquote{.crt}} is not used. - -\sphinxAtStartPar -In \sphinxstylestrong{pkinit\_anchors} or \sphinxstylestrong{pkinit\_pool}, \sphinxstyleemphasis{dirname} is assumed to -be an OpenSSL\sphinxhyphen{}style hashed CA directory where each CA cert is -stored in a file named \sphinxcode{\sphinxupquote{hash\sphinxhyphen{}of\sphinxhyphen{}ca\sphinxhyphen{}cert.\#}}. This infrastructure -is encouraged, but all files in the directory will be examined and -if they contain certificates (in PEM format), they will be used. - -\sphinxAtStartPar -In \sphinxstylestrong{pkinit\_revoke}, \sphinxstyleemphasis{dirname} is assumed to be an OpenSSL\sphinxhyphen{}style -hashed CA directory where each revocation list is stored in a file -named \sphinxcode{\sphinxupquote{hash\sphinxhyphen{}of\sphinxhyphen{}ca\sphinxhyphen{}cert.r\#}}. This infrastructure is encouraged, -but all files in the directory will be examined and if they -contain a revocation list (in PEM format), they will be used. - -\item[{\sphinxstylestrong{PKCS12:}\sphinxstyleemphasis{filename}}] \leavevmode -\sphinxAtStartPar -\sphinxstyleemphasis{filename} is the name of a PKCS \#12 format file, containing the -user’s certificate and private key. - -\item[{\sphinxstylestrong{PKCS11:}{[}\sphinxstylestrong{module\_name=}{]}\sphinxstyleemphasis{modname}{[}\sphinxstylestrong{:slotid=}\sphinxstyleemphasis{slot\sphinxhyphen{}id}{]}{[}\sphinxstylestrong{:token=}\sphinxstyleemphasis{token\sphinxhyphen{}label}{]}{[}\sphinxstylestrong{:certid=}\sphinxstyleemphasis{cert\sphinxhyphen{}id}{]}{[}\sphinxstylestrong{:certlabel=}\sphinxstyleemphasis{cert\sphinxhyphen{}label}{]}}] \leavevmode -\sphinxAtStartPar -All keyword/values are optional. \sphinxstyleemphasis{modname} specifies the location -of a library implementing PKCS \#11. If a value is encountered -with no keyword, it is assumed to be the \sphinxstyleemphasis{modname}. If no -module\sphinxhyphen{}name is specified, the default is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{PKCS11\_MODNAME}}}}. -\sphinxcode{\sphinxupquote{slotid=}} and/or \sphinxcode{\sphinxupquote{token=}} may be specified to force the use of -a particular smard card reader or token if there is more than one -available. \sphinxcode{\sphinxupquote{certid=}} and/or \sphinxcode{\sphinxupquote{certlabel=}} may be specified to -force the selection of a particular certificate on the device. -See the \sphinxstylestrong{pkinit\_cert\_match} configuration option for more ways -to select a particular certificate to use for PKINIT. - -\item[{\sphinxstylestrong{ENV:}\sphinxstyleemphasis{envvar}}] \leavevmode -\sphinxAtStartPar -\sphinxstyleemphasis{envvar} specifies the name of an environment variable which has -been set to a value conforming to one of the previous values. For -example, \sphinxcode{\sphinxupquote{ENV:X509\_PROXY}}, where environment variable -\sphinxcode{\sphinxupquote{X509\_PROXY}} has been set to \sphinxcode{\sphinxupquote{FILE:/tmp/my\_proxy.pem}}. - -\end{description} - - -\paragraph{PKINIT krb5.conf options} -\label{\detokenize{admin/conf_files/krb5_conf:pkinit-krb5-conf-options}}\begin{description} -\item[{\sphinxstylestrong{pkinit\_anchors}}] \leavevmode -\sphinxAtStartPar -Specifies the location of trusted anchor (root) certificates which -the client trusts to sign KDC certificates. This option may be -specified multiple times. These values from the config file are -not used if the user specifies X509\_anchors on the command line. - -\item[{\sphinxstylestrong{pkinit\_cert\_match}}] \leavevmode -\sphinxAtStartPar -Specifies matching rules that the client certificate must match -before it is used to attempt PKINIT authentication. If a user has -multiple certificates available (on a smart card, or via other -media), there must be exactly one certificate chosen before -attempting PKINIT authentication. This option may be specified -multiple times. All the available certificates are checked -against each rule in order until there is a match of exactly one -certificate. - -\sphinxAtStartPar -The Subject and Issuer comparison strings are the \index{RFC@\spxentry{RFC}!RFC 2253@\spxentry{RFC 2253}}\sphinxhref{https://tools.ietf.org/html/rfc2253.html}{\sphinxstylestrong{RFC 2253}} -string representations from the certificate Subject DN and Issuer -DN values. - -\sphinxAtStartPar -The syntax of the matching rules is: -\begin{quote} - -\sphinxAtStartPar -{[}\sphinxstyleemphasis{relation\sphinxhyphen{}operator}{]}\sphinxstyleemphasis{component\sphinxhyphen{}rule} … -\end{quote} - -\sphinxAtStartPar -where: -\begin{description} -\item[{\sphinxstyleemphasis{relation\sphinxhyphen{}operator}}] \leavevmode -\sphinxAtStartPar -can be either \sphinxcode{\sphinxupquote{\&\&}}, meaning all component rules must match, -or \sphinxcode{\sphinxupquote{||}}, meaning only one component rule must match. The -default is \sphinxcode{\sphinxupquote{\&\&}}. - -\item[{\sphinxstyleemphasis{component\sphinxhyphen{}rule}}] \leavevmode -\sphinxAtStartPar -can be one of the following. Note that there is no -punctuation or whitespace between component rules. -\begin{quote} - -\begin{DUlineblock}{0em} -\item[] \sphinxstylestrong{\textless{}SUBJECT\textgreater{}}\sphinxstyleemphasis{regular\sphinxhyphen{}expression} -\item[] \sphinxstylestrong{\textless{}ISSUER\textgreater{}}\sphinxstyleemphasis{regular\sphinxhyphen{}expression} -\item[] \sphinxstylestrong{\textless{}SAN\textgreater{}}\sphinxstyleemphasis{regular\sphinxhyphen{}expression} -\item[] \sphinxstylestrong{\textless{}EKU\textgreater{}}\sphinxstyleemphasis{extended\sphinxhyphen{}key\sphinxhyphen{}usage\sphinxhyphen{}list} -\item[] \sphinxstylestrong{\textless{}KU\textgreater{}}\sphinxstyleemphasis{key\sphinxhyphen{}usage\sphinxhyphen{}list} -\end{DUlineblock} -\end{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{extended\sphinxhyphen{}key\sphinxhyphen{}usage\sphinxhyphen{}list} is a comma\sphinxhyphen{}separated list of -required Extended Key Usage values. All values in the list -must be present in the certificate. Extended Key Usage values -can be: -\begin{itemize} -\item {} -\sphinxAtStartPar -pkinit - -\item {} -\sphinxAtStartPar -msScLogin - -\item {} -\sphinxAtStartPar -clientAuth - -\item {} -\sphinxAtStartPar -emailProtection - -\end{itemize} - -\sphinxAtStartPar -\sphinxstyleemphasis{key\sphinxhyphen{}usage\sphinxhyphen{}list} is a comma\sphinxhyphen{}separated list of required Key -Usage values. All values in the list must be present in the -certificate. Key Usage values can be: -\begin{itemize} -\item {} -\sphinxAtStartPar -digitalSignature - -\item {} -\sphinxAtStartPar -keyEncipherment - -\end{itemize} - -\end{description} - -\sphinxAtStartPar -Examples: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{pkinit\PYGZus{}cert\PYGZus{}match} \PYG{o}{=} \PYG{o}{|}\PYG{o}{|}\PYG{o}{\PYGZlt{}}\PYG{n}{SUBJECT}\PYG{o}{\PYGZgt{}}\PYG{o}{.}\PYG{o}{*}\PYG{n}{DoE}\PYG{o}{.}\PYG{o}{*}\PYG{o}{\PYGZlt{}}\PYG{n}{SAN}\PYG{o}{\PYGZgt{}}\PYG{o}{.}\PYG{o}{*}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{pkinit\PYGZus{}cert\PYGZus{}match} \PYG{o}{=} \PYG{o}{\PYGZam{}}\PYG{o}{\PYGZam{}}\PYG{o}{\PYGZlt{}}\PYG{n}{EKU}\PYG{o}{\PYGZgt{}}\PYG{n}{msScLogin}\PYG{p}{,}\PYG{n}{clientAuth}\PYG{o}{\PYGZlt{}}\PYG{n}{ISSUER}\PYG{o}{\PYGZgt{}}\PYG{o}{.}\PYG{o}{*}\PYG{n}{DoE}\PYG{o}{.}\PYG{o}{*} -\PYG{n}{pkinit\PYGZus{}cert\PYGZus{}match} \PYG{o}{=} \PYG{o}{\PYGZlt{}}\PYG{n}{EKU}\PYG{o}{\PYGZgt{}}\PYG{n}{msScLogin}\PYG{p}{,}\PYG{n}{clientAuth}\PYG{o}{\PYGZlt{}}\PYG{n}{KU}\PYG{o}{\PYGZgt{}}\PYG{n}{digitalSignature} -\end{sphinxVerbatim} - -\item[{\sphinxstylestrong{pkinit\_eku\_checking}}] \leavevmode -\sphinxAtStartPar -This option specifies what Extended Key Usage value the KDC -certificate presented to the client must contain. (Note that if -the KDC certificate has the pkinit SubjectAlternativeName encoded -as the Kerberos TGS name, EKU checking is not necessary since the -issuing CA has certified this as a KDC certificate.) The values -recognized in the krb5.conf file are: -\begin{description} -\item[{\sphinxstylestrong{kpKDC}}] \leavevmode -\sphinxAtStartPar -This is the default value and specifies that the KDC must have -the id\sphinxhyphen{}pkinit\sphinxhyphen{}KPKdc EKU as defined in \index{RFC@\spxentry{RFC}!RFC 4556@\spxentry{RFC 4556}}\sphinxhref{https://tools.ietf.org/html/rfc4556.html}{\sphinxstylestrong{RFC 4556}}. - -\item[{\sphinxstylestrong{kpServerAuth}}] \leavevmode -\sphinxAtStartPar -If \sphinxstylestrong{kpServerAuth} is specified, a KDC certificate with the -id\sphinxhyphen{}kp\sphinxhyphen{}serverAuth EKU will be accepted. This key usage value -is used in most commercially issued server certificates. - -\item[{\sphinxstylestrong{none}}] \leavevmode -\sphinxAtStartPar -If \sphinxstylestrong{none} is specified, then the KDC certificate will not be -checked to verify it has an acceptable EKU. The use of this -option is not recommended. - -\end{description} - -\item[{\sphinxstylestrong{pkinit\_dh\_min\_bits}}] \leavevmode -\sphinxAtStartPar -Specifies the size of the Diffie\sphinxhyphen{}Hellman key the client will -attempt to use. The acceptable values are 1024, 2048, and 4096. -The default is 2048. - -\item[{\sphinxstylestrong{pkinit\_identities}}] \leavevmode -\sphinxAtStartPar -Specifies the location(s) to be used to find the user’s X.509 -identity information. If this option is specified multiple times, -each value is attempted in order until certificates are found. -Note that these values are not used if the user specifies -\sphinxstylestrong{X509\_user\_identity} on the command line. - -\item[{\sphinxstylestrong{pkinit\_kdc\_hostname}}] \leavevmode -\sphinxAtStartPar -The presence of this option indicates that the client is willing -to accept a KDC certificate with a dNSName SAN (Subject -Alternative Name) rather than requiring the id\sphinxhyphen{}pkinit\sphinxhyphen{}san as -defined in \index{RFC@\spxentry{RFC}!RFC 4556@\spxentry{RFC 4556}}\sphinxhref{https://tools.ietf.org/html/rfc4556.html}{\sphinxstylestrong{RFC 4556}}. This option may be specified multiple -times. Its value should contain the acceptable hostname for the -KDC (as contained in its certificate). - -\item[{\sphinxstylestrong{pkinit\_pool}}] \leavevmode -\sphinxAtStartPar -Specifies the location of intermediate certificates which may be -used by the client to complete the trust chain between a KDC -certificate and a trusted anchor. This option may be specified -multiple times. - -\item[{\sphinxstylestrong{pkinit\_require\_crl\_checking}}] \leavevmode -\sphinxAtStartPar -The default certificate verification process will always check the -available revocation information to see if a certificate has been -revoked. If a match is found for the certificate in a CRL, -verification fails. If the certificate being verified is not -listed in a CRL, or there is no CRL present for its issuing CA, -and \sphinxstylestrong{pkinit\_require\_crl\_checking} is false, then verification -succeeds. - -\sphinxAtStartPar -However, if \sphinxstylestrong{pkinit\_require\_crl\_checking} is true and there is -no CRL information available for the issuing CA, then verification -fails. - -\sphinxAtStartPar -\sphinxstylestrong{pkinit\_require\_crl\_checking} should be set to true if the -policy is such that up\sphinxhyphen{}to\sphinxhyphen{}date CRLs must be present for every CA. - -\item[{\sphinxstylestrong{pkinit\_revoke}}] \leavevmode -\sphinxAtStartPar -Specifies the location of Certificate Revocation List (CRL) -information to be used by the client when verifying the validity -of the KDC certificate presented. This option may be specified -multiple times. - -\end{description} - - -\subsubsection{Parameter expansion} -\label{\detokenize{admin/conf_files/krb5_conf:parameter-expansion}}\label{\detokenize{admin/conf_files/krb5_conf:id7}} -\sphinxAtStartPar -Starting with release 1.11, several variables, such as -\sphinxstylestrong{default\_keytab\_name}, allow parameters to be expanded. -Valid parameters are: -\begin{quote} - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\%\{TEMP\} -& -\sphinxAtStartPar -Temporary directory -\\ -\hline -\sphinxAtStartPar -\%\{uid\} -& -\sphinxAtStartPar -Unix real UID or Windows SID -\\ -\hline -\sphinxAtStartPar -\%\{euid\} -& -\sphinxAtStartPar -Unix effective user ID or Windows SID -\\ -\hline -\sphinxAtStartPar -\%\{USERID\} -& -\sphinxAtStartPar -Same as \%\{uid\} -\\ -\hline -\sphinxAtStartPar -\%\{null\} -& -\sphinxAtStartPar -Empty string -\\ -\hline -\sphinxAtStartPar -\%\{LIBDIR\} -& -\sphinxAtStartPar -Installation library directory -\\ -\hline -\sphinxAtStartPar -\%\{BINDIR\} -& -\sphinxAtStartPar -Installation binary directory -\\ -\hline -\sphinxAtStartPar -\%\{SBINDIR\} -& -\sphinxAtStartPar -Installation admin binary directory -\\ -\hline -\sphinxAtStartPar -\%\{username\} -& -\sphinxAtStartPar -(Unix) Username of effective user ID -\\ -\hline -\sphinxAtStartPar -\%\{APPDATA\} -& -\sphinxAtStartPar -(Windows) Roaming application data for current user -\\ -\hline -\sphinxAtStartPar -\%\{COMMON\_APPDATA\} -& -\sphinxAtStartPar -(Windows) Application data for all users -\\ -\hline -\sphinxAtStartPar -\%\{LOCAL\_APPDATA\} -& -\sphinxAtStartPar -(Windows) Local application data for current user -\\ -\hline -\sphinxAtStartPar -\%\{SYSTEM\} -& -\sphinxAtStartPar -(Windows) Windows system folder -\\ -\hline -\sphinxAtStartPar -\%\{WINDOWS\} -& -\sphinxAtStartPar -(Windows) Windows folder -\\ -\hline -\sphinxAtStartPar -\%\{USERCONFIG\} -& -\sphinxAtStartPar -(Windows) Per\sphinxhyphen{}user MIT krb5 config file directory -\\ -\hline -\sphinxAtStartPar -\%\{COMMONCONFIG\} -& -\sphinxAtStartPar -(Windows) Common MIT krb5 config file directory -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} -\end{quote} - - -\subsubsection{Sample krb5.conf file} -\label{\detokenize{admin/conf_files/krb5_conf:sample-krb5-conf-file}} -\sphinxAtStartPar -Here is an example of a generic krb5.conf file: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{libdefaults}\PYG{p}{]} - \PYG{n}{default\PYGZus{}realm} \PYG{o}{=} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - \PYG{n}{dns\PYGZus{}lookup\PYGZus{}kdc} \PYG{o}{=} \PYG{n}{true} - \PYG{n}{dns\PYGZus{}lookup\PYGZus{}realm} \PYG{o}{=} \PYG{n}{false} - -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{2.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{n}{admin\PYGZus{}server} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{n}{primary\PYGZus{}kdc} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{p}{\PYGZcb{}} - \PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{\PYGZhy{}}\PYG{l+m+mf}{1.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com} - \PYG{n}{admin\PYGZus{}server} \PYG{o}{=} \PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com} - \PYG{p}{\PYGZcb{}} - -\PYG{p}{[}\PYG{n}{domain\PYGZus{}realm}\PYG{p}{]} - \PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{o}{=} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - -\PYG{p}{[}\PYG{n}{capaths}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{=} \PYG{o}{.} - \PYG{p}{\PYGZcb{}} - \PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{o}{.} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - - -\subsubsection{FILES} -\label{\detokenize{admin/conf_files/krb5_conf:files}} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/etc/krb5.conf}} - - -\subsubsection{SEE ALSO} -\label{\detokenize{admin/conf_files/krb5_conf:see-also}} -\sphinxAtStartPar -syslog(3) - - -\subsection{kdc.conf} -\label{\detokenize{admin/conf_files/kdc_conf:kdc-conf}}\label{\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}}\label{\detokenize{admin/conf_files/kdc_conf::doc}} -\sphinxAtStartPar -The kdc.conf file supplements {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} for programs which -are typically only used on a KDC, such as the {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} and -{\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} daemons and the {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} program. -Relations documented here may also be specified in krb5.conf; for the -KDC programs mentioned, krb5.conf and kdc.conf will be merged into a -single configuration profile. - -\sphinxAtStartPar -Normally, the kdc.conf file is found in the KDC state directory, -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}. You can override the default location by setting the -environment variable \sphinxstylestrong{KRB5\_KDC\_PROFILE}. - -\sphinxAtStartPar -Please note that you need to restart the KDC daemon for any configuration -changes to take effect. - - -\subsubsection{Structure} -\label{\detokenize{admin/conf_files/kdc_conf:structure}} -\sphinxAtStartPar -The kdc.conf file is set up in the same format as the -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} file. - - -\subsubsection{Sections} -\label{\detokenize{admin/conf_files/kdc_conf:sections}} -\sphinxAtStartPar -The kdc.conf file may contain the following sections: - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdcdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}kdcdefaults{]}}}}} -& -\sphinxAtStartPar -Default values for KDC behavior -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} -& -\sphinxAtStartPar -Realm\sphinxhyphen{}specific database configuration and settings -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/kdc_conf:dbdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbdefaults{]}}}}} -& -\sphinxAtStartPar -Default database settings -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/kdc_conf:dbmodules}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbmodules{]}}}}} -& -\sphinxAtStartPar -Per\sphinxhyphen{}database settings -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/kdc_conf:logging}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}logging{]}}}}} -& -\sphinxAtStartPar -Controls how Kerberos daemons perform logging -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\paragraph{{[}kdcdefaults{]}} -\label{\detokenize{admin/conf_files/kdc_conf:kdcdefaults}}\label{\detokenize{admin/conf_files/kdc_conf:id1}} -\sphinxAtStartPar -Some relations in the {[}kdcdefaults{]} section specify default values for -realm variables, to be used if the {[}realms{]} subsection does not -contain a relation for the tag. See the {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} section for -the definitions of these relations. -\begin{itemize} -\item {} -\sphinxAtStartPar -\sphinxstylestrong{host\_based\_services} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{kdc\_listen} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{kdc\_ports} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{kdc\_tcp\_listen} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{kdc\_tcp\_ports} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{no\_host\_referral} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{restrict\_anonymous\_to\_tgt} - -\end{itemize} - -\sphinxAtStartPar -The following {[}kdcdefaults{]} variables have no per\sphinxhyphen{}realm equivalent: -\begin{description} -\item[{\sphinxstylestrong{kdc\_max\_dgram\_reply\_size}}] \leavevmode -\sphinxAtStartPar -Specifies the maximum packet size that can be sent over UDP. The -default value is 4096 bytes. - -\item[{\sphinxstylestrong{kdc\_tcp\_listen\_backlog}}] \leavevmode -\sphinxAtStartPar -(Integer.) Set the size of the listen queue length for the KDC -daemon. The value may be limited by OS settings. The default -value is 5. - -\item[{\sphinxstylestrong{spake\_preauth\_kdc\_challenge}}] \leavevmode -\sphinxAtStartPar -(String.) Specifies the group for a SPAKE optimistic challenge. -See the \sphinxstylestrong{spake\_preauth\_groups} variable in {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}} -for possible values. The default is not to issue an optimistic -challenge. (New in release 1.17.) - -\end{description} - - -\paragraph{{[}realms{]}} -\label{\detokenize{admin/conf_files/kdc_conf:realms}}\label{\detokenize{admin/conf_files/kdc_conf:kdc-realms}} -\sphinxAtStartPar -Each tag in the {[}realms{]} section is the name of a Kerberos realm. The -value of the tag is a subsection where the relations define KDC -parameters for that particular realm. The following example shows how -to define one parameter for the ATHENA.MIT.EDU realm: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{max\PYGZus{}renewable\PYGZus{}life} \PYG{o}{=} \PYG{l+m+mi}{7}\PYG{n}{d} \PYG{l+m+mi}{0}\PYG{n}{h} \PYG{l+m+mi}{0}\PYG{n}{m} \PYG{l+m+mi}{0}\PYG{n}{s} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The following tags may be specified in a {[}realms{]} subsection: -\begin{description} -\item[{\sphinxstylestrong{acl\_file}}] \leavevmode -\sphinxAtStartPar -(String.) Location of the access control list file that -{\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} uses to determine which principals are allowed -which permissions on the Kerberos database. To operate without an -ACL file, set this relation to the empty string with \sphinxcode{\sphinxupquote{acl\_file = -""}}. The default value is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/kadm5.acl}}. For more -information on Kerberos ACL file see {\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}}. - -\item[{\sphinxstylestrong{database\_module}}] \leavevmode -\sphinxAtStartPar -(String.) This relation indicates the name of the configuration -section under {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbmodules}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbmodules{]}}}}} for database\sphinxhyphen{}specific parameters -used by the loadable database library. The default value is the -realm name. If this configuration section does not exist, default -values will be used for all database parameters. - -\item[{\sphinxstylestrong{database\_name}}] \leavevmode -\sphinxAtStartPar -(String, deprecated.) This relation specifies the location of the -Kerberos database for this realm, if the DB2 module is being used -and the {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbmodules}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbmodules{]}}}}} configuration section does not specify a -database name. The default value is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/principal}}. - -\item[{\sphinxstylestrong{default\_principal\_expiration}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{abstime} string.) Specifies the default expiration date of -principals created in this realm. The default value is 0, which -means no expiration date. - -\item[{\sphinxstylestrong{default\_principal\_flags}}] \leavevmode -\sphinxAtStartPar -(Flag string.) Specifies the default attributes of principals -created in this realm. The format for this string is a -comma\sphinxhyphen{}separated list of flags, with ‘+’ before each flag that -should be enabled and ‘\sphinxhyphen{}’ before each flag that should be -disabled. The \sphinxstylestrong{postdateable}, \sphinxstylestrong{forwardable}, \sphinxstylestrong{tgt\sphinxhyphen{}based}, -\sphinxstylestrong{renewable}, \sphinxstylestrong{proxiable}, \sphinxstylestrong{dup\sphinxhyphen{}skey}, \sphinxstylestrong{allow\sphinxhyphen{}tickets}, and -\sphinxstylestrong{service} flags default to enabled. - -\sphinxAtStartPar -There are a number of possible flags: -\begin{description} -\item[{\sphinxstylestrong{allow\sphinxhyphen{}tickets}}] \leavevmode -\sphinxAtStartPar -Enabling this flag means that the KDC will issue tickets for -this principal. Disabling this flag essentially deactivates -the principal within this realm. - -\item[{\sphinxstylestrong{dup\sphinxhyphen{}skey}}] \leavevmode -\sphinxAtStartPar -Enabling this flag allows the KDC to issue user\sphinxhyphen{}to\sphinxhyphen{}user -service tickets for this principal. - -\item[{\sphinxstylestrong{forwardable}}] \leavevmode -\sphinxAtStartPar -Enabling this flag allows the principal to obtain forwardable -tickets. - -\item[{\sphinxstylestrong{hwauth}}] \leavevmode -\sphinxAtStartPar -If this flag is enabled, then the principal is required to -preauthenticate using a hardware device before receiving any -tickets. - -\item[{\sphinxstylestrong{no\sphinxhyphen{}auth\sphinxhyphen{}data\sphinxhyphen{}required}}] \leavevmode -\sphinxAtStartPar -Enabling this flag prevents PAC or AD\sphinxhyphen{}SIGNEDPATH data from -being added to service tickets for the principal. - -\item[{\sphinxstylestrong{ok\sphinxhyphen{}as\sphinxhyphen{}delegate}}] \leavevmode -\sphinxAtStartPar -If this flag is enabled, it hints the client that credentials -can and should be delegated when authenticating to the -service. - -\item[{\sphinxstylestrong{ok\sphinxhyphen{}to\sphinxhyphen{}auth\sphinxhyphen{}as\sphinxhyphen{}delegate}}] \leavevmode -\sphinxAtStartPar -Enabling this flag allows the principal to use S4USelf tickets. - -\item[{\sphinxstylestrong{postdateable}}] \leavevmode -\sphinxAtStartPar -Enabling this flag allows the principal to obtain postdateable -tickets. - -\item[{\sphinxstylestrong{preauth}}] \leavevmode -\sphinxAtStartPar -If this flag is enabled on a client principal, then that -principal is required to preauthenticate to the KDC before -receiving any tickets. On a service principal, enabling this -flag means that service tickets for this principal will only -be issued to clients with a TGT that has the preauthenticated -bit set. - -\item[{\sphinxstylestrong{proxiable}}] \leavevmode -\sphinxAtStartPar -Enabling this flag allows the principal to obtain proxy -tickets. - -\item[{\sphinxstylestrong{pwchange}}] \leavevmode -\sphinxAtStartPar -Enabling this flag forces a password change for this -principal. - -\item[{\sphinxstylestrong{pwservice}}] \leavevmode -\sphinxAtStartPar -If this flag is enabled, it marks this principal as a password -change service. This should only be used in special cases, -for example, if a user’s password has expired, then the user -has to get tickets for that principal without going through -the normal password authentication in order to be able to -change the password. - -\item[{\sphinxstylestrong{renewable}}] \leavevmode -\sphinxAtStartPar -Enabling this flag allows the principal to obtain renewable -tickets. - -\item[{\sphinxstylestrong{service}}] \leavevmode -\sphinxAtStartPar -Enabling this flag allows the the KDC to issue service tickets -for this principal. In release 1.17 and later, user\sphinxhyphen{}to\sphinxhyphen{}user -service tickets are still allowed if the \sphinxstylestrong{dup\sphinxhyphen{}skey} flag is -set. - -\item[{\sphinxstylestrong{tgt\sphinxhyphen{}based}}] \leavevmode -\sphinxAtStartPar -Enabling this flag allows a principal to obtain tickets based -on a ticket\sphinxhyphen{}granting\sphinxhyphen{}ticket, rather than repeating the -authentication process that was used to obtain the TGT. - -\end{description} - -\item[{\sphinxstylestrong{dict\_file}}] \leavevmode -\sphinxAtStartPar -(String.) Location of the dictionary file containing strings that -are not allowed as passwords. The file should contain one string -per line, with no additional whitespace. If none is specified or -if there is no policy assigned to the principal, no dictionary -checks of passwords will be performed. - -\item[{\sphinxstylestrong{disable\_pac}}] \leavevmode -\sphinxAtStartPar -(Boolean value.) If true, the KDC will not issue PACs for this -realm, and S4U2Self and S4U2Proxy operations will be disabled. -The default is false, which will permit the KDC to issue PACs. -New in release 1.20. - -\item[{\sphinxstylestrong{encrypted\_challenge\_indicator}}] \leavevmode -\sphinxAtStartPar -(String.) Specifies the authentication indicator value that the KDC -asserts into tickets obtained using FAST encrypted challenge -pre\sphinxhyphen{}authentication. New in 1.16. - -\item[{\sphinxstylestrong{host\_based\_services}}] \leavevmode -\sphinxAtStartPar -(Whitespace\sphinxhyphen{} or comma\sphinxhyphen{}separated list.) Lists services which will -get host\sphinxhyphen{}based referral processing even if the server principal is -not marked as host\sphinxhyphen{}based by the client. - -\item[{\sphinxstylestrong{iprop\_enable}}] \leavevmode -\sphinxAtStartPar -(Boolean value.) Specifies whether incremental database -propagation is enabled. The default value is false. - -\item[{\sphinxstylestrong{iprop\_ulogsize}}] \leavevmode -\sphinxAtStartPar -(Integer.) Specifies the maximum number of log entries to be -retained for incremental propagation. The default value is 1000. -Prior to release 1.11, the maximum value was 2500. New in release -1.19. - -\item[{\sphinxstylestrong{iprop\_master\_ulogsize}}] \leavevmode -\sphinxAtStartPar -The name for \sphinxstylestrong{iprop\_ulogsize} prior to release 1.19. Its value is -used as a fallback if \sphinxstylestrong{iprop\_ulogsize} is not specified. - -\item[{\sphinxstylestrong{iprop\_replica\_poll}}] \leavevmode -\sphinxAtStartPar -(Delta time string.) Specifies how often the replica KDC polls -for new updates from the primary. The default value is \sphinxcode{\sphinxupquote{2m}} -(that is, two minutes). New in release 1.17. - -\item[{\sphinxstylestrong{iprop\_slave\_poll}}] \leavevmode -\sphinxAtStartPar -(Delta time string.) The name for \sphinxstylestrong{iprop\_replica\_poll} prior to -release 1.17. Its value is used as a fallback if -\sphinxstylestrong{iprop\_replica\_poll} is not specified. - -\item[{\sphinxstylestrong{iprop\_listen}}] \leavevmode -\sphinxAtStartPar -(Whitespace\sphinxhyphen{} or comma\sphinxhyphen{}separated list.) Specifies the iprop RPC -listening addresses and/or ports for the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If kadmind fails to bind -to any of the specified addresses, it will fail to start. The -default (when \sphinxstylestrong{iprop\_enable} is true) is to bind to the wildcard -address at the port specified in \sphinxstylestrong{iprop\_port}. New in release -1.15. - -\item[{\sphinxstylestrong{iprop\_port}}] \leavevmode -\sphinxAtStartPar -(Port number.) Specifies the port number to be used for -incremental propagation. When \sphinxstylestrong{iprop\_enable} is true, this -relation is required in the replica KDC configuration file, and -this relation or \sphinxstylestrong{iprop\_listen} is required in the primary -configuration file, as there is no default port number. Port -numbers specified in \sphinxstylestrong{iprop\_listen} entries will override this -port number for the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} daemon. - -\item[{\sphinxstylestrong{iprop\_resync\_timeout}}] \leavevmode -\sphinxAtStartPar -(Delta time string.) Specifies the amount of time to wait for a -full propagation to complete. This is optional in configuration -files, and is used by replica KDCs only. The default value is 5 -minutes (\sphinxcode{\sphinxupquote{5m}}). New in release 1.11. - -\item[{\sphinxstylestrong{iprop\_logfile}}] \leavevmode -\sphinxAtStartPar -(File name.) Specifies where the update log file for the realm -database is to be stored. The default is to use the -\sphinxstylestrong{database\_name} entry from the realms section of the krb5 config -file, with \sphinxcode{\sphinxupquote{.ulog}} appended. (NOTE: If \sphinxstylestrong{database\_name} isn’t -specified in the realms section, perhaps because the LDAP database -back end is being used, or the file name is specified in the -{[}dbmodules{]} section, then the hard\sphinxhyphen{}coded default for -\sphinxstylestrong{database\_name} is used. Determination of the \sphinxstylestrong{iprop\_logfile} -default value will not use values from the {[}dbmodules{]} section.) - -\item[{\sphinxstylestrong{kadmind\_listen}}] \leavevmode -\sphinxAtStartPar -(Whitespace\sphinxhyphen{} or comma\sphinxhyphen{}separated list.) Specifies the kadmin RPC -listening addresses and/or ports for the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If kadmind fails to bind -to any of the specified addresses, it will fail to start. The -default is to bind to the wildcard address at the port specified -in \sphinxstylestrong{kadmind\_port}, or the standard kadmin port (749). New in -release 1.15. - -\item[{\sphinxstylestrong{kadmind\_port}}] \leavevmode -\sphinxAtStartPar -(Port number.) Specifies the port on which the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} -daemon is to listen for this realm. Port numbers specified in -\sphinxstylestrong{kadmind\_listen} entries will override this port number. The -assigned port for kadmind is 749, which is used by default. - -\item[{\sphinxstylestrong{key\_stash\_file}}] \leavevmode -\sphinxAtStartPar -(String.) Specifies the location where the master key has been -stored (via kdb5\_util stash). The default is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/.k5.REALM}}, where \sphinxstyleemphasis{REALM} is the Kerberos realm. - -\item[{\sphinxstylestrong{kdc\_listen}}] \leavevmode -\sphinxAtStartPar -(Whitespace\sphinxhyphen{} or comma\sphinxhyphen{}separated list.) Specifies the UDP -listening addresses and/or ports for the {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If no port is specified, -the standard port (88) is used. If the KDC daemon fails to bind -to any of the specified addresses, it will fail to start. The -default is to bind to the wildcard address on the standard port. -New in release 1.15. - -\item[{\sphinxstylestrong{kdc\_ports}}] \leavevmode -\sphinxAtStartPar -(Whitespace\sphinxhyphen{} or comma\sphinxhyphen{}separated list, deprecated.) Prior to -release 1.15, this relation lists the ports for the -{\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} daemon to listen on for UDP requests. In -release 1.15 and later, it has the same meaning as \sphinxstylestrong{kdc\_listen} -if that relation is not defined. - -\item[{\sphinxstylestrong{kdc\_tcp\_listen}}] \leavevmode -\sphinxAtStartPar -(Whitespace\sphinxhyphen{} or comma\sphinxhyphen{}separated list.) Specifies the TCP -listening addresses and/or ports for the {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} daemon. -Each entry may be an interface address, a port number, or an -address and port number separated by a colon. If the address -contains colons, enclose it in square brackets. If no address is -specified, the wildcard address is used. If no port is specified, -the standard port (88) is used. To disable listening on TCP, set -this relation to the empty string with \sphinxcode{\sphinxupquote{kdc\_tcp\_listen = ""}}. -If the KDC daemon fails to bind to any of the specified addresses, -it will fail to start. The default is to bind to the wildcard -address on the standard port. New in release 1.15. - -\item[{\sphinxstylestrong{kdc\_tcp\_ports}}] \leavevmode -\sphinxAtStartPar -(Whitespace\sphinxhyphen{} or comma\sphinxhyphen{}separated list, deprecated.) Prior to -release 1.15, this relation lists the ports for the -{\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} daemon to listen on for UDP requests. In -release 1.15 and later, it has the same meaning as -\sphinxstylestrong{kdc\_tcp\_listen} if that relation is not defined. - -\item[{\sphinxstylestrong{kpasswd\_listen}}] \leavevmode -\sphinxAtStartPar -(Comma\sphinxhyphen{}separated list.) Specifies the kpasswd listening addresses -and/or ports for the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} daemon. Each entry may be -an interface address, a port number, or an address and port number -separated by a colon. If the address contains colons, enclose it -in square brackets. If no address is specified, the wildcard -address is used. If kadmind fails to bind to any of the specified -addresses, it will fail to start. The default is to bind to the -wildcard address at the port specified in \sphinxstylestrong{kpasswd\_port}, or the -standard kpasswd port (464). New in release 1.15. - -\item[{\sphinxstylestrong{kpasswd\_port}}] \leavevmode -\sphinxAtStartPar -(Port number.) Specifies the port on which the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} -daemon is to listen for password change requests for this realm. -Port numbers specified in \sphinxstylestrong{kpasswd\_listen} entries will override -this port number. The assigned port for password change requests -is 464, which is used by default. - -\item[{\sphinxstylestrong{master\_key\_name}}] \leavevmode -\sphinxAtStartPar -(String.) Specifies the name of the principal associated with the -master key. The default is \sphinxcode{\sphinxupquote{K/M}}. - -\item[{\sphinxstylestrong{master\_key\_type}}] \leavevmode -\sphinxAtStartPar -(Key type string.) Specifies the master key’s key type. The -default value for this is \sphinxcode{\sphinxupquote{aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96}}. For a list of all possible -values, see {\hyperref[\detokenize{admin/conf_files/kdc_conf:encryption-types}]{\sphinxcrossref{\DUrole{std,std-ref}{Encryption types}}}}. - -\item[{\sphinxstylestrong{max\_life}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} string.) Specifies the maximum time period for -which a ticket may be valid in this realm. The default value is -24 hours. - -\item[{\sphinxstylestrong{max\_renewable\_life}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} string.) Specifies the maximum time period -during which a valid ticket may be renewed in this realm. -The default value is 0. - -\item[{\sphinxstylestrong{no\_host\_referral}}] \leavevmode -\sphinxAtStartPar -(Whitespace\sphinxhyphen{} or comma\sphinxhyphen{}separated list.) Lists services to block -from getting host\sphinxhyphen{}based referral processing, even if the client -marks the server principal as host\sphinxhyphen{}based or the service is also -listed in \sphinxstylestrong{host\_based\_services}. \sphinxcode{\sphinxupquote{no\_host\_referral = *}} will -disable referral processing altogether. - -\item[{\sphinxstylestrong{reject\_bad\_transit}}] \leavevmode -\sphinxAtStartPar -(Boolean value.) If set to true, the KDC will check the list of -transited realms for cross\sphinxhyphen{}realm tickets against the transit path -computed from the realm names and the capaths section of its -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} file; if the path in the ticket to be issued -contains any realms not in the computed path, the ticket will not -be issued, and an error will be returned to the client instead. -If this value is set to false, such tickets will be issued -anyways, and it will be left up to the application server to -validate the realm transit path. - -\sphinxAtStartPar -If the disable\sphinxhyphen{}transited\sphinxhyphen{}check flag is set in the incoming -request, this check is not performed at all. Having the -\sphinxstylestrong{reject\_bad\_transit} option will cause such ticket requests to -be rejected always. - -\sphinxAtStartPar -This transit path checking and config file option currently apply -only to TGS requests. - -\sphinxAtStartPar -The default value is true. - -\item[{\sphinxstylestrong{restrict\_anonymous\_to\_tgt}}] \leavevmode -\sphinxAtStartPar -(Boolean value.) If set to true, the KDC will reject ticket -requests from anonymous principals to service principals other -than the realm’s ticket\sphinxhyphen{}granting service. This option allows -anonymous PKINIT to be enabled for use as FAST armor tickets -without allowing anonymous authentication to services. The -default value is false. New in release 1.9. - -\item[{\sphinxstylestrong{spake\_preauth\_indicator}}] \leavevmode -\sphinxAtStartPar -(String.) Specifies an authentication indicator value that the -KDC asserts into tickets obtained using SPAKE pre\sphinxhyphen{}authentication. -The default is not to add any indicators. This option may be -specified multiple times. New in release 1.17. - -\item[{\sphinxstylestrong{supported\_enctypes}}] \leavevmode -\sphinxAtStartPar -(List of \sphinxstyleemphasis{key}:\sphinxstyleemphasis{salt} strings.) Specifies the default key/salt -combinations of principals for this realm. Any principals created -through {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} will have keys of these types. The -default value for this tag is \sphinxcode{\sphinxupquote{aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96:normal aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96:normal}}. For lists of -possible values, see {\hyperref[\detokenize{admin/conf_files/kdc_conf:keysalt-lists}]{\sphinxcrossref{\DUrole{std,std-ref}{Keysalt lists}}}}. - -\end{description} - - -\paragraph{{[}dbdefaults{]}} -\label{\detokenize{admin/conf_files/kdc_conf:dbdefaults}}\label{\detokenize{admin/conf_files/kdc_conf:id2}} -\sphinxAtStartPar -The {[}dbdefaults{]} section specifies default values for some database -parameters, to be used if the {[}dbmodules{]} subsection does not contain -a relation for the tag. See the {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbmodules}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbmodules{]}}}}} section for the -definitions of these relations. -\begin{itemize} -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kerberos\_container\_dn} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kdc\_dn} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kdc\_sasl\_authcid} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kdc\_sasl\_authzid} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kdc\_sasl\_mech} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kdc\_sasl\_realm} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kadmind\_dn} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kadmind\_sasl\_authcid} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kadmind\_sasl\_authzid} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kadmind\_sasl\_mech} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_kadmind\_sasl\_realm} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_service\_password\_file} - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ldap\_conns\_per\_server} - -\end{itemize} - - -\paragraph{{[}dbmodules{]}} -\label{\detokenize{admin/conf_files/kdc_conf:dbmodules}}\label{\detokenize{admin/conf_files/kdc_conf:id3}} -\sphinxAtStartPar -The {[}dbmodules{]} section contains parameters used by the KDC database -library and database modules. Each tag in the {[}dbmodules{]} section is -the name of a Kerberos realm or a section name specified by a realm’s -\sphinxstylestrong{database\_module} parameter. The following example shows how to -define one database parameter for the ATHENA.MIT.EDU realm: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{dbmodules}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{disable\PYGZus{}last\PYGZus{}success} \PYG{o}{=} \PYG{n}{true} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The following tags may be specified in a {[}dbmodules{]} subsection: -\begin{description} -\item[{\sphinxstylestrong{database\_name}}] \leavevmode -\sphinxAtStartPar -This DB2\sphinxhyphen{}specific tag indicates the location of the database in -the filesystem. The default is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/principal}}. - -\item[{\sphinxstylestrong{db\_library}}] \leavevmode -\sphinxAtStartPar -This tag indicates the name of the loadable database module. The -value should be \sphinxcode{\sphinxupquote{db2}} for the DB2 module, \sphinxcode{\sphinxupquote{klmdb}} for the LMDB -module, or \sphinxcode{\sphinxupquote{kldap}} for the LDAP module. - -\item[{\sphinxstylestrong{disable\_last\_success}}] \leavevmode -\sphinxAtStartPar -If set to \sphinxcode{\sphinxupquote{true}}, suppresses KDC updates to the “Last successful -authentication†field of principal entries requiring -preauthentication. Setting this flag may improve performance. -(Principal entries which do not require preauthentication never -update the “Last successful authentication†field.). First -introduced in release 1.9. - -\item[{\sphinxstylestrong{disable\_lockout}}] \leavevmode -\sphinxAtStartPar -If set to \sphinxcode{\sphinxupquote{true}}, suppresses KDC updates to the “Last failed -authentication†and “Failed password attempts†fields of principal -entries requiring preauthentication. Setting this flag may -improve performance, but also disables account lockout. First -introduced in release 1.9. - -\item[{\sphinxstylestrong{ldap\_conns\_per\_server}}] \leavevmode -\sphinxAtStartPar -This LDAP\sphinxhyphen{}specific tag indicates the number of connections to be -maintained per LDAP server. - -\item[{\sphinxstylestrong{ldap\_kdc\_dn} and \sphinxstylestrong{ldap\_kadmind\_dn}}] \leavevmode -\sphinxAtStartPar -These LDAP\sphinxhyphen{}specific tags indicate the default DN for binding to -the LDAP server. The {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} daemon uses -\sphinxstylestrong{ldap\_kdc\_dn}, while the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} daemon and other -administrative programs use \sphinxstylestrong{ldap\_kadmind\_dn}. The kadmind DN -must have the rights to read and write the Kerberos data in the -LDAP database. The KDC DN must have the same rights, unless -\sphinxstylestrong{disable\_lockout} and \sphinxstylestrong{disable\_last\_success} are true, in -which case it only needs to have rights to read the Kerberos data. -These tags are ignored if a SASL mechanism is set with -\sphinxstylestrong{ldap\_kdc\_sasl\_mech} or \sphinxstylestrong{ldap\_kadmind\_sasl\_mech}. - -\item[{\sphinxstylestrong{ldap\_kdc\_sasl\_mech} and \sphinxstylestrong{ldap\_kadmind\_sasl\_mech}}] \leavevmode -\sphinxAtStartPar -These LDAP\sphinxhyphen{}specific tags specify the SASL mechanism (such as -\sphinxcode{\sphinxupquote{EXTERNAL}}) to use when binding to the LDAP server. New in -release 1.13. - -\item[{\sphinxstylestrong{ldap\_kdc\_sasl\_authcid} and \sphinxstylestrong{ldap\_kadmind\_sasl\_authcid}}] \leavevmode -\sphinxAtStartPar -These LDAP\sphinxhyphen{}specific tags specify the SASL authentication identity -to use when binding to the LDAP server. Not all SASL mechanisms -require an authentication identity. If the SASL mechanism -requires a secret (such as the password for \sphinxcode{\sphinxupquote{DIGEST\sphinxhyphen{}MD5}}), these -tags also determine the name within the -\sphinxstylestrong{ldap\_service\_password\_file} where the secret is stashed. New -in release 1.13. - -\item[{\sphinxstylestrong{ldap\_kdc\_sasl\_authzid} and \sphinxstylestrong{ldap\_kadmind\_sasl\_authzid}}] \leavevmode -\sphinxAtStartPar -These LDAP\sphinxhyphen{}specific tags specify the SASL authorization identity -to use when binding to the LDAP server. In most circumstances -they do not need to be specified. New in release 1.13. - -\item[{\sphinxstylestrong{ldap\_kdc\_sasl\_realm} and \sphinxstylestrong{ldap\_kadmind\_sasl\_realm}}] \leavevmode -\sphinxAtStartPar -These LDAP\sphinxhyphen{}specific tags specify the SASL realm to use when -binding to the LDAP server. In most circumstances they do not -need to be set. New in release 1.13. - -\item[{\sphinxstylestrong{ldap\_kerberos\_container\_dn}}] \leavevmode -\sphinxAtStartPar -This LDAP\sphinxhyphen{}specific tag indicates the DN of the container object -where the realm objects will be located. - -\item[{\sphinxstylestrong{ldap\_servers}}] \leavevmode -\sphinxAtStartPar -This LDAP\sphinxhyphen{}specific tag indicates the list of LDAP servers that the -Kerberos servers can connect to. The list of LDAP servers is -whitespace\sphinxhyphen{}separated. The LDAP server is specified by a LDAP URI. -It is recommended to use \sphinxcode{\sphinxupquote{ldapi:}} or \sphinxcode{\sphinxupquote{ldaps:}} URLs to connect -to the LDAP server. - -\item[{\sphinxstylestrong{ldap\_service\_password\_file}}] \leavevmode -\sphinxAtStartPar -This LDAP\sphinxhyphen{}specific tag indicates the file containing the stashed -passwords (created by \sphinxcode{\sphinxupquote{kdb5\_ldap\_util stashsrvpw}}) for the -\sphinxstylestrong{ldap\_kdc\_dn} and \sphinxstylestrong{ldap\_kadmind\_dn} objects, or for the -\sphinxstylestrong{ldap\_kdc\_sasl\_authcid} or \sphinxstylestrong{ldap\_kadmind\_sasl\_authcid} names -for SASL authentication. This file must be kept secure. - -\item[{\sphinxstylestrong{mapsize}}] \leavevmode -\sphinxAtStartPar -This LMDB\sphinxhyphen{}specific tag indicates the maximum size of the two -database environments in megabytes. The default value is 128. -Increase this value to address “Environment mapsize limit reached†-errors. New in release 1.17. - -\item[{\sphinxstylestrong{max\_readers}}] \leavevmode -\sphinxAtStartPar -This LMDB\sphinxhyphen{}specific tag indicates the maximum number of concurrent -reading processes for the databases. The default value is 128. -New in release 1.17. - -\item[{\sphinxstylestrong{nosync}}] \leavevmode -\sphinxAtStartPar -This LMDB\sphinxhyphen{}specific tag can be set to improve the throughput of -kadmind and other administrative agents, at the expense of -durability (recent database changes may not survive a power outage -or other sudden reboot). It does not affect the throughput of the -KDC. The default value is false. New in release 1.17. - -\item[{\sphinxstylestrong{unlockiter}}] \leavevmode -\sphinxAtStartPar -If set to \sphinxcode{\sphinxupquote{true}}, this DB2\sphinxhyphen{}specific tag causes iteration -operations to release the database lock while processing each -principal. Setting this flag to \sphinxcode{\sphinxupquote{true}} can prevent extended -blocking of KDC or kadmin operations when dumps of large databases -are in progress. First introduced in release 1.13. - -\end{description} - -\sphinxAtStartPar -The following tag may be specified directly in the {[}dbmodules{]} -section to control where database modules are loaded from: -\begin{description} -\item[{\sphinxstylestrong{db\_module\_dir}}] \leavevmode -\sphinxAtStartPar -This tag controls where the plugin system looks for database -modules. The value should be an absolute path. - -\end{description} - - -\paragraph{{[}logging{]}} -\label{\detokenize{admin/conf_files/kdc_conf:logging}}\label{\detokenize{admin/conf_files/kdc_conf:id4}} -\sphinxAtStartPar -The {[}logging{]} section indicates how {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} and -{\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} perform logging. It may contain the following -relations: -\begin{description} -\item[{\sphinxstylestrong{admin\_server}}] \leavevmode -\sphinxAtStartPar -Specifies how {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} performs logging. - -\item[{\sphinxstylestrong{kdc}}] \leavevmode -\sphinxAtStartPar -Specifies how {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} performs logging. - -\item[{\sphinxstylestrong{default}}] \leavevmode -\sphinxAtStartPar -Specifies how either daemon performs logging in the absence of -relations specific to the daemon. - -\item[{\sphinxstylestrong{debug}}] \leavevmode -\sphinxAtStartPar -(Boolean value.) Specifies whether debugging messages are -included in log outputs other than SYSLOG. Debugging messages are -always included in the system log output because syslog performs -its own priority filtering. The default value is false. New in -release 1.15. - -\end{description} - -\sphinxAtStartPar -Logging specifications may have the following forms: -\begin{description} -\item[{\sphinxstylestrong{FILE=}\sphinxstyleemphasis{filename} or \sphinxstylestrong{FILE:}\sphinxstyleemphasis{filename}}] \leavevmode -\sphinxAtStartPar -This value causes the daemon’s logging messages to go to the -\sphinxstyleemphasis{filename}. If the \sphinxcode{\sphinxupquote{=}} form is used, the file is overwritten. -If the \sphinxcode{\sphinxupquote{:}} form is used, the file is appended to. - -\item[{\sphinxstylestrong{STDERR}}] \leavevmode -\sphinxAtStartPar -This value causes the daemon’s logging messages to go to its -standard error stream. - -\item[{\sphinxstylestrong{CONSOLE}}] \leavevmode -\sphinxAtStartPar -This value causes the daemon’s logging messages to go to the -console, if the system supports it. - -\item[{\sphinxstylestrong{DEVICE=}\sphinxstyleemphasis{\textless{}devicename\textgreater{}}}] \leavevmode -\sphinxAtStartPar -This causes the daemon’s logging messages to go to the specified -device. - -\item[{\sphinxstylestrong{SYSLOG}{[}\sphinxstylestrong{:}\sphinxstyleemphasis{severity}{[}\sphinxstylestrong{:}\sphinxstyleemphasis{facility}{]}{]}}] \leavevmode -\sphinxAtStartPar -This causes the daemon’s logging messages to go to the system log. - -\sphinxAtStartPar -For backward compatibility, a severity argument may be specified, -and must be specified in order to specify a facility. This -argument will be ignored. - -\sphinxAtStartPar -The facility argument specifies the facility under which the -messages are logged. This may be any of the following facilities -supported by the syslog(3) call minus the LOG\_ prefix: \sphinxstylestrong{KERN}, -\sphinxstylestrong{USER}, \sphinxstylestrong{MAIL}, \sphinxstylestrong{DAEMON}, \sphinxstylestrong{AUTH}, \sphinxstylestrong{LPR}, \sphinxstylestrong{NEWS}, -\sphinxstylestrong{UUCP}, \sphinxstylestrong{CRON}, and \sphinxstylestrong{LOCAL0} through \sphinxstylestrong{LOCAL7}. If no -facility is specified, the default is \sphinxstylestrong{AUTH}. - -\end{description} - -\sphinxAtStartPar -In the following example, the logging messages from the KDC will go to -the console and to the system log under the facility LOG\_DAEMON, and -the logging messages from the administrative server will be appended -to the file \sphinxcode{\sphinxupquote{/var/adm/kadmin.log}} and sent to the device -\sphinxcode{\sphinxupquote{/dev/tty04}}. - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{logging}\PYG{p}{]} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{CONSOLE} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{SYSLOG}\PYG{p}{:}\PYG{n}{INFO}\PYG{p}{:}\PYG{n}{DAEMON} - \PYG{n}{admin\PYGZus{}server} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{adm}\PYG{o}{/}\PYG{n}{kadmin}\PYG{o}{.}\PYG{n}{log} - \PYG{n}{admin\PYGZus{}server} \PYG{o}{=} \PYG{n}{DEVICE}\PYG{o}{=}\PYG{o}{/}\PYG{n}{dev}\PYG{o}{/}\PYG{n}{tty04} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If no logging specification is given, the default is to use syslog. -To disable logging entirely, specify \sphinxcode{\sphinxupquote{default = DEVICE=/dev/null}}. - - -\paragraph{{[}otp{]}} -\label{\detokenize{admin/conf_files/kdc_conf:otp}}\label{\detokenize{admin/conf_files/kdc_conf:id5}} -\sphinxAtStartPar -Each subsection of {[}otp{]} is the name of an OTP token type. The tags -within the subsection define the configuration required to forward a -One Time Password request to a RADIUS server. - -\sphinxAtStartPar -For each token type, the following tags may be specified: -\begin{description} -\item[{\sphinxstylestrong{server}}] \leavevmode -\sphinxAtStartPar -This is the server to send the RADIUS request to. It can be a -hostname with optional port, an ip address with optional port, or -a Unix domain socket address. The default is -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/\textless{}name\textgreater{}.socket}}. - -\item[{\sphinxstylestrong{secret}}] \leavevmode -\sphinxAtStartPar -This tag indicates a filename (which may be relative to {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}) -containing the secret used to encrypt the RADIUS packets. The -secret should appear in the first line of the file by itself; -leading and trailing whitespace on the line will be removed. If -the value of \sphinxstylestrong{server} is a Unix domain socket address, this tag -is optional, and an empty secret will be used if it is not -specified. Otherwise, this tag is required. - -\item[{\sphinxstylestrong{timeout}}] \leavevmode -\sphinxAtStartPar -An integer which specifies the time in seconds during which the -KDC should attempt to contact the RADIUS server. This tag is the -total time across all retries and should be less than the time -which an OTP value remains valid for. The default is 5 seconds. - -\item[{\sphinxstylestrong{retries}}] \leavevmode -\sphinxAtStartPar -This tag specifies the number of retries to make to the RADIUS -server. The default is 3 retries (4 tries). - -\item[{\sphinxstylestrong{strip\_realm}}] \leavevmode -\sphinxAtStartPar -If this tag is \sphinxcode{\sphinxupquote{true}}, the principal without the realm will be -passed to the RADIUS server. Otherwise, the realm will be -included. The default value is \sphinxcode{\sphinxupquote{true}}. - -\item[{\sphinxstylestrong{indicator}}] \leavevmode -\sphinxAtStartPar -This tag specifies an authentication indicator to be included in -the ticket if this token type is used to authenticate. This -option may be specified multiple times. (New in release 1.14.) - -\end{description} - -\sphinxAtStartPar -In the following example, requests are sent to a remote server via UDP: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -[otp] - MyRemoteTokenType = \PYGZob{} - server = radius.mydomain.com:1812 - secret = SEmfiajf42\PYGZdl{} - timeout = 15 - retries = 5 - strip\PYGZus{}realm = true - \PYGZcb{} -\end{sphinxVerbatim} - -\sphinxAtStartPar -An implicit default token type named \sphinxcode{\sphinxupquote{DEFAULT}} is defined for when -the per\sphinxhyphen{}principal configuration does not specify a token type. Its -configuration is shown below. You may override this token type to -something applicable for your situation: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{otp}\PYG{p}{]} - \PYG{n}{DEFAULT} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{strip\PYGZus{}realm} \PYG{o}{=} \PYG{n}{false} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - - -\subsubsection{PKINIT options} -\label{\detokenize{admin/conf_files/kdc_conf:pkinit-options}} -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The following are pkinit\sphinxhyphen{}specific options. These values may -be specified in {[}kdcdefaults{]} as global defaults, or within -a realm\sphinxhyphen{}specific subsection of {[}realms{]}. Also note that a -realm\sphinxhyphen{}specific value over\sphinxhyphen{}rides, does not add to, a generic -{[}kdcdefaults{]} specification. The search order is: -\end{sphinxadmonition} -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -realm\sphinxhyphen{}specific subsection of {[}realms{]}: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{pkinit\PYGZus{}anchors} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com}\PYG{o}{.}\PYG{n}{crt} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\item {} -\sphinxAtStartPar -generic value in the {[}kdcdefaults{]} section: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{kdcdefaults}\PYG{p}{]} - \PYG{n}{pkinit\PYGZus{}anchors} \PYG{o}{=} \PYG{n}{DIR}\PYG{p}{:}\PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{generic\PYGZus{}trusted\PYGZus{}cas}\PYG{o}{/} -\end{sphinxVerbatim} - -\end{enumerate} - -\sphinxAtStartPar -For information about the syntax of some of these options, see -{\hyperref[\detokenize{admin/conf_files/krb5_conf:pkinit-identity}]{\sphinxcrossref{\DUrole{std,std-ref}{Specifying PKINIT identity information}}}} in -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. -\begin{description} -\item[{\sphinxstylestrong{pkinit\_anchors}}] \leavevmode -\sphinxAtStartPar -Specifies the location of trusted anchor (root) certificates which -the KDC trusts to sign client certificates. This option is -required if pkinit is to be supported by the KDC. This option may -be specified multiple times. - -\item[{\sphinxstylestrong{pkinit\_dh\_min\_bits}}] \leavevmode -\sphinxAtStartPar -Specifies the minimum number of bits the KDC is willing to accept -for a client’s Diffie\sphinxhyphen{}Hellman key. The default is 2048. - -\item[{\sphinxstylestrong{pkinit\_allow\_upn}}] \leavevmode -\sphinxAtStartPar -Specifies that the KDC is willing to accept client certificates -with the Microsoft UserPrincipalName (UPN) Subject Alternative -Name (SAN). This means the KDC accepts the binding of the UPN in -the certificate to the Kerberos principal name. The default value -is false. - -\sphinxAtStartPar -Without this option, the KDC will only accept certificates with -the id\sphinxhyphen{}pkinit\sphinxhyphen{}san as defined in \index{RFC@\spxentry{RFC}!RFC 4556@\spxentry{RFC 4556}}\sphinxhref{https://tools.ietf.org/html/rfc4556.html}{\sphinxstylestrong{RFC 4556}}. There is currently -no option to disable SAN checking in the KDC. - -\item[{\sphinxstylestrong{pkinit\_eku\_checking}}] \leavevmode -\sphinxAtStartPar -This option specifies what Extended Key Usage (EKU) values the KDC -is willing to accept in client certificates. The values -recognized in the kdc.conf file are: -\begin{description} -\item[{\sphinxstylestrong{kpClientAuth}}] \leavevmode -\sphinxAtStartPar -This is the default value and specifies that client -certificates must have the id\sphinxhyphen{}pkinit\sphinxhyphen{}KPClientAuth EKU as -defined in \index{RFC@\spxentry{RFC}!RFC 4556@\spxentry{RFC 4556}}\sphinxhref{https://tools.ietf.org/html/rfc4556.html}{\sphinxstylestrong{RFC 4556}}. - -\item[{\sphinxstylestrong{scLogin}}] \leavevmode -\sphinxAtStartPar -If scLogin is specified, client certificates with the -Microsoft Smart Card Login EKU (id\sphinxhyphen{}ms\sphinxhyphen{}kp\sphinxhyphen{}sc\sphinxhyphen{}logon) will be -accepted. - -\item[{\sphinxstylestrong{none}}] \leavevmode -\sphinxAtStartPar -If none is specified, then client certificates will not be -checked to verify they have an acceptable EKU. The use of -this option is not recommended. - -\end{description} - -\item[{\sphinxstylestrong{pkinit\_identity}}] \leavevmode -\sphinxAtStartPar -Specifies the location of the KDC’s X.509 identity information. -This option is required if pkinit is to be supported by the KDC. - -\item[{\sphinxstylestrong{pkinit\_indicator}}] \leavevmode -\sphinxAtStartPar -Specifies an authentication indicator to include in the ticket if -pkinit is used to authenticate. This option may be specified -multiple times. (New in release 1.14.) - -\item[{\sphinxstylestrong{pkinit\_pool}}] \leavevmode -\sphinxAtStartPar -Specifies the location of intermediate certificates which may be -used by the KDC to complete the trust chain between a client’s -certificate and a trusted anchor. This option may be specified -multiple times. - -\item[{\sphinxstylestrong{pkinit\_revoke}}] \leavevmode -\sphinxAtStartPar -Specifies the location of Certificate Revocation List (CRL) -information to be used by the KDC when verifying the validity of -client certificates. This option may be specified multiple times. - -\item[{\sphinxstylestrong{pkinit\_require\_crl\_checking}}] \leavevmode -\sphinxAtStartPar -The default certificate verification process will always check the -available revocation information to see if a certificate has been -revoked. If a match is found for the certificate in a CRL, -verification fails. If the certificate being verified is not -listed in a CRL, or there is no CRL present for its issuing CA, -and \sphinxstylestrong{pkinit\_require\_crl\_checking} is false, then verification -succeeds. - -\sphinxAtStartPar -However, if \sphinxstylestrong{pkinit\_require\_crl\_checking} is true and there is -no CRL information available for the issuing CA, then verification -fails. - -\sphinxAtStartPar -\sphinxstylestrong{pkinit\_require\_crl\_checking} should be set to true if the -policy is such that up\sphinxhyphen{}to\sphinxhyphen{}date CRLs must be present for every CA. - -\item[{\sphinxstylestrong{pkinit\_require\_freshness}}] \leavevmode -\sphinxAtStartPar -Specifies whether to require clients to include a freshness token -in PKINIT requests. The default value is false. (New in release -1.17.) - -\end{description} - - -\subsubsection{Encryption types} -\label{\detokenize{admin/conf_files/kdc_conf:encryption-types}}\label{\detokenize{admin/conf_files/kdc_conf:id6}} -\sphinxAtStartPar -Any tag in the configuration files which requires a list of encryption -types can be set to some combination of the following strings. -Encryption types marked as “weak†and “deprecated†are available for -compatibility but not recommended for use. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -des3\sphinxhyphen{}cbc\sphinxhyphen{}raw -& -\sphinxAtStartPar -Triple DES cbc mode raw (weak) -\\ -\hline -\sphinxAtStartPar -des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 des3\sphinxhyphen{}hmac\sphinxhyphen{}sha1 des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1\sphinxhyphen{}kd -& -\sphinxAtStartPar -Triple DES cbc mode with HMAC/sha1 (deprecated) -\\ -\hline -\sphinxAtStartPar -aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 aes256\sphinxhyphen{}cts aes256\sphinxhyphen{}sha1 -& -\sphinxAtStartPar -AES\sphinxhyphen{}256 CTS mode with 96\sphinxhyphen{}bit SHA\sphinxhyphen{}1 HMAC -\\ -\hline -\sphinxAtStartPar -aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 aes128\sphinxhyphen{}cts aes128\sphinxhyphen{}sha1 -& -\sphinxAtStartPar -AES\sphinxhyphen{}128 CTS mode with 96\sphinxhyphen{}bit SHA\sphinxhyphen{}1 HMAC -\\ -\hline -\sphinxAtStartPar -aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha384\sphinxhyphen{}192 aes256\sphinxhyphen{}sha2 -& -\sphinxAtStartPar -AES\sphinxhyphen{}256 CTS mode with 192\sphinxhyphen{}bit SHA\sphinxhyphen{}384 HMAC -\\ -\hline -\sphinxAtStartPar -aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha256\sphinxhyphen{}128 aes128\sphinxhyphen{}sha2 -& -\sphinxAtStartPar -AES\sphinxhyphen{}128 CTS mode with 128\sphinxhyphen{}bit SHA\sphinxhyphen{}256 HMAC -\\ -\hline -\sphinxAtStartPar -arcfour\sphinxhyphen{}hmac rc4\sphinxhyphen{}hmac arcfour\sphinxhyphen{}hmac\sphinxhyphen{}md5 -& -\sphinxAtStartPar -RC4 with HMAC/MD5 (deprecated) -\\ -\hline -\sphinxAtStartPar -arcfour\sphinxhyphen{}hmac\sphinxhyphen{}exp rc4\sphinxhyphen{}hmac\sphinxhyphen{}exp arcfour\sphinxhyphen{}hmac\sphinxhyphen{}md5\sphinxhyphen{}exp -& -\sphinxAtStartPar -Exportable RC4 with HMAC/MD5 (weak) -\\ -\hline -\sphinxAtStartPar -camellia256\sphinxhyphen{}cts\sphinxhyphen{}cmac camellia256\sphinxhyphen{}cts -& -\sphinxAtStartPar -Camellia\sphinxhyphen{}256 CTS mode with CMAC -\\ -\hline -\sphinxAtStartPar -camellia128\sphinxhyphen{}cts\sphinxhyphen{}cmac camellia128\sphinxhyphen{}cts -& -\sphinxAtStartPar -Camellia\sphinxhyphen{}128 CTS mode with CMAC -\\ -\hline -\sphinxAtStartPar -des3 -& -\sphinxAtStartPar -The triple DES family: des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 -\\ -\hline -\sphinxAtStartPar -aes -& -\sphinxAtStartPar -The AES family: aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96, aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96, aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha384\sphinxhyphen{}192, and aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha256\sphinxhyphen{}128 -\\ -\hline -\sphinxAtStartPar -rc4 -& -\sphinxAtStartPar -The RC4 family: arcfour\sphinxhyphen{}hmac -\\ -\hline -\sphinxAtStartPar -camellia -& -\sphinxAtStartPar -The Camellia family: camellia256\sphinxhyphen{}cts\sphinxhyphen{}cmac and camellia128\sphinxhyphen{}cts\sphinxhyphen{}cmac -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - -\sphinxAtStartPar -The string \sphinxstylestrong{DEFAULT} can be used to refer to the default set of -types for the variable in question. Types or families can be removed -from the current list by prefixing them with a minus sign (“\sphinxhyphen{}“). -Types or families can be prefixed with a plus sign (“+â€) for symmetry; -it has the same meaning as just listing the type or family. For -example, “\sphinxcode{\sphinxupquote{DEFAULT \sphinxhyphen{}rc4}}†would be the default set of encryption -types with RC4 types removed, and “\sphinxcode{\sphinxupquote{des3 DEFAULT}}†would be the -default set of encryption types with triple DES types moved to the -front. - -\sphinxAtStartPar -While \sphinxstylestrong{aes128\sphinxhyphen{}cts} and \sphinxstylestrong{aes256\sphinxhyphen{}cts} are supported for all Kerberos -operations, they are not supported by very old versions of our GSSAPI -implementation (krb5\sphinxhyphen{}1.3.1 and earlier). Services running versions of -krb5 without AES support must not be given keys of these encryption -types in the KDC database. - -\sphinxAtStartPar -The \sphinxstylestrong{aes128\sphinxhyphen{}sha2} and \sphinxstylestrong{aes256\sphinxhyphen{}sha2} encryption types are new in -release 1.15. Services running versions of krb5 without support for -these newer encryption types must not be given keys of these -encryption types in the KDC database. - - -\subsubsection{Keysalt lists} -\label{\detokenize{admin/conf_files/kdc_conf:keysalt-lists}}\label{\detokenize{admin/conf_files/kdc_conf:id7}} -\sphinxAtStartPar -Kerberos keys for users are usually derived from passwords. Kerberos -commands and configuration parameters that affect generation of keys -take lists of enctype\sphinxhyphen{}salttype (“keysaltâ€) pairs, known as \sphinxstyleemphasis{keysalt -lists}. Each keysalt pair is an enctype name followed by a salttype -name, in the format \sphinxstyleemphasis{enc}:\sphinxstyleemphasis{salt}. Individual keysalt list members are -separated by comma (“,â€) characters or space characters. For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin} \PYG{o}{\PYGZhy{}}\PYG{n}{e} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{p}{:}\PYG{n}{normal}\PYG{p}{,}\PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{p}{:}\PYG{n}{normal} -\end{sphinxVerbatim} - -\sphinxAtStartPar -would start up kadmin so that by default it would generate -password\sphinxhyphen{}derived keys for the \sphinxstylestrong{aes256\sphinxhyphen{}cts} and \sphinxstylestrong{aes128\sphinxhyphen{}cts} -encryption types, using a \sphinxstylestrong{normal} salt. - -\sphinxAtStartPar -To ensure that people who happen to pick the same password do not have -the same key, Kerberos 5 incorporates more information into the key -using something called a salt. The supported salt types are as -follows: - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -normal -& -\sphinxAtStartPar -default for Kerberos Version 5 -\\ -\hline -\sphinxAtStartPar -norealm -& -\sphinxAtStartPar -same as the default, without using realm information -\\ -\hline -\sphinxAtStartPar -onlyrealm -& -\sphinxAtStartPar -uses only realm information as the salt -\\ -\hline -\sphinxAtStartPar -special -& -\sphinxAtStartPar -generate a random salt -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{Sample kdc.conf File} -\label{\detokenize{admin/conf_files/kdc_conf:sample-kdc-conf-file}} -\sphinxAtStartPar -Here’s an example of a kdc.conf file: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{kdcdefaults}\PYG{p}{]} - \PYG{n}{kdc\PYGZus{}listen} \PYG{o}{=} \PYG{l+m+mi}{88} - \PYG{n}{kdc\PYGZus{}tcp\PYGZus{}listen} \PYG{o}{=} \PYG{l+m+mi}{88} -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{kadmind\PYGZus{}port} \PYG{o}{=} \PYG{l+m+mi}{749} - \PYG{n}{max\PYGZus{}life} \PYG{o}{=} \PYG{l+m+mi}{12}\PYG{n}{h} \PYG{l+m+mi}{0}\PYG{n}{m} \PYG{l+m+mi}{0}\PYG{n}{s} - \PYG{n}{max\PYGZus{}renewable\PYGZus{}life} \PYG{o}{=} \PYG{l+m+mi}{7}\PYG{n}{d} \PYG{l+m+mi}{0}\PYG{n}{h} \PYG{l+m+mi}{0}\PYG{n}{m} \PYG{l+m+mi}{0}\PYG{n}{s} - \PYG{n}{master\PYGZus{}key\PYGZus{}type} \PYG{o}{=} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} - \PYG{n}{supported\PYGZus{}enctypes} \PYG{o}{=} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96}\PYG{p}{:}\PYG{n}{normal} - \PYG{n}{database\PYGZus{}module} \PYG{o}{=} \PYG{n}{openldap\PYGZus{}ldapconf} - \PYG{p}{\PYGZcb{}} - -\PYG{p}{[}\PYG{n}{logging}\PYG{p}{]} - \PYG{n}{kdc} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{krb5kdc}\PYG{o}{/}\PYG{n}{kdc}\PYG{o}{.}\PYG{n}{log} - \PYG{n}{admin\PYGZus{}server} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{krb5kdc}\PYG{o}{/}\PYG{n}{kadmin}\PYG{o}{.}\PYG{n}{log} - -\PYG{p}{[}\PYG{n}{dbdefaults}\PYG{p}{]} - \PYG{n}{ldap\PYGZus{}kerberos\PYGZus{}container\PYGZus{}dn} \PYG{o}{=} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{krbcontainer}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{mit}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{edu} - -\PYG{p}{[}\PYG{n}{dbmodules}\PYG{p}{]} - \PYG{n}{openldap\PYGZus{}ldapconf} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{db\PYGZus{}library} \PYG{o}{=} \PYG{n}{kldap} - \PYG{n}{disable\PYGZus{}last\PYGZus{}success} \PYG{o}{=} \PYG{n}{true} - \PYG{n}{ldap\PYGZus{}kdc\PYGZus{}dn} \PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=krbadmin,dc=mit,dc=edu}\PYG{l+s+s2}{\PYGZdq{}} - \PYG{c+c1}{\PYGZsh{} this object needs to have read rights on} - \PYG{c+c1}{\PYGZsh{} the realm container and principal subtrees} - \PYG{n}{ldap\PYGZus{}kadmind\PYGZus{}dn} \PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=krbadmin,dc=mit,dc=edu}\PYG{l+s+s2}{\PYGZdq{}} - \PYG{c+c1}{\PYGZsh{} this object needs to have read and write rights on} - \PYG{c+c1}{\PYGZsh{} the realm container and principal subtrees} - \PYG{n}{ldap\PYGZus{}service\PYGZus{}password\PYGZus{}file} \PYG{o}{=} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{/}\PYG{n}{service}\PYG{o}{.}\PYG{n}{keyfile} - \PYG{n}{ldap\PYGZus{}servers} \PYG{o}{=} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{n}{ldap\PYGZus{}conns\PYGZus{}per\PYGZus{}server} \PYG{o}{=} \PYG{l+m+mi}{5} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - - -\subsubsection{FILES} -\label{\detokenize{admin/conf_files/kdc_conf:files}} -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/kdc.conf}} - - -\subsubsection{SEE ALSO} -\label{\detokenize{admin/conf_files/kdc_conf:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}, {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}}, {\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}} - - -\subsection{kadm5.acl} -\label{\detokenize{admin/conf_files/kadm5_acl:kadm5-acl}}\label{\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}}\label{\detokenize{admin/conf_files/kadm5_acl::doc}} - -\subsubsection{DESCRIPTION} -\label{\detokenize{admin/conf_files/kadm5_acl:description}} -\sphinxAtStartPar -The Kerberos {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} daemon uses an Access Control List -(ACL) file to manage access rights to the Kerberos database. -For operations that affect principals, the ACL file also controls -which principals can operate on which other principals. - -\sphinxAtStartPar -The default location of the Kerberos ACL file is -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/kadm5.acl}} unless this is overridden by the \sphinxstyleemphasis{acl\_file} -variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. - - -\subsubsection{SYNTAX} -\label{\detokenize{admin/conf_files/kadm5_acl:syntax}} -\sphinxAtStartPar -Empty lines and lines starting with the sharp sign (\sphinxcode{\sphinxupquote{\#}}) are -ignored. Lines containing ACL entries have the format: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{principal} \PYG{n}{permissions} \PYG{p}{[}\PYG{n}{target\PYGZus{}principal} \PYG{p}{[}\PYG{n}{restrictions}\PYG{p}{]} \PYG{p}{]} -\end{sphinxVerbatim} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -Line order in the ACL file is important. The first matching entry -will control access for an actor principal on a target principal. -\end{sphinxadmonition} -\begin{description} -\item[{\sphinxstyleemphasis{principal}}] \leavevmode -\sphinxAtStartPar -(Partially or fully qualified Kerberos principal name.) Specifies -the principal whose permissions are to be set. - -\sphinxAtStartPar -Each component of the name may be wildcarded using the \sphinxcode{\sphinxupquote{*}} -character. - -\item[{\sphinxstyleemphasis{permissions}}] \leavevmode -\sphinxAtStartPar -Specifies what operations may or may not be performed by a -\sphinxstyleemphasis{principal} matching a particular entry. This is a string of one or -more of the following list of characters or their upper\sphinxhyphen{}case -counterparts. If the character is \sphinxstyleemphasis{upper\sphinxhyphen{}case}, then the operation -is disallowed. If the character is \sphinxstyleemphasis{lower\sphinxhyphen{}case}, then the operation -is permitted. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -a -& -\sphinxAtStartPar -{[}Dis{]}allows the addition of principals or policies -\\ -\hline -\sphinxAtStartPar -c -& -\sphinxAtStartPar -{[}Dis{]}allows the changing of passwords for principals -\\ -\hline -\sphinxAtStartPar -d -& -\sphinxAtStartPar -{[}Dis{]}allows the deletion of principals or policies -\\ -\hline -\sphinxAtStartPar -e -& -\sphinxAtStartPar -{[}Dis{]}allows the extraction of principal keys -\\ -\hline -\sphinxAtStartPar -i -& -\sphinxAtStartPar -{[}Dis{]}allows inquiries about principals or policies -\\ -\hline -\sphinxAtStartPar -l -& -\sphinxAtStartPar -{[}Dis{]}allows the listing of all principals or policies -\\ -\hline -\sphinxAtStartPar -m -& -\sphinxAtStartPar -{[}Dis{]}allows the modification of principals or policies -\\ -\hline -\sphinxAtStartPar -p -& -\sphinxAtStartPar -{[}Dis{]}allows the propagation of the principal database (used in {\hyperref[\detokenize{admin/database:incr-db-prop}]{\sphinxcrossref{\DUrole{std,std-ref}{Incremental database propagation}}}}) -\\ -\hline -\sphinxAtStartPar -s -& -\sphinxAtStartPar -{[}Dis{]}allows the explicit setting of the key for a principal -\\ -\hline -\sphinxAtStartPar -x -& -\sphinxAtStartPar -Short for admcilsp. All privileges (except \sphinxcode{\sphinxupquote{e}}) -\\ -\hline -\sphinxAtStartPar -* -& -\sphinxAtStartPar -Same as x. -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - -\end{description} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The \sphinxcode{\sphinxupquote{extract}} privilege is not included in the wildcard -privilege; it must be explicitly assigned. This privilege -allows the user to extract keys from the database, and must be -handled with great care to avoid disclosure of important keys -like those of the kadmin/* or krbtgt/* principals. The -\sphinxstylestrong{lockdown\_keys} principal attribute can be used to prevent -key extraction from specific principals regardless of the -granted privilege. -\end{sphinxadmonition} -\begin{description} -\item[{\sphinxstyleemphasis{target\_principal}}] \leavevmode -\sphinxAtStartPar -(Optional. Partially or fully qualified Kerberos principal name.) -Specifies the principal on which \sphinxstyleemphasis{permissions} may be applied. -Each component of the name may be wildcarded using the \sphinxcode{\sphinxupquote{*}} -character. - -\sphinxAtStartPar -\sphinxstyleemphasis{target\_principal} can also include back\sphinxhyphen{}references to \sphinxstyleemphasis{principal}, -in which \sphinxcode{\sphinxupquote{*number}} matches the corresponding wildcard in -\sphinxstyleemphasis{principal}. - -\item[{\sphinxstyleemphasis{restrictions}}] \leavevmode -\sphinxAtStartPar -(Optional) A string of flags. Allowed restrictions are: -\begin{quote} -\begin{description} -\item[{\{+|\sphinxhyphen{}\}\sphinxstyleemphasis{flagname}}] \leavevmode -\sphinxAtStartPar -flag is forced to the indicated value. The permissible flags -are the same as those for the \sphinxstylestrong{default\_principal\_flags} -variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. - -\item[{\sphinxstyleemphasis{\sphinxhyphen{}clearpolicy}}] \leavevmode -\sphinxAtStartPar -policy is forced to be empty. - -\item[{\sphinxstyleemphasis{\sphinxhyphen{}policy pol}}] \leavevmode -\sphinxAtStartPar -policy is forced to be \sphinxstyleemphasis{pol}. - -\item[{\sphinxhyphen{}\{\sphinxstyleemphasis{expire, pwexpire, maxlife, maxrenewlife}\} \sphinxstyleemphasis{time}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{getdate} string) associated value will be forced to -MIN(\sphinxstyleemphasis{time}, requested value). - -\end{description} -\end{quote} - -\sphinxAtStartPar -The above flags act as restrictions on any add or modify operation -which is allowed due to that ACL line. - -\end{description} - -\begin{sphinxadmonition}{warning}{Warning:} -\sphinxAtStartPar -If the kadmind ACL file is modified, the kadmind daemon needs to be -restarted for changes to take effect. -\end{sphinxadmonition} - - -\subsubsection{EXAMPLE} -\label{\detokenize{admin/conf_files/kadm5_acl:example}} -\sphinxAtStartPar -Here is an example of a kadm5.acl file: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{o}{*}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{*} \PYG{c+c1}{\PYGZsh{} line 1} -\PYG{n}{joeadmin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{ADMCIL} \PYG{c+c1}{\PYGZsh{} line 2} -\PYG{n}{joeadmin}\PYG{o}{/}\PYG{o}{*}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{i} \PYG{o}{*}\PYG{o}{/}\PYG{n}{root}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{c+c1}{\PYGZsh{} line 3} -\PYG{o}{*}\PYG{o}{/}\PYG{n}{root}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{ci} \PYG{o}{*}\PYG{l+m+mi}{1}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{c+c1}{\PYGZsh{} line 4} -\PYG{o}{*}\PYG{o}{/}\PYG{n}{root}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{l} \PYG{o}{*} \PYG{c+c1}{\PYGZsh{} line 5} -\PYG{n}{sms}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{x} \PYG{o}{*} \PYG{o}{\PYGZhy{}}\PYG{n}{maxlife} \PYG{l+m+mi}{9}\PYG{n}{h} \PYG{o}{\PYGZhy{}}\PYG{n}{postdateable} \PYG{c+c1}{\PYGZsh{} line 6} -\end{sphinxVerbatim} - -\sphinxAtStartPar -(line 1) Any principal in the \sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}} realm with an -\sphinxcode{\sphinxupquote{admin}} instance has all administrative privileges except extracting -keys. - -\sphinxAtStartPar -(lines 1\sphinxhyphen{}3) The user \sphinxcode{\sphinxupquote{joeadmin}} has all permissions except -extracting keys with his \sphinxcode{\sphinxupquote{admin}} instance, -\sphinxcode{\sphinxupquote{joeadmin/admin@ATHENA.MIT.EDU}} (matches line 1). He has no -permissions at all with his null instance, \sphinxcode{\sphinxupquote{joeadmin@ATHENA.MIT.EDU}} -(matches line 2). His \sphinxcode{\sphinxupquote{root}} and other non\sphinxhyphen{}\sphinxcode{\sphinxupquote{admin}}, non\sphinxhyphen{}null -instances (e.g., \sphinxcode{\sphinxupquote{extra}} or \sphinxcode{\sphinxupquote{dbadmin}}) have inquire permissions -with any principal that has the instance \sphinxcode{\sphinxupquote{root}} (matches line 3). - -\sphinxAtStartPar -(line 4) Any \sphinxcode{\sphinxupquote{root}} principal in \sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}} can inquire -or change the password of their null instance, but not any other -null instance. (Here, \sphinxcode{\sphinxupquote{*1}} denotes a back\sphinxhyphen{}reference to the -component matching the first wildcard in the actor principal.) - -\sphinxAtStartPar -(line 5) Any \sphinxcode{\sphinxupquote{root}} principal in \sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}} can generate -the list of principals in the database, and the list of policies -in the database. This line is separate from line 4, because list -permission can only be granted globally, not to specific target -principals. - -\sphinxAtStartPar -(line 6) Finally, the Service Management System principal -\sphinxcode{\sphinxupquote{sms@ATHENA.MIT.EDU}} has all permissions except extracting keys, but -any principal that it creates or modifies will not be able to get -postdateable tickets or tickets with a life of longer than 9 hours. - - -\subsubsection{MODULE BEHAVIOR} -\label{\detokenize{admin/conf_files/kadm5_acl:module-behavior}} -\sphinxAtStartPar -The ACL file can coexist with other authorization modules in release -1.16 and later, as configured in the {\hyperref[\detokenize{admin/conf_files/krb5_conf:kadm5-auth}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5\_auth interface}}}} section of -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. The ACL file will positively authorize -operations according to the rules above, but will never -authoritatively deny an operation, so other modules can authorize -operations in addition to those authorized by the ACL file. - -\sphinxAtStartPar -To operate without an ACL file, set the \sphinxstyleemphasis{acl\_file} variable in -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} to the empty string with \sphinxcode{\sphinxupquote{acl\_file = ""}}. - - -\subsubsection{SEE ALSO} -\label{\detokenize{admin/conf_files/kadm5_acl:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}, {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} - - -\chapter{Realm configuration decisions} -\label{\detokenize{admin/realm_config:realm-configuration-decisions}}\label{\detokenize{admin/realm_config::doc}} -\sphinxAtStartPar -Before installing Kerberos V5, it is necessary to consider the -following issues: -\begin{itemize} -\item {} -\sphinxAtStartPar -The name of your Kerberos realm (or the name of each realm, if you -need more than one). - -\item {} -\sphinxAtStartPar -How you will assign your hostnames to Kerberos realms. - -\item {} -\sphinxAtStartPar -Which ports your KDC and and kadmind services will use, if they will -not be using the default ports. - -\item {} -\sphinxAtStartPar -How many replica KDCs you need and where they should be located. - -\item {} -\sphinxAtStartPar -The hostnames of your primary and replica KDCs. - -\item {} -\sphinxAtStartPar -How frequently you will propagate the database from the primary KDC -to the replica KDCs. - -\end{itemize} - - -\section{Realm name} -\label{\detokenize{admin/realm_config:realm-name}} -\sphinxAtStartPar -Although your Kerberos realm can be any ASCII string, convention is to -make it the same as your domain name, in upper\sphinxhyphen{}case letters. - -\sphinxAtStartPar -For example, hosts in the domain \sphinxcode{\sphinxupquote{example.com}} would be in the -Kerberos realm: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If you need multiple Kerberos realms, MIT recommends that you use -descriptive names which end with your domain name, such as: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{BOSTON}\PYG{o}{.}\PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{HOUSTON}\PYG{o}{.}\PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} -\end{sphinxVerbatim} - - -\section{Mapping hostnames onto Kerberos realms} -\label{\detokenize{admin/realm_config:mapping-hostnames-onto-kerberos-realms}}\label{\detokenize{admin/realm_config:mapping-hostnames}} -\sphinxAtStartPar -Mapping hostnames onto Kerberos realms is done in one of three ways. - -\sphinxAtStartPar -The first mechanism works through a set of rules in the -{\hyperref[\detokenize{admin/conf_files/krb5_conf:domain-realm}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}domain\_realm{]}}}}} section of {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. You can specify -mappings for an entire domain or on a per\sphinxhyphen{}hostname basis. Typically -you would do this by specifying the mappings for a given domain or -subdomain and listing the exceptions. - -\sphinxAtStartPar -The second mechanism is to use KDC host\sphinxhyphen{}based service referrals. With -this method, the KDC’s krb5.conf has a full {[}domain\_realm{]} mapping for -hosts, but the clients do not, or have mappings for only a subset of -the hosts they might contact. When a client needs to contact a server -host for which it has no mapping, it will ask the client realm’s KDC -for the service ticket, and will receive a referral to the appropriate -service realm. - -\sphinxAtStartPar -To use referrals, clients must be running MIT krb5 1.6 or later, and -the KDC must be running MIT krb5 1.7 or later. The -\sphinxstylestrong{host\_based\_services} and \sphinxstylestrong{no\_host\_referral} variables in the -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} section of {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} can be used to -fine\sphinxhyphen{}tune referral behavior on the KDC. - -\sphinxAtStartPar -It is also possible for clients to use DNS TXT records, if -\sphinxstylestrong{dns\_lookup\_realm} is enabled in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. Such lookups -are disabled by default because DNS is an insecure protocol and security -holes could result if DNS records are spoofed. If enabled, the client -will try to look up a TXT record formed by prepending the prefix -\sphinxcode{\sphinxupquote{\_kerberos}} to the hostname in question. If that record is not -found, the client will attempt a lookup by prepending \sphinxcode{\sphinxupquote{\_kerberos}} to the -host’s domain name, then its parent domain, up to the top\sphinxhyphen{}level domain. -For the hostname \sphinxcode{\sphinxupquote{boston.engineering.example.com}}, the names looked up -would be: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{\PYGZus{}kerberos}\PYG{o}{.}\PYG{n}{boston}\PYG{o}{.}\PYG{n}{engineering}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com} -\PYG{n}{\PYGZus{}kerberos}\PYG{o}{.}\PYG{n}{engineering}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com} -\PYG{n}{\PYGZus{}kerberos}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com} -\PYG{n}{\PYGZus{}kerberos}\PYG{o}{.}\PYG{n}{com} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The value of the first TXT record found is taken as the realm name. - -\sphinxAtStartPar -Even if you do not choose to use this mechanism within your site, -you may wish to set it up anyway, for use when interacting with other sites. - - -\section{Ports for the KDC and admin services} -\label{\detokenize{admin/realm_config:ports-for-the-kdc-and-admin-services}} -\sphinxAtStartPar -The default ports used by Kerberos are port 88 for the KDC and port -749 for the admin server. You can, however, choose to run on other -ports, as long as they are specified in each host’s -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} files or in DNS SRV records, and the -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} file on each KDC. For a more thorough treatment of -port numbers used by the Kerberos V5 programs, refer to the -{\hyperref[\detokenize{admin/appl_servers:conf-firewall}]{\sphinxcrossref{\DUrole{std,std-ref}{Configuring your firewall to work with Kerberos V5}}}}. - - -\section{Replica KDCs} -\label{\detokenize{admin/realm_config:replica-kdcs}} -\sphinxAtStartPar -Replica KDCs provide an additional source of Kerberos ticket\sphinxhyphen{}granting -services in the event of inaccessibility of the primary KDC. The -number of replica KDCs you need and the decision of where to place them, -both physically and logically, depends on the specifics of your -network. - -\sphinxAtStartPar -Kerberos authentication requires that each client be able to contact a -KDC. Therefore, you need to anticipate any likely reason a KDC might -be unavailable and have a replica KDC to take up the slack. - -\sphinxAtStartPar -Some considerations include: -\begin{itemize} -\item {} -\sphinxAtStartPar -Have at least one replica KDC as a backup, for when the primary KDC -is down, is being upgraded, or is otherwise unavailable. - -\item {} -\sphinxAtStartPar -If your network is split such that a network outage is likely to -cause a network partition (some segment or segments of the network -to become cut off or isolated from other segments), have a replica -KDC accessible to each segment. - -\item {} -\sphinxAtStartPar -If possible, have at least one replica KDC in a different building -from the primary, in case of power outages, fires, or other -localized disasters. - -\end{itemize} - - -\section{Hostnames for KDCs} -\label{\detokenize{admin/realm_config:hostnames-for-kdcs}}\label{\detokenize{admin/realm_config:kdc-hostnames}} -\sphinxAtStartPar -MIT recommends that your KDCs have a predefined set of CNAME records -(DNS hostname aliases), such as \sphinxcode{\sphinxupquote{kerberos}} for the primary KDC and -\sphinxcode{\sphinxupquote{kerberos\sphinxhyphen{}1}}, \sphinxcode{\sphinxupquote{kerberos\sphinxhyphen{}2}}, … for the replica KDCs. This way, -if you need to swap a machine, you only need to change a DNS entry, -rather than having to change hostnames. - -\sphinxAtStartPar -As of MIT krb5 1.4, clients can locate a realm’s KDCs through DNS -using SRV records (\index{RFC@\spxentry{RFC}!RFC 2782@\spxentry{RFC 2782}}\sphinxhref{https://tools.ietf.org/html/rfc2782.html}{\sphinxstylestrong{RFC 2782}}), assuming the Kerberos realm name is -also a DNS domain name. These records indicate the hostname and port -number to contact for that service, optionally with weighting and -prioritization. The domain name used in the SRV record name is the -realm name. Several different Kerberos\sphinxhyphen{}related service names are -used: -\begin{description} -\item[{\_kerberos.\_udp}] \leavevmode -\sphinxAtStartPar -This is for contacting any KDC by UDP. This entry will be used -the most often. Normally you should list port 88 on each of your -KDCs. - -\item[{\_kerberos.\_tcp}] \leavevmode -\sphinxAtStartPar -This is for contacting any KDC by TCP. Normally you should use -port 88. This entry should be omitted if the KDC does not listen -on TCP ports, as was the default prior to release 1.13. - -\item[{\_kerberos\sphinxhyphen{}master.\_udp}] \leavevmode -\sphinxAtStartPar -This entry should refer to those KDCs, if any, that will -immediately see password changes to the Kerberos database. If a -user is logging in and the password appears to be incorrect, the -client will retry with the primary KDC before failing with an -“incorrect password†error given. - -\sphinxAtStartPar -If you have only one KDC, or for whatever reason there is no -accessible KDC that would get database changes faster than the -others, you do not need to define this entry. - -\item[{\_kerberos\sphinxhyphen{}adm.\_tcp}] \leavevmode -\sphinxAtStartPar -This should list port 749 on your primary KDC. Support for it is -not complete at this time, but it will eventually be used by the -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} program and related utilities. For now, you will -also need the \sphinxstylestrong{admin\_server} variable in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. - -\item[{\_kerberos\sphinxhyphen{}master.\_tcp}] \leavevmode -\sphinxAtStartPar -The corresponding TCP port for \_kerberos\sphinxhyphen{}master.\_udp, assuming the -primary KDC listens on a TCP port. - -\item[{\_kpasswd.\_udp}] \leavevmode -\sphinxAtStartPar -This entry should list port 464 on your primary KDC. It is used -when a user changes her password. If this entry is not defined -but a \_kerberos\sphinxhyphen{}adm.\_tcp entry is defined, the client will use the -\_kerberos\sphinxhyphen{}adm.\_tcp entry with the port number changed to 464. - -\item[{\_kpasswd.\_tcp}] \leavevmode -\sphinxAtStartPar -The corresponding TCP port for \_kpasswd.\_udp. - -\end{description} - -\sphinxAtStartPar -The DNS SRV specification requires that the hostnames listed be the -canonical names, not aliases. So, for example, you might include the -following records in your (BIND\sphinxhyphen{}style) zone file: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{}ORIGIN foobar.com. -\PYGZus{}kerberos TXT \PYGZdq{}FOOBAR.COM\PYGZdq{} -kerberos CNAME daisy -kerberos\PYGZhy{}1 CNAME use\PYGZhy{}the\PYGZhy{}force\PYGZhy{}luke -kerberos\PYGZhy{}2 CNAME bunny\PYGZhy{}rabbit -\PYGZus{}kerberos.\PYGZus{}udp SRV 0 0 88 daisy - SRV 0 0 88 use\PYGZhy{}the\PYGZhy{}force\PYGZhy{}luke - SRV 0 0 88 bunny\PYGZhy{}rabbit -\PYGZus{}kerberos\PYGZhy{}master.\PYGZus{}udp SRV 0 0 88 daisy -\PYGZus{}kerberos\PYGZhy{}adm.\PYGZus{}tcp SRV 0 0 749 daisy -\PYGZus{}kpasswd.\PYGZus{}udp SRV 0 0 464 daisy -\end{sphinxVerbatim} - -\sphinxAtStartPar -Clients can also be configured with the explicit location of services -using the \sphinxstylestrong{kdc}, \sphinxstylestrong{master\_kdc}, \sphinxstylestrong{admin\_server}, and -\sphinxstylestrong{kpasswd\_server} variables in the {\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} section of -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. Even if some clients will be configured with -explicit server locations, providing SRV records will still benefit -unconfigured clients, and be useful for other sites. - - -\section{KDC Discovery} -\label{\detokenize{admin/realm_config:kdc-discovery}}\label{\detokenize{admin/realm_config:id1}} -\sphinxAtStartPar -As of MIT krb5 1.15, clients can also locate KDCs in DNS through URI -records (\index{RFC@\spxentry{RFC}!RFC 7553@\spxentry{RFC 7553}}\sphinxhref{https://tools.ietf.org/html/rfc7553.html}{\sphinxstylestrong{RFC 7553}}). Limitations with the SRV record format may -result in extra DNS queries in situations where a client must failover -to other transport types, or find a primary server. The URI record -can convey more information about a realm’s KDCs with a single query. - -\sphinxAtStartPar -The client performs a query for the following URI records: -\begin{itemize} -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{\_kerberos.REALM}} for finding KDCs. - -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{\_kerberos\sphinxhyphen{}adm.REALM}} for finding kadmin services. - -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{\_kpasswd.REALM}} for finding password services. - -\end{itemize} - -\sphinxAtStartPar -The URI record includes a priority, weight, and a URI string that -consists of case\sphinxhyphen{}insensitive colon separated fields, in the form -\sphinxcode{\sphinxupquote{scheme:{[}flags{]}:transport:residual}}. -\begin{itemize} -\item {} -\sphinxAtStartPar -\sphinxstyleemphasis{scheme} defines the registered URI type. It should always be -\sphinxcode{\sphinxupquote{krb5srv}}. - -\item {} -\sphinxAtStartPar -\sphinxstyleemphasis{flags} contains zero or more flag characters. Currently the only -valid flag is \sphinxcode{\sphinxupquote{m}}, which indicates that the record is for a -primary server. - -\item {} -\sphinxAtStartPar -\sphinxstyleemphasis{transport} defines the transport type of the residual URL or -address. Accepted values are \sphinxcode{\sphinxupquote{tcp}}, \sphinxcode{\sphinxupquote{udp}}, or \sphinxcode{\sphinxupquote{kkdcp}} for the -MS\sphinxhyphen{}KKDCP type. - -\item {} -\sphinxAtStartPar -\sphinxstyleemphasis{residual} contains the hostname, IP address, or URL to be -contacted using the specified transport, with an optional port -extension. The MS\sphinxhyphen{}KKDCP transport type uses a HTTPS URL, and can -include a port and/or path extension. - -\end{itemize} - -\sphinxAtStartPar -An example of URI records in a zone file: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{\PYGZus{}kerberos}\PYG{o}{.}\PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM} \PYG{n}{URI} \PYG{l+m+mi}{10} \PYG{l+m+mi}{1} \PYG{n}{krb5srv}\PYG{p}{:}\PYG{n}{m}\PYG{p}{:}\PYG{n}{tcp}\PYG{p}{:}\PYG{n}{kdc1}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com} - \PYG{n}{URI} \PYG{l+m+mi}{20} \PYG{l+m+mi}{1} \PYG{n}{krb5srv}\PYG{p}{:}\PYG{n}{m}\PYG{p}{:}\PYG{n}{udp}\PYG{p}{:}\PYG{n}{kdc2}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com}\PYG{p}{:}\PYG{l+m+mi}{89} - \PYG{n}{URI} \PYG{l+m+mi}{40} \PYG{l+m+mi}{1} \PYG{n}{krb5srv}\PYG{p}{:}\PYG{p}{:}\PYG{n}{udp}\PYG{p}{:}\PYG{l+m+mf}{10.10}\PYG{l+m+mf}{.0}\PYG{l+m+mf}{.23} - \PYG{n}{URI} \PYG{l+m+mi}{30} \PYG{l+m+mi}{1} \PYG{n}{krb5srv}\PYG{p}{:}\PYG{p}{:}\PYG{n}{kkdcp}\PYG{p}{:}\PYG{n}{https}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{proxy}\PYG{p}{:}\PYG{l+m+mi}{89}\PYG{o}{/}\PYG{n}{auth} -\end{sphinxVerbatim} - -\sphinxAtStartPar -URI lookups are enabled by default, and can be disabled by setting -\sphinxstylestrong{dns\_uri\_lookup} in the {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}} section of -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} to False. When enabled, URI lookups take -precedence over SRV lookups, falling back to SRV lookups if no URI -records are found. - - -\section{Database propagation} -\label{\detokenize{admin/realm_config:database-propagation}}\label{\detokenize{admin/realm_config:db-prop}} -\sphinxAtStartPar -The Kerberos database resides on the primary KDC, and must be -propagated regularly (usually by a cron job) to the replica KDCs. In -deciding how frequently the propagation should happen, you will need -to balance the amount of time the propagation takes against the -maximum reasonable amount of time a user should have to wait for a -password change to take effect. - -\sphinxAtStartPar -If the propagation time is longer than this maximum reasonable time -(e.g., you have a particularly large database, you have a lot of -replicas, or you experience frequent network delays), you may wish to -cut down on your propagation delay by performing the propagation in -parallel. To do this, have the primary KDC propagate the database to -one set of replicas, and then have each of these replicas propagate -the database to additional replicas. - -\sphinxAtStartPar -See also {\hyperref[\detokenize{admin/database:incr-db-prop}]{\sphinxcrossref{\DUrole{std,std-ref}{Incremental database propagation}}}} - - -\chapter{Database administration} -\label{\detokenize{admin/database:database-administration}}\label{\detokenize{admin/database::doc}} -\sphinxAtStartPar -A Kerberos database contains all of a realm’s Kerberos principals, -their passwords, and other administrative information about each -principal. For the most part, you will use the {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} -program to manipulate the Kerberos database as a whole, and the -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} program to make changes to the entries in the -database. (One notable exception is that users will use the -\DUrole{xref,std,std-ref}{kpasswd(1)} program to change their own passwords.) The kadmin -program has its own command\sphinxhyphen{}line interface, to which you type the -database administrating commands. - -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} provides a means to create, delete, load, or dump -a Kerberos database. It also contains commands to roll over the -database master key, and to stash a copy of the key so that the -{\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} and {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} daemons can use the database -without manual input. - -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} provides for the maintenance of Kerberos principals, -password policies, and service key tables (keytabs). Normally it -operates as a network client using Kerberos authentication to -communicate with {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}}, but there is also a variant, named -kadmin.local, which directly accesses the Kerberos database on the -local filesystem (or through LDAP). kadmin.local is necessary to set -up enough of the database to be able to use the remote version. - -\sphinxAtStartPar -kadmin can authenticate to the admin server using the service -principal \sphinxcode{\sphinxupquote{kadmin/admin}} or \sphinxcode{\sphinxupquote{kadmin/HOST}} (where \sphinxstyleemphasis{HOST} is the -hostname of the admin server). If the credentials cache contains a -ticket for either service principal and the \sphinxstylestrong{\sphinxhyphen{}c} ccache option is -specified, that ticket is used to authenticate to KADM5. Otherwise, -the \sphinxstylestrong{\sphinxhyphen{}p} and \sphinxstylestrong{\sphinxhyphen{}k} options are used to specify the client Kerberos -principal name used to authenticate. Once kadmin has determined the -principal name, it requests a \sphinxcode{\sphinxupquote{kadmin/admin}} Kerberos service ticket -from the KDC, and uses that service ticket to authenticate to KADM5. - -\sphinxAtStartPar -See {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} for the available kadmin and kadmin.local -commands and options. - - -\section{Principals} -\label{\detokenize{admin/database:principals}}\label{\detokenize{admin/database:id1}} -\sphinxAtStartPar -Each entry in the Kerberos database contains a Kerberos principal and -the attributes and policies associated with that principal. - -\sphinxAtStartPar -To add a principal to the database, use the {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} -\sphinxstylestrong{add\_principal} command. User principals should usually be created -with the \sphinxcode{\sphinxupquote{+requires\_preauth \sphinxhyphen{}allow\_svr}} options to help mitigate -dictionary attacks (see {\hyperref[\detokenize{admin/dictionary:dictionary}]{\sphinxcrossref{\DUrole{std,std-ref}{Addressing dictionary attack risks}}}}): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth} \PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}svr} \PYG{n}{alice} -\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{alice@KRBTEST.COM}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{alice@KRBTEST.COM}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\end{sphinxVerbatim} - -\sphinxAtStartPar -User principals which will authenticate with {\hyperref[\detokenize{admin/pkinit:pkinit}]{\sphinxcrossref{\DUrole{std,std-ref}{PKINIT configuration}}}} should -instead by created with the \sphinxcode{\sphinxupquote{\sphinxhyphen{}nokey}} option: -\begin{quote} - -\sphinxAtStartPar -kadmin: addprinc \sphinxhyphen{}nokey alice -\end{quote} - -\sphinxAtStartPar -Service principals can be created with the \sphinxcode{\sphinxupquote{\sphinxhyphen{}nokey}} option; -long\sphinxhyphen{}term keys will be added when a keytab is generated: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{nokey} \PYG{n}{host}\PYG{o}{/}\PYG{n}{foo}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{ktadd} \PYG{o}{\PYGZhy{}}\PYG{n}{k} \PYG{n}{foo}\PYG{o}{.}\PYG{n}{keytab} \PYG{n}{host}\PYG{o}{/}\PYG{n}{foo}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{foo}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{n}{foo}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{foo}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{n}{foo}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -To modify attributes of an existing principal, use the kadmin -\sphinxstylestrong{modify\_principal} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{modprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{expire} \PYG{n}{tomorrow} \PYG{n}{alice} -\PYG{n}{Principal} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{alice@KRBTEST.COM}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{modified}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -To delete a principal, use the kadmin \sphinxstylestrong{delete\_principal} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -kadmin: delprinc alice -Are you sure you want to delete the principal \PYGZdq{}alice@KRBTEST.COM\PYGZdq{}? (yes/no): yes -Principal \PYGZdq{}alice@KRBTEST.COM\PYGZdq{} deleted. -Make sure that you have removed this principal from all ACLs before reusing. -\end{sphinxVerbatim} - -\sphinxAtStartPar -To change a principal’s password, use the kadmin \sphinxstylestrong{change\_password} -command. Password changes made through kadmin are subject to the same -password policies as would apply to password changes made through -\DUrole{xref,std,std-ref}{kpasswd(1)}. - -\sphinxAtStartPar -To view the attributes of a principal, use the kadmin\textasciigrave{} -\sphinxstylestrong{get\_principal} command. - -\sphinxAtStartPar -To generate a listing of principals, use the kadmin -\sphinxstylestrong{list\_principals} command. - - -\section{Policies} -\label{\detokenize{admin/database:policies}}\label{\detokenize{admin/database:id2}} -\sphinxAtStartPar -A policy is a set of rules governing passwords. Policies can dictate -minimum and maximum password lifetimes, minimum number of characters -and character classes a password must contain, and the number of old -passwords kept in the database. - -\sphinxAtStartPar -To add a new policy, use the {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} \sphinxstylestrong{add\_policy} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addpol} \PYG{o}{\PYGZhy{}}\PYG{n}{maxlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{1 year}\PYG{l+s+s2}{\PYGZdq{}} \PYG{o}{\PYGZhy{}}\PYG{n}{history} \PYG{l+m+mi}{3} \PYG{n}{stduser} -\end{sphinxVerbatim} - -\sphinxAtStartPar -To modify attributes of a principal, use the kadmin \sphinxstylestrong{modify\_policy} -command. To delete a policy, use the kadmin \sphinxstylestrong{delete\_policy} -command. - -\sphinxAtStartPar -To associate a policy with a principal, use the kadmin -\sphinxstylestrong{modify\_principal} command with the \sphinxstylestrong{\sphinxhyphen{}policy} option: -\begin{quote} - -\sphinxAtStartPar -kadmin: modprinc \sphinxhyphen{}policy stduser alice -Principal “\sphinxhref{mailto:alice@KRBTEST.COM}{alice@KRBTEST.COM}†modified. -\end{quote} - -\sphinxAtStartPar -A principal entry may be associated with a nonexistent policy, either -because the policy did not exist at the time of associated or was -deleted afterwards. kadmin will warn when associated a principal with -a nonexistent policy, and will annotate the policy name with “{[}does -not exist{]}†in the \sphinxstylestrong{get\_principal} output. - - -\subsection{Updating the history key} -\label{\detokenize{admin/database:updating-the-history-key}}\label{\detokenize{admin/database:updating-history-key}} -\sphinxAtStartPar -If a policy specifies a number of old keys kept of two or more, the -stored old keys are encrypted in a history key, which is found in the -key data of the \sphinxcode{\sphinxupquote{kadmin/history}} principal. - -\sphinxAtStartPar -Currently there is no support for proper rollover of the history key, -but you can change the history key (for example, to use a better -encryption type) at the cost of invalidating currently stored old -keys. To change the history key, run: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{change\PYGZus{}password} \PYG{o}{\PYGZhy{}}\PYG{n}{randkey} \PYG{n}{kadmin}\PYG{o}{/}\PYG{n}{history} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This command will fail if you specify the \sphinxstylestrong{\sphinxhyphen{}keepold} flag. Only one -new history key will be created, even if you specify multiple key/salt -combinations. - -\sphinxAtStartPar -In the future, we plan to migrate towards encrypting old keys in the -master key instead of the history key, and implementing proper -rollover support for stored old keys. - - -\section{Privileges} -\label{\detokenize{admin/database:privileges}}\label{\detokenize{admin/database:id3}} -\sphinxAtStartPar -Administrative privileges for the Kerberos database are stored in the -file {\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}}. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -A common use of an admin instance is so you can grant -separate permissions (such as administrator access to the -Kerberos database) to a separate Kerberos principal. For -example, the user \sphinxcode{\sphinxupquote{joeadmin}} might have a principal for -his administrative use, called \sphinxcode{\sphinxupquote{joeadmin/admin}}. This -way, \sphinxcode{\sphinxupquote{joeadmin}} would obtain \sphinxcode{\sphinxupquote{joeadmin/admin}} tickets -only when he actually needs to use those permissions. -\end{sphinxadmonition} - - -\section{Operations on the Kerberos database} -\label{\detokenize{admin/database:operations-on-the-kerberos-database}}\label{\detokenize{admin/database:db-operations}} -\sphinxAtStartPar -The {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} command is the primary tool for administrating -the Kerberos database when using the DB2 or LMDB modules (see -{\hyperref[\detokenize{admin/dbtypes:dbtypes}]{\sphinxcrossref{\DUrole{std,std-ref}{Database types}}}}). Creating a database is described in -{\hyperref[\detokenize{admin/install_kdc:create-db}]{\sphinxcrossref{\DUrole{std,std-ref}{Create the KDC database}}}}. - -\sphinxAtStartPar -To create a stash file using the master password (because the database -was not created with one using the \sphinxcode{\sphinxupquote{create \sphinxhyphen{}s}} flag, or after -restoring from a backup which did not contain the stash file), use the -kdb5\_util \sphinxstylestrong{stash} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}util stash -kdb5\PYGZus{}util: Cannot find/read stored master key while reading master key -kdb5\PYGZus{}util: Warning: proceeding without master key -Enter KDC database master key: \PYGZlt{}= Type the KDC database master password. -\end{sphinxVerbatim} - -\sphinxAtStartPar -To destroy a database, use the kdb5\_util destroy command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}util destroy -Deleting KDC database stored in \PYGZsq{}/var/krb5kdc/principal\PYGZsq{}, are you sure? -(type \PYGZsq{}yes\PYGZsq{} to confirm)? yes -OK, deleting database \PYGZsq{}/var/krb5kdc/principal\PYGZsq{}... -** Database \PYGZsq{}/var/krb5kdc/principal\PYGZsq{} destroyed. -\end{sphinxVerbatim} - - -\subsection{Dumping and loading a Kerberos database} -\label{\detokenize{admin/database:dumping-and-loading-a-kerberos-database}}\label{\detokenize{admin/database:restore-from-dump}} -\sphinxAtStartPar -To dump a Kerberos database into a text file for backup or transfer -purposes, use the {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} \sphinxstylestrong{dump} command on one of the -KDCs: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}util dump dumpfile - -\PYGZdl{} kbd5\PYGZus{}util dump \PYGZhy{}verbose dumpfile -kadmin/admin@ATHENA.MIT.EDU -krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU -kadmin/history@ATHENA.MIT.EDU -K/M@ATHENA.MIT.EDU -kadmin/changepw@ATHENA.MIT.EDU -\end{sphinxVerbatim} - -\sphinxAtStartPar -You may specify which principals to dump, using full principal names -including realm: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}util dump \PYGZhy{}verbose someprincs K/M@ATHENA.MIT.EDU kadmin/admin@ATHENA.MIT.EDU -kadmin/admin@ATHENA.MIT.EDU -K/M@ATHENA.MIT.EDU -\end{sphinxVerbatim} - -\sphinxAtStartPar -To restore a Kerberos database dump from a file, use the -{\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} \sphinxstylestrong{load} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}util load dumpfile -\end{sphinxVerbatim} - -\sphinxAtStartPar -To update an existing database with a partial dump file containing -only some principals, use the \sphinxcode{\sphinxupquote{\sphinxhyphen{}update}} flag: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}util load \PYGZhy{}update someprincs -\end{sphinxVerbatim} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If the database file exists, and the \sphinxstyleemphasis{\sphinxhyphen{}update} flag was not -given, \sphinxstyleemphasis{kdb5\_util} will overwrite the existing database. -\end{sphinxadmonition} - - -\subsection{Updating the master key} -\label{\detokenize{admin/database:updating-the-master-key}}\label{\detokenize{admin/database:updating-master-key}} -\sphinxAtStartPar -Starting with release 1.7, {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} allows the master key -to be changed using a rollover process, with minimal loss of -availability. To roll over the master key, follow these steps: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -On the primary KDC, run \sphinxcode{\sphinxupquote{kdb5\_util list\_mkeys}} to view the -current master key version number (KVNO). If you have never rolled -over the master key before, this will likely be version 1: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}util list\PYGZus{}mkeys -Master keys for Principal: K/M@KRBTEST.COM -KVNO: 1, Enctype: aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha384\PYGZhy{}192, Active on: Thu Jan 01 00:00:00 UTC 1970 * -\end{sphinxVerbatim} - -\item {} -\sphinxAtStartPar -On the primary KDC, run \sphinxcode{\sphinxupquote{kdb5\_util use\_mkey 1}} to ensure that a -master key activation list is present in the database. This step -is unnecessary in release 1.11.4 or later, or if the database was -initially created with release 1.7 or later. - -\item {} -\sphinxAtStartPar -On the primary KDC, run \sphinxcode{\sphinxupquote{kdb5\_util add\_mkey \sphinxhyphen{}s}} to create a new -master key and write it to the stash file. Enter a secure password -when prompted. If this is the first time you are changing the -master key, the new key will have version 2. The new master key -will not be used until you make it active. - -\item {} -\sphinxAtStartPar -Propagate the database to all replica KDCs, either manually or by -waiting until the next scheduled propagation. If you do not have -any replica KDCs, you can skip this and the next step. - -\item {} -\sphinxAtStartPar -On each replica KDC, run \sphinxcode{\sphinxupquote{kdb5\_util list\_mkeys}} to verify that -the new master key is present, and then \sphinxcode{\sphinxupquote{kdb5\_util stash}} to -write the new master key to the replica KDC’s stash file. - -\item {} -\sphinxAtStartPar -On the primary KDC, run \sphinxcode{\sphinxupquote{kdb5\_util use\_mkey 2}} to begin using the -new master key. Replace \sphinxcode{\sphinxupquote{2}} with the version of the new master -key, as appropriate. You can optionally specify a date for the new -master key to become active; by default, it will become active -immediately. Prior to release 1.12, {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} must be -restarted for this change to take full effect. - -\item {} -\sphinxAtStartPar -On the primary KDC, run \sphinxcode{\sphinxupquote{kdb5\_util update\_princ\_encryption}}. -This command will iterate over the database and re\sphinxhyphen{}encrypt all keys -in the new master key. If the database is large and uses DB2, the -primary KDC will become unavailable while this command runs, but -clients should fail over to replica KDCs (if any are present) -during this time period. In release 1.13 and later, you can -instead run \sphinxcode{\sphinxupquote{kdb5\_util \sphinxhyphen{}x unlockiter update\_princ\_encryption}} to -use unlocked iteration; this variant will take longer, but will -keep the database available to the KDC and kadmind while it runs. - -\item {} -\sphinxAtStartPar -Wait until the above changes have propagated to all replica KDCs -and until all running KDC and kadmind processes have serviced -requests using updated principal entries. - -\item {} -\sphinxAtStartPar -On the primary KDC, run \sphinxcode{\sphinxupquote{kdb5\_util purge\_mkeys}} to clean up the -old master key. - -\end{enumerate} - - -\section{Operations on the LDAP database} -\label{\detokenize{admin/database:operations-on-the-ldap-database}}\label{\detokenize{admin/database:ops-on-ldap}} -\sphinxAtStartPar -The {\hyperref[\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_ldap\_util}}}} command is the primary tool for -administrating the Kerberos database when using the LDAP module. -Creating an LDAP Kerberos database is describe in {\hyperref[\detokenize{admin/conf_ldap:conf-ldap}]{\sphinxcrossref{\DUrole{std,std-ref}{Configuring Kerberos with OpenLDAP back\sphinxhyphen{}end}}}}. - -\sphinxAtStartPar -To view a list of realms in the LDAP database, use the kdb5\_ldap\_util -\sphinxstylestrong{list} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}ldap\PYGZus{}util list -KRBTEST.COM -\end{sphinxVerbatim} - -\sphinxAtStartPar -To modify the attributes of a realm, use the kdb5\_ldap\_util \sphinxstylestrong{modify} -command. For example, to change the default realm’s maximum ticket -life: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}ldap\PYGZus{}util modify \PYGZhy{}maxtktlife \PYGZdq{}10 hours\PYGZdq{} -\end{sphinxVerbatim} - -\sphinxAtStartPar -To display the attributes of a realm, use the kdb5\_ldap\_util \sphinxstylestrong{view} -command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}ldap\PYGZus{}util view - Realm Name: KRBTEST.COM - Maximum Ticket Life: 0 days 00:10:00 -\end{sphinxVerbatim} - -\sphinxAtStartPar -To remove a realm from the LDAP database, destroying its contents, use -the kdb5\_ldap\_util \sphinxstylestrong{destroy} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}ldap\PYGZus{}util destroy -Deleting KDC database of \PYGZsq{}KRBTEST.COM\PYGZsq{}, are you sure? -(type \PYGZsq{}yes\PYGZsq{} to confirm)? yes -OK, deleting database of \PYGZsq{}KRBTEST.COM\PYGZsq{}... -** Database of \PYGZsq{}KRBTEST.COM\PYGZsq{} destroyed. -\end{sphinxVerbatim} - - -\subsection{Ticket Policy operations} -\label{\detokenize{admin/database:ticket-policy-operations}} -\sphinxAtStartPar -Unlike the DB2 and LMDB modules, the LDAP module supports ticket -policy objects, which can be associated with principals to restrict -maximum ticket lifetimes and set mandatory principal flags. Ticket -policy objects are distinct from the password policies described -earlier on this page, and are chiefly managed through kdb5\_ldap\_util -rather than kadmin. To create a new ticket policy, use the -kdb5\_ldap\_util \sphinxstylestrong{create\_policy} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}ldap\PYGZus{}util create\PYGZus{}policy \PYGZhy{}maxrenewlife \PYGZdq{}2 days\PYGZdq{} users -\end{sphinxVerbatim} - -\sphinxAtStartPar -To associate a ticket policy with a principal, use the -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} \sphinxstylestrong{modify\_principal} (or \sphinxstylestrong{add\_principal}) command -with the \sphinxstylestrong{\sphinxhyphen{}x tktpolicy=}\sphinxstyleemphasis{policy} option: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kadmin.local modprinc \PYGZhy{}x tktpolicy=users alice -\end{sphinxVerbatim} - -\sphinxAtStartPar -To remove a ticket policy reference from a principal, use the same -command with an empty \sphinxstyleemphasis{policy}: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kadmin.local modprinc \PYGZhy{}x tktpolicy= alice -\end{sphinxVerbatim} - -\sphinxAtStartPar -To list the existing ticket policy objects, use the kdb5\_ldap\_util -\sphinxstylestrong{list\_policy} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}ldap\PYGZus{}util list\PYGZus{}policy -users -\end{sphinxVerbatim} - -\sphinxAtStartPar -To modify the attributes of a ticket policy object, use the -kdb5\_ldap\_util \sphinxstylestrong{modify\_policy} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}ldap\PYGZus{}util modify\PYGZus{}policy \PYGZhy{}allow\PYGZus{}svr +requires\PYGZus{}preauth users -\end{sphinxVerbatim} - -\sphinxAtStartPar -To view the attributes of a ticket policy object, use the -kdb5\_ldap\_util \sphinxstylestrong{view\_policy} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}ldap\PYGZus{}util view\PYGZus{}policy users - Ticket policy: users - Maximum renewable life: 2 days 00:00:00 - Ticket flags: REQUIRES\PYGZus{}PRE\PYGZus{}AUTH DISALLOW\PYGZus{}SVR -\end{sphinxVerbatim} - -\sphinxAtStartPar -To destroy an ticket policy object, use the kdb5\_ldap\_util -\sphinxstylestrong{destroy\_policy} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}ldap\PYGZus{}util destroy\PYGZus{}policy users -This will delete the policy object \PYGZsq{}users\PYGZsq{}, are you sure? -(type \PYGZsq{}yes\PYGZsq{} to confirm)? yes -** policy object \PYGZsq{}users\PYGZsq{} deleted. -\end{sphinxVerbatim} - - -\section{Cross\sphinxhyphen{}realm authentication} -\label{\detokenize{admin/database:cross-realm-authentication}}\label{\detokenize{admin/database:xrealm-authn}} -\sphinxAtStartPar -In order for a KDC in one realm to authenticate Kerberos users in a -different realm, it must share a key with the KDC in the other realm. -In both databases, there must be krbtgt service principals for both realms. -For example, if you need to do cross\sphinxhyphen{}realm authentication between the realms -\sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}} and \sphinxcode{\sphinxupquote{EXAMPLE.COM}}, you would need to add the -principals \sphinxcode{\sphinxupquote{krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU}} and -\sphinxcode{\sphinxupquote{krbtgt/ATHENA.MIT.EDU@EXAMPLE.COM}} to both databases. -These principals must all have the same passwords, key version -numbers, and encryption types; this may require explicitly setting -the key version number with the \sphinxstylestrong{\sphinxhyphen{}kvno} option. - -\sphinxAtStartPar -In the ATHENA.MIT.EDU and EXAMPLE.COM cross\sphinxhyphen{}realm case, the administrators -would run the following commands on the KDCs in both realms: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}}\PYG{p}{:} \PYG{n}{kadmin}\PYG{o}{.}\PYG{n}{local} \PYG{o}{\PYGZhy{}}\PYG{n}{e} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{aes256\PYGZhy{}cts:normal}\PYG{l+s+s2}{\PYGZdq{}} -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{requires\PYGZus{}preauth} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{:} -\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{:} -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{requires\PYGZus{}preauth} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} -\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} -\PYG{n}{kadmin}\PYG{p}{:} -\end{sphinxVerbatim} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -Even if most principals in a realm are generally created -with the \sphinxstylestrong{requires\_preauth} flag enabled, this flag is not -desirable on cross\sphinxhyphen{}realm authentication keys because doing -so makes it impossible to disable preauthentication on a -service\sphinxhyphen{}by\sphinxhyphen{}service basis. Disabling it as in the example -above is recommended. -\end{sphinxadmonition} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -It is very important that these principals have good -passwords. MIT recommends that TGT principal passwords be -at least 26 characters of random ASCII text. -\end{sphinxadmonition} - - -\section{Changing the krbtgt key} -\label{\detokenize{admin/database:changing-the-krbtgt-key}}\label{\detokenize{admin/database:changing-krbtgt-key}} -\sphinxAtStartPar -A Kerberos Ticket Granting Ticket (TGT) is a service ticket for the -principal \sphinxcode{\sphinxupquote{krbtgt/REALM}}. The key for this principal is created -when the Kerberos database is initialized and need not be changed. -However, it will only have the encryption types supported by the KDC -at the time of the initial database creation. To allow use of newer -encryption types for the TGT, this key has to be changed. - -\sphinxAtStartPar -Changing this key using the normal {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} -\sphinxstylestrong{change\_password} command would invalidate any previously issued -TGTs. Therefore, when changing this key, normally one should use the -\sphinxstylestrong{\sphinxhyphen{}keepold} flag to change\_password to retain the previous key in the -database as well as the new key. For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{change\PYGZus{}password} \PYG{o}{\PYGZhy{}}\PYG{n}{randkey} \PYG{o}{\PYGZhy{}}\PYG{n}{keepold} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\end{sphinxVerbatim} - -\begin{sphinxadmonition}{warning}{Warning:} -\sphinxAtStartPar -After issuing this command, the old key is still valid -and is still vulnerable to (for instance) brute force -attacks. To completely retire an old key or encryption -type, run the kadmin \sphinxstylestrong{purgekeys} command to delete keys -with older kvnos, ideally first making sure that all -tickets issued with the old keys have expired. -\end{sphinxadmonition} - -\sphinxAtStartPar -Only the first krbtgt key of the newest key version is used to encrypt -ticket\sphinxhyphen{}granting tickets. However, the set of encryption types present -in the krbtgt keys is used by default to determine the session key -types supported by the krbtgt service (see -{\hyperref[\detokenize{admin/enctypes:session-key-selection}]{\sphinxcrossref{\DUrole{std,std-ref}{Session key selection}}}}). Because non\sphinxhyphen{}MIT Kerberos clients -sometimes send a limited set of encryption types when making AS -requests, it can be important for the krbtgt service to support -multiple encryption types. This can be accomplished by giving the -krbtgt principal multiple keys, which is usually as simple as not -specifying any \sphinxstylestrong{\sphinxhyphen{}e} option when changing the krbtgt key, or by -setting the \sphinxstylestrong{session\_enctypes} string attribute on the krbtgt -principal (see {\hyperref[\detokenize{admin/admin_commands/kadmin_local:set-string}]{\sphinxcrossref{\DUrole{std,std-ref}{set\_string}}}}). - -\sphinxAtStartPar -Due to a bug in releases 1.8 through 1.13, renewed and forwarded -tickets may not work if the original ticket was obtained prior to a -krbtgt key change and the modified ticket is obtained afterwards. -Upgrading the KDC to release 1.14 or later will correct this bug. - - -\section{Incremental database propagation} -\label{\detokenize{admin/database:incremental-database-propagation}}\label{\detokenize{admin/database:incr-db-prop}} - -\subsection{Overview} -\label{\detokenize{admin/database:overview}} -\sphinxAtStartPar -At some very large sites, dumping and transmitting the database can -take more time than is desirable for changes to propagate from the -primary KDC to the replica KDCs. The incremental propagation support -added in the 1.7 release is intended to address this. - -\sphinxAtStartPar -With incremental propagation enabled, all programs on the primary KDC -that change the database also write information about the changes to -an “update log†file, maintained as a circular buffer of a certain -size. A process on each replica KDC connects to a service on the -primary KDC (currently implemented in the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} server) and -periodically requests the changes that have been made since the last -check. By default, this check is done every two minutes. - -\sphinxAtStartPar -Incremental propagation uses the following entries in the per\sphinxhyphen{}realm -data in the KDC config file (See {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}): - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|T|} -\hline - -\sphinxAtStartPar -iprop\_enable -& -\sphinxAtStartPar -\sphinxstyleemphasis{boolean} -& -\sphinxAtStartPar -If \sphinxstyleemphasis{true}, then incremental propagation is enabled, and (as noted below) normal kprop propagation is disabled. The default is \sphinxstyleemphasis{false}. -\\ -\hline -\sphinxAtStartPar -iprop\_master\_ulogsize -& -\sphinxAtStartPar -\sphinxstyleemphasis{integer} -& -\sphinxAtStartPar -Indicates the number of entries that should be retained in the update log. The default is 1000; the maximum number is 2500. -\\ -\hline -\sphinxAtStartPar -iprop\_replica\_poll -& -\sphinxAtStartPar -\sphinxstyleemphasis{time interval} -& -\sphinxAtStartPar -Indicates how often the replica should poll the primary KDC for changes to the database. The default is two minutes. -\\ -\hline -\sphinxAtStartPar -iprop\_port -& -\sphinxAtStartPar -\sphinxstyleemphasis{integer} -& -\sphinxAtStartPar -Specifies the port number to be used for incremental propagation. This is required in both primary and replica configuration files. -\\ -\hline -\sphinxAtStartPar -iprop\_resync\_timeout -& -\sphinxAtStartPar -\sphinxstyleemphasis{integer} -& -\sphinxAtStartPar -Specifies the number of seconds to wait for a full propagation to complete. This is optional on replica configurations. Defaults to 300 seconds (5 minutes). -\\ -\hline -\sphinxAtStartPar -iprop\_logfile -& -\sphinxAtStartPar -\sphinxstyleemphasis{file name} -& -\sphinxAtStartPar -Specifies where the update log file for the realm database is to be stored. The default is to use the \sphinxstyleemphasis{database\_name} entry from the realms section of the config file {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}, with \sphinxstyleemphasis{.ulog} appended. (NOTE: If database\_name isn’t specified in the realms section, perhaps because the LDAP database back end is being used, or the file name is specified in the \sphinxstyleemphasis{dbmodules} section, then the hard\sphinxhyphen{}coded default for \sphinxstyleemphasis{database\_name} is used. Determination of the \sphinxstyleemphasis{iprop\_logfile} default value will not use values from the \sphinxstyleemphasis{dbmodules} section.) -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - -\sphinxAtStartPar -Both primary and replica sides must have a principal named -\sphinxcode{\sphinxupquote{kiprop/hostname}} (where \sphinxstyleemphasis{hostname} is the lowercase, -fully\sphinxhyphen{}qualified, canonical name for the host) registered in the -Kerberos database, and have keys for that principal stored in the -default keytab file ({\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFKTNAME}}}}). The \sphinxcode{\sphinxupquote{kiprop/hostname}} principal may -have been created automatically for the primary KDC, but it must -always be created for replica KDCs. - -\sphinxAtStartPar -On the primary KDC side, the \sphinxcode{\sphinxupquote{kiprop/hostname}} principal must be -listed in the kadmind ACL file {\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}}, and given the -\sphinxstylestrong{p} privilege (see {\hyperref[\detokenize{admin/database:privileges}]{\sphinxcrossref{\DUrole{std,std-ref}{Privileges}}}}). - -\sphinxAtStartPar -On the replica KDC side, {\hyperref[\detokenize{admin/admin_commands/kpropd:kpropd-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kpropd}}}} should be run. When -incremental propagation is enabled, it will connect to the kadmind on -the primary KDC and start requesting updates. - -\sphinxAtStartPar -The normal kprop mechanism is disabled by the incremental propagation -support. However, if the replica has been unable to fetch changes -from the primary KDC for too long (network problems, perhaps), the log -on the primary may wrap around and overwrite some of the updates that -the replica has not yet retrieved. In this case, the replica will -instruct the primary KDC to dump the current database out to a file -and invoke a one\sphinxhyphen{}time kprop propagation, with special options to also -convey the point in the update log at which the replica should resume -fetching incremental updates. Thus, all the keytab and ACL setup -previously described for kprop propagation is still needed. - -\sphinxAtStartPar -If an environment has a large number of replicas, it may be desirable -to arrange them in a hierarchy instead of having the primary serve -updates to every replica. To do this, run \sphinxcode{\sphinxupquote{kadmind \sphinxhyphen{}proponly}} on -each intermediate replica, and \sphinxcode{\sphinxupquote{kpropd \sphinxhyphen{}A upstreamhostname}} on -downstream replicas to direct each one to the appropriate upstream -replica. - -\sphinxAtStartPar -There are several known restrictions in the current implementation: -\begin{itemize} -\item {} -\sphinxAtStartPar -The incremental update protocol does not transport changes to policy -objects. Any policy changes on the primary will result in full -resyncs to all replicas. - -\item {} -\sphinxAtStartPar -The replica’s KDB module must support locking; it cannot be using the -LDAP KDB module. - -\item {} -\sphinxAtStartPar -The primary and replica must be able to initiate TCP connections in -both directions, without an intervening NAT. - -\end{itemize} - - -\subsection{Sun/MIT incremental propagation differences} -\label{\detokenize{admin/database:sun-mit-incremental-propagation-differences}} -\sphinxAtStartPar -Sun donated the original code for supporting incremental database -propagation to MIT. Some changes have been made in the MIT source -tree that will be visible to administrators. (These notes are based -on Sun’s patches. Changes to Sun’s implementation since then may not -be reflected here.) - -\sphinxAtStartPar -The Sun config file support looks for \sphinxcode{\sphinxupquote{sunw\_dbprop\_enable}}, -\sphinxcode{\sphinxupquote{sunw\_dbprop\_master\_ulogsize}}, and \sphinxcode{\sphinxupquote{sunw\_dbprop\_slave\_poll}}. - -\sphinxAtStartPar -The incremental propagation service is implemented as an ONC RPC -service. In the Sun implementation, the service is registered with -rpcbind (also known as portmapper) and the client looks up the port -number to contact. In the MIT implementation, where interaction with -some modern versions of rpcbind doesn’t always work well, the port -number must be specified in the config file on both the primary and -replica sides. - -\sphinxAtStartPar -The Sun implementation hard\sphinxhyphen{}codes pathnames in \sphinxcode{\sphinxupquote{/var/krb5}} for the -update log and the per\sphinxhyphen{}replica kprop dump files. In the MIT -implementation, the pathname for the update log is specified in the -config file, and the per\sphinxhyphen{}replica dump files are stored in -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/replica\_datatrans\_hostname}}. - - -\chapter{Database types} -\label{\detokenize{admin/dbtypes:database-types}}\label{\detokenize{admin/dbtypes:dbtypes}}\label{\detokenize{admin/dbtypes::doc}} -\sphinxAtStartPar -A Kerberos database can be implemented with one of three built\sphinxhyphen{}in -database providers, called KDB modules. Software which incorporates -the MIT krb5 KDC may also provide its own KDB module. The following -subsections describe the three built\sphinxhyphen{}in KDB modules and the -configuration specific to them. - -\sphinxAtStartPar -The database type can be configured with the \sphinxstylestrong{db\_library} variable -in the {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbmodules}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbmodules{]}}}}} subsection for the realm. For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{dbmodules}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{db\PYGZus{}library} \PYG{o}{=} \PYG{n}{db2} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the \sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}} realm subsection contains a -\sphinxstylestrong{database\_module} setting, then the subsection within -\sphinxcode{\sphinxupquote{{[}dbmodules{]}}} should use that name instead of \sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}}. - -\sphinxAtStartPar -To transition from one database type to another, stop the -{\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} service, use \sphinxcode{\sphinxupquote{kdb5\_util dump}} to create a dump -file, change the \sphinxstylestrong{db\_library} value and set any appropriate -configuration for the new database type, and use \sphinxcode{\sphinxupquote{kdb5\_util load}} to -create and populate the new database. If the new database type is -LDAP, create the new database using \sphinxcode{\sphinxupquote{kdb5\_ldap\_util}} and populate it -from the dump file using \sphinxcode{\sphinxupquote{kdb5\_util load \sphinxhyphen{}update}}. Then restart the -{\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} and {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} services. - - -\section{Berkeley database module (db2)} -\label{\detokenize{admin/dbtypes:berkeley-database-module-db2}} -\sphinxAtStartPar -The default KDB module is \sphinxcode{\sphinxupquote{db2}}, which uses a version of the -Berkeley DB library. It creates four files based on the database -pathname. If the pathname ends with \sphinxcode{\sphinxupquote{principal}} then the four files -are: -\begin{itemize} -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{principal}}, containing principal entry data - -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{principal.ok}}, a lock file for the principal database - -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{principal.kadm5}}, containing policy object data - -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{principal.kadm5.lock}}, a lock file for the policy database - -\end{itemize} - -\sphinxAtStartPar -For large databases, the {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} \sphinxstylestrong{dump} command (perhaps -invoked by {\hyperref[\detokenize{admin/admin_commands/kprop:kprop-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop}}}} or by {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} for incremental -propagation) may cause {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} to stop for a noticeable -period of time while it iterates over the database. This delay can be -avoided by disabling account lockout features so that the KDC does not -perform database writes (see {\hyperref[\detokenize{admin/lockout:disable-lockout}]{\sphinxcrossref{\DUrole{std,std-ref}{KDC performance and account lockout}}}}). Alternatively, -a slower form of iteration can be enabled by setting the -\sphinxstylestrong{unlockiter} variable to \sphinxcode{\sphinxupquote{true}}. For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{dbmodules}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{db\PYGZus{}library} \PYG{o}{=} \PYG{n}{db2} - \PYG{n}{unlockiter} \PYG{o}{=} \PYG{n}{true} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -In rare cases, a power failure or other unclean system shutdown may -cause inconsistencies in the internal pointers within a database file, -such that \sphinxcode{\sphinxupquote{kdb5\_util dump}} cannot retrieve all principal entries in -the database. In this situation, it may be possible to retrieve all -of the principal data by running \sphinxcode{\sphinxupquote{kdb5\_util dump \sphinxhyphen{}recurse}} to -iterate over the database using the tree pointers instead of the -iteration pointers. Running \sphinxcode{\sphinxupquote{kdb5\_util dump \sphinxhyphen{}rev}} to iterate over -the database backwards may also retrieve some of the data which is not -retrieved by a normal dump operation. - - -\section{Lightning Memory\sphinxhyphen{}Mapped Database module (klmdb)} -\label{\detokenize{admin/dbtypes:lightning-memory-mapped-database-module-klmdb}} -\sphinxAtStartPar -The klmdb module was added in release 1.17. It uses the LMDB library, -and may offer better performance and reliability than the db2 module. -It creates four files based on the database pathname. If the pathname -ends with \sphinxcode{\sphinxupquote{principal}}, then the four files are: -\begin{itemize} -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{principal.mdb}}, containing policy object data and most principal -entry data - -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{principal.mdb\sphinxhyphen{}lock}}, a lock file for the primary database - -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{principal.lockout.mdb}}, containing the account lockout attributes -(last successful authentication time, last failed authentication -time, and number of failed attempts) for each principal entry - -\item {} -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{principal.lockout.mdb\sphinxhyphen{}lock}}, a lock file for the lockout database - -\end{itemize} - -\sphinxAtStartPar -Separating out the lockout attributes ensures that the KDC will never -block on an administrative operation such as a database dump or load. -It also allows the KDC to operate without write access to the primary -database. If both account lockout features are disabled (see -{\hyperref[\detokenize{admin/lockout:disable-lockout}]{\sphinxcrossref{\DUrole{std,std-ref}{KDC performance and account lockout}}}}), the lockout database files will be created -but will not subsequently be opened, and the account lockout -attributes will always have zero values. - -\sphinxAtStartPar -Because LMDB creates a memory map to the database files, it requires a -configured memory map size which also determines the maximum size of -the database. This size is applied equally to the two databases, so -twice the configured size will be consumed in the process address -space; this is primarily a limitation on 32\sphinxhyphen{}bit platforms. The -default value of 128 megabytes should be sufficient for several -hundred thousand principal entries. If the limit is reached, kadmin -operations will fail and the error message “Environment mapsize limit -reached†will appear in the kadmind log file. In this case, the -\sphinxstylestrong{mapsize} variable can be used to increase the map size. The -following example sets the map size to 512 megabytes: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{dbmodules}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{db\PYGZus{}library} \PYG{o}{=} \PYG{n}{klmdb} - \PYG{n}{mapsize} \PYG{o}{=} \PYG{l+m+mi}{512} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -LMDB has a configurable maximum number of readers. The default value -of 128 should be sufficient for most deployments. If you are going to -use a large number of KDC worker processes, it may be necessary to set -the \sphinxstylestrong{max\_readers} variable to a larger number. - -\sphinxAtStartPar -By default, LMDB synchronizes database files to disk after each write -transaction to ensure durability in the case of an unclean system -shutdown. The klmdb module always turns synchronization off for the -lockout database to ensure reasonable KDC performance, but leaves it -on for the primary database. If high throughput for administrative -operations (including password changes) is required, the \sphinxstylestrong{nosync} -variable can be set to “true†to disable synchronization for the -primary database. - -\sphinxAtStartPar -The klmdb module does not support explicit locking with the -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} \sphinxstylestrong{lock} command. - - -\section{LDAP module (kldap)} -\label{\detokenize{admin/dbtypes:ldap-module-kldap}} -\sphinxAtStartPar -The kldap module stores principal and policy data using an LDAP -server. To use it you must configure an LDAP server to use the -Kerberos schema. See {\hyperref[\detokenize{admin/conf_ldap:conf-ldap}]{\sphinxcrossref{\DUrole{std,std-ref}{Configuring Kerberos with OpenLDAP back\sphinxhyphen{}end}}}} for details. - -\sphinxAtStartPar -Because {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} is single\sphinxhyphen{}threaded, latency in LDAP database -accesses may limit KDC operation throughput. If the LDAP server is -located on the same server host as the KDC and accessed through an -\sphinxcode{\sphinxupquote{ldapi://}} URL, latency should be minimal. If this is not possible, -consider starting multiple KDC worker processes with the -{\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} \sphinxstylestrong{\sphinxhyphen{}w} option to enable concurrent processing of KDC -requests. - -\sphinxAtStartPar -The kldap module does not support explicit locking with the -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} \sphinxstylestrong{lock} command. - - -\chapter{Account lockout} -\label{\detokenize{admin/lockout:account-lockout}}\label{\detokenize{admin/lockout:lockout}}\label{\detokenize{admin/lockout::doc}} -\sphinxAtStartPar -As of release 1.8, the KDC can be configured to lock out principals -after a number of failed authentication attempts within a period of -time. Account lockout can make it more difficult to attack a -principal’s password by brute force, but also makes it easy for an -attacker to deny access to a principal. - - -\section{Configuring account lockout} -\label{\detokenize{admin/lockout:configuring-account-lockout}} -\sphinxAtStartPar -Account lockout only works for principals with the -\sphinxstylestrong{+requires\_preauth} flag set. Without this flag, the KDC cannot -know whether or not a client successfully decrypted the ticket it -issued. It is also important to set the \sphinxstylestrong{\sphinxhyphen{}allow\_svr} flag on a -principal to protect its password from an off\sphinxhyphen{}line dictionary attack -through a TGS request. You can set these flags on a principal with -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} as follows: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{modprinc} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth} \PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}svr} \PYG{n}{PRINCNAME} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Account lockout parameters are configured via {\hyperref[\detokenize{admin/database:policies}]{\sphinxcrossref{\DUrole{std,std-ref}{policy objects}}}}. There may be an existing policy associated with user -principals (such as the “default†policy), or you may need to create a -new one and associate it with each user principal. - -\sphinxAtStartPar -The policy parameters related to account lockout are: -\begin{itemize} -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:policy-maxfailure}]{\sphinxcrossref{\DUrole{std,std-ref}{maxfailure}}}}: the number of failed attempts -before the principal is locked out - -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:policy-failurecountinterval}]{\sphinxcrossref{\DUrole{std,std-ref}{failurecountinterval}}}}: the -allowable interval between failed attempts - -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:policy-lockoutduration}]{\sphinxcrossref{\DUrole{std,std-ref}{lockoutduration}}}}: the amount of time -a principal is locked out for - -\end{itemize} - -\sphinxAtStartPar -Here is an example of setting these parameters on a new policy and -associating it with a principal: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addpol} \PYG{o}{\PYGZhy{}}\PYG{n}{maxfailure} \PYG{l+m+mi}{10} \PYG{o}{\PYGZhy{}}\PYG{n}{failurecountinterval} \PYG{l+m+mi}{180} - \PYG{o}{\PYGZhy{}}\PYG{n}{lockoutduration} \PYG{l+m+mi}{60} \PYG{n}{lockout\PYGZus{}policy} -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{modprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{policy} \PYG{n}{lockout\PYGZus{}policy} \PYG{n}{PRINCNAME} -\end{sphinxVerbatim} - - -\section{Testing account lockout} -\label{\detokenize{admin/lockout:testing-account-lockout}} -\sphinxAtStartPar -To test that account lockout is working, try authenticating as the -principal (hopefully not one that might be in use) multiple times with -the wrong password. For instance, if \sphinxstylestrong{maxfailure} is set to 2, you -might see: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kinit user -Password for user@KRBTEST.COM: -kinit: Password incorrect while getting initial credentials -\PYGZdl{} kinit user -Password for user@KRBTEST.COM: -kinit: Password incorrect while getting initial credentials -\PYGZdl{} kinit user -kinit: Client\PYGZsq{}s credentials have been revoked while getting initial credentials -\end{sphinxVerbatim} - - -\section{Account lockout principal state} -\label{\detokenize{admin/lockout:account-lockout-principal-state}} -\sphinxAtStartPar -A principal entry keeps three pieces of state related to account -lockout: -\begin{itemize} -\item {} -\sphinxAtStartPar -The time of last successful authentication - -\item {} -\sphinxAtStartPar -The time of last failed authentication - -\item {} -\sphinxAtStartPar -A counter of failed attempts - -\end{itemize} - -\sphinxAtStartPar -The time of last successful authentication is not actually needed for -the account lockout system to function, but may be of administrative -interest. These fields can be observed with the \sphinxstylestrong{getprinc} kadmin -command. For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{getprinc} \PYG{n}{user} -\PYG{n}{Principal}\PYG{p}{:} \PYG{n}{user}\PYG{n+nd}{@KRBTEST}\PYG{o}{.}\PYG{n}{COM} -\PYG{o}{.}\PYG{o}{.}\PYG{o}{.} -\PYG{n}{Last} \PYG{n}{successful} \PYG{n}{authentication}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]} -\PYG{n}{Last} \PYG{n}{failed} \PYG{n}{authentication}\PYG{p}{:} \PYG{n}{Mon} \PYG{n}{Dec} \PYG{l+m+mi}{03} \PYG{l+m+mi}{12}\PYG{p}{:}\PYG{l+m+mi}{30}\PYG{p}{:}\PYG{l+m+mi}{33} \PYG{n}{EST} \PYG{l+m+mi}{2012} -\PYG{n}{Failed} \PYG{n}{password} \PYG{n}{attempts}\PYG{p}{:} \PYG{l+m+mi}{2} -\PYG{o}{.}\PYG{o}{.}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -A principal which has been locked out can be administratively unlocked -with the \sphinxstylestrong{\sphinxhyphen{}unlock} option to the \sphinxstylestrong{modprinc} kadmin command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{modprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{unlock} \PYG{n}{PRINCNAME} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This command will reset the number of failed attempts to 0. - - -\section{KDC replication and account lockout} -\label{\detokenize{admin/lockout:kdc-replication-and-account-lockout}} -\sphinxAtStartPar -The account lockout state of a principal is not replicated by either -traditional {\hyperref[\detokenize{admin/admin_commands/kprop:kprop-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop}}}} or incremental propagation. Because of -this, the number of attempts an attacker can make within a time period -is multiplied by the number of KDCs. For instance, if the -\sphinxstylestrong{maxfailure} parameter on a policy is 10 and there are four KDCs in -the environment (a primary and three replicas), an attacker could make -as many as 40 attempts before the principal is locked out on all four -KDCs. - -\sphinxAtStartPar -An administrative unlock is propagated from the primary to the replica -KDCs during the next propagation. Propagation of an administrative -unlock will cause the counter of failed attempts on each replica to -reset to 1 on the next failure. - -\sphinxAtStartPar -If a KDC environment uses a replication strategy other than kprop or -incremental propagation, such as the LDAP KDB module with multi\sphinxhyphen{}master -LDAP replication, then account lockout state may be replicated between -KDCs and the concerns of this section may not apply. - - -\section{KDC performance and account lockout} -\label{\detokenize{admin/lockout:kdc-performance-and-account-lockout}}\label{\detokenize{admin/lockout:disable-lockout}} -\sphinxAtStartPar -In order to fully track account lockout state, the KDC must write to -the the database on each successful and failed authentication. -Writing to the database is generally more expensive than reading from -it, so these writes may have a significant impact on KDC performance. -As of release 1.9, it is possible to turn off account lockout state -tracking in order to improve performance, by setting the -\sphinxstylestrong{disable\_last\_success} and \sphinxstylestrong{disable\_lockout} variables in the -database module subsection of {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{dbmodules}\PYG{p}{]} - \PYG{n}{DB} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{disable\PYGZus{}last\PYGZus{}success} \PYG{o}{=} \PYG{n}{true} - \PYG{n}{disable\PYGZus{}lockout} \PYG{o}{=} \PYG{n}{true} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Of the two variables, setting \sphinxstylestrong{disable\_last\_success} will usually -have the largest positive impact on performance, and will still allow -account lockout policies to operate. However, it will make it -impossible to observe the last successful authentication time with -kadmin. - - -\section{KDC setup and account lockout} -\label{\detokenize{admin/lockout:kdc-setup-and-account-lockout}} -\sphinxAtStartPar -To update the account lockout state on principals, the KDC must be -able to write to the principal database. For the DB2 module, no -special setup is required. For the LDAP module, the KDC DN must be -granted write access to the principal objects. If the KDC DN has only -read access, account lockout will not function. - - -\chapter{Configuring Kerberos with OpenLDAP back\sphinxhyphen{}end} -\label{\detokenize{admin/conf_ldap:configuring-kerberos-with-openldap-back-end}}\label{\detokenize{admin/conf_ldap:conf-ldap}}\label{\detokenize{admin/conf_ldap::doc}}\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -Make sure the LDAP server is using local authentication -(\sphinxcode{\sphinxupquote{ldapi://}}) or TLS (\sphinxcode{\sphinxupquote{ldaps}}). See -\sphinxurl{https://www.openldap.org/doc/admin/tls.html} for instructions on -configuring TLS support in OpenLDAP. - -\item {} -\sphinxAtStartPar -Add the Kerberos schema file to the LDAP Server using the OpenLDAP -LDIF file from the krb5 source directory -(\sphinxcode{\sphinxupquote{src/plugins/kdb/ldap/libkdb\_ldap/kerberos.openldap.ldif}}). -The following example uses local authentication: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{ldapadd} \PYG{o}{\PYGZhy{}}\PYG{n}{Y} \PYG{n}{EXTERNAL} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldapi}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{o}{/} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{path}\PYG{o}{/}\PYG{n}{to}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{.}\PYG{n}{openldap}\PYG{o}{.}\PYG{n}{ldif} -\end{sphinxVerbatim} - -\item {} -\sphinxAtStartPar -Choose DNs for the {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} and {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} servers -to bind to the LDAP server, and create them if necessary. Specify -these DNs with the \sphinxstylestrong{ldap\_kdc\_dn} and \sphinxstylestrong{ldap\_kadmind\_dn} -directives in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. The kadmind DN will also be -used for administrative commands such as {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}}. - -\sphinxAtStartPar -Alternatively, you may configure krb5kdc and kadmind to use SASL -authentication to access the LDAP server; see the {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbmodules}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbmodules{]}}}}} -relations \sphinxstylestrong{ldap\_kdc\_sasl\_mech} and similar. - -\item {} -\sphinxAtStartPar -Specify a location for the LDAP service password file by setting -\sphinxstylestrong{ldap\_service\_password\_file}. Use \sphinxcode{\sphinxupquote{kdb5\_ldap\_util stashsrvpw}} -to stash passwords for the KDC and kadmind DNs chosen above. For -example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{n}{stashsrvpw} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{path}\PYG{o}{/}\PYG{n}{to}\PYG{o}{/}\PYG{n}{service}\PYG{o}{.}\PYG{n}{keyfile} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{krbadmin}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{example}\PYG{p}{,}\PYG{n}{dc}\PYG{o}{=}\PYG{n}{com} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Skip this step if you are using SASL authentication and the -mechanism does not require a password. - -\item {} -\sphinxAtStartPar -Choose a DN for the global Kerberos container entry (but do not -create the entry at this time). Specify this DN with the -\sphinxstylestrong{ldap\_kerberos\_container\_dn} directive in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. -Realm container entries will be created underneath this DN. -Principal entries may exist either underneath the realm container -(the default) or in separate trees referenced from the realm -container. - -\item {} -\sphinxAtStartPar -Configure the LDAP server ACLs to enable the KDC and kadmin server -DNs to read and write the Kerberos data. If -\sphinxstylestrong{disable\_last\_success} and \sphinxstylestrong{disable\_lockout} are both set to -true in the {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbmodules}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbmodules{]}}}}} subsection for the realm, then the -KDC DN only requires read access to the Kerberos data. - -\sphinxAtStartPar -Sample access control information: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{access} \PYG{n}{to} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{base}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}} - \PYG{n}{by} \PYG{o}{*} \PYG{n}{read} - -\PYG{n}{access} \PYG{n}{to} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{base}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=Subschema}\PYG{l+s+s2}{\PYGZdq{}} - \PYG{n}{by} \PYG{o}{*} \PYG{n}{read} - -\PYG{c+c1}{\PYGZsh{} Provide access to the realm container.} -\PYG{n}{access} \PYG{n}{to} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{subtree}\PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=EXAMPLE.COM,cn=krbcontainer,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}} - \PYG{n}{by} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{exact}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=kdc\PYGZhy{}service,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{write} - \PYG{n}{by} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{exact}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=adm\PYGZhy{}service,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{write} - \PYG{n}{by} \PYG{o}{*} \PYG{n}{none} - -\PYG{c+c1}{\PYGZsh{} Provide access to principals, if not underneath the realm container.} -\PYG{n}{access} \PYG{n}{to} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{subtree}\PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{ou=users,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}} - \PYG{n}{by} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{exact}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=kdc\PYGZhy{}service,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{write} - \PYG{n}{by} \PYG{n}{dn}\PYG{o}{.}\PYG{n}{exact}\PYG{o}{=}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=adm\PYGZhy{}service,dc=example,dc=com}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{write} - \PYG{n}{by} \PYG{o}{*} \PYG{n}{none} - -\PYG{n}{access} \PYG{n}{to} \PYG{o}{*} - \PYG{n}{by} \PYG{o}{*} \PYG{n}{read} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the locations of the container and principals or the DNs of the -service objects for a realm are changed then this information -should be updated. - -\item {} -\sphinxAtStartPar -In {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}, make sure the following relations are set -in the {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbmodules}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbmodules{]}}}}} subsection for the realm: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -db\PYGZus{}library (set to ``kldap``) -ldap\PYGZus{}kerberos\PYGZus{}container\PYGZus{}dn -ldap\PYGZus{}kdc\PYGZus{}dn -ldap\PYGZus{}kadmind\PYGZus{}dn -ldap\PYGZus{}service\PYGZus{}password\PYGZus{}file -ldap\PYGZus{}servers -\end{sphinxVerbatim} - -\item {} -\sphinxAtStartPar -Create the realm using {\hyperref[\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_ldap\_util}}}}: -\begin{quote} - -\sphinxAtStartPar -kdb5\_ldap\_util create \sphinxhyphen{}subtrees ou=users,dc=example,dc=com \sphinxhyphen{}s -\end{quote} - -\sphinxAtStartPar -Use the \sphinxstylestrong{\sphinxhyphen{}subtrees} option if the principals are to exist in a -separate subtree from the realm container. Before executing the -command, make sure that the subtree mentioned above -\sphinxcode{\sphinxupquote{(ou=users,dc=example,dc=com)}} exists. If the principals will -exist underneath the realm container, omit the \sphinxstylestrong{\sphinxhyphen{}subtrees} option -and do not worry about creating the principal subtree. - -\sphinxAtStartPar -For more information, refer to the section {\hyperref[\detokenize{admin/database:ops-on-ldap}]{\sphinxcrossref{\DUrole{std,std-ref}{Operations on the LDAP database}}}}. - -\sphinxAtStartPar -The realm object is created under the -\sphinxstylestrong{ldap\_kerberos\_container\_dn} specified in the configuration -file. This operation will also create the Kerberos container, if -not present already. This container can be used to store -information related to multiple realms. - -\item {} -\sphinxAtStartPar -Add an \sphinxcode{\sphinxupquote{eq}} index for \sphinxcode{\sphinxupquote{krbPrincipalName}} to speed up principal -lookup operations. See -\sphinxurl{https://www.openldap.org/doc/admin/tuning.html\#Indexes} for -details. - -\end{enumerate} - -\sphinxAtStartPar -With the LDAP back end it is possible to provide aliases for principal -entries. Currently we provide no administrative utilities for -creating aliases, so it must be done by direct manipulation of the -LDAP entries. - -\sphinxAtStartPar -An entry with aliases contains multiple values of the -\sphinxstyleemphasis{krbPrincipalName} attribute. Since LDAP attribute values are not -ordered, it is necessary to specify which principal name is canonical, -by using the \sphinxstyleemphasis{krbCanonicalName} attribute. Therefore, to create -aliases for an entry, first set the \sphinxstyleemphasis{krbCanonicalName} attribute of -the entry to the canonical principal name (which should be identical -to the pre\sphinxhyphen{}existing \sphinxstyleemphasis{krbPrincipalName} value), and then add additional -\sphinxstyleemphasis{krbPrincipalName} attributes for the aliases. - -\sphinxAtStartPar -Principal aliases are only returned by the KDC when the client -requests canonicalization. Canonicalization is normally requested for -service principals; for client principals, an explicit flag is often -required (e.g., \sphinxcode{\sphinxupquote{kinit \sphinxhyphen{}C}}) and canonicalization is only performed -for initial ticket requests. - - -\chapter{Application servers} -\label{\detokenize{admin/appl_servers:application-servers}}\label{\detokenize{admin/appl_servers::doc}} -\sphinxAtStartPar -If you need to install the Kerberos V5 programs on an application -server, please refer to the Kerberos V5 Installation Guide. Once you -have installed the software, you need to add that host to the Kerberos -database (see {\hyperref[\detokenize{admin/database:principals}]{\sphinxcrossref{\DUrole{std,std-ref}{Principals}}}}), and generate a keytab for that host, -that contains the host’s key. You also need to make sure the host’s -clock is within your maximum clock skew of the KDCs. - - -\section{Keytabs} -\label{\detokenize{admin/appl_servers:keytabs}} -\sphinxAtStartPar -A keytab is a host’s copy of its own keylist, which is analogous to a -user’s password. An application server that needs to authenticate -itself to the KDC has to have a keytab that contains its own principal -and key. Just as it is important for users to protect their -passwords, it is equally important for hosts to protect their keytabs. -You should always store keytab files on local disk, and make them -readable only by root, and you should never send a keytab file over a -network in the clear. Ideally, you should run the {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} -command to extract a keytab on the host on which the keytab is to -reside. - - -\subsection{Adding principals to keytabs} -\label{\detokenize{admin/appl_servers:adding-principals-to-keytabs}}\label{\detokenize{admin/appl_servers:add-princ-kt}} -\sphinxAtStartPar -To generate a keytab, or to add a principal to an existing keytab, use -the \sphinxstylestrong{ktadd} command from kadmin. Here is a sample session, using -configuration files that enable only AES encryption: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{ktadd} \PYG{n}{host}\PYG{o}{/}\PYG{n}{daffodil}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{daffodil}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{daffodil}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab} -\end{sphinxVerbatim} - - -\subsection{Removing principals from keytabs} -\label{\detokenize{admin/appl_servers:removing-principals-from-keytabs}} -\sphinxAtStartPar -To remove a principal from an existing keytab, use the kadmin -\sphinxstylestrong{ktremove} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{ktremove} \PYG{n}{host}\PYG{o}{/}\PYG{n}{daffodil}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{daffodil}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2} \PYG{n}{removed} \PYG{k+kn}{from} \PYG{n+nn}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{daffodil}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2} \PYG{n}{removed} \PYG{k+kn}{from} \PYG{n+nn}{keytab} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\end{sphinxVerbatim} - - -\subsection{Using a keytab to acquire client credentials} -\label{\detokenize{admin/appl_servers:using-a-keytab-to-acquire-client-credentials}} -\sphinxAtStartPar -While keytabs are ordinarily used to accept credentials from clients, -they can also be used to acquire initial credentials, allowing one -service to authenticate to another. - -\sphinxAtStartPar -To manually obtain credentials using a keytab, use the \DUrole{xref,std,std-ref}{kinit(1)} -\sphinxstylestrong{\sphinxhyphen{}k} option, together with the \sphinxstylestrong{\sphinxhyphen{}t} option if the keytab is not in -the default location. - -\sphinxAtStartPar -Beginning with release 1.11, GSSAPI applications can be configured to -automatically obtain initial credentials from a keytab as needed. The -recommended configuration is as follows: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -Create a keytab containing a single entry for the desired client -identity. - -\item {} -\sphinxAtStartPar -Place the keytab in a location readable by the service, and set the -\sphinxstylestrong{KRB5\_CLIENT\_KTNAME} environment variable to its filename. -Alternatively, use the \sphinxstylestrong{default\_client\_keytab\_name} profile -variable in {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}}, or use the default location of -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFCKTNAME}}}}. - -\item {} -\sphinxAtStartPar -Set \sphinxstylestrong{KRB5CCNAME} to a filename writable by the service, which -will not be used for any other purpose. Do not manually obtain -credentials at this location. (Another credential cache type -besides \sphinxstylestrong{FILE} can be used if desired, as long the cache will not -conflict with another use. A \sphinxstylestrong{MEMORY} cache can be used if the -service runs as a long\sphinxhyphen{}lived process. See \DUrole{xref,std,std-ref}{ccache\_definition} -for details.) - -\item {} -\sphinxAtStartPar -Start the service. When it authenticates using GSSAPI, it will -automatically obtain credentials from the client keytab into the -specified credential cache, and refresh them before they expire. - -\end{enumerate} - - -\section{Clock Skew} -\label{\detokenize{admin/appl_servers:clock-skew}} -\sphinxAtStartPar -A Kerberos application server host must keep its clock synchronized or -it will reject authentication requests from clients. Modern operating -systems typically provide a facility to maintain the correct time; -make sure it is enabled. This is especially important on virtual -machines, where clocks tend to drift more rapidly than normal machine -clocks. - -\sphinxAtStartPar -The default allowable clock skew is controlled by the \sphinxstylestrong{clockskew} -variable in {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}}. - - -\section{Getting DNS information correct} -\label{\detokenize{admin/appl_servers:getting-dns-information-correct}} -\sphinxAtStartPar -Several aspects of Kerberos rely on name service. When a hostname is -used to name a service, clients may canonicalize the hostname using -forward and possibly reverse name resolution. The result of this -canonicalization must match the principal entry in the host’s keytab, -or authentication will fail. To work with all client canonicalization -configurations, each host’s canonical name must be the fully\sphinxhyphen{}qualified -host name (including the domain), and each host’s IP address must -reverse\sphinxhyphen{}resolve to the canonical name. - -\sphinxAtStartPar -Configuration of hostnames varies by operating system. On the -application server itself, canonicalization will typically use the -\sphinxcode{\sphinxupquote{/etc/hosts}} file rather than the DNS. Ensure that the line for the -server’s hostname is in the following form: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{IP} \PYG{n}{address} \PYG{n}{fully}\PYG{o}{\PYGZhy{}}\PYG{n}{qualified} \PYG{n}{hostname} \PYG{n}{aliases} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Here is a sample \sphinxcode{\sphinxupquote{/etc/hosts}} file: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{c+c1}{\PYGZsh{} this is a comment} -\PYG{l+m+mf}{127.0}\PYG{l+m+mf}{.0}\PYG{l+m+mf}{.1} \PYG{n}{localhost} \PYG{n}{localhost}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} -\PYG{l+m+mf}{10.0}\PYG{l+m+mf}{.0}\PYG{l+m+mf}{.6} \PYG{n}{daffodil}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{daffodil} \PYG{n}{trillium} \PYG{n}{wake}\PYG{o}{\PYGZhy{}}\PYG{n}{robin} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The output of \sphinxcode{\sphinxupquote{klist \sphinxhyphen{}k}} for this example host should look like: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{viola}\PYG{c+c1}{\PYGZsh{} klist \PYGZhy{}k} -\PYG{n}{Keytab} \PYG{n}{name}\PYG{p}{:} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab} -\PYG{n}{KVNO} \PYG{n}{Principal} -\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}} - \PYG{l+m+mi}{2} \PYG{n}{host}\PYG{o}{/}\PYG{n}{daffodil}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If you were to ssh to this host with a fresh credentials cache (ticket -file), and then \DUrole{xref,std,std-ref}{klist(1)}, the output should list a service -principal of \sphinxcode{\sphinxupquote{host/daffodil.mit.edu@ATHENA.MIT.EDU}}. - - -\section{Configuring your firewall to work with Kerberos V5} -\label{\detokenize{admin/appl_servers:configuring-your-firewall-to-work-with-kerberos-v5}}\label{\detokenize{admin/appl_servers:conf-firewall}} -\sphinxAtStartPar -If you need off\sphinxhyphen{}site users to be able to get Kerberos tickets in your -realm, they must be able to get to your KDC. This requires either -that you have a replica KDC outside your firewall, or that you -configure your firewall to allow UDP requests into at least one of -your KDCs, on whichever port the KDC is running. (The default is port -88; other ports may be specified in the KDC’s {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} -file.) Similarly, if you need off\sphinxhyphen{}site users to be able to change -their passwords in your realm, they must be able to get to your -Kerberos admin server on the kpasswd port (which defaults to 464). If -you need off\sphinxhyphen{}site users to be able to administer your Kerberos realm, -they must be able to get to your Kerberos admin server on the -administrative port (which defaults to 749). - -\sphinxAtStartPar -If your on\sphinxhyphen{}site users inside your firewall will need to get to KDCs in -other realms, you will also need to configure your firewall to allow -outgoing TCP and UDP requests to port 88, and to port 464 to allow -password changes. If your on\sphinxhyphen{}site users inside your firewall will -need to get to Kerberos admin servers in other realms, you will also -need to allow outgoing TCP and UDP requests to port 749. - -\sphinxAtStartPar -If any of your KDCs are outside your firewall, you will need to allow -kprop requests to get through to the remote KDC. {\hyperref[\detokenize{admin/admin_commands/kprop:kprop-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop}}}} uses -the \sphinxcode{\sphinxupquote{krb5\_prop}} service on port 754 (tcp). - -\sphinxAtStartPar -The book \sphinxstyleemphasis{UNIX System Security}, by David Curry, is a good starting -point for learning to configure firewalls. - - -\chapter{Host configuration} -\label{\detokenize{admin/host_config:host-configuration}}\label{\detokenize{admin/host_config::doc}} -\sphinxAtStartPar -All hosts running Kerberos software, whether they are clients, -application servers, or KDCs, can be configured using -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. Here we describe some of the behavior changes -you might want to make. - - -\section{Default realm} -\label{\detokenize{admin/host_config:default-realm}} -\sphinxAtStartPar -In the {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}} section, the \sphinxstylestrong{default\_realm} realm -relation sets the default Kerberos realm. For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{libdefaults}\PYG{p}{]} - \PYG{n}{default\PYGZus{}realm} \PYG{o}{=} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The default realm affects Kerberos behavior in the following ways: -\begin{itemize} -\item {} -\sphinxAtStartPar -When a principal name is parsed from text, the default realm is used -if no \sphinxcode{\sphinxupquote{@REALM}} component is specified. - -\item {} -\sphinxAtStartPar -The default realm affects login authorization as described below. - -\item {} -\sphinxAtStartPar -For programs which operate on a Kerberos database, the default realm -is used to determine which database to operate on, unless the \sphinxstylestrong{\sphinxhyphen{}r} -parameter is given to specify a realm. - -\item {} -\sphinxAtStartPar -A server program may use the default realm when looking up its key -in a {\hyperref[\detokenize{admin/install_appl_srv:keytab-file}]{\sphinxcrossref{\DUrole{std,std-ref}{keytab file}}}}, if its realm is not -determined by {\hyperref[\detokenize{admin/conf_files/krb5_conf:domain-realm}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}domain\_realm{]}}}}} configuration or by the server -program itself. - -\item {} -\sphinxAtStartPar -If \DUrole{xref,std,std-ref}{kinit(1)} is passed the \sphinxstylestrong{\sphinxhyphen{}n} flag, it requests anonymous -tickets from the default realm. - -\end{itemize} - -\sphinxAtStartPar -In some situations, these uses of the default realm might conflict. -For example, it might be desirable for principal name parsing to use -one realm by default, but for login authorization to use a second -realm. In this situation, the first realm can be configured as the -default realm, and \sphinxstylestrong{auth\_to\_local} relations can be used as -described below to use the second realm for login authorization. - - -\section{Login authorization} -\label{\detokenize{admin/host_config:login-authorization}}\label{\detokenize{admin/host_config:id1}} -\sphinxAtStartPar -If a host runs a Kerberos\sphinxhyphen{}enabled login service such as OpenSSH with -GSSAPIAuthentication enabled, login authorization rules determine -whether a Kerberos principal is allowed to access a local account. - -\sphinxAtStartPar -By default, a Kerberos principal is allowed access to an account if -its realm matches the default realm and its name matches the account -name. (For historical reasons, access is also granted by default if -the name has two components and the second component matches the -default realm; for instance, \sphinxcode{\sphinxupquote{alice/ATHENA.MIT.EDU@ATHENA.MIT.EDU}} -is granted access to the \sphinxcode{\sphinxupquote{alice}} account if \sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}} is -the default realm.) - -\sphinxAtStartPar -The simplest way to control local access is using \DUrole{xref,std,std-ref}{.k5login(5)} -files. To use these, place a \sphinxcode{\sphinxupquote{.k5login}} file in the home directory -of each account listing the principal names which should have login -access to that account. If it is not desirable to use \sphinxcode{\sphinxupquote{.k5login}} -files located in account home directories, the \sphinxstylestrong{k5login\_directory} -relation in the {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}} section can specify a directory -containing one file per account uname. - -\sphinxAtStartPar -By default, if a \sphinxcode{\sphinxupquote{.k5login}} file is present, it controls -authorization both positively and negatively\textendash{}any principal name -contained in the file is granted access and any other principal name -is denied access, even if it would have had access if the \sphinxcode{\sphinxupquote{.k5login}} -file didn’t exist. The \sphinxstylestrong{k5login\_authoritative} relation in the -{\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}} section can be set to false to make \sphinxcode{\sphinxupquote{.k5login}} -files provide positive authorization only. - -\sphinxAtStartPar -The \sphinxstylestrong{auth\_to\_local} relation in the {\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} section for the -default realm can specify pattern\sphinxhyphen{}matching rules to control login -authorization. For example, the following configuration allows access -to principals from a different realm than the default realm: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -[realms] - DEFAULT.REALM = \PYGZob{} - \PYGZsh{} Allow access to principals from OTHER.REALM. - \PYGZsh{} - \PYGZsh{} [1:\PYGZdl{}1@\PYGZdl{}0] matches single\PYGZhy{}component principal names and creates - \PYGZsh{} a selection string containing the principal name and realm. - \PYGZsh{} - \PYGZsh{} (.*@OTHER\PYGZbs{}.REALM) matches against the selection string, so that - \PYGZsh{} only principals in OTHER.REALM are matched. - \PYGZsh{} - \PYGZsh{} s/@OTHER\PYGZbs{}.REALM\PYGZdl{}// removes the realm name, leaving behind the - \PYGZsh{} principal name as the account name. - auth\PYGZus{}to\PYGZus{}local = RULE:[1:\PYGZdl{}1@\PYGZdl{}0](.*@OTHER\PYGZbs{}.REALM)s/@OTHER\PYGZbs{}.REALM\PYGZdl{}// - - \PYGZsh{} Also allow principals from the default realm. Omit this line - \PYGZsh{} to only allow access to principals in OTHER.REALM. - auth\PYGZus{}to\PYGZus{}local = DEFAULT - \PYGZcb{} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The \sphinxstylestrong{auth\_to\_local\_names} subsection of the {\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} section -for the default realm can specify explicit mappings from principal -names to local accounts. The key used in this subsection is the -principal name without realm, so it is only safe to use in a Kerberos -environment with a single realm or a tightly controlled set of realms. -An example use of \sphinxstylestrong{auth\_to\_local\_names} might be: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{auth\PYGZus{}to\PYGZus{}local\PYGZus{}names} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{c+c1}{\PYGZsh{} Careful, these match principals in any realm!} - \PYG{n}{host}\PYG{o}{/}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com} \PYG{o}{=} \PYG{n}{hostaccount} - \PYG{n}{fred} \PYG{o}{=} \PYG{n}{localfred} - \PYG{p}{\PYGZcb{}} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Local authorization behavior can also be modified using plugin -modules; see \DUrole{xref,std,std-ref}{hostrealm\_plugin} for details. - - -\section{Plugin module configuration} -\label{\detokenize{admin/host_config:plugin-module-configuration}}\label{\detokenize{admin/host_config:plugin-config}} -\sphinxAtStartPar -Many aspects of Kerberos behavior, such as client preauthentication -and KDC service location, can be modified through the use of plugin -modules. For most of these behaviors, you can use the {\hyperref[\detokenize{admin/conf_files/krb5_conf:plugins}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}plugins{]}}}}} -section of krb5.conf to register third\sphinxhyphen{}party modules, and to switch -off registered or built\sphinxhyphen{}in modules. - -\sphinxAtStartPar -A plugin module takes the form of a Unix shared object -(\sphinxcode{\sphinxupquote{modname.so}}) or Windows DLL (\sphinxcode{\sphinxupquote{modname.dll}}). If you have -installed a third\sphinxhyphen{}party plugin module and want to register it, you do -so using the \sphinxstylestrong{module} relation in the appropriate subsection of the -{[}plugins{]} section. The value for \sphinxstylestrong{module} must give the module name -and the path to the module, separated by a colon. The module name -will often be the same as the shared object’s name, but in unusual -cases (such as a shared object which implements multiple modules for -the same interface) it might not be. For example, to register a -client preauthentication module named \sphinxcode{\sphinxupquote{mypreauth}} installed at -\sphinxcode{\sphinxupquote{/path/to/mypreauth.so}}, you could write: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{plugins}\PYG{p}{]} - \PYG{n}{clpreauth} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{module} \PYG{o}{=} \PYG{n}{mypreauth}\PYG{p}{:}\PYG{o}{/}\PYG{n}{path}\PYG{o}{/}\PYG{n}{to}\PYG{o}{/}\PYG{n}{mypreauth}\PYG{o}{.}\PYG{n}{so} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Many of the pluggable behaviors in MIT krb5 contain built\sphinxhyphen{}in modules -which can be switched off. You can disable a built\sphinxhyphen{}in module (or one -you have registered) using the \sphinxstylestrong{disable} directive in the -appropriate subsection of the {[}plugins{]} section. For example, to -disable the use of .k5identity files to select credential caches, you -could write: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{plugins}\PYG{p}{]} - \PYG{n}{ccselect} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{disable} \PYG{o}{=} \PYG{n}{k5identity} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If you want to disable multiple modules, specify the \sphinxstylestrong{disable} -directive multiple times, giving one module to disable each time. - -\sphinxAtStartPar -Alternatively, you can explicitly specify which modules you want to be -enabled for that behavior using the \sphinxstylestrong{enable\_only} directive. For -example, to make {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} check password quality using only a -module you have registered, and no other mechanism, you could write: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{plugins}\PYG{p}{]} - \PYG{n}{pwqual} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{module} \PYG{o}{=} \PYG{n}{mymodule}\PYG{p}{:}\PYG{o}{/}\PYG{n}{path}\PYG{o}{/}\PYG{n}{to}\PYG{o}{/}\PYG{n}{mymodule}\PYG{o}{.}\PYG{n}{so} - \PYG{n}{enable\PYGZus{}only} \PYG{o}{=} \PYG{n}{mymodule} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Again, if you want to specify multiple modules, specify the -\sphinxstylestrong{enable\_only} directive multiple times, giving one module to enable -each time. - -\sphinxAtStartPar -Some Kerberos interfaces use different mechanisms to register plugin -modules. - - -\subsection{KDC location modules} -\label{\detokenize{admin/host_config:kdc-location-modules}} -\sphinxAtStartPar -For historical reasons, modules to control how KDC servers are located -are registered simply by placing the shared object or DLL into the -“libkrb5†subdirectory of the krb5 plugin directory, which defaults to -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LIBDIR}}}}\sphinxcode{\sphinxupquote{/krb5/plugins}}. For example, Samba’s winbind krb5 -locator plugin would be registered by placing its shared object in -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LIBDIR}}}}\sphinxcode{\sphinxupquote{/krb5/plugins/libkrb5/winbind\_krb5\_locator.so}}. - - -\subsection{GSSAPI mechanism modules} -\label{\detokenize{admin/host_config:gssapi-mechanism-modules}}\label{\detokenize{admin/host_config:gssapi-plugin-config}} -\sphinxAtStartPar -GSSAPI mechanism modules are registered using the file -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{SYSCONFDIR}}}}\sphinxcode{\sphinxupquote{/gss/mech}} or configuration files in the -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{SYSCONFDIR}}}}\sphinxcode{\sphinxupquote{/gss/mech.d}} directory with a \sphinxcode{\sphinxupquote{.conf}} -suffix. Each line in these files has the form: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{name} \PYG{n}{oid} \PYG{n}{pathname} \PYG{p}{[}\PYG{n}{options}\PYG{p}{]} \PYG{o}{\PYGZlt{}}\PYG{n+nb}{type}\PYG{o}{\PYGZgt{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Only the name, oid, and pathname are required. \sphinxstyleemphasis{name} is the -mechanism name, which may be used for debugging or logging purposes. -\sphinxstyleemphasis{oid} is the object identifier of the GSSAPI mechanism to be -registered. \sphinxstyleemphasis{pathname} is a path to the module shared object or DLL. -\sphinxstyleemphasis{options} (if present) are options provided to the plugin module, -surrounded in square brackets. \sphinxstyleemphasis{type} (if present) can be used to -indicate a special type of module. Currently the only special module -type is “interposerâ€, for a module designed to intercept calls to -other mechanisms. - -\sphinxAtStartPar -If the environment variable \sphinxstylestrong{GSS\_MECH\_CONFIG} is set, its value is -used as the sole mechanism configuration filename. - - -\subsection{Configuration profile modules} -\label{\detokenize{admin/host_config:configuration-profile-modules}}\label{\detokenize{admin/host_config:profile-plugin-config}} -\sphinxAtStartPar -A configuration profile module replaces the information source for -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} itself. To use a profile module, begin krb5.conf -with the line: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{module} \PYG{n}{PATHNAME}\PYG{p}{:}\PYG{n}{STRING} -\end{sphinxVerbatim} - -\sphinxAtStartPar -where \sphinxstyleemphasis{PATHNAME} is a path to the module shared object or DLL, and -\sphinxstyleemphasis{STRING} is a string to provide to the module. The module will then -take over, and the rest of krb5.conf will be ignored. - - -\chapter{Backups of secure hosts} -\label{\detokenize{admin/backup_host:backups-of-secure-hosts}}\label{\detokenize{admin/backup_host::doc}} -\sphinxAtStartPar -When you back up a secure host, you should exclude the host’s keytab -file from the backup. If someone obtained a copy of the keytab from a -backup, that person could make any host masquerade as the host whose -keytab was compromised. In many configurations, knowledge of the -host’s keytab also allows root access to the host. This could be -particularly dangerous if the compromised keytab was from one of your -KDCs. If the machine has a disk crash and the keytab file is lost, it -is easy to generate another keytab file. (See {\hyperref[\detokenize{admin/appl_servers:add-princ-kt}]{\sphinxcrossref{\DUrole{std,std-ref}{Adding principals to keytabs}}}}.) -If you are unable to exclude particular files from backups, you should -ensure that the backups are kept as secure as the host’s root -password. - - -\section{Backing up the Kerberos database} -\label{\detokenize{admin/backup_host:backing-up-the-kerberos-database}} -\sphinxAtStartPar -As with any file, it is possible that your Kerberos database could -become corrupted. If this happens on one of the replica KDCs, you -might never notice, since the next automatic propagation of the -database would install a fresh copy. However, if it happens to the -primary KDC, the corrupted database would be propagated to all of the -replicas during the next propagation. For this reason, MIT recommends -that you back up your Kerberos database regularly. Because the primary -KDC is continuously dumping the database to a file in order to -propagate it to the replica KDCs, it is a simple matter to have a cron -job periodically copy the dump file to a secure machine elsewhere on -your network. (Of course, it is important to make the host where -these backups are stored as secure as your KDCs, and to encrypt its -transmission across your network.) Then if your database becomes -corrupted, you can load the most recent dump onto the primary KDC. -(See {\hyperref[\detokenize{admin/database:restore-from-dump}]{\sphinxcrossref{\DUrole{std,std-ref}{Dumping and loading a Kerberos database}}}}.) - - -\chapter{PKINIT configuration} -\label{\detokenize{admin/pkinit:pkinit-configuration}}\label{\detokenize{admin/pkinit:pkinit}}\label{\detokenize{admin/pkinit::doc}} -\sphinxAtStartPar -PKINIT is a preauthentication mechanism for Kerberos 5 which uses -X.509 certificates to authenticate the KDC to clients and vice versa. -PKINIT can also be used to enable anonymity support, allowing clients -to communicate securely with the KDC or with application servers -without authenticating as a particular client principal. - - -\section{Creating certificates} -\label{\detokenize{admin/pkinit:creating-certificates}} -\sphinxAtStartPar -PKINIT requires an X.509 certificate for the KDC and one for each -client principal which will authenticate using PKINIT. For anonymous -PKINIT, a KDC certificate is required, but client certificates are -not. A commercially issued server certificate can be used for the KDC -certificate, but generally cannot be used for client certificates. - -\sphinxAtStartPar -The instruction in this section describe how to establish a -certificate authority and create standard PKINIT certificates. Skip -this section if you are using a commercially issued server certificate -as the KDC certificate for anonymous PKINIT, or if you are configuring -a client to use an Active Directory KDC. - - -\subsection{Generating a certificate authority certificate} -\label{\detokenize{admin/pkinit:generating-a-certificate-authority-certificate}} -\sphinxAtStartPar -You can establish a new certificate authority (CA) for use with a -PKINIT deployment with the commands: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{openssl} \PYG{n}{genrsa} \PYG{o}{\PYGZhy{}}\PYG{n}{out} \PYG{n}{cakey}\PYG{o}{.}\PYG{n}{pem} \PYG{l+m+mi}{2048} -\PYG{n}{openssl} \PYG{n}{req} \PYG{o}{\PYGZhy{}}\PYG{n}{key} \PYG{n}{cakey}\PYG{o}{.}\PYG{n}{pem} \PYG{o}{\PYGZhy{}}\PYG{n}{new} \PYG{o}{\PYGZhy{}}\PYG{n}{x509} \PYG{o}{\PYGZhy{}}\PYG{n}{out} \PYG{n}{cacert}\PYG{o}{.}\PYG{n}{pem} \PYG{o}{\PYGZhy{}}\PYG{n}{days} \PYG{l+m+mi}{3650} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The second command will ask for the values of several certificate -fields. These fields can be set to any values. You can adjust the -expiration time of the CA certificate by changing the number after -\sphinxcode{\sphinxupquote{\sphinxhyphen{}days}}. Since the CA certificate must be deployed to client -machines each time it changes, it should normally have an expiration -time far in the future; however, expiration times after 2037 may cause -interoperability issues in rare circumstances. - -\sphinxAtStartPar -The result of these commands will be two files, cakey.pem and -cacert.pem. cakey.pem will contain a 2048\sphinxhyphen{}bit RSA private key, which -must be carefully protected. cacert.pem will contain the CA -certificate, which must be placed in the filesystems of the KDC and -each client host. cakey.pem will be required to create KDC and client -certificates. - - -\subsection{Generating a KDC certificate} -\label{\detokenize{admin/pkinit:generating-a-kdc-certificate}} -\sphinxAtStartPar -A KDC certificate for use with PKINIT is required to have some unusual -fields, which makes generating them with OpenSSL somewhat complicated. -First, you will need a file containing the following: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -[kdc\PYGZus{}cert] -basicConstraints=CA:FALSE -keyUsage=nonRepudiation,digitalSignature,keyEncipherment,keyAgreement -extendedKeyUsage=1.3.6.1.5.2.3.5 -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer -issuerAltName=issuer:copy -subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:kdc\PYGZus{}princ\PYGZus{}name - -[kdc\PYGZus{}princ\PYGZus{}name] -realm=EXP:0,GeneralString:\PYGZdl{}\PYGZob{}ENV::REALM\PYGZcb{} -principal\PYGZus{}name=EXP:1,SEQUENCE:kdc\PYGZus{}principal\PYGZus{}seq - -[kdc\PYGZus{}principal\PYGZus{}seq] -name\PYGZus{}type=EXP:0,INTEGER:2 -name\PYGZus{}string=EXP:1,SEQUENCE:kdc\PYGZus{}principals - -[kdc\PYGZus{}principals] -princ1=GeneralString:krbtgt -princ2=GeneralString:\PYGZdl{}\PYGZob{}ENV::REALM\PYGZcb{} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the above contents are placed in extensions.kdc, you can generate -and sign a KDC certificate with the following commands: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{openssl} \PYG{n}{genrsa} \PYG{o}{\PYGZhy{}}\PYG{n}{out} \PYG{n}{kdckey}\PYG{o}{.}\PYG{n}{pem} \PYG{l+m+mi}{2048} -\PYG{n}{openssl} \PYG{n}{req} \PYG{o}{\PYGZhy{}}\PYG{n}{new} \PYG{o}{\PYGZhy{}}\PYG{n}{out} \PYG{n}{kdc}\PYG{o}{.}\PYG{n}{req} \PYG{o}{\PYGZhy{}}\PYG{n}{key} \PYG{n}{kdckey}\PYG{o}{.}\PYG{n}{pem} -\PYG{n}{env} \PYG{n}{REALM}\PYG{o}{=}\PYG{n}{YOUR\PYGZus{}REALMNAME} \PYG{n}{openssl} \PYG{n}{x509} \PYG{o}{\PYGZhy{}}\PYG{n}{req} \PYG{o}{\PYGZhy{}}\PYG{o+ow}{in} \PYG{n}{kdc}\PYG{o}{.}\PYG{n}{req} \PYGZbs{} - \PYG{o}{\PYGZhy{}}\PYG{n}{CAkey} \PYG{n}{cakey}\PYG{o}{.}\PYG{n}{pem} \PYG{o}{\PYGZhy{}}\PYG{n}{CA} \PYG{n}{cacert}\PYG{o}{.}\PYG{n}{pem} \PYG{o}{\PYGZhy{}}\PYG{n}{out} \PYG{n}{kdc}\PYG{o}{.}\PYG{n}{pem} \PYG{o}{\PYGZhy{}}\PYG{n}{days} \PYG{l+m+mi}{365} \PYGZbs{} - \PYG{o}{\PYGZhy{}}\PYG{n}{extfile} \PYG{n}{extensions}\PYG{o}{.}\PYG{n}{kdc} \PYG{o}{\PYGZhy{}}\PYG{n}{extensions} \PYG{n}{kdc\PYGZus{}cert} \PYG{o}{\PYGZhy{}}\PYG{n}{CAcreateserial} -\PYG{n}{rm} \PYG{n}{kdc}\PYG{o}{.}\PYG{n}{req} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The second command will ask for the values of certificate fields, -which can be set to any values. In the third command, substitute your -KDC’s realm name for YOUR\_REALMNAME. You can adjust the certificate’s -expiration date by changing the number after \sphinxcode{\sphinxupquote{\sphinxhyphen{}days}}. Remember to -create a new KDC certificate before the old one expires. - -\sphinxAtStartPar -The result of this operation will be in two files, kdckey.pem and -kdc.pem. Both files must be placed in the KDC’s filesystem. -kdckey.pem, which contains the KDC’s private key, must be carefully -protected. - -\sphinxAtStartPar -If you examine the KDC certificate with \sphinxcode{\sphinxupquote{openssl x509 \sphinxhyphen{}in kdc.pem -\sphinxhyphen{}text \sphinxhyphen{}noout}}, OpenSSL will not know how to display the KDC principal -name in the Subject Alternative Name extension, so it will appear as -\sphinxcode{\sphinxupquote{othername:\textless{}unsupported\textgreater{}}}. This is normal and does not mean -anything is wrong with the KDC certificate. - - -\subsection{Generating client certificates} -\label{\detokenize{admin/pkinit:generating-client-certificates}} -\sphinxAtStartPar -PKINIT client certificates also must have some unusual certificate -fields. To generate a client certificate with OpenSSL for a -single\sphinxhyphen{}component principal name, you will need an extensions file -(different from the KDC extensions file above) containing: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -[client\PYGZus{}cert] -basicConstraints=CA:FALSE -keyUsage=digitalSignature,keyEncipherment,keyAgreement -extendedKeyUsage=1.3.6.1.5.2.3.4 -subjectKeyIdentifier=hash -authorityKeyIdentifier=keyid,issuer -issuerAltName=issuer:copy -subjectAltName=otherName:1.3.6.1.5.2.2;SEQUENCE:princ\PYGZus{}name - -[princ\PYGZus{}name] -realm=EXP:0,GeneralString:\PYGZdl{}\PYGZob{}ENV::REALM\PYGZcb{} -principal\PYGZus{}name=EXP:1,SEQUENCE:principal\PYGZus{}seq - -[principal\PYGZus{}seq] -name\PYGZus{}type=EXP:0,INTEGER:1 -name\PYGZus{}string=EXP:1,SEQUENCE:principals - -[principals] -princ1=GeneralString:\PYGZdl{}\PYGZob{}ENV::CLIENT\PYGZcb{} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the above contents are placed in extensions.client, you can -generate and sign a client certificate with the following commands: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{openssl} \PYG{n}{genrsa} \PYG{o}{\PYGZhy{}}\PYG{n}{out} \PYG{n}{clientkey}\PYG{o}{.}\PYG{n}{pem} \PYG{l+m+mi}{2048} -\PYG{n}{openssl} \PYG{n}{req} \PYG{o}{\PYGZhy{}}\PYG{n}{new} \PYG{o}{\PYGZhy{}}\PYG{n}{key} \PYG{n}{clientkey}\PYG{o}{.}\PYG{n}{pem} \PYG{o}{\PYGZhy{}}\PYG{n}{out} \PYG{n}{client}\PYG{o}{.}\PYG{n}{req} -\PYG{n}{env} \PYG{n}{REALM}\PYG{o}{=}\PYG{n}{YOUR\PYGZus{}REALMNAME} \PYG{n}{CLIENT}\PYG{o}{=}\PYG{n}{YOUR\PYGZus{}PRINCNAME} \PYG{n}{openssl} \PYG{n}{x509} \PYGZbs{} - \PYG{o}{\PYGZhy{}}\PYG{n}{CAkey} \PYG{n}{cakey}\PYG{o}{.}\PYG{n}{pem} \PYG{o}{\PYGZhy{}}\PYG{n}{CA} \PYG{n}{cacert}\PYG{o}{.}\PYG{n}{pem} \PYG{o}{\PYGZhy{}}\PYG{n}{req} \PYG{o}{\PYGZhy{}}\PYG{o+ow}{in} \PYG{n}{client}\PYG{o}{.}\PYG{n}{req} \PYGZbs{} - \PYG{o}{\PYGZhy{}}\PYG{n}{extensions} \PYG{n}{client\PYGZus{}cert} \PYG{o}{\PYGZhy{}}\PYG{n}{extfile} \PYG{n}{extensions}\PYG{o}{.}\PYG{n}{client} \PYGZbs{} - \PYG{o}{\PYGZhy{}}\PYG{n}{days} \PYG{l+m+mi}{365} \PYG{o}{\PYGZhy{}}\PYG{n}{out} \PYG{n}{client}\PYG{o}{.}\PYG{n}{pem} -\PYG{n}{rm} \PYG{n}{client}\PYG{o}{.}\PYG{n}{req} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Normally, the first two commands should be run on the client host, and -the resulting client.req file transferred to the certificate authority -host for the third command. As in the previous steps, the second -command will ask for the values of certificate fields, which can be -set to any values. In the third command, substitute your realm’s name -for YOUR\_REALMNAME and the client’s principal name (without realm) for -YOUR\_PRINCNAME. You can adjust the certificate’s expiration date by -changing the number after \sphinxcode{\sphinxupquote{\sphinxhyphen{}days}}. - -\sphinxAtStartPar -The result of this operation will be two files, clientkey.pem and -client.pem. Both files must be present on the client’s host; -clientkey.pem, which contains the client’s private key, must be -protected from access by others. - -\sphinxAtStartPar -As in the KDC certificate, OpenSSL will display the client principal -name as \sphinxcode{\sphinxupquote{othername:\textless{}unsupported\textgreater{}}} in the Subject Alternative Name -extension of a PKINIT client certificate. - -\sphinxAtStartPar -If the client principal name contains more than one component -(e.g. \sphinxcode{\sphinxupquote{host/example.com@REALM}}), the \sphinxcode{\sphinxupquote{{[}principals{]}}} section of -\sphinxcode{\sphinxupquote{extensions.client}} must be altered to contain multiple entries. -(Simply setting \sphinxcode{\sphinxupquote{CLIENT}} to \sphinxcode{\sphinxupquote{host/example.com}} would generate a -certificate for \sphinxcode{\sphinxupquote{host\textbackslash{}/example.com@REALM}} which would not match the -multi\sphinxhyphen{}component principal name.) For a two\sphinxhyphen{}component principal, the -section should read: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -[principals] -princ1=GeneralString:\PYGZdl{}\PYGZob{}ENV::CLIENT1\PYGZcb{} -princ2=GeneralString:\PYGZdl{}\PYGZob{}ENV::CLIENT2\PYGZcb{} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The environment variables \sphinxcode{\sphinxupquote{CLIENT1}} and \sphinxcode{\sphinxupquote{CLIENT2}} must then be set -to the first and second components when running \sphinxcode{\sphinxupquote{openssl x509}}. - - -\section{Configuring the KDC} -\label{\detokenize{admin/pkinit:configuring-the-kdc}} -\sphinxAtStartPar -The KDC must have filesystem access to the KDC certificate (kdc.pem) -and the KDC private key (kdckey.pem). Configure the following -relation in the KDC’s {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} file, either in the -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdcdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}kdcdefaults{]}}}}} section or in a {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} subsection (with -appropriate pathnames): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{pkinit\PYGZus{}identity} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{lib}\PYG{o}{/}\PYG{n}{krb5kdc}\PYG{o}{/}\PYG{n}{kdc}\PYG{o}{.}\PYG{n}{pem}\PYG{p}{,}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{lib}\PYG{o}{/}\PYG{n}{krb5kdc}\PYG{o}{/}\PYG{n}{kdckey}\PYG{o}{.}\PYG{n}{pem} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If any clients will authenticate using regular (as opposed to -anonymous) PKINIT, the KDC must also have filesystem access to the CA -certificate (cacert.pem), and the following configuration (with the -appropriate pathname): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{pkinit\PYGZus{}anchors} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{var}\PYG{o}{/}\PYG{n}{lib}\PYG{o}{/}\PYG{n}{krb5kdc}\PYG{o}{/}\PYG{n}{cacert}\PYG{o}{.}\PYG{n}{pem} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Because of the larger size of requests and responses using PKINIT, you -may also need to allow TCP access to the KDC: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kdc\PYGZus{}tcp\PYGZus{}listen} \PYG{o}{=} \PYG{l+m+mi}{88} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Restart the {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} daemon to pick up the configuration -changes. - -\sphinxAtStartPar -The principal entry for each PKINIT\sphinxhyphen{}using client must be configured to -require preauthentication. Ensure this with the command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin} \PYG{o}{\PYGZhy{}}\PYG{n}{q} \PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{modprinc +requires\PYGZus{}preauth YOUR\PYGZus{}PRINCNAME}\PYG{l+s+s1}{\PYGZsq{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Starting with release 1.12, it is possible to remove the long\sphinxhyphen{}term -keys of a principal entry, which can save some space in the database -and help to clarify some PKINIT\sphinxhyphen{}related error conditions by not asking -for a password: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin} \PYG{o}{\PYGZhy{}}\PYG{n}{q} \PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{purgekeys \PYGZhy{}all YOUR\PYGZus{}PRINCNAME}\PYG{l+s+s1}{\PYGZsq{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -These principal options can also be specified at principal creation -time as follows: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin} \PYG{o}{\PYGZhy{}}\PYG{n}{q} \PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{add\PYGZus{}principal +requires\PYGZus{}preauth \PYGZhy{}nokey YOUR\PYGZus{}PRINCNAME}\PYG{l+s+s1}{\PYGZsq{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -By default, the KDC requires PKINIT client certificates to have the -standard Extended Key Usage and Subject Alternative Name attributes -for PKINIT. Starting in release 1.16, it is possible to authorize -client certificates based on the subject or other criteria instead of -the standard PKINIT Subject Alternative Name, by setting the -\sphinxstylestrong{pkinit\_cert\_match} string attribute on each client principal entry. -For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin} \PYG{n}{set\PYGZus{}string} \PYG{n}{user}\PYG{n+nd}{@REALM} \PYG{n}{pkinit\PYGZus{}cert\PYGZus{}match} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZlt{}SUBJECT\PYGZgt{}CN=user@REALM\PYGZdl{}}\PYG{l+s+s2}{\PYGZdq{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The \sphinxstylestrong{pkinit\_cert\_match} string attribute follows the syntax used by -the {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} \sphinxstylestrong{pkinit\_cert\_match} relation. To allow the -use of non\sphinxhyphen{}PKINIT client certificates, it will also be necessary to -disable key usage checking using the \sphinxstylestrong{pkinit\_eku\_checking} relation; -for example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{kdcdefaults}\PYG{p}{]} - \PYG{n}{pkinit\PYGZus{}eku\PYGZus{}checking} \PYG{o}{=} \PYG{n}{none} -\end{sphinxVerbatim} - - -\section{Configuring the clients} -\label{\detokenize{admin/pkinit:configuring-the-clients}} -\sphinxAtStartPar -Client hosts must be configured to trust the issuing authority for the -KDC certificate. For a newly established certificate authority, the -client host must have filesystem access to the CA certificate -(cacert.pem) and the following relation in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} in the -appropriate {\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} subsection (with appropriate pathnames): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{pkinit\PYGZus{}anchors} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{/}\PYG{n}{cacert}\PYG{o}{.}\PYG{n}{pem} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the KDC certificate is a commercially issued server certificate, -the issuing certificate is most likely included in a system directory. -You can specify it by filename as above, or specify the whole -directory like so: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{pkinit\PYGZus{}anchors} \PYG{o}{=} \PYG{n}{DIR}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{ssl}\PYG{o}{/}\PYG{n}{certs} -\end{sphinxVerbatim} - -\sphinxAtStartPar -A commercially issued server certificate will usually not have the -standard PKINIT principal name or Extended Key Usage extensions, so -the following additional configuration is required: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{pkinit\PYGZus{}eku\PYGZus{}checking} \PYG{o}{=} \PYG{n}{kpServerAuth} -\PYG{n}{pkinit\PYGZus{}kdc\PYGZus{}hostname} \PYG{o}{=} \PYG{n}{hostname}\PYG{o}{.}\PYG{n}{of}\PYG{o}{.}\PYG{n}{kdc}\PYG{o}{.}\PYG{n}{certificate} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Multiple \sphinxstylestrong{pkinit\_kdc\_hostname} relations can be configured to -recognize multiple KDC certificates. If the KDC is an Active -Directory domain controller, setting \sphinxstylestrong{pkinit\_kdc\_hostname} is -necessary, but it should not be necessary to set -\sphinxstylestrong{pkinit\_eku\_checking}. - -\sphinxAtStartPar -To perform regular (as opposed to anonymous) PKINIT authentication, a -client host must have filesystem access to a client certificate -(client.pem), and the corresponding private key (clientkey.pem). -Configure the following relations in the client host’s -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} file in the appropriate {\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} subsection -(with appropriate pathnames): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{pkinit\PYGZus{}identities} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{/}\PYG{n}{client}\PYG{o}{.}\PYG{n}{pem}\PYG{p}{,}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{/}\PYG{n}{clientkey}\PYG{o}{.}\PYG{n}{pem} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the KDC and client are properly configured, it should now be -possible to run \sphinxcode{\sphinxupquote{kinit username}} without entering a password. - - -\section{Anonymous PKINIT} -\label{\detokenize{admin/pkinit:anonymous-pkinit}}\label{\detokenize{admin/pkinit:id1}} -\sphinxAtStartPar -Anonymity support in Kerberos allows a client to obtain a ticket -without authenticating as any particular principal. Such a ticket can -be used as a FAST armor ticket, or to securely communicate with an -application server anonymously. - -\sphinxAtStartPar -To configure anonymity support, you must generate or otherwise procure -a KDC certificate and configure the KDC host, but you do not need to -generate any client certificates. On the KDC, you must set the -\sphinxstylestrong{pkinit\_identity} variable to provide the KDC certificate, but do -not need to set the \sphinxstylestrong{pkinit\_anchors} variable or store the issuing -certificate if you won’t have any client certificates to verify. On -client hosts, you must set the \sphinxstylestrong{pkinit\_anchors} variable (and -possibly \sphinxstylestrong{pkinit\_kdc\_hostname} and \sphinxstylestrong{pkinit\_eku\_checking}) in order -to trust the issuing authority for the KDC certificate, but do not -need to set the \sphinxstylestrong{pkinit\_identities} variable. - -\sphinxAtStartPar -Anonymity support is not enabled by default. To enable it, you must -create the principal \sphinxcode{\sphinxupquote{WELLKNOWN/ANONYMOUS}} using the command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin} \PYG{o}{\PYGZhy{}}\PYG{n}{q} \PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{addprinc \PYGZhy{}randkey WELLKNOWN/ANONYMOUS}\PYG{l+s+s1}{\PYGZsq{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Some Kerberos deployments include application servers which lack -proper access control, and grant some level of access to any user who -can authenticate. In such an environment, enabling anonymity support -on the KDC would present a security issue. If you need to enable -anonymity support for TGTs (for use as FAST armor tickets) without -enabling anonymous authentication to application servers, you can set -the variable \sphinxstylestrong{restrict\_anonymous\_to\_tgt} to \sphinxcode{\sphinxupquote{true}} in the -appropriate {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} subsection of the KDC’s -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} file. - -\sphinxAtStartPar -To obtain anonymous credentials on a client, run \sphinxcode{\sphinxupquote{kinit \sphinxhyphen{}n}}, or -\sphinxcode{\sphinxupquote{kinit \sphinxhyphen{}n @REALMNAME}} to specify a realm. The resulting tickets -will have the client name \sphinxcode{\sphinxupquote{WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS}}. - - -\section{Freshness tokens} -\label{\detokenize{admin/pkinit:freshness-tokens}} -\sphinxAtStartPar -Freshness tokens can ensure that the client has recently had access to -its certificate private key. If freshness tokens are not required by -the KDC, a client program with temporary possession of the private key -can compose requests for future timestamps and use them later. - -\sphinxAtStartPar -In release 1.17 and later, freshness tokens are supported by the -client and are sent by the KDC when the client indicates support for -them. Because not all clients support freshness tokens yet, they are -not required by default. To check if freshness tokens are supported -by a realm’s clients, look in the KDC logs for the lines: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{PKINIT}\PYG{p}{:} \PYG{n}{freshness} \PYG{n}{token} \PYG{n}{received} \PYG{k+kn}{from} \PYG{o}{\PYGZlt{}}\PYG{n}{client} \PYG{n}{principal}\PYG{o}{\PYGZgt{}} -\PYG{n}{PKINIT}\PYG{p}{:} \PYG{n}{no} \PYG{n}{freshness} \PYG{n}{token} \PYG{n}{received} \PYG{k+kn}{from} \PYG{o}{\PYGZlt{}}\PYG{n}{client} \PYG{n}{principal}\PYG{o}{\PYGZgt{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -To require freshness tokens for all clients in a realm (except for -clients authenticating anonymously), set the -\sphinxstylestrong{pkinit\_require\_freshness} variable to \sphinxcode{\sphinxupquote{true}} in the appropriate -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} subsection of the KDC’s {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} file. To -test that this option is in effect, run \sphinxcode{\sphinxupquote{kinit \sphinxhyphen{}X disable\_freshness}} -and verify that authentication is unsuccessful. - - -\chapter{OTP Preauthentication} -\label{\detokenize{admin/otp:otp-preauthentication}}\label{\detokenize{admin/otp:otp-preauth}}\label{\detokenize{admin/otp::doc}} -\sphinxAtStartPar -OTP is a preauthentication mechanism for Kerberos 5 which uses One -Time Passwords (OTP) to authenticate the client to the KDC. The OTP -is passed to the KDC over an encrypted FAST channel in clear\sphinxhyphen{}text. -The KDC uses the password along with per\sphinxhyphen{}user configuration to proxy -the request to a third\sphinxhyphen{}party RADIUS system. This enables -out\sphinxhyphen{}of\sphinxhyphen{}the\sphinxhyphen{}box compatibility with a large number of already widely -deployed proprietary systems. - -\sphinxAtStartPar -Additionally, our implementation of the OTP system allows for the -passing of RADIUS requests over a UNIX domain stream socket. This -permits the use of a local companion daemon which can handle the -details of authentication. - - -\section{Defining token types} -\label{\detokenize{admin/otp:defining-token-types}} -\sphinxAtStartPar -Token types are defined in either {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} or -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} according to the following format: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{otp}\PYG{p}{]} - \PYG{o}{\PYGZlt{}}\PYG{n}{name}\PYG{o}{\PYGZgt{}} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{server} \PYG{o}{=} \PYG{o}{\PYGZlt{}}\PYG{n}{host}\PYG{p}{:}\PYG{n}{port} \PYG{o+ow}{or} \PYG{n}{filename}\PYG{o}{\PYGZgt{}} \PYG{p}{(}\PYG{n}{default}\PYG{p}{:} \PYG{n}{see} \PYG{n}{below}\PYG{p}{)} - \PYG{n}{secret} \PYG{o}{=} \PYG{o}{\PYGZlt{}}\PYG{n}{filename}\PYG{o}{\PYGZgt{}} - \PYG{n}{timeout} \PYG{o}{=} \PYG{o}{\PYGZlt{}}\PYG{n}{integer}\PYG{o}{\PYGZgt{}} \PYG{p}{(}\PYG{n}{default}\PYG{p}{:} \PYG{l+m+mi}{5} \PYG{p}{[}\PYG{n}{seconds}\PYG{p}{]}\PYG{p}{)} - \PYG{n}{retries} \PYG{o}{=} \PYG{o}{\PYGZlt{}}\PYG{n}{integer}\PYG{o}{\PYGZgt{}} \PYG{p}{(}\PYG{n}{default}\PYG{p}{:} \PYG{l+m+mi}{3}\PYG{p}{)} - \PYG{n}{strip\PYGZus{}realm} \PYG{o}{=} \PYG{o}{\PYGZlt{}}\PYG{n}{boolean}\PYG{o}{\PYGZgt{}} \PYG{p}{(}\PYG{n}{default}\PYG{p}{:} \PYG{n}{true}\PYG{p}{)} - \PYG{n}{indicator} \PYG{o}{=} \PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{o}{\PYGZgt{}} \PYG{p}{(}\PYG{n}{default}\PYG{p}{:} \PYG{n}{none}\PYG{p}{)} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the server field begins with ‘/’, it will be interpreted as a UNIX -socket. Otherwise, it is assumed to be in the format host:port. When -a UNIX domain socket is specified, the secret field is optional and an -empty secret is used by default. If the server field is not -specified, it defaults to {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{RUNSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/\textless{}name\textgreater{}.socket}}. - -\sphinxAtStartPar -When forwarding the request over RADIUS, by default the principal is -used in the User\sphinxhyphen{}Name attribute of the RADIUS packet. The strip\_realm -parameter controls whether the principal is forwarded with or without -the realm portion. - -\sphinxAtStartPar -If an indicator field is present, tickets issued using this token type -will be annotated with the specified authentication indicator (see -{\hyperref[\detokenize{admin/auth_indicator:auth-indicator}]{\sphinxcrossref{\DUrole{std,std-ref}{Authentication indicators}}}}). This key may be specified multiple times to -add multiple indicators. - - -\section{The default token type} -\label{\detokenize{admin/otp:the-default-token-type}} -\sphinxAtStartPar -A default token type is used internally when no token type is specified for a -given user. It is defined as follows: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{otp}\PYG{p}{]} - \PYG{n}{DEFAULT} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{strip\PYGZus{}realm} \PYG{o}{=} \PYG{n}{false} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The administrator may override the internal \sphinxcode{\sphinxupquote{DEFAULT}} token type -simply by defining a configuration with the same name. - - -\section{Token instance configuration} -\label{\detokenize{admin/otp:token-instance-configuration}} -\sphinxAtStartPar -To enable OTP for a client principal, the administrator must define -the \sphinxstylestrong{otp} string attribute for that principal. (See -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:set-string}]{\sphinxcrossref{\DUrole{std,std-ref}{set\_string}}}}.) The \sphinxstylestrong{otp} user string is a JSON string of the -format: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -[\PYGZob{} - \PYGZdq{}type\PYGZdq{}: \PYG{n+nt}{\PYGZlt{}string}\PYG{n+nt}{\PYGZgt{}}, - \PYGZdq{}username\PYGZdq{}: \PYG{n+nt}{\PYGZlt{}string}\PYG{n+nt}{\PYGZgt{}}, - \PYGZdq{}indicators\PYGZdq{}: [\PYG{n+nt}{\PYGZlt{}string}\PYG{n+nt}{\PYGZgt{}}, ...] - \PYGZcb{}, ...] -\end{sphinxVerbatim} - -\sphinxAtStartPar -This is an array of token objects. Both fields of token objects are -optional. The \sphinxstylestrong{type} field names the token type of this token; if -not specified, it defaults to \sphinxcode{\sphinxupquote{DEFAULT}}. The \sphinxstylestrong{username} field -specifies the value to be sent in the User\sphinxhyphen{}Name RADIUS attribute. If -not specified, the principal name is sent, with or without realm as -defined in the token type. The \sphinxstylestrong{indicators} field specifies a list -of authentication indicators to annotate tickets with, overriding any -indicators specified in the token type. - -\sphinxAtStartPar -For ease of configuration, an empty array (\sphinxcode{\sphinxupquote{{[}{]}}}) is treated as -equivalent to one DEFAULT token (\sphinxcode{\sphinxupquote{{[}\{\}{]}}}). - - -\section{Other considerations} -\label{\detokenize{admin/otp:other-considerations}}\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -FAST is required for OTP to work. - -\end{enumerate} - - -\chapter{SPAKE Preauthentication} -\label{\detokenize{admin/spake:spake-preauthentication}}\label{\detokenize{admin/spake:spake}}\label{\detokenize{admin/spake::doc}} -\sphinxAtStartPar -SPAKE preauthentication (added in release 1.17) uses public key -cryptography techniques to protect against {\hyperref[\detokenize{admin/dictionary:dictionary}]{\sphinxcrossref{\DUrole{std,std-ref}{password dictionary -attacks}}}}. Unlike {\hyperref[\detokenize{admin/pkinit:pkinit}]{\sphinxcrossref{\DUrole{std,std-ref}{PKINIT}}}}, it does not -require any additional infrastructure such as certificates; it simply -needs to be turned on. Using SPAKE preauthentication may modestly -increase the CPU and network load on the KDC. - -\sphinxAtStartPar -SPAKE preauthentication can use one of four elliptic curve groups for -its password\sphinxhyphen{}authenticated key exchange. The recommended group is -\sphinxcode{\sphinxupquote{edwards25519}}; three NIST curves (\sphinxcode{\sphinxupquote{P\sphinxhyphen{}256}}, \sphinxcode{\sphinxupquote{P\sphinxhyphen{}384}}, and -\sphinxcode{\sphinxupquote{P\sphinxhyphen{}521}}) are also supported. - -\sphinxAtStartPar -By default, SPAKE with the \sphinxcode{\sphinxupquote{edwards25519}} group is enabled on -clients, but the KDC does not offer SPAKE by default. To turn it on, -set the \sphinxstylestrong{spake\_preauth\_groups} variable in {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}} to a -list of allowed groups. This variable affects both the client and the -KDC. Simply setting it to \sphinxcode{\sphinxupquote{edwards25519}} is recommended: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{libdefaults}\PYG{p}{]} - \PYG{n}{spake\PYGZus{}preauth\PYGZus{}groups} \PYG{o}{=} \PYG{n}{edwards25519} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Set the \sphinxstylestrong{+requires\_preauth} and \sphinxstylestrong{\sphinxhyphen{}allow\_svr} flags on client -principal entries, as you would for any preauthentication mechanism: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{modprinc} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth} \PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}svr} \PYG{n}{PRINCNAME} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Clients which do not implement SPAKE preauthentication will fall back -to encrypted timestamp. - -\sphinxAtStartPar -An active attacker can force a fallback to encrypted timestamp by -modifying the initial KDC response, defeating the protection against -dictionary attacks. To prevent this fallback on clients which do -implement SPAKE preauthentication, set the -\sphinxstylestrong{disable\_encrypted\_timestamp} variable to \sphinxcode{\sphinxupquote{true}} in the -{\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} subsection for realms whose KDCs offer SPAKE -preauthentication. - -\sphinxAtStartPar -By default, SPAKE preauthentication requires an extra network round -trip to the KDC during initial authentication. If most of the clients -in a realm support SPAKE, this extra round trip can be eliminated -using an optimistic challenge, by setting the -\sphinxstylestrong{spake\_preauth\_kdc\_challenge} variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdcdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}kdcdefaults{]}}}}} to a -single group name: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{kdcdefaults}\PYG{p}{]} - \PYG{n}{spake\PYGZus{}preauth\PYGZus{}kdc\PYGZus{}challenge} \PYG{o}{=} \PYG{n}{edwards25519} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Using optimistic challenge will cause the KDC to do extra work for -initial authentication requests that do not result in SPAKE -preauthentication, but will save work when SPAKE preauthentication is -used. - - -\chapter{Addressing dictionary attack risks} -\label{\detokenize{admin/dictionary:addressing-dictionary-attack-risks}}\label{\detokenize{admin/dictionary:dictionary}}\label{\detokenize{admin/dictionary::doc}} -\sphinxAtStartPar -Kerberos initial authentication is normally secured using the client -principal’s long\sphinxhyphen{}term key, which for users is generally derived from a -password. Using a pasword\sphinxhyphen{}derived long\sphinxhyphen{}term key carries the risk of a -dictionary attack, where an attacker tries a sequence of possible -passwords, possibly requiring much less effort than would be required -to try all possible values of the key. Even if {\hyperref[\detokenize{admin/database:policies}]{\sphinxcrossref{\DUrole{std,std-ref}{password policy -objects}}}} are used to force users not to pick trivial -passwords, dictionary attacks can sometimes be successful against a -significant fraction of the users in a realm. Dictionary attacks are -not a concern for principals using random keys. - -\sphinxAtStartPar -A dictionary attack may be online or offline. An online dictionary -attack is performed by trying each password in a separate request to -the KDC, and is therefore visible to the KDC and also limited in speed -by the KDC’s processing power and the network capacity between the -client and the KDC. Online dictionary attacks can be mitigated using -{\hyperref[\detokenize{admin/lockout:lockout}]{\sphinxcrossref{\DUrole{std,std-ref}{account lockout}}}}. This measure is not totally -satisfactory, as it makes it easy for an attacker to deny access to a -client principal. - -\sphinxAtStartPar -An offline dictionary attack is performed by obtaining a ciphertext -generated using the password\sphinxhyphen{}derived key, and trying each password -against the ciphertext. This category of attack is invisible to the -KDC and can be performed much faster than an online attack. The -attack will generally take much longer with more recent encryption -types (particularly the ones based on AES), because those encryption -types use a much more expensive string\sphinxhyphen{}to\sphinxhyphen{}key function. However, the -best defense is to deny the attacker access to a useful ciphertext. -The required defensive measures depend on the attacker’s level of -network access. - -\sphinxAtStartPar -An off\sphinxhyphen{}path attacker has no access to packets sent between legitimate -users and the KDC. An off\sphinxhyphen{}path attacker could gain access to an -attackable ciphertext either by making an AS request for a client -principal which does not have the \sphinxstylestrong{+requires\_preauth} flag, or by -making a TGS request (after authenticating as a different user) for a -server principal which does not have the \sphinxstylestrong{\sphinxhyphen{}allow\_svr} flag. To -address off\sphinxhyphen{}path attackers, a KDC administrator should set those flags -on principals with password\sphinxhyphen{}derived keys: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{add\PYGZus{}principal} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth} \PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}svr} \PYG{n}{princname} -\end{sphinxVerbatim} - -\sphinxAtStartPar -An attacker with passive network access (one who can monitor packets -sent between legitimate users and the KDC, but cannot change them or -insert their own packets) can gain access to an attackable ciphertext -by observing an authentication by a user using the most common form of -preauthentication, encrypted timestamp. Any of the following methods -can prevent dictionary attacks by attackers with passive network -access: -\begin{itemize} -\item {} -\sphinxAtStartPar -Enabling {\hyperref[\detokenize{admin/spake:spake}]{\sphinxcrossref{\DUrole{std,std-ref}{SPAKE preauthentication}}}} (added in release -1.17) on the KDC, and ensuring that all clients are able to support -it. - -\item {} -\sphinxAtStartPar -Using an {\hyperref[\detokenize{admin/https:https}]{\sphinxcrossref{\DUrole{std,std-ref}{HTTPS proxy}}}} for communication with the KDC, -if the attacker cannot monitor communication between the proxy -server and the KDC. - -\item {} -\sphinxAtStartPar -Using FAST, protecting the initial authentication with either a -random key (such as a host key) or with {\hyperref[\detokenize{admin/pkinit:anonymous-pkinit}]{\sphinxcrossref{\DUrole{std,std-ref}{anonymous PKINIT}}}}. - -\end{itemize} - -\sphinxAtStartPar -An attacker with active network access (one who can inject or modify -packets sent between legitimate users and the KDC) can try to fool the -client software into sending an attackable ciphertext using an -encryption type and salt string of the attacker’s choosing. Any of the -following methods can prevent dictionary attacks by active attackers: -\begin{itemize} -\item {} -\sphinxAtStartPar -Enabling SPAKE preauthentication and setting the -\sphinxstylestrong{disable\_encrypted\_timestamp} variable to \sphinxcode{\sphinxupquote{true}} in the -{\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} subsection of the client configuration. - -\item {} -\sphinxAtStartPar -Using an HTTPS proxy as described above, configured in the client’s -krb5.conf realm configuration. If {\hyperref[\detokenize{admin/realm_config:kdc-discovery}]{\sphinxcrossref{\DUrole{std,std-ref}{KDC discovery}}}} is used to locate a proxy server, an active -attacker may be able to use DNS spoofing to cause the client to use -a different HTTPS server or to not use HTTPS. - -\item {} -\sphinxAtStartPar -Using FAST as described above. - -\end{itemize} - -\sphinxAtStartPar -If {\hyperref[\detokenize{admin/pkinit:pkinit}]{\sphinxcrossref{\DUrole{std,std-ref}{PKINIT}}}} or {\hyperref[\detokenize{admin/otp:otp-preauth}]{\sphinxcrossref{\DUrole{std,std-ref}{OTP}}}} are used for -initial authentication, the principal’s long\sphinxhyphen{}term keys are not used -and dictionary attacks are usually not a concern. - - -\chapter{Principal names and DNS} -\label{\detokenize{admin/princ_dns:principal-names-and-dns}}\label{\detokenize{admin/princ_dns::doc}} -\sphinxAtStartPar -Kerberos clients can do DNS lookups to canonicalize service principal -names. This can cause difficulties when setting up Kerberos -application servers, especially when the client’s name for the service -is different from what the service thinks its name is. - - -\section{Service principal names} -\label{\detokenize{admin/princ_dns:service-principal-names}} -\sphinxAtStartPar -A frequently used kind of principal name is the host\sphinxhyphen{}based service -principal name. This kind of principal name has two components: a -service name and a hostname. For example, \sphinxcode{\sphinxupquote{imap/imap.example.com}} -is the principal name of the “imap†service on the host -“imap.example.comâ€. Other possible service names for the first -component include “host†(remote login services such as ssh), “HTTPâ€, -and “nfs†(Network File System). - -\sphinxAtStartPar -Service administrators often publish well\sphinxhyphen{}known hostname aliases that -they would prefer users to use instead of the canonical name of the -service host. This gives service administrators more flexibility in -deploying services. For example, a shell login server might be named -“long\sphinxhyphen{}vanity\sphinxhyphen{}hostname.example.comâ€, but users will naturally prefer to -type something like “login.example.comâ€. Hostname aliases also allow -for administrators to set up load balancing for some sorts of services -based on rotating \sphinxcode{\sphinxupquote{CNAME}} records in DNS. - - -\section{Service principal canonicalization} -\label{\detokenize{admin/princ_dns:service-principal-canonicalization}} -\sphinxAtStartPar -In the MIT krb5 client library, canonicalization of host\sphinxhyphen{}based service -principals is controlled by the \sphinxstylestrong{dns\_canonicalize\_hostname}, -\sphinxstylestrong{rnds}, and \sphinxstylestrong{qualify\_shortname} variables in {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}}. - -\sphinxAtStartPar -If \sphinxstylestrong{dns\_canonicalize\_hostname} is set to \sphinxcode{\sphinxupquote{true}} (the default -value), the client performs forward resolution by looking up the IPv4 -and/or IPv6 addresses of the hostname using \sphinxcode{\sphinxupquote{getaddrinfo()}}. This -process will typically add a domain suffix to the hostname if needed, -and follow CNAME records in the DNS. If \sphinxstylestrong{rdns} is also set to -\sphinxcode{\sphinxupquote{true}} (the default), the client will then perform a reverse lookup -of the first returned Internet address using \sphinxcode{\sphinxupquote{getnameinfo()}}, -finding the name associated with the PTR record. - -\sphinxAtStartPar -If \sphinxstylestrong{dns\_canonicalize\_hostname} is set to \sphinxcode{\sphinxupquote{false}}, the hostname is -not canonicalized using DNS. If the hostname has only one component -(i.e. it contains no “.†characters), the host’s primary DNS search -domain will be appended, if there is one. The \sphinxstylestrong{qualify\_shortname} -variable can be used to override or disable this suffix. - -\sphinxAtStartPar -If \sphinxstylestrong{dns\_canonicalize\_hostname} is set to \sphinxcode{\sphinxupquote{fallback}} (added in -release 1.18), the hostname is initially treated according to the -rules for \sphinxcode{\sphinxupquote{dns\_canonicalize\_hostname=false}}. If a ticket request -fails because the service principal is unknown, the hostname will be -canonicalized according to the rules for -\sphinxcode{\sphinxupquote{dns\_canonicalize\_hostname=true}} and the request will be retried. - -\sphinxAtStartPar -In all cases, the hostname is converted to lowercase, and any trailing -dot is removed. - - -\section{Reverse DNS mismatches} -\label{\detokenize{admin/princ_dns:reverse-dns-mismatches}} -\sphinxAtStartPar -Sometimes, an enterprise will have control over its forward DNS but -not its reverse DNS. The reverse DNS is sometimes under the control -of the Internet service provider of the enterprise, and the enterprise -may not have much influence in setting up reverse DNS records for its -address space. If there are difficulties with getting forward and -reverse DNS to match, it is best to set \sphinxcode{\sphinxupquote{rdns = false}} on client -machines. - - -\section{Overriding application behavior} -\label{\detokenize{admin/princ_dns:overriding-application-behavior}} -\sphinxAtStartPar -Applications can choose to use a default hostname component in their -service principal name when accepting authentication, which avoids -some sorts of hostname mismatches. Because not all relevant -applications do this yet, using the {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} setting: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{libdefaults}\PYG{p}{]} - \PYG{n}{ignore\PYGZus{}acceptor\PYGZus{}hostname} \PYG{o}{=} \PYG{n}{true} -\end{sphinxVerbatim} - -\sphinxAtStartPar -will allow the Kerberos library to override the application’s choice -of service principal hostname and will allow a server program to -accept incoming authentications using any key in its keytab that -matches the service name and realm name (if given). This setting -defaults to “false†and is available in releases krb5\sphinxhyphen{}1.10 and later. - - -\section{Provisioning keytabs} -\label{\detokenize{admin/princ_dns:provisioning-keytabs}} -\sphinxAtStartPar -One service principal entry that should be in the keytab is a -principal whose hostname component is the canonical hostname that -\sphinxcode{\sphinxupquote{getaddrinfo()}} reports for all known aliases for the host. If the -reverse DNS information does not match this canonical hostname, an -additional service principal entry should be in the keytab for this -different hostname. - - -\section{Specific application advice} -\label{\detokenize{admin/princ_dns:specific-application-advice}} - -\subsection{Secure shell (ssh)} -\label{\detokenize{admin/princ_dns:secure-shell-ssh}} -\sphinxAtStartPar -Setting \sphinxcode{\sphinxupquote{GSSAPIStrictAcceptorCheck = no}} in the configuration file -of modern versions of the openssh daemon will allow the daemon to try -any key in its keytab when accepting a connection, rather than looking -for the keytab entry that matches the host’s own idea of its name -(typically the name that \sphinxcode{\sphinxupquote{gethostname()}} returns). This requires -krb5\sphinxhyphen{}1.10 or later. - - -\subsection{OpenLDAP (ldapsearch, etc.)} -\label{\detokenize{admin/princ_dns:openldap-ldapsearch-etc}} -\sphinxAtStartPar -OpenLDAP’s SASL implementation performs reverse DNS lookup in order to -canonicalize service principal names, even if \sphinxstylestrong{rdns} is set to -\sphinxcode{\sphinxupquote{false}} in the Kerberos configuration. To disable this behavior, -add \sphinxcode{\sphinxupquote{SASL\_NOCANON on}} to \sphinxcode{\sphinxupquote{ldap.conf}}, or set the -\sphinxcode{\sphinxupquote{LDAPSASL\_NOCANON}} environment variable. - - -\chapter{Encryption types} -\label{\detokenize{admin/enctypes:encryption-types}}\label{\detokenize{admin/enctypes:enctypes}}\label{\detokenize{admin/enctypes::doc}} -\sphinxAtStartPar -Kerberos can use a variety of cipher algorithms to protect data. A -Kerberos \sphinxstylestrong{encryption type} (also known as an \sphinxstylestrong{enctype}) is a -specific combination of a cipher algorithm with an integrity algorithm -to provide both confidentiality and integrity to data. - - -\section{Enctypes in requests} -\label{\detokenize{admin/enctypes:enctypes-in-requests}} -\sphinxAtStartPar -Clients make two types of requests (KDC\sphinxhyphen{}REQ) to the KDC: AS\sphinxhyphen{}REQs and -TGS\sphinxhyphen{}REQs. The client uses the AS\sphinxhyphen{}REQ to obtain initial tickets -(typically a Ticket\sphinxhyphen{}Granting Ticket (TGT)), and uses the TGS\sphinxhyphen{}REQ to -obtain service tickets. - -\sphinxAtStartPar -The KDC uses three different keys when issuing a ticket to a client: -\begin{itemize} -\item {} -\sphinxAtStartPar -The long\sphinxhyphen{}term key of the service: the KDC uses this to encrypt the -actual service ticket. The KDC only uses the first long\sphinxhyphen{}term key in -the most recent kvno for this purpose. - -\item {} -\sphinxAtStartPar -The session key: the KDC randomly chooses this key and places one -copy inside the ticket and the other copy inside the encrypted part -of the reply. - -\item {} -\sphinxAtStartPar -The reply\sphinxhyphen{}encrypting key: the KDC uses this to encrypt the reply it -sends to the client. For AS replies, this is a long\sphinxhyphen{}term key of the -client principal. For TGS replies, this is either the session key of the -authenticating ticket, or a subsession key. - -\end{itemize} - -\sphinxAtStartPar -Each of these keys is of a specific enctype. - -\sphinxAtStartPar -Each request type allows the client to submit a list of enctypes that -it is willing to accept. For the AS\sphinxhyphen{}REQ, this list affects both the -session key selection and the reply\sphinxhyphen{}encrypting key selection. For the -TGS\sphinxhyphen{}REQ, this list only affects the session key selection. - - -\section{Session key selection} -\label{\detokenize{admin/enctypes:session-key-selection}}\label{\detokenize{admin/enctypes:id1}} -\sphinxAtStartPar -The KDC chooses the session key enctype by taking the intersection of -its \sphinxstylestrong{permitted\_enctypes} list, the list of long\sphinxhyphen{}term keys for the -most recent kvno of the service, and the client’s requested list of -enctypes. Starting in krb5\sphinxhyphen{}1.21, all services are assumed to support -aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96; also, des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 and arcfour\sphinxhyphen{}hmac session -keys will not be issued by default. - -\sphinxAtStartPar -Starting in krb5\sphinxhyphen{}1.11, it is possible to set a string attribute on a -service principal to control what session key enctypes the KDC may -issue for service tickets for that principal, overriding the service’s -long\sphinxhyphen{}term keys and the assumption of aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 support. -See {\hyperref[\detokenize{admin/admin_commands/kadmin_local:set-string}]{\sphinxcrossref{\DUrole{std,std-ref}{set\_string}}}} in {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} for details. - - -\section{Choosing enctypes for a service} -\label{\detokenize{admin/enctypes:choosing-enctypes-for-a-service}} -\sphinxAtStartPar -Generally, a service should have a key of the strongest -enctype that both it and the KDC support. If the KDC is running a -release earlier than krb5\sphinxhyphen{}1.11, it is also useful to generate an -additional key for each enctype that the service can support. The KDC -will only use the first key in the list of long\sphinxhyphen{}term keys for encrypting -the service ticket, but the additional long\sphinxhyphen{}term keys indicate the -other enctypes that the service supports. - -\sphinxAtStartPar -As noted above, starting with release krb5\sphinxhyphen{}1.11, there are additional -configuration settings that control session key enctype selection -independently of the set of long\sphinxhyphen{}term keys that the KDC has stored for -a service principal. - - -\section{Configuration variables} -\label{\detokenize{admin/enctypes:configuration-variables}} -\sphinxAtStartPar -The following \sphinxcode{\sphinxupquote{{[}libdefaults{]}}} settings in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} will -affect how enctypes are chosen. -\begin{description} -\item[{\sphinxstylestrong{allow\_weak\_crypto}}] \leavevmode -\sphinxAtStartPar -defaults to \sphinxstyleemphasis{false} starting with krb5\sphinxhyphen{}1.8. When \sphinxstyleemphasis{false}, removes -weak enctypes from \sphinxstylestrong{permitted\_enctypes}, -\sphinxstylestrong{default\_tkt\_enctypes}, and \sphinxstylestrong{default\_tgs\_enctypes}. Do not -set this to \sphinxstyleemphasis{true} unless the use of weak enctypes is an -acceptable risk for your environment and the weak enctypes are -required for backward compatibility. - -\item[{\sphinxstylestrong{allow\_des3}}] \leavevmode -\sphinxAtStartPar -was added in release 1.21 and defaults to \sphinxstyleemphasis{false}. Unless this -flag is set to \sphinxstyleemphasis{true}, the KDC will not issue tickets with -des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 session keys. In a future release, this flag will -control whether des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 is permitted in similar fashion to -weak enctypes. - -\item[{\sphinxstylestrong{allow\_rc4}}] \leavevmode -\sphinxAtStartPar -was added in release 1.21 and defaults to \sphinxstyleemphasis{false}. Unless this -flag is set to \sphinxstyleemphasis{true}, the KDC will not issue tickets with -arcfour\sphinxhyphen{}hmac session keys. In a future release, this flag will -control whether arcfour\sphinxhyphen{}hmac is permitted in similar fashion to -weak enctypes. - -\item[{\sphinxstylestrong{permitted\_enctypes}}] \leavevmode -\sphinxAtStartPar -controls the set of enctypes that a service will permit for -session keys and for ticket and authenticator encryption. The KDC -and other programs that access the Kerberos database will ignore -keys of non\sphinxhyphen{}permitted enctypes. Starting in release 1.18, this -setting also acts as the default for \sphinxstylestrong{default\_tkt\_enctypes} and -\sphinxstylestrong{default\_tgs\_enctypes}. - -\item[{\sphinxstylestrong{default\_tkt\_enctypes}}] \leavevmode -\sphinxAtStartPar -controls the default set of enctypes that the Kerberos client -library requests when making an AS\sphinxhyphen{}REQ. Do not set this unless -required for specific backward compatibility purposes; stale -values of this setting can prevent clients from taking advantage -of new stronger enctypes when the libraries are upgraded. - -\item[{\sphinxstylestrong{default\_tgs\_enctypes}}] \leavevmode -\sphinxAtStartPar -controls the default set of enctypes that the Kerberos client -library requests when making a TGS\sphinxhyphen{}REQ. Do not set this unless -required for specific backward compatibility purposes; stale -values of this setting can prevent clients from taking advantage -of new stronger enctypes when the libraries are upgraded. - -\end{description} - -\sphinxAtStartPar -The following per\sphinxhyphen{}realm setting in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} affects the -generation of long\sphinxhyphen{}term keys. -\begin{description} -\item[{\sphinxstylestrong{supported\_enctypes}}] \leavevmode -\sphinxAtStartPar -controls the default set of enctype\sphinxhyphen{}salttype pairs that {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} -will use for generating long\sphinxhyphen{}term keys, either randomly or from -passwords - -\end{description} - - -\section{Enctype compatibility} -\label{\detokenize{admin/enctypes:enctype-compatibility}} -\sphinxAtStartPar -See {\hyperref[\detokenize{admin/conf_files/kdc_conf:encryption-types}]{\sphinxcrossref{\DUrole{std,std-ref}{Encryption types}}}} for additional information about enctypes. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|T|T|} -\hline -\sphinxstyletheadfamily -\sphinxAtStartPar -enctype -&\sphinxstyletheadfamily -\sphinxAtStartPar -weak? -&\sphinxstyletheadfamily -\sphinxAtStartPar -krb5 -&\sphinxstyletheadfamily -\sphinxAtStartPar -Windows -\\ -\hline -\sphinxAtStartPar -des\sphinxhyphen{}cbc\sphinxhyphen{}crc -& -\sphinxAtStartPar -weak -& -\sphinxAtStartPar -\textless{}1.18 -& -\sphinxAtStartPar -\textgreater{}=2000 -\\ -\hline -\sphinxAtStartPar -des\sphinxhyphen{}cbc\sphinxhyphen{}md4 -& -\sphinxAtStartPar -weak -& -\sphinxAtStartPar -\textless{}1.18 -& -\sphinxAtStartPar -? -\\ -\hline -\sphinxAtStartPar -des\sphinxhyphen{}cbc\sphinxhyphen{}md5 -& -\sphinxAtStartPar -weak -& -\sphinxAtStartPar -\textless{}1.18 -& -\sphinxAtStartPar -\textgreater{}=2000 -\\ -\hline -\sphinxAtStartPar -des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 -& -\sphinxAtStartPar -deprecated -& -\sphinxAtStartPar -\textgreater{}=1.1 -& -\sphinxAtStartPar -none -\\ -\hline -\sphinxAtStartPar -arcfour\sphinxhyphen{}hmac -& -\sphinxAtStartPar -deprecated -& -\sphinxAtStartPar -\textgreater{}=1.3 -& -\sphinxAtStartPar -\textgreater{}=2000 -\\ -\hline -\sphinxAtStartPar -arcfour\sphinxhyphen{}hmac\sphinxhyphen{}exp -& -\sphinxAtStartPar -weak -& -\sphinxAtStartPar -\textgreater{}=1.3 -& -\sphinxAtStartPar -\textgreater{}=2000 -\\ -\hline -\sphinxAtStartPar -aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 -&& -\sphinxAtStartPar -\textgreater{}=1.3 -& -\sphinxAtStartPar -\textgreater{}=Vista -\\ -\hline -\sphinxAtStartPar -aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 -&& -\sphinxAtStartPar -\textgreater{}=1.3 -& -\sphinxAtStartPar -\textgreater{}=Vista -\\ -\hline -\sphinxAtStartPar -aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha256\sphinxhyphen{}128 -&& -\sphinxAtStartPar -\textgreater{}=1.15 -& -\sphinxAtStartPar -none -\\ -\hline -\sphinxAtStartPar -aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha384\sphinxhyphen{}192 -&& -\sphinxAtStartPar -\textgreater{}=1.15 -& -\sphinxAtStartPar -none -\\ -\hline -\sphinxAtStartPar -camellia128\sphinxhyphen{}cts\sphinxhyphen{}cmac -&& -\sphinxAtStartPar -\textgreater{}=1.9 -& -\sphinxAtStartPar -none -\\ -\hline -\sphinxAtStartPar -camellia256\sphinxhyphen{}cts\sphinxhyphen{}cmac -&& -\sphinxAtStartPar -\textgreater{}=1.9 -& -\sphinxAtStartPar -none -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - -\sphinxAtStartPar -krb5 releases 1.18 and later do not support single\sphinxhyphen{}DES. krb5 releases -1.8 and later disable the single\sphinxhyphen{}DES enctypes by default. Microsoft -Windows releases Windows 7 and later disable single\sphinxhyphen{}DES enctypes by -default. - -\sphinxAtStartPar -krb5 releases 1.17 and later flag deprecated encryption types -(including \sphinxcode{\sphinxupquote{des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1}} and \sphinxcode{\sphinxupquote{arcfour\sphinxhyphen{}hmac}}) in KDC logs and -kadmin output. krb5 release 1.19 issues a warning during initial -authentication if \sphinxcode{\sphinxupquote{des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1}} is used. Future releases will -disable \sphinxcode{\sphinxupquote{des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1}} by default and eventually remove support for -it. - - -\section{Migrating away from older encryption types} -\label{\detokenize{admin/enctypes:migrating-away-from-older-encryption-types}} -\sphinxAtStartPar -Administrator intervention may be required to migrate a realm away -from legacy encryption types, especially if the realm was created -using krb5 release 1.2 or earlier. This migration should be performed -before upgrading to krb5 versions which disable or remove support for -legacy encryption types. - -\sphinxAtStartPar -If there is a \sphinxstylestrong{supported\_enctypes} setting in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} on -the KDC, make sure that it does not include weak or deprecated -encryption types. This will ensure that newly created keys do not use -those encryption types by default. - -\sphinxAtStartPar -Check the \sphinxcode{\sphinxupquote{krbtgt/REALM}} principal using the {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} -\sphinxstylestrong{getprinc} command. If it lists a weak or deprecated encryption -type as the first key, it must be migrated using the procedure in -{\hyperref[\detokenize{admin/database:changing-krbtgt-key}]{\sphinxcrossref{\DUrole{std,std-ref}{Changing the krbtgt key}}}}. - -\sphinxAtStartPar -Check the \sphinxcode{\sphinxupquote{kadmin/history}} principal, which should have only one key -entry. If it uses a weak or deprecated encryption type, it should be -upgraded following the notes in {\hyperref[\detokenize{admin/database:updating-history-key}]{\sphinxcrossref{\DUrole{std,std-ref}{Updating the history key}}}}. - -\sphinxAtStartPar -Check the other kadmin principals: kadmin/changepw, kadmin/admin, and -any kadmin/hostname principals that may exist. These principals can -be upgraded with \sphinxstylestrong{change\_password \sphinxhyphen{}randkey} in kadmin. - -\sphinxAtStartPar -Check the \sphinxcode{\sphinxupquote{K/M}} entry. If it uses a weak or deprecated encryption -type, it should be upgraded following the procedure in -{\hyperref[\detokenize{admin/database:updating-master-key}]{\sphinxcrossref{\DUrole{std,std-ref}{Updating the master key}}}}. - -\sphinxAtStartPar -User and service principals using legacy encryption types can be -enumerated with the {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} \sphinxstylestrong{tabdump keyinfo} command. - -\sphinxAtStartPar -Service principals can be migrated with a keytab rotation on the -service host, which can be accomplished using the {\hyperref[\detokenize{admin/admin_commands/k5srvutil:k5srvutil-1}]{\sphinxcrossref{\DUrole{std,std-ref}{k5srvutil}}}} -\sphinxstylestrong{change} and \sphinxstylestrong{delold} commands. Allow enough time for existing -tickets to expire between the change and delold operations. - -\sphinxAtStartPar -User principals with password\sphinxhyphen{}based keys can be migrated with a -password change. The realm administrator can set a password -expiration date using the {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} \sphinxstylestrong{modify\_principal -\sphinxhyphen{}pwexpire} command to force a password change. - -\sphinxAtStartPar -If a legacy encryption type has not yet been disabled by default in -the version of krb5 running on the KDC, it can be disabled -administratively with the \sphinxstylestrong{permitted\_enctypes} variable. For -example, setting \sphinxstylestrong{permitted\_enctypes} to \sphinxcode{\sphinxupquote{DEFAULT \sphinxhyphen{}des3 \sphinxhyphen{}rc4}} will -cause any database keys of the triple\sphinxhyphen{}DES and RC4 encryption types to -be ignored. - - -\chapter{HTTPS proxy configuration} -\label{\detokenize{admin/https:https-proxy-configuration}}\label{\detokenize{admin/https:https}}\label{\detokenize{admin/https::doc}} -\sphinxAtStartPar -In addition to being able to use UDP or TCP to communicate directly -with a KDC as is outlined in RFC4120, and with kpasswd services in a -similar fashion, the client libraries can attempt to use an HTTPS -proxy server to communicate with a KDC or kpasswd service, using the -protocol outlined in {[}MS\sphinxhyphen{}KKDCP{]}. - -\sphinxAtStartPar -Communicating with a KDC through an HTTPS proxy allows clients to -contact servers when network firewalls might otherwise prevent them -from doing so. The use of TLS also encrypts all traffic between the -clients and the KDC, preventing observers from conducting password -dictionary attacks or from observing the client and server principals -being authenticated, at additional computational cost to both clients -and servers. - -\sphinxAtStartPar -An HTTPS proxy server is provided as a feature in some versions of -Microsoft Windows Server, and a WSGI implementation named \sphinxtitleref{kdcproxy} -is available in the python package index. - - -\section{Configuring the clients} -\label{\detokenize{admin/https:configuring-the-clients}} -\sphinxAtStartPar -To use an HTTPS proxy, a client host must trust the CA which issued -that proxy’s SSL certificate. If that CA’s certificate is not in the -system\sphinxhyphen{}wide default set of trusted certificates, configure the -following relation in the client host’s {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} file in -the appropriate {\hyperref[\detokenize{admin/conf_files/krb5_conf:realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} subsection: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{http\PYGZus{}anchors} \PYG{o}{=} \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{/}\PYG{n}{cacert}\PYG{o}{.}\PYG{n}{pem} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Adjust the pathname to match the path of the file which contains a -copy of the CA’s certificate. The \sphinxtitleref{http\_anchors} option is documented -more fully in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. - -\sphinxAtStartPar -Configure the client to access the KDC and kpasswd service by -specifying their locations in its {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} file in the form -of HTTPS URLs for the proxy server: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kdc} \PYG{o}{=} \PYG{n}{https}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{server}\PYG{o}{.}\PYG{n}{fqdn}\PYG{o}{/}\PYG{n}{KdcProxy} -\PYG{n}{kpasswd\PYGZus{}server} \PYG{o}{=} \PYG{n}{https}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{server}\PYG{o}{.}\PYG{n}{fqdn}\PYG{o}{/}\PYG{n}{KdcProxy} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the proxy and client are properly configured, client commands such -as \sphinxcode{\sphinxupquote{kinit}}, \sphinxcode{\sphinxupquote{kvno}}, and \sphinxcode{\sphinxupquote{kpasswd}} should all function normally. - - -\chapter{Authentication indicators} -\label{\detokenize{admin/auth_indicator:authentication-indicators}}\label{\detokenize{admin/auth_indicator:auth-indicator}}\label{\detokenize{admin/auth_indicator::doc}} -\sphinxAtStartPar -As of release 1.14, the KDC can be configured to annotate tickets if -the client authenticated using a stronger preauthentication mechanism -such as {\hyperref[\detokenize{admin/pkinit:pkinit}]{\sphinxcrossref{\DUrole{std,std-ref}{PKINIT}}}} or {\hyperref[\detokenize{admin/otp:otp-preauth}]{\sphinxcrossref{\DUrole{std,std-ref}{OTP}}}}. These -annotations are called “authentication indicators.†Service -principals can be configured to require particular authentication -indicators in order to authenticate to that service. An -authentication indicator value can be any string chosen by the KDC -administrator; there are no pre\sphinxhyphen{}set values. - -\sphinxAtStartPar -To use authentication indicators with PKINIT or OTP, first configure -the KDC to include an indicator when that preauthentication mechanism -is used. For PKINIT, use the \sphinxstylestrong{pkinit\_indicator} variable in -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. For OTP, use the \sphinxstylestrong{indicator} variable in the -token type definition, or specify the indicators in the \sphinxstylestrong{otp} user -string as described in {\hyperref[\detokenize{admin/otp:otp-preauth}]{\sphinxcrossref{\DUrole{std,std-ref}{OTP Preauthentication}}}}. - -\sphinxAtStartPar -To require an indicator to be present in order to authenticate to a -service principal, set the \sphinxstylestrong{require\_auth} string attribute on the -principal to the indicator value to be required. If you wish to allow -one of several indicators to be accepted, you can specify multiple -indicator values separated by spaces. - -\sphinxAtStartPar -For example, a realm could be configured to set the authentication -indicator value “strong†when PKINIT is used to authenticate, using a -setting in the {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-realms}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}realms{]}}}}} subsection: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{pkinit\PYGZus{}indicator} \PYG{o}{=} \PYG{n}{strong} -\end{sphinxVerbatim} - -\sphinxAtStartPar -A service principal could be configured to require the “strong†-authentication indicator value: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kadmin setstr host/high.value.server require\PYGZus{}auth strong -Password for user/admin@KRBTEST.COM: -\end{sphinxVerbatim} - -\sphinxAtStartPar -A user who authenticates with PKINIT would be able to obtain a ticket -for the service principal: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kinit \PYGZhy{}X X509\PYGZus{}user\PYGZus{}identity=FILE:/my/cert.pem,/my/key.pem user -\PYGZdl{} kvno host/high.value.server -host/high.value.server@KRBTEST.COM: kvno = 1 -\end{sphinxVerbatim} - -\sphinxAtStartPar -but a user who authenticates with a password would not: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kinit user -Password for user@KRBTEST.COM: -\PYGZdl{} kvno host/high.value.server -kvno: KDC policy rejects request while getting credentials for - host/high.value.server@KRBTEST.COM -\end{sphinxVerbatim} - -\sphinxAtStartPar -GSSAPI server applications can inspect authentication indicators -through the \DUrole{xref,std,std-ref}{auth\sphinxhyphen{}indicators} name -attribute. - - -\chapter{Administration programs} -\label{\detokenize{admin/admin_commands/index:administration-programs}}\label{\detokenize{admin/admin_commands/index::doc}} - -\section{kadmin} -\label{\detokenize{admin/admin_commands/kadmin_local:kadmin}}\label{\detokenize{admin/admin_commands/kadmin_local:kadmin-1}}\label{\detokenize{admin/admin_commands/kadmin_local::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/kadmin_local:synopsis}}\phantomsection\label{\detokenize{admin/admin_commands/kadmin_local:kadmin-synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kadmin} -{[}\sphinxstylestrong{\sphinxhyphen{}O}|\sphinxstylestrong{\sphinxhyphen{}N}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{principal}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}q} \sphinxstyleemphasis{query}{]} -{[}{[}\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{cache\_name}{]}|{[}\sphinxstylestrong{\sphinxhyphen{}k} {[}\sphinxstylestrong{\sphinxhyphen{}t} \sphinxstyleemphasis{keytab}{]}{]}|\sphinxstylestrong{\sphinxhyphen{}n}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}w} \sphinxstyleemphasis{password}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}s} \sphinxstyleemphasis{admin\_server}{[}:\sphinxstyleemphasis{port}{]}{]} -{[}command args…{]} - -\sphinxAtStartPar -\sphinxstylestrong{kadmin.local} -{[}\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{principal}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}q} \sphinxstyleemphasis{query}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}d} \sphinxstyleemphasis{dbname}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{enc}:\sphinxstyleemphasis{salt} …{]} -{[}\sphinxstylestrong{\sphinxhyphen{}m}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}x} \sphinxstyleemphasis{db\_args}{]} -{[}command args…{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/kadmin_local:description}} -\sphinxAtStartPar -kadmin and kadmin.local are command\sphinxhyphen{}line interfaces to the Kerberos V5 -administration system. They provide nearly identical functionalities; -the difference is that kadmin.local directly accesses the KDC -database, while kadmin performs operations using {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}}. -Except as explicitly noted otherwise, this man page will use “kadmin†-to refer to both versions. kadmin provides for the maintenance of -Kerberos principals, password policies, and service key tables -(keytabs). - -\sphinxAtStartPar -The remote kadmin client uses Kerberos to authenticate to kadmind -using the service principal \sphinxcode{\sphinxupquote{kadmin/admin}} or \sphinxcode{\sphinxupquote{kadmin/ADMINHOST}} -(where \sphinxstyleemphasis{ADMINHOST} is the fully\sphinxhyphen{}qualified hostname of the admin -server). If the credentials cache contains a ticket for one of these -principals, and the \sphinxstylestrong{\sphinxhyphen{}c} credentials\_cache option is specified, that -ticket is used to authenticate to kadmind. Otherwise, the \sphinxstylestrong{\sphinxhyphen{}p} and -\sphinxstylestrong{\sphinxhyphen{}k} options are used to specify the client Kerberos principal name -used to authenticate. Once kadmin has determined the principal name, -it requests a service ticket from the KDC, and uses that service -ticket to authenticate to kadmind. - -\sphinxAtStartPar -Since kadmin.local directly accesses the KDC database, it usually must -be run directly on the primary KDC with sufficient permissions to read -the KDC database. If the KDC database uses the LDAP database module, -kadmin.local can be run on any host which can access the LDAP server. - - -\subsection{OPTIONS} -\label{\detokenize{admin/admin_commands/kadmin_local:options}}\phantomsection\label{\detokenize{admin/admin_commands/kadmin_local:kadmin-options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}}] \leavevmode -\sphinxAtStartPar -Use \sphinxstyleemphasis{realm} as the default database realm. - -\item[{\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{principal}}] \leavevmode -\sphinxAtStartPar -Use \sphinxstyleemphasis{principal} to authenticate. Otherwise, kadmin will append -\sphinxcode{\sphinxupquote{/admin}} to the primary principal name of the default ccache, -the value of the \sphinxstylestrong{USER} environment variable, or the username as -obtained with getpwuid, in order of preference. - -\item[{\sphinxstylestrong{\sphinxhyphen{}k}}] \leavevmode -\sphinxAtStartPar -Use a keytab to decrypt the KDC response instead of prompting for -a password. In this case, the default principal will be -\sphinxcode{\sphinxupquote{host/hostname}}. If there is no keytab specified with the -\sphinxstylestrong{\sphinxhyphen{}t} option, then the default keytab will be used. - -\item[{\sphinxstylestrong{\sphinxhyphen{}t} \sphinxstyleemphasis{keytab}}] \leavevmode -\sphinxAtStartPar -Use \sphinxstyleemphasis{keytab} to decrypt the KDC response. This can only be used -with the \sphinxstylestrong{\sphinxhyphen{}k} option. - -\item[{\sphinxstylestrong{\sphinxhyphen{}n}}] \leavevmode -\sphinxAtStartPar -Requests anonymous processing. Two types of anonymous principals -are supported. For fully anonymous Kerberos, configure PKINIT on -the KDC and configure \sphinxstylestrong{pkinit\_anchors} in the client’s -{\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. Then use the \sphinxstylestrong{\sphinxhyphen{}n} option with a principal -of the form \sphinxcode{\sphinxupquote{@REALM}} (an empty principal name followed by the -at\sphinxhyphen{}sign and a realm name). If permitted by the KDC, an anonymous -ticket will be returned. A second form of anonymous tickets is -supported; these realm\sphinxhyphen{}exposed tickets hide the identity of the -client but not the client’s realm. For this mode, use \sphinxcode{\sphinxupquote{kinit -\sphinxhyphen{}n}} with a normal principal name. If supported by the KDC, the -principal (but not realm) will be replaced by the anonymous -principal. As of release 1.8, the MIT Kerberos KDC only supports -fully anonymous operation. - -\item[{\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{credentials\_cache}}] \leavevmode -\sphinxAtStartPar -Use \sphinxstyleemphasis{credentials\_cache} as the credentials cache. The cache -should contain a service ticket for the \sphinxcode{\sphinxupquote{kadmin/admin}} or -\sphinxcode{\sphinxupquote{kadmin/ADMINHOST}} (where \sphinxstyleemphasis{ADMINHOST} is the fully\sphinxhyphen{}qualified -hostname of the admin server) service; it can be acquired with the -\DUrole{xref,std,std-ref}{kinit(1)} program. If this option is not specified, kadmin -requests a new service ticket from the KDC, and stores it in its -own temporary ccache. - -\item[{\sphinxstylestrong{\sphinxhyphen{}w} \sphinxstyleemphasis{password}}] \leavevmode -\sphinxAtStartPar -Use \sphinxstyleemphasis{password} instead of prompting for one. Use this option with -care, as it may expose the password to other users on the system -via the process list. - -\item[{\sphinxstylestrong{\sphinxhyphen{}q} \sphinxstyleemphasis{query}}] \leavevmode -\sphinxAtStartPar -Perform the specified query and then exit. - -\item[{\sphinxstylestrong{\sphinxhyphen{}d} \sphinxstyleemphasis{dbname}}] \leavevmode -\sphinxAtStartPar -Specifies the name of the KDC database. This option does not -apply to the LDAP database module. - -\item[{\sphinxstylestrong{\sphinxhyphen{}s} \sphinxstyleemphasis{admin\_server}{[}:\sphinxstyleemphasis{port}{]}}] \leavevmode -\sphinxAtStartPar -Specifies the admin server which kadmin should contact. - -\item[{\sphinxstylestrong{\sphinxhyphen{}m}}] \leavevmode -\sphinxAtStartPar -If using kadmin.local, prompt for the database master password -instead of reading it from a stash file. - -\item[{\sphinxstylestrong{\sphinxhyphen{}e} “\sphinxstyleemphasis{enc}:\sphinxstyleemphasis{salt} …â€}] \leavevmode -\sphinxAtStartPar -Sets the keysalt list to be used for any new keys created. See -{\hyperref[\detokenize{admin/conf_files/kdc_conf:keysalt-lists}]{\sphinxcrossref{\DUrole{std,std-ref}{Keysalt lists}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} for a list of possible -values. - -\item[{\sphinxstylestrong{\sphinxhyphen{}O}}] \leavevmode -\sphinxAtStartPar -Force use of old AUTH\_GSSAPI authentication flavor. - -\item[{\sphinxstylestrong{\sphinxhyphen{}N}}] \leavevmode -\sphinxAtStartPar -Prevent fallback to AUTH\_GSSAPI authentication flavor. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x} \sphinxstyleemphasis{db\_args}}] \leavevmode -\sphinxAtStartPar -Specifies the database specific arguments. See the next section -for supported options. - -\end{description} - -\sphinxAtStartPar -Starting with release 1.14, if any command\sphinxhyphen{}line arguments remain after -the options, they will be treated as a single query to be executed. -This mode of operation is intended for scripts and behaves differently -from the interactive mode in several respects: -\begin{itemize} -\item {} -\sphinxAtStartPar -Query arguments are split by the shell, not by kadmin. - -\item {} -\sphinxAtStartPar -Informational and warning messages are suppressed. Error messages -and query output (e.g. for \sphinxstylestrong{get\_principal}) will still be -displayed. - -\item {} -\sphinxAtStartPar -Confirmation prompts are disabled (as if \sphinxstylestrong{\sphinxhyphen{}force} was given). -Password prompts will still be issued as required. - -\item {} -\sphinxAtStartPar -The exit status will be non\sphinxhyphen{}zero if the query fails. - -\end{itemize} - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}q} option does not carry these behavior differences; the query -will be processed as if it was entered interactively. The \sphinxstylestrong{\sphinxhyphen{}q} -option cannot be used in combination with a query in the remaining -arguments. - - -\subsection{DATABASE OPTIONS} -\label{\detokenize{admin/admin_commands/kadmin_local:database-options}}\label{\detokenize{admin/admin_commands/kadmin_local:dboptions}} -\sphinxAtStartPar -Database options can be used to override database\sphinxhyphen{}specific defaults. -Supported options for the DB2 module are: -\begin{quote} -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}x dbname=}*filename*}] \leavevmode -\sphinxAtStartPar -Specifies the base filename of the DB2 database. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x lockiter}}] \leavevmode -\sphinxAtStartPar -Make iteration operations hold the lock for the duration of -the entire operation, rather than temporarily releasing the -lock while handling each principal. This is the default -behavior, but this option exists to allow command line -override of a {[}dbmodules{]} setting. First introduced in -release 1.13. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x unlockiter}}] \leavevmode -\sphinxAtStartPar -Make iteration operations unlock the database for each -principal, instead of holding the lock for the duration of the -entire operation. First introduced in release 1.13. - -\end{description} -\end{quote} - -\sphinxAtStartPar -Supported options for the LDAP module are: -\begin{quote} -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}x host=}\sphinxstyleemphasis{ldapuri}}] \leavevmode -\sphinxAtStartPar -Specifies the LDAP server to connect to by a LDAP URI. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x binddn=}\sphinxstyleemphasis{bind\_dn}}] \leavevmode -\sphinxAtStartPar -Specifies the DN used to bind to the LDAP server. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x bindpwd=}\sphinxstyleemphasis{password}}] \leavevmode -\sphinxAtStartPar -Specifies the password or SASL secret used to bind to the LDAP -server. Using this option may expose the password to other -users on the system via the process list; to avoid this, -instead stash the password using the \sphinxstylestrong{stashsrvpw} command of -{\hyperref[\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_ldap\_util}}}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x sasl\_mech=}\sphinxstyleemphasis{mechanism}}] \leavevmode -\sphinxAtStartPar -Specifies the SASL mechanism used to bind to the LDAP server. -The bind DN is ignored if a SASL mechanism is used. New in -release 1.13. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x sasl\_authcid=}\sphinxstyleemphasis{name}}] \leavevmode -\sphinxAtStartPar -Specifies the authentication name used when binding to the -LDAP server with a SASL mechanism, if the mechanism requires -one. New in release 1.13. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x sasl\_authzid=}\sphinxstyleemphasis{name}}] \leavevmode -\sphinxAtStartPar -Specifies the authorization name used when binding to the LDAP -server with a SASL mechanism. New in release 1.13. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x sasl\_realm=}\sphinxstyleemphasis{realm}}] \leavevmode -\sphinxAtStartPar -Specifies the realm used when binding to the LDAP server with -a SASL mechanism, if the mechanism uses one. New in release -1.13. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x debug=}\sphinxstyleemphasis{level}}] \leavevmode -\sphinxAtStartPar -sets the OpenLDAP client library debug level. \sphinxstyleemphasis{level} is an -integer to be interpreted by the library. Debugging messages -are printed to standard error. New in release 1.12. - -\end{description} -\end{quote} - - -\subsection{COMMANDS} -\label{\detokenize{admin/admin_commands/kadmin_local:commands}} -\sphinxAtStartPar -When using the remote client, available commands may be restricted -according to the privileges specified in the {\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}} file -on the admin server. - - -\subsubsection{add\_principal} -\label{\detokenize{admin/admin_commands/kadmin_local:add-principal}}\label{\detokenize{admin/admin_commands/kadmin_local:id1}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{add\_principal} {[}\sphinxstyleemphasis{options}{]} \sphinxstyleemphasis{newprinc} -\end{quote} - -\sphinxAtStartPar -Creates the principal \sphinxstyleemphasis{newprinc}, prompting twice for a password. If -no password policy is specified with the \sphinxstylestrong{\sphinxhyphen{}policy} option, and the -policy named \sphinxcode{\sphinxupquote{default}} is assigned to the principal if it exists. -However, creating a policy named \sphinxcode{\sphinxupquote{default}} will not automatically -assign this policy to previously existing principals. This policy -assignment can be suppressed with the \sphinxstylestrong{\sphinxhyphen{}clearpolicy} option. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{add} privilege. - -\sphinxAtStartPar -Aliases: \sphinxstylestrong{addprinc}, \sphinxstylestrong{ank} - -\sphinxAtStartPar -Options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}expire} \sphinxstyleemphasis{expdate}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{getdate} string) The expiration date of the principal. - -\item[{\sphinxstylestrong{\sphinxhyphen{}pwexpire} \sphinxstyleemphasis{pwexpdate}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{getdate} string) The password expiration date. - -\item[{\sphinxstylestrong{\sphinxhyphen{}maxlife} \sphinxstyleemphasis{maxlife}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} or \DUrole{xref,std,std-ref}{getdate} string) The maximum ticket life -for the principal. - -\item[{\sphinxstylestrong{\sphinxhyphen{}maxrenewlife} \sphinxstyleemphasis{maxrenewlife}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} or \DUrole{xref,std,std-ref}{getdate} string) The maximum renewable -life of tickets for the principal. - -\item[{\sphinxstylestrong{\sphinxhyphen{}kvno} \sphinxstyleemphasis{kvno}}] \leavevmode -\sphinxAtStartPar -The initial key version number. - -\item[{\sphinxstylestrong{\sphinxhyphen{}policy} \sphinxstyleemphasis{policy}}] \leavevmode -\sphinxAtStartPar -The password policy used by this principal. If not specified, the -policy \sphinxcode{\sphinxupquote{default}} is used if it exists (unless \sphinxstylestrong{\sphinxhyphen{}clearpolicy} -is specified). - -\item[{\sphinxstylestrong{\sphinxhyphen{}clearpolicy}}] \leavevmode -\sphinxAtStartPar -Prevents any policy from being assigned when \sphinxstylestrong{\sphinxhyphen{}policy} is not -specified. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{allow\_postdated}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}allow\_postdated} prohibits this principal from obtaining -postdated tickets. \sphinxstylestrong{+allow\_postdated} clears this flag. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{allow\_forwardable}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}allow\_forwardable} prohibits this principal from obtaining -forwardable tickets. \sphinxstylestrong{+allow\_forwardable} clears this flag. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{allow\_renewable}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}allow\_renewable} prohibits this principal from obtaining -renewable tickets. \sphinxstylestrong{+allow\_renewable} clears this flag. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{allow\_proxiable}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}allow\_proxiable} prohibits this principal from obtaining -proxiable tickets. \sphinxstylestrong{+allow\_proxiable} clears this flag. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{allow\_dup\_skey}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}allow\_dup\_skey} disables user\sphinxhyphen{}to\sphinxhyphen{}user authentication for this -principal by prohibiting others from obtaining a service ticket -encrypted in this principal’s TGT session key. -\sphinxstylestrong{+allow\_dup\_skey} clears this flag. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{requires\_preauth}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{+requires\_preauth} requires this principal to preauthenticate -before being allowed to kinit. \sphinxstylestrong{\sphinxhyphen{}requires\_preauth} clears this -flag. When \sphinxstylestrong{+requires\_preauth} is set on a service principal, -the KDC will only issue service tickets for that service principal -if the client’s initial authentication was performed using -preauthentication. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{requires\_hwauth}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{+requires\_hwauth} requires this principal to preauthenticate -using a hardware device before being allowed to kinit. -\sphinxstylestrong{\sphinxhyphen{}requires\_hwauth} clears this flag. When \sphinxstylestrong{+requires\_hwauth} is -set on a service principal, the KDC will only issue service tickets -for that service principal if the client’s initial authentication was -performed using a hardware device to preauthenticate. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{ok\_as\_delegate}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{+ok\_as\_delegate} sets the \sphinxstylestrong{okay as delegate} flag on tickets -issued with this principal as the service. Clients may use this -flag as a hint that credentials should be delegated when -authenticating to the service. \sphinxstylestrong{\sphinxhyphen{}ok\_as\_delegate} clears this -flag. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{allow\_svr}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}allow\_svr} prohibits the issuance of service tickets for this -principal. In release 1.17 and later, user\sphinxhyphen{}to\sphinxhyphen{}user service -tickets are still allowed unless the \sphinxstylestrong{\sphinxhyphen{}allow\_dup\_skey} flag is -also set. \sphinxstylestrong{+allow\_svr} clears this flag. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{allow\_tgs\_req}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}allow\_tgs\_req} specifies that a Ticket\sphinxhyphen{}Granting Service (TGS) -request for a service ticket for this principal is not permitted. -\sphinxstylestrong{+allow\_tgs\_req} clears this flag. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{allow\_tix}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}allow\_tix} forbids the issuance of any tickets for this -principal. \sphinxstylestrong{+allow\_tix} clears this flag. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{needchange}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{+needchange} forces a password change on the next initial -authentication to this principal. \sphinxstylestrong{\sphinxhyphen{}needchange} clears this -flag. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{password\_changing\_service}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{+password\_changing\_service} marks this principal as a password -change service principal. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{ok\_to\_auth\_as\_delegate}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{+ok\_to\_auth\_as\_delegate} allows this principal to acquire -forwardable tickets to itself from arbitrary users, for use with -constrained delegation. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{no\_auth\_data\_required}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{+no\_auth\_data\_required} prevents PAC or AD\sphinxhyphen{}SIGNEDPATH data from -being added to service tickets for the principal. - -\item[{\{\sphinxhyphen{}|+\}\sphinxstylestrong{lockdown\_keys}}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{+lockdown\_keys} prevents keys for this principal from leaving -the KDC via kadmind. The chpass and extract operations are denied -for a principal with this attribute. The chrand operation is -allowed, but will not return the new keys. The delete and rename -operations are also denied if this attribute is set, in order to -prevent a malicious administrator from replacing principals like -krbtgt/* or kadmin/* with new principals without the attribute. -This attribute can be set via the network protocol, but can only -be removed using kadmin.local. - -\item[{\sphinxstylestrong{\sphinxhyphen{}randkey}}] \leavevmode -\sphinxAtStartPar -Sets the key of the principal to a random value. - -\item[{\sphinxstylestrong{\sphinxhyphen{}nokey}}] \leavevmode -\sphinxAtStartPar -Causes the principal to be created with no key. New in release -1.12. - -\item[{\sphinxstylestrong{\sphinxhyphen{}pw} \sphinxstyleemphasis{password}}] \leavevmode -\sphinxAtStartPar -Sets the password of the principal to the specified string and -does not prompt for a password. Note: using this option in a -shell script may expose the password to other users on the system -via the process list. - -\item[{\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{enc}:\sphinxstyleemphasis{salt},…}] \leavevmode -\sphinxAtStartPar -Uses the specified keysalt list for setting the keys of the -principal. See {\hyperref[\detokenize{admin/conf_files/kdc_conf:keysalt-lists}]{\sphinxcrossref{\DUrole{std,std-ref}{Keysalt lists}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} for a -list of possible values. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x} \sphinxstyleemphasis{db\_princ\_args}}] \leavevmode -\sphinxAtStartPar -Indicates database\sphinxhyphen{}specific options. The options for the LDAP -database module are: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}x dn=}\sphinxstyleemphasis{dn}}] \leavevmode -\sphinxAtStartPar -Specifies the LDAP object that will contain the Kerberos -principal being created. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x linkdn=}\sphinxstyleemphasis{dn}}] \leavevmode -\sphinxAtStartPar -Specifies the LDAP object to which the newly created Kerberos -principal object will point. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x containerdn=}\sphinxstyleemphasis{container\_dn}}] \leavevmode -\sphinxAtStartPar -Specifies the container object under which the Kerberos -principal is to be created. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x tktpolicy=}\sphinxstyleemphasis{policy}}] \leavevmode -\sphinxAtStartPar -Associates a ticket policy to the Kerberos principal. - -\end{description} - -\begin{sphinxadmonition}{note}{Note:}\begin{itemize} -\item {} -\sphinxAtStartPar -The \sphinxstylestrong{containerdn} and \sphinxstylestrong{linkdn} options cannot be -specified with the \sphinxstylestrong{dn} option. - -\item {} -\sphinxAtStartPar -If the \sphinxstyleemphasis{dn} or \sphinxstyleemphasis{containerdn} options are not specified while -adding the principal, the principals are created under the -principal container configured in the realm or the realm -container. - -\item {} -\sphinxAtStartPar -\sphinxstyleemphasis{dn} and \sphinxstyleemphasis{containerdn} should be within the subtrees or -principal container configured in the realm. - -\end{itemize} -\end{sphinxadmonition} - -\end{description} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{addprinc} \PYG{n}{jennifer} -\PYG{n}{No} \PYG{n}{policy} \PYG{n}{specified} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{jennifer@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} -\PYG{n}{defaulting} \PYG{n}{to} \PYG{n}{no} \PYG{n}{policy}\PYG{o}{.} -\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} -\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} -\PYG{n}{Principal} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{jennifer@ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{created}\PYG{o}{.} -\PYG{n}{kadmin}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{modify\_principal} -\label{\detokenize{admin/admin_commands/kadmin_local:modify-principal}}\label{\detokenize{admin/admin_commands/kadmin_local:id2}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{modify\_principal} {[}\sphinxstyleemphasis{options}{]} \sphinxstyleemphasis{principal} -\end{quote} - -\sphinxAtStartPar -Modifies the specified principal, changing the fields as specified. -The options to \sphinxstylestrong{add\_principal} also apply to this command, except -for the \sphinxstylestrong{\sphinxhyphen{}randkey}, \sphinxstylestrong{\sphinxhyphen{}pw}, and \sphinxstylestrong{\sphinxhyphen{}e} options. In addition, the -option \sphinxstylestrong{\sphinxhyphen{}clearpolicy} will clear the current policy of a principal. - -\sphinxAtStartPar -This command requires the \sphinxstyleemphasis{modify} privilege. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{modprinc} - -\sphinxAtStartPar -Options (in addition to the \sphinxstylestrong{addprinc} options): -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}unlock}}] \leavevmode -\sphinxAtStartPar -Unlocks a locked principal (one which has received too many failed -authentication attempts without enough time between them according -to its password policy) so that it can successfully authenticate. - -\end{description} - - -\subsubsection{rename\_principal} -\label{\detokenize{admin/admin_commands/kadmin_local:rename-principal}}\label{\detokenize{admin/admin_commands/kadmin_local:id3}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{rename\_principal} {[}\sphinxstylestrong{\sphinxhyphen{}force}{]} \sphinxstyleemphasis{old\_principal} \sphinxstyleemphasis{new\_principal} -\end{quote} - -\sphinxAtStartPar -Renames the specified \sphinxstyleemphasis{old\_principal} to \sphinxstyleemphasis{new\_principal}. This -command prompts for confirmation, unless the \sphinxstylestrong{\sphinxhyphen{}force} option is -given. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{add} and \sphinxstylestrong{delete} privileges. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{renprinc} - - -\subsubsection{delete\_principal} -\label{\detokenize{admin/admin_commands/kadmin_local:delete-principal}}\label{\detokenize{admin/admin_commands/kadmin_local:id4}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{delete\_principal} {[}\sphinxstylestrong{\sphinxhyphen{}force}{]} \sphinxstyleemphasis{principal} -\end{quote} - -\sphinxAtStartPar -Deletes the specified \sphinxstyleemphasis{principal} from the database. This command -prompts for deletion, unless the \sphinxstylestrong{\sphinxhyphen{}force} option is given. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{delete} privilege. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{delprinc} - - -\subsubsection{change\_password} -\label{\detokenize{admin/admin_commands/kadmin_local:change-password}}\label{\detokenize{admin/admin_commands/kadmin_local:id5}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{change\_password} {[}\sphinxstyleemphasis{options}{]} \sphinxstyleemphasis{principal} -\end{quote} - -\sphinxAtStartPar -Changes the password of \sphinxstyleemphasis{principal}. Prompts for a new password if -neither \sphinxstylestrong{\sphinxhyphen{}randkey} or \sphinxstylestrong{\sphinxhyphen{}pw} is specified. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{changepw} privilege, or that the -principal running the program is the same as the principal being -changed. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{cpw} - -\sphinxAtStartPar -The following options are available: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}randkey}}] \leavevmode -\sphinxAtStartPar -Sets the key of the principal to a random value. - -\item[{\sphinxstylestrong{\sphinxhyphen{}pw} \sphinxstyleemphasis{password}}] \leavevmode -\sphinxAtStartPar -Set the password to the specified string. Using this option in a -script may expose the password to other users on the system via -the process list. - -\item[{\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{enc}:\sphinxstyleemphasis{salt},…}] \leavevmode -\sphinxAtStartPar -Uses the specified keysalt list for setting the keys of the -principal. See {\hyperref[\detokenize{admin/conf_files/kdc_conf:keysalt-lists}]{\sphinxcrossref{\DUrole{std,std-ref}{Keysalt lists}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} for a -list of possible values. - -\item[{\sphinxstylestrong{\sphinxhyphen{}keepold}}] \leavevmode -\sphinxAtStartPar -Keeps the existing keys in the database. This flag is usually not -necessary except perhaps for \sphinxcode{\sphinxupquote{krbtgt}} principals. - -\end{description} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{cpw} \PYG{n}{systest} -\PYG{n}{Enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{systest}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{:} -\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{systest}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{:} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{systest}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM} \PYG{n}{changed}\PYG{o}{.} -\PYG{n}{kadmin}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{purgekeys} -\label{\detokenize{admin/admin_commands/kadmin_local:purgekeys}}\label{\detokenize{admin/admin_commands/kadmin_local:id6}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{purgekeys} {[}\sphinxstylestrong{\sphinxhyphen{}all}|\sphinxstylestrong{\sphinxhyphen{}keepkvno} \sphinxstyleemphasis{oldest\_kvno\_to\_keep}{]} \sphinxstyleemphasis{principal} -\end{quote} - -\sphinxAtStartPar -Purges previously retained old keys (e.g., from \sphinxstylestrong{change\_password -\sphinxhyphen{}keepold}) from \sphinxstyleemphasis{principal}. If \sphinxstylestrong{\sphinxhyphen{}keepkvno} is specified, then -only purges keys with kvnos lower than \sphinxstyleemphasis{oldest\_kvno\_to\_keep}. If -\sphinxstylestrong{\sphinxhyphen{}all} is specified, then all keys are purged. The \sphinxstylestrong{\sphinxhyphen{}all} option -is new in release 1.12. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{modify} privilege. - - -\subsubsection{get\_principal} -\label{\detokenize{admin/admin_commands/kadmin_local:get-principal}}\label{\detokenize{admin/admin_commands/kadmin_local:id7}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{get\_principal} {[}\sphinxstylestrong{\sphinxhyphen{}terse}{]} \sphinxstyleemphasis{principal} -\end{quote} - -\sphinxAtStartPar -Gets the attributes of principal. With the \sphinxstylestrong{\sphinxhyphen{}terse} option, outputs -fields as quoted tab\sphinxhyphen{}separated strings. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{inquire} privilege, or that the principal -running the the program to be the same as the one being listed. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{getprinc} - -\sphinxAtStartPar -Examples: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{getprinc} \PYG{n}{tlyu}\PYG{o}{/}\PYG{n}{admin} -\PYG{n}{Principal}\PYG{p}{:} \PYG{n}{tlyu}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{Expiration} \PYG{n}{date}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]} -\PYG{n}{Last} \PYG{n}{password} \PYG{n}{change}\PYG{p}{:} \PYG{n}{Mon} \PYG{n}{Aug} \PYG{l+m+mi}{12} \PYG{l+m+mi}{14}\PYG{p}{:}\PYG{l+m+mi}{16}\PYG{p}{:}\PYG{l+m+mi}{47} \PYG{n}{EDT} \PYG{l+m+mi}{1996} -\PYG{n}{Password} \PYG{n}{expiration} \PYG{n}{date}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]} -\PYG{n}{Maximum} \PYG{n}{ticket} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{0} \PYG{n}{days} \PYG{l+m+mi}{10}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00} -\PYG{n}{Maximum} \PYG{n}{renewable} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{7} \PYG{n}{days} \PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00} -\PYG{n}{Last} \PYG{n}{modified}\PYG{p}{:} \PYG{n}{Mon} \PYG{n}{Aug} \PYG{l+m+mi}{12} \PYG{l+m+mi}{14}\PYG{p}{:}\PYG{l+m+mi}{16}\PYG{p}{:}\PYG{l+m+mi}{47} \PYG{n}{EDT} \PYG{l+m+mi}{1996} \PYG{p}{(}\PYG{n}{bjaspan}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{)} -\PYG{n}{Last} \PYG{n}{successful} \PYG{n}{authentication}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]} -\PYG{n}{Last} \PYG{n}{failed} \PYG{n}{authentication}\PYG{p}{:} \PYG{p}{[}\PYG{n}{never}\PYG{p}{]} -\PYG{n}{Failed} \PYG{n}{password} \PYG{n}{attempts}\PYG{p}{:} \PYG{l+m+mi}{0} -\PYG{n}{Number} \PYG{n}{of} \PYG{n}{keys}\PYG{p}{:} \PYG{l+m+mi}{1} -\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha384}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{192} -\PYG{n}{MKey}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1} -\PYG{n}{Attributes}\PYG{p}{:} -\PYG{n}{Policy}\PYG{p}{:} \PYG{p}{[}\PYG{n}{none}\PYG{p}{]} - -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{getprinc} \PYG{o}{\PYGZhy{}}\PYG{n}{terse} \PYG{n}{systest} -\PYG{n}{systest}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM} \PYG{l+m+mi}{3} \PYG{l+m+mi}{86400} \PYG{l+m+mi}{604800} \PYG{l+m+mi}{1} -\PYG{l+m+mi}{785926535} \PYG{l+m+mi}{753241234} \PYG{l+m+mi}{785900000} -\PYG{n}{tlyu}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM} \PYG{l+m+mi}{786100034} \PYG{l+m+mi}{0} \PYG{l+m+mi}{0} -\PYG{n}{kadmin}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{list\_principals} -\label{\detokenize{admin/admin_commands/kadmin_local:list-principals}}\label{\detokenize{admin/admin_commands/kadmin_local:id8}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{list\_principals} {[}\sphinxstyleemphasis{expression}{]} -\end{quote} - -\sphinxAtStartPar -Retrieves all or some principal names. \sphinxstyleemphasis{expression} is a shell\sphinxhyphen{}style -glob expression that can contain the wild\sphinxhyphen{}card characters \sphinxcode{\sphinxupquote{?}}, -\sphinxcode{\sphinxupquote{*}}, and \sphinxcode{\sphinxupquote{{[}{]}}}. All principal names matching the expression are -printed. If no expression is provided, all principal names are -printed. If the expression does not contain an \sphinxcode{\sphinxupquote{@}} character, an -\sphinxcode{\sphinxupquote{@}} character followed by the local realm is appended to the -expression. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{list} privilege. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{listprincs}, \sphinxstylestrong{get\_principals}, \sphinxstylestrong{getprincs} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{listprincs} \PYG{n}{test}\PYG{o}{*} -\PYG{n}{test3}\PYG{n+nd}{@SECURE}\PYG{o}{\PYGZhy{}}\PYG{n}{TEST}\PYG{o}{.}\PYG{n}{OV}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{test2}\PYG{n+nd}{@SECURE}\PYG{o}{\PYGZhy{}}\PYG{n}{TEST}\PYG{o}{.}\PYG{n}{OV}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{test1}\PYG{n+nd}{@SECURE}\PYG{o}{\PYGZhy{}}\PYG{n}{TEST}\PYG{o}{.}\PYG{n}{OV}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{testuser}\PYG{n+nd}{@SECURE}\PYG{o}{\PYGZhy{}}\PYG{n}{TEST}\PYG{o}{.}\PYG{n}{OV}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{kadmin}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{get\_strings} -\label{\detokenize{admin/admin_commands/kadmin_local:get-strings}}\label{\detokenize{admin/admin_commands/kadmin_local:id9}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{get\_strings} \sphinxstyleemphasis{principal} -\end{quote} - -\sphinxAtStartPar -Displays string attributes on \sphinxstyleemphasis{principal}. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{inquire} privilege. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{getstrs} - - -\subsubsection{set\_string} -\label{\detokenize{admin/admin_commands/kadmin_local:set-string}}\label{\detokenize{admin/admin_commands/kadmin_local:id10}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{set\_string} \sphinxstyleemphasis{principal} \sphinxstyleemphasis{name} \sphinxstyleemphasis{value} -\end{quote} - -\sphinxAtStartPar -Sets a string attribute on \sphinxstyleemphasis{principal}. String attributes are used to -supply per\sphinxhyphen{}principal configuration to the KDC and some KDC plugin -modules. The following string attribute names are recognized by the -KDC: -\begin{description} -\item[{\sphinxstylestrong{require\_auth}}] \leavevmode -\sphinxAtStartPar -Specifies an authentication indicator which is required to -authenticate to the principal as a service. Multiple indicators -can be specified, separated by spaces; in this case any of the -specified indicators will be accepted. (New in release 1.14.) - -\item[{\sphinxstylestrong{session\_enctypes}}] \leavevmode -\sphinxAtStartPar -Specifies the encryption types supported for session keys when the -principal is authenticated to as a server. See -{\hyperref[\detokenize{admin/conf_files/kdc_conf:encryption-types}]{\sphinxcrossref{\DUrole{std,std-ref}{Encryption types}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} for a list of the -accepted values. - -\item[{\sphinxstylestrong{otp}}] \leavevmode -\sphinxAtStartPar -Enables One Time Passwords (OTP) preauthentication for a client -\sphinxstyleemphasis{principal}. The \sphinxstyleemphasis{value} is a JSON string representing an array -of objects, each having optional \sphinxcode{\sphinxupquote{type}} and \sphinxcode{\sphinxupquote{username}} fields. - -\item[{\sphinxstylestrong{pkinit\_cert\_match}}] \leavevmode -\sphinxAtStartPar -Specifies a matching expression that defines the certificate -attributes required for the client certificate used by the -principal during PKINIT authentication. The matching expression -is in the same format as those used by the \sphinxstylestrong{pkinit\_cert\_match} -option in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. (New in release 1.16.) - -\item[{\sphinxstylestrong{pac\_privsvr\_enctype}}] \leavevmode -\sphinxAtStartPar -Forces the encryption type of the PAC KDC checksum buffers to the -specified encryption type for tickets issued to this server, by -deriving a key from the local krbtgt key if it is of a different -encryption type. It may be necessary to set this value to -“aes256\sphinxhyphen{}sha1†on the cross\sphinxhyphen{}realm krbtgt entry for an Active -Directory realm when using aes\sphinxhyphen{}sha2 keys on the local krbtgt -entry. - -\end{description} - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{modify} privilege. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{setstr} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{set\PYGZus{}string} \PYG{n}{host}\PYG{o}{/}\PYG{n}{foo}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{session\PYGZus{}enctypes} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts} -\PYG{n}{set\PYGZus{}string} \PYG{n}{user}\PYG{n+nd}{@FOO}\PYG{o}{.}\PYG{n}{COM} \PYG{n}{otp} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{[}\PYG{l+s+s2}{\PYGZob{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{type}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{:}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{hotp}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{,}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{username}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{:}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{al}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZcb{}]}\PYG{l+s+s2}{\PYGZdq{}} -\end{sphinxVerbatim} - - -\subsubsection{del\_string} -\label{\detokenize{admin/admin_commands/kadmin_local:del-string}}\label{\detokenize{admin/admin_commands/kadmin_local:id11}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{del\_string} \sphinxstyleemphasis{principal} \sphinxstyleemphasis{key} -\end{quote} - -\sphinxAtStartPar -Deletes a string attribute from \sphinxstyleemphasis{principal}. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{delete} privilege. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{delstr} - - -\subsubsection{add\_policy} -\label{\detokenize{admin/admin_commands/kadmin_local:add-policy}}\label{\detokenize{admin/admin_commands/kadmin_local:id12}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{add\_policy} {[}\sphinxstyleemphasis{options}{]} \sphinxstyleemphasis{policy} -\end{quote} - -\sphinxAtStartPar -Adds a password policy named \sphinxstyleemphasis{policy} to the database. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{add} privilege. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{addpol} - -\sphinxAtStartPar -The following options are available: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}maxlife} \sphinxstyleemphasis{time}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} or \DUrole{xref,std,std-ref}{getdate} string) Sets the maximum -lifetime of a password. - -\item[{\sphinxstylestrong{\sphinxhyphen{}minlife} \sphinxstyleemphasis{time}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} or \DUrole{xref,std,std-ref}{getdate} string) Sets the minimum -lifetime of a password. - -\item[{\sphinxstylestrong{\sphinxhyphen{}minlength} \sphinxstyleemphasis{length}}] \leavevmode -\sphinxAtStartPar -Sets the minimum length of a password. - -\item[{\sphinxstylestrong{\sphinxhyphen{}minclasses} \sphinxstyleemphasis{number}}] \leavevmode -\sphinxAtStartPar -Sets the minimum number of character classes required in a -password. The five character classes are lower case, upper case, -numbers, punctuation, and whitespace/unprintable characters. - -\item[{\sphinxstylestrong{\sphinxhyphen{}history} \sphinxstyleemphasis{number}}] \leavevmode -\sphinxAtStartPar -Sets the number of past keys kept for a principal. This option is -not supported with the LDAP KDC database module. - -\end{description} -\phantomsection\label{\detokenize{admin/admin_commands/kadmin_local:policy-maxfailure}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}maxfailure} \sphinxstyleemphasis{maxnumber}}] \leavevmode -\sphinxAtStartPar -Sets the number of authentication failures before the principal is -locked. Authentication failures are only tracked for principals -which require preauthentication. The counter of failed attempts -resets to 0 after a successful attempt to authenticate. A -\sphinxstyleemphasis{maxnumber} value of 0 (the default) disables lockout. - -\end{description} -\phantomsection\label{\detokenize{admin/admin_commands/kadmin_local:policy-failurecountinterval}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}failurecountinterval} \sphinxstyleemphasis{failuretime}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} or \DUrole{xref,std,std-ref}{getdate} string) Sets the allowable time -between authentication failures. If an authentication failure -happens after \sphinxstyleemphasis{failuretime} has elapsed since the previous -failure, the number of authentication failures is reset to 1. A -\sphinxstyleemphasis{failuretime} value of 0 (the default) means forever. - -\end{description} -\phantomsection\label{\detokenize{admin/admin_commands/kadmin_local:policy-lockoutduration}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}lockoutduration} \sphinxstyleemphasis{lockouttime}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} or \DUrole{xref,std,std-ref}{getdate} string) Sets the duration for -which the principal is locked from authenticating if too many -authentication failures occur without the specified failure count -interval elapsing. A duration of 0 (the default) means the -principal remains locked out until it is administratively unlocked -with \sphinxcode{\sphinxupquote{modprinc \sphinxhyphen{}unlock}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}allowedkeysalts}}] \leavevmode -\sphinxAtStartPar -Specifies the key/salt tuples supported for long\sphinxhyphen{}term keys when -setting or changing a principal’s password/keys. See -{\hyperref[\detokenize{admin/conf_files/kdc_conf:keysalt-lists}]{\sphinxcrossref{\DUrole{std,std-ref}{Keysalt lists}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} for a list of the -accepted values, but note that key/salt tuples must be separated -with commas (‘,’) only. To clear the allowed key/salt policy use -a value of ‘\sphinxhyphen{}‘. - -\end{description} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{add\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{maxlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{2 days}\PYG{l+s+s2}{\PYGZdq{}} \PYG{o}{\PYGZhy{}}\PYG{n}{minlength} \PYG{l+m+mi}{5} \PYG{n}{guests} -\PYG{n}{kadmin}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{modify\_policy} -\label{\detokenize{admin/admin_commands/kadmin_local:modify-policy}}\label{\detokenize{admin/admin_commands/kadmin_local:id13}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{modify\_policy} {[}\sphinxstyleemphasis{options}{]} \sphinxstyleemphasis{policy} -\end{quote} - -\sphinxAtStartPar -Modifies the password policy named \sphinxstyleemphasis{policy}. Options are as described -for \sphinxstylestrong{add\_policy}. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{modify} privilege. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{modpol} - - -\subsubsection{delete\_policy} -\label{\detokenize{admin/admin_commands/kadmin_local:delete-policy}}\label{\detokenize{admin/admin_commands/kadmin_local:id14}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{delete\_policy} {[}\sphinxstylestrong{\sphinxhyphen{}force}{]} \sphinxstyleemphasis{policy} -\end{quote} - -\sphinxAtStartPar -Deletes the password policy named \sphinxstyleemphasis{policy}. Prompts for confirmation -before deletion. The command will fail if the policy is in use by any -principals. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{delete} privilege. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{delpol} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -kadmin: del\PYGZus{}policy guests -Are you sure you want to delete the policy \PYGZdq{}guests\PYGZdq{}? -(yes/no): yes -kadmin: -\end{sphinxVerbatim} - - -\subsubsection{get\_policy} -\label{\detokenize{admin/admin_commands/kadmin_local:get-policy}}\label{\detokenize{admin/admin_commands/kadmin_local:id15}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{get\_policy} {[} \sphinxstylestrong{\sphinxhyphen{}terse} {]} \sphinxstyleemphasis{policy} -\end{quote} - -\sphinxAtStartPar -Displays the values of the password policy named \sphinxstyleemphasis{policy}. With the -\sphinxstylestrong{\sphinxhyphen{}terse} flag, outputs the fields as quoted strings separated by -tabs. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{inquire} privilege. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{getpol} - -\sphinxAtStartPar -Examples: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{get\PYGZus{}policy} \PYG{n}{admin} -\PYG{n}{Policy}\PYG{p}{:} \PYG{n}{admin} -\PYG{n}{Maximum} \PYG{n}{password} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{180} \PYG{n}{days} \PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00} -\PYG{n}{Minimum} \PYG{n}{password} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00} -\PYG{n}{Minimum} \PYG{n}{password} \PYG{n}{length}\PYG{p}{:} \PYG{l+m+mi}{6} -\PYG{n}{Minimum} \PYG{n}{number} \PYG{n}{of} \PYG{n}{password} \PYG{n}{character} \PYG{n}{classes}\PYG{p}{:} \PYG{l+m+mi}{2} -\PYG{n}{Number} \PYG{n}{of} \PYG{n}{old} \PYG{n}{keys} \PYG{n}{kept}\PYG{p}{:} \PYG{l+m+mi}{5} -\PYG{n}{Reference} \PYG{n}{count}\PYG{p}{:} \PYG{l+m+mi}{17} - -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{get\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{terse} \PYG{n}{admin} -\PYG{n}{admin} \PYG{l+m+mi}{15552000} \PYG{l+m+mi}{0} \PYG{l+m+mi}{6} \PYG{l+m+mi}{2} \PYG{l+m+mi}{5} \PYG{l+m+mi}{17} -\PYG{n}{kadmin}\PYG{p}{:} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The “Reference count†is the number of principals using that policy. -With the LDAP KDC database module, the reference count field is not -meaningful. - - -\subsubsection{list\_policies} -\label{\detokenize{admin/admin_commands/kadmin_local:list-policies}}\label{\detokenize{admin/admin_commands/kadmin_local:id16}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{list\_policies} {[}\sphinxstyleemphasis{expression}{]} -\end{quote} - -\sphinxAtStartPar -Retrieves all or some policy names. \sphinxstyleemphasis{expression} is a shell\sphinxhyphen{}style -glob expression that can contain the wild\sphinxhyphen{}card characters \sphinxcode{\sphinxupquote{?}}, -\sphinxcode{\sphinxupquote{*}}, and \sphinxcode{\sphinxupquote{{[}{]}}}. All policy names matching the expression are -printed. If no expression is provided, all existing policy names are -printed. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{list} privilege. - -\sphinxAtStartPar -Aliases: \sphinxstylestrong{listpols}, \sphinxstylestrong{get\_policies}, \sphinxstylestrong{getpols}. - -\sphinxAtStartPar -Examples: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{listpols} -\PYG{n}{test}\PYG{o}{\PYGZhy{}}\PYG{n}{pol} -\PYG{n+nb}{dict}\PYG{o}{\PYGZhy{}}\PYG{n}{only} -\PYG{n}{once}\PYG{o}{\PYGZhy{}}\PYG{n}{a}\PYG{o}{\PYGZhy{}}\PYG{n+nb}{min} -\PYG{n}{test}\PYG{o}{\PYGZhy{}}\PYG{n}{pol}\PYG{o}{\PYGZhy{}}\PYG{n}{nopw} - -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{listpols} \PYG{n}{t}\PYG{o}{*} -\PYG{n}{test}\PYG{o}{\PYGZhy{}}\PYG{n}{pol} -\PYG{n}{test}\PYG{o}{\PYGZhy{}}\PYG{n}{pol}\PYG{o}{\PYGZhy{}}\PYG{n}{nopw} -\PYG{n}{kadmin}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{ktadd} -\label{\detokenize{admin/admin_commands/kadmin_local:ktadd}}\label{\detokenize{admin/admin_commands/kadmin_local:id17}}\begin{quote} - -\begin{DUlineblock}{0em} -\item[] \sphinxstylestrong{ktadd} {[}options{]} \sphinxstyleemphasis{principal} -\item[] \sphinxstylestrong{ktadd} {[}options{]} \sphinxstylestrong{\sphinxhyphen{}glob} \sphinxstyleemphasis{princ\sphinxhyphen{}exp} -\end{DUlineblock} -\end{quote} - -\sphinxAtStartPar -Adds a \sphinxstyleemphasis{principal}, or all principals matching \sphinxstyleemphasis{princ\sphinxhyphen{}exp}, to a -keytab file. Each principal’s keys are randomized in the process. -The rules for \sphinxstyleemphasis{princ\sphinxhyphen{}exp} are described in the \sphinxstylestrong{list\_principals} -command. - -\sphinxAtStartPar -This command requires the \sphinxstylestrong{inquire} and \sphinxstylestrong{changepw} privileges. -With the \sphinxstylestrong{\sphinxhyphen{}glob} form, it also requires the \sphinxstylestrong{list} privilege. - -\sphinxAtStartPar -The options are: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}k{[}eytab{]}} \sphinxstyleemphasis{keytab}}] \leavevmode -\sphinxAtStartPar -Use \sphinxstyleemphasis{keytab} as the keytab file. Otherwise, the default keytab is -used. - -\item[{\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{enc}:\sphinxstyleemphasis{salt},…}] \leavevmode -\sphinxAtStartPar -Uses the specified keysalt list for setting the new keys of the -principal. See {\hyperref[\detokenize{admin/conf_files/kdc_conf:keysalt-lists}]{\sphinxcrossref{\DUrole{std,std-ref}{Keysalt lists}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} for a -list of possible values. - -\item[{\sphinxstylestrong{\sphinxhyphen{}q}}] \leavevmode -\sphinxAtStartPar -Display less verbose information. - -\item[{\sphinxstylestrong{\sphinxhyphen{}norandkey}}] \leavevmode -\sphinxAtStartPar -Do not randomize the keys. The keys and their version numbers stay -unchanged. This option cannot be specified in combination with the -\sphinxstylestrong{\sphinxhyphen{}e} option. - -\end{description} - -\sphinxAtStartPar -An entry for each of the principal’s unique encryption types is added, -ignoring multiple keys with the same encryption type but different -salt types. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{xst} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{ktadd} \PYG{o}{\PYGZhy{}}\PYG{n}{k} \PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{foo}\PYG{o}{\PYGZhy{}}\PYG{n}{new}\PYG{o}{\PYGZhy{}}\PYG{n}{keytab} \PYG{n}{host}\PYG{o}{/}\PYG{n}{foo}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{foo}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} - \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} - \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{foo}\PYG{o}{\PYGZhy{}}\PYG{n}{new}\PYG{o}{\PYGZhy{}}\PYG{n}{keytab} -\PYG{n}{kadmin}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{ktremove} -\label{\detokenize{admin/admin_commands/kadmin_local:ktremove}}\label{\detokenize{admin/admin_commands/kadmin_local:id18}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{ktremove} {[}options{]} \sphinxstyleemphasis{principal} {[}\sphinxstyleemphasis{kvno} | \sphinxstyleemphasis{all} | \sphinxstyleemphasis{old}{]} -\end{quote} - -\sphinxAtStartPar -Removes entries for the specified \sphinxstyleemphasis{principal} from a keytab. Requires -no permissions, since this does not require database access. - -\sphinxAtStartPar -If the string “all†is specified, all entries for that principal are -removed; if the string “old†is specified, all entries for that -principal except those with the highest kvno are removed. Otherwise, -the value specified is parsed as an integer, and all entries whose -kvno match that integer are removed. - -\sphinxAtStartPar -The options are: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}k{[}eytab{]}} \sphinxstyleemphasis{keytab}}] \leavevmode -\sphinxAtStartPar -Use \sphinxstyleemphasis{keytab} as the keytab file. Otherwise, the default keytab is -used. - -\item[{\sphinxstylestrong{\sphinxhyphen{}q}}] \leavevmode -\sphinxAtStartPar -Display less verbose information. - -\end{description} - -\sphinxAtStartPar -Alias: \sphinxstylestrong{ktrem} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kadmin}\PYG{p}{:} \PYG{n}{ktremove} \PYG{n}{kadmin}\PYG{o}{/}\PYG{n}{admin} \PYG{n+nb}{all} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{kadmin}\PYG{o}{/}\PYG{n}{admin} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3} \PYG{n}{removed} \PYG{k+kn}{from} \PYG{n+nn}{keytab} - \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab} -\PYG{n}{kadmin}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{lock} -\label{\detokenize{admin/admin_commands/kadmin_local:lock}} -\sphinxAtStartPar -Lock database exclusively. Use with extreme caution! This command -only works with the DB2 KDC database module. - - -\subsubsection{unlock} -\label{\detokenize{admin/admin_commands/kadmin_local:unlock}} -\sphinxAtStartPar -Release the exclusive database lock. - - -\subsubsection{list\_requests} -\label{\detokenize{admin/admin_commands/kadmin_local:list-requests}} -\sphinxAtStartPar -Lists available for kadmin requests. - -\sphinxAtStartPar -Aliases: \sphinxstylestrong{lr}, \sphinxstylestrong{?} - - -\subsubsection{quit} -\label{\detokenize{admin/admin_commands/kadmin_local:quit}} -\sphinxAtStartPar -Exit program. If the database was locked, the lock is released. - -\sphinxAtStartPar -Aliases: \sphinxstylestrong{exit}, \sphinxstylestrong{q} - - -\subsection{HISTORY} -\label{\detokenize{admin/admin_commands/kadmin_local:history}} -\sphinxAtStartPar -The kadmin program was originally written by Tom Yu at MIT, as an -interface to the OpenVision Kerberos administration program. - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/kadmin_local:environment}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/kadmin_local:see-also}} -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{kpasswd(1)}, {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}}, \DUrole{xref,std,std-ref}{kerberos(7)} - - -\section{kadmind} -\label{\detokenize{admin/admin_commands/kadmind:kadmind}}\label{\detokenize{admin/admin_commands/kadmind:kadmind-8}}\label{\detokenize{admin/admin_commands/kadmind::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/kadmind:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kadmind} -{[}\sphinxstylestrong{\sphinxhyphen{}x} \sphinxstyleemphasis{db\_args}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}m}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}nofork}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}proponly}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}port} \sphinxstyleemphasis{port\sphinxhyphen{}number}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}P} \sphinxstyleemphasis{pid\_file}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{kdb5\_util\_path}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}K} \sphinxstyleemphasis{kprop\_path}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{kprop\_port}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}F} \sphinxstyleemphasis{dump\_file}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/kadmind:description}} -\sphinxAtStartPar -kadmind starts the Kerberos administration server. kadmind typically -runs on the primary Kerberos server, which stores the KDC database. -If the KDC database uses the LDAP module, the administration server -and the KDC server need not run on the same machine. kadmind accepts -remote requests from programs such as {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} and -\DUrole{xref,std,std-ref}{kpasswd(1)} to administer the information in these database. - -\sphinxAtStartPar -kadmind requires a number of configuration files to be set up in order -for it to work: -\begin{description} -\item[{{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}}] \leavevmode -\sphinxAtStartPar -The KDC configuration file contains configuration information for -the KDC and admin servers. kadmind uses settings in this file to -locate the Kerberos database, and is also affected by the -\sphinxstylestrong{acl\_file}, \sphinxstylestrong{dict\_file}, \sphinxstylestrong{kadmind\_port}, and iprop\sphinxhyphen{}related -settings. - -\item[{{\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}}}] \leavevmode -\sphinxAtStartPar -kadmind’s ACL (access control list) tells it which principals are -allowed to perform administration actions. The pathname to the -ACL file can be specified with the \sphinxstylestrong{acl\_file} {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} -variable; by default, it is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/kadm5.acl}}. - -\end{description} - -\sphinxAtStartPar -After the server begins running, it puts itself in the background and -disassociates itself from its controlling terminal. - -\sphinxAtStartPar -kadmind can be configured for incremental database propagation. -Incremental propagation allows replica KDC servers to receive -principal and policy updates incrementally instead of receiving full -dumps of the database. This facility can be enabled in the -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} file with the \sphinxstylestrong{iprop\_enable} option. Incremental -propagation requires the principal \sphinxcode{\sphinxupquote{kiprop/PRIMARY\textbackslash{}@REALM}} (where -PRIMARY is the primary KDC’s canonical host name, and REALM the realm -name). In release 1.13, this principal is automatically created and -registered into the datebase. - - -\subsection{OPTIONS} -\label{\detokenize{admin/admin_commands/kadmind:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}}] \leavevmode -\sphinxAtStartPar -specifies the realm that kadmind will serve; if it is not -specified, the default realm of the host is used. - -\item[{\sphinxstylestrong{\sphinxhyphen{}m}}] \leavevmode -\sphinxAtStartPar -causes the master database password to be fetched from the -keyboard (before the server puts itself in the background, if not -invoked with the \sphinxstylestrong{\sphinxhyphen{}nofork} option) rather than from a file on -disk. - -\item[{\sphinxstylestrong{\sphinxhyphen{}nofork}}] \leavevmode -\sphinxAtStartPar -causes the server to remain in the foreground and remain -associated to the terminal. - -\item[{\sphinxstylestrong{\sphinxhyphen{}proponly}}] \leavevmode -\sphinxAtStartPar -causes the server to only listen and respond to Kerberos replica -incremental propagation polling requests. This option can be used -to set up a hierarchical propagation topology where a replica KDC -provides incremental updates to other Kerberos replicas. - -\item[{\sphinxstylestrong{\sphinxhyphen{}port} \sphinxstyleemphasis{port\sphinxhyphen{}number}}] \leavevmode -\sphinxAtStartPar -specifies the port on which the administration server listens for -connections. The default port is determined by the -\sphinxstylestrong{kadmind\_port} configuration variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}P} \sphinxstyleemphasis{pid\_file}}] \leavevmode -\sphinxAtStartPar -specifies the file to which the PID of kadmind process should be -written after it starts up. This file can be used to identify -whether kadmind is still running and to allow init scripts to stop -the correct process. - -\item[{\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{kdb5\_util\_path}}] \leavevmode -\sphinxAtStartPar -specifies the path to the kdb5\_util command to use when dumping the -KDB in response to full resync requests when iprop is enabled. - -\item[{\sphinxstylestrong{\sphinxhyphen{}K} \sphinxstyleemphasis{kprop\_path}}] \leavevmode -\sphinxAtStartPar -specifies the path to the kprop command to use to send full dumps -to replicas in response to full resync requests. - -\item[{\sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{kprop\_port}}] \leavevmode -\sphinxAtStartPar -specifies the port by which the kprop process that is spawned by -kadmind connects to the replica kpropd, in order to transfer the -dump file during an iprop full resync request. - -\item[{\sphinxstylestrong{\sphinxhyphen{}F} \sphinxstyleemphasis{dump\_file}}] \leavevmode -\sphinxAtStartPar -specifies the file path to be used for dumping the KDB in response -to full resync requests when iprop is enabled. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x} \sphinxstyleemphasis{db\_args}}] \leavevmode -\sphinxAtStartPar -specifies database\sphinxhyphen{}specific arguments. See {\hyperref[\detokenize{admin/admin_commands/kadmin_local:dboptions}]{\sphinxcrossref{\DUrole{std,std-ref}{Database Options}}}} in {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} for supported arguments. - -\end{description} - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/kadmind:environment}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/kadmind:see-also}} -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{kpasswd(1)}, {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}, {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}}, -{\hyperref[\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_ldap\_util}}}}, {\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}}, \DUrole{xref,std,std-ref}{kerberos(7)} - - -\section{kdb5\_util} -\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util}}\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}}\label{\detokenize{admin/admin_commands/kdb5_util::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/kdb5_util:synopsis}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kdb5\_util} -{[}\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}d} \sphinxstyleemphasis{dbname}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{mkeytype}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}kv} \sphinxstyleemphasis{mkeyVNO}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}M} \sphinxstyleemphasis{mkeyname}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}m}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}sf} \sphinxstyleemphasis{stashfilename}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}P} \sphinxstyleemphasis{password}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}x} \sphinxstyleemphasis{db\_args}{]} -\sphinxstyleemphasis{command} {[}\sphinxstyleemphasis{command\_options}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/kdb5_util:description}}\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-synopsis-end}} -\sphinxAtStartPar -kdb5\_util allows an administrator to perform maintenance procedures on -the KDC database. Databases can be created, destroyed, and dumped to -or loaded from ASCII files. kdb5\_util can create a Kerberos master -key stash file or perform live rollover of the master key. - -\sphinxAtStartPar -When kdb5\_util is run, it attempts to acquire the master key and open -the database. However, execution continues regardless of whether or -not kdb5\_util successfully opens the database, because the database -may not exist yet or the stash file may be corrupt. - -\sphinxAtStartPar -Note that some KDC database modules may not support all kdb5\_util -commands. - - -\subsection{COMMAND\sphinxhyphen{}LINE OPTIONS} -\label{\detokenize{admin/admin_commands/kdb5_util:command-line-options}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}}] \leavevmode -\sphinxAtStartPar -specifies the Kerberos realm of the database. - -\item[{\sphinxstylestrong{\sphinxhyphen{}d} \sphinxstyleemphasis{dbname}}] \leavevmode -\sphinxAtStartPar -specifies the name under which the principal database is stored; -by default the database is that listed in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. The -password policy database and lock files are also derived from this -value. - -\item[{\sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{mkeytype}}] \leavevmode -\sphinxAtStartPar -specifies the key type of the master key in the database. The -default is given by the \sphinxstylestrong{master\_key\_type} variable in -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}kv} \sphinxstyleemphasis{mkeyVNO}}] \leavevmode -\sphinxAtStartPar -Specifies the version number of the master key in the database; -the default is 1. Note that 0 is not allowed. - -\item[{\sphinxstylestrong{\sphinxhyphen{}M} \sphinxstyleemphasis{mkeyname}}] \leavevmode -\sphinxAtStartPar -principal name for the master key in the database. If not -specified, the name is determined by the \sphinxstylestrong{master\_key\_name} -variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}m}}] \leavevmode -\sphinxAtStartPar -specifies that the master database password should be read from -the keyboard rather than fetched from a file on disk. - -\item[{\sphinxstylestrong{\sphinxhyphen{}sf} \sphinxstyleemphasis{stash\_file}}] \leavevmode -\sphinxAtStartPar -specifies the stash filename of the master database password. If -not specified, the filename is determined by the -\sphinxstylestrong{key\_stash\_file} variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}P} \sphinxstyleemphasis{password}}] \leavevmode -\sphinxAtStartPar -specifies the master database password. Using this option may -expose the password to other users on the system via the process -list. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x} \sphinxstyleemphasis{db\_args}}] \leavevmode -\sphinxAtStartPar -specifies database\sphinxhyphen{}specific options. See {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} for -supported options. - -\end{description} - - -\subsection{COMMANDS} -\label{\detokenize{admin/admin_commands/kdb5_util:commands}}\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-options-end}} - -\subsubsection{create} -\label{\detokenize{admin/admin_commands/kdb5_util:create}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-create}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{create} {[}\sphinxstylestrong{\sphinxhyphen{}s}{]} -\end{quote} - -\sphinxAtStartPar -Creates a new database. If the \sphinxstylestrong{\sphinxhyphen{}s} option is specified, the stash -file is also created. This command fails if the database already -exists. If the command is successful, the database is opened just as -if it had already existed when the program was first run. - - -\subsubsection{destroy} -\label{\detokenize{admin/admin_commands/kdb5_util:destroy}}\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-create-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-destroy}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{destroy} {[}\sphinxstylestrong{\sphinxhyphen{}f}{]} -\end{quote} - -\sphinxAtStartPar -Destroys the database, first overwriting the disk sectors and then -unlinking the files, after prompting the user for confirmation. With -the \sphinxstylestrong{\sphinxhyphen{}f} argument, does not prompt the user. - - -\subsubsection{stash} -\label{\detokenize{admin/admin_commands/kdb5_util:stash}}\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-destroy-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-stash}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{stash} {[}\sphinxstylestrong{\sphinxhyphen{}f} \sphinxstyleemphasis{keyfile}{]} -\end{quote} - -\sphinxAtStartPar -Stores the master principal’s keys in a stash file. The \sphinxstylestrong{\sphinxhyphen{}f} -argument can be used to override the \sphinxstyleemphasis{keyfile} specified in -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. - - -\subsubsection{dump} -\label{\detokenize{admin/admin_commands/kdb5_util:dump}}\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-stash-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-dump}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{dump} {[}\sphinxstylestrong{\sphinxhyphen{}b7}|\sphinxstylestrong{\sphinxhyphen{}r13}|\sphinxstylestrong{\sphinxhyphen{}r18}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}verbose}{]} {[}\sphinxstylestrong{\sphinxhyphen{}mkey\_convert}{]} {[}\sphinxstylestrong{\sphinxhyphen{}new\_mkey\_file} -\sphinxstyleemphasis{mkey\_file}{]} {[}\sphinxstylestrong{\sphinxhyphen{}rev}{]} {[}\sphinxstylestrong{\sphinxhyphen{}recurse}{]} {[}\sphinxstyleemphasis{filename} -{[}\sphinxstyleemphasis{principals}…{]}{]} -\end{quote} - -\sphinxAtStartPar -Dumps the current Kerberos and KADM5 database into an ASCII file. By -default, the database is dumped in current format, “kdb5\_util -load\_dump version 7â€. If filename is not specified, or is the string -“\sphinxhyphen{}â€, the dump is sent to standard output. Options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}b7}}] \leavevmode -\sphinxAtStartPar -causes the dump to be in the Kerberos 5 Beta 7 format (“kdb5\_util -load\_dump version 4â€). This was the dump format produced on -releases prior to 1.2.2. - -\item[{\sphinxstylestrong{\sphinxhyphen{}r13}}] \leavevmode -\sphinxAtStartPar -causes the dump to be in the Kerberos 5 1.3 format (“kdb5\_util -load\_dump version 5â€). This was the dump format produced on -releases prior to 1.8. - -\item[{\sphinxstylestrong{\sphinxhyphen{}r18}}] \leavevmode -\sphinxAtStartPar -causes the dump to be in the Kerberos 5 1.8 format (“kdb5\_util -load\_dump version 6â€). This was the dump format produced on -releases prior to 1.11. - -\item[{\sphinxstylestrong{\sphinxhyphen{}verbose}}] \leavevmode -\sphinxAtStartPar -causes the name of each principal and policy to be printed as it -is dumped. - -\item[{\sphinxstylestrong{\sphinxhyphen{}mkey\_convert}}] \leavevmode -\sphinxAtStartPar -prompts for a new master key. This new master key will be used to -re\sphinxhyphen{}encrypt principal key data in the dumpfile. The principal keys -themselves will not be changed. - -\item[{\sphinxstylestrong{\sphinxhyphen{}new\_mkey\_file} \sphinxstyleemphasis{mkey\_file}}] \leavevmode -\sphinxAtStartPar -the filename of a stash file. The master key in this stash file -will be used to re\sphinxhyphen{}encrypt the key data in the dumpfile. The key -data in the database will not be changed. - -\item[{\sphinxstylestrong{\sphinxhyphen{}rev}}] \leavevmode -\sphinxAtStartPar -dumps in reverse order. This may recover principals that do not -dump normally, in cases where database corruption has occurred. - -\item[{\sphinxstylestrong{\sphinxhyphen{}recurse}}] \leavevmode -\sphinxAtStartPar -causes the dump to walk the database recursively (btree only). -This may recover principals that do not dump normally, in cases -where database corruption has occurred. In cases of such -corruption, this option will probably retrieve more principals -than the \sphinxstylestrong{\sphinxhyphen{}rev} option will. - -\sphinxAtStartPar -\DUrole{versionmodified,changed}{Changed in version 1.15: }Release 1.15 restored the functionality of the \sphinxstylestrong{\sphinxhyphen{}recurse} -option. - -\sphinxAtStartPar -\DUrole{versionmodified,changed}{Changed in version 1.5: }The \sphinxstylestrong{\sphinxhyphen{}recurse} option ceased working until release 1.15, -doing a normal dump instead of a recursive traversal. - -\end{description} - - -\subsubsection{load} -\label{\detokenize{admin/admin_commands/kdb5_util:load}}\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-dump-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-load}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{load} {[}\sphinxstylestrong{\sphinxhyphen{}b7}|\sphinxstylestrong{\sphinxhyphen{}r13}|\sphinxstylestrong{\sphinxhyphen{}r18}{]} {[}\sphinxstylestrong{\sphinxhyphen{}hash}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}verbose}{]} {[}\sphinxstylestrong{\sphinxhyphen{}update}{]} \sphinxstyleemphasis{filename} -\end{quote} - -\sphinxAtStartPar -Loads a database dump from the named file into the named database. If -no option is given to determine the format of the dump file, the -format is detected automatically and handled as appropriate. Unless -the \sphinxstylestrong{\sphinxhyphen{}update} option is given, \sphinxstylestrong{load} creates a new database -containing only the data in the dump file, overwriting the contents of -any previously existing database. Note that when using the LDAP KDC -database module, the \sphinxstylestrong{\sphinxhyphen{}update} flag is required. - -\sphinxAtStartPar -Options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}b7}}] \leavevmode -\sphinxAtStartPar -requires the database to be in the Kerberos 5 Beta 7 format -(“kdb5\_util load\_dump version 4â€). This was the dump format -produced on releases prior to 1.2.2. - -\item[{\sphinxstylestrong{\sphinxhyphen{}r13}}] \leavevmode -\sphinxAtStartPar -requires the database to be in Kerberos 5 1.3 format (“kdb5\_util -load\_dump version 5â€). This was the dump format produced on -releases prior to 1.8. - -\item[{\sphinxstylestrong{\sphinxhyphen{}r18}}] \leavevmode -\sphinxAtStartPar -requires the database to be in Kerberos 5 1.8 format (“kdb5\_util -load\_dump version 6â€). This was the dump format produced on -releases prior to 1.11. - -\item[{\sphinxstylestrong{\sphinxhyphen{}hash}}] \leavevmode -\sphinxAtStartPar -stores the database in hash format, if using the DB2 database -type. If this option is not specified, the database will be -stored in btree format. This option is not recommended, as -databases stored in hash format are known to corrupt data and lose -principals. - -\item[{\sphinxstylestrong{\sphinxhyphen{}verbose}}] \leavevmode -\sphinxAtStartPar -causes the name of each principal and policy to be printed as it -is dumped. - -\item[{\sphinxstylestrong{\sphinxhyphen{}update}}] \leavevmode -\sphinxAtStartPar -records from the dump file are added to or updated in the existing -database. Otherwise, a new database is created containing only -what is in the dump file and the old one destroyed upon successful -completion. - -\end{description} - - -\subsubsection{ark} -\label{\detokenize{admin/admin_commands/kdb5_util:ark}}\label{\detokenize{admin/admin_commands/kdb5_util:kdb5-util-load-end}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{ark} {[}\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{enc}:\sphinxstyleemphasis{salt},…{]} \sphinxstyleemphasis{principal} -\end{quote} - -\sphinxAtStartPar -Adds new random keys to \sphinxstyleemphasis{principal} at the next available key version -number. Keys for the current highest key version number will be -preserved. The \sphinxstylestrong{\sphinxhyphen{}e} option specifies the list of encryption and -salt types to be used for the new keys. - - -\subsubsection{add\_mkey} -\label{\detokenize{admin/admin_commands/kdb5_util:add-mkey}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{add\_mkey} {[}\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{etype}{]} {[}\sphinxstylestrong{\sphinxhyphen{}s}{]} -\end{quote} - -\sphinxAtStartPar -Adds a new master key to the master key principal, but does not mark -it as active. Existing master keys will remain. The \sphinxstylestrong{\sphinxhyphen{}e} option -specifies the encryption type of the new master key; see -{\hyperref[\detokenize{admin/conf_files/kdc_conf:encryption-types}]{\sphinxcrossref{\DUrole{std,std-ref}{Encryption types}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} for a list of possible -values. The \sphinxstylestrong{\sphinxhyphen{}s} option stashes the new master key in the stash -file, which will be created if it doesn’t already exist. - -\sphinxAtStartPar -After a new master key is added, it should be propagated to replica -servers via a manual or periodic invocation of {\hyperref[\detokenize{admin/admin_commands/kprop:kprop-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop}}}}. Then, -the stash files on the replica servers should be updated with the -kdb5\_util \sphinxstylestrong{stash} command. Once those steps are complete, the key -is ready to be marked active with the kdb5\_util \sphinxstylestrong{use\_mkey} command. - - -\subsubsection{use\_mkey} -\label{\detokenize{admin/admin_commands/kdb5_util:use-mkey}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{use\_mkey} \sphinxstyleemphasis{mkeyVNO} {[}\sphinxstyleemphasis{time}{]} -\end{quote} - -\sphinxAtStartPar -Sets the activation time of the master key specified by \sphinxstyleemphasis{mkeyVNO}. -Once a master key becomes active, it will be used to encrypt newly -created principal keys. If no \sphinxstyleemphasis{time} argument is given, the current -time is used, causing the specified master key version to become -active immediately. The format for \sphinxstyleemphasis{time} is \DUrole{xref,std,std-ref}{getdate} string. - -\sphinxAtStartPar -After a new master key becomes active, the kdb5\_util -\sphinxstylestrong{update\_princ\_encryption} command can be used to update all -principal keys to be encrypted in the new master key. - - -\subsubsection{list\_mkeys} -\label{\detokenize{admin/admin_commands/kdb5_util:list-mkeys}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{list\_mkeys} -\end{quote} - -\sphinxAtStartPar -List all master keys, from most recent to earliest, in the master key -principal. The output will show the kvno, enctype, and salt type for -each mkey, similar to the output of {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} \sphinxstylestrong{getprinc}. A -\sphinxcode{\sphinxupquote{*}} following an mkey denotes the currently active master key. - - -\subsubsection{purge\_mkeys} -\label{\detokenize{admin/admin_commands/kdb5_util:purge-mkeys}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{purge\_mkeys} {[}\sphinxstylestrong{\sphinxhyphen{}f}{]} {[}\sphinxstylestrong{\sphinxhyphen{}n}{]} {[}\sphinxstylestrong{\sphinxhyphen{}v}{]} -\end{quote} - -\sphinxAtStartPar -Delete master keys from the master key principal that are not used to -protect any principals. This command can be used to remove old master -keys all principal keys are protected by a newer master key. -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}f}}] \leavevmode -\sphinxAtStartPar -does not prompt for confirmation. - -\item[{\sphinxstylestrong{\sphinxhyphen{}n}}] \leavevmode -\sphinxAtStartPar -performs a dry run, showing master keys that would be purged, but -not actually purging any keys. - -\item[{\sphinxstylestrong{\sphinxhyphen{}v}}] \leavevmode -\sphinxAtStartPar -gives more verbose output. - -\end{description} - - -\subsubsection{update\_princ\_encryption} -\label{\detokenize{admin/admin_commands/kdb5_util:update-princ-encryption}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{update\_princ\_encryption} {[}\sphinxstylestrong{\sphinxhyphen{}f}{]} {[}\sphinxstylestrong{\sphinxhyphen{}n}{]} {[}\sphinxstylestrong{\sphinxhyphen{}v}{]} -{[}\sphinxstyleemphasis{princ\sphinxhyphen{}pattern}{]} -\end{quote} - -\sphinxAtStartPar -Update all principal records (or only those matching the -\sphinxstyleemphasis{princ\sphinxhyphen{}pattern} glob pattern) to re\sphinxhyphen{}encrypt the key data using the -active database master key, if they are encrypted using a different -version, and give a count at the end of the number of principals -updated. If the \sphinxstylestrong{\sphinxhyphen{}f} option is not given, ask for confirmation -before starting to make changes. The \sphinxstylestrong{\sphinxhyphen{}v} option causes each -principal processed to be listed, with an indication as to whether it -needed updating or not. The \sphinxstylestrong{\sphinxhyphen{}n} option performs a dry run, only -showing the actions which would have been taken. - - -\subsubsection{tabdump} -\label{\detokenize{admin/admin_commands/kdb5_util:tabdump}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{tabdump} {[}\sphinxstylestrong{\sphinxhyphen{}H}{]} {[}\sphinxstylestrong{\sphinxhyphen{}c}{]} {[}\sphinxstylestrong{\sphinxhyphen{}e}{]} {[}\sphinxstylestrong{\sphinxhyphen{}n}{]} {[}\sphinxstylestrong{\sphinxhyphen{}o} \sphinxstyleemphasis{outfile}{]} -\sphinxstyleemphasis{dumptype} -\end{quote} - -\sphinxAtStartPar -Dump selected fields of the database in a tabular format suitable for -reporting (e.g., using traditional Unix text processing tools) or -importing into relational databases. The data format is tab\sphinxhyphen{}separated -(default), or optionally comma\sphinxhyphen{}separated (CSV), with a fixed number of -columns. The output begins with a header line containing field names, -unless suppression is requested using the \sphinxstylestrong{\sphinxhyphen{}H} option. - -\sphinxAtStartPar -The \sphinxstyleemphasis{dumptype} parameter specifies the name of an output table (see -below). - -\sphinxAtStartPar -Options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}H}}] \leavevmode -\sphinxAtStartPar -suppress writing the field names in a header line - -\item[{\sphinxstylestrong{\sphinxhyphen{}c}}] \leavevmode -\sphinxAtStartPar -use comma separated values (CSV) format, with minimal quoting, -instead of the default tab\sphinxhyphen{}separated (unquoted, unescaped) format - -\item[{\sphinxstylestrong{\sphinxhyphen{}e}}] \leavevmode -\sphinxAtStartPar -write empty hexadecimal string fields as empty fields instead of -as “\sphinxhyphen{}1â€. - -\item[{\sphinxstylestrong{\sphinxhyphen{}n}}] \leavevmode -\sphinxAtStartPar -produce numeric output for fields that normally have symbolic -output, such as enctypes and flag names. Also requests output of -time stamps as decimal POSIX time\_t values. - -\item[{\sphinxstylestrong{\sphinxhyphen{}o} \sphinxstyleemphasis{outfile}}] \leavevmode -\sphinxAtStartPar -write the dump to the specified output file instead of to standard -output - -\end{description} - -\sphinxAtStartPar -Dump types: -\begin{description} -\item[{\sphinxstylestrong{keydata}}] \leavevmode -\sphinxAtStartPar -principal encryption key information, including actual key data -(which is still encrypted in the master key) -\begin{description} -\item[{\sphinxstylestrong{name}}] \leavevmode -\sphinxAtStartPar -principal name - -\item[{\sphinxstylestrong{keyindex}}] \leavevmode -\sphinxAtStartPar -index of this key in the principal’s key list - -\item[{\sphinxstylestrong{kvno}}] \leavevmode -\sphinxAtStartPar -key version number - -\item[{\sphinxstylestrong{enctype}}] \leavevmode -\sphinxAtStartPar -encryption type - -\item[{\sphinxstylestrong{key}}] \leavevmode -\sphinxAtStartPar -key data as a hexadecimal string - -\item[{\sphinxstylestrong{salttype}}] \leavevmode -\sphinxAtStartPar -salt type - -\item[{\sphinxstylestrong{salt}}] \leavevmode -\sphinxAtStartPar -salt data as a hexadecimal string - -\end{description} - -\item[{\sphinxstylestrong{keyinfo}}] \leavevmode -\sphinxAtStartPar -principal encryption key information (as in \sphinxstylestrong{keydata} above), -excluding actual key data - -\item[{\sphinxstylestrong{princ\_flags}}] \leavevmode -\sphinxAtStartPar -principal boolean attributes. Flag names print as hexadecimal -numbers if the \sphinxstylestrong{\sphinxhyphen{}n} option is specified, and all flag positions -are printed regardless of whether or not they are set. If \sphinxstylestrong{\sphinxhyphen{}n} -is not specified, print all known flag names for each principal, -but only print hexadecimal flag names if the corresponding flag is -set. -\begin{description} -\item[{\sphinxstylestrong{name}}] \leavevmode -\sphinxAtStartPar -principal name - -\item[{\sphinxstylestrong{flag}}] \leavevmode -\sphinxAtStartPar -flag name - -\item[{\sphinxstylestrong{value}}] \leavevmode -\sphinxAtStartPar -boolean value (0 for clear, or 1 for set) - -\end{description} - -\item[{\sphinxstylestrong{princ\_lockout}}] \leavevmode -\sphinxAtStartPar -state information used for tracking repeated password failures -\begin{description} -\item[{\sphinxstylestrong{name}}] \leavevmode -\sphinxAtStartPar -principal name - -\item[{\sphinxstylestrong{last\_success}}] \leavevmode -\sphinxAtStartPar -time stamp of most recent successful authentication - -\item[{\sphinxstylestrong{last\_failed}}] \leavevmode -\sphinxAtStartPar -time stamp of most recent failed authentication - -\item[{\sphinxstylestrong{fail\_count}}] \leavevmode -\sphinxAtStartPar -count of failed attempts - -\end{description} - -\item[{\sphinxstylestrong{princ\_meta}}] \leavevmode -\sphinxAtStartPar -principal metadata -\begin{description} -\item[{\sphinxstylestrong{name}}] \leavevmode -\sphinxAtStartPar -principal name - -\item[{\sphinxstylestrong{modby}}] \leavevmode -\sphinxAtStartPar -name of last principal to modify this principal - -\item[{\sphinxstylestrong{modtime}}] \leavevmode -\sphinxAtStartPar -timestamp of last modification - -\item[{\sphinxstylestrong{lastpwd}}] \leavevmode -\sphinxAtStartPar -timestamp of last password change - -\item[{\sphinxstylestrong{policy}}] \leavevmode -\sphinxAtStartPar -policy object name - -\item[{\sphinxstylestrong{mkvno}}] \leavevmode -\sphinxAtStartPar -key version number of the master key that encrypts this -principal’s key data - -\item[{\sphinxstylestrong{hist\_kvno}}] \leavevmode -\sphinxAtStartPar -key version number of the history key that encrypts the key -history data for this principal - -\end{description} - -\item[{\sphinxstylestrong{princ\_stringattrs}}] \leavevmode -\sphinxAtStartPar -string attributes (key/value pairs) -\begin{description} -\item[{\sphinxstylestrong{name}}] \leavevmode -\sphinxAtStartPar -principal name - -\item[{\sphinxstylestrong{key}}] \leavevmode -\sphinxAtStartPar -attribute name - -\item[{\sphinxstylestrong{value}}] \leavevmode -\sphinxAtStartPar -attribute value - -\end{description} - -\item[{\sphinxstylestrong{princ\_tktpolicy}}] \leavevmode -\sphinxAtStartPar -per\sphinxhyphen{}principal ticket policy data, including maximum ticket -lifetimes -\begin{description} -\item[{\sphinxstylestrong{name}}] \leavevmode -\sphinxAtStartPar -principal name - -\item[{\sphinxstylestrong{expiration}}] \leavevmode -\sphinxAtStartPar -principal expiration date - -\item[{\sphinxstylestrong{pw\_expiration}}] \leavevmode -\sphinxAtStartPar -password expiration date - -\item[{\sphinxstylestrong{max\_life}}] \leavevmode -\sphinxAtStartPar -maximum ticket lifetime - -\item[{\sphinxstylestrong{max\_renew\_life}}] \leavevmode -\sphinxAtStartPar -maximum renewable ticket lifetime - -\end{description} - -\end{description} - -\sphinxAtStartPar -Examples: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYGZdl{} kdb5\PYGZus{}util tabdump \PYGZhy{}o keyinfo.txt keyinfo -\PYGZdl{} cat keyinfo.txt -name keyindex kvno enctype salttype salt -K/M@EXAMPLE.COM 0 1 aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha384\PYGZhy{}192 normal \PYGZhy{}1 -foo@EXAMPLE.COM 0 1 aes128\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96 normal \PYGZhy{}1 -bar@EXAMPLE.COM 0 1 aes128\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96 normal \PYGZhy{}1 -\PYGZdl{} sqlite3 -sqlite\PYGZgt{} .mode tabs -sqlite\PYGZgt{} .import keyinfo.txt keyinfo -sqlite\PYGZgt{} select * from keyinfo where enctype like \PYGZsq{}aes256\PYGZhy{}\PYGZpc{}\PYGZsq{}; -K/M@EXAMPLE.COM 1 1 aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha384\PYGZhy{}192 normal \PYGZhy{}1 -sqlite\PYGZgt{} .quit -\PYGZdl{} awk \PYGZhy{}F\PYGZsq{}\PYGZbs{}t\PYGZsq{} \PYGZsq{}\PYGZdl{}4 \PYGZti{} /aes256\PYGZhy{}/ \PYGZob{} print \PYGZcb{}\PYGZsq{} keyinfo.txt -K/M@EXAMPLE.COM 1 1 aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha384\PYGZhy{}192 normal \PYGZhy{}1 -\end{sphinxVerbatim} - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/kdb5_util:environment}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/kdb5_util:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}, \DUrole{xref,std,std-ref}{kerberos(7)} - - -\section{kdb5\_ldap\_util} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-8}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:synopsis}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kdb5\_ldap\_util} -{[}\sphinxstylestrong{\sphinxhyphen{}D} \sphinxstyleemphasis{user\_dn} {[}\sphinxstylestrong{\sphinxhyphen{}w} \sphinxstyleemphasis{passwd}{]}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}H} \sphinxstyleemphasis{ldapuri}{]} -\sphinxstylestrong{command} -{[}\sphinxstyleemphasis{command\_options}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:description}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-synopsis-end}} -\sphinxAtStartPar -kdb5\_ldap\_util allows an administrator to manage realms, Kerberos -services and ticket policies. - - -\subsection{COMMAND\sphinxhyphen{}LINE OPTIONS} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:command-line-options}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}}] \leavevmode -\sphinxAtStartPar -Specifies the realm to be operated on. - -\item[{\sphinxstylestrong{\sphinxhyphen{}D} \sphinxstyleemphasis{user\_dn}}] \leavevmode -\sphinxAtStartPar -Specifies the Distinguished Name (DN) of the user who has -sufficient rights to perform the operation on the LDAP server. - -\item[{\sphinxstylestrong{\sphinxhyphen{}w} \sphinxstyleemphasis{passwd}}] \leavevmode -\sphinxAtStartPar -Specifies the password of \sphinxstyleemphasis{user\_dn}. This option is not -recommended. - -\item[{\sphinxstylestrong{\sphinxhyphen{}H} \sphinxstyleemphasis{ldapuri}}] \leavevmode -\sphinxAtStartPar -Specifies the URI of the LDAP server. - -\end{description} - -\sphinxAtStartPar -By default, kdb5\_ldap\_util operates on the default realm (as specified -in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}) and connects and authenticates to the LDAP -server in the same manner as :ref:kadmind(8)\textasciigrave{} would given the -parameters in {\hyperref[\detokenize{admin/conf_files/kdc_conf:dbdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}dbdefaults{]}}}}} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. - - -\subsection{COMMANDS} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:commands}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-options-end}} - -\subsubsection{create} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:create}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-create}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{create} -{[}\sphinxstylestrong{\sphinxhyphen{}subtrees} \sphinxstyleemphasis{subtree\_dn\_list}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}sscope} \sphinxstyleemphasis{search\_scope}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}containerref} \sphinxstyleemphasis{container\_reference\_dn}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{mkeytype}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}kv} \sphinxstyleemphasis{mkeyVNO}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}M} \sphinxstyleemphasis{mkeyname}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}m|\sphinxhyphen{}P} \sphinxstyleemphasis{password}|\sphinxstylestrong{\sphinxhyphen{}sf} \sphinxstyleemphasis{stashfilename}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}s}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]} -{[}\sphinxstyleemphasis{ticket\_flags}{]} -\end{quote} - -\sphinxAtStartPar -Creates realm in directory. Options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}subtrees} \sphinxstyleemphasis{subtree\_dn\_list}}] \leavevmode -\sphinxAtStartPar -Specifies the list of subtrees containing the principals of a -realm. The list contains the DNs of the subtree objects separated -by colon (\sphinxcode{\sphinxupquote{:}}). - -\item[{\sphinxstylestrong{\sphinxhyphen{}sscope} \sphinxstyleemphasis{search\_scope}}] \leavevmode -\sphinxAtStartPar -Specifies the scope for searching the principals under the -subtree. The possible values are 1 or one (one level), 2 or sub -(subtrees). - -\item[{\sphinxstylestrong{\sphinxhyphen{}containerref} \sphinxstyleemphasis{container\_reference\_dn}}] \leavevmode -\sphinxAtStartPar -Specifies the DN of the container object in which the principals -of a realm will be created. If the container reference is not -configured for a realm, the principals will be created in the -realm container. - -\item[{\sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{mkeytype}}] \leavevmode -\sphinxAtStartPar -Specifies the key type of the master key in the database. The -default is given by the \sphinxstylestrong{master\_key\_type} variable in -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}kv} \sphinxstyleemphasis{mkeyVNO}}] \leavevmode -\sphinxAtStartPar -Specifies the version number of the master key in the database; -the default is 1. Note that 0 is not allowed. - -\item[{\sphinxstylestrong{\sphinxhyphen{}M} \sphinxstyleemphasis{mkeyname}}] \leavevmode -\sphinxAtStartPar -Specifies the principal name for the master key in the database. -If not specified, the name is determined by the -\sphinxstylestrong{master\_key\_name} variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}m}}] \leavevmode -\sphinxAtStartPar -Specifies that the master database password should be read from -the TTY rather than fetched from a file on the disk. - -\item[{\sphinxstylestrong{\sphinxhyphen{}P} \sphinxstyleemphasis{password}}] \leavevmode -\sphinxAtStartPar -Specifies the master database password. This option is not -recommended. - -\item[{\sphinxstylestrong{\sphinxhyphen{}sf} \sphinxstyleemphasis{stashfilename}}] \leavevmode -\sphinxAtStartPar -Specifies the stash file of the master database password. - -\item[{\sphinxstylestrong{\sphinxhyphen{}s}}] \leavevmode -\sphinxAtStartPar -Specifies that the stash file is to be created. - -\item[{\sphinxstylestrong{\sphinxhyphen{}maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{getdate} string) Specifies maximum ticket life for -principals in this realm. - -\item[{\sphinxstylestrong{\sphinxhyphen{}maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{getdate} string) Specifies maximum renewable life of -tickets for principals in this realm. - -\item[{\sphinxstyleemphasis{ticket\_flags}}] \leavevmode -\sphinxAtStartPar -Specifies global ticket flags for the realm. Allowable flags are -documented in the description of the \sphinxstylestrong{add\_principal} command in -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}. - -\end{description} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{create} \PYG{o}{\PYGZhy{}}\PYG{n}{subtrees} \PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{sscope} \PYG{n}{SUB} -\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\PYG{n}{Initializing} \PYG{n}{database} \PYG{k}{for} \PYG{n}{realm} \PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{ATHENA.MIT.EDU}\PYG{l+s+s1}{\PYGZsq{}} -\PYG{n}{You} \PYG{n}{will} \PYG{n}{be} \PYG{n}{prompted} \PYG{k}{for} \PYG{n}{the} \PYG{n}{database} \PYG{n}{Master} \PYG{n}{Password}\PYG{o}{.} -\PYG{n}{It} \PYG{o+ow}{is} \PYG{n}{important} \PYG{n}{that} \PYG{n}{you} \PYG{n}{NOT} \PYG{n}{FORGET} \PYG{n}{this} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Enter} \PYG{n}{KDC} \PYG{n}{database} \PYG{n}{master} \PYG{n}{key}\PYG{p}{:} -\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{KDC} \PYG{n}{database} \PYG{n}{master} \PYG{n}{key} \PYG{n}{to} \PYG{n}{verify}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{modify} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:modify}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-create-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-modify}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{modify} -{[}\sphinxstylestrong{\sphinxhyphen{}subtrees} \sphinxstyleemphasis{subtree\_dn\_list}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}sscope} \sphinxstyleemphasis{search\_scope}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}containerref} \sphinxstyleemphasis{container\_reference\_dn}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]} -{[}\sphinxstyleemphasis{ticket\_flags}{]} -\end{quote} - -\sphinxAtStartPar -Modifies the attributes of a realm. Options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}subtrees} \sphinxstyleemphasis{subtree\_dn\_list}}] \leavevmode -\sphinxAtStartPar -Specifies the list of subtrees containing the principals of a -realm. The list contains the DNs of the subtree objects separated -by colon (\sphinxcode{\sphinxupquote{:}}). This list replaces the existing list. - -\item[{\sphinxstylestrong{\sphinxhyphen{}sscope} \sphinxstyleemphasis{search\_scope}}] \leavevmode -\sphinxAtStartPar -Specifies the scope for searching the principals under the -subtrees. The possible values are 1 or one (one level), 2 or sub -(subtrees). - -\item[{\sphinxstylestrong{\sphinxhyphen{}containerref} \sphinxstyleemphasis{container\_reference\_dn} Specifies the DN of the}] \leavevmode -\sphinxAtStartPar -container object in which the principals of a realm will be -created. - -\item[{\sphinxstylestrong{\sphinxhyphen{}maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{getdate} string) Specifies maximum ticket life for -principals in this realm. - -\item[{\sphinxstylestrong{\sphinxhyphen{}maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{getdate} string) Specifies maximum renewable life of -tickets for principals in this realm. - -\item[{\sphinxstyleemphasis{ticket\_flags}}] \leavevmode -\sphinxAtStartPar -Specifies global ticket flags for the realm. Allowable flags are -documented in the description of the \sphinxstylestrong{add\_principal} command in -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}. - -\end{description} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} - \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n}{modify} \PYG{o}{+}\PYG{n}{requires\PYGZus{}preauth} -\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - - -\subsubsection{view} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:view}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-modify-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-view}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{view} -\end{quote} - -\sphinxAtStartPar -Displays the attributes of a realm. - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{view} -\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\PYG{n}{Realm} \PYG{n}{Name}\PYG{p}{:} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{Subtree}\PYG{p}{:} \PYG{n}{ou}\PYG{o}{=}\PYG{n}{users}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} -\PYG{n}{Subtree}\PYG{p}{:} \PYG{n}{ou}\PYG{o}{=}\PYG{n}{servers}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} -\PYG{n}{SearchScope}\PYG{p}{:} \PYG{n}{ONE} -\PYG{n}{Maximum} \PYG{n}{ticket} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{0} \PYG{n}{days} \PYG{l+m+mi}{01}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00} -\PYG{n}{Maximum} \PYG{n}{renewable} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{0} \PYG{n}{days} \PYG{l+m+mi}{10}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00} -\PYG{n}{Ticket} \PYG{n}{flags}\PYG{p}{:} \PYG{n}{DISALLOW\PYGZus{}FORWARDABLE} \PYG{n}{REQUIRES\PYGZus{}PWCHANGE} -\end{sphinxVerbatim} - - -\subsubsection{destroy} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:destroy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-view-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-destroy}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{destroy} {[}\sphinxstylestrong{\sphinxhyphen{}f}{]} -\end{quote} - -\sphinxAtStartPar -Destroys an existing realm. Options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}f}}] \leavevmode -\sphinxAtStartPar -If specified, will not prompt the user for confirmation. - -\end{description} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -shell\PYGZpc{} kdb5\PYGZus{}ldap\PYGZus{}util \PYGZhy{}r ATHENA.MIT.EDU \PYGZhy{}D cn=admin,o=org \PYGZhy{}H - ldaps://ldap\PYGZhy{}server1.mit.edu destroy -Password for \PYGZdq{}cn=admin,o=org\PYGZdq{}: -Deleting KDC database of \PYGZsq{}ATHENA.MIT.EDU\PYGZsq{}, are you sure? -(type \PYGZsq{}yes\PYGZsq{} to confirm)? yes -OK, deleting database of \PYGZsq{}ATHENA.MIT.EDU\PYGZsq{}... -shell\PYGZpc{} -\end{sphinxVerbatim} - - -\subsubsection{list} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:list}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-destroy-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-list}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{list} -\end{quote} - -\sphinxAtStartPar -Lists the names of realms under the container. - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} - \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{n+nb}{list} -\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{OPENLDAP}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{MEDIA}\PYG{o}{\PYGZhy{}}\PYG{n}{LAB}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - - -\subsubsection{stashsrvpw} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:stashsrvpw}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-list-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-stashsrvpw}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{stashsrvpw} -{[}\sphinxstylestrong{\sphinxhyphen{}f} \sphinxstyleemphasis{filename}{]} -\sphinxstyleemphasis{name} -\end{quote} - -\sphinxAtStartPar -Allows an administrator to store the password for service object in a -file so that KDC and Administration server can use it to authenticate -to the LDAP server. Options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}f} \sphinxstyleemphasis{filename}}] \leavevmode -\sphinxAtStartPar -Specifies the complete path of the service password file. By -default, \sphinxcode{\sphinxupquote{/usr/local/var/service\_passwd}} is used. - -\item[{\sphinxstyleemphasis{name}}] \leavevmode -\sphinxAtStartPar -Specifies the name of the object whose password is to be stored. -If {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}} or {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} are configured for -simple binding, this should be the distinguished name it will -use as given by the \sphinxstylestrong{ldap\_kdc\_dn} or \sphinxstylestrong{ldap\_kadmind\_dn} -variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. If the KDC or kadmind is -configured for SASL binding, this should be the authentication -name it will use as given by the \sphinxstylestrong{ldap\_kdc\_sasl\_authcid} or -\sphinxstylestrong{ldap\_kadmind\_sasl\_authcid} variable. - -\end{description} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{n}{stashsrvpw} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{/}\PYG{n}{home}\PYG{o}{/}\PYG{n}{andrew}\PYG{o}{/}\PYG{n}{conf\PYGZus{}keyfile} - \PYG{n}{cn}\PYG{o}{=}\PYG{n}{service}\PYG{o}{\PYGZhy{}}\PYG{n}{kdc}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} -\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=service\PYGZhy{}kdc,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\PYG{n}{Re}\PYG{o}{\PYGZhy{}}\PYG{n}{enter} \PYG{n}{password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=service\PYGZhy{}kdc,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{create\_policy} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:create-policy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-stashsrvpw-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-create-policy}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{create\_policy} -{[}\sphinxstylestrong{\sphinxhyphen{}maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]} -{[}\sphinxstyleemphasis{ticket\_flags}{]} -\sphinxstyleemphasis{policy\_name} -\end{quote} - -\sphinxAtStartPar -Creates a ticket policy in the directory. Options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{getdate} string) Specifies maximum ticket life for -principals. - -\item[{\sphinxstylestrong{\sphinxhyphen{}maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{getdate} string) Specifies maximum renewable life of -tickets for principals. - -\item[{\sphinxstyleemphasis{ticket\_flags}}] \leavevmode -\sphinxAtStartPar -Specifies the ticket flags. If this option is not specified, by -default, no restriction will be set by the policy. Allowable -flags are documented in the description of the \sphinxstylestrong{add\_principal} -command in {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}. - -\item[{\sphinxstyleemphasis{policy\_name}}] \leavevmode -\sphinxAtStartPar -Specifies the name of the ticket policy. - -\end{description} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{create\PYGZus{}policy} \PYG{o}{\PYGZhy{}}\PYG{n}{maxtktlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{1 day}\PYG{l+s+s2}{\PYGZdq{}} - \PYG{o}{\PYGZhy{}}\PYG{n}{maxrenewlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{1 week}\PYG{l+s+s2}{\PYGZdq{}} \PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}postdated} \PYG{o}{+}\PYG{n}{needchange} - \PYG{o}{\PYGZhy{}}\PYG{n}{allow\PYGZus{}forwardable} \PYG{n}{tktpolicy} -\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{modify\_policy} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:modify-policy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-create-policy-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-modify-policy}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{modify\_policy} -{[}\sphinxstylestrong{\sphinxhyphen{}maxtktlife} \sphinxstyleemphasis{max\_ticket\_life}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}maxrenewlife} \sphinxstyleemphasis{max\_renewable\_ticket\_life}{]} -{[}\sphinxstyleemphasis{ticket\_flags}{]} -\sphinxstyleemphasis{policy\_name} -\end{quote} - -\sphinxAtStartPar -Modifies the attributes of a ticket policy. Options are same as for -\sphinxstylestrong{create\_policy}. - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} - \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{modify\PYGZus{}policy} - \PYG{o}{\PYGZhy{}}\PYG{n}{maxtktlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{60 minutes}\PYG{l+s+s2}{\PYGZdq{}} \PYG{o}{\PYGZhy{}}\PYG{n}{maxrenewlife} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{10 hours}\PYG{l+s+s2}{\PYGZdq{}} - \PYG{o}{+}\PYG{n}{allow\PYGZus{}postdated} \PYG{o}{\PYGZhy{}}\PYG{n}{requires\PYGZus{}preauth} \PYG{n}{tktpolicy} -\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\end{sphinxVerbatim} - - -\subsubsection{view\_policy} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:view-policy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-modify-policy-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-view-policy}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{view\_policy} -\sphinxstyleemphasis{policy\_name} -\end{quote} - -\sphinxAtStartPar -Displays the attributes of the named ticket policy. - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{view\PYGZus{}policy} \PYG{n}{tktpolicy} -\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\PYG{n}{Ticket} \PYG{n}{policy}\PYG{p}{:} \PYG{n}{tktpolicy} -\PYG{n}{Maximum} \PYG{n}{ticket} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{0} \PYG{n}{days} \PYG{l+m+mi}{01}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00} -\PYG{n}{Maximum} \PYG{n}{renewable} \PYG{n}{life}\PYG{p}{:} \PYG{l+m+mi}{0} \PYG{n}{days} \PYG{l+m+mi}{10}\PYG{p}{:}\PYG{l+m+mi}{00}\PYG{p}{:}\PYG{l+m+mi}{00} -\PYG{n}{Ticket} \PYG{n}{flags}\PYG{p}{:} \PYG{n}{DISALLOW\PYGZus{}FORWARDABLE} \PYG{n}{REQUIRES\PYGZus{}PWCHANGE} -\end{sphinxVerbatim} - - -\subsubsection{destroy\_policy} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:destroy-policy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-view-policy-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-destroy-policy}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{destroy\_policy} -{[}\sphinxstylestrong{\sphinxhyphen{}force}{]} -\sphinxstyleemphasis{policy\_name} -\end{quote} - -\sphinxAtStartPar -Destroys an existing ticket policy. Options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}force}}] \leavevmode -\sphinxAtStartPar -Forces the deletion of the policy object. If not specified, the -user will be prompted for confirmation before deleting the policy. - -\item[{\sphinxstyleemphasis{policy\_name}}] \leavevmode -\sphinxAtStartPar -Specifies the name of the ticket policy. - -\end{description} - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -kdb5\PYGZus{}ldap\PYGZus{}util \PYGZhy{}D cn=admin,o=org \PYGZhy{}H ldaps://ldap\PYGZhy{}server1.mit.edu - \PYGZhy{}r ATHENA.MIT.EDU destroy\PYGZus{}policy tktpolicy -Password for \PYGZdq{}cn=admin,o=org\PYGZdq{}: -This will delete the policy object \PYGZsq{}tktpolicy\PYGZsq{}, are you sure? -(type \PYGZsq{}yes\PYGZsq{} to confirm)? yes -** policy object \PYGZsq{}tktpolicy\PYGZsq{} deleted. -\end{sphinxVerbatim} - - -\subsubsection{list\_policy} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:list-policy}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-destroy-policy-end}}\phantomsection\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-list-policy}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{list\_policy} -\end{quote} - -\sphinxAtStartPar -Lists ticket policies. - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kdb5\PYGZus{}ldap\PYGZus{}util} \PYG{o}{\PYGZhy{}}\PYG{n}{D} \PYG{n}{cn}\PYG{o}{=}\PYG{n}{admin}\PYG{p}{,}\PYG{n}{o}\PYG{o}{=}\PYG{n}{org} \PYG{o}{\PYGZhy{}}\PYG{n}{H} \PYG{n}{ldaps}\PYG{p}{:}\PYG{o}{/}\PYG{o}{/}\PYG{n}{ldap}\PYG{o}{\PYGZhy{}}\PYG{n}{server1}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu} - \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{list\PYGZus{}policy} -\PYG{n}{Password} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{cn=admin,o=org}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{:} -\PYG{n}{tktpolicy} -\PYG{n}{tmppolicy} -\PYG{n}{userpolicy} -\end{sphinxVerbatim} - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:environment}}\label{\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-list-policy-end}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/kdb5_ldap_util:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}, \DUrole{xref,std,std-ref}{kerberos(7)} - - -\section{krb5kdc} -\label{\detokenize{admin/admin_commands/krb5kdc:krb5kdc}}\label{\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}}\label{\detokenize{admin/admin_commands/krb5kdc::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/krb5kdc:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{krb5kdc} -{[}\sphinxstylestrong{\sphinxhyphen{}x} \sphinxstyleemphasis{db\_args}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}d} \sphinxstyleemphasis{dbname}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{keytype}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}M} \sphinxstyleemphasis{mkeyname}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{portnum}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}m}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}n}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}w} \sphinxstyleemphasis{numworkers}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}P} \sphinxstyleemphasis{pid\_file}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}T} \sphinxstyleemphasis{time\_offset}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/krb5kdc:description}} -\sphinxAtStartPar -krb5kdc is the Kerberos version 5 Authentication Service and Key -Distribution Center (AS/KDC). - - -\subsection{OPTIONS} -\label{\detokenize{admin/admin_commands/krb5kdc:options}} -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm} option specifies the realm for which the server -should provide service. This option may be specified multiple times -to serve multiple realms. If no \sphinxstylestrong{\sphinxhyphen{}r} option is given, the default -realm (as specified in {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}) will be served. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}d} \sphinxstyleemphasis{dbname} option specifies the name under which the -principal database can be found. This option does not apply to the -LDAP database. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{keytype} option specifies the key type of the master key -to be entered manually as a password when \sphinxstylestrong{\sphinxhyphen{}m} is given; the default -is \sphinxcode{\sphinxupquote{aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96}}. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}M} \sphinxstyleemphasis{mkeyname} option specifies the principal name for the -master key in the database (usually \sphinxcode{\sphinxupquote{K/M}} in the KDC’s realm). - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}m} option specifies that the master database password should -be fetched from the keyboard rather than from a stash file. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}n} option specifies that the KDC does not put itself in the -background and does not disassociate itself from the terminal. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}P} \sphinxstyleemphasis{pid\_file} option tells the KDC to write its PID into -\sphinxstyleemphasis{pid\_file} after it starts up. This can be used to identify whether -the KDC is still running and to allow init scripts to stop the correct -process. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{portnum} option specifies the default UDP and TCP port -numbers which the KDC should listen on for Kerberos version 5 -requests, as a comma\sphinxhyphen{}separated list. This value overrides the port -numbers specified in the {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdcdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}kdcdefaults{]}}}}} section of -{\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}, but may be overridden by realm\sphinxhyphen{}specific values. -If no value is given from any source, the default port is 88. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}w} \sphinxstyleemphasis{numworkers} option tells the KDC to fork \sphinxstyleemphasis{numworkers} -processes to listen to the KDC ports and process requests in parallel. -The top level KDC process (whose pid is recorded in the pid file if -the \sphinxstylestrong{\sphinxhyphen{}P} option is also given) acts as a supervisor. The supervisor -will relay SIGHUP signals to the worker subprocesses, and will -terminate the worker subprocess if the it is itself terminated or if -any other worker process exits. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}x} \sphinxstyleemphasis{db\_args} option specifies database\sphinxhyphen{}specific arguments. -See {\hyperref[\detokenize{admin/admin_commands/kadmin_local:dboptions}]{\sphinxcrossref{\DUrole{std,std-ref}{Database Options}}}} in {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} for -supported arguments. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}T} \sphinxstyleemphasis{offset} option specifies a time offset, in seconds, which -the KDC will operate under. It is intended only for testing purposes. - - -\subsection{EXAMPLE} -\label{\detokenize{admin/admin_commands/krb5kdc:example}} -\sphinxAtStartPar -The KDC may service requests for multiple realms (maximum 32 realms). -The realms are listed on the command line. Per\sphinxhyphen{}realm options that can -be specified on the command line pertain for each realm that follows -it and are superseded by subsequent definitions of the same option. - -\sphinxAtStartPar -For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{krb5kdc} \PYG{o}{\PYGZhy{}}\PYG{n}{p} \PYG{l+m+mi}{2001} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{REALM1} \PYG{o}{\PYGZhy{}}\PYG{n}{p} \PYG{l+m+mi}{2002} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{REALM2} \PYG{o}{\PYGZhy{}}\PYG{n}{r} \PYG{n}{REALM3} -\end{sphinxVerbatim} - -\sphinxAtStartPar -specifies that the KDC listen on port 2001 for REALM1 and on port 2002 -for REALM2 and REALM3. Additionally, per\sphinxhyphen{}realm parameters may be -specified in the {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} file. The location of this file -may be specified by the \sphinxstylestrong{KRB5\_KDC\_PROFILE} environment variable. -Per\sphinxhyphen{}realm parameters specified in this file take precedence over -options specified on the command line. See the {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} -description for further details. - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/krb5kdc:environment}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/krb5kdc:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}}, {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}, {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}, -{\hyperref[\detokenize{admin/admin_commands/kdb5_ldap_util:kdb5-ldap-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_ldap\_util}}}}, \DUrole{xref,std,std-ref}{kerberos(7)} - - -\section{kprop} -\label{\detokenize{admin/admin_commands/kprop:kprop}}\label{\detokenize{admin/admin_commands/kprop:kprop-8}}\label{\detokenize{admin/admin_commands/kprop::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/kprop:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kprop} -{[}\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}f} \sphinxstyleemphasis{file}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}d}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}P} \sphinxstyleemphasis{port}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}s} \sphinxstyleemphasis{keytab}{]} -\sphinxstyleemphasis{replica\_host} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/kprop:description}} -\sphinxAtStartPar -kprop is used to securely propagate a Kerberos V5 database dump file -from the primary Kerberos server to a replica Kerberos server, which is -specified by \sphinxstyleemphasis{replica\_host}. The dump file must be created by -{\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}}. - - -\subsection{OPTIONS} -\label{\detokenize{admin/admin_commands/kprop:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}}] \leavevmode -\sphinxAtStartPar -Specifies the realm of the primary server. - -\item[{\sphinxstylestrong{\sphinxhyphen{}f} \sphinxstyleemphasis{file}}] \leavevmode -\sphinxAtStartPar -Specifies the filename where the dumped principal database file is -to be found; by default the dumped database file is normally -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/replica\_datatrans}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}P} \sphinxstyleemphasis{port}}] \leavevmode -\sphinxAtStartPar -Specifies the port to use to contact the {\hyperref[\detokenize{admin/admin_commands/kpropd:kpropd-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kpropd}}}} server -on the remote host. - -\item[{\sphinxstylestrong{\sphinxhyphen{}d}}] \leavevmode -\sphinxAtStartPar -Prints debugging information. - -\item[{\sphinxstylestrong{\sphinxhyphen{}s} \sphinxstyleemphasis{keytab}}] \leavevmode -\sphinxAtStartPar -Specifies the location of the keytab file. - -\end{description} - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/kprop:environment}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/kprop:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kpropd:kpropd-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kpropd}}}}, {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}}, {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}}, -\DUrole{xref,std,std-ref}{kerberos(7)} - - -\section{kpropd} -\label{\detokenize{admin/admin_commands/kpropd:kpropd}}\label{\detokenize{admin/admin_commands/kpropd:kpropd-8}}\label{\detokenize{admin/admin_commands/kpropd::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/kpropd:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kpropd} -{[}\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}A} \sphinxstyleemphasis{admin\_server}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}a} \sphinxstyleemphasis{acl\_file}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}f} \sphinxstyleemphasis{replica\_dumpfile}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}F} \sphinxstyleemphasis{principal\_database}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{kdb5\_util\_prog}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}P} \sphinxstyleemphasis{port}{]} -{[}\sphinxstylestrong{\textendash{}pid\sphinxhyphen{}file}=\sphinxstyleemphasis{pid\_file}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}D}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}d}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}s} \sphinxstyleemphasis{keytab\_file}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/kpropd:description}} -\sphinxAtStartPar -The \sphinxstyleemphasis{kpropd} command runs on the replica KDC server. It listens for -update requests made by the {\hyperref[\detokenize{admin/admin_commands/kprop:kprop-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop}}}} program. If incremental -propagation is enabled, it periodically requests incremental updates -from the primary KDC. - -\sphinxAtStartPar -When the replica receives a kprop request from the primary, kpropd -accepts the dumped KDC database and places it in a file, and then runs -{\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} to load the dumped database into the active -database which is used by {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}}. This allows the primary -Kerberos server to use {\hyperref[\detokenize{admin/admin_commands/kprop:kprop-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop}}}} to propagate its database to -the replica servers. Upon a successful download of the KDC database -file, the replica Kerberos server will have an up\sphinxhyphen{}to\sphinxhyphen{}date KDC -database. - -\sphinxAtStartPar -Where incremental propagation is not used, kpropd is commonly invoked -out of inetd(8) as a nowait service. This is done by adding a line to -the \sphinxcode{\sphinxupquote{/etc/inetd.conf}} file which looks like this: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kprop} \PYG{n}{stream} \PYG{n}{tcp} \PYG{n}{nowait} \PYG{n}{root} \PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{sbin}\PYG{o}{/}\PYG{n}{kpropd} \PYG{n}{kpropd} -\end{sphinxVerbatim} - -\sphinxAtStartPar -kpropd can also run as a standalone daemon, backgrounding itself and -waiting for connections on port 754 (or the port specified with the -\sphinxstylestrong{\sphinxhyphen{}P} option if given). Standalone mode is required for incremental -propagation. Starting in release 1.11, kpropd automatically detects -whether it was run from inetd and runs in standalone mode if it is -not. Prior to release 1.11, the \sphinxstylestrong{\sphinxhyphen{}S} option is required to run -kpropd in standalone mode; this option is now accepted for backward -compatibility but does nothing. - -\sphinxAtStartPar -Incremental propagation may be enabled with the \sphinxstylestrong{iprop\_enable} -variable in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}}. If incremental propagation is -enabled, the replica periodically polls the primary KDC for updates, at -an interval determined by the \sphinxstylestrong{iprop\_replica\_poll} variable. If the -replica receives updates, kpropd updates its log file with any updates -from the primary. {\hyperref[\detokenize{admin/admin_commands/kproplog:kproplog-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kproplog}}}} can be used to view a summary of -the update entry log on the replica KDC. If incremental propagation -is enabled, the principal \sphinxcode{\sphinxupquote{kiprop/replicahostname@REALM}} (where -\sphinxstyleemphasis{replicahostname} is the name of the replica KDC host, and \sphinxstyleemphasis{REALM} is -the name of the Kerberos realm) must be present in the replica’s -keytab file. - -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kproplog:kproplog-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kproplog}}}} can be used to force full replication when iprop is -enabled. - - -\subsection{OPTIONS} -\label{\detokenize{admin/admin_commands/kpropd:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{realm}}] \leavevmode -\sphinxAtStartPar -Specifies the realm of the primary server. - -\item[{\sphinxstylestrong{\sphinxhyphen{}A} \sphinxstyleemphasis{admin\_server}}] \leavevmode -\sphinxAtStartPar -Specifies the server to be contacted for incremental updates; by -default, the primary admin server is contacted. - -\item[{\sphinxstylestrong{\sphinxhyphen{}f} \sphinxstyleemphasis{file}}] \leavevmode -\sphinxAtStartPar -Specifies the filename where the dumped principal database file is -to be stored; by default the dumped database file is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/from\_master}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}F} \sphinxstyleemphasis{kerberos\_db}}] \leavevmode -\sphinxAtStartPar -Path to the Kerberos database file, if not the default. - -\item[{\sphinxstylestrong{\sphinxhyphen{}p}}] \leavevmode -\sphinxAtStartPar -Allows the user to specify the pathname to the {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}} -program; by default the pathname used is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{SBINDIR}}}}\sphinxcode{\sphinxupquote{/kdb5\_util}}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}D}}] \leavevmode -\sphinxAtStartPar -In this mode, kpropd will not detach itself from the current job -and run in the background. Instead, it will run in the -foreground. - -\item[{\sphinxstylestrong{\sphinxhyphen{}d}}] \leavevmode -\sphinxAtStartPar -Turn on debug mode. kpropd will print out debugging messages -during the database propogation and will run in the foreground -(implies \sphinxstylestrong{\sphinxhyphen{}D}). - -\item[{\sphinxstylestrong{\sphinxhyphen{}P}}] \leavevmode -\sphinxAtStartPar -Allow for an alternate port number for kpropd to listen on. This -is only useful in combination with the \sphinxstylestrong{\sphinxhyphen{}S} option. - -\item[{\sphinxstylestrong{\sphinxhyphen{}a} \sphinxstyleemphasis{acl\_file}}] \leavevmode -\sphinxAtStartPar -Allows the user to specify the path to the kpropd.acl file; by -default the path used is {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/kpropd.acl}}. - -\item[{\sphinxstylestrong{\textendash{}pid\sphinxhyphen{}file}=\sphinxstyleemphasis{pid\_file}}] \leavevmode -\sphinxAtStartPar -In standalone mode, write the process ID of the daemon into -\sphinxstyleemphasis{pid\_file}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}s} \sphinxstyleemphasis{keytab\_file}}] \leavevmode -\sphinxAtStartPar -Path to a keytab to use for acquiring acceptor credentials. - -\item[{\sphinxstylestrong{\sphinxhyphen{}x} \sphinxstyleemphasis{db\_args}}] \leavevmode -\sphinxAtStartPar -Database\sphinxhyphen{}specific arguments. See {\hyperref[\detokenize{admin/admin_commands/kadmin_local:dboptions}]{\sphinxcrossref{\DUrole{std,std-ref}{Database Options}}}} in {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} for supported arguments. - -\end{description} - - -\subsection{FILES} -\label{\detokenize{admin/admin_commands/kpropd:files}}\begin{description} -\item[{kpropd.acl}] \leavevmode -\sphinxAtStartPar -Access file for kpropd; the default location is -\sphinxcode{\sphinxupquote{/usr/local/var/krb5kdc/kpropd.acl}}. Each entry is a line -containing the principal of a host from which the local machine -will allow Kerberos database propagation via {\hyperref[\detokenize{admin/admin_commands/kprop:kprop-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop}}}}. - -\end{description} - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/kpropd:environment}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/kpropd:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kprop:kprop-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop}}}}, {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}}, {\hyperref[\detokenize{admin/admin_commands/krb5kdc:krb5kdc-8}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5kdc}}}}, -\DUrole{xref,std,std-ref}{kerberos(7)}, inetd(8) - - -\section{kproplog} -\label{\detokenize{admin/admin_commands/kproplog:kproplog}}\label{\detokenize{admin/admin_commands/kproplog:kproplog-8}}\label{\detokenize{admin/admin_commands/kproplog::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/kproplog:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kproplog} {[}\sphinxstylestrong{\sphinxhyphen{}h}{]} {[}\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{num}{]} {[}\sphinxhyphen{}v{]} -\sphinxstylestrong{kproplog} {[}\sphinxhyphen{}R{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/kproplog:description}} -\sphinxAtStartPar -The kproplog command displays the contents of the KDC database update -log to standard output. It can be used to keep track of incremental -updates to the principal database. The update log file contains the -update log maintained by the {\hyperref[\detokenize{admin/admin_commands/kadmind:kadmind-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmind}}}} process on the primary -KDC server and the {\hyperref[\detokenize{admin/admin_commands/kpropd:kpropd-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kpropd}}}} process on the replica KDC -servers. When updates occur, they are logged to this file. -Subsequently any KDC replica configured for incremental updates will -request the current data from the primary KDC and update their log -file with any updates returned. - -\sphinxAtStartPar -The kproplog command requires read access to the update log file. It -will display update entries only for the KDC it runs on. - -\sphinxAtStartPar -If no options are specified, kproplog displays a summary of the update -log. If invoked on the primary, kproplog also displays all of the -update entries. If invoked on a replica KDC server, kproplog displays -only a summary of the updates, which includes the serial number of the -last update received and the associated time stamp of the last update. - - -\subsection{OPTIONS} -\label{\detokenize{admin/admin_commands/kproplog:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}R}}] \leavevmode -\sphinxAtStartPar -Reset the update log. This forces full resynchronization. If -used on a replica then that replica will request a full resync. -If used on the primary then all replicas will request full -resyncs. - -\item[{\sphinxstylestrong{\sphinxhyphen{}h}}] \leavevmode -\sphinxAtStartPar -Display a summary of the update log. This information includes -the database version number, state of the database, the number of -updates in the log, the time stamp of the first and last update, -and the version number of the first and last update entry. - -\item[{\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{num}}] \leavevmode -\sphinxAtStartPar -Display the last \sphinxstyleemphasis{num} update entries in the log. This is useful -when debugging synchronization between KDC servers. - -\item[{\sphinxstylestrong{\sphinxhyphen{}v}}] \leavevmode -\sphinxAtStartPar -Display individual attributes per update. An example of the -output generated for one entry: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{Update} \PYG{n}{Entry} - \PYG{n}{Update} \PYG{n}{serial} \PYG{c+c1}{\PYGZsh{} : 4} - \PYG{n}{Update} \PYG{n}{operation} \PYG{p}{:} \PYG{n}{Add} - \PYG{n}{Update} \PYG{n}{principal} \PYG{p}{:} \PYG{n}{test}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} - \PYG{n}{Update} \PYG{n}{size} \PYG{p}{:} \PYG{l+m+mi}{424} - \PYG{n}{Update} \PYG{n}{committed} \PYG{p}{:} \PYG{k+kc}{True} - \PYG{n}{Update} \PYG{n}{time} \PYG{n}{stamp} \PYG{p}{:} \PYG{n}{Fri} \PYG{n}{Feb} \PYG{l+m+mi}{20} \PYG{l+m+mi}{23}\PYG{p}{:}\PYG{l+m+mi}{37}\PYG{p}{:}\PYG{l+m+mi}{42} \PYG{l+m+mi}{2004} - \PYG{n}{Attributes} \PYG{n}{changed} \PYG{p}{:} \PYG{l+m+mi}{6} - \PYG{n}{Principal} - \PYG{n}{Key} \PYG{n}{data} - \PYG{n}{Password} \PYG{n}{last} \PYG{n}{changed} - \PYG{n}{Modifying} \PYG{n}{principal} - \PYG{n}{Modification} \PYG{n}{time} - \PYG{n}{TL} \PYG{n}{data} -\end{sphinxVerbatim} - -\end{description} - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/kproplog:environment}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/kproplog:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kpropd:kpropd-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kpropd}}}}, \DUrole{xref,std,std-ref}{kerberos(7)} - - -\section{ktutil} -\label{\detokenize{admin/admin_commands/ktutil:ktutil}}\label{\detokenize{admin/admin_commands/ktutil:ktutil-1}}\label{\detokenize{admin/admin_commands/ktutil::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/ktutil:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{ktutil} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/ktutil:description}} -\sphinxAtStartPar -The ktutil command invokes a command interface from which an -administrator can read, write, or edit entries in a keytab. (Kerberos -V4 srvtab files are no longer supported.) - - -\subsection{COMMANDS} -\label{\detokenize{admin/admin_commands/ktutil:commands}} - -\subsubsection{list} -\label{\detokenize{admin/admin_commands/ktutil:list}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{list} {[}\sphinxstylestrong{\sphinxhyphen{}t}{]} {[}\sphinxstylestrong{\sphinxhyphen{}k}{]} {[}\sphinxstylestrong{\sphinxhyphen{}e}{]} -\end{quote} - -\sphinxAtStartPar -Displays the current keylist. If \sphinxstylestrong{\sphinxhyphen{}t}, \sphinxstylestrong{\sphinxhyphen{}k}, and/or \sphinxstylestrong{\sphinxhyphen{}e} are -specified, also display the timestamp, key contents, or enctype -(respectively). - -\sphinxAtStartPar -Alias: \sphinxstylestrong{l} - - -\subsubsection{read\_kt} -\label{\detokenize{admin/admin_commands/ktutil:read-kt}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{read\_kt} \sphinxstyleemphasis{keytab} -\end{quote} - -\sphinxAtStartPar -Read the Kerberos V5 keytab file \sphinxstyleemphasis{keytab} into the current keylist. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{rkt} - - -\subsubsection{write\_kt} -\label{\detokenize{admin/admin_commands/ktutil:write-kt}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{write\_kt} \sphinxstyleemphasis{keytab} -\end{quote} - -\sphinxAtStartPar -Write the current keylist into the Kerberos V5 keytab file \sphinxstyleemphasis{keytab}. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{wkt} - - -\subsubsection{clear\_list} -\label{\detokenize{admin/admin_commands/ktutil:clear-list}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{clear\_list} -\end{quote} - -\sphinxAtStartPar -Clear the current keylist. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{clear} - - -\subsubsection{delete\_entry} -\label{\detokenize{admin/admin_commands/ktutil:delete-entry}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{delete\_entry} \sphinxstyleemphasis{slot} -\end{quote} - -\sphinxAtStartPar -Delete the entry in slot number \sphinxstyleemphasis{slot} from the current keylist. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{delent} - - -\subsubsection{add\_entry} -\label{\detokenize{admin/admin_commands/ktutil:add-entry}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{add\_entry} \{\sphinxstylestrong{\sphinxhyphen{}key}|\sphinxstylestrong{\sphinxhyphen{}password}\} \sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{principal} -\sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{kvno} {[}\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{enctype}{]} {[}\sphinxstylestrong{\sphinxhyphen{}f}|\sphinxstylestrong{\sphinxhyphen{}s} \sphinxstyleemphasis{salt}{]} -\end{quote} - -\sphinxAtStartPar -Add \sphinxstyleemphasis{principal} to keylist using key or password. If the \sphinxstylestrong{\sphinxhyphen{}f} flag -is specified, salt information will be fetched from the KDC; in this -case the \sphinxstylestrong{\sphinxhyphen{}e} flag may be omitted, or it may be supplied to force a -particular enctype. If the \sphinxstylestrong{\sphinxhyphen{}f} flag is not specified, the \sphinxstylestrong{\sphinxhyphen{}e} -flag must be specified, and the default salt will be used unless -overridden with the \sphinxstylestrong{\sphinxhyphen{}s} option. - -\sphinxAtStartPar -Alias: \sphinxstylestrong{addent} - - -\subsubsection{list\_requests} -\label{\detokenize{admin/admin_commands/ktutil:list-requests}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{list\_requests} -\end{quote} - -\sphinxAtStartPar -Displays a listing of available commands. - -\sphinxAtStartPar -Aliases: \sphinxstylestrong{lr}, \sphinxstylestrong{?} - - -\subsubsection{quit} -\label{\detokenize{admin/admin_commands/ktutil:quit}}\begin{quote} - -\sphinxAtStartPar -\sphinxstylestrong{quit} -\end{quote} - -\sphinxAtStartPar -Quits ktutil. - -\sphinxAtStartPar -Aliases: \sphinxstylestrong{exit}, \sphinxstylestrong{q} - - -\subsection{EXAMPLE} -\label{\detokenize{admin/admin_commands/ktutil:example}}\begin{quote} - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{ktutil}\PYG{p}{:} \PYG{n}{add\PYGZus{}entry} \PYG{o}{\PYGZhy{}}\PYG{n}{password} \PYG{o}{\PYGZhy{}}\PYG{n}{p} \PYG{n}{alice}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{\PYGZhy{}}\PYG{n}{k} \PYG{l+m+mi}{1} \PYG{o}{\PYGZhy{}}\PYG{n}{e} - \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{alice}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{:} -\PYG{n}{ktutil}\PYG{p}{:} \PYG{n}{add\PYGZus{}entry} \PYG{o}{\PYGZhy{}}\PYG{n}{password} \PYG{o}{\PYGZhy{}}\PYG{n}{p} \PYG{n}{alice}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{\PYGZhy{}}\PYG{n}{k} \PYG{l+m+mi}{1} \PYG{o}{\PYGZhy{}}\PYG{n}{e} - \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{alice}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{:} -\PYG{n}{ktutil}\PYG{p}{:} \PYG{n}{write\PYGZus{}kt} \PYG{n}{alice}\PYG{o}{.}\PYG{n}{keytab} -\PYG{n}{ktutil}\PYG{p}{:} -\end{sphinxVerbatim} -\end{quote} - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/ktutil:environment}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/ktutil:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}, {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}}, \DUrole{xref,std,std-ref}{kerberos(7)} - - -\section{k5srvutil} -\label{\detokenize{admin/admin_commands/k5srvutil:k5srvutil}}\label{\detokenize{admin/admin_commands/k5srvutil:k5srvutil-1}}\label{\detokenize{admin/admin_commands/k5srvutil::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/k5srvutil:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{k5srvutil} \sphinxstyleemphasis{operation} -{[}\sphinxstylestrong{\sphinxhyphen{}i}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}f} \sphinxstyleemphasis{filename}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{keysalts}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/k5srvutil:description}} -\sphinxAtStartPar -k5srvutil allows an administrator to list keys currently in -a keytab, to obtain new keys for a principal currently in a keytab, -or to delete non\sphinxhyphen{}current keys from a keytab. - -\sphinxAtStartPar -\sphinxstyleemphasis{operation} must be one of the following: -\begin{description} -\item[{\sphinxstylestrong{list}}] \leavevmode -\sphinxAtStartPar -Lists the keys in a keytab, showing version number and principal -name. - -\item[{\sphinxstylestrong{change}}] \leavevmode -\sphinxAtStartPar -Uses the kadmin protocol to update the keys in the Kerberos -database to new randomly\sphinxhyphen{}generated keys, and updates the keys in -the keytab to match. If a key’s version number doesn’t match the -version number stored in the Kerberos server’s database, then the -operation will fail. If the \sphinxstylestrong{\sphinxhyphen{}i} flag is given, k5srvutil will -prompt for confirmation before changing each key. If the \sphinxstylestrong{\sphinxhyphen{}k} -option is given, the old and new keys will be displayed. -Ordinarily, keys will be generated with the default encryption -types and key salts. This can be overridden with the \sphinxstylestrong{\sphinxhyphen{}e} -option. Old keys are retained in the keytab so that existing -tickets continue to work, but \sphinxstylestrong{delold} should be used after -such tickets expire, to prevent attacks against the old keys. - -\item[{\sphinxstylestrong{delold}}] \leavevmode -\sphinxAtStartPar -Deletes keys that are not the most recent version from the keytab. -This operation should be used some time after a change operation -to remove old keys, after existing tickets issued for the service -have expired. If the \sphinxstylestrong{\sphinxhyphen{}i} flag is given, then k5srvutil will -prompt for confirmation for each principal. - -\item[{\sphinxstylestrong{delete}}] \leavevmode -\sphinxAtStartPar -Deletes particular keys in the keytab, interactively prompting for -each key. - -\end{description} - -\sphinxAtStartPar -In all cases, the default keytab is used unless this is overridden by -the \sphinxstylestrong{\sphinxhyphen{}f} option. - -\sphinxAtStartPar -k5srvutil uses the {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} program to edit the keytab in -place. - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/k5srvutil:environment}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/k5srvutil:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}, {\hyperref[\detokenize{admin/admin_commands/ktutil:ktutil-1}]{\sphinxcrossref{\DUrole{std,std-ref}{ktutil}}}}, \DUrole{xref,std,std-ref}{kerberos(7)} - - -\section{sserver} -\label{\detokenize{admin/admin_commands/sserver:sserver}}\label{\detokenize{admin/admin_commands/sserver:sserver-8}}\label{\detokenize{admin/admin_commands/sserver::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{admin/admin_commands/sserver:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{sserver} -{[} \sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{port} {]} -{[} \sphinxstylestrong{\sphinxhyphen{}S} \sphinxstyleemphasis{keytab} {]} -{[} \sphinxstyleemphasis{server\_port} {]} - - -\subsection{DESCRIPTION} -\label{\detokenize{admin/admin_commands/sserver:description}} -\sphinxAtStartPar -sserver and \DUrole{xref,std,std-ref}{sclient(1)} are a simple demonstration client/server -application. When sclient connects to sserver, it performs a Kerberos -authentication, and then sserver returns to sclient the Kerberos -principal which was used for the Kerberos authentication. It makes a -good test that Kerberos has been successfully installed on a machine. - -\sphinxAtStartPar -The service name used by sserver and sclient is sample. Hence, -sserver will require that there be a keytab entry for the service -\sphinxcode{\sphinxupquote{sample/hostname.domain.name@REALM.NAME}}. This keytab is generated -using the {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} program. The keytab file is usually -installed as {\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFKTNAME}}}}. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}S} option allows for a different keytab than the default. - -\sphinxAtStartPar -sserver is normally invoked out of inetd(8), using a line in -\sphinxcode{\sphinxupquote{/etc/inetd.conf}} that looks like this: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{sample} \PYG{n}{stream} \PYG{n}{tcp} \PYG{n}{nowait} \PYG{n}{root} \PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{sbin}\PYG{o}{/}\PYG{n}{sserver} \PYG{n}{sserver} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Since \sphinxcode{\sphinxupquote{sample}} is normally not a port defined in \sphinxcode{\sphinxupquote{/etc/services}}, -you will usually have to add a line to \sphinxcode{\sphinxupquote{/etc/services}} which looks -like this: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{sample} \PYG{l+m+mi}{13135}\PYG{o}{/}\PYG{n}{tcp} -\end{sphinxVerbatim} - -\sphinxAtStartPar -When using sclient, you will first have to have an entry in the -Kerberos database, by using {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}, and then you have to get -Kerberos tickets, by using \DUrole{xref,std,std-ref}{kinit(1)}. Also, if you are running -the sclient program on a different host than the sserver it will be -connecting to, be sure that both hosts have an entry in /etc/services -for the sample tcp port, and that the same port number is in both -files. - -\sphinxAtStartPar -When you run sclient you should see something like this: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{sendauth} \PYG{n}{succeeded}\PYG{p}{,} \PYG{n}{reply} \PYG{o+ow}{is}\PYG{p}{:} -\PYG{n}{reply} \PYG{n+nb}{len} \PYG{l+m+mi}{32}\PYG{p}{,} \PYG{n}{contents}\PYG{p}{:} -\PYG{n}{You} \PYG{n}{are} \PYG{n}{nlgilman}\PYG{n+nd}{@JIMI}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\end{sphinxVerbatim} - - -\subsection{COMMON ERROR MESSAGES} -\label{\detokenize{admin/admin_commands/sserver:common-error-messages}}\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{)}% -\item {} -\sphinxAtStartPar -kinit returns the error: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{kinit}\PYG{p}{:} \PYG{n}{Client} \PYG{o+ow}{not} \PYG{n}{found} \PYG{o+ow}{in} \PYG{n}{Kerberos} \PYG{n}{database} \PYG{k}{while} \PYG{n}{getting} - \PYG{n}{initial} \PYG{n}{credentials} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This means that you didn’t create an entry for your username in the -Kerberos database. - -\item {} -\sphinxAtStartPar -sclient returns the error: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{unknown} \PYG{n}{service} \PYG{n}{sample}\PYG{o}{/}\PYG{n}{tcp}\PYG{p}{;} \PYG{n}{check} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{services} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This means that you don’t have an entry in /etc/services for the -sample tcp port. - -\item {} -\sphinxAtStartPar -sclient returns the error: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{connect}\PYG{p}{:} \PYG{n}{Connection} \PYG{n}{refused} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This probably means you didn’t edit /etc/inetd.conf correctly, or -you didn’t restart inetd after editing inetd.conf. - -\item {} -\sphinxAtStartPar -sclient returns the error: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{sclient}\PYG{p}{:} \PYG{n}{Server} \PYG{o+ow}{not} \PYG{n}{found} \PYG{o+ow}{in} \PYG{n}{Kerberos} \PYG{n}{database} \PYG{k}{while} \PYG{n}{using} - \PYG{n}{sendauth} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This means that the \sphinxcode{\sphinxupquote{sample/hostname@LOCAL.REALM}} service was not -defined in the Kerberos database; it should be created using -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}, and a keytab file needs to be generated to make -the key for that service principal available for sclient. - -\item {} -\sphinxAtStartPar -sclient returns the error: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{sendauth} \PYG{n}{rejected}\PYG{p}{,} \PYG{n}{error} \PYG{n}{reply} \PYG{o+ow}{is}\PYG{p}{:} - \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{No such file or directory}\PYG{l+s+s2}{\PYGZdq{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This probably means sserver couldn’t find the keytab file. It was -probably not installed in the proper directory. - -\end{enumerate} - - -\subsection{ENVIRONMENT} -\label{\detokenize{admin/admin_commands/sserver:environment}} -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{kerberos(7)} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{admin/admin_commands/sserver:see-also}} -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{sclient(1)}, \DUrole{xref,std,std-ref}{kerberos(7)}, services(5), inetd(8) - - -\chapter{MIT Kerberos defaults} -\label{\detokenize{mitK5defaults:mit-kerberos-defaults}}\label{\detokenize{mitK5defaults:mitk5defaults}}\label{\detokenize{mitK5defaults::doc}} - -\section{General defaults} -\label{\detokenize{mitK5defaults:general-defaults}} - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|T|} -\hline -\sphinxstyletheadfamily -\sphinxAtStartPar -Description -&\sphinxstyletheadfamily -\sphinxAtStartPar -Default -&\sphinxstyletheadfamily -\sphinxAtStartPar -Environment -\\ -\hline -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{keytab\_definition} file -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFKTNAME}}}} -& -\sphinxAtStartPar -\sphinxstylestrong{KRB5\_KTNAME} -\\ -\hline -\sphinxAtStartPar -Client \DUrole{xref,std,std-ref}{keytab\_definition} file -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{DEFCKTNAME}}}} -& -\sphinxAtStartPar -\sphinxstylestrong{KRB5\_CLIENT\_KTNAME} -\\ -\hline -\sphinxAtStartPar -Kerberos config file {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/etc/krb5.conf}}\sphinxcode{\sphinxupquote{:}}{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{SYSCONFDIR}}}}\sphinxcode{\sphinxupquote{/krb5.conf}} -& -\sphinxAtStartPar -\sphinxstylestrong{KRB5\_CONFIG} -\\ -\hline -\sphinxAtStartPar -KDC config file {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/kdc.conf}} -& -\sphinxAtStartPar -\sphinxstylestrong{KRB5\_KDC\_PROFILE} -\\ -\hline -\sphinxAtStartPar -GSS mechanism config file -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{SYSCONFDIR}}}}\sphinxcode{\sphinxupquote{/gss/mech}} -& -\sphinxAtStartPar -\sphinxstylestrong{GSS\_MECH\_CONFIG} -\\ -\hline -\sphinxAtStartPar -KDC database path (DB2) -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/principal}} -&\\ -\hline -\sphinxAtStartPar -Master key \DUrole{xref,std,std-ref}{stash\_definition} -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/.k5.}}\sphinxstyleemphasis{realm} -&\\ -\hline -\sphinxAtStartPar -Admin server ACL file {\hyperref[\detokenize{admin/conf_files/kadm5_acl:kadm5-acl-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kadm5.acl}}}} -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/kadm5.acl}} -&\\ -\hline -\sphinxAtStartPar -OTP socket directory -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{RUNSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}} -&\\ -\hline -\sphinxAtStartPar -Plugin base directory -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LIBDIR}}}}\sphinxcode{\sphinxupquote{/krb5/plugins}} -&\\ -\hline -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{rcache\_definition} directory -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/var/tmp}} -& -\sphinxAtStartPar -\sphinxstylestrong{KRB5RCACHEDIR} -\\ -\hline -\sphinxAtStartPar -Master key default enctype -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96}} -&\\ -\hline -\sphinxAtStartPar -Default {\hyperref[\detokenize{admin/conf_files/kdc_conf:keysalt-lists}]{\sphinxcrossref{\DUrole{std,std-ref}{keysalt list}}}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96:normal aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96:normal}} -&\\ -\hline -\sphinxAtStartPar -Permitted enctypes -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96 aes256\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha384\sphinxhyphen{}192 aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha256\sphinxhyphen{}128 des3\sphinxhyphen{}cbc\sphinxhyphen{}sha1 arcfour\sphinxhyphen{}hmac\sphinxhyphen{}md5 camellia256\sphinxhyphen{}cts\sphinxhyphen{}cmac camellia128\sphinxhyphen{}cts\sphinxhyphen{}cmac}} -&\\ -\hline -\sphinxAtStartPar -KDC default port -& -\sphinxAtStartPar -88 -&\\ -\hline -\sphinxAtStartPar -Admin server port -& -\sphinxAtStartPar -749 -&\\ -\hline -\sphinxAtStartPar -Password change port -& -\sphinxAtStartPar -464 -&\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\section{Replica KDC propagation defaults} -\label{\detokenize{mitK5defaults:replica-kdc-propagation-defaults}} -\sphinxAtStartPar -This table shows defaults used by the {\hyperref[\detokenize{admin/admin_commands/kprop:kprop-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop}}}} and -{\hyperref[\detokenize{admin/admin_commands/kpropd:kpropd-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kpropd}}}} programs. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|T|} -\hline -\sphinxstyletheadfamily -\sphinxAtStartPar -Description -&\sphinxstyletheadfamily -\sphinxAtStartPar -Default -&\sphinxstyletheadfamily -\sphinxAtStartPar -Environment -\\ -\hline -\sphinxAtStartPar -kprop database dump file -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/replica\_datatrans}} -&\\ -\hline -\sphinxAtStartPar -kpropd temporary dump file -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/from\_master}} -&\\ -\hline -\sphinxAtStartPar -kdb5\_util location -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{SBINDIR}}}}\sphinxcode{\sphinxupquote{/kdb5\_util}} -&\\ -\hline -\sphinxAtStartPar -kprop location -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{SBINDIR}}}}\sphinxcode{\sphinxupquote{/kprop}} -&\\ -\hline -\sphinxAtStartPar -kpropd ACL file -& -\sphinxAtStartPar -{\hyperref[\detokenize{mitK5defaults:paths}]{\sphinxcrossref{\DUrole{std,std-ref}{LOCALSTATEDIR}}}}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/kpropd.acl}} -&\\ -\hline -\sphinxAtStartPar -kprop port -& -\sphinxAtStartPar -754 -& -\sphinxAtStartPar -KPROP\_PORT -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\section{Default paths for Unix\sphinxhyphen{}like systems} -\label{\detokenize{mitK5defaults:default-paths-for-unix-like-systems}}\label{\detokenize{mitK5defaults:paths}} -\sphinxAtStartPar -On Unix\sphinxhyphen{}like systems, some paths used by MIT krb5 depend on parameters -chosen at build time. For a custom build, these paths default to -subdirectories of \sphinxcode{\sphinxupquote{/usr/local}}. When MIT krb5 is integrated into an -operating system, the paths are generally chosen to match the -operating system’s filesystem layout. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|T|T|} -\hline -\sphinxstyletheadfamily -\sphinxAtStartPar -Description -&\sphinxstyletheadfamily -\sphinxAtStartPar -Symbolic name -&\sphinxstyletheadfamily -\sphinxAtStartPar -Custom build path -&\sphinxstyletheadfamily -\sphinxAtStartPar -Typical OS path -\\ -\hline -\sphinxAtStartPar -User programs -& -\sphinxAtStartPar -BINDIR -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/usr/local/bin}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/usr/bin}} -\\ -\hline -\sphinxAtStartPar -Libraries and plugins -& -\sphinxAtStartPar -LIBDIR -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/usr/local/lib}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/usr/lib}} -\\ -\hline -\sphinxAtStartPar -Parent of KDC state dir -& -\sphinxAtStartPar -LOCALSTATEDIR -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/usr/local/var}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/var}} -\\ -\hline -\sphinxAtStartPar -Parent of KDC runtime dir -& -\sphinxAtStartPar -RUNSTATEDIR -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/usr/local/var/run}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/run}} -\\ -\hline -\sphinxAtStartPar -Administrative programs -& -\sphinxAtStartPar -SBINDIR -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/usr/local/sbin}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/usr/sbin}} -\\ -\hline -\sphinxAtStartPar -Alternate krb5.conf dir -& -\sphinxAtStartPar -SYSCONFDIR -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/usr/local/etc}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{/etc}} -\\ -\hline -\sphinxAtStartPar -Default ccache name -& -\sphinxAtStartPar -DEFCCNAME -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{FILE:/tmp/krb5cc\_\%\{uid\}}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{FILE:/tmp/krb5cc\_\%\{uid\}}} -\\ -\hline -\sphinxAtStartPar -Default keytab name -& -\sphinxAtStartPar -DEFKTNAME -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{FILE:/etc/krb5.keytab}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{FILE:/etc/krb5.keytab}} -\\ -\hline -\sphinxAtStartPar -Default PKCS11 module -& -\sphinxAtStartPar -PKCS11\_MODNAME -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{opensc\sphinxhyphen{}pkcs11.so}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{opensc\sphinxhyphen{}pkcs11.so}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - -\sphinxAtStartPar -The default client keytab name (DEFCKTNAME) typically defaults to -\sphinxcode{\sphinxupquote{FILE:/usr/local/var/krb5/user/\%\{euid\}/client.keytab}} for a custom -build. A native build will typically use a path which will vary -according to the operating system’s layout of \sphinxcode{\sphinxupquote{/var}}. - - -\chapter{Environment variables} -\label{\detokenize{admin/env_variables:environment-variables}}\label{\detokenize{admin/env_variables::doc}} -\sphinxAtStartPar -This content has moved to \DUrole{xref,std,std-ref}{kerberos(7)}. - - -\chapter{Troubleshooting} -\label{\detokenize{admin/troubleshoot:troubleshooting}}\label{\detokenize{admin/troubleshoot:troubleshoot}}\label{\detokenize{admin/troubleshoot::doc}} - -\section{Trace logging} -\label{\detokenize{admin/troubleshoot:trace-logging}}\label{\detokenize{admin/troubleshoot:id1}} -\sphinxAtStartPar -Most programs using MIT krb5 1.9 or later can be made to provide -information about internal krb5 library operations using trace -logging. To enable this, set the \sphinxstylestrong{KRB5\_TRACE} environment variable -to a filename before running the program. On many operating systems, -the filename \sphinxcode{\sphinxupquote{/dev/stdout}} can be used to send trace logging output -to standard output. - -\sphinxAtStartPar -Some programs do not honor \sphinxstylestrong{KRB5\_TRACE}, either because they use -secure library contexts (this generally applies to setuid programs and -parts of the login system) or because they take direct control of the -trace logging system using the API. - -\sphinxAtStartPar -Here is a short example showing trace logging output for an invocation -of the \DUrole{xref,std,std-ref}{kvno(1)} command: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{env} \PYG{n}{KRB5\PYGZus{}TRACE}\PYG{o}{=}\PYG{o}{/}\PYG{n}{dev}\PYG{o}{/}\PYG{n}{stdout} \PYG{n}{kvno} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{KRBTEST}\PYG{o}{.}\PYG{n}{COM} -\PYG{p}{[}\PYG{l+m+mi}{9138}\PYG{p}{]} \PYG{l+m+mf}{1332348778.823276}\PYG{p}{:} \PYG{n}{Getting} \PYG{n}{credentials} \PYG{n}{user}\PYG{n+nd}{@KRBTEST}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}} - \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{KRBTEST}\PYG{o}{.}\PYG{n}{COM}\PYG{n+nd}{@KRBTEST}\PYG{o}{.}\PYG{n}{COM} \PYG{n}{using} \PYG{n}{ccache} - \PYG{n}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{me}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{/}\PYG{n}{build}\PYG{o}{/}\PYG{n}{testdir}\PYG{o}{/}\PYG{n}{ccache} -\PYG{p}{[}\PYG{l+m+mi}{9138}\PYG{p}{]} \PYG{l+m+mf}{1332348778.823381}\PYG{p}{:} \PYG{n}{Retrieving} \PYG{n}{user}\PYG{n+nd}{@KRBTEST}\PYG{o}{.}\PYG{n}{COM} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}} - \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{KRBTEST}\PYG{o}{.}\PYG{n}{COM}\PYG{n+nd}{@KRBTEST}\PYG{o}{.}\PYG{n}{COM} \PYG{k+kn}{from} - \PYG{n+nn}{FILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{me}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{/}\PYG{n}{build}\PYG{o}{/}\PYG{n}{testdir}\PYG{o}{/}\PYG{n}{ccache} \PYG{k}{with} \PYG{n}{result}\PYG{p}{:} \PYG{l+m+mi}{0}\PYG{o}{/}\PYG{n}{Unknown} \PYG{n}{code} \PYG{l+m+mi}{0} -\PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{KRBTEST}\PYG{o}{.}\PYG{n}{COM}\PYG{n+nd}{@KRBTEST}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{:} \PYG{n}{kvno} \PYG{o}{=} \PYG{l+m+mi}{1} -\end{sphinxVerbatim} - - -\section{List of errors} -\label{\detokenize{admin/troubleshoot:list-of-errors}} - -\subsection{Frequently seen errors} -\label{\detokenize{admin/troubleshoot:frequently-seen-errors}}\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/troubleshoot:init-creds-etype-nosupp}]{\sphinxcrossref{\DUrole{std,std-ref}{KDC has no support for encryption type while getting initial credentials}}}} - -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/troubleshoot:cert-chain-etype-nosupp}]{\sphinxcrossref{\DUrole{std,std-ref}{credential verification failed: KDC has no support for encryption type}}}} - -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/troubleshoot:err-cert-chain-cert-expired}]{\sphinxcrossref{\DUrole{std,std-ref}{Cannot create cert chain: certificate has expired}}}} - -\end{enumerate} - - -\subsection{Errors seen by admins} -\label{\detokenize{admin/troubleshoot:errors-seen-by-admins}}\phantomsection\label{\detokenize{admin/troubleshoot:prop-failed-start}}\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/troubleshoot:kprop-no-route}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop: No route to host while connecting to server}}}} - -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/troubleshoot:kprop-con-refused}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop: Connection refused while connecting to server}}}} - -\item {} -\sphinxAtStartPar -{\hyperref[\detokenize{admin/troubleshoot:kprop-sendauth-exchange}]{\sphinxcrossref{\DUrole{std,std-ref}{kprop: Server rejected authentication (during sendauth exchange) while authenticating to server}}}} - -\end{enumerate} -\phantomsection\label{\detokenize{admin/troubleshoot:prop-failed-end}} - -\bigskip\hrule\bigskip - - - -\subsubsection{KDC has no support for encryption type while getting initial credentials} -\label{\detokenize{admin/troubleshoot:kdc-has-no-support-for-encryption-type-while-getting-initial-credentials}}\label{\detokenize{admin/troubleshoot:init-creds-etype-nosupp}} - -\subsubsection{credential verification failed: KDC has no support for encryption type} -\label{\detokenize{admin/troubleshoot:credential-verification-failed-kdc-has-no-support-for-encryption-type}}\label{\detokenize{admin/troubleshoot:cert-chain-etype-nosupp}} -\sphinxAtStartPar -This most commonly happens when trying to use a principal with only -DES keys, in a release (MIT krb5 1.7 or later) which disables DES by -default. DES encryption is considered weak due to its inadequate key -size. If you cannot migrate away from its use, you can re\sphinxhyphen{}enable DES -by adding \sphinxcode{\sphinxupquote{allow\_weak\_crypto = true}} to the {\hyperref[\detokenize{admin/conf_files/krb5_conf:libdefaults}]{\sphinxcrossref{\DUrole{std,std-ref}{{[}libdefaults{]}}}}} -section of {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}}. - - -\subsubsection{Cannot create cert chain: certificate has expired} -\label{\detokenize{admin/troubleshoot:cannot-create-cert-chain-certificate-has-expired}}\label{\detokenize{admin/troubleshoot:err-cert-chain-cert-expired}} -\sphinxAtStartPar -This error message indicates that PKINIT authentication failed because -the client certificate, KDC certificate, or one of the certificates in -the signing chain above them has expired. - -\sphinxAtStartPar -If the KDC certificate has expired, this message appears in the KDC -log file, and the client will receive a “Preauthentication failed†-error. (Prior to release 1.11, the KDC log file message erroneously -appears as “Out of memoryâ€. Prior to release 1.12, the client will -receive a “Generic errorâ€.) - -\sphinxAtStartPar -If the client or a signing certificate has expired, this message may -appear in {\hyperref[\detokenize{admin/troubleshoot:trace-logging}]{\sphinxcrossref{trace\_logging}}} output from \DUrole{xref,std,std-ref}{kinit(1)} or, starting in -release 1.12, as an error message from kinit or another program which -gets initial tickets. The error message is more likely to appear -properly on the client if the principal entry has no long\sphinxhyphen{}term keys. - - -\subsubsection{kprop: No route to host while connecting to server} -\label{\detokenize{admin/troubleshoot:kprop-no-route-to-host-while-connecting-to-server}}\label{\detokenize{admin/troubleshoot:kprop-no-route}} -\sphinxAtStartPar -Make sure that the hostname of the replica KDC (as given to kprop) is -correct, and that any firewalls between the primary and the replica -allow a connection on port 754. - - -\subsubsection{kprop: Connection refused while connecting to server} -\label{\detokenize{admin/troubleshoot:kprop-connection-refused-while-connecting-to-server}}\label{\detokenize{admin/troubleshoot:kprop-con-refused}} -\sphinxAtStartPar -If the replica KDC is intended to run kpropd out of inetd, make sure -that inetd is configured to accept krb5\_prop connections. inetd may -need to be restarted or sent a SIGHUP to recognize the new -configuration. If the replica is intended to run kpropd in standalone -mode, make sure that it is running. - - -\subsubsection{kprop: Server rejected authentication (during sendauth exchange) while authenticating to server} -\label{\detokenize{admin/troubleshoot:kprop-server-rejected-authentication-during-sendauth-exchange-while-authenticating-to-server}}\label{\detokenize{admin/troubleshoot:kprop-sendauth-exchange}} -\sphinxAtStartPar -Make sure that: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -The time is synchronized between the primary and replica KDCs. - -\item {} -\sphinxAtStartPar -The master stash file was copied from the primary to the expected -location on the replica. - -\item {} -\sphinxAtStartPar -The replica has a keytab file in the default location containing a -\sphinxcode{\sphinxupquote{host}} principal for the replica’s hostname. - -\end{enumerate} - - -\chapter{Advanced topics} -\label{\detokenize{admin/advanced/index:advanced-topics}}\label{\detokenize{admin/advanced/index::doc}} - -\section{Retiring DES} -\label{\detokenize{admin/advanced/retiring-des:retiring-des}}\label{\detokenize{admin/advanced/retiring-des:id1}}\label{\detokenize{admin/advanced/retiring-des::doc}} -\sphinxAtStartPar -Version 5 of the Kerberos protocol was originally implemented using -the Data Encryption Standard (DES) as a block cipher for encryption. -While it was considered secure at the time, advancements in computational -ability have rendered DES vulnerable to brute force attacks on its 56\sphinxhyphen{}bit -keyspace. As such, it is now considered insecure and should not be -used (\index{RFC@\spxentry{RFC}!RFC 6649@\spxentry{RFC 6649}}\sphinxhref{https://tools.ietf.org/html/rfc6649.html}{\sphinxstylestrong{RFC 6649}}). - - -\subsection{History} -\label{\detokenize{admin/advanced/retiring-des:history}} -\sphinxAtStartPar -DES was used in the original Kerberos implementation, and was the -only cryptosystem in krb5 1.0. Partial support for triple\sphinxhyphen{}DES (3DES) was -added in version 1.1, with full support following in version 1.2. -The Advanced Encryption Standard (AES), which supersedes DES, gained -partial support in version 1.3.0 of krb5 and full support in version 1.3.2. -However, deployments of krb5 using Kerberos databases created with older -versions of krb5 will not necessarily start using strong crypto for -ordinary operation without administrator intervention. - -\sphinxAtStartPar -MIT krb5 began flagging deprecated encryption types with release 1.17, -and removed DES (single\sphinxhyphen{}DES) support in release 1.18. As a -consequence, a release prior to 1.18 is required to perform these -migrations. - - -\subsection{Types of keys} -\label{\detokenize{admin/advanced/retiring-des:types-of-keys}}\begin{itemize} -\item {} -\sphinxAtStartPar -The database master key: This key is not exposed to user requests, -but is used to encrypt other key material stored in the kerberos -database. The database master key is currently stored as \sphinxcode{\sphinxupquote{K/M}} -by default. - -\item {} -\sphinxAtStartPar -Password\sphinxhyphen{}derived keys: User principals frequently have keys -derived from a password. When a new password is set, the KDC -uses various string2key functions to generate keys in the database -for that principal. - -\item {} -\sphinxAtStartPar -Keytab keys: Application server principals generally use random -keys which are not derived from a password. When the database -entry is created, the KDC generates random keys of various enctypes -to enter in the database, which are conveyed to the application server -and stored in a keytab. - -\item {} -\sphinxAtStartPar -Session keys: These are short\sphinxhyphen{}term keys generated by the KDC while -processing client requests, with an enctype selected by the KDC. - -\end{itemize} - -\sphinxAtStartPar -For details on the various enctypes and how enctypes are selected by the KDC -for session keys and client/server long\sphinxhyphen{}term keys, see {\hyperref[\detokenize{admin/enctypes:enctypes}]{\sphinxcrossref{\DUrole{std,std-ref}{Encryption types}}}}. -When using the {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} interface to generate new long\sphinxhyphen{}term keys, -the \sphinxstylestrong{\sphinxhyphen{}e} argument can be used to force a particular set of enctypes, -overriding the KDC default values. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -When the KDC is selecting a session key, it has no knowledge about the -kerberos installation on the server which will receive the service ticket, -only what keys are in the database for the service principal. -In order to allow uninterrupted operation to -clients while migrating away from DES, care must be taken to ensure that -kerberos installations on application server machines are configured to -support newer encryption types before keys of those new encryption types -are created in the Kerberos database for those server principals. -\end{sphinxadmonition} - - -\subsection{Upgrade procedure} -\label{\detokenize{admin/advanced/retiring-des:upgrade-procedure}} -\sphinxAtStartPar -This procedure assumes that the KDC software has already been upgraded -to a modern version of krb5 that supports non\sphinxhyphen{}DES keys, so that the -only remaining task is to update the actual keys used to service requests. -The realm used for demonstrating this procedure, ZONE.MIT.EDU, -is an example of the worst\sphinxhyphen{}case scenario, where all keys in the realm -are DES. The realm was initially created with a very old version of krb5, -and \sphinxstylestrong{supported\_enctypes} in {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} was set to a value -appropriate when the KDC was installed, but was not updated as the KDC -was upgraded: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{p}{[}\PYG{o}{.}\PYG{o}{.}\PYG{o}{.}\PYG{p}{]} - \PYG{n}{master\PYGZus{}key\PYGZus{}type} \PYG{o}{=} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc} - \PYG{n}{supported\PYGZus{}enctypes} \PYG{o}{=} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{des}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{des}\PYG{p}{:}\PYG{n}{v4} \PYG{n}{des}\PYG{p}{:}\PYG{n}{norealm} \PYG{n}{des}\PYG{p}{:}\PYG{n}{onlyrealm} \PYG{n}{des}\PYG{p}{:}\PYG{n}{afs3} - \PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This resulted in the keys for all principals in the realm being forced -to DES\sphinxhyphen{}only, unless specifically requested using {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}}. - -\sphinxAtStartPar -Before starting the upgrade, all KDCs were running krb5 1.11, -and the database entries for some “high\sphinxhyphen{}value†principals were: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} kadmin.local \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}q \PYGZsq{}getprinc krbtgt/ZONE.MIT.EDU\PYGZsq{}} -\PYG{p}{[}\PYG{o}{.}\PYG{o}{.}\PYG{o}{.}\PYG{p}{]} -\PYG{n}{Number} \PYG{n}{of} \PYG{n}{keys}\PYG{p}{:} \PYG{l+m+mi}{1} -\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc}\PYG{p}{:}\PYG{n}{v4} -\PYG{p}{[}\PYG{o}{.}\PYG{o}{.}\PYG{o}{.}\PYG{p}{]} -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} kadmin.local \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}q \PYGZsq{}getprinc kadmin/admin\PYGZsq{}} -\PYG{p}{[}\PYG{o}{.}\PYG{o}{.}\PYG{o}{.}\PYG{p}{]} -\PYG{n}{Number} \PYG{n}{of} \PYG{n}{keys}\PYG{p}{:} \PYG{l+m+mi}{1} -\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{15}\PYG{p}{,} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc} -\PYG{p}{[}\PYG{o}{.}\PYG{o}{.}\PYG{o}{.}\PYG{p}{]} -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} kadmin.local \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}q \PYGZsq{}getprinc kadmin/changepw\PYGZsq{}} -\PYG{p}{[}\PYG{o}{.}\PYG{o}{.}\PYG{o}{.}\PYG{p}{]} -\PYG{n}{Number} \PYG{n}{of} \PYG{n}{keys}\PYG{p}{:} \PYG{l+m+mi}{1} -\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{14}\PYG{p}{,} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc} -\PYG{p}{[}\PYG{o}{.}\PYG{o}{.}\PYG{o}{.}\PYG{p}{]} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The \sphinxcode{\sphinxupquote{krbtgt/REALM}} key appears to have never been changed since creation -(its kvno is 1), and all three database entries have only a des\sphinxhyphen{}cbc\sphinxhyphen{}crc key. - - -\subsubsection{The krbtgt key and KDC keys} -\label{\detokenize{admin/advanced/retiring-des:the-krbtgt-key-and-kdc-keys}} -\sphinxAtStartPar -Perhaps the biggest single\sphinxhyphen{}step improvement in the security of the cell -is gained by strengthening the key of the ticket\sphinxhyphen{}granting service principal, -\sphinxcode{\sphinxupquote{krbtgt/REALM}}—if this principal’s key is compromised, so is the -entire realm. Since the server that will handle service tickets -for this principal is the KDC itself, it is easy to guarantee that it -will be configured to support any encryption types which might be -selected. However, the default KDC behavior when creating new keys is to -remove the old keys, which would invalidate all existing tickets issued -against that principal, rendering the TGTs cached by clients useless. -Instead, a new key can be created with the old key retained, so that -existing tickets will still function until their scheduled expiry -(see {\hyperref[\detokenize{admin/database:changing-krbtgt-key}]{\sphinxcrossref{\DUrole{std,std-ref}{Changing the krbtgt key}}}}). - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} enctypes=aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96:normal,\PYGZbs{}} -\PYG{o}{\PYGZgt{}} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96}\PYG{p}{:}\PYG{n}{normal}\PYG{p}{,}\PYG{n}{des3}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{p}{:}\PYG{n}{normal}\PYG{p}{,}\PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc}\PYG{p}{:}\PYG{n}{normal} -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} kadmin.local \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}q \PYGZdq{}cpw \PYGZhy{}e \PYGZdl{}\PYGZob{}enctypes\PYGZcb{} \PYGZhy{}randkey \PYGZbs{}} -\PYG{o}{\PYGZgt{}} \PYG{o}{\PYGZhy{}}\PYG{n}{keepold} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{l+s+s2}{\PYGZdq{}} -\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{root}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Key} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{randomized}\PYG{o}{.} -\end{sphinxVerbatim} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The new \sphinxcode{\sphinxupquote{krbtgt@REALM}} key should be propagated to replica KDCs -immediately so that TGTs issued by the primary KDC can be used to -issue service tickets on replica KDCs. Replica KDCs will refuse -requests using the new TGT kvno until the new krbtgt entry has -been propagated to them. -\end{sphinxadmonition} - -\sphinxAtStartPar -It is necessary to explicitly specify the enctypes for the new database -entry, since \sphinxstylestrong{supported\_enctypes} has not been changed. Leaving -\sphinxstylestrong{supported\_enctypes} unchanged makes a potential rollback operation -easier, since all new keys of new enctypes are the result of explicit -administrator action and can be easily enumerated. -Upgrading the krbtgt key should have minimal user\sphinxhyphen{}visible disruption other -than that described in the note above, since only clients which list the -new enctypes as supported will use them, per the procedure -in {\hyperref[\detokenize{admin/enctypes:session-key-selection}]{\sphinxcrossref{\DUrole{std,std-ref}{Session key selection}}}}. -Once the krbtgt key is updated, the session and ticket keys for user -TGTs will be strong keys, but subsequent requests -for service tickets will still get DES keys until the service principals -have new keys generated. Application service -remains uninterrupted due to the key\sphinxhyphen{}selection procedure on the KDC. - -\sphinxAtStartPar -After the change, the database entry is now: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} kadmin.local \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}q \PYGZsq{}getprinc krbtgt/ZONE.MIT.EDU\PYGZsq{}} -\PYG{p}{[}\PYG{o}{.}\PYG{o}{.}\PYG{o}{.}\PYG{p}{]} -\PYG{n}{Number} \PYG{n}{of} \PYG{n}{keys}\PYG{p}{:} \PYG{l+m+mi}{5} -\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} -\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} -\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{des3}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1} -\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{2}\PYG{p}{,} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc} -\PYG{n}{Key}\PYG{p}{:} \PYG{n}{vno} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc}\PYG{p}{:}\PYG{n}{v4} -\PYG{p}{[}\PYG{o}{.}\PYG{o}{.}\PYG{o}{.}\PYG{p}{]} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Since the expected disruptions from rekeying the krbtgt principal are -minor, after a short testing period, it is -appropriate to rekey the other high\sphinxhyphen{}value principals, \sphinxcode{\sphinxupquote{kadmin/admin@REALM}} -and \sphinxcode{\sphinxupquote{kadmin/changepw@REALM}}. These are the service principals used for -changing user passwords and updating application keytabs. The kadmin -and password\sphinxhyphen{}changing services are regular kerberized services, so the -session\sphinxhyphen{}key\sphinxhyphen{}selection algorithm described in {\hyperref[\detokenize{admin/enctypes:session-key-selection}]{\sphinxcrossref{\DUrole{std,std-ref}{Session key selection}}}} -applies. It is particularly important to have strong session keys for -these services, since user passwords and new long\sphinxhyphen{}term keys are conveyed -over the encrypted channel. - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} enctypes=aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96:normal,\PYGZbs{}} -\PYG{o}{\PYGZgt{}} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96}\PYG{p}{:}\PYG{n}{normal}\PYG{p}{,}\PYG{n}{des3}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{p}{:}\PYG{n}{normal} -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} kadmin.local \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}q \PYGZdq{}cpw \PYGZhy{}e \PYGZdl{}\PYGZob{}enctypes\PYGZcb{} \PYGZhy{}randkey \PYGZbs{}} -\PYG{o}{\PYGZgt{}} \PYG{n}{kadmin}\PYG{o}{/}\PYG{n}{admin}\PYG{l+s+s2}{\PYGZdq{}} -\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{root}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Key} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{kadmin/admin@ZONE.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{randomized}\PYG{o}{.} -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} kadmin.local \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}q \PYGZdq{}cpw \PYGZhy{}e \PYGZdl{}\PYGZob{}enctypes\PYGZcb{} \PYGZhy{}randkey \PYGZbs{}} -\PYG{o}{\PYGZgt{}} \PYG{n}{kadmin}\PYG{o}{/}\PYG{n}{changepw}\PYG{l+s+s2}{\PYGZdq{}} -\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{root}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Key} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{kadmin/changepw@ZONE.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{randomized}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -It is not necessary to retain a single\sphinxhyphen{}DES key for these services, since -password changes are not part of normal daily workflow, and disruption -from a client failure is likely to be minimal. Furthermore, if a kerberos -client experiences failure changing a user password or keytab key, -this indicates that that client will become inoperative once services -are rekeyed to non\sphinxhyphen{}DES enctypes. Such problems can be detected early -at this stage, giving more time for corrective action. - - -\subsubsection{Adding strong keys to application servers} -\label{\detokenize{admin/advanced/retiring-des:adding-strong-keys-to-application-servers}} -\sphinxAtStartPar -Before switching the default enctypes for new keys over to strong enctypes, -it may be desired to test upgrading a handful of services with the -new configuration before flipping the switch for the defaults. This -still requires using the \sphinxstylestrong{\sphinxhyphen{}e} argument in {\hyperref[\detokenize{admin/admin_commands/kadmin_local:kadmin-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kadmin}}}} to get non\sphinxhyphen{}default -enctypes: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} enctypes=aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96:normal,\PYGZbs{}} -\PYG{o}{\PYGZgt{}} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96}\PYG{p}{:}\PYG{n}{normal}\PYG{p}{,}\PYG{n}{des3}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{p}{:}\PYG{n}{normal}\PYG{p}{,}\PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc}\PYG{p}{:}\PYG{n}{normal} -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} kadmin \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}p zephyr/zephyr@ZONE.MIT.EDU \PYGZhy{}k \PYGZhy{}t \PYGZbs{}} -\PYG{o}{\PYGZgt{}} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab} \PYG{o}{\PYGZhy{}}\PYG{n}{q} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{ktadd \PYGZhy{}e \PYGZdl{}}\PYG{l+s+si}{\PYGZob{}enctypes\PYGZcb{}}\PYG{l+s+s2}{ }\PYG{l+s+se}{\PYGZbs{}} -\PYG{l+s+s2}{\PYGZgt{} \PYGZhy{}k /etc/zephyr/krb5.keytab zephyr/zephyr@ZONE.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} -\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{zephyr}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{keytab} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{zephyr}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{4}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{zephyr}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{4}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{zephyr}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{4}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{des3}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{zephyr}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{4}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Be sure to remove the old keys from the application keytab, per best -practice. - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} k5srvutil \PYGZhy{}f /etc/zephyr/krb5.keytab delold} -\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{zephyr}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{keytab} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{zephyr}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3} \PYG{n}{removed} \PYG{k+kn}{from} \PYG{n+nn}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{zephyr}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\end{sphinxVerbatim} - - -\subsubsection{Adding strong keys by default} -\label{\detokenize{admin/advanced/retiring-des:adding-strong-keys-by-default}} -\sphinxAtStartPar -Once the high\sphinxhyphen{}visibility services have been rekeyed, it is probably -appropriate to change {\hyperref[\detokenize{admin/conf_files/kdc_conf:kdc-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{kdc.conf}}}} to generate keys with the new -encryption types by default. This enables server administrators to generate -new enctypes with the \sphinxstylestrong{change} subcommand of {\hyperref[\detokenize{admin/admin_commands/k5srvutil:k5srvutil-1}]{\sphinxcrossref{\DUrole{std,std-ref}{k5srvutil}}}}, -and causes user password -changes to add new encryption types for their entries. It will probably -be necessary to implement administrative controls to cause all user -principal keys to be updated in a reasonable period of time, whether -by forcing password changes or a password synchronization service that -has access to the current password and can add the new keys. - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{supported\PYGZus{}enctypes} \PYG{o}{=} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{des3}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{des3}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{des}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{crc}\PYG{p}{:}\PYG{n}{normal} -\end{sphinxVerbatim} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The krb5kdc process must be restarted for these changes to take effect. -\end{sphinxadmonition} - -\sphinxAtStartPar -At this point, all service administrators can update their services and the -servers behind them to take advantage of strong cryptography. -If necessary, the server’s krb5 installation should be configured and/or -upgraded to a version supporting non\sphinxhyphen{}DES keys. See {\hyperref[\detokenize{admin/enctypes:enctypes}]{\sphinxcrossref{\DUrole{std,std-ref}{Encryption types}}}} for -krb5 version and configuration settings. -Only when the service is configured to accept non\sphinxhyphen{}DES keys should -the key version number be incremented and new keys generated -(\sphinxcode{\sphinxupquote{k5srvutil change \&\& k5srvutil delold}}). - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{root}\PYG{n+nd}{@dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{p}{:}\PYG{o}{\PYGZti{}}\PYG{c+c1}{\PYGZsh{} k5srvutil change} -\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{keytab} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{AES}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{256} \PYG{n}{CTS} \PYG{n}{mode} \PYG{k}{with} \PYG{l+m+mi}{96}\PYG{o}{\PYGZhy{}}\PYG{n}{bit} \PYG{n}{SHA}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{1} \PYG{n}{HMAC} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{AES}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{128} \PYG{n}{CTS} \PYG{n}{mode} \PYG{k}{with} \PYG{l+m+mi}{96}\PYG{o}{\PYGZhy{}}\PYG{n}{bit} \PYG{n}{SHA}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{1} \PYG{n}{HMAC} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{Triple} \PYG{n}{DES} \PYG{n}{cbc} \PYG{n}{mode} \PYG{k}{with} \PYG{n}{HMAC}\PYG{o}{/}\PYG{n}{sha1} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{3}\PYG{p}{,} \PYG{n}{encryption} \PYG{n+nb}{type} \PYG{n}{DES} \PYG{n}{cbc} \PYG{n}{mode} \PYG{k}{with} \PYG{n}{CRC}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{32} \PYG{n}{added} \PYG{n}{to} \PYG{n}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{root}\PYG{n+nd}{@dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{p}{:}\PYG{o}{\PYGZti{}}\PYG{c+c1}{\PYGZsh{} klist \PYGZhy{}e \PYGZhy{}k \PYGZhy{}t /etc/krb5.keytab} -\PYG{n}{Keytab} \PYG{n}{name}\PYG{p}{:} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab} -\PYG{n}{KVNO} \PYG{n}{Timestamp} \PYG{n}{Principal} -\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}} - \PYG{l+m+mi}{2} \PYG{l+m+mi}{10}\PYG{o}{/}\PYG{l+m+mi}{10}\PYG{o}{/}\PYG{l+m+mi}{12} \PYG{l+m+mi}{17}\PYG{p}{:}\PYG{l+m+mi}{03}\PYG{p}{:}\PYG{l+m+mi}{59} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{p}{(}\PYG{n}{DES} \PYG{n}{cbc} \PYG{n}{mode} \PYG{k}{with} \PYG{n}{CRC}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{32}\PYG{p}{)} - \PYG{l+m+mi}{3} \PYG{l+m+mi}{12}\PYG{o}{/}\PYG{l+m+mi}{12}\PYG{o}{/}\PYG{l+m+mi}{12} \PYG{l+m+mi}{15}\PYG{p}{:}\PYG{l+m+mi}{31}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{p}{(}\PYG{n}{AES}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{256} \PYG{n}{CTS} \PYG{n}{mode} \PYG{k}{with} \PYG{l+m+mi}{96}\PYG{o}{\PYGZhy{}}\PYG{n}{bit} \PYG{n}{SHA}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{1} \PYG{n}{HMAC}\PYG{p}{)} - \PYG{l+m+mi}{3} \PYG{l+m+mi}{12}\PYG{o}{/}\PYG{l+m+mi}{12}\PYG{o}{/}\PYG{l+m+mi}{12} \PYG{l+m+mi}{15}\PYG{p}{:}\PYG{l+m+mi}{31}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{p}{(}\PYG{n}{AES}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{128} \PYG{n}{CTS} \PYG{n}{mode} \PYG{k}{with} \PYG{l+m+mi}{96}\PYG{o}{\PYGZhy{}}\PYG{n}{bit} \PYG{n}{SHA}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{1} \PYG{n}{HMAC}\PYG{p}{)} - \PYG{l+m+mi}{3} \PYG{l+m+mi}{12}\PYG{o}{/}\PYG{l+m+mi}{12}\PYG{o}{/}\PYG{l+m+mi}{12} \PYG{l+m+mi}{15}\PYG{p}{:}\PYG{l+m+mi}{31}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{p}{(}\PYG{n}{Triple} \PYG{n}{DES} \PYG{n}{cbc} \PYG{n}{mode} \PYG{k}{with} \PYG{n}{HMAC}\PYG{o}{/}\PYG{n}{sha1}\PYG{p}{)} - \PYG{l+m+mi}{3} \PYG{l+m+mi}{12}\PYG{o}{/}\PYG{l+m+mi}{12}\PYG{o}{/}\PYG{l+m+mi}{12} \PYG{l+m+mi}{15}\PYG{p}{:}\PYG{l+m+mi}{31}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{p}{(}\PYG{n}{DES} \PYG{n}{cbc} \PYG{n}{mode} \PYG{k}{with} \PYG{n}{CRC}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{32}\PYG{p}{)} -\PYG{n}{root}\PYG{n+nd}{@dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{p}{:}\PYG{o}{\PYGZti{}}\PYG{c+c1}{\PYGZsh{} k5srvutil delold} -\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{keytab} \PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\PYG{n}{Entry} \PYG{k}{for} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{dr}\PYG{o}{\PYGZhy{}}\PYG{n}{willy}\PYG{o}{.}\PYG{n}{xvm}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{kvno} \PYG{l+m+mi}{2} \PYG{n}{removed} \PYG{k+kn}{from} \PYG{n+nn}{keytab} \PYG{n}{WRFILE}\PYG{p}{:}\PYG{o}{/}\PYG{n}{etc}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{.}\PYG{n}{keytab}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -When a single service principal is shared by multiple backend servers in -a load\sphinxhyphen{}balanced environment, it may be necessary to schedule downtime -or adjust the population in the load\sphinxhyphen{}balanced pool in order to propagate -the updated keytab to all hosts in the pool with minimal service interruption. - - -\subsubsection{Removing DES keys from usage} -\label{\detokenize{admin/advanced/retiring-des:removing-des-keys-from-usage}} -\sphinxAtStartPar -This situation remains something of a testing or transitory state, -as new DES keys are still being generated, and will be used if requested -by a client. To make more progress removing DES from the realm, the KDC -should be configured to not generate such keys by default. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -An attacker posing as a client can implement a brute force attack against -a DES key for any principal, if that key is in the current (highest\sphinxhyphen{}kvno) -key list. This attack is only possible if \sphinxstylestrong{allow\_weak\_crypto = true} -is enabled on the KDC. Setting the \sphinxstylestrong{+requires\_preauth} flag on a -principal forces this attack to be an online attack, much slower than -the offline attack otherwise available to the attacker. However, setting -this flag on a service principal is not always advisable; see the entry in -{\hyperref[\detokenize{admin/admin_commands/kadmin_local:add-principal}]{\sphinxcrossref{\DUrole{std,std-ref}{add\_principal}}}} for details. -\end{sphinxadmonition} - -\sphinxAtStartPar -The following KDC configuration will not generate DES keys by default: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{realms}\PYG{p}{]} - \PYG{n}{ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{=} \PYG{p}{\PYGZob{}} - \PYG{n}{supported\PYGZus{}enctypes} \PYG{o}{=} \PYG{n}{aes256}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{aes128}\PYG{o}{\PYGZhy{}}\PYG{n}{cts}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{o}{\PYGZhy{}}\PYG{l+m+mi}{96}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{des3}\PYG{o}{\PYGZhy{}}\PYG{n}{cbc}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{p}{:}\PYG{n}{normal} \PYG{n}{des3}\PYG{o}{\PYGZhy{}}\PYG{n}{hmac}\PYG{o}{\PYGZhy{}}\PYG{n}{sha1}\PYG{p}{:}\PYG{n}{normal} -\end{sphinxVerbatim} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -As before, the KDC process must be restarted for this change to take -effect. It is best practice to update kdc.conf on all KDCs, not just the -primary, to avoid unpleasant surprises should the primary fail and a -replica need to be promoted. -\end{sphinxadmonition} - -\sphinxAtStartPar -It is now appropriate to remove the legacy single\sphinxhyphen{}DES key from the -\sphinxcode{\sphinxupquote{krbtgt/REALM}} entry: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} kadmin.local \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}q \PYGZdq{}cpw \PYGZhy{}randkey \PYGZhy{}keepold \PYGZbs{}} -\PYG{o}{\PYGZgt{}} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{l+s+s2}{\PYGZdq{}} -\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{host}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Key} \PYG{k}{for} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{randomized}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -After the maximum ticket lifetime has passed, the old database entry -should be removed. - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{[}\PYG{n}{root}\PYG{n+nd}{@casio} \PYG{n}{krb5kdc}\PYG{p}{]}\PYG{c+c1}{\PYGZsh{} kadmin.local \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}q \PYGZsq{}purgekeys krbtgt/ZONE.MIT.EDU\PYGZsq{}} -\PYG{n}{Authenticating} \PYG{k}{as} \PYG{n}{principal} \PYG{n}{root}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@ZONE}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} \PYG{k}{with} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Old} \PYG{n}{keys} \PYG{k}{for} \PYG{n}{principal} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{krbtgt/ZONE.MIT.EDU@ZONE.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}} \PYG{n}{purged}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -After the KDC is restarted with the new \sphinxstylestrong{supported\_enctypes}, -all user password changes and application keytab updates will not -generate DES keys by default. - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -contents\PYGZhy{}vnder\PYGZhy{}pressvre:\PYGZti{}\PYGZgt{} kpasswd zonetest@ZONE.MIT.EDU -Password for zonetest@ZONE.MIT.EDU: [enter old password] -Enter new password: [enter new password] -Enter it again: [enter new password] -Password changed. -contents\PYGZhy{}vnder\PYGZhy{}pressvre:\PYGZti{}\PYGZgt{} kadmin \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}q \PYGZsq{}getprinc zonetest\PYGZsq{} -[...] -Number of keys: 3 -Key: vno 9, aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96 -Key: vno 9, aes128\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96 -Key: vno 9, des3\PYGZhy{}cbc\PYGZhy{}sha1 -[...] - -[kaduk@glossolalia \PYGZti{}]\PYGZdl{} kadmin \PYGZhy{}p kaduk@ZONE.MIT.EDU \PYGZhy{}r ZONE.MIT.EDU \PYGZhy{}k \PYGZbs{} -\PYGZgt{} \PYGZhy{}t kaduk\PYGZhy{}zone.keytab \PYGZhy{}q \PYGZsq{}ktadd \PYGZhy{}k kaduk\PYGZhy{}zone.keytab kaduk@ZONE.MIT.EDU\PYGZsq{} -Authenticating as principal kaduk@ZONE.MIT.EDU with keytab kaduk\PYGZhy{}zone.keytab. -Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type aes256\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96 added to keytab WRFILE:kaduk\PYGZhy{}zone.keytab. -Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type aes128\PYGZhy{}cts\PYGZhy{}hmac\PYGZhy{}sha1\PYGZhy{}96 added to keytab WRFILE:kaduk\PYGZhy{}zone.keytab. -Entry for principal kaduk@ZONE.MIT.EDU with kvno 3, encryption type des3\PYGZhy{}cbc\PYGZhy{}sha1 added to keytab WRFILE:kaduk\PYGZhy{}zone.keytab. -\end{sphinxVerbatim} - -\sphinxAtStartPar -Once all principals have been re\sphinxhyphen{}keyed, DES support can be disabled on the -KDC (\sphinxstylestrong{allow\_weak\_crypto = false}), and client machines can remove -\sphinxstylestrong{allow\_weak\_crypto = true} from their {\hyperref[\detokenize{admin/conf_files/krb5_conf:krb5-conf-5}]{\sphinxcrossref{\DUrole{std,std-ref}{krb5.conf}}}} configuration -files, completing the migration. \sphinxstylestrong{allow\_weak\_crypto} takes precedence over -all places where DES enctypes could be explicitly configured. DES keys will -not be used, even if they are present, when \sphinxstylestrong{allow\_weak\_crypto = false}. - - -\subsubsection{Support for legacy services} -\label{\detokenize{admin/advanced/retiring-des:support-for-legacy-services}} -\sphinxAtStartPar -If there remain legacy services which do not support non\sphinxhyphen{}DES enctypes -(such as older versions of AFS), \sphinxstylestrong{allow\_weak\_crypto} must remain -enabled on the KDC. Client machines need not have this setting, -though—applications which require DES can use API calls to allow -weak crypto on a per\sphinxhyphen{}request basis, overriding the system krb5.conf. -However, having \sphinxstylestrong{allow\_weak\_crypto} set on the KDC means that any -principals which have a DES key in the database could still use those -keys. To minimize the use of DES in the realm and restrict it to just -legacy services which require DES, it is necessary to remove all other -DES keys. The realm has been configured such that at password and -keytab change, no DES keys will be generated by default. The task -then reduces to requiring user password changes and having server -administrators update their service keytabs. Administrative outreach -will be necessary, and if the desire to eliminate DES is sufficiently -strong, the KDC administrators may choose to randkey any principals -which have not been rekeyed after some timeout period, forcing the -user to contact the helpdesk for access. - - -\subsection{The Database Master Key} -\label{\detokenize{admin/advanced/retiring-des:the-database-master-key}} -\sphinxAtStartPar -This procedure does not alter \sphinxcode{\sphinxupquote{K/M@REALM}}, the key used to encrypt key -material in the Kerberos database. (This is the key stored in the stash file -on the KDC if stash files are used.) However, the security risk of -a single\sphinxhyphen{}DES key for \sphinxcode{\sphinxupquote{K/M}} is minimal, given that access to material -encrypted in \sphinxcode{\sphinxupquote{K/M}} (the Kerberos database) is generally tightly controlled. -If an attacker can gain access to the encrypted database, they likely -have access to the stash file as well, rendering the weak cryptography -broken by non\sphinxhyphen{}cryptographic means. As such, upgrading \sphinxcode{\sphinxupquote{K/M}} to a stronger -encryption type is unlikely to be a high\sphinxhyphen{}priority task. - -\sphinxAtStartPar -Is is possible to upgrade the master key used for the database, if -desired. Using {\hyperref[\detokenize{admin/admin_commands/kdb5_util:kdb5-util-8}]{\sphinxcrossref{\DUrole{std,std-ref}{kdb5\_util}}}}’s \sphinxstylestrong{add\_mkey}, \sphinxstylestrong{use\_mkey}, and -\sphinxstylestrong{update\_princ\_encryption} commands, a new master key can be added -and activated for use on new key material, and the existing entries -converted to the new master key. - - -\chapter{Various links} -\label{\detokenize{admin/various_envs:various-links}}\label{\detokenize{admin/various_envs::doc}} - -\section{Whitepapers} -\label{\detokenize{admin/various_envs:whitepapers}}\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -\sphinxurl{https://kerberos.org/software/whitepapers.html} - -\end{enumerate} - - -\section{Tutorials} -\label{\detokenize{admin/various_envs:tutorials}}\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -Fulvio Ricciardi \textless{}\sphinxurl{https://www.kerberos.org/software/tutorial.html}\textgreater{}\_ - -\end{enumerate} - - -\section{Troubleshooting} -\label{\detokenize{admin/various_envs:troubleshooting}}\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -\sphinxurl{https://wiki.ncsa.illinois.edu/display/ITS/Windows+Kerberos+Troubleshooting} - -\item {} -\sphinxAtStartPar -\sphinxurl{https://www.shrubbery.net/solaris9ab/SUNWaadm/SYSADV6/p27.html} - -\item {} -\sphinxAtStartPar -\sphinxurl{https://docs.oracle.com/cd/E19253-01/816-4557/trouble-1/index.html} - -\item {} -\sphinxAtStartPar -\sphinxurl{https://docs.microsoft.com/en-us/previous-versions/tn-archive/bb463167(v=technet.10})\#EBAA - -\item {} -\sphinxAtStartPar -\sphinxurl{https://bugs.launchpad.net/ubuntu/+source/libpam-heimdal/+bug/86528} - -\end{enumerate} - - - -\renewcommand{\indexname}{Index} -\printindex -\end{document} \ No newline at end of file diff --git a/krb5-1.21.3/doc/pdf/appdev.pdf b/krb5-1.21.3/doc/pdf/appdev.pdf deleted file mode 100644 index 781b33037f20b8f5f08b371d3860ad11bf11c8df..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 829074 zcmbT-V~j7szc1>sZLYCxud!|0wmoZX+qP}nUSsPww&$*$dvf)!TVM2N06E z_C)NU`!SchkbU2Y+aW!-(((iAn#>T?A=n5_WgrD+1crhj@*4@q0Id0W9g;cjFcUNb zk<_4AMU%oHnNrI!a%`YmNNOY+hDv&II+_fN4U3J1ca*m1j1n)*;@bu?W6fPClRY>J zo3V7>FatvXk0^{`$Rb1RLLYz%fUGDcVy z)sg-nlnpId`M|;{>mm!P7Q2=}@X!9cWDvpX@o8pk&AX0r&N1fqctzh>KkU9PC+xX_ zW*9KXLNt^7q$kEN)1#KVRWBQ?AporjoUP_?d$MwovXt2_B3%}fWds;Em@v61v@z?f z(&+HSI#&49Fe!=%c?LGz6wD|VISuwuceRns(*zdkq2YwpC>G)AfYIZOXFb+uHe^v4 z&A-;!gr>hx$0t(4clJ}+u=yACou(#rM!C6}3z>wiV}|D4W@fd34~}8$1~n~Gxp;P zO|r2|Ij1tl_u^O#VadUgGK_>+ELlAIS=Vj@EKSoXHORS=5=}EMB}bw|+u&I`jF`>U z%s8_{29g8rm?zL4kJVVfg(cx%=sr)tl?f%B2bzQROT2JM&9KdJf=$$zJXF)OS=z~* z5c(MP44qR0wRHOJA+$7xn5T+SZnYUJ1iKS%vyS;dVX*7Rv0lN6$RVBkk+77s>PaDc zU|I1;Y4!|bGl!-+z*jnq$_tMyP(H1;K~s`J$OMa(Fl@k-nHf9wZmn5qz?8Yhsrr}k zxG@=j4J!6~go`Tz#RBE+p#al)QHn?h2jaFfdL*#aAUn@%n;R4Z(f4C9;;+w#g1U{1 z>j7zuhl7I-C!z*JY9?TaLFh48?I(!%+>;$lQ{o|UV}Y+j?~P$yB7k8V@8KIj1wgz8 z7G_)T!6#3#p@6s@Z(RIh9J$A%#B|^gX92%W#{BpFLRxW5VAX1fOt4Q)U5TRniIyhR%UARBL$t_FGL{?7ORZJwqo=)_O+H(K8?7xlT=n{(3QW zxsmZ+1PxRT9WEC&!L%bg+-zxcW)*iO{NLW@+P0F%CbRfRORfXH?&eg^d$qM7#?kDR zB|a^B+)Tb4ucQSFsz9a1GTZPMX>!k76MC5*p)-Sg>$IE?-~_Ir&Lyj~K+p@`Z*zSr zJv3`gPJDIj7q-N`&gbP7s_7Jkr7mrdhN3*tE#~~wB+JoMRxOapDs2VkD*>g+1x@+I zFsmqPeDa>7y6^MrJ{?_jO62Pjls%5>b!#Qn;8E66Wk>TuOUdW6HBCc1SOT~RNtKvL} z6l)>gj%TjeU4B(OyShK7cGIbI!IKpb@QJ6aFLDQa72{}nT%xlT=WJwO_0ZH zW`Yns$5nXiE16@3M$K*?q0LFll`pjb|WJ`S>nk%IznR^z2&E^OYruqOoM+*huePTjh8;7dmkxtm>!Rph^yV z>xqh1e;@P zPe4SreIRr3Ng236D7J&!~WpjaD(;lt~y$x(=p zZxn!9C7;CoW#G89=N(bdt$Gwr%LDCSBMR5I8-L5sU3P&)XCa0I{$*t@g>0){qXXW$y_3i=X3BQQ_B6uJM>$9132reO?chFg_g*9Fd*B)+sBr zL!aZc94y+79S%$<5z4AJlFdwCiqg?0rcpVYgjs%bwKatJw<(*ufhGw!aVxL3~ z^GzODwzsu+%Q0tp=;~sPAk{1T7sA-t#I$XHc_YP94Wn;c^<8~aQ5yLlQcknAw3LcD;QwQ?`eYIXkko5yq6iS`C8k0!QW8v0*LST}%{ba;N6SaUF!0)%n9%Okww!gaK)QLriap z2hsArhk;U;ttx)KlVvM+Y+p(b&`=j)76_APieY;k&u|*QDnjt~SNsB+{sGR(&Pe^A zHeqID{m*p5#m4gAI$`GE`cLN-S31)FrIX$d_1kvcd^-I?%6v+NVhcoX&1Sxn!q){T z$IEI0$tC?h7BL}DQmH}{u9hv32oYr;xYG|#Jf&h%^=Os}<5Jo!+9fp>DzK>H;4Tw( zxxHTvBEt?GGEh;-(5Om6(MK}nU{djs&~#T4QZvD-Sg6AN0u?CV=oocipJNd83U1Mu z=z@fy!;_3;s6M%j|BS%~nPB8mi>@4@KvKcBv|%JO?E;1_WvfX_IxIq1&xnL7iJ=*u zst5)Q>na+Gjc=F<1_E8ols&Q)a2rpA!HXkVq-j&H6dp5konWeF)MYeKJ%}-!4@)D! zMVQor+}d9+VjV3>Xh1X?#LhWJS;c5_ED`h@oCA4u1WSrB2b{0)aoq%}AR7s>6a23U z%2ji;yx^|VpFL*55CE9LLAfI(gpfiQ%2q5|7X@GNlyo-lN1K3K@c5y)oL)}BCb0!TF(r`Qd&u zvFB_2Tg$%g)}DLEWNKvBp7<@Y$DjWlfMOE*^P1@F_a_Zqul5#Y{}^RG=;g*E^5(e@9Mo2AphPPf&t#!Jv0n<}+utCOZu z+5Tp(z*m^nd*t^txR=~6<7-sfyDH% zF0DYK1cQ ztLIavLmYu#G{hViYz;#?o=|FcQ!SqRD7~GuC{({*9_=$rX5B{AyGqin${wu1U^XpE z49V=qkBuDu;DzElY>mP3@b1WVn!?wS*N1wy4^0P$E8ASTyDN`E=Xz4f)P}z5z>t*8xkY0E`cLz(y4 z7Sb))ycGb_!a0W=@S&r5EcV(##v*xVmZzp2VJ`0d_xM+vw=&3yK5Llsox~00N}db9 zn(bw>vX$cG-o2MCR~$W_+tyymy3OWOR}bUa)I~Fk zXuS=)(y;r=+lyisI4%H!P+T%BR^uc4;q)?<-ZW3!b(IbTJ;T6Mxy$cYkDcP>Q;|ux zs#bhj4P)>>CqdYxnD=%c0z6N}6TW_b*`^_?8j^x{uUWk?c|upt*){-(erLD z;gkXWF-!hMUo`p+@A1RsPzD@TM4*$IHQ!T4aOb2b)$_<=a2c?v6j1fm^BJ>TYMfC# z_66ARRFvP06eH-=Wnubrq|wuHW{v(`o_b!rwuQ>0qeZtJ>F%bbJSs<=3lLGf9q@dl zsVwZ-?jZAK1BkT98H;!VGz2@D1AcQoNZHLz)?n%&q?ucL^;bH`SgoM;aj$R`r8@Y` z#&+-hc{o~A!LQLR>-^2&N!Fek;*C)u#xMHtsHdn9(8wiM5{!LdyxF(qR3pm`*r(yDZvAJ2bV`HmDfTXzhk9a&c zC3UL$P_*tys!*P}I(>n!w~)nroVm*lS2W`t-r`jr(v{Vvtdd za#dO*DA6h#5N4+0vpkIbF!KdqmInH+=HzM*w1o*gsj2d%VN)vQO*ezYs}6WDM4$#S zgnP}pz*z26S_EGCJ{RfgJV}_2b{I4#lTTcqD}dz(WDS(9c&(&P#@4czR^a>tU=<>Z z{U*ZX;bC$9x%CRU%C&OayfeO5^7|}{@rXs9O4q~g;TVg^*57J^w|2$3a_cH{;b}6o zWtE|sgibfr`)5$Cqp7*Pqku~M!!J(ZQvnU4VAt3}t~dB( zj|B(Ej-IV=vE_-XJxwWFX8Eh!`oOayKCg|+bRpug(mRc%VO%lV&D%kM>)O^6+>U^n zqV(J6azfuW`Qt#VKf2wJHcM46Xv-V%F_X&L$g6z?PiogR#}kB=)YW`sZh_C7FN*jt1W9h8u}s zz2@e95p~EJflM(;%cJ=Wcv+C9R4yh}N&0 zx=$sYUg!}*zL=b^My@Z5lD@Iu)6pudT*9!8JfLqPVxG83C3Z#8i^V8-~|0i7KVE zjU6gI@zW@$sDuSSS3*z4*B?{Oq$1c{uN&;3u4K;W{9xMUU5@lo?0rOcw!$<5XM*fSg?AnTM=^S~lv?WyQ{VvB`p+RqPPGiuzFdo#1q}KY zou2NdJ2OwmO8TWIZVzsS3{h87xIset^fr~U!cDe|sLGzg4wVeYp#cts{{HK|p7`^( z_~%mkc5q)`hvjz~(OX!RvP%B5OpDuG z&R~ZY%xHgDjUEbGp1dntEbXfLY&Fql4`GrQb?j^w4;3ONI3rZ8REgY?tImZf?=v3S z6WF9JVM*2oPDR7pRrMXyTEBI1;&tix*y7X?n9bRDVTHXc*B*@?7wp5aQQY!Rd zaj`$rC|{(LW6V?-K5txK54O@BJI3I%NOM3hnS=w7WLg1<%T92m9eEiRFFfFz@L&>26~OFm+S9nFqh^ zTf+Z%EZ=ov?(1o--dE;t5A~b#5+i2g!|S888UAJ?oLGbI=&)jBJ*ppd>Ce0>C79`x z2j$qz{T00Zi0A{%tu(A5=*}8D10Yq^%M>b=PR*C3Z}W;m-r5lT=sFFeQkgvz*3(q0 zW*V@CebHojM^8lnhiO04)mFM#q>&kY6|=~Tn~Oyk@f3>dwiD75q}BV-z{jS}ZqrtP zGx{PnlpC{y+5~jR&ba7kr{P>#kcXwW7P_XYk-kz!a&uL`x`;3fuHA_A-Dy;V4=XG@ zmr^)=$q0zRH{$)}SC?HOSPu_B;eGd^V!dRZZ_EP~5iyEy%5{qF?Cr*fH(l~IYfgF~ zd>t7LdyDVel-`P2Q(@_Pk%z6{kjonDOFLpPL?w3V>9F;_6X1QxmHuzWfQT78z0K12 zeSri5MgSIWHKatfGM(YbhPXdo%5OiG@2J{ki>78%MqzfXv$0vriP)`)+8!Q;9pMCO0dOMxrmih$-l|rISCjjy zJ`}Pf&9KT%VNa(&Hl<3ZeY)Yo4X;Hj6d&^_OZ`VtI-3eV`p??zTI)c?6+;%^{C?tT z&|m@}m9(G`e=sF1OSzB6^*F+2nim_G57E}?H~o(Ljn(FHSmi)3F#*K$aIE4s|1)?Z zwKG~!jSrg5$4SC(&1CQCn^w5hu%m(#t2sjd+#C8=HvOKH=_?IUEFwOYVwdcejvDBd z*`CR??rqoK=9XSmwrSUc6}&GW_;&pTqu(!AR2n5cRTmlyRmFQZ|H@yJILx0JzLQKb z_3+Um@18AxHFhWM2<&QYQ+wW;+#gRv4LZL(?8K4RzJYQ|6#a4Tw%7f>Re|X7|7`va z^)>eLGq=;vBAJoP^#!56jQz27J>O_d#5MRKco6oKK;+B!e?019$ZlBcMdx&D6}B#7 zhxJxIn9bRsK%mGK5XR2$Pl%;i!#v^5^@^T#(4Oz*$#7@iPw>^|{I#NQ7L2%2l)^!zY(bVX}YkwmxS-d85o@D!}8tET0;cqJ81kRd$HV zp#0ScA>AF^3@W%AGFX+dlMyh=HxLsu*wGYE7o+Wdtbev$Eo|?9^-y%*S;u>AP-YBp zQiV%0QTaGp<+E5ap?a#T?n?2#3SM+)$1GH63=&8GDB0cRqJ;#u0z7 ze?S*g)sLqx*v{00^$$4N{|%5Y-S6O6HeNIe66V}aU>F~VI*6GnI0y7UCYn=NBRhgh z*ZO|OOhSo}=KsoAKz}9*rzwC8L8Fk%b<`-!;hMD#>o6o|5zsP~Mrxet?5s^e91)%? zeI->`CN70{%o5~xgqo!dH*i>SLc?$cK_@nEapubN zT0F4YEOc7G%x?MNq!pU}a!(|B<6;w|=R=*_mP>7|^0cc{1Xd_B5h=&*_0RbGscue) zIXhi_obF~JE^*+Iv0V>|TYBp?e9oE-!2v9)z=YQ|HjtV?xttOq(u0AAl>KD*qj zR}O9(S#Dsn>-;g0zR8n)yv{jBraf}7_SdW4)FE~%HsG#0QxWT^s^reaI4PkN|h+#`hcWYa!I7!wu4hPG} z52o!0dvDTq-F9geMLw5t#+Nypl~U0U&?enA*8fB!J0tu51sa*z*#2`gO2_>}<9`+7 z*3m2m!$hP6;-&wbpygY5O^-CZ?ANYsXgrf=>F>skW-^OP71~HWmx7~siYOjA^kO@4 z;?)#W6^JZmhi6NONoJnu3og2cHTBA`vEoB_Jg@d`SexTPT=_m~j0fgX@Os&UHwH+E!0YBsKIQ zMwLWK2^3_^Fu}_y-P6ct$_P5vJ!S>IQ9*?P+lZ&SfR06(5Rgbd`;iJFh_GX(rcjb9 zZ1Hvlbp6;Xt? zXr@FL00Y;g-W%6QwUi2&3`|(ma4G;;GIp%52ovZ)^R75Jm0(dm5@AUTmSjpLMSwKP zT#|xFWX$tXMdy*Rit^op!Wb(61(8+Qf!7D2-xdU~V!>pi1%QJyQI2C?86CmQH?o$T zfvz)4Qi(x32=43c(?L8Ef%e0~EGqV=QANI>0YRh`=r0?1z}o{Eg-&|Fuxf|}h6(Z0 z8fVL*DVS-3c!FrklI_718D(rJ3Ms>U0$ZlC(9sCMOHILOH2I9d_Cu6-PBdQwszA2j z@(U67W~fF~X{gKKlvD)pCQHU($GK$7SBt?^VjZcP!C=m43}&$*3$Z=GLKMyVvzu7g zOc@#L6XkY#$?Sh8a1ccH!QP+ny_IbFE&SA)Wr;StKe5T5)7)QgAEnI+Nq(y5QI)vA zH?F2JyeD2vnG00-m%TTxq{Z}Z{ra7CE?vM-HFSXM+reB{J#*Dl(Z^(3QqY?j+FE*# z`QWlPX&x^A^X=yGkXF_eLgmf6-0R1NP}QC@<6DE%rS06s4AO8B7IV6hj8=N_{kJ*s z#!wPJ@zk76q7vALqpeQgl?IwXTT)6p-dVYojc+G|T3#3s6o(7Yq);y+wqjG}Ci}?3 zsp5G~D}BnSKq(}gfK`Y;4ZZ$eOWk>9fDCgtl){MprA_!{CqJwF)6M%7wYxSoxU8SK zNk9kR8u2xm`Zx&ZVU>n1XPpo*2?1Hz95Y<0JCUEsC*?h|xz@)%vLbap@}XSAzbk{W z^=9}5b6emeSj4@(KE-S^H0z<|}&uyABt#KpF> zzxAm698zjHQ}qU)V(Th1Zm8E9_h8kgu+fHT);zJ!sE_+sK4w=Xm$k>O)x*|XYAV&W z?Jp{yE}?C&gJqYi_QU(=mYNlMP!%5T8l+;*r`-bp<$9z}ppWOg% z(H_AE3<84OhsZxC6)(0TVYoBPW=sZwb&iL^)fV?t}jS$6C!~JN&(E$7m8C&_~=HyX?=T3(r96k zlx*tCca!UBJ$-GtKA~wN!%Tp}EX|x@8n}$%GTY^Pm+Tqh^TKMiWvq+t3UExvYP38C z5jTy_Q;HQ%9eHe)nC>f*m(}9B4LS;dx67+}q}TOm(=*r8%yd?^5Z#Orx*@|fgucA1irf+^$A=<-LFwyF(jK{bL6L? z(!YqJ|HlI zqVS;7D5*qLZ)eSsP3v-O923kEM3MbdvfA7NIEipx%P0WG7kPj!@KS#t`}6kK7QCyD zCjN3d9(hNko^kBt1&>N4{rY#W@*L^i2!vx(5Tvn}bsXjU(oTG}8ZKjeajhHMsM_j- z9gGUV&Gv@<&bx1iqVGzm%q0+Xs@#_t)2bY_kPBff?h@j9oS2b&QCKmzPhO_KzkMCj z*F8v`En`hbzi8`yS(q^$9f2%2gN4bpgUIV_`Bhb7oXoSh-;S;%1OLPtBX3dtQNDF zC->~KVcz)A-Za3JyRo=qUz=l+)q;Pn$0Huy!kb*tvtqYOVLx}Zp`3+hH6ft>4d3Jr zG>7g5M`-fL&1x}!Z_LA3Z^(s_o_9BR2b}gneEoYl&}kp}c@$xnkJC0)SMhx>qYJ~K z0^`0FZ*Y)*i+upSr*xpECI=q1LEeuj()65n^b;o|$A9W4_WxeYWckmxS{>^wByN(U`M#*%rn_x`Aqg=qO~_=HX2@h^ z$Ss~L>vgxfAC6jgrE*x_Kk>C|GomEM2d~xeG|`Yi4;*KE?>h-9sh~)q6_GBz8j>1= z^aYuChVEvM^N!UKD`f#P8L1urI1geSOPB;hhtTSvq&hPxb`#1-OR9)Lm!Y*Wi+Q9L zrOFT%D9ERx>QN?%BiFW16iJG)-9sTDbKZwXn`8);2qntg+7yZa6UlOQB&;SUu@E~o z3mk($2Raeb4J!_R!j{02vQ9LC6iUfC1!7RM5~^d{2~O&uI~AG;lF~R-<%>846gUu* znJ9(`2xVwSZW5=CQ0CJ~>OtC$v32E+($MhZ1XD1`_jXUJ}*4=5B> zo?)x^h>$B}Cl!oY{O1Vd$lm`jlf!w4uBQ)GfzW(u3YM-0G@C|eK| z;RIPbgrkwJ86+?b$o@7}>X?8e&k%!cE=W|~S_qX!sE$u02RCUpWGU((#c?4vH384F z=&OJaCMLV34K@ujBhO>57(5cjCl-Gb`&AtMXpnN;%t%$ls8ARIQ5P`Y3_9HSIgh|N z<)qvN(IOE@4Ud(<>Qx~~uY^NZL?=TH6D+`>L`g7?tma^uFN`lL_7{whm@KeRj86hP zm=K%>&J72OgiL|q$Sg8TNdQ@C^50Mw{UEbgDxmHItV=5UnhG;OUAY#fto$5}0XD@l zR0dg=Mfx}{EVk=Q{qalDS;@>)(AE8%;*O)e{alGa=o8Tnp=$W;;)zQ}_uKAA6WaGj z$0uv>p7)@hDm%IveIqt~Th)Dja7Mkv@_BN$w z|NUKw%e8~pVNG+qfp;?YQmPjGhw;WXw4#UIcKCKoVPFhP4Q5A!2ocfu4xqU~3pfng zDCQz;ZLHAF(%Sqqr7brCDvxaygo0J<7TWTD`WBUoQtM#fnv7@LE-sROg1gqwbJ zew!CE8jzWGtc8c8sEn<@`;IeB61u6-G?nB;E;ps=sip1V(T#%eBnc61QGVc4Cqh|) zTIBM^C&=8{oe6NxXJ9|9J%NI|J=o@*o$)?N&{Ccs)@rKn*h=qk@-v$;&e?!#JG5mI z3;L+eK~aHnPs-17U_$4!xc#iPiq*y4;7I8gRLXbu`k69vB`c^?%*eW=quoqs+Ov$D zuoCUeVbIOO-CmE!@)0%iareV)k_NLd|0}nm#x6X<^2-_{7`kgWbpK*CuE*Ag#!GLZCvuc$Jxe7XHCm}vX`dj zMFnk<>SY_t+3rG&4d~+Z<@st`64ao}++Ejzr#7o>^Y_GFaZl}tI&Vroz~or! zcZ1{VyKKyoB`44V5-vCIARRNhtqYF&suv>1-#eYRyy<<&t`?$D^4#Fk8h*^Kmc46X zU5m)}{;X948HEvbwaUiP`9H(pyxLJ>fb^G8(Na+Z*+zQx5#?}rRf_}>QK`NKf-hxz zp%aK*&GnFb*8P&X)j^JYUvGJxb7S@Wa>X(MT-cGD=bh?OlN>aNgpN7aQ}e4cE%x5r z8f$M}BS<~Er23o7p3Sc3&35?(a8{3f!9c4V!7>5cp1WRA^~rMVfxMpdi*w?R z1ZT}68X@93!0uZ;-H>wZ`$?D7rzt<7o+4nY?i0ZPv-Ko)bS1jh_IeNde)R?@HBdFn zbN$Y0xGu{_(9-DsPgJk%?9;1;vqWjhjjAV_nh4z0f`fc12dCg0sF5Ek6TY{Z^!pI? z4Rf~^7fL^8*Qm{YX(JeiEVi|kZZ!JdYT_>Aj1%!)StD+`

  • z-gGF>=}q7A&7wK_+Csk^I%mn~GuNqxOsjysCFuVs zA`s6ZQVq4QHDF*HK3iQI@44K1Dhev!YhOZNM~*B0aQ1QAfHF|~+y~~i(Toz~4Ly_B z@KLw(rXIg(B8?ngR;E z$w&ld&NLJ-_v@UJdofqc@y}%Uy0Df~uRy;_pIP)jr2J{40;A(Xs_DM*Yr+_`PdWg4 zT5H(Fyd~ce4FkN1&O|0ILG93)@64X5*$9})}A5^R1RqQ)J3`ngz$aVai`f?xp^1f zjRZL zxWC5m7M4UE62cIN_@|eD20ev4QiLS7rWZE#G#=KZBSX$#ChsiKsW ze=q66iab_`%t8G5jrWezp|Dfm+zh~uleurmeAeAyVypsY?0ViQ{+j&@7+s9}NR!{E zx~t%yYQJ!rO6x_ieIEr8LJt`114?`hTKk`p`?oEg^FN~;6C(@je_M{3jq^XPg&k{4 zJEL+T^`5Gqwc8-an>}VyM^du`TUjIG{+gn~9E%&q9b<36AMe|>3uIfBU@7ukm(+j} z5htnW>a&xqNgbqA4Mq{eCb10tp$LW*h8kpv2`0_V%#5~(WrKE+XcwRcmvS!7M}iiX z0wz00R+!hI`OF*)i!PBMBbCHPNQ21-i%pYCl%P(S3}7a4mQt#OPf1MPzfE>dEJg8j z5LJ>(fP_k>j_?Jy$ftTn$_Mokgh@8QdxMemuo8o~@~|>VP5!qmmPn;A4^Jrvh8iBO zB5)4pAt4*gib4sIJp7BAhyo>MYs(nsR+4>0;T-<*z(@g3Lz=r zk|Sh=%riJy2>$?~3aoV=>3B%cKjzRJ`eYNqjQTA30)!S~lBuQ|VW0}e3j}Jw!h{i% zr7(L&7H<6*QlT|KN@ygaaLggL1NW4ykrC}oMc6DxWjLDY$Svn)zb#{C`ak;zUxDJWV?pJB@Dx=-f9FcM;6c~{;UO!BmL5+Bz{CRK zk->oH_P6KbvjV1AOIWLm z^WzCShxl3MDtW|-(x#=aN7Be{TK4H`fNy1kiz>Kc9yKz->9-mCiF5b&2pbt}WgmjC z*SKlLx%|Gx#2{#R9YSz70_+$$c5Z%;Mm98tVBaqKt+VH}FM|Ee`c|eraf{F3Se#tt zjHIPavz3LaXu$Wi&48yRV0nx(e=3#f%yhER-VF`3w4UrZMeCRp=9wNBZka@E73ynQ zDSh2kg8w9f(A`1beq-QPJkgWA7CIUGfXqT}teQz}Z9(3*+dbiKa`iX5Gez{P?lMZu zvhs{?*&bGk@>y>opko*;MD-tb^!+16pH z@$z+**7)F;0m^i4TTr>dz^_@=^I+yLPrvKXr=y{_nVC`ZtJ4fy;~}P!-;fi!KcR$F17!MbJab^PuBWM(O|MRG0+1*w5B0uWRCU$Xop;jq zH5ANk&(*Oj;0Q?&`o`tB+#p85JDPUlxpSbk0W^`@)h6m8<+Sf8vHVEm{1P+Vi5g4` zarXDdq?WnYc86@Q5~GUU&FPY{8QfR(d+v*9k%HTC%JZn()>zTc+NdqlMQnp7_f2_S zs;BkNBkja2I$o6Tq3g9J<#>^!=eSlp-T^Ilh|TMCcum;EN~9PnzXzBY%{?OZZa?K%4~2CuzRH#%I5-lsI;Mk6k`mvyrX`&wl<`?6_# zGaP)qstZq7jd!ZShw_!bP*Ca>%I8?cHLHj+fug` z;&=j&hp$$>MdyH}!Ta@BZ=Jy`RW!JSxpS`E1dDTWu1D>yk@YUMB(dHUNe(8t>0Yg0 z^7zf$s&5t%?U$Kt>Znj*b39vR-^zxp@i3V)4#7K&(}~|_&-;8DLFU*;Z(~Kz6YNzR z6Zx^NEVpahdj-!!bQ(qNdsBEj^UG`%;|%M0zTtTVKnB8X&9N*`_1pfyA?fpyo1{Mg6?}8Y#ly6V1@kh zqx1z${oOv^li?o?5uFPk*wKA!)(wdK;sGK98#YoS0;4?9Cn&zor;=e%6A>V|4i(&_ zdfKHgYTF?^6k_`hp68`H#_@LTQz1d83VJ&oP8uF0)u4h8rZ%x z9vjIwH+=EgUEVa^*XGl9jH3qW1e?4E+L}HTRGID`YsILjcv<%5fsU!b2z*@ReTQo1#o#177S|LZgU)dXDrk5yZn8} zH=!7BxXq=ZF2n=MH=PdH9$7AUNH&+`P^0@Vvc1`;JgzVRRYR(9CXq&Y;cDtc03?eD z!nKEp9QF5Zb0rfC)QzX(C)fK;FmPZM1GXo#W5tIJ+ zj zQerKCUbT!HhQc@|Nhho%kut$w+cuV&s1d+91Q3t&ym}qV-=*)Z$ASs=q<(Oh@b0Hb zKfK-8A-flDUOu{svDlpp6|D?;;B6(78-cNi&MSwC=Q`(~H0&^|wIME(*hyjRobLmlIF z7g$X76m$lC2>eO3-4~iyFKv-h_stPMTcv- zOV!too59Ikp0Yf0i#O})1rGAKrJZ}jOWn=7wp|I_P7662y-U}}fU~vnxY5^l!5IC{ zkVj19wH@cx$=kE&cLEi2OtJqTME(1V@IOTqE9ZYBik+F`KSk7)j%M5zJBnYPe!&=N z7IxAB5i}Ht$<^?`%bymG@jv>k+nMbgeA_*~(N~}EH3!oQ)Cnre;&TaD^=xP(MX_-s zMhP~#jl71?@}8ODAU}~JrZ}kF3p$3x(vcuh#kU4j7*d{tA?#Ec4$!g!Fq38>!)VL!4=N?`ll8SAh(QlniG&%Jj zmFeYSX6xg+C16ta*NA0dY&jXg!gnYO=Hr#dJrfEr6f}aisY%C3Rls(z$qUf_%rZf% zc1XzD#Y(DX3!?mXq$|J&)(Rtaq7k?Y2U(`=Tj5tb9B&>hvm{p?&uOO%VFLpZa5$Qy z)S|S5A(WK@)&~J5iA2*z(x?>Z1-)zh zOYLY_CT?#$ACAdvE1FBH%qkk+jJWkT5iS-9a%!Jj&wOWZS|4{Tn?@8wyEHU}QrWuP zSL$qBm;SoOKj+=vUBo(0qik7T)?C?|mE0(OZn$ZBo#|-m-Awg0%%n?kG^0N3A50y- zN)kZu^HlzoMdGjfT4Z9l!N;rNt`|~KHeXZuMkIjz=ycX9C%aks(w4r-GINuiokr1B z!WXj^e_om$aC5fx-qzaLQSNs?uN_k$+VB=F(Hv@83G)1E+N5=1!WrGvJ#MLa(bu*z zdy7Esxu$r>MeG}m^x?J=Gxj7-{BG&uha8BCXQpUOF9CO#1_k2H%3q4 z#~0m3*U(07BVY~t_Rz6r0xjwHX;K< z&*Z|Ay4C!>rthjg9q-Cst#-}pX|&Z}C}@KV0>tm zjY~ojnhSqyD0oh19b4~MpE_;QI>=JYs;;v0 zpojATm&B6}=SayvFS>v7cN1lCJX;P#J-KQ%nOW#1(A5+1jTghr>%BE^|GwP;y8KZs z5A!`pA4`-ecX%tt?5LX?wl=V3VDpTew_I1ha*P=FfuubJUtj29AJ!JT3Jzx zp^9uqDlHyvB?es^v7zZ#hp()zNTVt25DW)uXQAW&gcDIt8dRrS9k$qJIJid9=@hP5 ziC48uchzp_D_=9|1OuLG+&vvK<2JJ$dtrp3Rr##Pv?2p>OrY_IFcR)(6U}N&VGY3b zEO-Eg*Q4zsx!e94h1+;>NwSi&y57*;`C4%FWH%vAdTxAg=v?!xd~;kRHAcrVRXPVXxmZ%ul~uV z8>r%Y=~T6$%&hOk&gs^0rylVVCfy9oO`B|(gVn6!_nx_&ZgI(qOmkck3PR+>IJ0bl z1z^Gu{hXrYeUOl@K7m)3Gi(A&Ov(LS@}RKR2D)zl_)t6{^Re@3O&6+7;#i_xMLOtb zO}aWT2t&)$?1m6hY2FmeiE7-D83-bka)S&h99qrIwxbyPe`Xi~TmKHh;?u(Stq2LI#S)4t2&aiw) z{||@_{00$Ri#$rZ4r3S?C>~dUgOq~PlU9ob=O9%X6W{xe0q7$(sL0O+rNeugAwl*r zA{`E@HA(#9hA718v$$YMyD4AyTS6?FA)&sNNWr=X`m9Anb}&v_hjyCbn2_1vOw-${!-I$`w^_U3q zOC``(B)*4;dUtAXs2|%s`0S*Jpwn?x1H2?%^&W9k6t93KYlI3Py1!DkyJFb-6dQ`O zD4gdmd1pIn6AdV)H+|;LvPY8cc!HfvHd$?f%-2y(&Bc~wmm9DbDufvbF zhY^hI>BLg~(_zcQ;W%040(juFN$3*rT9tbnA(Cs4#RuhKY*u@z2Xv(Mkz#N-Q?`39 z|3t~su9zd}9R28evs09cxAV_Ko9w`;is)dN_wOZJMpM+hqg?9q&uDW+&A&HL^N6C| z;%9{^FrKSy1Wq|R+BZW#D0^1f4#*oA#iTpztw_hNxt^}B<6QHSOI+nWAV}uA)zdm; z*E9S%Gz^J4Eh?y=yxd`eu_RH5%*g=PEa{a2;PTB?DHFnpBXupJdeP^_eGZP6{>tR}IsZF^$w|{%L(QGn&c2-z^%z~wHsA;S658l zwC%Cij0*SlvoVdxBV+x~JCRdOB+h@BTG?5c|MAqy@!wM`3jpxXvlBWS|H@AIPZ{(M zxe2QHC4)tQiF7O4^aQvb>)-DFk*6b%?HHC%|9ogS#vMhc$!y5sJb`Vvm*TnU^5Y|< z36s)BkI`vT^PMmMJ8t{fb7>DDdWq6;-5f@^o8QMt~^SvYjEfi#X z8c(tx#ED7;6e2*>o(}%|(lH+-F$i`36M9~NW3&w{*+rY;$HKp?134YVM50#s-4GD=eZ4Ge2O_qrko3^50*ManM@+<0u{FdnEB zGv;$xN9x}-#0dPvv_of#vINz5G~?ggW=t%ih28sl1ZUfn0^*eHEQVnhYPn#<*%+YK z72ThpECYnpl%TOXyo14qywN_h+XqAEH^hGSSTZBhI9CmkoVX;7CXNCoNl(Uq#koL9 zJ71sUc)rH*`OdvBB$P0X6uSAwd|^^mw6#7TD9XHL@cH{)AH#IOeodeh-@|9i*u>Q; zE#n6+UAqTPKyp$ovoDW-1nX4ca9Z1_FZ9vs%EaK;|FlXiuSF60X|6Hv%Kzy6ME2_6!|Box@hB7P1i}V2-{fIi&R7$u!P92&yzOAi*Qs-n$iR<#h)eBvZk~+!p zeIY)nW^qD^x*c22QpY*#$&;Y=8WW!2oU!KTTt0Z5C(efKaZtTG2|phh#z`*lkNoH! z_qQLHv5vnBgtbpY2_q|S3v7cQ>mr2R16+`{)!$!z?5XL-l;>;OmEIGCpVC=tlT@u!)0J&C12ECF3{7}eCtES@p4HGp0(f=WNA@`#P|li;5!-kAA z;#c1VS~1@AgV<{xy2dqg5dSo*e$=`ycEUZS1f3=~AKP?$7cdDQG4#iC>-6an-|vhU zrukiQW2ER*^Y3{!#3tWW{w5BBWBPIShfu~ZdV*-VgK2fK4Z3DTa6Dzy`UFP-y6~Oy z{vi(z_SXp2rs)_mm|m^&o3{|crq^d34gMv&LL ztr5;+!r4vE-*+hS+A?exa_DT%eEevM_*x;izEY@x{k8TKx%cgE{R-wg)%pl>Tkll9 zfJt~{!(02+nMjL*3;(Us3$2TFCqwN*c?~h0t4fEDfC72kLO+or-iZ1D^k{}g6g_+^kWnM9l*#njb>3t`dykL`;Ady+jzqw1DeX>5**JV_k~9|x+BeZu=O zDU49HiT@WG1Ht%e17k&|Z5!e*ciYUoZ?(=~5%F=BKlqM(K$ zqE2zW1D}=o4%bmmp)NR%_jS)+_sM`)^5-c*^&jh8kMF;%<2c_D+i90qI2#-W`5#x^ zc+>Chftm#JS+1JQIT9Qz^df70k=x|7=;6)H1xdS<#-`M!?uzAiy^&AHFT*b_IgrP0 zYB(E03qh_Pc%QAqq#}iu=AUoo=&TT!V18ryrSO4X&~V}1zysg$3B|F?g_}9W9(Tab zS~lFO1tLvW2X{9d#;uclW`R>Ui%$|G3}ZpJp;PmBa|@-2Q+*Uxb@QY7>Y3GUSx;}G zlfN5irATcW${ z`al0+aNuP5_YS=OOVbvBo8^Dz24)V{SE34V6fyYy47RH2V}A=R8TwybCVB%u%}PBMxhNhJ@g_?jSbyy+31 zJr_bSAw-6xya@84>B?d^QG>u2iF|+;g3aR3q_B7}ne5HrtNF32UzQ)GfeE|N z5$7POgufYX0i-C+9*#CIDpFSDHx61=9?EOtYg3sv$gGcgG`)m)@aopIN zy{@yxM#$iDgb+}e>t5;Uk5GSt@*SBK_VF>=GVqy4-;988PWA+x>l(8SJXsk-PEoXV zN12iTT`UYCaF*E%#N%C7_e(FJ}e zvT~HfweC8sXwUSn=d~_nw9e>fa?)W;A2V>(4RHU=)Cd%(n!AVGX z2O`)hN;rH4KW&874UBobuQwjwl0hX3dcV#l(sKcwn~RPcR6y7+#>1W$zD|=5 zZ>D+8Ew_oo?}i8jW)r`k+&^MozNWi#`Nsvmk6+s3pQrY}TCVl1A>K|Gs@azkgtqe& zzfcU@6YT5QTQ3{LznRkBT(Dkz=gPK4$CawUs=Ps|+_3LrwF&Bex=*3H?oL5@Uvl9| zymY_Q01A?)vWU*2MK$b!Tb$MVBp5c99Pk8IVMLK_hegtwSJ(I7`w;UyLe$6n?84|i7bWJL-bU;=rdKyea z9tC-?z7TVln!O=1wt*Jxef%@e86sTkURCZYhct-T@s2&@U2^FvTTpTqU^Jl;39Kb^ zQh=P<$A?iTcV5pRDzq^&zD&*hX6vT6b_6<=oC&A#m3ORJd_nI2KqPJ!)_=B@0dR5s z8WC$R zOs>E9!bJ$!KoR+(>2+j)isv^#vaGX2NVFsH zwH_>*I5F0M2yOrG>B1T#_e4rI|>4XJA7$Qb~ zb;rqVbiV(72pg7cQ)pl@je;8+g_?8eg9au>Vzi}(Cugst9!0q>S;TwIdtgn<<{N1 z+`cMdd14BeK*U3=IMUdNW%D<ZlRjU%6K+%f#r0 zhZd3jF8606#x?s+ZQK$H!x<%?bq55Yq(9Tc#Cp8!hJSFyFP@fFB}qETXI_TS_#B#9=lEn#Tz_d z?#uwM?8IwyKF!UJTAlBU8+N*rtG3?R#&mPPmPZ@Va);Ig zE(WL&4Ta2*e7^?dcW_ptV30OO{}% zIYTvH@N3hI3qOLVlD|Mq_ZS!cPq?r$v;4ziQ2^Kf9Pa%!RefLV6zlp*%TMz{Vq9sY;QGURp0uIL@iB;8>O=Xvr?6Zf7wvfWc=ty4q?ljq!+Xj z?v)W9OrT4^6|)Ou$CUsLk8(tJ*te*M#Mkn{#HY~igpDJOqsPaJiYTqEtk|}gFh7e2 z2_R1Ai-*D?$H9+Hq{^h#$7#1=3GpeGs#>`oU;-uM4XWj^11T?7^3EZIA=7_87-GV zs9;HCioy%`xHW+aqE&biM|g^2g^=`Kmz$?A3`63$6{e6V1SrzsDMG%C8`qPl$M411 zy3BvC8%2P?i>b^qUwbj+wG~hR^Am55H*Gsx2{@3 z@5?~iL0N8~Acr6H^nk`_yEomW#26V8PDnc*)n<{2&5#idAOCF`EE|xy+#@-~^H7{@tIWkce+vp4k{9R=`&zlVm2r9=P9{jI{$NaG4 zHywUyFRc=$7?A%5 zw6L=L(^kO$g_ghjumAe||92KoXpa30E&tj{#XQxRbw7jr9b5KO=Khj}p0{>;8Px_- z>Qi6=J?&QXZz?5g1=6Nm)Tyn#d>F?nLrNHaJSCX?i$0%OAQQ|H+@h4HrpF9X85tg2 zRd-L&Xqp_6+@jJP1egBBWQ1e@N?MWvoH}$|Knt+Ho4AlLcVq!e;VoF1p9CHqNXiI_ zn)f@x7B^x(x(QwtmzKI2BQ8jCxLOikbv_YN*^U~rPR;-!Wx0A{I58@DYB(`7k&H}2 zo{)k}A`*c_!qykEc;Hxx&vcxyH~>T}em8%(1Jhh$L1_S8O1?X&OcAr8Kj9U^zYG7_)SuC>QfsafeqBX)3jk2T8?$!;_?X9zxxH~KO|W(U|a z!^#FKI!$N?7&jw@CuEJTRRtu_T18{KRXlbWbgHq8?poLIS0UIuZ74TvBY~qL2~p?~ zZ7fP@c@wN+Q8^&Uv~30lSdkiof32I``s?qK9qtuu=7_M}dbp14l=2Jo&&;Vc4t~HY zh6Q~cnTOrHYVeWxAz-`Ju^o&P7v4=Zh{GBKm>muNr+2=P8cJ5>Or}?M7{w{0n$jZ3 z_t1?F_naHx{lTOAj>fpj@SVPYVC~w9!#l^oq&#&eP-W@O+_oKjg~?$Jpm; zB9`lEQ}>}dev|L#m8j3F(}6$N-GkA~wo<5D;pPJjL!PIz)a;+1JmnTC9%EA%NT;}(dhI{bWG*(s85OB8)u7#!>uDM$P#Zq?3lB@^(1UW(eN_~12bVu(SXajd-`G0^6JIg<<$ohB4u>8&V z{X@ufYW#(a1aik2-J!*i;DoHg6gV?Hc~c^U18VOq36x7dHU;W$EJ>QkzofCPrwMCt zf0+iGEp1s_TUc1A#~nmZx?}vMNMQQ1rhAP-ERIzQON?cO8t|qh?xrXM8jQ< zDmzlFi3GA-Oc|LNTnNQABp0OOl8K%`mkMd3VT`P(TR99|Zig}o*w(fKLxsIVD9hA? zA>YvrtQ#ymm%J4e-%!dOrp^i4pTdab;eRcwYh$DTdC9f1h3DQX#-_=92#}P|1 zmx8Pw<`Nq~(S{%w5UC-?jzxu_$jj;lt%&>qiyRgqO51NEO)u7GD=mk@opHd3Dww4Y zE@4&%yPuLx>VUos0}(gNEFW{PT0b9@rg#^X6`UG`oZ~Yio**LxmAT^?nD z>$mnByFc$;j8yXaoawK}mh5%^+G~%#5?>~HDE9t%-5#L9joETK?ewP`Yo$lisxrYD zW94vR8Y`x6u3PUo|6y4{-;F)iNN@hAq-9otV~%8g>nzaP-O-u&o2Jt2!vu$&WXuUy z@`_(`=8mqm@G>R0jJHC2v`Sk!J&iL3^D*1<#e2nz;!P!Os6@%@WpMgq&Ku2JbM8GK z?VerGx_j=3XZ4R`1VZmUK3>pL%-PRW?)n2F>)DR)xURMImS&LSg_Ck01>?^3#r5^U z9abI&)mc-v1P4m^l{k^PSas?38=5;B{P<%HE9y9Fo84SPX`H+zgjM|!YlKVa7|VVm8mLh@ZwTSBWwMpMHF7TI1c(}&qJBsbOfm#4*Y zJ?TxErCfESqDMMbqhlA4id(}b*sokVmTkc`aDUU_0W-d9VZ`gStc5`z4rJQR=I0OevfFqhW!k;1+5{7*u7*LUdc$GgUd#Y5G>xgYyB1&f<<^S{ z<}TB^ImQdC(mQjtY4na9aVtF=iB|lJ*b3XzKv-_|OM#dMg~6B9C(4gl3ZJc#EdKHJFQ2bo+Vjq(K0@(pce-M%JuYZ_;GK@o zRm}Y#0lymDL#TIXpr+r+e}EV#%RjAb;r^fgWEPfx-k-dXDP#Xv;TgL6MCYUApZ7rs zhX?|RJ1-Kq8A?1a0`;+)5n+1Bzj(Ux7w4eRVybfMlm^Lu^&UBRKWs!=p^_NH&DCX5 z66oZJtB?56p@JfJO&%mCNm~~=A_8GPTz*X{hABj8DiA11>HU+I^32G_pfm#J7dpla zH`YFT&KdsSCh!;fs2s=Mirc{fVsB)j+M&;s7&MDguwp!_8uM&X$kI|+PHE&*2)t0W zUWV*_csGaH^1erX_e6>=^yMEm$jQjel*3V@k6#otWP<0aVtdYsn%_LWmDhcnG=5XX zS5-ccgHgv25`)I0$V84Nq@zS8Jzdd;&~`J#%hSZD>oLj+M5)t&#G^?1(IY-m&UZ_V z9fbK)f^nGwjXww`l>Utr7Vi%+A}cCEp$djv5$O@>ISZuPuq)y&?X;1Z8lhzgbyS{o z2*Q504+<@L&Nd}FtGv=^P@+?mbZAcU-&<`&DAZOI7mbGjru19D>^gb zi43@q!@K^>dF_js<}M^Ns;B2P6VEtE)~kgvZ3ue64PVsNDm)D9H9oVu*T&zQad_mO zzK&Vh+>}giHUy-1ZEH(Cxn6c%Iy3?%bI;1hF25mFFs#WlHvP&~g!i^a+Qr|7lu`oYVfTV5TM(%RYFwRiW`w{dk^ z9*RlCPB8wGS6IU;iKHlT%34 z*ZRSAfob3=Y0ykez>s(l?qK(|Cly@1^6=#P=IfDe&fu`4>0oWJ`B6@(o$;mziTHe* zmtRf^{Rb#f#Pzbnyg=J%=FA%17)+5Iv@}iyV z4U6=xHQfG0rw+4$l~lWgE5TwzX}T1WAtqw6%&@RHUGVI7dI1a|DDu0T=)&t&XPw84 z!RMpRXe@d)ZK=)9qRK#HeI7dR<)UT4sN2YZFYqP*3OJ+W-|!IPVzP~8oKg9aYjfk| zxE9=E;Cf|MpN9H{^px_n@*iNx&GJwC7r6h;xWmTrkLB(St^b1Izxu1NpA?z4@QGoz zrRx~}Bw%%T{|%D@=UBxk>V*8&ose3*soS! zMFuZ%LEcU!0hQ9C3rM*G?ZG{e3{dM8gAxiwp8_e624zE2FBS(;x5JNj(`=Ip>X^+! zEre)QN2ak2jph=RN>E#+=%=Q>hz*1w5<;ezgGEq8hQLuW*;bNB1jXcm)W?baC5}9A z!CsADYq1BZW$J<+Vkyp*fRdm5Fb=fTL@i2n{G*F1>O}`bKnG4vj|9hD;LnSSL`gPG zyXJ8jx?&?@LlZTM%L(B4`{W`+D{S~-PzoV^Eoc#J^Hp@aA3kV_cAG;7s ztED8t>?Sobg5a#83_&G&g^&PZA`SANTAeb274Fwfv5Kk78}e{<5g_Ub+YVUpLQrY$ zGk3h)Q(~wPIQt$@xDrwc8v1bH&+FAiy+@l-?9b~us3xgTi5x*wzSD%P%zq@}5dMCZ z4QjZRGV3`4ippe=v-jZ$AZc^=*T7(zLFPh}os$h!4u?(!8~Y=dl4NKyrXi7hn}xBC zb5SR$nHALUZJEthW!FY7JEr%B6NqPot)mq`831GPS_F3?vuvpioFelS(x!-Q6-1DAyU{!jpT==-Y4F-F>zG*fk)jpLGk;jjgz5Rp8c*al z?wtI#e`6eKrhZkiqRsP&{roo(ydPLMYm9KxnS4w8G~q0ue>h~A8*SzBf_AO_(iJwb z3DBr#Q>)JpuE{(CHE`m-*rq9o@BKyTwy{~u%TzBvEfQBDi^S-N{Zzm9KdaiS)fds} zAGLt<^EQqfjE8T}6J1WkF-x2|xRZ|%Ib1fKd$XI?29;wMHdpZ#LwWB>wo^4i2(2D} z1FBzb8kTTXXEqC_TJhD;im}=flS37{rC4<1V|xXZJhO>x&N(M;?oCZr&$@Q399TFb zz<}q5j^Ehn(6&mZaiirsw1o&<`00&riabuAcGMnWK~IU?v=v_Jt79uSTplMd zft0n_kuxkJ@&yT60^+B(+{(FI;JM6KhsH`giO z*^Z;8J5!%G=gGXU5S_OVL;b?G4*}Kg(GEK#Bh0UEW*MC#xzRe0hU(87-r29|+8a*Z zjo%H!MZZ10{oX4T#kwa3xtO|N5WP`7ZM!Lo-MHiK*K7oyijiQe*Ud+CJ{(RT(%y#i z8un|%AueclYdd^S)lu*m$-Mku8Ra+t-`}87L?jshPjs^}v;4!nHQ;}toAnuXo$BR!cHpLXS#b~p`Dcz( zt?}i4*kwTpeUgN#@gxiv*Wuzy!ZVX#BFkljuah zd>GXn1*F43=B4}qH*_HphA*JfosVg77-4hjlNlL?Q;-3r$PTZJZ-Yg_CZInA5P*h?od32Z3?=fMi7Iui(+N2Beiv~^|bAJUnxw7*{!gxMWu zUv`*`PNZb%SW$B1sBGn=XYP};eN@}0RqHMtMko=H=8gQ_GCQe=G(YWHX97*946ag_ z4ii{?hJE+=Tr#zE&mT{@6%0~8O&5@0+P-=ekX0wGFqeD*FwJROBGp zO32}^^2?abI(||oXp*sm|GMMB`t|lbD5#!3U68) zVzO`d%Bl=GD_Q6orjC{=GNExpMGUv0K~;y9f1&d6O9IHGb*@f3*_(Dh}# zGVId-0DAhR*5Bv*Eb`MmO<(RAljN06OrXCWHrFboaEXsKmGUHudz$fvzqx|4#hjmB4&;zQ)v9`<+>*!zDPm?jhCitx!F-bUMA1fQYYL zpo_k|xF|l^X$hxgwL&%pm-?xh8h>Gku;!d%DCLct#+~E65Bk>oMdXOhKs0-_xkbOz z*|V8R$A0uplCS0+j>3Cf^gp1PmE|9%I04-M(`v@T3i!uO7#mu0D*rm?y`y{0*sqa2 zt0*p4Er%Ht1RY$alqu)FP)GFELTrEgYHshephqI=yYU!Tr`TmlYTHt&(8=n>jhPPM z7z~)p#f)hL1H)Dp+~#AgL1-xgA;E@36jt0OF+xTrd3ER^7K*z4gVQreT^Ep%lLtbb zjDwOF83}!AU`q)pR8mUTs#>iUM1_DB=W9CMctuL=0lk6GZ}{ zun49Xf+@{2>zh;}G@8`DB1AIs3UuvQu_;Mp>G0=M1xlbgK*DW*Ie^1xvyhY%Ly|t) zLRf6Q_MU_>T|gNuJgj6TEVySDQp-U-XN@wzxikVC1s<b%?k?4e>#gL{zqoMK83m>4${2Ywn~I?v{4N znKI7g6PB00_|@IAMF4%@-`zO}p6RWYL+-W&M@mNr(*r}W`HvqkYFlJK^$W+JDr|Dz zT;_Li7C2-rxqt0-*i+(6I6KUbmx>GH%J3vVaeZu1AUR#4%)*UcS~3@0~YkpEOU*1^D6 z%Wo)-r9DCK0{;u{oI_!LOLyN`Adqgk1Km|=EZU2aIr_HpCUq%6!!CrNm+Ii`7`7Gn zn~?$0$V`UJtDdtepiG0uH9WnJuE27lU5IB++~ZDUS^uT$=&;l z&3wLhPIe5kQ&tt5;L~pB8$W+CvSqQ*anXwAx(Ux~7_Xp0bkAoe)JKS`C zt!0yX#cp={+)5XY{ml%A^ww%`Ze2IGV{MenPm)JQYg?{YwS&+c-1FqO12}&M9||e! zmbLtrsnNnK@~huomwq0XTpWCs)WC}gE2Vz63(%>_M_@YSuO?cw$E?)34!vd#2?yR* zZkld)RnJX%O1<=zj_lLud8#MB3Z`HAE#2C_Uyw?kKkWYlgV|aCVJ7K+jmNBnN4Fa;0!%U1_2D8Egt4f_b;YQToq zoKEMeSD`CUnY@QTOnhUbvJXtD`&<7B8Iy?w$u}NlPF{J>F-fM?!)$5HvJhEv; zgIcK_AmhIg;@v@q;i9Coha(zh)wM^cFN}VON++Z2_l}Z_e;cNf>?z`b2M2FND}0G>Djt!Xub@{3OoY?7KD9Fpaqhy(~Nhq!?tl5P9#)buw{b&QcIe z1cWCf-8X62rf&(LZSoD|E%@5soT3^q&;x?;C@r{8W9^?f;?%UAR>dPegSEOqhEn0=8AP@9xG$E9fF)DXdDbx!S$e8TgJ3 zWJM3;J*7l5V6}fVwXeU8y}<$>C2msUQ}b|v_h{Ga)m`JA#Vu3LlhzI2jIHW-cF+7` z*}oq)>8WpvYg=QN^kY{;L+PX}MDuwhE7{NG3;0538mE2dT5(^(@Y3ASj1QK&M9Mm> zx)ZWl_>>#pT9H8GO- zlJVx!ifwG055Cuw>&vO>;NE&X;yZeI5f8f7>}*TpR<(nl_>{BG$x}ZDe0< z%@8(L{=p<$)N`J8w}tVMd^zz>?Oh_LNxuECzPa3bEpsg+f2Gbcl1<9OMNn?9&x^tBb;_TY&TC#Zu)lTaUu)&;7}!?MdIxF~ z#r9@K*qPjOPqq^p$8FAuhu=OL53`Uh*^{#O45*E1N=z6&6`c?bsos zd;h&l&5s?od#Jb0Jv+MMGs!@NH7DG}U%ZQVf0?k|h0t$IqkC6Pajvjv?DS&pZ~f24 z#1AE}RNcGYGEW8lSf@hrrPl?fcn(qVk%G1JlY<_`dMhhKcB_5^bzDNb0(o=tE}Erh z`(qXA>+gWY+xGv!SI)me0yFWyE=%X*gJt@^MmPRlIcELG(TxLbxqls_b-rngvs~uy zJS7Ms_axeATuY$KG#U5&w{k2HXINF5YAF3UiU%QiOvO0jX>ayin_|Npg}(9wAMkP} zRX;_XGy{gJl}n^0!uhRcU(U}2{DnAxW|%CdSDgUFB1+&8SAykR&+uq*45=b|iX`5I z;3kNtP+EgZYdDgiJaY15FBqg44>cT|P;l9ZcrZ9@&<`@HEf74Z*Dz7>;`MX{axI~> z7%84Y!9i^y*+EBfrNkTUe(`yepmZK+a{dA;w0u|?#waCZ8*>TF<2Md5Crw-Zzb@)g~G;$sd>@q?GK2Kfw(lwVbpa#X*O^896QHNx8*| zy#MI8aMA}Ja=%dzC+}q-kjyjU3PtJ$`CxPHr=o;doRNnh+ZjW$c$()$pg3HC?e->w znhgKm#wQA)F}gG!)M(>R9^k@jnsISZ9H=2xs)G{L56dPZ$5|Z7HxMmg&)(SxQljCd#4j{(d|MtN~ z_XocdqE{SsG6F!g6O$o9@%P7toIx1{fh2e+cM+o8AbsZ!o`+Vv{6QaFz)D*_2j3S9Mh zX^zX$SRbs)wft%nnNUUP|$kwVAA4h7ioQn79t5oANs^!gF2K{~n@nP&ZpPJ(;&( zSa2C+)Sh2;EW2pJ8JSon?Y$D}!#x@xyiFJ)w%$IMF`izg@h;C?q}#VP73Y`FYLxR?@y2MWP*_sSi1%J9&EA}~vrcc!kxKpwyuY{WReUSvrTpn7sm3mUtVmjxmEar2u z;8%Gf=i8;iujom@Q?Rx2jeekqNJl9_z!vq>Yr68k5LR6uMEE9I35#OVh_Dj2otBm@$a|p5?H=khmVxN~$7WKRkOAsO~JF-hczifd66$C5{ zkFtqLX!0g9>@esEHEhX9Pe=x@F}(}%;bbBen$ceYbUzd>Oq}?TQ4wN9Fr8g1B%^&F zM{5V;KnBdQ8o!XbbjDlh z@QOo5d>o1k`C)j52)t)1@*S}jv=JftSpZp(*?m0t-Tn0z-Cj7$!F&9JZiCxuYf{BNGHBVo+6 zK_prvwi|Rs%!%jd^EJiqy3h)I+-?0ol)VFtug~&6c*eGE+nzaNn`dm>w$9kLZQHhO zotgQJ%{}+O_xIns*>865CY|)#>2x~jx4KeY_0&_>5BH}8-(Qa}&kViP=5Mq;zI?9_ z`hlapH-yF73XSsa99_hoe*hkrIf+j9$e!L zfVvQR&7Vge{%J2%BK6Z+msS*6|Y3G*Z(BiwT%(l@)+V>fp?3A_WeXkuY?qVEu z@HIJVak;@OJGtR@m56w9@LJBBg`5<`=eL|FPFL)ftEL1sTv}r@I%Vx4)ZV(q{z4dB z=6Tw3lQT*OwG6d-HoID0pY`t4j=AUgTvWiEjRSY#d2_Q)52#(gRK*T?8}NI8Wj(Lf zq0ep(JaR^-t#W}6#u_>&aXTQEMaK_n+!*kwC+HE_*;paY?bkbN5vn~u5t~gUYNc0O zj@dg7OZ-%KveDVd+k9ltYS8Z0b%i)UEVPO?+E|ovH88j@{4U$LQgS}jI)xa-ySql4 zf;5$T;?NL6@0r_Ao6RDNMyNXJcFmq8vRLEZWx2exGKIEj6dMPxJ@$PjTCjbu>_0kG zj~JK06Iv?^YR=rgp!O}#6f_Ds0Sa5YOr5gV1sLV3znY%OiZeTuvs07+lPAL#ZQpyZ zDT(mm={~=^-Nkxoj5z61^Gvp>fV#Hi_t+}EFhMix7&0fP3|5U);i9{pJkQct32swi z=#sf{!!T$by4Z0ouZsZe0q?qO)sutskq|=}N2*>F*B#H!yME+3DG>d?a*RpWyPY~m ztd{d-Aq*O^cHANz-wC!uAg=$Pil3F~|CVGVV`6LOY);6=`ER?M@c$d>Z=*69bHIq$ zbxP9(L3+}+2SLgh5l4vddl0@5sQL-|w*iSDGTDCLZf#{|-;^bS$ntSRXC=V&=Fo^o z^JKX{W~vf3x23v9)>M3c)&~Fw?vSj*&~mv`J#Dj7+hTW6Sl&<#7-G~My=XYo&2rZ< zJ+-p+TK*QL@uHq61@#!RH}i{S=V41wxQw{ERLd!{m*6Bde@(U7D4^aA_DojdCZ@VC z>&Tl}!P#Z`?U4Jfk>uedPXRA+MMZZ3(-_$pIlZa1xjxy!tEP(?aa*co-FYIm z+~s~Ko48p*DQ|do?r{60xoQ@AaDMaPHf)UpXF(Qp9!mAu)q zW7e{sN^udQL@$C_1T&lRDqzL3dSob6-0T+_PWvwRj z(?BV#REG01WD!$DD0oo!j70Efm{eFdqd#}JeS=CUG(b9ItY_$Qw#Na?f*wA-$e;^2 zhf&VIRJ#`R2`e$(-@YoqZ0fyFyXyKdjMH<(Y3P(&OSE~Pv9fTyuX9D$DL!|kr4pZKAdnWBEOu`adXR8n(99CxS4JEo~y6FLA>|;lE5jmo= zEHpj7MqGCCr)e5=eez~M8Y}|d&6|nuF-Ul`!{jq3XU)G@Sv}1=-5lTRnC!i{@C8_f z5?M8CB@3TNBFj%5+~$n=j|FaP$2+(9-XHJFeh=15S6<=xa9>&SU3R$PRa5FDs;X9# zY_shem*866wGg-z&leYapuyyzn-s6iQ-=n*GcnU(2epGLyO)5XoX|c^EiiITaV=4? zIX6k=#mSXKP=uxjq?M-#TqG3VhNw4=UsKHqL)<7#lD+(2Y7*TTK zPtpC}hFhg?FOWVGHi|_GWsXhl+cIMPO^&bLS8hk#P?A2n;&k#LAY&)f!hHB}vKFp1MojG2-NJ2k&*LEKTbzQlGW)_R zHsj#ZNvg>hk7`V)k0vL!uW}}V*%(hXE}UNaBhKiaSq+A3=e-4wbU^#bgwfCxj9J+B zRJEOE-p6UbSs25d(J%cFzRk22}7gfsN zNu;Y{%7Jdw-I%a4Ua{Tc?-}a%-|uhsg=z^QUUaJNhQ|9$ACt^o>sEnNQO*21Rv%3;r>I)L!M#!(;x^^vdt;6Kf|GqN{medo z1M#WO3lLCG8vNs(`p=|{f8VM9KS`rDYO;2loTy#z>gEVQ3&NJZ5=q*a;1c7&j^@fs z{f4zML&k7J4Mdw^AMeXu^@9a#LD5K$FFRdCTua+}0vrfE0$oE8@2V!f2Y>9bI$sq0 zcJa;J+@|w8FAwd%kcv;Uq0|~;eJ{Lx{mcAiEURrRJ zAkU4TXK!=EO0P2^Lc&kCUwu3i!5g7WP$rHZcO7^E@Pn-~eyUQkAQ$mO?GE*uYs&Du|a2P`%XzN^`_@^`y{QdcIAdk5~(&%+zfG`iIFkJX1eXMBO+>A#;A zmxpaQI}Pu@XCJ!SabvHMnpxPisvG!wdAQERb27U)i=6sPAL%Y(1l z#HqAOax>We>hNnlY|dfYka0porbd&}Cuu{n2E#$fg0VH}>f0(nzvNU0Nu9C?py`hU zb{D+#=c}KB8$z>}?fPMxCh(&+UD;66aLD{_7Du0MEg*p>H_73Sfyp+wS2r(ZerU`B zmdTST1@l!_4)&{rP)u(GDJV1lt9=N@Z(HIEtp4bEC_w;G+FO?P73U;4)bvy9tMY4Z z3);^leo^VWd>KmFFT`E?6YZ^epck^tq}?y@DE`x^`tNdp;;ND#*jLIMP5OmNuSZp6 z@fY-k`MBOB=d0C&d3mq6UdjjGfz!Din6gt)J6CgaS*Eg9Brn%vlCI-0G?rixbpE|OzAB9h{)o(pSX z>HTXPulq_1z?|Kb;WMKw}){er?p!;}9~znc|)r zwBIRd4^axQmEmu@-|?kyfGp2!-o?yJGtZnlMi*{OuzDjwlvkiPBBW z5-mc>(@i!0j%=8xHOUsMT$rafNEfSYG^4n`wMpAgk2D95e|LV}$6V1La_a2f2@-NJ zUF~fn3iM*dgprtz%k#6_5-_-XTAFT7{-f&n&s2#2tvddDAFWM_wB05n?7vbS zcJhC^jTuTepdp9?jU(iR@ztRZ)|6Mf0%7ymCkXd`$}BKf8-{^?q`8*z&|accTxa<%1ssJ#WC&JM+{F8-PB-*G_R-W|>MN>535eCrYDaG#{2 zjp6c+$RQBu&efL5Qql*^wclIpb~xK;dTaoZg&dyv%5;CQ&~j8)!?>1K1> zop;5npGI4AG8k|%C_3tL)*N)jse25*{tn#;LzQ0lN-uRnbISJmfZ$H23}IU%y1a0B>+vcdx!!Z~pD?XD!o*)S>cc z^{KPk-yzQ&Q+utS)x>YG={ytDf4d=PIA5kekH$CKV7>7 zMwD;9#zLRPTe<`s$KOfR|8~>wBph7=_WY;Uhm*>t4@Q0y#lG#vV!ei;ZmhH6K0bF@ zSff^^xV?v8;(q;~vDR(h@pR9BSAWK8JA9L@ZheozJqy(3+&_C3{9O)X8m=yFdZsGt zW0jA<_E;T)Kj*Y7WM@9joqu}GIFsGmKlhz+SC#k7>f;4ABK)e_CfDp4bDE)sX(Y^E z)&8DWOTN!V{<(*e|AdWYS*w`;ltH_sn;5oX_;Rx?5nISJm>LHn^8` zH*Z>-WnMNlOY)ymh?jPhLN~N3j``AUE$^dYudMBdwQE8FF1V#yBs;>lz>w;_!q+L4 z=N6p(v>*F;tGnp|zO3^C!G{%2|EN>`6PEgKo$@b0)PL(&G>PSr2Vp`C_WF*XniY*& zy;w~a`6+@3wnr}&e`)2=mG@V8#*L_Y zY@O5#Or%5Aci@NCY}@c}eAzJDHn4WQC8+e(5ZrODN6xm4J7%Ytj06b%aeiVQyhL>p z$ycFW&2h_dO63^k6)mre@N4|wz$sklHx$c3wa96Ref~3~+vT1)gut#Rb@xw)#r#jU z+y9)^fAJn-QIJq)RIoo~?h^$0VMGbG|4*B+{KF<}f8E3X?H?&tk#<^S{8tU~OGR#t zGlTJ!`XpqfP^EANnKMSYDpa^zkWI3i>v)p(bkfo$46p7d@7V3xf*VLwQzW?OR*#31 zZp1!hV&q|>-Jb=R`I-SzockGqx&z2MM!)%Yk2&19V#qZ2!ampwf)`;akt_~sBuny~ z^30}dS;UFR%nQ)eNrY*cyGz5dOhlLfT$rx2Nd<1;FcDw+MDgqF)zt(JQ)Hq%JRc9s z*7beb1(omZ7|2tce*zUC#3}kFjfHrDhO&^Rl@JDlYV0(4L`6^8?5Uacsxv!Ui~mIQ zcT7C97lx2~zb$3X*|L9qRcehB1XarjMD3N8F(#Jrxi&geH^>l?(?1FZ1x(=}F6sl^ zsDuC18L>WkA~!P|8La^zY%O;`^sQCVwZ0XWiW&H)o%FniwhWvrkz@+U3A5>po8l~E z(!7g9NHx+{UF#C7n%$H#JTD(9e#K$s6Z^~vd3s<155yy41#h{v=x(|uD4{jmXtonK z%vir2uQG3-960bqNcSh)A*ry2>+(@{;nBdLbaJqx%O&8&)RP|BM3vj|K79 z1NGm^*8djZpM@~(umMd0f%$>$@qy*PbK=w6g&gVCovQ+bpcU4n`+v@^EePe~R#B?= z4^06}oKk{1fjM%8*#GIo!lBVP|CNE2P8D1f5XH!}z{1L^1SzQ)zA`qo6a{x1sCA4z z0QLja3&-o9t_RzH21@=%VR3N&*Fd0dO)aO*7G&S&+Bp(7lzdR2n*}bXl9)nrTa?Yw zl+7$jZtRFax*UZfY9)ue>sfmAJPA!#`k9B}9~iB}hR>Ukm$A0uUuVbhcALGioK0Wh zu?7054!KlFF%6INoxLCP$Y;IL-YKN}XERfpvBsFfT2VDIUrrC+t`Cc~LQ%*m!GfF_ z+fl{?zb@|;(?Fx%Em^f5{rjuzi6Ak`Yy$N@i5l{SC2dde4 z^kE&L99z=JACw=VL3-56yv8Lv79K)mKL(cQycYR~U~$!G-|G~k)a(%IxjXex5^;DZ zx3p1x$;-oq4c`0u3M}4 z$LY9wfw^{-4M*M>(Zer>gcFDYbVrTEtwVdkdlVvyRV?D?g(OmsVnirLS`xBF@-DHw zl1HM@VKe^$bXz`F_j-v{bgg&TlI45A%1*VTVT|b?WX|;>7aLOe!*{1#ye>eEPPI2f zb$KzFdM!W;=-8CjCjrkp?xD=nC+2R05- zO z6-o}ZTK&3?d{+~LA#c_v=1xtmfeBY`@^EfesD!wHz-Kt(R_;tq8+u0_cC~1&$JVx$ z<+JIQ4z@KIQ%?nPGnyqyq@kUL3D+O!(anfRq&qsgsIK;YiyDgzVF}w(fK^b>12 zLPj!ij6n0b40^e;6(Kl$Rz?eWjzmeEbg1RBnntpb6iG&Nv2|8fd#eBh=cc~K@Q(BDIl@#B{wTz&ahB;3tMczAGNxto6B-okvl-Q?} zc)Sc14S0L9kpNB|8E$pqgJ2_4zRzeksPM9A!=jczMr_*kZmDTG_Vj~GO2Z?br8SUK zrxQ*s_SP&tEl651T1QbRpUR9g!UOfRUC4AmVRo{1A>OMv8~t909bt0TbdI zii_g82L1%%sTKf}7@@rXv8&V|(vs7#fxl)&9Ad0U{H|%x`eCBF9KATuzf-Tjzf;N* z?B_2G>0#*bwp$3Oa=_+@urx~OA5jPq_d8M}??{H)K1 zqpU%3+xT@mXtMD9hyLkHmrOkAaSH;|a=yLZHFGNT^hDKxFxgqUQAUumdb87~x0zv= zqzMM2a>3!_a&?RKC`1V>a`xs1rA15DS-*{6!3{7iNJTHbj2SR{AcHB>h+ znCz}F0aV>y(5GI}o8Q<=o)V%d*q=^Z&M$4-K!qm}x83z$f2mJ9#{CLRV<;MzdlANQ zbAFXS0o1s40(JVBVlTqu_9{ufNah}}`|cI1_n1(mc7pPKO@V;=^iMBVYfn#08Q=}% zhZsNBDzRdTl~^vFmtX~M+3IXsxY^`>i|0cX$Ay0pZ0h`;ZI^6in-0G!CtQ%Iuj5eY zH)AgY#{lbmUY-!KAtIbBNQ5qEg@cLDfJ2jP)_#L+f~*7lmvaK6T>$P;o* zjiu~1$P1f70O=33xZQjms7NiHJXT?Bxk<8~;{Cz`SA+ERW!s_Qrv*X;R`#pL#w4x#G11bN^$7ApSABO|UR}-*z+sHL zXxjtqopL(E`f1Q0NN5$zBOxdk8ynI_kxqaE*>ms)o%oI6*M@1DJ(x=4ZD@?RC-)x& z%TGV*t1j1JCLem{!pn~q;9b>t`{w%3_X4(d(ZIn)#Y>YlMBl?$@28no#^iLfb7W6f zOBwJHR5&Av=M@(Sn*yW|pLih`q6NZSQyEU-Tq=jZomU7WM)Tctk#Dh!HBWNM=^=}@ zEwxg9#^$fG5!)X{6t-Dmm|k9SENw^t9iknyKI8Vu3G7f-M9eflY@Y!A_~Ud`k#HrN zYLQ5<1fgxCvRJcojxDU5iUj|9&3N=-(dr)059{34FHl62^le}b1DIr}fH`AC@H!7P z(R3@UF>0+Rd|jfl~RQamT*n_QKHe{K*-;C|Wi)Z=1labw{GRXK0~a!js69Oxz> z9Qd;tc`x0ybg4KGH515*9d7&Nud>o*LR|jiFm$c8PX_wDUsegts zM2(DIegko=z1X<^fQ(#Q`KK@;8kCc6XOQuVk@n08(=L$?S5rf?0|DlD9?vbF#V#ZF zF+>td=)5XlyFWfCk#s_lo?sZt;F@1kAb)%hLPFcKbV@a2<(l$Yh>U(7CA(@(3QRVG zs#ZeWxQ}m$`LlF)XZyGSo;wOyds?P+RD$6R%9 ze^XNW?hZa1=Ny_qxL;g;+|oLyaRgJ(okG??K0)d) z7QR;j=nj0-U-(YWp;~;i_NqNQXEr*?ghq`ZmW4sV{)zqln$W#=`~(p`S_IBywLvsG zTd;*Cw(0L*i@vc~q|ej(FAQi>%;Ah---<*DFEroBAbrr*frsyoSH6Q-IWK-?H^~$K zWG{34gT2hc%K2aCl~!Y~yKas=>ge^0-{B&qgI#Euh)ZSose}H2Otc$ zj9mnNpY@&f(ffA3?jO9J9K^!Fm6fHN&Kbm&8Mo}{c)!U`v(J4G%7C#;o9UUa*rJb6 zdABykVtltL2#LMJu`1*PqiAWPU92O4i)9mV54d2iF|x-vCW9KJF&_Jq@4t8wHp)** zl)rZRtS5Oi&ROb0*{$4w+1f<#MOk0qtX z`uyYWhkn^|lGW1v?ro{LF{c3f+T7S-^i<^w&mIUIAL`bRhUZ~yGEkKZiS^fIUG|3% zab+h9R1=WRvv%Rhp_8c@oMAz~<(2_yj|%oq)EV*XP&C_Od(*?*chAaW)rv zBBvlD1*?`d;@#RBs@oar-D1mrjM}R;YzCkSTV_{`shn4idfT{Y)aJvnI5?y%>Gcf( z^{bp0y%o~2D2~w%%ssS>5bPYR@U(1VRazUk3%SBe#_BnA+<~1U>Tt;dPZ4w*ubgm* zQ&!T&gLK!{1FFx9E4ps5(LC6r6IbWH=ez!{XPPpqlyVuThUz|G@DX^>EE(mCyDaX{cJ`$ML zg)*G+6BVG@vf=`QX&km#8$qr2f?M~#I{29G=kp417JzWzTq;MonfHPYPG9=fVGe&k zC$ZfH&N}k*EnaK9$cz4w7EKh*IbQTv*D%ze3?GjlT(W1KYUB#}4x323eK5HJcol?9 zk}#e82%AtpH9+`^LT*g5gTyK|hspaCQtRB(bU%x?CT1!FRj1Qv6@IOq612@&BJ>+* zeWe~@lSRuFskrFWw6tBtdl52}i~aPU zW)xN_r=Pi={pJ|XU$fg--pYoO&p%|@Z|7rLmeVmLZ$+N8-H7UYCOT`ixk!&0o1gB< zL8Kwgl*CxUEGXj|GOc%8V12QjOvc!;Wcpx)k})2>ku`f!8&29RD`N4wGz!({uta)t zKkvhXM5M4+34#BOMeU(8<&T$x#4=`qbDYPG5nSmujO_uL-%#boJ7y^#YJW~QAo&fk%aNhn&h-jdchp2677xh1XZYvPFPFl zZXqBYfV5k_@SO#f0td+%Sk&&TgkieAX zSdsM$0VYnvd`Q6|c-~)(08Tr|JlKgNrrbsM%IekaQVwTn-k~d~LlCVQ^WJz8X%-4- zB8*!_Nd7fnofwJev+Lu5gsi0X`zWn<4zcR1d9H81(k=0KMT=mDhS@ywLd=x-aTZmR zn&H-HLA=vw&LO_sfboVj7~!!SPF1Ds1sZ!&Wa9VT=}KppL3(7EJ!iBNNXS4~7vCg# z6sWlPDRh?9DKu{K5*V0{?YiE6+v%k!Oa1%=P-$D#kFEamC3`&{W$l)Mqp^T3CkV*g z^vAK!h{i@UcGyz}{(}Pt^7&|DXD&TC8l6d~GH5t|g+1%Q|y{{Gn|EDoho7}F} zepJd;$I(qh_7u8xH8jNOjP$)`IK`TzDe~_%OdTvm>1nlE`5 zTWt3D*Ty!<@%-5fGaKl!`Qwz|^BG)(YK zD?MrGt#wP8OZ)J-JTlQeNhMKq_|h~8nbe?U(_~GTpE;vlz3<#Ynvi73->234pf?36&j~18y7@NlgK2c z5^Z8XB8A@j##9&R{bW_#H;f8*7KzAF1oZ!0M(a69yY8h}@6v_%v>J=!kG4dWx}Nf! z`OW0k*Isf_{H#Et)v9`X<=)%R=gODIUs(J_m$;9-VSrU-c9Q^kYmm#V?e>==FJq>n zroKEaLl#2K5`vB9<9a{#zMU3=jz0cpVc0=&aHI0Q>dzUxpPhEjc%&P$E}7v*{ws4# zKU3>gOm$xfQK`S)t_+0~YGr>iZSyeS)|_zC_PDtG{uW?*1pAZP9LzR{-9R4Wy-<#e z?zwb8PGWgj=90`G$G_s>X7Up=%G)!`RT_x7>bxZjc)c>$;Whe2(}9RR#xr^7xBJSd zyf_~KOqp!opw*9-VCXelG0V(q2&urjc^!74Rq~s;8fd%+WV?@t1c1Q zg^Pnmo{2|l4dyRB_vMI_YrW=!Z*~|f1kE!N&(s5UpW|#AZlVvZUTUVnv6ZIUj zfprT0XIl=CX-U9KL_S(s91Fa?l2$-C#{l4_T z??qiGinJF#r?Ap!D8o(N!S16Ru3%Rhdx&YGv5HxCo;D*mIQ|m*`@cm0b2`SF=W>k; zyHL<>eB(Z~P>F;S3-OR5?vcfE>t)Uv`jSzteRAIq!-IqV(T$9Adzk8z3xZ#PB!gLC z6b52Dy!cX5C9lxnrM_OD+p!$i4(H3WtEs$bT#F!c+xa&yIvo5d8DLhDE|Z@G0$smt zk%rbMSBkaf1z7H*4Lz!!cqB&-ZkHpn6s!9y9gs1m9QAIIn1;q(nuBzPYNLRWYua(D z(r@~2=O7A0_Pl;)d|%T1I^TUoeqp!267e|7_7CDr&I$tIJE7Mq(i{<~aS2&&Fpi>i zZP~yQ`-DvtyYKeaGJ=Fy9pID_y~G&B)PBv13bHc~&J)hA4lU(B_rpJIMzzs(Fq1M45y7La_ zxSyKYD}RX_CYaT<27YGTwq>Yvh?O>r3SvKSNyb3CK&UdV@&c@JoOBv3legS-=ySd- zf@=H=<}~41d~|flxdx?!EIkArj1v>QS7iSi28E=O=Id=nY{#c@>OG>wGq zrlM8=ToyHS=|h0x+dKJh(SZ)P7iT02rJz=fD{7sT10Os_OQ)6-yQcgu7=9yy;(ACh z3SgkxCx)cxO09zoo#h7HuY5BK zyDC|M**PV+%QZI7C16~kb4vfSl=c}Skkdj!tgcP$OQsWJ$nr3ce3uG#O;3|V#>Zru zEZ4Xf_ljif@*p(PT=(KQ@c5PL=-BYwYbm<;;x3k2sGIrQcUQDw=UXQ(rhwR|s( za%Amyo>B%EUN+|P$@gr)6H%K>^1}Mh!fH%!hGoU}9|W8|vhfp4ht{^V_azivney%j zF@&OUzQEgm6Lc#BEC16|kMlq475q+xF;ZT3xUF72<{Apg@{5)X-GB~%m`04z-NaA!oa=3F5 zd0k7N)2lQQ`3rZfue0OHxahAJ72`bokA{bO`m^utZ1Dp|iEd_xWlAb@6#6c}RWyg( zMmL%D#;q~Q+o2PcvA)c;q-1~fotI_y?5mneW&zU^Q3kpsrC0aU`8KvPQXT{NVL#_a z2uj)t{ccXW7313PSQq?Iz$2@i^X}@hs=71?vL@vD>OcU)y9tAT4Q2v4%K>eHomxdo zEOLW%7(H3ZGM<%HP30JFXZTZMXTj+z$F12yX1ybotlOF+6r9;9T1@IGB=Z&tV2~2Q zaJ6YXosudA9?7wqIQtV`!@AXtAbEUcE~<%olayh5uVww{9Q%APQ$7$ zaN9I!B+SL`erfJ9UKQ2M0M#Wik(q~1gSsTp_5|FU;iaINdnP;@Gj_nXq0v_JNWTHR z)GJjpL?*c2jS4i3EE9lPzdcGOCos^Z8 zXI;lzN|&ysT-{Ge913K&GyaB_q?r`kZ0j!Y8DBBs=61na z3KzAslKlGf4ljs2BlMfCg0`O9vlGBYAtEI4kQXl;kdGXszlk^zA}A6{J-O32jA~64 z!E_`S12s83y?7fnTPz$>10pLg0u+ z^*D&|u9SU1?OR>#eDkmMsWbv58%j^Td189(1ebmE$!uoP9(>Zq6YDXd{&0~OjWK)} zeCcE$m>hE0VDM+K(~y9u^pjgg*p4c`LvXM)biNilsXih|_DWLO>6seEWg5sh<$fZO zJ|Qv!M}!n2bqDe*td%l%1E~)}r*#bFW9_521TbD+4rd}1ux={tj?m(jY~414OnQe; zVOCBTC$r89R#Z{yxG9Lz=mAQ%amP5Mk-SS1V+}@~vg}9&fhR1CTNIKd1hU9BZ{(;q zATxe%cYHAt$~QjC9shh0QVfCK_JYjV$BoiXdLBV^OY0DNhYENgCm~SvJqMvq$WGo0A_wQfNkWMpD7e+)l|>mSjH16dKT1KN2mO8x#L?x5D+(Y^z-Ny? ztoPtjArusD(oc0xRtq#2B4r#`$%nJ5jfByH93Gd0MOGI@QYV|SoPY@{nijeNr9(k~ zZySjP&I=w0zNP8pCjF6goBi2bvY}u-re~0D>w0T@o4jGm z#giZdvCm1#vtXC)v-hmJ&QwLA{|+FxkY9W&tYEsD(bwO|M!M7p7SO1qW=W^S0G$+Kw z)TH=1Gu09Gi2m8+*rvKboN7MOAws(p4SKL)+>T-=s{_7PW=-VNFTziUF+lkw90^9BlL$u3YL^_y8Xj z#BRG^uAP=L9Rn;VK{%gVa=5+vlhSa6T^nuL%7bgi_|#^3Q&EC(kvxmiWvGg*M)%skFVmjvyN_4Gxm+9GLB-tm*kRPzwR*I#nJqQIWTxG| zxj=ypWhX1>2UzZEvYTRbldDzfg@# zPieTRv(;8p(V_EzOOQRCtYyZCOYJjhzKf%LF{wKkt^Q2X;5~x+8V^C+JaIAW2=WP#|Sp@zysXy|4B zhuI{u)cJSMPqd$^yMNxg+s7vplnP_YkQ&_}y#8PU$a3a6+kcFlB+zvEeO}?gdp}=u zJX|Wdl&0fN%4m{0XXTNo|EAbZjEbLq(b0T|@#kAVp8eCnoU7IHdT~h=X)N`SJhq~$ zJxGjEQxj}C8B)FgjG7ER64zwC-yvX1er`#y(BTvYLa_qZA^9GBTp{9iB(sG#E3cb% z<{cd7ryp!Zr0iF;Ju2_zL16_u*gFpu4eU3P{_Z0q!<_mLc&DbpN?S#RJE2SNCT zjdHzEkJQ7nqf^5EuqUY>(r@5Mc_M^K6h6~MO9)^5c$Vm)zJ5PkNI{zB3~n%y7FlTb zj)*W?hM|9W+QSftC~n33z?gx(l zi$a~5iRItGw*T)Gv}sKnJDhf;uNpnUJiP?q;{;qs3G@*lIqx18PXJhbZFglNLQIu( z)C;X}0*s!YPcD|#YD%%wNxUNW#NS;AqLf4?{vG`er^62K*ETx&0*S#eIe3NTBxK)l#Y` zSp%SXdmusLL@0s4!$F7%O6#D+f|__`Rj8<_-BH6TMAWSrG7@qRDlnAG=G6rfV?e(I z(Z=@i+>`R2`wHun_7qV9?)DV>k(0u%f_7l?5_T#>c~QZsgDUp+K~^a1l#IjI0>Y|r zk}03p6c*|=Ob@8HgqTzUr;r)-LK>KaXa!FP4@UFkMa?@rpn(d_7f?#1l0qQzifMU= zA~>l-khsoiF;gP*MiWMfQ}MwQvQkUWvby-A$4RBQQ)HzkFiaC0Q1CU5RPtOE7&%Hi z0y8+{l#r6D!VDajQ9r^zJv49<&kY?pu$;=p@2@%yPX!>W2OEm|ExaxRAh@E5x zke*V01wX7ox1VXqm2j5IuP5O^F;*eM*kT$=8m8t1kSA7&kSkY&{Q>`om^ad1R`nlN zqo7XVQ|~@UaMhHoS~Fv3t2pAyocL89I9<2`y7>q{!nC%|G@WnJgF_H4+i0dMQ_DZL zYtG4oqxZ26j`1OVKg|(@aZSncbGMe zv2ZDMUxD)gn8Y_fqni6z2y@yRnkD-a(yKgs^B0a$cjGo==$Yy)2oB zuT`~k^ZJv0%`>j+X8zz<8>`^*tIW?8($3?0+r(=wU$5`OQZZ=||8l&x|ErYFNW)+^ zw>VwmUNFNsbyy*z{xAQUOmX_-ej@(pX@i&R3KLEZ_?_13H~MN>p=ZFP7I>+f9JhTT zKjwJ~lMFW>Wt@}fB8bF;7C1A&f2t)g_AB<~%9Rt4^QSG5e{GSa|1VZulHZlZ`9@(peMB zMa$sn)l(h9NeBIj);+%#u*U_Z+8;m)Pc7qRkZ2-aHG8d5^=FocRmNxIx>vf1nb{of zr!N=tbY@~~q2RrzHxrJ|REZKY`X6rdotTot%5i(vZYq?=on7%#Gm6@g)swY-aHAFN z!FM3?bp0lkzzH+P)4IO5Q@yX~b4b4#ZSCybUOOH@P&3ldyCxYJhq#pHFVAkF)stys zUS8bkDJI5iK<0_LGat(~tsfyQbU&Ga!fp-86yKNLfea1jA_*5qCkBSml&iOLKqPt7 zk6e^uvhys$RpcHr+ay1PDmfl=_*(v{hqtiC$l0KiWp_vJ3`)}Hp4T2Ob6oPR98-;IC>iSa|>l5Va9nT@iY6>rD01^yJUZ{_iyDb=VWeY;~mdkRzR_b zP0QOM9DNU$u3tL7t(K%mkDe-f{bh%<98HX!E?u`fojzJM7>lpc?)nJwxi={bSZm1H zoykZ4>HJ8QHv*TBOlZ=vOwE+n39w=-9m^C7sZ-sl=6uoRstrYfbtHy`I)8F`D{a4j zlMZa%{J|!!wb$e=L@T=IZ!tvOA7wLhY+h&`*Qg>moyY;(vqc?awY4mf3Pa4K8i)V5|P z)4-}X^T-Y0Gvi8ettqPa990QYJ+%Q;GRew@wi|t9Fzk}YiD)0ooI+u&Y2_@{EvWk(y9AN zN=_?npwVwbNHJ>elA(XSb_hBisT?*wlGYS#l#vhVM|$rDMnU&%28*zV-86|c09__j zd0zxe%}<=-C9Qd;?kVj-=2m~hNCpxsaD%!X$wJ<+le`9Bv;<732UT0>UuAln@Jk+d z%K^PM4b8hGNPTis)W|Wl#;c%f%27vNr>mgrN>MvyqMfkQOxdWVZB{Y1zM4AVo z9BGyL10*F|siY5N?E$u4x}l1i>+6qIEP2+4;I6s**q?NkhNR79My(N=L=2cdEfzro zh`+7Sw6cukY6z7d5%>P3-aOu(lNtyVm98($KG9A)}KhE$G0Pr?Gwa6&V>x#+i+AjSKWQ@?vJ&dm43bq z!KrT+LnPO>*TY+pCI^!$?ruESiwC>X`1C5>iZ08v>b!F3*Yc&ryQcrkyCq2HQRlAB ztf8Sop}Kf8O21p~_VAHOt+GPtX~1vRqw(eNJh=S0y_`w|UI2<;SY1p2QQyj^>+?o( zXY+>b_DNON{ly#0?{C$&{FYliV5ya zFdyNgMaQRvuq~?VCnlw?geI7@PcAM+rOMTFkg*=iY^J20tENEAC68&)eY_t*NS%!hd*=2X;As5>fG z-Yc)f#$A4yn^GbkM@w~*b=ie>!)uob+N{A}di-Fd<_h-YT9VaXzBs0R#8t4^{XpWG z{}m?hBsTEAO+5LAM}|3q+WVIoDgPV3Pe|=Ld@Ni2XQ#uo#k#X9jrn58+je`x%_nkn zPrG|LLbM*P1vRwIwDCS*!txWFJJmXP^tKlHGA&gVR@=ndoThI8qR5cmU8`|oa@FJV zSrJp03t~~2p>uQ0W4W**_o9pRvOC16^hHy>DRs5?yYEZ29$NFDY+_|-^u~F`_p$`o ztjQXGrjdag%maN0ncvV0;vjWFV@{Z>xPduV0V-E8zylc>fy8JaQ0GGYJd(!*hLRob zGmC5A-+=+|ho5I;eU*})L_oxHGO{y}4r)QPW%F1=$plmjPf3F*F9L{PlC!R;P=#K! zt}jog!C?NNHzFi#X&nJ7fMI=Ke<-)sM=$T8Xb9SJf#5-J>gG7O3JV>{5jT& zB`kG4LxJdWj@U;zbMpQ|q|_zVhZoloi(I9LgA|vUtR4ng^G4w+0b2ju*;>#m)%hEP z6!*QMuwfpFLTnS($AU$$U_HJpY%@eOsXfMlq_ynQ;OC;?Is{iDmw!y81Z@-rE1Z_c zs8OEc1RWD$WZqRTiaIq^0{f6^d|=V#zorJZeeVY)B(N7fmm$FlQ#Lg05}Ey);t?H?TWvNo zSiy?gw2{-=BTB$#@*o2#3co4!BpF9F*H{Kxn3j72Vr!pZpTj@4sQh z6e#V>lAN*zW$;hO$Qn)IyOLC;;jtUT!*$#|CN_b2n_Fn?y(sS*DEDfq3_)m;d6^Vr z@aut6VzH`|L3(%&9LMtHhnpBe>G*GqRazTLSXS5AJ3Zqdr0uRK z0>qvHR@Po*&Z*F-19G3Ai5z?#7AG-}_CN(^@V6$W@kdZP(8qV}u%0o$q%g7S=Emt9 z(sb8?uLiQN21eF{*U^AVtX%fVI_n-)s^vuS+r~^4diOgb&e%@2ffz0glWFCggOdg6 zQ}%g5pfjZv6kA!#Azmg=X5Zw!wtfEvumgA2#-`ikF8=Nl#!L{#G(dAq=-|MTaZq{S zm;&RNqT4mq0S_W3gY1>19dz;(lYcW*7~Y7 zG?=uoH02P+YV3aM@1?@h1?LDjKPb?a7P+h{WYKqB49s(tmlfE8O@C!)phI~9M9*Z+ zOXIr~89CFHvxur-vlP}U2(#rPpNr|8Wkq27m^c$Fkey0wsg58*JeGm{zI?yLw|K}< zL73u|I5mzIgK9ehTY9|U8d}K4#!frpEeD?GWq!%Lko(2ivgR&&f(=uD3j7<7E5;3^)`%}Xa7?FIDU@i-uo{-ev=M9qHt}h0G z$vGDM3MN8>J8D|N7StEj|1fGVMcx7GO`ap{YC&&eo{6qA;Nf0vf(ddLHO2zhb>ONF zY94J9X1Fy+ws-(y+2LKxI<(uIGigMGa<2nFk8N$e+&UH`S=#h#4rm>Ni}$W@Ndi;Y;1|-f$cL zAbd?^z|ztuPA%tIdXt(1dt&5nRbpQCPrMws@7{ZwfFGEmDY(_3g%-{NXR)ji>z&TZ@tNKjQGr%uN4l+iDo=uj5h6b*FD|k8>+BbrHoyyc5@9 zr;hUJ_S$(WNn@d|z4dd`f>`XMuCF&>K$1kYSN9Xs;(e5;KLLavfu0r`4+zcM!^QCT za;Yye(bynQc*5QfhKMGP7!mve2lSy1$gAnyB7mDyQ z8_1iGHF1l3cb{bl~9m#i_og0?=2bUog>Z0C}`C)B#DLIqsJ3_hAI4W{LTjAPSmTc%LdHJXcy9 zzz>J??4iPtWYEFk3k~cc2kE$bng!nPt874SEva$l=HiQ%%?#~DuysgtR!%C zZ)++(l)605N4QuipV-E3B)aldm?aC=nP>!>QU{^P;%Hm-8zqA(x7SAatQ znn^L&lBhYQI;_C;+yt8iFkz~4yMY0fesq?bee z@PbmhnE{Ud6oR^be&&r~{(sndaPu+XFJK5*HNqTJa`!O~c$0(>q#T2Bh*)LBlRs!C z?r9|UbLD#wFP@SY18ZBG7nGn=tl_3<_fbJ_KbzYctbt*DW&+1~ICC&KeRaakg(c=N zw3Zma#*6&cgLp$2409ii=I(W?<(3;ZtMJ1NFS!=mj)a3eudJ~&dpn&KTd+gPKHebI z<*3!hsnRcp_hnq2Mi%;&VDM*-T*jS>ARi#leB>Q1Q@^!m)DAqyC_vzOb*B~t*gzs5 zxGY_rr|s} zz0b){a^h0Pbw?=_8N;85E@%~>IC_s3%o;u(&KA~jnAmGRJ8wqS@*dH(sGH91D3r`P zA)A*ZrcNIhK+T%in}5U(<)pDXXrsTr4plK~g6>C325B%^70R?Q6KY zcINgBP92&}3J&<%a8g{Hykusg?{;ayrZb_)XaNygdn_Wq$}itZ#GyIu&i@0Isv^p6 z#SqvZgx6AeI(w)H=N!aefG|nZHzvbOH8Uq#D;rOI#Pk`=R!}xK7|3n13FO8JY<82C z?eh|6g7=kUj9F6X3o(^CR?8XGvRyA@&*N;ffnbaqt_fd2rz$c`w=ybZQNV&*Kv2Jq zzaqG;S*5cwHfep+oC&6aL^YmCX{aD2A@LW0Jp?V<{7HjO+}w@pykn<@JbTA?<40A4 z%CZtf&VcR4u>;3apElB8Kr@OiQu3hoI4rLK*4q2~W&Y=>;y zqLDM7w0Q(bfY1<309eT{`>O?17OZXzxW^)A2x=EPa3(s7JN9B9nsS2fkftfFzMAs{ zDanr=>-u*0^Hdf!jk~e<$BN~zigccMNhuwp1YkDf+z1xU+Sr<=CmUS5Vu;7zx$=s% z)aYpe80>Xg*VBQve%DPE8?VV2vdI&>O+8o7aAN+hgD7gkRrQ^;)|{r3Xlia}l5`bE zfye!k*u6%AB+`0eL8gm~R7N3SJ6%9DTKg*xiWk4pM;+*x#NqwC8Q=<0=z5W562>ZS z8m9{#Y{Zp;CR2zgxrF(AdQ=|&U~g_0Ehew!lAu7dhL?>G<^JR1+PO#%=}C3e0R`1I zgsQp=2$StrNHs2C0K4sk{>0T==RgPv_}nwdrXA#J8$X>gK>v}AxQAgmw}y770OWvIGyKx1mZp~#9K-l^ zWI9%h=2G+s&5Yy=m1Q?#glDTY59Q?xL06j(R?j>RjLkXHlw&Rl@K+e`>M-Y|F*Omf zyi*E<^LpIN1Pi5_#P~Fi*2zs6i{*GT>OkwO8jrFJqq!ffxTxIV^8u@(=#&vQpUCJx zj%PvDh2yNz80(Q{s_aK`-6voOz`x;S1WXaS9JSf@S0Z8nGx3OeDX)NrM+L_lq;r?L z!3Uj}QbQTc05L3?9=+p`Z;{tePRsYnGvHunHUvjEf1j(WC9uUv9^uPaQyNlqE!bzG zi{9Y7u|!z_kaca&A7txYi68^J5{)^gLpkcmt^-jL2P`*i7X-8bSM&@8v$k?xw-iXl z44<|(7A^nKL{pJX;&>p;Hep z#rT`pVPLbf;B9H)(ldV7z%Gq8gPBUnBcRl#S)QHN8Sg1+sdb!*y60vVeA|;GD}8y< zLO8lyT^=%1LX^7^>NENg$h|zN$6-a(zz}Oi&hu@|wNFpj0pC#$%cqn+0+P-#a3T+d z@pXHU%fRq^Q{y_rzN;2mbG=zO{^_seRC+-ys}#H8=X=()=>8dV(z9~H;C&4MQL=EI z&#F2ndK~^_<+`232J2t{z(ScsMcvi|(n9uG!j*<3=80eA_+~xXzp0v?Ayub}ez5gJ zQlHP59|8wpl@U%L%PnaErAH_az)k3gWntNmAi$8*QkXwSIhjnW0})QcE17+b)Tn#m zP8;fPqIjzdOq;ij8r_~SRuG!ckI&elCuzwp%ck#ppFpr|=>t3i<~SHy-^e|QREK5fD=*lnP=dUPDTPj5<1VMB_j~V)wRI*al$9+`l<<{ zgFT1P8XiWB4m*%JEeR+HzGNiO>^e7Oc2T^*1Re_zHM1nrKA2lu#+b?M8ZP778d0(W z%8vGvt?lg}0ZyctEgZ<*OUq{Ry4wg&v*I-q9$^?(f1c>^wgoqPFNk)FYXGaO=~mf^ z!+n1-cNZ_aixm`$Xg5`+D*+YdUkJO3e@1Zba=+6=K1^lVvFx*U(!_Bn1#j~&I;(`i z*VEcdB{@GEDGt+}Jm%)oy+(`pR$sLzNe9>&y8Gk9O}#X#q*-sC+%_*q{l1|ap0A7a zjb0^OFzwB*Cr&OxIDTx<+&$?2jQxJ)>KJ&HgA-A(SY0dppPAO!t-LxqX!BHcs_YBN ztY^NOwCrhXnQ2q0td(&rTVvmDpF#iSH0Vn}v}#8}0^Jmw)34(j(2A4K&)!;=iTh1W zv-;7VJPT-brbwcWgtp|>ePKV;6`6YOhu$ncO31IrT~d> z99Z+$-Co-xie6p*rry@7wix8JF!i1|AB}W>HKg=hG>8~N9AvM4he8}!ZN#j=JxxB} z)OkQm&&t4`VySn+gh_^EWYDqjnL`2WoX8puO7HPFWGKQZ+F^?VhO?P$!^l{D9Zwi0 z85!sSkO$3P5O7o}~CMiSPO` zB)boik`APf*5KMnCUoQNPvv1~d&m-IQDjQVd`+AQ4Y~*6%*GPC+Y-gix!GiyQ9J^& zE;m3a8oucaIJF9Fy)`CdA>T}quy+J%f{qV=l{Ed;zC4x0%8;x18fvguAuCNV*dItw z=OnvlF*3xvce1!U2mR{k(cc0gX zQFZ;UkDH&Dlg#GXC`BBya}$r zIfugq4U8s2yq-?Yn}*fV2KS_k)5F>O>9IG+j)+|;$DxK@ZjaL+zr%+l>$3Ur&%Mj} zxTw+&iK!xOY&U^U)|HDU)+HCM!v%+I3ZAx?rbAj9YG+Z=4ZCcIoKL}vX##17)LC#R zp6l>K?4^F}Oie5wzP&*(XI9J0wjZcm7w^XtxZ}#)Z{?s4V(?6Ndb6_^>HxFjKW2yb zP!+~hRB|gEE8Q-D>{lS3<;IFBt2X4!+yI^4{G!VVSGkf-q<14U8C99GhBjI5sH3X<*TI*QDk<{CCP_~v z+=FqNEtU7C{qieM&zQuQ4lBBB_uq@JO>?J&z2f*P!`5-|48V!@xbJYgJ3A?Z~&(E#d)xNfgt1qtq14vVnx`q zKMgBeL>&Yh9J&z-?}H&^MLpNtGK6?|)i09blwkz`_cV&?D)@S*Zsf=&jnn%)k$?}3F`j?`OD~%1S zf1#6ib{q>}pN6_&!X2Rl>7b`z?-QQUfNCRbhZpe7M)RysSA|(B_aDUU}s}PNQ$)-4e)^LKvTl15~AAWDvWL}t}d<7c+Z(i4sOiI z8E<7`)SMJ``XHZC^8 zubz_MnysDWIJwV3LeWeioYsJ}v5J2Je@u*jHeyZ~o{1@z#(lC(N|b1@yQN6Z638x@jNr?RbD5~qbDT)Xr#-fS`-dNjNxs&$S4hn2}Izny(3>8URN z>p^AL#f;vAL1}jq1%LQ96bj1VzD-A&STRnc7-p4{0}0;->{p34Iv}uVoxYVE45^KKNj|L1a2Oc9W6ah|@8ef*c%pNCwnD4T3 z4vQhORy%sdEpMGYCBO!9n~iMbPb@us*k|E0FMd?J2=_9D8Y*H= zq7v%Re72%@Eb?njOc(Tg78ZO(nf-1d4=YBZH$IBM7@oxiO|p) zT#+yH5y7$Xf~QEB)-`jt)+5Sp+QFaQpdhxKxP$2Nf(176)O1koRG;1>k zDat|`aerZyu^y5qAm~E02NIMQdVi}uv%Mfn_QwBsigGAq8WaKCgXJX}`n;rToz`^L^gxb9Z%<5HcF+ z%K3==MR~}w7n$*u%Y4HDVEYD4xboXOJs5jMi#8Ohq9Q+7PqmM@{3|-M6$Zn>Pj4u{ zt)`DK_JG)Y_&j0Q`@_vib%*DZs||z2<@e9ne{u>vh%}X8^m+IgC(L;2*c+{lgTGi8 z@$?81?8Eay!ttODlqIQ0Sm>Kr7hpoM4ERJ?Ar>$p?GghlWDAOkD#kG9(qWjNp!Zz& zgPB(i0jJpWb(S*>Hr2%}BET$L5YQ}f#LwMAizdK3iDh(kX*t?osgg){(JE6Sv5TlQ z*tskyAHqlv#4olcpR`7n^m}%JJ zPM}C=_h9Du&k7-nyZHDAtnS8ZE2=+rafS+(K_oV{v*<95S*0AVIEGK-5k|w%3IS^mB_I3s(?VaO<4(o=3q96F=qhTLd#wxnRpCfc_tM;T(ciT>|(ZL?wt5L zj`oQh?M5V+(-i7(o+r?f2|_{fYw{T=RE^1(V0`vKU zgm)ontoJ_fWTHcQGlhwZu_CHQC&2;5**Z|FNoOU##Y|rU0|0fM4@4`8BL$5HBQkj_ zF@_d;2^0Wr0`4k%XLkFkvNdXovzrA_N)ikED8<{Qj@(%}YK_cANZ1iGg(XrZqNr}Q zPh(m*@boVYpaqTG%x-p<2fKQ#ur$PqsiiAQ7A7H!fCNxs>;cMJX*NRi^r;4%+C#Fr z%*q02(6N|aWaR+kJGpHjWstvxIeF=mqDv+Kf^gh4O9z~q*S!BNi=_eFjtu-pVJTMKXm3uHvoYsth&vqU>0bO||pes_Cx^(v)a zd{g(z_Y6--WknbxO?5duJo}TQCumpTB(7T#>73p>LrFZQHBHbXloih6mWdsHlZtJI zhfIH#BoV6lbVqjTN#f=|)R9%V0)yKhtB6!6%%3&*2OgCg{IS426xz;(@Spp*rNo-2 zf^Yd9`)_9m;rgZ5W;`NAgP?R=Z=UM_49sT&;zWeh6VGBHX`ev+J@rhP-Jhk(eaHI0 zoP8%dDOb4Xg5#7YG==O=aFHbIGdQb`R56?D8oM>egRfS;M{3& zmD-D*d;4E^qUGbi`a5si>Y+blKEJJBr*n0Ex#IbgAigWdfNKU!9y8m3bhm(qB_lO` zf_a!h2v%Kmj|@E1e{A?7)AB3}t#;5Jr#I!4>HhTEO{E!OU6k}zC8*@QkKn6K|Ikgn z>deqyLPZk1oqs*!9`S-$zfsq}yy`xYx<7O>2muIc&oS{M0@L^bL{8)g@BD)ICRdvL zr(XY$D-cHZe=9Qo^Zfto^<~Vzwpn6#pWje?LdTm|4Rr!ast!ivvKtiTjRIm(tG6b5X}Xwri(xF(Bz zcR2W*fUIcY_x)eP4Z4ZyrCn5(|7s(8+%-}(vBYJyjx6`XwAt8ZX@S5S3yzYteCA6a z`4tY4bMDJdEQR7^5t{jE^`>Lc8)un;o(uvpa$w7Fj|^wSX3g;V42k`p)xpGA?xLaH zFQ)9$;CH9o*gvg9Sm`xxRH=nw<@BDoBc!d|DDD^#b+}jrre0xV4Th}b?cWhQIp`k9 zrnPeblIhq|Rqac}OoxLJW)=&opQV}-jQszKJk(19Fb?5YmG!SABfioIr1g!$#ho$} z0@mNSp-_NZ^2SLUsBCEf?PlhQeRb?8RARWn1Mmn3eMD@l>W11slFB63)t}JS5v85# zXV~E$OM+IET1pARaToqgWDuhU8UdFahcAo-fHrA^ zxg@iElhflvH!VZl0gm@0x`+7mByw%l99kk7JvkxHT@!ZPJhp3N<~w#&C(sEc0?Kj1 z#}EJmp7xt1M&t1O-U*!BYwy0b?L#nW>v6@#SfsE&W<`j^pqM>RdJR2pGeb?@`}H?x z8`dW}y6;kZY&*z{7Llb}Fsl|5Iz+dljB;DDHA}}}Y_vJV;4xnx0HSzTx^8V3t#_X{ zrh3@7=~#MO)q%Y@i-P_Roc#p8C1G92a*cutg7<5eCOSO$y& zRKBORB<^2*2TW<))*3?318e+vj2+o=;`uC7-exupNugD((>HmNp{QB%ZuxJll*pR_ zyU>x{5weIhvZSL0&lF8T1)2;7AWCgd^8x&`dRMe!Da#`P8Ow~|RiL(@L+ydF6@EEE zu1$R{j^M6R61zkm=^4~S zckOAJAv(}UM`~~Fn1{BHxESju-jp^Z)Dc(260yc+Qv~JWSKBFVPI|;uin&Uj>^gYn zj3q3mLW9l9>)}!bMsAzS>$6wn2ZF-X5M2aNL=*Vdtl9t6nNI2_&Fx>OS+F#(lfttv z{d}?_3p$`=yub9vey4i^vi8uf?YDKQKDwWCTw~ByFO-(2b*bmwxO#_QaPkS#%R#n< z;7kdmJeYjrDa7f#>m)Zj3U}+XI0wMmqrrNPAbp~^RCq+Xjl7^w#mbfZgl0NYiVV)W znh6Eyp^lJqEAF6qd_RyxJ3}FzUG>YcZK`0oKN&@(fuz(3g8arW!#k13)=1)24Y!ZG zt$On+u7!Y>ZlmiwQJkQ+G4R`L{p2^@P$`P%H52nhSaWnJ37_V6S2Oo}_o_zuaeBZo z?cQs-s<-359j1(MS6yXGTVaP$%w~0U6(V{!I($dwMccZ$G2**Lt6Xl?Z@Si|CMO!B zrMFf5tR|tyk=i(pO0tY%1G9?BoWE?CRIAvhG(r$fSk%d$_gZ2gPeH+wO$I4kJ)^gG?qxxwId{4KQirdhlnH?*QqFm zDDF|bT~%o0q4d7ngf#euEy^06>y{N1sPi-ZC;e+V5m~XY5DOI0Hm!eHn^Vr=)oKE* zTn=|D*?b+5z0t7|9hS#~2!^uuTB;=ki~~(1$uVuEo_m2+4nF_ufBMhq`v3Z0?Em`& z^)=RC+e5YoPoLm9c=h(M<|L7e`2)VTO!38%OqP2zjw?Et;SytA)A7pD678+nTbR%U zQq6Nx`?;MLG(aN<2{=x8xKl#2EvzXH-ZvMIyMrO;=s76fQRWiqL06bua5Q*b;|_+M zH2x?Y!-+4k6HP`eZXW|VwoH;7anr0~5RL@m&~$t;HW`_Q=qX4qtzl?)iEHZgv9h?O zdfL&Jt@+OLSMbrrz*lfKoM22g>uK8D_Yp7eyAxbyG=Se7gA{DAk?f3Swl?%WTO%F( zFQ+~h%qrQKJFO!Sfe37jo@tts50M4!Q8UX|56mjWYgV*ZAq<5?`Py1@dh^{LK2FY_ z3|VpG%=F(5o*dm6ATzm`m>E67_0ljnjBzauD?|;MH`bh5apP3RMNs!Eg9=J1st{oBw+Qo(x9vKaBV)VQDAWjFPWK*dr zhOi_;uS5|?*bSB>Vxj0Fon`0;3b~}0zBAe9lyu~@Y7G{3}Qa=yJkRyg&48&ME zhas_5k%I6_o8UeWX~AVdqbW!M5m}ojuF$tMOO~RaZT(S_6gSTBvfGLMMU&{m7NwIs z#XdS>CTcM5YW8d+Dcb9Pkm|FtdopypxbTDL@DrlYwfJ1Q6A({=d^U7m!Z?DYKB5=h zm1vU)>z+;fHK}>Kj+q!PCK17PYt2(0)NmEFLm!A?tsbh99KGEEQMU;>#aVh$mOm7r z#qir*S(_jhuJAOQtYepirk+$Sio4mY`RGWV(vEN#ek-uelpL7H)Zqb@!DiX#!A%_8y$x$(Mk}*Pzj2hJHO-AY?xHEqczLbY(pFLHgMuP>;)kd=)v2PCSQr0eC%uDI{64)ffuyT3g-?t zsVbo^DjoaV7J$#h|9C^4SrHY_--*psiZm}r1e4@LX)8j>FRv#=`9o-p0MOxX(Uh`* z)jc|-P^a|d0xA-9;MNfgv~v8F@vM^9M0%w<*7pwr3xaIi=mJW3Y77I;c*~Zqgut&v z*UkhUJx!tQ&r_ndf0%JR8f|IM ztc?URB=lXem1ixqwvq#8y(VbW#5&Dfy-;{DK|@gE+uP*?DQ0! z{{A0ugvU%SHZ-dD)_-w*42~6kHct8*#9?L+@~U0GsJ5X+F^@j)Gv2bjb3`s$+>W;& zKlRy4GO_hafZ-qD$rhBN47U$0FCU68Xu((@7JiWK?F=;Ybc+Ud03FUS7_|L5# zUsS2Mung>6qAgu~54&;y+}eEY0RUSIj)H*#QBjWnvRH*3ccqpJv`G4LF9=58KjZNNG zAcrlR^{r@>(7hu&OK;-SgPVyW3fqPB)~&kA0K_&o){u5+FZDM}Svq&dVoPsMi@oB8 z<9fsfY~CE0_D9iCnm{kx#s|_8Gy@i9UB#J%&3BXg`(@mMUF4?AXxKpys2eZqOAkNt z{4CfT2-G`a2)K~vkF7kLxnwo_#Qx`8zVKN!kboS>RakA)>0c+upjy_fKarc z1UVB}YE=LGzF>>hiJ?=J-A$+38FuZR~&#_u-DAmJxa1Bm{mu)Gn5TDk$hEg%89PnuW9b+pi0t@T%iSjtN5?R zzyQsdve$>F8{9FMeRO#Z2svd%k=6%F>E5%&jk|e3)Q0C~w<4#t7$>}b{>6)0HQO&e zpg93A?HM{Bn*i3R#U|umiKkz801vmWr$N?qJYQxLVEjq-PvnEkc@r+ou0&tPc@vKp zp?g9ps`gsZwNbop+4qV^%h~++K9)YUPf&Q1SA@#@dLJ|w?%cWUZk6-PMgDaPzWDkZ z@}V^@*oRU^HQs{{RCT(I#<-P-TmGh-wLpxYSiZsJ)-qmkyLfnfLeFNi(U?CvC=x$T z_MF^YeCb_$xt4F0tEZ<){dJlapf+`dKCyg2y{ncyV-H;%_io(8yk0e?{KVI;4dV!4 zR>b=KaUX}3m66m}6yt~K7g)jl$y!cq8iGq{W9d_ltf|*-Pu2x^1Q+##Rde;7TyF)h zP<#@mJy;9eOwRAd zK`E}U88{CpxN8~RGQ)~5;9BI^>p-QLA)~#vYgJtVw;Pnk$a}&sC8;QEn7fn}#pJ~) z0V1Rr>AFfO;9Mmg<;ss@+1fD`^;!)LOGT2gr`^Bv@tJeMsdM{bJ_f%=s6_jX zeeV|^-k#e345G<(^SQsPFM8?bcT_$Jyr16XmwxX}dwtIm`TC#NO9aUtKk*ro4Dl6u zxW#7jTTtbCXbV03I)-`tpuOM5Gj8(P-x@atsLbWZts zTuDn(ccf?br?e2hHz8&YEk!hQ^(g zbNyv?7baARM01@@E~3W(ksu-D$d2RxM7>#<>0r&WaK2c0-CV3T#Vmqz?xM~o5d4iH zxmmo(>$2w9N~8~~-*^4(WYcF&b5H~G?|>bf)=BP(s19jJ2jX!c%=F+noc@o*4fkq@ zPJN*4mNy|P6j}gp1!=wN?>wgmKRoZx1;;ru1Y`FCROU{Z^)jyKbNh_Jl+OD#Vwi*j zJ`{V_!j3`jV`ij-^Win{pp|JpP6g|hk-I?CB4zfXe!?78<#PG=i5t9SY3AJhN&Ypa z(>D2oS*qO*LaA$3^I#=wo2gTPRC8#hZ6W1Uz63PbrZrjvu+_((Hz!SB-0VT$gmGHO zW5~HB2urYiZym?O5Okw2Z6UvpeR=fYFh6=Ife9aWFnSeD(A-eO0u3L*_{4r2RrVut_c{7_Wt_ze?c_ytGS-`lvpJp?q(TbItZN30;{X$>`Kbh?qxOGBa8;P>8u`2XquP|in)H~z* zMR>x5CM`nlRML6FBp-FHA1GOhTTS~bz0!0H5eVS@P*O^6aHK{Dc zWpdEjDiXYZFwKtuk7C=r=Q!ARa_}B^@^!nTtaT9h7-6d$KGx>FRu$F}2V7+3d3tf# zfTE3Il3J2p11t%6ll7M>+%B-V2ZGu+E3=`G$sBV!v8_$1Sm>;t_TcFu1r`HN;E+x5 zUv*fHdVdJc$(bEbr-02OAi(_BwUrF9_CZL_G4w5(Z435!Is&J(CQaSO#FU#JBy#Bn zF32mww@X+DkRw&>8B(%xlgTsYlm@YvgO`LA?(Q?U&pgr+V#*~L?C74x2k1D1SNzSy z6+8{fWK$VS_l}4uk331XuoZk0ic{7xSqSl}!duHbk=~JJeDxen4}+k$NNyKbQL1Q? z(xQ%~P)b6(g!rZ?W$KE-8G}vEMa{9Qj!I!^d^}*B8@zvMyx*u~L-Ta9*Lq6Yxm7`i(csosJ`m9U>fE&ohZn_I%6r zzC|Xu8KGgdv=_YV$?!{0{1She#upDBZZ!E&!A*@8fMSG}o+znegO_AUI>IMKIEqgDVZC0^&@roxc@n|^z-DjYFD3L#x<-|qIIIFc8IK;(TH@y5E-tpH1T+T@LNr| z7@ALRd0erYI=z9-0m;19@`;udF3GO##DxpFTxceV)*0UY1sai-=bdxlEz_#E$;Q!x zN+#FxmrGW+p{n(acKKy)>Y{<- z*?rk)j$f%zqB^uO@R$ptKd)uHKso>}x*B))0&&Jc>qkXxTb`c16qn0=hkQSXHt}`^ zXg@BszuHGZHf-i)b~SJ7YWn8&lx&y+(>Nc+?f{VeExRDJ{t=%b^iBuT zg{ly=cb%i_eCWG+##lk#2?nSkP=b|g8!>SsZY1;k%-ECc!TmY}@WHs1lZ%T_m=7D4 z8-cLC&j>GvAV7i*ws3*@P2g03GKM))vGa-n}=97=jHakfI%>kxsenc}?ty!XFA zfRyd(f7^x>*YTOI6^Wiu46B84p}DRI@Sskv>;^Aa@nYawaawP1RWHLMj5=%7s`8*_ z+pW&vUMV??oG-HDT5Qhp4CI=@n*wd$yBv$ETYiqtlJ{$+LNyCx_d+%?G= zRDJx}`lC)q#ebp!(E+q#U44!Fc;P~+UJrX2&-grj9SOYBNS1mzIeZy610JmM<=eNB zZEcGoU0J#eOA}^c;JE|ED{7xrt$XaI-x`1D4unAGd~cZe3ObO4CtNFvzisGm)sV$@ z#M^WBcH{7Iqe}|)ym)NJT{C@p3Tz8mHodn?iKy|Ki6(nac0auW053Y9MtUBsay^U5 zz2`Urx@1eO-pUuwcu{eMJ}%#q9}bLmJ3lKn)@%u}7Z?;v{q#8)6kwJ|RNJ#At|;>6 znG3}0v(?Wre9S660sMf0thlX0hsa&U=D*dQVmTg7@IhJ(J8wlrh?l!Q;qs+;Zac!< z5RkpY350l%+Tc6F1UPv(7Ow0O6?wILU0n9J4!s{@vt51bqFpfu4s=q(0qpDo95L6DL?W8wipLj<)NDgznT_Yg&BMWkH~=MiWxP zSD%d88SM2)Acf#tipdV7CkTqAKauyh=LkF5ItAMcGSl$CpL1GbRe3$eQ z8wagr=w=itEFcn!_ZipuTq9G%=ySH}_uFcv8X5T1l7{TV&9 zwVVYNs?M=!E)~5Hxoi`}Y}D=@e4)U%|7m)#FGB%#HgWXctB??8Bf&>s1;#JO)muQ& zzhSbD-n=GR`Y(`SucRfh$mM6}zG0Zdti5C(kabEVet{_yJ!sl?a5h{{jExEAbb?}% zNh=21C8m_>fuBjGFVzD!G1-;>ih6V!m|mkv&atB6$Z-RQN{!I~so|OvN(2KHzt}hj zRkOn09g-1!MnI@?x%$GiD1L)zGf-yx*Id>`b!mX*{Idg7ygN(Eu!Zfk-%dWE(6SXc za=@Gj7O_MTDK|!|s63+}rue#p-hqop4RL1!dT5(LCkKPn@mERK&%VzS=RL*mCx^qJ zxb93@QqL}SD^sY~qwl8Tzfups>qE%e>u~R45h{v9mssDN&w6IWR`~$46nKKi2d$Ld z5Qj6W)4xTHWcyqJbp&gXU}5|IH#wKc`<<@^wD@t1f4b3(Cuj4_kOK>#(`qr8IG z@*kSnMTEfnZ!u7cpha36Lb#JU10|Q-VblkRe3@8(3>}BZbqFDbmEcoz(Has=t*|!P z^dh;1Vq|YX!XNO_YPiNTs^5e-Cy9)-j_ro_fhX6q9&W~v5q*oaYh9W$|#H(#ZQk;*mLAR z1kAh&30Rs|ozq13J6hj5V;H~}N^zP{q4rpRoX|-sZ+Ec4M;@8cMI&RIOqOqfsl!u? zx0;!~Yh)}pS2K{kiVEp>K93Uv7R7|1@8b7fI7A7x`AjoXJk%)xQxseUu9|Pc2ux|> z2${j+5OijhKGp^EDH4AmHm(ko-zSf%+NzO4K95ylm^NODa6*aSCOB*$HveCg z{Zp`LYp^tkPTRI^+vb|KZQJ&mwr$(CZQHhcog23!I^y3Eefn`cj(Vud$}cN(t8~b% z`_E)n7JOX-M>N>~aF+~0=QfUA!+bJTXZn!A+D_}Mp4@dIfpwr=eEKHsNn8efK%?M3 zMvEI6Z1;pk>o8JY8njH&87g_Db%R|r1m6r*qcddidD_;*u=jBNR}Qx1Vhchk&Fh(L zwz!*}>u)Bd@%u2)E6bJkMpfV5vny&iHS1~&buAz-3^foXP!&n+#aAPU1r}$T7#0|s zC1_$?={XHGAqEIEs{1mey2RJYCn7+3YQyDoIxtenNIXhC1Gf{{YvmKGmXSn*SI0Qk zHKPKDB+_Xp0SnAGz!a`BwA>cEmJDNh;%(*yE4>RE_*R`kL9)41f6X;jSky=mro=xrAGLw22s z)9V2*p>YjMC)yoDPft%*Uzim*Q0CTo#sZGB;yInCM<&8FyR6+2aC5nFwHL@&N^&$M z5(XJtxYDyTo~-8*GRhEpI!r@}Z>1ZHysNb>qsrJh+(CCQ)RO_d?BbiMUmP1qQ#q2G zrTj9z9P4Y;NZeX-S>1z=0RG^>>!H84Z90xYTuS$`;*=q;P*w9?esEtM3|V2~&zQgYke*$8_wC-0f{qiljkB6Av-lD*G$gPc$f6zL-0h=u`uf5XPm0nrG> zzX>~>b=#(#lzpoos_bLa@j1vJJu+Ypn8r<0>?^dzvanNuj54NGY{$)_jLTxK+Da8s z(I@!irzlQtRDL}wx9xna74E_aBE7*%Kwlza!4_AJQ3Zwb_{BjU83b}+R#6}^`}`v5 zH0`vC(4aM&)9Sa!2{9`DG^G`KMoJsKDv#8(>n_OoPdql;1 ztA=11u{AWG7uyH#y zt4g4A59iIhWqx7Fr}(v!0QK@bjDeuyVy zD;$_6AH+KmBpWi%JQ=add9W%B^+o;NEeQLQ28|!Xa~wui!9cUXM5_j7J)wguJ9sUw zVaXh9VPOuLb|!&HWvdq<(OExHMEtzxxm%-o*HfGl!?Ia)a3C@ICl+vk z{0Un9SjVb&{caFkN-8M#>OQe&L8fiL^E5kbtHKNJse93Ry~wJKD5_TZ=Ro|%e=>I3 zFES@xKLgy2@t1rpJZ&_UmP^2nPc4hk{Y&RJZ!*uCwmCgs8~mCsq{O|HBjVT3WcHYS zlr0F2HENqG_OL*kc&;SsS6nhpxGOB|n#`#T=mF?qDnq44mv5dsc)#@>3$y3-5_t@e z)R-9ps%0vOl21cZt(%^M3IcTS;4pb9N^-Ys{Whk2x@=NV#?_LeS!g`{oJNmKqnIYd z6c}T{tb4~0vF)KVGD|6?7aO7Kjg*II( z1yoO2y&CN+2Z0T+K*A^i#YysLeIV!N?R4$lfIfR#I}X<7^1l(bcE!aXgEcxG??Fr- zX4vU6TgCE(7-arQng2vm_TSW_LwyWg{L+wE%fcr~a41%qaJJbMw8vR|^u@9zyl)K4m&ki289xLzgIHLBuwMU8~|zE$x{ zkPmdEV}hVl^sICVIPI(;2E`l0oN`A>H$V0*3=gyM-+J$0Er)c_UI<>@LtqX?JPsem!ZH6Bwn(ld0PVav;+j6EUP42VUxH zfZz|P%?pL~>h93h-W0@6w%$aBr$kxO>>HcFUC`YKddqs2A{4v>U&k{(jb*7aFFz zn#?XT>9eUnSMQ?Srb5owBF*jM{%ZE4|9=$!0L=`?UN-5N}jo~C4Kb9d`5 z8ZLD$wopl~T-nsxh`}8qp$VF@H>7+0tk8}nqae+8EnXTo;mR}xtAoiV<+@8yEjn=# zRJP++I0p@gj9AT&>}#aqL77PN{M4a zZZ>j1=Q<&EJbl7k#ETti68~ViCj2KIib|SQk8XJptkelcCyGg*IpUf7q`HljoEpR> zW0NCvq7e!|nt>@&j?>mZsh`_}02U~%N%2<{woG_|!puEG!K=Gt$11?7*iOXl*zZT& z#%OQ<%TyP$rs|q09_jUaHqc}9q7T33yObsig{&@izAnO*eU$0@WCDg}rihe(2)az! zWu~$c>$`~3Q_yL{tUNp>6zfTIznCiaF@*yX7TN>cRh&Zj<}{2k3&8em&kI*v9zHNoc+{J;>)D)S8vtH zg^89Jk_w3|k4?w=cRwSMybh@io7n%;!z5?X>*95*G^tqVk9WolB$YJ06A(Uck-|QO z;3$-}>~Aat0}vSuj;K1)MFUz^RNl^%C3@e6EMy_>|(uF&p*cJb^TLMd(xK&Tkzz5pf!*^2-S3HYY~ zx2Ob9VO5FKE*;EJOelOp)*|S^s}U-W0J=^1%7)I3E^wJn&;43hrz0~n6b{xil2A)_ zrukjfeUh1I$9qSFV;rS6>I_EXcCnvN1|_o-Wq z;im$_8}Q1Z1Un+_DB+(h3@UP3fap(lr10Zv+~#cPYl|l{2cMNY?Lmv}*n*XsPb2lW z{M7yj<2%raBCqMFpbe=V{8A;Cwxg38yQzxmYW=kP(?Ce!$`LJrat^*HK>t5}-REij zeLp%BpEt8Iv`Q(GeGG5OkQlc>R7>R(zW@eCU6TJb4_N+F)A;{oq)N*LGa&fiexo{B zBbWQkFBHzot|U$jTeF3R6o{-5)qT8PD{`c{-z}v3rq4L@f!X!x2h}(^d(e}rTQ<+d zt?GkdBrBMZ9-&^{0V7hn4)(+Pl0-0I_FR0nP)3#Ck3!huBEt9~;z4Qcb`l;;mzQse zPUUJ}M$QjImj)_HzPzJtAD#HcPY0GouldV#6zY3VC(!1SC}z$MKHS?^== z617y-kLYzPiiZ5SRr1SH2y&t;fT)q|PiO|&?L_4ixf7W&I*?O$0KSouV>t@-^6pByeWWfXWFHQvqa%Dc;#JEh-uJ&XJ-GOaCV%cskgv}xA*JhcAQ zfal$nz8thm?sf{0xar5DIm5U81hk(;oZH1=iS@=!0HTDCsCPBzj7oq6f@X#SDHxj6 zXBh}IgN=&OzNRM41NIA(gx(i~p6GUaS%}XBsj zSX?#0K{rvGX7m0okTZfc|A3ljll#vv$mc&RDSNGQH?Flcs37OOu3NPn&q5 zfcDH`ccNc{SM^9zX{^Au=;0&#NFj3yrQm~a>cC5JL{)2iD!CwG>Y)N(; zn(Pas&=Ufvm3+w)<#vI>r*Shiqc;5{rlCfvuasbh+fBvtQ#~i$gB;ke)AI`Db}0ya zK=pSQjU|Zy%A4P2PCoR@{~1))0*_?`A_iP`wPrtWer+zHeeltT0gyRBR!*{q(o2NU zeSpO3ndM8P)PN)`+z3X494+ls*PZj6wd<>MNHs@8@g!!L`2+z07igpFoK)@!q#~JXp%oNKxLB< zeYfO-goUM!k9Rsh4ElkD;fFkD8EjbsE7Mjbp0ZG!2);TRV@mO#nn?Xlebis3|!(&7UV0t zpN+s9rl)9Pc<)s*hI|II0FpGM5v8 zm*3athSf4xq=xAfIun`tq?`9?jfkD^06Bc9nmO2Y?lp~z>K_66cWbFwMjR7u6)kJC zHc$t_82#OAGwXD{-ep8LC?fh%NTJU-TJ~)8TKE6nECRxK!F|6F-R!(QGr=P6hT5>8 zBb6B9eLqnbT{>x&QsK9!hUZg2aeOt_Vz6N@qU*5RT0F`JF7XLtTV6kY!doWJ{zQK^ zz{#1PD<3=2$3}!W8YvL9YnV|^_!Tu7GVS4;cgYZuOs-(%-&m}C3Y7b;ntwAOpo^v~ z9wkN38@Won9w;3)MkJ%%w}mK`(h~i0S|J94F9k8_;2(0KQ;Ai z|9{?y;Q#$bEjn)U&maSW=<83U#s(6j@33S_h>!&$68!B3-GZ^dghxEu$0vtNhrmVP z@|3n-tWT^zJVG4-dyMw36)fg#Rm0v6p+a0*Ql?B0wSg>tdL$(rH%;O(W(o>kET~#Mu7y*4xB~q=>ZzSu97fjHRl;d=Zt>_KTJJEuls6UJxc1}1* zWN1|@kW_80fPHqcJx@Cp1KV?RDEouZ5XzzU?^PtM+RJVwT>?X-bU6@&g$Bu?GPUPt z`YTNdI9niOJd0U8D`vJDcK&nOM`KGLY=x_cE-9%1-Xf#OA}A|o zNHic31zMw|duSq|Qo6;<*XLAd+uFn-u!w#b2#qxhbLRNaz6^DyA8}@q+920YThbj$ zoU8tJNYPy(FYC+w`NwVl%Ks;kxQj()hSvc%Tb}feCd*CjxBbJ{>A4nNaIZ+W!u#0z zr5w`K=@(XJ+=}j!%oG_)V;w-#U+9=ZDWDa>Upiw9s*(%++wc^NR0Yv0}qe zRPx^~zh9{`1J&-{)--A> zTdY$n&YT}UlgR1CXv_Qh6TrxwVyh{(6DI@29BhMVHkz)Ro^!tkd6A;eA`Uk4c)hS0pqr1_2PYgh&>~i{1jatZg`Nkm_cd ziKuT09Uj$g9Ye37X8hq2&a$bfpc6a{YF3UchcVXmmVGvqTU@{fFn|ds*05y>G`+Qz z#EmlB_W<5h4!f}RqAR8;G$W z;FKm{K7c|gt&6f8s^q}svznECwlqhl;`#6hpTx|4pR@ct zk7>`KV$96L=CREV^&l^y8K#tIjZ@wTf@x;7LGmFr7H<*iih%AT*77(IJq(Za)KWTT zT1sgz2E|0LSm%sa=RB7Tok1J|MAS026*E-F;qg0DHKp@u{EXmn2P;xa;SP6#ZwI{^ z>C319OP02qf1y!jCdl_HkO~EQf%YmJ1PtLjx@`CWVff()yw#g%2*QCrKS8LjwERx` zK1vg3-m2=slo z+O1G(D+~N_nVwbaTS3Y!vY$SMQ&Iwq1HIyyfJ6q9G|kk_k`9W*PQ$R|XW&@#l;7BZ zV1sQUi8yXGC%r~Nw%SZfN53122o9E)<)Pw+p4q6Sb@pyZ2}%%Tm{AP%GjJBaR2vE& zfto>L9utPH!A**Gvn4*RS5SnVgt#F}w5C;)PGV8BsIpBsOcP5CtW-3zk)+-cf-z>< zDM(yT4K4)-LOJ(ZcFPR+=!pqIylc>z~m;e ztA3|puYuM8!_By4%z3?VIWApHl02zYyF0v;P^_=!uHGGZ@P;{UWy`Xo%|21`u%(XqXlX|+WCgW9=Q>O62h)nZ%OLx*DtfR=?&rFQ>JLtb`)83d zKu>i0U~)lN{4u;0BE2zZ9v&4|_4`Off7MLC#-c_B zU3pMbA_OA&RJeIX!UmwjILmXF(=9hmw~&O0CUD{D4k3o7rGvji^-iiW6yZXPt7^^x zA=J&^7Eno*+?3iXL>+E#%GpeGO~t$I`JsvBNE%K>xY3s==_A0@wYm_c_T5^Gl-(y@ zy#f#y^m&cQviz||N_R51vfA?hXg9dwbx|(lt~np#6Gi+0@GkW8=iTYYGj$SIE+N|| zro;_!luYt03}Ud!WO4M+^FpHEXmWeC;ptr@pM(;m;nwYz{{uF(GfI$A;#f6#aFgiO4jZR_??W-v7(rgldLzH{~JMusi*dOxpAQ z{CsKfeBK&PoQ0cV>zrF3^Ethab+yy1LI}JUEl&_vWhjOzi+XBVv;IBuC8y@aQbCX5 zysZs`zr)ib7R&)Vr*wfW!bBS*yO&$dYPpuQn%lW!(nNNSivt`TC?X7pVUeZKwi1dQ zo-;gfHEVeRGb@ieB+oI|n}H^hl3~ibn<`o}IjXuI0rBN&kGjn-(Je=ZTP1 zFAE6lYS{MBt5OC?u1x>N$Sy2-fR+{8m-H_8{F}(T>NKXz4@CwIJE|9y0KMFoML{^i zB-chchlch3XtZa=lLvqfde*R6okvsx8OwKZSFhJsqQ|rwh{M_C9RmaSxZK=a=3~(H zUY*~L=0sNbfOH|34R$g1QZNGse|30H=nnivK^z4vM<#(@2`H2TLN-sI%Uf9-Bdkt_ z#rwQ>F2Gg9;fs@N$mkcZzcblWd%N%#H{uJ#wd*#xhrGD^XWTtSXKY-r=hZ3xziTHhh^pZZ+H0&iVEn5kS3QXlx?kd(L+Edig=WsPg}*7LI@bKGk%x z!954Po65qU_2npB`FkUYq5eN=q?v~_rT#v^`|BNhvWPf5JK9pd_yzV9>4Bygc)cMH zezl|yyNPtid7YJjOUy!BgKlTm%)wF+PBe=gwkQm+zW7SdIt~hHFNK1cEN~L#tuoJc zz*VpXx7ALbm4JCC$WlPdL+Lka;8_YTvL4a%oD0cU6a~OA(WX22WkuSWgg?CUHVR@c zK03;kx#b0SlQ#>=0UY_p)HM-&`W+~^$j9H_xOlu71zv;3!%Y1K#{# zfq)(H2@a#;VPw19Uq7DZ9coM4R#q{}^tk`P>6(T*WLjSq^@DH;5xzFo3u^wfqxRRS zQfCot5bcy+*%TNto{DX9eG^lzlqID^l}Gm`5(ds?5B+ob`WI|Kdh>enwYJQc3E^u7 z3sK-1%A&gv2!^7Bdvq6f!A+nO+wx8Doi6?|j5J;5+~iVjPf`SkE!9a?$8?qyutKz( zEN8PGRx!ISk|5g#gJe1HZH}hVu~H0aE?x?jI!LykpLrcl%KK5C%0l?@`PjAVnng2h zBU#s;MCQ>*QOOe9Y#as}C~xOH((JjWp}q}POHM`4+a9|e^(e{xvqM{6*-m?!ayX6{ zrm-sM9M69@RYa0iQcUwS)KxB*%U4>JxOc3Ryo-vlk0|GYtGJ0Q)IcLY8qUEQjsiG_ zUIiNe#X|595*jX>p@+GJaSR}z_uIXW#vMhibp%0~Beu@?c8@6qQKVIMA7Nt(y&5nk z;ZMPbGUtIUrHS3rPW#q>fUi09L8XPqtq(Nt321+$zq$RDj+oK0eHpW>9!qH_Xg{+feK;xP)k=`aTgt}#-+v| z9^4>PeJ(DPP7sf}cD*QNp=dMMneD^>h1R(vD+B-ra5sp2!#en}79YYD1L6qd1P+>) zJ!UFofS3-*yD{~AG*e+o!paFhZ>pTA|Hq%s(I~lRL_n*98=wep2QaNs;|O(P67nMpni!e#P@o^fI481(fz>_F4rOYIDPr+C`X4%zbuy8#!8&o!6idhK{gWAu zdA$3}vIVX$to%<9sGt^f3?Mo*u&A$aU<>0YrSX5)cZ?IKAK-s_xFX zLioy*?&#aMhjZ;ZD!1F^`+adREr*`V-|6mjzk9pW^?5%T^HNkO`!Ar@Tr242BOz`1 zH&I!2b?G8V&F<};z9-yJN)UZ~6kXvjWI-N8_6boWwVwEWTi`Ro+Y}#cjrPrgwTV7n z$-V_(KY(zCS3$`{0*>1H&KZ{JAEjt|(xdaTAI%a~)EdpVJq-cIyepOWQHY&gvjg)5 zJa5Zf>pW_&D_o+DNQsyDH@3SaL8DY!IT_mJ9vf=en<*`ldV#qQwX%kxt7*Gn~#`t zi<0hU=uJ`XpPJzjcx2j^lb9>_CK~za-8(r$6$W{zv<+X6gT29@WDkJ)zh~7q8UAxF zDs@+aYM_T3qIbcxRllV0wH@`VSG+1yb8PE$i4{9V$M!AtsJcz1^@qWDW)+7bc$rGDqKnYX z1-zDhE|V?jnWgQw3Qct<23Oq~pY;SY(=6-$jG3TNe3Dnv*f{?Oh++OOD^q3$Mz;Sg zh^fX}kJ%J^@aYMZ>qOF@_etE+M;|jhBmfT_;_m0;==V?HU=F5KM5M&`>veH{L^6?M z8tF65U0!xkYZiGzh&bEK^xNI(@-B8s8ctWD>*$VEwlpkmq+qnLX2RXRDP*t2UzwAr=u>D4P{dvVm*6^F>#{`_~UYLj9j#e2ywE(V^m->b#$w z@4t9fx^MOrdsIZ~Qis&Uc}OxkFg^IzRI-&3$}T=U`h>N#U^`o$7{Bkhv*{72`j2K< z63R>4=p}8tE2>>Y&{1*#F~cEvL>px+GgU@Dz1n8=?9S1GoA9q^U;veIs?*tYx%?H* zTB@T>aXb!GzbeuzS~<~4VgOL=b146PI>Z#V*Dsr>?eeoWot0NBVpUjr9)#2QTFvT> zN4WK$Ge!$?4BW>SpWYQT*PFvD*y_vf)y4v>o=kR7Tlt#l?5FsfE$fP=%2wrXD zRakZzHJ!oWzsVBuKM?`HvKMKrkNv9>mS*BbY*1t$f|w(@025wnZr!WfLonRuj)X{2LEjT*s{xXvP{1X<*tO-@$f%D_5A0lQ3{+70uK87cZDmifwu@rGbREIMYOa*^=bo-5yb0Ac| ztSxz=@j~lYT4vtP;dR+~h-$P_5b4B&6TaR2TpWBU-{D9+=Fkxjl3LU6)9J%sR<`U* zreL=k{=4;3Rq!=;MbKAY01%12B{;EFnDQt|eE`)UNpB4_#^dAndqt-6>F>sr7yt{E z9Jl|lr@7#zW^y*u1SAH1;lr6!s&!fs9{lIr*xO|FHkoz;fPDP|(klISi$AIBm;Z@D zx0tI1FiXaEH{KFkO^qn!VN~Lh#kGySs_u*V_`y5}2z!AjW5rNwZXM*_zqC1)E^Y^qJA~88_YI@h@sz{y1JxGCP~xKq;`nR1T#ZoLa67d zIp>od@YrO4Y<_@b{Lj)Lg!Qv)5*fodwX@n4ol5zL-pi|oky zTBLPFOshFf(-QHI!L1J@T)d_hzutDh$n@aMg z(oUxw4k7G-*bKg1^cqkCFQI(2-crx8m=lx)ZF=5)3NeQE-MYSHwPNM3AOnLwd&?g> z2^IQbq3L4vz5v=;8hPOAXyw&lHR=^nKGV$A=Z3aO4#sW@plW|O_*395|5@>y)Yrel z+s-`>HB?9un31>`(u#EbPkjmtd}p_lFY3qc5wY%&x+PysvphHi_y@S8TX3l69r`o% zDIv04xX_$V!5}(Zc0dG0mFq6(Vvl|GmZ0TP)n!jTEoiyz1ZjdlC0qKGgX%x*9_=gUs5^@bVBTIZb%k!D$JWd_C#Y$avzG zH{hXZE6zcnQ!ggQ1GqWGK;2T=8#}gBy$7?pJ0wc zYG7bjF~sOf;B9^0S^--g+a<|#g#`L{ptmFMm_F80+s*~BUmjoktiJ=Nr}>YDr|no4 zdAjg@sKEL;>3WUvCxtx*j9xq%OvXcysz95U(EUly%GW@B7JhB>KO2ESgf=J*-cA5< z5xq1LMk9a$A7|Ew#uaO|_l25IbCl!d6O`K>#U)%bW)d8{%@k?n0oB7aT^=*UQo9IM0fo*TWK|2JHcdhSSoE{0a8xA50_GwFVPy8O zgiSIF;@R5P7AOxA6h6SHN_9IOQc*5}21eJrV_ARfAhCIYT6FtwB6}^x&{K#vqdb<` z2TS4si@v6=>U#^-0pAt&`TR9kGhf6d+h$jB9*!~~21GS)=R{NEpkvA&~$F>jcb>ffQLwXPWtGQj%@2`?PZL;@6IlKbUSmm)H@g8M8i(eBfg!A% zsR!Em!odg(0*d}kaR7pPDL;)E>Ov2S{#?IXo=t1APH4oO~&K%A0Qji}?J~FKranI%R8Ctx$Y20t=D-lQnzy zggXI$_&m1@B!EWRgmx9biH;xe;9_@in=;AM-1V{LG5A9f$)H2{v&=8<8%p3P@S;SY z&|q_C3BdVvJtAe53MYw_AfR4Pb;{1{#OF=%3IZmNDk`wLpv}}j0m|C)iig3&@3`b! z!dw|0k0K4rG?k2GE`}93;x)-uBf|w2tx)a3Ypf&$<3BoY1{LeE3hwi<*rQ2+t6G_B)3NF`-y^$0X}R7B^&st;^{H$ADF>`$cy6 zRueFwrzXe{?Pv42+oauI!SiG(_$kp`Q?d@H{QX-Xl^f`~3JLAP8{Y!|IwegTLUGKR z8pJec?59-hGDvBpk&EM791N8`^faZ@!p*5v7>nuoOT>npKhie4?qyG-eiV%F@CE{* zJPY41rRtkJlX@h#sEtQCz5D7NOmrRmBu~l1bGEhUmOPv2UPlN^QrPyh*dv3iC^E5l zu&o)Gw#zGeo)pR>X*oqVoqfos=bXHf3^|YA5wR3d6F}u{lqTgR#r5G_!sh)Z4^Np? zuxM3y4N^ofE>K7h7E+Ic-j+s8A=6KbK@eD4TuY2 z5e?8X4Y_0Zz4cXWbXBj5E_pv)rPa#sHbkKp$v;7W;-o*+3g1l%Dqqmi&pbNY*upfM zU)@4`-@o)-VAf4u&a-I4clRnk4FZN<^d9Q5BD{e;gB#2nA;D$G$L1%X)g8<}KkCwS z7bmNaBC9)BL3W@uz+2tX7T-O7$x{p=IoPL7XN%ayYI~^Ne1l{zNgHgZE%_HODL?L4 zq}{01kSGAE*kDIUMf=@BEU*Hu8IOWX*W~Zr!$Sx}=b~s2+73wr4qB^kg%owb8XS zEN$~&Hx%=%TuZm7NRmDS6K5gXef-PzI5OsYw;K2#ZnL{tP6&(Z-1Ol??t&)&w^%p= zU3`X{)#~s~5Tw`Y)bhbn=--i+K^`wD&z-$%UltPB3m5$@7eisNXFlKEuyUKEN_QsH z1=_J<<=3h+*;aPdQoh2ysTqQp*FYKbA>S2gQ`LL)(E6-ycpZC0NU(TbBIDgLyrF}K zql<&@%h!?P{Y7hH<@@>j`oY0xW##THeXbQ?kd8V6GS2)k2{W1_2S*wpT+GZe-ssN9psHb1doj*b+0vM<| zSTdH9T%OCg^T|BIRg#LPF0oB0S0JMxJs$YXUq&QoBb6W?!EF;l>g|arO?KOa@-Tgn zcg0td4{}jZyM$-W6FZcW*lGKoCD>vXHYp98s4gbC^!5A+woO*LFNTaA{@C;i>i`3Q z$wzh(;*)+1TtF0tV@4!Q_ncElRWod4sZDZX);9EVL<7EG48_?~bhfw;JV>J#hq#ZS z*g&)*(e8h?0N}xpd_&~u@u0bDmG=?VKHi3Q1^@CWBWYL@6J-I{!WQz{--45gQ2QS(}6m>X5*0hR@S)EW&n(iV~h@WYlGSoKN)A%~7h2ZNW0O34Oh> zsBg=Uy$JBHQ;yu>)HN>NB`r+5y14i=$9ZT|7G!V(+6L?++Pu0eu@%HbV&UdcoXvw+ z80$N%fT%(uY{E}4tu4V+J9$JI$@VS^B6dw(<7qS7W}6BbydBntNOA^1Of-rbDmE-M zbjF_}o3KJjUb+CE2n9H!8K8v6f}j$q1V*!|1PJ@#AKLv7v8;DeRt@u&#uQVa`yLOX ztI*5uBZma!-@3^;G%yk=Y(?2Z1@(e&6bn+RzViryU^7qixhIn`^OMhVeVz&KJEFdi zp;l<%BIrZ$u7QnGS2`7mpos6Cg~5`7Y1&5PP%)4QX(qun7!iU!`g>4$C$#;8WEkR_QLuqko=kOarSI6=|g}$ci?)?jb494^kH!7vFV)mD4WsBzvyT z-PqH?>U@_j`V4)-3#`#99tUojDsAJ%yl1!3n$ebZ%jNqzsGOzub)(NU+jJat zC=?$uA?`D&)fKU$32JD!j0>`2X(9o)8p|eZ<4@GHtRpn8R0YGOKXEF-q?nDy>er0+ z)nnf?jGAR0H|g8$W1BD)sw$cq>MD-Me$`^0Ir>wwv7CAE{xsrT^auohf&iL8UAwFD zrYD3BfBx8&nAfOG4+Z0G1=KHLxAoO@fvN=HuZ^SG4m_Qc9lJl?ObB;sf-~730o$p= zM2ah<4UaUpYYV8z1+L+1f&+Bp7&cCV5~D5sCE_aBtQ`X5Nn>eTVm{h;Zv8W*4n>oR zopSZC)h1$1-?$3vS2#GeXWClRc)jsg|6bllF@x757A4*~j?W=8OzCvC0SC2lnv+Cx za?D0$R64Gw-VHNP50lu-3!bP(0(VZ{?iyS z&B+@PMCbP$u>*!6CPq9)HV z%~%7?1n3EX7SXo%SsMyI{}EP{7xJV)I#cy7`~2k;SmpHluc~lXLK<__Rt{^EfQFw{W7P4=&dCvZ zE`RsGuV8sr>_+UzrZ~aaKW;x1WB?*EmFd-D_sm_lp#J?o)%MO6yd{_)SkcwnLm~nq zJVgGn-S@)$=as}zpPR~tf$;=}!npy+aLwm##F?({w=wK8A8t9Y@<$yl?0Y5J zbLxK-e1E#X0X&A6sMH)NY@j^M`ITfUBaEXU@|KB-Zk2JZpJ~61saH>am_eBXxa^HS zoK5ZsDlN9Xy!P<+!PlK8MiN|eR(tI1nO}G*sOepFB?3_%+FK+a_rC%7d$`XoO;L0E zsfzPK0wem_?Jg%aWDpi40s{p_(XmH{8yGgv3djMPVE~~)bjA}SF!iAGh}8P-ntr)a zX&b4i^ZZJ6RZl(g&&qPMeXjWxm_J*KKln3?!M;v0d+~hgkS6aYmVMk6>iI#rZMxMb zSDzBUv(zKhrQv3XJ(Qu?M|@43gyNH)qy`A=KM)He2mAj6u_$}kn-I{;8Cohi+d$F( zAz)-+_#Y9SqmwfMCo4M?{r?@?#K8H#7J^Oxv-QGhMf~yY4HW1l0i8Iu*OfpM0w53A z1fbPlqnjJL16OM&`FAEtkR9-}`--_!o#z$t;;ab?YP@?zmztGoh6gu}T0vPvpiJ79 zcAq+4%W6DHD7`o2D;prHZ7vwuJ5N!j(yJ6yeB#D}vH}{6Q}M194NS_IDwUUI)rW6l z72rhh=NnSYRPZv3BChO%w`pO+%RC@5onKT>b|VnBm-ZcZHFccSTso5v3I<`zN!ap* z8;R-kr>Y+>pd_8bIQif;FJS;^OBkPY6_g}2P34r3T%l3hy2dF}4ARDvPe z$ibq`@Nnb=Hw||$q_2oD2`(;oRcQG6dAq7DRGJq)C?Uo-kUR`wAS7@jw%VcRV9#?N z3=}}vbMfUJC-$uxudoc3&Em-6O{TWM1KNtWu>BP6UNva?h-d|Zh{2m6y*j@aiZ;-K z#=?vb^#R9{vr8NMgnk1HxXtC!p|%7gTd?u3DRecXgb>3G@-4( z-!7P;=xS<}&xUWFF5ia_AK7Nkp8Q`fZ?=wlVHQTxvij<`Gj+%+Db7IBc7fF)ug zK};s=NyR$ZbAOw~atC+$bicja9USJxF?6+S_-krH*$4S`{Z4;--b}iGo=;{6>vXI6 zwufRTpXD4}z8~)FxUM?SJk`f_>s_pi`3~nCVUD|VhkX6+3 zeRXNW>5ymNLU22aB!+PsCbF<&w8^R0$mP~)uVMc_JyBr^YNSzF z(GW<`aYhQuVBakAoV$E4l9nmBGRqKekJo`$=#(V_nncfV8TSEJ02oFQgqkgO7&V+n zbk!{)2!b(@V{^L9MBiZEWhwFXHL9_n9=6B0+r|z$B~$Rt2hE{AqgIO5QZ*q`JX*xZ z&yF&;qA8?PnEGEl|2bYm@F4xCTFF71wSk}0UCseH+YY7ZmW~8fdX{wG7CkFZTzYqJ zCU#G5BqyTx`|~t!%V#wmU;h0&tDe4q7`rU)eub#?dYj1(n2npNp?7yA-f;{OcP2t$ zQt>%-D&0DIhsz$(qmL}94^unN82i~FOt~`A$Qb6{^<|h#BavG|)QMdcB=r0zZWhkC zggC$&9{NZ}{I9Ak)4-oWVv{}%YkRrCtCAra$++h^w{-k{ZVyj{Y&&aiLu-%V`e$vU zS+;=VIgpvtM6^ZTqGr;pIm}azFoj+WP8fO7WngZt;f%r8VIsqD!?OHfEAy9v&I4JD zp9arPsJjF7&4=UIc&7POgV@A0IhoN$!dg*}Bhg*nc6O(_u+Wk(ip%Y-#~;7U!FgU|NC0S)ih}-3d8HYt$>Vz(1=;C- zk3n1CpQ7=#gaHl>w32X7zfD$U_J~dZz0Tcx>!hs>1ERsT+oGDhu`J)O6eRf8x1o$t z&dD3q7t-0oOPWlTcJ9DD6gDywWg3o~ zCK!yQM$_|eu8i+vC~Cu5f$T1n?T#liFLUbok#`!zlzZ`0;|0MiN)IVgZoiZVOR_ia zw%fMm%FKEY?II+Tim~cbxWzljDrsl3i=wf&>9cg@7_BcPc7oTS+)+%b$f#oXbLt*z zm;jc-&A|&}l6d4CE;E;q8So{)cyQ*~9BV8qZtMZt8OQ1zZC?GddW)*?+{{InnT?`+ zTf;8nDwQ^%nQzi%-@v0s5e~D^e`omM4}kWiD;}~&eS-^`===YpK4JRdI{ohx6?%sM zhhz4ChWJnYOjI`iXQFaiHjBnOkYNM)Hk&UqOH3}mawdg@UY~3Uy)22Pec3AV-Nl4$ zL1TV2_{1rKI4BiWx_3JnY)X8c<+<85+Yu8uuM{^Yx970xZS(Mc(B+n_FftxE$UO9-q0`h7Z!<00*-IUezjH~_`vnXMYeG`66#{u6=tdc?PHZR)aKx#o z=YB~6xljMs;-E_Jprc(B3ohSZ6L}0N>`jPNS^E7mq|yX?Sx;jCFR${|5c1UfiE$Cw zc#{h$fJ8vt!(ze3`3&E#yBC}TT0RD;(22NCQVgv;HW*NvAj_)|4unpA7Y7s(n(%5F z9_*dJfVh`fe7O-JV{M-t0A739w6Cn}qMUcCyy(mnUL`Z*iMe8`z7M_jo&jOH2 zV!*#!CM!j~TLPM`U{q!;z7an3jL=sz?{FEJ2&4o}BMIOlf`i3{5i>KTt>LY4y>U8i zy?y$#t~G{u1fp2w`x9kP?DR!He*ntY^ZDs&>yM@W3QGe)T6D}*)%jK97lDCFYfiol%+IBEKASM^q znKR0@(mf7=-qEG)3m&JgI)%o)f_Fs>JsC8g1i#FFUmrk|);TqDr46opgXtrp!bxs8~;0A?&EHSCV>7 zTI3nlTV<3yk18b>VEp+j@>Iv;adV8-aA`UIJ-kV4!a%(2x3M*3^O}5yIMB6(Xf_0L zyWExNM?jDZhLRB+_C+`q?H4B2muzu!%FhLq#w|QTqrIajVh3o-I0&MkpF@khcW2!| z$gISfc*=T;h9d7ih3pVz;xQ?N*9kF9eDak89fc#;-99$qc&~QGm7AN2fjGT<{ zj&Dht2ii4Ej@E}LvFq@omBt^pqq8b-TGP(h5QPHTambL4tZ#S0PApX-2=%I03)2WE z_zY;(@G!p4C+;piFVMnhSp}d;LcNQkza?f^g9dfy2MuRB0gJ)QPh2l?F{>9rM3eY! zdBK{lV_<8B=|M>&0iy!Ox-}~j7-cB+)&Wz$q#sDCs|%12vhm9%ud#3wMPiUyji+4B z^hFQph2k?&TVd8r=}12Nb`;G_7hO~C64V`u{uHMNqOGdl&7JPDzz? zEFB0O4C9vn7E<^;&N#^2@_m^YT@U(K$0}}n0r9?kJgJz72JN#D=%@(x7C2g=;u)CQ ze91z+Mv=QcUL>(HKdu;2WG)7{HZ#7R-mSkBoJE~TOL-AKhX61^ZsK2E1HIoYTMXz2 zIlltl&peb;PvkZirTEpAs<2rf^?M1~-MiNph_scf3}Me z-z=qQPyLP9wZE%xA%QosGAKXlF$XrScx5B#(=~00(KS7M7jrBXpxl!2)iT%;$$OgH zTZPXQl^$}S0}D10e?$jb>RG}@1&HH!m)?Z#My?G0iE*Dx<(7V9C~9!F;%dc~+_cO& zHA(Ej79=2kzw>;(^(B#n2sP9XYw~W)#8-6+t@#`#qQwWmtDV04(O0xwooMG4QKm`Q z2f&V5w39KI5$GIR7$1B};d69p8fmsXvs9ibd7q19AX5emAwwxvy9QehLqo#NrC{d^ z0G-_XG*<2cGh7RvKatN1}_f%t*hB#2CT3P{H0$?ZAaGiR0lsB-$;yO z+CUc>7F$f>4P>VaJ&i5OE_(*f2ye}EbN;0nRzxcK%S1{`LtL8G!yLO#xQsW%QR;xW zQ2ck*$`VrV4ao};0&n~DypNL%Ev_`>Jf;k(=b7wU)eLnm{V@8#PBpfNW?NU^{S>Gu zx{OBpaeWo54MnEPQi}KNQz!C6#+SZ9y&iO}a;DD}8gNfX8@(aeQGWln)FA73k+_%U zp!mb^y2MUl?39EEM({Icf-|k+Iu=sf#Bn`=%=JX{=>n8k2IjbYHb#2fvg`)t=`%<5 z@e9l5hKEKg#E^i;a%#QrIuMlLcvyZxX6^8nNlTVm^dd3OJd@p|0PGN_lfEn-_3`4sBcd|8#6CeQ0U&s>Ou`T92HMT{}tQc#POhTUwfi!9#@ zD5l4)r|-?irwJrwqY+T3z&8?rk`@{K^?nRW48e0zYWh1}*Brw?*Dp-}TE8%H{Qr=6 z;gkE}0}i?RhGSWWp}$|Q-l=`5Btnkl z0zF(o4x^55(6sL1*O=JOBrkk?!D0B-Ic!_i7+2gG3Lv9zRU0bWI`G;xh*Ov?zugh# z3uhTzu1u1}&;DF|Feb|Jv#DYcd#XqEGc8DzmgE>8K|N0%Q=n!iJub;fe?+gIWJ+DX zvEbQTO%R#MYQZqxshh9<)#$~`obd}*qE5r-U)9zR5dVLxwpbbd`vYwHE#sI$kI;2b z7D!$NOr5qo_9! zmk8#?QO_N{9Rm0mF*FYL17h>kd!X^LrYnpu6|?1QXc$y8RwHteH&q}UTMr3}ClV{= zey&E~vzqnRmB^?W7{}t%HVB8)fZ@~wgJXW4{ zex;kU-YV`)YLqM2^Y10clVhLMoY71}se9^)U?=&!#Ng>4 z?uvb454aDu`nZq1m~ug#5(u~W%KqK#obU^APX8Cp@?1#Oi;;zhW#dvR{;Rqm{aS=0 zENt7wYfA0=5+Lo&ZuXoRhD~}%R7t#8kozDyDAag7#k)&}SXg`s6{Fuq+^7QM6SuNB zUTtskkTT~pKr_(le5OzuUBYMrI3@ApYxz0NM(x-t#jGK;Uvbnr9D~0vE*NF^8PSH; z&OG_GMknH@4uaQxIx3+!(x{U*6WS;K=DVpK#f4YT55bqek&bOo4{+sCr&(ih&9`fG z@XfBH5l^n=n3kP%JMK4!LGuXuk$~H5mh+#&H5GnrGc)W z>-9&Pzu2K13ep%B+Dj~Gn6^^;w8e<99$Obi=zyx@-a948QVe9^CP>V10iKrFz5Tg~ zOX_u#W!gsD<9`I6)Td`{1^eg+%T4Q?-W2Q~4A z+$6K%Q1`Zed?z&^M_Pq8LE%gZqQ73whv0+{a5yT7U=@`Z8OnQ~`&^UotP&2FU3^yA zc36!%I7tvgq?xzhZ0-X|6}^BiNqmU^b@&|rQmSBP_^<6By3jXlGQ=OYbo+>^$DL>= z=`S_oIky_iE}Sc`s^`c1p9Tenc7e8=eS1u4+4=338Y_}Wj@?ond*D_#JXSqf`fWbB z32O~v+z=lL0}xI7HE%>)@akIpKUZ)??WsHIju)q)gM(P^ZA5(|r+*dvN{Mu52nR*o z-k*jx3?L@W4y7PW^^Ayez0i#WzW(-M)s#Lyh>2JM3l0hm4zR!;M~qJWCI81jka~P- zN%!s4to{^=+%1R@jaQ|Ym5sWoF&iHyILd3&_u0jTM_qatFshI*M@#lN;fx)Bwa3oW zUwhg_6)v^Av3G*u;A>6Iz?UIej2wUS+mp48L4&z@IMgqVK0lx@0dha-c7N{pV`&r` z0$FsLpB@F$6wO~eWp@E`2MpWrTd8dy9_kZQ!csrLU^*(e?ic+F8J^KsO<^~-(sc@F z`l9J4cWLKzw>l48(z=?NubT1MdcV0&pd;$8{N)abrOIcakcT}Sr{L-^cQdDjBdux( z^9J>^aeB>ycf51|u~tum-hSa__C!LK1&YLd)dshbx*qCkk-GuDSW!9PPp5_aCzyPt zUW|ZSh@w*CQ>Fkdg{KK$1;nOmrR0O7Pm;IoyjAv!`1aBrROXoXWohTHBcNIPJ!`s$4GwX8pG((mn3IF(@J!BP90KNDCfvY@{NxGQLswf+%1#lIT=`^UbRYyG3L+`%oW!we zp=pwD>vUi4bC7O8mMS4nmjnVrMynub>T&0GN@UAETWiAMKG}h2D?M*Y!dj&ugHbP` zi)QvkS&)N1z~ek&1(id3cX}>0Wd(8im3e{3yeb z*~WbG0X->!NWuH3GFB?B9F=)d$~=wPzw{%aj8jyl&V|yx>5zKnB=X0TC?m$9Y&i)Y zX7jD;^$ax$)zS+P8c)^U2*jEo+G{I#PXj8np&$=TlI{1i zBni<$KsmDC9N_P4EHkO>%all6H|v2gNu8~AZm60Ruojg&(Z?O>a%YxUryLhdIZVG& zP#pUBi^i1|DL%;_AeCK90|SPAylXB2GXycqd#-SlH`}s2Lt1Z0I*;Nw%#LQ~KV(;O zhDqAvFRltP#ifQp8;=TfPfolzw5e^64W~c(QdAePw9(Okn~78VPCc1PU%X3C{h|m{ z*R54|wMlQtR#t3_)4#Z;u0EYYp-D{S9khOjVGM^R`owK4t^OH3jkA7`vQ}pPQx^9I z?J3K7Z!xMNdrgYVz1by8mF0mS! zyG|<{X8)&uuhHsRF4dCLUba-mtMvCnr=AZz(ZdZ(qF~ENqi+qQA%|OydHl|%E$8xV z<1Uhz;fie30hE&SqOFj1Ai?D6?j&pGaU>+)7#rqp$qZed9m+)!&5ZV;H&axM(B&_* z?KM?WaptXYqqH^2aybM{?qNRsO#9e{QsfEezhjAls_d0&(W3PXDWI#e(w6E-a4gV3^ znHd=W_o9%2^@qv%KhOVp1b3vS`6EJv;`3ayi|A^h@{4xAZmc=0G0lqAz6IWVB(Uz1 zKEfY#bE0R*k=Wlq-iq|hrMQ6(KWKWcEk`bYdOB}9V{OdgX}<|URyf}eeA?k6XcLl0 zqEnoGBFgcgJHv5DWl2Ltgh%&QzMXD@Q7WPJhp8$3QGA@)o^t|&W+GBX$@F;~YqRLc z)UB8nZfVT>AKCcVlB12ailfUL3}A)QfyrfDNb^(T_q8dqb1S|7@H9gU??r0XxpeUN zvN%>6_)Hed1t5XXDE9n&mjE3pU+%UJm$adnBugQp`h8U_eVcd-*GyD?n`ajqXIAY~ zQ^hC!W&k7MKBm1D*+SMbGcjOVKulZX-nJxio99_H?`DdiPC$|d6_pC->7Ec`3aN=w zH(;%pcgv#a5NP7MRM}3gp{~Npk6KmFYXB=jQi0=f^I)W3Mwbg<(dm3Lou8iTtsM;J3$=#NJa`<)OxvIIeuL@L)C5!1$4Yv>)2>%?SF>3qBJ zwM4c=G==EkFpj23EcHQS5ADw(x3+2>!$k`(@|9D?K0oU%1iT=v#G#D6StZ1J z1#*Uv$`K=`wa?n?LNZJ$lPD`6oP=ZPVj@cNmVEd$9O_>HRk=|DK|vng_yfrl_uJOj z!E$5KUc;45SxCKCbikJ&fJOSuT9D#ZA>vfUjoIxy7pw%KU;>h^U9OsE!?sn~V}2~S z_xjPi+htZ9|tHS+Gt$uPCmXKw&juX7i^0v^m2pAKQY6^+N@(pYM|b*9C>@> zXuJ-hHx*Q~2Z6MhWeR(5vBc%oVn#&Z^820+r%&07A(Y<~NIe6@eEUcb;ZNzBs45rD zQROl$FkbuqXn|YR3*PB@C7`fd#q>7x&~fCQdNi6Ls}`=ZYj}VwBvK?{9J~Wam;L#=gp35-r81 zQO`|NuGaq6MT^9RLKDja5Kh>g{>GdJZCTCsl4QQs3)gljg zK8GA|3XTTN5R)m8=fLc-7xD!vEqx>QZ-wb(gRHN@16g0<0{TFhdD=yS07AMuk)^&s zB8c;%0R_7PwS1!kjg1K5+nSvfi85qH;D+yIc0ewMimvI_xku^4RB!xtv!A2c4~#CB z`t@<1VqmrdxE&D>mcs zunJ(i$Gz*tRZos5Dl_q8)!=;C?*!mp1v|;UjN#qcwAT)}984g7rDef32F;~_=A5-| ziDy%bM!k}2`#$9`T^0IXU#FDyz!OI{o9kbVj#ITz*N@yABiLF3aDp2MY@f&Dug-0T zwW4zsA)voK&BJb^Vx9Hb?ZgWS;8MFR`VzKY%CJhQ3MU-w}WGa0>{Og+`I8n%8Yys+z}C5K|R2M#db4%5SVr}}GR z>2YcEd5cfg^w$cy{6yH_$x{6NRf67rr7Lg^2k|v}igg*@AHbiltN(}Z$QG}b^i=>` zi$Kc+rZmJlJ%x59jS6wG8U!g)-cw;cf{T0xY3LNvRnbR>}>PocIPi##b{JdW*& z#vEPEG;J+0CfFBbf)QZbX0n?yo*(XB+!XL?vOA%job7=_w94o>kXR@H47OXGrv+VdUg9d~ zaZj7ewg!~jaTq4HnT}5O+JUr<97#rNUlIdmIWE;3y!0E0&A;*-R3Jg5F7OJ8W=u1PpTawC2?Kaw%m!CfL$VT}R;(f)9}BTl|>% z``%D8(ZDwYaymeSScD{Onf#ZTvcHjVn-~qj61@HdWm&j0&L|+#{Ovn!?oFt zv=?OBC_k1HQ30IJhDHaw0ka5dx>a&)m#^KqlX5~uy+vmaRC^kp3RGK?9yM}1wYVmH zy$baxsi2)QUB)`K$*JaC$9Rlsk!tC-q9I5*n>JuPCVOa2To;$75X^BuuD$qzUfQ~a zaw7`zkjEqWw63X^1H1;i0d1?e^Uc-wvhm1Buu_??$6RJ|Xf>WCLPiPXz#$i5q| zbaky1_qs6wQ(|hL%yd0-^y77?uA3CQ0j14z3+e`h)rL_o1t#mdXM zvfQNlQit?NDaa+%*nWAL+?M!;3<1waTSID+90bKhmbjapTT;Aew*i@@A8w1vigsd; z&tJMAH_Ka2saH10FNz0EPJbPIn6?_0^5pQoT5?kJb>K>W$Ojz^J_5=w0+~=m%zqfxLKE5o=Q-=YT=&53xR$c)y5R#H z5c5z`vg-LGdnD5y)j&aPo%zwwb>5(<@)4|&)ahE`A-}y;i9kKr<(afU-@H^)tO^L^ zhI)Pedv{Fu5E<5|`BlqbKID(LCsMM0pSL2iR9;xwA(fedp#t=NhuHHg&6mA%G}_mL z!Rx~_iG+`$)v1YQXO-m1tbWH6Lu;m`pZRm`dP>a0dTp5akaII9lvY+rMwo^Enw;eThZKT=P2~=rQ zh6{iuAz6L)67BFCC7#cKLEiZVLHe>_faRl`ZJg^c73}m{AeG?fABr*CM3CRe6NsY|7zAKk^d+IKzzs@P|&xd z2g__^yaZU=9p{ZS{`Ewp#TT29=a;}ODlg^0)A7^*UQJNGmya3(?LYrwQpt=InK--x z0`}5h;rm`oqR%`7SMXE_LK>|Cc@Pr!ch4*CZqR^Casxd*JvU~f+X&PXL?j>}xjL-W zg3DA`VZ}4BYGt<+fOAiaObvI0K=M-hTL5MlKCuqFulcqPso6LuN2%iLjsg*Adf=d= z+%lsIIxltZ@+gsdx#{x~@*+h0NPne{G{k=4fCWLzl?Gdw#hDVrrn~m|@2o5xgADo3 zyaJYF7mr=wjtR7DJ81fr=VqGTsufPy30}EJ!)Zm8A#4KQBk2lo?zf!?zs z8NZaLZ3xf9fK}1rsJteeUr$ zW>Oocq@~w*H7Jiw*o&-JWCEvJiU><(LGeQ=aZ1?MG%pWG#K>1$?hS(j|NGPkVIbP^ z#V}qZYT0K~9q?E})fU8gQPo3<)Y4XZFz$CR0B*0sdSn0+Gk*Tsyp!`%jI@AgT3Ob> ziY^Sxg&jRf3~USuJ#DVF(48lbqo%u@$=Yr}4%cV^BI%&%Xa%SP!;5V>{74`gJ1+hck4RiKQ+ulH!aU3w|nl?~P|v!WrGCpQyrrXGxgT_L|f)e5{B z)fpW|v_kSIbL>ppz#uTll+Y4tcDjIw+m+C8`6jF-R_(^(FqoX1XO%Ql@3qC`+k|j( zI6hGj(%(}$P01hU@@VH}I5}mK##!}rAPNC$PVQeGkN23JcKnyi*d*+bf49!} zk-$M`b-~f=l)-W)E46zKA!jJvT0A=XWnm*B#A6Vn(z0<9a)aT;1{>%or0M&q>!7~Z zYz9@bby3SNHbgC542N{!*QZa@ybp6((R1aUbxo2Aj9;4sMHdtn6^z1*lBxD?XN;{x zvXKQ2P3eL&M1Pcc8nZ>8j$2NJ`IvWgaHj1Io>!VmB&9K)lPjOkpQrM06>C*rp0^Ngeykdt_}@7 zhu!Uk=rLC}3y zleA5d`A+rB2(2=fPxU7!1wdyePgaagOKjntw__p*PELiE+7d1KfJJR|eqY==W}9|Z zH#$zd4GiL4Y}1%EPg9h{$ruH&%N8SYf;~!WLK!SD2=;YslBz6Fw21II@=94{~krG9>+nO14(C1EAj}o>KaGC?;P@BwPuxp#GqQ^0M8sFi)D9N>6 zVu-5Qv_y)RJCr$+`UL(tVzp_^)kLniOv4W}#2Iq8fuJ#qrvW%Fb|V_+BG60!h+4;D zhHXnug2ai?(~Q?8Qnt>gANVuwR}5aS(8v)kV!Dw@482u8)DI#kX4t@w$;s?*G+vQ;>poZWDk|5$_n^b__7yZC0^wM<@4ogbR&T=@R%ZA{@g1-K=P=KA{eB9*GYjMm9ED4*aFVuMK7ANWHpu9$ zUUI=5TWBf)Br`*?TcywC(ZwG%d%Me>EVeL|m^znQ6x%}2Fp4i9WVWaZ5ZG7E4i@57 z;=;j%lZBn)AUXDF`F2i26uxrqK^$x9otY)wy@zF81Iipx-q%dUwbX-)b_)!%ak7Du zNsQ96_Z$>N)(|4#MMp+GK%Ba(Seog&Iz#Aa*!citt#v<;B(^=+g*QNPFFnb+f;j+a zRG=n5hkKJn;bEKk$t6fCX5W>xfl18-B<(k04&7_1K7 zz|KRaDCyHIoElbzb7g&0&0)#Ca+1!9A_SSp%16Iq!0@bpIf5Wt5?M$sykl9&2$Hyr z+kn8S3QA^}f;--mMz_<^MK0!7P{H)wb7!|sXXG&o;{L9`B!p4FI(B#K^i%tGxRyB# zsDjldBdjhnmp0866^nH3jx}tPGu3X-^e5EyYlg1YlCcf9p1e_4cA9z3LrwAS<~P_a zPshKUsF)c4*HP#H7aM}@hZynyvLXI!`MM(wshA%&ME6Y1F2l6{fX5vm1lUI}DIijB zt&?5-tUxljKY}5dS{1;_&Iy&QW8qpzd(*jk-i?l?P{eZ@=(l3IC;in#TqK?Uga zv85TDmIj^z5Zm1r1#6PS_j-WcUl}#1{e{4M03F>acJb?qG!TkoLz%$EZlZ?VFmLTZ zPV(ovm)@$FA->5Ql%PgIHKKz$VpTX3N^Jq&a;H6gpsF@1U|mh!{35-@l->dbR$uV& zA|)j0@CvAOCMj4cX6WQ4Q~&BJZm!0OGdbV36Cf69upjdn>D+>^TkxX?YYz z50T8{V@2G6C53*oHIqVflzcS>ZMqh?O)j|>l!2-#c%eZCZ+2%2?j5cVW(IGSu4?R^ zhYuu*tg7PIN<77VEh**zS0_ukP!4F9^-$$8t3fCS(y{$TytTNlAAl~mg+d9j7#nfn zQ`taZ&prDp57NLVg=`Jq5c@P7Iu`HMX>!!}w{ZluwDtyk!Bk$2q7KDktIy~V@LdJD zT$qe1ynO<@VpkEWI5g;Q&~&s_yh2p+ruT}O7jS!FEed=%-!`C?HEp7eX;-NlKVEB? zdV04Db7KK{h|zyv*!c#u7P2P!efn{}RnybG>Gk;t9C-i4E~^N#-2*3y(_NagVX+XkMi?ek5w?#(u? zUS-ew#&rr?P50I}8m)F~WRc`SirVQCizt`Loc~=$MFo#Z2RA^;#Dc#gp%nsnpRL5= zh)wg%&ZpNx&iC8#xo*Z)%ln0{%Zm5bgTwpDm2UHnwxX|{g05l0ZLGMRlmv+Za;AP$ zCg2W>qP5<8vE{S->X-Sq0iIqeU*}LS+j|9{Xv5#63M(7|hiI6T6O%axj29dp0RTs$ zh)Ie0<%B{)7>iv>1q8!UxjHhyU^i#cNa>3(g&$5ESrXC@14bhXj4W5fkmgMy`D_j( zRt@cnEHZmC7ea^NoHw*#0o}`K5ob6@H0!iPWGjR#1=P>&dl|1QnA)`^_Ux{gz&QZY z968S%ff)jKkRJnwya3pk89pDzV6xKC1dC}Sb!~W()ufrBAu8<$dHJ7TnwrS##Q=Xl z_ECSKM#Ju!TOiuJ-T@FQb5w-XD}?Dd#F`X}E^2Az|ISVzPFfq<)`xOry#rtu ze(DfA=-@4&5DoRJPXWO~JdBB;;G(0fmu9KM@7Twn3rINl!=B>>#-W#>{<%a64sDUr zOx_gx5ay2nR^(q85u}#YSpmRAqBX7F)wgQOYeaEAtJ3)wc@l;hfwU^T_IP%vH!i_F z$x%~5Z1-wA5#x?_d>uMgWfrsFfVgeHB1fH>0vaD#`md2^!39BS=rl#hXY|w7-wb+* zK3a_iX*FCEi=1U+9|Kdihz?`Fi};Bq8Sb^dY%fM&+@a%MxY@zu_1!%dt;PSine6 zkB8!JdRXwkoH3)3%obYllm)f$wwmaOZ`bUqxK75axn|{@`FTxD>HUDp!&8EMq(S={ zbAwBnz|5Krl*UAR1({{k3-JC*3F>apLHl92)Ara)T!j4)3s9Wz5Qlw%cf->3U%D^Ph2ZvT&=mI9&n( z%{amP6Lgu@PC(0Wmw6x+dmP-YV&9hJV`O?T(jl;fF@$jjIb?$!Y|Qo^(R(nAEz&Cd zm!ou<6LcPonAeswq_5j{Nc;n`nSJ7}H7mpvlr^PAp+z`G0Fx5YB2*24brjIYu;VK& zaTf!|Zt!vgx78fLdQWI26nzx$jmQP=6;MQ)G(LZO#gRYvR_M;t2COIzgYQ1VDG8p4 zIcFm_DLhn6yNgQB(H;BR*1ESga0SaG8`qY_U-y#2#ujpi`X@8vj9(On_@wb5dcl1N z6W&vuKEH%1)5(SB9CpRykm%nSSmzN_fs=E3*po=-zqsq)=WtS^kmT(7;e87D*y0L_ zkUkV1>x;;aiAkV`(n^u2uW=Leq`@eByrB6;h^VVjp+4e)gYCc3xuIjMFwqUzh@37o z&gVJ2`S)@s=Fszk9JQq32L08HBpppQhWuGLw}3|a)K-`sn_%eYsEPZyjtSgIz`bFN z35d$j6ci`N(Ha?r*>hDMxTuX>)kbgVFMZEBG3?DTXiK|2kjxJSiH-c{^V_-oR-<|K z-D%HsF{)d*eRsGkmc1DIyU*`DMf?{K%^`eaKtFr_^ebT+)hndocar794w8e*Al;Xy zD*AZ#GJl)vxDblM&CxHZ_?ts{?Q|h$3Am*+>^EHxodcPF^}4M8>U9}e{_9@%N=?S` z$A7KsLiLv1L=ZjaBQ^U698Y{k(3F&LbvH|FWiJ^=DM4cI~eYrv6f{Sz6nf}?Fnx##DEKL5l?1mZ_8`D8p{Sbs(nA>2Q(7F1=R-5v;zCA@n zy#p7v|F!1AIh({jAt@M>J%x7Y9-h`e%)Ko+3Dc)(Oz~CGyC<H> zwoT2_rp!B-p%tTXF%JG1xkLmg=0BmR&aBQy5|&UToMj8<04xzc@MDCumk`oTXbulF z)&Px&2~&5V00)NvCZMijtv7K_OQFQEeskG>QtaEy4#uak9apTX$8m{)UI7s;KicoJ z28*Uk#S1N53yw3}5jGLe*cp zZ*Pa!`$&$RK(9Q!Y>!$ax}0e#r^nqh9j@s|QVWL%pv=(H%Kt^UhhQN`^UBmwV=#0+ z#yp<|C}Rf#%Pr`iCkBMVkOc}0;@wI5bTau6wf+4(-nvHwyftI2RoIr2+~l3ga3Ca$t?O;P#_P<%buqfc9WfSAc=^#W zWtlm^ZIvtp2mMpu4U2s-T2fLiaf-in?CP!NyF_5q?`4~sN4%@W_T2i=PWag?LV&*A6x;$ET7VytQXwi^T(lJ(h z5F#)ryCq22s{>cNtE%bY2%wVz_BJUGO2%G@HQlm_f~Ti#OQv6R9j%54x;#zS3W8*+ zE_kZn`Ii$Xl~ zOX~XKo{Q3+LdA`l!hje!jI5jRTk>f@7R(y(G|Sn$_cWJA7FYy9mIo07o;`c{F-hw_ zG_Y?A#R_)jAWx2%cJzwv(oWa4!FX^CA?Hh~C~K`R;P-Yt{J(-G z`@e!FEAxNdvt6lcCSHo*P6Y zboy+bS^yX%TBEirzZBE!bM00^cR0e=L?7(L}@}a#S=>V>aCUR z8EuvA()!ZQBD%tNua2pC_VNWnHfXxU6T|0eqFM&3=5poK#Ke|3_WyNHg**?GDR>TK;|($8Fj#H9bo( zQIN)wQTWnr9E2ZH1@H*lXpEovpfY+OUox8)>PUr_`{q_vI``)xP1}arQOdD{!np|Q zQteoG*yPY`+WYFIq_R$lg2_t0n>9tarejq{utmlG15U9t$d#3k9^J{A z*VHm5{Q_PnZ(sP>M!Y?ws=NK*TFH@6#CZ@YKB0w)e>PYt3#LM|9J>zDJ66oUx?Od) zn$eIe!@iIlM4lKlFynO>GU}b_TzX*A8v7d1qMe`{--8;6fr1yCJG;QFUva{VkzN(0 zg>@4HIadORkgZwtmbT9Xvy_G$Sju0NRGg}RO@8J8j*iP14CetUoj1qSE5$v)%6vX1;bV`b{Gh^7zOt$?dC7{A4seX5|1V-~ddPAfFgj8!4S>WedB zQjjaPz_1zUeI+2{kvo~?RZ%f|bJ9RX{a#IuRh*C{eZ=&jy9sKO)_XfRl#vn0ak&wd z4|F3eIALNysi^zT9xVIH#o8LYYd9X7=@3%(=W;~=)r7X9vN_Fg@P}}9Me{L0314eT zx9b^iRZ=gaylon^N3LWmIAWN8?=zI9f!J4Cg^Htlxeg+NAPRnqW!^-wd+wr3b}Y_G zHB2g&w8`Y_Pvp)jytU&sg@;-2LfpRBx0I0VVouQqqX|4YUhOzs-Tx#Ricsgp$FctO zs&eZ%vMQEBy41JYWD{5tZho(vzhdF&^3V}Fj?4og@N%@z_GeuhRS~38!$(`$(oLvY zPc68CDhq|IOhdGJ4e#Era|74#q$Cy0=F*Tdnw;{rxX{^Y%=)op*cX+=`Vth*x?9)JQ)ST4 znb}BbHgbyOnwahiH~s{Y_i_97aj35iv`rS8K^uzd>5DoA7Q)4ROh$p5!ZFye-T>nW zUf%3jf@@y4$($I!H%iN0IO)O}F?{9LY%!<)gn+ahk6qX2vLq~Wrl7xr?W6;U61aYO8hTpY&KtcfmhtWfVdI2UP>5P0M8wOa z=WGarr(C$SZl$FpF?#G2-CdTDQ{9ZJ)_FHg!d(Mqc$~929;vXAh5r{Jxl}UzPq?!gU$vNU9n{R?$&$UR&vNGw?r- zeigoN;ba0oGDP_(%LLb(>{~(VGW4?s1z=xIgK{yK03kPCLDxpSHQE2KQcR z_*?Q_E?~P9bu!4eWb#cI7|kC#1ypX0KWpwx-I5Kaa_#c{21*YLPVGeJw5SI&rQFij z$+q)mLj(G8eD@->cfX_S+>n*^g5*6P0C4u>JTTh>P&Ra)@{i=jLeKCI>?J$%e~rDI zQeUJmA`QAId~HdaeeZ+n=!`$426j6=Qcf&j@xS+OFO*@YeWc;8SLiib01uF3!d z6PmJTwq3NH%&)e&)ZQCBc(Ho845uRJ&lY4eX>u~}hStyCx%;_|X0G+OIn9hHw=(v` zyZ??PTZG>%m@-KkR7f)_OJk2S4Bx6T1cFvw6FoM06G@^z%xlXTPl|*x2m9G?t-dT= zKA!&Q)iV;}!@GnYD6yv#;l0at;%fW!PXit6a-rAJ+u1ypHw|6BO>x(x z8L){T9wXIAOd+(oeuJVQNU$K-Y3j*%0`$G+I+4=W4-284Dhsdp7uj{?0*a0 znJ$?b`uO-{AH1F$3Wgf#kv;x}7ab#~U)b~>3Oal%^dF~W5!8`-@@v$Y%!kGPE*=lZ zC!4pY2O}!nHN+e1#&uC5mlbFJqrVfWdaAFA!39zBIQ2Gg5x(7=bTP$bB@1V%(9c^= z6-ZkOXM&j8-Q`~KukaDFInoaWbs<~u4Jp9;4LEl(%D1YqOtJg0U|&1KJ#Mb7Sh3kR z;@>)5wZLw5Q2DsL$A4`xQV?u47==+D@cpnrhjHy45S&dN-tu)7ND~VXcD?!`ps102 zr)vheyVo|SS7O}}0Vw*at6-2dISyBaSvJLvfsRqZoF?6#w~EF?CzrF;$_(W(MIWv5 zo@p}NJ6b3J->yKvHV%NGOEfi~^ilW|BA6TRh@HP}WV z0G9Q`w0i$W_#{to2$mxL1+Ib(TvZJ7`zM8u88g#wb5(&5UjDpXR~-3qU_i|9 z+>BsTNdAz_d-g{B(^@PhGAZA!!g6HQq7v5E#wOE}4_CU=JmJY#aOVL1I?l)Yn< zCQ#Q#*Y>n+PTRJvyKURHZQHhOYudJLbDEhq$%mxgr&3R<&VRV}xoWSquhG|%nio~g z@x9Cm)@={iG}e7zq}Z1Ar?`fWxqv$VRH(wApbPfy?lp-T)4d#Y=-Y1sQnd76bc9LK2^GC=sG8<&0*F%_iEwtx zzfnEr{RGtC2{bI8xptlNQ+WR#?nHvH1JOBbmVMFPu@v6f#TZ zs%sMcjKf}6tFGCpK01zOqALq6P+Ga!tQjMY>vkyrj3^?8t3<4P`has+bo#KF!gvMH1e|9tODC3^OoS(R}da_S-Ix<|fh9KrvjK zR=hiU>m1Lkw#IB5=OlyACBy@CST7AX$N_P61?fcm*4Dk#gjY9@iQ@5VscAo*k;vhc zd)e}eq6Ii2(YzjLXb38z;N*Y5sVwVqdVs`LBKhy~$b*hkln8-ZJB7;N=1=YcVJTmy zvma_)H|=+T_ODs+%L6iszw~y(wod;khyO9K{|k&|WMliU@wQ_Po&RAVeEu;I^Ujtk zAf$VYE{oRx^baoE>tW4@1B7ETHizI_%|E_%eEs2nVsPx-I-BUl{P|{jI#0K#qjR_+ zxiNy$76+nMdvAv+O!1vcVacDe8NvaGA2TdYwqbTUaqu3TrzQ#=B=pgtW}DYk@=09u zY!?I6H=gcqBV=<9D%Ktq_ zaA9&C1Y3Rs@}N^Y+~`jZ#~YKn7LD~A6lYA2SBtjpuh!D-Ae z0QFJ8^yb7_)&#x=v~s7RX>Ez2IXGC?GRUu(wmQh%ndg~U9+fWGqWV|cRU%mW>@LgG zawejfL{s_+P2d1t;wriu$T}b95M#A$h(E?)*G}5;z1{$EcYImnNRXd<_dp zl;U?a);*F^H6js$_@ILUP@mv%vit`EIS6$O*Q3JG-_iF4T_jw~zrt(_K%&K>boVgK zHR(N=9tMz14P5sHN|e_!OvD8Ud@%!UjFE*B)2*@-#x^piTd@?QLz~`@lGY?EYsw-L z)}eR`{t~Dxdt#P<&_n{GL1>EdbBb9J=k_r7)1lNUURb|MC%YBDFuG(bImvJI<)5QO zKFFCE8BW}M*4O>4d%|x;=o3?UDm+SUPil8FiQG7LkDjZI;-QE; zs2imfUb<9ywo|s)gqrrv`Ck9<5C;psfzLoyM^;Clm}n$7vDQ@{&48C7{57gxVIqgD zJQ};~Y7leZ(hYc4O4kmd&1X1*BK}=9U6=r)E+&?o4gp1sd zC?Nhw(Q->iMkGc~+L>SvgcgO5vd~)z>8$)PSijR0uPaB9Gp7H89*Sz8-o44RTl|+z zgLiPa7=OOpeSK%tiM=8{9W*`i!@P8o8`ta`z>4A{SI06?&q7(nC#kQ(f?)%<(M* z_S!6YmceMAlkU`$(~TQLep-ir;@O4F!+C)-t&cZJL?FFQ8<2=~JJMS~LL?KLQ9)9( z89YhD1d@RM*=J0;E@`2M4@(QDFb4wzr#l1ZF0PDw+z7CfXE7DQ1T{cRhIlS~VzH4? zGu4b9xS}!l|aT1kC-43N%81I0bw))iU<>SY2EL^6E`|nI^h0YU#bE_)I=D`eJ}bO zOP|>4(naBNY7;8Dp>_bx~gc(W5x5}}%)YNxTMMHy^FNT&>Auu6#{$0~v0Dl^; z1Ryh4Nlp*FOJ$`B4gsn-h02n1ah1>*+f8lZoeb<*9l^BBu_;G7F1aJVfbdRMqJ&yL z_D;!7%3@P_s=CGjGmF{h3F@lV45Zl7~^wERn@VR?wKu!m$)Z4wCj_jxO)t^{u zPHR5-jbf?g&p=HNs?rY{-}YAOMdwY_m;%X~^!LYU<-OC;tq-`BNx!nuupGr{!ov;?X=iFS z(d@X&UoTj?=1BJ3k}~!3W^L)b%$8(u(frx5UP#r?eeZ>+rU;CT658`JnN5($Vj~uiV|^$uwoMi@;bQ zBJ2-a?lZ4=3mok*_V!F3jCr5$p$mkf72zTbdXNf(0FgyPQ)olVUnf<2#Gec??i82O z8fw$d=p&MEAFf(QlhxBz3*GKyWk~RSa?o%zl{MAVmq|LkiL=vR88pT#5|07^5yTwd zjJ~|?T>0+|#Ck|b(r^;MG$8s=zavB2dtd-&rw@Ul&;ohuOd-oZ0<2clp6{+8GSl*EGCCR^STK~0&O%3&(xHOZz1W-GAQh- zQm8O3RPU8@`mzLfQBSI=IxV}36~Ar}-ak?00@Td!-2LE^dWf9!7VNSxBlhl7GZ7?A z3rMr$i9fqp!9y`kq;@ex9_y;Sc6`}A={-DNUlTkw#*4;kT(@)1Vuu{wZTL;hMB(#C zVOLW)MHf$tV{t3U^`8L9({Q63Q&!9Qaw(Te40{pDK!(SbGjJ1-2c0?!K}zlCF-sft z-kwbOfSv z5O;raMyUncPgz}5vG)>Ipats?nQsyhC5A{al@clmfUqELHxD<~!LMPwA`y{+XyoLz zgU_zsqo}HLnKTO0Gefe~^;&ZbeFjnyRcpBLDct&UL6;lB_`mwZ;Owrw9%sS%^No;R z4uw}SSf6GQ47G52mTI2+BYSY5>>;PY)mAA(Dm{P}UVoT@?sZ0}F`a5zu;SB>myK$R zD-580sBFhaJ|kP;bMYP^hh{VIBlRjH&&?f3m+XRIXO+U=qQ>-4xWtE(&fzP3C&Gqh6u`}SqV}@LBsN*g>!sv$?dcBDLs8wI2QZQv@Da}3 z5QP1)qy{tX85s|ZebvmMPHw%3*S*j6W?A9+zYq9Qw3WM7G69&57lVs&%prI20pN8< znk5<24({y4w zn+{cf>?FQroOG=gBn7e6fPU3w0>9VYXgJB%fabHgb(mx~Ui2<0jSguvrA&S@mrlhz z4Iitzu`N3nG@ppNYDmQ7!@PMT@Uf~^g~qwi9uGDx6J`uj>TK{jEw3>qLRu4%IueCG z@cDP%BGze0EnPkqlNBxglrWgV+P#JWF5YtI9c3 z03}v(*i@BG(nEJUi5a4@F94gg0W61Y6yt8;U#M3V+UGGlDMUoXqDs<_#-6!{J-5c; zf_gTI@m3nmsWLbUxcKrMAyp0?oGa*feSA8&3fv>kc%^P_vOh)7`v`ZRZZDgkA@B7+ zk=s)(Zq`FOS$c6RR{Hx|;PR$Q8#IN7VO}(KM2X9@$_^lK0lqxJ%74j`gSb{X=#6Qo zk)ruGtU_Qo@gnV<)#AgoqSf7dH@ZNSZbHqR)ycG zYI9NZxGS7ye^J_b2k~g1iX5E6FleaGs6t zB)%vSSNwpwhl+j^I-I@!xhs$GIV?ZF3zr-}uq3f!_bZzyl5)#^Xlr026Ag6s{}lVR zC3shT%f_GC?MOMVWl29H&g|_R@B+y+7K_xW$s!z8s93t?jEu^{a^_VuNnsex%hI{K z>xzf3M^(cihPe@SUwYYT8H+~}&88hDo)9ve&SDD=VbCwHrV-iG2bmLm>Nnrm^Jb*=tEs%Q>0eE3n8UJxEp=J(rSPQ2m?^Rh^vK@OsF zSM{4X8IQE0+hMPWVkYFCK}yqnH}UIS!j0n~wK9(wsG1mG-MP}zNDY;F@h?#JiOC9= zC#B=At{W*ghoA+%b8sRe1?CFBn7gMqg>ZN1gCgZ!PG47aAbr%6oQ@TGc>cLe{SvF} zg40)i)&`_6xnvl8efJid0sH|NT#7V&wR*8N%a#k-Ei({*RSMtVgJV zCQd~a)oJYqsW|jpEWWNid?JH}(YU28IU*p~2RzadGJMqcU0k`7xy0WJmfdC?OuH*Te7c;`sXU_$@h{ zasmEgAxYxgFm)@r-L6ty@O>VSlzXaY-cof9#t5bN>ds}-Pd2~^A}5RFAcK=eMly9& zcaWlhXP&JG7E9&en(GcYhZf}V5Kgyz+^jF(rSIGOh1s0G{HO5z^_C(oN{THAe`CTX zN=)g;x1k2H$tEZq8L33KA35Ww;JFJZBU-+9be+Bq{eH>d8T(Aqq|dp zY--V)!n+Q}1M`J(@@!AdZ2`6xHY(8_1WETPAM;(|dhy(tB`e}{%^mA?7PhHsb+J8+171{mxqCSF#odjGwM#2!4dWVIC4kD& za$#}?A}EAKaWkj%2F5Hq6C)7Dc3=z5O9Uuq^P$N7gc8QvV9VPihLi9>#z!uS+n|A{ zN3uvrnrR6*Q8aroMNqE^ym)08`#CJ|aIgU~AdQq&h#k|E1vAaZq!u_G@Q%`9+VLO&x)L<3hCnNKp zq(Rf?>0KM{5n}QXmjLodz+(8YGaRdFWW=!A2BE|sJiPkulp#I@1fte(iHTsHh$vF@ zA2a_XyM-_(Z)cXkMVTXl_ps&&+`4A&slab7)_}Rtsb|>)40Y|c2fFDj&+|ljf)@p$Gv_~i71$}3yB8(lNx>Z&pYArJ;k+ITH!c@-WW0Ah z99gG4T6KrQx(9PO_>76g{dR-V#dkHXo5wo6F0GF{5P^z6Hp|^@)}To^{$Gz9PQQ{oML~hXSoA3FE^XO1(Mrk) z5?D+wBMHMnr_lrD#M_y0qA#D3GTBXNSC{6pIJKP=g~`ecbB`-WK+K`F%pVE`2fBJV z$KV~7o&$FVT|h|-p4+9y4zY(BB@atxUxz4s`lxCD-HJP&ht4V`l|+|hJUk@0&j;@N zq37USPVL^o2)X+BiP9R*a;XJpF12(*2oB+bVxD)Vz^dr@?&R^aX;#elC+M_y6mHXg zC>w(?i`u!Hj#Du(1Kke@;5O;(`8*EV!G!*p5QTyQMcp-`CUqCa9g0r<+sgG0P_OR`$c?Wos#VlJn9XkX$;d@hUB&J~F+YV&lrLG3=%g z5^JM5%df*1R@&p?<66Mi41>XibgeTj`NzkO9-7UjEWsN=)xXEc$aFaybOKZ+j27{3 zk}^~7%BqW?Zr$QYuZTdYo0%P0cX~W>3M{+^(drrTv#DG~$>f;B|I&mB9Vy%6@(&VI zYj1-i${5o=Oc^{GsQ}{dEe&?qa7X3Ui=}}1%K0KH^t-Oz@xsmy_8_VfeP<@2nB1RxH!ac!GZ2Pf2*N2;O2j9Xakg}!ZAPmHa_Gm-!5Vavy*lO8OtNL>3qsq@= z!Y7n*r%v zAOqC0bE;&E<+|qXign7CWet8+S&W`@9Ne74W|-7V*J${))1>7Y$eeU+zZ>20TSfF1 z3_hN7(IMq%-#kMD>gILYCfcZJ&=;t&n!dec#M*}q`y|)jDlTGNzbp$zqr)qJ_a#;; zMwIk(4Cf`^6aV4ZDC29*4e5chIEL^Fu+hBniAbu=Ub4BA*&Vx*Z5;*Kk;jIV84VQk`CY ziRhyShUr~`h#i~>XLb%O?Y6{EueM~P3~Piptd|SZ)H7KP5!Q~e zU4dZA5;M*~N1?0bnoU>BW#eBth*ije>9810Dy1%$CwBdw!|S078}hTp;$}|GQLb^@ zK?Ccfz)&v>k58{{_ZmfrgD#5=Z$r^z-eJ3V_h8@R1^U+jj@`{}F;Q##;OQ@E);< zrHMHI7=l&1_{DvN z9i#;VTLPg5RvWNPGpDUZ4Dq#;#Zv%3UV$O%*R0v49ncr{75F8#A|D27f8(abz^+oA zuMd+DI5AMUSufOPYRd|UWxe1xNLry)7IaPqT0`FaJv6H2m^_hB@oIym90qM?wPhd# zQbR4Y?_NV128Lkcbyojs>Vx3`DSebqXexCVJspLSb^W>z!gopcWwiGFZ08pSD7eB! z0rUKOf10;z-TVD+Fsf{5ixR!%Nb3G#F{((s>J?32M`t$}g<DtFhX1>^IJRk8ez8&ZgaIu&vp=a z^77}?D-6f(r(@H)543jscp4Ic(C2pgWo$dFDsJ`GmEc9NOPkkboIaJ}v{6C}>VFS#U|PIfUXLPZItW`kGsm*S_BS z{uYjDUMJD3|@4y%Q7!I}r^`+T}yoH3Ouv?%^2KW2hZpKOlp+ z`a7ZeoI9Kldft&xa2lfrCQHb1*2OcFI?t5jVS@zwgeIn)}_Ra3+bz65a#&y zC?DHP!_VSTZ*W*U zIZ$Y>!#_IK_8kSQO5S#@w z_YkNO5)T^7L$qwp1CSJ8m__{&Kyu)0O6e&?l)l7@}RS6L#t)Lm-9rC8w%kMf8UIRlgqyG z!# zX=DIz6tc5`q%^Fv;3FFRp@zw!dQfr`j<0z8%x+AcNvddV0gl8WI4<|d$S`EH3i@e)OQ4eqViv@=R&6s93+Y4Cth>6JBRB3}N<- zxd{!Heh)K+86SfHpt&z*_Wpq!zZ#?+7zPmI-X6wDqLo<)tcruWPxBg~H|f!RzD55c6!4Au^<`evTb2`$NR#i0Ya6 za2)R?PZQl$nsnM`;ZAs`Woj&r*vsKp@1Mou=_+K%+{hB?Yk6r1lqgGjOI%;qKg{<) zx4Yp&q%r-FV%lQe$6=2cQT#I)1Q>94fGCXuSgjAz;(`=idOAJ;b5{ZaRC#QB4f`SxEV(c)?%^UD~$o z(nb+Ai&Teet5@^3vQ%gFL6>x-WuX9cKET0()D6z(?YRhOKn48TT^X^bnKfwj?AmthNl92P+FUKJ4R(Qy$41)N4tBd-FgZN@E0k0tC* zmSu`bI*NyjmMw~=HZRPfF~WmhA^r8%J7&Mt;s+rWad&?~gY&y?rHd#8FT6{=Iao)5S8vUxx`H##cM6fUkj2 zrZ+K0n6bL@XB-yf5PZ@M-7BETR?Ro4ePpr_4YiB%4sYAIuu(2{p<;2Q?-v1;sIj)L zX71pjhoR(Zd{m@nebP%q!FRdWpzq;U2GWZQT$}0{-^7EFJ0fd-RnfKNCGM)RXBZfB z)RjzU03e@GlI>e22Sb;W_HH*z>Sm@~*Ve+PVGqgS0@~5j%1mWrnjRaG&I{1Re3j53 zRV1hN}=!Uoj=>gERJc!If%u5epo*;b2iwpJd(!mx%t+HHVn~Pv&z9mCM7aH1$~GFD3$UW|9`D+v5psJQ5yE=)z>9 zOgp?x+$Y60XkCZ{2LU@ps0S1VWE*M|^7|6-&8a)2xFnA6k~fLSfp}K8L}W=&uCD52 zH2DxA$*m+Ha1*^#lg!%z>RW#hlf2hdO2@l(lmrgCdK~(Nb6!lKi?5@VAVbn8ERjieG^8c^n2MvVRjugFEH=07smSKe5b@^ zv_F$d>J-$T%qTBF{ch{$)>xJlW&?4vsd4KTkxwjECu@!(<$fZvDwO^t9gHCF4~*im zDbZT(Tw?cIGjp&W^TwCt9A3i(@68U)jFIgor^TrQ7Y-=ZYmC;W`CxN^4yC~F#yF>G z5o1Oc-1;dPMlV!~3v`JX2nD0;8A0H}>jvm#CulNuUTJwv|BDIs^n~VRHsYFiR;O`A zB63pE+~;lhk zFy!rW=lQiAX9ArM#l==xyhHLttIq|&?CHD(+Pm}9G*+mB+@}Sh!5NkPJA;`?V70!w zpN`OwJI#5|c;!%KW=VMb$^B%-2u4Eea3|2rV<2i6d7^(KqBOh?=# zTSQTMn+a0ig0JD}ubiVF`q;}0p!AJQk#G5+NcjjzzO~=8^0We7j+SA7lmNM>_Eneb zerG>1qjf7p5nD!mE?NmB;$JV6Ia~Gh9Ltq7QBY+-l>}NYrZVY^-7xd4vKOZyFPBdo zkUWXhhfnTY{?wc$mpZov_Gm*L^t<{{MR;QWJlLKF_kzAz%6d?(UJLfxlz!op_t`r^ z@&+Z{m+s0`pv3m>5XPCulV-kd)J05|ahyWgLd@^h-(j0P?5hlO?VvF^m4%l24?VND z)0|eQ=j6b{NcR5^o6kHoJ%+vHN%!0$d6*sT^XUtq)b*lQ?SY4er^^3d(T|jTTZ_KV3 znOxI8R#64<9eP%Da4Lh{MX})X6&$Fqg#chsf(SoSh~wz+r6L0>##xo8eh$All=&wF zxtl7`_t77Av!9wLoxyazO@9W8odAL=iiM7sy3@*uHy*-<&76v{vi@&iDoD+d|CIgz z42%C^w~pz*-f_Rykp3U4wf7&@Dq$)FMhJyyEpMS{mg)Q+zI;9~Zf*|U%vm52Qhe3k z*Bb?C5onklwq#+t5hQCEF?Q1yg%E}IQpYNKl7%ZQlq@Y;|=F=O6++g2B-G@M`7GtEp^sV^ta*3>(|2-zjZ@c(JBMxYoJ ziAEz<1z7N)^!n0m6Bv-G8oT3>Nv*v#ID`uQA-26F0uj+y>&-1}!CXm#PaH~FocXr6 z39!FNe*;BN$(Vf>+BD!4_{r&m)`>H!8};}WfppWcLFnVh@dBrgR70+*v)<}ojv8O( zq!)b*P=V0QA)&)elZO5@>_MDW06?#U!G)2?V(BhBFIZ;1&v3iQUm7u?kzYxc2`gm2 z=Xm+#h@|#YI?uou%Zm00%MndmbykeE%(!lejWItkM4wj_149uokA}8lQ5lI1{kd3#ed*}3rWkg% z-I1?BtqO{8;`GPJ`emV|DtJ9^SOEeD8hilw0_Vo}I?xXxqg0<$tnqoMR`z=36AQ8@A67N~t<6@XS3cyIF?L{jbR*89z_B zy>v1CSUK#^FCro@%UUi%9@uE>EE8BRpgfHUNj~Ru`XEV0-;~(O#4$R$RGVh5wp4_X z2R~T%k64VTKpKhd7LmlGBxo_j!%DCEmqstZHiUS`@v-oq-M6DfzjtDx4TE$1%fQ!! zzqxsMn_{nTYeCOmVP(JeXhtayXfkPB(Mi=A(bGFw5;;{qt{WzWpYCD=-hX!lJRg9vp?S+WG6-lWOzPW6`q!{bO%o!EjEQk>U(81Q?TMa#fI}(V)IXv>N>;dT>Fv!svu5MPs>rV^3_m> zkn6{mbV5E+tYu+MaK%@g0##;jz~`XpbAg*0=d`8-aJe!s@2OR`Bq+9mc#ZQ)^m_V3 zOl`KVNhq{fw9ZwEOQ!#w*7!Wukw~7O{x+EH8Y*mb=X9jF{PlnhCDgB!UtuqcYMs-tAhm;sQC0HgJNb6{U&n zv!OGj!^ju}m{5ysxHP+M7lZ^7V&@S?NMjOnypLM!69#1oj;RO%aV_%P%vxC_Ma=hj zmUC@*oSv)}_S#c!4s=#(u~*Hw;cBW^2-hubnn22$(!WVJZ||xDRVyL(kltOdjJ286slJJd7dq}s zUafD}*7t7}h`K_F@nJjbGylX&+N8RqM#L!lIW|2`KXqgX-pkg?N-dLUafUyVIv5_Q zt{y7bg9Mi26+aH+`UVQim5fJbAKq2IjI(yi1q-Sf&?MPN4c>k)hWDrI2Sb4YJWEEp z!~5ov#MmC|&j`lErfhw$dM)PjGSgj`i|)xb7iftmBeU?$2DALaf4wf`dvR*;FK=)w=pj($?O(_QC_v3wZ@M}Ay z@mP!Bza^28!-Cx71gM=){0C*7PxhH%MuDLZ5i{3eHTv68MS! zvIV_{?6+~LA7ad9gew;KUVGL(6MB|>aF81uZo%1N&phK}42-WQ#2UtwsXQhiLx_>3 zY20IhQE(gU1RRUHai-}RBEvX1`tHZW6BB+}KUXY_b$wq%0>5VdiNKVn;VLD;t#(Z< zf;P=xWlIFLB=HdAn%t2XyG@(v5LvYVZW(3)?q#X++Mn7tnoUMRvTpZ8VGLTFP`deqYqS2BQ7zVnG#89@6A=p9(e|4QscC^;1>F)Uje%!!t-mf8TCw_9<>FAJEwR|ojSXf_i`=sULT zTu)x{Az>AfN6BkNRrq*uzHMefQ9?wWQZd( zxJRARJIVUp63=T|=wpT6#0jM5tR~jMT?AdQnwLFKlh@VTZfzRds_Go~z1<0e>uM6^ zc8BpRg}F=<-7OntCtra#XOWvId14kn_d@m7(68pb69QRc%7~q_S0!gr%UIm|y|zFh zW1@w;YSs;3L-qPY*ZVAbK>=j8ZaD|7MeCMGSFYRWMUF62go&`=d|f^94F@&tqMP&` z&@J?}v_kX8%`_ktA6i92-?ZIDk7Ob1X*m6F=a4n2j2VoD_;Yzk5-yvmLedBM1_8>M4o= zYfEi*>Ud*h?15oGk~oZ>8j`~a6jCb3zI+G|W4U{i_Zy+`N|L>UuKg+Fog0XU*W)WY zy{t+1OiZUNUf#1|O#8a@rEvp;_Y)$J0bP#E{$Kyws#1ruT(Oh0>A)PzOTIPpYsclI z>Tqb$PnQslxY=i)fWFDENCJLgLqFs>=KSx?L|8g@TkZGTeL{B2_>FL6iSOol3)*-`wP!jgpgw=VL#vNH zL(EHJienDH-)HP4YRXe|%HTH&Dd5r%;&EqQ;mkbjaqjk}M+oZZbai2nj%ef$NZU6c zEO3jNjF>P6mVdt?es@Qzly~85w|rURm1(?P*q2u|Vpg^i^~ZUlJ>E@H1;)5|&EW;? z;#S4@3hv%I*F@}@ax&b$MGH&8^*$*Y`AxgdhO{}UN=@64OaH=zbb#f>^xILLI}IG zC37$5UqnKvQ>GbzT+CSJk~*{(NcC_RaV?_x6_#UbPc}%u@$eW|cV4s@hHc_0k2BGV z6-H=CIoB7LfoTxQeWWV6- zqbmhqu(?ha(^MB$NxkyNpz#7?%<-tLr2NX-9cnW~rO$#$vI>HCdS4D4;4PFVOg&VA zgc-~7G`6XA*lH|&R1UQ3dcBjot06K<1FZ;$kGudjUPv@A2eqdBRX`V?=fwilV_?jc zuqSiOP)dVwfV2yG8g2X?Gn2+Na=i3677t8xAk?x>l3D18Mhay& zRqIZIX!tBah{GG`i3FUk1+PZ^yeFRT#Gj?hD6Z2ck| zMSfQE=?nieww@_eMpNIBmNlu(0h^y7#KyodwcxjhtpTx-6xoc>L>4#+h-(sui`EOt zd_(=f9F(R$g;*zLy|uX@Ndbhd&@bEV1$9^K5Y>P~r2MmHVM|cPjd3#+&8iuqtywka@#fn1h+c^(;1w~1k)MO&7smH2RW9kgz7nz z1j~YGlTA*`yM=x^Gf*xuP(g<$GbU*WP5j-Y0?%;%vw54gATWr$fAzNqAA%%^LXrsP zFg<6u6#7OSY|8->IBrEk7s~7TQVT>OUlgE$>lJmVdmOu4Caq*DvT(17L`s>DcHU1I-RGs>56ShyPyxM1ITg6C0 zW%2CPFgT*doL?FyM{B7&S*-&krow|VPOMpZ!YlQ6!HydAaE%O~Yc8Zv;P!|a1?mwO zc*G+o#{xN?o@Y$<tSb^p|7SHz4U4kFnT?Z{b<0Ew!0gU*GI<7?G1yd z=Bw8|$>`8xr~(JKI;5^_2f;{>aGY{vk?_R%NTaw=gXv_x6zGP~fr==SXEVx4Hf}nt zIM>^+4@?P4oFI;TslQ0Y_^VqWle6eqsQ4EuWE}<`ti6SeK8vh=R9aD^Ld4NiJ4coK z;F&{t4prZdu+RI2QF+5KW{V(^alGFH2e;~`CoP-Vy&K|th~5~5R@j zKEvLlfS2px({0DP5)WU!=)sRZrrk7r5VV`sg7AEG=8%goI?Z^}m?ku%p z&yY=$obP&zvXZ3jzpN#{+ zk`Fl$W&>>2sbR4vD2+Js7$B4;F_AXsbUM|&&-azw6s<_mt|B7f@xh~|pLG;l!#P2j zzh;fCk)VGUUF~K!9HJhG73XF&#%$~N#TLyU?me*iuGU;iL{XHrLJ0I&#{y+d-!Gzp zyxCy?GHpKJvL?)2ksf{G&pMQxfGyDT?-hO5OFTP%m4C8|TJs9<3G>bqj+GXp1r)kP zloQActC#xZrmUNW+VFnesSD@;G-B7eJbYUrZe<_ee%3ckF5P`+(VzFU&t%AZS@)>< zKU$Bj0Rzv-gY3#h_thvFvLV`kCSnxYt=Z^PC(uY?#k!r=Ge@uVzG<~ea9lGGq(*wU42A#YIP zZ58m^Fz~YoXu(=uU^6bM2x0@{WR;m#hw;87US&dZZvgZXI*v zGQv6yp*>XOG(#dR^$xxty=ko;OtYXZiU-7Y3m&zt_|hy7fT@#WDlL^>us$;i zV(R~=ovHkf{OU_7?(J^Q0cEN z?L3bH=RCc^;UyV3He(NNQuz|TQ*b$>U~KR^g5iSuL3iZt zyC<1ZUJSt4DX_c53s3$8GKpStlScyp)JJ}HF#lEnQEp(~=e1(SX4K@2{<8WQJ0XaN zf%qcAKvISntJ#rHQ8H$QK$MIqW4*uHBVm4Mm;+1*P-sH5DV2t1q(^9#P!-dU)< zbJv>-&S*faSK)Be+@S|Cp5v_5$?&%T;57Y`! zvugxl_~e%xqmWVY1kEv-a~}-w<0`3*wWWaibJ{EqZRO>$u3orR?&97L-Nrgq2T%)KnBClXP z`UH?dp8m4l?jCmn)9-QF+MVyWBX2_$DZsYcr};mihRa4(Q7%Y@G?T8@s!T~5YR7J7 z+_)%)m4cA5p|t2>K9%?db3tLpuqN~NaXK|~y>e!*bdF6J)lc(ub{U=LQ_GYc2Ri?> z&Gs}@|8X}fW7}LS{gYF&^2(BO6x(=Ne3BOuU3y1ds2W8*&V-|23~45bg)5&FZnMnW zGPaWOGus!Xo+?4<2eIH=1!P8%Gc`(H`5G{XYvi#Kof`&VtKkd?jk+?S-8F7 zb}ijO6T0_FRq}4#N{Ly#eh{^M85ps8p|>zwli0do=Qo>2@ZAPRhZV^X4ZJ^eRDcm^ z4g2}f=KX1D|Ne&@Tw_KLVpVwdiy7u1%iXB4RWp?a zV2{UYP$F{#Z%m1f@tD8+r;>&+3PjN?hVHDRqOe6%FAA98nsjrQB7qe*?1yP-sH9oG%|o9nFc-b0(KUoafixS^xN66KBy8o6D; zq}UFeVa#7FNp9wC4M)Df&ATIU5`AqQ@?bvcrc1^BvHnG|{Lkj^>Xz`E&Z}(Zk^L2& zqhAtJSin>jJ$Z56+C}$J`e-lU1n*rWbX(UTv&F~i`zfZ*6tErmFU!GGY1)7>sbZ(dF~6oDW?LtT`$i38e! z@qd1U(K^uoONdxl{zHh^nEp>(`~Npp_DcQ#5~92qd-(=p;V$c(`A5*JU>a+NOF<2g z`pHEBBgv%0;SOc8z$#W`mVhYYPo)3250TgH*6a zyP4V?d5!`o^e7(FYvb%LK53FWOG^r>ziio2I{TP$hMD=ov2bc;t_6p&tr-VE;D`K0 z6y}~yW6H18^Bc$N1dW9dJq0@3@4d^X%eS@51u0*OO@ziq0|K}#M@G({-Yk^H9%r_P z{n0j-0+whfLNbRF$7ko^D;74STy9f_TRTVm%wI<%=FV2Lejmn*!1}Fn(<3diNy+Z~$9EXJa2p>sU|S8Z;|%MF^x2(F%$f0cHP&^j+3=#U=WHN%?bf4 zB31M&qTfKyEO08b@tU=I2|57#mtxw%*5Iu@z7{?KUxAB2s%NXoElc0$qwB@rL@l!(2;KPui%VF#W_ zSanv0M9T|)WnmHL2O6UYzS^c+ebj9n2!(Fns6EYv*v{CY)JHa{#7&s1S%TM{;!gKc1k-c_O>DSRJalUQ1u z*Oiuc$SDVID$!7k{tYIx2g&8cFMS-*Ub2TWn`};T01c?5>B=@*o3heysc?+9wbGj;Wz^GF zSJjC2#WRei)7k|$1_9UxLAnKopxpN%vGXB;7kq|pkCaBv<@R%8#gd_=3+5B|hy?DS zbqJQS2*8MmFD|?F#TCn)+1s5V**)$M7XgoWjdOL4Mx)Qvf4iBvyXQP|ec;bcpy_B_ zQ+~g2=%GIv+y_J&$D{UEz!@fN2=emEuqsZ%cWWV|w~r(EiIoc4zhK4~1;NE;#E3y= z(=@Dp3bdnj*+?wjMwoVtkr#dJ8+&gqpw9QcQOVL4)Rgs0HnK+1=|jz zBn{ESc-u))^<=EN{UOjG@Rv6GXN z?~*BRnntA}ZYbIh<1WZt&)q$2DxKp={FK!8ynuVjL8AId9x?qV6-o8k%Ns(_0|n-f zQL+APhMcK6?MqIB)&j8Kl}%-e(S)|)hC)65AyVhF;PFb8R=hAII40d*?;_=A!PUMP z`egy%v#ARftX3d+Xd+_v$767CH52#arM<&U7%~YzoKcTA2gzY+UoI?rdP z>XrV`{l>CoJ{edY-PGUXXPfEm0zpeQu(pL`NS{@}&CjD#=1*J3L5=AnJd$q!7=?38 z1Po#s!^#!FIq9{FxoPi?bvgKqh$v}IsQ|639AL{x9OP?pH8=)1-v{&q*PYIPNHH_> z|MN`vKV9yk{~d+@@7MpgR4-{r$6&X?biLHf(vR^|#~}*?4g-Avk^&;?)jjJc_`yZH zz@w{6fgjMZzrrBHQn!lgl#KChUY0L%7%HO;k0n9E_*`}wLWJPoC6+R zW0Emg7(UUm-AjxnO`Vk8;#OQ~H^}PQT=nqDi}%&;9qT!CyWbxh10AX>E_)Q0JwMmR zt3BP{M>LtWo!=|GHFx`0J2fsJwtg4y$JYU(0ME}IUvMjUuz0pR+CFR|LEjrWH9qb? z&lv->d*gl|8r4zTdbuqvW>*OGI4C{cZS1)%6^3GtT-?Mo{?z`(1cwB(@U9RHfee9j zdD-vg5ppp&Jn07D4I4f0uPq(lpCvD>Kfj;MzWMFwwLu!cefd-SbMU=Uv5Dt-eWTZu zZrH!AI^YvnL`9x%yQ5;T57kuDL8%+`bpuxe2UxMoiZ^@vwRh}Nhw@eRp@)LM$TklN zE*bUr0y{bqy&D%EEHHSBH5WqM%5EDOxuG35euy=n8tVD|R$BZoO9Hi*Au_^N5hO`y z;|L~9-GpE1v2+%2MlES2C{(`?6PqPeIC)J7$Qo;X$ttM$82k8s)`ZAdS@jL>XT#z3 zp4t)yz;}uL7`KV#H4fjcYZo8FG(w>zY&f$z0_0}G%}aFXP`n<}!6@2Gbn+7GKNTQc z4(oj_=Hg~^&!$rlH-NqUh~Z-2N*q0Amf1o-kU$Fik{=`zb{FXr;v^FF=`_N5j?^*Z zqC^8A@~%<{&0!E+J9T=+LXJE!Nd0ChDPoV}{>c-yRpOTR-dS9`Hq(Y$5m|LL$r)39 zmeORHa^nE~H9a*J^kkS|nwWY;s)areKEmdV{&tjX(qb zOsT)JWG2EuS#pQtp$ygn^2o~>smx_Vk;wMy2yx2eS|Z+wrX>##?-=R{++(BOIxm-z zn<6&WL@mun=mRlCXnw)Hg0TdN%t&_-B;o1!4VnI7`6Ob^#?OYA^-vp${r}jtV$^?! z0i9(w5P|P$!FU2Cr{GJG1}g4LB-WAvt{6LT<7n9aS(4q|C9!szS*h^o@kZ$RR#CS=C6T;0Dd({GXnen z*hQ@lB(Ke57IJj6rHXnShGZ9`W0Ds6FcV3U`R}-JwUmU8La^EWWE1%btpyN_EoG3x zrE-r6Q&7tCy1h0Jw5~sD)~=~&c_zJPrk#~?OgJfi@7@tklbUP6boDqWg+H@bX^8Vc2@H6O#te z<}tG}4+ysGdlX`lj`F1)znD%;<;izS*y&?#Gm6=x&Qmt+pqdWiganOTh_zU{HPv!^ zsl5YZE>LFI53b+t9#o}RUA*cBfIW0ASJw3LvIfWKseW(|eWQR_BHkn0e?RDOJ_ zHK#2To^0)u56v%8(<8RrJBN58wz&2gVp=B)p!OI*aQZ`Uxb{0DUuoVPHm7M&Ccdty zMkJn~GZV`6$KtZ4$FLz2yuuvn0gW>gr1{^dPKeQJ?Z*Btvu>}&z%7AZk$tm>@0eEBk09lPS4ju~T-xjtNk z73EZPYD#w`IN8DF(b-X(`JV=>J~_VU7D8@~!Z{T`mEIoJ&Jx*M#mI7dJ-2M z5Rv2HiJ#raEsjGj!EK%g%w+wE?3_;#D@8G?x%UzPMNEWz06gEp?y|1?k7|YGKY1QZ z?9Bh;YD9hOe|4~ZUUc(B$xGE0J{Pw+tf-e^tWz*o1u@aXtJnmr#}ba3-)>wE3L1?3VrU{tg8R@9-z9BNi1rYB5lKwn;bkg`&@TUF~I0vPBkeJ5i( zNaz2D18*>VV<{XIrL&cv3uj^ddYmjztDs-E0-9Y{SW#qvDqf#^CZaQ&mXBP{wk;z? zQ*>)@f_i?z%Zpj}q+{J;bf64p|F%Ihpm4gsvXt}rK;Nrt%K26JTHJYtOZz~uq2;SO zFAurbKs1v;Q}Pudu@L94Ib9U!Dqnu|4k66|gYLSlZjW+47Kk1c!CpW#ef=_o89+ss za#umKA+b}8Jdn2yyH{R(ej#!3FozKID~d>7P4J*%MF0~{Frt40ttxRZ70V^8%zop) z_`fewjCA7h@C6!oGJF-PBV%YILVvv`tmS{%lpuSK#yDOnVv1l~h5m7ILhia*j+d8- z_2hra1I3~e_CDS?C{>=8LM2n>1|6~cMFdYw$o$A~2-=hav0xEEQJKKntQRP@9#=t4 z6~)b6lhIDdN}eELyh2ZW_Sei612Pun1j`dNE!EbO>IAySb8wpP8x}dUN-M4WqEn4v&o@^k zx14__YYKN7-s~#F-XRW6JDDAGQ=nKflq_#pZ!kBM&sM8 z;afn(T5h7>XePqLsDO$Fq|f2m(E7?5Icx}p$*dyXb%b^ZRCM1ML;`K%gk#V{r`d3G zds^JNiH?X9Wfvw9Te=+~+|a4H1eV9~ItvwMQPX@Cg@sJ1!pI5~C<^Jf&oWdff#rR5 zn0vffDkgjEVNS)L`n>)S*h|;B>hZ7j0{?+wdRZ=>AA+U6O(u3Auvo3tkQ+I88X~Nq z1vT>${6Ex~z1R;roM|M=Z9Sxu zR5y>UvTGAu9Cu)|$CGi&Nzk1Z-DD{P4JL5cOmrpZ`gSX+d(ASZ>~l8q0uu%k<1w6o z!cYdVDKO6klgdkmb5RbQUIL$4n5A$UFK}oxzyoB-F592=t&&vMp-MP>Hd?SHj5{37 zMGM?nR0|w9kPt*+iDP$UQ{>{0GcQr6t^mb&hGNzr`p3h0>^-Flm#8%zQd*CZdllh; z6^=i|pRpYJf@gBQxI1m`JTChlw1y$I(~olDiY{#2xj3;JjaUr;_pQP}p?|=~&r)F! z1e z>`(j99|&q7h~|{S2K}ObYW!qHe$3%+B^d zKDJJ&|I+f<;C^?CPsxleXv%DH7KpD*GNeC9uCMd1T#?hnnd<&l5wl+P_yGFHORGP# zI59S$N$!I~Z~@@?GPPV&+x*fRxVhi2qE6HyB?VX;i(OO>HRA9XdG9LEHs6hU95#EC zpQ2xsP5XrV3G5~3%rYNCDpBI@IrnR~R49NxmWYmNkpqYB~rwEDPC zCLUu79?s@?MS+y|l5>l^Q13>^lSOm7?JQxheAF`C#I3l?W z0yUmY!f<2bKve`sR}EiigF#QXqQ&*aJXzCqxRCg7%tKx}C!@J>PV|z|*=|pcOEj@8 zt`$Zsr@3a=l0LS|Up;O+*?&v}{xg=IA|}v1md-F;REm3bT;dtcznUAW?({jf&Zapn zPy`2eu{LJrmja9pgQtQ7st5neES0x4P?X~fvcm^N(#``=MC$F-*-P`lF7tIIeQF!& z2uRE83yBpvhD$C0NihFP2FTw?!1wDh0dS+(J!h#I0#dW&A^=9KDPJ<&hN%9L4R-7X8h1FX(1 zG|~|(mAX3y7HhD$v{4=MswSD{>Nl}3#0TPg^iOKOyiq14nC)VLcz5$V5lvT*7986U zgHV&wq!bPpRcDi&C2#MB5+(X^j*Jyw)6OHQsY1iz!k*@-2oH->RswIm!UeF!$=AddxX0xA z0*Q=caq9y2Xeo4XZ8-S=EMYLH3nvZtYE1T$mgdC>AX?W`W$8MNmsi3uMCp1!+8-B^XMrgkVcY;aDLFy%4T z!*IrPz&eY)E}1pL5E;x)DM+*>d9nIIL6DJ4U1jAMq(PLnTO3P^%3Xh(Hm@HnWGm-?)FR*p)`M1U$y?mp6i?Aia(?s z+KlZUlgPo=9E?1y`awN(`sRNQ(U*ql9guETNT}~B8dPp88j>M5v}o2HYf$C5hv9wP z70?vLREbjC>7fH%T;G9K0;?+)R3CLEbvx=+;b3oi=^Y{T20{#S2awG%pK(7CV=VK} z_*6Eo@uAX)2_*4xvjvG09hBlYSz8aTz*sNWexy@w-jU4;4S&`O zHsULad>?!XX)LZWY)iBvL^wRcK&7U@vqt(;dDF4K+j%a?BMtCyf(soc1~6`G*v9;v7W&1n z(=lm#k$C&lO)gY7r)C19J!&wA-;`X@te7`knRjNw8UJecMM+`Q_g6N{*U27J@={_r zdazm+nTT>A&%2_MZRrHgv!=a3U`AFGIsrms4X3)3pTlg{v$7IEmt>DG1n!jjVHct* zHC1BDR27ewwu2AzyioX>uRx)^S03KGY&ZT%ZEQ##-BqxQBbotLyx@*+!Q~X7u&6x6 z@v<3T-;)w|GKi54ey6zooZ%Y2SwbGM`J!9EQXa`LDsQ)L6^r&g`Q1@GL|>UN8ri>v zfigt_txT6*v@pVRAV*7ZEhlHMfNbtcwqvuxX&u4d@>ysfo1R=kE%A?Z`x?GxmC!nd z+O|`ChyTA?yd0EF_ct8evoa;n<8&G6;r@s4>-tTf;9jlqO6j9+E15LOw6@dWjl_q~BWE`atTKaF2@w+yj0$^IRF5iy zSUCAS?BY{Cgrm5QV%@W(TPaJg_xsE=FW)B5dp8Zg`OHtu6udBBslhOfIW)EV}5-J?UpqclbpSMG)K zXP!C-*NR z8h*8PoHc)T0(`@fK$T(^tPv7M#Lw&_71egYhP!AQ~($mEc*y4@;4A%R+p^r{8a-M z$WK#Xw;Qb=7{_;w^4t5zi79O=|0Q8&?y!cuwXcplNoT~^?TXIkWJsV!XQ-$f-u`Wb zgnBUFMP;P7j>k&M6Pe*%>?6NmK$SrjPc~l_HnXdRmwW4{_QcL+Mz^PHX46Td`hX&? zt;4-G?Xu3K+nbX+s<-h#R#f!;(@>cicHp^5XLXZ-KCFSN=J6?L_UDI>{k$S+l&0c@ z;VbGu&<-x#2qYo6s`ir_u)DMd;2RZ2`oG zY&qGP>cV|}vazH?$0+oHVK;oyqG=R&wAO9D;ln3Il7Hgrgmp4{u5X8cXF{|UKdOOJ z8TVrFF+&Cp+QvCVYgm+2dXX|_&7(BX6fuLFuCs72a;U&87^6hogxHm0y#&A9&4sHB zpk05~#RfyrAdHz|ZNyTCR8)Dwo(p|0s=^pPl?VX4p-7rnE4G}p)*!oE<2lECeUVQ3 z>{;tG2PCdmNk!5$<^vaq9h^B48Hlk&l0~)eS_Yx6Ek)g|i?qt_arJ8;h?_T3j=(Y} znY_6Qj?N#pegTkCt&h4zQX@hHV~mN1TCamwEwCA5M>bbn!ALMp9CanHs(giHN{}0m z^iV%Tw@^A*j=KPdi72so+SE1!f&p}aBjtDTE<+?VW1Pg*$|0x0#5VKfLM-Kq`8ZeW z{Wnkt&nzIZKAffs$~*@?cHo}@8(1iWn&tMf`3b5JcX0E3wEaoGNtF$P6sZ7-qH}>a znW!5~xsPUYu5yR<Ou;go4~WMukAvcxeQup;9F z(D~dzh(a);b9(kmZUYowg%(s(aIaziym&|`&-{RwrqJpN2DU8606?6{Y@~x{fgX{9MKV>axa{+pPH)r_Q&FX6 zY@TT9q?bbc#1n-Y;{|WYOEIj24F4LopI%m}w&Wq2Pel7& zMMY~lCEOr87uf}r?XD(lZY3{M%YBjxRd6Nnh&h&@M(t7wBgnrTmPA=3>SKbPmyb`i zKRBSAK+lhCm4+DS8Q0JY_3+H5bV`LdDW$VFCx{nV-SWSl2G!w9Bm#GX({fQMcfain zT-e(v=32}Elzjh`{QEFsy-T2!AXN`(&}$PQOZG+9^Xm4s(E0&L*v00pM%(9f_8o}9 zAQSLF3^}xWM&E9_hB7c#wZ}_O z^X&8f${?qP@(W^C`~1zrHG!^VM_D<=+#(Pw-`?-@*3IPxIG3H-N1C#oAw(D>W*wUq z!U_q!OtJD z<~^mf$_r_YUk4#)TreUc%~l=bh$UUWd~ztwMHLyH@t8? zlG26Ua=2n8&#*E29Va^%16K7XuB+cnJ{#m!-=apRLSrs?uP|@VE_QNz3PPdg5O4@$ zl_$Yaev_e&LWhpx>upxWT z)Z7*fz~@EK-d`d;_9rLLTMt|d>N5<>Yruu!Sd|3%%)~`suF5EIG}6@$2x6(v$4$RY zZxv4`31+1PpdIuz2ohw53IW1p-c3TbA-Tu9#@P)kp3HOO+V3b2fh!*#*$oPw@#xZ= zm?Ns1XYUPmW7?l@|G}`zJdsr1eVkC{P?r7YS$#}FgTh1CkAX1oa-bRzaJReQ3rM-B z@7g3PfXOjtVE2~Ip_uA(Bu7YiwwbOCJpxVqIh_^J#|vyRlp6^6l6cE^x&`O}rM8;N zwey#*An=!+{jKJCOR746P*9EeZo>@tkFQpWce6hyT?R2TU4u_VMW+F01dEAH8>zff z;(&d6D%{hr;NXiJyKUwwhY;gJHoZ8e3)5{AP_N;tRgvHPWYdWh%O5q!b@!s0Tnf*@bI`?`qN#NR9ZR zMPchEX@tI^WSYri%^#XKXwi2Y@lbeD3c>jHLWPO0>kKse!Y6De_J@k+I>l=rBEe8Z zd_kK|0I|6GmfF#=hs0lUgJg>-&jiEKRiQZBd<|Rx%W7hT`T;-2-Q^aj;RKd{nrw68 zXTQHrNNo8)K)$x}qgKF|=qomd!LpZ*459++TCA}l_952{_2FDH?hx}zsW&H$?*y!k z0pSF3U%}v_{I2*2&l}_$fx3BeC40!d8zn!R>Z-3A9lX%v?5?1mza!S0o354Xu;3gM z-1neJosg%g=gu|~5^UGKbqPf<3LV#yAfv>8Dr_3_9{pu5Dsyof+4A(^vRpFfI`V-N z87>k9s0k~G<&Aj{pON{)Zk{4@hn~tuy`e@%)-P6$Qe>;Zw(?cNWrjtN?eue8@r6&C z@0={gk!P~1>I-Ssxn9O!fAdrfKFL|IQArY-zxo{%vs{}w5NLvvkYP&Irx=ZGm;b_I zdT`!80PK4Ya>jLpJ#)+9>&mYsA{#-x-)$AFB`fBI&gLy$TaCEPMc-^86N(QmGodEh zm&HHgpk$|?YZ3NQQfQUA@SV~Ck^u7*vV~shutu5Rv`JT3cH!i8Mmw1a4;?Kp!b&=Yp;5v zpI+{oEpu?*T_u`hq}d|(tO-}4zYy>VTQvv+<*Lfq=e7SJYD2P`W3zwP5r#J_m6}*l zAamPuO@hA@(k}A0)B*XuYqP(jFSNCO;xoY`@Oegr+YqzcV~01_Z4u}QX9h5>`FC42gWH02DXa0EWHC}GtdR_JSp+27gu76+?Txw8dv~~hwYD}k*Z0k;mQ$R( zL{)RnVAqy;am8{u2!|NtQ$uEYB3hC@!%ew(aU!_mGUDNLgIo%$xPeW)orf@pf5TrJ zO6mBBS3_U=JqFjP~LNRg72R5~8;A+BtVNBvULU{`RBMLS+pEL)I^J4{8Cr;g4p&-)^ZS_NS)kPFU z?_~#>feUuv;ri_}u(6uwAqn2TkC*mE^@=+`gz3;!AC2y`F16|JRQlTAfu0zfCkG*< zw7(}O=Z{bT%IpqEVyF@*YqBMlP@TUehG*&*M?p5N<8H*<5Lq4}KWlPEe=1&uU0030 zsYhm@>T=g~*F>zVb*Q>}WxY(zt@QS3Qgu5aWt{O2>QWMEW56pPNV{g>vUC@-4X+pZ z65VwfA!I}!lBGqq>6_N9T|wN+gQTx)CZ5`u=kHc)w~nltar|KZ2~~N-wS&uC`l0Xj z1!2xS4T?O&xv`egde(GAjFOPM@xoYt{s3z)poG7$5a=Ek6l!Fgk_7UOv9u*o-ux|5 z(qr){%j=@`AH+l`tgIx>LO|9{zR%mb)^dwb+);XBqa?*97YTyfsuCKQDi_r7e!XRK z5e@mHp=lBzvnNdE$M_K`ZpJ%#eV7`#+hQ~7@P)pRc0$(JAFJp07^+F6{SVcH_=erhKyeW0 zzEFG1CkF>|+VJvIn)~+i<5&r#6JE|rTNxzC_y|!71P$|@Mxlv~;zV~Vv0L*qh6~GWdUKMVyI&rSv0*Au$x6Je zzSztl07z&s#K?pdmQSXr7*k?B)@k#AU3XgM7?N;!d22Uouo2`dYp{9M0;VW3nKbxv z;ym@3GGzKsp)?9(aD)wp_elOqly#pQY07Hbb;l+KpFDMc943b~!O}ZH*(C`uUkB9k z#kBww{Xx4+$&23};?%ra^oZz66a1PzmOW81?cJrUcEdk#l zbH4|aoD`dE;m8*f8TX3FQR}iT7p;3m)BN{gE~G&9z+mD}SetzTh3b%Tdc{z;tQM zm+QE-n^ulT=guc9kLAOb>Z)vmtpG}x?!D)7%abwc@6X`LoY0eSaBIaW z0HNfJ0cm-n|D?z!&12<~i1`Zwm?I5K$~yt41eM|ulOg0llE|EbeqP)J^3+t}f7kMg z6H*`9IV!Z|3IYWqYT&3{Baj2Y9JZD#yvpvnH~1QAT}Xtk{7$#uM;VYcE91(X?VA*5 z_5Yqa+?dZVH(unIRZue-nud-*YvU1EX!pw#;G%u0oP3xdV%i{{62R#>;QL{+rXz|h z`5(~%_uT0a$&>!Pp)mr*(v{S@HnzZ%^Sb}|U2vR$Juu6;F1;~gE z3^A}f(9wh)o(;%ITt0hNv)X@e`xfBXITyhcwcR7)H-grFpx&t=qgsZ5ly^XpxNTu^GId4yW z?ef7T5i4FhJZi=EZP}~I$~&5NL+MbwETM5XP#x6j!*;BrQ6qO*co<}ck$OAs;wsi+ zTjS%g4y_tFdB2Ly0i1K??{mGLcoKT=zqH10ThNMU?rPNzP&^_LNk^uV%Z4n2sYX(4sD}QRFSiAuYo=zG{?1RZzWfys0?Z0p0*KgG?`&6S zmOlsN7xoa@lI%f5GZJUkPfhNP%ou zRtaheqmk)k*FFL{zaor-y)Bs$^dCK##mTCYzn z;a+wCswN(tDH))o47RYage9P{aS~>zD8|Ke5MaUI_h>__0(n7#`Ax+8*0oZ7hW5R; zL-{mK(ref&v|F<)M+7r7Q87ARumD6x0UN3eVJF^-a^4RI&G!D~E82{V45P?PjLig9 zLyu>RSQQi-(tm4@o6QVEx78;t0uT;N-iNc<6CFC13~Wafr10wbfQJh6g|4*v>kO&5 zG%3n1X1N-QICVt!wQ^}skqI3<_J}8r;QyqVh$)qrYrBXx2_RbGSDX_GGuVr(3f;gC!9}NbPp+B-8e`pqy>Z1LB_>48*2AX zajWWAp;Y#TN^Awng7Ti;(G^gE`u+#3EMq6WqK(&gLgNDwMYeJICe8BJU1F^%ky0gZ zi5aFbfn`OiEel}dlsa~?2?`66YQf@KQ7;ztR05$tibuo}g18Ta9wb#T4AX!n!*qsa zW98?~>!f){TkEohbwd^J$7`$R=X-B|W$O9k>u9E9f)$VeZ`Jxn}d3_G87P#q0XpF^H7+lD7MfdLw76 zWyj|B<|0mvrkh}R7mtUKhZ)p1X*55E+y_%!>TeA=C?nV~uC?!!@bP`pKlncoPl3`_ z!uW`_Sht+k=aPOEy)2+@L1OUSq}GTkf%EaQQZ>-X)^k{dj!@&}(e;-y7E?qo*v_Ky zK)dX$BfGhyjHA`H%v6Yr3H7~Lxc|JSr}zimAFlz=8Y?gzw$*BSAV za#SKi;~DZo5&IgN*{Z~#hdsh+pV3yfqG|cm#|evh?}3UkM3ALeRZA@SgFY+c{35oHAtK-N$?cC_{Pb$}3M zYXH#tf@4GEf@e|lf(Zr*Hq~~oG|1Pu?D0KG^>rUf&gJn7h95Ae#Z%Ky6I;ZnKx&A8 zGZibhR|5R&w^ww+QFC?;{Vh>b5xtb>Y)%mCPRJ zR%+do%uJiEVILjm_NIh}tB#ieEWi6wSIE>K#qAqfx#>c_{mrH4Dl=nu$3@CiNxU@7 zl2f88l&%D}W}*-RW4{V$=Rny zlzzo)P8U$HR8NTB+m577{Ndt6!0)|I!=K7rBF3a6@;3sIXKa-E2Ro)Xi%;FRP}>&} z4plVlDS|6iIt}#8O67`K6N)&|$Br|TG_^jX3d`Xgre;GCXdJmu+Mj7#MwQRZq4A211Q06}kT8imt$ zZA9FRz-6(-`U>M$G{f~yFm@m6SuVw{;#nxwR`Y14=%YL5x?9STS6WJOA4nLQSb~id zuHg0O${1oXhPJTaztDlHy)^VhQu6 zlg4t?=`Isj6LFqno^z-CnP_x#E0|A!+VpAl50)7ZpT4-4qPZ-e`ih}E#Imy`a`ql; zM1qL=it)%dRkVP}J~(fel{*DxJff0|3MF z$0j`BZrDG2w{>x!w>vLHTBD;Q+~N{Z5N>I} z*ZA``Q_wzxO40SlF#+zVDDsS*i#PbP;paQ@lr3ZcNDP0>b`JXuc9&y4Jk`q0=Bqo_ z363E*?@ctATe2-lxBZyG@VzWHr&iZ@He@hEE4FJMNjKk(DJ@qV)h{~N?&PA*G80-F zkwrVb#`h%*_2V;Ef*8q6yKM%5dJq`oLXyRE_J^NgU9YqV zsMF7}`3nqR!LK$K92zVNu*-CONLfV-s~f$vS1{lvw&hQpD~zRCd*=?J8JsOv&Our( zALE(D%y7U)@)TGOJ_!9epFNk~7a#(#=(cri6OeuxsIXuasULPbWLZp+W6%`@B8FFx z(EgS3u^Iylv2$^_34U)B@r56p2-jBA{gZvX^teV5TVtP-S3FYCtaIns%A6S>h6Iqa7*oaEL?D+{pM zGP76jevLd{ld9g59GRoVQ}L&U1qjpb`{JR0UmMMwkD=t&>AbM~W4{&)FO1Yt`9ur` zsXQFn#>K(&PN`UvT6)UOxcHx7Y1f*Sit<+yPIX4K3na7^+$-@4b6E+i@=0Z^agnGG zo*avD6F2LH(it%VJhT-;42J75B$8P8i>*}dk-pus1QZgr@xE#-rkX5$!t?b5nZ*sI ztt5-A+>4y#lxOgG1}ppCgx)z3Q&{dRsfrwzUBGm_ zQOtHYV+Kxq;_gG;S~Ll_vl(c~U$L1-*=@o_(6{hW)6yO1a| z-R@iD(UJb18*hd{1b9@4-)jU~=Ns}~A?7!tpilyRh(DE`3+gSC$}7E}Hr4DlmT<19 zj4$3Nk1;z}S2B7x0w-m0Q^$5?nw@yFJ^=b&8u0(AMza5>8p*`=UkBs;Zp;)n{_l;M z!KPVbyX1C@wy&94o<_ZF;#jJXFStQN^g{plJ9oX|h%?Ne!Vb=@H9fEiw7*#wFMr9| zT48K$>D;;he$~(XgU=IFz>uN^Dre89fZ+RZO6oz$WvG^s*9%}`wdq$9e@4ys#LzjdiOZPJ)W~tK#Gdcm7K&j4Ql6<3O0?x;iwDMqa>eNIy4r`I|}Np zfQ#|a*uA^1A0{5zKTxERb$5-~ET2hOB-^i4F9i6rX=->UqC$K|k)?(#>hU0;Y|aOJ zCjs8$(xpPFrMmqP^WkigH4zT<9W*AoK~1{JL##XwBs>jLWWz;RoEdt%JjTSomb>qhTMoC@EF9lVVUJcg2w8XBrdm zA_iZpJr~@8?B)>9KYRqSg)&Rx}k}apGH6~%k{V)1Lz`AyS(*&v8UK{#Q1h`vby#iiL+w@ zGL*2};q9tNdd+x4lLy!`SfNVXdDWM5$N3HP_4xs@ORVKpoOUAzhj=hDDR-8P^+8)1 zV5C}eEhdQ>v~E3M;$o{l5pBh?(}gcmufgA^PW8Y+ci`_NnFvQY;}|h?;eWzf;v2VO zidn0i`ph{QNA;{#4U207Pu5V|SQympo8l@8Rj-mC$ z$nPQy&y9evz0&;NlH(OP%pMF4Antcu%gzH4u>qm_a?)XBs#Z+a{I0TEyIOha`devJ zXT&aef=X_+L1)OKMK&#HBZ@!7cmM`1D68^Sd505xeV9fL` zdNPE=AJDiw{;Gl>Ne`H>T*#?IvCiIQAshuH=31H&v9XV5@5-II#QM$BmNl=%bh)}F z(8->G4b7J5d-R<#DZp~F{DO7SKe~mwXyWWzgq|)FFS&o{ zu+K-B5HJ3W3|uh3GQ~7lSDu)42eN%ks-v$8(@3clqq^P*5}U)8JAX94R`8O&e#-*} zOv!@SE^|`s?yytXih^8$0IM+pz20`r5JnWbEj6a%g1P;aCrV{ThOB$o%?lYTHoARxqRlVo9Lv2zpSR?mmU3FexW-w z+d?0Exy5e>Fa$Vjumqt9wwY`LY0MTsGQ1$KIB*+o9M zD>u^^W{`pi@kD@w%YcM_;)5fH_)NG7C6H`MHGxNVJ@F2^j7^;nZ}m1#7^fV!VXzEh zH~aqO^SR#(0FplIaes#Aez??2DJpLW892Kf4Srb~=~{byeI2lK0~c-K*n-e(Qj3!(*pjmgl033FrUyt2P;cZ6bhZ;4}*AAiWfz3eAf}<>8iks61*2~ zJnL#br+h|xY6Ok`56Zws|DP6LZ2$e@>*#;Qo)}RfQ;zFc1PJyvZL|f%fz`k7H(lQsKue6xpAvWk7gy zZphOZZimfDHHEh3op#LH)pXvGWkvip&y>s{*<$u5w-=hBmHXUf55K%fLE`1A5BoH<^mmpXVjEHIJM;4~}2sIm2X#-cPoP|{PB3#y= zX*r>PjEd6nisN6jPh)oPa!}H$1pzhD6oPVM8geY}g)-#Na6H$#=n#Rzvwg8J)=vNh zj&9;^(E5Ox_jn@m$QWiFg;LGYY&Yh^^v^Z(pNa!WP*k&Xc$=hu!8B)qI2jeE7u?FW zAS_s|f=maif}*Vne1TEh9bIO13rN%hAI&fefkN?x9+BNVdY2jeI4FwSz-UGf1LU5U zVEh&aW{<`Q+p>84HfV1i(u*O7Z2ssUIFl+120f=0Nvn3rP@!19Xz7naZ=`BqZ0M(X z4$R4oD6Qas}ffnOEDi3y3F!SubvB}b^G-~aNii&b9ASPnoU zoX+>*zWuAUsCl}s5Cm3!E^4kXC{-0PRC%I*9;L1c#VQhPP84q8`qu3?Wu& z$c+cDuMXeh&9+|w5{pmG;G_paG91p5%a67==$2J|Ev4pIoAhjDG_1muMbG~Qr_4A$ z94D-zqyP#zr6&@vr5yAH$O#0PM){VE&p1rpze~m_AUA1s+My+xkyDubyihJKGRa8U zi|3`R`+@%yJ5k3lsvLQSxy8*a1Q;3G5WI zJU_GrqicNMo28^oBISb!OD;f^jKqrlk6j#?Uwc_7*q=c$Y=P}qJ&rH= z=QJioCrbcNHl~&~=GIzZ%mGGHM^l71`&%$S;7Y4YswB8*EZzcy5F}JJxVoW>=}fmB zZD>Dmr3?KW>fchoJ{BaSjF#LLp)K`Gx=tP9v4{`XmR=^=uw@}D`o2)U2nW`l!3*Fd z5;(X$82Br3u)$h}U-Vg6a->l0Xt-(;vOu@1T3ZrA@$&feR)HULOlDZ+J{n6rAXggF z&y83ULSw9-kj49bT~b#SbsUo6Uww`2cydU4=FO0e)7Vkm+zq(`4pxVU%9#eYLOCU; zT#KzyK8O(b=_g^N!;ihe)-)!mm_eqnQQTG~rtkt~s#^R;u+=9{uX9CgR$sFsoaVjs ze2OT%L|>eR!s=YxWhy}-YN$emX(v%ee)7Gev>FNv@Q^=h7|*LTcMC7vn3AHgdTp{E z8yxKaQ*)gT+kNZH;|p!0w}#=|ynv&uYqU;!eNa_iER)He-w4>j{souJ0{i(w_?&my zFwx`Cdy^u1J#PFx8uiaaauX;RPv9d(_vG18P*GNqf~kV1+ghF-^XuAaBB8p62ASW> zl{wmMU^^IT>ZRt-+=|t==?{sR!;8L@-(!SXwv6B zr@irMxv`c0E;`Te>!zsWwy3I!K}~>irQ&m}cT%axD~kUlzyFC?PtV5s-}C1%tQ;~} zUORk1aqVbTh>84GOPV&?C(cxp9Z>`~L)hx0?NYWs4%B)17J5UrExs@I#!r z`LI4&bDe*2d30xTd-b)UC9uH=*t9(X5sUR2&?1J1rg}_7y{!AN!xh$4G*yqgcS8^y z@owBaP)Yx;&o75#+;QZ7wle$rIyW!It$#d6S>7kBYyJm5w}B=CB=Y)sb)T{(JF&LI z2=*u!<0cPK3L0j5Sk$q0(XzPF`%Q~O%%!rO#oqKFRJxnyvC^<(ym%)735-exDG*&E zc&vQ8XZTewD&n0gks)`{s&XD{$(Z#6-HqXnoGT*ro?Pe+e);&SN(SHcg7^ZgMBN`AQ`x&3|& zQsN#iYk>e66@GqQRt|cnsZdt8egxQAK+8Lg_~WYxeQr z;79$OIQ1OBLmf40ZtTNYh_&R)!=H>~Bg0jErtNWu)wC>rUnWWy^CkR3qY=#0!+$c1 zJJMDJ1;R`0L;eCcj|(O=v9jyM(8g*;OEW3NSm0bCu6uH=5i}|rK=4_Y3gkeD4)7Qe zsVFfBY+S|}*mnCOsBqCI3&n<0o`r;|)1~mws-NyaqG_1MDka)ly9AX1?mJ&(Ft!iy zIv*K7x*IfVTxv(GQ{k>@1n{E&05P+GS5zWPm7L9`anVaswbNYV9_;gYl^4k~{o(-n zjaWQtT@j1zqW|%BbFNGyJ2Hl5%!s27W$O0^l=wK&L{Viy2IhP9UF$HGQzFHpjq(lV<9&K)aWXcK zbs3e0jEE%hJZLlB!72zXr?N$^g~$O8#(*n=A`|_8>GQ!%JL>0i20YcTpKaSr%~Jr( zqw=ceus+&FqFVncorrr?Tr@;mi0Gfqo3x2W$8(9I*`2gF0D>I3g+X-*@+rz?Xo!x# z3?wELMmaktAZPf6Q)C@>5Rw{p?`D3SZ2V4z=sU*M%aW&?&%0zASQDYU*s%adCmNIf z!Kpy+$z4npf>NE-QCsUrhg|jp1qH?BYpHkZ-gSLE>b1~3ta~xd^zM*~s`^?L*nL{! zW_@2$qN4f~tl&z><%zo)^E#+$k!Ikh3R*=iD70P_bi;)-z#EuBl%>~$0}H4{3EPqK z1U;9^uiwP6A-9Hqe&w-e2aj-w&q05i3xfj0(vL)QG$8~%TftdZ)Z5O&#FQ_QdN$mH zIw0`x>X>v;fv*7(nEc**{^6G^Z4U%;&M*mbHe?xFui^lD5nuOi8V7Mq>Cw@Y3Nz$u zY{+A>lh@r!H;FqAk-i{Rqp$twCJ@m!d~!{90LDaE3Od!Ns6bp!!Z$&J2MJSFb(StV zg1;AeB!}Sl(B&2fx`Gn0kRgP?6DeP$XU_Hy4K?hGgE(n8-H`sB?kn08d0jNx3dPBv zJ!Dn%Nu6CfT=d86kp^fCN?vHMn zUsW3oHKzblHiB--oJ026VhAvA8SPe_*gLgpYUxZBJ^uX5($OxMq9#2YA|utTjgj!e zH-xz&!%DY{IGo9$q0vr1zfc`~J~={0y>uLaoxl`=*rdCqoAiEVs@FpY7OC%xv9dMs z>uEemM53*(JiNVjFJCtdPuI65%1~83NjdG{&Fo1JXyEBcMV1jOJh$Z7P!9|naxMhu zL|X{0BLVdK6VPppS5crEqr{QM>Rsbh1G1)~9&;Y64S%^r?K*qMYuea~mv{R5qhv=- z*uOs=e{J0a&8@~bond7SLJO&$t*dhpbzmVfRSAS8@Bl8o>pI(q;>yIdSim3hI+!~U zNeiYf@-L5I)*Q1viaWXZa%o4}7Lr z$A^&w>(K5<>@DS3YVTksO=SaH*oEUomx(02V&pGtT}?J?SjbdHrcOJdj3nG&K}hj` z$lh=0=6$^<2d?NRKLch;z51b<=NnAtJ82?Li_LatiMluelJ^LGw7p0rv8@Awah_Oi z+~=c|u8DDIKfEH^R!Hpt)>8Z-GxCWx6+8>}x~zUh=-C@M;fwA--9<tDvN=bN>}xmpnc)v_peskJ@;=F$jQ z|4FEs{^JDoclY$)dk$9z+t2jLRp(x2wC zo8Dr@L8+#oQHo2+mJOKY-nL#jWB4`eF(Ua;{*ucpM0NK#cFOyuax_cAI2gXt)GJz* zjQQY+L)~P+ zKs3->nwYupId38Swsc8+Q5$-7Kcyh6hs?Txvv#LNbEDs9-S2R1jA;k=2QDA8z&`IE z1JLwdUa$Ha8ye2`vs6YthAiDbpKG)G;MM|l*O9B0HEOYiC?q=`AeF;QzK%On%?-tH1Is8B9Z~b@ucW`Nv zAP&H2JrFw=TprF~P&1`HbW?nr>sx;v4VsibX*SJn%RqrLe+hwX1%X2+RN#y=sTZs| zzi9*rFBSJWx#^?1%;z5&CZL^kw;i2)0t5;Z^7z3KKO)76%w|X2+Uq~UrWH=(mU*97 z0epv1)h+d~@&Vc*=LQ_a(ee7zx9;^1xdh{f=np99kqS6a5b2jCKqrJf)uJ;&&(I#0ksQN|H>;`}*~J&rkz~eHi<^9) zx1`))Iyf28T`jm>^-a*Z&>%EOhRZc4U z+hq#^p@%KLO<|+4DvkQ~l===5C_BtFOu6F{a0Ky5jR!H9k+5{6<;{;YQ5?7g7(Esq$0%bAIo@A-HWaboP6Hc;>+S&OUTdBtK;44b zFgf(#=fl=e)~>5e2OZtZ?2 z@2Um`d@G95Sy?Yoq2TwS$e{rwH?oA#VhihvXvU`D2|0wQjMbE8t)!`Qx+}-G@6WeN zQbf2pVSJLgd6***r2N(h_-@CACNl5%GWtReaj#D7;@{Y$aiRxA^RgQ+M@07;c8DL; zY-Y05T6r_`((Ta^-(8c%v(*sNI94?FqR-~;R$usI;4h=cV6$kg4-5<4{A!MGe>q%t zLI3sr42c+uELEVX;Johg#0>?*}bWz9^!SYSH~{Nn(HspxCP5OVdXg-1LMCw&=S62x*>Jx-n`oipJG=H-F^F4C@7Y+x zkH2$x&E#x~_|P9BBj`uKj*9URXNtcZDR(|K4qqMM8tR8}>D-r2U0WHBT*OWUS-X*r}BGw+gj~BQs_dQJ7)MH0cJBShKT3{Z?md@xFvNDq_gMhW&PyN zwg%j4MDqWf?xu?)z`cCroW5>!T&$S8IeB@91wS5tLiJ^8QtjmGZ~utYtdvYVw4|6? z-{iS@x!d1i^<{9P-h|f^7c-n0OHMhpZ6yVfrrtg_!p7+lk_@VNCYJ;JwA1&u z`-fXA2mKh7?tvobFzfc^d^x+v)u)F2Cz^6khRlam(VJ0lrh7BV={t(+ArnV6K)l&P zr^WgUwT*gff~M-i<9u|ra0MigKN5lv^2ewW^0RfpU-b^2E0(J9Jdag5NJLeoSCNH< zn%bj+aFuJeD$6ndCS68X!F)014c&iuIa;O$*ySVbcl-wwlV4Ee83 z-eFoTKU3tspPJ@bL)6;q(<@TgAF@nDy#aIQ8sci9vaD3&5^OqeM%e1~ z&TB(YSW_7JO`+f|G~rER-atS`x=be2TWYvSh<7Tal9g4vB_HU8V}n|eh0u>j25PSM z^|J;vzylxn`XLAbIiJ5P$l1KH$p*_Ext4Q-jkAYI_*%D9iA$A>C}XO? zk&G)yatB~YFS4oD9YXC2(}!rU{RdpXOANKgQmp;$EH*cjan%#ZG(@Gs13A#khH^wx z=hc86JuNMEwQDNt2wb=LKyh#0g`{7z~X_d z^qx2?=2tt(nTcQOA16HZ3;?&9olBD)k9_e>p~jj#j7Ze46&gFLf~q0^6-G-`vm>Sx#Ev{?b%w*7U)eZzpwJe1pkW@!g&%3rhg0y7=usmIP8N> zY@{esJ@jZr6ccQToQr^!WK_4afCi2TbId`5fdcLOdf3a0`yrlTsNgy+goCucX-5jj z+{z*pLqZEp^w{*eCexhoT39_6)*!*E537%8Xmj9=g6kwJmOz*LFb~APxai{u- zo%T`M+k>Xo+c>)u0ORZ1PsrW9K;3UEu#>0%o(JV_7dG6th}i1r^M**xB^4v@qUeMG zav2c$3M0*0^A7rTdU2=pCCJI0p2J&u4B(3c+)9sU^}ISZvz!v#NaC(G&HarJXiYKy zF}Z^P>jUjaZ8*y2l0FBc(A1V3)&+F!5?kSbRaH1o1<5HP(hSx64J}hc4*DOOFV_E$ z%>Msb5ZLJdmj!|Ozi!T!ek}+@E&mT1JU;*TUK6+(EdxXhV4x#}D1h5?IZ7A7fFm^v zG}9+X)X8G~;YfvK$>@-dyOKh}J)i7eUb&4T2-&_0ldMCIY?L3q=Sl!JXchDiGb@@o zogx~Q-2QhZC_$qz5)=`+6(0RN@=d-3Ue!<$W@)@W3{&a4OKbuEZyI*oUYW5&83@gB=PO{B({xco%DDP7dNy22j|h`RIJsL_%|Els}JpX8Zabj30JeT@b)*p=~EED;^< zD}ozfCJ0ozlGb`UYsnNi`e&GLnxK@6VqVhFfyc)}F;T=H05ng`O3>6Dj2O@SiVmmf zMatK*b6HNQ-NXv^Gjvn%V=W1K-nR>aqM-WMa(f(!N@fq|OU56@K3-VbT~HgWwPGYx za!@-TD6@#`xYYoJNVk8hJ%xgKadMPbDi5Fn5F(vBDZVQoD{8veEqglFd^|fk{;2AG zY+bPGeOSLNSh@D}5sutn@BFOq^@aFcvTWG+S-5z8tg%|z^sIUJe02WUKiIvz)y92v z@!oj9KJI0F$^J6GJzo1{JY)QLHglPg;d)s%YHDg;POr}4+puM0G)3{@_(SAEbOlXC z^P-QFLTpb@`ncXhGp;sheR{4|eBK?uW~QDqzNX+hGNM_!cE0sKMy^^^7im5HarM$A z==-`N_INjQR`WwW+J}iy%ynL#+_9Q_c6v5Kt}bpfW=vnre7-tDwZ1f1ALIFyG>G8d z=M3PTy`|Q?F+>*Xv0;j_l^;Wa_1M#8_VKEr*9GH+?2sJs@_maM*d|eRQlxzM*zZ~y z)Iflfm{p7AsIqCJ#R8dF;G`JEP_?n701 zaCdlXLLYr$T(rrFdmA3YLGk<8m(+x-P_v*jl_!e^3mL=pOLK8v zkaG^ee*sv43IDQj8%baJKX70D{;2B)p#HM{rxiwMr|5^+88kllsDST*e@}L z$&a}LLn#s0I}eU1j`Z9;`=IJ4$p7X87}zaEqz1=$|yl+iOnKAeJ^2(+=YDNfk5Xl>9HalNxY-NwAzg zO?E1AaUhh^Qo(Vc8MlV>?#-SaW>6k>^ZV~?W_8_MW^<#0O!u>P%U?!A^0D}bk~nYC z>(vi^#(1K!;ReQ|>xmhnv*F~ILAdLA>~#LYXDxWS*Snc(~sc4Bqe1%ZOt-4lmLpjI)7*@CedInM2?qV!vbNc4whJnpcOMuU=? zA$8O@zKL@JIo@bsw06wSsaJu3K^kvUw)h7nKKuRQuestnu5W>q}~MOi@VCFr{%Wq*el$@4^w`_pr6rolD*#`2nQjXOG5B(q%gR_ z9KWk0w$r&TkEjOKgr5C_>P$%j=WkAw$(uXQ%(K z&5c`X8VL)dDBd|bc`afZtt~h4@gzJv(V1ukn^Z+2m4 zPUoU*S*)zL>Mk)}K1{IlIQ@iX&Jm@Dqpi_?Bep;fpg7nQ1f;O{qzBBjC8-iPtAfDP zeGGN|(l_r4VwS=}qDs^aOL^Xz8sF>%)6M#-u4Zv_c;Hcoz&VbC+{k#+Qb~4Oiqkbl zq&c;_5@8zZ?Oxm~R3P~C3tFj1Wt}*^V)4&z&qI^-(3#ao>GJN~dwI*|f+81YUNafw zDTkF1T4u>XQ{u2q#S@!2*CM3c^*}kR8cedps_f;BGtS-IZ=T- zzDOljceEBzzh=&SNuM&S4-4@wqed^!_)PwdVv@QCslu{&UD<7&zE#X;>=XyPz#v%) zMJa(-x-WUAS7l8n-tQf0|9U)(xx?2diNv5JR_Ju;VtkWOOfGEJD6xx-(~?Pr^wP)I zxAm~-viO(&xd86Se@n~y$Ln$xn?i5(d*gYGS>9PDDGlo&b40uqZTcMN~RMzj?GRZ&yV4!gP zku&g2f{$}~a?Gi7fu#!w` zc<_5etb<7m6H_Eo30|JyI`A?pDTK5!zn30X!i{XbBR^dOZGJ&dDWGz41A{545S(>@ zOfgJyb@X{+MOBq3h0;@yKPG?N3C-iY>U^0J-Cke2$q*;Vj(oxHJo^Y|+-V;C(BRVG z5a-ZPj?@*CMr+G=c-HyF!WK{z{LQ+o=L!r*GGKt^ji!dh19Kh$H!Fd|1caKRtbfT% zvN0r|%FJGcCzlH2cyMO*KBDF`y<>W2-BQ`zScf);7ICH~rqM4`rY_dDF?z(^$~|R< z)f9&L(fLT4c%U->rIM=t3#ooxbi`2Y)y+wnV6OqUwZud%;l%}cjUC+4uY(MxUH^hS z_YMP>**|PG`>bd=x)XW7@&5Db=KN#6rR#*eM8VKp!zR2%^GpV^DdnemjB`GGa&KK5 z45OMpGy~#Z5}fol#A)^`_gQ+bVlQ0{zxY(y2e1p#oY?@rT5*i&h53-U{oj>>!1oEp zmG4^>8{TqC;38ikIGnmyHi%IKqwri9*rsK-O5%gx#pRgbz}NuMJ&`qagqH_nV8pjr zeeMW~qhdrPx@;Y>0!JdObcir~IVv(fJ^subkip@a?1$ICh3o)k(k_Qp#%8I)caUcy z>c31(z&!YumO9wqGqWXMBBu*5b0?LkX?6E-1|mtAA>5EmB)mALi8|1jN2&qCx^ZN1 zo47+(W|y@XT<;ReB!L_6-RIp@XjQz5HW3sST8@HnLLzAYZiDdvau~%(t{y;OTw5v0 zguYm=ZDXWdEf2Jf^&;a>$-s0(Tpxr zgEM6*nVoLwXYA=9lC@sT9CbU07mRvxO^}7ULqF-=-^}i1&!Rk;(sT+oaI*A)4=wmX z!<&9Xvoy{;jHX%bu0_mS=YgD3lP#PqwE?JRGbuynrD;|8@v>$1ASCUXiQ06u;r#-s zB}$V?yHehj!CCU|hVkrW>}l91GWzOdAwqy0^ZSi5ty)Yqz57%{Zq(@4;G zlsLDiKF|RzVlQ)(8nP8*&BwIZ+rYaswFBt;9q96hP){c>=}*qK5ocv&z`Y6JxLQ`Q z>;?65qgI*=aB$M~@=WiH^o6IU%+Ff{ZDCSP&Q?jq^8?L}Ea(>;GAVA-f70?_=KB8& zGWb7Q&cyOxGgq(vNjhYR!T%2HZH34!7~qW2pOZrp#tSS(Rb;jkp(GDd!$Cmu*w%D< zxEFvC(McsP*OkhjL71d@yRYBci7`E4OmFQU9a-Ez1w!%g!}cjswLmpR10#q+38nLe zKpKo}5xOxPFw)QGm4=MD_Ud4B5|1b}3Y}CA$y}|6GlO-8VUSgY%_xw2HjO160$&sx z7|w=wfeAAa=)dVaxH+<;cw*281%Xiqu{A}BitTFu#nAA~>O$VH01^|-^+heHgU8L= zYJr{^-E;*+M7p?q7D$a_~cnBT}TpS=YaFOn}2Yq?%$fn@r-H9g}DJQZ3V;Y-X6{#MC27^khq&nFhHCXms7WFU{jiule zfVHW3q_kQh!I5MNG7ibp=|vJL=!d$svkanSx0|cr0(Yi$cP>FmY_yYpsf5Csf!?l| zffh08i3jp$uJS>vl02*clyl*S6aOif+4#p~ji&`EckF5uSSP3`pEzjyHKs(S2aiCk z3F!fb>>y(eSt4k%<{ktEk)(^6Q!dFKVlP0GQ9qheoK6UG^m*V4#A*z)ltEj)urz)c zWtyM6i`2=*8litCT>UH&dOP)4mMI%EGb1CLjVpU{vyGb*khNB^knmPU9JH49)B8(C z;2D}=Tp?}Tz{_Y~r#UYc=7OQd&NRR&jm$0Mqe83gF^L;f89l96+Nl2H7u$4mW zn_HfCFv7=hrqvfH=>90vVDwajy}y~t_35e9MBZo@_v#_h`bn3o^7zhS9%|9cg#gDC z04i*(f{|fajYnK|_ylQWYr)?TdDkysaWlRTY8o2)p8tJ8uV4g+#K?_CZSe6Slu$r~ zq%I+r7pO>9sC+D+4v}SES@Ym&7dx4+(61sapOs9;cQ(Z>2?}NEx>SIti(HRTb* z@>c1_u3#94-J5_MwR-yMX62V_u~q(7d-Y6`zOs z{IEh6<@Qqfp=$*)QOnGIQs~q%R!$UCI8QTtQIOpzCnkWti-!dy3%^F%7pUm4brIIs zw2Qb+D*3?Ls%CA2uA%qcg`$+?Gvfu%U3>qFUfVY1i8p1V$SnM5DUKZ0;;P~MS!PN^ zY_cQ%=E_jTeEp}6-!Ejp(Ic*n8i9(CF&o`)^Bf)zfD zskwqlZ+5z$66(GlfN|~#SOb`aYg`65o?Tlqfz7|H|stdC-W;uN-0Cdyt{gbygD^0YgA?R1TBFn?K5RRO*6iB zYL!lAV>K;m|y2$u=8SU)80?npWzs8a`a2}wC-7{sWc}tCH|<{yT#M% zOm%}{r3{H)IK*2N&d&{aSd8i@Yn{DGZrQKcM?riq1>xXf*vuNlXO`QiH<$~+rR`78 zbI@Z1)lkulcA0KWLcj_TB=j@WhFQ}Its}~7zgX;EHVCSHK3R=$ZnlbWzgZwZH1I2y z(D?8}EStcQQ6s4wB8@uKRCp&t*jtr3hL3I|jMyNiqVZBo3EVI@ zc=D4L3pEmz*{ksS5Ikp8PEgcVo{U^SnOyGz5o&e#wKL5e@zw_Pt+;LL*XW`ST2jKZ zi+=Rw4wSfuhfHB4Y%{LG(R!7Gn=gf$z4B_^cdy4{qS>U#12Bf`zXKz5guWxaD7fp= zyJGtmDq%GV{-hR6IC()0m?zx7&-~$Js4LGH)=^_#2GpbWoDBV|WyzzVWO5(b$z1SN zL??kGBX_!A#1jqY;I;tH!{Z?6!M{9|!e~QXDBSI6?a{H*&-44Q+oLzr`@MrVlu-ue;b`0}t<@8dkXhafpeku)YZGPG_fJRS3Ok7_c7YV)V`IN3X6{NQ>Psko zHf7P;is#&Iw`!y=0{&9Om}mI9V@Y1ZWFBp{eu^@+lVEE4Z6?K`&FCe94YuTARbx2ODs#0lCJo~y7g1`exmp_v3@d)jO17e#ZrvBGfnLj1A!iOj=Wr=}+Q zdK*R2-fj`p=%l0IS9);?~LnKt=r05g%6F7xP|o5a*|He{EHbBZ>Hd zOHyeZ!0OHTdLNNWw91A~N>eJ5JHpJ*Jn_(@n}naa?lYC0<-wW)lYOBpScVYMALBgG zEbrZLn9j=IZe20F|2YHDrVi$+PGl3|1&=CeiTEZt06?PSHO;oqiISzE3*MNXsEX9JA}Jf1^-Dp82-~VkcIib?jV-b)ND4`;D3)m z;cIDC;2R2s6c)RmL^5)(hRL7tsbPi`)br{OCG6+FKmOvx3#-dywXa?gggT{;u&%H& zGClLSt$MJ#*|WPn62Nq!4{_~oA4Q=-g!|Jy6HvfM3EnU~RTrCh_ZF*pWi2Tm%=n8* z;r^O>x~0}TDV`!s(r|ars$_L_<*ORhd%WAm7A}=`bPR=)nbN%R$neM>d9}NA|M(1Yr3uNO;`MB98V_NGXEq-*0q34sW7k#FUq zj|VIEBC=A@3=}4`AVt_B8+&!mEt&xk_)?9vlFU?Smv!zLY|tiV#N`c-NPR?ZnKU*} z`4z|zX3wOw)_#2$sb9(;Z5@gd65-M>l_PJK>(=KCl2eE)3OPGP{(S8i_+-YHqPs8@ zZHd5-z{cp`kP4VL%Er~Xf4FABF45%VlGkpQ;no_*71^KWpk+d~fjA0aNML-g7E+Z^ zO$Dj@^ZN*dAdr14(v*pmq7Xsx2PUZYs~Tvms& z1u;Q}6zE8sc-}a(;}Z*nIB0hNgtxhJ#;ax%A-G=B#D%jIA@B!5cb%*Y2H?aRPstLL zKdXAlCB_$JLj1d#P?UJG!4f+TW2NgkO?EfogtMbAudn)L>~xtK#N-TvBSBpnJ7Izj7zWZ=TZ~J@d!^}CsGJKghv{3ELlWQTR zg;QvSrO@b8^n|390r@F_=|hyVu{;ZNic{kl&sJP{-XA@Dx=@fns=Mi+?YM+vVoXxf z7(uvQk0g!RNn&hV36VP5iqg8?uQ{=j2u1`y&9d!s<*+zMM%oJs1MJ&O79vWsxCvy* zc1WU5l^2^J*asLKB6a}u&K63=pWFo#Ql(TREO$hKAw+y{j+c_!{A@$xNezhHR4g)~ zE*jRAIw2{q?{`i*d0ghI9cgQ7rmp^+&G`A`l zDLF7*xS67v*o0JISpKC1O8#@!xawrm4kc!MO$wu$UNtw!UTZiOB$3uiSt%2qu+inX zY|^wH33tNz53=b=R@o?1-vkNdIO1Z@)%r;Ei}1PO%v@8eWVFKS-^eMWto7fJ`rLv>*UYdkAw`4e!r zZtJKSqMgX5=|-r8S~si72}9)j&Mz6HR`xl72B7eq`cprrF_Hb@cvc@mRt@ z!c0B@5v*PnFS5%jwi;0#nU}YRpq;RnkR#OB)`updy;eKW|4B%tLI#S>|;keZhsyS zJj1?dW8i0FqscV7mlbKP1Dz^t^w@i&Ck*3;f~y)20=o3(YoU#0&SVp6xcfHdZC^y@ z+Zy{RX=|vX%7d+Dtg=h6koqPvG6!s9s@XaLm>}y(__{uAbwXXMOU_xQv9RLz0DJYZ zLikXcq!({xlZtYdmnj#DisO+>y{%t;V5jQ;Qm%qm7pzM|3Z=N*TAb$~o6e{VKXlJy z8Y0Ln?VhJ&?jG+n-$r+4&>mi7b9i%R=3+WhPy4hcrzsGXiM@7hunNR@d$S9r39GkGH6n2IYqHwl9U!8KCijJ|H?t1quF>h%x=ABm)Qie+?x3nScH_xpwA< zTW(!(wn7mQRAFC0mFe9uf&Pv%V&Y!3P&JG$Dk%E;_%PIwphGLuok@=n z^b1BE8flJvbeSwA$E?=(%>|f*J1k(sc!?8%GWdj&o$u{4@GnbgMYK{hCv~I*QU$(# zq8x6XOpc)F@8>JtT3{zuzjsPM_$uI110XZ)Ne6`_)NYd_L7OlFjLAe|!ExPT!uVSR z3eC+!;}V60qw3MhtzD~@CFkz$IrdS?u33?+l8UN4i1EQ{MomPL1C{#9bo*Fiy%cxK zKdkrmk4D0!;XXo*w!b&tE?1I$6IMXqdcV`E#{zyf_RC86D5`P)24cEv? zu&hIoWSjXV09BDVAyy%Q8pv@f!=iXZ4n%=Yf}DqzZ9b;4c1nvJ z&u0J$;IBzIgv@|dTWwTvZb2>uV&g0!4CN89Uwkp5qj*Ks9C-v6TCj@YZxz*`*qL2x z6LwJcnSq&Hqjvk**dcAw?`41QVsGgMfO*pgsDArB$sXvH=U>Zh(~4cj@|PRUAO%$N zO_P3z%pD%!-R!Wv2xOq?(lRl!aZj=Y;BEZ4=dE!<1ia|4h;(=<^V98Y!l2&wig1P? zeXp(SyQ9R%cMGU&W5IH*HuPoUBR~jLBI=XjTjoxj;`AP(^maxs*sT6zY(u{D_!ERH zj#VH3oS3Z#0Gf(CTQCeTm_ClWwFs8OxW6%WEqasUp!9?z$fe%t?xI_Qk(3q!JqyubwhCv3#m=sT4Phi;~%3e@diD z`<%`&;6oRtH7d_4x1KG7r_tItRQo?C+ASZ#BsCI06|IONIUWYbBuBxEsXtZlDqaeG zf9F@&Pm)^EuG>7FEr9LI1yWr90b4fhm&8K_(4vvSXYh~;oi04@)86Jk&x-{a!6HWv zB9LnTde55;uAtaS%;Z+C3Kh1yEL-AwK&(;{FLbmbXJ zl&d+9@FSxnBMC#6Z4vofGO~z-E$;LbL^bXyC&MG(n2J1Y@;LOLNGo)-Peae)606BLMmlhD zodERj%d}!zyXEL8Q zG#y_3g@CJ{gFq5S+2)*YlX<=-vQCT=;*|?n@)L*!FIww+l08FLXaa^Zv)gpdqM}o~ ztozJ7uMT&9q4emoLh0JPLeYqJzaR^s#4i=>kqlnvVxbX!wC44>SWmfPbrb5*jrHls zLfUY2%C##Hcd{Y01t{>Bay@@aEC&RrGtJA4p6a7J{N={nzJ zQfUsyeK_4;edF!8S3U8u&Djr6lNpu*gADWRYcD?XU2?f*F1YuvAO^ga?i7MGKA~9h ztG2H6zOoOt8mMvoOo5ilBjy%#r9jZk+snC?w8oSW*sA_EsDg&47%|MRUyuWc{buwS zhhC|6d(5sZG=2ezRm?IPsW75=({~)vF>U+!yvr!`w*rn=XqA1Qz@WA%>JYgcl+imU zyvxJiBkNxgY8n{nNMxR9l{A3?Xx!fT%cP;_R_sum4DV99zkmB%afj27Pxcm)Zx`51 zCEh9U`gfXF zOeiNFFFUX2LvyAP^ArW;joK3m$8pzZHhz0=6P2;p?^A;|1^}Un#CdMKum-!I;6823 zYUfC4cO&;hOPo6FaH+d-#|B2sE->OVqHK@Nb7gs_+p$QGHxyE{HgK%;JubOt71=2j ziCB|;Nf~F#)R@4a84qz%Ts?kRwM)TWzLJl{n;#o`M zMoB~|VUj4BQr#N46{Gc*r>jIbr5)R~N7sXog3XJpC86qB3;kYv+5=JX)>@h$XtMmN~^&{;= z2sbpY`uav3zcL?aXV$eNT- z;ZB)-$ESuAO&dCGtA|z^4HZCdKPnY0?8kbU>Am>_o{`BnM}vd1Gm0ZedZu3sD;ck> zy|Bg7S6eAiH=R?bSxat7TnexvB63FMH+p zqvIq$+PKfBqbC(r^?hA0ax6Y}@c`R2VJ6ngU{{kzw49UJB{@hXkFkU8sc9t~kk$CE z_Is1W3u}Uk9CMk;lvT{waC0q?{ct!(urXzEPPBH#(AZo>n!*B`4Z4opY)^C#F7Ema zg)?EIEQ9r`cuaz|jkc0=?OOFp(1hvOJk9u)OahuN;e`;un7-BW0mcIKp?mz}#OLk( zjfoQibF2kUL0TAHN?&+HY?BFdy3%-l*w&MQU>43Qn^7Hhza@)m-}S=2n+ka53IYX? zgTc6|V5%=2aM4_?WoI>1DNsH9YAt>~w24k;2L6FL;*Z~n>;2GNI(0YknrEC+F2gAxLj zLYhgF)e6oNc(Zrn?HTIQk-lFDh$X^Yc{QrTt9|zNiZnx{!)(3G^X!-NK)W~rAo)7A zUqd;g;}_g+L~q&3(>dNOUC<32V!J5I^wV7oUX)N@ z3gcSpJ4$i&LMd;b_tI87#4&IWk+LBILiO_yB~iU}JPW)UZ$bP7h|~Q7`;Pr&F@Cf0 z3t^i4RtV!fyMrWV5F;(U9P6JwC)Uh@BnanU>{WH->qsV+Blb8wa)C*RTFU+^Fj4RvB8R6R{dz#9L z!X{|sJ%%~gE#r;4I;opa(66>PBq1D;$?-C}TgpIk_uaS%LuV$d{57)GdL$uQ{4OW2jH;2Wo}0zOL05uiw)xLH$p8#6B%SlKF&l~$y!1U~{_>uS7nyHXfE zYrV6bH(!wNUl{5u4y-Dn+}|XYFf05pC!4SRiVCfoIR2_X+E>BoVTu7 zh7h}(U#3^joMY*o-!75S#>rYb1pR0D1@1nYI)t7cS#ID%dxW-%om9MT!E1k^rGAmn z`req+3N#{1u}K?*)y*AoZK(C{su-+6=1MDEvLyeN{_xYokOn?AE#vuiV#mTF`2l7S zfi~vhJ{X<83qI7$48RxvO&llF(^w8;V*MrSa|3;_C=ZMZ_^AadlK9p2P$1(sZ&iz0^#~N5i9+;` zMSq+LC{gId!5lgYggtm_7>cpa2ylg=5+yyQr!zfF0~lir3Dhv zx~IFdj~@=t5A<9gfEvM4D$mh$(W!yZvaKTF2fdg+G_E)30sguY$jiNuXvx*-0f-;V z`uVln&tl?9VGb4m#` z#6tOxa2)x^xK80c9pO1IfviJp43?TZQ~;o0w=p>Ggb6*pw_%bFmf5gE_s6%5j(B2+BmVGQ?sm zvRT1krNoeiVfWNZh6g+(K2ITaF4H|+OcJw3dBXY)W`oJ=DPn!SuV z#NbNc)F9~8_I)LtVD#yIW9Eyhy<8_HAR))hgnJ}^K_OTF#9X@F>e_x{E}vU$GXw8O z$1@wYz4!Mue5|j#Pc<1!?-sl3nmgSNNM{B$%R4sPRy#YLYmYCkFWcX&J)K^kOV2a5 zN4-p>qSjsg!ZkLxjZ6er*gc)y+xm?aI5wQw(-|H_@C7ghS5fi7a}b;m8zEX%I-TEd z%{^Z?8y7n&7d6dnJ(kv-g^%W+IZrJYH8rI@x5}M;?`?&r%o#<);R$rBSK)?J>-kAg zJ#-({oq!7;8y#y<)<>P2+ry2kr<1tbM-$u`_1xV_(ZXBca7vMq2{SoyD^YR@qBl2T zNs|-T3VE$aVZuzMGnC^{kn=PV)6#jA~~s8X1){HpZ*1Xk^BZqg;FnUi3V;w z1X>codPLybY=B4&C-yHg4OW9bS0f<#Du#ny8BqIXrYtf7MzL(-L^+aW56GuMM6yD^ zd^>wuuD{W`I}_1z>88wj!T|Y3ZaraImSjdf1{l3`YB;>OfDrIqO-kOxRIv!5Dwm%g~Y$V0R}#34C!whKYnlu7k3e)438DDB?` z_mM_>MDTzn+`Qb@Fml=wf;80vQ90+105}>#6KwSI{XhJX#wp;45!&6+%yE(9f+uX-l5G!1Y5e7#TR}^y?!4d1=79-@OYp?>!{;(kT0~Tw1sszCi z^yw5aJlzFcHvfc(+=E9|luw^qd4>;Ix826CRV3#!-3Qidr_;2?-iWv@3K*?#XLt90u$K7||%8(@MSCMfVA31KM z5>sP-ZoY4J3z|lk>rC8uWD?%A&7F+a{ZIX83crGuHx6>k1`BSXif08VytBpIL`5;CpkgDnsZbdqV3GI#IaG)d;sGraap$4V>^|&Q8M7gz9F@c`rW9x!ki1g zFE9L_ih@E|DYoYon4v&bTNeq?*5Evu(aC^j#%%h~Yx_XE7r>9=^P_sDf7?v4^utKr zU`6{`RqqxohUsboVmC{i8YEbwHj1M^4vm=;!89@@3zG}?k9S_Mv117-#)($4nm>dQ z29GxHyzt?1L2x@eUZ0=$@2eC9`jLpFZ9VXW8AJP1gTkP!Rr|IM2b9jkXwaLf%g>}l z?+(pdHVh{kr^7QjzYI#^WxJ)oVKz~?G!$MsyqfE4O1%u&SgWYJ0HolG3o|V{TAgiO zuRB3N@;||qi&znEsN{`^ju~z>fo~UJ6UwjvF*ftxfuzAFq_2*53*a|peGuk=pS+5A z6rKy~2oBxOc`K7tFpTp7^D%mLf7H}MRZ(0Qc#<9?Oh(?zLaZ#5lG1}jd%%#Y`WJsq zkL^@S5jZFdkNW30+x1!6Mp0Ec%E`l+YAXIe$+vKlSR!0VHROz4)Uww~ zYAO>Vso?}3y={0IP~K&aC^a3jvGBawmvfdI>h;UpJOn`}YAGJY*(T%Nv)Y>IK@*!; zGG6Bh*~Vk-Fl`lOhk0Qlp&sV_tL{gMg@hG>!-0WB9R)gh6p|` zs-d(B+8f$G!QWm2s&B2M^FzbgS6Sly`*RLm4xP3>%2R1*`!jcK;c5HFF|V6Z&8F2O z!$FTI)Eq0k;SKEG&X0nr{`{E|1+_4kd#oJiogDHKPDu6iXoW*HM}jj{)N~Gj_M`Oh zy-3`a1prc0`PmiXzO=#On?m}$fvWKv<3`bMcc+Tga<;)I`Mon4)Be&s_kyfLhH``; z(}>kr=K+~nYlJuMRDmNUQ5R+n6!68@&X&0&4P@uyv(TaPsT3j)xnPkj$U6UA){yr~ z4w`SVqh+b*79F%$Hw?|5CD1;Py;31G=&i{?2{fuH8@Ux7;uwWhY)PfI&Q!e4&p<;4 z?4@F!xS*P7l0H4?0$#{2W7 z{fUeQ>c?bLtRmy%!#xSkasPfk<@H1ulgvOUQ(8Z~KnbVJ(d!mrs=%|2>sh}h z&tJ6X4rbFRfK1N1a8L1Du2{UMA1@lTbi7kJ0gJ3#X4F*t2^rB7HtKuyo>Kl>vKWy~ zVc$P?3(T_!@B`$t^i;f+8qKWWP56&)ITkxcl3?lJJr_ZIOBN8&d-uE}o^{^`XxZ-h zUVDEj3h1DH@pz0zAYJ*!ztVxBJYlnEfv5XcCx>u5on{*WT`1EeT6nRB4 zw-#5o^l+f`@$?)^ex`q=>wRmcW~h%qDnAL@nJo) z$<2UbyE}2DzAwHNYtT)n%gv3VmvKHY;^8@|Yg4@?Hs|RnG(xz4I=v{U7a9tR@C@XL zV8i6U7_YP0uFvEU!}cl(n`%p8q2z85hx3?)e#eM|g8lW{U!J#39<;Ch^og)WaPDtt zn-#WP6}!J?cKnGPv66`+?-YP6bd!Nq%ZUFL-5txT<9&kOavhNaw_c-pQp)8FvC%sAgfS3OHPp1f;)Wshh`{IGu8^VODLA+XCZ14Qt ztj?Z7YY>c?`SJk}C!OQtWv;U=cQQ4$O&a@??T%;A1;qJeAZtXc$X2l91jQy$OB1Qz zi-0RpwOl{rj@`1(s#9A8RD(Z#xoVlbG|}*316}B-gizO?NSmC_S~Z01C4W;A zP1!Dvv!p1%mHbcJ$o+q_Ryi+y`N9G|~`AXb4{QYENVjWp4GCNmGP;IR3fj4yY8Su>T8I@4km zgIS%FLcAo@X0wU)Z`yHzSqo1Z1C5g1IHb#?YV_O>n z=|ObnHNI@&@k!SWec}jk$RUua;t|7BfCG_pTg?0eewZP@?++!(0;{CyyJuhi^H>6AtW?c$5q+DLB{mNChklTQUC z%*i2H+6l%%#js!3+<-tU5YymE@1HSvA(8{sF1|F@3v^7u8G@(MFha9>m@ItX|bSCM}x99Sq94kC%O$jqB>E zTsnp=%%nS3#oWFrnQ)ddd+P-<5f6Q{@kLhp0b= ze)m9KKL&@ux?*{%AB=OawZ9dKMo32W7>e8hSN7v&;K(>DNM;#oWd6Blnbum>9e0A9 z3;1mZx(a4KgF(cgtGl$5MxO7TUNf&19~ZX1_<`)N2!>IaE{GIfX ziWhl`y`8ps7smc!BDE$^zrT?D3~F8_OLr#JxrGHZ0F(nlfqyWzUMpME+HsrmVtASs zyMa(lHN{%{qDh;J4C$93#anw-+m|EEAdo$lpmYqVb}pp*&!#!k#~p zOiJ#1njlHW!2>aJW$jQwu1l|f`~y%8qFnI%HI-AQ%B?Hq$f~m$0pEQxYC&-@Gp&vx zLPZbj+^d`taAdrDN|+7>K)j%+gh&Sx5re&cv6S3EiT${Mc52vtkv26{3m&LX`qLCq z1et;5G&lkN8WA{9(sQzi`n*%;&Vu=(<&<-}yeXJz9aNxXyXlkn=E5XkdFoS22FrQU z1>O}gost-YTUY6Vao3LPpdqWH!NmlbetI%3Of^hUwy=p%u^8)KPUBgi0o>)w<>EQ2 zu=*S-U>2TCq1-{?rZo^5nPyPC?KLTd^PHkLkCGyA)I>4a$SD|rViu@z>yb!1HFD!? zIo+W9usZuJ&0*|G!FcnEuI~#w5K7qK>8t7hi0dx*CJT49skzJcHhe&VFQ|weGv|c! zY&*{_2-zQTw~T8Vl5;yhp`|vS+wJbaz$pAnh+m1M>`hU#vZOa+du~D{D4Db5U*R$m zIB>9!gXLIkNAh4un8Ix4TZwNv%W9r}!z05+9$%DY7LwlTiB^r(PC-0uiNvu)g(p@c z5M*rXTWvTS-#q$xWsXjkrn6wh*5Ay6=N=oq7_i!mjg@!BH*MdGHY?>Q$yy+Z)fYg-lti@Sj}3l z)uDWvxEBLV9e%p^P7qK~T*fS&#S92ShAK|vRq+?_*=plaepzCiiWZ-fH&e!=1V z(A(ZFd5#%Yw z$*PcCoJIJ4Sim#=tRo(i&^!t*ARMZRT*F>8U|e0X4; z)wmTHtSh9Fs6bkerMYHiV~dTbiwjzP?J5#eW}TgxO2n?@-Qm5J#lwU9qhR8P+*08PNx);BJKd7##N75zEM(6 z{?)wB4>1##a&>H0cE*lzr5MW5iafEq3&aG!d3zTLtiPJ2SbHCRu>S{H5?;@P0XmW{&!5!?ym`)j;m}67PlTfy-*H1UiAUh5*D7F|hY(^-|3Q0(LP- zt9}MrL-lm4bx~SGSy8F(B28;k|D3%rcWISQ29z9k*vyXiTzv)+O8CtYSgIRe>s8dr zF$_ZR5=saomm)+N?DY2LR-*@JZj^DkeCb@T3Q={PVfekjl5Cz4R;)u@!O7%wW$yaz zY2k<6%^mse4a{i?nB)2OYWspm3I(w1O=999vD={is#_ZS^msgP3!;i82;;C}NW4?4 z;{)!|Ci`C+08CRMEs}w>UYs>k)fY-{{S34rUBKi`iP8C zN#o~}hoMB66%v;2+Vth+pUTnsHqR4l%PsZQ_f-$RvnxDB^C0p^?3wgQ>YX}IG<-A# zi+DBFXR{qUD_ZL|^6{_UJJ1i^y3u*|@_9nl-*~P&ea|VpegW!ryMk6en#GVlCCfzF zccq8t@B(lGjXq3oi(KiCyf1)If0}$XrbC0B@RP2J-V!OCow4P6c z7?wKFeGGbQ0*F$~LF2SRXaJCEk6jEq{?DaK#LDVW_|%^z+c+T&{Xr4!CDymUPAIvp zZZUbjt;fZkgCC1cJt{ZaWbj4yYe}Vv&DB^kcY%h$gZR2t6x4|pXC92Dnr}4<&{tUQ zT*>Y`0T&=n7W|%g9Fe{LxwA{g+ZzeTYq}Vcu_x@X9kEl_%Wfd3Edt=eP6(GUnF!zl zxyqr!%r^23)xT(mpOw>hOvfz#3CJ2X(h|bN=?0DRYhf0*5Gw3?S|F80m7-dP9dpDY zc!ohkl}+1OK>jU0dzbX}T-WoNtDhkCK3_(2CN1DL78MGuq-{A6Wp7G7T?mgTXhWHh zY*7E*F$6l_iT93!YY^sRwAikg;ZFxf=cb)j3GXp9$-nHMJ7jAT;wQY1yc{esYP#n% z>KXS|icANqppDE9p~q*b*zOGQW?aT!R2c(UU?tNFJ`|Bao6J!6g~+Q#8#qeHybAn>C|!>Mv)%b=YayyJ=LO-qq1;YolwblVz04T(=3t36LAA6Bv1_#i_MG#i!_1Z?Q{zf6Ci7 z{v+Z?Va>jp^Sg`DkrBJuIvYAYlrr~lwV#8p^P8RcIJ(zlu9h*#6)>$ zWK0!a)AR^|^L!Xzt!7L$6tSGlt#;BcE!*Umc(*+9Nwzm(K`lZY5W46&%2cms#qdb|VTk z_J1(WB(37Nf{5X+n2>8YBfu4asiAyKE(g6L)ke(<@yND$F7BkC24gr%eGT!NM$SH^ zbv-ctHj1F*7nSB8De-4ob;1EptuS8k&}l)leMfhcyLkNsT$3J9BhGYJ8{ z-#7E^nq%hI;enmSlL3v2)?xdX4eWFfDEF;6;OpHqIq^t)B4N_MO0{s4aSXmM_^(!V z20Bq5>@zYQ{onUVkdKpgZcPR{zMj#)Fl$LCadSnI2Aq%(v8`tP9;;Dx4^s_OfBFYp z$j_`6a5I%|Yc9_YuuTf|nRL@$8^g)(!7x(SGvR~p$}rMbH{>bF%4>9qQb@)xmw)(e zcMpUP2n1NaWU&J1&(}g;=JMh9=2yHxQJmpX?$rQ1L!H-x_|=cVPufkeOkSYg52-Eb zaRCv?pCk;ji-d8A5T!~xXq}go?`#Rws(t_SJIzAR!1h0VSOzv`w*TIT{eLH+g2FI_ zOm5tb!s)|QsS9>5J4W2}K&xe>visVDuXkEF1u)?@nIz|UbYw8UEgN(XPk%dGoZa1} z%aew+2jpRYFcJdTfQAa+VQl$iFvJ){SvA{ah?9pFXv*XI?nI|0Y8B@26F#e!3&KAe z`IJ+Gf7)_gy<6~WZMCe7tcrDf>)Xs*^>N@^jjj7$NIlT*42t0dC$#@(!KRrS9MKRMV9ZDEG$>UsBXQ%3Ua zBKaVr-Mk6+<5X>H^RY8YMP=fgs{HfH>FOy{qPtJX2=G2o0u63I8^!PzRc6tnoCg^s z#TRd01HoDEziGUI<1SBU%IlZJo{FAgnYgz{}n>HU51RZ$_ay=_TdE`vDKh)ED3@Lk%5N+B$LZi59Jm#U?XhSjYFXb z$7SEQx%HLuee37vzz#wT`cR7Gjzbt>%XAx(e!*JhjIzCr>u`NaC#8uhA$P+lLwks} zS#oKE{~ld?XDRZx&ldU1l{qD{6kVW{+p`lP>-+7j6#@$epC-s8Zw=aja2T=eku+o- z)k!mkH;(&{F(7d}+C@t{+W+Yw^eAK2U7QPcojR0Gxs}Gw6tRN$Yv9AFuxImjP+SgI zR8LZ)`?maTCUsD9L7BxNFe}tD!%7Zc2PH5NZRhK6fXDl^*J)(SPP9|Ns?$hA&7nV7 z%N9>HifX)={}(e&zB5|i6!kC$(_a8TOOEMR&Q4hvjI=nkG$69x#O4O&PJl*d{cxFY znl5t;m-SlOoy?DVZP8_Y@${9&KGCCHz1{73=T0ncR(8H$gGhFf^d;7a|4*fHcls{j zpx{$QFn1P7pa(e_pHy8CFP*eEIuM;;c$3tN3XgV0xtQ_bS$^7AUKoP6sdMS=I_1Cy z3>gaa5nL-mtdoBr$U)gjI_Iju7P5Z~0ds;`)lYYSS3Dn?5#?vqZmR(rM%%3IaEmBU zJXmW}R<{UU-TEFk9Zn>C@Vdca(RSHjLTI#GqDdHSq7&H{PqFB zKw*;d5(Sm^G&Mb#Op~()$Cl%bK7hQE52U|q@;K6xm^<2XT*@21_ys9u&8cOSozlGH zR0QIwQ?hX-CyukK(y%ZurZg-10j8(?7~~qdV^Mz8Vnb3uUPCk0aBH=F#-ZHp(R}xH z(Ba}`dp)O8@PJ^2^Ow3%h7%YQieJ!k6femKo9yh&N$(=hV65P41ttuEyhW-NgGOY3 zE|u`k){*_$;ct40%YE(Q`m)s|$WfiB_ddCgyzHcSi! zV^{@G31sF~g+?@aMa`7l=49uSCQ1KB45tV$?cGEsjwDNA{*}m&1pWwA1F%lRt2zb< z1BR8{T0e9=7*DKx(-H1$ zb$p|1fs4*mf183-EKH_EON)<{ykFsB2z_A}PCY)aO|*h_x?C?@Ub`2kHFJ{E;LQ4a z^gk6?u%8Hs!tnGnC6x7Dhs;ZrYSlC!SLxYL)*Ta0aZhX}@6}VU*OXI+4v}uOJE*!A zjOGiO=Gmom-=doOQfE4=Gr?^Za#cm=$8|mx?_4b^Z6Hr!D&LK&t{y!u%QjlBCkhNX zSBkyK#C%8_Y&GVd3G36%)Ok$2W_mi>3ycYhU^tw4!285qWQECR?heEvsJB!TA8U7x z%p+uX~rW2xTQjllJYQoEl4}O z3}b(KjzJg|%204S$2=~-=DustUFCzuk-yJa-sq^|IR2bgf6%HB$U0uH|0&SXxxnfd z2}R<3<#Bv~^ZkUSX`A}~Pa?_mA1fLDd%JK-O~WDM2T%R8thCBQwjjxap6s^FAjM?M zV$NvwlHkJCPYhK5-RYb0ymNzy#M;lE@uy`0A|^6+`fXY{r+2$5q$^=AuewPYC;d0wq992UBRrVAfB){p&AZN{cR0X{$XmSPi=w;=N-Zs?i z`k5XEg!0%51-9-fYf)?$p4MA1vMU#saqDbh+i=CAT8j)w{!O*2M#(c%lq0NIgaYCn z=f%{?qWfgV!{$ZDYbMzB(t%Cpp<3oNEs8B`EBJxF8za;!dpcDYz`DYW!uX{sCfU@e z=$I`*jG{_`%Qmcve9eBZ9i7Jw846`<aHk?}wo?>({Uai!U6OS95Xn#%(Qwg+AIT zbPj6PJ0&J-H-LHVn4ZCwIrE2nu8g|6M#~1LLdl~W`;Zv17)p1C(LcwA(PcJk*@|KQ z5p!zG8I{?g97&~U*WBkBa&Ex~8q5VZT=Z9eNHvR>OaV2!E-*P3uf_5%z(kv#_5uN% zkn?SxgsLK#P~xPQ&!r_(&RX7gja>WXzORTFSuWj;Z4{TZnijIx$GK~z<$t@Rtk%00 zWe9&uE4~X$3S;{5fep=a{x+*gckcgmS5s@dqLEo7K0~uv!20D-$L5c+UBx?2z7I2u z@mJaK>d(00nfOEXFt))r(R!Z32=1X-fY5y`m zM0)Nld*KFI3*ecBrB*CF`@HyAkK5(%d8|ys2FHALxRaIBc`sa9WNf674w;3Wv(pzE z{k1BNnG9D?^UOOygL+*NI=Y0QP_*nKi$+PjJa3eKmrjWr(>x>peei=|7dFys_m5V( z$Fve$)3oV~|3lZP^cy$meF2rYVEX-P(-6iib81by$4mPkF{PB7AQU~!jUv@Okk!l7J+*0(fK?nhlq>s zAkWf(`@Kt7dk`O%$A+_zhXN+hJ^C@w;7?K?Y6yQSKO+$u(B-lCl8;x$N9L|wXDw%P z(*zx^;WkviJXkT022-tLK9YcJA7B7pH;|HK4rSB&CUE9(CzkmnTmiUs??DOTI&}yq zp8g|wv{}k5yoA2#pLh6Qh4igyaaF}vLAv~Eqre_w>32Yfv(;*?nxfq1DZGv?x%kYH zSsg>r;;x~7fdQ>JNZExHgTG2Ol!49up7&G?PCll-_IA8?50tx{If^xxdxIo((?Ye5 zoxt0f(#oT>A1W6#E(bW7hw>Y=TJN2r6Uou0%U4lavL=SXp2Q49}8spZjPGZiQ?ba_x%U| zAQMd%!i&*?PrgQo{#e>n2Dyyac{q@#l(*!rZyUydmPu?K&FzW}(&m1-$e&7b#^JuH zJKk2%YEA&^ILOIMNvKi2_O$Au93|Ic_-qRSD3Rb1Y$J%Zv>m;jY$sDc?I?V}(_0Rg zPj7>`GSc?FIm~5GUX-Zk3fl9Bs}7C{xQS{4XZgt#L%Xz1b!#4n0OKbvpM67kc(hEPH#T z?W6IdJ*WFudL6k)Ss`OOEm69yusRk+Hhy-!X?y7OzKa3nerNWP(^4dv63Jb}Q#b9w=5mNGE&D=!Au;5~9xWyEvA$M+ zb7R*3wIIRJE3WLzIZtaHMT4#dxim|UDA#sPAl*){3*E?AU(0DLNmHw&-P)Mv-JmjY zZkRq9;xOjcX?5ZvaSMp#YyQ-C-OXm;5}E|b zi`%*&zO;Q1sHyr%=t+v)6W1EPu zr+O~(mKyf@ry@aImuKFT;mYq8MPKUD&2+Lhdaw(KBy=!bW+7dD*4zweaz>t|8YljU z^&zK@O_BVX70Fujv)I3!mB|s=>kHV_nwMuDj<&>yE<3N%f_O(lXsXMNwnH9;kcl!4ka&Q3AkZY5G6k1Abm?smH z8^ii7>O;?i361FEirNg>Z2p5%{&#Rir;?S{c*Ca}(-{y<<~FzP#pgk*jF54l2vOqy zYtZc1=b4iW zJ+A-FTQSinb-(IN%5z}@Okb7l|Dx<1V{BWyZC$p#%C?PFwrzWrZQEXD+qP}nwr$H==eBML$tJ<m6Bz!_Es)`Wa(rmAy z+QdvW3Hi=3+-A>>5m`?0h-p&O{u12$d%+GHIRmE5@<0~x(N!ejXG<*@43^%5YcX+& zNqNQ-gG7kWHFsT5yB83($nUBLT+ArMypb3D#~+PF*SMY$uT4A_g6!cY9V98m@cwx# z=pyr^JsR>IA!y+WZkWR7^y6wJJ?!G{eCna8!$;KAy;Hl+-Vo*7`AFs4+!Oa=DnOfi zo@%;nJbiIPmBEqs#3q||xJ~Q8~)huH!^)U?ernJHxwSHPj4#=^J`))R!W@*krlg;+;2I%7`6XQlU*+ZuG6^3+!aA4d~yBKkL6GZ!xp7{I_$pe_)RcKxo+i9%b%)AQZqy zYk$A=jsUH_AMKqQUyXRYIPhm66S3n1HuX9WT!3^7be+g}TxxaJ^;mE*_98m3yFFr# z+?X#Ln-gj^Htw<%a(`Gy3v5!Yu!3JCS+tTkj}dt!({7YtJxa4snU)3CckJF zSCBaJu>A?J%~e&?*gJEhhs zRa3@^8P*Le#Q~OuGb6L5UflPmFvyHR)Fr`M8x2R2P+x@mH6>wMjB9hHcwmrZHXF)jWq1+*v)W^wYRJntcg%|!gEt3O`ZIV@ z^z9Ox;F0&nAfcV^7i&gJ*Eow4rkfC&l%`pcCcOCO-miI$IkY z+|NWmLDXt%f1otzP#s-kL5}-nt!b{FP@=ztz9*3DZsCf(VuS}P^THp{{H5>@dF!Sz zF5Y&59+8~GS-T;lh+?TL9Wy8=b2R^qB-;5iQRB(KrNnmc`u#PRAnQltyvPDBntNY}gMYp9}QPqKw@yz$Q z+M3%8`7~f=4Ar#1u8LIVkt0%SI8h0@qImxLB!l9vBptyNC91F>{m`d|j)SnmqTTB^ zD~%`Vs=0VbCI&<=doY=k&yuf!B2B7MFPIF2Kc9}@UhtB!WE?l1m&ukWrJ%eX--)at z(8$Bx*SSx0^JrHDfa;d`NDuu9&@QbeRd>0c3uik|!PEMk$=t06Nkm?!sk^zdb$nR0 zDwU=-|K7DyxVpq#Bm9jWCXKn1Ju~Iqep~0hR&{HTkkv$8#DiyU?sYH^E`9k>fbCS4 zt?W3ykl~D@KDMXl0+yWTmHzg*`70o=H)|z>W+99*#qc$UKKiyGQDghjvuhJItQBbO z!aA5o8c#J(R{gWNVzBs1Vs#l)U+0*sv**BNbxpe8ibi@fh5dIaA=N6IjJo2Ndr$S~ zn{J!Eb6Ld7UQF}#RyC{Y_&8ijePWt6-M4WxpsjDnh<${i78Z}IWzys zNG*@B;Y1;UIj=KQ9*oX98&QqK?AlOo58K76I znI$N?-1iI+t{8k4=zJC~Do5clwsp_YLk*oQNH?0qPv}MS<>OiRn(1qoUL@(I`QHGQ zybB-yZ!2KtVENA#%m2@A$IkR0=}>I{wG@6+W850274aXtomAb9aiZ~$C&2}?N@%E>J!0$#f za{@J41(GZw2Y5e)L^L2W7ifOP;#|Y9@F0WAu#!h)u`IEb+X;%eJpN9SI)BkUIi^9q zD1rvum>gZ>NWjK3Ktc_ypo6rM81dVXFbpO=1QV=En%V*KO%H>8OfShjjeODhfl7K( z!H^;V>e-bWEv~>RLFj!jPqDuRD8n$D@v%c(%(8^Q;uhk}IWAJ
      j?Au;ltWM(W6 zZN#Vjwm6i;xgn5{Y7D&0DKLsV=$aFp1w0}FX+3i)5U~0zRG`7P1_Zelig01oy#nz@ z10=*HHBq=Msg7KJ2cuHVS-H7yC+i7~j7NOURV>6Zjm(hZ3Wp516lgeI0HuYPwy^Um zk=QYu#MLQzMH-{|m3)k1C<5?+L@%yb!N9FC(Mjg{u>j>y3_KIZwkfgZ_Er0-WXp5( zfX@f4a(%)baDN3xu|(k=?`@UDSQ?SY0h?#}AjjGI{IQgBai4%PhMXS$E)@J&nj6ZZ z?L2-KO&SXQCcV~;ESM84B z+FCX3K4R^7-%l^(K)4bhWuV>}CFK>Gvl%4L0&ei%buxyyxI{gtlm2Dq= zIw8Y%me9#V+2^{o7LYs1tk5nt_o`7%oZk9VRs-fu5o=@GhfX5`9H zsyi+zC!Zwl;0ddZd&|ei=ops|X&XS(_|3vO6gMc2P^>|mLFee*A?}erbsqPxc&hu) zx;$Cm=SI(ygNL%F$-tU!&F}M9)9p60W*?!;uKgQ>4gJ) zBz7lOi2ME;-h(5ZKBibR=1S#*fB;*8Htf0gkXPEA)EN9aa1SW(FcAt;77GpE4rWYg zf6|{p;BXGJvZuZ`cUZ5&{-VH`exi zReOnGl|99`Ufntph-^UT@;v7^cu0gobeiGxZVtmi`LGsFx%y6oK~f=zOR`q}3LuhE zgQzx6(nx(iBgI`(N&r5rWlu?o3_4Tr>ff4EqKT!Up# zdh^N+fX$Y{3fa9$HN0E>`Mg{G>%qWiyj7i1_Nm*?C)spITB#y6Z$iV_M7ZXnX67=Q;^>d#;3?hE-Q#_kSXainAI=hH6>zRjzC!s)vqiT(1O^7 z#}_{b+sO)>KyVE=Tt!Jtc!~cN$;w$%{O8-%mh(%6Bub3hc{|G4p}1?Sk}rYb&1|pm z2czD-|K)(|&k{@BSEIj)RO}Vrp%_82gmQx731SWEf?x(O;DDR76Z_`<hn08rCs0B;D7TUxJP@HT?S} zb}p9K&;wW%mbnrFH`AW{Kn(C| zJKOf0?rt)}tv|43DvPzc3P7vRS6!SiT1X}uAU)SXb$Xi7D!bj$woN7|eJ*uvGCPBj zS}>uwy8Rj-&=WUhzrh%seYQy43cH>ftr*Rz4{tG+s-p!`u}8SBOa?CHr^Ma^->k%e zSI8rZTmGCrw>3%oDU>i3M_p-uc&OE+w*zGQN`IjA!6_uxv{9rf;}FxY{nUWbiC!a8 zr@rYpchm*A&dmZH%U?lHk|^y3Vy$b^wa~w(d=bJ=Nym(jLerik&lIz5l>C8$W@ zTQ`$2(~Es3i8rW={CWlwJ5t5FK`Pc{ z!S-D&6O~@9!3b?Z4vUTAnot&Nk_98?In>G_H)k`|06*MX`n5ahY7D`uBj2~F`nHI4 zm6a#HL0Ta%bl2|{lt*uR?yVNrepL4K7kWfA;E4#&$xZyKPh9|L;kJg`WN2_E=2+eOlC|`nvtkrPOO#^+x_diM|SCwb?|$ zG|joFvXX6hKUZkvNQh85+&;d0+8=<Muc;)g@Ys8dXPA0L)u!%NH1$|zlSBgb6d=AGN8lFc%cgIaGjf>31f z1b~2-4^@F-odjCp82n7cxjz!UOAg+Z;N*{fM zg=1{_X6*?jvAfCr)d=Z|(r<^OCH7AxOgLuR- zjIegclwS$kcfyO*99iC&GIIxEK_>%X2xi27N?}MQ5&C$3(rJj-g#3|1SuV{ceNkI0 zkLH!|u9X7*#hf%EANHM)CCATorCVz|C8`z{9SYkPt&7&_E20|`fkfFC+s)i_ZOp?# zm`7C_XNMluK1!^Z@u|-Mh@4Sj*+WFL;$dO}9Va@^9z7c;rnZE^+BIyy408{tB=d1< z#4Q4bc(zjaDG&J8x-bTfiR|qX-`CW4gRk>@2&0i`x%H~sn(i@B91)QxYb3EdYQO8D_=}}8Cq1fm(s>D-AOsP3-*?G1!T#Ak0*ns z6ZsW?V|}w1g#H;Ei2hF7@kO&MoUQ7rZN~Xtkxh5u3_7b5{FVx7u){r^V~#RR7#% z#Nt;{Hs_awDwIG`eaUqu*>~VY_y$u_OPbDyb>93EfubWD9>U;trkE$W{aKpJ&v2;i zbY0hHbtWhQ%8xx>JdQR4CiR8Ki~fj$10@)~yS$*%b%F`nR92E%#|>lBuzJ2Q6>Wb3 zES7@`dHv`;gJQ+Tbz@GPr|&HvSom!I7LDXdoog_VU$tcrz<=H0_?c^0;r3E6?QC@i za0p~)w+9Y68R9kLjX!H)?>p((N$YpjWJ(kHe6&%C?-sXgRp>mP^*s${X_ARY_EpR9 z#s*qE<4u!&^A*siK9E3)|2{l{*Uda&iM!7 z`Cs5nt^UE8eqHGj=;;#Yo4nAPy&n{bH?vx>ErWs;1m&tZ5(*`0sar4kbmxn$##0x& z@h@4Qpm)l3>^s26xQIe=CBr%Ez-7sTixx+65I~V6PC4$rEZn;Jx{hR+U1YRZb5m+5 zYn2e{dJvs~U%56)B)BP&x|v|=kjEH2*Nf&Drd2EHr|DY9t8p_;BPW*qshoiRskld8 z8C{qeQsCKOAUS#=DY+bXwbv8L0rxR0VY#1)0f^AR$3b1YB^=?^{w4I2(RbzSVVD*6(92n}z%0*>I zB@aEW^CiZU$mH~weAC;7pXR8gj~eR65rn#HF`BJXlT@=S4HfsTXl+&O!B0ra4_24k zcYJm^QI8y2Zuqe9n<6{ACrTi&NHt7(*z8EKa7ywgt<%u>gesM{(J~}93J_xqa+{Jl zyVjM5`f}X_BB6Y0!HpZ>)HS~jb5$UO)S-o00Mi)tx}&mpi?BrjcN+`P6mXI0ji+%# zLKs|)v~_;lmXx;(+npY<9l^9VJX7C4TH{AxY2jPPJB4KvhfQCrY{ z<)EM}?}&&TP`8p3;@H=`7nT+njA*R%kx~SLNQcGD2u|-?`Y`$eT-47JPs~3Qa%#K!!2Li z$<_W%(`_aQMF3I*S1`Ze+*Q9VHUir)DU!P!F_(N-A1x}sR*uL#N{Sm^gV)63l>@Tf zw1j_tnTNje6TKB6#T~k+8$mYIahVJbO%}w3|=*9-E5G6EV zm&S3v90bHq$fb7lXvh!a=t?882?vZ#+KdMrt*nVWBIW_0tyONkL#YYJph}wIjb-%0 zh^-&F5Jnu4HBZv!&l-FZ;|7#ApGwRm28$ka!lj-)?0mx|z5PhpEoBIwF~dX3tR<0goA%X8?wLOuYg}Qifup4FQ>F4_suQhRpa&dOAX3O zD(ZxZvBX9oZ4hOK9%r4^Dv?@L#oK8d8%wtuxJ-o`(Uu$8YO?7;%M0;~uIw*PuBH0- zr^$zd>eGwE(e#AT7399mtcj^D-18t7p7bc)jueamWn<*TC0woqWl!elAnPD&y$1i0 z1pMrbk1sUq5WVH8C;W|Xxc%bm=_|o@uTjfb-PDyi8u0E!b!SfN#!^$6E`xfIa^J;>hsgp4~az*R^sVN`=Wf?;+18b$$ItEHl^#()g^LiI>Pr{&3)5m z8{{v+#7_N7_i+_j4#+{Y-3Km;+d<^Smj?>T57FLpx^JqK@pJWD3zbJR)@7H=5nGGN zBZ84Y1LD^v5Ztpb=lxst{VC-3q>z4g%6#16n_e;(6<*iu-r5+?SHtw%94nD73YxUd zGb@4}?BDg01GUa5=GcSLR{7e>Nslnri`bahzYD_q<#~a6+t$PPk6eQ%1*+@ECl!nj zKcBFWpl+RW@2sA&I0ZybrCDmS&gkCEIyLd&Wr81*_Gw3JIA_neZ_<>uBMR*Hnq4Z4 zF>}<8D5I9Q#orQS)#-_;*SQ4+y?9kvF;Kknc|%yVziJQVQ7t!x*cgwMsZso%Ori z?4;lR%=o2941DXu%dio>{izEEsPq1f!Fwuk!m? z{2+=Le$y~>ET~;Vd9&A(?bS!0WG8J>x!e`w`&LsMcx78d`Ly^u%S-(d>kS@+_@(FH z`V8a0E}R(tYvAUky0+pEaMNqL`eveQMT+LZ%47Qv^k&j#T~JLuQ;(4pVNb$9ZWHj~ z_H|+*dy^qPNQ#xIYZ#7t8|SgkX_m#Wf7%Ss0a==I!?_B42Q>0Z4MGNqJvjQ})Zu41H6OOI_?pH5ATfD-5OO^slKD;&J4V-QFM4>r*w$9l4`J5yHMrBd{8nI;pkf-oNjy-> zO_kfK7e#FIc)$={T#5efO^A=?XCXDB7@TbTo2U{yRrMl6p79<)qQw*&581o6^B#6E zbQew;RF*nEl#8ANek*oFB;i2np=<-cNz3#)#2Qa=V42h3I3ak#5fJ^4e%L{QbRuW` zV}?K*pI2_a7y+6~&au%Si)}Oh0Jq`ueeHB0(_{*SNMN>ta>PR56F+xu2-86S!u#eX zT7R*c}4ueTX3aKNZ@;>c6d09ArFyI!t_lX-zpu69aAY zU%+L2;IP=hMfaP@Sl)zt>Lo0+b{8iiV`A!lFji@K^J6e_1J+Dh#03L4yhuL$p+2-o zoEUwVQ>}y`Ja9uRmfndYVOVJ@E$JBg8?guaze_-F)Q%v~Lik=7Vhd_h9gLfOvUd6P za=%X-Ae)T5vgHE=bXixI70@Y3TBdnmt0xZX)G#m2^kS5xlV;IdPsA*ZQ!Z#kZ6WF2*#dxs z=$?jv!kgbwoDlL%tuAhhnqmoKNgl#x31X4GCrpQra4Qnl{glY_V3_^OHIM`mm<;`8 zJn$rKvFws8#2$`$6W^fsK=7NV5T78o;f=boiFWDHJeER`fOHy7dF0^+2ti#Qc1y@f zP~Hlp3=l}iL14s98o>iOp>pTRGcKUmj>kK`Oh6d@CJCj>w`6WoSh+aO)m~GkV$-wu z`fhOVB5ByC1Hzv}Tx2Lvm|Jy;8y#2IT*ENkkD<@p_|OY*#wI7$7u|zfvAg*Xi`K5- z++eI0D;>S}IJNh;cCLhK4v+bC&nP+k|=-)AGau~pHbDiakxd-~Z&lY3TX*Pe`6XOvbI zK02ie3DxqYQH$EDnZX?K>>uK1%(oIwn4hWV4M&Jbfu&joH5|hhC>E9de=95PUdz;= zbj?CExGGy5Qj$TYX*bEi^pQUoAQN zJKZ3szs5Ocby$VQ3FhY5TFJ%@U|x~`1dbzz*m=DCkv0G76s$NB=^P>uzaVoUf6DdF zeRe&4sId3u095%`7|crV8*oB1IOpFgI}78#Sag`#|7(lRPi41B7en!SuI5`qFF8B) z1YRpL1zGte#(_E>&?e z;nFGfHTbsR+ZklmE$?&gUadGfYqi2FRU#>@WBU;xtJ!k8adDmP%OfXo>F6m=WPJ=B{Wk>gn_IOIrr z=*oWd!PFGebaRf(!_|l17|0jpd@qYZc5>fZvUC+>`)gdE9cqoPHSlGH7JtjAvAQ&Z zEr;_)=&Y#hs!v|6p!t;iym6#_%478_?b_|K_r%^Y>|YM!8m^wXdOy*tg%|E{JPgPD zFlX(xQG?*zbbP-Z7E`YWEk@TT{On+0;O~mcpbOpnZ|TieF#owc3_Z3?tLbr#$G8(9 z7~`M>Gfmz$mxW~SKCwp=_MOMM$3mq5BxUo$z#GmOdFcSDiH>XM1`+HPG|45r@%ADk z?Xq9>1jua$nMhFxqeMnQ^4HpyAFc-JB=|zUFAM5N%b_&qO9d}mUqh(~d6*;F5$_?; z50HlwT3BVGj2aJTxG*5dI0eWW~tkixlR@@JN%#D6cb5H|d5ST0Q%T5l9qt$Q5l0 zSOo0z)e>>%i%u^v9&+*Tboe0Vmy^Y&Horvo8!f$2^jd5s6$h90r&t{lLxkI}3dpAD zb*a=MH(Hkps3hauB|c3|U3mkptkcQyRl|qlaXd<;R&9HeKciz^ofrhUl2A^h#gH#9 z;se|?5n&PHFycpKxmIdr`9l?4tCaxHW_3pcrOjYHg~b#ozA%OrAYPmemb$8DjQ}+i zY5%QwYP<45uZ>k-D*qf1Ye~K8SFw=!K9k4^9a^zM} zgkl~Mm#(13Jsi^U@UTOzyVC@SV221r`nZ+j@r5=6i%rB6H82L-8T zps-KbgzlpEwR-q#GVpJiqG}$g7d`wO6sV2RALZ@-)OobB&$z8Dx^*uX>J|LmzGM)sig zr9M0-k7^{J^SwMm27rhV$9#He2L*M@D1QpHyVGqzyjV?9WB{zZA78h5PFopfDZNb= zwCQLLt~)>Q@+Db){#%1!`?tg#7Ix$fG&Qkw@F~dM?E^*MY{YEB=*g_ZP##KQ z{Ma9RH2FzHW3z%5k>AF%Mu?e1)k8`HMQN#JS~19Fjvp^~_NmkLoOIBR(cO`d z)LKc&MR)Ubtgn3^XVtP3b4C{XHV}CrwYS5gqIOvdf4ope_44zRoLH>LtmEY3*>catqn zxmU75;Cb9>9ml=cCCI_A!;_w+lvgV#sBCxp93QydY2DUe@v#MC!L)78pf;?u4ZAc6 za?~52kl@0Enmu^+{5p%)H3;!v#lgex>mCVPS}Z{NFQc%{`kJ|pADeZr!2-#J2C@`~ zVndFXg9=dgxHRitwE-ClO0NL?V_PZ=FzU_#VgtpFn27^(lme+aINNGcEiRntLclmW zF&x4mG0%W4_c28JWV`- zM26vQ6l332n-OP}bZkyD-ui5CBE{zrPy~nEd}LMn%!{x^T2AYO?|LBb?71Xn!a#Co zsLF<_@w>%e28qVw{BigaO+pOeH4^QlJ~<$GV>%}RjGJpAoebBk_pR#HKKCvpu3Ms? z7FTar6QH6U_N3RG#Wifsk>z!3Lx1#_RDAyO$=rIgN=-SmBmMyH6(mi1;K7Dz(p!Kj&QCTJ~FPBjuktlbP8 zf+XVf?uPrLrOZ(tnF^O`P~Oh<38$hB*4%Rk=n84rL)R0LnKoao#_cFa(6V)Sr^+tN zBjScLgwUV&uwMr<%wdjl6s4Xb{HJQUh=`ju9t33vQ|w*yKCTp+`{yU=rzfiQekkpE z!hn>zWI#%Rjs&Tyiw*aS>zTkMsx4pAe~9=t6d}Y*ijxX?Lq!A;m%d8=yOEXMPP@QC?*iz_;zXlgEj{25+1afIt{G z^H78xNR-Ek4Kg?BfFO4mF@g(i76%{Exgqde%?y@f7pXvKvzJ1%jqhg@%erlQyQf!e zf4Z>83@;#XBYiSl<~ZEv{MGoXWvRjx66A5$TTO^}({l{49Uqf~&kMVE5fDXjq+dkC zEr*C(5{ko(y4xWt>`m)jOL?9|1ilup1aJ-Rc|MEs$@Szkv=hHcHV*;UMdk?^hlJ?5 z@adv&cO*P{LZGKbxP}s(FX(rKS$Mj+?Ma^_juN^Pwe897<3`)9+p(j|G5b;VTS%cq z@Js@CF7T2PL!xKz{>F^*`)l~O=M0A~EtLrCz9hg5der(LcXL4hZlDp~=!*YN$w)WOQ>b__sPS>C# zbk#Chp{M(`1Gn#^*Ym|o6>QaH!#=V_(_2#8INe@8A8VK|4=cm_z$S#y1D1{I>!Q2b zBbLeY>&ZldOFgS18D&4`pw@Lq)}vTu0{*jm8Vd7yMQjXpV2gTI({$tJ>t|kOKTJ)J zs@F`jn{veB&{#Q&93nmhVp(k>i0#p@w|?OO=&-pX!62#ko-e>aoVwJ1=|J>s{~0{` z|C6}=2T`7ZgX6zeLvLzm$7nVqdj0U$4A*|DAwL`>24Fmf3>333;yXdJCF%r!k9Ze*B&rStt~6j343mj% z(I8WiB2kfH00gz#SxUst9R45$h6|c=gc3h1Q1L4bl0e75J8HlhENtjNDb%+L@oStL z(tl8q;v)8~rfH?#K@3>=W=v7zPLoQTNRxE3@i1tlbv{R1uqFIhPIa6^_sg)tB}0RvOyj3C30|YO0M54( z`R-T%@)Lu*aXCdWEpa{{hgL!IT#kgK=w*xq#S^189^qCHlF$^zeL)0aS||4K;Rt=p{?ayWmp2#f34-1TN*+4@1^`S}Rs^Tm$P z!l)utrxXpki(Yh+CuICOeRwRtn@=SH$v zZtJu6i!%jj?DS}?o!QXO`uf+^ZuTT#*%>el#{%UKJhcl84mOpB*?r}w)-&`j{* zeerbP-Qn5u`i(oUW>)v>vU%+XT#JfoGusw>yOnHs`s4d~b9uTn(`EN(%iH5-y3KNT zNR}ulLZw?ckB>uCac;`FNbT_sEZ9|K&#j|C4XP!C6V(DU2xgzjQ?;y;ONm~srtSs# zC%zy>UZ`%~75>C5$AoVli7=V2gOjOG=BIqI9LfWC?B5kR*OnZ@JQ_doR|)QFMRxl| z92Djoh$&X^!vdLAG(!OvTW5NW!gr|5n~X{%BJ{theu0`p-;5y#1C{Zb3--q-(#G=? zM>!~+%UESHPr=-SA@2RTa{-;ZeDdWYD5sFZO7@MA!Ya-pEV-fn3j;@K{obSBY7Q$l zM8!66e=mN32bH5_Y$2>?Ui$u9E57W6KMB^oQS2Qm9 z;a2DA< z3=z4Ic$!Y#GlYNVL<;|gJpAjHS3-n(=)*VKMO5h^Mm-McCBOnSFoN7WN5Cs66&kQz#Ep4$Ne4-Ka=Gl0Y951D4d9-Y$XuK$A2G4NQK4<c;uO{EfLH%mLqs5(WNZblt-{U{PYYU)f( zB3IIJ3DDSaNt`@pRvjGWBdV|)KErqJ?DQ7~Q!at0?NlB~-d-k?JfpA=%|JZSng~Km zA3PT}q%xO9p6{{aQ*%(>fsLdk+L$=_vV*v_QZ3mtW5Tlmk|PXEdfjsQNZa5K09Z$ zgCji-j+AH!4vw?q%Is4R-mB$y*4M9S&n6pLI+p_`_ch=6+F`!ENrBSWhYRpjf9a*o zQ^om|7VVvfQLhB)tLW_CrixtyxAVSrTs~<5cNoXAL_G1RzXWj7u#Jmjdc6S#Wg0x-Z_-qV?VLU`!exa7;_;a#Dez2`vxN}0tu<#$h5Pu-d8;vYNoweN22TT z);uR`hP}tw`zZqU{_@+6<**xP?Ec>eIczLv%avOF;e&A_-bGpWtC1M{2Rd==(3@1M z#AK^BB3=ap`K%!OISEkQBfNmC5%^s1W=_aMz3eA)QC{x_->6Ft893Fno0sk`JWc^>D;{Hi37x@Rqia&!s z7s~2!E0B$S{3pK23>lPs2c$1tLp{(;A-9D6wE7yxg#tHEo69*3fSutdXq3G^5!s&XFJfG+t%>CEg4e0t_Tr&H^59bX9ld=FTROG0 zQX*RGscQwd%w`O3K$v>%Y~iVQlVtLnpIP@(s*0wS4#sXI#P#RJ;K8Wnoqiu5>KQ$e zMtp3rj6DN~mux147LPbvV}B$NZ?C~UB8}HKnDp7_7hL9 z#NJ3GN&&+gx7M3ubJfaY@wn;f4vPG$C(q`!Gtbsdnkfse+v9o$)3ub)gs}$T;9n(6 zO@3G_OCzl1buIKX#&*IaQqat$zcb)8eabFMoI)65ro1C6#5zjhwQmH?fBY+#fcwk> zN&=AGj8HIo{W1U-yNbMLIl`F~$pA&$fRf21VB+#X29lcz&o^fH?P~o;D4vYr4O>JN zy!)j192XVFNPEF-7TfaKnBuzTVX`fH+{)&E5rutQYyxvOgW`pxSg8`u<^$R(`ULtu zfaQKev_DEKLkSW-HiS8;t?UOQtZ27;KA-&dzd(R1F=P z;8{QadQk%ltgYEMWX0_aAiLOeN!%d}Oh&+D2+JF}Xp%2%JFz;>knxh(oM-ldHytTH zk<3?`F6tq(Yk}`5O?|UyBS$6W)X3J=f~f+6_F8T+FF__|h2mDcai+GkwjwDv5~BY@ z*YCGsIDilxIaSUI{@w0audM4@TVCovn9#S zKg4ZjoW11brk|w_sJ65*{AAI&AgL*1Gr| zSusSP9hVbz`A&eOJ3;hu9W6TZLWLZ5j)K6TUkM}{;LiA91oBGS#iSXlg@CsfOcVHB zACz7nRLcyF-_-HOBQDSbu_5(tz6mV8!wVCFGwCS%LDQJT$;rX zGtjV%QPI-US&IEQ)i|DGF@j}IGvp>1Y0S|^V}(F$d5=E>)=MaeB^N)62|kc}2wh^C z?`6izgl#?~BxHcO1%@PvsJEU*=$kSG-io@M3(ns9^kaxy<(?e zz=Jnd)Mgr7sUOJJzO3%S#!KzlLws-87=Q&gWRNf^aP+3V{LPB6%dip^DE;{vb+-i2 zQI5PVN!Fb}nj++P`d9Grg|Fac-&$AemgT;bMVM))8x>-&d>LL?iy9Ler9?Jn^h$7cq+* zqNz}4(fPU#s{2cj0sO$zsfne(G7%$%WmC^_2k1nu5C<^a@EGl=)S+?YLGRPr0&CEm zUg1o-2=mN8-j_R|IZeL;gtyc4b0izj1JG%E$~!fCC(iBh{bE$N{&ipVe)WDkOV8Sa z{wQp)%A5ylWk|)R=aH*(m}Og=&({bFT} z^HXG?LXV_10#J=T*f9YwAjQ_T?WBFgO zAJqTH{(B>4ObB8Vdr2XkE;T>V5ar~+h$-Q36-6>jTFUKHn_#v!D(uUr zcY6ukj>nIgDa!25^k&TIeyb5mPEvZrnU*E|J1#JSnURrz5p~w_SLTpUWNWw;L$k0> zG}#96?Ra_lqj{Wix#u~!ccY=qzN{e_^73mU&Bsmprny=6`f$vhxjY?v;*IZPMhzjFE=eaVAblXcoo44Mb)zw}h>STwa(23_;^#u@VMTGuD0 zoY#YvP4?1}*=C=awja=gW-U9jOn3dT)IqsSoS@S~T3?%hYNxugsrICnPBu=a%>1D+ ze>&N$&hr=k$=6<^ghu%MpFWZm;l_t1VZW~_XgO~)uJ=yYO5=4){0x7$kf;#73{Ou9LNTgz( zu|mMmX$la^5x8$=b<)>%{m--&SU;D5P|qXH8kf zDE(&~>zGF#C9Ap~gPYV`&1HqFCCV`pLmkJ`5~h1+%|gd0<;L7)1#Kq-h3Qh zl1nx+G#ZM(A$MQVK0KSkVb|obaknm)|?L!~# z`i)7W&imE|>z+_1HmzNeHrR|QDkCI#J(}9pk#{tkUv@Jr^wMkJI|!8~S83uC=4Mm< zdeGz2#uclBsG?SEU@sDC^<7^u3h0RE3~A;EDLz@ciURJ$NeD~usfm2aKKv0icOMWB zs}MhK8iYuEyPBjQali2`8g!|3^@aQqqm=rSBwWeZcUT?DpR(~aAzt!vpU^sHkV5B8 z22Xr~Luq@f_zlDuN&XV4>?sj;GO&XWJtA2HBH*pFHxK4_twXkQMwI%TPrND(R-0?6Z#}G^Rg8y`+4w%TfqO0GvzG0( z*hsSe2CC_G7LVPZ3NKM^Wm{qx4=HXdMvgj+4Lw}ewL~Y#Z161KPrxoD6f8;1<)c3h zqffKzDP_ewis$U6bJ|=Rs>8MTrsIX>M~Aa>mvMr__c?M|$zA)YJ)|yx=VSFgxCH{# zt9R`!ku%$Qb@^$Ba{Q*@a+%&_pxWN~{#b#aBUcwe7ccE^zzq`TI0K>pXXD%Qt(S3Yh zIf>%4^S=AMHsiB*NZLAv?4-2Z=u-F9^Fcd0h{tAfwZFHjt5;1mXE~nmiB5P&L62CW z3LTnu4m))QS5+@tKdVy4K<-z@8U;{X;EPY=Ldg!k9l!?^fQ=bd@h5KMV9^_;g0^->mvN4g z>A=A{yf%6}_BRtm=|Fh4UOY=^qP@=sV=dTx)n?u6H#x@;7Zh9%$^RCH@hZUk;J3WF zPdW&!MYy^Fg0+FwD1uXc$$4JBp4wK}9k<(OZ~(Z#GoL+e`?m(e{BKqsW;Uk(e&?tC z50dUj6ryLMo1<9%#s}0UYnJA??znFCe;7NbC`s3DOQ&tywry3~wr$(CZC2X0D{b4A zw$-^$_c(nncK7(>CccY^tBA4I`>r+TGxx79q~~uDv?4ML?Ezb}{Cd^IF@ha3$=24K z$?01FPR}--_?@Hcolf;nmi`VKKU~B!k_#o|4`gU_0J;G2i}(&@k8N_g#PN*lXkaB_SHrg5%%9T*H1{(4uM(cyq76_m3Q{Fu6oxOk0ER5&E zJt~LsF#u-UK@}|o%25{}v%Trb%a!7TPE8*NxNJ~b1-<+ZZ+Wm(&>oME(kNzBB z;}->tu#F8W`t3Z^Np>vf$dyH+PhjTW>X0J30_?OSSajeX*rqzYM^-j^{h7*Y_Ze0> zCOe+yDhL7*02ZYDkhGUIqO)NOv{)aakpcWj?r0sfm5FMz&f~j&bTzJi6^90fItb~c zCkC9-R*SxSuCixc^u)|csC^XP-}6O)!gcQgNr8&Evr0=w2QG6&ng}|PNPC2}njD3| zS}8S-`gO1%Y$T4@1-r+Q$U|yYs;otjKAhLxz~-4eU62Clq;@s~`PveLlYx6i7D?oI z+n67Ln@HAo=Zo4eeCM6gS?JfUlT^`R3@*CRX-6+QUrsLH{xYxJzN^tOy9FQA=;v!P za6g$+`W-p)T0j2TT%RgAGYsW1q^^)qmEj2$4_c1y1k~I20atH^Q-ALAgJ%_$!7cf1 z{vdL2d_KG`CGn?s>D0TZ%+A!c$<484DFnrDOl{FKwrv~7Uf_=r!^*Ozowy1)06OkROCrOlz`&WO^_K0?RasClA6+F`kFCg9nd_$l*2sMiLt{)mVJ zKw(|iXeP`77~Du%4eu&YZ_85K&YMGo>d%(GIo?*E_Ap$8t&s`RZ`aqNg_Y_}=l}qP zif>%N_#eEL1dlfYqOecrLA()~z)RHUR+%yXZqa*GfeTpXe5SQv2_f7SKazP@4XupI z3=m>2P&A~Q*y3_)5I+k^@T#9Sl_3+gEzny`HvHV_toPP zEIU8Hxiq-=q74&B)( zhVA>eO$g~%O)-t>tu>+B_*jKUDeECs3~ITW7-Wmocbwy#JaaxerG6A%r0(H&qHZy~ z2K~Bc6�%6zaFowg3Z|>xN>2Dj%#^mLp2@Ui;^JCj=HMdEE8&Rp}TMYME}^1v7AJ zbB5U%(Neei#Mp?qPrH9h);PXbEqKBqZ!vqa#AmPDVn4O*$My8CA1j||Fh)I^ynW=0 zblZEByGpCm6`LPF&re8I1|vrYRKZaw4GO0oVuhAP>$i9@kQ6l^Z>Ri8G%8Af+NoaA$Q*LfJoMc+ zV=m$N;3B;-RIQRZErVx29l&`xCr-*}WBLmHfz4&*=5*zKI5NF55$eOki6bb;PbmZ! z5wvG#=kDnP-d_Vpr>piace`NPm+Mak9*pTBZ@vV+^FglNN63dXB?^lC=)Ujxd>OuQzD=fr6)jGh;volwfrL%m7yq$BAE;cfT@MmrD2B8{Um6bAZ&SpzERn&s zg2Mnm-b8_Lh-k9Z`$c>Q5=r4#++~w#f)~_okv|qWPV=$pYB3V8fI%sf2O^E$KA#>k z&_FMg z*L6vJr}T1R6`t4QzDm4mI^|Qy%c}<)ad>!Q?A&x!@Zz)mnDB^w&y~CYy5Qd`iB_;@=g9d1bxl0-$Gf~FE zZmUNU=}t8cZ(HW&(5%=b!4QJMfHD1$F^>m0u{fd+HbqhFm#H#wNpf0C?8J+soVGm| zGDcXLh3~SwvJb1`xqr3u;*rjvTW{Gt)04LQ)}5AaP#BRl^l^`jz-`+>SLwv6MJN)# z;wJ0{9oi;lV7i!$Cr3{+sRSnZ;wN}HD0jrHY__h|sQ zsc06%>??M#k}Zf4-zB~31`cdg&cFTy!1l$@yuKx{2pd-ZyTiJ`#(NL2@x%fPcRM=% zo$a?|;#9$I%KWKLt}9e?=kDH~EqGO4RFP4LsM^EDuEJWPEV2>Uc;v1Wl}b9W&~Yh}t4rxU6t7Sb6qxeI%<=R-#5=!|uES9%;Ip4zT%@A~BwY>RG_w-t zwbz4fXyvq4B%SsgYgs%DHQU%cMrEFipp)JO7_sp56siFvIC*;ZcQ|_PMpZvini`Tt z6tbA{ZA@sjpEB@AT1!cE=Di=9vJ2z+y0yy54wM3`}2yjebsX6Jn1jKhlck?#h7&- z!GQjD$CZ(F!CrQIV82<&OHAX}Mu6wk-VGWIA)^uA4r7u!>i+h_HgOuhXJFWBJ<>CvsV}lTo3pk$Gzqc zhnNXXgd$NHENX(FSnv<(J|Z+)<*xUet=O<~8hQs!#aec#<(p&U*gQ$i0+AbX?PK)* zX)9(x$UmEnEZ;^MwYPR`zuAmf>Py{!WO-|8!y99EQDZyEK!v;hZPlDm4j3dWN%!;| z>ir)Z0K{nJyCXFnaBa#rlYwzby=1GE0f>O7KjzPjrJqXkQOEwe#})!9mL4LzS9vEy zb70f0OD5U_k}=#=QdO)vevn;l-hw9^Bt|bAYDobd+-bZYtFWk=PU_&O5F|yd zqje`rX{>Vu=ollK%eG=!c6}9mwQt)XEE6KImq+(!2Ec(~=MQx9{XMky3dIU45h<*y||v^DG*=i{_* zA_ySagNk4<{66!|&zmy30Z@%@iyn9D%a;~u~OVcsh-9H@e z)%9t?Za28=63RFL7&i_6eN`d(;&n|GbR+G2q8qk5pIrDgh+<={!d!MH(vluF#!SCQ z<`~tIo~Aj~GoHDak`@o>U<437-O=m_+RiG9Vkmj$gW?*<@}TApdZMw`67C{^@Ni8e8)kzX;#9#zj?0 z$ee27BFGt`ETVd5xJ*_OmE`#BdC0>VJe+}ri9?8{uXg&>q1TPE%Jn0IWM1lHqKoBC z2ehy=a)|AaiBZBCA31ztPF$iGa(Ya6n|u=mNE8_n{wkGBgiZ{0WHAWA%-+{`V!t(Y zWO)J11H`Pigd-LU&C}YBF-0Ub>*|iWG+g!1SgdFJ7{L<~AaHn?0D)JX9>dgQZx_QZ zzdSC9k)N7Pwmo?#(tv8RZzs>T7iV#JoyoJ*&H55X=I@d39RMMCFaX{9K?b~~uXy(LK0L;C8iAzx6%tv6gk+(oJE`!SqBE)JI@iDXL%h^+9Pma`y=Ict`_BAqwM-_b& zHNA*z?PN1^Ai@A16-!uQ*kvQ+{9SE~G;-Jg^cZ6O%va3+LJ*W4msL4q`mv{S=$X9f zh9e1T3_n2TrhyxGS0Be-?P+zt-$>HP$)=i-y=~LW?)Y(eUAne1i`M*-UE2;T8`+0r zB56bbh^rwcX+|)Jqqs@po=ayHO+7tUhr4D!FTDFfVg|B?Zksm0+aTz=(p8I1FQ5!W zBQDqS8U2#^-O_1d&Spl)2s=h01v0gd$7U?r=()O>sIviQ=391d`&c)0hvxc5YV&Q4 z6JqnRBY=KVE#JCaS2_WGLM6NFEfQfjQ$jou`BC{^=6`QnL+GdK){RauE1K>#GTMgj z?-)x&gZHYN5Br)|0i?PYx&3b1#}B?j+EToI`;B*?28MDob)xh~5PKjaJGbf}rW^7G zF6c@^s8|wDMlRB7A<2emi^jgUQ}%LRsjsyYaGlkS{`;f5o$_XCjjCp9yzQ%g?vn~w z>>a$;O04r=S_&h_|J*J7|HO724FC5Y!1fj;0(WfW!hw zgEj$Z42Jy0tRK5vLi!}}KoVf{eml&IIVnwNu9#;0X8@r*&sX;DuI?N>B(26agdvGm zP#K+=oboEn6ykKI_7tL%zXiEN=CyuLJ^_JYSr*PZwxIJi2~o?iHre9QhD;Y#2kX*e zVV&^ovk9gdCB2Z-Apn z>6`zh1Y0F-`XfJ$tJB=gP0$;_mzbX#|6{d)N@JWpwr&bXL}i*n5J_iX5l>ZQ13O>w zn0iaT2dti2WZ0d+N&L$atdX^@xM4X3NnZ*pd@d&6uNedqiL%&S=OO_jMzUEyFqJi~ z&U`5b@eiHYDup0KO(=q@SaDzi0fON0og9XlN&}j9plb6WBhvPQxq`5aVK<>UYiWKf z2vJOJ5PSv7Ju+0YvlJ*;WuO_gGe}Xa8ib*=QWRk6TC2YLmOvkdHZdSA_?kf2?A2Y! zoK1VWilRABVG2ykaWs8^xXh?|kdpZ03koe4rasG{TOCa*R>vHGDsa7r2-vX60~nYa z?wGJ8U|%TEji(i^4*@Vz681;hboUpyW7+ z2^Iqh?V@zZIz}N8CAOSBZ5>^>9^L_t)EV?=(>WtcQ*&l!8W1Yxp zi{lY265VeO3b3Tgcfkxrr6$gEc@e6H>7TETCx7!#0mlky^3U?Hruxn&2IitJEhns2 z%@P!n3k6--`zFrT;eO15wgl)!pNVNjXK()GLStWqj*j7xdu4Y;EPTh$ z2Pp~X2+YI~t88E^Tue|=pB8%&U$IJ_VpAxBx)99>asJ)@)7TIlCy%|s8kCB4xqw%K zuj`eJBh_IRsT@;&j+stm`9A1XDo$I!+{iFoz@bD|fD=T?#|HzkHVpy@d;KI-9=3uP ziB;$^h+^5|lcHn^|Cdo_76LhJ%Upg3`H{*hLVQDlZ2u=}tKc(ys%J7+ta{`(ia^(6H^!5M7(b_UBDa_hLMX zH`X2JmP5#I(kQ>g*0yO?k$t9MICY?X&QNNPCkX9+{8S#QB`MPcZhV>Z(V$oz$R8ZK zs!oK;8>|o_pb#ES-5~aphR1GXk`=W&4Rq7((rjvxP~A~XF(~pr3Dj7I(Oj?l^g8h4mXlvIIzSDY1{xZ z>Jcnyxd0_PPDfKt=u|Ft_yQfkN%JD%fR481vPmh*h7(FGt6iF7-6BnzLx^}7Orw5< zu@&nw4J$7TP06QXSeZ{J3RO*d_y^3vT)U4{)pkc!(-lcwyRRtA8|#Vl$T2<|uU{UU zv=;+%fYbTJyg4NJ+3M+s2#!;ddxUod_vaYP7V3|J?cSBYHQk=6Kh6={G?(o&J2eq0 z+OpGTKdm^Mn?195tTTA4z}ja2lpyCg?k13l6F58g5r&(6#7NA_F-|l~YEo`G-EeUJ zbjgn1IX1#%fm1Sa*#4t2(l{ejr0{Jd6SzrbF$`jUQZKjX#m@o(sF`7JH2tPyXD0Sg z0f!7HAuy2~ryc-)uWJX9Y1tQpo7@{uJe7RkR1<|aSul^rd)*I_@6rt-?<}ySL%*C( zy#hM#Y@n>;rku|E=keGfbJPN_3|I7p<>OmlMX9s; zZ;xRPFVHgs0pB~)Qaio7Czagwd4H2QVXn-75d4tIP1DS-$$N8TuE;=c^yAzCLrOTI z>~~39lkTN1O6RO{J-skD}(LW~gB%wR4?^E~!|FJZx5pzQ2QvJI6~ zs>z0t)y#zpw!F@DuPBmyH^(Fbh>bKYqWOv}4J^krt5}R!a6rdp$jTs*kkNkn~N;iy~^Znh`(W4wKR(!D*p(ovQfz`2-z}fp} zv3KE-UTys=G5eLu`7-GvLjgw9B^ZvLi)0bOz;UI}lXt_OIL(t(0eCU6!DZPch|b^4 zu#-$lr$XCjEYIs;x51mATP(>I;azf6O_s;KI z(<8lIM?5{qwQVKm=e8{pZFS>V9^L2IQD4$gJ-YNe{sR$M1=KWI^Ucr1_x>mSDk4Z8 zr7q{sVkRH@In*@wnrC0WFq$&Us)oAOIO9DW%&9^=RsbgW)+sS=?`Hv=2K#H(ATT~6BF`A`eP?YL^C7*8 z(Yoax;J&q@K}|>lr)wO4t%{gd$tDZF2SunRY`OACJoLrR_+>IEh9mf_!Kbv~i-X<|u*E>4~-B92!~NK43mvP9)yTvnVpEz}OgJmrA6&=YM}tWQ@+v8wbq zR|TJ`EzUU`3+K@s4bUeh2Am_7i-ds4OKfXdyvqS_{r7u+^(bNZ2=`GE4Vj{a<4qm& z#W|;6a3}Elt{5B*{6f66d*Xdc|@!~=HdUi`fDXE{OpH*2th@I z2nC&0PZ9HUO6yFt#S38}WA3;n2mSR*8wLfvJ-<@3S7X^b5%QZB#-xcR=I7e|@^Epq z!8zQyUTyh2ocsUxe&}8$-#p(vxXrZR8&f-!U#1*F#=~U1Fmw8MR_H&17UX<<`T3P6rG8)=S8kv^J)jAOdN)jNVM1jBmQ!S2lt?DEJWWRKft2 zI9t-h3Wxf@MmCzTFQ+qG>c-(o{_fDcSzO{BGC=?1v(u zG`-7y^iR#-_v9kxU{OL`j#B%H09xPRw~}dS9d9z~>YUT+qKb;a9=;+6yzZMX89Qg0 z{?N{@`aG_nbCc+HijqGl>Q3-7qKvH){mB@LD`s}(fE?lLKu{P}#F?Z3{}movP)cLt zALW>UBDKJMJr{DQ!yjM|^M&I+wiu;iIu%lFpL=!@PE;IW>DDy>#Qln2*(;FzI75He z;qcMvna?@6<%1&{+{%4P#%x05t;WwIhd-jvF$*EYX~LnMl?25Y%(_MmqSY7P%&CN1 z5#Lu)CYu#W?i>)9q}sIcnBQoGATut%7(t3TGu2Q32LTt8xfI1vS(wNYMKmF)C1%2X z0U2F;8f0Y8B(pcP0bvy!7HUe=Q(t%pG2#g@x1E;1OwGhv3lVO|ErccE`RUO)2}Lsm z%2b4K%KQ1;d{)fj(0e*Q+0yNB|CYM+aYEI%8JiS@D*}U)G)Z{kR$>7}Wk9i7@~#pl zls<`z6{;&)*CuI1d4=7Uib8En)Pszs$G7LbUxS2`KfM9{g`GN@NfxTqf@=8Zs-+d5 zya7oae!4@@Tn1n;VKu2UPH6Hm+QGrMy}{P3W*1{tp&mw=66>^WCd9_b({^kZxzqvx>YuSs z=}nnA*@kwC>P>prIyTeq*>7P_f?|Qhc|zVgI{YH=?l${f1U5Ppw7k_gV95f}F=E6( zi@&uGG?-_)8~nh7h<)}fy#4m7oitj9w)Ih7crj*rL$)t;oM0kB zfMe_bE;!=c?T~TS46~@!UyH-zsgrBr(*yh+`H-$ky|e!6hZK#R{eB%Cy^lK(fAj%F zK*dc!m_XJp^QYdS}UQnM#qvg1zOy##WJxsg)}U&GE7d~T&AOd>03&6 zJuO+7bA8@-L){Z*i+l@Z9+pZppA*VPO^{N>9*Z_|KgmHRKibdPTz~71g_dF0v;f-_ z?&&*nZl9!OD|SoArEMeNOX$+jax|qLzYxbN z+#slhH@tBN5;*@Ixtk((vM!5)=MR39WN8QehoP0w#9fPl44AyCgK8g6hDQ?g-w7fM z8HZfnhTnGxdu+^?KyEwrkSa0l$&~iKf z)_MLP1f&1h{(Gse^TR;>N36D6#JfntFIwTFxzVi7{Xi^HA4bA}5)~1$mPkD|_IB+? zsTesl9?A`m4Tb`S6hU^~eX=<*VT9xy2I0x<;lSwemg$6Yz+s5k(IzVWa}teCo>d>h z(JB7x_+~qDxR}gd`p+tilK0c2Q^#!LpA=QtE+%HN(r0EUyRvlVnZ@?LG}9%+gpVFc000IL901@ra{ZC&K#ffp?ihB#JFb5oo6aF!3f zqWiHj$Xj)YQh)$`GzV_(!r#I4J(xV$!ZzKCfskr&H~2>}+B9iVU4oBh-ReMi0;wIl zC$#w)KT$BtL03J$)xHXJuD7LiwKNYOD!qDtR{VAOkHAWe#+RdsN8`Jp6>wHz8HhFk zlz@IAu{g)}2n_r_v@Y-rf=*=q@N0usi*Cn7<(E@ zJB^Sg$A~#eI?%kQfUCfZWHfQ1q{*kVY;2FJyuAvR)I%T-c%_Jqy2;+)SN##JOWuQ^ za-BA;YIa?2k;t$HJDxq#Mq=uoytC?TjG(7%JWoSLwz zJ9%EwYwJ%wyysM4H`^4^H8gWetO3BXA)t8p!cKJ)-@QvZJTh>8_is7_ZwoQZY~OuQ4BXWX@b+MnC#?zqc{H$M7Wq;6MJ%Or*KVAy8b zZ#j}&RCur;;VNkv8|mjl|I z744MNA z@Q0(ST0Bj^_Npv)zqD(l6+6tuqTz~eRiEn}#ch~qD7PjgS$X{Jc<8f=pLj}k%IHBU z5O|Y;z7u-9-JXQ#bbGYBT0!6UKJG{3suxXF%{)2l)@r7}ew#ZvTKOrp1U6iu7|F9e zuGp+z1)dSALv^c}U5|h0?e!VJDrr6zT-_~NU8_mtG@0Lbnf$H}U#xY0n!}o`XJ|_V? z_-W5Ghpe$p@=n@?Coxv)k{&K7z@jHL5* z6_Bp>8BedIz8K_D0Md)nt)R47Bc(Xt9mhaTWHIrsbE)oR3Qdt%j}-7yl=^3i6{pm; z!WHX%ri!sDsY6AE4$5liy;08Z*Rc?0rPY?FR&bqXfcw90n>GE zs^9B}EkY3ccYNVIm6j^rl`t>at|uNO#)TOXNyUR9pVb|`_;}L=76d>?oZ0JA?Z^n^ zES9%@F!2VI&msq4BK}4$bN;-MFGlUqP;EtW+*}pp7g51U@eO?RpbbPP-1X7gc<}@e zRft9;Nb9QC)w4ZM!$ZPI_O}P=UH0H=PdI$Kbh`c~RX>EjI zU~RG(6-&zwh_#**8tBA=Px#~mgDz_!iYu$Wlzsn zM9oI#kY20a{>R|?S^gs0dAPVBF{tnt*ADyd0rlSsa}l21pl72d*;7iK!NRq!ps}%I z*c9#{g3;I%vWhs`?EEAtmR0+A3$r7hfX($*wlJz^b<5e(VPyybH6#MSzwb=HB^4M! zgsK3>r95*Zj{Gkj7PkgpEZIFH#8Yas+rGd_s#6({Qe|T@3JCjw@ z;J^c*o2(bcQUP0vTKbt<4X7AtJq8w@3P#H>-+{rcV~8~?Xq$M>j3gzBqVJJqArD7l z1JV{0e6h=dAeBW}sF~=EPY?l&M!%0BvH{>bDfaRL?F)T*}PN8qzJrEc)c z&frI$9-6=H&ms=w;_zn3=Js&lQNNO{yl6lf3t6YCG|U65VY3Q_(Qjd&n@Nvy*BZ$X zyR#1R8W!=7fu$d5Bk()g+2T}J4e6K2k-`g@2)egw^Wn;kmW|rATI;5U3GSnUU1G*3 zFWe=4@X^3LcWNY%FL(@gz)g!)sV3y}@hSM+R!PnU_HqZbg~Fmav>}Op64cXUlh2$V zAKaEW)g&*$r8M>tC!B8);lX4PU$kg>rU?QVUXZ^mJ-p;~9GE+@EZNxzT&8tvJFw#Gry~pj)jsJ+|gW2@2A*SFBRBQW7d=FVFayYhFhmrG4lSU zuOkH_Zx&fpqojdcT%pn1o4Gqv96&Ft)RWD8zngP*wCu2^+;c7bY?3rh5A>W> zuS?d1y!k^QC#6#4=hv4IA8m;(+HWu298LXbi&^wn@9cLa`Zx>bOUGuF7J45+46rm- zXKEER*q;J8RA9;qgF}x}Y`r8)i!N;CHP=U$(>(n69%539!kHAZHBj@(*|GCuSp{?= zv=C*{rjC5j;FKTFMHEDL6k#m(q-9;him64Xtaa67n+?>53neqL!AeWoDeeN!qIz1G zOKt+ zVs+16xn)g_#ZPF3lwT0g4}{c_m1=irtK!ubs`g?zMeRCG`G>G~IdIS^($r=BIAirW z`02PaU?v{e*KH%1Zc`aO1?rb+_f%qe2&6%C7WPMr$<;2)mY@M}VsJnE=D9Y=QIaCK zDNi08mA@4ZN^EI$K>%_ZoShB2z-SQWT$Z>Nn<}WHxuy!lRmL135+Baq;XJcS_mYaC zxkLw)#D5nlQ(zZis-p6DTRmn7qJe%)_eYbG$tKF040ZJTp|TvI#fd_2JM72cZKE!_ z2eArFscP?~eN4~|$;efUv+E9~$L6S|$+HW2eS&2;gR&mHRp^SFUv?ZNsH^gn?-@if)U!DQijvn$ov18$ZKfLeQ1R z;Pph1UKDQ{L+KPL1TKvN0Qj#7_n0039Giw+WV1uB1fO6%mym8*6J~*KHH~qh8H9BC zaa~I%_b25tl8i5Fo?i|DI4+0`AfNEuqIJ9f*7!O8Z6e9}pDWh8HP#Xr{$ZA@y)YJV z2_+uc97lAkS7Zc~9s~YP-caq(;cy*sE#135(bZY2$8lTeTSNg>HKu*uJo@{`{(Agi zJ8JkKYIyLZ=bDrT(&Vp>H7_PL+2>G{@}%;<7kc}%!>cE0P>C&_i&AT4bM*dE(Ps}$ zLlgB`BvmTlD(1bNPbm0(^h5{@2<4aOH4g)bI{8;FG2?wSOM^If=U>;7mj>IvqXoE^aeN*xJmJ3typNbM$pIF2&F4D#Jh8t5 zS~7MC(h!jg{*DHHixQ<;q%O(urEe_(XUlD>se$_kNO@TC?@NPjYeJ-g09Fe=;Y-Fq zBHWm09xb*lgGa>(pleJ_GU1?wtM6~%yy+8NlTXl3nbeIn$fzz?e+>b{`GNLC#z=4! z*Jn7MK@y@uBdrk+-n^O*mhw3>`vUZqt3MXm)wqaaqvZIsG&z{C(^=ibj=8+)SU}iJ z_iZp`5UjFk+P&4OYShb3;DZti_lvLuyX^FFwE}2RXE0z&2O0tjqQK<)BNMn|3EVgX z7<>c#c}_b~Z(ubg={c)eu$?{tbkB}@$0!GZ4q&?Yvz@H^+@hhi;c3=NQkg1aQyru{ z2~ES2B^2L6h#cX_e0qd7i5>~Hi2fxVvUgrZlTT$4j7|Q|SN->>BqtuP<9r?N!hb!# zD}Hj;XUE*QhFb>MRTOl|uv7={f@~R&l??R)|31t^=3{PND?0fUw_aS2uSg!=doL

      -OU^?7pl?WNyB3E~i=#z?m(rn988w?pnve z-Wz0(1Kb`x3D{g-O=R_W z{yPh$h@%!&pZx(7pF~JIPIg=}ga(c%f8QTLrlChZYTq=6(ABb-TzOeD3xtL0GL!^{ z8nWcO-$F&bbGukw+nZwY?N?(ozdo69!X8$MG>UN*CpRB*0cF%F%g>}+t2vXVmbJ{< z6}%yr`-oo_B*=nn`(yYlYj`ZXyc~#X0^=LibHb@z@Et%scEc+HScnvZ9QHWZ6>CBA z7kZ~8kn#~3vt3M^#L9NsY66fGcF>_j^v3Z;2QmPHIFbtD3XznNt{moHZDnx|O110N z)dkn2FgdmaU#;If$wN9zN8jOm0x|vlWz;0&hfZG1Ff%WxU-CbF+Gj5G70ubZC1cN29PzBU( zt<|m_ysu`r6_-tL!`@-afq|+X_L_&q)7;7NEM(4aVYILkox%kfwqb{UCFE}%jLcSn z6rL0~!XvDYY(~R$Bl>7Kdf$M`k;#bQfKBL$V20N9Mlpe#_CTk$)4~9H&cf#vQ*LS* z@#B@0r`L9lISJ*-w-DF>#}f)fJK$)kmCAHDrQY+^08gjkN1fg0CvZEhd~vxE1X?4F zLeFHDc2Ux0B?ms(bcIV;M$OjKCiev=c!}WAQrvNR#$`yCV)I*wvAB5V_K&5cc}@d# zuG4~XaB}_dArieTM+BNqZy#_#9{+aPJabXoo3oX@`nKM*{*rMJo2qQ+xnSfvhXend za?v>}M>h3OdJWc+b?{?EN1}>XI^>IIO+)^BA{PJfT&=4c4OaocPrRG1tED^rYpBLo zO2n}%4&vb;S|`8tg@rlS(1sH!CcMD5>Cxg^$hncbVXhO4SMa%!JL;OGUhqw7uh2aH zrOAN*PK2|Qga$QML1Lt6Nar*Or)h%6h6#zpl!2V#8Xl9XZ;WNda#$muh@DzY6+iRL zul}WZ?_`g9m-eo$TeKSz{#yW^)zpg&Dvs1%Dc&6im_KlG&^M%On%LL?V9wkQdi~0| zgxlF_03;cMf;S$Vknr6KRq%@KMZ!+DqawUq|992sdTQI%1o%Ro1-R)c>BWN>w1PC4 z86G@(nppem+qz#J)9b1pX+kyR0Zt z_P907RQ9CnewZfC!O7^D&V4)i9vnPeIvpZ_8%Q5lZ-ba|8TqrQJxx)$)uyOVe=^K> zQdDvE7#No6ec3;=-GTsIVFQZEc zFz9Q^BM|_CNP%wz!bS2x1Y>lLSb}nV^VM<;;$2p)2v2l3#sm5&KckGTs0>%AU8quV z7UwHd7~9g>=PT;W612DJ3#w>S^ka3(3!4PWE13_6t>8Gy*61)IM(79_N^2}#r^Kg_ zq_aUR+bzY@Dli14M$Bm578%52E<(RX(h9DhO8sF4ge3pn+yhW2Psi6JK`;$hY(aqN z7jGKS^p?~V`HKjAMKj-Wzp>cA_d*daJ4AcG?~5d!gaPjhC=pEc@?2AY@F8Aucbt#S z$T|oV){oRA59C`M2*Bx`ln20;k!GxBX|q^IDp3B%$1UV|&qPDDsXg9ihO0diPQ(XU zLV$`a05kxCDlR{UyE(1N7w9j)$$24HMQQ{a=qTX>LiStHn^k(fBF=<^%t*b}r^Odq z4Fmve2J_;y6$YtG9~ORI&0r+X`Ud2EFrqULHSr3~9@`o6rCK#l#F1i5ff+`(fm8aW zrwy6Ff?{9rk72>@QCy=y#g2mFP{kz~!1GjG=OcM$!pPmU%qj9vO6vYjFg-P-Jhj`R zQPSeWfOE_6b*fH4Qf2C3R1^c9q}n)+YMD*_PzbrDya7k^#XRgf?B{xjl2Tmmz$VOR z#86&^w{RrQiP!~%OUiOX#2s_WK^4%aDTdIE66g9h7lii+FA`J-g?Fy0VLa@f-oz_0 zOp!{swwF4|9@X3C%+ui{a`ddU?{^PuHa#6(-7RfvUGJA?nclCH&WUeb>z>mVpB_~|P1{(4C z5Wj>Dk~)#J}j^8GKX(iO!E39?`*dIGQ^CaY9zIsaO?gZ31w?{3t+ zUcKW7uAtJ^7uxFhzMPh=JX04^1es;4-bI6hIVvhRMb_O&@Rp;r%SuD2BIZm= z9GQ=psim=R#m=l!VwP;hn^Ao1nl$t_Oi!7Agp#D*&RjuNL8@{2Iz>i%w)HZ7Prad{ zZSwT?c)lA#Ux!Zp!=OAqdP>W>d2{XK@w?Bv96rY0UDw_2avNA-^w93=eY5{`J%3i* z+InAk8g;Yl>3Ji4kOwjYh9w#rxo2O&xD0YBTOGXNMZ3zLy>*W4LU)E>3+4)LLC(g# z4&ed83xp92(-&UVIDM?3v{GJ6Xeh0?7^kEjmJNOu|ARQG6sMwu)=c5b0JW+wtyx-7 zWsb_i$#@SKNzp*g3zh6sOi|EL=!BU7M1|v2;)KqAJ^3W=>9C>jxFEhvZ`-YfD{mRG z_@2&5VI?NH3_;c;kdWzFJSpS>fwfo&*e?_$?;C+fSYmGqKqVz9Xoq!9x&OsLX(E70 zX@WK$scN7ez}FC|3=%z$gYxi3O(Y?1I-e?FV38lWnP4%8EN;nJYUFFqDmrRQy)8U? zMX~j3G!}Kql7>@`0&3XWQ8OXov0P^IPj(?5{U_!P<8h~V^ga1KBmeqFLJ3bB8f=Yd zkk#C-Cd+?4nm`!gVcpxmIW^EfnZ6P~sbsa@#trrqr`?D66i8J*m|sl9?ZS^5u(FLM zeKBf&LqG{=a)Lwxh!-`2K`AES`@)f!mv8}R{`0T$2lrIf%x?;GR4gl~nu*~?o(e-2 zn%2K|RUJ>#ys%Sx690oy!a75!vBK+Hl|w}DOa?|zakCwmwTV)k79{jgCl)in_CY%n^)G$ zR&;TPm44kWD#X|*8(}Z4im|rLU2gmyVXLT*fvo=GjH-LKZ6+#PxDw^`WS^mqQwZ*M zW9AjO-Ih5oLNSvEV2Q5dq%ZR>`4uv%Jc^5C~L$`%_=nAJavtTM1+qeKbSw=6&_^ zU4M4P=j7}@7Dg8$I^Qua91B4o)uzAB@!8+$3bRrbrYCm6O>P3;5K3Qwu-Y)(pW|QsT`z(LV z@39M_{}neG1&q?WZd@W$QwJzYuKlU_lQ()U?LvdZ^#XL!bDf@P?!q6XtCyT2wW2O~v?-n!tu0P)uW>$|JUJL{Z@j{L={jpEV}$GgFO!e7TS83gM{5=`0&~Y};?C4+H zd&IBR)v4V5H3=>6Z#StlA;UrJR`HCNeWqH9Ews15o)godri@|@`^(uwf4r_ zOq9iJQBh%8SJkq#S<~^Z+Ver_ql0Gw>Fe3$_O#M}^+BSsmTBXVQ!G0)^(4)4RAc5< zduoEMwaqeF2a9;lE2GJFL~rx3G{b2{*9BStCbTF zD-$DiPw>H=S3%QfQipRyu=GBLZXh#b8`uO$XGOK36`d~cZO&Jy~7{VmhGUzIJ*NJ;9Z840&^fD2L!jcrbHaIaQg#> zrPn%D{f@TXp>tzu@&|lDs7GwW5$Dk<7gP}uL@0?j8-|0nFo@Sf@J4oAyW(aD5Q)&v zG(s?Ytu#f?5G-*b-?FF=wDqS3c|Ww`vuJjjoU`Y?#&VA?oBcIzFDRZr~oZ+2XNU{72< z5H3GG_213Z^7DRcaQRMCmFkdxZXp&le(&=`21AvfSr%D~$Zra*MPIVw!sH`aiw)7= zd4b|mhRGj*U`8+U>KMKO?v$Y+ArhB`9yHZ02Tu&C!#3?6AbCx(i)umW*mxOPZPM1O ztq9M3DXn^{SM4yf8nULkEdDUHaoot3=;h$J(V46(2_0CCCKc?8vZkl+)ZJW+ z)RJwR+pd2&uWv znJ0=P z*Q*p?`qWP-IvZ|WFKP}YH_-i{!d4#!K9&w&z3#4q0Prpl>5A%D#0cTKjF~vT{kl-z z^xQG(#XVL`7l#l0gHG1DGCz3wWYMA^!u$|n)9`Q+YJ>2fICr8Ys$EGj4A3LwG+e_jEr-iHr}vu{)Q?e6W25c8?Hd$F{}!QEpvD-M zlR|KKIby2sg=7azM~>29!4}g3*je7Ky9a_LPq>4*2CwGS{<0?o&h?AblkHi2s1N1lCYTce=Fy5 z!@(Q1bI40%Nn<{#oe>a(*a>U$(}M=7my7)bts=2s3{bLQB&&wb-XQD|SRV7t4OfX) zNdN~iT&gEVb)4)%R)$SeF_8(;6NBnS#U;(x{8#X+HO-X^8TENj{SAOfSjU7-f@XE@ z4-;1rb_m;=o_$BAl~g~?yZXJUGq}1fu{wYzKMI%6MobuyCgt|CBF`3mI)MQdU|;=y zZa`k_0-ZdknqFwa8rV~9WdDm7qga~0Ebfhi0x9@=NMS9ey>2F0NYO%_GePP7H`1c~ zejyEx-C+5J)tun6-lJHy9Y3j&RKKDCTQ5bw!J^(N59v!Bn^1MTy{YvP`vz%vMTh|X zEQe^oPK<}z@w2EjzTZoAb?vYPn}*6-1r%c%?_R2i#^-#CrkBO>>U8nk@8<2~vu5{N zXOyj^o9#3*X+@Jipu<1$(*+)u>9veJ3zGH-uP$t4s<*Wc!(q=CKp z;|n@v9yH*#+k0>Ts~;K7Go3;!AxUgS3r?dVM}6CHv>5pTO+6vZdQ>&}q?NEtotk>W z!{mF{p@8jeP!%)fS2FC;KFb_qEriTco<$M)R5Wj=HmT=a+8Ku{Ms^(lZFmFJ+%vjHq5vskK9OlkMU1Ov2qlyN$1)I5Am=Wa#mQIJJiOWSFYc5%b~I5Q z$6?o%pqzf&=%tXaHIHSwcPbwcRQv9v+1!Uojb_+ODtryhbNby?>1o z%qZ*!u&IA5tXWuYDp9Zd zYXI6e2s>({LSwWSWd9tE>2B9@xM%JW^xb0x-N+RTg`&yLX{tyuVCm@F6)c-8@Ib1R zU-0hwhTUhLj^8;JXEisaP;yp)|^$hk>UCTD>M~RiI*GJqq&dxfF-Y&OwLAK6X(JoWr zEnXPrw;(`D4^6W0^^RvWpg&HsK=O-aV@ceI{;4hZ8VB1GpXUO1%7-ia5?}F5gkm4? zS+>o>Lik1{QJl<*-T>7*u;R$N9`Wqy~Pm-`re_K zipkq4vDk8kyGN-l!pcM!0t%ww{(eENkx$m_dlDinfX7fhR9t_LbfvM;@uHaidwd{F zbY82avZgCe3d8Z*_-O@3i-n$ufJYRt)Psdw7Zkrc-K#~$AONwXpW>su-56aWA?a1b z0l0#`hqf}Z@<~Di7R{7>vDuz?&{TZVxFUiq(vb_DT&e@g{Df)^!*0NAIxSXn;-TV^ z3QXOSM;PKe|4?-3mZYrJcl3~-?}8=(VbKiuQCY=ePN23(I(fkMJ1$h{9Kaq%HLD@I zKGO0TSczd(6hbIXY^xhS&0ydtUy~k1UM-@*d_C-aGwQI^t(8tVA!tjsOJa)ho{!Bl zHZfGut!Tkz&d@?{n=mCVj6ZGTvIoORb~RoQ0h)oHI2|r#4nld=Z#>`*01{1rL|9zX zqO5wKs@rAM-3&UU-ZusH1R)JZ%TvGsn>aQpj*zIK<+9(JW16;7ofzP$2PXWFXbTo+ zgTFZ-`gQ;WiUKqzFeF%teOf3Gq=4uo{M!;&W{6l=pa{%+uRJikq26iFvFZtA(G7|O z!BA*76ard&{7qw;Xpc@?O9TH|{6a?Tn*(*m8x zLuJF6bZ&*m{9l-0`h!uA0_s=x+6i=IvXQGd+rB&iw!kdT4d=2eOoxSYCw3=j8>*{_ zJz@axdJ2I%*%z>wNjpu%p_gO5C%bF-adEU$m#W4^{7uNY!&3hj1 zCc|oIec2^{Nj<@@l85r=*H+5qso4OwHoHSOgYOdyL1Yh|- ze-Eq)N&TS_B7DN9L{;9E(K8MP$^%-}spuH=_c}r#;?#qTz&Pg&g_V?Zf|rjQEzAT* z>LY}Hcyo`5HllTTT}CrG47AVemtZz+s#Z>4G0`q+d)uZBQTWp1>y>q7IC%4lKQ!qo zrf$hCiC{!Xs*;mtBOei2^)|G(C;Qd+{`je}N_$fu^+jok zl=#xr1C7x$DYzN(f;kMgUU`gbI~$@kfQCHCAaFpnk-TfPC;E!*Ha>nKt`3?4NXoZt zsB@tZq-0CT4(|0Sx$Tyac}Tc(8w@`tlHwIU^?}MpkIj`Ddj_2w#w++y)9(${wllP} z>yq@2Gg~X=_}1qKx}7hJ+7m6?exZsPyf!(r|4*dL|4gq~ zIR5pyJEgJa@Slk16}20RwgOo?C*b>IYFQb^BV!zyslY@<19Pn;l39R;gV(pVEs?4FD^oQI~8kVi{CvPrsZBgv(`h&;bi9j z;CxpP&o4gzURpoQg#Gu9o>%uL7U;+D=Hc{;>Pfljdu=dSFx#w=OEYWyC+J%JkRV#zfd zmwu|1<|?5o3S1K{jD{M@ci_3%TY(P_m;5FZK03mL=OXOePI^ON*bWb)mQsNff%F$I zZrq+=+H(bl8fF0TA;@YWi=qnA2T+COyoUg_R#=q&2;g9y;9iD>Te|3%?^7B3P<_VH zZ{?a1Bix&khIQ+IdD%cP$0EdXB1qhmeu&Wza*dLvJb^$4Bmb{Idt=a~(`C{j-s@QI^&HIEz1ItITkTjDRwDw%$Se>nqb7Ohv?+XhHK{f=>Xe~T??aRmG`D>fQ#lgkJf!>KN zjNckS0&8Xp_bwHkhpeiL&0}eE{8wQ00=XgFnn~JI`06(#qLqj9xbPYjK~H@3nPYI_ zEGm&NHihOYV89>1*}{DG+n4Dn5P=|^vxu8`h(RG8cSE^7W)M?-ohSbUYSdVu&>9n! zA-2TwZ5mlFg+LFQqP4w>*CNC>oYX z$Fn?jtWRwdjh;E<0^KKJ3kL`9ZyN;a!rtFw!g53rM7v?&$lk!?fVAupd5d`BH`~np z6c_iG*7<3%_4;02Q#85sWWyVs2~FMwzZAFrEL(F_h-p6D*4Id|^e-39$C&b`WExrL zxYGLz8{>?3)ur57YK@!rwXz;Gu4j}_{v^R-pHI$ubt*5>+$U?^Z^J|+E7~BiJ{hI8 z1GG{h$sYy%4f>0LBGJ&~Gs;~LqNV-Z+7q$zRCWFb(uwNwiZhMdV-he7!~epmvQ;6i zt`@42#h_A6Y9Lx$=|B#&yf}a}a1tZ9O|=J`Ydm7Aqe_?gaPCg7Q`4fqTM1|W?=)IO z_a?B?#p$k%MUq|N&&IZJr5ZsB`N^ay$yKP+FTXABCQRf!vh;@~kj)w91bYgHSIfrN zPXe+}(^G2CvkD5rd~!23IBpI=2me5U;)I{+w@nD726lyTvA<6}#m^fgV0)S_Xjw2L z^8m}jLN#OFDIBfID?S0O0wq>_#Allb;xS5>x^iRd^Jek&v~T$JI=jt}~=KOls>jh^~bXWl}HoV&u-2!#b>-Hwm zcR;!?@F$PA69_Q3C^(gGT4a!0iYo@x`<$&)|9#iMt`HBP0zmwG?v8;t$W%09DW=WC zN|}3BNlCU^a+UU{LFga7+Q~VmZ}p-5?PQ3U@(7fHRJz{QjvPvHufYo|XOoha+Rn z;Xj7GpL(P)FHGSAbg7iloKBW5n@J%jJ1nFmKUgnZfs#D<`KC*ag02)}Q!c@T2TcS4 zbVAGijL<(93L!Ql#`p7l467IYpoB&5O;8pnj-l+Q3SNoYF?zD(8CZ{!DI>RxMU7Z| z+P7*Nnadl9o^gB9Acqcqb|t|7@#=NIzw&COk$=7aWSx#pzd#322w30wd>KBRdp$gd z0ifU@_ArYv#1uL)wY$X@fF8t;C5ktvh?@CY_f`trf>vN6(vU* z1|XW&x18dVuF~l7f%EoOhxU4v?}cDT0siSdV0&j~>DZF{swh*PmgfFS;%LmXJZ-eJrIz%~MuTo_JQw>fNH`-N!$R~k;9dm`p0QwL!aK)Seo?TrCO#w5tXLCdm`%h~yzq&BUT5iPKCqh}~+i0?kQvIsrSFiai+w`jzy z$D5%Zu0O+pG|@CFdkO(8UI83TCfH|?ys=kL;YN1 zR$|g{N%0)5?AqLCSCp7uvLeAN4t(`kp_EN+vUkfSae(N$zPe1K<4iMypdQJ7*~WoL z#`n^u*LJzuMx9{Ja&Pk=1h8QghnK@D5}Z%ZLf-hp;1ve+_;;B+|#XI50>-6*xgHj)r&5l_6js;Tl|G+p`Om>N>2pZ{WGfAUhtKT*lRyG-9>`YeXJG~lxyC(pw_ZywsQlFIgEENejKe>$ z46VVGEo;yM2a*YND=`PfiaEWl3*8v@R6tTfaSWomB2IZ^wn1jna4Ll0(~)UXJoqH8V>Lp%s*->!^+NURy;R+D*ZcxT%XprF-%KZ*O`K6 z0-PJRe9-7FPPzYqf2X?0|FssVf#haqL#_6s#U}oUHGKEHt7{4qg6vJ+c1LdpuA9UG zrYZc?r~nPeatE>6Gvbccym*bQ#$?v1JAshN43UFcge7|ag^zY)q z>SUSG^@ZJ`Fa`$oqK?~cV9P4PEx1fuOPx;Y$fdqvW?yfd!FPF}Z|2{s|9sXIA*!CXSia0jhk=StJ5KXnXDjTnPxspk}}DN#0| z^&RehE}0Gp`n*;o;i*;dpx+3$n9xDVXCANTmNT|?lFLguI4w=&+AQmd$Z9(5zb)i^ zNYFmSiR_`fG+%9#7m(?zrM^1vx&~_X(*!Ko!x}QAQo0*pNO_dd>d#H!+bXi>y2I`~I3GdHEie>hO$v`lnH12Wx{Ff3sCn8O(=xhQkVm*O_wP;H~f7d zAjFMVM)lz}GCka$f7Z>)NFwaztFb3X_Qo%#jMltA{Gl*j@a+M`wKaT{)AJX$$4XIH zT;4Q7&iaiBa!#Tdc>*E76F^O>EHlB%Ze@7>(Z%Kr@T;5r*2E2n_kPhSVqk&Kx7OEQ z!^u~#{C9I#p#c4ZUg0ZF;Xjl*rvF!|`~Q+9vT^)xSt0`m+rMtjwlo!fWQnjoJ9_y) zG)>L;Bw;9eAQFa6Fmu3xCn2o?_?SkDD6p2kEllw*Z$3*k&lcC#Dm&ckKCla(X&6%P z0t%lZ(+G2DN|bsO@yTEubu0M-f+9l4YJrG10fk~S9wdkTc=mD4TH<}P-C}|OdjOUP;StE^d6o}t#lbFpVyh#EMk!I4g z9U3<%UCG%&rBrLhXbt5;f+M8yLP#F~?NV+4f7604Izof4q)1a|lixT^#ccKy?IxI6 zcCGWt&RRee{n?!IV{;wLf{rs#1KN`vAd@?~TMo~*43pMzNr7dmxgh11#HLAuEzc5Z zaG2wXsrM@{5-Bi`t>7Hlocb~9LQ~eY0P;(=3qYH?b5L!txi$9eQd)sW<2)*X^51QO zh4(dK1Dva|qS93(@S@%;`hUqJWTGN7jQwV}hPub!6jHj}1}Ux2-a`p&-y^U$Uqn}M zG`C|-l{8<4O#>#|jCiTDi&M3-ofB+4r12|das7soD@khqJ_tp6hU|l-44=V+AaovK zLf^Wm*oN4u&f(Fj-ubxQAgk)>X% zTI)Nou?yLiYj=CPqPN3S6_%_YqduDG(RNg3*GxQwz7cs2cONW7F55vyw+j_UX5t&1 zEJ87QFb)j-bbM9uwA*`-?!kqtwp44`)9-hlnz{jB%SNxO-sAN}RJCL6(*t)MvvP3s z{%x&#j_+^fXzzX0H*@(lKIPN&>GW#g*aV&Rxy{Gggo7S8*CY*3!)imN=!zKqnOr zU-(y>R+D0?qn&CDB!dY7VvR!GLTMa=l_uQyHW>t2{ULTH0qw}<8HWuKsYfTi_-fs0 zpQDm^N>jL93^ki5Vl{*vC#;D;CBaxYm;hRbhSw7QSzJp7y3*W)#NV_+<1;kQM z8-}4%yMm6aD-op=!`k#G!42r7kY1rU!X&~)!oMpLM{9+#cyV>aewaCaxzNIWn-gJ(G4Zg|T$FxzbKZ9XOf&|(YuTGGGgFjx2`}m!-9{&$_2Cw@p zIsDt9K(3$=#sg&_ugPpF%v;i2tXDB9!;_Xwi=-h{eP51TUm@vb#jSvDReh5?h0U$F zj$(MiOC2|;ed0u$6|FKdaM+6WC$kICs2N2Yf*)AIg_sirZlZXK9(G9TqRT*mkK5Q2 ziq?pd95Sahu7CLC1!eQJA7k@0brNXm$bHqZ@Sjk{-G<_6p*Fd{?#%?#OrZ8TG-1~i zXld+nQJQarXxXYL^?&KmWq%=!6g&+ncpSYa=`I{l^1zeL1ddHm1WoAQF{X7M62g$t z{k;Dz{ZpGXZ}p&N!dAMuC^wPgH;*Z#6(H4&7X04vJ8HLzFg`gq?*%E5f`skQ95Yc| zZt{XR$A#Y@a3MavG@(WsYtc|hmMj0*?rhMcI}+5~{)CW70g(y*gpj3OR%6aD|G_?R zN@Xwb(-w zk$1A??~xEwbnNg1?A&_fx9?Ajd&DJ0#CPH3(GLNwA;ku*h1 z{NsU|2T4K>m|CtxQ7i(Ym}P(j*&~2PMef{0^eewbmgftcw4?8z#OoH%U?YOK9M0p1Hc_*Hk;;1d<3? z-`RbcUQKvkT?GN)W5kmb*)s}JN)@_uw0#EWkcM}JF&Ib-J-MuKZ-oUrBDUqeGW6-7 zuf|CdVx)s4i;R(qL5L?6$rr#S>v*~~z$1FIMF@NfcKx&e(;6>4cW|$4T*lU@Ewiag zb9d2Isner%99Jt0>l*YsNpn??k3Zf!l(!szP{@Mp3kowx#2YT+viDG42=aFQq;A!k z{yj>bw!FkQsagAr2@F%?s6{iV@_W**&@ph|r9-PjOp8gAYp|npTV*|Z2mLYn9Te!* zXk4b6t%6{mRyAbwKF}&l;Obe?OD}TUr$XF zU;o<=G=y&-F-7+my)%IFWEp=1qdb`aR90SKbq-?P8UQ2FoNmlJc9%UGmF12H^l!

      G;sSVts`!bH8u+reI@H!avi32P+QtLSs~tL;d90LyD# zc`0U#m|Z{AYY=cG=HFa&`Lc3DfEfW1$L7R^8}DEgM+Q{du;+2XTZ}6Txfm~?yU<(^ z1$y^DZc#33e)J(WE~zSOoU1hLQJ}*M6NdM5r9E#31W1I)R0IIAV<+=Fks`@$RgcAE z*}Di#WF^%~AaQ=YcA0WKfjR+5A9MM#{r8j!>JQW30~K8|^?SE2`ULepGRfYZy{(kR zgxljJzihsia%EnOEBk0Xg-0m*%c0T_L2}M%&Mh#B`;I8ibedjG2QMH7N0?}=(p1^p zH`g#=IvA;Jv!)oY90niGvzfZjX+BhwJr`~x(M)$tTdbR?{P?U(g*@K9JG?@3BVuk= z(nb|V9NyKDpiX-Dzsg}=24FG*h_4zSkQ?PPn>cHnwmGX^=NER1!x#{Os-mnsFQfVn zDEptBw-glX8Q!?#2{6N`7vt5}oz2Ynfx)Kec??|`xf~4lqrA9yG>O|=nuRie`Uw(p zB@_8wm?b=!*NEs%8`iuy0D8+1p8-38L`&r-UtX~E*o$44F-O4PQEN3dozgfY}^D5&}^^-sMycTi{iVB*IO_5&%Su5OtckWKAOvQbKZkmTB&IN`6~G-2{fe zi1|o!d=P+W*+oFy=A;thoY<;jl!e3>*sx2^fj{A=ZRj2SLzl?H^p6WV zrhh#U{fY5O%>2Kz)ffflP{U7^GFa2evL!OCbDO#F&?Yp7Sz9s85`A|HBN_BNHEP)w zjPDHjal#!xr^zwF@qc1`GCn*Q+@BKa2}CRe6L$^q#IeL{5acxM7@%nf*bq_kYigZ! zYzopOQF--hQ$=!EL{!@ScbtUnUnq$PTC0}ZT?T5Khot$OpRXSk&9E=={uAT#_iX?1 z@Huj<2N|g1C&ow4k)$5xZt3t23Y-bU7gv8!5p`3uT%{Kobj9Sx;BE!PlZl=vk4Kc* zK$MeE0G198YzLp|Cu%d@35@Q{ieaja4%N9XV%5w3N z6!!7Juo@5hB&U@iAyQ7lDoVC3Eo)>~drW|)*7ve^Qjh-y(E*D)j8(b?+_yA5R>Gik&G%dmVl#I0AIL=OclQk`@!G!si8NKhR04p%%ju&%u< zVa=I|rJyEANy@3Yv6|bB{;I~PYcowMyR30MZ=Y}*Cjl&AA44$I8zd!QO zI0ExRgL5)+Jq1dEVsgdIb%r6v(}nfzoTLP8}{E@1BTqeyV2J^^fL`is8cyJe%m;oYDRF_M-?192! z%Y@kl1e+|5PapFI>zwl%rmi=zFS|6Dzs`vJ{ELcHlASQzPo-=%l4I~+AW}33jsdbq z&~C!H4ca$UTh(z7V0;n_`+@DXM!vBt#k(OZ)0)?~<^u^tC_b;6Y5Bl=ejHkHn-V>F z(+ZYZX7VI!#MadSVVKrIK2$mOXkB?`vym+urd>90;zJTBfSd^=hjW-f@Aeo#fvwk= z0qza?_qNv9Kbz_G4$Kfd`eiB9B&rTQPqiYNmS!TAp1lmHb}_vaPX+?004gz*sCif9 zV6=zlsJ;ws_fi}KmLB$Fa01* zb8GReVLi^aq{=aNQE!zWtPUX`61psj_e`M#?6bEnAYX!tFTkyzI&PY-Fms|y1`6j~ ztND0Xvlef+B1Wc>ty_mx0GS|?^|(~n2hD%q(QKJnb$opWLL&@PdLl4jd~JZL*aXNL!8+YB2Q19R_1bwE=XcP`BCOX?hKw@P8Scd zUnn?H7>RYY#$cg-7nkQ_2sq}$H;!FN0(+}tql-VBk$FqswOLQLJsmXuxN*O~wBRsx z_y7S?mOW~`bZznO@AoGzc@TUrko{0dnAR~Ie(dg-&pO?W_OF=j@#Ep}F?829Wau~5 z#gBmTzo@1+pc^78st?_?Oj-wDeN@cS*vM7FgGi(n0~47zd?*g}94J<`rfynltTt8n zlI4^aihy7qYsdwi>L>3`Qr;{%l0v|t&W>f&k2^D zkSq(DO%-F2-k=?GgYjUf;MK18s}9Bb->FSIr_JrGYMJBfl?;a~n|3dB+;#I-fMnD9 zh*YNa2$y(A`5a)T#i&>=AeLyRC*fRDWjVK~U4?yQb0QN@a%wlaZ*OQvNd6(>|Ls;n!q%b!n#$Ro@qpW?{chL}cK9 zFndUq+e72L*8HY&J!Cgs8{O?lk-#Hf79Y@qjoBYebKztVT?c0<0z;hQhtpCit7&K# zgwADGF9X*Tt7C`XD6~r6MX|HO_FbKuB}RolxB~uz>J^P>;>=R{q0w5Y+wimPJMjoJl{`c`uCJdLE3L$)sH>KNYf@)_4M~2?HfxIcD>H= zNVctd7TU-zTT>v2LlH#R(5r)w#*cPMN-u8=+Wo3NDfWIeNeGzu*hk)uCkR$l%ZAM< z>spRcB$?(O;Xif|H_yu^IQWBD_?Yn9W#E7Gpjy_Y?c{nr7eU}f z$(PE38o={0iM{@cUzbbKGmJ%{3O2y4a78i49UiM@$pesL#wOHf<@N*Y`^EzPW#F6v zC@>xc*sV4LumKVWg8|UxT*1)*g_)cO&_x=3CJi7k%o|7 z51Y_!Dw(#S@?mz<*dp+h3zxy4+&$i%*pJdA`I|-m;DFB0_4)><=jowm%+r4%{UeSa zVtFo=6d*VId&>HY4>DHqg@lD{}(%kyqj{*RA`qsgcVBttP>>RRLxDGk_ttWaro>3g;NC7%*-z> z{AL-R1OB*6WaMn=x*|9Y>crYy{V~eEvk!jE8NxRJXxmeqsGRG z7>5E(WzmKTSzc(CE&E|0N<`U#CoLSJJ`y9qdKrey3Jx>cp`2EbH?%g(tKLE=&~5sA z?&{l${C$MNb}X*YMXgwN{6mig%@!iR);&VN{nuqSkK*lgVdAtmJ4yGtq{W+N-RAUoJzXH`+KRLi{UN*=&4LSS zU%A>w29HxUoYCptQj}A8tFhuUv1`Xf!Kyndn(gg!66fBk=0E^mwiqh2aB}@ygk?Sd z^626YcqDubt`)wA8C*~b=4 z<@RxLi!TMZdAt8g3j5MNs7etgi}o7wHf9GW?rT9~Y2#UUvsnSK8$uBIi>a=Mj!9E; z4jqF%h5@*RQ&C^Kh_sOpjetZ~#wEwe&|vSXD_*J9x0kpi^%x1tVV5TW!?6qNLrnuUHvBOH@-JRgrG-$e#}WORk(PX!jC-t?zCy;6Q4(4 z4e_8j9z&Jb$qcF_!Q?@G#b#@3S>H|9XT8iNM^&FCIiGnc)uyd>X}+Q$J&)73_8bWu z4%XFF?21ElWNz8`>tUO4j?xi-Q0y`FFzWpFl86KBLLy-rMISP5?OOvdL~M7n(+5ET zLh5Oy`XsQj{FIa&Ebhe#4lf`vKm{2*_Dd)=i+CyOzR7rfv(Wo%ojSWsHjU+^zwfX4C_d^$O71Uue8~om>-R`)pR)UU}*%JOBl-)l?}hW=^$p2 zj3pF|R>s&h5J7I)PjW@=EEDt}Y+!Sgra{gdO{KJ12$~XD>^Li6YD&6V2em!mqh0I*}hK zjg+7*JwAat;N;q?)7VED)w>u5r+r+SC0lbwbQgm92s{9hX&7gTWuknL7207DuHOOZ z7&64T*nbsjR!$({^7T}8Uv5C3tS{c@l|jWyh`wV(l_!0YhKYCZ%1VcMU7~xw4090@ zX=)p(b>9*t8AIwfN#GK-ZSD|xY^uzBRs9lG?><>=+m=~s$%nRLQ{uGEmMd2y#RY}D zZm=hH8OqiE+zoB~mT1fdN3y;v2#B6lIfOp`==i-; zd!K3DAJ$rmPNR!IA9h)Q^b?L2(~MRj?21~#cX4Az-WJ~5=nz?n%>Pl>`MHo19`zyO z(;0iRC+8COyth{5ZQ!Zh(VmY!>bTb)=1b z`?t(a%^ogDq;3#ZeN_e>L$BS{xie8wBv%5D@Ar=S17rxL30@UL9Sf>9sTkW3wR3Ux zJKF$uYQIH^a1M@2%XEjS(gy6!PFG>{0L)2*5H{xN-kNP6?u5cep`asQ$dPg1XqTUxrqZ9;@FX1&*3GZ)JrbnYWs}BO#YW3D0Bw2in1jvxI-_X346VDN2 z#a*$Aw@XskRf_+fV1VF?lUcLQ_SnQ9Xfzkq=DX`~l5M=num)L4&<}K~+b?W5JT0l> zvq^G7eRJDa5fxTiBwkjYGT<;peUTy61uD$QJEQvt12B6yneCRc90w#&--|}EqO{gt z2M@WLOE9ycFmQ_i=L{EaaWU72C%C{3*T%tJ)~qlPtpCN>IR=N)cUwNTZQJIFZQCby zPMn40;F8r`6ub8TGpU;g~M?%Ux zIHUxLC+Ss+vDxYbMv3WBZq$wJ9834mHDx20aGcK^XyqojSWRLWNktiC8B7DmTG5zs zkg;`|B4~Ngf6OLCl36{-*?qIb#))JfE)2ZgmpRP7pJ_Jea9s7A;`}`*JVjA@^7~4vvb1Zci9iJ4@|U)+=h<>60k0;v*%Pd$8YPEjdfjGNDsjPG^BpAh~XLCtMH_m33lFDHC9=)Nh+nHOlu zwO%OC!{-2KB^vx#km)sXj8QXrBTY}O#`WaG{)1hQ6#n3vYmb(FA?%KK^9uw{drIzu zk;0X@e9v9`xu{E%#{T^S3X-C@ORSrKaR?IP`2vo7-wN#n(brKJ3o%7Y}jec^)H z@|;GtE%86{_`D)sDNyfYp=|&zKVfX(IZib>P-NC&ebMS`_Fn~%zVZD0{=aGCaj_>R zMRb$g+z=^va5$XaPhoMxN}YSJo0qKEskhmnlz!gjCvKDQYfrv!0JFh^IK%O3k=c|7 zA9dB0YC9O~Hs%S?YWXM=VUUwZx5_Fi@#Pr45YdjO#(~pOP0}2NLI@(K0|Uq z5)0l140wDHzX(@2>2N~@t|e;WV-ES~@MWiv#4&j>zPt~#7nHC)D_w%rknLTDK!Kw+ z8#CZvga%K6%Q$Ik2u6JeSot^EsqaV2YwcuG78~iS2qFakkAmGr!CA2-N_GFL5ji)f2C>f;@Q@3(Z4 z*FRmnYmWQdo!=!S67jYg!{s&_+p!<;T)ENX)yrc%x>v=kX!2Q)h7l)fJRz+axy{wk zJx|c-~7q&o;HM{blVzkwdRuGXd{ zC&*#7EY&&H#Q`4a22>!W@coBk`NN9(k7D`%)swORPcda;WMKKX#q>YZnTz1Hr@(`S zdLUxpOK4|+1TKOb{P4BKe)MFDgzNlo*MEcBwM7&!IuUHDV!FiZ+lB7zOgJ2Zo>iUX zNE=n-70b?eIETF@2I4GeX=?>$=p?j07Fab-2^SU?gv>@e19w89&fyg0gxSa_LJQ=@ zGsFvn16D2TV^|dOu@q$voFaNwwjgud_lVT%6@3F1vF#WUuWwKV%5G5+6!A4PQjDby zV$uYWN+<(`F)SJb3PRJt5&U#b;Y&#=(fCK=?Pk^U$Ppu7Q{v1pikQe5!w?yw8?e&# zW%hWM^rbXOmUh7WHK9l2f1ky;E8^b&tjCXa`q>tPazzL+wE^obu)*SEP_zPAS(~D& zYkUlOf*}`u)d~{}JSXT0%_|_=7xrNPBJd|7y+e(c58<%@xK|+X+8VM0j$1~kSQSKX zn#qXvXIYH4L?Y6r2E8K^kKQ0!n#q~qS@v`s8FHg4%+=!3XK7-tmxd(!q2hX37+1jG zv-(M73S!&>!N4BDLlX9A)&exG7}4mzRKe9_k(nE=V=Vpp!L+VetUxCH$@4J}3aP3U zfpIuB3?PR;|7}uXE#o}pvnHCs;tNvIKVf}B9Jc}5zbhr|E*%8Cj|$E7*=s@BD5%Puh{svAkXU3Ge+4K9N#$yW#WvwlBxmx#jtKNRFDy$sKj3 zA#z5G?v>;E$KjK((>3-99dQq&Jc&mHuOJSL+32W=GM z7Y?6D5)yuP&CXZ*dU`W`HE+Rq!}ryCc!Rgo<9)DW-`!dFcWWQK?Uz&Ix;L=4+A{u@ zm<`6h%lmcp*0x87=ikS#82TX>@AkLb&Gc$pFWF?k4I+8&?jb>28%C_-;B$f7^7C`- z31>I)2wzi@p?vw`nW7z~6L7-0J%t_05fn$LU^hG~Gn&rz?vIyg`2BmmZJqDG&EIcF zPs8QwfImurZ@2H{PxfRM-T~R|KG8^~JjnDjjTlr3si=4}qExNmHMRaf^z&bG?A10% z9$&%F7%x{xZ_%x4??f~|-qfTtRNhSSmA^I|PT?^K%|E<8N?Ph|0Rf9?nQYLpS)Py@ zE5~Czl!=J_&ceUy4q|KR;`+ffQn3{mc;>0{fn+Fu1d!^DNeQXc+pkpg=$rHHM4+4mM_QV^*b8>R3F~~th z1p-sW8|<5=o9q_X5 z?eyY(88AJfEG&8Ag^`0cP%la5xR{2U0=x5Xo{>=)m6J~Fn}Y47Ps}vr4L%ZPX32bX zmuZo?RGUurqs3eH`P5H|NT}Pv&6%;PAVG&2(HGK;<)NxIUK7P)WGQw|-LxaE;14k< zfk^Cs*ko@T=~kE&Tk@|8#yt5-vOv(NIOhPr+h_$YR=6``N>DS7x)4Uox>DIVUql;x zg@DmZnBSQPAVB#dp#uzK6wHW8{{l{Mn^)Cr(nGj9(cWz|CD?$%W-+>!Xi*`3 zCQ2WI%*PLVa0(#WfgW_lOlUfS9UG;9VJ9>e&z-=7Z=-Or#wMBt0?YRh%sYXl+^B~b zO+)-!H_B)v#|Fs6jb2y21_I8AO@*p5i2`rPng)*|ARtWONv)e0a{ zeitI4qB~M>Md@{vcbU6YOt*%2Vh)^p+Qna+gu~8jii$a_Xay*20b%#{$un#Dkn*bT z&2?WZVQZzEwtB$H<`yNBWf*_Fa=>|1uABB}92AWyao zXTaD6T^Fp7RgW2Vw`O=84e!!f2x|_#2-sLTrOmaTFxMuPA^ZB7I@K-mlIM>qYzPc?XDZUSa;^9 zf zo6{=siv%dVHwiOSvNVAvjnq87$UQuNjGRKy_}8s2i1A`Fz(|bnkd!@-QpZEe{-N*; z`vYaVW`W;A6#FaCu$j~z?ieZmM>B;N7JWp7iz=L(ZmiMx&~*jQ{YL=NnLbb#%-ES| zsFp@3xvGBghS@{4ps$ru+z%NZrF%DP#&jqUr;%Jk2E;@7@Z#aySLN ztaHS<<8d{aXQA^eK!{>SP2h^LyKd3=DivVT-6m2&@dbeen`8Bl+0;Ag(ZiD!7*qvb zMf-#~%g++*A@Ng#IN?IE(yFF9c>XOj9*zTcF73$;?-JQsp`Jg4juUEpqN9iiw!`Ai ziVX0^wA}F9-AN5s9?X12+4Xx&(nDEqlPJ1&f-*~|90!D=-e2-sqR4l&w2L|w!(C`ed{L=b?PwY5c($!n z)Crk+W3pD-vo_NQ&?K+h=H`%^kIfGm?}`jjE{PpblRwcT@J=;|E;Y8W79)W$Xge}@ zoaqEg_K+H0w)wOOHQ%=*aYe@%{_fWRfM5yfIW(c@)z?{+MWjsOd!CHUoasKb=|e6_ z0GVJjlmy~X^5<`Za*Lg%XiddDqYb@s9luTI!7-f&d_`HIGIEOsRhjZY zB%Y#~^P-K-?MWQrrN}Dpg$ie*XRqfnx^yww{a0z&<25#g3NaQ^-?Bt{5w7gw!w0JX zKiMA(djVxgsM}B#GMY5fr@gTT{;JcE|6=U`?sp4f2HW5*@@C;ncl!tDX&+O7fzgh_ zZ3(d;W#z*XJmWvoSFgxyzO`d~3N9-r>*ngx%>_R=Xvbmwo*F3du^*c-JHcgy3I z!s2R=n9+n!sKaoLeCX*Cj~IHxvSRUybrmoJlKM7het0oqNQ3r_!1)uM@VF|ROWtrg$4S|3Pc_LF8{ky5T z5N{C>?(A=#OkCW@ID;Hf>H%czA?CiA(XmKa;VJo}Ksu3pAktAXjLagsV1!EUAI_b+ zh4%%L_Y+PZ20)@i&wzpGYOiZ3RqvZ*Iw{LnU-=rT1uR#-zeO40tH`g#yk$kdBPm|~ zJ89DVzmg`s*xTC3%m6>H5qp0vo#c9*!-a|qwF@Tady5Si5~cuw_-PDWt|N+oe$+0% z{()$0l!PSH=Im)6l$Nyx_*quXuVW>4dQ@7eF{P(f)IsE$a!uD$`Fz)pIUu(kZNwcF z+wm;UZC}8S+G?k_6dBJ%JDR9@eN4F%jAAU)*qE=(^@cR1B>I%k#OCL3Lpo+;N^S1> z<-|bdNH&!)h#1Tsfad6=M0M8Ri#MbOj6yPO?atbpb*W~ti)p~(kpZ2Tv1Wx}xB23}BSlrQe>y_al$gb^!EGe@QTSf!Z4eOOH)87X>{9V5-8I(b=2P${( zp)ah75MlmGga_p-5hIJ|n9Ca^#f3}!@o$bS(c}{JfNliS3~5@juX9nxwNE*oP$dLJ zRL@Mdko3WE7dN5uH8!?F?cC2~{|bbgP{47IxY6 zwHR;)dFJseiuKJcTko)^rsti{3{sPe4zt%sZW2(s+Q)Rb@28!SY2fO*gQa&uSVmGD z8X-y^5$P5?H)BRE>?BjDEP`=0BIvFh{HG^P-rIN=_Q)u>T7GnBau+r69wPAq-3VY+lq+6H6ZeQQsllI*opeN;V|$4KGYdVaEzQPo&%N!E!>D{2HM?mIJAv&o=lsTOK% zzI=X}>70csijxL2qod4Z{N{NH)Q?|HcT(g_HesBMamVsPY9RAuAOWHE^ zV~xltJ~w*I1hI|>?4xb-#f1dcsF0(!dRQGJlU0$+(;z#M6YZ-o#yjQe$QO)j<<@83YeXDDCx)KY=#Ifut)U1Fo z!v9W1NDcd8B=ZLHO}9Wfc~+j+rB1qK1kjgTq*vFm(L;0J_-FmW^2%gXZ=t2uS>MHf ze%0h_zV1G$oWio^!`O`oSxp|4Q>#W-^VVi02n3tZrInE0*Kcfpdk6%x#Q3Jn5iXFh zvsJwW!X&-f0K>2TaudPDPGHE%Lc)X8#;wf>3eE4;lVzNs$R%om*aAQtq#yU%d zS}%Nkmp?VuwK8GQ)TBGYHRaGb2F6^0)TyvbM&^&V)_PAuwPYW-E`u>D?6W!+ZZ93r z^n8B}RvQp6F|9RCoCkRgCH+X0Fw($<2P&uEDlzIIhdt8v!&vZ<(OE9ps?)6+Yka!; zdrKB4MA^HGQoxxI3%2U$NBM_&0|Wl4fD!@4;!S1QwA(_?3)b^95@rFRrgcn+%Z zhz3-b&O8p>Nrzvh2PFZ*U2fI&Y}{gDD0V2<5(41g&?hkwCH|$l!Xp{}G^p6-BckXb zG~x>Z4x&&rB5)b;GQsJy$g&Dso6@l%eTTnDCE_^Zhr&De{p1`(%wH(!yL=j{&oU4$ zzS4=O3@Kv+NO}G^v>)nt>6k8Q-~|O^$T{PD%kf73K;!@oFa`dq zgU`xdt9@UeBVi5PPfrav&{w-`dkA5U^jvy_m&X6QiBUa&PMLN&NiHtxUAUXj!+;dZ zIB46uejl}6g`)txjH8oI>f;)Bw zDr{sNGFI`IL^fysu^%SEbV)L#6Vqz7YMZ&}xJk}m%8cxg~ zL6!kdbvQi1fg=M7CBSJ`e?|TT=oXh2CzR&?0f$nBc1o2t%78|2pvZ!Ofp-nx@|^b& zuzut*;Enafrg*#vW3IvhxsXt5&KQTkTd9+hz{9)|Te3M$*XGLZexQmDQMO)gg87BG z!dkI!*FD_@FuEUL(eh%(s5gS zUHa|sx2sKMMN|ZCV!7y%VU|%KJMnC}sQ?wyDs>7TL5~4_nj6!zlrQ6B3y^r3a)R`R8vYVoVLM5x5|ti!VB% zzt}!-ApP(l{WJyikKVGN-6c+1*B$#F5_EWsor0-upTKq_D}_x9O&ZrZx&zfPy9MZ@Xvz z2o|Y$1rPi=tjGb#?WTq*xnDDvGR;TaR$-@s90gM?M>@rssP5bx1Aeo77d06_s5Q~zdJ9S5 zxrnD2>Cb%YU5*bo?__Oe#^Db%JpgQdIR;A%WDLxH^9P@{;4-2_(hJ=9(eNy zqSS5}!3voDD&oDPGn0SiIx6Y)~Vd8{c$!iR6OJw%xSr<)BG)G)0b(^ zf9O8MrsJB40o=e|zBl8++=oU{)~BlDalI!wm-d{-P#-82V1F{OJ4!YWW)#wpPPq`L z%0y9kw|srV$2T<}{LURD(S&6F2Gtn}b)m6MOaFM1J~;=YT__jY3_iN!z#7VR?MDI~z21WQ)1VOM(BJ7##t@Z`KbgC*txl1R6d@O@6F|a5N=Gk_#i_-` z%XoXj+cHs(UrA>G(S`vMg_6NfM{d8m`uPU~fb;2nwzRlE`OOgsY2Xa@{>Bxi6hfTz z3n&aRW>K&3d)^(_7!aD>3U4|!xu=lm$9HZoqq*y{vf#OiPZ8nxU?FCxwQ$Z`?B}~4 zPkfQ>-VT*K$eh6k5doQ99Ui1tn?_gb)PWBCypm+-W0?i}&hI=P4_?jK zk)Lo~q31S^VXe_=64AAapmZ=SD>)>=JK~{X>^^+U9U80}JG`TJpNO5=_|`$`^wOKw zpC4+mZK%ZC(851@9IM!dL=LJG8!Pr#0y`GwNW>Gz_!ys4=QjNXG3EB;R~%((#}NG^ z2IP)Hw5CSRGfx(&N80k5)*YC5q=p#Y@m?+$bi1GL4XwdrlgTg+unX9qsCxI|Tx$2I zM8&aRo6j>l(|vu2_A1~Tyy6N{?7NU`6`!Dh|2{F6bf6LAqAco`?*vg8;{jE3%g&yU zP>4ZYC0%Y;M6sKqoAdjfP&hF!IEb0YlFzXbQlAwjp8y+Pz5aW-896pkyU#{@)Uhcl ziy(ko@Q6lIA%ip~4O4PnS!(^zy6bTO^!gZQ|Hf0p8>erPI%7@&KNVm^4DM(M8VaIQBgOQ*aHCBNPVPchUAa!L- z+&59adrdxAE{R!i>*>JHkwVPh3P?md$vq_aa{0=1HE zFICLctVk&1c@|uR4)UZ)&EapO2WjAxc35U?1nEKXnSv9g3t<$>X@rfuwgHSyEL2)* z3nuGjrT8qYvv38JVvxzf(K!+6aVpTYNYq+rhuH%{kKh;_WcV3F0MSO$yer*=_+g5! z8q~&sYa*e!DAk3Fk&^1Sp9z=C)#KZRjenUJGZf!fE6C>p4N_m1 zz>8~;ezLQ3#K4mVC;}mP7;Dh$B$N8kesT3uz1veKMLN0_gKuAyKjberT-4aDC3jqrj;VuP9f7B8lmWT8&G*G zP@;&lbvbqnGaLZtXuSe4YdoV{08arP<`tqj&k{X;NQsAm(-nlF7#7X7*5H>|(3BZS zGNlN89Ta8^>!IO@|9%v{O$l=Ax~-=b37DCEf-bED0}HLf!nj}^9GgQ?-ghbq8wk)9 z?U2)lcOUI3Rdm+uWf3(0K>6%2N>RR>MI=wjC6V}=9{GI`H)x1914Th>G2K@0(Tn7h zpOS)U%%hMK%9T7I!Uc{e)|KOfHrgV~*On1wLD>W0E5&p`8X|)X?>pvoir#!!mAF(h zc0IFk!Zso7EebVfi;82oI53;_&7{I@ja>xtbSio3oHye_Kc9@b@B**0{-UL_-Wx2) zZL6ai?}-^k__6QD9YkKdJcn6EuVkx-A?p@0H5Z``PmGR6;TPKHw#ASKfsB-P^!cB^rr_q!@OJQN!P3LO?tN0$y#jFDK5E}2^gaUwRI0zzG9 z{3GmUh%+C_%L;yhg-f^l@8ei^{z-d8Ye`G9Mx|e@bJ;ndF>T>$X;(x%i6P4PPD8{x zF1suXjAoK&s@fsnJ@A=3lc#aSj8fzGug{&H3%J!c^*2H(;zfwFww)m^RGW`hFO;l5 zl-SvOp5ni&oW& zo=Y8ON`OXnAlG#_t|t&1CX5-#cXJ;o3U{|nFu|78sy5;|&!kq!B+A#Bi`5B35smV^ z9kU0Zz8~(c#JV~>J=@i{#3kR(&j;_f(Z-vnZMQagmbo@~7i27BWEbXAHYOjR0yiSopm}hr>Rh0S~ZM{%MuL`Hv|UKMB(R zvQxO!Shvsr-)mh6rCL!WasEpsHiy#I1zo1pVrh#o{S0|afAAZU*Z0dLkffT-JCfD1 z&CCuA32~Wc^V0`FrR%Z$t@Y7r)A(fDz8NVAs@8|8Bi)Hk4oUHZpsm#j?q@y_?H3UT z4HhSCX}64*;qt}2iTbJvYMz@i2#&{Ya2PVWGnLts-R5(9Rh-i&^ID3!rWssO4q^kl zKTlqFZ&r8KeLbjWjGreV11wK>hX)^i?msTvYXzjDP?vlY+D>sYI~~_-GH=-uNPi@- zEu}u=kb2U4td?3<*EV{6QAk)r+#9{g!WT_d<7d`jeu4sxcc&_?q3_bJ4gsSK>{LJy zwd7Sn7k6rrKtr(pj;b~QQN)(@C<>Y&{Rz~Mf~4$)^gDWoLjp*a0K@ur0vqF`^A*8;GgKH#W7&TjJ2=p*xC2x zj|j$JPTV?A1=dtZ3sLQ8AQtfcEDp>p%PU5cqByTTs3;z%$IpPCl5@aV8(SM3WC0|E z)tNZh7o~WUl4XL#lHXjK5J5XbXKrN#Lzte5XvoaXR{HL8f(PB~MW*$;n;ip3EqitIeQP&z4V<6tvs3f1G6+6G3CI@yoFBi?4NX?I}%~rNC zMXD?{4Nh!SK00~8)P@F2Tf?#%;tA{LpGGDPdALz<1&P2F^&!H`29hXb^kf;50CGIV z?W!;s+vx&D&IZ9pBQ||t%W5UNKk>k{*o>c@W#>$S-}i^;tDK0;6O1pz+Vxjp#QF)f zF=7D?V{A`Uj&PRPic*uKwarA-+qXQ0GZjl zCxrDA7Hrwdr0g^Kb2h!KQZ>lU0i)7b>K*Gk% zJSZvEO?F;0!>}_X^-FQ+&T}vbq~~VgyYpF&m_?7?v7553ai~Nw7~edWF%C*7T&Qt< zi#2SxG7Yk*p|Gx}B=Ps<_@2zF&NW?x+F4-#1DheELwoVibh`U1^C{5gn#!~w)Wm1Q+0HjL9Fi2yuQ|pYc(RS>m$=CctsA5J)C6fcm4;r`00>ByrSq%ZwZG%vxRJh}1!jM=_j#EE)4||X=(wx&H z+`hvBGfPI;0sBS@ww?tCSd)<)yi#qgKC9@cHHt|2AW5TuI9r*ezG8I^B88!e?+8l# zqy1zdRy{=KoXxf&g`1tlx4x5`PVvx)et!gD(q^~K_EtJ7>(+|~?iSk`y~Vcf5^7u< zLja(!xDC?1G9O%~zXi&9d?a!FqzjS6F1+qQqG*QR3b~sm-rx2I zATXyNjc-3aCe0KO9>xmg_bL&&nXRQ*2VtwJ#+>-GonY5N_LjK7?Iyq5|+Q z@0R=Ro)Do&b|9+AomU#DLT~%bN)#99?r(pk--!{5-ypy!ya{JseqGhCt~RPYwu$ZE z1bE-KRmTqZqQAzuGE$vf%JXo+-`FR9fUf^=IIwd5=NS3_6J4^g{Ez68k(1+JJ8l0{ zblC*2ZO_Z`-=fQw|5tQ5{(nW6)YN~^bt_{!AUa%v4|XT)rUJ*%$6iLjflM=*CrBo@gqTpD)s7n7v ziw+92R4|e@-Vzs6)$l{lQ^RwEBHY7j@~Bkzl)=J+uBk$6rfdT?I#)ncGuW`JvqJ9l zhs`L`lo`M}Md;O*Q5jAJB_R)iWBks0LA?g)&od6iigr1%MB~}PJ7X2ijcXClA#tt! zks<=7jOHyONm-7z_sSYGUJZ3o7m~qO%OW+>mMEJJ|m| z?jgMSiyx8_uUwwuLkgMP)0-wt66CKX%;VwDA1*S1^%n`BH#olVIfZybfzurVO&YBh z5kpG2W>CJ&c>k)sqL+Gm_Zbh&I>MKa&BI@%EHZ|jW?l^ZS5xM9>@RhRiNXvY>X}j! zb%Izdpp8BdS}6#xhzQqaSw>rmh-}xeu(;JYm0N7M z1QSCaKGs1C*BHYcL5YL9AqTc2gy+Bv46d@!=)||;gZ47G z#c?1`*(;cz3*V({qxMwe3A zySY=f4^j>pMQEhlxsd^ct8LC zct_&v_&h!|d1sB$*4^|95oCX}ZQ9oHYWZ@#zq;$MdWm%L?)=#OT(7S3mP7|+g(`A# z_Yd9L%5ky!@I0okuBu{O8?0&q&r(OuHhEusoPzQfF6KXI~UEkMNjxWgwx2wQTU6V@EH%`EZ1NGst+2N`&3j*M@j8mUh zegOz=taIn9&p&cK?L*Ef57m^!{!~!84ikOI;kZT)~(V(!$2D&fmVfC42f8n4>}-4 zR$gDlfS04CS^pmPE`WcHeyM+@hlAuMD`&%whsY&zflZ4Lk4Fq$D(LhK%vNT${9r26 zs2>u03W(#0(Iuw%Ie}{W{m20;ck-sEJ(RdyvPXz%6&bkNn26~IZCa-N5V&eR|-N6(_ zIx5)LYWjk)i-XN0$sra*bs78H%PM4k-2e9%rBLsJ_L{j6o8Maed=N;L;lk8>P*`a? z9dX7x%biq!Lv~u0k6i%|2~O-ZIZl=-#m~L8nxZ`rAMR?8C`T73A;1K0+$Yy7GUAGo zp8W^WG~dBq!D=f?2Z*;%0EP;wRO$~K2oj|!ty2UQ^j53?9JXXOZGd8UCAbK|JuYIl zJj%3kG9lof3au~VU2Ka=r~)A0P%HA^2M4_g?_smOyVP(x$dFS(8U*KPgn#syIc`E@ z@MFwC{XTK~++r_W7=MUq9xH>04QuC|F11=w`8#+J(1%FUoggD)=_>?C@^a)T1uz5; zfxNBRHU8Ve=oSHggQCp?4D-cU`(g=`)AoTUB!rkmMT+%sznkQ4Y_&$ZC(nSt7A11H zAeG69&y9>Sg)8DioRDf|iEJD)*oMtN(tn{0{ouMA+uI>Q8RL1!a}hYLZXwO_pe(UX zV?^YaXdi(FWn6Y=SE?Hp$aPfdANxG*rY4ZhCfDI}4@d_o}otO*m^_6`O3bFv9f;c%Cd2~W4O`H>bbH~{fT0L^0m@*R`LKjPr8 zmJ*83fC=8nH~SW(WX;ty9Fa9ubmGQPv@~3M+9QpUU&F2`%FHC0`86pc<6w%$)t&F~Lk5?n4g6jBCB(Rj}l%7Phg@sCgC_ z1asDmFq)hZ*H(B1$qSI4HRkBJJ;PM&eJtr^7O>c`h0f*?pn_B42*F`00MbQwi-Jl0 zVFS|y+<{Os#YW(SexvC49h`Vu1!3HNjo+PjGw~^c|3lBf&iGIC4YnW9)4v=jH#KA& zeq3!o^2ZwrHzE`OK%|VUxrWID!#NfO*{ES5g__A)VJZ^i_U|re8VX+&^S@<|WS1f& z0{XW%&bQ72vpZZlz2~F!;iGch!3HrgBtQSgTcBEy0)izFphbj{z`|ARcs<$o?aRsw ztH#{fj%(ApHf)yNlGxld^!uybhfW`ChI01XHqM~Z^{(#{y?mduA2f>_hkh)x#Jd;2 zZ=LVffB(#s0PwKt2o5QlF)2d=O{p1rGy0&Hw!o5o!l2Jh%VY?#e&<{-zg`^#H#LW< zoFf(8Ev1R#d_GeY1p6_P)h97BE$-(xQWuLX!z*oJXhgCKW00}Pdou<}AUQSP#xO4< zK!Zxz!CWJeTn)ID^o8b5k9Cqx+rBWff504fV#Uv`htO+Bu5PC4ysm<2;0~Fp#(~os zt#hnXau^fhkkNuddINq?0JyAP?wirRZX}@qLq~+fR3;%0O`2ol9V6-EFeX6s)o0`9 zs~dG>#goSIwhhoxZs)f5d1IX;J?Ju7n9$8DAf9VSoq^?L8#_8@d*c%s{z?}@;r!@D zlaZrid8wHG4C_KdV4L9QMPn7*XgAc#0SOP-w4{n|2{ZarpfjXAOpYq4;*{l5{ch8T zu{WZ_`Wd2?)1G9s;cdq7(mfru>~Vn!1MjhVrH;9ea?6AU4lZ`;OA+{ZX~TZ1PlxIN%6&Uzgp!mEO)}+<^Ni>j)1-y- z_Z=-}PW>+nSGXX{sI&qpYwz2kv+o`ng%rx(ucB7^EvU{lA~=rZ&i1GF;lVj>7%7+} zY)ux|(;p_)U?$p!)V=c*8H03T_RAa?S>9ay1cY_Gz|cY%0l*(yn#MLB*iTOuWc;(4 z9L1~b@xPrp`FX*se^G9W20^U0D~Dz!%G0N$+E*tXz{^V zMNd{WX`$(D7nq=Lr^2=2)~r@J8EPB0C6AK@Vuo2hH`#vE$<^jh{i!Xw72mKvUBEbO z(!!!ubN=JVuicRgp=!Hcd(coJtHX;gcYIVE->bJdoxtvt!D=h;WTJk2K*!YpG$a+n%=I2oFu|A)Qhlk)v`Rqokb-Z(joO_eP zP~dx@Y%bJzBs6Dd;}De!ZQ)TmMaKp@Q`bP1s|=r1y_c|B zO(-)_%fYHb4pxlf<>a{tDyKE>nq={4m}3qdog{Md^JN!T9{O!WfJtZwLyBUFO@hj%^^(8Q4e+qlCj2)<`$viD;RN3KWV_(IsD^u8V&Dc-MVd8gV0|*vM z$d*!f$POL(;H|uCfO>_ zpMXWu%QoL4QQBnYcf#}qi4zi{XPE42>ao_%D};4-v36C zqUv1TfG$P9gSbs`tDoS0;saHFDdSR7(EwM%68&0#bWbgoh))hYebE9%c~=AU4IQ_y zq?-TqiZ?xLeErHxqAE=^M-Ybm-8*`*e~`U;U@r&&^%SC!mX8pu+m?ottxxa&6^$oK z6V-9UT^;^BU2SV9?_Ap)BPbIfxEsC3LJJ2(L(80h8eIQ}`vJcc~D>M)4 zLLhk)fN@D8^I(TXn5jKC@=^IAA+n0lr9P0~MQ)!gzambjb*dmSY~roueEvjWM7#S; zP9popA|UP#UC@a?`=%(uz(s|ylY$K9jic$nCo~;r5h#V$82J;#Z?1B?`=jmB$Wp{1 z21a9uC>S+V##3oiSF;l${>o7?BTYQBEGWol_PaB_ZH>G zv5{5;!m&x@-URFnuynGBCbyE2@25mzJF1o^pLDQP;qe$mI zIriGi17ag^0zID6^%Vi{btoS>#GTx5t$N+!|;N%Eyp>p1s-wk!Kl zowgwa*IM4FN!|!az*v#Lhxtb$ilwutIDHN^jG5$0-&EhPrJcIw9gF2+zg?9)q zgoAF_M=secPvB29O6r{1Spgs?6b~^?Z7p!`>F8sK%0GB6>5w~lTBk5Nyf)#woH+lz z!XGHDyj{D&tr#OE;dIMg9Gw}VnoVNM}pB4zX6x9LmcLD}u}M-w(-C@yw)rnc5KUXF7B)krmL3v;7bt~tCS{sX~)ky9PmK{Zd<7xCu z%R_&UDn-Ky1&Xz)RH>$t1qNMpMG!Ze59o&Qe2zPuburc=)u^->XY&}ksz%X~bq(A2 zkR!j2#Z*NC$SbD}L10M3ip#@rINi$?sV9 z_9t~5un6)jn0*527IrPS?9XUqG7lA6WtF9P%J|yvb(470@rKc{KIIN2WYLdnWGLKw z`+O>;PlNQzg<49zGVQ`fCVCcqmYw+O`t4|06S3_miXB3{M-uB>>u zN|jeQnrqfmQQJtP{vMgz=-{9!>uKYfS+g9pUF;E$s2fA@>gQmxz)RXDJ+2@3^5V$CJ4f4 z`AZE9uxq`)h9+F}og^hcIxGIFg(0NWj`&YZnjIk9FE32IsalSrL`d?r@+=4j2_U?t zFikc-U5JP=AE;U2Cdu@loHoMXR!t3E<3VUbpXNbdkV|PwSR}$M_`;2@1=$Etg*zfA zWva<#aYw(G^}Hz?s75ARjoFmGa{7Sqhax;!5KIzjMp3c&=c0RFIZ(o{E&i#<|U`u0l{s=Q4&Wc`jnEX`KSi_cdjVJC#cRi?Vl$5hc)~HruwlPusR_+qP}n z)@j?eZQHhObIwgBlRuf8$(^K9sfT)B8*6`ydXd}h1lO<``cKuAA*flaem-+a12F>E zM7{Ye^RRj~%)Q?r4@3)bkfpSl=|s0W5wlXzUoJRsf@Gk*{ny-RZ+q<6E7gWyK}V}@iZ877ym3m z2$8i^C)dn=eq4!PPc3Sh*l;_9j1h0s{p*JMZD;p8@(Xpm%I4>K`lgKxUQnTh9VYaX%uf ziY5S4`V65l;g4e$UK`nPRN#Kg#VjD{2I7)>nzDG z6#%!0elwkz#oUvkApr<~W;m9s3&ywDw91?yttOv;J$Z_xWFCitFCJ zRBbO6Dj+ovUAezdU?>E7Tp$PYQDW4QHkDRkJo9>haC#>DAD@s%dg#X zkJ~lO3{vMU`=OGMbAR95-$ke7W@XJDTT{tyYfjWK{?Rj{-aq+#Ga>f<(t1UFOwPc6c7)SY70Hg= z%fuqG6SQbC4uKz$CDcO!QB5yun&D~NSjM;jm^!R6BE9eu*fgVU{Og zxGCq!AZZPYn$F2>LUk{1SkmRj=r8KWQ6)s;M_S-HvW-ZqOYMWxvRmMT-rfqAIgOCJ zgF5o2xMs!KC0n+H-b8sCugc=@NL1=71ANWO(bAo!lBuDen*HM?tiQj1O`nG`0OB(o zD|XC}!bLEGj&7;ja)5B*Gu1K?BZ#_gbESuk@YtJGZLPHNVf?$F7HUDqYHUSM5mM~z zwycn_L3=yj2Az_a({sV~y5=-a@#L&n6kbxuW?{wsgZIJZ?&lY(eBsXTuf^dxhPQTqe8Pa&*@$W3nI4 zQ*Gr2;#9@gmC{FOdc_I2J1gQAI-cWsRJY;rpt7`wYf0&EPjUxTMzqrz)xo5}{l!iF z;24oA;MRRf?!`Fq)5NAw-kqgnb=BG5Splw8NXEmx>vv{J@u5|la+4J5!{(SHyElY2 z@muLd0=jfxrw~^V0km;3|I%u#5Hvew({^0ZW?`!rP9NYN`zhM^A_&##1#^;gPmU1% z+Wx#;>56`to>7m#t|QC+c@iv&v=IB-AN4nOJM6?%fcRbi`LChH>duvG#x_V0QFD5} zAK-kA^_TG#KkNzeyu9_|W_;83`^}St(yhe?6UID<@vQ|dc*BG+sovLCapxIT-w z+IU#mx=qRNt!@C&z~9eX&^N#5ZvRQtuuY}U?jcHD(l8Xd>vDDUy}BOhKU@*@Vj9IZ zJ3x(BE%!HJm^fx4MtlYqWLqq+DXbc|%tZ@)&3cy3lmOk1E3Sb%_aVe@|JlpHki^NjSgkkGLlSOM0X2U5ypWXMG4nLH z>pLHD|2ysB zn#Bo)d_DQX^fX)!myV#A8QfeUWgG`0F!qmYCz~|z-&#ku|AO#hr2prs`5%X!$D03I zM{%_Ow2n3eCN3YMY*U$|^-4MJ-5MfHbm>V@QtTzc{Lo{u{|cQaP!J4bF2|A**GUy1 zO_^7Y(%#4HsF3VhIM*G#Z%!^xubDLD0(trUDO+p_oN?eGp_8eU8MD_QF&{SCnnOam zZph>SuZH!aal(p3ZYJPc!#Km&86tXyX*LIg&|SN~Cf?RJr4CqPCf5If*fZQtUbPlB zuFw0$LWBq67`B{<8=h0I{3~+w%^(kZIWX$!?Qfo|ng>MyR+rwLpKgh)m;1u~pD+~q zm#hV{fO_1S*>RNqL$POus*SYr%Sm#Y1A1z|PkQ;_mAqC@s)->)cH-!cLBEJf_UO8Y zaCNc@9@Ab?Xl`R^eU&h|<(2k(K3!~lY&?HDLb8>m{f%f+!D_~OCWlLcOB^JF4_2t< zgShDCc@0XjT}zjTtN5f@u6e|sA-uGHdeOdHvFZ^9T!VOpLE7~vNkVM`-Sb(KY0)Jb z5>uY|=;o`Bo2Cxkj3Sy4=P^q#D;|(B8G2XXp$MwA5Zg0R7U99+GPDP?VyW$-0DFRr z#{;9W8N1tms;LX#)if5g@CSn%tN-K}?*ZWSzCsgf`73?{ zXKF|)+Z=`^KVX!cc`3NALV)b;)U5WYCFqy*$o-#72c8Hp#EK-?tj!soiK3Qr4bl}%0dr8A7Q`jFocm)PWWfzZ#N z{GSd2=oUz3Dtf$i&~@=o605YenDU)74Uu>?i{AV7zU=3abo7Z$5!2gbwk zglX4WEb%QM*a`lx3n`OF9pTZ#cpFjXrp;Kc#=w*Xg072+*&r$3p^2pS$fTZ~v$jT= zv?Q!TfpKk&Mr;>HPMH?U&r_UTBSHh~GNQqaN$beb?+~|X3s5if&;&jT>9ggSZ7~fd zoNc8(e#Ub4T{z8vRxl9w1OWHGoE}&v9$?QpoVK|=a+m$on(&eqZ0AP-G#)v@RaP_WQ64J2aXBpc#{a|3IQ92FW&z zHr4JMfQM3MPm)?G$>Z^df$)exV|%t6hy@)@jl!xUE*YzLptF!;!l^KnCSP#;#o7$P z`c9(?J+qfnqvnT1kI_C%KsaGRA`!ZSN4y`kW}TRizdgX&Q#PnEo^h;{GH%N5{xwdf zfH7xJas#|6uB|k0mu+Ybl_q3&Ti#gP0zSa-lD?)dDS*RBo##)UU(=zTZo7AHQz(hP z)~B-n8a#wzqn}FdchoYfWP99!ns4ctzFyhAY$1!jg!`+jA1|4f6pr{2tpr%~CKD~y zu=C<)I0BtXez`rtTpMfk2aFt{z-sW5aKpN3A}Q^-?7;TX`@z=Hfj2!zC+B+~k^W|U zdCEIKv6g&%Z>qnwStR{n1+XaurXB2$Xsdmduf6DLMcH7_^6p0_C@2S>0w!1{Z#9y4;PcwHs z7#NDIbn!lSiL8*1*6)rfQ%;(&T`E9tr_%?x@$}tw>^&VIw-CHFGfkex_uX&KR&fAM zdAe>&xDj05Wm=83gZ#x-0;)Y7lA!{@Z;R5?LF!`fMgDMdtgeWL~MdAa~xc z{Flv=>JCKl?TutQt$Vu&tmfMo0w_svfyr-?K5hM9Bu;&HFui{_q}c#ZcML1%U>%`Q z1_8bcI=8djWAg+vtA(~4{cfw@a-LnI$d*K)EU)g`m6)5?9$0jd-;X?xwRHck>Qk>t zKCAJ6t35dWTWT6R$N%iy-PYK4T4YD?yVctl3nLJ0II8U=BM&)OfKqcD6*6F~scy+3 zcCEva{QcCjFd22+N)$Zp3B{zQTDY<6bfH|ZiY{ZEa-a|Thbky zgY9E!0#N{Dw)k;>?-h6>b@EnpOavO&n(wqCtT3R6qK9f1w<(sM}dAfOiRYv#EqUOw;NQj(5 zV~03`3 zZ3b20S%cu@Jv*^9`62^S5F|^0NMiNF0p^ISqV_pRdk-K97&b$>by_LsD`y=9}n##eJ|sr@uI5CL>L1TlIqkUd;U*J^(nZ%`@wE^a z0TV+PDXCiVWJ8M7@Z-vlfzFDHZ#{?*)qyjc$+jMZCZ)~Hzy*CuBR3L6PwH+c?j;G0 zNPWt*I#%RZ&WvDdaW~EWre*0vtnM1Cs&zf9wrz^2Q#@HX1^tDd%kkd9)w8VDVNkj< z8>6|^P|zlp2=s!6en)`Pv2bxs%0nuH1;xDu`fH<=P5zt{9h=C;i`~|=q{WMita6lq z9CAwn9N+U4FCRAtFK702oSa_wARZkn!YB3s0E(z`O#T@wKYl;*vt|jWKoMGLOnxjx zyJeI2>z^zeV^hyDIDri6)HUM@7Xw9>NK4QG%Kjru>CKK=&hidbnfZoIjxyjMZH~D- z_8COQ!VaSCi?c;G4=0-hy-aA4j9O%&55vW^{Km8AM9PQP7b1H-c%ah&-zKTGk_q%t+AlNXe2Oq@_@h+(-?mXG_FiD zBc{Ix=itP#)8YBuX7f||Ei(k*hCFQ|;5ixZ665J6Z;5+_@yL2nu$TMIq7-#av2^k( zRc@wG3QMLp+i=*-7!(YG`A>+T>E;Ec<*8Y17et%lTV)&_=rGCxyOfM_zKOw306FYHf*jPdlWzi$L+S0EJ3I`xmbJ0g79S-L zB64_ca}jPcP&}{^pcW@l7)4P;Y!Ye{lSO7Y!qU@UM!cD^^*>oxpoIhLXxN$7vyaeK z7NC}h3aa^7i@|Y^!tLpc-5?&Usc%JwqK4gi>B`(kNTM;<6=NOPimF6yCcDv1(EtFy zSMNSY=2v1>dAiIe%~A~HdRv!)%$3dGW z2GZuW_%YJ?TTw2@n1v2LjlOk+;8S&1t4HfW5&XYF$*t4E|BGz1apNRnm0`lb%^8;a|z)7HSk~1PgFr@Tb zg0lbe>amoz>n!C>w>#-Eik+=INXzJ|om!qaKBRH*21Qa>5RFz=B zmK*9=&^Gfoztp3RK|m`{jZ-w%LaKv+fPqY12|@O?k#1QAgpAptii7(E8uwJ#?@`n4 zbF{mTj76r@X-@PFARx^Lm4iMg@cj! zvrtziF{Q-AK$@~q2(;Jk7DLg<2!wp}K~Z$}2ji#9WfB|@0--gzj*B&2*vjWg5Uclp z3xC(6Ha2pwheS5;r5P@0d!GcEVf!D%mH2>2TTF`?Lxw<*j?4+J%Vg;^G%%c@-&~%; zj0=^XphU)3?l+tn@IQy!Gns5z4L|QWtWBz}P}A0F}6HH~u?bjMz@)C{6{GifA7kW&xvWm-%(htJ~LhugC9 zj77**e51u4ffU78^sbwL%iDvaL<$~rOp$zrtPibNv0Z(_1h9EB95wy2X&+=`v9`J! zcCGjO;Fj&T^Vi`6@gApnSAD&tAZkhnCYyW zpcH{wZmOE#U#}m;tLWX{+YL{r8+@aJ&5b307P_wx0p;qyP1>Q}yyKj6CD)qi^X1?_I>u{1hmBlWg- zZWuOY&MY?XpPG0enL%&^;RxXKVe;YfVGX3k!yx5w%jmk-dp_RcK7GGWUt51Stb2EM zzw0_L>lQPw@ml>he4T{82Xdcqtd%KBmYC#Gj!+hY)rF-igy#U3dM;wUP+R=gdUwFz zzTEKW@4kOtUJ!53e5Z79u9{pZKaFY_-STz3@07Q{% z^2HRT*O(*kmz6<*CBlGAM;JjOQBh@pG#f5?Z*ecwWphO+064^f)}p zLh=o32~gDM4?5zTW7TFH86XQVu;!V|%nv#cB(X#RIv3fGB1(XL6Wd{;6IxuV0mHW3 z_gF^$g`sV6UCuz9&5>8DG)XcIg@SxeY>nYpgwkP=*N3^C2S>4iwAF+$ndVR5Ivk;} z6nlke9-C0x9zl%`!h+>H!x3pmU%8WK?s#Ao{e+Umly5o-UofUf($hE4m>3v%6azPt zOpS$;MZK3Mx19hIF?@o7Mgdi(DS}4PD8zfGIeZF{_8GamWcx^;<=`ouJ$1&^t_oUo zvG0JBRl^*>cf-l5DV$#wxUu}r&Ej>jE%tbo9G#g?ID2%q1&%aCe}6v~B(F^Lq@9CFW&c(_CoIh+hth=c6JoC|yC~)A;i-nnRP5rx4@_$lMt|FTG0!601{99Y3r;g=e;5NJv@%i?sE zwBFa8Fd<}0^teQ|I%OTQ2RkS8h~BXAx4RTwEU@CTBaHn_qyHW_l9F-TI7x%N(zK;e zVJ_cz`g@uh%MD*@ZQFC$CVGd#(SyGL7SYNEGclP>PKaaU45P7NebVV4K)T)3;y5}` zRG}I-q0H{|=X?{1oNQ>3>UIOo6)X;g&IPPg5}hjudH5$^zQJQS3J)rqk`Y}F{V~#b z1$n`)dbQ4V$4Xse#j0t@tXuR?wZMO#Q$JQukU!M{F)MwdR{HOdoItaHKcr{-l`xT} zYTuMX@;4o3WW-z4o<>a&;~S&MP#3=Rk;?p)T__V7wc{Y|YkV(Q@=bYig8Z~WiNPy$ zWH49$aPGoTEhLl<9Tx(sFX*&l#DQC&sEXXJ5JJls}ku4KvmLwFk56{;5?2HG4j};y5jT$)Jx1hB_NfT*Svdx zH#R^IK^VSuFnv5=_V0wbixpK*pB>U7G_#KtgF)3ww&+H6P$F$qZ$Hf}?c<7R=N2wZs;CB`c6QEdQ%|3*YM3B5s`DvMFN3dI6;TS?fl!BrD9OCYAB|FomtK!0X{Z%7Ju z3PFvI9fRLH39s+{xM(m(dhBL&Qu}|B6ZULVuti`VF4|4cFW%9E4H6VUJ1i1ca`hvi zG{nYC;3g*y_LLqFKz#O0640a9H67PXM7p#{J#hJiIHS>saFw^ZTfXohZe@Y(HIcg` z2O93E^+#0}bU~xIE8Mi^>E9zKAYdr+>i-2$b8SR+o1oz@Le13pRrYYectHGSxDjdZ z;ld9gIB=l4<%=$4$i&tv!Uj#)Z4_a=(aIvr8u%16c8K<_JLiZ|KoJp@OQdYa#y-uS z<``LQta>vnjAZ8QE1_9d;lfLR+tRjs=h9M%ASrVTZ_pOn2hig0uM8vAPWRs>Xp8?7 zQ%oUNGrhFjTt;RBeAL#cfZS4Kw=!s>Sk#UoR4B&@V5%QoQy{X3j}3tbmQr>adF1$H z*zJeV)EO01&Y>1a_#xnqx2_f$q_REoW$4$AL~1E@8!KZ-|9HP7`e@_YgUV@m86lkG zPGTgRc$}D^if&h)0p{W##1rN6E~a1~6;K=5tWd0z+E@mx{j^KKf|U)8_0FrwIO9E^GaQ0?Yh z-!Lf_=lq}|iU@a@Ps>ZG!@~I9rdKPX!?g*fHvQZKc&3+#S((3_7c+n8Ln5kZ3OqPA zmsS^Vw~?eD2+AoJe9B*P*O*YQosTCpKM?#ZMBlYzYGq-p)&0t7@l**!ooZWMdj^g# zNiG~u8)WepJxoE~m0tF$p)lbu{-9!V^!Oh*FE+FwEf_rSrM6x|z&7?B93bM6zES5S zVHEw7p=$4Pu?UbzPCj>-z9|TS4m42KK*qB?UJQkCb*Y5gzXl^q zkEKr6e${gF7D-sm3$u|-b3uBXlsimQ}AqeH-HWp-jj5^AA;)vV0KvC?06_XYOZ?8=V&X@l1 zTm;lb|1cPX0cTxV1#b(!>*xXq0wQz$3d zsBH`l>!dM-v8}OHZid+ugW@&?D{@`9)XbP*{9bqz&0%cRqFg#K#-ZzV+`FVYY*ML{ z+Ki@iP44xmR_hLJbG7Ry@@@l9B+^E#t{` zxW+}{gll2uNZ+J5us>0pSWjfG%p;WZ0N7YQo+MBSJcLibl2586A8EpPVZAB^e%#8q z*Q2PpOxI^tnF2-G_|b*uonO*l2ZsAk9D2BPDP%~upTn20xw5*rCHOQVnaIq*Ti^z} z=mro)pfFWuW=EjJ!C6sae2M5;XL|rkx|v6#@xllM@Fbvt#ZP!~uqh`T?9g8Y%w6C= zgC@+8A1HZ$P)RE&{0kw3;-y_HTJ4ZHAgln5X9Do#^u{=2|Bmzej~ViRY}}VMbpB%__xa}q zn7EmgzcKNiVKBN;CldpMvU^lWqhtVIfb4$ZP1X!n7;yAqYo0qU+J_$?WdP`sN@) zfPV=mBX2Vm*WV{`YpnbygZuAX@I-u2-C-})TydZTU$fnDjeMqSM}dd|DD(vZwL5U( zYJ=e5@N^>$s=AP(Yv`Q&o1W8Zt zXiwX7Q!Y9?uxMMBR7HN^DGwf9GbEPt7mL@6CG5)WkYIiq7-vmk@C4VVwI1fj(cL5_ z0FbSUDK6D59aU-)>5`+nkE?)H(h#h1u^@g7d6bcv24a+OSV`@u_}3BzLhxd{N{1Fr)7;4 z#+szeIjN&c4)X($ajjG4w@W$+2c*z_A)pO&AX{+;1fVlU-EB|*O}Zcz~*crOvB zL0R`G1?SUZOXX7Zk6J>)eZGj>=#6kj#B~xUY+mc9A6k~L`t(*lMxlGV__ljK?-#pT z_D$Eomi!4a$F)i7g=T9=&b%yB54H%VA5CmoB~tYHVY}o z?leG_-G91~oBr-+6^G5Bf&cIYqY>PUR+8BxOduNJ5HnbEb8P*@+fa+hRGT-%bYS>p znQ_vvYp(3n8AWkXb1PT`EOzyR0{$a}g4x{+1 zL8<_G9KLuqYN`CNO_=;GM7W$ht&*M|e^E+^WG!5->XJTWGrp6Bk+l#!wcT1V6G>bN zMz)LJL=r)clwdE_wD84xDF+Mtp-HSQxs85YU#1^@Tos0;%gX=)l)5A$h9>c-K3=$q z=09_TX@iy}NeGwf&8|`P$fyw9=3`h1LYUC0G@G*?c~eJS4j=jH3>dc@jQ8CO>b;DX zLD`m>pbymSO@6@FM0T5vs93C^dcUZs+1v}CyVJ{tm-O*#YsD*j>|*7S`bS08|F5kZ z9MV#P47pwDL>LI1fgozb7CbVmPoJiiaG`_W@2RSRh4d?;Iw%_iJZ1?hR2nDvQ zo0Y~b1GDFcXFq`Nqxau!>mnKpBNK(FB5E}+`j8?>OG3m-A{d7va&~|Rl?03oRT(@# zt3C542LmQB-CU>@_UsH$8pF7Lc$bU6WUW8`1EMX`jh~q(jDaA~WTnBmX0(|(Heb2k zEe>Km1=iLh*HBDPZd4=5Vf6-G#=|`s57Z(=gMZg2b}7r%@ep|`%c82It$6q=yev)S zp9M(%UNOC-Guw4M1%m5522c8Qmz{2axPYs@;Y%$On{H}vhUNL3E#M0?U&(D7(I7*K z#rq=9jF8d}z35%byu!#w@uGSON#R-Li4FjRq9I9LN2dYrS&&!l%fRZ|)w&#rZ~$6% zmh%+!g)wz!`(pI1iN_@U!}i<250t3LAjv%fbw;;sNoU)Q&P>F5*mIVcoivQeq{D?^ z1AhnmSf$iF85fSh(Atjl1{xOqdR9HECJi^N9dlsa4-CAhCE2+yj3!UmxGD|BY;i{B z*9IP8P?j8-V-TD;wT5_Kpa@rDZ$fS`E=-8GbzYlVsQH$yj?zCHaPLn^x<&h8hX~Nc z;j%8+6IpG^P)FBxQQJPr>7BGEl}m3cxV>GXMoUPJ`y9uq74nHNL_#oFgFM5zAk~$D zPJX?;d~TxYj6gmN=AeN5H8A!A_A;m*{clRi%KTrHl9l6s&T6~Xkh1$1CD8M!c4iLF zGTB;Wlu0U*Ic&>zZwPN;FouQIRoL{t%x$VLG?2U_$%V>w@)p}S7iE5Ngr<{ZOm*P3-KI+;vo4Sy3 zT#@NcQidFtPZmO2+e|AtbAPpySao*lvstsUO#TE~APJxKo!*P9BQ1tE79uT>$57en z$Y@u~Rko-Kwh(hRM!;ztDXp9)mhuMhG4DK>pg}vqAL|ZAZeLE* z*jpmR2hE=;(kfI()+8um;GK0j#;n2_WL3m$m69xe2;w87@IZX}D4Rm=jVIMd+ftyz zdz(bxIn?0mo&XEeMjSq%SaGY(rSPv5>W8wI(nj&-_m%z}i$uZRyKahmg)wVrYZ~zb zz+q;7W@l7A3oZex_hsv!PPjchWP%Ytz20;kZw~at0q(^rX1d&| z7Lw0|-Ack}kk`-gg@`9wx!=F!e{Qh?^B$M*b#sng#)l_De=8j}0ME-&!lBDxMCJDY zTnrEvhhTdu;vPT8n<9he%r^usGIy46;eyhBY`{fQ_#(V!elH-r#Qwzf--X;&F2^Lk>_Kx5KA zV5zeL;!*8clLfxtf6minN!afnjXrQIcrl2pSgS1mn6~Of!y+W?f*wvw`UECiPjKR9 z+gzAo3Qf)X?fj$b>pbKijMe(j^s+BB`!6rQ(5lHJaSGX+V_mc^CP?&5t#GT zmx`tpPTeb#S!TY`@0?oE#}}EFJDN13Xf;dk7>%fS^A|Cj$?&h(f2kP^U#J!?tN~T@ zfRek6)^ZAu0{f4j*w=zvO|$;3e3he8u}Ki6+55?_3!5u))`<70Xag#iX)dz)5AGcKaXI-+G6zNiDtKf$FkYb`th7!jD@4@2PSbhCvaMBe5ngjg0^ z_3kykZOLaJPUd(73u}WM8IXQxjKXk=eqiXHAjRYH$HP{ay<{WN z1>w*OX`qEj9WeVvb%BjbrU?gwyaeR_UvBK&%SkPUof;LMd@m0dGm;`cBctKW7XH1z{HJ(2S?7dwWJ;9FZ{y3$gqg)EDYaWMr=EiMZ;!!! zQBhx#=r=EuF089@Tc<+Za~9>>=z-({)(`h@ar04!^SeYq?)Jij5(ZYW#3}RE9Gvgr zg&bSIL<8X@lpQU0G(@;mZL|f2^SMM8(acsCRoK(}M)n(={MOQ$JUek7YEB5T{et;B zx~Hmo@c^3>GlGJkNX+GGzI{NQJ~x$N{%u5n@ftl9*8D!@o|N=kI%5fhUAh)%=a9&U zbjyX?01RMw8sTMW^w!_)pzx^>n{Q2*FAd4f#_dE{Gx5avg(nutw!n-ei~>N0zLF4< z!SM0jJdHQZdTPMBAxp^BGkeO6*j3$B|0X*z6vN_*P9Qjs26w{vYvGpu_o#v|%><3A@KDCc;G%dqcR-*xfeg7g5yiE#$yvmgL*BuT5 z7)>F>os&lIzdUC4wZ3=8DMN;@4-pmH3Yqad)_zz=%6DL(Ko%VQ1E&T5k#^A;VU7=%i7?lf7(k-APCMYHl_CUG9gj z9ih%nr|eM4pxDionK@f%c5WNB`Phs*x75{&iMnrO8%(T??3yrp2l6Ns2ukHC?5^$B zhhFo@Z>}~p{d8^RRGK;j>_j4z-^!q>G7Zp42LhRnT20-sO7W;>x_wXHwNI#}#a_OD zWholodcEXYjKXbALo%1g5MnR}DfibuI~Xu+;FVcjE}phhcm$WD-C@3MyIpP`ui8?A zRZm7=Z-s-04xw&nc-SIh>Tc3Gr={XSJiL6_*2~H8XTdTm2L7g!0EqwcOF*IzyT3ZN zaRzumB#YsB1yHg;xo-#H9^Op8f>1~wz0gG{P3ng$m{n&LEdIq^%3*nZ$pcx|@MfY7 z5oSi@dZYwXN)L{F(K}LcafW3`!EjhHQ~4Y@)R=eSPAZ#e{qoM^fCvmu)Z*z_POt?o zef3nWhSq_juu5YI`0A0->JZp0s=ZDCdz`tgBE{g^{~E1K*C)n+gwzd-%xJMHH)p#G zvLOk{A@iCLRATz<)cwSf6v`qU52E_kQG!+FN&Ij+ulewBZbjb;nAI1Vf<+Io)W;B+ z8j(?IiBqKGcG*JVO*ug!PdRkFW-ruJ@l;3=%J}ooCUe&{miklf$CZic!mE)@`8#GB zw~pnXreT_*nukRmN~%PfUYc_!D8*wnh4W!i^E`-jHv9zYKoQn9b~%7r*4E%7+m(#kJWpuKaHCTnhwxV7AOk>ItS!u#htN+g9F?&8UmVo6XDReZS?SCD<()lzy@WM=DZRGNpa%rTl*$w@v0-3b1MNiIaGB7^PmLX$Wm1E7zN$qau~Pl+HQXX(wihnZ z@M#Z15d};3yBtQefrrkC*bNy9qSrKYN1ub?*5q8u(cTFfo!V^Ry6*Y~n}bxu*U{Bz zGVjv3_jPjuFAfMpXMM=f8nvG<pZ49dT1#dW9r`_R5c~ z=?L~dzfa#Sq&S=Koo+P=-td@lp`v5!X2rV2o(Nt;veq4Y^yv-E83?(-^#jKxj@vgH z?2aOD77#hgUEe(P8~b&WTs(t);#z`5DoqcK0My_IpqXs4{a<91gZ{s*7de>!=hUTt zsN(-SfevB~y|b*X>nzeoQmZvnccJ%AD+k?e`^V0a+iZ07xKIQY{@LwC$k zNk$u2^ziSsYjUYXwjGqty|64hj$b;xdE17yNqJ@N^@B9;(kxSZq6En^G*K2J!#lkn zZ^n#Rt{6<7eAsz857NS%#A@Lq{L*;dPrFb=IMHdPWwUD+exT!V7fv^(LLuov2f;L)njppPt*tOKCT5Blb4Z!j6RYGr?3^%85SDMUj z7gx4St~p3;AJn)QDr!eT(xwU{Vz_v>Swl*B1l;rcWAOYvEuD#p4a2rA;Ei7h9q$-)!WT%;Z;khGTnq>@qYq|SW3S+}$_bi@BE-jxoHYqUe&0&G z76r|H`e&Z|5MhX2ptXz_PIp~#a=U$=G2;&N7reyf!Owgo21vq9YYj!RRUjmKG&?|n zsT)9?4vn|?$${9+b^9^g#I)fMLbz~%Bic9#6cJBmk-`=Gnf6O1PTtul`07W?<$LQ$8clVv7CQukJ0sD<<>(W?$ZSwe zt!Uan*T`NoUa{Ut6-i-2Y_S-lKaMQV#{=DZ#U)NzW)EKb0V;AkK&&LH^5 zqjFAGeiu^3L0*o6FOuDjsdVOe_8;Eyr+7_JCdi`Q} z`|^LfQXxbhuj-IExZ*hP2Y#}3kt3#sH29{8vtPrNC7lEL4m@rRK19s6e$R}*oS+^9&zyY69~;p6N2z_3t1y8ju(U&NcS>BPcJ)%Gly+p$9u0Ds{^9G7~CD+aMDY5GQ^=s9ow~sZ;nO8S< zi!FawEz4V;KRqg}0uHVmvKwDf$4v|)bv$@QXnnq(h|rDd2>4#K%;+9da<{J41IXGZ zQ?~dLk%zhhOnjEW{uCN36ZUpLVdN*yAzOui;=bjGh3kWG!decqS0Wk}Vm;q|PP`!p z1LR;_0BT2|C0|s5Ly0W=V7(KACFDojlnc9 zRso&{UZQHhO+qP}nwr$rb+qP|=vQAl3Ju?y05&gv{T;rIpBdpl6nhSa|2`xBKgpyy*#DbMn&p2zL;jUX+v~O=?*681 zZ@3Le&jt?x#sGNs+XkXR7|}0c>9xlxV8E6P!V`SGe1&m!M;*7PJH*u`*p+a03qKq= z;Ng45u}hL#(vwQc?s{FI#Ivd%mYmY6R#?>YIzkpUm#_zwhVdbIFP_FMUO8Hk6`-v+kXd49v|S1!{Mj6f*ibn6PXV1~*Y$TPW-CxtYWQO_HH7 zn37O%#uPS`zX+_Hkxt=7G2L&RjIz@#qCaAcJc!eva2Y69c;))f;*^r$f6vYrKaG7S1tWg76FPBa~&p^ro@MVahQKW-$ ze>~nDtc3`?jo?eeaNR^StcnIy>bjlGIgIq0lF&s19DsWue4#8s3j-$F&3dp!aNp&h zDCUyD4(y@`LeKS?FihTQQ_@ogmugcOWa5Mn)NMki*FWO>sHF?|-};;DEH;!}h8PhL zd4~?d5fOMS@pb_kkON_`VxKCjPWQ(XBL~_4fEaBc?r#?l{tH3vCU2C4o9F*@Fov(M z=W{<&j#_G3v)@bwyF}&&ayO=(>1H*#=Li*j^q7F|_Qu z4Ncyb?(U|95AE&p=$NlTz`f|#h-P64J>**n!y}q~eo3aOD9~L=#Nm}OL z1+AC3S_$^Z|AU#1&c?y=5QEzZ;RD?Z(JE6Y7f?>1{EK1-*4-Azcrz z2KNh^_RIaV(&rr>XJ1$UouIpQJ2c+~K)6b?-aVQETPV2GG;jbc`LV}ArMUqQk!&J_ znjx?bFl_-Var*(7Xw*SqC`Uj69igZX7-aGWz}@r)k!c=UUL0aFPA;QlB2VrZu6=^icQZ+Z+wEUDjDJu2|lX zvJ~Yo9pu!g=69R2?tS9ku)j-tn6K+s>Z9XlKl<7IAl+oMSTn?O$uPqu(**ZO)5kMK zf7J~6`-+or7GMLfm_S_kXB*Ar42H;e)?;)U7NyN~(h-V8o!}@?WEN-sm^fADcez~4=cJZy%OI3<%T6(#%t=SHT7a^KtJ^9W*Yp`u^hZjk zwMKBD(pkKkz)LHd8|9TIDy7xtfD$#dGcQ%L5wl2)90@Y+x;4y1od|OpvBh$zF!8*z zUMu94xNfj_T=j;cC?yCsM-560w9HXSQH5zM2=A$;cU&ngbDS5<`ON9yOy{ggbF%$c zsH}wL%O{;UL28nOoOvul#*x|!{EK*|$JX+N*j>EGhx3`z z?#EikJHTN|oOT{ZN($$Uz$vr=PZXv2&?6%t$cXwhcxT|LW{!4X{96T5XW$1lG=t>!zgXj z=>f$2cIQ5VEmfJQh(eCQ2!i}>1Q~wM`&8SnJV4JLlY-=52&~C}Sof9y)3xdzKfR&w zi<;R{e<#WADz8A@sMxd=J?C{^T8cU*rKXpW<>=0M-op{T>bt|L{E1qVVAIT&#j;2S z+bjuWt1q)z6v$?oCxdO41pdG&pL2Z2DVOKkI1A|c^4D{;eF1ee6=JyRruT@UuDk9v z5Q2fXKp4rhIi4*5W5}6bxJtCGj>}B32w8zThX0;zciQ(hI$i7pO z{$;dx4j6xU#-lh5DUzeyxjShEH(J*s3%kZnwZcX^O|4!bCWx#jwG|hGAfD3!V;=sE zksvdq&FR_O4N=;5TGzA}3PuFIuP6w;2UNWb<^Vxje8jUgfPsU+PHFFs-`5OTd_InJ zSnz0LE*wq-L$QUOtdo3h=g%%jh{zo!w_=6UKa*)};DtycMiSGo_F-!a0-^ahYAf}9 zvbDU0&UxxxBKaXsQry!(L#b4Zi$|2FCK7l5s8v*>$5&RP?+a>tH!0-P ztdK{$z=n>s-)9Rf>;JzGG`yhDDlfI3nH8&?r*3>X5xR)_Pc{-_^-H3p9{uLl?RQ!f zFp#QfHpIisa=pQF#-disBU($dfb|(i1+FL|>eWihj^@Ez15=(h?`r zf540~G5_uc{+If&YpkiHEw%?f{eh|;g*wz2_KBH^hB3Xdxa1htN|lW|%DCZ%jx>tU zlB?I-Hf&fWknqRZiPYdI6JU#f&|g6w{}>M!qKom-#pCm-QB7%@7R92YCCaiSQ$-`? zGG|qqHAHU@)tN01i}>g-Y?-sCNMiG^+%BCm+fG`E`kRc%JU>mz3=X}zsI7qd*3+vG z_x|}Q)kJqw{uO4R%*gW9_;hjU=6HXU0N~|8QY138oc?csgDjsWkz1Ei0Tb{JI^vPqHXmOZrET9j69j$;EP2wEPo%bi1s?>lIV zO@Bkud{>!w2shkAp=QgjRvDwGw>a(7%l)*N&6}o)mq-8M_2xq6`97IBe2pL3n7B7$ zL%-iRJeeC~=@$(GcLGw8wHlm?r{cAUEFzwwn<3DnNY(FrdAlvF!bPlMCQ>$dkOp?5Pje6``_^^ zrZ3LRpL8&Q@^nT$% zrjr>o)nZdDbkYRfr4Lpsuji?at)o4;_&tId`FKaaLySH{+=`dQ!DUH+{Mpe2F+3;? zQcl9C5Y5zG)gwscp24*()84$9*wNab;ggRdEi{OUL#sYcamjrOq=-L_T6HhfDha`A zAg)nj{elaxs1#UdC#m`n&{c3FjdX0HE1k?lCDRJXa)NDs8t_74-%3lxgRFyXxg^W8T=4We*>CY>qh7rv z2RaE&4a98#0re+dvi4_iK)?nxcVKYtYh1Mb>%EkQ(l48C6{Q(pkh`=j(>i?OuMDllZ^+om{AV-b3CdOA|-GD%E#mc=%r zdt};xc0o2H8dEZhO%O6R3uaq~{K#omoXk=#X`LA`AAXnz(y@B#{Nb-#AbZC0>X|0~3 zPl=s7zu(T(>6y@epFIzx?5`)M_b;dSe-(6g^cUla<*iLBmry85Y+6RDH71znS_H;% zg8W|F1k4rHoy&;~U{e$Qvv+icpa^aQ!wVaOg=bIq-pS-jZ92a*h_Z-R#pD< zH0}l_5+4ikbg14r9$$A)FNJk0A0Pc7DX^ew=8I|xi4$exKxSe1Yucj{4WbP9!f25k zZHB586?esT)e;n1!QT+ypRv|?5NHtmoGCECK^1Nz`@1iU_Xctm_|KxoyGejyHr9Cj z!;M%nGH9@_o(ylL@DYACIE@B72aM78kNBJ-NH%q0e-^3)qp@WcQmd}sSvG*~KRY{) z_`TE>aD2O5UBQUFe@zOwLZR!3?B%5OQ;%HmhwuFyy#9c;4*P}Qu*fUGpums4Q7{!i z%Y`hDCOm?sR}IgW@Yf01k@xLER{H`ln@o6Bsy9UTIr@r^klaP5&F4uj=9q$Sewk3w zVCz#Y?hnY`kQFrVJz*1jAl8FsG8Ej0uragD?yiPLN)X>05v6Bz3&f(rI)hjT4`m4* z7PjAhas<6*>P$#gf1&bdQpBxl%8=VkGn(;G!W#b0oL{c->396CYH-u=+wl+?n-0)! z5(_=mH|C(w33~&ToLoz$08GUdL!0nmLYnfXe07bZFilx%pUA=R?9!(b1mvGr*FZs> zj=oH#_ISS`F8en-dDM9+WoS090A&fgWTs+HucKFQf~J2}O^T~@qRj$fJ1N^CW*&sE zVRmGY&d>4|TCLh?gaeensK6N5xxtpR4k=?cONm3_ z89$u)_+4P{73MJIEFWrrQ?Z<$58%|n!{d8U2Gb$};AEi~luV%TQ7Nuco6{5Xc0O-W z^%G_d21zf2Ly?Aik>Zj=Lem-4M8`&8fv^6K3qCUL7S5JY?++30(L|j_ib9`7bt@=6 zs(v+^z9e|R*%m6sgwZ;3VWgQ7p5!gFrb4QtV|68`6>Ht#v`4pG@NxN3t@3yfR3|aS zTBkb6Otpw(&?v#20F4W^yS16+_*E&)u4BBE)C%c+5C0nPik>f~F|CjShe&4-bVy8t%ECNE{%e1ZA!L%J%jqs*1%f25A z_;biDGRhyn||9(}M+lO@aBq62~?&q*h^O_6%Xady73$gqUv&jRK%#dA-Wq zz-^uVG$+|}AV*shb^4OcZ5K&@JQgFf(~WF_#Q?uI{0g4o6+1633X;rzWjBEhSO2+0 zJ%e3cVW!%396aS`uG0@Z7>#tqJd%EBN{C-2@0HXo(R>&a%yYJdA zm&r-ys=HNfwW77I!^|Sh8(y8?qWAVE%)8poihR+iIzPa9y%Qkfh3x@a^`Pb z_t8MZvcmmdYx8Y>ab35y>y8tB2{P?dEha*rQkzTwe=|bY;m3;~pvOz;a%|gS1(Bfa z0wgfHANb;ex$*xnc>1q>(tnWgv$6iK+ceFM-z^i0@0>bB26|V7rVS$m*tNi9lNH|aSV1_uv-~@nrveF*-bdhvmMV>&!#uywzr>5C3<1R z$2PWH&-}}vKmkF~uEU}3)9#b+YVwE%n&$@oYvEs98nh;s$aKrR%)s=<+oRnxzQD*P zA3|v6Ppee9^+fb=kDO`N$P)?YAW`ymEB|H$M6ULeRn}DqI6bO?Myt#yAHQR{hz-Q?HC1fS{Va z+7C4Pv}4tl;ntLbh7wkFq&tF}UO^~o$xILo!7614iHJx-7?#oP5ofTDyDI^P+g(yk z)~N#Pod{4-jCRtHhy+Ab?(ow|FX!zMs^15@Yn=$T7S)Ep*e``tA-e$~6h*D`wTR0) zEs$d42&F}!M+NeZ@T-$H9d+?PFr$-920qYW-Np;cU(0bmr;n^*;YFB8?LeLmoA3_y z1(Wl_nkoef4D2gv6soWIuD;sHK(4sTyUo^xPGVK@C+4I~d9ITnn%!{Y;v6wqNqp}h z{Am00Egq>z>l(L4sU!t6`KxLBILPELl{aDxX1OnNZ(ciR8SjPEUWw?lvB;WLUxa=b zPy$b2od>p7=yK|sjnCiWGQk_uy;97VWnOg9Q5g`pcd_4LJcmV2XTF`?EeBTYRh$|> zb>52bHIpn|jvQrHPIfVj^`Mu{<7c=Sk|=^9%hj6Zls*_mA?jI##ype4#~;m@clKrT z2$aVV9uodXlMXb!zwVau6QV#36dz&=yn+fQ<1AT~x=E{FrrOhU11{A`Zc=9u+O3&s z^_zxhc%J(1Y4yf%FJ>2IwUQhaFGgBr98WF(!M;7kHL#EZh+w_rCm>B=EZjTJ3tf1< zc(~P6GW<|+Us!QEd2w`c(^N6MROwLhcK~!5?-;1R&Cc7xp9TeWryh+Zv=%LFZQsn3 zPCp8uLPbrWM1jVO3JWa3SPpEPn2U(t8!IA6XUfUhexqrC!#}B>TSJx8XqU9}??(;m1P_k*AaI5zD2E7-&>&pk8 z)r;8M6}P(-oT(%W?J1mHya3iK9}ZB51s?lh=)(hre#N`qjXG+tiqvL}^zzHr`ssSp z;%d&EB~hD}Lw0t$CQmwd)s3*JdB*i1@}f-rI^u7tkbx*7TYL(cS2BlU?V}nWRyWE) zg;SAUaZGD6RfN4Uz%JW!)M#xJ*{o>5=JGie%Nuja6so zQ*AZWHaBffj+eNoE)-VE&t~F9&6EPd%VpO{Iew)NLA?BXThUh^D@A$KQ<}fF`!^)+ zYXm|z9EkG?Fk$~sTSEtG6F4-%4bBrdPlQ+an~vkxh)gHsX%8o$%r%s2*G6X~H;3<1 zXV4NQ_$FN+ok??84Pm7D!=N%hBe1gJG1TzxYWSZJtM z(U_|43ddYk?(a&OS3isdLU_&`Q4(YfUhmeKgF>jG^Li3yg=Wy;L@oO>0o^h-xpnYf zxCfR!96np?t3}ZovF_VWwL`hfou%Y%ECHl<;fKl9hBnmKD&L9QE!N7xKMLCYP25*3 zHOo@LfoCywpYQ+xt-6*MV&-oZ?NadI4)P3Gj0DxrX*u*il7rEHGvQ)YasX}5RuNf; zKa}_tZ$wgRmL1vzQ^12oc~dmfO|0`f^h%{9aYSvXC^j^x5>g%s0hJh%07eq!RM@Z| zXbtnGv|1b^g$)>tSJ|n=bjPM?_)9=*F;#aMf8y>oTP^jpnwPE0C)wnq!!XqTqR_F! z`GWzqwJ2rlZkA#1!xGH10R#Obi$&+X@P)QADkNaMd{S|}Ztc>YN0g6<@ka01qn@&{ zLru{BoBr%9s=8}P&~OPAvWe&-G#Ef(p$>I@k>tthaWZju67AXjph+Vk(QyV1MkcK1 zC9d&t$9WA?aND=l5=QTXM4S*mB;QWSYVSxnan9<#J*|YRbX_Q2Q*Hk7vZ>${(Wd6eSi-dkAlAhIoNlp-=Qfth;#al&G zP~>ld4GS~Zx?iQ5z;MKbe<>>dBwdn-vNA8G_+F&AP zGhx=4W6W}#WiB4sad(@a#QBA-Ua$L8v>031%F;4`C`mN%SPpHJ-q{w{uh`O3X1F~( z)nPFEIACYoj7vKT2)qDkYIuAM@0cVohu%C#XL)k$_B5lDG3K&l>x>LG*Sn{D-tkE} zKYU5;I;`G54JR$U14jfXl1Uw)78Pe~qWL*W1Hd3G@j+De`nNEl6-@BOeY7`3G= z-Ei=Ehss;_d~X;Y6^E#3ov3LfOi>K5!rj!M4y(kD%SGQ3Mk;-R(|I)d1?gbl#@Xd0 ztp|N=eB25{|GDxuD=Z7E#CSPuDoLXM1`?MhTMTnTj;J6t$2!7PH;E=S<;k~!F2F42 zFFlOx)tzJ$KKNgT5D}npp-Ye#ffq(%6vbm41S1LyEuj75WUO6*|1p8(96%jeW;lJ& zKfmL~4rXIlKg+IutgcSC_uK2{`cb|VE;wwz)D3aQwy+aCU~{;Ge4f!>vw(;hWpjBv z;84 z-Ac$#Pe0?A7jU=Kxf0p#edBSlJ=2=51ZYK-l`o#P)x|Y)tWnEsy!P)2dt*=9EjT^p z1PWs!W`UtsskD+9;*fT<=)4BN&X6|*hE}8T5Ng;bysQZi(xOQfmoyN!b2x^e6DV8T zlw7)TULP$g&BnuPT9Ad0*R3?vFKuT#moW6iF`EHfOBl7;P8hTqo?85ZMMdcOz=^|D zGth_3WE#kZT~h!&6RP0lvHxEm7Z0fALh@Us|nO2TH2( zB}`tK+9EX$L4*ufvFa)&<%SSS=A*>dwi~mIOf!S#xZv=Hih_RFfAHeGoKf#ri0Bx$`FPKRjaV!7s?(jZvt589hd( zO5?Gu-tiAf;nHV`n?3;$2IWrE_->Sd4&;Y5bj((Lzgx{Vyj0xsPo~C*q-T-!daMNi z)hJ}uCWUT2z3!fq!;iu@csQz!0w`MRU8Gw*nj$Q(!cQa&k#dKKiatp+A2N;pQBW(z z?aMm14l~9l-D=rA!p^QDVug`8Y6Jomi3Czw1m)kHQrx<@mc_8v z^kXzQGO57pV22a-k7eD@-45cFRt0c%9k@th&^#K0EZ-GWZtyBM0Y(4Ol|teUnOg&( zzde;1jA=n3t%gA~2Utlb@o*i$Z8+n=wZyqWFO#hK3FcM!XfljlZFoC;&%0c7$fx|U zfT#ar`^~?ZT;4Cy5+FDXr~UAzp}^7wjW8PeY;?O>)Zm3AxQ1v^ix+a5et?517SjJy z+wz<8_CId>Ow5e`YZ=Lkrndc-*nhPx1b^t25M)oqX8-s)DRXC&Ww*uw(IkL?(Z<>k zAyp=+(Ea$$Wn$`umEl(3&~-8xC^>)4a_)6ZCy1>f#_HvKHuHG8(TSuau^dP?Z;M2U zOIZ;qBhs!dd~8&6#+#RQGX0`!&~?r?&i(pk)HQ!2;H+Oara6Dp0GTn`Xzl{h|4n;ecqnd2tlO^V9^yoz~8IW z!ub>+r&j8I6ZVE+@UlgS_R-R;u|ieKL?V%{*{mx*7bS$uJGaSXVOy%42Zty{!j&)$!Y03ZXwT6-=r=P(zhLX1)FoB!k7w)nJ$gH`ZE~;4VP(VS z+MFqcHxu?=Dbr{(Y|GZoOr7921`43dcyd{WUyh=eKZ6{;I^n0!FV^()ZQ}WOS#%Xv zh;F*v+{h0L)8CBk$P46RMoFz!Q(5Di0GW}%As=G`j2_QB2$xgb-hyhai>(C(eHkPS z*mU(|cCr_<`O@#~e6l!F)M16}Tj zt=7Nlo#va!Ne|Ffx)nmY`ibYZ^mu!$PoGNv;c`aC!QH`GhHeeq@f||h0f1BCxYFny z5qTm3?UBkn6hvvWbV8VWpx?U21%VzR(y)ckkkqw4AlINQ1e83i02mV%dZGaP_n9aI z;~McXwzz=R)i}soxOxdC|G9&y%(QW#7V-vwjibfAqcU2biGHx@*|0v~!M2q;fVWbx z*}qpk9nSxP>=`=OGO&G`zWK_>E)fUKKNS~|QKnsSNjqaO9lQ>Dv>9uw8$wT4GQ2+{x?zMB0pAyX2(Kovhf$D$@PH?SZY~WU zHO3b;rv;JpX*5o@t4ya1eaByjd+OB3_Nfi{@XFi^+{ zh+s=0!}FJoyajR2R$ncc!&%#jL$0)uJ7t5}(xVe*ZnRyW+z~sYl7vguFwuMhIE}rd zn&ke=kEn&JB^P7j|*`sKwxw&#YcZ>VkL$$EZz8Yx1S_OX!uwr_X zk}q*g5{COHunE3Q1Jfq4>F`gNkf;Iu;ZSQH2r-UP>i)qA2OQ8dP%>zcESXC$GEoYb7U__YSoq%pUq4X-OavHD&jCy>$1YDFR8mGUfAlI)sCR z;QLy64!?1vB42<0es}lDT%#h3?S=fw)4DG0=zGD|%TLP|l!Jxq{y@5YsMh)43-?Y1jAv%sd4!-(P*N zuhPlk8+!wfSD6UztCc51o(Qbk^^37u?pbwt{v_KnzOZNl3Hb!MI1(vqIy-@L9`>`| z1gzULjf>3({E1e5t^NAfmd-b`-h|%0K8MiH(JfRvmh=s-8i7{%pL(nR7*N2<#PPr1 zr2K{>{n}pF>J7@^QFASt)HOECMbdP~>W-wG^l;+AqEn|uz)%%(K0oqI0U<+FIi0pj zW}*X7yUw`V?B_K9u(thiUG(I=>Eb|7{i*Qq2er>ZqlJce92&itGT?%loeGc zZKH}*?h@DC@NLnd8?4L^bu6Fl)dC$V%vZ+e2)%BcrJR4@BPLL5Fd2@5zF1hg-mq-MQ91)I+T3-r93 zDg8DwL*9cFJprShdn!)l&7NS7Y_yMzPctA_{OQ3%uO zl@eTMB#fR)vKj8klsOt$HR0`fbtkLbe~2NoY89~o(;PfOu&|SH94HK=5+~DF@6?mx51VwAZ6QGmE8;A!-9L&e&y;0XITl{(uVmll<-hb==^>>#vN9-!ZH7HBDf_yH@Yt2goG{p| zV%6s=rRVggl(RP}k=fx4djy6x^Di>t`(Br*?}GYWk~t}8kSca?^U4HpS!?sLw}VE9 zHmI`Eu-JJ4^U;obI(F7KG3MHKwF`)M*p6>xUCqDqGH}yUu8`wa`0Q!(enCP@hydqNT~k%!aj*Utp4JGc{kCQ9RrT@AFjXov2}jc zhIptc{}exZVs0wwaBh}Wnij)dT>IF~-f1%E!^>}7*y3E+y1hYOHxz#a{>-5uo|PjY z&<^~8AViz?J>EmNRBJFs!|La}H`kYK$AO&%C*Qn!dwgxC{Y@k{&3rX1f${~i_&C+V z^zV7|0e#oe)su;%({g&Eq7C-7+z(w~(Gl{z%NR09?OU|EU2R@SzYv=ZR%;(Ch_HPw zV@?3hthDkyZ*Wt*j;BB8#V)gPN#P_O{=C36v$e67xVX=z!kP&K(Z2F(Jr zlkl&b_d?0M+N$mt1tmM%nRP}@wIi$4icuJx2@VlRa{Qm#WaimSR->TbN5eY94?QHi z9I!i1;tBoVqE(*Rq}Ol8*>|+r@l&b~Ke6YT{6t)kKqZlkj}m3Z{(e&0^3R!a!yKvO z&e@lxKj!?f*jpepYAx@k*t+~U6z=&VsGqfwN+`6eyXEHhR9i={G0r3yTb^d>xKupX zEHi>SpV{G-5Bc0ON3JgFCqbTOmqY~ew~`%C)>?DUO{dqf7j0tdKv0|y%|mtJ+^Ve# zrq&u3NT`Eojx6l?mr;%t_9_Z{eA)Wj2GaAHZD-(Zt8?Z!5%DO17X(39c|$$hG9xdI zQ%l=5Itat7F5-XIM4riCw+6-jXC+}{_>W*&Cg%S&TJKt8@3)d5_^s&=5PJ;1`8mtv z>$J?WOt@?hdp7c7k<6kgW2%JIl=%C;v;zYU##wjans1`xa<%vD*uV6~gLqq6SeASyKY69nCQ(s4ao;Dy zQ9R!Q0m0Wrwa{Jv+pymY8B)VE8=ZIEt;1|t35F%>4KmXh5_b~rMA-Sh^(H6#)C z^~H(K?9zm>3sNY^7Z;*0OI3euGZdcm7|X<{i=jMcz)*!CEO8d-1nAf4Kh7++54c&uE=b#PQqg0p~# zOVQc^uTeLpNi^|d*Ke#m$zAXlu-A_(REAw)Kx>2Hnl_Ash{q~T*U;}4Tn`dW(BKI`C)D;^bLR;pP7yQ*KsKKB^T=*$^%OeoKhK{^BEv6_P#_$B*Xo~Qc! zZc+MZ{!U6-B|p7eYs+>7|2~pHVCxhgcQZvXL=opnUTo4W0#2-fh)YdKjx!P@$U7=Q zxzevl*2e3+D@wueOyBr9X=JPnK5hKS3n3)fQMuYNPxqEEGc}AOpo2fVDv|4tZaBv- z8OTROPl6bgX*}EmPS+Qln<;=X7Mwd5gfUcz_N*`z!n@i+~bU}eeUmbfqaX9`%=xE}vj`Kp} zwX9?d&t8>8QjQV(cZ%KMOM;_r&MVQgI=ccpR3|U z9%h%LpB+qV`A6sSCXU{ij93X2cNRA>lr)5>lt`|7f1(W%WIAo?RT`Ij*7YtT^O@hx zvli-GtnKD@_iClw0&~kiMRySUjiRFlc?$*$Y@Tw&oEcqxX@P&=O60ac&hFB)Nmv6x zXwNAHyY1SIeu3{>QZxL${XYnQQ5Z!keMxy1xer)L+ZarBNB2{+#L_x(&7m!lv2Tfw zhtHc(fOOI06)N!PfMC5ohxy>y(y}wBn#6!4l?Uw|=?^Nt)jkdAmwz%Z&GaauP8AyX zE`G|iTX_2ke1*XVCD#P2uAy-`BdWkJWf#r zIF}@ZWY`*%SMuqSJ3OGXg!5dHK?)D+`Dm?eTIZ*L-g|7uYj&Xwi<{_2$xZrL_pU+N zLiVP7s=rV+gmZmw1y1n)c|x*sGX8gQ`Txl-$I1Ht+2t5G+5We^_>PutyiOaeZ@zxv z7#loRWQhnA1JE(B9dxsR!AIfDAbcG&MGP4CfER4ZPj7hE!t~ANEJZeVlZ2j|=k1-8 zIEkyo#cmE$IEvI1rvx0QDXf^EEFrS61eO!(@4`PBx&x&0R0x(86`iG`-Ko_eO&uXC z{zNK8XtuPI1fvo4Qy?ROX#eFfE)we znVqGyASJXubpllUxjSlBeeCIytA6dricQ`DL2K%aA(9H$`a#pp&RPScsf{%=yzWB? zm_P{fj^&_Kya`(H>fX<=QY<{T$lw;dNC!-#oil+5wlVNZ&|ySQrSt+FWSN)>0R?i8 z>W(%CdT@``r+rM1noGnIJa7#(AE4yduz-~*s6L}OyRwvR4orCAWjtly;hWyH&q6+Q zpI>a1MXfJI{>%%Q2z#kGy@-gmoE4qXwv49wTwd+!UKsV2$&j2s;_A=m+6x1l3JKET z;rmcLf3KeJ+le`9v=&OXLW+(tplpuH@LE~&7gsl!{9YSaqHH|EU+2&8#cg{1lO#AnZ*~jzADVt8{llvYY{H1z!zWos3 zRQ1nS^8md4cavsqA7I_g)3vub;n^g5^;7iB$8~siTlNe0?#0V@!`s15c6}RvI5oH) zV*{I4Y~=3tzNLB%_egzReH+HL)mTYfIrF*RJmEURrrtXCG2kfQrq$QOP@nzB)83x$ zk9*6vm-pk)X&JF({hGh-kL}lt>J2*FH*H!iXW22yQW0zUE(&Z$Y2*i%mAudlR-JB0-9li4FKP7BU2W2`+Wag@n_WDM2O+ZA6KtjKOAL zh-wk?6;2Y>6k#IK0>U_OBugw?pb&>>@xcm|@_P)`4(8D~hPVZUu|Oj8ycz4~7#~J+{s3uV9%-}`}{n$?` zP*O$S)3rsS$v0^*D8lGM5L^if!z4|TDKIE=Fv17GsPw=UPG7jmqClc35ixKIAc_z+ z3#ds>piqF}zvC1D=nEM9fW-(1g%I2fQN)7vk0>!r1u$ZnA&nLV4q(AJg%Q6-nA3u0 zDd{j8(PhvO2-1JbMiDy8Kny-IGjv)gH^8R&jVe|(s@zP=+~mNf6B#XGBWu7YW*#G_ z2|Rx!>-S6KRzqG;6hR8(xNAea=Hmh6sN9%@zMQohinOVbqjCx1$eJqo6-%R>^ zi>&pF%xeER&S)(iS+6opjxk*<{J)Ra6BE?Z;;e!-nrid0TMg^M)bLYMX5n#0G(MH$ zKV}4%kUWw=kT;$sQE3RfhNq@xToisMrr|r16jA12{Afj90ZI@*Hw$J3v>BKj)XM&N zUPQw6ZXM-qT%l74s4fF51O=QIc0g_tBGy)#WC<$zh!R4x2{;KT>FwOcZ?9~Zq8d*o z)@|kC5C%axu0n}FxaUCOzq3N0^ay;}9xHt1`qeRId)!Yg@V?c7dRLZjE-ZiC*gm+y zRl#+w*@f3)q!}7_EPorfMRE@M+EGN&^Mmf?M2W+44hCF>(ZF+(6z7}_IEtfT7pO_i zI2rMh7-D7dw3xj8aTfwi@iJuzJiJW0rDL<^6fYW6h!d{g@5Fq5mW7w-4!k3dq$Gh( zXCkS1h!-;yUdi9WL81Lr3{%RTR(L_-U+d;kdAE6d5J;k z73O13?7T6q!=?p`T{$mC)tm@rTQbPTWPmNcXA84F8gLDt1-0<>5xrDF?g~MZHVrWzI4UpkUjFIID zIp@gu1UBpsB`MCSy3R6PfOO81y@-IrZY;qUPE>hUE%Xt(` zY8#B+m!d$mhsaPMc_aK)-Lw*E-p}0n>L<&~cFHB(sq?cM`C1>&@dr5bzG1ij>p;>Q zw}kM7U;)7##4!KCT*1H5?R)iB;_bb32Z_u-)a6%>Ryx`3`mQlWn@mDEPZ{@{m89zcUb9{HgT1`G*(fyYmhFXR*^ z6fRmEf#);CDsGqV8rL^m2TnpE{)J%%H_^B&NEK1R1FukW1!0Obxxo7a4%weW{69Ms zHU`%JZs?aWwKI3IAYf!*|Nn7^lXl)>L+HI!-XCJk`ghB zBULQL82NtDML-c%iW;R%UA6K?q~LMu)4jR@4=9k2C~yzP7YlBpo>dGX9zntK6_J6S z_6QLwY>42%BK$omDdba3Iwfj6Y z)bVxYb%cNfXmoA{IDHKnU{xcz45U!v-1IRpXfbI&A?zT|>A2Uob1@QvV!Ex+MHrq?oi+C-9Zw8u;(W>)mkw@NS zbK!i*i}#OUfUr8fR}(Yb$<}!4_()tkF(&oliuxQEoz)}D80yJnZD|igf9;N)PfvTj z`U&sz%Sqi(&}C{)QfC-EIW)M2t7q4y%smQb*>T3Tczpf~v}q{_W#b<`aQ)FoNFJcw_BW z=9iHakxRCR1J&y?JOMTJSnD=EL?|orHE8-!_SQkDX|%Jxls!wgi{V!xiQ20JVFrg> zfE7!Nol~KT1{eiMcF&XiV}5O+S|5m+qP|-ZCmGT+qP}nwr$(C zjo#mv?&K!-P3Ly~s;s2`R4QxDnsbct;JpxgJG&3wWCPwm9yD}Zf>*yyp;uk6va+*L z&QuB0-@b5?l^Wq8FHie#B|_%SOFxy{ZH&-tD$Kn;|J%#qVt#D*S}4fDat#&ci2U^V zn)VWuyB_Z%FWWPw2|Jw%i2OH6o75EweltJhb=6Kr>|7wCUvBl+Ps=__?tT^Xc@sq` z*>}7jjcq7**yWFNMDF-mv?(3qTCr}?+i*;%Q3>?Q9RhuP+FD72<_~I?EYl4ddlaS# z?$AILO*dIjB&o*Mv%5$rQDp_us8PyDDY?I27NWo?wllvD-Y@NXp!No7;68iXbUE{G0+|e%(59c}-!8i|-o}@f zqN>N;*c^`ORY=;dDbZwnP7wnwZlyVkcl}@` z)%b9GczHeFFvC^4!j%+|LU+wdvYX}fxKAS;`#A8B?T@yxSFlCH5V;;tFRk&J=qF3=P)|KCeuD@pn#~cSvf655_{a1)WOKc zgD45cB;KZ>4+~4_d0xXlM>hf&<2jDsNkmrYq@TBc2W^j=+R#7pRaD7=XvWb`5-tWdLIT*RKU8#iVxhT;-(lc zcKSrC^6f{Lm*@h?3q%+Rgi1^NhF=vO&2Mdps87#7t7GskGyo_C?0jK0xjWh1U(;;C zGuKgC*{J_xI&?+JVnvyy7SRTT4+BtZdpes-9S#UWSfRsb(Fo-{{<`7O88M#&%Ye}s4^h3`4+}P_8p@kB6o$LFeEp0SblE7q? zcl7f?Y@*fiP5I=66e)`>46v6ACU#+iSQ+#wKJcI!b}m`xCLJpl12*gyKia=BP8tL( z5=YyYSlpHcd2-3l#ePXsduM-B5!YLFg&o3*vep)uxO*m(SqNbKPzl_D<5p}7MtWIb z7nTx*W_P$p&lzl5F%2sIOckDJ9;`Nop8<*}qCJ%O1}cyt{SZjFMh4V)Ou~Z{-vP3R z;K=CWm5KQBM37kQYdIC50VF|Fv6Nds)iMN)yabPjbMk((COk8Dkw3n&K% zgmAY%FBg)hr~oC4E%;=O^`Zs*R|AdgL8<}jWoP{g`LSjM1LI@?W(bjW+koV20l}va zNV~0#oaICFrWP;S84=Jbc>wEWH@&gCRa_x|KyNHmS{E(HNETg34r+M&;tA#XG1uvPT}w;%U-Aoz&u0LDh`?ft)0qHOh6On$e>`N<#wzjp zOHZOQ7{T{EVO6!NOQsut1$O@JSa$i)C{Gaz9=8`a2#4v-$+fYCToPFLwiYb#h^P9Oq&&Wm$im07;vt^-y%468v1ikDXWMiIb?(QfOu8cCgn zp>`}Hwhzn9l?$xb(Eb&tu&<5p-q*<%w#9G^7L?It193j<@OWC8U05d^LC}Uf{AR6O z9yN4TdOrDjHv6UeL^m3O+DTq6m7kckUGBk%LM@PTe>HhxP<@&L=664x5&RW(^$)>8m zL0WExyzWhyFfva+SN?d}lJr5re-rfh-8#8fJ33T}m-?7U{g4jgK)n zP@NIEvCJUjZ%ozJWWCWQWaLqXUyTwj7DXvDPQ-V~99eluaJy(jXtCA3^Uc8f@2$h9 z=t1>Dse*U9O%;08CI-Z|-rL&bjJhuoX=dL0p42S2W27mkHzD9lHGK&T`z9oPSHC3& zRa77vYVfB;lqp8|)`^h{pig&Fo_?il&V4%lRqaJpQI4bv$5$4%ez}M0;AdwX!;pc)jG^36uTkaPgf(36z6`E5XYhh*UKo1IHx z-ad$mtQK)sF;~MIv@G4llRP!QHel>L(<%uT{LHe;^DLu+SMNRNPbZaKd{phl*d)Kh z2gg-Euf0Y5qiopTbuP?g1nLL4E{g&ve_wo%h`|T0`H-#)CC)58p zynIVT?-y%@;4@RQi)dz;6^P*9QNkk2+-5qTnc*SDjcIt8%4zNCoAJ1@Q%%C4e_7~c zSM0KoMpRq))zh;D>x74Uu8q^x#`}JRdm<;2-wU0&k#-QocjtO2!B65nn6)w3=CBjP zvsb<^i0a0P<-z1AuUY+b$ z1Onfy`|IoU^ZE3K80=FagmWHvo-a;?Yhh?^%j}%w_RA#%2`^|mVY}(?Cqbauu_w>_ zL8zvNGjCI*&~IS?gw*#HuPD^ULWD*vrW5p|s;98dvC#QMACTd{EW1gpA~u~WiS%z~ z^Ks0m(E*J`M$1f~Mi7Mmbjp$Cn8jW(;+1A)p^Qpe0pq3B!#j%W>#w($mA99+`G9&c7;%qrN*B0X>sy7Rd#w%@kPf; zg0k$}ey4OxIyDN6D?YOr(QII{f$$jeV%G5lm0U`Z8!!^imXH;T?Bs|HEq;ZYRR1F_c!hnV-Cn?gie^vIo~OAe$?}Ij=Fx zGpLJQy=%Gqq)dZ~71GL`V|vX+ib-d!*8V)-RKehBX{_Mk%|HACgdjib)<39c_Tekr zCl{8!C%yx=%Li}vY^8uiJQ_EVdu+F_Z>xX$Ur6&1G=|&zFU#h$jN3>Ep)V$stnN*8 z(}tdM)YZvN+v?wuo4y;Z3RR&DiuHUGIL#drl>U+{uu(;zR}5!0o7@vX3D=P>;thkg z; z7s7OD8T{d8m70?m`}3-)mflv!Pp!cU`QV37B)427t;EYGlg#RzFB?p9DK!X z=AJQBx+;`v+DlX7mOlyyaGDCHly`Cwm>2ZUw68BY>aZT_x5Gx{8?__SnB=WxZ-T4c z9FPo+6ch#Qncoitb7y{vAr5p9mswGE_bm@Iwgm;W$8g77#u!Ub{H$8 zO8rb25u4+!9Z)Zb@6~!iH-(&{(j2&{x!Fpw`Tg4L4MK{3o7k(m=`7v%Ec42u4`*8t zQHD`OK|n0b9c0HqFdo|gy{_q!EqA|&c;`A0ed%DK7^sqth6$C;%Nzs-@zu2jZLJu` zl?$-1z(c2(Acf=@9ed-Lw5gX<^ z`mO22m~|KXC{HJkrQ+eHg0LinJvNP#m@rZFDiGR9r9GUvCbFR%nBJ^cWT6+sNS(K` z&TOiJ_MSv-E+99dRHL&x%zD%*wj_N-_2$`N@$DL9W1u93*&4i|9n)DN2>1+{NOwF3 zzJe|7PGE8$C%JP*v23Cx%Kh2dcNNHXJr;=gQ-L4|iQ|z=hV&om%|ZXkUv-DWRt4c@ zWB<`uT)5y<)VP-`{n9G1x>p_$lvxtN0!Io8FuX&=Ht2k{Ap{}CEpjKwokb26Ge`ri zKEgkR&2yG}lemvm$>vrVjGNA&2Ke|ppE0@9w*In#+ZO;kB%^jNm>n9z+C} z8;Yfz_K|8s#NhRSP2>RT%;Qk&&(wb%^W*L5)j1%n;s@^Pjw=Q&=JVbmC1)K>rlzSP zdb&%g$2J^t4}f0m$h5N|9WHCIRnvIW%@^4a&9R_S8mTljIq_Yv-*9Y;eA36i;|vp|lTMEd`Y>c( zmX!r={5r{4;=y?>Ch>_0gtR`-6`Dw6b2-kMNoOnBLG-Bfx!f25KKcU@2XTLXQpA$I zefVHc!|J}qdjR0zG6;d0Ot%08!Xk(L@Xr#hPR7_%+-3Hl#a@fy4I^JTKfqB;K8pXt zklnDO*y*}agEps_iyjfa%nP|B2M(K}`tZcnc#-=~i z#SkG04QkQ$K>yCbOzEbhchXR4;Djgs8TvK7%ok3FZ^C`%nq|JTGlLt%oa8}>y#XY6ni5W;dlyT06qep+VuP7wc1QomWA zTzB&e-)(#1%l@(#%fdJ)L6jEbtuqug%*AGsDut*rx8OuxT)A*kA|Hh{_kT_fjTMmr zjl2cSV-?_5tYTkiUP1ajmd0(HRb}DbkaPH*N{*Hd1Z+*+c zonUjeRO{GD^17DRIqP)BcbGU7pu-!?Wmx{3hI5Wt@cpYu)5pX*oN*Uo!9+l0v5E|9 z)k_5K_EXeRT^_D=%Q4A4nG)@lAQ85k#t18FER4j7=fb+3Pr>!Z8-p_vQ*%8QwbA3s z+Y8x)%EopaAlYaib27;B!j5d-2K*RHy3;k(IQF~qpvQw?tXD|Vr)x~LS_{G&-H!8+78Rl#dwbXNX z9ctD*twT7A$r>lBXM1UMazRlSaX=9O{bzS@{5d<1!`%EBR{v zM?Wk%S?SZM;YqJfZyNrdll-IGHAs51Lp$T6RgHEsv2_15b7D*8ntw;c;yBsn;Aw*S z29*|b(&Nd+-tO*Zd-akAm8K1AqjNU=x)6tlgm^b1&ZTV75X#YBE|0#Mt9t5#cdp)pt^V&=mRBmGse(1k%h&Dr zBw|SB{RZ86un4@iY65;_DDW>9p}2u>zUVj;Hy((ocyd135=4=EBv1+u)LX&}JH^;Wmy2S<~JQaxQfwwavK7yx1TRSQ}#dU?V; z?M5En0Ip>wRtqys5kFRJP3!W>K$6I% zP`?KpVVkRDmvP*J07+e%K0uXL-|)wxAl%{U%DM+e{`e4LZ);6=41RbvbCd)Eh~UWN zKNyXaORqayo03`SvBlqhn(-imYAv{iB5-7mFG_k-Pj)k=xEU1HZn~9*k zI11=wmlUB&RYv$9GW^I8pketV-HP9`HN3|=TtS7B$Bp0BpWt>xGB!a zHbhOz@RT&^V1?l#Iwp47$vJ=5d=oehzdo~!Ie}aXz5xU@Y4QnAE%Kgur)5kX2nSIn zuhDqn%&=i@Aj%piliFn}7xV)MA zk%@e*3%`RQYEJe`Rv}1pf6NDmp;^Eym)y2+r46~g%BA33?MXr;YL3QQpHy@JeUy29 zU1a{mhYovX8ZfP7Hx#LSrFg0? zy$e+Z4ArTT4lutHE<$Xpm1rmaqdos)Yo~F0HSfijY8?>BfVw~0Ym1S>u^M0D*gYI0 zUf8f1XJP7G`#Uw)L-&1Gp$O48R`Ovi-N&9b5v2ipKgg>M&G}fpve}X#2L7%+AE4`X zWMJ5@F4~<^f%s#E8cba5-1{J5aD32|VOL|mPI*Avuqo&8FqDgpSl|!(AfxH{ScL@& z84!mRGoE?DuCs~K)&R(Ruj|V??Q(mRZS;b_9V5SWkjw29(nR*ryO7;}(0f?c0fe!H z3&^wC9{xnXn#*|JTD>_1LITbnkMEo!_8Wb~h=zoEeZ85>4c%{EDs2Xh7Tq|0sRQ9H z5w~EKWjNmaVrTUMXeLZFkxteRvmRyOhCIZ&vsemG*9 zR?2-f_DiDU7!`wb#+o%zC88#_RBZr=D_KU1Jp9qeH_ z2!qNWxSHzE-+>%Hrt<0qSO7GN_Yvomw%( zM+V|6Lo}qwjL*QCjmqxfE)XMUdYnye`;JOBC!`UjQU7J5shRQ)&h92+3`$_Cvpzut z2i#C%3i4olc$+phqp3$fUk+a&qP{WLK1lI9LokOHuACbJ!}VZ@k#RURw(CV@+4R<| z;gt0zxr<{UTpe+2PZijjL61hkK+Aap^64#@NCq1U@Fy8(M3k`td6&DZal#lpt^#1D^zW-FgvHXX$6-M^|hhe(L zhJA(vg4c?=LKFQcs_Ze;o!LGP$D5xLgd zcme<{Z%K!|3qF7cI^MHxWVXz2m@Mw-g!7>*)YSFCub^sy}R&7u!)aliUd z8r8i$PoBZyO^sTFBVWZlPXl^(8RO7*38P<7gl7?y$J-E>>>{y;XC<1Y8kL6-0%>Rz zzl>fKTya4KA|THyv981~QceiR{o&~J5%?LY^?Q6EbZoSPts)r@p6FG_mAs$;(Yagy zLGRz*TEGE1Zv_Z37N}RnCtL-YkWeELNHY*7A&w$;X3P4Cr%bJ0*-n!%g5stozCKAR zn4#Kl9-$6#zVjj|R0io#ssVqRY6HiwaTKggL~yY(8`b?M;z`M5$yJB}_Op=%yq|tC zX}C!aI%)AIt0Mr)cU85gi_e>A|LdRcm&*eGLCJe^&yF1YciQj>_=4;EeGPC66Fm!# zolvSkyb=e2gwS7@SnkP89Got0hB|ks)5kIBKyemtwu_ZF3;j#${Bu#ix}O{*0` zp4u@Jo|!(Esm>YUJ0zSqf=WA~U1*cbwn zu=C58SGV4cI)DR?(u8FZpnQD`#Aak1p`bhWD-W95rq8NTP)C9JwRZ7Zv{SwXqIrNh z_A*A~@00U6TVIR-;bp`@Aj17ZRgULjuVQ?rW)TqCx;IFZ;$xtRJqt)b$fa@ERux6XN!!j2ak08(*4MA%+lf_+2Zu-Oq% z8|FBe6_uM7b_23Rv0iU5a3oPh<0`=EwR)pz?ktGNuLYKmS&~{N2iIEoeq(Y)U|T~w zw}fm|E`YxaDb0uj&?g4qS^{}dK?utTlE;sIV1f}E8~TAjjA&2#mluJ(T?~V4_4~FA z)5)O1ANnv+!C(}%Hp~c?AR$K4Utw2~f3LX;(D;P8xv{qxdOMx9(Azn%qa9sJBtQyV zKA1Ne2q7z^W-N__cWO3X335FWD0da2717Ir%vdJKZT>Z5us|03J7ecVgw$J|@shqa z_XDD0j;?E1^Kxp;oa|2GKhuO%YVFi0Gf(WMM~qv^=0{zlybsDW6VY3Glax2+lOTi! zoZ!;Q&_~rm1o?DNA2(?pwI@rdo;Rb%x$CB{b}ZQ@Lm@QEyu#^1`3F_ZYo@OKY)IC9 zpuE{jwACVr2`4<+Oa}T8NTi}jR zHO3Gh?=oAtkh+uS3TnYJs+(*UPzg+k0omS>8#p)R_9(6J-RNI08f(i9Ah)fMKz`j7 zGk$E#W_od?!D|l|Y-?Zf`H9tpsZ^Tyqhce*FK2Tv*hE>-ydKyfX2V2dS1PM9qr-ur zmN7rAi}|!z4AW8}%W?cD*F?Ggw2`}7D$B7}%vNMQX;(mY+OHtOTi5pQ80@4s=b0Fu zhH`_a*--i7w3eI=w~bJc`<&tu1O-z`K^?w4JKB5ogZ(b|{`7q1qh+gUZuC!jKe6lM)KZhl(1PViOH ztIX7_#Xc%G)&^>D60VB#(W_%VieR$Ce%_m!(oU989B`XL>H)?R^@N%?WIW5EtP1`Z z=`hLpqrei;1-ci3v3+kfyBj&*R9GGM5j8X*k=sfSN$~6}?(V^SC+e~zVb^RPM7DjQRjm7swMJ4XbKCm)TJi{A8r5*_Q$6F?X=kXy0e|r;Y3V_ zG)w!r=crG6)}Z?Y{HPD!A(Kcba~c{!@IbP+s0`pm@bk7vkpkyk=mMFPFhAx}uU;bB z`#+qX3{3x3iuQjM%l{X)4AbvZ|3jh3(Ek?8@BE78o8htUgcCt90Pg`?Ks5YMk+q-_V1zB%!!@1P+M};NTS_|V#F-VJygD9J>XIK$o zefq+zEh7g_$|Vdk+CBu%)g{^MRQc4`{;&{3+uA;!#s;F-tCY z{9&^yQ?oBzR&KI9El3LNdqQK-3u)CoC;)VL4Bm5soEjw0b^Ii-Y3^m9RP_Nzt!fC8 z9#CwPN($x!^JZXIz!7^9|JgoPhL%(!en7lQPfvWa3Ti2R0aUkeidMZT!!^V2YU1<2 zCT(K$tOP5P+uz~laLP6UZ8_D%`SM**bqaZKaf-$#Ys=u?{9KBr6+4e&zz6ZUu6jTD zWt^>s^gHdji-B0Mq(GGjic8KTG_vOS=3Qe4#$YzE%eZ5~cEgvI%x!JVF>=vge%jLMsL zJpUcc+(CW^m0gxVHGG^6we!lcn z-wkB=XzSs2gH>N-#NhL2%Alx++*I>#e!qTSJ$a6dxcGE`fB$OdZGEI_a5#!_BZBk_ z3fOPv)=@_k?U5=ua@1~O0>DD>wB3c?0pfw96^ zVk|P08Ym3p2LCRw!Ymi`ffsP}yqw?ekM#It&iJ^yJj_%KsJGno^my}+ly~xd?%j?I ztkjtEz20^Y4YG_66;P{z6V4K*pIlRWOAN0Eucs_%=@t&$*y(MPaje_%6dgDU=qy7*SY@Y^-fu_ih=Ov~U!fYf)F{(7+ z5>&j_Sjj`+?E`6wuW$$glDN&3(`fqPil1&jNo9Gp<_A=?4bAj|g}jgD=}Wbq2+26U zo`9SPU!{W-4YU`|ho#tMUdv3W6gca;3NePJlpt8+8L=Z2wVKHtOo5?PYH+_-3NZM4 z$QK(C_nZlJDoQ*qbL}ofM26{Ui8xjbSR`#qZ@@-UPCUUBuX7+d8Ep>c@i#w- zW0^bqWvf6n&pci%N+OT2rm${OW7OO`3>vrmP6~|OKZemQ>q`m@HVqr$Doo_QHcBSJ z9*PerntlWauNzozWsZFec?=@jmxVDjN|dN$q$Ptu0XZDV0WVw?J}&#-YHVx;%jjgy zf#P67@tFMg5@*#=AX+-aV`{SdU`T)Yhtwpa$u?=|{5yO9r2Hd9DyQlipW>Wi^ukGS z&hh8zX%TD-O`3Mu23jM0q43?H4HBWxg%Iy6a%?&$PZt zt`%5sw%t2E+D(bAfP#{?oOhYdZs<>i#Pz8y(yL#asCa%aN_lsx(aE#w>w0%AXbdti_`gd)OqaA3&cz&`VhFuDz9OE;wZ4^$R$OR#|Zj%qt}dsmxzxjijKmvOpFUts|MBxE7C1yVTMtWPd^7R0Z-f zhYnxoCK`6*C99FR>Lkhwt^PaC%4dJGxC?mlx`x@$<>1D`joH&HH~iBp=Uy9*SD6pa zeb)DTn}By&2u^ucx5M8*4Z%&kI<}gWRZB2sfT%9&1n{dSePmS?9{TId>~vz|vO@w* z(Cu?}Liqd1L|JM%CMh}?wG~+XSy(>(5m*5l3#+aoSnHVNzb5+~AWWNDNjQ^|g}vq6G?e6sEXV=bg6*)#Jm}OS0vK1-^^IPh(Wh4X6mj zsl@~|f(MAnMltb%K6UHxrii%;Lk`tex3Jz?X#u)Iu zv`qu!Jq}KWlzR7je%enNrN!)Er+*ICz}ol+D+rqtJ|eL7AG`#y`3dckuLhL`Pa3#b zbP)xxNrYa&vN|^ZhSf6b56(vY@L4)>x(7x76CQVqfKiHEd012~} zzaV5h7I*mg*t0{07f&(aRT$tUL8HiX{`%($bJk70JB}fX}L>FT(GIZ#qf`3|9JIjmPhyW^!vB6Qm5Nn35qah~ej3(fj-!w5) zWZKrTW{W12hv&0l_I5`E>M z2EIlwqokRs$3jtM^=r608Cvk9r38Ia`r!jrC)e?WO$WP(CxE6(O&Tph*K=+ASOLg8U?^^XScg`1f<(W`fYf#gjVqNm>Xl*7P zdMSc3%w)I1EHf|Zt-4E7Mh;S0G@uNGoJGzv(tAJB-AFvx?+>ceccECqOUM*h;#-Ro zjJb95wCuIQiC;^EEn)ZWO{eqdmP*<@M>=gmEJ$u!$;pyaG;mv{9sJSout@ggi^Wzc z*cTxPfrrs@&sIybi>B#uA1HWN1E9K}0vJok14_+uvu!S zHhwd5?LOe+eziKeYCv9fl_hy(AI!Ly?@0a7YYi>P4gm-*{S1dM(U~DAj4+LM4V&uP zxyaoM%4iB;1b{S-^`rz)^Kw8K8~+n*%&b|M2y-0?=5UXbqQ>h596OeG)Y`U$5-3pYr?aObepa4UD|=9|A;^_jOL*F*y&-;wIpz|3_`<6SEbi-g z7G^`u@4X;uh>;bmOoQoP{@n}k-hXCOO>5mqjk^1slq8ApJ#Md!;IRMV&QCAfPnprNxo&K#3N zmPBu=kK4IW(liWgnjU)dmzszQ)#5E%=vAyd@J-CjsTZ=opswehkMs6Ov%AD4f4RgT z>r7OUn@*Z+ZWZ-Md^R;Up7Vtwm^03sgVx5brAyrs;A3tH>wwYuC{p58W4zD9(3zo9 z7JGxFPqC)^*@b*cb%GtR-W5(6$3@MBg(d!I(j1V30kOz0iW5-9v}7GJ~yv!j0d{HEO^ZpT;4huYE)U6sDW@Z}USSB*zIzC$dEmvh<2c<%<)CUYuUt{bVWa{cmFLo2K zh*5LF!1)7!4t4=8QJ@ajBpmCfh26qEsXZ=)PmKDRlR}mjH5x)jPnn5Rv^BxIGD>XtxJ*6Co(d<;+U?XJ~oiay->rh`oSB2p|3ex zK^cM22gQ6V+P(A#gd^Jiy8(CgS#rMS;D&bi1_q;JfB|pIM0A>v`0t$rckn1B?#h)sf0exXBo<^E0`}`+Rqd{4$ko zHY7VV0rO;9?eg}Ps+cnko0>)P(!x{lC2!#oT|J!xZVfSoo)+UU@pE$2^}I(+Pv;sUjxLDc9OL6HzMT+QM?wDcBa!-+HPIod*~1A zb5fEsE?}P-W@UEK^${6#4CQWvH~=c7PXW@^9L6(CI%ktVEW=a{PKj}bC=8Dy>u@}L zRJ8@ssnKecqU#_x)0QSCQz}WW-br@WkfVKrc{qqOo5XY>OxPbCi=P+AhtC&6f+7ulL7NQ*r2fnONq+?soaC?_H!lOdZvXpr_iMi1w{QjBw16nzEiK5H{%0eu78 z?iDqsw~4e335mxmr!$X?ib-uX8tcX84$}-HC?S&!&f0a=>82VLjjL;_Gnoi;{&!;u&@yp)3z-QxLncFw$cVJ@CjsCG9YsL zd4N7VgG6*5p|k<186vab*c9&~LgoZsAKwR`SLah36)zS1{Mudu4w*f=I^C`>d;9l8 z4#?8W?P5h_)dm5uqot8*IOzbu=_#|s34J5e#<$kTp~pWuB97n3O87U%#|yI6F__wq z{kmDykLBdYSpZXmwl6r$VI}a_t!n6b8=7TF@EYo&?=H}*cZ+GpJy-w805;W4d>P%? zq)cYKKahrF{ub#pl}b6VsdYe<)kn7j#Rbqvxsu#+LFdcBRz8;A-5NO->)2bG%mi~(91;d_77m=i5APhL5f#} zg%Xy>14v|`Ic=7TK21V*14o2W;6Rj}W63HlQN!2}^WlLGc!;NV@^@pKpYmYBk5Ph) z2lGBb(k}fd&I!*iSa&^|+vQLZ=_g1pkNE|l9G~`Vn8_!ILwG)taG^TOg`tg*=m(^l zfI07L2pwY#Bosy=1NBWMpf#-M%!2|Qp9g>D+mUCRH;|@48u)RKM|*2y@g$89R-E6e zh>M}HRoP()-};?xZd0qn@Weau+^5KuhT$Rt=*Y$QMeDoh?q#))|ITjzf;eHxhbGQX zHp^c)p2)I)w8Bv0YU5*D3+ARx2F3EH!HBt})I2z4xjUT#o9FE>Pm)7wUuThuz@|U<@Co(6uUGl|6azsIG2D|G*L5R9|lp z>bNcraf9%5{(E#Dly7zQ8H7y#d67)7xpjhJ#Q7v55&f_Q}rE266Hs)CPC#5mjYrB_8N75$0j&{Qca|lUfdj$Fkll ze0BBxXW<9X;MgGGKUKHCFrWV>X=Y;PWd5I4w@ts(vkft%-|1PdrQT>FBoA`Bjnc+Mdz_|zkN_*Ij z3YmFue7uHna>xFhGpG;8Ih1(d;?Rfgrg5s9`DE8+(^eWmPY9W zFK!u4Z>54pMVCM=#Xt?@T0Vt#MI2uu&Zf$%G`mZX!PThhe z102|{Y!KD38g%nDn(8NY%Jy<$?t=9N%t$#=Sel4*;O6RYtCxcn8ly~|Z`^tCbx1cv z4q`uGUGB_r3rI`5do=ct=cPptK)u1~MJLNSFv~VDD2i&9b42ul*X#peUi#uka_mo| z16n_kgbGxSLVJS@x&jc9BdpO-H%pq5C}Ru@P{p&9{tLirDP;`6`T?^nS}$L8#-!!! zjh5FR(Kxif#=iYTbPay+a6b>LWjy!$4OzAAEE+| zA!lnXKC9W>NxVk>#8SNic?2vFykc}pNJI!1+*w$|KZ1oVVXt%9nwriVj%$fvboe32 z4=J_hp|||AC3NHI000eJaY04}{8dGykq8j=n8|j(|7i7}8kngaf>W)=$W&_EQaYnyta7eG2nlbmb4}d2e zyqQp`GD0JmbVHlPHEWIB5Dys_B#EI?)f^mNBy>)Zh0BUqZ>_u5))#0QUyD!0{BmM{ zQ1eoxWR;~x5CKqlp8f{&?WzZO$)3ap&_P7!!y(_cz*D$6%2RbR$4qU%4sT>wy*S;v zkGarh>UN-Ta6d(%_{3Y7gF#ll{X$aS1%iAM?}sfyrnqz>;rFdxkwZQSlX@Y2QC_h@ zc^h~W+&t0p_krM#Sk+BR>-W@IuEkUu#3*W7F;`GWqe%38N0&t`xlxUH|KgGT(jeuf zMykLV;pd>xlEF{=Ja8*#4Or9elqo-zTpppuC@r2a!(d zgn{B{E^t^2L2KwP7V+NEq759{6A{>0H(~O#)GpU*(&h3;qtAR$??r$}1zu1v znTt}sLhZpTT&WRd9<-k28EZAG1gg(6U@yb{b$RjC>I3EWaI=7vb?GRiu8RrzqH=jh zh@*>xt!WsZBUSf=ima}%^s|abe#JEBhE1hLZ&nEFN%0R3rlh<-lHy(Tajl z(|`$Y`%~EyPwm&pDZb*jl4t+i3Cx6Ud_Y2?3_E)B(GEvtvS$)o@;Po6MWsI=K%VTE zJ6T$=(Of_QA$>mueBj0Y2qC{kI>kL!NTG>~&r_R4@laKfvj;~$c;TC@GPIz4%6H{c zaQ3$8+;-ki>b9ZOKaO+9+zTr2B7nLrBdmg(uAkd$9e$V7XNr3m;6AShs|u{^$Vmd! zchlZA^Ggavmm*k>r1T|Z(?G!1dVYojr4r=iE!dwP(26uG2&)RjHd*;9O56VHTS9hv zdynsbxbaaTc=0u7dyeKO?6p@TR6iYpi#+m9+*1d{TH(Cs{lYvP0U4=>UO%U)KcEJ3 z^<$g{)w#?mD0I*Ve2pvq4I}&jgGQV2xOI>pwaNMQzC} zX&zihXHye`Ys1|wpoxSo_(~pvT#wC{l9oTkHGIvJm&^$%Ey25Qx=l$eKD&&?z0fYV za(?RQXz^KYakEAOil)d|Xw&N+IkM(|7Tsgg$l338G0{GjntxP+M!@|;bv3J%$#EHW z-xMnQGJG&O#AO3FK*b=q^h#v|7N(pQP?5GOrs|@mAhZ>gen5#^K5iNFpCK z2LpvSZuwBqKHG76l+8V15|_$?7ni~q&Xu^9vcTNXE{`VDJ#=#DXFaKd#cralJCrn? z4*%K&7HOyysJMO{PTd=$35=}u39}pmX zhqbax&|^w{s^@c7PJ`1vCq{GWOVDK)AOVXI$zHQce7X{pT*$cWo3?Qeu$QsB^#H_R zsZ@{y!P^^HVt&t z+dmh}$e%s{(nyEhOOuyOuBxX(0x`3%3w zk2SjmD1jNgtvs5!0&pYdN+i`)d??X`3XAJxA`vh#B-b@JmwiT*RCj*)wgv(uDISxa z%pYC@tj^UqmpC)Jv}W|%OvfS=_hmOU^jW@Ke&|H>hST;3nKL`|6gd(0wBwzctt=2H z^bthT39WJuS+=gkXecv1G!TxH_d<#7Z>^H-`)%F)sA-|pdH4|dAaz4S_gk0doF6>I z`cTfHy6eJ#aG8gu&fb1mu#G(q42FuQo~m88I5Y5j>6~T_J7%k`eu#htyrZ!DYS8W6IQ~L$(>?W?@!d)$7Dbxq zR>yl1S3c=>K6Me2FmQsMk^!Fe`a8v+qUubv~AnAZQDI< zo73jBZQHhO+sJGssiZ1fsr?VPUfpxf^DngHMO60%OhkcPeAC zgh;t8BYpLdA@k5M5HYFN#n#G6k!e?*ptgL>6Mmvw{7Bhh5--_NPR#>Tw^C;*uCXm4 z%b+Dj4f8@)a~W#v!N7)Q*ym^cq@Z4`X=)!E@;NFx);uIhn2g=B&d|`l`YMOgA?CZo5TRs!xcZh5As1>OF-L7s7gQM>g+t?K zL@9__@v7NRHGldFL-~+FYw>YGA(ZKsch3=_KQ;uGdI1_eUn#$N*&uC60jHe4uoS%G z5NWS)hY-(@!~hV!Q`-biSe<5cP<2EoS`LtLQyVV|$o}E=@+)0=us;w`2d8t9l7&Ey ztM4zWGWZG%*V??~e+WqO*$dux=3TL^yIb+)3hIrND5+}a1&i0@XyNpLPzpm>#m70) zU9F3$P^tgyH8Z(WyD=&j{7NyDI>I6|;ixyD8d*bb8uYT2*t(^}(vpzujtd7CRhFFl zv4_7Xwn#^txKKebG4WfwM0p?vmv^n4W1~MPyBC~S5eNU+aLv+pDs+z>HZuaqcNOiGSP{fJs6uMoO+$Z&A!r$`g!tJN_HPiz_HE$8Sf zp&?GSC^s@Dr8B;DR@GOfW{^|6Oi{JVf0oJs&hmo|hyqjriw1ascg#tP%IX2;GZ}BYfK@<3nWM;GB^5{|o!4K*%4vz0G{+ zTfa60aT?C;ZoZ+aTCOC>zH=vo9ob0`@5r%wf;jSm$cRh{oK@PCT6{@bL28Cegdk!A(V zs(2Ku_*hOA*~yElNSk(_UW)GF2=Fm}5rd9xb${*XqH=#hfbxZsLaf$LSM8Bdcz+kA zv}EP#1m;sKD@le^tE?5R8 zjJpLEJr>jl$Y7#|du1D);_UavhS}re)ODxN{Z8;ttX?8icznIgbckh$7&hP8Mx5?m zifB$TccP2?rKBfM)DF_9r;~GYw={K71`JI2fgs zVenyPrH&84lr9u;BwTmlJ@?r(2w8qF(}@4*t?RA(2U*9C$Phh*Ufz#&XmdJ?Kv1wc zHmd#eauaOv8=@PFBlN#DyZ>snX5sjso86Vh|I_SLf-}23o~ovnC(Aw&u zrHiEI9XIuNGP21D)D5>R# z|462IB*bROCA%kj|9x>D-5*6(x=gd5kY;Q4*L-ur@Uv

      `4-JJ+mdru89&8JNz2LO7&CcyEcJj{Ws6ex+2^VOUiJL4Rpt7f%NM z_^Pe!qMUChy+o28qkGr+Oh)D=d;#A1HLNym-j3{xksEjY zFZM~X3ip+!U1&m&eqMbm2Noi6K6({~nn=7BK7ai4J;|URt^j!9xRGm|bqtXpTOqLM zjoS@h|NDR>U733k1%U>Q$7l1a zG;{d|VG$Xy0}lZjh6iE-te=nQ2m!Vt8*>>^NkWIyRCun1cKJ*F5?0@@+Vw^|eB(=j z+N5yuj#Gikp+3CT8E6L+${}^ZULkZLtABzlHaX1*NDiV`&1F`zH!Rgw-|)?#nwd%Y`r=^h5|{!-T&wkOYn_GYP_- z@fswC<_LWeD4pw%G(Q~p&;!aWfCxsN^cBIj5f|}*XnwPL`wk`r{VbNmQss$Gr&9J*D zuVyRE#t^;Z?jhKOQ-ftKO;OwX3=Y%+QRo*ucm>pwW-FVm&@!+E`Ak1#mj;{IZ^R=bX1YPBSiwdG;^ zfan{kVbvPTt-ECSm{u1%JL%O;49ylh6ZT@tZ(_R*{@(L5VKHhCVMkWq(NjnQre{y4 za^qxjVT#1ytnYvmea%I7egX;4fCYue^oQScc2ILMQL)0fz`-wd)ldST0G{O(%I+~0 znmsm^Fiv=alLVj8R+%)Yos5yo%b(m44FX{SIY-ZcehZA}v#pUk4hYa_VgHacRVdf| z0sB6KSU;(Kdc%7q!8i_1~(MAF~ zjQ+H<$3`8$83D&Uev|g5GGgKm61byU-1U*T z10p*2HL&J7u_G2@1MIN(^>5`^@6{dDBi^DyZG|Mb_KD1W`-8zocv%f-cJdg6QiAEV z%>cvkwb^frlQ=Ai)9D59uewTsUzUXO`a$Rtt@Moodab zkhgISdnd~EKK<9Z+u6k7ma(_*VrmNUW}iDP12D8J?sXDNd7NCNS!(BR;Z> zuEs@EWiMLH%Byva=7FW`!N`^n?;?Kx>?FRo*R*b~*!R;b)BHW8i*G?XTV;J4Nd($x zFYIk&Y|Q8WB^U?|52=Gi962`7g|+Q9AP6p}2cE&G4yK!>Pz^W@#xJe!?QjO#&CWms zh*wO7iCHT#FBnswm#1UG@IU$YuCL0Tz z%xX`1eY`6ZliP=}HG|(Qu*E~|p?mN_Kdq9gx^@d*)|le(^4W#i18CF-s)Kv<>hoMY zK2QifJm}>ovIQhAe+iTYl*N%JL%<8SlhaB2 z3*E-aF;?krs}P_>G9dE|XM+i5PlU}|`Qu1MMYtDa=7~{z-=aqL3@3HG!r@R=C2kw# z)G~e3i$q8$t~RAW%PYNT2x>VE0QxJ@*8_dzCMGRa6+9t2Ee2w2XyMVxr?vp>xY<5> z4P;(w=4lc#;uLchF)1o*+oa^Nab`@NNwDFCD4#FjL}7y#XEtpdha5_n0@*u^%}F`W zT>X>?WOAOaD_qOw9nVw4Bs39H7&9^8;a$ap5iC)my1sMsm;efCZ*!xA5c|Jv zYiJNer=f~V$P&|yAtGV%lc^bafa_rl(eN$YKbRneuh(5Oj?n-@2hBf+v$CN+Y)C+T z>5>fO9|^L^u|_-dEw@d{c@GI*x##JEOcM0Bljc793hsD)=wZrSaDRAiSvS2+Xw*Zs>#txl{(&B70C zIPaWt9Kt>=nV{f!3cXN?l?Qor5U}QLn(}F0*;XBgDb+o}a9K+ieXHlomujZVV?&C=^KnV0Fpq&L+5DV*xGX} z1_p5($s!VYkj%tZ$`w+Eb<38D`4>B32;R|X1uP6xda(i|^`FoiC3hP0dmZlX)4dZG{OB%151>7szU5I`rejn6*4Uka2rb!>&HYjuj z+yg^;rcDhChIU_B_%!wi=@(Gk_f##7+k|2qmh8bzdo!8J7v0qbu0d{f1f_<%tIjEn zr4l0P!#UN=zPSLD=iTxv68j>WGC%Lr;FnF0hQhU!zy05OXVsy&^?aF3*Dh_#YZh0@ zCFYM6o^@3lp+>=6gasmV>ctN!W9aO2dktqCfs1$`snXeN9iP9Sl!-@^a_f9@I^V8p zkeuwiUcVF0SC^N+_S4TyZ4ar-a#hf|8wLjSj2SiU{7GC{y2+l>S&T+cbkl0Zae8u@ zU}hrlAGzfjVaUoJK6~Y`7KBEFN2rNouoHE@a+7DpxX1*=GkZSbL$VNn2yj!~Pr}TR z1e_g^?~4jJOcN0r_vt`gkF?_qVT)FAe%vNjC*?vwQr86Q|v# zzZG#ETQX;}5pp}MljUooXjw`7C3Zzfmf|*3&1Xk{ilkkv;eMEjJRW4PbAGU}z9wgg-NQGSI2>?!q%ze0h3iqfID(v$D{>_9 zKzQn8EZa9MUIBe<`~B&0V;)@ebHla><{w%uGh*E(Y)4ok0KoUD2sf?D=JuM7LPi#;;19qB73& zpZcE^wbn6Lv35Fx4D9V75Evh5_0Q@D@$htd2?7c0@k7@eKBVZd5v>KOBj%tBo-5W9 zTl@5nqeW*RLcUN)4lVUs`*6Q_(zGna&`-mH@S~^~F;PypaQR-JgTymUUtyxU;vT~4 zZ$-x+`0o(5Zpu?Vl{Tmo4d-kR)|M++`UO>>2r7Oee}Xxbz{YoYJ3(ssiPH_%Bc~Tt zdV+>fk{mQsaFX;(x+~SwlXC`he9rw|>zi^yte!Fz6W!5&?ayn03m#F|zhR58kRTknY)!@BiY+*}=Oq|b}hOE}-#x%76w)b}~2_p)erMFPm?g(~J!QFd!sELqvb^ zgFmy0ck7VhtZ|3k$}Nf9Of;%PXj635u|L4y!YX8ppVN+HbZj(s*9AGfmY)PB)4S=Y zmU@;itov}#hqY8%v1mW*e0GKwVcbZu4j$cY8D8!Hf}88eNG5t9uEvLCSkMZ4I&a#eCx`hVpNsL zqQGU|2~czvAXrYwC;Yz7n!#l9whj`_W!%DwQ>$+revKOA_S(@qHO(o)5cl4##+J_a zEEdPCA2%qhIn=Keh^;06Ysawf$TU@m`B)L=9LD)re?D$+nNzp!Hhp~|F@Qva$^PEsM^bpb7{CAR zFW~Vbw~K~slmNOdm{fM?C_MU%m>g%1OLF+GLw1h91x+qI@eQ#xMY-}{>OLdO|67Co z|Lam?{(m7|m|6c<70Z^EVjNxzyx;%nQqzhk0w6PhkTGsTSOAkg3u_M`#yUeqgSiiF zVM~1b@>_{}>)B6J6ApVz03A$b6c@>(y(MH}PbCY({D}}UbN&swbQ}mab{-h2G#G-j zSPx6fa$QK1{tnPN$|{#m4==JIVl1(#oFHBVk?#Ri_ z!Fm3zOxv{4s0EP4Q%YR*k`ab*a8$!dsBph(*_T)v=C}kbnjAgFgc%| zMO!eofvKvC8%6umHyF=>B{x%y5-p`K98{MHMu1ltPfClP_^y$@%ECCUqw55V+-$$D zBhM&ZTpgBC@gBR2vApRACSHG>BYW#@Z6_yGbeKFU8a)y5&WBvi=~$LYDbKc%*7J2k zV$;*z+1b8jqu=?n*R22Zuyr((dBv{2!mp>(BSrN4(d#4b%6-FL|H!Xy&CmbtnXNOh z*yw)h7zNflxoK1mRHeWwWP4?AEUDHPx!J$R%M-m>en8)j;a@!S(GCd*=@+Zd(-Opw zT7VInc3eI_np%{qCr0GBmx4&GOI$KO8gS#E3%umz^GGr5lO(6dJYs9cjcEy*cT2LS z=BM~YJY}aynmW!o=}7pxzEl#8>jeQMeCj{JWPhjt>m>cq!S)H5WSnE1x~a?qqn%;< zNIZ*_`IYDO=+fR+T6t&!%CjSA$*#K1XjwDcilcC`3tYA9ugS6|zGL~=j93e7(u3|rB{0avMJx~5oLc74 zq?=JWEJULiejh#r^wkEbw<~ifG}T~n>_Z3w*ApS%6&X8A$eh7uP0|G`1`Zty-1_sO z_hYM`he_mws-K(M!t8`y_53{OtCZ-u42R=<2~s!*V16s%-YqANxY zJ88wpB9psmA*<4MvgN9Y1kED82;8kL9oe!UF(>mTQeB1e2#X=#Y`UqR)(w8-9<_v0 zyO4KK+lO|#>G@SuYmTJ6r#w^BwEFt_K0ObCPqW+P^7~>m)6@HP!Pg+_9=~Pg(y?vW z|GwD2|EKcK;mhf_DnX&bgskw4{W zH*z1urP<^b8Ck#`6de`LBfdp)+wkeKGP;*4IqIB|33f;tG@p_w&7LL6e~N{u7Q~GS zn8BB{I+2xur=BN(R(y9clILeafoPL7j z28CviSIQPid@!^+&uWbCvn1eC2=;D_-p`W(6u_ubQ`c@nZnDmJBARj1j?nz&8FA9w zK%O|;WhtibHTb9BB!BKVC_sri6F0J2N zhtAVb5#SzMb*-i|bGBN3nrj;u%zQ42_lB2fR?#v?ZeEnzB??p6Q{y5Q<&082eMTz76PDxcf_2g5E1dR-U^;T=ftT&+#1g zegI6o0;tMjb`lu;Ci5fO+Yehfj<39=w-cnK*GNJi60c3Q-Yf zp15h%0nWR#DA7U+PI{6eql*B{(#&ST=#&@jXK-(0JRM@sEWFb>6o@l9wugOe_jxfs zR;0P>7RE6vG6`VihW>LcCKO8k)cwvGmPgff`R5bv3RtRnJ&nG>E?ro~Xt#IUWZ+c4 z#x!v)#gINOzVMN%&uh#nev?^WXb;YaeC}--p)SM79gftF1?(eYa$JxlXWb(sYG)ko zfew9myc!pKd%lv2%HnC)FGLnMpVlPE|AI+9F8Yi9b;g3}DS`PgCU+E2$A7pN#zb$* zZKUTv@U3wCWDm<#@%|S)Do?mnSVLlspIQS92L#a&Zsz^O#-Nkgp0Eg7Jf47DmH|65 zl)I3D2<@lQ1VL)r+6@69_Jvvr9!bPB_IS6>#dyuqb#tKvPQ+=hA4U=Rh#=`7h0vZM zlqh-e&O4b%`OG^hlcTXhQPwB>N@t8Ns-Jce&yutx3$h&vKG)%|E_iAn#b^C-GZym_;c1QUU z5yQra9?S`}?`!T4^Uw2LsmSj0Ey`~(L4iV|JVm5i0F(zB7!M2xK?r!;G=_y3*LP|3_uox855pNM3Yq9 zP~M;wTq)SVxuJrG(=0*Fk35ueO1iAsxf6~o1%xz!Y5#_Ykcs3XxOs3F-`geW?HjvX za(dq9hztZH4~#TugEzt%lp#qK>2pHO3b8*)4lCEIXtz3s#hJK0vQt0Q{Ex>A(@)7c za)90$Bv`abxk;CA?F84=JqhELzlo>%%vcm-SWxKJeeos$w{^itlEKF%7f;3_0CEx=xxs zb?`vgD0#HCaI6WM17V`PDe1+()7zb;FT*+6VBS{yhJPOb(y@6W55E7h8U(;?s(Y}y ziM6VTa0U}s64~a|Nm)1<1)M=)rjpkQm+-o0EL$#@uSYm!x1?QfN}E#ZyO0$PZS$&W zbNlfVV?+R?IDDfm6CxmOcmqq-U_=AKSUq01_rsDLSLsLyh^07Xpc1Fga?e@yo8D5a zdP9jmQoeVp);WRi)Md3#jzZwaLh$v3C0_C?2e1}f?3K7TjgM2|#pC9k+_l;muEa&^ z7Rv|WzBAC&ChiL6<{PLHFp__RzY6fHuB<_!?wA!bH#G z4z@EBcttu5S`zXSGLB4Z`zs^HT8Lc37F3mnU{mdh#smbPkvn#@uDKqHH$+YIyVWx5x=RwHAS z@54ntjlh|Ae|sPidLgGKXZ&#ikA(urg5jtD#X3e$&7?~o9o!lBl<6EWP12qo0h zKV%BT`zN$iIbdSOx+C`MHA9>x8Dw3TUP<$j+l}J#NtBU~|MU!8Xid5Z$@Ivl2s;hW zX7xOz)SMd>ypJ<)13W_{XH(i>Y zNx)A=#3RLXCJ~Y+GdN-|)s-?*j04Bh`Mh?1yGM5+A;0f9v3Jy0iC@s=g{NRPz9+*! z^rTg>^VIoeo*tl+s|a%8n}FM_2_c}R5L86msZj8qBxDi9d&erw2J;o9?up>^(x1hr zJXgZF$#}YG8z$O+Rro4zt`}R`e%xVysAasE_O3LO|_G^x-q$Rt71N1?#2?7*E_BX#mGjr zK&Z0A`_@|5jbWX2(_hUFBG@+R783z6jp}G_us`(md=fg3+-$#@?T8ATm)eLrH2dVW zj!rxdJ;}K?;j6Sz0<59zo^X!yC!jzRd`TbWN*HyI@ic#S%pHJhmI)s8+P5b80vCoO zg|P=KU8zzzzP>YUW$5+#5(k{q5Osq|_phXU5viBP8feV7*g<}#W%!qQy=~yGAf4 z9C76L<<{5FlalUc(a@Y}5@1Bvu6NuqiT?3(&^VVzRrhhuf+c4B{WVf)}Q%!YYQF5oq% ziYQ+VMfDwdpUWD4#)wBif!=ISYkABg?sC4+LHHwBSi+LS$>arpfS7+wPV5aW?|SAg zwNe)b!(732Pt`1`I%?|-89-{V=<51n#bD$ANx)$f%ceaT=kv*+geTjK0(^%*tVp&^ z#;6I&XpzlzqOndih_;RLQUER=`&~C-C?_i;mE=+}NH<|A_|OK0w2YOE2P^}CETDUs zZt>Z+1bdIysL@#h^0(8adu3T27(HXZeQm!_IH4(sA6z6l3 z_LHuDfJ(x_|K36~^389oEzX=FKC|c*PEttrY|IzDn{8;=71@|v-t;soB*ftq;VU8v z_j!!kC!&>#u%)ecRV+&=9DI+~8W#Z0(?!cEq#l%uA#2H)lv*>X^BrjgM{ZOFM|Q{M z47vT=IzWRudcMocW>Y%4EbE_aNNdEFD2Jc8LcEFNzV&mvLnc{v}X5+#n622qSS>y^d zczOU#zaa}XQgvz!HRP9#E_MoSs&fM{MJ6W$c#xOLOnZVwd-2eH3dlt06s@u38xo?J z(p>gM;22HCmY$GGrIThh^IVk92mEC$u~fO^jt<5{^T>r6~L@;>7Q-Ae7l7{Yb|GmWzA(H|TFu zO;ze%MGVnp)%x-lC|5J%jn7SUZwVi@utV*UJfJdfOhw7_9D~*0siW~p3gshOPGm{R zFg|+sLFpz5G?Tw+>LrYl9WFw3fNKYuf@@NE-hU80T~dFD;`HG?@jz`!xE6ieu(L2- zI#~auEXUfVnc;xA2fZcfipMO863UY{k?a=nYa9yFB>u}A8$NTvCc7XpP)6YZ{oK|< zP-QV)J+>h`t1VER!!*vs8Iy+`zX`Jq6sQVz2DPzi14dxm>P4Vgo?2l?9=^qwV^{)_ zp1-xI&D6z2W>7XDyS7bA+wavyX$zIis?!>icVeert;20kd$MJ28_)n*fdedH=5yy@2y_06&>7^D$Ip_!AR~etUK0| z`y~=qBmnK4e8QrxQnKP({VPxX?CeOnvM3>k0;k=-JH)z&P^{y&9Val|p83lz+^F*O z>^s;Mxw13)c(ZDCOOB#PJKSSENcpbAv(LkvxI?F4PQ9B==n{vA$gTvYjr!crZ&~j_KoG;47 zwMIB^`E9>i@R2YoA31Y(pEBr$ap#ZxVSYSp+cLqNNCLSuurYO~zJY~$x3K zdkPcd|4t!U($u!!Xhr#_e?W2|P}3vhDFU23J(tNg2(m{}T(rvD8jdod!lsa`CT1S* z+`xs^lWU%pWP&4Lh|)yjB<^gQYg}(~Z?^Gxc5%Gj)F^Q=MuE~hV7SYja^@2<@~2K4 zUHLfFnB_RRcFnu4O-^?*IO(gZ<`he2rhv6~y` zvUEWmLsOXNV)SI|(8zUXK?U^V3yOcx9Oft4$@BT_PviXKws9mm9`az7R~x2#(@uF@ny)O8P+9hoo;MzlQgLh>Yjd);jo0FK- zJzD&Y%h?TTBGTE`26cirdNl~=ln{1&aZ4*{xAe{S)TCha8MD7%jK)HN3A&4Xlu`tknnKpuAp|qsNgH3Szw92%St_9U2_))WWi9q2`QR|JEJW*oSQ1_+81T@~p zVT0)g=R?TIJ_Cp#EJjf8Sl%OMV+npZn#rP;ZN9-2v$SGTZVcB3^DeN(1=wKJCy}VJ z?5=gHRfk9MO+&$|GEYFbMKX{30x|g1)|Ah++cKz9qgk?fo(+z=+P>%?Rmty#N%d+` zl?$>RCQ@*|X68)*lED0>Qxwtd=Fk!C6eZOdr8N_-=&rREMpcgFk)L(MFWJkqlr6iJ z)26LFPnyy1^Ll{0Z0z%`#G)FDz*C!EndwKHZowOyv{Gm_pVQEuJW|^pLHLi=NbF3` zAMuZ!Oo=tO4Q2)msx58XVwi4Y_}Q?wirg1tPBQY)(c~-edvorKYDQ(oJfUP!Q1aWT@5nXUc{;ceVF!HEaQdx5Tcb{p zCr?@ug9#6eUoz@67|{MCEE&bHK)P@&#fki(+mSPd$o*)5x%oJ&-2AkGf?@$*Lxj$N zjSWZ&34v80NZu?Gyzn!!6`G z$hQz7ICwpCWgO)Rh3d-{)+gwFG+ZFTMtk)f%!F5jrgL&5Xb(N>Y8GVn@rWQeNaRyi zt-jeH5a4n-Z($DFKMiz!Ga5S$kHW8H}fHK%f`OEq4 zH}`{IfG05xRFF^^aHZ=!#g6c<^r|)D-btkgF&G1DX;%?{0<|BKRGW8MY91WyK4!## z$(wSfeI!K(y$k{y@(jdlF27S*;)hv3JXl!cVOb7gxaABVUDHP$PI+~FnMQz(F@`9c zk?_#)k#Mf5?78??W%!d$`r$XC7tYHK~_6=IA1+eb96`h+VDE-`4LOGGf3(LG2Tb#al;jbW#oadPUa`60QVPhNKgB51bKhOX?H{O(5kqqs0}!G`86I5A)_3Z#oO75M_PkC#YC;jSJFDks-54c{gm$TSE z&0W%0Cl`inp_lGlFm@m3uVs(o`s|Wn{VF7y-=7uah%_YO{r-nm&@^!CfH(hkEfmK= z4zOIpF0J~RJ=PTa^-S~cu*t*hq#H(Jo1|zntq#Za@Y`;d@I#_}ykE zXt#+}+peMBTcq9Hz&|m{2y|4t+C8mn{*+#a>zukLFj*2(^U}BqTKR(nsO44tm(hgz zA2;RynodSGMYR2PF(Bh$+iIj=??B>-gR{aBH4 zGS-7N{hlq4creiz{F$K+%!t9lyC={sLIIpD5tjF-eZn-%8GRUJQ!-^8(XK56jxJRzh!ATOm}GrQ1>T6_U5-0 zW6e{-%ZFUAzYl5~m|`5HMsIibEm8V(^nAJuy~3mz{-{i6WL znmAjTiXRf?Xy5L08&Ujpr3)b_5Wf`qQ+nqjMd4ktSiU*`vR01+@=5AocGxan&o!=` z6-f0OH+Q1{41!a0C64t2k=n5YCWUX*k8ZV7WB0;y5LwgZt+7lT(x1=MJcf=%%Vu*Qrq zf6e6N2W?cmuTHgMCJLldkiOKvwPt??C3|!-g#i?i45@PxSY)djg|`ns1auz#(3RUg z^wkKxYg{R6eB5?HLWq>>RJ>O75i^A%VP~qeTfHL>v@lY6~gqZg3w*r7R zn{*i4N6nWpvGZNpzmL>5!ql|U*l5uZCdSNQYB?f^F>a&T#T!h9r-E8Q1b+RtNy`RZ zJbiAx7(X`)m|qvqOeA=^M6-mEDE^oCtUFsUkb8~5EZ?1p4qdRg8ksdq2J8CWi|tF3 zoX=9GCvTPF;k{|&vhjVYa^5`s{bG6nw+nZV18M~@W9;7jDJa7wWDH^Z{(TxA0X7Bd zLa`C&bHT&8UBE=lc*Wi&kBmyo!J4uRe}2Az#0YO{`on!QdQl7pP8-NOOvy%|O=xUA z367Y=Nw44aHZ-<#h&ve^Cp94A7v?S2(%dhc$+EG-bF8{&OLZ_5wR1vF_@}*s{VA41 znSv~VhUG|qo1G#?mt8B-}Jz_4TjA(?NU(inItZ3Pjap!WiwqY{kk$A_SVjG>4k~Yl-~;^i zt?2q24m6VC?n$PUPYB$HdaI83g7l}`lYC~<1xz+`{{3jkl-dUUvk6 z9ViaVvGF*6n(5i@yhC;XnXPt$*sanWwo{T`TXB|9?q38uy)g9V20gyWCa5JYnXMO> z*M{-6O{YV$jx);oHEm_20Cwn!1`itZXGs1p+>aB26YrJ*aXn$UA8l}0~fjat1ln*8|x+7dG|mM1paRAwKm((9d7GuD;q?p0-#x4 za_D<93B=@xCPw98HctFd_W2rCq)Qs3Rs0B=2Pn{@>C*bqOL#v489cz&GeoG7fZ}cl z>>F`x_aK2y6)?i3{iQ6M3}iM2N8y!VXdo_qR1Xl1K^Jrm)B@aVDGuR$#b9=bN85?a zs^%7#iVbe(ZxDujc>}DX_WZ~Gk9bgn#t7b)`J#CN?Ub7){FA#@V`d&#yRL=!VY$rc zK3WGK6-~UvVny(rt^8{Qrkyr0-^y|MbjjFv&?6gd?d-cY^S&do8T3hKbr4GAzzNps zg^UW9ziK=QG44Db-stAjh>pXUSAzCD@(jGnXB?%aeX1ob<=h)4Z}OH+z}cz=(fYMD zE$G2u^ejLqaSiE zy7>W_#tTsr#6g!2@KkLK%eGdF zLlzNsgU3zVIH&I9UJxIjRjAJhnVXwzM(%dr)7qfJkFEsb>wtRFxXkNSi&ZVgsb1lA zgctGTJ3IU>m|pB+=9&Rrl<}bo>K7uhu4!o+dd` zI&vulRR)fCS!F<$zA8$Q!nka~aI_G1Xvaj1>6u9(p3<(N2YlMH0CW5P`YwWB< z5!P|6xIK1BQ7bnd3XWPHjt@G5wcA z4kH`W|C}uP?~vpE4=4K{_8hX8kt*ikQQd~E*ZkE0+tW2)5ij5BC?h47POofzkDvIw z0Vsv#eB;(LIT2%`S$BrL*`dP8eE#&sn0>?8gEDbe`XDf3*4j998|pjqo$=nJ(nUL8-4Qzk2Zy@8iw1x`;p_h-!m4}@sXOU+xrup^iqT`zj~XLl__Mj zgIMs3w8D7hoqd z%;umFK+)ne{0&4DPdahOp8Pi;HA3jC!g96@tE`>7<)CXa>j%m*BrHETT}ZYtHZ1=s z^UdlLNj+Tau`n?ryb@A9t#PZ~`UFMy!xZmeg+o4VFLRqPGj}I~sOjo^1=F?|!8n&` zLoAW99ygblXqi;%dVI6obtmK0xRlnIt!p!{X+no*y)a$XoB@$bpIL|JQ;@6*3|^2J zz<?ekkx(l)u} zWdlHk&vZQ3D)z?V6PcQ)l_4=gTLAfmOQMOowb&|=XKuSq52+}f>zNFR-!>Ip>+#1a zwiF)pmIi<^+NWf#7yElBAW&i{v=A!a*0HX_S%GGzup|`Enj@Od1aK*b1CbnHO`4H; zq4^VGo{HCJZ_wu+i?&JCcaD_3h>dpZ*Gw5~nWc>&Q40(0DZby(4Lto|)>xTV@oV_u zCFulUirm^tJ{NMh85z@2PZA(e1K{b&Qh)0@3kalTIHDDi$-K*(QN)o!1I6fvX9%Mj z0b(Kg;s*ma3K1f4=zhnBQ(o+@EwDxd`TOUc^IL~(1_~;#Q?`oPL+L1%9^194xOS}{ zx!Hs>80EQgq~+NKpBr&AYU47&>{YuBq0Av|%Blu^*whQu8kkKt&Lx+B)j<(Z(tM;*=3siW*QoQ=;JJvcABkS!hLDl`$OYYI;q?z z{9+SAcY!i(o;BM#wC*8s$vb#+KZ};8S#B^tcAgLq1U&W($MZyT-tF=6y)>FbLPTQ) z{yWnTZRd>d;f`y<`3nO$-L0g1yjeSCT`<%r#$Z$px?{ z&mod~o7mMdY%y#t^ZCd@tNa(zE8qi)56urdfoMI5E7E&&YNEl}c2D29^g?GLXv-uS zQk)4&Tjfz(k&Tv?`}WZ?;x>IvH(}uLON5m$4Z52q{#ZNtQW031+=MtlZO~UMw~E18 z!)ri0Y`Yz15fs<0NlJd5wVapW-|;j(e0)irXgOy|p32f&L-m?&#ll0=f`-mLMKFk` z3b%mNc6QkfTU)irSyk1PbtgbRQ5wIa`ka-U-ep*BVfzX=&6?c)Ql=2qDdNU@bI)TY z1$jV?s*i0H5U{13QE*s29XYX`UlJvC?5V~cXB8V*V-?%H#K>iJ*$-Srak5i~9%x`8 z^W))czd-71@VFgn>g;^a!W$qe^UMegV2J@nI4JQ>hBmZsrEM8ce(ts<-DpPRSiHFa z(|odNvXooz?44V|w~P1Br{r&^y5ofX{kjR0@rf=UMnxgT& zb1i6@96Oz9R@rgyD|D2-rFs!*s2LLxKD2wP4q?$^wXkY?dUhTF@CV2=OQfVh<5C7Q|}y-oP7s2%SjNfb<1!sD>a z?y-q;=TNTDtKt8k>>Xo7iJEucv2A;gZQHhO+qP}nw#_}(9^1Bk=bW6I^Z)SX=DkTL zo%E;ftgNo8Rlnz{1!wdy7`qWWmzuvSbf#|D?eNR3vI2c_nAkRaH`Q`3tpTOBb70tt zc=yUtYu&(VS^@E@QCkI5do$xa!ISaTloH?=7#72X5=}?p4Lb#vXIpoH-ywxdJq0(D z(Qu;q82yUHlsuI@d}1x{omJhvEq)D(1A=&BI}c?IWB(|BuvaQ~DOxCB_gW(PzQ}sm zi4rIB+EgR-Dpg_OKOHmH^$`9Exm=}^elMn!`uv6Y`2h4j8VLG%V|cHF$wMBUGZz2W zoF*^4o^&zvb$hx61C3zvhjs>dIY~Pb)njb!umtVoORcpJkv*Oq2sxT;GV{|9ef&*8iChlJ`3yq!b=2qF5aA zf3eruDF2(i#{OlmnaHETxJItA#D9F?S&G&!tHFz`uVWJcqHwppD9*x*UkN25G{prX zl>S=F$`dG&v5T9Mkt7Ss?z&9Ms+TJZh{MVJIkd)clpN7RBribS#w@u-aaLiZkP8$qxe4s#q zOb=}%|Dz9)XKoR|tb)HnahJ;yV0lW(*39zELHW+~;K2;7+(m-YSaFKdLtcLTP>#ah zpp=f5^wf%_o>-&^t^K~)47Pk;4iH4;L8pIQiuphvSf6wdL=v*9paD5}+{2Hr=xApk z(9DkJjbO#gW+i~-wUH?(aZW?&EIO_|jG3$)4ak9hJ{VdEm1G2%KX~qqY2%h&6>#nt z&>G2ngULv~KGtv4aICHmRpO$-5p4`<#2l8|UDH(mia|?S(F4j$o)8x*rb6E&x32gD zWf}xYZuVKVR3SW|cthzxZ}>NI!1@wxAU(`rP*#IJWkxLs(?7@(5J+-c4~iw_Tp6xq z1I!F6r6X>%Akt$4rfYeMYPTw1((eSNG!wGFY9Mp?kM1-M&#^+499SkieYkANT;m1_ za%xx>6ggCk4!blCR&bn0KS*Y$3}eb%rPQ=cFN=c@KTnMTO*l5abda_~ucT6-$6ifc z`=&}XD3qf2@XT&%&IgjDd4uP(b&Ky;-;eF!dsS7{)s^Mf`9WOU*V_$#?RS%=Ur*1s zh0_=50DN)V#m%yxmfr*EOW4x;$Mna>?Wm)4yk`PV6LwUwI$@up^tLNf8d zRG2ggu*3oM1V}G!X4WtsWX7;ES%R^95$IBqCAIxCFcfg4VT_ER2hh`@s$oDD?m3|( zeRfo3nc`zO$b3IylFCZ!M`xYx(o93^+YCk{PEX77;=Cb?C*+Eg>FQMBvLi!B#9rL zXTFZ@jZF>5c*M)%2dnL}^pt2R()6j9(Qn*E%#qc|(Ycx8sgR-|q#U_V6{q%x4`oIp z$iiV0@I^w?PV)m+w+E;BCO5Y#;08e$0YjqQ^@w!QU<^QEF}~K1Mn(8sk4!-FGIEI8 z%_EmAix9N*YDKe1+LU9xkp3{iK6U`&>9iNj@%buri!buU0FictQvwtO+MXf`04&N}LMD|yvNBZQ0e?w2`+lMV@W2y{*roVF$i+YpF`j%dAZTBb zJetfE2=BmkeE-KA$2v-)rj5rFj8FjP*s++gMc6ahIoc%BMQpm4u7h$~NQ~HOzrp+zf0GvvlWu0+If<#&`{-s@{3!R2Zv=53$m_!k^zVgR|SfQFM zr(&NPFT8Q3f1Q7dLOYv~?wsqjnH?=-BUOk>Pt$>mI<1;Fv|6FXau@X%HQwUaJR5kb zf4s(&i;;mc7jnjw%Mw>EiX)pBLpGaV35oB1YHEj&)lJ)Fj0FCZ`67tCYRlNY+0vSW zSPBjV9al$zcr#CJaV1$EVDoQ$bCnWRe)w>XPIzo|GyGJ(hKt0{c((Fp zl1J+$2XWCie$lXvN;j>Z_Jc;4HieBn0249!eh#L z%oK~BfITzG&=*cPSrPmFRRuQ4!qEH@y)yKUitQnK9G5@9kw#(t{~_OCV*U?~#0>wx zFl?!$->SIxL(N_*DH4?jA$)zYlvTo}G3?UVHYpi8$W$7Zl{(JjaK#Rqg;k$BBbrRb zX*CK^qvrbi-EztB;HsXJw0z|22`l zeP@PmW;}n!zfew7rS4qK9OGYRK=GwV|4<_|oMa>>$i1vPqgjABOQxiU6&ZIump)M|Yf`0al{jRyAQ3N*kniwok zK35)+^X}G3sTFqi=?ku0BLlX^j8u zp}XQzT+8EVb2)xF+qR_uw|x_lD|VGYa21`Qac_&5rLcbK?-&-LdMSz|`R<L{lXPU&-{fLx~JLE}8IM4ln)yaFRoeohR5umqNzd!+HRc_DrS z_guEV@Ds=Ph|*`>$&J_o8$WjCNr~OF@%M9XM&Fm2!Q{!I-P^_MhOetK&%kjn>h&EP zp)nCTLB?w?Lf+JZbf6-;qk1abx7k_R(87L56Z2dyvPrnm9HSOVl8pnF;4V-+gq^yupeOqL&ARw zPqSbT(LslIsYh}+!Rw^3>*A*UR-2}7q1yro=-}rAqASWXDBCB9P%p##h|K2`GPe)$ zyd{HJ3bc{zW|_3_^tX2xL*=C(&uD6(BMDbo%Mk=P@lu3~j2UAK z-uoz;7v&<-{hL;>!sSH@SqQhzcTBWN*T|z!h6)4(@WXg+eP&o5!`%`U0&wcI?x@CiAG^oMk2XJWfUiUvm3)cTxo&LY3 zs4VpV^?b@BbuGK>Uo)UQy?|yqc^B=CRj_6`o3;v1g)A9SDisSBqUfZ2Mqp4fj%B$7aWV)U#j@Fl8Mv>fB$IDZVP^3m`QQoe#N-2s$tzpONyI zH)Bz|Uq!%}&)Q`(+0fz9mmal~NKCnDlO%d)0li}2l8?aPgA^dInyb9egP%I8L|;mDR!qM2d=vl30L^;Ho6goTzk)Em*aW6ZtQXmOe_yPvS2rwr<<}!II?E#sT z*VCD?;Ji*Bd{xNj5Ofq!#_XIV`az9_IM-(nI7>xh0Lg$Dxz{qIQ(gV*fGa* zh}edSz7T%_F9^D?EPufM>km~ptVSAilMPK!)Yjmy96Wx_yaxNyB0OlHj9*T@`=^|G zdD(}lGo}cra8Op!3`JCjYZ2`P zP}%7AYY`29QMHbj4!4>G zSt72*=l=XOLYtT89_Xx>OS@Z#7K_>2?RAPH|w~eNA+oL8+YuQ(pUNTOtX>B${hMH#kx7!xCpE9LS?AOpv{(FWy~|c-|A6r+}j(QLM&N9Vz zCM?mW?slJsXcXVIhM5r|rj8q8hRx9PDJC5+(34~2**+t_Yh!xW;pv0!Om|!KMds8{(G}lu>CX~|5oz7&f%lBYPI1H zNy*-}yQUBMt2hsVB0sippoH~2=O{d;nimW|rk8e`Ny7@z5im{+uzfVhj^eY6=o9K* zp_GP}vs;)QA$2{Qf_iw8C$^cX_G4S> zJ2IGcR;o-IJXM*)5?ofNh(k?!;ndxyb}5znk*8vZp!xAZweC$HLc*m~nU;C4w~i_Z zKUL_G} zKTMO-R><9JIxnsLqr0dRyHvZKZrdq8HYB62s6`ta{8J`5eQZOPtVieTeaY0L*PLx< zobD@SeWjI(bXw4_A|ZFSV?o?CX?X1TJ2S6*rQjYe-#Na;4Z^b?s2kO2lRlEPX%XE)NfuhD7&Qua%T+NIUSK7i*? zbiw}=F*yE%hY%wZ1LJ?oC>?43;?sXo|5w+IxFwv_3BM5(%DqcAUZ!(vbQ?$n2_so} zBiKX{m4fWoN1KCbXiud1vU=ePO$5Nols(O<&l@79mKdvt_w9TC@Q8}AFu6GM;&h*K zKY~QNI3WQtp(31Cbw2F%D!Ph&hxXn^W%hWJw-3sGhoNX+4sH;`P`!*7!W$yp2oh-bRLcOlBPFrA4|_9S>6C=sBI&p zQ(L$8{?C2Ee%Q41NKBFUHY4|)P09fONJiGxd11G!P@kjKQIH?r=Ac+*c@kQ-kjl&KNj^S`5?Jb^hzeQj)7Nnm^VGhh_6hTm0o$>-QK+Lgrpto||k9U_y zkJ`qhNy`NIO^c}zajxJ|m<1zMP20y`p(AV+Ny#y8u8MjHmXrZtoYuB-O4b*CKCLoI* zMUCYO04B08v>G;{m+xe0(A+7yt%6UBWNG+6tjDZG5{XTlEbFW-*xD%GDb$j?u)

      4h3d$QU-bU3CofCKi_#CkE(y&u+N%us_@;e}Vx1$X^<$9OiRT5`IO zYG=Jv_JT5;%%O4F^Fj&`=Q261)(T^TZ?+v%7wc4Amf5&-uTBbHUbw67<%oIcY@j$OnPX~Qj%V7aW>vZRUtsxzenNml;UlaWPI*&efEfa4 zzx?Q0VYVt&vYsT^%Jf8v*AS+6%k)^B*GK(9p><_NnuVaV+er}`sDrwT3RuQ;i>v^_ zcY*cVCI3b0Y%gYl^`tB+XPipdz%4jO={MwrPh|rEs$!R z20eVa66vddcVWnNl)WG+mM~+r_PU`NHL6HCRNGoO&>?L4NC+PKDIV|NA@F9h&lbXS zVpK+Z_9XpDEw+aDVS(N>^4p6cQg9!B55&GZkYp7OI=73bD9Gb_{X!j+trQ*=EgQ&oZ(aMY5#-;yqg7oAjfN~H6Qq-RfvEzJM_V3l1ie});wdD zBM-WA=zOlK$)igDE|2uxkJAI)HB#Bbha}WaI{?DehO$+aEJfzLfg?hm_T&lW*!vue zK9Op@Zw+|cFEm^8Q*YK_!zkGc=-aAwk%JCRqZz8s>lz+#=GJ9nGUXtUX0RDujl(KC zmIS!JY>cYkR=GC-mm$zrncE3)>Z;A$ccI#GuY2MrbJ`GLJ*Jkj*tHYBz{4?)lyQ5_9xtABcWK1}gD52`Eo z-QM9;UXfsi1n#oR3Sc0U?z1a{8EJWD&IpIh`K3Kkt`%z6x>fD&RjEJ-Lw8k;Uzl-G z31JBM)imKna6%@<7uN`sDwItY4o*4#w45sKAr?=szazt4Y?&%?P+0;oyLh_35B)%6 zfHrpLnOiHJ;&ySK^}&c&?C=nnlmb-91K~&LiHk@leo`u1&S0W+Yr+bB_(9|-5=1;= zq?`PHr)ot7mIkh=tTaii4n$oFENS>6{(^&`JNUIvn6=0Jl01PnD=nzKY=IRZU5pv;sV9`|8*f3YH02Ml28zEw^jk$dzn_#$yHVLos{#%%hx zEF$si5r%QxM59H<1+EgCa+^a8Chv!pjDouzpSpbq7`0Ht?e1hk^3LHsGQ| z6pRt2HQ*w5%29n3TYC{U7#xg{F1R3tz)AX3WSE0phBuJh641Q;Nk}aFSZJkp#luex?FQjw1A^d<{ljMoCnGA6U5~dL67|TXW&Ga!D{D1B)0OT0g zwHof+k+RQkNswSW4%U;$`X`-F&&T0d#K{; z(>cEjj3b$&wgce#Q*blUzb6zx_7)t5AzYLMth7 z>wV_^xIqhebaAPuYSg6;V!zY7dfD(!Ve!zAAF}F!X!q+vm~+s&b`hDjTlcQfQ+$)Q zb5XUbgg}EpqwUT8addX{eXJt}ly4_9KMx<_epc-&n$_!Q3w_q(o*87m>&?*RqEm$Q zZrd&^^22fHg0cN|6XK@K?#U2G%?6Fgl#J;mULqHhRO6tO!H@$|oB`K%>Ok1Ed(?9f z$d~3l$1kRiFhVf({E2)|oTzhNER1cp!!q*ZNPQt|q@xX%HPxvd8ig0wc!;F*b~K5T)Fm z0z^vS2P}NRJBE}TxNmb;&AA-NFXg5#W@}Fx;x;bS*W9YdG|B{n^qWG{LPLSeMG)7x z>uWikqWKv6{n_zl%`*pGjTu{@o`)u}l)9pRno|2D#UU*%_E%Qi=G|4YP?A%;aN)W% zL~6V#0+Q(WK$yKG)*#{ z0}gBU8j^-Gc&8{`bzaLOMd`MEHHpIJd1DzY%LLu9lUI56)JaI@_9hli$uOIi19%AcJhfr1}~uRlYKWM>0u;97h;Eam-RH`sX0M~gNRo{w9o}W_o5rx zwj)bKNBUfF1j?EH{J2dz+gx<@^m_SWIQr-*c)&=(_$8_j(A8#o)~|aDaeWm;rMZC! zI^)=p%8rc-@D~LJ!bP}b+*@Jcg5doo>-DHc8`Dh!2=z>1VmgF}TAnxAa)4n=P+5#X zuz{+?;Nq($$_uOiu5lh{(Y0e_(%|l2tQIfQ$&8XXc@B ztttK0afWh7sbOgnun{(=7*NNP(`P=epYG^!r}Ok$Q(rL!<_drJ&#}CEMlex&;VF$f zm<-D9{9&NS#tYjL!&84c9}}NMhZrRBMJ|>L034#M=}(Kzd&StKt8oTYsER&jm^%pg z1H2b*o;N?k*h$o%`1l>ZTy5{ytFI4^C;)ax%Np=Xu(|}t&IA1)*OsH|%%NlnRB6?B zO|2579(DZcwRS`O>AzZ}yI{M2XQob8Lh(xmcbfCD88ONMv74^ks}(7lXsk$r6%0s& zEp5Z*60*Uz5@2LP1v3%h6scl)uki>G_E%Sn$gzo{oW2?jw@^I^dbR{y4BhzGiS(Q7 z*qAoCpa@hTO7|RW@deSqz8rE_nntS$%n}!37X2ndFBMG3D;i=xWV(#1;;D>RH>*6U z3uatBN0FyyVn2>*q2tJ+O6)L~iy)7Kb!aUTCgu5Oju40eL@EZhd;`Q@($#aPzK$7( z5zD&cT(R=lBIu$m`Quw3Tci@ih@(IF`?7wBs*-2NC>1>7eP^+pflebQo)_?-EVhCT`Pf!;a1I)7tBjuZXW zi})G+QTklTHUPG9fj5H4_m+&jWH7MZ$CL7_$@k)qZ*%aAh48K*-)k zI8K-{!G%N23nLVQh#dzuU17KjqQB)4i}@4016c@V$J^4;-YbG#Shd2TV0noJc;Ij@ z`HlqfEw3y|ApVGwzKF!zQk7C`)%AvpE!L=^#lpq9!^fNd9Z{oVvIH8~QcHoTfDl*g zEYnX)RR2~aEKF{OZ3Avtal4Vpil3P+ZRXh!8%M&3cRha6hAL~8``AO?0Wf|DU}EA< zG-W}Sw#<7Eba`z*!yK|$1Rwj7iByVP$@ZsP6%J@FIA>tHIjfNu!peVS8ZbX?8c?1v zC$f}-XltVklAhrR?~(L|Q(KY%1HYCipnj?v7!CukqT$-KRe*u_GH}SVR5PL<$xCc( zj!1c*R<+!{oB0u15&BtJXs|9qCB3px$Z*IMalQ)(jtx8FcNdL_PQ}>swGT(nGozX` zP-}XRWGEyG(>!f6-Qvd%Bq>H_h!199;pKp}qxFek44LX4i5T3-?zTrF6YwXgrSZxq zwLM9>EO7F;u^Vz4H=Ai-W$=y~UW{Mi;nYA|?l^klVUnd>|6Anmo;~lx-ujc7^x25L z5JfF2Cqx_^=fi;LFfl01JIO?34S$W?{YkJ*VE#-Bf3-JQ>wJ-emJ_ z$Ad2n7S_QRIvn~h<^WAHlwvYv4Oyw_VQ=Hw+!NM$?>uwjiB~IQ+lWtsi!T5uxZl+Z zoG7GWja7B)F-KS6>`#p!2umteu_2?R&g2!VUk&!fd{=k6uC{SkBMqn1s8TCJg%V(2=CsQcLfw>qkB8(H@6`|CU>}2b529fLQ%Sywvw; zR{j@fBLS5d)c4=8&$Tf@eMQ05AnoA4xbBGn3EeZNwWGYg`%btZDySvj4BK}CAgkxK zz+bksrjMhs^e4HlwE?<5-d1+*(&<=RfChhSaRY%hKj2R%ke&Ziip9k6A5tuOj{myd zv7}*PxA_bIohFr1Vkpg}ha#$*riupE`{sA?+@c^zZ7bJVm_I%BYPXy`eNR|vcQ`yF zf+K@@$|5X1|bm|ri=w!lbb_ijkt z{q83tj5UhG`9Ua@s~uc%Kw-VvvAo&HSaPu>2wen$c9^NW6tvrI0vuOwdv#aqd&sFs z_G3xZ7xEVGaImybZuN(AnB}fKIX)Z6) zUx2sRa?L+o`qq^}XSxDJ5^keilb!#OXB2)$1niK;{0`Y9kbl@ukpb`it6u>#XA0ij zUMhfAd0be&Z0o!orPhGi2$dzJ{}aCWfz{DH)MBsCsGf+4m~mJSVv!I0tp!Mp@qoeK zV#DLs*MfYi3AcioAo^U7gx(R-x@SkT-k8GPIApUwK9xuT zS83LE?hB{3@aWd{;nQL_8dV}wcHqkGZD}z7jt9uLqELBQpLLQPDZ}L9PKqJ%Gfo18 zv=LF-zVDO4U35sb@}QRd!fHhuA+_6OHm~~Mlx#H|H>QeGQhNdn6}~jRA#dq{a(VS) zKNCt+#YW1HD|#;5uBL>+z?7J_-AfxTEHeILM!hPmH+3dFR#IPm6mBJZpmc!>)QK4p zDA!%rl1I``Y%4S`bxrbKnBzyqqUS{tsK>6b@hS={ufNtpVw2<2Aqve+Sk^BD3@Ns1 z2#UxD7@ZF_Em19I9|TR-``dkcG*8aq-?NYFJUl#MyUezOgSC4Ez`BQ$fOD}fcepu( z*}K|p9)KfH^cyMfaQeJ|-fDZ^zdGad^@$Vg(^kjsqG^8kGN%>SV<=Y0p915XQJ z1|NmtWdi0^K$s+3?R&Ub4Tb-HM)$4LQP6Fa=KJ<^6_q>s^R=Z)!^hs{dciT}OeCO+ zduX}CXqlIac$3|lA|8|3@AI%ol(4sR_NR<{=TO+kPzX@B#^trmQpY!W9e`Z0TjyPw z&NL=q#=~FDbpu>s6sxfzH{Tn6z(2QAiq{b%&Y3#-48;Kj+izvIK)z`r8j%fS2^$KSVf~>wMAzLrhe#+T`XcPx$lXEnT>&j=Aipdu4J@*+_zR+L7zz^f-a$ffX|XYHvb0y(cxL_lW3d)5%AFdJP7zJD$N(FW7|}_iKlB zokhAE4`*kMx%Ph#XX6^c4cOF31B$~Fc{Q-D42%q86S~K(hLv{?RUl-r_ zZrc~_PDRUA|2rgpuY6#vA{Q17Oy-V6o`j@Y=(e>FOE0|EflLSQ3*zV!jG z{PN9nUBBkGqo}#g-=}Y!zk1W~C4#+57@9$-7vjVXj(A3P-;(bHX_N-h%tnW zyP}2yAV-);g_|Bi%}y@-8X1%Tlj6JFkqETa)tb8lk-%ASA%mlpV|Yf4dY{3{R{P<3 z!GT58K0<76d~XfluP>x3n7u;;(jA+iERY=Icb2iwu~1inDtFpuR;*aR!U=DsMHf_2 zd93q;fjPis%-g2j|B!LJYu*vYXx&7?9k0pDlQ?3qvik~#-=&G9<7Wlwp~30~)QqHY zf|9Qf>s=trbwe&HkQV!Vl2#K}^+9~VeFYiPwh+;?YP8;#3{Jsf+Ps`}bQ|8qd0mJb zGE4l_(bfMdP_4Xi2!RyqGd)mbs0(AIa`}44^?!D&VLxZIorOpFk0nMKPS%1t=iCdj zc)xOqlLoOq$huE3$dB9CVvxW7s9}GBiP=zJ-}a9SiOiJI)s&9qx!kqU#db0$uLbqE37;8lf#Kxl^`DE2}ejDG6H_8o*uC2VghWH zU)rt{VoU#i12+pn>inntgXKRQ@i4G4{nrBjBg_rk4c5mky#g_+at&SKh{4?TX4-Wa ztu*(3|6&N^tXR;=M6z+2&lfI~iYgPb7$)isUFwL#jvWi@EsfQ8W_Lc!Zd@kQx4&)` zRx)U*Vl=aefA2C_GPG8PptJ4^q{|p(7`=pf7`)rog!icb4v{QF;}^@^-FC_B>L*(p zSEljV40U)H?a-N!1WBL6|JtKYeY3tXzOrL}auD=GwT6>k5x{#bTl4&$j?{2e`!&!T z_SRoVDOpWAfN~RGSl(^`U^CDY_4A1SGdXXTszzabMx%p=l%^k?S_GULLiWhqzEXHb+;$b+W0j-_jV%th_oC3;10rdP$7pN+ zkQ<-gQ$nycQT^f{OtLoxvK=K{P(+b2*9uB5#jnF1l^OU#-E99!n=tI>Pu5aw$=e3? z(Chq}*VXm`SJotr=cI4R`;vdT_V}ivVWWDq%JxfN!S`4?go`9JMP_hd0PhGC@ecft zXl_X+<^bqge*;qTrcG?kYlqsKcfS;|RFh3^Qm9DcUMmAOQ@w$^9Rl@jwp9(z?jjm? zE8{0jDM9_IO)UHzwHD4K@{^eYg}aC~PHBaAL7CEn_JG${NiE8TMy2yittw&~od)PDX6hD>UM#@-K5N)q!mWJ+f?caZye}*kwoq9{l1V}C~(%WuQpoFw=$<#%9SNOV~k8O&9 zG*rl9cdY$Wp@lu@>a!Yl)vJe4iBy)n#H?=!+U(5v3WG-UdkXnm1&z3NAnjNAVxm8I zDD4%KJEsDmWbabPbJ!biE^m`Qru*w40$iBG`AP+kGUWx?JFDM+K{Z7Gu#$59W|HnH z@B4N^Gh}PFSu<(BGd0^!0C%Ih1AoH8GtJMwwTwJhI<%|E!gzFWtY>(6KVV(Wxu8^fQowx}2u+m!U6 ztzbQpO=Vsf>a094b)M-w{lXptFNHm_Prm79o>b8(P5_!gDs1%i4H1EBcooW~8|B^^6?n#TjQ_^Z?CIU?OGFc$h_w~O zs>)eEcf#Hj`$i-v+&yMdgy>IeY)~>DLTENT6;i1`V?Ak^{flcJ?(zCua+J3?EDo}| zs_7%wk>zHWl;cyh1a$W<6*AzPQp>G8^UedL_SDV=dDJ!0Yr-6E#imZsaMdD0c_U46 zPdAqrL@GKx+=DQaDxxpA?sEM$I{ml>NmY&Rk$>DSztHCk!V!{&A(bQmp#hOE8Ogst znq)}*_l8BD|GIoyN(ZJhf*I}NC>!gd~vOO zP`EViW|sT-<7lGO0a_gJ_V1Uka@^Xci}u{(<*s(#;k_xxVmtB3&+>#N$qJGxYYB*- zD3V67f@S5FE&_?s?xNR&pURTuN@yBbLv+u=Lf+V9;eQ{XB$CP+pLk?QPCO05oT5a} zUZf8Z$4sn!VS3na*@1VNop@j+x{*@+%WW8ULN}LA|Ad2ZBQ5p~X(|33A2(5ur7~() zLe75th2pvR=Cq9X@K)8@XSmx7p+Xfi`J+<%jVB68cYXti8qI4Kl-e8#A^t2E;wKGOgJ9+xnzf5yt5;Q+ed6lca^$Y_T}!1Uc0?y~yz(`Rq0T9|MmJ zOz|K>|JA4-@cQi#c_7=nd^SK0H8?CH%Oc8SSC>u+)Ian?TYp~_03E4h^xBCcJCh4k zQAWmFo+1;=aPdzZ2R3@VrsZO3AYTuG_f*bi#jJ@R&1BjN(0|pYK zcs(E?n4%pXxFBqz$`l~@V}!=;9Ix>=C&J~D*l{8l8$M_$Ht!!2S)q{~2qD<4P=M%p z4V^~jP_Z)l!9s#zddQDLgO~bU)QW!{5VvT`#+o2f2!)-%2y_TxeS`%1H8R8x_6;4N z|6H(JYQ8F9a!whD4ju3IM@EjjoFTPXsbBCHj_Lfquwmj*Ve{8_+0sw1XmUkQpLe|*{MejdNy^U$;GY;FCzJ97vov!?M`{WiV5BpwELE^w&_ zr8~UrUov@y>rWXy*yA!AX!Bp59;d3B-@c|VvOvndkAZW&{hYqKE-xP2Z1)cM2a;>H zgaj5Q&#kOslM7tANyLHEJuc(L7qxkWa&RD%O!Vv+{UNI0!DhwbB?9K6WzTcBo6?&7 z1J_e{d};$7jbD;4Q<&l*q6J;yNMal*0*h6d5@{f_gS7jL1}wgk4HQ|Tnj&csu8Fw} zG(ivB6#^C0JFcaHBK_T$Qb;Qfln9!YgXhtJj7&t?rLpREy*( z!w^!`igqngv||FR6zplBYDd`74%B%}k8~WvTt08SeI@Whi@{7?Ck_pgr@c}@CH_nU zUrkezh|S<>Hae~N11)EFDLuN#SL5=uP${@>ce{%vm5A0uC-^h@2wIw6A} zQ}m5X^eBzNMB}2kkL=c{$ipRm&=~`yn0bRBJr;>~+2AH_ADtQmF7s5e@kwPXpJm8O zqF__+^Z2!J&o!vFUh=r6q-ya{C@;f|i&IP-x0WvZ57$x19=5c*-Z?0Y78ZkNNlT zfM3-o_&A;Ay5_$fCoRAUCK>8pc%U)c24>Hkta_BE+~4ZVfJ)-3vo*RR7u)j~P5`}~ zJHm@-0;A|ai%c-Fn?s_q&d9WO5!wG!5_t~ShN*$;9P1P!0v)jloxvh0!cB7T$9*A1 zJem#+=XoK!4OCAKMuX9)LVVsejXJCQl{F9v!F}Rg&w7N?Zk3h>HLyXN}iX z74IDy^VE9Q)FBu5q4>XN93?S_;HzA4eF-W$yovnyh>C-UuL zi%1RvR}h*{s189Bj3)>q&Ok8FWKVWQ9JP7#f)&uA%ym`@0G01YN%7ZR`wQE#6)@F5 zI_!_jx@}$2{-zM3s8issHuzDy#EN%PhO0b^s)CM1N>OR&t(>srALo;N$dY4D*)_lq z-e5ymP=sn!=iY9(afcq{=#f5|*MTULJA$4=%@0g0_`_6b0;hR*_C!I?*iqtq;e!Ua zi6&+|z&}`VDe}2Rcj598qeBG+@SH*ih~jfm#6_!^@epq-s_TRiGe)?HUub{FBl6NT zL~@@|znrCJH%FmFt%S~#J6GEcVPPLbp2O67d1 z%_nWx#o@rM_Vs0Osw4gc|L@y}lQk7#ba{-EEfvkzsjZg9nb>SYP4i<>S5I~cKF?U| z!a^Ka^6CG1xZFSUNwv_5|0L&2^ab-}4iMq%{QFYAkL+XOnzO}u*2gGyURT3DA^4!q z_!N#|FQ_#W!hyw(3nRpt7QZhhcqhd7P2rB3Jey5&7nE`VwVk_9+yx4sjJH9o}s2)V zi6Z!|=nW9N7f$-vWmmr3eY(E0E&uh5b#N%Am=1dKoU-l$n?; zrlz!$6gkDKRn@=}bJ08$z17-Rxb%I1fSHO^QN+6YaOo7^PXAaWkt(EQfCo_sOm}1W zVCTq``OZY>55nDtfGYJNskh(X7=HtGMI-n*)gLxK-8@rhi^UJNpU!R?$49pI83^}> z#+di7mBXV5(?W25DX95?=6)GCQV3M(_4Xnx;7*?$1b!Rup&l5YOX)nwtviU9 zLaN15gd;9WWTENhnfE_qjeAFF&m$9R7Dst6mRp(j|L!ZQa zRhmb=QYNun<3+cBi|u2t5C*J)u+{}t$E#OzS*INWsd1#FtemEoi~ypOzW^eKf>8Y4 zmXo%Sa~<@rS$Dabyt7F?n$L`q4#4av`XP1OWlA- zQFin4adKC>30a1Ily1S8A)H*w`E?;?-4u)CMR8(;z+})ZsFXhl; zz+h<@5EF>#LY*Xfawu(9-9%w~=4fR)z1m#mqg@^CEHCifl66&C7p_|DMJvoE3H~mC z6zBXsrRJ#O$|ZTYIf&k(a=KS=yO$QmGU-kaTql9nWH4wOaaNhDWjZ4SJVNp{yF_PI zw7xdDqY4aMasfkX3yu&djGk%F**_7IJca-LSK@Bpc_1bpHxd6{l!2PE(m_vx?eLxi zXU$Idi;>JzjO4fBzQO4gIvADNaJs z;hM1uj8k^X$9Q#OWij1r|L*(kH9+%v$x~}*ZU6~9zuDg^M>m_jxVfOP7E`k$&L?=C z-3|N4#Ri0h0=^gL6&8^>TpOXokk?}Y);I@pyA|4pp*i((=>zSQMC;1-UjzlXSX)e>HE(9AShsrGyP7N= z34mX=nSb6>f(l{-iMS(qJ01M+G5m%l@KXzkh$iLACE6z_A{NR@sPBf#2)u!f;q2cp zp(j5`cMj(i?Xl+N>))+%G|t?1Z2z#X+6zVYWp$YbPN($s-i;1(?{0z{X3BYVDFAbF zT3Y=r2mzWEp?#_apTeYsdc6?v&mX)Gkavem3Mv$=4}2sY#5VLcn~mWiv$9;bKFt%g z)jxM@jK&v{96D1cUJ8aU+1x-j(<<2NU7Ri^?#w|i#NqqJxIzHNl_)gW7{j49Q^?os zu&i{lWh$^1CocxALj;%m;TqIiyZBp<>iX@qM5$cspi(yRm;Wc)!G)ZCkWP9Pj-?9e zB|0pETJJV69}3PS*f4N0o$S9z!!`-+XWZt83~%*&ST$UgNd zy|8A1|CK1OU%M*CKbzT2ebqPXHF0)mK4ECARO4nBzH5IU>Suo=a4P(B+d+u6A1%75 zVDSeJKM&uR-?$G3K7Cs|K7_pA$IbQYHv}x!H(5SF*~-zzyaoih%#ki=v1m8095omP zVoPP<0Lo&NwtRnhXD|F6%shFHvH`?kmE{-HpLX`Yd%N4J@-TY(>>3CG^(oN$teYDJ zhGlE-)>d`XDX71iR_;GYV?y-T0{MTj#Pcw-4BgcNFL;T-iRZ-U)MuAcDv|6N6gQx| z^Fj^udXg^Y7PCTi01=rgDC(`2?^X7uYryiY-3(`GJ~)B=Mf-xX-IXM_Ml!& zr9^9`;ZvNb{q~*gFXhR)^@kca_#n-E=$GjG1(;NZrN&*9nV*&NhbZzE0@uP( zcZbeJ@YYa>8)N6|DOsXC`>VlQVZ-xm?L1O|Qhiv)tHXmiCn7tvFa$wSpS#FNM527l z=kUvkt&4#e35jQ$3i5r{)+vmtX`J-fLIk5@aXd|8X+=rv%(*Qa5oUIH;==eZeZR&a zO+BD0^+3{MWg*RtGrDFOziA7%Fyt_t*|P|&P;O|*?qNIcKhlH+`5;tnA{{YwB-cG_L%Dj1JgkeE3o)(B_C@u)0P zPh7n6spZJZ%dU?nt`^!p#w~*nAODTqA=7PHCBB)|S*bHNJoE?kzV6TAGC%J3Ywvugl=cFjx9f~8c+1H zck>;m7t>|)pYZx2)S{W#OdpZrh)TpE9|P`YJ6V=J(6q!<77bs20wsJ^aeuOMMo zFIuQz;fsS5NiG)l33jGpuXymTOMPkA#%V8M=#WVqG9l0};@6h-08f&+BP#6CGlpL( zZBEvum7n1+xmc8%6W-mDoL5R}tH9jl$rrf8|FZpu(eg zmNfdzkoW1!;^xO5cVsqii-O|$$Faee?c+(tARqhvae&t0$CcuI_tdU7f@dB7p6{Wv zJLr0H!C%THbr^BtvF&reCZ5_OH@)y~J&!y#xP>VMMriY1L+_Tu7Vi3Jc_Lp=_--IG z^B_RUrFX>X+|g8phsn&YWna+H7(3{=4x?JR-8BUttHjPA_c{w9rzUXR1ja3geRCdi zYA6VDa9Al*ik|rtb33sip@ZBy+5PLRO?zyX_561-Dsm$9dM}V zWD*O5MTbf7hV+g?Pbf%DK1Uoqo~nkOx>*RMCYsE(XSfB5cX=HU{M`0SX{{jx*GXob z^D_W4L=OG9%B?`7)0RNOKMgPWXd-u25ETiQU9`KbnXrDsg)U)7M))@~ZoCy`-}%hO z!LaR)ty~q{4WDgBZDk&;VV@Ktta$P-cxWk-h7)6c0E%Ex3yX%1#!42vx&8M>Zac%4B`i{7 zJUX~I&Anmeu~|)l6aH`WOescp*^ecFf79NRblMZW2hTA*aXs3b5?T0I%5`5wxwMW~ zyQs2t&m8RE@hjJKW%*4IG8*>fI08oTdp(97@n0s;lU;mg+y%Du!-Vem$B;QAFI`|N zFs3R8HzLyenHYo6$p_neV29GqVc|BgytE%O^8M`N< zstIx**D>x2`R=+fVOGg!Ha1`ttQxOr=T$(nax=Pef8ostQT&!Bobs{SI&!|#)B{Xp zSNWCDZ(IbVqLps{Iy@o286~9@!**e#i~`fv%`{$3s=0liTgo6F%D^%frB(GXS3h+R z@^zRQdRVB5$NGBQtG_yOxY6xq&^ryHHA7q=01+__j#+%MI?s-!A)MAfuaa=wD)ERkgCg_WD_m{yzh4zA|x8L z=0WaqvcUJ)?x^Ne650JQ!W+F6{OFZ2lSn_8t2Vm%t7+2Avdg_s zZ7MZY%Ig4>#n3aq!cKH7dC{%}+&{%|F5>ViP?Uwaj2iK@yb6}^M-BusKRhmvx0)2x zF)04Dnc>q_=$@obQ<`X*0)Q?{KSjJuyDoIaX{F?UvNVko;Mcb5{2 z1Fi0h^tN+TW+|7lvyClwR@{MW2dhE_85tAd=e9Zenr21y`L(C-@$10nv^@jNRw_}L zchkdf80)pr#|co|72*~`IK!R;>x?WLBh*D%4pp{fCmdo1BcMOQk~kA@QG)AHCde%> zg)`}pf@PNTB|vnJiI|I8{2Dp$`goK1)9iTi{WQL{@UyUkH*~o`t6?=U(Xb?*x;LWC zQ+)ob2*3?9or2De(8@0@=NWs8Pa^@MwBNX-9Skug!JMAoRw|obeeCuFq8mb*e?B0G;x>J5kf^QXFb*W zuyk&1T+?t@S2Pj)7ouLW< zN_dEW*j{z)1KHZ~0=x#>yjnUFq^@vjP@&J5z;BM&%kw&P;Pb`LnLWp{%+JT4mG9&A z^xwnZL5AaDai+g%c!RI%7RI;JF8W3q%MAkk29Ox$?5j_6_KRySGs7229*a#L4*fax z0r<4d>h_Idzjs@bw_|8e699?bgxY+F&M=jgzkUaJmMrj1rebkCAG1&6=-*SWI7$@s z8Wym~p>QX`U64~v^HsRLQ0JB9l@pe8VM|JExIK&M86=uzd~+JYUP08Ub;Jx30TwRa ztpr3BLGuk7LR#J!zw%e+1o9c)NL7FaWoSM9O<{VOn9qdDO~|srT`&UAX8ZiYUz~G# ztjDAelh~vHnyjBL#KFG<`C-v>BYx|v`m}m8w z<`$ZXj@09?Pwj*>WgM#t#3#UpYPZ6U4t)NOGVTok`_EG-;FVpNYA1CV8{UV~Qr}Mn7A>a_Ci0sU$95A1yT-M=p?!dcZ~fj6ZlBY2hxPJbifdzX@+h+9 zG<_;H%gyj?IX07?t}(WSx|RVhpHA0{`v`wBG(h~p1Bi1ksn3ltN3dBu5#HSx*u;VY zSCU$@vfhgkuICYc49fl|X=D8l_J1Z0#{YVxxvZt-uqlq@xB6rMKT^-?X$L6f3tp}X z{Uvw8|AQ85q_{LeE}H-o2l#RSU-mCH{~dxp?~bTCx}M?~o$&!QxEvXt9NB)`K3zsI zQHU1g4{+)5@VogC5D_q+*dAqfjk=t7G-^(eFr2`iLtfusvCI7}m%f{l?T&Ye+*WV_ zfnD^Wfo1t@lvls=VBt@xh?chcLK1~GzK?2JZ5nJ^AH@cyTq71|li+{K@nqro(>DWi zY`}xn!05<-p@thC1yoyc@Avc!r^CWX5>59*k|XGsi{3KDH4gi2=8AZf z)%@WG1W+a;o+wkE?uX!fxb;o>c(M;(^3jk0Gv#@{89ZQfPiRX z%_#_IYVX{h$guDa{7LG97fS{qSMV{yq;cf4{d!weM} zZg?zi7*CgCS>aKtB4$AUOluP^>+BkgxRdEmR8 zx{tgxF4RTh!J_Ytvp+)72?IUiZsmrnW9i`6?05m!@IWxoKjPA+i(*!g6*honmQ`p7 zc_EwG5#`-_$U#?gdPD&Fi_&Yod}OKdmRy=&Xc4ejbixR}o}99Bsq$Jd|M;i5uYp?@ z{%3NF-gW=fQ9S5^BRXukX6KlBh>fT*Z>eMvCo>ENug7re)Io*ZAQbpuL!Gz0zO2 z7Hd80p^Aowi|hr@_NxC%Hq2TF|71xtLR}LJKtb#+aczP}vcxZ=#PtAF_%~MKj#=s{ z(RM??uzpCMkT4BcTCcK7HEjQtUa_ zl|^@{1A-<-K{OaBHetm}lsm<~lhElHa5h@RliX@jROw#b6BLep*ifA?ehxE>K)>)g zg!4BokhoJ|11Mt`RKxKfY^^sRA9C!7lV~dvDS!U+5cc_C39&f>ihmG7l_9+DIV)+S zopFa3wlrtCitUV!;oCyA4iJ~~LT^?|3Njc43iY0-B$QzFj$-1sUNWeMTn|rEsxN`p z0U3Bq8(l-oWB!1^p|11;_L|AMrcuaxQI^FQ=^jFEZbnccD3+q6pK+NVN*0pj?m|9`tsiciD$G(x)psHpJZR*`h_#1ASID z3-Gko%|?=U7U}QY#rJBA?xyDJS2R8KDaa%dMiN;-Hz)yQDUXB# zwu3J$tN1Ub_}X4U00BTS1f7sDOxa8`z7_7)4K|dq4 z8j?0^Xh&1OAmi?PVg7^ev9kT&N3;Lm*GWwO*L4yjGsl11^Id7{Iq0?_`~C={Nfspi zNiZQO7H}e#J#2FT@_RwdKIEzvnmDK((YWB-jdz$wM`N*Vs#LAIlu}>($qs&E_~8B& z_8mqFhB75J29&XqT%e6pU~pn55wV3cu)^^~rih740R)X+2Y4ZXzJOG{mohWS;|zX2 zllfP0HfRc*8GESdryjIw$qUbiqRpcRn<6Q%w6SEz#r}L^T;A?1fYqo&Wd^oo5un(R(-a3BiorVtTcbtw&yxChy5asVUVj<@z47K3oV@+#> zh4wZ|q3Rb)x_-lYU`9-ioH$s^$lrVT`x@pqCH?ifx`@YWQjtuVf*|JIHu0IHK#sJ+ zghj&C{2ZE+GI?aGjK*pIsvcikF`UouhnbJeSc~Gxa7P#s)_DR#(CK`8HA8jZedxk% z4>6c|$qoKpjuaf{?(6k;e<27k%7%N)U0}>=7Lja>3YPulPlWz+TmlZXECw0UjO< z+aV{mUx&cK;&&7qur~o%^D|h zCtAx)u7~_4tgeL6pPy^rt18*ZlXK_Lz*-bOM*fo@<9Z^fuR$- z!azIe&65|RSE(Q&}M1^`@;+)cSJ73FydsU$Y_Vv1hBJ` zS1T%l5QV6z24F|OJV95;vGy+NU*83Kg(f8QNA1CoyFOmFJsjd_NUlh&^3*}P!7v<^ zk(uk^`RM1}qqy*O?Xc+}(EaZGEOOebnq88?Gdk&^VR>b$ zh&g;6zKYeZ;x@XN@unY7e2R33bdI#4Uv33el*gU9I^P|8?3VGqsaA9%`Aq7?eOs=Z zM>NR|?!3a)c!>t?l}*c&A5F^xd8E{M2^`6kzobQ(NnjNCR6Ecjrj}_M78if3^gx_l zFtvvPPKF4>0N~>z6$@Pzqdy858Z;8x$PpGU-&nB_dNFvj8Zt(;;wtnMD3enqou@-7 zKx;bY0>l}kntSN-46%!^hvPhCH`FXg)K4!Mi@1e*agZ0|s)umeTfp1tYm%fPP*TIC z+PWyJ)3N5b6+96{1#{!+j3{)&1zuTnN|lkf$R#%LM2?QF`IZ!!UgjEKhowM^{XIQ# zra(`TmfeG+Kp#em*$5#KM*VOwX3m}z8F=Bz_jn?GnDGPeu`!$N*~quIQ{=#1nuc&| z5(2h!zgqgSrP$KPCMnvE4yxKk@^n8TX1Wn9%Ltl%62&%^ zYz<82<;r4D_E8Ap>Aj)?E<5Ae!Z2=+&*d$2Q=d|#T*OkOzDJN1j35Y3h>#R?Fspn+ z#e6SvVc-T)V&kAu*NIOEVr0ecZG0ZQh_bdx0<&u5C0MO;wUCls@$qHZ#|lktlgp&r z&;lN7ty;-ks2Y1$&BfGq6c}t1#HngZ$f~8r-&Uwxa*V&D`xfA{BGdcXQ`RR_^7;vO zihU9rA~oCT^t8GFI?NG{kFaQM{9BLvMc)EWFtdd^*AZ~z2qS8&*SAJ>AN(}faDnbi+V%k9X1w0m6S{ZH3(F|}+D~1Zc#REmKKib*u z_KQbAb|93f{O8`&6h(6g^>$2s_}`P$ubL&iWH*MqK81}h8$kHq;k8D7RK*oK(3q#) z9$HBxLE}~mAm&;$(GQ+Tg<3T2CFL1xg)w6~vicx33ur(0_>G{Dhi*bLXfe<%JjEf- zx3*@3N+x z%O*Qg&ky=VvV=IuA@Pbz&Q>8wenidHg%>9?$S#&Dk*s3vr>FiKj3#AeOW|&wnDm3S zxa9Bl)uel><-N?A`qG`*!DBfdrc71!nv{tX$5X=aCXPdj%V^W}w)h(5Lhr3)P}O6< z4+u;6ZmqndmD{MMy&UppD_i^Krl@CRpi$dAOR{TKue~p+xvM#{F8wrkRJl_f> zo*v2`edJcUZBgLgL8pAe6ZOH6e#`67%;FF$#@Yxph%}Y;dGtTvGCg+g2=NGUrM63U zo4PBevZ#aIUc*2KRuH^*t%6%%Tt=zO_22iFHO-iz+M9J5E_O~IGe2PRbbL1Jy-vZO zut{+fDEal>MZhfl2jh+{uCK8Trbf#|Wc73+@4EtiM50 zkyL>%=34l@OnzA7?uHGAW)*prTAR6webh?qq|E!es#K*bYjlUDA+yGCN}x-9J%<*X zbr*dwPAol#eT>^iv_lhbTanyCDNe-2@4(-WzLK1}bkMIVSbb7|;IQ>gL{{D=nu3SN z2^P(Yt?(5xX7UDH1AK>Esrnbwbs+iA3@5n)6_;1}Vjn-! zTrA`Oa8l}w6>O;~V(+9V5w8k`5SzGP|cDmX$qpD-g9h-OiWHWRhO(p##Y%7 zp;;X)#AmFTK?{k;Uqm0V*NoeN7pAYu2EWdlIh+=%BUNXizIzuSpA)xtG%7__fagJl zor;TArX+Y1G2+hvK+IB@m*5a^Oh6*bEq?qHUMZWSevn~-#Sd9r1 zjyZ3~1P|gQBySJyxcWRP;8zA6VBX+;1cGc}s-*maDR}1Nhc1Ouz)5h>?Xy5j(NucECT!11STV0E>gr08&9s|7leI<-DkkvCwJGya@LZ&2yvJ+_DJwv$*BPD zP>7ll#>bV}Igp?cWn;41b4K6A+pCQo#89g-(G%XA?&8O)cqR6|bJ4skB zq+#$)RO~OBQTtW@q?a=Ksbh(TNJjtFq_DeF1Og^QV@fg$UU*e&vjgGz5R24&uq7@{ zCzc+hfVma*Ye8kokTioVA7Nz6UR=T}eb>fx64i(e{}PZyoBzGgEx@gZ*Rv?=$AdXw zK+w~s(Lw`wB*gV-@P$4TZKAEcG*IQJYqotr6sGKq{P0#G6i9r?IvlC@P%EWd(k$(> zAr~_!xP<81D=54kpbXbq%{LGe1Oh?rwazk75!COL_m+j>1l4KYybC4^U^3$UKC@x! z)IjDd24s`=mmaMd&mpXJg-ApZK|6dztqNYAR0g`2OwDzfiJoy$TWRhvDw2F2RT#7}=HoSHq#{`TRlDv!7XcyYAx=sXN5G`Y4;>JTM=f%s_ zn}5bqs>w@LO|^)@z&fSlF1;dtC*lWt+kKDNCw17c#%STJa5Hs55fI2}5u>!6 zvq4d>UEt_0YIUl5Y*Az}habc4I)_#Z$7)uP`W4{A_X@Bes8QBc);u5PX%^>@?>?0< z|64dP2xt9saR)I({CihmRHo$n3|7n3)Gzplm zWdtGvKVZ$rpRE%^Tfgk@?45}~phh!BRrhl|O6!)U8HS`&n5o;*R~;*-*y-7|WOzV$ zl(mBjHY{nAAl&GNVf1+-0rC3N9SZUwq$Y!MGAY)cYdd(U8I-D(^7_sig!@F`hnUpQ zOYjTZAq8((*2gObg2g=32p9&|(Kr{g?jQPa zsmdVz#|ueyTrfY-mwV^+G1+9ER$6IAesw4*$zGo%o40$4IusF@PKH``x8hW`0h?V7Jc!E_+NEE~^=g6Gjvw8x2*6Qq zy#~dNf`Y#FLboOqlfch-!{gW|hvSJ#E^@#w3zv%KUCR<`WOTcIArtjeu89xD<*?kT zJT3+gPSym>Ntp1CAs;$dBaI`B?(J%3NDw^^#Y} zDNpOs8|bdesuq}XPQ5ulMQh8UB8MvXjVEAN}@#wn=xxDSK<;(C94XzbkY5{{782 zmnf49^sjUV%X*f$P)vue7+!0_Fyyhq9&v_(y-X*RFr@4Ye#)it&ns#QjBBv}*m$7z zwNKfeAGBzRy~t6K3ZcY!34}PeA^DR8TWB0S=wq&-c_IEDzUU}kX@{FiVvzGTdO8}% zIs!%=Wsj}g#j->&8t;52@TW+G`zTEI531d)mELMTi`B@6i)G`{5qh#fmJ)^uDf{C( zkdmj2+Sb=Hoz0tG6rOaJYg72XHn)-o7>`@`a~e8m8rhm;*>hLbddjRyWx0To(IQ~? zQHvBFG5jb-_A)_(Qe&LFAM2pTmH7WrCcrW#SZzk zla4oyClQkNBNhMUe*wMnV$|b*7{oFB-C6J6vgZiZ628a%Z7QiFPZ^>P7;#PJAa4fJ z`OE(&p9=GDJW>NzXadWTWIWmrp*zIza@Iqv&oOPUM)An4%igt?5X|s%;cT#*$SnGu z7GgbO!6|F_&zyP2@pzMLRM1}p)HF9g4z`+G4mLBC6v|S)9iOV;v}Q7@1k+sBY5O8( zp0(N}_rIz{C-Gmhh^D|-sQuhl)gQ&>YKhxg(=^~{^_mmi(}79;T6jZ>o0&CCcma%eP=MLs(sqHgRBRnDL!S>SilfT6iSn5qU=r_wHA`zBNw?1EB~h+^el< zLgC7whvBkcD)xBmL5q_4j87Q|bSS2w3@wlh#4B#Ai0r+swG#D&>e0R{_8>jW8(H<> zJKH#9ZstB?(b_FLL&RWf8b3aJ@Jo+>-(maEIAOjWmJB4ZTV+_;0^Ftkj;q9BHyypG zOhQ4q0lHsZ8-{o8O$#k1fg71v3!a^#0~!Q4=r*tMK$mVk|Vdb&*E>nF=IDB zZ18U_8<)BY=i9elW4(AMZe^cRkBVo|vbAlyn$B#^^WfH&T)8;e%pn;J`9! z!9XZn4{Zyt>-wo}x$97!cSDayONHS8wa=C+72E4c*=vMU++M6#n|W1Vx#^^N`AQYBsIAhjFcPp>!1C#0GE1_@>ujB&?bM^e)VhC~oAgPkm|{>J z1s7P-=SIYPN!v7ioS`ClfA<|IKF$o$KR)7Kr+;YW5>ylpcl08TE3n=@m3g)+ctV9p zyFZ_(ncG&W>~{Vhes6pC2V(yI(noE<)_LQYJbEep51PvU6Mpf31vdVly%;0Ye>=#X z)|5)h5=Z;Na5{=oRc-Sqa&g6uqVqtGsykzMsX}?t{+RLvNoW7eUWi4Q1D4mEb$g*Y zmp@Z)uJ-m^0)khQc8`-zIHJL!r2#4ZAN2W563JvjLncG07*qFq>^?jtB&yTOY;HU` z^OOh%wryq!C3;F4?gt)hC7j)PD4d!rI?HQUt6d}-vzPDQYL(4u?m|dp5pn|4yR!Pz z6yNetW5J*(qG+1`qo`x-Nt+6sV@BU{0mw3c4ISj|KpjArm$?>5bv0-b82hAEA=f}uzpv{u%Wjm88qhZ3;FSg(h* zE*{DsYQk0eaf&#lAR46QPYUNz%Oi+AX{8mXzySoFBT9MK3o#P(?K#lVgPVnKOSp9` zEmIJ8l0RP;;94ksoyH$ylDsAMl@VYJvT1cXPELhZ40VYkWZ916ootBIe&AUmDQ-LT zsg}aEqoWaPbT8R=a!HxJe+jc_GQu6kh0pYrufz>eY@)k)qWmanDY9$BD9aR5ulPze zj~C}sDCC)g6b&t^$&4YJ$L8?dIZ%9b4ZygrHIp2L3m-PM1(O|)IO2&3?JeM5ZnlVD zUG;f9*E?COffo!;|F;ZA$d7?Hdf!s1nq`Y0wFxGPYeCJjAFlxxltOBkU2Q zEE1J24PMo9wk){%WJp@}Ag%V~wcn00<02U(Cv~TtK0(&m2vPeGzr`3(T@MQPR(jz?f29o%p#E^+H&%8_f=A3qC8 zX$-RsIfnkiK6(&MheOBXjAtRse_Z+fQAv5^6biX61jT@uBF=Q$AOH+XL4@Ql#tcY8 z@e?C}#4q2J)n#%#iQhPUdUa{Tv^J5ItPHtFMxqjJ#KEDH);X)kk5P6^vxHgiZLiF; z>>a-h0mdQWdE^3l*>duJJVyWH+~E3O&JA0)yM0vn<9}Z#0VuhZdr|r=Frw9aopAID zUmn6WSjmigxrsjzC~k8hc)}e(fCUZ@FICp0#` zT`LXg@S3h4e5js9E{n_U&8s9C8_>AYN=W^@@rLlPB8B0+I*rK*#Q?cz%VusTo(9rN z#a7Y2I>iQL?-!IIzdPN^+$mNp2@s+LzJ&WuaW#!cSM_O^lWvMxlX(fa2o=GVVVm$} z_zBqe{kh_{7$zyf5qCmkBl%bV5+LWTqe5z2_`RFy0Dt-ScQ7T{Rvsr60%xwb9wCzy zv|ZbHSr>&Tlz|RctnTp`Z7y&*!hOb4!0$x&iz3{IIy?_wcoQx!AAw#Hgs7MJx-0Vc zYPnY|1C!JdFa#_Xab>F-iJKv!+rEFm5EX+*yf%#{ThIu_g$QiAU-h)m?MDeV&gJM2 zZmJb6@4?zfj+@v+McCHp&s!>aCYr*U*`3<+TY75fL)&-dECA8l861M`Lh>dvre{vZ z5IC~L+;3)oRUF;GNY}N{2NE?94k{&SZ0n2a8Qp(Dh$d2Jry@#z=gDiQvL@Z$MBykQ zRP)Rn>^l1B8g5}{P<&+)qTXF8bNh6$M0!9rw7_zkaP0?s5FFY9TPFb`q9yYI!A;KQ zvj&?X6=#qL1MZJizVF%mCj13pAZz11a=m?$Wx5LQA$7?S+y-t za?*GyIn0W43L;qb2@=8=5U!=!0HBk@MMMO)MXbw%bnHe(a3kZAqkOJSrj$M83OCsE zw5jC-oUx<&GZTSLFvrx?V!s1mRu1g4u542s*x8lvG@IwbF(&PD2;qNuAJ<5tL2IPq z&8QXL!4d~2 zbvExk+MY)7A-{Qw`VjN?CaKT-s=Y7w4X4nBz}Wv#`tq}N1mkL&^5F9wHIjP+;N>XQJX&a4ZLqYh$~#PtwnTD766lH?%s~+) z&6d-%qCD#K`PdoV5^MLGt1H~eVidft60@BO2YJq^TcJlY(>aY#6nPZCYQP9Zv^I#J zOEl@>)$q?!mb}CdAh+dfuexkkY+1TyPJoOR(fd=0jhHgqN}V^c8DLa2X!3$Wi7MXc zl|DK{$}yOZmRN+nCd(wBCd-VSemWK`tfY-K%Ic=bdGnlEFDjH~Xg-=tSG`#&r4dnt zRJ!sv_lN-hHJwv|Q;IMVEMWG0V}87W2nRT$2g~7ce@U81Nm{!E|G;WB?#H9=r~b6W zbhrIQawOS5U0@&zSDSJT)Tvrm7`UZ5IS79zT%lkP2|`pmV+S z+HMl;cEf8y_y2HUa_It3=!LZxi95Ou9Na9A@r@euDs^&nA86WYt6I*qy&o`5b((Lv zg=1^=PHFsFPY)lM8P@L=5B;)kTQv_T9X0iD>&MCWxxlS;l3I8O&#l>xB8+W9ojnC7 zp0~PM+ae=BtEIj$2D0~Fd!0*{l03^7qPXz;K2-ShO!||a08sPh`xH5#0Qxh=F+M;A zQ&`VFD%e-<+T9=a4{LKS;A*Q-0A&l!|4;?@QO1$x{!IU}Y^|IUa);0vDEu{N_%==; zfQL85QqQm4o-t3;$D7&c+^~I6P>K)!TR+Fnqb1$@Skv>LfXiSn+=+<0M^PWbhnzj( z%>L4-fG7|%FFvfBnGKqL9)D-6-k-rZp^C_SJ2!NuU-RJ z6TunDL}VHgPgmHq@v+PSsjt8U+1MXx|1L$CN-oL2)Dn?JOvQg2&CXD!OzpRCJ~86H z3}69n;!-b`qc;{uz~pgDhg{-&LErt2J>>n_fxNB^)h_d9H(O5O+uPmC@AVq9sh(ya zfs%2839bq?DUxiyoU)zAxAVQOXN6AB@N6pyXuM5tcle>%BzjGz<(xWC3kFu%bs3Z zvE8a2*FgRP5%t~+h*M5IQq(OrG!&yH!YHj&d~+npL$8mUd@P22V@|YX)Gd%Y zjEtYxHy43ks|1fb(ek53n02B5P!cU`du~%kO{Cf-yCp|N$p>&}dtkry`cm>z7OQDn zg~p231lDa+UukRZjO{S>&49~(iiG~CN#mpx_t$CqJd4q%H(DL@GxjEqpPWWfM=n2} zHxu4BkD)$-b0&tr`PzvQ;ybo%o$bXtcq_YJ$q|63-t;#0+$E+D`kwoF0n&4yf@7^; zSL;zt9DEhgCxOF361M8tV?HNTSKDq?t(5C`jfz z1iOb=!eXCQ+g`_iAw3??*$s{+o0~b*jQlZ=ROK*|W&`_J`*6Db-FPwzj)x%W0QZ z#j@Uzs3yN*zP>d+1$&4rM1l3G8*`6C!CjT6(SbSDFJ4}2qlYHzDE+%YK!s>mp#7YS9ejRx}3m2r1ue2DJcLC%xq$NSMSUFuKpvp-u7|7OvS0! zdA{VAC{a@?T@AyyGPafr4MqFs-RU~{>IEciB3Epw*ofaMfe8irFrezLOO33;JSe)7 zc$6<2U$WUZ1091xG48ZMF>@+H2i_ED&mGxWe`(%i+x5BKAmeu6cq`NE*6(=hZ2?u5 zL5^0_^ur^_dF8549*!Cf@wRa;Vf0wW_*y5QEUKdXNX(7+oUaLdc)BCQuS-BzR1-&%AEF0hqBhY%Vc~l%0 z>KT<~Cql?#9ty2nzBPh?22Lw9K^BGZ9uqzB-U5j)S6hU(lcrkHajoK>>W;SpgN4V8 z21s8q-3z^$gpkWY<87C0)^7@}5cBQ;uM?}|<1asQDuz0uNhR~As~UNc1qlSI$u$6* zuftr46aZ*b`64~@6egDjcI|W`D%Oa@7Vze58APrMT#yHUm(Er)WPR+|v1zPzZ%%D@ z^YEx8B?+p0AH2+J1gd}iuoVSH{3)JN)VM(dYKwdwgc~}av21VA&hx=(w;u+F6vSp9 zP!APBtDhnk^J#clO6IZAN@vicEPj%SwCV7zZQyC)!Sf45#3R{X*ecw7?X0dVZA3{u z>JSA6?wIh(Uhb2+Us@!;^jGj)+U)r1U^(>cqY6~mugupM4!sZ;mmv=a#o^AwqTaW( zj~>?%PejxR;RoMTejC~GNVMz1g2>&VIN|7u{kqlm$N%NT{L z_fAj)%}1cXBQN?gowxAC!qm?G#*3Z+=e_~$F^LKrCKxYSCLJrI>tYUf4QD%huhE08)B^%l2-l-&mUr@CJ4+TqK z1gp3oABg@hXYzutpf|fGykpR&3=0`dD4{wO#mRWNpC6bRyV6{5F&)R|Nsshzh|!n9 zjQ_G}uyg$PLFWH%S!MbEmR08OgvWn9U>GH=Y+cQri5Mkpja|*f%uOB4%wYrsU|d|C z&5i9~JlB_WgyZ#E;JasPX6vqmNu$xIfh7XT!Z$$ZkyZr?^Q=6NTUOtc z@7XTWV_D1Jp0L~KUbg=z|NidNBa2N{5rxqa17&ya135VtfzOA?+x;qQ73w4FNDyUT zp+=!n{xXCXEBZoBb++TB&j68b7ShvG`4XX4lAhYx+aQ_RF_)tM+kqpsW=thoZ;uE8 zz)}e_pl2ux&$9l*Om`@UpsG6x=xfq~(as34L94HyK`gF+Jj06EOlnmFDG?xE=>3Mj zF!@nPMnl)54Pm`N{yH{XL|f(QrU|Oxw#Yq^_`ttpZ-u`xs!?yzWS25o38^Q$@Wu!o z9jO8UN?wQYmnzfd>p?J?2+V*2nV9D8uBANS!j(0Hy+8JSr_k-wVEP zT4+T7)*7gcn0BXC_7^i<)ck3#K9uG-HF0*y7^q8x=3@imyIj0~W@*zVhh_=j3qY}U zYlVqeTJG7!!@(y*p!f0pDf?qTSp#m3&yHC8M{2tPe3eYgrijh80{S0zQScC=XR0H6 zWQKx6sYOfKvctH^m0u^U+av^I+0iZfbOLsjgppE+Nr%ILtu)3KGr!|~44Sd)wT7+F z$AC{i{HL9d+nI~4&y9`Dw~NfT=k9(Sncj)5&!fk;4MY!znjJz7{eb6{3&QX3ODr(kh~7=hJKI8 z?*g;-U*`jY*KhZR+gtB8Enmk^*CQ7l2rOM|UshiyA1#`TguVt2Hv>PF<+Pr(NR^#E zv@U@a=<78~{qVmnv2U8jUn3hUEyiDb@7MeSz8*gJ5s|&00zgAFLP|yXFRywDM2Uf+ zCkaZ;jRa`ZC=L8vVO2xJ=JV8>%cAvSlFm_nc?@&Ha zs8dG1vb^whG6l;7@iX8cHUm67-kz4&K>!4Q-^EvZx+B|s}Nl+O29eCVOxPN?+GK>%IPNOFa6~yYJP;lA{ zg%!+LIY4w)3H9Y3L~JrS9ET+%a=Wb@W3Y*A)g0QRWWmRLUHdM!Q&pvh0k z&-(xfNvh>RNwQTiQ{)qFvJ;z$E?P2aQg;aLBPT>2c=n{&O9&nWmthc^c4k+$?OSaXw;Xu zb3BysS1?M&QKb;Za7AZv+KT2P#a5H+qewE&DE}d*u*1q6&zZ-K9O_i3@)zh-r|QBc zledXq=wZqrs}yL|;`FG|awy{G=0k9R@<+}QmU?~*>^5JHiQBg^ol60LkmeVs)o6MNalz`S9p*56t^UT94h~4 zf*e}EbEI>zwReV9JskgN<5Gn!ZC#g4u7A8vyLQA4r6?jImjXqpaeMJ(^Klm} zMk!B%UduUTQ90%-F3YDny#i|h=hhD)^%}qF&1-n_!}BnvsUzBmN?q+kZw77!se20 z@6!g76bJT1b;0^7RIiuWg@GbKz7`sk6lB{J&9Pj^Wk2P1cY5mH5BS^b6zkecIL@6( zZ?54Z;F9dE;RDt&R9Qa3*0Tis@_Gvg^aE5=*tBI?5yg+{Cv-ZnT6=7_Zi$V{@}_)! zmESC2u_0Gd9A3k&)@~LUgQlJ;^h?PR|KXMb?Bfs+r7*a97lH(2oE>PcT^_|SzLu{w zzU`?v?YTMx3oz|<3rrO$7l&>iNK-Ds>|;hzTea6rGv*%^4Kbq1H5-fxxp@05f0JFD=s|FY4w=cc@`1Vk#qcmyeNA=NU* zrxhr21m1fC-lYg_Zk8T5+hRS@dxbN7W|^vKvgC0hj%Pyw1 zRMg*Gscv+iOqP$PiuTa57d09D>L|Q?E0&z?1|M$0nE0f7W{o0Mc2M>g+)f^L6S-$hAu3Q7B=`TYI8s2vk+wY)hjn(X>j!`t#R#XY+ zu=(o_()GqAT%>oh1T2i~RK=)zawf^HONS!kBM8pLFZH;&68q1WF7O(XZ#{DgJbnzz z$9frHIj&pgo}lH~j`jHSl5Gc4Dx@HrFi&_`S#C7`@C`yxT|(}WmD;_$7~V({0k-&!6Y9^QKzV&fM8Ani?lWM6$0zrn~Oxd%~ely z5ejPZ#;1`W9vKM*>2_$x!-zVSXxJ{1QHf7$$_F&Qp*w6#fe>B{0&b$E|GP=(x}C$) z8d!5)uai4q+@geF zR0?$+xIDGAZ(&)^gpx~cL7uEu{D?NVIan-h&s~o3(E64FICeR@XFz?Mh#?iZIca&^ z-w?(lMF0J+)zaQ=ah1@T)}}0RusW9f?9z02>}>=0Q_CI7{Y|=FMgDfo zLsna>OCwK13o)fZ(lb?v=(FE68B3c!2FjM|1?CQ#25)iQ&oDw(5xpbf+xzikk=$4k zUIE@sIucP%%U4~27QY(nnzMR!)6z00!4w3}zh=lmAhbA6E2?;)d$Pq9rfe^rO0g6m zWM4D3zr!F)J~KcE+>_#3=IEMs5ylS4TW*!<6cb@-NIMnaFyM9&(M_@|*-et*1I%^a1srhd1NtPojeC1@ zyG``j)5D3i0#Rc>Y|Wp-J9mN(E~Z*k4w1~P4Br&kgfcT8!^+ryeYO#U8E$j_(_dsW zlfH6`1Cp1eu%6yLAXZf6eLrlHeFjt7;P4EDqPUHX9TBdgJfVmX$E?~>2t`|%>odRl z9sP$(j}G}@e4BUS3yhaQkt-e)&OmVt9())gb(9vLkuvPqgPtA6wyxOxD+0(f=q|#Z zu5^mdR1;y8{w)vdlHyYNG32AwixWwB1|*5?tsTkxa7)y2jHp9h5Vf#JLZ_-fCOp7d zZdjOow@@GN=HVAu;GXIP)D*H%w>2!vjy(1*h21G+tKiY5smq)%>BcRriK>78{?^( zwK{(=$m}P$G$R1z-!?w3e;xjE{Kp&LRl06+CI?#J&Ihe0?RFXZ7V?#9k_Bs54hQ$WAB&n+;dq(E|EF2rRx7;7kL z+{hbUX$aZe3CStUb29jhr4`B$PzJSNouhH&&6k%5Ls+fh)hy+zfziC%;wtC#VlS6# zVo*Iljv=^ZHt}HT^Tji@V3xfO`Av_p_2u>x@MgjPU?<5%M36#KKFuhAlI+{JcXf&i zAx{xRWHPCP*6y{@0R|)?+T~J-21Sm>#ynn7Mabur?VOENjEL@_cuSY=yDmz$3MnB=ROi9fvUTG-hMk{8bTM6EKzaPE&X2Y98CDdK%M7E+q)vo z(n{GEDn@020F8MhVd&mzlGVJ?LL^mRy7F95+1d44V@Nw0cdJkx#fbu^ zOy2`P8$-;|Q^_BWCM0h0-Ks)bfC|-YERIeBInKmzURUNej~L9Q&mGP5Bz4Lpv3jLv zy+mb)3#5Byc^Z2q(%&C7%bdq>bm`5j;o$YcUJ+Xfy)e*jjN zwT#JhHMVz%9azrfjXyjY4yZ03+1D9%RL$MC$m48AUqA4kiRFjr!DS6}Xl|rFxJ&If z8w`_duNcR6vSC{#SAt6ldk-(wPYJ8GY)5=0vgcMQRNrEgiOnW_m?=3MfD0?FNyHAN z;Bd6+tXHhUF{#qA%m!YdY!h>G+mw9+3>z?w01P32=mf`wgRW;VrcZ2<6tgI)6zwB7n5_;>b0irplZ6B zf1HA}<2-`LqZFyTO}FV*s7lIya_4P+JXJJh5YeJjm4X zM0WX##OXsVHLMj$k8^zHrh(?p>416l*kp}JwHri)vU27SlEGm-o{`B%U;P+MxDj7F z%&cKME* zn0=MhbvG_t30h_4OSgP<7PC$zg3|akWBQS|k+;0@{)RD|%~~Mvl)2~mBipCHzcwBH zsb1LdVy$0*t_K1miz-c;#c|_${pS9Zs3#3!nZb0SHusse zxwkun0G{*jD1cIlC~)yw+Q^O|n!5r>i~n5|5fbGG>Vl>PS|5&S{ucL&z6KeO+s42l z5@WdqRu!a1@Ur-^Wm5j9Fv&wt6q4M9>E1Rc@@JF-$>T4C8B!uzj^4WFE|xLy}CW6SzvrI-$^}g@v5jG;TnP>ho4{#Xu*2 zYE$3q{gJHCN+tRp2L73icp{)+#?8&;Q4APM?iK$pxy@|{T1h0^UQ%Q)j?SM}i=a1@ z=eGv$rU~%NRy9~yt$m*YM8G@l+(n!1zic*~%ES93+H)xpFz&S`Na54w%3N=4tw;K_A0Ea%JU8AtdL$Q&C`pd zHw(q>9XeHDqdzjigD@NN)qZw;6w7m-r}GEYu%NGu8~oGo6T@iPLzta||KTSVh<=IO z!7d4m(0TZJx`26UxBGcRAVCMyrF*~JG-3`lGWq8C@SF5a%TAi=D{Ysv zZB4KF&7WKQz6Ys_n)XJBtK-Uw_jeW>Ei2lIrP%^68BzOL?}aFsi^(yw}7&*#|vl>m*wt zm@x_gqUwTE*r^7LX8G}C03bN-vhg*pLNs0H_TX`-g1i7`2Bea?lsdonS}5er8ZL%) zi{VZ(F|36kud&V!g*YK`xKcXqJ;%OYPSWqH@*<64bzgpx6F(goz=xvMXHkoeDa(rH z$fi_q0x8N9hv7Q;&Ac1>#Y4Ef){_{3l?z(3QyS)s@-~%B2-yYOZKCg|K`Z-$i8Pbg z0|O(87+WE#!M44ftzIY(W_tZDhAu{_DKOl==cznv)9-`@{4f3C0LH)}4Y$i@yi4}Y zI2EXUVKxn!B52x=h0Rl66w3y(pcK4%Y2+N0S2^hIlMJN|vzzo)nLl~*DC#RcJU@l( znIFLGjnQh035n(4?XE!#7+8lA%!uXK=s51lnCFFI|cNeHh zsrKW?b=7`kM+IwwI{=egJIDw8)V>l(b`9pb}64i%RDd?R0qGC z#&xrAK;uejcG&Y(+~DH2I*S$fC6%v{lzph18Tt6XPAkYxNI2?lUZ8dmHl#Ddn9y&Voe(ivao;a+APBD-% zfG(5RmC+TjK$IPjtQiZQFR+9U8Vac~{$zw1@+*H=S?2)m#~d*attBu{0s@vGR&E`T zEvVKxA^hyI5K5smAGmah*ZvcuegvQH*a%F0=(TY_1n$!k9ITPFbjVxcUPADd(w<7m znob#TzL(GI$_S#)a&j2bXQt}gDUU+#+0A4(XvcTWLvhP!J*-HCO(yrJXiz>;*6r6k zovTt2tZ~HDxeEDNTk=JG{LMCZn&Wm~s6`~~@r%1|+?`|1r2x%Iio7z>Q<|>bWf#M{ zJDbIFJUR!+{{03_DX~d8DI~wev!A081juaMizSHD!NG@?j8O#CM|o*`?+#GHde~uO z$RUmni}c4mhoWuidBv1a-8DFCIrB_o@E+i0A!b!r2lY@E!*K+bFkT1e|*QBDH*NuvK87nIu7vy}`HQLX|+GC5zsbl3+P6VJD;9@G6AlG3_F>9oY7 zXub2r!X0rM}5L&N17z!6Ok-r?>Z2|(bo?8ZuzKrqp>YZDcg3- zt-!`Zf7orSD(=F{osj-a`WRmY%VpI~>s7IUWWnY$_N*ygI-aGW z7(81ID7#L%9h(hpxbplLH(7tK@x@lJ1j~s(ie>tfhM)fyuIJfGb>m+TksMyo0R z4Jx8E>4sC0ypa&j6CH{vy2}yA;=xznCyZnNP!WI41ecS;^K}7Zh63DZnBDRz8#tKv z-uk))H5WbYsJ4~l;GtVrcdfmgStJzYfnMWL5)Aa@hUqU;;_7!dSm8cf^~C9r!fZjn zHP=ZZ#VgRcYuFDqQUso72$*p@qql`6Ca&;%^xR97DLrqql+*jV*wn9aHUGIEf^AuK zm_}QXNy6)v!LK!L{;-t*t=MvY3)bfU)KL&Nh6* z^A$f)x*15(mk`Ii-M>R58i3Wu4lt?o5 zX~d5_E#!i$0)cDj-)tJxK=5BunLxp`alI$wrvl**F8qd?`%(-=$bsTF!9!CLdr{1W zc<>y749I*Rkct3@v(A)x74!=&kN!7R!}>3+g)HAj*#GpV`$*f) zVY3za^V%>keqA*6C`L+}UWsUB0-U?VLvutkR|-V5Lw2LwqlmwXBkJvfcOcK8^e28t zn}aygMJ%2GYZmr2-$X%Xq-4!ZcMsp&LcEMP_e3n)+>skuL#XsmNvotfGR?Uo3U9*S zjD>M_4fXPVT6E?aLyXUFc5Mvn_0^|Ci0;H*?^eV{yUp7h;RZbdskm>!*Nm6T7?84v z!P0$;`v*sgmNg7B{(`815t1Y_9#5a7@f^3GC6TN@E$1vbtue_dLM}MI zKaXb>SQfuXWDqfxeoVQYAM2|ejsEydxsmTll)Nmd_R-<&}1(`Q(I>a=YH_8DypRH&| zryR*V5%Kq*w|02L6)DSMvkU*NevdEecwJ{qk3FUuFiUcE5o$->#C7)02EnLx!I_ka z?22K71^RKP_y*lov^qTwrfmTbW63$rD@0VeHM$lvy_HS&*lp8%X*Jjw*kd#}ds_ZW z7%%t>(gDgL-Q{7vFPU9nmSP#6zvd#AfA@86{zq!yIdJ>L1_}kt?e2wX6UEm^Nv!@t z((~IgA`sdquFmRKRr4bb^5)cKw3Lyq7{^v>)DsEh#}$hKH(#y7pGWNQGJh+$6p&++U5k zeY66J@_tb0;7rsW;7#Tn&}nZ^5G>K_=z?tgJ@3tsOx>?PE^FKKod)M-XU)YIPYde!S8%vZ0t4`1(bV|ICXT zuQxi`iWJL$BiO$BzQN0?PD33Q!wOOeYqwJMTbMF*0$HgmD9RiQ4dK4Zh3gEzbAshI zI4PCaa)bDNcL2G6Wl2u^os`0uC)8XnWENt`zQ+xmtkdl;PIcF&U)`GL3MN4?;aOs% zn>?p(>5|Y4uI6Yr)L#eZ6X2I)Bc~ zGT}aURifK;;l6Yr!96(>d8nUxjxkxCooTcm#_CAW)}w7uE4#i zn_w|Kc?f<))K2G4;N$Dup5z!9%_>au}nr1k{2)l2d4>o#I;Fr;g(%$>o<)HrtJLSP|$po*&0xlvX+$36JVjJADeT6zLq6aoqY0&S>-8RS8Gk&X^r zQ8vcxCzBzaE+Cc>w1Ufw26=Cr9_~Kx8%7_3z&(~Tn(AZ+(hRp7W}7ZYXf&}Ka?!tw zQ*T~stVldo?Gcu#+6>o&q6={ZQD=U8uG|c#7mN7#u&~BrRqxe2N$Q%J)=ME%)h~}n z)yQPHaFBbRMo{l!Y1W%cjI8P=Nca*+u*x#U+iXkcR{y|8_-u(DlS>9#e(@OXT@*W#D(e#Dp#tuD$))XD#Ehy(@<&Vz&b?JrO!Vi$6&!OZU*Qq@p}{ zCEgsasR{y~7OqsY*Xh{SwS(=2sJEtuszt-<(nvXcx?H>`74K{HduZ7&Im9cX^gpx! zOtjMU>wANd88~~tT10M#UoCh3yPgoMAHCTA=Vb&8ETC8AUL1-CHK-(uKlc^iw_I|1 z6Xl=`Wq_IZ#*#L@!oIeiRye1DQC11rA52N+gpEOTJ~11$oxJ}|HL-F1%PffLKL_p} zY1=q#a$tP?qna{E1`<+AC1L3jC=?PXHm)h`gGituaNtKYs<6v&#>(CI#Y@g0i7{bn6iurs2IgT9(8xye`_#Q z{|MU^Up}(}E45PoxJVe{d-}7r)`7UWA@qevU@4s8NjO!SjVS@mCwp_X)-%(J z9>NNI%AKqnSU|eRe!EwAKcx=>JMD>-+`BTRQ&p|${ks5fyr&9t+(A=3Ol&g&Ox8O~ zaYX5aA|(6|t2Zs3q+9xt#=EHI3i|YczwRX?ec6d(j`9V+W|mZ_xQ>>l?zT^R14{m#LOG8Y9V#)%^o<>L0T)EWGA82rIp3Y!@T;Ej3|!tS;Sgo+{rI=@icZyZhApS|v`>p#*4s_=N5o#C zE-LV74&E6G(+SySAHCK1g~^uLA&A3B4AxscibAb8%BClr3{WK`2Ma#3-hr46N(mH* zqoE!TROQ9+LVeI=r3+gXHj;ZDuTTQ8V|}`+I>78w$di5Dt`S7W#9;0bztPX@@z|%y z+wJpW#zA?R61M0a^W?$m*AY_Yo2ekT`g(?tET*diTCQ1cwGle&t|>IaTHoj5WP{GS z?xM$2*Roe#6U)cT{l&^6O|wQ~g+W2n_URO!#roV)+qq86dZ^YQZ-|C8)Atr?_}LiQ z_66HzhSrb?D2@L)(`z5n`(@cgy?svvrWESg!)Ba0W!(6-nFqJ5b0dZgj-&z#d8Eta zVXdy)aYW`QCKo;+oaNc0nBEdtC@USY4AGS`9B>6+ZlEz;4Q(TCN|toTm3_YGL;d1s zfS@w|!_j#YX7i{`0IzaejlK-+S@8R0F*v9ePNud8i*K^@@M#L_g>s45EmDWHwW>88 zQvpH&Gn(4GB|sT7!pZLp>JF5f8*aSXxNQEDH25N26`2?>Mrza4sSuOeQSgU(^UiF) z8IO9wR+sR~MRn1WGCXm6AyG7b@{t|ni5tlX(dKG)dR)A?)kw`0PF+tO0F!e#Oh;>@ zczr6e9Zkp%k0(!S=C2-b;h+iK4V(*evNY2e;cLo(wmc0+(SY@EVxb95j@(}@EH(3s z6=Sj-et}p^96CIn<`|@hZ`mB~d&y6X%Db_FqX@({5nu&;S@Ge#^Yf?xd(R9EGu?FG zOHP2RU1ogMG7A%FB0^fS6{AOdbnk^B=7WF{QQ{y(s}Afm2XAsW)mR1%AQpzH1BFwP zFOe7Df;d1>Osp(+9$f$*e|u@Ib*j@)r{(M?k_?yXGSj!&F()wL1U%p!$|x zFC|K!j$;qxh>7YnVPgNdR&-7>)WU+NRIxuxo9-be&L{^-dR$so+TRpqNc>If%0HC( znRlLS6rhw5dm30LT zQw|#G)T&WqdT`LY3@OvPydfl^cgQRXS}CJt@l0tofPU$U-L79jalTT2-k*N>-{yhd zvvaHN3rbST32VKwL2-||yGe5jTcHYi>9tIA;8wi$i`0_RCpDLsDvMM@IL9%h4zMhw zqpj68HD|JUFC2kRu9ylZj@Cugngzx%qZ7b|$~*k>3URA|f0HYK%1;Xu@hem2tMx|* z3w9!=#OP)RC#%vd_%mDR`8e4M^wPNCquWkmohMA#3~M4{oK|c2r~E?l`LXn}5YGHf zewFDAOt=o6nRlyn==7ufhh5%tb^ORO}$jPr23=3x*?Vabdk zg{CzV#w77qg*esSl6vVaW4Q>ppxJZ9p`ox8$I$0J^DCBdt z8W%fgiOMZ__=(mQ%KRsogQ}7DSfeu^3m6~-4nW=NG=|Nk-$o$P$*W6H2SnfqY-rO4b<}P%jY2poQ zz*~B3Xr5U(>KKf#DC^ACNIoM68khiviKvB%6FPTZk`eP>mLFf7?(` zUJd<~IuNT1zkq*km9zYdn&9AM`EP3Ce~%;l_Xcgw|G0Q%OGiIm_y0C%FF;1$3p+zF zfsiq8V*Ci|eG**{BUG_e#)5Z`X@W2O>b9&Ft16n37?eoLqpN#l%6u6Bo-OJRFY z4d8^g=!?WN=j)zwFEhpI!z|Zgu=0{I*2$J7sMSFSd^G+5nf|QA>#QAy3 z>u}EO`^o@ra~9d2_Hq`1@xtlKPLXrQj8aZ8 z6fl-cIP)g7duBNPv&@r?>XpE1%l+;8XwwQ4s~M9vm9Pt5cUqWv`*@TKb=bc!E=*3C z3@aX+4@I!E&7QW<>zeR@CHHu-<-eCd@uw(NXecsG3>KOGM|PDMN;Yv5z=9$A0< zdHuK=>1bKG;mm91d)s(Kyy^aWeJXKPCz0RHGTz{%m2-}mON9AR@Uk>DMQ_ouUWmfC zUYJxh8$KIhBzjvlJC5WDWt!8Relm4F!6>*kQonEgaeg2uNEh(+xHZ+Ic~RqVh3 z7f;o^?FBTa;yiGJhE&j1>y=Zz9*)*6cX9Li84vckgd8EPZ!hrqa*#QK&Mos8iZYA7 z_*D>%&J1b7l~XK_?qdK`N@sff==+6$O#x zsqCSd8Q6QhHNrHEMcNpHj!2u&axStiRqobW`;0Ji5-LewG)|Xt-em6JWlBMjSf@FU z2D8E>ZEGL%Isy!rcwDLx%(zu-FdLp9Q%g?4!I2JY0kavbnZL4P5OVM}A{B^*-t4`C zh}B2RovOq3GZb0St(dW0+I#t`&}n*ZdJu#)A1kVMoCrIF(!o1sZP**@G7JUyafA* zD@ot!ENj6hbV4gZ0xJGxe>|FH9sitlK_#;fFYAEP(Nmgz&|_tBHoG>wC+Z$xYsMqu zCQBcdrg+9ST!pES!h51KJ}Dl=q-i^-4>&MAY^Unxi4h%c&Z3##3N_{GG51cI1gOWE zz6ywxz6y%GtPo9jsu0a7VQ$zO93_aF@AMCWL6e(~vi`X_kxLKNKuEIAJ$_PO#c{$V zYbUvCz2b5>zc^jwtE~nlT7@}g`ec_6_XAPS_0f^y{RN}>8RdyVQ$(BQ#)3-?0F0Kj zZ(ORDrCQWXFJiP6Va^FZpVaMQbd`r<(K`+{=>?4HbqpLD$L0EW5F_US-q$7Di!;$2 z$?p(GM5+)*MGpxD@|Ch(*n_>0sanU6wUB4VF z@ROM*lhS*T+5{0tfog1&fl@6LQFh-n+)3X$Dr>rwfKMP`vQ3n|zP{vS-N9pl--cxK z^#AkCS>IzN4h|(FMhv-E@BJrIAN)_Go`lN~!hyn4wVI;6eOA3Kd)gCCk-(1Q+f#Y* zUAf)+{10o{dVF`NbMtf@L2$=h_M_LJXTD9LWqq5e9~*hWpD__4ycUwv z>OYzKJ`=w`$N2E6OrI>dVq{K^cH26TEPy>$M1$Y&&LUgdRK|{AGM-eoR|(+XRu^2~ zBVP9FZ$2YQJ!E$!!{WQMzg1jFfc@(VrdM0q^y1+>f%!6?Lpg=p&&R-8M3uKXD$bX~ z;q9N_C8Gh34qM%yG52a&4S~V=;D?J z0TG|dYEe_}7&yrh3Q}(ff{Ljxg%AIIo_HJlL@9&9x;FVe&Y)R5RQ=fH3JMLBWd;-9 z!AlY&3*D=?hrmIN48}k&A4{CCO>>+cna2_h#b-c_LRUe#(@-rb;qN=1XjI@I{}~eHukEj8=J&9JN;6jw4?g8|WTuYT!7fB|< zmIkwA6n&%goOZ)MoGfn%P*90@^J}vd<7356N}DjEz=|T}xJ_`g_Vew2$;Bt^4d2-E z7UES*z*{tHs3`FP9Armyn?dWytFVqad5az$QG7%qdb~}BmcPE1fd@9^>hI@0PsJ-g zob{yZ31sRnV(zEraq0>}@SSJI3Y<<8OM6~q!ak%~tS72SJCYA|V+?~<9FT!DWHK9p z6oso?HJ`nei8Tm41S8P-KLaWuN_*|$I zVh$vVYohU_hJLPs(H_QL5pJBN+BhqzGWWtm8%>aL^7TcMs=mwt-j~~n89)nhAF?CNzZ!l#>3@-EZ|Svf}zg^T1!mY zx`g3LUL9G}P=6PNX_tU&sd6XaS+b|yMA>n6i(e|g!Y1W)POWV0z9g0fL&<0hqHE(7<5ZXO85&-!M1rN~#|~#pmzZ5^Svt>V!{(AH z>!WQsSe|d?)yemA)FGT->gwW6B2r~Zsp^-LJoxSIP>yVZ;ONE^=p!-d) z<_J0GvL#KvuUzRE5^-qRS?fTN;k8*`SzD$KFk-Ufueya0q*OOONPD)GM~G&iTpB%^ z7Bu5ZtQ)h|q{}*B%4&xAY5h#+7Gjz*C8`?8GJ>pe9}-N25?WR}0Xirw@(n|lo>(Q% zc=~xaKHkC+{`hoMd8hs{B{mz|1_LZQogdx3u%Qf6Gge%N9DiRD7iqG;FXNb|t}B-=ZevGuW!0@(3jzwI8*h_=B?{99dGp(YR4LDn)^u zNdqgr8hIQKyv+$#ZG8|M5s8K*F~Nu7Sd;{WY(3h%%jIw9+HU`q;ac_ad@Ki09+XuM zsct%MGD8gweAwCPk76w_(~(|9`CCrZYQfWf19SV4NpLU>(XMm=%&+{$AW}xyOz&19 zl^UAt=OVRX(jR(dm|$hRhSr1sk^6 zM`ayIu|NE5%TIa31<{xN~Be(Yrffi#MPaGVk^&8;^H3AI6(U zz3HD!buA5xT`>Ifrm=f{k1leIeRszKD%ii88fUueuhaROeK365EhV8Lh;`ko^eZ}G zP&G!cY#$&nsNh4s0|60-F~sA|8GJ)9e}xA=15VpWZ$RD;QysWbBuuagc7{X(LS`QV zFfS%t>t1^DW5_?(^ed}N*j`NR( z<@hE!|A%D=M_S+ULJ72Qu%%Hk<7`y3kFoZT-*}X6_$5x(6^PiB1${rvSw(UkrT0Hy zbGib7_g3Q;I$ilNYS;N!ZnEx)FZH-rxik0;C;k6sGgFEv3xQhJxr4cd5|Rj-Oq(3( zwNersRnsw=YpZQ%MbGlDUe&WjT{MnP^~0ViU;6)nvYm|1rknbsoLqg#>JmV~imf@% z_mAy$J7TC}ZDQ#101!z14Yq8G2g6XP&(`<-23sy0a%0s|xe8q9>y99bv|3F6y{y5$ z?&$NHffo@$Q`tcVBb^MrJ0h7941~t(@M_Sn-e1o|y&N7#i3GXEN5nD#23>pI+{EKi z{7O8o*2-l4#)udL=XdYq0H5hNS{}Ucuy`sEQQ^_$pazjh#HP%Hf)>4&3YLituKiPu z{Xm}w6*DSR@8zoqO^}7}1xJmTzwBv?Z=WRge;9kG;7+>kVLO`GHh-~g+s4GUZQI7g z&Lk7tww+9D+x~LDsQ+_t*ZVyu-F?cMir$_(KL*|>b|?b8 zjSkS}EvwK%FZPg&O!<@SYld&XA9MzK1}}}ZOqdi7d7Dok(Kp{HlYA_@Xgz89E0cP~ z(AJlW(`za%%q(a7vb{NK{y>QQVPh?Ayq{keKPT(!qjVJ#a(%3W4IyNhgYdiNc+Bgl z>kjOOz%#WG^2$+TdPseN04@(1*+X(Ms=l8^K+yR!r^^HGB>0EjR85U8+e?YkbpEX! z!B14sbWpC)C5j-_!g%M*c=jU>d-*$=ox>sXc|~PQd{kDKf@JmbDVJS}7zM)j{O;ef z&rKS|SB!TD&_5AgkB9o5bETtlIVvLc$i1;HwvyAlTYtJjfl3seWgcJ>k1y;$@E&4* zMhv#UQdi?TIk`40JGVe4Ko0W``#Dc576bx07zp2qWvCzTrYOsm+b32XqA%M}EX(Gs zTtdrVSf<#{(=;8ZU>uf%CebwCh^cRPB6*m`>aaCdS{yGaxT}d))U6B>q^!ndSvsi* ze7JI~jbuVCLqha`H*0w76T1gPn#E0miGej3il`2UcF8s*b`I8a58;)fHd59LtYJl0 zPImlS^B{8y;Wh7TgkWHaLRNCAPr9=tM~V3w_;W?I`X{n=HMcsl@@JPyMCtGg&er|szwYBui4^o%-FYG-?t**qM~m;VHmK(F_z@X`YxF?&Q~a>+G8t;3a=YE0wu zq9<;?(e${_Sl}pNPRl%;bTyR7^0h_gmJCK9N`#sW-4K+wsvxcyNJa?)(f#Q`pSYp< z2~APs?%aq++CBb*ymA&bpg-S~(YG$1KZi<|*Y88jf#jlRJp}UeBX;aN z8ubg03VSEIe!!k$&nNsK=S`PAt~a}!SvD{f%B;>jRakXs*5lv2P0v?yaxOzjv`u-O z=l^3|#(^KJlJjc=)CWN<(4TVY=Pkd{erl}3-%^s~7PRZ*q9(mT(@H$oi@Y^%XQ(S* z>N`XV#$UNRjS#i^R4l6tDJ2 zZvpdhbuDID4SXp`ERvb45x4xqXc0)Ko5J57(xlxaprt%O^7sNhFGf%tpoHMjU-}?& zA;fmh0@$nssaDe+R}O>q2X*2;5EJhl@)Kltfz_$7+uNp6@!yJ;U#@QBjeES27lKSP zczC|=L*)@p`s*{5B@*gnte}ao2cbTE#G}R9<8vIVhfX~2a!7{}&jHTJd>J@O`~pI7j+1bMyzBM@ka*BGIngU?;q@-WkDD<*lkfP?{l~`H zz}3V9saQ9{i)np`?P1F|Q_AywpG_b?5PO`V-bZ*<_HZ$^$kyPV&{8T#f|`e$3huM~ zaXzdnJO@LX4=m45y4OjJ{>}Em!T6s*pZ~K(F)^_I*Y4#D&Hq5nj{Jj~{hhWUzrk|h zGB4{D(=ITJ9%@J(gQ#^o=GeBX=f?~njbga~q-`1^G(+llCiG{RZI%}IF8hO5$NK)l z<@Fl%h)Z8p(4 z!Jv;+6zR`I3JQtxRAqU6sF3BP&pCa28Y~!D4)Og5HyhU_ELm07b zE{OaKto~rOl%6HM|1B3($~_f)YoXkPa2K^IYWw|IPkdoS2nrO5BEm4X!U&z^+TiHG zD|f-2>Ki#L0^_}*J#zA(5;dQk);zze%7_zV;?8TxqHUL|8Cl!)&V_86?K|}_*nPyD zq5=x&@4)L73$lPP=^XRxkHZ07Y}^I$vo)Y6fo{+})qM>wp)e%gRxhee-SmN)IvQ0X7_&U-tTqjE)?r3(#0Ul-t_-viY6G*%8VUD}oi(oc2RqwfOCVGr z|04enc6QfLO}(=3;%R9ocYcRYP>HNPyXE)y1mNc;pARm7)?Q_dw1ZbTN)D1(y)T3( zN{vwenj%fVxMRN(vgpKtY5i0;RX^{5+Jr>nL!^=x1A3mcbfkYJ(!ry{dko31_~OoCl``@B`q53n>py-l!n$KfUg`r|eG6IgG0UvtRL0N#vzU59C-3+Y5a z?Z;(76;YR3SUOgHGzys!&Jj6#*_^lH6mJf6EfLyik75S@JBNB6@kJ1&WD$_889-K9 z)+U9$6;Aisf`$@~KV>mZH==Tk=5Gw12cdecit|LwLn`}$Xp+&Z;1(95qOA>}!99vZ z0s-neokEscQwzSzq3~uv2c9EX4x1A@{#p1x-R?-j$Ocu*2LYPa+KjWZdRdLwqUbCkBdspzwRI0EOJ;a^L}~Nke|Td=}psvDI4{Y zRT9M`O`A$sYLu)pF02RlVa%x7N*#*^F#7X6_RkJLfC>-GQ}_&^p3)~4lNWV2-!krv zD$r7Ls*x8!kfE`G4E>nP6mm-flkG3FNJH96l?Y+-UoYzL&~s2 zLPx54p8z^ZG$GHtn;D#W^n`%Dw%UxziG2-|IlX1Wv{H% zt=F)e=M;QKD_X<2P(Ko)FDJn9ZIp6r?P0~`&Fo&)V3u(KlWgO5*>;0xjd30psVkvGg}O3DNsI_b6YM5gq?LS{{kh? z)V6q`=ELayW(I$7e&!BoTwOG{#M0jB^+SLTW6Ekfw>9(QeLm~s$?E!&l#`d|^W_k) z%8e_6)ysAsOJ{xXB)C63zG7t##ui4S!B%448-ZwZBAjP=T&aMf@!|}x4LXE}I6|zF z$v-)J=WL)5I+w$@?joERWO?zje)JhKJ;`NfbFw~Zsj9h|-zV~p5IG%9Z>7E-S{B+f z`;!SVZv2dJU^09qZvS<&v47!QAal3Zo^*1{q>pBvvvx< z%o#R5%~50jvQ7bu>FUoGzWW98Psfm}k;USzcznJtuHIj);?zL9=clm`E+fOBZBVJn zIl-Fz5D)N2zi~%ubaB`mEcdRh@`0mnq#a*4AJ-1s&#rQ^jJ;};ABWyJMBx5>-u$}j zT^o%EXD~I6fO6*E(=d*dzT;=#>{M$*o`Jf#=+0tFXwCY-$-SoK{FlU+gZV$r*8ey0 zW#?r5Zxi2(pVI%hC%@UU*J@)ZMDB>*4W%p=Og20jEUt2LV#3PtleGXQfXVPzS3A%% zkSw?D`2@fQzKH@+!~5;E21fB}qHwcf^=i1jl>Q&SY%tG#?6U4aCq=kqJmi)8LH2X? zH}0jJOI1~I8iObD!_1_0w7y|9DjUl^|1j${%?TWZUGz5<^Sfnk^#aP>yPS=RCiPti z(o}f5AJ3=NySYs+@V6r^Aaiag1Wefg=^$Td6?9vO{R#D2!9O~g+0awbnwFf80F*s(>%h{PpD0glJ zEUlm7Rr7d94^|pMS<&@yPWoc$+YnEl)|}XC_TTJpbW8B@)0ltS4NwQrJrWA-D~t{*QyboF{|8VyjoT?$F;Z|D(# zhaw3G`Dk2oCx?;z?N>H+2y;@p+8A*MJF!kWM5o?9K_<{;b(qb*YyocT0JQG4r+BG^ z&;k96Y{>|d3r$EV13cj}((G$c6%%7>SPnr$DQ z*%6y$pF)5@7~9fjC`c2B{8J$lh$RKoMn#o~0BwO|W9giuwG;{s$p9b_VJ zHd7-Gyk1zsl4xx;T}140*)S~_#>_4}L=5M}iCO5PC<#_#f(y4r!a&o{Hiri`4)OVz z5JWm}Z|Vw$Hd3NT6AHq7_+W1b1}mP*={iN!))9zCDclakf*&CreiDVF4?-&1JDrRm zq?z-|QBeHJ&kqIMz=4HEge*!~PtQ^>tO$|Zp^;KVhlODmgaJ@obVP6#{Q^S?X4#w_ zG7RX#`@u~&l&)+B-qSObnM=W1ob@C z2G{O+uXExR-`|EAESMEOc9bv=*vIg8ZOwGjuosJzU+EqA(6bhHXwEeu?rjCCzy&oS z$b=M+F+Ui$W3>_h!J<2mqia&M6I}|7`9`-J8I?xXvkmjL4k1o#?s5(O)IS=h%eOvs zJvCs(5N1ydQZ%YdPCL^FfC+kiBQ)+}n6}i)r>wEm*+f|zYg3pS9RTl)RC;>aBX{O z9)url5Lf=k=5io%lZ)sbNy(i#vBk$W-wnq$Keig+?KAz+`(5T{!(AWrE$~b@wc`wI zt`9$U@?${ukJw)4vQ5df7Ou#oEYT(OaXBe|(|&A3lUVnN(KwLEX%xshMvy+x_`?6@QxVhRfkrQ5bun zy2qQZ;}O#$=!x3oY?NnU@@L%K7d?GgN|JImGxUQq>Q@Kk^9>ycdX{*+d94=bZb(lM z5Tl^`JAvhC;jrClcWG*lumgR+-O3z4%a;)HP}P>2Mbc)3xc?v9(cYM)=}uk$JLVmP zEB6dtBec|8W-GA68*mXoc|^ZJTEp6Y6fh!dw#cQ zM^0ZY_sO$E7|66`_#G%IP^AhuYavrWz$1U5OE2!mgK8T0~%O z(QKW6@wxN^Mkl4pG%dJzcUFm5zf0y^YH2tOmuM;ASpTi~{H(xFE{ROwQ^fBNK-XC;N*v=AmS z+VTnEfN6?p+Z!YsdwAr+%66@>l zSi(;GQ~|XHE&)}o*xTpsJYk*WpS2l);|Oqvo`SO6vaAg#&nL_n6lL|T9ANn%Thvc9I z4)9`yd`dY#R>1G~=@8f3uG3Qj`BbxVU+z6fy z1oFUCXs@}IrDiSl2c0iyj&$gWxA;5h#-{Nq2kO8wqM-jK&j%K&a2UMWMP+goJ3mdk zBPp-_35~Umrwr0)^F{+;w#6t0tW!(&wM3IAc2qwEKK}Rxqd1R#fH5w8R+S{sys^hl z4dz2`UpcRK)PD(aVqlVfYLL=0X*Li_Q`M(W{8&w4Ra+O0Y3?JoM8jr7?&g) eLY zJa4gxol^cx>0Qy%+4cciUSS)OUv%tfo~QCK;4bceHkI z1N8{TVF9CI0w{RaN9^(7%ntisq4(9dgZ3wNf@6bh)0utO2wU6brKj+TUX@Vi zOKlKjSteO^`uHpko2!`1I2z3-*{vhFm-Xl(*LvO(mWI9+rd(!yRK^4OI0fA_Oc)>j z7&K4-&77*!j%nl0aS@95+HpqJFVNHH8M5|ZJ8iuf^d=z}X9i89Lu8xiY>)XpYA!T;i z*TJmgS%JzmTHyTi@+&eheOl&M!DiZQ5D=6YU;B&u!qSEb zGX_MGgtJx|`Fe`J!cHXoFd5k7jV$6`^sm~4j`xqf#o>AmE}utNkC)rHxN3U6u9iG` zPZDM3leb41TaoZr3X(e0S{t9H&89VYCXEavq19uWh*RdzS{o}1ye2DOKl;4z_zML2 zV~2%+JZ#GOzxNf2ghHZSC}Z+mvnnfKRO&Hy{Ie?Z{4*+F-Jp{*F-blUzi`?Mot9Q) zyc1$9os{?ghG?ATXnb+-0sDX%tMD@feqy1Y{3I948w7Do_4Q6x|5JokbwLJSnh9HY z^D;uyxX+g)Tx(=JiU<>xl?BI7kUyQeodE8`x_5ifuY?n@tQ2Qf8Yefm^JXKg;jh(ao=0X}nZb=JKF4<->UDAg@?EMKyq_^^!nGf< zR^l2~>$^f&H^at+A{K!kbB(oIRCvp6+xC=>$%GlC8~o&{$5VLL;IT~t0ySSTg?;vT z+$W3I-cl0Nm}GvZ%bmc&L{;%7IC2aL*5y@6`ZAn=mYBM$OSWG;^gt(w^uRg z6NfIvr@GG1uV%l4f`n_%#G4bKdt< zxDsN3(w$AM2ON%u@oTZau8G7jN=%xK zEK6H>V4A6qq7(G%(1f?dAe`ggwRoU^G5|gG9STwh3is^1bZPu#v}4JT5y^Vl2^Qzz zt-)!V&n?}4yy@+hTm1-uqd@|Xc3J}w@C=O)Cvs(=UDI3c@Ut<76I@UX8Y3S*BwYOh zGRK=A`IktK{Tq$-KUm`b_gDk#|5z57|9funqNa2lZZlHXRrNOGXh6Sbf~Ww4zLo+q zAuy~Y1bHBQYzJg8W_tj>|J~Icni)rZdn8ZrI=2}7+>&#Blpe;}4cclWt1RiF>8}I08mxaY@P$zn)!+#^`k@!ewHMia|-XXr^xw`_P=oMW*ORBxxqP7dOaZ68VaV zePV~L0kR1H7dI)T5qugzCSZ^?0=5VUD&G*kTJlujlvWZ)b3MsDZndLdA9=~2C^--R zZWnvLr6gWoS!p7F-AX$sLKH-mKK_@UD)~Aq^kgTgO@G@)k|#ntP!(E$4(!{ttYM+C%s~cbfoR3XgOYWO5qC3F<^oEc;po`?i2- zrL+K`&|@}43f%T`ot+K)=2!Re9M3(0VlYZvOsj-fh5~Bgx%^^5Y&&>}{5n6E5Hs|q z8=xg8#NI_#-(k00nQ;q zwsNEpd^&L(4ro*I(_&p-564EYms~%+(hWEM_q$iir;Cfpu(M2rD-sIWpW82smoMLv zg>NE~cJ~&q2W4K3u)UK3trT zF3>j6AA}1`KYoG83zjgTE&Z;M57ym*YU6(=q>j@51m3~oue$Ro5m z{CfdbESYM5$Vy?0BXp95R>IUqw97 z8v7#%#)b2!q3r-fbrcVgELkHj*0Bj}&}aN1Ar+_mOT;jQsS+grVlTa8e@@O};)i6l zE=w$qBMvlPuQKa;uoe1svH-E?Du>t%ER~ag!8#KJfnHFZ1upw|?<^TAi9ozbg*EoD z(?4$uT$TIm6g?dwVy6(ly>CqM;x1c99!Acnxrmt+p) zAL1#`H>MQn=h9y+gr+jHm4$SkEz9Y&1LDy z46;96Ays;SNd=9#r*{-7*l&&fI7b6$H8ooP^5Q0nP-*8^)(}!+v#SY#^S{R&4otL} zNQ>UPR*^J3&aNRlCKgY^5$L(6!yc-o7%4*;TY(iM(hRP%@Vk&Ob%1sCH~hm{K1`e} zJ4)K3!t5S;Z+-z0jNF}YuR;GyQ2+*LCtL)HrEEr80N;7Jdk#SO>PzlEfL2_Jp#PzL z%@e+xC+*w*X4ljLz#>GBI-mttNxM_ zUA}5CspAG<$1{p^hDsK-H@fSd$o_4xqe}j*P$HD^zaLIX7(eejd;d_S=2MTS$kJzBx=EX|2~k*0JY9@TUXN2?k#q6X3YzP*^GF5(d>Es~=wxt& zXfZ*z^9upt32~-#`n!)i(#1zKIVTHC8C=^X%%c+rp}mukgX*EG4&B_J~ZBjlghz}S7Q zGbYT?S*a(Gr0`}q=>y2gG0f2MBcl|NQxSVOouq}esH>6FlGgV3**IU`VW*GG+->9f zMjH>>qj5d{zOx(bZ*#aod03~f*a?q7B%%=L3EgsddlPcb-k<^EM1}<`Uh&v$TeGJp z*OuhQ1AU+T0el(>OTI9G$Urp7C;x$=k|p9qU61jLDG)VYG4bkOBc&~a`7N@h=+aApmm4DFA%O$_2PetxH#DVO$5Qj`QOipYOFba z%Mg8*)vv>~my9n#-ww63C7YCfYPHkLNreoos9`~&6LEgNIWrT23dN#$S+Q$T!SGDn zXYpUAzOay5F5=}%!~z$DLNd^bzTTUwO`nB|MKX-iLZlw zDyEX&{ZyHlFUH|$6qfs#jPD%)Oj=)tPA}iB;J3ZOWUiQ-Z18`Z5C^WupFg&(d7iy` zfS@1J*EErZW7xG|tGX2ELvNn&Nr_=Q-W-?ulDPb>c6H!CF=tY78uq{ogQ54kNzUq(2 z+8M-WF-)GW_5^PW8hue@?z3gC99Socj%3_Mk>Tq0B6;mlh=ReL!r>w_XzHq;6&?2j zBu4t-OU$v{Mr+{}at^s+0~GB5ESP}SUig0fvqv49-f0K{LedugV=%v(7 z?0Cz}S##T8NF`gdZS1Gbb=GaM`l73p6Oq9yD0ejVL4@)5ul3EYch}MK3KP`Vpaem5 zdgp_Y7TG@fwcOQ7L@7}%!BK$~6*`4m2CDGuA5fwHZcL{gpcp5>F%mV30L(D z*7WA@Ix>MGtwx5eHPTRtV5tW(JEkS&{Jxajr)yVwNON5No2P^B6kdlz6B_+`@-Y3BHVrflsG!r z4$B-P=TaXlM=gS??}t?{5Txkn{c^#9)v!3JWRGztGKS!9sxK>tXC?s!;Cx$@`NY3I z?nM^JPBn_8Az@WL>c`(KOfz2UbwWA!2^dU{m66VlAP>4<9rd4M>ypt;un~yPBNQWX z@nC}6e|m`!X*Cba>sNTf#VhYKbPiC$4I)UXwW^ZIWd}-4)CYN zhw4}S=Pey~`h4?rh$(D>R;Z<=9@J*I#c>qK{3XA1I${ka7y{|eC8hhX)J45qR0ubX zu&QaA@jrp^0&MpvagO?-&$;bB1@0S|`|bqL)s-rZTL6B;Y`+Dqh|rkxe=9L*Z5Cfd;bsW)vQRj=h3&KZFT+g@Y)o~DD_n!zT7g9=~F4OKZjkYo}Zkd|H2ge{>a{~u2Q}vCD_EtnJbSB zu+;;{ntrJF8#%SB=LoL3jiijNrWF+UNLr&1MyuGG-?>mp+L0JX)J?#ku$d8FLRohr zcVAwFe%76`KHK=_8@Hc|y8ry3KotKm6&)G&=MD$R{S}UEZCUAGey*I~dFlV8v;Vgn zfSKXH?lC;jkaa5LK*lW^T;X|6# zsm3=Kxz>s?Emicz^+KVx(oES@GKXyRRxA!>r^t;k&VY!YwTi`9pB=Jkrz_fezhwqf znApJ-16STnZ%kaf(m$9<{2{mpkWiZ*6MFh2m+H@O&S?zZqk@oNith?D8eQK7`uq;P zGe21SmoTCsTl|sW(sS?-OM@Zg!K+I;mfDe{8Bm6H-fmOHZ<=&PB@@Iga+ZEOe6xJO z+Cv_unEi5hZO+uJPiC49q0!5Z^nahcG_x6*A~|hjke!$=&Z+f^Tn@z$SxTICoOcv! zSf&Ldba%l5}m zPK?Qzh3NF8WFd-||BI%nspXE6>=@`hl7v@m%%vjsRReuhxhrUxufP-@g(yimX_?s) zy&QCqWff<1u3P#72Sz!Z%8jxF*Al>-MT3akt994f zQBs5ISR6@IBUsq4TRHG41P;;#u?gRBZ?xGav8?=caviNv5&isA0;e^AQF>5)a$W9k zYuD_T?P|ET@R*XSrymDg?E92_)McFtBJ~)44(=;5@@&-6sImL69Kf-00Ud0pO;j6- zWJ}dOm5cV8IR7@sq-v7)*_*kMw;VykUzQVt6$-EUu>+@hm7EocjRoQUVr>4OLoU`X zuY;=QDuFzdh)X|5AQL~BoZDrY;g}|SUpS(E38DI37hHom^Qa5!W5G0Vr=ubmd1<0gLJvl=xs#|1e8B#0A$o6h{1GB%eql@r?Ycce=!uTT1J%T|^mmIln~p!T(4yUIJ1%6>pL#@i7s{K05f=2hXcZa3$) zL@*dDs=QR*sv2_M8JH1F)_LCEZH+!Ch$GDm!E8{b@1 z?_0%O^*gV<}^@)`qT=aKrcIkU!M^FB#PGG(X2 zNDLDeIZ}KCN_%X+te=m1DvC9EKLemY{~%r?wXyxG(lwVKvP~Q;`-u<1Gq=k=))1Gv zWM&)QBD8@)V*nS9?3nBsoe68j&^XE(OH3wn8!$b8!a-TO+9#j28lSLDSyaO?>8SO5 zayNW3fd6)rB5PCE@EL3<#)x1CfzkPy_f#(q3@x}2hOU7UGjz8(Nh^qw-Yo!jx00u~ zSk8$&*25^e+dvw;lp^w9|r#W*HX#7C#7Tqey@?B_ahD!KN$q`-7l-Wa4v<_`^&_fbb-n zv)2GKnV-$P((l|F( z@TS5X3zLMK?a3p0^CRi3V;4Qxw;P_`5K-unkn(7mOAIoOi9?nVjDxnTvZtto`vP_ibOp1 zm%9zG<@dYI^R~Zo3u_PW<(@nf^TyWXzNY(;=8MQLBz~@rFN+A5S&B@#C6_JGjj-1{ zxv^xAc*(l>QYUzS5sJSQUcWE&DLLI`_vbpvIo+jm%cEyqU;X&Z52wpt*?RO~{mDyM zg-Ss1hOkg_1jv2_Wn+I{;q&b=DUl#bSJykmj(+RVUoXS3TU}YgJnKcDQ7e9s78O7R z88hAlNh-CaM0lxcx@LU-=qbg?{|i8m08IeAYcwu8^HEDS>)gJEM9x*a8I)b z{)kA+P{|aBkn0`q8r`MVB?h>mrmimeiFm~J3C}qibQk%&66JUeM;Mp^xFT5 z0b5#kFLyxd{I;6SEEVMV-KOfshv2{AnHS4q%~s_3_vQZh1^_WUFXztjl;(HL1H!xX z_v`LhHxwSJ;T~tif^9sFKeysEqE(Zv1%gug_khUiR&c#vf2!j!ev$%pP2gpU!giK5 z`z3KMdp^xoRMDoGV|CeBeh2l$cbiB;b&bh=sSBEXq$>oJR^aVsX#dwtXi`a16bCSY z4%;ZMbwIV>9sVBhvPQMtDngl`6@Prme4Cs0W+&%S`pSjO)*aLK;K9rj#JmP}C%0l{ zZ_O90ag>+IzpQT#w*MRl{(qG9I642Ls>k@>=ShR#RXwd{w9PYh`&C!Lgd@RQATfU) z1{;5LNJIKW*baNVdl7R! zYK;}s0Qu-lju$A&#QQwS_x7-AfX3~;;KRu!&zw{YoxBj_!AArSW6NaXsAsIQf2z76S6KF z@z^XpFchFQqp1w6Cx%u=;w|-PSk#3FIg8Sw5{Vpm&;FVRS!Xu zUhf{qR~_uG$d@AM1(RF@FTB3@&tMcnuo95xwS=oGV|_r<=pUFh(xPqMiq`U%!UtY}>&N&(_`>BQED(38~!(#(}t_OFTq;#0o!A$+c^ z(?W(>CEBmG2&%0Gza7`c+QKS|72x$kep=VZXeYSF7! z(o275sP|Qm>~1@QQ8k@?O#o%C=$1etz#Y>kv;iSL;&}aT?$~p%{uIN&4hoe&VfQdI zz2@^?Zq4>%``X7^T6?=aUelJ36IxTXYxiadNveAHhglee-Dl&PbvJm`#^i<;2Vd?c2*nX7yuts1<~6jXkSpOvvWCA&Vid!wgz?N9(Fl)0uF# zGf$@+oe-7~o)AtTtLmY)xSm73&&y7(+sED3*2cS6{fDLBcX_a>P`0|+ zZ_T&;7gm$sM)zNcmRI>J#@mh0 zLwckX){j-$PI%P4@B)wEK5HZ--ViWTT?C0q#(c;^s-e?GNZ_q)D_hdttgh z(K|6^R!<`107`{vTuCZ#$s_w9M#NH3=rJuC`z1g!vAllDApbY5*$NlywI2&m7F_`W zO$tVZJr9X$81ai9n;Z@uXptyFa)THZ?O-8b-wCPRH4Bxa6fa-GV8s-Dw9TLn)8q!8 z#BjDJ0&`L5tC`{CqcU|g)T7`Su3qFQ>!K3^`t4{o)JEmzv?9GlV zc=mJ6{L7}n59eY_?5&wGE@p?#JUGU~dctU&$G1!)ftu!^Dh~}HfOi1D&qP+0_Qws) z=Q=!yb9nct8Vi?Nox4cb(YI3oNzlsD27T<;fvp3)+&EHL`wk8+90|uhsSjup3vL-I zTwXXqn$!KdD}X~+cY(W{mjN7AB}Jph;4p7rWw|t2V>K>KT#6FB+)MIGebt7jNG?hkf^XJ(gr6>u-SRA3Dt=&eA-9?($ zx5`jBN+&4gD5wO`lcRq4g2Cr17%woFjJ{QmYE_D>yaeM`3;B=Yqv)6C%KCr!zVwKu z!9A=Uh|Ulte*@DRh+wItjqtJW5D^SyB#eZptZp~0Nh9@&>z$~(Nu+CY&scV~y=JNF zN@nRdFbMxldEe0_*7+`@f}*5(2^Ajy9P%8kirC{NzaBrAyFsBE4%Bx5)J&StGvLSp zI|uhQ?xgcUnJj`6nJZ>oCWI3QR?1?NW>j6}B2gNLZ;XWnjbXvt%2*-Gxes3or{X|2 zc$tBWw2@&ght`NtJ}rl4Nf+J1{toiXLwQK&%F|--@rYf(QV=_p5%fr0z>*LCgaweemBjO~NSR5qygc5hAjvj+(x*a+vRI6H>M9C;C{dwA?qiIh zMEWY|PoYF|sJ&31f4$+IkXMWP4b$>xqLuTRhK%J-Lwhjr;YY_o?CteF8#C}>MazTl zB?;aePmmblW8Il!_oa)UP}&LqCS-NKWlOdhWCCW>u;L>o@*`b7tzQp=7XP~FYk?oc z>YUUKtJ18Ikn&?Mvz#4I-l9$UG{rhPgn2ccF|J~KyGl=0qbIzS{FVgf0Dh&AAeZ}A zGDR345ROK>ACRCneeSx>QCNwMwxr17-d%k!MGbnX0qDO}1pvT%Md7|swOL2;ODOUT%asz72u8nR9FzFl;spB#ASfU!8QUZ$1 z7-fk)0%>f$gLkX@Ua#)S@{`4r6-*M5zt!&N$hY4InDj&h6zIWP!YkRTD!7WsvJ}v5 z2AL~ixh$XYt9&y?_YIF>_qX}PZ*~l1sFaJxs8@ds!LQutJZhyU$o?fx z;pF%iMmr+|+kfxt(~x$X=Rn;&Qa86a(pN<|+abO0#WDpYZST8ru$kRwiQ#QpoAH}Y z*)MX1Bw{HxIh-I%Ak{f(ufCEZK88lRcfB`d;^NxFCFMwvDHz2l!c?jqa_E~a62R!) zB0>rHO)sm%W-yQpudBZ3ooaURNBcPz1%(NDJ>>tR>>Yz6ZM$~i*tTsuJ+W=uwr$(a z#I~J@%?T#<#I~_>f3^2lPt|+Zu4n)0I{R05b=SGBwT^WFjbdhUVzKA#;-Z?V&gX4o zN_GkBOOUxJBRr4tN~|n-j-M1p0jkjN42!l1`Sw;c);|i&tXU^ipY%^cO>N&3{ zz6gN}Hg4Rb@KkA+)h6-ASDu`oRknndkQ?y&! zboQb@!}-oUb%R)g*kDAfb|sddF+FeAw48vm3xx|Jj39C}aK$k(v#Twy!jh#PhFSgg zTxQH$RNo#L+GUj?-8+Fxzy;IbNF}Azi`FG7^3c_-20fUWPXGxcW({my-35f7+^ZAw zl1epMO#*ZWR8MOi!r)+sEdr7+iH?c-Gy@w_#5}`A$;3pMw=)%r14EJU`o1QC6N=2V z+=7ElQcHd^u(#ZFpa;nalv<<^atQ$WqdqtvQl)gomNYa{My-CNDHOIFRHO zGuIDae?Ko9>SI?b5vCu!z$lnx0C(4dEb|U(pV^X!xnK6~WL9O(ajxep^W1aX;O>Hr zjE?s89OWa_OK(oCv~sIHY9{nC+5XtJ+n)PoxX!RqC8b}EkB9L__7Au#*}Or&NNG~J z|9E7j%1`YjKth*6-W}xiZH+V5w{d0sGFJbv5Z^u>KFwL$knApr!63R^5$bN|A(T^Rub z(RKn~rP?BC7;3o|=+e5*RB|*@eF=A_oVV^mhp-qW1(H%upx*WCSRjYL#*JTe_b|UK z4pN~un&-iyGRLvJ-rz>~q&5(W^=(CAnm&8Wo>-v3uxTHfrXAulY1SRsdAz3v@V38B zq4bip8U0z)L=dzIp>}iD)|;cw&wr@mTK=}N5dGWGsLzbBC%X1m^9KI2t#hDlp3&Bm@e;>y2AXQEXO?C!&drQFP@%N2CDErDWj$Yc z1OH|lZ;Z0yS}0wJ6#;JV>!=GRMRAFS@@jfE>;Uxc;bGgLDO)At()X= zPIGbF{7S$4+t2-*_&9;7aMQ6OK)yg#fQ0~z>_}bd$p9&Z37E{cRp$ zhPzj(@CwXEu5Yym)(vjcYs|rJt*Q9uPIJ?{02%ZV&oUx3Ia{CN`4uiQHj*?j;ewgxuh?gsxZ+r9%y-C#Ms3*%Yts!K*S3I}*zQ)k`9e#Lx?-G!hm2pvs=qWU&o}rLRC1h&PR8 zU~X(u3j4J;?FG>i`xTGAs7INa6_)(I;LxaAHw#%arbyIrqRZi+Mf%)!36;@+9~JYR zJyncfxCnS-t4~S03eJxhB2HMIHsiH;PQ-#plV_L9@v=zw1jzSZ z_X{R2AALV29BVU#k|~R^=LZZDo!K<=NB7fH#)pVVt z%B~h-l7>oIEK4UZ8Z&45shI2=veW()EN46PAzjt;SklWYjDVdp44x7yF(f;6I4IW< zrdY(900~KC{0=fiTo12_f79ca*vyg%9T*+=N0I~qOhq^@Sp%yZsyN8>I-eUzFKEdd zjaXtz)ARu|jESc^+^&+>cKwaZ#l6MDb?tKpPlLlYWFqc11;f9;c8-@`)gm{RGB9Oh zGf*}juu@gT%${*NW=;+vL*S7l`H5hL*^W1sp&08-aJPH;dGY+YL_RD_W6ILe3#ufY z^nSStAA3xf&ORHYUcG#<0Y18Z7|z(neZ})VU&F0RcWjWdFvTj{tg$_=dmmz~i*{tz z`owik`mHo=OQjP`ejK*e=3q{EaWP`HipL?`vD3+^gxdmpir790n-C+JLY^n3Tp47f zua9t_|CO|o4ut1bSeI>N80Y7x6ACFXU!I7!4=ZCn()Fy@rj$+yc}oab!2Uf+esGGW zH&|~`QuvT8(5Ie0oIQsJ0v0z;HQZst3JUT{QXFM4eGhyxQP6C+)D!wbmmp+hdmE=* z<%B(`=TCiVw;NGobxIsZGbQTRn(sK{Q2PfKoSq5kC#psCj&b%vZWMm-Wq88ndg@>M z**W3AK~77;^U!&ugCck{a?(dD(WWg7hi=GTW`0*`xie+zyC;VivjsQ%6zJIpYnx9M zY2yb6&VOX`2HdxWYT0XRU+g9-7)pK;xPb8#XD6hp9Dg<2gO|L%6S6P}+V=Rr4CJPgGuGJ5B#uv}G0tIs1S9W!%i{Pjv3U-V;DWGqMM@ky zZQ&&CzUbZ~#ZD_O5G~N;SjlhqTQ>j|HA|0o0oQzsBJz$9I&F8)6w%@$TQU{_$Dt#I z7Ts2yZxffVX?`GID#k$nR!unn#S@E}>HjQZ{+m6jwDUI^@Y}s&3R!2)V`~a8rzK}? zKgreQu2cmp7GDanIUw1>|KpKK14ITby`Ng$ijfJ<1AjHBe? zkZNmt*|xn|2KzQrS9d-!68eCN#v0}MEg|xAV$ObNEeHrFiXwq11&@;mNqX3SWfg>7 z@sEc(6f3g-qiju<5_SjUoAu64+`=0;B+U~8Tm@*hEo~`by$6b|TFhF{B&C;8A zXPZmjN_99nLG8Yx>hT2e6ox$~=S{Xl)qES)m2L2RuXGxw8dNF+M77Ffb+-Y|J$WSA zT2Jp?mM+D{9P9+r^FZ8+uEd1N4#qYrbp`%Ok>v3(8_HOqU@_^JWII8lu|0|4B$pNR zPv1e7lK|fV*OP7^2E2!t)*U)#hf*#g7qqzqOnbyxMF+j>rXiqaB}&996^hX1CfeL6%e>R8J zB2jih#mPbs8tXg#$lG=u5Wh_CdhA65U9kXL?;}fO;Vn%18wL0?OCJHamVo%8OIjUI zwrnl&pU1Nm@}cMqBcGn``!3E2T?$Kv?$5U&T~(1*-Qh^x=N#O+Hmx_D+`Q+irg;C? z;TqJa<&%jVcSABzouiM6kOf2B>v-krY#rqk&(4l);im*5Z_g1$W9Avq%X7$|#$cr+ zIO)#0vOgNroy0DVp_~~;jfnnC3Jg*y8E!@Hc%%UB`2)=$z0Y0YyKO00bcZvp1!=!=D z`Jg@kzZ6>ccRrd{#h6C5dhJMTe%yD-1UDxde&OeowRL&k4pZ!^2oVKvM87@ImL=Cg zE>7auKEaFY(Dq(tIsi)QISQlrhzR)4v`gv@-{hMsC-i+BD*8HTs+b7~K_Z7v=a7!I z(M`g`U?ZraeZc9nhRYj5~3^z-q z5;v{70+*fLh*RrS%i3V%cgDISz&0 z!;mQ;iUWn!J6;b(`hg$^Mf-*z2UY!n0N+B}JZ28Pef7;vTB*8=J*kf!V$@>5nZtpR z2iOn}`8Ez#qLaULXv#jv+WU!_{!k5a9!C-CMqELhXQn$sd?jOJNv>r_LtEn40Wq2=i3jS%Is!=lLIOIpxL zCG|T^qnl1wLeS`W+&8a$?W-PISdQiE-@vKGf?RXB)qMO5Z1p+stj&Kla&3(> zVRUy;Zd;YiK;wwfPJ@ve?v~#(cexfTBge97&njxhyN6btCy91y&lPO`9A&Kwy%}j-rDTx=;KaLH9nzea;xVXUY=GBIQ z;nRYdu+qR{kHHYrk5wDUX9C1HtPB{!hSR?{H{~_p@Zvo>tPC0=hJPQ1ckim|db}uA zoR!qeDDA%<%|5@%(%Zh;xqO|UPRp{@S&0r_P7urZb9;Qn?g-;|qd8ABi_W3-&cP@}1&l(S^UVLW=KF*lXg)VzmGsKzP4Elf~H|$jD7;IlkAhY9dwI6KChcl!MM*J-!#S-s?f_z$zAWdMJOFS~tlC*e3 zOisK}!iIp+R7YpndJve8=2J*e5u!GWUCHKJ5J?EAIE zk{Y7;lb*t7j4+uEFffu6U84AfrcNDzPo5nA`#~LanRpXK_fNa+&-c5#cute_EL@z_ zB;7iFn+Ro|E|{*31c0$ABPW`Tv3gxPZex(h*c*IZ!H^kV-AybCW8;B~tzTC?P3}U= z5jE@bnR!4D2t7~V4t5QhrGgrgx)<0%1(9V8x{ zB?LuJuQ5}DzC#AYp_OXyO;ZeNI-1>6iB7-2v=FqBqLimPbkM{L`U(cw8^L&a^Jd+$ z7O=9=bR8AiaC&s375}ZoBUb(~IEpO+>}HtBHtA{|+)qjMYjj+$4(&TyT|99vhKtn! z@7xeG&n@^m1-P>VGCSN9-z&H@9=)^3dXwHU*T?zeFZr8Z(u0R*>- zdL?LT7lwL0Rgr_=U9E>PiecLYWQw_}GmblKypNSNGgVROk+6%ExQXXJ3t`n2^Z|g9 z$Epumfk*l}w#ERNcAR3X{KeB(kiO2dIMT_g(LU9kD3Sh>F4DCilcQTM>r6;cY#GVP zF?_g1`)r~B2HTabrwvMcB@Zx^ZAyhv?ZorSU-gQW{CGN1k;>@HWe9LEFJre{3Nk7n z5m|+;F}4DHDSCH;hZrXh`MdsUdW0OW5%;h81%*^X6*d+U?CNu0zy-zc1q$=G)}ix0 zjh$mi2)qOAF$!FGQsKfU5>R;1fuy_Q1Mwk*(EKQVCg;?iSXCQ8@d8;edZ%xS9G;5^ ze%p2wdsbe^!B-m@I3(XKgv8PHjw!kwK!{~FQ(BjI_#rF2n=D3(G~?6ulCi3h=C?x` z`TsSBO(A~A4r*kG&%cy*HUZsVi`#z+^3o850*PwU+y<;C#C)_>r$K1ZKe?n?g4S%g zP8yl`^O7Y@aclYeo5CjLw9&<9(gTaaLfLIbfVDV&iPIqsZ(I^K5as0$Aovaq7}OV0 zK!^wJgOHe9MGf7rh|_`4RJn!iA;w3V;HK!pMxDhHKS@ln6U~j}pJ$C6J!rbaxTlXJ zOt(3_U0JQ0NJ!ygZ+OG=kL(b9hb0Dk|E?!F%Cf`4m>3w|KM0Fb2I?{p77oL!hll^A z1NR3WK3XWmwmZ&0kJ~TGv}ab_-7qt{?Mc(@uPj|tsve&~CeF~@UerdApca!vbhaZb zgk?VwJytPzaI=HPpgcT3dxiykIQ#qJwemmj=mTo%fHyn!Lu|JN2w%L`ND$qa@3ZK4Zla{;$hi#R`@iYI9uG{d5!|4KvMCpPaJECr&O)9Tn z7izRV45)5%L>z*pMR<)B82NV5#0hEJ(4S_i;D_UTwt~3jcicV54CtL&A<{q8Rvguv zCW4xg0+}duwxvz+lH2tMg*r*f|DRnMC)2l}>whQ_0N;_s|83LNqAu&a_RWyJqjhQK z7ELvgOpCYtc4{kQwH%jy5?gFNaad~0UZ{!G?fU9XJtx}ls9}&8O$^YP#%4k+d6?7X zEvA&wOA-T-NbEn+b|_*6`enY~dRH}g%9K*szq6r0N(TL-hz<%_+RpZLV<49S(Go3U z^WDI#$&uM{vJa{%^HfSVYk(e|{#W!_cC_>8bY@-3a_=!P$8fi{_06s!yGpRh^*&@A zUxx9P%e{L7AdP~-{Dv79LORN4uHIabMu_&uW9+)%|I50)lk51g&-r zU=0HcmECz2wu{d;U#DeNxc;40bpQ0$dBLA0&k2}Su1eLwWCGLi_Yo0**pxMrpu|;@ z!gsce+GXK{8|LmSG7v!+a8kHNo>zb@tY^o@aHZ0N7R@X3|)KrvTaoA^MhVotE-xb}63NF4$i@ z1pLXTZ_{V5!{tCUI?eXd5}_@+T=`R(Bf2i}Z0P8~+uik)TgH|row&MATPlw9e*o)d z(>HXM<%*|7Nri0^Yt`Jrv!H&|!J=S^VzSp~ba`>C*@eH$G!;+Y6igj(tUmfDR#aD& zrGy0%%_}t*rGa4Ev30bS^f2ml*-;8NjJ{m(5>Y1pK$@TlGKELc{;Y3U=>r+U1v$boD$>vWeT z0`5S|`-Z{x+uvw_j3_wd3IqmFZC7mC-laeYuP&dT{OTnvU_4VFby&+Zj5FN%BGY>& z-zq`F)l`*xt4#NE7!Tv-4yNq%`ds%tRW1Uy=_=GZ|BTK)JgGfpkAO#2p2uiQd;!Nu z;hz7?4P|EjHx4Y*e}6+S)TRI7u=l*FAFFjOlzY8877Jt+EMR9Hie<(~iX;&u8qzj@ zJn3pm)yGOwgSFr90jw=sw%e-g$%7~&@{@NKh@PJ_ol|z{%$RX>h|^%EJi<^CjS?N% zu!`=krH4$)qoh@@!=krwQ6w-q4ezi42*5ajLp`7hsSN9z`=BL%TOj|`M`D9`qbA8Pr+(Fp)gnSJyXF?( z4z>rr(SRxi3N*lQ=H@Cb4?uj1`CwRdQ~llmMS}Vii{0T7jr|sEHndv`tSIJ4CF%=a zfLA?iQ!{o2CnATImJV-FNpRq0nE`Y&FdQ%~4+?Dpq&F36?k&jZv5;WP01rexmBS^K z0x9r7?jg)cTKbUzWfI11GV2=jqzmE1>bs1$<2H*rhlCrWjfZ+5DiTl?o^{DhvcWQ^ z$x1TB-hL>p!u>Vn@d2G%K35Ts9mV%l2O0x2Cv#xtKmQbd3ARsB9{8;UP9v`iGL9iU zYg=kR9n=n7mEfVSgahH3v$!e0r7CTRpuy;M+^QR^A8e8PvB1lAX7*u64EeUgo1_hv zD*ZX_LW%&p<6gY_*z&g0b4Z)Vl!XQAQsV}GUpc-P27#@d^p;e9o1 z`x<$o_vw9)`2CdtSG|m0n19_RBm?G>&K7Ns5j*`EC>x;geI`uAR}UeKr7qFd!KFs8(!tH*;9jgXNt{N6DW3PH$`<5IhgwWOeJ~@MpF)p z(V}Xhf9*~&vU(r7h6bc9VSrlQLg5L2NE)HcXS4=?fF_G>@BG{CX8TW6+#__y6`LcH%T6kC_zyx{yp{TVA;^zYP%Ew}a(HQ1I3 z81GYwS+4OrGK65386{T7Qk!s%ZCe=FWIAp-jjq{HRP{-mZ+F zvlNJ^Fr`Q$u~wMUB#P}nb#zhD`rpAxGF}K?73;J})IF~A@+ZfSpe+rMWcs~=@cZwr zzMUNOY-Idi@C~Gx4CjG9%hO=t1GPnM_mbl%brEiw1x^O)&Y+8`_@O)FwjJt9B8UXy zf3Y__Re|R*2CoCoD_>x5g4%|h`(QOBq`eYm)oJpo*nS@MSDqgO|247ZBxiW+(6Ar% zqNj3Lhp8W2x`I64O3kH4uLmkERWZu@L62wJtr995sR}Xa!*2r}*x_%`ctX0h->CQNd^osmo)hmn6B{oKCDX=w#}XW1M0pv+9y;-WLC%?0Gx z*J3O@VX52>45IV$TbXXgAW=J{6K+Nw=&!K)xcp7eB$Q}B(pLA}Ad4Qu8#AZixCB?{ z_3_oIT#&=MyqPXn-*(B$d6FJkRTCkQ&XUb2hUO5Z2vFtZ@_UTN-&Cw22K`>sCy-5b zVp*FuCJlq^1=z*J9|fA`rOaKr0n`Y~Up8mZ9UtmKX=%S5Fp6fbePyW6UiWOCP8(D! zHetovzKa9q`POT$@%7Sx>kbuLfnaEBkOx77 z+*Q!VQbR$V?Nn%V-=j)^ap_L{|7~xfBg4>S;Jb|(Rdx`epmVhqhyFyCmUpe z%+Eo|0w5!ggA^l(ahr5z(=HjDM!yvL5+^>jAXG^?@acs5?W7>=&OCrgc*=_WjA7IWK^#i98t49h` zrL}@|ya@-NXaMCSbzHIpI_%Tp35Gxbr7W%l8o-!20pMVskPL=loX%GNLgU=n2VNDT z0-|m~pah@fG|G-8ojjWuq(I1cL?jgUqZ9niL!lvM|0jGqiJdH}gk8o@=>#cXv>2V~ zqiL)T@}n5Y`Jo4Mk2QnxJ(?vE81KQ(tSNYKPDRSdvi9`h4kY2qTK)|2$Q$`h&vF1J z9Jr_(Jn-l@{ZqE2DTuOv9O{e+UaRUZI4eJm&&hGtxu*YBtftATKO~2jB1jf5T$*;= zkqOAm1%p_5_wdmG0BY$EYGC&PPbb#3xsf>iGc~)g6Vv=#)cs2!NkRF7wzA;$ z)={3gqL&yWUnfr(hRo4VL9S#5Xa;=Q;bK6QW{^sOE}SL<^y#|RAV5bcNJY1c$z9c{ z)S;;|2b~AmOgdXUo@1T!>+OocCQnD_ypD5yS^v{{v+nEWWG{XC@#ORN@8zxSz?S?~ ztN;3^@7uZUC1&_b*H@2p@tRkrKHC_m5qM*h5nQMqv0FR z`w5J_-LOh}U_0wCX0{xt9s&*VSL;Nr7P@jdPm3b7@i8E$FFd$HF7DcN> z9*K?M@w;mb;zZ`ps``%;{jac_9TRf3p~`5+JpSG{W~9rYU+r*G)UO1ZU{<>;^~vdh zO2%o>MC#Gl+3wgD)K1wzNg5(CIY6CxX{bBVAH%L~Q?Sp89%N^A-Fp4ZfZoU)Nrch|uflv-%+y+26R=?xt>;_si$err8^u zj2q^%dM@!shhB%h?nSST--_<$ew5!;URQkH7XRiKPA9h)3`6XWKI69jo-Jf4u7Udj zt;|MK#ofvHJ<%AF3lv8POGvhAx3+mW+BTMgvD}<84;w!G2vU+ps=s$I(dw#~H+ls$ zgGHN4r?i}sV6%SwxFF>QlEiNQmu+@tt^Sr7WKCsai5TRx zokC=(`n{xU`)o$lT3A$X3es{W0#=G3tOVt=S=oKXaaL7mXq0h zI7R>RvYBs7&OONvt~_iP8`=wBW{3T1Im`UR-4)y?oIrexWCLXiCI*$6SQDPF}Y&La7!94+~eaxlj^xxG~)&IUEyG@@7bHpP65nhLZT z2iE5pm}FBvSe}s+MyiJJ1JHV(n1$|Kg7;lMtX1ksujD{Tv571X}JjE4!JmmLvqZLL)3VrR5!@=-Bbn59m6%`C}tTEYh8>B$QTA} zDzriE@AsjIH6@c7Q~_bfY%{SCOs&dEf&N7Twe-MaV|MxKEZGER6OggB!DAMr0{w-d zh!B&5KeH?fTKhbpGULMUI*Fc6W~`bLTl4}~x@s`~+G<2a2h;Sec_^JYt8;Eb)n+F?1(*>=uFM#6fu0zteUtF9fZAgQ6GW zIDciZ3znpGdTlYeG>GZxrW|hgu>Ry6``K3+b3Ng)#;{2hrG~1x;S$rN8UC0Ibc^oa(`FN-bc&3f=PREMO zJ0ban6kTK~$u>@^!qhh>LiACe==q2~IXhlSnn%sng1G^kFjB#8&cA|5)I>HkCfPGY z)shn)1SWio1^VMAtl(7jPMz|u{L`f)mS=SQJu!;gI;YsFFj?<6jO?R~djS7wrkudi zhJz>j9#~~6$l=X#$5l+h#iDgHtKkI1JL`F(OeXykSq z%8a%v@olKaporvzR}V!^U_`*&tWgAeRYeFTzf7x}9?OrYa{Q~Vl1_GygC3UiM)D2# z#_tV{Z)!qn+3vMjdiga6H}6blG}a9f4HAv@>uAsB(UbX&y~qGj5Um18#ko2{NRqGX zS@Ji|;Ve==9n2izn`&G;+-`0GVbc}s{F@LHI3^SV8LPf@l$FQL_WlcBU98%7%RlkM zN4ai@<#Nqhw|PW152dcUrUlpa1D`B0ku2yC7*ccq+RC2RHZ8{|(dQmLww}f9V!5@* zQhcympQj8)yxQEt@V7jw^Dk!1O^~S|k98$O5Zt+uiJCvlYrdazn^wAiIs;un`7jIJ5{AQ?phEE0;yWRW7A(8|X^2XNO@M|F4#mM!?Rq6- zT-fZ|>Mj|-=!6LSIP80lH&SBHrEhtr)Wq2>fB_v#H@rI`e6n~hr^QavO$c-*N}w+o zV^iT7qys*wY10kLYxl)fAxg*p=5KIG6<@^u4#}{e%dTC zPcwr6nhaNu#3&%ihfzW%EqLm(X#nGl(;u)W5mDpHF&_?=Ip2Z_w6*wuLM;pHau4 zdkd;c7B=iiqg3QiA3a0xN|BjQY?j?f#$hchdAzf~nS66N76D2%5_IOeF_Mf8BFesI zlV-1z0#u181cgfcI>L$xA_NjX?5gY$*&s^GqtyUu0ffz6JD5vQst zWUtFpBA6;~tMGK{(Mliv9KOPh6HiG?%ovZ8SLVEFVDykqcE^u>4nk=_R?W7(TM zs0jJyJWgsI`1WFWe&Js{G`t3%)f%SP-1M299z!L`L$g}j@CC$a4-oyA0>JWb&Obkx z*#7GRu=(x$^F8l>JO3O*WfmU8631E2n`FtEuPwI8j0o57G4%@s7BBd3qYoggkU4%N zp4_9LN?JVq@?Fyv{0)cf!u$##z|V7z6T*|Cn0rP5hXWTfM0R4!Ewnz0p7aq1_C zsR)f~9jwj>{7uRv(C9-vsNs*iay|Fzx!Y0NQ;EMDSuJUK#N;5!iG{k&0OIc1Ec?{8 zxLdpFK+92O8wzx^9$p#DN{l70*}2hzB`DKq$(V8ZDOLh(GPuOf7C_Qxh3pq>RCz_@ zz=vcgq?3J(a>QJFu`^`Eq#VYUVO7uOJg6M|V7r@0P+#ZeSA}cv#~{Lhv2aQ+FrZgR z(%Q_mp80Q8x}`$WtjyUse8HmWl>+rw2UZ*yLyoBPJZ6 zo0gFPJeHMshq#aUY96&~1Hz-=ebX`tC7f>K+gJfZHu_~aF4?s=JU&7kd^qGcA7s2{ z>J$ra%Y=Mm=bx8Wm;yk;ZQpO@oaxiIU$jG`QB`U9OTY=jGfbj|lB9Ly#K3Y44TKkB z#eD@_&yvx1)k~VX7qp?-LPDb1rxwdkJXNQXiMYO*ojxlA_ck_v=J_>pa&<1bJ?9Ao z{(2WR71>d1!95CIlwr71(xPsWaOV*Sc}i=#7OSmrRKPxhlRsiyiYMIX zbdo;$ZO&C`U6t5L5gmlPEZ}$~P)KHR!xCB~Es6B{>i%WA(IZRck~(^$7(a4YUXLjL z^Oz6mi}(S|%M?2aZclti1*rtGz@v!wYCFtl+0-DZ>VV5gx?uUGXLj7urI|EM)7>)h zsu(nnHW2E=E1|&uV?8;A+>FhGlA5se=z$z#GWW?p|73Xb_bDYV;bpMXUq+7LZT)Yn ziq@78DMPkuG)K9sq5*c*7E70Gd2y7kTr}cl2504^C>2JGm6y^LLCseCzHK@?^X|vL zf7)gri6=@Qf#Zs8fq)!(WkBZn7yCTd|Ltb8{)L(bj&FV!%$dizP-h{Km6oxi|dK?%Q8uGcT=JBQjC!_S0Mz&85)Q zOZD4Jg~rm<2S?+ht6XFAd);T5opR>qV-JoIPhxu4^3(qFJ3V~IdPLf-*d_h(&vg>rt}W>-YsQ(vyG4>;mArYc&V^NPrt#JweonmKNn2t>M;c zBv~#t#@>AyyH}d;=tN;!JtEwMDXCG>0>>(wF1)0rO*w5-8IolHjso$! zhe282tY>kvr+%?DNKpI?0}|UsI4j#`eVwo`H)Gb_qE|$J@OI1vvT5&&h{~oX5ST{j z*id6jTStl&`DaytcI}*yyXU3(ZI30H+jMFPiKHHx`LHqfy6Z~Z+F$HP6PgX-g`ShZp$1djM`L>*8~_rh`iZ( zUcXPPXH)->!t@Z*cDbEf*!?{){ijG&bwv_rQU8iR@GLz0zk>hl|4FO;3uSr0dXgny!G5s)w$C zn4n;20dkIEUIa1cQfwWL6e%2>DL}54RhSD0h;zNiXP$$|$zk+kIX=EY}Dq`g@r!Jy`m(TJsg?3>R`hgQKf*iZCi+5>kk4v>}{LjT-L~)Xn^q zJ5C~)^jhy9gAURX9JqqND6MK0y0bx+ZoG2+R*t-YDJ^F(f)Hxr`dpsXi(W*`mHrU? zPr7se*BAbNV-`!c@!i{x^)^O#egBVqk_r)!C{xke#D>r`^kk9hjj|~D`1Ix7@#K2{ zC_2S@urm2vqrm8^qXkB?P@#ybJ8m2BS*|1Z2uS^f1x7%LN8GJGmeJSWKQ|9|gRbpR zZ-l-6IFF17gtddy$BduP9|4$ke!S<8+rZzS`kHg4JR3FZ_GTXLKKi6yhj=CD-Nyg+ zw42UZ*Td@vg^8f*YZ|L(l&`M-jB~R%FL{$aIZ0Zr`_rlP@5zrlx__(!Ry2RJh46sk zfFKsY8EPyUYKEKQr@3m>Qck*?Z985*&TfA_b$)#=XHRasz1hdB_u|#Q;w?;m@IUdN z_jZkagm)c0wA9(lM0gQLMgjWgMMZ~TwHHYg-b(Av?&`lrZ-$wP$UYwt2z!3$`Jp?b ze00^#(nzoz9KU!A^l!yTU^y#Pwmc-j<&gnh3yt70D+5geiNNxWSJWP(!d;A83kbGG zjMEOlrO^8*S;fNN1P0;#vcsH29>1*%Y@V|297=e#3n0oH+G}xv7^5JdX2+58n88V0 z{*@yB_jOs|x<87bU+gAuRzLx;LjX8Nf+gGpHC-Ya4(LaEgdXGv zt0>#1w4u^k7I&FQ@jNb7ME|jlDa-@~UjYW}G66+Y`+-p6y3&QUwHjVbMv7emQd@a4 zfX`LJp5SbBnpDePa4GEJP1o$BdD7*xu{uQoey)v?hDJ#Ds~NVZh$=Oabuz?=8hPJR zC=pF~R%6HnO2kjGfhs7~9Ie4c)I^B6g^FvJpcV>(t#C4`gc$EOgajvB231(OWecBy zwh+!KYoC(vE~X35B(2Mbfxo~dFAos>VdFOsQD+gX-rP^Swu5ea9mU}xirYN^VcgKK zVZ(%hn`W!gYPcF^`u`o8O!=Kw0vhsvA@f7x#FR*-{3Hx*fTIfA$UI7@UPDDpM=Snu z>8oxC9c1zy4U4W)bM~kkM(-vjBteHBX$mvmNf$`vrSP4b)c2PlYd0yIZh9w4^V&U4 znj+P;C^c$B=*FUk1JZPJ7#RSrn%4C27#&hbc*PvJMvr=4UB!r)gyAE|IS!@@#Jx&D znh8f00x=bzT$&&7Qv2=m-Pg8q8E)rv9du{+-do(v2Vy_wKiqSYZX z2$SrWtE6hR;!7bz!!hMGD0IQEq1;^1#!zvAa%}o%z{i*6!Z4-4pioOpNtqjoJd!c)Z_DBfl6yfEHnZDG*kK1)#som@F| zl2k*aB~)uxge(=`5cC!GKQA;GWL(u_Ax6U{CPqs$&?T}|EE}w>EU-@ZLq9)8tRRRC zw_pDpHj)(blyp}^5ukj$x@$HRfHcWa73$Ar;_r+;`FX#8&5Cwx9u<}$r*%+4Zy$X7 z5P0qRX@=zsmkV16V~O0HNBeDhVOT)%gcxRqnc}2bYLxzSAV~AnI5f-*|2}B8?o^pO zaU7qb{a6pH%}oT#sO!i3@fRL2M`XS-?uX0oew1OWDz`|&-W96!OYBfGw>?lk3c6kG z%B=E>5Yh_!^a2Dy`(-5Y-R}afm^k=`E`c7e5M{axdl6eSN7#0moJD1+TTRb-#Y|$1-Mwh zkHoArz-BK|<`}}B(IAJck#_?8JYWyAzG4pV`{F0z=FC_?(zELF6>o;5HHc+$bCKFJm*@&^o7CroSUf zz*#Z=+h79tH!0}1d&U35U=p7VK=YfeyIvPU*I8dNAm};~UAHQ+qqN_&66wnN#D+3v{t2Y2jRy_#H|Z0m_9!2_ogm}G~+hUpmMxt(JX z&C5Y#K#i+ZuVlboHZE|{Q&r6+cg#)=#rCMt5&MaoJ}}T-tzsLtZQGMwEfZO!|&bn^MkdB=-UTVXWCIhD820>M!Q9jC*hi39J8s{ zY^d_vz2XGgEU-=;673I@qy6;)Unq6|5Mu1W@`IEPMLwuSvYy%STFDSKx8+rB)7LH; z3m}px-mzUGBY16H>cp0D8^WhPN(`{*6l=%I8Ec>U^Kvzo0N!z5+YO^$8Qm7+C<{*z zkDd|IlO1ws^`6d^RdzJSK`Zr9*w&H^&54RQo(Zu?Z-`U$wm^^GYMC-%Oq>%<4h|BS zre>7~g_R6&eYH3!RwTZ_x;tVFm!=rVlV@ZJ?NyV+bNS4?hTkW{iej|7-e^XqYF*@0 zbkV{NuuWcq(~EmPPGCdj9*LiiiBWk~wpFWCu2{9SaKK1>txg!!X8?7ccB$_&6FC42 zkc*b}NhSYlo$J7(@zgsCtAPG~#N0|ZP>}en0ma9X6qyb+_3q~v-Z#3pr%2&QMzOU> z?NDQGJ9aplN z$nWoKr_`&Z#B=sDNspDBFz}*Dpq|Utaq~AG#vG%Jlt+qTV> zwv9?x+O}=mw#`ac+O}=o{P)@Wo_*W-+CKk{wjSakR*QI#|~klSxxio_nQ+RO|hYt z-qagQ?370VeS72$9MITZLjrP1S($1^KsvOonVYE(eYEt>>o|W)0*Pi*$T0|~!AL6I zfHW?`t+P4oPI(}oz``U)NJc~@J+z`~`(m`ibMeUHeR8wl2lr`Pdc%|E3Ud5i_|ENvDVvfA;Xr6p69+Xsqo{u(Cs}$l%X0xcclnA><*y&3Djt;U=^uVO z)i!enF3wH4KB~O$;U5kZT0aB!7D<% z)xQO%*Q!h?gg}DG`}g~5Okr#DO$)+g-#M-@^_<1uIj-kiJ>9T01aa{++|di#?nsn0 zcpY0U^s!uO@J^d>@Z#Tb6Pzx{@gm;)k;T#Ykb_5I#Qv#Z&@N&qM-3jQFL~5wQW|Pe z?DwMQcoRpW*+su~lQ?W?cyroY@V=w8SW{Txd$jgZUa+>Ne-X}!?c$4hinTsD-5c04 zVZHO}=OQ?z5_@uR5%|N9XTb6K6itB*^K&F#lQ>`ASEiweF!I128D1axVreDI?arxB z{sex9u-l&}SjOOCUktGuad+Y>2(_ikm+oKfC(od&DqHiA4o_? zeOor-C)tDp1zVPpqC}r-{a`ijA%O7VOVWE23+?Oc0@PYbWt(vO3kV)O%;1R^$m+n2 z+1h&lLpBfv<`d^0*jmL`-o;=hYgg$7>&I3p{tA{xfSiU&>#_IdSlBP{9CMAPC9Y#O zcHpg#Ay}a$tGVq~tnMxLG(8H0xr(3R=m1!xs2suK=V-H0Yh&(g^fSpCB`Ppzk=c@Y ztTkejs0iNe3zusEd4eVqbw<`{2-10{z4&jwiC+#oRc4fonv2p4Ffwez|ul&2zgV<>*2gdJR zy&)S5Yn`u7J*D&YfE2WXD!ghIJu`sK9qJd(m(%0g8}Y&muB*Xuv~2Lt67n2*)igb3){kK#b!@dPd%rbcYR#kFw^8$@Ds@@O^0i8A^qUg zqG?Q7-nDd#%r^SZ= ziM-|Ftd#JrW|_5-8rm*EVN>Z)R1n3^1n?? zCbT%OcDs0)U22jfz2+9Hzj(8Eg)PfeWPhA7gj)2&UL((|1KUBYdzjW+DU|1_XeCid zGX|cbV&86NszjRe&-4`~YBzu9NGP0uz|LLWKDJlD0y5q+&accF)_5?>;D9Cuz*Bqs z_|6iuXh2CzlG2Ib2}-Cua~Ygw#3Xd#k3`c)^$eu2a*16flxf1pQw8kF7hkB*o5WODGFNHm+Su*QTbvUrx1_E8HfGRaVH>{T zvbqz8fT`ljnl1L9Cy7jQ>BGOKyEVd0OV^H+#2c@aHx8yN{=nr_DAI04SwrBa+9kJd zUupEK;^6Q`q@~>qI*>|x>KH{BJ7`f!GG+g1sZaA;VTVCnPl;5fCvEk9Pv;j20F}Qk z^WhZ=DM18G?l&!dPd^A8N!U_)C|+ALp1#pC;O^-DodE|wt0M5`#Oi*;bzhJlq=uX# zyGTQa^-C1C^+@&WKw>5T+ChuyumIl)^uRA!`orq=>N1(eU03RHoAGSRbpYsFS3$lx zIXz!1x{Wd{U4e?Em-2%q?Kw!}#IRentGu2=VI+yl2i| zZQ&a%2rG z;TP9Lq`}>lgXBj0`2Ey#_(pe{FJ}4MA}ua%(rJYbvjZT{gwAhSJ2uwRIWH*QBDb70 zaW_U1W@xadjzEJ@K%w!K7$&`47G84|9t85Ybz7o*nzn}UMREjKL8J{0cmiFbe$+=? zFa!nSzkFb81;XZwAS9@)r2OYSIsFVk6alrui!C6=oG2s%N_5e3*ID6fC|imS7$D=c zPcB-2%C3Z!{%}Gs%EJ&0J+MIb+VLLvUUldKOKoKP)1N&mgOWRgF$@((Blx5y6fB{) zqHY<<_zfX1mZG-CpZWb{v+El3({g~JawT^jC&+)cj79zCR#da1o;*eh&sfM71SytX zLD?wJ=xkB-KFRFqoSFV;k9fe{;gA})Ub${GH?4w@7+nhDl_+7wB5_dWP|EvZQ@0;K zR*m`v5BBN;j*Jnq&u7@JSwOJv27$iQjeygPdb?1oLb+SP>Nnp7G(rI~61XKGH}nCG zojCjn;cGc-Ef;XOf8+;8l@dL@?Ynp(D3=8Xp;*P?3b7jNVxb4O#^eG4u)Uv+>i4TceMTGbMLUz5?Ap2j zCV|Hn!xT3-6~lzLI*qp8?nNb`8j$)S_s*?eW{bwO#C*%jlnt_QITW$+dExWv1@%^A zV;%j}@sTn8)q0ilb$fEC*YUwVvW5@ea)o^9<=*o(_c{G$v!(D=yXNEa?25nHcV-BT zr(JL?o76CLs20kqihk^ctJ?|n#%}O6vbScm-1DQSV<00Zn%yT<_4sM0qQ?38X)R7U z92%?{$L=Mq;1>d9xacVi%;=J^V39}<2rfjwer2nd0|Q?C4Knwbw!wQx?bmm%V8~uy zhXu=EYQ{AG=kuqz=+iMvUZSG(b)||ZT5TFxa*|lD8aXPfxFCg&8dz5NdtEgEopZdM zh)($)&{?g%z4A*ahUFAYNQ8MggCR5(iBu*w;2NE|f4)6m@&3KOI&{s-+&?pOdyB|{ zAv?!ySA^HrTlJ%Bu3z2o>-F*ZW)k>``&_Tb6YbFkfqx_92|;-H4B?CC8@K}*-8uZ6 za!}G6B_7zgxw{w{*r3#VxcYQ|-kA%riRKT&lSa*r^+qDl^=Tbi%T9hNTn3%NMZZi6 z+dByw)u<(GY{)f-`WI%0Cxq$$zcIVBTJ4YnE}A8SHu&*x{BFRWSHs(9K|iLP%utKt zs#IM75x;0PWse3%xXZ9}8dc$d4uCa_SAT{YUqP1L2S_f}9bl~Hx%9V<&@_&UpHM3t zRN}{R7wC(MxXe|OZ{99s3G3<>r|8EOvWogsNS!EOzEl_(cZE)Z3H7&Zf^a1eDQS7T zH~=~E1F(LfLBT1EnJF!}5{T0J`*t%KOiL7eiK491T}LMQ}>MQEuw(183Y1I%DYC zLNjD0esN!&+|-@nL{5qfTYEetn#_qvD7IZ=f$xu%p=R6O=c(dYuuwAcw_LJ7_1bsu z->G6Oe`~WF5@vHRF=64XcFldBZ{1Zq8MPY<+MU}AhaD;zK}!jji>9VS%fV68rb3=w z`GxY9YKX6GQ!MipvDfX##6C6|0dk#!R>* z%gIyG=NtEN`$m44z%c#c^Wgh}8EEEer5pPu^2r2W$fOi>y7FaSIKxlDB^%V=*;_Cv zvt6+8gM9>P_{55SfN1@HZX2E#z`N)-*C8_tGT_^ z8uChEpC||ZB3jZEzK5|^g3x2RBDc(>K=X+?0r7su@=QU-u#&bq6ggu3r%EIKLhaQo z+z;i6i8u*|IdLqFxnW1&f0B5_TNcLBDh%eDMHX7s95Fgbj{_sM*7AK;mzqJD1}<~< z66*xDZd}ixfo81Y9q7`CWuce7C5aD7balJ@BOVGb`7@i_mvAtj0$zOAr`)|Py^b{5X@BGz7=8uttD zKIjYl$earQA2xC3Z~Kk^Lm$fiElK-#H|YyCEt@%p{{WAS{7a8Ivc#8{2N996y)uf+ zq&nF&(}UTt&$k?KN(v|I%kKRJc8eY!GOxHtK4qoufEBt)(F70ry`fV(oa@koduUExsVA{-rLowPaYNbK9rsxv0a_-)t4OV~;M2@Ia>P zoPwG@Q2{Kh|FjURQbnCK*j?E^kP4*i3$&Db9wd8#qWJSy$&n$&Tc28EMH2D4&jhpl zw5+kL3p74H@aay=EddS9l=@>ZC^%5=7pp@=*F{vFi*JC7Y@NCO(&LYM?KS&leX*=IYYTOjyxqZ$emA}1$>FSYKFOZ#<<@hNy5+j4*2;t_%2TDuE5eyLA9qTss{0QwL-J+lWkc-iI!Gzw&_ zme024)`o)z2J>oEXkXLD3C%%8p=?HnOerdy}Og8Vr_eb+b#c2{77%PNQvoYq*B~cPv&*eSqwr? z{RAt#2p0OM#likh$SM=lznzh}pf2U`U#JD+H)?T1;3{oI&MdJe@q1%75~7$O%}BCP zf}-im>n9jRL?YGDf>AMfJb~}V$Kx8LZ-AR`fLwsyNPr7IB^+{MC;)6v15qNFC>@M3 zA(WH_LoUE(fZkv*q`iGkMIoesB6;BHdzF+iY1BD_s&PeLUyB3u4RsUS?FVvHSCo64 zuGqPj$`>yKazhEQyzzbTv|}J+zAf6eeZlO&^1t2wa0(;(TCO-!`=5`1h|~XUUzsct z=?nEUBUnTFz}L2b6N8ZHqe5Gl!XhhQ8(ChPq%5dX^+C-oW4_C8+=S^CCxn=D0W0;E z+AC67qT;2Coi(X{1>)WeM{{6^{s6OY$#bJ?(s{fr(8q27_#0Mi(Ur*>s;SHU`BQ@* zhe0~eeFjP~dV{#A*1jk;#|1qco;K$|~4Fd$5oFvzKU~YDfwFVJ8S|hFsR?z_aQN@^>^B;ci2Z zi1YMoT8hH2uA)$PuFRl_*r@r!*}C!Dv9S`|1|f$dAS^`w#B>SP`dpc(ZW(Q|zKJ5r z@x*cA2!u@#<=Jx0j$30n@(0F3+d;X3cRwdTY3Fc2#eO=L!b4jp7&Q8g26%UmN3awk zy1ga-#IXOuie~3S|0=K%z;ts)ZuzqGeGotoFeJ7if8zd*NQJTFigv$( z5h=>_SUoIoOBQWrX}75Gno+gVOJUN<*+|L-ijqy3Pc1U{th?`_Nj~vQ6cbJO$whgA zfK5F)3vsTYLbFPDGZXJ#q+@A|zRwODK8n5?6sMV3a^s5_N}d7(4VXgtP{sr3FrFqQ zo|Q0FuwmVlF}+q`BjG+q7N$$1QnWbys?TicQ4sz1_y{Q8!e%S*$3y3hWGF zyOdfyPK9*ntB|0-cvy<(Mmp1FX*y@mg4z7#_En$CEO1$J74EY6UJr!@?Ze}1jTc1R z7ypP(kPIjAxw^JN*e~_FT*X55(xSDwq*r~L5J^IB#RuqIHB#yy$|4KnKat!y*#G^W z;kzt;b6o$WScl3|kNXRHTycpKt<{j(U!jxH?sjqMPQj(a1xk znnv=Vf&B1EzhkFLvv6e&TTqxpdfB?8Piq9Rli}(Sm4aa21mqC>&_s7;X4IyP7{3^* zGGQpz3{JAnlItN>uZ>D77?7YkM80Z69H^9pC8eM*qz9bJ0h3Z(J4CF%dQfq}yfWe$9gWP9 zW3paYnP%Xey{arTEyQvaBzvUFZBAqjBs_~Tst0T1w1syOm6<5yVz^j{t2=$l0R2-T z(%e<$Ae0R=5?Z{QElP+Eqfc!YYSjg}0625p;w5eNSaw+8n&#7`EmP?U|^bSDkL}*}$&p{KT8->h2!;l}xoYH-^kF#C&J0PUfP?~aNKBe8yi*T}D zr_Wi!iQ{n;v4pv)Q*!pN$+lb!B_*^oZcE>N{$u@-eT>%?#z=#_XdNj@6lDNf_Zn%B zhS_dp^r9ql<9yvm5wA(4#to75C6P)hXKqilNl3G5a=p180(88Zc*gbWv?pPOepywb;Qjj{Z9OJISZ) z&9gw1-s$#0^19K1;M>Nj$qKlN=`pCGzAD6w(n6}BZHMYd)K?uykr|`RH>aYd%HBT6 ztZF3xj@!pVFKUZRHgcKTFj*`qn(|&pgnN?FJX&NCh3XzRIbhPuL>2jlrZYt3A>f$1FY^#)Bcb8^c2&x;gR3Cl(bd+bsoo8L>NA z5E7+uNXAs!SbAX}c1+0L3XjGo0A~{JZ2g+j*gFbT{Bv8mGir4jE$`Ur*F6yH@}Sln z=)9));AGVNo9PGeis1gA+GBoyn$J`^#^VQ-pSf!Xb29briz&}_568P4z%kWod)nLA zj`}>7wcwand`M7m-akfdj05O(ZKVntO_JM1LU5*u7c)@XbA zoFxnl)__W`98_Dso_;Pb*<=BeQw~LN{UIhHg+ZWxnx|@@#BpySQ>ZE&FH$uat^!=( z4oLo^MMFx;7zf4|QYc&`WX~7ML3+rrU>PtkgpjcRuIucA)Ha4pmxc<|+eTahJe%;U}GaCIr$M?^U zqm$>`*Q2MC&ew6DuQM#Y&d-sDooCuu?X6CqpHF}HUIuPL&RkmXFE_P&I(jnpY<#*u zZ!XSktbJtFfERXIvh)n{mRww4`G|sdm)O}`YMq^OP(Y{ugpudTQh4#oo{MsQem)-j?l<^4#KrUQ@VM)c7QJZMdC{>&R3g*9 zK#5hgADGktne|vhfi!g$;3C4MjKVq!kEGqSC;#vl&~DhK3NwE!4a;vMn9CJ0!2R?W zkVW#RPTxzP!pPfX&U`>+v=81*#9qNd-S7YK%1_qtpHgQtu7=V&{p|5`ec;vcpa1;; z487Z!$3R2a7Aj>i-Q;T9rQK@;;0zG{9TawsNv5tT*fb^Ie&FBU0d_#d*Ovs1F09-@ zoF<>7t96-j55s2$jUfVQ`ksjCS%|?>ZbhB8)B8z{ z?^a1c3fZ%+N&^+tom;9|>!>9kNRCbQ(rhRw2)whVoJe3R|X}N z9w2N(y(=l9vCO(EO4F4aibn})u%RkqfX=WjBYGPiSig;D5zbVf8?t@azKvTR9oPWy z@R88NS6Wk%d|zp7xhZLENt!O{Vrr|BwysE6JKb;QYO9j{uUm}<*~QAadf9O{+OE**3h%~yu*!7pskcOz2q{Rk0X z97HziI?_2wvAUT4FJFGDG7@nja z$x<8(I&==G``bh3)Vi>IpBD+h^l<_zBWw=Ts65yT)ioc0VIoYfPgp5_-h}0;)xRlB z0iJQ;q*nlzGH2bRB)V8xz9MvC@D|X2M0xym>EktOS!+ElZ~u@N7+5xPG(Q7wmWI(|k|aliUYqj?p95lTs4Oaso;#{2{PpX=hfenoGGHDIX<2E&->`hrMEGRqIN&+hKtb2RGOu zq$DY}VQ!C$)4~uJrPP&jjK-<*`SiWK+Cuh7DNx}Lpx_WcCyO3Sa(l^1CK&CuSxJ80 zKqXBCiN`uBdxI0KS|wVn%n_S~{+R~s9+7cDq^<$zc92fMUH8|y!=+62N{(^KQL6zK zx=Xp*gXEg^gBb%#IV5ClY%jN7vta#Za+>Cr0(84b^SV_}qYDDqh0!im*mx^VGRP2? z2h8z|$49ILDc4YYc;XOgm4V=GTkn+Wqk;W_&SdG!XcW3`J~@c99utjn{Agjd7YoTg zRJZs?+%|Oo(0s74GW?(DCI{=k@4j=9DrJ))farVmiAMb(AA35zAFO(XLuux-cEvj}C6;tqJ%6WEMd%9eBPd2=bqq1wfE^cYlw8 z8TIssK??(8M0;l_#9F3)rbvkYG}19H;x-<0k-g)Q$*+~HPec0;N#0Bm!*@uuj{403 zPuK&bhgX#nZu08pzZ5%{8^;#5d|2-|^0nW-=BS_xAm7ntFh~=i_#frs zGI7_Q&vG-9+iSio-QN~G;QnbNlV&mbAb6F~H67o`>^IIyeRdsVNOSc-Q~tT%-h3k= zaffg>I_v2lEZuuME2}5X-F7`VOM#{Tt8%5-$W&ZY_Xjq(ux#Cyt9@|+OQ1er1j157 zAp`~HEg~1Y!|(%WCw>qsV}fcb`BE*Cf8MO#uv({uqTUeyd~t|q%E3auy>fP2KUu|&6s<=$F4^MEZO+drg3LIyvK*TTV&55_d43FLe1=f z+Yt7mT+W>EOiYROGt!zfCtPAa3X1D#RU@E6BJb15BI%M4ca@kqg-D zwut&M>2T6^1R3q`oHF;763>d_k3=n_m#MT5GvW2?>w%Pf7$a1k6pFx|e`($h8XM7? zejfG*u$Ob0Xo@)uSfMze>60ywPaN6&eG1aW1N#tLyZt=2pKJY{@8h^$Q`&u6ZZn`QvwFgz4**0z!M3M*Q@HkrJjQ-9VO@7J)RhrumYdKc?bv2na9 zjp!nOpY5rrT7dkaL+DdHUb^$+cf^4WwA$+Wd-Wy(z3}4M z;idn}{J~(@-k@`^b>7G zt~*ib%?dHy-OL6~%E|}i&tEF@kf4VROFa7`Zi9K@%~2n)xEWEJ|FlZk{=or{;~RVZ zcV`fjs-y99|4MQH_NXii6T7|K9n|d&BF)4YEBYfj9AtzoW$@ymX+dho^y3F&IR{Cy zW|gikf79TfbcS22M_a}YPppx`!e8jWjO&QpL~aXnB`_02Wi}z{2Poj?Ta}G!2HX;V z_5~Q2VN*)axlp)P_J@M!2*Zc}<}XDWnr@bYs<3F<<`BY>a(>cqDs;!_g;N`hItKrjw%3>dvl1 z+*`7fA0BxhWgay~dg*MMtAJ)w!b->JK|h54#x*Pr!1WStJHEE0Zm7VLZmLQ_GN~wY zvQ9`{)zeU|@Kt7x42r1gs<`$EdG0%*c z!A|-pwwE;DR-q+BT;`E5%%Fn7HL(;2G%P^^v2SbUzK0k6@Wx^1Fthq0MVvmx{eaYQ zUj+v-TKR-%t6AI~jp%m|BURyV#;vVydyU^8X$X8ZF@S>Xf0R1cuXJ4(Uj=jrlw7eS z*J@CfGH2+bN&8^Y)DMNLEn~WC#+1|RyuIPpFZR~_(-Rl#XLos_*;-Mo^KG5xZ|)bH z=>(@vmsjEtpY)T@AK4w!(0I$;WwcIJByg8I{v#-=F|+kRMi$w}wF8$kISTmX# z6SWF#Wbt2Bpo=}Dnf9^RX4bM>K_nswozYt_spEs#OX%U?W?CsmU_0lcNUYd!I}8l^ zWsP@-MD)9qim6ozpe&T~wOLKeEK#GE7*>5zQmb9SA$;M&*_@z@UuPmYn-$||nwd$h zIYyO{JVt1$edrhUD8-(;z}BmJ)Ev*Of4oNhozn7vk>M}j*s#c3;?M|!28czH(vlU| z`=e_#Mikx3lRS1GDp71d2KN5#RiF`t;7H~M^>I6ya7&-%+3DtauXIe`tkE);SI6Dh zCMV^ny+jW(Cn-S~VewPGdbfVxp=Jo9IO^`?X({nV1Bb=afi*V9I@fK+&X5s_ob-@8Aw0aoW(I60qVZJ2I8&VSUQt_WwF2_Gi4>{QX zb3XEKptl7Ei za2E#Q=xWQESA8~OD>#(4YtHcI31<<3KN2}kqzzEq4`eLhJ`!Uj@I6%R7d;T<*Y?a~ zdsT2^qQb8_idz~5vJ9DwXl7i*eSU~#*$LAix{S*Rx8zd233JbHH;%Q^JX^@6rJyQ4-NGidf zH1$fL4ef|NE+wI}*r8{cZuHk`tf*RB;XKRU(0KSHNG5<0{ql75#QtJF6E^)_9_cMd zYS(5Ctx(qKbBwKt@lc-ssxFENK^&fksso{6H~=rSH5g=X->xVD$5=z{d!C=!60*xy z;}K{J76fYpXYcp4JI!v<(;bih^HJm^Tyftt%q!4rr}uD(ZezZ_xhm4!RQ6CThp+uq z?Z9EfTjtj%(7X z4VR*z5S1Bv2PvE^?ve;t=Mj>|Y|G0Z!B`fo;0jQTBLQCwSw6v8+n9-uxow8?dj}ut zn(Q4{9jyu|K)f4L?T9%ghxkq|IK6-=#NT7XobejRfENKEXvO*7N>p;WDxRx5oH? zMCJY)caQVm=W7pX%tULqzKv$*)-=}25 z2riZ1&j|S`Uk9`HgGG7R5krJ^TNT3?!EqhA3=Vp_bMUsXw-^kkFZ7a8m4i`X!mo+p z>~BR_5$7SIOr?=--Jl6-d_cygutnJ0rmmb~aF=HMb*&m@m|0}6W??gi0%@3CWGQP{ zhGBHMggbPhx)3eXJx*f`oG)m z7X>hYj6z@j4UK1+8-Ul`N*7LU)?&FcI!mF*-^tfX1-BYw z+PxB)r$T}OjBJ4?`RdzC#MhM2ymFGEKZKcW+mct+dZ+F;z*b|Y4*uDSW}MnLBN|C| z)RTidb9_}D=})j$(1ERY`JP(pZr@)%_hI#S;Nw_J9Hxt3EI#icwNo&kpyznj+AdZI=59X2Rl1Ahh~qP z&ykFqkE<)XPlx8W$J^7Ay9zaMJ3Za2&-S;q%MLY`?#zpBejkqnUBXx}JOdvV*ycN<8NMhdHyi6#M>BE0a8MzwOI}!-ME-;}e~n;B);mxNxck#VCB^ zu424}ehMkp{OSFqq0z(bb6m#Vi+wn!=jG{T<&v9#v!}H!TG%o-RKC00)92yw-Q7ny z%Jhrl>trLthTcbl_!Umc%{1`tj$I7{_XzX~P5iKRc(7m)il?A|8CJ1aKxv!u&o|WQ z2*U=R)89xlXP=dP)~H=_z(u=c-X=Tlq*?7TUK5iZLk$lVu^S-8=E_`4DD+YIZ=SGP@3EDP@2!1g4ar-^#CU+?~8XAdRzGcN|D99_pIx04w5)1wW?+JUb-rkD)b{U!5K)CkbAqZDJ7IFHdr;&+cv=unaN>RN6B&d^d0{g( zH!v}Hz+)s0aNEeAV_^$DtE?*uzIm=Kwf^R$Ei0c(%5>JkVKmWsBUp=7qBZ*Cu>9Sk z-$PiWb+i+a)`S&R>ifx2YBc^LOdG1Gt%EjC15ao(;jr)rzeW8Ml7fb8h3|ywb4$U8 zR{ISxz(o>*h7e^JT65kbr(OoUUAtmF&!<-I_oi0%pPZ)fkqw*}9lu|X+WwS;_hZ8& zJopf4@~xRDpUCA3Hrz1nHJk{BVh4PP>cNk?^DUe-dL3NUZUD0@9{`v3rv;6Z>c9dv zT!l|o)MtK&f2~aGYq>1L=hG>6at%A9g`LgD#&dJ?xwGrW&13KGaro#WYI+Sjr-hx5 z_O0=J&ORe~t#Q5hfQ`1ryiI0&Qq~sNI2r<`6VW`H-C_}%(zW85`8(;{k2&txHxQgL zuQ6OCM%OXTIWzGXsnqlY=PI`Tb+{s7@r;pDaA5{Ppw(VgW55nsi0YTHj}L)Jolz4X z2w{r=86h=Cv?SCR53~@6E&=o^m@uvH)$U3d9xy;KE!6!M2#lw#h5m|YRsM(LJ-F41 zysLWN`st!h0M4DgGzRHM4M5#8da2S9AY02GE(`69;86g_i!(}m9>r9Sgy%7bBx(^p zEw^Wzw5K~er1hzVV+W~(ZkHK|plq55^-HGncqZJx%vw(jmpQ{=Ox6=Na4(8%s)Lk( z+)i2OBZBLAyVM^d_B3THb=B@xig(?ag0K+VXJ#!ryMQDUu$!B=YYB*!lvu(!Fj-$2 zM$<7+2H`6ANbJzM!Wo;fvlZ5*|D;B2v@Cz^@QpmoZyF-Ijo$4dyZz$A6T|(7eV&!+ zA4c_z42=JIw*J2d`%S8EIb?7kdOzvqi65h?^axxpFPk5wx3$eb@UA;@;ek`rp+rK* zuJ8BsB!SftM(+(e9q9@HRu?XxE-Xl)G>QEAVx~+A5OO%gp=F8C^Hx~ne@Gx1#o4lG zWcq^Kbov{n%_O`CsIv z?|k7WpNa0sDbs>AByc6Dd~0(*(l`p8sO~QUGvE)s?_~3^nI7jwm@tZ9m+0=O?r6Xn zL?3D;d8+98L^MUY{w;X|E$nI=Nq@)dmNN5_Vsp~KNPm*Zv{wP>jFF56( z!3NbS>?g*?x2nhZ>>|~(Nun$*OQ#pC`GTc<>m|%e#=jq-WJw%56VP(M(G!!Zon{>K z5MnE}GShRafDJl}sFKx1Dw($pnc$0$Qml1tBv9_-&JU9o+BHhf*3ETK+Et}Gc=+HS zeeHuWrDT!Fn(wg`QB)! zRi2^^!sd%UV|q|OdkW9CpTCl+=!;S@-dtVrP<~*}#K+65qFSg?cB_|wj5M%)tYs?) zKg2u940ILb7|K9ciSWKWs$ndp2FtbdJBJFr8W`-LA^{ZP{tZVmy1B_bhg-<7+wSYn zAdrJ>(=VsJ?e7zjoIJ82bm#qZTAC4;FUU0Z-QUSk&cC9sj(S{Vj~YU9*zd!;iYoL$ z{Jqo=3)`Iloxl8vQP#v=%FRTsGGDDw=tqZur|t2-Z?q(>plpQ!bVrL6l8;9sAPa^l zBVSvYxx%~4-iIQAC|so&KG^y&T>(8FIT>pf-u%3_C`v8DCeItSu8Q{1oF zJy;u`!4)$X6*XdeBeC9(&imGUdL3ie6A#6pt$@1@QB@j``o6TZyQM*r34Yr`tm4UQ zaUlwzi-0fU^LJ{3ZziNuyrh8;ada5_XPM-daU=APCt>1#Z^W=c>+iBsy)SC>P|Cv$o zf3G4J8am%q1l8-QW*f9gS3h87;VyB@!xxf zS+1R&iYoH)a%SXTYsQ(Rj1~$-FR?aH8HYYUQhOsb6i&xj^=Rfqz7DI&x#qr^kii6! zh}b^q-Pl=j;x5D>pZYPbgh6?nFm}g75i=oj%Tl=?Ss_Rfg-kJuD&Zz?4_>B)fdDgS7{1e0z5&Dy!K=OjfohDr)Q|zSvwpA(m z0+P!QLWe4~<4YGpW-ik%t#8_@Q&4dfs7Ts@6o!sjnXkhl!(qp9p%P3#c(*3}M;d5T z*bToT^}`t`!2c+qhO%i%Z-O-}r8JDbc>LTHJ@~u`I0^Fd&z2U=u^&?aYctHaQJh3x zDD}Dojai?dSUOv%a6aW#Kyw%hj#^Q~^#>Ee5Y6u<`cl=T&CtqXugHXR$1n;wyGCjd z*qAQ~^Hj$SbTbFUNA=~i&@6bQB_k`S$K%ZSopIN}9&DrvbT84pofT$*P3;qS)|Bkj zOWtwNsyJf}gNp)PQU;D2LB}+p65R=8BZb<}lD{D=P1kF+i#7*XuPJXTBFyB_>V|F+ zbuTXPCPK!LeJXM{UyV#827O_Jr#l*u;XYzFQOFhg3kb4YOM2*_MSybRYA5XcG!$cr+Gg93yeU4}eP|Ns=&ZuSTHgCw&WgtcLih&&41pJw`5#LpwfJ-t`d*dd{Xv z6<~P_T0HegIp84ajTL8L>Foe7uYB^;;|Bw`XQnSGx0Z){=20E>BmP(tqW;tPsrt^* zA7I&3f;L_-Da616y_0Rzv<~_oxAwNPu-bjA1 zWqrWZIMJK^Q*HY8x%l4#hW`o4VE^w1``>-he_a3f+BNk5RUs~vkTAf$`F$JgkFO$R z{P4Ezlwr^?>398+;gh43KGVeeco<&9ZB$$0ZoM%(qfq83c~PFFD51hlUi3^^X7@fX zLSvv#w8X$;hbbmgi7qC!&J&p(Xj!f*iEIOjk=S@IvSFb}eFFumPjf0e8aPmEtg;(N zLJlXKkTFz{jkCAIjv-FvjS{_pprR!cwTt9%I<^yVq^zY*8y6YE*sM8N82`up8A+@L zSsiMCJ%$~?P=;&+1e8Ekn?QQVw%MDQG=iPlu;L1u;2aB5Vf2cO;tTtP zErLc2A_FFb8Pb<>QK-qBu0eK-G-=TG%r6)r76rK=)lws2qA1dpX@?O9KprvFc+3x6 zL8V@Z_KSem0heM01 z@SuK7RY3|rFNY6eW0WeuWoMxfgya|%l)`_;#sxQu5cN&>AwrT)@(%YBwP?n+rLxjQ z{Ym|v^Lqi;H}z5Ww;cMRmTkUb6i`*x!Ke=}zSZ(P5cz>)E{-n?06t|4LrkaPN3Lek zOqOcPd;lZ(Uym*m{Ev#!lP({hM>%@9-LI!hxR&F6L)`@_=YT0M@q_ba@3-hmOoz26 z>TK-h-s*y;WNhc9ZX;UG^4abJ3A$zTw`jw*`=HU>YGWa?3oar(<|j098tJ1TH050! zY>Op@NCzDaOoP!=YNUvRQnHR{ZBnBQdJcF?>si$Z?J-sc0)rAivOxI!P7yWz4fH4*`EFQSDVA+AkN=9Y5rr;db~I4N;i(ZfR&Zfp?=l^QHJ_6A=vGxb4tr8jaNCkZ!`bG7|Z%rd^c zo%|B;Buk~Ln={C(vg1&I$+OrgN z^>C6loGhpR@dTG50oIJ*KB6IrZ`UXu`NmY63kfXD9Rzs4s9N6lJ1$9;zA60){O*t> z)+diWege!n>@pZKi@{*#`5X?(vD$&if2hPP1)}Z!b)zdx=scXNGMS|q@`Ye!NFq-S z#{qmrB#jF9)A)@u$23goDbu3!CDAw^^ZrVLbV_S3j);=&yP*lc`X;fMj1ABUXLQWA z6e_|9kL}&or&4>zA!b^|f;ACV>?xapR@*39q=}~Ud^Qg-I?_@p7nzepvl!NsDe=;-5NBS0Z;o$$+XFoYowQNnO z0K&4gN4*vb53?4kej-XGI_=Y{A#NecGV|F7Z5VYx{rY|BH8cWGC&&R>2@j^Jxyrv5 zf_?ZA4Sp~P1s-htkS0+&F5r%|dTA`zpWNV&a9uP0rTr3b->6(8aNp@4V%=mv?GWTl zRk%K8Pa2~sWBEBH8;RT`o>QFP(hB+NXuy7w;f9P2cR%gw1>JXy;m1WK>H>-pf@RNI zaa5P-R9xej=C~xwR$n2hB$77*3(2W4iNQ!=)yLO^9ikLMdFX~M zMklngpIuS|+y&|t>w^wR5_6BMkU~UGhykzoctM^iqE$I}D`i~6Spb}ZC*1&hUB1~3 zDQrEg$VGM&wKmh&0eG#R0-=HRSbXa5R{@xd)zO(f>8)yi%V)-G|Jzt zZekVfK?f|ENG8}Vw~1W}hRu^aPi_yDm%$EVs4c*|0hNMDTEGs-Vx@{pu~&O#xas|0 zcRF4Z8{fbEM|aOzqyj-ai*3sWMvVr){d<$ulDOOzUpLE&Yt(nC;73jP3|^T*D1!)F zSYSI7qNA8c4cK5FhO5|HOzHjS5bmmYj3%)C5aN{aIjo~%yZnNVxZtZmB^>}~d~U?G z?+bh^#p0i;2ROb9wf}q4|1YW*>%ZT!eW@<#_?=qpK2|$1XBClHGJJz_!q!jq|E*Q> z#~yFaV{e7R1?J_6mtN9{$3i&0H#m~s%KiKaBQlpqWcF}p)BNTrfEjIH9Rek~yMRgH zyZk8@8%K7w>1hlxsN~3qozcn{D=7Y{x%@AkYmJ?&L^S2nuW zD&`7)a1??$AOsjvw}0L;Ica`mOIxD5E^-*KkZ;4H9HN*Z8Tve%g*%TlGWl}+uBNhN z36hLHC_Ry{DEf1~=5L2L!^*>=Ddn@7u}3CsCv)idwUrQp$Ig z5)CwCu|^cw`ost=zgIXbY%n|Y;6Y16xHo^|!KSEpt1H(`x1?_#@m1uUx$0d&joLA< z9)(h5P=`rmxtT7;dlB3BaB}%GMxFeqd+Ux%y^UcMTN}6QOfjE&l0PnkfJwcRU%iWw zT%dHFxzD4D-A4}->08~FAk&HWB*@!%h*%>v{219{2twrh({t1GVGtT_Xutx9k~4H( zx(;b%`$IYe=8r-24l4+(oC6I>pKp%q>vT<$r+TW*?rEHVg&ww}5c$*%yy}tD2P#uG zzz1K1&__kG_4Zcy*Lfg!PQS*G>@oEB$kv-fF{}qTe8Rf^vTRx?#!xoWtN3sg+@{HF z3ZhFK8Y)jJS+o1XrtIe8J*OF#G|oRP_BsAZ&gA@#BmKLJ`KkYAWtz`?d-A30V=fg^ z^X?VWaR-cLNLUE)D4zu>zq)Cq5#*q3a*GGZn|0qVzopDBVsn2eZp3bxfCSd*_+d?! za0=J3B4|@>(xgJb9G>ja3HLh&GjjUbl5z!iM4HsV%(-*?Og)8OlI`AtNK{ZPa&YvJ zr40?I_tuf)-B_1iTEB6VJ?MV~meaJs^eFp;1^NgBsFdJxQNQsT4JLNq1^akMj7WXj zB`0bvR^cdV{S5;AfrP-f+EB#;{`wScoAlJ>|KiLp5-(vSp~$p41YK8XF?U^$uH?vS znMG0+gM}>Z(--;%u(Q;PDNLdOp-!teXt<8ZO&hbUh_b7Gqqy@=;~oWKj+(@29-)}O zF`0vMQ^%5_oUUe5HLBxV%&EZLT5!^B-Ln{QXhnM{!gCKlgxgUo;k6&{-_??f$* zY{AYDo3>G~6dy?{GAxc;+*8x*PXq96w;nJ6GO;Z$3CdbUW&P=%eGCn27z&K=E8)3e z&8C3UaDm0JM5x=;@@O>k<0{AcEccd@F5b;ORg#$lYE<1dW|FCEQ+F$ES>9Aw{m8t%x>`B;M7`?56KeDBL2338`bA-c?^%?@C ze`*MCUiF5;%YeYDTu^;(Oz=btM1%?oKO@CN*)PxgCtNcnGwpyG(X4jQUk{TeTs?7m z(jKc@6{^@yn@m6-WxE>>L1*g^J@BH728DVm1{=3;QqeE<&_cpWL_CANyRui7#*s1c zZ*|h1c+7!+bn>?Q^Q|CI!u>pR4n-SOq(j{d-+y(*wffQ{qCLJUvZbMlt>$Tn%%qYO zDqrYs=mEaHcnJEZp~3n;L395(C33L+X9?uLVa1tJ{ofc_bF;9x_s6>6{zP5P(P$QI zQPlv-7#r)*=I?<~BO{8#Ju7LNDk)a;ub6TuotSD+y!7$@Bv%&{$nQD2MbNz^C- zJ*q`0S^eN8d?o&_oE;8)Q<;#VfwWO}K?oN8C?uTIm-wVy7kbEIfpp~j5Z`a@_tA!b zZveLOOwF0b`#i-y0JHPVl=OJ-P3|8k2GdlqC}f?sm~&pFs=;`?UI9#`=B&~g@nwVo z-*)CVz36$%5=?t@$=fK3wG>~{&h$Zqz%pijcz`T?q$9aBaCn%uOd@<^sF2Vf=G}Cm z>g2fcu)GRkA<~wr^|ne!lPq<=Nt?#@Y{cw}(6&xBCHZ9nGuxKU$&~doS@-bm zOiUoo-t#U$9s&8jW9TUmLi(v*og>RhV%4Vb;%1XI2-S7DLjYP9R~`2p3YES ze+Y5KDxR>3_5cO&__qfBy2>yc-=5mnmVMh7@7_{Q5Fdxm zn^?_v(gj$ij$iRqU<@@r5f|R-L41cBUZ`%rg_tzbS)ML**@V+hQ_#D^4bNovnH*=% zqGLpUmMa3yF!MdXUa@fT%4O_hS7{bZ>Xz-BjsLU8|lB|zTVqn{?q^ZpDo<~ z{!(vK-R55a)z56b-B>2}Y&~G#i=}F%5=otO?{XTEULD0TY4?oRZ+_}5S&)qddXZ)k zRq8-@$MNl^eMoLjSZ?H8$?3^H=5&1jxDi467BL3YWUEj&RILJ@EUMGKmvfqv6W^bg zdb^QH#LPd7G}8N}GAXdMfIkeRa+gY}sq|{xEqjqPviITm@=nDCLhHES&-{(9EZvyt zl7bOra9^nWQ8Rr_{hVj2>{we{Xej}oaHu01fu3{?N3u?!YV39bZ^C$tZ{h+G(j>2~ zsVCaujlMVlTgawTDFFJ3euov`3|Sy9CfI!A;-XinzAo{bjvN?M{@0=i)fFHyPD*A$e^0As*%x}?kc(z64GlA4U#_fmj~Y;_*6sK(R6?qNWlc= z4I{`*`Y9|fE6X$MJw(5CTaeC{=><6iZ<~QYfD4cq$Ndwv#}?Y@ud9-N5r|D8>*4^* zx-y*nOc&I7(M*+aj`XkQMI$M1C@l*Jbx8|MdCKa<=~%~(Sc{H__%7|X2tbKx|1k&I zRfJ6x?3sA^g-L*4WrfrB`dJAV^B#Yt*~ODXZ%V*wmPH^o_0Y{0u!XDKYp<}#ihKxL$3=Vfl+T^}NF0C_*;zw|9eKBpqx)&$J|Xz_3c zfylS^Q5Pa+fO7=TFPPX4tv3RwQ3(l@L1Q4Yo zm+85wO%P$}LxjTxhlm#Ibv;e9T){*DbbBTi;*mVa(Kk0j-fVNynw_wW%v(!!0sOmsV|K)2)QA2Ah~4 zU1(V+bDa?7XsY}4jISf!)I>0ke3yvXo8aH$-L-TY;@Ak#y!+ zlYp1A5|gDdu_OeOYz4FSRpRISoCC_-LF6AHK!pRasQpbA=Cq0Da3|jcw%%2zAgv=< z>aR5ZSq@Gz)VhIET*+rvARskGPM6Toc5u!{ILD@t#76>Yxg?(0D}qp|p}!Qut_e@4 z4y6Q}*#>AvYfZdB0k8Ihp@y^_7s$z7)>n{Yl0^~biWj0eP=Xi23PA?{{TJr9V7WJj z*HAwLyM%h+8yyy&19Cv&(KXYOqCE&{J{&Dv%fe52K)RtwFFdZpa-*9_R0iMG@=*h8)33(4N`wF(aM=(_O&8?=yJ@ z$;t2dcnAcGYR)R!;G}Q5^!+_Re8vR8a z3cuyDDbAV;msx5KM_TZTrYw9S$}$6fftdJE_+em$C)!wk`tFeV=_KOaIqfz8*P<6# zKw0r-J9b~X4z{Oq+XFI`;9j2a># z!Q#G{V%>YaVcyA@frcU#Mr&WaVZOOtI!}ar^Ec+8FR<1JTKro#VQby z(Pz7IDc0ZE(fwoXskEk1^Q+ap%iHn6;m!lI{bTbfV_Ub&t?`3L8=xHPYW0o>+tu2C zvZ?Ai#K_3ll6q;FqKGd)Q|j3lq7XX!C?qYMOMHW548}1I{~O zc>Ej7kNc^b<&T#RwG`j)+cvB9*i^UIoxZ$gJhYsTU@j15=A`H^QBg1@tB}Z{SsRE1 zffas*NrWt=c>CsrJS?x9tphDTU$75%t?Bw8Qy>0qyZ$5Thh*qixj|%shx%@V0zGjW z2PXv>34kYNn2W8UqbF(Sk1CYpAt%T9$m|iEx0D$=ipxw!UBI9FAkk>tLkHp*bL8ci z3cEINZERMLf4AQOR^*4@ug^&I(hN13YLVEf3;Jn>FosRFt4gw~jUyPInK=tMypa(i2kiE zqdSZlQ<{w#m%GAGPCa^li2>sn3GIA@m)H;|#O`6WgH28xqo^sytR<9R0!K)f)y1$S zEEr6HJAXlz$Qmcq1cIz7yb!+e1|K8g_H{ZJSOnj-;nzT=F#A#wdV0< zS(p5zyy%LqNSoiQqbeogZ2pdcE=|Gcgz=yt1(GdGMdIXOiyBcr_tt45%IKXgM^zm0 zGc_4~QL55LjCladsc0fX(tbf^mb6yWx*zKnj7b>4xnRb^Oqvpb;?Qr&c0$!akqMIJ zSjp}y#q;Qrz`mX7?Z7kq*Oq6PZ8-+LI`lGiyY=Fgh(@@Uc!4;o*h0R~!js&RYNYP6 zV0v%Cu-c2zdC6~&iy1vFIREktQ};0UzZabaZWkB4%G@3<1XLJg%JbNw zV1q%L)e&coLX6iQouZ1a)RDpD0iQifSKBtphG@+fQDWKZ($`fi&m z-FOKQ(G8@y=_dI3JovaM96UHF8ht$CsorQ^zJ|;gqbwE0ny3mi6BX&tS`F2{p&^1H zOr}fB4KZnp(+bx4?a@o`N;P8fpXaJ<^n`qEv_(Ic(#_d>*97+1O+~$Ai1U=sPOp82 zNEfVR!$0@)%8w(0QEHZc>YnDcDmR9KhI6__+*!jwlk*IC11@P2>}Sf%H-9#~wI1Us zw7z-|lKpnHBaw}#oS>&PPcJ+1wqwbKlPiwP3`V7m|F{-^lnrl0)3_?4##U&>;FTxg zf~CZ6V}Bzr5gW3n4!LVuEW-1g=aGx9YQ!bWC4bFHk|F;7%0Z0gue)%}J&h~!95^a% zsY<)=c0h><(D5F9?b(0aCw`|h{txMtnT6{=7u5gnd3fr-JFO%%&Aa*1M(!25Gki?u0de=$e63~hgg5CfcOvbb$`^t{{E(wYt~@&Fkmw3I@k`8 zA#}}Z+E$J>kmw=tA1$#o@U8s9XRI~pN_JiZRAWNFr3~ba{wbWQK%ulP+E;v=HXu@0 zhSb=4f20VbR$-qCvLD*2V{7Cb@^eFCyHa;9DCqbB8<^U zYmUHQh`e!OvGn8y$~h@aJa{o7=SDn!5-m1kG79^W3>l(O$4+11tpnyR(`^_cB_?H6 zw-)DR+g&IpTx3KAY>J|Co5h740w4$bv5_I7wbC#otNdqG3G9^pk&x$5#r@;P;9nQ1 z92z6A7Ov(oDAmM~PRbk=eB`iv$3HaBn9^6h0vKo#t4Bk>x}oMKPYXFv!>%E#KDH^> zd4F)+fjtQ1D|!Rvfe3zOun4lPqC50!EL@YYD#L}1XfQJEUl-N3MnUUeGF!}jtnDr& z3+RR_dM*=9v2pFhRW#w2Pw6sn~prizVV zxtJvUl1|&L?zEnweo^#cMhV_!y{m{jY~K6ldb;fK~ zJ5LpFF%b@(v>0%w{bvQdvu+#?Na)DJB{XD+E+`Q6*t7O2Eo6Vm+;@&Z&$5V z^ZE*fCPaeQ8;?ML0+smGXF*i z4yC_QB9%UK|TZ7Y(6%KGURfSomi`4HfPErMl8=(6Ytl zCSrKY#~Zp=WDM6#h~p*9h)g~5iA|o`r1l(-g1R?;vRvkh-$b2e_~SJEf5vY)bh4RaM#c{iL&=cfp(md#UO zV|g35xlcWbdaA;Fsw&IVB6#I-B0a)IE2)HiA_Y3>cX`r7#W|`FxHUIJ`R4ul2?rjU`}Iz!k6k^Rx>+Nx*jyv0 zc^@HNAXp^0q6;VmkC16XXbSY$3;I|!ICSVef1&KF+4}q`9PDd%txRS)H)5IeH)JW) z4Sy`-yd^FKnf?v%Zya5A4hTzqfA7&9^CF6zzHt*%J##C?+do?rfud=Vv)Aj22ltV% zA^(*Mf-j}AQbTW>DI=f@a)g*Qb)uFyPwTampc~0oZ}}$Bn8zl6vxGA|agV;y9Qnb{ z7lk_#!;QQ-pdr=#N;cX95XR-r^w4HW2UFr**7&ZbqO#}7hiesdB_*pS2G z70YCbgMq57r~qZTeepZ6K#1iB6N(FzDCxb?Tk#q#13t_u><;%9EQcxNJLAuWz4U8= zYu$YyD|EP5d5Q?LDT~4{kovp8fAY$4{8J>3nU(q9_R4LlODANA{fl&9CsMxXrpsjK zR9}bM;Sg4kv9CmoC7FnfL~wr5<2nQCGFZPQ-l$TBr<{Ij`+Dm<;{^JMK=8Q5=(9$* z)oC;tsfaf}yMFNl$6iF^0-AuBfb~~`d(KC!G|qGV>R7R5iWLpXmyHgld%Bam3Qm8M zw$jBm9W)e%3O%l{&-QUzC(F5feVioi)W3XkT0W~@>hJX$?_ESYh>u~ERH;W2`nyFX zL&uCO6Mmn417Sn)PqNZkyaZx5dTzc9pX&O!uwr0ByJcT5NIh(QUenrZ8) z^|TYcb@649+|<>JcTE*N;02(!w{965sRi4yIz4vNgcKWke+`03pWK{sy6x?lg9PjK zgWNxxI52LDX)0=IU$M*lEfVf!{m%F=Hi#g3Hys6Rkp;JKsxfA@Rwm0h+5w|O;KJ?s z`as2r+s#wI4fK|VE}PGI?nbeRh!-Ur#i1Y{ck+z~(FnS%>zUUcY_H8ws zP3sZ@zlw^?Wj5k~Gie*7#;yB#4mhPDis@nC2aDpm+1GhIy=gBC;@F+@xzmgxZrO+6 z>cW6-z=i~OfCz_{Q0VAxY90JSHv@YI?4w#?I|CO$XCr~|!mo1m{;b^gMx!^&>0k#$ zW2o|QJr@hA7$_&$0Vy|(CbeU|ImZ_!t6iFbjQscUgfzcr);qm12C-pC2RMhtq*>rUr zk_|+HCg5-D6qTSjgg2L#v@UPV-|a#nxmO7O|^`s zhM^cb(*=)n4(m}^WT-9o6kbp>)LcBf*|u#cl>Y1o4k2Xrx+LU{Q+@QpDtT>ecrQ?K zD)5qt(8YP#74rg;AkOv%k>Ca4uE0!}!mATJs9TRh4YIf(pza&dH(7m*#siVDE_FA{ zlaK=Cio{Cg4b?VNcMcLe%OF>nJ%s>DN_R051@SInZo&MV<5N56pkT&Y4>~7!I0)f6 zZJy=85{$oWT4td~*|eMj+y*|DtW^liF(sEirb_}!Ggs2%IZDg@|Be-w;|%C<3CY#4 zlNSM`7Ls*VC7qo={$R%l`$gTvJ-?b({GBXUeX!s%668KY)3PD;T^ub0SSX%_A!IE` zrrzcD`yOiNsD-d4sV6C!*wSfPPCPQ-)kP3Nngz2|o%Wa}GsYjL<~lefBbHY~Jf6iaC02IR^WZ()Nw(`C z7bcFm9FLhH>q28?gGK5y^UQ?QAp#@(ePcVyg>oY+A`sfmko{*EjVMlJy5z861{ z8A)zPReOx&c<(z zG@>(=T4sxzSg;MFLS`J~^MHF}E(@kZ+`Qde#3jND`hxW%$oyTbHx7dEaWqCaZp!az z9|2Vtik}~-))tr1x9C;!vwP*2&ru)*-CDK3TGdvRbFZ;_&>|{C8gsE~;yN>%{+2WK1eE(8P>Y@Z+Ig<#M6y{O^(qIxwdoX)lz; zvTu)(wWfpxPLpIw7nl)l&Ykx$4l0`{7=A3ma6uPiR31|3#-X`aAP6RScCYT}EI=@2 zNp1asUPIPch0b~eKB!4ASp!GhS@XbSPhyRs&ejG7w;?|7~I@1fba*E)v@)V5Opfb=DbhCcGDyU!WmGiuE6I2~?`D-p-w3Z9rac0?eXs39h zar+)bW6P9_PesZ(m)^U&W|;8yxoDnp8xf_^c~v_OQFx(>ba2h2*k+20I~J46=xl!E zz4^|d!Q}Cr`T{xXuqJ1kX=&;ctxE|I60EDj4L(hZyG>Y~L(Hz@%tf}ecc84T(Cv>7lxLJX(zMo(bJN!WpS z4l31?gd6(GXF3@y2$b$bjdOFT#&W={?uHpcgKctW!wUA2=!whRh!W(zK`2w(nJj__ z(=Lrbh~NvIEUe=Xiqq@2H_LhIz`tB3L{3%8rDDu#xOv`YNOV{D;^eP)sppLlCt`kFOb=&4%NyioZB&dxaoKt4MFMY|5=IE}Wpq-Bl&M%RbR0fl9S% zhtY9?B~~TFzeVG~b+upHwd|sqK6ay9zNDT&qS7fxG~|g>72J+ca>rX()1oMWZOTJ#mrN0^ zeSU^eNR)HK=MO0g{MG(f-e!R>gu`F1R_+&iAShnT+^<27{hUEc6#2SKrs2xFgkMa8 zt~y>{?w*Z0tg7{sSIe4;c9ZTaEqkj<$22yf;dPi~>mZ+jE!6HL(e{T%ELWjo%e^Xf zm4CFmnHl+4suEVRRlCkhf?X(!uHCsRT;aMQYdN|Nu{xPVZd{6{LhW-|4ne_{2zkz|27N!8yj5>onKmj>fXiEB0Xv;magYDq0xIY*SX0G)}iDhrh%korz)!i*AITv)pbh{YuU)_B35 zT|s38Tg;;BIddnG#b;ugA+0jC-L>!;DYTTw&@M;QR}I9`1rZL3gK*Vv;)0Kg&mk{Y z#V_GNxJ=7i!TFM=Mk+;V6*5@7a_G>JUCQBcdZ=F70Hak$gZ*IPV<<6o5_YNFFD|V0JxL_n;3{cWDykNRB#Ivd+%;Baw7<>qVqOWjroMzlsNUO_Z^qZ{4PA{@iJ60H)xQ0Wn25F<^xq?2$!W^0K5#Y z`y?%fq9cD4k#+e8JYB(LRu_2El}UwQQ=8DUf+Hh6c@PMkeqYtW`TC9)v4yQkt7e@c zy}@O8tQiy#hJ&xB(Cw~)hF|)g>d<^+3~12%0Mr0!`YaEtmmq}} znBk(hJkmsOrs2@AIs`>TJ7Fs2`rU-xwXQmUUpr>MCksK(v%4R_PiuEC+Hz^YGlIh$6KWD*XmARMGr^C11ZyL zre61x*9H6is^y3EozL6u-ow#{3d42JN4xvoOh~1GgY;pZCBlBDZY$rTX|Dr$Q z^h^uZCEY#Fv6n~qIyMU&z8H20d;wykd^2K)CjZyXvB}rx#QI&2+Ii@DBxgpX9CerW zSL3Jq$4S&H=F=YgJLljxI*DAIu`x40g+!D9%RBV0Q3h_{`!b7uE8=U;WcxO$M(CV59x>!}AQHbK8KAi^F}5wepYr@QzwZ_w zD$XrzTFxz+YHCV2qzV@e8nYDtFqvZ&JTEDFol|u?qit)-DOhrmmXSusYEA@r+j?O( zJ*LB~Ib;+Iojyb3Q)aBBQ#vvI-KXMI?hdBYjMdzen6*okm%%}yP~AsMNHE{SlJzT;F&ygZL zQw&9R?z*g+oEl{=YQvu_a5T<1WVD;CD}RxD6?zkh;4J7-5RxbFN3N<j4&2%XbR zXrust3DqfBEgQh->nnMz+O&O+1-q!`SK3;uu6cp0<@cv!Yph1q6#_mmG(MDgVAdef zV1?<7X^q;J2}bne9cBQnuY{+qe?`$?n)$`#0S*1&dVkyCg5jqN{@{YixMX`dKJs?E z4=bN*g(HgSaMg62@e#`*ne5_26@selu%h{2pHr~(D61?TP-f>U#|Q|+kw9W3$?Q&D z?rYp64(WIDD#pEY8&Ry%u@vnpE!`nb zx;p9iS*ESn3go8og86@t7|9<+nNlnr*6M)wJo!jHsaiB#J zq8ll!Uof^Tr%3B|*G7Z4%z(-8Cs_aDyCyEfHP2j;d;`(kdh8PQ$X|*Ut&*>B%~;Hc z&D25;_gZe@;F*B`vG;crrZdhBxrHOm+2rf6wLke%wb}W&a+9cWn?p9fL^5YNNz;uH zKV|KU2M#K-J-$lwvvG#iy=+*|gg8O29GaAYbfay{OV@j)@=6u%A`hbh1XJ0QEZ09N zxuU|#(xmotH9tr^&zWB#Dfu|`hOyFDO;1(XC@%;YOiDY4v}vXigG26Hf6f!Dib5F& z1%K|6i3B5p(h?M5jV919B2~2nCP2Yadx(vmJU|eDvGlcSA(^ho?kI5ovt;sTM56S7 zZ~ZE5E;o%8#WDf0e(r1-+2vY)a!+SXe)0?W`|W)=DV(wA-Q1IyG93x<8vD=Hd)Nq5 zn5A^rDG(I<%PL={I?J2cIL4j4Zq+Z5k0?8K>4f|h3Tlcq&ZhcxHEM{k%s&aoP~8=Q zRWdE>?a_a@6TTD$zfo6V<`+V_`j)U3p_h#iUjXeD#I7}LdVPyFz6E@7ep5}C)sCbDJ-ZG$E@k?oR1gJtBCBj&U+CIVlub`%2tvF=Oc4uUOYR_d zEp#moK=bq=V8(MuCg22KU9)PIN0EUz$b9ggKnfI`?%c5BcS8frZfJ}^G}=h~(cJ3j zQ7i9pP>gKW#>81*8;z#EeOo2diYdY$vNMWwyy#_mgQI}mnyA_YS5J*1l<5ZV#T-u1 zB?AF-B+HUkDT4$j{9JQetxl8NyRbZ9YLkZns|dv~4)o!Z$jI%xb0!ay5r(|iXjG~L zviqQFZH{^`DxFn!=cF;0)}-2j-u35QXRRogd}Y4Q&Kb7~Tqu3{zvK6)Je}=lF7x(I zN`%o5(;GioR-amSc8q#pCtMK%9hJ*}vX6B9lq_RmJ-Nb{%L6?h-QB|@r&K4SYC)V` zaB^7O7uqWGZ5avCGPP_L9gDSuE8gwJ)h<}T;Z{So&12-g_!V0&a-<*Z#!kM3z;7J3c!RUxFr7bSmVm=Fq& zdDLc57zl9u z2*GNvskXpSvY1GxhRE{1>z0~Zu5c`oUCF>cV@x`gT{gRw>Xc7r&{M$0@t>mUzu{ioR9F0$%j;hZYf|NCE70a$d#h!O3wE@Qg~j+I^7@0>^4?gaCJqQ=E=%UDGnY!E4s6 zbGNFxzOs?BYoDC1oX#{^AGvR$3Y7RFu!>B)G5gDFRy^A4HmcYM6U>;Z zEDb-ao#!xwPEF~{Ui38&S8Zq}Ro#BohebXxE<;u^?IZDI6b;9gGpMOF^fg69ZxC8% zYQ>XHJ7&!*>gbdG`o)PE?RqxvW?kOH+-K*sQh^CBVTZ?3e`&Y8i0pK?uH%M`MlHN1NoCi;y35yA3 zV-R%JaFF_oFs4Qw6Ud>?=g1Giv;$l)$S;YGm%k$hKU!lSs^+4>wPMibb*U@{^EXqw zNmDfX*Y~Q)vz{b<*Ah86KC==jKINrAWr_{O_+-Z%tfV@qUoxpL=L|ND%D^9^Ur4%7 zs6DKy`q>5RZ~AOmks_r;-%NW&eFi>#XMB+hL91P0r!eGI*}6GVv`}od&)QaL&Q&&| z8 z@bYw=5IDPtQC{W6Nc>2DU1JvXJ>~QkWNK0F8R#S2Fd0wZvQ%pW=5+3WLgdwcxBtWz znYM3Z88J;dj|Pe{f^Vv2l^IK1i7)f!eY;2C-y<19Y#lK?1TGr9It7vV0@?lj$LgP+ z41oW+&HqndGl2EqxBPFa>-$_oN35ONFRo7FzBJI~oo9`tHeMMjc7Gzy{dfMse}OC)Oq4k!;Tz9J=kaT>NmG}={gLwN%pEv6UY%;6-$ElA1y zKfynWjPu{9c>~XH*9?4u;n}=nhP$7;a$kDFi_`N;`Ti zv|7njtE4Tp*KHe(c%c6YdqXbaBmKG zhCidFwI5hiteoxZix{XdEzs5EJKRd(EED#sl&52y>^=q&=QfK&!3Q>wYusDCd&F?g z9mtp+Ntg_*<#7>FJ|g^w<{$`kAF|$_uon>4AN_NNt2%bGt6{I2UABd*2NBkL5U-SP z`xY&wl7coBoUH~4t}&_rRe*JcYyV8a2{YyFsD?*xM}pg9$y%(68zAM`!W9*_@t=5T z<6k@K3bveIe?OX^O=`mi>^Js6lmVkX?dP~hNH9Nt{rUxW;ORwgfCnoCX(VZ^w}MDgT+Y z5lW%&F?XfYL5T)VjC?{Uc;+CyY$a%6gkUF!SF36t3t=b&aqW3m(;>`9>%7V00l&o3 z5qZS90P)Hjg2@{Jln?;!XFCNVng3;(T_;3dTYuSQPd5V0{3vgt3b2h$lkGc)SAv8f zg>qY0A@M4IgrQUXKMhHi|0%Wq-;_51`+r+KIsXd~^zSHd-{pb-vU=8xlHSBgUab7f z>S@#D2ZoaG4W#N#WfDYFj^Egkv~$fhEfaDz?;zZ^epvLd;klQ&BIo6>OxF?@fL)|e z|CJ+LBoH)`Muj%OuYvu`0VXj*SX2MX2#`o)o0xlm)z4T24+l^092K0oqHmADmC?_c zn^xZz+(HKar`NNX!tDrPI#SnL&xb)KRs9Lq8PN!@=#P2oSgTc}1+Mzw{H#7?=r@2@ zt}Zon@GX^U7@+G#^*T23VO;&JvSlx!P>0Awd0Hd|kcDpuxuGGc<9#zQdeNIM@~BV% zl7xBwj*c_>y)yV}pqQ5cFvXw!ciT7N zGgTwX^oa{bme|S9);CH@R(zo(9o`xtW^LTGeNbn}^$^lO&e5?C35WqyUSUXE4$jhw zq(eWgBe){UwV*1=2JrM%3h&)-RXxaMMhtM z>1eXOZ3HXb`QoT7F5YXUWRFO15K%5kqXHdnC$V7am2*JPMgL~8_7}=6^A38H%E@o# zaeM!@=7Ti!)7fFJauXaiv494g)rs>d{L(G?*1GPvcmYMR=Bb@d)7^|x!jcbm5hK~C zx)KkWJnS`c>TbnQl;c~zk1*$XcYAxfN_L2_*;abu&J`nDkriz}9aXDFy88qxn%!^o z8@y4bkxQaJK6F-mz6N5|K_e23h8rR|YxMZHdA*)>i8R8)cEM^B!>Abdl_GSTA_WSG z4P&>#vM(8{2Ld4tJVWkNqF_#ir&ng^(O!2kEh`j?_Ze#ptnY3Sl47TLx6)!8K4E`a z_jGOac(r#R92>k{CN$J~H@|&wXPWvxj{M^3bi19fZSaPp=!iV0<)`9~oOP9m zoY-94H9wu{Uj2AK8!Gs?-rW#P|G{{VhuYOTXiiuOxpRz(>FLJ9k5@WfLRcy;9FjKx zu=d_=6xcZej!)2;-bJiqeIbp zG~yB+depb6vxK;~Be*XycpLg$LH2~ihs4lYh0aLIX=MT?J`g-s0eAji++*~|bmthtp zf(jUEm2R3!{kOs{`TZwEFwtz%CLg)_?#%9t6MG}f z+|b!S-^?gvErt*R(z=Y`D1tzCxyOt*@1s)f0;fgtjH5r&Y4QFjFQMO{)Xcw{dvZX zUEI5M3pn&sKstd*op1-L1soYbdtyU2Adu15gsk5xvcXaK2C`+Ch2dOb)YgwWbE%uu za~34EiBt+a)3VkR89MF)r(!7*RMF*v34u}9FN_wbN}N2h&khcs9-Qv741RUo<#$&b z>&t1y0koE6FP$N9C%|HYE3w$am*n zTn-gUCqxo~(Ut~Z|FW(1K(rW5jGkVs8tU9SH!fy_{S!S=$~1GGu5)HG4Wlnypz3M( z6u8Dd%S)r-1E(%~(fbt3!}(dlE5RlNlAr{Y39@(|XvrloNz;;=l+_Mr`ls86zam9# z4CzI`tEvbSg+6GDw>#dQCTEe!q>m+)G#V6`in>L?qhTFPe~)K@1>2pn^*|W$>T0hwgKZ6Qwiwz*pTDDDgl${I6R=H?|36m~r%k z24dyerd)X?s=Zt9|CHuo&NH6-G6#$ts7ka4Ra*RQcLsg#K3}3o8uU$^L=~v|kRD-) zvlm$bQ<$7hrL+TYAx&4WeddUR*6+)I$x`cD7q|y=%K{?lKw_K_;D}&leRCZV;{Ya$ zk)-fjU`#`uBi`sem+7Qdp{fjr%P&XH3Rf|kI_YC2Af`0aC+kYd@$&_-d6%&KhshSe z{15A2W~Tqjy8pi?(?xaJgzpBwt~WKipapeOU=aHavWx|ar1H)1U#p4I5bhx?dcdn? zFHh@2{lHN_vZJ!9@S;r0imrS%KQtkg|tgM=$uxX{3!9{?yN+{tDhV^gKpFnjDu}@Ob^;kR6OB*bbMu z5j!CSYXftiULFcv&52xX!3O?WE81vD7z}9K^Ljj_ZAMA`(lHdY-PF zY49~&Y4t}2K4*3Sm6wDZEH~KI|9h1>07iNdytXUbl`m}voLRaR@V)fyGG z=MQUskV&-lGonH{C5ne&{>WbleUGYWb+h?H9C}R#fy|63KjJJHa1MJ8+>1))4KJTp z7?P-(?-(HUi#EnBX&>AcS%o~4>1eyiH$Nh&LlCj4&ku0AU3l$^P=#?K8uoc$7~HOq z2W8B+BLMq0=1qr`3aW~5$mit(qRhxvHWd(}JdM#N+y35APFS%u+Ork%LXfcm20ve* z%?ygCVZ7a5>1Hj56RL2=V~l2B4Ss{17h;uqhTu@e5LyNR&7Dk2yA#lFl-{N`ZO++%HG$KVDABPKX5o%{XWbem2Cnxo@pu3EV1jUF~iL*o*v474K0 z5IWtM?7HXlkZv{E^5Z^YEZd_mj1PnOsG>r)Tc)O9wLdi|b|9nw>zO zqrDbv_Tlo?Zvm`OoeOe62XY(3?6_er+Y8wO-#aP3z$WF$k6;=Omd?&q^usB8g5Wk5 z$;dZ7WR$k}iR6|=_Rqu;13!><$m=BHft;?B+_3nHdI?P4r*JFNpj3W1U2^dcX5>&} z7SRO(Ct0FD&dU}*n&52WO0e}z4E1}T@gajfwd@{gW5zHsx+9_Nn=XUE$CZY2)A(=7 zyO`4q5!3LA%m|+2KZ+++j>}l)pii7X@{Rr%W$zfAS-Y(Z$F^-d9ou#~PCD$^wrx8d z+qP}nw(Xp(b=FsVSABiXe$V_h=bxwQshZ=u#~kB=rIY;H`n|59)#l^-M>5`V*D1rX zc2M!Y)nMi)cyfc*;@`04uloT8j(?oJccCT~{jYrE?;uYKK=Yvd%^{LC5DAU?jc0iR z2pElAgPz)a@%h%5C)_w<&Bsw_YgW+JT=dj5#G{7^e`d!{_IXz>_lA@Xm%TSx$=MLG zN&Sm!5`uNPKkVY-F|U(E&b%%7+<2|EzeXA_+c~0`M97pBRFiC|d1N=-qkDo4 zH-;DEwjM?3tj}L%lN23hI~jU0Z#t&JpX##E>Z+K)9_52M7{M0+Lru?rx2+US&5!tg zZszpMAsbtFu5t(@bX%WzWPI@E9Yd4CXk`b8b$)W{%R)zh_qS12HK>R}J{X)`H~tEg zQvSWk?a(wxPVay!?^Mggil4AcKb%MGI-hz6FdwLr@wzD9aWRlif#Erzh-7{y>u7b5 zkjn&Wzs_aMDB&4knnMVXx6`r!UqY}*=*V^9i-d*r+`wG1Ge~Ec$d?`JyErQ8#_RaR z2`X$F>biw>9LjQY+MOkWo4d~xr#o(KsA7gK5Ghe6*1oh8De)t}2+o>r$-uawYW{-h z-pLi<9s?Vuc1OqPiyz!Owk?qvPWA|4I5#v275o||Zn%_#9E(NIjsxd7qA?S&Sbr&_ z)ZGtDd^<0Vf=JKJvN7n!#5fKKtwxVJl_C%!ZL%A^W7Q-!`lt&Z5o&M}lh_m^3R;(( zF&Odv1I#Bde|dQczNzXW_qbIXuB59+Mnt(-f7qTyLE4OIc*0Cmq2fHPb(AqtiN{0L z;iuxTv%jrh%OyP}^GH0{wY6BMKUqO1{A=rsi~&GpaiL&zM@6@+!UDu^V2DvO-6!0~ z(|DIU0uo>R2s@?VXT3~qd;?hA7@)_kUWCFC`>-dyo}OpO4ZieTTv=@Pl27{lF@ocg z4)7eq7Y7_KG|5#$w}^*4SjXEC`6~LRX=#E8Y7`G^XS5e4coc9Nv7b*61wV|#|9G)_ z-x121bIGNd%i1^}W=DQN3y5Et4VB*24q7xT4>Mh9R-jz>4LUuc|zjHaK9Z9Ua&cUF>`P4 zV7|Fz&Z0H|i2LHE-sc5$peG^JVVVBCaMEd(iw*;-xea>@R7Cg%IF@CB^@1Y4ons+i z4!nrmr4af(_Yqy_ZIrXOCoYO)hV0%QwI>FDL}llU+~yRpEXLkqbBGPaK81K>)+0P9 zF50_&uMsT`=Rz-PHJe0kDsLq5X)Osa+arA%H7(}fz=@gt|4-;+WMKKn;p+oxBX(=w zjn5gi3&~G3AOwJ9gF$t(ILQT)8Cr=F0;D+gT~?CBh%ep^5R=&Y^BIz`BYiznhbQ-A zP-aIbILA$zPc_=iuEX_E37lu&x>e4cs{kS*qQgllN8Yw8Zk^WFmE%IQjskqq%kb98 zI$=k3<+Q-$)w`0n2?K%@)ds8a+jOC%Q);HqV*3gWOR|XP2%D?3(~I2&vzw=X$yD?P z>j?;9|KzKAd`kX7S={1GxMsKOd{PV~_Ji=UKbqU^^V7gcV7Sgi;@hUcWhnBEbPvbJ z2O6iy;b!*HIVDjA5NHJ>YUNn=&2w-_;PeR=23Fp%toYdh8WYz_J3B*&I?qG$M_ubG zJyOg0&8h-!Ba-gowqs%Qa3#gar<;0G{P#}#(tzlb%_?L9u_JG!yeh?ZRS1xQQRi}c z>`dRbJ51oJ;mG{Bw>}Q4cH~nd{9Qeo{Qh=_vUo9 zAz8wx_!JQ8hz3;ZcuvBtgapfHI$G?pWA3d-9#Y1ooc2^`C1H0a zw^Jl?HHI)%D;p!nkESjZeuJTH19VH@EpECEDyc4ciHXrV+b-<99`Js={S?G*tvOS-0oC-HJ_z9OI{0WQxp0UA{eO0sc zMRw1{Mh<{{1&6$)vDwYz4T&N!VLwJ_0Zt~T1XIA*p)N96U00ysto21DYZvQ+L+Yu6 zTU`>3d!yNXOpDerw`DLuO|aGZt#@jLDNCExgfUm}|Uoe&ZiXa+4UQt&YU0zOVqW$PC`FZrv zHaE-)E9HdP1DWGkzGMzUOlZRkcoRzZ`pVWCc~@r6>kp$YTQ!uNcm?5&Gi+sd4FBgV z;JY1s1Z&KY<&H|I{Eo>70^P^AF`octauUI6E~&Sw;I2<*|4yP^f`Q)968NU+$=FYT zyKF?mzk$u)RB>#~|9s1Ep(^ujDE6!7HeM=P7fo|Ntvf9A<$u&vQZA5EWX60y>LJ(8+pI2n9K z|F^SHrZ&h`VNa9KzqSks3=p(7f=CIp{$=KVcGWrrel04;Vm#)d0ZP|h{8|2TfTq<5 z(ttoc(spc`ib_4*nKyPY4dIfIWZXACQ__v%fPy$~A#@Y0a5SWU3P1qy$~8*Qry52k zXni6inr$7_#6TgNQXd9amQKksSEy*&0$Ezv;4B>5#r80Ld?VNgzWMbtG}h9vhI9Tk zd69?*9;85CfpNU!(`vz?3m@I)AY%^Nzdsn{Z0Pr*-Y~Lz8)KrL0QsEX5XmW;|S8-LC{7AnGgD1YoMEMnzBTEPL6 z)k)xYZltQ9yg1YwMI~d|g*&iL4}5kdvKulIljPPWw~3n7z!l>%7A6D@2z7?y5CjOk z#YD5iHfwed);H64VEh0q*vdH;{{UF^uE00@c;1A6lN16j?xKFw(iJcz=KAFqHf!fZ zvJrdTl8}*^%@f-t=SmT*Bw*)O+(Zy?SBvWAvo-&iqby)cbZ{a-FU`@U6QzxY6c-{k zy8CJE131zV|1oga48o{dWM1v`o}zfMDtUp=x28WR>vnt&{tOzW@($$Y*AIIRMz}Y$uYt}MM-GE93@HL@@>&M0?IZ$fe!^!QZ>gd6(LglyuiZi z637b0yT?!SiBsB_a8+cmbfnN|RcbSl0Y3`cb)4O{}oD8Kyl`sayyTPzb-8}CoUn72v14qYq zd!qra2!q9gUhufgNBKw@=??c+%J|8e!@|7qvV`{beA3XKZr(1ZR#uPG>dwr&c~>`cs=~<(6Q^(u zMDZ)ipVbJXmB7P=`#0`p=o4^NgKlK z%cl&mK^Le;fIQ;Ywap6FIRvI!pPNhsFCfXfibb+H2;Jl~@+lYI1j^y3bAcwoVZTQU z0YBU|$SyNGv}b}{(7{ndJ0(O$tVlAmRshy6Zgjo-oyt$>sXAX~XCZHs+kJYU{;a zbknQu!}Q7O>+|&Ca$_g*?8$4n!}aa-+7vm=j-g^;41xM z?qeZ+Lpe*qt>we(ZR&yzeV#reU@5ywUK&GLJr9uk04YBCc%6ufdcE^f!2_>x>q6%o z7->7)+2q;D`z2a@c$%IEtBl|#r(uI%Z*qou1qY?nk%vM|@!C&JNr5OF6cqh{5{)(s zY}QOO7KsWG7~j@rRKWph$Q6Py64ob#gbZ9oqkJ)`R`@h6L0pN36&R`r3x)EKAr*QS5x<5Aq1*vjC8cX_A;bd3_{Uzl40@ zUMzS-{D%2JtT9s&$pqi*%ou(Qc4Lb|@yRj&sAOeMC+!|dZhr`@FrTL;<;Qa`N|x98Ghih1^ z64vtX^(QP9Vb|^6Q?Q!P?iE;UhGw$uZgon1xuRAnURS1S^90CE({09Q^IFbRNCZRa zxFlm!$SF{cE#^X7AVeRT=0%1gHpn-V4aHRM#gV;+tCGIJq?+d6q?(rdk}tWV>g;d_ z*(u^{O2^a|49ib{s5oMlwH{+G+T3U zNg9xo&}0(0!i~7H3z!lq_Ty1NEy}2`PGMKM@)ys9a6-v~fUY0PmydxeL~0kjp8Vu9 zHC^VO+qoY}irP=P!lxEbML}x9;UgotWKUI>Rwu`)!w*V^6hn|-m5!cf_=!9-T4S4T zqr~@_Vf)+v{rgXwB6*UxoI|+fOOIj0P^xc?9xQul-7$rGA7o@QdbkAUSd5Sm*4_if}) zC~Tg!4nSnq9t-O?n z>343gW|>lvTIYA(EPQ~b0NY;~X@IqKq|>%D{)A{BS$v;>UAmy7N!0*HLlAIp!JQtZ z7Asw4)5f$G;%bA1o&+}mhN;50fTUl*UZ7c*e>v#cIsOvT%f|N4eb^4ZJLGSMUdMOT zXaApEaR^9Ti+Hkl2hO>|&H_v@{|tr!ei*A&?=93ggY)G|+_pa>_dtU9Z;w0|l?VdP zA=%JJAJZHh#xNr6NS*wBj8L8^U`XJILVYkB&G_KF&I=Cth009V@A9ozr>+0?jF@%E zDDjnB#|MT&4lh;tIp@hZ#`LgQU!|NACz=W$<{7rK?c{Rcfx!t62dWB@3&z<^2&uqn z`|ZItn*H^iqD>Tv*QSn)0s(mi@H}x@-luLa%Xoj8B?-m(E);KK4|c&HM?; z0`}ZfOUvR zGqV{tx{YPDw5sY&>9{s-9@&N+e$>g^KY4mASKIgiX1$ZHO@ntrptr@_DPtxrWR9GM z66qGuH9o!*QYZj*ejNtzP^K~If z#yW!mA?WHI3g33Y@f{E>%5+XxQck8tWG1Y7lTHH-BE{?dEs8N6s9>g1zu*uAZ>{}q z{Cc$T7&`ZO&=s8veMvAoL^w_g#TpTwr&lBZh@M27M7~|%=~8UmQ+45+ritCYD{!o> zqMTU}Iyu@4R*7;r{}F~sGd?D{!0It)g#EDCxmBV?8d(c0%1#W#*WWZ5yzFX+u`h%u z1PE>#4Z_TS($nIdZ329wDI6LicweFE$e#(blbSa*Ngn)2lfb~A9U!HrA{Ato@=WW( zCT6LGNvZ^b_AFW83Ix$A2o9I0 z2L8UzQ_s7?&&aQ8X!_5TkdTY)Wc}* z^E_}^55KiGO9hQ3tPEV$FK?hE*HwOxn9-i}l!Bm_x-IY8+M-$7#9hw2{$V4&8I1r3 zF>)#r?R1ZdA}IoIg;#}gy>;bv=XB3t7_^*>v++}%4R0kmckH#fSB?K3#wUv|@#}S% zlYzpLII8y-j(mb7pwM6Z^=13ZOqHGC|KVl(Zzi!!k>4hvy4VYk88@W*VD-Z~64lpODAU+O}lu zG!&1NaP4I$sdt8_>+DJ`f(W2Dr!dZX2ypo>I;a9x@%R>wV+ZkF^!l`xDdW1O*}QRiI{0)v9c zd?RE?4#acYdGNaYX^R7wZxV!ju}EiNAVds|?CvCpoB_(p7i?p(E7t$Zh0vBQT=7*itW5{v^HbsEf{h&&I)ab3_l%S*l%5^aNlzv8C<)=u-%}dH1Qx>e`yN z?WPzgdaaYrg?3Db1mdN#(HM>QR}>U|E|DbB(tX3Dd+|$AON`J~2kik8MN2&mba-xw zyNwr>&zr6U?V*;Wm1*;Ra3zBC#A(JA`_fGk(+ISD^sZ0-*j6-|~7 z-6bPMJ!>QorRa*GIHBc!G}y4ZVI$iOp%Nx`4`iP-0q=VKfk}}u1aLKiK zG!rv!dh?hWBty-WI=dBH6$l>ak8VSteMgT)K2JYbwASSnf4Y%FY-K}Q+Ig0;a=t;! zKnfZ_BpHWy1)7pY5L)IHQ2sTRxFagYuL*=|k=BWOnEXeltIjt9jCHJ85caR*F`+1# z_cQFT#5=bKEvrG_$gMzy;$GLAI-4V6`g_I#C&8KVrEe21TlnPi2Zyz_;8?e;!Be=< zzHuIlMJ$+&K^1^Uy?gp|$cI38*$e4&=$CgCh+`2E6c{RDVA8?ZPr#Jnb(g=D-rxKQ z*ctzM|J3l^Kdt^}!e|^;`&wI04EvIDAH%#eJMtT2hyoTFVm^iSqUvh2ma-5I*f+zX zs$j$OEwdge<_cuk^|}QgCks*lhJ`U&;w$!ASdk89=10yf#4LVX+qG1`vdJBIy4;aM z@EOVZq|u&25?bC#INQBNKjAwjBMy7!q{ZdLQTWWX*X zC)!7kmmgyWM@XtvAl?FLeFGRX_ahDfm5i`!Q~{Z24d5G0!$&B|e1 zJc{p=X|q1ZNdZ$HVHMbG5`SJd$;i-a3}6BIsCQJ00GDp2;r3_v7SmZFZq|UEAqtaH zn>6dQ&fQu`p+iccsFJjn7+9}WzLJZdqY?t#9MOZdz3N-<0&eejRG!`0#lSotQ@$j7 z7>MHjrkA^WD@A6Z*Xps{1jVWteROO<^(zbImweXsVxl%RQ<5Y@nv%%nibY1QGwN$G zw%LwZxvApW%z}#vzNW3a!LM!KvMGf*Cvlj9DQ>Ac^0yofQ|KFQ5GlPx_T{#bZLZi@ zW8km5Vm)EbX*Hp>WRyn5+T9k6-=sub8SwHSBKrZ+p&e-7QCsj@;0yJ5KUuURn@PB6^AnyV)GQ$xvnZY2*N8@NvZK#tB3BWMs2*i*FS&ArrKDAR&bc zRF0wL1SKtc=eh|4gz;|#>=5D<$V8aHT|mL6k<`dttah&;)&+rHLkv2gq1`jPQg)Ou zHwwFun?&hbt;}0mH^c(S(KlGYWk4mfMJ0PtwpZ9zAhZd746c!=DGb^iAst)LLrThk zCV~CJ>e&RDQv$raji~eQM_;frBk{QfmbbhGPTRiU0B&ON;g#2EV~}TBZI+~HAMe-P zBGGW9bj37kaTfcdmR6ww5erqt4p{{cJ|5zD@d3(Oh?MZx`uoe#$MJ2}^iKzo9cnVx z*lgeHMAd606JN6*eLL5C$7-_M^TkS<$waU)3#;{Dzcmv#SU;ZrY$O6z2}5p_Plq?} z#@!jQNB1=e-=z!Od0jiPy4*#rkce-(F}+#%vGj=8gicuK@xpmil*5cYR2{sYv|y|t z1RIwv+$5%^@Sj3qnPuaGz#LxcUEd(51wMK+KxE{;wBbGIW<;;jO-yVT0b2F)6FlJcxK)a} z|1kHgS#tHH&=ur|lj%0zyLl+bFlFGAqqiFRj_*2F&6jyQ{Nr2|k&UTdgmF76YUM_) zea0=1u;=O1f1@@n4B0-t)V(Ik&b}u?AnZII0!J=RgpK{6DDHw9hzgxcp&hrH4_s5P zuPb9HO)g-J4d`i-w}&p=3sZ?+eCP;1S>Cl8L-A{|i+rcu5Frj{ht9h_HTDL>VYb9?)ydcI}gVZ zNRMgy-go+K%caukyH)NZZN2)CLNXg>@M_SWW+dpcp?Z;Mzi8h`nMEj%scH$ff+i%< z=#Gt3NHRe+UnqFFE!l1(_$asFC}Z^5z9abNlz<^HrQ?Wz+-Z&R1I1W-x&-~|h4hqJ zs|Gsc!<<6|C(%p12`5ZqC zZ9rQG6-IFU-RaYLDgK*P71MuIHd!(lQ#u@z@M;29Jr806Vi>{8gjBbfYwT4V}Tlkt?L{W#^x|v02w2`t2VvA z?5ZbB&xph_ZZG+^_Vyd{DiTd_IZ0I`Xa+<2?zWD~1cT^B9BCJ{C|oH-Hw$)N=KQS| zcFfeRz?rX>l&xP}nS{LYuUM@`)2S;?4DT4cwV2_l^Il^>ZOsfv48e1&>Uf9*zT;O@rw_xkUmQQs;G+=I z4)~C^U+4;K9L(g_koYsJ<9fFFEj6iM0bt#C<3L{IgQx0f_my1kKGpCxrp{fGqZ#&}Z zj0rh(xRxFAo^qn+5;&T$`1GKp^-QQfMdD-{ggWXHj+oy=La6Ge*3>u%PbH1~1?-gt z{E;}p!0f5+z@E|#El|&-8^X4brRojfl)*If_~Bo6$z^*eT@f3}LFg*$ok0!j27!AV zZBaxn>FMRwLGj_wfDm-(An05+b|N(4T*C`tQta9I1(@4pmE3zZgc0m&{v=NH>HMST zTm%Xg)Z#()1SI9+wGeF+HaZ|;so>Hm2+cm_u5koA+*3&F1q5%*Jpwg&z{29(3S^l! zzoERClerzh(hCS|OZ_^o7nW?aNgd0oo6=g8{F?D&_(S&zYe14nZGQ3!1=4BJi+72CouJft4JA$n2t?KNS*=bA~FyU zAqk2C36n)9Dg>h<1}cc;qLb4JH6fgIn8X)J<@oQ!6$QGh(UI1hM9b>x7G5Qq`5Q=; z9_p$;50Y-Qu@Js;tT*Ul6;j6Oo7QYq!e7b z5%bB7K%6m$DbW}#5JLn*l*N4Fh}0MWq)}p9L^6~@w|fB?H19>*VdjwvU;`9}b0hoH zu{~;hkE;Wu-bv9bpgT)@)|-FA7<(N>1q?s;bYkb9%eb!bZ7#qDqLmi|vNT4DdMvxjiCqjy5{rBLleq>(0 zY*7j5asEVHq`x$kiiUcS(85-NYZ0YB(^K{XWG%Dw6`A$vKKbjjVyIWdJfYP$U3;6^2Sb?Nj^ewc((sJzbVE{bWcUS?WBVuXjfm!UCvE?gr8H)go z=ar-T5p`%GrhLrs4HPl2(`FJRz-9OS7=s)Dj`NbD0Aevq95KaVCv7^X+V5Uan0Pj`bME&uz_JAQZbThB%P%k| zv^j`rb?y#^PNMKo>$;TL4|Qqg;a%)*4m3G|I+{!XV|DJHi8>dk48t1~_OV?^o6Lcq z+ce=t{HxwlG(ZFISJuS*9?c7FpBk*7c0VI7flUwBiD0|0O-+Db^1@8(=aFH=iZFbR zqp*EDw?(r9v3KyH%GY z^hX%czK_K8a(DIk^WBkBllp3diYdM-zVc_m3Uts^> z%EH5ap~hxg7km1rf+xPL@!ZHo{VSn_#Oy%RP1~mK`db@$4m>nv`*(72W(WJ9r%o>e z+n@($KZzlNPg>`RKwH46RE!7S2NzT5_y9=h(UbZ$30r^fa#}ch74nj}(1t3Q&CM0e zsBl`0yQ7)y{jr{6rF(_h+ZUsyRAT~~#spuOHyGk4w+U@S90}_{`^;Q88Brs+*Ekx}K1y&`9@#!{_*z;WWTXShy4n+ZUCx+OpoHfSCx>Z#@KQ)g*>tK5;v6G+DGB zB{FGN``Qfy32bbc3irMO_XhgG5O0@~=z=%`hNIuls(G3!iP z!+gG<6$ANN8e2|}ka=ZEclh*j+8Xp^KL7^V>sJj6wURRMPilJnKR9^4evN#bnA{3C zy4B7pQCfQ+7ex6(J3ZzY>VD+g;L_U_dJ82ZNLIE5?)7HUQh`8bj1$JikTEIz)B1)> ztgw_gJ1l{8C;L(`W%dJVE^F4p=rMnA(p%{cUPwPm9CyfYx%^!Nucd_(a*r+3LmWs- zBcx+DI2HKtqNAbz$TAeeWko&dtkfq9NSkyC`YCFO#hj3IWDrJ`ribf8r`l;_TU_P;()X=@$%JCRRq@JKUwo3YHiO`Q^?1{XV>h7-9z!2 zsckryX83J}YpH+JUAa1tz#<-sz9n@4t|g*K*8=G+UvnUR{^fYLp|YgkgnpO6zf^a? zvf^QvcDcTdGd_q>B6!Mpu=Znh0qX;wg+g56Z?MGt-(|V~QOYwiF#qQh_kV6lD^j-X zS49zqwqB?&71Aiv*E+VM1BUT}n{5G`;=gB17W+YzgD5sF<`5^7WD-3sNmAK=B2*}>G-i!Y8d;O)& z-y#epMXsVpg52tgOQ%bMaqlr&&<{%cz3t4AzW(984IyvR8dtrU@H>hS^0)HhTCUn% zr2pU!W3Yms5}k9iGs}wyOH>;fmQ2tH1*Q@7wfn7}@zoS$_?EM=3g28@u2fplkEsHv zRL{`3Ghwh{3cU*dY>z)*Cb4;W-jxFC!q`ZQ7&h8Vp*GF|y3#o{ny7o3u7XfKinLE2iYK8m5Z5e&R63WK|E`x{OXt3NnbJ{TEvku|iC#{HfD;m& z6`YpEDC1uW2Jr{qAFt}x;N-UqWNbHQh^wd;9l#1}UXDw&wi5NZZL^yG;^UkXEhsr5nw<2PuO_X06!LsjzKR9jl+0RSe4a2kJml@6lps5Jb`fgTnz(wL7*|mFguXK zPHiFc9tFn^!R?lF#UwF|1th^qu=(-=_5q4%wmefc!&P)Zz-1Tc_@G3;uNsN}&-)iS0IPXvfUk8Jk2 z?`fh@8Nbx?aVc8*{MKF{j=2PB{^`dsbRAl$BVE%$ER#e9+66J;wH9Gk>kFDD!J=&; ztL(26%M#U!uPNGd(>Z6>x|0Pi&Qa5)~jo7|Au(U1GZ0Bfg9i}fFQ}<#_x2nsWyNFh9U7=_D z1jfcjKKL8du>1vTI5_@8>iY*v%L+9adn}HBlL0bHpl};BDx!&dVw4m&;k$z?l)~&R z;tJ5JI@sGrrnVMgWL>K&|~c=A$j08r5F{s0QVrK8>p;B3s)Pq)aw6{s_5&?x)0l9T)&Je{^1ah$>AMweb44EJ2 z|C-h?Agd;??lpYs#)Jd$2X@}cE&}>PsJrhE#hpGrWIfn%pX|GgoNa-lF#y=3Zw{Ti z(9KKVo%X{?p_G*e)P!G*)R$m+SyA>U_-`K!xj4X!)sk32QvP)0Y+&4XXdq*D1Q^=f zlWqYyz#kkT@R?bN+iiCW68e5)cTCz*RD2m^eP0jyi&BYxZ$2EEm;MrIt&n~rIL_*m zg$AkQ<qW?JwIFj-p|578q=+!+0z($46fs%v_Dk5MORBxUjW!UC%3bE1-oqm)Ir^)K`x={dp- z!$Wil+$OmEq(0G)1#xtQZ!m7+*iePQFHsA-?_w7_5H*3`PdVf8Lv@t=a90B6uEA-&0ry-rV17 z;X|^zQ{2+f3XRK-ITcTTG9;bKtn-yrl`N;O%8~V`Qa12m(b}TJi-ul#Cp~ii zZAoWSqjhk$d%MPWb@T#1@TJ!|TqNgeD<~MdeSY>VbY!&tk|$*IElW&U?3G9!$K%xL z9Q_@2hL1$a{=9#6Q5r0)8NEk@>F9Mb`~!v(VpA%IW@sTPj>YQy7Y-g&N`B0Fn9tj{ z#{cB_?t=Y{C|8GXLwa-L@dvA^_Yb!vgDP^A`Fv+4#X&3o=dJKtm+xScK)_Uo#30YR z2>cqUNdV}>a)ctK6|pKn9K2H?DjIp12$4f<;t@82RU$14tKRdMj4;gUu#$vuC1p;< ziWH4O5P*RShq@3B+Z8Tm90Z7u3N53O?Gxna457C0o90yd6}p>Hht=1k7yrftvlIge zv-`8zgi=;WKzyB#WOB{??pJn)UQi#wV|o@Jyk<##e`Lx>51m>=l9`QfhKVt;#ZRjg zwV1LwQ;?ec>Aw2w3Cl}m+Ze{)7lb!Lym>JZl?_)wcq~suV>L6ql+sCu&|ixzDfpF} zC_`&+n1dk)8-?ti<80vvP3)rmb!@6Es7q8mn^`*su=d^6%LL>MONt9=sI^FNrLRR# z#1yVLV-nP;z{dFbqbyQNs-m&oH7&#XXHp=FKY#n`5eMA~x~^3Y*NQ;Hnsfy?6=MOH zs&L%P?41zFRvYb1>r%^FjF}fRMu}eY7dHQ<7AR z_<)M%2|mO%t+0_?8bKt$tBQs~Zk#PWxDOQwVXkh!9_>O?QpP5bDjR$5DdtnTe6B$? z+!#Lt7B%ASvw=nKj`{v|X>KOXmpGqT^_4t6lKCcU(vZN$O*i_v&#O7q)km`M zEs-#KES2BC%7j*Rcy*H`RKwq01#G=>s}7wHke@v>5}jKQ*b?Qg!ujTgTyKndBZU+> zH{RPuvz$QR@ss)%?fwQPY<~e0j_>^Ae>!`wP#d#a6GhoLqc)NNx|vuXYELSqAs64y ztw|6;1o1Pd3q)*jI_Tu>N>0c~Sxi9`sr>zu>4C4)dIikNP>S3@-!e&G=xL~#4|?snsMXU02+z{C(1voCW!e|3-6hAgjV z0(IqYYS`mNO0)Jf<9ma2=so7_Qj0FeRxMOdQ0h9u}P2JG8(tL zPAx4O{#5cosLK5r{oTSqE}cy)C!eFt;#Th^uTGY$tDngPWGI+Jv=7TNnlXOf0-!!v zdfW{!|L*bv7z+5zZIep9fVisL5rOat(98kENDHp$91eP>q#v@lO<1B2uoLP$Re(B5 zUvwNWG!Rsief5{Rxe%F62o(V*kxdZjfX&QU0#uUI8#`W8c#{+YN?#F1I*P)4eAI=-pg2-yS-f+EcF!a+;?WdH z9OUe{Ek2td$bssx1^-arT!(W)9&K<;1-eaH+Zd!L0A}#D&5#ECOT}jP^b?+4i=GkU zbLaGaK_o^b57?O%%0*U!1Lig++?!l*ZkV}p5ZzLGx(#xAm8~QgP*Mo7(5W`)oJ9V- z1uElgv|OtzeD*#ceHZLE1_t@EUXUo~A=}S7vw5_-E5$#P=;F4@e6|Dn504%iwbVwi z;AQ)7#mjtyDYTlyux5BSpz3p-<&?zc(s(3pq~cQNWI^&ge)^(|EFnwOksX&d+|r9G z6>?MP?u%5jJ0C8EY#`{f6qvRU2pQJKO3=7WgC0X1qQWWR;?T&7?8W41 za6=5bg1G0}fTr0cY#mOkmSsz4+z*!$k1aw!Lz>?*C<2yVn!(9|7i81gis&?}zBQf| zS4?dpm)2+NQ;UwgAWIWt(U!Q5RH&Fkiwf$E9xhz9mAs;Y(UqUfIimabwIxr{>3YJ9 z;;*T%vPc!qSh7kx;9axB(Jb>Y5;7-v7^BGaCC{xdyN%XLcve>CCtFp{)@oMtRi{fV zt9Zm3phIrmW=;l@Q{ERJ@MeR1nSU#K_P-Q8Bg2n>oLkqBV)?(P8+VkK1Ixl zaTGCPMRe1$T&XZZ{8l{vusv3*UT>9n=Nbfh0mIm59vPo)O>b=rl9KO)2`+Q)EEgR( zh@k}jBGiSdy*W0kQn=#M$-DOVgrdj=YgH#sp6E|AFDBJ1<(24nZ)Xpdj5nN-3L;wu z+ks^dWE*I6)}O7~h4f)J?7s@`+UlRdN&NDk$L>9?*)KfL0NZjwPzoCyMneZ=uI|uD zleoXMDI|KryY7_P1U09Y5>xKIE=%mNC4t-FRnW2srW-%*|f zL`D+m$zDI~*s)>AP0nf38E1Y!KI$XHhsLe!U--0V3UqtWM^7d!B@>rrEi2?kr)@C6 z8^xK5aHCtH7#1lj!(_lHk(qK!ve%1>XqON?5kqfEISpcM7S#slhWA7ITx0B%1{uTJ z&0@3X_ml~M8Ayh5?+^0a;Q7TuWmIG3lWkEEBznd|EAF{w5LxFd%R5SbhP|R6*7ZTeey=9)6MkYHdG{co!pP3#gYdgzusw{&GWHG4?|*ggBX! zJtOG|QEXgW`j{q!xTzeiH@2r(Dj&5_wHAPE0Ou#MuPyf|Q&e+yP^1!{F z7oWAsNSza4Oq1-h7P(0s#$sc9LMXt~!=$s-NaSKWO|`*m>hwj!KHP@-`mm;5!=9*U zM{B9|2rYP3$4;7XHCPu(lSDr-U*gq|pe*>uYkDb%-qD|^>T;-jH-S=X)Hm$v(VZPJbEydI#JjyVtLdbQDjjhi>x zd3{}xb(G;C!+m%Y&EuK;4N<GF{SpI37F_A21p23DNc=bkk4_O~~ zm<2)>%=)YXVG3s{14s5tl5lyziQwbWQ>%-7srFKu8wcQM0CpJfUF}w&Z0hU zSTTNbq}98!WN{}dvs5;>K!u7M7>w;n-t5nMUMN;uFmee_T2fqdh&u_RlwUBivtu-w zDOg_bbgDTCD!e#LDoXIiuZ=lHYurpIp&>v#$-MtX**8a5(zjbi9ox3;oSJz9rmFs7u2F z&7$!eNIFCDRwnzve7?nOc&{21C-8yMd1}~!G1pNjPZ@DJ3Yd2f?`xVM301$QKUzig z;s9l*W0Ra$*}CShhKg~@&TtI@JinV^&|(7|R-QDQbTj*>-t{^+seCu~+d8F5_9V2b zp|w=E{-_)e*_c{&lu2L8LY*`MO@FtC-%}$dh3S z2cvEMcptMfnu}>t?{CWRdJJ^!;D#uePL5?e8&S-CgZ9Ok^o18VF>VA~NM3d~2p;kR zO=Oz{E>phD*9W9F2Z%CCBkl61yhlf@rOHoPCaN>k4@A}Z$<(4BX0xfJr1xOo+uGRy zI;B;UaeIGs$qwpzztdrHebwro&u`DW+v90g#qnB%uiA*jlN*O#)e1jhhv+GLma781 zs?8qiR=%lw93TU?7~Q!Nxr{x~t9b}eJ>a&t zcesgTU>v(1zm!$*(6{up3pSi@$~I#(j~D`Ic{6%shMf)M4!%n*P!AGjq=_P(;frJxlvb7LhK6MaHyY&!VzV)@uMy&TyQKL~4rN=E! zE-~h$Nk*ehH%1%dj8>b@gjDmOcZECmgY$|Xy58=NxhC|$OHE`+O~f$O$W2WQE+i{8 z3o-xN{R&JE^ZCZX@bS&4+soQ_!Pfr?6jx`j<&OX78)!7mH{wR(<;|BiJ+{$-8%fp* z6V?ibsd`bi3M6R@rCFHbh+3s(h;Mw0xu`%Kmu3+gv)J?X;A|bX`L4NO=H$rn$VUeL z3N0f1_>>}DA~UigZy6hh&Z099AQGBNGw3n(B4k$67Av`n^&(YfVLG$u3H9H;jwA(% z=;EV$xh>InyWO$GUNA&EMoG4ck*?>(UQBDYirE~al{b4XDsn^I6t^T&MD6(iZMZ+n z{2i=u{;P87Kifb6wtpU_-jTd&jm`9BC~T}mCAi)$JH zEiLKp{ss>ttj^fBenzbdGw|l{VmYZ%RwY?ByD{DDVrvi{iipR__K{1eMu?Ko1Z>G_ z?pZcb*TiYZuC67E?tcTg-i8=L4L)j|B>0iix;PyW`S93Im5V-xne4bKe#R528(5_Fsmw6N5hHkbG&%IYS zuC71nA;kPgr}ZbeUX@%wOx@pk0Co={r7B*v2JsxZ{@000>V@%;#NY;b>9>f|#UtQc z@fyp6;qfB0arR?d{uRhE$B;2@74mz*?~2T@etDD{Na2I2$&xjgQi#wSWNEV6R9$usPcK|!bSH*5>DsZ%KYqU#f9r@cFw}u4223j11;x!ixl4yZe z3Lem5>xJokjJ{T9jeTbvNaq<QNN{qD^F#&mXMe)PP_x|Sv&GRU+1b;J z{Y{sSbP+{vbRy&ACW&2oh!^X`1NT`&&(%oHf@;pGI)288PY?&q6OpN(^@PENkugA{ zk9(u1;mFJh$ebQMe^c)(CNftY++o=$eY{e;Rp=N2m0ZNHw;3dnvLK}Zy)qW|~*Du9vkZ%mb6 zwCF!x)O4t6My&u)z5fa~j~OYk8B7uznOb!grJG7nQ4XNYr$Yvf&sjb1+KdAz#)QY2 zv72TYguiF39x@DWpTX>&^=~bEUfs1QjQMlSR6m>iB&%ETeFz<2JQKPRqh=b8%&Oh} zpvRLujh)`EUN2898u!K^udG$N*}GJl>N)?2#_PQcyG(O>APp~CX4l*>-VOqy;x8aL ztb&Mp-dg34rb!Rc)9~Ll;L+C8Vo;9Q-%g0S9-zo5j`P9dl;Q_ICUN=(uZx2YXWJMW1E* zEZHm^FYwW2IrG}k$Ku^*EETY#SZFFT%>860be`{;H$>sUH1}2MN&>h6#)#cq>)?W; z-(35U^M;UD>TL7x{sfTIB8-F%`jvv^vHB$@T?^#^^;&pe`2Y^-4VK&xmEJD`NfHQQ z9hVA_zpI<&gP<-Aji`H{h>A>L?4GIW=)7$eV&hX<;#b8e7h-SVmrFRC( zN8XXbIJyq@ z_3*@&Vb32Ag^V`mhzE9*waCk@4;EVkHM}AOk^~UK=Csb`P|V6lH)Brs-JQ~C{g7&O zA$6~C1va~D<4MxzI4^bZ#4g^9I6%kkXk(?qu&IjX7g7(KU6U`Qon84=w-k4PoxiY$ z2w^4cQD{zEwDL0Qngc1Mu6&=X_sl$CuRJ8{(i_8t7-%+FyqH5V-Y|7{!7R<%<@R|X zjez7+-7&%&sv=iEBKhY5Tx!aUmD1ph#=IbfxgJ!R?}3O@P$hm?>IBE2L?vrQbf#BI zO?98MRE#} z2Lh8cTMLQ5XC-e%&z3WRHT>a9>bXL~CbN>;s9MnR{Y|~4yrvnY`w5JDNk#s~q?-#; zLjvjN%JC*D z^THec$_K>ol+d$^6do7+0uN4ol?AI1(}iv8;@==i_)hVtZDlh@77@+g3ZBoSh^{k* z{1A-^Xxu96);M#Q7WaLBf5sndI`^nzfgVqpW`#dC9V5o|vbX6Xe()XCEg#xL9IVlO zVkK?{Y;;2V?_1-63(tA(-`w3sug`nL`2f@RfoA_5jxhZ#j(qW?|MB_<(hoK5FLLCs zAqi)BtSAew?_V}C2|RB8@D-V~Vbkgu#loe+C9^Mgc3te5n&6gRcUZm%*WS40Ub^O*YWPvFF%&* zUZyY031YRE)qFKqTCjq4O z;hcrGJ}Rl%t5&L@!YL|Ks3O_=Xq!5W7%^;K)NaUJAlLHM@Apy6QB7En=%^oDYql^L ze;74zdqf878Gk6A?^V_(zo%antw9QM6B7K$=!Q1O`6nylaoMV%y#vBm%9_y9 zq}*WCZlEy1RpquQ(fufT?}S{%8Vzg{A~0+xL7s%LSc%1eUDYbtz3za?{t9XFdy`$z z3_&(I-0xQGf;>U0-1;I|;-w}iWWW7(=?EZsVBs7M^>yipqhZlM1fpn-wkE7joRCrG z{ZTu=gp=X-=6HU=Ki@lr>C?pY9iRnjQUV1oM@{Ev=fR^5>eQ8TWx_!$8>Rjnes(k6 zD0rwnHbOt8#7lJeWhl?(9)O#rFAF{9n9Ta?q|_+WyqI4@;Qj+R!Xuv0VnqoGG3=|Pv42@Bc=5u!7Kx@dDzRNV(zc& z(g(v#ClDMW>28QZ(-27Ed#lLp*n|Nn3@^w@>~_lYzF0VvjLMQdj;1wN<=vOQINGyx zL2v3;b0-G^5@dk7Ts0V%<99yk!L}X#4uQUCk^e=e{I~dw`5)&zbtG%stf+mhI-b!E zk)@2eSPoxfL5^q21<`4p%1Q+-ZQEkRd&rm9&$>35$mL-NLJa4$^agP^p51vIES30B zOQSLn%nsi}7N`Xs&y-%Y-BdQf80E_xOFErpQ5x6J9-_`34(N|-5Y|83J6hY-)^sFZqjpIJ4H!`jN9f__0c-q5|zVHIR_agkPL=l0YC zN9ky5IdysqHN>B0q54G%ytk=46@@)KU;`({k2aw|05^l$VZ=lp^K zZrB9p!5yPGJoW@+?(5(4y>X=$&3=5@4I=|@1!n5jbw&MWBVJ`6ng$;!CV1jR=M6~` z&ojRwi!%+Vm{4&EHNO-g#X{Q7YGH1#@!7TDb@CHm-t;-MA$w$`w)v&}u@@6Nc_T*g zTr>d>cQ40+;(TI$)X1Hf#Ifo=?Hfn}+uOlro3(1p`wO@Mnh|1b_9bv*v*9vBxWunM zWd_;zo(sLq%#o1u!rSX*PiL-|8Naz{b$ZnbB}s}rf7A9_-#>Ea?@~-a!*rcdlz9-$ zGU^y)P;1bT1wF(%34QmY-7}v?%^kPOm@5+de8~qBr|Q_++eWf zvLnjdbU`Wf0`6#}3P@lpZGLW2?CPV)9sdPLdfR0P&#hj{KuA(H8*9%l^kyL(~Q%f!pQ2W<=fS9CneEP|3(IJoCk4QcXR#>Gl<}8lKd+0ewZ)BbV)bvdL%mTe_ z%=mQ%xL4rL6DaEK>qk>Ygfn!Cqvla*xPu`hZSCZC(e^_4;L7?*_!Ov zXl|Fi!7%7AqlJ)|Oj*KP)7obUTqrxU6S#i2@@9MOd=K!{(Y5S4w$d%khzg7Azpn+T z(_h>sguQ+)EU(kIe}ckees}*nIALM`8#rNN{7)9+pAV5kXBROR19pq@d!%GJhnrc;8iz=0N$iV623(g`27Saz?(nxm*k;{IX z3X%9}DvD6P-_WAecmW&&sl_68M7&0MTFaJpk7jl*4q1;02+La!&TekJy4o9BsxU!e zTJjHMCYD+oYxEbT`+1W|7-71lo3a?A{cqm#@7)SDbI*f2(l%;$AID5@MBP0!$?P+6 z7>BAI2m}&ZdhZd0C5DKfl`h&)yCA$t1}h$mdD66`SVYlEGD&TCVcc)K!#ifwCo|M> zq~{#K1fA*98|Zbj+pbTmE5l+mX_FXL>Cf=LgmtmDRtdbi(935u6vBHr8S>zzk?Lxg zqrJmh;d85J)oHvKr3sfNm^IqE)w2BWH|whMST{guB+s8)^vnfJ*<-`k!@Mf^6BL|Y z?-EK05*RN)>vNqMGxdNm*_YU99p};&H8f<*2UaX?ZF$a0J18)n-l@p&98Ex_dLys~ zCnTzVNcsRliQ}FU3#zQ&73Gq$_qgk&E}_b4g9Cu1tQmMsrDwh=KjzHosf97>^9T=b zwRT*Cq5L7#YtYNh1Fvvq=0$&r2RDhE<~3@DQ&c4m4UUpbHZ=+!=fp(qGyl>Ui_;2J z_qx#jK9UJ1H}s3scqaI*l;p3Xpt%u*p#fnwpNN65AFZemt|M4{Zbgv{^qXxhFeFlv zHF3&w?m@ka8%M?=4Xv&laLHmEcYR3_S7(MJ(Te&LD!HfhG*->sxkrv)$b3vHfNtSA zo*oz(I5)3%4y6?eMFsNi2y;5*Y!XaG6_P92H~wK8Mu{FTrIjIpN2pdI)qVi_C&aES z78O&lA&w~5i6S>#)Ct80?_)e%q|f&;woqeyN}52t_~*{w*r*Y7tCGfST==7UX|uCA zWrL2RfsnMsxs=+Dcw(Z#{37ALm_q*6!6s#fy`Rk(2=#)JzYbC%qJ&6_up5QUV7M`5 zuYh1tym0WjM&#V0VBt66TQPI!6TjV%jqL6188K&Oz!v7=8LNc@-NBBij0O@k7gAYG zr(>hUY%>Qrjy_Nl0d#GoOz+dM&r=0XO;WADmzOk;896z_hzFb1#mDr|1$4ad-`1JSx_B6&R6xJ zp;gt{;izYIzj?m%K@}11{hL#ou@WICMYJFDMp-;x2x^BPo~5z@uS((fDU3AhDmB z^7C>nY;}5yur_%0on(;ugNVKY@(i;gAOl*_)&4D5UYeyO{Ty zNpuRd{(8{!C}XHDb!Z|iPx@BXO=jKkdOc1xTN`3-vz!R4@n9H-x|8&scQ&mZd7gS* z1S5J=nhPK4?SRhD^1iTUu!fXh^|h!E#(nP}lBC7q@g#B)bPQb668yF@etdDqJq?1f zgiZ=^dhu(KGp6ZLWYeSrr#s9b{kDPezZ;O13m8do3r|cEMg>TV#O)#?@|6YjxcXH_ zhzAs0N_5L3eUDNx^TGQ4(iWAe=^##eXIK@XFmNqe6oxk(&^%6;zfG%Awuv~)3K0gz zmdgk^_h}wkT8AVj3xxM5 zc4lgB6t|CFKFLta1)o4HAx!LX7BQ?MHZCn8sg4l@K$Z?k5_zaX6cte%VyGSxP+teW zg-+9*sM)~&&YmYy!KouzkCjW-yosY1-&kL%Tl~~MpY7O3bI6p5+y92JHD35^S386* z%f5ch>-&z_Q_>WCc=3|*oQ~t?zfB1IAZ%ISpjaW`c#bcCiU(FXwWK;1=858f;nxHFJeX#Z>ii z*2s%6P9)0?#Zto@g3_fqmAX+ybcns{Q**wp{6%-HqJFz&9DL!|GxUG%P3<%XgY8#= z48^NIStPeVm|>D$efJfK0(u*f*_X0pdKzJ8?A}<3KD`b^ciVOdt}@rqyXwOZ71s0K zgyLau5qc>dSV)TA+Z_Xc-T44Nr!W`%J8E!na{lX7?*FH?ob_M&&g}oZ@0>htZp48Y z@c54E4$^QU%cu7<26p3H;4p1$vN~)WIT$$i5`J>Km&`gm5uLi0K2B^vg!R3Pa_J1G z`Lx!YAaubzay$rzRZcD6B0nu;GT6vT3_2hMK|yaElNCPqLw+`U1l}-_8bX*B)1M~A zZyO;7*WR97bBG$Bib(Zd{A-B7fr`*DRt#}Y;SLh5Seck)aRa`&Bo*s}c)`>aIWa0_ z492vl(H;|=umSIgPOz#1TwX3djqmSvE!1z}-vj*$hJB@k`l)e(WE(I6=m{cz8DVDM2E#uBR6lo~CI zxF<&UghJ5#Eu@sfB@uYNOx^hmuu5mTKLl`2ITW9U8 zho2APbTXW^{pok1bSuvc6CD#9f%puPUkA_@KP#cFY$bk&xCylZQoW5qk3tfir(lE= zJVS%}{kzev9DIAPEtC$WanI?g*iDC3EZ>p^L%hn>3hNU4`J{%I=@y?~$Y9(BEzJ)d zpjz$Me$IoK%;%qG=%j=S)h5wGHgGaUbHXUI}2#p zQ|UW{dv^UX(24R9Y==2jak_~aX3ArK2FduVAAE^5T_C1Xm;B1mKpuvbvGlDZ{-|i-o2!@0D`sV7&oy>h#qUh3Dy`i;g+R1P*{Qsqb|1cH zeUYa_+2n(#i;s)jsG>nzl*r2souJ*I*`~oO*+2xJ54#?SEN^bS$W4;f|+DBSBu zgu%z6pth>VELns@L({N#+n4)C+0At?7>>^LAKsNWVx%vQQBChgOX$w>mb*S^VGgsB zjv-OnEkH~xk{dw^q2Bpte(F@EmA^>kH8&u}S=n`fIR{l734ZV75tzSb7eeBk`zuhj zE<}7q;g`!*G^f>u&J265>DX9D`XnRs#brCx9Xs4yzDkvF?i+Gtr3CX zwF*N@T`~YNX~gUfp#z@+GxrgcBuUn|v&q+%3&{IU6od2wyCTs`j#aEH{mfsF|M zyoBzT;$L5yDbLoI9>W`1RKGz}B6f{@?tJ)--lOCmU<9YCij33b9w^J-o(PPWL3{spR-O6a(3t;6usS8_oQ8;`pGkB=#IT-N4cnQ1Gz5Jinge^hJxX|#ju!^!16Iwe>c zQujd8Q}Tlf$&dd$2NZ)IV&vkd>jZPzdJ~;=4`ftRco8ylVt3b#*vMcm6CT#AD&0(oh@_=J(;`h$ zQ+7E~yjCH2T)H`!T3x7M^TNE9ldvcI@^40 z+ecV^e70|Bchj-8950>TBmwoQXQoz5c1CrSYeLAA&1z`veS#09 zsKbxHMVd@_0lc{7e?<{6Lkh&*YfV0gR$S}b*k*>cHkz}V!MFW7yfkK_Qpf00;>(Pu z?avQyEglJO>fgIDvSZtP`Y`Z(^mI8{r_rhySm-Wq53C@fP)0ATK}{s7ksf*F4>4SH z$3!tQ6=wOiA(k$6qS ziLJp(#!WuAVd({CB$Xt92S1tCBxkaZ#;?LqU7UZO-yhsg9TQ@6GNW@llFubF;d(5& z&h&HQ)CM6nXbX{5gXR8_#2&*gBLP$>1<^M@7s6rmgC~?Gyu&<>Rhx-E?g&86EGOVo zhDH7>$M-K0?+NNdyv~SF6PF7C`e72q;q1%c1*pcKgd@OQYObwcDPUc~}UYtnxI4PWs{OFn#5Hq~j)iFk3 zNV`G=6j0?;VH@fm;L>&I`yB%XpX3Mml1X{aikw3227ESXsxh; zy?H`LoMj_S8fTl8CSjw?%gPx-Ww+;Gs7>9>8Ooc{zO6x!gH9;Ja~a2#&||VirspCU zGJq*w5tUwA6151uHmcg>9#eQ`WQbtK%wf4JP!>k6k6%iG?$WeD3}RBQa+D`0Ot?Fg zdktm)Bg++z6Gy_sSr^RpqP&4<>u`2F(0S`qX|LopSs(2m2N+^U$hG_xu;D9+Sf!AV z8!i{#OaN+oc2J8OwqSHYa6EF^dNp}|W=X+5sEdkX4GGLaUN2m+C2p|!JCbBAu`rbH z6QJ)_Kh=N&F9uBOt|I0KwEX~(H(O=DJ!kdoxR&l=O(TnOJ(5EC7Ilq0;;ubE&mwDFC!t-iKbc@2S|epv|nZ?>tvb0iY4biG+ADw5c4Q@}?%#B-eaPpdrMx*@7jn?M`#hp5#Ryu7 zXx_|(g`I8`O)8XEe~5}RGX?u_v{eQ;0WZ=pU3Od!XJEym)+gm>lsI#fU0iJ~@0^K& z(@4xbWpvjqwqx#z{v-(16>HhHjD|=-bNjPyz@WM+So#_ey+D84}85Y{Nck*H29 zh%~&xxhAs)T&`_TfJ|wM*=tj#a%cF1^_CadW?&793Z=aS6x=Py29AOT*uIG(ahPZ| z-)2aPW9$3?RICQQDypTWkshwNTyow}$)z6?udR~TEy9{;l(vl>W5PVYh`O85uaAbb z*&}xh`Ibl5XQyqMGA8-L#WI#(K#N87?@^~@ql-~@K0JRyD9#3;wfi+$PVKcVC`+wq z@N+V+5a_AomG7`k9YLmIGRCqkvelH7noq_4@Q4W^1oD#~(ge#PVWN|&ZN}#xbMdb$ zvPgEBFq!|{#E3J$;LK9?HS1MRg0?0zmP?=fmCA1!zZi@g05_z(`&d{f*a5vkHflk7 zSsDu7RXP>X7Ru2Z5)$LL*E?=;HH_SPD$mL+ufW(^DKD<1S|XA51d=k@E3Yq(w)#7d zBqTxz9G?|4eUc(<+IB6afGVAfBSN4kK#1uOVk2uh5eX-5hn%0)8QXP1WU;1Fl$1-Y z;1|}|WOykHa-9z3;B+q_LS=fYw_v0c0RVA~0Vyr~MaaFd%O8nLoPSrxgWulsDO!D*#%4CuPX-AD+s2ow-MC6VltFutZTrT}UM)4V~sen1rYA17tC zK9rj->E2gjE=Krv1{xu2JVfIUWGg&p2_q`5nX8N6p z)C_|X4$MU_P@kD-+L~oAFizoN^HSc5%ZYf63*M_3PyJ)!p8HTO{7nk8<*0p(i(w*w zFp>){)#wwkI@Zs&Ph6@1g)}W@aySiDY3H_zSJ!5ig^~T(nmz2CDL_+Nsk8aMBA&0WMdcABe@Q?ab?= zZxnc11(nyMZtv1%A(7wcsvV7x@rb9g(nBeRg87ZE$9h~M5&<4vjH%3DX@U}^kk$20 zA)>8BZ`kRww zDBGnDqR$$wWCs&SL;xzcAxCD3>(X|d$@!*RNExx@muW$9O)WfFlfy|oHPeMx;n?mE zq;zxJ;QeC8H?unG14!c%gB{XTNIEKVVG$&FcH%kn(){m&rljz}IpyZaL5WzU0&@Mz zq(XxoN@TrdmRD3bk3qW#{*R0PWq09q`5dNkX}cS|NBH>E!=(ToBNKJ@jeTC!NCICH z?*^eAn#4Wtx@549PngNZ{+)GC7sWNJ_ea$G&ik?w1{IYiDOw&)cTAa!>QGAQcyy(O zAe2Ab=omS|Krxsm1=aZaTulCG zY@uMG?88}z3mWNmdlzVOyx0#K+8AfKq8C!tUK>kr_@~H_6t3^ z)W_jBIzGQ={ODc4A=rjtlz}Vs?Gqe6$%BC%tz)l2_ah`q%AcFVp05nZMm+#RGf*=B zz~xYFA+E{rYKX9d_^*oKp(C#VSWcwrw3Q{ zmuGr`9Z1set;YCpVHjNZ_Hq1*tRI4W>eYd5>KxR1N|>Z*t5rR-9!cwW=TeV<@4dVL zSzmZ=isi0Tzi65cG?+3IG@utR{oy6Vq(&4o9~0H2vNc~EwU7Vi9Cx0rjfsz;2G(VH;@l9CR?yY znRMx;3rJs|lZZ!wUoOZg)jB^z4^2cBgNzb}WP+Xe4ktJl`|}U#`~+*xvgwsGCOqC% zBUQ&;Tn+pd)7H!N1;^aTyZyUGjRbd(tXD7IHsIjsB^V^pr6BK|G9ANKsu@x@s@<3` z7Endi$Lz`$kosk8*#>s&nU$Nu^r#_#)fUVOHGZ9FJ;Gz14bw{?{ho zmiM~iPvGaf0FuAMtpANW`ftqolK=ce%<53HvRMVdeq`$AM6ug$lb-a?46-|Utgl#0 z;cmgV5nW+7(Ihr;9=ENM*VTfJl#yv2Mf;wr^wGu5c9OzAu~IyQ z`L4CBATJ_SqMzre0a_)Ah6GSIa88u2<`9 zdql0LEYGA8NfZbp5{ryqqAhKeMk*d&fS`{(6_z}-wDEeg{b|W*UQ&#(eqF!~PLQi!JDk>z9T3hIMK^Wmbl20FQh`!3JyHaN$T|3Udu0a|eQHkv<_Evp{6B1Z(1z)Ga0wwx^Rfq4W`JZi>Wa=i7b$5EYnUt4aArvkSVck_ zN4}`NHx@xYPAS^L+FQ9v?~Zl)xR*<-_+TBL!XHk=wV((PJT_GbA|m_y`EFk$1tQ9| zI(AdJITmrhtlJ~$$TCqrr^obgz%RND67g&0nti61no34Fp_+~ZY+7-!+$Hd^@BX?o z_yR|ZCxTrV2=4E@2-lksP@ix+=4lwLzbzd29?ft4H2e!N;HTTOFR{-wlT=pQaeLC0 zZxxtK(DIsF+?I7*;7Cb(0grsn4C4F!av9$C?nO9RXV_sDm+UMy6qA7r%Lxz&A3#Lo zK`wEtJ47+pJRREjG;`H-#C|y)(b+m$9Iv{Vphyc=gdK=dIPQ{aAi5VAlj0Q!R(@c< z!^Rmdr4O35S+-ok=9>TsRrz;>#Wf$Fz0Es4o-XY-?$IM1!k5idt=hh1?qx-PsA2ws z#%?1t&ICn#UG}jw1h*3pBru|p4-7K|!I+LAL$InymUUPWN9@1!4CRzm)@Nq-Fn|-r92=NlcVpEN8$}D);u%UWtPX!xHN0Wy%&R&#TAl9Lns%uET&e zcbAKB14cJlBVlu`60a4R=60Aax>${Nl6=9IpH{>6G|sIpljJaImi55?1TSy+Y$dG? z1OkTHBIzYK27vx_G>t9;$Try_~9k2jiQ*3EZ(Fo%D(Cmrh93qWsO9&_!=*?EzvAm=IWFE zq6Y4x5f2o7;h4a1VH)`Q!crF%jBBpuJziZ}mjybcyK_mZVzxG)gCpKHYZg82rO6Cm zw~yx&;?q76?N(Zc{Be@J2Y_{v|5Ma3FX%i*!`44l7&Aybx(^n~dwYec5)A`bAu*_< zN9;sFY~0nl&uxaVjB~}54h{|Km=2CD+C2obO;Sk2^w~R3SFAh)(TePS7u@1 zy8_t*7h8JFp~Ua<-ogiDB&NjgGgGLTqyz}O?NhFYdjwb0PBKBgcy(&kL2cdto{YRJP^xFmz)DmJdz zv!j+=bO%v2^4PNkAF^of(L9zRtmw+2Q8QQTT%Ms;-Kzp{x($Kob~Hl%250hCoX56_ zN<#@=%X5m;Oyy>pce{q7p3%Oqz1Xk3^?lft4kk`0c+Sm0d zB$`ziam1^7XG1TI3mk zS0od&3+EJe8Jm`LinwC&8Ig6SU~SR#EcyW7TSqJtr^g~?<_NyIbHdC)dHh8VRF=?| zS4{7VC;h`L_y9S`-1|8Yi`?nGg4-+cDbyD}62BIcsVeh1803*ZPLZM+40tntwcV$` z+U^WuG@;C{SA{G~O?r}y+pX%hwq%3vfA(jdd0|Hr)}w@)q((J;cpRfJ-%ZK?FhZ&Y5FIZ zxKwl6VC9doJaZKwD2<@33-Zt|vCBBg&M#nFTtb{(K8Ug~7KFf4$N@(KQ(*k2xr;a~o_uY@*#)o4$y8~6`jT?t?dzA?-M=vYe2R1Rph(FmuOwMiq#rs$}%vI*3OI2@1YO?t@aF6R( zUC_^;wl~fSIp-o=?HPBv`kIq@MYXVoTAj_@#LX9rTo~~&@0s+NduRsVM`yo9iv_zN z$zmw!9hYoUjGP=N1?OMisSs{>%kp_k!ob*uGu`>rJ66Ii_*omf+4`)uwcz-~{SJS% zRch_R1OG5}ERAd0vQ!JY$7{`Aqt)1xK$7L~&XD=!hVG!>#a;E(G$7~PK}B~>Ml02u zeK_l+tNBHji1O`#VPcN0KhzBovAT|Lca>^Iz7d$#E=H|6Q5m*Etyp@6F^Q34%!~+x z5x~Re7tGQy&UzOAQ#1Sn4_7XDmY`LVt3$vn_4^{CT#D}k;Ht|qF#MEhii1b_2T7Lb70222X| z+TG?by?|RSDgbsU)(h93ZN`mFO^Z&iM?cV!cUX@I9P}+}$}m`sCg&cF&R6#SBFePv z?OS;OJC{Lxf|wSl#^q!#*^>Kq;wRWim7AQ3D%9k0ku7iHggt&0#N1?EEr+-HMsxuv zhivQk=kIOl^raqCJvHs#$t3bHT-g%rXNZi*LMenc(@7HO*vKI&o9HlCcI5d%yo9=YnYT7mtmr-{*5fn*jfTTqX)}2tmxGLE=K)~&9rajkP zimDY&10o|kZp9~Uh@xGfNs(27y2t@qrV9k=oXdJ8?dE07R33UmeC#SHlK4twLaxEk zq>5BgH*VgtWaP;qCE2YmGKQ@cU?rL07)vq0Q&a|<8*h+^`zXrptLGjWYiNmLx+b+k z8TJjTPQzZhlO1LsvVD82+b*1fG4xYv;1gB!_hi$3MvK?dSHn)jxH$<`biYyv4DpdV z$b19@)?$w6OZcoq1Iv-Av*(4ViQ-h%y)|vM@_BVleEtZpU+Wbz-?0H&8#GO=n{Ms2 z>p?4W$Es<Rq7QVzIi?LE-vW<- z?NsK!@}QJPr(&-~#mBr#SPxB_OqhHDOev7KEYqvKls43Q>vc_CVvoer9KL0{A_6CZcD^n1}5eb)~t8G&5lyVQNH|==TXRmrd57oZG0Ol*8_Rw%sTz(T36c_2^pcI?D>m%)z;HbhKmhwAw`8^3?{p zxBz0meTSuUow^>pcWr!<9W4TktU(YFT#~ekH`hR7Ns^_(kj0=~nm6DOPM}+n$#dsQ z`6u&K2d`#epUEl&ctb5p67&=G0RMqjcOF`>)q!dF9)oXPUx>@R-HDZ_5t*1Sb}io< zS`7=5V@uuhC~Y}aSky69=P1jt3i+}{-2prUFUiu?wyn-wa(AR_2#1F7y(QQ?5Z<^w zGxG94U7MoLY|5>A6i;LdiNTwgF{W9T68NewJE>@b>S_F4UDVe8JVuR1Ag? z{DHWu0jOhr>>`Mp?*8`UIHesx?IXi7HRjphAQ&Utzxp)(pW-8qe-R&X{A1zuxSFiR z+Sizz%c3cYDRWU0vwsb}AX5Jdy&$vuEA-;>P@z^MEUTJ<*Oe|J^WYMvqJD)e0F?&~ zhWyEftl56U@2PRhpB-VPUoa6~LYgQ^G9+jXhYXn(B@es&9+VV2lw8uBG9lCgo{fr> z^DBWF8D>5L8AduH78(0Puik!u58=CANdY0%F|g^Nsp1qENfFvCVJ_<|ptRnQEw~Ua ziHTW*dMZ~2X57!n7&Rbogi!;^U|2uzPhg57INd=woMZtd%2agPOfs%z9Cg}yq?~c&mV|KXXDl_Xpsh| zb~~bs%K9id=zx$Is|fzHj+42>gcisM6Doqj0&^ZNh*zOh@|$!HA+FK4Jo+K!ZpdzV z6((~{T>P=$%lvNTkg766{YUx-W-YWI46d-xcnT2;tzM#m234&L6`)`6g^y6u|Llswy;csgRbeccNS z#U>DpP}h^b<#=XAb zvoEl<<^$;b?$z=7u)lkJ+Phsn?9J)*a@s5Fve^r_USgZ)?=a37UKd~eeIoj!drG+qNN~hBrUeHB8M%SFZSz~7DOc?2v=f~-lokPbg zTj8@LrX$C|fWte;bbEK83C`~zMd|pz9Au*YP!&OJrO%Ss4jcmqwTX?vFzrfV=g{VB z#)%C+F46xF%HBCRvNlc|jy3Vbwr$(CJ+YICZQIVowrx*r+fF9d*U#>LRr}UXz3;RC z^l4T1Ij6d>`rYRe;xcd0T+TX)yzMvnRGZoNQ=8dWBke3;GaJT$VjD)FV;e@062Mj( zVjaI|4oZfXOgn6)e)x_;RLr1Wqw^BfAvv=1_Z4Wo_{PAKe>ta`?hTUbnTEC}p_#XD z(84FI(i>Hockn{D)ETgbVib`HzJ@}S(mja1l%+mtQ%%B}y5wa=;iIY&g22$Og4%cq z2hL4|50a}R&j3B=W^UhU_xNdd|9{*9?u?%zQT#g7Xd3ZbBE5TQLqLgSUGyfvtFJ@T z27)QoLi18t9@WQr^q&ts0`gKskd2pCx;Ob$QEJGNF64uhlkf)4i1z@KlLVZd!fv1` ziGQ|u{%wI3HhoURmtCg;7MED6Xfjq!VUd5N^L7q9;(Fd_7327YqfwHETz5I`#RN6I z&|`Wz!2#zqfY`oprw4-+b>S~q$OwoG{2xjrKw$d+W}0hQ11ORHa~&C>hEIKZ3o%M7 zIWF6mE|)mQ0M7xZOs8Pa_j=tie3gwsE$1~ENjovOx_C8vs}=Au1lEDeBMTv)Lpj9r zL=jJlpO*aFa->O}Mzf)1Hc}&lg1dV<=1rL=X-Sklbik!S>VDEk-6g6)BjV&IEQ@^y zzwt=@+vB`x_J>mQ@hY3Nyygp#4v6|~$H9w10wBH^sEr6CshG8;zkcy!=aRc`Y2hmi zy1Mg+{#3zLx|sMAtv0L=ewZa@0H`~CtB7ipn1Q&*>`9idT^~WKLbKM*dzt1|OiF_r z6j8f2ozZvFA&~2%#D-}Ev5L1uv(lcv@75Ho>CEW%K}kA7an$*Is5DRIFduI6w@gH9 zm-qD!R6<$Tv6?TftI1D`jM`=$UWv99$4;uS?`gNDQKW}U9w8xWG_|x-Kp9rh2zAvz z+{6jS9nF5h1%-e<4Xa=rpJ2aDCKNH^AYxkXXtkxJEvDo(5*}Zu>L@^P!05X6fm`SA zf$Si$W$uzgvD8aHdn(}s?+%wS3?;ryS~JR~6u6n^>ysCt>$=56XYuy3{^}lZ)x7oo zDYb1!?RY%m#BcA{E`^aX#bg+&)_6cT2*mIx~0{>UX_4KkaAR)8{D`w>ZO&AYAE^*xm4@^dtD2&aZGl&j$zYz4eT}!@lmHmV)T5- z*r)rC!WDy9htn4lH&RiDR11IhNoJ`m3lF=Lhn*A^dMXV9469>ph=mgAuJ5mfoCT7~ zh0)|i8EGYJT2HDbo@<(_6S+a#@Y!G$Zo1J&RxbrH<;$IOJ^}M53_Y1sTjn^R{#q?( zNdb8>>R22bSthbEM=t6GBR)*}6xW)B!$~)uTpF~A)cJY=cbXpU`19H(#6V@80Z!r& zj3s1T$pl!s-YF1}VDb=&twf9+o)&m$n6m0RTy(d*fQ$r->fPkK0PffJ#ZF}X;JAE? zmYwvwnN3?}@*o0Ir%_4$ex(oC!LP?s^~K?f>Fp~$`s%S|O{fMrHTf?bh;)&;{Ks}_ zscBZ!7T|W|u;Nm5(uxAiuIIBdAQDpvWsUR3UM@{qM{(^FEIvx|GQQq+`9U?>0Bckg zY92BS|4Kv%k8M(FUTEqfE_AahL;N8r5roR@lvw%_J2LfytJ2X+r-dLm3tEmHF+ut& z@N)2Q7Ih@;S`iEtTy+eTb*t8gp0%Y7qED&Wd_WKY`@9gMfem_FRe}!pD}@yH`)Oh< zL6zhaaCt5zbOx2|ZYeyjw+w;`@qvRwoHAY?L2PKLH_O^K`j;2v>v=gu(sit;-D6&c z;PPg<2XiI7zn<)bSi5#=v~vbJ@%;O?uuJ>Fov%1A0_5LthUKp~!}Ra_VgNRgbuoZV z0wtDqW<5pBPefKV(6 z8Y>;KWXrmg*YKI{%H)=yCq$hv+*A~cy3Nv|SsI;!;i6GPfT{hWF1jSnRE}TZRC}PI77fzi*Bqi*sM}7wv^fn;f|1rV zDk*MU6M(L>EcTmYHFK$Rzm};V{Au_lW6t~Kiq!kn85xTQV*URN9NoW$9 zh|_cBxp>{g2=?k|!CcfAj(MJUg>K&Bt@eR4?Ze@S3guKroEe}@*OodGVcG^PaLWAj z09{P3DQKjwML}vMgY~%qTuZpT$w#A<7#YEea?NmUW$m9x6BMx;ZuGR00g8(HxhXLl zmL>Ca9EdJ)T(YW<`|j&po^h)d(Wa;?VW}YBglz?(=@rSzy!&4R%r^xp8bx~|0fjxuVr^5*eWt%u$Kze=lYN^&ZScjsam}g4sti@> z;TtcPH>bn<@opb|am-2EB@RGUCg-8Yo{1tqGlVTe%GTUhMNnv^i^IG!i0>al;&vIy60s~a`HBfT-iA3_ z-2ns4vzcCAlXi!-zp-{+&Kl}p!`0%G*8R~2xJ`)7_HJ56=v{uQJUMx$#&qGStrv83 zRGd4(hus)pqy)u)eLVP5TewQTBgESKG5rlt{#L&L5KaDTv;9By3jkuR>z?|ELX|f0 z^d+YtkWn;?Lytzih)Pls?0`lUL!-B2%eO}!%8V96Be0dgg2e+stjW4E2YeU@IAdKm z40li$0f;rJiF(K*lAmioaZx73F0350r4kP!@n4LZWisbp4vhG6qe250-PmX$>F!k` z4r-DZ9GEhXBOP1sS?~^flApS~5)e|{Uj%fJ)lZ);gbT7+KdljUkfNmK|KZeb>TVx8 z42YwA4FW25R=3YJV`a2s&x1BueeA*}nZU^1=vy1h(`>?NZ;Z@pTkQHsS`};?cD6j{ zuNxbDo{BRcw7VV;b-(UymZq!c$<)#w_+4t&td4y(w{^C4H9uf9YKs?Ytv(UhK{Ug^ zfe&>Nn^x@$z6kfl*HTRS0(-#abAnh!?@pZyW2DLQU^Mt^i2rU?|CR_MxCpMc1LM=> z?VfBxS;E=L6)8O)*+h++I@o|1-~wkwwdWSF2}Rn=u!SQmDO;sg)|$7RK?RzVad0oY z^qKH*y;k+MH3maF`zYK;tQf2z{xgyGYT0um%s3q(7cKK`*SdXN*(Bk3vBuv{=rmV8 z(iv^H14WXuEqEbXRR{kltnyIqEbQPLVyuk~>|8YL0}DMUdZB-jJHcCspK6nB`1hBF z*8DgKV+K|A!Ji^0-GC+X~j3Nst?Svv5bHI7}`pq$lFM4y$4v!K#wvwIC zG-St)_U{UMkY!Ys#1SV3Jecok2aHYBz{%9b@m+(4IZ!N6K~(uJek&j%+J$7w@|Q3e zWW9tOXuAf~_Nud(Lq*)N_%Oh;9uo++G(VI=2gkAvScO0tE)1h=uq-Wg6OYs`V4QSC zuYWyPdaw7qhCzsspo@}Sc3uQtO?pqN=&w=0={PNIT>0V2z2=(Ir~AayA2*yb>8Hfb z^WYyAgzZpjh^z(ZPeya6ZJESF7|Uy30b$@e{%$@c|K%;tq(*9#S`Mt;i&YnHj(3(sgIionr{F?pm@aj@r$6 z(EaX9L%QiI(dY*cqZXI}ecd^SR@m3WG$7o4`KTz1fa48Uex!k?Fqx4lEeAcZO%7*e z#{1yUHed%7D_TR1FeoTHAj36^#&1G9JQWx3H3OALd{2S2HWSKbI@^IS*x@uB5l11% zA-9>eK>c#G<{gR`k}t*J3}H?wBzdtV+TR@{mvF$OcKdN)rl^79@~fW;FAnc@f{LI99qnu z#WkA7TFjH&OMWutdG%0;-G@%1KWD?U+ht__$Xd5`XHJV5&zv<-{f$%knO+cJC;6i9 zr}b&}H`w`Gi32D5f6;FL#_kFb9}$Veeoob-#a60#J+9n8#&fqOMIsmZOH^ISQKZgL zQCTR>rS|C4TNlt^5=>NI&C?B>)$#hguP~eYFq_MHT$^>d;-||798|G4=toC`q$ENk z3nFK(R=sTS(^j4XqP)>6LQ9Mcgf9^A@l##dmwh*R-|I9nXkj8hd|~DgQW0V!7foLd zt~=I;5Hg=8h8!I}8du&4YQc28vc1ou&ARwK3qOAmey_|xgTnYd>3w~#&eGEUIYwX~ zakTxQ{v_tLa6BjD$^TFr0q)NN26o=|zLuzYieH09|5Gtl4H}qJ1z5k^^?vLn>hj(C z`F?G}jCt{XQ=Fb2aR#=s6xbE<7h1ImSh#g3LLA3cWI9e+;5&{h?qDjxlweprf(Spk z#FQ$=dA9wo$>*xDlVlyT{jcoVg?xj%9dGi-Rjsg$kPL6>d@o~q!XMmJu@pFlJc<7V zt+S2^NiVri>`(}2jJZoM*#IwShT^2H=;o$Pu1AJz;WTve&ff{%~{EViAIXW+>j)G9}+l}4a{mh_%)v( zKdqz>;l=fNXsLDfQfsixk2xJ$@M6rymlAK)YKUhl4c8PR8AY-=-Pi*UE;yg8DhwIE zBGHJb6_KaWTPUHoiU}{GqE0$uAWSY-OO-d8g3dM|1dqoMa>T|AtpG*7KmtrFNg+q7 zk^3g;#`VgOE>|;L@De&7P{-fJWhErlLmW(R*h1J6q-?0sHB`E3VHdBZBDvpb55uwK zMOq`QU`?4-+MuLT35KK__}rXP>c`e2r?VHd)@QRxD#f`7OTdR~_{UjD3bt^8gpd|` zB4@Dx)Qi`OETiMu{Sj@}7`L>bz$Jeyt(SZ|*s}i73HwDrLUR!iD)?p6a1=7MS--kr zP6io4Na-cM*(ew}It_H}OTDm*rj?yt7}{pM%suF0=byla zJFCetAO|i<8YVZf&|G4b9*2it^?=CJMcc?_=%vDPI*1J~7iwPa$vo=vgaX8fXULie z%WGV;lR;8IDl3^OB-E2yjE;V<_|k1?j`UD9!KUAjU^Wm)+r37dPEM}_T56X{4So~&-XM6&F zHu}He1N&c+M*-JU{ug>5S-byO=e(kNlK5LT=r`btiz;pmn-fa^A%p@EYD!!3v#w}f z&;R11mt2K9r6rB%Ok-*DFf%<~P1l8ag#3PCbjO$3`BuvMjYq>o^D&xpDC>3uY_gvA zEkUO^B4O|LY43KIG8>@xS@r4Z=vw93=G$0C;6o`x9^)???A;vbcB{nKfA{X7^(ntr zAF5vAL4Dv)pdNF6Wqo7OG*0XxL#~D*vziY93@4MD2NUXj&2FFJ(A9xvUup$cX?1wZ zxZ3j7WP6AqJIGt#sw?Tlwa4&o_a+Axzrbn0(bsT6^twvk9dBPebj4VuSxM0&y_$87 z@WzC`RE&{3e|JrmtFCzUiz{OludTv0O84cmA~ti+`BEm zu^mZ;_l{BhGqAi>LnjJ4Twk0QvWnsy4Iw)m%ceqwNaKaUV=b~Iyb;oomN^b8?W~O@ z7FdZC>F$W7E8@)Mw4&CZ#x>eSW97BZ?ZOtsI|&5xJV=fRxKzz$kvKPG)}T$OYo(Tf zcUCZ(^PWtl+O&~XAV+dhi0L^JbECKXff1${rVEup~6AletN&$w=*$Knsv`W(g8d zSasu>jOHOLDK@uFN#NoLh~Ekg3DQEq*jsbpP5F9gu9ud39t9WhBuQ1)BdT&@!Hs*< zZc5QNrPS7}vyhe)ZN=eby8Tf0Dtqk(=P+QTRJltqqP|!_LLK~lEYGp$U!yddU zow-I%)}4~DghKdEF`z1&vGAPl+VM8-_8Y6^ZC+xq!767hc%A7@Aql)Y54kUP2m&UP z;am(97Z;D@Ks65^!t0u}y1`WpQCy{t0$XHVohtWcAeT2u@M> zqAXN6w055DDE_dE&C$|pI@7BVv%eTL;@KM!Jc}UZY#hTz=>nqE&hBj&wj>f17>?c# z9$p%TTG|3}fl2j?)&#bQ|zRjcU ziYgZj?UDu@YxMJ=GU(1c|JWmp;D?OSh>gXLrlf~lVMS6>$$@e~WYaU_ySv3LoUakL zk~MH8*N7?w+?9*SD zktJ*c+rZMjR-k`F7!H>IdBv8Kll?#G_kT5k=qj%R`1k*`Y$!UD>U#4O#{t1HXeaPF zab?2?U%)ry&CFbVe&CVPDPvcK*OkZ*M{qvrY!(zyQ{J{H?3w@Z;PhZ+78AkDb}@QM zo#~UZ$-iNfz>e0?i$oaeT+pdx%T>?p2z9LVrXYKII?t?_uw!@CcL5EpP^#G5PPhS- zzxXt*!U4j0+Vno^-rkIw^mO?uUFb!axRq4tq>z;ql(-YST}arTcgJ=_>CRD-lT?P)q4hhD zf0w{SVh)u1Z9)7f~kg<$p*90 z@M`X6rOpO5zYtWA5QpdfRDujQ4*KB-z77#EEh%;c^MhOZ!gn!bQAt!l)PjdMQHd6H zK+KXK_FLf15}P?kCiGdhN?#9wc`-!qPOq-zjB>0T_Sm3}M^;Yi52YdCAkL#bH%AYx z=t8Ni9GU6VE>34CF(I_NI1Y-*e0i>MuvkE#i;S>oLQtHHb+xv-7Rkh|h4kv8cD}<2Xl?%N(}{TScV< zykH^I6c)nLmtEH857Y8rO;I_%1rACoOjIpB6x(W>Cp_7I(66UL<|yoAk7YYUA}wWV zM<|&LsIBzdfc3)Vn2+1!1si~9-01)-AvH`rkM@0RobE9w2;6F2@n5j2z{ zYo*JM81nR_eu92t$;Xn=Ydi~a4MRAYUp3ZWn5qQjQim(?<-Hv*J%+2D6{vi3#Grm0 zFLr-B)t0THB&mc&TC@<(>ioFP`a(_9%kYpK->RZtH)zRFN_qtsvJ-Sw6O`z}DRG)m zjxP!_0JRRRWvD-EOr?RDR4HFv48gA9Z|GCMqnJ?>wb1ki^Zv&HktzY=-LR-+_9$6A zU&z)%QpBWnsI@y+z>R={A4D$PL6)$$wVYci*klT6Z($BWfo+q z-Wm_$(3sesm96SD8csZ%KB$Z=4-bxL)#RVvGvgb@TNf05%ysjqD{d-e8lSiF+Kd;h zge!MISB#P~yaPk@SRQiJuc7Py4PHpp6b54Dn?55SYHQFCqA6vS4?0wGt0$a=gw`qR zUkcU@)+@u&tFC@l_b5)lPkUSMHtIq+A@}XwpCGnYpV9Bx^i;%eca&F#k;U?8Li3q*iL#^i17Rm@QBOBc>sT=AXVn%)if z7Vn(2e!}aLMU#c%R;eApoF=jHK*CLNx5F(1ZDekbU$dL*!O@F7Y`AWiJhLs36Sn#E zTrE}hCw=eGAI#I~JTm7+tpPcMvQh&ESGav=OfBTP59Ltd^)0oTYaHzT=~O={vR6!>7{n!&^gMtR4?qxgi!0ButO6uX{%U5tMRt)^rO1NY+-iHLKgH$ zV_!s(@~74m zF{g|Ksy0FDE205uO%Vl4t%ustLPOFSC-Sq>6tO3b?4>n9YAd24Y6a}DzBbyk0bji6 zadth%od}w)%lICw&KQx9v?iE6Z6p+(2~uyYYu(+5gtl3xaCC=MPSuJ~=cm~zd9iy}(!&afrBU!q&KHTv5l_Z?w0 ziWs$MdpJ(Sr&-9oLrAd!f0{vJ->T!yqY&j$8@s{E9d|=-rHhW|P>R(fX~vMBV)t9h z_0`orp$2+%^ZMk&;u&BfdStNA86n8ett$-A?6B$PhL!*9);qR?&z<*5thu@$;7?14zoL6X6fv9b*|QD+aN*9X_0f957@1?0*%v2j!QsiBN_AN`Q?n z3HG-woJ(o$XC#rrL0abNhT+aop7L~%bQi=%8mANd1#fBC#`cLS1`16GCm7cxAt7#{ zh7moD zw&PZa;`ec*Y`t^^XdNvr)ZNmK#Vh?&8umd$KLupPC51!AB)MfI#StV_3->E9Hn?io zQr17Z+mZa>7hCD|{9Fs476Exa8(Sy$)+ks)uWYL)qoqs{JmtbpE__pS#yPYl`QIKv91x8lpKo;%?!D`t@oqH z%B}%!N>rt~%`KRt;1=d~>j(M7IRcJYI<&be$io(nIi#t#3K8Z!v2bDqjgTt7l(EOE zeNsJ7IHx4wFlD)m*ZT4$%-EI1Bu3F2fn?n5UK?NepbVaq#j~pRMNY~l=L3X?aW45Z z+$4dx_#6~pFa`cjGc{Cpb+TMscT}gaSHUm*dWkI2jIVK~`IJc|w6h1~R%vzZ z^T?#Ix9x&ss}ACW=DkD1LJ6`8+Fy??rDymChnzQe^CxfI%o}5eUD!}fX$7dh0`}oTM#RLdm{U4yh z2`HNRx1iFcp=-C!hT{EHvr_=}n}&XDB367kv0*`DPfKbxk0NM6k)2pBYxOkb<4sr6 zMS(MlYD6fPW_F=XKlC^O z=)P#BvgKAm3q2YSPi@--t=mRU;^AH9?%Oh1_Sk2g$!B#Y*nt=z?ujX~=6x zBlO4}0YWIcXeu*o1MJuR)g2xbXA4v?^zkc@oSq@CjCY6R6vb$x;91Rtd2_zZT;I{e zNPvb0YuYGq);vemkmsfD&6}C=mHT@DToD<<%}jr3I8P2P2-_WT@Ub}w^RQ!$j&?$? z^i`$1l*;!(B|2E57P%Jx8K)gQhfu{L_{*mt;7T0EleYR9&UP`CagXYvt0BM-5F1!F zlt6%$)>!mmKN@0O5aZ+~%`t0KofuWT7yq^iFOB5I4T~D7NWJGtXsI!TC&)?()g0Gz zYzBCFrah-mG9!Sn965|$Fsh_*biPz70kjauybO8GHR{r@G$U}itF<7j6l%>LlEGj> zn=Z&RcvgTBN*J*%hGIBeMAW1-pgg*?DdwnvCHHsYpO#1xS$WgbO7Pe$6j>aKMW^Ha z#pc#LvS6ZDEGwic_KsB9x{vej72EUWkp~-0A%~vBY3k-wa2r{RLzd(vv7gIZ2;3Dc zta7gkuCf|&0I^@gvCjZL*hjq-z8$Lqd_P0~he-00l%q;F=nFaiy+hRO;o%=1&XD(` zV67Cl={`M!Zfg@ChaQStkw4o5`#$|7%_u^s5^AwDOXuq*NIG!F!pf&8(74U1h?R#s z{n5Qjmr#Q<=%sSjVC84e;}kGkuHyzjDKQ36C0+2RR5asPoFIg;(X=SQs`Lz56~6TY zEsQMe4Ho?>-0weym)@;6TBOM(zphD0LIV)~?5$oxzhlfHEEE_16vPFlD=TUHFq+#x$L0R2bl&3}k!bo3|EdKMIUs!=VH+ zL_P64AgI8^#Otp0T6_37n@xcw1mUQAi{h zbLkfZwa_PkUa&!`py44zKh9nreOqebSU=R|89Xs;>R4>+&`VMmNx~~eYIRJwsi={3 zg_nHh|A7Yow*+S<#=k%Yz!CbtFllN30~tR50T~N4cE@pEPP(jC*)G+jpwtmUH%3k0 zc1WrdZC84>XGt|tn6*$Wycta*UZ*bSM~Gn_qoG}x+>>SXx@R-ouM`O!3%~kzvPeDHSonsq~ z{_I?}j+$**^h4Z{v@NE`_?k?T?S(J?Ai|)Y&88JKC0kd9&lkyB`W|4ESmS6kXIQ5>N2(4VeBS2?Bg=f@1!YjY9u#r`c4dbw|OImToqoReYlP@t16{5s%&eS5c^(fs`B0V!< z7Xk@-M{_BLAi&sJ;E5cY%a^9m?ew4WnE1+OzUufITq-ktIuatM($q7q#`J;Wi628jL$|w+p*}x5YfB2)dk53J2t-B-E@UtN{ zd0~#YR1r(l!hE6IE~>A}7q-W?%YoSnB^s zb2mnG%Ve&8Z?xgZVua0WG~u9Cl;=Znve_uu+tD0GvhZzW|3sl@yn-1j&w>Bns$YT zz5wbaESjI2yBX7tj2n6YE5+l;&{Ie6xA(UT+t>NmdvmVbEgrdLeMBh#d-?sR?A_LT zGe}l^s~NDl8TbIWqsQ+1+eB7ZkFTz}UdoIfb@@%~;{v_o;uEiv6hBB}4wP^8=~@}m*_Q>X#WVK9J2-Q)m+h@mYxp&4TQgSDy= zdp-|n->S6qG~6g`ZtWL2dBn>1z+X7zdkBeJ21>Az`MjG~!IkzhOTvzQ5+e3)_IW=d z{J6fkuu8K5aoG)$lZMF6(=ajA#s6A!E)(=t?HUF`(HaZ;9!O2;kseeThYmBx24(tgnZ`#rBk zU{!bzT!!*hdoO2gCFfuJWzj(#nqe}FL4|VVjgDy1!b^XI2nP)l^|DG;$kDR&VpT1t z*gEiftcX;6Ym?UvRHKpo=~)d6x;Nl!46X^|D&|WAL|6p?Uh00g3<*hbXs#hC#3~$B zP1RgrK_N?0On6J;LG?svXDcG$a^#GWjZ2YmLq^uq!EhLp8VKX`HPNYQQjDsTq;48!8L!#1WaDC zj%bj!{|Ql9wK+E8P-`qW@T7mpl1`~5qqF;HpW0}NMTij~?YR_tM-)4>7s@JsJ!uH{ zpcnLOjZfAh8|~OCx;VdUsEifEGkbDZuMd4WDn0l-YUXiO^jHWXuqPSP|Huq$F}vsy z&p8458wxQ01qB!x{(r^E|GNdEOJm&;pmXy+ran?E*CPAb!(#**^L<+_?tm~k9|dFN z!iYd9hT6A>SAqiqq7J6Kv)7!3YkuDQ)kzx6TNq5YaVn&W-Fqs2NR2T#rh2l5nsmC~cZX5h(?lR?f5Bs(Aqd#-d4#{^SthOAKTKvSkSKF`pmP0w@5Bwi-DM`J6UV zc+oEEAHMsAGbeF;&#|4m$71*nRRRw)$Y1a`nW%{Pok;h-$B}6hCv7CIj;?yJKF^w| zReq0z5zJ7qP=R36V`o5$WxZxZA`Yeuidd3iC@rrd5#N3X0nr3s##|4`tr52M>#T^$ z>}D8_9W+x?)t2m9)s^*_5y1NiRxrBk+Y^nE0&5x+2OQXOOSVvc(A8Ohz-mYvXrRg?UNA0onXTaWO5Fz&M7E=%|+V!g^L_QFP)(t_dq@7qI# z4XTW{7e(79hi5ND^bnCX?p)b+IUZWF$J-HxTK&Zpiw*o&MAXYN#p&3`%-ap0QBAO9 zD8QH~SPpT*sTuUf^lC$oMxgm25Cq7 zJ5HKJJ$$7F!5W44*dJkoKpD~)o%Z4xF`t8zJ+@?}~1epAoH=+)E*b%-lwe%zdu3!pSlvaP=2Ld5d({ z-!O>fFBrtZ@?Rl=|Aul-vypfG{k?nI z=l=9y2V-7I18)7Z2BygSC_Np2b5-hASHfXqZCcAyJd8-7b}ix}b7sqLm>}!c03_l< zPKVU2te7Ns>u7#Nb8TsgJiDZ1?Bn_9>0^I-D13ltk?AFos@wkVIY}P9BsTZ@`c6J_ zI?yX&`}f@tI=B{a@$#xgMP`#v6Utk>5OfJ=BQSY327hC9by4g7eTfhV1U*2g=Ycrv z!6!FZyJ$CNLWhh}LLjJ3Q{5~j^Aehz7^tx%szNH5uT93YQZl3DOU=^*p^NtvQ|VqnE~e%rW z-S4%uEv_o2=nR4HF!egBc2v}cZH#?`=Eg_^CL~Jt^-K9ks2WQIOo$6=;mNnPIZZOe zdNW8A1><@;B*iTP!@dNjg-Dfo_NjaeBnc`zU)d2T?WxVl2cZ^Hl5AX@{9|%lUF|B5 zTm!9YNmBdPd0MejKj5Cvnk=lS+>!RNC)vV9%dGn+z9o~=d+;WAj6|^nuvY&0LXr-| z3JcAE(|~V3-keBso3w+NY};ZpH;OZ`~a;;LQPs1JBFPd3NUX5uKd%EQ;Z1OYleS-728ULc5>?4)5r zNo%hX59@4k($-`G&)m4Fj=^o~9Vt3WCP`cTmN&tkB`6GB`I6hVUj~LHj0~$yKLhon z+sKd$#oGy8=|aZ^$9h!3Q57PD_IGi-WXuvV`y{;1$4tkF`xU=vbiC~~1yq469Hu#t zrMN{bY5_WJt+mzrlZwkF?6+s7YQeHYO9Nm+8}082`19IYo$6_u{Dn4BIb;)0un6q? zdqv=>;%P?tkHJGjNd>38USB|d`t`7X`EN3E{&zXZ|CQHe{%>YxmVa%$8Tw0;0%qqo z*hEbd#s-E&GFVubT3!bCx2yz0$#X3o!%(;R6E)w2a;f8!X5F%)xPaP&Uz94ADCPY7 z{%JhD{!Bj#_=O(0)CU0C;=;~ zInKV(53-qza_lM6@{BIunGCJF%{Y$n2aFi;Di3)@>{>nTK8p3-y*+y`^lAfD{}TS7 z{pp@}EGau_Yh>GQ?~m70K!rk5AUTnoLGA=86-om_F%~tm3*q8(lQNVZk}~ zZV{I2YL4(>8im9;?2ih*uilMM|>&DSJAp}rbVUgAPFKi?)WV8D{kNiINGz` z3O|EW)C6P|ZSq2E=^GnCrmPw5m9?Wb7SM<}nudV7>uKYThtWQbJgaHn!Mltjf7%;G z!m%_ALCM+F0sqsJP)5tP^Bavg%#+_z(>$6C+y8v>rpeC3R$JTNy_>d`Zfy@XYt<;IxEZ6jjaJOwG7>mz-3YAY|9lA8 zzt%EZu`5dL&NW$jc?m5&0t?OL#!3k-HBw%`bW*HUK64J1iFzQVfp58wg74|Lluh7q zEJsOCfKoo(hEos;$^_bj(d2?JbW400w4c;(1j)#eYd=Lk>@dH?pBniHEp<^?`E7mF zDyt*3)J3W)@|RQ<&&x~273@EnQ5gh3+5x%&^cScppLm2Uyulbj>|G1bsvi(8%OaaV1F)%PNQIOg0&pj<| z4Tn2}7J^=(4McvMRXNc85km)^pVVE7d}p+Z{K4OX?=C@kTcWV%b;E|;=^jfF0IQ}Q z?~N+=&8(9JShN`}Hz8M9RS-m3kykq@rxPxbr>LmpPVPnJQ zUf22UJ@?%CQ~AL=$L?;?Tkiv?Owj0+^o;?-EU*W%x0(Vt*@8IRaqrCZ<}?!7s{2cj zBD^oscS4c9Ut@YXS_762vK(Gm(%?FI0WESCZ7>Gk%k^hBy@7&KUIl1QPtl>1PaBSG z$%F+LSaK8^CFv>?bw3Y%|L>HgUn1GqhrmQqo1Ia=~;0*JYxk;CVwNb9?aR_X-L zqzsn)gy8}Lgt^|nRTwayCI&I$$Q7YM2zXuB0whdQn1HO5t)P8F*1X!^Opp7}^_cjio~3@Zs~gIaq@~GRzLOUd}7O2Q;L9*#(HJX^|MZVZGVg zpMg)aMjMVG<3%%c8nwn)5&SFw(ioRou+=A->@V0C1$||R4XGpDW~m_}bI%5`TF;C+ z$R-`_J$1i^${-ZWs+s)lXp~w27@N2!e2iBc7`wc+X4$Nhj@be?*BBrGg$Ucy*u#je zsdJS6T^g?fAa66F^rN2NCll*;C(J}GPoBR&vhP0*_tZ$_omG1Ik+g_(5LnPvSZ zTQz36j4*3UkFXHE71`4F42W?nC$Opg*ny^K8c_y`++Pi(mv`fPDjHPA?`vqfl@Qe! z0DFpXvrJ)L!{7hOmlMrjEFvi%mEuvtP#)iE6>J-Y=H-8WOj6L4Jk?L>FN%3NkSZ>Q z-JKMbF%Z?vj#n0T#GK?gc@GOl8dyJq*>w>}LM5g{wyx{%Yd zCkJE~N9)Wxk5LwF7|M~15d;2UG%;dEeKvwn$^ILTUy95EAu$J=I2F)UD8Z^RfY@9% z{KFahIyvm8g}hG{%66n>&e4Nf(yUAEBk3& z!X=q6jsovCs_T8t1OM~=W4RAg<#w&EOgTNEQQ*O(%Y#C!8t-%c=!u^26W`TLO6)Jg z4-=r>`!AgAe}xzPn}rFWM+Km^2Q(*K5JQV3X0N^#C{czeiK~)8P{u(78BzKxjJX^( z3VwADNaHB$NgI_O4HYi`Nl#}sGee*pG9w%ky%t^a{8XYuBG9NOdLtRNB0vqA$8%C3 z(vElhTzTk?`+F3SHVM{I0&f^@gBCM%pK4w+QTA{3mu*N8qmplvbx56Go$V%8e^F- ze=8>%yQ?L+D<-8Uk8O+B)J*GZeE?}h@L9xI8MOv-?(4ERU>PHF-sqG!!3W%hVhH|d zlklD%7e+*w<1&l}K7JrX^uZy-Q2vp`gZZR@8?l(j`U6}6J{EP6LJSjnDT^FoXwjo7 zbp(HIl*-RN+VDnS&c<*lIi#6SvV)GMH(cG3Cpd-i`@5PB4e9E>pqm)j%F5 zHs@(|Wkhr{`ypk5IKqN~orZE&tip1b!WdIiK=a@97gKoI;ugdS0e*p}^bH4?^I|^L!=V zlp$!hYbGBP_ptQkWY+6L?uleVJkgpZb87e}nKxTbQsAG|Tb3p=Or2(=65gVlkXF6c%*STnZ86CdL2i^H2JO3=s3^ z!?AX0xTlB`$W+f(N%J^;TUD8B zSfg)<+MSZlS&tX5ozNhw2M`r8H;W5xM}%dkG!_&C^kuE7V)$btI&cAd0P&D@AzYOI zRFlO3`xpzKFUsnAVvo<@2RyJ*mG7f#++!8|SZ+sb@$0i=%T}>>;)d;6EaUo+>a9uW zsbR%nl$+7}UC&Fl>$dI}q-Erj-``M!<1eTI=+*uID0{~!$+|D=H*MRtZCBcMrL)qu zZM)L8ZQHhOtI{{0?tbs>9$okCf5)dY_LmbQPQ;A0_MYoE{}%vpt$zr1-v7bQyh<5n zk!Uw!mqz2^&OCL-K+hPc*Q4OLeAvE5WC9Gxv6FuD52OfBF${R z<`hHI8bp!2iu?D>N{ZARx!G*S1cj#ec-rIgmhpx#IW5cm3VQLu;R1G4}+su!3)|BVm^Hq8VWX%Sl zcLVFei`P6jkV#&4w&va?M0uUyxBoK;^Wdhb$Se{U92WR6n=~Yuwi-5GM?$_gQyXsd z6^%dY^#|;rR)6)Ki-NkQJsehD9t&NG;Mcl%56Cia>X;R_j2EAe8St zRrfInnBo;ljaBu2y2q&@3|4i?=)@d#+k2*1bFDo|eYy*cj(;{ZjW*NijM-``8r2zZ z!;OJw0k9?O$YxC?oJ2^HgO_*t4&0Fa%YPW2_jCp>O-y&X-AO;8(BZqZTv*({byfu- zV_e`@u98r%avQULKTL~BjAJ;0F=mr|5n`bFUVB} zB-Vx|;S9lS`&lO5D~U|V^;hJyDWBHW(0tmT+pv5o`0e# zpA(HZY%SkR9)=NGvKsVXdoU%iZajaxvH6S-e;=zHALdu{PPt46U&hs_cx->qRJVR1 zNsL))8X1#*jo*5*Nkxo8xdWvQlHj}w6Tz(&$qvUOLC2$v0oUY)3g7@B7FBLpRKVK8 zxC#<9NBg&@fWlypP3`%OQ&?DT0^^MVnW%RfOai>>1z^qtd?ZWs&}bFAGeEk33~A)R z0fVZp6#~XKA-T4^SYFYJe6j|QuPHfG0e)(EQ{s;i2Zr33M_`!Zu<~>264ubryk`+b zwl*W%NVtYk?hIoLpD_?|b6hd%_&dDP(A`k^SkToV>~oSOb{S0m_#-$Edn~hKGwS-B zJR=#1`E^Uv_I0ZU`6YUla%G@&Fc|O!J=XObT|*(*=FTFAGQi4VDf&3E&q5%*{$?Zd zNI4Ao1k}wN4xNpsx|JaMzT+h=R&z8=(;DTs=A|B?p=GN zI8+G@j>PkK!$ew(_8_re_(ePlV1JV%&cDhL`@c>y_^l3|6bCB|_Lj9kBtWU+(?(f!(fQ3Dz8TFNDK<&)=Lqo$-5xKXN5xYq#Y2Q<)OY zwPvnvmYuBgND=g?;h2kpt<5kyprFFD3cmn$2mLbd)orQ>*9#BHBLij?%L z2ngC_T;)lA>syhwjjzYf%Po^-@apd(b`))sym7rQG9%r$J%BzDkS8R5FKxsb&bxh2 z6C1d+e8nNE_15E0mmhuO45l&P7T(ImRA>f3g$U>>sZ_Ok@or+&*sBc`&{aY06sw^A zoXtdr@z7HOd;Nb@OjTqs2!GXfj1{qMhjvc*HW|& z9(J~BcEnpO92T;|iX}8X;r@P;lZ~;KpXA%)Aae#`vQ*Jc*aY$i8q;0dc;1t#zmUSF zD%>F|-ji`sEkOgus?yg{59=~i$ie|Fw8sO{5Syq9AudN~+}cvjOD_Ky3v=ymF=ySD zc2mbwez9KjUN976Yfyp6nE|U5fF(n9T{(w%+m)f!DeCFAnGj1?2Uc<*1}vqNb+p$F ze1tt5!2+T&!P|`u15UKGm;{Wj4KT>}9!0RBSO)-BjtY!Um_(K8Po>vzQ3cTQl)$)y z{cAI)sc)bv@zZ{29h@L5PAy_OTu)=nb<8GrJ(4WF#^W;?hAO*QV}U0EPRxO zNKv(b{`1+<;#)meP3c$k_Gp|G@YsscpO*c0SP;>e9IDQTqwYT+57&#Go-p#YzIj$c z-lXW4jfetb;JEqNL|BH|iGy;Wi*eQs!VN-{sLhWJ-Erw)+Z=>DeSF#qXv=w5VYZ0r zTlV=MaBRd*2!3zQQNM7x?xM;ZOdhd4@iXCNXH=bc*I3M-yBFA`@h9&r6{4mhCbfAr zHdKI}`Dlal-}dBGX~)sG6=g=5)+S(Gg!X-Z%$%`LX0!-;8%%EaLI)`tNV;_Gqxf&9 z1C}$$Ekz)Vs%LTq5D#7sLmS%`oCISNvHjv6hqN;A$dAJk_|aM;1M5ww;8U?tC#IhUgjwb!rh-iIv%B`*kvp3Fi&p+gt{dpOCt+}qrGhLQLCmd`F^b^E>k=Bpd z9mdK0x{$hYp>RU5=^9L5WV?_&_uq2ol`ER1)1a*nE9Xcg`hy5Wn^C=VOP1dCk~Oi{ zU3c8>iYK@k3>y3&r2Z;cj)*i*X1nx;)C#tTv6wPis6|vgIevM5(}Hy2zm-8~U9if8O*w6= zovLc#+ndDJ6HLYXne%DReOqRy2c7VXp1 zwypAvFsGT;OdRF;3Wra3J$YZjl;x{S+#zk!6sk!Oi;buks1vp4T{+dsXNa3oa@e#5 ze@x3ifb8%*JX$3m__0*<@k8*s_eTxZ&-mayfm=P&O`EfNq%;UF^u`!rv0v%NQvFt_ z)A;gl;6AjZ{(x2-3Q|EQR$1$A*cIREMtKMD>hdYIsV9LhAk2IV_=tFj_h$WLKCy24 z^D_mDo#1^@*}__ImV#6H7$k8g4M;(>v4|@~IbeWqFRDZ}ehM*O$ht=tViIz0q|j;@ zdLfJ2X%DOfDSydU(5~F3fdqV~wS0+VQt(F+<^BeiQ}C%mC=teX!$MIcoTO6;US*c7 zN34{9QecN742czN`8dlWlCNS;X(}L>Fkneia~0uCass}7Iqag8U22M2?gU{go2TQ`G4VO{T@B$LiqR5VdFE!sN9q}XclMJQ%5E< zhUZ^t)nqeo&(~vcxHyTvwZ-%+h-0hu9%UIVVwF ze>Lu}0gv0PE*}u7kWnseM?Bgm;8C8(?=PCOWky~XkBc_HsYz zwpvWFaJ5aTFTKqnuWN&(B>L|_5nhOnEGnofF@)_ zR)HV06ZX=8#%;ielAp#&e4b@%2TrfvTrbYc@<2IA3MV3tlAwHU8z6CfuJBB}+>cQiw=nh0$mapUC#mI;+&*3-Eekd% z!1UUi91tR`(Y3Pwicmn?Tq#xs9#wD)PRsN2kWn#*1mxsuUfP6emEMK=sQeUe{a?%(qK_eN{_K zwiHv~>YUX_HM?!FpnQ_#D~1_DdLm*GG^@+YX~>l#G7Oe=5K z)N6pP_vS;p)jEil5Zm>dh8tJ#JW^lnT26q{d~SkVf>aRyMlY=5<{oawMNqO?n|r0E zvuzzZWtE`akIeT&pi36pgB&k%QgRVk3uyl#r2zI)^_>8|+!izHMmci`I&OV^ZAfqXj^_&4!QE<_-G}JIQBr zpr`_EDNbZa&+t@}hN6xHFozrXILe7?hpnj3FE_9Dj_#>ZQ}omRsa0z*RB|;{SS=nc zZWrt2Whrv#38&^fb78VfD9Fkv(r)OX+12azj!1A-Hjr~8$Rxp0xYLu{pM3oTmx_n14 zsFj|{Mx+l z9<=LKMP}hqGbsjWv1iDySggeB&hTSX*(RKA-i_hIyvfUf1z)buf`STuUKml^HIkxR zX4r9ZNV)S1@VXP{Z#*~VZxrNz+sgg+x&6yYl>bCxf6wgwdn7hia{un*Y-1*i6`MHi zv%UgK@UklXigt%{UBoxmKt&Q^G<;9kyVlg+@yMA2M>6bMC@i73eRb!Ou|AZE>vG^C z{YKLjxgd<@7xgXa%Ww1agY@pZ$w@ZeIX;s9$Je`Kd%L&$qqYo;<5JbpZc4$MyI+|$ zW2Xu2+2!vtoLNUHF9zu;KH}!_8Qz&*7}CE2e851I5_1$A<8<6=JFq-o$_AkB@dM*= z0{&b#FC;P0?YL3a^%nb;ZOF&#b;hsR5nhU0*3>X_dX4ETD%MuxWOdcwM=Y!wamZqJ zo5_#Tz+y~>3}a5$_pR@0V9^#qljBvCWZA@Ix)lh75nJVK^9|ughtzv?>}ueGgO$C$ z9T*=_5$5Zbs*FCLw^!0^nbXO|h=nqdz?eN2;n+JiU|Ubps6_VFCXYF&O^m8zqVNxN z!sQX3LVzh<0Qqr@npy?jaw9MC+bcUH4r%SONR?;7s!d`x)iB@;!8t>OTC50`iIl?Y zm3s%xCDQ=(yBM<6&m=suxoVIfA{TW3mLt!8W%5EVkQEJ3U#Fn)Y)Izn2f!ti$HoNQ zgGLxg%)b^B4PeyLXD>no5QN2xwzW!#t4^ z7Kw%RU|>woZ&^L~FnVA#PBO~=I+2nhKr@voxI*HY7;9^ziSEFEspCNS+}ip%noLw) zxsV*h7-)6Hm45~?TxGV;DiFEYcS4Xq%Ns!>QJl|E@`^TX@?(y`ML^;pK)r8DJmZk{ zN2pW8+)e@OE~=!~9RQ5YAJT8Stu;>9oZD8!=J344)2C;=@rT(a+~VYU$QB_*wdQC= z;XVPz;fNEte@22%bAm>Gky|grR$!Khrda6+0Ci3fqX$Ty0-J&>1veKgjkhiBGQ!u><2GE*8Fw2#gN*?yTT{Pa{=W5TGE z>y`67Hz&Rf^$AjwUkmvrE@JcSPeIy#V`Yjn*+f+iSHUy1HsAsKxZ1tw-j9=Lk8m|W zbsF5kkNw#b&Dmc82q8700ZFn7n?!px<%<;bQ4!TMYw-vVW4YM*sj*oVVy}fRzkHU| zng{N0Pi?bgM6-*F_p?}WTL(9fC3>vOOkVD+9onc)yL2p@$J13l-#==N>^t_`P&<;5rG3r?l7kUgsJp&BfV*sN@c9)_ox+LK88mh zMpA!AT33Yw>wBecLnof68?b$;cKU6f8#mf3d-=6-(1J&tt8l8*T0@TxURFDGS#2?W zfybDm2mYnHVfrsI-2Yc64cmWm(tOYO{M+k)cH(}Iy_@4mzzkjAqdbDJ7Ak%q|HfhK zZ4TNwsA(q)iG|T8TIDzb{76z({7}BaY}FLkKOpNBm2X57 zj*7-9XwD%mj4hncCtMbkgIq_q^=gN~2Itb!_+FN7LbM|h&k6VeS?WcI45 zqwo~bQ@JXFS0B1W5mu;__8VDi&CT*pEObvKS7}-I!@0x&ZEF%1O zR8os`8OiIf60I~vz@qE_ZMaiONiFm|z(tKkd_YoBf>|*XJ`+q6CWFZn--jcf>aeTT ze_C?q%2jDy0&HyjgxdvIUI$lRgX*hkqew{9 z{vaG53s7bbyaEdBd>f7c-b0jO`i_Sz}uTyAfOvq^@Fm!h4|5=Jpt(6z$BsF zI=?btQ=@8oNMp)!{{h9(q+gl`W&W%%DCYw8Qp9SgVUj5#Asx8dKeaEOuD@QKA>Nwt zyK$V~mcRWmA>Wh&IE}s>-ODGnkhk?~mu$G_VK*($ZhXG4kK5*T{N1#?V8ymWcy5r^ zesicdBF{(j(Hk=DnEgRJ)F+?!7qy+1B|LD~)|b!6^N?1AI0ySs#c)X44U{ILT9g=h z7Bt^3O5y!{;~0i!)0QZZDKfc{fr_uCH%KeN5fL@r2eA^e!=x!K=r_8=UvJ7O`dT9}>McGVE^nusyM)>S zpX@36U!OPogzxAMOlZ8>F(Ptu_|TF5HZ-z<^|k5|MTWIVQ^N+d8PS819QYB9wp?h` zyPh;leW&UbfolRDPA3hb%wjG8)NT8rzf}xqU$w(?r9I204c&SA9$dlZ`^O({78HPWEp~; zXtKF{$Wu8w(7I>~cMuDEftoSvJd~;(@)6+Xw?ec!C4AKaQ~}%^*uT8|5j8W=E(=Pu5QxU?c(S%_0dolc@!|q`Yutgs;jGcKHbDpka>Z2 zG~*{yBy)YKyAzxtMkH?`5>HjnWY?W|Ks5yZi^+%Ezn?@+Ato^Cr2&$+Yo=H6wGGiC zs%zD)Ty?p#Gb@+xR~_pzE0Y%o+zvE0U^(B!s01K zDw2v>Sm>&$P^n-F@+%IF; zlird%%T0)KUM)dQR?UQjJz$6s=Hi41xq&n;9N1E;wj{F(6Y)yw$V*E^_QF(4@(3r9>z0h4-4UP2B@(X8^6Q}eSpz#v`Ak4fhfsi`Fh8Tyk*d63z8x7OR;gKQI zgQYD?4N;^NoWT@pB{tx@1OlP$aIk8dQ9#fuyqUu%h1hi3Zn-Y7uC?g!M9JH1x6DZF zySxq&k|LG#=s=(2;-d7pGue!rbzEZ$HZ!kE{ygO3sdFVou~I1>0jWSv+o+BUgQAq} zpAuXH_gV`<>Nho=4~foL0s(jJktoT#HGMyIXE-~#>PMOIw&~s+IIF17pxMiet8OYk zHP?x18Z>H6U0kNeLcaws4p_JHGL=l_)R2dejx+JwvN-~ics64OCkitOrwbcvi(Y{5 z;~=3S$4NsUdm0%tlOwEADgYFQfG%U3n+0I^2ZyjtIVIpM#vmN zyRxk>#e;;uktmtJEx!Nl=g-K%_^%%;ss9^^vh!T+A`T>Pa%##O57i4pLVi8T%@hH| z-+-|aa8=c~S>($LPlS?zGA&v7XTyU1%hBaT`YuhcQ%shEuPwk=k~9A z+3g~qRUKJJtm-5(s%r zRrW&Fuejyw4l(cToQCL@d>wT^VND*Ri30y|-n*92-Zj2fIHYHuqa>Hk6BOo(@I@V_Xk)d4lTGMu$#sL7f5`9l*8%+1lPa*W^hEQQ&L^)0f%(s$wX7k z!pk>Y#trZ5~C{-=j3zp}Cwk{KK! z^UVwZ(=tL%r-C)u)>{NmRPgd&45rX4aE^3G;VN69>RYpo4JS|MW|y~L>Lic@V_(%6 zuT9E|WGLaHYDzK8FBn`(ceFGnK@$bXjJhf^%oh~KSeiRqx$-Z|`W^?s;0K3n0=xdg zf;Lz#Fd$dCAy>Bw1!U;hH8hw}7{tkR{PflIWSshyAVd3Um0alMsGwUloUh^aQ_L+z z6$+V@>nJ+*_0OkAm-<13;;h*;}bN0sH{L}1|H|Fseb7h2LDCViR{-q`AwXA%M z;zBknvBYCiOtK6;6|9@~Af*#&f)KfEjxEIB{5ht{j39&%Ur##~AQAK1LK*V6a zrj2HIT%&WE5-Y(=-yKu(qT;E>JT8X+Q93sOb#ktsc_jb z-1pi7h3gXtXy!wyAlSrwAYs0Di!LFty9~5#@3Cq&*&;6!118T7xi>Zq+WSrayU(`Y zlRlQ&J=gu0PqIF5nn2>|Qbq)>o)qzHp1_1?((#oG0=QvBN*1A4o$y&m6#Q3x6;zgxC!S_Cx z2~217#tS0HPP1-K(It7&mKvx&RM_HLkz-0TC<>^|kCg2bmE&WFDfTZni7u7!8rQdW zjM-bC+&(SU;8SB8X&2o%Mtgg^wc1Pl=(@-Ccg?Tf%5-Dv#dV(mYyLy;4!2G7^ju$# z0(Xp1iOoo94eUBH*Ie0r*sKY+&10sKf?isaZAt@zRnV+g9p}FvH6y_^{AZJE(hd0d~B`DD8E z8litIntK=2cXe@@xTB4hRFO&y@WL-}pQ93Khb{SIYsOcanfopyE?-4Xk)obU4@Jv( zJuAyDFO7iD<@nGwG}h@vglB5QHmhLsoSbaLgtLoOG=|Tf@8rk`7cEmY4vhgHXD66w z;Dv@mvgofA@{9IJkLmjLLdnen_l+=3L?vff^oOUAd4|g51FCcx*UZB zoL_I?1MwEi{45RMvtC&LSvrjJNF+F?g)=&~{sDB&8c6a;)RzR2$Fmz#pi=@%qFG@$ zAC3;);Me)SF3%&ubW-WO#F_w@hw`kb`{K63Z{7zz>+2jPLmz#xg&Etb?{X#f;d1@9 zzcKpfmbVLyT6S&Ms;-~g3YRLL?w5f_h>4kFTs-cUS$vT&+llxS#}XpTdI<#e#NN{x zOPqrscfhxGDz(9q5GxE|Rd}XnO@V{Jv=4mtCh+Z#Ey*#4M*Vhf_j3Q@N&4ty4aSCc zObm$EiWGHYz~^v_2WQLKvhw!U^cglLZgzKdokcEAp^07lk9A5h4LDFAq%nmHwydTU zGKm*TCJm)6agdd6>6cGIWWLZ~*j;o*>-?mC;fFeT%>iW8)w;xXC zY1`9yWeZ&@CY8mn5&C#hBo`#RDZR~e138-wmpj!@Iici$-D`6U1DA!8{yyQ-OFQgH zaocYxz1#fXZ$Ff4r`qy*ukA^i+t-J)1rH@*JZ6~fvEaLEMfW|R1C4sXQPwkNT-oZz ztWLdKWsna93{0 zNw}d%gkw~kRA)7vU=2tWZH)>dJg`@jUTtTKZWHh9{^R}GsV*~ldKY-c2K!M-pveFmdoyIp{+B)U|=6V z2n0&!U1!1_Y0aH4dQj%PjWohoTz*0aNOSC$7U?ffeXE*ovtCJm5;d9@A4{;#m9&!i zs4yQx`h1cnPqveva9r#GpJq0KpN;NzJY4m!ur(-F3);&agO`rnqhvT_-;-a|;C|tv z4|Mc=KS?k#N3JwGH~6{rouVQe7@dD=kpN-(*8~#aS|O{O0qe|_j~F8yq^dGXp*H#5 zID+>61~MdUx3f_VK@s34ra{7JRmz_;7-9Ia4Fg|C6Z&&ES6f8kcs1=0z6f<&4~8}O zkU2VBL(47PnC!;xP498JwGy3ff7#&!DlxG?DLu@cf8sV(ZsU%;8fK~>5C4rQ=1fOM zKx8Cf!Cd6vaHlfGdbmV9T$DUvh~7+M35AlvJh;4N>MJYtYY)cAX7y|caAgIr9~5hc z=Vok7^)_#1qmi8iZt@Ze#>A@VT$(?qg;|PdlG!FmjIm~lD@8kJb=sN!#_e8t$rDkDAb^0akmZTAEujOse}fNV@S3Iy(h- z2fbzbwyiLjAH4}0(`QsBd9M8jyKy!9hN6|Av5O{;Tbs^QyTr5;ixw2|Hqed3haWxNk-wP%uPB z<;Pn?Y@PA0pYI@asJ>%c@$_kyHDwnRr8O6QNM?iu(YNWn!N8S##zFw9&kUX`7DINh z_`oWhY&3%2tya7Erz78KEu*;cYz;Rdtbeg^y8Q=?V)(q@lPQlzgLdCi8yN1Q;^P5rSJ zyh<|YszY1-MV+ddLSuP1IDbNfX)6hB@uy}E52|(!31;|E?RPqXU|h{X54ICTU^6wu z&;rJK5B9UVHI^Wlej|{~C%b|LQ?Wskt zP5AAHyJ||Vm5!%ek~H2O6*v*5Z-pm`KFjbPL%^5{h$xev99Ww2GkNBX+2cnz&mRYAu z{&<5$yjth_`X|0w%AwP|jmA4TsVQhnfYTo^3`<^5m)qkT-f?X*1Y{2XL#(3KW8Eczc&c>Y7*15gC5TV_HG7}1bJ-^rAMEgaeX==O#1MW+#cp$hl{wXw47 zSo;2q8AVFJO(|`m&?@rTfbe%YNxK4^9n+a9%m482zwmT_wOtAtT1`cm-|Dj-N*Q2{ zLVzuA$RVY$di<6;#G$~aeStBMLg1@@vXbIUv8=`%4{&^KS-E^5495#W?w()NYu7gc%_gM)@Zq#v|GEfp7cJbrjH^2zmweOA z{XU-tn?V5246u6G1sce-3DpG!V`(m>K-7GCE$FeI6|w$N$xo&{D_Y!1?36x#1FUj^ zRHN6x|2>rlc*WtbT+DDIMHV%?!Vvd#GRlz#&SOidavnmjD&DRda-elPs2uR(-b6tk zu-JjOfW9xm`IvGxA1vmq8%?Y-GQtWnS^Ea58y0K*w}0aQA3yv5rqg#=XG8ez^moLk z1{iz?j}>YUS8fYbNgroMjaVu~$gN4Wk`f)?uiq$`FqMM8k!~VDf;aju+v|hz{$9rZ zUMHQ|53=;3-&t5x<76%ql>hig5z;4Cjt{t0$VSzC4$Fs~-19QzUdIpLKiSqd`1ul% zkKM|I?}(GsIefH_%I#nKpWie-t8ilO+_Ea~?}Y40ISX~k@I3+~uD7!SDg8(7EhaN< zFPvxJ-bHFKkNBB-DP5noofrMh&Tsim_P4Hi6)wh%|nqFz!D-FiIl^H0Q}9p*W*j z)(!l6(-81IH4w(ocwFXdQ2kNGPia|YY-LT8(pSEnc@`@E6RNA5V5EJa2Tc@Y+jTEI zK7ZP11r8rxOIy^@+1X$AesaEeagMXS&?JK(bQAqz5t^0GaU}JrB@t*yG6;r{Yq6Hd zp}~XbspDB_bz^npHroL#iZOuU>@Q4qG87kOgN^4thF@V30%b5_9->3Vz3+htYxIuc z!B9?}X)S{vYA3K+xcAJYr3#`~i}5*bPPdZS{>k3PL5*%!DlB}JMsVNLAQY)@sT8T- z{>((?;@biQA`FGtHu}?08caPcT@RaBMGZ%m7P`a`LvYAmuFX0yqBvQIt6`hD58xG& zejQ;(;oyMBh2hgGF6DkXpo-PIC8CyCq&HwGQeLaVn(qn1S`syhh)E5Z7$etfc&r?E znDNJ$!>(fjzmtL~DAA&VG=bw{Z%7;L+yGQnfai_n+fQN`fFEw#!G6)2%7VGw@HQ59 zEF9f5)x~PZ{iiZ+*}`|j2Xz+kb%Ry5Z}c~5KK_T=A8#z!LoT!B*a?qMBxaD3}f2`s0D>6u*|q#3C!=m#TxHxl363S=gtIb zbH$DReu#rnOiqRcVVzN62)HM{KZ&&g0<=y02jwmox|T39Xq~TPSZ7Ik0ktxCwYpK= zOeI~7`c|7QQ};;eX}frnbfakG_ z^w(WWbASrD|4ITrBptt6NjdSNaZI%7I{fyMb|EZ@d_21AOcXs2nrn1n9Mta2PGgwu zdNxk6AD)-{M6|!h-0@8wzc{9+z(W8D4(ZmrbdsEZ%>TFxVK!2YH3Lo7V$*u)@;tnV z-s(2QDR8-1wqEq7+&|&^)}mp&?cqK^N)Widk(xDv^%;0@`uU=g0F{HD!cFjuuEm7) zm6H>Ot0bo&Dj-dUq&e4wsC@tEO3PPw@?k9LRPy9}I|GH2Ql zVw4aU_K(|l+WF(p5z7N;jz^;OR9fysWP;{T5X-3`n87lO1LoQQ=N>}nobwJvb6RDe zq2ij-rXnJ-_&8}&3&zp!wD3pp&q3ZyDSw!a6+GZY%9CSQ=>;%Ya*Jk0MK9(7XLz@& z*Ug|-4Gr`RM<2$q<|reDZ~5j;SQJVit|Y?dRPOUr z%QHk?I_NYE?}F0&qgI^16vRtm9(rsm&IKE6xR_f+S5YF`-{R0Q3&sV}Pvr)Kiz`C+ zqq#0AO;)VXmtL%JtC~E8agq#wte7QN3`_TQzaT@S3Y;7|lO`@s&v(XU1h6rBrRo85 zG5~$hKApaK(CgNLJ%^{-MS^ysA>pBJi&P{pgEwM}lyR!k-AlF1zgS^CHp#)2gcqD# zWRdu>V=Jb4RRCNc;`mdn6WTxjdO*Ql&bp4I(0KmKMch&fjP%C@tJsUuAQ zl2^WzsrZ45Aun@!LVd(0Fj4b`6;ajXMDq9k0w!c>Zu$PK331B_BJY+;^2_ub8?!A= z_+(y}@u!xbAlon-J8{DC#}~=Isu9o*FD)C@tCL^uK4V!6aFOT4a6t#@Mcx=FdtZ+L zw*yFI&0_R^4&UkoZ|{< zVrdzPU#bX`D>_ETf3Q(Nz_?fNe!qKNCH?R>jv(I?aWAfFlPjabOJ_pNA{{1}J&_b#F!R%GANMbl-|%1Z^c@V42rN99Ii6?*iCI8_VVPG9 zPzx$7k`H7)MhoYr{euck6TZ?g7nEb(KcQZ{cr_PG6ev%;L=q{EXlWn3$+Q;(1D8vt zaHiQ?;*2Y*AvuDFEINf+BR#hQSEG-{sw%=*-z1DHIz+&P6K2*MVZ&<&n-D8`rX#F^ z%=8=xQO4-h@7bujR%4A^q#s&_dL}HtyxH4JgSKxA)9Vs zR1w@y9p$DcAxK&qZ1`((6FO5r!Fi5ZuG86k=;C2w(sU$6N!zr{3WeF-( zN=6$PG{L+Al`jEJgZiSA#TakJCa}*OC6P|mU7;oe%EC9&S3V!sEQ}Fe7-|oL5@~`2 zn2p0;9}fb3eM+-dZ_Um?Kr}0(UL8DqUdtFyF37mDN0m;1q8&F8*U@YBWp|y{!+_4HvER%Ysl#>Y_Mabb8O1#v$ zs&>?zf=vi5l4~_%TEwis?P>xzJ?}j%-XJ;eC%6rv8YqG}s2VzY$o`vc6f+gaqT24C z`RVQ*OU9YW+sDggdR;!;t+}mY5uT%eSA*8 zzUm6H2;PUtXL$(>vc9@y)iQ&>*QkT|+BTZSsI)YCG*-!iWMn>CLmzAr$=LasE44+l z+BK7A6`W8@A8GdEc@y1yREw&Me!vYJ+)U8aj=J#@y6|KO+CaCY%kFp@Sa6aaQTXR4 zvp-b?L>UbMM|cqgTpy=@fNk^+g|t;f)>BZ+T{FtMzwMfuQ)4xpkXhZW^9DMX`ePkI z#*+%~ahG|ufR&B!nrdznYKax9xmM6Wmn#3?<>Ih^B_En4syVkw$p>o52dw-X)j}6g zW3>=3#BGRKecE%-x2e)i7P{}$P#<9mA3DJHQyn8{ez=bygC9+FSA!QVyhFHVKmQ4QDUri&Xi-^B%S?B#?a`*uc<@w}+OaakU4v)J|8O{lIb zSkndA+ZL|(Q?RCrNL>xFq8wsL1>~H{KY)QfRs}72D%zP6T51}x!tB-@KWM((3n6QH zaZAUqtrPI93Cc;!udVX?jUKDL5oG9ITA}{4wtiaf1Bh6J@x3!;ZRFr+Z>(?i&y|gV zITQyA!(X;pzkRX)dZ3{C_V=(dg7f2@UPskBqKzn9ae%y|BG=GjWmSrP%IT&(LO{z?SdD0iO z4^#)#!oipZb(?)ccDA+^%eqB_F0D$3ZM&o)oID?cVBq>kGFs2)$?8R>kNIYDv*fAf z(yx9B6Xk*JVtlYs$D3#0TuOo8*_w*L!8CZ_+g-pK24CPn${bRkUU-k<1x!3oRNg?gjjm5HoF%$Hy5a^p$Tl!6P%VM@_w$Ai zyB-OovXAd;?}JC1j+UT2v8XL3lSCFwjOtV%qVY3SSj(8o4wo=KMREcw69lVvz@p*? zeE&6$g&*Zq_kGZ%k~Ys9`4eBovnf;uC`YFw#0c{}i>DYL6!Wz;m%kHAg+x5=|H>?O zBZaW!xfVE6!CHTir_zuFZUbn*G*LwQIWJ8C?)O7R933JLgjjM1!ldmKh@A`=t(L_J zT$`1{K@K}wlFp-6TwR2rIkm_OUW57-B*OeetzKKUyZiRi326mR3atrbaTJ~GymsJre2XoRjtf&JAmW2k}N{W4( zHT2)wD|&hrg6xLv#tkPY7#$N>xzsT@%^g+lpk`|s6kCKN)cwtmWSul_MrJ~I>BWN6 zcuV}{H3IcXHZbeKPI@4kCo$d}9Z>+|V{pclL>MHxJaHd?BH@Bx%0RxjKfei$+6YJH ziwO^J^e|*3)pj0$1=lmuYH`}qb7G9i(6d33mn0ThBlFzux8{CS07^>I>}wtdQ~8^x zC_pJi^1aYem7s^ck(NhSX$!f1HlQ`$Idp}M_Z4(#-lrI(4gH|~>DW4?K2UFw+y!%U z9Z`o4js6Atc@%LrS<{w`9ph=3Mek*(v4yCgS^s8}U~M5Jxcmh_D($HBH~nG!oBlAe z{mVsCqxv^2LG&M3!i830s(bzOIB_ZNa;c$G&aKfLOupW#K2$If68BfvHW6o|UL}?= zzQCOMV`lv^ck@qCYe?ea%;o;6a&|=|xlY7j7@JVraH!KTm1rvZ(VH|+X>X|@*}KDI zPfq$dV*Q_UKfg^Gc1>v$*JFPBJg77;$@bD2Q|K>sID8*mty4a9*KaQ@)8QSSJIc0H z^K$*onF;#G*Ki?xk+ue)!qn!er287j`{bhENrTA@RGq}n=Nim;k^N4RV42(86`Iib zI8u7b7?{7XWs_ZNSyy5zxx^16nas*TpLNd_s(qZ}@a&S`?U$sYWZRDO`RT^mKX;5A zzYl*htG8X0rsLty8{g%N+Pd5g7mzt4aUeliAA&K&DQ3S!u9g6E8Onj}q&h1gxWHh; zN%;#U$*D2a>q+Q`R*C4ZBSiSJjOOq3aX4P%Y3pyPbkQ8sfqG#c$B^>%5r3t*?rbT* zmEpCzLK#r11!I_%&UZk9%yT|!s$p0-H+Y>TXe&~ZFor9UZbn$CX(crTa~;9w#X9=C zo18(_f;ZBtFoK$y!i;fU8%-G&ez~$=;6KgkUMD4xCN4#1955jg zN)%72mq3LW=SiO$Teoz_XVOTPO!kC#v3m{?@|}f>uql#e;3$f0@6OY-&m;Zix<2=T zd6x@}_O2HZ1tw+nr@L6PB*2s;vncpGQ0YQ&;C)-s_#ID?I1nI!-Ov(gZtjb9|M$7h z)mMNn{ab%Os=rms5fg&b>!^%VrH)MaUE8aoO310_yE^t#_Mm}3^jIY+6lBcHQT$G9 zVeB7bMnD83{k*^*e8{wheS{pO3X1Zy@6eSkhzJ?x=kR&a4au5TXJ<9wcyVXEtPuU1 zg`z6}!7BFXY?@$!55ZXNasFG)wtt?vU0vuO5^uI`&T+cRI@rsd@-TiMeg~RYaWDNQ zhZcmDY!W_WntVDQl7}uM%7Q@%VIi(1In?~+vP-!Sr5?>xZg5me56~F`r~n>!iLB7~^w3s~r^UsxyxO<#jtN*=3Bo^tKp zKZ}s6LyqrGQBJOw&omAXmh068m7Y2NdHYE#OSuEiW?Rj6`$>&;R4C*F>Z+*< zKqzZ3Xy2z)Qw0uD< zld!nong|i7P8iL%dyu}i>SqqaOc{{s$fh|vv$e6$@q=K)H!Uy#c)7s^$6azWBC+U+)1g(VVYj-vXhI#@Cd5A!fVK4hG^-oQUuhdjc}DVS}1 zXjcGkiBQskDih%I)gsq*a$mp02jGFiCh>0q_t(KA#{YAW{XcJ6RjRLk1GZ7V0o$*% zii@`MZ+D?7B(h{|0bxp|(&2L$ZWmOR7(HS4&klishLl#8vAQQkDGtr^%{CGBKA0vp z+#dZ?=j@XI4`uHdBR3FS)XdMkjV%a=BJ>mmH=>A^nsOa2hzA8!)V`$QrIuXtF$@i}%_eXS$O zhcPcitr>S5ovGu||K-R&^5Qij1wQLrt^R|>mhTTV&*l5lZVFa5So1OIzsL(m=`Xep zH|hO>C>piQ?)B#4A3|1%NpT;$7U^z=D`}s*<$2mk5Aq7IJOUW#d2k5o;v3dVEp^+P zAA&&UKPrf}7jI;4(C8TjI2!Uv>x`i!gw%viXUkTa$hs}vof52aWseW@v|2UaB~$wQ z(tV%nlNnX1&EU1|I6AaAh5FOIG**O)lc%U9w!-BIHT4RUF=>u*p8M#j=-9!`S_o_2 zoq1JRB(=m4^gN({B#Y@Us_p(HCT4|lnz<%qMTR!eBx#Efm1)$m8*_g|U4snkQN2A_ zxY=aKZHp5FILMVtP}1iWzVOc4rKP=2-)SHZ+;HlcnO@u5z3e@8bC#wZO175&vAP_u z*LUm17^lnHI9eq!8Wl?fM~e=fWQWw&l#xF>aZET!(2Z7J-POiV6V$aZ(1MA<9Ld?_ zqzeqbVJM7jj5T3&ReQ;am3#~Uv*_qqlqB^hVmD?bnZIktM93T0Hsj_QVFHeFlm9dy zrC29>JAC-YYN)8AJ>Tx-zHqdyv}db47(o*#?e#Oq6stGmydT9+wZ|c~M>ePC2Buy@ zU7%XJtIA-xtiUBJ1R*wrt81F{BTYow$VoiB|h-~Z;FTGQG@n=2`7aDz!G z>mX3eDO(F_p$c6|6`dV0hIT*mob8Iz1xcryoOyOri?XA#2MY(J-K);5_~Xy~iagYB zktWxv!i6RxEJj@quBXdW%7oSJK@4j4OXbe3o=lq8n?J=v^>E~KbK~UP{3foM_n_Hb z=VJ_3Ch15b&+PUEb$(63i_gNiUSU{BcP}+ScO4?sO@J6kkk;fm? zgf<4pYI)s&NUortkoV_Ir@!H+*8CHj1JNunro^Rl$+0?!B808m}w)DhQ>pp z06d-Ws=6viZ(f%5ox*uq!ovhRA@gKeRPALlV{Lf(yqp2xirji%{v zR;$+{@x@Ox8)fI8Wa^*X{7f8-|HZodpJl2?%l11<2=IBOPvk;C4$n0CQ%Z!XPcDgA zF0;5bsL%pdr1ez1inb$hgAnIw`zIF6?nU=iH?CVQ z0rOEXWwI*wV1@{2EF~;n9%Ojf6qbBW+*N}_NY!1#MAN{zvVenElo+x?A@hv#!mYFi zYS%U&NT5`!V#ld(Pjs2pZ1Wqnl2XAGyihXXkq>_FDJ~q(HaFNsKZ2t-jEeJt@pi@( z4}pNOIn0MWZnP#Qr$)-+#xAqJ^&TAeHTP;QI0=YMU$}H>37MmlyF*#icB>U1O+OUN zHhue-a`a!wFvt(zYcTAdq_&ibs*a1t*Mft#MT0UKt|?;tQt;@$>G>fEq9*z6+26ul zP0_!Ry~*o&?m69>HZ~5ZrH@>lkC^ZXea?@Rl=Hh{OK1h7Lt|0v)AQwrYwut`NE*+x)(LQW>{Or7(Uhb2)nYcLlxX_|OlscLE^#z^N zM+4SHcYYpzPP`v*&2#go7TYLSYs04wE_+PwrQlokps*bte{*wPZN*tO*WSW*La`qQ zC)*j@UxG8jd(+*r<=OP9-pae9Y0C?n(bG-P1+9$o0-#GBOQ0DWjiXA)1=w2lYpRc0 zVQP=qWhf>hN2|;{EODenTBDE8LDv8L25}!CH4?N46glCr*BlXEP4k7_X+iEUCcz9s z`jl5B$tKQYoFh|uDe8F{oSxI92{REc`64xQIwP6!SeR1KG}v)BC=821@S|C(>@v8S2-4G1)oxvdo+yN=p>U+ zrCg}*id|q>pA*j}MW3B-)Esrs@LB3rvGlR-Aj&$qs#EvVDmQ5b-oi!3KsdC!Ibszg zDpLTlpP^iY+KqLz33*mY*Bb0HG=uFPH*>eQmzFsZ44YkJ251$LqXiq} z@0};9cejSIO;oKypJ-5&m47ykG4Z0C{-2ySP~e zHG47Dxo(v?u()3WdF9igYjM{oy-tG)Yg4N*k7{WX?c1%@5rqWdh^^XF21=YqMk|K6 zx?`iEA00iNDQg8Zs`CXXcX3CHm{%?~<6C&5D=Fz({+V*BD%`_1j4P|sur;f`VRd~Z1oU&!JBTFue0*MCy)Wz?y=3n8MMnEt)f$zEH1R1=4E!^@n; z5!9rzFfrm6gg16RkQ$<^2#o>D77?KJIz*ip$g+3m*}{FoGGuMvt3i=sqSXUbSb#Gd zUC2rk(wYvEq?hwN704+i{&nfcvNCKyhbe z*5{lxItQ$wYNtv`T8>rSskw2A3HOXfE-L-%EGGy3N@G+ts$=C zb4;mrsDrG$vPvg%h*OTYY{Zbd#5ZpaMK`RG&4t(T&biVt3%Ea||f(3_^pQNuf#0SKqPvj>n$YBR8}m z(|0FrRawjPmFg_03312&UXIltjZiLG5_GwCIF*grQ}N_KUk(d8-`9_)vx9SNJ*{wc zMWj5=k_T#-A3*xDS=ONMf+>X8lpyg|F|mE;WBu##Kd*gDTGs!OqxW&8FZ7TUJWRVy z9A+q(*(vmgUJ4HbGafwvnwQ@1?cxn^18w4CMZDgD?B7+A#16m+G zlF(a_MpFMIM>a`Nj1i0+z2cA}DJyzt(Ku=j#I-PaQ1MG5>MJpBqaTYkkikQ&(bH zBBWGZQSI7E-ZGQjOh8z?lWx_61Tm+WTof+tuNW7a21Tq$dMz>q6IxPGej232^9~$^ z9qS5~&d5tmJHTKl-B<_ zzNSYRRP=l;;g!_1A2jGTbU&MBpKP%TTmfobYtoi6F;pw22MXIPg;VR)Vb0efZRcW^-h9wAzeCu&&^?JZZ_Lh1Ix@JIy?c83d z0sNKaJn=R(QMHJwEGV~6;O>&CA@ zJ>0Q~QK?$48X4;nfEAWMc!B~~R|_WyHS$(H6-wQ-8!R&~VH#Gnozto7Ob}4vr)31| z(+t)ju5DBGyHcoeL;kK++;Nr|i~g$7*^8@}`i}Oash3k^-If0_yv@?1#l%Euv#7?Q zqsKo?@$mP3%F7PqMmrL`a0K38A3ds0GrgwFSsTH29czB)ph<4VMcJ}bBmO86d4p=Q zqkwa&n!n{V$uGK5DxpFiIHtcg%xZP*zHhR?+?ke*^IC$Sia+|SXp-AQftSVPq}2dO z)(hL8Zak@Aj8Gb1hJPnfHC5?G|5-2i9-%YE834osUQ!R6Z%?{8>xM53?ET-itj63>3~uRk5v`dWS-~nrY*@tGMiVoaD@6JENZL0L{!klEEfr_q`x&ov%bu`Q{}Hx%KJIA0shOERQ0=$;eN#6{BFd%bJrl zm7uRXYJ5NTL6BY%;k1uHX@=_jHF%>|Cvf3&rW7AW7|9B{3}Rh4Z?VktCOC(AQU~bg zg_}DzT7rW{>$^tHdD?oEtbpxDRV7TPveTf6WahlZbDS$~Ih6k90H?tq=1$xTeLY-` z-wOFT_!_z5^z!-HE%9LCUcLe2=3RexVmN)hd?@)jyj0H}R8byY?;lH7I}lmKK?8)@ zSsLJIU$A#3)aL>0O4P;4BSeVHml(!G=t3{9vz3Ix(#6F?+<xmXto;@FqwvNGgi%Sn7Q^MjFxH=lM$m=zU{&fvh48ddHcPq2L3}{Mr|d^3C+&ev zh2$KUFI~?cD*B#-gGu`(C_n4K&=-l8=ayH1x;n>3GRBWBndz}5Io}Ud_I}``eHENvdR+hs#45+~o_VBwOQ93fW+SZNZ`8cYf zVnrz#r6SMStCdX9u*j!!>NG~lm|3bv!q!)i#Qa|Kwn8@>pYm4Q^3W>qc7dnJ$LzGj zee=q`cakvp(#y%kZL5eO=@QeJcd<&GEIem8xBV<;E&b3$q~+gnUG!`#X%~n|mS(H~ zpukWh4*{F9qtgDch!w#j#Fm_j5X}%mx%s?qIGd4Dw>PDphu@m@2zSL=@#6unZzXDa zr#7k()-nYSfD$Fzkx8+pLDh`PCxi|E6)ELg6*~XJV5WP+gyVM1#>p}#kMLw&!%-<@ zkKR+ct9-h5BcwkU?D@54V92Ut%;=`NwUl!AlQ^;1`TTeu^>YFFSpM&)62{^DtYf&T zdnH0I5MHGeLXy;9pzZ?JX)UiT^a7QbY<)gSiiH#A?OZ@e<8MIG_~QkL^gIKu&JS64 z<3z_y+XQ$jqOW7#^ z{ZE{rDV`dn>@J}eo*iPVI#;v79?Gv>h&F>?MrXc3*MR+2d2J??dVG z1*d*fs!6xc7B4qNwOZ`XCAkG@y`b?8PNcXWNeIE=2j%`G9NHhUNl-DW{Pdk{c-`ff z6rD7GgK@sNrb6;0Xo5Y}Ynix`|9sign^$C9c z<3r@1B>$g+W0;uP{_T^q8ckdKKirrfGj-ul5t4)VUKepc3RG6QQh}FPFXbue?1YN? zpni0{onJfRc0wp~>yf*X#yY=uXCL#rS-9ZLpNL%g)ID8^hL0gvb;NpdC=C>eViVVd zdj_58e9#_MUL9%J@lWqTD9C2q?NV)iEyglWJgGT#BQz9*kBED94Nm>PM zJ1*Av)Xpd3xD3OKL!(JK>|H_*A(T?3N#*O_8o};NGrhP`&ah{6{0YlqT zdO7B35xK;pn2sWFLN1j>mMOxwu@^4U0^L#sI>`+Ms+7ejg__anJCth5c?Pv%07xcY z^n^Gn=ecs*(sdo$P#|GDk1_nZfhYH7)qbJ~Bv?gtb;{EuCXw_+t8RW1`bQ z$fn_1qz$R2x@{6%HFOl!uJ%iYKv?haepyFxKj)RcI$ zH4$1=YBPZN5q*{%1*nGV+-&;%-=4{C96hMJ0e4~g;vx=QA?9F!^}^uEon_|7O@c#^ z!yBW^E0~r(+z(9by491>33mR`EKUvwP-Kqe-Nyy7KJ3!TvV|M3%NVTE{f6%{0k#Gv z3)NgMI%2JPZMP(QXI9LI*RQYD&S;?>GyI@O$xuQt4e_LP7%4+a^l{=6fQ+IYXher< za0ZOfEgwz4RZ9tcdZo`0h-SG0U z8c0~BNlg7o6@3^?Y3^RY@cOS67q_Kt5zg7`Th(okVKVIFZo`T2Qz(NqhY zy1bIlNuISj4MxuC_guGJGa>$H|cFCJS`UV6)oyLle(AgY(@;LY(0>_Oi{&Kxu z2W5wKRTYYV4w`icFW2jVs}Gs;2}$+Tms+@IZa&^}tt2#KGuwKx$t-uDQhOu;&n3Gg_-vv5^c3j_QC>;ge_8-9f(;YNIG(_MA1} zSalC5B>b2pF?`L=embpDM|?p}Q)^}aqjLU3?&r7n?0=!0>rUS_hwpfuorLTPfPtf* zs<+I3^TMACSr$ui5gD6mXx9qSHpgGRunDSiSf#`9p7BuOyj`oq{cB_-`cNbqMQ!6J z(1r)cKC8Gge4!?TLQ9_UA2TbPRcxTyJ{Guu%^+#Y_{X z=EKja+Y#@c@z%qKr9q?I4@JFg6OYuZMyEb12kO1q@wa&~=D*fM^916YO#Y>0Y*X=T zP7kLnB+l7>3Ycg!iQicxbPmD`mpbA7ha@^;nn7Klb9EQTb8&>t-io(RA{LUAkkB==A+>XGURV@jn zjb#6@jN>U<2WATbf`B!IcTh?xC{XFwh*L{zGl~r^VkHe3n+7?Fi}S_txRjGXK#Jqx zo(g|&x)b7s_pdX>F3cyPM($z(J)tV=`Us6G`pt-?jJ$!N8Q{u+KL&1u zncRTTaUzAi%eo})LNWcY_x!P>#SG`eyQTGQkk$jlJEeQf{u*x2bWuO(wepRQi3~g& zsMy7B10Sj2>*}jV|4m*_pYDbj$Q0jN)|roX#OTE+|_=$4o|)bUWQaYNSC1pA6(>#D^Xn5S694wH5ERG*0Xv~ zvI_zx8t}&iO)Omqvs?UK=2tFrsJFW=(Pb1;1@UtC5Bz{vF*>IYcUkFU-y!509| zCdkMwQN)c9rwkP4_!u*%eO{dz(d~>CGn#E*Z+PxmT~}rAr`)Vn__K193$|DV+^rJC zentmC2CQ3g0dsL+X<{z&m6~a;FhzJHl3HRY(rsHRO*`6JRJ#Ekd;a%X^=V0ks7W$A zD{+wvyJ)?HJsq(ggiH7kinQ{8+2BtSKTNXYFvsAeSo47JMd=4@v;jRHOLr zA|rN_9V&9JD_#*hzz6u#D%t;R6Jwg<$!D)tMLkKz*F(pq8gKW<; z#26U}7=#INWll3h?GZ~@F67@KsS!^z^tw-PVVp1GaETR|&k`%-7ci<(5h0MI!k3RN zUo@wH*IbE*TLh6Nfg~lgpHX76a@0NoFT-pi#6ytqK`-h6kwi_+M?4UOY-p8I+P@)O z)`msANwkDDl9+1ESPey^3&-Qck9me;Qg!u~iI?1G6M`eDYwha%bE%(#^C0G4wVnL& z9dH`?lV(`~-gevP^JaJRYB*GA^?O6a1e^PGkm#^!OCwoMF{K;*s zt1OUPG<@<`n7%c~a?qa|_!c9+h8wgya+isLKL;Q9M5Yx4r!fSlwaU3b*~|-$Xcx0XGMf~g(XD2LzX#KV z@m27!h`fgwUTleI`g5b>O|(0msTSVO@qaz7GLYa3WX(ch%plcDn+HdcLJJ_(BK4xy zAol`lQU3Krt^Lo>|L0wA9de$#b8tMCKA*=7opa>u7l>?? z0uT#5&`49?%jq~RYu3+XCkNf>t`zxH_XkEMVAF%g`TXsV5;N za%>6d*6(LHTu@(^E6XeX`~<=RVfBw+aJ%}&!CZy^q<@_MUH@cF?aW;)2$`6f|2Jgp zZ-W}(+n{!&RH;qw{EL@6*aT1Cz?Q6~!X{E#aA*-m5$KxS?-!qiY&@oQ{{W&m3tX93 z=i7rAn2!ip&v~~zciom#ENyEfRkG~=Nh_P3SDP|PuIV+aI^@1$wk?b*95df{VbP(V zh~dzhl6+8*-8JZ?ZB*;{xN>A4_od0ZZse6&(dx)gSDM;q7=M!&IQ70(R16{1jzrf) zi5a<{Ic5NpGx*{oPS*+g+|11+DS-1nI_bTa2z#*x$O?G{X6#)x7g~VpsY<_B8|_Q5xy|L}jk`I*+}VDLXjf+}E%jjOm6gN&dB3DX z_C$*Gom+;Q@D`XIUwrHj+$>rh7|>Y^Bh1#i(PdsgmLn|C-FG}qSRFkeS{T-+yKUuZdBQrPgH=RWq=n5RTw{%`}#z^D~~5YRLV7kr}4|-4f&*g z!w2;tXks2|lIqBrEoBO`Y0U`Hx>>p|^}S47-Ce1Av(S&@{m{Pc6`E#wz{Y>C^ilA z`9S9gx`p@dTw2CW0mek>#i>=1Sx3e3LICF!1p(&JKwS+Xf(>Vfkuj7{!*c);WE59$6kewU zLr^MTg;e6ie3}%z_%Vt*aQkgqhr`pn?u@+^ND@hS4IupS(rTW~u%bn0+{K&oc5F#& z;H~*uoqctD(xCsEWCyb$A6`H@jj28dGRVbf+{A#oOe+f&3NLE|=cxm`Y_T$_DO)ZG z7a5vdJ>JMB4OC?KjZ#I(MyZCYI-6S^$F#U2`YVrt?*L|CQ6hgUDx=;$FT2*)=ksOA ziMv7e!BIp*7#5s6^6|xL!$xuuKn|%WfdF$pYQ!NWAP4QolfyE)Rd)Mko=~HZlZgeK zB7`5JT$jl=4%J-4yU`>_>y-YQPnFVqxB*8cg956F?TO*@jn}1vRYY<3K~UQOvn#kz zRlRLCAZ2Akv6xBm3AphW*@&NuR{A-nqNuiI*)gt<_aRL)hQUZx!cUsPc;y-s5c}&n z9=!pU`8l-KyRFn=Lv293=Ws&~1iaYJFaO>5(5>+7cVbv+ z-=d_-gs5k$-ST^k*5ZAnYn3CU8s3#@kE2tE68QA$IhUzTWq$xj9?%H>h2K6z$oDKr#_4}_4`hp_fc~?m~tRI>l@~R z$I(N+x<*R9`II$3M%Xy}uCaN-hBd)fL_o9|f(%`~XU-~fDgI_LrgcBe#KnLSvV1-8 z#se!chCr%bkRyC(2a0R&ryLA$(*ZMuh_C0Rq&@#Sev!iE08lA zg$Wut9G)<=*x(=nx!5`ct_G~kr%1w;i4amm@t9G#0JzL$6AERQ6`>ei!a_rvtrR6wtl;VPwZ#cLPX|DS%l&Z`_zY1f)?FTlT(afZuRj}MtxK`e54r4V=mN^ z&kb&T*ZrIqXy}Ai%%?&u?|XT^5&w^v>k3=)O(N!Ks?h_cBNB?K}rFRDLwg**EJKZCClMReub^N0Npzf}MRSy-9QL z)T+DIO4_HJyq^0WPZJU-MkTn~-CuPnhhFBlPrkFoZ0VZ!oFk4t<7p_MqWNYS7^hE1 z4ZOWJx-a^*uvS;DYbn7+86MC9wt{w0T`JviaWsIa%JpyQ@6f>j!=#UaGhGX!V-+ba zsr9@TKNW+|xQl(T9!t#|q~>Lg%ITME_5_H}R)hoj0$CCf1{k*p5@S(X7%J-6ox0Av zFCM%$x9_)HubJ*R+O)QM;Y-3ZFK<9LTvSBleqL`jblM-apI!;Cw8*5atK?CY!%C20 z2bs!Zt%SQ-a*%?ALuXMqCn^V%!9}DPisS7b%QJ}q2C|1)r@nbulnam%HKe!ZuVZ2gghIWGOhm`~Wl_=m#KvWma4dSu}NBx%^> ze%{pc3(&ix=$n&!6kR5!e>*GoJC@|XHeaQ8 zq)YTk8K)ime-PxunVteCv^1#28d@F72l_z9J->Y8;>Wbb4V*m;gIS%wSz8%bsbF3P zfj-qa;#DW>E8T*KK{CNOBNk%*a~a zfF8ZVx7Pm!?H2czm$8G&`)1B{o?v;-6sy_xBq4{o4$vL&>Q5=LX-%;Sg|z12$zrDk z$2f?D|0yqbEmO4AX))?bRaj-?tpBIS&89GEQXE6%w-)!;q$g9aK-*uedIQ%I!Hgu>iccXmpp+C zvyE^I&R!h(w<0cm3L)spAh#*(A<>e^Ni|0G8SQA(GWry@crS2;?yLeCaE}R%IzUIglldPKA zGCZr&8-`j|>O#c0x`awWkQgCeB}0NtEAwHD^EqEfYEoLP$Ql87!#IryQmq%!?oL7d z`PwA`1Nd$>axVkelFP!Bfq{s0Y%g@!gjCI z{Y|Dc5n{Tuf#_r-)^ntjOW_AbW(Gv@Hug~W)+#LOM*NPriwOA(|3)3PAh;D9y9ble z*MeZGF_eTMtcr=iSu}8M*d7RHplNU^I1+HTSlr&frfqk7cQCspw(q7DaKGr$c}DG7 zBkqOx13g>{LN%nZpgq4x@aQ*(vNme8qwV$|seVJx2Ss(08SB0TK48Rq(R!9L?jkeRb! z)+m9}W9h18@9yUqKxOZKV|Ff{fZ3d=<^(E!1LQcwhqu~~9kgg2a2T(n`zSx*T~tX0 z^?RRq1zDt|uXX)&cn@Y=P z$d*NhyosQ8!+IA%JkfWPF@U~I$sd=((SV_H@XkjBqTgq=J%jn4`gjlXDFTc`Q?c<^ z#Yb^9Y+vUlyapo>9Mw-E12KzJ8n8|?)9rVp!p<8SPGw1?N2aP*{A(%m?Y9L^FQ3`o ziUWNS+PHJ|uoIg*%oRCSypk&D*Ly8D4m?zv8=hX8+{LJCrj_aULV?~{hO4(I8#BM# zYu21!i>-#N$wd>8CTC@sG5GX79!ZeyX;#e z7o|EXk<>gVjJMB3bAjqlzh+T^RFa0ahU2Wu5`1|=E*V;#NpVC(E2I?wVA23_y%XeF z^#ZsU@x2O!GW)Rf%WkiZwHkQweI(NnpuVYl>GHvWOwk;+!t+Ym>PVQZF?+P8T-R#( zO|K{q6@88LT($WPj!T6tJIV5ADgnpC<~BQPig=G$f`#ZKOr;3Z^p|5QERmNX;Fe&E z-@6Aw1p*)~h)X#N;(pA;25r&8B3^hcsORBA_ZG}J1t;sqc_SBI0Yk3VGy~{Fu<|N} zyGC&um$@C0{Y2H@K@IdJ{1DJcLo^O}NhCN4LQJR>Qiq8%aPS%n`o#%9ArGJJmtGk3 zhl1HzC5YSkPZG?uW6vJiwf*Q$y?Iteghuzqw3^sLM2j&8ENoCJV$T-E1CJV_hqG)4 zXj79c<+DlCim2^p`0;1Ab6OKBdnBR_kSIeErcyHTq76@yX{a=>3cMLQ63@BZEi-W| zWfCd+B-ddfiJ_OPxFJ0#UJqY;1TT7vL*BC z#%`kn@PkO#W%k@Qa4weh65$MjE=zhyNfmRk`Tooo?-Lp@kcO{v3Mi5^ERjw$lUF@8 z_S}k6Vv0aMgRXy51T7Aq!<~?E#$SnjduQcn&%?NGZ=ATV2xrEx zBjHx6j!Y-`^A#$Sglxce$+5eZe~yH&hm|XvH>{Q5c|bUrco_=u;sIC82yai+h;?#lfT3;RU2K$Q4kGeYPM`Ut{~Ro@nX(=d^sp8bLpx8YB*!>NEYI6 z<~I3d-9*fgLAcTFHkA|5`aYYUsN^nklPqR8Wf_`!Y(JOw_+ZuTM+dL zstt;HjZL^*G}nG~-!TApM1SLB)T<63m)>vxUbXfz(K|1$>31YVOm?Yx=x_6X+2J`{;4PS43cE^b;_%gQq^ zIy)=doBnfLC(f~7g<_s}V#y{-bL38=LA6BP1ru|E#0M5J&4rjS&`ZX6K}!ARij^A) zHa9~v3dg_dL(IG>XtHHdjS>2hBp6Sd-%^Mc&~1rWh6IrTb<%->2!%y!ya4(Uw=Aw9 z0KFeza(M!^AHf?A0m)B_h{xn2*%zwAnElB}S6XzB09A^b2<60R5OW<$$OGJO$N<$S z0ma@LmLyt_h}a6n&RY&>W*~HLzZJz76@g{nMi3&0bkzBa0_8i^Gb4Vy;79={z^@`{ zWKk3X=)ehOCw%dRDS$_S^6_Gog7I=NfHfQh4ydOO@*?D2bt8r*?qBv6fuOUlXD-F^ z=9nm&@y+mY_sf|4aFoxExyx@d`nECDW(@x{E(ghUsBXVOajvOunSLr_ zJz)y0A1<3atlf4d;{bzvjG{mN3o_43aU>?tyw{w{IlFB6voSg`{-|+`xsqYg?0-dm z&m$>3;8$Oau;xW{a$N}?xAtA|%^+nv_zyXGUT&Aq1dKj7(p!_(Sy1vdo_gjMHLHzG zoGjO0Lzj;i(*jwqL?Mb|>-Lo*4v@AIoGMB4;TiHKKw}jhi!je8NTINaUj9k%PRD(W z?3pwoyC2|T2W6%*4#HJ^<0wh`nV&A+a5WPBFcI6;yMyV_ND;ks9=U)&ix8o_Z_I!{ zSE^v=u81aK13oV$f*H%0I~HW2St@c@KW)9=gd`Jm_4%w( z9^-M?=u>k#Ti~;cn!xS$1JNLyo$sGSgXJG+5nP=Ai_D?)ZIyM&Z_&8dxG3UtR{B}8 z^yv-M`y2S$Uhr zgB~7o1=M_j%5WY`5O{HUH@pE!#h$p&RIKxX4fhvs&bGjj&jS$-FYlCHU0v_?mS2q> zuI#sL2y`TbG`)qLc6a(bJYP;fw4FWQy0G_nW~=|FZcuMMgo<73%!UhSV;w5V>fHRP zI`7&VRnXoX`{0lU9nSy!QQfJs4Bj!b=yCm=t2a{EFA0S`r_}KWi!IHsdK0&-kiG^R zKGPe`!7=-pEYZlxJuzt}mi&5z%iNsH@yU>Nl?RI+_si15!^idH0!69juf;HV9ji=- z@)>P`(mI$Zn1m45G0{YeAw{(F&iv;_Os8bLKQ7CQL6)dVN5EM3qUHtSTbZf>m~FL% z7@>V8NF}&%BXISmyf@+R9gt<8If3X}U*r)HFcJ@Y`|pW3ztd;?JrO0sz-(T=Ji0H& z_Dn&;MDvYRap5!D&+_fvw#rZ^4P& zL!CY!B4IIbe+gUQ+P-IDpoPV5sTevp^Vk7lZDt>K(Eje}O~Jl zPw(d8!MfC!f4b*4uM2w{9SmaE?DWLWiy{ZJezO(^ns4Ej^s@4nNigYSVhXURAj*j> zOuD6X*&7r^7wxeSqk?|lTRod{0O(m#AS5(_*lgw{uE4CiuB&6`JL;tC$w*NZnEui! zE+(lxki@Mt^3LAC;bi8_DfRBQ+Yj?A6A}ad zU5&-qYaxPGax^yAZ+FU~Ftj{v(L2NMX#DYGW%OEyux)pj+m?2)2eaijM^+qMbZX*- za&-il^eG4P1^3m9&)x)N_Dc~)8D#}$u21&Z&wvASj1lPX)n)UAyzAmHYt_c^r_Z(6 z0CUUgn;N-w8NVs|MiipYZxP}^rb#TNP@}Q8nUUcq4RiUpwx6c2Ug>nR`B$~Ilc02K zxET!aij+||dzL1iGaG)|J_LY&kO@`}j{ml|_1^o7p@VPnBW%>03ch+pf7*N{0S~)3hQ&uf|?oC}2;Y;5u^9 zt)ME`tCN{P)9r8ndASfOX2}x z4c@?pD1lh9J;aZ^D+R;Wa4tE4v~aUL{76?b(z3p zLW=e@s?GzF@f0NQI%jj=TleMC~-t*njH1jX7U)1&2z(^X_l-n11>5xqItQ($Me z=QZg+Ok=&MA)f`a&)ZD5}U8bxNlFJO(tk#lIj3O#;b4CxjYbypy z$wUjWP$Dqlwp%J4^|2OVb03;g5-{2P4tK$gGc`?Ftvzgfgdss+&6eSE-Qnb*iD}v8 ztyT_@pB8pFL9=Q~T@8{8?-1(E0$LwI!&fz`=1&XJ9446*6+o6;{J^FsWBigHK?`ZM6{C{M7mLj1mtatR0O|NPoA zyr?etpk%YFit0n#sTiFfSF(I9y7)m;XjfHubt$`OtF~w>_8+gHnvFx*8iEaDX=y*^ z_#}GEE`zj<>O2UBXtWO2Px#BReF6q2K{{111Or~8u7lji0}nBj_YYZOWA&3B(ujSj zZe++VrDn)B--Z*9c+L}x^#f6)@`PBV;&vW#@%vBtd?2us|7i3D!}2kx@}@jsaV9*B z$&vX${C|wSb98K9x91((w(aD^NyRo!Y@gV+ZRf z8hg*$yK2<>W3D|uYp(BiiVP5N3b@6c;QKY>(|om;;lj1d+JmlLX|A!@Soup+l?~uG zZ}|$BsWVT?*;PFKXO#^Q;6@qERpp1h`xH#DtEFgV4ek`F_i*%w8qXG%&9aQjByS@_ z(`xBS&}%gMT|VK<{YK9UcF|GmSNl2!O=Pnh@RSv^kg^us_BsYBXVW0ilr?j}|8e?5 z3vPV@gOsCb5K7LP*>CGFhJ>9dY~r}JLHn;r%ZFX~#r5VO0C>=l-z?x7j6CDl1*jjC-X=tu?W;U0 zGdQW*Y^Ho`Br^s%ueO{$81iMEA6A%nU3;g)rg)EWfnioSw}r>%cxO(JRk(fCYbPaI zWBc0Ca3;T;-Q3M0?#=3vB2YzLw>IXdXs~o)cX>>Xz)k0%iWRx;UrC*YQ0>|2#BGW7 z#Hd?C6yP0Wql-b9_m4s_awF<(nlPCqN#eqPI^L=3)o|P$+7~aPPc1F_DlxbS^2h ziLM#7aMDzfi+O6h#{z;O1V8mNWYxxXUZyW;)UkMbxgP!wFjmA?=bz*Cb>ey(@S^K) zq_0dOyBM&k(4X6G29YCsx{w{0HTOm*i_{u?VKQU%ot;;>m01rXrhr3Q9epK3RydY5 z=(`iAPuc_rBxs3l?FX}TYZg;0c>#W(Qz#xs+A(Xu_NOMxM?$sitmOFm-WXm@H)HZT zFI`kcK62<(7nLl%&FgHE)3Xvy%59(jNn*3>+k_Nv)RwauGYJ1XJ9CW%*}%$b9;X7V z8{6B*^qfPPz)Dpo7~cHz(bfeCv3JR}nA+8?25GD|L(SZ=omvx6Mm9G})l@vy7AcSf zf#+X>i)4hsikcfJBq{niSR!IYB)Vhx6MY$alwu*tp}rMcY(Z9BG_mZu z-65NbQbEqcQHxVLJ&w9qC>$6*$z*{W5LGs$2+5Na46u{`oBg9S!X}v79yv;h_MW0U zoH_TUa&Q^O3MW>nl=~fzH+)+#)a5W~8=kBxA;w~JLw&a6#LAWW(q??4>)ixnF-F3+ zbhpbKS0q!?rg6p~nsTme>|XHxpwxFvAhoD^I-d_>`6-7YGWI|Rm$86i#T$4;sh?Si zjpzzDlRcHRcKGJjJ&w~)26Pb)h@2nv7srr7@1IOmL*BRpB~XQY&1Mas=ytSAO3eJX zhrB6rt}Cx#9Tq2>ZjQ6$q+>f}t!CKhaFIL6Q(C?-e%*o+;YTJJ%f1b>MTJeHErZlv z`e>m=i(NVU?9E*tFW4T)LW}^5iSUxZ^8wD%nNm&40XL$f;MwGMPp%%S)GJp)IfKrV z9Wfy-$5T-?q}`Ysp}(5|fjmy>8fE30VI&Y(uA1^Eq)SfOwg-hGpfg|>ov;T?0o{gf zf8NnoqkY8vE)m3&4Q!?k`yopTIp{lqzm9b0&QCz36IY;In@ckpX#TK+sYW68?aPJ+ zb&8VlnP{_Ly(9=wLx`DZRe4x8t#&^-lba7S1(_ddQw3VD)Nqir(D?q!Y3gu@Z}32h zlNitBb@GrKd&00H{OD&gAn-~_w;2XM=*$)lQr%e?;YtC#FlmJ9@F0pe+$b#0bTW;Z z$)Elh7j44~yW0Ewto{V~N}Yd|RU|z7yfx}fr!%`T-FiR&)Ja`qpZ|i~uOK4)r-Jvr z)8@Z{BxWX-e_KJYOI`LGB%yVF+fz^#VZiZv9mUD9ShFN%XPh3Ivepk2W{jXn&z8Mk zH4r_BhMUStB?g94KwYj4x45ZG)Yiz8U?tprw3xSlo7KN~HPJ!(NJEglZb71;Vpgz@j_n}E-f1`}e|}MG zkR>`RZA!=`RP-Lr4sTu+Z1w=4`2r*lq4L;V`|3`FuPz((e?<8j2UKjY`VLk?7FP{B z_kNy!tfH=IgQZFc+SSucH7A(3*|9&DF`Qwkz%V4yqJE}q{I<`SOr5v?Orijv^v=9^ zc`3pA-YV4i*C_-d;#mueS%?14IB_e9bPx`1{H~8i;cineIKO@XyxS?*(6}L% z->c#46dglTV`R-mUs0J^AItXd&vT(@O{Mh_qhOPY;e&JL3!0hsW%&h3Bw>As{Fynn zBa1e)htr?hVo11gWIDxip$Ulw5CgnS(~hgsjt%Gs%3VaGxG{20=&ESf?i0`zBRkKw z%GXp>9}fC2PFVOUnAqYrPt&_w6=OPCm4GKPmyx34g+EAfhLK8oRF;9F*e;&3isQ0s zg0?t?R;(?W%=oNNdG@O`g6onxlqP;|vNE0%t+msdqrq@~^$Lv@WOZud8D?7O^7S=m zW_=?w{e#DVEW)>*TPl^dH~i6bxP~VhA^>JHTKCg&s2fm66sh({HoYU5&II@~S#-kXqJE{ks2@sje_0_FsmGLE&L5Wun;W{^2t88?WTW=9MYF zNmGQrF+5Hj#8yiMej&{f@PM24;H(@7j5t2pGaof+Ch-03tkXvR_(T?I=d94Q84=JI zg2r&Cy1z$}TeDl0|3gWto2aI|ACmX=iY<-mq!s-!bM!fC{LZu#5TEfEsQ=d;>Lk*M z-((?8`HMq#ENW%E*M?3y`3SU76ELl^RU{eSV~SVENz4%i+%$ejqYVLic|v zD&GR6|E;L7u(STBBFMi%r=t}B$^%4b=P&3rLD+!;P{c*q9(${$;;xS16q%+JglQu9 zUtRkWFlKaCZsXktH!j$nAc6Gl?8mnZvU$0|C@>Sy4!~^-KQXA&U=W`D!{9o02H`&> zP~t7U4!o69UCQ4WP&i_sLinK(`--1z!tNgns@FvarmO8;oNoHcwpq!=8-!aRx=0CB z4gTycCmhm+){BOc2GU&f=(EzZdS$85OB4xP>&IpzX<1c1ELX}X<$VH9r^yO)Gb6Er zMt-X2m``3GPI@Hlginl$$VViIjDpy{rjTJjMr(oB@lRCp&@=X}CQDOlD0z3r{&7(O zOU^Pa%IfaIoi?vx7q;N%Df;zK9S`h3IRE>|GP81W{^!vCzq$WG=GMO!5r?-v)Q;`1W{R zl3WDz()VM?&d>*?xASV~9@2M$L2Og@0guWYceZ)MNCH{_Bm)siLhAQpjyO#<{}d>o zVFH!Jn1Y6|SFqCoL5x@kg(p--N93=Bpe(&I>zHvGqMyJES%3vdrK~{3dEnxwzh@t7 z1yB+phIz^w7!dGH781}UFcENYDX4%OcHv(ZfE;k>MDW2?UA8_^dsL1bW^r&R`^WF9LsIm>Kb-MdQb_k7Y#XhMlT2qI4s|2EI% zzh@+J!j_jua(^hr!QLfGN^tI?*5pafY>wpWg<~XKs!=cQ=jMkQKe$inBb?&Tgci?y z;|~?%#LW#W+$Y>vfe=PQfqsKqTjWA8>m800vAci0nHbl2Lg>CO;z1}r*Mb@fT7M~3 z2+>wW)1v)&n6<{Q?RQqNSC>17S~mx-1!w}%gQ!s;I5qjNkA|&WhU`#~3z;^z+CYYM z!S~x0r{1Zg^CI?&(*77P~B|OdjN@aPQ#}dA&4LA=BBu8>;k!fCW8kj&eGYWuiF3tma9tl<; z@u*ioMMXZ@({EJ7N_1^S5(gs8NJN(85EweBt+y!lbDXkB|r$j4`RsH{Aeu0s*8rEx8ZSSD(wvX`k(5#eSu*>lRHd}O@8gf`}83Luih^e~KF z;y43RxMX7&_oL7z;_~YnS|9}5+hEC+8y8>)YV>XKvxA08%nm;m5L)-|_f{M+5>Y(V zAMQj!ubFyPg)H@;g!zq6w73C`aweVdJvS6ejYKdlM|*7+V^IJnJ~Iv4(GZy8uN0!( z-eBW+0<)=Th+9@{_?OFBTK{18WHb#Wf2QT7*oP&{P(F#r7egOC8a75zr~_3FKk!vU za~4vx{^@-C^&Vl!SV6V_7D{W8yr&jrrSBD}&Rv`Q!0czLCd79cs!)11$P56#8RPm1 z0Jk`*eW=fO$gCAcL&L^^?8~hrgn$g_FR|r$s55WOO2ePzF3x1hNU<1W&_gN z4-?xsK zwe{;soq`&CD9zyvu+H_8sfuQUhsQXu(f3KCPjPPr;fEC5iDLP#s#T0oF7?CG5Pq=H zto3$70%AIE&zbi&YqrEVa=fl8UhX<>V}|HIs~BDn<7ryj@9vL34s$Bj<eAG5bx*GKLV;nj;x3{fu)hVM{P)0nk~WmxK+C)1$O$E350w?B}$XGLLp!*u3zV2 z1v__y%4xB#+MH?}s(_#!nAiarKojSP=mXIv*4&R5hl??cr{2VuW>_sg(s1vCSPYh3Ks=dn9ghiD}jF{J310fhAS2SOAgLOP+m_m5@51)6r^v&(XVmG*k# zJwb(_b24Y+IVUE8YhE7Bo=yKK73~s~GBZ4btkMI4c5c((P_{qpjd0N%>cH%nr1CVp z*En=W9c!qpcoqIQZjb~Reaca69$0d*UBEyvgs!w!RE>G91}t)fzI0Pir0QuJl@Nm& zw$qQsfF-ufP)s~Dv7}6o4TFJElMdQZ%kvRCF+L{~(L~Q*{SoB0YdWF9kNyGDhSA6f zvBNrjMks%oV1nxm;3LLYYLH7`TrhKm)xZswgo5|U4*aVu3}+7p@v^6@&FAU#mR+atqh+g8=50B(XT6wbV)^Uk1%+et^UR^; z3+Fjit>uc;$DFrk&DZti^R<7nWBf@=2G`NI<9%niMNj7|fgwO34d?s}9>c>kutd4S zE(po16%cg%cF~Kv@I&V0hsU!7(#Xobd7hF(o{Q#8>(T3Kpf8;|m3TfEb!oD}#Sv6O zfDu1^*h;!3Ks;`Te?uNN;sI~=xKW?nN=zQs0d?h#E1=wN;|H4DhW^zN6p4jX-qtBr zYXlCMZ*zr2OX2HUrm67Tig{!95v#=mY6;gh*99vfG~WShY;d+yhIjx(MHtFKBT+9+ zdlp8Jk^@=(e1QC6f_Q-ZQNr+lIg-+tQrA$gOZ~CXN}lKwl1r3v^2I2g=4)|T+_Skp zDfj#BsO8DBMSqTOH6Z-MR%^xA-PswwF|tYmfv-S}5AGL&8-g*yDc&*O3f?nbBUjpp zHAzeOI)%gU|KottA!o#!YC&2ZIz|BGLaO!4L<^CHFJ zGN|bkEV9NKBdq_CI1HaaO{Zj$H_jg6jdv%x6Zuy{gQ8x>IDLdA-bC2PxTk;4veCj$MvnI+SaGF6I)et^ZcvxYy9&J76;Q{|gXN4@^& z%`K$07lj))sc`>YlbsluhG+mMu7j-TnkXlfSOL;b#bZJhfr_ZN9L9(nRFmQ)QXjSS zB)ma^$N17;8jL%EnJ~KpccMkQ4mxG<3|yy^(q#*=Tp;MlJm{Y>m)#Kqy@KULaxhz5 z5~B0VX{j26z3gp7nrmIwQi9%%a+q2J<>2-x)Hg_VGjZNFb*g3xn)sdbqf#=hg2ad zflY81e8A6EYOgWfLH`_kqGOUzR;%MQW)Z8iW||YGFcMF(7FXGszAE0y*1cL!ie`bW zAz_{dWk3BTaWz%&IMFSIE+X+;^IIpZ`FS%;jEL`xdAP$zYa&45ftz1nk*eTY)0w1N z;xK!}GiDo}rQVxV1lNJpxXJ7%_-;|s^C5Ig6k|>)H(R$oN!eWaUK(Byke7Tu3e1(L zN7|(zn5)1S|3;v~KIa(?Mkrl~Dx92q&Ja}Bs6C)nYg^*I{$ zaP8*T!+Uw@>G8n396DA3s%3==@`0?^d|Ek{;5ig5!vPmS#KD?iOUTVWXk+rgtHxE_cgc)C<&G07OMiMN`aB+89KfTJ#D< zqj9W>QCZY7{bA<)Sc3dUi;XyjFq4j=w~I&!pszTC(Y#o$Z|m+AvLZp$kk70&3CtYu zw~M0LLVnutMh^;~=AVcF$G3*teL5wRE2TJblcm-;7rF&uB*c}G4JyO zDRDMfg27?%GQlvx6ZkdxO<(uZ%f>2k@s*QT(VnEkGlAnxHFFjMWET~_%upom@GDZk zs~%#!yB%lxshj$y@GhSZl?ecsQ|(kye~ggUtkBQaR>;Y@!5jVZlr7T zc>Atr=Ir-dk0%lmb*JrJiCFe@P#Z$mWp4>+D_r0$Iu;a{jjk94scN@a#yX-A_} zPOID#<2?($4+$uBGn@%RTjH+mj^h)QTANpNa84NviHsn-EdxH}| z*1Nx7;XO4X;aV0yZr0vVsHy%Q5D8J5dLXE-Jwlqhfm2>s;PwiOP`DrB3#|eO4X`K| zn08~wjyk!xKWAiq0LnjyU@yB`r?y`rKr|P9S724!)0##l9R@XByYmGd}KGVA_484(J1dLD!{t^hifX%fD{ZeqV=J&m9 zmi$}&Gvm((iXZ8zPz>;%Jm3q@W8rF;`9! zV=!+Sfv>We#X%Ve)UJR$NW@kft(Cf!51ZdE*&#kWQ+z1NsVd_y z@PVR?f~*uAo9as&$n2X1r7~F5W6nS^DH2)k4T;ZFEgdX4qDN?>{pJ|=f~=;n-=g_l zRn&#KFhFf{i5bo_tGG_P-1vlCoz)s`eaE{t1+8>&xkB>mPwZMVD zkx_a6#+tRjK<_x}&PD5aEbhdou=pz^di$PVPLtCA6l^2XrNT0+irG{S z>u)*Jk7;^t6OhOfgdxQ$WM1FqJW@+R31babI9Xn_G!Jj5y~=UFameCK|-t`fV|L*-Ul8l4&^VKK97RA@>7lT~e}b*8X4C;y!VOEn8?B5%RhPCFNj{n|_gyA}gF0Nq!25KV zG&6hIEXlH(7A6g`5eQsWcrPy`Q#FPh+4+?SrhR_$q70@FB=tTo&6&8)@r8tnps4QW z;dsc0JhU_p;vWoQ)DCe~K6>E%(oR=wfs6@W*>ye8*WumDdm2-2$l`t@vXNNfCcxm4 zG7YqJe;+vJY|8LGO~7t0 z(&hy6>^r*t(WaQM9H4Qnw zs+huc+{7oM!3cNlo#yuEL-+BfH4AQ;)c`w8ln+b5nIv$?oJ7uw;RXt%t=j99SIW0m zql)VDIPi?2__o;Z&SPy&kwAwM|R zCjN^PN{KD1yKE$X_vhs?udm+TZfv4XL#OfNZcTX>A|~i19b=hmwq6KCW%7}lD(E{3 ztA5Hc=bPH_VNRmo!Dh}Rbn$CX;{-S_V>gW!cLW|>4&#=_#DN(uQtaODzXk8_IJZla&8_33$OchZG)p4(_x&@nu6aw z$>pnj7OX0J&#ia2o+>BZPvv6|Pv!M&>92096Gh|2fhxLE`^QYee4%yK6wU#6&29U3 ziL&yfK^$sDo}w(+j5-@;JrqV1^MdllZh8^Sdo8()9OUQd=4b)9zkXH^>VRe4%`32F z$XWvR1MSksIu}gHeuJWdR49D}hb373EFwC%E7Rw=Z-HH`04%`VoxUp=NPB$|S14D~ zg?_Q80;vU4bvBNP84br0>>lz=O0Q3Np;zFot1D+3Px_xYY?{`{h;f_T_EbU#Ifa@m z!MY3h(>j4;ar2)wi5k}_lnv{F;EH+|FJw(!=d0s#XnXZgZaW$lDw~~wRkU4dzCpx1 z)G1XTxNu83ao0DzY+CB*Sv5R2@8^fH1y1tAA1_y8?@z`urgUGR$;m|W|G-h$|FC%#o#rp;+SN{o8DrqpFp&+bar9jC1h|c0fW(4Cg{gH(& zk3s)~qjZ=qL%PCB$b*K2G;Dl4AJ(Z8R=U_W6(@L9WQMImCRqF+{FT7M*i<-9E^Xbm zpv<@*7!N@Up^cKv?j;g#vBMKpE<9BMlzLE3W^t!T5Dv!yn;a9b@}(uc0Ii%3WV`TE zSm?yre{429&dgNm}2`u8?goN5jcTiA*v)Rn0U&`9PQP07haMiwdSRv&l=O^s>? zmQ!%YG%~2m=?sd*(N)d*;AD;ZVD!QUKCZQIEkFL9Ymt~E*3-_@So^2dcS7=hyt~5# znt{3l4L^k2)%GIA1+z22j{KblM_xFu6i%dS;GDX8bVkVJ1AeAJkzow6Ih^A~Xy55C zoMFF{B%113Cb(6vQ{Z_TO^R1L*kB!JTANB!8#5+RngUkBKJA_zK}g zSpwk+)v8HPX57a=otO>wHydH1gK_$tScdG?&l?*wrbY%mEr#q%hfk_o5!J{c-Lszf zuG85YI=Wv^sc%j%kNu&c)2^w6-S202@1M&#eD6n>w;TP#gjf9C)OLsm7YEa+J=)#A z!gu2v2a6wX(yOqRk90ad5~=)v&hPi56U3g*w znj*1L16dV)hpqUp@d8_m-r*}Gx3Ws8tU6&N3r7R4NYTo$cE!iD2nF1>6%EZ_29-VT z5ee}KRD9e4XkHcs9*-VqRQ|1YI*3+l_BgOb@$o+kXZ6vtYqsZkvo#saR>6Lo4!~Ee z&I=AzmyR&=nC;R-+$Qzj-9t#`13#&>zkd*Zi8Kc$4Y4H5-|vi1^Y?sw;KqkO1nBYj zcR#T z++W^B+dI3z9vnU1wBYr2TQ+pMhu5D7za3A}R+>Bxl)OE@_2NIezTjyldp<5chjTW) zpRO%4PT9#&*?G6Sy`GTeNwF>K*E!V=Q7N*+8}HKH@42_JB;cx_8nM*jJm7}7XHY;R z1c@yFw`dWt@m~jN19yPk#~7iH`))D*PFVdztb?{eIw0;7i~!<1iJk;5{r{D?h1y3R zA&nC!iWMO6=LK;G`%cu6c#?D?P(iRk;DLtw59JR2F`O|%8bSMqV2iUPS{A7G*9L8a zaDd;(8TnVj@qfm!4GY5lVpAtzh)osDvJXedI7pJrexn}qI1a+x`pe?!*|$EbG& zl|D`ko=X;1-5~T%&`kgalwO_1LaLUfkjaZ3R&}50aYP6QMQhD4k3&6vOk)_e1L*hM znFgIgpeM^J6dRG3k~6Jnp>30Cd5O8dmqm6MJXtDKknP?BC9lA^nak!%mDQ+{&g?b3YRhH#ITx(dOdUjr=7AL=ZdD_7tFid9EUC@CLb1k* zo~HXj1N9nA_oQ|eM{xKuoW2ut7WJOrfwzIo(23x^+<}VMZmg7HrP5qD9;v1V<&~ z?m-*mP^+X@l2}C4N?9W<4D(Y|MJ_QPtFmtk)z9~~9W8+gBSaB>@uK~EB!i&F?k0-O zu6mS~C-$$Hqb9VRsqr%``slz+PiGIvRYZ;oy{5x)+_6D$oJ zNFvLEs~Z9b7eGwnSIjkYH&4#f(ea9wi`bDy1jZVoWvNf$C4OFY%qD}ClWa_}*$M`1 zlOHQW*F-dz&k0K+^-7jb5ZwIg*J}|lJpdR!)*rJ{bLSUN*jNR}`qfZi(F=V|gaSAP5Z9O6V(WVCtTfyzYD3+LGI>l2zcd^sM)CQ{e!)8$~omPt*dKX!YjHiXjP5sDTfwl7piat!wY|%j5Uh}fe*tq(l6(Kd11~4*KeU#xu(196ttC1d z%6k$h--IPT6kOn&R0Q@G`M*Y8|EH)*oFPJ zv2(dUx-JR)yxyJ%_P@~&^dH>KpAH=CAt^u*c7Z#VpU2b7Urqr$+Tm$kPJ( z#r3DA&h7<9+MO`~+0+4ekGW&dhl!RzOb|I&o$_f=mW7sa5)>(6`nmthR1 znf=2lT?p2T#}u^R?z3G!B@t;qy-omG*vpqI8UI9{kw_g)oh0UGyA&t3-^*I>?>o?= zy?1DlnZaP`8OyL(=#sEj0xzPGz4ahZly&huWOhL*D-bOk@U;y{D>b6n%HHnQm-x3X zy^t@y3wTeTtJ8&^?$zk_D^o>nJn>PGPvsMQK@4!$I`(xvKQ`JnP+|qTvtS}F?MaK^ z>)xJECOmDujSMhB^gbutkCvYZ*#bfBO%8sDpWCNSc5}EH(ID?o^C5lPeGG8nNo2Mt zL(GcTUY~~dhW50-?b1TgD4pxMPIPo1<+>fkPY}PJXP#J5IS}aEmEN2MfmY_Xkp?GLuD81GP)f`Otg&HZv3aLVF&-vhpiT zCyExSx5Gq`5nC*mqjNBH;yblvq?C*gfNLJoWssA9@4dKS{Fs*$H+)!<@Pc;Nzz+Pn zp02i)D(lqBSFt7gd$#uD>%P!-Un2rbWupW$e;a1#^!T9Jcdg^xm4`>sc2dp;@<^?} zcU08(**kIAHjvh1$Ct^hBB@WHi(w_uEFM&B%+a#=e(-LARVbDSa~#4XD&kGCyM_cJ zn6|ZCpfWMPlDDWh05mO1{~~CDE{?eWr|L-Qdy46--rd-5J({gFE#N?fHWTtt2_;nr z-2gH*B**2_73~9JI9|aEL5WO%7eGZ+A0$5CVMDliDMOS>b7Q?(9a0g|7P-s4J(!*g z3#2)sOBqr>u0CUa_@<=9x{=8|L>4g}haca#^K*7yq||XT_{CGrgSPK&qQ>AaXjkO; z!ruf}?nr&5IzSB_;ver_wHrDaL);QFt5hOhQ#@(UZVdY96qRvNvG3*>@nlV2g8%qtwrK*HRHUb=ClPvGLP*X6UZ2jTr=cE8}Tdb_0 z%D}Ltzinn!n$#BT_vHI9q8!zl7vi%RD+h_%D!@FE*{negH>}wQ9Vgo7sNDS+kf|dk zrjW~$9MS6#Z9^leaXjYxQLOB@m@8~M9UEeD%}fq;2wj={uLj)d5b2k?r+vTX7fdqE zFOEbNoEX)b{HsS*hV|ae%6Jn0H25PxD0o^+4F z%gWZOC3g_ZV01EKYG_f)hO38zkzFm-kexxgQE8UVB%D0fU$5V*X=Lt1Zf&qi!EKcZ zqY&XEb9TOVM)b3L78doDwMN;yqoCCSZ!mS+u}WO!fpc-`GN39{T{%{(k72HSq3D1u z;!w7zb7XAcz*GFvHzop7V!vMBkc`I;TfUCIhzP7A8AN=Oq1myzDu{Su&5PrR<^ce1 z-$*xNJl9E3lgHb>PUR%Q8l=l&YzmDx zp^@!;bsJRFZW`+%kTY{oP*JZc4~@EI{wzd>7Q7#68`Mg|A@bUw#I|`QbW(cx(*oA~ zya)J_b5a(L5);v!Qh!a8y03S{BsiZq^r>Ga_O`mHF@a<97w`k!c=THqj{M)AmwLVF zIh7%XgnXegT$A}M#OnYkGik})K9l71e#{ALLiKcbl z8QUDeWN|V2JJwFL1=AOliPpAZ3{*wfBsccU0bjDGjuRvM9lhZl&ZTG8bNJ^v+c-rg zM+x%`bI`Fd-iE6+_=;AaW4H$%?-? zlwIRh$=2Jrgjo??;0rH8P0O!&7!BynsWE4hPr~s+O;<84~QQ!sY5#89S2;k zR@s4O-10^RYAxK5EjE3nlD$84jN_{nT`EYMeom4)R~zBG*bGO*-;9l6)Wx(m%vW&? zoS-yS=`I~sCBks5;dTdYj;0sGJL+7IMH11TN=a0ivIcMc`6Zg6g5qBBp%u^Z{A9%~ zD;@0{L-XohwfWOD@Y7?Xk2^<=*v1*G0k~TCH<#_&Wj%)O@{+^T%#sp8-<&oi;(Tj+ z?DD1>n}@94;xo>TSBvozUOG<8Y~`2scjZIJ{n8xW^0f!I*--)$v|`>CWXbqS8cTig z#L|&NQr7!{J*IX?fi?aGbmu+#Pt8>v-};6BYZ>$Z3I$o1{udPF_%=EDH`h7;0}2kq ze?!4iBZm{}1W^oFB)DhLe?dY0|A2yZ-%!wKInLzI%aeO0K}^DUqhAsZl8fcSMhz!j z!k}8sGEa+Ar0bHTLUsFt+BJ=y%6w4*N(=ryE7V&{UUC440C*!#DRc$6%;{CJjTu}lXwG(wfKqX zLSH}#rPTzb7&4+!#}Y|@pE0>tRd}T~jx=wcQbyWPY4VcTO1@?Wv=KtnTswGnA9=T4 zuslsSjaUKIq?tj+tq42K-)-Ee*3wJ0qSEh7$ZIAhrjz>wBj`aA~c0y5hy<~@WYtaKxKt?^M;DN2%1#lT71tfN+cyK`q zdw+1XL#7_^l|rIx3HU>%AMiDYnELS4HOrlQqL|7$^<3dhAb`3N7cr2x(*nwarSY~v ziE;RDaAr?;6hec8jyOZY)JT5E66-@h0`$XHOGmxFRkuSvbeVAGTfS#|Nn~&cSuL@hbpKdSn2WK3t{Jh%T-tV8n?(+jJ5_&t$q8RLplSoP= z?e^&FPbTg+`P$vIsrJ`Ab0V^=;tPt(Kj8lP{sgP4fVPhVQZ)>crXRH#}aO=;Hg zXhMxQtw!L>byF}!b=VQ;9kzMb7CHO~Sup3nh(X`eeyynVnkvZ4VX`NEg z!v>-iC)#>(L`*E}k;f2et))sd6rrHL- zJTNIH*Q*uC=rFja)@-dd$#N|D#PqdQvE8BvDb1pu!itRdQ%Z3+La0cH7{Bp-3~;T( zAp56!W;O0SHw;5BBnFS)wE3u9DF!dde0-8XSc4kCP`yr+3CbcdG~?wXYMYwPs*djD{ZW$Mz_^}egu z*5&_v%+jV?7+3jJ?@zd&@td60f)GejQ<%a zBmX@B@t!14BA4OosBM%E^848%|4RH*#EKAv^P;$u-Ae4okC4WTlYA%C_K(YJ{_}Tc z9CEp8@$T{55Kz+pDNxh@TWFyC@4+=cMjo$4(jsCLzK-&e5oo*oQ-o={iWuK>u-Q-l z;Bci}5T#Coh+eLI91noHGzx(OUWp(+9prR{9t|?8q55kLZPt?ExBC6eH9W?jnbEe_ zuFpEgM#HOh!AEAE1mGZBSO{~uwNi%!^zD)7Df$@V8DU60QQq8YEcSNhsrub!lI_&L zpO&H-)(?EcnkTSKJc5HPPPQ02nfVRF2)`z9Z!}b8LPD#gdl`{ox3hi_=&OMDY&TR2 zKn7z`orZ;Sa*Mzgt^9QIv)nNA=(ZC@%Pz?e8Hhqf!_^X{%1Vw=VUpcBUSIEiN}_TIL#eVUW0>A%&+F)w-&5k6rzRF>p+Jk ze{Y!?RYYDdZug0b;H+#PcVE`@&-a^RfI@tw5^Gk9i}OD}NJJ2V3Z}uiGu;*|U?QfN zF>1ct_A_Ia6QhGW*RogQnu*LC2f7GF@BMQ%C#R8K&V@1qeR~D04 zsqbi|rr)Klm=i~+zr(g9Uc0z;)I(b}!x?3Hm#ZYegvG{F%K38WlR;bS3+0vxw?OH% z6a_CLM9Bgs$+HG!OO=om1lQ z@J6}CCQ%mfr;`{VNDt_WzI2RBE+UC3Rv;m3cD5ys?SpD9e$W>&YZKaC|17_onHp9Y zighMf8dO9s85+nfMMih7h7=EVjE!FXd;d!Uwk)k6UMc9yE8nHW&D|*FGOi;=q@_uf=tr2a@g22!(6g$bvc^!c%QB|X z0kG1DHtX*RPBdd++*=>IkE$jRQJ(#qU);j*`f+t}!=%pV1f*nTXKF!zc*QOV)%GR) zv@HjnMWNt~2gbD3f*^XuUA+arKc0CDIZdT?pbD&R+SP1=!WRQa94Qy=joPnfbaMwr zWNvQXfO*ct>R1Z1Jb`1w;OkDFBISB)a04OcPJX!uv%+;vFQY3ml8{dpa<;;IJB3Q| zDuk+G171azl9T8w{=p@5#0h zEqyxREjgsPoERrYC9Oy`N&)ZhPXmF^2nbQ}6FyY~k!6c}(xlMb+`|qD{ut4;Cb8U{ z^KC!kKEL-1Tbh+R2w_87y%nghy$VRsXiU%mZ+Q9;Fg9efjktE z`q~>?6uQh}lpsI>E1Ol(hdQ+88Eg{y@3C004_YaZ2pm5+9HR4)QqG>svQ0J)IX+Pj9TFpk7``C2S0thJE1IMZ zf&pK$Y=`Yc-7!1TSEU7hn#ZId5XK5eARW^5Lpfp3hY1_l(D4%df`8yb`O&KPj*a4h z8{=S4HbJiwYgq-OgHX&VujxZIPS3V;`fbNcRnPiiM>bx?I~^4l)?)|#846G8VRPb9 zIY!^Kqe&u^WMtlgVqZE&KN+nJPeubt$<}xE37wyL`pSZwpBd!lO^+H{zOJOEO+ABl zV0G@S^j1f;Yz-inm1W2Xmw#QWC=$zUo0sE|We5PFU!n|i_{8S5M?bL1=0rQN(OL8b z0_G6|{s+9s^-o5BEX-{GLw)Ms=m5;xP+sFi`tvP5^^9y<&F!tO7fW4;w>;-S%;6|g zv&S3*lTPMhfvb60!_UQl7GO*{1n=-FBta4Wv8GeyqDBkukxFnM<545twY7z`D@lZH zx_R6%TsQ0u>?PSbyYklhP?z;3=0ZC}6&>i4UG_K-4bRKn8F4(9{YZ zjY#N)Knw@PP+j}J(i7KrtMilB4HFn_qvuFKS+Vu$g*zsN#r?I24@7(XZrC+{E9D+Z zp9+Te@~o#@U$@*nyOWdm)SWPO8L9Ps-Sr&(P%X@18@239P(aCo@+$>*mMiyXwf_`{ z$Wx2o6qEkCln?r5DUsB!_Mn(k6fowTN>w6`6G9Ys56qr4I$a;#TSlP~D*HZ=lv;Gw z9~`6M*M3twblJdPDI)V$76b=!fy*av$edc>)73{IzxR+7a@c{UY%#~Kz0*MC{`!ed z)D$M8D2!TZF4b;d=KOK^-U#DIy6~rFa#4HQ6GH{n7xrEP>JN7H0ArWtQn|RRU#H!1 zDU4U~?)ZE8;;c?|7rY}Q1jnrj`V((wrihpo7#QltLi4nrh{}o}`^z+IJ2_~Soj8Ci z-+AR#s++0(c5qq0x}L6+Rf%+4Sgj1YJcI&HflQ{I0nPemSNs2C?45&a3A1qT*tYHD z#I|kQw(Xn~+qR7p+qP}nPHyJAb1`?OzM6Wfx_0gA{dU*>=Uu(}S-(e)J(Pw1svNQs zbv~J;MZSdjXyyTqZ6twUd|txaB2os_|Ak!munMC^4|w{=u{KbB-^(m-QGSoup2jt) zi(afTo50RQO1PjWkz_giF!*Sk+?_r^dM^`K7II3`k(y>a`mhYW1;kd&vcs8%q_{Q` zB*Hk0D798h=XXkgdP>b;@UTx>kGDQ+j5wtkrK+2$$>k_jd6$Y6+0V_KhYUo2X_`3% zN`O$+YYVUB#zd#l+bmikd}8IQ^c)Bvxisrj-nY5|B=>pMH}0}ybNW&Z^M=ZnlTlF~ zX{kvLO~>L;@xW41cN0%z8)VNd>#|Z@uZlcdg%U5}LpD~F^v>B`KVd3smT#CKydYk+ z*P;F>F?Y2%{b~AmAJ~y!sClC0s=f`B4!jh&b~cqs%MG#i_onu@?BdG76bQ(i8Lr3> z4F8zT2%6kd%Thh+w~iQ0K#%I)TX@iXb|lNQv673I0!^5U?UCVhTI*G5P`OF`P}qv< zMb@IJA&^l9c}+DpJ8ntc@qh)VY8ur%2pI-{X1k{10Sht)kb31yQ*-|^Gdl(xoD3To zpotCzWqx|2?*O2YsL8oRJL*l<;zD@|U6ui(@UL9{L4{g~`3@QUuBgB1OKms!i%QhY zR~zZ%oBERpRfg+OW>NhL;3!ogafutnCv#?IHm106^yh{BC9L~!zC)qD7Whx@ECb=z zbg*nXk52m1PCx`=jVBIBVrR?3a@Uq2L*m-z$H8qJGo-Uquv#0h@Lv}xJI&|a4|lyJ zUzw>S{6(&hn>c_NZ)=MQEF|=58hBIa-KC(~W>l7q4|@Qd`}{AgjuBPu>vIDuV83K0 zenaQ?jhj?m)vg4mYg~ds_n9PR3ovJ>vtnMbzZ`40r@2()J~KR@?T6!l00-*FAOc}L zMJd+09lMG_VKb9%JDE{+GHjVxJXN#i)fhbG2Xl>2sPsOzU*j&cG`@e~d1DS<{LQP8 zwN9(DNN}}>Ll*|8naJOTQGRx7sWkY4Q7dk}{KP$9#=;$Fx~@?-)Cxi?p|-ogOlpRa zt|!PS*U~ziT+C z+?gd}F?rFn^>0m-o0X(_Ku-j)+&Z`A4lL7AFaWo5ylg4>xwela=*MsTZN+)J2fo3A z75Wrbz1L)$x-bXvowmW9lSM~<85;b3J;`-kQUKq3^5Kkt^TELG?)CI6L5)qWTb>5K zNRvRoPf>+9VBoi4Hw>_m2s9TxPJU1q;z#tScl7k6BWo?b!Z6pLp?e793*!MEyx+Ch zUF?v65TRZcuH>`7fB#vmO8CBdOhAmjMHbF%SnN6o{(3u0>uHHF3@aT()GD;kkNJ@m z3G~S7MFNcAz$G687W^~879Mt^Zw3SQefXM&H=kMv*p8lgC81{&Y354RU;FIy<5Ayz z$*-Ww&;I7w-roCVeDz!LI{Bh!_sDFv^0gHJbb7P$0jVsubhE;k7t0jVnunw3lt#}w z_OL^PN#$kgBiS$v zAB_%lEdWRCL$9#?bZJy@`GTEkPSSRX< zrKLEp6I(nUYOJPcl$Ci0ltN2`^@8P%A-^uAgvPZd%@?7wa9Q7y=kk$YFO}?@ly_BY z>bebZgg97}9*l}uK+rvp$HPNH8)H(|ssxBQe)+%A{FM<6viRl{Z0s|!D!X!vHo0Ax zY<3Fx1kvr30Jw+x(o3`7G!u@W7gEPf*Q3Gf&)MQVobXo@5T!%Yv{igfGlak`UfQ3C zL_FaPTJLP3k$iavM!7;kchL-5;XU^e=zfVdG5fc7ZV6pHZR9?5-@tk6sUZKMaA9Zp zzmrV<`<~x_AH>QijOd%Amp6PMBIXh&892BDodJTRZp}xc@nq0|7Z{etaL&U1 z&8t@?hr3R<2|Q~-Z#9{DCAUqv*vZ`KBt`l-l`KAh&f{R!g&`q2EGStn*p<7G{uY=3 zd;h19@T<){f9}JlEX@2bcqJA=Kp<*QqfBUaX>=F^5++w@vT)~{lVsSCzMg}j;jog# z#NxKR42@5<=$<6%&yZkw;1vKs^JQzgu~2nlA=|MUrk*LgZc^dE7wB#6-A40LA>%V> z;?kv()S6~5UL$$qC?@>5ehMVNmBklWm+Ij2BdU<>dP)4*lMi9Frr4v3%wm(AR=Lmn zf+B8zx7c~vY@!Nw*{yI>eENhBY+%hjHs(GAnOVYuwIi#Hjr5diLek}Ya%8ZdQ-g6| zAWtRvJZBE}sHGciCkfNjF(;|huKr=k`e$o2zC&sk5Nvgq)^G~qcgZ_(Ql`of}}e{YT?HE(T0U6}|TN zAD$1x=ges>#!)9GculJqkVVy>Q^v%Jz)bsO>vl?}*v%cvO>gs-jH{i(^L2ec8y(#a zKdhR;zt{nWsX7LT8CtapW-L&^o0GVW&%Kf$Z7|W`l%!&NXIhTJmJg~n+(i>qZVDhI zIR!y&g3OXsTtWzr2_mUDg)B0V?8sv9GGlvFD)aP{xRDr8lPWa4%MX?HbP6CP|0K%- z`Pg_PK`zpSnoIw3OJ&!lQ--?@hi#jc<%FZi?d7uXt>Y(xDloT~mqvY)k0CAoxu<9&_M7;^ZsuTlWbquIe8tYFk#(JaU z1~PlCpBHM}%Fov?Sf(Kw?uHarp&P%Xjc_kSSGE+%d_;njheU)a@Tis~KWa2A<*Yek zP+njLkqD`gA&ZTPcW`h1NP=XLYhrASYLGJ!3!f#NN1#c(8dM<14mX@ql*P2KaLB{QA!K z6($I<+9mV+{csP@*AW4($H(WB?q6fFBy8e!*r>*954W5nzqMO}m9uLP0UGiRk~*Fd zGmYQn0rKeValiPp#?x(z-09|Z(JdGbKCPZ%^KgkAA0e=f6Z!WXAJ6y4ZGXWxT+h9m zpV!CL`?DVRcYJZCJaQhIgOd0C7xC86D)S~@CgT?*_H^L%>xAcZ+m5<84KrGEh!zbE z8V}lj+e)gf%9ab_|F#(ZPtTz-^uO!>u^9f-bNDY7!+&}Xsq4}0mO%#tjR@;z)ECtM zs;kp@(g3CXCjqDZn>2v_gMc;uDUJzC^M4v8m-*qaaSVcpt?hrqM%VT_H1@h#ZIDZ4 zz->s513&eI=fh~48B_dylfpgumJmd2>6BrLUETR;^<*^IN)_lyY!D}i?sL>c7j`Us zM+L;Ys)8N0cj6*3CWO3=hmYsi6rpDo)hx0Ps}d3vnWFT!C87s!3CWymzY%P6aa$#({HmD3%0I7v%&kpukMJuRpoEJ zBbrV@1;`r#x*)ilhoxY9lX*o2f>^^~wl{Cw3;X&La?IXORqQCsR1|2q!>p0}Kw-a* z%985&ENh)C;Non4o=tNmi3XCfqugm^%H2+4+Msk*m5FOsR|`a7yf#8=8D!~6T*Xf> z&R9VXWMEg8#Z7*(!cgEH$?%Wttl0DNuT7O0lD}|GKey+1SY7@1PeYvxGQfDt!Z9H35yFWELe%*o>dFVt)4ivp6 zWR=UkGz0NOtHLavzn6t;yi_U^M6zRbhD(Q7dAEdxxi2G9bs7mI&3`}~s(^y`F_20* zk*++`Cb9viS+p3tCRpKw0;#uRa1W8k-D2xHj6p9#0VxUhnLY-HXn{^LQG#DHumTc8p6Mj4c9b))BrI%pl%*r?nWT^? zn!XMvo_+xepB@|R9o;kNQ(+eF&EZF%pmwE<5>KK>x1XSzE9AEpxojNAu)$Q25;9N4 zue-2dmee*VdGk&-HN3&-1G?dN(AD%brgce&TjdlRwkEH;xWSDy8xBIG;MNJnmTew5 zx(4dwy;j+xOqK{XDj{yl@YnP-$pfkZlTt9I%}^INNd1~12N9-doe>Ya6dk4AM-K zk){^^teVymy$kf%F+^eyB6A`Lh4FftTDxVp{{?RRvPF64k;@DW{v1EN-_xEMJPn-0 zF1v4!(~>N_s}Vlsk^9=2!tf3ha^LeF3Z&bRtS92Y4X^DZwG=Y2?2+plDmo-}6wvg< znGb(ygm;p1^Rc!FeH1_q4{}Cd^7L~?KE}Ni30*4q)~>K2o;z3EzQ>NF#!Hp&O35@Z z>|xAv0_x)JEw?=-^ub?W$SLr^V4zYW-})GXXs|%HSy_BYS4*}_Zam29#VKlNlw4ob z%b`7ck``sO*pB8XZ<3RgT5lAUkLjFf(LgJW->$Yyy%~;plOW4@5YMX};c2-<-_H@a zbg7VQZxo6O=6v6!*WE(j4?ZjOhRK`uv}CRYpdJ|9WKRP)A2;ofE6;SnUPL zRJJkM*hi;0wm#D}m;7L2%KABSm;{KMM0Uv)il^I`6uj*RxI z?+50FsJssej6q+BhYN^Sug}c$cBh6Bxp>?SPS_I&9e=7;mALLEY@ zH@_P?m|(yfa-Xo9ux>*1w%;A)*b#3!p#x-<23vv$fi%qi&=$j>Cl^o6<=#&aiMEEw z`;ZET-k5GVlggTeJA14QDQTCQ7y=_&wF~h}Re}J7;sA?C=^K(rHb~oG?akia7sb0Q z8=y>m>m||$_=RhPLm#CK9RWh{YzLk3+Y*OH8H*ra=jOiiW?yIr9Rs3{_$z-#(;5LF z48T|i)gJ)jlEj}eYiv*E)bCYZbq1Cg1wok5ivIAhxiw4}fn(t}u}cWnAreC)0oZ7M zN6z8tHmcL`exbB96CFY>!X@P&2qT{R>xUvsjNgH=VUL*fR-nqBLmt?Sh6YuU5MU_K zA&UMAjCjXGpaJXiIUke4^a@B=<}bWhGuK;zC0g=j)@=l6$0YNK5k)l7?&fN@H2pFW!#^(*@~w zI@bbZ@-tB%Z66icRLX?T6v0;A0EV5Z{f7EtC^|yT0~}^cSUu@Q0h2ER)C~rtMUt1x z&uk|MI(wA%Q9s(2mhuwZPQvHrW@m)ywW^u=x=dbnKYj`*n|aB1MVM5ByZ-e_u=M1;^g6Y ze9UYFz!3nqM@@1dl>VK3+|Yq~kWFK4vgaWzeO48>rlcHI_Kx5{?TqyN?bHl5!Kuy$ z6RQM(dA}goP9Wqj4|^a&C}sy;|F>vgug-LR<$O{49!*7S^HQyHbqVR7dg)^C(!uri ziM>5hj!f@&2*2>(49_YY9>P>uhf1bV8=|k*t776zs6nVLmNwsX@>TY(98?o>U%6^z$BH=c#Z06sdf&j!`GzU<(HH;K41 zW#0`F{H=U7f;kp)-R9LQ-FOEFP3bd?(v> z50PCESPyOb;0@hPA$hBDWU?LJpf4~|yO^~x)Xa3W4}xDL0xChZ2=cb26oeQuG)^?% zG?gAozE+Um&T#J1)mCJqvD{y>GI}Z8@8H-Qkv}T}V0AX}iGWkQt+fZU1CB%5U|IIkc%yO&s%)Aya~O#B;&qXcX|XHKefirM^Dd ztA5t1a-q+0f+zYwZaw2Hu-01}GYR_b<~-&io2F@TDe#lg z+VbdP(=NYUbBVsN39BIdLW~&Rr$@#%uDY*@DZl9&zT9nf`mDUp(eclxa8L2`XOhi@8(OPrR0ynVTe75%?Vu% zEuE}a4(->b9r@}>8Nz~fK0?j?yBndljxIcSXTm<{-H1^4p4nv`yvrlsS$)DfCAzl2PgEQh(ca%*sn$G%*QRivt}bmpUWb7I}FD0 zoja;7JYCqgDvUwBKihSq@xo*Lg4Di^>a;a?D>yZg*|;=+HpwC@ zV`K!gA4gus4d|{F5L9!_$E^gvvl`$aa@uCnGudItSP+p{Q!q_YKO%v7fwIM>d+6d| zATB>YOaR4RyG86{t!$2*wd+oE&Wbfs4~?JnUEQzG@yF~TpDGyC9{`;Jg2J3ed>S>n zciu*9&@KJt-_Q$TBTnAQ2A+*0*1O3Z)EN)Uw)+|=>u<)uw{QrR06mty2y5-ngI=W~ zm^ep7`tNGF&}uc+MfET6n$ykRf3JMlIsT>c`R|*E%>O-ySxY8@WcVLgwvhs#(W%hL z5qNcwH+`ER*oeZQOB48dW(l{)*A7a!*WDOiVpGFKOJe zLIxMIGSnc=_@=1<66(GHvYIIYnJO7Lny7l)C+73ER#Hlz&CLY!TkuFQ!sSnZ<|*(> z5{n`S5{b7q%XDMs!&0(e>nc)IqP-IdXHV8rmVX*FR9uY`ZjEYeD zG#s2I=5jEzQuY(e&ZF%!B#6P!Yr;e5=s&y8sE~!8)80-9z)KuBq1e_$>JvT)c&KD=O1jV-`{* z+t34nFQxS?0F&k&1L)tTGx%MpFc%Q!t*GXG+I5tLU|v~qZbG&V95^jQ#V@m2J@>n* z;+H|zk_tt;jha{=w*3|da_m|^4Jhkxm7Zgu_e4P(0|;s=W%OWFp>U7=AWfAfigEujIgBgX-k&JHp4$<=N(Hiq(4fLH1(sL0 z$Z6IOE%`^pF?5v*CPe6JaEoJo?NmMZ|7#=aeZT*sjrj2SUJ~=;L-YL_9)5hC-tPWh z?muiOf#2rwb=TU#A8Q}Sr}Jy`{!(2E2^mj`+4hyTGg!rJWB%1@$kv)Pq4HPrj=tX} zr&z6K?y$o7wSRtD?(|ONZ8K*34OMp4U~=NLZ@B@|PmD}%Df88@@ijDRFfFyBwUr3kC=yNMdD zTtTAL<2WsY7qbhYt3fuvc)XS*yh=R?^cQLA*Bs=~_j^#wn9zp^v0Dx9)4ht}tKe`Y zc%+~*(s=WhlCk$f`bw@k*AOT);39e#tj|g_Sev1-FFXSxcU-3W;HNA!JCKHgzPw3M-DQe( zp?0lkp06|{3NPT4hY0ef<8Xu#F^vcZXo%`}aMwoZC;N*Odo2uqO55~v(V!c7bV(+!m&<^d&r zmp*|#ljM8~5}!Y=)}lOMT->8n?xmGbeCP8 zlrZ7X!m?2hSCWSo z9Lc^}MP5JCYXg=%(r9P?gP-vWQ77&^d2F|IO83|0by`Y z2f{8#5<3!M>#n@zn3QmAGN0Iue+Dc=k1^UNlG)^QoQMXEzYj% z)xX4}z=n;M^!s<1nq0(PW%81XKEn;hUyKb~JciU|0Xl|Q409Nue;Ka+-?P;JGF%OI z2XlZq!W3&pFwLJGzzysHcDE6$)_lhKj|D7YXu$A-(1P%S5QF%W|AUtJ|6Tvjtsi456ur48ny?s6n1$3$I8l%4F$xJ65&eLer zHQ|<>wQO&(D?=^R)b_JdQAwac#s+7d1{=G)ShTfNi=U4O*PQDJE(en_Gs6mMP9;7|=NnzTxh{lTCe$F_d5wcC}a z1asNZDvq8A;hBxbIM;RTT-Rc+eF|{!C&)E=sg0u$W?A) zjz@D9$-@qa+p4;Vu^zRon@~>utWj9G7K9MeJQi7v3xm51p zT7?SnLue8Z!xM)a&2#492&I7n#eTvPo>)cYkwMp@`vH|j2iDMzoVU)9khOY2T zXY=QI3r-ph~O_-n|CuyY;;kL_lGV7`dI`Mg3$5lmhoM z_Ht#Zm`hR#m-c-gBmHI-_Pljl{3dBX?fk~$i+NY+k?dBxZAG0Jiy8-OW&?#uyQ#9y zE>77s@2qzzS*%Vy89XZCR*0^zRArg{FD#0vx+nWX*!|nl>0o`-!HeMG3L6Xaw&M6nX zieRpUsj9BY*`I5e0@dwOB8$XwRj?F3D~9>vvTHc!)-$xoEO5NLni5{MHwPSAPmwz< zZegViF+7eFQ3813-6-^CpQ}$Er9yu~4_iEg)uVN=&ddp8=L=mQRi#2933rB$xuuYo z6S@lf5^acRpks(G6b(Y45Q9hSotDh{HwyYpJpeQKSHl9YSIM4AYkxc#VyB1L$f~Q8 zIO&~{K4cg2GTJtQ!l}2Rmy2YsVYS46b|iigHujYNP&wuBnLIC%ewGW!j{p}P3CcUr z!aisrkO#)3h`PcEpzC%c%_55XeyE0{eT3cOuLl%2e&`x#1vT*?w>+`nj6 zJ3=)hWnojPy~^xX9K=I?t_=SMpb_Fy{r75_gW+G;JO3+%iJkqwE`~3)wVc-2F?@dd zgbZnvn&-4UbH5A!TJ!}n*)*@;vJ)uE!4wZ2)OY)u%v(do(INB$O+ur`)O9;~cSZ0@ ztSmK}Xq7ZJ%U;GHNB)8&5t?uWLlZ+I2SNz@RbuDE^I{)*5)fXkj3Ntn9vTre!zIB5ti-~03hHG-_3DtB~$WL0MmP#&?6Eo`51`C0iKVkKCtnQv&##%!|X(|^qFwEdS zhggV1wIIJ=*wi|F!MG$cHSW<~NWs<^$1f@pA1z+2!H2P3L z^gWT^K2^k)=t#m0`s&HV=6j%ZqpFu|@jawv5|QIe&>-6F$8WnrVF8IJ#EyY@W=5T2xA z6o3fy20g&$73gF{O`qdbTHuR8w}=6eN(+^z=%%{8J6bMGTVjOGNwXFZhrT8D80HM~ z3L3r7meNk)_$Ap0(8mI78XS#rNv#{BvCOKv(`$T_#1`6>nm{=RH{IlVDyyrwsy;I%DSeQ``WAQo`dzi3jkxnF(o&KzS zp8_XZ=F8M^o3Ym-q0xz#Mex`HZ2UbX9Dm3%r%$eNOySvxPjRh3aA)j%^P<~W(mp=A z$&;t%*+(xws+8Ge@^(MEBX3P%HuOxSK~Bh7!y*&&_iPsWBh%Pw`HKP9cnsfIG<&-i z81JF^txrIMF?V0=UkuqT2?n!W=k7k{I_ji_6((LS$k3>!zjUfS0QHc$2y{XM(@_gC zWtvux!>(#Xad*YH&pcEykd>*qnU7Ky>SW^&?z(u%vu_-dV#h7s9I5Turz(PR>5=^k z+Z`WgZn5%^(em2z2$6X4CI|r@w|q#;vM8Zcx|5X*z`PlW*&myV zL;sEE3*uFsory78bW3V_FsO{2bO{6uSr6Ak+d&6{NNmhjR{I6KO(EY4aNw<#1^aI6PBSle_NU;~yLr~CD|up2e<1qBrWMCwZ!T;>R3;!XT)}#TW4Sw6Zw&+j=C`-f z{f5@5>_b{H`Rt}Sr$dNN8jbMAmLSWIQB+811)zL^0Qj09w8XM-sOeJGnp zAL(Rjlo{bv^1AB4hl8(zyn38mHoNB{0%G6GM(-aW_zjfNCVd~nTN1CcdfH6bOs+ev z9|zJlSuif!5RcPbL=?+;M;w3peTu-!1;zjSZ(jXgqMF1GHCC4b1W3SZPlIY#P38$( z{zo8G2+^le8oV~Tr|3pHQ&U9?Byc?X{uHfMGv`JeX&>%5SWP}f3FZ%<<80#yOUA%eKw5xRo8*i&xFJVD+rir z#g;1RX_{DQ&_an@5fL>?iR~8PLm*$W?!)_Fqh4R_^F8N{Q9Y;R?K0ZioCm9``NGX? z>-8~7p_6SUTbgq7O6I!=CNMs5MmA!iroqlzn&7J0^}1CyVX|sL16NP9j=Qnn#FC5> ziyYemF14G#YjmmTKZ#U*DszmGO`8dX#)vAB3iED?&hQ0UAS zRdkZk6Iydd?LYcus!n;utijN~qVAP=6v`%xeooko${!>|T}Ii_#FgSu_yt!SUm8|W zMs{}Gp4@`sSVmTS-|&k;&iFFy(c6uLl_An#aFr9aV8CaKrK2}>Bv_5&xIO)M1QUxC z(Nw#-O#Y&ek+L-T*i4 z;7n0ar0Z7zE1J5X2vSNpGlG%O2`PY)!7bFOUjV#Rl<9OE#^wd&z6IcCy|oW&_oE>w zl&0O~>pzGp3td~sCGmHq^@U{vBg2gE{ra#WPz{wvE)hUchZbg&|HDWC*R0|w9~dUM zKPj?8p}UDsj6o?%ixHt;Bzz{c1Gr&v-;NQLm`Py3%$TK*5p{+MSb(^2KqOkgfY^h{ zhYUz3HgP})_zNKdN;Ie~w2=eDh`HKUZ2%)GqXm#rbpHx1idtRAscr{qpj8thL4+{{ z+E!3mjdXI*#+JVYvTn)q`C@hR^wH0+Rj$Mi9}kajGfUU!Yq{k0wT6%9hnDxSxgYXF z%jauXz6cAw+NM^PLy|&FJkYgX=?!KR@|`R|@6P*UAzGXTX}K9UYL=ciAF`n zsi8pJ{5oy-CpQopEe~}Zq@-{R^L2eb>+6# z^e=T=Y!b2}g%Ouaq?2rb}#puQc%}zsI9n=PSUrLa= z`LMZtYCgT}g*%iRLv4FlRAklj*l(IgG*b8&_#)HZodl2$FhijZ8@^ECKik6Ipudc> zw8Y2p`a^d-Tl2$usiT0t=F}*Csfi4LF$J`L(WE`5lUY}hfiNH%W>~~2A%~{@hTs|( zU^M`BirInQHD~3q>T^QJ1K$5@HC|AqSGZyM6Bw;txS^FiCH714<>D+&V^MpM341j7 zBd~6f8oxMV(x%>_8e%^S6bY+3)DsKeIDLhWn_dhp+#kIi{Rl7&gk51sTW3~yKZy{H zNE^fz=KSVCNWTF0m13__Tk7X8U25Rh1_d{fqltwf@Zb&yC9;koE`?(U7iLj!)`cSw z-WdUdGh|pUE6ECWDRWBmj1AI8Ad?i63)L4HG2xAE-@BW|ffCdq=|V?>2pCrgmscks zM7{_um;kaCUls5oPIaf4@<7epWH+ z1|DpldPTZ^-~9MR^T{~;j$>kS_&U0utwuVJ8@o5ZU*_Ad@%&_zWKereGRSW3Ho>_s zRVaD<9Lisa!LmVr9W$M4WXuSj5DvI$LIw!#AdrB-_6kD$lP~zc(1HKL68tAR@L$?p z)+4%AYamboLa_+UAkcZi|5y=(5%fO@oblgO5ArX{jN7ih1)U+li7n==RdS=t_P`5o z)P|8r!8wS_4dAZTr`{;=bWjj`k~9)|V;WPSX&K!hrjDonV`X@e6)Dl@3+ehvp)(K( z@g&(MExwpOzS!eQ2?-LXu82x0^5@XwVTT+p$>CK~xcx6yFKjEQcB+T$tjAOcH5gQW z0g>ii<}$T$=;0@O&;%2Y{n_IDY!GvuObB7*)rzwbXJvg!4tRpUfMJ|AySNyQTT)Qf zu{`&>_g<}&8Td^0Jz-){%}SNAluj8KM!|XS{_z;&qG6%%w@3!C?lVXWhgaTMdP)_DU-J9$qbnKWuvEZ=Vp5p z1w3exi{xQr1DD9N*A5%i;t%5%gYV)xy);cpB4z>9?)3z+Cn%-n8IVb;FZA@43aL#& zWMwbB0$t`ht>k!LV42b^ryLn%R70TMxE=}^n=ncuN?6>8#3M9*xAcnRkaHb)(jq>oOp>fB(+8IYlRVVl*g90@X^xwEyvei?3%c=#q6L4irP4 zPr6M+kXbvkR|c^d*u!OIGaJYtx-SKZyBmy1P)r)Zlral&HSB>msEOaeG7AJxj%PFX zqUJptkWBdquMBohVEYKS>*$2?pyh-}WqoSvm}dh`e^`-Y>XwDFhed0zm`^YbZyLLs z82R_nb{eT5a`qshm|AqnTTNa{>IkN|Dq#|7wI1yIKAm+Yx4*V*<*FEu4;LsIv*D|C z0)q1?3Gq7+)-9{D+A?56p;J$Qf(Ri|qVv zh;v%`C0WUH{Trww`U2KuYoF_#DYYv<&-xUz<=HG&$C7w!=_p{+S7=pHM_;F zHp;w;sHr+@RbKRSuCZZVUR0`irs|oQb1eVaxmlIP*(b$-IZ-5K*Y@W^NZ;FXtguea z+OEh@v(m1`waZdJpR@*T3u@JBuw8)@j9)5-qBz6-a zsd~~hadvpf)H&Cw&gYFH>|7TUf%C#!-FqjUJREyQ3u+n88h`!;pY-nab(Y`=p}o$hN7 zrD+|HbH0C!oEF#xZDT*>I&AX4dF1|~33#lcM37hS*VsR2Gmm;W?$$y;Ag%J-D=T5*$`^xJWD#LI)u*490UeqJ!8d^WB#F6oT)znjkhijFyQGBLHGtN~m|3XQY{8%FF^Ly>hq*Zy}$OFM#7Q z+uOv%lPBcQa|beiMUIT3kP(w%*MA#zt>SSI-J);N3NC`!z`M+Z#1yKsB!aEqr?Ztw zKJrgk)8uSJX3<*9SYDW;X)a=mJ-4vPUZ30Vk(y(G49M@OPGta(g)H#2YKd#@Z!daI zm&WZ~`lc<3*e!G&#ZtJ9wEo0+naFaVx@l+2th9|h#6$t8TO%^V(EkECfSgl3E$2q| zR@C5~%^F#`F^)WI{##!>MKPFX+X~9m7nOlfWhr5a$HAdoU*AU7kcE>Tar^UpKI~Qo zsC)Vat&r3JxZazMvL}4zrMmQhc|!^)O^Ez4E8qS($BbwIa4wVs&z?ut({@H$tiq3g$`~z*p)eodqq-nd6s`e2{bzsU^iqp9ng2TJL$XxlwAOT!dY6d zntBm^t**|mK7MT{q^83@jYtGg5-Fp?;zn$0v`c*)8dJz|672`1#3iW9dKx@lk5weOzZw6*l*c0;B$=HXlw~sg7%0RDF-U{f;SJDabMgqKa|Wf zy4@=GEVOYK(M(R;9nESpoXy1ljY1+oC@&c;0tws)d7=Kc%tqQt(j`@DMIU9pnN(C@ zeAws@^`VL4HAo<0v%O%T4OWDL_+d(Avf5G&HlxZ8mbKFnrD2-Q4Z$I97GA7sas*^{ zrHN2x)d@qX=Qg;UO!mJ`F1b&wuJPO)TuLoob-XZf(%Ay>J|3yk z$X~8S9#>6vw9j-hS0VEQFjNHC+jZL-EH8mUF-9N*u@`gA;8s}*lx2+T`R4sLyXuso zki;hdgUm=VRH!IR70XW!<6`JySVC2nX-EZ#&!;&k+s5#8#8wng@LLGJA$gfiH9>7_ zI27oY`}=k2eH*^_X?m#ZAwkMnW2lL|w@T{y;WDE1J}%PjVaPSvG>^G*_=5%hR4vqh zvyK<&vuIyDeWtr;n&-UK%fwvnbLdDRKqpkb#sA$AAsaEozXlEBLBkJeoM#Tsy$!6v z$xblgnA)HRH}CqEmEhFAX#>ZL!4x#-qCZuGA{E)t5(+AjTpMO+MQ4S^Qp|&*HQ}6< zz3FmsuiCtdomx6Oi88>RlR=+-N!C`5ctTnlCsz_ou6Vy{p_{5B+KiRDNa#7|(bKk1 z8fo%2k{)W@cnD>m6a&|LP`!dwm8;eFbZ1B%5pL6b{x>7Ylu@QJs(4SZAx~6F=2~i* zg5~WrFZWd$Lm<+%69P!|IjatuOW`|(q(tGqb!#w^Mtfp_gng4eF;l?rI!;-HgVpp# z_5PxAwY<5#H2(^TL*iWMeqZdJJO99Fn3pX)e2-J#fi^{>9b$erqM7p%CL1DJ=J}5M zR9C*Z;>sx9*~_C=B$^6CWq9(7AirXU%3yI{lCg(F#wj&5cz?>HX94F;*b6ObZ{W9T19Lfx~Z9I!v0isT=HpNqeA_ko>cY>Badh(?!$es)~VTO=}zZ z)=bWAHS0dWC!T!_<@JNaDY3O?AVEOY)#xF#!nWpqIIsAmPueBD#P!<8(zQI}!P=N4 zBIDwsP^!J98_!v@d`*t4H2PMKYfn)*fcII8OX7 z^gN`F(rxah3O3p;{i7E9tc8$ zQeVzM0HiMdD2DXr>s>%UJcX~5^q7G(y?X_{bNRQRvK{24k}bZh8J;KO^(0%07$7?C z+fI7v>!vq-OJGq&`up*3a7yh=k->rn2!fMij+BNk{kOWDyDR(2maBC3)8Q0glNP=L z0HycY%UOJAX{&^yTgXrEGaBHk-&_8i> zM?ivM_uZ&EfEgGP zHqk%}X61*llU;<*|9dFkwTFE?m;Xo947p0X4z%yDfuPqQeGbx5_Gl1t^Xh}Q&(03> zMP?^;MQSO9J-jS-$o1G5xpWEtWiq}eT@uhNlp(g(r2oxZ-lVyU!8#8MBajR0m~g9k zcQCiJ^nRe70AA=RJZHi5te7)Sv4OPbm%utK5#|}UhTrRzXL#C~w`Z1coMb3x%9TNO z`hyRI@nJ{wWo?c(cZ-!E;IZ-Q22+b5POh0};bTj_c1fbOPBr6WVO1)}VFzN#9;Ff| z=WLSdVrZGHv*NV_gvS;80R!r4+TJ>AZ4-8I4t$Z9eXh<--Z5K;P=RHrtgK|XX+=Pn zIJ0=nrv)COCbcfYUm#@Ywr&a+U%M_P8BXitW3E7;p$i-=UJJ4JX7t}t$#z6Q&;Sm& zcU?eu&R~J|c<|)5_AmL4J6Z|Aqj`i`%a$!N9t+MfMb{o7rgXQQ+GU^IYMw`|F`B(; zX?e}WX|*mWom$aTs>gAQ?4C=Kj>5QsRFmWZNs=TFp%*@Qp%*@QpTxP~HGrP>p%*>4A z?tACWebcQ`>wS$v%G`>NlUqkRx#O%@v6jL-MvT;P9orNmh!ELca71aO=^#0 zzMw1WFng|BMZG;XA$6}`ZZ{znS<#G7p$W0E812S@k6FGiTZ<~shs z>hoP!!~Icx`z$Ni>uHi6FW<9GUTq&Co>9H-Ig1f=fn_9Ig(R3$bHrdmCsseftcTo&NdCdA)GwKAWai0v z9sJ|Fs(y_#RI=}nL&&ZZ)(~!QnNpzz9r(h^u^=y@M zBkyq%Mu=&H&V!7(3xm)M71965Gj}UoES#-|v|(-LHeF`YS|CC#ET+H}RRPtA2!`|U z^mVm8c3|w1$D>{#GgYnV*07^xrY$; zk~8pz{SVXux*3kB#J@{!`0e4RWix;9;7Ql0(v?ASD&-j%C)!|@9X=#~Bu_HfmKce! zs9n|r-bM2N3^%t5*i&kA>*kM4gefPasghl?7_@Wk%5%TDAq`kz+*r?c*Jv^$@N3j# zmjeAdRgXl{1*4^G<*@fxeQYbYfwqOFH${CqO1s)r!`u3Msk+daJ|4ngZJnH4yQTYy z65I|p&fJ4Hvd~PavTwlf%NY)pD&cOBRMd4}`4G2(+U;;`C3`6S!C(LSRcAu(xBO;&YY@Jck#GR^=G5m?s2UTGHm5cviUrZ!cx6E-B1=g1 zL2%|UWjwX%8SiNU6g*@|l~7+s0m&9gJ5f#FIl-p*4^f2qqIG>GLEOd{S5#uy+~Pm@ zgr^0#LKQD&0P>B4#h}*I3TANgu}vhE2KW z3uC54O5NqPC8w9KIW^!KOSfi-=Pi6h=j1eRIW-^~EeElyLO8~6n4wdaDyaD|B0F$l z;CBoBNyKPsO7x0pYL4`(UT|=rnG&{UP$&z1L}`EPJB-g*nq|DZw+E|4Se7>bV5YtG zFthHAShyJLRI6u6sZjIFNv)7$Nm;tW!EF29*)el#wFoSZ+y^IgC-oFG^Ftk1e5QoP zpE|PPnuxXdSLK_p2;LfEDn9L+-QkKd5-LO0<>Y6On1^!EQj5-3eX_HS+QC1i&?2Gw z&h`mNAz+NdbcQW@iB#w=qD1O~lh7Q0YjX~)Ph z8u;&G`022ewjDql^j%UZ)1+16YHz71#d@uPlz~mYy=MG` zO|+d`Y;;(S{YeZY+qFw2rV=~X}L*80vC07l%vMY$01V?_d&KK+blFzJgE?7S}=9|nJ& zPqXrp6_XB`wH{Y-LmnVy!4sxa(0d7Kpf+wwu)LU0ZPJr`OwzagsFKeWe9hI-8^7Jq z0rgKB@3qclzCoz!=k>u+?$&K6EiR9j4slmc4z=3VLkikL$&l~aFEyVVMT7Rm8%Uic zUjFfegW=F8-gOXpC<7XsNok^MD2JGy$JO@2&Cb()|+_gMX zI0o=Oe+Rz5$qAGssuI;nTI4Ha{~E3G4h8!nf1?wyNLVFolGe%onUMLLoxn-rDsh># zPTs2MP_qAz1UL!21a1-+nY-L=-ah}|!0$w?bUmK`+P6UxHW_$u;Hba-G}|$@oI~-x z)Zg?3MiNtr$)qfDcEx`t1pfZNqh7*?a~K5(pcN0!PYqQGK!nbU7Zs>e-?|I6&fz77 zz+$HO{3%pkXUYvNlzfa>>O8nV9h6*JYlDU9d2y6At3XUj484dz-g8@MfxT?Gh)7Y0 zqa4NK$W9djKISa+fVGqfxZfC~-B zSI~g75Xz9}LhNt4E?AAwPhV9hLtr7r)(~^ZhglNVj24iT(wszpkbJ9)Ycwnl5r!o3R~5rsy8~FX^7xxdn;_Q` zSDI6^hm-J+-$k#4y<}X$jYyxwDpPvE6d2S6=q^{*?WPU0SxlJzUXFD&iO z#_~lyfp9#s;0yhecw<8DD1W5R4Qqb8zzLSUGk_=uU!2oZSg#Nye8yQg4nLXnmnZa7 zp7{AG^#D?#R~wDdz(pwdsktewSozEwUSoNLN(|d zp5{(~vqjkgNER4EBenEM(dL=8l_lMZ7hD*OtT9d^YFcp(NQ~m0iRYktcV;eJI)?o& zK=Ep!Lbdcg8U0-0&c_S8y}IuZJZrOz_JW?A(`sQ#xDKaev!X`!c5Y9nbAng8S%({b zu3zUv3n6o9-Q&S2`b$U2PEv!W4$7`l`+EQSr~GHk&l*0UpGUL!(vui zS%@Fm_;I;aMz*{otGl!b2yIZc`| zEwT7JTh3@xahZ$1f72h-<&Y?%ASG@;91%Al%xpC^WxDh?VOQxV>4m(g83n|uNnZ$= z>Kxbk!1!P-wWxo^rC`mN{XC#`kkt6eKZEU*XI%vGGAGZkf-vUvQ&E0evG!6{)?V$Y zJ6OMd+ebULAmB|}X$SNvfGx9}jjE+Th_oD--0e2Mn8Yot>yJPJ8Z+W);m1?&&^zb~ z#fDZ~zr>Rg0bPEOG16ySiya58)ZVVEkcTND?i*=IV(^d3R4Y!3{-|AzZFY-CsEqi0tK99 zcr*VFPVYUs3UruIg=+J3zY1eMF5ELtg0Ez?-R$NU zb*sPhbIA^OsPy-QnD;PwOp?(*fu4sOz+Nk6-QzSgMjV#GlFeREo5~}`>mNr(=&5m2-=H>-G)>lc`NVHupN{({qUdD@} z$e|DOzsNp8u5q#!{!J0i^lz~}2KxV;`mL?~P5nmenyT5ZPhUArHu8R%1x@rI;ImF_ zn%lTx)2koALtSfr=@A)lJ@@XJ*c1%bo9fr)%7)axB z!Y({~DnJHXx>&x0%ZnNBu|PM)w|#~T%5>)TA4XJrx2|7H&}-e#?)-V&EdmtZMpPIH zYAPO2XuLkd$voI!jREoc<)gZh4VRQsWY5^j9g(zX&+Mo)x%%Q)!gPHhUO_uPyZmGD zU8@r&1q+|65_s^>Hw~6j0q9&Vng-gJc>R>z7&`|KAPW_(O(s>T^0eKbelOBK! z=7nHj*ZsAPHOzM0B2#hdR9Re{9wau<+6n@DJ8mwA4XIx_cWvr57AQ^|{!@C6jcLM2 z7$&bRDC?bZfxie_99=(DkVN4?Kp9LS>MU+DV5Sf)rq73$Ct{En7b6|n?4dPQxjJPOyRxueRv!zskoozVMJ??ES#WLq;cZ6dRw8c{W&&b z(8Mt6lU*UdAd?yM5WP%bgaSzVOw_Hj2>Tc~JTV^w*j~%bbNfb&@`Gj~^qvhywK~k$ zE~5`W$UdsiY)tUQN8DqqTcuOUh(QsjzEf`?~25(p&k$ek_?rWZ=je)c<~h*%M*+h79O3Y zZHoo?6Ql4e4ahe_7L5_ktg zXyG!~Rqs`@LDA{B%tEo4)h~%_lU4q4nB7kVTjUD2CZ^^HXCO!pvn#g5(dspNLlR&Q z70$cD7-{SnAVM0bAp#{p~>RS&dVS3)y1EQT&VhJzy4K{(IVdKdj=08A?YOtm(z;W{q>zh^|DgRQx%Bwnvbe)2$^_An;V}~H{UaRIXA>FOjS*>PXWR=Q99Urc0d$r}KjId|5{43D_=tw{RJSk+c$C^9;{oSVoPhdLwt{KAh(DFWarkjl zmMt{PCJdrSq+PeGS34Noq6N#vVsZ+cK4D!+V6s*xHU}6CgnE75p6`_rE#*Z=o82K; zgO;{l`!rvJfIT^?degL?L7`O21>dPP>#;{uX6wK+rr1asuUf)2b!pQY?C@mLQIVcM z4(XIX=$iAIO{;3=N^h}TGuKxh^20j28kOX}ot^O;{>a)A|0$s*zsLE)kV2Cu)q>lU zN_){A22@a2QcaHno1oIceuH%l?tJ-UCN8ygcVZ2@BvJ2+{!cEF{JlR44E1SpVQFtN z_Pk?S4P|St)zq(Y6OH;5t3nPQQ084;l2` z0gY@@a_ue`4F}*duv&!+54@H~NBE55Pcs+8A>_^V@m&LlwMB-8#ARTWfi1 zZ{<71hVDB3pE@?tRd935)!NP4s$V`;x8qu)yO~5eiQ9EHuWj^H%WvvI5EV zVRc((4JDT`#*LZY@lNRWTzv3Ac{f(h$^8jP$@XS~&`FckPR_&~wiz249X5LVn40sI zgOBD_nVj(i{1^}TUOlgIZO*R;Xy3Vsh$zYpo+36VlbMzpa4j$QFC)KZ+wpv*c3Ae9 zKKENu5s>e5&V0339$R*Inwnz$?9`Nx{Kg-Bw*DzJTcDs^Mob6pYMKT3 zNoUGSOz&goCCTP+j{As7^ADxj5)*HKDO#a5y^f5N#UY*t7`rcuTy89>tzO6s+B17odc*$`T^I(F{Qiq7B}H89vAN*R9E zu}VhY&@EgMZv1GS)q>(XNE!~?#3za5O6dj`CP{w2rJfLtay&W&1%{ZedL!@D6))d+ z_Ui42hV^MPBo3C?Ol)qxxx_>s9bu{#7+t|gCrQEKd0)tJ=uK3nEP9C^$y4JZ!4cAM z#mrp(`De0hA$*;L8Mh&{xOl;O0V||t0yiZidZnO*#qAOOuf!d$Tj7iy7L3GDA|tL* zz4n0-#}>r3NyF8&Q72>$kQ|n#u4Hyo7q>I(FAXB+AzwEGaqX4P61h{@5MgMYg&Ra_ z8SfU7mC$x8Rh&FMuI149=B^gHj|gZ8>F!-%w@g(?yti{nz!eoz21Ul)Tsrzh+s5`K z;^1I9me!p4o#ARF5b zGKNFEURKai_kjJcXnZCbt&NQB*TzAFQ$K3%Q{M}uyZ`<3_#7X;`Ebpd| zhbjW*=-V8gtS^W6SIl8(<{W%89^NeHvog)~v`G@E$l&n-@LHpcJMxhCRxujw?1?nT z$Ij=4H%F&b_uD}~udQR%{oDNn>$l_ESA*Y!qo|e{Lw!5C^7jaiwS{|Bftr?8Zw5-; zr2({gYb}m3bQMO-W>`HuS7SW1fL+CNn+}OQT7nrfV_%C4OpxaveLVyt1bT;}el@G& z>7mxS0`hrcA`fh9DBLu}S2HN;^kMyPc9;+(NI)==N!Vga5#C__>-+seHG~MTq)Q;H zA3$8C*sxQ;<1g;(lng<^z6yMC-sk6DJjl7e>O>DTyWLoq1k}b&)YKKKNQdm5FRbAL=@LDn;lDFcOeD6T?pBA^RU= zoE&&Xkr+qhNK$wFBEyrkl#!2SFTy&w@vI8UHYy|ijQFhr1+x_-zWwg>P6>pu!taag zM^Zq*Kg^(xFj}yWqM}_2x54i{N0hP`3{F*aM8 zH!rWwAc!+HF0FdB#^`^{jQevwo$)pM^4*| zcInUXQ`r=I^5TY1^ZeKuS5Y{{d_y2La>%YN1DN#hW*dTk8Ed}0KfB{;#)?RHbA!_`181x}ZYIGIT zqqfmjO^b?irIR@St`Ql_svK=gg5CvRimBS zo?LUiEhjkt)~dP>6uPp?=)ny2DEd+FCMeoP`vi^59YW^>Xx>Y3iP0O3Qs_n{*2I4E zs=Ic1>q>Vd0I{*nlf*(H_3sL+vpgJ+es_0Olm;&24jS2e$fUIop}*(zstkDiwQxuK zc(gyd9>F2V9r4U>?tbJIq0ljy6*Qb2|DY0NP{jMbe5Ef>rby{Gh@Wq(qME#tpa*2x z+5M(v=(jn=q77`4bZDsUKclMPQFh0E2?zy6{1T&U;!%R2pmhnq#-1|yXN=*s;N0;Fbw8YNC z<&})MA(!-5Ra2Jd@)r}9%N0}e<&X&#eq*0l>qg|)Gt3CS5ZFnTuf&eHhmW7Wrco-W zQqL@2skPv;2nrRPmpr;W)HYJFD7Ii1--)}_pQBQ$ zgUPa6Njkt3W4t+_qiFK*3&2G})>DSctD8fO!{B6MgI)Qd(BaC)^{2#$8nG^@+Idn1 zxiprV{;ku>#?nnTZ0DF>JvY&N_BL%LVspCyQmvAm_Rkqc?y`D$@oyk^VNTOXl~Lq% zUo3{`--v|&dkC)nB$Rff?=P(U96t~P(U1ai&LexQQs{XInPSAt*hSe-)dVmI&P^A_ z@Owp|8d^VEM>5C>4x+`D#$`W;q_-3o%M_OuB|jFO%{U|A6p*Si>=Z;7NaT6#&q27; z#nvfy4XpUe+6#4hJ=^-s`Jr#27}5Q9dpC8pH>CRH3XgPyVhESt6fN;8TvblcqTd zysTuH%$V5GV-uLssIZYDu|sUE#Bn7563lV`8k+dcd^Z07rGEY26EV$vP5&k?{ntVM zH&K{>B-{bF5c~hzlnmgOjYyJwCeLi%%#Mi|^S?JFg0J{*;=lA=T5U$IRKv$cK6_>& zjK9bg2N`Vb9<=pc&5fc#Jgd)dRfol0i#Cd=ASj^-fTgU_F3*Ppycpe7*R(TIbK!fx zGdjqjdXJ48$tX}SnBctd)~O=tqH^DfuG{y}+%sp*tVV5K)@3s;{x$8UqySxoL$Qgk zP0Xs{)ztfi?kXuTgicR8R2o#+_~`v)v$M_7)B7@WwmEZU8U+f5A#Oa~4uuShycC9o zdJon+tZExu=4QMn%aTJn{7dOXwQ0I<~$Elvn&LWoF$JtYAdtk=NWba_-E_0{n zv+2FtP?SaD{GYI%%e(AVY=Owt@fo7OXfKfZW(HBP@-!Zv_d7T^2-~NqA0i{ia}%2- zwq4ndBeGNMCs$tuU64i~KV6>`wZ2z4Z@3*Q{I3tYpV8JHjz3~leSXt3X!RYS9(|!f zcW{XxCnusC2yNxwotUs?m9w5J-4*Lqj1OAhi7ejYq^}{-uR4#6f{(xUFe=F!J)=)_Le!un2Lo10yokN4eTce*E^8WA?wv zC-wx2(gqS+*a$E$X|Lo)50Y<7^}$YHc;jKdo@`wb@9-Kd`q5V@vu;GK~5M`6`vv?c%490>Eb+3exPrJ*fu2 zzHtj678Gan1Pe&<-iKPY49`5&Ui}5Cogqo$!g`dM*OCLIWRqV}AM$t-+dy?s4qe#u zgWGH}g^S!(^>wwS-=j6=VzsP5+4bG}S4eH^`*P$6*D3A`5fF^$80hju;k6Z#amH;B z!5936_bn=5>kG0zJ}4YNZI?_9Lb zYNV0X4iXD2Bv*YQ|Lsfa^6O-3TR+c-P=LpaLUvYEVVJTh{+>SZFET(l%9x-Sb3&&8 zB(xni_7;6qBIR!sH>srHAC@=Sl;P=Wks0URN^E8&=t3ci_#?ArIP7R3c!Fa=#e1`{ zLH7nwyljz++w4eiqTW*RvU2k>d|<1r)6l*V@*;F?uE#sdh zg_zuFeYLdd#mMSP2}e$Lj0qO35LE|;6VMB4)-sW_OLLA45N-M(<*p7!2^k20m#$dS&>JkYp34alb*RdGi5j#zYP9y6PcAx7-AFHl$2RwseMgf` z2hqPqGQ?DI?zHKnV})>pcbll{6Dn@2Y-0qGDOQVk`06_O0MUfxao#fd)(T8uLaZ%; zPx8gvat6rK#4MS;sVB5h&EEZKrMv+5Ev=u<9y8Xui=QrS_R~UxqvVLaNn9+fQGAvz zR@VDvi!M`2DV;b%18bOy8?03_Qzt28g(82jWd#mtnVA>$?w1Tku4(?hOD^eK&X6*Ca%fl<8}0|Z>wPt$ z(iZaeSFrpd$e{+U(cWz#*Ot+N>xR!j!`*F^DWe>S zat8a?PQ%ku(d?~E*O<08wkKAOgFp$-kOnE;`uVq1CWVjmAKQ z4b&IItN}ih5(&0*Zrf+)zubH)<#f$EqeaEEHrVMVkK=$yoK4l*UlGAAMex0 zPG89zv$;Y}TRMOGlR_d@<`~taV93P>N39}qp=|CI%ks*9pdhT)G5*<7=XbN*8>nhM zz@qZhhZ7)}j8cT2#LSktnB}!=cyS3xtq;lqmhMA4uwq+YA$#39`*nF!Ua;=9V2@+B zYE-^1W25fy>xts>#m*|xohe7znl_lKHPry+UE1I+`HXPPL3@9hwBf`^&rs}=)bY)` zYr%Sgw$m)GDW2qSkT-MLA|XC)E5tMOO=EWG$J7kj29j{eVliZMTaB~wPa?5P}aP@VN3NgC>G?026Xk8exw4}8YNKW2zSgg!w%4U!uM{!>%Y)g%t zW@LPQT#$vc&UVj(RO_7K2gVwI(G+s08F3(%wnw{#{Js5IKdEL}`3>l<*rpDTeQtdTBm`LQx zk4{cxT$;ZxBl_!pJ9BOopM98QD|a~BtK$KbFvXyKlXxJzf98y~A^1LMwC}3kxho=d zF4%+%VF3NUr+d-~wh@^9)ErvF21j{ZL`Z2n;arS*-? z{g(+;6@{`m2_1C1eJmM6*Uns}~1~o?(&)l#XDe$E_#L!i&Z+xa(AO1z~3&*$s)Cb{R2q z^ptXE$QEY3MfQ|hpE0Y7Pp3lSiN!cg&H5_Y3yM~aCy&cCo|rTE5%*)E>4OH8XC!}K z#)J+EkKAzlnqfzilsKy%pb@W3i)H$ocD4&bt!VOtEH#3;jeppAH@a}vo0(Ev^JXC` z;qjC#q_dWNsTRYSr$*d@DR+s9IcLg}nmK*SlA9T&57VT}+i^(jf@*=REV~FZ$s;`% zP9}RQcX58I4KtxlYX5gxb2yjAskYYajAAp5nqiveP!?wbqLgV1B1St)-k{NLMpED3 zdFB(WhzVA_-tuu~ayKe08%+heDn1fJ9vG=zI3i9gY>`iY_MAW#2QF~GQl7ruANTUX z&ZrK2UZGIovICYBFx&>mhi6}g5O35JAkgux@|nCKy#bLEpy;GpwUzMt{hv+n`U8L$ zuds#ENl{b$xO;Zkiug8|(+YV`U$ouYH2p>>Et_*aJIvi`9@tG`tHX+3^-@$9trj9> zg;X>d;9+LpJg9YwBie29ZH~`@g^k+m?rj+xtt*|57S7I(E83@%`-^XjyVUl%%$l!P z2HmfRlF+a9>@Lsu`@N46SJ2JUaqe^z07>2w!9oeeZRV4)~V3k=(z}8MV#m+ zaCw~6Oiq^y(V>f`b1-y%Yd7?)wLm)ok;8D9d&MEo*HUnaCD#*N#>FxG=q7(2%UJPSq1^Bo?kLYK2U|M0y}g=7V$WlHbUweOpUiRqm!UdPFds^7^QwoF8~rD%QnKtAFxY-)|C%kZEOt8uSd}Un1HI-mkCQDQ@cSs7?yA2 z%d;S>lyB;%_#HXZkbf?y4{KQ^dO~=f-?YAJdoJKX+E`Es(XJ;%o)nMPUK-)|O$~!K z7#RIDLW7A-E^y+%789h`g|0;6&=c^N*QO9yQH+g1TZ_p<78$rq#nGqbv+OR0*1+SO zndo6XC2?VZlAB);Jppzf$OKvvuh{${2yQ0Ly46YudLyBY&+&V7H+^B72!$j!wY$os zbrpCTwlc9O5A+!A%xK=vqY+e%9JCu;c+r26HV(`Q*_btU~|Pnwg{&vk~-FICW`baK{O5dYEC|fLg%eu2=iKQKu*L4=d!ivkY!a~!D?k3 z+V=h{e%vgNKfXW-k!II>8vSCIu+-YIxx%DQ0cF`o2vVRyYk+$%Yp&E8LQoVE@r@wk zqxQU>0BWZV*BGU=^p&fEzp#=q{SVxNTi}4`-yc^_hzJ8^o?&{#j%bkPjVJPJbw!Fs zqVx5sRuadvP&mm$O%vB-3;X7b(*-D<7Kj}@8W;jb7^!*(IIHqMo%Z2)r-j|_8(fi@ z=%#`$qlDlRdg0C9?V3|#tWLpqld|=XM+`qK@ct-7M4e&Bvq$_8a-(z-E|CE9J0H)9*3g~?$1cjQk?*uA4V+C}kj@q&aY0xZDekEfC zwCU?PI}MeZESqOq$#f{WRo}>C1@MVqM};77BK$!HN`g?p_d2L-OP2W^L*}BfpQwGoCflsB`QH%fQKbW z-q%>=SFnmHH}eR=)BOI{aKI6TB=AXEVnTmc!`M^;*o;MvGTI1h(*OhV9HUmr<>$n-QCw>IL#64A~HI!@8# z)I!1{af&wx{i#7A6lBA{GB&wo^V>5Od3SZOJv0xc%2?}N5Kwi34lZs#Gbkdh?Nlc! zy&-~T=J|d&B#h=cKQHaHGoO^l*mZ0Wo1tNut$7V+K@sr8!`!HVwm>eC@CLFZ$1p4OqK1d4NzXB2542P&br&>{X*ulA%4)m5EPW6XA z;)#d4{_IghZ(8FT=TizQ7cqvf+ z^S=%2;fdpbeDV{KT4i|SsEHv#FWk_0?%?}f1*amGzpo@AkC^s6&a0%<9?>U|!_S9a zg=TO+{z%-1`&Fw1M!o-d^d6|I^^m_s(k8*1_o=D7Yke=MRdzyKzPw9PB`XC08F(s3cF#V;WbS#l zcLR@~Jd_N_+Fla;FF@_G=P-Pfe(nD?F4J$zF-0pw;ycuL_u4YXNE>Sl5&<-vH?)0g9L*oe zAL~D;X9WUj^sfPH^e^$hFtq;-RP)6DH!?H-4rTjyO3N%p)FfcYATj*W{sVl5(+1Oq zdh`%RQ2z`LqHf(me$B@%9MF>yhR9^^NqMxKc?Ji*K%_?hALp*L@u2hJa!H`7Yv)A* z&(8hDXoqt(Sg$^pjJc9U%hm9pcNj~dkLgp%3J5>r2p*ZbmqD`;JQevN6MolmSc$T% z!JIlaOn4vOkqTIin?lq{dY$$$vI~&-neB9xd}+nW*B}SQYi~N5Co|Pl&}qBLcGn14 zOg+!cDUiP-pT9Hq+{NY~*Y(TZy87P#QGsgtelmmvZ@ed?Ft41$2i_j`nYg zR2I5_BY45UNYC(}f@|Nhsj9nTXy4%4zWfrV<*ARm5#7c_DPQ9A1RHlly+IgDRgyH3LGh7O?UOqNI zNnQk-&(e#7mruZoeb)NGUpEhjh+wX2Y0^L)Gq?K#+GD4O8(kcT zu!PCx_sZXbt@B^tF|PM75Htq*20)T7)BqsjT||*1G*l<8nhlGb*6h54=0JF~##o*0 z)(ef2!*>4mnemW9c7Nz4{s@r12E@bE7bFHY-pIef-*c~GJlT$nXRxz#n`E3*?7~t& z;YFW*eg;-PquwGGY4?4Z{8laGy{}4LcCz=1lc?X47*TNi54sesiDvJ#a4tN!?7A}a zfx~IDFYtKo8U!awdicz1l7@`*3#VF(?|CjWpGuZG+HKh)8*~;hjB8W8}-=YDMd6$$x+z?WJ*cYVu}Bnao3!^pCx-^ZapfH+5HsK6!*u;=u1eb5}i z8x}m!&B-)J9XN^jEKZ4+{U8f_Yf?m><~XEr&@aG(@~2F^4r@?VC6l8C5I#O~Sq}vj0Ke!*ikrJM7P{E*hub{XMvOGTOtt!$ z6i^6{lo+lL1}FpON;s&7gak_JTYT{qf$!_po<7SEi+jCG@N`?KmwR_ZhtCD1Ao8(m z;!Z}d977-|s0hRh>q2e|RrSiHyXY1E(E8b~8pl*3V$egUjvHz+IUcj9R6GC&BW6ia z<<9S$1v$5VG#47hqkzoy~MZ64>>m--B$V4{!he1lMT*6G-GXOwdq$?P0J ztRD5->?~T;oc3anG`A6%>#h-1iDg^hDtoXi=+f_J*_~n7k^ymxv_XNknG3nROA&5?Qe)@*A2p<7w$(CD*3Jxy_s4&6qXL!v1Ug7LS#rCe!9xlG zN%6C%6Hq>K0s}zBM^A$}{D)N&F?uoC&X8wc#wZeEXG!y*X93>d-d6MQSf@R-<1;jf#m z2Dc0_bK7Ubf+Lgr;J(m5vIbH(#S4xw;{v=n(QOUkWlcSQbl2#j*3D1)6qv@bndpNB zbS?rdGmt>hOThisegc~uj<$*)7w_Ot{Gk>b?q!npDBw(NG^_+Ke`KoV7t=V`{$ZST z_w5HXdgnZi)iU96)OK-ZIK$;68+mx3>}`|H3|B5BZ#?)o~Y8LAmtTpq7WuwKK)X( zy8s<5EdafS*x=NHwH4C9U%pptM@JQw%%{d7`hIdAgJhsq| zo*k0NN1$Y+HRC4(r4GN(8rDF;wAS;Rd>n0=Cm0KQh`G_I1@RJn*76em;?F+BLP55I z?4z`~o9TAt5CGA)mpTWnyKmU`x{TYwe+kUnv(f?Yq~5uc-c>BZ}_KZ#CT_o2{tsb zABp`>*T_MUMmO&FS@2r&gLMk{YrRHfzf1M^;?Fs;4`_i=wNmYu+(`=`Ys${G0I*gh zO!V!nl$khJ8{389+N%cK=z~xnAo31$8oX=1Hhp3;1oL`KHu(a1uO?I2{ z3|VhW)=wW)kVN1*N51?GE+Ynt9P5Z+mIxG zdXw-0g+QqUxGvZ0^Lktx7-?1f_&_; zeBV(~pj}o3uIH53>fsx<#&ZxYbiUPf38dotde_OLRgpfd;x7KpU*%#&n>$RkwVDLQ zCl7-%P(YRz6kZ1h1L|j?`}RhCVF?2wl#Ih#{pUwl?Oe(GL zLTVnHZ;dg}?oerF_r-ngJ0i`f(>+;kXLr}kY}&orCp^^;qVs=KSuxZ9=hQsL|3S@T z{Ex>LI=@GQwVVHIGdV-{Qz-SP}6|bq?D%tMpswN z07VpYrQd}Ri^Mu<{SNey5Q}(y9kAcD7aFgzVeryGiQas|aoU|n!jL0Vf|IpcK{Bx+ z!e^CyIa4l+O!9)NB|;*Ms5$e_TbB16;Ql3~XqD8#vJB1ztm+r_ACBS?WqNE5?YqOCRP2*;wb>*vA@wsJGz=dLNXlxye z*XFiSpmtl@`sm}IVv##fpjhe*S?b0%ZtJp>$3G>DO(jH))ys~-Dtbsgvd~35#zk`Z z-ygyXXuhhF(%K)|)ETcvpy`F1O(oP1b=-r2_1vI8V9#5BhK&i4uFeA!>CSeGLE>$w zc?E&14Tz?#YhxZlaX%?QYN)nVq%j~j!Yl!d%_xSJU5ra9>YlZF5W^{dJCZsO=s{SM z+*!-Bz^sK#)19vYu%T$yezKuRIRg72HC$x@XSLKr!(l?2zf4lVA=mNmq8l)8itPe^ z#{T86%}BBaRzcb%b>g*I3)%@?S_8art_{RL^Hclo|b8`-_ zy5DcFYrbFNVsm}EzV0Vs1>JpL=T4?d@HS`O?Ok7QKKB$o!0U`sTQl}$*eV)Ln}Jp> zhQj+hu4W_APVPywKcAl;>9ci;dEXy*a-Y&Uyc4@V9^t;I^?Fkm8teO!Vbb;Q^bon+M&)TjaZMo4jy>R`1%@V>p&vEpZYGIm`f_S_j-9%+)a%` zdCx3a4;^ebQX))1Huk5GniM%(MKCR@Vi-gIOW>qg?Y0R9;&CwOQ%cd@3{@>XNc>A9U+PqUvKK3$h2C@CcN3miymg_1 z_!vX1$LQGw0BO0L(=V2l9H577HX=+uVhF<%G2pjllfxDY?8UG;$btT$C!*U~zXz;Xv? zg@`l$W2ai$vyq-JP57ZS%mi#9S&?!X>Re2i%<#D#adKFnKpG|8ycKprnCpX#k=iyV z76)}s45wBs1qMq1b|&f3ylv3BlUnH4k4 zMlk5J*I90KG$|^=8rD}M%JAn7N}DvR7*m|O(6uRQQ9_Rjl2PrA4W8Q^uY3Yfm{ho> zXsDxqqo-t>(&MT;3=94ZS&+Ic`5Cy*1{9@efD;3E7ACZ7kw@u3MYaeN8}i#zkW5S{ zPu$_MK}Qx_D2bT}ItddxR?<+B=$|V|REK4>Z7WEK40a}feo^Q|5KY-P`Kcs=9P64jdU$vZa?-*3+DLuVlRjjKDo_#Ft_gdc_J6tWht~zl*ALy*~Kp554c4Z8g zAr4Bo_fmw>Ss3?q$}FK}*=B?X&dmVJU^-wKEPBhP zc78q;`@CzS9Ym_vFau)VEWKK7Sr27dR&@```s&y$`-OU&P7(^;R5*x__h=vJVLJ^O zqjssZw|K=_eUjd^NCmDtj3QFB*Yi3d>C&TB= ztvfTwLzxfDe)59rYL#1PPS+`*tktkF6Z9nwU98G(Fp^O5RFoUWK$H&zQ~i}0a{I)S zejUOcxvM?uxF__J`P$jkJ2a++26^+7yxn@ctDZtIxMt&9N#a;V{=1FV=ps1B>ka3f z3tw|N841GAWG`m7JpA1|HUR?>rv2rn5lFU>fk^i0cJ+jlmV}T&il=yku3@`F`}zwX zn0~&kz|{YfA?N@3$*)ulVxRGCbU2i*@9&F`tk28GBRj1Ab`dqZrRRB^mwY$&A|3U+ z-~q-gS2Lp@z}fTj^maeZ8&SS^nO?VWe*JwbfBx-1dB7^Mlk3-S^$IVa|D9Fv_WAQS zAOAlTZv4Not^S{v-?M!_Z$J01ETtw9lp9L{tN48Tw)qvC!<7588XkIVE_{!F_B{m{ z_b?=2=#p8%(Ec-2%n?t5K>Giv{~;&?bAmm>8fQ(gCioAa`oAfg!2h%UHx1nX;P2p% z@Wy!){x|-PI6<5sUf}=1)s2OH`B}#AcBvhx+s^X-Y}YO;b%|-$uw&xT%g7e7F@3UL zeAlMd+CPY|Qgwc@yVSV6mquHlkA!W_(Jefy!y0%r{nmjyX1eq#Ha%$BUarq(v0EX; z5c5;|N!ql@H>Ci-?A%6+=a1e-y!Sj|f3Q%`hCARrUz%D!R8()ftb0|O5xp$da5H{A zNQ<{RNjo2CiYPkZU8qZ5y@2Kgi|9D>C9l!`<%bS$Kfxh+nb@Bd0`i~zR1`F7L;I$o znNi(?j_#qlQ$pMN8ZEF@HJC;F6!04SRNZR{UuwmkQ4D;(O1zLwk4f)Tsw+P`_M=yw z%#*l9<##0oZ-;&1-f?U}LkmW*yjH_aU*V&tnE~yCj{fdyne8XKSpkd2zFC>@s%hV< z*={!Kn`(JT(R!5IRy%o^&<7_^AJ@yg)YPFoz_6dx^{L!7X}(mar=$4+ZXv{N{BQbK zHqQT6cE|qz`*!*`NB5s&9&*6#J8DOWGg{9|n~P=t91Y=LF1xOr8$8@(j4a{a6}IN@ z*E$?wNIgy{G80>`MW3ZnFEg=X%xMa_%d+FbxP&fu5=}AF$Jd1&U$p!1 z>cgKMEo`xe-k-ZB@#p6?4Y(eq#(uJ@ z>_2jqa+|@t{jWHyFjCMN3V?B@oMSfMqW-w>bjK<&z}k-vUEO1CYj%hW2|P9Be#Q0S zTpXb*HaH=IVML8t$FU-~zLd|aOpe{5LxSi?zn;?%?xwB53B--JbIkuD4QMrhy|1SK ztm|D)K0qqee~p6g0bLUg!yxd^2>(k)d)l3nMA^j-r@%C5FP!_3lt~f3Ot(z2QJz1K z7d3hFj-U9_g5ytjm!A@;74zOTe?*Lfy zG%+{5a%73_J%3G(gw*eHl{8>}Ck0a?%DzcviCJX2Muy?o0?F@#$iEtX0^OU6;g3C8 zExrpk^w8-d9j5}&-<=MdJl>9>X$y)eSYC!4mQH9XDv!1$s(ZZRp06(k#&1PaFLh4U zA-Cko+qPM3+H8(>FT9>=leQS44;2UEID?h(<-Qv~*kTM=JKD5YPOUkfr(uneX8_=| zFRBrSLSPbOlXI4{?UCp+W79oQHIldy>`mm z9DjDy68MzU@0mw_!D3#(;Q{CleAe#z;%c$9(e^<964a`^k`pZ^~}6H3+o7s37sq%1FnUBOt|2P%C1*WuXX% z1CCi!5(kc$6^1;y%E6;cmD=-@Wen-w09=AXx^S%NvV*c_(H&83a@rEQu9#nG2>E(~ea?c;}t%sxO`8t9R?XWSUA3uo)=P=lK^B`d>~z)bH+ek;pl?4jc4lY!qIKDi=T+uA)@(-z zgC&(%XWx7sc)gRkontOHcC~R9CP)fm*e6pRi=i?zg$L_^nKHv1A6W899Uf|mkmM52 zW#NyY3qtR(zPY!=tkBWCfQeXvu7a|KjR(;}hKnyqtyJ3zb=OT-f>pn4154t*yb$)k zYRJ>N^~_^gmUd!#W$zQIi@H~x>t~?=K$%kI?teGbGPLAfz^de2YVIWBXS?52Zs6A< zrQ5vNArkh$(*5v94lnU1jV#d$DmUj9Vv~<%+Q)z}0bz>GsPN8ZVvv;;_XWX*>gMm* zI5EinM%2$84BWydMeFHdfgl(UK8) zFA<`O{g-U~aN}fQ>ma1|=Fo2jj#yCw0YpR7suzY~FQZ9!0|PjKhBb89Cd*j>4nQ~% z`sRc%jIEv2p+M5>kOr8d#+n(rzYxQjQbHZDJOg%zFy8tt=u=`M>_QQ z73}oickusga=UKgCYzBWG#eyjwvok>MGctsuvT@^s2*Fa{n+FS6Kf?C4? z`dR7_B5GgihUVFuK))y#1Y3L~CYeK-sYQ|~{;|<3|1*8%0;xrhD%ki+#;rL#Pm~p_ zf-?4~QA2rRn`8RL{s~!al;xPO8Gy`lH2oKNF z?BesnmHTLS>#Xj&4Q-F`Ru{!3`fO^1tq4}sN|FsUDpQk%oh49HldsZHn zU0^RgxNo6l2SwcnKYfYqGA{k3jcrrCN*WNUw}CfQc=aM&A|7q}(;rT8ml={%y=mQH znxTJCwbyuiuEBKo)q4wSH+SQ@9LmkXUK^sB&sRl8-vhCJG{S7x@IC(bgj6PRvDhRC z{yGrLqZh7IwQjRxYeGm7+g!7r=r6!hp|zbTk^i1(2P!YdeCTI6*DD?Ht3^jiMck^d z>ZA7dDoPpu-JsgaNI$n4x$SQSZpP?|1#salfUY(dOQOFMx2at4DZD3m6Y%A*9G`oG z@8yw3h~$H937Y;P!{&aTi1H(3dv}!TtTAESa}EF*1hP#T@)5bN zYGaF+ug7pxhJ~v}3D^*oRJ6myu9ZgPM?D3S9Bk>x+9oV?pOMC(AuEfg+~1q9=dB@z z>&ZqSBB4oTu1Rv(>cFx7YY&}PqxE((x@~=Wi*Lk=h-CwzP-CwWHZ4zOI=1y*ABtWb z>r>0Jv!DW`1PGa+`!DgTdaHcu^xe`lSqS5sBnZ5bC=>fFXMe9g$Zr(Kyv_XvdqWiy z0^J{~iG@5rVAH|Kw-}1NQK96ws`Fqj) z3sR5*)<*l}t-d@}g8-HmDRxcGCyUc)lYHNos@L;k)A}kuzSsYgi?h6al>YB}83wlh zWrX1WeN2|~f8pXd82|rXgZ604{zukS&;Q7p8aY5Gz^JFCfJ^`gDiuZ&1Q*o<5sT3k z#t(SBeZ=#&TH!PCg3kd1fi>^?Z0OX$uhYm;lo5t1)__Zj1%}qb1}D`(g0rINaF`RS z$qmNasKAL~NMTP$AyM7YC5eb}3Qq)50{;bbsLCXURyrvz1+m;*#wxK_*G_2Ay%r=@ zu4f9eDm7sRoeq99CZg435LcDZro;hgwpG6eBc>K7J!;miA)G8I@o38-XVN3xOzDVA znB2pm4c$sXVu9>f4dKiR;{m(1=FB+jo(-}j)Cv5kg6uRFE`R-m`By3PC?@_2>8tN2-m_?4ys&OuB zD$zjYW4pqq)mZSp4aKY2cWFuJ)`K<%Afc7q;h)T^7>Z22n@a4>>haH+nFPi?V>h2z zdnxozF;p)c2D(^%PD<+}LvG37dx>#I8#Y+j3T3<;^vEy9polVcjPyM7x4Ln4FL95#@tG}9deOD`;YhC=+snLqQtXOb8TU6*^t zclLjEFSn!7-OJm4zmNHHdVM`SzMR~>9-sB~PhR_ep6>Fy7Ty05bKSpBbc8%5ujTyt zKTaP%xl{D+<@h)Jevr2%S}GcWF){KHJETw`b1B3$fUmyTdfgD^?E6pUV{P&KPfTC? z>F~e3@e7mq|7FhyL`gC-)4o7L#sSBI!+j;a5mBR`ShNNkQV)jeLZ@rvz>6VyRrBRf zxTN-nXf@;gf@&U1*!BdZIho@^mGZ)iQY<=V1f5W6>_Z2Ys16xufRkzM8EHR2OT3zy zL!`q9p;G~}W(*G9mUF>ZJQDW35W9K^&MAfn3pKfQ>24jkQ9wjV)FIq<#V-LxA_M|X zfVrRQ94i#dk{J>%4f;#uxM<;BX1ubf(74buXULTs^v;~ff=2DVj0!P3LeV_eaAhAMJ&uG z5wM4PO*mx{h7~LqITB@<#nLnr=MRgt6I9en?fi8klUi)eUVXL0 z(m7F>)mltrEHzVest7Zo<>3fx!%P6_5+(@^v4bAzcGe2Hvv7;>*je%wRs>$eh+q^) zbb{t}1}|h{L4pl9WZ-babz$LAp}txPqb~t7K$h=fqGSa%S^+_)f6sJ=LuR9GrR1B zVHU?2qy^w*61^kQsb+;9vDzV6StL;|c9r=;z9z5^?VyUCK^CR0%BZYzNb0zuQUMfL z({dbvrLD1N#e_>tMxDB$E$O-V&+rwL^V#?@sAY+9U~^kW7amEdAh?#*Toi-kPOenS zz>1il7_SUE6H!|h>hqmJGSJV2Sa=aZqgw{u79C8W(q*!4JyDX|Q&a(vlx&_F3H*ww zcnw65Y7jz&U|1Vk2IS>~lq?9Cx)INS7T=UorSIG$E3= z(3oh1>ggj2Or)!ZM%YqZ)xrVM3qN$JkBQE9(zSsrp@w7IBP82$=oXCtrcHypFs+&D zUrgPKUCBG9Zfw^3jB)t=r&s?kW&&uoH?MG0exL96(^tR4si31b_Nk9rLwLG>;5BXY`@F-r#zjuM z|9rhYFOGe_w>5rW+rRSvJneUl=?|$O$D=i$N7eEB3@-9SIrRPu5Mw6GGe@VG<>_?5 zbHR^!6!^kJ#IJyFgr5Q*0bd4>qxo0W|4rrKa&kMl9bJvDCpHnAi_gUU2hhm*f0mQu z(ZTpgVl*+jI9;3$P6x+-0?Ub2#OmU;aXPpiTu!b>7vui{u#4NpZQ*oqIyoPmj87+K z{}+JU!R_RJbThu4*hTCveiOI#4|s4m+8;L-_Uo%4gil&4u)Gzs7Na--EdI888uX}; zI-p6nYd%5q47$eLK1(Gh>4&a>b}LpU53E&2pFIYCoR?Zz%Ug`Gi=MSC zDK~3oi*`6QXDL>PntwQ&-HBOAEHYca6{FXKS3m~AxfP?<5SD7(jn$(Tl~Q!k>71wG zL=M{VmQ2-557~#2=0LL74PTK;?f*TA*@}|8n&Dz6*p)>(> zXAz;oGdSOFvff7zRK`e?9fP|_F%`Rt%PBOv^KR3d257DInGR^Eti=>U) zUIdg5oolQNf&sSCk!4rC%7sg4c<3iITck@r1dPhk7rc3m2d{ooR>ccSoxBhDYww}r z^Xk*DL^;DaIScMFwZThJ@D3)F0}r7Svc^kTz|Ii;2npC0)q@PwmbmXDvPU$$g9xao z?N5{O{jQTY1A6;%nr;V0nZ%xBayeT}a|+ivB^!|o_q~unird=GdiMUA7V<2Z+Ot{E zCwXNSzM}x|b+>apN53*m;?*Qr`RVC%QZK;T1#c zb@P;S+3=0_twcD}9rW+fhNEuncD^p<;0ph0&bsey%rD%pl5C4Yx;SNkbyZ5np+A0VqXto_tW)J6Nz()w2xaQ%R^jR15R-2bC# zv#2i?#dK4wOQK=5NFTpZfv~D{9G@bO`e+-j=j<5d=odhMf%fdb>2=xv&5!&ao=dC_#JNGv`bDQvtnW*Bl zCHM6r#o44mRfg~tl98C<5Y5uCz8i2^mJIve?BA_q+cer@*?!%sr4wtPv>N+} z0J|O2!rMlPK}PM$eHq5hHu>aR$s697B~M>$G=3E3NVn(tOi#b3J`dCnf=HrSeM^6q zg^TO;G##YY;2S4VhIVl8vD&Hx1@JA3YYsu7>0rCi@H8XAC+Klt%Z8F_uzrq+FKBnQ{Q|`d zt8XAAfx%2Oi`<|2@Hu<0cOd(ipx63)9EOdIXx0T6NZnJ)$Cm2bv0w zA|U5NjTxyRi6VvQKm?1RhwmNUGa6yiJ$JOenn-?#E=3L(MQ)emKUzr|i{`bYkL*s8 z4mN8$l3EpgZ;?L2^{5wbQk6G7yA5Wq(OynNUTZExNI`~BqFK}s_GzB%-@J7wgoTQ1 zHq`NyU5CVP55T|OtwI0YR%QBMBY^)aZHLHj2n3&mF|EF`&KdtKjeL7=h zVg9d8{r|nCr#eg(bmkX8ql6t`;exxkL-uZNX7*t01_&h_++jh2z{3R`+}+9Bh3^3D zlc@jp?ACbQo>E&`nYrHH=+S!LDuYuonX-~0I)f`0lmL&XM#g5Q;upXzr9C)-Ndf2L z>ST!EUQGdBO;uOtM5w43%?Kc?TZ1RGM^Y!?_YYiHfhsULgJN?7uW4$&BUAz?2_Vd2 zR@uOMm9rcRx4nR9srJj zGd8^Sh2LE&D*)h1P4H$6)Mx~ztm5qK;^OdQu4ZI)fu$4!;D{*d3JIW)j7U&gST+Np zpaKr4j4(yH`yS_5C zDfs&q06>dcU0vJ{4GkV1-b|VuUEK`aT-r>WyHg)lY?UusDF1xfP3#2sVi`5 zAl4C-{9$vT4h;CHX1c!xfT;_J#+P<@m?_kJ&PzVt2 zkKMlw8UdVL^GF%b7=}!z3unB!0>N{={Mb^7KRc^)LC*FGWsj@>}}E`|kR86=o6K zp3Bp9x34VEkGGAifF0fK&&7*B+X4*F%?e#D-R~X5mwD-RKaqoZjo@!x?q|zSx;Ubv zryl@3I&}crMjP}&T_Qpo82kA0zF{p{4vo+kaT7=C~6Fksn<~O!uP)A1KYzcqW zy2e25)NjyUcffDho>|iu-fACOfO5+l@cO_HZS^mP!&lIaKTo}5z_<3=x8~jC*1+^T zeYgSgWFJ9B(K7zvo|C30rxu`~e+|H7^>2_t9GkzO1EbBqH(ITIgATY{{|c}%bnxeO z^p_Fb^}b8P*M<$@GZ`3%|0)D0JAM^|aXYgB?kc+pMDv3lntYZoz4Kp;Lz-PfxU{;x zDSOK~5aL|-v+v>m8bmJQzfF$*od)#r`!<(e>nHuJDzMr6_;MV4h6ddJr6NH0=!kAP z)dw@^^WSm|gzVDd1pdteaxkjJgY(A>fIfaPAMQu=;|J`>;Nw+D8I~gZ*UzG8aPNo|b;VeMbTciEPW>I9;bLCnZt$_$O3@n`C}a zejyb|L_-}}Q&@tTP|$#-wnr}DjUD)|QJm#WeWU)QfEFA_$l4T`033phVHe3JS8Z0p+XzqweGkW(!Dlsyfld5?pafVgWJ?`9c;9xJNn zgv7u9xSgtHO8^k$6?*w=CPQvXKY2c*g|xRSxS@;GlBH1S{KX9mNTKz zaVC4@L1xmdxDrD$dYtc}fi5hGYaQh_M#L>!RfY6LjcYQo;gBb7vrwib_e558;I=_d z;*GcvN6F{(qJK6|bS6WwuKa>Ze`KY->hbm(k9MSr#oKUme@JOR*K98TtM{&3CyrOy z(2>QTd~vR7Gdr#S_r_uJPfZ>QTF%r$+B8I&q>%ba2W&gCz%NRp=PK8{hlX zUj6Zj?YM02t5jGFNB$sqAwIUM<-(_0=Fy5uEjCZx$>&o}=9M*OJfWW#hm29R>h944 z^j#M8%u?Uu%O}^SPUvCu$DyGB=xc2+dv&|7M(IFsP{ZwK0>Y5?th>?l@a(=O^z0%+ z2rj%>`|(PR1%;J`*X@gn5BYf(zHuiYvAkXwl5=zE+xA`6ThMpRXS)2Ba`pw~S;=Iv zVFnw7GSkTR`Rs~|F(!}R6+h=-0!;Q4E{NsVCw$ktUY1M9_q7hNt4A25p04|!HB?ZK z_Ny#Az**O@RLa>Jd`G+K`=~9~QzRU4h>oF*EzDqz&Kn%Qs{^FAJ0zTl;^r)S{~cxD zSRwHEeqEU7<*$M*Z9%S=F)!q=xlVZV;HXC0sSQPvKJm=W)7g|~`Y?#g9ItLkWqYhx z5#l#yvrP-tDIizIwiib(V6KdC{Vui+!8BtxVF?^)HqQt*pUcBobxQq#zuudgC_kZ5 z0Xs~wlT5LdDVLK_USvz=99E-}NRgIT^rH2V4WFEVN~pbb%dNpU`{5aOy?=5o=zvcT zMtgy_PMw(0q3IG>Z4?H`){A#!dMhR>WN((~W+_+HJ4x?f3F9X*7{xX9wb<3M9>*c1 zhmf60E_F1k2BB|M)?iz!U*DEolKN5{Cw8ntxgnB5+G@oAs84&);oZqjk!VX|RUzk# zq^aUYtodxzKPIw^bw;`1+%3K^uY_fREi}K~Su9@oBJ@r!z4}|L?43x-kBdy(W*S|5 z!o`QH%!H^GLE~y4E8}24EBCWw+F{9yO(45;7prfCKy8Wu45PexmhNc(bLfs!OW649 z9;q6GE=BT{EzXS!8g(#eZAhz~b^=dds%{ov9C$W?%4D0HFXk3@_D-*UjhZTrM`Y*I znjidz8tSz6Zm+5iMSi_w50MD}f>^BQ9*LL__X0WhP?Dn3?Os~FsS1~P#a2pD@j_)) z!ur!WK1)-y)buUDFZ_I?SS&{NbG%_xS8)I*8UtYcFyl!72y4W_1HKqOZQO`7&l2^x z7pl5%7l&NAGYjScafM!wKcnvyNq8oj#Ai-qi?;2y*0)n2Ruw!S(s})U$U9ow*&D1tLqxd4#-3C+1q6d|igyT&@%oq19TVY-jYu46QqY z9SVas^9^_cc~R92x#z(yK96sE`=Wrr z4U5(6J~d`1?^)JA^a+tII0u6Pa_;aUpKsbV5+p&t5t^qPGUZF zav|-DRR-9WjecUkVcJKIGF#Vdh=VZubW{3e2{exAk=kih6XDykebdxQe+bvw&iB+w zGnT-vL%18h z6F>OK#Z_L=|9I(k3^CgiFt$0zgz0Ch{gj|}tdoP6uuq_FKL_>0YFEL|=Xa7=$sqFu zy-i?XbF|J4ZQF&{J(E?UcL|WlH?RGjCE{OTTWkejVJbeLJIuv$79>cj!c!D!uX{PcB?l;$q1PN0BM?AcHT* zh@Ler!;OM>6J7$sa`#_LMCD|DHH`~|kjJq0zpRb-r7l~@pgNQW`&atb6L+OPG)2NX z34d*1l8ZE;gkk92y%VHrSl1|Iv|>Jk}q@}u>)N)F+JGX|t;hTaL5S|3kE z9(?0jdnFZcBNtSMpP#lL43|wzMA^EU<8Nj^Dt11+Ra&Z}&j& zh@*^RpCJPs6F+!E;WA~40AIR=*0yhJW+rjf9ENpOGgj=b!VmnBgk&893zj#VG@ccb zJwTvw36drJYu)obkw9O1PZ!z>W`*lIKrxFmoGvn3y9Y63tk~ z7U!*A>KGGZMWh7u$O3!#+SJg_QKWA1B|@y09`z(7B;R8~28=Q1#5S`iGk4+G+ ziGpLuS(YQHEB-5#<9L5YYte7)o8xBWPh=*t=FEk-?$J<2ocjCSDiOYjEqh8_8%#tqc3{A7+Ljag z)iZF_bh~}TAEqe2avca

      hB1{ib+6*YInA3Ikb$1H)M_vO6lT0jm^2M8UeD>+B|r zcO>Dp2-EcC)ibdgvYr#!JW){o+}kzDt>;)rjDIrtt;cAQTpdU)p{ud9ib&A{oearr zXxXXcn7nc9qx1w~#E@d5*HuPmoV8ADaKBPomcM$JX;L&-65YI&aj7VlaEjC-!@;{< z_3PJto2K=xHn;MLq-XQprM9f)7h)L&PAVL{PWoAc#~O#T}#LQIXUb0P)nteT3g91LdJJe5WPS>iqH(nh5!*13_gra&S| z`-%|`>SXX?{vctN64MJK!)3dUi>ftD^+dTCPtYW+p^1oFc9fc|Vy597d`>(}Wv`iVHx7H0X*x9dLTYkun9rjL9A+cmX zFqpjozWtp*iHD(eTiC~Rd(s;ctahqNxV;ae-xUi^e(zVK*iX)4u-0aMUD*IBbW2XP z(fid1!5?L;b~oMmq&%BmQZ%)3K4j&~7Ssh4p~{Ki!v%*dzyznuYQYy8t{*Z#tK0ax z4yr4Myk&?+dvh(Fmyfk7BPxd32IzglFRf;j=biJsF@pqNyXd1r9jxXhCiN)Aa=CD& zqt;kCc(MqH;sNGhh;*%tPH8Qb#k@{)nuM%KpWQ8uo7+m4A2=yI%U(!Biq?I~#m8|H zSx6|?672m@#Ec^>f&69(4&B9JGPEEN4d2iPh%dw%zR@b#zeo;aZx`Q*Sj*P*L_ute zDfb&#UQUpm@B3cxbI1QvdRqiNUXOCrpkZIpJy_LC_SIhD7oDyiSl={+e*AglZ?^72wO3g_BvPoG0QfH1w`&SPzbd!oLWY|;ekIQq(op5~ef zqZosJ|5pz;+_uHxHk3jEW_<1=1jd2^1mvK1l$QgV+f-LbQuTTt0imO{ zj-1+P#F)!_)Y-~S2daBS$IG}qf2y9MC(L1bOQn1j_v7QqKZfT}%0?U%g`Un^TehjS zuIAy!c6(r<1l>EU6G5mww6(D=xmK^t6f%FlyK==?)fI_=pEcSbSgtzxQyapSOoer! zf@U&M5bY+b0(m;S%EN^cr_Jy|YHGwpV<_&HDb&nD3L|3o3sU|BybopDMFF}^X1Ef{ znTb2gh>CIqRAXu*n{`MA4~2rvhPD1#Kv6up)&Ml+tU~EGUa=t zXW)D8qjP&7cH9xvnRW)W)QI}G_N>85n1LUT8Pb@~;w93r>0IQj2cOatM{RorWl=oV+g|y$iA;Ki(V7(Cd%o&kV;#d^*x5 zGFgKJHQz23-XCqY++PHbBZ=g9%zu9IEO>n{+vR8$&$RCJJ?1Knjh zlA&UrC$uD#Zp-QTN-m#vUu!|9t;sDEI_AYjA#_tZOAHd~gAyI^f8Y6hKks|)WO0&g z859Sf+-i|4*URkY;xnCMU%c{A`{3>Hxn_Z{2vUidRU`hXSw}==G$FH8d2vL!nPW_2 zluaS@P1{mtFlfdk;8KP6tz6JGF0;`V$_x}+E?t8c{)pf@l)6xut@ZFcSF1SF6#1!f z7djp{N1My$@%t>v0fn?DT{ZEm?B;>U|8cxUB+!z~G|KQskxLF~#GH36*fe-2Nx6Pk ztsrjDvR>-aSJslA3(symn=9OYr|by6(TV*I%+q^aTKD8CtxJdhy97aUn)z8+z-Qu# zn{rcBfuMn^V>i}`uBUfqB2Zc_EVhVP0MIv|FrU_iyxP8PoO$XsB@OAX?Wy|c(5(5T zRHb%?Xvkl~DCT(S8{dd<;UiSPZTf+zgo$;!c~gzCQw81TCkwwZ_On!EE`lLy(vhgW zwD8$wr_V;)M}bl`SY}d-E>Y2{5wj^BL#B{`-vG5M2|{L!JSR>0He8C-@BV9d#R#tS zrR(EON}g>Dy}kp)9YKIy`hn{R1PQK#3CwFn`bf(5n$6Q3%sD@gxzgF@Gc?nxFIL%I zB82`%tF{a)`gmX66Vr5(QTL&FkiYB{cu(aTRh4V*A@-uj8$G>#gW2ChWwZz(x#D>^@mr!TQU#vx%sTBt**bzeTe?XO0atcfOlb=>#l z+LhhjPRcV|p|yQxqPT2)najtsmzkj(+cVT8bJZ`FSDDpxG6cl>-sa0EM?5?-zcuT) zTZ^Q;9MjpoNJwIz5CFz~fi4r#Ax*4`s{fz7K(7`stf|b0V;E~G_jY%u_NYbAdPxhQ zNE^=T$fMbV>%-@`UY4(bB!jk$zQb1q1CBIa+?iX|37^SGAwNAa9W{J+uZtf*tI z^z%u_=X{LLd6Txr!CoZxRoAC!z`)wh-%7O7wW}GxE7%jmZ`rA7d_j6ACYadv7WwvV zFGQK?I-@0ONa5*wmHrn#-NBHGc2m7t+>P=L!+}eRl7x1T#mpp~WYqyBS2!}9rw=}W zq znH-#E^#`wd3eHQ;S23AkE*a`7=dnDuk8aiOUf#jIe^yR&^OaJ0G5DQ!mx2ru8KEHG5Mw^N4PrOBUy>U5Fhg7Uz3Hlgs)?P(0^7hr zn(d|F4(yhjq?tN^{aGUJNXe;k$jRw^jQT5`J6*j0vPr2`6eDh@vB$`1Y9;XrLL3TN zR*DS|4`gex#d;<4IjY2g1$ISXm$5q^7qT({A)sNPVn}$9Rta^L3dQ2MQpsw$B~rUA z1k9bU^Vl8RA8TmmI4PZ&9hy^pJIQlRwyS+P*aJzwyXkhrrQL6DYlkZUiM%L7v5pj4 z{i$a7X9$sb7Shd*g7>H=T|&{tuRlU;w0ws(due}lXvo&2wX%TG7e<|hd)6z1h55tu zLAjDt_~b*|&#v!v-`LQCPkh|&i@qZn`GSlGYiwsX&E?Zyu)<+Tbvh7FlY%zTX=7qF zM29L9V^Byz34Dvnmun~2RvE=PJiE$jt7!6=^8o!R`n`2xs-AEW@r-O)zr#we>$BdG zHWJz`0y!{jMPyl|L|=MMDlpnZwI!h_l#=IUjo@|SlrCWln?o1p=(>8aD*UZEf3!1g zod$Y!Yo;?FXT9UApD*s&T{;ayXn58dNv8~4O?X)La=sP{B4sD<^WNARChBOKMBYi%Phi9XNy`SUS z&}EnQ>XrWVA-r_WX-8?@hzpm{<4$qq!hwmVf{@d;-8^*m4JxE*tWc}Q(2^BE(qP%bq{9Z z62?x4Vq1-%hw`6>MdVk`FM9Q*C=MSL{aLn&N@U2KcS;*MJ(lgsRRQne;PPAzg}oPg z4MbVqOTO(&TcN@?xB>8MP-{1xJ(2FHtn&go#(I}AT&`65YDla#pb=(O(*ha`Z+{U{ zJT3f`nNCade5%GRXSogZzp!!o#+&Ffik$Ud((zvf~=0LNziQF!Dh=EhI2B z0tL3@3APBeF1A`FUwFvQXS!k+?)=ZK;eog+m`pl6_m7_ZKEuD~HXbV@n$Xc5R;j&! z6({~Ge47`Cg#~OzYPYw^sBnOv>!wGXgk*rxH0J;=w-)?E>^#8cra6D&s`1}Eb!rB6 zc*ycvf(ta^pk~Xk=L}uYJdtgU5_R|}$5K&d2!t1oR9JQpVy4P1s3zit_@tdG8GHzs z4;>DzQNM&cY!;~5hpFScmIN#JQ(;{0@rVxue4WH)A%!R-K^pN5--hX=(LDbB-q(TcuF;NqJvGfFEW2Ku@_ zw)eR4Gc%UKx(Rctn?~mwDsJhx-x4AL^&BkGNrymd`UMSk;S;BR3&Sy3_~A*HwB5xx z&rI(q99}%cX|o$Rt>t&sdzI|@D3X?fFl^p4?Nlc3*hQv(^!1+L#3}Nuki5PPJ{~j1 z>j=Z!f@IUw4YVhs!#8+j1lit14}KbBeI$76LtS5>R!=M`uQ&W_)jr<|bi3@c7!o%n zeVCSs8AYvAEy*d=r@e2bj&d}bhaIjd7jtxm7wFZjHB*?f8S=|n-r@MHDHKr@zot08 zH(s493@WpYJWjPgYnBT@0aNgOrsM*mvUY)$VHQ%WP=b5id67s;n%3og4%rD@VJ_XA z!x~>R{bB$^=<^VBQ&5ZLI4qFmaGih5foqF`{Ie5@7|jkC*d$9$>9f zpR+R~E%icdqV*avS?DluL@>3Av2@H0=xCQ-Nx%@O|A8T|tRN zNmHvhyT<{!Gie{K4s=e+*9Mdax-4@^w&xSij8Is61;0j2N`aByt`KSP+|0wxijiBsRF~{QNb2IkFj)N8z>il_*b+UTEPkA+*8lbQ{a6 z1k$A_Yci`s>ch%>M=P< z0Z)uf5T+BK<`l54Ymyb&N}x+z+L-d>`V@RSb*ReWqkp=(g+IzNlc)mfuo`wAnD?rd z`|4l$URrHd^nUpM9X73XjsE#TWAvlVRn|?`XAK*^0mEcx@@dw2M6rsm_-j^V;CVG^RgrLWZ@m7c(rTA_t z({8nJRa=Y4zX;M2N3t(5Z7A=cl1g2{kh)zXD90eMnVda~w^-V*GR0M3c(QFGGDEa4 zhxsv9LHUKi5`xMt4CEY2^X1D$+4u(`$^}sqf>iNHpuc=bIlaSovjj)%g$N3c=V>a61Q1_}o_i#~X)NFsW;yF+lgu(sW z>2$Hh7(U()Br3-pF(FbK_wdl;)N)ZC@IPd*1f!bn*`f#T^GRJPyJ z{^p>=J>4AkmB^erx55WSy6O~r5j7`!k&BJJw+ehS*8Vb@%D9%|t4sqr!B`u!T5_^d|F|#vD@YcK~MDPCeHuKRi?ePg&uBW<(2( zpbuQ#xu#KFMSv9J;(M6O;up}?MxGU@pvk)G^jYq>+o7wzy3q(>2Tv(pcHP7fyTT8WDLi=JgMV)PUxeLLk1$=-py9S{+qP}nwr$(C zZQHip{j_b{oHuhY`I4DrPWDfzU8!2@zD&mPhn{Y)>F~>#b7=01(jD*6v}pc~^T;#9 zG0^LzCM-sJ&SYITZURkwAUe1Xu>6#%)Zhq8Mi#4O@5qHxox$f{|dOm5lhCMF? zrDJPuo`BAvorM{yC4|3aN%&Bv9x4fSpxaE#mwQ_$EMl{}k!YrM**%89i2F4urwG+) zIBn9^wI9S5zM0Y9CTX@u=0$FGvB_nUJ>hYZC;yugEpIOP#I2n{&Z}6MAJ$iMBgYZT z_&C$1P<&nOPdw!Nz%WTiWGHO*SC(12CGT-LT2M&{7H zRRxx4hQ|fx~7`NDvRdlv2grnIp@PhPJI;m8l0)qWB5k7xHG<`YIOr zF*1N$hKB*@ie?VSwNq7K8Wi)v#PV_eJ~PVQPWt?WGekX|Z-rtfO7qR(vdQBO$BBEp z6BXA<;6XcJRkP=^KrG!6XU@>BT&7>ROUd_UVs9vi35w?^n7jV+-IqShr+;~k9?@|E z6#h?b&ei&$7kLd2EM&IPhAENg@vB z2LNSNWx@g5b? zNa*?=b9aQ|bwB}a2AxOdXERzvrM@-{tk9*~y;QvUZmi?9N-Z+)Ly(W|aY%W8toc{- zFvFXR)uQ{cTbsdmETMSGrwOp)okZ=P#lqPpHzcw~ghr*kcb-9?uQri9fxUW#5ub^{ zn5Wqsi1>=E^@m{F_GO+bAXoK#A7<4lFCfmCY9MGMAeHWuc=F4^Y1joe3k717nU=oc zMSVN?jnWm#GiT;9R|mKN@2`E7T~#Np71w`8g2X1*lp&ot8bPtt6@Zy;@8Hfq2JR!a_^UvY>5}nX6u*BXhEV)9*r=2QI6qKeKiU;Eusj&KL zWQ+XKKwrM__0`PogaCF@`4lgl+W^rF$12kLF`2-nQF4Z>CXHf!kjqFJZT5JA#NS9H z-Q!Vsxy{;K>LEGCB+l_{B$F~+_*ThwRqKxCLDe+m&*`owCu!$A0>AO5qBU$q`zV#t z+FFZgok?y}kT}3m=f@gxEi$1pKHda}X%YE?1CzRKHtrVOuUN)DPyOW(n208k zy-0yZ_uFvCnu~||l8c9m{0SpHiNVRZrBZk9Hqj1Y%hgsBL26hU5xjowPhshv( z2s<}CA+m(=rzTkpTv;;FE?&QGnzT@{^k0IQn89nn{Rsq-0ENfgZ zGlod8ut#N3;C^$tj&S8{Uw7k*c=ur5Ym;|3%UrN$Ug-0n`W9#K?}%0^%(vr0Lq%(q zfRo19N9uRr3tZ&0WsnV>1JL5j_2bT`2BUMXXKS5wW%A#K)>--nd)kI&MX9gG`;bBb z`*CGvII#(Z}Q*?r!>;?71?nzD2^( zW3Ss%fdBb-1?2tc+}^-p1Qi55MFs-~q=7n&B!dTcP^z5%g>8SWEaiL%g~kLeOO^y_ zn8`Sj0L06ohtR23AkNm05hH5Ykn#Qj8)PA;UfDceWXP8n(WZGEW4<}7lnOr|Vd-42 za}&Ry4^rvb_8v_GK^x|~gl^Coc6?hYWB0nf7;mfQ*v@fyKJ6fttI>R+C zJ?8~Qs?7!0$EDiW-%6%P)N{7!>N9?xXG-5Lp&s-k7d zdxBVlyy3*PHJzNKzARHd^4c(!zXvQp->ftlkL$mn)|(Eo3!5uaW8%!N8$!Xm1Pqs> z9NZU8+`kVx6i6=(QC{k^Ev7=O`(Cl_eMgTxb;WzFDMr16_(#y8c?qN{lnHIj%)S(9WhPc^eZdKYsXU+yYeialRo*^|58!qh|W?faFgo&(`lvp&INT5^6V| zYizKi5T+C-Y~&so@D*~*FyRS9r$S-C?x9GbcO;eh>-xZ9DC@qa$_SgX=mm1^gNUZo z^Z=MMa*$T5l=w^FSvsL&Ld zEfhPH%5;U4;ISQ1Q~=cBxMU~JkK`iu!J9;@qEK)CMt2OBaZ8k%J-D72uA;ACdYayU z6S^OQm=vUJTKNIqI`rbl~@2A_4hfxP(F)128K2J0W!dwFk* zLn~(I2HZ5Rfd-W$zh0|HeYxTFGBRI~6Ui8f(P^|5TT_SRVd2;sJ0i6a_-ds0K72TJ z1J_~^ae+GzvSyXv3m=syr<1wSyHR{1H4ghCgS+T@+*LHX8UZv<#`WCRSjq3i3ODQg z%qo6eGY3#bA~zrBG^h=xDT^PQjx7BU5{JbWdsc;wivMdD;roS*AQR%3&2RP!(@R#Li5+FD66wFXA!${od!Cm?AZek}9N>BzY()YyG@v-NPnHXq75L_lnA2f?2G3$l-PE z2TYgBVb8y`gHyTEI?(|c1|s4kBrCR9aDSFC7mJFPjEjc37>&7oBSGVB82i0*qY)%HU-TAaK1*!(do;dw5h$p89M#@_we)}i+wq&WiH zy>bc1E7wRKCryjLXKl49p6COmK4}}lH%IrAYr^)qNW?!jJTo7-y6PBV^E7_MP;ZgLI8`#^IQm`x4_48djr-Qq6vuV1Z@G zgqgWyPzLfO1?wvaq4xZ%<>HiUt)d>{hje#IlN32t>}^`v{55R|dJY`J?1>boB92dWVz|Ej0(-*~cp zPK6zdfGRhCCGrK$wyHLJdGu8k-S6n z^l+G&?eSyN;Ja-_W;&SHcJqJ-s5~?Va*{R2viCG0P=X*IceL{R<$uqFwuHqeic6?= zB!3l=!-Nq1wX7y+0B;w`|3%eh!ABKtR6CSI&zj}LH)9rPk0Hz{if#{wxkMf?t*98v zJ?H-peh0EAc;7nt$Rr5sFvsj|x5r0WWT{|boy(I_MQk7`tMKUJk~_tvP`Vv!@UG6p z?w?yOi;SR=LlXTy6zrFUWhAg%`#dlFp&F zQycb&&yj&oncfxBmF>s}m|{*WG`y$0(y<=1x02Y?yQwqPJtv;0DYZg~yIt(jP`p9(waQTy6$%o>XEQ1N2L(8Sq=?_|5+lcX;)jP z%=i@T%}0~jcYnZ0CWmlQpt0C@qNYQ`aHUnRZIeEh^F*6R-p$Ur^n}cy-51t~ zPTUQ5;GQKMQstx>ckdm;ikYe<2d4FO>qjcaq4Hgj9VNEE=2qlS_lwOrn|6dbdpa-r zMtOIx`5*7S4qqjotZBI~7Ld+w-dDQ6j-PjjHViowq{mE#Qa!lp-l(j= zh)kvjVsltt3c)vY%IHh76pUr;bQeqQj&c?HqTeRtgq!2mFK(ob_0{%@5e`3k8J$>d z4SHtLPF7+NGx?r<1zOrd!wv>x0{MD1h&#OC;I)fLZZ)&C(oePgsBCI)DmDr|C%dnq zM?Q8867y|4h8zM&1|mWfXlfCx?6+HDNg ztUkfZ?-kEL1p)2J<0j))-60L-rzxyPl39e49PwSz3o31Z2=zHqZXB9;kP6dlP@^C# zKfOVe(Im=C3J&7j?4?0MO380g7-NsQCmAb+o+x7KT}G?I{^m57WcJGN(do@!KwY7{?FR;gpip;)x5+%)#HG|1h8Dstf zDW7iuaG=5|jweI$qE{mFRY^!2X>Yxq0*}15%ZU&^Jk6t1X7r zXYrERS@?1Exi>-DBluORy2AFsW30gGfbHff$@FwV52iwR*wFDehCgeSyTNqRGZ$*- zHRUX(P-bHzL-+ALzpNX9&%Cl@tQ-TqG+{>p#>tKrb_%w7C?_W`P#`-ds(b#qk$ zhHle3!&P;hQWMkFsY+|VTPKN{Y^-O-rq8iW^-HAcL0;_wZN;@Zcy?Al_H%=1mG&9o z6=9^Ns+e}2_keZy*qxEcyDk}Jrrrf7@fz;lhNI3{zh!6}juYLE-O6W7sM|Uuet21s zf%h(lI3}g^<;Ql)qQuhDHCU6NaS)|6{36P(w9iV~29#6y)tnIV%qm=!i{27J&8b1y zaqirYJ#UWqEoILn=3J98Zt_bL%vZ}nUX-o^UsHM(&hJTE(z7R0IFkI#$kJ=+e#5c#A-%f*N`)ckOyCb`UmDk4FwWS*9s z5&m2Qim0vc+bCspjZs=>Aw4fYi_~ zs+j@aOIeR$O%XYo>%f%XhadK=E?=8!r>5Wp>f?e&elW;=z?Mi zdPX(-k)4(ri(Xw^#SOO`5v@g-1Nq)tOFMcGq*v=Oob<#wfmFM*MYBXdJd+|_wD*N* z0aBhUIQ>Eqk5yHNeyhRFyFL1m&qfRTG=mux&v>Yt$~h7Pz1haU`I8WoOD=#0+H%6t zIqs(+gx$S7Ga5(4^5Gt$>kHj+A54bYfIj$sXSBwi#Y2A4$Agp`OCvR9Ph(@< zAbs6ss4!8X!$3t|hRGzELNmZOFTP&=M$@(Dp%HQ-?6MKwN>e`XSrFi*0Mk!bjMAeLvAlYH1=+SfhhVOnl5 zzhpf>$q>ShdNC$<2{u*FG?A2_gb>B2`9|Ji=tCkbeUlS+;5fAFU*R$bBTbsiMXpEQ z#BH7e!x|B?_yk%nAd0Is8XSeoBjn75q+PV7e+YXvRP2t-O2yWi2yUwZ8rq$ zE|-}uaa3)iO#+?q9Wyv1tk-)WQ4{M*Av}v7e*kBm!#uu|aHtHqxxq4lu>%>S^%qbW*6iDk!+RBnNpqimz|nvMd->kmi<_mc z#-t*zNsO|5h=B$Ai{F@QWxD1R9qIr3r%qU!z$U!z%Aig>uL&@P)_D~jq zkk`<2(b%0JY7y*h1n@eN!}#F6d#7?RCe{%l88B$E+Zjn{6eKGEFK6qOrU}Ne#l2hSm*N}C;xpr zn~4SwPRvUMYoH^`q)y^8p*-J6Skq?cmPBeu11R*{rXw zB>OMdWb2#Re^Ni1;WU|SC#@yeaX?ixwQjjP*oR;FYL39Z=!|C~t**{rOBuHszcudi zdZ&@@D!@Ym6R$s9Bmnv3Zj&zeWnu~2?y*BkzYl?ots7b|NH3s0B&|ev38BvZ>+v9q zBrNz~y9r)`B)qQr`Gye=W9d7v31my z+C=t3yNR(1S1^#?4!qUVTElO&b~orMCdGD{0qfQ*^*X9@ohv31)lD28fXxCn(~>}B zm#)QV&`x_-@Qf+6&=(gDhSWKXu(k^Sjm>2K_JP6pY$YTFkj*?XM1C^cu^LlAO-Uf=}#m1QaRHh-g}~ko^Bj?kyvFB z_aH*11tL{j*lB&xNbL&aWF>5Aj-Q`>5zHP`l(eXulUm$WT2SCNym{qqlH&eG=WIL> zBDNOKuT{k~e&cRhoc(YR8r#%+_!D?E&{3^x6T#sPtK#VNux{ZoawGRuosn7FZls!Y_{nnn$o&$(GM;6z zm5;Ht%r{(l|9rB~QJYuP@`*r|<<}CL6pilYo}!1#G)pHJw~V1+Hu6;4e>s&Z+iM`6= zF^e{kL&`|2GJ6aLm@d3t0K#BcqvJkI?IAn({;VCEVdflr5I_t6$ zL*(lcahyfKv@TZRx-S-(FO8n-Lh!dAen2+D$z8M!#V!Zh?!PW!=dE;PT3p|!VLw(R z?QfOHP26h_gg}f}HLy#wvI+n7g7~eT8ZMel5`FSSy%$1GOmU5ofq^?PxS$L*qXyNu z!eS^?U8XG^3;dS1tEcU<&1%=^wNGElAv2_$#G=vwsg4u6pZnf+*GL_4vFmq#fg-LD zjGFXrjN3ao4>$NI(lN-uQ+7JZH8hlN*WIX6O!F!W_Z#yK$JBVYK4$=G5YcmehjcqL}P#?e}6JHvo-Z>x%AAWxvTJb zKci~3staQQ!lDwU8bXt|z+~FtkUOXPyZlS0bB`s)E|v-dY6?&kw+_yHmVs z34W)9K?zGpY&w^#{iM)`tdh}s0%;Bqs1Pj+lzGuPnj;680%G}{G)3o(Gm4zF4lf7C znIu>PgDvAl8eMYF$dAw;*IXBMAN#&k)=~m4WN^Vt>-%(?$liX$DxvffG2L=8Hk+E03Cd4S)3qLVc!$xHA#9DmL6_tD*ou!TH~9V1t?Wcp9?O}8r*b?p)nlM39aCTBhp&5g5M+PHK5-rR3q zo*VDW_E>wU#An<%`Ne&}fHL?m7eNaxYar7Btb(#eeIAL8}h5gu)C8b_kK$Srf?KM-8uluxl-`e1-%j-OgbZGo}j0b6?m z>Gqad(6Xkz{f(|LDTON<X7yS5C||Y%!j(9!fTu{DhBf7ARouTj*#mC{5vdPPFcT z+w){#7R8NAf9EWTX@Y{1-TEdy%l=h1^8swo&j$u2gL|9hDM##F6 ziY6{RGL2>t>~Ekp+PKIXkYBkXyVg^XqbMJR!Rh1V6}8RAmq=s-28gw;3#Nv=;-<&)}h)Z z%^(>;<6re=zeM=Q^q6^ML!WIR)g=EHQ#L`(FCD|<#+c~e^4hiQW|CwD*Pmvcc}t~v z61J`O!{??(K^Mh+Ezc;Neb~Vs`dQd#>YK)$fID1BG+*7dgD~EIRvrT$py|X>|$o_cnJB&+XcQyx~<8Y zTSukP8P&A3Tn2&F3g}|5k)^b1vjVu>=WQ9&WWt%7fRFpUpa;pPqhvkK z195y-0&y;5uB2U$rnU>{DkgVm5(aI@2%$2`>W6G$cCfP%XtYmu>Ph*2!Nd=@(knK3{+UG_t5lTN!VUugrmT~1yPm=hTW9wy_X2fPe=!E|AZzXFJBJ z5Ke!X>OoRgg!G?~^yTijd=P~$L}0!FW)Q^~))Q4A6+0sfu3|Md<3A)8luKe{w+u}2 z4iL;SRqDxjghQoqdPSfHeErTT3-eQ@F~7M_5M0ElaK*CHY|yeNRt-!I7;)&mFq%UN zO@nKqe`Ha^GRddLaav}`Op}%B;0^iLblc($qV4T(JY_lFl`;U4=7yY|+J+8=p~mL7 z{N3G5$RB8X7)bW4?&n^+$yQbf{g_#)&7HuF^ z{m#rnDYgg=Q&IS0o^W&#cnZ(3VVtoOMjo;tGdl&=n&FTe5#tw&!b2Yg&(wuTuvYNv zq}!59;YdD6pDNY^@(_K%go;JjTuK(Rw1NGq9GOUm6FL?o3JA}43zgfStNj%E}~5R!Oxp(XjxAm(w1^b_m|@T&DG^$ zrJG@iGg%u$tYEX>8fBF-1kYMn8Yo|Y8PJ`=Q~b#Mu~-NJYnRdrO_A}tW=zZVin8i8 z4@Q^S=R)#uVP`LYFy6ZS$f*CR;Of9w0Pc=c75Tuz6$-p4>sq}TKC|z;)F5JT6b1WX z?iX$Zt)Lw8FI5j?I5p^?<2Z)BbdgAIEV945D@|d%qxfYox_*j+1|Y(fxI-Fj@Fir< z#=x96_iJ1@-n;AUhi*U>PpybCD}`T3HfCJ065Hx;_w$ne_kqK1SfhQ>ihqCB4ua`cA-Wzdim!t!u6q_Ao6$fw>)9iy2t*JK^_zKcpJLp7snEHrQhMWedVjc8nW><|W z&N%k|4EbakvkV)$i&BKr53T>A?J&+k6a7WnUM8`GVE*yC?@f3@A{PB?`!4RH75Lkv zpl8neN!k`X>=dQ)8wWWX0>~<7aG!c>o^E4a@Yn&-hkrV5K)<*3w3QxJD;G|{3TiNw zUG{OpWFOUkhWx1Bwt4FVT1yx0bgQR?fKb|WEI<2%G9O63${3Y-%;R@(7kjpW3&gqW z&l4dd-+x?3d0kk~YOXZJiXFna3#`2fuOcz@FZQI6Kdx9#0BqmgQG)*x4_$ zB7KM^#?iK^_oh|HpsgN8*hT1>Kx zz0`DXglRe6?P5$I7xsX7r&F;_q^Xn&gcODDe}H|C`L;{XLK3@XZI|0%;40^_(qem< zb~xFKcKaciHd}S^XekyUa${5mt-ynnYhxHg==YK>Yf^p^4u(3|JqC(}_a}Fk72`|m zyJz*5b}zkMv2*6UDLYa~iG1_~rt4G}ywbmEdj zE^Z;ya3XNn4SJ@~4DBnjiTH!oNwH~yRqdgr*u`%=+qI^BjxhjE6#}EHh6j<~irTL{ zO_6JWB`k>}1HsX;o=%|GubpmtA|d8&q}0WAw_~6RA@a%qYoGlNQ-1-0Z78UItgVq0!GAB}&E|yHJr-y!q ztQ}COT_Qd=f?7QH$H_MkCG{m0WA5I>TmIEjA_|uEw+iG)!M8rGVgBAYu58fO5)erd zxm%V>Vl}FOx#6mTukCB>{*zf)pMGx=!)m1n_h5?hJt%6RaF8ryQy5yHp;g!=rvq5`yWGdumnx2r1J_;#%zIUb{|J{D7 zSMxoGGF|l_VzyO@!MVV3Ytwy}$=xoh)9f;$&{`~Twsz7TAf(9ln(wmFw5$@Nm#Nw9 z#gC7!uXIizxd?!8@iOYC7EhWI5Yy2UHGxH+%~65cj(i1BlpA-y(yxA)mlQ-bvQdAY z4=&ayHCy%*yrP|J9PERXpNts-bzjb}VMFw)?Ko3w+Ny31K7u>!elq?HD{#}t+h6lnVM_H83OF^Cnw^WP2+r!~#*Lit4xWI?Y zk6PMzKsudByak(x!c(TsZ@F;-Ro-e>r%AF_udtI8)KUxEYS%cO%_9)GLQE3g)7hP3 zi)Hq2Zw=A2a1*AP67K>K&qh-6f*m`BNG%jSsm~)G!toTnvgGjU{>@jPzpU${W`y{i zwi=L3HDk+UFJ-7U-wXI94IggpgLx$<`)d94dk`ouTP83+>qIypEChi<1Dy!*JzTe@ zW&)i*v1^MDjLS$v^De%uU!fa<-J_~r_6fza`7JEZizFfYd?=H%dsAxM+jES?8p%AI zt>n8GWsO{X%8PGZGKoawt_-ky{$hM(aNDPZXxFpi1ndYTSYo7JnJF!pe~+bEzYKIg zla9whNOh5&$FuyHvuNwkI81I{%!)ihZ!E|Q%s?IG>60@HLvqtUC>pg6L=WXq8Rqm8 z%VMBY|BdtXA=Br+TF^p~Bu+^lifZi;4KNm=qmV^l_X#8{PJhciIs0B?T;_b+!J*VO zyPN}M+*i}0**O(NCQ)HgEf|8B?+cW1repr%lNuLK=|QzFWPo}%{S9&E=9`z7aNr~b zW8!4_TJg>PgpLRftQAJ&aL7%8SZxXWoGXCdd^^Foe!cIBjLZvmtn^jFwaCd}U_R^~ ztRC`5U$#=}~q5rSy2+uUPjwU^DJ_@))F4z6+>wl7Yh$L`ypx42^-nn%=BVoZ+S zFgp+oh-xT3lPEYCm~KH=XH_$i7T^8TG^Vk5pSsv*r%0#koae8vMoE&OIyDtj16b~6 z3{~^)!oP_W{ulkhXG|QcS)3b0l1gJb2~+iN6dE+Y1QFhrOFQ#PLWt5xlTMu!-ju-# z&Fmhivf0KU+K%ryH3TDkg3)*T>9jC2TSNxMD2phFr}4Fo5~r;Z+Uv>X#-r-wSe%qK z?_5v}89r*-6#P6p9W}1@)qOmo;BWZ0IYJ$OUDEt)LA^<=n}objnmL5R#2JrcD8g1f ze)Blj(cH%U>Tn?e?V#FmZIWYaAc=!rR(lfSE*%ywmYr}8#!`Xm>b+E9mooprbh9QB z1G26u&6%SctJE;|oDP2pGh|71vl?|t8D0V8-niEBOauH%vp{UIZajgZ&Y-uLQ#*e? zSwE9%8>E$_xI}3D1eS$rKT{VeV3Kb#idekIm9F9LtuNXlij649Zh~iob}oRcnt&G+ z$OIj)L;c9ziv_sVxC-eJm1YkZ4{6t3#-pI?#SI8QNUFW+9A1!YalzSEGB^?~Mp>b} zXg&Rpyurkq#gg!nEBdG{G>Y<5am@+bJ;KwAB*KnbCO!2J8b0W&m(go}rg&WJ@)^YP zB1@t?j0#Dt@e+LGYsQ`0{Zh!2euQ3jn!R4UBIVj|Du}viu)t({x;ls0xx-QWhrznQ ze8no+Yj{=ha+Q~}l!K;}r;A+OySCl1ZTRQ_B9fl?_ltlt;mUT8~u`g0w;S}6{ef8rh_iQ2H3Yx9$D^7t%z}erq|sZWHl^# z!DS%V0Ei>(u40k|7T@F7SC}dMi&#c$J(ZYrBP|x z-VMNOzg{8|_6572j~@!;EwiVD87eQh+<`@Dgy~b55|pH!PxML>Ku?0_*eWm&Ja;}r zjkgY|&*3PgO~WTvTqUF-7`U57BQjckJP&T$gGVwBDUgL`o>u)de?TQkO-iZexi^#p zdvtp={7TD`;`?c`aB-2ZAUv?t$9;378MBT3?lnP>MbF6ug~5%BDp@Vk)+kkqUCu@y zm^_!!9}cJCxgAwca~GSu-L!qIl}C{&moaj0paVrPRF8;)al#w~O%1udbt22jC7 z&+qIJq6m!@<1?;apw5mDm)U8IM1|UBjnqyPD=POYL=P7W>NV8XxAi%n)!ty&I! zN`01$HH}`c&q;@3#`{9lggaD#devcQF6WE(&0u&UqC46V3D%l>=OCVX-GLlFh=;KE z*|OLGa*!=kVeXZhiM}73&pA9O(5q5yvty`tq2n$-KZbYfax`1|)VX28`Ah#j!Y2KR zJv!T%%JwQe#QCvUu%7T>*Qg3to%M-ts9(7tv3F;{Nr&iYk{f0ayttKaHp;A+))n%( zu2wAdp%zfi2-S9ub!u52Gm*QWum9Xh0k3r$`&{Nyi3TjvI!^`7xx!mKu#}bq&`u9J z$WT793ky?uo5i96G(y8i2iaV}xT+RJc*+Bx5N(K71{xbY>*Zk?Z^@F0(HS1_xdsmT zDt&86CP3tPdu#$-8(d2fGY?2|8iAtiPAqX3K^x{~V{n(_bqnF#DeL}zQWB$}K<<<< zWf1x#z0Ql4oJe>0--K0>c$WwN@haddQ)8rk`d&H6H=!NybIABw#JF*={s-(8FB`GH zylD4zlcs@~AV7TWuibjgky>mdXi3p!+ptywO_~f%w62=MI^ve_M>`|3?=A-}*Gxt- zn*xygrE#pEo_202bI{AmQ@9yqpsQrCA}vz_q`B8uvkHD#6YCTUJOsnd3E?omraN*Q zzQd9#coq?Qr3>?K-cF)8Gh7sbn=_O;=5)ms5Ia6WZ$0D~+b(?OP!C zkch8dRzgjG;a(~ix%e=@^G~4Fz@QuIp$gA2U_SOj#|tpW=?upnPx;7q^jVpmWQ{D2 z1hA{K*xKXh?%%Qb0sL3pt$GzY6Bhq2E1jR5?k2=C$pQ1dRHb8JcI%~!mX}#j3^|c^ zz~4E-z1sqK?|^iwZ`3o=eCr3C*LIFGwnh(dgkdP0>@G{_Y_4?#wd4CTj|+xDh%C55 zD=YHk?9+6M9fb&*n>6xg_^X1Am=wr!Wd=5xE+e>XO;TUt`$~L$03PxJlWQRKq@La%W17O<)jENj(TI&WYyabqkb`zVPMeQ(GMo^FnMIlCo8Tm zeinxXvez@8hEP~bc*pD{qyB_BaF{4A0h`&b{n@cN|;3;0Se_$Wkz(*RNPDgb7`cZ7&KQysLR7*Q%aC{;H(I zEiL8V9ntssI&k*qI<{nwX8>2tz>!QBgbYEAA07cI99MNa^SlK%;VF6x8+sdLLoJ-E zapyf-wpo`AfsuGFU7ZvJz3yCj@T*jan5=yX)OB7IZ(1kbh4Va#tLqJ`k7oI&0qt49 zOs>QPQ}EfHO_>l;ZzDM8{^Ky@wJnA`WXwhIvUha*^V`#KJY)u~ zb%wW-(6;IU##H?n$E+cPD}~|e`;r4v#!Nog<&o@HvxoW8P@yh>NrV64$LGv+8xlj5 zRdZAk`l5jM!1OM3{gMyl*wtMl1S3SuHcUzb9E5+XB8Iqr=)J8zc;-`mM91wGo|$nM zId-@Rfw2U6gt}&IlSEHtt$}YuN$&ZbXg4NrQW*gVdKEGM4uriKvZ}7RAcGDkAuvBw zqIWXRNsiDp&J%Ei9_Cr9oGSiDMyBWuK>|@R(kv&kZPg8XN_BDPvlQCSg5iTL5i;0G zyDfm+kcR;#^`r$nuG5M!_gxwKmb7PqIOm9To|g zO?Tfk@?$t=3T8L}^8Ae#uce9iVikQw$+YReyI3E5t|89qZ9&aIr+fTvRF?uhWiCZN z$`?5qSIG^wa6wPk)^~5c&HVxu4%x&_J+=-G_yFr{(yBsF8ckDH{Jg}H54sSjh8BX^ zPHxtL*vuK@my7eR$~pQ+GxMI zC`dGXocbvCpY^OA{TCDR^sQ%ew&g$Oq$|K6ow>?K06Bik4(#A@xXK^_ej*scTF%Qiehu+xjb2UrRTt=@aUYPLLg#-QzEX+-9vAO8i$-teGd@H(V8KouK_N}zc;F9F?g$Fq)^64=a1g_Qe##9%zf1K{?7RuAJ>!)tyRAe$3F-zr67of zEvU5}DpEAERA0SF2umQn*kEe;#I7*GE!VCeZSc-aHpWMDg!pjH>1TohRzEC1s>G;S zZffB<0-&4a#2vVZX)CI$N2o>u5F^}DBtRr!?<{GsHwn)3iRnpcj95==Eo`Ch1%?IO z2KYz^%TTOTDe)Gdz#jn^{A=6rG^a0|99wt9P?sVS!$i8u`kz5;G=&(o`9Dd#Q8oYg z45@-JB1Ic&+(oB_WPNeVuzy!-_}Tbere!Iok!`u!ufJz z1(z%uiI$kYO5rObf;KS?RbUBiYwms^!k)2}=$%vZ`i`(CD`P?d&bB<-V4ydQf9Y?k z$}zxM;tOHmTM-?idsbEGt{F63zR`yB?-wr<)hJ0)vhh6|NYzyXpA7O=rZNl-z{mfe zpvV7hMl%vHF|z#+(1VeQgW>-ei~ke!U}RxnW&7XW;{PA?nCf-ExJ3%;7H%LIghbfh!42xx<{;U7?RMXJdRkej%DnZ{&cD@bwhGG;Q4H0a z7@310u`|DtnV%UL0agIDl=9#RA`y&plY1U=TP0JP6R?Ih27m@eM#kph?2I6WIJYr0 zr-pI?djQbL%$Ws*8k@5x!vUm`k=edK27pYUop_M70%CXsmg;8t1yFHo10YV|T-Zc0F#jA6$%@Kof)WtY z6qHpA%>pd219WNw-3-VP05EngAYNFJDf-g|R2B z>R8{};{2thMnqL*h2#pTNa(4;04R|IPf$=+ECrsZ?qmFu@B@E&1tc)FHUj*vr6Vt+ zDyb@^7@K+T#sV-4xXPA~-b?%y=R&cc1o+LI&915}&Yi^v2cU8`H}}R96Juv*2V+Jj zHwWVuX9n}OzTAUTnWf!zYH)4=>gnYUsuA>;x;CQh$<|uW`le$a7#Yn|oLwCn1SKK;WG`h$ z`{wsFBQOU*{$GrpLz5`bc1BybZQHhP+qP}nwr$(CZQHhO8@Wl<8>A|OoZ0>br#9C5 z0FLfh=0{GVdb5AiLwBuCcCT6+-rUyzT}Mm#ugKuzK`G8{Vs)h=%{^Bu;%M{n==@T? zxkBcoBk39FUwyHB+eZHRiFKyXROAGB)xByJ`=R~NBvbfaw^*{JnjV^2**L8Bl-|cU zzRue92)X!u&VIs^kL*;_ob1KO`@lp0KK-{T2yPzz72W5RG57O9^SfwG{*6;(3)gH5 zltQM-ik|)*xS;#doe8pM&d)~C`qVbK~WsTh>EcuP=e(tVMrWqTD z=J-dwqjKb8Ikl2uD`mMzK%|dPb+rm^|_t(?X6Bb}@9^njd_G!h4 z`sxaR?xgjd0kHk|TmXP5usZuO6S8k-c>R=hc*!Yjh%=#9>lWcaYxUrK< z=v*VCJy6>EPKkeddhqh;u2b~yMu>08HB3+MVlNs3 z0Ehz^#vt9yI>sZYW(jjh%6kOLzd-mzM<#6F{+}|6Y=Gu8o_P^Js*FxyNJMgIvxnI{ z@}|V(qxnZ^*gBdOVz`lppXQaXa)+-CA#ppbGpbWbKWb9utiqW*)HH(DJ>4CC32*%D z#9HM6mgM<_IROwkEFR>2n@g`SeGE_G&M&D7&7Fn>uxl0O!7rG_dCYBZK$PBWJ^ccl zt@md@CR)rjnkF$O>omLwZtCxuo=PM`*MWVRBJ8l1d8Xz+Q2V`0JJF{rSs}P&j}f2V zA{eoKEQ8iF+% zkXGI zo)Uw%XSf)?&2xj9Atx{A>ESEU2^2;9kmYrL;lepPfvTJ57z(@*vr+U;yaJ2jv@g$_9pu9_ZH(zNjiz-cCl6G|*T+9TlEiD9v#|7d3B#TM4M|LqbzsV*y zE*4WAIZ2nixgK?Jeq-=+qNp=rUyS>b;*YhUIf9ve@_%#FV<;pBQQzYhc zENtHL@X@r9Rtofopcx>6B6S_-Z|xhFY*~diiBQwnCTJ4Bd5#y1^6hjJ zb-kX#?FN|h$R@etqFF`BA9OTrHhsrMsPhOt2Tb0s7UuxCu*UTpI)k%8lU@a3)c}*V zF>1z=oKA+v$CG;(w1Pv}pZ;V$AwitlSmQVpen4eRt6UzvX8YMZ?{p3)6N-G(^dP@s zBX5WZeP3Es;o9%qY6GOj=BgIIUgL|w_;K%j^zes0#!B5p{ml?=)be zkTv2#%94b;--rrLQ&^AR8EP+n@)TF|mRo8g zXXzch6EccK66|9OOhbDdf!S&3YX3J*(k{53hrBkMP$ES3EvqO)`>^|A%M)(j4&Y)p zFdW_zx18*rtZcT)iTA4mi5bI41FnM?6YB428ck zu?8ey+Ex^uO@VpV!(&lFeF1+9F`U-{w8s5V+ctZ8%B=+c*;4YiIY#86ug0Ryzq=~q z^p{3+tybrrAGyuD!x#lKGDP7yKo|87mW+J#4dqVd^U2P&Wv}cxY{ z8JwJrS`$|mj1-7JT-X+@3n5#Ordy8bxMAUX=~Ss=}|O7bvV%cZVUyV?T<&0SIL`{m=+e#68AXX?=U|@qvP_2L&GkXaPk)XAi3J?$lKJ}a4+&HfqE@*!q6CLB{u7<&tCI$-maj@*L`DplG+gFv>J*aFm zt3(bW^TQU(q-a$9zdB0Ws(&O~U`t?rG};$r7eFC3>b!?SThdji(KV5ZdrDu4M*s*K z?WHM)4$u)TwkSM#_t%mLNlYHSF>n0o;(MWNWMCj)_)~b=&AFT zhofR|gY(}cEq&Hz_9T@#FjT^Z|J=T*XL27bOZ1lT2c^y4oQG28%fk67SzcB)5To0I zINV(;=D+#BB8ZKZ)7^edBAH9yw-?a5QC=(|q`e|XLDDPOkwOhjMIYdzhI29Liga{&4TCd6 zBt0Wsn4kPEjd}96mviNz4^oDknI;r*Yp#q8?vjqwSgaAmmZ7c4tx92Y7p~*2yfAlj zKaYzK6K|AVlVHHPc9PXlq1QKIraiNOGKV2lqoHJQPlBBTF$FB=tV@I{Mg|9ZKd%o8 zJ0$XIRbnm--&iDHV|bHfrY}pZ1YAU@epM8XXM~0R<(X11YclO;g0e$HqgH0Lp9t7J zT2@?6{Q%$1Ds6<%%JbYjd^s6|(V-f?y^q)yc8NYmj=q&ZKG@lDlhJIu>nJ{uJ$Thq zUY46gZ{B*6m1Zs;Y*2g}EyT5}S;XN>`AWO|h(RPB<&_NKr}c#33FJ)^Qfya(xlB1* zq&V-RE(LpW8C+68EHRY45(8(Y^y2dS703phz2cI##8`V&wj;KFWvgc=!uEU_>Md0^ z4F|pjkN_rZ((nnA0_DLTDwAHSv|w#ikwHp>YbCj9=Cqo&Czd9+`H>e7WlWzu4i#=? zf>uwo(U|8?s!`K&a}UENTG2M{1DDb)G-y1yiUs9=c4<-4B|*+9Fosr;m(ejTKq)6)Jg{#Ko$L)BUF4A-Ex3j9=J$0;g3lB zGUB=U>S{`$5F%I!TVrPz)7_jAtk=%$Ttx=xrg|#^P0r&)yNw=@*?F#A%%OEFEsl-q zjEG%X6=2HU%22EfO?7ee_MW5acKfX*m!iWHWog%f8@UBuaS}VF>f;l0SGWI!r!h$z zapUf@<#NT1*2@S z2?^$$?`iPnhO@>jPz&^aOgX)`1t&Fpad62&e5TKunP+JAN@;It=^D&G-9|2;O36Ri z2%%9-nT9QlMUBSE^O8-t&mCCYllCRaE=cuIlT9+DfWR7MtfLNN-=fy#05UFfc*P#Y9XXy_)K>nUl(l#wx@Oj?hD+1SC>Q7`|1Thg@-g4p_zG}PoVLTP*`PXMEvsZC$D+oIpd?6>amy7gC>DUdv(n69Gae-Y7NPgPl0cf!&i813RuG08LY&_FW6P?9vm98- ztgusJ)ESs6P|67I2r7{)H^?mXdoo+^0d%{TVfbLdyZ4hN3(8ehU2on0X?#TUEkp#v zL%M>U=!i^Bk{a8gxwf|KlH>ks$5v<}xS>^8Sq6(-W-nqBAx;M@R8ZpICzAsobE#e2Y6^U)rTC`M=?pIeAc&J$)Y&mddt?c+V zPS2e=Xl5!NS>;{8sUcl^qo6rJY9}gYxX#k)%AY1LNERjKLIH3qA3Rq5+@0_f*P++7 zqs-mELzGQ!WVG^lzx0+SeBcrE2-CO8wjA z_~SQaQH%ILJ=+5kWz)Z?{i0&O((w+UlJwGj@?kQOJo+BUyWh++^%{9Lm*}JBDdwZk zVv_R5V`tk(h`X*h&Uxt62-D9Oe7ymcM+u-RwM2$!PeNg(3xSSa#P2N*vJXy}cTy4& z_#N`R`2Q2VfJ~tQ->u_wWA#=z70`H^=t5G-Rux@eZFTFU93{g^hYO|TFA;xt9^j%= zuC4a$=|!`rSRfDFlTp2t{rKo{a^B&{=*H)~Je8JrHA4cM$;WGT_zfO%%-WV*tU*V# zJ(g8j>;Gdk1@DJ2u{esKp_VQW`UhujEV7i<*yR-HMg}CmYvUOM!&uZks;^lFzCo{% zosk5EvCy6$0w2G4YQ=|A?sq|!i8MNU1bIMM1Y1AT*e^h{+4r1(%gR&&d@F+Cso`;i zJcm~pk?W&07C(rA6-AOp&v+b`8D1DcU<;uZ&$fLz(dC?&hPST-j?LQc+x(;S?N#p; zNiop8!;l5<@Wb(Rxw5esg@c&QGp-x=HiLGw<@_JWq-IymsWg~ zTAyJ@?a&t~^Rs>qrwfZgs0hJnhT>o?dG14$Epk@t30V>Kr_H;|sZ`8{g8;ohq3or? z+ENqVSVu5+Z@I0n!VDFv7ngflPDp5V?U_ltv3Nus#A7H5V_T}i#EId#25wH~@u{uT_8w2I zd75#ovNy$1b}xDksDzF$y5vHyCdk>MdmBrpmpW0@{B5Oo&PY@!^&T=1*%j%WDm87f z%3c~QpZ*2_RGxQnEwAFS;m_>4e}M2W(}gi9OFTv&rBYDXmN6vPv0s;cK@^+YzgRa` zY6xSzHD{rO18A1LUu-L^Z!uIP=H#~EKClGrq-BQzlw;NKR>$pwa&(OY{2ky>z7cyh zcrv6GOiwVqrSf61EN%$pVBI02s}rikE7>l6x8Dvp>>H&X*pvdRn6DQ45T(ZISb3zB zmqJY5bM!Annwo68<6IzW`M6g0sC38MPlrOfq&RSlAAMZ|S@Y%}3Y zbjkuzBsL${$XZX|kTn@lrw&<1)VS&VcpG9xs9={&xz=~`n-cS z|N6SVi>>LaeC0;KNu{e`%FZY}hO7^RiO4(c1l4e{*lG4&1UQq|P#qUVxUpBPOElVF zsrV2otoF*XOR{TErV#BcPH>O`hvSI7a?;ZHraX|D*lg=)_X-- zObBt)4jk;_>OnbY3RIm}e8TJvGF`y99VOe%f-c?Vrhp(VWj<_6Ccy#}824s3;7Lge zm7W(RF+-nv?l#?MESPFxRi;G+H7(RPXe|)5z)o9U^>wMl4hwXz`a-=S&TYdXCn*HE zJQl7Kb*{8D6LrtG1$n$)Bi7(dnMxGahRsdDNF15(G21xbTI4(7LR5}>_-#GkE!8w82W7EtY5}iH4AL80uGFc! z2iH&S?Th+~mZtf(>sTgedGKCXu*WCp%o;_yB58uTGpg~_X%G`}C{a6hI;fk-L!pmJ zEVv7&RKu}eq$<~A3b3v@He3^j+md0HQSHe$H{x|d5jKed|IKJ1c6 z&^R=TlzWq}e>ayF`IQ;{?#2c}$Wn*4Z5$m=>-g$Vi(MNEa=U8%Eu~wjaR<=*Lz<@u zul;Fr|Gs-}=Y!oW14RUpL7t4zYp{Rt0G0~@VZGi>jHu{WNl);B8x^T$B9UPYwq{r$q>BZ zMBUJrf8$_~i2klg+XxWik7s{rWAJ_sEm{{&XI~S3!wLj65URKbzmEd<^=tati?r}b z>pes^x%IiD+w#s-!JEZqXB7+dBnC^uzitv3dVDKx);)~>B!P=mP5jUL!NWn9&J{|R zyvbGq_CJL|pwz_Dx#ifSuu<+DE#08(E!{KK23!6g19i=6Q;CWd61&|=3&r&sgSQDCGKj`w2l=4~6z z6RQ8f{PJ0vcLfHVAD;1eS%6iX%=!xJ9Dh!vGmCMBeKkc9J~5_aYlDOIwDQM;TXHXs ztAaS)8-L%X7oSUIsUP@iMTpL1n;k)@--8H|@)?6Jb#5We^JyDBsmc(q$+Ly?vD#~J ze!h(Tc?l)^Yp?-y;yf%P@ zbJ{1+G41)}tz-qv3mgmAADkR57Oi4s^=yYMplSjw1 z5B8pE0K6+S^7XvixWN>&J=Avs&fwA+9Se;MdhrfC1hr4)_@#Qa5qVf@Jk*ov8OSD};2x{cSj7HYZKbPU0 z+PCO^AaaPxB7wmI_wIi9S^=G#-{tiYk!)nL^dx7jv2}c&y|s3J-Gkpw%H0stKgX}^ zBr^Z>3(q`ebJ1uUY%&*C6W_Nho6aYsQ$*jTY1EbEuqkFGKrCk$or=^=jm@?6!TL_H zj5{6l-k=$U`PgND0TDmi@{Rc`Qd}FZ9AObd1_U=Z^fVNp{^OP3-B3tRG2*=+YzZDO zjtFll_>i58v7xOhQ74s0pFmhti*^F2?0MSBnfu9C)goL`QVo+`1wS6sF#vEilhXG< z+;>+UZuN^muW!j1+(s{z3^J1b_-}rn0Ku)-!VCn~17lSE5Q?94kV6T@ew^}YvV2

      4D8SNq2o+V-t)6&LGq966%yg?Bo>WEl*kJ!<7r)RzfJ~#T{Vq8JmE&niY_I3xK z+x**yGj%)zB=-f{hFHNScaXL<%4IuAiDb3q@V!sDx-6sBrzRGFHXOV_HAPsl`+nTU z5z#xTo>@Fb+U5jr2>m`^yTtPqb00iB<+XasHq&9864%#b8B*Kn^c1XiC-gy$zHu9A zzDymd7hgbMcD;_pe+;Dm2PpQ4Q8d}#bAi^W%$gs5+n!b; zvtG#o!s8Dx=Ah_ggsA|h#Z9gcMt;x@J~=$=&R*BQ9Z3FBh=#IN#JR7#hlW?sjS#1X z*Tj+u`x?k(!@7r-yX)VaLEU5tt%B9b-QH~O&YDu-WMI{!H+3zr1_a@&8&fo8Kz-AN z_pG6YZ&2Sw8n^5iJ-R&adj)1xBR4RwGrfHD!zRnS$#eJP>g3>-#bkUW|Lx#Q`s!J? zth5xxfxV0r_5G8TXrl6HyI1K?l8&Gsn#M7y1Bhc_TntLmS76E|{a z7SjVqciY40%3DB$$#7MOY&AAk+$V!!rt{dL`nC_(54f?S=;slM_HVc`kqM9(`i_8n zf@~m(0^W(6RV>_G`Q1<;;VL31FK*}ry&Y3?Or`tmyje9 zsss|uA`u0)pS79rsTH*`d&UL=BVA^w( ze8I=8sxb@dl%S4@9X^C8g$~SdqCUm)mDTA}ELwePIxDu+nMzZt>&7b#X1tip|Kb-p zb~QuNL!KbIwLFn!APgRV6+09Dt#+%bJPC&1{Ek(G<&t6avoE8Q3jNv2`7 zKt6T7vU>q-^>Ev-m#v&Jc}mt1>D6tX&I)-r3k6clQQ$s@pdyP!o$s@oB)IAvplgni zZwZ>D>BC$CTFcn-4I;07H=#0)liPA zepgXFEwP&UQA5Wmo;ZHJq+bRF;#B67K;W<(3;imYY?z%~%7BzE zfwN>wh*`N`eR5RB-9YCuXFm0ep(e9MB`_PFPfR9obh(k5?V9(%0L2}xM`xMYRhGeN z(^&3boLJoIi>BCYxuWy5uQzN#`*%Us;*x>hk7bAtY{8Te%bZe+feH@cZ(!2cglFDu zb_clxx`KZ6AU+1EP`|pEVLOWj6B!vxNb~)^Lo*qb>uq?13pHrK+f!cdmI&Di#+3PM zS4iC#2_!-zAt3%9cTI`Y#HqQ-*dtIP%})~u(K)gOlXaa;#ZfGZ^c0CjpCl$Me`qXs zB@&eZm1F{dSuq-Ozrnwc*fsWgawX!@hyVppYZFSq7z(a-5!TY7{^<7dBEn)~r!eZH z8FwbNU>E*wtNcuwoN0vLJe&;iLN;>eZ>Jl%XffMBUDDxUb5nE-2OBu)uvgrBM+%4| z5~Ez>humE{9w1B_@ne3OYabYCN>3;!T|Lph4{6OtuMV-jc+!A@uKLBqtu6DDF;Hx|SudhvWoo z)eRUKh<0#3lQJzgZfhT?5oWw8xo+0Vz~^T2qN!H*tSrZJ{`RvAf1UBL-}%`X_|<861ZrSS!tnK0%FwHtG*uKxym#55Mbj=Hv@CI zuKM)%_~YaZBT=;CqDp>S+X+x6j{Qb;0TMLY-jmag)qFU^ZI&D+fIN+wFu)>(J$V`! zn_QVgx8AYR_nb^;x-x?>C(`M)(-H?5d$M*Wc?ss7G?zGJHn9zGfvTuk9J9uDt|32* zBFMT}AIYKNFE6_xw1?@;Vsh@hzZqG;-Q^gp+I8GO9)kswda1NeO(E~lxrIeYxmpwM z#hD3GmAjV7WCu^&qGmPFg^iQ*<6SV;e_FV1JNu-20eh1qhjRPg>q<_Pj^mRMB&~)4nBMj29T}r(%zZ+F!W@Q(U34HS3Z7p5)3TSefacmy2h=ejM1 zl$XWH1y1CPWVLyJGBwbs_Rld4y?GFu+h3fyI1wmqC&uGVFWVMQw6b!HS2ti**y03C z64q*TLA=OH-znA4ZVtDJJe;MKh}G>|Oq6)wdp4?3p4eZhDNw5z4~Z%F^IOV zim=XgLn`f|C2q?1wpS~5ie|eu6FUtSW9&7vN5BM@X+~cA^fn88g$}JHK4X)QdJfJa z*z*O;Rm;SNM#_*wI7NTL?G7uMI0~ykkaHShL98TJ&AS8?4wm!|KFgDUw0-Dqqc~iR zxC#`AYojDGTsH za{qICCyOT6IN)*d>DrnH9rzclC^R#A{58nor0c2tR$t+pjm;iJf-8njoIJlx`o-ce zHs^EN(R(HSTV*zCUFfQPN5t6%R{gPpd~Y_@_AjJaK|olsUd1g7-ec0V76WNBgRPb* zD&r*8wW98E#|pyt@*6o}@+q(UE@T@-)_lUy9z8cY7j+?Np~VR}G!MqMrBoADb24+_ zx6iZr5*=LNKKQ(PTN*13M1KzlE&Y>2r&fXmdNPxB3v%|JFsm{@#i1Mfnggq8;@}99 z-F`Qwo2-yf%3fN($ogk_TFYUvHSmC-0QgPhdTY2Aiwg%<5OhT+Evd%Jv&mP{DD!pa zkm&pV6%8*4>yTCwghJ!s<{ex%)^SwisPLKWABuN^ju4(f;7IAV0e#@dFNM9T-L)V= z`xSUY8F~Eq4a+h1`cTC2YR*q}b)%bZ#24~*?H%J0&LU}G{&)Xx?@tSOd3#xM!ngsj zclKJq&UDqfb{Yb6u^3&`0Q5$1VnC5lNJ34su>>!ao=%f@nPWk!iSwqc{*L7C#NGID zByU0Tj?xy?Q&j#EY}{I*%)&I%Wv@M@zghX$7@fHWZY;rBOvLa>k5w}7e@>`Any((| zt8}0&61wm6)(J-+NbW8}oA&<3`&hVCvd;?IIl5(Ag7jrJ69S_J?d#x#eIPk|tsxk- z47>8HjuN_IcwaX9w>-mFeQvcRo=ltDt=cq9bCS*|W+?FP5~0tw(b389@ZqSNEz6)4 zrBx&?X^ohGWp{^ur4Jp9XpTxVjXEJHlzEczT)=q$6vp>fLSZzxYpg^ycwvXq0$Ddb zLsWES75P#ybv%7P5uY1oBkB;Co_jeBodN~poJm~DE-pN^z#8yS|9M8_{WGzC1wF%J8z?}8x;ws^x=OqDMy!+(W_L>V2oo}r_T1mfZaF}4_2_l;u<`wO?Ht_Tf1YS6HI~lu*I-+ zKLy2At3LY^!axs$QF})51TQ3SV3U6S&@?WHjAugyOk6?AV%sI7Xa9&nC|5%Tb9#E+ z05wO3Wb|yxk6>=b-z%YgP2{UAhnECx+cYeDb>=5oPfng;d6__4W4Bk>weSp6qOQcl z(l#hjWc>3HpTXdnRVxPzveF|nPw(1oK$^nt~_bbh5Ff!@*0Iy=4L>#r>F=;FY#a;33-hYpQ->HDPu zds{vry1B{IdUjLqTo8SWMbjK50JPBku_-Z%1q)TW#ZK{<@B66ADaHHI9|gy3HzIKj z9d@$;uw$cOG@kF(#jd0P!m^d2Y(1WLoIP(E^ulqWpe; zQ#qRY!0mvMFzyn;V>MU`p}7w#Cm7j|TM+0@SwFR%$2$|yoX4GiJ+4HxOtT^EnJ8OV)S8QA(Pn&s z&rIF5df*HUF-kkLWEIJS7H=QU9(jV*>>&{XNk>@zn3qn*#P;1|PWeE+A)KOMiz~qC z=~04Kj$kfgC1yX_d!Ox8C=mOGtSCA6)X4%S9QkYU5!v~gZKaWD)zMIxnSeKv+K0`x zu}r1O+Y{PL_b7}57ztKLZtDeygAkBLGPu{PB1DhXK6ush=L_^!)|0}8Ykg*Q+gA5$ zfry)rS@{^Wib4H){msU6`nv{Z7~Vt8A#G=>RQ>o|_2q$~;^=;Y-44R}C*2oOBh*4l znBp#&1_EQ&x&SMr(1`%B>M85KeAc@xD;t+~LLu{Hhs?`+4n6tDgbpj94+#%2$c?zTy zT$D4k#kQy?OM~)94wPoL>fp#1?lL9wInD*%0Ui^}Ks54LZ9&giQaj*SvrGAdD z;ND;{Jnu7CBdn5vLKyILi4-m)$&egfxB}Mrip@K?0nY{u7ig5r=3w()+Y_I4#>WN8 zl>fGznDp4(!{7#`mKKB9LGKs*xB0_hYfrG@U;wE2kXwCd)7X}(fTr*35uK?3va5Ko z_|EM5xrqiO>{u>SkVVt{Cov`~ZMW7b@8$MWUT-7`JGV6ET|729t7vb zYO^FHJ&l=c6iZHP*7U>4Q~q|%b#Z|?$~Ud?Sq5rXj;MeI-rV*|cw2bM_$@a7YP7)C zxVXdVxHyz>liD+EDsAlXXq0F~n9~N@04zmmNfztYS(bsI{O2T@6%eVnptpyAo99O% z$r3YpR5c{3QD!vjYjAvexw8W$AaV+XHnVAMauiX>yb0~m_j{&P= zT}nT3>!oMA;J#~g1gZE!2;M4hxL+toJ?3I==ILH3v#jDAw2X@MJcCjiDp~MK9J{bP ziS!i)qTzwFLlR6YZ8VPz>x=Q>5r-h+(9aq6dBeF&#yANn4QWfC)xo1+22idlJ)35R z>)31Vd5+fDmGvC?N??K4)cOoUL!~DR8K{qkg*D5> zHg(t%dAMW}{>pr*>8WR$0y8e^yQEioTdVrS?6!RbLkSZXVz-O55blZUiZBGE91$SB zN&y1AJDf$G$Lr=m^I)d2 zo1#72i;AvuL+#`#lu~n~k}eG+A}EZjpvY;!KEH?_z$RauK(wP`?t@lqKoF&lXPxcp zO{ra!S`bBJO|Pz@D1ZcEu!~H2Tip;QAW-6DNejZK1ttxcQALCf%`=vnhr@ch$B)+6 z@Vkl3_BJGpwOvBOUs-DnfS&l8=q<>tQ$M6v?DRjPg~&(DF8hEe7jT+(X&x|!RSz4Y zHYto}YSe%5ivBH|nLm=P7E~ZC@uWA)6xkujqg`at1oZ>&V<2PRRrZ+` zz$mo_IMU(@@_pQ#@Tv;|Ju&{G_^2-=%s#81TOUXgU&J{{7>4j~xY*P)&;~Rw+Rt+^ zMk0muQ<7Lfb^d)#)qW96ws>AA;wBb_0;`>pztqtVE}qL;Atjs8epl{$k>(}az1s-; z=L_SFPQ}KJaq<3LT9X#N=OVj z&xyHx6_KGAnhFHylss{c&}ajK^P-K5+eOE^8*)5jVkwr0EPG0ZO(seBfitmxV*Nh} zJ9d0}d|LwxNG>i&Iw@ltQzx_kA?z6bQ!(N*u+aZy{ZIM72s>8BzYPCR!fvYlA7QuI zK^ui67PkjtN!`{7;_B*Zwzd855wvw`+PQ+?*z{*hHoWj$UVT?r-2QY4Pha>rbJfNe zurTyQaiP@uC*#VEO)TU@#AKx4GBWv$TbdTWR%e^;OL;HVz~K1qY__Z@EwL%RFM)&>sjwTnE{078!Pzm2Ua zW_aclatE`tq}ucq9;U0!BbS1J-%D122LVVX2ONlafJ_3Q2zEWe8@H9a)deU>0VVC| zohJE%;)bGR403MfV+za%X6MDbc*MH!3we6!N$=NN=+64Lsk!0J5x{S0ZD%JVJ7i>h zJbYuUeQN0l33!?SIn8OW{(->_!*$?TPP;{Z+%jHz4%O zo!ZCC59se3l+dM6AQ12XsdT$u@R4m-!8=^q;@a|y6p@8r>sPeLE9N`M!~nMOUA|%~ z3wle!!q8gi!+Sv&GVIyCd*6j;{>#hIn>zf%s`c0#2XN)r=PLS(jUBzuX~LP|TfQ;> z6%!~SrXk@kA&{giC!uo(Cq}i|i?haw{@wE3%lH*LgmJm??N3cWL;(O)yI$o780H<$22rAFl*KF5R zZEnGDcVgfGrxoYwA6`fAP8ZjmTn#nN8`G0soSay^$vX)xO%3BihN-uwCtYY}Zg2>I zjPjN`%n9{kn}aZi%LfIp(KXx9!!Uho_$xJF%d&0z;wiwjRaIRD7}9a#!Uu;Wxc3QG zm6=_0=o!1g0l>ZW)4In?p~ivg=O5nl{khd!i@e6WBTNHR4PfP4zZ?Ih`BaNb{M|S^ zwv(FfpIqEN>A8zJupp+s-s=i={(HH3)+-0ao|Y-u&58eA3iRDtQxhECKKU#9+1r%l z-&;ubZHh+fB0xIB2aJK_>3!I1@r%;zkoa<$vq^GpO*@?LD;{df*~!UnU{^@cTUH&=Lz`>_3X*+`wvAU2ZtmVzmxwmr23IZX9dATJ8umtmr-8~Ne-X@-s0>Iqa zt?DI51%Ub8MaJ?Ix$`AYah1OBr7!`A9@<^%%s%>+t7-zkOz)-e0Eph&MF#d0`LT_- z=N{-Scg>aXE&H7cnYvYeG<7lim6`3eN#aI@4kXs+x`?mSfrA+8}X(64tXu6G- zeVy_B{d{Ge{$=xfyG{SrUGef#nXyrlda?qb{BX^3f|h~?;NTEZiT$lx{&--)Ltu@K&69v8k% zfCXw0tgq5q78p5iN=ZZ2@;ewq;MLST6$JTy+dQ2V0*X#ZNyh${s@&)lP2O@MHWL}9 zyHWqoNx*--iz`Us#;@+`N_Z=?v2~wHL!-mnR-l+m7Nh?IF7biw zjvv$bYhCbyXGl7mePysK7ripwNaIh)SgT5=xczigc?i8p;T*SJ+PnKb?(F29G> zHISmyPi~aps)%tq;cU{hoKOhv;_dmIE{rBE{02ZXaDaY1q6w(W=f*Q?({G@ zcd>!DXeLx6Z*p&RxI~B3kE+z(l$`h{l1)fjoTWj5;^;XYS_hfJW){f2Tf*^9voV3| zXz!BGsw@t85(N-tT(wrC=tn_h18@oUzE9hV%}P$#9GRAhC6x*@3yosmC&u0~X;a(V zd%EW9_Gb6BAlW$G%6oMMQ7qbo%zj(jVBU}Q9(Oj0&7@!_hW`Epgjo;5>T5*CNl|n- zqi;<(VX^gERT_}8kbw*fw5y0?B3X<NuD_2W-jKcI_D~mJjQ9MkQue=h7&Bf zJ_}CzqTX3%!HqhG01M@tY;I8LCA4$LzKQSm9SJSH6wbV23$xS)Z(i_%JWv*P5}zJX zM#+1u4+sMznn#@mq5^%Xf|CXw3_C_gz60a$u@p@1ar~zaC8|>qQx2r_!;b0r)jDld zt36S;l!>?y%SkC=^+}Z32|3rBx7M0V0ek!A?R`k-8)>0A)X3$7%Xf(sc19o}iyvG{ z8pg0^qQ`ZD3aiyH^&`jIBN%Oa?tQRo&xldbziUFAF`ntu$Atha0jYn%^T|(FG{;7= z|0t_iU_`K)3$WvwfKnJudH^tyt26F44JohglxTR}sQ=FBUAXu_A05qFMUwOc7h!tV zdxvA%>GXa>uN_2uLS+lwmwdv(RE1)+0SW6@ZzN&wvBzssMn??V9`T{z>P?RN4C0>U z4Ia6kN+&-;e;v7FsIh)7YZJfZrT1WgUfjBU@F7`_*P^ZlR0mqE&CR(w@F2{JzbOvJ z9LvI4z#Aid{b(8Q^AHrY7p0~!-j4f=Lf=}XSO6E^IHw=zSb!HD!4+szMy%%bsW!Brb#2+fSr3g=Q#14mCGk_uD)<^t!gifTw6izVZgl>d96p{Y!(K!p)Op932rV zLp!`oe!vM$05z1()Q1&qo22>>tTU&fY7^}Wi(@2>_C9-a^4tv7jwo29j2mz5EL7IO z?z{2KyJ>f~yV(bHDmj&@x?C?&b7;Wy)jvAlmq2`?rEyrLeQQHpq6#lww{?d?Vz|v8y)=Wg@ z-t_@z%$Vi0ws(OK4%OmrfK;Rms0QmsARm{+$m$P{Z%{ja2ytm z&CU=h$0YLY2kTCd=^v2e%)A9X_`28VrV*DeH6hwlX@KZmj_Ly^)mYcS+c7{)@45 ziV+3a)^yvpZQHhO+jjSEcki}s+qP}nw(Y+A+(~9$&cnRcN-C8~B~@AZ>-#8tXEC^o zsa54%15vpQb=s6^#5sbBB^jT`)w+7dMB@PKoE$p*BEkhn3QL8aQPwRwl^N8(D8l2b zKUhhDz`dn&#PpLPgJPE(YvMpUIMvfHrQef%I2Zi)zN$MSLh7CkoS-5-Lx);}*C)Jy z4B=U;)VfQSBkK)V_ll_}OXkvQ2iG_y5qx#SK!@3a*uFHJfv-*jHAHY#EprR+RL ztX(0my+q+Xc@rboOMAUMcw@kywh<#T7iT{DJ1DUPlS~-D7Tt=Wo#FMpD-5s4dhijG zD4CNMbpqB=mk5fIyW0|KgO=pkl)~Bu^jI-u={AP|x$BD^R*y5h-BI>;m2cBfKoHZ< zp$f>x&)n97M47Q5^@!wZao+h+24tSqsK&l55U@#auQH90ASb=85!ZS!Gp={XQ9s%W zz_g3=_`WJ=<70&Mia-@pr2561&_eXF3ZSto{$bv*$!(`ZNP-knRO^PS;8Ykwva=-@ zve=5$_Y^I;>e=Slu>ZcGW?UEzPS3x*oemtHI1nUY2gGI=(gJ~<{mT-2?BJct3i|=+ ziI#o_<*`xk*+vilV%Q;3j^uYxZ*!xkc*7Wky1IaWFfF7u$}d* zl2EGQjX1F-WE>#9p|>)xd6uDAA4)BmEqJ<+AS2xMGxhTg1pWYCS{T~sr>}@<*tE`J zE%0Zx@@_Ao?A9~?$gcDzRNv~G4+}Vo;qGoEH=_`d)j`hjpVO*IEyleEKr*sMW}Nuq z+r+gwOkRf~r;u;bID7*+einuM9bF~(^1OQV z?DhMV{H6D-%57Ep0(4Fm(m?xtCQ5ef1Je11y0NKsdFx!5}^k2p#el;>Bg_7v3?xZ)| zD%s?PBN2c(8$#hu{G>2rZprX+!?bfDNO$+#DEiBrqh@W|{l2}Q%PE7kfK@=XpM_|s za$1z{Wac6KWxpC`Ayb{m`u9Y%A}*PxVV4==!igyLx2FJ`uEO0A@7NEw>}U7e*oD&W z;ql->d%;ezX@OB_Gh6I!Tz{Hxc6M7; z1sNEciWJ1|RyNRodY#jy)q)uNkxP94<$d5Nb`ouh*pG=&xCM!g_gsz)On#J0iYpZ_ z@n5dQ6+LNW0-Ft}K9C!#xd#c?KV8wnH54rO)kbrFOnoP05xBXo)(-egh-4=2~$s)8FS0Ou!AdGX)KX^oJq#k(vQ2xsL*X6Cf|^nU+{ z8+{&9p}fMhW-fQ62Fe>H}(iTibYHRG=}t%Lsk6y_BqYKeRTh1$=eSY-(mhavjYTa-NgNX5 z$R=*N_M&5E%Vrpd_$Z-Q=S%X!iI|kg#5M=8g_)K8;aImirdBZ=8|HZt>}dIGUJ4V$ zlbA~nHygXbW7j)M*F_(<6b$h8mRxLbX0G)W*e<_YYH_O={ib}&V1`v0Hn+kmFZGxo zE-Prp8JiN~GG5LnR5tViPBU}4euiALq;6#NqL)1{Nz~`9Pna>RElPQxo=`8Xbr?+(mOsjD=3#PvXobOPD~v2 z-C+AM)n^O6yB?wh@u%piIIHYBwLw*O0=^m`w(C2e7pL1Xcpq_77Bb^F&xqcT50#s_ zMpJZ9&IQGW#0{ygf7-lh^*`c)5cOVf}3$oR*hi(k≧FL$FrUipY$p<;&BDS zh}})l%3@a$6ug-_=-I`5yF)5sek*liyKp!6G^O35_9J(W9vq-+qvC6_wiWQVTX^LDjSkRG8h&AT zHx>IOw;h2z&Z8A03=D^ujqn_Jy##;8>67sVN5!(+r;@di-B`5aXNr6*nMb*IELLrh ztbd<0P@XWz?d1e%8~hUKQL?t{i5~0#pHpnU&BWKO zrt@wD{cP44?O0)2WTu|g7N)9w`dDb?dJHc$6icW79V|qyP$>*e&VtbLCRBn{*3*Nq zWtAxLz5QBuSPYOvhl>H#wvbLAkhhZ{tG(S+Wq5BBizUw=(?{@@?{5TO+_N9HPW5L` zt1J*1$mkjiu{T~drwP|C;Lhu?lR9^s*8l!K?2SN1&h^|R>$^BZjJIk#|GX(cEN69> zULO;3DV=dvMx7iY5MzM%ovZH#f!{(iUOm(%GbsB_yHe!c>FT)>JP5?pUO`Y;g8;xR z)AU+2#&b4;*jnLsyj?n&l>5f!IYt5BpS{UTjr0497s=uGUW z6W%s?P7t=yqNew`rhb?}W>%ukv&0p!DmtLXG#Cw?4vpBCWDYSKvZ>j2sZHt(z+LeG zE4mK(@b$%%wTtKux^wqAvN|0>C{w4@3Nlh{iOG+)()>7mYj%Gppd;oej?uUsFNf+K zZv(4*K&x;ItDdeu!;%-aP#Z(CYj6nuXC)~-{bcDrOY9?k6C@qQg{z3q5^Q;u?eOnx z1q=wQHq<>K;}v-finN;G_;c{(WT(kyS`Km>oU}jVjK;P>@^eBAS!vD1h<9OT&)G2_ zXCOdRuF&D&>Cu^4yyymxm346EE9}|k*=r#A3o)@gp)Ni|zC=dw^x$vm&3g0iX=AIXct!#qiRMvhS1{R^o zuCboFxG1>XmwbPG*jx6F^PEnKF`A^9j08WInboO4a*g8HN33%Lej?de_$L+n@Zcw8 zav<%Z1XZQ9{TgWA1M8i_4aC67r@e(~u-# zG~7u>ERisMFN0!Mw}y|2P#Q3@*o_*NvpyWu@wgm7r7Vm~Y-^*S`t{A2_F?VkM(epk zF;sysW{`CYIjce<`tKJQHC!mk&PKO~aehDaa7>?aKUxLKQkDE8950Sv{oqHRCg&)Am&=gkc5E^9U6(OLTt?{%xh+dOsYC_N&pxQ< ziZaJ2hh4C$NZlLr?o3LpiGL~oU%&tQcak{>%THd_IGfDBu*q`mZ_ z8#T<3Q5RXf8coZTDZt|+1%w4UdeI^=Lm7tWhQiL2#%WL9*?}V-MB*iZ z?;>bNazL4H|4id+Vdvb?$movzsw;ltjTxMi8@E9VpATU=9JOr*Y?)^3t&&dm!8BdW zdRhpAPS?GBYH3yizlVA15h)N2-1wVkdF@z)7VNOKgr-u-RbohcT3#=&$e4f7N4TE# zYvS(%VDt1I3U`6wn=0kv^B-r&Z~{TUBBppaAfoM>uCE0~sMRh;2y|T|In)=dbXFxO zOlF`DS|vbLRuzFSD5~a&+Jz02$?n80h7sO~f7bEALV}`K^EV#7Ks4(S(i8&s1f@|J z{9I(Jg@2}(xcvHRoT`_;rF2>o63+0%PQ=R!Hk!@L#w%Ia^%%v zak`o$Xm)vz4(#G;*r`!8&ulY&`AI!MM8u33C%lf_Vy`~(MzHBAphG zDuY}}LsRuRc`BdSO3?I^*CY_mHTs$vOI@a*fJHfmCQon7hj>MbaF5>vRrU+zg}_yaBqboXls7iI`D-i6!^*TGyaBGL&o(MAf_XWAVVodCD!y*2oCay^1IGk0%=DDrp0&nTKSbV z-sc zQ1)`n>V;8tmLVr7=VK@o6PBJi+gMHuU_wIOE`fHbK7dQVY<%Fm<29IOgFL)iS<77r zksM_&FAh$SL)hXnX}*d2QtBIPDO7q^HHp%EUq4YAmdxQ-1d+m?Hs$A^H-V)tYnBOc z8<;dl8r){fZa__9BoK){lPn~2FUt{kdv2#nxHt+@iTaDzHv`v^J#)Q>g0GG0H; zbI~FmeMg~;3%k|D3`&10R-D84oykf*O7eASgts!mqUFP|<*4#mw3&40q%phXMQbY# zt4mH4N#sTjm3~3QD^hp%wHUOO*?O#akRy_>?Uh8%u^@H(J)|TA*qk6M$SvZ!fJ2bq7bu+-|fOzTQN}S?4+UQ=?U<@}Y_`sj)`RxRB);fA<8L0|0y2V}?(A%aB5PH= zW7KB4$-d@zyBlQg9D;d;wV51guw8H!C@Xl7@ZYm?S`KcQmHhqlvsAk#V>TH`$qtMI zwd%x87q?r2aPu}*Nk_B+f?q|lxzQN)zeccP60Y*`9kuKaSdKy*c$%#$uKTp8L za=@Y>&(N>AeBGOzF0ERZ)Gy@cOgeiBTq4yrMdQXfuG{d(l73`|KPwJuOnFV#rL37q|OYoh%jb2g=bW1@tbEf!)So6}V@eOzsU;=$dS&4YFqiUW{%LrA?Nv8IXwU8kpknu=0`;3=p+dP_3MsUdVbb0;RC zW@8Ot-RQ7}BFP=pUlSF&BYW26)W>=u#)TMsit|_B>4Q#LAHbXT9z8X8$*LZXY!k`6 z-RPIs;F~M{pcHk@)#kZ1S=>x4Ji6ZkoJ#vc+9+-n-u#r}1~TGR&)c#0vkl zNQNztGn~AG*9^gNW5nNxM8oj=mg3O&&%1-g6mIkhYv!A!UhRGU6frg*j-eZ=pxXQ) zYd><@XRj9>7H%^|eo^-$TC~zn-NK@DP2XboIf+{gX)PrV^h7BZ{=*Br+mQn|U(X30 z<<-hyWowyLp;i%FKDANuf~nJ@`!qTlkB4rF(POFYv_+`yySTFLQk08LTw~d(K&o+L zjb?Y9S*lSHT`Tk4wQ9!DDY`H?d@Km2qHS1wI+O+YN1uzFxwi-nuQ~lzMn%TXj2pVZ zNkgKu-j0E?Og>7&Sq$K=PYbX)j7*CobhPXfhDuYYsKmH|zJ~*e%)Ad; z<|=GzF4ui3Lb3hIfcYob4&V6(+NF9Ycj$YBB^8$esm#k~mlzYq1ggC7&%>^!ZQObL zqjK_=W!5SST)}tk>Z+>b1ZkkeYu8;iE!dEJ)1JT$5Yg4kC?8~$16&8v3 zkrxfJHg2nHm!m5Yq3HCB>*9c{oevr5!EA4Q)dr8P7Q7ooek(s%_fpsoD=t7iCY^6 zp>hKJ;JkQ6zd?AN(|;U`V*)u^mn13gE`NXu zeS4{Nhm@3sQ~DQ~{{<-(#rK!4_?gv$WNoh{`@-i&<5kI+_Fd8;m{MpuPhkXqIX=!84qlvy(!iN5FRXmWgK!~% zs|t*;b-BlSEv-sbV=h!kbizovZ43)eq9;=~(7P55Ez6@GKByYb6OGoyjySZ*hUvTL zF%pY=nR$wCV(#wgB=;x+(zW;hxUNK@L+qa^8A(E@Z9bPbm6Q>K3>HVh0VmNg(Lojw zktr#Hb?c7Qrpvwlb&Wa%kH$`TWTiSDXEND={%ApC@g6y~KZdpMx_W;~Z3c91tH{TG zD~WQ}lB~4!J=G=037$!v3(E_K#MuA3^BN<5KQ~BZZRWjFGUGxFn8tcNhi<6T>GKj9 zn5Nf>$*;B7+A-XUaZt@A@!LMGu;U0@y-~R9SIkz_3UehI_%I0dK8Rv8fDc0EHF)1^ zj?KY@_5YBn10!9YCLf_WrTPueL6ZYB!nDpn1)W{+eIj<^6|CI)YM32@9IW_!Nz$5A z0c`vuIzzE8&j*tRITl9tB8NN`!%8334F&}0R<)h;wBlWXe<*4gv~ehzVp8z+CBLdi z6htKNqo+}qqo@Yk?OUYsXG}Z3Zu#>J1Vh5Q9&O_SuxX{5O7o8+u4FOx`Sz=b6@wY*45IJH)shxypr@U}91 zZU5Doqk7MXDWi3R_Q9n~xMC0I-Pd4=F4tb=Z=Pda3_tZ&vPQ|;5!CEng=SWjYpZu7 zq%0{V9}*Orj4P;RgT+ktU~)R;n1&c|b_H5Qr#Wr}K|eqRV*lk&_`XIyV{1;DNyPgA zvFg>JD|BOi#%mvvRd_+?0UzYxGbo!WpDl6@rn?)rV224n>Qal?W=^J?z-fS#M;Gdp z(q`IAkH&7nHdSqzMOhd5jA17BIz; z_24l4`vgaBrm!l8t=*Q{8Ks^baIA&ss5a8B9q#4MJE~!+vbuH+Pb*|He5Y6Od_*Cd z9+8%kAU?PkH)my!Nf7JjaJb|n1?xe8Iy$-7M397)(8a{S`Sz!Zr&~gUPv`AXXoZLs z;#5EE&S22mm=)e=kLI@)QJp@X7MAWV12Nfs&zc10imN-fjcJ#TNfrrZXf{*cAqO(Dv)0kGp!e!{(ocVy}>@L+i#`;7B2liDlcT2~91 z!-+^KmcKo)w{x-L3tp}?tY0(qP(U)h38R-rS|>+(e5k~UE{?&bkDCdB?DCU~XHb+-e-ch78M2Cqqwe zdRNii-rddHK4Y->T|iskRD4CbYd`^CGLdb;8Yv#uDtRh`smipkIyb84xl^A02Y5p* zQzQ%ormfForzfReq>z~BS+hmFAJ;hVk7C}9HUW~IZZsdrUpUg~Rfd;~$?xt2@SCcq z3HtqMh^(*quhrAC*xT6|JFct0zKfGbY}F?10XhDVMz{0(7r}9qxCKOy!BkWbKlgnr)=IhH2SkX*xY!6Iew6*I5m=EFGfH${+PiTD{Su)Z{=zA@zuLbBGp zG<#u@5rYF->aq_ZfQ9MA-ob2$sjr@TYIMC{gl`=O*&1u^!j`>uys)o4&W>_3Sk9+i)TA8rgXHg2Bpvz)FSz>%|V{KQnIuMIpKeQxhZuIAxEVIXh@=DB*W(k07uf z(|ZN{^WU7-kHxKCL)sWjzC|CH9fYk)f(zxX1T8ltVuJz-2CP+tE7+DQ2BqRpD5*`0 z=e`{0vsc&Zm*KN+9*`ir0IFUdvHU?BaU!x{EHho)jX}>jW(~f{Vt_(wTJ-U_vzg~x zv_zsu?LD7rtQHi-DpQNB{>P6igHDJ`|3wgaFE=Ev3P4}4sxY}gFz~p?HIy$FpZ5if zieA4KS_fY#L)CMShmR3;Yz}xc_6%sz*BX?-{E3Uoc2e!-x7)kGF<{KS@+958ckxk{ z&V^&Mxy*e3s5q1UJNUSP{Tf;=WXBK||Gp1jj`c_*3JE!@3tzn8F3qYBWkvW`ap{=6 z14G3gQc}-3JR*q=%ThU!uTUe&sXR@%CxL$jU(Y);EPufg(EmhkJ zHE%M}Ne532^}GR9-=Q>GSj7B|UseC)53==eYDXB=W|G*CF+2#{bMd$*xT7RsqVxju z`}w#lTLo~45>5_*=ZWy(fJ-A$Y{&W(jBJ{b9e;hvY#4h?yC#`*PI!duMHyp~Wki~g z-$Pd?9CW$JN0nURh@4hKExvD>{xn^0xtUag1LTEPt2Fvi84S_X<(m)& zPmpUFj3iR>4RolP?y%=ovw~jh-7=VFfFyac0-_5%Sa>V`VN>Cvugy-Zc?{M%Z0SC1 zcYM~t)1_SvlzCev35LxPWb$jHBHj{E%oelsOR)IGhzX9lec*(9650&c8$i&F%gliT zAQ+x|v6By8RxT(&f%>MhG#AbFYK;xSZrgYWb}5h&LXQxXd#=-k0ArM6x-@!*bzV15ItN!{`&3NhVzhn zQZn^6gOv6MBBKfg3*K65zAL1OlMPHxw;Aw)=IP8U3CEgm@HobQDl(d-=FF5rG7~AQ zuL?$7|5(qzrJBl-W?c{5NAhDxwmo-+D1Heq0$^~;YP;wQr*>~Vi*M-cV0EK^bL=$q zXA+dqLp%-aQ3?TrUHk8KIa54ao#Vo}=~%)uGVndspK!QkQg}pitgjZ*q=&13uZ#GZ zyK>*L3=&IDOmq>#PXd5qvo0moV=Urg^I3c`osw3jMavakT;%!0oiSl3f`&(;m2YgD zXjXDDC`X}Z&csnO@FS@f0@ij$rkL z+l1mB+9m8$B&P09Y`$SMadL}|-Y<$mFN8*sW^Em0G~cMhnwA|(iyKCMo|rThWz$TG z?}Z^`%_K^^P-1_G&r?f=&LC4w{ZXhsgvSGW`rWsbBL^sD zsed`3^PAPEk6d;Yga=J^dl@m==(xvr`V|k74fLf(+OTd+A|k6K(T}m4hWp4#cd*jX z!M7#a{?lx-ypn^fF4jR%%I}?Ule=JZ@kZLepvOmLL@IQ-B-kmwSedlmDTiY{=25l}XeBlkIxT_MZE>df z0+r9aAe*TUAEtki!dKqpsEq8(mQc9|+wR1>XUY2r)>()4_;mk<+Q;O*OaqgmeujQ% z7$i!3oPgrOwe|MAv&vHBJ8wYQYi-GMJ@Gh|$4T-7In0blGHglCh8G3DyadA?TYbT@ z$P!APYYOj6Np8CW)vpFz7c)1MX(-+0yWk;e>DDT{KHD%ps*f~m+)u0F$i1rKW94>>2b7EXaSvywdBGtOG2XF_>TtVT4v5>uKSeiL5I}cdhrJD+b3<#=x zEcwr+!?0qcQ6t73rArI7{X&l@wCMR5jgZ#|1VgqiPFDLvi2i=_(ONF~le8OTS45+h z(g7vfwEIPs-N&L-X!lr8Qo@R~zJP2nal_go@+oE9qoBCd46r2HO;TaRP+7d~ z%9dVi8h67I)4!XgI>$EbsAkTjnqxj*pJh`S#9$QduNTlMSQVL3qCR}Z<_$ubD3YhC zuG>T_u2SoLDhH#PJgYVza2}VULh~legY>qG@~+cCUM4Jueg}wV|0GpWU?J7U4GFe5 z$hJv+h5a>wxl{5=EGg3UIxB#53ExazZ7Ku3LHLDi67X4AN@*hHIy~}MJgO+K5W@DJ z@0wCZGZ)O@6C}!`T?+cO=;4WBC9I*ijT5vE`~730kf5wIBRHU8{6iM?Uv8$0n!2Kg zE$v>A!sjV1erB)oJiD%KR{Fr`jb#tU#uakRl=-W;1ex`_$oen|cZdkw)X7g2W*och zG%jj}cQqQm8Zb<%pg0dVO;|%{CgRk-{s)i$JC5Nq z2ST%1VURSe0ffbo-qu4v(jEJqf43o>dpHA1Ic^()bEtS+JJ1k0W*<=xaWnt&+}W zK?L(_Nsji{muJ!6iE?R@lJGdp#&V!L8IMpcrsDWPzY9ji3zMaPdQ4g*T%ZkY`6I^+ z8LZwO47OVFl!wG+V5(uox?rr|lq)CF*!fWDRF$Mb#LIt!o9`JnP{doJ2bP{wxScA3 z{=gv#=Q#EfY6TlCHf2^MxG9&#VOzC=FO!D|7TnGev%qft&>D)a86AW0jqaqs^$1mz z2t7{JSwb^|A+^)iSCAP483J0N=(5g?nURDT> zvXn}K_(&b!bxY1P*w@r}8LEaIwk(RzerR+jC+Y_QF~V{#nhbEXm6o93708KLQ-k17 zX*@?lwq)z8&9ug3Tkq@T)jRHIa5}=v4i-NEKkY2ZGNPzLgpHnd`X6gET8ikz^!3N{auBB9fy*GzjJ*^u*rBr1-JH2;ct1~f^;C7tPrBIbkCeO@kY z%N}lsYsjP7TWER6L!??(3KJT|T{Ehu#?M}0hcby(YmnZA=2=sfX&@s=YSQv!)8Hq- zIll<=2XCAdx}3kX6)w1COtJI9oE?(#a^zX{>*f06&namb|0w5Z>qgFP)O<8G>H+>b zu5MdldH%3W^@F8_;tg`(q}SRiB67bYou>g|F+yv>fK)^MGD_a95(i|q zmBvZdyq^`Ms-P(;F~bz?^MxhG#<))9mdRrQb0t)s6SH zEE%ZE;Yn9Aw!n4~QX=87+Ya6&x~T3rk`Fg=>Q&l4O#!c*wqR9|$fur|p6BvTk8gO3uB{b?5 zY{}BxgQ<=C8;SV1oY*A2`~v}=b@x`h z&Z@`AN^%go?#bm-+Lm^fZG<|_NrV$@0kJmzLY(m>X-oYI#gkWpIkOSTHpTJGMoGkm zc%LSm&5gj@jb|I+tt*_R>_}2?Pv~a-OloGAb26qutpUAjZ%@{OLu{pCZO3vb{RW&? z+2Z$?@$)ZH3c3B-zoG;>^!d*nK~p|ihKY>Q<2Jm|>> z+*59Q2_5boLYyH_jAgf;&o-MCPrK$W(*3x27*bXB!@lmahIN!4gE=1#rds4R)owR| zTQa$nNN>lFr*S6h95HfqER7vr>ZdW`URHUg>0?P-q}ve%hiuw!8JEe|nFyskF9k#+ zwkA$#o)!^;iUr@{;iD{c06W-gkELQi7GXDBr}vw%KJ zRyzTvG^<{IQwUmh+INnkd#rQNB33Fr>zdK>8X)X182o)z#(fU#Xb1)2aO)&}|8U1#~p%E)}$d6(Md4SX;MX&(}wT3@q$Q^DrAL;2(cY0-R31uJpHS zHeXdWf@Tm>EfFIz=QVXenk@%n;DkBMjwH3Odmc+Y_ghO^(tQ>Mq(ZLL@4I~WXSOA6 z&y1IC^2;LvEHbVE|Y-t9EZ~g`q1KHO@P0OwX@iZazW5DXh$UNH6WhhCAeZ9bD zB58j}wtH|EH9dU(H1#0YHN{`i2U?}p(-ppQH8WOfW(C0_I;($eBW2aRV~OoqGLu8o zNq}n4bbo7X-XV2jnWraQuxy*!zsQeQ!_^#8%7cPJHhD;mx!#xvN2FHYIIE7SJA-f| zw&y3HfV`@^i-=Lwf884dE(kYpyObjwrgCG6MWXPP{rKFqJ{{%1RgODA&DFCDiGlj8 zes+(gzcI-ZKi71K5q7ngiw6fBny)Z{L~xT{#`(ruNlXFN+;{OT7-usNbfj!kw>=s4 zC`MxvmIbc$Y@D956leA`44$Ij1e+iOtK;sQfqNT`tzrxBex44JEF+At%+vYnb%Y8u zXOVeP!yK(z33K9nZ59v}-6%4+*Ai>cynJ$OM(;t#^F?ChPYES+1I#8yD|6kaxHcSQ z#m5wn8+x;}gXDVEA1aa$o0F?HSVi>T=~FJa1>t+6QNb}9NhHYZymVbNf&!aM6h0l) z+HTZ{`HE^y_x~RKu_>tfn@y=ic%0Rn_dWjP2ebr8{bOtva!5FQixaGXkScG(9Np)3 z9j*vWZHAU!lg7$1W%5JDqNFU~r?Z?1EYfOC2_nZp3pC>R!;vsrOLh5dLf%)*R_fv2 zxNC;?u7zF>q=WCboHl;nN>RHLEwf3H;hGmQ1VX_owi+Of8j8+$Lu*N|vhAaIa-B7R zo|O0bDYdc88ogC#+eXg7b1bZa4@s89o7aol?lL9wxBU~l_aCI6lrmcx75l>rETr4j z6KJ4O2U()FrH_Pa?=5drQO>brv-FCdAh{h@^n%D}zU7$-;*)S@ltcgJBS!rD*$oiZ z>y-nEuyF$uL7!d@DUlAvB2{pg;x)}09^2b0W_<<$!|M}+(Qa%a5Cfv)E0rx7_k z9u(=_jfr)?X`#j^+KA|s z!jB>1RFkX=5T6X{fqSD1v~@cEO$?Mt-V|OLXw@!nAqqtmrRpm%QYZe^AJJ`LgR{gW>Y1!|WuZ^P$`ZqWF*TsssBu?Vm-a zX4v&zl^X+~IZ|BhMz{Y%c?zn;Qo*p*A}MIRbRxN(V-X%I+J113)7q zvlDUh|L3GW15nEVh}r^l5+D~=b>}8v_Mf<;&x3GsDPU)E0jUgVF+*z+u&N8E7@OJd zADG%YZ-s~Z*o^@wAqd@N0qFGv@VAo_&=z-48Qql=#Qa&CzFz~9s-kLQ5pWpfWMu@f|Ah;HBrB>a zmwy+P##`zMJLMg^e^Yh%-+g;$PDfQkRa#L;vyt6p00v;4K1Nz!=I>Y+ioSp5Y!hHM zR#$-aFH`^l)0-oc(ZR8^i;D?^ldH2K04E0Hy2g?pT!G~+pe*3Aekg#SYk(%OA5|lB zZDa@ItiJHC<30Bvzy`FDJuRSLDJY09X-aY$dRoGo0x9?!wC~%%#oujDFmm?NUMEE~ zbhJd|U;B$)5ZbDM7{BMsR(fQIMA|A`%)b5~v^9TjI5QBqi>KPE{%FS!*|iUQIskD3 zgsZdO(oqX2v+J=pera4xKXW1a{Qnha(^ApZ68)e{#|`3x%gvbe+WywU{8qc1gv9tM zrl_hUfv#a_tp%3O%&lNd&5qBFuOkXPq{4gwX2gBzx)2B~t@rP{TRHt!I=!j8{cge` zB5?c@XUp3Qum0lb2y2^*$ND{e?rK}Y;CVoclaKcD0{xaQtQa7+wW78B{&s)b-fb4w zrO|lQHZTKf^x>1;(V?}nB7&~3`G<28{p3I~LOXh=*|?7=*}e3c&TA`&r^_YDoKL3UmDlS3Wo?-bk03Ig2p z4jYjDR(|9H7JXc@6oTQKk`ZWIyWh=a5HU>zW%U&bJ^y|fKH*o9W>r@o_rsO_%)We` zN(o~_TfhD~U;EK40{qD3T=a6(IV9CN0B2BWabRZtZkP5RFUW=L$&%Svo56y-zR|~T z+y;$ebz%3Nb`RfP0tw7cJ>_!U&5jn>$eZF@rHwP)deJgf0A} z5`J0dw^cKa4GpZo@a*FN2!n$QyNi(Bnbg-c0`sKz{}~23ds#gL#K5!>lruo~&u&b7 zy&WO?!Gr$?Xeqq2pWh7w?xT1BcLc%^{Ux9SC|tuIf;B+-ML#eBVvzb0oB|LV=MMwz zqj(0d2f`@+C2)9(^+Vw3xWWgCp?d`nD4hHi+&hE%71G%|i}+7r;a{QV>tCVrOV9>D zY?&WoO7t2Y$XW3>s85IGhkyZn`aeUL`eE2z3wQ89wJaY&eN$0=iFTka4PY5u-|>w< z(m$_1pQ%7s8*lnyxK~pcCa`$rzsX-YG-8Q<0uBIsxzBqj{=X-&>5w|Gi~Mn*SG!9G zv4EHMXAh&m%+zbW<c1aAnHqB`f;%TUV-l1&U^frL8fTG{(DZE z-@t*&O+VlukB#rZ>HRi8ZARdk8-eVL{7-vNf_?=-(SpAvV2!Q+CQxqu1zzvFxylyY zgB}_C*zFjc8hI9fy!|#b13UeUwPFZLbp8^)V+ZQ^BL3rc=Ohl@>WAU4{WOZpoz|P! z4t$4C3u1nC1oaULm{$Cl`wk%fc3FIA0ps*$UScpp_ir^)Z9j#V2Bp7yeLyi6KkyJW z38T40fxMmoxIbohx8z9&w|{$F#hH!yzEAwKK!t2ANKB&`RNAk zH9q^@->L%wK)3*75z|ctMtK6$AYTGU`V2XfOBsx}W5!I>fwGty8K5bVY27;xH?T?i z2YUKO_mrb}5@=H5@#cE)Zvx3a0MJ~fE|;`D+*2cy=FOPjHV>94Z&2OJ5 z?zZmF$~Oseb?+F9{l#{Jrk|7XnSdO^iw|hLyy#mSx7a~mTh3!L8?cZ+{*AJsf=wSU zyDLd0P8#bM#XT)QPK)4o5uRES0W8i$jz|8TY<)OM?;E^69H?jD+qXB~N=&acCI?iG zTTz#N@kKvkQp25^Y+Y4Wt<3-;A)EPP5Y%t_{vu6BN(bH14mr&yX@5V|kC_9X%&}k<*>aw5n4fu4laV{ib zag|G#FZQF-6EwV4(9FKO$*DTT>NO}kjs*WoWiPn_q#eFw7A!OrZgaGs4zi0|gN{o- zK*L00(?_Uzpz7_b8_%x_?z-So5{>MDSqvt=#%j?}K`}5ic1*vzL&Bh6t?wb{n&y$P zWxutSvyR87Cx=44)#mKePxM;Qj=?iOUQk_qIFkeRYKO~O%UZ?63o(YSd#|^R*m$vX znDdS>m9AF7c3+DI@%5o|XE*b{>o>2aTz1E8{)U1Th7jkhg2~L@$?>`;ru`Jked?my zVseb5nCI49`vvH8d`1-Ksf6CP$qPLb4pp$dGsM-3H{01-D(@z_N1NXYV7tDsn7sM4 zG6k8%OZW=@v3QaSL>UKb4Cnj3{m0WK@&K&$s27!1$Ta0&ysHg0;fx3gPt0!Zpil3>NnX^(XevY`C8*FFDRmedEmt#AtD?Tbq3X>dKu7aNh8#UB zL%6-;5{WxYs8O7#;XTytQeZLjw0ojT+V3c*D^v_Pc|zK>O3x*Kd#~0N6aCkuk+&0l zd<8+Um43(~)y|&z9{@-|x4*g6D1_Q)-IY z+rGde1C)7GOO|9#Au!Al-!;3`LwXYwafyRrRHH_8%YI~*7}4c{ z=OBg^eMo-2CoAipy^g(Rn$+!Wvg>snq0H#x$*K$c@E+zWsXwBv?MX5#B=QGI%w&yU zW@HW;>zC!D7)>5Jt!t)bb)+IyQVHfGc_Mim(2Lb3H|p-W--Of!*OzpWcgyBb-S}#T zOI=l|4`R%leI{j3vY}2KX17f?Ll-r+~{H_swpYULs3b~Y=0w}<^c(;W~@PlL*QAHYkqO*d)N>d z5+tdvlJfD5N~ToykSXIC;(oK&%uCowk+Pg>A@`DfA^+hkJb8bU@`Ur!mmV|J?9S~L zAwFqIhoY~mwrNb`#E|vCfRrprt;G}sv5vg z9G-U*i6U$ZVFCgeczFEUAN$F@rI9PnW{zf%_v7%V(vN<-iXs7tuNSl zdXEI_S;4G@5Dmhw44mbeKR=hOeDq!v*R3Fk_5J$UP)2!ZT(dR}>l>^xM9??#Sk+O{ zuc~o3Cev_M=N8vKZl0T*k^EX>@i!`ne5u%PNp!I)B6e|Fj}>BJA$-I52Fj`o?P)9f zeaYRT3+fksv<^BXJVe2~_dYZ65)LwT1&q2bB`9Plxp1mTxutF*Rd=G|PDN$69`dH- z*sZ*C`(RDXL!)%6yY26Ie5c-BRnuJ>jR$y^zn`@P-C~Pt%H?iBfSId(D~e~F8I@%^9y5H zPPo1}woJnKGnv69he0mS!To_7(xippsNT<+S$x*gGN3w_Cg~=d0T?Dnp?dofaalUU zh{4ZZxU&pmS?nMD%+!L!^IU1ae#`+8l@r%k($rnyR}!EN?8-P7*dNE0XPrC%?FJR= z473}5?A~Vf|18Tyos{pop2zZv#r+&7rJE4oS!?{s1I9jvQh73q4cVsyrl)IL-#JC)DS;2h zZI0Fme}!aOk&I}{%m;&2LL#HNH*S4=&5BCRuOcPicNo_rcSusrjdMptaFalef_z6p zKG@kgBsRPL8*#kt4AlrGv2C*82!&2q*kx{9(BcUUs3X!J^BKzNZPWKdWU{>$aI71A5`zE!RDJ=y})a!GcRS+!AyB#z557~hL z^@m@fM<#R5ctLnubLOPzW%SI1?rRhF4=~)%R}oif?Xq5lIc(Tp^6xf!JYMSRAqQ)8Wo~$0(W+b6>Rfp_)8n9gslq6)!POddOkHs zoD|YA`nWE%T>}-4L9s_n>VrxpE|f2CC8;F62t#LvwdEz94N^AN8{vgZ!@i8 zvU_>zf-Z;-V{6Ep1-8cD;vx@N`jj@(CNJC_vigKCd#PE8EZhLQ-2< zw%+YIAH@-4-;7Pp7<+s+(s7g$(u3W9)iKu`)n!w*7oVk{uLYQia?n{rFyvw|G)myP z^%0&S6OGqkrhDwxyveQ&Fb%~>b5x1-Ww06x*AcP1DIO}0sMB|{a+bF54Q%u?V8Mhx zW)Kw2DD};n?fex*0H-;s^k#AlsnhKqM*~I(UuFY#=5s9VXS(IPS6R{p9*ajZWP;mc z2;-dtcm6Qcm=48`(Jq^A$LTD>&r91a9V2#`@Tx=>fy*=p4N{zM8Y|T;4 z8rama^GXS?p)*jE3W@YS#M=A%0L;K2$Z&pw_1H1k>kWi*t~;ulCpc;Z25c?2kGrY^ zzK>Ckm=*&B-sH+3-wePe&qO*CUq?_>9&KXjf43d4AO>V0$pK@?~x-VUlOcVTj*Cl=9qPS7Vnitur&~hSn2NdtTde&)wm=6Dr9>W z1IVfjt>{B%(^I7;yXw$UV58{o-(Yxy!TqC6a%gy1pPqe-*Ii*=mQqG8jY9PB2s?Cz z$iI)%E^IpQ-SkiATuIg4tv%gr^Q}ZLSw|Ea&ZLNR=wT+EV|~GFw@hq;$1v?2C#tqo zpKX>agPk8qjovo7Kp$y{0Vj+26u(8!&_ot)bPK0|Mt#wL5R~~G_nN;ov1r~T-cU|F|NQ0z% z1me*xSBiIMmMr+z=L{##rZGzQo1z4XMQ{3UM(+46_tKJoz_D-fHQ4HP2h*)3pnhWz z>nx3Q$&*|8e!Z@5{(2WL3d;%&{u?Y4C*utN*~i!i2S19=S(5A<%lwhM`BmMWQPlDS zU5|?xz1z-}SB=}|ElFDf?k3;o1>Gg6Wz+Y=Z!_~3;n=SmL?%80JS(3XCmahy_G_^uT~$H&*>tHK-#J&|T_IvI*7Z8g6u%=AW>`77_dOMa?SMAM-% z-*b)R!LA`8A1mYJyW3^fX{-AUbTqf*M3ge@zDVaLKoI3Zc{08G9TW|`IQ3R@6!#0hh_t=- zxiv=ml(q2lV*@I!XNy>Eyyfdx^tt$5kCD~nH$BfTc{ryMU$^>LtxW6^-&lWpZwQ?a z3EO9a#9~MLtaubI{JD(4tUYNJlPo@>6d0 z9qcDmc#+Pbm})!dQy>Zi7o~b|(}Q-1EE6YJvMd&oX8|c9zPra57pKj476NZt)*g?2 z)NQ4a*`MF%I#w0rj|s9>%%U>mi}%QHphKpJ=9ni|(;M5wWlN{z51w+rmHMr4g-fUy z4M)b*3~0r1CU(mXGP{h?ga*KTOHiR;Zwgn$%~lV%ZyiXPU2=*41iZf!-v}6mjl+%T zb;S>XIXN69yB6125+M-rp&B+6z2QxY5T4A&Ae4lR`o^H=!y&jd>dMe$Dj^+5Co!Uzk?dGGmI*Df zsOfr(R^X7nv^vbXY|V;)?DdA$mmQ9J{FNVDy(aSO(DzU;t&;C&`72MVV4 z(JbaLA-iQ~$kp_ECgqax2F)B`YsiH)r=F4c0^K^xZ^7fcFU?cIaUO2 znl!A}EK*oxWt-jI9eEK{EgWpvoxnU-H~)CCoXwdCIwXuM1)%oqlTf_2z)m>!DKmg_ zI-#&SmSh(13;mmM?a}mQ^Z87coTJGMQg`lN-gEa5{r5uRzT6qWt|JsP4TwQR4vx!) zGR`ZkXU51vwuiXbkj2gn11uj;mC`I#!$qNb=QBT8R#y(WBLJ+dE?nHixt7cLC0Fv! z(Pv%(Yz5onl`6yMJ%lCgVzoQk-OSC%S5Fi|9so&>E)!c%Ma52=PBN1Scstpdu zJ_r}SHa;^n_2;fv53(=ltZ&3|if}mOSg9lC2X~$SIJkNFj6oyOXnHlEWyQ~BHnLqW zlr9ZD&Sr?dO6fW?8o;XUYTLy_e%5I4F6U80aZ=GjKUWK<#Eiiv7HdxA7GNVt)6mQA zTVR;{sj~pDu>kSJ|H}e#o{e7sbat}$yQQDaUS9+EMG|>Kmx-I1WICD`<2`gm@Zj9D znx!h)43!>ASeY8QN>;kx$84rsT6)QT;h;eq$Mlg!MHyy%r?c=V=o<*HTUjFXqwq^m z#1B-L8uvmhTit!4HUqJAvm!x?OGYk;z3DxL3K2cCt8&l}x0XdcZ&`e<`5 zg_dc0lz-eR;7Lr8ss)F0p(3~d8uHgd5NTbujQ$q+Wbd#dsc6RNVU}qOW^1bspyiWz z$4tq`9Gm`38ZwDTE0l_OUPyJ{hsB4*3C6K6Xv36Wj|kl_Ck(>?Su?1vWvl6hEYO5T zNu2o;D=5EaL<<;0+j*JS73N)Bom8jEV`4L8*Db@MB&eMLuUlA_>2PmFRj%V+M47oU zXpG2^ntJ_Hc7vYDrMzvOBcn#|x;=xx!4L&p^e>9a7oZ)EE`2%z{VZMHji6nIADef| zb|f`%OgeG&nGc%FUWQ>R)5{G#X)f~aS(aCl_A|g0j^9a9AVoj2`#_`C&11ho2AwCW zUSGV4k%(Q?*t$t&S6x&AZJ38rRx(X8_yp-$;%AzhGLPnYY2Jj#)(S#uu`({3f`t z{g*@_e4_zH6FJRXoztK&mV!#ERuVO*Wuw^@FQYM_hPmK?xQ?(weCcgv{V@}@>&_0< zKovYOEr(#rV1PA+P?)orHbn9P+>XaEN!3=+CC7C*)kTZaI)geJVY`L@L+Yy1LFp=& z@_1;MVVGR1f--}Bw@UDM!WO1D=O z9b@3j30iq{%rx?6=G!Jb(laH(>?Z`_<~6hB4`H%QCxH%Jvjom(qE5-vseHH+uL;8; zP+Qu(SVk442nm@5=`EbU=pDL zzJ-Q-5*FB^Ruf$J@D^_}PU|fOAohs-{NcVK%e`o|IZgakP^N%SC+rCqJ$tQKrbcrm zJNV>7uAtV8QEH#?oT07F%YGCx4gS&W1w)1ODV`_+Vf38#HgHd4Hdf;;orRKUBwsqe z-u3P1jN!6JD_4{_w}=RLKkoVB0(Y!Zjq>af2kDJ*$0t~F@m?fC(hmVTQHDLaVnyDaN72Aa+;69(5&deP}enC%WS|s}don2c-|I+l>qr^s3)I)1I0%>pk>; zWh|x`oajxQw{D|5ml&(Zw*~VuT9FJUPI6wjkJON4vP_^P*TJk{Lp_cH=muddeO*5J zP)L1%$__9NyQgawD-Rjpjt)Gcc8@ew!)%{;vkNhM^r2ny*K36F`is8_HtT`mgk%oX z_Qa%sN&XkQEmxaaKPwoY!5TO%rd_Y&S;w<@m!pI8;c$LxHiTY_SVa9#?T$UBXm)yM zt1j-m37CuOMS??>T5-sw>b^O)a0HB>VmBKps`894FP0@%WZfijQaek7ry+8NsFto* z+k^#4b>sQE^_?jllHQpOvx8dUm#vYM7cxfg5>2-3!>>!`HYtt1w_Inmbji=P+Rs`b zU=eqiabvtM`{wU$jk|0)uDcvcLPtI~cNK~l_p_e=<}9CorL}^op4uuwRz17rCq`Pm zQ7VbRDN^_(yyng$6XQ}4Ufbb-J<&8FZ#1n+`7wvpjBCWj_e*XzK90^OIb!$vdE9BT%i~hc z6&UGODtHOmu9zB|bt?EI9$fCiWNbHIT$;xQ5EP_beJ#FkxDhV9?F*W8)x2X4w(?|6 z51A?oQ&_vtdo8QC)vHZ{A&GSQPD^j8cXa)uZ%EA9=0@rLc8mymGnaSBmZ0}`D$Qd6 z&t_2-J>ORQ#<+7r?+>IoxX*q}!&!}|uNt=v)<%dkUaZtskyVf>bWcLMgi5~XmUxD)vBw4X|-0tSt{I#)op8>5E-H|N+Te7ytJVhZR}$>8v>gva}E z#LU>FVwK;?wPRjA#BLg3hrN)fU$7@A0cL&TY@XMbM$^#u_}SYXNr}IhE7Cdle_&?0 ze%J1rk83*$YDt(rs-{S60-f2ne&F>by}$A>**~KoT~Bu70?Jao$VGj=qQ19zJ0^V6 zbwGU}cKNt?EpMB!?+iGhuq8eTc6x`p3e=F^`fs-Z8+=BHD!-$8Kr`>6JBurct>xk{ z_ZJ9gfsX4k@r?YbGw$-8P;$(+JIf|G8(|T92O5DmKbY;!Zo|?5Mwba8dUR1 zg)Xl1(l0vF9V$D)q5!Xha*pV}Il*ogHcuHY($=_lm2Ncr3qI*-T(xR(<>n{i`y@{ih8|su z8B072GkVf1s}F_;M34&%HuT?PyW7hd`fe**)bPS}p#bv5Yt|w&o$sQ%TKF})vaxDX zT~6H@y+&kK2hAD>`h8t1uAAa4%p$cCa4DTpkld?N_%pZV!`_!)lDa86ZJv>iQ>Z#Y z(&WH)xNg|sLk9)$O{LJB9i=LnIYP`Qo{IO0Xwrhz@1l?N_g2#3Rs0ugwtn;_?{(1a z((k{lsd}2{5%ox9OXf=%cS%OgYU+m#nX$Zx6^I-`t*)(FeQ1+RO7#Bx`j7(EB7l8JYUr#8i< zLv(cgi-R~PmHpeYa68(zjqX>4S9ih~PWIsB~BxEg_PaaJ;{*MVeH#jCU07PfQEz8(iV_oC$@+{&F_RIMmm~m zfgeDi=NwCW)As0-6UF5yzmZoz1i}9z;RBkiqb3}=sVegz?}S=C?97PI

      On`}T^w zgyB`UsOj4$4O>JR-26+|%#XCT?Nz5gFT~|b&CpT0|Ag4w>&hp!p5u(Lj;PU>@J@M@ zWmT?bLhoN2sbbV()(CzzLU!XF_W93Da5BhAA&*^0bQ4$;C`)q$}<>IyXK z>0(y_c~5sw*q;xsOYdl0pNqQAslgT7B#}NXtkfmp=)FfWJyMW6G5Pw0E1y1f#dri2 za2clhy5XRJ3Ae!v87(*NIu#S4Q{97~>k#UU)^ZOOB}zM3)Zt;eWtN5v2eq=u9ietQp`1Vc3IJZXJZ|~tVMr0%mtf0N4qi38S#BB z?I{AqN@huz3w2`KS@-#e56yz zQ$?sdfS{m&8k%?KYS6z#dR+a?Tm6`=2eoo0u&hCmgB!f5V=WgSZluMXRgk*J_=b0P z{hd4BX9&X6?UfI8mKu^=97yl2p_fGEQjRS9-UWh*8ht?^I_gdbO8T;v|Fs;?uYzeBKE;V#ZLgGAMf>xs*$L%`XFDrH>BlR`kqG(ADg;FfIYi#fB zUi3G2hFIL{hJ5!p7-=bu;S~AWx5~;*1lk6&T09+jha=+6J}GABh6ngTI-&b|vXl3? z2t#Iai@7h5D@(TZ(<)w&SR&LH{=y!Qa2tb zL#HByocPXNiu(*q#=kpT1OXd{Zp?D4nN9{z*^=I^eX! z>1#})KQ4AWxuo=jd@BkX+zk!W)GcPNfCBKs$s5DGf?BovE9S!cbk+7IEv$`C^?Qj3 zJHasUC!tIIkB8Nga}G5HD5VN6%}k=_T-<@Z7$X<{CGz-&P+e_iah^X>XmcNyX=v*; zX*`cj-c}VYQ#CR5Y#K*=D?VlE&dbD@y?C_zAU8xq-l#B`cPQ8nt5Y$tmAE#k&7+d^ z-T*61&hYhiaEz~oU^_co7qh_SROqbg`I}``@PHS+TTqQ5wa3QfR>UAV`Y%=xdW9(a zaHrzd8BGGmUdC;_ql{>rj02_ry_}!ya>*dmiVZEP3S?S%>nUdvh2f-b{@okyvw=s? z2!?qnfV$Mk9-v30>FuU&6|!r61TMXy!i<+pu|D6)qp;>2 zkGoIU&Suon4#A+cLCd4y^u2teIpVH0|Jw~k^lTXOrVjBx_!69S*l&(LXtZFpt{&xx(R2L#MubuP4iv3*)1 zA0J zjbJd^bG;DxgMSp`Fc&5ccRNiLcMDNiZhoaU;D)@t&WB1!4^lpc*0(k`tI~S}Wg%}W zV-T=julb(r5F@6AzdLmu6jQr&&S=ffn13cs>o~dq5%^r*Lb(CwZRBWVlKv&XC*Qjd z2LCta0{dzK1iOYVfNtn5gP>S8O1aD^-0A3(rMP?5KMe^zC1ub*h(D@#ogUjiL(bh+< z%ETKAd7uen1BFYeuUDP9gCcFPF;2MN=?E@ygz;%F7%4mevURd7eLkW{pZ0X@YJ5(C zLyJ^{SC98hE0s{ja(cbHxuJwp)4vBPAfC6O@{{P@r z(=!D#++Aovt8Q(?>X_v9E;Ey1UG+giQSgkpF(z!VqS^>uDALADQl_8KWe1bG3W>*#z;Y1Nhq3wzub9dS(Kq>C-qAEb{$D+R5A|@9qaU z6VQW7OG4B?aK=iSY-PC~Y1&^ZkDlTOgs#+h1!s{>)8C~<$T`X&p+@~|ulr8tz1`wdPOAcqCT!tVTdiubq*hcZxk&Ls9xjNd|??|K8 zK8Vo7r=!kB=7xioX-HYS$Z;QeiTgt!s-g_x)RY8)(p%;D!O6eW0Q9x z3{R?U4Y>UpgR62+#rMxCdtU=qA_C_=Qyc}3>I<5wh!Z)V<1WfvTG^_q@(N>qRW%&s z^80ZW*IliG2qPT=b+q+>t#VY;BDnkxP~G&_h0Im;O*UC3v-6IY$s2OV_vrWGe1HSg z(?x{a_!YjHH?^?+ZSbQ$`yHD}gvn&zPB0=idbRyL1-DY)M`c}J7J3V??7O>NREE3y zH2!KOR~zYDZ5CfqZ-%hjdPyOf`z9XWmYl}Jyh!T$q;ms&uk60@@E&&`nz`V8J*)br zJmjxrHgybZ$`nEw3bZF;h&0Nm->i-;0eF-(9xeJ0leht&Y-&l}Ug zEqv4YuDQL%0$-U5y$!CtT+AO5(7S0cuW@~_sb#2fp4rwz*!@=Tp?aNQ+^%)yY>JHP zP@%%uN%u*WLQ%ZepmELCtt`AxmQfcVvKW_=(V&dgz`RPP;HKAKocqqeK?5W*%;6;(*AF6F2Tb=u6qquwu#Rt>smtb_KYRZXW0UL z*8W1aFRL_kKVj&i%a2o%N=w9SJ0qVgC4>leAg(x zxha6{`yI|-krkVy2;nUW+^904DdgbR{}A_G_fC1Lf`vP&Sse5Ag?L zwczWoEeB|CVRhzxX?_VEpv23}O|Ur?6wz1ezi+!6;{(#ldK2aI$pBDi^sV+xEJD=JR;*H3M^h@HHP~hXGTAQku!V+grb2Pnv2rvZ#$wt$ptNv zEQkuC^b<^2olEmR!(|5)%lq^g3H|DJ`Yfcx&*SJncjtOutCv#vb}3&16L;#iy%AR+ zhZqC9bGQ=ShY9{8k?Ir28rcOzgkgGvPV-l)55g?s%|oo(WF^-e_Q!7n(BSN(1YR&& z8#6-gozb7{zoEN+;UwUf3aERB9^Z%aq~5`lxtcvsR5TB9UJ#+B*rD+`TPjW~-dnUe zTqhv_GWUmHq7AW7S^tCJC;gKnVyPa{k7Z*{0Zn(im{bMg1fC;d&YdGh;S?h{N;^0A zq(hCG){Q9u}fb|ZcOAEcph6An}YaXH)-PQ?Y44L14>)ZmPIX!sfu64 zv`woTnPau8#P2R0>DTsUz{ia>lvD3&AlhlFoPLfUBs1g&J&$Ao+L z@TBk0#wdSUl~hb00p0Um1#Piwcg!T!CdNgc+2HkekeW(ij%nzrY(Ph=xm|v=7L`Ox z`oWIY!~ndeS)(9(9*IqZ;2!x@wnkxZvRmZ^TepRHFnE~QOa~xhp+JwF*#r?Ej7d6ir(+a6;l@|2|HpRFV z!M^cX&QybJEU_DINdo2mogeF_{YvuIB@~n|Z8|-gr*6p$?V|klC&zlfxhD`C=hSv+ z^o5M^?^JKL@$zCaMSplm2f(H%1h_T|wBqwG$`=a}B7u5al~r5TOZYZ-i4dt~~y zJUEje9i+xS#FyoX6YgGK2v>;a3V)N0&8~msd%POQN%_VyF1>A2!Sw$6id2#5eo&yN zHnH>gm(I;JBV4|rVQi(udr?jPestQAu-21g5`xBD5et}(9*lc;dq>>~dw@g(UH>?W z^`W?!1>4WP^%+3Zb{NXUo#_E>+oZV59X^41#G0_^GVq2%?^N$K1%;&>E4!C{Y(98I z1q;F=F>-MEoObaP5yxBWa$A%+XEK$0L31Vm6>_(YY9nWy;WZCxcvt^n5nvRmvSF4zMk08uk>&NHv2|k9`lQQTMb){d^Ytal zHOuXqvPtYT(ZasG2V|Tx1>8@XmBHGQ{R_a`{9BaIOjGtAq>#h!&Q%`LWd;hBmq{oW zQvloE`cI4TpD<+1d(@k!W=B7~uV~Lhw08pm$}fz2FImzcNZ_yw^?(qv;Ohj-%BiCF{NwCHYbX+VF)guCCsG@K6Lbz*uB z$!Gq^>M+vlI~Uv6e)7bcCl@qT7!8iNv*wGx78lxWhN?ppLq0xi_dV)$`#$~>xPN>vyh3hn^ z)joKzU55phPO%wD5gq!aY_ZWj#Kf1vKf$U+_XKD=)Zz1vGwrYwq4iwk~ z-qvQYz|jFhQn}2g z5)*t^Kkd5vp}l&5cMXO`$}Sg@N>eI%KKm*!Bn@iA`2JAxF(ynm<_$|_3R03umga2B z8EUM3`#1@WUvZ3rK2hu8T97BA8P}+;`_6b_0LL>x=~h_TdXU*TlgbR=kjg%XPsxX# zU5_GTb4p6=sw=;qn)mqBd>vFunwuGbDBVA&KJqMw=6%H3C1k*`jh*GesUe@UWkCoD zpoU6+{!w#}Hz`WlZJy>8P8NUgMXA5PxOYqBeGvmb_G18tn5Tqwd4X{4((z)|@PL}) zSk>(Q&cr>Qz#%kdDC2M&ezGUWfBCmDag8Uo^xELw2hTnY;*a-*N}muuR>hqk^PCSe z|FXKqeBrN`lB{2Lq%aKJmo)!kgvO#fTVVtrHpYyoj8IbM5HWu zDFp)Dw6k=)lbPz6v^mw|`brGXMTy|Y2c|8YpwiK`;#oQcc}dAd7J_=*1Jt!>&;v++ z35NgU!7dDW+o^eKyyxs(Dg9;6DaBVKu7RJGQBjodh0f;^@ie_2^Y24{=~L@czq zQoZpw{hmY7IuPk=O|l+<@M-V)F&#)No{BwlUe_t{pgH_Wh1c@~C1hhX4)o86puFK6 zC31$QH%^Xk(D^B}xyg-iX`97|@_jrh74XlAqUa0iaU{8gvybuC7_HSh&4K~zusBiK z9aN`_5EuB%K^3-YH%=Ml#>18jb9W36+O3MI>(UtMFvM7#P&EqaRRf#j)L8-Slc#`~`zsr4K>90OC6t?5cGmy}5w-9e zFDK&hy51G~^;BhGld@Qf#Ha@LMqBZTYq@~f5|o(Tm)EMyn?nN4HEa>UC$THL*Zy0( zEgD{UD&4x3=X;6msU;$BgBhAi$` zbcLLA5F(2k2|B}MdF}u}=K9)%Pzk;9{~e$O)Lc57T29>iW;IXi5klD&{RdJP3zM`6sT30Flqq}Ddf0p@ZkFzlxeUl3 zPW{n>>^m#Nv_*uv@PrH#AgXT$ZZe$HLKgqiV>qjlvDS?0o-?4s#=RO>hD8gb@8rhPf~9QDZivB_`&`cyx`xXI zNw3k_cjNWx0RjrJf z5gHPVY7P=r^wjTKdTR7ye_hD;lWks@a-1YX$loGBl0S_NI*AmMkVKor4I15S2mSyU^`*8PgMr(|(JG*CH=Z$3ir};NoHz1H+1djjf!E z3*ad1eK}UJ$`HRY=o*@pTX9L`_cLC#)x}-PsbfpDE%y~$Yal0}w$IJpFub+mwvizZFmLr{4 zgt_d8OVNfX=+*eWs#u3ed@J8ioWhX|p(VUSXYKQ8cFU`g*_l;+{-PhPA{q#}$5Ix` zk7+AdvC>hah=c?IXg+_l=Id#NB9;J{4ccQW_$WbgrDYXIcp`k!prRR)jH~wb?nBa> zkcyZWqeZstpUi{KZSrY!XV@8&uoFYOD%MsoA2RCma~&8=&&->o#}|9hjf)VRBY+JM z8G4|-Jl|xL@JXq+Os2cHbz$XI`H0bMr}YA5GsM0dkC z_B#+)Nztm*{RaKfFM#jYGdbCDZ@f8!mTCb{##gdrwGGG7_T%H`rTN z$;RONDPb*29)G5-kCtRGdt(N^VrkGxHZCsa)>IqU${i%NymKiCZP^(bGMFJCJ7~i5 zP%kO?;gcWz9>y4yjK}_7*+hV?+uz2Zp-@h*>KrbSy|xBF`HHQwV~J+i0^sP6Z~2rCn$zr{ zIV4O@(+*HqQN)U)p=|(0 zCU;us$NKGFCUGP+hVWz2`ZBX+OO=rr5`!0rcb%vlJ$L+S!++Ls3eZ*n8TET90-0G& z_X?s+evYTg?~`JSy65GUe628+!|5%>!;5I4$6ZB{UmG$Oo+b)e3%WMUG=fc+OEi`B zRa5^smtuaP{B-!1=7+|&#J4n30&2^-O0{x*bu3Dd#Oe)Smf08)7kx3Vr035me!@_w z!USN4j1G?ixfi~9Dj-c#Y*6gGlYjiKq0*@|5Bd3ghKG)X>>@$Wa;U4yD|hZNMY^oG zBmqhMy9#`)#91m)*j|b%2661oP*~SjCHb8YGbj!B?H|+X&LFNsAoyN zWQ6e49_EPh{aXFHVo`s(>dRfuBZid+(QUUc_15ZCzN45K!!K)EI@GQzExt4eCth!2 zL^svDwQ`}3n`#89iOuq{D11!Eo3yNENg44#vuxB8X>!#H-v+zu zbkNa5=FITdY?(XzBEGADGZ*FDB|lWGUol}%5OVWQxYJ91T5FHZJSwN;AVLp!mrJ+3-H7yugn=E-tyBvm z+YbuM(Qq;z`AB_i)s19F7&A@(ZW;^dKlL=Dow|nD_jIIOWfF45)8A6WA`#P39z%`u zV4ixE^%WN8-EsmdsNVrMTzn)oco;oUL)r+^HKHtA>6iqn^VC#mHv5V4v&4bU%6o=c zDUXhwHk9I2zm}`xOhYzE_|X5aZFAZc1weG@wr$(CZQHhO+qP}nwr$(S+18!pX5Qu- znl`Ixnm7r)%OymKg%wfMvuQtouXd!zCR)qsx%96JeT-zPSvxe1$M%+xEBlbpzs9Pc zjqR2I0r54w$_l?wbpN3;g*p)g(`c%Cimq-WF~q)zFZhe{4qjPmEvk#c!ZehueY}L9 zTEQiLqte7too7<3_WitPl;B=JP-%kAHx$bqGGKl_Z6jzVi3B|LkipTO z`d8-KZg_`4{DRx&I!-;r?b9AcPe++*w?-oP1-;egs+bjEP12jAnXDRW`5$9RL#8w6 z+c*?K^tU)vD;29P)WD1B#90qwP6*{4V>TY-35a|&4O4R^V>Mr;865M9M$S$ZNf&AP z7aYh2b^2;0)2*JVvw!8C0Uhj=ccr)156^D%75rhiAF`+jH*Zsv0-4jfRG{Gegk3w> z@jdIEjod2u%AA*;YiK$pHVCPM&)?pz&YJVUGjUqPKEJ0A&{Z&)N2AQVkcD4%rBwTy z-f3^DgYEknJu}{YN@$}b)<*gQBIj|0PJ$>F!lq3LN@TbW{&2%YXkv}!B{((VKVJ#Y zcF^%W+-eN6z2kcPMwy=kaJrjSqTu!3qVrY4#yJKOgZLtAAJ0<|wPg2NO-e{SZ=~u#qr0=5Z&@|-x?ZNpvaCt{P+u`Zqlh|}IoS9q;lOw{Gb`U5?r}>`BgX3Jxj1|AN;U9)(twBWb;VcKp_ha1` ziyI+dY%FzL#<#s;Xi$x+N#$rBd7Z>DLoP4W=ksdkbdY*7OQT2$9N=QC*xL|Nn&Y{>rYx?Q8OIYF zY;H4ZjTd>jYkYOnSFYb@L1pxe+ed%$pU&iOY}TSJ$R0vC`Hv3({?P9O+O6wwYm9et zDXXue{wKq4*Ep&gDu7~FfpcL6e)L>nqtbV+e|<;>&mDu9bimPVg?9{zePjW)bdI7x zUG-!_(UYt`?Q3<~lg5&-h@3~n}C-f#-_Y#{>mZ9`uFq&yVqCP8_lZFZNk^@=AOf zWe$@)aR*>mZK{59T=8$sq3(P9hw5$@6`3aPe@IOXe3Z3vXeV?H&GQUnP#_pxPjTN}yc2 zj>%c^&a?*Nt9b?J*bSvo3^%WA!LicY%QLY^bu<|yPJFNFIoKQTfsWW64&<~EMLO^= z4;uo&^r_4Fq(1t;Kaa<-$5X*ak%{p$>>#i!?l?#oN%)%{tHP#t_yo?`Bclj5qU3uh z(ToQ#%D=cmBZ71L&Ee<+n@}xaMXxlQKz>@@vZ&(mj&JXft2Uu9AO)Wb`+jam2<1Y# zNaB|;V$)2#_M^rv!zC4f_h}H`IGIdR36mZGNT<*q3a5l~BgQd%R=O^EBpc1oZ1-9A zdf4zx4F!9--(eIsH=hiHkql3l`KN&p8ZxF^vz>c5?~!aK=R-5=>MlNGR}4uV!ATZ6 zIKaX0`kie_1w~1McgQWTjn zJjrfQYV1!9R_NmVcgRw;+Fj9`bTulaq%#L=h+8z-FJ<|ONDxgLhmTv@VG~R4@5r)% zY*X|?8yo*_pC?ubUs$^2Rv;?RRDaPOZ6=Fbi~Yj^#;sdtv7HPRw21ZU7jHh*0)JLf z0vWaLBjl>vZz%EeToX$-#k-zTegspv!BmPUPt>kc`BL+_$c?jK2(1|SK42$B?S42r zkavvN6zuxD8xry{>4}gRnB~DEDE0DI(q{pO>#ou1FBvM;8T)`#C`pXnLzFH$8ztcS z%El>Mr)=A{ZQHhO+qUgGW!tuG_U%cJ{z1=ovR0$?p+SN`a!56UyR+d zmJ=RT7NmeaDVj_0g_OBUsQTf!!p$FHXpg^~4rJwqYSJcdppv%|qyar5H;dVQ zAT)9oqzo$xT{NyKl)uTJG|x1fa|ecFf|iafWBcYKS|W~X&7c>#-ah-qP8m>hIsW21G}m<2!z+Q?!9V@cU4ji@XDUtMR$oc&pKNjx4kG{G?9+z*-)>@ zigWtBV*@gt(z|Zq))Tsnq}bvp-_F>gxYB}d)po((UpL~N(m4YuJd^`U@8jkJ3XQ~K z1U6V(zqYADR02{ib;)whA%3k&^nl70qbw~o&4Fi=r{?e5X@>QPx zfh(hL^fY}o@_Ucc?mlUj9 z7C$d7O<*8gkA?23qo9KxDWljOn$Tdz?EePd`zcKVN*Ez<|8JRr7lKAsmUg+0HVP*& zeah_um(_V0&4<{nw2DV1Ma;(m-)E2jO`Qv>DP2q{(fP_wfNdn3n}om;qwd=L0?!wC zg3$kxbN~2_*|;Bqb*M+!5JiV%qLYOdT^!jYOfs&2o{RPQo_?96|Mq?N#8gPUx%hdZ zGhDxb5CzpOZNVV_$3-){| zs{|{mzFz)tn}X)L72^YJ!i@0B{hA1MPc4pwV0O3rX(E=oZn&is`$m!Sg7#CA(MU00%B z4OhO9_Uif~?}UB@E^sZ3vI1p&)ia~7cuss)jDTbTMku*_alJI4Md-vq+e=sy2#Q`a zX^zP5YVAbO)HS-qeIn)`X=&dR1X*RMXI2iuUZ9_@gqIa&)Zw!AWjNO_NtoyD*PT^V zb73%iRDFi*tn2{;JP|mSQE1&BAFQ7ffx4_E9@OhTCU-puvUS4X?(B-!KjR3Y`?5d9 z6_k;Ej~f4*R@>xX6VB)f?OUKa&c2vm!T|fY5RordGn>Ks``y{+kS!S*m>E@(PYtEB42m;2wv9Swnb+sy__`+fe$Z~V!S?> z3K)jgVpQIwu?U4_P%v7qTsURt-^TBog$|~J~)xsKW z;fiFM#?7UE66|rc$f%?s=+22`8`-6P1UQ@nj(Mw|!!nqu*p#Z8lsPRkRa(EL-+2+> z_Cdy&X*FHJ9PKqGu&{01m*Ho{I~mlM7bU`e8T*wuK`x~RDk~g)qr`@aO9wOqiA(Z1 z*wy`8MtNt}oC9J?+zXXjAl3Pcoiw9FIHy+hQy$0M6T0ln(ebehNUL=YH2I+H)oBI6 zfBZf6G(XVETOIB=6APutEG8Fmv10|!xl%Zh>zp5JsO&S$1&*rWqV2@djf(vRq%M1& z&Ojup>q-VDYUjI~1zWhCh;q;?*Kx+6QBjl8fVhAW4|Lf#xW1MJ-*o@$=&4z=iF~4T6nI#nS80Fd*a6WpXmfMrEAV5} z>b*FLRd2}gYUA~wf9Nzy=9QC2tzMe? z!_6;nFAs*U#4Mr92WO;nZ0P$^X*3)iIjC_JYuJ4yQ+gi?EL~-{_eCpO$mS>{Op?UU z=tcSg-&9B6w0SKFQ!a7oI@teB{Ki)CY7&p5HV1W-p0h(IEn6OM7; z(PXJ*3qhHn@q@_ZNq*pAJy9OR~+a&I8T|iXB5CnLiJ>rEJr6UKp|vDpBce6AteFb zj&qAFhSGJ9C8#Ead((eg8c%GDIDOCDYN@oIWa&In>rlytSV0)saRUb$X*!NdhG#?4 z{(KO7mtXPS20+%OLs76DQQj{ETpm@s6SD_Do&pnGY+P=WRICCWxsF#{=2lh|rBTh(Z9W8(M42o4EmHDK*Wf;2t#W25_ zsr?jU3IU{j!O-IjP3btGZ&O3cF9nU?nH$e3KEgY`_3D;O>eXp1;Sb*D?i08mCo!6U zj}D^+$}PSi6!F#oOV7A4?UdTR6v8){0XR{nE}K{oo{{)2?}NuT3ddcQ+7*8EY!gW6 zxgreIT3Qv+HC-k|;IP!&`$r5=o#t9meV%2!D7G=9>tI`Sm$7QavsdZqH!Nk)#LS#^ z04#v}Kh`Z+iAk@t${JdjK{H*Kzvxim1+#-SQ)RVq(eE_zgI9HM^v)%HmBabAieCGL z@*m#8S*EhEpQcoUH4C#EA)E+3gVfD{k<)$LT$to~C9|7P7EO#bcDiu552OCCX}HI* z`tXUIw@GHcti037Y7U#!?ebU~1U^GowSe-OwCy?HIEo9$w9PG2#-HXfJb5j~e@cEA z!D#QCeH-P$!{uG?GrT7m_DSPo~19d!0ni~ zMS@*;_rxy(9bElKToG0O7|b1GO6W8ZsFNZJ3ycHN|rQ@)> z>_hde)|k}w%F5c~A5l3|{)9_CT1l&k{Vu+fT!wpgJJOjL`e-!6&rMcdUHFO_dwGwI z*e3ieqs~MEjA*+kH@*GL;=TGzjmf|O0v zLRj#ygky2ZdTX?0LA=8%B1EF#NqR?JQY zGJpS|Ti_uMGpSEApq~7T%;)xX=Ii%Weuzt0xBnbe!mpH1ie8ODug|`NS>`{R7ou?J zY!3W>4y%XsHiAoBR~G)Q9JhSf*iku%UZs7T#!hr(lBllm(1zG4k1MmS{C=0>R3kUG z<;o51FsMCD7e>IJ#EM5eb`c$qOniKt3@u~!!?x@C2R@$?B77v!BuiuqgMsCa=}F<@#aSF9mR~ zE|?}Zixr|`3JlQe%wg*-D;wcM<+%t6iV{-ca|FL;_u1L%@QWj0U0*c}QEScJBc0&K zYwsA;LZJ=vPal3iB>!&vub+Xsa*F3-UA=7{7&~pb1M*(uxB}K771kh_RnmEL?du!u zmysU|X#U0Dhpn=1y4)q6!Wtk~%I+ER>v4H}rBteuE%e^IrPw zo%Ys+42KYc6gwTDc@_FSTC=EWQcagSq)O4sA+p3k2KQiA5Jj-qvyUP0Lb%_HhWZ9$ z?X6Kl6Ixs9b`{YRmeZepC54#bsd{HDOK|$t<=XcZ+_l5`zXPT2%h2)QM*Vo4t9?u1 zxh&q`XEOe)po0^w&70_jQ7R>2X367Y>@PMTRNd%wg!$+}E5To9uIMOmC(ng>RBVO^ z;d1E&Za`z?DG7Yj-Eld>Zqlihk*cs(2<1V(ku&ckvkE^h|M%y?+8Fq_)5{$9AL23U5A*McOes=^Ckr7*xKhlW|@#w2eXgNxk5btE-K2iWH(7?9GN04Pbg9;I6wOxF*# zG}7zcq8k`ifPo`=TA?{j1m71P^T3q?VRISKw_x@bTdlbL6rP|#uBqw|D(?~OzMzQ7 zX{6vv%KZLmG}AfQ+*upWnG{C_q1~0gi{Fw<`7V@=Us}-Q150Y^w}546;H_0Tss^TK zxGS~>9^-(_@5NPdsxfX9;7R}HPxHlvEI~fWBAnCsn6tCro*98g8Le?PeJLb?jv@-A zLQ&|DomV>afuGzy^ zP5kaR?@)1VTxb91fYP?^T`*izQDXFT`VIZF+h~g??maRyf*m#F3hr*Ip9j$<;%9hW z+u(!2=r;fhI#xys3yH;G{ej|1IhM_RA>+;4X4~_+NGX|tNvoHkps)N8_jVpI8?!GG zGX!56-&7#h2*>4(oQ7{$pNdHlX1p4!3|w4UsAW68!ppOg#5II_C*6p$Vdhkrh1n_7 zJ1lwj1xjBZ#dp}-mb-BB%#`O#aT+%Uduu*BM(78@5F#kg8 z3VHA;4523-)1bit3UQO~jNjgUk9Az53EfHSQXJZPni+TtM~B_Sk!Zuko!Wxa4APsj zvp=`EhDbkWs6Ca-1bR@eZD_-IoG%Z12i|r8DQK?TiA+?ITEYC%P^nsud`Y2+AA15s zY~{VBm~=3Uf?Rt>oZL>@h9(12m>~%lR)!d~mYgZ-fDY2UkL;}iXMrrkRq|6gtB?68 zQIN2~=@n#sHy0?7B+Ri2o{TJ&Hn388 zN;!;`+Zi$~94#`t;_@6&m>6vcqv*{km4nJ>N?gJkSh zDtw_9&<~3Fl^S9w*A&#%7=?5lNvF3vWLb%hCrKwK)AsVQRC=8PLL&pRK;&U9AxeQI z(G=F*8U1;JI21Lb(T*HVmR4(zGLF(Fn+JMyZ;U(-`pQ5wi%~0773XP%7gB>P?sSr^j#%l=2(B!t3!gK0hZ#}8zav$pyIxC{r4GR}wWy4+!0L8R*bi2!bnq zirs1aD&oPSUFz)*r?TWe0*ye`>-_w1ntG7ZROK|Tk<0p&zwY`Sre#RCb{M74u}rB$ zw_}w|+%8=h(+e-T{O=(Dug}8uUa5b2t{Oy?UoH4rgTgNJ)Z9a@ zj9$GaBJZhnjN{7n*8}W@w-i;K#t=^tt#&J29d%Vmu6In~Nausx8tK~s*hiw0vXPDq z^?h@VzVw{_Vku+nk$GF!XHcy$e1oSM-4A3oo2>ZQ0826{=CmirkF`+O&MzdthF2Jq6O@kvym5o0sp&9Nm&7Y2>2WpLg-^hx>^fnQ#T z1G%rl*{8f#nqp8yTMwqGWgD>u1<)hoOsT(#Py6)Wn5I0fR5gyY_nAuzpv5pfmCF0U?zrN>5ub_=p4k zyOkm_she=P>t)S({+c4*@sl!^EltXKTuz2dvlp!UX0<%wk762nN6rU-NP^kwZwSULi5}Y7Eu`; z<-uA(%I!`It2=q8Skl?SbJX8sXUo46`~C7&)u0bZF7<;C5l@x^&5r&4$6L1ZBckk> zlO1CPPFY*EY_>&Pv=&4XTv(yer6wK>jLeO^{o$vtvK{XkN3#hh^$BL@yE@P>_LGEn zbtfgDlC)ET?DtL6dP)53@Q>Fv-tbCo3h1g){($3Oi98V=zOWF1T5#$hK_yZlY#t}J z)u6~R2Gtuu_dhB#odO0dyc2xfK;CUB z?5W}@xPR^L+MGxeNDsqnY?y!?+Qcg zO*|**x81x#uR363aY)jg=n+-QJprxLBTBO#(D6tYF&!_DOoaqTCUbqijQj0~1S_V# zusM3)^55eN=&ixuGMRzv4;aT{*T8M{7v z`SYK=JCn)E$T8mPK%&}j>8Xp%{0)k@x96RQ={jp+PH&Pr z9~&-Oy73LTQ=7`l+}88px9D>cloDa6U>)V)b_Cow@!{iLR`+JSnqxv2UXvbRhHhKE zKhKRZIRJVf%v$o@rn0A=ce2~?)+8h7NdAYEN=Lb*tUG~wHIZqf?rdZ?h&t=5!Fzr9jI>uQd_ zp*|%)97WARkJuxYKordTL~DXDo(883;SJ(e@huDtW>i~q=Y1FH zs$ccI-+X{xi)OjBimQBu1sW76RgSsUmLTV=qV&4{b;}~sDI9e0*6r8chT}GSh0qC@ z!Xh3GYaLTonS45g1x-pIrucr7%^f5O$%DBct~a*x-ed%u9L5CCDRBV%E@LmQ`^PAG zE77a_;Zy?oS9&okamCCVhPFtQ@P(2MGX#Syp#VxQgpuPqGy7Vw!FHiJf|RhR z9O9)g;Cf^5o$?#x%_ki=yMUhmnYI5m=$}f^`=*}`Eo^;4Z*R&D@7>iQtOzt{)F^*F zBp3Ay!z~m^zGBlCed%@XqKbToL5G=j_*vi@ewruc3&qWU_t;+52U`#zoy#picSA6A zvM+Or9wxb18%D>xJH|bEh6tU89mqiY79tKnT!kB$O&Msno z#B!&s@6F;V?x@w-67l|H@jC&fA-|MJ%@uFN+3-iF5~NWqI&cMCd5{Ll$1tfEkDw(q z3(K~M?E5fFE)1&3Q--2zno2PHpZ*`LgF)dpSFGaJ2JkVm);S;w14vF6C*ail30hl50GF1%wQ%G|1nZ!WB7Y zP83}>NKcdDAm5L;Ys_WY2k6kR)1vl8kK?nucKQrjap)Q!e z=LM7-{N?8!WXzf^d%?gC-5*~@NEE|C)JBW;_1GHlVH!6nro~IQ7Ou+inOY_(K?`fq zw)1om9qAhIvTRV!U9x5=M?1x6cyx%XYa7Xh9^$ZzfM~46*WT*Zd-=Dgl%;tb;1~yE zwDW-yHpf68h8`6Tmloo-f`t-zyM?C(q#4PX2wI z&{h0>|1u##Vvm6hXR-*w5~pKd?P;{Eh!;sxU8ts&ifa*8hZEElY8db^KBOcc3MTm( zP^+YRX_DN`f0kx-S51y-08T&N+e7FR$&b5JYPiC?Mt|Xr_s_ZFIA&*h2Bu;SW*!+g zzB6eeul@@OXKuQ?2F14VBjdnd1y02CnZtMm4J#q}`ve2+XiF>ac49X8NZVhOQ$8P93cEj+?3kcp_rGkyl42MNSOQiwjHS2yg&Ht z{$$IEqC(1(>GqZZ98<1husTD{O|a5$gP+}!{u1A$QEkVS&SS%pHF5Y?w^RcYOirk? z$&mcuRGequHMq2K`rwPp7d@aJjC8Y4m`rHF;NnaO*Bg(^To8!JRI@N> z)|RH_6&@~*wHT2clZ@B({fsCc?a-}v`(|6K+*$Je?UvQqTwl@z>drV!n0a==p1K1Y z>B))7^!B{_8>7|s)^sNW_{ff`e9r7k(=0O~8^Pt)>|p~EPRCpOG@%B4vx+?O{4hO% z&{lkia(lxlEy4F}sBKOjPn$_7Nq7cW9Zc0ow#RtmUvmo^=WB)mqLht8tKr3@kLwFk z5IQnyi_;(^vgV%!#i%7qqas6<238K{rZ&?s@MLvQ$kg}Kr$$up!ZoKYAZ|vB?WRGC zyc}NO(qF@8u~V)dyhDLN4wM?<<>y%2jSivjSILhht*{7)*U=y#rCsH9?m}KTg!1U* zGOF~^{mHsx9HzG!cA**K>d~qwB!%zi*%RehPNtk_zB@w4GkE3mp(9F$0mSL7aJgtb zxxwWj*~yr`(V;q5vb?};m3tps*HQlr*TnjOKg!dj!_OlpyGY?@TdP)j`kEMe)LswCtAtoT3jR0(GAb{6opLqW1cK#b%WMLf$Kw3Qq@`9TQwvw zdNvtW!dQOS_ux>45>&FgutG#5`=Z-h|B^2JD!VBxg`4nkCkQgzWXSA3hwqg74Wu2E zhs;VZ`V$LMm$z7#R{_2xp}kK7sno>J{<3t^*0-u|^Kh{SEt}AJI2f=%J+o|G_Y^YM ze@K?C>xXog@}Rrz&zRTKVe<6$j7_U4Zo4@tC4yvA9aqQ^910Xe4}!Ja-m)yo9(NzA zMME;G)qiEfH~5KdEg%KDiwzqD%wFm|%YFD19RU&~u``23=XSO2=J#sz-ng%$V7V-( zkgxZ8KJ~0YH*!FHt02>yb_)EO1g`nOP_=Y7f4fXwIl~(7kLLEg zxQGajDS=vRObt}d4M)QC^2iw63`U%S$Nau+lSdOYdHim9zoi8#kfm)kZR7{@@$}KQ zulfk5AIjse@2493Jp8sCiOR8gPn`GQvCToQo0UG46WgI~W+-!0-|W3(huszoiI--p z9H=e>S;+Ht&bVj|LhyNPispKs`uxc=Y+ z-=*UywNe#L1 zK54`e6;FQ5VS{&oup`+;eQ4-szkO~AjPM@Y2=7z0%GfgaW>nt|P z6-(fdxy#xM^nJTeFX?rJ+NHHcw-x>q>%WMy}`Om5(i!2!EIMah;G>HhF(m-?GYkh!IA>9~}|7pU5` zqcXV)xgeVZH*TL>e-?+*Pjz7u)TchU^FR@B3%l}E%wujSz3pxAi?Cuz&@1Ctfhv*e z>wGVi55JIh>l0#V(uV3I^k_>?>TEEQvN)CW1;Q)OHeS7s!^`ATk#B}E4K8xx({8y) z{rn>!k!Hj3uep68(Tz!g9a+4GsVm{?7}pou&MZwq--`(f0v46C4!L!{Xje~gbjWsm zrD3gqLyKiSPl&D)cGlXM(P(irwCPlrH9fkSOo;%Ep9>RHt2k`nN-%{c)tGK~I%H|A z0aT>^nCz77yeRX1&iXv)f&vn(z6FrI`x4+@hWDu|WiqFRSM0QSZSy(%a#V5_8X3B) zP110FR8u)zN1x!tP4&pvBRuUVfiJ@PoWc~DYDtgR`7GCn^CF1$2YOTyqO5b4v}7Oz%YR}* zdQF^E{w&Py%IpiOb6^eju{C2BdtN>bBfBZ__NupzrNAA)$9Ifpv&bi1-LU(E2go9! zcK;LoZ7r)H8+@bMlnXptQqzH4=r+p|a|`sV$a*h>|4@Qt#FaYlU-(O!4Gn zV~#!r-xL+P_=cKqkf+i=dXc`IDG41%fU;=@>*gO}!6NtrW_v4H!5bn2gx~GkU0)Ha zaSMw@Yt1vN`I_JG% z46e-Fi27ZhB^&=9kYuE966nNxrxP8_5K7}Y-q}alX6C8ACsqqX_Sebi+iGd8TTmF! z;X;p}EHEHC2*VxD=Qz+3QU6>shp>E8$Mbh&sxra2fEDeM_q3290e|;Dwo4Ve7xj zeT_>iXbDLGhYsxKqt+J^+$x!wO3ff+2%k_nt$zok;b$w62Qch4D1sc6>p+O$rNat* z*yM51W)PK~B1d*xCtHqhd#m?t{uZ`=UD+S#z?6}}`=zaWQ^RJMHzaIITOS=vL-rtE z;pVx7Dh{kLeHOkOksUz7DbIlV-9n-f^aR@joORj4axfhOYvfSaWgD_3(JUGQv`wz4 zqUV^1_M@7S5yoN4^t$;#vps!{g-_8a=HTlg1QbZ{@zRY0tw9*8FT* zSoLi^SAusn75Q#Ue8Wz=kTK34>`G7a5TY^m zjq!bbZ}qiCFBho5hUTWjVgK<(&9rnvTQEk`sY?$VvYWZr)`3?f(6x-?_?pn9F?sNz z*9?JLjJT{;7%7TzXmy{w!kK z$~aqaqbgSB+mx@_U}&<=1_UpIblk@~_=&DJ(c8hUe6bQdbkjZQWOE9PFrM_&Oja9$ zo~y`y6=$t5J6w>dNPoFeqmIIyp%PD@kGlTV+oLhjiXhkK)LU8$Kjct6c+cLAl4Zv7 ziw5KH7k=6}=D`2Nn3?_;#>~v}|MX=>0wzWVcDDbCF*DQCGyeZ#%pE4m*;;>CBe_7` zEC|%?!}e}&@QNMG^BrJp2Y3SX2M7nYX%Mx8gzER;2licOGB6!aW^`UZ-)U6qZpvP2 zE6c3=x-76HRp3k+VB#_5v5w9rre+3Tu=1gnQtllAmcTkV{`#ga`6*dF6)^rmAu%y9 zA)%s!VCEN=Adbn*E?~Xjcb%Fb%2PUoAMv=>)?ehzK$!W&b6}0;0QyH@a)6EuOHa1{ z6_Dp*pFbt!)r7SvbSO0lZjCig04yRZRD4oeR7^_Cr5!f+R399GT7b4M1ISki0K}sc z5UU@qc4t>~Kn>)fso1KP|n13k?;sc{g zvuS|*lD(57aK{%FB@~R(@&EMTfu2@sYh~*+GuWK@~B?#h22!(}Z8z zGCJG+K$U&Q@#u4b7q`VAfIqghw0%NKAFqj%eubZI976)}_ORDJU(!53T@Et1+xXZ@+q7yU=|ykrI@GrYTu){Q!>!fl~E}c|qW# zJs?7O(f4iCMAmrdjzH~h_21X0O^!fr9G@RPG#VQm8sAea{r!`n%474xEAZr`uQX`k z;0Nj^;7;H*Abztk{w%GgAJ?x{_Aj)iUo;`dgVRG$M_~2Lji3Nu)>Qs6>_~*QCESH_ zT3dd;JU;ZF2>CS+02=E_ZTx;%HWj&_Mw(MIDB$hCrRiT@=Xy5czpEJ|Kpb<_{Qr%7 z#jmso8>oPH2x5i){Js#M_o+*Dt#48Z!Os28LVv%SDnVd-)&0J{{BD$jeBtta|F#-{ zq_*CJYL;)bXKMZG)bt%Y)|SQxAUicTLI_fRr-@&_5*j09z>clkJ$}vu^i9n^Z&}0_ zvo<+^2lRnnccu8n|NKU=7U%a#fT*(+AEgu@WB$6a{j{h}%;Ojv9GZh!xa0X(L`7Ag zLt_^Yv$uBuc(3B;8-P52mVL$5J5dJDJm=3_|$GJ%8{whD10`277#E|I2 zW}y3pPtgS0$$3b@Q4@ZM_`y*ZOo8?aUZRM!7qgIqB8UG)&3XTe*8Jb-_kU66-2b9C z|App15e~xa=lw(xc^3b3pdrzf#@luPzVejIm5fk415ZQ(TIL7c6Dt-%wpS2G5?xdgGV45_)0EEo` zvuFerfS*OG*IPJvv{L;`zGQ-VOH-3T$IzCT@LkQ0O zyrS^c2^l)NhhD|Q&DORPw&D;j{^A43hFXfUg4X|=oxDJhyox^x$dwSX4*Z!jGz$a0 zcoSdz$iVE0XI+^PQHBt60ouIRY;+$%Jbw{-&QFG|i`#{P~KP z|A`-R6p8`ZbmtufGk|RU6$5D$`r_;Q-Y%?Nq3!4Uz(|x-Lzu&dM#Q$AH3GSRU&TeX zhIf2#!ix{z{`E&3#Pe(B7%D%-M?6@*M1ZU)d1W#SC$Y<)+=cyl=a&EWIsCZ%>3{k1 ze_MV2psU`$0B!`iSX1ZkE&gf{8Aov>aL1|_!27vE0rLc$kU#DUoB$KHT09$& z{3zy)NbOs^X~0k1hqxRg@15{PwVIVL>@q}K^V;+1tJ^kV!o7saba961n;i! z)iM+L;&jx@BW%+@sNR$G#UtQMteVWhOvtCfl3SG+t|rV*&ruy@Oqt1;lR%n7U;e&n zaoHNOi{{nOC|1BqWu-ap^FWubW83RoHSnC$M{J6pjBMuXigO95(`lWvZ}h$XE0`nDwj}MVu@ik6JyZEi;U%-I#-Ivo z_Aotz`^mON*;!B2m)|r`sGL=C+h@xRM~NOLl9w&4b&=oL;+V#_8*+(GI|=!K>XyA! zuFu9Lg{SBGo+?HoShA9SU-`7;l5w@lr9q`v18cjzFYaAai!n)xSI;@^`MNH~dKhAj zCj^qmv7lOJpB&saKQ!>QK;sx)!KHHdNs&EM69SL9Gd$vq1VO}s@W@FdS@kA=!Dfcg z=F2wK=J}Zhoo0YcN9$BycA(%U8p-HX!;x}YNUtaZdCBfK);=y*QC$n`0({u}HrpF( z+7Qshno;D!-6`AGz*AH#jy(9L*o7&aQNSR+3ce5pyKXqfn0uO0x+C zWkF&?{a~L|Tj-+w^yyeTW<9c+IIAd!4J2jdIEPkITxQZH1H8&;^P}6M!`D(D zK8Q0z4=wp((y_?*aWJj4F~V(uWu1ydE(TnJCRfFiE)~y5_?@RJZs3Gf8p~7sVPyn-0*xmo2DynagCP!8Xk)hZ%duYnS@A}#Xorz7g~lI^)KG@13m6!` zEmjTOmk$$hjYeI(%_aS?9^$vWo$F$0+`wp{bXrG=)SFu-K-FpRE5+btV_Rp2A^j+q z!(KYENh!n(wO1ikoumhyVMUtr*C?67heHfhDL}~65y9`(s_*m;yrBK+Cr+GEQ4)KZ zADgX#oqtho7dugEyP@kAcZZI4kP);tsczhC0$po_DIB+Ihos=cF&GhQm`@Mnjjmn> zC(rm8Z}c)I>lV~rl z!47?XbVNtMWN*pg4BLQOTZ!u9j(XLSjlG@6Y@NxBn*d8J3TjG^gabQ4a+w-G45ih= zrC4mwqA<1ge17Jc!mHpG;1EPcGM^e14^b&Fi%V#{dk6P<{Fa)r^I3E>N9+dfCqP+1 ze^IwWaQ?%N;4Osdsc^-Yi3&33CE|D<_?=Xqp{Mf$ne*hrqjyQxEnE+tO5JLp`j7Gf5|Q2Sh0h0AX(=E5+VrO&zdk9HXYE@e8q0G6hiE<*-(~q&!<&$y^fOxlQkrVxh(0< zKU;0XJU2yI@Jj>+ESjxTJoj5GU<&vGudTD{pnR+JSY5W5YC#t!uXQP&()}7!c$T8g z9$B$RUV->ALpCc7Hr9>DMqd7{zV{UOAAj216cMSU3X&_>N+_0EPbO?6QlaKBZznjz0B@wfqJaoi>sozWW$R`yJ_iTNMMW*vxB}WhqkmS zGeWyYYvxyBZMJOs3Di7Xf1~``J)WZu$jxI zwhj6uFdfm9>b@7nL@xolW-hfN4#8gl{5RgCcUjPq-U%IFxY(Uqzl+rvDo;CLD(gqm z)7zx(ASbG)@VE6Gu%wV}GEa;0yHz9R7`DORq_daMoL-YZ1EM`kL=S4D?1g-3%pc2u_(DV%TM*Ivv$TQ-@4F+^R98J zr_jISk+u;YAUe6>eT!|ApYzF92YjZUfF(o%M+G?EzOjE3|*P$0@wGnoqrAK{YJ==W-{SKd{ti{EtBA;LF_o-ZciU3l&i8|fL4aBy}ys1VN^!ymkJY@zB(%#lZqvoyVn7ud3QO_ z%S+`s5-G0#wS-mk(iGvy{}y#+oMDoVjbm+~U<5I{?^iE|=*+7h0%q}hC?_K2N!@GT zjrxh&x6i^t&U$~`qbunZne40{4R8=uY@BWzVN+#Yt2t!5rhC!9Wj&4)(bwHuWNUr; zR78Fzg!53bO)DNM;jq%Q^P;1f^$AOh+={S3mc!n7XM;LYuges1YYsb@{mj`2S?Gj% z`H{iWJH~_kbF6f-(+}lzLMppVmOZ;vOX}8AEM$0+nZ2i;q0XSbsWauF-T1CfQJ8F- zbKHw<)BCqrgxwXMG~*0C*K|RMu8ICosR-G^s1ef(YK~YwMyacW&ui!Hv6T!U(fVUV5ZLEWCCGi5)76X!AoRmLVv8r44vTKdp6XWO!wZ1LgxreB$-L>!K=)cS5?)>S8Or2MCc!l-Y* zJN(V-j{P~igI%|=r^S54qsai8{~=ml%wxN-eR&@bQLg*IH>*FZP<}FYAH)v z7CcSEdBGc<=vgazVbc8*k%Rx(x+T$GRyb&!%8$$uS=Uz)@qOcJs#;xjNdrc&(02-> zq18H*@7ifksG$%1ZL97C$c6Px^0VML{)nJCrP?!%Bq^QVwYkBa)wHIh(J`3-!{cZy zYFbS6YLtFiW#wbG>CAD3)11J@J!Be%kQ$k7IGxH56voO%Sj2i-FW*QE0JFkz`za+i zRLeO(hjOO~-cjyzGK#ZtjTt$V2qh^Q>MrG5p-4#4)J!;{v%JmV^y7onwL7%l6jM*#VjPc>*HDw!^u0Z>o z(9@;IlEFW06k_B6#Oyk+xUl9`f^+%|<+K1?G>*qxltFQH40)PNtio1hu>`%*F)mSE)a`Lo3@;rU3pA39cGp7lDVd(ILImc-rz(A*AkL6aEjvJ+^P`F}j%v;^ixF zMWHz|Yl0kZaS0WM#qIS-@|e$qBPW8tD;Ms+Yks|7&gfuKn1pe1dYdstzreVSEH>=% zlpWH_4izvG5>l*7r*vA7$5E~Enkqgr1i=H8^eZ#e#KoTIr9D8dLxb;d?MCw|?q*6} zZ13fEUU@w*B{4l+(SN>R(#Cz(n_EM{JpQnIY2+R@%2(&fwsmgd{jLW7(*-R>Z5ca! zRJV`aHEEP}d>8PJzwt!RZUtSHPM&mp)rDGZpJ~}ekc>?Nax$c%E*V_}uy<#|l;V+?_#R)#_PbqJ>o3 zq3<(iX3iby7Z#-x49lilZqkrNjHgx3!m#Ddv=?gOY8-Us*>;DxMm*6-K2V|nHyyDA zGv2&ni0j)z&t*J238l<+7t6cUBp(n`x3?imeQ1mS?YDH8#?zrLh3xl~B+3a}|I;1fBUzTw= z%+*JGc6$l6f$E(DD2~67+=+3OWd5)$L3i1Yk&Sh0xlCJ>+qj^`oJsAPCk~I@+kxW? z?s;_k*!5EsV`XhNK2Vy47ka`o^R8Iu_8_f=2HYn&F`_4AzH;SK<%%fp&wlk)pm%{O zmXvhQ3F?<%LF>^Sg^?xp6*deD&9#vvpnf9M_pTAWuXY8R?Qk-jO>WL5qIkJ`wheu0 zU1dalZ#T~=h{I~B!fDP(d%`brX{gMvIL`LeZ(VhexKri9(QKY-|?zMWlT=OLAB4z|wS?%z*(5 z3#^zxgAO-~9bIx@ads%Ff?9+O)o7}xeK-BG-9m;+#1fSfN4Auo3*Pv)v|Hw^TXIcT z_*ycbd*c$(Y5iRAK_KBA)OmGL-5%_k9YD^k)w+b8uVDM3X}qAJFTeCMc$GYf5*KU9 zJ-$B@+o1bxZAn6}Hdn33R0}W17Vf8*W>MdQWo@+&2E}->t)E~{L{*1Ra=y0-YV@03 z&xW>k(yaBBCqju{mKPo{NNY?FGXV$PD;BGg%qP?XP_8ALre5_EnCHm2U!g8%+B0gU zZ5PZFwP}An3;4N&y!vzE-L+-Bkf4on6LG0(-cFdK$KpHK@VPc^n%CZo%f?!`+Hdz^ z>d<*YV=Y95k&;dA+ENpK%5qkL45rkOzlf*lCH;)~v~~cwMAUg34k(d7Xe`4Sy-|-; z)Wdt@FEG1QpcL~ufbcw4vY>QF-YV!|kJq-Rw%)jxX1YUQlR;zb9c-4mLqEmal6`iF4YggUw6wkSL5x2=8a zogX4KzCwE&QX@5tu(%tyyT!OFc>UN#cyiAK+p+e2d{9#&Y!W#oHfSRgACzjHpikH# z&7+hV8|4r8>XY*i(;n*$oh?tg?A8Iy!VL{p^DeEsu%TatEZx&-`Y;9$jA8`e2in-B zmHXMhQCXJw^%Q{o;blSD>8?d2UcV4TP6@ub`}pwiIpd^<6RIGQY~Cj#<9(hOJmVTZ zaxSkDdMZWs5{zfAJ*eLc38gGVV>`$++ zMTZ=IkiSoO7c|$hNH+FUgGP!MaPkVeP&XR?dhziL{a(zVI4bI-Z>B1iQzQw25T^9j zruGm^5AZeudsq7=kX4AnxoHkh+Dd=T`sH#+{UEPadVMc{-Yz;^B?fr43ltpo^Vb|t zu*048q0wFIU;t9k4|NMP!jx0$lrZq@2dqX@=kzRSO5F)5tQ6Ynp2_4}+9xu8U~L7^ z+)hr8n2=R@eI6dr_#$Fl^y}*(lRRay(cxzKc>W;K zRiJ}$Y;HJXm(9(qNCcmcU#udH*(3?k>za)|jWZURGN9`LbvNI8XHRat+-WeVD6tYT zs2S#p>SI;5%O!wn;R@v|&GOI9Kbmyn??unT3ga~&VIGS%;AWl1Rt~tVtTy&-7>_7+ z9w-{By5=ZRCIG!tPxqYe+sQe}qSRn6zSIAqQNox~8_;@AV{IX1tx8Ut=hK%47}FN$ zg^?2KSmDQH#*xXp!@AD-mWD<5QZA2B< z;>`-b?H~#^k2&u+6qNs!5VuXl3@gZuxhrwc#k!(*M7>D8WDpHLm{IX&EFK5oV zOch&U563WnU5+xlu+YzPDE7R&iG_&~>l3%BM1>omoT* zmyYGX&GJL%;Nf^!b`-sr_51WmZCQsjZc9~QCCDSJGCNsK1Q|CR?fSfaUTb*XyTjaH9I+Cq zy#0{j5?q0q6!hb%Ii9c!Vt?=sfcym`A7C zml6(2aLsdgqDXPBFtuojlWN8zq@x6ONk8agy;<*due`(=N3`zJYZf}WblqD=+7<1C(tPE6eI)M~N5JM=QpB50qQzEn5an4c_ThBM#$d>Raw8}T$sV{4L zD>i!`cyE#+3CoOSi(qjpn~4aGqG+7}=MRYBCIGQ(?znlAQii%|ABiz>guEXbTeJ`P zM330nDm|7fK!?&8Rdq@o-9M=T2p(=qw9TMZ=v`(k^$AJW>`DBg z|1iLs&ZJQE=qu{bXZS(}et+G$ZD_w^F0Azu{E1r#JF1gx5j)w3TpNaq&@DF35=-y{ zi3=jVmD+{MtVp{7QWnXFw8!%e{ZG|k;R*SM-P4XM1;^}!th(b=XKw{R{G+mDi72b*Y%nSd!v3^19`>G19V?8!zl&J+YjMsy70@_rSu#Wd&SFw z9m-|l;NP)plEe^{NATHt)yQSPuZ@dJJokZThI{h=5Uw@>r5WavIs>GA_ojqTX0(Ip ziT)Lk#4KoPabi!cB*vVU)-6IRdS1*Vt>$m9${gv8pI|=3FdMHXiBzj(0+n739_&hpdR<>hr4W7IrRuLYH;H>ot8&TrXF?@AkC1 zlB}E($Gjq|K!C>I;QdhSVdeYKB%LyC6dLq}OaCD)Lb4aGpeL6Jbxr@?0iM;X@t!*W z=i}t+P}`V-z>HTWNtt69?e^~ZukP|>1s`Vt^95BdxxmcfB+H8J53-+HON{Crjc^}P zJI?T;kfWzNX-kZ(+zAGc6!WWt2G%Xg_oK@N;7+_YwY>KzG6~0MUi1-}2y_In`q9BG zax){jN-_dmL$hj=a5@?l6g1)yZ6yYn5}JalK6)3|`3_0h}%( zDv!X26hOoN@%~Zqj~UnA9)!h`EqUGQ512qgldic-N~*?|27x8^UXP;FdvNW0ge97> zB^=F(&aJXRmg>W|b5o zVWZO;^d)A)9f^#SVOf+WMU?#fz{8X?1k~$U!25=-t$dj*cJl~7hWiVl7WQ<<_p2XZ zi-2;>&Xfx=go8=Cs)WkZ}pAjh0|LRaefcwzR3dK6wlL{svOdfI-%SF zKTiX=gz~cLrxWUhu_C5ik>EE>u?Nji*M|J!ouzG833(sgqA(L3xr(IdP(e8gk2 z*)Hs8p~Uq;yP|q78mz26mOg*THx3~Dz42KCGaub!?ErPGU-#_m)usox7R^|>h=KrJ zi?AWLwcgGCPchqrWsa{#4^RD=-)>UVn{_#m9g3MSQjHHpAh8Oq{L+fCKHBn|U3ux5 zSNW+Hag}CCkNe}7SE@}>)ss_&NW^uBw3JhxNgcH>*&T`VYr>`T%S$S)MbM6eGQBkG zu%%yzRhbFQNQeN{R$dihr@LH9IB&xZT*1DTc#YCzc1bA%hkyl*6?&fkPOQIF5jZpsHyQXxUu}6P$k0p5vv?)V28&1y<)9H)OsjkP)3y@Y&;6N1 z5J9sV<*;Rlt{HmGRN#!26G>qttGruKX!9y3xi+N%*VhbBbZdHNB7=M~(}!+9jVk07 zw*>pvR@+*Im&he#`{+ha8uaSDU><5YGRv0{(6@GvJHaDu@7}z)8!PCFM_t6iHeByE zZ|8mAey^&Tr`VTPld>9zZ`5(>-Ber`z~dt>bB`{X*E6ECohnNURcZ__6wr>=C0va@ zQpnO9eF;$0hY~+_OI+DvA(NKz#F#bbHO&sIps42+LOZgPcJ{e=t9Ruu=W;CRaa5@< zzXm_^Hj(k|D<6%YcX+~jV%j)wD(5W@9;rXA`V%@Q$!G1;u%?VW$uQUEmD_-Y(E#TnW}pzvexK<`(G;V_MDvjc_tSAn0O@RV?G{zt zfZy7@TV?e1@fX2k;q$U~Y-z&JeFh6e2$CGl_jtS{x6#BBKLxF}Wm{c2ujy9;F=voz zcjgTH1U+FEYkA7+cZ@cxs|=DFnuol~Y0kZsl}LY1v1MKqdXy?=5?Y=HS9p#b=;hmd zl>JaNxtYiU)pL~m`k@k>?RIiHsk(H_N}QDuepbno*l&0##~g7s)WXT=)Gh9gK})UH zB!B^$LoC+&oIRrJMeq^3uYS#jlbGSVmwl9tGvzfijesQDV0|XE{qXe{F9keMl)H&~ zdKD`&%$qDuRw-WBcbJ7Tr=!J2dfsxJhP~)~<{$PX<#@6vaonnw>QSeaszmzDxFbJ# z62>?ODr`S)vN(`8SSVr^QRU$BQsnP$yf11#r*T}q-#S?uR5QCOBxbr&IVgX%A8RqS zmvT$BkM!+*#o^CimO~;MVV!&|el#-QYCUZhKwxcW28uLC^yLZ83t89+K7J4nk(Q?% zho|#i!0Ez6qo3}@)k}A`YJLi7%!24B!o?WfKE<@y^qxR1JC6At&l=g$aETyY>R%O+ zo0_o66U5!Y>$J0$!-~aN;d+^`u9AK>0~d>ve=)11`90xBE$rkv+YQ!Sg%nOAZ$`bS z<=^$G8q@N!f4Ve6@t0~v9TXOQqS{PB0=-AF%UcY%v`2YSAv6=ULQ;tR&cektqRZ^1 zF5in6L6gl~eZq$g7HUp~h4o#0@ZWRdXYI}+dW+DhOVk1Y8{rBLVUCqAR@iY{IMb~eoRH8SSupt7J;R; zbK!DZLab5X2h9=g`9qw?c)77<*VG5kCdZrAH*@8m8RyY1EXZDy-wqgQzk#h(LV#6O zgiFDWzYxgRS~;~;NU{>Oi~gxbHMFFjCEEr^f zZYpyVXiF{cwGd!dNhdk~BWBRSOl%fs{W^)`7nAKLo_E+&dWTD<#ls@4%~r}$v2IP9 z6zT3QHga$1cwFp$9badr)s;xRrifgWLxK8%Fw$YjY}$zGNlVPAq5D66N6WbD4l)+X z)Y>S;H{~SWW+t*mqwkf1_9qA9D|Zf_P@%U$4_(g9oo0j?TUH(z1J?^gB^c92-r8JQ z6?&gH|6ocgh>@Cr9Xu=wf~ibPk^Mkt=Fa%`4Lk05Vb>_+k~FXXtE1>_czL~w=5lM& zAzk}w7j1$?^6*;L7oT?b0`UG~{`ii<5rk9BKm&J1mc&%V2uJ*FOAB8nd81EGc##`< zp~zijwr)SCH>gvIpge7NQAWwQ)LJ3-bKeAWUUZVTdd-BU9UF6f8y+mWkEj`)#8-&c z4QhrygN(65w3k?pSJgvgGy2KKZua5l-EkZ5(`#{C8@dTR>nU6V^|9vda+!%arLM&= zhXvoDV@C`7iZ56WbOYvF#NB=7jVb2iG-AmsPzZqujCc#=i#nfK`4(a$$IbJr)XnXdl zHgViT3aGaVs`PQS&q5yP0` zs*zSJczz(qw*Tt(9+2W9;&1EfymY%L@p^(gt?BZ#xEp9<^jJ7*Y1tVIBa+wt8EolJ zc%-dD)jj*lSH^^8q@Uf-Hb&u!{*?7a=$4jpmezjjoRLE(4O8C6@!^_kf~D!>wIOb$ z);M^VKfby)%vx*}y0ji?w)1-ndl9ql#gYk!w*ApiyYP}>y~Gy`+o#ht?oX%x-?cfcrRZ`UJxs&24%Afov<44maOdg*xs z;*LbYKKuiiEMDHzi1Cb%RNG)Q+9EXMJNhRzpifj{<~Y;Vy&J|Z0mbB;;#SZh7vlDZ zhh+4ZS}a;jH#G=6j=mqb8>T}v6W~JDN#d@VHsH2;gkg%wwZ^B(ReR}<%)_0Fn7pl{QC$dV;A{P7Ft>am2J7cVV0xX2Dnq z-q4v*SV{5wT51cF_JPbZ$-=>xy~xELXn|Sm(WFb2WxY_IclHm;``VHR zkONr1(b!}h&wDc-Nh1@Zt=k~MkQZ1cEh(3#yu&&SPw-q@XiJ1aVclC#(0+VVW4kj$ z1uVS51IiauZsn-%a1`7;8R{-B(Fa9`CmTBNYEaoi&t1U|*VM2hF}mkKEA(-s-Oq4( zVc{GsHO+kGJz1B1Un0Fn<3Oo*!>B#Ki&&`?o@OvRA(@@2wG?LVjf3drnzWP9=VE6$ z>9x&lFn@=KcreMS$BI|)@>V?Z>i{w4D}O$M*eNs0b-qb&iuSI1Ee0$jzSNO5ylQeHn=e-$26{JF}@6p zp4wZ0cX`a@x%*I`#&W_aJno@DxN0uNp5{qnK9K2u;_Et5Nnsr`T1!#sRUDp`vQGk} z<27vLZ1TkIB@s06U}0$5iO8>!_)54n{)Q4kN}ILHpQzufIV71tN(Q$|2m59eFUk9B zy~Si}r-+)dd5~EG6voRHu3K5nYyW-*v?iltwY60^r25%{Tqy0q@q8%M`og}Z7)e>5 z9*v2M4{KxFMSk*6(-91A1!v|V3rC{;j^~|MvpgT+oc0m#%yn~)%va{ZsTjZ;vVBaX zQp+eC44L7dI5Y0JZKG$g6|vF~c77qEBpx(s%b5^e4;WGwqga1YLxj6xc&sVMuiro* zWANUt=cuMR-rUbG$vZnd)tkb)Zo)hMoLDlVq3D8*zVQw3x)IxObNhX`f&QhEyZv-X zZq~GFv5+{E3LajPQDtCllen7tIdYlJFiDiGY)q7ZkUs z99QG`WD`F(e8(tg!YHOlA`L%yf%G-%QR*0_&ni`pCKOL*3r8E@=qSJ4rl#4;heNIl zcsUw}NWh<(-JLYF>J~CIu2uVV4<sEFKzL=EtrO9u^R4h&F#EK}(Jt;>P zWm`X?1jS?Qy*UOwu8w3f?Y$;+xb4D;gyzRVDrVox?@y@4*6=Q8HK=SQL-@?CW~IK6 z#tevdDQtQ>XJJes*YQQoVPP7GyC`k#JX8hc;DZ(UI_O7ycv@Jd^jnZd@h!!4?3TvC z*yS8JJczYDSsisHepT{k@Swprmgv_qRle7rCPLzVVL4cE$mi85NP2E?vU_l8 zQ0cgCY~h)4ZqIFFe==Fz_VmnHePBHW0#XqU+dPQVJV^1wTcQEcQSvqo<~W0$D%@RR zV-^_iUT4do8ZbV@u6E1^B%q1Esx=NE()EX%yq1=h$eV?M8VR$mc!amT)4-4R$&7fz z{#f?Jto43ZSTwZ~%+60Rir?zpuIkn!$!ay-r)GnWp12Y}@RLQR0=45K-hv1JZQYkv zTYF8Caw#T@9cXkQyh|dC<;2VsnXk-#;3!&lnO$F+NN<0Bly*_AggYfO|FtW03ppLz z%@_7m!U{|^+04~uxIeW)ySE#W8?!D7n2fTtuurab*9L7)gP%DsB#mnYgx zT3{Bb_t?B~LbX>0Q)4Xx3ZKXa=c5R(z9aITJhw^W|7l<3J4sYon2<=k!;U|Qp?m`C z8LYDD@Pk3^xbeN;6kP6i*VRNY>ag6`kG(tQqf%jO2M+h$eAO05mYd_kwRx%_2BC>L ziwWTwkegccn?-<-_R6KLND$xp-9#|{i8wiAv|n*WG*LRQp-2ZM860sX?)Ze+QcT$MUV3IHX=j|O(Zv0%!GvLB zYVlU-+gq@eQ|CLKn5oR2G7_!U!St?vvVPhVQ|HPJefda8yHNn|&gG!unq15!7{LTsr^S#ou^<2(M`L*X5(h>e_Ra2vLZTD}R}CAFmW(PxwznyA-(_8KvE~C>LW!=Vaf-D7 z+Uq3QkmiED0|SYt2LJ~l&SY3YN-%TE>+Kn3dN+QgogT`Pl|u)@?+g`APE@~e569Y~ zR%E*f!Oiua3nBi7VDzptZ5CybpRuhXO@}(40{5 z?h-sye7vPCRd~R4tXpr?*2>;~*mO6$yuH;#gnOb}?h-Bb^XjuEzhy z`RIqbz>ni(q_m?OJ7fvG_E3Q-7~7?7lTAoBvL2iL?4g)^N@v$c1iW<``W|G3*wGGf z!M2x+T6!dKjVfsXxV{oIDn(msbk*VE*WVTPR#8J5rDzKI)>ln>O>L?H9;7> ziXp{paG(Ps{1huFwHDU6*ELup5%Pc#uiBOj*FKNW-$a~Zlp?Sa5omfVP1fqLSk%wB z%=RAp7r&j(v{SHFATG`%$JB1?|0ZvfpdU#>l*+ErkU7 zdh1^qqP*`vdf7kvRN!I73vHVO1O9GfEPAE2S4J7XnZnzkxHe^~sB9+noh1yYJt*UE zRk$jN+SemKOTABu&?LLF1D5^)4^0~%@9irb8dqdAXMTd({`zssXp%V3yY1eq^}QJ5 z%2u!ultLJT@yE1K!FGM-O4=0x6>_T>hg%Ydt`djH<4#J}0Yf>gv>1fFh^D&5V%z{M zlA74roYIk7U{@`k(@s^hL;kSM;E9>14eywoXn2ZihVdh1aB0Dv8Y~n1_B0K)d6OdcN_U0&aG*y*FX=#5oJV=yXy@Wnn=+?I$)(NDB(o={MP ztRynqJD@KXcO+!KVJ_-FZY%w63R*{*b#>&WBC>9%EhIsd6 z-Y{pi>q9Po7S8OMQYKL5Pxj?l-_zm~AF{~uS(@@X7`4{*0U1F}?S9lecBLwM89@ym zG{HBuwYQ@su#euw9Bvt^L=#fX%ukfy^|bGGA6aH zZmAsdS($9St`PQoPk-;G@l`8D3U-g~a1e_vt@O27bs8dps`nJ&Yepf=b#f-J*u!zm z59=thMGbjF^T*b+NXYz1@J2;ZsG7c~1YmKULLgXCvNBm6nvc>HW!8KIJuv*|(o z)rH>p2Cs{3Uj0?-qzPvS0W6^jOwc*kRB^W3=}z3|vbVf$B?D-I$8I!+Wwbx*eG|^$ z6o}>5NN#wnE!&S9_`rD{27L;i>jGvQd0#kMU6jAhz|Lapcg!3mYJ5H3@q5(w#uMoI za{K`$vz`+mh0n8=@olsyrGoO9LwAch2JbrceS9o~?dP>_pE&D?YP415>4vkxww_f6 ze=E3ezz-nuwMg>BaP*?N2?b^&D+Mh~$rgR+hd8!fTMq$pqD1r?<1Gb>9)OH&O-8%> z6a!~R4WS{w%Tq0Tf`#(o^m4qb%UhK;L0E$?ZG_Yx%L^IdR2u#0B|^S`M#8KU^~VgY zn!!|9JGY+Se_u0*%h|a%j&#pIjj#*0LxY*89(&L(6>Q^-NW9|xl<&&*iftRv5KEGBiYHti{UH3tlu zv58&qXkcI}nfw~UmE&mXwA)=is)~do2%n$8(!sx3d2eaHI+Y}$(l4TAda6BVM6tQy zKSEoWdqn}4zO`}pl;-qGlSg>`% z8mv&nQ_C@hC0}*n)OQcfX*>M86D$=K?n1CJmoiR1W1s4~3uVzdVA)I&)_zVulhPG) zPdpQ0XPhclB(@ajAXKWW_-GjXP1%Wvs&qIaNYnc(Q3IYZ@(3U4^}pAfaJIj8PT*23Hs)k>vYdlN8*SrR7gPfqN?olbtbkwJDre zFwSp>;$EH|zry~=H~9asbxymYC;$%Kwr$(CZQHhSwr$(CZQHhO+nSq6=52nWO`CM} zm%dYWlzL{{Eq2jenuR#IfAU|m-4^st1KKSSDWsC35&LeyLJp$7b9;zkth{J=%L}Iu z0tA!S5Wwqj-J?~x8hjiuMux4uO@%hXmDLdYG5pGnbZRk*ibCUaCxeV-|UbkhEqI*$XD#2C?~E4=9&4O&ZjnEv ztiKmSlPg2MG+;KuyPOD#J2j}ra1YOreAGs>7s~#vdib{(h^hSkwa^z6#S;ngfC#S` zMiP4in+3_EPcQ}_GkK#Tv$Fz1`305Pdy)Q06m26ZeyucrSbuMI&9fxdyQ*OhlLblv zXUqf-a-VRc?Fw)FJZey!zrgkdW>F1iCzr4$(nj&}AW`EpmNs&oO724x0*f7Sa8NCM z5YQCR;zw3a2JIYwAMy482P*DP)))_{z9z`x1AHmP^R_9}YTgiCHNfbzquE~LphoM0 z_JJ7tY4CSuoo00S?4zRVsF;9Ds;`qqd`9$-F-3r9eXWCLU$Jy|BV1+`2zrbGUqU1+O zbpkh6?TBXlKDT>^V5vg4|9e;W?bL%o-Dn*^fb%dHbm{F=(hbA_rQKK@}!Cqo}i?ksRDkOGpN2(jye>Yaa3;zLWY~r}zBZ)yI#un=8L_>gJ zWvX!}aUjK@#Sw_!+?KX};Kg!vmI?_Yx$1D6aL^B=bQghC`EXenS-ag%lj^Fy7dLS=Gt*Om^N&z7^_#M5 zO7z#rgK`vUj-;a7|Y(=2V?!(%RKi_w*47GxL1`t7}>J z!J{689`N^?jV{4cpb@H|6c_djesvzL5ELISy@5Kl1&=%BU_zulVykzzQT?Ag(8f2K zkb6@hlO~es9)=5Fs<9?7nL*{iH^rbt3nxqO*A%n=UgF%B&_& ztd+=4SNi6yo!KIA+OYj)mfd5xS=`eN2Xk{DV->*+X1J|2wGh5Hs80hti0Jk_S5UDV z%tK#FXY#L)JB1Fh0z?eJe>(iLZbXF|lBE++*zY&^t*J$3xPirBF9{L~o*{`1o9;Hs z&mcHbYEiN8kLDEIMlJ7OR5JcNS}uO)+!8iRxZNQN?8g}*xUR+VxxGyqk96I_Xc|fi z9oZR4tX8-4+Pk(LDkc@q{Z^+(V*x)bYDWiOo$-XzJG+>)w}I~q5(qA%opS^M=~ z%9Q|&TdO3Jag#Y$UTd;HvFKTb^VfA;XZwQeb{`5i;@)$~m!PqVOe(Jz2uT_GLqAv7 zR{iW7B2={`cd|y&NW53BNHMo&W%t47OoiRtHamAc%h4;P78VS!4`i?1*$#fU`u+D! z#Ml2F2l<7gV6TM(H>27XenN5I{-e>zPxzNt0x_DgtO?kKQIrg}#z%6pFJlL{K!^J0 zQvDjYnbdxevfgPZKdY0njh8Son*i7~2f^rFuy%x+P23Wc!bvzqhFD~osuS5tA%aQP*{SORwMa_?; z@d>L!qnw1O>~urm&yg!njh1UV+-1#9-Hm9~dUkm_Z|=}^+r&qvMnlgd!~5r|n(@%K z%1Md6@;NNY1PpwzbQ}5(2)|IX_oiJt3F1!sM<|OVo-j-TUyh2Rx*6g7gKON@2xMB7 z#WSa$WSXQkcoX_FoFJ!=x*1k-FYuV+CzrfaPI}FV;i2l%&P!?}Ef>?@i=TI-vphr< zIoJh4z{Z>RfSKckoTx4NHE&NH zzA1k4kA}=?1yDGw-b4W=#1HHPHf1bVyHvj(YY2Ew4N67JtJndHfF1P+`3Ug@tDYS1 zOd@5W8I@6I`t^DSb%qCqhpXXDSpeng)f#M70FV|Tc7~Y}(J|z4dt$$aagL{DzKmzu zT5vWn^$#X-(nIR&)$rzk;vX)WRJw4AcHgxVGJ}^pdz{5z5dh$($-q4Q>SVJAaeyTI zBeY2b^#RDQ)VrF^7N$FcC8{C1^{)_|$3Th$hGx}KDUNZ7SikRJtr(+u=e8anc}CDE zTn#AXSES4MftUP%bAHF~HY*=i`yC;0{Gx^GN3++eE>1mz z4j+VjPz)oTEq8$eVO?H_&pCz5uZA04;O`+=a&+sF3A_soV9|ZsXGARYJ=nbFY)T}< zXxf9X#31$c*EK~C|5^GKjz>Mi_PN%3EMQ>DMj^+Nm`O6@U$76u51XW(nQ61rDqZ$C z!?*koGC=yWBtSG!%?hDbofrKw>(;5iZ5Rl>Q7I7_F2u$wwcXjQ zJFES7=X(yWX_S@B&3vFtDem0Iq8D!zq}vg})0Z6+D$POyFI1NQ!C{#8xv;mpQ#sB24}jcE8%`TKP<51}?bApb(3U_jZ1B zNX!V0R%HCCBI+WU+29Q{JQNC<*Ac~j(}nVe-N;`kX(_Hi?i!k%4a?O{WTN&VR2C9ASBq> z+84Z$yOBVb-tag@09%t-bghgk)*N4b-w9FFzkUD>VL2v+ z7A`8B6$jy%C#oiD`=z3;&GLN+$&XL^{noza80nSk9xoks>V#`_=eHclGX!lBta>rv zNNFJ={yJ~zB*Q4Kx(ns6-sO&4v1Z^Ji+f)NwK7{Q_ESCe1#3dm0(EzVw=iUbB_!z? zi&ZrS6foWg0kA&NlCj<+wSOFQ0LvhUS&}0N(#n0nj7PCjbO!a_%|I#PhCr^E_Fz}> zeCVt$=wlmNtwu6?I}hl3OiquO#;bn4()U=NGfvD<-MNCixP#TP2D?LktdH4GpSP1e z%3!n7f$~5c{8iSngPipqim?&Ua*U_#+;z>?O3(jnP;$~{$G0NmUeUtb75 zkWytYLeiZ9w-2DsKN;p6O>w)kR)(hY0bDUi!fXXRm>%YG6{T-!!Kzz}U3tngfGM z7KVm{>--nyk&~EJe>2*eMgG$Q!E@rBvzifCnkNSxK(ut?058uG){&p$%^>W1Jh!;C zWaKd@_Nk#L8a`d$Ds~asae!^qmcF&FNhGl~09-($zc`*dniQA3*CTV`eH#u00`%|u zO$l{@K2?sgn#VG56sqi4Mnu>tzpP%bPL8*BH%X0(4OsE!X-U#Ft(!~40a(cf5H5@u zFCQUfC1B&TPIF*N3>a``3Hl1h1x09wefp?~ni(aFOTq(4$ zy8g%*icG0z)d=;%qX{k)I)v-O zF!Uoy+>2SPFIazw`IDWW4ztnrH1mFc9Dt-B4-?S{Yit%%cM|UJZ>)fD4z=jcE`b{w zYyZMP(+EpKIPXg3dgD=gkAk`zgY1re8R*f-^5+GP3nq^UUGvujkAmB*+y9?N(bL=V zj#)-koV~_JGnv>t?U^AC*w4i21}}8+0z+hwif0!>ttV7qv7;ea4*apBnm3wUs@$l9 zEm`oU^VP}98I&Wn)##v7YM=T`6;#ApdEOY{JWan&XcSImM(nQ|0rR%^MZg4V&zTmU zm8kY}8sDq#K34OO$~NeiLv$dWH&CO+m~86AEJhV^XRiqty%aDi0%f2Iq|2RQwrE44 z_euSU>7rEha%Ib`TJX0o8!01FofeBdFwWCjkEVStB#+i~LXH#v!*Y)*(^ny^8Yzqb z#RyRB(3h{VDiGX;8asCsT{&hg!^y8wFFS996*8c7u2t2&=)XK zXE;<(fp|%_z^!42J#1A-_0gJ_Z0(Vvb!-upENJ=Hd$d}b*#*IDJqf#@@9hM3yols* z>knuUpGWTG5%-U-a%_Lu5Ktv19;%V##-8obM*>g#!*o&Nj$6#>nZcthNS?gEeW~mU z@*_vaJI5hYzknm0+^O+xHT}MQ02%4<+rW>xW5T(%_VBTsj#hM8!-*c#_2)$TAjSHl z95-RrfuF0*L&C2XU*B&z*%5mSX|SU`k+(jP6HY4MD$S32#KK96b+Of;vwJcFJl%7K zT|FV&7L|%lPymqr0V9?Dd(gI0{RB&hm{2IGcG3W_T}>X8Qoch_`9c!DK)oaY|3lT( zXz6Z+4 zPtq0E3VF673-ldRMx748h7@p#!&ye|3wq=eae5YCA`ep5-FcVWUyJdrBR4aeoQbqR z+%>C9Qb)IHOWj8VfR5%a&_nXEsEH(HhwVApPiifCRf0*wFr3FeTMp#`MtGJ9nfAnz z-Bn99V}a!o^C+uM_X?bObvzSkFm<((p3f1T*pH|i7}RdN>df=?gtQ46DM<4x$lFk} zXGv01A%5*y9oNW*?oOgo z7MVcK2)JF@N7hTxN5OoTvn`0dW?}cxx@NyrzAgKHpGdD5a7$ErT<5MsqhO_W0jb9^ zsR+b}c)a#<(8lxm5f_+I22{GwkM+KFZO>B)ejVR@uueo$8>y^!bqh6caI0pDB3%ji z-v}ii@#1);&Cw9M66#F`vBiS#T~14S5&Wk)`5AbZZVaZ3`7VGkf|OzmMdqtG!8b*Q zei8+UJG!{BZmf4-Jxm(Z=0faRXbs0W^sOk!Y<^wCi{zMoxW|6g<~UBbYM+9Jiz*wI z8DZggj+ks7IS$naGT*H7SxR?={=pm>03oHx7Tv;Jz|#eJh(++wK$i^`P3gGQ?8ZKA zuGkd)Vd>C^+D;N%Pw`cc>;4cwXRM}*y)%=`9Gx#vtv&m9v8LymwUy7@yTQ<8c|gZ{ zNd7Q;Ord^l^h?I5;-TlWLZ<_owY-7Qm;%@#hN|JI*09cIi5zDp&@}>{jbwk3eR54p z&0)|3Y^=x3pM@@a1~BJq2n`wemjY2(%PzzVU3;_kPyijEHe|f*V!_+~wj`FsUaQxiEYixbigGBizoZg ziV7I*?}*(*aoqkNc-@ zF4TiuBt)6m7&y@nzEhYilC_v}Xs2!nvsg~7U7Jc)#~r)K5FFw27Y9`HUSC7Ti0Jr8 zG6!qV@F_8GV7vV9VY48fdYq-vs!n$!Y`UOpw`@)X+a-x0fXG?4FK^!$7c`AdtNLet zZekSDImM+J#yBvooRsh1g=!Wa#@*ks&;s`&Ez)qly-4?RLpoi4L!bKeF8Zwuz89m) zcl0ofIxK<8`i>WJ_e!+Ye!tk{27L)+fJ)d}{$mmfQpy0oznu@h5LnMsvd7^20Ox3*7=;1iaDLRB{Xk~F{FqToQI^Ur?}CZ2`iBc)R~(|7p#g2879)i8 zq=Wc1_Q-*0g+4A_k&(RsCaR~SzH0r+0{mPQ{Kwye&0oupp~bZwY25Ve$G~9zg~80_l+{EE%Xa9_RR!DJ9yeY`#c)IkAt1JIzs&3IqZ7)+sf4Iocb0l{jl?F zX^}Dm2$m%Y`qRMS*Rc}a1rNchY)q+Ry~8A@lA4Tx3tfk@XD(=^7nS2LH4z0aHGZ&KW`Ho52@l;ux!5@9 z;Y6$Q4KYwviMl>ZMAhQ6s!XOgwvP+!+<&UxO4deO&YFLIZ6fkH&D*H#)1JTi+B>S2 zSXFuXwxzdGaa}5JYFsTZu#@X(D}bdiieLB~ZaCzmSPI~=(dpa5TSTME4ip{%>4!`8 zqI_!vjeZmWrx`c{ed0Iv2K%a^2IpbsuSJ zQ^r1)NZSmp-QDjIVIYEtG#U)c0e=3nm9fO$5{%jhe3{@o`t8ik_)u=RW83CbF3VZP z9^3TftUhc)8=`(`V_C6d_^A*eWM!Dd2(v*9Q*#cq^~lj`qU0LQE!0_`HD8|61<0)U zCLd7Sx0atgnby_yUtv~l8J4eE5S@9+TWMV;%B84%g9Pync_gUbpL{Kgd`uLjx#7KC zqJqihRNRKKk)*CSKr|9ZL)KS~{@J4N_&qPw>y|0DPLyjB6f6n_s3vOnTT>G6vXu2} z{Z5C4#)#|a`=i$Dbg7WkN#b8w@T3g!9R-mVfbYwauv*`PGz7in+7%lhiR-qVZd~KD z$@p6#kgsRXQrfN!E(ORxi4|dosSw>;hPGp)*$7g0YOxIPPmJb$wBC_{R6J?x_8nf< z{2bbb#kYvtxN?w6PwOiiPAZZAh9;eTiKJhMrexcaM}0Gp?_7qsg}B z2{q4`YrGe=8UKS@Ln{;k2nzOX&RZ$D@t651GiLL;4%t|=*@L>AcQ}Q3I>%uBcw7%m z3$M$^t>K;rksYqDePS1;fp~DfV8L(8yIV5tCye9yO^+^-AY^&Xmi1v3sZ*`-CnoX& z%OS0R#s~pLR|tO-{Z-CU|AW0TGn^#6Z{+ue6P>?mUt-3D4Qj~V{RS)>j%j{8jJ9%b(Z?ZwYn`Xg&#JrAfSVsxB$0X-*a!7ZiHSXR= z2!vW$Ofkru+$*Yisl8szhX3wv^UG;g^TwnKb=0p|3bSq4PAQ~o^qi?8VUCi*O+X29 zz~5(xCk|%*ziERC^y2cM=-j`kD&TDgWI&B1{&00%)wnjEiQ#g-vN~^uu9x7bOyO+< zNKZ*6-v-=2aY6^rX*|*675I{M_p%Ob zI~(k}5@3K<(&Fd6Di~7~@R9(achU`Ic^Y(!T_w5QI17JukS)IRcB{nvJbrMZb{vL! z*PQ4KcIIUuNT;CcOdui2G-Wwh`3o0UAjyqNj1=6+1Qc-vu!fi^_hxbjCLf0qPo303VJvarG!(cisDV*Py*XcCkfk1y zwR+q;*_K{#Ak;!KIsV9RL;?H8tAoWNVwjEvbTrCukyZKo9Ky))zS^F*b1OVg_Y@WR z8%^s8>h0P&{gEV#|1uL51VeRcLUib@F5%XaWJi*xMUpD%uEI%zYUsnd;0+gy0|o(Y zZK131ZcUNCj{7+up`(t4F7STqGKO{h7I+d`8l}*zNtaNz3jKS5unIWHERRWlEK{1? zDM+*S7;*jN`gtDR=-um~v61|(QnCrV2Z?VFA2W3MyGEb6QQzx1}PyHs4}9XH~h@OWf*v*IsodA9lfV zj)exq;UpJqFi|!UnV4=5IVF~74a$XRl4lX`o?CQQE_i-LN8Mhj-9P=)woldl&fbd9 zgEd}4MAs^uGf!mTr(L(~BVKmDBL9eKsSSlPI0X~S^hd6dVc7tR@;tVrp5lm=L0i=bcnoghCMmVPS1X^=ZV_DRg-0ACOuV z@hq0`&QOB-)KU!)QPiFFb6L=5#$#4CP0RU2165vjBGD>l`<26a8LwU@loG$Gz#^5^ z`2UP|SX5vWQnf1W2SAXEoGbQsX6;}a0fNoh31cZ|a>vl$2n!}1B$0u5tPV>MD#4)k z=I(qr#P^g$~S3u`L56h%n#JrrVO^^SEAs_%V-cgR@zFo z+$xFQ}u=A|~mJk9BNj~C}%ZD_H>xmqUwWw6^ z*5pK0jgh^Cu^~-X8bq-;9Ct<8ZUjz#S!G$*r8*2FWy-udTHd|cqfSmf>eO)=8)$Jr z`f#-09M1PCAZN>y1xU4*fTImDeo1^o&U%?h)#ubDIU4mV@v?uHwb1}LS?m+k0?if5 zJa+p*{sEmWko*ywEfYRf62o?mPi7(U$0^I8x?~~^nZ0rq&ZG7jL6>l2hJZnbv3Av| zOj}Mcg-AFOe)094QAsCS96ZgNp0}q$!JW&a4XCt2{29X6>$`40FlmuomDOx3-RxS|9qbX2QIxV zQtghLKA=hx9#*CTQm{`7+;mn_%}|S|i}>fe*a+bmZPD%!v3oR}zA5m*L^4zYd}oe? zFaya*@nLB2*GCZDgMZ;0l2?>snQU#~V5wjGuCjzBIi^ut&fnDtGR+1gB!Bz^D$NRc zx4Je`-sIF$-Q7U+>1n`s=P2r2_cS&6t+47`zz#ZOh@wZ%YN>P$Fk*`EnBkiSroP-I z=m%_BhU|D4Nus!Z&+ij4@LlB&7oWSvF0H{0|zDG%Mf=8u>EKOAXhMp}J6G@A>9cdX+6ZSCwSTBI3^3gKDSbXmh5!GS><(C7Z(ty zUM`gL61=KWSLZ9o;3xZFc0#8KHoz4zloOIZ@g?h7p;ZsoO=InP_s9%eTyn)ecp(-a zJ({EMDJAc>s#dy>X~LNCpEc)A-jPB|;G4_Kxj~wQ;^xRcGa+Id_p-Wj<CK;Kj=TBh7Z{Wn~TXQ)wmC76ISYXPju?QF16FC*2aev^J;V0qHR> zrho7cxx75VllAg3YnH$uZiSEVVE5y+%u4)>yE0*WtehuDaB~Q9;wgMTuIZpJ#eVzq z%Bt16&ox(mIi4c#rvV}9*AxhqHtGy+17=aATMdev zejoG-PXfUYejMEtmMcZPn%*)?hxvngj#R5!5@Zw4NlXU)HUA~~c~-g0{HnBzwJbT7 z%G?`^se=_(2MNzuybs!rdPUu8nXAyq_@Ja z(dl_}-^XRk>A3O(X$5v?h{kvh(&^;C%4mSuOIl41 zmyk?DVx_^Csj*LI^Xi@_82BC9=0r!H<)Z z7NoQpDRl~U&<{d)YdaoPGanmBz(Hofrv6!2@3g5(xy|yRwxH1%5hc`il;7Fw#P@8d<&*}uB<}&7OJ@Rmq$$O zU{EK-^bnB0QagfRh~^RQGK>LhwCeG6EYZzb(<9&1W+;c2($y@I9||$&i`fA!ctf&m zcjfWsNzl?1=~9y`;6)9J4~f-nmM~Ulx90bUs<}t0cKa;KO`N>^tHgA8eT}4hlK(*h z#fF4D3SKgF&^1|=Yki{q)p{$)Kf+tBN;6hY#2;YlvlA0>{t$c*QIJ0Ge<{yIeb@-- zvCGB5Th~teO@G6FrJQTEhRy&1*Q9morU}Ug|KNgmzhQ&0)zzfwa@;PbdU?rlco)4X z-c*$E9JMd8M+it9sQ1^h12lak`+%ruL$JgPS0Ye1nG3k*V?g9yiv82A6^PJogQ>BE zD=w?rhtI)vh4=-2D(d*YwiTq`{>{%xq?41)j zYJ1M!kakeBmCY5DYBQSG7@bIAXl7vZdu`&sfi^Hwz5==!F3n#mM$3G>k^Z%6?CWq4 z=%NA7rDD-nCekVfB+0pcribED*wkplmMx}JX699dv0Gs8+c0IVZ6%~S8YkNlCxcyr z1xXmg(j9YVk$fI1<{MytJr#+DiImY90@+6n3VJzsyrM~Y(z*z<#jSei;D!6P?uER> zLRC)OJ6<+r$+whir10#!JV*}SHl`H2wj(e#SFF29F#!C1m!7uQ_vdpDEi|!e><^by zIy~btb`p5-md$mLm^c-CZ7EQl6|g7lP90p#`60#)mLK9jU^uOQE8dzsi5n#WPD|Z8 zjo*)Pk{?;-C_WAwXi(WGq+Kfv&uY&0s3M4K_U6CM6U1Hs_?~8Rzlft%KK^}Gk&$AR z^u4v#t5=s2c6m}LG{RHF8XolR+)CJO7R4mttH{VcmiYw#j-ZcXAFo= zmb@}?%#BDLLTZ#}zWJ+iR0q_TEokQ%f9fE)`;#^!Q!;So7oR*-VoJww5}$~^V@nr7 z0N6WnxG!~aH(^S1lCRZ$#d(fC!Hz~#8JBDy-;G6V8`aPcJLaPiIeO_zvw~lVH*b|t z3j@P=)w|#(V`9Py5r1e<9`vbQ8)O)6XF|F+@eBr&7b_z0kv&c35-LF86l1taH7CU$ zcZrS1)22v*M(orQF|{X~*kJ123((d{@@skJ`Z3_lQGaKmtrH{=cZob}N?O&f3b2*EWIJ%B9XixtjS>c&-+J*-RM;8)vf{--9%#DE{ zg^4Tb0`iYZzG+t=83x(4r8k^F0oNi8GNd<-tzli*hB+#ue{&g+;haY3OqACe@!9oo zqQ{v;@#}9hp`#Y@b_vYHm?zR+2^8%ZUY4+j0Pf|y6D1fWHXDDE`Ii)&{Vx39{Y9Hl z%Rivk@4fc0avq@(c!*PLLwprR@eQ7yZXu&WTl3uIb-#$lr9Z6j+EMo=XUI_Mq$=i< zR%@hq38INW_5>8=o8If8&DcWqIAd#l!LEu$6|Cf3jSv!&eGqQ1fsMek$+9GhU6A{? zB3_vl05W=4CVoHQ?(P*M*X&-*=`~DiB5Jr6K2cSX-)W;k3giuz4kzK7+tiHX9)!_T z#o5xx8(E>^HDe>ABjE;Bk>DG0_BCAPecAq1Unt8%AnxQeUm^U4a)x?daG`DS{9q#} z-*UWc|KVUJ*4#H>K~#6PUBpCjA;Fg<^k=C~KUk`V_24`An)3ZJ2L_zw#=YXPl2pCP z9`COEKHy%3rHUxERuWLcYb1>^i^bU;LDkat$Uh7*A}l0pzEB}f~(L^Dy9QUUleU@)67Uuvy4M|%JMV0oU3a!IC#yC1_DK4BU|G5 z#8zoRTHSd46uu1Dx8k>^qfdI3SG&y)vSiu$49si}PsV?D?v2%WE;us}?I(3mWZiHH zQ=eN%m8lEX=)d4V7Uu`~1zx4S91(B6n)d$E=l2p*RrHlh!497NhtJrbPC1kGqX zddRvM&6bHnt%meQbUkn{AUV99kqZbDRpdoLXQ-JgR|YKWoG|&AEmiqQXG{4fq7kJ^ z+_QBMSqDsU&t&BkRHSi0Jb17-rmYHb)|;l&WZY*OL(l2?y%lE=Vd%b0a~qq4>dk0G z&hXXg48c(bLVE6OxIrDOBPa=41UxmX7^0M8(#2ACiDI0@I-sZC_w7bt!_lxzc^Ky) zhE`VaV{A#u*csh(l_ef8a4SkyJ?#4T(qXk};oLInf{I7Ro4Ta4q`YyEs}Urt6}gDsC3XvLQvhjj^QFCvfdXG49Nu zLS09J^;{Jq8RISjyGK~F!m*GDw=jb+7M(VPQjh5LzL|>4$Py!#3^UWMOmw%Aq#*40 zN5HU`W9{1krH5{j*Ec!P*HP2+^*F%VlzZyqkAwwS+WVkmzu`Q#o44ktaae;&(V$4a zt(&>Ms{_DRb;nbfT*zJQuJIhUsKxqjYHPC7;YS~>ySGgB-{$Nw4%L#+B3(1qp_VwL z?GQqJJ;1pTw|7VpeH|+M>t;~|9X2ghbg1EY$&E?92iq`2=>8(k{oXRaM$2>10R zFnpTzn=pBYWRgI36#H+N>3*=Z;9@`%Cs_WdMq0PclyF64f3W6%B7~1ckc}vMl2L`l z=1^|hNyu0gqq`qdhI3YkDNDkyNy7r<9F@UuDz2W`P0z~0h2LS;nuWqg8@9iI_F*@D z1-)^w2bGvQ(*|XrF!K(-VIZUj&vP{49kYI0LaJhp%x%IGJ8GfM8#LS3Ng9EV`^zAK z;lQ~&)v=ZSAU4aj$2)TB8So9Er(aPxnjPhyzqI*KwIrT7FjNY@RrFsCLu6bHl>l&R z+DBHd>-d(!Qo`OpQ3pA`@LSwXuFktheSn<8vo+O||O63h_Z>TDDt~ z9hZy(HrWT;5kJj5)fMcG*A)VljC+q-^s!r^SkY#w)%4ky2t#w(1VEg+gg z1Q1ypKI@%KdbT9yD&eQ~E?ElO=dinxC(pmWSeNWJ2@OzkQa_dy@0w7O_^S<``DJ?d zu*v{k9^=);>91V#qoN<4h5m3U@yJdK7@61~5t*KZzpB?R|H zb1gj-FcVr;U^a1*}BTX_oyEz9FZv0nDei82&-&X2J995 zQk3K;95%GkHTy`nE|Il(K0n6bk;M{=At}@;?B-&3TPfrIb2DciL=%R=&SIR;@iMUZ zItU1ZOv|R?z5bWyU1_vLSt=q9%>?%v!&!^B0$7V1m{7Y*`RR-ya%9_^d<2lUMLP$kGgSuA+AQz-4LY^@sW%ma-I>cB z3FUrJL^1`v<#mn>6dU7*EsDLzKLVWNPYdKQU1>Rr&7dCj!~}{(2O9%)c;&o&wzA$r zS@QPk8@0jkJr^%c#JT02b=o#!la5vst0F0lIdg@n186YesSdnUnOnt{pSJq8yy?75 zXuo@7#s$X6Zc02$rW?p+8~dlDR2IQ0O*GODKXtCRprrv>FiG}E1 zFq(r1R3wfI1$P_ax;#KR!7WJLl#3<$)WVSf(?3bH$_JvrF8hwIDIOqETI^dF=CEHe$ z_hXNS`}mo}_W|~6vmEpj>NS`YT4(Wm$B1-OKerz$VkqXE_K1c?d`J6vx;C{1L*Mv3 zp}g7cCSR6K){Ts<6Br@U4b0$>9m3Ioa$f`O|PTBI0Cx^5V)&NdT7 zyCR~~R1xzqX6Ce{hPc6bg&`r(rm@7lV}<*}&!aHVuus<1AEgdmIpQKo7-r8Nherfa zJQQ~-s?%YZ?my2RGe$8@y6%`UJ}N-oGs3+k)&6eA)?bV2AUp(vAJxbBgN9Hmb?rGQ z+o|CGnd-|T^G*0`>~^SR66$mgVE-jaPIV4lsTb#*AOFf0py1tIIEda|Ry}#*kESvr zavSV@8W<1Os_st-Uc$}E--yn&GnUmf0>F^zD0ZgrethDR}WI1!;$9PN@xqZ#;`#=g&1#A&Oy z|B@|6vw~+_&o#9PS*FMe{OOad%RSjC#|v#q_&a9b>2Jt=kJ{<)k?=T&nKoc-z(=t% z!U{i)vGv&EEL}Pz(7^_E_19&gFfqoAh|Mz=1*z558!Seic$s$ur>I*m0}>bnkWv3e zFAax9yaS_ch@pidoYt6_WyWe=-8xpqB7OYaI@kyH6smWFXN!sQ6vG;_xLui5-z&JO z!jjg&x|H3!9+JV*T{I(Iz`9 z*<8J&-i8BoMEsrpTxoy#`3Cv*QpzNY(R6?2AP->Y6~nDX=W< z{sei6D`djhz3{yAqy_)o#f0br!#%uJ!0P5Fx4+69;PtGz4+`>f1Ia5xQ4fH;90nIZ7g=O_qyYCeR^%;va5aTqS+n=j>{;U52J zvqW^YVxF5>|6dJPZf~KLxmqM9U)Q|E06j+BTEu@=i8LGCMu6*(Pde5;%8dXRul6Wt z?i>3y^X8`rPlVJK6s)-)+s;|oIBOSDszNpwt_DG*7vSw~(*V1QJ4f--`@vEMC6;ZB z0@MdqCA@ZE67-qtFWxzhZ(L8&Iu?aHs?y+dik}@=)E4~rVNj+iN#AYe(zMMa7JF}i zp_z-lKSm7ItvL3ZH0#@yRs?iK&eCeg0GTIJInF{9%NyRbyhQ{2&I0+u$;bj4!NY-U zu0m{Tm*{_q-Zh5ZI!=2PH&cAi#0gmK1YfyN#< z<03XaJwzivQZE_zQdpb}DsQ~RSquq~|5!N-IHUtu1;N1o`XB?G#%onzG?`PUy~Roq z2DaC-8%p>0zgS_fT~M%ib%1<Q%IwXCU`UNR$SzXS{?bH`*oyuAt|z{p+O0jv9HY@z%aXGI zn>!(DMZaE*{B)+8Bd?-=!qdSAE8o9|wRrOg+8+M`by%YW#PG7maF;JDu8##Xk~1Ip zK)Fv#;pl4@`xqhhhGX63U8vQNgBVfgcKHY>^Q93*|3U45sTSag1Xr!$f`K@Iq)0gi zB5frO-N+_CP#jYf0~{d#Yw8>UXEapkS$VHgc!9-|1k9jJ)EfUA*v3>t!?VuLF$= z_}(bm5Xg4VltI8gqZzL^^OTFW2%gM#>jPzM7@TU-7U{wC5BP(p@o0BRA-?S*B$8SU z|9Z4_r6r1VbjX&Am!Rm**lb6;%$k@6fFr9wAvH-v(UEo=2#wO`MYBP!u}uG~cB!;y zO|@(DH7D#~G=lXC)Sm@$a@L>*8Y~yry@FAl%|2nV>@*pp0=~aPq~&c?lqN0B0102C z!}XtvL}3pkf3MmN_bN6~jKx!dKDSUGHdWr#D1shqf-=%*{kS24xqQYo;Y zJnsDYLnEsXDh|g0s&57cE0i~p$URJWhbx+H!}oU#b$|Sy05k&2{dUWIhju=~=4shy zd|PySfc(`4GBi;9U1@9?T_#a%n1-|llZe2fggj_sy8ZNHA?ZX?k9K7cXBV~YIgRQ& zW)H6&ZCpP9Y|>{gKq0i0lp`y?^F| z3yA&g(Le(z4jm9@qB#JJ2&5bUi1K|Z0EOqISs&|WO#vN2LqB!>uKY*We?<3{{x9Dx zOdD{W5MWlxMH&SWq7wfVbvuI5v-`G%ROk34URxmOxc~b_bH?hW1}fP}mpPaak@qnk zzjxtn8v}=ggz~6ZgT_9~CEc%jvyOS>aa0Od$w`Er9l7tbIB$Mg=m1$mSdUd*krXh+E`ogL%;wnBxa@jLrTU#xls zpn2!VDA=y#F9TLCpJgu69qj(3RNhAf>FXjGKm9xo!+{I<2Yyafw_J0M@2l@1Yx^iX|l9pud++= zzZ&B_Iy8%a4_@%zsrU?6n_yjNwy<4d1K-AQWZ`F|U0`7I3<_m#WOHbY*fNFGg%(bY( z-KzKgd5aomp6=7#Ps=&yGX-QsiYjzMruN1_aeF%#IwpEXZh$IKQ^L~;s0wtl1v=A7 zxft14ngE#T85vn&$;d>UfJQEs_I9F1ES3!Ndh*?gU_FWaNS+14sbvfKDK# zDZtnhAP00YQuTBIG65)!egj2&XBRqSBWI8rXlHI|2c!a-h}b)LI$4@qxcu_LPWQ_Z zz|7w17ZJcOCIFy^3((FP6xI2cQ(=05w2_Imy}PruCBVqe6d+A6M-Py zrl$Y!mNc>hs9FF)FC#k(dJshwR|f}sr+;N7qN1uMK?@KSl2;W20M%&$5^5@{v;cWk zknp$W7b(yOfRvr7rO_{QIWbisRV_s^CWc?t05AdEKrt6Y2o7Hz|Fwm?(R-+?&|D9Z|`JI?_fjqD}btnB`61bCu;!c-3e#|{9R&KJ5x|& zTtJEZcJQmk09i{DP%VMKlL7*NE9HdbrNqTlROvv~qWe{Fx_^34@8aR|I~Qd!AyGN8 z|E2y#(9#Cz{JUSje3^opY-!_64+{2=z!ubT5F=1fm;Yo9YK+S-!Z!bK0XPGJAV>c@ zJq9xnYiEXkEp=x2l?k1=g1jo7tdxkDyo%UwmiA769Jsie|FZpmW%z$eXJO?0o3gB; zqAbAH$kGlpbw+k3Abu`JF0Rf1;@>jR3usFGPtkz@5mzUtU#ZFcTjlhh?Ec*jVS7+I zx;EZEM(+PTxJGua&R&1@`~SAm1T^rL&MwaXcm)2d(l#IwsJE7O|NndU%ixzwAyHY- zUS(qhFoRx&z_eOn+4x zVCw3?pk`<3=n9k){g(wu1p7y34s-!90)UR7?QCMf@GI=^&G1Xi^h*q?h>y2}y#v6^ z$i^AyV`&Biy}^1r8@YkT)X5d-4uGkpi3@1!gH9FL-`=I{%Js-_`%MOau5UeM)(ICtD+%|I%4Hi(7gCO%*L&Of3HC)j#ro;tAQA+W-M{Ol}&uAp7j*k;JqyU2na!UCzs&7jo&ItNGBN){6r?x*_1FOXdkKiW z#eX0xs9F}D4i-SWzgB=`mVZG|^45PrP`WmMK@ex#KadH;@Gnm;?uLU5Ne>%kmV&h`r z1pLDQbSg8rxZD3_0P^Abrd4p=;_7?=@<^ES2K~6pXf}p6Le?d^r zUccf0-Dirw?y=wJGUK0(_pgVR-&n=P$=({MVQC6_^!saxoRN!@rH2k9=ul+>$w5E= z{-pPR0+9W=5B{=<|PUP5!xSe;??e6XM_a*DVJC z0zH5xu#0o{COpAbsm-BfzG4NFo0mv<3U9ZKiq zYn8B0XSBz+69Ck{9*J;$?tX}29)Cr?N+H%QZ(qrK>s~a&)Pm+@gW|D(gwu(;Fxd&_ z^7?=l8*S7lv`GEkFh3OItMogE-fq;r?DhlxEt~HFhhkWH6&+?hCB_f17szC1*RAQ( zq9U#v)o^_7!f4F1&2MK#INfqWqu2;|E|N%!#x}za54W#|x~;1CQIVeKhjXQ!v{C?r0GB3kAvCy5J-|Qg%YxmF~qeya!P5b(1>EEs=CP z`h3uB&N6ZW*;mDhi`{P0pMdx0wux|**QjAoFWEeEm~u0!b-LiC^9TuF55>dV(A9`K z$l-8iuC`ZxjxiW9p(*3?7>J8wDsKIcfojuy6id~57xqDE|Gh8lGOS~xNN~{ykiKre0o_@|+7`kH&Bn*Jm^vZ&Un8)ImLL3$K zw~S3BTI4(|`hwmGVF4@L>h}-jfw_A=QABDiH*=qX4lK_kIe6waXe>I}YcK|doq4n0 z=mW85Psv1@fOeL*k6~UPo%s;)dEePv>x}A-@F~*yA`n@8)5klZs`wCkMj5JY5$q8Wi$OC^Ne7tUYMql?f#*ydtlRpDx zf=ZlonU|a=+nRQMVY*-gR2VMYJD&WQ{)LV^#`$6ZZ5HN9(YI*a^W6nz@qQhCf7sBO4Dv9V0x=FGrShOC_gafoHko z3zC@3w!^t2n116`OxID`g4`%XJpjDy5`qyc289I`&Fy8#Xr6zY%j(j;@9vZ!Oub9j zg2GQaNhbeVXw$C7+fR?glTF@;@9XoWebfyf*bqU)v;Jg&N4^Oho5T#G%HZ4ILHQ)v8=ZZ1{S09Eo{PYQ(vbl4WIbbXQ;*mVB_@Xn?Ti;FR6YoCJ2|6 z7v`B9jJ)^lX*oaai6wX=QJMKWKMNb@+nQ(3Eciv#e}BaZuO9Ts?@~jO(CW&)n*`)+ z>g}C)W+}j#cgvw4T&ofm9ABYl5bv5TvB9#JXVD2~ip(r2JkkaDpH%?1vLHV{q z3+?co(vzMSVUcDedBIl!tzIS^oSzpGF6n)+_lTFZ%W;;B*-Ig7JJ>qKJj3l@ub4JI zeJwqlU^+{w!=bIm3buB2@aKxFDq&VmGb196F{jiX0I3Mx!*&i^!E<>)Y#4kYTI~hH!;@_s$=P##!iHp&>RAihEJcgd2oVS|#2iFNkB878 z?o{rp_crrAk$<2}P3MkxqrK|s{QS?oX1d$N?r(mRj+*16gh)m6x>4XiMFWIR!hbYt zI0n~!2m*|P#|qM?fHQd~V-_j+J?ib(uCiy`>a&)%^;59UZINNgJj zasyIoy>^+I+6tu=(@#e-4kywLOs$JKBP=04)|AEcrrmvZz%xUO3~txag{x*@W8J$g zES%WaZl;VE;P&;kMdKHd@_78ZqbIIHD zm%o2Wej#v!fq1$&8fW=fL(ajUh(=b*A^;Fc zDs5;-4JlY4`hiU{WY~%S317`|ViimAy#Qw=MPS#0YrHgl5RAeT_ZYlV*pdldkBea^ znu0p7#n<9+jBKNi*3=}stKa+x2YuCNlUi542;C`XCnbRK!7MII9?QlS_~z~|Qjq{X zmvr+CYHJtgv1o9MvnvZc+u}r}Wp~f>p;H>fpH_+<;VqmEd>f)iY+ z4K=Af%w;}ajp)#C9qvxc_hiU1`_n+xw7^+2v}k*I%SD1HN=}BAGp(N|1Ytz;yr6Juj%>sa$WdZFiajZ2d4_ot>A-?dXKkYTgPVT z8+MS8VtQ+cpEHnI)5F12fub|50kW+TG-ENW#8ZRMb&kR{U2qyxJPQHF@n`O2Dp=Ht1{V=r_0g~~O6i2y zeXpwKf{pnmkg9;pQp|aOF{Xx7gK~RsVMFX$w6*gl`kn*0*#2lqD$AQP8-efi^$>U4 zaaPdzUIV<^eMOb=u0ip9tevtx*7k)c1O)Tjuk>~fRvRWb=YPctHVX8v58X|NsbHB2L_p{v7gH^NYcgbdzZJ{lN0 zx?jcPL+gDOW1KGG%Rju&D(P=kZ?1{OQbIK4Qmmu2eNYCYlsR!YNEy-pQ!fV9@w8R{ zaR*$4|GN!_AC_xXCfijN2nl0ZdB=nWPQ664 zCu)?dgeD`G$>`Ks_I^LyQuBz(yEy>Sh8{UdXhQF`Y-=~4fi>5YgQ=n*!Fn=^NMI;5 zfA4b_v*PDzh7D{Kf~*!J5=hue-)T6b7AVxi%8@#gSXq>_z+#98vDKJYF${gRJEdS5 zEnsiKYtdV8w6g9~eq^z3%)qLqJXGo)ZnAfNV*D>Q<+r?YKJp6(YQrb63h3GWQ{V7Q zOqY%M2w>-AcXV6)?N~6YZlJqOZl!y#Ns^hcq>=;6SS_yF&rm!Ti9XT4M4J_t()qZW zG919{M_y2+Nj9Od6;Zj_AF6K5H;?$XDF^Zq8+Tq_!nmltFRDE$N&Y)V0(QI#MSvk_L=F=>j6iL1N+co-uB}k5Id&LZs zE*Ue1;rh`YSyb^wgt|QOM#Q(PDAzQ+5z&Y=;{FCd@ZPbPd zKX_)+u~%F-c|&LFwizN1v;I_vvg-XsNxwy?a88!P(tEYCY646RkE79i$+xvb2_j4J z(++qoh54*6BpuJ4Fj1`wwEk7<(ee4d9^%x~uP-WhKs&+c)kxkz^x34rHss@eHvU)P z4l0qLtKR9sxGv~TDpDEjiP0Lo5uB$~a|KEfD9S@;?3!w&$nMcUh&|(F}xv!0Y$D3Yx!|gsoL2Nv_ z_utHsu_I>~_@WmAe9q%irhWKq`vPigKJiH@Rs%$gApNUIEdx~CNu>nigx{>HaCw7c zd)t>S{9j{TAy0bn_-mQmp(RJ~dm*xuth= zd#d(bwxVyw59n%P=HCqXZUmS z=M_6cT5iZ&4pcwLCAwFr(o*<7Yxn{t

      ~@t%K2~*R^b?@Cv-Uor7q2Jf83;HC{{=+UgX*iXH1%!YtD6k$t(6*b!|2! z$r$4?sl`sgtt&Zpec!LGS@BLg3SD zQeZ~yPO87~&)xP@a3%pj>^!N)7%;!7L#7D*;K<8$*ntkZ4g<;= zN}xTkdZC7k!r1%fs0wadR&g<(jn~2fX!E=^b9Ld8?Z-oO+~WfxDtdZXjL?i}@_&rE zkt|?TiX1yL3v20A?~F~Cg+#m7JW+R?iFxlC=ViEb*o|Mf#gwY(jNCGMm+?^lDzGnx z+KJu`h9Ez9My5tl@yl{F8nokIAdkiw2<$T{;x!$5ZSztH>NSF+T64U<;#ByJfIGMi z4Ztfjw;xJ*2+9R*bl^>-tXoftI)TcWaFXQ%Eo?x2R7&kPbeJ2kg3fXEK5`diMzZ#Y zR@u|VNs?jIT0_TNFARR&nC=hL{fcndXsD-xnxX>Txv0mM<{2Zp$KBwgQ)%nth&1Tk zYeo~C=TA@ z?)?ksByey!-RPpQo!xIgpUm2bWtO@MyfG*_4V_7g}xd4q&`tfot zDXUXO1JeHDKIV@-2VOGU)#wKv#TM@PF%Ts94t3->pyLdy>WejT`%laZt(CF9)Jklb zy$Yng+`|%~X@4!MUHF(6S6Wgh7c2+G_*C5a^=00y;YbA`n6nRv;|mo=CP%uGQtiC3 z{ujr&J{cTViw9f_^7}g8();prPT=o_n+maTwm@xdAYE;v-32trH_U?81)%A82exW^ z3{l37x^?PN$%|#?toFflAMTdwIykj*Y}kP+M&0&GaLuZX>DI312B6nW>ecvkS0s%|`5{H%xK2`WrJYEvfXe;)i= zG{t?3f-yq6kv4}Ze#Q6!d1sh7{wG}c9}qMX`+qMks@B{}%w$LMd(rPB$%#OF1Shw9 zYi&xE-FQ5gElo6I#yn&}furB;xbxddR`2(}J8~RDnYSXl`hHdc+pflN@0rxAHk;XT zydEM&&^oPV*Bk7Vq>Tt~YZ>oU`2OHZ?56qEUJQ7f?$NcG*|6&a7FR-LEJ zQtYSPdzh(oYph(l?7<3&0*T%43ltSPEbdqsKc!e{968u<% zgsw@{!H`dAEU5WU5f$gjMwS+rLjY6uFeGp# ze*>Nr5}mE{En>Zv;B0}*1Myb_S`1{6WkQ*KvL1RFqCPLOz`OZ_9DBCbg|sVWlWlTP zJ?S6$-ql;OlCTgi%{b3i$*qfyOe?K0A-=^kS)`Jg@CtoxidH6{Q})Ws0@@hLlX>8J z#Mn;edsZ^lvID=yy!-Y>lQ%lkqk3y$CQ?&d3R&8CR9@5HId%(F*P?)R@J&S}ujwpA zjck<)Ou+u>xFn|#fN4Tos-%nCBwAVI1H*YrXzdbQ3{4UOz;Pi!Eey7W3ZD))&n+=C zd3i89dM~F5b#O0@Y-6YFCSYheleT`@OOZxZ1+pKmx>1%H(x7I}12)x$DfqFHhH0*a z@BxKr(YN%jhQiRgAQWOLA_t68admPTS4QxgSP65zrcjnl_=Q@P zO%;v924nJ?1^k@bE}wM-Sz-P37fu%CFsTWw)vg`XGTO%0;Z&+VLR5n(qCicT%Q3qN z9*G*J52PZ^B1#h`rNiQX$+0n${lb)3IJM=|k{pqT@i1UWvjmX?p$b0~nf!&S;i8;HT;2 zj%sdU)>^FF#E-Rf*ssmd>TSrSneFRm z@vPJttytn1v67^^o1Hx#WOhwOwSS8kP5^&=yF8tISO5+aX|tTpJTrw5^a4@XHgNd) zQ}j__)e&I7HWD>@eA3Vb866{E?RI(uCH4VeFa)N86q#|9nMi3X!18}LG+Z15wPky2 zEzRZgW-RW!a_}F=+Mua0*&rX8I?C(QXg|=bsq%G=rtx+YcFHot8ru)m5` z@1`YEcA|ja)d8DGYlTjh^Z-Fv*l_Rg;SJ9qEqyP(NzP=-I<%(k{s6TUGrjyQYaE&` z%M@r2^rE|C=Z+L@FFzT08gaE%B8Hk}0P)SkAhtTEQ`)CpzLae4U+?kdKUR~5A+MWw zMaDk_XFt*fYL!%pTmLd@I$h9;W7sRF%t=beu)SflpZUnx=4NW^f{KviB)&^Scs82~OLeMAusiXM=a2NX~}q>b=NN=5uPC~xCn)IM9I(@vK z5RE8`1uIy%(PoVQfg`8(tz*US_YJ>?ehWdCbXlO}(EK^6P(tuzs#07Ck=3SG{&COG z(IAK02HU7+ka$ry#^JsgI67yR!IMR`80)kTJ)(rJiab15T!q-~hN_Q;l;hFX>*;z#fBSQnY6|)V z%f5fYiW4G-VC?rZudY`PEw4iL36kV!I69of>!ldqmX`p@WDgp}RP5w=tw7_I%+J%Ij1M*It$1iM zDEB4&nF4EhpA}U_eRR4r88TZS9)PM44#`_p+bj)Fr^>gnE)H8viEyjns-i5bYt1!ywG zdtR^x(-$QS1)FF#gRnjwL_#iwg2wY`NM#M=(VEd=gUIrcxzsg4fOy5ofIF5R3(2oe z&YA8@W;BgVV9Zi)%(~?dN3>MTgFq1$duz2;-8BK`&)3K2p#n7rTuGu@jOy|E%qZ7y zi9K|Bll=ykYC8A}JXE|tJG7_M)3tM-&c-9-w6jtW!&yxi#ApodQ1q4bfjrBQ-mRE@ zZMGDIhwijEP&KI#$`8%J)V4UU?iFS(JWBEh@T93!ruw;bRm`9-Pty>A`P?L36+}Z; zI(tRL1aX|%zk38Rej_%i_(U#IPeqSyiO(B-Tkm$m`Q|y@3QhN6h$Hg5l8O}eSGc&> z+{G*CHe=600tUuRP z9|=nIzQ2}$#D<7eZf`h}(*FF}>^%Yc>?uIna{f;rvH!r@V*X!I(|uw+uZ^nQDQ`#_yy(f7H-I#lXQGyVj(93O(IBG2UwZ6Dp{HZkL>A@D(nLuE*@Xod8xnm2^4A`aw6wW7182_a}{bj z;UkpY!SrEJ&TM9nhlWl_6KH+Sr?7-g`9T+)EH&3Y=6Be62)!&CE zLE4#-0~>dzkfM{W(gMe*Y`Z{Kxu129qUh3pbN1&Te87?{v zSEcvM1qWs(6>ChXmgmU;l#$s#8@K^q3a@tD)x9`|>V9~L=MCZCp+2GZNiv?%J**v3 zT#^y`9T=jD&3|aWjPud6HKn^TeKl*2?cNOdt1^4rO{m?S(r?O<@uP2F78jL;ystqfsja)3Q5jYXvikFd?W1Va%6h zg$cwZ$rR8cn^qmK7hfN44?}AYghkRHGoa+33xdXe4rXMfC)Z2+ProQU0Z4m2nLU5M zCgB*Y`lEH3hz*ecl$qR4k=`}m8Yyu4aXknl?`0@cVkyt33lh#l^5VWSqhgL$KP)=R zyZ#bktyvx_34>?v$73+E4;7EkOBplzOCJ=sH`;^1`3wt`zdCa;4wISM!7O*FqL!xq zQO4I!tPI9o)OAdx>BM$6eOz+bO3Yp1lC8Q2>rC z-B-W}ToJ}JA-Fh5dxU9Ov)+0YL`lY1!}_?ZLO8p{d^7C3QcKEwlRm;Gmc=GBwc2{H z(4{63(5*EwVjxHoQAX|qVZH-$E1k7tde-eayf}9}!?}_B6GjMfv}P;HQQDhwFL8@3FMf#%Ei@dgZQS z)n)>^hoHiD@CrzX&%B}X9e zA6n(>(w$j}h1+PB-Lsb}>EAPuC%Gf^Utk>u-48%1V&#$NwGT-9g?_S(L{Q(Gsq1SR zqwvttdW{98ml)yC1=7N9z`dE4wMiM1_ZL1jM*W^en|y!Y;E2Ql7*qH`WZ%dSB96eR z07-+s)+gCkCDQ?Rjg8^(bn|d@`i!081|0G-S(J@0!C6JsGVy(NcnFeIVn&>mGN$Qw zSS;l%l**hl6rBljChMh_V2FN9fUq<*qcudexFQ;|D!k%F2tULKWu%1+GeJO9Z>1+t zYApv(-4G^WSbN|?i60jTR4FvxZW~*O4!b2kd3LS9L#o#iVwC^lcEli$(tNdVMpaV` zDpa>#kzgM%fFhI7->QVsQqz=WqYEv9Gy?nD1;l1`Lv)+BnnTUXX_R3&z~Q(A@^}Ur zgIUa!;J21RcZ%h?o-&A1W%}W{gX>(~hvYZq09-0k(1CD&uc57W&ZbCcn#*s}XG7I_ z5?T^Xy*g7EN$88h-te}-D+x=5pmIa?p@#WfOT+=N*Ci*h{@$u)Nb8~N>4-70lqK!^OPH73M}N+5~{1z@RD6z z)$bok$3fgGHb|`EoWUI#YoxN$n|V`ki1F?fCTMT}r(KvM*Dfs$+k(!Vl#dGNCsKiG zbOhFqwLVw7=`(Z_MWr8!&OxNTLm;r9AFk3a%$AYWo{8zK4c7?C77NdWT&Ny6^&t@m z;Y$kk(Yx`#ZPpVby-!?!Y)TR-qJrCVXQ#z|{CrQEuMB-D2+K+1#CU;0BqgDMhKYU* z6Sc^3^W)&7;>Y_8G0}DKK<-{QM&c_qIO8ZIkWjABDEOw)PUL`i2oKThbI2UPqdRV^ z9umX!o%K*%xC{T%dE`~w5tplf+hiRcd(J~$;D|riXX-@sxGixv3S?S~bFg+-+c9im z!h&AT&zi~++5l`C*ZW@WGl!+TliTQnU?ow5vnD>$L6#lUx7FBsNA+gO4CZMQU)0cj zy4u=qJe|^Pg@|NJ3q9WLKn$x8PAH2egE~1{!=db5A`x;CXWBQk9zd$ zm)(XsvhPbR;d3!E5?=0ym>@yBWk!G0b#wh}*c3zv?Rf z<@3gXyKpjo*S0PCkS(qF$N-Jsv2H#6aaey3VL0;OFoBsHhn*S6PX|#il=&dav7})# z-FW5;fqlxrTL&D8ne+3Qu9}&SmAjt#3rEl9E}_ZGTRQm=9Ds~PjIn@LI?X76l!NV# z9Z(`l9xbl9fC*^LA|x5)f)@h>@LVVikO*Q!`6C0CcvaE}siMR7!kC5%ue!4cX4ocL z0};c8(pdVCQk$kerwELR#UC7b0fk%boT>iC(WG*!hP}$zAx&lxnpOd*Y+Y&rnVbee z!FhrcgyO*(LoW{pAs@AS1c5gGJwwg3b`PJ=XH+2HKvguizpConi_cSLq0YOsTG&SF zoLNP)APkYA3yjNXLX(Uv@i#NY!Gw#E5`p`!j$4DFsBS4|^xuL?ODPLLC6!6m;|{Nz zo-fN`92IdxIFu?8^zw*M6@oR8i}oT(-MtpVduhP;Ia?zJkd=>$Xem7Kgd6?RZX=kob@hUye;V>;1#; z1Uv5Ov-RC)a`#kBk1v=pnT$2$&3qTXvLA9+7e_eJ?Pw;<2*4D!y~&UUdUV?@+XN{b zKkSU@MTpFVml2;HeT(i>`bVH8GYt=pNYoTkj_4b&&krbv?OQI#?)oZwhIsYm*qbN~ z6h1=Bh;ig!YMl@Cu)_wNGD>8H1Ptc_P9b)+L{<*D`fx{#+#|cGOTn=dF8JlW=sOG2 z75(WK^savl0&ZY$3^4z-S;Qz0nD({JK4RD2#@y@zD8XV&Fi4DcuN3q6crQobVk37n zkmg%5gI*36@<+estWbLDz^q@fJ~aj%S+2mY|ZrOVz@LgA|}+B{#vl@S*KO+cw6t`r9YAI zQ~j*}brlulSHGod7p8E+mc2x-Pq(Xf-DGUYn&gkrg~#3e!0YxKBzoVTv`?LLI_HN| z#4zd)`M##hFo3&&2@@dpJ1pJ{DBF!{b#kdX#L8Hb0Q-KF(BPO*WO-gAopyrFuc zO!up9PS50zK=ty487UNZZ>y0^AYnBNea(a!9PxMxOcP8CQp<)L1VR67#_FXYZ{IRj zE~PdYxbh#>N8yDBxO9{@9hOJ{|sUzi_GxBy<v^?G|bPZUu66qJ=*uGOhS3K+M^36iotVT;4l6I607MIc!*qS{&>TY7<>G zJd2i=^T}byNiz0c_?qynx%D(<0jY^K;MrJzdJr3PSW&i3YGt)$NLrv}NJE+ws%lm_ z!%CX9@}ly~TffSt^lPztPN?_o&4NAcfBPbt~Q+ZUq zsO&JRlbX#qbF_VQowA@zfmIgDuR|r^Cn`YDZAk*jZ;PlG^A~pmU8n^^+Z>_ap)rMI zy|u>BWH0Z|mLX-mvpxQI;J3+F;qJ(<@`zGC2GM-Gg!#GEsbHq*CljVx_y_<{$rJs9 zokPUG*hMlBJ^eaXlGdLKZ!5PPZ$Fih!2E4$OeBLz1>52gmCth;b+E@o`D-P2mK01# z{EIFR{z<_orO$tTpvnp=+%HokrT-{u74S+-6!V2+j{_wvrpzY|YQvD?Q!XNz?$S_N z(RUSd4zL9X!_!)*%A|wQJ}w5s1<`~BRz-R-Jia?$v!%#gGd#X^Z_Y4&I)bnT!#Rp& zShv5u2-cjH-2AnEcA5k}EbIF{J~u+=HDM272@-;>(jtc>m4`ffIt&L&9WQydi{-)Z z@RQ0^-u$A{a-Jz3k0+Rhy;j2bN4A>*9R^|9R$+XGdMvupf`{Q^f^!Ro6%I z`S7#O3U$qPzg``3OQz)bq^gJ`$3T&p73IFPS_-nlxCmp-WzkTY(TCHP^gGM7aH?>A z;PiZ)1GX+jPpf(ZHB!cR@v^jtT{5M5p8MJswNg;iGN?^5rHQvlP{cOI$hB*kdsgo9 zlvu)otDB4S=KD#UkJFXdh7o|%``ZJ*e`@r>O zP$0WsrNmPYo9eog$(PN|nU{!`rji&_<-XGSVXI-;3aA3(hIQfrDz@RJOg_O zS>ATq!2CrpopsYVo{~_j>{K}pFcN1%?3vt|)SEOHFhlKyDxfqZ#5_y{L#tfd!U&Xh z|A7EZHlp(VDOHyoq^e?jXZ>I#Njdc$LUl);G^(*1Lbcf)7@LTNT%sIGPm;YT*`w+U zrVwX{;3^@R@Cy@iizg**)uUxM1XG8>g7#JS(El6#cWJhK{<31Y>Z_q)XS^9xz2dA? zYW3+(28+NWJTDyDKUF+J4fdaTS&BAQZ`8fkMZ*Hkg5?n28z!8#mIgv^ViuWE6QT<5EB-={0 z>El!IH6JkKY`Dtm>;se*t_UTI1qX*pFfuNRgQz4Z{f6NJo?&8m18iNij)rnFl znG~OKmJy3Da5LcSv`bsgaO5A6CX6qX0qA9ko}c*QPX(6e(R@OBzUltRHtoZ9hsXYK zl&qyDcZoMgG5jH~94`a=01V7}x}dl}Xp^48hpgoF+SU8=RLM(=xt9#AQ|FS)!h8Ls zLZ&>LjY_+G#2EN6n=oGXhc5^ow%B>t8IfqHnLaOT1e0%VRvj1bTDGaLJ9lo=-oE{I zzg-1upr_^W+;%9gw7ajFswN=DkGwt)9NIxS^nt!;R?tSC&*F5sMC!@Lu1UA=B6T@0 z)uCxNMvPy9o2htmBCb=9;UVO_vVZ17-=^@pln9eGY_S$vnJL9rRb-huTU=3vT;PYMkoleOu#JvW zP#9o@8@hQz#9>=;cqJjDj+OWSHv zyX-0aK4gU{Rs~nd@b0Q#zJKz{+8YG#AXKANUv}^QI{&!dSF+?N-Wt?G1I$G6_%ubi zpeDF;G&x|OwCH%;d-(#LlxzJ5+AQ-wquBpIoBi*F?k;gtGXG4M{{@Z)-(9P(h@~;z z#7S+#2r%AJ&t&@-p7B~gv=cOS1g$bnK@aQ|5uU3Ovud4!o>2wm;XZl zzo&%EES&8BZ-4IpKPgSNnkwpSEQ3dOpb)wrT>sC(I@{WTvKa{B<_2|*L`x(TC}ST6 z=H`{{M0T=$qu%xMfVLzSTW&nA?WLg-Uv9-1p~amJTAYo$mA;y$^#+_FsEb9Qkw-hb zG!`wjIkt`5J3To*9w915wg&E%?^YH>sHrDfrlHy42QMh> z%#F}LIq|{{+kb}_NYKtLuMmf`dgCTOw?Cc!Ra|NWBReq=zi>#ZF;4~=#19v)1;yjt5>c-pjCcs3Tk`B0)fYl&K@ACZuF6Etms3h8{ciWc}oF*0wgjYLyp@ z2T7BQzQdk5_~Q6xuWBv7Voad%nMSvxv9ityKp<~B`@DOpwtjS3+-a|S&enf|pnKt= zz#!juhUzr~xH{@T7Z(4m08e(FdOSlm(h*sC99!8h-r4aBrFU!Kz2)YIV&umnD>{8c zKM74u4GkEv&8ro7^d})eKv3r1uL&0_?$+MrOE+V_N44gs=30LM z$qgjc*y0Am;P`3B+WPo(@A#v|^5=w*uJ;1L(aG&YLUdPv#|9BSfCAR>(=U6|?qdfq zM2hwX%&Suc-N z@zyZ}B!g&l4%jhj-Z8SL0r||z z&H`39d$#QbibF&CL>!x$nndZ$uEFmG>gl2RMj@)d1ELi|zurYb?3RuDj-)@aI0D=K z2*aE_)UWWfCAiY(z`}dQZgh5RdI7epLPL&fNaS%>u=x4$Mf}3BwnX&uGPMU<|6$4g zVgI)W*FHW87JeG$fxqdqpZ#8gHj9L|1!dIYIzpxdN*)p0vO2I{y(74^H$eMPzGaG@ zK8EWd3BYc}5Z}M@fEerRe_9Ya571p>1UWc>ICk`@30pmW#ISfrcY=Xw$32bKJtN_M z+(3UC5*?fD8^E}HP_CUXwIIx_;JqfM6R76M0s_cQ5zw zZ@nrcd)$IDVS9<6e?1}&!W#g7g4}^6!<~fX0je8S?xQ_coAe6oC3|`3)IBNB14g*|$d5%P~b@&92VqGSMT%4g`C< zgTyPG(vxy)2eG?f^)2XX?@cpH02#A0`(Ov~&E)ZD{iXw29elS#k{vs?L)rw)?hv-J zcJv6@+dTUP?H(fd5#qF>jtHdp)x_*>eP`n9WG>|D`DbT;i@=whe@ej9Z(*InIKKaK zTJ6>OQHRD!tK7)-?g7lAymCMoIB~?i?BMn?{WK-O%8qOeqrJA61;E zfywbT%ssmSxc=;K1FqK_{hdGGB*06#<`X-eLqpk}UumtJt3a~2yIc(p_IF>l%o@FZ zuiBpn0beTvz}^?1us^=)ApU}OdEoQ&orxj6JR6ABfaCz>Ar-YcRqsg(w$}dkdnra4 zEtRccJ2Kej(EwsHqN~2OMKbxwhEMSTOQIOlcGVmEOZ{bTWowFB+9lDJDUf6k=((c7 z;fKHJ{|tA~A;48T`U=6#Z z&DYkqTi1;}7>tk}k?7^01lxPId!+ub;Gq60$Yr97?8QqBbHYCz*v@urODlLQph2wV zuKgwk^|y;=lc?O7+SNOl!N&PiGA>v=M}ZbUZrsW9i8d9DS8htTK4`-d>>F-0X`p2! zNemmeAt7r1Y|b?%OIY98a5bkc843QC%d33BD={4UpyLts-F0E!r^>fUzmfEalyJ-> z20n5dvWF|Zopdiz(VLJgY(oRtlTUQ-n8lqKw%xS_f@bT9zJ!L#yk=3gw$BoJs3HCQ8qT7%NA7F z4(ms?*_hNll~|OH&7%1z{;El0P}wGjI}(OCoK89}KXZ;CuLqZ$aShw{;REcgHq2D> z>pQsXw9DcFSe`E5pYpw}zi<*MFVU5MJ(U<^F1-PUNYBs7r-Z%{<67S70fd)+jD3~B zE`^0wc{s1vmEf`qF1+O4Al^RDOeq?jX$)^o+lb`c)AJpvx3ri^5O4&gBIBzX;zJ=O6 zQp`>XWAl}6h|svWy47F);`+6udS$R2WBk@t!ADI^`AaVvu*?PTuF?bBoE|=MYd-Zf zU!fIzYHWkI3kUYX5_{0z;w89j;1d|f4X}DazPZ8LlT)tL8lpnNr;M`7BhG7?-ffsR zsMxpC92yO+@GmsWB9G7TSWtw>OmL6GpjE-yUAA~hCpm|jAQAKd+OoNnoo5yF|Bw~B z_MU@ph=8Y_qqfuRqkOve(JK~6qR2k$`Pq3@=^zWrIx@&m-8qGTc#O_O@-7aOLP0T;$*Y) zz_$Jz>KpU22dyHf{SN%CGj1ker|Wu%HI3BazAIpJy4$o(4&L zo}cP>tFfl94tT)*49TFyN)Ym34}UDw?0u2Oa<^0I?`;+M)Nd1crOi{7WpV5Ew!s?YgkFq7w)JIR7zxwK4VbntYd_E_gxpd*E;4^)wT^_>fR5?Np=*_Ppk0>Jw z>3cAREl`&yb#vymZ-YpWM&)R0qnV~HUkI%@i>FhJ>xwNTb5GZCb!@`(gFz^t-aDfd zj+()6d3lHgxAcx5bISQtMLn++k5Y=+r$?Trq1TnkB>8F#7fWgByhjFQZ}|!N2E)#6 zBw{sARSL1|=ajoAJ!_g>kCi!|aFlJn8##zR3@L}LUyJMFit}j%lPG48T5)Lh5<)`T zadLZ;9;RIPg3&0GEmn&r2S%D1D zud0{K&ruRZ?<=N)dS8^kBE{oZb zUrbcwbMVF#iBZoN)C4fc^nV!5r2I?wDXe6Oz?nj@JGL)9&vH{4Xl~-JMQ$hvxwiNg zn2>bELAj6{XY%7Ul&8q`F<-JtpS4oWN>DM*{^~dpBO(4lBS*x>j~A(M!QmASw%y>q zs^*`A-!kPOf>eZzigrIhnrT) zz}$(9NcfjZxbYUR6Rt5-SHO|?i3XK<7b9S@S!&=1-w2MU1D{CS#{OwBWPgj_+N>gu z0wvEg{LE6>!%D@*WvRx&AXx795=U2V{sqg8<8F6-7zKQt`hD+H0~_45K$^sqUXan{ zZwlo`{8b<3tl*yZU;!z;l~0i|9b#rj6p0{L zs++i`=LdW49*YXp+^FLM!%#kjd8#;+ zY-s;Awbg`05~2k+Jg~Xr9a9;ydfN}nVzA`a<_+dc6q;=YB1pk(F(*soEhIfkE zyU?lxYD8Rs)wU|iFj%wm-kg875ghB=IQKOyL52wT&TFk`o3AVnJf5u#xWdO^&zpO=`-|5#D$y?sCzk@L z*{NCI%lFh7Gs@&d&*KY2zv_f~sjGvtGY07!H15_k!F zjY0iD6_le278G~p$OEmKoCLn)g9;B`N&c84Z!IW4I&?bQmV8IyBfv{YCndYKoT~<@ zS-)TUinZa}`GAC+Tqu{AUNLA zY07x!0(Tn9lVN1tLmD8yV1%S61sf*m1z*qj%6gnoZ94Eh4lb?tr4OXC7Loi+$CX2Gna#Q%whBF3qLhLOg@2 zi^HP_8!;vlvCxG)+IQ&Um#cBikhL%p;z!XN)pJE>voZ2OH&~( zJ+|*ZpDLZ>h)l+rJ8{1Q#=43q@+tEz?T`?>bhm$Qjd)_ADx1`RyOZobj!OidXRRvT z4al9b1bB;J%MQA7ej-^VE}AdyXPxhuk@}J+ARf&OULT zb7(Pf8eMY0{oKVLUFmamo?(rinxnJq9#+dltg$A(G0RrLAq>!Rt__QhyAGTV6e>+h zJ}`y9FU3UfmBR4bRuO;8oR*M=+3<*MuHs}t+^|;*UNSb;!CZ|6vZ(gffQVX3( zIM%s0vvT>Ga7q6fmc!3?;615-Om~!Ri9l|l&}T`%G6=1u#d#5vPmddNV^9gD=|!PY zL567>obml<-|eO?kL+Si<{f+D9n!3wH5ukgJXVZdP}LQ^`O8`*xc!R#9=s5RDIkra z&esL}rd!0$_qF7Gc-}dB=DD#O2pLU&GCU^{bv6(b5f3#SiRD@qc&mJ3ha#9q#63){ zd9;=x>TaUw%=q(42o?Z)C!gL>3X< z2=k2r0z9(KlpIzT2XHVY5mVQ@aquP#8e zvm&Y=buQF5XK45aDwml(AzuWCK6FGC(bSD$!SQ9r{lg=-6W)@u#d`WVe9?^vZ;+0@V`)*8*yth=XS9#3!Sh!#pOHX z<7$VtZO|qbmETD{SBvY#F^HIvRl`(~3 zn;4PDPB3}t% zJEIjgde;;=6fS0j(*ti=8N15iCq^d%yd8#ISpkU((p-(I;W-JQE1^S=kjQs_GWZd! zwc;HKDi@fGBnETmN46LZ#Fy1bpE)KH|FPj4(B2{llvJ zm&^S`F?F|wb0lfuUljJ&z>qdVc|%%rf1=mU$`G2wqP75y2=R5V#w)a*h@{|Y%UWKN zL!wp_4!dvd5R;AzG#Q0c?vST8p)EqXZYJ)+&p{ub(n3X7OEKLy=Jq?SHeGM}jIZKV z@A%lllFs@Vg_H*Uw7$n-#9_Vp_H2N_zG8|<8s?gT&1~|MS9|%j4_d!2Xw0woqM_F@ z>7=I>>_03j)=$@UgWoA86L41O^^9=Qoe5)7T`#Z?$z6Qa+9oP-jEdaiPql`D(w?B@ zud+LebcA7{w&+VsuxfePnQAo(@H|syF$@~x42%LqR8J$y?Naj`f=&w=tEoPlp4pS{ z;XiK;9fAmrQ;4Ur|Hw?zPVh1vQ=mPDps}*=X$+-#jkT2H=4XD4POK^49vD>K28eki zAw3e)g>x1?O#|Hw$B26bNd!KM^)`*-uo!B905+xsVtR#Oe#)AVh+?%K7yPgzE88f= zh#&1bC0tP{0*6Hm<)OsMW+T#3A%&X}25BuaHDQxD3%A!Z5||8ERAO(6tQom~n)z^F z!rjaDt67AI+&?_80VH`)Xr8uYrXYURHem7%$G;wC^zXWiu^wssXE1Q1_W1U{q;s{D z&mMi*u^SdMVSA$iOE`j_HdcZ-`gc7?n(Q0lbU~4Jyr25)2HxfM zst5=3uWWR612_q)2ZCBss`3nnX zs;Q3CT{*EwVD~Xfkjfpan_$M+w(Hrg1{8zrW$CWK+>%7zdbe1*l8u( zg7qPQ6>RD#=QJcfM|lmb&^tl z2dw|L*gB?D%OoLfuCFF=Sk@VsffP@dty@CHf?7R70BZ!tc9d;C@E*Ywl`3=e%C-~r z+8DDsY9{M{1~XOFCch6q|CpF_iCO?{&Qgx~V!GXcJs4`Grciehq}v<4fycFR@2gdAmzxO6KElepF+S?d z-ocV0muXo1R?9x0LCpgd6VPNFP=Wv!L!7OAwf&R|ehu|X$W7$H9twe^+7NN< zAS}hu=9l{_tWYH|0Nb}4ABMAJD5C7=$4p9_1{*|ha$X(omck{rIr|iBB@xYUNhFt= z*y-IV!r_IFcpu^H#(L8AAr2u?(n4s76}enYbj90|4$=Mof%Yjgwi6z1igKv2sUXF4 zNeA70BFa$>c?10Y@}%&2brQYM;mI^L4gqr^KSP zF|JlKTrS5qK><`{?eh3!lV3yeB1&?Y4@ z5Wrk5K2%r0*}*aDG-idf=sRzG$(P@aaCsXv#NZm^x}g2nIz|%Ob5TW z5j0tKM8esg65&?m;E5FcDdAxU%kjQEAKj}%)`;Z0y=;#%q7xDHr#j=uz@KqCm*lkt zx>OMIdD7knGFw4?)j(xwaqQ+N_rjIR+QH`e?YM#483$5mh!Cus?VBNNbS9JrVY%j< zF?~`GB0`pH5A!{GS3O||t;psK zLFd)#CND)Mpv+M&dyb2#@NLxNO?~**0_ju-!n*#bUyp!6vS!Boq^q|f#kLOHtF7S% zz^aloirB{GF(nQN082G33bKQ_or2%@h3+)GbP^gS2vx^~a2e}HciuokPW=#o+tD%Z z*vG`_UwV!i7^3Q_NECzflhjwEVJGf>?bzW#QSStZ#}3d2`i|{zq#;OXjpskir@ZNl z_RsjX+woi>0b0jzCCMYQ0!w9oIZ|eQ+p z+VJKXCD+`loBVc-@h>agh2&#%Y!c$f!oi``@?UqJw0c~^67{@OvwPMRkXGx6S8fpy zeGl6^*1eTodsH!irEO+Bv7xIArA~e?YDga$w1jt&UKLU|JJ;dgq{@{F&17`5n1pKA zvK!0zMP-fvKlX@8VyVSk!>wgD7WKYYB1dsvneh)sk`O3�?H zyxFW!98WbBC#k=+zJ^}%#5JdUp`w|B6JsT^B$irEL>B=Wh^larCVXd!Hxs>xV7mU1 z_a0TqV9k;eYf0l4%7)Hq=WHPSo8z)g8m`+sud@9#o#dSZUX%g&#m_zEwW!i=?_HRd z?$QHWL(aC<=C5-=S(jyxmS|RUYuOvz=?{w1KB9ez)qY)W6+<2}fg}ieP*QQ}hZxSzms8E|r?qN= zFCVaqz1#Tp5}2tQ3Fa8@pdOL3uuQ8#utw{)j@5bQ<8w&8(bvn8TdF`Jx5yuR=hYee6zFyVP)W1O!2w6o z=Vh+TwlITn(x^oxVTYj(QP}L3Yq`v-rK1lH&`aYBac9<$k{f5OkQ(Rp4-B= z^jasMFVN2T%Y(SJd~}HSoK%rK#8Jm7`;NCuAqr3}ZQx|@R24eToH3OFZb<s79C ziaO0xfRF(z^PuTo7jYFQXwu07w{pd0Pcvtq>8syKu5$?U2*Dg)vf+*%lJ+&~c_J@N zNM=l6*yvhN({PQLxp41Ni7Uz=rm<)6C`7M#w)$RL>s*Q8wE36>|2bkNXqu7h-IJI+ z-LR2FEmKepsYC3|&mn}oDQ0aSiaLj`uO)Gmwg~X6c;9~o`(L}yec7^OPGx~v+~f4sMPX2-zzsM#kb*)q-9P6-k_6Ll_*baWdkE4;t*0g4?rtx zKW}7Wc8bxoJ0ZflPdMela%7c8JalRg(1|EnPlfyC{AY9`votm-ZSy=h2NcXSA@1-zNy9Vq3eyuiP-183smM{ z7p=GH7kx|L!u%0*391S-Q$xBF34Kyg=pmzxx0>MvM@~BpHqRt3<46PqoAB7w$%L*v z*JaCa>gz-ViIA-$hbn%VD{4YY6dCm}6%0|e zGRDa6;}$lE#-5M>-&%vTvN%-;-&PEeikWZk_l`m~TA)S6&AD)M`d+$Xq1BU&o?8YG%iN*9{Px#yak^CxVdk> zf0ge8c~&U}?>sVEj^-%)dEKH7yRNEK!+brdA*tkx>ZMYS(9N(=Y_nC|e3G{myX4pU zu)r9)(~}jx1tHB^sfepWGMr-P(M+8|O~ZCR zKLWJ`uHzS;Z|Fzrpm{F1qA2YgofeD-+ZL1Kw5emo^Kx+A*uH1v7{h3pG+9r( zaEUk!G3Fe?rhpLXbO&K`(K;Ojb%N>wweEJoU4AFPO-0@wioKhu*E!u?=F%(^3Um3W z_q&OA$#O1u!ZBeSdRO7j^{o~dSENh2)Jy0}@O+SYW;d1AWb+4$ev-a>qr3MsPaq!0 zak?(9sbIY4*1)A_?2Nz=Tm0m97f=v!>#hlN7X@il-(eIBuS^Aw!)K>qBG%WR6W<SJ78@++_-(1;tw_nz(f!rpXN>)-aZlAt8G4AdsMB=(jW{9LtEe^zqQ|m zw6KFDcaWp|<)1quTygIWZ*dUaDALrslOpts;_3Kw#T1?W1MHpyavvr`xsmey4|smA4SS% z%yU)mC8msNO_ST-!R%*kq)ac)E8K2%TV=RSVLSA0G|<3byK$YjWUn*o)YSjxk&+Om z*pT#!7!%dz5>}Nwtf#d(1!ODzHDk|Og)`!y<@Xvi&+Gg#K@4KvcQUWJ-*pDxDf1=k ze$l>S(Z4B$(>HBs$b3mD@US_8(vu3R;N>k5cFjgYb5Y;t(sUU{SK|KM1l6zQHQD`! zzTt28F{5z49j)1YsK)F9%&7Smxth?G*+@H@UbQDK@Kb%=)5*1TKZ8f#4Z!_|g(Gxu z=>-)+h3@#XIz)|!&p`5Y;(;zVVTQv(_T*Djs66W_{HycPiV-)OdP8KM$Yo%}hI)^* z&)bL=at~PA)K9s!q87}bKyLbyUfxwj@3)82 zk3%847*FHIV&xr!w~5RsAx}%T7UmwP<^cbBXBsqZ};c(Ul<~vqbolZ)})d0DtG?^pYu%*&!(;+KCdtw16v)+RA z$wprEnYT4kGyB6*UD%AbVzqvgFQl(8i3Xgygf-+UajiQIhip7@JKSo(x0>`F4E+}4 zsl9{yU;WV1qI17ttNIudD6YSTg6F${=)6&lj z_8=bPJY+%|2DPrYbT4Z~C0QuA^nk4b{@45YhI;4Cc?oaDFGdxKnD3*8Ip1R@ku9eZ zC#HX%Y)o}fz^rmlv;9OJ^4!;-~;2q$9dxYAMJx!dgO+5fbH&Ixrkp3O)nVWFXX9zyz6*rUhDl9 zL|phnkM=MsT4Hi&6(+#EyuJCH0SY9$trfg@Bl3(bJ8Ri5;W5+kfrjwM4g?^GOg6p;s}{s5N6FdSHtzMJ1sPgwT-aPba6G-HsGu zS}c9LpzXzNWtQ}OKe3s)@bx@sI9F{Cq%Af+J;z44Ea$tt?DKJHib%&Ilk^B)m?9Qg8T}-Eo*p)=k6x)?b=#phWm*z3!yk6p4V1! zTsls;*8P&Y<|h>BE>Mu>ngsFHAwW324X6~I#=ZWIR58^u5s@QbT~{&s=M!5$%bC&% zxlog$)fYX#HGBZB3$^QZ-x{Z}6S%Nx2BNvoS1RL*H;_4r^rd>J=NWZ~2Cbo@Kyi8W zyZn$DU!mbI4$eduXZ`U5>6i_K?bXYE7Vzx%G1j&owUxt&$aw=9u~4PxhF+<{%&ba9t{^3$jdqGZgT zwx}!>zY|HwC+A&5o>T1Mq{z94Y>Dq>?AkhLC2NC+!3W6vzi-;Q_L}qv2$xI zsAob9^~Ny;NgT~2b8+JIn0aw_%`WS(y68>a?}XBJ6$Zn>Y8hh4aps@B6jS*4qXEL1D`l9;L-I85eI^6Y6-agp#sT=>}*LqOn z%?5|tEo{b{0g5l?GAKFX!vafug5lcyr*voPC)hd{={8Zl`iD+m>}v*cpMRjpGST~O zy*sF#4yeod&|yU0(A4)#jGLs7r$pr{OfgrN^NtlEKi1?rzK)5z7d}H!>%;Wo`**E0 z*q0t^JZr~{VSQn-r!-%CMA+@eiT`3jcVfbYT5a|7?AjjO61@XLuOA?M*es0@NjT!msD4;~;G2t1Rx>9r;@P2qB zgL}VXHoB!LSk>)`J5>e-OW`2LVe?ymN8K5`^EjUk+)~T3F99S&Q(iL$!o813Mb#o8 zi=O@9sutkMgO5Zjd-)=v2;oH(;Ilx6`Iu>^@SN9nJ-_OYlgr%{{wNekeI@RpxwC=h zS;1)X{(Q$oW>m-y0n&Q@K=^FRuV=P?C@Ak_%`Td(eD8(74yA68*%;nycgl!b?Ox=m zG0v;Ai4LFk^R({9+l0;54P2+q9=TCmbsAP|dI`@?FOgyEvQ)YwA(ET>b!WZmxDR8n zp;F96S8&zNIO_5}Q7qXR5{=?!#80GV+ADJ99#j`^J7lckdyQH-UFaq$e>&reI5LjT zKF4(7SnsC4)2@yvK3^^~ed(X4Zn{sOk*0)SpNBXbI78l^F`5;k@`0WAYSU@1h_tvU z73*WBDm{EvC-R)F2(}NDtp0pacH`iwiaMYdVhA-S!}k*-*v$ZE#*V+gA)5RQ{*ly- zrm_sbSfAe=S?oSg;)V$(Qvm(ay*K_xk6~Ma_8Wq5a3I^$K4MDa9{mT2(i6 zmI?5c!1qw6cdh9(T257qUt9qJ9_^`f8aa5pi>YF#^iY)Mn#--7(0SrY(3{M;f zwdi5vbBmvwKVk1iHX-91BRpD6UaXAYrM>y(bPk2r=Y#UIUt7e6h!X}0BOqDz7RfG@ zR>{@_Kb{A1MXWvIeiPl%+KaDG(D-bS*{L%jo7^=bpgGo6Yf5&M3@N``8*oir)C|Ed z9iZ^pDk!)oe_61NCF3-VTY+q?dTR8i$`lEe=%zCkcKXjuYqqUwTOg+Vx9wW5uVN&7 zSnt%v_EZ}nSMxznE;93XaB`!m`Gv$}239=pone>Jo!4B=;DoHrg%KpWXvjW(kj*R^ zyL;bk2$_8~)8_&Y=5`cK3-myu#zj-ly8vlC_RO?91M^2 z-L(6Js$C#DJ>Se93i-y%$}pL>Mw9*scSyCZw2R#cQ1OLdKL5w9C+lKz@N>MhNQtfB zkhAvJ^8=6|4Ro|LrI)71nbQ~l809O0Y()B*>){^xZ= z-va#15B5#nI9~Fd-^cLIHM-+Np+SBP{NI_@ylFc>pjbn1IV@h%J*g+$IhWVl6ahcv zM|53`G3gryYg!B!4!N{8zlVKncJom*N2XwXHjw;*7}z53l5vIB^_)hict`>0w#z=v z$M_uA)yDQM;tP%;Q26U1G?y2qvH~O0HT!T;fYPp;(1>+laMjG6Q#{K1=SRF0S9t_> z<>`rlPF4f_`dKHdG#n8ER*QIY@>q;Cpidc1&UKTn;@3;DILF)=rZ*u;C}}Pb0u|D3 zxi%)Xtsiac3d8pE1lsNTC$BbK6wh~k@zGBT`-8-Xg(EpCOpNffJ3gXr!|^C{mMOhh zrJg}yX%axPS&^+G!tnKQ-Wxs|-D8E%Cnsr`xjl&&iR$@fxmJAeT!vfnF~rSUL%qMH zrMQ^ApZ_GnjT@PDEnM>0nC-sSk0)if@^SF3Kle>cnU%Ed6+9NzudvW1vJ!`okjL0Z zr;5dT#<)2e`g%jDN=p1}*noQGGwvDUg6)FfaS}-j(;`R~Xtu7llGQz_TnC6E)w<#< zIZ|;hk);q2y_Q{HiHe4qg8-m~tErIxc76Qk$;ay6Z#N%;pM7_B@cJAf^hmwQ@VAES zDT1D?cr1fVZO$oCDM#;9pk#{{8_JA$*0$WBtReFEB_US3V`7KS%GSkHcC}2YCW21d zYL+>UpGcSYN?L^^uG&Rx_EDMg*B8B&#Up2DjTKo|Y*dB|u!Py33*zY^QW`%I^%iE; zsXT>MaxDIkcqUGdB1-EwiqM>%GjHB(p)Jf}n8?!ip%cE7J`UKo+n9lJ!Y?}iB*F}tOT-C zJYuT`9nX%$TJxefxSEEB&D@u=6DP9oeXW~V*F}E_l9sb=-_)_3`vrw7oGcmOvHYUnswjP*;@EK-F2*_RkS!h6G#zJ|4| zjZi$-&<;)tr)vg$JLjv!-kAoD;2Ck zr<+`YK}5D1^t%XcDX2mdPqREZl2!502Vr8irz-QIaZdN%rH+cuq0rQr8fy$eFNpYUoh}J>sr@R}o)wwAo z-(vBX0UVENHRVHWND(~q`cY26iSMSefMI<6K_0D{^w65L$*{2Md1kpFq4J0Wn|zl1 zOBQ=7GKfGbteB!JuuG^hlC@Cq1&{Kqa#KfpA|EeaN^>4{WDrj-GU}oQEqP*?CX}7N zoA&ZoC=G9cqu3HmzX`>RXOv~Eh{-BD9!`DYf_VlCh0se#@LWq$bSJa=w&01|^ldG53vO)m;hn+stS8i%K)Tlz!5U0urdF#YhjWf)E44V+ zc|T1WFh%c-`PpDpsVx3*`eFSu(3AY7RnVDj)nh(_AN{?H>3YU0+WkFAD9|v9$kBD5 zo>_4mDQ>9!L(JBofM*qRQxsvgi1IKl&WUw!Zy~fF_}Zg7WHg{CQC%M{5{5oLDifWg zSj;72L4RnJ-a1_(cRZU?2wcZKe$sN$^{y19B=xc%9Hbv&%tBycKW+%LdxTE^0ijij zpni?34txWRJ>qp%Wy-H=fAq^jdqxa?(RTkf&1IrQHA##TY;7i+)D?`>9*Bh}ur}uh%oNwcS zba2d8kuV3lQVkK%Ss0>qrG%jOet^f`%4;}j)s~1B`%I6fD{_8oU?<{P{<`2&WjXI~ z>{(EOx~LxYl3bpnhXHO^P20<#I|5ujOu-X4WxeMUx^JwDOttjuF%lLPc$<@e9KBVSi6JqdDKVXCyvLegEM-NPy-c3V{pF4R^szT zsx9uu(D}_FJfC{^7zE!hn6k4j-0G|+NTrv~rPW{wHaV%L0MZ5`c#@M%=sIkC@Y}veEhaXx_?s6fb_wsIjtV)wEtK#J8XTmb$$A*|)#e}0*C@PA{L`9D zqUbCIGq{}oi!^- zn?d)~p*mcGg3g4m$Voy2;1J3>&=AJ2Cf$ z@2dLA&uoZk0k>WsYRCAb z@TD4sE@mZ%#>G&}Rk)1|I4%M2hw_t)R}uo>d?0<4&o1$@e;Tf+&nN$ z{w7CzThT}lQn#z5jYd8k=U*6=PE~3tA&%{M7>43k<2?onIDX@#B_-K;u|HLZ*ZG3SwsxA4@4lH8|{`CAC;r-KmYvv(`}&e#M)?^VayR zjxRJ)l zlZ+>pvr91|5a<0Uluz^QQVv71R$uHM?>^bYL8;#KqfL*kA0u6-vtI6QOePn$Ghm-n zC&Zbrc>oTb?|o3W?H#j*j;N9GPGVRBbL{)cH)j^Pv339Jw;k>QA=8a{UkQryfF$o3 z%Fqtzjg$+5(ALc_KhegKMcrhK9^D6Z3~T$j!~Edue!S7(HO3iykJSMeHfFhL>0K_b$;P)Txsc9LYWuU>WdFO6!+QSk;E;f_7@ORxL7SG+~_g7Jn4H5 zH<$9~4R-1`<29s(Ut50oK?cTq$I4~FFOb(Tctaaf&j=3p2mVsQt2(7?JdnnW`Fz&2 z!w9o|xU(T`<~y*Qx5CdnXC(Jy?ZNDb6mkvgPWgd^q+&@>h4l#0uV3{7#&i}D7o>FO zy+jmU1pT$HO0=)-;aB%~5pY1}=ZjjT_~S=QZR=ptY1x#>!*WG^d2F@7oG&2s3K8GD zCN_M|c*f8&QLARDgR0uNN2J33{9|5sHps`%X;~0>cVF^x*mJ)Rd=l`uT~H!QOeauN zahk7#sOY@!-d-eO9P)A{@C#}SMKyksLrfhHJo@0L`{+~>;PklAFq%M^1C20vA$h_~ zTxqUdIrfG))<4+V#~o zgTFVL(hs-(k++0$3_SfB9I|j9aZ6P$y_aEiw{I-ohlddK>IEWe-eiqQ`A+>m0XrMS zdc)3t7Qe$eH2_Ar&^lc4QqZkEOU~5^B)R=Somj<@$Dt3`dJyo6-LalYOmgi< z9q>uecD^N|CsKvl^9`f2^f)FoRb}= zO;Cd*yru;tQ?VQW*cMA6^v&!(oGQh5(w>|@yDSKU%Ub^YIRlu&GoT8-+TdTc=^W^V6{TZ2K6s!-+mv z(_mz<+;nCrtRS$f8(h;0zYwb1Vq8hEy&U*`z!hI=D*A=Ij>KbhYH5ZF~&^ zEAK;WRmyv_c25tX5_qSRyb z1(Hkj4oR*(bW_GK{4_E86SFj%_s*M5|Ji&Yr8LN=UcMN>oQ$x2fhA_kr><^4Cs*uR zYXoi1ow)eRX3TZ+Da^&1gx%%U|CwFuRSTd~)+Bv;9-(a(Z`{hxqtw$z`5FI$lNRT> zhnv{)W~B}{n}9i&aj>$HEQ{bmipLsu)BwNU*B5LHFl!8kG);Ec{M{+DV&Ajd66`LLM5bBNqT$(bCCcX zOlx70vo@?xTdewHTD*>ccA8Q4&>&%k_*b&~FF-r&__>=DD82S?{0%{s2-1US*L*#6 zIdqUQ7s|Carw^1lwdlI};_CzOe+lt+_pPVCucT2=6ZjcB4ke;ko?ZFY`rH7pHcX>C z*Ovi8t`N7#3^Ho_>i_!mZ)IX8~Da4yms~9^x#gA;LB9AHO=R3*DULdiu#jLjgh{oeF9EHg~jzs3x zT*sww_TjI|MbxE|7;M%H7RgNbtTJd9%#dh>s|A#g4&e7~bONAX@kK{45BjnFIY5zh zLTql!Y8s(P#p!4b#SUlLTP+M%yceGxhr?*dObF{M)czKfmz40NhxxS4IEh-f=fv`b z`MqIE0N!XNS0Ra^lNGHvM4z^fB93awgUun8`71-1`Ys)8;q#cR zy1ljD@Bj4Kd5=i60 zY4Q`X?x0G=Bw(_q4)nvf9tEqioM-A8&GAecoePucud5Fy=^p!w3^uc~MXxp~3YR^>g3+!Juq7PYo zISE04fjiRTd6dsXk|w~&IpLG}+R$fseU_Jf-0%nSh(b~vm~l?TQL9;R62wLl^wXPd zU&Y}|+v}^DUHDbNfP+9oc4KI@7Mhr~1l<+_`^+FL$OLUE+?#ckm7v&i53c6xWDAc) zMpLq4&BFT%#tS1p+S-{wU8{}febv+d%`01g=1g#u387|rYQHT10;H0%Qk7?&?$_@% z7ZqSyp5h$%Hdihy|J|Ba;tjBZ=wmKQiS0vQPlP(_4dT#;M&XKZ7YLR3fvBw2kq-uS z_JoVb)aiLIDTMLnM6Duon|BFG-mMKet$h<3I(qP26)WA%dD5y7U(HB2ToGgmOC%Q~ zfPI7|@{68G_CQvMZrH)$6<%<>^~YET7&xy` z#6TAQV(8*VMYNYvW)q8iQD_;YsGR@A1G>S@#Xt_sMOdYa=M1#a&rLsbr)SJ{` zWL(GSCLav1oS+U00vX3~|2U*pN7JbB=6A&xU(ElGPKB2)whQ4e_z%fi_FQLf_DAd{ zE=(1=Lg-cENv1d?0yNw%G2qgazz}TzzS+|5mwU4d&PnmS9GCMRECiHeu7USc;`n2# z_2Pze83O5C2&tt9T`!E+`mnQaf%$AA7*KOS`XG$@jO5Y(qq#!f1QKHKPH(@o-Q36&@<%aouAKs38&H-d!6!x`k$ywfl=|+5*C0jNd`)99_B=Z$q8^76Dou9NP zXs?W~(Mb(T3xShNTh3`9M70t)jU4x7tasly_v?^XpQAluo z-p4&ZW1#19AkNV5jiSO>y9SpA+oIw$KbQ-lXO$K34T=^l{a!O@AKa1jwoL9h!ie%T ztM>hxPz*@?@Yk^VavgmUnFmlKF8D{a zrncd)Pq3>D=k*ujk7v>Rb}43yPc?*FL{o~17yrk5Y1KICa~+D$?1@SG;apUrOvRV8 zmER;KEQj_pHTq(y4AItUbay4#T}`8q6+0z8c=T%Y@ByQWIVdVXiSSJBHNdnON5mWy zI*QzQ*O*b6Y^fPaF1A4O;uA?kSHv!Rj!1=hPpl9ik2)ZfS$0(TvzExiPehm>^3XpGw>eCMO zk3!|q8WDpHh9!-{%IPwKX-M{5jfOeY`h+X$j7vNg>U9#ROslQteLQ#+E-qorz?my% z+Hu&vB7<&i;A&RNP7w}seMei(%%A{2^;r842Njp?Ffb2fY=L%vGaWrX^{sh1?abj@kVt8cTdYQW9%-AZr5b(I)C^{{RoF(h9KpeL#IlEQZP6G7NKeCugvC+;8v3Z;KL3;f_b!5m6 zvF8XoT|D2n5vA4CiPb}H`P2(sb=X#Zik9VS)a#c>qoR;>S42C0yJ_~r?|LGeeH z@$KdW8oH1eqhn;wk*WgVs*z^N&OKjlvBlR?OcGp%rayY}lg(*dUa4vDp+J0(?W<|J zKJGA=)v+VO>3rM>bvHAqPUJVO(y{OmNKS^}w=0g3TlLm?j9&J>EWQ+suO)@THi&gU01W;(Rq$7&&?y(CBBz2Y|@?M)#yqG z2Xe2PW&tOyiF8OZ?7gu^#ZSA}4p)uQxZu#s`)V#j8Y(5vODAcAZrqg57`vd6TGedX zg?nDmz^U+22u?*T2T?F$jiPn^PfBD=aVnj?)YT|b+9T-26*f-kAMhRt< zQTRQoV=L1^eci3Lvme_OnT#2H0VZQkEkbnNAhxFkyw~FS-F$Q26|y3$-+jZkZt4=V zVdbe!7iK0`EwXQ<#b)PhbhW}tI#)9k>)&+j6l>o60k1hEpGPP=m?fyC;c1`J<0R;} zTd%2z@WHyEN+uHJI^qgwhHlfp2Vj6?n?t4&;dwy9`XQpCKge z8q~F)eQCY6Z`EwmzRGL8Rp|Px zQAfj;c~{3&iGn030smI4%CI?^!K3Wdda`GgQYGuZR8ZD!Fat=_cwQJ`mt-G^pd@k8)5h2bCm zA7}e*7O2d(=XCyn)o?-xI3p9sNiXY10q5)${B~I;AW4DT3PrQ5!H;NVyY4Jd+eBq= z?$|$gSo(9Tuv^dr^eKS<$JCqbz&9Jd!?QnqGy}hLt(Ta0 z+}c4eV^=sB_IR>Hx}5X80$c$ug|e~1)fJE>h(0ke##A0bw#XFX^nFOUPZBA5^3rD~ znn!!Uq6V_&Ch|Bu9IKCAka^5_saU-?ICOa>tM;VNa??SVpeNPga+JI|^*zzx?*8XE z5CS<-NZ_vV<6R{6-TP#@*+D#K`bQ_oaGvb#kLa}9)q#T*4C3N-+g(bz0rt} zAGS9=4DM@2aefn#+*HE*A7fMN-M}Z)l3UX)i6NSBFO7pKKW@0J#D%#_zl0@r9~tay zS(}^yxFewYS{O1AR-mu=T8n8TGbf0mKLXzGv}cx)-%~8v&Tk`-lp%@y(}~5 zB@8Eog5O{3(`;^F1AzJu>JCqtPHW^gbXzX9C=f3cJ2_dvn%*PZO3BW&w3Nwuxlao2 zAQ7f%MW2VUh;uR7R8R?R>KG%!uJY|w%aNiRJ@8hEdnXk(_PD77rLOrS_hYE@=bmgh zJ)ieL|EJR}jw-)K0&yy_r-DCWA~oRYf%tj1lt6CGQa1XV!&!<5q=1%RP^HN6UQd+i zbLm{yf}`NR4+>`_V2^;gB3rEj_Ukm=?`m%l7~5dgTC3`>jl7J5%3|y zu02=Ukgg9{AWWQ5JAK$UroI1u91fbKu%76xHsJEGJ|DgC4psn#k)SMD{2lh$V-gDy zi4-IFgWEocODEOc410|ZSDicYp&EvL`@$`ry_!0h#RwcBHsZMV#(p`%xx3xZ-Xyr4TctF` z^Sr72@g#yI=i8mVn)}kj=i@!U`wVRq?s!1A5o@6RARdOf6`WvIlH@62*OYMbQqnKK%N?Hxom%+OS^g#O_1$~|U#9)$hH_O(Z$%}f zpBW$-1dsIA;>EKF3(fakr2LXm=1l67>FMh`y-tf;2Mi0ZzKtj2FTlaz`{dF^FZNxe zY^|vJKuiV>3kMy+FVL7gJN019GR-|C}#Jtwtl+7W%wH&kuao{aB0uO=m44} z^zL?6UQ#BABHrbJ`u!g>sEeR#rE!SYa?YV3byui^9LsLL@es}sWdEeX?t zSYowGZ-NACTINV-{A%tUz{Yl*FSMcNm?4-_b}*2152U~XFIl`>0if;zF(pt9<~4~YAKfuR|*3r2gK zoh6Ltgy+Cv&%S3HtwEW6~fh+Sflv&F`e^&o7#1o01;}7V>gofQ7x~LWCh-6_o{e z{n4oKPzyOeQyzE4d2Xx1cp#q+F5)Y(8%?5Ny8y^0 z561C6xW4MzLZL?$8TJU;*C@!1x{^%@E1ct0KF$IjMdsGVasi3L+H#6I;#sH2h!%Vw zmx-SllHzn5e6lq&@Nu-Ap{WUX$R;3*w`Xzfh&2(2!wq&;Cv_mrv3$72z` z&gJ;e?cb9Cu4AEEeLLJ|MM_Quw*h@I{+61VCqndOEfVS|ud+QD_b3=^C@)MGKKnXV z_JFiAiis#WMs6`Bc5v$80jJHo(y8tW!R_?iFH`E+d=`Z=-0}ESwTh}cg1@NF z9A)|EJ%(~!BW^|+#@U~|#|7okX#tF#V~-|Kw_u;LZQDkd(Pi7VZQHhO+g(*%wr$(C zZqFp|WF~WynJ*{Vzu;t_leN~tI+jmQ*%eY#^P0*mWsyU8#(mfh9E$}j&u?ga_$z{* zL;9=E8C3aa0BJ{jSZ`ULd4!t%rC@Wpkv(EK`5z}rtsH%oBN{t~H*Dqm-1={~`EVK$ z@CD_avUdUV`Gi-!dB3G@azJ zQHI;hG~|Wget1Fx3={olc<|i>LR&v$UC^MOS@5&x`G`c{i=M#&b|wUDA9d^A2PC|a zXYZUA{fwL4H74nYrxlbhFr&ZljYNUW}wRjc4Q&6fu7(bvZU9gV`g`IO+lX*X-3mXs(E_+9Kqh$;DO* z$hxxM3{ehL&{VdHOjSc&9KOv0;Sv9GIGVxj(&Ik%%-3qJ6z@Bu@Q39yxL$3nbEFp_ zsE_)rJ8xq9cRV*6iqc4k5*W)4Qq{}|f;cUk+tl=3gO|JfG!f6LmZ{``}* zUm?>+g1dzQK>D_FcCW9Qd;cBR$bp?g^@M#;h?`q@ft^|$q&v@@Zd(rzi;I;R*S=bL z*SbxXq1nO;A-bc3(~zXLW*5>klf8o=@?aK{?i_)n0 zI6Ryk;Uti!)&^!Y(9Ym@0QHRQDInT|S$tS+FbWhXq*VH>BibC8dA?%&maqP2-IKqZ=LFOmqNc*H!>YJm>5>s=nF# zNN{FkdL#62K@9;Jg^*03d|M#LRe?I#3Pqa4DS@e8M zc+XD%)?-*ZqRRHwjSbFkIvON2m0wU?{^jvqm6(8HS%`RfC4~}@(W<{pKjOX+PtQPv zCRT<(pEdLprPRfhC6vRHubtQcQ~!%Bxu~6lZ!s=ZyD`9b##B~iMN!Ta0R({B$;`|P zUsRNxogJJ7gTf4)TZ{$V%j$dwUU`ac+p*rM8Mv#PJFr^7Px8{x>K;7$L5tWA_A?ZV z(8}ObRcbb`_;)_PASaOrl>-x+%6psT+z&m+7r`f1_EyeMaUm@^DK*8jUUAPrQ$0B6 zm%v3ESrU6VU3CuTw)WRhy~n@@T`qgt^v~!U9Qw)5p5_l4R4){$C(Gkbk`b#<)LO)y zomdX0--!T2En%G`0}UB5c^&aHg*f+!AGWqc zE8Xn!(Ab0C?6(_X%+C5&|Jd3YLsWi`%KCfEQ)qR_)enPX&&*FNB`Ng;$gZ&&aDA7K zv>gkrsTHxInb8A!8_MTRDq@Q}$mrViT+p4LOixNpPFBsz4{Da?YUU?Bd+*>-uENxE ze;*hr**kj)JNhTThbf^M00nS(%QiQB9Nm-ilM%LKeY|to*7)kawy_2x9k47*NC2ZW zyMfb{hBEt9qlBmPn@{(L`qd3OHv>iA(BSfu?aM9->^shdN=u0w@S=CwCjL$Tu0^5v zwPv|!M>91zy}W)<<0Z3)b##@z;~9GX^OW;Qpb*umt~JqvmH$qF`E}xu9~06t@*}p# zFKglNi{XFXmhuy?&Jm&29wd!QmmM?p(|^wJtv4NPJyk6L@H9>BNw@52i+|d%@1paI z+F_5|Auj!i?|$lTNTC}YgX-=35(D+5+4lqe0zbWp2a3kl9G6^|Z2qYt_{m0Z`qj$P zQ2)!z$_pMaJBM@%H1oJ@OnZ6xPt?-(#st*yb0!EN3989?$b#NP!s|P~ zLyUc!POohuJ<8>@NtighHhl>Fcp;(s*=6zz4Lr_NeqNQ{hp9TaHa7uVsHb;rW&Rw6 zGzZI=dQWP~i8 z>^R5#tcUuQUcvqCS?Iw)0)RR~U=1)#uVFoaYn8HwroKg@Nhb>>IkDjS^?jF96*n^Y|;rLd1=3<|5l+Gx%KbK7UPDu&at$B z!R+-cZpWM~XNTfbJVbu@h+@UbnO>JqCTn6DiaSv2VHywteLNfP z#v_t94gy6Mwdr&oDs0UhsV*0CgJAg<$o{<#r(21K3>H?S7Rsv|af~dQR*!h|@LfJR z&VmFW*8a8h6G6G%vYPa;iD7rtI({FlwJd?jD5WO-_;AU~Qt61ugAkMhTeXlYNxku# zlo_K+qB+0PI__j4$Z{)_oz=o+!}Qa1*pmAb2-|aWAvj*YsfDvzyTw$yQ^YgQ5sQAD zTBKj1+Yv6OrOr#NuK`k?X0(uDW}U+HjXL3OxG~#m(hC?GRJ7UDbs%tWqp9f}zIf8^ z0Ns9w&pHVe^sh=P&BC-&1;yb1*6PoRH;pn1gwo|nmUuf5ZFT^4F~%2 zUM|n^RSoQ?N{CTk7(p}{l2_dGF!~-wxdX+fMl`uNjp_BFQfAbwrcg(yUIn^ zxkt;$uiWU#&AJOQ1Z;OgpO8X!WV#x?&hbK+qoyq7>k}$72o}fqQsj4j;v={?gKJpi z8VSCVa!~b*zkrD0wF#ncDH@%;@+D@Vp}k4@v|MU0i78K9kazvrKc5a~!zmOrXgO)dRIcH}C^>E^L@iaG z!ZFC6We8=>$~pZn(CRfK7pE>{IY+CQ_KArCMeKiq8iKb(AZ<6)Lbh{o((P?-vz9+z z@l$WFFQ66VAYX3fl`1)#YiawMPl%y|vRr5|2+ITw9Hr+pmr$(kCtRCFedEx$XvZ$R zL4uynF;18C#dkDsTwt%4r04w@Vc*Z1Pcgw8AHyz2d9SNwyWuw`N}EsY)o=QGxiAah z!5K4X>;++U^`mAr}3j`-}RDi@Gi<{B>bjjqk91qXS5f%Tp_Pxgr#Y%kwKZnoQSxMx=CE zlHD1^(hvax6LWbm=rrV@k~8K*$(Dk?slW&;tsgJKvc>aTz;~Xd#R{f&3Q~fNSdR`% zS6oZj9_%Q2^pa5bkzZ`5Wa}BY6*i7S5$fd#O2>E@hTCrJ>gdK`)+xN2gT68!S0+aF zE3Yiac(?!N$QS9@3gqE5G#c8Ju$t(esA{pzP4KS=jT^)znxI&jPTUGcT>?X&|=YVmXKjX%!E)VlILt(Yv=f*C%~=7`F-!gxE%&P+V z-c$~-JwoPVtiho#xVUp@ z;K6p6j0YCHbg1U5=FLaI9g>oRUK?K?f)YeH^bdN_gOV#u*Q>yGTDNpno3Lh&km=(r z*YX>R!#8;xrsmNBhXX8aajw>E*x7etdlnDV9Q3!mnZO|C1P~DASMet&rH3c5#XpSo zInGVf>AHe(Df?|n*SE0#2}acW)O5HbA}c-k7W30_oDi;3zK7Roy0|AanMSg9D`2yOILYI4NR&Pz7+0TvtwRv9voV;-e)kZ zHA9saQwyc!Z`lj!Fo3AZL56y89~0Sflgf*KZ#9`X-e!8q$Pni(YL7^`VI4+bC7XWz z(Q6=??DNm!+K;3vBW?cDP;}f)NWrU=mGA2Gu9ONFmTLGA*v+d(7VrL&WKXF;aQe*k zSr~PJ9D={H)kRe!DW)B$l+!70F$)(B)sRHuu8@vW#^DGlR^*^We5{Xa+jXgC zi{`jIq#jX<(HN3*QukDi1f4=%?VM6eM~sBh;qJXmMxi?9rEE?%T=Pd za*Sp96=_`FqBVl$XVz}sr!k2k()IEyGAsnQPKsI@%!X#{^e47|az>;Y475z%35YXb zmcXUlHOVlgsE{C^r?mkQ$0UC3D(v~8Ys-`?EFZG0j3vqC!1GA8&&r~)%&Kcad8nt}$n*F*lN^ z``g>@vRdu8e@gb{_Fwc>mgFZeTQ(o%WLQfE8kHVLitz1g7w~?kex_f%$0C!D@JodX z(0f7g1@Wf~D|INtU8J5aP@VPCmO(tb4lF7nml{c3ibJwfd-M4J2<8CIT=K|RVXZ!> z*pu44a5Qj|;Cej|_LQlZMS$D@BteLqHGPAn!TE3p%Vid;EZLh>Wl_=*+Q_b3xUHug zNM$H(zZE3Hm@_7h!bI9wU^S9#HRlA9Yt^;gJ;HHGmUT>eA*Hp744d{Z5N94bU#P_pH5sVi4_gyuAbB@xTI6h6pj0!=09 zFg8rJsdSaRf0gRV1?hpnLDd$_ zB3W-xD|FUwt~^elA9K>B&2jdAw-h1*8@bti~c#;K3MHQi$f~3kjMsY z^iMt3o@JfuK6HH6(BwXPXT+PL?$2Aa5sue9;@C_$wHdYZQk9hK28%WDIXOuyh$G4Z zdxHD4mZHyEj*%l9qLUnC?KTXV>~$Y;)&qd~{SrbTm!#QrA3<%BS=`076-$6pdW%-M)@KdOoyq=u~cCPoSN*lPCys+ju1G1g_r>MnfNM zFr7xnYh8QO1`b&0^zXHDA&_K3pB~0E{NK8DgipwT9X&2FpUY>$R6g<$q!!k>--1mC z#3HJL!x9&_-}x=`Pq`mzHcO3TlLszcNt1eAZcTSLzpCs7CbsxAU9x7YGzV`+WJ?5H%#KCtmMdsyS!nEJ(Vh zEVk^k*8l8x+oWDe({yCFK6g@WXf!oW5EL(7rm6Tg?#(E%HPRHB6S= zh$M`XUMKD#NlElGc-T7Bl$a*hsWH?)nlWNO81I;2ZK)jo{<--NuRWDz;NtBdYl?lLZVqT+odcDiHMC;Y_qAx;v4`=D$jQp{izh`pGVwP@jN`D3S>76c z498faQ5Hm1SEOF1s82~}FxIYc zg%MsdFRlK=Vo7gt1ucP}b6KxRaEXF3T6axSF@Uf+n^rX7@yP**B!}@?{RbWQg@L~xover9<2N=7*@NG{ zg2(k7OOLTvOQ`{RzET0^3^uty0&b2&q=ehD)2yd%tq9{>;pZ!GMYJHga%)tm&IAlj zhA{ZZdBX0(0O!ECMJF{0k^ceTbAVCe2IwRP$n6>-FHTRTb0M9VsU9?qTy^o)R}3kOoVW1!6NBb=RQ6r_3FysUHur&R7=$UI|`cT@^4>#Zthz=S-phZ=f|>&t`=wz zbA<%$KmG#;Tr+m1=c}-h?GNSEHU>$yQbKow*f?AzPcVxY`+Wn`*Ou8T>YVb548#3W zUv&x0LE&r~o;6o&{a@f$s4gf%A~+aN_dySze036osdqb|OC*||e}(u!*@W6Y(mBt; zb2xWhe#*;L1N|yP5NQ$dguRBAnNb^}H5cAVL6k(3M^5=1mzbWJLE(#F7EZVPxH09O zS%$VQ1&_?z@7e>R4II?&l*q9#e8N$MZV4j@^muY`m_>qFEi$i~b~i{m!KME=@eOm} z_WO^3lxgk}od%Dz`nskJw`_P#0u>A50aMfYJ~{(hbJLTk+k6s#xZ(G!U~R z8%$YrSJ0@M4+R7He84zJhqtFCzOoNv?cDI%T!tGd)+{XjZ9OKV*K=Sc@5bR1bCigs zDvE2Z4woQB#+lF4vWUiB8iVflj!^QMI^D+yQ?9(jv zm*tmqd}2VAdLg8>N#A`qvEggMv(DL&K-)S0yH6v0blxQ&b~#ST5!2IDI>k&T-#)-Ov=q`#lL3@+)mF42UOtH z^4G-gfpc|@0ewsiLYbUszvZ4MX??#^@vQP7*vo)HxuDv2N*H-r z1zpN%zY~uPZ`{y4V{SM7o#dPiszhorrkTB#u`XxYuR$BShQS|sQskR%Vn>hoj2oOr z+Zw67s)=3;?1!2oGM^6w3-Mgxz;$tS8e9jqq6#mgo(YrHb~r(tSI@5p zh03Ozt7;2t%YYl%W#wrbWA5c;Z3kD&Pvz2`h?_=F(TtN>WE9l^4jY+&${D8de4*3) ztr%!Jzp*Ahns|M;M2}>ouS)4Yl70rmj}|P)7s?Y~f&e~m(kU(%qT>fusMLStg63HE z&yKJox+7QvtyzyKq@`PN2WPBHl*Kv{hqQC3i9rKuuV#yBHCq1XV--c!0qU-Hf`a+i ztRi}Q0GMf=U{peA~Tz$>%x%*4wh~Dpc8YCNnULEOx6J zoSiVA?YDDuDABiVSzrs}+r#FQ{Hba*&bsY&;BY*J-x0^y@71U`;`!)YkBFOw-#0W< z*j&^ldTE9HuCXYu9C^|w9-chkbvMr%%i3BNTW+IS;1wae;US(M;M1#A8A{}d7B1)} zlPAF}q+ui-xEbK?qW49$=-9ryb?OvJ@GGzgL&UpzCLC%Sd8Y+l>)iWPQ~nME)RXDB1T zaT*lWO<{Z}sn1_8YL<9sRtrp_sP(KOIVM%cm`TVyXNXSjL`>ta%=-$4Gb=F|X^$F` z{*o`imhq}Ld=K%b=9Oke)!O9DU}=taEy&^4MS9A{H9-^Rw0O%Ype z`|9>+eK-jYcOvkg4_v=)VR*sx?OR+t$?z}3K?)!;A1w*8OHkNc;+zrAigso*FLSP> zDj_Dt{@GmTB0s76_T-h?jpwN(&F~@Iv+W_|QC;i z5$id|J}?wLYJ6HVdmGv=YF7PA>@Em3RCR&KaGrN(FJiTj!QKDj>X1Y(Dn(|3JI=%= zA>YA9r=b4ce>?SdkY%{hOKt*HVCtD~4!fmzq#Ztm2dDY>mm9~wUbu5)?}b_PrPPoa zb`>CwyNf|p`nuNkN@jm;J4Dul0e1IaM8IP7qOXud0AuOe;sqtX9bcZfm?;yAmlt*l z2FT#y(*Jfa^lu6Boj-gj0Y9E7e;MSUy{n0lof=6ejc2c5cyy~yBDmaH`thm9?uT&d zpbB#un1AyM?xro@Ml9D}3}bZq%k|QjaGTefyx8jSZofWJBDn5uAENIsCYC3%WS1II zo@nXDiLSzLGdLhXdi9Wd|hl$06f9oj=PD*ysQ|)P{|`V&+m#3tkxl<7 zO&^rf2LtqAVu?SuLb}{bcl{fu@7OpNwl* zm$UM9_$_BO-vMMWEIC~N!R)kK7@I)qmA?ySarER!9oT|-p-&FXB9g&&;O!jpGdxo2 ztXSU5WP6aulkH${UtgEt?}l=b(4wjH5Xn@6i+Pcb6-CpFbICVYb|z&NMzi7}2sa|S zUb0FMn`$Zq$T)C}BWM(I*t80hxYr|p$+l)l*u=GU@RJ!wd^WDp#7X`{F26-?8+b6X zUV)q$zwcyKpng*8t1aC*KnWvc~uH1P$YUhgVnb62886|IbMl^zbo2y&o`;5H{8JhH7IpLW8W0D%* z``0S8uG9H3MEzFyofdQbCd!cg2=zz4(P*4Pj6m^cZT4vMav~ThH2u_*-aPY~mHD?2 zhDh)s^-QhdR{yQGt#=bRh|2G?eR4V#jPtNVS*pzl=hW*76v3YwF74N=H5`E>U;{AV zxI<>KlmM@JdgpQ*0mLl_ddaK?Wk)DaFc9nkv581CL2k?IJYTGW;A=ukME337u77_Z z1&5)UD%O!_ejc8h-oe+x+?w9wi>92bpc9R2p4uL6zj6okQY5ttS0;9Pa(Fvy%Ro{< z)DB-Yv>_UiL@uw*FjRmH%;w*+2OGb@{TArlb7J)w@_p_US<#K%A-qrZ3os9wt!^jI zJdSEoLRuG62vGvILM|93X?;8k36eHMg+|>XLDgO+CIp)D`YofdCC$ z!m$IjIRCk^H}u$H66WVMn061gV5C7o)QiipF<;n%d>o)*t27f>P))oI$&~b6*rmqq zCE?Ql^?VrXXpXMiCO{``eWo@Wzw#I7s=8E2szszAA~G=K8Y7LUv+yW4pdTnl{UoCE(Cr^xfWMUp|iZ+F%{;)s~bx)>ree6RiuLY`B zz7k66fWg%iR3WzgizoXciezH7V4`^xvf$Q}4htczk`9(%(Y_0im?{c=IES(G3##0@ zq6}&HB4o_&JnI|RWV5Z6^VSewOwqOv>rl}zOxwihWeX$y7;cF$O!&szqHc?70ZszH=_y_4o$TOV+nl;3 zLL1|o@>U7@E&Vg&HGUo!Qx$$=s(t!s7SdTaYlWz9T(|l?G>+j2lixCb!bdcyvQck- z$75CFgAvr11vuN}xm;SZ>^ez36Jl4_ng@4E(o-cRV~yx7U-`^X(i~NihhTiV(f%bB zf1G8$!_^$xz!Ah-=@?IE%z62Kt-jlOfwWV!p!UVUC;Cv-^!t}=O>MC;$3j4$PPXjA z_v+1Bb6~2vD_C7DjtfQNH`8WhLKP49@PKlX4U98kr1h*)Qx&~NpIq79>5U-zexV>D zR|~iyDw<%!sU|J9H$XM*?<$T$3a0<6flvN~R0I2p7(|xF1mQZ?m}L9R?({7Yt2r^7 z5nt>~qbt*M=NEx6Sx6Ch_KzC9oF@BAnJBioG@flJ0-10bHy!b%exs%`0YTXEhEt5^ z^(s+f4AM`pQqH_1(-ZIeg6W?S)ZF^HUuOy3qS)=!m^A8vlTd zEfa(-*SCs>BmSriTZP=tQVr{armk}WX~J4*pDY^GiR=fF;6Vih6v9au zM-6PNx45f`<;V+TA~YcF4H!Wa z7=*e7cq_+-!<&oqNXzl?r z$p;55%`vfD9FXKg-tljLQbC_xfZ)H z=#n}}B=;NYX`G+FdfhwdQ~4b*5aH_MN;eQD9R)_Hzb-|wupJ%_n}!cOCMIN36kEOE zvxOwT45!AA;BRMVXj_4JN{z!;UqeuU>Vy=qsL=D`xAlS>V<(tV>SZtYe{7^Im}z&< z$Z;)2{Q^4sg=2L3{5B)-&&zt4`CQZ+;4m})%Y^{o4q~3Pc-MO zwa6vAfoq5lTusa7ls&qA1^rPRNzujrKnaU@anTK>GsIvXn|tf?#moljA?Ce=St{h%eCfI-5;e zdv%5#gz{Civ!{{{qqW5?Oyg>074zA8Z-ih|l@osXS@YZ5Jq`%cbv=WCiBC~Vq2VRfhV_bukSnvvUs z{x#`*tk7^T4R=(`7FRDw?M(QTj$_Gvf=MaRs)$+PzJim9nws>rm-Zo?*QaUqtohYD z-(Qa?LJqP`qlGVQxljSpD&<|yg&nxdMekj2!l4}R#&^n5;a+Bln_+fT+DMZ@_<_+k z;q~`n$hfAT&?Z&Ls+h&znW7jjeFk0UIBG#c)&l+MD9Bdciu%8121%g|T}TSm+{h?= zkc7vc2z@cZ3K9?11JIZN&rJ!mf*f8RNYd{pcH6f{GegaqfLx=n>wEFpy@l!XW5Kcx zQUd;r@-2}hYip+j4MSGNO>UrM5$z^d z=a+Hm;by*5ut=9>m+x(^hA}qPkv4hmC}n@?Nt+9N9MnskV>qtN#ZN-SnS0C~kg!2y zTToX&e9VJhV8iN2PdOB#pF*;UcKsmo)U$A5Q8ML`PB0(wyTePz55p^wK(|z}K|=L}tCqj;zS0a5yZPfPD131VQO9lSR-A~~&^#+xLDA9;(IK({ zqz7c(@>&Urc~MczpGm*G3dOI2=GFd14tPC=1$Uo-KdjazCXXzEu&vR^_1AhpjmLi9B7$X*g0;=*gkk`hhkt z3=A*Pue@O+cu1boW+HE4veOnrXP%(BQqnv6vyAk$^h!yba>B2$1KkdlJ(oDR%gBq# zLt8{%WO)n;%ZIgPCEZNZlENDF<@;o@$bb;E2RWzFp3Y7O)%TZ+p7GJKQ#;WTGlj*b z6*Xs9gk42|>cE|I)sfvSXE z&6Nu$7`C#Lo?LVJ$@H^$g!QU(Q0#5*l8zsgeNa0YO0j8R;}#(Y=O{XAMC4QsjOvZ( zPbl92NR&)_zX8a@r{Zq)&T6ob!!n|gtODWOy45IWLm2W{4fltJhVgYb@-tBrv^O5-!&l(dv;tFJR=-LmlR2JgjW)*{3x54jB1F+1 zhiBllF2z+Lef5@&K`0gK-44sj;{+UEz2+1wl!*}ztL~KQ5m8vd&^F`jzIjXtmB5w; zgtU^J&8|yU-{Ap^SiY79?&RdE5oVSG#rVlg0Lj8!phr^Yio{Pvo*)_4u6aoA^3-3d zfs!)Q>LQW8)_%9BYyJtYR707Mt$jeU*yQ^?A(P1~yG|Y+bosCB9HU#eA$cwnLQd12 zTItPiY)#e{DswSA%pf~sqbnCCt0I0ZV$xjv1)E>+`>BIj4wruCCv(eIS~ky817L;kj?75WEZJx> zEVoNW{oY1YPpIAw!4#cx+({%fbve!ZA&!hgF!;V!7P^uHiOZJ>McqqCb0 zOoFVm{?st(QiySMMX$O_6>lUI`cBthX#`Efk)n05N>!8HYxDQw?NTOM&m52-k^KoT z81>f89N)Tq$gSvaFhWogYIOsgoE#=<=L+Q^S7G;2y!F~mh5>V~%ZX9)P9D!=BT&AS z98#RE+Ep2gRUZz9n+y7&sK47@naEa|zCL0+caOk1LXhEv=Cz%3ISK=7ra*eXC_(+T z-h-@u`gn%j%zjincWcP1Y2WOADHL`0HLnZ3S zLARcS8g-E|qfO*PnLPlWrA&pEMu>KSwcHZ(Vrx`+&!teaN?Y#HD%6RGWKra$3fCE# z-A!2Z2y@}<-sNw8DCu$dsWQm*6WSdpLF9kpX@XZaR1621DwW1(CL5Gzh)~2CTef|J zG~`={;{lI$-56-uZGZf2llgv5HW{!bFD^4Wdq1#Ft*y-@zTfkS_+@cF(DpaPXdn<= zV$i)Ita)@(O;F44<&eQl5YJYoxWT9I?F53uxFpT zLL-X-7&m`#N*h-CO{w;hiD@Y+6<5SUZ4e{c7Q){J=m|vMm}r3XOv$;mHWCg-lHbOzj)fB=g7e5FMSnvu?2E}AX3Eqm(z__1KC_Nt`N0_}_5+{Sx{bc%o#kqeUfRr3E(aBQPp(ZPHCB1CQGoj@X{Rws zGpw;={C2dKF_dc3sEDDUn!>4BO2KnXz4$|Kz+_}2$L+Yk66yT;`{>wS?5VMF2l@hg zm_o%PP9#L@e&GC$smwd%O?=gbK3k{s#Sk{f@1JG2CvHC&LbQX!B~+22SK)`HU|&T4 zW?wLMlwG0bIX%2r z_4Fj0wMw`*`mfWfcPi!UN@c?~zC|0pNEsoOOt?H(W_IG0uE>gy{wC#}(cY#pKC|Tz z$yCb1gWT;ZBaDBnwk!e#El&c(s9K1G=z(Ba@As4>Ja$RO0tsYF(RNJFxBnFTq4sn&OXs;i{1_Dl+C~Zah zu*9Z=Fs_W$rF+6L_jFv#@ch>P9C|aA-P(eNv$0Q1{3U0j3HX~(8?y<$dE$@qf|~&* zR)l)U>beJnc8;KBpY91~RDHiLW}C`kI9+j z?|eM#C~8yrK_P>nyIAPhH`P5>MF?u`ey;TR!UA7+XM&m{ATO+6XucZri8D_cXEys% zr04O@l18Bd>#nv9O!R>*3l4K!%uy(zebi)@FrB|%(sZ81Q!Jm>NO(!bU?A!y6)tpj zLP}<{m&qx{b>38ZpJn(dc5c_hhn5ZaW72T(V_kiI7FT7&&bxcx5mHKgikR`^V>n}< zX9^qz9#}v#1NG~^?(NDJS3he45^`g2UPNUXg(rgmol?gxk(%wm2;TJZ@jI9}w}Vcn zENmr`QRR;*@F`@8-w37-kL>>qV8_Bl$Vg~sXbH{3^B;!pA7IDK#QdM>A7IDM$jtbk z@&5qqI9Pr${(k~?lW#8an+A>G&&uyc>!!|>kU~|y6oa{y2{dv;oqL{zh4Buc?5{_*c^Q!S z+Y1N6lPtd?sU(2cKO`U`0xmXNdl27z*WA{K&T<#>5U8G+GZW}A2ABVnKbDcnVITp7 z)PMQ+2SOE7?<^c4j5DjeLlYP?NIC2`G&CE0>|-c6Jb`I`OGU@8`1b*k!Qthp?ajr> zJ2_a{cm4nXIoq>eJmC8`5I_enU>Tmk0`D6X%@iPxgQ>CF&Y_+T0$UveG!NSd3*f{_ zLnz_&A0Ninhh$}`X9ZeK|AZ^3q%AFmjh9bUQ;{z<1(aui;MKrY`@{eCPsj-94oD!G z-3HnP{v0*ZxBf)fOaxyBpt0z zpj1rIxcsxn!|v;j5X$2a08~~+PC@+FjfT{M)Y#C5lhJ;Efb_vR{0>=vf*$$D3tlO~ zZ|f}iv}G=Bs=vtr@)?|5>-UVzf7;s_)44b~m{(V`m{&Cwehf-@nG8$0Q=6sH$fDoTI+w2F`vGXLe7| zU)xa0n1~cK8h#AFKxQ_PPjAy|_!FY}DcRbb^Nq~TPOSFMj)3^jC7&+;VbULSPDH|eW4oU+*0mp| zwI4f|AED6tDKXCVRD4}<`XA0#@MT%}>!0E0AF}yVqs=KiT)b~2q}Lf)E#Gp!^j~e? zKNFjI4}QeZ5#zT2j=-Oza+``u81S}cxy>K7|_QH@uHH*{>3Rw5KY)rs9$ZPgv-;2w9 zi+e93(#3COYXzWyNI~SMbwJ%7z)cVI^}ZR2Ugh}f;{Vvb_8{Z3Q1q^Dj@}vF@YkZY z_so@4%UA<8f8_lL-v}1?&En5*d_=z-GO#w(wf^`_)hTL}&vQEu^k2XY|4Brl88VYw~1KO(D`4ZD-%~P?1D*ZAq6YVS@pq>(( zRcl3&Hl#JBv|)&TyF97~ch)>GMVjp6JyAypcQ%{QLClxv$95nMY$H#(K!Mfa`B_xr zE#7@0k&w^liz&P zrVA8zeRs`8CaSu1Z-3!~5U$$s$oHRa(=f{FW0#Y{y;XP#&`+ebK>XZy)BfD)PTlK z(`}{dmm%(XoPY;TBCc6*sBL^*F1*(4eU|VG1c5c8#tJWHxP+Jm!1X}G!@K+=D=!|! zJ+pMjXx}o9oLJeyq2{gIv%_3`J`f0M9m4}jDCxQFnv@N*b@bNSpQ_vl>|C{I4>xLb z!P``%V4F}aEmYD)l2x<1l~@L;QyDWIi7J3HM_B2&=^!*EKot04Ge{jK#~@>E3+x~x zmV%9zD%&;HBcs#Y1&-7QZdQSe^?NkF#0CG1dTTa3Fs zBO{%z`~uH{{aAHHc62GQ>%0I@?D7(WuvbTG(!(w>TF^|(Y@w@Mx zRK{~)nzZ8UT;z#3ox`>&22P}feWW@3ePZU8Uos99`M*@R>Zy<*J`;ek_R1)UDJ7(Hswr@oafQ_U#S*$q_drgcM3gZDeT)X zPP7T2NlsqQhHPPnmW1DDC3(j#f?HBEUEnLD?v6BiTb$v4LQJ9fGVJ=Y{Q zZinaQ#CV@vOI=XT9+)+|Qvs;P#vT$>@Bw4$EY{kga*f(MBk9_*kS&(siGFDux*ayG%R9B|;V8|IZHyBI=*d##47*IzG^bK){Jb%Bk zy-9Ar+v!6Nof2ugKMrp_SPJy8hel=clMSu`Z=fH4n3cO%`2Pg%z148aKa`GVWeQ`7 zcVKL{Wit3%;#WVzJqLQ@NpZ5l62l)ZWAw#w z(x$*@maI(hr@9+U4_b7VESAhZ&Ae&8J}CbJL-ZPf_CE+vMUVJKILnWl^IYQg?(q|< z`X_N2B-Xy7d`vH~8s}S49z=gU3uL?0xS^|0Jho8&)so=Uy=aaEoV#hMn&|N(sfVo~ zdK{+BDwJG{*Y4Dnwc04?>7ljN_s(Y~b}q zrD%8GnBm3!`lE2zboXVu@z8Ozo!&#R9%;S_ODcyPVMQ*W!H466mlZ&|-aT~(brMQH zB;ejv)n8KuV92TkMKv(^MZ)2_2XTb%lrkIcqx;4GN>a+@|GLJC$tM`S{Mwk)^3I3_ zwv#d+X}$|@4NYK*^6FR6pMe}twt`WDj1|}C_Fy^xIdXWzf_@bv+OPVqdAqUKl7+Pl z@U+Sf*+Cmgy~@GVNRL7reyan^bG4&p@7k8rs3(#}jE=_s1GIV3g>p6`b6fcuKXJG+ z-nO4tH(wOBgZl^J`+h0d$sRR^Mf29QES5>hIX~y2F~K2dvUOh1&MbuiL#MrS>vsrE z2m6zd)Xc!-nSP+3@}SfO;{ItsNaRs(QkK654OP3S>~z(|%AIKm z4mPU!l1b`tX=%8<8J|j>p5L|V@^oU-)B}Wl!?JZ2gD*+yof{+-TF^u6yX)Xo2Qm4e zX|1d6sEHw!qih2s%hyQF!Y<v9+*I!b!;#GuUr&Eo z4ST1i2*RR=AI}z$mB(8lhzEwG@6Px5*+^`cD5$lM4pDb;o!|WS!1#?1)}4RY;kP6e zN3E^=i5n{ej6Ln%Fh-^b&GkvZTTRnWC7=JR8w8~wJBfcQ;`WV6DZian@As;R^XnH#$+SqLGBo;P%qN((f^{&l+52+>fayxWd<9Tc&=tN&{{v% zbzYZRe1H^BRK&mq1dJ%Kc~=yEZ!W)8FWewXOp6!2r1YxYQFu0?R^-!0pMv(?*(4cS zRS6fpM;a%KdS!suttmkywOQVwKo^L}l@FmqgDqA8q`a%&E6Lo>+*8w}pVNf~y9sMRuWM$ z4ML#%T0f2h^Hea8m_vsW0*3YwA~d>f&>%8MT`7$K*PBX)y;oPclm8+rtPDbgz^5=$ z+YM+Q>>eAJvC+8k>09#j#2 z(0GOw-mYptPve@#33{ZvwNcPDEUN*h6g8XK1$Fyx(AB8(TwU>8?^>Wh64B%Vr<$N`0}H6^fwIE6~zk zXoXoxvMbPBO+vfpha8cet>V&i$?2B>FoayhR}@QgTA6UkVvgRRrfo=|F``15&mfS@ zU@Y=7DoOacBlXDuz3i4HgwN}>8e)molxs=;eil3ZXd}!H_E2zT)umou1{#OUXee(S zunr`w&^xOU`Jfc!-jFqjQt~5|btYpFA`&}tMKm3Odm@5w{*7COH2KahJSkh5-~6l= z34D8(;M%I7*mmFraPxma7jH;cY}K; z5xl*AjQSYh0_R@i*7fQ|r;DaYhomL1E$?Y{1eW9+t^lM10vFs(EuwTk#eP&i7b)a? zlS-X0_;I3FVN-z7V^iC+haYX6prz7CbX2L4fCF`S2osH0jxBtAtPQ%#@US%>71r;{$)YoOCRgk)hgg%R|c(^9u6)gGPl+G?{Cz zzj}wLK_{X*=i9B@dYpULokIzcvEtnb-1YFHp2^VXP)#h?a#0RikR$sD&->d$HHY1% zz8kXn#HXY2Dkone7EbEncj|q=R}TajI4$)ZXBW4pK_$68Gs2g;i_u`0wlXauLg}j#UA8-@;_fYMg;3p#H<*JG=Ty5 z-=^~)pc=7iovzo?N{-uN6M2rT12e%mLKaO3ER=}EtW)<(C%(fvS#^9V-$#v+&2|vS zCh~I^M1(eAk;HAMZctw!q%Bb(4(F-JlR$0OP;`Cn!Q*|ABL#Pw^AV5RI@(cT6|1D% zM|}yl=7YyVSq*lI;NF7AVR~n+$(@6hzk?xVM-`{)E6nO3YH}W;3=)khHWb2Q2 zlc5f4YVhl#=>QIH=4mS_&?-_DzgqJ-RkS6XLkv(m7=5qrystWNnP^Xy>RbWV%MVX? zRYl0+A#Tpyv~5YHXJ-#C5b>WTb8HaD^>0beV-d?kG4*pq1y_kni|jJj-b*N(lP!mm z#Z5cg#`%o9qFIvV_U|T3`D#|l(~u~aehvvZpU#BR#=YF{C$=7gNk(>}6xfZbE+a&a z40V>h{5~SRx-bsJA8xF!Dv<4dmckpK&7OeW~0lQ>@Su5@={ z#;;s~_wm>^mUQ(#Z#v(^b2w*)V{XQONOwYOP`D4>bk#QLqWT7RNg4|OcWToUhbcS; zAAjJabu<2=!2(3$FNwkFH)z|-(O%{yFU9i_>-@5@<5#ggwzo+L2boX#Um;L}Q_Fr{ zP|4ul@j*EbPg;_b3|lR(07s!puUQ{I(Nm+m=?Z&^sniPXz}}|7Da!Vrv%`hN%-TGzob^27=Jg zO9IZcfGPzY!^*k*Q!T%NX0`(v{A zojrZX#LG2gxV;{H;Uq?uf1V7TT;>XN4sSStrhKIm#wF=XScYEE%692+8EBFQxAnyr zaabSy7Ni@>Z=xU*ygGoSBz6xIe)gFI9NuD-;?!O^6|TwL$5~3aIoZAwsnF)}?8<@{ zHIe#brEWdV3mblew<2eb*cAI`@?X`w;G@~S-aU%#VpNd!bP$(6cm?>W*}eF9jKQ0W zOmzk_mkdfFTnmxhJZgKYYKp&-9$;lWAdwc{Ur4X$q2;Z14Oyj|oPjo}vgPcg&G#T~ zW7RUJ3sMFCt|Keex5KBJ{p6%=3Er{p?A7dfD$s7;uUnU3bm3BN1@UkvnOE{l+wqeN z%T*>V$Km8KOC|jZ)dF+BMkh#WQXtJOe8*JlP75MTCTe@c>34_VWtnlAD}?cI$Q>lUqi!T9Nsv|mPg&Y3jbVrlR^-D{|>D`l2;dTKT0it3Mv5c-~i-U~8HY5XPk|njJdKFjB@vI2fb^H)~K!Zkj(8lZ`mMMN!keko@~1u^vY)4B;TYwztaGX@H2>~y48XS#h|6{_D#t!Rws zxR(;Q-YP}`#sE?;8V1e3Z?T@UGqaJdk|Jv2O?CIKMuBfrr!T*SU>igBA{>+{i&F=G zuNHcJ#>E*b)a~hgDKAGm5yp6#!Gvp=rT2REHSFHHttD3YNqSis>7b$1T%Kj+QCM9BT|g)eIQwYO>^hsr@|fV*_pVMU`{*HzxFf?VPAFuW2L@ zZL|}9={5E!nb-$Ag4Whm$ZBbe#oDL$((EZu(`x=6N9}8CpBf9ddoAUHkG=Y<@omRy zv=u>MXy6;c&a#a*2j1qF7a{XK6(x}zE_j*mIKkBIQfPE#DRsA|&G>fN%#(ceQ$>7Z z7D5yLN$&{pBW}{~{qT=e1DbXcYS{cOSMUj*-l^f`~fKLrUP<91y z%eXx!A0o7baW+R}?fX@%TJ~Wwy)N?EFA6_{=4}2oHP1b^EKN;MJQ0lG3-B%f{(+LK z>3N1H!|_mrOyAFfvA|znSESSsJ7e{~Q0g0~p3yOU=Z=IwYV#Tl+%0S4k%n0xR9Z%o zU?gtcQgzn(iC7jWCG7p<=xFdXXRzm85xlUf^x<~&5V-(M>zJ`m_KQL|Gf(r0wG`@$ zxTX(RV4urf<;-X&MZ8egis@cQmte`)>Mym6{+Q@0Z{}?E9FeeT8bzq0C<8EqQqzrd z345}7Wa=qOYI45``pQ!-b(CnQ^_oEwJ~87P6K;4w_u%==O!)Euv?OW4AHr)~*p>G) z%=VnZ@;M79@6ieh8l52R4H3+`D8!sDr$vBIfgjVE1$#9R0+I8KA@=|TAvQhei?VEv6w z43MxY%>1iL*XyUKkl}zD<`SWzZ3PULXcf)*SG?xH7o0Q=ItG3g;&2W>zP=S7aX+}G zd+B`RUr=cR3A+WNA;r=}TmDu)sVv`wFtuOoRBo=}VAWwCrEVZ%@0^ILjwnBsE^h_r zTj1)}&^Wd?bU9G~Ap~*0kmG;Cp*x067qbU=6LB@tZ5rCLemcrf{)OkfT8`=ABFcro!|6 zV9BoMENM_=(YRENmdsyH5i2zB*n$c=(l`jt7a5PJq|B}?>HQ{`4%)zQ#jlmZFXj_9 zOos(9{xqn0c?FZ)j{Fm!af)(kH&-*J?i?OZnS}@eLzeJUkrx@o7c-g9c>|97ApWi| z13P8?21K2Z$uL4i?u&H1(<+s*O5?o%ohtso40^&2u}9ClsFWHET;1^;e-f~i)#?+X z<$a`WonDO8)MX*hUbMp{AB;-=9^V!ZJR!$?!Rr*C&MvdG-7Z1z6x=tn7dq(;D2Rro z98k*S(c+{e)ZSBL6_&XCIMZddi665+gUt)$h^sAG#}hLKb_Xy`oK9To_D6l89O2>W zrCkDN&*nft%WyNl0+^j&W$3YR2|}IYJ(rQ&sTGsT@B32H=1+6wOAQRF-)Cr;yWcV5 zkBBb3(fjN$0--g_$+}@2htzIf^V3bxH0;rFn^9Ne%qhQK#(HbSP0;8_=IqwDFDSxKA@ zL)t;e*%Dub+@fg?{ZtMDZkeQ3=$JYEP=d8^(*;`RdX96G2?i_ZYn^Yo6`aX7Km zbsVbpLz=_tucseh)5Xyq*)@)6C+y_NbWR#-OcWZXJ{O=kWgPJpgb^$-nh=+)F~xbq zk*#I*I`;70Ogn(0ABl60q)Tr&rxd!1q3F6POtj51d5eHA&yP^p_3o-z6ewI93f?fK zxC-M*@hX|h*IhM3%Y)6Q(kPq9xzIF+bFrq1I9~*XTSalMVNrjS6t1wg=FP-Gu|pxm zk&6V_8=_`1ov6}S-4SuWKI17QC2cjJAv4$5mT}p?gK{?(ui!Hkp}ZFVN>A#V{1UZ1 zVej1%fd{8Ev1}LtdTJv(-xFO09lYp^EVkU=U%x?SJP&2vn8{ zHAX|$E&GujCwWti>gVPdZoh0OWDsGuklh`y=dGXGyo*cD5rFt(fbLU%yRcg0o_^d; zD3xqG>aDQe38co;O%}g7k@^i_U&O{%rVTFLKDClszLW%YtSL4#J?fOI@X1%W&fwXS zN4+EAPX7El{c7_jljjGylquIS5|1AxWBVMm@14#)xC;0PvioK2jv?b%m5vf{CfX}jg!NvZ>n0x^k$Y- zzt{Qlaogxw`P%h#rREDY@$* zpjE$;@DB{-M{qP@`MqkX_GD=ox?xhsy-k>RPgmtE7)}=_#fGNMIR<{_Nj)Wme&X2${Zlk83wD7sVwP&Fk1=(B2M*Q?bS62{}?7Hp- zm%6(MtmjZip+!!7UWZoK;?e^T%p^x}Nyhm_>^7@UDyJ1ex2c7QT)n-HKJ0CnHFcID z71G^%nO42&^cZx4Ys0`;fm2yFC>A`st^(!b;pw4`c$C9Wrq> zxYIu3;b31*Nk~4+8>R7<7TEU1BB3n;uKXCO46SzB`BLU>hFf8R=#Pop9~7#vO! z+lz`;L_Vcnq5_GqZ&neElQPe_ngT6Y94=mujZS<(w9~?uaktJhkXufeco*=1OSbPH1F(mp} z`KnA=2J4H|q3&Rk4}5lk^KP_U{gMD7WG+Myd!7jrH(_Vdo`03XA&d=PIXea`c6=-$ z>l3Fe%|S$P1g^axZVDv8l22b=9&89xUk7gH4SKw|(LHcs&gCl8sF!X>+?@HeLx};bVzQMl$yI_sQ0(4{oH1>5Rr#WI4Jq{Hj9O;@taU z-63tSD7uu0m*gBbk9j|rZI*H8o3ciunlw5!)Ihwp*@TF6G-dNbThZmu$*rf)`5OnE zwP8sboQ|_5E{GtRA7(idt=_dSl_B4=cO^Lvhp*uBWw~WCfG6YYb>JFhH9j+gSH48m zS6QmN!)#nntgEataN#x!_)yIo#McYgb}iq>#q=0Qc@o)zL-$F>7zoRDa1zMlp!MYv zdj)pXrEf65Oi;B;HG+T3Vt4rb&JW1c&`MWy&o1VSwQ0696S?NK6Im7#;YBTZJJFH; zv9>CxIFVsH7(I|uK8c>_9{eqQ!l>0>Ra2i`+9AtowNY}a$%gn*%8oeHr;iRo!ZF=; zaMgeFSj6f?BC%|VbR-<}=Zd+`48{%~AJ$8EOZOns2+H$GC8r^c$5KEj41>x>Hc*u7 z+DQG7e(HgFM0+84^=@dUEjtz3kNx$YWN!FJP1vMMrcK^fh{U|Do+#dD`ipCen5(dH za6zNtslt-ZQmF?|`K}@|9GIWsQal)7%Pt|Xy(H@?oB1x*$^q@-0c&kTo>U%#8I<(C zj^hgfg7XaM9s~{V*i~|Cbt?lyJV61_wmdd&W!6)ArTwmQ+>2BY21xP_h?R`=nvJHt zfB|xmZPR3GY`z5l?4aCu=_e4zV*Vv7qoa3)&P+^JLS3;+HZ0WOEq!OGh=OC1IJNa1 zlUpu|q>8 zA-v0NI1Ufs``s%e2WO=%1jXBbP1;R|KW@)mF3CsA#f$$4Bu+OW+geGkPPeLJtskJ4 zF1&5#KOR}*cT84VBHp!Lapc=uY%A2k|ps5LBZo7b{q8*_t{`c)MX5T|axm#`jfEb-r3j@)xE-!l8tWntQ#HcGre|Xevt~0zZ_zogI+*dq~_jHAQ1U;D1Jjp3~0{+$l zlc2Zdl5QQgl~@=43(N3*c8P8+(jwZNugE|6z=#zvV-VigZV-WSsC~+BgiBlR$dH!Z zG$Y`d?y?;FHXiwubYgHLibjF*$T~qMn>NNo`K-4YiyE7l_T?K(^2B4kf8uL|(W^by zF@Hw-U@_CYsM)xA2pTD=jUMYhUmWHG6d4mcTbS(cuEXH7TB4gQMY@Xypkk&shQbzn z^Au&KHz)Rp*^`a@J@JKdQUDjipudW@c!pZpe(A4EX<-hCXO8D;YT^(Yh;_4R&e zg0GceFDFMEqtN+6@OSlV!nc;bB)VuQb$&_mcAW2ym;y0dyBDjatazGOAjc7RzQgut zskAk>Ajns&{#CXk7vQFJdLptFj3m9-Pm{Xf?am+#kTvnNUPq>;C5;1y1U1cF360F-GRzwo`Qh38)wWud}$Zto5VcYp~U{ zp7A)<1N)GWW3ZbN1eho@MB8gC_nPj=$4wGV{`|z!?`-iQ!`=7V8?AHg!6p*(w7DuX zyN#gwsqT~E&fbM@u%Eg4q9Q0W&?#5OcUIdiW;aoh1$N7aQXQV~R zdSB0&`|-(!^4`culHqHSPx$O9tH>w9{;}g(Cme2q`%`kbs8Vk>Y$4J6@EH58wWcxS z^0j_|uIe?#umwG1xsuE3S9=24yMsL3;#E z#e_n}50uv$`9=uTs!6hlzG1e*G&j(9r8655j=Fi15Ex+~qIMa30UgTVOr%UEFD(J* zmSXI1x#;C;?8{urir)caP#i?iT4Pzp?66S3WI#R98xn)|4ch#92 zB)6||t8}gxo6#6=W6R>&-*~}}l8p9{ri{o3Gd3R4S?g%M8?#r#S3mhw4ox}j&3C&C z=O(?nz=?+?G1)vgh$_>Aqe+MGPWA zTf0gJB1rooV8i@XsG5sCx07T#%sr9s;I2+FLQikRBej;^n{9KVEzN#k_RDiE`L7>t zY==XaY~>S+Y&~yRFGR`r9>TpYo}W41SsWe~vF>sU{c>JlCu2lR?_$J1)6>5lPWJLg zvYiN{g^T%aX}vQGMq3uQpVhAP!t-@sVY_jN6QN~3gq6BRdag+1YH~V)q8j5Hlf8ir z^#LFf#J?XjNDRT^Zdh1lt}LuFlD{u8My&s>@E%SO`Ib*G-O$YIc9$22c1dsHJqZG^ zQ~!|D4G8rRs@U#>PRu*YD592qtn@<2$jQBTc3YZ>R`j&2zsnG89$qpjA$Q|;bHo)kM0)NUo4Ht(1Q?+x6^65oX7tT)T^{`)LyIMbV z(@xwE${A?%Cg!dbLU3*v!T~70xpA~E6KA(<*6RVyoX$p2nlPtQKc|V@>+;@jh-*ib zXh>Ia6Ta#`V2rf9XHX)XO-_Jj0^X%%Ctc#IcY=X5POmX5Cm5^W%I|fE?GhUl8zMAq zF_s4r30w~g9lZ^Fx~ZvM7HmbCi0A|)@X9>(^_GU+T`#}v>N2JGroeQ6x{W@>6}7p_ zr2wmt4(rn5qC@qiE^iW2%v&;V7$ZDAnj#ej>Yd9O(R|&+HZfH|`szxocILv#reTtb z5$bMKdC1xLTWGYs|J#TUH#rEQ@#OrJLPioVG?L1rdoIDiB!c37G}*VO;DiqK@#JbD z6`Na{3R6Cwn0$j9itjY@?tw8~qopQLhw(MLc-TAzu?@ovi4tS)8GyIYw?8bo5{rf-}AikG>F1J06d0S zSet8D4Q5`5J3~(EtJSh!l#n(tD_^peO?(yiA&<<+9U^7uoDDI(trExB@(*{0$>OCv zff}|!dYkHOi22kDp9qQ~5IeV37`B}~e#t|Ifu7KY_bz5UXTvfjx}4SryoU-UBF*H1 z6{EO}5A`u;`EF{uM%PdN&zG^KDU)sA7=j3jEv{eqG2GXNU!JO*!r^nlt96;^;-Rzc z=FzWbe$alZQ3M|ldyB3ssAc+8()iubM)GUaR0dw9$AU9q5_W5~o48O$vQMvui>P~n zF7~M66+ux?WPPRNL!wvO)77mHvZeImK*~HC^9s;-|FfuMdvNKUYg<*l#k+`JFO#CH zucUHh4RqeL8WzIH%`Nf-cqyRC2d*rpW9XaeHi~5U2}s%dzWVgq~Z-PpQREzUhzBPmH?ie5_c5XDdAO#nKZtk&4ur!APCRt2V0; z4ZXM<8w`W|yIF$h*=ybm2@V+BscP%u^;fAOn4+xXo1A^f9rUlFfsj~9CS``u^Xtoi zZ(JCIuT>eJTG46`IpFH{PV174%v*vQ4jg#2?MTN-3yd;@KP8BIJc7N-5*D2>)`tO& z1f?HkMo!b!0QbDvzxahlma2pn8)Ax5mHZ%o!-mF+IKn8^jkV8u+*9ot`(qpPbc(U2 z-&tzYmKG2sDBq5B`uj+!N{z%eXek~PrNEZlwdj3ed(CFuSr=dNQCSl?+T}(z6R{e8 zaJ!ZQi>~AJh>}tnPa&i-u+LKcLihVtd4H?bi*b@w%( zo_#BgYJBS+P3rVe8HFppv;3E)HS;IFc_2QmmGFy%guZ!bhpj^lXMEtPFjG)iV5ydv zw(vNQkdI*ALz?Qgx!*b`(i*O@r{jH=@!)9WtBzrRDKP&C&sN>p=WUGe>XsK?OmU{1 z4;1r7*D^4MyrKNsJ~K4N_*jiy)BKdt&hse1Ei|Ue!J=?a#HV&7G*NzPn`Sz2ys~Uc zpRIrzP5SMg;v(_-2suzOm3ekm^vc^^cyW<~C}w86C{Z&jgp})Ol+xM7Ti8KMbyKTs z*5e?g$z{g{WWi?r1q_Jwn)|itpq30_@sf;?+sONM2(recE)fJBPLOVtD6+myy`rT8;l$?pMu42e#BjIx$wR0F2*f48S4M;_w zOKdug=hLJd{br6)K$E#=a4|w!1ZsBQZ+x~5u-2P`cB?rB*-DUwi2MANM{@q+2M7Ts zaM5dq7n9DtPByy2M*G7OKM0=|Jt64aykG#J#IB+E@>xtStFF;MC`!1kXs=DrQjm<} zUcd~rcuus>ry*t0QauVJF{tv|_ei)~XRnwI9On^waaA?02xf@SXeRj%M(-hS+T3k^ zoJ(B4`r}(C&QB=GK()+oO%hSVL7Irre9wTUz2|=g=;3I<9@W6`(Nn4V(@D*1^nt2#6Mj(6#u~H z#|+M_0(+XVnqr=h<)hVdmGDyzM2 zwH=w4l6G?FJXq6+rmhfmWQhv4k=PXqbq@*Y?qV7Hoa)Fo+wd!VRu18)l*HLKEhVo9 z$dnoUJ~fsVYYf=yFg?t&Hs5FS8%M|vJ(9NfQmbr;5@h9r2*o;T zIsS<_t1EzYZBoigtMN;dpV^t86kD!DFF5yY@K?~Ep4A}L3s(~*-0|R+u0vA<769Kd z2;%eUwn$j#wPoP#i`*8ipF zF5>){vaPx?9$!(ZY4#WmZ+!c_vjd)CxW4}yb#%A?+g>Wn-dwU=l50xy|QpP2d*b?H(FK9HaC6WA~aA8&QbC`~9U}XsVymDagi;j|@BYm1Smz_0^Y3&K7bIVixX8`oS%Dph+^ZHqB;by4>7}aq`}K?+s%-L5iGvto9at zNx;!%xlN1TQwrdIrpyrAT9TE(g#|P%xSPN&&Fz}ED!svl$jE&Rnd$55YEML5b&q6J zK_~L{bM5%yWBNW_AyX9|(r;%X^w4k-C=-|9yCiQA9&6h*w2fE?#PaQ&hr;K|E&iNX zteMVswFUJFyUNyWZm{RTR6KQXjk<5ELooZ;ZD;cFkRZNpztd`-{i~<9_i63t=XR5f z3Pv18*t{v*qy|@KqEy_0YH7RmJV99bT{9YKVV&N-lN-6#L2z!`+Sn%Y|m!6jO z5Qq&<)Zn3R79ULUr^Pi~vxbf?YKa3>_z`~*dRPsmWB%h$v#9l#nVoV(x3jK8A zVwlqzN(_@$S4bH zbdP+DpkuQo_P}iQ-XghRLW~OC>}sI$*wYFbg~b71POZfkM#{h$Nn(i_c*0bsAMJg_ z)f~%agk7o${=82Z4p?)u1+ zbN|_-tGrrDt3a${`b|+gpWMTzE@*ZNjIM@$<}Pb&^6Pj^bIG{P!!hYjbLUc7-`!_A z0SEQwI_p!He1~!NnI=U zreC$&4AsmmpyB?xN!*?b@I6eCNwudF{mp{#_z*m>)CVs8XF*F13Uu^B!LNP3GiNHY zuKRDWASUPHuy_dD<}l!sa|m-+p3(xpr=^3PPPz4ehW@D9NHqO=MpUiKpXo%O=xDF7 zn8hx%`P-8)pXlb{Q6Kl2iljo;=NV)==0=tlO1Jkid;VD6YWV19K=|9~`Fw3id7y@8 zOMOJcY05}tV=8aaSeOS^0hzsH)cmL0zO*fj8J&O=R7blElH}16{ML8hwkde8Q$u-d&B`7( z)|sH7hWR+7vkI~3xPxP3!n_D+e@6+l+j~+?DfeEiY7njgn7Z{v1mH=+UF$@GDc5b{ zsqCwl=I2oLk=9klM1xbbSl|;*h-OgzuzIZ1ISBIvsk1OGPl6FH*L-n1Rf~ zFcPn)4W2(+K zXK2N>T72(GnLg<>paCSe#^VH1azP04;5Ouyh!1dl_h)%Lq*TzNEJtfDrJZt-u3eN* z;}79D-`_Sw%XT=${6bu4G#w!>vTqbL$dV1@hO1o7;he37+n%GUabtCbz`~)Lff&Ap z*)WFTDH?~1;X^vMw)z2jQVuKBJ=8zhalpQqv;)kkx`VHqWIS{X@R$xH05N|uKhC1* zhMXS$iP?q0^^0}Y!18z~4*|6HnoW%j_Cjj0JBvVsgZ5fAR&59Go(0jLl*IZ>$YG*sCw<=cDoqXeKxCy zPQM@Bq@CMRlqla|+3-XsUwrL*FHEBAOuz%O*HLaB{CE+@r*^57fmvHjjEo~ER!b2D zrTtl7{>T;gf{T-sYmL$S8FHRa4}w9FmO=V=1Sl!ifs(8>W1u1Ti5u1KTVqdqvjZLc zRicx~%~F5Bc351@7$*ecoXaOPoOq&T*LlGeQ+<3|DvN| zX)`-cA-*VifCcU_GUZ+Y$*d~H+l&41Bf1vr9M{qMQK1>^!M;iJO1d@-SHMd<`lCOj5{7;-dZ0d1S{+pZpe9QP_9TdCKQmGDV5`&?RvfC?&A8 zt0Wq>wD88-_BJIh6zh+b-$iE;9N;AqH8<1x>LQO2Km4NHQ~v)1BnI305{hC+S~*1~ zX+va(JRTVU;;vFpFKjsRcx|)E-YeG10@p-Q{q_^_A^Zrx(2t;i4a^0S*m(&kFwR0% z%KRfyzbEiL&h?9at!Ot6N(yh=u(CWyGAu*L!^s%m@XSCp_7+_1S@?Mfg zz!89fr#T=R7~rzEMdMfkKzmW}ohBu!s`8+T*-Rxo+~txdF7+2b*+|2=Ot;N7jH|qN zVMUFIFH(w}PojGp)FKmgeiqLEuyuhw_qV!iW4RKGI}c{o`{@TFM3!i1M^c|?-lqH} zSOv>aN0U+|k>CZcBJz+b5xBj$ksIH;pggQv#4*T|V156#15188!F9uAFXiNo-fSi`XQM^4DsNks-EuDZisQckIK5M=hq1!4?>+_iSWZ-#|YGq z)3dhMWEh)?M+50b zM>xEo=qjl+lssCnUV{XrGa1E;R-bhfVRnxA5s22#fHC1GI*x{UK?C_v*R36=8B`cTp5?ErTBqC=-xr{oXi~IYuD<{(xv0V5vZOP-dnD|{i=7#ut1$3 z!mIOhdnn97B^tGal}=9OO+(r@h#KgtDvQS;`WCn_7L?Cxv007dvk>UsNMs8T7%~CV z+F}B}XOymSR2iO*)TUcEPT@)g|BHt}_EaW88ZKF7@wRRfi!dcT7Hg2izZqX7W-Unv zYuHDV0yqccFL4r8tyh=SCaFDXcB%J2ZG`csI;F6>X2021v?akOYSDPNg;0%`X?gLk z)}CU$GzMilm}Q&vMVCC?gvGYVXyl~F>YD@2Gp?@?o9}nm4O1FyVaMtsB|r zk;YD>P2&OZgRw@zl^{MQ7zXwg=~~_@qo`t6#q?~TpwKq8yoee>akr(>9&NN zYCk;W58nn%gEnr&pp4y9j3_~v1>mtgcWm3Xtvj}D+qP}nwr$(C?Y+CnCY$U&>{F+z zo;%g){O3De6%DXAsi?4v%xunVY_FfWp5di1a4CLXiFd0e8x^z0Yom6ulw~_{9hi-_ zGgR`!9_1XwFVxPHwx3-JgbJ>4mA&MJ3wt#=ip(ZzBaeRN70h}wP!0YIgU{1UQQM@S z&wc+F6ZFsh`QJk*+LuD83fRu zZx3;U@J|Q|Wd6qk-5^1LxI+AU%G#~&VZL!%W_LHv^mJZy^4ZGUI`bLM+{5HPT91XJ zB%OmqTf_Prw6MxLNk2v90#Ne9+Pi}1LCy7Jo{5tgSsKIWm6#eCiQto=xd33Yr*CeA zp|b<>0kUUJ0X&Gx;v0hlFcA@<0deqSn*lok&|m_?Yy&p%lL4c+a^WNUP3+O->0O=) zo0{!GXn<{`Wo!bJ3s4TUxZJ>1zt2x0{MSHdpx&j_k0frD$5Tp=0}BKG}^cJX4^{wV+BBI!arxIXDABqAiusoGqbYq zTY#jZB9BrE8U`^@9tPxR(F9=sj|kH6%YqVrTb-~i<^QJ(vyPmA^)4HWD1#_7qX?&? z`aGXXUr z5fM&VIp^OX^2)XEX!MOO;$H|9q77@+|)xX|$U+*TlBr5D9V5h`NL&m=h-@!!}wx_~0Jg(0<-r8TU>7UI6E zYFJtz<&n|l-prk@=uW)K@Wn=j zkjU@)mIR;N`*)wIEUA|VjD8GKB3wdz;VYH&%d)U6I=;HTJ({9ya2*f~4i4-FA}Vjj zz{C*PjnUs^82#);^%4;M%-SlOpAvw}l?P;0*o%fF9yk zAPWF2o-Yi#5C6kVXR{c52S(i6WqUQ z^84S`!>?!-{w37EgPetb2c=)&^+4!KKllidC%uShV>$i*Hcj8a{arA>vFiO-qO7X< zo4-?!T*EP4xk(*>+ZPkhhRe1uYcuS@~!)78G$?=-hp*7xy(^4O<- zVATcGnH^i1fPWSV;-NRr>PB39b0zBaeOIQL@HWz?PZ+(&z!oZ?bD* z{qV|5|LP||{%N|#E9K8>`JFQ`020xEg@=IJ$3tZB7svTs`-=9X{e=mGT*8+1W%aY- zNaq0fy$d7_?;l@&!Gpr@&HhzF7V z)6O;W%@l-vz?ZIEeLg9Q7{@Xc@y7wiQ^(`}Bi}!7#p1E-2eVGny8wrDK~#RFHBGpZ z9+mQjD(H7{R!^_0d1}b~IE1yK3>7YGKB)oMWZ93cNE8yd?AcoE+IH{6e$d05 zr|=+p4T*svMeKT?f3FW(yvi&co@1ShDkJO&Q95fcW5y?w9Xpugn^y> z3R2MH_^LNa7t^-&BQlW&^zYKKG=VZ?%O zzLyMT-J|9`V=`w|EC-yKv zu-^(hHUqbZe#3H_MMs=Q$dDkypnPokfSLD=czc$dbjM;b4|P1_cuwJ@i)>nSHyFL% z_z|SSf>#XQ=pBHU^XMk2w$eqU2B79@~8*h|; zw0qIT@}Iujt|C)Gb^%*<$l*$a&10r?x7I<%t6`#{^BK?nSv_W0Ej_t+(}j~}JUJII zNz>X7m;M4(>%HSJ*w>7!`BmsJs4==Q|^B7w`< zv-xDpuFCs^wDq$QuR(sSqxX+hCP7{?<{U`c$b??F->6_|%UG$wJF8}vB6X{idPUH9!XuZqJE5<75R9^>r@-qJHO~}{#tFkzs$Ya z#aFHZdNyYn6ZI0eWQa0Hq4V)Q@Yz4?#hAv8-8RVqV=zHU94Y{l!WDFo( ztWC^{e?QsN9SVP}D23M={dv9MPD>C{YQ6B{12x8!utb>(Wd;Y?U=cUd=$E779MO?V z7`TzTaHRubHYCQnB=Y94R1%Y~49UYe?b;dNr?E2ilJk=g5#`{2>_+b&q2$XS-WsL+ z%Nh}({_eyClv*gNaqDaFr=;2Fx(~H-t5?KJx?D49_zjnlL6*ckMli#cPBcR(Ymu zbacr9nvp;A5Q2ax)w|<0H=1P9lpWsN{V=X2{N%CyE3O zWw0+*g$2_qtj%sOBWoyVY7&|gxW5PO9T4eLhOqUd6zLope<8uWj|vVk5@&Ba_%F;g zL>;h|+%ORz(j91duja+t;s}TynA+$-dA4Na=&{lZO@l2pDr6Y0A++3!1)6{es_ak- zC|Y(zKXeNOI&feNvZJ6vT0ug>6vAn1`>`#s@ulkrVg<* zDw9{Zw!74v@JGNYFH)DMP#Z2P9)Y2n-LdMwGj}6B;h721V>f%W7ltI+`IxUl;!kl8 zAf*EIOSm;xQ<0I7vBqAqaEEp86j0`^wSOHCBZDIa-!1ZTBq}AMgIy##Y@hx>^%z@pd9FV=;nhD( zgNo570bC8HpXm=Tc|Js8$?%RyK;VUXH<}$?X>WHZ5PX3{M*qR?B09~!dKpb+DzNYD z7|`p^s%M>QfUr#uvu}Y8cR$pphGiYeU(a)i-;)AeDntTZ;W)aj=K(Tws;Dgp1Ri=U zC#|O2ev8$6Y8{FJbqEKITn@L2JuASWK`pF!Z#5&C2sk4s>GAP?sWqCb@#-zQ=5F+* z?@RQhQj!i6@!)(Qk1t*GiGVj7+(WsR<&YlOQ|Q-q(#%{*u|Mq3wu<#Y5n+mLu^sW> zN*awXC?+b9+TuC5g|k}WtpBUE{4cS)XLyi2izD9aIlK0d{I_{)q6joOUz=1vq)lZf ztj4MwW*Q#DSq6jpUnauQ(1lblK_>t{x<;~`hp9`K0Ga_)Tf3*UlF94fO^HU1i}_C} zmUc#7odzk07B_^3lbRjxqlD46uUd43d6rW*{P07N z)n*v86T6Yo6D%jw0IcpBrLs~^-E!KGuD7iululL5`fl@0WCbP&w@xx%gb20RndZU@ z1Zv5%LN6HUlUFt!r_Y2k3$f$#qQ={Jn{-g_fg%}&z2hYIlp?rQH1j?tz$OoO7e76y zf+bGZFa4Dl)|)|qTZ*^J!o$yUEJ;}0XnQ1@g7G0POoSQ`JEe75$oR(00X17v#2FLj zvp-G=8@tf6Koa$&(H_^Z$D{>c)niQ}|C{?&Tb|Om(w-0j`1$uv_rPqj^yI@=*Wj}X zzFG=is85GybOS5sg2S?D^Vep}2Z=x;=Z`#^_$kI<9O_+v&2~w2Mv!6l&Z~cQMCtmc zstD3`=ycLxOAf7YLG8cdcH)SdtrIt=8&BR-n_Ju>`}%JAmL$rZo1Aq~32Cn^E3v02 zCCV(KF78*xcByMV!ZI2xbRHh zKGP{1(DkD)*M@Q9=@mcg9kfDSjW4taYxUP=YKv9WNjbe_%9N>QDVxNJ$@NAM>lmtl zDNP%j$S;wE+<0MWghT3HWea)w^aCn>?qKsfGQQIYGc*JVm?^r!^8Hutxp2BLL=r){c#bsVUX$B$&Xd)DP0no`;aAut+YcH zUyl1N{Kta+duT8BIGN_7S@%%(&-gDOPrxy&V%+)DAa%yt&-P@xVYOl|t=J_Tjk^`x zqhnlTJ>8qc)83+wNH#J}2Xx8h48kr207R^AFjdk!$ec`&y2=e6IXHhF`=qH{I0kLz zG&6|VC>R*aYuj;frDy-lmKBW3)2FJ8UMmNaaqPKYA^_FeF*^ApjTt}eTSe|bDQ4@B zRinkec$z04HJP83xAu)+gQX;~BnTrhOZO(5rzn<*zW!+FrpJzz757$Vo!My%Vk3rJ zXlFOjC<{zePwvMLZuyh_PF)sGN~VV@4TFr%*iMe>aE^;L=ck2G7$^ZCEEtHhL5@Ptf@0( z)jL{DCjL3<-x_5(=9<-@j5lUG?bs%$^c*CRa&;P}o1LD1bACdOHgG zA{Spcm8*aBXNWU(I9o2WPM|E`TLe*5y_1uQtZHqJCxy=+2W>FO)r)=PrNXwVNP`5z zDu8DI_TddzWYO>Fo?A63G0sTq9LAkM1e3d2&+|O-^d3qJX;&T}F+GcyiQ#blopTa9 zTP4zUDWx*s4Hjc;r}*Qxs6tQTYFH-sM>wXsVLSS}P|h1>LkAZ+zw}1?b*+bTwz-+d z0#hqgd~k)^hv0%^L9A;rnCe5ad`gH0%i^Z|wj+(d>~$vUWXCMgW?Lh57QhF7 z;$~-jYH+Yr^RV9Fn_a-THEg!{Z1MF*m6tsZ;o05-5FI0V#2jRbI-0Mu*g^v!1BL1s zu7kdlP#7q;r)LrQR4Wdz626TU$Mf6SpN{#?N8M}i5jU{v0!tWYHqdv{3g97(dTpT^ zP+R8@CSis9^XD9cddbSp51`q6EXX+VB5KJ65@!ckMH^cz8y<@&w23&tfkr9e$x0t-|H4Lv{10NkH?ogbRJL>Af|Y!7KQ5(gv8#+EXM z7FDo3;jYrk>{w0SC5dn81qbNP1i4J$t<_qTYiK><4&WYYoRoYc9t@QgFsZxbZ+2(M z2R>~JOF66;ryl!MMaY`9*+=4wfKF>@F!`ESmQ8Ty?|dD|&IS+>;ZEnlrntyjqh-33 ztk%X(SIYEa@i9X6%$Cj>pRW0q<{eP7W+t4Gf9Fd#m2o7q(C*1%NB}auJ5$XuJOuDW zk1TS2mhl!@bvl|<9JIq$-SxgMD)=-*?N zD*f>2r-M&goRv+DrgkWrH(zi(0_DwslINjcum$IFNh(tL8~u&f4iN-7K|Cb|RE9wi z+V;soKTkoS1?MGoU%^|w$-M&D^x5_}@;LailMBgWtG1d^W^6k_c57iZ{f)opRNv&5 zbL5_HfuWYRDxsdpkm>Nn;XaSFO1{ikLGmsf7ZLJc-V+Sz@Pt|28R$$&NXQmcH)kB* z2-kkxhmhRxiiN0c?_aSz_*(m8*;!;-B2~xhEvUZU!lhgNp@LlDqJoeE`!!xNgJt4TY36s>xz9(y6xwa&I_@zjWMT?Zvs!2MP>+fs0YrKa$O)$)ojXvs#iRnCiqjdkIj0O6f~&uPl@4Cq z@2Yra|I;jOG7?hFgAzc#JLDs1jXIs6p}A-sgX5~NdTm|gh(-r0WVtsD zg3hkDhi%hj;Mkvp$QmK}b!uB{E*^+*((E3Fxvd197|Z>^r~!;0mZic?7^#6dl?yiu zn*C&A4_q$2=-}qHg3f|x9_upBuo%jU7`xWKx;XHqqx580OYHj-?$Fxyn61I2V8(ET|is~L!VD_eI2JT(fv#T9*f{u`vLKD$lJ#(iMEiW&O zZ3@;odBsMw{MW|AU79n6FVnSI4rNAFJ4o900~59WpCggTuk#U(Mgf}STJDL-mV6;c zl_ir(gi{4a+sx4{j?yfQ#34rT)}y{-22zK1b+4Uc&5d>uaNu}6fWp4}ck5fc;s+cB zYYq9_NV{KuVD!wM%sBKhKh93wY$!i&0@P=>My8s!{8T2G=sE>y@O{N9SmR)1bTyzw zM31JE+I!Tcn8&beiPH9|St6D{G_Ll^C`hiKL|yVmgnqn8F`9P%zOp49?aVq1^It_I z6&VxekQ47UN_^a7a(V^Qs9|bd=eyM({_UFd2eA@<0+qXg>KLp2o{=8=HniJJw2|~}Dj=}Lao5}x9 z043I%e3vaiA5`z{&zpipm&j0T)ejXUZ{!~U`l!j_y@yYl{cwuAhKEZT^eDvR)BdhY zQ6zVdXnWjnhkYX+%^jW^j+XediY^k>kR=%i;E_Ii%*OKlC&^wWBj6c0y?ek?{|^jI z=hqZ|60d{h?1ilT`_B{yEpEuqm7zFHT2@|bZ*iek?>MnP)~;T23%y~^t(_~`dC(c? zih6IJ2EgMG4>dU7mA^xA1rKm{3~d@3==4qy+cMzvXBBbm`%s7Y4uy8oGC)lvq1I6| z%{VX(B?A!CCcnk*LX+--h}mZGV#<~gupKDM(+pwQ0}6X4J2M|C%qun5y2(;(Y!4=9 zBhOXx>M@<^6mRBpBz1crG#gxZb+ZVmE^GU%ou)1Z;Y&=6y8C48kMOnggTsG@XX=*UOldCErP`(ZObpcIRr^kNU7!zTg=FQ19hl)H z0FtM8#-%h~Bg9@M9e*uS4Np?PXhmg`_o~A?e7qtRnk>K9^SzcW`Y_c8-(Oh&y%y!B#Mol1G}RCh0(BUo#GWyS0dXXM4RfHUMuVAWg+a(^Yj;&Q^c3e1J7p?v4338T)F?woGW znF%CNO2J&U%n3}>sPvtnMb;XI*Z!hKsyZ(E)i0z$gu-|CwC{Xf%@Dy@bm%fMAk|7r z9^?tGp0iJKS2nhJ<1fZIz4&aaE)|_&zRC4Zs)CWL#Q83;TgM4WjQ;>p!Ng}m!q$8h z6Z}9&8F6t!p3^;@f`S1KTqqKNcy4V8j#3l99E*upgc1 zm(2<6e^k5ymcWs@H8jHWFSW7uQ(p}pYgDR*z*ow{%CV{!91U?qxhpq%o!dXGvhY-~GKz3zy8fr{zLSy$#A~4O+4r)*+iV`dPYR|Do>J zH0pDxVlv3F!tV_C!uU$sG58}zuD}52E+cTDx&MAwPfvGzLIlm2gTgiAlKMN{@j7}e zPYlFqAG4f4kDmNj0c@ZHIP->Cgh{hVpIzeBE-0hwa2hF@5Z)nO$10`eU-8rqcUHc6 zuV7*3WE$GFra`_ZvJsMco-7owx;c9F+98+7E^I~l9N3zO5E0ywg576_=M2w};Cp+h znC-Yr+uy7V!Ci*?K)3G`qJgqPFsRl;zx0p10_P9-0E@rj^!ZWNm0Efx04gCb4~i#)wN5NM0%ylQEfjs=h;vP4dOX;FAh~S zVylWMW6Fy9L>Ceq2-@?4ZQv|;*iX|Af0e}(LM)5|9;AuJn(T0(-h~~22d7<_z36LZjP`F;E4tb!ss}43_VzqQ=?i|pzO8cE7MuQmz@j3bX7C zHLM;7NMgzfA==3Lrj&GwGt4THI-cL*QXYjQ&s$Q>>|4S(z9IW=l;NVuDxY8oO&*4p zDU@*gvD%XbG#F;O;69~$E1H)eC9XSLr%LrPG4@gBVg1yH9n-!8F@A8Jqxw}&V;vzg zle^A@2~jZCD+zDYgow$xJ-yV*rO&YG>?G!M`wuFo=jeh$;agFQa$y?ztg5`t=pRLQ zFdTmFfh!3rmRzCOq<#|P83>M~zY`2b%hRM32Y*^xMLj=fV~4*6g}&=dXpLQYRRT0M zP|3APrSI>hmOI_HHm~j8W-&5d)Z#DLF8ez?OS17ex-_=ZHL`YQzXP&+lV_D5CPH)) zjFO`&aPw1WxYZxxZYE|s+CxQtx*P#9j{3w4?N^E{U`ctU%Fjlwvl=fNX3rPyzJf^` z$m-4FATh;1jFnSk)jc5ROsLbPoc$6o-q$PgwshquHV{@O3v{Hk>VjWbk5i2-qsO+& zLH_!^E>Xp3TuG^osP@JH4bDOUN)wEm@%jC+C>CSn{c@PmqHngF-^)ggu)tl^3Fpye z6yc-y{QDPGs|ejHb{fK+AFN4T|ZLxpa*?%+I=Xp!x@C z{+%>RJGk?bH%H-hjZ32MIp?!3V6Z5?X>cS&pt?`b+z}cC_c4(>bL$5$7N=vhGxhHXb9h_X& zQ1BB}%ySkc++C39I(NC{Ksw5fFB%R14e{{aK~XnfY8qN2D2!bq%lGBF;}CP5i?Wz+ zDqvkll?_Meqnm~plY38DB=e(BLtATmi>6_3?RL4>5<^1IS#&A8Y)bqs~b-$iJqrI#HzR(Y}yU(dK4|-TAiqHH5$)UuGd18Aurzo(F<)*lp%z$|pS4 zFCofT{FYX}zJ%e={@#kR4P4|)Fes=!&(w21$7Kk?!ek?bq<$Xm%G)^&NO_vr$f=ZF z>e_fGG^FNs849EBfqGGwRwn0CEU?fCP}y8(LG66-!Dy{w$hW%U`(^Y|!T0N=B`A!? zrgcDPT48B{fxNR%K?6h$&E`C>tooiXwt~|9!gCzvR#nn@LGD%=-Bq(bRv}a{sy@gp z)d1-3d2hPc4BCFXgvB5w27)^V?h#0s=bvr+OFTM0Utu{c@Ig2u#1Vh?A_fXSNj=o+ ziDXGX3EN>=nn$hM5z)y$0=ti!-auyCwh1HBFPV3L7jxfxHwldgrLhC5$&n0w@ic)! zh9RgYm~xzg&*A!N!E2%LzluJJsnF+`a!o?!RHJ}Rb%8q_<^2bQ;}(6EL$3BLj&xFA zcmB-~#%Upmu>)EU>A){*yF3N}qYJ)-W(wZ0H?NqRk8l_nJjY*ABaW&Y zl%R-f3dYqO?dI)7f894a2JS6z(h`i`A(xXy!IKlOz@nRC zI$!(To+WNav%b&KMaQ#zIlVIzZO>YX8&B~Q@v9YrFnJVEub}Pqi-%u_2SD@o<3~oh zAFy2v-AGZh#gf(yR>mL&2`I~V=BJpG?$TIHhUL2oV>Ur*cp%9WWxVLr`o)EaH@=C9 z3QZb0)i__&QJ2lE9bDc$Jr6KF442%K&co9t_v1Cp#m=rXR|!xU&6a zRS{223DuZKsE_BjEg7W=ipX+&Hb0#57RQmjgokjHmTc5LBT20)SOxg!mJ7OpP`JLv z?BO>wg`RZeEg0H;T8ErULz+{*UXlHNGGYMv_}-+%vWHG?t;%$5i5uU5EVU1soaoc; zR{+A71MBVA%y6KzAI-k&Y5+STJ#%v~0jL!0oQ_5SC`49K=}Q2F2pIA|O@IM*wF|gN z18SE`qa%Ev<&hY-9b0_!912(4pp!xi+Q4fF3JS>=*T+Y&K+e=V=p{252bYo0W3;f> zRJc8;2kySIpfvam+@$I#f=4S^_sT<;YYoQjk{H{+n^{Id+Rh{6r?~_EbV4u6cHoCp zCt7#?Qdvs1XaXH$;7C$0A2OKC4w?DW5LA(-RE@P0o2m2ZZ*6>8O#~4zaXiMl6j-#g zdal&{(8A~hq^;zvVUZvy+mJ`8q-c>Z7{RyMM*Sq|-txK6;H15Jm0pi4$C}Q}tZC=m zzGqotzcY}zYs|lh_Ro63Rcw^rzH(*Rn@n2pdy>0E3HRiI>x#^dc zEBBjB0z!z&TM=AHB3|)j)fpmrC7q-lULlYZnRQcd8WZU6^VL%ts51@b5KH*eCX{Yv z#Gy8V6p>(JB*`+dlpDZbaL?BsadTK75?qW^2fWv~l^xS=Mc@J0(8^cMg2JX)r_RfQ zarG#isTzNDMT%?jco-i+9|kLFvayqQ!~cL;|Hk=u76U*zr|&d%8+1|l2hTDKNKxa+ z>}t-%p2dmiMl8lL@c1Yi%M+eTQCkUoCP315b&{a$XA`q)26&fVUG@X};0E0eOYjwH zXYa&QT9te80vetB1ho9*Z%Gjtd@UT=x}4CBXHe}xk2}kdVMaVi{w5y67oQ-lyCqf)GUYwQMV9fk5v2!(qiZGQ0+2#x%hHKdc@lXdO}Cuptbiz) zbQN*kqBgQjm8Bm1qrQ&Ta9m{pmZ?-{Q8ey7aA`&1-;PLY;60eoA` z=;?wz8)o%Rxp`lh^q$bB70GRV`m#?95$F!KtH0OtIYQu^>CF}6pVS0AyRM5`TQFD9 zvo3GVBM?`5NLW|g2J)-c!}8SsXgqiL_b<3J7kdk6bBluGDSeU5JMgmGizImqpXT)d z2<3LIjg|c1>{m|Qu4hjgfD|7V{P$Z5CDFsmdwcw_IPsl^9#$}4cV6>Nf<6aPa*k3i zu4-iWIL8c2Uqxz{$0rGS5A-%L?Wp3yr5-VL!`hC_`W)*^awc$OkdS{@w}fDjoHjH8C0&vD&BV5m54Jov`u?frzyNW{Q4pQ!!|!;GMi`je{^308u|La`3eS3x(cty&w^plEum zC(|AT7f4a!3jH$G#IblgY5x3EtkMU0MqF7_kV^WY0VmlDrMDpr_1*Uw_W}sW)W4TO z!y$u0L@Q^x(tFUT-7Mb)wzy-PRT#g_VPVR=u|_z!I-X{z-}C2YZ}oX=bQn5{{pZ#Z zhKj1Cew2H-_^;1^u`jr@``w0D%uNFFPG~KS9A0e$!+J#l0q-8KavJ#TPXyc~Lkmzl zHdeVxy>K}JD>~wvLRsH;;V+O9NvJy&c|E#6wx*+^?q=r;3 ziK}o9v>oc;#IUPL{lXjV!4I#Zz|aQe^ThHdgpv{5+22pW+@kE4%k}2zb6r`Em@B|Y zee%Vh9QLYayX4RQLto7+^YPQ?xN^q%pqNZ=5OfJI_&s(q=u;*i6*m7y?Z69{E0!GT zt01sLUp4ecOUfa%Qla*_4aljk^DhvzEr3ceJmR=8n`gfU=8M|ToT2INoo6!X2DGc%*1pWB#d(k_gZ&h_KcI$eL^>3j|SRiS^ z#sq2#y9dRkm$8N=0ioVWBU%Qvcv+UqaBjm|W-mT=bmQwR8(b4rlp~t_AWQxZzineO8S&CUId}D<@M< z45kTK!NfLLxb<)D`PywTZm|xI(xV@!{9fHB1NSzyv(w?vmP|cpwkqCnCF0Xi2?v6C zsNN}7)t)$F8#tFTB#w&w%5h1A-ZydvWTJTv&FWzf;xHMr^r7@2o~ss;3v#WIO7Xq!Ya7@As$?U`llz=1oO#xLGwvoG*jlT7iGpC zl4jr{#im+yklCdo*iRog&Q!wl{QJC7s2E4)R;;g@7rYE#La0PUQ#4>4WeQ637iW;E zK>t>|XFR}_s@*9zNnBO5N=)1AMEB}nnXY%%To`8ez)m5c9r|JVv$3C8bCh%h>o2WO_@UiEq-(#N)aB9NeDHWX?Lgy z&~dR59`EkP2qB8}^;4GeFo0S1q_ssAj?L&@0aOAyTxq7e{tOG5mR0iiSK3vd5Z{h=xWG#|Lzsx-#WO|Yo88(T-rh!<>I-c z>_QUDuFdLsuB49suA>ud%=NU838bVL@4+xvUY1DLfQ?c9?8gDbNAICk$dL=Hb%Po zAD#>&S<$Bgm4(&5WhqADY`m$&%I2C#ahnU#B9E8fYfAuh+_yK`6U-$ zp`NLVdUKeY`q-Il-`sITB5$s_mZ|d=#VX{T=f%AFG`}sg$F{^4m>Lnbn4;^64-P;Z8pVNsaJ>iOCTxPVTDay5*Lxg7j;s25VB zc6Dp)veFe%54PqG_MYbl1Ef29xkjeLbY|nHb-!RlK8~CdZ6h%)snl(aI2czJ{IvhW z>=J%Ow-?@K5eU-;oCZUKgV*Z>hnBA6P)OtX@S4E|43lL8~XQAYOjTN2+ykS!|jZ{<}O+^YaO2k@5 zru{+mw0t=M_LNa0Yl1dk_vYjmUY^$W>jc3`>a~#EyF9k$EQmTGNkuRk3b5Q+ybX(} zYkHouQ@DlsTT@X}hdncC4OTWTe`MW0U@&HA8`CNTKEsL@Gw#}yGNE^Nfs+@5Cj7&h@LY5UF>Y9g;1w++kuB2!zSH;NkiM zf<{fEc6)Kp3AQ=|?qq`VzI7Ygq|)a16g`wZYb%-iZq<#T+{`K`Ud`_$Ow<+H$J-Az zCw}2r+O6T3igK=)hh>dc5VzN!_VhrU3%w|^jk*``*@)#w#wHB6UdwHg+cNr<;2ME= zwwJBGh3Ip#!qLrNhVNAkR=&wa!5A`OyC$CJO|bY^xdUiM&Qf!qTUe8mihhK9qK@?o z2*W4do>_xamn32nIws_+8p+JiEI`$6Ks=b<)wwkp?(#+~Y-e#2r!+9sZb{sH5t40R z^Y&qWOl$SGKggI`Chq>wo?Mc)bztF8AFiq;! z+rQUt9|MDk&{?v^{{`lYedBMZm&cOuGvG7J3pn>UkK*Hu;rLtymaU^w1iO_I^bDRv znYZpfw{)#vuP@>Rp;I;YRO#~fT5khKLj<~zBjyrN;7=exxEr;ku|()hVY94Jpk|D7 z5E7R7UOL;bvubtt>ttAYD6;iXg`p<-&cJ0tIq0JuGe+^7cL*?WjpTH9grxPReN(j| zJcOLyMEeoGU4D*LvufitQ4x>Man_XF%*)*(s_nQMpM!5t>B$Gv;mk-YrWJ^Q+MgWJ zd#ll|juPc&AdOB@P-jP4D3Jr-2)(|k8Z+IA`oCrZT3O}jVbL!);Z_sDQ4*e^H!1ow zq)RbKf0dfd^+7P9bdS*3S#x75Gy8Oq++={@*9&=BqXq=o7b1{;R_Db?RvAr~yM(Ae zl~%VBL^a&LsFWm+sI~w;(m>HX>oCUUsoj{{9Sx{j1dv<$UJzlW_PEv_-p6VA);o3Rz?0DAFNuh+QkMmmE<11%ee8Eydj!+TJVggi zfhz1lPaP`Mf80V06U8JPXV5_ClXl8}J}wH8vs{rH!|l~Y1}@ESLefzMkUe^73Pw`lKCKJ4A65S2EOgb0C1wcjJ}uEnBx$WyQt!PQ=; z1t=dM&iGa6T4*^c!Tm?YZ$la}iKj`&*i(fa?lE+-9?L-iSAZ7Pj@FJFZ7~(w_3dh}^I2(f6S+djFit3F=A++Lh3;9-foKIVbp)BOP6h7|+_S}ee zwu-g?o=)spa^$-fy}gW2<5oeijeAW@g2cJRab-+C>A{&5<>AMFJXO@SA#RH36BvPEq!+vTXR}QjrR%S%PgNs5z&DByZwb! z*DAeScsvIna_vRb6;JZ#)TKFi_?jJD4hK=`kFDX5V}nx?wQ@RUl++vR0;Agf)pCXd8l0>2$lN;4+5r)ISCoLd z7$ZGUmX@f3PPCa$&9x&WJzvH+2r@*z5?0%u`{0v&pAij6Kh&!1y1tMFr%ls7YKY0F z&-HwD(3pbc-LS7krJ8u03OSsO+V3*&?E|&{$#<_Aml@SG7j|V%&a(TW@v7Jftk22B z37*JG3&J*Bh95u96|D62`Nm5JFxfszgJQ+PT1hVGQ4aMGXJIjx=?@HmL=Qsrf{?Dv z*O(itO=Psx_5NThfk4Xx1f55%#f_|$;x>U2te+ie$#!4h9Rj%4k=t@6elrqcN~=rj zoc1H|TU;Oav4!3D$GA^HV7fStf}2#u;+d+(_5h9oq(_d^=LBpf?Nx&~hD*jzBwY;) z8qCNt#^{MgcpmA|W~*Q*I((n0GTY-WrdIWzu%&m7H2R}Nd(Y9+rnY$c&9IKidiIEIjYnr#c}%Y#HH6P80WRX~R_8*w@+kYOcTg zVLaP=XBjhMptSsbJx2-1vL-L%TfYexAM<;yt6VB@@eDWm&e|__pq!JLxFyn`x|p=w z8Y#=h404zfZ|x5MdK!kDJ~_!O4^Nud6FYbA&Zqq<*lXpfhF;|R1~KsQ`KnQc z%Vj~~YJ^BlKPlMgTihB~0eF)k?qX{+-Vc$mZ4&6dplRo+9T#HHQ|}249A&G^_`d<; zi*hG8e}eZH~l0xZw9HO=pr#{f(@XxSqR{ zhK7ymBL;khD*j7IzrU7sf8AY~BLZGQHXNXR2nv*f#G&Ebd3XaWJ7x(he0aTtMV@?b zFr@>;ZME-oB_uAcaI&S|zMsRqm4NHTSkt=_2NKusdV<0^6|b7P!8L$_oCF82wi*9< ztRS4l*%?Nu?ei49Rjc*!CLzK3w2mH3S#I-|fr0r!56=?*MJ0Kp8qeCoN$r-yS?o!I zOA#E1V*|3heNvk=92FiDpX-X-@NKnQ%kd+wl8IW%3sQ&{JYBBQSH(}ir!9c=s6*U= z!8wVTn8-@>?vtf&ROux*SGF6;_Nd*b&w6Yul*Q}2ZlTBU^VBr)o0kzcirhBMmsF~P*Fm?{XqQKgk-nMPqwr!hd+qP}nwsE#?+qP}vo%^b~s|R<` zlML1~V}<0W~VWWaa`Ma1|gkoZT=_(ePOA}En3|0_?HZ|E31VOoOG z{TLv<6?X(MbX(r=(?#L!6VC@j&e`>Wt25igHbmtW2LI6Xw&kyTHjO)NQQ`2b;qJO0 zJmSBV!e7mPY|wRQ-htA?PF$tSP|gCULAjw)HQ`eU97JRSi?9l69TH|t$AsMiMR?Z8 z|I<1B=IA`%I=B~Ua8Lh21V#=5i>|D8$gk;NSMXKd2=h-N+m*!rk}^`jVj}mTdFzCH z#niwm*dlqfr8K?f<#{-y{b6phYeW?fGK85Iz83s$e&{)^j&2Lv9EUz@LwYv%0*GO% zS_wbXv(v*PUVw|~k&}kfL6$t7=`k#=c$%T9Z+4{$NM7RZs;ZJBh!qPCyj?z^23@7w zRA@J~u~Zuf3Ch#Ml}=2xJY0~f#c~uB;6^L`$KYR(7Y$GJE7PCc-7(F zHTA(77sKe;(SEiYkzVW53M5vWhf4nj5~X~fGN?_OXvq$ZjV+;be->A``VxMy0w1t6 znf`Atz!44h;!wUeqs##LVa$xdwUXOkRAZX=s}ol=xyAW5$6yKYh^0`c>1Ae}uoo}Yv-shvl! z_O>8qd9``gOF-LC+XkGUg2P)op)@(@&l`B%YH!7AAZ}Kfk(R^=3x|ggWKC)cjOCy| z3g>ib_?AK-e=zrPL7>~bI(;YXR+}ktz?m6bXCu5ACvMLuBs_gV6IZ_jCIb>S(OU_t z@tvSewWwYXG93aW(31p0XW_&yhCcpjsl?A2Mw9ZJ3E8^o1nzm==Y{EerQAZjC`81b zq_zXo-({Pa1vAtj<}xQbL75r=7YJ<2k|4|8yzu>12S|J?AO1D0!7L9uK~ppJ0TU0! zaqKmSQ%P#sp22I@mAXtx!B$vWTJ~zPj=rKxa@_Ajd(A|^184i}r3_9cKMUfQU)|&; z9}0K_9T`>m6aBXY`zd3cpSVneY7_0l8`SFB^92&HF*sF0V*DdeS35L9;@x%F7>!J+ zs~n`*XeX}fD0KK^ZlG5KH}kJ{47YitfR1_Bdlxnat_(Cv{=Jk_2=vTiABc|Nkm^)5 zh*c*EO(khU_jA(}uTHBvxj2HzPfVNTHYk48UN7yevH+QBzG(4AQzTX1ed?^?V&%K; z0%ZADY5-r^<(<*`cfRES6esl_umE-N4q=@of%#9h3C!CQ4L9gO)+0YjT)W@8{4Hkd zKHj^a`3o~U3W5|SuBZ#hKPvgEU4di}3-=zpN(_f0oRh|=AsLpEQUaVXtuINj^(=pT zo23Gk(E?$&LaxbNAc=qZaH+nkY zL^bLsc-4IC;D&yDn%mcN=U2Eb+f(T4iaev$IEfB3t}}-@ei`lvVcO*hXRS;PV6*_&!2@R zIs7;V|2R1W3z9YtSI6__V zIgsJXf}>q<@V>xQr?!diP@^d*{k+#h{)(i3u{x4$TfH*dWHq;sLuIrAvp&F@qxFV; zfxnZ&9tD3SLiLB1B$B|^|9Uuv0HlYfSXI8Z82yO4YHw_}SZl}a!@Bh#x4kLvs)zJj z_-1aB*}DTlEJ1S^s)$G^KVv1A;X%lhcBffFwMr|H%n-gOVw`>$OafyTJ5~3YZmVcS zzq7Q3Rz)sHNnhh~8Ii(=!-@Qw6`{L@OcoVFMwY6#5)eZX1kqBgI*wRAP@$)$-iq4B zJg>dH+sp*A=Nlr59e1i+7BbX$RtW~HGs&CN)z{b2C74D#Y&Ji8Z_j^$AH zE_wZf3{BsLD=5k%qz%&51EgbfEJC?*oYyYlOD+h6P3SGlwz+M$cnNxEK-Q6~!zIWM zlIZX&iVnUxSy1YHxf6TmKaB&hdCYUGTWp3?|95pr#P9q!I@~%S43RXz+IQ_@TKB}I zJirWhrB8-ua|;)srVc%D*;T3kpC*?=LG?Fz4g?xQDCV_<3I65eTY5@QwI_-!N#TtY z^_nB}04Rw{TBo`FLO(`NPq}In4QzlH^sD=wW9^1pVs=ofN}+NR@5O_rtG%X#kzqh| zKZ7hCy4Go)PT~j~TYOQ%LM#1hw;9%1bvBIUX`eVK!VatW5Rw<;v-P{sLyO+XztBgq zrH1?nzqGALePuUQ;^x*ze8e|)gXYP|H;*a^!CXKo_4Ah{dorw1TR(UVDHgn5nRUqK z0y1;-p))vbN` zfZ>Q%=Ax>({bBMbK(Ldt%~Xdt+|lxDS2AC%@l9RydDI+VA%O^$)4ORjf$-I3kvV7( z3|w|AP)?!2*2w^;F!?9@DBH%q`PJCJTSx)yc>^`fB(>IQAdBFUzMBfT(iCihHpB2v z%nI63^P_5P*srh7Dv73Pf2KuN@jD$ge|eo1n9qSjc}VgR**ckhTKMXj#qGV7D`0 z4W&{O?f*h@_G)Qvbj12N0y4A7*+wwOI*IKyXDbh54o`z{_Lv&jpBJ#@ z6Aozg*@-3w9?et~L9c0`E9~O%${#dVdeR&bUWF#qFQYc>ZIn}u(OnQGq)-?4=3hLG z-3A6$*V`#CpI13eG>^v`lsyrxbBnUP-D0*j8%4h>AiL!S!r2^KYs#%WxPs*%UT0nI z2oLAdbNFWVvKOP9UB5Ys)@;q6%hKNxigb%=EB0E7HKU4?S%<)7tW?Xdj3xwE zZdTx&qB!rywQ$KYCR1BitwB4kJ(D;=q#+XGn+22CLgHx~Ev2u@S)u*+QKqRX5-S?~eq>&tc|mh7uwq^KPSZ zp(WXoiT3eaMEX|Olzq7{LTYynAYSw*>l_>xKp(1`X371J&ur-Wb-umO-LM=-b33RM`Ki0^MMgW*8CLT~!~ z`ei?jdLr%~P*s29>ZhyJm|4we6wgzx#r%{ENelDv6ZuE~C1eIWE6zRk0HaI$uHJ4PdGgJ1p> z{(ogr4u|cy1)qQNa9*#-YJMl5q|cQqfELd~@ucFbo=670q$(~GSRZ-6iXPG5=``Zf z<1{kD?qHY9P~9@#WP2RlD{N9x^PSTC<^KFxNb|_z@~4BP0vnQF=?YM!J$0?vei0XW zyAZqcYAfC&|4Q=ZR)`WSH(u+90*<&C(j+j#zg3!S)lo8a#iNAHMR(3m(f35RA9zp? z*|gef#m_=LqIGv=xHw!*##eciIJ*X-`A9n4f=*K~njAn(9EeMY(P+6w%!*p(5F^WT zolS)Hx}sy#Nie3j&5m-Nz;o&a$7R|67KGo3dnURHeJ2UnETdjetX5VcYc3x4Q2u#M zhzn}iNStl<#$bB3NbXvd>wQyUbu^_iTX-&gv->O=A@ignXq)nqG{DIZ_KaJwUUgQN zRSQKklBq>{dr=~|PE_Veyj{oQ^94f`(8KLpOBYj??bz=np zs!D-HY)+3n#g1;YsJ!=?c*#9a00UW-QyeJe#vr z)i$Ozx30h2<|)SPqGfj`H{ok~j(1dgSB(WWva=z3C!ai{73kEV%6&F^>;@+=NbAh~n}*kYNLm)^O>yJtI_?<=|?f#MW8VReouNsYMFu?{gzTJ2VmFQ>vggB zvJ=d53*kg?&!V1_i!r}f0EM4F8>_BL8lkz)M)JF#v6#tQrdOZ3Z%f;NEXNEOkwe*Z zG?~5N6aMC_hers~i(uJjbkKHFkULm&OrpC&ZW#A^NE$ZIphTH@D-{A2r%IhWaO#Nn z+NJ;f86z<#pDs!1XpyC6*0-<#_T;Xm?g|H_Oy&SV>#y5Z;hLs^Z7EPxo9m04)CD{w*qz{x- zpJ9!Li&fC-RG>r<)~xQBe#l}97$#bv;lSa$X$Y z%*#uqs9v5-qdUL{g;zuQ%qGeSxRotu=0BE!bW{wlz`yTq%@!b!eejV7}NF9nUT^s6Rn9KeTEm(1vK*N?AiY zxa(*V4;$Q)5G<$5voGs*knT&?lQ_dh<6=k-SA1n##L* zXM9Cc*Oq3cR#9B-Tc zT3mo2I+Wsu8Zhs=<^jiVx_}o;5x(F?JZlIZfLy4VvO0)X1=z-J(b84`4;j@RFA*p{wU%(j;hoX3!;I`D|h(=JA<-$9ax;)<> z&=nbbfK(_+Ocr1@d@96HSrzH>&tC6dZK2armzenWeU4l#LJBj(V%*2XNEuwe6?e~@ z!{`7TVf1+VFiqV?s$F1BX;LFt`>z@RHnyw%5{cnyX9PjI*4Yx0>5_DUVrdqO(t4}dk=z5H|}v~C`&~+QASf-_xE{PERPuC9>25tBG;;niQmaymrd0! zi{N+Fs{5&e%ycyON)lb)3&(*aC~mw*SF0_-?Mm~+@5B9`2X%9L2l6$*d$;flSPS>8 zCIA^384`wbwck&ZOCZX0egR&qD~ZPiRQ0W+2n8=xu~BQshBb$0+uMzCbf+;QMu}>C?>a zvw%qGfsMN3irO{k%cR*UZe)bD98fCz*p{HQ>6c13g;wuZ3ESb3#UHUuuSPqBKPzyL3o|VESntd6z z`iL5BFRnEk!nf|?C^)Lr@sBRu`zv&Qo>!QZ1F=HwkY`dsVoe9;Rf_3^^2*bcm}vcW zn*bBY;SPHU52~1%KGWd65FwnLW@kG<1{lNnQ`4GzZa^G;+%FaC%iAF06n)M^QUg$ z*kmIcs7{qz{^pDC7 zm1->sJ4jh$T|yBcH%#zbhq zICFC|_trSbTJ7Vv1(;?x4J=0X;v{>_>}k1NgupE9IlED$*ncwhuv67J)Eu+&zPh)H zZpQ^GOlGf+^|O1>*nPOHSl+3CbGf{nDDyyTW$}AC?;*5q-qB_A-NW$@1)0;dsI6jEJ4%YSc`NNf{vxvU<3EfC!2SdMm%NoM(Wf%IfX%Gulul$3D>*g* z8m0UDA~PRsDaMk-tBx~Xg1}bslE_4qjxC#m=o?Y^pSc1vY0G^fXS|xX0<$}FwFNbq z!RE(+K)mN4+EKGnZ5j*Wh4v*WWcoZ`dF5wfO_O`~L4V0#Y|H&bv&YB?iiD^t9oqX2 z*&I(w(G^079NX!I*aXkbQTwZk?Wa$qkivOBmErK?<)8+B9r1oCSdDj%Ln;1Gv*62t zz43LITkwdlMwMU83F;)|Ib>y!HMP8!`qnr^RxwIm(jV=jl{?$oMrFaFwiB|ycM#}0 zzm5otgc)7_jH$zI^aFu@CiNbK)HthI$?^|2a0^Vg5cjamX8p$1I>OLce<(2ocJlo5W?313IwkgZL_>>E zBG&+ZNq`?KM%EX>mNnA&r?a$%+|jASr#`cXlV%uj^l4H zoHYSj&)`<@yVOY9;bW%3lG2QShAn?+K^`R}l3#kSA@VC1{i#(D-i3LR6^}wGJh+06 z(ypO9jRGFYX3#-pj4WRC)vGY20)r6n@HYmJJ9ewmz)qVpG1E#pnhfD2w5*f~bk`{a zp*v`mbyZQ0A#d)J@t#qTFvpB+xabsey9=4&qF*#W?MBN;r!<1DV=%o<89?8Qn?8p=vK1QblGTaSmwuzNV>+R#$+`v;`_nS-=6|meoPUfr{s-P|+ zTFm)AorEt`rz*cSCM{fqwrj_$X6n%z6ZjjfDB&qOFthd}>tqG- z3vLL^yDGPVGe~LxgW>PTKW#7=cI-t2VkE+q!Bgq?MPYTso;3mvud>|swaZ9p{DD>c zl#TfCus5#?XUtv^p*a5YOxc`IRLw^DMg}i|Ptc)ZeB|7}c0P2PxcpL-_=kMR&A^w; z!reQ*R{mJG>icihvZzx$oBmiJs8=VD>G0T8O9RXE`t|Q(SHUo5R#KcRYf!AL=pL?0 zsDdMN2QzD^vF*hw7J`Ra!pNN4-mZUb=ljNd8)YhFpP<}^jgIEF&I&}&=5=O+mNCCC zUir=1%=jOgXpfO2ge7ok;8&tgW zOoP(6flp6WHqbsy_z;~SJcngmve?ehMH z+*kT(laVcqH4`8B8c@edjc;Afh6JL4*pnI*u#gWEr^>W6O_pi5XbK}|R}MeBa(K&G z^EDe{7(2aI3k?68ZL16_S8-~C(cqp4a|A2}LrbB|+i7-|z-GpJX~OZxm2f(~_#FQ| zR~n70p#$MrPf2fy$$~TYsU~r5@IxRyXJmIiN*(GS!lE32A)<63=I~U%r<59FCnD8> zwx45c{43*cDKMjp?KPqyf9nhcAS9zJ!K@kFAhu*`^1Z(_B$=Y7@{ZcUCfy@sY=Mj# zWwpxr3(zOqIyWAM@Kw;)WUmkZ$`CnDJc36 zL!?N19Z>)p)?$W_)^~}?;9&M%4iM<%Y;|rE^Qzm2_Og)MEh-ctGMV^~;hy|>4o8`2 zaQ5Ik$R*MGNcUbZZQ}cXI`(TOT1ib717URgA{|V?EuiAEYV9TMKkmDVvmNlQ;5;*+Y09m{L#)&IfcE9I^`v0UO`eM%N!`Z-SahRE=pGWn;zKY}%GppxE2XJeo7?uMs(Fn(bk>kHMBXNe9b|pWU>nkbo&X%#6TJ;O#H}on zBe01vo}KL~VkDo%!@66lDw-{CXMAg>tF$EMWdueZ~E`>(JSVc_^dim<`5_uOm^ zEbY!dDR)({vg>ns+gPu}{>sV9^g%%tcoMRJH2S*Y_Rl#^12*MUW|sNmYzmgE_bG7P z1Ner9=ab1;dcJ^rAoQdEtRO4eZ-2qzctA$Ba-0Tu&(wnn_S>e zOfT9BWp#%kp6tW5^?y+BLJZL=LYWEcHp|OrJZPzRb7QFf30ut&p474H&rFtqM5!y0nmfVT^Cz2Wizl1R)+*mn3~OZU zn<*#6%?=@wql=`O>}m^Y15{@!jECl>XfTqGRHv`=iE+-{E(H{=sS^gi@DIo9k6nbT zYgJ{-%=l$HNIx%NCQC7ot`G(lLD&>$@p_wTCG<$61{E@<-cp+q7)D03IrUtD@-SQq zqyR-6I58s;mlxTW~8Y zKy+aYsz*q!azKzszSg%UK_wBp8~L3f0pM@~w;gCh4Z}W8Rqy0jTU!Jv2spkSgbHN0 zY@h0Syjaw*^?_h6A-h%PZNfhOWpZol)yD=KVp5;0yEHNP3%$iwBL?^-8CFtY%H@tC z)Lf%a1`Vz!>NtqkR&Vih!4X4IxJ^N6z&TEBiLpo^FeX7;Vze^OLVGUGtm;W9j^7+( zSm@}#X3W^2w>9J`D`tyFDIU^v2Z41%Ux48fZgWM58lEp{&N%{FHI{Lj1KBrWffT%^ zk*Bjin%XHk*Jt78hnuRkGnYk;*jTv~@tAvpSi#=Mbur&jWW4o%P^)M+|1Rap92h3| zCdyc}OwjzyfOVZhdOrj1v!p6M;g0H^4Bu}?J2m1*XaN}KN<;z-s|e*ezG1q)A=vc| zxK1gqw|qS(b3gao-oN)|FyOS{G=Ha@lgzW#Nzl_tRH_MUNq?!w%WRf*(l>n0FO$r( z9xLpf3&^>St0`Wa1cj#l2wFs;#7u-56G%LC%Ff>H_lm`k?;OV-^Pf~&*)kVZl4y;T z)bM@6A?^v!+-1MuW)6`;?}c>zT`^IQ-Rz%*0%dfVaKny4i1I!HRgjyu$P;SWIiF|f zbY$W<40WxWKCe*=!rZb8IjJ+hwn$|fsR!4uv^!kD)4`;8Lh}<4o631aYGR+JO*+zl zXZ_vy9nbhU5tUhx-(JU-AaWuJszp{121!y_O)s$t=yx(4p=-rK!Qq}5YcbcG}%M+Z$>wUrmx(gPcJ7H)VhVp08E zW5b4FumPDdI~w<+z?vo!QCvv=0zfXBM!0vn+|%E8s3R*upOBcodUnMtUeJmN9d!iB z78+c@kp>7~NaHF8ZIv#P4h4}1+vMRN_RwHbq|pD~5=uWFu5%HAQJQ<=p3z&{I_l}I zW%-70$ng&Y0X9Rt-cI>1)JuRjY9=kq+Rj1cmz-oMC$Lkgkc4_iFYtsZwm*02Q z+Sw z8vE}kD$;zQfaFevprxpBv3)XTq%hAN%_m&tThAsY^%&k^QDJ|T>05nE-*u2!s_!yV zVr-SqalW<2@EwB3F=xOkItxMpXTJ3=-8|Mg`x^C3m-J+P>1qTu{dvit8`qyQ-CwBJ zU!57oc0ORrYAEnu9VZ}LT)5>|d!C9QwE>=s0Q+Cgj5qwzGkCc3passto06e!P$|pY zB8yml2Xi5b>?N|g?Dauq$Gy^aD9hmJ8$1f$9YzP3V(E1a&z_>q48@z|Eq$$qQk+Cp z8bbA~BFmAhEq&>Cwkul(?E+SZ&Y1N+kzU!y2D$Ji@NmOVwQ~8LJA_diW z>SI~EpAqp=W$b8K0JF#P4Y9b~%5ZU>lfzbZR_AFguRV9ew4jz+*@=)1#$NCaZToR& z8tbi?xqc;wY^)&^kIQZS6N|9{%S;A2@k4J{^Q^UW;sdX4BcpTo&)UT3By- z7#8B;MSz2uQ>ZOMNDb=Y;aUkqKaL68AWi;8gS6 z-pR*}%M)aPSPR4tjR|ttbxtXa!O4`BiviO6yZgLk$4R+_tOdPXao-A-Hrfxmm$gmS zfklZoGUw3Z8*!)7ro2IyfITP?aN)Xx#^q$v+@a@iKjD>CA`J~R3LuT zWcul~`S7++UCxX9HCtBeWJYy>Gv61~bSt^eVu5M!q-6L=4-#wdNOBv)J7h_PYu=h*o&XqQ#pCwv{hTSGsb_x6YyEj@@o zuxaTzC)6^KgTQYk#)j`Tu9xs6?`g#f^arg-^zncULll45=BB51p`D%IZynf z5-Xi%ZR6;TD`!ZDVlOz)HAN~ycXY!PNqSiZRaIoqjeqbtt|YF_V59F80mgSQ%oJ$Y z2tipHa3RW+7<`lN{;=Sc$2@9ePjFsfb{3)2fyE-$cFO(M zp!Oe-9*My3NcMS)03{hjB;te3)-tIukdGTvWse9!kD2HxJ6LJk z59dcrX#h?7lhAYO5Qp~Y9U!Y)T|BdnWq(oX#D0c8Y4M>T5*VEo1U^`_b2V39PeR&c!2X!|($9`~JE<8>eEFj7E^6>7-R|m1EO$2qFJ2%v|I*(6o=>-RU;c_Gif<1tlCZmPbYh zzG$ixVIORpMb6EL7vaC;tnS=72poj4Exp<%2k(9(If`VihX`BHr>j`x{0<%SsShczGv0YIxZr5&s9n) zWT+ahmF$OKcuLSUL15uR-m0;ddl6_xd9_}p=5aan5}Fo>T$-MgG3XK%t+a*ZbS|{_S}_UA2)|*g9r$-FN^Ey1v}C(_MI&&yZ|@j$RQ%^3WIobn{4O^} zRD3!u7uXqhU9VTmEC8ddi7t3+Q7jJZDJ@dIah#9zK}b5a@g~@s!y{`eb(H@zXC~-l z_JYh2`$(Jkz)AP1#={|a|LFAAK2M+}jO+41XPehJ9&u!6UFsoWidO^(-k7WlrB)^v zM+t1x{A$fDREv}69!Vs0jxK4N##3HE-3fFrBB@c|)>%#}{D)8xi6rkg{yaCEsie`T zTG*bR{`tX4P4g9@?7qRey7-EiF-Mu6uVSElL&4|VR~)+y9hp7jm{)23bSiwMW!=U~ zeyP{CZPk8i5bNQ4dcfeB$Mxlld~|;C8@aN>T^)_G`EUY)ZZ1RP6!=vQ^X}-pV#}}n zi4Kb}n1*ew5ww^#t{c*ru#{O<^ZwAyxM_W{A=L^7&_7BHl}yBQ2Pe^hlj(Y z z8Ca;^(v&IT{1e+la+1K;;6NDMnm{NV${higvU&1_5d6o-5$~|fjcn~e?HfNPLuy;9 zQ`rRcq;=JWvoe75!GVNurVH8u0nyk_YERG*@~JWQ0E0&uTbsVJS_9jO1xCRjzSFrk z>;)(-J2|>pW9?_1A)QTxZjLSzOdRpA1B?4p{(e^m|H#-`4V2;@h69q*~f0a6h_o6`pP zk%EH!l&GYrC?_ZVn@E^i)VF&7`mZe?_z?1gI-OQyB2#7Kuk?2m!5ALIPnCYJx28}Q zOe46HK+rd>y}v8Y1Oyh!Ltb@3Ou!eB^)EX*00u-b*T?R;gO;FX5a(|*%G5hGvMZ+x zE3PZ5sD&o0&3dl}SNo4EfWzM(lTSb6x44D%^q}9u>cWBoAbSRIPNA}yt$Cmcctbb` zU|{o~L_vN5>CE0JI1q`>_KqJZ+2>uV)nDV+TUQBA!9~WF*L&vIx7&VJH)mk4-}zg= zmIWZLI|2rfuU7HBUMd@SR6#Fj$FJYpZTcX6I#Lsre6N%|=sw_YdqKB`>Y|dSq#)pA z4vgnjl`;Q(+(3?YPlun|ZM)Ndd4#ja--0F}POYCx*1m=54CPhCqXRINMx5vNDGWc)Qex<+Hz#yr> z9ze9L0tnDqy`9gkI*5jF+xCgED=z}(Wxq)0KU~3A1>C@%FG0S#xB#xUwZAKZVLJme zh!9}FZ@+4Q1)^W{8*`yQM6i1-3<^o}OUB>3i*Ku1n&Qyp((y&C&U>H$C$+UFdgVHE zh==>9;BWTAt+AwYk9C+J_KqA}g85_sX6)g+b#O&LnaF^?0A)w?^ScrNeU#7GkU$(I ze#C?TWm9$}Fnh`0@JL5M_7mS?TL5zJyW!w{6?fS8Kpd!k#C!l{3w9vKgB!(e8A#*a1{vWor8MNp83Ro-^IS)g|g){FJ7Gs0RL&gplW=BKL`V> zw{HxS+vp|r_U#;U%&qGpKDzE1uSs>l?cU_x@k4@Ew3PU*8eF8LmNA1$1HDHSg`qB?tOd z`cBKn)>`3@oPn(&d~-XP8|o7PpW{Cb`(4G#|HLmj4dVg~;_)K~G=XSg2jBeK$H4k^ z)9^KaK)_bt!xsjlMH(7BhX*c)Z{1~vjd@=MhO^#3`Y&!_Lz&1d>*SO=Fz;EN!df?j|hjY3Pf z?V4P%e;KnBY^t!I@6XLDKal+2Z;H1;Evbp|#ju<_ae%%V;-PP=L5QzR2j5=5HLb7j zqmN6qFg@hokzPFRf7(A}^MDSPTVp~j%d8a?y&HOM7S#X=`YDH}T!k$GN=O4rr^=jY z4KlwdFp7J+a#Dt<{hXx8z%lCIWP(v7;130$&pa#qT{YRC`X%oMo140SCUQz@&djpW z0_^OP4h)TX$wBY@Wc9bk}m}_8Fum&1mYHs=@K!&S!6v=7ic`RKv`(~~+| zmuSo0=x%pM-}x1Yq%!S#Ef;(PjYcYZGL;pVjr`cn3!=yG#?e=wC-n5C(AB^TpBUcK zFxeS4%T+7l&R6$^pnqr*kK(-QSx2KvZ5SniwacEx)$uxTc#ix36l7bdFm?BngzplqllU^?m_X=-Jz8IH`IPRqI7Jj`< z-9Lj>Ef_HwmQq_|orJfgEJZy%Y#XpLXr_CMzc|G_Nu$K@@0WJQT% z-Mvmzi6l6y8RV=^8Pi|n;wJM(mH%PqHbS&Zx#pE4WLVou7!vLNe0EypEI^oAcyVW| zQqfKpQXyF)EM)1R58qzbNf!<+IrLDbrB$nLdh~YZ!y3eO84;b7s&xMifL6j8-YH(J zHKhu8D+?wHx#(H>o5x!FYYx83$vLNpx*8{gQg!#{nA-h%h&_s3)ag$e!?!}n619(c z&9dpSU2M~gS33e8*_`k2Q^`Y{H0>?FrEc6OpL{B}JKvVkXc@%D=Vdq+PJ0W9=9>e) zv(PcrAr|9{=gj4&(D8VLLfxP5(KC5|R8WyhDkupbEBb|bRAZo@_%^0%`Vo&G-`kT< zIB6s|F2YCk#P}gZ5i`v6)dK}qx(C+Ed!h}W^p7*$<38w5r`qD{u6FxNssrMAD-tzc@$@}d zjPb@HVQ~G=p|HF z6cViiw;}7+(IoA9O)EASy34Cr!DajNl>o*G7M9TMG40KIiAOUtL+IeXlsbmP)AdU^ zf;FIB7c-GrTlxY6U+Wlnj(-&6$6jPtrqonMM7{@PP8d4I#tyYHA4wF_9*Al!s%)-L zsC6I(cF^Nac{xczX8B94i_hqeBmCgdE6N7EW@Dj>kVkt zFu8C@QI~B~c0vKKY08$6=d8PsXwT^(Q~PbKj7$Gk#zf?}VNqCc_H*BVx)M!BWn0*P{&j2PV; z?YPw(&7e9HCK}POVSjSGyQd#!!mK^CI=tkAQS-J=h+x z|Hx|x*>*i;Q3d=Z((Q@qK4ViOp_}JPW7Z!#l%J1=R85&OOX{m%CDlSWSSfaRerqKg z5y5T{i*M6ooK85wiXdp1iiGiEw~P;8bng!DP+m0lIKy^$rF&(tDF_RY5xGAuPL#;R zIa);k+1RP0k}ztrzPK5=5-OnFGg`wGIA*d6twowwiPxq`hg%hVq;Im(lwoFrHA59PEwmbfs)Gv zxVlN8SqR?M!JBbf&z<@mLbd z*x1hVLeXvO5>xU<`R^)x`dh1FuUK?s(w0M9u6>u|$ZWMOg6|C5X_@d1==*?|CNajj z3p2~5ji!bV|Jn%mpmJkeR;_WhL-Erc8>dcd#NsQgobojs3S5%Zj`yW}%U0(5yobc4 zdx@jM&9BN%rRH+4JnxZ(3}P?yDcjR^hMiD{4&aJU*co!x6$@y$5h&y;dE?Km&@+yrcrd z%T7SV?rOd?ypIcgQGRFZ9YH)ac3H*XD1Nfp$q*}x!DKCCE+I4+vwJ7{4z7mG)idgS zVM=TkmV><2yXU3~xU)FO;=Vrl(w`3#-qN%PSBBraGaXJtA0*riye8efCe8X1sk3{n z1)gVy!9LHGjzKyH!I19`qwRsSzH3t-K{56)+O@(EZa8B(jHzVfE0gf;G{WRr zwaLD~nXace$sm`J()s#Ykl*_^dr zW?YS>(W%z3OpW!)br>-D_dLmr6+hxCqHdE-9}}eu_%x+^A%+)J1vt>UgZ$cF z&$J_{yX?I+bN!eIJ7W14Zp|`OQAQ?z$tRgzi*f+hM;wO|h5PC+eem{0!h^nx>Zn|< z$oP!IQp2uw&&E@YmT5wF)UkfX4mnwXa z3fDwLD-rKOIxf9<9eGoWHgh`GDZBZ`u%Q0|M?kp0>#i+xW}VjxO>{qrP6^k7c~TUp zHk=3ap2vh|AZ4WSL2>&xCRkP8EI)ANSfnSpe~%=IP!N z_iez8UHy;%jV7G_bLvMl_|&X-_Qb7QDTw~Nxz9NTStH7a*S3t?;^|y<@7oIY9r!tK z%G=!na%S`lhbMO+YI+t_hepTmr_e3?WLB(8eG;^8zo$4Li z%F&i{Y74#LJF5PU^$-%XzEvM2$m;tlv9EDFqU8iV&nB=3k@hnE`_sR)A`nr<@WJCI z=h*SNuu?tcOZ&k&p}Rhq?UbVjoa&Ck&Nu z9_$+M*fXeZyIv~?;e@EDzutd|%iU>_48}|fEkAO>B1N#s59t(nS9B=N@n)BBgb?_9a57#!}uR>dg= zo_-l+m+q7+>5mn-Lk3ETd_145!*E$7?A$jhYYch zO)Ob|9#$**4o2ZnDCfvAhoFZLUiILu5uT{x23H|ih2J)M zaq<-TOL&_)_`(joJqz~4=_oY{s=lY}e z7I&H%I$f1=nTz^MIEKNs)Ld57JT_m`L@mZ;%6g-bKKS=3QZygV(-{w2U$I-v8B}7LMcreD$W8W2XtUS~3_~=CR#xoX2j|=e+Q4R=S$&y6vCEb67JMPG~ zpqw9jRvj-lEUTw(mHyQ4Ywg;4n#^n<8NO)GSHx-d0s3M(E@4nF&8$@5xaOr_7Odn*ShDCs^Gw{U5_r~T1jDaFfa@^$B@4xo&2DmK07M>e z?TDXTbANvz^JS=pl{f}Uh=bcmK=iU9+_voAXaRsI%K!cJy=Bi0voMP^@*vuin*suo zp!NE0{lcDE9*5DL&trP$fYWoz@B5VvpW6$^jf%!Cx+M9m+6k_Un%hZKJaql(ipLWf}{hXCttB9{eQgD)0 z?PQ0W)jAnpV@UBUy_Yu;u4@B1%)Y&Ysc3^EzPrWYR%QOWiJmJA~@B(v{QedAOr4$~gW96Yu+HKcQ-u0l{HM~kik^W7Ck z(T2(l`z3M+VzLYGeYvf%eulAc9$@`Urau(V3)4a&=Kk^nzcT~IzQcbsY6Z!Gpx$7Y z{?4a%l?8#&jGuChK=KB&y0V!~*!&25|F!pt(JKXXW*%zYlWqDCI zK6^c^TmI{GNW{^#${l%MA*HNC`z>y_Rus`bPe4mk9ULUlH$Ic;t+8`k3YkC4vPQ{W zC^fwR+QkZvOp5P@k!i88G^>tS1p4Pl6PNGIPJ<4(uty0O_badN2i#Zj`hX{^E%YqZ zpVcEhE3}pBA*Uh;;{Aw&rX{H9^9PmV^Ap289$z`kVH>G1kgja2Zi?UTtk?5$a_>eJ zr1-qWHca2G>XJ_>K>j+osgd?BK<|iQ*J%$J<_e%w%1z(9pG?C`{Q@d^e$0qS;5v~T>xE!0G>kT9xB;^vrl=n^&d z)Md%%r|$^jyGM6qhjING3Z9F^r~As1wTkRg2k}(O<^_sl9QQ4cuvW5LqAU{VUvwt!s-7w zUzA#)ndogdftk~9ScU72*gX^J$Kch>X-ec7n+o{&7`HHe#yx}EI|=dQzYklJCg%-W zgwH|hxXQC_v_4Mrk17!VM!CO&=_8;~vaSNfoK4 zF(&reB#GpavT*HsEkLyXzTg$y>Z$mOK0_gK09$s)OnU~VvknBgwE(G8*uy?RWX-)s<#UJ=u@cA7Z1d;850Aas>tZu!MVP-6`fT8 z;b&Meb{~49>pm7&+y{JAWq!7CU-CIfZEbyzx)74zGcX<_YJ=BQEDmER+e?ycPl3s^_mm4(rUdeHi{nMJS~Fl zVb^|wAh;;sxLwoI_X#|BWcH4Tx?9OCdoSR%^2Mi-b2{CasX-xG+0)*vvxBsc0E3Pv7A`S zyB?o@Uq`+|2p@7|`myOve&HL*6TA;sE~=7+v$}`tbk3|B3)w+0{S>?4SlGizu;suqJTkUrhb*c1PrhwpdYnIR>v_qukpak@7lPIWGx;?> zWAt4U`Pdt@h4(nVa>F;D*_4SI8%e02-(bzE589hNAMQ_*^W%DAD5!*g$(ih0!?^nG z`%Mcbsamv<#9Sm&zw$F!$IC5i)FjeP`7y&Z{Y2Wup0qAyjZ(&Kf}22Tc1Rw!d}?3u z4HvH#lM6|7!-3B6VvNSit~ROip%mYb8#pj;mFKdW4dptnz-og`tD%GA@t#csTJl+x znnUWMn@+;rjXBu6cv%g zlU~cOI4?CGlBU*`L7xW{u_k-To8i>h6BLl97>6A|cX-SFar_d4(H^kUz!!cBJ^Yvk zM`c3->nfil7DODHr(=&~#>@8ouVvpf-Sf4+`YemrTj%%^8QqWjsC`~fysip{^O$Ep^G?hR9-nk;`qI z(oBctiEz*BlE!7sWT9%Ss_;^_ST^&^n}ZX5d^)4liI5vnivW_RW=)DM+WbOu9?7WV zhPaq>D-Fw+l(y0!9_z?%ZbhTbLu(gz#G>4r@6+u8dwXn?B5@*8IhlQa1_&Kr28iHI zI@8YW&$zzC%F~`N{Jrs&5dKb(P{=ID%7 zvmCc}Jzo$_jq``o#_24enwiRyMXWxEO87+XoqUwn*JiXVKyrYf4;Nmebegt$r+vnl zCnDpZy4!Mr^5{nyi*V}BaT;8Q9rwT!%H~mBIREPQN|BB~K=>%AT3MZdJ4Bc~WZ9zz z!=9KsEUA0{RWOE#3X}Wkn{PTE($A95yWJ~a^WK`g73Y0?9Y88eh(0r=AZb@b-UHvx zqb^mqnD6lDJpLuwsjT_T$i{}D@j&vXV65l)?Qw&Zd+?RyyMSeD4fheP3dleY#7{2Z zL;8LYU~J^76n44)r(eLr!@+|u^YK^#YAsg=vG*934XRc7a{h5kcIQB<37uoUwU*@@ z&dl_$_XCfo&blc3;=FeGiM2_`iIpK1YWC4l zZ0qoB(YTP#`Qq=vpS=fdIh~S%GHG`TnU5j_B6RV`K6(jVY~a?Y+Vs2_oS?-fSf9I1 z)!s*-xom87a^P6)DIIdW_I30~+t|q4(If3Yk7n~ZULb4`4Mr=K)}Y1d4txul$I;@D zl8%30n~pLmLn5W1uSRW2`A7imr=Of*P^z|M|R~4i4 z%^MVATn+PfAI47mJ`+`fO16w5W+h+97IAyo^st^eP7AE*Rr_0s2f48k2p604(yyGo ztaoFp3k|h%uLQjpJEPJR{f^H6NE8^zdU5%Plv3tmclXeqG8Eo=DuauqIb-4 zYgvH1GB9&T1mT-%mxHHnOXyqfWi<@^HL#cEAqDFjwx&s*fq_DU>s8aXsuaDq9tifw zr(oYmwE7*i~HH@#JphZ9kuRH>KR z%jr84vG>v@q?BFUMY(3pyW?Z30ZH_iJ|#Sp^#SBb_r2Nb&zMajCl?7ZUu=(jtf-%H zd~m{gk8N`Ps3Hy?gpuIYtCY#79IJ9vj##jK85ku)A`{ZH*u<~Qwu%(Mk}rAnqndP> zDEXBBh2XbOu5%d)Bf%;@EZZv#Dp>{xh`zquN0T95lHE(jSNfbmHmiG{ye>5N9r$6_ zqH0GBnnQU>iY0}H4BPAKU3dq`uuU4Y zC69m?j{ekPx$TG--qF>Q)7Pv|xRo$hSQ&w%qJ4q4T67Csf(PT@QF?6IuzJKIc;@6J z0!+%9ys(I)R&`EbElVigsQVBtXuNv-9p zDj;FcfQsDgqewAUns}_sOPwj^4&6O0GZ~iDpTUK8zRMLW7l=@+5O}?!1kk57{*IR3 zO4z%cU?KtsP7FdvQ2&sQo+4YwnJfUsOWUdU*wp zYdjoJe)>*pKm5CXp=5q?GpG%v?ddjPUdXv2UJ_>BdouS!x9bdvQ^wC61QM{{mpbcH zhwjLs$jFm6$S_M!fjtv3VT!RBgwRwuw8pOjgr>d#xdVmYKkR%`*r9wJH7q!xsNH^# zNNJ^WfF0Y0BIm5=MU_qa1Di^`n(gMCcE`0?!!qi`lt7_?oLY}PTuhK67_OR|?t<7= zC`CV|rSa6A{PGHJ0ZfGEf90uT4eRn;lDH7D4v!ujE1J? z)6<8hhEcepcO~%r7t7NXgOdKKMGBFJa%V(_(6@0lUS}K&cbI6`qVGl)abyIoi{Jo1 z=Yu)=mWE(*cm*AAQ#3#Jx#b5gu?Sd~7;r5-@gTxW4_b=wPn|8AAMF>qB5zAMl<|y2 z3Ap+&aU&03<=`wVwFy6#!jHWFY#}AF8u|FJ7aBZs`I%+y6YvZNV!4~QDd6A@IP+Z% zzM-U~OLEQPV;ugChgDp#0S4JoZX_$GH>tTtP}}a;QM)u=f%6HR&^;e7lsig_$&{=h96g3OjF~g3 zM0oA*eWi1)ly#S+>tTg5-DVqKg=-ax;xO#8(S7&Ht>CeUd2xwhf@1Xb(2>Ivuo&vs zM504fiU@GMxWTQjRTQ%ZIrlz*UpU|N(3bG-66E07n2Nh_#E3Dhq%7o0@u5kF*w~s>+ej4e9T`9DC>Q zDsq4Dfb9X)5~ETmsh!R|tx{_ZvyqF>UZ8%Mn7I2Ud?@CdTiq}VR_OP86Z0vgWzWoB zRB>EI;^AydwDN*xlVH>f=$AC_?8w660Pj!i_HE@y(78LfHGp0mjaG28_SmHXwggKx z8>whZH|X8RYI!ggU;eaZXXM7IuH@|unJn?3Gu;YN=58+g_|9#Myk7aTK9OY`CG$dc zFwy(457oW)OrO?SXE!wEtJX5$c8j`qf1EBk=9xG(-%a(&Jv5EV)c#=M2~X%>vI!S()8>9qoTe7j{XQsGH9Tn} zv_zne&&)m-Du_o)9KHC;bd$?nL zb2@qZFp)dT6Z(E-%58W`Dk5UsKbN%u~% zOQGo!E$LU01|FSWA=fEwoqf;wO#xn}!#we3X>KcKD}k~=Pn~k`%zomzr9P0Z6OAm# zs}v}(>?}Z%u%j+uWaL?z$~lJ5-)kwNm8=OsyFh^7M9n-!(Y+J&yR!+roWD}<2`g$B zEy+brz!bDzjD*+Ug>{kN739=uwk%s4Glj3MyaRc4R~PcjE71palPlHmy*u^oB7^uK zT@nOq?fA7dxxiarp@&T+!rLIEA^5K6a?Z^+88P z#s*AWh)d4=5vr`2kE#;PAL_myZ===;_NZfU?n{`x5PO*rFM#^!DzN#U7KlSrxuF6*aj(K>xjPq#6hYPEIj zh&g&m>q6qVz$2=9H&_Ak6{KBT8OGNsg4NHFzpQ6V1XWedgoUvjU7OG&T z)OL!f>LOjLKv-At#Y5@q2EyAbJ4376G0U=5u|$jwqb*+)~tEgufhk%&1N2P3cNubp%Pa_EADq% z*vooFGa(l@4jeXLFD+j%K4M$P;lWa9v8PWHHkRb4 z1YstW!0*97gtH{5kF6tf;v4~jf&ryti)Dk@DMW%?sOe5 zc)SPsqP6^Ynr$ey41lYeFGoh1CANf+To;?)6GXr@Y&g%P6v`J`^F=$6SbIE>FS-j{ zIQ&#MMMf)<(yK z-&+kVa6gZ7E4u}AZlMTo-`_E!YOj3-kOSaTQHs#$K5f9(7Z)TG=GRf1!<=lOfd}U! z+VW4;VR?$dCvBBY@z~KIa3~kvji9aI8v>=#CqG)W*D~Q`Y31geJyUDz$Xask?jvno z@Po4sy4nRDq>pqEKBhZjlIk{F1EPuyM%7z=YSb4vvQ>Az^m0}!4JJ)6Yb@~;&BZh3 zc8VX^)wDpFpB=L<=WKrHK*ob#-^X@RsA;Mkn8G>NQ79uJ6yO(r<+&f98L#V#U>Jxh zo2|2FqWl);qT$Wr_3lx$bg`sGTRqDvQ%}wvS3{&3u z?>FJ7lV)qyR0r~ak2zVhL#WGvh+U6)+dG27GI8*Av^H{yrYX2ewB}PHh=RQW0dw$i zKDDAcYLai75^OC{hTCE3;?5rM(f2>}w*X+vKJ1yw>}{4D*v5ZXCfL-o-<`pX6D^SJaK&*NQp2Pgz}ymS{OMVB4D~9`4L`qC^?Af1 z>Z@j%Rly3K6-gN(&r^dqKYC*6c?m8Rsf3GKg{D8+fEc(Jrvc&6YOg8)8QOq7CvsngNhVM+(Fc*cH2CCOw{;Me>^K zhkGSi2|Ol+9y7ZM4gUi6v#`%(gf;L2+aZaw;69goD&dDr$A*W-m7mxTRa#7*xYxE3 zF^l=6E)tNk$BCmy zy>Z6fS3r&C&#K1eG(Mb;gpQ+$K^cqGXK5CFIa3~=M6N&gTYLzY0?jVPHTIfK{bh^)r!2fM7{~(L2r*5H}`c9>1aVd3&2|Ye~ zA}={N+T^XH!OGX-5;492{-2HQugPDZ#MzU-TR_BDGhi2=} z2VmEr*GZc;ka1evGh3DPP_xXOiD_*{acWkP&z{SxK2f(WHq0xfvht&gu_8zFom7o! z=5q)kTNv|ZZ%@AG>8nghc!8_^r_L7jt5?yhD<~;-L@>Fz?;cnACrA`3p&X%evxz??cDp}EzRcZU+E*AK;T;b0O z;bcE0=3y^ly|03c68TE07ZI%w@0obn4{F^Lq@<$PB4$Yn;44jL{HRc3YIG=5#%Mo! z0&i(RQxL#7cqdASa7BP}%YQpuW;OZj>*@OQmkmEbU~aN*?}l6COomkz8>a=jB=QrO z$kz?|7xw9a`B9!omE;`P3Rhb_ae~+MB{+~76I{UUkVPA^HciGyQ$7^i19`>LeJ6ia zgqw$>^Shs^__%ou4`RWpSD7Vx!unS1^IQ*25Y;0!1KP!JJxOLUM!H#3f*rF74kTaD zPd`WxL@G6Ky=v~VXyQet_GmVrc@vV2=&5%dm*IpHne0Y|ZSKYbq;Bb=&{7dclcX>F?4(3E2M?Y*C z74TWVf%Q68vw7(ed3wM=(=|QsCDXbQw(XU&7GE+TeNW-PT{Tz~T2P0Ty1(Glg}C31*r{|Jn)$e8Rm*KuKbOPW$f zSP8WJfC$^gxq(8FX=&Y0`!39Ul3nY0a_N2!8Jp?THVdiyk2!BqGl||ybD=XtUhXMV zwZe1Yt1Y+;(NHJ&U;8LFa^3ezIjE7 zMcTIRY{eyPkW`9W!CzDq#Z?EBYtcV{GSadS>ZTwD)+t{Vyf5Wyr7B0q2ta9AwKY8; z9vN5C4IE5B8mkRCmoW(@b`icm#Uh)c;_?ciCu}>qW{B=$|kx$xwqf4P3~UC!%-2NODdamahSAuRDqXZ0nbYMmF&2WVS7`^j*vG5 zE)ip;=#lp*KCvL?hs@R3uuyDBdzyVWP*xzn|I2(0FJGhjy-UJnk;{@pg?eu9t@GUq zC)J02-uj`d>B>XJS{W17B-c$mAZCTIROVfC21HNN*OM&F!hAm?#i^jG0GGKoLFXY3J{E2o-fmUUdFC5zgv%N5a(VpEEQq2Dzea_?S$ zgEdtuWq!9-d8e>>+}ySxe%i3{+_n0tKsMEK2JZHIXYUDKDTUzzY1wSXkD;Do;VXtz zuBizUIz9AgclV+d>2c@WVQ+qF!o`*7Asd}2=G9$#4@*>M>yLGm~=Rr&I$Tomwq6MM}X zqJw9WIqiLXR1eCnJC>dUe7Znj#hdmBrv!$lqD;oRH!upr z{HJ`OOmzr#I5ArDA^M0vn-l4KM!+|_QO*JN1lI>@`g&6FEC-eK$F#}t6;qnP>2p>x z#IJthaPOk+R{Z=846{SONeY%vf1UM4d4(Gth4zkJu;Vtx=1!umQ?J%Q*ln9A?|R2_wdVywO`DhU3Vj8w#*=w*%yc}e~zCfaZw<3SNKT3kcR%(s7PlWK?tgxyM=2(@lc&G5k z0MkJAI2!IH{>jfFQBM!*hxSHG!GTc1jbX=Ra?1*ansGn5g;;w8(-cNRlf3WFb$RK> z(qG6miSA>v-w1hg>Qh~+h_tadv|dw5G45~7@e8N!MauVl+B>9EYhNJL=i`-}*&%Lf zY*(fYsJU3Kw47%SWax*@sySzzb0Nu}p-R%LQFZ@{*_(`WZhohax@nXi+|i>1wC>65 z)V(3L05+g!BHbB?R`4a;o{dHoNFu;3%C9xh>8^ywA=IwR8D8 z<|2NhQ<443&IrSfUVRX_{V-frfr`&$Qhi>nz`+7*jTl~14o$l0O`ldeejlH{4K~Qz z;b{0O>XTRI7w|+x@RyT2r7c4bIbZR9jOiFml-PsM*pmWH$NQBBDlx0&$o;s}&KcPV z=Pr<9E>UfD(N@)|w{P@qqxYP>fvtM&Yqb~5EYZ`*6_!tj=>6FC=@Ei&=4ITd?Hw+1 zgG*|{%z-+q%(43oMfK-#m~rNDvPPnKt#&I)KsoENd4 zrh*j0v980PM-&t?HhSurlVO{m+W**>ye$-U$_4O?B<(deoAAzFY${OmP>m`Hk2X+# zZl`N@Q#jjhz~g&Dw-1mPvX$LE98M#~lvH0WxC(0n8`EAAXh!Rfn!xx^EG|iT1(*Pd zvF7h92N?OxzI0b|ve0Lqg1hmN3Rv{~9Nv8@!?TFYQ&1409B*S=;XJ&lvu(gP0sRTDx)KlR9AGf}LEQZaymK6T`aj%%uwJ{_dTg1lsSw=3| zoLRLNGZ~!5-FQBY^AJ=Kgskf!nWP6oOb%Bd8v90aK7 zE1xbtBi)fa9w7})FE5^~-W@1u5>r@)I55e~Y1dT@Vz=MQi}W;x;OHn)_*|zZyddo* z#T8tMNMR^=E_9O^+x8|`CeZOIw9nB;CdOCo*{qD9Czi!2f2^0+ZskeemHcu{(OO_v zVX^&MOw^Gg=L0(Q2cc}#w!U(3FlRJc{Ft7Q8>doljeH!Wmal1yE56Z%$y?%0CkSsA z^OJxX;Z$`dgN>WH;nQ064Nd&g0(IFe0~=8ja_{WRnSd%Y(jE+?lzAWFu^XN@oU>fE zBsqhzcnKe_w|>SX#UJO}&^ZbCM~0XX+9uwU3T5(9OMj1l|C8VX1)x5eF5&ow(~T^h zYV^IIb2GoD)Q`sJtoV-_A6iuFd}hl0W9!j3-?#ri0oOYy#3Qy0yeIq9mIQm~qMUTF z#_=y4U!v%X>eWSKF`uyGg*Loo9q< zCJR3Iv}>Y*!%GLbGtB-Lt;?KqJI`_Oc4p0@J=nHHDkC{Vv3?mguZ(lnUAB3}g|U** z_P^bBIHYgo3Szq&2|<&UU4PAu@jKiyS^=Lff@~YH`wIJnej6IoT3TuIB8k|Gk0zvV zkfuMo9a4j1imTk3tp27pCLHHJbfr)|AQx8zqrs)nfaW?Tmp6w z(k-aH!Mb-HqN#XR`%lykT9+0~5kMTNMYiTL7vorvRdNxlXn2;nw;JhA7hy<@1n>A(mQKnwI z-uFV4m+&4d>H-B=cV~J|!w;foAPpuYaJEZ;j`TzWvmHy^qrQYD`ABUdxoLu1k-b4= zs&#UPgDh`r+*)ezE7zwZBRnWYo0D~p)LfSEy74(2oX2H>r3-3f>EPbUrnBubVb69_ zAzoF=*Iu_K^cpsMh!jsN0eX}XzmiShZl1_kIAt~8;p<`I$T_98>KYV|puLO$Dyt)Z`UOhBt$(ZQQ7>j>OZHNkdV-0&!Q&{LRdF z?<=Z}0(RDDAlcG=FJ3N>4UwG~w_zc+<`V!fu*u1UJ*M3xf{`0EOQpRnt_n(mLEGt7_(vT#% z5qyndW8D~ApEMUU-F=XdmHAJRY!Mc?EenOjVx7&*ctst=P(o)V(_T5Lb8jhm>d8j< z@`a!C3Ajg0=4LqGr_}JizPQ)|bIJpi>tGy76dfCBcX)7V{yz{=vDj~g#*8S7_a&WL{M9@D^l0er@o(7u!R5kDZa zva+ZOx49(ozN?>L9NH{E?~n^kf$W3OKTs}xzaT56ShVXW99NPn&Cds2gb#8@KP2;f z-tNiI^P+DzgT!-D=emLpoVv9a(}*0`0Twj@b~g<94)Wupe~I8mh?UoEK@nsE6*~PO zz#Jwe;hdG(%4%pw-V4=SXMOEO718#GsS`&>qSW%#oPpkvTIMbVC@(%QlPP-9a$ix4)B_C zv6Yni=S8!lWx(oYYTQk} zc$_}~0GbS5%v8taH7Vq6g#LT`9>_cCbEeo>^^IA5!1W&m5P{NxjA}yzDOF~h1Zm?^ z!toV3UVHD6$$Hy{t_Pd-tkVjHs+DGsHNf4f!!6#rp8$hags*7lEX&29XtxHlfQ7%eyB6C~%LS@@hz!?Ywz2x>3~nl*TZT z(IYm1h~NFe^~K*=)sk^U`d2zaKn~24Mx7BObF`mo`>QO5ZH^%+F3LqtY$JsCL%wSo zqUxaJtD3i072Q=(Q#+yt{}7vNRHExTgYTF@F`S^2EG;3{FZ@>2mlM!o(^Ke~mb+IH zYT?zYZ&I)f_M9eJV{#sExaVtmdQ{5@?EUBmeD#aZSE#aiWB?G)cyAo1Z-eJsunY8M z^Z2u05uY*oiO_$advUGa4c#Cs>%ZRXfZE&A{tC4} zEC{B*@g<;RH|H%H!R#_TryXM*7}!~+z3fqFMa>w@Gi0D{z&Y7YBTeE!$kIZkYo-W6 zMl61(E=)Egl>^;%sY98RN_s0rDTLt$?297h6p%9z$G8zGE~x5R}ca~k2x zQPSC~7mMr?JJti*m8CL-fG+1|ejetqi^I4WY(Db|gzj)jYzON7x)|dN=}g68__@xA zL@MtL{OiH{Q3EUm=hP(=7B^5uA^NkURAb!6D8ARSiy?lKZA^B3@bHncw0TET*X~`L zlu}LiXsw|zsH~Xmj7I|apJocvio2TV5$4A}J^dM!5`z>Pl_DdQXDiZ}5+US~?BxEf z7VCd?uZ-&D4KhYgqiXICIF_PRu_Z7R^cgMR(zF(u%X@#nLa_=$W}|TNF1^s2*}lXy z(a`lO)(ZfxVo|ERZwihu-~PqHiLCAVPP*0BAD~;;7%=!&k5mOTcZL33TEeZ9w^Jk~ z_M{8{EeyJ#TlSlhJl`pPy(z=p9NxE@J{t|?lWr#tJ1sKY4c!-?Ubai2x`)doiv#1m zz)zc?HOEWgb)BVoi5k?Ydj(r z2M30+Q@r0Dz8Wlfk{2ge^+A9Vs2>vGDQiL)Ek#uY7!hyAjgBw@vbUB1VWz|&rjlUO>l9ii zY_-RwhBN?2@sx4mOJ0e&PcwAGfPyE&8fmEH&@6vkdTCOCzEE(l*SqAQ?kLKy1dx@T zx(RN}(ck;ti6UiCSg(`9u3ejy;bGi#)@MDVeT|Zl;#%@~f}f2?wp1{=<=z;C*Mq_0 z1QdYAhAdpr)P5uN*x~ptf#nwnQK|b20d;3HwV=OfrVodkVTBB6_`p@xG};u;>d&9;5naa$n_%sN zV5!aH;0xAaZlI(VktkaQ)@GFOKtPOY!|H%&e;I7!%*k^VvL@_hVN@j=P_2m&n2^Mp zffq)Sr1)9Deq;d!raZ9YPN|=Vzg_u6+E8NfXHDxh7ZaQWVF^(hY-8<%JpTtC7B}@n zuFIrIM2$glXzrXcavX$0`=@4WKW%qdXJ2QjeXjp8u&CrsomJ{#r8ZT<<; zl6d$voVDt`TyMKO<7)z$*aSRJHLx+FNRE3G1Y*j;#u=PI7_G%y+8G8!GP?W~Hyiql z8bjtff>JVIL02AbAIRH~50`w|{Ayc~>VnlpIFNI!lXPMwD6FhD z7p-^5nf`|5ON-kSkgRt9gybF{qmhF5cT~^zjvcLWPVnwepB9JoK9E<+A{0lYNC&mp zoe$(>W;*wwO;nZi799&Z6JpoI8?IX|RhKH*D$M_*8)muEk`y z{R?hsudMpsG$dF7Ussqq&xsPX%F+(W-M4pTVBc*UPkQUG)Yi5S^XOVfItHqwuEZh2qik+Dd{_%)L`ABgYPR}!@TE5f@;10vkfkoT zSZug{9}Kid(?4_%8!6n$XYvMRuzO6$i%0|tEGo;s2`db}A|sFrT1}3np%$4oQX_(- zgt%#Pt>pTDyZ?28rwn zo4HgmK2ZVqz?`{WcN(A4$?UICwbxMIgxY8X#AOQVFgnhdbh|z3QWuLeJ0g9U{e6k{ z`}D;vJw=8lfTACmYTy9xOd7>0hCprth{WU6ZNKDS%f64D*dP0RYtj0dg$s~+dwj4$pZNP$F1{ZtiPb^o@m%t9I zbZb6p5t|Ntu8~!p#-+2mwO7a?Nz{ZB2;$7xS@uqL=Dm1cvGxI#DQePoTP;2)1g5&q zqp(Z5ei<-nNVJJe9Ah587-HwC{dnF%i*nwVdV~{ zIAFYtozssfK$FGCxMSOQY}>YN+qP}nwr$(CZF^?#Zt^Ajun+rE>FPhAldeod?Z{y7{|cwdKUFZo)a?)`_4q~oc+KQIqHYM&emX&1l= z2^gK=-OwnQupgWCbHPHIe@b!_qU@6YiQ1S7=D38+apEB~^nErrb)>am8q-yQMk!`Y zm)^9m4wu^|uR%ZD=f(m~KE;`OjlBmmz@g&U;Y7~vc3MZ^q5Y$;Rlk6qMQ~JUVMa9o zzl5*gP+sMt0o5IKA+ffB-8v|`kM;oaU0OSPqjb^stP+;5)aOS(L&4UFY)OPp)z_Px z-+%Z@gFIezu1oL3nyEgdlk0~DPf3AT2h+U!27P>#wuiwmJWtG5<=vL9`^;5Q&oupF zi?M!=HAAQ~)cF32nd=}8zR4|%T0;z0ux43-<9Dw@nV&6G4lmIX2GtS-74SpxoTyCYahUHvZSW34$X=EDA1CgSYk95qN}61Q9( z1Qx{$QNj~FH?m9{zKzSIaoX+@MFG`kVn)1d8}Q)Y;LciM92_VL%hiWjismGAAKqPI zmb@q~vk;$Qm^Z|=*9J^Wdue`h53+aF@aGxf=R_Bn7OqKnDmz^bAts>3!r4-I{llfN9;wCsB4e6GtgMXyj1yk z@anvD{y4Q}xFe&9%WtG}O#N;mso<1ma)bO5{DlaiWx=e=+v;&cJQH!P96#?0spm6- zy@w|Hd@G$TL|MqM`;bQ)z-!n^-=;!GXXzrB6QjH1xbWAR_otyoIc8KxS@}MIuE@1%kjo7`(TjU(^mJ4Y+Lp z>+5ZJhWuN)j96SFBT&C@C1-U991!EH*dPOGR;pYesus;st7w*ManyR{-(;MAhp-lJx-*v3gPA$ zJ*xW#-Yc#Im;(%d;~92pTi$)zmPsd2uI(vs?7c=t&7V!cT~~x7iGl!U*H_*>|G_X` z=PfG%KL>Ru8X!Vyik6;$3hnL>Z3zV>Ii(NOO&k%zjphP34W+l>OKtP4uqn?izKxWo zs&^YY_5^n)^>rnfLoL4Ayf8vCNyFem(g(>e4!dzvt+8od(hXfwS8~nCeGgG2*_->Q zuY?wu&2H#e=)NeI4N$bfyd&A!apKYuw|}E~(BIlf*pz%}OcBc%8~l#Tzjzol9k`#S zQp(t?`;lZc2~oMy6$GcD+UK7qoVP!H!dRLsTL{PT=QLrxuowgRM+oG$-;Uk?W) zXeQmvvEERX)O)UIKT_#%Xiwqf;tkD4K9F#gTuL$z7hIA%aw@Qino>3V95v!!yKq`b-cAFq|=9v4tyF1e?}xo zTpcjWs%dvV6NfPNYdy_c?SJ4C^)5v@sU%fnhmgk& z#5OvlKp-SIc)MCqE9 zxA}*qOWPl|2i54+^y33JcJIa_#{Z38ey$4`;Y)C`Saj=D%0{~=Q2DgpZc2M5v>A98e{!UQi zb_<9L8X1A&!(*?R@*Pw)sM1yW4U5P8Cy4jvE zfJ&utTY&S1^7BtzH1{R*TntUE%nmfPQIQU>;C023h0J-{M1p_d< z4YmgAqYAmiZ=+B=j?Xkgh3vERt$V;RaU%s<1g>_wFoHc)MQy$hqG&T;i5;lS?Cb4hkqOb2yCy~Tlh*|%QQU+xU7P> z5@`;pc4y3Y4nPMffY!?Q3G`5=i}zx$Wtr8W_1rIjqcdLvns9d*?ayR5a{hrPMI<>p z)Qcs?yWB`*CkJL~KFGv9zW4oSyUTQ${ISid~~`5dpe4)>V}3h&1L(xu!0749S() z^y*W@jsN=PnPWV}oG5(ANvBL=*mNwmr`e7}6JHa%HIY{j{^ymft^nrBC2n8mdSM?t zQ)A7e9br+2HZABGzaoYRY+H&vo@(`kg+?LraV37+k<%^)XRC2*Ep=nXJ9>=>($ZOx z?kK|G54k4+HhYSL73Fe8x-+dqc^cq&nS{$rfj`CFPD@2;nvi?L^zu_G!k83`n9yA> zaF5)gYAeVl*>>~OUjt^7&yqqOs@|scwMbAg3GMlu#e4+nHT5(=T}cy0t0VX2)t}c| zu8pmOAM0{LB_EIuY0=%=;d*9!mPsW*!D-Mfy6m! z{VmB7vWU?sZ4PJnq$CAabgaPm`{MYKjcgchjiZL(<-?z=^e#z%=k&T^@S-_?b^Jn)pq`znz6z*eC0g0LIr66j#CS@|t4uPy9J)Hj&}lprQb$}~gr)srl}FT>igj%`SItyPYAZkObhTuK_gW4kR7Uve!9!JOsidFj zgiODkopY}&MI!y|mvi0sYEUZwdN%7dDZ=CAXj?txlD*ze1)|U2n$VV$@6a*0w<@Yw z2ex-XSJe|fx?bL(%gGQhU+86GVS&BGOVlH9>wItTDc|W6wn_4T=4w19 zO=30Il|axn$^J)b zg)DYR5u}T_YPdi+)n_T|IlQ$MNR@&5yn)mGb5)dm4_^A@#KZcl;SRgfPHAv&jJbIa zsLbjO)CUU(KJMUJ?^vB1heOhmloO!WQenU2Vb0AurQA9!%s@K#74|mjt*LEL?l}#d zh=g()jS<_jEu6(CiNhGMbrrA1L8bmox1|DArbHw{e+`R)Nryr;aVqpi zjR&3v(Re0W<~SDbaw-NM5eer+E$(+agcZV)@^kBOD35sBu_FtLw_ryk!ae6j@{49( zG*%!V^>Za(7{{r+LdO-=7^@1xZ zE7t2_&1O&k1KP&zQBro%SkXas|8E5`^q*YnZzcSf1!3+8I#ue0d}6tV72I=94=KOv zSnLgI@l{hA3{6M}7xMlh!d2qSqa-~9V=aOMY9)Mxtay2iu}gS$toCe>pSDQrV_61a zXWn7C(U#DO^To)S3(my5ii`zZzeb`c;NPC64s zyKEKR)oM-rF>!FX{ufGN2+qL(`1iza4(EawJ471c#McaDbX`;?Nbx&a7z&y+F%rVK z)wknn*TPDMnJjP8s84gNpfIeS*&qPFVeFFcEVn8Oo}uK3kIgs0=}Kd2GprHE0c$SD zAIv>Sff6$k5~7t7I3;c*bnWhOw&p_Lk_~Tn8Bo=AfZ(;-zAIb7Mx^gZUb{Ihe~P#j zBC=cinCaeCISz0+AUlB?nnjW;H#%y8WhyrML`M`H0}-#J@7a=q^1<`CHDmF)xyxrE z8=8R_Q*{0P5szUJgbrn(+#mYYzT8Y#6a45ki40>R@YdT%@5$?jUpa(4YYhfTeLiu0 z=u!|ykEBgF`wvkEb5Yrt03cY5V`QN5n-JRi<+|G@D^q;Tq4wps?H1&`YKZ+qz|3!p z?`xfBrOmI@cP+*N?Yb+U4(2+C%RP0^SA3>>v@$2=F-JuuJ8)#<%>B~|5gA_SAv1F( z20^D_QV1YpbjjX!wg3+kh(@+=Q$+s`Sm5H`8|7p9(?-QhpFfm-$Gcq@pAp>bGKRXX zW$N8nC$oZ}PDy-$4wm|SJGGK9UD^LUNe$f{LopT5cUDla(?YA}>N3Dcab2d}X%xAf zy#SHP7Ay!QE)Ko4Rwjd8HrWunq>(WC+?i-){&>lL+sF%DOQgng2)O)qQg9JwvrZcT zS#TmEZowJA;NWV5A>?07{BTvK`bCEv#wR?iq|%v}aT6#BeRW1X{?O6;&9-BnPQh_b ztI@Mk1h-OX6dN#fmhIQXnpaPf*!2zFHDx5zC%oVTy4-d%c8d3z1T>!xsgS7w$Y%=#7w)+*`ZZ&UVXdbXTx_sKt1~k5 z)`GO@&f;+OGtKp}&*R0o(7L_R!@QB;4#2f}|A(n$p^0qd95h6Md--9MLZ>G_4k#UQ zi9h<<$5;cUxUbUIfUPaD4*1S$ghHk-qvhX79Ls8?l52S{kx1u1UQq18JF+qnC-k7X zsug1*Cg4|UP9}B7nksS0x+H&uFqWRi+QHTF2iI_5JNC)DI#N{&K5YYKRfZZWZmnxaD=4g!~IQEupnehIB-M`j{9uU zRrPBxF-uGfF1?e$C3@Si-kw8QqP^CJA)}G4YVFP|>Gsn5u?Je+yACNqbYB*LNn6J^ z=x_QR1CV+yN~t_b-W)xmN%6HfjGoN-V9W`lbxfKro>ngbwo}Q zBK`6m$Mc*p@RCEQQG4N5$!rZ42F0fBYr`Hji5clr(xSeUPY%p5j6RD0IWm2TCZ3Q- zXo}Q}zg3Gys&@ zT@+Ga%;S;Mua++W9WAuVtCp(jY1rTP z6$Q#caWA3NVS0)s9LUdJ`+&uWE%3VPoqy6Gs-HitbVeQXoZGd6?zi+G*!AQKCRD8u z!U@_m0n$LY2%273EnO3>M%b zep@_T&9oTBWJgNHCg#)t)yx&NMm~&UNhViFn7UCdG&X}0<1rw#SeO?d19S|zgw7F6 zFRfj(<7N{xsuk{(y^SF6NO!0ot*|WSETn+Ip#z)cl*d&9aJ8W@9?CNtY=)%eL1b!N zyCp6h$&XdHqA-m9;Glrz3j?R%%3%>iW#}%R`dw-*hIo;^0~%wbsy~*~agnG#pWeyx zH>RIY<6z8}!Xpil4WG^`Td{9Vl1M^*iUIgGCb%qaS$!*?Sh~GHjb#~67(hYJ0~3x= zXo<0-SzVl6#IyGKyT8=adGiOisAQ5@!OKQMA|IG;WP(dT2kxsvE)QXKDROn3Gq3ul zyIPLT{Rsp4xeM?W&m<&*X;!eOe`Np~Qd0v*z75-4mc9S&>X@W+8QbYm5~g+7Pf+gk z>zHfh1&Q~*V$8L9iHVRPegbA*Q`FnxTcVM``lX7l&;rN6ja*UrV3yWOindv!nIFV= zCn*pMnmZ7^Upyu z(NSJO4muy|if6dZuy)!R4U?Y+Qd^nNmj10=5q5NJ3noOTTBx00_&EYzEQ0x^*k+Eh z^ldgbjHB;YoEwXa#=i#@YzcV2&afJJ4+A*7duk2=A*UdMBX*3h(CRR_2NCc&3la2A zVq_hTuv*cK+hJ(}^R!AKO}j$a&4xd)1Dpsl$=d}1w|esp)W=`rE`&C$&EK zqQNUc#VCNT&wnL1Mk`frXxx4DaIe^6R#;zjG#50fdu z?*gs!BCMzvEhr>GYojHpvxbo$GqZkl*)g{vXM0c#5kX9ej9e zCTeqk#9Oqu$T-y-5}~j!NBU_v_E#wZk!Wm|{2M1ia1I!AR$5$nve}dFXf;j%*?NKR-m`;lt}uBc8Cu1FK`lSoEvCAtN?XN=S1s{cNws3%%rh44%BCd##NlQX0&GrVcn;$dmk4LiS7tJBW4*B)GyFR} zmqS{9LS$b)J`&-@WS8ZDS>gQ|&}fpHP92#VkZo1ZWB);ob4;s}uiBiZU6T4h2GKzh z4ClqCB_oiT+i^XH3}DZxn#L8kqhCkW4QWOA5Id+-6O-HnE#I_PZ4>ryxg+2@o7~Ub zTZ3V!u1Tn$zfaX*i1;UwEf9RcXHx1^j(s=@aURzxCq_iSU2*FW4kP4e?Zd3??#Ayk zGe@thb>{8E+rV5Dl05(4V${b74#IXGe5j)@Du!{YTZDn1XcB|#8VZy@Q;Nm8ZH4;$ zN03VFQfuNp#5n0VT2LDWvtQu>X$QH#ec`K=$flTwu=R#TiBWKOi(f&(3`|=gKZ=?L zln1BoeP5NPA^o3FlCt64M_Z0Ri-=~h_R23VNZ0V-&9`-V=C3sWaC~K-YQ{}L%14SO zT$?1}%PTEu7x!q#`Rav#!89GQdUMuw!iKKNLnTp^x&PUlv{Xh$G(NQQ#O4&Qa~SCM zC67O|*{@;7Ch8N!(A7frhLdvSdWjjU{)lBEK;gg7L)K9r5uBJbLgD-pLKQj+G5M^9s$xW9gv`RBM;T5R&T({YUus#3V63?=H z$o{nfB_ygscv$gtPmr6?FLaiv#p*{6*D$K?le{z5<$jenqT@^pW03g7_MqiQ~y3NULJ6pW6Hq3up1XCT1${29_LL(23;SZ-19cwCv~!YEb&y?^o_fdfVIJ=T-lBC1EK+1Ob`RS$XK<6omQ%LwJ6 zXtgMaIpt1*HON3KAgTRmq##Vn1#6_34%&AHsu?S<&9%DzSyNk8SLBdQUJs*9ZQj}_ zwDqY&pnJQDF*>A;@lFJARxS*r;S=pW_k_^S$6dYp#C}WE$PlBB=dxT(l?aDxO!V7_ z<=`G3m|7vC$c-e5F`5g)izR42XDptvt(;u8HhZg-Oet#71a+Az*}t801~SpNq2Yp} zbqg#YX$drOL=#B!7;MRuYEVZ;eMI66;gJn_cC9``&VYlwB)=kUb)-Q?;fXy=OcnLB z{2y|v@cq4m;7jm7YzPJ8(b*{ywvQ2JjJnWJ{D?j1zXu{vQzkj`u0hfi5NJQ(8wD%t z_tgLTklM7CXoz!`&SU=)RrLNf#FaH>_9 zj<#5u17rC8x!H55#+47&SL9ZrDyW4`i4!bnN#FAib;MSkYLt6=kGx-v=dw_yqt4tn zD!`5y&nV)lTPG$ji6B;Fw6rezfgx?rX?@d~YE$VdGaguj4j)JTgAM420d1%;-*3p@ zHtFM?De-_Q>kz+kfhXQ5Ja%d@n{|vMChH^aGBjm#(QQxiSuu$eV2Q#L; zg;h*}FA>_io{W_$lw{6^-B7sJHA{aNi9766)UMC_Q3f%8#&rVxbdv7_lk75n933Pvn#>D1U2bl4f=$TlE7@Gq&&sigBZ!*zloyT-gT zln}$g9de9BxBs2Ii15woECC>GMWs#{=G$=8tj9{ahOz{iXa?x!#9hqZbAj2(fNRLv zI+D3n*57&wAW`vFw)P$&}jAElW3DpH)4Xn z0*{JB%62Z-SWEQsKfIiSO2c` z$}m9|2Uo+E;7&3yWqR-{>cJzGGQkd$K}~1TP)~p){|;VR3Ir;Wt|ZT%I_;}5xgl6% z;J_#20p5TyFDQdkI7+bXF^tgRms^Az{}^iT<&+9$q|1;;&69%AP1`L1J^1y}h2|AS zS-`#)`VfK3zWXLlVElKyd#ryuZ3g2^%QqSyZ>WRd`pmFzXX_G_JAOr$$497Nq9~x1 zBf6)8ejfk9wh0pOu-mClWn<;>Jv<;^HtXU1! zTIt6&)B%?l)fan<#z%zL(7g*&jca&>(9ZW1SQS?U3TqGo;zy-60kY}>-CgD^KCJyj zg*M!Z;rD~i1Vruq`?V};?*OR-UGQNKn=E-Y-JY9VDA^nPJ=$USgmipbjILiH3)(el zy93TAOh{2nsD?Jngw(jh!j1}#s*8DZfz0ztY1{Ee)=)yn$8b23KkBYJJVg@2iwjS5 z)=+TXS&)=AoO2E>?%Ut|vPIU1QGX^9(r=*KE-(9L(e-N&Q={TSsrB}ngW~Vz+?#yT zDLllMvDFdGXN&%^62Kb+?H_&$QU40c!#M#Q5>9Yl$K!)p|7GZ@XGf)UK_Mq)%PF)C z9Uwrq=O98v!g5iA8Y*?!W=Z!6sV>D;&}sfUm?MVmG!-e9{i$-)kt;Bt^?zFxjr{fG zUnpP$1#byeo96s0fNp~d=8%yQYGQnhL_QnNU+OaPsDCuzn=Z$P&lR_UV(!nal}=SF zRwbvw8UBLq3Z~7wi!|nK7r=_cEk-KOcy*up&dQ*{CMRDWsjfJ2GGrN%O;?tf!Ne+% zuSlE+Bv%N7_4dFbYmTuScql;STKg&;*N_{Gd=I1fPAi3fDscnnP?GD&_UfqvKrSZ} zTX`vCOlc^y0CqGGFFR^$6??6@-fArDH{rqOnE3Auk_cqUY6r~is1bJ6s za{Xp}5dgCn-dF-{@{6lq_iD97Ze21*8iNHI$8*zt?bV;dfO61@-lS`XJm$)T)hQ0O z4s>_s&OvV{ZhCm?yq{w!T;SoUW&~R?yuR5oMG%L?R;4dVL`-vt9H8iN`gdSrba0&7 zW~H$}5FMWqqPtuO1yrSM+6S_tgGDoqRnE~s9VjJ(&_1$erOf`NSOK7sz}#rxwVHIp z$#oC1WVW*2)`lltyPbX@loebGzD`7cAtwt3(0JgXHz{OAc}6Rr`@vftqO}2$hVse@ zNE4^^*afX86k>8KTAdU2{-wmL+d!pKDHyFWIvaIr3$DDrXU=FS81jAtI;w8eH^XDW zRf>KMBuOnUGO;PUoa9xf29m^2-o9kLS<$i6 zr}f%0d^Szm43EL7eR55GUDkW{_hzQB!QffbG2DF0Ga)?sT6p#aC z|B)zX-?u9i-mA{c9hP((dysiIn+JUz=T`H<%$LY;=&U_GXVmkRU-nQ{iJ435S%5eT zb2#l3jdNBiWoAlD(~l(NnTE$Rd-6BEw0wquJmrZz>FKUnG(M>j`3SHB=^VxHhj=dr zOPs=(o!Z@k=?U4UM1>$u?F>4{Ta9fsbUckA&3{r!oxRa`9o0{wny>kEYCH#oy)^RX zibHyhCSSjkmi%o+RSqDpSe}2emUbDAJ)}IXMQe2l*wtgW=YihT7>xKz3@HFJXMUcY zbM63AzL;m7V$Y9wcM8$m;Ue|V;2K0fvC0n0{iR(nlzQeiDL9Z}!09F|M>MLrF=($e z6<(+u?-YI&n?rMoLwU`n|M>q!qG!dY!?!iC_`}8ZAND*wJ_GZ=6bV`>V;fT^GX{JH z26|?O|Fr*`M9;v;!od3fCDFedD`iCak zCpQ2}U>s_|IOfDz&{b2>08&oS&{TIuMgp*Wz@(0vSo*-E_-KCHAcD2C62b})`K07!gmuCbVDl_sof_x?iorn8(=pi4 z(b)lUumNlM6f*5|`#R{E1>W+EP30gM?Pt=3! z|K07}1?$!R10flBLqQ4b2l-?Gux)^VWk{fDX$fyH`nIb`U-mslOh`Tg7VmBP|e z!;X=-3&_|>@pU}(zefr91eX_^;w*Gt7m_||J&!bb`K3}6P=F(YE~)I0do4&6H( z)jOOQ;pVxqz5yr&U4`wxb3(#5ht*YD=nrKkh4araoAaymr3*4U2201n>HwteJ*VRT zd#F7yGKAXqo{Bznv|Hf|Lol2hEdr@wI?}?Ta+BB3>|dJN>fF+h z0Lq^CrVI0N+X%LDqH^=wTl#yMhI!}uf!xpny8@>2Tg>Q+%i56J(INxzd9 z@?!#%m#Tz}gr->ZlRNl!S{4=^UtQlGO>VZa4gdxV3wCn{od;=XU<~TU5O5PsKX*L~ z0d#h5WtGiG0>EiXdb24 zsWiPa8{;nbhL7RVmk*wK(w9%ptMcE8{j!&UC~SgPi$0)i?FaZ@`TkefzJLP`IR3Q} zH&1X71^ZwBT^?ACfIuC7!9hSD-hh8^!zO-xK)%$?p?znsdUIZV>k<+JtBK{Nx6q%e z&+$Z!ptG>2wwuuTKEn|Hf`5N~CeHjq^1ZxLe1|sYx;I~&IKeEnrRs>U z9d(L<#ehRCzmvM)p!twirX`TGo7+Idm-!4qtsrB57N#FJKB(pLW@v5FihXapA>*DG zxqqD8lKGs1!7HejkBGC=Tp}A4)nTVh=2Y#@ z|7Dr4R2Y;NY@_jenO%oTgsY9`FI$X1IPL-?xDvkLjw@fw52@&WqORM`2)uJvq};X5 z!aE|-K_n{2%tFJoPADTo_uj70)a;+JYk-XXVcJWI5w=}=uzH#UIB%Zvx^i_Ck(k*>Y z!u5cI49UL>_F+$sXzxTyV-{*KM|xyPrjJ;(pJZ8KeM$P}N1c&|5;WUnKDPYxDGE!G z#GaJ6Q{J1QldUVnXD4CowwN^kL@IvN+(Pi@88;XGVyBWnxH-;D)f_RpgyNWUx?RXG z2;O_C;?NaNy)2pMwwr1EwkY_Q^n>Yzj`M`$N#d6#G{RGg$^+8!ds%i;LQdoMzk6jN zh1??|!(d`kwNw@1ZPd@lhvek~^h=2rUI!*C$FEVJ2fYKuA9re)aowjl{8a;9oV#F6 zhCT$-gmldVMk^Cqfs2#2v*}ocP<`2)#7Gt38)>&ENX-!s8&!^iIo>(A!~ymqx8f)(a^P*c1%06w}|1QVJDt z8y&og5wP7$g*k#V3K=(yL6+gtyNxElAoWz{(7xyY?Tx%!T_Ko~o!LiUyh@?XhVZaDWDG~eV)P0>e+rN z^OoFLB`PqS%17dj$nyHI244?{>W+?4#|sar&v1y9P%O#)P6J8KRvr6WiEAcqQqfjix8~38su@HFH z9i*>B)jXrJ8bdr{EjTI9#2oGui_Y+J^fO`9fX`(ep`N#5b^1$OU%#~?oe4>6vvM_539=mUZ-^+0O&7@zz(U#$q#lBIhfcXR|CJN%{L32jMlsqTEZCpWksTIq_ z@<+gk2P!Yh6Z4a)#J6&f<0MGAv>43?E-Z}Jk@h!FI8&N;*4K-C;TthU=8dFlnVir~M~bRLotuOw zu;Rq?c^03!%IO8We4JjNPM`Z3G~WS6l}mG9moGLNM&h&5_O7p_xln9NQjzLb*}Ji* zaDCxZvNZ{)fN0;AQoQP>-RMhZ%ZI)o<+=W7#`22N*Y!i)c9z+vepW=IxX*ZuX@5Oa{(_koAg(K)AGOI0)3o2v*2bXGQRxBrhGGql-x)~xVAsyX3 z=5|8EWDTD&<^)fvrFR&(Wk-NqNf#E(w4R`2&zbT@A=bIkGnIQI`X`pS73mIQ6@mtg zrqvOtXN0lBv0439%%Vo$Moq0Hc)HE23gOQC} z@a5=?;!=B;9d1|SkJoFaoARduJX3Ib8J=_7TO4u*E2I0qv-l3PtC{-3NuGoNqIN`q@8bp(ypb-cRxp zotaFkCH@y2S>k%;PA=2Em@=SYbdqRVjo!8x4{kDIi0?-y>l z>d6g-cXI&Q-j9Zz1;bh>EOk7!^PhmQ1y8{mc%~>DwK0;8ykPtg16U+1)GX-M3*8KF z2MP!*b9SNjGuEF0yR{5xXa$CVjWlv(q#ntMziE}mpC^wyj)(BU5CfA{&mLrHf2}l* z_go4ddXf!KWBsFqMVRbF;5?l!fv_(_=+`d*flv6s4MPo|mIji<_x%#z0|%kF94c+8 za@M9S^+>h^{oWVHtvsh^Y777wDlZ@@Z$|j2SzUoa1{P!+7gn9P+;#4_AXni3xZkMb z2AZ09=RAd7R|#f-q{&=uCl`&L!6NMv2ka_Gt9N?!VhchV z^S|W2WZ)2~q#oCl5&xpfT<49dy~Aws2hRuM-Nir%^oC&E5fwYxoEU2UdPlXh4`5c$ z*hybBYk@`|hnDcn==wzhG^;1kCHY%#$Blc27@qVu!E|+10JDqy8+l#e>9zgTFmxs+ zj*AU{Z%HwZV!RsQvXQMm!qGTx&M8O-oyZ|z>cB=EmIMH8flrLke`fQD2pkoL_$y;x zbzE2&ga@3Kz>5g8Xw*cX0CVm($|x4(@?!a7*in-fRzopvAD=<%p2-f$;LG27MB^#m zH{GM(pWNSs+)bfjE1;?@af`)b3og_~V0@wc)yPtob>>*uVJ9KWHq@l3G0Y#aZCM-Q z-0*2>YSf&C^-cIy-Y!&TZA&`^Bl60N;SY8_0l-?%jSX2-b|XC*yAK}TI#&)C#s@Tu&D~CSnUA`(*n8)kc$#b;<2c_bXc_-k&__dq>KF-a1TEUIk z5SkP{R>USNzQv>+N7(g=+>b<^5zjLRYTKi?${VFc`y)h_0&s$uDe0Bw|GFGG@h5G# zla<$%*v%6Y+Ow=>erTv1Y}%Hx=&cZk(AY92%%?-j;JPTFyL!GDK*dR7e$6Z6I@I)2 z^cpoJ(3MrG;=r>4|_M$ZVZ)e*^7iFHDCYM*b0CHpOrLIfb?(h7XnEC)Us{IAHL4O2Olh zAE=e(sjy3QldCox3_E**hgBo@d!E7=fs>TSY@CqO0KHqY)$SLt2M|VOBtF{9s4uKf z;qOwdCM|BHEn?7tY)OC&b;k79H9jCY`@C0~A{)oe9XgCUqSllHEd`xn!_a%Dexp*C z1?*pMK-Al;I*%?YejAyCBtcq!S){|oJy+>Y!xTBqmz;8dsNq@wB* zBBNpyoEsj%W&su%4Tg@q+j5OSIVH@W(7#w5 zEI4V?W_fOpcIk^o$0boXp(aXrpSw3@P1m+i!63gEL9g}Y8*@IC=w}y-#rS1qC0Vh!7_g1z&(?n9!F(p$4Eo@AlIW%5i zZW5XH&lF9DCQQjbRYpK)kL;)Og6Liqab*dm@kKfuFZ4+;>WTt*3KlAAyZF3&Mmag4 zO_I=8lsaM+f$e;^i+J7|%A+0OppBsRHE$}1z|y!r4VBGFAY;MVj1@yER=>5{0^v~H zuAMWdaO@6$8&SEb6YaBjF#bTHW8Xuv*ZL=ibwih8sP$iPY_3$AOc`v40}myI6ec$Z zYBxvTWTRgss=a+5ui@d;;2tGzAY<;FiK-9D2}+l?X?7efv^fj6=EtDtzQsZzWKOdY5ys#WcmhHQi1#nXUCY_V70-ugx~Cmz$0IVH?r(hL>5BLC?{+vF zLRl4aE(E{%)~qTEuJYnGt6X5o8fkx@59 zJ$Q_uW8k|o?&cjGh{@o{Meh_ajQQg9&J9`~W5=*1O*mmJ)~_Wkzrw0Iu3$0`eJVUj zpeY=iZ8FYzEBoh~vqc^$klf2NVddw|qeixgkyvFnh6E%fU_!e19jCY)J{B>a>N+R^ zFJSf%`&cJk)!6nr9WDqh-~+Fj7c7Lj%TN=DloptS2+V}b_OoFTZ`Oy$cNKW6cw@NB zINXuHP`W8CqOiW_ZQ`3IJ@GW`DFqsZVrqH2YN_=RNhhX@N)y!BlLYosxmLP4HM?Zy z{75F^4)>@GXf&qDxZH%03EPx{g&lunK?%6naK9V?AZ70*dA_qTe`J=B-j)jWG@^Y} zb29}yTa5EIN`=l>ZTXl7QSD>Pu~W%iuYg7`IZN8PAI_%DIHQ0r0F{aRzFArnk@eWl==ia@ zHA+fFEei=^*<0R8CxA`|(KnE?S^L=-yQ zGk{I079~XT-0(dJkC z>LkP*(``}w_&UiJKhr(IEf=E1t3sEso9VV%%6r-ricc}`bDji4Ep_XnPLY|J`ZM__ z?>Jq>B3R3?Lovm}Og$NACbCm!ByD0!7pJJn$IN?fUFEVG-ZQ-NdLsgzE@mOhPpQ3) z6xr48Dk;f%&p+2@7+&*hjNz{BLSjKwe2^tRRCOD^q$gD59>F_k&Lb-4jIJ~0rOMgP z-VE~aWDiwWZO!F<%`L-)cyPaD!+YpWRA3gZ#aON5`joDj^qJvvr-9~=;j&u=z=G-r zm7xvZR&`Gnc-C-W#q!}1R~_{0v;PrSXdQ&KaZwUKhYZ|U^w>BTf((6J7bZn{jKa`u zDT~yw)d^}{O3`*<7_8J z!dh?nES6RyXYKSZFBKc8e+az zS5pMgat`V`ACKzy4pey3-It(8w^yw{3C0rDV>l;0ntQT5*i3#wIz(z)EaP+-zipGJ zZH`Fy&#^j7=mJb&i*-~h|eqb42_4XFBjG4aMr)++QY#3Kr1XIU=vLe>zQ@9=B zF2D43#lk`=bJaptp$j72igC5Ee;zq=MW7U=9NTsW28qg(v@Hw^-Kfc4L^5xp?L?!9 zyS5BXz-$8pOh`j(lD{!@VxyeEz}z;CqF$xJe319MlOMNI)*5m!(wKV+;ngI)FzT96e7TS72={Z6 zB{fk)JF_8_xv}DBNFJ(eV5K+uYdn0H&-ErDjF4E#7=au*rf!uu-T9^242SNlYAHn6 z$ufg23DEruLBE50iJnSSb=&S~EL`Tpc=bD5CLAJ3WoJ%mDWbSK0NmH_rp)+I=N04$ z^QJR93GPyKTVLW;RrsFNO-j+VNKM2!jds>9QNhm!v?X9V{aA+_cZcUPrNFYaMfOWt z(-U5_Ug#PxBiFuyF?#f$mF}?saR!(n!?v@Lxh-J${e(uImhxIwpUqY#OgA0|N@{(n zg$=YEh8R(AnH~F(F@Zia#IH7IEXR=j4hPzR9eFidxbFh&&B%h)smv@A8ZA2`YI|>p zWte6wL9ZyhM-UAN1X#(TVr})+_>i|hvhlg6h2l+cgWo4%3C8N!IePMu^cORh1Ym!x z#MGfZNMTME+*1^b-;zSY1_$d|W^U$tYW13{#<-p%*@?^zm!T$kxW4~rwCYn4pfo6o zB%pzrPPlQW9aPKp?TSdmZ_RFi;)>@dBe;R(+pq7SKWkkXtQ57o_CAkx45K%3p3ro@ z`3{w1+@X)LKgms}b#1I;QofW(yb`fV(>w9IU+OJdE}9WcziPfbC~ZO@c@M(`><6lL z=MB%d2Nl3bsWUIDOP<|1adN+Jp6aZ13lpvl;Zs+yS-FBWwmz%Ug#TTNO{P^gX@ z$~tCY?Fu3cS)Btc=2JeeE(hBNa8oQETlgCB>U^`s6DGW|gfGe9;z&XgpzYAyXMhcDKJ@qLYwWPcx>mFXMa zV}r9yWG^LV16!k>I3U_g4N1&mwq<4 zkC=cLb7_kfu3Bw5YuUXIHd!BHq)bR9?lwH06YLQcNvW4U^+t96=L~II`Cj*898y%) zE$kIIbD59OA9aInX6;4C>PK{^ozUVJ;dLym=?FhLS$r#UKjX*qH&d2-gTH^%9%pRk zR8Oo@%r$!6m1nI~a|KgvZYis;D*vvAAVQ9h^WpJif3Ia9^p<6+_p z(UNKE(_wadpAB|uXg~sF_Sq71?n$8D;Le-Gwl;t^-M`?GP5c4?OS~?gAr4m){r=g5 z5?*eq#^w-ww7;FDfPWMrFwpReYJjC{$h8jfHeBS;L_~-30!&pmn!64la>^)g_=Ck) zs~9?>M2owlJX2eomaPORpWV#Q^z77MN`}_9v|A%m)A|&gMZ&iE(cJeMpaof~kVH__ z+`ffez442BSvm@-_gpW*@=fY^UH6Z}|+IXb0|o?db&z+e~dq%Jq&wwt8eZdaLj0bIH?4 zXQE+0rfQ1YC6xzD33?mN_H@%7DWqC7u+l_fD%@Cl&cyU-;EkPsw=0F|1G`@C&7l6d z+9MfJNu8d^47omGL&5+%+2@LmEgRbcgK*S7M~J?*N|5Wz{A*+ z#wk;Dw9T8&i3M}&R+6TS-JmGr!{v%v5Xy_?W&BW^eLc5x?f6x`&1_h`uXDxSGX1*u zq^45o^P!hCr6a2<@<3>?2PL1MG|t0@*+ixyd6T&iUm)PE8qr8g$m1M!*0bPN(@GbB za2NvPfJ=7Krr(LZhh5!tJnudGg$0SQWKT1UO7kE}gU7jHZvG&8BfTq%$!C(hiLgf0 zXd8yNFxpTyh8@?X?`hLe$M8$0l%_8#dw2@mu4V47sLR8rg~9WU!@X2*qcwIW!=>gQ zr&V#djC24GSu%a5kRIID3x-z8V>uUp@ovUiAla1Tg~$3ft|k(XUpOl0VS>OrTJnJ;ET#0igVF zB2$vu)EJ6n${N6~=tsriT|i{S#X)fEfi`K~C_?zqp5j_?GhiQhGm(ZfWBhevW{O|) zCold5!=9IC#F!tqbmsK1{BVAF6<>F94kH8;g`v*-u3^PSY|D;7_|wywd5r)1mRe(*12B)Qet&n(MUcJu$qxi|fY=1jtr(T{#3^!ZdT!Jspf=F#z! zDOD#+hH=^}m=3>tC zOg|w&vNeR72NvAdRMMG2BZ#T3?KV75al;>&o=E-DH~-a?7zPu4RxzynM!21h%`4x_ zI$LF7oH2R7JBf-q!2isefU4oeHMYAIkhLH(C>29l1&xDS(RcVcELsf~zHVqsbll;y zbM8jR2P$-`JG`0^fRd_{NmHm5vgTIc`7NtuD;|ZkgBiGOMm_Th*Ejnm<}!^{qO)_x zxInBc6C-`Qpo;Y1#oGjV%$30R9fusM*)^7aSt8VsCp$N#yssB3G1)(snv+~sSkI#d zA9(QEtBc|4lI44SaH;{&^LwIAn~rJ1mdF)ZKabe=JU4QgeJqYg<_l7Ni0(eaU`{Wm z+iXXz!dXyZQo=|@OhU5=A&_O0Tn>=DP8bfQQZ}g=<=_!$*lzpkJPUbujssN?&@PJxrJv$6|?ijiLQWv=S{@Pm$p?kMG)GEwWJTFWna2Xfh3W zo{}L;FJVX1^s#ZLn)Q+Q)>jj9kWXrPOK0YGakbGRrDGd9Ft!g}BkM5jMpuiu^(ZgB z$nliP25UPn!ee@H9yVB0NDX*dJFm<(f-$m0#I!^vW)ZVBM}n2a9{31ujfPPZvab8- zQofOGx7w^1)+YS2y5*HKGmEbtP6wK1N<_cZzOOsz)661}WI5}h=!Gm4OX%=}pIh?8ho-z4w01>11J z(9#hN53SY+Y{Q!d<49S|XCXH|M97^&mf}HYLahm~GV%f4`(`N2Unu%Vv6AZ0=P<9T zZb&E={_Ow*#ZHNoh?o<*wT_?YCBeI-ucEttdFjw=auI17ktPOs0;Jj~89yg6M7hCn z6(f`HeQ%}1jGuXAOiaY8hUm}5Af|>iKh!hxvL(QVhA!rZ#^33)W@&j~TxgL=wgty!!d*9HuS7f>Q zu8LRssbs#qP;t4qhCP^@p9q|deqEGlYS&gCl!pYi-Z?@wx&EX8ir-(Ad=EwcmHt)6@d!`l z6?-o``zed|iH5w8K{+K$_N&DxJGt6qS7#F0(p-Rzw?R3#w82eXaVu7sH<3rggafoe=!WTp3!($yv@`qLXA)ls~bcz{?W3Fmw$@xvL3sc(lIcd%8c+u!k%f7oc2V!g!@sWM}e6vH7Q(%U5} z_i1Waddp$UJ;oWHEk9(QQULj8fZo$JN(AG0uqD=JQQw8I3LYJWiLppEhkHyR82a4; zr_&1)dlq>PRE$cFPq;Pl*FvG}9lMxq_}-^}>bz<$`G&_)E;+B_5?*&(iiSCU=c+#> zIo8gS-i~uHUZ@QZUlAycc8OHDE6gckG%fS>%PR^w$**!Zm#^ZetO#sKA%)C(vWO-c zBUlP(ZzLfl#0r@EY(09UZWo72ky@AszxIiEbPKvrVdvdnt=x`;9!8p6m~o99)H>@H zB^b!5E-y;g{k($H=PU2PQA~N1(gW2a;$!bCzFMo8=l^9chVp8CQ>dHBtb|ffcP_$y> zXT*nvOT7x0^Hv6~2f&4qQW$nye>fG;qZD$DGbZzWf`5YQ38GPw6u^p~g14XIg=&zb z3p1kYSSa6*!=68F%ezKhLa$mXQy>toTYY7xs3mxnaO<|^3NY50dJS%X&@1{X4_m#} zax0vS0A?x=VD<(a7lLzCn}}vp*A+DT45?J@YIaP&qoGJBj^tLaGb+>enG9X&d6Exg z5b2ehle~u1a^iO7*M4^-koLUg|MT#fI$j-q7sJw{^EI*)Es%Pe@q!nH-6Yy|z?*;& zM?p{fM=NDEY^kXp!YGD>mB4EH6gEs6aFlA!=hMu$JZaMPy1E)ltCZ5s?8f(O(dk!* zh1qa244$blGCA^elX{Se8G*P0#^d%Oiw0bwG!Z_vag#eI`UJY3$5EO1G#7T8ofVxd zgdujp1=v&_bHT~Be2HQ^KI6c_^V{^FmASg@z*}rgJkndd!KImkD^2%kdmk&-YLna= zPsUkF`onmiXOW4Y86xZV2T1dfC*-Ntf?%^g>ge`qAM>ecI^Zs-3y(*C^;ojD%Sb=! zMNo8LlfNG^#9Akz0=$BMhe={WCVU7JS(u`4&43R$4B|sRNUYdS)+=+9f!I@pT=Bi< z7@I%F*SdT-mFJB$dTc`m)2i|^n^2m_D^NaYHnOcy6WkScgZi(Vx6Pcdu@l6d_9bumYM#cZ}FE{0mL!^XWqWpp?4{&Q9S6;|> z=%o<+D+1^vb;R+DhKmg@j`fpb?wNfqn&_S2MTYbFmi@a_>0}RZ1Vbm6#I=e+hAK-W5YBXimEG z%CKp(sSoslM8z^WjaTh62Pfm0Dc5m2 zwWP(+11aD#=$i%*T_~C1eous!!_mf;hh<82?aPp;H9>6|N>jF^~(wflgLWRu0$c&Iu3T@G(j4@L%)_KrB#C-+XhnSmz{WQv0z!ka-^dw zg*P2$)Hk5|w2Uz-jMtjd@#B9OS@lHu6FYx@HrLL%T(x$0Jk|_kTfZ?z178RCMzzV8 z)5j^(@G8oln3>wN0@TVzcb^s(nt*QyI+q>^LTcE%seL3J<}oD|49rg*Xdy-@9dE%( z^lCGU@+`FsDyTq_^`ERt9@&D5wqaamu*29roc%cb>L%Ufc>MdAb3 zc3S}X_loZ|XX6ed{?t)SH%52V8sC+R()_J%a)gL^1z^e5WRQ9X0~*y zib!GX=;{vNvkODm)*`;N?uKJ_C57Wkx9Vd%4n&i`+I5wMmpc(bDk!}ybslw4unoTy zGFF2@>faPzlj1P}IH`|SEUx>^UEG$^QYFkufjJTDYhd4kvw{73$J*Vi>(fE*6j6Mk z(qlF!mAWt#@;Zfk!}AWE%znBu#C|$Td|7sgZGIY#6p&9j-)cn#t+j_cpZAV;l(8hJ z#G<|XRTEMK{| z!1;IRs;Kb!BC#hFUdbU|5?m3>dUBs*!b2<$d!cE zcA|m-KH|m%DEy62D0Psk5chRde)H)%+=bT^7Y-j9$f0<_VU21GATpXRr@I;mG&B)O z^Ssc}wJ}L`5j;qHWMUyJGI)BODdJ+$t40he$c1rt-uRgx)Kwf`JJbDlTYXPlVh z9y~b>>UODe00y<14nh`I}(bcQL8_e5Q;okpBMhEiX=4Zi|DSI%k0~+oa4H z-&D6!Ra*x8&J*qjr~GgF=-W&&rw5B*8MVOqyf)q|(eOqdlQL1Mqy&k1%>uxs-y3m= zScFtWx+cJd-9q7a1e66Yw=jg5kr5vV^+t6KXr0)eOS#sQz2%0qM~QiCGK!>M{36D0 zRB$yx`tm~H0C!|M_TA29^Qdx)!e2l#EmIa~guKD#U-;2Jr;9b78YuFlZZVD@;pSdT zwBpwCeMq=%Wxi0$^x86zD%`6>$oyHcFjr`{yo^1?id6tL825&l$`ma$E$wID`^7dB z*HJhv5={ICak|7FQOA3~d94=1*BNT$6CTdQtmCaDi4|*&D)m+_z zR{Ycaa$D&;3ADQMHDxT1*3B1;-S?bzFKYtx=D_eeLol;kLBfkg!f=4Vs zkbgMi$@BX7@!Q)3@AsO>uQwn1XArr+2t!ghR|pA*eDhsoYesXy*t%7pHm?SYTRHfO zc{<`z2!D$_ta%!Gbf6!ooa1|1`&GYs zGe@KY*LQ;vvi?W$vWn})*SLG5t1+BptXaib;}RJn7x4HAL1BBdBo39&%aeqwM045o z;k=SR{EU3ucDgazNU{_aCaCmj;||X+AR&LgZBv=OE@{Ve!wAHVI!o3+m7_fUL_0vL zo-pzcb4#3V=HAXo@+Ww;X(|!rcfpHr#|+STqVqrdFikxBMcAXhY}Edpb!)hYzU5)A zE<|bE&m}XPGFxN7;*6_XvAGDGDM108U0AN~EB;H2anesi|7NER-~1hEDM{c0F)jZV zP(ws2UQbrbIpAcvWWm}zoBacQktz|U5?AF9Z<=8fnr8#lp<>#Lqu12M@Q*Qi-i<4M zNnK0Tuf&_7aqjJbywXP(gGlFvmEU~T^N{*3vIFUOu{^;KYVfP+x%LxPG~i$;F}=cX z%8$HWByJGZ+#hzi5Ren39ZZj>IDEKF6AotmjyJ{Lsk+b>Z`=?JSmM!aDRY0zDubTP zqv&p_aG6|8XdJD|0+F+i`n&|b*3@6?@XFIr$b;uZjqFT$w;NB_7f{d0c&_o z5ohAhbAy(qFnhWh4edPNN2ch(Kz$mlg}7U0i3M(lvg~k#HOKX)Ud-8Gg`pj+>5bT+ zfq?fwUT`AqHMDUyqjB&A?)?yZ`!_3}Krz7|R^00QQe2bA)Z}0KwJ?1fOC?@Bp{%3u zvC-xXci5AUg@za6x4v}pRQPmIu?r`5+>(+R}jy(pM`{gsZ~WVASE zB;}mKM!%AF8&kQj20i{NhgUM0T{(S?B_24ja}K$o<8zCW2^arD`1DkSl=cQ;y}PNg zGQIj!Z`zymQ&Yg^_v!!|1_acJvzbz@jfC7xRu9pX&{jogeriah&sNTI8XO`$`q%>2 zsPDqQiS_Y0$f@sj1lOflSI$VgAv88r_$Ro@99o_{Y8mRK9pLOvxw-%17qgh(4@N?s zE905_E*;|?7^@blduONv9UAb#CB#tr1X#h`9Vxz{laF+S9~_)=2GdPyE`?%jKzQ^j z1Vg@U;{R(M(P`C?F-dB^(5o)>V`1$@(;?8d%f?ew6ZNwU;+JL*xxJV3-A*P{Nyna8 z=ID(h4g34K`HGtF4L{<%L(P&RejEX-BK zd?LI{FDoeuYgNZR_QB3CD3E>#&oY6l9y$;}31;KDWRFqZz}%HiuSGcN=1o9ihJgv& zXYBe9WV;QO?IQYo-;HOScoa+~6fWUCec!Efol%Z+fney$LXatG;kWWkR^{(J3jHh*CO`e;2kfOYhxo z==4#Sg401?_Ok}2wSAhwf@|jKRE>P$*_=)Nu3FkD17!^EU8WJ^obp~koZ#h#W=>v< zX|!;8{UpD?8+1z((Y#B5^}trlH>?mxuXkexU2xeVX0_GNgM%{+-(!IQuiA#)!1 zes!F90jKiB?)_xucRPP4*BzYK#$A|+IDwIyvDernd9UR+V5WtAea)rOQxa&ZN=Y4A z9hhRuhcuvvzkC3_i%%&GxWZ2=xi^cQU^~;aQrn2xI7ILsZLv7Q)g$c-SW?(_A^z+v zSsuRR0lADfSmcGhxpfKtu9vxN)f8U*T_;n~hxyh`jH`51nsqB44h&QiPI6Byu!ql9 zBN;=Y40|kSg%urrE0k4Kqr0eaowO}Cd+1VYlTxoHv314spJ3;hZf@hbNJ79H{aUE4 zw3VR_=(tGT&yazPa`6z_kA4gvsaed-g8C*}t=QOQ8`b65sZ;r3lVEQQQt*8E?iMp` zt>kP}PgnRKxmjF1^R-)~@R?iBQqbAI*xU5IlQz}o=d@onI9gt1#sJ@^LeYKH7);3^ zovr5?^!-*=flPS#lwsC*h9G7v#TrC(F5|NReOFDq(igZD78^av4v94DN`Q_NN3`TN zC)f`E!4yLmZH)oip##@ksBt}?$NMX4Tx$uBCW#U4G*lH#NKxv`GAW7ISXv}v@tz0Y zPxmbTTY)#)i~S116bAWvTPf+?juHD`N$Z4$5Zu8NdrMUf&BWPn3<JjnoA=R>u80fJ&}ZbKnaSv_1uQ^qtO9QoE`RXDUWMeKV`s_=^4scLbur<2EG zj%O3Lv|&CYVIR(4&L}-eRCCuM?LYkbHDigM)BUI!*UOYC@Il=yR_I47kCXFOqW602 zV%xA*;7Ru*X)w*HN{kK)!gu@+Tf#rM479xkmT*6<((lH3Iv_!$&kbfotU>UutOX)^ zeuy;*GYQ_#IE3F$Ux992vB`LU4Ijq)ak+aWQ3Nb1EXGcI$3L{s_9=*)@Va!EZ+z3s zjg>Tg@uSf_>OxVGmw*lw`bW-Z?p5r<^i6Ug!m>QyVd=2sIJ9nzK69A~cAGY#SdW+T zHeTynhmoXP|3?wZeP33)11fz@m7=D-U&XSzdfxU$t)J(C1+=#d+WvVlc&(E|fS0U7 z%p2QN%hS|B%J}FUTjpF5l_chOixU7!cSUhvI#wUTM+@%(#FWP6r=Nu2P46YnBywSj z-a@8|(7xoOsJT=n;p0&|c(+r0Q2bCD6pB`QQ9IrF>suk}GvgE@ELP7h?~!6>12)() zjsi9^dpip>PV#-LaL{8WaE0oDwVVW$(

      zzWuO>2Z7j3f{-g zwGXG3BJ}LpxQ!sv*B;HB1Cq0n29-9N#9m#;a|yz!rn%1`elWjdW)5c7JJ{Qhb=Dn% zQ7I)!?8}+mux9H|%z5%oBJlpVn>sp|D1ABV!NuN-cWps0Co2IN3H7DU{)S9p?qj^8 z@2HQ~0A1kq3z?!37?A@ebi7^f(xRtNl}c)-UFb06d3C}K@yy$Lsn$vHZvB{=N}!%v z4}?DsWL;oUY#R=pZgfOxW z#wi`wV9zVPMxbKnxS?B};H*@nLPK1w`<8=$MKdz-Af}MD3c(zo_5TEn8gu0+opbl# z84=o4E*!YS?uBWAe*o&tUkZdy$wK&*KBf0K0JjfD zpsCf9MlAUp9mCQny!Yv!ll^RLSjbLn-l^^m>9lo$Zmd8OY_qgrrv;HNsC$9q{+3qX1`t%23j8Rh|PjHBlT>1ARQlMrnp<7iR(>)oX`>A>Vd#eVq zt0Alf5|xHYs?`e@B~EQAj8d0WY-n!5mR5Oa_4?V~Q9ccA6r-2`6#5XHk~OE*P)&S# z)=0Jie&ZvC%>6AxC_db)Ve1DBWWm##c)4!*-(c9Rtt;6K^kf}67~RSclR-$2kYrG; zaEU5)tm=nIn4yHq2!ofkpc0>o|c2=Jd6wk_C&)b08mIeFK=CVSa%rFfawy`x# ziY}}X<8|AOK8_Qb+adlRU2zWIOIS~6$8ckJ_cwYHb z4#NZ#3{DkkQk_FHHkBRZ?wncW2BkFeozF8t8yQXRF2T8~PjzVjqICM6Z=z`F`K=>lM9?X+D6B^d`3@v1J<2r?csL6Te zmdwR@h|{+v;bvLv#57KF+qX@x{eEQxI4FQ=)+pA-Ln}SAGodl+iHd`jlZn&3H9)S# z(k6Ab*$x*UQ%$;p@W;(cx6I(-2NGffiE0rWiNpN}PTQ4IzAROAeR}f{9A6qL8}`8B zR(^r=Dy^0zdO1yXy?;S$y_VQ;T~>3FnU+hKFUVL3o37buHwH149AowB0>SdU19)EP zO6EJ4@Z&-gp|GV;RI|Gdki_ahHP&(stYM~7^4kjRo+p4}DA>GROJ6xA%}4mnKg$x( z%!Y3i6u0N{xgls$XhznD(FYT|0GGPPtxD3A?>ul}NQPqu1C#i&+}5u5l~v-R_*YB$c9Ar$>C)B55aQT;@( zWzyDoXkZedTphGBNj3Cz?aN{c-Eph*gj)HLRWfi+Sym<8bgZgG{*UqK^+;e>$(qtO zKWVPpv@DO@S_Xa7o^p%?YovmzVVSXoNfDO2-cWcQv{2ZNpj3NQ$3~Vy zq0j^o)MQj|U+q%n6%;pxImSw0sV%RK+D~~25V~s6xemmHp@}YesY>v(!Wii`C z&p&eAY#6|bC^%u&&JkWXt|){f9>3N4SK*w8%lzWc1mfGM>}N;~@WfMui}8$RJ3W;- zmB{`-2^hsa@r~&#(X}(xRAWS5Z58*$vXQS&Y*8mk@B-l!i}{>~6mnTzljH~qD_teU zXr`Z^{?_|3r_#<+CV^Gp3W41zE=;@dJ?6p^``v(0``wiTE18A&7UCqM#7jORD33^} zi%EiZkiUCwMYQ;5N^hcY@k>cW@^^PSu`t+5xnYV-r+ddD`d}JiBczSAbMb!w-Z=E)>IEUKle z_IkeKrt$g5Eo-zt?YGDs$16hJnGitVP6N+pDPiLmn^3TK-_YF|0sB{wnHbQ1r(>cF z1R6a<5suRhJ&*vVsvmLI%x~~hv`FgG57RH9nVh(erbfqPy&#CA?*|N8{sMh}^?~*| zlqp3dU5_*YmRyu)o4^dXz|^)%XPL-Eo|oY~psK4GZjI8~Gr}!P5FlkZ^O9yd7Jm>% zQWbpK$~MGHlrX&-r|Y7j#HXcjK@A@REWPSw0zw9=+1z7SO__kdFO39kK938GpLt<9 zFS0C8hJYB3hs61Ds({docccuta_2&s;#G~;3O2T>WZbqLZmebF1>4G2F!(5dbWYkc zbj>s*8$;k|i3+pyeBVkDwvrwsQi(_AlD}slRrijMVVZ4A=$so(J>1c-0#8a0!lFJe zbPfaxih>p$XA>l81{l+$Xv|)f@sIr8_DqpdTphqDL{&=OvwQ3UG{u!vwfm!?#rkAV zF6BJl1Dk5f+VYiGPQKO#b|Aqg_iGKppFR`Lsr|fyMD)1b72N7KjFPdk%q>jeUbd$Ux0+ z*v*{yuIVK)za@_JggiOz)=gRcl;)Vwrcec^dzvuZV=KRN(wufE)>bJ0g3g|NOVT{E zOD6Fa)=N8iGaF03>{3jB!d@)xsOSP!d5ClyK>wBPtQj3|l&pVgyLCac5wd^I(jSgqU zIqnXjk5j95ZS>DFo;c5zJSM*di;?evp9+_j-^1>F?MTzFPOT>c^?bniQr0z34ym+2 zgMNa}kx}m|O8!ryArh5LTZZp?-WO4@`ra0N8;%2mEyACdpMN+T<1 z_y>|1s)_eV-5`&11h3urk2T@+DBI^wa6)!tN-l0=b1CoHC1&YPIwIBH8F;Ev-)oUvt1$1{_B!xo6b1ICd>`0@?D zC2H*cbI@a!4}3!6egu|fRolp5)GM$)?R?f=VhF&Koec?XhAOf3*tlB|k(F6kCq8JU za-`PZvZIMGoEFpoDw74+yn>>3r$4uW##jx$&rNF`>kpK!vEvaq8q9{!g=~lYjSg$EwA`S?H zGh5?wCH~z?dW=Pt`jNX%GVJk1UA#V!FDk?BQKPeIF?STKvVEtLfnAs+^d5n`FzRRZ zsm7*7usn=&1w#iONIbc*zSV!@gw$r@tAPV!Kxxfo~sx-Qu8ub`~3;>@xma6bEEA& zk*wsgBoPbh(^BWyjZP=!?fcHbCe3mxt)|H4OJ z?MEAY&-eVkiU7FeXf4r>EhugkZ_n{fo~C#DL^K3@vnwn3SFSv!5hw@&S?f6n0k27v z=fZOPo|soPY);PK%C2--3q8^aZfYOi`DJjvsbs26aEe&Rhe*0e;QHae)u>^3m23Bu z4=EBt98WvPZ`qOUR^J`jO*&*(Hkw!Px$NV7dEWOlFNFS{_U_1(oEgP07hbPBaRIM6 zPzu!UST-b0is}FJ^^&_2Z$a@I`i#kj*O!e`h3|N=(Dy9k{%%KJT?P>alQu^9ls<8* zGgxjlcm$HHN^|e%>>bF8Ys#4D*fU6byLh|xt&VTOMY5|mm?=j>8T;3!>4!FrzwhG{lraAi7 zCwq<7dqe4oYq~s2_C+J}e;02uR^ph_EyeN3xjCF&Pn&)huR^;bpv%C~`={5IJngW6 z}8MWT12zf`ZOkpPkT%_?p;I`TY$CcNtK>Y#ZT{bsovg@ie z4Cm-$8BX$~?{uNYhu9*}Cl&4mJZ7%mID#^gEC3l5Z~3!4kK8BLe*7ZI-M>kZmM!`}Od4^5;6HA$&3Q-eNE#|vRZ zPmG6c8Y3^w{k8`;Fu4-IVXkKftlC7?A<+B$z1= zHy@_3rK6hqi@Pok_(JDI*78`5@h=n~AMY7~WkFP!S#&l;p5XaJTTFmw zj(CSMrwNsO;ypRG0PG7kk^P`r@}O4ELYaV28R9%KWeO#{KBs&oD>i@wJ^c`el|?!) z`DyJ>l1@*Mg1k1-vAYR*W}$8$nJ4AEfO4(I=FwN^U7SUnW>RKqt-LRzsj0QnAO?JP zwj>y!p4w6wvAh`anT~8RhJtBOyT(IYStSk$pmHg2wO|Q+sI**F;kci6wtQx8B}q8H zYD92q{2aiNbQ`Dt(2{9>lf0ISKX}MsPp~=)^OWJ54pP4BL{6hS0irL5JsDPE$~qgm z>U+yhMW0{h+X!_9{O=!|fw1>RWu#xAuO$wtvAmZz-P?_n6eZpiU7$m!5TQuC+TRV& z^@aEpRIGhe^_*RlSc|fBU>iI$S1V#ZKHYmv2A>#R;uuv+dQsiL9gE*NQ0@I}>LAc$ zka0vSDHiL_UrMMUz&V+dpZsja1p~W>6=ivT#W&(z()gO2P#0J4L6=sv7((39wsLyurNO}2P)jx=-scu^50D06l|{z&sZCzaSBm-sYtN_k3>w43Yvaz_l(X63ygAI5%%U zZRxd+f*^FASkxyb!p@FvrOQ5jh{{4-s;|hlBv6!u(Um5m4K{(zTZC@h7O8k<>{QcwCkt&C^rs9jNcR2cPi{TYU)JU*_eDt+y1oshrjC});EnSms z+qP}nwr%saZriqP^R{izPU3D^cM4iaoxzrA*e| zb_&eV_4b(3TtKDJb>Af2aR2aDIcUexAjJwqW>5u6&n<*cvJr^^LgBjFJV0?5(J7p= zY}cM0$-hxj)G+zF)94{qxTob7Zs1p_#hBCQEr%dhtA?`fzwy`Q`{+Gl(g+*@m5yj+ zM7Ph0<2zWV=*j%5g8KI$a~%taq@PUE76WlKo2^5BFIeZ;%L}wM+~ou)yT)l#c?4c(gYRoP+S_!@b9V(cvEEI7NyOm$u&FtqXDzGR3qxj4ApyFjXtTQbF91g zjbfxqJ?ZH~Yb8m%cAsPIeiwim=5lOk5wAM_(ZT!(s~;NbA_2!E4mt64DpOXJOflfD-~N)G94=BGz>GxOF&zU9t{>e zT9};U@WQCI;a3#X|K|N+hBWO>Q)$sPMvmqI9)2W25@dKfqYCM1?TJd*hg2l;$7>w z!{A}m7Rz16LQ|^l&NQryL_F3PLNv)Eu+|8_9KVDg%m!>T2F@o+vz~#cctL>@rv$Zu z55T&%aNA2?whUlBRz`hVHQHft&xt5dwOzhT{KPqD@UP(ItSj^IYp?l}R_v)B&CwB^ zey8`~;ooM?HjrPA$!q0IZhAp6Q3^ns3tj!1c<@o=w(W>}DV@+UPQnBvltu2c>K)<^ zh--PTN@4#L71;;D!E#gaKW0AbJwZnKR=$6mh2`uUL$yU#A!{ zD^8+3Q1y_&P$so8*+2qRkL{!l0uu+a^jPiPMdcI+|i0stq$^FdA4Ubc% zZ>#T#NlauRnB&Gkh55cE%_18pw&r(x^qt#afRl7ChIaS`(M`B!HNwn&+%4q!?P@tR z;~`1DD#$9FXUpROV~W8CZ0C$B#sZGk6DAT*iWiq|j$~ZnBd2fg-*<^L0-a+}_ZoLD za<3Y$N7eM<%-iKJRE>6IYu_iq{Si5_+p zTiKiVSHT>;2m|v7#Tyxg(qcdM94BJ?pxc1$IQE;KIo_{Ar~c}~P}b!n`mcI;WCcoT zEUaDSO5&pJkhDI8F-Q#}{)A^1YcNMIUj5AA9b|kldH;IsuDx(7_B$1-et*G4JX=~S zHVN%#9y9U+sIil8FJ_lN{qUH3o}dOGmI?0o^-sV}UD>y-JHWO z@;6yOWWGac^?c~tzAc=vUdg;V2TPw?}P zD_TBkg{>Ajs01n*-BH7|YOF{}0MwYqi07NY5jJkZ_ANcFdLx8fL0VtzDFV7nUym1- z(hB)&Hqm(tzH@TJKZ&Q8#W9)OVv21u!CmSlIQ0&*fyiFY2U+n&%p_fzOFSGnrlT6W z$o|eG4)wvAOs7D917-~ISpX#-2q#XL1h$Ebm7UVXpfIo8XkkAe-%xUjYr&d+cP*h- z+Z6&*?XaY2lr?GGS9?i6Y}41iZLo#j$!8N}yX|0#u2q<&Kv}-1O6H#~z!t>mY3jWF zIc4%QiwgnJuqqPF5d0IC%2w2;+w@X$PY4LXPseb`Poacr+^K+1MBXL=7MF!B2{OG5 z@|e2tO>U1MR*;k8=;g}YKAqnpvZC@=q~3p`J)#7#M&qQt{S+&djxL4ljGOE(f^Rs+Y=0=S*q*Er%ubd0vE3*5n6d+zSqh9zC|JAG|U4T(i}Icl&D{FctPu_7xezA_CQa1f6pr^<#qhT zo&h@gSrwDnn68om-C;}q=-Be^u`j;74>+mujl!Yh5gukA5O46$I)}tX0$jBmhWS-d zV_~9dA%T&(40r1cf}4qRg=}ezaq{R=s5ZEW^4@}VUXuAR<(3|Y)_Rx_GCj3abJv-Q zpzYLU?L}!XM`Iq3w3rdHiIW}y1NAWd`^9(m22Tc zp;t2*)h3?SEoSDI1-BIA%lBHa9Gmge!{L-jJV-=|xQMy*`O=9m_qpNQy}PF=r)&AG%4|+31HLal7;J!! z0-RU?jYQi|u-^a%7zH}vu0WL9jR9C#A%+<^&>B#LOejT!DO>~yMn+`U z)*wjEG;TD-?{}9|Su|5Rhz0~QaGxDTzap6&s@-u=9zcD@oTk@R%c@HnIw3WXjH&39 zUnL3jVJ$HrG+g}Ve#4p-#x4Uxw#9|My%8AV`?V8{rXl2t$j*P8fv1 zCze*A5rpz`*7gdaDKi~lHA^f$w*P?XmG?V7aR8(vgTZ~Y=1r8q7gaCLaxCBIN4AUq z$?4h2UR&SCIbKO1HK$Bcu$>TKx+N$E4<4~nItT%#Vjmm?LH$uM0NQvlsg|9Bj0>pU zs|E{%p!>M8m6j!JSQMp2MsWyPeYY?ZL5NqVih#&hXdF%YJ+6>nm``Ym-)QErubi+k z0nQ|Q!uxi%Of>t{EX=#X57+G?wzjtRTA2qE10E49fkuKvqIja)wj}zyd14F_^@6($Q!q~SgW=7rxfXVAM<*1fn*atwE4p;sVTbJ=x2QC zqE9w!odALYBd_hDm7VH9Mjqw?LG62m_US6A{9>dB?}6lRyf;^teAUA0*xoMqYWUl7 z@T^R=n-o<7kZi8sOs|yN9(XUd-^9rAU6ONwQD2rKjD4pbyJ%koj!|&5dJialN8q|0d#ZKJgwFjiDz#NXrRvX-`fb-TGb~54M(#w>2 z_n&*^XOP3{bh&B|nOdyr$ws~xEQ)Ov3koIxI@LA2wUJu0wRcdKwWE{%dd_v0NU2QG z-_~xlqz(3&q$_lMP)u0@FG-U+J`a-p(?LeN-Bdp#tz$cE76nQtPv$I&XqoDKP6yX2 z+E_b4;d5PTotw3T-h2re+v0@pS-ezJa{Pz3d}eD115X5?=swF?x=BR0qqej3ayVY5 z!Q1{vlzrHl4n7Z`7I$%2)panYG$uTD&lX$vsq9XEa>3;A^0!i#O+Suf5cRRWm`%?@ zU&@NiOA^{Zv+-vQ6cnz@+rw{Vnsf$@b#6sb??85W)d!!5X9o%C-}GiksguEd0Do8tI>u(R312Tmjt0WQ^q$SNL)=(Py|!`+Di* z;~OlvOxe6D6P(jiT|_Ni>L(Z4LY(%gm~@)A{( zQku0VC~;kb_cF>ktDUip-c+%YJ}F8hhcD)MhxG1vBW}uvWS6F&5`^2DINqRL0QE_cdfBxRW7hAydog-g|lJs)0IesRXp`%Hh* znp=lE&Ge&uoz~M+3#1+1M>riuhsL=6bs@)RK2!E|@k$ZIGV9JHq4Nfu>vkB~Up%C* zamR?p&3VN4x9|qRv0z1t2)zgv* zo)D3FIHVbm3cnw5is#b|oNFCZ-S500yeI!qSu)fUq?`ce@VtubBywOm=muSF;27{X z6_TUP6Silwsw{ZPe*7KjoVY#Qo7zyC4BTAL(tJsQGiN{R=*0KFs(HDaF9_R1=?9nW zsamGLFbh56Ls&iOtF&P$GkFTv*g$35y==$S&wFO6TfnAoRzJBaB-_;GSW$sAq`g5T zwdrH96xJ?6j#0+smbCqbSQEdTV9i@;aQ?7kv-Y{TveD!$s!B6AMx^^W<$!Z-#rVDr zqU`C&T?urdoC8yorYU$kLh+clSGoRV>P+Rz1_P@Wy4;1!{IP#!(M_-)Kd#e%Nc;Dt zgzVie_V`kN%e-V!L)oL1cjzjn&xHeKz^I!0N#QpM?d*=%;;ZQix#n zLQh?5RdcFPtbU!7Pg<=gVKi5hnlh&Q|dsmK9wXUv@TrMRqwp@%@&MBT=p?kfK zo#{ujDedXf=j&&;((cuKaX9whYwCpVEJy?|M7j~CQ?RLE%*;$s&5dF<$E*4tKvI-9 z`2Qg)VPX6qq7p_n7WRJyB1{BqY>fZeXXU?!CG4!MjQ{JfB*|GL$*N`elWYkSMB+fny8!*^?2>)idy zx#l^0Xu6x0unMZA|V12fPev;gdgi7+>s2xhj&j# z11$~##hWY6-qoG_G;oBSa5zA#Lcs<=5(&uF#R;sRfVJZB1}<(>pPT}~ioW+}F3T$9 z(aGmG3Wl(u%aa5^DjEuqqwCvsB^J^JL_@q|vttkt$QNASMv|ePLKq#4g)zJU(MG;+ zC~P*NLJ;vJW;wKL;3poWpS*&=PLBiF69YE5S!pIVz(Z~l8xCZH;N!0c{78z>XF#g< zjPFf|MM%~T-z(sbHG%ASfLmV-pigdshg^U~%)4!40omsoLV#o^yfQ2Eo3Br#?{P}b z^{0A5t$Raa0=~8W(Z&Ju4yq6RO zkL8x2^2XOxfzmA44aCRp@9?m&j~EWl&7AMgM*u=!0!y;l_0vx>b=TT`d{7GH<`$$M z!w|cUoVRV!%Dop0Od3nDwX2P=6uEw>J(uO^Gu7+m1K81Mk>w5&XR4%RsT!Ad^3E~8Q zKrCI{qyL-3uYKV2$x6VY{aX*phRtp;*F_Qe@da3M|E5!PaTvto)1N~1dYw#B+&eF< zhxGe7S05e5Q4GtiC)Y`E05GvS1&>G^% zY==!LU;bQZecJK>gXfh^%uY>>yFf4PNjxA9r=hL;DWesW3c31Do*=n#z@pvJbQj<3 z1HJG_BEtORH6K2-6UsX zlv#EEphr+kIU95h_eS$1i3^~d-ySkkiVB!XOB$1Aa!zfcF?DPt%fOuWh6V<5VulJjk9ZOfhyigtBW4G-7yovk8 z{x-IwYFHp&5x#Tr>WYZs;em{Ba_`=gBk-?iQyyz;0P&(48Iz^hC+fH?-uET*9+ciI zGWo5@z@9B`o*H>vO(Cy0Ardy zEZm^sXtu{Z)3WmYZR(dQtBHTdQ<%P=+I7l2sPH)n)Wy%7G3=y{&P5p;hK#Qtw~ZXt zj{#Nic@e`eW4Otz`+q1&82%xi{Yd6{h&&Lw*jQ*9L_Nb56Z6ift-AxbiRHx*cv1FW zeXs+gl=XJK_nL_Gx{52^?;LV`o7a5_9u-b-B-*|KF4#W-xuaWF`XtiL68<=%PU)clp7`xQbhw@%tHy?lsp!u`{QWBQM&LszJ# z{e4fT?DH%8_?0S}JcVlXR>M0U;?1W_u=ETTbRiq|NTzo!yMj-$>2CVsM*vMcNnlfn z^Rc*2#>_Hbi*)?GeM;U-5Nl?!GYCC=q7bzhYqGyrm2oHh!5WJI;jwb3#p}C+9(4V6 z^EIA2*DH=&m#;J5SHq?t@`G~y8ES(MW9eLH%0;_ZroY8W-`!Tq#36BQ)9e$sgZOwv z>Ohfymss{o6Sr$~Z$S~Rl@wPJ7+AdfruIx65NZ6asyapv16(enbK@BTJ0V?DYCo-?|F1+ut73CE;{*{2u)2 zH&Q#9oHIfmN0m6gsj#{JO2$W^xy~e9JLe&`ODIpKaKt4LzBo06Z|O6c@cD&J zqJO=L30I%e!rDKSeSt=C_Se@-s<+s7kSe71iY9*!4o^w91F?%qmUix;p|@L2)75}{ zZ9jqErsnKCpcWBQ-?_UzRCjuQf(rR98h5p8ts4NZ?{$pLrUPgFw<)B!Bkgrk=jF~X zf+^6keBAO>&Oxn21Z}^ku1(Xn-PD_*gqQ~(l&QGUA|(tfTWR|K)|y?=5_m+)J+h3& zMRkHLi%;b(lUiPqlr8U9-D#gE)Tm73EzW)H&;XVrFmyzM?6)PVQ(d9iGuDw`^5-43 z#6MZV(7aIBmybEVYu_6m&PerNpg35YWn--@b|&wGrG%g@?k|=@_v?mLwV@J?4Ud;( zP6XL{zf6GM5Rz8Oe!=!jJr@eIz{!*TBcu7VQm`s_=U>|2lyzBy8i$p#`j#-fZc|Px zYMOC<5B>X>ha|}d;2~4!im4*kD`|15+l%bE_=MW>&I86Zc(P!Ue7iuQ((R609AgMToU>y{SgmxSR3}-yAUzH=0X!v+VwEl`)9SA=a^cV38#ct7USYgS z8FI0E82h(&N*q>Gyz93d7VDrjPQMSUu4?Y9fytk%sxmWgDy1rIn4%{v)0<~cg6qU5 z$ob?Tymi1x`OaC*p~bt|i7L4)(v*nUo6)qK>LFSRG+}>te0wkpV?WFEmF_Vrc%>|Q z72}W6RLgh@a7wFa=MeVoy@=VQd1Vn=gV5FsV0}fi$POS>AisO7!*U$w&?Od240Qyo z0Z5>^1YTBr}m)o zmAE@;!GU5^N(nd=#f~i@g&093g5z)1l%zcN(0N+!Y;mS9-!+WX0$?mMTK4BkPV1)U z_;4PZG8u-pN}BD!=bx#9?Zt-dbx++c3{`Z931%Uu;k z{ISms*jqriJujg@ZZIv<@G2y4db{Jhxscqw-o!ZYe$IXfHg!fI@`+gs^)Y{?D>DWsZgDa~F*5?kMqU%Am zG$|Y6#$JhekHJrLR4TvHsLZ91@zbkO)?8J8j|f$dzrPz+JzPPkg(QR0R>|{d^xfiE zsgdh@BfTnx)$Ow1sy$XXXnF?N_DoK4clU3#>E7I*HH|GQ7Ra82bTn0V;l1Ea6DZGu zP90~KVyDXr5kJ~vMU;`k^CIQYV0|9|>=**ZAS({GxU+Xv(!av0sE+bnsgYe^LY z5zJcO+mxTi-X+~8L_-T|kmI=OQeA~~s>#S-g_PlTqnK?SKZk1jDE5VILT>?*v;#Va zrO&8n)~G}h!bm#a=uW^s061`v#miEp3)i$v_CPhQ9=ygD%``?YMG^3P2200C>L>tC ztkqyWC~jVClqNwLPFvR})?$Qt@NVOrxiu9|$m+-|x23?fJvzip6mg8kvStp1Gz}oW z4^jg?kGk7q zsKHkyemog%5{U*I7P*f|h-{OUNsCL2s8^S?$4@L!Lo7jkOmc-uQ1D3K5T)w``r@l%^&I| zd9tcIWOTPA$=24l@Ce2HkZ&`%s2ZJobm6lP<(ykN*vt2Wv6=7AfBN$yhw?}H7cI(u zt+NAnFbNVJ@&}-#%kR!f<+^zTs2`1$lS#T+AAz3#>y8)E%VfdvcD^u|al2TPnRpqo+elx%bxz|h1G zFixJIA?aKeHaM9Mm76A^@2!$vtMw~@i2E73S8-pecxUP4Sq^Q0V>(Z@IL#nHyp7^z zq6v`F!zDl&=La4sTL$W`^^$5Kxah0tSC{mIs1IZWz{A0|y?3*en~UiZnO0d0 zQ;d&FwdGF@Wu+)5J?A7>`}8czdFA;i;XsXShYfW@NQRtrnZ2D;Faopoc%@8Q9{J=> zCDuEo$R=Tkn=1ogP#JI&iUkA6Lich)L4TK&1()ll%NkmHXdh$@?!h1pW;fu;wByS9 z#9L>;a0z2`cvDK5aQC=0pGS}cd1=y+7&m+06-GI-bhVD^lB8w0Vp)#j@gE~fkhU=# zU)>p*5IqbX4%>A(XJBjj+<09FM$%cuiXf~WhoLB+F>1OW_fm^zkVflXisx8uh@vGv z`~{4@;=}lay0G-(-{z5jOSf@OHM|=q`Ngm-M-a+sI=MHEFfcJ-o7R*#0jDvUIkY@+ zb&ZhfT2D1}Qnq7^%`?A;2C`VOS_1ADz?lB_gR;1e$q#fmjy*?tai|rNL{8T|pb!Z- znGQIkOAmNxyT;b-VMVl=7FXpz0yQ)wr zRCzCdFhpf@7ND)b9KiCIU+W#IDi!v^^|9z|*I}2l?(B4m*2t=Rd(Rg;|5GZO6;^lUqalq0+ zJB|6m^OA~m`3?8Q$w2r9&hZYXa@vWq3~`|BxcfS%JKtFkjMY0uZ+LA^W;Zr>M6j`2 z@$2d2OZv|UR-4MqUw%kR(pLn_D6B?}5^25oMxz(GBK`_5Oye{<;&&~>Ol&?`2P`$4 zZ8k7WA|-bI8boZ|8v{6LapWaBM~{pNbX+t^{_b$CgV=M8>Kv?1`6t{vR{w=t)GJw^ z<@xX;Rb;ZdGy83`N%TGTeII0xy5f4FxrFju*d0te6%TIOQ#~x@j2@?Ah$HqM#=}@JJ8!rCOVIJD36QGOASbR!;lcH#4L%V( z9IW)UsT%wT7jx410|4W6m7C@c0+n|H3U#{oLg_C;{%!iso$*|*w3_~i7S5Uy1!z9U z@_7w%FF%*mGIV-iXrr8%z(c1@EV=FtG6&1t73fylJNIMXK?MgGsL^2G{TU;gcdk8N z`9bocNCt>l=8H?)LsLZ9mhhl~s@m0aNAx6pxpgfV&ViAX`U_b*hy`m}okg-(_SUpW;u@)$d)sBUw1RS>R<9vq2Hu>>Jfa1v z*c}bdMKtyg5sKKF)oGXaOjb2^S}J6n?!C)0vZ@X9%GU3ypbQHOPf}MKN^6hqqRXB! zJb{TCuTiU~?HmWlB||*tV0I@A)#Nxy5w^1bP3oVlc0~NGajJ%IJc>zeq>jf5usj0GrQL;^FEl@v#&!#aOYIe}CB)^o!TM=6j_23(TtDSh;za0m;)aaC z)&{I1o@Lz}L*j;DuWUc+Ad*tpQR;7tVoz&IW9D&-Wm3pW?czXdJ1In}p7E=*FX`w? zwA*S2Nt`?mg-Ase{oMO1F6m$nCbnnfehM`AX$HdmNXCPp7M4w$)KeW@4c z26bjyH#Q09E55Jxxzh+eeKn`&ym~I=K>y3EO==F5f}KR&nBy< zUN9hyn3b7AA0U?7aipUI17b$#8Y+;}1~Y=FcXCJ7JGA;(Th#!ys4uEB5Ayq=)HSH~ zx;wPfrcS;31X2(yEXc^eO@P3=?$*^X{8iq{wY*pVpklO;q>Ev{+#6BzH ziBI9I(R-$f^=U3cTp&~__oT%2=k*C$SL~clxmb#?)EC|DI}e`f;w`X9%V@l^nS_GG zT(3+|o-8k4rkQW|U3-h%*NfM0Nwpe}RZ-=<4~4^&Wp&UJ)j`{aAF~@gSSZo=tzMFy zvJU<3$4N>(YdY9FBT%0Kd~Ejg_}UnC8s`cKE}`)?pWu3Gm{0U?0csquyo&F{i1NrY zAN6HlvJa-Duc9L(7~~x7b@WRjX9G#{5nIH^=VT6cC2T4{^HxQ@RQCHMa#ZH`n#`#j zBP*Wi6#=a7MaKt=CucyM%s$>p#L!C_fktBOT3~R-F~sM56WU$fuxsygOdytCPfa!$ za7e^A-1Z-%XUw`KeY)pcNPd>dZg1)gFA_gEZW1>i7cwrYS?o4B&6Y(`1j9@3!ki`Sh4- zWUuCgV%ANCf8|5FRR_ zQ*oill=X%cEwUiJ7t@R>>p$6`yVUp=(bT-TEVo#90x0f*Jp~lA zO^z#*{?`mNTq#42(nV?lLjrHL8nnAn4K*2b%0Tv8kj?Vke)Xdfy^yw=ikGr?svWIa zl_vImd(d?Be0ep1H(uS5;8I{t?QW!*S+C!Ba%wtF>2}rW%{uc`GE#%iMOGX~8bgkL zi$|oC3BBCF*~I&?Sw7FTQOUlcF%=|h|3{&P&`YqK<&0Om=N|e}AsD8A`D)3`+A52D z)QVW+t3z(24oLD%m2^Zp%>d*v)4g7UN{W{qC3-uPLJ!lQD(}IEm?s9EG7h}H$JQ8( zKjEt@PV9FF(^K zb?+Ttz#W}|JR-VbV71UL6R@Fs+;`;~-gLCmB%sW0uRTlrRZOamz4sa}tnB?Ogqc|~ zW@M`AqW*V#pN@cBHXgPh`gS8Ut@X(x^lZWX8I!dLv4M(3596)$o1nSQZ+d_-pn>Dm zsspdfvT=g>-lj#bW#C;YmQ+hV5(*ryOSXzRp&|IQn#NSZ(q(QwOHf z#hVz=b``a>RlQXMX=_HQRtOp49=1a0P-6vV`*2P67ySh@`I7vs-8|g$yt%f6g1|lO z5lZ`h0Nby#Y+hc(e&O$y$BVM)tl3k@egcNnw|R$(>s|_KOz-IX!(=r=QmcWKjxp0? z-38hl6-#SZ-6-q=;y()+&ujZm9S-sQP34w00z1LoO;7o1XN5kSg~Z_|kPY8}#)W$T z|5Mrbr;tlvYh($(HfUQ?w+A6ti|RHh zpBuP=6&0Noa^Nd5&(llQd^K>cdv(|4RoFw$&13A=%v)}E#Z_B!P23ILB?;M%C-RE1*`@x4+^70DxtMN0cyO7V+q)vfFwaqpG*D(TK zNkk`S_MT+5pA+$Jft>y43v9~m-wIrvZ+r;c-x;H>YAv31Yqi2(6ZLV1zXDmdK<-1k zUAz~%BhG8)KjxpDc)B@95tuY;L@%GZ3%0*MuXYAM)_Hv#a`l1>xN!aJK8{`0u;baG6!y)Ip=BD*mjv?<&c}F7OZv~wmLkrH3Vh#a>>KdmYk9yN0 zovlF{z7c7Vi|#US788#B#fygJ)Q{oJ@?c&SmdJ?zzI0JQCMSu7R*D($M;P|gaJuaT z8x1G)i1evw9|(`mak#XHMxz9X4l@)_{5wljB#S~QJMBZAkpn`|{)r*bt$pC8jhG^GODn65@6`h5& zl5nVvtWZ#KJLoznxH;%UsgQXr9e5kLyoUr|nJ*K?%vjSmEW_okByXhN2l~45uz_&$ zSiFsMQ$2m4Bf%b1-WTc<^Cgwhoo__M`OK4F(41$^pjX0N>zT7JW)o5KVfKW3M$3yg zsZSq>#kb=BekmAP+5XE*q2g|5N26VCyaxwl#*|%`$mPnexWN`a0$(q)&Xp`GUZ8yZ@zwwh zgd*|NOV$yO%Qyp|5x}MA(*-bLXBt$t76lxW7($ic z7Dj@!AjyV)-Cru*-{dt~WJ(_i|KkTSE?1Dz+&Y;>ZP0S*(0C;4N!{$Dk39Xh{ z{t_ofKNf?&P@g@8fjoJ5uLa8oQ7bV-+-wE`10LoHS>a#+=xF1ay*VnDv-2!D_#y}} zW<@@8Qq{m1fF3wkpNR-lG*N~`HR;bkRBnP94J0sKHFusmiC zbGV~CBAoaY);dgpaL~}%06v+9tv}+t9y)SVcPEJXBY6xOlM?t7rKXhthqLVpbz7AR zb9m5|A0Ljf-RUUgWIn=bX%-CE3VYG}j}y7#CBrRmkl2jD4g+wvU_4$<;&c7+ z;3^b3^RG{AKabr$?UYqr8+?_uk`LWdq9e|zs7qEJiraA)PL~t_W0@;Itkhnr!GCm? zSFk7nU+sxW(GGew5g0N}l9<;v?Z`g3;?24f=&NyyFXiHdg78-!AwijW?tbK}VbTMa-Mb&J$UQ|Re@H7aq zjQ0xblC^DUV$P(~ri!m4)o+`2b9sZ+>F`wm=BkXSu0phSZ4=o zb5v?(oQ+i101eRv7(Ia%hHU^L$(8B#C_=q=&BH1L zkEwBD8cHn*=VqXv;JyvB#cMXgLWkBCTGmBw4jWNhBwf_L{=*FXZV$X;EH%l9+^5Sd zfcKYmc1`MZ{nqt&q=Rga!tgU$H*MoS$F0&0M&9Q-;qLWU0H@K~4CX|E&saduKJKyY zTadI7_7~o}AZN{c*7Gz=cj)We`FixjOcRn}*_`o-e7@#Dmo?o*AUdDv5cK-3Gt%9R z{;2waS*a%;^zM6E@5<<{3fmU3xbfzMq36NR9;sPpMeo|EY^Pm}o4mEv9#JFsRr6&a z z=U&FWU@C4#d4e)vqLVpI2$B6Dg=t}?@Xxv|E=*)48sm-??$twNrAA(RrOpz$-%jv{ zUg4XHBPfZBWejA+iD7(4Hw=NflIP9)zk$5}Ky^=UA%FeK%9^5&LLI|;!7819B(Pi0 zM85L{re02T9vH}t+J}_{m%Uv{X$cg~#QL_AU(e*r-=Kkj%oP@3alrimd>@X?E;3nK z68NR+nBN9BFVkpAX<`p~Ss3k|GRtOE-lQ^25$=kqq}=|%76!;9D+QD4TEXTg^Se)D zup&HCXX;)wj5GcS6sNDe_!2)Tm1yJP{%!h}Q~s&EwZl_sGGt*+S5@wOb8Bn|&4=^V z?&UpHoj)7xI@c#1Z6?BklbeHTB$a>}PiH2qJUI3vc*E`Yrx+7tfcYb?UX@; z=NSG8A#XwKDe@aM@00dv>I15`to%vM1MKC3>qF9)m~V;i?DGRK?kqG{;lSOKivYca z;HTe1gkJQ{wWDCo4yT{q0ybBH?>u8y5i%F1ER@zf(%1G}hY=SQ{b|zlN#%=<%*pQu z0cx#HnaBV&-{glJpJM$JU%-5PE14K^gHQzbx5@^{D}KI*Z6B`=2v^uCs99AIT}JqJ z8Nn6n*+;Hf_|~)mI`#f7a0ck!QDEf(rcB_u=B-Pk&-3F?_L_I=^Y@|0Pd5f#L#`-a zf*a)8hupg)S(#_48QBp_qjuds_SC<$Dwgc?mGD93RXw1V8-Vy!Hy^?i=3}mmZwDts zw++X0CksX%+Lf@3R=w*l-YQJr7A%Zw8tEAq6^@DNTBt_zQ`TxBHBfaW)B(ToboL$g z0;wS@>~S^OAC4wAVS{AJJIS6~(1)DZ+H+Xq+2HG3+&1NR#@yLxNq1YFMGTFe}j!3#k0TAkxJUomXnGYR}h%}wDW0rjO)=zU*nsN#rudnHFz;ojE=0J zN-5#%)9n@ZQe>SzJ?hyrzG`r>-aJM!9WxQ{punh0HxEd9SCUqaW5I zP_x9;uZV2wu@!F$xj*2-hX2K0!FiMZrFw4wiTpq(<2L8}c45&o5abN0F4)hB;ASKC zHo(j&Ei~Jz24TbsDYz-y%Ei=Q9)zIO2zlFz>`R^lRucWbUe`jhJdU8Qs#E;e?Xpp< z%g4j*<85Ca)wi{@{15^%l2UEY9)F`FoP@f8jgM<6G}BA8vvJnG3MSa88%TL>)MC9d z8!cDg=d#D`6=_P#G#Lz*7Hi00fE?+MjE$Dq?p}R`;`zJ{H}K$#ZOJA{J^v>BFdyiM z^;G>qN17{oe{;jy8XI26TxkkTXpcUnO0IlK+$_B8N(5bM4dqg_JF+A2g8 zFV-Z~x24-=pb+)JM>@+l(5D+qwyK0X5rLi_tWYpC#&hhPsWbCE_*&=h#pPU)d)ksi zTV#QcdID+}?enC~)~Tyf8clUmQ>A3aXm+ae>w>$tE_-$Txh3?Kd=MkHmDJ;H(QW7T zztzo_;6kO>1(zY42I__js%b4J1R@2sA9PSP+l@|-x?vne>Sxs5@ZQ{+Au%DAguOaj zPz=ck%Ra!~TovBx*}*UImZ-#S@4h>^zY!6vqJ`a8@&lY%(JaRrkbRi5cf}VxH})p^ z{mKyn=*3fO4OZXw&AfL&XWm0RKLyco)VI$IeYh3dIlSyZmqmt6uNBSx-DaFvYoB<(Sy$ygl-XxK1}d>_*{oy9=ovy)J)JY z1pA?aym|xYx{(0GaK&pE2;3oxgcCyfqR;C1X!(#gefUZ{%8RLOomp+d86x{{Z%h$l zM$$i7ZU^nGMd*~NO)Q51ZQ*TYm^*cty=L!0dU)v<=EFE-c-%HIi?7PiJ})>= zyAA^bgX}*>@*kr@Nv~qz^xO2mU6%gmis?Vb;U8o4--ovU3?2V5It(m72LprfKjz=Q zw)yAG_#g9cx7+=5=Jbzoq@-7NHnKD|cA}u97yjY1IsLdKWBB7Kfvbg+If404M&{sP z`iqiY+SJ|E*1^P);>Y!Wn`mKcBl5$CBcKrBVq#!oVPIooV`O7sVql|XU?FE!xCE;YjfF`SSpHurDbo*k@ZU31CWimS>l1J?{zpRk zzu3kJRS&5w5WXdncUnlPxe8fo{Y`rK(IV?Kx;#9Z&$&ZeOzUq8*u zpa0Y0nbVO-V?oK3pT*FoASH1Qf&$bF@ivhRK&e6)>?CxqBSGqvFG48e&uQlQ&a`;OFIuc3TY_Ea`a({8Fx% z`966h=)H>j14}shiA{HnkFvjCtI9PzhH7)edjgsNmy72hhI+YpF>$)g7*e&7 z$ggGh0PM$y{v<4qfasjFK#)X+m}B&V##hh~I{p*;A-2&**euDIu%tR@rpx|P`^thO zGfk)zc!``?Cz@Ovq`P?DVhv|@v4g-^N}gn|&b=zC0o7X~SC9A1lYAX@@LMnY7Vi!Z z%W-dJ)HZZ7IzINLH!ZnS7zYAj5psyNG!Q@`5^)qly*Fs8@)hR=<7gLpZ;Q)-Vt|NH zmLT&O4IvnD93ncz1Y{r_N(e=7i+EP8Xy`vG{>%WVqxQN2pbk3daj6YB`9Pd{?s@-b zJ+XGHxRRf2|%Jug~ z9)_(>tQYh5pNb8BtN&N*ObL_FHRlZ~YrixaEJ+Px&b%uW=6usc?b=}nuEa@d5pPeW zK0SJpWx==StnMe4N#qzDlYYzg=oafK-P08wt{o3M)KnI_u2e8}&bX{8*JkGMJMq~e zrSx=@bzNrN&xA5IXRK>5>wa3Zg;7U;ntjimCNqb1?xHU z>zEex-BIOIv%be7WkWmdn*z(<7D_$ZvWq_{;P%tPnpDw`=|}m(d}dEclwvOh$L^v_V#m+H%4BS?l0lzxL;f)*bY4T z@Yk-|^=bC}q3Lf9{{FNzO7_|3n}-W)E6x>sFxefgbAbO_ck8qqVQ z!SiAeP-+^NzGq%aYK20yfda7XiRID{&a48KHD;z<`r!)Eh6=_C zhCsof{QMH2pb^lBAdrr{{0F@Sh33eh&kCcvW7$l2Av$-vCO%*ENv#l^zNz`)JW z+``Gs(ACjSfv^&wJwB;<>A+$dSO^k5j4V6lq@P%zK_eb-9;}C?I_6gsbMfZ=3ely@5s};ul~KS8U>`06rrFw|sdmcGU+`d-txeT_6&(Tzx64?M5H}Xp<8A8w-|e zK7GKj!`=U}_5sHa6Xxw(AS9!uBr)qtX1k-Pt(tmmt*M1mzvf2YNaifftsgo*X{=am z!?#W2wIg$?@q?#74HxL9A7DNuykO!dogMy_LUR`F;V{#jeIWCc-vRz-KIcrc7zzX| zgFh8N*c1J4VTS9=6v5Q|t`$F4-p?vrZKYb;c--RmgAI@MY~yBb-xc~j)7$z5!yfbZ zOm`m$yG1l#3=6Kl8mMXzfTWV^$1V{U&l z=PBzIo(8U!(x%*b4U*fJh5F89{+z(5!}J$8=5X6RH?gLUJA-TT;)WLc37SRTW~Yi<6K`)`fBFsgC-HY?w-!%&!FrR|NjAmY>&`K=tzO5PFSzWy zeaQQ3N70143L6(5nRGe8&of=%cz_INqDG60meieT^E0?sa{p~ty80sQ#RVoq?nOer zdD_{pG!y4|Ye?%Z;1#*NuwF+|BbhzoM+_=+$K4vi|mF zS=}$peAXW{+8AzfY!ZwRV^Q&N(Ga|&dhn^> KR8?L5-M9dILV%C} diff --git a/krb5-1.21.3/doc/pdf/basic.tex b/krb5-1.21.3/doc/pdf/basic.tex deleted file mode 100644 index 898bc40f..00000000 --- a/krb5-1.21.3/doc/pdf/basic.tex +++ /dev/null @@ -1,918 +0,0 @@ -%% Generated by Sphinx. -\def\sphinxdocclass{report} -\documentclass[letterpaper,10pt,english]{sphinxmanual} -\ifdefined\pdfpxdimen - \let\sphinxpxdimen\pdfpxdimen\else\newdimen\sphinxpxdimen -\fi \sphinxpxdimen=.75bp\relax -\ifdefined\pdfimageresolution - \pdfimageresolution= \numexpr \dimexpr1in\relax/\sphinxpxdimen\relax -\fi -%% let collapsible pdf bookmarks panel have high depth per default -\PassOptionsToPackage{bookmarksdepth=5}{hyperref} - -\PassOptionsToPackage{warn}{textcomp} -\usepackage[utf8]{inputenc} -\ifdefined\DeclareUnicodeCharacter -% support both utf8 and utf8x syntaxes - \ifdefined\DeclareUnicodeCharacterAsOptional - \def\sphinxDUC#1{\DeclareUnicodeCharacter{"#1}} - \else - \let\sphinxDUC\DeclareUnicodeCharacter - \fi - \sphinxDUC{00A0}{\nobreakspace} - \sphinxDUC{2500}{\sphinxunichar{2500}} - \sphinxDUC{2502}{\sphinxunichar{2502}} - \sphinxDUC{2514}{\sphinxunichar{2514}} - \sphinxDUC{251C}{\sphinxunichar{251C}} - \sphinxDUC{2572}{\textbackslash} -\fi -\usepackage{cmap} -\usepackage[T1]{fontenc} -\usepackage{amsmath,amssymb,amstext} -\usepackage{babel} - - - -\usepackage{tgtermes} -\usepackage{tgheros} -\renewcommand{\ttdefault}{txtt} - - - -\usepackage[Bjarne]{fncychap} -\usepackage{sphinx} - -\fvset{fontsize=auto} -\usepackage{geometry} - - -% Include hyperref last. -\usepackage{hyperref} -% Fix anchor placement for figures with captions. -\usepackage{hypcap}% it must be loaded after hyperref. -% Set up styles of URL: it should be placed after hyperref. -\urlstyle{same} - - -\usepackage{sphinxmessages} -\setcounter{tocdepth}{0} - - - -\title{Kerberos Concepts} -\date{ } -\release{1.21.3} -\author{MIT} -\newcommand{\sphinxlogo}{\vbox{}} -\renewcommand{\releasename}{Release} -\makeindex -\begin{document} - -\pagestyle{empty} -\sphinxmaketitle -\pagestyle{plain} -\sphinxtableofcontents -\pagestyle{normal} -\phantomsection\label{\detokenize{basic/index::doc}} - - - -\chapter{Credential cache} -\label{\detokenize{basic/ccache_def:credential-cache}}\label{\detokenize{basic/ccache_def:ccache-definition}}\label{\detokenize{basic/ccache_def::doc}} -\sphinxAtStartPar -A credential cache (or “ccacheâ€) holds Kerberos credentials while they -remain valid and, generally, while the user’s session lasts, so that -authenticating to a service multiple times (e.g., connecting to a web -or mail server more than once) doesn’t require contacting the KDC -every time. - -\sphinxAtStartPar -A credential cache usually contains one initial ticket which is -obtained using a password or another form of identity verification. -If this ticket is a ticket\sphinxhyphen{}granting ticket, it can be used to obtain -additional credentials without the password. Because the credential -cache does not store the password, less long\sphinxhyphen{}term damage can be done -to the user’s account if the machine is compromised. - -\sphinxAtStartPar -A credentials cache stores a default client principal name, set when -the cache is created. This is the name shown at the top of the -\DUrole{xref,std,std-ref}{klist(1)} \sphinxstyleemphasis{\sphinxhyphen{}A} output. - -\sphinxAtStartPar -Each normal cache entry includes a service principal name, a client -principal name (which, in some ccache types, need not be the same as -the default), lifetime information, and flags, along with the -credential itself. There are also other entries, indicated by special -names, that store additional information. - - -\section{ccache types} -\label{\detokenize{basic/ccache_def:ccache-types}} -\sphinxAtStartPar -The credential cache interface, like the {\hyperref[\detokenize{basic/keytab_def:keytab-definition}]{\sphinxcrossref{\DUrole{std,std-ref}{keytab}}}} and -{\hyperref[\detokenize{basic/rcache_def:rcache-definition}]{\sphinxcrossref{\DUrole{std,std-ref}{replay cache}}}} interfaces, uses \sphinxtitleref{TYPE:value} strings to -indicate the type of credential cache and any associated cache naming -data to use. - -\sphinxAtStartPar -There are several kinds of credentials cache supported in the MIT -Kerberos library. Not all are supported on every platform. In most -cases, it should be correct to use the default type built into the -library. -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -\sphinxstylestrong{API} is only implemented on Windows. It communicates with a -server process that holds the credentials in memory for the user, -rather than writing them to disk. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{DIR} points to the storage location of the collection of the -credential caches in \sphinxstyleemphasis{FILE:} format. It is most useful when dealing -with multiple Kerberos realms and KDCs. For release 1.10 the -directory must already exist. In post\sphinxhyphen{}1.10 releases the -requirement is for parent directory to exist and the current -process must have permissions to create the directory if it does -not exist. See {\hyperref[\detokenize{basic/ccache_def:col-ccache}]{\sphinxcrossref{\DUrole{std,std-ref}{Collections of caches}}}} for details. New in release 1.10. -The following residual forms are supported: -\begin{itemize} -\item {} -\sphinxAtStartPar -DIR:dirname - -\item {} -\sphinxAtStartPar -DIR::dirpath/filename \sphinxhyphen{} a single cache within the directory - -\end{itemize} - -\sphinxAtStartPar -Switching to a ccache of the latter type causes it to become the -primary for the directory. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{FILE} caches are the simplest and most portable. A simple flat -file format is used to store one credential after another. This is -the default ccache type if no type is specified in a ccache name. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{KCM} caches work by contacting a daemon process called \sphinxcode{\sphinxupquote{kcm}} -to perform cache operations. If the cache name is just \sphinxcode{\sphinxupquote{KCM:}}, -the default cache as determined by the KCM daemon will be used. -Newly created caches must generally be named \sphinxcode{\sphinxupquote{KCM:uid:name}}, -where \sphinxstyleemphasis{uid} is the effective user ID of the running process. - -\sphinxAtStartPar -KCM client support is new in release 1.13. A KCM daemon has not -yet been implemented in MIT krb5, but the client will interoperate -with the KCM daemon implemented by Heimdal. macOS 10.7 and higher -provides a KCM daemon as part of the operating system, and the -\sphinxstylestrong{KCM} cache type is used as the default cache on that platform in -a default build. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{KEYRING} is Linux\sphinxhyphen{}specific, and uses the kernel keyring support -to store credential data in unswappable kernel memory where only -the current user should be able to access it. The following -residual forms are supported: -\begin{itemize} -\item {} -\sphinxAtStartPar -KEYRING:name - -\item {} -\sphinxAtStartPar -KEYRING:process:name \sphinxhyphen{} process keyring - -\item {} -\sphinxAtStartPar -KEYRING:thread:name \sphinxhyphen{} thread keyring - -\end{itemize} - -\sphinxAtStartPar -Starting with release 1.12 the \sphinxstyleemphasis{KEYRING} type supports collections. -The following new residual forms were added: -\begin{itemize} -\item {} -\sphinxAtStartPar -KEYRING:session:name \sphinxhyphen{} session keyring - -\item {} -\sphinxAtStartPar -KEYRING:user:name \sphinxhyphen{} user keyring - -\item {} -\sphinxAtStartPar -KEYRING:persistent:uidnumber \sphinxhyphen{} persistent per\sphinxhyphen{}UID collection. -Unlike the user keyring, this collection survives after the user -logs out, until the cache credentials expire. This type of -ccache requires support from the kernel; otherwise, it will fall -back to the user keyring. - -\end{itemize} - -\sphinxAtStartPar -See {\hyperref[\detokenize{basic/ccache_def:col-ccache}]{\sphinxcrossref{\DUrole{std,std-ref}{Collections of caches}}}} for details. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{MEMORY} caches are for storage of credentials that don’t need to -be made available outside of the current process. For example, a -memory ccache is used by \DUrole{xref,std,std-ref}{kadmin(1)} to store the -administrative ticket used to contact the admin server. Memory -ccaches are faster than file ccaches and are automatically -destroyed when the process exits. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{MSLSA} is a Windows\sphinxhyphen{}specific cache type that accesses the -Windows credential store. - -\end{enumerate} - - -\section{Collections of caches} -\label{\detokenize{basic/ccache_def:collections-of-caches}}\label{\detokenize{basic/ccache_def:col-ccache}} -\sphinxAtStartPar -Some credential cache types can support collections of multiple -caches. One of the caches in the collection is designated as the -\sphinxstyleemphasis{primary} and will be used when the collection is resolved as a cache. -When a collection\sphinxhyphen{}enabled cache type is the default cache for a -process, applications can search the specified collection for a -specific client principal, and GSSAPI applications will automatically -select between the caches in the collection based on criteria such as -the target service realm. - -\sphinxAtStartPar -Credential cache collections are new in release 1.10, with support -from the \sphinxstylestrong{DIR} and \sphinxstylestrong{API} ccache types. Starting in release 1.12, -collections are also supported by the \sphinxstylestrong{KEYRING} ccache type. -Collections are supported by the \sphinxstylestrong{KCM} ccache type in release 1.13. - - -\subsection{Tool alterations to use cache collection} -\label{\detokenize{basic/ccache_def:tool-alterations-to-use-cache-collection}}\begin{itemize} -\item {} -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{kdestroy(1)} \sphinxstyleemphasis{\sphinxhyphen{}A} will destroy all caches in the collection. - -\item {} -\sphinxAtStartPar -If the default cache type supports switching, \DUrole{xref,std,std-ref}{kinit(1)} -\sphinxstyleemphasis{princname} will search the collection for a matching cache and -store credentials there, or will store credentials in a new unique -cache of the default type if no existing cache for the principal -exists. Either way, kinit will switch to the selected cache. - -\item {} -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{klist(1)} \sphinxstyleemphasis{\sphinxhyphen{}l} will list the caches in the collection. - -\item {} -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{klist(1)} \sphinxstyleemphasis{\sphinxhyphen{}A} will show the content of all caches in the -collection. - -\item {} -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{kswitch(1)} \sphinxstyleemphasis{\sphinxhyphen{}p princname} will search the collection for a -matching cache and switch to it. - -\item {} -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{kswitch(1)} \sphinxstyleemphasis{\sphinxhyphen{}c cachename} will switch to a specified cache. - -\end{itemize} - - -\section{Default ccache name} -\label{\detokenize{basic/ccache_def:default-ccache-name}} -\sphinxAtStartPar -The default credential cache name is determined by the following, in -descending order of priority: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -The \sphinxstylestrong{KRB5CCNAME} environment variable. For example, -\sphinxcode{\sphinxupquote{KRB5CCNAME=DIR:/mydir/}}. - -\item {} -\sphinxAtStartPar -The \sphinxstylestrong{default\_ccache\_name} profile variable in \DUrole{xref,std,std-ref}{libdefaults}. - -\item {} -\sphinxAtStartPar -The hardcoded default, \DUrole{xref,std,std-ref}{DEFCCNAME}. - -\end{enumerate} - - -\chapter{keytab} -\label{\detokenize{basic/keytab_def:keytab}}\label{\detokenize{basic/keytab_def:keytab-definition}}\label{\detokenize{basic/keytab_def::doc}} -\sphinxAtStartPar -A keytab (short for “key tableâ€) stores long\sphinxhyphen{}term keys for one or more -principals. Keytabs are normally represented by files in a standard -format, although in rare cases they can be represented in other ways. -Keytabs are used most often to allow server applications to accept -authentications from clients, but can also be used to obtain initial -credentials for client applications. - -\sphinxAtStartPar -Keytabs are named using the format \sphinxstyleemphasis{type}\sphinxcode{\sphinxupquote{:}}\sphinxstyleemphasis{value}. Usually -\sphinxstyleemphasis{type} is \sphinxcode{\sphinxupquote{FILE}} and \sphinxstyleemphasis{value} is the absolute pathname of the file. -The other possible value for \sphinxstyleemphasis{type} is \sphinxcode{\sphinxupquote{MEMORY}}, which indicates a -temporary keytab stored in the memory of the current process. - -\sphinxAtStartPar -A keytab contains one or more entries, where each entry consists of a -timestamp (indicating when the entry was written to the keytab), a -principal name, a key version number, an encryption type, and the -encryption key itself. - -\sphinxAtStartPar -A keytab can be displayed using the \DUrole{xref,std,std-ref}{klist(1)} command with the -\sphinxcode{\sphinxupquote{\sphinxhyphen{}k}} option. Keytabs can be created or appended to by extracting -keys from the KDC database using the \DUrole{xref,std,std-ref}{kadmin(1)} \DUrole{xref,std,std-ref}{ktadd} -command. Keytabs can be manipulated using the \DUrole{xref,std,std-ref}{ktutil(1)} and -\DUrole{xref,std,std-ref}{k5srvutil(1)} commands. - - -\section{Default keytab} -\label{\detokenize{basic/keytab_def:default-keytab}} -\sphinxAtStartPar -The default keytab is used by server applications if the application -does not request a specific keytab. The name of the default keytab is -determined by the following, in decreasing order of preference: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -The \sphinxstylestrong{KRB5\_KTNAME} environment variable. - -\item {} -\sphinxAtStartPar -The \sphinxstylestrong{default\_keytab\_name} profile variable in \DUrole{xref,std,std-ref}{libdefaults}. - -\item {} -\sphinxAtStartPar -The hardcoded default, \DUrole{xref,std,std-ref}{DEFKTNAME}. - -\end{enumerate} - - -\section{Default client keytab} -\label{\detokenize{basic/keytab_def:default-client-keytab}} -\sphinxAtStartPar -The default client keytab is used, if it is present and readable, to -automatically obtain initial credentials for GSSAPI client -applications. The principal name of the first entry in the client -keytab is used by default when obtaining initial credentials. The -name of the default client keytab is determined by the following, in -decreasing order of preference: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -The \sphinxstylestrong{KRB5\_CLIENT\_KTNAME} environment variable. - -\item {} -\sphinxAtStartPar -The \sphinxstylestrong{default\_client\_keytab\_name} profile variable in -\DUrole{xref,std,std-ref}{libdefaults}. - -\item {} -\sphinxAtStartPar -The hardcoded default, \DUrole{xref,std,std-ref}{DEFCKTNAME}. - -\end{enumerate} - - -\chapter{replay cache} -\label{\detokenize{basic/rcache_def:replay-cache}}\label{\detokenize{basic/rcache_def:rcache-definition}}\label{\detokenize{basic/rcache_def::doc}} -\sphinxAtStartPar -A replay cache (or “rcacheâ€) keeps track of all authenticators -recently presented to a service. If a duplicate authentication -request is detected in the replay cache, an error message is sent to -the application program. - -\sphinxAtStartPar -The replay cache interface, like the credential cache and -{\hyperref[\detokenize{basic/keytab_def:keytab-definition}]{\sphinxcrossref{\DUrole{std,std-ref}{keytab}}}} interfaces, uses \sphinxtitleref{type:residual} strings to -indicate the type of replay cache and any associated cache naming -data to use. - - -\section{Background information} -\label{\detokenize{basic/rcache_def:background-information}} -\sphinxAtStartPar -Some Kerberos or GSSAPI services use a simple authentication mechanism -where a message is sent containing an authenticator, which establishes -the encryption key that the client will use for talking to the -service. But nothing about that prevents an eavesdropper from -recording the messages sent by the client, establishing a new -connection, and re\sphinxhyphen{}sending or “replaying†the same messages; the -replayed authenticator will establish the same encryption key for the -new session, and the following messages will be decrypted and -processed. The attacker may not know what the messages say, and can’t -generate new messages under the same encryption key, but in some -instances it may be harmful to the user (or helpful to the attacker) -to cause the server to see the same messages again a second time. For -example, if the legitimate client sends “delete first message in -mailboxâ€, a replay from an attacker may delete another, different -“first†message. (Protocol design to guard against such problems has -been discussed in \index{RFC@\spxentry{RFC}!RFC 4120\#section\sphinxhyphen{}10@\spxentry{RFC 4120\#section\sphinxhyphen{}10}}\sphinxhref{https://tools.ietf.org/html/rfc4120.html\#section-10}{\sphinxstylestrong{RFC 4120\#section\sphinxhyphen{}10}}.) - -\sphinxAtStartPar -Even if one protocol uses further protection to verify that the client -side of the connection actually knows the encryption keys (and thus is -presumably a legitimate user), if another service uses the same -service principal name, it may be possible to record an authenticator -used with the first protocol and “replay†it against the second. - -\sphinxAtStartPar -The replay cache mitigates these attacks somewhat, by keeping track of -authenticators that have been seen until their five\sphinxhyphen{}minute window -expires. Different authenticators generated by multiple connections -from the same legitimate client will generally have different -timestamps, and thus will not be considered the same. - -\sphinxAtStartPar -This mechanism isn’t perfect. If a message is sent to one application -server but a man\sphinxhyphen{}in\sphinxhyphen{}the\sphinxhyphen{}middle attacker can prevent it from actually -arriving at that server, the attacker could then use the authenticator -(once!) against a different service on the same host. This could be a -problem if the message from the client included something more than -authentication in the first message that could be useful to the -attacker (which is uncommon; in most protocols the server has to -indicate a successful authentication before the client sends -additional messages), or if the simple act of presenting the -authenticator triggers some interesting action in the service being -attacked. - - -\section{Replay cache types} -\label{\detokenize{basic/rcache_def:replay-cache-types}} -\sphinxAtStartPar -Unlike the credential cache and keytab interfaces, replay cache types -are in lowercase. The following types are defined: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -\sphinxstylestrong{none} disables the replay cache. The residual value is ignored. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{file2} (new in release 1.18) uses a hash\sphinxhyphen{}based format to store -replay records. The file may grow to accommodate hash collisions. -The residual value is the filename. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{dfl} is the default type if no environment variable or -configuration specifies a different type. It stores replay data in -a file2 replay cache with a filename based on the effective uid. -The residual value is ignored. - -\end{enumerate} - -\sphinxAtStartPar -For the dfl type, the location of the replay cache file is determined -as follows: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -The directory is taken from the \sphinxstylestrong{KRB5RCACHEDIR} environment -variable, or the \sphinxstylestrong{TMPDIR} environment variable, or a temporary -directory determined at configuration time such as \sphinxcode{\sphinxupquote{/var/tmp}}, in -descending order of preference. - -\item {} -\sphinxAtStartPar -The filename is \sphinxcode{\sphinxupquote{krb5\_EUID.rcache2}} where EUID is the effective -uid of the process. - -\item {} -\sphinxAtStartPar -The file is opened without following symbolic links, and ownership -of the file is verified to match the effective uid. - -\end{enumerate} - -\sphinxAtStartPar -On Windows, the directory for the dfl type is the local appdata -directory, unless overridden by the \sphinxstylestrong{KRB5RCACHEDIR} environment -variable. The filename on Windows is \sphinxcode{\sphinxupquote{krb5.rcache2}}, and the file -is opened normally. - - -\section{Default replay cache name} -\label{\detokenize{basic/rcache_def:default-replay-cache-name}} -\sphinxAtStartPar -The default replay cache name is determined by the following, in -descending order of priority: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -The \sphinxstylestrong{KRB5RCACHENAME} environment variable (new in release 1.18). - -\item {} -\sphinxAtStartPar -The \sphinxstylestrong{KRB5RCACHETYPE} environment variable. If this variable is -set, the residual value is empty. - -\item {} -\sphinxAtStartPar -The \sphinxstylestrong{default\_rcache\_name} profile variable in \DUrole{xref,std,std-ref}{libdefaults} -(new in release 1.18). - -\item {} -\sphinxAtStartPar -If none of the above are set, the default replay cache name is -\sphinxcode{\sphinxupquote{dfl:}}. - -\end{enumerate} - - -\chapter{stash file} -\label{\detokenize{basic/stash_file_def:stash-file}}\label{\detokenize{basic/stash_file_def:stash-definition}}\label{\detokenize{basic/stash_file_def::doc}} -\sphinxAtStartPar -The stash file is a local copy of the master key that resides in -encrypted form on the KDC’s local disk. The stash file is used to -authenticate the KDC to itself automatically before starting the -\DUrole{xref,std,std-ref}{kadmind(8)} and \DUrole{xref,std,std-ref}{krb5kdc(8)} daemons (e.g., as part of the -machine’s boot sequence). The stash file, like the keytab file (see -\DUrole{xref,std,std-ref}{keytab\_file}) is a potential point\sphinxhyphen{}of\sphinxhyphen{}entry for a break\sphinxhyphen{}in, and -if compromised, would allow unrestricted access to the Kerberos -database. If you choose to install a stash file, it should be -readable only by root, and should exist only on the KDC’s local disk. -The file should not be part of any backup of the machine, unless -access to the backup data is secured as tightly as access to the -master password itself. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If you choose not to install a stash file, the KDC will prompt you for the master key each time it starts up. -This means that the KDC will not be able to start automatically, such as after a system reboot. -\end{sphinxadmonition} - - -\chapter{Supported date and time formats} -\label{\detokenize{basic/date_format:supported-date-and-time-formats}}\label{\detokenize{basic/date_format:datetime}}\label{\detokenize{basic/date_format::doc}} - -\section{Time duration} -\label{\detokenize{basic/date_format:time-duration}}\label{\detokenize{basic/date_format:duration}} -\sphinxAtStartPar -This format is used to express a time duration in the Kerberos -configuration files and user commands. The allowed formats are: -\begin{quote} - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|T|} -\hline - -\sphinxAtStartPar -Format -& -\sphinxAtStartPar -Example -& -\sphinxAtStartPar -Value -\\ -\hline -\sphinxAtStartPar -h:m{[}:s{]} -& -\sphinxAtStartPar -36:00 -& -\sphinxAtStartPar -36 hours -\\ -\hline -\sphinxAtStartPar -NdNhNmNs -& -\sphinxAtStartPar -8h30s -& -\sphinxAtStartPar -8 hours 30 seconds -\\ -\hline -\sphinxAtStartPar -N (number of seconds) -& -\sphinxAtStartPar -3600 -& -\sphinxAtStartPar -1 hour -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} -\end{quote} - -\sphinxAtStartPar -Here \sphinxstyleemphasis{N} denotes a number, \sphinxstyleemphasis{d} \sphinxhyphen{} days, \sphinxstyleemphasis{h} \sphinxhyphen{} hours, \sphinxstyleemphasis{m} \sphinxhyphen{} minutes, -\sphinxstyleemphasis{s} \sphinxhyphen{} seconds. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The time interval should not exceed 2147483647 seconds. -\end{sphinxadmonition} - -\sphinxAtStartPar -Examples: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{Request} \PYG{n}{a} \PYG{n}{ticket} \PYG{n}{valid} \PYG{k}{for} \PYG{n}{one} \PYG{n}{hour}\PYG{p}{,} \PYG{n}{five} \PYG{n}{hours}\PYG{p}{,} \PYG{l+m+mi}{30} \PYG{n}{minutes} -\PYG{o+ow}{and} \PYG{l+m+mi}{10} \PYG{n}{days} \PYG{n}{respectively}\PYG{p}{:} - - \PYG{n}{kinit} \PYG{o}{\PYGZhy{}}\PYG{n}{l} \PYG{l+m+mi}{3600} - \PYG{n}{kinit} \PYG{o}{\PYGZhy{}}\PYG{n}{l} \PYG{l+m+mi}{5}\PYG{p}{:}\PYG{l+m+mi}{00} - \PYG{n}{kinit} \PYG{o}{\PYGZhy{}}\PYG{n}{l} \PYG{l+m+mi}{30}\PYG{n}{m} - \PYG{n}{kinit} \PYG{o}{\PYGZhy{}}\PYG{n}{l} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{10d 0h 0m 0s}\PYG{l+s+s2}{\PYGZdq{}} -\end{sphinxVerbatim} - - -\section{getdate time} -\label{\detokenize{basic/date_format:getdate-time}}\label{\detokenize{basic/date_format:getdate}} -\sphinxAtStartPar -Some of the kadmin and kdb5\_util commands take a date\sphinxhyphen{}time in a -human\sphinxhyphen{}readable format. Some of the acceptable date\sphinxhyphen{}time -strings are: -\begin{quote} - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|T|} -\hline -\sphinxstyletheadfamily &\sphinxstyletheadfamily -\sphinxAtStartPar -Format -&\sphinxstyletheadfamily -\sphinxAtStartPar -Example -\\ -\hline\sphinxmultirow{3}{4}{% -\begin{varwidth}[t]{\sphinxcolwidth{1}{3}} -\sphinxAtStartPar -Date -\par -\vskip-\baselineskip\vbox{\hbox{\strut}}\end{varwidth}% -}% -& -\sphinxAtStartPar -mm/dd/yy -& -\sphinxAtStartPar -07/27/12 -\\ -\cline{2-3}\sphinxtablestrut{4}& -\sphinxAtStartPar -month dd, yyyy -& -\sphinxAtStartPar -Jul 27, 2012 -\\ -\cline{2-3}\sphinxtablestrut{4}& -\sphinxAtStartPar -yyyy\sphinxhyphen{}mm\sphinxhyphen{}dd -& -\sphinxAtStartPar -2012\sphinxhyphen{}07\sphinxhyphen{}27 -\\ -\hline\sphinxmultirow{2}{11}{% -\begin{varwidth}[t]{\sphinxcolwidth{1}{3}} -\sphinxAtStartPar -Absolute -time -\par -\vskip-\baselineskip\vbox{\hbox{\strut}}\end{varwidth}% -}% -& -\sphinxAtStartPar -HH:mm{[}:ss{]}pp -& -\sphinxAtStartPar -08:30 PM -\\ -\cline{2-3}\sphinxtablestrut{11}& -\sphinxAtStartPar -hh:mm{[}:ss{]} -& -\sphinxAtStartPar -20:30 -\\ -\hline -\sphinxAtStartPar -Relative -time -& -\sphinxAtStartPar -N tt -& -\sphinxAtStartPar -30 sec -\\ -\hline\sphinxmultirow{2}{19}{% -\begin{varwidth}[t]{\sphinxcolwidth{1}{3}} -\sphinxAtStartPar -Time zone -\par -\vskip-\baselineskip\vbox{\hbox{\strut}}\end{varwidth}% -}% -& -\sphinxAtStartPar -Z -& -\sphinxAtStartPar -EST -\\ -\cline{2-3}\sphinxtablestrut{19}& -\sphinxAtStartPar -z -& -\sphinxAtStartPar -\sphinxhyphen{}0400 -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} -\end{quote} - -\sphinxAtStartPar -(See {\hyperref[\detokenize{basic/date_format:abbreviation}]{\sphinxcrossref{\DUrole{std,std-ref}{Abbreviations used in this document}}}}.) - -\sphinxAtStartPar -Examples: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{Create} \PYG{n}{a} \PYG{n}{principal} \PYG{n}{that} \PYG{n}{expires} \PYG{n}{on} \PYG{n}{the} \PYG{n}{date} \PYG{n}{indicated}\PYG{p}{:} - \PYG{n}{addprinc} \PYG{n}{test1} \PYG{o}{\PYGZhy{}}\PYG{n}{expire} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{3/27/12 10:00:07 EST}\PYG{l+s+s2}{\PYGZdq{}} - \PYG{n}{addprinc} \PYG{n}{test2} \PYG{o}{\PYGZhy{}}\PYG{n}{expire} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{January 23, 2015 10:05pm}\PYG{l+s+s2}{\PYGZdq{}} - \PYG{n}{addprinc} \PYG{n}{test3} \PYG{o}{\PYGZhy{}}\PYG{n}{expire} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{22:00 GMT}\PYG{l+s+s2}{\PYGZdq{}} -\PYG{n}{Add} \PYG{n}{a} \PYG{n}{principal} \PYG{n}{that} \PYG{n}{will} \PYG{n}{expire} \PYG{o+ow}{in} \PYG{l+m+mi}{30} \PYG{n}{minutes}\PYG{p}{:} - \PYG{n}{addprinc} \PYG{n}{test4} \PYG{o}{\PYGZhy{}}\PYG{n}{expire} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{30 minutes}\PYG{l+s+s2}{\PYGZdq{}} -\end{sphinxVerbatim} - - -\section{Absolute time} -\label{\detokenize{basic/date_format:absolute-time}}\label{\detokenize{basic/date_format:abstime}} -\sphinxAtStartPar -This rarely used date\sphinxhyphen{}time format can be noted in one of the -following ways: -\begin{quote} - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|T|} -\hline -\sphinxstyletheadfamily -\sphinxAtStartPar -Format -&\sphinxstyletheadfamily -\sphinxAtStartPar -Example -&\sphinxstyletheadfamily -\sphinxAtStartPar -Value -\\ -\hline -\sphinxAtStartPar -yyyymmddhhmmss -& -\sphinxAtStartPar -20141231235900 -&\sphinxmultirow{5}{6}{% -\begin{varwidth}[t]{\sphinxcolwidth{1}{3}} -\sphinxAtStartPar -One minute -before 2015 -\par -\vskip-\baselineskip\vbox{\hbox{\strut}}\end{varwidth}% -}% -\\ -\cline{1-2} -\sphinxAtStartPar -yyyy.mm.dd.hh.mm.ss -& -\sphinxAtStartPar -2014.12.31.23.59.00 -&\sphinxtablestrut{6}\\ -\cline{1-2} -\sphinxAtStartPar -yymmddhhmmss -& -\sphinxAtStartPar -141231235900 -&\sphinxtablestrut{6}\\ -\cline{1-2} -\sphinxAtStartPar -yy.mm.dd.hh.mm.ss -& -\sphinxAtStartPar -14.12.31.23.59.00 -&\sphinxtablestrut{6}\\ -\cline{1-2} -\sphinxAtStartPar -dd\sphinxhyphen{}month\sphinxhyphen{}yyyy:hh:mm:ss -& -\sphinxAtStartPar -31\sphinxhyphen{}Dec\sphinxhyphen{}2014:23:59:00 -&\sphinxtablestrut{6}\\ -\hline -\sphinxAtStartPar -hh:mm:ss -& -\sphinxAtStartPar -20:00:00 -&\sphinxmultirow{2}{17}{% -\begin{varwidth}[t]{\sphinxcolwidth{1}{3}} -\sphinxAtStartPar -8 o’clock in -the evening -\par -\vskip-\baselineskip\vbox{\hbox{\strut}}\end{varwidth}% -}% -\\ -\cline{1-2} -\sphinxAtStartPar -hhmmss -& -\sphinxAtStartPar -200000 -&\sphinxtablestrut{17}\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} -\end{quote} - -\sphinxAtStartPar -(See {\hyperref[\detokenize{basic/date_format:abbreviation}]{\sphinxcrossref{\DUrole{std,std-ref}{Abbreviations used in this document}}}}.) - -\sphinxAtStartPar -Example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{Set} \PYG{n}{the} \PYG{n}{default} \PYG{n}{expiration} \PYG{n}{date} \PYG{n}{to} \PYG{n}{July} \PYG{l+m+mi}{27}\PYG{p}{,} \PYG{l+m+mi}{2012} \PYG{n}{at} \PYG{l+m+mi}{20}\PYG{p}{:}\PYG{l+m+mi}{30} -\PYG{n}{default\PYGZus{}principal\PYGZus{}expiration} \PYG{o}{=} \PYG{l+m+mi}{20120727203000} -\end{sphinxVerbatim} - - -\subsection{Abbreviations used in this document} -\label{\detokenize{basic/date_format:abbreviations-used-in-this-document}}\label{\detokenize{basic/date_format:abbreviation}} -\begin{DUlineblock}{0em} -\item[] \sphinxstyleemphasis{month} : locale’s month name or its abbreviation; -\item[] \sphinxstyleemphasis{dd} : day of month (01\sphinxhyphen{}31); -\item[] \sphinxstyleemphasis{HH} : hours (00\sphinxhyphen{}12); -\item[] \sphinxstyleemphasis{hh} : hours (00\sphinxhyphen{}23); -\item[] \sphinxstyleemphasis{mm} : in time \sphinxhyphen{} minutes (00\sphinxhyphen{}59); in date \sphinxhyphen{} month (01\sphinxhyphen{}12); -\item[] \sphinxstyleemphasis{N} : number; -\item[] \sphinxstyleemphasis{pp} : AM or PM; -\item[] \sphinxstyleemphasis{ss} : seconds (00\sphinxhyphen{}60); -\item[] \sphinxstyleemphasis{tt} : time units (hours, minutes, min, seconds, sec); -\item[] \sphinxstyleemphasis{yyyy} : year; -\item[] \sphinxstyleemphasis{yy} : last two digits of the year; -\item[] \sphinxstyleemphasis{Z} : alphabetic time zone abbreviation; -\item[] \sphinxstyleemphasis{z} : numeric time zone; -\end{DUlineblock} - -\begin{sphinxadmonition}{note}{Note:}\begin{itemize} -\item {} -\sphinxAtStartPar -If the date specification contains spaces, you may need to -enclose it in double quotes; - -\item {} -\sphinxAtStartPar -All keywords are case\sphinxhyphen{}insensitive. - -\end{itemize} -\end{sphinxadmonition} - - - -\renewcommand{\indexname}{Index} -\printindex -\end{document} \ No newline at end of file diff --git a/krb5-1.21.3/doc/pdf/build.pdf b/krb5-1.21.3/doc/pdf/build.pdf deleted file mode 100644 index d3ae23d9e6894aff8f96f772b71f1915b935b9ae..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 203594 zcmb5Wb8w|W_bwXSww+9p9ox2T+s?#xGO?|Rtv$iSw(U%8b)}d9B&2%RBBdqx?G7^g>Qu10Pfv z(F{w>36&yft%1|INTn)^QA5MnnF;9eXGLGDeFX6#>dExJ%i-b_%v(lZf2?yr+q8Yy zQ}{5q+9-MN;D_SmRNvM^s^t~rS?=`M;ODP6E_7VFtacbzZ#jKD=2bLspL{EICqMft z`TgsnOA+q1VmEct%D73e=Pk}w&bxp^V)lrMGw0FosbJ#Q(i(J{zV0Km6d$Cj zb#a;L{${r=^q*3LS#IV+o2N-_jr(na_i8DFfSjqz`cn@-=KQKZG248(5y*2c*mC*d zONeimlXY>1wM@hNU81(7A%h|<4#!o`-b8KC5%g;yqCu&l*{U6!g?&bTf&i$>v zu6=rEVOh%$WKQ~T(|NNwx1IPMveSz#U-0fJOu-$(jj*&vG7u&ZXh>oLD0oH?&5tY4 zED8Hr;F-u2MkQ+6)J7>ZI?mCS2hT;<%f(WZmJLt@1 zPmwH+&=_3ivKiw{5Xn$_xf08PhLbAOc+Fl|Q}`Sg2e=&PoM-OirQWptdU@=PbS}za z_?_rDQF(M{#=UTMj8N4*E0^rkY?xZyT4Ldl-B;;g;-$mmtoWK&J=NSp?9Y+Pp5b2j zU41V2KStUSpq#U@0L3wHEF$xRmYXFXJDmPA1~UYE?Sb|b)nZi{i*4j@*#PS(2p$Mg zDsxy17T!eABAsi}t+10$pK&0axCFwKgp?tvd1NKHcK;}U^AX?jHDc>aR??W#dmnGu9lbi=h zwd4oKK726LDk>U|3V~y z`5)M1=i>P9v8gs5{}-FUV|pMo#Zm7LGzD{XA_;O-KT-kpAr2ST1tK(jA zWn<070JF~US>uU8j+eg0v8{ve;+HtRFWp!kDJ}}D zmvsBJBD(ERpHvkdGTOU}&VsQe{B71K=lnOV6mM5WY9y&k+HbdHXP2mcO)*U|lk2+c ztK*$~8U{GgH|4r^T}Kj&K(BrI8y8r8z#E@ZPt zx(CjuyPYAe8IdwejDcWz%nE_!dUX(wxXGD;PSrt{6K}nG)mQrwTs}jt12?SkDAb1c zzo(jm|w4P=Y$foNy6XRc>(Z)J^@8~mhMdLkN{>if7 zQ%2-5d~#HFayBmPc`R9jzZp9>&+kq2>Qgm+pkW^^znm9jNaZ}A8ZS9kH!4?{%+fbd>Hp?|N5P+j+YqUbJ8!IfBL|0zf^sLIw8PI?Ep z?!L&{#ft%wx?r%*H9x#WpLYpl=okY(_;MeN=P%x@TFCCO$^SYH#q9BEt4}sIAFD1; zm$!O=lP@=sAe%@sn@*i{@zYRD<*~EpjG4fp;7#3V*9QOF!(ByGe}in*CB7fer49di zrzc?zjefGadJXv|`?gsbf$eQ8v3u!kX{k3Rd>)p0>C!A+c!(E(g&r@Y147lS3HKZylwD zS%O&-E&@HI;wq44@U@A!%-B&Rdmw6>fEvz{klwpt$`(aMq}f~PNY+@EIlL5b=?n$D z=7KixvD=4DfOKMarwr#e?Utp!sqSWO-=Vh zKgMgKlB_Dn+%g_>|H4ta`3SFie7K(u7oNXrHnHUhZw&#WVdew=@Q!6Iwnx{UHLq+? z$I+PSzy!Qy#O6eeqfWur#%meuYwPn5>Ua3l(@?pAT?06*%hH`)gJ_Bk*`#n^+D0cP zaiYsotx#Xuw7-+6m!&kne_?FLM^x}hY?ppb(Y-~zy*d?Z{0Q^?rtW28whMS4X904| z1z=-*E~IZ2<G(xOaMKe_iBQhxoIlhrgQa6w26QeznBz>)wtYeQra33BD=79P zmPd)3ibcofEb3 zmrBvYfsz^pbForg=rgH{A2354Xe3>acz;_2HuM**gv6mfJZ}L>xfeDK1v!zs1%U(5 zZ|defdw-m8yPlN-wuvk~Jtqsh&i9=@QB8^8*4O9T&X2uLIBs$_mlG!U>v;n*gNY+9 zKjwyY7rvmwo?G!%U{1}Rrf>2i%CEAa!y=D2U;KQMp_*XL(Z>!Rww?Jdkow!?0@P*X z!OsfokbUd~bstL%l!A zet7<$TtgEhO;in+GsE-F>x0g`z`<3OO7&K|^+g7x58^8XOCZod)RjLB%m3AuPM7VW z$Y3(9G&Ao|5o*~!QLRmyhsi;^GoWq1B@eJB=Zc9&hbd!3-i~SqiI1EE?_dt>-6+C3 z=h6gEpRf+1?~4KR5ps%AZRCn;zax$dc)Fsek%wZ-4@Z6|K#Sfx~(h7ruu^Wu(|b|k>MQJsT=J{alT~& zIE3~X6r{}#j94Q8d;n=UFY*cqpJgNxhC`?!*@d4S1MmTxQlF3w2Tub(1W{za%QL*- zABBcneCU2wea>va1(+wzt9(^1!m0*@dC7iYzP9}CfvGU>2naq%`Y^5eyZl0VStS7S zGwqc=^US=*yE>-y6Yk7v)Nq{Z#rEE+vPaS|?VW$m_0$nk)itDpyQQTfTU9rPkNY9T zz~!`(@<<1p=b+lQugORu?m3w6kN|Uo8p^kQN1(DmS2z#KRwuDMh${YVgS@ABis&Wx zpbd^Ymr~+eI{NrVFis1>bmcj}CYopfwO^`jlp%^NpF3k=6#A!(sXoD5s_VsyBl)wB z0%iES>xrs?9~7VL?v=goU6u94jN_=ENpH;ocdDPkZO+&y6Cq%!=s+O-PDSH)QzFi8 zUF^cc02=X$@{R^vz%fNPX&RrcNt9z$Qu*sej!!P%e0H{_#e9f-*`GVJtZu2YKl&{4 zhE((S>MZg-e5#@(PmkFl=BGYER#xq zyO_Tc^*jP;rbR`vbvRX~h1Ormo@G*pa=zM~Wpa&TzS>?Vmgh^4qT~2Lr~fdj>+>%D zl5w9)fBROLgcESNvxy?ugBu?~ZZWDTz~Mm5y`2`B;PLlmE=3x65bFlm;Q2Z~L zBTd$Eof%>H>JwwDP{?z{M79wVSsZi}xgdhS9;?5$vc>}xkJsskXwQe-97~N!1jKu$ zPh!fS9tVMs?;9BoULN=_lu-d4cTR-5ZL~cXinEjQ?9I!?XH46zmDsGxdAJhGsFwhhzj zXS_fAcen40ezAyodfq%PAMhCtdBz^OHh%y-9Qf|*ZZ0sU2NIU&|4jC6IiqcE59j)3 zre(Ukb_;fTjngv3bAOM{BNqIXuP2wIVstUnac8~V>Ac<3dBP}tx!+aRk)XHjcU{_1 z#68V)vHii7kh`?a{$Qq%gNB_4>0-ezyEoR9r8P3(H5HkD!+q1(O=YmOz3bzHYly;h zhL2NsX5LL{aFpIFP1##JQ|nr9TOVVQxs3AW{fF)f!z-1u(MYg5SLTtNz82nP$X$4< zgK;G5EEu@oNrJ71ZPxED+^UCt;8F{}vZ#k%uj#$tuD;c4lG+Aga2N;VaXeV`Ca;^q z_jcbJsk)Oe$mP5}1tw`8$Juc)8FMo!yBKiQ?g0}uz58FH!neZgEHaGN=r86pg3~NXN~5y@ixX25xJ#gJs>@#ISy#)8)fTl z8xdC!S5eBd_9Hr?_c*VK=%afA|BjgO>M@s<&GjV1Zn7!z--N6!DuRCVg;xCPF_P#h zyoq|!wYX0osC?3#IH`*Yd*YnfnPyf@dVRq?qWdw_RN(dgMAn}pPRmbk(&L{t`#R>T z;7=S-7M1?t0Tdikz5W~tf0Aqk3c8HGk!$|#Cf~?8fr3r~$5;E~suuUA0b`~99cB_e zCgGlJ(~*9Dw>h}OwiX0E`=62leIE&S?O#dXp8l@>NYHcsB46J48bN##tk1i9@+tbe z9Nr>QQ`X`{UEa^O5SjgaFucgp6Tl+KY9Doq^ z^d8N*g~;ylBgWO1GMdH&q*0v^4*RFfGMNtPr+`BO=3RqUqqFKBXp`PY7hkCC*x@m|h~nzi1}oG~anmEn!oC#0nK77sHwx>5OM1l$zoeYzU!V5n7d|eb&dmH^mV;*yZ4|>C$ z+>4_mLn_Y~;XRuqDAx^(^Y4TH@_LG8R}{DF^8}=@%HN|! zBor64X2>emaWur9(Mn6+8+0zW#jBk9zou&~ZwIW|%5)|ck0hvQ7{MTuk<=`31w>;F zJ54E$<=30()$2u9e=TyaIHqk1HzeO7cw?n4Bvqe)EpFC7~GK*Tp5*@l-VKT!l>z19V7y$v?ALl zG`%t>QbD zGO-YgcoVF9i1!;31i}~J_h0|uUnax--t#_Vb&NC-drzXL>kX=sBZSmYQbPqu9H7=s_W< zpFk5R!~@I5O;QXZ!yroq^!9jNOC{$$TS)v{;p=pR_d?J1!K6Yq;h+4ext7aPyy;Ko zsu6`wei|C{@)d7=rdCZpHe;PJ?PY!%>Yy-7e)~21c78>+NFVMn6t?<8 zNcOIITnY{boy{GlrW8%(>sHMsWS^ca0Rc1lO2N*IA|we(WmmRcdcKEQ4p24$Ld=-R zIs0%ui+6}esexPnP(ABEjE9Ap{l7MzxCDSB*ng<fds)!R;`)TeK&3j-&Jm7s?EpaPo7O zN@k~U2@Yp4XFt_+83rPh1eNn2(lxE4HhXG5OIqY~T*D8qdh6Fv=+mcooV8MJ{fH#) zLJh{mhwl-RSGqxT@1&;wrJa8mCih>J{kPCcRhLaz=RoOx)4Zm^v<)vY&~W_o+dc=ivy3aSE{Fxr$A z#sEc~reQZgCGef!m`&dF)~>|{Z3w>rbG1&O#(!MH(H|M?#~d3LU^JdWj(d|?VNXqI zitGpGL5$~B9r@MfdW7BENx=A)E;`X1No-idF6?1Watn+V+(Op(_j>l9RralN%<*Vh z5W8RUPFUYUnE|rW6X19z^%27t`;YU6T_23=m-^v$8Vfv;?Je5bC-{~vw(st}9C?>; zi=@0(qUcx5Y3e~mf_{B`i-ccj_e)rk6z_5#;MkzMi(V|5AQ$Ch=~Z!<5Y;yiT9L*t1ppQkMREEPBz>qw7~ z;dZ?c;qWO)S3%E$0+ao~&qD9ZiN$OFvqkYkK{&Ub2q63Yu(RVE1_J`u#Bv+)V^>&J z9fL{N$1rEt1^?K*eAegKe9C5~Cm3AtVKxQ~w7vr3_l&mX77@SAp9)A?G|y*-6Hd&e z>Q5D_?I%iI=Q)m3b>a6eL)XP&=@0p>j(mQY??x4L98`(;=_`9Na zKBG;^Kf`Ryx*JKVb9}oP!kum5(bZletvnjiUI=*gnQYDsvh9#>^>)=eOD2ylV9LND z@h*ixsgoAacte=lwL!#i9H?zm7{-u+{&u=zv7Gl_4!hNQ(={-Vh~i+udPh;*#JMq-JB^M4=H$A|HFBPyU4KLF=EOta4-cA1;Y9`+l4X4x282I`57Adl< z-#w1bG==zs8N8umFO{9=yBr{5nval_OGMlZHm zq&UBBJc%Gl5lxW<<)6j7%wZkKKfz`CaWVdZd$xb%q%16K|26L85(OQ9GouW821MiA z!y)6MMrnl#Vbj`QtiQbc_Q+(2sWRA=gsSEeB(V{cDubP5r$2egx&98 zeh3d^I(}+lb6*i^!t-gnUr9=oexPV^OuJp%Jm9M=4^Uex@X0;O5ud|VBnyuYRRPx0 z#VS1gD%dy(-pzS)Ee1Kct@%YehDG2+Cj%=#j;q)#*%xIs9o==GvhAk@LKOn8!G|_f zfB#Ei{~$^LD;LXuOO%6}vabJ&D9<#nrKZG~g}}Zaq_IWsyP1^7uMzzvN;tArsS+6# z=N!X)eFmv0mi?v6!eU%By>tH+{d3ukQNqid>2|*_e)Q|3cqg*$CgpMZ6IxoR{|Uo#yc|SKhtux?%V2uT4i|yW z9xvC!Ztolaj`l|Zrfob_Qf(4ZVsj(hpDUSfpt7MPNu``msc+@Su1|307BPof^Gf0j za0jOB{5%|q0(Y1sQGwDt52uH7F{y8Rd$)UY+3=TnA$ZE?jN1%WH@m0qb(vt@XJIW7 z#2p|w9iVx|(G6h+SZmqPIbHU@99f#M95m_}*k$Q;Hdbn0%Vfu8>LNQGPQTS`=`%#_ zYTm~=IJl{{H9!2c<1gH(1x4)8-8%1TY^~^GdlIt!KoAh$Da*Z~t)LZg%0fW%f^t4* zLqUIvTs~$!F6M4J>C}IFKSxj^dm2vyt9H0P$??$8Kz*g7XJ%2lN_O7QTu~c2M*|Fb3{z0e4>-Qu7KBObxjvrU>+e<3^7A+lb= z&*p8`_xAB%x8vhWQtQ&@2^iVYsfruNU_@Z5DZ2AUv)NGNrVye+nGohUCrnTa zk(5f`kTR=GzRKH>vNOgosqAE{tra&e@itp=IHg)Qy5rh}8(Wg}G`KH{d*XzQGb?Pg z?srX`p+np#SZ~it(lPR3oHMTl2AsX^7{Ksk`wSVr90(xgg85=MXn$?x_mo5WP+vSI zf*mz+VlRi>!pvYAaZ9f>MxNEqhU^HQ(Mc`Ss+K=kT4xs`YI%uRgR{UEP#g>}KJ#X8NK-F&otI^hwB(kP0S!4!34wN!j{|Lc zs)2?3%}_%X;+rq8U86mfr|h=v11rHq{R5(asz7W+P z>U^>~hpZj?3#XDLSb}IUKEEEvH`-%qCg=+MCRw^9AlrbDND*`9s#I;F4OiM40{g*U z-Vp(0eU`!#33+}>0%LxB<3$>qr?y{ls37_p2gU;~C|q98s(YLm)RvEB>9Uf_Z!s?F zRDST*nl5gh!lL0C+1iD#5lWgbwi>92m!*RYA_FA{^6>|z z08FkkUJV3A5Qda|v`7lE>CO*9Nu&?u4klLFApweT!k(y!M2==9VEBi+G4DnxuEr&k zQrr7ZVR$Hl0HROt%I|Z@Ds@;&U{&SyrgzeBZPx2jU*)98nhF|-ST^+D;cq_+q7GXJ zKBE_!?VtD??IG&}tRRILRZ<9`WD91hwcC8S8YC+`lVym?1Eh!mxnK;G+FI{+*MxUD zzw;KHR%RER$TRLUljRQZp!^5a9p%PPgP4vNiP z20*U|hgn4#UKACFL9R@`drq3nY~8kj#5|vEdNQn|Ib8Z2kgtqZP$JAIU4Tad0RzN_2C-uRBzO{x<=3*@&U7bS*1#{f{c0-|57{~{aRJRnC9!kJa;A6pL1u$@ z6?@3Pxck6m*VbmxtR-d`lYFtuQ+X+8T&L6cO0Gszoom-d1Jdjcn#X9y5UvnyfTMt; zfWl?cXMQnGj#HY)U<1&Z8g&H7UsfU^3)%frt~O@`2NdaiKS$;$2Yoy$!=*K}hf$1U zF3=<%OY!jV(!2cfI8G-=V7`PU66;bR4ATX43l5`II-m74e5BUIwDYK5YvM8YeT9`r z@7wPK9cm9B0M)D|K?q&-g4B3Y{RMSFFz61=^@7An%n+=7BN4|Vc+6QKgch_e#I%A! z3&-^s6&}5mdb9rd`7H8!;aoU<1ZuFDP(*8HUz8|vRq{HiI>LcT440sI$J#n4c|+^{cEj^WplfBEj~)5RDly2HpG#!$AU%8?>1b^g=6HI=JE=S79Pq z6WK`~|7>YkgQ1u!*P_Ij80W5mAZlpm#P_je^5bJ=T>5B&^>gR^zGUdVMsXHY>UE>j zOAulOHwKr_zpeE97&~aHiI^<2eGSL;mzwV%+1|z240>3c5tU%hVTgz$wWNXhRkv3$(l$&gp!LWtp)E#Bo*m$ zTJYFi7iZu@4iji-(1P6+-zh9P;SpENi^pAmki*S*)#Dc2r2DWNjpyTBjfswubr*RYp371+pod6iloNDxvyQsAcl@ zfToBKvdv###7hspZn>ljm5UnQd|#Ri?w#I`;4$%PYJZ=Z&)B!i-Y@=#zDDd0H@JR? zW&SmE5;e?P=0{G?2`|R$WJ`kI$QALB^FF>w^nRG=T}ob6i6@1zGJmXi+XUy zzOT$%%fe@f0@tQlhO(ngA}&B;n6Q?>>oL?hoPnLvM;`L|j&i?qmg#riV0lcBYtU;qIm^+2oyn3rSR4 zE6Mcz>sg-12D)yiWtaGVZQlnHt5w};DW>%ftznPXpVc1;a0#%)sJ}tn(x+;i-+5$X zk^`0qLJ@uZ#>!Ew48mo2jvF#3^5YQYu*LhT>WvX{G6dl{7y^OPsT5C#Fbu3SZ1wk1 zpK3$O4vV{udkxXA$7cAPWI^1>qh?!nQbs&|eeQ`$%E(9-QkoURsPlnp=BgZZZ%Ia; ze|Ig7=}aO) zTPC_)CxcnL<`-n3dv_@x6=xzQYK;!0QT zgRpe+oj>36peM<`&R8JORV3|J>3D4=CpxNv0||Qs)fx`Y(dXmGDg4UMKE+L-?AB@; zT->u)7Ho{x2FRhG?(OT@B;c-mvgUU`6=^ZK+s>#~g57N zGUa94ZP^J>JRF?~P!QIN7w&y zI!zbbeBHYmsIt(>Ri?2~0cG9}ZA*t!85uLBC4q_%6^Yzz2&Mqna~qjC)~+H)^(y#x%8N ziIHuwNL>kpiq#Wdp?cy+=Q8LDpmDz_Ul4w7ufDmDOE5)$p&TnfeWWLjfpW_P-g`^{ z{i||PWZ4%*9?0%9M-2}EJdnn%A4W42q=v>+E8h`US6$Tp=}#x#8Vz7l%mhNG*J*!C zk3Kk~WhE<5k{hkk;MNNy*WrwAYsJ#U*bENIR7T7>^%e2H0^+@Ei6~jatAqQ2Gk03? z%Xru|#vP`^c|fN^FcmE+JV<7Lqt$B7BFpmC&tBaY(W;v9CLRMGnJ2vTQr^3dj0 zO&W$@RQDR;I5r=%05^t{*%7q})a%e^FT3{rG*9csyVcBdsD?fr$S)wf@Ran9PQI@& z3838dPQPJ`q$D}g;650MM(zu*$YAV!0tUap@zzpG{uP^W{o{=QC-Z*})c=dv1ZVZf zyu|gUVIiM*t%%4I>J~{N14f~d{xt|+Y)L~+H3Kb=)5Z2YKY#JKK_j$m$5>WzdHIzo zgMGR7nqk#(_Ts!|ZPlO!0asA#s!d^Wn1Pv3LzO+tMbjs6I);JC)3zU${NrLU9LjMi zzV41{SAJ2TuoM}%Q+>$RAV18p`LH~Bwm3d{+LMa7tequ)!q3_)@{PY*AfTlgVad=o z?axq>2Zj>#Bs|$O*4p9e$Jmb&B*S?qnQ!y3dVH8GI^g)!F~kx_cI&Zz+sYfOY1SR2 z&c|6o6$Q7S%U1b_+l}|#<1tMcdEK`kQGwqko%p!U&>^$=WhT;(2WiH$TkQYvUHm-C zN}Kz6z68b42(+_?rMS>}ZEK0~F&d1dxH>4rn|bzWv0V|)Gd7n9AydR#Ismdel5oRN zQ*r>FQ1@hgfY-E&#|FiA2rdO2RjT{kl*+@M2ONh1c3v4|Jgqibgv;)9%bMge@^a zJ4MVFLRuzTSzH4RGXow`27;|uNHo&#C9yY|H*!ov{`=Wa>F?<5&Ke72k#&t~AbqfJnvoc_ddvs=5IsKR2hl#3 z(tYI$9Fe}K0SD#W=~9W7TcpI(4wDggC<2Uc16Fl_@Z_PFT>*-=i%qHSgcDXMw9;mm zyhsLTqWtL2Lq82%Lh4n5TNff{ON_`v;*Dc@Gab(I`+!Sc}dx(hJZLvWqCCux$e$W5~3v96d-KpGVuh zP&u^}lvYG?CUUyh<}>xy6%#U*LULT$Z^BOw+k{E3@x|GDiaH0tbBTS~s-i&VY1R-A zgdO6Vo8{|Gb#>?PCdUd^jf0&D@Bm9K?oq^G>QsCvsPPL3!$rRCy2+KUu`X5ul^`KF zM(;wkZRf*SA*;6@o?&3QS(5W1j`Vm}6o`ktEkmuUjK3bSW8W{8?vg9$^PHd0#b%1u zPv2y>_2a7vwO&tJUt#qDOigg2BS|Vd6dvyC-yU=qa}b=#-uB;jU>n-5@G4k?Bzob+ zEKR(EaJlm=gc=BWfAYRa{~FC-oasyY)*mRc&_BbpPG7O0mmv=RQug7Bli^u7Oz`vU z$55=mH#@8!tg%f6(x2qXO8QztB?d-duwYUwRulXR1+H}P3%Bg{sd^>kIL7(GZ*(L5 zbHC?|&E4RGqULS%>m4?NL`3eVGR`8o1I;10nK5!IH^Akn^ez?7u1PY|?wMst(8s`i zVFlX(vFdKW8YbdX2YU--J|S702o!&_*d1JeHBKV4Uz*IZE{8+Qyy$i!9yLirrN?F1 zuKRSC_7@`=k(I`e(09IoOpt~&ccSoB$L__A^6bd9R9>rEJ2vNh;6Jroh+%~6s0(_+5cXp#Y;Du?At=j20VhIJGgyODq(bAW@u zA?VMQtz!i<^($)XVL`k%WcfmaoCmtQQSrhI!&N)Ybsi1wwM&I%L@8}+5y>)+mYMWi zV#0xt0>{Dw?KH?0F-!F>a&g(Sa7i=!dmkL)RP99GUhqn@oi2Dt2-nH3D?zPqq3w`y ziFYfmckPmseV0!F)S|Rhem4zN47T`i!h{r_EM0Q^pFa2g{K&5+Ox$;21Vzgr0;T&$ zLZuucZ1p8V6dYLyVnhFSpx4uMNTgMto`awNu49a3m#<1-m>VO}Y8m4<^t~W`&fDKd%t@Sm3<&huqO3 zk@O?IckN_&_g7yFIifJl)cSmd;rtnErzn=&`ruGqx`o_)Dv;`Y0DoQO^hcIq)lJJx zVg|w96UIR{zm4IqTE?OEJ7pya>q;~NV_GuYF=cCg(eI+T<1MT_8UCNn@Bg2ct9d(_ zlQ1co*r>YM!!aq4{4GfRU(V0P)s2J;!2SQ-7y@u`{^yn6f8iRn*B#a+Q2dTHCroce zT&}vpP)X7|5oZb{&Oz)61xGkc;giHQi_p3Zw^`+y(ZqF1D5;V6v6M7Z?MidMV~?~8srl~chbR5Y9KX88skfDh0>B2f`fjr?VJkDafweQ-W#3sO)(F-fem?| zz%Nl61f@e!dSHhF!G(`ulu`%UL84`7;Ebw4cAX#6UikY%kg*g4554U8-ZR0lpEW@bK%kdocH zpQ=Djmk;X)zuoii{=wkfgk2&nh`mz&E<)o4qVJF*<>0(T{wy7>uw-HI?Ls8661{{X z{SRngwmCTYE@l{K;zDt7?rNxP$lqaF06&mGLek9E=kmXECE!UY?>2k84@M+(OckHF zH@AP+E2e$9rj_xF)9Fd_!pX4-@g>Am$R^NiBeXjn6lZ5FuROgy&qp0o7i%qgHT3^8-YAQe(8m4~k+|Z+uilGBOg2dRJ8-A~JJW&O7awyn`@(Imx_=n6&t}Am z8as<)CVBDN!u@OKwi%i2S-m0ll`2nMZiP5_rUljiWISKFNj?p5rFl10Zm+M(&n&qq zzy?35dq4g_o!wd-UUkH`upGo=Iqj+ZLg&5~?zm?hRvh2!=V^{rW1-^kB*b(dfAnHY z@L9TAso~?uvxF@xX2>Jsgu!ah(oV(;?!Pio_xShz7=3J?><{OF^i%yWKEEnWeZ+?f z+@h)@4ELsZtF`ZZGZvDLeDT&ij#D9=-?q1g2?(vG1X|}bowe~k7wl3OC8Ux2cOQov zbXXUhzX%-bh=TeBl}bD(jkX@Kwba&<#H$<@7jfs~)D2``XnQ=4@ADe_o!y7lkdc0z zAAGhJoLjl6Q>>o3=wQy<7+i%2v5anE-?;#~XpSE6eLha~owN(qpK=MC>BwDM0<-m2cNtnK5Y~WoG26V7Kek* z%CodH-P|STCGAx-rzd5kYBAv`T{A1pTb3Nnlbw>8lLiXqlxn$4T}0<#Tldc%wW3Y1 zg=vb7`-9%<+h2e@e}zWP!}G?B#j@L`^QUwB$5*ulPJ~Oa?>SO;ddbR+Ex@FrByWRT z3-O=1!7H+BpN(H7G@;Ujj(y(AI{jU=9PC4O;-vWmVMtUDKw+>mAhMZDuFhdwkOrpv1jWO#eb# z@?Cu5JUyyAH_Bs~r_rInbQ5Hl!@L=#QeyULl(yVE?rY`2qCY*Gk$A1<6Pl~6Z|;A3 zJ^<%Gt~If+u>RMT)RQ{4f2&onJ_LG1wl$zwnx&#s7EA=~IFrwtt=4keHyP%@=-2PH zB8h5=a;JK>$J50|Z`oKq0!;$7$e5Ur4W9@MD6cPn_4@igOrF}jgsU(K!%}bPUhs{9 zi-pX@{Kg4`ebCUoD*lpBKU}W{8tNs}JofbH|B1N53VkUui0QO3_*2B26w{3Q3P~P} zs{h{k`gm&L{;-Z2E&z_~iwgQg8XY{cj-g2$fC&7S5^yFwEq%^UQ}r9(8=GO13 zGpKL-VPo`Q5^{l&~(h7%kt`8)UecX(bV81QXOG733)|a+382bmOu) zeOMeOj(6SLl*f_&JzkIm|wwr3|D;W0lH67Nf z>E`)tiLrBDn5!`6jY&(A5^KH^$z@|i8Br!+!aJfWH_%zpSrAg0u~Wa}Bde#`(YL%_ zt7+8u<0KfQNe$G=m7=sx@TK4t*fT6dDkU(8z_ODb#py_b+p#e03#|XyHa2YNb#Ps^ zHup)=MSr})80Vo^^;DHjC=G4=-oFVGi5`rT+#q>XxL1H2(MUij8flyozBEHb%I$oK z>XRd^Z}#NNN~_Nb$47Xf+pado86GFDlN z$?(Yu-w76=tszq~L_IrPOhSewKbUp>uBTJfkk~KNC|oqlL^@0Gkd*GH=A+~8Ea?uo zgz{LLN9A-I&|idnh(8VP%wu`ZIR(2D)(DC!?%c80aBmn<9KS%Qtr0ej%z1lr69)hC zlm>`omt@CTWdWYmG&@9sh+!cw1^6ica8O86EDyh~~IW$0x- zzJeKz_>*n)xyOrrgcYsutFSm)n8!iKb{n)bxe>%Ur^ghBTCw6yoK`p51?4|b?|SMt zoS_pxaS0?1GrF_s+J07WS0;aUu2F_cBhuvBU{5IxoP;&Y;uvH67+7S?y5j|=G<(@s z*jFC0*d8H)(nMRfaktiRj@M4!niKy7u{)R1BqD{2j3fKlj{SS&prjk%wKBzR97+8= z{rw(FHZ(0f9n@b0m3-HWz>0gi>s0OyTv~ou{*&`MHBU+4a7HzH)&S^ z270o`K<(GSBPwH{@XspjKy=dc5UM|{`z@&oQ*eu=m)Wl5GxDsiD;f^L5qV3-@C$KqGJdCYN&0_jQVMtF?Tu53?$q=<>v8?6 zW^QR*3nj)3Lq#mA${M=!@Or5rsPjHHcR^@G?Ix91Q zcq}fXu&2^#&dnC)hPNdlBKD-Yfp>W7hhS=@m(GJ-6)C(a-nu>b^qRD08Z&9Sg#j9M zJ%Xe*IJpaBKaj$h2C1PRJzC88XrVe+6c6cr9&{Vw2*WyOzaQc|p4iwY!CWFU*c6il z9t9kT%gKfdvvVt8=rbgG!n~>q1HJdkOLQErrLfPRjyAQyKJ7HWCaTnE?Gy$MG2x)< zHY+QhbzgQHqnCh3O%K8x1=!CrY3Vnf9EEw%igUTt>cEQdF530`m zW3U)!o6jO|w|}UM8I)_+8-Q*Us@U&kFfo9kjE<<06$1+(_JJu(UXil13yrY03oWYM zfb;!DemNNnroHp&WBGV{JKUAc*+y*9ttdu7S;84mnhWoiuwcq(6bNo;o8wSq#u8~A zs98MMfegQSvP7NZkgZ|`79J>>a^GF<(Jt}GFbgihSu22q&v(ycUkgj|O9j4!T|-~?=oLtVM|VSr0%0KC+8 zet}MQ-m+5G+yR}Dxns>R%GDek-!FTfe5otWnneu`8{xAl(#LFS5YEOe4>7uj^O~~b z*o4E{1le}t) zjG_6Z$=&q?6cN+*^BVhyAqE4)$II$h)ZVk8@5lj`Fb;2e!yr2{`jz5=x940aG?1=)y=GXfX_G6M5mMID;`*1c&L!ceQB95)wMUU$sSxt4NMd5e$K(4Ky+OKVbU)-eH6Z3DEZoaCQGs zBn^%=r&H;hv`-WhMk{BS5_58e5wPnf9y?W9@?6(XDamegbT~QOUYBxk>sq#-|5a4> z)H&x}{wJgCu{69%%*NxRi|LAqh?@sija4?eR(DJkAQGOD-~!*2O& zW9oh<*CzSjahE=hRi9S&4U*_n9H0%qqbB=}um|gNC<+~{iiF4`rbZTSvrCQ(&s+5z zUa_Jo z9wi&&plLuMtqDi;bKMfAK7XdJEvG-FM$i6#7(1s}QGjjBZriqXwr$(CZQHhO+qP}n zINP?>C+WPTlXsK8f3-g9ch$n2qY%RyS48&W$K#g28Ilbqn1L%qvSX@hVtm*yR$ck9 z7QiiUop-b_`6qx`av!`7iOI8ZEnzYa8}EvHd-%lOSe~!i=9Bk7G7W=83?dg&hVR&9 zQ9*Yb?|DQMB2N^UTmByHPa+5zK;!XcBKY5C>8+9Y0$V2A}WM2_NYj@c5$`R8$UIDp3 z`DnQL=&CTAkaZ=-Hx_3#tbth8>?~cY6rH7g{#mE(+@2BJG^D%Bg6MHpwF*+mM;oBL zusGPLg|)Oj z?+}-wZ>4;-v2{vlEgDGjFJ9imf6UaB@O7_X@w@?KyN3i3%@j6it717JLM+Mp1#p#c z~3S~!s2;@AMV|q!6nTmBNa)_1Sf_$o=~!G!uP8`D?gh;OLXJH5nc&nJf5R{0`WfbkK9+4bM6Im*n zas!6!GjG(`4M}`=fg!4p*?>~q=Fq$aXg2I|@MEc z(Nlu;{Xo7@&_e__jT;7w2foP(VxK>|yLw(90)ji611zj#=AyJMDlQxL@Zp<F08O@2xzI)bf^KBXTtIh2vzz#2mbJ}z)seq4jv1DuZxG>%Om;XJc*X3c^jCA4%tYY1<= zYirTx(sWyT^ZD68x#>EE&NusH{3ihY%n*|WMF zT@wLnWvf%X5nZm={zpc?8=2e@_a$;CYM*Xo-X-Xh3dybYP9`=m7DjG#U9{v}i0y{f zK{_qE#*kGescXeqVUkn+FQC#$L9#Jv&P*sq%irXVL=?$ZYfIYbh>{Kxl+97?_4An! zd}yZwelyyp`DyL-!CJFvfUM5JlX9my`i0{AlP;|!NQaI-gBl_v>d-Hql}!Q{9KgJg zXa?Z2Q)xsqX-a&K)D`t^B4g)~vQ=99d|f{CW*9++)O1(&qo+yIgVGMSb9byicz2uG z6s39(enF?xNGy9DSUoFY6L`=Gx==rw7Cmn zcDEBxh~I~iuN`5JC+>gt>3bpv9$?LSG&KUws7f=tIxTw2wEvzv2MmW}(pA@2u(4hy z*%3<6S|XU#jm9Iezy4|H-fLLKT6DMD$S4CCG%p?w)IIb(B-AWHNF_`TiBj!qaZP?y zUfo=Tq3Z4U=1d#5rSU0;ouhKI%ILGXNb2xmbmWv(Zsxqjt+=BC=3uvyqTSU5!F6z# z;HzFVb5m166EfLtKs>?*55iOLA^~y_HM?aFyE`uX-55Ol?C~Tz3EA#(?5ARyz!qY<)7gUjYSUrFd>q zTIVF&M#S+RkChXx&57B;7zT`W0(77sS%4}D%A1yPs@zVuA2+fu#aYt++S-$`|MM{# z*#m+`o7b}rg-T6X_Q}`ag~LQU7VuojDv$Bt+_{eU1+ebeu}yoDSYfTvv+)?vPzE24 zCn#O#hz9hrlH)eI0VtM9qpgV7Eo;?=1r} zQPW+yy0{L9do;WBi7}wY+{mUGD|y_k%U-R?cfS}Lf#CmCgZ>A3EfWjNf2|R%(X?^e zZbkg5)pKC_j$ewFKpcjiI6n%ao~l49aiwXQiO#yeyRk}}tp=B3rc zk91U0hCda^E}qJ>yQ#Qa@}N%Z)HpA-)k`=FqIKD|{1_Na5Bd69`^2BCy`B5<8r7dR zA3&3Uxe!Sgo-pkB=e4kEUibeR1C7ouiJ~iAu_aW7`kflt+2ETc;?n!&Gp666h(;aL zjikXUXGiiqQyW)Lm%uzka&SirL6kFh;XWc{YWg}HqUHr-j7;TQvk|k>TkF!%Ntt`P zoWFogx%lqTb`{ZSX(HC`PI0WqULXnwjV81x6}T&(`YtD?rp0m&Z=#o3ur2-mEag3Q zeD7F4Lkmq?SbSnDsV)7z?EH`$9vLcFIPmD_(A(uhYkf{Dq^?j73?CS_*%OlqQPq;@ zaoL=1M8udQX^M-OGXQXr{DBEotS;?7V>xH_UKrW@dTXRUfCH zMPgfv657&Ee&(dBxHi{dWR11W8r+Q%r?G1-{@$>j8=z^S!Q#>Z#*V+9@~%<1B-&3L zU?r)C9UT+T3mdO2cicWP*I-9LO99TaYY6~c)scbCyPo_zV66dzhi)>~#j1gNYCzOs z^)hKRA9I>7qt6XXms)I4+4!fI`DV?oUBUC4Xx$jAaXRSqBki&(4X|ucUScn7JArg^ z7IVtKtC6|)8&u)&f=ULInU2-+nb+=NRsz4}daD{SI!*+fm5;f#vz*nl?m%uOL4R*~ zKcT*pY_Db6X=}MFfw9HA8gc_LAV35Fh!=2(-yz!+SUL-z@xn-6mI|kNkY;-En6?hi zLxRQYl8WZZ1VVd#&M%WDRI+PC-tmNSG4m(x8v#T~3nZx{HpX8nden-llA{?&9W-n2 zxdMC8v?>6di2b%l>q%gA)WF`fi_*E+^{;52%;iJ=m_o}AomnW za!J-4d-`lg7DUnRPVY#C`}7dXByt&}0#p)tG+20uJN>DQWU$6Xjmzf^)S8!vS6HsS z9~^WSbIBze8@?=uI+W%5@PPX$k6}Gb#f)T(O9MTmqUgyZ#t(gz{RBK{m#5KHZk=RR zQ3$izg?^gWx{9pZ?s5HRL}VIUiVLaux5ntGJ@&udFf1lRlsh3NjM$m05&{~rI`}^% z7e&PtISoaa8`-O&jO?#xIxY*_D*w5hU9EVa61l={BYWL;Y%~wdwzSn`1cjc42ymXT zccM92hYSw9E57T`&*Ig~h*DFcT-Gy;um%Wq0C`gK-El)cE{0d4OEmE*SFQ|Hv4ZTw z!pLbi2Sbu{ur!SKcX1ZIKJH(NSMNWaV*vEPx{E0z7l+kJ|NP)}=$b7~v2e|dk52E; z#ccp3chEiAM>*;+-T;2hVc)$AHc|qT5Kw~h2UyIT_F=do>ecnIlsi5GD=v@1JO&ps zbGR^EG2wm@#6O^kkiS4Nzlq9+k5Mv;NC*Q*7_z+20I!YRux0XVawJYs+@gYs!4g+S z`tqvRI6IL`@};}c9xWLQAYQl)0i~_FeCM{J833cCZv_&g~I}}ckt+%S_^3~RK(<^*)8!+0dB#%iTo~YfN*DIQ* zl48q#6oCFXDEkT%P)&mmlv)PSWTIYyiNa7UogCjJGZFRuiJZ`x)+%uHVhjv2y6n$c50+1U2Jx~El91084Ae6GCB!?7k7p={qD(o2j zS;{Z3u%I4f!3R}sec^k30mY+Ryrl0g=+R4Jc;7 zZ+&eEb5gLGP24(1=hRg7db_u)`(yv=WAC)E%H;#N?2(!&FgUfCmSpHB*y&@0x|jGD zOLfy*hUe6PdMph2ldZm{_eJF8s8SJ{ET6EXEc?CPcy-OagksuSRQasF-EGxe@oS zbw)ODKYR(BtE7U;3i%7H2D%_{&T}4@%SSX%8nFtiMsG&A<1m$jc2CeXJ9(OXkw)hG4v7o$L*UFv~#(`O_Cl8F1gYHWf*OUV%%$1 zI)xX?P%Sc0RLjQfZG{3u98>nT*H?@p7~#{9BKq(uE>v*f&4F4u(y&0%)R0hlQypTZ z!)AAE(7!C!qX3J&_UVA(5k*#Jo|z|a;-u!Uxf99QWuh|#k6PMmnN_K@AQvpqkWkAlKz zFXdW4Vm#D0K`Xt0iZgPfV0z_U8sNtNc2l3LqqT(p>Ose^`A=tG=itJ7S!-d6t604Q zH&dIabBlFdW^~ZcuYy|>C#H)^ITCMdCu2c5RnnmbSyDMPkfaPPz2HHM?RbC5OE%{E zkJSgCM>Yc{74{ykKs)=>1RW-x`RG!Yx1SK`w&fi?XZwI1F#aGTG;+x(7ndebSP=-$ zHz}CVKFrGrQZP^dQb`hSB_TQ)NJn^7Sk@$N^YiFglKZ21VIo z#8PSL>S{vbv64w$s5zEaqGq1>49@|joy)vA_dv9MHBQd%*?E(Jg3MkdTvyNO@`)_> zD_ykb_@Sq8-ILL-p1wO@z)5=#GEA0)%%DWIqS%%4CNftFP0qC9owM{6l5IF{_?SG% zfd6^`mQ=$ueI^t#ZLkh^0~62m1%G!VE>1&GA&*(HQ5iiU7mHY_Umm$Bv5XO?sIe(5 z)4*~4-a0nPYp_vjFNX zsKX_M$IQaGZN34VNe7hl@U&c?NRNFWqsIi>xD4>zA| z{TU}07B@^>F?-KP=K1cm?$7t{nd|2XaI6Xf1hOG9 zwade*y1W#r3b`KkVs+e*8aZ zO8K_@@1%k`&T=ZF27~WvF%C~>?oTOW%i1UC>|xXRx^IR-1M3#72Y~zuW(CAU<$kmQ zqU3zuh=fsK>`jEaLdjv_8=a5G`+{q}*M>K7gJE|oID258lq33Ju9=j$#N1Im_kCFk z#6v$G`vyIs+R!JkwPwx^Xb;YnRxrl%$8wNjgs0&yBLGSjvC}?C<^8)QShXKJpI*_h z~W2Vl8xcHN&8_Xx1YgXbx@ zBR3n#z6<2i%B8_9@-~dvJqG*C$HCPehVGZ)A~Oyk=%@J0yDpT0)wGJHTO zKseu7eSkbas;J80>lo|E#gF_E*6+2yeI^EGw*T5kuW4g<$cprnt9JnJRt{5*(R)#Hh8sUK zMYLnxl-ACVzEw!RC0Si%-I2I$W8ePk%S7^QIdN~Q^^|0hNEF62$IT=ZA&W=u{BUyg ze0B6B87?6%80VF=F*JONtOq6>YRIT1%gb5kCebO)8mE-@8Sr@HX^Lf6rp@8N8~0f4 zZqj-4mpL|a{mUSjiKvusrkAH9JLk)DP@jv_z|=#+`$7)wGAWL4VFKx+FGrqeQ2#+< zPE)QJz2AU8+E zibDeM6D+rBLeiR|Onao%Ea5oc;`r!(5N^QX0fMXI(f9;q%RS*sJVaaAB++KNIjo`> zjyIa=%5l;I_q0#?K%)LYc^O)}8&B(_t%Cm({khS^6zs%xKnIZy5Q7>f2j+AWJbK!* z#2EANp1c+x36RwplbBF_5T|=MWBENfnQDnrtsKVMM2j0%T^Qm(yI@%qoq)&o;WJr* zT+?ppZN(onJ)b1MC52jb9<7$%|9WEx+)SQ^-5GFRAa*K*L>hmDyr3S>*}=ob_Xju9 zwkzr@*4RD8j zv!vu){pg-?H(4S%^PB=oX?Bt}2&iCFV2P&1YpguSE6^SGB}P^rAAQYDFAoa`LJkQ& zyB#=quked`&qfwd?)`l4_w)Pvc;|WKS5`r)%DrD(T4K;b-o_cx9l_b=Ae5B-5;Gkz3)aRZF;gwb@xxxTlHP=vnpTPg9=Nta`*6 zM^Q?NJD7H2@bcc+>ehyU{kw3aBzE7hoC&iZni@gjUG9j=I8AN-!XWC`A^`w4KPv8z-=!ZWr1C!M{;xU^Ox%uLQdl zwKAH#T>gybheWrGQ4ifsShj(u`YFE;>fO zsKwfQLa8Erxnr&!w=@hnwoyhw#i?pgkiu&gq=1C|CKLD_wf=R^2FzXHI~%(^|NY*o z0Ecs%Tc5kNrGpy*7R5wCuU6?iIs0X9Px3JC}y4AZVVKKBLf?RB&tKLZ$p z$ygUjNOIu-x+l=uD)U>4Y~B*fTAZE1o3>XG`S8lOfy6xCux(<_$y1G}2)L4;(RcUV zoWayG0db*STPU<&8a|On#oSPh&fMYdt^BINft;%0+-lUr`;9!=Bz;$>xJ^GdM{6-r z$fQnW6d~ok7V%cZ?;J58zF&DEjmx608|U!Au-~jt>gu3X{j$9;CKkr5+Yt~8dSaKa zyf)8tX>?RSaX^DYMJyZ>#Glt7AP0=(@(WcDu{_2sALnQP6+$xPp+F552S4e<5FcImtHarWGMG*5JZ~pFh6TQn`NK{!F7Myz6-?MIN2b+ zBgiM$%=!aX1$II|fYLgj$Kwr4iyCSl9RNiM17TM<&;2Jleb6BI z=gDy!-X+qDJ|J<}s&&yGNigtMH56q(f81yt`~2>=U8otQv`Sl~#KK2%aalTVOQaG7 za_fGz=+J%{aISBA%vE0uI{Jig`LYwz?$=4@~C6`QH!yj9Cu$Ov{w>54bqB z4g__2-K$CS+|dwG-fN}W%lZW?cBb;uI|pC0~8YcNW(yTUFbk((hwS! zFx$G#TiVPP@YQDwca&RUF^!!J0VC{lE|&?<6>b=fFF0X~e6@ir3S8p+n%YV$X0Qh4 zyRM0SRTBeUyHBF6{oyekJeCY$mo2|=XH;QB+Af7{mnets@fWGoxxlHO z32Ej(BUX=r#G17;sG97dgeTAR!A@Ze#l^kR+hg(!K!vlPkRXV#V*s4`)g4x6gqN6a6rjnZy%@ZNM}MSUjas#i^Xo5$ zAR_g>`aA$1HRwB++Qb$XXINbtVOd-NmorCiHhbL|ilM)!%A>EMb#!9;`Fv==`}&TY zMC27^)V(+gm51~X-7SW!jrBb`%UWv zlJo0#&kv}!-2hv=`{HA>+oXq+$nzot3kRzu5f4<)2oV_{zWKNNlE4adqB;{4lIm_C zV=?Pj1%VylhMUv^tW)*97T(ht|5aw9$^6o@Y20CtewHiV{pq%(`X{SX?@-$9%J#CRBhqfM5wyVF8LpIr0OYrvsV`3@;;iB|lKnmHp>9|$sl`3f6m|#jO#{vKYwN}SCGKBcd(PL(uui~=W z*&!Y@neiVQ0XY)LLLLNgv+}3(b9QlqP17FQbZcBlQ4o4#H`v?enveoWhj=X$e$0- zosDc<9@NK3%1N&!9pKyx`3#v8N~cPsx;^P^=a{$x&n{w|56N{^=Mt#aW~mXdi-_C z{%QG7y~%%qqOr34*RJ9gO$nzhcC>#m#4}b!m2d=rf#dj~q*k6AX)?^Mj7&=MltK~l zlk})eDe~F6yjK8w77~t(SqTCN?(SYB)^>Y z(7m5DdHprg>C^V9vM4BB?u>3MlHz1xL3$L#xH4J?kNlFuU}QOm_s216Tik=rDR`BR z8r4|!(GFDs#M8#sMPCovVe#9WK?6K_iaKlU%y<3w4y;6}FPV>LiO0#CJC&tHbgj%_E>0Q)R zJalT>)O`h+f4$Qt(8o^(3w%LzsrB=x>oBX`9CK{(5{l70u73B^xX(-kn4HPtv!1r9 zxNUHvz$i>6b7orG0WZS}(2&6|8~G1ywkD;SEo?>gmZ+Jc{3h&u3B6*V3F0-3ws26f4NNqV<<~PjM+FogyH!o9wHc4`Ha?+&bUw2Zt;ycX|~J011MJ zz|EI$!3qumW@!}+Kt8`=U}ZBQ1M1TUfSoS$1M69smy2Lw6~#D%!FspgW8p#i_@ZDf z=&PX)`yb_SxIn?W^rC{ofxyo%N|)IG#k;0pu0JgpC=;F!GB>YmFK45QrH$t*hr_0) zFcP-s40dr&dPP?&yM-GNavuivoi3%4{R^uR z%B$ACsn=}gzyn8z^6c~azJI{)!+l_<6-Rl(do@iI4C&gg=0?8QKd>#AKd7L##@qJ{ z?pR1VJS|g10_*uLWRqwlrL#5&2`Gz`1f_XxoB#dm1t)y^lGQ|`sa0+e2!R$en;(`i z2k0%&FjwHGw;H1|C%@guoBaL#%>wjwl3%HCw##UjpIevXl5x8TbBIq?rua*V`E0M- zX+XqS#SFG7$hT1g$U=p0$Vl&Dw15(&Oz#uR007O55nbT?NUa4xRG2}7GthHKJ%5l(05nso&%4R4a zi*3))cOQ4@o1cudM_-V6Ak0`sECqHnt;13!*g3h8RO0Hr4q1+4mn?qAPZ8t@26nJX0qJa{{1D1is^l$Zk3C1rpSmu4{~ri*?qH?NxA&A-RR z4_rNiALoOD5+aeiZoK%7lI*d6(!6Z?3;OQ;Cc)bJOUYBw>+lquHT-x>4czm+P_oA? z7RtrpfHeqXv%8mJZow1f*5@Dd{zz^jQgTR*Vt;F;*|enQG}+T7T`WT6?vB7yy33lG zH1USg&jh7L&LF0aQ;XvA7%HbkB%xU(jcR=8h#d$G3JAk|5la4})jeu>s*P}t@VFxK zGTcfRl@5AlkAp-h&ZhOjat!yEFo>&YKjbQEFnl`oFed8kbhLos;YLUPRX^om9z zn{T*wHCn<^4#bEP3=%e?l#lflh{EzY8awC1I>!{CI^fV{6+KuHO&|`y(0PGWxiSQw z05`tPCkgw+cZ2;NAFS9iW?r{C6)yC+^B1&g=*ZizcDpclig)!_Q& z-Mu{I<)FH1bX{|sKm`V2tqs4@qfd2;!+*5$*;bNu$9U8$r`zm|oh>z8&MvqNGnA`W z36|MaF4Li`$nzdbk_RRChZN+8@PSXcl1)eKsoVSizw1O%r= z=2sb&A5bGnXeEa=G^EkIl98#3c~O7gI-Xk`=+AW*^EJ#a&ZGY3?AeXoa{ZZm`Iuj& zer}5oE4ppmu|k)zwj~9^4!Z>XgQ3*pWv$ry{3J+UdCG=Be<0Zj;VSN39Lqn@?Z=r` z>qBaQSTyfkHBt0=ZFXpOgDX1TgvM{*47&j}57-x;esx_-~L2 z_yJ$^Bk*X2tBES{^e}loDMX<+Iu>LzhdCjY5D?9$O`*6^(OEsT?2l`Up+n(FIJjYi z?K}24Ih(Wr3MD)xVj5euxFE}5Padzm+z;WuBm()7ldTQ!ap0T9bM|>XdV)lQq2iCl zW!5#aK%*~Vj`zO~i4u12%3bqc9YTXly$=UZGh0j0)@(Fl!Snkvn`)fHH9dG0e12U{ zE<*Qo$d@X;oFjfeCAnkX5MOee=%li+108*b<1$l<__pI@X}*V{)HjZNCy-A8bwezp z{9cMFYK#_Lx;Eyv7rmgHDK0s?CJrB_#E&ll6+mLK<{6IL-%SWhTKdK^5LYIdB=-OqC7e87$<2vPB@~44ff84vB zS08YHzxe~)2ZYaYs|GKa7Uy9|&=GyMO@7-af6ZU1?|QR)Tnkt_l2c0Yk(e$kPN7*cPm2}HtRxg0vS!on4$bk34})VvUtv4Pl-LFv7o3?2(s!Q;ppiqDC6J+;-1i)%V76A{>Mz8)>*&5lS>z*@`vHg z{BW+wxyIb7N`J|iAu%NPWDSGo;?aOD%F!T*M3@QzSm==-X3k&|yd>`aEG%3d7_Jq9 zuiWkn4{**+rlP1yP8iZhH0}p)Bw{io{?Bpg_8ZN52 zzL1uC#%?R*)=S+bEiXYh)(5Ldp2iwtu~2cHn2a923|}aFf=_) z7*Z}8`$c~D8v8m=`zj~izG!$jwLo~k9&-h%uNfv&XcWO=ibz7XS1s0#%O+X9kT@Qv zZ||JvAAVBjlD?c|RYmQkiEmrP78y^z>a_1>WYrSbize0~wt+R99(3{}gY!J5IO`o&$V)sSIm7&lqRP2`5(VX#CokfO)~!Lo z1huK9HS0CibP|#3=d|EfG{iug1dMs->wPC!90#y3?gL1xS2h6ERiO|gIATkTkth5- z$v4*Gzi_52PkDz$@1Z;0kUymR(Vtw}?e1hd^RX)zplO|vtOWUwC@^Tz_nK&n*p z6q7leB{ttF7pJEOL*`5m_bOmv=wI*$g!x_uqk-GC=qLzE#Y5_yQ4c9=^oI(pkKLmh zPu9fr9}e*cdeq}^iz8$N_46iooE>yBK|yxCSaOkwKr`e*Ap(f)3eZ`ZmV>d)WJHfJ z1A8kYiFe~5#Epi3IAmeYHBW7|{fIKL0A5aEp{z-4_4iYn<|wYTNR4AQGTX_OUg>Kq za6gDpGWUv$+;qbC0?6=}5e6>6i)-=CXCL8tq^xUi^{#3asYL?6wr*nLBp;n}qK35K zKNi+&Ar+Ss5T+#05p)A3DLn}#HAzVd0h%hd8{peKqg)1fmm3jrJo8idGRhvg?ec9^ z%dUclup$mbJ4=GeP00dbsimI4lG(|@kFj8Jp-}YCUnLg@hJ!ltQj@brCdf0JQ=)+M zzQ2HDEt~eCn>rfZr<*O9j=qu`m8y^JM7h~Hj7qlU&hQVG6`~XWt>Lgd!bp@<*^{$bGqA`W?5MzngQKkPKb zM~d&A?DT%Ud7hbKYty5xo5QYOb{aQ4g~G<8_qbbhKfzRkbLy_AOQ?nUi!E5q^JH|E zV!RtbQCW=533+t>5q()X4B@@EGEVU%S^}xDxjn>Cx9Oc0gZf4MKt%<$y4D7~B76|V zPEU#zYt0g86qsR&2lzTlFUd@VmpHo*4Wsu5c8v5NR`i&#vQ-VG$3|q1*{UEo-@%X# z|B@|G^rI$%<%qAavAsZ5DSL?}bamT0*^aCa7M!)%)@1U86KGGNKZMEu!NLrPHTW9^ zQTm#0UIeSyYg1lOX74&|7GciYU8tELULqmir1hvOEJ##VUW(N{grvU$|p> z7B;|pgg=%NfL&)d%QYZ?qBS+4b_UO-wH}F8&Ju=W^Y{f~Lc-Q{1l|6-8?&9g_l}!# zf9{47_Gr?(zKxOKv;lG67B7z5E7{|wTFlG~6*6BKP;N`VmZSQ5BIj%>Padc*vurBE zga>u9^tKdEL%m!JyqG3=P7U-YG0gJ64K)iU&S}FsJwy^!5aJ6xVkebA1c4(EtGvRb zv`gB)G6AZTU2@%UBXdUoh+y}1@_=NKKS-JI|ruN zjk%U*TOAdK0Hc!CKf=!9?6W=q%jrQtJ_ICEYW^Xd-v0A@#R(Nbt?DS8QPp3Djv!}? zY~C-tF*ShdOKMQ2iI(&JNfveTtF9U8?vVZw{k4P#c+U#`5PgbX*jHVBDLb6cq>QIt zX;;kh4@Nkdo{)Y-opvM|{5*HgY=0~d9E}okb$59KDt{SYz9Cj|Tricr(ppzjXsKa! z^*5+4M{&yV!dGKRCRUM!FZVb>^m6`Kcc;y4%x>59GLi04qanCr$c_P6|J!!0Lb@p8w za#V39gZ?eGUvIx}nnEul?H&2=mP@7!J2c)a@^89)%r0boWT?6npo8VRzYuRfusS{o zqT(~0PP+NYA^`{4hIdBY17>zdUl1Xw7u#DaKoVM{3 z{EC5i`_z(mz=!h(9^(8=K+=h5+9s;xPwh2OTSsijuA#T;w-)|A(NNV-K*{bMx?4Oh z6=oC+5li;8r4?OYd^|O+c4;L}2ib!>XaSz8YO+tJ-onbfOT-he*8*nbQ55JDkx-Z) z3)?jgS;N0O9;EYLV87-1-FE#l5Ej&&RzGc>zjZ|X6suCY2A`GK^Sl?l9gA!Uh z1V`x&`<^?~V6T5AOePj778xoC2j;@@VC)=o|B>)=CUC-(a^Iyxubk`W&4$ZT7irxbDPvoB83b zq*7&En{yC0t(Kb;rAEil>boi;h96KK--Rx=Cq#f^SEGzz)E#Vs$7TT+SdZ_olo{$9 zwx zFQde(3%c3LR=(A)FIm+ncht_q7UL;N^rb~vM#6SGdbK>Z~_al6DIvwi>YK0RCu-1}VL zDBo-jvfv_3A&P5v0{VBJIn%rK;g7L&lsnuI-eE#>7WkEs4_sfIyz#Xe^;+Qj-W{ud z_xZg3ht*xH#n0RpUu4@GYWY6GT}_^UW6qd##e|uBTU+0@wjTEw;^CObaCd*b6G*|3 zSe&oR-H6gWtjBrN5X((tzp|{Aq(Nh?84_3OH+s_SID5{s2EwagPv_fll^R{0ZjYbp zL3-_S)1XM_hludcX}-P^ik2Zo_Gw1s1G5P2)v2W%ldCfG$svl#mc9@Kjp9j^eb-fm z$^!wSZ}%XJ#l4ZrgOmL_)LM`k4tJd-7$f(ugi51NEN|^A4_T1hPpj|Cqn{ijp>z(- zc$t96$YA@ezn*QhtHbYenNJHzP87C7M@k37&Wdsxv2K0l+!)b8Gqpj%VL3?y0|6e6Q za#(6^rCsZP$V*972pGgRGeQ;0<^_q$PNtt%nel67rjwPb>RP-rqB_wZeLq(I^n{9V z^XiZt9*uOc`^18@I(wMzPDd#FSGJ@Jhn->@T{Tx!mJp`5-f^ZpD?5V`{N6yN>KdJl zkHmmUtdpt`mA00ZbdTLwmU^wN$O8kf~+~sin+O zjiZ#6HfS>d5(6Fy1hnWpr*OTkw^IZb;rY&*n>CDcJ2?I?!m}NC{}T|u{D!2SOvIJI zbVj(K=n8qD^H5JzNvtr$1Hza9>=;6L{>IbVTn0mR)`5C!f2Dv$=D!Isly!}UJZ!8m zmHJCFdSZnMrAF~?%tWvh)H%K*pgS%LN)CGFUF)$9Q3PlV!`CH@COna?ify#biOFIM zzYl<85bY!Za1}7m1Gb2QLV(CGh4AcPN)Kw@(ThBl2GVW%%wU$!A}~)Y(^NQFHOsV$ zY+h%SO%#@TmbYB1tCO@xw%xZ;s3$5mV~fQpTBCzh`O~`^_j%9uSt>f6*Oy_wMr9P2 zqcaask<062)>Pof<&#UFgVkrUmw}A9EwpLnv=>bq9rz5l>+sF5Ybp4abRAv21N^)> zdfGELwL6rLiF|M_!nByM3_4oW9w_`)7U(LPoRD40Y%fzj_`~n{@P*+y)H8@(3&>NY zt?(V7S;?kj7Zr^XmDTI%%@p^~qlXwVj%I!yu27oR=1Q~q4;eVGEK8=#d6IwHj?%Nj z;BH+O;11|kO@~15+Lko_hDXw{i|xOhRdlR1-@A z+fBP1s)tM;O0j~-I=X+GFQ->ARd{P?UIUsS2B)R9GmjD6@(Nf|AM$`AaB*W+POGqi z9NmDgAEp4{r#S>R!<5Gu=|Q=H3KkjoM>K3g;!HQaw(O)>vhLI@_QnGDVxK8kiDdUA zt~g+!PRA=d1v_`l{5OZ_YUfA>!d1#{$f@O>!%k{x0p7U?RinEaz>Q>aU6-|;ZWIUS z;gPEO7pQd(>cSM1|Jkl%_1V|j#A!Kpgx8E*5}#-bAQb^vv;Y2Qi`+Jl;~Uo-XN-GJ z@1uT-LfF)Ur)ga)^KdoJ>Ix>C7*6k;0=sd0XQX)lF@P1dJIW6RdTUdqxhlS4I90d6eOQkEj?37}=TG{|8UW zNWjR*!ov1H;lH%|KSu&aW(L;(n{faC;L7O^6Z!0&MleZ;8(Dt*}3RY0o0sR$F` zqmhY~ovV`-2w-Gu3i!w*#{`hKbA<>&02(`6fHBa*$l45GXZFX1nu@rx3P4g>K}}JG zmI?8YobB!H z9RDjTQ597+Nd|zJu)L}`0I1FYkW^DqWdO*lLWF-bzez#90HkeAK}NsL<-}EmRkakw zS($%V1HcM!fy4y;X8J$Up@Jj>_?r#H)XdS&=1%|sjRhEN&&$m0>gvj5?(76+vU4$f9DKo3-~u(>whr;I01nWNB?(n%w`bIPR#$c)QS0b9*hzS@~Vuo(xT$> zD&l`g+ByDp0CqP2ZTtVp@IMM?VdV6OvaF(_EWpMHWDA)&BU=*)Kd=$l*$F`YM+SL- zrsV%BIS?S~?CAJAHM##*IsQAl|89ne9V8uHYfo<@*Z(=TMz+pQ9{=d}e>TztGVUNJ zu+zUh0{^Sh)({b-vmo35*UtT3|J$Rmm@F@Vi-QHg26Gw#8 zfglY6+c~;3|L=WoWozeZ>-m2u%s{rLze@}-b+%_#vjsUg1Et0OYdJ)O^jBsM1Or$A zKnKV!HnCv-9q`W{_$_ArEryiB+tc389$;on4#4v-F@(u~tNv^HX#SjJw2))W)Xvu09Wt?INX+tf zV91=%{QvzN`X8(%oUN_pAr5H%S9kvBLL(cHwfp~C`af1_0Dq@W^MBZboFqVQKvP8! z*u>&rUHX??8f*mFU&6NL)<8&y|A^FnpE%Z#jQ~05LBB5w03$2g|I|Td+{DTj=;Q?8 zuxyW5ve7 z0q|sn>=IL;+n>1uFf-ZOfgvUUduOos@2(>Ko()b80JHFK(Z3KUfLY`(;sP*>{zcpX zX0gAB2f!@;Z^Xp{q4^iF0+=QLA~pcC)L+C7V3z)iAkk(1B1k;BzX%df{x5>WQ}{RH zhQw3+iy-lo{vt>`<-Z6LPvtLq4`5dPiy+a}{vt?pjejE^2r~MMAY6?9A_y0gf1~#h zpC*vgyul+FGwfKWCAx%|W8x7yCx@gD||CFcKt z5DFImfRMaE|A3HGto{KZxmf=LLXxrh3t1u5ZU07wnA$?-^&fgjE_Q!&hZx)ahZ;iF z{;wL6sy)yVWcQC^utKOi`~yO$|06M02z95w;eR8b3-BL=Aj_RVZvQZVg!o%Y4hTE2 zg(L7EwS(jXcD4J50VE~oe?UkzT>b$e3Az4-kd4dyk6>&N_wN6IkYqjnCJXW80oj~? z1pm306@Oojf6jcCznlBNeh2-*Dqu%DE1(9*6!L5GA4}wnz>Xj{9Tv!e%?go2{{H)$ z-hTw3{Cn5@!&*ed&drmNgPj$?$PSqSR(1}a-wopM{tsJ|e_h~zE(^#h^xydR-3b5! z-GC-Y3$u16d_k7U-$IIg#J`M}z*6!s9hKn;YJQA`Sx6giC3+*4vq290kni8c4?|4v}xoc=R<@hEJ>`{<5dcHgBAYj>7f z*uUNw$Os6x^OuBgxCDnI$GOlLde$E-O;hUjy(8hNO~3O0Qv)zK;6oSnP)xXt-d<>zt!m*W|l z(rJMdiPsf5&I2xl&@&D*a69m;mWNU$m04x*(W+AOb50s#_Ox2m>Wls>MQZ0?N<0-6 zs^W6cWy+E$G&T^YNeyWc4yDBpeVunrE6SalO$l?+29dZ|i$Q z3)_d4zPVB`^lc4&pci!W5N#rU4$GK-o`NFkxHrHr1GS=~s-Ww5>?(Or&^A3pcLPSA z-1Wt0X-WvX;eQec^fT=Jdg7d1S53koT^bF=vP77aF6>Ty2GRaV<8o(vWDiBwZ#1bt+jG__;dm7;ga2w1ySmoq-;3Z%p45xMe+?u1GH1_O}@-n5xE8YL5dZLEzw+)lp^reQpAqw}jW ztZpdrBY{R&k&f?u+_6e!%eXm$odsc4l!SEVDIDf0j3pdZ%NXgf0#dhl zacR=%gbUrK>-q{Bd~pWT5iwG6nkN~1d%WQyl`&!w@4~=Q`WnMZ_2ld%;oULD zn?poRBDu}C0Hh@NIfdREl$Uw-R$G?V`wfP*tEB_&jjrT@*Ie)@BXzc^}U>`BsRhKC7 z$zUHJ4Odcec@X$r-Hu|gM7J@;mumNd1{%ZW1zsj$g`UlOx@k&}2elgM*q1A_-GcI4 zR8d0giCg>Kbbh2Tcy`9{^&_%kkraxv!1O)aE5WZ|%LF8dyMFNUjFSJzU>4AUe!YK>|0}ZtE#WnV#E@5X zyC~(6R;IINz^+mu5?bk^R+*8(V+MwjCn^~VW<(1ZDRh;6b)w%=Lxvz5XKneyvvmBy zJOAoUWA^Ji;aJ%ROarS>kgMz9B#^1ZTgQq6#tu2EVoA!Jw}x?`&GJPt>~j;3L(+Pe$uMs4`q}29 z4b>NW;kjj*s|=|A6#UInndUJ2nj7!gY?j9L3aVz=j)-`J@T!5Mv3cuNh2)%>UwRnR zB*0UVBc%oZoQPbNZ8tWpq`}3D;#;JrAE@+ zd1yfM3#rHh+|sL7tH%*mK-0+=dtZEP?EvC)Rd;k?DXrX-p z@v3qRqk<#T^zF3!897A?!WAi<7lP@-Ep%V$fN_D|opF5yRn4845-~Y(xy)RLAe1x2 zNv@VjAgSdN&j+S}g|op^m*z>zE1*T1mrid8m84$ri|uTMD&57A$s*~0d3dP zE7gl<*-?_njrDM#ygG5?o&s9S^93DiZdG@Kz`-0Bp4E}$E!v9ACzkay+X4E3YuNWe zp2gDUb3go8*Qt49pa!thD-pt#x|UBJD1vrbQWFGR7y+d{jE`gT_!y58&;Y8m;r#d`7_06(fyH6hjm%e?`hj?C2ull)J<@{g4l zq_#$dZ0pr|9fof;t{SQxyu@u6lKPrfvamT@*uCX5xu*mrHgB@&2O0g}_AS<&$oBXW ziCbxm6?B=W>7zG)8$9*)iLwt-sNFI!kLGGfL*;Gl?D?tI5~;whKr9&TK}?Qbh*ms& zRvTqgf@yo#30m^vSV|H%@_2@ie%+o%^g~{(VJ0CkHWJq>-yxk|%&&e=2(;PKPM^?a z7BkdYjZNWEKl1wV9rP?K3;~%Hmkl!&iCy4_V;l+zZqO#8K2K7^ZN~fj#TWYwe2hg{ zl(=^|W?5`4xxnwQF5N%(r82DQRJ+gn#jW9LohOUw>?;{o|KF-Ei zKXk9?WvyG&WR?3U`D@fP?<_MTjaw-`pSzC38^P=po?1~>sxx)p_tJbTnbE2fV7V^# zRM5c+xDF>&c)pa!pW6+4LvlPGCCZT8Fy>jA!afqBj`R+gqplyjmx;~69<@yEBm4@k z^0Lfi)0!rVYo`pBotQkQVspe6F2TA~F=rQLrW{nXR;1EF1-E>$JbIgqc`1t%T9jj4 zwL1kb!v8CnZd_UWUO_+q#l(e|Re;^(6P*5;Ivn9`9&bKwS(u~7l+RH=u1leEeEN8X zqv~N7`7oCKMK1i6aJY!on!*vK^QR&5yvT4RsqGIDKfD&XUFQ~0pX`k_58BZRj_hTw z)VshP1GtI;)wXO)nf~aG62E?Ox!wyIjomGD7SU4nZz$lLR=^x7_fiC&NA!KjdpPi{ zFQY(-adsVOT#*MUzR#(goAud!uK^ItuXkv4^5sz77()0$8{%ajEF5^Qy%nH7#f7N? zsvnyK-uFZ&`Iy0*`$bxhK*4`cY`G0|zr=1c>>Hx2_(Ydg_5lOxgYT+ck(Vx2ht+`X zmlXl1`(4nq|3%ci#VEZzf=-9?cSn)3Mf%VY^Dc|#s0NKjou+lJ1vwwBEt~|-`i2S*pAH6;tOoEVJ0lk)v=D#dLpk;UV;yW5e^Gn@SzO6W~0T&ocRJ0(etIw^#-9yxLM2Ck8c>k)QOP0p4_Zk|3-T zR}8M(86rQ{`eucEn3ZSbIQL||PMyvrIrCcF9yQwnH$QePVr{Adg-t1A2J6M_GD51Q zGmqpE>btT@*c?<{W113T(eu8u{R8$$YVu@@SBRGtVVED(Uq4M_6Ep>n>+4C=G^BxoXjf4m~Fhp(~xb1IfKHL}Gm1Ln$X-?Bp$eNJ%x0 zw8lDa96&2QzdXcwv3GQUH91^f5?nEschoqHZlg(^M9R{ zae7@W`BUxBdh*7}bOB3PgquN5EWK438+UvDyo1z{jP4c#g_9w=&ormB9Na!^7-NL* zyeV0~H$6AaJps(UdoEJ;$Z38wF|1XWOtb83G|;lYGiJkmFkL{D0vC3 z449{k{uLA&^(?AhYQW4rhhC_XyocpGHSIk-c3vO1sz`8fCjGH_plbXj`?{@KBJGR8 zlqzofr)7kpQZhrBQweMP1B+DV$*xzzIG;&|IC#gsB*tA3Zi6ib?LwB;qo9`K?enf`bhy!;sRISO=>&`WV z5g|%*p&=lOOh*rxiRV;QLlayZ*?{?Xs6h$XiSzQqR{#b!x=xlho*Zcz5`ezMRZi>s^SIt60cD zC0VZRnd6&rzd7L6YMN5vTd|&G6d@mVm{_8u-q0O`aoA{Bmsg*_HWBXL^tnqvJFb;O z%>o)R4VjK;S?$A?qK*J)OS}wjW`nNgpETZ%WWTib^wgSp=?_s01yZ;=dpz6I<|~GW zQ!c5B73J!0L~A&j+uZ)TetjXvw9Z73&c0<0bj47xp4hh10(+3I?p8QI3>(VXaKSsP z?FD~xO{mlC_8MJKj*ss{fr6EvUrv2yzsXSrodn^@dlwz!YUC!p85KBjy-O4fyt6GkDmbk zm$iB|1&xgaDqN3W1=sP#-gQ}JW9EUqGEda0t?T>0hP;PrnWJn$i1UoM#D7Ze@u@B8 zZ_GMr+PE9*Yh7K)=k7#wx%-7zFVk8Tz!8P2H5YV3tJdI(A&)_vKjnSiJ0IZeqdW0;w_g3fVO}EL75z{z#nK znbBkmPh<&lkrV4k%D+4@VML{k+VMqJR^Pvq6CF+({@Dib8yCtl2)5ARIIGI{biNko zQOjief~&bh_-z(8wEKn78k2?%s*yJ+t4?Ud#gV-W>UzVoR$mM6)!|E`--X*|JCjzj zm11qFbs$cS2>?6MwLa2GmsG5GJ`1b<*+c(Hw7GCPayYcQ<>(OE1l8^^7@6hHW={+` z(i-WbA`GwA#W&8?34dkngG}ko+uW@9i*Lu4?FP+Wk7Pjasbjqb+AmMMHsulg%Ag@F3;MUrX$$AUDI$p z9@SU5BdVI2M`?&)dF>*V@rNiOO$N?u@fff+VJ#NVzIE2r^d_dJyh`qQcN85Jh@?)t zg>6>hVN+7O2fB8pJGeKVyAwUfip3rkG`cKoGt7LbE`^YG@J*!$ZHI3#Cjz-59Omoc zYWBnC7pXX-0%p{8=pZzUvg=qLK}+7%6n=vJ#CPY3a@0=NSw>5~=p%59@@!3$Z)?3$ zh2NDd)>n_yMYSI^coL>Bjgg^_xbTT5xS#zR*ta=@&Z5W@TOyTzJA+_Y?vatf|FA%I zHWXgkw%rhBhf?F@q%6zta!Z#EXUwk6*ffCF&~A=FM5>5>I67yAL5|+}qX0Z(##IMz zo`RJVj#L#fiz#i;;RkP2Pz=`c0LHes(tFXUf|sCQ5w(-S=yhZy4pzv>-*9{tmP^sW zuz54B+f}S@GQ>Z1AYbq)@O$T10?e$wV)%0p*`QE5l}359}h)!QBXu$(C=wi zL&r_hGw`D{Bg*$?(t9@-bU~ioup84pKjvsnge)5psB%Bz*J4I17B4m!Et0?T^e$6A zUg|zqt%1eHEwDme6T9LD=6my*m7&<}q0nwB(&z=nqmkZSbbBug*h1BDFs9uaPc{B#+ zbdp{SKE>0n>6M=c(Ynx%{nKDR+gM84r@+`V5}b<_^R{`QrqkEBWK6({|ELxEHNG|W znu-jU?h1dwPX`J2xL&0IOBLU?bc1luM6V_4(tJN=ZZ-tY>cYl=?Epk#WEfR65`9sZ(ekYp{hQ^)e3Z_)ZrfC>eCA4jg8QgTeZy?;b zFPe7)(#cj%+#TXkLr+}$=`a-CiP=rX_{H2Bj=$@GGEy{UYzIFq9}?NXhjxa}a3LEm zGQ&&DEBCZ`M2%E_v+R4HWrIkNo=X$t|tlOR%FJ11INF1twwomfRO1@63WrQ?&se2eke#^P;KpK?1 z5;~{U*vL~TQGaFu2e*_&x^0E>-~n}hMt!cXI0=s!2~PJsX1Gfj*6+S_xhvw2$w4tK zAY6fhSv*qrp%kJrk%b+@if1XN;e7_LJot2y6Bi4(*NRna1V6?`a;G}SpCc6fs8!nU zD;8L<8Rj_4J$6(J^XB6YBynR>vS!x^62q-NQ|l#AENwc$vA4kTX+a~qcl8&*wL5&t zy2{8(wl+{_X6>VaerxLO;x{DzCVl=(HOI5PV!_Y&*LgZvrHP?yfg&T~T zd!M$VTU3&xh0s~uZ~}Iez0ur0M<(69A^DM*p6fy*Hhu@H<3r~pU0hZjC5&|N06AR| zm!6)*Rn(xQx#_kw_j537^rKB~0heg>kA7%_XLoYjSl8Ufb1*4`u$t`ml(I<@E;{t+ zmJ}Q8^$KAGjlATu(r^m-$u1DWQB_1#FrhJZLoU4dE=us8`?EoH{A0wRD?Rl#ZWNA4 zcUh(#yqct0F`8||E86-T@-j}^TPk!ZQb4=J8V9zXn3786)ZNhPmCLNA;-kL0nqz{@ z9kJo(lt%%Je3i@ZX>p93edg7R?8zdF4dUm-EjDBT1?zwO8nS<7l<|HMIROMG8fSo(x#PpiV)y@4Td4 z!M6T3O5`Fu?U~`>9y`%oRDf?TMrB@3V0xSFI?UsK$G)*~>Zd98rP z)N&LwIL|W{$2z@|K<}=!N_v_KbRkKT?xof@tHw?!mWX62^}hzQxn4BhF1h0LOMDTjwq`%TD^5+=KLK^A zzJI~y>Eh{0!qNAhS6EcQJUPH%I3KN1VZ^9A7AR4 zYvbWByQ^$GA`RYHfu@vqUSJma5Wcsi0zKv_N$P0x-xYV)(h|G(Z(xEm!HEm&-;7xhtASxipaq~Hid@f!* z@q20pFY6+O>!Z%K@#mkGYcWo>(b3(|gA_gZSFQp4&={g=9UO0`3PpzO?Mv2s1XCh@ z4Q@KUXFh)}oPS5&Rub(ZY2d3*=wxQNP^wSA)lyX1Gm0%`FNN`-2}@a-Qj#NGilZ2k z^r3bI^JevC+AFEYktP)mec%p;>?Uo)AH(# zy4oCW95rf>G50dc8-}Q#0eU`u!pn;k#1GMy-;-OHiw&Um-UNJBM(0*M?y!y6W-@AO zoezTol9QDkHYr@0eT<~d@i-f3PE@$MpYi4#rks*Hl;|l(C2Q|4&c%VP3Kft~SQJN+ zsU#8Wz{3BjsheHyY3;EOgZhZQug%TVTK{1P%g2pI%wH)YsAm3j6MN5R2Y9(FLS6rb zrVU}9)V4bRR7#rAtol|yyXLsPt}&S7-Bpx4NmKOU;k><1QiSXlQFszji!aLne3RB4 zHM;lBtB>$}3*GGf7$v1YsYlbP#8UVO^=Bme#L?RIJ$mnHb#e;rZeIMPQgAFmgs@1& zPa`g2ZnqKpXrWJTSm8LjI&_(GDU~QXZ~bnhpNzTkSjD99jmAga3(!Ag4SW6Ie-Jdg zW0z$tG$YGcAZ_2hJ@c(^wgzKuc|r{Y01_TazCy)m4=H_A_gc-q^?vAW@R`u;I7MK5 ze;n;Ey^zbUm1yrHJ&5ku)SJNk`phN?mTkQBXCS#XWjB@RQ{mR#)gtdRm|{TQfNc73 zRIut-X=c!V2-!CU+2OSq2TR8nC4q0kmvnC4YKOY2{ztG%P~lL`)kFfQ_lDEwPd}`9 zxV_p`djXfSP_$G6Fpk(2%PbjaV?^v&N?0ND-BVst0j`)dea^8#RAsVK2i9S3;P36Ey ze@(8EUlr$>rmfJD^$g3Tw7YdA_-f~1pqV0Yv7_;p z!>45$TW}t+H3(u!qyc^iz`QD~23}DUY3f~G;`xUrr+EQ>4ncdyJuJcgY{l86yycQ1 z?J%!NmafYJe@$qwK)Ku#)?eNFG!B)bnIPR)_2N|E$l}StgoDLC`gxkON3;3l7h#HW zil}#lMtQ2P(oRc@H-p$D%RT;aueXp_qX6Zrs>#7UyIJD~h5PXug59j;B&~`e-Yn15 z48g}?6#mmimu(*;!}a5=Cz(7K))vySGWBm7nSDM{&w{7Lwh=A5Pc%bsMq{vBgO66a z*et%9_vE&Yo<()mtUAj$@Y?JLP_w9TYG_`;zTY7RLcMD9%a5QZ98Fdx?vK&BfuhEv z=eViqGc4$Ln+V6P(df=bbM@TwO5_1bAooZlO!~aJG~q^Nxpi2#Q>H~G4)rqepQyo( zUwcnDnMdz8?8>!5$+cUrppPfI2_>=TGQ95{UYwY)zW8;nE30N+o_oVZb@KE>sx$m1 z`4Hc6EC6nL7C8m?X``&DZg6Yc>cKA=@uQ$!HD%IbkWt=XbUS|9f~)sFZ6KJxP%+Y}+kJKr;DNJuT>Kety)$8X9dmJ6YHgeB>L16dm%ocKXy;u7 z7s-5+p#yh(`qiSclQvOd2qnaP%wk6ZOf;<(>h9?dg{bpPeo-wXrip@%;SfBCL?|AV0!kx zJutGsFX7$?^|c^-G*051dT9Y44rp#U^T0A5cf)9O8&$cuBYJespb;j4Sy;mb!I;$1 zPbhn}?V9@zXRf+y!K(}fCMhT`!9qnXI8!kfii;?RH*wzD3&Vo?W;OyRHLs^{EgVzT zHjl$ci&7HE&L!@S==gKSVK%j0zBGFp(gHsVUx%(*Ce^d7r7{b~9y}<$W`NzDro;`& zf!1`670!wpKiV>;*RmTJIFg*{*BEWwI8J~pye zHh0p!`VmAaF}L7`Vx~{~T>Y^6Er{=64a0{t*t@VdIrfn{MHQN7iql)hMetaz5ytT|RGjko8;W!#FSD&5(6_jV-!z;SZV(T+>H+R*GYb<#J_nl`Wc9FRv?Ol#fu z4fgX8ZRUvW8li%k^po^ASXM1&bJ`V%;bgTIZV%mI^v?*<_h3IqE_wfw8qd0{L`VTK zRf>5x3MJ3uy5Nm`X>&hpIs3RodNW*MqN4iy#dDJtkHo~gg8pK3HuCkPR%TZrPW)?{ zgN|;|2XzT!v|ZoHb%evuW@240tgj?pYEN??9m_|Jl6IbMnQh{}oWJ$SecmHMzK)y1 zwLrPRf~qB4m)PcHSI(QRtkgNQqaTQwE$r>VsBF2_+Ebe(!m;yAc+){UI;2D&5b9Nh zJ%&x}mQIiVO^(aA=)}eY(?~7))$7^pL}L$Ial=#sqP};ot&8CH^0m#7518?R8CE<$ zD!)DRGb3-t!Sc%!1Q)8ga)?K+!h@wpI$m={xW2UG#>LjBDYv&oXR)Fo%qP9S)x{cZ zUKW>(CAvqY?+t%r^KRy0FRUpE=-{pEoJ9IFKV^=g@hFHS>n9Gbo-izZzk$tL8dRyk zxc!vAtfZXJ)G8GBl0IPw=|p^CHksAMEj>)~KI#%;+5R3c4{l6a5iZcsZcg%gj3k=t zxSLq%A8KShgaj-+QAG5=08dxT`&yHBW163?s(Fw~xXY!a@SxOjkhomQYwO2Aw;nBZQQ}^ z7IvVZTU(xzL`Rdx(nKu2-cC+(o}lyTpj(>YMhmC?JnoGi>6JhJ)!NF2SW(6MQ&BaIKWI~29H)UQr)JPW@SU9?`L zLe$;rxRMPzIDb6#=|<6IF(TIuWrV$5yY$P)D3(LSYYYFWe4}iHb}m0buTf@K=XF5Y zXC!ULL2r4`j5JqAVA!u1D?rPE$qK6trDyt)@8YrNF!$tL4T!**&@iw3HKM)+WeQ5E z`n2D6W%S9n3ht8w|9bS&j^4UB@H#0PxqSfp1{j|`x$j-lYAR8$I+RKhme9}V3Yh5Q z6p)*yyhXz6)RW*T;h;2O8{({q`5oR&kw)zXxPpk2!mF0b}UC*ptFiYXl232KVTJ=t}7zRg`*|yUsF>9quNws zuAj}Hj=Gm*+7Xh6WMVQxIxl5c<>$u5t)glViD#ma$uI%im9N7Dk@~avaYFIlk zmd=Rmx!DOHHJ^lsgx=eels2^lN}wV;Zl+h6mu6tC;wmH0C{T@JKd{p*IU`=y1gh2(S2t6!19g{U? zZ(z8e4_K_(oS!}DF!yv%=y`~qRK+KJu z@C4K77&N*a!KFEtNoxBOhjvvV_KK@@xUgLHLA;Un!_#ESt+P*u)!=hNZ)37#qX997 zk8j&H-Qs26wd=3am1Q8X+>(p3LQ^}1#@^U6}Yh8GN`t&$#unO;>bgJ{%)PcVI7iU*oTYmLg2e<|TbAGNv4;VqtozjD3v?Jz01z}aGD+!Tg9!z4jVrt1~CCUE8MBg0HIJVDJ z_z(Rmp7i-v36aLNhl?e(CGi;;VF-Oy{Qwi|d=HYB&q)%2&eim>zHCu)LERpo`pNoX=f8kF!{)x#t~kt=o3G@WW~Zxpy)jD;vH;I_}x1~t>zahlWbGQ`;!9+0kOd}h=L*;}Zp^3X;wINk7h^?{%E z#HP=FHcWWT+ex$r?yZT6c+unuk?Kz&$x^zVS*&-9c;bI#j!TVv^W(7u222qn4e!1D zDKp{`jU9W@$+_+fz3$ay38PHaPN4+bQ^M}!6m~3(qSS8FtiemA>@g{gk*d#_Du;#M zJ!d?vd(1Mu1RH7SH^a>wYP(taOoLTp?tUI^1y3ZN%d$OclRy>0M{-#IfKkrb{GJVY z!imdhfoA3V3_P#zT%{Z=Zn0D^yo*b^?=YBC6` zWd=@7gL27yuWi4+h-t9F2|CvG^(EZdSZ9m7%9|@bo$is(hHgU1ZUgUNi1!Z1Fq5}K zk>-jYna+Uu`>4P=k@=3do$4~=R6K1+KWr2$PrW@hh2HKpzt?zvhmuHU+#!*+UMcC1RY9`3TE%uRieeDO!-63 z!Zv{pvi+;5Og4(!hoRDhkHJm(!y_>vrE-XyT6J%4J|62hcVGmcCIw<$mKK+um+xjk zaiDVyNv_JuTJMxd@*bTemu|5ZO;qU&?_`{#eM|a9dirs*J;$XpvmqoEU3*n#@$#No z7@x{1S0gE|KaqzFy$u%k0;yunB zarE-JUifS@`A#+Btmh5UuE6l7)DtqC4NPyi^n3cWKG>yiqWHyJ)2b~vo#a1Oy6TIr zQNAM?{u%(uH;_}}*4o*2ErztdZ1Jut(pLXnQaFz*-twZ%S`;$H1)oKMpqDyGS_ zkBYUo;yZ9WmrAY?foR}xs?fCCnmuZex*%Z|-juxih9OXSH6p+6Oi5xsJcu8P`YYCq z&)MyY;O6#Y<>suRS-T^13hK*~)@3>Q`(4VFaZxl_Ed8Jp2O)CIB#-%!ait&5ZE(CX zb*4#T?s+BDag;}0%-?y$CX8JzTuz*s8oXcq_=<)KR0|fRc!pv_JE7EV=Eo5X5dTHt zBs54EdpG98LsOEI>`L`Qo9M5P^|tuj?_B6>GHrlq_|gfLv-371r#$+1wCPhA_PgZe zkEBVk&6EzjmTpyT16gz0QQ;MguEdM(u`ea$Fi#fQg5Z#RC_3Of3Z3V(oY_IPYR%BQQDzTuh{aOKoe z1Ql0Ph&*E>qlO{YqW$XWGt0iED<26#9O|9^-iiKm=umI=t{cM^8I}B{7wvUQ^>t`v zsc$nT*KoC+K6`JFk2eE$N4+U_<2$(8gxL+cc^TSZPF@%@A7=dXxq-yhdK|4xTD>xw z40_paql*lucY3XBZ)@q*){LoH6d^ugRAh z1{!&c$AobxgGIN19ra*5_~l4qgYUZ%PIAaA{{ZC@@ip9I@&ug?!puda=>6~A1tE;ePuwRh=w93|Bm{B%Y< z)xNZT==MY5ZAHLYZYQZ8)M>w0McZ~j3zNpYRPGi$IiF8qpT7@KaN6`b)$uf0UYUrp z@*dJs8aVC$Q2=kSWeHDN990>D>A{|^dHkLYyl64%Oy~&9sIU-t_z5Qq0XNRwFZ)cd zFf$>;x=&JD7bu0C`7rgxBa=7sqOD+~G~2eHc{7!@+YeLDrBY)(pr=)nX6*5R`UKWz z;4Q49s#GnDQk9nTk~{pG`Xtg3-A|)~dV_c^xOPEiP1#Nx%XUr<#6v#h zK*nA)q=(j>Bk-*`-XMo=%ynUzCi01-fBfk^`(loLK+Dv*m{r%^p^0tlXXSAhn*H79 zJ5MX_k0}4585>Xf$&{scQ0;n#tt_vNV$1qc0j>9lTLc@)8CIEY!7)rXT0TYN&aOGk zoz(qWKlDR8jA-;0X@B*ZkGJt8WmZ}c7Us8(U!thqaSna7M#{)gJnuW^pT;A02wS6N zh;7BS)mFp(gv_4GVw6z@UHG-psEvy$!g3xeSt5H5zmo#y1Iuf%3#LbN%SoUaK?hgk z_?D{7IM&hKs#b%{!VbO52l@@pYqyLXBpqV24Q=|5&N7@0q$35Aebc_JkzLLK$I_r- zuhfyS)=IKlcuVhM3f?MBWzwwd>$xHG7c@mS3d>YkZh5*6yl zhifHG0QC7MWiN-YY^ZHwgM=ib3KzT^9U`H|$QyOqr|Is>`Mbhc7)@!KUQG8cAY*A? zVsuwjPQ_~BuY#Y-7uEe8a@0B}%G96|a>3qxKe~?uC|E?Y&TyRZbpCfV+-`|EICak1 zB`!s~{*?kEHBcX$xNRhI;3*^<%@ww5s?b5WX9O;;M&INJSyCI(P@wV$6i1Cw`IC>t zl3R#}O{2YsQs01te?@s;2(5-NU7Hq~9htzNV)7FyY;gYksmJDp8`EFR4JqhYCgsr zfD>)J(%Dz>zkH~G7xL?#r3PEVejxJOJ4FPC5?_&>$wEu3L}g{mOpr~sBC#n%{PD?S^_ilw2Biw{44{;CLgu6oMHzJ4DZ;(d8~x0orR4AfA71(7N5w`m9; zxKO}9I9L>Y68Wj3D~{nb@ZcgUOBd(NMWE9>^lOG7l--Mn=Dp|Ebm)YmF{7k|!U%Nb ziA^Y%hp+vW+N$_oU`U#n+w(v=dyU=E1N(IH>j+X21Ul_wHSTG{sRgScorWJBXa1p{ ztgdD&d5Ev^Vy)D9tzy}me?@mS$xYp%YWasDWtQ6dhohe{136G8?FBo)9k9ED-psn#_8|!jx^rALO zR>4sB;NJ6(@s;9#%pyjWgYGWx)2%Ex4&5T2IuSUI>8`!~lFcdRLnT2hK6&*WZ9K$Z z>*;|TFwQK2#y|^e_?T(-;3>48DjX~;SH9~6gwXeH%*A6SUYh|)ewAfZ3mczgc zOHXi=W-=7JBthaze0%10mX?IKy_U*$U@2QRNPAsgajNfGZUYvf#`ad*86JG@#6vmk zx!prjoxl*)i85OK-lj!|vj?AjUi$3K={RQzj>w|+eVQ~-b)Df;;V^Cxq68lUPL`&~ zx>jVI-4gR?wGtJoE?g-(dfM|>H=jQ4XKM#19{Abl|M3qXHml4F7DawLqwcP8A7QFQ`3tVJ>%ya`@{CB z#I?D^)AX@iCSIlrP5ko};+7gpKAFzH&;8zB5+nZHWJ}3~E1lAj@-=Yq1koD@R-O~< zHbfQC-pM10Uto=wxzQ+551^Z`xT&*M_1yl))lG%C>z_D;wm!<{ab$+@j|d3i2zs%I zw7URZ9VA zOq3GOs zhtmxn`Csq!zEE*6-9Sz<` zqF8=o{-OHp1T#Z{nmpZR)7wfb!Xg*x?zZKY=dYrFk9u2DbAV?S?Gh_SHBI~%m%!BOUq75Go(gq} z<-lD0uKHb}s6y7wOjAY(9sC9}BVT4@sf^Dhto=8_Y*u#2yn*ARFVxc;SEh*44@gi- z1!;o}a9{>4hl~eBOY06+%FT}7OU@I1mYX(L^XQ(f>~53P0{LA;^nzl4t$FfP-ES8f9Wa>0Orvv22 z8UT}KeO2=Z@5)0~B?-6BA_uRTsY6i|k(MkZ60}mmJq{r!8Hm}Vb6Y3bjX!cI$1+xq zW6{2n1&E(~tMK*8!&aggt4|p(ID=Jrf}y5_8;uL05N>q z;U|;?1I~F)5$^Y({PQ-P3$!{z^LyqvU-D?u78<`}6xgc*2><-3WA7{U;KG!jgur>( zy(O#quFDv>0ZO^3=wbE4@}i23nj*N&xzdd(4(``T0#r}!mcMA5cSAXdMt1=qj}`lS zS6fAwp6`(nLO}O|_Lt1_31DveD-SP^Sy5DhQ(p>kdlAQTD7jXrNKl1&xiF@XYp2D# z&dJj_@`-1~^nXlpctTr`m}kbCH1eCGP>mUHD`BAr#f@`SRCPX2L)bEphdAYHSUfxbS_3LL zxp6_<)N|DeFN`ZergB{*z~U7ppnob56{L)DQN`Q+p5bVFV95Q zfs?S@xzFdKt-Ab=A`JO3#r(~`bi~XreelB(;?J$4oW^-3Ij!Jzn zWrA81AMY<35EZ$%VBzJP=4=guV^#@i z!IMx|^gg0_6Yn4GVRpJy1)dhYx9;vf^o!Zj2}H`tX8;+7NLe-Ol>k;11qCZ`;^{VW`!7khCmZ0Z+<{b2S- z@M*7n1~90_X|t2=*qYkQJyZ29>G?OhfaFFUN;?V@Ve+vg>;+s~f2ZI44YH4}>5G?n!$J$ZKio23h`WrEN~lA%SC=EVd}We;@;CHM zpM;ws=cp3Pu;&_dm=+xCyD+_0p7)P1(BW0^3jbB6OV?0%;+X3ip@{^&DLX6pyg0;u zeO{yc62|6rfN1c#%MlM&hcI`CGDA{mmQTwv;Un+o%{O$J<-)Gomn)?jf>pXQ zT#15fZB5E93iNV7R_FCg!&ENF2sFu-}K&ly(^_T!SU~0R<0Cg#d z=9K{6_rvC4H#{{i1;ry>9N1-v6>!rahR<1V*W7Szjc6zG-&C4S9OYoWItB(%e}AY;FbF2JN{9AgeE%{1b!SyI2w|@6 z4im2Gg)C}+*YEu0&*$L?Py~|L8>vk5Q&~4`|AXPqH39*l0HsRY6!2q@_@jhii53DO zw5##bX~l|YB!hIsM?2Y}}0K#{n89>@)yP(gx z7vqhF1Abs;(SjTEMWx7fn@KLSIIxOj_XgX4zyB@$77R{?_LOG?F#tg$fT5x=)~^#n zDyz^a&8&kKqg@0`g%SIB)QQfj-t&1&;UgOtHS>;_gT|Cz%w_~GL|C7&9Wg)a#s8i) zNaG@Cq2VzMQkuds0$H0@XW=PgQxMA&>Bj)ih}J&&B7jIZ0U!1`Y)6dNSB#}yGui03 zvtJTw&(y(Yf8{Y|>nl;#jxSkS#>&s8FxNk7nrkkrLxv-f)FZJVJ{KjNr)gX_S)4Z; zgNd1*|Iy%RCEghJ%2LEVJ5u8)6H}VoX#AUfnFfoc$a=A#-o4iJIc6`RUnqsJ{a%PB z)JaEJ(v(&rmNVi~(b~>NNnTJNrzDa$B(Hy|fF?a?p***S7E?2VPWBF9wx0X^hIbU^ z7H?73tPxla|Gi;VXb|t0T6yrF!3+1awl^oNK6$`XVNhyQLam*QF@qooddcBELo{aA zzTRn~am#`>25d;6CuV2!q~@7Cu#32!^2`=FnrN+CA7|5 zO=Fcy!$~@QD?@6L?DvR|TL@s=^rKo6sy*y4pCG$B=?^j$98@Y3m5z#Z)l4;bBs!bUTlpk9Z-3rUB)R)4}ow_!`*}f$7Nr*W*UfiLM#BE z_WV^O_+yk5hqDF&JmUR9e}#YssA%d^iCO;L7eIO0;#Md9NWx^DaTn_Ao^@le%2?cqqW%* zN>^VTlt~tuq1bfPh*MGB?5#m;1K633el?-O;^5lYe7blSn43(v*&fOghf#bz)BFJ^ zyZwM@qeJtPM|Cc_`Zmt{J^YlBPB731z zNg+kBhreYU+Z(Z1N_!VOR~frbwog)1R2Wwlng`exoiPDD9%z|nHh&n3oKZY$?7ntW zk{En9?$Tl>1m<@F0?DIWonYPWlWV0z10Fje5>(I409;uY;*t)w224wXDTz{aP;?y4 zW(x-MfM)dM9ny$Ghtncxg!b|Cc1UStFU`(vk+S%?5m7^;mEbyO=!HShPOrp~LsF)N z3=@`fm%4Lf4bAZ5DJ0)5T%gGPh=~Y1lh*AHoaMex_>~`%x zrh1PrENhXzKMf`xMBvb0qu-UpCn+FNWB&4TgaiTyht4guNNo>u8sPmxL(W&+3e|W# z#pyWw8`YjvYE5{ez3IWsm=j0}GsH!Cgj?GnFX#%GsHx8*O@3-gLwb}7h*a-+PihIM zf-eZ9I^B{oLM~CiR@kAS1pr=Vjfg|I}e*qx~%S|hGlQ~Dk_oPChUfENnFf}U99o{(b3=$EOx z;k36X=2@kDGxR=yIPhNve9N90AncY-Ri{f@9bBp#mFSsO%;DqAi_}Chn69ssIeCNS z9@G2>$^v7hhWk`v11iKirRB)K=eF7V#~&G3euKOMa@q;b-1*U&j7zG3a6$Lz&Ra*C zYl}@vC&%)i+4-jCm`0198fA~&#_sr}0PvMtqJ>PKjf#B*WOItBE9#mpw~Q8!omGO3?B$FAo7N(AJ_3se*bA+wVQ>jRE(>qj1e?3!;g0ROSfhzyz!K$-(98K zXbpmHn%$GSkfihRl*8noA*tJT>S?FxR(Z-Rt$e!gA6nGrd4Z$#To>F)N`ooQxhOBj z8)iR{@yZ&D1TMRQ(G7|qnyq`_@;Z#r9_l9y5&sovY(Q10f4G+7#eaQAxmk_nW!YNc zSVx$+ku`^Xhi>VAIaV3{A95s!K>S2AbP)id81JVW@NlDf^Kqi26~>T&J56afei0GE-N zS;{25+$77(Zcc%iSMZ{0Csui2YR2x1yNvy?34gj<3VD&|?E{JTQ#wA9%dqi2-UZ+3 z_R!+Zk5%~z-zudY7G8Fe6terBgo&OXbKSs>W};#%M_>CCD=6b$7EoTw^l-{GaPf+F z7{Lg;jtIpOoV#n;M}ZL0W0+VX5l*|p#F071KI68i4>Hma-&u7+Fw^l-R~ii@PIW{d zu@jlM%TA4h?b-&#^T%);_Dn6^;1L-3iiki}s57JRcF(2kH~`k#pBE(T5u$g$e9?dD z53NAbg=_u)OuSE0$)MX{jPV>g<0l3B*NsdB0<0R%H87aV2p3#RwH1%fDZyu z!Nm~$y~I8lX`tUwpl{W=w+`X)v|TNYvR>f2-%#n;Q5E6)3?9sts(N2|8bEM2L9@GY z78ta+i<_|jLsqHMnzXCTsakd20efkLz>?+roN;n3^fg^ znWgl2rs!iQjX_fW`?Bh!r{2zEVfbO>ku$-B%c%e5qQAlPG08`{TDp=1^0@alpz=S< zA*P(fH$98KiCb?T)0vxL4=T-Ue?E&I0#;GVzEo|HVr8YU7Q}#BjRV+IVArs3C{Y0a zFIVwR`J<+5(HGgnUU;0}+Ur>CZDAq>OEEJg%Q${=x}~8*yBMtl3_4-a3B##}!|1zI zCvt27@Vntt45SngZ*_5Y&~7NzJlPTjrmyur`5Onl{rqFj8P=Qf07H>(wbkmh{NswYmVKwy>zj9v0GiQHrXI?s7q($iS0f3qGi3l2mP`J5Xi%jHxs{?g zgqJWC3i4j=yHt6N60Y}A1>G+kqn}k@6EV%KX5J7~$vKO$6orlGtycky@hr zgdjnD#srZ#zOhNKOIR@5#&cAlgS!u5uP;ro%^su)%y+Ouet@5{ZrP~0lRTHFSQw9} zu=)H5@|S`+4Xu%DMV?nzhHdrV1*&2F5%LAcE|bc>lW5}WI?QFVcy@!Zs(a6@|4Yz# z^+%stonjL-2lOe5oj_1Mp3?bv5k`yGy*HY$OJ+QowfoP-)^QCSvM}X_`#OqH#odXs ztiQy>QLa@coJIwndTF$kbp?=9z0hUIuuvD}np1^qihh?#pki?eGPUP9%^KQ2Ltp?>`QkD>xRu#Y`N)GG z#~TKnjz?*+M1R9|w*D^sA|N}gNUrdCuE0$E8FTlz%72L@~Sra{xKEr-|$u-65jJw-ONLx18Mz4nogV$BClS%y>ZDQn&`NvcBPXY8P~i5 z0p1@!jdR3dwAZ6u5w}Wq$aF*4Wj*Rf@p)9<%cgpIKe7p?=0?-5wT{~_Jn<4eK=0A?Z+c!^h zPC-0GD1v6B_5GowFP|KIA$ChT>A$XuSBxbtk)5fdji+z|%wYODSb^}?)8QFEgin0M@5upm#V)17*N9WQkHX3;} zuW4;>DFXJER6lMZ?Tvp9$OyI=9g?># zO4uCCEck4uBdZ?^?mL@tQDs~kZc~(jBZjCcVXP9CZr(kEdfXwHu!)jr^hy2hxdA6$ zc0{>xIXFIwD+jr>TR#U9kdDd0@rqL6rM;UCsvwu))ww4I@sUPVa|wKy9ui zm599L@K_>)gMLLf=C%YCnyxNL$3x9sn2(xN>fbpf%+^)%Z6yQ_hV2z7f&pPh2mZ^6XMY$F81YLqlf{TR_LhiTsc z88QSXOGV^%D+!4d`gpmE%4?o0$kT`n9z0lH)c_q7!qQjL>TpF*GX}m`0bCu}=NiR`x{H=f+L^ z%QHA6Db-9Q+DG)&lNRJv=E4*J&d2i32QH$kJ?c!@uA_8k>r!R^d^l-OsjXV-9ZdRt zW@8cKIh+|7(Pi7tA;Mkojplw?PR+hI@lhM&!{h(U`o$mvNuD5pctyKx3=|a;GeK6- z|A9_0i-ZKwjyw-a3=9V~cB*a_w=M{9CLrQX-4jyY#`2GbB(59C z193O2=;twuNML+t$yUCI7yKP?=v0xmn2pVPIKL;S20-A)K%)D6B8La8YZ@hH+Ztf{3 z-2qys$|i6%10Ro@P*lJ;Tn*4cm1{!2AT=;Y6k?Rzcv4cDx`n!A^~sMZ3e>+UoSw@A zuAGO{`WkWDK^`)_^<&4%iWyTz+(Eq?FMAIJ(kE}X9gNK>HlG!4uayg7NWcTbyaQb= zUiIJPIFV1MwL*8_q>aniT+2Vu!SRDW8AWDpt{k&MreWHqq3!TwT-H+lp&)>@4&f*2 zCn9Y7!F?btE=&&8l&eUbMf-AIJ~8|mBeon@{MrO^+Q-g5LI6TU2~QJ+YQkF#?SrkA zsI=yrV+LsEGObji^LzS!2+oUs0a0G;(N!-dy`w`HQCpb@-xIBSJmCxnamQsxJ#gz| zFFO{!M8fVX8D5qc9u1`{rFsGg$APeE{d%-$Ue;Vq9+)*g7@ZNah#bk1W5Z|^Df2y&WjBeo9 z(4!em7R&*c-f_|{TFZ(lblUOO_GMvw8DqBvtjpk~jP74s$pmOy0+qX_3Nb82PT1UCH z88~rsXZBF~f5`Ss3i6;6(9qcQ+<8CO~Jx~6enN|F%Cy#2?GcP(7sNX7T{i*fDR!JK+gSzje->b zg8<{=lb8i4vkfRE5YZ6U#hU;uVE-Mi(BK?YpMk;M6A@?tjes$JUr1#5KfZlqeaQFd zzVQbv2t%9m_YKT`8~cC0JqU!G7vt44wn`2vfxV5D?b)RXED%QU48UWxR5gGp_Zm7G zgn&IbSOx%XtnDMKkrZdgZW+%;CJpU zbX8|@?k#>Wfaf%Xh#mm!?5Zm2s?a9nkd@hmpq1UQgEl}|>3L}wx46}Sba(N5*n9b? ze*Er<9 z1oxol{%~oO4 zZl6bug;7yN{i_%teixj^^%v3p2*wdj$N`V=cPBtuiodB&1OkH_3lHuVQhz9%zto-n zXu{jKq&U3T^7h7Se|Fl&^-alReX3vl(3YQz{|WaIOZpN0{wABJp)X3B2=9MwPJMHK zVkpTfC;;~l^}rnZbg$`{X+YVM>l>TB?>8ZjU8E#}^q@iOoSjWS_DlA#t`<_b0F;OB3rSCCa$}0(W!&=-%a_LWAKAz?ee2W&Wm&1V4i5z}eb> zyFa3T4k!3U|IS4|`L$yYOiMC10&TbTJJ)bRWjEj+7nz^`>h6mF9wbS@=O>``>%cey?k4}GeXx4YU+f8B1Lsfli6zj*sP{${S>g;}g}SSIfd@b@-i zsZj*+glxL6DGSH$dwspX@8UmvFpJ+^sJ~KLI=i#eiNT>6K!XFLGhhdYz8G9^aPssw z|MRTh7Pr5c7wNq3+_S?tx}B_2d~CrA5! zrLnAt$P#{fWgt<04|Q+SWj{t`6x8{5$;a??9`eY~o2Ql?gbg;&>6w>Xu*UeL_(m?2 z4Ffi`YBK>YC7gYSXi{OkAJ;nn>b8+DVjW{m0A>b!BiUtZ+7xq$=QPeHQoKfDqdD(u zKa_Fy9C2;ycTO21vm(z%vkD03+S(ZtM{$k#G09_{gzv#l5U;ni9a~3nYDuGF8`QYT zR}&4sPqVopbg`8hj8SqSH%pfxLQ%}%Hfu;iA_oW72=B=Q(;zH|{|A8=Dk#>E@MQA? zgNZmOoVqsT@Y-OV!c(!Q|K6YMV^cvuvqq(Y({_i16OMH+V1KOTQc=PT>yDe7d1&Em z(Gdm(fP`W3lD>>Z%q^0m?(-~QH?5AbwM^ku?pq5uA=G^6)ltIQ+C}b~8_v^l}6qjz>)V$p)-)5=VDBzahk3sP- z5}6vQ_dv_$YI6~o?tq!68Z~Z}(Wf`sN|Wk4)B6E18vzs(U8>X5?cR8@Qqy&eT)FFZ zfNMw0Z}`Rm0&Y>UXv+U-*;n5TMD;x_e1wcYZ2aSfd2KY6!ZgOa9Hs2Jr*C^NE+-C@ zZ_{3pf!C4%5q&(c0`m~mX_wUMlHmdQExyJtz2Au-pNPHM6VCLflh@Bh4zvX$baIV} zrR$83VO+lc#WH>l$^%bok1!vL?8tE6e`n%-Ksx+lvChDPpbE){Yt)d5+$ROdBx6%@7BbCELK)^N}% zyEo#fUDT9IG_xtZo~zP5X^~{o_0Zf6*3bN2ukvs$t*QZqH^>5wsI432&`V*wVJFt7 zHkF|Xs$4>}NU=j3&u(+?*|K~jmGUy1_QCd4_l8+oaP=V!RNA8{bHr%xcI-t{1xxoe zRX9o2tBNOU^_}z168{eY@$%_M)rka^%6v18CWm9@EBRSe5;XNA{SizHp*Tyt6hET! zb%R~m#*4VXp4~;~y_bY?bdD-nxZy4tw=am@B*S4C5-49cHP_YLOyz#Qj69Shrw%qF zuEup*Xb7GYjj~0aeaUxc-*bY7Ly{bu{^4fc0cr&8j)DTs$RYH+mhbb(%IvH!Xe_d@x@hUY;IUKvdc#&_%j@~_) z!QewvUo(Gt|Fk;AvRv2G5hnW~{mH|XL;|l3eGwlk+Oifaqc(v)qA-O{#sBzEz<+wn zErIE<=gU-#@^ZgI3%J}7H3cW4v>vKK@A2LBABUJ+Pddv&1W_y(l9F8_k-BN*HM?xx z&AV}>rz-WK5q4+OrE?mcZ-e{XzP(aYwXO7%jt>DQT1zQ*H?W>)6DlrfPg2)No44x8(%r2&2jJO z7c4!2n1kBO}92?jl((m+6^z5z;8Ndz}=b;JRV^SB1@GgrkWt_ ziU&wROD*HBLa60vpL!?1E$WcY5`?}RCNQ({*imSvX2&xf3{$9csCTgfgN^~ z>E%idQk%7FZL{@=^mE#t^CW-tm?-Ja1_4+bf2J9p6MZE6B{a+mk;rL29e*w!C@T+w zDM7axjAo@q#ODg`yCG#DaJ_|A!Y^Y76VRii@j7tZ^oUPzDt`TMsLSGv+X|fZNYiD# zt2)@a1~-rV!%X89Uv@f`mZXi&gm(%ZO|}gK*b(g&g8kLgHle1~wS{eUw)#6fHR^HL zTI_PBVt9sBaV`WR{Q<2eA0g#hmzPoey?!wE4aqSRkJHtO5sZ3Yons`; zesJJfeq|2}|5O*K_`j<97$sgS!}1>sjpll%B-L?^;e^K)s{YN0mhsH*F8J|BK%*vy zhSwo0c>HW5e;`4UOibBZbFM3vuHT-{LNL(2^zK6w zV*^4SC`#ai>+o^ug4`2^_jMV98(LX{KQO^~R!^IjshABLj4;QFG`UywTY0=ZvZ=Et zZA@pqi^+l8B`#kyJ^L`nFG95qit^4#8x@7Tn8ttc;hMRw#cw)Co>e@q36j?9$R0IXzoHPuZ!)+Ki)D0zKc=%P z-r+3|d!91+JQ{Zei3soxxJA?~8g*uFbtWd!p&m-AfZ0S#>Fthw%xo9dioS=*> zx#Uqywu-=)cUH#R(8Tx3ZPW7<9rvr&Sk~dhiHBOhJVzR!FrqWDelFC}TX79~9NcfR zK~Cb+p?L{?SXreCm?;_N2Tw_nW(r9h1MLqtqL|s)W>Ajv45>NqgEpq!_bi~LnlK96 z4qR;yZjIV?lni^#Qf(WlFE~aQ%0r51m4ozBAi<;sT8Bun_!KB1m6CLg4|GY!QR$1( z_jdT`h%yNk?pR>q%P?|5zIwXyUxGDD`4KnFiymgm%#l#p);F-_z^9BJA@qDj~>MWITIQK+D~`Zu6Rjw_13A)@&Yj!n3h3wI^> zPbb$nrGivv*EMPAuBvpLL6`N%FX1nPE4=hm)ZJV)Lw5owj1ouO$+))Fh0QaKa?>E& z@Wy?t-tV22PNQ)%H9*+SohXr^5Fq@Bu;lVBLlua;mDL`|P;mv9>z2Z?ZoH>H75g#z z&KH}+{?L!Y8827zf<1D$kJe1I9$;W^B`aw1So#u03lmip$`?+ z2vue}J<&OY`xRteW5)-Khz* zDFW4YhIZ*+R2p;6vU+EKPQpjMGTZ5RHd)^7-P4{U8DAX)L)Ehv2RU2p<^ritu0*w# z_8hZkn?EkWQCZt9G}7T8!Vf(Ml))82&9mJd-^J1rFzbk>{; zE{B4ZJh(`<|Mu&{`PR{Iri0P~@5aGeaQ<3b?i$#Q9JJQ!2v#JGt*k0S@&N~JnmzGS zSV|l7T(lM%LXj-L`7wBVL+vi=e%(8U;;n4aBC{blttl$TlPk$Kj7Z~gPgv42DrO7g zVFx6SrMBU>m4e1(KtAuouHg|U5&cb?ryJkd(OB;oRBPp#ICr7I#=>lw=B3AOtIB7w z*PjtNq(}+oL0|z)-qWx)o##gbqL<|bNS2wf)}O5q+zvo*lw7Lq7(y;jpP_OtG&-~{ zw9^hc(PLh(?&?agBx9)qmjK979jmB~0#27xJx5Is*G4p+P`WE>Gk0d0nMqbW418=M zDwts>H~-cW&OS|2IiX{rA}hGFwTV9GJwsKN8m--by`wwTUCcb-bSf3SX>^SfgC8rl zkq|^RhHr3F|61Llb{(1!c7a6O=1xTTtl4lNe2b&?D$3p)eWMoG%n;@Y$Q z)wY-m>H_-cGe8os;hRqSD|mO614EYq23QrVKFmD$o`v35>4CyMqe^&Rua)|(FC&T7 zOZIhn?JvBZ7bu7(y$u*$v|C`8{4=J_HRI8`U%LjmZ-JKQ>!jD=>Or~1%0pQ? zKqzF3)YpXLg2kI-tWz!H3B%oWI;!TI)~{P8tG!Tgb#kKbX&Lg?j1hdFh2+iF=xeH4 zOy~a)llbYFqq%t_oqMx*+|6+S?8Q{O%0CS2%4sa}?FWyGr_>X4{h9HTp$)vM%x{^; z?D}ogMh8?v@llZK*!9yT#5;r{ZPTEJaVi}I>@NqChZj2Q?K)#&veS|43(cBJhjnbI z5*oJ}PUx1@4?Wn6@z7kBzo7i6G~=h;{9PcVyi4lwn}kEd^N_tfl!v+H=Bq+2miVunm%bto*g)_YlQQBNHt)J|j!?83 z2Q%0}Pw~te{Q2Nst|vC;w3AN5&-&~ed>>&lw0g-hhtJTsll!lQ5Xh~$mW*$58p_2M zoi_9%eA_##KIEK~hEDiLBozd%m~_tcpYX^5BQQ2v*zj8uy3mk=_ZmpQcL%*nFawr zx=$Mnnf?p5H3HbAo?DbX9tNhNLmFF`P_JR)MWrtR2`Pct!6o(jTaX`(8wKV@gkLT{ z!KF|harR+EqJy_pT6~WmtZM*FIJ)B*BB2C$tcQm^+}^?W@?+dVz=2e*?%~h+JC~YZ zzJe!rK?yvKZir0V!X9RG7@jLb@2lE;VmrC3(!d1B_im!K3~XWNSF_ciS1?_O0i14({P75c9GH>DDGSHCGNI`G@R z>lp!BgZW=dOwMF7*2kfx`>0#kdZ3K9P|U}jo3ZU8nhf2d_t6zGX6HhN7J=D(L) z^$?(1Z^}g)wMX+NZ>_mT{+vt((nZNdin`e?3?EB+_PY8Q_~>*okDZxb^`IzPkzVj> zZv2*7xNP%ThSyB8bBp0|UAoLpLYL&Iinmxqz)Hga$&{Lu%E0esBA7eGMWX?p8Bn^D zm@gEKveNEj} zb$%f2jE4n%gV$$G4jUEQMGMV0(DkfDcAE#L$p5XTO+rYh(XT_Ms+*d*2L=5rlOzCngVCM zc`aYu0U~ybpH;kMKlMtvx2=I^0%T1}X(LQ^?(ZX?qzv5QE? z3ZzoT#Ii2CK6Da$rou?unxgLH&!I%zL3}P@5z zuJ*bID-wj1x$diK23ola@gl#XllAxpjkv3_Lwpp7_ITgbgUd{Di^wGHoqQ~{p`k+! z?0>SSwrMiM;e`Mk*=8D2??3w`d7^PtJQ~hw64qulP7lfjunn1FHr*muVs;W1?CQDe zu-acuB?l_ngPLaLpvbsOJ!vAeyiOMZ)|ud%x$-0(I=YQ250fGhx|>g_o+Pk z)N293Y(dcuob@ypoERbX_*4Kve&gPFwGpYpHEwgK;U+I|PGR36$r-{K-V${&O^lkh z^X&Ev`&-hhlG{uYCPaIkAj={xB#>f6Sn)?J@piS4E1I^AV>&#gZJ~3i8HziLdh*!_ zT!+OA%9i?Za6LCu>l1pHyGpJGqv!Z7TS%kd zV1mzM1`t!|Ws#y90pWLOTaBgTH0P}?y2*5s15LNdOFmQGe1?kdrr8iNFV(vhmy{U? z2^$q1Q2mXvx!T!HiyWBt88YDaF-s;40>GNTUF=b1lnUSb__2hv=E(B(`|^_ZTA zGx=z^1L*LTZC4`P!R=sA_af1VBE6o@;c+zFU0kC*V6U}qr4wpmqPG%9| z%=s0Ha6v_g5agPhzj}_P@T5`zL^cF&!1DTt{DJc<=&XYN-Aw(L-}N}nC#P163-ef#^{=vJBjyUu8NKAH8GHTD_xS>x{fwzVV+S=R6e^{6lcuHznf}! zBfP5`(qHp9l)h6;Ck!?Jy}e%=x)~b(ycivSd2fHrn}#z5KCUiTr{r;vc4J%%uMu%e z;&FbvcB1E7gEtMU?ect!N=jNcbUtRaJu!iCEITMEqcwvnS2FqpH~aiU*U$EbqN}6A zGv068BIB>Vyo0d!74^yoMTYu^ayT>6t<<=1Mta0|ITUvGojT@ zH;1RUKh)GYPctrn6nyV2*n=Nap$=!9z#AIua(azA7J-k42K>E>yqgSFv<}%gqkX%% zom=K(pISJiZ*|cYVH=r*_~Svn0J?+pR?PRLB8mfnz0Hd!(e-i%aUCoi8BU%hgSuHz z7>6zL^<5xf<4usLk6Tuc!|$BRkjG&V8$HI+Z=-Sy`zA?1V}KT924v4Ew3=W)j~v1m z4ELP)3Omz#Zq_hGyOQc0mlbVX=wk(OP`iKfG6{AwGUs!^OV9N-RT2#I#>szR3PsK@ zY}la;ezjpJN-S4QjZdF-Bb5m84bQr({TgAaHKh}gM19`l# zE3X_=uLhN~;xxQF8G$oj-M4?CrO3AzU#}E{+-Oih_%MW$bxJ=`ERBjJljw`kSaj+aST40IG@Eyi;}cTy>6@#XYACNQRw??aWHw2@D1*>pQ9XJUZ@$mWx*Hm5K8eQ%EU=NZbKsE?V6! zNtd=jMqR{iGvVm^b~`eAcuDt1w11R2uOX5mxJGR;(B^kK?XqSA7HK?x7iFP2q1wOn ze!O(zE|lb(@j0W>PEWCbH2v+hOhLA=7%;byvb3bKdrwm^z|@^p+!PXC@QLf5GxGqX zkpae$&hsH8DWDS>O_xlOdPcXE_}Y0x0utc4heoZMVLC14idFH0b8QquQrBYO-f(~b{ z(SH;CP*Tt2KUR2tK#v;6#iU-H$-6)XkXKjYRH2IIeS&qJe9#TOKMe2CoLen;VyRfK zx6;6vmWl|CZ3={}5r2PJl*5QDoh|4<&!H=A<9=8m6D~@vQv9foGm$FaogwO5llDCh z1~;NjOyA{ZAC!-A3!r(2ChS6`#usB#5Zwg8ds_9izJ-YGUot==C}J%XJ-y8+x!O@D zQ(qFer6%)S;R1cx$Qrpb^1JE{{>JzOl)xgw+~kKG-gdaw)##y3!^a)p*_-p5)iTO` z4W>H6p-Hc#EXN!WEnUwsPU8IJdrE;OH7(utw{Wm$%5n8HrEN8oa5tUV-sCl4hi=z%9^224nG@x&FpCYK~A{p%biMQ;Q9w6YCF z9ePZ?8Dg5;jXkn_&+_LNc^bNJHvt3+{#>xh3I?WngG2NxVO<1unpAOjM3z)RF2`2U z7FvkW`?js|xA$0u+&-3VnJ&MM=t)j-f2!EyWc0}g0786I%bGz+fmvXg2$}R=htC0@$K_4?f zo+kOdSP(%+Y>U!JJv$JH(DTfi9^MjWgRB#6&QAAwr8btcF)-r6o2q<+gte^e`>$)V zI|bWoWOO0nGW7&jjdwr(Dh)HWk@Y)7X++as)AYFD?9O{<*PmadEcEO&{iqtUW1C8? zD01~HfTpOTWIdR8SjFONh^PEJlf+eA)H&vjl{s)Uw&CPvlDvy0K3!zgQ!vQKf7gB4 ztvPY$_M6tOE`@_9dn0XqHT5lHf9LX@4A;c{5i$u z6vZLNb0OVBl8sr9J`L_FmKfZs2qw%mu)e_mr)8)9_-$i=q@LSBq?8 zOy-8^l8HF1g^$2upT;I=iERF3N-E#lxiJg;Y&Z{z(+*ohY@PER=>#$7x{60CiO*z_${=DMH&w7^nl?Ha`>|iEpsF8{o(Lz0V<#~%e?s` z6fyM)6eu*u%ms?dmQzkIjVK=)bQ3ibM~atU2i*j}8HMg33B^}KcyNc&vE_Kkoo$5P z;F5(y3#-~%OXTCIaY2rx`O;yuG-O#oMR4el`)GdOt1Oa{*Q74~B)*-pTY-#BD=k^6 z&Nk6gr0%s+N55QsHjRHGaR?LF$*xRi(w`ElBO|lFbLYs=3Ag`_Ds5AHnfIZ3QyuIV z-6+zfCRJuWUiQF7VW+Yr)uhzd&`YAL9#%5EJ-Q)0=2`>{_udk1s${$867i2J3kWgo znL5lg?2x_2HlioCjm6llq9-K#H<2w8glc?okY=pYl9B!UZ@`7he^Ls%=|X`2aCxZ| zbT&~V>0EY-H^LdSHQibWamvA?i++hh=O3AK2AOEE;Oz^~+c5=I@jfAuZmO6!zXm`a zNCFU8A9gOv;QN>>?;A{%WElo|I)VS7>GyL1!xi5yNllocVAx4z8UenS~Q_+7A``hE6BIaZ`YW>7XO$=!&0*ARfAd#(3 zW2%IQqs_xUBf<`I(eC1#rW-!{lV4T5`z95Fef5vQjcfOzS87nfCo=I_4~JUeJu7&0 zjHZ8?SdQz?tpVuuaGiuN@K6v*%-usY6v?~SUKVIs{o4R3f6U`-P-_z;uKnA6LK;{> zHpZtyARORpdZNiVDnRSMGZY}A`yM&VYmW30<`(#pxtap_(C#&nr>H%pNGO{ocdk~_ z$a6P|6+xqn+?8x2s6vhI{QdqMgaj>PW*$Kb{2L^cnr!B6mb80#5>FRq$7$<&Ko^$- z8(a%8^wF8bmJwUp%_h5)?5fGw;g0lswy55~llU@Y!}8S2>a=yls`5@JABSW0#L>9c zE)Yhi(A?HR6Q24?L%3vzAUlN@kkkB$I!SsMF}1m9bl8%TP@Dpo+E`cfsfVC4U1=`& z*k5ba?d%)Ft8DPk`4Z)mZ`|?(20208R6GKsEW?WO^r`q{d^?j?ZYiedoyhNo)LtrMpA5BIsn9}j7tMa~XSQ^+NRMuV8Yov#?*mG#87Ubq0~PoU26Ut5{aM)6nH^O+ei zk-hGCXHDPtc>CLoKpDq2Oo%6qJvc|k0%6%r*cbjgA!IC?M**F`skhVOC&4I~R&+F+ zWI#9k5oFduHs)?d4S1!IakGh(tm>xpFMPwtmT*}dkP()0r;f?GbCN>tqZGrupA4!V z;@Fl*@g8_}z zVsl;QgZy73VCUT-vrD61vvZBSgU8XmU2`9qO3ygXGncxf&`=_Te zt}9^A(rc?WE@FRr!>3a-9~~dCp4DeM2T2aH-bSW!Qj8uA1|qo`$Z6kk@*!di-6**|ux za;Qo;eeUBK7Qlgz^yf+oYmximaf@oai+||v2u^Y}o~|n|!efJ$`mD3T2M+ew1Y^|{ zPx3`r`dd4_^B((OxFN;7R!ls&;d|^AnKCmFx4+ZSitvU{+}(~ZY#fhwb;!|S!%7lF z0WE3UDoD6IYNGh?_f`n_bgQm2(O}s0KDzAJZdbM-WXBpnFo^dHWtdj1>Hot25|bUkwOh2yh+S2@Z-gIM`1te&yfs1yR_O^KlZig~*~RJeJAi2Sh- z@RnHm*NzV>zIaek+dcNN{8ORWKQnHgT97HCEI2b0iy*qFH~I5vVo3F4t1+Hj;Ilag z$>OBK`faaf`z^xRJ}~FyJ6(;sAeWIEX6m}EcFY;btr_&ZVq1is&DM^+GKUK&|J*_Z zGYy~=+WM+$-wv}AkajmGp_(vU0ImsN)Mpjfd+%o5hJQ?CC({ghBiExJ9g7Pw>RiTM zqc*D65XecL4xd0bRcp$FWn+hnrasj`ox0q%peE1(wauR-Cwq6kGt!RUPdSZ;c)_Tx z&Bv&Bv|wY`>-s(baKOc{N9ocA=Lx=KM4PEY=| zhTP@*xVGY9*8}9xEc0LV5+Oa_{BUGljMjnW?oRtF-zArNq;f^d=a6f$h~iyZkMh9Q zDZID4Aiu;a=@#`Up*cxGq85)fu$ex67PH;S8ssL|P{gvNq z!P0NobNTWFr%#}|uTD_}+MDQ+ktzMkLfxLaYa1VJZ`aIHTL7B80$?;yDvM~R=4Ij~ zKMs0`D6WYwOJo?!Uc)(EOmx4{m#M9TT|LG57ccG@?^W24Mj55vrw2HzUXX~S7rRq^ zwwUpZo2HHGG6aPI)AFn-z#zrd6u_OYr{~Vwsl!@pyxYyPODvG~Fuv(JuMYewvHNQsCMUFz5`z)0aX22NvJ66`=D(lCZ0O!S6c%|V5JMT%> zQ5o@XMu@x3JcXAjvftvgU34;>;zam38HLFChC2_088bsVeohx_WYcr}nsVVbHbq1a z8fJD!VKE_)Zd|>{EZv&4*w0D>Y-Ir<`Bz#E#OmL)Lex1TvWRJiz>Vw%5kF4EWoj|%V$7qv z<`IpCuKP!e{lF*MOWj?avRxSXK_<&x{@!^9^<~$Iyq*2e7rmou7_36cdn%w;$?1^X zsmc@J;6wQkJ3)FT6=81>^*Bc(JY;uaeC0E=?H$Rbj5hA&Vz&9A6P%TM_m{gMLOCcE zC!W9AbLuASk%|`^@A!mI8f$9(8DEj^g<#liVnX;eS6`~yRYJ;L%Fkl{B~cv2@-l0F zuU(}TQOag3iEafjL1A?dqZKuz!u63=dB-nwE*i7u!!jKj3~4Zmy9d)*(h!SG&kD4#K+?S7uid+o%zowb;(QGd17H9{RyRyr&skelZ5a6br& zzK*4{HAX^p3D8F%X~lFO#VK@uqlXGXphB%_^(iYYDA&IP8R{M zf84Yv#*l{JEsQ?WP4o6w1}>)qfYJ76&@;`)7Y%+bt`@DHTiw%DSlxHh3P}`?8Y*Tm z)E-=&5$5ZkJ+<2& zJt>>_a5J-eo8#BrZgTjoE2SK=$@iqOo^ThuTlI`-T=pB>ww6;!s`A`9io3KE83B!( zf^L#z^ka`+1qd&OnQ^o_wcMPi%e`oe~3d>%iC=6@PsPO=26lZ+M#HfLU5^QmiN+5nZZ5y|`jcAo# zZytc6ANZ|B)W&V;>JO(ep@9o3woO5#Ti5_22*N;!PnPvNjwHgi;a5D}Ea-{LwQ5?w z?vAp_V3C8e0yhz2EpfP}=)^7-;qXu)tRF91eQiazA3L73gtFA zTX3aquK!Y@^;Fu>g6t7*da=r3+n zOl2{579= z+JL?VVL{ug=(@E+B;(oHNI^Js8t=r!rYNRg2`d*W&mq2#DT6I?_p!%@%9jGX36Lk1 zmyn82E9}iVw2rEXEE!^JkzV(!;zuoy{bvC0fXBtAZZX8Nvmb7iYoI=-Nv=q7z_P2` zB<5%NOXgz-X~LUP)ihvTMJLZABBx>d0DxE|XDS7xaR{6?wIs@AXdSUkkUsxF*}>Z1 zp#+wsVf@|9zl69tLygclUIuUP2gaq}svL$5r+srn+Pg~HavvzCOm-deN3IZo=YF=# z4SFdl98${Wk**}GuJL8hMNM(7TN}3uVtnv?T*mRSdSEn(AHh38^G%E?KJ(Vs$@ncN zdDY1qwZE)n!G}vH$c381sg9rUrHr%buB#|q3lo2E^zmX+n4T=_bB>%?{Mm{?vVlxQ z2)rYf7$~E(DL=iXGHnPH-rC)N=-*eOYtgo~eq(TQJY>{hvu_w5J&P1 zsAzV4(ZKGUO%#4+NU@BP`jmQMX1ZhcWS<@$ z1KMScdW-3FrDSC4PsJ{qyd!e&iB;R+&$VV;aC8tWFY|Ta#dIkQ7UO#@<>SYmM+8e7 zBBMTn&K*Bs&tVYzw7O)1U!Y{sYVhwsLAO_TOzaPEBO}B?WWa$TLs>Pjk30K!2mk`t zjfbQx2lF#j8h(dS_jq@d^9#=LF8|b}^Rf{YR>;eeM?= zEu!)xqKe$0YXpIyKD*n#&un$(R`P02C8u^||(yzg8Ry5n+ zcl@9hetM018AJ8zE$#w!#C)kY{-RrK=X|HriypX5Zk?6h(Kn$vV9(5}mZdSaHr={> zw1^n))O~)24ZKvSOdCG zpPC~$w=c&na~ZlDZOiYk!+uJP9HJIKoKE@R9hYFc)nB%T#+oXw2sL{PwR^}T4mw?D zKb8)R%)LzF;#v8mR~W%7-f1TN*xaXM_qe8lod*cD+{V4(e1^cxPHDW%*i2#}EE8?| zv+iZBNM;pgimjC9kBHi6+YdG%+oC-6c{{c{LY+sw4AJSfW&0Vgd5b`{P93G=u6M1A z&&7F_!mPLeW~#V2(^zLoA{Nuix-{by|L9QFFu;(y3O~yBb!#srR++1g04;-qvKx4n zol2gzzu~5*ump07bp7bG zta3JGleY_@6tQv3KJg@RC61^Mt|6xI{0j`!uUM#& zV2`sn@P(m2-0UDPZqH5n)TgSSFcgf<)>94YG;LmdOI7Jc2s+8*o5}SF9M@rfOmKxd zP)Dp>LF*V@^y7k1@?8eTLyC$LQ2E$dzBDY)21d*t>q132^PgQ4^+iieSeHWa`Y71e zLecme0eYqa5g#O=#(Z;)$JXABYxRO}2v|zj!dfFYYu^;2vce;&I=1v<1NHmmQeV-- znC`QebeW`jBwB`YiOxitt`AsR&<2^IoXYS;mA8ZA~LsIH=~tn&UhBXwfuzgEV-!p?L4x7S|zAs-jfSdYQqeYUwT>9L`N;IIW12Xo{AW)BOb~PPU zVOy33q!>wjN}r>8uwYc^uXsAV$^xvc5M>m)I8EAZjw3e+?%K7`$Hn?0qL{Sp0QF*- z%FfWrlr51pb&=l4t88mZ0sNLa7w=Q#N2G#JAb?!s-U8~pa|OL40QL`a&(MhsR+cM{ z9gD|M649VAt_GCWDUS+dN@H4tPovkZE{;J@U|;t0Z9#XdK0B?}F>GcC`B?54aulHt zMacU=+r{GJ4m&`t-l)F6GmB(Zw3x)mtUTj|zT+t|Sc257IK zu~#1BJWCnwQ@r~Z8&y*g4aSQQ5wawAU~VeTT*;ux<)JOale4&M7An4OQ=CBH#uAEd z7kEiIS0Q$NA1WxA?3G0I1J*#|gXCM6Dou;gCglA5T0yELX0c|k-JIX>`K!B*YLDjl zvOf9JQgd53MGz#PvBDbF3C^tz@3BY7i^UQu&N~L|ib?XVXfI=h%?*82R8OWH>y?=UOgbJn{V$Pl!tvWWycKh}>-b8?YY7_xVaJiCS0ow5p^F&q$<_y5 zn~jn5c@T5=3n+o&6#jpKYo`ATTytJ{~ugW zwVA49Z!XYAcXfr#wRd%Ofw>2%0e@o$CLg#F`k{_KvcUG(;Q{8L zVO*SoO1TP0aa+DugS+Olp}C~f$@cv zt5-KvOj<}Mx{*tb9|<57`hmLZ8UQfWhL)fW z^#20{^y^e9QBE~BVPVxEP&xe2wMXOco{M?~`Xe0`79G+YIpy#COJ;Ei;PP3e-)F2T zlxcIhHv%R3(l&s&;0Qr1p>)@$DvSmEBfGY5PY1wGfPi$?H)-4yRPSc|xvIq8x+|q& zvaHggk&IgWuhDM$V+85+jSO&Q_w9ZAyFBu%%7x9`)<;48Pl^NMOxxrTD4U;{0Pcgc z0e5u)Qv5aw@(D;!^hLpeNOW{{{-l;Z@YAjOSAFKWNdyr%MdSEqdJo>lBP~qCH%$z}?S=TP5teC;j4MGM zok0-Zggtmu726Wx0tM^ztp7~Tx48p(a=rhs$EDOH9p6#`(`@IgH|N;sZUsUu{A$57 z7JM~m0uKPV0nC9qCDYoh`IUWL5`3{af3XQy?%!U*IDu(oaJB<}+tvic)1&CKGsBNX zban!N`~IH4?Lz!VSzB5IhT(XR#RNU5yMU5YBM9u-Glz`-w*RmOJo#^%!NgZhAsrp< z!D4Dr|En({U@%erQ`Y)ozXMt;+XI5ANC7{;HnaY* zS=BY@b4uH2HinPxc|Wbx0n-HGGJnT603pur^~tVx(c^%RSOjjoH+SQp0ieM@{XYnT z?F?^0T%3XLzOI3UCSLKg32VNlG5Sj@$STM!`=9i~?&?CB4~@bZBz*^S0N6PBBajEk{=gpq)l+^6#$QSKBan1G;De0U zK7b20R{i|DW%Voe6@PW{Zy|5w-$L0txFhgd^ACZ9+ciH#qV6etkjdOHJ5qoH<7Y5| z&eShKgqHKz*9PzaoB;J5KKE+hwSQivKQ}=E?N5xKJb2bIKLH8OoqUErF}gc*xIaz6 zSZEL>2N-(g{&M`iM(9SbH z!r!IqxTjr+vwL|;ocMTus99h`;8sV_A4336KN|!2Ies>Qq0ZlP6p{mddn7wFf>r;A zu%-UPf6ttJ#K#Q;dHw(oF?s$053zW8hyJ+*uKW39{8%jt{GNrqt8*{yt0!ASHGyAh zX$k4}{4xF$iD}Z^4YN-8$^||I_x_ouKk`crIGrcH!0#q471Zsc=|Rvm`*(O6aBnY& z1%H9n@AtQ5_25?gTYna1O!b-n?Nt~J0K^NBRsro)08OaC?fm&x8rUR~d}7ZML?f;j zDdK{X>@TgEY;z)#B)W|f&@dkeE121$9{}YfG!}R<7^m+-5#+GDhn}?*C4OJC4{@(4 zT0W9MBq1?lcHLklZgx#0g2sy6_?_?bvhCLbl=>nq`KrcZD~J;H1ec^IiNK z9Dlqhv{VT^IaCrGX`#pc^RjgF4YpO->%Da&&@Aapz%1Qept+!?~i z{W}TC%)jEOS_Qw)$~9??C|eDI_XVZlWQ_9%yUu0=rXtm zhAq-@%|wY{!R8_J#-o?)2aDz|_~){6rc@TXI@DE*3^(Q6wG#Zk_K+`vFk+1laJH1+ zjM#ig-#HYZ+hku@DW}L--V;dH8z;;U$KewO9CoNv%VX%o>>nVMafBlnOT0~Jo00Nw zAa7r(T|y>k)UG-tNB>@%^=mfYX-?Y8!{Z}GCf_RX;>(A)5o*Xooi8!2558?q0sh%Q zBac8Jm+47kSqpJn*@x^auQXx2i?lh?oCQx0D6=2?@I<6sWVz|qC=_kG^ z`Ml0CMVo|Kd<=$~nC7bl6>Eae7X?3=OZol^lF3Bt`rI?<3Zw$AR1!E}LOCkUu=Ovl z6k)Gt-HbMq2%<$_@+-i|3O#^}pTUMiTiC;WHUIUe;fTolgM8*96im-&D9V~k@xK@B zI2W#Y+=y*}j9uVc&Ke~lR~^*c3~%-qd>h;mOmDvHXr17ZE- ztXe+b1g~&Ao%KZB0#}j)I$?8aK@^PtKtgIzGMMuc$*6%Kb(FI zbR=R>voUNJZ|;EY`jVoIXXc@Ec|qr&Xtci6on z#eP{&W6hE(H!&H7h)f#JhYHZnSn$o=imGG+Z)H{pslg%jK14~q8rO}CWtVuogdVQ< z%nsWZ_^g4z&C5u_IS3?L;pY6?uS!9ECygy!bY2(cO@fMw|g+ic8R_E}f~d7~?>; z<5o&I&QSED;qvl~AIs1ht{q2$FQS9{_B?QMUSXp;?k_n~9z;XQaFvr$IP&V)vw`zv z;sINJXOc-$gIK{(lWaYS3G&IjSp`79E8EL~=zG3oEsL^m1LPt_{1v&z`*+2-g~X%0 z|KAj*Zg)y2o$3?VvKxtSnLf4^uCsJ|bTHxVxA7?nqU`}B+JmmF;<)F2Z!!6GVn?Lr zW{4;=mfnUJWrE5{Z}`sZSb%Ws?PSSHNy>ucR37K!;9qz58S*8UOI|pniaG#k2to+AD2T6IpYE9kaM5-2(GaKUe8$ za37P=tp-sawHN$s%U&E;bEXS99NB()Q(@o7bl>B;hi~5rp8U=Q(>r6a_Ug4GB8x!g zxTOnzI{L%2l)4gaI~@BC!xE3`-?(#Rt23yAg;m8W^?k1Whjf>FH0kAQb^45Fs64L| zd?C+48neaN*056DA=L|RE7nQP-nn(HlUAAX&k4|0vj$`J0kJC$qF>H|I0s+4Ep~pY zqrdR;lY2<0?igHJL6Dm?M{ShV>adW3>TN=*e~G3f2r`9=B=|vI35vK@#MT22&pX&|oiDBquDcv|6@Lu~ge6WbY3?p5U zd!xcXI5CU)yGNVkXfIGJp?OL8WFv*W6&?5j?qX8m6;|e6u}c|Fmq4 zux03Z=sk?wd*ep)0RW{+d%-R14OBE%y2tJe%Up8M`={ei2gI+c#+}!xCL+64;TpZl zvGW3AeXAyjXFb~sfq*?`Eak_RWE!WX4@{IzpU`tPjsKYHvMiQtjyY^RWc5Fpx`c|A z!0MreHGL=jOC}?K`zW+vxnZJt+GKT- z!SlMqSJb6k6ODP$RIrM7u*qU1&v#v#iZNCp(mF}WC^&0@ShX-=xcJgb&nx)6L9_}s zMh-b%cYX6q-J(CyjC5Xn3iUv%TN@@#9`+quD>Saz?EEY!?M$H?P{b@uPIEf$%FG=9 z);ERO!0JO&OLD8XrS3FBmCBrp{E*hOav8;CAgQ#y_%S-BeL&xzbj`x-_oO!ABk~(C z5yvOAxa=CC?|U;Rsmf*18M@k)?_qQlRI|h}w0Y9nkI{E1nx_cu(|P-WQYyqMG?(aD zvEc4`*c!UxxgPsN zssan9*|O0?GxxLdb!fxgE+Byay@W)3?4rHHtpf=j*-L?6!7KA6i(mYF2@b@;gjvl* zJ$o*=0dW_>!hT&~6~vV$@7n(t~YLGkobB&YpNn}}=MF5(ptZxSeV7d56Kg`dIMXx^l7axr5ja3vz9 zW!+X(l<1=K3oA>69gB9UEZN!XL6z(Icyxpe*vqyuz%5-J!(NxT#J36U&p<|q^W+Y9 zLX4aMUo+S*c}?uIRAJ{N=V2a5zx5zVOsoCU#rotWttT>M<7zUv`BA?bTC!M|@9LXx z0iNhY)LGcUoU2aSBq=$#G)wsabR$N?JY>h93EZj6Fa)4Glx_k&mJuZRj3$FAuJ$zW01pWx6Il8{j9=0-*Gz%y(qnNm#Z6+WLRynLpk-rOLj$NZ;D|U zGB)@U5USw6@XXM9_=GX@DE=p}(xl{hcR~5M>1>KOeW&M`p!_$(1UIeJfBViR$c$N= zw>kuW@Mi5P8uTV3FVV_-!ZSRUB3td)@6C=)pt&2 ziTn>XeEUOAfrCkt-(k0JlQmO0h#QlI(^L978UbO)9_C9aHEnlmAr0>MXrn$eV4zLw zK!xzov0xB4)+hC+GyB)OBLf_r0B)jMk#~OjzV>T{1=e*wrqVsW3qQXQW?lyRFy)(K zLVlso_f-b>E`}Q;vu6Db$FN12Hx8#ksZ-gX30(f83DW$*h={3nB`7H4*Xnl8>oc8d zG6t0Rr$njBtHe~K`h__xZxfVByk~oprFrur?_%z(an>H2^DTx`h^HhF39tqy+dg+| zGH#jk4~hMzHR;f|$LQEXs3}5MKd@mA{^v;(b^IS*1E{9xz;=ZK#7A)Xo5t@6l?6ze zJ#F8To7LKE4V(yAK}n6V^IU*xQc32oz)Iusp+(7M9ts%z?rY6b))}U1qAq zDbES^zG(uCfiB>&W2bAJUwR(_@2VAEw|3C0U@v#`b=r;g&E4gxTZZP0UmD6RbgX5a z%3eDGdiL&+Y0nnFGPJDvGEVkKi#MuKNq3c(8}1O>G7JQOy?6KG73$N5aBj5ickXgM$wsoHV8lmnviiU)!h{zsY{3e_G3G#pjQ<^0@afG%1^o=|R+^s^9Gh!p zNdEX*W4w5ItZ`~ItPi-&Hw0wHn(9&;N-$Kz*KK@CNPy60$}P*fII#Ci_Zf_Yott zo_zZ9;M_xU;>?w0vBhk9ZcVH9C?~58p?FjUY=>{N-C_Es1lC$v?Hf@s*%w;!*Atzs zTfmrirQ9^leB~aH3i-(Nv;c2->kvUCe!z@=F5j-$q?8W_Sv}E~YtG~`GCG~n|1`Ny zD+|h88WsBNioVf^0J|O}^#KbbWGEvHJDLehiNmEGpx$`Jig4R1V;q2X90$!mpJiuL z&aj8b?j{l6>aRfmi+|Unn}zH`{iWzUlcQ*$TDZ)o|Dyt{sq7kU$=(K!Fa9nXIPCmq zS3QmA2z23$=q*2d3VQPHxe{@;VzEvYTeR=n3`3kmi)5f1ky-pfPV&!P5$ZV4HM|!w zOSi~mN7rRouAOAhx(6PWfJl$M_d=ERIOu9*2=H)^8QpiC&87MKW$YpD27MzMz3Js2 zxn#u%Kh`$=7rZ*3H+P(bOSg*9vw}R^r4BGQGz~M!b8&PrI92s_S@4QSTW3~U?Z`I# zXL9?u1M6B5{@~V4vd!@2_$QN6Wu!dorm)^O#@-*O;rD`OT1|43-GJ81#PedE16_)} z3%U8ovA{W8EisRe3~~%b6F?Ah=`$3PuD&S#8i%Wl>*I;{mAm-7%|EBOC_!VqQ0eEr zg|vwBp{)-L!b_s7#nXFwo~zv5VObVgoZq0CHd_EbtbMdyO2t}1Nf&+Oj z^s@(t2S;pmuXy_>Q6jX1ccIy!kIXb2P0n}s0drm39yEawe&vxm+Y#j5FlCx2|uo~!+cGGZh2jeYcCyFKQ8!4@j{P@^DVINahvt$}{ zhUsFpjM4iGqQ}44zZWq8w-0>TI!VR?W6OfImcX)NI3wMWV4dRSq!QLP{WqW9bzG|C zf;0*7k$2$LRIXWtVQlZil6chQ zGaoSbi|!t@vNIURCrxh1niu*$jg4=&b7%C>o^!hyZ2q&R5^0H z%W=N^HbIw2f;QYX+^`VB0Tu8}mOX1@NZDd)%tAkS)34Opd@Q`HFzg=le!$|a26~UY zvw+WHC*Dpke~QIFk@AKqmLhK#&H4C8L72tN-(bkbXkO|DO|cD~ge2m1q;77O%)CFm zcY%rDUm8}q&NbV}T00~EaLUa|Q^$9XMI5zbPD)&3yiu}q1uco8~Y>a=Yw5FEGS?}M^At?`F%S7blE|Vxa+eG!#xG3)l z@tCzUs8)3LOMOU#i@N}(#eb~sb&h){lrA$<-Tpn zcSzG6#EXEt7ck|{Od+DEoJn8~(g;=0f;;tre_TuRT?+Qq)bj zCiM9Z2fVU=%IG2w!W&mT$vrGP!@QS>Po^tYoT{&%E?vO94w>6JD?*(G^gXlg*~)Db zmmT;sUoR9U<~*nZdOqZ8pIfe+J^@inJ!7=Api4(PSIO(*t>yLR&T6WA#HPt(a1`JZTW#k%HRW8F)oDwP5yhK1!bPn%~f*)^wAyRt1nUR6(NqjmKW5yo|Nw*-|g5eU`9dH8`D zwsYbMZdI!kTh>Bv<P@{+4J(Aw;x`f!rx;KDUPam$z%#tmm= z*`njt^aQ*-oz0!e*i{V$aOOPN8|ft2^4jV1XaD=%=PyeW^#o&H6~N_SUpq^;w5V8Z zvt-KDR$ZLn+xu^leNK4N-C}mi$f5**Nf$%bEQ1E0P~Ww(_29)m>Ezs8k121iMLmsA z+)G?UTcnr@`4J7b2l5O}R-_z_tY>xMRDK)sd3PS~wqb^3EyE28-e|eIKX5|_F^&2u zK-fFdOAk*Sb8sOxVq_z6cLN2p9=(4FrHJ&OGE+t}yOp@g%bp%SfI?5T23e@}XfM5p zN$#z_mzKD)yLpndZbtTDP}md+2!CjA$C@V;oQo=K`-_Tjx0vcPn<*Ns7zN^T0fpH! znGSQ&O7tR(+}vbP?eGS~!tEwg+Fv}=-A;h#-B5%{0_%P;U=tf6)T(V^CJW6m!3)h%%+n9=~(*=mW%eMN0?lM*%Wij6jle67)l= zAo<)rfidMP!p^TDDXm=4%_Mv4dgS6WUqwzkOO<_i3taur$Q2RL3RR`U6&O1;6dm3T zwYrT!=#2OU z=96$UQ5C(k1NnQ!fJ7TGC*bJ(JH>Fj4ce1U&1{A!K_7?SDmbna6QFaJ0@FO2n9rQ1 z^Bf&9-ZLp=Dv^4+B4Yx(DDy$vihIU>?kuA0(`CEj5m`GuDes-t)eSw0y&X6_w#12) z&FFTDx1M6uW@3)pKotGfhj=ue2G2d7I@v0s?Ml`4p=6~I9Ks^vg( zuGLEFfX#f;by;aTA;XO1i=Zc~;49PP^j6jnby-=JM%uLjl9h$pmqy1tCW>fTGs&nFKSyr70|gyxF$XE@>1=sF1t2uAy?8WA+%`$1LoR%oLDd4 z%)EChMy5QvLXw0Q)+6t*JT6<2Q4FCL%IjqQ9MinjTCeI<9?)fVzt{j7=H{dO&OY&V zm;~c2X6u)t-lI_ubv3((@W%z5tTC1bw=-xRQT0jo+Z!1;lZ{Nd8?HahAMorF!nOao z#hWc+Lg-Y(?gQ%xn{I4~%O)Y21tINJ8xe zMmL0E`O|8JD8Ja8v6QaF3Wm5=N{xHzmcqdFBJsYVRV=|r41WFYv$YN^dEG!SCtnWo z=>+FGJMl?hH&>I~;dx3%4C_z@7v(k^a-q0+sJR!uuV9_LzpnO7a|>8DS0A(jQ5;f@ zLXIca5xw+9-Q?r-Y^XoE*4{0{NozSjLYyA$s%e3%Pe>>HJ14_=Bu6gJ#OR(k3by>_ zgyZF~=s%f=%5 zK!LjHLyruzk_KV*C)2<3HmN+LB&U?3R_(XMak(O^v?coA52AooC~Q-6TSUGmH>RSc zJ5lB_nz%#sgLr3Ba-e~@(`?YhyaH-1N|7YU-H#xPc^?*o@RaZVi`32284N10jx*^n z0uVwX77dW4@p)oOn;#-8+s_g6eg>3#E77NXEzilo>_4|}Rmv#COru_~j$Qu+kA$Sy z{bAw>|MY$f<lG zU&{q>QT5xhn|xp16}!%k19KW%dx|Wv(U|Rc60$!`1-Bo-o#Lv{Ay=znU6*i_{Zjjp zgz5g@-Y4}o;fF3^Tcq=e+a;nUuCqId2si}v&xMSkcFWp%sz@_QequGO1iyNUvN!TS z(Z}2NM`pCmCnXp>#@6C1If$92zq+iWkEn8HdM|a2^5)YqM*;|?!u0)Y8T<7TwR1^5 z|5r~5I>GH2Yz=Tp$kw^4o+gWbu|h%E&f9xI+?P3=cCSTf#Uu-DQ~fw1L)XZ0b{LAy`-n#enX7@RL+}b>PSm=?Vb>dQZ-Wjnm4Zsnp0;bgGau}=k)5aQ5GO*# zz`jw!j8}$Vyq7YvmZP*TN#r@yhYN>g9NF>3?tCqq+m`C382rD*r|7jgQ-fT$(3G3&#u8O;Pb)80W z_)!Lyog1Hap6V&iZWbMF(~O~GP*yj_mF=$1S)Qv}ud2y8Z(!$A{>^TOWX6vCv$!$z zWNb|DX-Vju0>#Q+WcLvlQyAVGoM{{RG?cT#@n#$lD&P$Vaf$S9$%B6UjtDFq7l#U6 zuP{D`?r{(ay|Hh4d>-<4OaDM|N$yntd0oAqi$>t{oGdYxaK6YpYPb|nti*vbj zapT_3v#eQu^ewJlN59s^z#CAzEsAv*nI$Zfv7ned93Q7B*)yvx1#6kv0SyuQCC(E& z50h;DgClCX?}b{;0kim*Oxe4r)YcSD8EAS*y!npfS1Cab}AhGdFYfYieUN`^w!a{8uh4{iYqJRAT8T^we8Op~_~%lo0o1~mIug6-bz*Zd=9bRULHfbxm$96HMQ-o+)py@@ zgnzK+c1G)qfy0LdP&drrueG#%QE+g+4JUAE26?11QJ+<)h*7%D8~Hm>;YXv}k;2OUe(os99dVpJ`XtE_&Is( z5DScOsAY;*$a@-!r(_rc-bID5^L7p2XknJntT~}3Vxm<>?6T)np%fc@WT^7z$Gvsw z3~)7WqU$XtM-Jvv^;MnfM_S8#-VINar?KKjl&vsAamW`odnWlDIuY|S?e}>lgvI^o zeu1P2t03LX#F=#fx<0lRTK@a9z@qlEL`kxwclZ6Ur(a=T4|C^zR1J^bch|- z_&3A7y*xYarGcJfU2Y^)-3?B|fZ89ENA{EHQx82TWN$4uQ+=WE*|(ZD@HJE)1ru7X zRQT@TgmFGz@^j&Q;%BFyR)z^+F1jF&w!TC}MZM`%xbkoe?r*2yf>LT2sV+7)%2tWv zh$Wz^nd7a9b#cAeb`f|!n-XD5Mmei7+x#lJ+B|oauRd|ymAtScOS4C#P{VPT8&%Ex z;NoT5a9nSho8e2KRSuXRZ_?U5jw_bi%0Rw=H=o4V&t!`*SAE>(0>#;&BJfdSpBakI z^TCIawlOZw$Czy)@ZB3Kl&PQ$P{+Nh!_rmQLc`w}?0twBJ1}v3{3f}12tEAf#d2d( zS&&|ae|`7TaMu5u?Gum9;1B8d#(V5>(ScBr)62Wmd#r*BmwsfSHZxRU$!C(vx;bMs z?Ws-68}Y=^n_$`QxSe36O#_Sub5&@9QKXM~H+jZBS!b&m$O6U#0V3xBb>f3x3X08x zRTD4y*X`eAGde#ia_n1YI9YfKC;iaX=jW}qQw zK8L|Iegb_s7Gc8AjD=xWBabf3ee0(=t-}I0p)R|o6!lpj9z}Uh)q2(ek+C$Dn6}0~ z86m`s<6Eqk>9vqrS5|L$7!8P~xlg@2c+Z#ijn2BgSKindQP9&?e9*0N#|IU*9P~{G zYQkyrUb6XT<4&Wmh2LWa147|0adc|dDSJ9MfS9ii-#!LpXP-Mp-Xc{QvC0c2y2xNC z0Fi&%%^76Dk?!{1;-e+jpuMeN%k4tXg<4Xo>Y{nK>0n^Gt&oj88joZ33ARuy1WAs` zHh=$R%B=`LKW_i~g~uw{{0%#|D&HL`Cv$sng`bB}X~dk@50Qe4IyA{ia0M+{JL|v? znIhZBZNR{1CwaSzb237T=zufZiye69%|mNnP0E zrkkgZ5mESY>$xUK2#3SkIA>`M{4$;*$9u8s?hP3o6jtPT_;B#XxZ#kco=HBjRl_&J zMp7cKFr2B&_KqVsjRg65= zIH?N9ScDsC(kE}{oaebHH4)zS*>N^g8%KvqemCj-R8xKoo2x*T z2n(*>79}*RZ40_oVJNf2qNd3yygHJatlo;^^CGnrTEx=ZS(Pv3zs{qb-TC7C=pt)v z$F!3Hej4OC6H#lZ{TUjG)?+|j*dIAdhQx+vBMP@zlrTa_f^HrDI|Zn{Oi8+Auc}kw ze@HwSQ z2cA4tjJ$ptp(nGUH!P(8ksXQ=7yz;_%|<}L+GYSN$*jXt0FPyzT-DjGX$kd7WTquY zYuC+8nCle+d+}>ByQQ)iCTtHX!5ciUgy(4|LoH!6HGpNdfb+7Pl$8Ss2_ z%~>SQ1lZ_HJNt!#BFq?4Okb^Vc-}*DkV|~urrmxaEq!U-1Ip?-90qnXkmfEDm<8iN zIrUKTNmt|Hy zs#LoA?2ZFOLmI5Nf7$?)gvut9!6)gjX?bCSkPG|8^isV->gJVRBoB;4_a1TQlVAoj zzT5_>*|CD5BwBFT$h+@~jTjeOB}H>SEJJ6l>4bNkzZE{WI75xGew%P7V&{i@^jX^Ii#l0BPK)Ks7b4GO41=dn%770Ahbd{&ZEaYivRV%dhB`xRz@Jpoa+6+NfiSA`6Om7i%%a=>k}EzhycWRE#DDG7cXie ziJdwukH>Z6K2|Y5@=FO^!iMc=KMHMCevMkAsd$To9LxWGpxpevDQBBXh_Q7}A=nd} zzTbVVL6#`{HHTBp*KyMj*E~j9Lll;_1G4$g@(=6$@3DN&^e*qOQze-7I31G79r};4 z;=?*|S#`YJvso{)NfPaib53 zM~gfqcPFiGq&5o5M+0J5Y|Km#38>+32FR%^+9B5~sLplyv~PY@XKeDElNBK{SUev4 z>6PGr;b}aX=i>{Ezqdxb01PZUa~)4eQ)`{FhI|yCoLL{$N+xLq&ATWVN1&alq})-~o-oFpvL^ZY-HV8vupL!@Boa6K1W~2-S;l z6QOMO+#OG}d84QaN_i5&Y1{%2{U|Wp@kcGLS->sf4O=LCr>C+qz&|%Vx#3;5+WLZ- zlo(C)HFv68KH$L5CG_JY`mV$~8Gp08@E?dR`qD|*9Y-a$cr5d&8vzN@Tne*csSif{ z+g{}a=cX2P8Vf3gEYwrgWpM|J&zJ>!=hLq)7}e|>=6T+naLtwzNB$JN#UP^PVn=Cg zLzu9>5|wz^f<FR!VUY9=tKv*9Yk2JFVD@Z+Q+Tk6nOF_=gU3ZVLH<|kJEZE zkOhpOz30&BH!P^=oI)85P3I1V+2;i%M^p|X?P>wrjsVRyNmT;Zf~ik7l7O}Lv&6RD{3}tmq|*#xw3mDU zp3zA7Ba><{FI8mVVrJ~Gh>xCgwdB2;w0qf7>717Mb@m(jZNqH(}>&wzWs^1YEtR=4^+x2?OpS$^e3aO}-8ZXX#@ZJft-D4-*e~})YcP_)t zxD=}oBM#RcIZTB>SBRwUsrYMsawLlTMNMH{E9$K(b3t>7iJm!J08yuuD8*hpd$F|& zxyq(fkLLRmv|69*rMsBAs=0+&o4oc(U1jtn!Lm;c<@=N>hn~o7x^`M;in}~)-)Svx zgAwvrDEP=MZTRei>*T(sh=R{(#XI_zd{Oam9tgBWJ7s4>(X60)k+NF&joC5ETziG5 zCVWSu-%`K0IbjtIJ#7OxY#j$qIG-|lV2MATz*{#* zW6A9NECZ7*?oc$I^??KU^9|hTL)LO;}USfhBnUgIE8xkHdEXiSyJ#Zu!N%1mJ zVmYY9gxl#}Sd*uip(+KP55qec3AQM$8O()FQyN?O9@~d2TW>>-zRP3lB8Nx5uBe@c z78qW~v;^=n6V6gIFOXJeT>QMyuP$UE*qqILg@xNB@S5;NK zsEeIgVG~&o=>5L&6W!Wd-kP_c!vT{hJuA0st+>vH&QOZsX?9Pfv2J@_8h-X{*qU$N zJa;1zaO7S~KcKtvb(r_{pV1v>#GJqGa3&w2ZE=ZmT=&3JQvHIQRCseDMMN@+Kfy1P z?~+E$RyLe56dA-Li;9DCKmSc)1v?C8xK6M$e|$~+$glNO?S?;V9y1Z;TD4qD8P%i) zxns4DB2bJcm-8lojiMc!R(lr{W~a-CW}TJw)n8rgd;)cWZN=yj zJ}wak?#~+?#^MXn<2i-SYf4{wrQ_0-?edm4%@j)`Fp+dgMNO?T5)6Z+oqqVk;TPr= z&{q&x5Pg=+anE%1cy9V(fMi#dih_D2JfzK#L;9{~2u87u^Bxt6pkScCc584vW3rKL zqU<#&1eaKwT%8Yb4LU{z(3I~qbcJ(Lu4Q|91l4NLUxR|bYKgGZ5#I1}A#>E*NOx_*&_i{#G>Iq1W~nc7!@)N;`*D&{h4 zCY+Vum-D^&Ncw{w9>djM{H5l(9HB_$nu%0hjtmItNB6$=QzGi@b}I)jJJnlHG)V4K zROrZJtcsKBAKG=8xZP(7BMYrfp6aOODkA#oI(4`E_fwWS#Y?kuD@54;B;rUL>kBad z{NY(Sff=a*{6l6yiIY0TbZgcY z{$OQ9l@tyXJQft@$`Y&|=~D$^f4NkrsBh<81$f?NR4RnJ^f7y64pOT^xIO+XTInw3 zWPNBzor$=Mj}xQ9vl|23Ofn5+lL=BD%?o;;O4MRpy&vq5YXKf?dK>+YC^2&ZZvoXM zxjne|a~-0JJ7n>v(cB9gU{k-I_>{U~p1o0@ZQ!P^BczueoPc0r(}Z zI2oah>l)F*UQS{7wTP(KZGUdcmelnLD&0X9mi-p}#O zu3oH;yxo&M%Y)I!x7;cUtVti5W|I~n=5jxjIkM0P*V!PUBv|Hho}Do>hc)W;J^fG+ z<-=B@(lsvq^f8EE(CADH=<12uEL@c*@g-&on~&6Moq3r`T2Gg*i;ZC48Zl8{dF%@* zY<%Jzf%`n@i$mg)1D#u%&ZQmZHt%dq{T!)FTOO4TckZyw28d;SEaz~=D-oq%Whzaj zAhG?NzEOh>-uw%&$-L6MVSk&_;;=TI)xUe{mK|UjlhTS4X^do-+{j4#(g;1zSRijE z|9abed@sb{bk?!-S6&~rdM#_K!qwAbNjtw*){dBKqX7uEE^7B4Ir#&x$GMjy)F@T| zU}<=ht7^KS1#_qz^zTg@{JATqSBPK$VD&i70s;M{e zlpdwJ;mv|fdJu(aL!hrssHxxiBzN+$z{enSJ>6DWI{OlVXf08g4WMW zXK9?>)&+X04GsiscHvvO9gugu{bWXhFR}zV5`w(@SXZcg<7^iMD~cd9c>JaRxi0UiIq|7z zTo}}2MQ0JZ$n3$_BE%^u@uPN~3n3jsy{1>6`<%%^?tkn+!fs8^l?+TK!cuEN1`M41 z08081Z!SCje54Bbkwn}X9RlfTFg0q7NryelteXfQaMb#gZl_odOm;LQ%=vLJvB^ zbtgl-!oqf^S$7y|^h3rVfvDc-s+scfJW*4w4)h%f&iziExhK`fxS6Jckb;)1t>k+( z1xNk>vRik?!OLr(&+b;H+j7At)}4chzkDW@vXTX?G26l|8f9P%c!>;*2jsL0F~#zR z{l6E;9;v7;x3_BqL$C1a$7nP-p1jaR6jr1piGN_Bl!w78`f zTt`Ff@3NcT5+=0DjeLMg@9@r<>cXJZ8zQCJZellP#*NZg6dl!JY#vT)FVvp zn)KRJEL}n+?~*kxJ`TD<;PS<%(w35XnN-g->PHB+NpsS1fi}TIYWtzHLv*&M#WsME zDnTBIc!AHvnbI3%hp++Fd)qimDRC=@x(uKG8r9Asv%c&&mMyjVHvhc|V6PaL){9H8 zN6QJZ5lyVYtQO&DlZiKkQVh|)~-@AKb#lI{4DZE%Zd`bbGW9g&T>XDGy$wIAif^_c&R zveZ_Oi~kcL29~w(wI{kc76PWFz|WCSI4eG5K9g*6@ify$2XA-Cz6~{CVz3(rtOZ<) z1slYq+AcbxzcAP8e+eih31s4yG~Ce0Dl0&n%>K%+DSl9bqfha}(gDq*(fvhIx;OC9 zs1V9}Ih77%hy>UWm^HR>2uRz*c%>b{J$KQNR7m5Se|1RI68K5dq?x$%yHqr|kO)Eg z?d_*wH=HlI1C5y$X~pzL85#Y;U&2%at0L@?J~NSdfLne4zc%h6K@bE1fMD6SZQHi3 zF59+k+qP}nwr$(k)86JE8Ts+@(7cO~%?FmC%VIE=>(JwOazb$7CG^7E9~6y=UbUJ!eDv;ex0a?-1!vCU72qb3{7_RTC&Urgn}uyhhn`R%|%}=PK@V;z})$qifV5i9swi*Rlh73>Bru#@UsvE5ZV$Mh{>gHl z*;%H}xj7n&fOA*sR4RC!A^g)}_!z1LpKHtICEC4cYdjfzg-e0WAj5}t=^uZ1i})HU z2x+=!K+^gMjSC(ZZ;jefj~~~}P4e|LaPU$i75c6}(G*`~5hooS@n^@{#Jg%2_Y8|O z$FZQ7thZFtKVbi*BdFTI;@E;kP?AkVQ9_@k-1JF)53qxgJ1rC{g{xU|nWIxyodl+$ zQ!CV2AjGMEqE+uD{FWnd<+Um>Jm~m2(uFO93f@wpk!PJ0TLZaN-Mmpr3kqAjL@sr9 zshGtvX@0p6w)u-)JnaO?e&!Hi(d_Qxt%pj(K(@*#4=lXIK`YqYhD-`Av2gv*3wK+L zT&5`vop{Gris#>rs>vgy)u5~&(s#TrtN`$6z+c3k}0)&mS{y!rQ4pH+UsFM{1ZB|1Q?}_V1 zA_fq23SvxR>M9cry&$Wma&>U-aB)MY1=wOK@5N1Qcyv@~->)XBhcL?o5uLGzUU89Q z2@^CLYB%_3`vm#{mGuMP=VXYdR(;OQ#LNy-J7A#HGMzmT@J+3Dp3k@MN{2y&Hs0e^ z2_4;Ony27+NEyh8f8p|ok(^p@Z@_ZqjdM`EG(-|xKpWf2MSXb`lRdNMi0P^bsD^2X zy(Pf`=+>S7&?mDJen4^%e|14in z4KpNF63jBg#zvAqZCZ@uheSL^Fq@yUG_acN^`cV8zY9Z9Y7BFmh{)bQIK6@RG4KraOu(2t!Hd9e&$Lp(sxNeV zPe!J|fIXtRc)jnhke*TH+6&;R{w1?wf>w=Ms{f*LNrg5Wb~e&;D=WZOD2Y zB(bTlm5U#QAbJWMM=~r81r?s*X47_?jwDS82TmM<@myv`>G<$NFqR9X9RWR``7)%Q z-|TQ<*F;eQ^;{q$EYWFHk(2fqd}5~?0QTg!Nv~Z4#;eX)i(v(KkJ)Dd;1sdfaL4}B zBU-`oD`9Q0YIA6sPx})U*qeOTlfdBGZCTfD&tY$aO7q~l;-3uNuPYMx*%Dm`t}VqW5<@qz|}TjX0+!NVN%B|E?BSr8vDyn$}@= z@6e6I?N9vi>}h;)Pe#0-;TL?mkoTekM|}u_KiPNH{mJjYXY6f0n(!YX`Ol2{!(L4T zqOE*8?qwBBJ%kW0YTzZgUvD;yKLAj(b5(tf21Z+iBm#oRYH{oNSRQ0R;I>;hyt6Px zu5A?j0C`iwq+H?x@bpc%hT!#?;n7ep@YoPfizMO%e?#>rhfa32x|)H}_v|35=Xcz$ zetzk*JtJ~7?e;=B%Km2(<_Et)hg|8jEMdbs@;4=wI<;H@YHb#MlkVVlmX!2wOdm5y z3p;eJRoTc=JFV@%5mw$dA`KtMTEsT_4Q32i59SG1ePwVDn=G2RJDbLw+Zrbu>IDFrLn1z}LKNiHtbZYHk ztVwr%(Rz1xzkF=J;P!?jfTx9AGiF4bT;)d6F#O4DcwippVE?F2z;mE^D7-TCw2}(* z!m4fN5LLiyqfsxTp2fjP7M>aZ9;MTQ7oh2Hlz5R%(7Hgb2Yi)YBvZl{Azf@ zUdS(o(bE)>bMhBFn|Bw3n)Ec!>}l2ZqcH&mKpMxYzI#B{8He_xj7es-^EgWPnrAWlEhq_50v9wS*S3yN@*Foe~WzH>vy7^56GglcQ;?pB4$>HCg? zxfHj41oyZHo3nP>fdn>1;78w4T{my}xeHb#r;!i{#eHw$n!4$$1`bt*MhAaWtbal& z4XUKp*R=`314kkFv(y#kmbjM(JOHs8C_ViZI#{rnmOSohwGx|ik2oP344oT|d|+fg zne`HI>yN@?Ws+zBXer^m1sM^rU=e|&?j9mx#7AEb5DU|Kgltb45Ib<`J-P=PN!1@& zu_OnP$aG??;`yJs^qOX7iUnnfw$lfn5?n_$9#`DfZ|FxRs#&oqg(1DPVD9x%FS0SE zHpAFTI*he}gJ=5L0f>SWq|Y}YkBq9dZE$`gdY;SDm=^)f@xPvra;bQ!ooBrr0u1%k zi>V`r(gx_^%g##(;2gLc(Ef4;3#L-IQ^X?0_> z$%5jFLE}WY`W3c6IMQRb28n$2vJHF1WM@hPX@8@TDjiyfas9{i*PT_>AcVO#J50E0 zbtd-@Bk~;Ufjj5BhmqhF`^AL9`yXIi5nl^+e9OWYOpnnTLz1n9&YIXJ*A{m5=T(s$ z#pESehSs7pr#%`VICU0hOprkh><4q>BAiHZ>_`p2BF03cnr1xBr?j%WE~UGHv41VJW%6FGdPk{Sp1B zp~j05k?qn+IIX=Vz+uFPWG#cAMLt8;#=Qv)MM0Of`Old^;Oe-!o{&slSAo4_U2!RU{QkZ~FVGq);k%l7^Roxu?ySVw>tsV3-lwKI(IQNB-+k<_@c_v4JFwEq%2GGL z#gcnss{YhNWC{q6p?jhFrv~FzZ%6@*1ylpr*GMEUSyP2Q|H}TORPn_%#&X#Ed zO`+w3Ma^2svIxBbg=oFm(j$03GJvU0h8io{f8WkRN&qa_(#%M{IfhQ`xGJXYf5|{O zhV+lQG*Ln##|PHr!L(>#1QoOXi#IB=?x(+y0H(KMkXSH> z77zg4f6+Vx8KS^qHCK1nD>+!g+8&*Wb9SQYRR`WhG%-bAWrg){dBQ>0UfufSq;rt? zE@TQ4)QG?GE}DtNP%$yV1=77`WpP#}+AHpW|r+y)Zy+u{oeK z!L~i(YZ1FsR*r>s-dbNMwptv<3;`9m1smpz2p_=tKR(m&avBU$)wG$5evxKpks=*n zTv364n55Xa?5wSR&&D(Alhsr;~M`@`WrcXe303Wz)4`|tVNz$r}zPpbsnbIsQ@yN!`ry>Fk}-weK+!Yu%2r7rTedj2r@AhMG2xe z;_?XdWksjdpGc;f+sr|@f*g5*P8;f?qbQW|en?{CT3Ee`24KI1_Z<1N;;WoU!j6O8 z7#E9#3VTNg0cb|nRuS-y;`}5}-n+KzpitQv7qbQKN51~)y+-m2UR3nLVAa`hH0D0I znG=TC8qN>-LqZpN^~zInDS$UM0QX9m9}lUqX6$PK>{DnV%5FqJeM~VkO9!8Q7mn^E z+R5bVBIMmU(3-(bGsG{R?#)rlbMhE-uSQ|i#CCP}@-`f85H$a=G^IZ&-+3%lN%d?)E-3s138pOL!uX=Plt>PT|g1{6++}A^ZN%JzxS`h z>Q_6n15E?!`JTp%LNETpVgqD?tOx39&Ajo4N}sXfrJN@FGHOW7LnoH9;+GB9Pa z>1@^GOJE}!h8~3hPD?s$XCft&V;5YMF~M39{cPywMZ(mj<}VDWs#AVx$LrPhf@%CF zr+n<>vRPNw;@?0ge8vb@zJ^SOBGc9eT=PfmPU{h-GF39)b1v!*6Ca599Nd= z(Q*s{d6iMcR?oEy<;Lm4L65ErTT6t4yV5T1DTP!()EU$`5H>raS%Rb3ZVe69;mt+<@#^7^~=vwxDXj?o95Z z*DV|keLy(7A6DB0C;oZbb%5z~v*Hx7)o~UUKY~%(=NMer0PN1LrxojdsUbI#>y~<* zSH8G)Ti?JmQ}w)%#(OcOZ#^?-p#irE@H2z!7j2`3Ji0025U~fcz&+4#d(||_^=j3G zv<7TD{3v7F^@_|p1s=eOv8?6<*bM#8k>}n`1EjUq!;f4I)^HxYHMb1tiDh>(2O!?4 zJYgePGFLfNKWF~5^|EgibvhP^B;V;^|4_Eq7yRkz#tpwh3WV1hGl=-sm6U)+^HpFG z?Kp_w6wuH!dcBGNZ4cmZ{RCDhicm{)pItbMIWfQaaYK;iZB!xE~J3ub%HHzw0-+b}DW7-`0e)H9qVoIE;^WSsy zx-ydFFpc1_`ji+clI41GUz`i-(a6fH3p8)Vncss9d8I_Ya!IauRs37N<#?YL*Lu0a zW+Xr_l`Uk=;cYr1(o$SP)~@<~dw4E(f#=8Wrd3@Rji&f?Cc8Gm+W;SW{ z4aJgAO_bTOklSMVDqevcS;z&%2P-k@e@D&T+CSLVkyxx~%apnp1b3cI$;j7nBY#n84ZLHpsMq=tYZ z)*16e#{fn>F_Xf)1-$bYiJ_uzHoO*`oP4yd5JKzr=V!_riJ_5|#Z?`Xn#>SO2xAj* zsH+VJ{|nT0v?9MIspe@HUo?}~%#u%&cR%HMm{Zg@QWZT~#yl^K5|>o+qhJbsqb8eO zTQ2JsSkB=q+5SR04DyU)X^pQczl;uLz^f_GIN8$bR+2FuOU(l|&n4N)0BsD`@!Cz^ z<9xk}9D&Mdv~@X|Kwz!eCZ@i7I=JK$7vBPTE$@k6=9Is2Ix7u~P69NMW5sbPlr4|i zpI(L6eV||6x=z)O67*7#ph*E1?b3DqBr}e{@zZdBLr>{|`mQ`3x;cnSQ31;s83`OL zoW-%qo$TVM1V&dZ8J%E@6fU5pG`vpHEv8`kkW}*qF97h#Es7 zPYag^?ju!~T-;^)48It<;hJu+cVNy()Aa+?`X3vO?8k^F0L+6e#Q^jg0)S+xN4=s? zX(_@tC$)Z#u&t!jTm6~?DIl7Xev|zgRtKw$1wnl3`&^MS9RH)_jYZ`pLREXgcS7CR z<-&+*-wleU!$ML9;ZGHPue&d?3W9wot+xPltKJ^{zKO=7Mj4E~NcL(9oM) z5x-arO^ux@<>6UgJ==znH6>POjL6heMbpCHn~)rq_pu%jx6(OD)|F~xvDd7OWbb(J zgxGL>$%p5p%pni<1Nq@aW0V_)OwC)kILB z`R-^T-TcUds@K>XGB6g4$=oyAY>xQt*dz5Vv*-OcjZ!sPza@qD#W0*s@`AsYW!d2? z$?%SuGO(WcpUc`Vr3kec_GF%4E1&(G<#RIJVl^0y*vdWFXUVS|$Pe_BNqZjOR04|+ z#-?a&n|<6_LIF-w{JUdJ`USAIv}0cB4(&JKuu*bw)uLW|q1OYHmCD*+Z1sh)`&2T- zE3VB-380URHO>#)QXEd$Lvbg4-@`i7&cJuEbUW;N4sOc%Jm46(jo5cHV_Oc98>sI( zLo_#;ue(+x<#Bd@9j|JCvAv;(ab0GePlh@*U^*+&`6ecx>ruiDwM1tm1vjvi@UBh- z7kwwzONI&Nqub48%Nh?Q2RV-Vb^>%$GX*#ecS5xrH+GhPrWxpH_%BOz#G#Gi$T?%| z`Ta-p3&dXhs|2=|UVosH%<_hU4ypIna+)}Ub=MFY{@V>BT$xIvR{*t`aSbX8)h+CZ zcFmSBEQzAiiv~*Sm+eIt?-pKyTY`h2ElZqI-*oh2eEsVdTqy=MH2k^LM_48Nm&u}E zcn82#>C0IWI`P#W6HCMR)M(RU&^xTlEej8;u1O$Xv+x5;l_(+B2dPgv*{H| z9~h8-2_*a&AGbhIde%VbHZR>A;~H24^z-RF+%N9n(V-WMK>rjvM=r{xsTXOrP`c9_ z;sNJrtp_Oo(i1PP`kkL19*zR*-jze=Q|8jaNA=a^VaLq?>M(5TtTSUP-u^E<4F!km zp5oJL1)w7`?v-kxqF;eyo3=dX9vcmF4;}YX7>e{pQIwd5JXVxbIAINc9_r36Sr?x6 zwew3QiVK-j`@j~t0>)gxlX0H0PxARt9+swGY&cC4KEpWH*v&2K$5@K98!XSn8CDLj z?%G95Fc6|uCCU%E?0VQ56BuZ--=qxyIao-of_C?H@}Vg)4nV2FujM=()Y~BGRGax+ zd>T<79hw!tn&saI9lueM9x8IS=CcR*Ql<+YALt*0{k{TqSZ(BY&3aMMmWvcZ(E}fz86%;=8J0?RH zU4P;#b7d;jh3XsrqFGBZV!N(B`toytgYpdH|Qz+AZhDTeR^^TJJ^BJGL92% z?-`>WUNFCEQyUR6A}-AZp6KI@guT5>ciDrTM`awiuWgqUEY~J8+Mx9|9fWa?n5N8YCI|l2lyAEPd+~_v^?%l|14d6GWlE%l83FZEtta4#JYAH%zqF*0 zZR8R{?Ef`S0nYh0qPc>UEHJ#Inh9sVVJx-Plc4SCTvrtq-UEjrmVd5dpbB{$1}e3`XTsJmWu=TFPc64U2Lc@I9etf{SPzcmnO^V%x~ zmP~#r;%L{F+JT}NEB|uUmICrcKMn1M<0hLn^t;+@{$*dcpn`y_Hijl*T&v^n(9EbH z#QS66AW27qlU8!jt{Xmm8>qGl!o)T`f>}bD!rZ3UJ1t&f)3B);izHs1e3hl zubyA99E!KxQG<$+qip*uKO~m@+OI`ZgZ|Tw@I-MF!3K8381BIQmit`|V-S0g3xQ?m z{-L&%EKDGqtZZihn0R&dShRrvOd&jWoZdXCH$fVk5O@nt zGzX5=<;Ek&Rt01ibyoA`h&~z>st5sn8lZHAN z-!5D2$u|yq-vN0~3Gg;cK=w!S-q45hO#tTFLGR>;-TbXA-4WDdq%~nht~tHAIMMG! zQ)fzf^h2Oz{`u3()~9RsLnX}Kk%$kvfUx3BDlQ_;qVHBhqVsSL&RI(D7nx%E-m?~l z^*gdG!xcoF5|nx#D)__Ax7s6b+XZRXTWdTk8835T6}o9pvvyHr-`!cNh{8=c=5_nJU;oPqM>H=j8#+wQOi)7PT?EQ?Wiv*}1Ma8Xd zQirI{N3Y>tsC(OVWRs$_QrbIxKF5VYhQVHt%scxXoR;5gEzDbc@$e- zs)n~KiYaZ~)~e|%=a@VwJGrkUNsCL@9bnSplpFZ^&@_%_JksXW=6?0$!a6mr#k%Go z;|SYl-#MYJ?7AP`-9N}K;+S4ny15AsqU5)2uO1HRknRg6b;ZZLw*Hs$TTu&p(8>6v zD2TU=8>s!D{C=o@jLKR2`c?1qWobxW##N|_$om|KJ@S>(KkW2CrSyeS@U={>B7n%m z2bwhlBc6Dpka>K1f<-`n4N&Hs>QAq9AmOc?he_(*Fq14X(5jU2)>97hG=7P1%?jl;@r&poaoyEQ+!3c#@J2F|U)%T2FD}wa^9!1o=m%~zanCJH?%fyU6d->-xD8T)mHg(8QqBC-h+AJ{K3w^+$ zb}}CputwH^QUXc+%|AnTt%Z|d2{sHqyF8#eI=;At;DJI8+nZo9a(n0)*^WwvW9whl z!)JlF7Uy#z6z?@A8n3r=v^?0OY|uh!dC@E1ojTd{EbNcte4YToz}k%=oWAKS6BSFM zSJVtRL_xEXeJ{f|{=dQXJ20+IqbJsa5o-vk_ycXbb1Rx1@ejp?hd!mB{YE=gO&6Tb zcLEIr5Cp(w>~~G-n#x~RFA*!`@o>10vXrvL<3u`uq1$AxpL(Y}m-~lBg|*jxPi@^< ztqATWVEpP^M|-RpA{{HElpJTmzrAUHw;Iqz1sXqjhv73itY0d+w`X?X6^**pIio*{ ziYVhCZ>dz6GY|N9fvVP?Nu;a4u^Th}L>irh$j%{1-bU zx&){dxYGA$bcVB>T}*47lEFD7xd*32p;6E4hbam_E#K;jQi4-G=RkYEk?hMWxHgDy zYC7QJ%60RHDX}dZoA^I=PP#fMWCcoTEUW|N09Ui{W>Oir5c_~a8UcJ9p^TkFkRU*l zh1<4m+qP}@v~AnAZQHgvZQHiZo&T^AyAgZXV@BnU-qNJ0)K5f_zIjxOxJOncM0uX)Dv$5TcEti9_cI6QR)@tUAezuB>FpvT zKa`oYBYoH&r>2Ci?E5j#0AR|MByAzM#(JcoQb7R}%`uax%aJQFb1^Eg}UmjIPK%G9bf zBeEf6#@YI=s^nf!`wb+HJHpHTmwVljNGhH3wJ8JAT?B%mcv9$w+lO|!rH`;78+4K8 zV*l);W-=VtpwKMisXJy_hLr%Lw8pGL5e-=oH2olufJkyrKkO)|GILB60$0jF7LYOS+Y5;+2bU#R z+tyZTqh^|P)pON4?84EN&%6YQnsaN!SVTvkA2>olnGIGRa^1~ySTO6~*r@G_2@?*Y zU3x;Rt;Ho13IdiuaqP^TQT;uU|4Df$dh4j8sui~~tcmZQ&Ddp$nqi}`^2R?i<#3z_ zj*2y(WLJIf2r2ASScs(j*HH0_@%kf03S}53qWRhE7(iI5ZfkAhGj1?Cgi&nt+ioi> zu44yDv>*vt(Iwghq_`5obFP+Jn;o9FyYPNU0}oPT&pd5=nA_fa8c*br;b-JQp+H4+ zc2O*~zsLXR?u0y|sP?iGt_A|Y5(ZC-;Hq$am3EYE#|!V9;g-u&m?Nw5u~&oJvTAvP z0555kBvm6a+6E_kVYL8KLc~M84N%RQ*5EEE!;p1SXN-!}fE-$NYlt0k>8VO1;nxY9 z`n9Zg%6Ti~A~B>|5~DC!s0CkVPa9Z$eL@8Ium!aTnp@R_e!mtlgxM{&{Nh2=h$uqe z^m$)$j@zqP;|5xE7XTLrr?gVSu5AZa6F~bfBhx$z79*cQE>jyvss+c>N?YU(bn=S7uIO`n@#`@ryKtC z9+}5|*L;&t@Gja}8xDu<5v~4+)Z1;{j!mJykBL>d#fK?Gvm}yArfFLKaDOUgw6|0@ zvg2@}iO5aO&2n6xn8z-6?Q`iPb8jn0shRT|pYdM%Vz#!|9`8d|MmNu1U)abwcHkb( z;bVL05RW(zyGYyG7b)OIxE_k^7nQtN9#ghYkTDhy(^HlwYV>%q4-zFj5#B6Ytj0ID zGqU`fsJ7t*=XkXA+~@|&hH@Q1R8C;mpK9-hs{p!XzEs|yFUxa)t3YLagfg%4`uI_q zrd5J=X&~|7`>Wx;(U=$psE^ga7Ne3W?rYQ&@cm{@+X(M^?A`+_8`k^3gAJzTD=mq< zUTl&KR`Xrma+68$Z4q!r#Q)*n|7#MyH8QbK5g0cF@d!Z|!ywVC(RG3A3q5WgP+4G0 z64$7pG$MVx_N_2Dr0f2mA3E~mdnnFY6igy1CE>KhWJG;DL@kiv7)Lcu5`RG-+cdnJ zX~WU0*S315TkuuGZ*7x&FncArgs3zKE(8w>>cW$4Fwcv$Jqd(=BCK|3p^PfuTh*!0H^QlmDW z5zoW5=$vne#ZbT$K!K83G(?&=i)uoQ8uY}Rx^wSFxX#N!EJ0FQ1QwUhNgaMW?KFQc z-$9~WJh;B1@iiB4e@a1;^w*M~Hyuj=`aKW|^_&Rs5zHvfEC(-^4TIHV8Vj=;`>*N( zOutT??azL6O?3y~SOL`1GJxD*R@-6stkv<>3m2Cm)9cvKQ<-EI`<2)M-#$y1-xuevtqC&V z)gDK4o}9E>JWbHZ5x8LFjE#DXrFnM|r|CN5z%TRB+#p4MK5tnNw7%;!&oNh=#)U-k zNu|K^73VN@K%qXc6pYvJh=;qIJN(C2iW}!%Gj>U@UWwM#x0CYUM?oD35&;Jcy!=E0 zXHl*x$2Lg+D}Wipuv=zZx6_Lel*e`|L!E2A5S1&hF$Kl+)=bO!%5xMs-W|JhiElPm z#1YR8B*JPkA5lIzo|gk5A=7sH1wsJ>!x+tS#q1K^7o;xkQaFsPOn9i|KgL&G>s0L} zUCkA@5n2=-4LU&jN zs-eIARp-Syn!hz&keu}Gfo7Fv+c7;HWKyqjz zw1gU5ju#FhSe;--bmi~PMk}_=dxQwuPf}pUyd--`5sz7W@ng}`nO!>^QS*WP>-kvf zf;L=hKv{e1c-(`XYk7ZjRnUo~3Vio^ms* z|BF+}@_%tESy|Zr2d9#elY#la%m2lxWM*bz`~Pw(yZ*zeY-Ee<>RRLgaf7#oyg}=B zSlzoB*xu%Cm#*I<`3J8AJ-w`Md7a_<^flZ1e1se2?#!#?yrj%x{rm<*%_xK_3XjM^ zR9Ki<$w)|v2!YRsT1s|w1E~bUwegpWE_7WXW10zFK^p~NBSS-j1EHc~6wfbc3dyNy zFJO*`@4vQ&Q($lf%diKjZ>YZ`QUEOWZxs-aUjWfRf{O>{!mjMx1l9y>4)p^Rx+qG z0_4NM(q8Z2)YJrkv5^J9Pd`crcyP5PC;;_enL*PBVPS7(16|AbF%gm#719JHD5=gb zEf*RCQD_6;+QbSR1O|$phQ)=A$q9&+`v+?bADbIKvg<2>wE?U=5tuVFx0(TQR2&)E z*_pZ5Q;eu6uasm27#2NJB?S<00rOAJjHCh<&_yNrl78HzoJ04Iu89cQzrA)uswAq^ zibSfO>T3ej2W=1Jp!N0o(A!rC3IzO$0Bc@enx8qL2Lh<+XlmlcXKu>M!cNMFN@7mR zDZ)(ZVcoU^Qgwn>fN_mg1DGo#p2K=mkJPc26$o(v1ARyf*fjwg*TM*Lg#4nWAh@G1 z$qw(1E)I^QBBs!e?n9n=bNkN7=I8!JjcN=IZ_gh7mHplngtp3G)O-H0nFLWWhPEOn zLs;Jh!d4g�!wf`9)?eXPD{3ZT;Cq_eVy6V0!X{k6TAMYC(SNOXXtxjSW^*64Xsm zR1=dC(iJ_Rr@zMe#jtl}{Oo!CT^#*Q;Bpc!>-&?cs*()4hM~0<*f}$|f^n4BRL~TK z?EgiNc?Osn|C{4XATTvDfA41Q_^ZbGL*D6^CcFfP5?k9+)>g3T$6i}d6O}Z^fAP&P zZ2@EH4oz-W)<+BUn_^)V522zBz4`mP@x61mSsdO@b5`xx2(Tsq4}FFry_OlizP{#< z<0kaBje3BV55>93*~$D{2i!lgGBdsM=(n1swU+rc!_hxHlB+qrGB^NALHtvvLx4Dl zpMg1t*$)K3BmZZt(O!7$Fd@GWnHr^ z2x}eLPh)oqV~M@-+Xr9z`=GTjvY~}%?Em6Nz2H~J-rP{{`s;V|R%e3Mze}0_ZFADc zf+m-UmKQ)4i8eEO;-`LT_r7aQ)M~mS06757PTrq{>KrNKpZ9Ai0>GS9lf!Hd-M=%k{^^#1=*td`PVTRH)OKb!462Xz z9n=muW$1?h@2~j@Pw5%-O$Y z>|gM2I;N(-`~(!9d;A393t#vM!xs1O5QPmN;2`%Jzrcav);|Jj2npB!S` z-Bz8|ae{NP{f_q00|FqtVVXzRbC{V;;TvZxpeUUXD>A6U$&O4qD@8o&J__S38GfjM z6Xv?#pm8dc&-IPa2X)TLsb$_K$tU*NG?1wxv_4;ISs5-L#Y80DwHCx>!xKgZkDJGG zC20wSZUyRjpmT2Thh=-$AjRTi+Bn#d0JO{#Gw#IRgi*9cus>B9J8nO;rtp}z6=JTK z(ui9{&qAAn*S&PIQiD)t@rAl^A-jf>X_Lvp( z-7f%2I*ve2&o0s@-$!bTRqs4vxtYONz4(ArtuU|Ekt@Bv)VQ#%EJcA@iko4Jr`DV9 zc8s3rzk*=jc>?YA-B^{`>Re+Ho&ZJhyhfN)6P3Ym>%XH)G9_FC_rBl&%2;`fLS5NN z6@Z09XCR&};UMHow>1r{C`n=D*t+?U$TL!(Htw`dw93zw-nr4%+JD)bIV||8 zyNsZB&-5gX#4OVBZkPym<^(?fl-iRA@=Kpe$raio=Nf2MLLUc<79Bj7#E3e!WtEFG zUS#X+=5q#@2(e=BLGa(|_;Io~=x(EGU2=ik5^UOT6x-q-{#7q!=?{jXX69@w1a*I3 z(J`;0=Hv0>mTX=y?%pG?{Mgy(rUAu42D44-Lp1FN-;zLg2-5o`aa3P6?oQj$lA-2I zf+BLJFMMZoyDa)MMENRJ?4!;uoHKtI1=g{flvFz^yQ$faK0~IK_X$@O{pdtrYTy(z z^N0We&YX5AQv_6-_MSiFef0P_4Y^lz0LL$zy!pD6L|>k!h>!#P#cVy6zB57JO9N)> z*eG(9$!jZ?xf+tk-SwKrytq#+;ui_&SQ=YMaA={&$QNOs(4W&(8iSKDD$VppBJLzo zoZyxxoJ5V(DCQ}}lai^1a;8Ex>ubw3nPZ%NOBONkQGZ3$H}4_%i&p;CTzN>?`7b}vjj|p19_=qn=>@&D77tW1RNmn26hDk)vaWMizuNpq zJcNP}zea`bBw&Hz{W2O*znI>|Vwazl+*Zr|^V|neAJw;OSLIvhoqE34y**m0(6Q&# zeRjI*V=mh{bxFFF^&sfuBp^fWY7F)NEdN5iKA zIg@)V_c!e?)!fOk1Td^?h<`kBKFuX}vKCgMM2Tp?S^oW=k#&Ub*y^*ovaCDH2NKWJ z{ihzPqoVIkXg6yoq54QK>@BDvFM)2}l5=B`ot#OeFuv1v__`k~H{LnwKl>MambM7U z@-C&fkRdjQ;bb*BXwktcF~ZlnPp0S}`6VpF6+M|W4c;A>e)g69rCWaGI4^4?rfM;< zqWhVlI>Nu^3Aum0stv6l1S$#%$q!LZ(L9=Mad)xArDdG~c~D?2^g)Qk(kU?mpP7fV zHs3N38d)b{oJU{7mi-xF2LI4m#sLLs&~!f(aT6w9Zaivx1FDxKu}>@=#pQ}*T|{MpY0b6)|LyR z64PIkhVU7mYDsVRTrQt1iCdg`1kL96>1^%RCV+^tij$hE&~`||3PLHDc3q0m^gVc#?%~MLQ(n)=au7G(M*z5QF0xa>4UaQ|8#tK2v07QW zNXBr_fhAwy1e;MRVmJzCwUAw~YPndg9hs)58la)$V7jnJ*cB$`EWwYk^1^1jw(1?b z)n->|&A6Cu6g7t;o6Rq(9OANP5Gv~<8;Bb8O}KnpuJ1+DjcBAz5VMN-&YxwN*J820 z42Rd9TKc(HamlXC?K&rZuwil1!klN45O zt2PmkkQ;Rtg99qZXwU%lrrsO1>?{KZZRX`RyBgZtuBWrIn2A>&&273r5UligB{CaQ zVUo4rVN`bx%Uhj{H*yeT6@1YrG~hr{bfEa96ULYsU6~+@qoCamK{q)#!dy zsV7)bQ`E8pWzpsnW^hx+ZR6!@>oWBw^%WWyLswq?NN8+iwjengs{~>Le8;g z)QPsrzoRZpDnG*R;uCjK3T59^+cUtpwNGWiTp;TIa?-lPwet|A9{7Qvve~2^uS0|X z_!|v8D5&P!9e*mvDzS(;`l zl&pSRYDlP``rWRp#;t`+Izi*5RF&?0M;X(c5%&n&Ux@nOWO5%TJL`-9(syA($**)x zMW>PreYl?&{c~>oikcc(6haRF#cy+S#UP9}wXU~_grZkv+)@#hhi0n0zLIrm;Z4ZU zyLQ{(m&e<3x{x;U!X7Vwud|CvniUdKbst@;zIl6GgJh0i)?*fWHblaVQR_~b5wnJ- z9*fl_aplw{FUU5Ia4gV(7r&zeo)LC-)P}Wdax4 z5u3`I`^#&ia#&8>dmieg-w}Z<#C7o8rdM;hz|U)==G*wWWA=QPN_6}g5 zVH-Z}cve%Vv8iDmxiSlIbz*eAbb2|e--u`@Jd)WKbvrNQIH+fQf)%RV#XMtLIb*bvU4@K4f|}%m5W*9 zoiO=MgE>uk9D|1LdCSD9dk?WQqSYY!u&khxuJ0J*=x~s4@)!m@6--LwLW0w9FMbM` z*6N)dan0A#h)CvXN1nA|MU{}6_tfcs5erVC=n8u9I*&JeR8C4^QiT4j$aZ|TQvBVu zWv97f*2TgIpYcir`7D;_Cb9rQ{;bWpBxUT={|<%{2Bd+vLh+sDI#Ck8Bf@cZA--B} zfeqFFSv6~$#ni>Mewb~n9=YAlQJ*4f&U@~LcI64ZoK`waD3Nb^2af9*dk@`Af7~xU zDBcz?A07ph+a{!K?Ewm841>0Am*pwl87#{VFB-XDN%;(i`?RAPmUUB1@UHlO$l|rsTDmHM{)I_k=FM2}k z^|qx)Iptaf_;oYEC)MCfjs@OlpRo-=*zw*J*4?`L3q>mkgqgPyR;En}!i9NU=8bfq zIrzBg{x>o$bl=~gACZIKOiTZ{hcS{eF6UOPbfV){tUHFE;3vMpUJ8z`Vr9`eRhX>! ztKXi>eTYt_c%ydPl#;pADNGZ+q-HHdg(>H8#Ii}Ul3%HXT^fWR7e1~OX=Bk~I->HSj}09F{bEJwn|j?;(+JT!FK}JAJd(V$v9bw*y2wZ5tn{9OXBs^2 z=E-=QZ76qSkY_rwqEhz6tn>mDLYueEht}jI<-o#vu}Rbl7B#*OAz_hB(D1^r$)7q@ z4TBx|UQ0s?~3;53H+*oU;9f@#6mZ{Qj(T1a~jow_MaA^yo`-~Jp2Dxwn7aGSAQYO+fFfryY8j175zTtWr&Au?7 zpJJy6wlggK#ceY>QoV4DG(_}hzGGcnZ-)vPbo1sRuFvI+hu| z!874DnWq+U@z$UFCP3otzLQN)!bV}^7xNB?U>^f;RfDjMG0yg4-RSV*xbyREjan0g z`x_Tu^pe2R9O+F{;d4Y!WqR6n)j$uS%T6Jr&^Bzfxm+%Kr~R}(#4z;ny{6d}GEjPM z8C7o}5NKZKr!+~e`6HU1R~+J;R&HzUeQ+qw4Qa;<7u&7Z7>ANEOFN~{Yx~GklcqSU z5kteXtl7gY^`-fD!v7L_O9#|^+I%<5yDD!01%rp$vGdbb?EVRGJqI$m>^-}~9KwOz z6yJY~<}Az|brnz=M?+GZAH{J($!~G;CRcr=2tqU@ zUyWgWO)5emIwa0VRwEIroGGe>PPC?SEpAPSxgf;HD)mMer^N~OU17JtQ;QW!(l574 z+jgrj?olJ7ph~F!h!=1%PrT*4B8S?O_T_ThQX5>g)ldqYV4F^4C8GEb`O1DJd)luB zmK1>5TUypsVG}`}Nb-H{8Jv?XJ^PC+qrlMQb z_U0y!-=}naGzA;DePX){RE^mCTo1S9V#i~>kUo$V?yhelvE5ExAaEP?F3OfDDnrl# zvg?J7Pe--AKp?Y|-NcMia~$)52V4@_8QVPDQ;Ck2Rd7lYh&%((~;GvF^M$9HQ07VgNOB; zVYmEY0E^7^nd(c>>cMjI z-f-kFsYU+yka}R_3f^5O$6MzG!05y`(bfBlSd1|cRVgBiU*n35_0}qi!ct<`du1Z9 z!>FK8oq|i!J=l{!h}ZiiRpHXI3N)rK^9#S>_D17I2%ImmmrfiF>2kc~Xbb$d5 zyApZUsO+(w)j#aUGmSwpuM^S!%}VlMt6P0J>JgL3HiI&{igh?-n{*tjL=Yn>WI9&AiQbVdYU8ILWLivFOjo_yukQD94YX}JVZ2Aq@JZFTQ zun$3FJJWIhKGA=!+<|5FV^+R4yAtrqc3M>5{EvyNy<1xw%s%QxGL?7I=wBSB>D+22 zMv+pL70bra9AVkZl0&g6Oov2 z-%0UAnrRZ1uJ)kt?}dGH8XIi>%N37a6+}8ghonoyZ z0_TVHRG@BqZ4@FTYMqtW?d39E9O%ryY>`r{FadGtePGNiz>^R_8w}s|P<|0{cf~4~ zgc-F1eU&0gYm{Y#!i~N-5dt22%cnHAx^|66howp*ot)*n@4<6YQ%U zw{@L>HgQ+%a%zGl9NIfhamvr`k)DfEju3o1!=OP(gD`3GkA=9$f0kf+9zQSg+a~KEfVTI}2tdo0I`ZPm`fi)KR0d?`!%SYsrt2k~nE@R* zS0Vax>vMN!%U-G5kqYCyw0X1F&qO)(Ha`AKh4ON~eE;4Ryfm`IA+o(|tm)c7Nqy{7 z$K{qDKAl6e=QC&Q0XkbQoCOiRgAAYTmwopR3107qt!LOHVlZlIGiw96_g!zu9h3d& zWhYO{lboMo9f=dHE7ZOEQh89L2urQh`phj{`|aA_)lH(2L^IM$9b()D&L_}jbVJmb z@*Rd@`=*Mmc`9d4Z*dB6nJN=RNbG=i2@rbxq>yTEfck;|&_P3>h)P^~0r9M_K@ipw3;`;gRv9NyF!Xup!ImwNL+1HtP}Esw*6Dt2_g z0Xlm&er*G6y^Lkd4YvB$V0VDKuz>gu*D0Gi%g4atnze(v!RclMGEpR1OUJeD$`W#^ zd>Z4WbLg%a6fNZK%AX_<>FEEyoqrFlU(TZ5H^jva?VeaPL?hj{jd9^yqxg}1z-ZB4 z#dBB0+1@(MSdI1=I3*NpyzjfoC_YBW9*xRucjSs6Y$`?$_;$2#5=>JU+CzA2DaS4} z_N1^SIQOQ>D7Sp#wqBZUItoIPmhA`M13xZZ>iW+|uZEh@Z%XXXwGAPWZlJY zWVQFNh!nOsoLKT`A_$QqE1I5D7&Xdo< z$^VpEDd5NkphRneZbCYvHWN3Wyl3F~GGmpdg)5x?JVUOdJ!8Y{^Ik zwRkeXI1qk0WP^$jv8ltmk^;_Ow#CT~y$|TM7@(2lZ5uHn z$p%4e?{sp`kRGpC0S0u%MYU}r)_}H-^EKi z2-*H&nl3aF@pzIPoGEw~t~L%Z)IU+E)mc~zTUueoT+Qo|5_B1%6(DUt(vk_No>~H) zis4d(a7#;GSbJ?FxeFFAn&+1h4`|*$5Y5)$n?ZKrirkgp&q+PZ(Jy1ysUN%ji14rh$RcscTmSsl&Xu*wzTr+KB*=* z@Uq#sC#w2$5C6(4@q*i^Cj|scOlP4j&H$9P@u^y{SZsJYnM{Djj0Z#4SgwEWFc;YMz-z}K zRP;=j2TIy9yZ|YuJQz`LMcSP%|F&S(2&tgj=WDRh!+=``-yVD#@ko=*=&iTSzFC|y zm=~iFm3Nxg$2hqaLm-(U9-yY~CbI>-f)*^!sc4M#`QOzJvwgRLC}NAErF;Ym9&G*D z`e)yh2*ZPu6|?`UyBlDrv z?n&at3u!DjPnVQBAexRo4jSa$+=DB}V!2XVYm9UEMFGa%hr?%L%W}72<1DV0{bIJF zteX(5@6NTh>tGO_ol*YZPgdiR%;ycUFV8mn8oW+Z`t(T3Hy>#__;liGB$0!yr31=K zcX2~Fw;-`cW-w3_$r>21EQZ{#WWX{O7l)_P3qD%84Vn%@v)~=+u>2r(`{R%qL($Pe zrWF1{6blaXYsQ|~In2A|W61F0df+2y0QBYQ+YjjR~WPIzO~QHUB`_vVqOB2j0J(DtxD-OQ<_ zfe+dnE8Uc6;G=^zLq@<8Xf(nL`FmLm`b3fB?sdzs!w6p#c+;iwo&N5@TfZ_PiA2Kc zvZHv*KWLQv!3K62Jp^SSwWh2UAKl*xMHN8WDI3nst@D$#aJ?xQLwpe09tL?SiF_h7|tNA0Uw>n=ja>z-JyqMnK|r+m^Ia>WbnmgdOfsNPMqd=IT0eV-SD z4>mgLyC#J9bc`!5wi6Q8Bf{?{-};@KM5ek;WVJ*qmjugy0!A|1ABc?PYT-bED`W4h z7FTVZ@IUtN7GfnL;uXGy*1keh(ai2*0V{Qv5Lv^3+lMYvULP^PP6$d8%3)t$8UpOwC6E?wt$ndWwRrTy!RIr`Cx z0lM!Cm8N+KEK{U^crkp>f?>e2QjMAfJ*mX{=$)DnQ!MpPBy2L1Ly=VmfSNFKVHpUH zhsI)&3mrs53KYWO-ZL8FkVdV7(=Ut@i%TAd7WUTxQ|;WOZ`ptfiKEli53csmet3N| zY|bh4J;}Te0Ke=Q81+GIs-CcTe+w7RT89RhtnPuF~aTPs=C#KfOM zUW>?24k*ST654L7tGklRqG^frGZY?%3mI#j;4&X#@nX-hw$&_m%Ns?4r5A*nyzmu@ zXO5-}HPXh;LxMzg@B4C-@A_MqI6}*5<&)YYBXkts6eF8%SEhYeB_jiSt6F=Pnca zNDnB)Qi0b~HZS096?=-sGUNA_*>c#>a}5Zdb^=r6ht#Kpn}4d)pO>GYV~7q6v-*XE z5}D96Fh*F0jbzx7qr&;k==y|(n{Ghv<);T!W`Ml^Pz7ObC5=gm4oZIg+iqy-S@xyp zbZkN&J8J;Rc8C1vOA|GKJo_iYr;NVVDYpTc-O8XJo-^6hPd>W5Y2|eMfq4Cm#?GuA zP>)P{JaRErxf8sD2)NP!t*wg(o$0KZJMa{rWEA?2;44wr?vh~H z5ERLtJFE4_U!j6~M?R0YeYf^7t)e5v1Fy}6V8T9m0`v3COE4it#TDtVyV5XGfzA0kxSauGb8(_MjnKA2c$S2pcY>9)g`NDAu?Q(=Em9`;BM& z%lHzeG}J*t6~UVM7i)Z#rV3=Id`ac=_`<8`l1gSu!-RkM+u7B7DXQ~D0<{n{~Vh=lAxMF~|3bcB~Kvg-tQV$L)I z3jH_wkIn9;{7IyVtmwWE+%UN(c2}*eI~6JDNAE(9i~R1@aO^g=c6>mT-|4irpArcX zdLp6-EfgpTApWc;IdWFrJpM=}E2U5J0N)jlGPsr<*i5|uOl4u&-h`O7ihX+@_R5|* zDdlLiEN8H$U2B^xv~V6lkqjXK!%3eMG#>xH&#_Lk;^6lj?Q4tuYgWa3^%f)Y+;3QJ zE^7~iUxBt+z07mS29 z>4Guc{j58t>J%7^<(5fooYFgx#5lz{&wY1ISBu;w7&;gM;}?m@(P$grZ=rKyEJdPQ zQb@n6Pw3Q}k~;gucOJIwrmWQANTQDj$^`(1zEyfe#R|P>gW4D8f|-2PU`$37AZN&R z%~dCx_48>+5`;6BgX*viMfcA}9VE4mJ4WH1W7cPQqgsxcx}W4l)rX#-ak!BBLp#OH zT)!^JCkLKKiJI~8zoNJV6r=yvD9#(Q`OZrp6y1e1aD;GjDf&&w5X@$Q5w`yf@c+sb zOW$SyG;nQJEI71kT@8dCEBCEm>la8Y6p@k=cQDf+O@32-(xZcB=hai;PrO^Db`l{y z0+Pq#IkrNbVsx@O$ezojW0N2gNJ|N(oA}thp#Du%yF9^rKDK9`lWIj&nOC8?*IczW{ggY|cC=R?*DObFv zXWff)&u_RHhHI&=G>U-QXzJ<(aBCQ6=WXLnStwAFm49)MUTwj7KF@+8hO>WTA1};! zJXy-^V&S6ZA+9Rg3Jo&cR_-+_qM^T@ROikW{A@J10Y_ws!U$885zLel8}pfOPPtgi zH%GRX5`Z#h3LNvwLRYYfsoGPyz7rvVoRcQ+IVw7h4!M zK(91G;L!~J9Hj#@!?)hGVjinF{C=ogL;Ozy`n}7&SPvqXfHAnz{VkmP99O73b3gkP z>_0?50O86jxrFn6|J0yA7)9Jule%^ULwkT_$nwd5-o_j_EpuqeTqjQzdC!>yKvpvU zn)8%YyR|?c?ZSH5KB&5vy(O@*O{et9bNuI{v4`Pm$06swCJzjVkWjPFHLhScWSF!? z#;*KnRJ$2lXGF8%s0|oc3K0~60&Rn|s&eZA{j}QcFeQZppFcxUBArnC?Dl#u5_Lnd z0(cspbQ~HJf1nP0R8dF2o+ajy;@SOckw4t`NqZ?jW7VCJfAm6{0-H&%9i;lWqc$5b zptp$NUiBVUkvUm0(BKh~d~xm5i|l-0Q8@XtG0p_E*p7ixemB297z(^~{{~^$Whl#k zru^Gx4Oh5ASQAyS^fYmcbv>3i7S4PE)67A}I;-n)uvluoS5+^2n zhM~8Gy2bSuly1aJx3fWqJDdWt;db_&O5;sTWE`#!IGF`#xZ#;!QtpniSVCk99fOKd zklxbC>2Q)bHNX+udk2O79g{v3G`04E+}0Io5A@NSG2{ z{{p*H7zpjdJ`n{9q>Qatjkh+?P~hglS^LdreV49;SZGk9x50MWUsec_RjiRmY(6Z( z*@`3)F+H|cPNr4hx+&U}?%*3Ls3ve0 zzLi`ic?k&4XhsstF~q?zEPnC^1pxDjS4(cXIhS!a7im$vepHtOmOsLK9;PHTXHpXG zJEXJAfq8IOnvWY-A5%fMqjXPALrmQyucm5tFy^2*axea78cm1LyJC^Viu|3^jvHDM zA4rWih$Nqr9WHX|weH#6G;O&RA6^u*c}xa0zz0% zAp(EN^9Re{3i*c3U;(j?rJ9b&#OHq>P&?55B3qnfi6q6cr1h?bw)bc`)=Z=jVgo7Q zW~tudOA1fxxWEuExW%5JA__qh)_2mI2vB3LXbHFUoyk@Po`_KjJ@K)&nsYYtjK7H3~Z4xtSQk_%POoSvj3OoCvW(@bq@48MuBAXEO18%=~C? z6fv;pb6K!JHGh z3$>W>V_2Ll+wiV?eD?H>p5LPDb)E0TW4gSnXZ4?X)&_fnY1K)G7kllhfTy$-A45hFBm^26660hb>1!)1$o&vW0HJR7;A~1ke3LrX9P}c7SLU z-F2kHY@5yG)4uWT3wy3J;JZt?o308zW+fQ>f@9n8ecxUNq{qX%glk$)kl38Yu4?I{ zF-b}yU~|BU{4FUcv$F~;$A_IKUoMvR(ipQP>8Lq%BwCqqgYCd!DeWMyB-BsspQ+O! z_0?LMSPs72sd}P1cZ|NAHHDs9d68af6Tp*V1b$E;GUS3ntiCOlhsabU*BK>z!9(F0 zeF57{YLKty7N;`(qnMKdzr9;&-Ax(GQCZ8P()p;u$>xyL%IOp zlgRwmY_c$3`(f{SSk{^@%aR&j75iAcAgfjkv7FI;hyH}}BZ-Hj0NfX)G_c8DQEBLJ zOnQ%t_}uR+wDL_tc!}&l?)MJMF971(;pHr*I+HE8n8!2)Tt-nP;Z{2aBq81e=Rz6U zH)=V-U5?X<=MI6>et1yhdpu?YPT*-3fp^|9uY~h9TT5*dTv$1{A9d6;4!KnNw@aoP z-`k+)<-xpj2rf0mf$UGfwCn13YyhG2kE-}&F`V8%$}lz}j(X%yvXy(9iW|9XU7}Fw z!@Fuuf|y~7U<;MLvh8tNBlIKDmm<2ZDawq+n_Da7w$>AEI}Y|^psC!yB`x!Q7L1BUNo292mUZ})e!rOCOg)hI!MdhE+n z$i9G(h2{~aYR&@=g(;!Qh?F(by`Cu_5XDWO;*jhwfo#T`khP0GGjT~$id{1r267yt%!(dQL|XnMW77& zWII*Ux+ynb&rCf-9%o@p9{|S^-A{Km~sJ7cD@lqOUJcc-C61bVqim-~68Rtq(WhS6v z!mnI!uyuzsKu}#=$*G10&oqXdd{Rj{T9EB~yquA&yo7 z`mH_sE5DvBCLtBXZoCRaIGG%~gwX!#<>UC3`T5niuD?;Xo#2GjA>-+GDwS`9`qAy? zS*qosngm4?_#G?G{yq9acrNNfVewu$1c*=l>}r}-3MLOQZ5ReRlqmK^!^5}oZdA3c zTVZctQI@j}D**YCnU#dNiWTDE!fR^~=ADNUu;2a|H^i{6VItqBjHY!DYWHAZ8t+~1z?>YPGhDPSxRZQHhO+qP}nwr#uT&f@K6@wW8?Dk`GB%;aOptHz;yjAO9zRe?;Y zzsg%UE(3AdHMzl;j~;5EDK_&aNizNR2v(?@A!l6J)4AhuH4-Sx%jdR&mfJ5^)WQ{L z)iMvB5bD&io_46yTjF^OBCe0MmOOOpYF>QNmnN-%B3iLBKi{+KgfaBp zz7k9m&7%-dKgU- zVr>4((owY3U2!)Dn9D5Md^4qYr+2@d$&B9sDobifOn`4@PP=<`G&|nma~U%i zr8tjC9Coe8l5-r)7RJD@R}%<^_Ygd18Mv1L&YX|>kcZLRKi=Ijh1{PmTPeNLo{en3 z*dM6ueLV5~37~4()*kBsEAz`IR2oaf<(0+LrMs)L`C+Yl@Ws;2Z6x5I0`gNFb=S2m*+0*vs$BM*GbHGA|d^%gv9bR^TteA2&+(o*eE9@cAz{mf!4*J#s_5!(IW$5}}c zSGkkTuyysce68M7S($n`YxYWCors`lZ8vOJjTUt0$)S1E>Yv3 z-HPH?A!GWjpfIKo``yx?S>_{Qv0DpsLfo@#md>G4jp#gvi3S$e90Uq(wFT}6sj4ti>gho{iJOC8Tuxp}Q%!8N7R(!l}J_#UMjZ~2^}7r`cQ>Ikrc6-)lt=x+cA}ITeCyf)4+X9B3rF(xy3`R> z{~wE7!;A+Bx7O=_6SzwY&5iD}c$BB<3*HgmB1Ermdd8xDPbd_{KuBF&Rq>R$?; zqCoJ8t7=jkduT`$%OIq;+Fp$wv{Vv?^LGvu^nc}3ddKuP)qtWakIf;lS=pw408?Vz4f-mpvH*ce2EjE{?_c|OhBw=Nb#K-KrW>L zUq;Q0+Y=Wc1sXf6p(3YG{!a2=B=+J)3KnuwheC!PFc+hQq*@TqWOh@Xe z#I4#iwve@5G+0UnU=wL=vs^`{Aj&sEG?LyFH`I%O-)S#%0vjDz5!Ns-uM4*RwSn&;4|rQDj?wCjDY zAI}b*X|1BZEj<%l3o|{V2T>dxEFP7I4VT~jzp5|41aqa$x1O#z6tiCHWD=K$dwP`- zl4X48t_`<*lFGK>L8AW0Ach~=!Ar=#Y&A|lEi0i4wIQW%qYPg;I<4IXe6m+1#imCB zceD~Fq4FxWpBU6$9uB+AJ-^p?J2* zucVFJL%O&Z6`iahp~{%`eIfRVFRU32oK;+&OAZ^2I|k4DASV<3e;b>^4d;E*cJJHv z^fw05wSJhHhgq)im1-srw2JcvX42`@Vwi=JO2+o_!O# zB)C(h-cQ*oojl=raAOie_66*^ST`|YS?)sj5l$kJPawdFC219C05L_4J^UhnOT?N6 zHTD7L9&X}0IK}7a!#e*T6YfRZ)ky4%yX9cI9TFJ~FsnD!bf}vdzT~<TE8+Hz}jQj&x5vPUU8DNnUAcHODU$I3Uj^EI})0I zt>$ACi%-zy67@@SaGgZNleI@DdeWL=faG z$QwDSNpl&b;=~H-;BGZg95>Qsl$nxP=VM|*J$OX=mXd;a9nN~BzEOzNqZNzneb5Q z0$+KI`y`n8eKroZ1l(YJSddH zdUsx=dA`Xpi~if2xRspScXcK&LD9t0DRXLxAzHbi=iOsBV5pp~!GCM2@x{vX-1)8; zfm*!p45lYWsC+JFhoJPBjdjX}mHe)xk;w+pV8VpGd&;n?|LoQ&SCLmp!pX3qWF3<< ztwwGgG@{|BZgr?RQOu5{6fEdPZ^m|WLt!1Q#oH;+uuY(KrhJSQ)(vy8^xH0y4(q;0 z+GpX4Lj2BN2M3deX5!}b2DO4u+wwFTW}&r73KN5`s`kj4(c;A4Cm)b@&_|PwAuH8t z4w@BHt8;wgANR3A0 zk0tA}=2hThuW=amS6b@dFCWh>~*b1jOyT~$XWr@LBJAqv*tP)NG)p$xgj ztSK-nXLE^~WdAvN! z4_Z}fpA@3ib-e5y$#focx_f(_R&Mip%3*Qhj;PZ@&c(giWp5N9GP{?_P|{GRZc?DD z=5EsWr>n3R>TZw^)91B-IL~v23VS6LC)Y%4zt~g#1P6<%K&C!i_3$knr>q|6D({2F zrA|aH9R(O18t(W2!kN1Jbbvk51*<*f+V9_GA^5OQ*&~R+sX;OG^{3<@qs2Hb^LD1< zHkZB*S8ZYBlF8>^|MbscjW+G-C3!X|Yt-FcGd<+Up=8(x-i@=TkP6}k4C{Xzfkbk( zz+F5(a34NMnuWLE8tel8#Qlvb!#=kl>yg3Pg@*Sd}<0C8_m3`MPNsb7O4z8qtp%h$1?jPJS?jlLq&)`@|ZI0_po#9Y?ziWc$OdCTjOqYeG1HH^Q|S7ryo!EE!iU zAp68Cq8<}E0A`j~^K>`>fk@4QFuJ3x=c%eT2AU^Ae{j+zgQpRL1mJ z_a9iYWbH}qZa&tc&Z zwL-oY2pJ3LY({;_s zAxoNa7K>NZ9MR?dmqD%1Hn02XmG$8#CSR}H7KipF9@2pl@CQVWYq#p>_68Ho%{PIB zNxS8>K<6rG=wr+WFET-8Y~v;9jxAB%!y@aV7&){^W= zeW30A535)>)1Oi~TlVANKHRRvc9nTJO>%<)UNKxo(j8ZbBg3dXm*wyU;KVF^W}|bt zw;%=Y7H&=#`ov|>(Ef_2CQv8}n$a`E+`SXjBe?rswPGoX>#hL?4rX3POVy!E=N`ZLMwB@0p3|*Qlg{yYR0GI)4*I7rOn+n8hJGAnbv}N^O7V zY-21k!~?Vr<;jF%5oc&&1=HM~Tg4(*D?Ym_b1JNKNS!iEU%w}?=fjc{(C=dXIt$fEZ}W73?9*M0a|4qN|J6M6XLV-CPjNLC$TIO+D< zFY6*YR&_3PB%!{CYc2bV*@36I#r7&VW#$x3fGvCaqQyp4_J>@{1p63HZ1W)TKR`gj z=%BeS&LX=Jrw`AbN@x)2?WYSZh}}Nc_Xt|i7Gp4(a7*rP#e1>7%@MDTny|`(E$(#^ z!Q(q-8Z`i-7qCH0j4c<~uO7my-^L%S6!{LayHWk}N|oUI1CtX+5f6mW;uKoCPu=d3r}3rG^_*6pir9f9<8bKh%l&+ghIR{2zS2 z%&B`E$hGPh8V_=*0!4<5^W-8vby1kVdc`CiwU3ic{S&D``x3P_L2dU3_=-;YcjcbH zcS!bXt*eGH!MG14F4Byjp{#++MN^%bDez9To))k@QB!o=MuEkK#}FS|$x$z*@6Qv^ z`uWQ2vN%4!fKDe2FN>|Kw(2ok`$d>^wWNiJSuw%J<*?@1GI^jNu04eyJQSi~YI{h_ z(($WdCAG2VAE+Z;_$d>VAdNlgd?*BIg67;T@>U;+@!IDTxz>zHXbyt+s++)aY(JKH zTx;2drhLYBoX@!T9zjw>XpxAYsy#P3zU$epxYPj(uu0pkLEXJ*v*$W|Aw9@ukl9r_ z9UAt_J+PuINU6zrrc49L!ROBB(@M&*53&kK!+-;TclNil7LDlBfws@8Gc1v-F6o&y zsfOv%=q+lFGCEJX=V-EXLG+AT{MPiUA0=sUCzTi`*s?dN1Ib;0hwKZr_Ug|N^v7sd zX0S&B*;{jFw98eM(wn+*Ts!rU*Ew#W9CIlcJ=Z2@NA`VHd*O0Nn{ zNLqv&A>D)LiFOn|%C1I8R&#Z^D6xHr2Jr3mQc6M$-yULBY zu==&9ScvToy>Q?p-c_YG@f&EON$Kr-0iB`IERCm&zqLS5^t4=;@id`i)N+3H))Z3+ zTrHArrJsfyL4-VRHbv;})r}gJmb+8H^xiX7Q&?U$=OjDnm%ZmtSNASc*V+>c0!gUF1lNlVVv73gl`mBpos{!LsgPLOnjd#pt zx&13@;De`~SU?qa*0EZuIl{aw2uX9zMID+oKoXe-Tgg@r;>L9ymHZC~Ac`$t-HfB~ z-;M59DIQho=&Q7;n(8{ob_y~2A$QzWdnvLy!&*R8gMAIoUWV7)-Pl}))cJ0xBY_+6 zJZ!EdNicGXYz^04F^`B8QYwhT>{U2*zf28HRfd}Qk}z&nZn57lEf)Hke-Cq%CxLRt zpELGTFg;C@p@1y#=+Ld#_u~3!d9_vt!%2|>(;-+Q9wRZD+5035Ci@Wh!L5qYp8Wtvkm^Ct_qI`A&lzF!1^5+*QU`EE3R%7 zmDcoPusD=81k2sqTm1-MnEyJ@mzZ4t!%Vu5yw@JjT}gt{@Y*oh{Zb#t@v-ZslsDJB z#(;B8e*=yE-wg(sLM!FS7%`0y*k$Gt$u~GX`hb)#?OxPV#w$ODzLR75TcS-HHH?$f zp*HwGShS1Pdje@f8_AJ}j2pnj1UOWsEbzJVX#a)Z4r)umyzOnYLb}(3l{}o`6?EZZ z?bYjsf!dEXdDV7)&>2eFlQ+*^*2d*z02DFpREe>wQDmzrhFHwqqIh~9CRP`$@Bp+j zXs}yC`mnu)F-tWm%sga9hxm;yJj|iBp|XPx6|`FpFk0C%9ktIE=GgLSz}A51&m6Vg zfY)`q0Z)c)iARoan_K@qHsy4j|AGK&Qq;SPYU^7|umf>x`TcpA7yS$b4kzh5=c{D+ z)CTdX@&IP18YeTcw0Rs;pHJy&Yn$_yddHqs0ZMKC8Yf@%pHFeb3g{G35SSs78^;_TQ!rbq+Z)2Vu{8;f#5| zX^yRa9)7tk&BzIxVW&0mw8NmR%VOV0kN&9@TA8yXZC>42znExx(Vu|WzoVu+EL3Pqc_p;Xz(27T!mUN?G~Y$egx$GSj=?8`7-*S$ElU43BM6x`lk-189(-8L+y_Q?9J zl5plt$JKWmaYX0v(J7nGEsk`JWFoSQhFGaj0y0syKM<2EGS19~j2Fmu2C2kBqYCn5 zlERGPf=mOmk+iQnDb&mXc`q?T%?bwCxYd;jxOI(miti(Sn0mG*B*-u1jp|tWTG0Q9 ztx&tWVO#hHN5sQnkI8Dtt{%x`dUnCB33=Cp2AW4d0##dW^&@W@8sKJ!5>AM(p~b(D zDq;l0itFM6vA>FNH6D-^P6Hu*z{w zt34!>7u%YM4DrI?{YO=O@5{QtOHQ{e$h*npj|-PMb@09A>kTv?WgefH@ibz8CiK;i zCl`##sh`F5k8c0Mq<_^igRApNs!^yLbC(lx6OqZ_lYo{6v^7^HHSn5-%M*dgkzs$C-#GcwTv1n76skq#-~h-MI2gu0mUI}rAccb zrD0LQWqG4K2HvfZs%EgRrjJkGiHlQ0b&Pf*JQq2_I`}KUPe%9nwfStPH*TYw%eCj* zjR#ZhkXdYaECz-h*xsF}W7TIe<5D`n$HcWhF~>(L%CdxF|E7X>cAb}0OE={X zxdhb-T5mkPuSAJ1lGv#`R?-8nU0L79a3pJfGdtcGSb>VW#f)7qaIg{9CW1k~V+!p3 z1HIw>E=NORIS|Ra5I$zbI#M3SmSq>KYmDXJ)FJwPC29D4s3Jw&S+$GC`s~1_*)#ZL zl8;P$xLZoQbfofl#t7rxL{^fQSU+vC`9TA}vgk%g$C)NVlm`n;;{{p^1Yphizc-HJ zyr_f9_EsCmT8Nbd2V*%;`Lq7Ncm`{Ke-D4qX3YUSZ^viVh|KzU0$To&1iKx!LOKIK zL%y7+sn<;2>?vsNZEO8W4*+8AOsTB@#6-*Laab)G?pcxQG)dCEYmHHazDYK6IlZdg zyY)|$RFMl1mBxQpFvAGe=^=vNf}&pR?E2kmW%QLe^X6_oES^yYQ}RtLaZtG9_<=v|1mvJdDiYc670!+Nb+7?B^r zC^aQsEQ~hb+iGxomaRm+tx;2K;abislP`UxkeBq;8F9G~dnwUZ>Nf|Z1kSxTpLl>b33Mj#KgUx}_<7z+T?KVA#1nOyo#wyQe%vvp@}%#*}KLnnSY+ z=d2+u3S`}^md}4Jnr3-~(#zr@XoZE!64T3(j1Eg7j}3XOu1}~kUi`{CayNJmGxTa~ zu`@k|cVe3Y0C>E36=yAl=6(B>^c&YDNWToxJ2$PeaH)Bj;6e}H->=|F`PV0p|8#Nh zOVxP>UY7?JPr?jRoeGUBxnS11P3;wpe?)*QJB~|jlTz^otb>OsT!`Vn`Esp5-5FAF zyt?HrD_a}*e5exk@PyN`Qgnth!=9o7;t4l5u+S8A-Tmz6_Pa3&1Pe@YO{~d>L*-u6 ziNg8T^F$b9e z^)zEY$IqaNAJS~WUIvJ-J0Ovmqp|fKTD!TUUW~`J+Hcy#Tx+M(&=w;#Fl_4CZ*th@VucEn@vHK>4&`4; zCl(5guR6)ph+9@Knm#s2gkZuq^;h6_PPxtdS?uWoJTTAv_3#S8(de1sjUxr0t)Bk) zF%(E_OMySshnGp4u`wIq=5ksPgeXIqaZJHi3xI&(kTcsVOHu z1E(i^h6*d@=)xXt;!Lp@K@AR%l*?^t%sZHKxWcr%qE z)n=HI{e}2P&qiKg@G$^N5s@vd!}GnXq;Rdt%e^lQ_IGA!@J7@y02e@oMo^?5EKDoU zX1)6ck7h;c*X>EsaB5Uo7-Mf_urYOqQlqkv0kmvzFO4wGR*k->j+;z^BaQpF&~!{D z0G6|Yu1Ub44%e)aRD`Csb1Va~Krn9!OQ`X;Ck{|(ORvcSgpIr0uE;`Mqf zrwPn*n=9mrfNc}t64CL$AUdn1%R-!jlf{R2Mi=Ll7J*UoaKf3O1LerZ@!0Z>&7@mN zNNtr=?Qn$X71|T&@lN@j5e=fvaS9;s-Yj6vK1kG;wehKk7v4`g3_vO<9N_PrD1i^K zgHP%)a-}oirP~+vzp1BhcSUR+$HeBXZTnQR{+oXS`SHwcZ6`L28+Zc*&=Bd=Z7aJo z?rYQ4(RhlJUf7fq1&o+9F2h3SW0Y!>Eo4bSoH8UU6jF?X8t(GC)0ysU-Usjh|UEazkdH;A}E_VBq9wvs>HVWN=(e=_SB$0h)Zp%a7_ z)}1k*gRO@yD`EIY*S8B-^7RVXCMVfnthnbS1UF1Qk+AaiU3TWW4GIpN{D`^A0@v;S zk#pwnk!9ny!hBG(#DD$Ba{!89gO@2#%kZMZdEQ;^$_yyW)kMWvg+804Yw0G<_a>8@ z+4swQ8^0qv;SgGsx_h5*p^AZW4*lE)v47EfK_^@y!6UnIAO$hxulOCqtxx53vvn#- z560g&0p*$JiE(SwI2bv=P_QQ=l%Y~7$octxKjh8KssvmEe}4D#E$U?$O#i!Gk)Y9| z=Ubyp6w^A_xY|26zOmF_C;GaQ&`z}V{}t*1jc19E0y)Wb#nl+xQTxcY-Q9kXuFMV! zxi>G}5pn3HIH$#B-`M5_cwCBj+ymnKzf|39|A(rZnVEy(|GBxD2$&gJ{%=(`GczL_ z+yAesyYqil-AJ^NR`zeBwEtzkqT7l4ijWb@a? zi%9u*!1IG1!!5r$fH?qQ`1=96)Ms%=an8dw!ZY8Us<^47MlvfcI>-Zy?j zfz$(a{Tc$ji-7(o;s)pJ5NPcDfufp#k_XXT59-;zwgKcPm+~j7f}-X}y#{661j6W- z1#pUoogaV#X#J!Pj!lg&MdO!Mk`dF1Nt5J4Z2Zd2fzW46PMl6lm4s1;Sy)`-&^6=uF)Qd z^&65$ic<%Bb{$;2w4VjZ2{-+?Fz)<_iI@nnm}U0 za1$r=1AS*T@^7pGEl$ht`|mdU)l^Q9SBXzqSTqfAjyh2r()h*Wt?Fv~(rYoF6c?`= z|E@dH1F^y7xAmL3QlpU?kGH|yRwtbJW#bSegEIh;xctqlBn)!+6Inm7qXS?^fIvF; zOB*ur@;-`M2(>6^Pv8>)*(TAYk; znjC`L5B6RsEK?tyP=vZZhakKSeUw67Y>kKP2-5Lc|9!h?a|80?{P^Lc(cIwD_`PK9 zUmVJi8Jk!g0WK!^p+^sgJZYQ3I)>8+_tz!>-y96RQ9JC59inF*qh~HA2lSoQH}glG zAAm*Cw*n3H7J6_3_7n`hyaa^0|8hFWg9r(N*SD}bfaCm*_X0hsJBN~0)%Wk;GlfX< zqyLc#h4I_5h>nMzLApNP2TrI(h03B@$0foD{p-_{_#4q&9U2foMe;xJlRfWa2gbF* z_5QuP`D>AZf3ETk{lgtvm04ZIHmmYyNGeZU-g=mmQqg1O&-=)+5W&ON$3S zHs-(e-O`JL1Aqqq@~aaNwllZ`adZN{|Ly?^WO?W_7Xtf?V)2*JR20=yO#SeydZ_DR zl10;((jvDC-}eCIS5wP}hvF7C%;w<%;DZ}qXaMo}D-i&|u0meNJp{6UwTFLaHAvRu zIyeEWm-uG-iE#(CPV7U(_m{b3KMb4yhyekxX8IHGz6N01*b4{lCws$o09rrxBc=n$ z8ngqMsC~v3Xr%rVjlZVqLnP_C{NJNj{9*Ws+FxveM~h$4cyG-YsQZ7`_bV6fa^OJrUJN-13do-KY`Gu z;S-jV@Vds@&+PCM^q*hZ>3$$dqvQJ!e&f(5JVeDUJE-kAj*WM=4Zp14wg0;HpMSjO z^{;O8Y;msE_X7CRFHYb6$uh?loJC{K0!<{2xMm7)5jNeZ4svpC?KMUA*7BLCg zJ3KucoVZxFAH9$x2QXpWnjb}A){)+--(>){Vl=a`f&LWVpa9nKW0)ZUjSf$Ld|6q? z5TBr<{nMZBhh4_Qx79@-kNcm=Z`}<}JmEJX9$a|a)*YL`r3*0U=C4u;Pv5IQ&mRT~ zJV|&~&D-53!SD{wFA4@YILY5#Gf#YO`&N74?>uF(+pX?C9}WQ{k8d7|_-x-U+zw5D ztsfk~BE%dYL2&&VK2!+E%P+8C;_?+4O}?xl^kM{%&HTz8xPL zo~$kaG&$c`-O}*amGC{t_t4tm-CIYWE+#?P=id8T7775!BbY`$%}fw&@Zb#-7BL^l zWOo)-SQ)DRzuIB+6*cJqt;t+Va>8V~?P8#a9(W75*#a+k)l_sAIB94Hs)aJxF(-FT zD-R`B4~q)IUQifiND_gx1Pt1FlNHDr1q~RwyJABgc^V2&mC1ieOPPz3aPye|l99~s zI;Hlr-AB3P%9yC^bbO%iRCvY~g0C+9Z+gNdwgnnFRse5)y~DCl;IC8E4KrD(BZu)- zgzaxH1~+ExcF=e5c4%1oJBQb5)NQ$Tx?RwUW()LeNc$?SM_dGqmORwz3vTPODFT>{ zTL1bPqqW5FHLwsoc^M-uxw-v(%52oTn8<#wX?9luRPvu*tyYAR1t!!u4SpMImpoao zRnaf-)&BjaG*HW5yqtPl`oR7x6^of=t7Nw#=7#4`1je@_gANa?o_jp1{62PKIF7=| zdZ&$d?G!O8@s25rOH;i|K=#j7HqdC|*x{biarCC1$uNu+hSEiY6;58AKwLIGh&F2p zX<`pXZ_X#CU+!NrP)%0hzuf!w-MRSgXKD`ekBWWB5n%w50f#cW5iOzlPfo-+v|FvG z%+f46q}Vf1I*hhVdEqWWfUN8t4_dFu-PfhCchv~)=m{MWq1k0Gu14-f zomd{shA!gdxBGdZS;i5lySWQzlp;IRTpk#X6qufQS9o8v(@i3(4tphkAvB@c(sP#u zeaVn|?gb_Y=a}M!{a?mUVHy^z#xfM?t-slR*dEtOCycWwj`o!yCn=A+66rGm;_$?; zH`D0CM#80&wHsbj@y-ZOxCJA3WwJhNO=3gw#=y>$in*Qzq^=3Bcwp`~>$4Jx+tp6-7@@?08kknk6h}&A99(DzX(NVL_ z{k;r9&m}DJI1k69G%iFSWDjlGgd^Y>rnu;vwgLScQ#v&PUPWHs&aPqW2+j*5Iy~$X z2{y1(S@(5lGh(!vb$KA)Eqr*llkk`_sH)A#vYn)YaO;To@erdX{C9duVB|=Six0@m zl9b{)MgCm6+jnBODCJV&ds|+%n9@?NJo4w$Qpxmbrt?>1C&=Kv?K_UqJKVWyomgD_2Y0k=9aFF?_cy&-g zeoyKq!|L=fw~TK~(x3Hk-m~SAJH5ejuaP>%V1A7_W!GL=AzDX0-8L%>@dR@|#PwaX z%tDN4TUp%O5XXg@0d+C(L-fO!NF78qhS2f=dvkrL@nwZs*-nD3PMyrn2UsK5!Cwrt za3{k&Z@WwP$Eq8{9qO6VM$lTNI`ZoYWj#`=Fhi@|JOcnn;q(p(8FD0V;i->RV1jj4 zx|ff47kf+JgTz`3ke<_0hK0BdACXEI{XX_9bwnyEE9szv^JGWrz(*j;D@JOw*JQc9 z*#3hV{7k8B*KG&IIxEHMuCb_f2|vy}n)|GVJVns%aOhDl6%&${@KPh5JVv*LTfy|c zS<$=UhMnP_$*=Gc3_Vg>tWWq?&D&9|&kTy`R9vdSBWeCvf zh`a}7R_=EpTde`-s%CP){KwGlVhBi2sV_LCW&8PL%IksyW7{3O&%W(hDfAWAXn`?- z*ECpqpwtuFj>K=!J080A&oclyAhVZ3>oQLI0DUeau~yhLuhEIop!I9G5!=ssl1E26 zL@f#8;|f4;Vw^l*@g4nMSi2%O{3DbxdM`GcnXG*YT99~P3S8;pH=4K4@5ku_%ZbJv zhf^Q#@+Juul|hBi4yojF;m zG`q^)M-XuAJzIwS{$#ecLSM0Z< z$W0ZD!3g>`5%j?uP>+q*MKPzCa*``~%m$}Vn~iweQTX96>SkHr5ZpA7tdm8*epsrj zr|fmtVz4O7`Gzw*$zB^hv^V6}>+(UO^&Nh@+YYl|v`q>>=c+}s%hb8U5(8?S8E3N$Wb?`=Laak!gf)2kM-)1c`i|33ar!))cb*LZ+wo}|Sn9N5M17UhC z#HLuD>y8mo*(~d|o0I&$pp&yPQBsaFeCe-r9uk9qV?g}}9$vcAx0(gw%CIL<N%ina5OU%xGPnRfg%0JsQ>@ z=?@(&827zXbQfN@IOAbC_;VPHWmY7il3LC*V`5h7+anl}$C)AxVS8ZGR^R{XhSCD2 zjU8Sa@X%QQ0i5<0JEMWsI`RL)#*aJNxM5Rtxfqtdcn=lpB|bLOOBD6a#8LlAdWocm z37!ke)f+Jz^BcXXPdGSG4E|@A+?l>BOf3(C(EKAjg;&}0miOhzPea*zcrzS+?dvvo zpN_f~8O|WGw1>bvaMe^%5lYPcdBEQ{-M}bLM_&;2-hEtj$pzei8K{3jCS&lEkLug; z-K}G9*keCM*RAj9oT5C@!3uvnMa@xQPyJH;h!HmbZ&69fj?Yx*--d2AGzm@=dVp6I z4n(RDC-M-IlZ{*yV&3(Hb$(kT2i?Q)s{X`Y?6rn9vK~m+ylNaD6SC6Y*zjIE0qN6a`$OsippTkBNfD4(V}KUdE@gN~-x)+vu?(piqIqaV;J_vEqPhc zMXyJr>COwWo`_I6R1P{*JBNt(0S%?l!qAqreNvHmRwb!PeHftk+*j@QO|Ia)CZCFP z--i-iv>Mt_ECq+Bs`ioE5p0fLcl`ZXs&GQObQH1H6lIwmGfZP!j;Gy*{WyBERq93O zzz53(<^9fGa>fGLU+TX^{6W!>_oryI2rI_h;#5@QxhZJJ z)H*B9Ntq0J7U!&o=564T{!Bry0=KGb9XH z-#$pgDA~far7WZ4WY1|e!|q6`sA-ddl98i2+q#1Jh;F{?TMM+=MJHA~B2>UT_r5!u zt}Jyu8)}7Tz~kd9C$4{Hm>r#$kTD?Ic~_OW56SbDlNmpn_lHEE|y@59?7-_PStYfs>Ar4J~;APxuy+bC&yFwJaBwHoB@ zZ1{pD<>4AeSE5IQ+w^8|im$xE+n14M5W?8T6G%Lc;T65ctG`S@ZB0!4f-A1gkGC?= zi%dfjIbl4AY1$#^JQ4T3sT@TxbK3Bs)BlPT;Ui}&CI2;IRtS$z&Y$g9euM}7Q#tYh zf@)lClL8-|;)&OLWNH+TF5uPOC2Uovh}2x$1qeB@X+D?p%olwIhs;)$9-HDv~N zl}tUP+JlO5+ke2Ee_!T^h_#%ue1lGNMOzzMYeCnEqOqZyp%18b_sN}LA9bL$3NFC3 z z=V$tgt8LaV6Qh#Fdx$J#y#VW%s3*V*{i`n+^(L;m)c!V-3Ep8VJNd8)oKq!ZTv6+( zCz;O`bxZKIq zcEaRW29|rERJ&zPaI5EsBON(+@cU6I%IwBG;tJskk`{*3Un9RI7E#V}QKD*9G=B0k zziIO^S|NV;d;Nu~Oy$qF>DmGXITY{Qy~2ewzuF+;ewzR8bP*hEZekD!upm4udU7osjIlK65eb zyFOuy#J#1h3)a-KZVwjBY*T{w7@d-9Y*Z{eM#lJi4CS<2NU z85d$F%;ez6Pisq*`<6+@CePII(1<4!bRHQJi>9@zX|Y1K(SECEm#&_h`{-D(n4PJ> zrV-z#TyzCy;+v(HAdXacD3!NNf?+Ug%i6`yP=I%1w%#JM-cAnZ#9{RWGGpbY%Th&9WKQLQEdy4(ymoOohK!xPV0t3`_4`m zotwWxo3dGm*7>P8Ijj~<(8LOdThM${g+AoQaOetUdY!{_Ca^C0=AuK)*(0Y8Dq0lz=xhkBgLP+t9_{sD zQe87oyZz1Yw=8|T4M^+uas~*_HkQdBfQg>~HH9(u0i}|**DnaJnr~~jfvC%VSbmx*UV(kup zLVA#ZwM#mY_p%~Ww4#|iG3I0Xqm42f1m!MmF(}!XCs78XMsS~`GZ2U$(otpE_emI^ zE32tU&B{Kt-*STk%`AYIcaW@x?oAW){{TBc#J{qEPj-v!ymvE#6MGfKs%rm+(a4g3R!=OkIV@#29 zx8YTJ<)u%%U^~?%&0>z7U2w%T+*d!OD7@hG*4NicYVi@p0A9=gV0r=G!HRudDfzgF zbu*amNQu3Y%>j@g4&AR%1bQ1u&J4dSwDDa@`iSbl z;q!FFWzr34@-*C0Rm(CmCzhKu1N>xCl6|4AnJ$vwo(0pu%mJX>*GQw@hwtti)LLqn zRM6zbh(0-VF#34ASf${mO?=>ZWITW;(I$?Up*q-h=Px(6uXhFnzBxaJ{P*8IbZ% zBhku_<>Jg0-qJStjn#StQ*iPz4nH&QhWzwIVYX;3#k{9zh=643;>>IHZ|zbqmL-?C3&%{wg=-6fKB!yQCHKi` zyYjcl2H`d+)a?(U(Q&+bAnf&(m{1q4*p7I4FmY6XPKZW$&{M}4^4f>5c3VvTot1TW z&IRS{z(!pTpfX#O-eDDGKxjqo`58_$M$_52Gb>+Bt5p z?pL&=aJ$gGfe|WN%_c&h$V;FsKmYJEE&GgL8}KfzeIZ2PONgeSAH~;?LHlDL>`S{w z@6COr)4K#XaHd|*wbY;^oKnBZ#$mt>ZQebgA8RTN^`FugDM(p#S6!G=Os7F{BDgS} zX_JJCg@KxKlImq@p)Zqz0K9%Nyf2^ zTJ{BvTKD)wVh+9tLuN7#94MI#i=KsxCcwFUJI zrx+!(KwcmV#k%p_zouZv9&SCG7*5;{R4Mzs#;Z472CELsLKI1dy?P}e-J&W%eZjsT zxbY1h{Y{G#I-EYw3?fElMrs5FX+KoY&2BLQoE}kI;Y7;?Ma%Z639!jPgbQobq?`? z)2A^WC9cp=&vQC84xPELz$U$%#1Q1PNyl)d}8#>0_&R*UC@S;jAkbuoQ zR)w6{x@FrV0>m*>C$dPzH2r5K5^lQC`1rPsQAbH0=R@4lBv2L%4=LPcne4e%XzFnK zhDA6n3Y``0OhyYE)#qc_#kQ?}#knvrRM&IMj1?xC?>`}#a^}UdYUn+f*1*mC#UQhb z_1v5u2UP2knN`NHQhM4-1%?y1m3)0&4t3?Q*bB zlRfspfx?XjhoC6^$gL8+DYFq-_^y!pn98Dbn%&Tx=FnIM?4|L-!S3RWp90wk_Kr~N zrNmA1+hUFBTzHn%Ab8_%c1{)f=A&OwI%BSurPt4TpCfMLUJR?p-YYr4Xij$M*1TzL z$i%Htp5vNkG7}p6k!qUvJ)`D2af6*QrO#+Msf?hZE@@N4Ti^>Odt+KP?SQ|P!b^-< zmDRZyd6GJXhDZFDTzVnMW zi8ja+evTcR8t#oLxkE{{#!+NaZfRFz&6>(R5{Y3L%({-NF`|b9u?db#QJL*S!f#Dp zXH2mK5yPlnPA7N>!>lw_ix%qihip&=RoZp&@_q+kVqHg-+flrgS!BVr;b*MMfT{-= zNU`H*5TDB*(Yi9mS!ogV4p)D@yI6{WdeFU^VD)3>K(mscjCy;m5$)EdQ6{R{=Z)Gx zR-Kly9!D6}hBLKF1XE8&);pP-cV6oUc_mc0jCPd$$x-MhfFZp5Vw}clYGY&`og>&Y z)$3|5DvYkNvW{BL2cfP_7W8~1q%}ljsX^nLHwo>!cfcHZ`%Srs9u6Urr6Tc3{&h=D z;E zAEQUgpYV}tsW;)5m0Cw_^TdTitg}6NNMXEFEs&|l&B)XDs8&d}IWv8MkLVPV&4_3m zyN_nKgXtt6EX+r|$VFNf$ui+4kytu$A}!%xE09?zR&MvFv9)I&B;UekF_^y|dDUL* z8i_Y1fl`0*cGNsdbF{@5_eIExhLg4`TnIN`Ve=cljiH|+*mBpk1}468nik%3(QEAK zFdmfjIM53MSoE?9GsB4zFg7lMZ|8z?PYdCcg(l#1?Crps%FCiu=_YK&6=?`16^18m zwAV!QuCf+PaBmd@KPVl(HZ3$s^F`ebiB6&Ya7S4CC8qvHgZIL3goT_Ncas#*T&|mM z)AQW9U$Qm|8~l*NwUW65c*iM8!!@&fv{QAduTCH640A6aDLp>VDR3F=Y(z%DnDR(u zRPm~w@a^@t&KEFEiFxqj;Z7ZL3khUTUlO$l$6d#iYW1XYVMmSfy)@j2#jA;ocvC$& zbw10a-oER^qt3NS{CFwjx(~uZmS0T`;n#m}iGyAeiC5P|I{oA^WsEMCkEoR!T%0vn z?oEp=@ySL~wjYf!NtIn$7W3YJ>{Ns8E6phHCsZ3>_aMoQFEWf?J_A2gGrP$2qnEqK zh{P)Wfy+)dysv4N?kePpL-(A!!fZ;2Pn#lQ3f>H>@ff&Y$x%LRrc?O&!laF* zqmZ7I3tNsCHR$DuepT)d5>8Vy&zCZM?s1qUa%U4|#;<%8xQzPI_$_kfkm;2-#$l%A zU6p8o73A6_u9d9U18!Fyxh^aI=W96T)+lTG%#%{YXjtI_5!62sM+Dhhhk+$vR)Gt}PJl;J4uE?H zuO&@0o;k$IRG@m2NveCf#Bgm!Ut$&bg&gh`%|;R;Koddb(;d(1PvID@(Yr3=lRkRf zZl5KLZ?y>a@MKE|F#8mAbTGqb8#k-guiTFsoqDbd4QY+~&NMp%CaR^e3RxN}-am*Yn(F%}e9d6YSo^z{Pd*iHSUQyD>qF&X?rqWvKz{ z8FG4U=Q;7y>z4Wfaccz(G>E1;2M1rUUknZ1g>1-F-KV@LfEHSLRdIIz*56RzvIs@w zm3L#i8zM$2g-*`;k%a$q&A~OXTy1K9E3m$&BU9Vxf8B}S?W|ny$AVD;1QCp7D zRj=`={(XNsR(G)!HnLI12No>D8Nx1sik>*?Qn`XOXM3NbOg{aQ@5oL3e!@v&x4-&) z!WHlCA$qD{d-}1vq5JG4ftfluJPhHCiQae}e=6bf#^w4^!8Wq zHns)4iU5+PZLP>t*nTG9lY<#z);njHjz>lmbi1MmRNPCIwH88xg8gDHx_~Yew|;yg z@L5Lp{em%AL+10!8B$`5^Bz3S-Ay$Txn&iF%lsJlREHT_!k4C7K4<@xW{HrpjtQh;dtVQ~7tfw4GMC8t>y0(mpR^7#4!(~u~d<(ad zd7--}LUvY+?<&J`snp=_Q=8p??&wxS#~VC@E5ut|q*-J~qrlm|7|2-uPP?MB2wMtC zbzIa0l}Xi~5t(j9lQuT-`+zmngLZamSihP&(%Ib1@E0YLam=qi`lsN2Vy}sc*M>$# zHv)qhFgfLU6bmPB;71v^(O(r~2o%kh4$51ppj|B2ewKa17VU?0$b-?r*WK`T*5HN|;6KcfCGkYK*7C4e1(zXOFTv&J*an%>aI* zcV@jOLK;$^7P@J%&wCMGJL(cRiL%hF^0jB^nRM9);WkGH={e;Y6#z|!*h^BNnlh*H zqFUVjx{nlKL>{x`)#aTd}O$5T%xDk?-l^cH_dPDl_3d znt@+=GYe%LcYQE}z=<^q*g(;J2YcHEv4cjvswYiF;GfdUM!2zj=Sh z;A+!FiqV2~Gc4i#W^rYo1V!R#YRu84XuCl(G<`ADFEOiqMqzuM zg3bISzxyN(+c`C(Dwnna;LMbQIU9lu}-pY0eL2gm~Qan_E|a$<9NK@Wmcsc0*2xiaIEfSc;~v zwr3xyBq$!+^;2*OUS5sNG3SAB!@>QP#~6~^dC^TK+jjB?{d4&)PN4}OkSVNQ*^`y|x=>wzE3#^Y95H zI?pQ`PCq9}J7$biHp)bj4brI}$)OO?oQ9sCFqd^Bsuk^>tWWeLHGTaAzu=v^?LRQ zeO7)_Tg_2klvAU%4vpksizR6(wAoUmfTk8w1V;)HW8v;$-8kM6H`= za<93N?_xjk!luxybn#6x1c(^1&tOdR#J2&<;eW`83kwAk9V`x87atZye<`13tO~%< zT!#+nA2bdSIfwmvdgK2&Yeneh=)Ku9GSt{Kc^08{{-^kxad{)1lp{Z-r*_LtuS@x0& zPq0k(r4u}*gnK+p9a}xJbgQdKu}zWUqI*7!IoQoxZoGQp$b8c{S}&dRC52s^e>DHC<1!{bf9L z=Ms`7wPlfp-PWD{B@TPIPz$f*WC}PMrvswS+!C7SRPQ`Hpu>+)=yv-qKIi=wCr|TRriV>(h&c40`(! z^z#^w6NrD$BtG7s78%g`lB#oS^8+vOt4Fl<|59p{(Tp2#H^HZY*&#c<=RJJ-sr)-q z7Xtog@y zg3udpL_+6bPT#Btu$avEuC}|sR6>6WI341Bgw47toGAY((T-r9P43FuzsH=rQvS&( zdDY^>)o{E9YzGF3P7ZG=Y58~bT3=3FTAvc_Avj*Ul%cs>xvN!^PtC^zAAwO1D12!- zN%yH{KP&6gP7HsF@OtD8?mwD%BChx(&xxEx3qII5Ig$T}vy64%z_?QVat5d{oUYqy z%O>2G^~@G4K;BD<%W)&#jWwqvTDWH;>a1%wKWNwgXC{eYTMlM*4N0%)GL!zh4;rrp_J3Ki)yzvpat z^ktVm`<*$`;`@IE05Xy2~sJPrObhtRBEmi)YJuZ;VJS&%jtzP+ya z^ea7(sLxM{l)7yKz#PE^ces%SP8+JSNq=;~Q1>b89h~P2Rz#KPi9Es zC_=^a3tePL!sb^gs3`6BMoi2|BxV>%&V<78PKhJcI0@{-=nLgsObK*V2DDRxe7$h1 z@pD=JM^ohYBAK4k176oSz421c_er>SsPlXnH1|OtXiAE&>N%I+%ldqmYC;Ysy?Ecy zvcB-aboZUQ#?KdF=TA#nIjh?5ZPx@ci#XkQaBsrM?a+xz^+&b^$ca*tBF=lp$F0nz zZhkmfRa{)%q>6fD@wI3&PBh4xcjA8u6Ou`2^WiDABJnxaRgJKEZ_vFt1lw>aW=|qyw~BdVr{af0&|alI zozj3Wm26jeQjL`gi2z_YJI~-S?nx*WoK}@e?6Gi5RB1f1g~RIL+_H?+kUXM|(m7Qf z`V(#l_k+DiS`teW1|u%TwSHzvQ|>jdF9Q$A|0|}pBn{S#>SkLBM+vD>AH!?yX{mAI z{MBiF5v8dT1CMlcHL#H#>2bh1C;^KBN6#D?iPtBCr-o71F8Hf zoSq@rvo2jhXw{S&Q&ChK*}8GMG*`|=&x!O~=dc|toLQ^)IO!V3o&nNGqWm3!k?FG* zmB&VY`Bh1E#eQQ|G1(l5S5{baL|U`Y9mI)uUPX#&$B5j6?P!3Rl| z%#m$;s)=12Lgmh*eTj#j4(mzvA2l0s`c3H~MOpLIc$Zf~41XXZTt_#(lNq4by8pcS zU}elKHEM4n^6`olDRY-D`%~;emM&+A+-n0v3n653@Y=NL%iQWFK9`bnQX~-8#5-mU z)|lAbn*qWo@!82SB^-(TxsUvST zC~Y4~dArb6Dl;ZV*_iWl7aokQ9oxWAYyN^S-?tA9kD1CeX>NM6 zttntBQyVBZ{l6Du#`Z)irziAnrtGHt;DN~%$})%b>?)NTw!i)GaT}eI)^iCJDJ93o zeFyv1Cnvjz-BllAouwZhBn}YQ9Gzpd(r#Q@Uc{JqH5c2v+YpC>+8+S zg}ma&SqfmD_fs8v-yI++pix$e&$#ZZHXuj7uTss7X2xpuP^VgOtz@E8X(%3BU#;@N zb6BqB{&tM%oSMPfnkrI3=&w$-kCoV=Mokh?Xh8u}*&NT<#!C2Ooq0TXuaRFaeWs_w z{?I=-htG24__N6r0rhc|B(G@k8ed;;;swp24l>kGEGxUZqjSHs)>jM|i8s%rvxs{s zuc>B!UJuSxE+V5$L<6+fj|iZ%-mtxE2IY0QPy{oueK5wnFH?CwK%qgubgyj7w}(^7 ztgjE>F%d89Oinj?$t@kkEZ0MEDD$B1iD~t9)`JJ3eG^lb_*Hal?Rzgd>m22lo~9KM z@7O{0i@rBdCRt}xuYcZ5Z2iW>7UwqG5+stCB0I(BjjaO>y zrbG)_(_Y@D94kfCNK7`S%|;DM+q?}NE%D%c{8g`}kRPzS_VC_Yv~;zuFY#H^qAqs) zQs72Xpo{7zZQvRm_{`b_r)i$U`~#GcRL;{+1`g?Mw5Au0T&~pFk+aS_JkHNJl7X%~ zX%BF`MsuHvpDFDZwUkxoFBSGnS6g1rclv?NYGy#bL^xaBMHB|s(dXI^Cq-8wGonT)>Xtn&_eY-}Iq;O&O zj&RV-r+pazm`jw}MUB%sT`-QqwLg5}23Ujglxr1U` zMkmlR>r@T1ce#T*UY}}AW<1`b`#2sBuSA z!F!mzo$V!z4BG^^uE#pK5+>T{G%{ObS#^zG($+=<63X2xv$L|=G^{ZG6xad6w@HCBtapU)=B#PtxG@cs1={GMt!LtC4CfKLHIQ54nJ%UF%j`|upz zec8>3ew;vyLKLwKOsOAJL_b*rFy@T&y&DNX=`CRPHkbDb!1tCIc`_tLh*O^Al>}|P zgk3 z60@4NSd%~mn^aixm#B4RJ;*E_nfUVg=G=!$KR2f4d<=JJhjFv``luUjGeW)_R_rZR zDR^~aSb2j^j$XX9++U9=tsoNbU&Z>;H48(?HpG-rg)SpB@SKGB{(StNz#R6h%5YyM zQLkKkuiRTt3X|b}cm6p;zHQx$*w3@(aiBb}CkXNWU`BY!8P2OJCh0S)*AS!lg6ftW z(%Raxe(%vML5z_=T$it|!!6GGFV?lZ&t-*qV-tAro)Q~guB*xe>CBYskzR_I=n5Q= zWXN+zex4g2Qc8B?u)mh?n*(iBmXB}b(&cI5j(mu!L+mnydX>l1OlMIz0WxfPibjP& zS)D!H?g4h^@(bdBye##qi!=I$oth(FRCyvKYMeP<>4I++}e~3Y!y{= z9o~I58_Uv{0Fl#acJXo1im&M35y^Jb_+$-9mYrnH<2bHA=t42znVf(p)6PfH*)v9m zCKeb@PvVNj@cia6s@xUu_^A(Wyh8LFgJuc3$GZA_=?tzAnv9w+GgDLvhGJi1Z-!}5 zwQ-qofYY&y3J!$xz2(hz;4(POT}HqfBds-HjCA+{eD@?j5;&pWi;^0?jNTKuDxS7t zHePgo-;$O2ns6?3Wfnd;b?>??yL6R>63$w8QtR4xF=xw&?b9x&Rl8&s1x2lEganHp zmT<9TgglXVBYFzaLg@+HeqfK*V@Sb0jOREe4hP13H=6Y|#wCm`@fn%|Z!2*fUL%E_ zacC}}#e1%|VX1{jvf76-4>h(@E?01$za0<8H-D|-?Kxo4lusPfZ?x86!nJFs4P0|r zcTN>_wcrMZ-c|+w-~X@`K!MKkBsg+RprJI2v!e^7|%N;Hws`e?2ksGb->J~cJpYGOmyrM{i z+kU&Vg~Fci#$$40`28pDbSWR|<^_#F#o;>^gb23LtUY*Ty=am`^w}W4sF{R`^nAT< zaKRnYun{W@Gwc!NXQoU8Ix=k+{T=u?2 z0x*LqRw#U~u|Puit1m2lEGroJ2js}TELs%vE*4Tf+N8|*n59OzF!9u%{7oc;RPa8x zf3D7D;uPcb@&l3z9HSkSXWw=x+Mp*Pu)&Pn;8YcSm@p0S1&~XzOp`fj1+jm~`SNXb#dTuagLjR|&bLtTWK(=k$wr$(CZQHhO+qP}n zwr%rkci)+t%-i`3l}c(qti7r&SyMXH(0lEgc82eDsK~)d;9#;#U(+3H6{;tZLuv0i z5!c?7CWWT1fF4gJX9IZuv`MHcCd+)lIpqyD9*$K-;dGq69$oz_C?iPk5pC%6e*oEd zz<7}iaRfE~1rVBVFAc)t)sAiFO6oZ~+QM1YI%WmI6B*S$RoCH(T_ao|L%B`a>=|Y8 znLqJ;*&aWm7@6Q8+_)Btw0xz7cA!df#F_d}mK;txi=_uM%T_NIA)rfGwepHf190qy z6vIoP>X}^8ZDJ{(G_B^cV}^MI9q+*_4T!3&2S#4on2!5>=ppxh)<5wux=QmE zq;o|62{)9?qj3!FY`@SF06%R&WCCK$?49Fp;O*Nu)%p0E^9z*Cnn>_Sgy(f2MAMw@ zInW1Zt`9rTG?|iZJD71x&dX%yxnAEV^aVt*-m{x_kTL7*gm);79GbXYi474L9B39< zwR6WZ;#+5w{6LqhX2TQA<4NxyKV>1*olkuNN>03V=bIPB1qUqghot0YRV1EsbHRN7 zUPGH=J%`wv3))pWktRW>5FG!D6AUu_DRmyciAVE-J-R19|4n*Yrx+ES7~4Y-z;j{* zY6}7)8lxlbaFe5pnw(R2l8Cd#~dK#A0(3( zPAe+Kb8E+fOI*$hwMXnDd`8=po1WV2Wj1ub9ZyJB-!B>aHWB-^y5KA6n!Cr9gM(~Z z>>2b7g;6QxmGXsuiNW0CILjM6`4#MzO%UTlgKUc>*bl!K`c=C8&XZl9e>rRl=cxdiGZkeEsBAf ziq`K}B_5wK`C7Obh&``-a`5W;O`Q`f>iy2Vv}&eAU5fu)tmO5HD$>;~*~4{RRUEHDqERBm5^ zl49a`Jn*m|_*BwG6p~N~wOoyshbX%cqR#Ex{v59OGuUOWn8NU7L?QU?2==j+cHOvO z?TLQ&txkFtA)mX`R1n7&>K*tV?+jm@0hkj{6h*PBwBuXU6g!4Rn=PrxXM@ zkPY`fB5n;=N{)(ml+G({GD{?_tx6o%U9__a>t5v?j4^Wrd-cP8sp}n8LO+Ty*9rTh z3~SbpCaHrmIQ>Zm`uwPeG$|G0Ok;dJI!J3Lq*+Qvi?bNLLn+HLvm^H(t6}<%Q{Gn5HOKk&A5|D?88c~{{oErhUAB0}t5T+6mXr_S& zJ@y}*h+l!3PW#+s7mm#Y!f(*0n1_@pjbn%iojM?Rjr}tx94~A?bPC_=(Jq=;frZ zkVjGp@o6Q#3QL5(+~ZgSaJTDbH0_qXWSilVe#|QzT^m@>&uwn*L{@2dSlivBHHI^w z<_NR0|K9Yyskl0QYEK&Ip~#Lek|nC3Nho7A6Q?&^09JI7bmLgb#9!iep;tQ@4yep? zn)D!-+etBd?1=w;MkNNoIf;#D)u!IK(0w0@H8&?8tZT*GtHqz6rm1ZkPn8=51&9kq zJ<}R7ElVy{kk$gzFTJ}fi>Xdyi`JT!7j?yOqv>}haNc)%Ugm$g{wS8c!emD)83xsh zG#8~XO8-ocZ3-d7Pcm@)6{PPnP;-M}9>wT(YV@yHrRf+iRwzAs1On=*&>0tuj@FMA&+r#q-t zN0FyKIU#n1gFr1ieWT|76tijWt!ov+5{`=(rnSsT`2u9CouKf5>8nkolED_A$OfA?3xVFR8J1#$_x1 zszZ>C>zPoRqv%tqPo3{J{qjCHl**SqVHkOt-2_!==6(;!!!Y=XF{jEN`uCUh$ZOTv z+BR0r@p{ZH6fQp#QZFl>;8NwL&GMKM+eUki&RXe1aID82+E3YAwd?4tbehnlh#)hI zf5JB->rmH=ip#cj@gNxFKn_|Ry!YbHl*Za#Qe_eos_+t7RqhZPsDY7Ua<;R3@pMxr?&z>n7aWMs}l{|wb@v!{Xw#Lv6qb1fiCxaZNi7_&#^P!DM`x* z;+}g*de;Ur%WDe)jRS>XZWi4!sl5!Xr&o|a=1Q~1q*=PpB6ashv#gsYTc)IOi3h)Q z(!FKXUv#JT;+UrOXojXO`YmW!oT?4RLYQ6pO}zQqtL*ggys>1$HsEv;sbk0K{bX07 zX}UJ@i^IlSI$FdL=DsFL4d=nua4MT~D?ku215QrFaiQ|0u|jyLKjemoQtjbs_XY!D z^<&8QXa}|cOa%j!Mqcxt6n?OkE<7AeeRsWH4H+DkiUmnt&v=kuzfrB(bVE@o<1PeC zR;@y#lgimr#wew$*jU&Nrm1<_Yg(3=-y#uD%v1gZ^6e&LDNi%UpSyL3oV>|&>lzAA zo^VCb(~VyO^&widwo}{G`L2NrqPER=jRZ%PS!!Qw-|8upSDp4NbwK4~>|(ODB|??L zQ?BIns01#t>cu@aGL^M82E*+`9#c?!o03;kBPiV5Ca6aiatzxc-MVm)`6Q{$yd3Jq zalulKu*w$$7`=_FV`Wr4q>z*cv{QfZLllF98n1$q?WHS|fwrJT!J4fx%WKfgDjsvf zI#5FYfhuB@I;!dzW4JD&^eDp%BDAQ$7C)FIkvJ@}Z>k4wi$pEJz$NmAhm z$ClCgh5uE6aciiB0NjNw*rUp{H4lfu;`i_D=zcY-xDB>XBkZyAB2@gWu-;{y4WH;= zyP@hI&w;@3!AGikL$ptQD<8$nRv)|=q`KYmSCyX66>41Ov7fketKsM@-5~_Z3=Q8l zxiet%7lV{1XQ>*R1T;xDxQeF%yr#Bs@HfwAMu&J>tvs3-fy`IzaY{~+Rv9;K?OnwP zCikZV%jaW-iS0GWWSuITCs`N*s!%~N)R3)^;^|YbVw=IC+mSsUT37hmRR4>tzr^u~F(nPyooIN&*uHwzJe#`Fq8agx;k78Swu|L$oU0>j+&=pAc6Taz&FvORxH# zN0NH3`&1~POc3!Q^M?xI$83kfW7{~+*#O~w-%*6L4(qV*X=%YT@tqWL80^?fl=Zy# zgC{r#XeT5rdcE>=?rTr9&;eijgiT@VBYcj;Q8j`59j zxFBq@KCeww1rDGVg(84?u@Nc3QQ>Q~?=Y^~9cB&6cDW#7cSOe}L8!_c2Jr%sEbzcF zQ{NQ*713PKE+(DYrGvm+KL47G`7|h5f@M)X6q-h!mZ1bC504=;Y?t9DiHf7ZAg0#I z0|Z?dkcDqbrv>zH_pE)(7VS-j=R?*y?V8Qh@(<)wPc#l!c5yk}tgXK0Ich**)i+<} zcVzH?-~E>wrs%LJyl>;Z{}t&owqQ#e0c?DDkNDOWND?gC5?M*nUf=L_oD1~>8!O=v zLJR(K(z5ihiRhjlNT{Tn6QUn)X6Pl%r#4u-7Y7CnIiK0xz0PrAxoOikvJ)&(G9WR+ zmE3vvV=Mi-JS=$N>=al+1>uxxc89Rg9a;?Tw(B}O?%J4O_6zxDsS$rHV?7NTlZ86X zawC_`M^Xm|z!GICCD_SfFHIlfwp;J>Rb>4}a%OGezcS=-KIVkQPLCvYF7A4abdHqB zYOV>XK3VgUtv@=|;PCSx(rr*&_QrN=8C--)bmO%Aot9pn)RibzwPFQ^%U3jab}^qe z)PlM1rYw8DKU;Q64eADHxl)bcKHluXc~<~8Ryk%Y&#DLpKFD8_k@4p=5Ot0n>|V7p zGrC|@T$=x5tu5fC`wLhxf1S5&0j4V$xM}Ym5ZP!LGb(7zIT0274dN+UP-E`8e_{~Z z7YzWYa&hlV-VEej$ZHX*tEhN-WFZ&MbnFm{`qeioS9(v+@zN<>r7vuWNq7|KWVzPR zV{{z3V|(?@s}s}j`!^s<2#RFM=#&Hm?+79ckt%F=moqQd9WW^9M^aUwV-Y8xqVE7GaK7pEQ0P?UydJXV+{PFV?WxokL$LFU5OMk6BRm?RTS1$21b(BDaAmTmSTwTh%GHPB#`Qb ztwWOh&R$&fIto}XM8(K0zH{RRm=1cXHHIXWGj!~Hi*L_Y*NYRQ%$LIHUIYc{Lu!IL zrx4Yt<-*=^>1ss$^rx+6eKWfyKp7l3wB?}P`kD(*6UIy*1q~+~i1e=@0{l^?5iGBy zPA*neYKOG=>rdo+%YLRrou&BEXi2I~paCoJ9(TWpJO{VH{!_fGO{0ugPwKMpa3)=0 zyIDW8L|UYgEZXafMEC6O3GvA-wTH7t1}IVZATey+++*7Y4e?IU%1~Am%0jto>UQ3k z`XAt_$67a0CS}>`IAi+MYuovtHv#s#YJj0x1@615;rs}KP6o)^D!LgDBW?DzCLLR5MNwQ!;!jAT8|vC2VgbMkUGFbF z9wr!Ea;}noEFgN(W^@u&rE)MWq@3m1xVH04gpO7W4+0fnTBeBjxG zGuakm42iuj@TP&)?q>XC6aUX?s)jjD{k;pm1Tm4gZZ+;jQT3t(v?DLv$8ZCLaw7ek z%9bT$GQxejjC@DAVV1r2^Q)ITzS~-{s`XTI2(pzkbiHh@H#Y;`jnUTzb|7kwY2Q*P za-?sSeKn=qCy(w;hO1I`MJuaIpah-18#QnCaF{kTq6miwa~r~{S!OSNcW zbFP4eQFB+lcJc=9pP!5!C2uJz@*kN8Eq(B+pjgQN=c&b*44Wt<>Qp56O`JzufR$px==H zokS0Y?hau@>M3cXFdb+$mP8_Ei>cFE@+F@7FZC!n{QFn6@IvWMbB?1kSx&pPItXXO z*qR=^6}cqdpG@K~Fw?Au#BHTUPFVb0G%?GEt)Q|fWO-+_dUT(M4^jXSNfg?6QIm8P zL@6$3rmKm8W!>zJ3M-jTwm_#Ii)Ff=UBS+ces=(2KL~fR!QYdc0yRcj{L78f^-#wC zs=fOJe=X^2hzk~w7)2pN|B&CFgZh>RnE8A5lFfFHb$C4`$w2QP1psM4mcJ8G$#19q zFAMZdUEzZz`rhR~TQR5ttQrsvgeRs_4~EexX|tbxyZ{9H40M!sH9hNEC%31yGK^lDu_mCp-+eGBZZe>dOJbQ>y(*b_hn)?CW<&p!~x{uh2OE|1MOS0yB%cHfgbhoE|&sUQon+^>^0aoSi zOxstHhj1C4uL=N^Hmmdeh{(RUGbhs=qziFf9RBu7smXAAbxyM+VNse-VV#7VA_T35 zw`#MJ;Gg2pHBAYiGM?z>c=yS8-9PbnBWLikV2P%}lHJ%EHj_^LRbT&RqQJ(}!ISls8BX!^;D)Dt!#rRuXZnrF3%~6cbEHVVdZu zhh326{$|o&YT+ePzNA3K-@nH{lTS9OY?k<(It^2(8D=96-kfSK%V@R!wPp3@_~11F zc^Qb#vQez)dvsL#+SHv3LFJT#qp%S{ho)~%)OtxRAX`#B)fskrTtOZNBdffPly-)j zZawmn4M`8V_2@g*APe6~uEWhY@^ldH7%4EaI4X86lWAx%a%M~oPVxn4PkJafiL3P^n)W~GkEOgbma&OzPxxp+iWsW_cn zU5et0D60vm&rqe*0dIB0QI&^x`?^;I1^FweyLJ!*i^mu$s+sO%GBJONG5-;sf0O$ z_?{Tuyj_^UHU`IH1O>u}hT3%8tzsh#qU3gl&IsuJB_GZ{WT3xp8!bOlNK7Tfe=JE^ zcQ`TC>K9iPGKrG?GF`8ggMlb*R_%Y-;_eQ-@xr;*W$R}VR{5-KO04PmXv>588~Ng> zo4raTMSBj4N(op)PfL*fY86E(D+n+#W2=5^7zPh2WH4;+6?erJc?1&tvNukYOYB0o z>74QGhn3PqcVy7EkzM`mUYsJ6tnyjndtkexzMo|rTRl;ilgx#ksFxG3B?V9p3&& zOa3`SFHuheaE?{V*HD#?aoaX3xrqL{!GXlVfROroH6TKpy0gXS)|Zjq7i3S74@1a2 zD%{h~@~YHfFqE2!)0tj;4T@vW8U(+yjLPhN2Z-PUG;s?WA80^ojS_%paME94i`~Y0 zQR8C5#>VCFbZ&8AfGE;-Tu&rzKzU0~1*-u$d#jcz`^^*b_o<-6APbW%WNFsZVELPh zkjdsY?g72McV8A&qdA3`eIaMXPtk-jmQ=>upnf0(UqLkC-zt4xZ)9auFb@JXUWW;` zdQy!Twt)baZ$+a-{eJo-%E$}{G+A*yYs0mUg#`}Mtt$-~&ogR%xs|E(`k^4v3c9PY z{?PmBpwARlEB)0r0vj*ubYt8g1YN~~ic+mm_?aKOXdm#sOuSf^tj)s#%Km|!@veR~ z&-G|ryh(8#>X?FVHQ6Ro?L|BtLs2bhg22=O6;%Nb7ImFc-idCwwtKR}%V!A9=_eZR zzraa6aV{xwy9yx3PvnBufdbMd+jbykzC4Vj=(&18;0emID2#WjZ9$e+ zKv#s7V?RDP@8;ip$-bRa&re7V7@8om`?hX$9@6eKT?`lQY4Vt+y+d}anx(aA$&Gd0 zVEgB|^WepG`T&>&W>hy?qln5U?z(0(P&#F za2=N3a|DiPNSOu6M3=ErGQoGW^VWUq8|^o4#sMB5MZ=id(+4Ce_u|LgnQ}*ZPZUHTmN6PO%{pFBY}1t#DYn~olWL~$*D)C$)jf}l=G({apT?^4#^??G?8kwTj8gDzXd&KQZT2i4d6wbi@r z9%frtrM$QSHJ8I3&QG8Kq`MwIxWX7MNDA8aU0SW(y_MGV{TgOkq$K&tKI_>8uGvsn z2Y=%@6A6-S9*8O+cC}vL+X-3FSt*8sr0}zd?}^QGEUG0LdTW^vxID`wz2l_bsfD`S z@g|MS2&f*zTDwrOxw40L<1<<+!QJIDxs<_4_ZURrlB=;o=9GZmcX1apjayiugi0&j zPCI2@`%2+S(yy7w2V{p#7il)K>Iq#FafKeG7SS}XngyOu|2S-@zfqs^;NqiLFBVSJ zf@Xd_G^XU@ak@j7go7z^Wt|$uPy^u!E+?K7TjTNSG)Vf8gbR9rL z5Fo+>F8rs$LZFD(xACRUpO)@rBl_h6zPNDoFSZ;$I&P4F26Qm%4pB>NB+HB|B0f%U zPz6zH%Q-zR4eb{)!ORHD{9K4>9<-QtRN?x~SIlAWz}T|?39Ks%XskCA`0VR@6rScU0sdAXmwx6dT9qGmr_EkoDdoXQ~Jr<<#7)Qf)ZQ0OeCqvsv9q_ zu6cZUjVA0X@z~jeBvN`dhr(3NmWwp$+Rv__s&7HO=4Ov4N((dPnkuNNeT-}YCITUJ zV|*FO{IuXm4MC9DU^=4wzP?55F~yJ@F9#C-!H1!e5BGxUI?Qt$fMawuWxFDHsN%BZ zljV@y%8^0Mf*Pq$KJb1oDW7~?SA1Cn!&z^p=a1q9tCq{T`|m7*hq56}v-dO+HdCx% zqrVs4q*up}$l`|V;C7hpR*X5sMIzbOlg{uGqYsSIEtl(g(a9H>e?V|whc-15W3_F& za_s(G(j{P&i3Jb)>~4uNs@x0ymE*|;Vg@yNKCbk{14GF65D^$z>h%y4G4Rt94_OHU6FNk?sM@LCu=N#AxmZaxU!WgBrB zqicPGTBbPw`twJfuJ~9JypR|@Yz9TVX&cxW;Pq>rb#6z|1^jd2OnWML zdQpPk;fLR)b8<|SW(%kK5-nEqN&ey(EG_l^lARYvip@-d$+(e4YjQdF;D_BGX6fW8eR69>QlOc<$1Fgg=QH`PJ^^Q;>HJ(!q%~BhCx#+jWWr~0r!Qs&lRj>{bJELP8 zj8<+PKV=|`mJL-Pf&i~A0BUV7el?#93dd-t%`kcCX^yKX-$dBjvXv)n`J z1fOb=IIgF-9Ze9V?w>nG_>S>*k#SPwjj}MYD_r6S6@fl6Pi8_JD0EEzpj7d%ZFg>& zHvkR%K+ltQ44Ns6_hxiG|pxOd*P1I0857TFSC40&?%f~2)e*K zh>PV_(-X?@-C9zx3;x4nTm>?xMo&cnJOr$o#44k7SakM!TM1{5o~e5VC%ryk;~*(7 zy*B($SI>w8bRD2*l*|mvaPK_^b+cJ9iL9^YB98X01PPEr_j{8oxOT}`NO6A7_na3T zE~Q|vY$S|ZD1Y+1uu?u|lrJJ@#X7HVLlZ&yAS3EaI6z%`N`YG~RCml2+CEt9@f!Jg z9B_0&qLbR!mNR9e5TdB*5_{c!;pHjeY*Db8--IWr2JZhp^h+G^GG+>@Y}|AaIMx2pQ`TM1U6iiT>@@}GswZUz>rsy&}a z+M7KH<1)4sNF`^*C7<)C?O9{TbTH*#862PYcfYw5G+PF#M>zDuas{GZYopVWi4YaeQ@P-gZXK z0v2H@M57?e*OzZ&u3KF{#h9VtLKhy=uQ0f<0oYyK&N#}xmw2|@h3gR_+Yf#E3m&Cf z*ANruGea1Yzlfdikrvhe4;mq%7I=YSUrKt32W0-_Muh%77a0ndupkl118NS+SycCJ zSllT``i;&GvZrlmKTW7+aqq~w_Ml9@J?G(oNUsENTU2`Nfb@HFw>1M@7Yo|#Mqc*L zB=j3YE)6ckn74_5Z?iuiWh?N_V%n^y6a3*I_QPpSR2s19~ zJVZn)!n65E7k+A2#+9HEC294`x&(W)c;u`vjr}`%`BK(My${>_3%5x^!zdk0s&wdT zN6+p_qZ*rAe{Z<$WhW990q!-0qnt-@lO6Y{xn;j6;k63|qU9Ew>470wy4A z@0b_Th^ktchIJp7oee5m7hCIL#GwV&)xd|omU?5?Ss#bWoXE>h8M3h2RFifoJ;2NT-Ll@} zTTg%C;gnbfB;zgD0V|V4Wg1eu3s=)qOPON6BIA>^WwS@K;5@FpJnQ(hasl}R#2p%+ zF5AIH`TaOLBygbxfv-EM_#F`4doO#}@F?PPYDDoC(-jI&5Q%T4`;>d`maLp=M>gF` zrKXm2BxA{?c5u_HCuWxE)n)EHf5iMQb=*HB9mGT^^&3nUi82qt>X8YgcGTWKcX zY-+sgE0AeR(7GU?pnzxZL`rjw;}I9&n3;K&V<{3ePL2RB>|lC<}RdIh(dfqj|nH7uXzxr33lm*1-SFsfpZ4MYIkXUW^Xl5 zM-h&jR1I+>Q0ePw($Dh|2Oagy)z997RKx$)cGRU`F5G+b)8o~>Z83xQn|P$bwT=T4 zHwr+CZ)I<#!IkQ&Q&>TsQz|yxcL1z{NL7%pA2$f2pymbn8ae&ahKTVq;%am&IDFQs zo)W35rrUz3>Zzo{sBR8bnU7 z-TMC!8;uqXe$&!~#mlx297ZSdP1=R*VE2p=L4KMyYcwzV<1W!OZBH%!XHv9H3aLwM zvBJ@ggrK0G+TT&B!G(zjweYJ3l~80veH|erhOa8WCFIer56s(}49c^Bjvz;^(3p`T(jdZ>9)@gl6-~ zP+6De*a_4S+6mXwWnRVZwpFs(rOq$sBd1!{K)1$%a>g5nZnp*`ieDvnZ|lIS4|~*A zsTp0=sqrYilOLcZKYp3RPP>PA1NMh$gs=qa2oijRliVegIX7*&HJQZ_$C89dR{3Fs zk)Fy18fmE!q?yw<4Ko$sxKX30AF^j6*<7*1R%E6kJWNUsoutdfF`0RoEx0Y=qDY%6 zQm1#;EKi%@p`ZN{Jv$Kx{`L~%f8n{5_1hDr;u$9lPZKi-Ge|ys`L(#a+Qqckh5Ao4 z>7XJ6AeX%NgQ6}S@Te==bgSVws~#poUAzs5f%xay1#BGVs-;Vx@1k=%1v#?Qjrd>TJuPcR@#>ZTBtHzWI6WK72`fZ_f<5Qn-MGj zk=ZQ)pzq>&DmgUClVLLcC3 zXzUZqaNzc~>fAAUmI6=@Fgi7B(kFw;HHo6A=gRRlxcCpL+nMiRk_pvSs&$ugUaSX< z%XpAfRb5hAw0#^}kG9KO1?;;w^XDllfWNxUG$%tmLtPP%UvufUsJLSO&7#_)u0VY- zYW~gaqibU0Y*MYO+%ix150dE~VZbv38>_KYEJ*Zd0gVZ0v2uAA^C;5Cbejb&wNeg2t6?rQkg)90+-fI7Z{aNADS^-f`=HoMrqu z0OsZ7JIR^!`}l8uD9Jy;2V)w|LvYKCZgwY{uW8y>{C}+pJ(GBi<=y`rsez}J1Q+!T zWBhk{q-Z)>{D>5%>|+~dopL37ToQpfed$+$b|A=oux(WQS!kPd>BjkFVsr=4aZPGL7MDw3)ZZF$imYyT(g+tq^E z)GH00!bFB@n)boP4_fLffg`xU4Y(6e=Q_aEpY^sXh%mcGgz!7#(ID1x-a6u>zZ5-h3BTbI8KyGYYqki zeo}%QSW_E1bG+FUCblrYpRf-z#pYVd%DJiuN~83N8rMT<{0lVwx+7+P5;p#OA2nfM z<7v`Q)&%S4qu1CE>&*3cqKctW)-&_yFAd)(jj=7MWiaqK$wg1CX?~k^#dflP;$tYe zI}=FWeRKz0lb_*kI^=EYU2grgbKVg|AM@tkt)nh6@m4trzuw zd@1RNGS25C;Zy*Ms1-mirGKKfcODGyd3k(#r9fWMQp{J8AD1_?Su}9aBu!>h#(uN4 z(CnNT4UbEY6FS^vfmHX0rd*4$4VRn(f%l;4ht*ZvWQPynuNT<{5-SRYoeDRD%SRzc)ZVkBI zA1{$M!K3Hp$%3l-eC(b}Hs^Rvxj7gC_4&CrDHZmAl;NKP|U)qJUhbxfx=TI z$L=liA=}WLSNzv?hP%AT_4+XzvSrzazxv>tqcXJ!i}Ac9%nd5p=n~7=J`$5rk$kw5}5^FsQLI+qw8q4_77ATu{)HL7Pj#MN|@<0_9XZCZBP$D$pK*Z|F z3%FtC{eknk&Q2^?`S&XE5Y4&H!Ap)Tg*tdCb6ze`MI@3NHU9YlhSM#AU@*P;U+Kh_ zgkevr;XDj@m0hXqcuu&IW!0K3$p5tcI08VsA@F*IQ$>G?A`wF!i8 z=Vu(Z+RA--B8mmVwUgFE0v+tFJ3fD9iG$%jcDS;raXOqU@3*)~$v|maY&cDhv3luA?ElzOFuf9Kpk)IOzWZ5#m^Zoq<1n9|)i@iazEoEE;0iY5L;6=fN zh0Yu~=7y}sLHt~?*w3nqF347*0|gsx0~!vs+mCz9TZ$DAQsn+q#ERi*79PSQmkj!m zkb{4L(W>AY01W6+k`v2=P}e~3Y>tZqzWl~q?fJB@$H_6(hZpBi5=(B=epA`xN3;SfyJ`M$PiVpUX1{cpBifxfD|x}oNBzP#@j-9dN;-b^6pMmmj%L!6=>>3_0P z8Sa-SNVpbX6)}7cbzmD$^7uxb;?HBIJmBhd_e#BE>tj^p&d+IQ0Ej#Y3PKpU`$n%kpZ#1;*bj zb6~Qr`Y>j&PrL^t(gOieQ(x0Rg)qTix-THdIN%*^PTMTX^TW$v5DcZd^)-UnGK@u@ z_j}6U>Xb|d!LH`xB*$WjExg)zFlfG9hiK|~%xjaZC-CvTon5N?Um#Sn?kfZ)CUMAB zzR>L6;#ckKt@XmK-KU)w<@gl9VPQOgyes~mt>3RPL+^ka1A!qslwzG;`y3@ez}e0B zPn+~;_D-@YAUtPzr-UyYzEn@9Sh{(qQ&x-m7P6KUAF{Ta%(vRld0SlliiwE8FHFXz zdSX-^q+XqhGx~}JJp7kwB4UYP6XhgV(}BvGk5N1}0~a!hD=O8kHblg;5}1E~?a_>b zMZoUJQMzLXi0E@RtxdzGQ1dh-n!%{H>ptO|nE`uOI}Fq%&KNM*dAon+YO{JhEu!!s z7%w3vIiC%(6*8x(5?XV7O=?#T>A7tmw} zD@>C9|EBF5U$Ez)ERel|M6r*BBUaB$gI#N-mcoQryRmSeY(%aI;R``lix-wHPk1a4 zR=1FRQ`C~_##61Zzkm4l^m{YJ#rRR3X{ab!Y3T4nDX%fYk< z<`*WR2rS2vTZufFdRC(4`C`Zg{Aa%$NU4D~a^xK~U{Tas07iX}DDZdceTWmR#Ymlt zCCt(u1Kh4W(v-iGPEl92sj?rpIA2PFgFn18xDVv;RC}_49SS6oCV1!*q=wV@8Z(lm zR;Lz4+ciS>^?;azsprdj$jyjv(7pWPB5C`zNXERp8)DL{*+?Vrh$P_z;l%=r_=u$h zL3x$ML=$*VP6sQ+R}HyP+(IjfC7xN&bw}($D!xob6gRQ=0pm1+E{2M{e(hnEaAhQK ztQdr8-y#z~Ur2S?O3{4?yG7Ke%CyTvxQ*&^8!tdX0N5*B5_A%vTXJg`Mao_xc>2D* zAMY@CckvUTbr|eTtN!PS2-Lq@hRHH!-Q-!a%2FvN>CN7eib1Iw#ii_)kI&!%;31i*VPiFH0=54Af@FR*#| zuLE*kI{KCSy>QPhRG@#CXd5%QPV$lmo3_@QggIxeERJ0b)WaZw0??ibvc~c^Ap9j8 zk<$#+5R>p!-^m-aSI!;k9$q5rCpH*JGE7=?iXIOsETS_wIA!1l*;b~RCc3BQPQ?7o zUApw}FHBtyroONWtUF0TwaP|0r$)smE|-dQb_^N|eTwNNRwu%rx*`XH302^1>V;6g z8Ul59DpiO(U%oeC4b5_phEc20fbIqps6{2k{0L&wB4GVA+W2{yRNWEEie;QK0bMH) zR>cOHy?Zzhh?Uk^*SZqj3FMx4GlFd;LQUz#A)l7skW=yHlJ#E*9fWHDdpU-@870n| z!SbJ6qfZ?)TYkkDp$|$e>P{b{Sc(u9Ir&C)aHH_@&h;*E+Exoe`ywy1r(6C1!J8Y^m!QDj)0M@m8^uOXsIYS%%=267Cipv zYckLYNvu~u@|*dOGHNY4L0w6KEYLKGON2=POJmmr1X?L}=wpg$S ze5}5#(n^9{J8ApD@ih|xB{Ha~+ZTP@A~}L9lCM-=k}TrwV`Bgw8ah-ex!FavX>Lh@ z&6^-qY0Y=?cUo}Ksr=`Ug*01$TU8NnN!85AA3THv1!2^=RvE^;cI2FbRfk1#d1TRm1o0w&28b;XX z-Y<ab3_U9X84adS1PfG5xsf6pLWiVCtCfuw=!rAFjS8 z?v)g4adC+(XDb1uft5$0Zu=zRD(FLCMX{QTc0ni263~)GCTIQ!zWkeuT(?k7EL)N-M+2f$GK^I{^^=RU73hn-aLTu~ThV1_X z?HUp~3T19&b98cLVQmU!Ze(v_Y6>zkI3O?}Z(?c+JUj|7Ol59obZ9XkGBz+d3NK7$ zZfA68G9WTCHZeE~FHB`_XLM*YATSCqOl59obZ8(lG%z?aARr(hAPO%=X>4?5av(28 zY+-a|L}g=dWMv9IJ_>Vma%Ev{3V7Pg`DIj`Th;{%LvV)>+zNMhcXx+iK?;Y$-Q5Wi z+%34fTYv-z?he6%y9KzFbGkd{?XSo9?$0|IMKRafd(F9I@23DtQWbSZQ8SPUPzq%4 z!pO?R!Uxa*>PUM!0X2Y5c0gxFSr=nlD^ma)6AKFmA|<7`6VTYj3S=)~>;mKiaJyIn zlucd0+noSxEG)c;lmKaa@n1j%tPbVu2OPAj^q zRsdsrGk_eEA`?If02834v8_1(Wd2tOO?62%b%3;*vZjhUEfYY?3g}{Q z3{DLQFts#xGB$MqIynQ}fnXkEGqb;S%NW}OG%SJOm$AJi6Ii0UtAhi`>0eoit7~XV zGXNw+l{6#)KrIG`{$x2D8YcPVV z#rV76jDPo@$;HFvuUyn5MI{s^|Cjr>Kr36I^I!e?9m@>dWGh=|CNSCG20L)a!HU47 zF8|3I+!&YNf^GlS0&oTb!GZpFdd%iv)y~ZSTI$UFI}=7JWhD(p1zB-PC3VTaRDzuT z1aNV+_`Uc4)yDr*I!j~cza%TDs3-vJjIHd!Q)g^%3fAXh?BePSAp6S(egVzM{w_KY zAnxkq^gA`hf4iLilik1DAqE1cqi^f&YwZ5tgKKQ>>g@H8e*fQAnt})3%Gt&F?})&E zRoWJ80{7O+{{MgPesB04QdB|#d{#MG0BqnF3-}aE+M9`k?Cik8oe_Ueg@hHjLoOgE zPv-x5_-*V#?)KjQ+h=ZNZ}z*=05ewyW=(r5M^~V%#J_fcO^APN7C;vO3jpW{KF+3= z%)e>>It;(ftiR3RiuigvfE)nk#=+j@cr*Bp^q3FHDE7n=XC zUr7I@TFTYdRtX${=6^NlztC-5Ioa~Hk|I26PEM?^ZG*hv1 zF}3`=SAX08<`cEIumu7bSvmhUYW}{0Y{BOOeDhoVesF+YEG+-!1CP9^jXluW8NkK$ zmkS6k;(zG|H}tn^0JH9Uc@1?r`u{nMe=U`?HwBql*;|08oeN;>f-ym!HB=dgo_ivEc)B@H{t>?i~T{|0A}$&hzGzd z@dxn&m?i&%xLE+qQhyLDfLZzvVgoSC{6XvhX4yXo%r5^2f!P)QATYb)9|UGs`h&pi z%Kt$;V0M*12+XJU2Z8z2{~!(kv&J6;X4m|K!0cLo5SUNrKZqBs#rO{b`%L~Iuolz* zpx^CgHv0zz*8=zt2$o~<4+z#{`5(vu)??}EUK_nHZTknZg311|m=#P0 z`UeD8!r>nfOy=|t2#)OhhZ~%sv#qhS=qLPd3ZB&fZNT;2A)k;_TS%FxLJJv&tB8NpJsnuncy?{Z~Xf?0ssO%fToB` z^B`0H5bMBW$VnBH}8SSB5Zh`J+j_J(y zgmz+p=IBpx-p-zfShnx47?&wz`sMAb`7rLqv#c%eoNV8EETZFg5iCx2LAty?yo--9 z?iXF6oB2=>hCM0=>(JMOxtG&^Ahc~e6L=_zn_tmk-uv0)0r4Dz^7OhjV_HJob+Z~t z&|T~u+gvluoH&nLZdf!YG5>iodGXj*_~GHs<#3O6l@KPzFUQL>{CLbH$PdtvxW-=i zD8G1Mf>{b10C^v%oF$H*@IB4mH1aOOba^Ng$&Sh_S{t}3D7E<<&L|E-CJ)TdiYosA zv?0n|G**rCLa~N$E)skTe)B?2KEEL{$%LMhn0~2${*2-Q6nWjEi*`$**oiqCa+|k` zn!xZ=cjD!;p9~-tc-k=)i}w2VA-Ionfh}CE8Pg_1P`4KIjVVsDsm{fZ?`uUQht-!l|(EY`0#}aH?^qemPA0O6?7>D1_ zd!3#nZVB})wkiRE4Gg_To+rsvUD$9R)qP|?#1%5*8pD`2%MUyDmayB!s7CAvR&V(j zQ4}i_40D#E=jo~urf6`Fc_yNJmH7vFY7rQZu+gyrveT=J+L9hiUyAV6wP0A9$aSgs z*$qX!6T<^n`LymI%7gOue4|M<*>C1Mfe!4?Wa@G-yin{XW#+icf=1wTZ zn}GIKyG0}&QbP6{{LrU@Grqlz1S)UX7A?|VITytY({AUYZcGTL-9|I>E4mnOPK9+T z#r3Mb+qo;?P=^xx*S;c_0;5coQ*r~Dg|#f~=2PMPXpVjcN!(*l@j64gICmw73A za<0EGD9R9NfD0!;g5@uW9a!wRV_7HxFl6H#7mvpfob4{MQ5DJMx=5HjA2s$ueF)Q= z!htdKZn5ZLdRxo)#5P_n+>sQX8u1YQ2E$|+?g;hQ!b(&*pX{e}+&9@S1tR38bL~j( zsAl5=Dj9mJ+t8aumydATHEMxzpZD0@cqE22%_5`I31sa<~pP0HNN+_C#<9i^*87t1Z^q};`Fz4M)*WM9fbGDbrCr7w#8 zo)d{OyDaFX|N7geI4#S>fYSB-@>Gl=3nH&v4$<@i;i63$bfg11nIbj%;LJcx6}%OM zpqk5=#fuM(L{Bi2;;i&!TDWEf!Trj4S^);ddN_f=RBM5ib%IJETSxC(oHd9)~eVrJrKr;yj;v)PJ>)w(+ZAj&%w zgBDsXdR^tKbT=e*0B@X7hFFv0UAFB>Y_8QV&E|_P9;)Mp^c>%eRTX=+@P_oQ#n9j7 z;*N=!PAZxtHGRWu_wM;fhxb;EeUGKx30_gMO+JW&OuXjf=ei}y6d){b;e}1bp%|ZM z%*Z$3rsu-jQJ9EtAX^>8KrAF@`Dv(h6=f*-7X`q6AtsdvyUySV79(Bq*PSbhZUTwt zHQgXDN`_Wkyo1Wt#$D@*OW-fgVMyE`q*dlKWg^<8e70@jTfGvDxg9*}8N1C2Lc0j` zPKSqF9bZsrn)*U{Gr#n!zV)^aSG_g3K7y3F2@5$`n>8cw{Qf3ZZP~HmLlpGSDJ`RU zC>`>Q*h6wp&s15#Aia0}FFp^T?|9McFIu)IxR(xjh%2@&CBs0}#}gM5?deY{9r|Wqc!qbrx(tI&#~ju!?N~saVv}X?2S6 z@=qU5+1UJoe(Vh^C!G#4J(nADR}L{TsW1tcNb~X9pne|jd*3${iRSt~g|SB5QZdm- z*Aw@lB&2~6((66juP30sxC9k{`>8BuKv;TSK`O~B zrpX%uao=Uau>=Q&zB0*fI6>-ov zL55*m!}?>oHbEyh7z%v1U)~fxbaxY&I*zf39JR~`={S(1W|w4iI{Qr{DW1>S={GDP z9%QnUbK%k>RYo-g0v(;+Q3%LIX)drmTUg{<4|mL;+9stKC2Z?gc1Z9)DEBgWHXQye zOB-(|RvkiHW&G5nVGXxa{DO12Q^y*3cujY%b>hy=p=+N0E;?1g#KgsG;yDXDip=w8 zXX^kua7>ab)WJ#g+)HGeg`sFBjQK9j1aJ1RzplOQJv%NE;-P0q+&41ZC&%^u=ocd6 z$C$^m*34sx$6L~uVGfVm&)4Og+V^bhBVoowAxFZD(}#Yk-NMB`d&B%1ceb-sTXh;d z^iGSHU*EXKx4>l1d_eXHgpV0wwXd4kWu(hSR!AOoFa|W;m=Ug%Bs4^keyP((sKvaN zvAm|yh&Mj-Q?w5n;ixH`7Jc!Ih_&l7>$(U$8#2Xk-S@Qt6}=@UUbuH?CQ_?Peb#kAt*ABic&N*--o%X8{Ydlq zi~tm4mCj>IfZjw>qYi3Qi81o43~bpWSJS*|^T5Ir4c2J*I(xct*a@0L<7URtCyY=S zo$-0hW1h>7B)TCsRnI>PONFt^UAZY^hJ|$PAj#$e;iCNpZm&`D-f$gqQbFG*B;}sb30z z-kD6l@&+N%Loe1Ts#BoEt{@Vvp&23vRxgg8AK2}DjO+7j9Wz5*VfsxgBuCgD56t&{ZQieMVanp%E=Q1B98(QlF(EIJ#?;c=)S zO%l(+k#tV=MNt!3l*#M(HY~KOnns%~sF#H5#)iO8;XzaE$eByAZX)9>zNtC23+MLo zcev5qkUR(u%aHJR8A;s@-UuC)iG4y*UFgI>T>+D zncg5gm<=D`mclJ3CsSEw=!=?EzuQ5P+LZ}3ffs2tB|2-1K&fxqY!rpbj7n*nv~TdX zD08|)?5;7ogk;MY$`*Ck!Yy9}WYDo4T;~-sp9|ANaW*KphH+8=sOW4KM@Gygt84G- z(epvLo@rD@<=sP+YMc}s4B-QU5cFwQqkZmOzUiA4`A64^PMUyr@@8WS04LWd^sjPp z{wzDG;PD#tow#;J{)nc~f)A@QLN!i53IVynlK8Zs(U0?gLIlq$s%-cH)2lZb9BE`094;Yh@H76 zuJ1B*N{8GZxQZ5o%$qef<{iRsWxuwrSF>HJwE6g(t{E^GBh5=iB06>TnY}G3nc>3sf>F(^Dg@R zHI^n3PnyFg16qBSbI5{|Whi__>iM`gD*Q!PIxL-@$0$zyg&qW(+^4rGn<$ZDhg>TL zy(A;^C>>P4NMlb+ATwN3QJMavxCL1!OQVfcJaf=n!4~tTQ65Jq{Hnp52n3!X)GX_G zBkYnc+3S>T-^3;I;>6!V=#1PbU%~)skr8Fv$L4yKVxUbmqaPxVZpcQkM-gSi8K zhOW{6jBQqX?}8N25iJ17`B_p_FUIWp4%sTd+0Pno>UF=s;Jeq*Y55)p5O2vHZ%K1DYoUj zT)RMVi=#zzw;FWAgCFNq*cY?fl0}YI8!d9#BaBo|^g=htZ=K%1>uNMecDqyjEd+MV2TtJ2B zOjWFyH^>obIZAxdk%7ye+HGAj($Ut$@grv?&V{cHvmR$`^fJ;(79GCl!-@1rWO%%o=eIl(SO~FzRQy31f633#HtDUWG`*;`kfuNse z+|gc|fhKN4X85X;#m&INwZn2K6?(GWz;3V85S@dvp>6D&3Xbs`079aTk>=M?8qK*$ z1&gGZ1WHn^Gzm!hil(Xuo`hd`xGBZ22LRAS^=(WZ!ErGVrv`ESISa|@7g`t(g{M(s z)VV@1N9x^RU3223?E8k`Zv;0AZGh7VMH*4I%zoG6QzmK!y15CcEYt^1Xhs&y(eJet3#NoNwP4lDC-fp~kHveA7B z{RZo=LUsv@3<3xEi>8EPpst&tLytWdn6IEUTlOS;@wSZ#d5=*J%QK$ag;rZQu(do1 z1xX>^P0p`H*6<8wN2m27NpJ~JuiIUhkK$(iN=JDk7mnB75pmq9aX}RJ4}A8%xNVm(ViiRstZ4d0@d!+`8m{ZUZE0dWjwqalp%vsZrDO$EoPqT0 zXc7pF#IP3#1MZ()(R9$v6|XWpLFk-8fSm05_qCST_Il$3La)!fv=qC3qwguBXwh}` z(0Jz8EXSS<^zc8*R$dNhg_wVZLJXm=!IesupsQMGT(2<}o&7NNqNrElw${lIUOq}s ztn{!|dQdw@3iDVO88Iy=_q1(%KdY9Vboni|^F~8G|54G65W+;>ZopoCxo{ zo5OF5XZ2GK*;)|~Ke{?!^cFlE?IP%B0iJNl{D1`2Tey8(^^7R4;K*GQ$3rXl{Pxyk zN!<2|`hGJzVM>U1*{(_*D$6O1C|X{Lg*;eo zneP<~Jhm9Qj?olz1W&N4B4-oHCVX~(iTr#j#eMWIotgpU8QpVK1Y(-WR&3O9+ur9{-$ z(~mf@w>0!EUB5IN)fjl?`7}gzqmFKeP;io@SIREUyy;~IC0{PZnb9efR(z?JV)(Xw zNC{(8IdvF)}UUpc8ydWbC zTK5nfaG<%(L4NG*f}XvNjNU_k+o3+q``-3W*_&dG*K$-V-Ro`t^5_IDW;KrDPdTWq zs3QmdVJ_?LRa{C}lpZ)&AsXbI>@e<+fmZwuhcUR2B~3##8V%EKTe~y_Dq-0yHByu#++kn8(Kb7z+NV}+Y2gX$ z>*ZC(*CNgj{X!Vv(1W|Rq8f-(1%P-L{7JG7E}mzBM)rR_2jp!b42#RQz7-$J!)tvv z+eO;Y4Kxx>Y}yKdgI{vR8nwN6+h3Z^C=qD?(FHqF3AJFeKrhQjSzpx3?`mvUG?itC zhB2<}dAU#c=ZzE2F*))#7Lv$(NZXlc()GY`8?;*-Tg**$d2ao6fs!>xDSw%J?}UA7 zURT(xkB;dx#=wH0;h{r>Ius(qx^5~lvQ*sI7A+gGqS{fj+E(qUV>v+x&h29FqgCGh zip(fm&lgh4syG;cQzQE>G|?4<)#mKEiaDApP?|b01`*FIlq+JVoYiCxGca*0MXm6x zLZ#QEwUJ8pEpA5o>rqj>l^_k;_y?ox^7Q;9I$3NIbQ(CN6`T-;PwjAO+$4nV1N(G( z{vYYv<-RZwz3<|Ruam}QSHYS92D-AHIxk>ipI4gtht8CftEPTaidP?H@5yKwzw98z z>Fik%jzt?zk1=B8h)B0~Rc_EC7qN$G3u-~Z{(1#`#Z}zi3U}5?K$?uJ>d5JqCvJBL z_%5iThP_F(o=5MCB~KHS$6DY#Ttq{5)DT$F@%|SP^qvA2-!Ldl)&_Ylui%QoK&{Rw zg|s~fJ3>nMr}!O>xcPL2)zyV0sXM{ajoBh}U1JK*xM9n*Zx9DW*e|Zf!q&$P{vto~ zoz^4@lMz%2PHkAM`yji;2XkA+1g&xpN*6;bfe(yfRLKstv6068)I);xHRqY4R}OHp zUd0x+@IkRYH%Z?omQ;J}rV07bE{DI`Af{y5kLuiym4#AN%Y7J}#C2$T#<0zcYs3`gcZ}kFy?f7ByiSF&Uhht0cB*qug?9s9G)PGB@!kov| zR!w(b)9YgO=6EwjI2+iC-i3cc^~R{B!9`RaVN_tot7-(&)W`GW^}Yyq8YOAAixRRB z(YUA#_Jum}JkhgVI}b}#O889Y4U9>#KdQ1pJxgfyBQ$_ zpr4d*!RqcxjOKF{hr2wb2fWOvCscErRl=dm&+OQFd?3AQe)@Zt+mw8Ko;_e;o* zok{CZ=M$vPThZszh$Dg&joxuoNX^O=I=q2!3pzz~VuB~QiH93^9eCeW!GsGKYtdS` z8h8w@IRqIklAHYjc9gO&ZFCqX1DunddzC|(^YZ781$$0<8m0UEs}Q9hdm)z(vHm z;TeL|I&UwxAv3oX^N>40w8NRM*OrIGJG`UThqwVfMtwJViT&p~mFe+#V9bJVS~z~! zwp_(s58TL?^mEmFT#|z2xF&c`UDMHlk5-O54Y44Td1wnwjDpK8bsxL@O}ovpnOtRC zUIE_HBRX%|N*7qVPu5*(O}cvQe6Sutv~5$Yz^h4 zxQSIFZi_qmNw%uG!!L<y6&>=n%dn-IuWPEXh=)aH=dB%5<(C1SO?KwbO@&kGx8K;}Mjt?1|xS|W%E_lzqd>#hOzS6YS43a})5*3GAImVd;zEH@1T96<60z#~h>yP6SjyI4e=K6TvR>dvCX z>#BW|A*pCJzg#}CwhY)^NI*OcrB7#Kss0tsz!s?`<4XgIN6_Y5{I@aATog}~xM%_A zk!|Y9!AZTHqv0etSC*vb@hwF=P=W0;ID< zJl`kK4rGnQq@ngsz2cOd@RL*de3i)wo1)y2l4*dCuW9xT+Nlf8MKv5>ze&pwoXTm@ z)qIDtF|Z}D>i@oS@X2mw+J+c{<*t-)O~`qoLHmucSLR-reJjet^H+Xz4Ks0xR3Vegw#)Jo*Z zCI7jdi?S3GLmoh6zc-CQRQv2CJi^-&Qpw4l2;iA=zMO^3g~cKSV2N0zvl>P8Tc750 zdz^(ki6J+|k?bU*RoISDv_xiFyw^vhq-|4Wyvn=H61^Cc;iz1frtYtq22^OkF5?Ue z8DZv@6U*ZxLCd>WX$}nUB6JRZve{|nM2(Nj8py=#427(o4brK3S!KM(3r@ZYnxwn$ z4e&UI*i#5GA;l4SkFm5JWXS5VU|)y07IAaNr5<}+Y~OvB4(@%fKxRM~4=tNrAcpFU zj*K9hL)a=I<+kRA5%SAjEM{1y2xb2`Ya5tiHG>V2;~|l%xQ94~{9y3%b-cqo4Z$t}s*mfuvT3k>Qp) zY^`iG%S*S25!(=gpBg>xHHu&63_V7w#r_Bq}v z(|k=bF0#m4(fTO`jTOh6Ta-XLJR^sL)>)USK>M9AGn-W39e0?m=B8P1)y_vS`6VMV z+^K`b5U+~JP~S+}{k_FdMu4dOdN`GZa0+)>POr`A{a&ad9iF#;Ju`QE#gupe-iIRi zz3ersP#}-4tLH!t>9V|d~Jo;-2II_M3$j53V zHy0~XG)2TY3^7^X3FK?|`M1&!Hi|w6OJQ`WmZ=YPu`WH-`yoGctB?!V$Gl7FKCDn? zf)rBO?Y%9?Y;ZNy^M+Z^$g;0i-HXCiwB91sC&;E-qH8y<*gIV5aYvPYl&P=Br{{K@ zRK!9gR!K*JVy$2ADI`!q7dB<1MO9IOiYS{g9WDBJsduL32Lj8ZrPZ&#Lc!{Wj&`Y~`mkNL zHy9bNhk!8&*&PvyYb$ii_xQf3QziaxgRwi_Fw$u+G5isi8y+M_kuEWQTu(+<<~Fmr zbQ?S_T$_g5Pv0UT9?ZOkVC->vQWZ8MKS-l#Ezi< zgUG4Mzs0KYT1@*oR*e4M(%WUZ?|Wn$w)o_EqVl{wvc7Ry#@x&iQ82r1BYX^<{UcqU zgVRsjT(uuG*dy<+6i7)8UDf20ZXmP7;0@1YxM?p^F6JQ51)E_SibY zWyle-WyJP(@4{u(`zi2p_mPa*P$h97gl;|cFmi?h_~-Z{f);6Mahyz(2v^B8-9Q4s zns3RI2MYcJInF;ffApDF*;&#c{^YqAfi=?_bQmBrahXSUE`9k>--Q!i#K1&Eu}(@F zVG1$C14!m%f$wSjwj$W3zdfv2n`?_Z8C)3Iqt(^Ce&!=tG-XL7DT?$&mZPWcTViy6 z477OQn%(kYrs-E)1;9BxW)%@!oU01}`cvD-6(dNmw?XVUVcp2 z)SV%t!`w5dIeD`o=_Yky=jXz=@Ji$9_%H^do$l|$Bc;TegZ<^RN0e4_;$#auAF~Z-+sq&6yL{%MEWDGHZ={oX@95mHH;)FG+ z#W~V3osERfBJG%VyHo~fbXFCjFyM)qM-_qetcl7nnzub}Rm~UyHr=_{V_u%4yF-fY zdSSQc)*g3RoxlE90hRxf*Lbh!1G%%;Yt#~Y6^_ZLWfjVL8I{QoCQbD#{SiZJTTi4? z$4!hyf)&v@i!N5qyx?EX`#)OKHBY>^$m&;-OBWzPS6!LOYEHepWwg+%lv z!)Pxv5v0%tEkd6N${l;0v!@}a?l<%7SysQo1^%G>?8Ik(RmT-T8n@FcM#~@dc6gft zUg_(D!h0FJFR`n+75dJ)(OA!O$TZ|LQ^-c|qpOCI3nb>IMx{EiA&ZiDh_ZRfM_o*h zee?g{2o&cl%x)L03_n-YxIAg=$qru3aiALzh)Ok&fS zet1f>nzkKKFwna3w(oG5-Ub2jz=6hkhkJ`jZ^ZQ+HMbB{U45dE^l@j6iA zlUz?^f?&>`C!@Go3fvoJ1DMZNE0qCpi~ie@D}_iTCl}jiHrp-}w^O?+U#&)jOxH6e zuBuwt6F(k7ls6tyud@z|YDb8AiovOgFVgq*jLLSmTys4rMZbw@xBo8uk=5VTBGUkp zZl+-sg+~S0sOv8;DCL!`w)AOnP4DU8rrN3A$rH-P=_|zT>Q=9ExniUspQN1>rhd(N z5d6KTc1ga`J_VoMhab*?tU^c^u{u66NKtPPzvs8kyl0lZM4mqWx{bqdY_Fqyq#e{! z1HEr-+0pmCuB@Ms>e;VM?&dr59LN`?CTQ_t!C%-QNcrNR?z0Dp-_vx1~>RzSsRgS)fetbtl9(_fXAz zhE>vQ@EiGf?;Jv*%8zlat9X_%in3$8Foe5OpLKg7k7Ih9COWtZ`blmnm>ZGWNGBFl zb%lDYBC{k`z`M%Ni{09pOJ_$cf>)%P?qcxlp$Xh?SUa&SYjfPcj>Y}>{^r-kO!Au* zCU>^|7ub=Mi^T}!{)G3a+tj`JJe;j97IAhHjWR64O zg83Or$B4G%z^RR3@193*1+l(VT^h=fd1qzAW4(fi0*8w9{oU?IbK*$I)Fvw% zQV@l{JyiwNiv+HfT8eQd@0!ny9k&{`Pnddqc*R2wNiV{QA z9@zy0RH>U@r-^Mz;a>J-UuFc&hdhh3G~{A~LuH7y`H)00XLPdd+$oQ{A9Uob3~D z2(TVkO?ZF3o$0D^bS%;{<5(g%ci3W(l7a7y5=S!Qx1X{5mX|5|^4x}sK2oi>p{Qp8 zh-A1LaRAXv`fc+x=w0x9$jlw}ffLM#HoTC28i`qVUKKS;QuTFrMxCx)k-vBx9h3Z+ zKbH5TC!9%S;`CBhPFEU*^wX$&b(0lX#I6L@AG6IaH?yc?baq!RsKfw2zETqGYN{d- zSVh)1XN}@YoDAKbdB8?-0adykv@hOTs3Ba!!qT1YZ{Jkg-Fods;#T{x0F^F6QAjG| z?hHDbQTd^83WNROpjv{5yI_~v9%~0bYse{|R_VwT*}oF_t;|3n{|X>B)B=SN~JgslpWgDoNQUS3R?yo?M$R$Ncb zh)UJ7n~hk%k+rvjF3Yv=^`s65BRg!Je>d=$jGqZ!47s>6ZwZz3y{rfGJH@3NY>dZ^ z(ZRTj%Jc)cCJF6Xgn`+E(wxdl-94Vse7${!(;fN|nGEOe-g*cF27AJbAHJDN>@Eqv zk}e=M^9T5TttK38RygY_J-k^phA~joy6FQ3;`fg&d5({DsPHsDXh6C>Fo>vzhw~ld z-4jOym{g*CMSf5(w}^~gaMzi>$R4J#Sr3tlti+<;1O$k>I{Lkz-x|0W{APu>Uqv2g z%%+oV4lRMsW?h)M9eZ{O=_As5Y)2(#HY}Qugn<5-5x~UEGa#4^~9D<+Myl`evx zVs;tr=gwAKC5Wc*y6A$R>i*Roey}%lwhzhgdz(V|;EZYJA{x2d*E(hl;^1B}d5l+M za#ZnrH%$Aj%!*mQH=b_wHWW`J=8K}R>^3#8ooxiWGWbB=luwC0Xo@7LcQp>#>C!gX z&|aZjjZ~f}#16v{5be{GuR_7_=K?i>aPWj4Xk`xK1ro^kCjAR%g~b|x%@{$19Z9aU z3C!V)^swFVB)b@e{YtHt^9#?r$VJ(61z5`dH7-e&!W-W83Izd~vEBvbP0dxCo&fwN zBX28?{f^?We4s2Z^IT8H#caKsmHm4%&)~1^WLL)>osg-#W_^!iD0F!&nM*t7s7d{1 zH9pIuWZ_J7t*Ry(I89gK%c)LnvDTQMh>)x2vPe`!lC;hgF_Q)z{gL+%>+lHQi=#|S z*RYKfgBmtde!x5xZLN3Ct6_6FtC(X%-W>%5Rpd90T2+`P5bK#W@9{~V2|{g$#W3yN z{~GQ30va(jduJ-G#f9d)=U{Qc`OTnkrk{JlPGw3}YMa%pkL%jM;YpkAk9b&Xfd zp5=7`2bq@?_3w*p7$o?yh2@wS@T~Sl9GrjzQl*aHLjyEzv5T_gl_FG^*jZm$AP+ne zg1v+2dlL#g-`=8ZG9lcaEV$6iQeS29aFxj|<`Swt%|%{KOs3Y~>z?4@;%nl)EzM?g z&c2xG@mbiwJ$lf8@F)k!4{g-?Vny03yjv_oWYx&Gnf;dhVqTqfah`F10Y|GDd;P79IzFyIzzI$U6i7ieeT%dCmzp91;RHoqdRmNQfDNeox>VIN_+YH2T+ED^?o;qz4)m*-qpVwZPeKRv_e zT1URi?5&8Hg($rEj#)_jR*Yu4+q$WWte3mtC!+=Lru2#c7k?pZ1OBZe3wFpD|8f^`8~$auK5$#(tddL$U>D2 z&TA9N^|?yRiAJ9!?3^xR{nALS>j#e2i)l78t5Ef!~7YYy9K*hGUlNQ>`i&f2c3hbhcH z;wxBqv%*TO0hL(7;zX_!!oy^jq_Z* zGs0woJbP)YO5&|iRtfIkSnk3{uk3DWbty#Or70wt;dfFQ(Xv3|MY`> z^VHC4S#`2fML*Y33$9RIE8J^? zrih@`U;OWiH-u2lbDCL&m$DX{{qhD8@6Kv;pkH}(60_>}>iLP5T}tuVyoAY5o`Oaq zA=jc_?`{}}@XT^+_=jiC!+Z&1J=)6Fvp*-bmcy>Sp)F|eSA*=t=8yO$&qGUU0iz*6 zP@h65;2iKN`$E@2pz@_){Y&ZR_ihOn+IYfzbGfRg7@YhP?r&;hDv+f)_kp_0p9gNv z`B&qPdtXo5{BgT7rKC7LS*^(JkNpI^roIg;UR!pH5q@F)`J-W+!uhM`6d^_jB$rJ} z_rjJ+ZAD+Q_Lwd52d+9bdvAI1#Yws!;;nAtB~t8T<~?ZT)SZ+&6=J4`iRbr{xIi{kGXUbXwl_QE%6*$wryc9yu02IRE2t$>&DtsJL#Q$ zWeQx@jA`eIrW^>Jh;f7?J#$u413B^acxw+4bBkx-e~9Q)*VBxJ5xLX&eyb?cd0n&w zIWne=i=K7Q5{9F7duIJPKwg${*@cPP^?lQz_YO^Xlv)~QY#A@KmgRRl2|T%q`h*5? zBb#_)5*_~1UhemVG0&1N?1r{#YsMXq*y>r91~(Z~71};8jn6$9se#JppqigIsoM=| zn1aUu&W6eXM9CfRD$k7o3XG)atmpjcU&xs-N~t`SVTXDx2~tpj>LiKSc_L)b^QO-W z!nmXpg2h#IN2>(Ikn1yTY~VKWEh`_VTT7-^ z$TL1#vLmN;>wX=&2Utv{3w2G{zCX*!|IEq6oKM-^z#*Z~R-CQHL%cmU)l%ZwWBM?N zmD#5D^@fgKHl$UELowr8r=+7mD0VMl=H??cZZpm?%7^c;k~MbPA47BBTSOCWp4sWJ zRwi~h2JZ%O&3gX(zZ@ib=E$S+AREmSqV!{V&*__!pYK|3p-ap~3eIDl{0pjob<2$~ z)|}qkH#=2sFSbm{R@Fbpu`)VlsrW7voR6nP8&l2<#&QY|MY%(Y14Vpg`Z!T_j!XLp z+WS%pSjjthlW-fSOS$f2Ddt~za$-}`>Q%MY?s4oAvu+a^^BqKZmwy>$Q|c6YRr2i; zp3Q!v5}sIU#FxKVz&MlVa9-dK{fQBU&b4++psMc|yR_oSQX+Pk0DP|$8jo5mHSn3d z@RjfwIL%Y(@U1IOmMGp4*@%@2`Tc_N-iE*<$zdfe=PGD+8byGa!)ckT{RchFlPl}+ zu}d{ICY5Clgx`%sKbzvToX;Rlr1~OCElE@l=KjM5WwwgxFfp~e6o5uIMCX;rTFR0! z0KeKTbN@PXUd<*Gml633+^*eaIFDT&u`dlm1hUq*Y4gBD4<&fP*I?bxSZMujq4D~sHdk!j6_*)1q|n%` zg!g9u{JL&kmr1U4I)$sNjK^&E8MCrl#*g`(q#$pqR7(~wWpmCWUD{>4OtH8TpAG>n z=9h)k2DV&f}7@pKS2kFxO!@+5qP7gZ7HVH{KZ(-wd&P5jLfF0>4h zNj21*M)ht8|}Y)y_!=D#gX1fO#05~ z8!HsLUz?=LNFIXPBc#bJ&1vGmTd4^?AN0^?kY7di5cIg4h0J>b42Y-O z*yQt6K&sSR$ei`x)RBP1>nm@biU?V!e0&*6Sf^>Yh+H{Q#O zWLLUbz=>$3KkC@_{8edcmRF#C+()*i6XMI+AT8f;Dr0w*VIP;9@__bcTLYK6di5Dy zIRTRHik}v0=_z&5$s(IQel|*-7f~WHJ8T6#9cnex9g)Wr#uds?QNVcmBjvkNy_T1g ztWA5x2w^j4frvPcCNvzTPbr}byCNIrO!2YOJ_M%=c?D>-ex{%IGPWy>ouTPvh^8?Y zX7Bu(mUi4b`b^4QsOOjF1h2g@(KRiDyV3h`Mc&Z1Y`lJf#>_oc;~m*pDz}5`&__aB z7j7@T4Dv{>e)oCW?u%`~w_^1i$pg|>Dc_G+Rn)_timqxI`_!2G>N>o1&kZVf(SCaR zQu?1UyZT@7egVsPno|+WEaOkC3CW(cbZ%N%0#f}5LNA=5)ku6J_E6;s-bkf+9|8gT0rOBG_wNwV2Yv@0H>O4V;q2<1kUUD1QY!1Bhr z3HSdAP#mx0(Y`sIvyaa4EKZn*QmSlqlL}LCE@G2>7=wyK3}Bfo4P3%Su- z$56&}6;2#*Z1^SHcTW8}(?!sszq zi~9}?^lAp`X@y0@c3?g^l;1rFr7#PwWOS#M8j;w(Y%skcCC0x%Uu2uL@w;K_?(`cdhcc*n;chtENmEnRf z<@AfAkHZZR%*q7Tp zec9Ei)rc@6r}SCRNA~ut_kk>kY?Jeu*{`s0!tKbK4fU{D-)fJenq}e~EZR&d+5GPL z8b(%G$EIDBPDYrg4J25;3Bg*Glqt%=)=G0Wqm3jZ%ghv;w<2xevM#xd596!uHOEA;N>jUh9!-7IMVW62ChiYJ}?x<($ zZB3|@NfO!qRAfgwZGn1s&{Bs8Tu zICV@QL9J+nSTtfZz^&$34A&4bT#T74Sz)u0-Jd+jwvE;EL%~cudZb)u1DSnxSYQ)a zphK^&8ZiLYcyF|o z*<=}i+-sOLB(%B0(k{Ypn+GNZ=A z?q%~qC?(-qw&TZE0MagO4DGOVoVJKFx2@WSqYzGmu6+{zlM29o^sh&1oU&8vXz*@B zQRcN(p!`X4h-d2`jYDblk8(gG@F}NgNKik(IsUkH+?ufotlEr>LUZ6GQ>ftf}HTM4j}eT~T}^NK%u81Nx<{5-hZ-4@a8oGO)}Hp%HhK z`wj5fVrkl0lhlFX$9G26=hKas>#gwzZS7?e}2>*J*gUA*%7^ zBCr!hCqikL(&Qzp^`K)yhLb6m9kO*mByyX(C?v;uhEy}yMeLUhcM;vo}2sRB=`!a*AXITo~>OWiVLY~OinknfBaiubI{0|hbZBi&6Q_pA`=%h?xz}TcR ze7{aY(3EUz+E>d34U?dXyss^dziS5heNdq<%^Fe`kmVP(Q%TN!&(_bCVkX z+kPqg4!=WmF`b=FYqtU-K{i(rJI$9-TmUUGMxO`z{bk@+RowJ5v~m2fR0jo8b3WgdR+*k2PT{RdcHu4+E)#*R2X@!Uwgi=Y~931KPC zng9Jf*oPQg;vj3cJ%^o;4k0F(y%6876Q6GmXY|Px>Fl-g>Vo|T9`*g*qu}u@RV`oq zRM-7@$*r0`B<)rELD)|PW4$(gK-|^EOOiBUc9;#EHpR4)dQ}91kHoh_y^v`a5@Peb zac~@ygg^w#8+LWlig{-xgEijzEqECV<9la4Jsyl%y`#li$A-I9QNPC9AOMEc?MmWd zVm7F+p*XDJR@7_AvZiKQq_Vdl&)7t0tCx>S>!i4eV3y< zF9$*vEYsLgk7$H$K2wIF*HCDfZ2}Y&yrI3eM1nBHVH-1ceJKN&uzCrpO}gd^|AAwS zB`*ws>%b5%AsW7X)cH=#`gM)rYWypiAUIfd&T=t^hV7n2e~uVgr!OVk?m?4f2@P1gP74X0r6}dQWG1Io z-IHY@kiOHKRM=)R2zRGv{s0Y%GluIPCZyol5k$ai%vjeq_g#9aEd1Y4wRDP(T;Ta? z8D`QKfb`LiM>(LqzYa`C4Mw2Ke=%!O?L(cRsiHu+m`Y`+Z8w z+hP5^f0ORUtIgDiOQ>Vyi+?>gKZC2nJkE|y)OKI_1j5%Tj=+ZlF`kH~wO(Hmhx_CK zZpzKwI$ILVImVGSHVH>ls$b(W_F2%;o=Lw~bEMOk5L>j7tV!UC+1~y5K~y&2!Vwl99+vv^1rT{}k}hfW>Vv<7G$E9H-3X>f*);^}27Mt`KQj_b zW4Hq^d5*J|jJX6Rk_*n86m*Vfc=*+N17)WbT9sp?vjCqr=vLw5n%!!*OH0kFctX|; zw4!QoWI*SiLop6ZoG#wAxDICMSLx`i94*z?k|;@K@DEwPU@Nq2{aON5uIt^|?{9lY z7cF~Iu$U+XLrJM=rdH?l=WTX0tCtpfa)Ar_*XNO|UTOMIS!)nXSOn+&`?b)b4J4#0 zT|#hvLGY&KZ8XqPeI&%lv*# z@fPAv3oJdX^1Dq>5yk#OL*O#YCO5gwsmvM@ zuGSQ?%?XuM9`S|wto5L_2?KscO1J|Sq)S~{Y;V)f)NQ$-JO$c`U@)47{|#8?)ET1~ z>)vr2H!0k=r2|Mk3s&h>PCtEQfMelm-9Oz_FGVL82KnuN8Car(NL9^%or?`w=FBC0 zwPG1F+*v91Bg`Ri)3H&MJi!^+dkxTq9uV0@6s=dx#!8x-F{2mA13U7dr20$wr`3RB z)5Me<2;&j;D;4eQqh(I4J$`D-yPf*FIdh8fEMr7RSbUqCR^c&u0mrM4h(PNc-~G7( z`LV>`$Z3Bn`!L{L398nd9XObL3<)T->&*{5yA`ei1z$u@GRO-Z&3E_CFvDS^YM+N(PCBw~5oM=Zb*J}1*v>kr`zKgbi=cIM?wj;OAx z7ndi~GNyi4y%EQ~0bz3;tt4)Jg-=mE%%wg#)%aV7Jw&uwvWLnv=Dz;pi5MI{ri9f{@FpKL6dORQWhO7ha?GF=_lo!I4Ji()* z6)9ic<;ynm zolzD_75MGLqqLOsfSbY&1LWE_+JCFi3tPQoFb~vBH6;Tn)w-hiA! zS#%E>8Iro+U-ME<%c)`YaWsT2OVT3gq&&MAKksTllEVjPVbH%-LGHfvR{xuZduf#7 zy-qK%a{x`ig;KJMvv!}wqiDxoIZ=Omb8%qqZlmVt`!SHW;lE5P)7*-Oc1R@Y&mn(% zn;2I+Y`v9=fcg|7ADYMo(l+0UYJng@IYs>v0|L(c0+9guJH-fLGszaYb_9`FK#u#o zRr(trKRyPkU!1Z}(ktqio(>5ar0O;L#xSV~1atl}9pru@pE$`v30OItvr#wpf?Y5R z2-I0thYGe@m(p(U^pE%09Y)~*4)V0}i6lV}1jw4LespwS`P=fkc2aRDo0DqH3*uM@ zJPQzoTB6c)1#-%?*1(b|AZ97DCt-Rkrj0`n9*^eq4;}%|`(P`gh|)o?t(zgZr&fKT z7~4*3gWkQ0B~BQ{;p$io($tu_nq4xhmMTGBN73fGZpP33W+9Rg4ZU$}DT9+kM~$%0)F{(R#G(4LB>R zEqu(SxzQ}x`#$Vklp9+l6IL=l3Bn;)E-qFveWfkzsSqa*ZHruD@(&^9nZ|Yj2!ZuUk#wG z1u}UtZ7gD=_PB&hvEpy?40Qm10Pi3LWcyTt=LvkmXEW};31%^Fe>+7Z_msPYls4Oa8_L8K$4I7q9axeQ{=*ZLNrY~ z{%n};Ac1g0PWQ0-(_zGwkRXQ2HD@#M21#diRQu=b?(|AD^*~I2d7r{7*cp2f;jpUK zb~5X;Y`G-O$jk$ z4!yp~ zQheA6g83toxgty>C~tHz4Ee!bu{}e4DI>^c&I7$F{6YRc^B>T-AFiiaU029J=lKmV zi|ocTq11bSM}3X>6uc_9?S+j)@p)VIVeNW5rsKH0dSG~WdT6I;^~LI{@Hg{ZFC{gx zw_7a+uhdxZ+&@M<6QvxVKIW;feAM$m31M6UTm5}T^wW1vkT)52#rol5U1EoxOIm*r zH;SEKp=i9mEKex(p8_{y5SqGU!JpwK1H)qsnumJfYr_pzpt1_hGlafERrSINzH{I|P& zMP&O_{A}wvGEGIzBQ%UJR?(&#oq|}@oCAzuhBuh4v&3)}yTcK9IgCy6rjelUav*$W z(6*BPdlZEI&pZJTc`W52M6@j)U|Z9=TTqrTBYNIwHp2egzmVtBNI3)oP=}e9ep< zZeyNsBP<-~>u_nw=6;syf?m6+F2*4XPZYhCf|7mtlqVY>IlC!WUk!4RYV@;!4#xEz zD9?nQ2T~p54}hl6`>YJ1;s2GKfeku2gp5k;^aWMPp4L8asXaD~31zhzf5P&N#P8^+ zkxo3Ch(4}+Gtt5>s#T)x6FTo-!Ca(e@0&ZiAjc||Qh?#~-~hP9(4S73LZExIcQ9Kz zs!+|SN@kqkt3*0aN04f4_at8go}U(I76YFmRUw! zGqt`?e3#{J{rM?nL(^7gv*bEk#-U*nDr*So`|2VT3)7f)frVgdk&JY&7U78Xn@W3s zmFR$FeZOAx6%6KRKxEo|)x*WrvAV0H2Z<;BWRaJN=RqCR((dko$2(3cuEx(ODM?Vt z{%ku}D0c1XTE1FVeoSNDUAc|by6V()TP$(-24<8sZvm07t?Z7N*Ny>x>%u(Nbt&j1 zXuf-JPRJ6fC`&QSp_9z-yCPCPPCClc#(G#om^_UkWiFC7zJd-$kb>AmfdUDhg4zsq zH5nn>c^V7!ut?|2p&%EDeymVTJmKLoMLZ4hP}-f{2J|xS=4fEHva8>Rl#-ihz|A$= zYO;ch%--hmb%W7r9p_I2-5Q=UM7w$(Y6)z6hTQ}|gkuQCRWn3g+if5Nfty0kp6#Ie zQe?y<{UL|f9pD;4(4J}B9vB1;PAO0uDWL>9h>nTIfGUHNkrYfWeI&q0o9J0mro-9f zQlu7!nnZ*0pP}|e?-KI6e3m8ju$oiFbZ%8I6vJ|?)P?7w-ZcT>okM_9;(K-QR}^j+ zMB|J|>y5g5A@}Rk9CMBNk~RE_Zsy}-w(vW^q<(9`Bj~+bA_5Q(7Vn^6IjYKbC1r4x zAH>dUd8AdBk~&3>QH}8f^J=z^)wz2bQ!n?Cnaq*J0d&ZQFKcj6Kge zwRWwl^;hkE#@(oTFUCdhy}ecA>8;h=@Oq$8cunO@LBt=JK4`|-p#32;Za~LM>cw~} z{iPm24a-F($ViMpwH}eQy#RT9^2zxHmSM;A%kPOD4wnq<_Xo4;N(d4!T3qFw7}R<* z5gh@B-uy0jn*>LTA4_8wl8#Xqo|&L6vH$D%wVImrV6QOuV&RO;E7dccx!2=nHNA`U z*psO?H?>4z;6{##i9Bx|IN^_&I@ga@p(3j{5Vrh_qlm~<0o{$Es8QnaR<*Ti0v)0K zHbfZQ{kLwW19H8LU+{dLGRR+IQ`6Hk8h7tGH6Uqi_Py(tmC6$oRe3f=UP%F32)M`gPi| zl-ErcDCDF}kjRNwZW}LQCOa{tnt!M!Q@I+sJO{>J9H^0uTFd=1m+I8l2xLn)!Zsqu zpyHC1+>s`yuM^%v;3ydb4KiMt&C|~#`0fJM#B6|w(Ky?v=6>4yW4VKp#xzpLw=SS+ zi9O>0sOwq{)fyqM+bLAp!n;Lus&ch{AR_)=Mg*^l=z9a`Nj?^`ck?c)Mxmd}u2_z4 zr;x-9szvKS@pw_}E{o|i(weZMRG+v|5;;_{Wsm}IAXoancjyh)X2w&pFD+l8ClQp^?m3TMcX~d7vm{6vh;1vs!`&Tny3od>NfCe+CP+NqM88iqv>e$Gr z-?BO;p{~}h$A+L5k9hbCp*=s3;Xd`nCy^Lt4=x8R5;);9e>+zS{dFF65t9?e_*JzQ zO$h`qac>d%JJu9mBA1ZN&FRfw9fr3|F|^HnBZ-!yg%lfxDx;S2qbbqr(>#DM@thVg zCo7yv`@wBN;=+Ip^a_u`S^J{p7_-rtbN6t(a3Cs79jf3BI|&+M#z!A)TQaD=VT`eu zu6XF&6661dSbrj%Fp{F`wWp{Wr8MCm(UE)B%wZQ@w=U-^zYHOi**36Wl;)r9K9v<( zpmhJG+rEb+yg*17s?dwDH%G-hL2J1vi8^CC*e`h189_D=T!9qP&?VV`qx2jU*;OkZ zE)`l4G8F~xUT3>{D=xB`?g{wZ^ECG32s!`jkPNzFTc3@^Oa-M$?!nRe zkMzqu=U+}4kqguC-CpugbK`PhVV3CgOr6nNLtz?a$>kC)oT94Q);@~!aut47UWc^I zTXvhLJW_SziQvTrM-YIi=f{xoe4otVK17P)eNJN;?Q%c#Z;(2}=|MYxrD1)0ZAY~y z9=AyB0J!PUEv%%O&O>ez%y!43UgTK-gFlH8vWk<&Y(X*A#sd$S) zJyb$WupE55mkuW^(j7!0QwF~T{h3nKwW6G$)g8;LBb04&hUD*L!yV51QmM*VFN)ahPgaffXL-?G^#poO=U9${Vm)N$rDOf zj!nZjpRq;uIUUDdKIrc`Rxzc2)$i`+o@OW!0oI|I%T`cqVIuy66+JVV|9boHM)Ztq?2Lr}@AH2)qW4kq;Zb?RPn`v@QvWL|YW|d{t8`}O5r%ek z3AK7zF+FrIJf~O(%k04^tk62`sN=|FCL}2rZ6#E%>JB}_qQ4u@KLjvoCHvvoCMoQ`2BVq0Bl`-klx5J{(stZ_a_nmNZtSzo13NRo+2`Ms$ zE@nK!@!T3$Yjlj+V@9rPCHYcgPhC1hzV{{A zDe(7B0nmv30tMScFXybbUSE|c4QcTZ@DhUX*xhcbdp`hG8BB-`aj4M!LYoi#hYXGU`^L<3954%VCy=PeWxP#Mg@%Z zh~Q%K?F_bje}(0YX@=4=Bf}c82nT6E!aJ-~21ke6)w*^(GhRR|U$jMkHOp9!#H{V= z6sFOoVP76MH|UrBeM+uoEMvyLj>d})GjE^uB+xoGA|S1t9*&3X<$lf0OpQ6B)njGw z&(ly&J}S4bmAxZee_KYIfo`7I{%K-ww9HI1EK4?I%zI~ZNp8(!JJzEWqVM$>ByqWG znDqDSI;Gp}ww(HH$d+M=IybpWigk54FmkII&fkgdn9)QPT@W&ck`%c32^HROux`b!&T0RTssV3R;rQM913ZiXF9vsJAPBr%n1FJ#1P> zu7p;vkRSWMHN4sRhnoYQ6utEIAIoIr9^z<+i{nF_n`yd9^-iJOlj;9n6x97SF~d-oKfMdaiIFNwE0Qo*CDn0rsTr@Ypa+K+lB z!Y;FatDMxr7E2<1(;0vJ%6(3*NVRASbHLPGDkYwdxrU%yWRcc@3nN1F}Bd(wBU-n22% zS$k3_jb^>vBn({mxR;ljm}r~(JgV3`*ZiPuPmDa zaryG;PqSaMEN)<6Pv;M05WaZq`R>UvSLA)5MuUfPWWQ=C)E+v?xoMn~%oMw5lABZ$ zQRng`+^$%@-Rb`OWX8m11bX?XU-MYByqlbz>)~=e+Izdon*`B)Cda%^cj2c22uHZB zT1#nuXHX-LW%ij9p4CVi@ie!^h(pVW`(Kd2ugJ1fh72_6$6J2UJ5 z7Q_E8e;mxrtpC^Ym*%39Z1wU|tjq;&0(Kr-P@G_kc#fN10FjQxMF!9o00?TuBPQG= z(w!@GXbbeY@tkr(=AE{#be`nBU3J%fZF}vmcALQ+8p-0xSy+{konb9O&5TbDlR*1F zdiL!D`O@L*h>2;c$Aja7xFk0E2Z;c8d2e-rYHvnlVtzgw+HALNFV{hC?%u$ zCpU$1ak_(439^kj{epyafe}aaKd$Zgj@ukSI@o*rftrI9wC=YDiozbl4z&N&uSMP( z05&AMHogP`x%;#U?8_D85m?DYY(v8YaufCcX1nCn4AQ|Plp~a-gnjTL1(MUl&;7YS z4K_OMqpl7kuY(UnpXd){ zrw0V4*$D}B6kwg2H3(8>+D|-e>KQub&`xdSQFa%9lc(M66^eM_`}wBPli8je(zx9^9#p6 zc3o-$t>dgMV!^&Q+5+GnAc-L@ejtf)x~UZr*NX;kS1)JcaH9_K9*9A296=M>v*T-z z34D!L=QI{4t7oGPETg?? ze7_S3+79}yK?H6c62?Q0LA#kkTauw$tD|kX-wS4rrEuDnVlbp45QeEG&cT?Z$efagz=zn6XHzy!ym#ntEm z$-1z2pM>V#8^EXt8&RqFTS#5f?iGSnBYa;h!kXJ+jYCDDX_pj$G_igmF5BTw&)g?y z_;}P}S4@jACs!Eg(IQo`dGS5CR?ZZ;GJ$5MK>o$BDJrNc`Y@R8LE&bc(`IMGsBJ{j zC+K^Lq!{w-OO@U3(|fQ}T?Kv+;!#^SjQ%xl;_|Q;c=^fx83{v@B9Qi67?mpESd$x{ z%&5Mo`y#@%6Zl3y36iOy@N+*zkE3vtc#S&_U_nd9z;T(t{v3faWP79_84lz(4(vR( z?_fXI% zTJw9C31czo9GE$@!2sXQok#QaC=kNFJ!QnWKW!zJl}!nSnrfe+wn;~Te?*>Y0rxqPXgCp zljMvJ&G_&9gL%P~y%I#EnRrc4Ru=!{SyiWh`}C)Kzae&C_fz)T?T3}8S{eIMC$L( z=~kiJ(V5DYci%iGG-vWpv)1B9!7tddZKADWl$KrF=?(2SGhxjJVzrhquuGmX!>^`~ z?3DuTIzYPseYNMWgk$E1L3reR#EzWm^GYtwL*f84#YA8BM9LsAWm5OMtoT;oX?|MH z5Ov7zRk8Ou49vheC3nJIE*)JU)TN6YxiBU98;7cS#~U#oaUAn6ZMI<)+_)F$V|#xe zwn9H9HiSBVYeeb09x#0<$s1zhX)B+WGVY_*Ai<_>JKhbO6NK-TY)R)1-P>lT6Vh3K zto2}zGuwsV9sIY=POa72{Z@VMgfZ7&xi1c)CxTrL2ybBf@mK4g(^kIL<_G?^$TR_h z36#~U+!F+`-0Jx`WotY5cp-Jg?Su9CwKs2PuppI~n(FejmQ90G>XU%V#g|bM%t)Au z-rQqFhF>kyJ#bnJlg!=IT!B%b-C|r63l&MI9A)Z&GcL(OZyAM#nI2uRyB7Rmy2X>k zw#_S6uH+Y<32{^|&1;6W**#;XUz&ItqGQMWs*bTAecjQ#c4?4QxM?hpu4WA}V?|jC zjGe%S3R-Zwhghpms>{crh(5wp$nCC6mh2g_{(M-r)J~ES=CKHR*Y))R?tr9}NssfN@*yp*HAp$7HzVEFDX48(DzqLtp=4x5ApAIU; zt-p<(U*Rk#VvxGvNf7iFw$!ItYVD9ub%U7AH2kc)e&Tf&uF~JJ_WROU+P)o>D{*}? z{>@yU*Lt{_ary#%!4dZfZo|v9+W_^7r&Skwr!CYcisvEk7+0T+VC3eSMfpp;=UVgpo5wDC+n-a&RoVT9uH(<`BncTxF#iZiW;uScA}Cf8 zBmIHS6tRMhlLFgwWDeK$fH}r0ib}bhYNIxUliO_O7|?lOJ}EZLKKXLI(f1Vy*$y7g zF=s`Ul{NEXJ`DjGU09>l?t>KE9&z$8p*X=bsl^Cu3U7ssqtte;L&L0C=`FNR*C`n( zZ@%qiXPD7Eb4N@8SYowazWcj=2n?-Zc3=CaqXSw%*4MTCL5z7w@UgeC`wJd?Q795% zAyXe>yA+tT&d0ya?|0Jk(yzVwfJ-4SX$>2p2Q~YZ6UlIoi97FX_v$0PAfQ2mp1#>d zlszw4XP;Va*%VW%E)IQ_xbXH(FiPllXFAH9&&`ghUqZL_POy(EG&ZN0tHphQmiJk4e=z_tYU~`9hNqGqKeGTuy3@XhZMA-QVDsQxYR_T;xU(5P0y}*3J`Hl7wD-8qI4@;^5{y3~~-D+iI(vXYF zjQiHPVUK9QzxW4N;HMA<-iWP9U2Qho89|2iBp*pZBoye}_s%@!!?4ZC?iGQ%e*znTcC?S4wV2AgPTucb9oC zW6N;>FZ1Xy!xsN;an1Ow$wrH(3I(1hf7l!Qy`-uCC88+o=p0Eib4h&z`6UHSCv^V+{TRWvvT34n0)kyrGj?&Lu{#uGq3sm!hOsouQ3W zHDO^GEjMV?EBS-@zbw-0?kJ)asm=E1;ydr2Z6{e4dGb-R-LnW?m*=Z|dx3DfhxZr6 z(b4MrfZG~>4HHo47XdT%q;bmC>aXx(;l zST=m|2iET!QvN@fqVOc)Hx>@HBazmHrvgKkS0E23v>g-6TI$h4sco~f8?m@{`2 zjrHF?Dwn&UYx^S^%`3wTZZ2rhbT#ZNd;I82J?&(P{*+CC+o=-fZ5BO!Nb`&H>|At* zOlQ_*r{)5{X|wbm9qxq<%5vB~?MqV{W3Zff6U(6+ON%Si88EDQd7L7cBp;;6T?yCK zzD2VQdN-W6oq>H1P9+RtbW<=)su1$M>3Djt>>i%uoi zc<9a$9|j2qTX@-dIbTKi`+`yrRNNr7)eq%tKPJc`@&;$6xq{OyM27$wiK>-=xlvxj z+f}_C;*;8}?WV(7dDW_H&7Rk4CvgeYF!SivxwA|TIA0bh0@Im zw-);^96y%p)U2CmHTG>Aa|BU8Rzi0B7a0@#1Ak`I_&|nTimnB0JMdVDEe8~P+Drv& z0nsp0;Bgl&U8x@@zs|NOm~*B$t5a$gHqGK=7h|v8D3QaQmSKfiUte(r^QNuxp6o*_ z)T3LNO=VR-t>qM}1WeS%!IfEe?C&GrUewQRDrCPY|BTG&&?>k$5-|@IJywS&A7_f+ zSZb>80q_Eck1BTxxT1Bt1cL0b588$+8pVzGxno_%neOoED0A~3C==<)=%OoGxu`w zlt){)dXG$D3jFvBV8{oz*~{qQ>~h81gwgoJXsodW>bLmIYK3@pRKjqRAWV6aO8s^e z6wIZ1nnWfC3U=eGBth$aN}pNL>Gay}p_cU0TU>5~yuqucO-TP#RBx2|n9=oJmZQpyytbOM5zovu7&R2z{4H;!U^AU?dH|O06d4EuDc`jdz2G|WiU_KjJ8NUt0AZ$ z%ANM^i26mx(BG2xxXpybdP-(Zb^E?6WFL8cTtJ8q&?;PoH1}smqCyB3S^}Nw19VmGH({W@K>Ib{WSfoJE zv*JkybZL3=iB022Cu8;AatSL#+gCBy+jO9(q;f-iL-H+Cy(eKU1Jmt6d@4uAYs8+a6Ak+7QyjrU zblW43{qk#rN2w{XLd_1>lNw80xFGpbYG>kzD9L&P?=qP?fcJxg~%E0fH@2haoj#Z~vXQMG9$4WA=)y;Oec%nNqniM>FPK=6ODG?V+m zs3Uoz$Y?+z>HC`A?A5jbPgLaG4FZKqvQ8) zmqXQgcwG2s-mNH#8XguE1av)T`L5(xNtd%Lj&xi)kdoIGum?FUjPAT@!Jau+w`OJJ zQy$&evCA>FTxCp+>%{(udNTe%;c;m+xt(<4zhuc>DiO>?8HQN zu~P!m8s}0d>7q4;>37^z9N*a)zM7b?XDB5pcRE>yUM!K5A$+(Pw)XaB23w0rpE<*S z(m9hUx^si%H2T{ejYjj3su4>ZwErqnh=>Oyt7%P3U69*9l1Zs19^K40;z&QebiKph zZKGgoqQg`#9Zz&!Dw^sTQZ>*&T2>9+IEjL?10^mxWLaOn=v0d&sJ(Hk;T3}GD7;(B zT8p$CnCIldc-~Ja5!UkobIPlFo8gFi1N8}(T?5k8hIefsn0;4BHo~}@C+$!8K7h>R;?k+vWl_wzv%<5etAd|`f zY_#ohzRb5j^dydgL^0W9IOcNW4j0QsPqU_TznJ<&_-juC10#60GUaoN?HcYbjaP?D zD>gO<=Ra3r0L}sTFGi(zvB)HsE@Yf(u=rHvC7?nvM?gcPN^lG=UxB$Wo+u}&n#qui zp17Dv1;ZSl2qI3)eEu)@q~`LH_f;h9kz~+b_5EighV3isk4SvRi*g>% zbOUSr1GVGU9%EmaDPAMf7c@BJPWI657QN82*e-1D7BOH%fHdflWV+pyVI%WnD)DtE z-@tiRyCa!eVpz5m{;X)sTT;^&M)|g=-gLx6@ck_DXiRe0n1Ku=c5xm$(uO#gGLOMn zH5cKD!U&e!=jH-?M&evwtH{Eo*Y!D^g1-VrnUnq3WXsx$-*NX^xzeRzdRM`)K?TGj z=(VBh&AUeTPhkggd7CW@9n;g;v5+h_5q-NOD=L#Jzf(!kc}vx~&ry?_;dCS$T$=7D z{K`mVk~#7<>hg*^5B2s)d}dR&FbgvspXYAQBB9@E!|X=SA}o$Fdb-aWTi$9IZc>;% z;9R$J^FKEu3!_UbG3B+Ba+XFBUAASfV9H$&KeS*kw;D2G8UU5rCH&}#`!V}08E8?L zRQK{Zz4OgVIQ#(_%Iv@rbsp(Qk$ODJCB-Fe^#FzI&Ig}eHs@e}B_kB?%y0sOB$MxS zdXhPQ%v6=3?(UdF1Lt~&wQfOgZJb8Q#*v7~Qwi=&^ zPVNFO4DgH=862|~CBM#Og*?!FGs7I1&3P+;TIDMCu|u3*DwwDc2hB>gf=)WVPbORc zIP|pTD;UhjXVPTvkE&5!0#k439ln;vP$h%<7@+{)|4JjL!7Mk-D6>b^0|c@F(FbaR z^yaxea%ur6j*Evbx1$0Kg|!iY)z@TmZZ``L7JnskD#s?@(%Nais;(gabz8Rxo|O}& z9`zh%OD_$dHrqP-_mfm-hw1H#hDW`;=oDY~Z0Vxu79RqJ3=8`?>;Aau4p)k0_S@gw zL0j}UB0neKC7JP3F-x#t==v{vFBXd_aycz-(J9OAAtfpdE|ZstQ4$if0fc29*ewcn z2korV{;@kxI4I^J^GB3qN1K7Ur)44)iqcn~PCKWeD=c*waB^r3$oeub4Qa5*3hX7j zE1gk?zN|s2s$l?X$dy9VKpsreca_UPJjr)PKxAva;4hyg>#s(p+DEv^@e6e_H#ffI zc88bhIC6h4#|5b>Pux$jGJj8RBpiQp?mTzz-1c~RAqgQQZt8-aVSRzQ_}hbia#c#D6V+V zZ*XL#3sP6~jW+R~u9Fu9A`A7CBf~hPh?u1fbdU;Fl={&P(BqW)gt~n5KE)=sia@%+ zpk_A*tb+J)m|jd5bW_}$GUc`PV%Hnc$Ya6Rtjh2;R(f4EIVI}vkJkB1;WSmd&A&Z? zjmS)9y&V~pQ5=B0H3#=)q*5BsDjTpm%&r3q?8IOCJu1Yd`<58Irb(Xv4!}alwUEXJ zmrT=eOuikxM_LAB7Wd zc+Xh}*7{gc#s8w0x@L5BOV%>l*Fpho%J?rWP|X^U$zE?`A`*+Re?~tJ%pn>`PZgoO zz$eYjQ!(skK!Ad)K5FPa@H#%KCHdmoe#^mW+sF0s_Y zkh3aaZr&jD=qSQ*6ng|VUjQoayCL$b(B@Ge@9`n0EKA$8K{tA-+Me7c5mqy$&M;^8$%ERcYMpRMPmG%2s{2(wz+ zF1d#BdeJv2c0C5=8_SboG3;z%9FK1O8|=*tuB6laDACTy5x@Y&zf>4=xokqUGnY4CuP}G;%h*>qSxDHr&5gTzJ~BZ6LI?fYUYk}O&s1h z&KDv-0o2MyP$JXX~9B3JE$UL7W5g1XEh9u_ETGW=%yJyq)P$p z^Y33xPb2BC8-PY0Lv9Cc;Aptz#D*V8bv~Ex|AaxX{09tzot^c+Q4s9^5rSZ3W@P`r zh9H!z6j0PL!Aa7`e-)~VM;*XXsp*ZAr{CT64-$(>Vv}`27Y839s}0btTQgt^g|Yd+ z0?|AuXcJc#3zv@wDmI}B)@elLQ<^&`D|t6DnA2*^TW-q6%MEADe7B!w-|pOcpK2qN zkWR3x1eEqQbBMh=u1g>i9&;sv`C13>@7IU=Ga(PxyBU+hg6QCfb!HC=BZ7@dK!Ynn zMuh*4Lb70GDsBeZr-kI3-$Os70gNe^s7DBA4&B1Ujh6-o%QHi%|15byS1Orl981rN@!mMs21 zO2~(#ze~G@yKoaS=O9HSh)b~puvA==ZpT?1!xISqAXD#w^?OMQ$S|@({MOa}mHm$) zC0j7RjUd}-vX_aaR*->m_Xdtf3Z}^l0HODt1J$O*KEOd@wW5*~f;JW!A8I`l#}uNIP0hZus+Iw8P89a2l6&V2 z=&JD+KeR~W5+KWDgw|mDN<4pMb9elF&gvL+N?(p46*hlq$cbVS<{Lh;cPUY>B7>pj zUDp;BW(}27n&1fGB{S3bw0Va(I0fBz-jfv6XnWu4IbRW&)BTR&Z;g?s>vk2$L+3Qo z7m4Gd(R48Hk4s6sbOBHMaMbC>k9Ipp*5;q?)UBTp*$BzQf&KV*%Lpqis+Kw{>DyIt z{ZL1ToAGV)Iy}%EhgwA0p^Liq%Dwelx&7Yvg4AcRy6MH>fMpW6CZL=82jZ%myFA`C z;oVQQLX5%ON6-yBg$MtxR>9oCnjYgZ+jsDM%xHhO+pZ1H)q68&17e{L}to=))tIUoh@93 zuNhgHz0ujRq#Nbw_PxDbA9ihjbUsY(+SD$zRuWr2LG3_UKPBD3jikSOuwlyS%tulq zHoM`xa`}O(mD@Gmvywnp*zQcK5^oj2Ey{kU$>y4QGP>qAIT?hT%?qs2<|&K~7cql6c(p_}<`1lJEmi7+mke<|*!; z#v9k3u65K`-yvViZsxVM?cCcOxTEbaa&uQ_U*LK_gp2yynS|07yGX(g-s)U$J0Ft^ z&u+@gyn1c9{gLg&VxRi~Z(-}E=sXr*Q8Z`)i&s)yJBDZ8<+0+6zo4>vNafgeyk=q=&<%s`glL&-n7lvG2D?+y6A9n0BQzL>ZTR`XP*NYvsLx zP6W;v*SXSI6Q^GE`v!EJQiwa?-liFc0n09g%-u68=(=xV+D~fCS*>AOWwx7}MrcR0 za(7c1s%eht3!eZSUEZdXNDhVNLIsxHEkfchuX14ct=qNt_Xi}lF1PN@ieIkkydCW2 zY@N=$`wt4RTh2vx?;+~^CcRVQbluY)S27N^$(g?r?(^->Z;ixxHN)Ow@k>)aGJKk) zci^C6ZL$iw)Rb)AAhV}!HUHCSX8RwbnUIZ>;r|=Dg#Tyq+D1jz>W~4o>qFffA>=t; zED>dtj)?FL)N!qa#bn*ekXl#R5N9*sx>tYNOHMis-*Dvch0*Q-kVP=tnNhwGloj%# z)YVqd{ZyP)%>SZm@08She0-I8Ki@u~x>`FJvljW@c!uaq~^ks&$MvvN2->iweWF6X@uR{ZJsrO-MZr0}97 zC4VHF(qcBn0QM*umadpl>R@fnGMJk_)=yyReGBr(r3SYeC-@qMr;91gNUf?KWu2Lxy1M8|Lbk`pf#=FEfSPnyLfA#E6kl2h;ceVl4zEF>` zl++I;nTam&nKj8Jl}rct=u9oLxhmw5Iyocs?m2tCM!6VG7O&z0@uJ$5Nc#z%lZC5P zF&|xpT5w03#jcnjL452OIuapBij5bj#uLMRD zIp}03c!IU*X31kQ)2BN1UpiUorUnFt&(ryK+03Cc!MrSEvglhdKe|F6>C{u{chA_b zc`}XprURZrOENU~(9GnES9i1pdXu;jz|O$&|EC4)ivEQgK2mpuNnI1g*dQ~gqC!0q9oN|`t5kNE>^Uc3O9bG)->%w) zvTUj%iOlvMA?HFG!iP-wnvG+{u$hhLh#c(K7-KJ($fuX77RJvcG< zcr3JD4nPjC=H~NJXb+51wVUUy|_eL0tYdfNh1t zd!d`loiCxs2V?Y2oyCi8omRwKl0NRpcM!`C*kf3atIuLjr9B9lg~ z==F0?;qK4Z&EC-GCar$K==#Az!TCY*f#GphxbA_no8?vS`{cSjeh~hTF*jf{MGrx4|JT!JkS1=J5>B zU6hJmQUYbZEL1ZiO~3F=*Z0!=(FR|b+p6P6qN!8ycFt|}jKR)C2P}C%=r63-G)51; zQ4yC5FMdIDp7}q066RVjoc*!eNSaS`XWX+|-n_~E`XDTRmH)FT{xQn`ttnJI>`e&i z!W82%q+aCCAePTZQ! zFi=gZhhp(7EtB$UPlSq?Lk$ZFJ2w`ooVJNp5&i>@F;KXdaOES{aY$0WiEzfU5bjA(|@V<@>(L8NFznOFQ5klzq2gDM~$`3D6cw4Y!nA@HDR8YI5I zo8lFK3GEF(!A{Ylg@>tCM1x&wC@`P6Vt8{UP7pce06?f<7z&K}Fjt9UKhd(80)-s?1q{LK z?DxchZ=47Ah-vZ-eC*2~b)GoZu6QVq{xJKK&l3$v*J0F=>J>zhK4F5QO-Hzy6Ac2x zP8~8Zo8jV_7cf9E`)lWyu-rNr!wYM-1rE@x%<)bY_`n`}*DV>qVf;D@P#nWl0Q(7m zL#FN{KLQyQ<-{B%Q|2A52O-czRhs|;QJ80d-kxM_!;Jxs;$ft;M$$%g1nh2s;VHffHo%H=`-f2Nni4D*5$&d()h zw*zBXebG69{-bc#PsF?9->M;A9Yt5JuH!aF{7`c+1ps5(gdhFcZ+coqL0RLx1&@A-wn*mxS->8C#`u8sZ-Qrn{uR9l~k#s z;8>bI29PHi5aEwahDo+(e%caf7eK3QLiK5NZv&_bxWU8#<5G$S?)8!85l-OQ8qK(s zb?iHU@Pph3>j;ShhX=b4!W4(;ah2lV#>JlpL+$h~Z%i4uc2*thadYYqcd2%HIl&57 znO$m%wo7S}o^q=d(o*rTwA> z1bPj)O@n5XFxM<%gGl6dMLO6)q5~V?7eS>EuK6`CNwo#Z?F(x?Qv}P9<`c^P&zgf9|EN8#9@rS#NvG!Ti#zt?WTE7$eJm90y|`yE)h1Ipq58aJG0tmSP8!ha;ZDIjm&mkXFGvm9GV z&nLgz;C8ZQ7Q#0n<*Bj^Yw=3|&JNL`J7%($)sfJk!A-0qHA2(I4uxrA5E9ru;yCp}L*W^4~jy5geqa(aOKBbrPntVE5X9TG&=-GPZK6iwt zb3#ks%%#60zrVW3WfM&SToxVZf_m7L0V1-mxT(ZK8r@R2d=(V`-4FkXOi#Q7<=0e{<7@efbVI2g7v(~rEP7#ASZm3m zymTawrHq^ET@CERBLi5jF z_aoRkps3ZyBj|ZO2XOejo2Y$8?lN6p$&RKGGUMyaMpOj93{ZKA4@Paty{2OKI-TOO z>vV7v99V2Z!;C)nZ`Tf=y_2&!$bDLi+wT_5PV~F8Y~|?0!3=mlwb9uAkm?BjWr1H< zTkFM|y0iWS-7fZW&cmP6KO^$N?s4!E)L+;=CwM~hk&QcJqy72w6|5Zwu;^_gx4Kh7J2f{I!z-Ty^_ z3+j?Bp;h(_&nm9UF8w86a%68#bqN(6_|(EZHj}h~-Q0;amBZw)R5d zgYoLdhy%-ydfe9bTiFNQoTG~J?ZuEmObVoA-|r83;={@0HXMWP_%vLTwUQ%aJB{h% zzOx$5`ubCddo;ZsAOFU#-|Bvp?3Bt(fOznLw?DrSX98mqd%8u{+ED^taxC9|yL_@= zm%N;jn84m+TW@8XbT5m8Qe6M}pWC#>?m=`p@!`LQJn7X1)j%8280JyEJLfbO4YANDa z75(_limMMmQh2Ez=7 zF~b-nc@~2RdE}M6l1D=kio8O3le`H@-g#chz3F~4_q+F7_pbY`?|y6j&u^W*&pzku zv;XUyv-UpgoYtu?yT4+px^O?#z21ikwWQ#s!~(&26c1mh;O+u^>#c#(x`oG6bKV3F zIc09v;n~jjARZ&l?CDTc*y*!~z0sGk_4Dxe+xNOXbQTA48c;8vWr?Ss)vJ(nFmynV zoee;bx_KnFgF#S2K(i#iZ#etHapDonb`gu3dCKgQ#jDVuSQ^9sqdj&7llEa@J^qaY zu3|p#yc_$?FWt8HUv3vj7W>4X)A~?;P(4ZAvGVeQS+Q4-9ab{B*om(moLjoRmyH_i zf9k&j6E_0uh|Wk8iAQ2FYknJWI*M$l-uhZskRc`G8v}7V2V_@9CHF`4`DPba?2`4* zaMCRE9&xqPib=chQ@~HOPxy`}4I6X4Z7+h6!CDP#GOp&+KwX1YOrBSGL?laSv1nS+ zOzrDVRgJQ6_Xa2S+VIf9h(UB`QgsLHgiW(rbY1Dj7!lKyxb4@p-6*MOI2O`v9+5_j zsW+PJ9JjN%Wvhs)89*wXpc{lvm4OK;g+m3XM`8?gu@bn(F8$~6jm4k{_>{n+th@<2E`BwWO_a;s*Se`6O3S}y^ zsJqGoZd@!v+tmi^aN_Z!8Htd)6~W0}LLw8gO=%~CD$u77hfK)#&0LEQ{x~|Ym-_wC zE}7$pW#IeK40u$TY1-$)&aYNGl7WwHC)Zfpjnz@;56yGJK2NVn1(^plxaRbiUEc_E zqM4sh+2G8?;@NlC#78x{NK<34>00MsK1@-4`q0&U{)=%{p>T;UE%jzen%p>MNPS=s zu;v^d8D^@c-`mVix~p~c)3L5g8yA4W;!z18LdJg%VbL)J*^qX8ta?kb^HjZj8iUad2a&O4yg}vX4JU(*&WAO?k(sAibM9N*#HXXfy$y${!)zNm3Z-h$^#k?$p0bfyqpsctRV<)`b%?vW?$qH6do{nVERQgg1{hZDiFj;2;?MJ&X7U=ClLaZDAPfQh zUrsjs4<8!}LH}`52126#|G-qDsUai%x4_hm191|oU-{%XvDwQUs)@q9@(AB><{oO@ zvnTBDzhI9KNw}+hrao4KGsZV8v|$uwIfJMoNj#)sA0Ac!(``l!hNp@b3&CGsk@0{; z#S5!XN9}hzR*>M4vKB5XAZBL*>fhtt=b_^J%tE)-{{=_l3$uKzqz+U5>1lLBvQDF1 zwPj!eyF$Ze!abcxppUn#T$sBg6DM3`uS1KcW zB5JQn&Rgv6BbZsNz3Ft@`CL8b2|P51V3c_OQAW|LS4)>Z6g`o9uP9J&lu!#eFx^(t zb95D5Iz(4iikR{=w1|CLQ`;b^t%%92C|a8x6rATr^jC4Vsu#P&PXw#I`ivJyB(3Jt z6<00`_mT5Do~z$C(y_L|?$xZh{*zgYo&DXXOR!j(Q90*R0rIZn&`M~rc6?6*6(ax6 z4p2&pm-QVzGCyP1t#-ns7kn66b3{@91b>2m-@V$%K-&?B;v%)< z*NH3ItgTO=#P4PKhdWDMjNJk;&L`?;ZP}3uw(S*TOA|TM0<}l;4;#5BVA4knYdkNE z%e?Q(_gg0JZ0%Sjexns;4F&sraxJGGy*>T?nVXG?WX4?zK2}rmHcqewh`Y-^S6=Ov zeRYfP$$9`^AbVTQD$0qKDRj z!JtU!IV|X(MY#Q3qR^eV>j(<*`?dN1h4S<3K#u+y=$ zS(?^w>6nye70Awh$3G<)ck@8{NuM+&fued-W@Y#(ZH4Fh%ZhJZo&e6=t=1v%5A2qX zP{{Vmlvpi%ZbaZ4;QJ8(ZgFh@$RFenU60NbG%(jW=X=&!yO(UOg9Po$ zY9(p{?rhxlkWD;OjqF@t?M~knPw(7H)NF2y*Zp};nfu~^M$eXuUFz2;tI>;6kfBWD z{O8NeE)Ih8&KK@iW?i2Y$Gr7e_Oj}8FYKVF#i_p7ByuaqkK%F-GZd=is4;?5wa8NP zvst@pa<)vO!DWwh%#W4Kdq%@C_4W8g)P@22YQ{GIooGO1^MpoypNt5q`n_MaBtTHS z`2A;mC38I&aGISsma(9TQ|v4KSU%Z?3u|=DYL6duw`d`KJvDuLO!O?hyLR3*^x^j# zguX=^%k6dSmYA*RX7wY1NC3v~tHs+)C#_3wW1Z^0D@%M?VuWTN?oOIWogMZwP{rl} zb7cpI^i`olO}0ArTO#cl$^KJ;O3 0) { - print("mendex exited with error code $? (ignored)\n"); - } - if (!-e $destination) { - # create an empty .ind file if nothing - open(FH, ">" . $destination); - close(FH); - } - return 0; -} -add_cus_dep( "glo", "gls", 0, "makeglo" ); -sub makeglo { - return system( "mendex -J -f -s gglo.ist -o '$_[0].gls' '$_[0].glo'" ); -} \ No newline at end of file diff --git a/krb5-1.21.3/doc/pdf/latexmkrc b/krb5-1.21.3/doc/pdf/latexmkrc deleted file mode 100644 index bba17fa6..00000000 --- a/krb5-1.21.3/doc/pdf/latexmkrc +++ /dev/null @@ -1,9 +0,0 @@ -$latex = 'latex ' . $ENV{'LATEXOPTS'} . ' %O %S'; -$pdflatex = 'pdflatex ' . $ENV{'LATEXOPTS'} . ' %O %S'; -$lualatex = 'lualatex ' . $ENV{'LATEXOPTS'} . ' %O %S'; -$xelatex = 'xelatex --no-pdf ' . $ENV{'LATEXOPTS'} . ' %O %S'; -$makeindex = 'makeindex -s python.ist %O -o %D %S'; -add_cus_dep( "glo", "gls", 0, "makeglo" ); -sub makeglo { - return system( "makeindex -s gglo.ist -o '$_[0].gls' '$_[0].glo'" ); -} \ No newline at end of file diff --git a/krb5-1.21.3/doc/pdf/make.bat b/krb5-1.21.3/doc/pdf/make.bat deleted file mode 100644 index 94bda213..00000000 --- a/krb5-1.21.3/doc/pdf/make.bat +++ /dev/null @@ -1,31 +0,0 @@ -@ECHO OFF - -REM Command file for Sphinx documentation - -pushd %~dp0 - -set PDFLATEX=latexmk -pdf -dvi- -ps- - -set "LATEXOPTS= " - -if "%1" == "" goto all-pdf - -if "%1" == "all-pdf" ( - :all-pdf - for %%i in (*.tex) do ( - %PDFLATEX% %LATEXMKOPTS% %%i - ) - goto end -) - -if "%1" == "all-pdf-ja" ( - goto all-pdf -) - -if "%1" == "clean" ( - del /q /s *.dvi *.log *.ind *.aux *.toc *.syn *.idx *.out *.ilg *.pla *.ps *.tar *.tar.gz *.tar.bz2 *.tar.xz *.fls *.fdb_latexmk - goto end -) - -:end -popd \ No newline at end of file diff --git a/krb5-1.21.3/doc/pdf/plugindev.pdf b/krb5-1.21.3/doc/pdf/plugindev.pdf deleted file mode 100644 index 1715cb2eb793b6b1affa2204a059b697c0057fe5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 199462 zcma&Nb8u%%)HWL1wmH!+b~3ST+qNdQZQHh!i6^#g+q(1CeeYMd>YS?Y>_2w*+FjjU zyQ`mPtzNwrxxBC_9V0y}4EfB$&HO# ztes69i5Nt!4V+DcO^ob}OCx zx`+-=nRhJ@VK@XO9@zv!1-4^Cr5N)*w@Kw4NZvdBBw{3QLUk zH+!rgPm6VDIRW{W&yyOe58HSjRpPq7SyNYaXRh9W+{)9)ZJz8<#5qSy>D-Vd`1h;H z+GxERhLQbFA*y}V61C6em!tg?WpS&4&&(c|()|{Pffg^Pe(m$% zjO9lXd!6^`oY}0q4%~LB>BZ)6SeGP*fOdffXli{)FhejD1YtfT9DT5+rxi%1*!>L9 zbVM@!B4rIq{Uj<)hlr8>EUy~xrr!pELJR5W}ac%!V@aIQ1dTq$n<45!3?&b zNNhmKj6ph(SP+eLk=bDVNu^PYS|79#Y?h-fOqN5|3+M4tU&?-+4CY2E2l)u>PDHej z45|bDUI;5%kkX#HW9C^VR1J0wp+Mm7n?wNN(&2GNO!b?#QuZO{*Jyd~NFVI34hQV1 zzD6i8`)m}W+#e4N0+WO0+a*tHtbub{V>la)!L}r&LM2JlZA7|EMvHJTE-)bq6KErr zDaGNzu@$Va@j)^aVTyEYxN(?aED9Rzfvze;>BliF)O~|7%V8{{<9@@3Nsl_Lk1WW- zP@2Ee$(V+(VEYGB{8!dv>7dys^sR=kBvAv5ByLObHGK)tZ<9n3xc2edu@!@r#{zrz{6Q2F;OgX&&lHDGQD z8~--wMhSj|=7RTXr&!)as>tKt5@tns4c+ALx#R7Ic1k}%-Rr9OdUM(>?*c$&Ys{Ypg2a%l2|AZzh z2it##rt)~qUubq6({w?S9rf)%k^v&(h!DdE5DI~-pJ2ibNCi;Hcl)+$D>M5hED?nl z4;wlwFHLXujkq%k{ z0h%M{4JW!;?mDK&R<>S?-y$?#KmL@0c?{Z{`NpzwvnI%2L|k2{<`mhBbC8+8rrN9( z{MZiiOjhI~p}sHc$osQ|yUiT#ko&Hl*vS zWfNSY?f|Zlyxy{9*0P#Pc^<4tFN{?LJDu{%Z^gXjz~PfD862CQ8BBWACqt7OTeHjGCM0^&oijteiejwTX~f&hf=Llu`55#^JU6)RQ=SZn^&vCSD{-ExO8D!A~@##L^o=e9w5(bD6P= z6WK-Vh{inE^!OTa(aD#lY0&k_ll^EgfBA0SOmdG&`d4MhWsXmqf3dK5ns>T6zSl9@ zdvOx*vj`@#Xx2&;J`YEhA3M0s81o(S-`0+GZt%W8-j{_B)Js)f;d*mjS@K?VxZzh* z=_IPCRFiJ9ZX1{2S>3e|x)jeA7ki+?=3tl3z8n()rG;hD&E=EjUd~QiVyLkZm?$%A-F15 z5Avc;`P+zmRZR7}8*Mu#w2Vh|yZC$R$9wqun|+~bLa-N|io2olF5|~IQy1HuFDBa8 zLh4pQ?hk}#P4DnfP8xzKLGt;mi^sZUkW@4?-;U)+6RZj9)^7-}6o2#%o7-f5=f%GL7qSuI`}+EP>&3DA3EOSf=5p-hejT@OdH`YQ)#u!Z*1|Vr z@JkD>BGj4j^Ym?QXz6t(WN_H==Bu}7B19v!3F@DN$886mON4<|X+^vT9@ac!HcD&eY`R-K0WQzL~k6QFOK1f z(MF2;tC^8`hxH)`?yjL##d4Jv>-9xigipe2IJ2%UT_GplU<{u(s~=h{j|IAuDaGkI zhjI|hHgU?W5?lFfKUMKvO3y z{Av0lLEHr{{CMjp;0Mv|Wx9ZD)A)gE)0GT04F}Edrg8P@R{R6m0%#WIQm~qxr_%7+ zh#=VEzlPs2)L-87{KmEgwPe0HIn3{B^D-&EVLmPI+-4-%2X|`6dXpUP7#MAXdUf+s zW(P+t;21p_Q?OoTWZ}L_h(z^_q<+cJzTzGQg_wS7 zeN}$VY{2-M#Lp{!moGvq`3Ad7eWJfL|L%n-w{VK!HT$3yhBKR7 zlr9x@d?Ns>8E?A$f>#Yi$d}SP*(zKQNs7mXK0h4wOVUUO?>*V+a>b7H#Z#6%hH!ltliqEg~ve@ z!V`rZRT$r6vL50T9xKCeyYTqZx63TgY@YedOf%E@K$()$d*h5A@sd*=CK)}7`3Dsy znclyWHNY-Og&yhIC#L}}&~;|yZC66^@$jDGTYI1{Ex`M*WvUx{)a zjyT=4EYTu_BHdK|uVlkCsYyOx<-#<%MmAq%qZ!5ZtxeW`e4sgS7~c7HA9F>&&!Mw@ zCqTr`c(t>M#NUe@6H012CdbESOUU5vX=(Ni4DLdd`7gx5_HV?&^uJc(e>lITNZG9e z;6|>$(6;h_x{Vr2HJ~Gk0FNQ&h4R*64AhiYy8`2I+b0P1eoD_VRU3waeWZKFC7t%# z@_qi=NV9c!#eF3Y_iewo$Jc75?!AxJKJGrQy`6S2C)_0Op(Csa z{jz`Mf%iFCZ?!u9DEmfixO$wqM_Qrm@pklO+dkvZ1QX@Kr?*QCB^*vfms5?p+P38( z4EeIk@{vGc8-<_*1ou#OMIn#b`vEAXY-P>_OFLAZsS<)V>z3qKd++M&r&2YK> z$q}2qw9WcxESrUbnFH=<$}6?^r!hl)bkKb&EcKT2wxNeYcWHaq(-T_{iQyaD}Y>$2FRJGJAtQe^s{R6Dds%tmCkYz*IZ^XvTR! z*M0{PrZ%SWfQvwjHs*n24eZLIHfo)k$9|j2R-a*VE12$KbQhQ1!J-Fg?G&zu%hqV+ zy{K+B``uYryxMWJH3x$MCxe2cE=SE?SDc#1z-xHOR=QfF0J-?LSL~x73B!$f?jO%216d-}yflWrJ}I+rf1G4}2z^V! zQ$Jn1_=lBlzD7fy#ag=f9mn2D)&3Tf@1*Qq{Puju*Zbp2rVmEGe~NwDjYWG6L)=)V z!@Rxkvam<2O!0d6zr=j|KVz-izT@eh|Mvcj)pqzMUEcT}g@5L+%ejB{Ecn|U)-+5_ z%Jf7<#@i|%k@c}Um|(_fThPvYk}LoC8ZedJ+duQ2aaWc1%;N0@J}mUA(k9#N8FQSW zie)6kR@MHVS4*+WN%6UZn*W4@ZCR_3|CB+ypqm)FX60PgZHj4GOD%ZGO0l4;6uf42 zChsLPux5o?Q!XQP*-WyaOY^t*v7npzx9wius~Vws`AYDzS){CcDQL~grmVXKu6bEC z|7neDL3jP8wORUQU9%+rDTQQVOEF|ktKyJ1-PZCx8t%&4en`6}-QS00mOp5}!s%Zah2x)$!o>XFJwhh2-f%0YUki%vmi7n?7fYHb4Wk!aCA=NX1Xps@!10Qs%J zTL_lj#O6}I&_Ob&JIBKKeZlHYftZiZ@h;g5i`mWkc#>!#4+z#ca5=paop&;;s#xUNf3Eh$fo3&4$D4}|%T>Fr{V>9p0G%xXW+qmd=>7B1)@#v9#Saw(qn zKG%zUfa6aUDF3-|jDUYL;yC~JR7CWD=VE4gaW#Ov{V`LY04R_V75MJI%)#_8b8s;J zf0O**=eSIla>@iC`CWgZbNvQZvFm4aQCzmjEMaXWo6k>Mkp^&JvCH^+lY_~gtspp@ zG=+QDlTX52UX1Xm69Yh?9=OWhe9zssx(dR%^ubUNL4Bd7s%j>y zrzyW?!|k{?a8@wC93TY(wEc*Zr9YX}{Iq!=`uCP|xB{GZ1muwNQ&1#rnRTG<4dH!P@52eXk%5G`q%cX`^O0)S!Ik|0z7*$ll$y<4*#hva;YVgu&)XjLw0%6KD+09vdr+ilBQF$q@wzq6JM*$?J;-JNl+8r7gUO9XlCXggKXmlXj~_|( z%hwbItQ=hdPL?!Mkd3R+GVRHSLPi%>xTIDDWDXAR9Lc9LbUhKUBkpbulMv2#?I*&~ zvJ1#pJ2$B8Si>5wi$qo61JK_kCTji(X_vD+^OeTIqFNm_>&`f1a0xGJ^I*yenyG$I z@;P8b)p=dhrd-!(vhkchIw=!JIHM}*ieD^C<2zB8*k&BH3J+D9_)HCS0M`2g;afdZ z{!k;_IA?47LGhPue^vrv`Vn=0CK)xCRc~i0Ay)?-MCg2)ZvxF&Ari3xb!vFVP~lGA zhm4kZl(3W0lsk+)Ev%KcP<;Uy7d!*~UE2cZdw`k4C&X0Zh8rKlZ8*J%+xIW?Str5_ zOF*=(YDD3iz5>KOdk5Hm^!E2q&T`ozdiqG$d3#+m`V{f{Ox$pP&hVeUt6&Zsa8-u6 z02U;y-wjP}t6ab%g&z)=!^xALJZsZ%sobJ_Xu}8AO*gw0olROFd#ky=qET(etzP%Q znNJuY@CvXDmjM^01LC1Qxl+$`8^K|J-g>~lSL1o^xR>#(LZI}Cpm*R8QAI6K}G&i0LD3H78XS)35Bqw(TRm9_}c)jL!95> zKww_DUjOz7|6(<=GPC|?2TruI%>S@R_dSg>8gp}n9ALS{qU4n96Y!Tsc7=vB48<8; zDZYDXR71!n^D$R+c&oR(GV zqKorgsV-*-_mZWTAH2M*wL@=R^a!;gZz*x5Waa9Cey#Jb0FS4Nsja(VeK%FpApkR^ zp-B%tzp6OLi}{iOH*xsylLKaG52?$aW-oauSr=-d%zkJkjzBk4a%l{7l4qWX4eE*S zO_ROq1~AvmX~6rIh>|_*Rzd827E#cm*{qNJnGuuLQG?I%indsE+n;GolWt4&l`hD4 z{3IXQd6vhC(o{nT);oHj&YB4}g^YZ}q?7EVF$5P`My%gW8loX5pLC-~vhJ$KT6&T< zfK|(Ry$12R!JN>5?q@QZ39g5PYI=wejdb{2K=)EJV9Er!HH0A(#}077d{Pnft;-L* z9A29Kqx4gD!#m&JMxn*^bmK)zU9tu@@aqz+_QHR%N-3or5RQA!ZjQe489>vvFUj6R zWl($6M2NK8K@JW+bn=Fvc0*_8R8*J90wqXaj*g`LnKr-mEhN z?KCegirg}p)~_WqZB#_}(>OH6-N*nf3vM9X)|f-)jq ze4=Zup=c~w<$5oJ5Gx|>BD*QTBrq$Gg$70<_z*hD!jQpKU`Ly(F$>j!2Bf#a?A(tc3Z!5r#xyHjtj_x07-%*Nx|;G3m>&EP-l+Fr96 zkkI=%nxVjEbL$6NnBRsj^q;x9J}cTj+Mg}2tJb>;L?q~Y1O$*-PS-qW{Wv|Qn_D&wn0;2rsf!XfreY>W#P|1GZf)2I* z!H|8ic2iwW@m27rPUHdVtC=@`a?n2fy9~z(jNj2U&Vg_xhi5!dsNd>2whJ4W)Rg_2A%pAVi|zX1zUvocF-tx^dc~n6q;-X{`$E~dk}~2VQguls zxoQEgD!0*omwYzPviqLTol{)DD{uoojfRT#ls&pp=6bb)=UNwZyS*@x&P<1PJDx{K zq{dMguhb;pru7-od|H>E^4=DVU9%S34=+8@>%Xd;J*nehVf>ts{F*1eA_U>pf*d+) z<;b@L2YobtiRfNN4A6I^KsY1A^0GB|Gg)`hbnyBsyUfLWsS$(njl8*?t9)%E(?{y4EgwdeD1=Ch&-evX zsp4JD)o){j7D#83*X!k0RMDLMpo_fnL6_n`so&Fw|2nH;277!oozkc!W#)^2fudRN zWkObQr6bq(TF~&niR!!jG*C-zf?&(fCFZ!je$vPPX?ZPfwR9pjPet`fyIt35I zwTUe|LktueNPwFa03BdDKT(r^P+GO#IJ*M;&YDnxS?pZ43GR_FF)bpmFga~~E4srI zq9r_Qp1mDYR)!=)M_GpoCTF-m1toR5?<~Z8z*3qAzv~1=mY?9ir_V5WrWKY$sMp)o zw(<4&Svh@8-zuWwtjCReIf5J(s&9KfXw&qub?H)g$++)KqMk>TCo8Kl1Sc)T^u6ck z|K;)5MMqImFvuMe-=G;))Q;(YW)-kP{`j*$UK5Gsvfh@}D5H`rY#_%fVHBiN0Zq68 zbN9JUyd?;O?Dtjxp5!~#{4ke&apQIh8~%9<-P?EvQUnHc3Jpk(IE{=*)za{!`U0dE zUZ=j@FuXT$$$VbrsTN*LG2h9b9SQs02AY`S;w5gbsMC-T1NvX^0wP)&-a+in&oQVd zDaA~;)8-o9q-FugbhK+X@r zZlW6C0!9-2Piuw&5gff;9YjbXC>tsmyj%6NNbk>pP-_X>$eq9vzZ6vwFMuN4@)rW? z<7e6?AN|VUy?T}?H*lyIEtX$5C69B+uS~O)%FA5>tW|z=xCFmPTu3_{)X=CtNj2Oo~`ha+eA8 z1@hq9!?L2jj+U&h`xunJiCj2ya+Xx7K(TAgmQM0et(q`wcx;dS-qCbck_(}T4Mqy=I@b#NAzfu*ELLvE-- zj_72&pw@cD-J_ps@;^Pr&jc`ydrK5D%Rn=Di4%Z~Wfj1MyBB4Y*tII2OsK}PYWgEu z@_d?vaS?n>64K#kFkIfW#8zDICRBe%8BF3DOp}+v<@~IJK*+a?BH?rbmW10!!7V48 z+iul!xyN7VZR4g*psC2&;GxZ|jBmE-bv@8&3mvxi`1&2Ejq0cs4e<~Wtf>Wvs1VgmynuB#XS?P=ivLRV?<0poKP#b00GA0BKk(aAhH4~s zbHx=z4nzaiG&rs~{AEZ#xj?}rZoRP5fSt2j!Gl7)weRao;f9ZU=<>(M(dFXPbt+-2 z8dbq_rd%%nF90GmvqH{ukk}nU>S6X1zUhUf3|3SS9P_as2j3EX|4_?O_674`*tZe{ zd%Zo}G|Qi=ESyb(^B<*DJ;Hx1TUx|4z*~vLlI(teHWep#O+}U9w?60!ClMsx@z@1s zVbYjOi`R_$Goo|)3a=R|tkq7A%R}pw1LTAsik}JSF^fa(c~nzZYW64i`0Y=f4R)yn zJ_wv!Yn^an6KG_k*%2uPF5_l-a1d?5gLNTS*!Uk+7=OXgB$3@F) zxdV#GA9xw;yC}p$RrXKnL}L*AB!wbZONt7-G{M>#$N&>_BAOWAI2CDu_^T%#kJ!1O z<>1i)tdXS{4@>qHqH<&$<8vvR!zM@V`t|%aKp1T|MWwy}$Nwa_0PTRVhtr?*2N}2{I zXi{exV^cxl)ky2v)t@qf2;NdHzF)w-j;E#xJwAbypAVK$*7T+7*wTov$$##`VO(Zn zfqjdf6L581mT!SyN(?pg*83DG*i^5g)hK0W8s>&(YPjm2iDPV$@J|eqVCZez6A!!d zd3Ln4)rg>}CQj>tUKf7-q!8#zso@9cEDq3vtOch%$_Nu$oPc?~Y&9$&lh+#~O_xdF z_x>WuY1CWkZS;~+XLvkF8ywc?hz5o$M@%n+PFrK63r)}4&WfE(Z94F@aZe!(O>WUA zxp-TN1$&2-!Vg>{XZghDE&EM~7=TUuib3!`ae^wP#FD~s5)hg8q{xLg3m)G!q;K0W zxr*CFZ)pD{^HP7wV*^s_-dIhNfKOrnrHd9*w#*wZ~YYCKN z5}k(M?=grPv7<5?61 zkYS+{oYC3rSNFi^H4`ID(-Hk~Z~k69dXotYO}>+Ri`p4aq?~yxyo5+t{L?8+><5J^ zDC3HSoGTLbI_>rtzZGu{bb2 z7k=;R0!_EypY1$@S~vH1FywNUI5>jwEE38~7p5xKUIas-?$z}P0V6J+MND~z2=d!w z!N*;{%F<_3(|V>W(22g6M_gEGU1uiY4?ovdV_xK&Ul3m)f{zfXc3VhwPWhlB;=yt~$TwRpmATr~ zs5N{)tkFq!iy#s-sm>-CkS%bCPE24F=SXl3yEQYqq}Jm?s+h0mtywQ!uZgZ}UiDP# zdD&S(lc!p2UUNfeRbL`-A9XAh<#v`x76x~v4`ao69!lr9)czg9-7GY`CLE@7qHA8| zDYM>_G4_ukLyW0WiRp^!bSLlQum_lIuiPh`SmBO*X#bSQm)WwsSl+zW2m>dB@d()R zG-ED&VipNV(0WwjLj?z?F<2gS`wzvKsZ%wml)699?ytPMmcL1UnB)lGdxs=N9J8ac z0#A1ezhs}gEb9=A%}z@jcT6tTl3Hd&y^o_* zH=*3{eGB<5_WQWi7ot={mEzPoH^)NbOD-$nQ!V=r!^pHr`wvwt5ZlE(gH?^ppu|%+ z2Rq2rl&d@3 zoq)?R(U-_}woURa9NxDI!_5Ni%C%!~DxxM0r*-AqfpeIw^0!4EFtaeQ{>d~yA_A-t zNCv2|=heBw>GV9`ftzL5sOnUOP(q_;5w^^7uu|Bzc^<8_rF*f^66E4~i>_G1QT!*9)iNvw=b^Tf zEUFOhWL5-Ntr5-TOl+;`C5Cz65!;l^)H~^nka%#Ml2CSGU_-nyaDCo;rf}MISXQ)7 z2@8)TjZo^Hf!4I!)gP%Tv%hShn-?myYb3{24krcwECKG(%ZsoPv0V98&!>+u=$+*n zHL*vZbHY^B(V!sD2bsq(D$K2in`uWu%5UUX zo_tt@j>610xG=ax%)rC-R9^dP8X$Or?KyNNH0Di8r+G*Qip`6V^l$oSF27j@q8vIijwZddRSC%YYcp zEru-HvnWL+tDdnx!uspqM2=j=m061t?gspTEb4=R?h2#%J2xIm%iZcN5`LU#ztyV03t$wN#DVlzv z5@4Ln0jUQ)i0Y?2XZ9peV!<)Lm3+>~Jrg5j3#S7{khyNju07ipSUg0JUSI8Z7M z|DZ_}BA^dl?#tS@_m(k&U}aQPa=?bDg}(f%?1G+Nz62V#tL@9z93T+w#M#WD)*PKB&KveyaS%;Ns6pDegv4YI)OUI6iNlYoW}X5mdn^M(k`li2!J^wva(vId%R5`RwaX)c)nF^9j+;)0eNv z_LfN4qSL`f8iHyJaXA+@)NIxNp%wRgg-;y zJu_YO@9!WVEKM~GsZvRnDJ zcDa|v$wuz+Kxb!{@sW-D67M+{R|6F@mWDAqHPN5j`0Fg8q)qpZ(F;OM641tX;nLI! zrw-dk?inel2}Dm^evKX|@w1j5b<*&l7TIPm1!FDw=`cVpk=K`p8KWSeLNncqnw9n* z-g+!N8fq3>H`KNOnHDV&IB1StLfA}1EYp1%jV*xY(69{za7z~`Q`m>4bJPcp$l&07 zKg|I>(QH^}h;gT9pfyrhal9nYQ1b9I2>S1+&5*nvC^&3)2eM5Ed^G>0HwmgF%#lAf zLUWK1;<0vEK=G~8np|*Ta}uO?#1dq*fu;KN!LuPtC~AVFV+{c&T>2%!v$6>KRh$>k zDbYVm%v0J^N@8_WmoDzmif{OcuXLn!|m ziN~3jonS9m#OWlE;Jn|TGH?(dhf7s8O?cXYqhrW|GPm;L)Zz4b^5s%mCF)&L;oKdj z)v-%r9RzKL<@5zI`GD^_X2&U}kBic#Zinvpp|4?DBV3V>htVf#9;kfRvfmu@9J3>E~~=B)hWH#L+_ z#Orv>QF!)Xs|}}LAVyI<>rJ(M1f)U-gRiDm?aj54f%WFvOmsmLjqYbRS1u|WsM&0J zK_61X>%ec-MWbVe<37p`5-maS;_?RGLB(MN1T^ukWKJ6CMky4g9g%;Dtu)7ag*5YA z^hFwg2^g3ytZ{T6M&{UwvQWQEyo-{;7X_>&;+MT2KrnOx_pPNvK1P>1uiQtny|Uqg zZu{R@WjY&E&`N+HSa_8=T~kK{(n>N!1Y*v7*raQ88$r|mJ}i9)E2j-O6f$6ij?#$R z1G$-OrB6f*8lYk*ZX35r^z&TkmL_8>O_wmYu)?`GQ-NKzHU9Vw97aRxmzSTX z(yohr>)z+~K%igM3CsNvDUjja1^^?9Dw?8C(n-VL$W_~(TGnSljT|qo=S=}8v)GCo zQ^yZl6kRfvWt%#>Ha=5I=hFS!VpeG$wTAKS_+}TdlVEMaH{Z zsWg%cwyu_QVdQ97Im~ru`kJFS_jD>6OS3=QDB*m&(YU+OJ*m(UMJn6adFqrFCWMu} z{jke#Pi{F09OIg7gg^Bg>yR2dy7`t-4fsN+Cc(2$1;7r0SSqnQfF@S&h``e}LV-wb zT8FchzR<>?D9e?=bPvH1zw?ZaC;Nuu9(@~SI^CDV{Ne=jHp*1K+5 z4o&0aY5B3Izn7Sl*b`&TF>HaG_eo)3m&6k&l>P)!+W3X!V5Y@4odT~tm!<>ET_vnD zt1*+(lJ;}h-~zpPD#`lgXC}w)f)P}h42m8481!K*htZB>{?jBQEWnN#9LZh@e@!6? zp=75o2iZi{z_^5nSO;$u8n$;^Zp{Eu+sML?^e1Zq<%v9sk$tXI zG|-ooXhMB@EOn?)J2(9vW@60xA&~&wrH#r~b#~u{xwU%?e%~{=on5QhJ!z;T3lH{I zbSMQlDm5`zemaxbk<)NuLpYm@WB*Jv=S)n}!j7LHQ{gE607bhv3AJkf#j6tZ`qm~7 z_Hx{h^pbJe1ICiSs*)5}oUTD(WmyeE}CMQ_d&n2V7vyivga$LvoOQ*;XM2)vs z6`_joQF{wHhbf!~vq%zvk20En{SrPCRfM=K;qTO&z+p0wz<6Mq=~C=NvdK|)f<<0h zH09^IJ|__U5L8C|JoHT6YB)6k`%zVaIsp|VYXx*LEp6~y@6C~Xj+_~4Z*(xo*h(Uf z2(bR3HoI_%%U#HbWN~} zM&3U{L3VYl_skYVh<=8D7IuU|AKYEq_zuANDI)>905vejaE68?ea!>q&Q)y5EnsUn zupWcIM)6EsK^&sWTkO=Mw|3PF`Bd?fz(XiSOHy6;w!iG%4NP{9`%WVfqs+jK3^s&U zrG@Qu!mtQ3yWqWiqupeyfZSY|Y|n%8Yk>D{{vfDS^i;nzT2M1v(p-y^8CYr|5ll{j zC2@f9Mh*nQF8E#?T0HmF)z+EHBhbgXid86mFU43F)SrZsmM!}^GmF+4hqz(%tLahE z+J}Yi=}8aZ+7bK1ev;#=AN>9T-th+yYH(toXPhuq+5E-^D!f83z7b(SF?7kO7I;Fd zoK=*#ztD4n%#Sw z^~2gm(R;UgD>yjZkIT(zG8zYSFZD9hOUa3tk`8eG0q7RlvEL=b6{+7wu3V6xkO#*m zKns}JxFf~_**pUX`IKH_cN&KTz$vh_bH|MXKO5u&DIZQNs%A`EX-l{K7@M$z#yG@a zZy;jgtL=k?9k(e)7K?q&W$H&RmT^8(pt2Di znkn6fc68OZ<)Wpi8z=U|4-H`6XSo6 zdY;r=x5X7h@jh02D8$$IdQGB}pQksF@Iv_4)SKh+t*S zA`UH}2q9eIP0ct{D($GS@-z=Z(N!l82-7qtZ)$mg7Lqkbp}@({wjYMY4|Y;G0Tb8& zkR%XdK~)-qZ7)Nl2F|dFs+NsW8RXC7($VI-sj8btqXh*QU?tQ^V8N4vp|7je-*L*f=Iey%H+!AK1!^Wx2tcd!r&Ul-T78ajjzl z${5fGo(XUyLGt7a?E$Nkw^0IsAW2Zt`~=0`hx|LjMFat_{V-4%fQ0%%KBFlw%;6`r z2o|(>(oewvZ4jtxs1^Y3pWj%C5EB{mF&;tKZ1vK9Ium&T{#)E7SQtNCV*v?VvMu@ez?g;YU0uL`=2+-(JC^RS(mNR1 zcz95A_O|*7EM2%D?Z95NU^xr`I$@uUJxRw4?-Pk|#H_GCw{$t0%Cc~H!hA$Xf0RP| zih#}1Xh57_{UK80-P!uXOgY`WgZZa3Cm#kO1b2aKKd* zHu>nx6sJJdF*=}>meOg)yCyS`DkqGID7PO^WC=#nIh!ROdx8|AeEP>!;%9e6?ftXy zRI(zs^B9fxBQPaAbUHd_GmIVN1pRp@~?v^L+9K*#fTrcG2*g1OGW zOyJYP@%~PJpp=7Mn4_Lg*JxV(XqeeO2?waiwBM{VO0TV=d_1|%6)e1}?{s&R$=N#E zO>J)X6lDpn*>VGL=t0fS3!&=oL z)cYHaojx?QZMQ7b{h?i$c4e3KH+v`d=!k3(E#^Y6-S5_kCjXjuB>lndL{akZ!Hszk% z2NLgEe4g9xsOo{bjrQ%AE*2l3bR9OLcuiX!Bi)`;=e3Z9K6;32Tf}ZrZ39h&2UE%| zJ`Nvq@(w9c@_X4-vJ{oERr@FA@?GEOrnC{Q1C_UV?wq;R!;OoIMWX?MdzfWIy%FJx;{@v#}vc5y1 zVeuLXCn4Da8gfb)GMB(Vn1)ugi^xp1m33J#@Dvl6kZ>4Udf-nAoSH!IdMog`4$|2K^+EFOw4AOWu#jmL1rdFSSH-<}NKaFHzG<1~V2EKdkBW`-Z( zx0J}tO=RK+ba+;LzuPVH`-nkuQy400AE|DNRnnU;Znf{Rqv+M zm#sDM$i>tJ{{kkLa`T6aug;R?S04SVmq&Gz&FH1x*IlbQ>a~?YaNUq|VWDHtUK`x^Uen8S z=kkY_Yq#bm?Y9P+o15F6r7O*GWThczul8ntfT4S5hA)8+4(4>Lag}YJaaGg~IjBpA z_Rt$RS9VtI(fz4V)}iw4yNIYv4LOshv3A|zxN2%vIPhW5Rf>~#j9a9^W%M6jHv34_ zuXEHx)Gs{+DN{ZcL2YKijeU{>{~=qs(snLpwmh5}R|eBF<369%HIB+^4b~~1@6R&} zjUje7l`dYE$`?zwflNx1^bldjwNbZUmI@OuIYO^yWJnzpxDAQg@3GV@L5N#Vc~ajL9?~K z9+@2vs0PcYN+qP}n_S(y~ZQHhO+k07OpOcfm=`ZQOXXeFBUC*Ry)H}vA4nk}(9Ao4R zl!sk4(|C<%*v_!oUz$aQQs*cEV;{h?^}7YuPPi!PBWN}Y&R=DBJGOMo_q#QLbGH}~ zwyuLH+<@uVuYLAp0|1GbBLqn!o8%SY_F4hwg(PIO%L;xjC~E3%d_7)S=VBdD%KZGn z&yvf0y&|nYW{-NO9X5F9=tG%u@qO=3$``B6{}?N;@?I2F2Wc;o39<^rs{#+-yv$Tg zf-f^kS3$A=4Cm9B9yaUR_s;prSBK;-v44@K?pvq5W^>hmgt9}|fG?MqqTcJ}BdZS5 zP0iz`vf3em1k+K+Pu4?PB+)4gyI^in`d2Tuj?`)IIm;EU^Kj^*c6L*>)%+NB(S9Ud zhqI(RSZAnAZeCH<$n0m5v{H>m&8Ncu`-jVk)uA&r7MRuba_3dh1Tf`R-AM8{VSEwLhR*A0j%29gmUv<{U6X z>`-9Xe*10EEP%JaTtj;p+*07q3W0Frh;F`+dmM%7B3EU+Pr=mgKsa2r6Zjpq8CI9o zz8li;;*8hGdE2-PMjLD!3$Glej^V#Z9E=g(xAA!h8U;f^{0|7&I1K@GeNXQ)oQUqz z&DzuI-jx4RJP&iY5*JNN%dmy}{;jQv7bOq+rn#9aHR}dqy<`6}G*1MYi^@iteH(%1 zHK1t%F!Nwg7dla3XAFo7e-)HlJ z6Tv}OGJ#l~Vp~~0INU!_c|J)HfqQyHN`;AXBN*?+#rg~@*$ZUwfdSfQD;3=TieH`% zCU{m%i#O;rFPoo}g&hnU;^2v7-#*J%slLDU`_K+w#?F68d-0 z$lgM^U;#&u2`sC;t;s+-K2R~Yp$-Y-QwmfMAuhrbr8zI^IXEWDTlgGN#%o6@1h>U! zO%NY#G8ae2T6;x{4I45j&-RWgG|}> zK7X^0ehA2GS2W*&qnWv>L~>|Q2RQC8_(^IVnNwNOcWvV(RE2F$@)>gFF2RnKh|24}Z1&_*aEvU&dl~NJ4-nQ$aLjKgS!o zga0}7Iy!E0o%G1OHO}*dca?~G7JNSAwm*=uaBvi_ThTfsh98M68nehrkC~+1hATNYM3rnI_mEsp_5+D#)Ut}$za)UeeX&8mI|>9_G9h^hlMAT=Lj5IxV?Y zLyJsr;aAMFU{lE<{l8WcRzxNNe5v1h_cn&A&QXiZow9fi$J=Ir7A15fvn6=xAe9q> zm%0mkrm{~hG^h71fdeyaX~{{VGoX5 zJkQgZ)>poU9vmd;<7~pti`jxoTY}bJG69d%jDUrxMfJ^OVienBJO@*EQHos&4{O8c zTAWnuf6-H3t;xt=x+W=N<3)p4Rx;kojrA2uOoD z^2EptRbb(FD(#u7qOc~`C*R&Ez)~8OPT3X{*PLp^g+}_YU z%DBaulB#2N*C0sm6i%kSVkG@_gaAIvY|o773l~zP6rIRdDvA{HZWp{dr3kGVn7r-J zw@k<%&4#fO&frQFX4%a?=V%~HC_a>UkBefosMB3Mm=QSd`zuBaci6;HW0Oq=)@7^= zt&-i*xB*5aG}_{n-vxjpfJA?I7oK$|RDO0_Yj1b!_vYd3`+9Nuaap$IzunW(+0)t8 z@$*pj%D!g5it+5DF36LmLp8V&N@D(|a*}>5sxnXP!XkX`u$;YZBQ|hN2Nr?`|2LXD zvwcvUNp;D1vy^~k)>ugLP+0Pg*!xofqHZW=WgIjL5-QYV2KK8%ive$`X0HxZcuiyh zUuU*Zjf7q;f0&~3q?rytcyrmK1ZfZ zSv4#h5=)?8ih?OLu={|1tB+~PT9E7^rZVkP1tOYLLw9wm(FKQ*toG*+FXdcot&Am< zyW9C5hjG}Os@LGy0qZXUSu*P@hZV9xH&}vKP-$dL0v=#yjUxB0RuOTy9u%AmApb%_ zK8vZ_z2>+wT8mK|A)0{`n^#QHN|p&#bP;CJ=5*8r1R58LCuGL>7tTR;t<|Xf9A>d6 zG+2u&9>(!ec-Xzctks7^lpix?uIq3c9ah~Cz&MxAl)`EN9NYr*E8&lSi3INkh_;-e z%r`xc`n!Q-t(dlBFvo7QKHFJ;mOFY@o~4oMZrrp4jD31?Hwxt8O4;iz%xy=nP$g70 znnH|^o)u(B$@#|gnq9yJ1V(vyMOc=Ao6OdOE-(3489D%(@c5=a@Gpi?15ME^n7TD8?AGP;Ob~p<%O{eJuMp~^>X*Demtc}Qkm=G(M5Cx<_iYedA-(%CG zKpS4<>Wy#FF^1T^#RDR-B)ewWk^Y|PgV4e?haOFR1U!eG z@4YoVAVRxPs|ZQq1VbIuSz;2-lOmhf_*iyajMPzFpvCk@jB0K*Bf=61`tetz&T5_)B!8taSa2?mFvw3=HN1abYXd2gnuNm#635skLR5L+T!T`# zB{fY@owGU#T?3njcpZJKdraq+D#De(W}=q}*e|v+JP!fX5R;=QLpI7$Hcm&Ic;peV z3TU=-Jl-j$W|r$vPi7TpWr`)EBi6cKI&+WD~IzJxIZTagXzs8sLJea#;1d&a_ zq5%r`CX2B2CiP#BkIOt6z3-%dpT`~QzYGq@Pl@Wk3(a}{&+seJdfzd6p3m?|;k6cH z;C?<}F)n|%f&C3q??44vb{odC*aJjxM-XG?KHpFnSPcYdL+SP=M5fenF);OAO<<)K zjieUM*tr+pI_J`x)_gJW^j=R^M{8#^hm`1l`|3W6n2e!VZG^&&Yg>IXAy4Ggr6s`v zeiD>q!L+!OCcCbuf|$H*&kI29<-!TaVKW%`x*#4>CkSqP5yr?v4KfJvM8)?y3cBMT zO>-aS*}zL1dPiO2rV+D0hvL zZwSq}?TGPO0j2y}eMjSI*IBX?#+rbCmvG?9uz02r>EQf#TTXK8UHU|sJm0^QVCQvsA|>Nf4p#M)%8*D*R=4^d1+T!d&8c_HM45( zKGxNF@Hlt#(q7g6rQ5P#^=*j^^j*uVg3JEvP~ElyP1jfDrn&&_i*e2n!Pck$?eXw& zc^DUskXoX~&=ZE5PM~^GxvlT>rd!iG|8pb-s+e1Y7h%=MBnh^+bNM||hc4B6+$#vd ztrRFngp(3d1;-_awHG4#pb<#PA1LR7~Iq zX!G7Qxj2vw>m>)w6UFnaPOuVu8c`vX+lm` zTshSP03RKVYS&Idxe)M}?h{6CQPpJSPsmv0Su{0;iQz7zv^f2gmBZHohlF!eOLZ9W zT@B(tO+-_r7gm5t*@$;(&22|Fn=M_~qWhkuzW0rz-{<@M^Zi`62JPL=A_Xcnq8ww4 zTH!txd(H8WaVTY}jazA^9jq5z6ST{^4U-D+vE&%a3JJw5C?LJ_)Skf^NQ<$~llykj za3PWe?|a)onlDsP;wA-{gx=MAvUq*YbW)?4Ttj&UY>C#)I-=+GFf3v0nhKsUTjqp} z9CZyq(O@WMyq5f{&laYG`YcltN_$gFhu@(Ck)mACXNVhX`R{^!cc;seE2BIWP4d|2#YeK)|^N^B5xFZ8Eq)ArL@&#Kkbv@Lts`a%A= zf3MM^8d#)M*0hV(UWvQ_5Ij!AeXRE0r}(YemJ#LfQ-Z{nyxWdoe2VEh-Ld4B0wu?8 z-|fn?T74eBq^P=3CKWcuR2?;#rEy1?n8R61XsvJ_zXRPFVLoa~cr6MVK#G(1G(PD3 zS2?BG6~iG|?C&`4^G|)%iz;({q|jZxg$m-^0fmbgXrz3Ti8NO1B4Xs@To2WHmg9@s z?Pf365and4S|lNYjm0;f?7NFS4(1{a#8HNSC%wa%O<(_D#8koHk)RYtLhTraBWzg^ zIlL8WNy6P!0!9pIpNH1po`hh^$v|zm8jL?VplEshhx(4uyv{VQ2Ju}rMb*;xZWcyy z+bU?&TeaJ>vKx?fh69OW&bH&UfxY*7uF2kP*449EtScEh$5BjivmKlB0qW34<`$xE zmxeKocx+q`^*@cnoQF|%=DG&NT|G~c0u43NEC%%V*lEcUoNA#6accUJX>iK8=R6rw ziy6`DuS&y^jXZ7G!>l@=k@F%Libx_2Qz(21)Trq8zO-JS8Qkyfv~`wEJu`!oOD1p; zK$3I0-mfFAhh({dJDjMy`D-o+=#uk2I|vGl`J+?A%P2yRj^j)@wKAC0+BmXHqGROd2`pdfl-lei2@pg z9};vhbrS*3HyVN?gdAvL_ip}0XGrN3_QukA3Vq-pbojuJD8t7_fv4e?yKBrix{#WBZ#KUddkyPoXhTrA2Xw3w6FuAk zW0#Hcq>k+h{_Hz}u!=`h-<^(^RMBY?@SRg~>}Cfu8sc#whIE)ADhL|DAjRu6Jb;WE z+(G^kl%gjU#R503pMwJAE@c4op6kZ|{V@^w%=aBiG?x$Z=&s^|HlFri7eQ#!GXnKf zAcf{2W8sVC+}H+bbTEi&BAA$2gav|0-NuvBGZ3!ZtjCQ{TS}s)MA4qpUqt_sGk|I3 zz%V8kY>872s@=^n-WbFv_-hEm7Q+w*aeK3!?AOV9j_IJ;2)S!@Z7$mj^vM9$WE{u{ z9rbCeikAE=mVnk35`;8ZH{W##6`GR=bfZpVdiE>;} zBc`q6MTr|wyPWd)9sTh(7G=%ku3s`@`%NIP$0`BKeJ>*7C zKbbySq)y9pof!G#gTF_AU?`}Ts5Ai-`S%yG9E!Y?ajZEPtWW^NbwZ0Y>8Lt~A90cm zm16}6uMg{Ev0I|leAfm~iU6OUh5#12ZG(|Aq!(>=G16a{_H3ztxkk+w6{-X<%kn%4 z(nW%WgQW@(z3j{-6`-BOG^w|&BD$o2W^$SL zYe7kD4F*0G%`+e-jz#W*(BQ`dO&)&)I99pPd60o)+gq3LqTuF9WN4fIhF4ZAwn)_` zapN;)j#2Hi3>XfAHpI}E74T>X3=9!&E3B|lgjkQ@!x0@!Ur1x~8Z0hZw);KZZoPfn z$Wt`<|K88(*ZK>7|ExXp>wQ1&$k&y1w+8$r!gdyo>FBBUhMUH7<*t<++=?zy5RR5c zgxUmD$jGlq&eJsfv}Klb4ZMHeTD$X0UC*5SL}z+(^`}h- zcNWJ-u2=1}^8~u-GP5sFmyGWs-%)=(i*OyX}IXajjmlyQi4ev=G zl2jyocXya3uQeLyTd10o^Ti{RnQlD{->7iiJ)wb)EknggZjBEk5b<&Iuc*i_JV0}Qk@r9d7CtY1**0#Q^v3D* zuaB^{pJakP=g72BfFB*^5jSXyS-0la7VOoC(+R~kXq3N;0pS<5^sOI$`HkV}&pRS; z>&pXBxShoGhbn)@Kya+bL!-x2-La4uEuinB)W)d@2gEr){1!j_G`hkY^j_1H#qTA= zw}-WJi5A2*EiicafUbO}cWC1dzCfM5)jOhtTM5CviyJt@uQd}Jz;xdC((%P_UjN`Z z0nCoIiA-jW|1&>&fv)HRSI*t3KR7&D^?wL24u<~#RB--V{XftD06_Imcx|<#`n}f8 zYoBC55CS5Qm~-V!oVIRo*kwM;;Wu*QNfp|xvQ$K=Y+wIVUI6>7jqEo^e25@`*}=~5 zv!YOF?9m1fFW2E!O=tGWTE#@Hi!`-v(He9{IS@IOBP(tXp6@?8VpCuBv+%CYy@`&E zUmAG!QBh;~mp2X5o?le_X#A#kU5GiEQ;99PI^JIbM9dGZ~_~wB0;aU{7#mE8(&^5+r0u)Gx51)}Ve07Bc8b2EBHe6J1*F;f=c{B|9lMucEF)(3iMUAa!_Q4$l#F zw{|+FuO8hpNL+ek6wBb#|pmH|OXe$ji@6b75>?>Say@KH7 z@Lz<^*qhZ9ifSAkGg+|G-Ro_lx(_rufvZ|nk!QP2Saau4zEm-3vbpX&vywz}tUFLj30w(nOvhPb@sQ^H`iug4FEFZSKe22KS~A~+>>RRm~ihB%Q7 z3LFR(jS7#2HuhIXGqm?W?E6!L{nkl(P8vh31>HinEaE2 z8%(_k#}Aqtw#B^1MSO3;0cyd6U_<3qNEJS~53Kiylrv8K25lZp$^MuQfqk1g9h#(1*e01MRnVi;^oSez421!>zI`gWV`+!gq=Sgfv?{uH(gU#(tpeP^nd@k z9al!Ir=(`&{|cKDBI~_|dnK{&c0?Gizw7M}>wekSi zn>km{vF<^UG2R2BRZklEj=y>7KZsF>wBTg?$WKvwHu1OW{Zj8W!!9|0Fz(jn^#LYb ze93_pL?GX}i>fv|?_xqTK(;|(=H-G|o1A@GOsX=vCnF{>+GRW|vvds8?A>swkuzJKwyx3POSxUK zzpPy!1LWqv1vkjSX9>O^ro}aKtH77P;Myv9-N|i4Ra9%n_!od&Ix=dfxsAbM6!XRl+#4X2WdYciQ{Oix#5h( zlRuBcjuGKDwy0=Bpvn`-v|yR6C)D;-4;LvDaP6CjID%)1U#cnx9m zF%cj;uFG=Ucu3)(*}xhuAyK{!){sgRW>g#;P7Y@rw-KXzSOiFB;D+xUsK4ey7{}~^ zAhX2!N5kD6}PbLyD} zOcXfy6=JD3%h&{pU{piPHj0-JkB<0rux@qCvG#qEC(&|e%QZ{Z7esu-`a*;5S8@TJ z-7J-Wz)91ln(hI3m1;%?v=XWQPk&jZMxfrFpp!%Sox+@44{^UXQ+F100&+y9Z_TcM?+nTV$Te32c~hkZNdY>45X__I-b|3^LTSU2I&{S9+IGU5rqa{?>zO!6liRHYR(3!Chh0LSI<%xXw5?hng zci9C8pdPuS3(1_27%CM_7)j+{zS5U))tGGITUjkwbg{j!8 zfg2lAHg*2@B^iinZ*(>}nFv%epyW_^mH}z#&*4O9mPA#YBLnS*Bl_gqLF6ZbG{3C= z7j0Ske{CF#e=WCyG1`TxKpu?!&wLa)I#mn{Y>I8%2kccXsFcVXK%%g7+$dN2)$g@hmSS!Y$9RW_VSlTEmu}X2a3AE!Log#z%(lU)DmyGdp$`MgYajZ} z#0(SxM8)_w77`y1hCi_hn`;2D0<|7_2|tcXOjEXP?<1WM6o1MtRsP~5K(6mPoz zI{M{2*$CbWk%1F}JXv=ww4R$Y5urwFhy!!{26vRBNt(N!+ek2EA%936&2<>1^x9E0sc_el+b zA^&Nv!yIa}qW?!SjSKcxMZV14@I%b9dNqmCL zC^C@ZLb{CU{U-{s(%Efq78q&O!l1b| zF&mUvXTIh00CXulLrN1+2?O)@E`=!>Dkt&2j$pe4;E*s`Ty;VbcT}ZtfEk<}&}=Hm zDHq`v17Miu&arF9jke8K@dwEiDD)ZzBY>5p!Vd-p2{G$lks*T1l?MzAU^%Bu zqi8f2gdhs*nMCKn`F(06bid#Z@wKZ-XWj1!d^uX$Vp=moz5wCO)scEIx^+g4uDR}JYxUMB;nY#P1w?S|IQ>&6#7 zFDlg9e;xY&qws^7jrISBq0Q2MOYG%eN;%-WesR!@6DK#?D3C>csn{};<2<|-fg-W7 zy+lH_`0!)zuFK3LA~wek8aOxl>2#)R54$5eE40hQ^I_(BM4i4_k3)_C<>z-)s zLANF1YyAQFUrHIBpI*PN+dvbCeWbxsU0n}_eowV5tMT;bRo1T(>Xx5cEw}5dS?S() z1t*GFzKe(HAu8!WXPaz<+E8vK?zu%pRUCZP%I?vw~ zopaj1%>g%OI9mI|s_%XXW7F#4;BX9Dz1Boqd>}?=44U;8YUL0D+C1sbn}}j>!S9?9 z_1=Ts$%o$vh(f$0MjT#VYE2YuCF3Si+-CT4-9BM8xr7EMcc&$0Z*N}9`B zS2cCNcpClud{!X(6EgbF=4u0a1u)5clz0LIq+`*nhk_G93tWHz+BRH72rkXlARjZ_ zxLHY;320kI8MfOfmNNT--{>med5HeQDs%z`;G0K*E}wX)(Tl6S*sOi(-un*$s*~%V zp--`E6)FcEB)848dCVr`_V6Wfg&4|GI0 zZr9E{;*}6zfDUk|^}HntpkUMx-pBwREf9Q6HfPpD_HhTTRoXZuyBE_P2x@-9o+x8$ z(lAgguJEv8VYfs%m=nPWxWmu6lsT`ECeb$QM>Pxzinup%3~POQc%qumWNvpJTa0Mm zu+i^E(@cN?FsGw;xohl971^h)3kG2>dPf(7ULd&(2A$p8Nf^sk<9o|gRB#k@EC=Re zwz+(T@gL&^HSb(exFwqqEe$+q!46v{mBYPz{e>Js0;!|y4G|XQz`Jr28XU`9{ODAe z$ORP!w)NcyoXy#R(D}^mRMnB_te`D&`c?crKabZhO86<-HrF9rZ;D1FR&L~}m-&K{ zYRC_Z#tFCgQJk*SKoI}6Y^sZ3>lGqz*rf0|k&Da*Tg>!pS*qdgMZNCr+{-^TII)?T z7$Hy8c{OBkQOiykVyRg)4?LFik-?2esW`$~?o2U-aW@SBEkp>cPV;eT;mx*FA7TO% zjLN0NAdRH!!eYK}2Nze*;5vPNzh4ut%n|zhzU<;)i<%5fAp09rukGk#ZuD?`eBR=- zNnq8}^BG2>(LV0S8R$rJv#8TgJme}5!C0ld;_s2~(~Y?DY&PLP0YN+mPQrx|H3qHH z+JX-t0mE`G2to{Z)d+*=`$&Ol1_8AizB~$f6n{oTfW5`x&@}}MFG$Z0_n!|1_`JuH z7vvUw{w84o1-|ZqT)EpL6vWZ%_vrSC0{zziyi9DF+vh%=xo{@X+0*FeN}&6xp*HUJ z3pyPW*agwQfJQrOrQP)A!~y={9>bQ0d3g_A*vx{C-eb2TtbxTk7Iq3$l;Tj7`Xbm> zBM^Q|M13D$s^6iYzKRP|qr$)d-EL&m^A36sfH_Z#l@&9xhG2k$YnHMR2>7NEB`!EL z1@pNwNtC5`>33^5vWZ`D=kY{{tel)#;3Dt8g36)P?>M6OYzl}WjkWNc32|Gee+{o( z7j_w21v2Z@bX^K`OB}yc)C4XtFD!w`&Skh}!#(p>M5sgMT zH<2WZq7%FhTJnO$s}P!FL-OhjVU`QP%XyP=rbdv2t%x*drhZ;CQIpTY+VBWQLvguOd`CHl z8oTtT%5y3z0qq~!NQOF{Q=&@yBBaCA9p-C*+vIBq63o*W05G=Q&E2@ltXh2M6&@Ie zRoAl1f(`332{kZTqUPD&zF_4P%(@xUBo@tUs8Zuv8Y-aLz-U1VeD&0_f40dbD-t&~ z6IS|#t;l%c1%JfK${cXi?sw$FhbAIF?_90P*uadkPSnz#q}&SeHa4l`zMC*fgOgTWu;U;!(X2=l@gLB%y+K1EFaSkE~%@f#3c(ZsUpd3QUTF%%3EVGLWR(C`Z zPHLd&AruVB8$#R;Wnza4$4Vden9ly&+J0o&2+~}Ce+#SjC0-`#e_2go)TkiwsXub@ zF+X{U8IE2s^@R~^P80&2xDsNqyvPdz=(r)(OF8+x=}~#sP*5Ts2;C}t7@30x25Uf! zd@oaR63d-m!QwY`yp6n<(6GzsI(|Y2bXPt`0>LLu?DljWZJa5nH&B9~fi?RbHZU+# zTgFX!%-VxwdyNy}0%a8Q4(|n&xG?JCG9elLCJFVadxDwTMr3Akqp-4>&hj$FeI|&o z=@<-n8LWNe%ztSi3+56`2@*=;1l@L_&N;2o$Ps{_A;E<+8(*m)q7n9U zMA&n~x(D(|3B-s3Tx18f6yW2X;4FSuMHp`~M)ol16;_d%=|LM>99>>Pn+eZ<0wN5z z$J*BU={*i?CS~);jv%g3-gQ=HL$fE^1`0jGSo0ct=^;WL=C6tr?niLekQ44%i16Gt zA4}yrh(d))b}evcla6Jn*CdU2&4LuH17^IW6X4g*8GJ!;+jkR?22K3UaW*>PVA})# zlugT<^cb>KX9GT_*%*X-Lisey%aQ;BM@bVSJ?kJ?w(p>>1bVk3#8h!#$QWl9%!Vm} z+sKXmQDJcs6&1GkC{th-txQdms1>3^9NH|C^MRC0kP|8!!|Ro(YCW(_LWFJ2S~f3l zspo=8H?#mU6M9@pZF2+DtXiGtccg=zY9bgP4m(IBy{;zX8V9ujTk+0+Dkcv@P!km+ zX*vz)bYxdY7g=(yJo<9D93aZk%t`aQ(V?f_AviC6&2RXIUN)V1l{OOZKpHk>A;p@rkG;|^`IgaP$kM>|jay!e zYi*J0V`$|uS3FC$swLz@VQw#qP`P>Im!(Z^a zS`H3Pq@w)jw81sRO1+6xPa}%_uswc|6c39voHfiOQ7a8(tAG>OY|V5n9F zPq}?hWI@~VKUFCcnEB)*hPF=@H6(GX<(7TKY-NkrO+WU&?=K+A+xe1L_w? z$84+X8n>Y~V=FouFKs1@M{8m%0-j^7Svk@Pk&yeilBJ-g2r1Te8WcU#*3aHba& z?Tis;p1uof6b5}7(+FM(5!7a7tK*xuqj5E$!$ExwRP4-zcQ$Y zRf^W&#M9`rk!SdZz!x_DdX~c(i#Bdp*ZblCzPL7>>8s)B#NXm5O zpu(GqHh3vx&6q4;ddUwUD0WVA*o&V8g>mW)*l=q`V?be7AaEkQptaO>e~XjhNdB9w z9<(yT7I3tu%J)NygzRJoBUE|=U@!hh2&ZuKSQ=9fi7H5dXa1S{6Hl}$(fA2)5p6A~ z%rz?6GS)f)Ek%JR3Mu^w2q%dqm#Xp##;C-(Cx;o;WHfcIN}&RTjw#b1XhcB&Es{MHSLJeId?U-l*~qzV>#&r zS+W--&RCJ@s$v?q48Jnk7bpE)oWRdlZE1TWM&6{`fSmyWcf+BUtiUGT+iPc%uPV`> zEC~ifhXm-{>7UmI1^T+KpG}>p4~>U~g0*ZRZR?d266Rcz4H3=>wp+tHtVex!uF5ZE zlZIJA_=IALq^jT7&e(HQ+1D9>pQE9dpG=In%J(QGZjgzvBsnpD9zJeDeqQW^u{b?^ z8a95)r{8*Oejt zD)F>Ga=v-qKG< zMhYJhNO#B#)cs?cepyMDB{wV4%PWFHc(8u<_P>D41bw!xL-uZh`&q6T%IfLYeS-9_ zKY;`J&Iu()wQy!_pxuCeJKX3`OlL-=`Ukq>DygT>Yl8YI$A$5VBgn`f4hrhXLw%|H zmB&XS*LOsjF|%{DV!DS*`4ta8*c-JJ@}uz+Y1HSm$J&we*aGi)fgc_MEe@AnJuL%B zx{94<3qxiaHx_&Ub}9q(U_OhhR-YzsgzwaAK1y13rqbZ@j={U#@F`~ZnY5gpr<2+s z(JqrknsAtj_>HQQcvn!u&VQC0MT?0c=YQ$3q3?fWPd*Ite830c*VRdt{X~L$w3P~M zo@5*pxDQ$n8fqQra{z?+WpxiuzZkt}kKXEg#xxE(gGg08>}7}w$_K{uHJ3j%>WY5S zmUkCb>Xl#~kB^wCZ)QNTr7CF5KFO9F>LVf^g+1x=BGkmL7Sz7DLBH!1$LC503$ir_ z9%ir}a>pEJW#qwIp$JESUCo3*w z0)Ql|iztH%jTru8DKe9Sv_iq2f@t1o8hebZ{1@;V=glJq1=hp;cA5k+M@Lt^!rm2M zz)AOar9d*ZR2s6+?^QNLZYK`=lWw;7F3$ryb7tC4{A_0{&3q&Xrc-DHs z<0^+?hd2|l^(O85tHPG=D_a$Uf78vw)B}^I6W!|enU|ufT$H3Fz8yg5<9%vQ%~g>w zozf88e3Dgh(D7(K*%{yF&!+3_t?I5Qm@9gD^U?OL5>Z6e+|VY>;c` zm(+A%(IPc6vK&sP?^24rtN{|WG><@`X;MfAVap1tN`&VHR1Dw0hfvru=n&?ndW1q^=vELz4- zCu{-$kDvFKNI=i)`QHFKrE;LL>*{+#-ZOPYU5<-pJ6m$a2nKFLfoZ;RRgw}+$#%Q|k0?eX&m%AXrMLN#i+$(@71HpxJn zM7C*Q2UXJ0fwnd+f~F%ed*sT;%+~ncKj!+pF14@Pq?=`?#`4mwCDpRkM;Fh%weVr8lOr{3 zls_W{Wh$-;VKwb}fCa?Qu{qRJ=!m_PrSs(3kYGrl=EvjnX{D)6-Cr-XKUD+36B0*6 zkZN(n&HwopzJUVZ=Sc{JY7PzFZp9Cg6!R-JI;(20c36Uh5dqRMln8-})N*&1`_QU` zUEAcZpE@3{2wn7M^WU0EZlJ(qC{m?|#-D(}2eTOt2@j3OHdPdQZIqL)Ge@3${8B@N zD4cfZV|UxG1<{5Lwkm{r)Mn#h$80b~q<2_(Gl$VYnPt*HSzTZ!m9Na@%&6rI-+PK% zyoF)GwpUW_X37^m8HC7UR0thd3!2qMBydLa!(1@II1!!puFPdk3=&J{MCkCXU3)k# zTYT-#j)$|9Ov#)WfBt&h#;&wBxuRCDHcY0;t6QU<_F$e*wt54ts78|gN;FNT7mgUV zURwced>62IE4#AX%ojV{>q!)}`4eS{Z(*c|H9rs^E}g>}S-P&Y$ehm-mum}4K@l^g zkzi6!IPZelB?Q!2##6t@qlk#@qV1&9V2aNs?f?wuCnN#+wYlz~pv@(mwjS|%YX>Ur z)Qj%8baJ=)$saHtQ8EaP^DZV>4cK1GM&v>AE79|Z-ds~8co=>kn zU_u*|deN)c00JzCmM}&L=;PUF9#ZJsJ_ibjK!Oqbt=sN|Csf1nPCyNHI!OgDG&H*O zhTShs04?Q$>Z0-vL{Y+dtS_Cb*)wMP#nEs?NVVo_9=%kT7sIG)Bs7Gjphyo6j8WaV_pAE3rQ+OmuC0W#9PH0gQ zOs#hf;+!JDQGT6EIWf{}h1?vFXJ%%!7c_Ntl3%ihB@fa`N59c zQWK34JO+$IOi2u%LT6`(@cQ`3M2m$@H_+ByI8?3{xUV6!0OfH*W(oJVWg@+(`S3zW4TYZ~5|+1wcN_APR(x}8V$az{>0G)KrP=ShhaADx zlQj?eeTv%X;5r}V8;ON?p-;f3@Gz!cj2&Zi4`Z*Z(@YB8NbPhKhi9G|AWQ%jC81pR z$lLe@ymVCFDqKUhb?H1sR0Bjn!2;W_$QzT(FjaW}iwfEPb~-lmT(!q`t~>YB z^nS8&*W?PLmhDRzq%x;iN1V~28Gk^DuK#Ia;lRhg7)FK}U5eTK#%@=! zVGKVm{tY#`U@v$|F!`EC4nSNs4y^SvWts^Cy?7&4@k3YG_W7z`rboo*-n?X-cTBN< ztJCNX2cZ~g1oCqNoM-ZV$?rJ)HgTl(ADF$r!RjqO^BnQi6Z zM}(~)T9ob#RB19j1Lf(g1^Db2umiH0hSyF<>Oh}37d95wyho8wy|T|_Kt1a=6_~(Y}>YN+cwTV$vL0i zCwWh&JL&Fp`a`9YuKTL0>qjh{Msx>C*6B~KL7wxBh#6hSnL^at99+%hqmsebzKv>v z#s$viuDjHN@%YjzwNIAAYvHDFb}(+)JFmOai2Hjv>{Yq8pKrQhGtXv<$^pcY8S+)Q zZ~sV{fF`H=-EzPP!9$)C4p^~Wauffnjzm&-`Q%Mc9h7DvOvJL~z4=hrF6T!gh;v#= zk6Cy-A8V(a7flCiT*#2JN7m3C9y0jZr&N2#`89H$5!)3a-((#-ytdcQ`kkHDPYc9S z>!EL6h~gS0xW}{#R*l`r1&;5pr2hEcccd=>n|o3Zu9tf?rGKaw#XJaJ+llbEQCPCa zdAja+VJb24?`v#*&I-FanMLP-g3={%lpA;-!!h78$GS_y;^gd}It1bcjs5P+!#gUn z!N8CVmE01-&(@x*i8fo1MLJ7fD=T*lj#yA)-<*^OMhUsC#3cDA(h+pqn&jo{T{WLS z(F|^P1X{HpkZQQ}w*-O~jIh{jgNeLIhOG*_0*2X!%5Zy%<$=6Y7?tb8wAa_B7Fl4Lg{2t>{hLm}&B***`f8QWEyvX=kom zf%2tr#nG7FUr9$|{M~PG;4-#29h{CSBNN`Zz?n!`EC{Q2&w*in&2vuIa0~H-MXL|iw(#=Xh4)jkC6A&gjqUN zXs`GrSMzZt4D>KYzm6N17A^Xz(u-D0$ab7m)iBnrmc%N-z65u(^+h1pAT|f%jrtdF zzl<$Br;!+;Fhtw??cbY}i#mV%uDX4WYSyg5V1q^{R>qsh40YBVb+>jzfha9Uok6WkqkR zBe(~MXwlxDuC5tvC|e?5AVequG(U`(qnmd7{+la{%zIm*d)+-~p($1X2Zimu$@I;0 zq?{$;>*gXCK(oD;fNPGZOYeiA}E5=wsB+K*erYut=} z)E8HrNJ)d|ho^aAy_9jimc(fg+}s!x;_$R_bv;GyvyS6iC&R)J5%HhDa19) z_487{BP+~(^8z;Do!&<^qLi7O;Z-ue|fFbKAg zKdf$P|GQh<(35~qn<>QWKvJelKeF$kcWO%u&HhpFny?^|%m3j8#NO zlJWX4tJym08Kd)=Muk?7H5Ld0aGkF>~C0%$Grc>(Bb+o3>{`hrvLB8 zmL<&#y90KV|1flRs0oZx3QJd>l@uDlpA%$N*zLS`C%H>f3Y#~$5$}mIKb!3HWNp43emjwY zs5kK}EpJ)T<*$AzAcW-;zv}`Ji-_Nww4jf_&4&!VH95-3o~INJ&ofVXRLdJ#4%#SM zPilPEKJA~(oSrt&A!E`9Btg%_XdUYhmP+)~lR$qU!#sRZco01o=MoIzcIMyQpK55# zDh=Cf_&7y3xBO*3A@PW(9fwl}292|MgwVV;F7>FBW`HtLqk!C#AvMmb1Mik>W%1 z=AXZ=tmhfjb?3@;XqTIn3qU&U?e zV%y~_I#qTlz5#kpHnJ#4QsK8ZTwPLe=YGQ*rGw3WR*SIJwh$GK*R7{#NwZ_gAr||J z9r&I+mx(NXD{0tf<3Di>GbUD?V=Ao2Gm@&wjiU<<>Gi>l*lMA5m`+S$mD28Ga<5|P zT;ouMH+P)h#=?RL@gH)7pbC`U$gL#3&y<`2FD%$X|7G=uEXw-PiEU&@K4PPk+OHmS;k zkk$N#jY`X7*FREBv>4+C9EzOPYd(Rb$Um``eM{@RODhm)$c+zH16e~}{V38ZFSh`_| zFWv<2vRdXK0ON5R@j!Cqv}k?wyKxleq~n(D$uaMRIIuznmDPYWv-XhKu9x@BJoDj! zCPuLHJ{A%L8OXRBI-_LM9Z%ARm;CM#`(?0pvJIS&eFrSN=24; zoKUihgiMaY4n(m)&MZQOj_@GfW7Gh|;|hn25uGscFc5&69+AjKzzjNu8RW*azbI*} zpcV9xR{lMSdaZEEiQ|gnQHC)tYAk*!FCb4ko|x)|l}kb`0S3&M`1LA2ky6D=f8au8 zp-EUf3sEH%B6*_5NZuV?Xvb?)Y$h>#BcFTIQz^5$P@Nr;p2-|fOk@zq00WE1zA?yt zPl)|zZ(vXvI_&YbRjVDHIRZYWNLES#j{zQeV^TrVW($sUuX+G_eah+Hr5u<8evk!- z4!;oC)xSJeb4bM+<+IR7)c87ESQwXE6M#Fq2SbFkMTo~BCrbPw#B zm8ftUs^0!8XV#(dH%b(lWAHWWF7%W#4GU2w^ovFI4n%HF2Nt4+NLqv_e%^9Mdn3f+ zz^xktJ#JL|Rg0smjJQ@NhW1NQwnE`VJV>_SLxGKCww0-+N->6opQ}L~l)YRE!qDZ> z2Q7q_){dA*q{#K)_bt#&7e_&gaL#2hXBG!xu8!>-Sa`1ElKD z48#&49D~2ra&@a*AWQFfCm}*{FV1fq=z%DS0NulV`$4Eems(*zgs?q45>YJuartb^ z2NqVWfWiG*bge^NRh{s8LY#p;A`P8_N_Tun3ld-Y)zY|D5}bVrYpVHw<^1AQVm~V? zd3w!A5^+^I^RwMIWS`Jb|5&_f_g=TCSWliO+~2N1I`zc!5ivZ*k`*{bU2fNKe91m@ z$>b{^`=#w32rO|T<&5&XiZBQ&+1KIH$6N4S{SIeu%xK(OA&)2!VR8bYG<0+$d!Fo= zKT8w4HfXl!Evh~J>U=(ZeJ!p3R7L+fq;-JLG|eOyy!;1i(D-e?8t4qvEGyE&lvz-T zB7p-K!l3iw2KJ(|*ZF7^J#IS!1OH&@3u`=D(BDF=07bi|{uarqjBEE+21>|MkD38X z26f8Ha<6mGd6|V(D&5AvKk3J2F=neNVh|pvgYUMpU7gK~semygFMzc47YOy{*6hM> zc5POE1|))%9x<)@q8F~wZS&xukGS+14c4`D!jSQ5|$SP&elV*l9xM=94thF0M2HhX{Ij`-5_{Zn$C-ZY?rWI%prwEe%%C z>nu&iXTgz~i}n8^ zt^arFvg<$6W$WF4q{|BUK^Q7UhCIsJHl1t7HoW;u47zw8T9b&_rO`zB#0FVEA9GHT zbHl4`cKCNw+5aRA+blYD@2w~m1l4+*dVGH9U=@qfBm!Dn*Xq8sykv*eY7r}@r_ z{FOU@KJBYE0Jd4S4NnIqU)9`xwAMI1Hjz$6mY+&?-gV!d3I6(Q6k8~-VNRN-=B&Oo zGys=q20neyzT=jS-0JS0uJAeU-atH}|h#XcE z-!HBT#0`aTa5D_ep0&`6KPRh7%U=))yV8{}n$x@bVwBsR-oOINTK?WliGMY0e85XW zML*eSpOe^V2ZcKMwLE}pd2^_J7F~AcbbcG;jVgim>ZTT`2+Uz!%HbSrHS6_VX*krg8lPe&Yl zhjj$4ktHs)Hs6vwIo2b}t}oFiMup(<8MQw0fS3 z|9m1pG|lrFfTWtoQtI6WgZM&b$h|6utm(5K zSJqtgRN(a2DKNR$aqGN3i7xyTD|q!% zT>NT+n!UkQDud)Mi55M%`NMAJ+m&GCbB!pg{mo-+ioNzuuxYpJobye-=bVI9v3oKq;8Yw(98`P+M$j|J3X zvJMjyo7X&o3lS6NN)PIf*bZl^(>H1gM=a9nId*aKGYaQkn4X%u18osr7(B}f z$Gq@!|0`ksQk#8*+R$x&umkYwGI_81-s0S;Zz_wC`8TbS(H1Flz?KtNJHdkWwyCL7 zQ3=%)I8s;5q=eBauevW}ac(c2Cc66`%?Pt)UNq1nLkg$rmC3f59xt9Rnq9PM6acQD zVL3Sd;Ny4B<`3ocT~KW}K|`SlL7rpD-2)z|qZ4pP3LautxQYklhK&$UeJgq>(a>Ck zX#p&QE{^d~3f!<;h5HU}$cP$eI%Tp+05m7KM`Ao4qoD}=-KdC$JMw}}Ron(OBfp=N z^9ulIISe&L@i1g`8W0rPN~^s18|MsWXmG}uXX$%IS2qqBMmA4TC*>jBN;!9~lZIyZ zkAQuNLh1hY6T%O~@ln6LHi(@55?&<_b2x$mk`UqPpdvToEFXVIjbR>7wQ+A) z;E|XXky31t5@p9!4#MAm<<(QMki&wwA0Q*c&GHzmXB(3?$){E0X$3=@OGgnbsZI$$t6SGXPzz|Bv^pEH)mpz? z?J^T%s`1Re2)Qcr4HamA*>w3`eIEj`qBZcG$41$Qf!B$O}E*he-%|)X+w}uY(Y7e&laV61E18Y1{HdlyyI#sp5XmcC&4R^4i{} z*>0EY-VJl*qbLcw)3X@Wn^uX*DT^80r^0|_S&bQP`q&TWo-qeINPn>wikS%{v0G$O ze}>2|!@PzXTD#NEAlp|w8-nl!`KsegMNK#{=us+%fZ>soLwWHjD=m>p3$fguEGGNO z;SHceKXe05o8QU&OK)5uD*z`5PXND{KlKL>1f{uPy`3=mB1=DBWYIfYd%=j@=v@U% zv9+dY*QT0k7;edD6u@4&c=C-_@vOG6y^75kiwOZ<0T*A%87tR<$Bp<>v`5>U`p>|j zp9evcV*+Qk+@vi+CMgAlY-p?m|M1L6ts=q5l3C4KkYikg}bz7@wI=`D2q zc8|9PtTgy8djvNU-qeo$pP6!C%iOl0_J#WazRYTR)v!cnx=_lhF&#*O!p!};62pks z!lnPZ!kdF6G5gmfIjTlWcbV>x6#f|4&kY$62B?mq>FnG>vw_ zhT4MrOm(0S7*?<1MtKEb@4U;3O3~_?SHXz)6?DO1hbtnC)sXUcv;Y2{XOUz^!-kC| zhwJ22b>*-Mu`+tlU8ei!w6K>!3}b5CEt36++j3kWQH}le;RGNV`jsHC8u)fd?6epv zx!TuvGZta_$T_mHN`b90K4Wj;>??@KE~Y4_1UV|HI1JrIO-?VPsD~MwA4{Iuu0)|bfH>;&Z-c?T5ACXX zTiF$<=Tyg-rX3eliN~a#n_$WS6Ypa~oA$v%sw?QyH3c80&oM-LquS|ZN;_24PDL9(g zWmqtRrNp?I^sg-f$&@XGb%00v(ZRb*qNIN8@xs&3PHxPo8*zRU6yulo*(4VChPf;x z#e6vyX)a zw@Q3>RQR&AsIdI;AJ|;-3E$FiGy%Jzl zIIe%#8!&Ckog~LcM)PEzFTd_e8&edK;KaVq@*iMZ+nmJzmeKzg0w*)e|5X49|M!eO zMuAU$fDvu;i)PzGdU16o_E!y^LK##9qMd4(@TSt3tkit(&PYTSa2eK487jAS4%^qH?wcErp=`W^4%>+keuS=l=la}O*W z_?H>;o3Rs&O={ZLUl@*zo=~jjtsw?3sp{3?n$a!_ebHi35EHq)HgpXBSd%Vf1u`G- zKpOS_nN#jScGG?+yTg!h=`8481Z4!Rtz3k{=L+3wilK zx1&XA%l3IbvIWnKM36{^OUaj0shtJJ_~w^WYAWm#egUBxOEM#+>sEC3dW`xA>o|J0TB(vBZePl%KuMibOW7r1OR{5eKVK#tN*lCP zfKWNM9#@>(M!<=O)~FKgF3qt{sizO-lmQsME=!J@M=aZ`=*xTOh=dZc8r2*IBZ7V> zY*ymEN3zjA8dYIiyWrjNs1Zm01U;$ixL$81_<%yeiwrqg-Fn-9(Hq#EJHLnU(n;4*oye|Ng;Fwwo&G%*}(tkV@D?BYE4qwd`JBPwz6e^7PSJ z*twsaJaMsFGXXr19*Yd$jxE>10z^g zSCM=B|4mHGBg6x(1OMvNQueQd6ht`v^RKpyXab>t{RI(8NMY`2OhQqMV_|M<30Vk{ z74Cn@hetO>m+kkqTljMXWdPy$DF%8Q1qpO|4cF)d66W%Lq>>IyXk%go@90$D42HFq z0aA#4hy`>{$Wc3sA_!g&iUmp+{bv%0uwjROQDrb$6$oV<#wwC}5e~>jIA%bQySVsgm(J1zQlSYbkbr~-7J^X>9n;Gz{y?AsMNv^TDGxLp zW~?F-*#F!a2$~IDmD|6QTH{swAqwpkR&acJasD)|EjztDzC1M_i{+rk3Md`8dN)0_ zC;eNU8*SGF$gdtaE0Zhmj~^tEf+i==#sedBds`b*`ahBmi$C5J_N7g!AGktOE!YW= zVw_VeITtJIEd!xcDYk;1!ft9xB4y79}|eJt-X-u@rnAx_5o> zlAkRP2y?fSoifTO=!o%%FT^Vb&s287lAW#hqcOBiBWYX;2>Vh$s6TyQ5D&m%&fjj+ zyUmhbDDX(=ekN$SWSvM7hIBLNLj zZwwnh@}WP9oUkM%JISW#=%&EUzf)azGg#_bfFGRL9bFwj;y+UZ2=b`L1f&qa!dp4H zzolfa^{Gev%wKBEpn`hOPS@Svu-d*}R&mzaI6c0Xu73U$Lc4F$0kQ$#d&sXdQXBqa zyVF|hUp=nZEARUFA)=-pK-rfvKp3|JVA}&muEoTJ+S-hE6tDUuL{`wY@hqcrL3cmb zUe-MES%8%vg>=pJjBjeD-o>FD#i{A}K5$C1_n9LD@2L`5AG=9BjLNEV}gc#J>k$E_%Z~qrZW=C-Ok^ zeR_8Gdjm+7pAw#*uG!J$`Qd{f+OHZ_oL>DhfRV@$z^~mQxNWjx!IvE; zNCT5vP_7_ZplAAN{+@Q2A8U5bRp4mh9?>5`JfPou0^z8=l=qMhz*u5GgtkBht3AjR zEdGl7h(^GSQr|+AK)=fbpz!365kW?hzJhx14!;TQdEfqXYi}n!3c9!S6*Ay}>PKkT zo!Sox*I)4o5#(d>lVcxZgylV`m;2z~lQV}q;qaG3VBSWbnp2Zt#Rl(~VCq1xc2Kt9 z2RDZA*1+k7YXqYp&vs^SBmPgA&R-J)HAjS)BRzQjY3V=UeaW=nNMLD8{R7(|7B4F> zwUhS@P}9rr3{Y|_#|%)%#vhQ(K@A@Vk-z>}LE>-pJnlLR`Q-=22>twpXlVH2N6Ert9o{}0{kjIq$&3g5@ayTQAY+~-5eIft5qE0`uI z8?9^~L$M!S0*j+-qw|U(Nbc990oUt|{?6k!3D8@v^#y~qp<#RnCLa$Ci+>I}ulQu; z#m8woRd!m(%y83gmhA9qava-UCHm?>a%n4^Cm%>_Fn`M&6s7bk z3=MO;+JXVv1Jfmz$|>mZ2+<^szjQ_4Qjf8XHF^u{a-R}n*A5XzGT5Pn{l17lK^4no zJbZHWzLu@^hY-mB=1~=LA}iWJFJIoeyeomYKe^n<0rGf$hdA!{JW=GB)+D>5o*Rjg zLDqcMF&474h$%Y?N_y;-X*x8is|)Kk4vgiTvFZ?_%K8ini!p!7cAmHOR|1PBc*6iM z)iz{}r>Iu{x?eRon6N+YB9$hV!&YHrU&3*>eD}#q|4^l7Smt>t_6%u(=m5e zSlUFg-*Hq)n%%@7C-h>(`=hUTl;^9o@7euneuM4wZW_m>oTwIp{sX8Yw<1`R%QoEXLo zdocO+KaeSjlK$-P$NXk3ewYJLsZL3-Cg7e7!K+MuNm=&lA3*BaN<%Pa(;wIQwN{Qg zI1gy94`}bq&*$ii&ZQ_=Fzr;rb!RP0Vzbb7ADZ7NDg1J5%LA2$VW;%`<6D$+A|?5u z{GE6u%u434a`8=*3PQg#jP)M*Mf`u5kxHc2d%W4{c6UXNvv!a9hk1`;G3 zsX_{?g-=@{WCWX}jsSHV##a{Q%0cu!zPj+mM(4}uks=Hcp zKs^q@>oweMlht90|L|AB#={{Z5$ZpMBYooG?-uRL&{uu#%Bb~JV9{<{%Vg>wC@xBv zuGWtZ5Ejn1xX81JT)*Y1(V)LLnl`Jectnu~Mlrcq_oPij5ei+`g^Bt_Z1ZrYvYg&7r2PSb!udOx=o}oApGB`-=>n7dzH+X>0lKF;9Y2fyxevy7 zz`JQodVn4M$*oX>a9uaU(h-lUpAhNy6nln7B(Oa0JO{U_OdTptuRmYT$m~8TsCq9< z{9822!X*?@*H||Tr*S^MZ_Kx&+i_2o|7};<{;8VkV+o*;y|rvCLSic<+bm!n&t@W* zIYUQ9CF#Ol#h($>sF1=MQ*p%QO3p zS;pwpJ-i#=AhAk|hhnMU7Yp`Kd--zM@n@Oo{#Bi{ka~*T{csbH4}E*v;xB32MpbSV zNBPt~C03^ZcDilABL-_gHfo=)x9rqGRy%~byvHPCBLr}FJAxksQ}WxXMnew-k*J?u zD(gvE5y5$_ry^XG&9SS*_9+u~AKW(QmR5byXbWbhenQ*0KbB12Hg%dMbVE(oUB-l& z)%vT<9PtKvf&r2qpEGZrK|}E^mHD#{qDv@}JF$0VBUU_WLPh<-bbbnNr?a9btRJR3 z2g2C#WoGpIu;FYP8~fKKdcR}-+#t&qzJy7frGuxEYryX*CX&Oc?(WG!-zQLE!8Wrd zX`mljmST4t~e*QaN!*B3Ngt_Ipx%G!zJh z1kdS8sBgMwz(+ohaj5r6xKcDU%WPYqlinr9i|7tJ#Q;F?7manSY3aDddxJiu>EWI9 z)8QKMH`>3>x61KuUqPk#bmKo&uxPn9NRk5$~9aVH`+1rjDV*fa4`v zxL7qcf;XA!vzL8sjtN8ndb=_UcwkI&n|N;dLH&&h>HMJ=3Ad2jE6D-pEwX81{C zPTYlf_x1LV?uw@0)V0(|opE=hghEum>3?xmMK#ljG;~}v>pYw3%VDtGdxyq&EM>&1|Cs8}I#x9Ov;Q5rJXpELfm51cD5$|7%R5fjKS0uUT4z>5 z3Je7E?Ic4#so(T0m;r3MXZ5MoJ{si)#I%FOV97r((?%7sVXh*0oFVhXOSKd$AJpv< z^u(6Aq?%xK>ahdDEdTz(Vq28r5hT=kC&6_&7(H+jaQbQ|Z^&*Od`q|7wlw>VlcppL ztj^bgn7sx~Ta;gE;&vXeQ}p&s;dx=}zZ80^tcc07%Z;bL_ojsJ<;!sSYcFoh0=Zp2 z231d$s4JYV;Ch#+T=E`8f z>d>;PD=f?3T6X(<_;6u-kr4)M2lsIM=rQL)wMXtUVERpiSh8?5e@&@V zCyL8$wQW3yvQ;`)xX{_xMtM@v^u?ZVAblX-NS-Ad`zH2j`|J)6oNDZJ7);!8xuUFQ zets%2|4v+ktREN`yc-*-Q)hInv13(3@S57BMD9_ULBm*2X#eC>|09zL5~Agpj|Hoc5&x%w`%wDe+VYh-UG^8i?YDGUnvNxtfDM~s$32E*eW>Vf$M{^O3i~`#1?#5TR#@aXx@*>4kX;uL< z)0s_tsPT=F8D4|ri>ia4;Ne|rr|I4dMXbo$Wae*jp|8rW_sB!9sNebxubUYje;L$N zah7B`Q0XqTSZw=!%AaLFyFMkBJ=aB8n=SNHRCqvG4p5vqKyY6E)_%e~#&QW6uG0J| z^xW1F{pYrlC@d&55N2Gd(L9@_*~_t>Py4?l#Hfk!d(1sH z`Fq*^hCSMuw_(`LO7tPN+%~eY_U#26J+H22WH!6}0cfsx6CZj1yoU9I(MP&9g@t>tA%X9%`^$mtq9IXV+rzjAD`@!EUc%c*+rDdiA7t7X6)KE|WJIS2pwRvEuatcKRu-pL zs#)fWr?JCo_C=fwTo-S?CagqZ0ASPXyU7Vp?@CryJ>EbQQzP(K?z&~jE|>7pb3;1= zZ3EtFP#SYu%XS~Rnrwv1J&$m%&l^pj`*^)6dWz_SN_K?aaJA^ApI7WHrexs;I4pj1 zT_{`3>qJ~L;l!>m1t^9^UZXrO0J)B5b5@NgWQnH+Y5;E_(x4n>7YJ4R%2s5`q#U$O zovp^1i`?X4r?;>FzMx-4zqB>YCl>?AHG7)ecBz(=7J37V75KF^SKZzPssrwaNR-Mj zmCX3?6GQ?OM8H+;9shE4Fh>>HQ<2wBP`Cp3)7hTjWI9_P$qMH1*1pFMjO}20{*Vox0dDBFEz}0y z$G}Ax^eaQ8W^u|;pOF1mOP@0_Ih_5X<)BEi;2bt31p=g|(x|^$x zjzAYmt|e@iPQuv$xmcc0b0->!( z+=q$eyUwo_s==OjM7v`H^U5()Mlq!7N~}MI{_Fo4jj)4@>`5`N`l* zHwUme<1N^a*wdPpsFpWnNuMRcU-*yS=X}EB1s4wU^Dvi3tXWjX`L?*YXt6(=YunXL zE!~!c6DHI`xy4qNDo~ThVTQINfNS?>bp3`F15uJiHanXN1{N%Nlr3FrqP^HhPMaU` zHI?KB(`V;Ph|7EKxaAiR_3|3iKmJ_xPUVrQOKAt8h$Afrq&%Y;*GO#SNGip9eJma? zo-2k~<+`v>%kYQ-u-m3yrPqdm{;HaY{5mc-zSVpo>;eu=q@|;eTIAQ~wsQ&XQ%gQU zsv;!vFbn%?G7v{~C|XRFn5EAR?oYd;{VcCGLYw+D$(2>;PvD@IQ?_kH@;ZB!3O!0Q z2##xqeTqh63Qm>&W|l4kFPtQMdosCO_Uu4UO*;te59fWXf z1^hDe4n}dwqwx36MDm@hh}*R&q#^w|%&3!q#u*YMkQ&N&lXJvfG0Vr5M+ zJ4K&;qB`jHf&tN1P%B0(A@N-+SW!$ZBm!*+MnTSGE7uBT2Z7@Nyx%Tq_)<@NZB&O; z4WpD;Iw4mioc{cI;i0m>J|yvubf_)acN)fKLueuuFb!#dFDJ>eVWrv1ibG}~6QYgP zi@PYu&0jQCdJ8hMz{}rc;sU5_^eyXC8_i23r`YayEmo!ew=8Hr`0HMnvaTC*b*p0L zgrTLhc!e_;J_aFwER!?cV;NOlX|_hmliu`xGz_p$BwY9SdL?lls;t|^c;)2FMmX7~ z5!Ps}(5lxkbEf__%MWn;8B^i&UTAu2tvNMMt|L`;U;wnv+k{<5@Df%i1SN1PRuk1Nw zA`Wotf=AE%@#qf>%tIvJoCs6HT}_heRX~>(okMJRPpMw!`1Vi~-=INRdk(kA$8x5` zF{BKih-yys%cBiyiz!>lp8+$T_fUJtrt3o8zn!j$TW0EaP+Wj2aB=b0r2KZW%1$=t zWxKp?-w|CSBGOhC4p+{oqUrRroBU#L-_mtpkJN4`#NXq<{pZlhLHMcOmHR~C?I&uf z6R&b?ktiZz9?@|j@#ozo74&E*gz20B;FKm!<8^-0oZoI&Y!jg;1eT|7r~6`1HShYA&6W-n$OvyV(~!t?ygK3hF3 z_e!miLHU|Ngj{W|RnsB5cvsrkO(0;|6ZLIf^vUKmB?CLzwiYfW5~%0w{7a`}+0<*+ z7c`KmYDcrJzRxKq!1SE31ODR8HKJB5fPUf6p%3&I&olCT~qW*%Ud()rHQbVCzM!6x&ib9jyb(PFZ&gc z|H2;fvV!jAqC8y(nu^eosQY|Q8+7DEU!Jjf4SBRdPc336n8?TI7C?MCeIF@U<=rXw z7-icv)T<==iq%i|#^=Lwid58BmjwFC;bgT3bm7{1 zmUIbH`1D7W%|q<`vhMvqzgrB@W`&)jHXYbFT=2p$FvrO-g%*^$i>r!VraGfG9TMm% zR?qM8rN>NSe4z-D-WOev{&1Qxb%M_Jr-i#a7Ki}g5Gb``XcKM48FY*3y0b#eKWH}d z+9hbFz}J&z;jR?r^{8mZ@C*T%*@{ol`eRfShQaB#ve1L6Mv7pxE@0@Z5k}oizj2{+ z!e;e-X5PaGYZ|PiLc2>HK~06=*ZHpy@Ef%2CHfsR4-#84@-e!ah7cBjdtSLHIuBE{ zZhWDX7IZqztEX3)H(os;D6QCR)KO(B>?pbO%>NOxNI@so8qk^Z!Bp-(4YPxGZxnMq zez3qPtX&@EX0+COIvRoAQwip{ zfBDZW2nmU?!$22TNuAeTb5)Q{BRffeH+end~Nrs!Rhl1k3 zhkY=DYh2ImdC+v^6uN_>x1`~KcXG0%R{r~4%MG=zOV4_k$@bP}%I1lS#K1`1Cg4rx z6Lq3W;|R<$k_D0;Tx(x%>CI`>6fIW>mSpmttONe2QntLr6*gkH?*bAkbT`n&JlVf+ zuD0Z^lF&DTXxq1ohF^6{6(n?X3zqAd5fGmFoHGDa^_g+caGG>-jFk2tt)FsZEBkM z%_yEf^Px$(_WbPrxkxlBoG#RDr={@6GWH`RDBQWSC$x&_ z^a{kn;Cvq@Mpk|{%W*hJ`vHo4Lm!4tIl?z(6#;B-gof9Yj6Lu&6LX%451f))ib=sM z(8EcLEjX&Z--JFI=TO62WRTv}^RLOp7# zQfAWctesplSo2BKACaJsx3T81q^^>>P$EZ<$7gz|rAGTiSLKVsB;&2R_76k)N(u16q2HsH}i$+>o7E3*}mHp$V7 zvJg*w2r2&ZJOiOQKyq-|8G`eT-LJu-?W1I8jL>^!T~cJAM}fj8_t$wg%5~0np+98- zws+k7!$zfjVZKRb+V3M^+L=*gd*TYBZO1|E@8{F01GpiTn+9Z?ceq((#Gitc%i)5? zvRUxB^%9Tv-mB-v|3lb4_J|g=i5hPA?(W^TZQHhO+qP}nwr$(CZQI?m-*a-3NzNpb ztkj3~531^^>)w<8WB)?n*sjV6+D1wDuf)cMn;vOuUJ^(l8^e0^uqG)KDBg-2m1Lf* zRCUrI7ze4B;cMUtwj%#FT|amfTyARS#oyifVPKcUc0;B-VF9} zA#v&UA7{$XBHkCpz}o{vkqBEqWEro-z+znf!5Bb6N^*I%Q+_nUR3V6xYq~Pr-1Fnn zw>56%@&#AprigafPbp~dOV-y!t{*TSGrKM#MJ)So%~65QM@sE^F|h8ovM{cXW`+043Uy9#O<_9~p!?mx1{I_M6n}=WJP`NU zRV^gFa~Rtz&vSShN6(*cR=m^qt9VmCPBYZdQO)v2*^|#f;;+0fyW&x^9{KNkPLKPy z@Vr?5z3_1W2UHglOjz1s(Lhy%R(J4GxlsvRguIppdi3{A!uM8=xD7QLW}pE^G!WN#=UQf-Z}s8oK^Vn`v3!wUL!^x4foc z8Q`^o#)RywJO_J1Q-cjp*z?$bF0C%~)^k`g!*A5QkN1#DU~7WZprT^EVmxfb-vdQ= zJ|dD`vdfq1t%S?mxkR-b&g+D)c*<}i@o)?XZ|#FG!RSgYaDJ4xC&kpt>cEH*E> zWfQmQl%CZ z2Q-l^H{UrGRP;dL>~A=>osdcqcP|^IO?Cz^w#vX*(!{4bMUC6%9x@zJuaOzyo~SP! z$~Cj5Vt;OgyCXAC*4UNjtvx|5!Z(-)U~zQQxjCt*ykb2O+A{9FNFFNi{(EWq8HOU- zl_Un2$;Bm~Xhs>Ra)LGaTv!tzeUJ&OXOY?xc$C2?LY)^|+{oX2u7>_FwV3(5$VZy+ zx2n~OX~epd*E3~$R)a8#IpsZ+J)rwmn)^(HsAI{mx+OQ=w&wyPXK^4$Qqk*o?n|q8 zgZ@M`?o%qzi5QD$99MfxD`N3OUs=?d2vwF69U(MQYBqu* zAOuOdp*@*30`p0#x~MK$2OVxD+ROvNo@85!*tn+bW11YWWJpfi96iv%C$H)|)pJCv zXZ1Xum6qtwNVx|_fVAh=iWCF`rI^^_a|f;BhFEfUu8e71ib|)(Z7M(^QG_!A!>>cW zbQmx*b=k#kVMF70%^r7}S7HqrHPiHb^*Qsfu^z3W51gUfjG-t5@Cxq&WnoUliE-0b z!4HeGmrH;1z^}+ly%;&PUJPYD+@|w66?NYPth)0ED0yAUodd8$&{VDPy@fa&hrvg` zdYX|JdlVc!iR01|DmV|J$qP?m{L$CtqIW`jMn*)U0m=i&p@8V|gTRN28cwe=K^)XW z&I%kKsI;Ck+aMMpYTu0(j7BUxH4+LjvUB#E1 zm*lF^ZgKrP%1$@Ex3+66b0<)X-w%y^S?pZD${H?*8_D>RRv^9;td+$IsW=m)ny&+4 zWMvi0IOm;oIi?w`Lsn(o1T31Zlm_qiAD2}ki&bkn%|S{3!Q3D*&W3?PzNmm2G)S03 zix-e3f{*l{8LC>BTWx=z*$KX^sBvQ$f{0B-nGwt*eL`EY-G$nP#LoK44k0a8wX6o~ zlJJ>(fkELNly??6w>|g%y^=E7jP^l*ssV1Splx{6D(6bEW2P6&W1JUem#kHvvqgr0 zkJv7r-0vJ3V<498@ui5MTYSB}6P-#yv%#h+<&o8Kj#p6@gRb&;d%64r z1s}bpjG9Dr3J4GOv~hdpkfZlB8r*U<#GkTMJLuJ9g5QPm!b#yh3$L)oRoH>UISwa} z$lf^-<}@LzS&SQxII1DbhDj_Hn1XDqeOm`s9j>tX;?HX?T0)AJ)q^qcxG*b$9}vux z5+CN~e?H7wEhuZzRCJ;f01xz_{nVjop^JQ(C9OU*9EfdOZ0(hk2Wi;T_D82B)S-r? z{#A73+_S*VmB5EBX?ZcKipwZEA;}R6s>R0S?pmzBYV^ctT1>3ev$Gca{#PF?Uj-{&Mc6dS470>?L z_e;Z8-LZS-!U;J0p(XRFvL3`B#E$otfK|7SV;17M{DD4X#JxdSE%XKOtWsLo^<>di zNZbRXb{h6GS&=7~k%##*UTM{Z2VQU3+;B3UvxhYMJL}#bf`)TpkK%)oTNK<1GIyi2 zJUA8?gN&X=D~U}t_AG!SkU*A9bQ4s~Dx?TFP>v#o+E!1Lx*`Ay00lA(Tl7%f`UwG; zQ;ue{BxH5c*g3|i0avbD!OgzeCnYY=T3o|{2R!lsIvs}9hFIip)W-cpd}mZ=2no$8 z_Pf`WuI&CAWje&K!e#B*(^x#&J%+Xk@1ToeRpt95dDZuyR?w+~RAN~zv5k!?52ZFv zSpS3uP(BRk$sc3lzGOu39Epbmbs>}i=-pAn9JFivWsMW^%6ki&VNAxvLY6oG-P8kx zHDPB@?DgiLnZ3jH7XKlVyMu#m)129`Tu-zo{cRVL zXR@Rl5FE>bEe(ru`?8Qyrq$hHE2b(#f0m76u=*tObUHI3EzK>EkLgH+a@co>+S`?@ z=7~ZcXnybr`XlXuq)kH#$<|Q%lG3oHKbY`b2uaMXG zYfCMRSC>lY>x%ng}=#+Y~piq?<{63g8{c2{TAJ-H}ZH$ zVn(OQLB^c?F9L|GjxqHL;(dR@3OartW?w3Y1RCN-*Bw@$g4bYCcZ}+s1BSkWkDr%Fs^8=F2ukY%C_j9IzTGwal2_1WZ zSnCFCi!DZMdK`c_{cfWEFC%UPJUp`%-I*x++Y}18gpeq6fOepWdtSyu&Mx*hce@0p zjbN-YbPxVD9-Za!(RNnn;9qi>9pWGkUxzvu>nop5T#TkoKQ<=*i*Py1y>SaNjD)*I z`J9D9s4en`-`q^K9>aln^I@Lf;08s+f{vau)lY3S>amdf2_fRUq7eRXZ~MI`TfBH8o*xi21+#8*H4Yn29dT(< zeAi?O=KqGI_M({;LTlLM;rO2`{Hxbi#XybJXa*UnF$ezW8R@MWigV!v`1+A$&mw)l zo;%20Y63f@sruB6MySI>NuOyh9BJE-vjKtAn>ucB01(~;Ewt=IcZ|`eXIe6-VO{2< z35*uYMZFnzpB1Xq5G3iAxC1A+$Tr4c@Nd3 zzoadG`ZkWJbko7=+l2&>@f8&;cFf~8&v(oMbV#XQ@T%_xdnbLk*2W~~0ii?T%!uZ{ zb}*RfP=%Wl7uwJa(&jubDOI$ zFww#I=#!qIZzx(jWgTVjCmK9WLPDWfvK72tX2mmDIy(6T)FEKJvBw2dS3NpbM=(n! zxO|D$a>k{mYv%0I+7>8<N!}bgNJ6xuJi%UVEi0fK8bxrs%6dZOy^zcE)#Z=E0;xhD z7Q?Ws4kRwFv$i#N0YNp!nGGxk4kFW*sZk_1s)wbPG6G}n5=zqfw-5)Gm)iCEBKaC( zni*otz2yzRQ{nv-MUc)Lgy9ho`N?`q+Wz95wfTH*scz=`_SBfZ)Nr!9qX!kU0afmr zZg!7y^=>FS=MH_eq@Dt;ww~olx{+@>!{gP9b1HvNcDTB*5WlBI=F3TvW2Y_~;7B|p z3E>Q0d8!dgV{yerQ@OJN;OMcF>~c4xF>ZXKU9njP6JK1+o6t)m@Q>l|xa8bqtsS`+ zgfI1`nK_b>86PKl`=q;LG5NXgLMZA${Fm23TX9g&YC{D8qtjtp>4Mzt3ZeB>-$|1{ z@0~?17!I&xo_;PF`eKdZ=&0I8E@&iQb6;E2;z8gV)+bYO=1-jZ-VChua8GG0J!;7j zV_*o4S8Qyt;C2-|AWpGqT{tn1XnC zLi;F?*|~oqjyYp0XB%eWbccDpJ2jo8dXBKOG9ipuo{1BR%j?|s6(Kt ztnV&f6?kG&i`M0|lpZz@eq4!w$rN6TWJ*DjrSszc*~0n^3ElcIE`{`>3fDv0ZZ?GJ z=ypkfF~b(oyvIGx0(dbAfobf0U|fvQG^Ud`S?I)V!MV0+*L%zk=9aCOg!j*qUJ1hJr8NX?+J zbC16mD$JIFwIGU2GGyG-iwJE(oKwffBKv%rYv&QmHkOII_IS8VJS9DuPt+_uZydQ^ zspNy_J;29a**ig-0&Y>H%{5$TbPGir?t*2zy*8}Vf}W=mj~tyH4kdD&AM>96lnH^* zzR0oO7S?X0E3;^X>3h-!$s5b-L&RTKV0YU8VtU&n`X}6t*-}knVtVBmrOyq&(QD@g z7)G_AMLxyY=;eJopWu%n7c0oM*8Oz<8oe{Vws3JpJ+ag(2&D@P>L zbAOxH;kq2Q_W~ROI{*EB6H%!p$a6%#7BCRDc5lw?VR@&T5&7vEC`yYAkzp>#>h00L zu)g{{j)l&R`>@|6|5GSbwDWP&ll&9ZFo#={I$0D?KDUS3z>~~jtI7lZ^tTGpu!cjR zhpQ1=wR*$0%~PILOc$^vL6dxf3D|~!iP_%jU8nL93IUS6rBat%pTag$A^diQr2#@?r9e9qhRPUtosX3DTTX z8gbw*!n3n*EA{{>_p~W7`$`~f6JX@53ubhYPxO8i$bGym(RP4))ppW{0MvKNSMcEw z`JA-(O~hh;4P!^g2nl}ZA9vB@N`o%2u{%yD!GiDKgubJLT={K}>u5r&0;PUO<2E?Y zug&~|-4_Z$T-d4~!aR+x-&Wm<)jEn6{LW-=xF~=L#6Pe=p{b}ef`!EcJuvv4= zf07^;y03KnB#pXHO<2<91>dC!bDubmwWGdj99t)!*S01p-i-cY`7XmbDu1MFEN)y$ z&-_?C??GeOQU=vG&0wQkmd0D31X{@Ki7>|cV5<@**)qfRb{l(D>*&SYh3zfAXEBbt z#p)*H)`W4Im8g$yd#&wwpoO(A7q4I-BAjqV}Q zGlJldg4~9iKS25}XXqIX1Laq933e0fX)fYO`(G-?k!;VT>TKr#kL2 zXwnvqBsh89D%Pc}3u&_1`iI=ARgUN1WVE;2efbFGmWpu6?qh5Hi|dvKp_lH zN%zfg_o~`U%B&7Jj}={lWBtA-{kWXtm-+iAQQNAhAUq9ZTq8py+;g8*QnLBxHzoBRTPhkyE?Q7qtnpwU?`4gCHul)x6WeG5zIsCYz` zil)4wDIzXqTdqTiRw!i}bxAJCcP7%1p4vDa!*?mqwzEF~y<%8q#?b)XM2hFG@}epr z@1>n70zzptSXjG?AUa2)`km{(AdOB(HBEzN+@38O7)R8fGHEj%J?|RV(E)*E?g{8m z^7sQ0oiyer(2;n5ezUTe5DEa^9ksgiiG^NJ3N2%H+(O5Y-k*EK!|=R=TtmZ-3mxQh z#-xPVO)H=~;Vkr&=>Fn}DG3Z0(}Ipp`(+iO!|}JX-F&MLO3_bom)W!hI3a#A@I8;4 z2uev{HWo{H^3ApA;4>nBK#Wz4(w{Ob20?I8DcV6Pken^Z%_iiAEBKXU1umYN=p~SU_kfIiHzU&upM*(V5-iPv#I+c)HIV@Oft0 zQ9JIoGrW2Pya(~jpxrkrcq`@1p#f!uGvRo<`8JXg53PA~ccen8zs7fMi_W*I4O-X1 zQ!ZR?;_uxcyi661Z0}@ZT0?YG4}IpdCeR#r-r!PlRG(6;e0KD%R*#h}T+G6qSl+oD z0A;!YUh^cDWuhi?d8@FS(HX#1w6(3p;9+o%ZJugkfw9EXJZ#6?iX%;Q>KIrwzNNG` z$A3@js1oSX*W|6e{1Y%DJ~xGI*52{LjV$z|%71DH2$N*%Sp3tu$*KcUd{l=#NBjHg z+e_ipCU}u?8_m0eLccYf_%U#^X6&koWpUi%jqxX8f9|-a>tgzVW zjJ$VatdLKN_vtAT?dC^pa4>X`r{{Bf+ATViGK%0ID20=b{o{V`zx}RvWqKOj*a|Zt zzTj}Yc3gfD+SehQe_3bNzHZ&}E1UUJryX8ECdbrbox9dzz4?E>o3$2-3cFDk1$&)W z<{R0n5v<7p75j9`AW`~FL?cx|0~zIqTHA2Jz*;@RYto&DwpOBYLu-Z?fk2^zT7eC6 zb~Mf~Y_E3n*&b3j4elDXKzTr~WB-obi3@hGKr9HsD!fQxO%e*iLLe^V9kCGowD0zX z#q}?Rd9en$k79ogpp6%B#QsCN)|c4o4KRd;c)XMDty?DsWwzoB9?pcoLM_xG-!mBw zTS)uASPO@#=?q-s*__c1cU?I=0^?D04J|UqQd4NUqoi?6ec;Hi-s@0hef5g9zg1{d zN0nUnwUfLDaLUkwP|hvQG-<&6d`I}4{ztcf@>=$m7=p^AVU13k=NGt{++lNBC z1D%+RqCS`-UK3HKnWS?%bEPwiv`lqY%V%qPHnKa)xp zKV(@sh6tbR6{gY2Nkr*O#O2LpTjEPdF4j*~PwhyrlDjLm&e|OFrJ}NZ{hb^B7)32; zu%`=AyL!EtRW2mSD)BRq3ZSJKmlJ{(FQ7VtzNOTt$Aj$Yao2msm>l=Hz*bLh;$g>M ztKa$zzhG#;{|-0m!=V!Mxb&@FJf)*IsQ=8jD&O?dBu~OzEiGA){@hp)kRk2$(t&gZ zg)`^g2JsiXOo7Fl$FWIO7!=mnhurzv#P7@wEkS2FiE!dKb+ngHJcf(iZ^Abi(v3@E z6muFPkb>|777c5N5U%wd8H4^y5dGlt9}s<&{YrZ1CL^~Ou~Alos~HuUm`;9%tTyA> zYGwZ2sN$fxE0pCs&TM4}*Idq(29Ep7T52M!K$G;W75+sb+ltM2L7{Dln%UZwFM5vb z@S&wp#VkL4zlzS4=ZWpee(E-RCPKj#9)~?j?~q*0)3lq#rylv|$c2{g%WZEsj{_^C zzb;Q@LqQJX*@Vn^LVCMv1W)ez0Yc(E+(vnD=CmZyg!{HAesdOne-};gK~Z^m5KhuW z-?4f;7c7pC>>Me{(#&dS>ICV0)T6NjJ?ybSyKp;uS^(ziGU;Xwnl1dwC*v0s)#NvmeIUM;Zk=Ml+Hq_4PzFI-63m+SL(vIgqmP8y!a>ON=6^_&>FZNh9*wR z0RYjOBf@J&&vlzywk~FF0fwt{ifmQ}m&-$weX-G*S)g+N;x$T+ z)aDSbi>zNhq%J=%;tbv9rl^O`oD=(eJO6Afa$qss{0nvD-)A|QQjkxy7+X=XA9O$-YKBBpd10(pr?;X`{xsO;QHYhM3aesX$UVC0+%1JcG!Kd;Z$Z=T9hA_amd z=9BiT5A2^IUo^l^wyVd-enAmz6^q5{njjPMCOz@?;vt$fjJOIi#RQYwQ;nGVq7w z<2!fzQvWk3?&j9L>$h(2XO=wgIs06%IepF#SmWTt_+W)xZN77_wsPhiDn%Kh{&&M* zAz`DOlAW&~dq*}qc=**jC`Cq36Kwje&ti3P`hpe?&cVbTn`4QP@6#m5SD~|!W7LE- z=ta77zo9hl4VPb2Q`iw2@WD&&_E>~@L-AIbmAQVs=fPf3DnB_TVUPBOqNSC>q<;-- z-R&NPy9t3;(J_O>Yff16TG{Y6*|5u52*s1qa(V8V7GtHr3o`0#qSw1wpA@TKAX1I~ za-^PWD)*;c*jg3S50}I6fB^b5y$i!vUwO3?rL8tKJjT1<9dyH}RS~XcTlE>+ebozI&aQBeSFux3h0jsN-&oXQR zjjKg&!8iN2>FlX%%L>8;SMxI(Y-TF~I^DEbJiG@Tf{$$7h!|+t9zocGGsi+9bk^{O z+cr6Ppu-#5bF!mk{dEh8yq@l>q!Hh^XK8)wh^^uqtNhMd=eFTk! zap{)%kRKn1>Hvlcc;8nBeul)q6Rv%it7T+uh$V11in5%}fX;-RZk-bMcK;D6m<`so zgP!ftG0mflEkPMCz)0GxereMj@aWN$tm4m{B5wfw>ivU8&}L|&v6c%iV}1RIQ{a1E`yD7*z6&U;f|NOM$V&Cu z*tn8|In2B402n}qBKi1SZ{gOl(B&WHN9f<24_ZWCBye9?={g%96t_7;n=7nyLH+8b zbOWNe>R0o^Wr|LiH?=mXt=E2nUemx{QQwR&u)pLygNDSfM2qq}_`4~z{QwTy2&o^2 z6_3?z38Ija;;BFfTjvER;Wm>_G@#To6$QgPa4Z^y(uvf5c;s|j4}^M4qGq+uP1BcP zAzJO+m?iQ+#Q7+oJ|els9$@A3+O!g5+g?4tL*u$@>F6Is0!QWS{FEpVLOdL<#RI3? zn@0;Pjs2(Z9L95zwR}up+aT_kOjX!d9O3pp?X1vq*}e8FRi3X;?L1dkk`c!RN>+!}KjPORr78aXa?o`I{Qhu|@ZC}hJOSsR8Ds1zZ^Ox6f9lppl znycrZv~3Ip&6QGiW@zAxdk_U`4PcD2p~e*gE2y?ZKM$wE^Xz|)V}}CFo|3!&e!YLk z*c_nAyK3j9qZulL7&B+#0ZZ7Si`Zg9Jw^dI)boJF$k*T18Hvq$NNmTL6ACu93_j_S z=uO(55pBjR?8#Nwlf#~+tVv-z4tu(&P$#}3= zsD=cX=4oN1zoa4%ke*(KyoI@VA{Jigm!M%RG=QQ872m!f+c@Yh1;qsL1u9}O$@XQ#0qdzazw$$H)76z<&Hfo2@9ONX8#IM?Er?HUx54w3)Um za+Gy>+ov&Y`e~9@XZqAGUc|bbVIlYnWXtc*PLQ#@V`>zRD2^Nzd?&ZrAWMNLb+D7W zcKdN{K4hs__H9z_Ob={4;u-x@?`vuvIr^^^sfCApQcu*wIby64(()BKN7&z|C;Nl` zTcL1_Slc~zaY@+=j*YLlF?VPm(vJ=J%2tkn8RMnIl(*xPKz4wx89i<|>!3>$?E;Ep zl|?wLypiD*?yBp3*&gqD&vvxC&i%)5c%89fQ`j8`=9=M+Q!`e0!8HSO3~pbK4J99l zm&SJ5$k0z!71p)1VIk+*q=Fi7YQ%8RBer}dkybb2A?eHn#yy~V$f8^osgwWZ&lK$+ z=iYU4(sV;NBkXrp0$4X1)r^1z%LDk2v!6sf?;2}p`=4}$dp&_n{Fkl{qoMpsu9=Q~rimIW88Uqa)Nn)5n2Vxbe4v}-|iU+(_X z;+J*#y9uu$w;)VGMsAc^Yude+=@`e^hv8bI(Dp=NESK{OBJZb3Fej59R)jA5Wz6m# z(@z}|-#cOmpCY}+`Czkq__Y#~t-e&b#3!1aT#!~*%F;IG76c?SC9jy&0v^N52%Sv= z3$BYPmhm^F>71wQQse8EOda71X&0swm-bv?OYIPPyD=VjSUZq&*z>dB&D+r&Q0tsh zsSG!*3lf7W8`2w*M^GYzrENzdc8{i^jHsAz2Ygb-fS3JoIPes&rSj?>f5R3fTD}sJ zzpUOtvj^-_D@D@-A#uv2XU^mH;)FURhk>qip?4gmZNo01k30(Cf9<3va0%6Ymi4Sc zxQTfR5t-xc^>a1sT^L+CD^wss1KYi3tglyHwEhr3l4u7W?Cj;wlQ_&!LNRheW$}3m zCG8m&N>Pb03=x1}o-Tk}C*z}#c&Fi!fZm?q37&QSwm)p`2nIbg3L{vtb!Y}HQ-^mL zG^6J>KoiVOH$7W)zB`zHQ1ScL5(yWg(cNlZ;@!ikEBnQZj1ZF98yHC_{G!0vPz{4( zuJxJ0B2tQP9K-hMzRVRYy()QH6XcW!nM8?@0z(GPhL#-a#*46t z(U#Gp7IK-{z`PnF7gWhZdc*RwrQ1F{abtrB*azM;H<5qRmWxYpqgUV>M|Ead*y~_x zZHKH_Y1xR|yCRxKyp{hgqA?anq7pVAbU5Pr(jWz(PHfSulFaTg8RS$6dW!inFaM+e zyqI&v;qlDx^Xk{jR;G_+flXb_S#V&f#L8ieWOOsVx|8;jw~~r8MiQ)QY&OO~VYxzt zw4jQ4|8x-AZ)#?2{2WP&jUu7(0>}pbC>(we8fRiqnL`~_CY54sq3Dh1leibi%Hh*Y zV7NN69-dL{MPob&4;vCqnsX`kwk^ScBldx5b-I;$u@FCmPZH_!Q^tG3{%XHwrbTHI z&WPY3=e49VIK?Y%Oio7Q#!vZn+ji~RmG$&8idi$qqL`$#NpM=qp(Ht*)sO)ZOm`lk zHy1_h#WFDJVv;4sFc{W8u@e)(T_L~Pg$J|~e__z$olzin-oKzV&c2LSX8LZN*F4nf z3%+&Bu*RD&%x%EOe2|4`Bn^B5z-}e-=PF@7!GZ`mD6Ru5;-eY>-+5LD?9K*&c=!j* zNJZaG7_k51H_q9yCyb%8s(1tOt%ua4;G~n3_|yTn&x4Td$r6vzwiQ`)7d0KOmb+44~hZg0*v$7nhqavCjL-PJ6sfu<~nRS(HmS zYX4Rf2FDmYNo>EZp{xLO7D@$<**A)3E}8-6?P!s)A{0<+AmiO$oVOkA2I}>ZL?&cS z;{w#!RdY8;aZNO8M4#*Xv=DcU8bAv}iu$n?sLWxM?$^UW#MM-eWwGyO-191Y0x&S_ zy?`CT1X&Fw)9mpsSInbYmZnhkErplBg4FSh57Im>@Ru6^Ewo%|iny|LoIpa|O(6|X zueev7G^qfI*tU=nzRL6XE($42A?weIms^G|qy2%FmG94>R0wQo9~ z?T_18v<^2`Guq;$K1!K-#L)p!!w_BP>2Abv+gM8OVAXZBx;wNF)pz$}G^f5kMfqk0GqLPP zdut;TL_~P_q{Yl3CN-^zCBaZZzG7O3lbu zl}NvqeZXr@QCSl&Z(er<`KN)z)}^rQVN!_iZR9BJblzvggc5Nv-{D)`dA;-_ol;lr zPi=x(HV+DEHO`wd4Q2#)G>NI)GQ9hZOQHP}0FKs{%J5kELn?PAW-|%cfxcjpO#KkO ziId0T=t7(dQh#hV7BAA?^Q=;ux5TZ3u?gyjtDR#s~ z)|Xg&sTp-PQ*eJGomKm`PJjY{ug|X!8SdsMx2t^3y<+E)Tbylty&UdZ_;&NrZVR^S zbRRyZLAnk$b2)~875!N-$pNOdE}HOiESk(rG?FUyXu?>gwnRvrtOAh-S1Y{aV#FCkX3F z2(jN<4Ge|M7vfCg+{$$A9+Aj6?>5z0*oi!3dLEYCp+(Xa_@%P$YxQ38ncn?1w3qJC0}E_~*cGzsn#uNT>}1^E3`Xec~d6oK zA~31bLm63@spa+g=Lsr~o>fBdT!VMUZNbOB-jrPJ(!U5rS zdD#qrQgrYsU)G&jda?$Hd-y)u7`>&D1!u^1L!X&&G+SI%ZDMmv_3V7?q=t;9}lV<6X3RYu( z#jGmYADPEL&4`XxbQUUP2<2}@-yn`;=~fhJhRn0GD-dhzi8X=?^(`_#<{9@FZn>P@ zlacH|z7N^>mpQxm&=IwYJSwYcZT6$Lkq=H&g^a@_*>Bp8y{VHdX0?lv8~Fa=W$k;`U_uc+sDcLjiStjjo2L6FNjFZh^- z`^_Z!$5`K=|+i|-J zX~VG+1u~G>B;=%MJwof)7SvXJx)76B!@H@>eZ}Z5?}31WC3Y?8K(8$K_m#0Q%wlf1 zjXmlTeQ!-fVWBELk@DfgZ7CwyM2sgQo~e@TgK>FR62v1gfum2n#;8i3I(4(#%@Wr@ zZ=IUBrD&7aw(Lh%>w(nsV`b)ZkL2Wx>QzC=3!K^0D~;yI-@Z_BSLTOa0~mipp>9wk zI&X!tTiK-!eVlrq#U>HLS;{tq&}ps=#l6x7SC_Pr8RQb&e6yF-+~1Ng#etg~J9ioFAhT2gi1BB1Q zVjn|;i~&OHreQD`qy1DuJ$a<%&%5Y1aZf-65-L*PYLHcPNKD%yBwU`?FSc+c-4P`T zealZy!7~1tRH#GircD?O+T3LarX3}ZA{5Lmt-mh(H{rcOB&YahaAS52FH*E9v=3Td}56kKuAP<}C(#FFl7LZcr6@5d0#`a!Jrf=C|BXHT?{fb1f8_jY1eypi z*H8f9{_X64a6UudzvTuYpi{68uO9+#Ya2VDQF?Er_mxL zOXxpr{?N=HA{*07soAN%f0f&kRvm;Bv^n{Qc_!YM*t9U)MNM37C>|l0Av1H{uMYccqRbI zcd+?pr$5OAau=+U)X>5T$upkIvK}S z&ZnyvZ3_qf0+{F3Cue6SCW8W)SpvnG#2EsNZMJvQQv)cuv;YvsvCnNF>6w0v24zH~ zH9+zSsPjw92WJ50*#J7UfNuC@@c|e*<`K@Vp&y-r*a3IH17@UsA-59Eq2yV>cy#); zocy)LuV`D_++_curi4dUW`^MKD~s!@Km#a}0gsbYlrIJztL&lw74rdqegVWYwlo0z zs-__=p(v^-CL5W0>%;&s@w?2Fjogj@5#>O#9S8VHpU$i(FU+3C1qYyTG&S|a5fNc! zWd&nIB{c=(6lDbSw7l4bQJSXSaj0`_0_y7K45;GwmAEpnd;p7j)Fklz`xSzYXQ}_C zA~}~^#Fxh_z>e=uZcmS_{LyML|4YO6jr)b3wVnN2R6s>SL_zwZThu$)SO>=b&41ZS zoX8qRU6qZtqxC&p=RWvJox_?s^E>tqjdHrXukniv(FXzI!T7YBXvp+0$P#{UE1Hew zd&*B+gI6m-OG!*XQcLhcD#khLi(%(N|5^R%Tl{7l%m~i$4WX_gFOQ-J+*Id%$(~nz zujw_zXNpP+aE`mP3Ce)~U3rA(7ZzD~c)N7;L*wuz>f#G7xOPL0t!+t*o44uPLOr)K zJpQOV_fN}<-rd+97+*i9jm+y+-uQ@q4yg*h{-t&3o&9YgBchlD-ZL@dpR558bso*}ZCQcyn9dTnCo&Uy;GXg;Jc`#Oz8% zoO`ZT#Mb8H(fOr#bA`-FN7OUWzxrbNwv7b+iFGE|ROAGB)xByJ`=R;JBvtrcw^*{J zoF1B4**L8Bl-@@_zRue92)X!u&VIs`kL*;_oa{x<`@lu}KDEz_4sIU(72W5RG57O9 z^}A?I{*6;(3)lS5R5f*0^z`q*1?`XSOpw)d6+eK7$-fYTMQ>}|^QK)FwQuAuYwRvT z$!}cub9a3*_1HK>U;no#hzI3?FUU98*=-zP6o$rx#D+xEZzb+;7D^*?3uAp9v!|se z48Ytx{2Acv(~1$*)fE8kN$Wd3VEga6003cNb@pQ>WZ%y4`YG$kT`y;FBxqmRSLSo* z!3hW*&@VqdBRw!0|F3`pAX@b=e}g?R+O^d$xyc~_-9{i5^_A35dH)oQp3?{T_>alV z`WF0?Y<8=-v6D;Vr{J$AJd&?%2Cv}Y(`?1pb;(2MKNh~J5y)IEt!q2u_c#n|Zhd}0 zJM_HzFn#yUwzk)I;gc2o=of3ncOC_$#qqVk)YK4cu93kWC~bYG#6LYfc=>eKDf)LK z#JA)cx~F%s7Zn}=!~q`22;^U7Db!`Ft8xE2k!e(%yw z^yx}g2oC9E#HY6idaSI;P1&SE5H9b+3k}i-)!3Id2fvD#J%uisK0e^*i@{zT97)3v zU_@c7cIT1&_Uy6BN&zP@x=;SUokSS*YTTb7Aytb1V(c8ch3mlud2HLZ^&Z={ZQHhO z+qP}nwr!)o9^65%bqAf<{sq}jlByEQs~dBSESgo1`0(&uJv+^U06?hiwe%A~zTdH$ z_OOXzbJRNh9Imx2fzBwUBKi7q$;(pdh{yvMlmlJ2kSj^O^P85LpiH8^ywN)CV#d#M zE0dkq!ePbm({$L8>kNeHySoyctl!qcUa#F@tlcZ(o@9?jJ54RpFVXD?m(x<`A=1|X zE>AOB$}qD|Vf;mzayQ(XZ#C%$7#UWy+17QycW++^yRr;UEr-6I!u)iqq;Hz zZ!#pSx?5^I0z+W3nA>khmPQ87Vi}Njs$yD2;}vYx>aTZ|i>`BzmXTk()03Nb7orc? z?SeWZf#}F|HF{s*0XIiUS;^NYP^K3wj`1bW@A}4rcX0;Ou*fwMd?#V2?3;W87Q<~5 zMB7m`I(z3$%s@r`kn(A{)?N`)p1LCI?mWDl4P0Md433Bo#`{eXm+pw_W@>qtON?s! zddyl9=A2K&5nI#HKF3~<8O6>SnQJ|sn&tGZOj>8;kHiwBK!zmpKSK$@UBQ>O8)+fkJ38y}Hn-WxpRD++x7QcY3UZJyxAIDr zoX@qiea|OA*Fjz_G#G|qgaV4vb6Q9!R`(OG&7!(?P5R+ISu`%N z*Gtm#evYsoWXUI=;)#!86Qg+4)w134n-HbRC-NFJeZO9s2jIq@Flg)w$pK4#6M|C* zOwqxt9Zz;X9hsO&>08te3FUYO&3;CPJhQdIbu9XX&YV%bI)2OXw|&{|8c87%{h{qe zdB;K76czrtvaH5)*uB#MNRP`?D|x#i5Qok4D>#`>*L+2wa9NSv8^+WS0R$Cuc{1oS zWT%uf=0(nyg1W0f4=b&oEW)(K^;^Poo~OYKrg92Wf{ECS4og?uNZ1|jD0%jhQ1_8v zZl_@F8@d-ZjzSjdXAeq8e;S3|ZS3yoL1)q_yjg&{F`rZ>Lh&oFEJy#e|7Fh?>DUS6 z<}frG*_N=H>Y1u)vCU2JuLp@6#vz;{Uz<(f)rw@1S5-a;_)<6O!~Cv2;?mxkd{Q$n zt>$hZvf*StiV0~I54K_|f*{s=w7JwLd3u_(3ZPQjViIkon4ChX4tqQy^-n-LPCE)i zxHh!`BxK%E5}QkfebL8fRYiM+cn>vN&;_)?`&8dCe}2xZ0{-1r4zN8z;$^78rYpF= zF6Ro6L3gXs;8_^G%m0sh0XH^6ldh!e7N#pm;$+P2V@ZQ1O5pj^oq|Lr+ zrV{x%)tk7JCE5E*Y3n9{i5^kAsjt}I-yM`PzY%79i9$=NjCJr}eMrUy4PH4`^HuZa z#peo1$w8})FAqTuA{Z%Z57C2^D@@m`z;fEObXA+OW{Z#+;3(Jf8;Qd+c^;+W)&YYB zSlQuNui3J*@51sd9;H4SZ22&OM#u@kC(N(nOHN7;PhgFIniz0gn5ETq1?5!s+mWts zVd)G;(EHYOcpxM#J^C7TEX|%3D@YOYExfDHDRjC|^%c+sy_VsV2LdvWMxQ?2b6{n; zEw6btPS%t(MO*~}q9mYs*Pox@Q^x}v$Y-W!`r6Ypyw<`*r8o(Z8?hLR_-FT~`nC_9 zV{V(?k=R@UCPRLeRf|;g%eXXd<69FT_cOlbUiwB5_|xM=9fYj07`sSRy{w$F=RYRI^2MQXWE&FvVyB(K)GS zrbdERp{{m8sih-ELg{$_QKqAi&YkLV88Q70B^ruB(Vh%?a60A?4=sY5Sx>aH+j|6p z2{QQw@zUb-Z+YB{ucLxHA7h9r!rUyem`7`MbZC!kwAON+Fs>YZRentxho@)*fAy86 zhv#KNVuWO~{Du@0-mQzgmKvj>87uvT6^tbuu?8JAlV=M20*E>uy6MtQT@05h~bIy#LClfz`- z-tmgkO4=vHUUpd%LUz8_*3s+fIIJ%9$lXKaj)-f_1xn1FB+B9LuDh&O`+aB0q1@q{ zzRHUH6h_PTvz!b|$xx%x^H>p{eeDu1f9iMo)n_ac*%+Txr~sW8BySL3y0B7*GVE3A z`4Z(tKTR3u_J0 zidh8k9e^Y-QM0CRurwGi&TzTRa+M`pld3FoI(!@HZ3~z6j01@bh3&6`L>N=X)Jd2~ z8#9bXlC9=~Kyt0Rw!23-4)LmvNk4?NR*_-T;dLCCz>90EvK}c)ZmH>_8Fg}{v97(# z-&o053FK%4e>34E|4-W2;RVsbjg%q{uFPfgP7SiHAhyxs`RP!sL-mX+{fUK1!vNr#D1%59~aXbt2YT8izqnhrA4(>< z5>ryFdB3xetxXrrIiOaUgV+iNA4@J8gp!cb!-Oo~b#t$=(o)aTQwja8`9%XRj-Ek$w+g2`{?WWcy&XBQ18R&_Y5R)bY-G%md3h*F&iItdZ$M zw62H`Mcu!TXd`T|MTCjDa4It@=anic*)3*kpi461R$xcuCAI|jSuI7MjT|FKRs<(G zh}vCfQrX)9qO2zXrq63|fn4Hd(?fW*X(n+W@WdCMH2k~b^;~6yb!z10SpxEGY8dg8 zTxHw50~fG|^Qn8vgLaAoM5wKr@YmMpjkNgjN&21$N%CNda13(N$kLGha|3W?ky2DL zwNLvxy6DBw#*uTmp#y<-o-V>Lfc1SWQZnI47%JR{2rmv9<0Qo>u63oq95l{g6E*ap zN&5%IOmM>mVZg^!Ubf!x2t{Q#`vgv7>mK8=urt^}J7^7k)Zuh$9j{I8Z5vo1q4VBb zd6z5X2Ui1%AP%BO(#i;ZcdJ```SQ#h2VK zHJg>jiRmMk?xbxu^x!xEj;<t6=L^#C0hblrDB748%g*hQu9!LoWpU-XUQmzVM zW%Hsg$uSpT>L6)j_+#iK?z~|0u%D?M{YS8!I>wR1MW4Pe)@*1uH4XiZfai%(t@lt- zOi!6g4&q~SbtxJg$NxB!@+;1V?_E3L$&mj}AXQ|sDP;GPH$r*Ur=1FvF3DK57)Cc! z#q2-dz;YklVRExpTxa0$^eq@aRkrJWOOkq+uMWGDapZe}TiItH^AKa1Ue_!pf}M2) z|52Gz233hy;O*u&=P%(af(-cbu_9xKwk@%UKY2&sgl(XKi*K_SmG}NK`qRnfd9vE6`a0a3ZQ*+Cbym=5?bVm5Nen#xfMweCA~@1L7bB4XYjOh ztSK=|rc-06e==vpb~M>B$I?9Q*_+sNQf{H4<=$_+_zrO}bm<~K`-+=De zjrcq>p@c}iY_?BP6c#OCQzdE%etpC6aG+phhO=7fS+X{+NN{h#I2gj*3x`6awbpB< zdp-M1^B!8U?)zRe>Db3`LFi=V`NN%}9hu0_9^*JFW0tpp7sEc0Xp{wB)g7sqDe6v^5`d^0i{xqvdsgN`}L>vcUbtw1ytCmU$SJ%|;2?tmOtH)APAce9|N z9s{|UX-+%103Cb$Q>RQ{1SM0^G1<{FQt2MTNg=P(K_=RWs1&1@yTX52eWnbhC9S(5 zsTe@eoJ}Jd@ciNcNSwp)s{V(D^G44%h(_8+|HY5RO#0+^sNiwCz}#o-)lzDJmakNR zF^5Gakbslp5Gmod>NM}ETPwn_Q26~0R1qzRrra78sxt+RogoZ1cA2ohG{iA9Y0*VR zOz3~a`x;=BxCJte4t&2sz=Pda>0C(bWvT~7EmvK9bG_Z8n|hoAFB2i0TChy=({+f4 zLAActyRRR^k!p!D_&`qmTK?;+&&73*E35Zkruw<8qPqnO*jyn&yVHN@h;z=a^l}|0 zvi+&N+QuNsR!Zn$7z>-T9>TqCa_SQ06MV&)lk$!Yg>ZdM&DJYy(!?Wgwb?^u5 z2E_$gNCX@Gt5=8@gjJ~RE1lyKEQe#?<*&S4HPEjz1c3$t zSJ-Q0l?kOGT65`>1XxKldF-6mafR`f2?VYPdg*+}j|)TInR#UATJXfY{h>V|+Q32W zL5U0#-6tGH=$;?~UynNnn@J>?#Uk^jX@85j3rxDxiFcG8XV8BPxNN(MJ4)`ChirM( zSGny4Zp=H4BT&2_kuV$IS@Z|f;3ot^^=Sr0a^n4?52Wl>yfb+`lx0yojZtLXk_ z{0#5SSTX{5nVzE^>MqoJCR3dZV{8z67!HQ_g_l{FCAE$s(OH(%pe8 z9d`L^qt)}jK!B=?Ztj&ee0GA_J&#Wifff32W);b&nBz1`O1pB#lzNVv@^8oz3x`*m zrYcPl%=eaT)Cd5r@{h|M#f@#o%B0-9R=h{nz}@tmaDWQzTE3e212E3+34nitoGQ2C zZ-&oCG(s7PW_Q%StX3tBVVrEc#Ps#TRrsYlWgiYZfk*vgG=p2x;FSwC!k=O^*qy6S zR0`5aDf>mVyR?GNIS;f-6G7fkJ@ z{7KH)AW9?_6Pno@8JlvZgBmoU8|ZwIXGOm0CU$fPuQzbH%f~-QIcp{x$ zW`9)dk@>v9m+-Y>{X+0{9qMcrpd6sYn?6HS%`o$Kt@%imJ0LD{1JUf57U1U<7yD^J{L(BzIY1`ZN|BjBxK7kGRMn zDHO2roN4l8WSD8Hf5gNa5kk*=JSZs=^qcUnaX>b-vK1ik`Pmn^;_i1w81xUdVAAW7 z4V-B*$fU^7_d~#|XfNICTAW|&$lLGchc(eM1m2m1=cY!^X`Ipbl>)+H%b#|5Bx+%-&g`jBn+DJs>Qz6S{Gns&xWwBb-VC{r?ZGWAkLkWLv%K}>% zKAyH;+W7PR<*S(cHG9Zz$!xa!$Um3z-HGeGnB{@EnLt{rq6I7o*P zj3(=czXO_vf<+DXOxs6+kbb=e%9=tBa_P{!al87P2^v=+VSvyiJOz9ed2Ze^)?Z~r zPTL+Jb0};soZMG-rwiXLx4NoXVWu!y6aSkgfng@L&n>Tj6Vujsg=HU&)>C4FOoQ6epQy88~>hm{?nk7D& z)B;n;Ydx!oPf3)~=Mpk6>7$do5YqT6^L~P1%}NZ$+M`CKf8-0WWW4GP-vu%Am(*r; zbLq)E(59)k(^tO+k^rC#^ddfeXd6uvPO~YP?qg#~XNW9!eRcb^zMKR{yWsgQhi>0@ z(7m7s4lS-;WcXHLAp{VZPF4ijB*<;9u`dYbMZ2<@Ryo#El@O9*JGVDE$C@&H)4iT|Fp{f{@SD9_xt?mg zhZYvfIbOE0Ua|bpsfiMNQXxI^U=0j#f&skd86O<~97u_bkDeZ!m$q+UuNfOwDJ$v% zNx5cxgPhV|PTxyc!M!1{@d6+y(Bsf6SJ%#W$wN=?O^8<>KHLUg?Vt7r7Wf7v>%Dk& zz53xEmpMgXv^{TjOK|G$`jA_ty6Cyz%~& z-D0k?!;iGEY&3?lM>pDH>^3i2l#xU035TxvAx97;Hs|>8CPMVdj%q9YT#y!qwTldb zn$R5A-Lcy?f}{sUWPvsK6@LX2Jp`eIsxA>4F7oUhM64ImyZc|=923h$rN~Ti#hKV7k2vxUuVgK{-eEUztT;OO2ReRRP3tb;6D59$*pg6ZxLAo%`cWPTw{cBv8Nj+Snm>Ms2CoQVa1ubq;4 z0OGm7?sRWh0(yH-!Q?T1tzwjw3Ltp*{{jeUyAfd|v>62}bMpP&Cq z%7${0P@<`e;K`JN%XyKG6-Bel3(0qwb|z&NM)Tq!@OL7*Ub0Hy+iEKKNZ7CpW2oeE zSTqXLIJaZHq&suOtm4`_c*zW7K3lh_;>4Yis~?fO1|AG7H^3LhpWIBV$a@u^7A-y= z5c6CA`f;aEW`X3t!P=23+2s$@x5v2crl^puw;g{DsMc0wwfoh@1JOr97OAI+D)&B4 z+BqZprZloj#>v{95sY9y7V4IHzhfUlMy9>j&e&%=O;Y3gd#yt2x}2Xw)bE8qX)reL zq72ziQ2yi_jV8&(@D=|y=1;b-r-Bhf)6YHW%rkFUnD~XzMS_p1=4uUh2Jf|Py_>** zRroIs$!Jy3FT;*yDYqk>Q*Wn`1^;R|wcl?xumw(l3_yY6j+w+#0=yRKoXc$l5Oy5s zB(oZn9U(nIfw6|frXtM*xh!w?-a(!!tt^#Oa zw)l}f-1r0Lw?yln6RS_3@AII@f@bUv?tQLbfN|7pbw73CaZ-~K(z=vFfE=(Ba>YshiLT?zjc7hKdc=ews>ivEdA(L;SLELQ{z3|zr7`e$JrYz5JoPf6&b^Fn0S zKAD*hXzlM6;*D_{vX~^uv2Z@#V*_~oyf|Lv3EZWh*p5FARdkQjET@#Y1cM$M-^zac z=Kin{=lY4L>*fA!Od@{J+{P-XOUh0<^ZfZ#S9o9r3^;TR%Ldru+<9kj=&{Er%*SIe z>mF>uK#h!`7nfsWzO)1JJVeb}X(q6wns^_QDe1ekPleS_%&GtH^*Gki98I@PfL7Z2 zLTx^Ntrz?42qK{T;8^x*1Y$rNS%W+JI?C|KIXDH`DizY0I7M+yg-*#b1)o-G$H})E z4D!qqwO`=J(3r;2()zS)GK!bHW9TZPWAtAo&uIN)_k;O9rN3B@i`~d3WLkB@OJCAv z-t1CF(AZu_IDJJchzL2JDzTmB=Bme32<%Kg2Xz0=(Z(SUb~M8R67j(;4;Bg`GGqTS zkZ-Up6mj4ONsFqbyPJSJDinNWB-PcO*=RHors^2HcClp1032j`Kg}uPLh^jv5+JF1 zZEmGsEl!;$cZ_>vVjfM3Ho2w#s6Zc8U#4_@>{BU^1&UU_5_0O0!OaY0A(s7{C)+Zz zWMZ{oqIndO;LeKfz*Xh*G&L|kr4#|3eWY7rDh zKeC$^V{*6ndUfF#aEmh|D{J}XLOe;9TP5gr^e>Dz__$q6 zRrri459y+rN#@i7$22IjQSSKTF{|-F@$1V1oNe-4t}U7O zoupm~u&Qg#gS#Z@D3g*g$MjZjeC8;qPb$em(7)YidP&5e=b0XGG)K0u1##CpCes;m z-hSV!A9mg#>=Z4ie9`d;zZ5n7cCS5CTWriR;o+&0ExYl&`m;717^@x%)|ZRpLJ|4Q zv>6yt#KS#2Af03b<4hQ6Jgd}HMQ_oj*Y@}NBM5)r$O*~R0`3TlrdYA7Ns8?aP)rBA zi=z;O>3(Y9lD{F;Kz|~Jk)$zzIZrjFS--Qpd`rY?&dlb-m%Gwv%k_mYLyTmtnh zFbk}}lC^wUO2O)wT7N(kbdJ5huQwC}62|%+atSfB6G4X|w3|1D)82B_AWint{yUpJ z++_b9H7JybFB>(7i&?$DGD>NFsUt=c`uq+Zvlm9?8^#^@S^(7G|ASZZ%ZJCHf0W9-s8e zzsu>Qki<|lh#4ZlBoiLc5I5>zwPYqIXANz6IB;wsr*^xGh;*d^3w(dh&)XIyKgFE3 zcvwQGbBL+~PkMe4Gyfc18gWT3*3gIMZ+f{nc{xpQ-&x0J7@uM+EMQtbIhdgtD!m zJnrj$gMEQ`d7~&)?fB@@zqSrS)X5Y7F+G4p&GwI!^b>Vot_a&@$4MYB<7Q0oC=oB- zMy6&rmay#)?2LV9v)S&fV64du2A%YzL8jj9-6=l81!t{gPT4ISLp-2r8dj(5@!cD! zui{AZZnh^17=){<9!Q-Ldh^)ad!HXBRtOJyM(Yk;caWzLq2xYloij72dkh{CQ8Mnf z#0Lo$!Zelc6>_kx!vxN3_393+J zly2*MtP~uRXi1z;GR_BI)9gTD)1E1-2d&UwE)Tl*q|1py!-F)OaWPvQy&$y< z;d5H{756Ddr9i79CWXfe4n`^}lJ|a^r*IyhruB>Fckg_EJ;De%h&GKD-muj|1qiE@ zPdOJhpl%nvPrWIJa@;%L8ApXjnGr7f`Eh9@O?u%c2H%8t{^O8IO+TS+%8+$2i-QYA zF&w%K+OA2If`qIky7O`1oxC;mg+(&rLK)hS6v~CMakwA}j{_09V*E8kZptUX2?6fA z5-0^Z+&thU{wOxvk7qMO&6CI>|V_{-q?zNB$S%2I$2<5Hdn(K zo9alLJa^=>UOJNI0v`wU66YB98*}lq5OJnHa|c8$VA&Rw^)Daupf{MXI+AmCh3J=% zY{Gp%@I3V_92n$GdBih}XS|;9(#hlSNqBpOEu>NhrI=o_5Nk zwdgDKja= zAKafbgTx-bxC(M#90HU{o4Pe8LRM7I3KkI5bVD@oYygrY(jIxOgv7k4sMYVJe_nC` zpQI1JclUDW@=b%DmtSse`7lBMz>CAOVkX{#9Z$QTEA9*wf7sa_KqR?i=_M!%+GSoX z|KV`Gq#u7&5xiIBpw)-1Idn#zZ(=u`C@S>jQ1ARfnHL6zm*`jCvEn}^&uBA}wJ_Rg zi=i=1QQs)(opi1u{;a%H5T%^)DeOVDLuM}|4(~JYU~tnEkri2Q4qxs zf`4$-0d{4m)pyVmT8PK$nFV4rL6887hCvZ&nU5!WqxN>0e#o8(QBPhpXAg9y^d#*i zOd$IRQFNBIqMe}$l;Ysk31=0hldX8~EC0(bxWVkoGjwMS$z~=&NPeo8{Qy0s{%pB^ zVyM=IwoL4K$lo9udnCQT3Txi~m*8vZTE#IZWbfpjV+GQm)j|Y}9(#^IMeAR|SpP=%Kk9-RO-IMh9fm z`~q3oon7ol$=vz;^GtGKl!K&8Xm;W4JbVTef_pA`CAYNr+zMyNO9T3}s45#efFXk; zk^gxdw6uf1j&9(gC426qgAUfYA&1PV&i=hgNZQlDuw@2#gliK1)zA$`45J6&&aek^ zJ>DOW{pBn0Zd!pMFRNdrlF1a$xIvTSjS07TED@q;kIg-FUYFvkkiLG;N-vZO`Duq~ z<#7gvr(Sao8p_B3i&=M0`HUc}U}&3h@z^{ego1BN4NOu=#%k9stMBlHNhDuO4SRNW z(+E9Jj%@s5CV*&RF3=~bb3^Q>B9EU8W7j+)cYW?J)j&a!X?2xIS8Kmt)V=ruTdJYV z%i2C9S#0wAnUKlom0c$f2eR5LyTIVqV@Q_E2%ppRpjLXvkEO}dLTN5$hY@6FY;@zo zXjR0ANko#1w`B7V?l5&Y%i-GZ@@!$XF_FQ^-6kia@%x_~$=K51ib|D9Cu;~ zO$(3*x1^on1>@ejnUg#BPq`I?4My-vLalB9 zXJ^NW+POk`NL5$^vmPfV%5jP;pT!q$m*ZA zHzu-Grti<_uRUY1j^L!&p?PhWoQ}dknkf+8Z%UB8)&~&PFJG@P+u6^Gmu?MNHSOCy zZ-t`nzUCFz>vNr_TpoC8afz{5~4xBD!@+dsnoOBcLT3ywpp_Dy8C;d*@DX~~r4qpVm zoL$%YFTsXuQrYoo?@}rPLQY?VhFQ=lPKzlZPLElyx=t8|$!%V@@@ti#2zBF$o(hl> zItZSkjb%pYahl=ed@!Gv;rrPk&4Ng^kNyJ;6&vHyb0%xDsMk>`(q<|$I4 zq~W7oU@UjUyjUAmK6A;{tkPEdv_S>KNZ8ASE zNv8vLNlhuV5WjD`ZiB!=A^!kWjo)daQt-j3GYa@YxwjAMwY-~zS6sF<=ZZ7VHL+8MJ@$n(K zF4tP5pcrV)<)T@0+p=dKPoE2RYHvykEl_{xOwKdWx^u+@E%E1fRwLRYN+<4c1lD2% zwF1KPbl zi%6GQD57hi(2TQU*xo`CGAdjg@qmK^u>{%EUAG8@5l-UJUdYWg0s8EpfnUM^M12j} zoa$2tNZPKvI)o0~Vj{^T7DMsZ_#*tnI2*8*^0LnM%UI-;=3!)2WfmBf)6vL7R^vHD zJV<4(F_DZ8T^y5P+vs9=W!YX$j*dBnkcNNHaV{D!Tr(#~$!N)1`>hY3gffBh)EL;c zGTp}C@-A|<$FFVXDOQ6Dy{9*35gV(#SjoYBm9*0srRg`=(D@y$Wela7G%8}qDQB>2 zR#I>sQ?EMd3>b}UL(IR&c%GGc65TbF?vtC|gv(^a?#)%{y_0FYyT`6r? zCwFMVmnkBok_lE9%FNEZ(iK_o&_1NRGuqoUCg*k>A{k4WxsiHYWrXog)mB9yq2!4H z8B_}q5j@~6>pkDL23w9IaL%VD_rx65$;{O^8U;yYPh(i=z_vG@Y*N-pPe&uDmQ7HK zxZaf<*k4ukTpH`9&Y+cBqLlS$nUKI>-GoHX0uKa4^#Qi{;{{`!l=2?6+X92BbiL~B z)^5w}qt$~cn`-;?jKlyWi9%duE86Rau>gURrb=58zbvt6!Hp{;b!lI)%{?7AGCY5^ zzeheyWp{RZJ+rgzu{zniWQ+8v$!4rqF%yl*{6HL8dX1T zirJT`4o`)Emnt zW=0w`jSZ2t`=T`{7#q#Q9K&nHRxzU~ch^&ris*1Oz!Nh_W}trE&!b)0^7?m8 zKtgWp-J7T^gYa|^K$q01OQdEy5WF{CeEc2;_WiKaIWudCWK{Wc3S0_l;xD|Z!!z6e z0@yJ#{%?RC0~6!_5Oquhj0}t%EdTTQ{{VK3EKE!U|9Aa=0Cuh}@;E<>w)Sr1{Aduj zc-#Nly#i_K$LRt_fL#&Zo$QbNdqBY+11&e7MD^6voW2Zi{z^lA_CAEq<& z%Uv#%U0{7`I?M16!5S6_I76Ro5kU-|{J(0;^F$cHRuZv4>hJ|5r(({Fd!Q1>FjBme138>e{2M_vFXJ}`fVsveg9Ti1lNoJn{@+( z7Hu3{LfOA@Nlhs&v0PLF;)+UIXn@N`pktTjW(~l~O@;&f8DxreSbjunNG2~PwS<+_ zWmfsLlSB7PFn{QMs3=HJ!B4%5`JqI>Z))uHiWKDG133VIB3P75is6BS)6-Ggn?o3r zFm{b5u1#hh(D_!t0Y`uK4M6=rS$?nmJftpvT7#H?L8OnP{faRFlX%eT)P6n*zyQBw zs>I4j$41Rf>w3!u9@Oj`xu=bS+j+hU^GV6c^6}r8S4g~Zyz}oeExBA816r^RuBIWu zA5we&7wk}QG^Ecyj-gE;pFpcWbR>Uf1PG_+w+RRJ0R}Fo@1t_&F(o`}N6X4h>&eK) z#!AgbKYqdN-xGjK!yn_XKjU}&kS0c_UtkRl9UaVleK4RQb~CV6|AU}R0iA3>7C+;9 zXmg1twTS=#3v}|bvSsDp3dhgA>)#C+N(dTUBQJV8=C;4m8qD>Pji4v+iqTMKQ#LfieiesxVi0knBgu=UOk$Mb+eyBz?iCcg%N$OV5=rm(?4?124l z^%|}92kuZ`W=Ofi+H!{K0^L10gs}kB%wA^sY~xT6UqWw=tWF^g%M+mIH!pXQf8K&; zNC4`AH2L)%VKpeve7mRvstEr3dWIN@ewDui0;7Ci(U7gvG=%zI@ECSA^Bl^A@)%ke ze|~$Se<7N)BmbG%PyHY6u%7qKW^njl@&3jx{y0m(y(e=Y?sWXKPxx>7rCbn}2T$vC ze@NAWGY3p%kgRRsgI_-4#Lq0g)`voYTAu~v=wSh{(cAj{F7&VbiCasa*kG5`%o zzv-9jU3m?_?8T|Brl!mrzG+eaa8f|E_-O?6tuWR;08M3OP4UjN8GId{9ss-B^@WTe zo&SXR0l>L1fI>0=aCGu_=WXwcg-1*atOYB zDI3yz6>$!&H_e}%6f?3_u=3q|{etv3eRzd61jdKYium4}cy$O8eufU)h8ywEQn8S% zOnIqz=Ne2%!JAw*TzHGCrr%N978!0RO#GNAj(;+CG5%`_&0}t-pjq2?MI7RJ40Fj8 zGSb;*&xtrvr|(yiJ2#HGxn zq&Qz}Pk+RaLw+eNGH9rYGwD9RT20a};OjA#I5DX{u~fJhhYtC$ejsLj!vl}VSdY;X zrv1a?!72LrPYi}c*D%tR-H8pUY$sE1;iQ)dJ);@ms4j z0!BDb)mm!7kQx0@f;q3E{PSA+$}Ygeb96VzL)QLBy6e!B732pasJD9~@4i=`Sye7*?qcZhP)zhHLZR{v?_sz_9R9436=P(ry`l%f9#)I)ZbuALKj_x_ozxx(xa^f@ z*{`S+I~*I|-5@@Ar9SlbE}1CNcbo0rED-+mq-8XCdg4;c_n%`{DfA{Lr_oEJ?Kmzr z`?S%oedSZfzo0k%TA4>qEuSR|&teT6Jp&dkj!s@aSU*Cyc@niRG5{mbnHZx#%c>=K zYz5_=VMyJ@qla&WI6Ce$`HDC!UP@}wN1~f;;vQ3g!MfjjpVp{Ij{ehiwmo;2$)Nv~ z9Zj@w-9?FW=*`CKj5?^>f-xr2eJ5w(c3;VDJ29=)r{@lVyE{Cli?y)Z>PlSJdOf|=4XB;hF|jkSz==qRSx`hnkb~}viwO-1(K}i^7)Tv;M-=&YVIIue$*0*9$(dl zz51h#6=p8WeeN5R_~j3QkDz;)S|$NU7#3`Uhh%me;o&kpK|b29N>RZy;m||2I7!hiX(LwG!WZ;6;ptM0#_kSD>IxjKb@J<=dRV>rgKk zTnH92X?q84>kE*-Zc1|rUSG%|h-rD2!+0ihXu%Z9@CjlPZnXm}xnn!c_s@30SOhKp zge_`|HCq2|06CkH z%qh8T4W7HothJR#w?k9Ce|~f4i7nH1o@FRPk3ywI+sCGqd^#Q;8rtEMUPl?l^%`!2 zxW`r&V^xg+R>g{MbI9rVi&+=E^9A*;n2Lo`|E97g^t;Q3)??QK<%BsZ0vv;QDI9Rd zE)R!++nat9;e|VLtuvTM!IXh763ZCV{}%u_yZ+Z1JE0e3X>7$4ut^(xWv3$2v#oar zGIP}vv}J1t;l0fN5kr{Y?##M`s%GCOEak}&(d<+85!gtsTsGs#*CThOldv}?5Tm+> zocyv2R}pY8%QA~OxZ6GRL)*0L3kmd4?4rL2U&|d`VM`{0Go8zBIfoRHXI`u4^9l%{~(&LL;^z9td z^|ywW*(>S+m>U$5^lbzk=XY74d-3g(k5etn@@U;}n6g$$*2q<$uRUIET97aUz6c0a*B{~K>pO{k4yAEHG+aaj zWw63BmG{+H(11iVA!RZ)Iu)E7he$o8|F!D}a}1lIYD|0k%wLawA%hG}c%uT!+f2=& zv1mTZVSFHBRmebKJe&fh3tJ}IpVWy?_4bZ~%Psvpo_X5C_+f-kvZP(g?;;$f1x~~r zAz!82^Qb=Xr&=&GxRmsykDsrs>LEKd4QU8f;zUHHuvLZhZJP%9PTpZB*@S2tJfDO3 z8+!=EL+_vC{Dxz8@Q=4y+dZhI2Cr}t2omKTaTf|0+=hUp8h%VOp!Ut!cn9KBQb?_0r{C$>{8%iaaX2r zK3&x@DvQZ@pG$w953SJm!WU^d1uS~fm1uWrm?8FmKTa->6BO3+-m3~MR`>M?D?#Q; zq$vnX3A6T!F?kBTghFHOU$RUeRYS6-)ef=4xr7-npiC8ZN_b-CPBn{Zm7F`WuCByYW@|u>1 zu`MEHi+m*l6QCNKm%I72_6E|?6Y#Lh@(sN1_x)OY+P3sbrRca+G){-!LE0#Sg^t`> z_IU%0n8<20IVgjObxDFKL$vlPZ@?kfF@vF`DS1Ynw z=LjNB?w9ia5LM$;EWD5nd)1@UTcp0exemAk%wUxXKVcx@2YNbG&|l9KV*8Xj;ecv6 zr>H0o3F)uNmoVn$i7xG7SqA-}DTsk_FvGNjxYG0%JVXC0acIlcB%kUK6YO7w9U;3_ z_{sZhl%@FIKKhJgw57^3a|d!aMb6b0c1`e!*+L2F=_946jQ9GtypQdypJ{wU>Z;k* z*`GYSZzaK0Q^O36o|86*R+6onhA6^OD*3&f$mJ-POq0s0LLe^j8JhPLE%l^aasY`F zkn`PM4k?ob2$5HwoTg5}{U658AyybANTb)bZQHhO-~ZaSZQHhO+qP}np0}CZEN0nB zC!KV<7M(ivoj`imH1fSwJX#vUQ~9-H#&6^7@SX6j1s8s}I7Gg!-u&FqQ-=C<;F)sSDW87W-zx=k%$?W(t} zQ~slxJ3g;1$XDXkjQHm0j@#B`S-c?DTf5bRioDsXANYeQZD6hjKB3}+O*QZccMST+ z%XDm60^)GscF$@Ste4p&x5djhW7w{tjxUw!?^w5S1vb{EQE54`6k;4N1v^Rvc~-Th zMxRm1WYc?NQrw%M$=hR@y*r6hYSn}gD)i_R?sAom4YonjuNTGAgKUg1Uj7X5a2|~2 z#M%r+T#k3er#H= z^r?8Wt;0}+h~D5X#j#lux_9r*VMbRC84+giR)I&SMcAm^JnEliThbRP>)Z*b9+T8g zHW$^`pdsu2xGG^#yHJCWAGo5i8g&y)aD!sKWcEaB9VrOE0bV`DXw5L9bK#g4KHi|3 zZj)A2^hT6*r{vUmr)X*tkE&8MezV${>s3Hf5h$TvKn1=RA!l7u+20dg?`5e*kt%v^ zvfOdV((&XNmg=n}n(hKTY=HxFr^AO!tn!Mw3tDO~OmO61Bi{KdZP|GD`x&thid{rk?#xh`85uY^N<(s!AZxN==!!g|y2nFGgmJ{EGi=qP9 z^tG0L;{!dG!9;#dg183R-NX$LQ84&ed1H;1XsPjlWNmh2sQ}7LN_at7N-f%NLIv;ZG;EKZ17oCNj zJz-k0cCG169z4$YaJ~a0-*lPWgIaoQx7(OBBO4%jz6DH`{g+Z|t}NfBQ0R9atWLM|Hqq7)HVn{|wxBYx{Ln;ye< z7{XDox)QEkY2x>X-gRu1GvdfgDx*mHV~Znr4~;)0#AKFDmTya!H1t)T9mD+3Uv{xH zyH~lrb_Sk?{dd_qxW8AT^aqIvafA9uK=#y=jI}!|!hV$sDkkFKj%_vNDI0`4YOP}Z zB57Zug|p2=UBoS^d@o$p!s!4O?nZ|DL;G7P>G`KajFE25SWn0~HQ`Fx5j6NH5VI1k zY@sl7L>Y!`5o?PBa;YO>eXckXmo4sMQ0)7t05LifgQ?;MFDdVAPE3tZQa|)D6b*i= z3C{8Li=D*AO-<4rY5=&~u$hejiFXtoN2ikqs<)a$SP$)Rx2KEAQFK&`S6b)QLMcVB zHU**^opxOaA5P_@L06@MydU41;a`64bkEQo8J;M9B^+u2EDj+Ed4$b%0Ns+4kVeJp zwQnxhT%vD=uMJJ>4r(NGIdY?F4p(w9P4G;?2o^Hweg z+5SGWrUV`nJ)QWAn`-|f1ij1R(9I<@{aZDE=;+p-R;_7wnR^zkcosw;ww>TrV# zemBY>$lwDz&TH8$={8Gr*#N$ggdW*kaLl8z<2N1011Fh*u$GIjh53cux_@VqPo>p>uwcy$@6Pl=w>h?LmD> zyfvN?6C@K(Cbu5TzmaHr@Q>87>&(~9aefa&DP_Viw!c{&{<#x5P-9Gb5lbn<0;+3V zod93M%72}4Hy}?-A9>T?X>d&L^hY9>$q?!0gHA{T?PJ-1vIb`EW(&THZQq5!6de-7 z(+%tCA-^t1!@@6?opk?svv#7RrZ&kG2XMz%H%!c`aLe6ky4!o8H|@Mh7lT3|W1A9m z842z0)+vIPM#$84bXdrV>r`@>+qm;`+=pYaAHQxsx-Cm&pSoOBkCZO!s{#%A|MZ@x00tfKWHDvy6?P+5+~22MOhv`knw z=oID4F0U~mmGE$ds*rV{B8sZjhi@?OS)wT*8Usj&8qsfEhfr>bXxzMX{K8qixuY&c zWk7Z6xT4fdB3hpmKE6|O4^Biq4Qqzry#1+%xXFd_TOm|YlhslZ3r(GS37PAv!#hRR zh_NnXO*&e2f|(1&2JhB=>4hgU{ZPg{)8^wd^Vf>jYqiU3o-B*RUWQg$X~{7Aj@YGP zY6VOnuprn&$`iWM$@1zs7oA?u{O=ai4v!sl%cmxAr0`ifk~<=av#lZh*9Q2O59+KP z=U5J}_)J)t(|Gc>iMOgxp~%p%ByNoyD8b^QZeN%hr=%2c6WW6REq1zgDP2i=xCm0u zCGJi^k0ySdh07dM=(7ST`mToWp9asC5ecBU*RpuL6>`neP6|1-dY+e;m zUms>&(b>`Q=1I_GeTT+*$E{b8aCp46IAoRsXMk;m+Pih9>by4x^C&Nkw)X*-Qok{Y zOCUpRc{*VprA%c-zu!%*bl!iHAE8LcUNY8XULXm3FXZKns@nCc=wr7--S%^oqc5v_ zaU%~m8r5a#dJYAj{~7@jWZxOJtj6CjLNz=)`C*w-=?}|QzPp(XPmmXV(n1I~4F8sFCV{$u83(w&=UnV*E9v9vCM%`><~%p z-4nGfMJ+td`mG2m5ufH!wwGme8%~r4yu}STuuUdFFRglK1X}V7p(>HoOx)XU-?A~6 z`ynLUuSS{U`*!g%{hNtG%Q!JZF4-FoXyT7r$#im#ZV3~wg}V;ArVVbOW}Q@DJC2Fn zrxVWCW*2~~U3EF7m|Gd<*B*(sZEznTW)@Ha?ZfemzDh3GCrXiK?1+N2#Uw)05 zRrBvPw)=;V1y9vr#jPZSVm$}fs5WZ#=yTq6l8P;-Ex!4*!|{>(a_M`I^q*Lv@9=2` zqDJw|2Ge*unMa`z67@ptJog6*1iV?&o%n3qy%7rME>6gL+?rEN9dN+3&%PcRa&v#X z_pJP1#>&y26>BVzHTAC9;*9CUxldU>gl&5qUl(yp%yq1J&GZ!@tdT7t^vL)WkO~^aMoNIE34GE`t2cQqvd}2F zas2wc{el*`t>Nt5o|IFPH=29L#tfW*_6lVJgq?3O#BtLhnRnzro9KUf&KD*2BNcsH zNkeOgL?Qp-V-@?*rbUmw8zh^VcuRX;9dH&7N&+U}h|k9DujNIAh&0`iO-P)0&2M0k zG{brK&zSAW8gK68$a`jA{M<0CdkKIky2+gPNtrVRCBNrU9`glu1IzL(Ek7ZcqS^^z zk3RvDxO@`Q>z^s#wKRx@;l+7|)#)65idQTqE(mGUKx!*}ZyqYIo5KTMs>< zKy^Anx=p6tnnCZ)LW-dvn z=TQagsD;?@BwvS_Y$7$#Aa1s>@XJx=%1lQtWJt{+KTG#{bsjce{489T{Eg=R>`wF< zWx{39IDFMY4u=HnS1VTS$N>;m_W3j~WHw-uzL+}OO-y(FieR>?jd@Cq9qSaq!)Bx8 zaNqs_Vf3=2R&!A~>%I@{mr^kjhdKkWTcI!Y{i0JhHjitH(w#CcpawqA@9~>;&$HjJ z8z+sFLG_YD;-Yj(j7FjZLGW=x%n~E>(zsP|wZ5ha4}+w7b^SoB-f?JRzB4b-mVBYZqBD91B;GpcAnR8f#9UGyQE`(yO_4(FR1S z(C9|nAiY$O@BeueVDL)k>T=`+wcXD1Br}NP##!p9&Re57)ed zG#1Z{Y;8#PZrTqve_zY?BaVM7=A5n7@`(q71pKvuZB?dxp16j{s;Io??IrhC^*-G) z8v*;JQ7!gBswN)eLzO4uF`CBl(_cmn3n)gR#e1LDL6l8Z*gKE!v^;xGy<=R}X62(T z$g*tN11nxPXw||6$_@|ES@-jG+3rwi-pI&#FOJajsvm3Xka4 z^M?@TkeyMaHhxH!6Vlh;x>&Vfo2X$xU~)y7_EjnpH5_F*+^51`F!kR@A;~Vz^6{QL z2X>^J>Zx&>*PG`e3X60{3;u+5^FF`NdOjlyna#b_jxClQ(9P(LNp5n;g^Xk(rkGE; zNy0(cl;-FWIr<0{6!KZEi{J`0w$F(Uy^piqniN(k^(NcFP`IVMKf1eGB}j@Jd8e{X zXcP-spX|*d#{GHI4jAmhI9B`#cv>z6b*6NR`eHW)mOizW!SO4>Te8yftP!c4+c2{oHn<3e zl{aUHcN_o}PM%3Tu1r49 zBq7^t@`g#Vv5%|QaqF09#0K`gnnAz98vpcU7J(%X^bI1)j4m~7kVb8+GS#Thed0A? zkV(2}grC;U-YOa`kjuRaF2>)xkQdO7f_Q;dIWBIZm`o=h!et;n8ZvOP?@c`%i1S>V=7NK|FROH8X#7phF8-^8U&7|EWeB0 z>ivx=?8z-53~n2?Gl^=^Uf_)KBH$elFJV#MaHBix6(+?Vsid|Xb^hu{eZUoM7)=(3 zTO=V5qaf6>fpsaK@#6XWI7RI;Gb+1xDXz;lmgA64D2&6Q-L^KPAsX_KsVqx`4Wd>J zX7Lf=hw+A&B*b@<2>rvFy=jV`i7lo*1(w_{_HCoVpL{!RiNYFBCjCYzClz9!vCi`R zyWU;;UZbMgh%LV%Y`K#eOl79s_x2fMCYDiZ;x*uFpL*VkounFyb@HCqYeOmu0r{3v z1~b_q9&E<97`vS~J1^NE&kxHeUkTn_@SZzOl~;c%!d3n*SCbwy6rBrT&4Sv3Iw{z( z2_OVTw?CcVp3+8tiCJ9HZ^cbnD}KA4m|&#w<#%P`I1T1FQhnim)NmALk=Ayh`w$x^ zX!8vBRC7kA59WqEnNA!Qa3ygf%n2^KmaIe>;d?LwcUu}O4O9EU8RmQCIu}zvJfF5^qBBJJV&zT=Ewk!*eJ;n~ z5iTAl>0dejiHiMTT>Vf4tCk2Q0Onx5W>N4=$|Dm69P`GdS2woMzO<6`s68@_csPA+ z*>%0Ree*J1_d>bjG(k~JxyMVwZPB24a_(ay?i_k+!|CidD@in`tx{1Kwnq}Jocio# zuf~HQbkFg)`j1k#-Pb6jO8f{PS@hS$b?X_m!o^63mJB1`H*7{J2%?63^Ku6BcVQdg zUlpx>xr~_rbQ9XtV@y;R9Yti|JOB4$yorHzYf4qCb7o4Ky@I>m+GFAECtl-H=rsl& zSu`jr4xl%TSI9dnfjkREl~$h49@AO>w@r4n&@WhiWQA;jV!=C5o6_bUj@dL^>?eI_ zk6mYyq{}MpI;ea9fbdtsm1?>E!JwW1f$r7Y!c*ov)(gaQ>quO(igtK21r3{glWQm4 z25LQ-_f9v*Rl(o$ek|vnY0e^cwP}VZGSbmVh57XUFSMe+kz_nAGWD!y3T{NrmVndD#GbNT7`q=8S>)<9Cro;kd9P__D%+D#mgaV;vOI?~XiVo( zqb!7kRQgA@WF41hrG!r0{zZ+5Ur6LdV+QRD=VEMH!BBJ)GxV4Ts$s2LnC*-sor-V- zlI&zfvVy$et-7U#vc}-Xaa_0#`Q_>`=Dv$Bd?t2>chdsLCpXyExHb7x@uaW})ePa( z;`4^D8$(3@dsUX+f8OxTh;kkiIQ(S0Pmggzc5x9GxrUBM*#}ik^6+SWEB*)BA!t>_ zZd{BJ-d(wQ5^e5&kpJ+P?i-7?$iv{>VZ@oVOL60bqADiw>43$!vo6jMPTAUWE?&Hh zl&m;%Y(zmQ93CV_>yOL?Q+jBOUbmRtYGB18e5;*!y<>nFpVzQ2O;!9@tiM835hr|# z;t}J`Rt72zrVH(=tydgn8fP)76qA% z%45+xzv;NT68LZ)6}imbwx}lE0o=Gz zwc0lK4bk2VNtew634BCnoM+hKBiu#E*QKQEA2~m5C-$zWyqk@BmD#Pw&3857a@`GU zLa9{~f{WG$a$--XwvJTH*8GjB!JMwzF~+CELUFa|%MVZOAd7+6 zwIza+WpdkmfES;F2WE|19W60srvrcor}Cz})5_Gyj#E}8#eaI?TLf^2fPI`X<)!8!8j?tyK6B3&98BJCWwkMC zlabPk%S{S=&@tyhJ668EG#qF@oht8rGR6@^uhOSTl_kY`lt?VO(tkF|S!4gz2U>*& zo=3uFRl}u6>vUSRuO12e4e7@;rj3YbCtv z$4v@saUHTY$k~)1JK+Pk5-b>D*i+WG^|w?KUKFZJ|CRzoA28nUz8^sL{?RnOBa!{7v=e|Y zq9lZ8OjK4Tj zi1zOUY3;!4!6|EzY>n#XM^k{sUD{8=CTC*^h6a!FwlKFV8Dm1S+hUUrhqB)c!HRJo zzlE<(BV(Dlr_=EYu?oR*pVu{RGcz{D2-(ZQ2DswYS~27pPXJ@Gc9^v>$bYpp5-pkX zWb?GNX9?4mOoiiq>$E8in!&l9-XzlG$#Fr8d7h$uG09aa#XD8gapuX+Za3)b8EiuA zjvnFwn(4jwa+teEEQYuwGKBogQef#R6GJy$?SHnCiKQjJOV(iTTT`W)YOM9@+j;R^ zLPd9h4IX!^DfJ0cj}(>?BCx|u^QmLmZ3O*WD?+oYaJqzB2kK@A^+3c(Tl=YU=R+g* z?9mqSNs6jgX+wbGtltk$K+lWy{MPik5#6jEbrC|`79K&8y0an{WN>`Tz&r0_wG9k zM>?mwnzU3>%tZ-Qqj29yGP9mI>yDA|4l9L4Fzxs}!RYWa%d7NIsyDyKL>w_`xT0c% zcl~x7t!1V)|Bd&9ME_gu{;=kmVyH68DA?aMH^|8dR)c7~QvJUstPKL6((;b3R_-xU)96FVov|A|F2 zak8+n{Xenj=?)i#?VUwhm;q9A`>g$2+kyWqBOsXDr0re8_HJ%&fgo;S0`}0ibbBOo zUUHAQUX{IHXS9})nmb-@buC?9e_)~4J%LO)`3W(A3e%&T39%8m3E25S%Lr~Q;FSP3 zHU4nULTssG0H&T|VruS8Oa@;0y+s)@E#bYy@!0(b=1}qM&LB3e;0(-6jsr=6!vU)T zUhzv1`ukAvpj?+#?VCUu0LhZ7{N&&49TkD;hSsCeEzmWrS zZ`26=>!ZKuu>JIS0QphG^P7OlD+lTdgr5G%y#*mLO+g`;0(+Yf1fulP@bOI!V3;!i z$!x0t!1)!uC5-)}?`{yPCW@pc{_Tm~m4QsCyaF>Y=jJu=NMIlsnU`Bv*jzw2xB#;P z3V1%mMSkwm=i0z3G6DH%y)Bfy;f0M!H8n9mf8|JOYKo|3py3dc72!bsmdyYTswSvf z{@GCD?^{n%DCe*Oi<{#ze`~Iqil~C9vY?7&p?YP2`as@bCoEqh&-};nLBjyQ<$yM< zt!)jTIRF9{m*?hFGyVJ5*D`j8$NLg?Ms`AWR+2B&0g)A$5n9RcSnm~S0KtO)nCZH!IBO)oP=K^J-Z&&>nzZE<^MNvm~v{HqE zM2&@iGe1%J8KmH)(MR-ysekr>8~_3N z0)IMqL5$%oz(apDF8c2!!E!RXav^eJN*XG1n$PUg*kAmBI5{%DH$Q!w?|reeDtia) zCYYe0nEolf8LZ`3&o!`u-#9P0IXD2reKz^%^WpD#!r(x`IoCISl1V>lQ@?wczp8MA z*zq_v(r)rTXMfiJe5}a9+xjkl`lKx&EZv#G#l!rFfd0;kX$8p?Y-Xze{;b}thU(%2 ziJ0;=O^iSof^?(vDbZTkkXjoWfe_vN|5i|mO!J{QH`lwEzS9=k>RTOJUH|OxjF_#8 z^vYlu92-p(TG*PLfTSY7=RD&ff8%CA&LQ+c0B!_|tj#CysZZ_%-%U(EO~7(O%erb} zX!|wx76H#KOkqHN0^Qu^|6nW?y~y*+zV>4OV)ipQ0K`l~WAhupcPQ@rilnu$w*cCI z8H3Wlr(XDBB|g5`ihy)X#Mo9-Yx7H4L(TqskRUBkCx2II3x4%zPL0jUz@Yix{8LYP z)GsyDG&+BCEq@I%xbM_KrBiOPAn`xWpaP(q_{7F!er()hL9jD?`@JV zYa>RGnPBricCS|sfcZv--}3n73$V1+0dQ~tt$zOm<{y5*%@ip87{M4MAR?(DpclW> z$i90NmN(}|$EPIMh@Ea6?*0D|`Em-xeR`w5=G9RM(b{|M*+g3kL8!HN9^ui*`W7{dPqrwLa55TN}9 zAK`&cl753Y0AU>c5GaDa`w+<~f(G$HCiCCH1DGg&1oL4g{Sc`A1yBClsQeQo@VWd; z5YP9*4>2ry1P|n}@XdY*RI~gSBtQ-OOE51r6?-_a83`Q1oRCZ zSd8%(Fr9BcYU(%G@Ew@<_g|oMq^b3X*+AV5o7}4(D2NT?2XtWU(DPnAsxwY$ZEI!!tmTByfIM22Q><^MAl56aefQis-J@yP(sTObYS}C52&Eb z-{JsB;mN%?`S^wY>0=tUiqsgtt%9Mr@_(}m#`zP5_Rg&zR=^TzOL>(6g@3>C`}*ca zf9#_1+jIXN1aj6_2@Lg#4sNQTw)Wqdxm)-z`4YAQUw#{(&20?;m06epd?vpwB5HdJyVEDc#OH8kKpTSmf1YJeeMs>?9^cd~-GL5A|CBZBj>rL-_fyqrU3<}umC*Du)NJd_EOlAmBVw}O34(r_ zy?;h9lhWT4X!61z4ml-&s92|6iUJhp^U2xeWT!Lt(uCJFpzT-wzp6QZK#Y zvBZS{l!TCFtOiL*TF7u^OwDyFkapZfFvw+*NIuRWI`;$6?@Js-nzarZB{Zqo6R@BHP9n`u!2qMx# z?SA|Us?icD0|hIpBaE7sWE_aEUzCrDbBuhg7Y32YXI7r}Uv!*DDh+Dff7jd%Wz1z) zDOsUj$kpp@!A?K^xBs)s*2F}sZIUTHfRYAKZKN4nWV-c2%CsvXPwam(E+@<=c^V zOvdqu1ih0lmvWwZGfqO;xCJ|=3qpJvf9omjBF}7qrcf_R>F))=QihT)) z{z%oq-&k}c$-~WJ8O`BZIm=E>g`P5EcS4~Sl%@8R=^zSQpb;VxeIXGmF*|uWVwePN za<}cKbQriqFAQNZ@+=FVTlwqgCc7B~v1FQ;AU(MdG=C3im88&;NE#r@zp2{7YPCV!Na|&G$ynGCS_X`!?#=~aQ8g9EU=-pVO3s*z(OAXF=lKoBeQ_fE$ zGIx~o6}XoHZld3;I7_BXab@~n*EARUHvE&{juZVZ$j7IBVN^y*RVC3&n3A#uS)6C; zEr|j+*4;R(Z6GA~MH!1E^}{^z57h*!;RZ~^^F)^emrDU9ljKChWdJUy-$j4>YB)GG}-HX@BQ@b^G?C@l~ejA*M z-B@cIPwtPW@Pki2Q(vn*Rj6NhRt(fhTnf6U#bAnR26#_h@+momFh#Bw7bYF+vw?Jy zH~FrsjsGygfPd=NNkOZPG7nDe!FVuKSTtCiH+5UXd9o(f0BWDSTrl)y2xK@xHxKUD z8~uA@t68;pfd>FWxyYb;Vk>2|upaiNRz|XYvpYN4?Tt~%uck;j2@BS;<^kxaUG&bk zyNUo_DZaG^jrxRg@|f8@m&>8fWu}Z_v|AB(onu_)s5$xphR(u;WmKw4s6|A+5boNp z)uUOy?L?-|?AmkM;|0gJhR0iGl(fCRa_&$$VpJ^LwLN5SnD6u7XMw=IN&tOsQbb?7 zjSnc`N76rB&3n41q3`@nj>3EIazS8fhQeg*vX5ivf)tIfB_B*iQ($UV z;cF9?&9Z{y**OgpmJip?9dV4lz_wDXbZ#smI91Y$2oNt&Rn^;IDTKmt+&xUH;Figi zpt}oXr{*(!{fCh-$;*VQ+7VGnoXDAy^88mF^cGKTsPqIvpOE>pWC06fRyfF!Gdl%5 ztlw+E*36^v)1BGNBi17xXo(n_=}^J=lDc)8=xoDY+8j(>(1sMTY5P){GQMrv==%%PUF zB-MA3mXuq~prGPelWmok1fIvN_u9gYgP=uVqZhXd;F#b#XB>;QkJv%3>lQ)!~ zmoN!7u6KC6Ivf0gk}E#yVsTeJQrCj$Y_qqW6(n(V zY)X&HMeCId+C0RKyoQHGA{4=M?yfJN>r0tsk-R||G)c*B>dxT^8{E&E?89PVMi9zB z&yegec4B?`BN)l=s+JqOXaRjg61`hhs!Xk-Crdk33uwedIykfJ8$s6&ts6r>`ey_{ zsuUq#1oXHBryZh{y6nFTV0G`6AIS0?(j!kxofB?%O?b#P2D_nlg*AJ(hD5K+`Fij=6FiP&njV2Z zQoYa=7E0BfJUcK+b_CB=*?7^*Crlw0` zpDk4}11M+Q&zZd&KJw=4mkF#WwH*x9?a*%=Pe0{YpE}VbF^~|B3f>Yk<<;2(dyl79 z-pseY6e@A-QoL8jNlGR&6LJm1xJH}tCxv~fvMebxbh$?$D`@BLO!@eg@53dsbeIJa zhc5fMX`R@DK%bFjf#A<{34m>(`GbIS>GvYwujfW7KwuKp!yBz!*qP@jzibemAWoh$ zc~n*yvhDZiF9jB0Eh+njvgmdslJC|TT&U{&V7=MH&pQp(cL#}PtT&(5QQdwBs0GJn zWYcG9jT!HW^l?9>UX`Y}NZxlDsIPo0*?7GYkYSKKEzQp&AF2||ZIeX|NZ>^z6v#V} z((`N~ieuUnf~BmpJ?sF-AS2T5X^MS&LkZ2Gg-=#4Mca1;oUuN@D#7Y@U=qxpk@r@< zj8m+D@bcK|_&l;I?J8Le{O=(u>*sEvP^3WQnkS#J= zbN-t|7X5JpOlHQDEJ=B!mwIEIl~ymrVlGM@A94S{Pay1Sih(f}D#M=2Qwgx7F}suh zi<-7VrK;Ydr&$2RkJN06Mx;DfVZnSHxhtYQ;a?8bS>&ZH4*8nesZstC15YE(dv@)Q z-27>O8>AvSM*&VVEJE&Qu2qiWLKFLm6~fdX@DrzQ-(P%(tLuuGJ(ev2{5HA9zAQg@ zl?nNHZcrLNJB<65e_x*?s$&s$m^skgQ~v4GwT*Y|)4tRGPY%Y~q0Ei?ZN97V^xAb% z;rV%ea0DVe?q-rh*W5W175SR7({t6=b$qL3s*t{kvCBDK- zUd7lJ5oaF39@%`^dVadBv;LhJy?%1VT)wdex9Pq!hV>(eZqGco`%kX^hSqj@pt4+J zVQy(FA{2B8Zm60bHHwc4x6=8>$^DD|&;~i-(9k4jOu=|3{Uoa}Q;lgac=Eeul2o5+ zjbG6c8I(|q58u_p*FDVPLfWw8;JKQHub)_0as<1G&uO`(PDs3Ez#t?>KFXDx?9%%6X=S25k57CsiB2KdDqau zt~f3{;v-S|jV!!Rl)(I=m6=mXxYZQ z$*}^vtb|^FbTSUwgtaK1y_ZU;2raALv2&Wt4rb-qq2xvh+M#ovYsNkd3DMX1wu4Bw z5V4874TlNn5hACY#%rxjNeeG%A`g1+ughsgTiUv`e_dByFJsk7DD(x9=XiUkD0S)W zb^%qqMp4|ElJCM**f4B%tTHtzT@JL#GYEJ8)NAIdT>oLw$wF4k5SJa!@h6!-u!bGw z&OriLHGejI;fQaaT5SRCq{LPNaB#AV+PpNh&>n~{&x5%xRWad`YX_Ix{z!$HsRFt< z#GAa&X$wlv%P5YDeWH@@md!;h9j_a-)LTFDAtcOvt#+ zcRzLx)09GyyPcCZFkf;4=~G3^XJZpO_=DoH z)!$#rtD2_zAHiluC3rx#yIu+}C=ga#u&};8N+?)MZK4lkVI5&akxg%y?glLRJ&o0i z1P7nwI`z4NU01D;=$BzgLM*7RLZGvq5(?ukC4)J%`}Ifbtp>7_nhbXH zzi7f(=!#XS!8M|<&AJ-E5hjbh{r5d;ymLJ#Fi+eNT`|MLem23Lz1tq1oSvi`vuFI7 z>Kgs~$+oW#vGl)(=-vZqwVGv1VFu(MN)w7%5vN7IE279MWRy!*&g`S!=2=RRcoG-Q zuslsq#Ccni4C#)rWIS8<9xGlG>JdP2LIo}(r|qHpi!qVh`aciK$p&g)UKvH9)P{=~ z)V$!*Eo~qzQUg$I=ZZCY zqz*6CwSnN$=HJz3hNBM@Bon)^8(j=&unohGquz|ip5NOC)=%xUFKifs2DQ{uFeC`z6frSdOi-+z=K6S zIcNILu_9u-1hm_MgX-s%qI=|4mt0LTe?3hs|h$S?GZ}k!G+b8!;R!Xj8Sr zpYCauYSKOw+L#H{_V3T$=YM8dt%}O$m}`+2K~RhgB|T5e$Hy#Y_6b6`IKYUh zbIS2rPp8%c_lKYCkXx~pCV1zt(Xw`RIflv7R!o)PkowzWwc-L=yjK?7a z3i=a?0G{D0kaI!xd^3NZ!OdXZ?MSn~ZXiqc;Y=G)Gnj1fEI|!Tbs-)Bj{6*7qT)>A zB7fLCdi@1?WDH3>XQ@%vvwp1%;|ZWwzsNsZP2vFJBqLp|Ra@_P$SVKn*x1=EF-c;Y0@A;TBX>O)T9M z$@VM%n{YrEx4jbGnjOj;4tZD$dgwX%5)!~D#1y08GtytjI ziClW2*vB_7Pf`#e(?MF#OJAvuAicn<*#GWJZvq=p=)6Tie)|=yLoU3rhC3Jgo1^iM zd43)4g2P=>w^=hznkYQV`8H8@PI26@rw;LnZ_hijK?`3NWF%rji|Sr*grYjCGRv`s zWA%_pUiL2UB6&la1b1Swa~CWr3+SPvOW5d@dHQkdM;kEc(}~dCuGML7di(tLDtFeC9M-E@gA{{HMBRatO2vWV=nFv&uZ6s=P2a&Z zSf}S2?D(`^FIpKCnQyTbdrOR*eAY}-5Vt_Si`YytE>1A4<&hwd!{i;ce4bB|b4fJH zNUs_trwomlgRw7i8p`>d|FGI2C6ERY$93PE+ohrtD zJ-}FuZLH%IT>QQ}{xSp<|6|aFTK%obn>^?yN( zm2yvf35}_CkGM@~ z`Z@+?_^6c?mJoH9M2Lem%D?jA=gN#nL{wzdaztaan-LA_U-((}+v12bGuBm^F)GlG zbae8l#v(`uDG*@B%rz ztO-BAYtKky1MSb6%2gCx;Z12TJ}d9KKiV+>Sz&6_q!0njxOz07VeqD^fVf4xjWU8f zDrYO`t_|xkxwiNaCiqU9=yM;Zpa}pBN!4I-uEA^$cfO?CpBdMjp_1oJuyIwA@!{k3 z7)Sf;<0pqZ3#QO$D;8l2ppp)o<1vdBhtU|N0VC|%#LRIztprI?Sbkt|3>A4fWhK#*pVzam;uou|maaL6gkHkg_h-SK)4&P2>*{=c{2ADK0cDNj_3E8K@aw$y+MCL zj2M8cy86K>;3*E3*Zu8uHZo-gI!p&As+b}il63V;gwlGa7Iszz*=u_@U+7I6)OH6v zw$cr72DV~ZgrD(1DdQL4e7(z>)^4)KStIHlVw9fP4J8Fvy z9}kVs@zxZg02B5)f%hdA&U_)W8Uh-6baApw;nq>3-#8?$oNk3`Wn2cr+wq_R_;Oh&7i zNW22T*!Fke<-t4$=JP5}H2k4R42Mt*Ln9-zB?!_FI70wMu9ZqjGpMG3bV%M2!~yNnaq6nc^ijNH3Fo!J$q;hNl01+gY)5NC!cFi zINK-OJymll6losW)|Qq6p@?y6yee*4*`h05T@PY*b=z3fP9>x`Wdoeml5Z)_C|;D{ zUA%p?v&Ck)vpre?lR&-!+Kj}(vfZazdmf=J^H1?>^S|@|beb)>D&h8ci!Ryv(Tbf< zCin%UUYWu*plt$HH@8Tl(K^?>a(1dvc-)>o`qVK8rJa)WmU>plsM=p%=WhWN`!OGO zt&O}1fJ!{~W7Mur6Xi>udm%y1Q-y;7q|<6FP&F`}=0kG*BuA8k3n9<9i6{mRB+oBAllQ2H#2o0V@y)Wze48q9Nv!&vbV$7 zST!0f+S#Aj2CCagz%Uj|s-0WwcN8w_T|<=SH}h5sMP-gY?f-0=dsm5UCu#o&RY0o0 zS$pkKbI+9nrKvjgHd;iOdAt0V=FUb*1|<2C@WU3k+V}ZWGI&ZKbJblO{TQ-Ml@8Yi z>ns$ZdUaV>HT2gj10%R16R+-6GUw>KFy}D+x0qliL|W0753&^dAMSV31mk} z;_|0*3oqtDs6sm>2`suwBji|@=ZU@e;!jJSu$T5AM&}$l=ybz^<-@{O(-odxYr6vn zho41=*}k_ZVmqT$XceT$iU;n)6jgY4E22EephtFF9ROh-f{1Qvy#nq*7GM^eUkjhIsq00xgG5!?OO$^zLPw-f%ueANdjMv_&SXX zr8Whq6C3eWolr{jDuisu$6Vd1mVh8|l4Zpyx>3E|N}kX=FI3H(K}+Q&NS3Y-96X_F zs^-*#__){!I9%QdB13{O-|?iZH(XxqYGEcrPNGisG2ZeO$0~XsUpriIPm`EeMl;Gc z@h}k_!fD{iZs7yq6JZwQ`)(0m7g@euHc1|S(@HQ6bjqI&ma0vmiDy|1_20Wh#5SJy zw^3EU3RrUBIUsAD>h4iY zl>ryzdR_6|YI5Y{W(@eGkt&1q?n`8-pXSPCQB7C0jhAV0S11b{Vx{_sX+siC^WT{w z$9~S%W3E%!oDge8iUbFI#Yi*GjcuIQdXSrHXz8OV^z;eY@#qH;HxrS-jylM3jiE5l|EH)KkA5>$l>}WMD zMW;Dz+p326He}I0TmH1~)Lx>B1o-a8o8_OBl*1OQpOhad%8n`_n;TbJWUy!`3}%?U zXAc;kJdMol(P)ECg8l)Q;ro`GD8Ay`MD}gDp`&B$3l)oDTxbhgahw#FOkQ+ zY#wlX!Xdx%l}FRfzOjDhQ5Um0>tz9d3>9HfK0jlA)$#U7$|i$$^>MIjCJ-XvjksR0 zf+66L=%qOyaQ%t?uKYxQ2L5gX;u5?f>+W?zI&x{;-m9&1o7U;TjgYvs_>5aL|NNW+7n4irl5HTiZKcIr0BV~X~Sf&Y})EJ17*AjRIXMuQ>z5hCOmHin-!+|K0?>E zj7k5HXCvW>(qb&emfTjG47`l-Z0Dstq3cEs7CXtoS@IEc_#)qfi1wYi7$CDr0|$M4 z{MsLIF}j0U0&c=B=qxu;iO_G)uZDp9{gHLQLLzs&Ro5sZ!_1@tiqBm_?s_*tFRhhb z(AE88OvL0z1N^DlI|E3yq;(Tp zi4o#2WLeBZ;u7}k#(NUqNLn$-^nz&^eS*v!=BqH}YDnU=4x~ToBxKTHZAN39^8>(e zY3aE1Cl9b&;){M*7`2Y?BZ1p7Ni8kMh8!#d1dOy%WzHy$joyvVz*x3rdfSdljlY|d zp5e^o{Qfyzoj9$zh;5&yI56ZB+ZF>@w=&rhw}>M;p>3nfhvMbz8J)7jC`>x~+_DkN z;hF<0+85qE|0&xDcewi!8eo9xqi?O3u*F#=;q5cYV3m7U#ZK(uK|kztY~A+@BK;@& z-8ID=3rVvE{Y)B+m*uyadj01U(v+?-aX+Ggt*R3UDHfQLhjJr1(VCXjhLI24)JOs$ zFx0%6?7{>YoSG(nk)K8*5V5|D--At;f!lraXXu(|sgkT8iNR3Y<(cQgOsl?K&QCD$7I^9aRp1i&80*YnBZ5X_V#%%%&3X2_%c;iPz zm^SYXs$E)UOEu(sw%cUK;GDi7%mRE+=T0tMyxaV~L)aUTOEU z%#c2}cGx_O4A*KVT<{lL@7kk~vl|qU))~^$f*nb`&O=j~Ee`IE_l9t5$-iQEsA}A# zXJIds-%%7tHofqwf_cxRG-nG_tU$TLE=T)R*hQ}oEyscR2%@q2v&u<#!n8M_CJ}s* z>zP~$zGSE*rxrc0Tja&yO)FT67<`tOAE~FV2}(IxAHMAFn90D$oztmoC!M&El8!Kr z#A;Z@i_{Wi4qn=P|JB5FDXPsdlW|q+0H*MW78ocl;oZ|1APmcakd9tsj^#X>H)rnW zQMmaS)s}~ldryE7FBLG&%snWQ3)vByv>~tE$d~*ob!vKCzfxtRbeJ9eWWXs#oJ=3` zwW|m2vSa&WrbnzCnB%vbnY`pYZt1p~Vx;Qtf+snJrmuMJib6!Xz}%uI^rooQ_pe_I zMN^L(2TDxEPmNn}jKO33P@Y`axphO&Z~9Hm%o)&v&}a=~`L?rv?rqbRhd^IM3&!rv zM#SH^KSLw!;yo~Dt^&4+d|A{lz!(;0+9?u-skTt7j&^XvkE9$a(9RGr3tb~kJ}tfM zsKE60+Kb?|%8f^1Tq~6wh#Z7aK6-Zl*yd!&NzR z95`IzTMxZ1fEGA!q{MNtHWKedv8etm?p^>HbQ2`gR7TD{$t6TAAn~pKso}WZ09$=) zp^ri;w!0N$aM`z4&R}lS6gE=40gz<*^!|*B%#5x^NZLBa#gdUv6Gr?~*yY%K0iGI) zlUdJru{1njaE!u**K+^ry$7|jd3I(NVJ^?TwiI_L^X;r1*lU=l^eSH8-2J}r9I9Yb z=((1)NpY*?ZI6)TcPsqnX1K&pwPOvgDfVUN?Xxy>yW)dzRh3FI^Ex7slgzB53)NE+ z8v%T5vd6H*NV4k|RSP>EMP^e?HC=StQ>w%2sQX#*4TXG(HCJAVm3k=ao~cehugVA? z@SlXni3uQ6epc&3kFsm)CKKusM-)Z4}8Se%}81C3eoER=tZHGN$}f zSGnDQ)2nDzACOCu27>&^nHvdRTXEGy^x{{*9YnK&9C_Tt#M1(RgTktD~iCQYbJWWYfofVrLmF z9a&7wB`_5N21cVdi0X+|5VW1Hc4FwD02pmcgQtQ7H;_fWljE}GE&l=m76)Mb z=7B_wY}OdY=J{PNRX9;RYw}B}iLt^fV)#BJk9+r$-`;Rh9OWwH*=-)5%pBr1;;CDn zssxt2;6f-wJ%mZDj@;qTdLLq2`K4#A0ccIly`*-e?CdW2w3|FCL}c5=1syPaciA^B ziqqw=Y!whEU4*?vFW;Wkt3!!e>76=sbg=ZpQh)pi?eqm7E!cx&HP!twSjKwQh1^WY z*_F?{NXyM8Xt5_yAo$j#YKP&Q*(d~(RfZGH7V$98aV!9Ob{-)a<9SgQMfH3oJf=Xw zd4Lfa>bzFK;TVd6BM+OeTCC}&`&rTP`p9LfmLmmw5JDPOBSPAtCzd68{Xo<1c5c3+ zrmnH~OVy&HyZXC^_K^XY2PcaKqFdQ;FA{OPbl>M&s;PeK`r|xNCB50FHaYDk)K%Xf z&b4>0Z{@S)Hw}L-TrqL#*Dq3cg*X#A9i^a8w>8G7Lr$31%qOiH_5o zcAENPYWU}x89l8~BqHos2 zYSXAXPP>Z?=3~a_7kIs{d4Sb-XtAN zGjrJ8#>$DIqeGB7{MdN#8gT!xe64?L>mlaE-$H!;1pfx#s*`dYP_j1-K=1S|4f#0< zHsju(@C5B*^)~f3)nTCsf2ml*5RnVTY6#>W3s7k z#lThaRyp{fdKH}+GJN3{i7lEq{oOON&~e`{j^UI_2qGz6u5*PeH_D>;M*WhT#887b zgqzT?n%w&(4rnm0ht_^vX29A`Qwc_eVE&dL^xyOvMN*!{H#+qQ!-?Cg*=_VU7@hcb z3v?Wv(5l)7R?%nt7n6Q=wn6y6mwWQ(t@GJj33j{0u(G>^6JNNlR+IYj1xhO=Qi~cL zK805tDwMp?>+^SA4mtUNh9~Gz@D@jB>f9sJ1{xm~t z0q-3Rp_+GNEB3jN*w}pG72oj(`5`!D`8Idi8Z&Zf#1?$Lwkdx%ibJ3tLaEvtm)`i0 z`d!M5@-0JRcNwkQln=;ewF?mMC;ToX&-9&R&~aL21*-xmECJydmNyGK2&8z-dHx`?D4-Tq?CyggjBqG!!g2t6%Bm<9UO_lXlxUY`mWDAPIySPU!24jT~E} zACQ$C>2%mqq;`@*86r-xm6ys)smLYE_ZhTRuK`>r)tDLW`u-$JaordN&O&A57K`78 z`KW^SZh8Lo)s{HzXZ6#??VpRaIgc8cbdT?}ieqRZ4G0&M^6;s*SoPsy&77fX1lx|M z5E08{=4p^V@sTYpY_)LcY8z`a@*P1zOgs0VMGmEWwwW~%D&`ur)JNdH>}lv3Ct%rP zY233Ja~72cpYHoK4o%f8-h`)o3(c7meFK}+P?cv{uu_SgBq%O-LgT9ZvH;y8-cFYj#QT_Jim?n* zb~XL>gE{4nM=K6B3C3mBHX@I@o}I90cO>&%)A#1Yr4JqN3N^xyM6O84n=A+uw-uCi ziYj`X&^eyqI!W1LU64E=0^){-pYaujq#Ir!TWwL}Foazi!~A4Jrn{y0ZIek?mF z5s??7HIrV~`uHPBY_6gQ$2FBCnv^t{a$C_kyOQa<+4u&guaz?$- zCx>FdQcFU>KotgmY%`kMpQk3cq8Sv@)zEq{d`sELT`ee(WfR_o>3F^1tvo{58y_IG zt4=7X;40-qE4u0-e@{%u6CnQs6`umq+*?V6v4S|Y847#7Z8U+1_FRhbhJOd4Vqu7b zlCmke;C7#oq{;TW_NUI|dHW8UQ>md^LPrP>g9Y(m(iGFmkLMnb+bAwF=+fJQ!CXRU z2ye3h!>QT!XtX#K9nL+ew9gPpIpr<|QbrlUR7=f#lTF3$Zd&_2rqtlzg^%6Wp{`~h zORcG0J3h*?oG1ZTW2dA{$AhaK@P+}EEPQ#c^t<;ZZHi5#;`bjeNjiGWNRrjg_|YSc z?`~N(sVGq2ppv6dU*?kIb8u_Tc~uw`3OQelBpZ!<`FQt`yYEvT{Y5RD*^veAJuh6- zJ*>HE-_R!oYo<}=#$XyHJf;Tj9ruh=@bkF%S>M}>_8r@;1n}L$HRx@_G#qAC^aD7? z3!_2|XbdveA2#b7Yu`#&4*LSW91O!$V|w}MEgzc}70)X4;kH5LRqw&Pf5?&76W(i~ zlMQ+N>?LTmlxq+Mqh9#}>9>apeRnj(xOy~DB;%r2>nFoJL9$I^vGBw+N|+TaGH~%w zv5%brX|!;TBdbv{SNRkG1&BpN9jY}C5swUaocbpDP}oU8Z5h|~_>@OEgdqJa*A0sq zn{}HQc_63Q+x9#VFTU`}4(ap$^+f11Z@{@jjYb1Yw_#f^q>@&6muOA{#>Is2N3Z2< zJenlo?RSDcv&v4Z@m&Sswbg!}ZF~#tQ?+9g`mZ-(wK;{Tu7_Jo`>epo_$K+b2%>=w5v3 zHd&5Ncf7~6qhUlcx3#%AqVriA?PLcKA#nB(+WBrVW*17d;hu%3nR(Q~q2&@DU+;}d z%x=wPH;~-N68&Kvw#$oEM?Zbd5ba3)jK;cvoN~@S)Wv8ouuA6SF%uGW_#9C5HqqUh zWRtsuowBeY#3PrS=kmHR@gyjyD*YMGAh$wRV4n=nFZ^R~me@~Cs2u?WY6PFV%eD`t z+}dy1rnH+aQUfRiuUfSuZ&b+hZ8~H zpbIMw{Ys)_+gts#0$U(-1Wbp8i9Bh%At1nKB2U|W*J4Vt?1CJrw=&$It$vwOd2Z|R zEQY5`)o%_ra4q+?>}Y!q=S-ejOB-Ib%b2pl7y4mYPuC9*Bas8K5LsFUFR24M_`}Dm z@cv}Mc@VfmR+b3l)F!fA1r*#;mn!VDZ!q-YI z*d7jqv3>*nIdilRpOZ6iKhTA49KA0QN+vn;U;H7^%W^EfKAugc_bvq~*`J z1OpvY`ZH7o%dIS=Hi)EWQ6BrciXSU%m-0-YSr2m9W(7?UhLJ+vN3E$;@;|Q;3si(SPs)G98hV8A~a)fPWY)z(?ofiqi7_EBB-&8rcE0b^IFVDHjPZbGpl zzp)1xg@$(wHv@hlVINMUCd;nu$}!(cvFUAWv965nzY z{Dt~FifPK(8ZLJa z?Tn&RbGap8AF~LSb!Ja4jD~0w#HW_J$z7p5&72io&+*_?NB0xQC zFdKpXl;G{Kd-L7@xa0%6)j$WT=Vw7;1*u_!g8?#8VPrg1xq63(&1Bw@6iG8F#GS#qRqazgRUr;~V-Mz6IyjlE!M@Oy_ z;#K23-)z<+w|Tv0Xa9o%mbpD^ofYSJ_c4DD>oEKKjpTwS5}XebxY#X^{H-gDTw+pkB(vkn36@`3WzBAIAg7?ib?-r(^}_&F+NPDl&>MR9q;;< zJZrz?7N8nD7-RwU+8+rT9lwOz!aST~7fB7-BQMpK0S!-DiPBJL>WghN1i=3AO@pwt-ceD3`At#STM!pVgr><5DV7sJjpykdx7EGgC-N~Z_biDTx<~mce z%|@I-pGY((j}sA7gG@Rv!}=*b660r?Ja*I)$-IJ|@K!uGe@;1?Xc5-)_%GQ59`m<3vHi@_5B}83nh~XmspQ8(ajBn|#xrnti>@3z)2R|*ha|qvQZUe~%$N)duj|dA zq;bFK4^dQU2QMNy(R7f)&Tv35!>z6nIPb~u#&469;NmYY-X=z0W*(dJqKYIX=l?My zXfu7d<9!eJ!%4=2+x+ZD>z zTd1d62hJ7}V@uY91oBl;gY9+Kw}7tJ z|1TRcp3Xj8{trZduG%0t*n}-Z{B;&A{)5_q+FV%0M%Ru zAsKn7!UY*c0(zV7DBwEArQ*mw0~QbR#MG43vdRF@PV%o*c&n)9XvHb5ve~o_4mPF*|8DJBXAjNfgc6gYAbj~W^ z0%M&qO#k43fDJ0;Q7EpHg3$Kyu$X6C^8_kBR>(u2k-b39k@Jvt?gqcpz)$%z&Pc9d z?Ob^kvvfT!**g?9qjGo%GBIq_ z-$mv5mYQVL=oZ$j*cetQgJuYCP!&lT<;k4(DsZ5mkrD{9SmE*7TZYKeclZ-c0XE7n zM7>8dZp5U%QT;7Os`*KCUbZ|J#vve!droPSSFU{vobqrAb`2|>Uzqu^jR89$TM5QX z)EUeA=U?4Rz+iKN{`yYqVTm9T%*M+qcqQ0dxBN!`ZF^Nx1%3CGPsn&|q45}(e{pCt z-FqYyZRWa64oLl}gTn4t=#n9ihnx2$eaXzMs!tD z#WF4em__I(T$dZmCHwg)^pKc*GZzGOI7xXB$qXV`Lp_*w?vGw%jCaN{lPBvM85^EU z8$c0`2Qd7KG54& zeWHFt6}%Qw)@eE@Pu5!HJHCbYa@oduEV(G=@xM;f|G6GoZ8}rF~%t z8Z&B}YJ%CcH8amAxjJ$pCsRCwVX|qu%h~afXv_5jC-V1l9u&h|+Q9yfep#-LgnlT>m085xgYSUvxu^RVO zv`0{{ySM&n-1|U3yBvWZzQqTKzj{NrTr&nYfEw--2%jC6WJ(ZWA=o8~v(D<;?Rd&- z85Vcc6Wny``Gjv??b*SqDp#blxlzBGj=j;wXIN0mft95B`kYgnV#)Icf>E(W*HUkp zHY|3Nut*yY_8t`Th*I-4pJw&A&j&=Kq8}S=46>JO-otdvm~UjsWyC|&%rkddm^Ir6Smz||94j7oE4-)ko7DKI8yV4awBmjm?4WjswGefAh4SEf^ zI4|PwxryxMvs1inmP6*ta=!)62^YX1D*OO7d;axdwBHRR9MbqQ#34pqqsb|S1=gOp zNsYku6S&qkE}E}YV}?c|XPZ!Jljk=k+=em&hp_fPjWO*crLP761b^v1Z zZAHBZO=kFi601pE;%BR@<{=qtZY73LoXDrEyKGm5iHnpV73k<28ROi%Nc%4M(daLr z@T-cBT=zO%bhX7Id-DB@*TrvM5M`NJ0^X|>VQ>{^JbwgrX62`drqVgu`%CIpw%Evq*ShJ~aq-jdRb)!7*=#16C_ z8cddfy))x3Pw$bcEN%!5c~ovIYywH?7AuEYAUNJmiUf`10&1M68a8d>>w;pr_=Pcs z=4lG(`^bG%PihzQn#85-A$N+x?H>z?;&=5dzjR5B9F&zyo^EE9M>HXkVJBCs?cnF3 z-%dc&I_R>!%$Ehx?1)GyKFyVx%B`_)N|xGgZ834Cn=L|Nfsqc5rR(<5*ZQ_QsrF+= z9@k{GFw*E}3*h(80GHtcM^+>DQh~AxD9TnxK{$>BBuMz2ugW zDYS(i=p5-tufvefdge$&n|mQ-xxUu`I(+)&sxr$pQ4k@#^9R!sW+4{RC7jfcDVm>SuCU1Y?9tcPiT=emMHS#--oo)yklo``!OPP ziw6tNQ;tnT%a+UCz957ZB>-#9k)yj`L%*?8T+J48`_u|OA8g(+@p8*AstgPLtw6mx z=hjEC|H&=H(K70Qj7`)W59&El>nx2I!kei^frwS*g2j?#87#p*rKTgwtskfZC}BHS zYXy2}B2zwLq`~6nv#UjI8QFH8sex3ss&&*VeJgfk@%h11RaiKK8sO;_733QYG_k>A z#9~7^2E?b^1jJv~!c(oYI|n_U+AA0xT5o~}8`anps%xNjSzyan2l?e`ZxgSP5VM+O;na5hU2yG1W}% z)$n4Bm6jR-tq#POcv1g)dTv!>vsg1UgQCL^9&arU>w`y%(O*O4Hj<2_pz84x*V{&E zE!agF=MOziadDgxgA5bj8Ixs{A9qiTvG9FV zn6`>o17@nUUFJ&7D{^2hDvx&IJfc8`Ut(A%w1fB;$9IDJ2AZavbL57?omBtpP(-5l zsA8ct>&ZB~*G2aMvRV1ZmsOL5q65un%oPmG=ak$_7jbJ&(5XV-=FtNNDOn6kqL=gh(3MWwfPsEOqHcoQt^dElA6fx2L0_YWZ2P%6E(#m^yv_)^c?}?+ zG97=TL2|#v3|3hmP| zby#-xN#wD84bP!(y1lxdz4YEXb4^u2eMFhkDJ+bncUpW1^LJ|?#gGkbMJYG2AE!@T zQxWU`pQ+Q_WJ{_pt~~g6(=wtB1gViy%N`Mu zIu6kX>PUi3o~#VBjywM*d%eJm@=GE{mEM8UoXf?PSQ0j0 zI>ulik!OOWoVbSum@8(7xaA%a@U1tCg^ld%Kt*nHnLF|wsW~-e$4mFA{}KyI)M^e_ zIb@Yd!}6%j>e6YtH$VePb-j?9*%!)MY}u_TnHAbu>$<(EIVSd)VbfMkAVlf7&;<6Z zB7s!weY-kXgaS6YkkwPzZ1UPJLcS2VIo}Rms~ZDsB;ZSs0U-SAZSPEnUOImR+)(r! zMpu(TQ7}3OGr0(`w*&7JvW#(SW&v3CPa2n1YzoberQ)Z9QQ6A%4|Y0~n9-lY�#N z*cV~xZgAVBjYD;k;PsJLk|W`s$_;Mk{dX1WxTPM!E*tW+l_wnNqM*#E)asr`DCquv zo%#q^mkrzNrHyfgO1f*Suv-MAMl#e7gO)U?9?x1LohugaccYPbP<}z&mit36#e~1* z_v&<%-^(#5yONBt=5wL)|M6kn><}O!Kq*v?%LDSgNAgHQSktZ09Dwq&yDV{Nuq;3e z{Fv5Ll#|(&f3=Y+8bF7%1%>g>RIDJRv{leyCen_=YAq(v1OJY&X2X5yqW(MBgNTnL zJ`@Qbxg&GOA3vKGNyYQX5A(~%mQI`UvCq&>ACla0V>_4xvQu3>n^NR+h@O= z)J#c33oeGa`Ip|NVz)Fd{mBbE%C(88hDN+!|7EI2)tla!-}fwMWH76mVDgU%lXJ*%31iNm`3D4`|eR_&GvYRccTzMaKa-O0YIlwZG-A)I8W9k1!W1mo8F!7 z9*I#DDkw3Nc&5S4i!>#LBj9R#wU7j`LV`c)Bbk;LXAnR-{N?UogRly%-km@cp)@v5 zp7Lo^jPez5io~bjAQG+-W?TF6@K7!pcWJj#x*QK~=!(RKBTZ+8zfm8bPaqY&Y`$~6 z@U=_|NnsNeUULO+qlK9-R;AWHd1hLSl}G{zrPc9vl;n8`oK^pvqL&ydIe{ImctBE> zK2V(2-%l!twriWr6!Kc$Rg}}^QwM}~nXoQe5^#w}KJwNgL1UqgaDWqk3si|DM(cmx zf0Ehww9XX6U_B|y(VYJw54!1R9}T=j3!B5CS%?{6-o>9UhR^TIFTvSJskO4J>I{Q6OA zU4(Kv4QrX0f*O-h*KE2Lx2R!p>%=_Gto34!5TOzGkBt!cUbtX&XWALky!l7sE~lL= zk5`6{Dyw0m!O-m#hG}AjeCbk^vzM0R*mVsIT8 zf^Y0c_-DlYmTe=UEYx0_V{4VJwzJY~JLnUq`y{yEQk}GEPKr(6(!)-Fo9(ADy|oz* z01e+njwVW~@eV`++1w)-E~fd5+#%}Am`cHeg;!CN7$%{6;FD_|J;MSb1_mAiP_UW> z&l!#QEl(?d+dEqRx1Lmb?&Rq6lg!L@;NX|~l-?p_aByiZYU>2**dwZ@#s9o*@Cimx zyitdS?>P0p2KPPnKd%8kVh6nhhVH0=y43~}xrM45xTk*;MK&ULOcZ**lS5PSW?H2vR?wz!XgKVhp_(&q{JBX zUoDc)>STIl2&nCxGvsV#cMwl((dBDdbb24(=dN}8%V#KwBJW+V6)nhc_EY0|_Xe$Q zXeW^(7p&ItxTrelPmav&(9QaE{X9>khD7a@rv?uflB^8zi?5zL;iAuf=97!W_-5DU zlO`M-w4zN4NJDd)BXsduGL!OE32RWv&4B~W5g(=Q6VKj0ASs|r5tb|0REJRBftK7d zR`y8Un@u$Zo;9kD>xypZbhVT(?n{~xLc1K6OB^%wDExe8^FHpbj`?BZ&9zZ8I1^jL z63}=_GQN$LzaR-xjo%x?I>l!2{`(pO*`AsSR7H4PV?QDk(DIL*4xKH@yKoOEH4+MP zx3Fi>7@Tgn7qcS|;j}<0Lh!JdXIt|GDn3@oL!1mlF>)A1{+D`vB2jljJY|kJ%}OmX zmeoj~Yx_u=<51INGoUyIdH*g8=Bc?Fg*t zSvevm!r8BwsAY-ROdbyqu3411fv$UR0}dGX-SI>6s=D@Zuq=kiK!j0rS!`|}p51ye znLY1!vVHk7*{tQ;HNK}=^@gp5wT}-Uz+LtBoz0KAD>E;)P@lv4IZ>JYd3i+7!r1Az z#-co4v_AvvMc!$%ks0XO@4jf4R`D5qixLjVv#&_NT5hM1eyT|{adX-#RC4|qc#JPY z9q!y)11~`O-@R-I!AWQ^81cy=1N16!!pW#CZ|tmEs{Hp*gZ5WJu>pRT%ora4dH09{ z?f-F!y*-#hj0eZQZq2(k(kj!H@Qv;ZA={=XIt|2pW&r zIG@s$SBl62Qw)LboLgBs0p41z9S@AN1A_vR@x)(xR&ELH96Wo!9B9sse~Rx|>@YrJxK5}L{Ohul*xA)u3&^bI z=a($qlNh2$kPK;#v(=7z2~}AA0+}KfP00#1WX;kA4oKVoBWu=TvT2f>Lmv~prE%j@ zK3eo;LW7%4@a&X}fK&sggx-;pz3rpdL6Ci2sMXT~l}OaQc zW+E6SGsGxDHAL#quWwHO;#j~@yc7y73xpxE^?rO=$rX}%MPDx9NGW*H@gUl(4|_TZ zDd%@LgHFKfv;+c6VKj69a!Hs=tROxGULsPL-WyrG4VuYP0rAhfS&*@1xO#RC*Qgxb zqBx&#FEV#~y>!p{$Cm^h3YaRfz|@(Puv5LtN7HT%r5+(y3IAy_EkekXqYeNptBStf z_iESiOtcovm3{$gOme2D;x5bP=y482>KKl%zh0?W?*SX&;!o|vvB;$*vCh#~kk4a# zS-RON$xP5d`7~@3ku975L!yADPOqI7#WI*$?OfsHt z*c$o64fNjcV>LiNnj_5O9{i9zhcMWgBj4OtN}M1~2F}+gy3Gci`(sYb!97%daS4H? zboE^NXjgbzY>Gb;WfuyhMY$H<%gQw!%;=5)aWjIdfSHY{S{1BD6?@|fgkHY8JE)vv ziXGWU1 z1oS9mqK%VaKw~7ng`!`=?|AG3+#`U6+)jAGIsZD3w@@kT>=AH= zh#c9;GgvRMwWZf2AP3K5sollKJOzIGRKZ`=Cx5D5-5jrg6iwCHCyZ-2eu84;XeYd} zB2<$TjVehVcTT+6_`*V5CZ+*+xajyCNZ9NVePWEH@alhkw^{x!j>uIj zt}oapg_w;3S{Y&*o5i&iDdpHwZJ#6ux1iBW zcD0P3kjW&@1z`B={KVt)*bypzkMeLc9WS(XNg7vM`t+YYX&+bgAm&4Fa7?@koN}43 zEYL>9Vi%YDTVfUmdihAw9~nj*0qbI-;%v%*#u&kYPZ2IeUoya#2p7CSRNpueUVt!1 zs#{qY*a#NH0)hLF##<%V_&nz=ufhlTEX{&Y^tuGq4V!IxvCw(HwLNquTV7%*D~VnN zm$~09!V%Bkc_2=Z{;%Mq2gkxYrS;~7c1jQP9uO_-?~@@r|1GvztsBA{TMgeo>`bRd}ojejPqwOb7Bxg)3u zg7&h3)z3WJq6&D`g%MuaM(lsu_?Zw1OupG(9t()ZqbfRJ4VeqXNo}V+4L~nEugBeU zYp}$JmLzik33G@>Ot(xlf(G~}%gNIFVZO1*a%cNa4 zcVqtToWN612t+WGE*S0oOSZCq|9Z$&Nt+XmNg_)OxBnwi>x%NVsw`(Mv*RN%J^3 zHHXU=4)K;VM8cpLbnC$&xTh%W01>w0oid-&eOz5(5ZZR4zB0^M)DJw$8`)N-!SGvL zuCPp^(=6Rn@DUSz7L-RTe+(_XLxNxS=dWZ5_a_HCmBEP5d&CB(}YVrYHk6 zm!NY{2#-ZrlekG9xU%K#J0SsibF;9-S2V9uLB*}1ICT>3#7<1Me=Zl9%zD^?%@TJ- zCow>t=k{;jGV0CA40xeMgMuW6Zl%E~os=Ly^7&XRVFH|=wG8D;>AKmsP=kowlWVe6 zy~x7bIS-=092;dj>8z(s({aoDH@cw<2TVK81XXKlZw98`hWIvWzYQ#vg>A+vt9S2O znza6X8+TR1S6CTh7vQux>eeVz{q{yOCjQ;FV zqmVxR9npvYx8x2MKy)+wnjvk+ug)A=o0;mvr2Nb&IAT=ZS$gEgsEL1`MC0Nr64aoz z_noQ|sa8=p2SjGf+wUQbg4#zN9B-5xyP}#5_(ZPHNzymb%DN^-jBo*N>dN}$xXtyw zcVIc69|-x3=R1mZh$Zb~9LI@$f!Nz#8{A)|M=1V(tKTc-2qEMwm&{P+#EhLokT6QHrQ5b`+qP}n zwr$&X|83j0ZQHizzQv2#%wl$xbtdhE3%lCT6 z9KxCvy4H~s*QcP`o*`r?P}1xOJ@6KAz_N-MRk(tQ$9aRdm#V^}qH+{-*O1P}O){u5 z+%44AiH1PI$~5Cn;vkAaiz5)d85cw>W^BF)K1rx($IexN^~?Np~T$jaN*mxZEtX3m0tCl8gF()8n+ycZ6Qm-d2T7mRa zv8pK-9(DMh46a30{;4LtLz8V;!lPp(D}G^fdCi!E5B?*KLtoV(NF~hb_;>rVg1t{Q z0`c`<1=i`~*}%DSG8vi;Zz?dtN@evWnO-HWF>T%Q}& zr`QQEz4jc9j)4(a0t?T26y3KmN-qRdbGdpiB@D?-YnwS3SCCV9BN#U$d)ZqTc6x3O z5T*LVMHbVlVvLD^8kSE(l%&8n6lM2j*rZ!V$gsx2g6ef*f2{V2AuI#W9fE<(+J~RG zLny_XndjMVKoE`5;!rwq2Aoc}aMR<;r?rN1K^))Q+gqi$UY<;&C(sv#**YKG)3^oD z=Ra&QC6Pf$N7X*xTgy`1#I+kU5795>%5c&iW=R|BN8l}C@E{uU^p!WGIr?pAt`BWF zKL8gBrb>oZ^=CV0s-RphCqR;YIfR!X2Or?6n3`Y@f0g)hU+7;c@##|Y-17|olmv7# z?%zVOl{!1b;58rs#fWaMS;PoKK_uB@7f2alYyH^PL8Y~DOS&omP@^ZB<3!e6a*a8u zvtaHaN8Qt?EM@x&qo%7W8yp{1Fanf|`@JR>@!S~SH-FHLLg?)qXeM8=A576k?|zk3 z8JKwk#wo~s&=r@+`as=ftC=d*EIN?m@^jt01Z-cE z;dquWvYAi+bu6$=t+I055j))4_K$sY+$)$o$XjX-{9 zkgVI_z$2d9a<$Kl$pk8GWq7auz0b3*PrQS(@{5LcrW}`}92N@*=;GM$?~GGr+@DEr zKRKHShGAY}3$&#|!*xXwn5V-cIZHix+kZ|n%XHI5k?*$F((`j{?S<-w`0z1x`uDSUX5I*U&Ds=h;LNrX> zbQ|V>105^5YYxLP-Xwgds-g#_S3z05N=}pt4}{jovi=nI>xksc+mY0Ny^-r2A3~K# zgPI@FC25ZH;Vs&t=TdiRo5JsEsP+n4UP0+P?lOk#^jxEn6n%Zp=emVbVa-qOqs~OT zT5&TN+15u+xlmjE4F; zl;k5gw*t;s@h-?6Wj159aKI6W=XwwkxTOvVp!D(?a2ixAdZhwS+YE1SB*mb^Te~6= z;{>~VWJ?*M+yr>c<}VGwW7hK_BlN;|d?{8Ac1u=zgFudu!kGLHd+UL34m^jIO-YYX zKaX(n5lZUuP6~?wx(qaJU~-ig^6=MD+y#3*u>ctd_R2cYv1cKxPu1d63`9$=cwf6W zv)YD8)6$&$jrvu5m_L;J>ou=-;aDY2-r@-W}K4U3k^1Q8^d!FBc$}->Vt5;`sU_Hl+b3f zX6H6z3kDu(;*3~mV<|?r{O}{6mMST`*+*6k5A+tWCYMID&rp|GP^W(_&pzAuT0Z$Q z*2X5T{8jeS&udN71Wa|-+@MBSegp?0bMu&5SWcISm*g}$Bw3SE)ISU_VwU@I&v*d& z8XD>$tcpk&Yu>(Gyb$Z4cZxqtQF@}1UiF!bR01KYDjZF5BBjQr@ux+1L%&fh$DW z8RnJ{qYA7*9707mpG<(3?f$`1){dq+fZc6FHkOT(QGklB{caecnjwFIBJ@k8jEad# zRFa3-Xn3T_YsvtY&%z8E0bUaC&=vzT45i0=%~=Hl!w)G+_tV4 zoI==(M>m4m_K+gQRSJCX8^J+`!m8yK&#wPYZ|)Lw#4IDwm&aUpy;_M~@Vl_tF1cMZ z_(drw#F?tGvuJnHp!V+5S4VfqAF6OsdPj+bS43Q@t~ zvB!vAzJd_@0213|U6&;2XTEBAvqEBo)L*LQd|Ip0tM)FNa{2Sk1o`L`PUpX|=RbAX z!!SvZE3U9umC>kc1d!;-D=A1D(-s9l2bm^1gF8r`$T>mv;x zQut55F#nKe9Y{lds)zbj-Sfu{3aYmT>TqAN@z}6%D(d*`+o_euZSU*X=eu;=CT}bs zst+hQdyc376B<_dxgax}bHU5KN_vsHc!qKGga*`vu({7X0i;RSRSJV?-N%6`NWC1_ z;s@Q{m2}PGKYMlYY%uTx$&@UvIg|XQdqANQPam<fIZpKE!0%V^C5)W4 zVoDrQ@5C9I$8z#e8^h82MeFZU%A{g*B-bpj;@z@DKy(>V=mq>`jG)r{JmWAh>T}Kk z1y^2R6m>rM5eLT9e1O{|5MJ?E;^Qcn$FU~PWycN5*Ze5MjDP7fP!1GmJk8X1Ilq$e zBqzJzvd47r%wj0l6B|!^7Y?~o*$J02)Slw!B?Iw6Jy3!s_qF-MXa5GtJH#^ga$0#L zpn|58=@KX2JX+?>9L@wQ0X>O0?U0{1h7(c(G3X7%Cf>yL!R?k*IPK#aF~QC6bFsz* z*`2mfdvvDzq;z~&Yy z9hv@x)GUnSS|mh6u2?3Raj!z`gTzK8VuO1T%VnsI=GO_*l}VZwDxM2bjD5T{)dK!w z&@q9c2sz!5fja(T%+F8{`nwt|nOFs^*Y`H8t&8|d_6$vL&3okOQE(&QH1U4lPr0_U zNdqb81ye?F(X-MNjqOO#&I10EBa{ggcRUJ}pj1xpP)8E^&6X0$*Sh@;e|4TefuW%T zH;}N0wvOZg4nhc3ha9QPtd5Z0om@{w;ukcZ1cq5b8wK1&aQrwiOAiBwA$; z+hL%VA_XHT{EremZgeHz9`&*<9jo~kcq1X7u?11$AU^{R$C%QYH`O=-?8t)}$ikWp z(Q0FkbLg_{42IznEHCui5T8=`vX(}@NQ5a`a|O-ot*IAt>_+Kf72B7zQ)`b1tTiF< zrVMGAQpM*fbOQ=u#>WAjeScaQ!qcWOwVhuYMBZ^pge%y&Sp%2*xI2S&{PRks14Yb$ zT10H;s`ul?&FocRzOo3}a!Rp+`0B9N>%0im4jYDOwCuvG<(P_H#>bysLy^%vZT_`V7*<%v zr6D$UYK*ETkV-*qvhtI(h6Q`^n%b(r3b`46O)?&2fjhw#-Y~4rph;Q}W-3ZjlQA0d z-prND?bIhd+&yg*w2@gBN|EIkT%u_~U^bjeTqQ`-cTzGp<-woid@dnF0AO0GzDx*( zjrTE#aC+sbXp!%RQ0Yt}zNJ%5QEDe#95+1G@EPhMUt>(W>L^|eR&oz3Yg%k)*I~ob zfPXGwOX3O3z(4QW+h3qI?U_@MMXw)NLM`WkbBxa?2YVA&j$;{4*g5op=9aBwe6|6hSWfYdA-!Ib`~l~bouCq2taJBObt za6jmM&?v}{(Wm|ePdFLydot|u^6JjWg*yO1F)zp=)%3u@&CQJ6*#)4XyJMTNJ1FxH z)PI);o$eprLInJF0uS`>k-oaL2C{(x$sV@_>+^z@2UQogfc(lqL44P!BrB;Wr7ta* z2CGHis1I!XTJmuZgFkYk+j3HBvUdEH{E8xgfO&o2uF>nW&65T9<6X}i{6XXt;D$2= zfrWl^TU!_t^g#sw9RS?}02Rjlx_jZYDy-t+{ApbdJWwOEdBVEtvZ<0{a=PMn?9u#} z2aW)b&7Z~}f0K9olBTxjcUetUWo6WT6G*2px!jT_))f3d=-CqY5MbmPH!OKpFg#4a-kC>fc1cC z!uc6^UUdb3Z*`|uS3rm#;xMKU{*}Jbgon4xQ4rpF8=ahi-uZ#x6_@4hrl0RNM@_deeMo?}5i0c=@>;mzNCyB}ip zAPph*oRlV9jQ=JX*(dJS2}8i_V9qz;KVMw})H^!JVg+pX5(4sf#dulExqkxW_~#e-EBFlncfl_K&`fgX{n5Oe-X323rVE!x?&u>(E&Re8 zTCm>u>fQv-`qu5`W3Tbu;ZCyR8-*gnDI($|2DR9~4 z(al#)L4D)Xb$EdOS^O^1uF?1Pss53k1*N^z6*&u9pFfa0S{UI8kk9+WLGRVE3e@#U z&4Iff0zQ5ugQOIKuP+Y$(vQu*`wu<}CWo(g0sm!DSR@kc()nWw_zx z_vPjHHNXw;j38P7GzRh={%IANK{|qeU^olWi_?|ke17!#m;NCJ{Lc0KrnfXVN5}JH z-9X^iLCkQ1lP?EM3j>V~$3obdXc6;)MSXQ5zS?ifzs3j+9d zZh4Vi87_%UJ5DoA&_cj0%~_VnUGjPh*sLI)3mMIqyY3H24@nw z(QSj=K9c7+vt%JVv7G{q*d1BYnR&l8(8>3-S%ho+n1It5U!wI>>Nc%g26{>nH6%HR zcw}D7qwBWsu=PINBF_F0<46zrM2(&?&t|VhYSx6AvQ6Qq+PdFi;CPODWMctVK`y!P z)wCC+!N!nC=oVd)mg8~^D;W0u9~NIcgWRQ8xMx_K$V&QQT+A;*!2 z8?tW^Lt*oi!=xWA5HG5!2if8O^j^92l6Uho%j_dlZOnF%j^V|iQMG1e$|#9gdl85B zb9iXTs>PNS`$|e+P}aOe8YvMHb8({~L>#j(gDKoJ{#JZU|I0$e=^6PddIXg0RF^Er zkK4#u1D5uk0(ot+JL=KjvbL?jWF`;N)rumxI|Oym?26|-zkA^f=J*vM5wX?bIH5-V zMUh+)+JYkX1ZR`mxkd?ZoYvYlv{AaiG*?Af7)I1H>#EFU+eQ_MxYEz5;HlrJb#wl9 z8pM`E`x%#*5v_DHi$|wo3E~|rSC-WPf|P<4h*D@?0-wkBF@FiM#>qIZm^vRXgHreY zZj@Ei_R{hc`=EOtWQIRQ&T>^qnd=g+*`uy~$(s`kk5W}=?4#p5*IsJUKbLYw zS7xCTquEk;rSHpNB8u(~3e`6QWN*21xMTcZ-+N~cKgHgMLqwXve8i1IyN7j!xun9P z_b~A<%*zr;Itjm1Y9{|N_*vbI<)ovw5>rwlp4cLso*{ ztuzbNt&;IgxI04p$GQf1_y!@G_t62(d-9ARo;^rIu!@N2Rr&iEZ2rQSP^W-s4SqVB zSS$3jeGbUGGdxNECiKI1Bi45Q0>x-Iy%WbJZU#2}gcXIGCwxzb7*!GYJD0^f(71Ux z;GyidmQRzNhoZYZPD9#PAS}d?im>o` zTl)lS4@1@O4)D;0L&p`VKdZ7|ToAk7t{<68rtW}R z{DGyU_FjU{)mfrPDYGd&+s_EH!yG!tX0@uTD(v5|-}Qn;lD{H@Z@wg%nNY87RtNJAy)kfz!I0Z#d6JN=ucIKrgCbND^VfXh z*5q_pSs_;tgJKMLjGUIK>(dE-h#UqmDOZGWbrj9z%F z2j=OO*dN!OLY0A*!^CqsBH(thpF18A7~NpT%iCC^=RZX|@#Go1Niu$sFuR{(Q8-Hi zb5JDVcZa@EqCH{iAdC?z8Ofc)?Ux*=?q_xT)O3=)y96Rrpofu7IMT7?DDVcSwX8!F zEWWuO?k>&Todd4|-;NWe1Cr+5pd~*E8Xr{g{?m0ddTNVNLH$FVXL4Z%V8nEw`Q5%# z|11SB9vPwQ3b*z({!nXw7E|Rn4#t|6z+p;rpIVcp64@UPI;u^{h@d6FR#PO2`8RVb zmOeJi%>;hL#CFyAEq!zzM|wqyn{tWLmwR~rFpDGJXFUuKmKwDk1ibiunD-Fi(N&yi z7-mO_gJE`y_a#=NHELhjRuE$RB7ws03sAJwJUp{y`2%s(%H#=U*&m$SpyQpM?K7a_ zC14u#Cr@mx{Ep*MWHMmghF~@3oXHj$P|iGjvk0SpQwVS5j203yV`1BN$P+hQHYwkp zjF^hDWJm<&9z%1CfUr~r@b;$gFUgVo4q}Yiht6am5x@*JOhiTyuztqQpSn`UMyRhB z5*SnZH8X4cF7$zSU+4%J_i|3Y&fb;h#hcP3wLJG z9-!f{>oCk_VJLX@#xk3}miMUKX<)*BL2$3$#1NU-KFCSqD%2+lZ63~`q?ez;*PX&l z4Rv}ev<{#l8GAMiL}q9$;Q`8Jf?T{MPb~zXO21mJ;a2JUMx_bHSc9jIqff%t=_IVS z=bmYmENQ=FR&kcx5gzMPcKIv_1zU()W?MLB9!6{l~tNY_6yEIIgyT{<^ zuAZ>=+=^Tg*SuykeF=2udnqpHFIN;pg`aJKn@Y~&OlhknAMV9!=C+B`XSAoDJr7!$ zPXaCCDp)L#(LpAa<*tFbK*-9-uoHJm1mOBoC9`21oc)dQP+LZb0^=zUKcWh`B)=Qe zixWiU5r4P6h_8x$)@Dx10P1J@g_EIzo+zL2*zh$y5KIfAP2vFHpSoJl4PSyak+C+I zjMl4X=ReCq#|o2Uuy^S~K3^IR>jXB@NKFNXzCFE=4i?^7T?dsSHL+b|lCpUSMnFeLHB!;6SZz|sBP-RuDNpf(wQc{6a!Q+oxBUXHXm)vb=zCGov z*Y(x&Fa&s_yBO#TXq(2J?Exy$%n?1SO-t40#to73Z5*+(3z}YIWVPlY0JepxTjSWu zLg{Bm``vTcZ=KU>T@UFWr<7<7(gR$_#ix*yZ-&Xf5$6gcywM39_}aF%84Xt* zYWBGwQZ8a`m}420QcV}!dGv^=8KEpKvX6rY+SV(gfco5EQx^a^5t6?>FJN3x3sTb3 zlG9_fKI8+suJ|1rIQsNgV)&K8aMyo651uKPI%!$b$u==x;7L<5?fMB4b^{U4$bV7Y zVe<7*QU~JOb)KDV1HQ;SC+`Qy{IO^`ffz5uSUy^-+zgIeW>iM=azcf)Z`1cpC;)yQpb|pAU*NUBq+RB zi#HA7=nA{*e;I{#B*HK%I4Y!+K|VVqUORESp2E%D3#AATdBBg6aZU1;zW4vi3Ae}1 zT;fZd{ zz+TL0S_lyoM;-=`N{=^;)ex}W45;-#7F8NfU&WY0RzJ3kMdk7D-vBEjB(|sZ@^8VF5h?&CHTIs?R}JmYA#)i-YXWD+P~Ch z$K|P9NV;WEvYxL!%(LyK-6_Yn!m$nFR~|0wH&b0~nQq6@zLH%Ypf`*S$S$8zE<>$A za`bJVs`E1f(OSr;S!Ex$pA(~8o{71ZfYPEj7c`wsn_fUSq_0MilevBQ7pGu#=xNZM zGi+O>ZINSeCML$*SzVFr_0&~$0aoVrQ&DCsL_UmIc+wzE+LD+i>pp?3(qB`V1dh<{ z`9x$<3*XX+p9)T1?CipX^*EnKrcfbuhl5*cO(<6F{n%a#6L#VAUG}6M21L(e$ytYK zVBbAHMMUvDF?^uG7@x7Iha69PT>a}q7@?UynO@T}n^(nJlIv5P`wXsz3FXoUgZ>rK zzoqcm@et-ru<)hP2Y=!d4>igOg1llzGD z8Bsk~Wxj1@a1LwMh`xnr zHhFX-rBu%)ZIK9fJv_~Gx%+YNGBZ^Np;5J+iuoZ9`p|A9-k4f^=smeUy{n(yt=dce zHN9!(2(2S=<(R^4k zTKCwT*9r{Sj6b6=iC4cECg8;zkpX_c%GAa`+!W_GZz3^+6;hfwM0Fd)z5MQSiSr^M zvy<0SEf!e+FrnW2jx^+93bcthkatYa&h#o2d-1Yp86zx5B30GDLOt%QQ`J0~dIu=CR;pxL_6T(QX<(&U2W^>W72wIlHcWI9essw9KDAb|Ig{XfoOOo$~RF>Tt0MjiS@!wk35M&>9z((=KUi zL^i)`<)$w~{_$N1UQ!~^(Jf+hd%6m#h!~<9e6(z=m%7vgbhNM`@nQYNe0p{l{ScN> z4q|UyFEXH{n~pfQ?LwqlMa%{>t{BC&zTJ?cXwJ z3Zu-ZIf^dX5GF8H@5ve*_$2$=TR6i{#C$XAm;j{vBMw}gE=$l>(iScy0Ky1}s$WOj zMTa4hQJNs0i1(w4hyYT(_SOeOn|0!tozK}{#scR)k(g(vy5e6;kHd7k#dN21)LLuq zerI_{uE>hGy8zl**C^iOH;iB#ew`0&lKDanwjaZ{8-GLrT3!Xl$@5f_$Iq6k7D!i4 zbHeFw{bHLX2fkx4{~a5L2xfnoKC@F~LxMH>Lz+dTL#PUs4j1gZbAkIkEN0@7Fo;*B zC43Y2-Xj`R0?NN1jIE;F^ZRC9;v-uadbSmRN92=Uu7n|!`Kr~VFUVoe3$;UUp4+h_ zVL+wuD#uyw<7lX_!zMSB?p?8K7O4{SVQ%k*@6Lc-{<|^4hp_}C%O*Klbn81;v&=EK zeA}vm4w^xU))XE?J{rjkv22$i88G;#=v85rM&5v#CqvDo3wKLE$jX!O3wTqxU2W_v zCeB6mgK{NeQFX!(Jt<;~{K=S4QYVPRM(8`>_Un4TUX!i$vCm8)e~P>}CG5})>kFj5 zCt8?xVha*8%!$bT-~+gyT>l#=W}re){1b}6Wmq#;QRb@4ws{XBtevysmxwpusJ-XY z`kkDQVoU_D+UFc%+#J;*@+u7Mqx%Vx1ri4h*Q;sVNzRtNLpSR&gd0cjHkOqE!6aZL zX3V{ec0U;%`7FvKWHhcn%A_pe)8NeMUBJzU8Bz*d3(SL@3~k z$->Lh_nFsCa6Gu$+>9WVKlXJoOm0yMa7=)6B$__qRf>{1iFHUffXek-N7N)6;p!xpef95(0b7M+BQhUE@aM znulf%rwjCI=(E>lvT6U|mE(dP)9{2(JJe>C_h$j(MJi*cCQ{Rn#Y6QeiXYC8J~@PPeRA%(gx<1mS9?N zs1IIiU+z3)tB$=?Jt?gV>?x&X%~Rk7acx2&_2*?*j@~v^M}D^zJJh#%a>bF;H_;}{ zB;mZu@$)TSCt$lN?kWJGx%xvKY%k+0t>~${VC|KRyqdjqA6Qhs&bCE-8q>$_&5D9j zQa?r`m(b5!;8s3e32Y`wC_O0-R8d*|krjX`GuA-=UR0*`upR->9cO!UJ_YfX2H3ud zT;Vt`cY&@SVU{YnF}-hcNK>|$LUXasi<}R7to?EJ*mZaKeQf*^bSB(m4K!djXD7uv zP6cY4HNMfYdE%Th@dm!@fHBCys7Kk&78{^E9?J-{*!IMY(6z_LF-pS|8aN%DVzR%6+M^D^@V-mRx z@nJ8mAD(dW4YPz{vu~|!B=-e@!f^F1w0!Qm1@RiCxdM>ef__C&cFPOPEA1O6V)4~3 zpyqE%W@K;7h(R9L_P7$9*#xYdizDpM1=6 ze;%h$Q`5kQD&cQNPLy+6Mx(yCA54Tk@3EfNOIP26Yf9uEusR@PpPgkwK6zJk1cXv98NxlH51Wy`oC~(b)|+ z-lL5P0Ml4#fbM{bU+f=+@0thSE0^s7uUx?Q{EWI9YSE||l2rqCwPmbeedfBtAN7a8 zY}pwo>ODP&(zZ2*8l0TH7K7x9F(|27QR1g+-T>F%db6;vXlEgVRf=7L4EJ90Zb^~m zWWA^ZGSLv&#E_cA6?N~y@q(EPab(Tj8gE|wlF!16;^$Ayr1>aW|9{83hcW(U526ZjOpb)yL@!M&8}B_+yTSvHWl>&ek46sbJv6sQuSj&q|zO{Z<8aeI-qnrfnn;Z zJ}*wXqM>e1cHy)Ym4g%HJ#2dpdKP@$SvtyqzPJj5S?8qoVan#xN+MY%7*0St2ehx` z_mVK9UPF@rq`;`&?+mc?h5iteRJ9Wq?Wna|$Al!OxFLKIa)U4nvqv(&LPMOm6?D8}Amodv>!}lRJ zz>#@ctro5So1t$$PK)BKm5<mD>RbtxZXm)-QqM7XB{8_~7?waBv z%psu3P2NDah?s9+5dg7Y&GfsCFw3C(?RETto*f)u=usJ-$t!y<^2C$>uPpa3!}KJ* zW94F%h$eD7F~D)b+i^=9PqkG^`|=uek|Y0`8>~r7t6P3>A5N6?m^{BYqgQaAx=w|g z6amxBt=gi?_70bVR@}Wg>!ZC!+D49qmJmV?ysRm}%8E%EuEC3+?1H&Ne^OCzPy9&K zFUc1KxP2V!r0F@8JNFL8bFfj)iklXlB0ezX0m5AG+T74}9TI*Uv3hqUw5haBUCPC0 zKuElBg$fHq=RoNAAbOV-!@#IEy{_|3W{4p~6|-kn5C7b2ibtCB?zOW1u!Gf`c=pKx zRfbADf{(R=;zUDa7kF>BhESJ1|L*ymt2O0NY4v+&efQV%sCQX*z#@MA#<8bHeLZ!# zYhRRGw$AXzXDfy+k~s%!m^nZe`M@Q*Oy!lN0WCGCl}VUHq>xANv| zpp(Y08+lDi!+T; z51z?W!D_)M1G&ZeN3cDNLnuzLtR?!2_%WAHPkFd>(o2`Op$5JCh1rl5a$0kI?(rg_ zB8({p@q|-KgNBybb(ul6RoA3dLdfIH=D~7Zy-yGvE?vDavw162MqKe*(d)gqrZ))v zs-4y9l{YE)sCga4nz_xA%Nv4)9}8PIXIc#6^ktq^yG|r3%G(YXePx%mn|~3T*VUZ*M&H;#P@BfTl`Tyr8OKu$LysEtuS| z6U*+aPkUFwZ}3}H)nnqusVkJ??5E~f*g{ipod{|{lI&5rC8cBs5uN@QUfSKP{=521 zRj|#7Fs~+LNEEH-d3s;p`~HL$I^w~(Dqtnbk6a0t6jzH8BxF5sDx=-!w}#WI&%D;vAyfx&aP%=XD)Ln=R+ZE5*cW|+6cU?2{-vLRnmuJjo? zm<}PEb=RNw?F-xP`+ePLiu_)+FO+wwN|J>OPc^KubUbBa1yk{I?@Ma=G+HH*yh121 zMD{qjYA>aWJ5RX#;pLIWuXYRz+Q7k2iFMv%B=m3!I}Vek>*0?gl9Uc2+CG9UKo}U( zhILD6*7TUz4gN{Iaq5~a#Z{*KxHXgHeKvPfdxjnlYBgTv=hoXo61$L##XfRkSb^Vb zLcj%;7Pm<}wTnG}Mv<>Oq(~7E6>LWMe?e7J%Ckyr&7#Sl~ z+LXkb25}_ao3hnhaJY)E(!@n#U^FDiM50a+wHg%cvMRP!XF=xqQJ%Qn4E(p{Piu(& zswA1_3AXVOTpS^`i~ndnK_s}q75k=b#k=pLYx3TmW*$Sd0i8o%*i1zJ(I2a2+r=px z_+O)xj0K`riL*p`i|G-qS65G8s#h5F z&cIiy77InEpHj(E!9at>`9AxY$E00+B`S-K(h)vue%hsoWcM)Pe~VwMp@)SuznZz! zLXeP%fqdfmnEy&f7eMqua$A+%F>D=*b)?MM0vR> zB_D%p=)jn2qae*CtKqP-zw3j#CmrL+*CHoN#=^t5chWIb-B&8xhM`_j@RrPnEni|y z4p&^#@-jR@Pfck4X%8A>#gro9_b%%}_q0-=NX=h_`HXmcxM1^8n{VM$gfd&TCu%F) z@{JlkxtYTOL5lA$;p$>8yFHg*SRltI6rSb9`_GXbXRpEohthkDO;*L>*X}ZZL3FPiR^SZN1!1f zM=PIJNhN>?rZy}3HfUX!VTGWjmom!n~?OMZ4FC$@VsZ zqEj7-cNZ6!A~Efr6jpZbtSqeb6S2L>o%G%ZJz9Sfyd-Eb3Z)qSqz@TWaBpF2#38Vn%KktS=dV-@9LG9hQ`Ihx(01FRal1TKzW$lv+lA{zo3o{eilV8RRo+b+nuC zZESYKzQ+`G`uy$Jp8}W1G_rg zx@VY*1~6{Tu^NpQ$fyI$wA|Y&Q}vBkwpf%pJ!Tcq6cG#WaguBw*nAqDsZv6ndv8Am8w3~+pkTdOuC8WgZb9%wuRI#PFuZS% z7SN^W;>D=z<-BfH;j{xvQ({z`%h0}SS~dHDBiVl=rOaMGGV+&hQ8IBJ^Qm^36wc)7 zwl-g_qJn=vMSzJj;!>p@mkdRd>98w32BUM+=lpBF#H;p)W*qrJ-o^LdgR|0azZW}dg|>rR;xSh=-NMRWU`MR* z;9vz(cZ^XwL2R1=dUb!o-+7B$(#n}h<=X3=lEcQ|Gm!DeS;Fc2I@T#lkM-XfjIDPX zcq*BoE3cOzLfldp)fd|;A9fP-S!6xc6IsytR{3C}Ku-?*I%x`8Gtf_AWdUsYr zeV`_v3wMquS-bCMfjY+tekIUHD(%1cV4#7WT$qd-QKV0$VHY2GruRAos~30)Il3ad zyw$u%tbc?xDxD}d+21$N?}egAup~hpDzvj#zG6S7De_RXj!5ET#W-Sc$mP+usMjGs zB!_Yuj@3CrJ7Rz1%17{p;-h3>FgX#?bv}xgHJI>MNHVZ4dvWaxS0SG*3>>Z{H6)^X zC8UnUePIyN5H#f3(2Y4Eo7w;Kt_{)SSG-Ox6Sd!JkvRvxbY3KL3`Q`x-}#ihPxnc3 z%wVUVJhe#V0*1$*mD{y^V!18D^rYw#Itq;=u7JyH_&tt*`}MrBq=+v)%WqU63Kn5{ zH=_ik@KUZP0GbBoC>^b?Fjb)@13JN}lG5{%CPj?HTDoNPr^KUb8&gchh02l?bMcxN zfyHBDv%Y4sM8`M;=VV#V`F`!mETw)x+5GD#3}w1)+u=7-s};EyF&mVDz_@B531(IV z*T;}Keb{iRM1p`nu=Xvx$oLRpM-rO4;dye@xKN0)9$1^8LFUO}Tv407K^Xpqyd}Pv ziUEI+wE8AUt1&yH+&U8uI+01?qEl4W{Re#l;anBKLV1w(S$MPxP{K_eg89#3%Hd?d z&Z_S>ru_c^Q9!Q0o>>l)DOi*Bq_Tyw2FULdGj^EU; zQ`K5D?*x|n<9OQ7B2Id&Q%9*L6w!(Yo)z}8T+xinCyW7yEZ0ik&l#fj7=O;ewbgg{ z!jQI2IDOG*e1GjSLql}$r=%e8Nv(VDiEyeSQejq?MHM_3EDI{}N_H&1JkLFhq5Vd@ zS7-X^;2U9>&X5O9;cDjQ`)xSC7qfTIkOBtowPOH_Gm3=VO7b24I^aG*s$5uALDwYEq3@(FkLeakej@+N=A z5lul1nvW?btKexo+>Iq*C+hlQ)9iT|&Veh42$2<>{2L8g8JAlIw!#yARrK2Iyzs* z5dCiWy#b31b6SwbH2I3f>^2@^rs18Q^98rxAa7!pWXFrRcK5KIK!jc17L>DYx1X1d zq9$TV40Vw%VljRnET-lTHoJxUm88dcV0dH`ug%UX1NTLe!ewGf5-UiEebPToee#P< zOS*y;^T7*9elpibf`cVyr{tYF2v#5W%0k5t{@y_9#{UCz-0%h#R^{kfoUE!H;Zw7r zWoag!JN-OgG|j=A^_JLOxM+}FWN=~bGtGG-3qc2^<)5RCY^gFT=+7|CEB0g3Jt_^# zJ77Mn%I<`T6~652l?dD}G_H^N+0dfeU34X0E<@?>?!3I+@Y4vM<@~!6yN;X1xY5{r z+J35{YF~f!RBJc_!G*w`Q2ku@xJbQ6oITy_{+sfz9NW(-fjqGItxCLy_~b$HC`#J! z{t03B({uBco5??j@vCgGi1A#9GEHG%9xc~WEc%*oR$dpFeWU#* zt@qfF*SLUGD=DsIPA=MxYLpx5I&W%fc+jUT*m@zqbKj>HjET_|Vo_bC^(;&cl8}vT zT$#Gg-Hr8HT18~Sq8Nuc32~P`cDCci(R=z=3JpprgzAM9Nd0pkiwuj{=5dFYg_sEB z#TXhl(V1|3XbuuyC$~@|CW~t}PmX9&(e7AnGcjP97emMdJTLV64W>RDLr9BxHed5g z_|AJdvL6~+M#_fkSv5BuA3wro>fQ;h%t|UdSmU-uT+As%w57$uTD0OFpK~Y; zj?pdRbMz^~1?D3n<5&9%(240KXKEek<9IVK?I8u=4%u|}#WgrP;SM=nbY&&_HF&z2 zx0fd4T*w&{>b<(o5Cc&eTmrtyoHD*;z;dV#!VB8&Uj6Py$Q1_=%8f`CeA#JJaG)|2rx*eVz z?QlqlAiu(UWNW;$MpB0Fw?g;1qxZH_pJ50M`c+;w>;+HYv*Xh8kM7Ss5b3zd4of%( zrG|sQ@t`)fo3S3v#=Q;w(D}W3eiBu9bCYS`Db_&XOk^A^FYloO1L5<;)~rj-%>n!T z+_Yq&Znbg4YDDS|k$r9SI2cjc{@g|J(OcqCa`_m;&Z9T(OO`7s{a7-$(f~}l@JXpQ zT=Y4)(w;vuEU`aau{eQT88I*Sxp81|peT+BraB8%?x&h z@m~_gt7xNZM3U+E3f$33#VnADC@SgPAyLwS|;t z&gSm{#pdUkRvXxNmwOr0rQ(VJ5hsN9Z+$OWqIQ)v%t3heJ*tWPD8iQeI` zmu2Fkmr)yU*dcRym3OS*m6SnjKbl~K5cgxlWx~;Mz*~1D6%jY!Q`ROuMC*)Vt>$JC z=$#;ajpO-XqIlR8N6+4saLxD3=~E(3v~I}4DmF={oNY1#4yu#g43eRUrf9E6MiWWU zp6kR8Mi*1`>{Oy11D;43`huc8x?E%KF);6v-79h3*x72AapCR94#etXzAeAukX>Be zQ4NQSJzdPNkf$fu ziD7cu47+5AL5Xr2^otpv_hz$0Hb_^TM&qJCMchz412f)6mwi^sj3FBCf7tA42TzV` zPj#XOz>Pj#v+p|CTmw_1f+SHpRaGnA=r;0&7$C&bea+m$!$M`SOD?LcB&<2X zZcI-roiqCb#|8KYDVegKhM-k#;Lt*C3A#3+FFMY)Mh^!gxZx0-KVwutjL`fO7&Adl z$hnI!5h(zv@egX#IElS!JKJqB9#gj&nQQE*-`2c@e|%0rErvYc3? zzmcy@QnnlQ2$q^-ls-`YT*&&2kt>uZrzAkW3C)4+&2(I4WXz1tOemYc=p6aau=^G8%C-ShSL| z>u^0R5(Cf2Vh;FKyEw!LpQoBJy=G@9wYJSYcd`4x1L% z14e7!?(3p{^`u19WegbR&MS`^(^|&1~VWz#QhSvVxb~ov_Jagh{qzKOCTo9_I z0eLiFb#|so3?93IDeL)#@uSu>R~$~XEW5DQ9qx5bjYpd>?mX()mJ6>9W${GW$E3n} zbJU826>xyq29Mwm4kmP$o&worc~fB+(L9-ulQ~>!{pBhhZKMjn%2lc0d7<<;JnxS2&$i0{LCb8Q0Z=zq?x`KnRl+$&B@}t z4dYuR+RI>|a^dvwKh9Jhu=W&K^$ZY8TER>yn-%facC-jUqt48=5vle=MW&&g!ZRc_ z{_OeM3&)BAF3-k zsjJao$y$>lre8noH9rdoyC{!Qe*I^sz3KvC^U&kJtXJl@?X+!S1dQHFWrH zpSK$j;LWxogn4N@jpp)RMH5|EZ`}%SNQp%E%PNkXseHb5-m9LUrfg_Iy1RHJ$Q^LY zb1M$^uKOT&|0Z)z3_PDi(UB_0U96 zB{`63utgGV&LRB$>)HmM6xw43h4->ER|q2Q+cT!YlF>A}2IK|gx`C<`BU#$vgl(R_ zWCcv=%n;7h54#K&r{{F@DlN4CIJG%pUefa&~CXogPgG zH2P^;Ral=xh^FE!`@d@}ZczW6-y6jV!Jt~l#!eNBxR%2|t7<$KM+RRSIh5fZSvuwg z0~+A+Z{B=qALAhC`Z}uT&7h0RRW~BKtOIU;zMzt}{~+L}Wn0+D*Z-n&D7BQiJOOWD zI>2eurZ&Z7WOcTyrWo=$YY@PFY0+C*bxxdapp$HA6UsEN7x{f7eFf!BRnF?|`y!#) zXu+@Ba<;y7Jbh~7yeSOEcFVv1XofxD`3w?AAq66u3Ae*ehUGq=R%XYrN z6jF_RBtZFwPT1K>^p25^(AVF@L97)ERiyX1=01`G*l()fV!dBAuDfp;VurzmmKg877?hr%D9H9K_Wsq^`yN=&pS6=WZfJ0!!|j8iQ(7fC2i~udk{&6B?o- zoQU@O_RS2XXYT#q$t!56H~$rj2~3D=JSnqJiWVujMLXY;gehHr0e?5QKG8_j~R@y4w7< z@MqR{e%%)LiY(8U6eUIy(=W2*%!RBNHYPUD!Me?B- zzTfp_C%;B#4PknB&u++}uM;)@mB{vGU2!Bz^$?~T9((oIav_2x0H)FCuJ+_O?5mle z-8;llgDo#ok=Im;F~ z4Aq(7N1@7z*+``QxajF(kqP5Q*(=htlI20Oh#`QCseZpf8<$(@Ez$EmLrnARstb4t z-L-4WK!}+zvpEct)Jswxr~XkIatZA3qT0_Je#X2WmT+>j*$;>nmos=(Nke4d5J;qy zR7sDo`9rI5>1;~Va?U{_^*{l}_QEM=#(iuz-7>CgD<5}7FD?M7=Dlvb9dnFM6OEce z>$h4HQ7rXfyRBP^`!P|ZT|*R|15nFITCM0Hae3-<dfhj!0qyX)wCWyBC7u^DmA* zIg!xp%;|;8g&!L3$14j5*ZSjX@U+-b6Gh1lLXJ1#Yt&bMaa3(N(&bfYz8cpQU{7do+E|DC;W zxqQyxi6}AfY?orp1KghI8=N=0RM9-A5ePGzSaTBZ7sF>M7S#h2dD=#c z`RxKL#)Eh>%2EST4)qGXZnxGU#QTB!0vsp#ostG|8z3!r8TUwGna7OOPvulJU4 zobgiQ*XIhtaKu^`#q`*7@JuC^3LT#9qTYVn6YlSMB5Nf}=z$3JuUm*;ZhyY`21h4v z)OOI0V2c?$DUgoyKDkG{K;QEj%Eb3?2C*6gX36=%`JWbAYus!F0{{a@T6-~@X*Tc@ zTO%i?jjYJh6guEmn%P*P6Y(TtUPH1<8jaXlIm~%$I%XR9^XHmgxHvkT5dPPb3%1*m z3@>yxX?iMx=W9L;GL5ky{(ssyhwe-mh1tfoZQHhO`-yFI)Uj=w9ox2T+qUza!F^}< zKh$8?TD1#h-%kleM^b&vHHMIEANLPd-`}}_D$5q5Tn2{$Vk}zYMzjwxLMnIYGP_Ni zcY4%pKM8eet#4b0YQqxCl~Kfexym-BME=lR{m_YtcjWpeu z-8e$VJW1gCLot5XuR>>9+wY*=5gZsaa)4&!bKrE(B4QtD%u5@q$TkjPur7^bG|aoK zq%t&sitO6#UUKDuxd~7!LaL60GnA@T&%86T&ocWq#wOjq=b`SK3bLHw*KI`(iH28w1b}1V3 z!((#x(8+@xo8tdlR2KNx@cu`0zQ2OIx-6H{g*JT$m4kXDhI5e`V)t+kIwH^ZO+p2k zaam8vW21$!pW(a92e=P4Vr4|Pbfgw6v>2AnJ#j-2Y>rDh38G4J7N+^KbEA;{STiX+ z93ij@U!g9ld88SRq&?@h-q-KEaqTskndj$1rz6tspyg|+MvFb-*wy*$FZu6KxcX5Q zwzjI}t!e7#X>j<8_35?FhgtQLoR6CcF<;o4#X>z*=DxDY+ zD_QQ}_CAHmy#qViTC6R|@z97Pw>>);ixao|*X9Z7E0{yr7G>zRtGe7F{$A6E9wls` zbF7}+nhH;#H()h$)uKw3FMHwm!ihgA-a4Ra`%?SE;XJto>agi3N>e(#Mv~D!s{`}F zL2pnhv{x!d#uV~CbVq;P16agY7|+bB^snMxhE-X{U78onI`PjXgfTKRLXX3e?4o5r z;&ks7oY^qrM^{x(*_|Fg@j4&lZ4Cuivv?*Ti{vK4%AFbN?zp(OUb>ZGkadK^mtn_L zyxYFvuDa*M0&d&c@9J=52*)VWTook^u?9l(NQ;UQACR>CGrE11D64)6I zM^_Jfuf++Ji?r1h@HD4)4#6&c!E?F`e5Ct16z~PbyA z1!vxq_tfy|+`Bwp5A2`TG5vm|r%4&!Fd~tiMyv9j@}8<1>#uCD1sEsXc#x}N&&?6B zY^|z7rN|*z$q=>dds1|;1n8^pg6ZXI(cf)}>#S^>J^8XesWIE_fbriMr=l=pSpG!~ zj#m`SXSHtlZUh}@0W2Uxd!xy~oMy~ne_+gW*lp_w)FfWOML$-JBx<$n*41i=p3jEv z6XCPrk?|}L>9k;0X4XvsJp2&MM-tr@X&hR6dg12}+q#=V*LvMfc2P$A0fo^zEb`3V zL_qve0T}b5C#oZgp6yLB&qu(Mms&;W(fA=b;*SPI!|Jl|&I87Ue3Memb~(5MH|b-4 zw$JsPY>0rmg5HXX-= z195MQVm{Kzp_3Db?wnZd()HjtU>S9^JidV%x`dE>?KBGRTIq>+d<-9f-Jo{UiT7#! zz&gP7F3V0BS=UhOwTW|gMz4Rf6~6IGEpPr3kI4({CF#?-rD_G`a%!h3GzG*mwV*zX zHDDVDRQ|RZp_7$vM>cAjNBzY`K{`PrIZg=Cuu&*Bso-0W(+~R!IfI`AyFyw)BoeV# zB4I4pEC1C59!Jn*t6sOKww)_J5IOlvqT)U8gE}v2vGk{KyNtC$KAx@}y;D0Gwo2%P z!Uo<|nTb5R0Av{Pwj}jfbuZX;JG09|5@_WLH;qe7m9=Lcx)Swg-D+z@g2Qgi?6;*V z4;r^j;uc|IR5q?qI7K6q+hTXDMd)=Bo0x@S2c__mX&k4^t#x*WK5b zD)u3Q{dEq}xru50-0&ucE3?cS%+ZLQWu6ojYfBpWGpor5SE^?OH@MIL$`v;mq4Q-g zof={#opj39hJbrddRq7H^SlM`mdO$SvstD17Y9FF7ld@0*>&EP^oTtFCF&w*?KvbV z*1N^~xo7D$Ns+gXp|D|!*|BT0Q%5em9*ZoOfr7oQ!K{itzUfFUBK>isR~!aF?}Pl6 zANNGGR-mTBL!a@V*jYNb#oAUE;ZCM5W_(0~Clu7dIbIqrX}Eh&sd&EcAnH&qp3|%P z{=a1Zi2D$Rv@KA$K3mQ*{?#9xPMj`AopubF-eUgr`*X}ssXbG*V@7;3WW3aelA_H3 z_xGVofj`c!{|KpzC!A%|Bkl){N83wp`(_AQ)1jCZ@U)%2&0Bl%^OMwY0DG6Kz2j;b zxnV#_zVhC(ruD!6NWyv;97+HP^@u?0ih3;>0Ptwt`daBrLEpBsh57NSoH-i9l(>c`Dxo? z+ecX}_!kq^xKW+(mEAUY7Lkmtgon#DDNY;8!19uUCj5$Af<`8{_5dcuPNdrWZQafz z%S>1a44*RvY}E-p2A{?ME^lA8cXg!$cDJ6(+?Qnza=g}I=kRp@(fUtUa34{FGa=g@ zC&h$8BFR6Y*~OSG)F(pT zs~A*2ShWZ;iOb)-8#AG0vuBlKmU~_5_uVE)FE#?`mF{bsZ=ZR+X0i!F>k1yiGt2al zJMzTGEbHAW2dZ@q%c(%JzRgKG#Xb_X2(+zN2N0??eIj>b$qg}I2f&T=b(TggjlfMPIt_8s@+e`UXv@j2;vTKi)iwV%{Ew55uYuk2Ocv%)Gg#L;3w;93>uAf!Eynm+eKO=0=G44EVfFZ@KIEkn(TnT9%W@dTkfPn z^Oy3Uvv4-!c~vRvJpm!gBVqFz7)Hl-BGkA?(mDyC_fBZb#RTVx~{l#fwnW&}w zs?AB35QG{Og9<-w526UwUN~*^3HU>+{8ePyU)vgu$*h-*9X6g>;AA{X%QZ;WBaJ}9 z_W(yq@ioFhK@9i7M04fm#y4|&jvOURnnc`uErpU5QWNpSo?h4Km7uS*;=B;CPIEZFr;Ru_FV_T1YR<`l9qTeVQSA0Q|rr zhrB*`C*+~IPet7k5F9~yTW*Y&QuF}q_L@O zSkJQ+8;%f8zPL1p-JO8K*m@_VkWl19s?&`YNi+*DljP;0kJ^vo`RE0`wQ66`96~Sy zYL%iJ8|3`b3ML)8%Exf9tHTz7HJnl!FSoH>Q%IeMy`*H)dq%W$24g!rq~0YFjjXtE zTNKYi6P6w9;<0p!SS;Eer;882kApXS94{0_7W~7@e1zOVO_eYO{UahT3mLyeqQxcg zi=p(Au)cRJf&SP>VKo#iyQ8bZA3ev)9bsdcMKbx(eJ` zM@WT@A3_Q2ugw;qs^rE7#2L~^rx4%-&O-c*AW^b%lRP1NfVL!Amw*(kEMktR?qC&f zPlnN|4zGeyQ$n7f-8!R!^nEbP}~VzQ3mUJ`1M zt){~-$c%Qq+BQ*KpZjZ0(j8Fz^YhB_wdKZDUYJF@=?a2{^ZNI}IOD{8E^VW{MkzqD ze_8POckqcZ5kFnQu@XDl6U%XxKxY?Q$=*8MBpKZfOjxrRtyE1ZhuMSC5*D7N|m#GX!n9Ltv8)xRxqXBa8#n zn-6TCI^|9d+vI*c8+{GrwYn)5G6x*%GL1#Nx%u{Z-Sp77dGQO(xJuge>Lp?2mqFmq zJk-(X7^YqzXV-JnbfKPDVe-3Nr}|eJz>iXl6JGTBp#4U#7!oO9wf<2XnEhkEi12J^ z-z1nVt4-Vu)jd4HGijF~=8CX6ysRw)pZIp`kE=#bg9GEwooQ|p2;1f?tH|RKqz^AY zrXB|!O`sKBuk(RLsI=&<+tuYXWQrOkY(`L9?r%P6(eC$tKs%iBD!9_+s5Enk%iFIu z{Uze`cLQ98Zf_5j^$&2>Na#8ZepXLQkMFwNl~O%7NYG_SVu;%`M;_&r$Cc6LZd}ux zAIhA9SfKNGQTL{p?8x?t@|w5uE+oq#pxeW&R%j`F|BGn^O!BjCu&BUb%QlQ%&(J3> zknzqFZYW;QDPHE{LLgR3#pl8VZ@@Z;VaUs0eXCOsx`Q5z54oW+{dNcO&i9 zK*4C%$eDTTYEv`ysyYnvWx72f|E|sjsp}debVb)mXm_po>`2?+K5>>vq6fpL1C{qR z-DE}_p2pJYWm!>PjZKaH?6_$shy@G5+Q$(Zupjp3!=?$dP=&{`3r*w#>G+Tk2wVp- zNmaL@bZiepa*}qUNXqr8R6z4>e4wLYd)Jhl`y_C=#~2yI&8`dWCeio<>sm;+NT2*T z6TI99kYYq3(>+7f+Cg32!<=i@AAb_4>1a1xQ1@o z9Y1J@n;TQD*P@CBlK?p1aB?bx-ne=IpL*qElJL=l)e*E+-UpQ$@Ixs>VwSvkbFQ0M zv&{>&_lRQN+S>D~peG8|Lu*vcFTR-pU_ZLqJHSqws+ZB15@eH|9?DgWmdG_Ew*Kb0q!1}zDwhT(!oKkot?9cpQa>eLCxpox3zVzLL^9fr+@&fq4O=@>Gm z_FkwE5xM+2YE;_wSWm~!KSOAa7!1UrJ7+y?^kRehu`M)xj@G9Gs?tEhKY)5Fj}bHX z`{iFc*81VA_@6^4Z-H)e*Y=)myyVg9yJ&+QmtiSe9v}!Pn-FboC9E0Px0N!p%}sbB z6>#~6)qqC#GphVR5sP}>V6+y07O9AjHkP0~w`?7KcaEq&c#HKp;IZU1I7B(2bCx)N zGQiGDwmP_V6)T&|1*WasuU1BWxJXj>r4{@*RcY*RHym;+>7OBrS0oLXthSi$1d037 zAAy=JZLYnD$8`G)PD#gIz^-j5c6fFLkJ|2c13bP#eGi2QNg7s6tA>q8aowb8)7}5L zj3QSd1*5yqGjM0DnqX-d@-1~IUxt}N?tm5=;`;hmV)VVDuivD}kt)Es{4yDDF>=|I z&!ZAZQ-#Lp#@&x}>1cAqz~JGbHM_k7RjTmp%8fp!cnni&(L&C88KK!x*Dx-0qIrVL zQ%L{CY)+YnCt6E5@(OE3vUDS->$w0<39`C}Wj|Q}jXO9=J0~~Y2h-ngHn2D|K~2h; zfl;xZW5JC^_+oZPnd|&&^0y}FnTxAWZYpISI|8Ajwrda*j=l!>bOh_lGT-BsNQ@>z z!lx95AU}JzsA++YUF8%$EbTQto+ICgB+U@2_ehSLkD@tEs`UcMn*3=ek`oo`7lzGwtiL+R%bD^~x>E8@D?#r5*=wULH1OAC?-s8a6loc`R6#BUQHnotnYm}tm@>5MV zhkAzXKNzBgCXCEUZ$I`I1^jbT5ZWHXd7gT4y8$x#h*Nw3gyD3P9e5$#&0mG!C1?sb zV;IfzPa{l6a=+mq)PZP*nAV!U5rUSAP}_A2VD#EzdTX{`GyuoA*(bwFXYIqAFu;1^MsMZSm6y`n}0yssar13Ma)te5HX7 zBkWybm^eB0O(7k z(r$+NfDPP;!uBGShIN*>%ImxB*FRfouAN%Is{UF$f|M;~-#glg+44XQrBMNmjb zsg2>S+U+Ub+(LIN`+SrzX#eKc+QqCYqzstIInoWi8}cT;qo%Eu2pp?L-k+-MLX&-C z#tXfFX>On?w$*I>jVI0`Tbse)!eSt_C&mc8hh4vrebh^4g{#I{yxmqf>0U7TVluk! zH^(xb(@9`h0;gd|ep^ZBlCPp4&t%B|LTFAKbtb&%?L>)t|3|!A`s4eCRvcIUA#m_* zpBWAQ9r=6>dA4(Uab~)&^8ixJT_)Yt#*n2HV)U!Gbc9P0Gj>PPCO#3^N zeR4t-Td!gt}-n2wmKs9$cX$`4ySsGo_eJU$fz#kY{W|QrjxzvQxuf?AN zh6Dh+rH1oy^ERlc3(#%~p&T0yM6NZ$6h5z(6xAFNIbY_9a}b_FT=yBYNUr^77|7h@ z*9Mcf4uSVodK|-Cct!#ZqJlcjvx!`!Mb~0S0hJT?w z1U{otD*qb5tuk!C1i2JLv=nlBUJ>>!_2`wbib{pvcgOv}mJ$*eO8`hRnT~1BQbH8< znUQ@RW=wQwK|6IYcYX*_?1t_$@!0|LV{deTM3=MNmQcnOZfL^mG(7}Aog&Djr0z+yT8@ws@5yb;^UasEtQdRBD5rCP z+g-X}bpk$M7RM&RL`h)3z;$PKDJDO4ZWBq zl~~Ihe*>TwRZ}{6-Y&OrT0)r*Ue}F!wF^8lWa`*?6IQxdbSAKj3G>hr>|%DL{q2uO z>Qy_`?~~8dTdopy2Ev&~G=20S!L={RG%W0s2owr#_{47Hx2VL4{9Xh~S=dn{K9neh zFmk_~`jdsTg6KdcoUkTVrUvA8a^!yOI&jO6`>S&l8I?{t-JGcmWnkTu&8@qNXyI^_ zfGH=r%7DMeZ&5qz7ixks(8Yy+{~_ObBI%vJGHML=<7BVmN}E5fk{1=*oB(nPwsuSjiq<(%J()v|cERw*wcx zTEXm`aZyx;njvft9v^PNdm{y?tx1mwaCE$Vq4(qxO=7^>j1d^jv#I^|{78rO~AtJ^ZcXMZ`E07xpW0`O) z4T(cpu;EngU6rwS1lgC(4D|m5QnD&Vd0EVS^l9vVAQ4$a-k*`!gKj$rYZ0kx5N@<>YJaxRWMEJ02P_2h!7A%B}N+Iv()2MH57|(l*p- z|6xi`;6GFb>SzRw0|0Xf^UB)hc)Vq@xVU_LU24E=`)NwFigyuqTw6!}9%f~DchxtM zrreWZ$nm(C?BS=x<6rQhdR0>)aMHa%ZA*|0&aHZRdG7;tOrM#w50{|vw(gZf`Xt{_ zg@mK+6hmG&ic`F6*msKdbiV!;)x_g)&oa}tL=4abTPk<~?p%dV*#+Wt;_4}IGb4@|^Kwz7q}kPi{h+Kne1$>e zD9hkPBcKexvthN86-;`}6`XL{&$#lUA_KLG+zu4;0R+Qi;sXkBi z2Kq^B_(TmN#zfqxr}h~@3y>5^-K0OwP%T+qrS`!@iTZ)t9V2zD!;3|s&XDf|=~%YB zBjbZ`puLTJ%5KG;Ig@A;$9TuIBZVgboh0>lX@d=}GNX{cE4GpvLG7zUW+3&_QV+M1 zFeap;nOqPM|IF6LZF&8F?n|rn*KF1-@fLn`zTZ^$LEwESAOlZ>R9ogFXzp{AX79&N z?uln4z54|lNewm6CHA)CM5nYsPyD)aQHM-_Hl(I3+8Q%jL=j2T2MqQ9`^DVa3R}RSIc?pNl=1J z2t9_Mn2XTK@HslTyHJGk9-YV^6dft}DFY!bzei{-D>qDH~ zOvuCzf{`!eX2`RO=Z!C(?Z^dGT!^FQF^4*9zn;MPPD)5%OEC&3D5!53as0nhjIHBH zIZt*V2a7_`v}p^^87RW&IV&~fw+T0m!+5-+=YRNpGG)p7r1R`M@1Susp#husrGV4Q6Tp#LDJ+F9-d!U*;plO*%KT#{*Za{iC;y-C#z9h;X zQj|YsZ4@j8nk@oxk*k{0RsuaoSsUUGlbvp+X{dPDry zO=Ec2O!V}IBXj8ffGLV)@-&pAW_Q*1HD-V`2eV>T4UkPCgam0kUF4AG&1DPp&4XtT z304LhJ(Wg^MytKgTsZ+Ad+B&l8q-5A0iQO_0>H_DVI?$wE;MD@#2;eFmn; zM+3e2GkU;yxL%DR44tN_VVraD(Gw7TUZ<252K~7;Pkf@c5X$7D*o?1}>_t6l;y1qY ztYLK%e-~CXL*Rr*+nx+#F#4cmd0aWB)8JFE}bcA?FrfP>hGA zj4U5?fd5Dy21CLm@NA;y{+*j*Li|rgzV+a?p)whGde^MAHxyEIc4kwsyvzBe(gDiF z0ZOgKw_a#8v`esD3T)PaGn5@ol{oqdmG_#Fu`zSsYFIap131)AaH~xS_cveUm0G>O!oRULjl0jatM$vAWMR z!}gL~CRD<4L7w@QuwansIJ}~qxZ@PzG_m&2&lOwyhyPrx7?Zid)|Jy1x0dW^se3y5 zwbTNG)7|smcXUid5c7C804AIANRdbuv3UrK6ZZyKmmT|qiBTZ8aG-6yY%Sx<&0a4Cz!_%K~jro0Eo=+nk=qv{=Z@c=Jf>;AyYq{=X&! zfG>JLlez8uaV%e&z3G5L6g_q0a&k~Y6uM8bQx>h5fAg7;)nRA1bWp$P4WVS9)GTqj z9b4t0F~DE*+F`OhY0b#Innobhhy6gG@5v#u7S4f+1>6x_se5c-lN+(H7Z2Br_q?i1 ze$i?2lOsY*6f`KDz+mq6K6tYtlUp7E3N^eVW3&Hn^v27!w;*thb0BivRDEi(DTFN& z-3Ob^yVztWf_G(~u%JaCSOA`eZ}Dp?2jj^gkqvtROIUQ|XfcA^Dki`>$G&s#A9Uuw z)@-0;1W*3&rr*U?HS_ysnBzAW=G^uSM=z3GhLOf4cIh1UlH9Hk;+s>`_1c_Ocg$=; z08GkA$Lq$#hDcXFCaJh+)+P6p$*kS zxPm2j-RxhQQW59;SIep2@u`}cgMY0VfB7pVYwKf^qSR>!_C8v9_c*^0Y!S!swNb8s z{MYhrer&pB1EQo}*0~?@h{X!i+s5fRYK!B(d>H54$6`D5-ZCLc9+EGNhuYA9JJHIF zHhFyBD$h0_f&d<%H;QTsEl}lL=)`*gOQE*)h8(LCm;pftDB5DUytY0$|MvnbGhT6C z6a_oUUTh9^oWh2L4{Q(IIj-?WIm?GA9&){HG&)qP8t66jQ1TSlXU6y|0uh}@pe{%j zM;mnfjDmFYI)Ht7Az@B61Xyd9@6Vamp=|W;mKRFY6}0fZ6S(h|9hq&aZw5)3pB4kH za2Se>0Xv|*sxpf(X&h1nGsn2B5mGEOp2xb9LQ=la=}I z`2_X=>-M=`?P0tKT}nyuH~6+WC4Go`R+``JBuF@MFNEh(*Io20)WB63`d`8>la`g% zDC8ZHo?yDOq$O*E$_~W}JU1Jrs-K@Te=DB<*ya5Kx3Fzk9uDRzvrUE8g{gG*ReBS7 zCP*EJ`q{S6iuF-Sxw8a2lA6Hp@wU?Mz}H4A3UK95)$FkrQ<<#|8CzJ5j%iK^tUU$K zAHq_>BaN4}e-inhto-3PtXtYs$dg5C=} zp)H(?_`Z}x7VH>8xi(SdF-VM$?-g7A-jl}79^k8It7{UdQ_f3y4H>Mm(Eza=re}^? z_0Di{ldLX>Jwo-kT_zCN#6M2qWRNEeGtj4jxH4BZaC85H4K- z);HzBw_}g;_Br?xhQabmmi#;|a!nO3gQBx^04~}D7WAc9q$_Op+RQo&Cerc<+#{iJ zrKz%-OEZh%q$+`OAb6CR#q1*9Kq zZto(h1p3gm)8l*xr&dJWQ4U=WR7gtZ5OYYW-kFlzBVMzC6=SSBX>~Z{ z=^4(_X68qU_XwkH;m+q}Sz>{OxV`>YNv~f&flnJ-MvxM(gj^^5N1|qn%-O_jO(rC- zml%#Qv~T%2#w<hv%jz*i5-WH(fp-C0#}JMQ?) zotGnnRH9FhAliRuU}N~Y(_&_U#su}deCL&-Jvm(4>@yRi)Q{wfl;)VWFe3QI{nfp^ z*@8ajzyvR0>&0Ec!eQ{W=L@%X2vF{Ah+0HS9z|IYn@zWQB@KPFP|>VnF*5XKucU_1 zT+nhl{EaHge5YI8C4!E8Gk^caBQ7aZx;}9C3mGbS^Dd>ODp+;XAzeGUFSb+xT0L5`_fToC-(()P< zgE5z7F$X_>Q_Hy+vVC?Ir)O0RHZ^0DU#NAKZjBV!c>;0FlXHL4b02_Qj!=a+^5R<$osC|2v5 z{mj*;Tj67D$O z6RW(`Jh;!T4iuO7a0}jFmyKIiDT{UQj%*DlLMAJRF1NG^s0ws`v6-WrDP8e+QBpL-De9om1#_22Hypx5EvMSq6uScrG>k+=sX&pY`^D8Rl*vV%3|ehoS%r{9giEVezDCXd3x znk)Y=Y7gF>)xDOB3BK|fHH=4;>*SU2gb1HNQjK0|D*Fi#0HNW%qsK|TwT zC*`eJ%!Mk#i(3K$$=m#Qpb53lYx2)@r05?WBDU@^4y>Fc?Dh5z?)vLGE}4YzDQk}t zl1}u?y0;XiW1Y|$x3hDem7FU0mPs0+Yf8`ew+n8kYr_Q6#j&GFueWG^mjV$W#%#5& z7``{sD|-2?IyVel&n!WAMz^*81xfDx_rf+s12z9J;kU^?l_PA?-F~>74~Ym&#>q2H zHq3%;N)m>*PpQ6T$^gB>xvg)Y^gJnP!geQ6bLpRBVh-Yf|B}D&w{>$)QwHZb8bKMO6Kf4t=?LDU&*w>9Gf1 zGT`Lh{zVYwP)Px>(j=ZvgNS-(vQ|@hwhzYjiJM$Gbh4$Y%LBF~GW|RE6KtJRa45l| zMPu8xZQHh!6Wg|v6Wg|J+qP}n&O7(xR=tlqA6+#yzui4G(|he@($u7Uvg4SFUM4@L z{Vp;(ZkGd9H{y4^{M-W^)=ZFu`wm`eU|C#|P=(HkTTxCc?} zeo={%CD}tEWN_9Ka1W8owt>$~^y2Fr68J(&JsM z$K=!O*SU3*XC-*aXtD!DL=ZXIoW$(!+k;ynL-*-XmK|CV-S}M-&FNU|!1>HiZMVkK z1rU`$7^MiElsqix=A~3iR?+jaGEeJ( zE*pVLD^oVFnYS8+?!txoa0A25$Tk+e+emt7!ac9H>Pzy{4X2}KlN7Z=YtqK*^{fX= zp{B=&7k={wm_HHn?^j&-#!jcEEoHW?0-+J9A0#wCj;JU?$e+11w?+t*aBKttVnV^1 z^xG;AP!vLw(oW#k2}nx>0nlFU1u103Mu+#c$XRhls}&w%UP0yorRklBRH1>-Ny99l(9e+qQF^2o$uHkE<6T^(*{G@}o3JBNut}`wVnK)*}Dg z%$G|QQ6VIfygd$>wW*t*H4ni^*kYe!%nV(EkJa&}G&lHRw8`VDDwQ( zq>lWSA13%FCtBig^Q@+s&Yt*~h=QAK-W@xk#+3EWXX;4#%jC&#cSgp$NVIV*p<=!5 zQ}%r!l4^m)i+dO<=++kBo`7%gYalP=1kB)3s){pP@R31m6|gFz)J;%K9a=y^=q5-h zVqeRD`sJ#6S$u3GRpK+)Vf%b2K0NjZN}A7tF;P(vGv`RBFm@GEs)$cgNlfvoQO*V> zOPl%DNC)j#35Z+4!D0xupuVKCt5|kjW!S#=hM=WhDhqQmhr8U}E&x#cc9wNb?L`?A z49QIqb*`X4=E<(oyWo!Oi`xdoIIpOp$@_@=qdaxPz4iMhLP`9J&~HrYR+@{{)JKfR$4XWypv@4>Dd z;SRpKDH1OUwId%)d)lI!jns+XZVWyJ)}ZtDas@xBR67OeX{Q5hjKn~2 zwP`^=$v>S(D2Q^EXK)O0?yjZGzfVEK%*q6@OI>=HQn=N~Oc(aZOm8v|Xa ze4Nkb^DI1g+s9)!u?(j|p(I)+N@~t_dWHL7Q4n$?UA=5p4n*oh7sK}2NB_7m5>&Sp zVqEmWZ%mBH#>bC@Q9{S$Ih_StF9yfxI8uxc{hasadhzf*Z>TjwlMCzyPMXCh)7IQm zgu~p%kI@+ru2nzaN9TI2uwiA^eiI32?CE>jUPfGBr4Oe%Wd2|Svn?nO+zwMom3 z@2M4Rn!rfA>E$4SY0xJb3E3aVglI>C!!Wt9%rSo$o8q?)aCrt{8N~|(BeiJP4zI#$ z7dPqqp?drEk=NoGQ*)90f@}41Jp4T;du!K-^cK)ms%$02xmJw`x?=9Ontc(ZtuK!j zs4Fz9<641ps#_Yd?01M6N6Hig0zrpE@>^0QYG&;(3{E+Kf?mSNV%&Dz@$XVYop;EI zWj{PCP_X&h+%E*cRau0#C_w(wVx+|=ciLbVJ?aI4L$4vsIt12y%US3iG84>7_N$K; z(#l-!RWm?uw0)&>+^I^vtDwH&FNyk^-uMVOyi>3ap2ORg_5~}bb*w_6I6mlc-HAK} zs{CjsGhQhPkR6P>0s$#Pv+5-F>)>m$QjiW<(Q6z)yk`d>`r+t!%-{UXk&75s2I1j( z=KJw`5q!STOKyO|$ck3$5f1R#7MHN(+m_3#*eqecfzG6kR%#I`W`#hsdlBoIs9q$) zrM=eQcY%UNiGpc{R8A%`2Fi?AOoSzJr3H^|rH5naj(DRgZj@brdS7m7$$>Ugl5y zHgWYG*=aeJIZH9D|!2&Vmwx{42m^Jd3mC?in-`l~I0xtyf(z<83n|UI%0J-fso^*Lb{N0VkfO@}kr%E?J({4Pl%ZZu_h3 zdNP4OKXHI@367HQON6j6+$U5LDyhL4!ZZfvSvE81bSZ?N4@z)aZS~hNUge)!tUIA4yEISoudo0e?TN#Z3~&JZ8{Z zW)-7YM0g26GfbiB+<)}_2$ln&)upeg7J@2z4}Tz5>q{Cc$>Iwu0 zCD~5pULOk8V}7wJR*o|Oxv_dievBIOir7Z7H&Sje*Z6Rdzfi_0-Eh$*8!Gvx2?l!>`?c_fmQ5)~+GVm$`;FGCjp+r&pH z{Ms2R(Tet<_!y!q1KP$L3-~j~gZp?FPi6#UT%3!gIaAqON@p zv%m$T*`t33FBMCDT)wYGF|E;zgeIK~AW-_)FMZnSvhV` zQJ<*CPdd6O%9A(EACh%z`n3lc66c;9xK9~5LcNJsRXCV`;4knlqtVSVl~Dk^)_#zRh_cXkwHN83yGyk1N zhF9}L(nW0PDS~3O8S&;2X7ItabkyO|6n*g*I1NYH@qY>G+5d;2o{5!_^S>H;CITi# z7EYG`-u{0<{XaiFGc&<|E+~323u|W+M*?~=YXfH!5fdXjV-qMoJ}4(=M-u}ZDEE!2 z4-=Ivs|7Hq!y7ab0dVrR&dyHoQU@$Ia*)(Lxc==xX?wTVJ*2H|xbYmfmz;Og>f0}# z$mcm9)ooRmkr{S5Ia)00w3zN5VK@5`Tic!OR5^{Uf+I zU@pvxj!nRH0F@9w|AOj5+3CCnyIO5-%tJ0&ua*M%geh= zh&^^>fVpW%2uJV8i?_{k23~=UxwVOv<@pI9eF!E%iN(oz;3JzqyTNDxRN4rA5azb# zHc)k}--kl7qB5GG1o>5YC1pag@CvN}Tmdk2*z^1Vv57-GczmudYa*7WfhWhKq7ySREGfsT(tayGa{&H1$3Wf-^3p? zmp0M;QO1S_?poWk(kkLAQVKAT2X8F_(g5h}7-@Z(ziXW-b`k);vZpi4%Y&+?a{&OT zoXE+!ZNb3Q)zv+j&BVz)wZWM^xvegC0ad1HcO2_n>VUd@xB#jH{G_g6m^`ea7PX1| zaK3CA1y%;$s#E&-B>@Bck{pE|lnxB3DxB?>3qJqYcl3J7-yWSjk)xY15-M`m{}%tq z&JAFly_M?q`lNTUt`BU)|In`K0cEzv^fG!vUp(Db?P481W!63G=>WtC>}3}IX5$5& zV_S)b_~E)3zhy&aw*_`lWmhGIrFBKD;it5~`ElDjvVGco{!ZNSOPSf8y@fVZ6%^3) zjm!Z(vAKj09J2e$g~-js03`4?w1S%pJ*dwI03e!yhwhe-f9Fo@@2-FAaR=M%F1#CG zpWB>$>;_puIJ!Q)iTD2gJ1MXOw%b2DdP^1G>!q^!Ci~Zh40`tKck7G&h3F>o#*12jW{2z8;9_s~mYcc@Wqb+s@U_dO3>`OqD+Mf* zb&atkfc7#YKsoQH*%glPladaY4G;y8_r2-D#%A`0`!Z|tMr-;(>suMtTAE#r+qX2g zfp}(P0OkEDaOce8?18NeZkE@2%8&XRj*!LyK!!FVXQ%#aQ%Uf3PY24>3~K*P>TC4i zSK$XsxSSg;_T4fgV=cIHV;5u<(MMo+`NT%2@~fx!FUhL4wZ5VCGYz=>YdPna%i2_5 z=lc80`>i+1;@`Vin$YS}$Jq2kpZ&M6?JxG6$o#gG4zbHH5|D z*Q~*plM0NnwUr?tlUJsztABn_P(C-%;bt&nV?7{G`p!)>IJ!c0*A53g6h>_bQ+42cC}>Z|t6rhF^A1oqI53zy2}+V0*i9 z@7HzZ!~9Ej22;PVn!5vOotx>vg1;R1WS^z|+F&cc{&qjsKOr)9{l5m2PiR{&_;<9z zoqm0-YjFP_1>pPw?oOON!M~+6KJIe%W`92pII*<2yor0t*j?%T0Pe1}{}8{kbKUsu z`ORb=-1_{O@iYGL`u}=*{Pt7H!L_Ifz(Oas@(27lh|J85_YcU1-rKY@bdT@){@iBX z_<<1odeQ$3YH6&kOee-XSI;|7**y*oJ$#}QgBQN~tzrE>&%8IT?buHI?(c5m0f2M> zMkAt~T1R^T(I#F5MfeOkl1t@{x1YsM*uSwB8|9%XlWRfRi}u$sf8MM`zh zr5iAIN)G6C3_x?B@`HAB_oa3ji8p zbrul&H3a#c&e#feH|;;5_;iN2yA4v1Vg>jSnrWT0RCg3uT+>+Pow)kbqyz8n{kjzu zH^7z$DfrOU;++JYKpAHfpnt|Z1WkIrm9YoHt7U3EFoJLG%Bdn12^GymY18qtN=_n zr6XJWg+qL2D3mBh8XspCy0qn~7`QWVFimQ17WuN$rQy}`&!tQo$soJmxYM+?wYE4= z#Ru+|aqWOpKy^NK+|^}u#?_n^YbdG3(61}yCBX+VNfMImi70ylrcL0KHtmh#gXRtm zW6NdSuB6#LHGJ0|i+Y!+(k7mDxQ`3Pvz?`S=N!sm&H+$fo(u}h*gCw!%ER|BGt--1(W{Z`ZlAkH4f*bE*~KN;6xec{^QIui?z3zW@B_YdjmX0KPYk zml(MOD2T@GF+_XtmB)%#hTLOu8>0mz3ULD3c%MGr7%+QmJAA5Flqt*Ku!mN?^x#Oldcb?wgr zv5@W!Zga4%zakf_IQ%`vqeVD}gr0@shz}QFy9DnQ_Q2AMqc%XB92W>3zn?@bVac-@ zbrxaBG*OvWQP>38oD=#Eeb*oiBUkXo`R4SqWt$Ooa(<>GmihAM6Mo-qsBmil9Si@j zRV@?JgB}lW2;W-z!NU~UXHJ1p)S7=I|5Bt)epJ#+xy|w+V*?@=3u1&v>Y@;?S>1o-X_WP#OUYt6h;?fZOMy?yvwrDeN z4X7E+QsO`Bs`TBz#!Z@;pR1Srj5?g>69i}EqLuN$BGV-`>JG!2-hObx>vh+P zR!vWrPXrh37?&6wc}i$@HaXSkVoY%yxeM7bVnrLYfmT zUJ;}FpF~I}@;Sxrbv>BeYD%Wvod;+6Wpj|o*htwQPYtIP3%YnyK5DhN)(_$2bDEDg zVS9BjK`n_~waOw$(EBc*nPt`k<69Gt)ASkW+(tk#|aV#_*?{ND2@qfRg)y+KJ0 zgUyZ&$4BAHOLg`*>)f@=f2+vmq>YVK8Ayl)zZ+smJp|Y1al$9pJr(sOMg2(<+-lkLf%-bNVZCnPz)Z>}(Bl({HLJJ1mv?~pjiuJcky-Jt8^6gviNL<&oDJwSmEef&zdd$;OQE5URh>i7ve2%(iaC8zP?c(#uE2%@R3tlw-VA2hjcQTDex_-9d*@g$`(A-t9B=+G zS3cSaKk4*I<1PfYZ0Dv$d2H}ci?CRlY-Mw1k*R-E2L8m;bq6_g;C=s{a=N!G2Z#r} zk5A-!IEo-0da2gBmBztEcwW~O{E^}fk%Z|!TpJE%Yo1+le@3Zxuz$`2rjBL)7XtZ1HzKG)04@uTnxpIj?>~)lCBs9ZL3Jb-2)*t zUgKW__`%1^jXTtuYWk))4qnhN55Gse-JeSr5Lbuhbz^wxZSh5l7Q`ORnLl)t^K~(S z^;yU?>R0oj)@X}7YV7wLkSn%LaNs}c&6H{;)XFvg#p=X>T!yRCzyp$b_73MblY3X{ zou-8T%);Y|iGy$U%V)kO#`o(g)uCoI4%MBvznv9nw$6T%Yn3fe-zudJEsq2k*$N%) zo3p`e-c??^a?DGW@;Yzt3C|e-Hf2PeO3pZNw7Q#kQX*u$;5Td$T(1DgX!#lU#UjHE zUX6gXC^(p5@8v*AtDyK23n!)pRth7Ub&8`(I}S5rk}7lOhKg6IRDryV?TbJ1@>wR- ziSI(pcpZ!VjMqXa@>XgSi8p$V8Dq<;+g1DI@X98R)Qv=UH{Z_s^}?X@p&;cm#yyTi zx>aVQAHtzD!{einR%EMD$96%Hy=G2c%kbUN#K0783m)b^7QjBI4owI+L@O8T8)zST?0`YzD3<09*W}R zjmZS#4T;o~{S-+_MHyNGSl(PtBy5~8f%0PcsYR8fod6z{O~FfVsiogo?M5F)84{&f0|X~`McqAGaB^#ILL#O5^rjg!b968 zJK3CZjSdU9(=RNB2$s&E8T*;j=m48JsL%tZUiJLg)zQ+8M6relef*Bd6A1H0Ts?p6 zk`}Qb^bl#(zMAtq*iDud1edVgKl!$lC{uAWI;h+(&k(c@C6d7=C@XTNW4Tgc# z=xaQfWQ!yfn$w2BxW_nag;AWEJyId2Q@-NB8fY<&P!?I5hcrnR^P?L5;yBqc9&sJa z-u%R=v2hHuW;K-jzlsvFkWWOt`dkN;{}$D5z0Bs-m7|M>>kEHy|@BRMhh>h<+CH&}RfzcK7h33W`lP{@wEyUAn} z>JmK>4-}mg+vpq_cz*>kU-?m}j(;Yl*eY>^j~7=JKlwY4cBV}b8hg=#gEw{b!eu@j5fy=^ia-mLVMakSa|aw4fnDmLhzx=&_c(!^G6m zZRx%i!NIM_5KKjNm|Qy1wLzN553hYOVML8sSgNFs#`H--vL{k4Li9`m*~KVW@#lr> zmL)(cuc8RPF>)ykRD(3i;z!^WL3yOGSf!Lv{8Eaw)n%r!W_VfE-cK!B(&@CuqgE3Z zluqn*5(cYKh&vOlkv}uBny-jZc>Co~uch5vdu0t_$4Rh7dM$7+y%MnX`Is9Y?XC}B zfB>>rE*i^vLJ{0k+`?5Ole^%^bR&F=9^!ED-}&w!0cPdEOmI5gAZcoM&-;cEZ^P{2 zg$XsvteOVRxrWYFs9jO5>HvP8xmep;LurSw_RRz#KZu5=9fGj%>l-v5U4^cW?e?ka z^p5yQ2^ZmwPmw!V5{8<8-C8VCH3Q}evGn{KV@6DEVz_`aIFr0!HnEE{n1}%#vits! z3LKqlpn`qEwb+#FN(11&ahjHl&CE;D|2|`Fd(rVDosFhZg_eO`Cg7~O9YyqQa;Z0? zHtkF5;o{0go-rduhg#9-{_2&DgGi??4kh?tCHT?_`QFCUN)5mXQ<`oGCMrfGhXO86 zhos$$xIgjjYDS^c+~th4G^(fV-3ua{Yi$k?E>0RhaGWd2N(9=)S8$8$?vY)x{zo( zeWFa@&J3e+`ACI*#aQW^wd&tJ&{uJx4$f@UoFy}hPxPwrIa71z=v{5L*q6=>vTFU# zfQiXg+~aDH%F>^5wmZH0rSN|~wA_Ru&DS0kI27czvNvm8P6--ESP?pNNNn9h7u4ri zgz$8jX>~UHg$(|t2f*JN3YMuWKA{&Zr8}YAE+6%gM<}s~Z-P5;K zvhDgOz%3VuL#x(G{IL}yVWN@dFr2R(GVu6)iPpBg#TiTWBL?iOmDJcY4^1`{!C7A6 z?u{VRo6LOKG}NOJv8G}2fYx6Jt_ZL8v84J zxd=N51)UT3J4=mU#;SbYQ+`0S5x{nhGh=|&q`mV7pm-&qpX-oJE!4y+EJ?Q(xaD=E zK5b3p+!SKp(O!4g*`Hqod$by39TDFJMwx49LxesNO1>Aae)7=vlDW81vL?itOT@wa z!?P4sI>SQ_R81^XJbE@>jc=x%PtyC}yS9jU?H%mo+T(N9j1}Kn(~h#_By|bn2ZTnB|Eul356QpGHtF=_~EwJJrwl@ey}#+(5Hk7 ztW~6yOwWcW$G{S#O+OaL&GHs|ZrO^(mSV4`2Qw0BHlKmf|p$`g~{ zhxWJrvH^n=JZ_&}J@{;o?1Xa~J%#v?&hi=3*X#sB%u=T2RN&oeFCAX^phQZ0R#<3# z&4$c4nGsPZ7-AGqaAGZxSZt~ao$huBP4IQ&GLAE-_}Rlz{5yfX+9y%;iF&uR4pq9M zmI8ynS*)xY?L?`y1>gKsSbFtZg?-G1mLTpym4CpeQ-CY8|3eN%dQ1wH8>>xly zBtpaa9F}{zvO?+>sq3xW`0z%J=>13A1a~+zlNt&jahC?TQAl;CINmuHB-5O#tR zYeV#elT_HoGAo5h^GlXRp}vAosIFKjZ zfePCk>Kng4jQ9Oo8;0PV^^-xx6F>f2;z=T9dy3m++WZ_{%eQg+!)NVv%L&|z>MT%+ zYO1X(Vy+t{LRv2|$kfc=8+M_7;|VjF8^QQo5b%YlD@kw+bh5}lxv^P1*o?hzAs`P3 za9={_*8EKa_ia4-$+4EZdzAIqXqbs|6A%RauE^2dUNG){-dfnP{MJYdngFkNgr{vr z1?MY4O0O!ftfZqf^6Qb_p4dU=*Io*}Ox zsTc!r<>@y4ITdK(J`-`zneRva?j%?fhL4ENFy>+!OBzkeq&*n&FAf+rfH=Y42>~t? z7?9n!IZK%kg(Luyv~(BtB8>prR8l-Z>&szgdUl-3uf@Q!b}u+n^aumZj^0~)#_GZI ztf$=$D&lUt8J~#xD6GPwYRgL+tAnr-j3d+2c8ZOiEh8-w&PgSV{K-44(n%g{R^FcX z$w|$v>KMRGM`BgcY(%qS2hGa5rRtbk+$rk>g^y-KZ<6aTUs(ka(6AA<`5-g?Rr?@g zBW|~FS6smh`NF65u3G(@j$!v0lH_MXxQy5LWLE(3CjqqZ&I{7FL&F=SEu`24(hO6D zGiqyERO>ux;-mVD^CUBFPkHLj#`AcNKFQcEu7NS+Vkbl)rL$0`s_BvLvwXBLf+}@R zgIL%NbnBP{EtqrXKy&=}F#QrdnUx|Uxba^|Fmb%`c-?V5DjZH3H;&>2*cYSdP+V>R zeHvP-oJ;}I>Zu}Rv-ufu>N(XHX$r%ID{dul)jVdg%;>kD)oqcRPNz#=RReZA_|z32 zWZqk^Iq--R@ziwPLOEScjGY2e_(6rT(#b4R5Qyk*uDZ}qjEEJunc+T)A{ajZQa&n4Xt)az^^h_Zj14(z>|la{u1 zg(hQ=64lNJCI-$G>?^mqbCQE4`hLSGxFcMabq#YQYGi+deGA!-0^o(dX*EVyWI_(KNVO$FHmXG6-+ zOL48SP@;p-b*7*-EO!Mh3r1Y4qB$yl>u%5!ng_{~=)7nME}`qIgCQrwW^S)j43HX$ zclN);wuUcYhB-~B%K60Qhe4reRL(SOskv_1-`uGUVv!r?G<_X)u38M>&6mppB>Q8-FjL@lw21ZcdQhE?(PvIR$q;GwHsBuZ?- zB8U@a`SwwHVc7t>sj-k3pOY#CHKdEHm8T5_A%Z>hFl9nhT)-Cs|=68 z0U^|hK5I8hP?0I>z;K?Yg@6K52y+ryqti=cE3nuhc6dJ~Zc zZsQNs)wX9J0OO~!0AuwsAy$R?!;TL82Tt|dL()k|Q3!+0J$gQEdibPR_;-}go^Z8g z!mg!lE(-tXh_3aa?p$hj52$xKpKYVIFzm_|FO!-Z;>NA1q%_vvCHW@y%!xyAh^O92 zymST?>ewpB_>#GdHBJBdSL@%rh(3H;%H7=*(F1`yPw|d_3llz~D6f*0Ia22@jc9AE zjq_ICcKb)~neR)bTVd2qc?|rp!~I~Ns%JT=LZyzrGXpt)qmAMg@?a?d3NfJaY`4I> zfrdU29i>_ID&W25Al{CnaWB@O2`YyuU6D1Rkaq1}dLf@!r`EdCJR<&|1AZpKb1{{`Z!4wBr@6=CF0r-&CQzE9EbkFHqA4;*og`Z8N3pd zc#6yg4OZArOkj#SVdwYsd_F->3v^YA)13+|8%NUNj0tiDY>Qx4rBZwJHpWyc)%OQ3 z$l(K?dfDd>jFq%$5pg^e7P711v5eOr9K>Pmr{E4jB0yDJSnYFt{N;Wx6V4RuHq@YPhK6)O1gKB2+i0+?TydT-OB{C+CC+N>FV= zs-{|KfihXndI_Wt-$(5}p4s_ohkjS&;=Ubc{+Yp%tJor7sm;lx#@dg@F{{o6PeuBa zog*W4Y{C|USSHB&v$$=mS3Y)R`Gu^{*;q@&yG8{JqfZ7js%?$*+a^Kj1$XHS<-y0pQ3&W zJ%T(Y&>k_&gr zl`v4BqMDZAPuPIopf*8+$%ZoXi6R>r$<|_v*pp4?pb-Z3YJH>AFgw}WWw$_iU@Z6u z7}yyKCvm@%DP_6G!xQZBH>(n%t%f=I>tvO&e<3Z^^CLY5b-(i5A+rk}Z?=I`yrvwY z_3&*xOSs#U32wr$hs6us98lMO6f^n}&cZ zwW$r1OzAisu@^1M_>UB<;s#Q|WlF(!_}JbU`&MKhyX+8>R$&QiK#wB{)c81H$MH7hG)haTues+2g`LdbA_^$6U9`9}xlQ0J0(cB<3U`p?so=up|-X%@pKc<;P3 zVZxtx@oEyaR)`>!c~jMFX+%OsHEVpTBW1)JaeAx|@jgB#`KYQL8U_|n-a4fTJ_$a` zqLM_d-jQFIY$L?MiUQUIL&clLKRKw?6!0S@h`)(V|WG?r0Rl{+_FE5aa`-D5{%NM<_dUjKB1Y!zi6<3w2 z=r%cSSGu`N+W&=3jeGsFT9k81TLSZA;9$4qXhnkWSQ}gmn-5-)tz5(dynJ}Q;PImm z-p|2s%N^%89tfjsy!Gn6@}+=arK>GcxCkgu!z%5guE-a-t8^PRwJxvA3lLW7i8zXC z+ZzdyvjYA`F>DKPppaJM5-EFRJkC;zpOks8B{2>g6vDziEz#A>x9RFbq?7UE#XAQW zTH_4iKT2j6tEcl{UrUV;=?!$7mchI?iQjC0z=fV4!e8 zU*1PLv-U@QWMhoov9Dtq0*Z$_nl<&CsFdd|4w>}&4*%l|d%ZY?{?(bmLqRziR(a$w z7Ug)mc9?wRp^;anuL88^RalKR3^x6Tn$i>{Sj~dcRKo|PQ_Qy+TP zF6ASz!sDk{?*`9yg2_#`*RE0oWLfx8)^h*mjKf0xeHCZ*VftmBB{eJP&FM6&{M~Wx z9&bkHZjpqYsi!Q}Kcs9C;%->~Cd@8$p~@l)LB9+RT_-i_@j7DV;G1aJ6A5yd?<7)@ zbyaILpadP*s(Dm4p~4D$zzQS+E5df+Z|JvonOc%$9Ye{;)z(!W;)wm?UkFY|DhLOsh%PzsXkBj5gSIv%h3*rXFc4Y% zwqdzKCw=W@ya@rB7@HliJ3h`_|~p*w`XJS_j1S4cZ-yP z;F8D9K6q=&XGzP!a*m38IMI=+UH+)$hPup#_DD!n$v3KblN>7PmZ#TF?5<58Jedb-@;cB%AxBl8CJEpp?b|CDzA;!y*uUn|twhnULlF}P4 z{+dCqtow>(Klu}In+3s&zermzeJQiWsXyXusgsW|HT%V*)wp$i^bXJ2 z1(`Ouj^iIpWn4Yo6Hg9~)#ff-f$+_yYsobPih{#N1PkIsHFiS|cL_yDQZlr~o&a)p zPvTQ{B#d7Xre_~e2sp?JaRi)m0eyx%{U4~YeVfZG1E?5ln7YSn zci@{7kmBM%q`9$|x6u*pU#jsru7IwnJMkC`#PTc)m?*PHSDVD{$+Ldv6&DNbLrY+tH3U znK~1UhrVazX)|&nSyT$|2hYC#FB(a~znz`uTI;k9NKhf}(I%$?XQJ!R$fgc+iXZjC z_&}terl0x{pcjnd{#cGM&rLpRfm&NJ_GObu6-GA6WYeNDW1nCiEoqaVx{jDO9dTE~ zu7ok$mc;CjW+&MJ=LdG@Ky6j)nU2bJl@@9oe;d6D55}_X^#fO(+{@>Rj0I2a=eF$e z=>ukatsfCoi>YMv|XI7knbwe=EbulA`Hq8Ci+m!n}$C=X2D_w zQm8tfQz9Hynf_&lO1%<#crtG;n9bX#t*?g4rN-*{EI;goU@o&(QF@&{2*)6G)Dq8C>-B(`%c-#rSojQ>J_iiQ<1VjwyuZ7wrEsuULc5r+$W0?7s2vdbZqN2&cH0qrq<0C{0Shi0 z_^)Zth8=c8UFeTx~{VSRNuG?QJ7z)AdW_FPEvP1%wM&!*eKrp!V|_F0y|KLnl0I$xlM{yjA?RZ< zB0j8cz0NgPKF#bHD=kw`+X{W6yc$|H^2UU+6`Ro=&8(7MPGM$6jcSuo@VbuA&XFbO z)!$ZE{c@0T@hq$b{^csI8$=C^HdZ(z@$bO)giOuA+A#h-m1p>B!u3{a6&Z3Idr5pf z$mk)GxExTeDM^1!Hkf4J-!t~A zqmCuVv}c*^7yoz8M$F!_s(?se?e#>q)5lh6tc64XYRm%3!9u%- zg9OYVBtTC&bcvWEP6TWl7kjbRw(L2uKel>gZ}z=12xifS2ZPH*_N&k~m?nCt$&8?9 zu{cS1|15f2lN>48yK?5jV)v0X140g`tbf2=8X3y)0n2*lr5;Id!m~FP z$Jf>~5jF_|DbfxT)l$`$VOC6q%IcnjuRAQ^!r#n8kueW}2Ro!CPR^CilxzYSPL*L3 z3oa2ESM-KF0iO&wA;<*X!|;~n_(s4#2tMHlv46IY7LY}ANJAR?eGL&-nUwNvn@*qI zCGL&z_ib$-OwPUziqUtY!WCeBiXqnFNx-$idgh6wY}c7Bo)y7;#}yx=pRc{afZ!aY zdLT_!$iCdlQy+^QQ7VvC%-FhoxBzp!T=)D4Ou{QV>Y8&y0;?h?p^$FHA&n3Iy-6Vj z%jgiQH#r+a;|E^g;#)DzeGtZUL(8RpX(}q6wSSHxGjJi3nJ;YRpNnk(dTIebWdI^! zRU@on!yNRsae7Z(XD521b(vp4kYSDL2Ip_1g1F!VJrqpI@fx*Y7x_yN*MJqRVA2FS zbG}JZNpoI;3a!)Kf(UMR&gxfkED48)rvYb(CQ(0sMq3r~*ss_yY#cEfk7+y6-h+q7 zTw}1C9WiK$&tm2A91?U9vCXheW$Ss`cg@;wgsTm|dcMM9dt+s*uAJtsbD>hHaojub z)o#h=-L+GPjokB@T?KmkDcz_V?J?%d&I^H%+;MXSrp1aOuMUrNIB#j0RvE2^p(%r3 z1id*`47-8)N~Ky_L~+D2fd`%BTs0K=^R@QexF`N!+R$zG}D1U_;O(XuIl;~LYIMSTP5txL1X#4kxH7c8C zqpW^l&0~e*6qBy1g1o?SpQwSuRaRRLGqPN-ozO35!JrdQ!w~bvjxAb@HKLGE8rb>K z256_x{pK)01^m~*9Z|o}bi}VHH`^NAe{oOgmQVAT&oYcq5@B1qHlxZQ9+Qew+@G-J z0aMZw^`D>y-+@izhh#JR9I3VOs4GZ~-m(VyD+VfMonTF-fO#UHwOZlS?(>c44~2S- zn#k4yu;QBPLgQMgd!`E)yEIhG;7hlQsP$0QUY)mYx~{^y3-nAENrjrX`rO6|j{N<- zbHz2nZQyiAkj>WyFVdqpVz8EBPh?kBLmv&5i%R_0ulH^+>0B+Vb@YS zD4VFtB#}j4mybC7YjmzYUu$MLhYs}Rp}}+L23w>5bcJMJx)p#{yW&S}PRJ!;WFz~q z#$JS*_A&?e3qb^E73V_5R}L?cOa-P2)^rHFjs%oW69omh3@sdSXq zJrLT*y%VogoO|yqG$QA5%b9Ts*#tA=w^-9u-rHeeS0XTb2x03qh#k&T?2*Hwr7tZ9 z&f53S-Uah1bh! zIdFr#_+V)A!*@PD0=X!al$1ZU?p-eJUR)2ArdSeb2&yiZFQ=`m#l@12PLVP?r!QWa zG=kL5WTvKQP-@+`b>-H^eqL*RQ!UigU~g?;?qkmt+sBE<_gOOrh^VZs5m%j!<^WYZ zLKBFo>x?d)<*pa9bh(`@Tz{N83N^pDihd9+CRadS_IROaw<^XG%|kZPRv5m~;P~3{ z)V~tEcnVhJwU9a(#YFY?;ui&fQmCC%r}Oqj8aEb@S`mi;qRRd)&H|!GA4y8u?~Da# z9)WVvY*@-7O;_Q#=)d)}E|iS>$r6{nJ#$ZN9b)4S=X8; zTfisoJNfiSGQ?+}NK!lIO(|OLJ`1cqcW;76$A&|7a-Yg@R?N-Uy0wt5aG7KxCJb>a zyTbm^`vc>snS0!%d9EtXb~XkTJOGOCUuGU0rFW+q@|^OkUA7VMROTIhwT$Oek{qCb zDf)d76E!&B(O?@Lml7b*{j-QDHbP9yZ73VlgTdxJSeX1-Hfq?XE~zM&c;9?j|B=PnL-VEe7NQ@~ zQsH5RTA_t{pGD|c>adkh4asE^R&TXsO9R>k$VuLpD+^ReB2^tW5w#gRYb%z3vyM1i zz><5Hr6DUSn{y7`hD4ly@=3N4AW+=-2d`F+>`6aOFDCc^C31-Yl0j^r0-+Eztpx`3 zQ?4geKbXVijRRTKjFK(96;KQtJTAuA5I@HQP4MPh%!h?1GKCMsc3N-qvmz<%rmy|`lbd=Va&F^MqFrx?gx!Z)z9hbC!-M|t{(Kz^ z1EP;N)LCe7^E=J#KGT*E(QB%m=#zjXMxDo4JSN#f&r zxxvd!8L~T1WGwe7~vJ%U3sM7r`QbAhC=BL}_0_ zD2%ekKc-m}YFtm~Ngt>Dp)%iji8e9G1%^Jieb4`L%IeGh$i zf!)kCy?b<*vv+6tw}MG<$p?3F$u5C=NF&P?3NYa(B!Dm0r#TV3{T zPt?B+(OkW4ti_WqMCg zW^o`mg3yk+B!q`$d-H*8@L-yy_1GqWgt4Us_5q*niy3s8%!~_TljIu}58)wfpEAx_ zjkA5wx+EjQCg4PZK(1(KUVu7SsOHfNTy*z*37ZjLTc=uQmG?lnjIM}B@DR{mERp?+ z5>bl8GoUCu)3kiTQuxgwmiV66u$bo1NcCoVROx*QvXo$hiZnlefX#Wiv2xMp;e&rP zgGlQAYW>{-Mn3ipkBdX7pt&Xj;G*Lb8*nyBOaOkzJv%1kV09|nz>ug6+qMK)I~}{y zmFHFmEbzrw0|QY4ZdrYAJ5%76Yh*HmpFhJgQ%3i*?X3JdQW=Rg(AkoI&H=_%yT}cnAuppzvi~_KtrLAiG8&}swG?RmEnvY?5l0Y@uR1;5mw

      w@;`#;=fLNl8GgAb|c!Ru1r=ga>*W{~-6FjDKm1y18x5 z^hzB$+C~&aGdCQK_u&Apct4&8nXtxyN>(Mp9ll|jr{xbo?=_04bbU#8D#|tZ%*kmz zG2{VTMXgfIf&9C~3W*`+nEzh1lItQ&$##oqDunc8jMzK(=-Xb@!zBRUy!!%$h?7{G zQZ7~XF(Wtq#Rx`h^cGjaJ)7SC^#+ZlTaH6F>BW1Oh0oePa*-4mHwWJHG9&Ztra#4{ zHCs#C47^NR*4#3ZVV$L;(S}tysLTV!GyuNqw6BzK(5X*Bjx>9tL{UX<2 z-?HpF7)$>t*~Mdp3}rs&WbV~hz)%J&Z9+4C6-lhA`bNEL(o|(vi_{v|rmTN2IJc^I zYb@&92n;}0oKiwbSUQ^`Qv{T|L6yD!cXbxe)uF>pIJkQ3+MrkN^_K2b*S?=Zd4It~ z;kK;o0m8#-KSq+x-0my_nph0gVI?~gkA;1)!(@WEjM`UwZ0z85Q~FgSrjoM3YSnO8 zYj{UGRgc+fLD+@N!m4TO4F4`E1;o*6L-ry)r zCLLG9GX(JG%Jgmcp5nwFQ9*HRn7{FR5+T@}Oh-w)N?Vv+Y2aC{R^cZgF;^a2I+5X> zc}()|+>iIj&k%l4F2C9anoK`C?DUEs(I3qJ>l?A;sA~#@=kPOXZnzqwuJP``ZQ+Ro z$J2lUjFhhOy1HC&IM#TI1cFRw=6zcGA)V;>Vp@fhA@{*IT-Q+x1E+(R#FgO&_i}>D z=lCNT-1e~R(Ef6F;I25t{=n>Hryyyfi_}DCeoZSmd z6`Br5hj_e})vFg6IY=N%BUv*$p3&9W;UJY2%hYpOuMvmu$zugCRK zIX6&|v6d;6{lIU82z3x^BaQ#MpHIhG8o1ceCxn4#BW;c0$~PdF_B> z)n-L0_81Z(ztUi6H#dJtG}qwIN?XQYe>My97?E1S8a->h%1f2h zG89&={P$Bmsb9WNOvNrV^cd-vjpZ z%+5#f%3Pj)N@>z}T>5*9%R%g0m+S|-+ic}?)bmCW6RrYr!W`N$701t3ala0cq}Y;? zFvvEG#^G@YW5E6>RPvj}jCQq_6ieN6W2GJ7mQ?c^e07W&HURY=U(@G^RWZh}@TA(Z{6t9tgYWmb&2>_?OqMeEH6h^IY@iBG^kWD47BC-n7R> zHxUxxWmG%^6aADJK5zJak3ONPp{(d*O*7ZFoHrzu@dTk0(0C0~(A5eKZj7epfW*?gt+g{eW5yB`YZgUX#PCW>A zVAnt7dP+q1=l)SlPiN6}F*#ONxF68%9!xBdT+|*mZD&!QY=d-mu;%soYan7d*)IVM zY6AgEduH7r67b4al$hpt(y@#iJ7D1l=_F9tQ0PM@J1r>3q5;0vjgW>7`OA=+Gu$>T*Z!=`O(D{UlVds~gl?B3fd|OlxpZxS;9(TwXb*&-o#Mf- zb*+}D@WCzk1re~5*jxkZtGK7V+&^p1%|_dseln??WXkqrQ2OMgbtg!QZ`%(ORiNx9 z*mF0O=gvV%pQ6Eh?!H11#($C6T&z^P@IgO~dQbDTL@}XAnq2?bJ6{)uTNcF0#|eQjE2Tu^B6t3 zajdvp3`(b#;zZKWWuMLb5=jgg?f@Cv6H#hXLq~I%YeSm-*<2V$B;&kvn>v70xqphb z572bip7|rY0IDRh0n@C3V zNl@NLQC;3%f$+d@BPWFh@E!sK9R}fu|JgF z+iTL~9c@aoazZ$lG2gd)$C5{fMdSm{`U-M}z7jn@B?;g&-u$+AFuiq?NMb#_(s%q3 z6-oG{0ZwVH_5KjAgeu{?&0kf6#K$si4@be5ITg3xEJ%KmH%g2uis}})0}5#{iy3~8 zp5=EPfROV5e0K6g>jCzgNJumV@{iR4K>S9Sz%HCnZTH*Cdhb69HdZUjQE+gZOO^+i z@dzdBta6l#0QwHbc>FIEX(FH1%^3`y7^;$BmtccjK1`mU)^-)5RBb-hJOG&@LFX!h zC7y^!q{5oMLBg7c^5o%qBB zlI2n-1!Hm_Ke~n&?E-lCG(jzUtR0;aTw!VNHZsbPA`|aIe<56|LSnVE?jckJPVX!- z{C7nW_N=g{0UL{eIKj9C2T_C)SZa82W>&`n>k%_UX>Cb8&O4Ru-(@+YQ(NlLy9Efj{6GF3B0hJEH5(y&x>Dko{Rh6iGM9xD*@kd&HXB!!Dwt4dIK{396GJ-trT zD}j8=w8);gEx+h3=4N~Qk=R74xe!k$F&hDyQt$yRAtTzeJ{|gX^5^s)K2v%2a_Y!g z>8aP>f~>>~Q{v$8j1TS@1+7a3PuQrcN4d)sKT+cuIXM!piM`fR$C|%SpPf-_%t0E* zRYPe3fZ-kne*~gN6E}Pe1H<%lI@(95oAFDDhaadJs3QHru?%W_+*B&B;@hTi2PFFU z`j4SkOfRQgPw?g5XaTlNS*D~;lik`!Yv6T(ov=j@;#GCHHi1D~&r_;GVP`=4v5}!# z6*0rUhrxvO(>Y7YRmqyzXG`6NLUl-z{aWp(s~c!K`|ah>Dy9J#t^-)c&{LNGLP&-4 zgF?87KBcY?zv;k0oBu*mh2VT;x;=SHSk;>~MUa8$&zMwqF zWOKm1hFD`+CxtSc#>JwwL%?r0?VnlOLQNT03enVxt4=1xd}U>BdHGM4z+CT z1;V@**FA&^L&*y2KZvkL&FBb}6ES*!sdhuS~=M!r-(QIEy?FL;L zSC_f-_48C|)bBIa5ygDye08lLbA_618rMo$Nl0&JLpDID;ROq{n7J2w1p|xL+lD*L z!q#8Dw;`AppSwS&B#m{|nkb^Fkj)h>TlqT5(e~djNj{BOBF8u-Mo@!$fLAQZw*4V>qA(!2 zB1U!TuZ0@Qpt6{Kg4S?SA;S|Lt9?eIaik{orW?t{0)GD`OAS}eHq0T$` zb!6C;!SDE>OWcz*CoJrb7_(b>d?_G9L)WdN=@gKByx5gWG19W*wZSHsHzhzL)5d^^ zRmFkWs3F~;$bg49l_~D7eS3g#8BM;mq6$|x_`Tw+If*ATb1#jk9P>p|e2NGs|PI)$@M%_1e2J-I>$U zw4xLu4h7thozfI$+3V4<&qeI0AuDKTwqGyzvjFw-7Bb$Ee;3CKQ3ZTfZldYXf7)zr zM+4r-=ggzlZ10;R$?rW`5rs>qsBy-g?1zt#8|bH0Ffenv^pQR=`wSSDv$u^Xdv-<% z^$LL*QSDbW0gS;U)ha*V&pts>#9~jOYHi8?yss(iO%rwH_@Gj4;7F%*rG`cqAhI>5 zG-2CErcOSECM4nbzwaC*I5&puTVha;c2sn~qstX|nM*d1`|mP3S$6UGy2OBb0ibmk zwy*1R7Mi_0p{f=sZ}jCTgbt=D0~>D5F0R*gCu(sD=olQy!?n)}MA&OJ{t8P{Gfa9u zA;c+I-|2Z5`ZanGuiK5ji53#%fB*7Ls zbuG}v!fV(OQ_B16{Fr@JkTMsescX<3g;A0%wPsr-7K?7)UaiCZZ!t_EdN12tMxKZv zY&lI%ThOBU&n_!7hN;WzLEP}{W#VH2OFYrz`70!twQw)e@#}3OIl%2Mfb)YtQ;XYX z*!h|KA2o@;JswZDnSJDwd4DPIB2nrLPoo~&@J2O;f_aIyeB`OsWRyg~>KX1BO-p2K3Uy6{ zk@T{fHZqDuyhfAM;+Pbr5XOnCa0-M)h);pdLu7m2Z}_(1gQI20h&gM!dtrZ@(zl!9 z9x)^0Sjvv)%4*Y*$j7}JL;WaAp+Jrk`&S)40x~L!6n`i8)<_LO>Dvt7-za^*MB4-( z@jr^BK}AQ)tLLh+&0J+>N$h+@hG<3n*GiTR8i)h-4hRY>N`vKo7$#-V2{pOyg!wJ# zO*Nvi?6j3@p)op0;>uk)K~FoWLFX+Bp-2N=k1g&;`UU$2jw9Mf(%xiNtR$@WJURQgSe$HoM4kE@ymBxmhZY=mO zcYlb95L<1>{JxK-mVFjEP%Zl9}KtZhuS@kCKW={xnK$9A2rVGgA%`>L_aG5Pr0QbQ^SlUX4EEy@vlKIXidll z5&&?62_{B}`MI&4DdXYnXPA~h8d=GsJHxa@hB=dVOjqk@;53FFU^=LypVEji_DK%X zSa+9r6TiAJV6+ES##=F7EDeJzKnRaqFp@%dhoJ+ioV_}bGI#!M;i~B;XljgDig%f# z5rFh6PipMu~>E}5Nz0TAIwk5Jud^=Y4WyUf%AM%q|<{11`o%zKcP^a?} zz!bI$Kt+k32InP{5H1EIIQo~Q>2J5N)RC9Qk;?L= zKjiOU?XE9&J2Wf=|$kW1Sdd; z=gq#lGI(%R6MR&I(SB=B9J3hSWaJ!et-hbqxRBFC9nT}ji>1-NJ@z~tkrgn9!1z+N zrGi9+QtfPQQx0{; zzr;A6kl|QoE>av3ljwX3y?*XZ4UqknKaM5iI+M2~%?m$*n946Z_Au=vyfyD5WyeO} z$-(dnAEXIR1F?Cz?$XbSV<qMQme&f7V=o0lgiWJ)5LC^mtfdk|rQjl;{ zPbXb?+sKFcr+jIc;FwX@@`f6z!Gb9H96-;P!|OCq^}_FZ=5n858N=#D`QSuM;{uy2 z2a~xy_Sb==W4pJ7ws^DztI_kxwVUNd)#4i(DHU8nKqv(((7*p|Gn8arTDl;~t)tte zk4S#LO`o~UJ>NT)JvJ1{k5Mv(Y!51&69JHVI6AytJE~~Q0#EhZmJ{#zkDFifnhs;f za^!g|F^wM2SkgfNqh-y2-0Asu)lklR{Z_gsZ}-S=2rW>3LC0$!G)IMZ0051H%6iRr z1^@nkqd{~07aBA>JL7-o&x`~NY>e#xIsJbuXeI{M|BHhDU$CIP6WrOCEU`xm3vhzS zgSr24a!06Nim%2sTdbrDGZ-GR9~aZ~PuO6vHsS;ri7Ld8m73Hp9L5xskk%VfDJT;{ z5*l1ZF1)j6oV!;aXCK>dKigApzpdu%9{JYg(tPI7NP+qFpBYX7`W?OzKrqe>i&(Ad z4EaewOc<}kA&lVa*qK)lq6hWp{er^Aw4Cf6(SqH%9M?#G+aX|P5cZ^|rlgAPF!=n( zA?^ad^g~cQYW$D`CqUE=-MNC1pBB-9>emX0_(YYI(8DAY(qKF=^7xeIx!|&I1fYWa zX1ol49}@^xo|OzNI^~B zfV1Km2i^{{0QI%fR#ukEo`LKV9@gNIX2;k z0GXWuu>hI70Hgsket3rr05a+Ugv-;Q=MeJLq2-byx&fjAvDE!Y0jA$$ezUftL6{I` z>+*hW>|~;Dqq0rmgNC=j-}_L4TIh$;gX;8X0SjXhVZ+k7cx^j>X=mN9qVZR&A8iHr>lv%O3JN!BXaDzaxOLPU-lxGs!!vE z;ov{5MCH)&WTRBx1TV>_ntxzP&F#G(2FbRURS+O0AvU~nTh7fAB?5mkZ5vG{*1tQa zb^`hA-XpU_Dxebdh{=8Fd~j;-KdFkqZmCks`iQbl+&JA?ro!+U=CkY-aHP!dq8V6g z*KxHcgtjBK8Xty<`T;*q{O8w4Ybj~{C4#My3~Nygpg9lR8#_awrEBYnptWIw>B~Pl2>E2TQT$qziz+4`vy*4dy1fx?cHnKwAT-SZV zR|VcRg0@&SGi9v7~dF@yLqOL8S`h9aTH>OB29I_jB}C)^{*GE#x4-U z-H+80hc)zb2Cw89#F^xcI!jr}Nj+x=Az1=5BM5L{jU;JxGbWYFZUy-TwM<8uC%Mhl zz+-r`>Mj!*Y_$dbs~cT+nO2AVG2GHj>%2Gg0HsebLGNY{kq7s2%vhRFOT_4Kw+(1eRrSDpxS#XFdkSE0}|8(2U|rkpOX@yxb@ zkL5e{jVq7Q5~0Vfm{3gPRk|EJ1?@-E6@~NqdGAcd-uvD5Tnd9Fkee2k$kAeTTMHfw zm8?4GFBPWaYd(~%6+OqwO!HI`)mRYG>MjDEFwoX zhgEd_tLslDVb1-I6I>*t{mAeyxe6(dY0+jR)9jMZnf06V_;FF$N|#o0Q?d}4s&f@6 zyW(@xnWU#GWtSzJzr(ugc1OgdM>wU{(}_@=(GyH??wwV0gZDIq8O%%^4^oea=k{rV z_kjE!f-6E}9$3sZaJTkA`J8{yGP9BB!arRehc^bH=C9X2sJ4cXG{W@27`o zyG2;`a%mSk1}!m|+~Q%NNJF75W^8@@+1VaZErxXg4RFa2aMiWc`yE$g{8N}&Xj_hj z9Lpl}lZ@CByRGa(Apcd#L^crB2}Hw>RWp(3L7(oTF&(#Fg%)?M&_~D#!8>N1U1!5M zM*~I2V?@c5-S<#=?T)O&w%{(9)BSM#Ira2mJIjft8?K3R+_kNy8=RV86jq^yU zW;!k_eEc2w!DID~E{D-DGJx%`TkY=kxwea2sfz6w)u~8*gX0SF)<5i6fPs%O9w}k^ z>$&^&b<;|Bc??HQ80Tx?V+FzUVT3@Jq!;d`Nl&ZM7!nt1vnx{X>l)}^Cc?bjs3MnE zUEM@$X;7`61K8#dRt_ZxX&Ii~<5<~|=+A?1BwmCbSglhyXcr7NP>8F`!DZ0seJ+`c z8v+j>3Uvd9f-7YMr!yaTx`=Ca8qD!UiP(x4OYu~8b%UB4uK_Mf>OOH8Z&AywUB>h2 zR&M`lmXsA07+s}JhkogG`>Bh(8-||+!1fiXil=pj#Y*j#jqD0^G_FpOuyHXOF2oYT zT6Bk}R{u&xU74K74E51STf+PM(v)5H6oV>X#YAIeDO|_dd`s^J+g@oHj$8-0(*iR` zj=9F(Z-t&rh18wBt4cp|NfoR5tZ2*;iNm@p-2?ep@C3_wfv-C4z80ofRum!%)h3t*2QN4@s{vBTM7n#4(Okp1EK6@F^(S1V+L~mt1(O>V1e)a5MwDnQHn&fxgfR&o zj|kvaZm<`PVw|4M{&)sL>KgW6V@nd<0tWhNKMa*rfi5m+m63aQUz=t1miU1@bmvN! zTHG`1MhIL|`X4Z!F5mh8(twixFZx6=7#>D==?!i)> z)snVfUgK{>utE|-^0|sTh4}cuF!aJOF+yn1;V3`>`9UEm5J`%Q6+1dRLH_Kx&p6Hm zo_^I_cAw^86Ty#5^=DKZ_a)PrsWtL)2z&;jJhBLN`Xi{=9edh=_uvWnf; zLjVE_r1VG76Zi8Y==G!TB|v}x@k0V+TO6gTLE7A(PXj-@*g}z3ks2^lb*|qXGc=iJct-G&lqS?d${=`ng{4 zCnR7MvmW`SMN}t*=Tnxw^bPjYj_dxM^&xP@rbhup_=VpL_+^Fo*#rpL__4)~+x}KX zersNOf^kM|`^7ux^_q~wPNM;_fJZ<<1ohjqi-V^{An+qW^!umb2w1v-1@I(}JU$H^ zKp6W2pb9Sp&<6)L`fVvvKm_0u+$-gqNbaY5pECsT6?-d=(^u;xiv-|v>?;NXv8UQj z1_;o5@fQ;4ZTUtVqOaCRcI+zSHE62F`CqZ|e+tKcMaOR(J7ee0U&6-AU1Y}2{(lAb zP9nYE?paQpM$Q(pLgf8l!e;JnvLduZPXP;t?@*Gs_&i@R2uw%^d*K{71c$QUdMIKR z|1Cs4_Mz=_A40~Z4}2s9A>dg2<)`T$?m&eINsiC{4gni9{eBOqZ2@f9y*kC2=|FBep=ru{uJ|9_y_{x zD}tQY%&@QH5cj@cH9wg8UfF=B&0lAJ|6dq>O6RuK=&O*x*h*lG4^fZ>uy^2iN2f2~ z_(S^-;CSg?Isp{*#z)=Q*KYjv5?)FqKCrD)Bmt8Ek2ba6=c~=%d_I76+_i3zBQ$#Q zH+Z%N+Eq_B2T4@~9GLIgc1Y;2&5vD0WD&GLZYhK{d{fAECRNi|US? zs(>oMeE{%Z279Aw2)Z?V=r~Wetz7XUsMy{c4OeW8uh|g7(4%*7qGR{(dm#e0=O5sB zb?+ZOqekyr7Gl>2(7|7oyIs{PJP06RjQ6&m$AY)ZnQwIHujvp7_J0oz6oW{+HzpzM zAg_k5T)=m~F;S4W)l=SG>YrQOnt!pMmqS$k9?dxPcs~e687(>bz1{;W?!B>k;-6eH0UX{?79ADxIgk4qcs*KL-$)t8>nJ3C?u@Bt$GL$C zC0u94rUshg3(sOUWfTU+ec4H8JB~B!oeb2jxSAI<|AMXd3b&!mRY&Iy3wV>d;Q2N9 z@a_nmKOA1=va&|cFyEM-6N}-OcJ-|J(+$z^Y`a@*(z44u&t!sZW%>rxY!^pd<$@=O1qt0~`_c3}DSQ?Uph;QiGYy)h zt$!!0Zvm}~GSW^hjYMd4c&GD|?VVWdvH*vx3bojjX{6gD2}5wC8w9X^cvJF^Qnw-sEyfNIkiYW6dA5M6<}+R z&G)MB)`K2HrItg|wjNC%%KMCUcL2|oHE0(}eRwE>;_lPOo|=i=gdIqIChS?<@Au*U zb`u)E$=MT}nZW}gWO&lC?xczfsV{4AX{SELFp+$4+rC7U*rC5js>R$v?b01!{Bpni zF^87S*S}p1a)8=&_{D!?xnezq+PgiPJ4|813iA539khMc8-L8co}lFL9du@!8rhBN z$n5nLh7)hs)yJZayO=coBenaHhIdzu&X9^0MVSiAxQQ5x~OHk*LfrpRKH(xAnNyU!%I~<}i*21kTI-fC79{Q0UuU27S zz1_)j36b4ZcrzvOp|JjQ@`7-{e7KcKO)c+xd^^KdZ^F4)o8&4zhO4y}&PavrWsht> z0k6mn+NvUGEp0kEaVJ@kDma75Oa1CE@(=jhpYP8=*W-B%m}2J=%UdCYbh%P-#O06q zDPzC!h-Zpdu5E77($q-7dz~mrK`pO=iT7`C5z*m}x9hTZVMyW>jI>oP)nqEh7uNA) z*oAsU!DXZBJ*bTmr?^WN|y8MZ_fSEy*_Dco#cqulF(G^Jwf8| zEJ0G=+um44Z04!DCW6+|Q)#4rNFG+A`}&B`r+oXBw)o>@&1}{8#nyY@CF1tTkNYkb zvzI@c^&hwm&pMmJB<7fhXHY_&S#U@#?`RX^0oa5?Akn-zFFV;Gz^hY9b|Yqm{ZUU? zq{NG=)kL}w`)sGk-3D%TY=`KGVx@jglzARr>6T5KQ{9|b(_OYrin3~=TA+bD9Gq-2 z+lP*Tm##sLtZWEzI2+Tbzt7psI!&zT4Yi1M9zhL@?WRVH)MP-KlpYX8tUE6n%B;mK zouj#Ew4%}6*MF3ahh%M=U&kuum`>n`Ydilql^8O*sWM@SCG-#m_Y#r(ue^JQbqr2Zunn=*(gFU{U z*9on)toVcjxfx<`sa-&6{IT?V;)M&|IrW}HHwkxv;>=4TB4M3NCo*ZV=mF0Zv3<$U$-4PJ5%vn3tZ8hJW zkJBIB^jRK7+``-pXA)znK=tO_3AuQuI$xgy>xkq<>HeA@syEB7!WN~90#_ItSxHIV zSB&n`_+~^-Q^06Y4Hw;hDaZ??uU#Tn3XqwbV=u8zmL2zB}3 zWS&TN9+s2$9-rLDlornP2-75!UR)xJaTOFsLNtM9w8?CN7te#9_Bjay3enq956ju< z_>0`uG*x5D``s^Hyk;{!pX?&^cKO{g&?R#9(if6w@7<+BA3~1y5JNvgv_&RmK2~Pf zOTJrXy&$f=gP@mR?rTl7`4KW~dct%L$l@cLgHvpA(B2a@=aF5GX3i}Ls zC{UnUWnpocMR{u>lE6p}@6ZeS>Lj~T)K)Q{CKRT5*`Cs5=8KB1F}eIt{KKDL1S~&5 zuFY&jb-7Iq|A%Z|1@iRomEgnX4BkPmY-VjtR-r?!s>Xuv2kqc}eddyO*NWU-~>_7LSe35Z>Sy$251K2 zHH=_O$ZlvI3RK6a8bYtRzsgzd2(aEO8ZX{vi5=gmRo$;Rn=3PKh@l!*6MFrvsa6=8 zfT(wyC1^DggNJR@{O=pie-g6b4vUSIPRp>9B))Hz3USizM}Z;!ZWu*Vvp^C zZa%$D*>7-=55(wP7~(<@ zum7q+iV+qP5#lZ$0Ns|iIdE5|kE;@?Ko+XW27HzqQt46y>`VmFgAaz|Q3#t#Fu}El zDn~{YFC*z1`bm81cww>(jwu2gGv5+hSqJ02X0= zo>8HnJue@uUBC6qCV~4KgKKi3!k0$5~-6)O9~Q6dr> znt^%B+Y09Fa&y9>P>7YLp*&ED+X>2#K@&5LT&JbM;85Tf^xUJdMcH(El__vWEx&GQ zDF8Nm6V~Z8u#*}iBq%n=7?sk4Q7>|U1<%`|fhHN82ZwMO_QKnC5YH2%Hb))~To$Td zkD0Tn`jX=Lbd)O;KRtDMIU0?fJ5|2HaqI+x#cgM!<$Z=(c^sZLK4=TMf5P_;keZ@m z5gu%o^)0usj~z`D^-B{6I%Rb(vg7VYO{I;uvo$+=$6usW|#Rv8Oh z_bRmdsBNKQx%xkieFKnYO_OfhwmEIvwr$(CF>TxKp0+h@+wN)Gw!3f7xBLIGH+JLR zjd)MSTXiz4DymM_IhpZfRs`aK8jo((b)=>hkZ#em%?1rn+YWp47Hj+bW0#$ z1?+_mN#eJN7+|r+($;2Q@mkA>BgmH6{VEBwkAQ#-mq%2JnJ8tpz0D45m=p&sLfv(C zQd$b{kv0l32J`TWaAaChl=uEw;4PB?YbcXU#CoHErDX*LE&r={PDxaZZf`9&$h%Ug zpZi;8EpgQVa3@gRPpuDdI&2e4{!SbfYX?pSnw(U<$(F}5xyKVdQQ`=<F`c&Fz(rRv5sZGnr? zh~29?N7(hT8lWZ_LTQ9Bl)T^+BW;&-^lQcvL$N>vEzC^T=R!8W7t5E+MI_#m?WnqT zBxCf=?@t?*pEmDl;%pr1DQ$dal?^qyaqNtj3B{Fp~>MZILif6wyX;R$z&3yM@ z^;EZfr}Ju26<3w{o_yJskX;0|;l{hf+U=PGwoHeZdnZA32efN>3yX1NYvF6Cv&F_A z&r+qZ-a0`Avr&(wehsTSBEL^aq~|C5>RiIte_fv%1-75;9>%VQ9U@e@ACm%`4aYnA zAqqX#M35ZBqk1H$#NfaAgDfR>@!#vL4@V6ToIN1c45W1<_-wM7Ny-nwd0!H(duwdQ z5T(GQMbTHqDAm0b>vX}^$fB%L)rIeGV@yZ*4BCnWA~89!)uo{%d(y{+xuMd0AZReI3)Ze8@*##+sti91sIlK?! z%#M3iFdMU<4nf1DpF2~3ph3K2nf#QtH#Rpe|j z(klO*9({H6S-VT-wOL1>0$gu7mF&FjC*XrE+13$#j%?cymdcgA%Ofv9Rxr}0tiY)y z7f@k#sOnC5-f-QnnceZP&auZE!2-6dw~zw-Ff4WSnu`ncb1+A(@r-#wGr-^kUJ(*cKcU2%!Mj>LVzQ>N04%ueGcUda19zJ0@(Wuyq0XiV>1q=;1U zHB=Bmw(I;!5h;YH+I&0X4o7jX6OPOH`{|3-bVwv~d%zzMJedJNF9AtDnmnL=H=Z{D zK1~3A*~l`7y_Y0kAi z8)ejN>CIO|i5aA}H)pEQY>t^HR=G{bJ{g_#+bV?eNF%uFT5k7Yb-mPM|oY<=+Hz} z$N6^l6i?_WPwB;YsAPv8Q4QRHHaSg#lXBE?;xGt$iJ2+m_KPrie|m8SeUt--wR$qM z?s3=s_^V*$(vK%0dpwBpv$_ zyXqkTD4&a`>6kYpdVJ&UDD75Q+``A9GcNBVT@*!(A;vU>QMmN)8015G8%f)BjMIFC zuIq8ca-?m|iqh1QnYs+zAFh|y8BR#`T*pG488&%iYT%fU!?dgq&zTi0)Z*Pqjyt%d zOu4Bh{mFREy?@KUJ3NES3J+LWbHFV(%*Jx$5yUs#RiY2Lzu8_@bNQTF4dq;R=k|n$ zir1**i*4Loo~6}x3GwAK0ohFF?Y_snj|taA?v~?UIyhHLtMXt~K1e5NkalcvaXs1( zMH<)=cP#Nvu;N({!?v#Q(z9IQ%MNATYEmm2O(n;9{OrwJm2I?to@uMS@m`F{u-x)x za@6$8X;a3^j9PHM%;!sn3_-0`{p49rq0oE$_8!Mz4ORkEE}IL9pv}h;OjxLA4Dwy$ zJASA#bP$R3itGQ#v@_hYh+4nJO_}vM$}+)C2RW298OdTjVm>r5WR0$>tmwVR+4kjG z0YX@=|I%1KMm1$~L_W^S|1|1g7sLOhbbg^_Bn5PoCahMSYk9<-Sn#V0TNIy0%%u9F zXlAvv&?J%eH{Nu^KCg&YYTcvg`A3hB@~7cBvg}tRt04N$94lwpU54hFS)#OQVCYZC z^kP{mp_5){^r|G9<$AH=6Y&0ijHtrwfwuyZ4)uC~{MbcK(Nt~tE$?WHCR_R{AW}wB zwZ1izoc;`6%xV)Ap~~XmBwLYXJtt}a8@x3)gW;W2C5h~i1Re;cUs{Z2;(gGc2=B7M z%Yy}NSIb3ODHt5UUi8_C@&Tg3ety%hhR{yOD%#33Z9p|fd+DeG2bB&vN^KRPpnl!v zFBSu%EoM(5z4tkF)S}n8S9Cdxl3L*uOKi-tW_<3ZQa^=5l_vy69%J9!ys|M?Q6E?E z_*Ja?y{^lpd!cCg@oUk+lM5@loAz?cb;8{@8;jvhC8M~f1n+JC(^nNMd=W4w63NmO zy=zRr>aqk>np=p0L|4L0En3RG+HF)H^$*85Fvl5r0Xw-8u6T*_bYxR!CT`5qcr7d< z7YzA7dwxD`?xtJ~x~0z<>7lR{+j+U>yJO4?*P%ax_j)QNq-Ue0x;|1)Byu-Gd$ntp zkAk=AFnrP8se7f`VFY7);gdx+=z_5ksJwsQS$~Shm7ubC5jLc(-$zPzUsXW5u2f#3 z*O9AcKoZMLC^n_vEEZt)Z;IpU@*rP?CRCI%gg~mnpy^WI28Rw?)vOrH$*;J+!Owx^ zcvRWPuW*gLR};kC%&GIKa+9b5?W0DZl&qJhpJ@Jp`ba8ucP<_I{eyque&{M+i7+SL zUv_kC;~2B0Ae){yx?=^PX00rJ`6XG4yeryLZatEMi(8PWPH);qY{w^(bq4dEy(#84 z1+j7YGFs?OcSHICJf;3LnxYKQIYMLYcrLOEh-B?JT;cGza$w;lo9})&tSIy%bp!4%ceIoy0sGls#|(UuM)u(ZJkRk4Hq$pt?;-rC@(T)%s7pKs4yW?a@$twLTZnF+Q!bMN2xZ^p#HeUIm36 z4lfNQKBqntv{lTafRBO_8DM8FZT}_J!RbyB4>RW%DQPdw(wT;|&>v1wPAlU&rf&== z52(Iu$sBwPjb-ZtPc?~wl{i;s5xC)}q`^^p4#EmnHB5aiNLdkB- z@}V&DeFCg)KTfo1Z)OUh%eT{OVL-!q$`H`cY2=kxUcyTj0a%ZG@`=sNWq}pgO~9us zW1=Ny785#gyo<*pTeCFFFCEoMwF+d6Z7(W2{>K&q3amkfNnJF$!Ir0TySIW4!2~)p zrIc4D;i?g1UQae+Gg_f|25mTn0r~Yz^ZukJ1eotxk*5siV+G?4oAV$bZTHz&4)oaQ zK?-76tE}NFEb411`}+jkkNFL$SxR7xG0#v7yxfVF#`GA3VQGro53MmZrrEl**DJ0+=aw;s;< z)r~hcN6TTt9%0`yGCN&rC+LuC5DL|JLDSNCnK@h3OqY@;APmr7O^D%_efigAgExFt zbJh!0a4e;&0#_q^fX}dm<5(eEiNJnpKJ+;9b{TSJ%_Z>ATUP!NnRj3;HVvA8_J`5A zUhc5EFo|{G_Z1{nwcP--|GJ%JN#q@L8BMP~{Iy%4;GQ!%CN5NM9lkmr2u5+ZliYI% zOfDfZ|CFVGRg*8yRh_og`6=>@46@|BxJ$>^`ATb5=P-H8Jb110bYjKHao3b^()0t^q@9aTq_688PKEFF+4=y1=LdKqeV#nP z&Q0Ap->|Yx!|f>_P}f;&uZgS!Y1Vs8O8FBgZq5R|og44*F6#C_c_F_z_0~JFZ8baZBVcIf6p+>;8?3-nQ=x-@>ad)o zw06I8c{gAn4$qx@$|@`77f)c4nIrIQ0Ft-aDVDbYPd4(q7Wm>*JDS+KDXwN=|2c-> z$Dj~RSp&kFK!#|`3J~)9;E_l-Zh^wYW{3vpxLr;NeCi?3EJYZ$ zNod_MS+cm}wD0kVPj>IrWy~fsif+37n}D)XxdNWLH-cAQhj)L~c?X-)JQT4HOejbrV_j(FAc=w-414%;$Knu)>O; z?*iyUi%t~ZUlYBN38Zg{Tag9iH1*GJKVAW^g2_21#9n&M`SS)dccJiE{p|Bt4m^^Z z3QGZuUg@ZofUnC?f^fo(CpbOXXF_a%)`yO^&9?MM?f>L$zm~0Q`Q0$p`YTHYYbPu{ zl7W7o!uQRSfE=&uhZ|2k+RsTik0<`|fW}aVpTu&rGQrWZ+gJ}RGxVLh3o(En*TS)d zRA*H1qek%+El{I`70ZL5htpBVxdrC%RNGjVPK!@LGaZdWkWfz%=)fqJ;`SV=Yv9aT zb6DYwd^z;;W4@EpZ8kZ6i`9_yz;GCc1p6lP(nB}!?lcuV;rbe=4 zi_n?!+)h0qMqFINSL?oIP zi0-d(p6*{a0Pymn4-^VYiY0Eb05id{Nl52u*V0@w|NG>2 z-dUwcp5?ia@kD*n+Jzyk$f^nU`xm+|x8haq+%CR7#FjCi)5Co*G*?`cbi-xHfxmz!;Khl4PI6&FL1k+4% z|CW|4c*>h`jU!!iZdScKFGXA27B3?(WKz$VpqsTpmSZL!r*>w`e4oo6RNKhuT7ibV zPd%vQpoUu<1BuOxypKA--9|NX+wZn>Q$wdT$i3ooMbg=?dMNyH2zUi3s=Rm2aDl%h z0w>)zqsYcd5<}O>bd#oxMWfou7by?nyNvJF@+%_duE+$hWil$#qS@)vM;*I&x9B7w zWijo#p7i0JC%mw+lYXdJ^`_(t+>C|&`hP;8ePhZ9> zk)7jzM4&OTaQyG101`d87tYX!Nu(qmeLi9mTqaLk08_mdlf)@GD^yO+E`~(D$9w z1pb`aX_LN(8#&76jNs z9|G}pzw)}x;47>xkKq42ZX!{z%@755@r9MdP{ODm$oX>RYX1oX>X#D=*S8&p!hc6* zGw8o8s&u;*tHhnRt z-S6}v!Ozf(7^4IFe$&~w?#ON;3>iNz1V!-y{m3lnA;dmu-{r8iKiXmCR#_;bW{<18 z45BpKu?>vnT?zMQwy&P2Kk{eXi3VA@0l@jcbdTLaKJ>An()UBTqK6f|T|?FLD2%<+ zn3O@s5OAQ*z4N)wK1~3$zq}M+U?mLV^+EQ4tjYoDL5Ss*R30YycIkVK8I7*5rjs4k zeCyG3ZZz#%=y5`fo=G4Jk9lZb_0;(5td8l+!= zV0mgyi0ByQYb0s!yP}ZPwBP4Y4+Y0LxN>YW#0&&^eaytcw>-PL1n-6<3?vLUH?S}v zuiW{HH6X>Mef@~-JSg&YVCBR9qy2txqal#o+!DoGzb0s& z!CYy6K8Vd8k$tb_w;G9ww14?d^I@fN=!IiyDVL?_)LOpB(mbbB@VP?Y{NT>=$A-ic zyX!SUKF#FzSn)ICuFh&E9KycjlFLD47%VITPGr&-m7&8T%&UUO@g@1Hy`m=gkc7l0 zXs_)`wD1Jlo!{oXd1yP5+IB}$^WwTc2`JbJ((1S9@?gYPVprco>kN%1WU zE@iU?U$!*rfMVe*N5uiX6%xR6 z*Di6cB3R}Fdv3C??CrH{%U;2la=5gH0)Bmm)X8)xGHAF+c@vlrN=qfih zCvCxbOC|SeM-yDj>dX={GvNtpN|1G=dcV$MMiY4y`r2a=**B0hnnIqK^8KN79b8JAxBqV5vAA(YIgmnRgJfp)+Fv3N~pZtnwNZ z{tZC&jJj!C6rL{R*tsry>-khbc&l0#qK29dHk!h^C%T~~;##10JHrc2)WNZDN4may zCD3>Honq(jS=W+O(>D$8dmX)iOh6k#ZrWC*o;tmU8&FDQE)$zKUD^A$J7sB@*I6#n zeL5cu7?1HvHQFkvjHg|55Cuml*!gZ(z)}xn_03KuuEb_~+IGr*B!ou#QmKUed_j-f z>&Fj9^`RX#XQEjYoJLC0sn+{so})`rtw9^Tt?dJK1kdPZ!1`KdkFDrk>2cze6jk0s zrt1OcNZ9U%{HV>E$Z4#%C2mJMvxA$ktMb$B~sFV>(zUT?kwcP3w3sOJs+lyVz*F>RF z-I(!$k4dIYB~5<2V=d6OP|s$m#s*hB|0LOG4z6Ku>FDkX64eN4EIpH;E^<638Y9}< z8eWZ$8XNwl#s;h>@oVfy_pLM4PvleUP(jNsn7VZb&Q@io$v)DxiSZCCPTkN?!JIo* zzEo+}gXXhRfY7^W9IncY13+g3ypi`mBt{ZJVKy1rk&$Jt(&9DeUXRGONNB_lyRb>F zN_A&BN8_yxNFTObn>u5}hofC1Vq}wIxD#=cS6CC}`xy%tW_KLxLVhETZZi_H`4jdP zc@a5?QcLV5$EyS&t%6nt21AX94yYJKU%r8nZtXk9>OcnE0S_N3U6+k--i;ewo!~Uv zJL5Ab`ToeE4Ub*bnaTHwKn*!D%v741X{?*?{44Z6TH>Jis}N3HVc~qZ5U22EI8=() zDwo5X#QB=>s4^@$^XI^jk*P-L8!PoN)H72rtt16@t+^~8DS2(5heX+$u?s~EC!GEKR)I)BmWH8rAA#v*)7x9<1fHR0*-rE^dec8)ycj=)KZth#E&

      z!Qe&x&v@z@cFp1GhB4fwe##~Uz8*6Buc z)Mo2>iFzj_JL_js;@gi7vA=9T7YcJJf#K{6av&*QJbpM>BwLMcy_1&<8cU)kp{uye z%ttEu)L6~>c=yT6yxmp$6yZLfi;%TASYd+SrjzFGD48iLzvA#n9)t1d6l&i!#Ln7` znp=E)2AjUF-R|ii^b5~w*(i)oPJSPG-}G7^ik*$4p!Eq^Mx>|qehfI0 zx=7-drY?B2GL)}ZgZ4mv%#U9DoZ2e=uCnXY3a*8R6@idcv6c78Sco!F9&BTW{Up>W z6vN@Am)^KHu3}0SVe0xw1crCxi^zf-J2>Y&70Ua^o0kZuDZ4cV&ru&U|0lDf`(on^ zRCh-8{+_Sc{_j4irC_2w90%zrhf@c_I=dkMP;=e@A0;t9j3Zr36g0fgA~f}$44=X( z>b{7E8yoRxp=BE$m!f11dq~5}mc1y0{!+(6R6mIe&bR145)}C{mF2%FZYrkJ%Udfv z`QgoQ!9Z1J^&w*|)h_jWQ}RBauzXq5BpR3*27^odOjDTiLZ!O66VV#ZV=MyFxCWjA z6z};t4&Awe3#a4_i!(F%jjzLux4?YABZDVryGDVTlj(tMF5RfCvV~|EvX`~QaNaDd zP9%R>pt_dpF_u3=?w#KQncifTd*#?!JaQi@OxTrc4kgv22J0+8{yai&WvZ0XBNtYO zOTXGN&O9uhDh%^g7Ij+*B;2AU2eX3nTpKJ$b^$6&b zSYg^8%Qeqx!C+IqhdRhs z($gGWu2Eb%zB7uWQ|$7<9*_K1EtWy|)GZvGLx-UY;1^!C*X=_N$FOj375K09f?&s^ zgim!X$O9Jn?sF}Z)yg^+?aacswFx7?1>wLf3>EiObGn>-Fi|}h6yf+pS|C_a53Fh} zzE4~)+!d(Vo!3xnv-HzYQz z(fnZ_O&*L#M$XNQd{leTmY1wCeaD<=vI$>i^s^=BMmHNOdv z(Y8CBE$92-Zvm<>E4L6N*nENOukS+rPc|saf3rae*y#T=y6JxrVs4`>V^>Iz(0NDI z5h{5>7;S?@uYv-3M|eNV`l?8%E2&hn8L?{$Ss0P@y}smo*T_gNqK;BsDGkzO@^Ms+9h zsjB1&u!xq~2H+Y-;L8t@iRs-(8Lg*8yc-~wfVl$Oa);LfHNO%4k6i^@Umus-1Mh1*zK%J3 zF|y{bs+AR|mTWj~$!BgC70{}R)q~~K%K=trUrUBl?kjQ&2n+N#bQC;rs-`=28n3A- zSOLmjS;Yg_f54$)t9JQ!fYD&E9bxIIE&rqe;l1&P@b?BpIcK8^k2e&YPFLqPN@37V|(gK_T_gt<=Gq&V-BHL>Lof<_8 z&X8mZ0fg!tBPWY`)g+mzK^nRiZjg=cG;bCaiZ$gy!*cG!aQV(6R~44Xfd965UO*}< zfrVCz8CWO;`(ZHEdW?;R6M9JU_-hXckJf3Zw3}MJ1c(+h6i@6cOGG$}TrfNBU5$Ym z+v8@wG;&&0Z>sNlL)>AIoXqel?;Er7a*5gHI%D&P3lf*K)7|X+fE4RC_=ClpmEut! zYUrA1$4N3ilez_+nWU0%u$8n(Kw&HBDk!))=v}dhX*3;p3%R`e2fh+-CW@JnhF@5Q z>uX8gaJ?_|Rpmhg;lzl&NfhVvfmCGdMG+k z3r8ns0(Lfze>rXlm>5{t{&-~MTYA02Xu+ww+1wCNm5Hlx8AIV0%(5_h z`ZnW_IhAUclCp`P-+9oBQs#6!9cJ$22^z&CQq!+8F%zgl%zh9{Llf;7U>MBt&mvZH zB;{vd_mRY7mCJ}KhscRACtfoT7|$#q5$nj=8&(ntB9EhXBn?=4bM7V)PxSpsPw>r| z=tTz82O?{V3&>AL4RXLp>?N1R*i5_@Wt2q;BdXJ9Fk%3f;4nXwcYiKqmW=$F=gpq6 zr|yq5F_^U@Y!+k|_0$+d26uvCT$?^0 zDw!bV2Cz)9Fd(3LK7jTVvp!6@qbb8rmTO6=<4FTog)MRDvA&6 z@@I^&8|g%{dHNFwCGmPavzP(JJz-7|uy;*4UIZ+__JrV%2@+{p6pd)GZA^{%FaQ?} z;T)mHz`tN9^XW3kgk<#ikq6I9OwL-WZ!d*m-;NCQ65X^(4jCh#& zYq7;<%mch;R`kL021of#AzSpp*oBCXaE_P$sFMq!u%_g7^bJ9A^bC#NY&Mwjyar}5 z(Dy~*AbP&;5N9N8YvAi9j`q8IZ@#^lZQ0hODetc^2|fu&XI<5WMga4>2vEdo>F}o} z-@uN6m+Au!71|XK9ysX6GYM{W{2{*o@ue7VTAo<*#L8Q#?tg0_i(Y=M{^0 zU~)s>IU$7)~=EX%FSY^Vqea&q$$P%7m{ZpE8y7=@Wa2 zHeca=Iy^RY0_Y==D+GAWJ-k9EVBOPJ(_0&~=M(doZ=9>ed{=pu6yiDzkB%B8p%+b> zd%V5E#0QM4ty*X(7<QdRzT%a^2kq&Dd6u9c+XyGU2e=FHvpoF!Kg_z8go zMi@^C5y4cBq27I>wUKXGjVo_yjqme7L4mqS*cGnGBUk2)@~dpfQpi{t8WY&SQV09{ zBm;pc^<`Q6MK}MYLIqpEO#UvKTGmYPC0p3aH3aqFfVCH_iZ{Msy{Dr9UPuj%j&MBV zY(mqgw4Svo)uI_(*9`f{9ulT(#_NRNWFD}`i z!tN|wgxP7}yJ}$fF3kB6Pc#dI!J*xaw9v%wD15SvG_KLW>2I)Vwsf&t+Hn11#wgTY zgNuRoF?r_e`s@p@mIA5n@$cl;Akf(QC50D2zXY7~2?kg4;EwE!#aKhI<(d z`#gskgljo_6TlwllNe%0$HB=gyx|Qt$5Wf5<@nG$VokQ-&hp_BYd_IxzmmL*y^;`* z!lsqkCX6B;NbhYS7(_Atnac?mzxV87y)LEf=#jRL<>-*VeE@d3KH6T_Jp1Lo4v zUdFCfUgYoDu2N57jN2Ft`6DslcVJ4AGQ1fc&hR^a+pwnix0}+1Tp-I58)LoC46zTo zmwBl{xTb|(yJ$D*Z8F4OBblI{Vwg(OifmA{NVB0!tP|U2isdp{GI@5w3@dD6WH^Nq z7}>&0JRsIfr|`b6rOz^X3GIY* zNgmJN^ur`KC-=7KF+HoKV69bIAyr%v)(cIc4f^$V`nfG?ZS{rH1lx=CM%oe7jeM|K zR`L+4czhyi37%si!mIIE&P<^d#B(&?%O0th^7srbz57QrCLnx==l}Q!Hqj62E!6gWGLhe!1E^U(ZYUwtcx|;P1~Dtgp}v zsm+*jcTj{^Vqd*Fjm98Foo~A_kzP~5_Wufm8Fw-<9l=i4wYD?y za6E3wj;8}h%C?tfY)@W#+rDMc0JAbbBVn-fa$z6QzK?(Ge>rz_5Bd>&`KHuYbC3EF z-BlcV56e?9d>@oEN7$K{dSBntjy*?}p~Q#KS-edA{KQeRY(G)JcAv88+u1!y<}A!N z%g|Yf%!w)Es5t}lxjFB}Z5(}fRz4;3LH_jOtgJoDcbt^cIKe0MyDAf`l zkDcyeD?Ao$=~Srd(9r)JgZNPX zirG~^4>n5CY|vQ8Z)!U>V(cF<`t-WicyPSW5xOWHCBtyIaB31D-V@WQZx}B$bwdUR z#+BI|%f&mAA+G{|d&E|DTR-#OO2Y>zT*($DRUC6Y;jLQYHP_fQ;{9I0;pO{y-Ytpn zX)P@ue728_N8+QTU$46P(PC=jtQ-M1ZyK)DSnE)Q5R?zXBI@(A+2#PRDWQYY-N~Ds z{~+b0m|ym+JGDnNmaN>OP^)}L@-HgXY3VpNbSLdlk9N493%|~6tuWJqHwg2Pcz~U5oKu>6UB{okFmqJ2ch~n_ zo)obV8>Nc^XGDyqHMB;zd*iFAIUsxQ#$NGbdHxBv%3#<=9}azXS?fBM=n!|{3Q;|a z7N}!{V?QwXCUw-rfhA+zzoYQ%49C4M7S2q%ChXAuJPdjy4I&lnDL6~)ENIW3{6Q!7|I)=4%J8XXLe%NN3=S3Pm+RuQfr}1Q#NMWfMMP2~v9?vi_eA;d48! z3WM2mS^6nfQTHy)Qo+#V7w=8Z#2Ny1$mUuuYNsy=gGGu;ljYCDoG*w*wu}^1EaV;i zh?1c2o0FQimu3Y`Kbh&}ER-u!{}UD2l$JS4gJnEfPNK+4s``bpkrq={ zqKYe`+f!r_HQmkRK?BX%^uG=I}tFCC{;O>CuS>wG2E`qwiaTzx}8Ij@UFf0H>5OC1)7Be zIldUgX!l7na?Q0Rx$|kDJlM638kDV!W&6}O3*<5~QfUM;_47L-Y{#c?Z4@+~fE{fC zYOTRMo%)`DMdbm?We2C>&M2wn=tX6V(8$yZH80%&!gartMw8&1{NWd`2~+P71+_4K z)rEEg8cPcD{C6vck(KekSTXXBcE&D7CXNK;_Qs~lCh9Z{w9NFhjEodebOJ8U=5~(c z+DvS$-xr%UJw3h5Un23BC{xfWTR2;r{9m`F{@yY9OC0|a!~eTz_qXWumuS;7e_!7Wg#X_Ar^fZ)|Ni0nN7DY^ zb^na)UqWL4Zt$OO|7qWZf=A%y&FtE}y(zDahGn3KNlYR5a z*ct!-Sd<+N?CnjA3Ft%(tes4t=;W0})M-UstgQ_VY;FIpl(M;n6T$cIKUR#IK-I+2 z>APzJCRzq&1{MxRRu(22Mq1W?E#Q^TulhRN5x2IY~o5MY+`6(U`s(@WpChY z?qp&>;QF6!u+lQoGXG_vfa2x-`|$k5AuuxkzYJeS=6~6}4D4+GwtLyw{?qLJUpR}B zRb{N!znw)_HEBkyan;PPwV>mI;^axi5*DjUBfSy>OSO9Eo>FgDTyv|J?j+!zSZ5Z8 zlXr>M64(fNBq%`2fQm};{)zycJqdw;CgkEX85p%wK$hUa&@Vt) zv=owYeTd-#aitXfr9JqH%;HLtp7aCeWw~_(*^r|m=C-8fVL&2jL@3aKG%A#*fhm+K zgrs*b#*dx0s(4{KJ-hk-sXS7fW{EhUr5nuhMBo6l2*?2(chwQlIc8zPsqrt5>7IvkhP z`NrpDu&eU(4!#7bU`I{BD)_QDF=BVcWt#VFengl_$Y z;93-%uqB6AaEa+A)4;3_!*N;goP7-M1wW z|G)rs6b2v2u{z6mlpwB$QIVQL*R+HKiDX{R`)P(l0B1o1Obr-3CdD|r#F}Plq z;IGKo1KLBM2M0X_x&Wwf(T4YKrDVsJdb23oT_ue64MPjB_l;R69|ybw$MlwE(A3K= zNLsbw4@qD&LQe8r5vEmRl*U8GHMN+OjAzbkB7fk((w1x-uyKP6$xclQg=HaaQ(+wO z6=Sg>PIece`i11tDB?^M+Z=wmkE@p!G!LGW*-LLS*y7DKnOt;bpCXvET8V;+g_f3E zP)_tx%e0W*r#pM}8eM+v3?KG8MJdTn(A-T5GL0Ev5G}){CR6*gSpAttskm z{T29EC^jnJ;paK`gl&1TrcLS&gyx*2fm@*`J8Oj}a{Q%qgjBeyv)Iy{-%8iZO6*czL-6KK&BFtRf1K+!2#cz$a)>$fJV5oj?GFcC0(S1Q`sIe%CF z&1a?fSHjfpyYzSS|639!(Bftkq!$(BU=d(tVHOc$5D^ukXJue!6k=x=77}D(5E0=e z`2Vwf_akj$Yxcb{va--;Dv(8wRaszd5h1_Flp!B~lP&Be@h^k^xhs-J*HhK`&cIjM)E9ZY8JM;&ex6Q8Xb zO(v$Ttq(r(&V@mZ$s+<_wh0vkV*;2hQnt{uq_vpb1ZuKB*4vK(1lMyO$_f(x=&ae#0~KS9+;Ne4vc1mcpI)B)qF&uHmoQ^3J>^q zys!s$JvcSNTCc;*PKqBj&)%USB&rpOvd{dHTk9e-#i{Ws2|Z+WJQrZwh9x?45qcI# zNsom+SQh9JKR!D=t-mil09Y>q1{iT3#E^iTMXbvO1Jn?EFG@?`zVb_umVvquEf6Z{ z#;MZ*EwJf6lm2SeP92n5FU}15Nww())>f%!HcuMj{D_u5p1q#{%d!I7xs_@NCBmS&_Ze>wfwM`*iJZh^ZJrJ zgKaU}LWOO6vhhBRd+V1F>A&RjrNp|i-YF|6Fw4~?$9k~#*_$xR`S2_=UvJ=ZiEv*{ zd+Mmv;1P=sY?otB8bBpufpP)EBbenzddfP630IAC4_3Zj_scvwsJY<#0bd~b-&M}Z b*}&1+{rmk6#lXSN!omtgLLwq33iW>gjajw0 diff --git a/krb5-1.21.3/doc/pdf/plugindev.tex b/krb5-1.21.3/doc/pdf/plugindev.tex deleted file mode 100644 index 0bb2bc52..00000000 --- a/krb5-1.21.3/doc/pdf/plugindev.tex +++ /dev/null @@ -1,1020 +0,0 @@ -%% Generated by Sphinx. -\def\sphinxdocclass{report} -\documentclass[letterpaper,10pt,english]{sphinxmanual} -\ifdefined\pdfpxdimen - \let\sphinxpxdimen\pdfpxdimen\else\newdimen\sphinxpxdimen -\fi \sphinxpxdimen=.75bp\relax -\ifdefined\pdfimageresolution - \pdfimageresolution= \numexpr \dimexpr1in\relax/\sphinxpxdimen\relax -\fi -%% let collapsible pdf bookmarks panel have high depth per default -\PassOptionsToPackage{bookmarksdepth=5}{hyperref} - -\PassOptionsToPackage{warn}{textcomp} -\usepackage[utf8]{inputenc} -\ifdefined\DeclareUnicodeCharacter -% support both utf8 and utf8x syntaxes - \ifdefined\DeclareUnicodeCharacterAsOptional - \def\sphinxDUC#1{\DeclareUnicodeCharacter{"#1}} - \else - \let\sphinxDUC\DeclareUnicodeCharacter - \fi - \sphinxDUC{00A0}{\nobreakspace} - \sphinxDUC{2500}{\sphinxunichar{2500}} - \sphinxDUC{2502}{\sphinxunichar{2502}} - \sphinxDUC{2514}{\sphinxunichar{2514}} - \sphinxDUC{251C}{\sphinxunichar{251C}} - \sphinxDUC{2572}{\textbackslash} -\fi -\usepackage{cmap} -\usepackage[T1]{fontenc} -\usepackage{amsmath,amssymb,amstext} -\usepackage{babel} - - - -\usepackage{tgtermes} -\usepackage{tgheros} -\renewcommand{\ttdefault}{txtt} - - - -\usepackage[Bjarne]{fncychap} -\usepackage{sphinx} - -\fvset{fontsize=auto} -\usepackage{geometry} - - -% Include hyperref last. -\usepackage{hyperref} -% Fix anchor placement for figures with captions. -\usepackage{hypcap}% it must be loaded after hyperref. -% Set up styles of URL: it should be placed after hyperref. -\urlstyle{same} - - -\usepackage{sphinxmessages} -\setcounter{tocdepth}{1} - - - -\title{Kerberos Plugin Module Developer Guide} -\date{ } -\release{1.21.3} -\author{MIT} -\newcommand{\sphinxlogo}{\vbox{}} -\renewcommand{\releasename}{Release} -\makeindex -\begin{document} - -\pagestyle{empty} -\sphinxmaketitle -\pagestyle{plain} -\sphinxtableofcontents -\pagestyle{normal} -\phantomsection\label{\detokenize{plugindev/index::doc}} - - -\sphinxAtStartPar -Kerberos plugin modules allow increased control over MIT krb5 library -and server behavior. This guide describes how to create dynamic -plugin modules and the currently available pluggable interfaces. - -\sphinxAtStartPar -See \DUrole{xref,std,std-ref}{plugin\_config} for information on how to register dynamic -plugin modules and how to enable and disable modules via -\DUrole{xref,std,std-ref}{krb5.conf(5)}. - - -\chapter{Contents} -\label{\detokenize{plugindev/index:contents}} - -\section{General plugin concepts} -\label{\detokenize{plugindev/general:general-plugin-concepts}}\label{\detokenize{plugindev/general::doc}} -\sphinxAtStartPar -A krb5 dynamic plugin module is a Unix shared object or Windows DLL. -Typically, the source code for a dynamic plugin module should live in -its own project with a build system using \sphinxhref{https://www.gnu.org/software/automake/}{automake} and \sphinxhref{https://www.gnu.org/software/libtool/}{libtool}, or -tools with similar functionality. - -\sphinxAtStartPar -A plugin module must define a specific symbol name, which depends on -the pluggable interface and module name. For most pluggable -interfaces, the exported symbol is a function named -\sphinxcode{\sphinxupquote{INTERFACE\_MODULE\_initvt}}, where \sphinxstyleemphasis{INTERFACE} is the name of the -pluggable interface and \sphinxstyleemphasis{MODULE} is the name of the module. For these -interfaces, it is possible for one shared object or DLL to implement -multiple plugin modules, either for the same pluggable interface or -for different ones. For example, a shared object could implement both -KDC and client preauthentication mechanisms, by exporting functions -named \sphinxcode{\sphinxupquote{kdcpreauth\_mymech\_initvt}} and \sphinxcode{\sphinxupquote{clpreauth\_mymech\_initvt}}. - -\sphinxAtStartPar -A plugin module implementation should include the header file -\sphinxcode{\sphinxupquote{\textless{}krb5/INTERFACE\_plugin.h\textgreater{}}}, where \sphinxstyleemphasis{INTERFACE} is the name of the -pluggable interface. For instance, a ccselect plugin module -implementation should use \sphinxcode{\sphinxupquote{\#include \textless{}krb5/ccselect\_plugin.h\textgreater{}}}. - -\sphinxAtStartPar -initvt functions have the following prototype: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{krb5\PYGZus{}error\PYGZus{}code} \PYG{n}{interface\PYGZus{}modname\PYGZus{}initvt}\PYG{p}{(}\PYG{n}{krb5\PYGZus{}context} \PYG{n}{context}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{n}{maj\PYGZus{}ver}\PYG{p}{,} \PYG{n+nb}{int} \PYG{n}{min\PYGZus{}ver}\PYG{p}{,} - \PYG{n}{krb5\PYGZus{}plugin\PYGZus{}vtable} \PYG{n}{vtable}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -and should do the following: -\begin{enumerate} -\sphinxsetlistlabels{\arabic}{enumi}{enumii}{}{.}% -\item {} -\sphinxAtStartPar -Check that the supplied maj\_ver argument is supported by the -module. If it is not supported, the function should return -KRB5\_PLUGIN\_VER\_NOTSUPP. - -\item {} -\sphinxAtStartPar -Cast the supplied vtable pointer to the structure type -corresponding to the major version, as documented in the pluggable -interface header file. - -\item {} -\sphinxAtStartPar -Fill in the structure fields with pointers to method functions and -static data, stopping at the field indicated by the supplied minor -version. Fields for unimplemented optional methods can be left -alone; it is not necessary to initialize them to NULL. - -\end{enumerate} - -\sphinxAtStartPar -In most cases, the context argument will not be used. The initvt -function should not allocate memory; think of it as a glorified -structure initializer. Each pluggable interface defines methods for -allocating and freeing module state if doing so is necessary for the -interface. - -\sphinxAtStartPar -Pluggable interfaces typically include a \sphinxstylestrong{name} field in the vtable -structure, which should be filled in with a pointer to a string -literal containing the module name. - -\sphinxAtStartPar -Here is an example of what an initvt function might look like for a -fictional pluggable interface named fences, for a module named -“wickerâ€: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{krb5\PYGZus{}error\PYGZus{}code} -\PYG{n}{fences\PYGZus{}wicker\PYGZus{}initvt}\PYG{p}{(}\PYG{n}{krb5\PYGZus{}context} \PYG{n}{context}\PYG{p}{,} \PYG{n+nb}{int} \PYG{n}{maj\PYGZus{}ver}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{n}{min\PYGZus{}ver}\PYG{p}{,} \PYG{n}{krb5\PYGZus{}plugin\PYGZus{}vtable} \PYG{n}{vtable}\PYG{p}{)} -\PYG{p}{\PYGZob{}} - \PYG{n}{krb5\PYGZus{}ccselect\PYGZus{}vtable} \PYG{n}{vt}\PYG{p}{;} - - \PYG{k}{if} \PYG{p}{(}\PYG{n}{maj\PYGZus{}ver} \PYG{o}{==} \PYG{l+m+mi}{1}\PYG{p}{)} \PYG{p}{\PYGZob{}} - \PYG{n}{krb5\PYGZus{}fences\PYGZus{}vtable} \PYG{n}{vt} \PYG{o}{=} \PYG{p}{(}\PYG{n}{krb5\PYGZus{}fences\PYGZus{}vtable}\PYG{p}{)}\PYG{n}{vtable}\PYG{p}{;} - \PYG{n}{vt}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}}\PYG{n}{name} \PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{wicker}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} - \PYG{n}{vt}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}}\PYG{n}{slats} \PYG{o}{=} \PYG{n}{wicker\PYGZus{}slats}\PYG{p}{;} - \PYG{n}{vt}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}}\PYG{n}{braces} \PYG{o}{=} \PYG{n}{wicker\PYGZus{}braces}\PYG{p}{;} - \PYG{p}{\PYGZcb{}} \PYG{k}{else} \PYG{k}{if} \PYG{p}{(}\PYG{n}{maj\PYGZus{}ver} \PYG{o}{==} \PYG{l+m+mi}{2}\PYG{p}{)} \PYG{p}{\PYGZob{}} - \PYG{n}{krb5\PYGZus{}fences\PYGZus{}vtable\PYGZus{}v2} \PYG{n}{vt} \PYG{o}{=} \PYG{p}{(}\PYG{n}{krb5\PYGZus{}fences\PYGZus{}vtable\PYGZus{}v2}\PYG{p}{)}\PYG{n}{vtable}\PYG{p}{;} - \PYG{n}{vt}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}}\PYG{n}{name} \PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{wicker}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} - \PYG{n}{vt}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}}\PYG{n}{material} \PYG{o}{=} \PYG{n}{wicker\PYGZus{}material}\PYG{p}{;} - \PYG{n}{vt}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}}\PYG{n}{construction} \PYG{o}{=} \PYG{n}{wicker\PYGZus{}construction}\PYG{p}{;} - \PYG{k}{if} \PYG{p}{(}\PYG{n}{min\PYGZus{}ver} \PYG{o}{\PYGZlt{}} \PYG{l+m+mi}{2}\PYG{p}{)} - \PYG{k}{return} \PYG{l+m+mi}{0}\PYG{p}{;} - \PYG{n}{vt}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}}\PYG{n}{footing} \PYG{o}{=} \PYG{n}{wicker\PYGZus{}footing}\PYG{p}{;} - \PYG{k}{if} \PYG{p}{(}\PYG{n}{min\PYGZus{}ver} \PYG{o}{\PYGZlt{}} \PYG{l+m+mi}{3}\PYG{p}{)} - \PYG{k}{return} \PYG{l+m+mi}{0}\PYG{p}{;} - \PYG{n}{vt}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}}\PYG{n}{appearance} \PYG{o}{=} \PYG{n}{wicker\PYGZus{}appearance}\PYG{p}{;} - \PYG{p}{\PYGZcb{}} \PYG{k}{else} \PYG{p}{\PYGZob{}} - \PYG{k}{return} \PYG{n}{KRB5\PYGZus{}PLUGIN\PYGZus{}VER\PYGZus{}NOTSUPP}\PYG{p}{;} - \PYG{p}{\PYGZcb{}} - \PYG{k}{return} \PYG{l+m+mi}{0}\PYG{p}{;} -\PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - - -\subsection{Logging from KDC and kadmind plugin modules} -\label{\detokenize{plugindev/general:logging-from-kdc-and-kadmind-plugin-modules}} -\sphinxAtStartPar -Plugin modules for the KDC or kadmind daemons can write to the -configured logging outputs (see \DUrole{xref,std,std-ref}{logging}) by calling the -\sphinxstylestrong{com\_err} function. The first argument (\sphinxstyleemphasis{whoami}) is ignored. If -the second argument (\sphinxstyleemphasis{code}) is zero, the formatted message is logged -at informational severity; otherwise, the formatted message is logged -at error severity and includes the error message for the supplied -code. Here are examples: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{com\PYGZus{}err}\PYG{p}{(}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{,} \PYG{l+m+mi}{0}\PYG{p}{,} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{Client message contains }\PYG{l+s+si}{\PYGZpc{}d}\PYG{l+s+s2}{ items}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{,} \PYG{n}{nitems}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{com\PYGZus{}err}\PYG{p}{(}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{,} \PYG{n}{retval}\PYG{p}{,} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{while decoding client message}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -(The behavior described above is new in release 1.17. In prior -releases, the \sphinxstyleemphasis{whoami} argument is included for some logging output -types, the logged message does not include the usual header for some -output types, and the severity for syslog outputs is configured as -part of the logging specification, defaulting to error severity.) - - -\section{Client preauthentication interface (clpreauth)} -\label{\detokenize{plugindev/clpreauth:client-preauthentication-interface-clpreauth}}\label{\detokenize{plugindev/clpreauth::doc}} -\sphinxAtStartPar -During an initial ticket request, a KDC may ask a client to prove its -knowledge of the password before issuing an encrypted ticket, or to -use credentials other than a password. This process is called -preauthentication, and is described in \index{RFC@\spxentry{RFC}!RFC 4120@\spxentry{RFC 4120}}\sphinxhref{https://tools.ietf.org/html/rfc4120.html}{\sphinxstylestrong{RFC 4120}} and \index{RFC@\spxentry{RFC}!RFC 6113@\spxentry{RFC 6113}}\sphinxhref{https://tools.ietf.org/html/rfc6113.html}{\sphinxstylestrong{RFC 6113}}. -The clpreauth interface allows the addition of client support for -preauthentication mechanisms beyond those included in the core MIT -krb5 code base. For a detailed description of the clpreauth -interface, see the header file \sphinxcode{\sphinxupquote{\textless{}krb5/clpreauth\_plugin.h\textgreater{}}} (or -\sphinxcode{\sphinxupquote{\textless{}krb5/preauth\_plugin.h\textgreater{}}} before release 1.12). - -\sphinxAtStartPar -A clpreauth module is generally responsible for: -\begin{itemize} -\item {} -\sphinxAtStartPar -Supplying a list of preauth type numbers used by the module in the -\sphinxstylestrong{pa\_type\_list} field of the vtable structure. - -\item {} -\sphinxAtStartPar -Indicating what kind of preauthentication mechanism it implements, -with the \sphinxstylestrong{flags} method. In the most common case, this method -just returns \sphinxcode{\sphinxupquote{PA\_REAL}}, indicating that it implements a normal -preauthentication type. - -\item {} -\sphinxAtStartPar -Examining the padata information included in a PREAUTH\_REQUIRED or -MORE\_PREAUTH\_DATA\_REQUIRED error and producing padata values for the -next AS request. This is done with the \sphinxstylestrong{process} method. - -\item {} -\sphinxAtStartPar -Examining the padata information included in a successful ticket -reply, possibly verifying the KDC identity and computing a reply -key. This is also done with the \sphinxstylestrong{process} method. - -\item {} -\sphinxAtStartPar -For preauthentication types which support it, recovering from errors -by examining the error data from the KDC and producing a padata -value for another AS request. This is done with the \sphinxstylestrong{tryagain} -method. - -\item {} -\sphinxAtStartPar -Receiving option information (supplied by \sphinxcode{\sphinxupquote{kinit \sphinxhyphen{}X}} or by an -application), with the \sphinxstylestrong{gic\_opts} method. - -\end{itemize} - -\sphinxAtStartPar -A clpreauth module can create and destroy per\sphinxhyphen{}library\sphinxhyphen{}context and -per\sphinxhyphen{}request state objects by implementing the \sphinxstylestrong{init}, \sphinxstylestrong{fini}, -\sphinxstylestrong{request\_init}, and \sphinxstylestrong{request\_fini} methods. Per\sphinxhyphen{}context state -objects have the type krb5\_clpreauth\_moddata, and per\sphinxhyphen{}request state -objects have the type krb5\_clpreauth\_modreq. These are abstract -pointer types; a module should typically cast these to internal -types for the state objects. - -\sphinxAtStartPar -The \sphinxstylestrong{process} and \sphinxstylestrong{tryagain} methods have access to a callback -function and handle (called a “rockâ€) which can be used to get -additional information about the current request, including the -expected enctype of the AS reply, the FAST armor key, and the client -long\sphinxhyphen{}term key (prompting for the user password if necessary). A -callback can also be used to replace the AS reply key if the -preauthentication mechanism computes one. - - -\section{KDC preauthentication interface (kdcpreauth)} -\label{\detokenize{plugindev/kdcpreauth:kdc-preauthentication-interface-kdcpreauth}}\label{\detokenize{plugindev/kdcpreauth::doc}} -\sphinxAtStartPar -The kdcpreauth interface allows the addition of KDC support for -preauthentication mechanisms beyond those included in the core MIT -krb5 code base. For a detailed description of the kdcpreauth -interface, see the header file \sphinxcode{\sphinxupquote{\textless{}krb5/kdcpreauth\_plugin.h\textgreater{}}} (or -\sphinxcode{\sphinxupquote{\textless{}krb5/preauth\_plugin.h\textgreater{}}} before release 1.12). - -\sphinxAtStartPar -A kdcpreauth module is generally responsible for: -\begin{itemize} -\item {} -\sphinxAtStartPar -Supplying a list of preauth type numbers used by the module in the -\sphinxstylestrong{pa\_type\_list} field of the vtable structure. - -\item {} -\sphinxAtStartPar -Indicating what kind of preauthentication mechanism it implements, -with the \sphinxstylestrong{flags} method. If the mechanism computes a new reply -key, it must specify the \sphinxcode{\sphinxupquote{PA\_REPLACES\_KEY}} flag. If the mechanism -is generally only used with hardware tokens, the \sphinxcode{\sphinxupquote{PA\_HARDWARE}} -flag allows the mechanism to work with principals which have the -\sphinxstylestrong{requires\_hwauth} flag set. - -\item {} -\sphinxAtStartPar -Producing a padata value to be sent with a preauth\_required error, -with the \sphinxstylestrong{edata} method. - -\item {} -\sphinxAtStartPar -Examining a padata value sent by a client and verifying that it -proves knowledge of the appropriate client credential information. -This is done with the \sphinxstylestrong{verify} method. - -\item {} -\sphinxAtStartPar -Producing a padata response value for the client, and possibly -computing a reply key. This is done with the \sphinxstylestrong{return\_padata} -method. - -\end{itemize} - -\sphinxAtStartPar -A module can create and destroy per\sphinxhyphen{}KDC state objects by implementing -the \sphinxstylestrong{init} and \sphinxstylestrong{fini} methods. Per\sphinxhyphen{}KDC state objects have the -type krb5\_kdcpreauth\_moddata, which is an abstract pointer types. A -module should typically cast this to an internal type for the state -object. - -\sphinxAtStartPar -A module can create a per\sphinxhyphen{}request state object by returning one in the -\sphinxstylestrong{verify} method, receiving it in the \sphinxstylestrong{return\_padata} method, and -destroying it in the \sphinxstylestrong{free\_modreq} method. Note that these state -objects only apply to the processing of a single AS request packet, -not to an entire authentication exchange (since an authentication -exchange may remain unfinished by the client or may involve multiple -different KDC hosts). Per\sphinxhyphen{}request state objects have the type -krb5\_kdcpreauth\_modreq, which is an abstract pointer type. - -\sphinxAtStartPar -The \sphinxstylestrong{edata}, \sphinxstylestrong{verify}, and \sphinxstylestrong{return\_padata} methods have access -to a callback function and handle (called a “rockâ€) which can be used -to get additional information about the current request, including the -maximum allowable clock skew, the client’s long\sphinxhyphen{}term keys, the -DER\sphinxhyphen{}encoded request body, the FAST armor key, string attributes on the -client’s database entry, and the client’s database entry itself. The -\sphinxstylestrong{verify} method can assert one or more authentication indicators to -be included in the issued ticket using the \sphinxcode{\sphinxupquote{add\_auth\_indicator}} -callback (new in release 1.14). - -\sphinxAtStartPar -A module can generate state information to be included with the next -client request using the \sphinxcode{\sphinxupquote{set\_cookie}} callback (new in release -1.14). On the next request, the module can read this state -information using the \sphinxcode{\sphinxupquote{get\_cookie}} callback. Cookie information is -encrypted, timestamped, and transmitted to the client in a -\sphinxcode{\sphinxupquote{PA\sphinxhyphen{}FX\sphinxhyphen{}COOKIE}} pa\sphinxhyphen{}data item. Older clients may not support cookies -and therefore may not transmit the cookie in the next request; in this -case, \sphinxcode{\sphinxupquote{get\_cookie}} will not yield the saved information. - -\sphinxAtStartPar -If a module implements a mechanism which requires multiple round -trips, its \sphinxstylestrong{verify} method can respond with the code -\sphinxcode{\sphinxupquote{KRB5KDC\_ERR\_MORE\_PREAUTH\_DATA\_REQUIRED}} and a list of pa\sphinxhyphen{}data in -the \sphinxstyleemphasis{e\_data} parameter to be processed by the client. - -\sphinxAtStartPar -The \sphinxstylestrong{edata} and \sphinxstylestrong{verify} methods can be implemented -asynchronously. Because of this, they do not return values directly -to the caller, but must instead invoke responder functions with their -results. A synchronous implementation can invoke the responder -function immediately. An asynchronous implementation can use the -callback to get an event context for use with the \sphinxhref{https://fedorahosted.org/libverto/}{libverto} API. - - -\section{Credential cache selection interface (ccselect)} -\label{\detokenize{plugindev/ccselect:credential-cache-selection-interface-ccselect}}\label{\detokenize{plugindev/ccselect:ccselect-plugin}}\label{\detokenize{plugindev/ccselect::doc}} -\sphinxAtStartPar -The ccselect interface allows modules to control how credential caches -are chosen when a GSSAPI client contacts a service. For a detailed -description of the ccselect interface, see the header file -\sphinxcode{\sphinxupquote{\textless{}krb5/ccselect\_plugin.h\textgreater{}}}. - -\sphinxAtStartPar -The primary ccselect method is \sphinxstylestrong{choose}, which accepts a server -principal as input and returns a ccache and/or principal name as -output. A module can use the krb5\_cccol APIs to iterate over the -cache collection in order to find an appropriate ccache to use. - -\sphinxAtStartPar -A module can create and destroy per\sphinxhyphen{}library\sphinxhyphen{}context state objects by -implementing the \sphinxstylestrong{init} and \sphinxstylestrong{fini} methods. State objects have -the type krb5\_ccselect\_moddata, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. - -\sphinxAtStartPar -A module can have one of two priorities, “authoritative†or -“heuristicâ€. Results from authoritative modules, if any are -available, will take priority over results from heuristic modules. A -module communicates its priority as a result of the \sphinxstylestrong{init} method. - - -\section{Password quality interface (pwqual)} -\label{\detokenize{plugindev/pwqual:password-quality-interface-pwqual}}\label{\detokenize{plugindev/pwqual:pwqual-plugin}}\label{\detokenize{plugindev/pwqual::doc}} -\sphinxAtStartPar -The pwqual interface allows modules to control what passwords are -allowed when a user changes passwords. For a detailed description of -the pwqual interface, see the header file \sphinxcode{\sphinxupquote{\textless{}krb5/pwqual\_plugin.h\textgreater{}}}. - -\sphinxAtStartPar -The primary pwqual method is \sphinxstylestrong{check}, which receives a password as -input and returns success (0) or a \sphinxcode{\sphinxupquote{KADM5\_PASS\_Q\_}} failure code -depending on whether the password is allowed. The \sphinxstylestrong{check} method -also receives the principal name and the name of the principal’s -password policy as input; although there is no stable interface for -the module to obtain the fields of the password policy, it can define -its own configuration or data store based on the policy name. - -\sphinxAtStartPar -A module can create and destroy per\sphinxhyphen{}process state objects by -implementing the \sphinxstylestrong{open} and \sphinxstylestrong{close} methods. State objects have -the type krb5\_pwqual\_moddata, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. The \sphinxstylestrong{open} method also receives the name of the realm’s -dictionary file (as configured by the \sphinxstylestrong{dict\_file} variable in the -\DUrole{xref,std,std-ref}{kdc\_realms} section of \DUrole{xref,std,std-ref}{kdc.conf(5)}) if it wishes to use -it. - - -\section{KADM5 hook interface (kadm5\_hook)} -\label{\detokenize{plugindev/kadm5_hook:kadm5-hook-interface-kadm5-hook}}\label{\detokenize{plugindev/kadm5_hook:kadm5-hook-plugin}}\label{\detokenize{plugindev/kadm5_hook::doc}} -\sphinxAtStartPar -The kadm5\_hook interface allows modules to perform actions when -changes are made to the Kerberos database through \DUrole{xref,std,std-ref}{kadmin(1)}. -For a detailed description of the kadm5\_hook interface, see the header -file \sphinxcode{\sphinxupquote{\textless{}krb5/kadm5\_hook\_plugin.h\textgreater{}}}. - -\sphinxAtStartPar -The kadm5\_hook interface has five primary methods: \sphinxstylestrong{chpass}, -\sphinxstylestrong{create}, \sphinxstylestrong{modify}, \sphinxstylestrong{remove}, and \sphinxstylestrong{rename}. (The \sphinxstylestrong{rename} -method was introduced in release 1.14.) Each of these methods is -called twice when the corresponding administrative action takes place, -once before the action is committed and once afterwards. A module can -prevent the action from taking place by returning an error code during -the pre\sphinxhyphen{}commit stage. - -\sphinxAtStartPar -A module can create and destroy per\sphinxhyphen{}process state objects by -implementing the \sphinxstylestrong{init} and \sphinxstylestrong{fini} methods. State objects have -the type kadm5\_hook\_modinfo, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. - -\sphinxAtStartPar -Because the kadm5\_hook interface is tied closely to the kadmin -interface (which is explicitly unstable), it may not remain as stable -across versions as other public pluggable interfaces. - - -\section{kadmin authorization interface (kadm5\_auth)} -\label{\detokenize{plugindev/kadm5_auth:kadmin-authorization-interface-kadm5-auth}}\label{\detokenize{plugindev/kadm5_auth:kadm5-auth-plugin}}\label{\detokenize{plugindev/kadm5_auth::doc}} -\sphinxAtStartPar -The kadm5\_auth interface (new in release 1.16) allows modules to -determine whether a client principal is authorized to perform an -operation in the kadmin protocol, and to apply restrictions to -principal operations. For a detailed description of the kadm5\_auth -interface, see the header file \sphinxcode{\sphinxupquote{\textless{}krb5/kadm5\_auth\_plugin.h\textgreater{}}}. - -\sphinxAtStartPar -A module can create and destroy per\sphinxhyphen{}process state objects by -implementing the \sphinxstylestrong{init} and \sphinxstylestrong{fini} methods. State objects have -the type kadm5\_auth\_modinfo, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. - -\sphinxAtStartPar -The kadm5\_auth interface has one method for each kadmin operation, -with parameters specific to the operation. Each method can return -either 0 to authorize access, KRB5\_PLUGIN\_NO\_HANDLE to defer the -decision to other modules, or another error (canonically EPERM) to -authoritatively deny access. Access is granted if at least one module -grants access and no module authoritatively denies access. - -\sphinxAtStartPar -The \sphinxstylestrong{addprinc} and \sphinxstylestrong{modprinc} methods can also impose restrictions -on the principal operation by returning a \sphinxcode{\sphinxupquote{struct -kadm5\_auth\_restrictions}} object. The module should also implement -the \sphinxstylestrong{free\_restrictions} method if it dynamically allocates -restrictions objects for principal operations. - -\sphinxAtStartPar -kadm5\_auth modules can optionally inspect principal or policy objects. -To do this, the module must also include \sphinxcode{\sphinxupquote{\textless{}kadm5/admin.h\textgreater{}}} to gain -access to the structure definitions for those objects. As the kadmin -interface is explicitly not as stable as other public interfaces, -modules which do this may not retain compatibility across releases. - - -\section{Host\sphinxhyphen{}to\sphinxhyphen{}realm interface (hostrealm)} -\label{\detokenize{plugindev/hostrealm:host-to-realm-interface-hostrealm}}\label{\detokenize{plugindev/hostrealm:hostrealm-plugin}}\label{\detokenize{plugindev/hostrealm::doc}} -\sphinxAtStartPar -The host\sphinxhyphen{}to\sphinxhyphen{}realm interface was first introduced in release 1.12. It -allows modules to control the local mapping of hostnames to realm -names as well as the default realm. For a detailed description of the -hostrealm interface, see the header file -\sphinxcode{\sphinxupquote{\textless{}krb5/hostrealm\_plugin.h\textgreater{}}}. - -\sphinxAtStartPar -Although the mapping methods in the hostrealm interface return a list -of one or more realms, only the first realm in the list is currently -used by callers. Callers may begin using later responses in the -future. - -\sphinxAtStartPar -Any mapping method may return KRB5\_PLUGIN\_NO\_HANDLE to defer -processing to a later module. - -\sphinxAtStartPar -A module can create and destroy per\sphinxhyphen{}library\sphinxhyphen{}context state objects -using the \sphinxstylestrong{init} and \sphinxstylestrong{fini} methods. If the module does not need -any state, it does not need to implement these methods. - -\sphinxAtStartPar -The optional \sphinxstylestrong{host\_realm} method allows a module to determine -authoritative realm mappings for a hostname. The first authoritative -mapping is used in preference to KDC referrals when getting service -credentials. - -\sphinxAtStartPar -The optional \sphinxstylestrong{fallback\_realm} method allows a module to determine -fallback mappings for a hostname. The first fallback mapping is tried -if there is no authoritative mapping for a realm, and KDC referrals -failed to produce a successful result. - -\sphinxAtStartPar -The optional \sphinxstylestrong{default\_realm} method allows a module to determine the -local default realm. - -\sphinxAtStartPar -If a module implements any of the above methods, it must also -implement \sphinxstylestrong{free\_list} to ensure that memory is allocated and -deallocated consistently. - - -\section{Local authorization interface (localauth)} -\label{\detokenize{plugindev/localauth:local-authorization-interface-localauth}}\label{\detokenize{plugindev/localauth:localauth-plugin}}\label{\detokenize{plugindev/localauth::doc}} -\sphinxAtStartPar -The localauth interface was first introduced in release 1.12. It -allows modules to control the relationship between Kerberos principals -and local system accounts. When an application calls -\sphinxcode{\sphinxupquote{krb5\_kuserok()}} or \sphinxcode{\sphinxupquote{krb5\_aname\_to\_localname()}}, localauth -modules are consulted to determine the result. For a detailed -description of the localauth interface, see the header file -\sphinxcode{\sphinxupquote{\textless{}krb5/localauth\_plugin.h\textgreater{}}}. - -\sphinxAtStartPar -A module can create and destroy per\sphinxhyphen{}library\sphinxhyphen{}context state objects -using the \sphinxstylestrong{init} and \sphinxstylestrong{fini} methods. If the module does not need -any state, it does not need to implement these methods. - -\sphinxAtStartPar -The optional \sphinxstylestrong{userok} method allows a module to control the behavior -of \sphinxcode{\sphinxupquote{krb5\_kuserok()}}. The module receives the authenticated name -and the local account name as inputs, and can return either 0 to -authorize access, KRB5\_PLUGIN\_NO\_HANDLE to defer the decision to other -modules, or another error (canonically EPERM) to authoritatively deny -access. Access is granted if at least one module grants access and no -module authoritatively denies access. - -\sphinxAtStartPar -The optional \sphinxstylestrong{an2ln} method can work in two different ways. If the -module sets an array of uppercase type names in \sphinxstylestrong{an2ln\_types}, then -the module’s \sphinxstylestrong{an2ln} method will only be invoked by -\sphinxcode{\sphinxupquote{krb5\_aname\_to\_localname()}} if an \sphinxstylestrong{auth\_to\_local} value in -\DUrole{xref,std,std-ref}{krb5.conf(5)} refers to one of the module’s types. In this -case, the \sphinxstyleemphasis{type} and \sphinxstyleemphasis{residual} arguments will give the type name and -residual string of the \sphinxstylestrong{auth\_to\_local} value. - -\sphinxAtStartPar -If the module does not set \sphinxstylestrong{an2ln\_types} but does implement -\sphinxstylestrong{an2ln}, the module’s \sphinxstylestrong{an2ln} method will be invoked for all -\sphinxcode{\sphinxupquote{krb5\_aname\_to\_localname()}} operations unless an earlier module -determines a mapping, with \sphinxstyleemphasis{type} and \sphinxstyleemphasis{residual} set to NULL. The -module can return KRB5\_LNAME\_NO\_TRANS to defer mapping to later -modules. - -\sphinxAtStartPar -If a module implements \sphinxstylestrong{an2ln}, it must also implement -\sphinxstylestrong{free\_string} to ensure that memory is allocated and deallocated -consistently. - - -\section{Server location interface (locate)} -\label{\detokenize{plugindev/locate:server-location-interface-locate}}\label{\detokenize{plugindev/locate::doc}} -\sphinxAtStartPar -The locate interface allows modules to control how KDCs and similar -services are located by clients. For a detailed description of the -ccselect interface, see the header file \sphinxcode{\sphinxupquote{\textless{}krb5/locate\_plugin.h\textgreater{}}}. - -\sphinxAtStartPar -A locate module exports a structure object of type -krb5plugin\_service\_locate\_ftable, with the name \sphinxcode{\sphinxupquote{service\_locator}}. -The structure contains a minor version and pointers to the module’s -methods. - -\sphinxAtStartPar -The primary locate method is \sphinxstylestrong{lookup}, which accepts a service type, -realm name, desired socket type, and desired address family (which -will be AF\_UNSPEC if no specific address family is desired). The -method should invoke the callback function once for each server -address it wants to return, passing a socket type (SOCK\_STREAM for TCP -or SOCK\_DGRAM for UDP) and socket address. The \sphinxstylestrong{lookup} method -should return 0 if it has authoritatively determined the server -addresses for the realm, KRB5\_PLUGIN\_NO\_HANDLE if it wants to let -other location mechanisms determine the server addresses, or another -code if it experienced a failure which should abort the location -process. - -\sphinxAtStartPar -A module can create and destroy per\sphinxhyphen{}library\sphinxhyphen{}context state objects by -implementing the \sphinxstylestrong{init} and \sphinxstylestrong{fini} methods. State objects have -the type void *, and should be cast to an internal type for the state -object. - - -\section{Configuration interface (profile)} -\label{\detokenize{plugindev/profile:configuration-interface-profile}}\label{\detokenize{plugindev/profile:profile-plugin}}\label{\detokenize{plugindev/profile::doc}} -\sphinxAtStartPar -The profile interface allows a module to control how krb5 -configuration information is obtained by the Kerberos library and -applications. For a detailed description of the profile interface, -see the header file \sphinxcode{\sphinxupquote{\textless{}profile.h\textgreater{}}}. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The profile interface does not follow the normal conventions -for MIT krb5 pluggable interfaces, because it is part of a -lower\sphinxhyphen{}level component of the krb5 library. -\end{sphinxadmonition} - -\sphinxAtStartPar -As with other types of plugin modules, a profile module is a Unix -shared object or Windows DLL, built separately from the krb5 tree. -The krb5 library will dynamically load and use a profile plugin module -if it reads a \sphinxcode{\sphinxupquote{module}} directive at the beginning of krb5.conf, as -described in \DUrole{xref,std,std-ref}{profile\_plugin\_config}. - -\sphinxAtStartPar -A profile module exports a function named \sphinxcode{\sphinxupquote{profile\_module\_init}} -matching the signature of the profile\_module\_init\_fn type. This -function accepts a residual string, which may be used to help locate -the configuration source. The function fills in a vtable and may also -create a per\sphinxhyphen{}profile state object. If the module uses state objects, -it should implement the \sphinxstylestrong{copy} and \sphinxstylestrong{cleanup} methods to manage -them. - -\sphinxAtStartPar -A basic read\sphinxhyphen{}only profile module need only implement the -\sphinxstylestrong{get\_values} and \sphinxstylestrong{free\_values} methods. The \sphinxstylestrong{get\_values} method -accepts a null\sphinxhyphen{}terminated list of C string names (e.g., an array -containing “libdefaultsâ€, “clockskewâ€, and NULL for the \sphinxstylestrong{clockskew} -variable in the \DUrole{xref,std,std-ref}{libdefaults} section) and returns a -null\sphinxhyphen{}terminated list of values, which will be cleaned up with the -\sphinxstylestrong{free\_values} method when the caller is done with them. - -\sphinxAtStartPar -Iterable profile modules must also define the \sphinxstylestrong{iterator\_create}, -\sphinxstylestrong{iterator}, \sphinxstylestrong{iterator\_free}, and \sphinxstylestrong{free\_string} methods. The -core krb5 code does not require profiles to be iterable, but some -applications may iterate over the krb5 profile object in order to -present configuration interfaces. - -\sphinxAtStartPar -Writable profile modules must also define the \sphinxstylestrong{writable}, -\sphinxstylestrong{modified}, \sphinxstylestrong{update\_relation}, \sphinxstylestrong{rename\_section}, -\sphinxstylestrong{add\_relation}, and \sphinxstylestrong{flush} methods. The core krb5 code does not -require profiles to be writable, but some applications may write to -the krb5 profile in order to present configuration interfaces. - -\sphinxAtStartPar -The following is an example of a very basic read\sphinxhyphen{}only profile module -which returns a hardcoded value for the \sphinxstylestrong{default\_realm} variable in -\DUrole{xref,std,std-ref}{libdefaults}, and provides no other configuration information. -(For conciseness, the example omits code for checking the return -values of malloc and strdup.) - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{c+c1}{\PYGZsh{}include \PYGZlt{}stdlib.h\PYGZgt{}} -\PYG{c+c1}{\PYGZsh{}include \PYGZlt{}string.h\PYGZgt{}} -\PYG{c+c1}{\PYGZsh{}include \PYGZlt{}profile.h\PYGZgt{}} - -\PYG{n}{static} \PYG{n}{long} -\PYG{n}{get\PYGZus{}values}\PYG{p}{(}\PYG{n}{void} \PYG{o}{*}\PYG{n}{cbdata}\PYG{p}{,} \PYG{n}{const} \PYG{n}{char} \PYG{o}{*}\PYG{n}{const} \PYG{o}{*}\PYG{n}{names}\PYG{p}{,} \PYG{n}{char} \PYG{o}{*}\PYG{o}{*}\PYG{o}{*}\PYG{n}{values}\PYG{p}{)} -\PYG{p}{\PYGZob{}} - \PYG{k}{if} \PYG{p}{(}\PYG{n}{names}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]} \PYG{o}{!=} \PYG{n}{NULL} \PYG{o}{\PYGZam{}}\PYG{o}{\PYGZam{}} \PYG{n}{strcmp}\PYG{p}{(}\PYG{n}{names}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{p}{,} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{libdefaults}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{)} \PYG{o}{==} \PYG{l+m+mi}{0} \PYG{o}{\PYGZam{}}\PYG{o}{\PYGZam{}} - \PYG{n}{names}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]} \PYG{o}{!=} \PYG{n}{NULL} \PYG{o}{\PYGZam{}}\PYG{o}{\PYGZam{}} \PYG{n}{strcmp}\PYG{p}{(}\PYG{n}{names}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{p}{,} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{default\PYGZus{}realm}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{)} \PYG{o}{==} \PYG{l+m+mi}{0}\PYG{p}{)} \PYG{p}{\PYGZob{}} - \PYG{o}{*}\PYG{n}{values} \PYG{o}{=} \PYG{n}{malloc}\PYG{p}{(}\PYG{l+m+mi}{2} \PYG{o}{*} \PYG{n}{sizeof}\PYG{p}{(}\PYG{n}{char} \PYG{o}{*}\PYG{p}{)}\PYG{p}{)}\PYG{p}{;} - \PYG{p}{(}\PYG{o}{*}\PYG{n}{values}\PYG{p}{)}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]} \PYG{o}{=} \PYG{n}{strdup}\PYG{p}{(}\PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{ATHENA.MIT.EDU}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{)}\PYG{p}{;} - \PYG{p}{(}\PYG{o}{*}\PYG{n}{values}\PYG{p}{)}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]} \PYG{o}{=} \PYG{n}{NULL}\PYG{p}{;} - \PYG{k}{return} \PYG{l+m+mi}{0}\PYG{p}{;} - \PYG{p}{\PYGZcb{}} - \PYG{k}{return} \PYG{n}{PROF\PYGZus{}NO\PYGZus{}RELATION}\PYG{p}{;} -\PYG{p}{\PYGZcb{}} - -\PYG{n}{static} \PYG{n}{void} -\PYG{n}{free\PYGZus{}values}\PYG{p}{(}\PYG{n}{void} \PYG{o}{*}\PYG{n}{cbdata}\PYG{p}{,} \PYG{n}{char} \PYG{o}{*}\PYG{o}{*}\PYG{n}{values}\PYG{p}{)} -\PYG{p}{\PYGZob{}} - \PYG{n}{char} \PYG{o}{*}\PYG{o}{*}\PYG{n}{v}\PYG{p}{;} - - \PYG{k}{for} \PYG{p}{(}\PYG{n}{v} \PYG{o}{=} \PYG{n}{values}\PYG{p}{;} \PYG{o}{*}\PYG{n}{v}\PYG{p}{;} \PYG{n}{v}\PYG{o}{+}\PYG{o}{+}\PYG{p}{)} - \PYG{n}{free}\PYG{p}{(}\PYG{o}{*}\PYG{n}{v}\PYG{p}{)}\PYG{p}{;} - \PYG{n}{free}\PYG{p}{(}\PYG{n}{values}\PYG{p}{)}\PYG{p}{;} -\PYG{p}{\PYGZcb{}} - -\PYG{n}{long} -\PYG{n}{profile\PYGZus{}module\PYGZus{}init}\PYG{p}{(}\PYG{n}{const} \PYG{n}{char} \PYG{o}{*}\PYG{n}{residual}\PYG{p}{,} \PYG{n}{struct} \PYG{n}{profile\PYGZus{}vtable} \PYG{o}{*}\PYG{n}{vtable}\PYG{p}{,} - \PYG{n}{void} \PYG{o}{*}\PYG{o}{*}\PYG{n}{cb\PYGZus{}ret}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{long} -\PYG{n}{profile\PYGZus{}module\PYGZus{}init}\PYG{p}{(}\PYG{n}{const} \PYG{n}{char} \PYG{o}{*}\PYG{n}{residual}\PYG{p}{,} \PYG{n}{struct} \PYG{n}{profile\PYGZus{}vtable} \PYG{o}{*}\PYG{n}{vtable}\PYG{p}{,} - \PYG{n}{void} \PYG{o}{*}\PYG{o}{*}\PYG{n}{cb\PYGZus{}ret}\PYG{p}{)} -\PYG{p}{\PYGZob{}} - \PYG{o}{*}\PYG{n}{cb\PYGZus{}ret} \PYG{o}{=} \PYG{n}{NULL}\PYG{p}{;} - \PYG{n}{vtable}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}}\PYG{n}{get\PYGZus{}values} \PYG{o}{=} \PYG{n}{get\PYGZus{}values}\PYG{p}{;} - \PYG{n}{vtable}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZgt{}}\PYG{n}{free\PYGZus{}values} \PYG{o}{=} \PYG{n}{free\PYGZus{}values}\PYG{p}{;} - \PYG{k}{return} \PYG{l+m+mi}{0}\PYG{p}{;} -\PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - - -\section{GSSAPI mechanism interface} -\label{\detokenize{plugindev/gssapi:gssapi-mechanism-interface}}\label{\detokenize{plugindev/gssapi::doc}} -\sphinxAtStartPar -The GSSAPI library in MIT krb5 can load mechanism modules to augment -the set of built\sphinxhyphen{}in mechanisms. - -\sphinxAtStartPar -A mechanism module is a Unix shared object or Windows DLL, built -separately from the krb5 tree. Modules are loaded according to the -GSS mechanism config files described in \DUrole{xref,std,std-ref}{gssapi\_plugin\_config}. - -\sphinxAtStartPar -For the most part, a GSSAPI mechanism module exports the same -functions as would a GSSAPI implementation itself, with the same -function signatures. The mechanism selection layer within the GSSAPI -library (called the “mechglueâ€) will dispatch calls from the -application to the module if the module’s mechanism is requested. If -a module does not wish to implement a GSSAPI extension, it can simply -refrain from exporting it, and the mechglue will fail gracefully if -the application calls that function. - -\sphinxAtStartPar -The mechglue does not invoke a module’s \sphinxstylestrong{gss\_add\_cred}, -\sphinxstylestrong{gss\_add\_cred\_from}, \sphinxstylestrong{gss\_add\_cred\_impersonate\_name}, or -\sphinxstylestrong{gss\_add\_cred\_with\_password} function. A mechanism only needs to -implement the “acquire†variants of those functions. - -\sphinxAtStartPar -A module does not need to coordinate its minor status codes with those -of other mechanisms. If the mechglue detects conflicts, it will map -the mechanism’s status codes onto unique values, and then map them -back again when \sphinxstylestrong{gss\_display\_status} is called. - - -\subsection{NegoEx modules} -\label{\detokenize{plugindev/gssapi:negoex-modules}} -\sphinxAtStartPar -Some Windows GSSAPI mechanisms can only be negotiated via a Microsoft -extension to SPNEGO called NegoEx. Beginning with release 1.18, -mechanism modules can support NegoEx as follows: -\begin{itemize} -\item {} -\sphinxAtStartPar -Implement the gssspi\_query\_meta\_data(), gssspi\_exchange\_meta\_data(), -and gssspi\_query\_mechanism\_info() SPIs declared in -\sphinxcode{\sphinxupquote{\textless{}gssapi/gssapi\_ext.h\textgreater{}}}. - -\item {} -\sphinxAtStartPar -Implement gss\_inquire\_sec\_context\_by\_oid() and answer the -\sphinxstylestrong{GSS\_C\_INQ\_NEGOEX\_KEY} and \sphinxstylestrong{GSS\_C\_INQ\_NEGOEX\_VERIFY\_KEY} OIDs -to provide the checksum keys for outgoing and incoming checksums, -respectively. The answer must be in two buffers: the first buffer -contains the key contents, and the second buffer contains the key -encryption type as a four\sphinxhyphen{}byte little\sphinxhyphen{}endian integer. - -\end{itemize} - -\sphinxAtStartPar -By default, NegoEx mechanisms will not be directly negotiated via -SPNEGO. If direct SPNEGO negotiation is required for -interoperability, implement gss\_inquire\_attrs\_for\_mech() and assert -the GSS\_C\_MA\_NEGOEX\_AND\_SPNEGO attribute (along with any applicable -RFC 5587 attributes). - - -\subsection{Interposer modules} -\label{\detokenize{plugindev/gssapi:interposer-modules}} -\sphinxAtStartPar -The mechglue also supports a kind of loadable module, called an -interposer module, which intercepts calls to existing mechanisms -rather than implementing a new mechanism. - -\sphinxAtStartPar -An interposer module must export the symbol \sphinxstylestrong{gss\_mech\_interposer} -with the following signature: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{gss\PYGZus{}OID\PYGZus{}set} \PYG{n}{gss\PYGZus{}mech\PYGZus{}interposer}\PYG{p}{(}\PYG{n}{gss\PYGZus{}OID} \PYG{n}{mech\PYGZus{}type}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This function is invoked with the OID of the interposer mechanism as -specified in the mechanism config file, and returns a set of mechanism -OIDs to be interposed. The returned OID set must have been created -using the mechglue’s gss\_create\_empty\_oid\_set and -gss\_add\_oid\_set\_member functions. - -\sphinxAtStartPar -An interposer module must use the prefix \sphinxcode{\sphinxupquote{gssi\_}} for the GSSAPI -functions it exports, instead of the prefix \sphinxcode{\sphinxupquote{gss\_}}. In most cases, -unexported \sphinxcode{\sphinxupquote{gssi\_}} functions will result in failure from their -corresponding \sphinxcode{\sphinxupquote{gss\_}} calls. - -\sphinxAtStartPar -An interposer module can link against the GSSAPI library in order to -make calls to the original mechanism. To do so, it must specify a -special mechanism OID which is the concatention of the interposer’s -own OID byte string and the original mechanism’s OID byte string. - -\sphinxAtStartPar -Functions that do not accept a mechanism argument directly require no -special handling, with the following exceptions: - -\sphinxAtStartPar -Since \sphinxstylestrong{gss\_accept\_sec\_context} does not accept a mechanism argument, -an interposer mechanism must, in order to invoke the original -mechanism’s function, acquire a credential for the concatenated OID -and pass that as the \sphinxstyleemphasis{verifier\_cred\_handle} parameter. - -\sphinxAtStartPar -Since \sphinxstylestrong{gss\_import\_name}, \sphinxstylestrong{gss\_import\_cred}, and -\sphinxstylestrong{gss\_import\_sec\_context} do not accept mechanism parameters, the SPI -has been extended to include variants which do. This allows the -interposer module to know which mechanism should be used to interpret -the token. These functions have the following signatures: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gssi\PYGZus{}import\PYGZus{}sec\PYGZus{}context\PYGZus{}by\PYGZus{}mech}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}OID} \PYG{n}{desired\PYGZus{}mech}\PYG{p}{,} \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{interprocess\PYGZus{}token}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t} \PYG{o}{*}\PYG{n}{context\PYGZus{}handle}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gssi\PYGZus{}import\PYGZus{}name\PYGZus{}by\PYGZus{}mech}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}OID} \PYG{n}{mech\PYGZus{}type}\PYG{p}{,} \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{input\PYGZus{}name\PYGZus{}buffer}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}OID} \PYG{n}{input\PYGZus{}name\PYGZus{}type}\PYG{p}{,} \PYG{n}{gss\PYGZus{}name\PYGZus{}t} \PYG{n}{output\PYGZus{}name}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gssi\PYGZus{}import\PYGZus{}cred\PYGZus{}by\PYGZus{}mech}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}OID} \PYG{n}{mech\PYGZus{}type}\PYG{p}{,} \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{token}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t} \PYG{o}{*}\PYG{n}{cred\PYGZus{}handle}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -To re\sphinxhyphen{}enter the original mechanism when importing tokens for the above -functions, the interposer module must wrap the mechanism token in the -mechglue’s format, using the concatenated OID (except in -\sphinxstylestrong{gss\_import\_name}). The mechglue token formats are: -\begin{itemize} -\item {} -\sphinxAtStartPar -For \sphinxstylestrong{gss\_import\_sec\_context}, a four\sphinxhyphen{}byte OID length in big\sphinxhyphen{}endian -order, followed by the concatenated OID, followed by the mechanism -token. - -\item {} -\sphinxAtStartPar -For \sphinxstylestrong{gss\_import\_name}, the bytes 04 01, followed by a two\sphinxhyphen{}byte OID -length in big\sphinxhyphen{}endian order, followed by the mechanism OID, followed -by a four\sphinxhyphen{}byte token length in big\sphinxhyphen{}endian order, followed by the -mechanism token. Unlike most uses of OIDs in the API, the mechanism -OID encoding must include the DER tag and length for an object -identifier (06 followed by the DER length of the OID byte string), -and this prefix must be included in the two\sphinxhyphen{}byte OID length. -input\_name\_type must also be set to GSS\_C\_NT\_EXPORT\_NAME. - -\item {} -\sphinxAtStartPar -For \sphinxstylestrong{gss\_import\_cred}, a four\sphinxhyphen{}byte OID length in big\sphinxhyphen{}endian order, -followed by the concatenated OID, followed by a four\sphinxhyphen{}byte token -length in big\sphinxhyphen{}endian order, followed by the mechanism token. This -sequence may be repeated multiple times. - -\end{itemize} - - -\section{Internal pluggable interfaces} -\label{\detokenize{plugindev/internal:internal-pluggable-interfaces}}\label{\detokenize{plugindev/internal::doc}} -\sphinxAtStartPar -Following are brief discussions of pluggable interfaces which have not -yet been made public. These interfaces are functional, but the -interfaces are likely to change in incompatible ways from release to -release. In some cases, it may be necessary to copy header files from -the krb5 source tree to use an internal interface. Use these with -care, and expect to need to update your modules for each new release -of MIT krb5. - - -\subsection{Kerberos database interface (KDB)} -\label{\detokenize{plugindev/internal:kerberos-database-interface-kdb}} -\sphinxAtStartPar -A KDB module implements a database back end for KDC principal and -policy information, and can also control many aspects of KDC behavior. -For a full description of the interface, see the header file -\sphinxcode{\sphinxupquote{\textless{}kdb.h\textgreater{}}}. - -\sphinxAtStartPar -The KDB pluggable interface is often referred to as the DAL (Database -Access Layer). - - -\subsection{Authorization data interface (authdata)} -\label{\detokenize{plugindev/internal:authorization-data-interface-authdata}} -\sphinxAtStartPar -The authdata interface allows a module to provide (from the KDC) or -consume (in application servers) authorization data of types beyond -those handled by the core MIT krb5 code base. The interface is -defined in the header file \sphinxcode{\sphinxupquote{\textless{}krb5/authdata\_plugin.h\textgreater{}}}, which is not -installed by the build. - - -\section{PKINIT certificate authorization interface (certauth)} -\label{\detokenize{plugindev/certauth:pkinit-certificate-authorization-interface-certauth}}\label{\detokenize{plugindev/certauth:certauth-plugin}}\label{\detokenize{plugindev/certauth::doc}} -\sphinxAtStartPar -The certauth interface was first introduced in release 1.16. It -allows customization of the X.509 certificate attribute requirements -placed on certificates used by PKINIT enabled clients. For a detailed -description of the certauth interface, see the header file -\sphinxcode{\sphinxupquote{\textless{}krb5/certauth\_plugin.h\textgreater{}}} - -\sphinxAtStartPar -A certauth module implements the \sphinxstylestrong{authorize} method to determine -whether a client’s certificate is authorized to authenticate a client -principal. \sphinxstylestrong{authorize} receives the DER\sphinxhyphen{}encoded certificate, the -requested client principal, and a pointer to the client’s -krb5\_db\_entry (for modules that link against libkdb5). The method -must decode the certificate and inspect its attributes to determine if -it should authorize PKINIT authentication. It returns the -authorization status and optionally outputs a list of authentication -indicator strings to be added to the ticket. - -\sphinxAtStartPar -Beginning in release 1.19, the authorize method can request that the -hardware authentication bit be set in the ticket by returning -\sphinxstylestrong{KRB5\_CERTAUTH\_HWAUTH}. Beginning in release 1.20, the authorize -method can return \sphinxstylestrong{KRB5\_CERTAUTH\_HWAUTH\_PASS} to request that the -hardware authentication bit be set in the ticket but otherwise defer -authorization to another certauth module. A module must use its own -internal or library\sphinxhyphen{}provided ASN.1 certificate decoder. - -\sphinxAtStartPar -A module can optionally create and destroy module data with the -\sphinxstylestrong{init} and \sphinxstylestrong{fini} methods. Module data objects last for the -lifetime of the KDC process. - -\sphinxAtStartPar -If a module allocates and returns a list of authentication indicators -from \sphinxstylestrong{authorize}, it must also implement the \sphinxstylestrong{free\_ind} method -to free the list. - - -\section{KDC policy interface (kdcpolicy)} -\label{\detokenize{plugindev/kdcpolicy:kdc-policy-interface-kdcpolicy}}\label{\detokenize{plugindev/kdcpolicy:kdcpolicy-plugin}}\label{\detokenize{plugindev/kdcpolicy::doc}} -\sphinxAtStartPar -The kdcpolicy interface was first introduced in release 1.16. It -allows modules to veto otherwise valid AS and TGS requests or restrict -the lifetime and renew time of the resulting ticket. For a detailed -description of the kdcpolicy interface, see the header file -\sphinxcode{\sphinxupquote{\textless{}krb5/kdcpolicy\_plugin.h\textgreater{}}}. - -\sphinxAtStartPar -The optional \sphinxstylestrong{check\_as} and \sphinxstylestrong{check\_tgs} functions allow the module -to perform access control. Additionally, a module can create and -destroy module data with the \sphinxstylestrong{init} and \sphinxstylestrong{fini} methods. Module -data objects last for the lifetime of the KDC process, and are -provided to all other methods. The data has the type -krb5\_kdcpolicy\_moddata, which should be cast to the appropriate -internal type. - -\sphinxAtStartPar -kdcpolicy modules can optionally inspect principal entries. To do -this, the module must also include \sphinxcode{\sphinxupquote{\textless{}kdb.h\textgreater{}}} to gain access to the -principal entry structure definition. As the KDB interface is -explicitly not as stable as other public interfaces, modules which do -this may not retain compatibility across releases. - - - -\renewcommand{\indexname}{Index} -\printindex -\end{document} \ No newline at end of file diff --git a/krb5-1.21.3/doc/pdf/python.ist b/krb5-1.21.3/doc/pdf/python.ist deleted file mode 100644 index 70536a66..00000000 --- a/krb5-1.21.3/doc/pdf/python.ist +++ /dev/null @@ -1,16 +0,0 @@ -line_max 100 -headings_flag 1 -heading_prefix " \\bigletter " - -preamble "\\begin{sphinxtheindex} -\\let\\bigletter\\sphinxstyleindexlettergroup -\\let\\spxpagem \\sphinxstyleindexpagemain -\\let\\spxentry \\sphinxstyleindexentry -\\let\\spxextra \\sphinxstyleindexextra - -" - -postamble "\n\n\\end{sphinxtheindex}\n" - -symhead_positive "{\\sphinxsymbolsname}" -numhead_positive "{\\sphinxnumbersname}" diff --git a/krb5-1.21.3/doc/pdf/sphinx.sty b/krb5-1.21.3/doc/pdf/sphinx.sty deleted file mode 100644 index 4d42199a..00000000 --- a/krb5-1.21.3/doc/pdf/sphinx.sty +++ /dev/null @@ -1,351 +0,0 @@ -% -% sphinx.sty -% -% Adapted from the old python.sty, mostly written by Fred Drake, -% by Georg Brandl. -% - -\NeedsTeXFormat{LaTeX2e}[1995/12/01] -\ProvidesPackage{sphinx}[2021/01/27 v4.0.0 LaTeX package (Sphinx markup)] - -% provides \ltx@ifundefined -% (many packages load ltxcmds: graphicx does for pdftex and lualatex but -% not xelatex, and anyhow kvoptions does, but it may be needed in future to -% use \sphinxdeprecationwarning earlier, and it needs \ltx@ifundefined) -\RequirePackage{ltxcmds} - -%% for deprecation warnings -\newcommand\sphinxdeprecationwarning[4]{% #1 the deprecated macro or name, -% #2 = when deprecated, #3 = when removed, #4 = additional info - \edef\spx@tempa{\detokenize{#1}}% - \ltx@ifundefined{sphinx_depr_\spx@tempa}{% - \global\expandafter\let\csname sphinx_depr_\spx@tempa\endcsname\spx@tempa - \expandafter\AtEndDocument\expandafter{\expandafter\let\expandafter - \sphinxdeprecatedmacro\csname sphinx_depr_\spx@tempa\endcsname - \PackageWarningNoLine{sphinx}{^^J**** SPHINX DEPRECATION WARNING:^^J - \sphinxdeprecatedmacro^^J - \@spaces- is deprecated at Sphinx #2^^J - \@spaces- and removed at Sphinx #3.^^J - #4^^J****}}% - }{% warning already emitted (at end of latex log), don't repeat - }} - - -%% OPTION HANDLING -% - -% We first handle options then load packages, but we need \definecolor from -% xcolor/color. - -% FIXME: we should \RequirePackage{xcolor} always now -% The xcolor package draws better fcolorboxes around verbatim code -\IfFileExists{xcolor.sty}{ - \RequirePackage{xcolor} -}{ - \RequirePackage{color} -} - -% Handle options via "kvoptions" (later loaded by hyperref anyhow) -\RequirePackage{kvoptions} -\SetupKeyvalOptions{prefix=spx@opt@} % use \spx@opt@ prefix - -% Sphinx legacy text layout: 1in margins on all four sides -\ifx\@jsc@uplatextrue\@undefined -\DeclareStringOption[1in]{hmargin} -\DeclareStringOption[1in]{vmargin} -\DeclareStringOption[.5in]{marginpar} -\else -% Japanese standard document classes handle \mag in a special way -\DeclareStringOption[\inv@mag in]{hmargin} -\DeclareStringOption[\inv@mag in]{vmargin} -\DeclareStringOption[.5\dimexpr\inv@mag in\relax]{marginpar} -\fi - -\DeclareStringOption[0]{maxlistdepth}% \newcommand*\spx@opt@maxlistdepth{0} -\DeclareStringOption[-1]{numfigreset} -\DeclareBoolOption[false]{nonumfigreset} -\DeclareBoolOption[false]{mathnumfig} -\define@key{sphinx}{bookmarksdepth}{\AtBeginDocument{\hypersetup{bookmarksdepth=#1}}} -\AtBeginDocument{\define@key{sphinx}{bookmarksdepth}{\hypersetup{bookmarksdepth=#1}}} -% \DeclareBoolOption[false]{usespart}% not used -% dimensions, we declare the \dimen registers here. -\newdimen\sphinxverbatimsep -\newdimen\sphinxverbatimborder -\newdimen\sphinxshadowsep -\newdimen\sphinxshadowsize -\newdimen\sphinxshadowrule -% \DeclareStringOption is not convenient for the handling of these dimensions -% because we want to assign the values to the corresponding registers. Even if -% we added the code to the key handler it would be too late for the initial -% set-up and we would need to do initial assignments explicitly. We end up -% using \define@key directly. -% verbatim -\sphinxverbatimsep=\fboxsep - \define@key{sphinx}{verbatimsep}{\sphinxverbatimsep\dimexpr #1\relax} -\sphinxverbatimborder=\fboxrule - \define@key{sphinx}{verbatimborder}{\sphinxverbatimborder\dimexpr #1\relax} -% topic boxes -\sphinxshadowsep =5pt - \define@key{sphinx}{shadowsep}{\sphinxshadowsep\dimexpr #1\relax} -\sphinxshadowsize=4pt - \define@key{sphinx}{shadowsize}{\sphinxshadowsize\dimexpr #1\relax} -\sphinxshadowrule=\fboxrule - \define@key{sphinx}{shadowrule}{\sphinxshadowrule\dimexpr #1\relax} -% verbatim -\DeclareBoolOption[true]{verbatimwithframe} -\DeclareBoolOption[true]{verbatimwrapslines} -\DeclareBoolOption[false]{verbatimforcewraps} -\DeclareStringOption[3]{verbatimmaxoverfull} -\DeclareStringOption[100]{verbatimmaxunderfull} -\DeclareBoolOption[true]{verbatimhintsturnover} -\DeclareBoolOption[true]{inlineliteralwraps} -\DeclareStringOption[t]{literalblockcappos} -\DeclareStringOption[r]{verbatimcontinuedalign} -\DeclareStringOption[r]{verbatimcontinuesalign} -% parsed literal -\DeclareBoolOption[true]{parsedliteralwraps} -% \textvisiblespace for compatibility with fontspec+XeTeX/LuaTeX -\DeclareStringOption[\textcolor{red}{\textvisiblespace}]{verbatimvisiblespace} -\DeclareStringOption % must use braces to hide the brackets - [{\makebox[2\fontcharwd\font`\x][r]{\textcolor{red}{\tiny$\m@th\hookrightarrow$}}}]% - {verbatimcontinued} -% notices/admonitions -% the dimensions for notices/admonitions are kept as macros and assigned to -% \spx@notice@border at time of use, hence \DeclareStringOption is ok for this -\newdimen\spx@notice@border -\DeclareStringOption[0.5pt]{noteborder} -\DeclareStringOption[0.5pt]{hintborder} -\DeclareStringOption[0.5pt]{importantborder} -\DeclareStringOption[0.5pt]{tipborder} -\DeclareStringOption[1pt]{warningborder} -\DeclareStringOption[1pt]{cautionborder} -\DeclareStringOption[1pt]{attentionborder} -\DeclareStringOption[1pt]{dangerborder} -\DeclareStringOption[1pt]{errorborder} -% footnotes -\DeclareStringOption[\mbox{ }]{AtStartFootnote} -% we need a public macro name for direct use in latex file -\newcommand*{\sphinxAtStartFootnote}{\spx@opt@AtStartFootnote} -% no such need for this one, as it is used inside other macros -\DeclareStringOption[\leavevmode\unskip]{BeforeFootnote} -% some font styling. -\DeclareStringOption[\sffamily\bfseries]{HeaderFamily} -% colours -% same problems as for dimensions: we want the key handler to use \definecolor. -% first, some colours with no prefix, for backwards compatibility -\newcommand*{\sphinxDeclareColorOption}[2]{% - \definecolor{#1}#2% - \define@key{sphinx}{#1}{\definecolor{#1}##1}% -}% -\sphinxDeclareColorOption{TitleColor}{{rgb}{0.126,0.263,0.361}} -\sphinxDeclareColorOption{InnerLinkColor}{{rgb}{0.208,0.374,0.486}} -\sphinxDeclareColorOption{OuterLinkColor}{{rgb}{0.216,0.439,0.388}} -\sphinxDeclareColorOption{VerbatimColor}{{rgb}{1,1,1}} -\sphinxDeclareColorOption{VerbatimBorderColor}{{rgb}{0,0,0}} -% now the colours defined with "sphinx" prefix in their names -\newcommand*{\sphinxDeclareSphinxColorOption}[2]{% - % set the initial default - \definecolor{sphinx#1}#2% - % set the key handler. The "value" ##1 must be acceptable by \definecolor. - \define@key{sphinx}{#1}{\definecolor{sphinx#1}##1}% -}% -% Default color chosen to be as in minted.sty LaTeX package! -\sphinxDeclareSphinxColorOption{VerbatimHighlightColor}{{rgb}{0.878,1,1}} -% admonition boxes, "light" style -\sphinxDeclareSphinxColorOption{noteBorderColor}{{rgb}{0,0,0}} -\sphinxDeclareSphinxColorOption{hintBorderColor}{{rgb}{0,0,0}} -\sphinxDeclareSphinxColorOption{importantBorderColor}{{rgb}{0,0,0}} -\sphinxDeclareSphinxColorOption{tipBorderColor}{{rgb}{0,0,0}} -% admonition boxes, "heavy" style -\sphinxDeclareSphinxColorOption{warningBorderColor}{{rgb}{0,0,0}} -\sphinxDeclareSphinxColorOption{cautionBorderColor}{{rgb}{0,0,0}} -\sphinxDeclareSphinxColorOption{attentionBorderColor}{{rgb}{0,0,0}} -\sphinxDeclareSphinxColorOption{dangerBorderColor}{{rgb}{0,0,0}} -\sphinxDeclareSphinxColorOption{errorBorderColor}{{rgb}{0,0,0}} -\sphinxDeclareSphinxColorOption{warningBgColor}{{rgb}{1,1,1}} -\sphinxDeclareSphinxColorOption{cautionBgColor}{{rgb}{1,1,1}} -\sphinxDeclareSphinxColorOption{attentionBgColor}{{rgb}{1,1,1}} -\sphinxDeclareSphinxColorOption{dangerBgColor}{{rgb}{1,1,1}} -\sphinxDeclareSphinxColorOption{errorBgColor}{{rgb}{1,1,1}} - -\DeclareDefaultOption{\@unknownoptionerror} -\ProcessKeyvalOptions* -% don't allow use of maxlistdepth via \sphinxsetup. -\DisableKeyvalOption{sphinx}{maxlistdepth} -\DisableKeyvalOption{sphinx}{numfigreset} -\DisableKeyvalOption{sphinx}{nonumfigreset} -\DisableKeyvalOption{sphinx}{mathnumfig} -% FIXME: this is unrelated to an option, move this elsewhere -% To allow hyphenation of first word in narrow contexts; no option, -% customization to be done via 'preamble' key -\newcommand*\sphinxAtStartPar{\leavevmode\nobreak\hskip\z@skip} -% No need for the \hspace{0pt} trick (\hskip\z@skip) with luatex -\ifdefined\directlua\let\sphinxAtStartPar\@empty\fi -% user interface: options can be changed midway in a document! -\newcommand\sphinxsetup[1]{\setkeys{sphinx}{#1}} - - -%% MISCELLANEOUS CONTEXT -% -% flag to be set in a framed environment -% (defined here as currently needed by three sphinxlatex....sty files and -% even if not needed if such files are replaced, the definition does no harm) -\newif\ifspx@inframed -% -% \spx@ifcaptionpackage (defined at begin document) -% is needed currently in macros from: -% sphinxlatexliterals.sty (sphinxVerbatim) -% sphinxlatextables.sty (for some macros used in the table templates) -% -% \sphinxcaption is mark-up injected by the tabular and tabulary templates -% it is defined in sphinxlatextables.sty -% -% store the original \caption macro for usage with figures inside longtable -% and tabulary cells. Make sure we get the final \caption in presence of -% caption package, whether the latter was loaded before or after sphinx. -\AtBeginDocument{% - \let\spx@originalcaption\caption - \@ifpackageloaded{caption} - {\let\spx@ifcaptionpackage\@firstoftwo - \caption@AtBeginDocument*{\let\spx@originalcaption\caption}% -% in presence of caption package, drop our own \sphinxcaption whose aim was to -% ensure same width of caption to all kinds of tables (tabular(y), longtable), -% because caption package has its own width (or margin) option - \def\sphinxcaption{\caption}% - }% - {\let\spx@ifcaptionpackage\@secondoftwo}% -} - -%% PASS OPTIONS -% -% pass options to hyperref; it must not have been loaded already -\input{sphinxoptionshyperref.sty} -% pass options to geometry; it must not have been loaded already -\input{sphinxoptionsgeometry.sty} - - -%% COLOR (general) -% -% FIXME: these two should be deprecated -% -% FIXME: \normalcolor should be used and \py@NormalColor never defined -\def\py@NormalColor{\color{black}} -% FIXME: \color{TitleColor} should be used directly and \py@TitleColor -% should never get defined. -\def\py@TitleColor{\color{TitleColor}} - - -%% PACKAGES -% -% as will be indicated below, secondary style files load some more packages -% -% For \text macro (sphinx.util.texescape) -% also for usage of \firstchoice@true(false) in sphinxlatexgraphics.sty -\RequirePackage{amstext} -% It was passed "warn" option from latex template in case it is already loaded -% via some other package before \usepackage{sphinx} in preamble -\RequirePackage{textcomp} -% For the H specifier. Do not \restylefloat{figure}, it breaks Sphinx code -% for allowing figures in tables. -\RequirePackage{float} -% For floating figures in the text. Better to load after float. -\RequirePackage{wrapfig} -% Provides \captionof, used once by latex writer (\captionof{figure}) -\RequirePackage{capt-of} -% Support hlist directive -\RequirePackage{multicol} - - -%% GRAPHICS -% -% It will always be needed, so let's load it here -\RequirePackage{graphicx} -\input{sphinxlatexgraphics.sty} - - -%% FRAMED ENVIRONMENTS -% -\input{sphinxlatexadmonitions.sty} -\input{sphinxlatexliterals.sty} -\input{sphinxlatexshadowbox.sty} - - -%% CONTAINERS -% -\input{sphinxlatexcontainers.sty} - - -%% PYGMENTS -% stylesheet for highlighting with pygments -\RequirePackage{sphinxhighlight} - - -%% TABLES -% -\input{sphinxlatextables.sty} - - -%% NUMBERING OF FIGURES, TABLES, AND LITERAL BLOCKS -% -\input{sphinxlatexnumfig.sty} - - -%% LISTS -% -\input{sphinxlatexlists.sty} - - -%% FOOTNOTES -% -% Support scopes for footnote numbering -\newcounter{sphinxscope} -\newcommand{\sphinxstepscope}{\stepcounter{sphinxscope}} -% Explicitly numbered footnotes may be referred to, and for this to be -% clickable we need to have only one target. So we will step this at each -% explicit footnote and let \thesphinxscope take it into account -\newcounter{sphinxexplicit} -\newcommand{\sphinxstepexplicit}{\stepcounter{sphinxexplicit}} -% Some babel/polyglossia languages fiddle with \@arabic, so let's be extra -% cautious and redefine \thesphinxscope with \number not \@arabic. -% Memo: we expect some subtle redefinition of \thesphinxscope to be a part of page -% scoping for footnotes, when we shall implement it. -\renewcommand{\thesphinxscope}{\number\value{sphinxscope}.\number\value{sphinxexplicit}} -\newcommand\sphinxthefootnotemark[2]{% - % this is used to make reference to an explicitly numbered footnote not on same page - % #1=label of footnote text, #2=page number where footnote text was printed - \ifdefined\pagename - \pagename\space#2, % <- space - \else - p. #2, % <- space - \fi #1% no space -} -% support large numbered footnotes in minipage; but this is now obsolete -% from systematic use of savenotes environment around minipages -\def\thempfootnote{\arabic{mpfootnote}} -% This package is needed to support hyperlinked footnotes in tables and -% framed contents, and to allow code-blocks in footnotes. -\RequirePackage{sphinxpackagefootnote} - - -%% INDEX, BIBLIOGRAPHY, APPENDIX, TABLE OF CONTENTS -% -\input{sphinxlatexindbibtoc.sty} - - -%% STYLING -% -\input{sphinxlatexstylepage.sty} -\input{sphinxlatexstyleheadings.sty} -\input{sphinxlatexstyletext.sty} - - -%% MODULE RELEASE DATA AND OBJECT DESCRIPTIONS -% -\input{sphinxlatexobjects.sty} - - -% FIXME: this line should be dropped, as "9" is default anyhow. -\ifdefined\pdfcompresslevel\pdfcompresslevel = 9 \fi - - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinx.xdy b/krb5-1.21.3/doc/pdf/sphinx.xdy deleted file mode 100644 index 0dcf1133..00000000 --- a/krb5-1.21.3/doc/pdf/sphinx.xdy +++ /dev/null @@ -1,230 +0,0 @@ -;;; -*- mode: lisp; coding: utf-8; -*- - -;; Unfortunately xindy is out-of-the-box hyperref-incompatible. This -;; configuration is a workaround, which requires to pass option -;; hyperindex=false to hyperref. -;; textit and emph not currently used, spxpagem replaces former textbf -(define-attributes (("textbf" "textit" "emph" "spxpagem" "default"))) -(markup-locref :open "\textbf{\hyperpage{" :close "}}" :attr "textbf") -(markup-locref :open "\textit{\hyperpage{" :close "}}" :attr "textit") -(markup-locref :open "\emph{\hyperpage{" :close "}}" :attr "emph") -(markup-locref :open "\spxpagem{\hyperpage{" :close "}}" :attr "spxpagem") -(markup-locref :open "\hyperpage{" :close "}" :attr "default") - -(require "numeric-sort.xdy") - -;; xindy base module latex.xdy loads tex.xdy and the latter instructs -;; xindy to ignore **all** TeX macros in .idx entries, except those -;; explicitly described in merge rule. But when after applying all -;; merge rules an empty string results, xindy raises an error: - -;; ERROR: CHAR: index 0 should be less than the length of the string - -;; For example when using pdflatex with utf-8 characters the index -;; file will contain \IeC macros and they will get ignored except if -;; suitable merge rules are loaded early. The texindy script coming -;; with xindy provides this, but only for Latin scripts. The texindy -;; man page says to use rather xelatex or lualatex in case of Cyrillic -;; scripts. - -;; Sphinx contributes LICRcyr2utf8.xdy to provide support for Cyrillic -;; scripts for the pdflatex engine. - -;; Another issue caused by xindy ignoring all TeX macros except those -;; explicitly declared reveals itself when attempting to index ">>>", -;; as the ">" is converted to "\textgreater{}" by Sphinx's LaTeX -;; escaping. - -;; To fix this, Sphinx does **not** use texindy, and does not even -;; load the xindy latex.xdy base module. - -;(require "latex.xdy") - -;; Rather it incorporates some suitable extracts from latex.xdy and -;; tex.xdy with additional Sphinx contributed rules. - -;; But, this means for pdflatex and Latin scripts that the xindy file -;; tex/inputenc/uf8.xdy is not usable because it refers to the macro -;; \IeC only sporadically, and as tex.xdy is not loaded, a rule such as -;; (merge-rule "\'e" "é" :string) -;; does not work, it must be -;; (merge-rule "\IeC {\'e}" "é" :string) -;; So Sphinx contributes LICRlatin2utf8.xdy to mitigate that problem. - -;;;;;;;; extracts from tex.xdy (discarding most original comments): - -;;; -;;; TeX conventions -;;; - -;; Discard leading and trailing white space. Collapse multiple white -;; space characters to blank. - -(merge-rule "^ +" "" :eregexp) -(merge-rule " +$" "" :eregexp) -(merge-rule " +" " " :eregexp) - -;; Handle TeX markup - -(merge-rule "\\([{}$%&#])" "\1" :eregexp) - -;;;;;;;; end of extracts from xindy's tex.xdy - -;;;;;;;; extracts from latex.xdy: - -;; Standard location classes: arabic and roman numbers, and alphabets. - -(define-location-class "arabic-page-numbers" ("arabic-numbers")) -(define-location-class "roman-page-numbers" ("roman-numbers-lowercase")) -(define-location-class "Roman-page-numbers" ("roman-numbers-uppercase")) -(define-location-class "alpha-page-numbers" ("alpha")) -(define-location-class "Alpha-page-numbers" ("ALPHA")) - -;; Output Markup - -(markup-letter-group-list :sep "~n~n \indexspace~n") - -(markup-indexentry :open "~n \item " :depth 0) -(markup-indexentry :open "~n \subitem " :depth 1) -(markup-indexentry :open "~n \subsubitem " :depth 2) - -(markup-locclass-list :open ", " :sep ", ") -(markup-locref-list :sep ", ") - -;;;;;;;; end of extracts from latex.xdy - -;; The LaTeX \index command turns \ into normal character so the TeX macros -;; written to .idx files are not followed by a blank. This is different -;; from non-ascii letters which end up (with pdflatex) as \IeC macros in .idx -;; file, with a blank space after \IeC - -;; Details of the syntax are explained at -;; http://xindy.sourceforge.net/doc/manual-3.html -;; In absence of :string, "xindy uses an auto-detection mechanism to decide, -;; if the pattern is a regular expression or not". But it is not obvious to -;; guess, for example "\\_" is not detected as RE but "\\P\{\}" is, so for -;; being sure we apply the :string switch everywhere and do not use \\ etc... - -;; Go back from sphinx.util.texescape TeX macros to UTF-8 - -(merge-rule "\sphinxleftcurlybrace{}" "{" :string) -(merge-rule "\sphinxrightcurlybrace{}" "}" :string) -(merge-rule "\_" "_" :string) -(merge-rule "{[}" "[" :string) -(merge-rule "{]}" "]" :string) -(merge-rule "\textbackslash{}" "\" :string) ; " for Emacs syntax highlighting -(merge-rule "\textasciitilde{}" "~~" :string); the ~~ escape is needed here -(merge-rule "\textasciicircum{}" "^" :string) -(merge-rule "\sphinxhyphen{}" "-" :string) -(merge-rule "\textquotesingle{}" "'" :string) -(merge-rule "\textasciigrave{}" "`" :string) -(merge-rule "\textless{}" "<" :string) -(merge-rule "\textgreater{}" ">" :string) -(merge-rule "\P{}" "¶" :string) -(merge-rule "\S{}" "§" :string) -(merge-rule "\texteuro{}" "€" :string) -(merge-rule "\(\infty\)" "∞" :string) -(merge-rule "\(\pm\)" "±" :string) -(merge-rule "\(\rightarrow\)" "→" :string) -(merge-rule "\(\checkmark\)" "✓" :string) -(merge-rule "\textendash{}" "–" :string) -(merge-rule "\textbar{}" "|" :string) -(merge-rule "\(\sp{\text{0}}\)" "â°" :string) -(merge-rule "\(\sp{\text{1}}\)" "¹" :string) -(merge-rule "\(\sp{\text{2}}\)" "²" :string) -(merge-rule "\(\sp{\text{3}}\)" "³" :string) -(merge-rule "\(\sp{\text{4}}\)" "â´" :string) -(merge-rule "\(\sp{\text{5}}\)" "âµ" :string) -(merge-rule "\(\sp{\text{6}}\)" "â¶" :string) -(merge-rule "\(\sp{\text{7}}\)" "â·" :string) -(merge-rule "\(\sp{\text{8}}\)" "â¸" :string) -(merge-rule "\(\sp{\text{9}}\)" "â¹" :string) -(merge-rule "\(\sb{\text{0}}\)" "â‚€" :string) -(merge-rule "\(\sb{\text{1}}\)" "â‚" :string) -(merge-rule "\(\sb{\text{2}}\)" "â‚‚" :string) -(merge-rule "\(\sb{\text{3}}\)" "₃" :string) -(merge-rule "\(\sb{\text{4}}\)" "â‚„" :string) -(merge-rule "\(\sb{\text{5}}\)" "â‚…" :string) -(merge-rule "\(\sb{\text{6}}\)" "₆" :string) -(merge-rule "\(\sb{\text{7}}\)" "₇" :string) -(merge-rule "\(\sb{\text{8}}\)" "₈" :string) -(merge-rule "\(\sb{\text{9}}\)" "₉" :string) -(merge-rule "\IeC {\textalpha }" "α" :string) -(merge-rule "\IeC {\textbeta }" "β" :string) -(merge-rule "\IeC {\textgamma }" "γ" :string) -(merge-rule "\IeC {\textdelta }" "δ" :string) -(merge-rule "\IeC {\textepsilon }" "ε" :string) -(merge-rule "\IeC {\textzeta }" "ζ" :string) -(merge-rule "\IeC {\texteta }" "η" :string) -(merge-rule "\IeC {\texttheta }" "θ" :string) -(merge-rule "\IeC {\textiota }" "ι" :string) -(merge-rule "\IeC {\textkappa }" "κ" :string) -(merge-rule "\IeC {\textlambda }" "λ" :string) -(merge-rule "\IeC {\textmu }" "μ" :string) -(merge-rule "\IeC {\textnu }" "ν" :string) -(merge-rule "\IeC {\textxi }" "ξ" :string) -(merge-rule "\IeC {\textomicron }" "ο" :string) -(merge-rule "\IeC {\textpi }" "Ï€" :string) -(merge-rule "\IeC {\textrho }" "Ï" :string) -(merge-rule "\IeC {\textsigma }" "σ" :string) -(merge-rule "\IeC {\texttau }" "Ï„" :string) -(merge-rule "\IeC {\textupsilon }" "Ï…" :string) -(merge-rule "\IeC {\textphi }" "φ" :string) -(merge-rule "\IeC {\textchi }" "χ" :string) -(merge-rule "\IeC {\textpsi }" "ψ" :string) -(merge-rule "\IeC {\textomega }" "ω" :string) -(merge-rule "\IeC {\textAlpha }" "Α" :string) -(merge-rule "\IeC {\textBeta }" "Î’" :string) -(merge-rule "\IeC {\textGamma }" "Γ" :string) -(merge-rule "\IeC {\textDelta }" "Δ" :string) -(merge-rule "\IeC {\textEpsilon }" "Ε" :string) -(merge-rule "\IeC {\textZeta }" "Ζ" :string) -(merge-rule "\IeC {\textEta }" "Η" :string) -(merge-rule "\IeC {\textTheta }" "Θ" :string) -(merge-rule "\IeC {\textIota }" "Ι" :string) -(merge-rule "\IeC {\textKappa }" "Κ" :string) -(merge-rule "\IeC {\textLambda }" "Λ" :string) -(merge-rule "\IeC {\textMu }" "Μ" :string) -(merge-rule "\IeC {\textNu }" "Î" :string) -(merge-rule "\IeC {\textTheta }" "Θ" :string) -(merge-rule "\IeC {\textIota }" "Ι" :string) -(merge-rule "\IeC {\textKappa }" "Κ" :string) -(merge-rule "\IeC {\textLambda }" "Λ" :string) -(merge-rule "\IeC {\textMu }" "Μ" :string) -(merge-rule "\IeC {\textNu }" "Î" :string) -(merge-rule "\IeC {\textXi }" "Ξ" :string) -(merge-rule "\IeC {\textOmicron }" "Ο" :string) -(merge-rule "\IeC {\textPi }" "Π" :string) -(merge-rule "\IeC {\textRho }" "Ρ" :string) -(merge-rule "\IeC {\textSigma }" "Σ" :string) -(merge-rule "\IeC {\textTau }" "Τ" :string) -(merge-rule "\IeC {\textUpsilon }" "Î¥" :string) -(merge-rule "\IeC {\textPhi }" "Φ" :string) -(merge-rule "\IeC {\textChi }" "Χ" :string) -(merge-rule "\IeC {\textPsi }" "Ψ" :string) -(merge-rule "\IeC {\textOmega }" "Ω" :string) -(merge-rule "\IeC {\textohm }" "Ω" :string) - -;; This xindy module provides some basic support for "see" -(require "makeindex.xdy") - -;; This creates one-letter headings and works fine with utf-8 letters. -;; For Cyrillic with pdflatex works thanks to LICRcyr2utf8.xdy -(require "latin-lettergroups.xdy") - -;; currently we don't (know how to easily) separate "Numbers" from -;; "Symbols" with xindy as is the case with makeindex. -(markup-index :open "\begin{sphinxtheindex} -\let\lettergroup\sphinxstyleindexlettergroup -\let\lettergroupDefault\sphinxstyleindexlettergroupDefault -\let\spxpagem\sphinxstyleindexpagemain -\let\spxentry\sphinxstyleindexentry -\let\spxextra\sphinxstyleindexextra - -" - :close " - -\end{sphinxtheindex} -" - :tree) - diff --git a/krb5-1.21.3/doc/pdf/sphinxhighlight.sty b/krb5-1.21.3/doc/pdf/sphinxhighlight.sty deleted file mode 100644 index 83b523cb..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxhighlight.sty +++ /dev/null @@ -1,106 +0,0 @@ -\NeedsTeXFormat{LaTeX2e}[1995/12/01] -\ProvidesPackage{sphinxhighlight}[2016/05/29 stylesheet for highlighting with pygments] -% Its contents depend on pygments_style configuration variable. - - -\makeatletter -\def\PYG@reset{\let\PYG@it=\relax \let\PYG@bf=\relax% - \let\PYG@ul=\relax \let\PYG@tc=\relax% - \let\PYG@bc=\relax \let\PYG@ff=\relax} -\def\PYG@tok#1{\csname PYG@tok@#1\endcsname} -\def\PYG@toks#1+{\ifx\relax#1\empty\else% - \PYG@tok{#1}\expandafter\PYG@toks\fi} -\def\PYG@do#1{\PYG@bc{\PYG@tc{\PYG@ul{% - \PYG@it{\PYG@bf{\PYG@ff{#1}}}}}}} -\def\PYG#1#2{\PYG@reset\PYG@toks#1+\relax+\PYG@do{#2}} - -\@namedef{PYG@tok@w}{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.73,0.73}{##1}}} -\@namedef{PYG@tok@c}{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.25,0.50,0.56}{##1}}} -\@namedef{PYG@tok@cp}{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@cs}{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.50,0.56}{##1}}\def\PYG@bc##1{{\setlength{\fboxsep}{0pt}\colorbox[rgb]{1.00,0.94,0.94}{\strut ##1}}}} -\@namedef{PYG@tok@k}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@kp}{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@kt}{\def\PYG@tc##1{\textcolor[rgb]{0.56,0.13,0.00}{##1}}} -\@namedef{PYG@tok@o}{\def\PYG@tc##1{\textcolor[rgb]{0.40,0.40,0.40}{##1}}} -\@namedef{PYG@tok@ow}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@nb}{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@nf}{\def\PYG@tc##1{\textcolor[rgb]{0.02,0.16,0.49}{##1}}} -\@namedef{PYG@tok@nc}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.05,0.52,0.71}{##1}}} -\@namedef{PYG@tok@nn}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.05,0.52,0.71}{##1}}} -\@namedef{PYG@tok@ne}{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@nv}{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.38,0.84}{##1}}} -\@namedef{PYG@tok@no}{\def\PYG@tc##1{\textcolor[rgb]{0.38,0.68,0.84}{##1}}} -\@namedef{PYG@tok@nl}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.13,0.44}{##1}}} -\@namedef{PYG@tok@ni}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.84,0.33,0.22}{##1}}} -\@namedef{PYG@tok@na}{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@nt}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.02,0.16,0.45}{##1}}} -\@namedef{PYG@tok@nd}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.33,0.33,0.33}{##1}}} -\@namedef{PYG@tok@s}{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@sd}{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@si}{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.44,0.63,0.82}{##1}}} -\@namedef{PYG@tok@se}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@sr}{\def\PYG@tc##1{\textcolor[rgb]{0.14,0.33,0.53}{##1}}} -\@namedef{PYG@tok@ss}{\def\PYG@tc##1{\textcolor[rgb]{0.32,0.47,0.09}{##1}}} -\@namedef{PYG@tok@sx}{\def\PYG@tc##1{\textcolor[rgb]{0.78,0.36,0.04}{##1}}} -\@namedef{PYG@tok@m}{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} -\@namedef{PYG@tok@gh}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.00,0.50}{##1}}} -\@namedef{PYG@tok@gu}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.50,0.00,0.50}{##1}}} -\@namedef{PYG@tok@gd}{\def\PYG@tc##1{\textcolor[rgb]{0.63,0.00,0.00}{##1}}} -\@namedef{PYG@tok@gi}{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.63,0.00}{##1}}} -\@namedef{PYG@tok@gr}{\def\PYG@tc##1{\textcolor[rgb]{1.00,0.00,0.00}{##1}}} -\@namedef{PYG@tok@ge}{\let\PYG@it=\textit} -\@namedef{PYG@tok@gs}{\let\PYG@bf=\textbf} -\@namedef{PYG@tok@gp}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.78,0.36,0.04}{##1}}} -\@namedef{PYG@tok@go}{\def\PYG@tc##1{\textcolor[rgb]{0.20,0.20,0.20}{##1}}} -\@namedef{PYG@tok@gt}{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.27,0.87}{##1}}} -\@namedef{PYG@tok@err}{\def\PYG@bc##1{{\setlength{\fboxsep}{\string -\fboxrule}\fcolorbox[rgb]{1.00,0.00,0.00}{1,1,1}{\strut ##1}}}} -\@namedef{PYG@tok@kc}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@kd}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@kn}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@kr}{\let\PYG@bf=\textbf\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@bp}{\def\PYG@tc##1{\textcolor[rgb]{0.00,0.44,0.13}{##1}}} -\@namedef{PYG@tok@fm}{\def\PYG@tc##1{\textcolor[rgb]{0.02,0.16,0.49}{##1}}} -\@namedef{PYG@tok@vc}{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.38,0.84}{##1}}} -\@namedef{PYG@tok@vg}{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.38,0.84}{##1}}} -\@namedef{PYG@tok@vi}{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.38,0.84}{##1}}} -\@namedef{PYG@tok@vm}{\def\PYG@tc##1{\textcolor[rgb]{0.73,0.38,0.84}{##1}}} -\@namedef{PYG@tok@sa}{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@sb}{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@sc}{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@dl}{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@s2}{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@sh}{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@s1}{\def\PYG@tc##1{\textcolor[rgb]{0.25,0.44,0.63}{##1}}} -\@namedef{PYG@tok@mb}{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} -\@namedef{PYG@tok@mf}{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} -\@namedef{PYG@tok@mh}{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} -\@namedef{PYG@tok@mi}{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} -\@namedef{PYG@tok@il}{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} -\@namedef{PYG@tok@mo}{\def\PYG@tc##1{\textcolor[rgb]{0.13,0.50,0.31}{##1}}} -\@namedef{PYG@tok@ch}{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.25,0.50,0.56}{##1}}} -\@namedef{PYG@tok@cm}{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.25,0.50,0.56}{##1}}} -\@namedef{PYG@tok@cpf}{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.25,0.50,0.56}{##1}}} -\@namedef{PYG@tok@c1}{\let\PYG@it=\textit\def\PYG@tc##1{\textcolor[rgb]{0.25,0.50,0.56}{##1}}} - -\def\PYGZbs{\char`\\} -\def\PYGZus{\char`\_} -\def\PYGZob{\char`\{} -\def\PYGZcb{\char`\}} -\def\PYGZca{\char`\^} -\def\PYGZam{\char`\&} -\def\PYGZlt{\char`\<} -\def\PYGZgt{\char`\>} -\def\PYGZsh{\char`\#} -\def\PYGZpc{\char`\%} -\def\PYGZdl{\char`\$} -\def\PYGZhy{\char`\-} -\def\PYGZsq{\char`\'} -\def\PYGZdq{\char`\"} -\def\PYGZti{\char`\~} -% for compatibility with earlier versions -\def\PYGZat{@} -\def\PYGZlb{[} -\def\PYGZrb{]} -\makeatother - -\renewcommand\PYGZsq{\textquotesingle} diff --git a/krb5-1.21.3/doc/pdf/sphinxhowto.cls b/krb5-1.21.3/doc/pdf/sphinxhowto.cls deleted file mode 100644 index 951cf810..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxhowto.cls +++ /dev/null @@ -1,102 +0,0 @@ -% -% sphinxhowto.cls for Sphinx (https://www.sphinx-doc.org/) -% - -\NeedsTeXFormat{LaTeX2e}[1995/12/01] -\ProvidesClass{sphinxhowto}[2019/12/01 v2.3.0 Document class (Sphinx howto)] - -% 'oneside' option overriding the 'twoside' default -\newif\if@oneside -\DeclareOption{oneside}{\@onesidetrue} -% Pass remaining document options to the parent class. -\DeclareOption*{\PassOptionsToClass{\CurrentOption}{\sphinxdocclass}} -\ProcessOptions\relax - -% Default to two-side document -\if@oneside -% nothing to do (oneside is the default) -\else -\PassOptionsToClass{twoside}{\sphinxdocclass} -\fi - -\LoadClass{\sphinxdocclass} - -% Set some sane defaults for section numbering depth and TOC depth. You can -% reset these counters in your preamble. -% -\setcounter{secnumdepth}{2} -\setcounter{tocdepth}{2}% i.e. section and subsection - -% Adapt \and command to the flushright context of \sphinxmaketitle, to -% avoid ragged line endings if author names do not fit all on one single line -\DeclareRobustCommand{\and}{% - \end{tabular}\kern-\tabcolsep - \allowbreak - \hskip\dimexpr1em+\tabcolsep\@plus.17fil\begin{tabular}[t]{c}% -}% -% If it is desired that each author name be on its own line, use in preamble: -%\DeclareRobustCommand{\and}{% -% \end{tabular}\kern-\tabcolsep\\\begin{tabular}[t]{c}% -%}% -% Change the title page to look a bit better, and fit in with the fncychap -% ``Bjarne'' style a bit better. -% -\newcommand{\sphinxmaketitle}{% - \noindent\rule{\textwidth}{1pt}\par - \begingroup % for PDF information dictionary - \def\endgraf{ }\def\and{\& }% - \pdfstringdefDisableCommands{\def\\{, }}% overwrite hyperref setup - \hypersetup{pdfauthor={\@author}, pdftitle={\@title}}% - \endgroup - \begin{flushright} - \sphinxlogo - \py@HeaderFamily - {\Huge \@title }\par - {\itshape\large \py@release \releaseinfo}\par - \vspace{25pt} - {\Large - \begin{tabular}[t]{c} - \@author - \end{tabular}\kern-\tabcolsep}\par - \vspace{25pt} - \@date \par - \py@authoraddress \par - \end{flushright} - \@thanks - \setcounter{footnote}{0} - \let\thanks\relax\let\maketitle\relax - %\gdef\@thanks{}\gdef\@author{}\gdef\@title{} -} - -\newcommand{\sphinxtableofcontents}{% - \begingroup - \parskip \z@skip - \sphinxtableofcontentshook - \tableofcontents - \endgroup - \noindent\rule{\textwidth}{1pt}\par - \vspace{12pt}% -} -\newcommand\sphinxtableofcontentshook{} -\pagenumbering{arabic} - -% Fix the bibliography environment to add an entry to the Table of -% Contents. -% For an article document class this environment is a section, -% so no page break before it. -% -\newenvironment{sphinxthebibliography}[1]{% - % \phantomsection % not needed here since TeXLive 2010's hyperref - \begin{thebibliography}{#1}% - \addcontentsline{toc}{section}{\ifdefined\refname\refname\else\ifdefined\bibname\bibname\fi\fi}}{\end{thebibliography}} - - -% Same for the indices. -% The memoir class already does this, so we don't duplicate it in that case. -% -\@ifclassloaded{memoir} - {\newenvironment{sphinxtheindex}{\begin{theindex}}{\end{theindex}}} - {\newenvironment{sphinxtheindex}{% - \phantomsection % needed because no chapter, section, ... is created by theindex - \begin{theindex}% - \addcontentsline{toc}{section}{\indexname}}{\end{theindex}}} diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexadmonitions.sty b/krb5-1.21.3/doc/pdf/sphinxlatexadmonitions.sty deleted file mode 100644 index 1e418c8c..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexadmonitions.sty +++ /dev/null @@ -1,148 +0,0 @@ -%% NOTICES AND ADMONITIONS -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexadmonitions.sty}[2021/01/27 admonitions] - -% Provides support for this output mark-up from Sphinx latex writer: -% -% - sphinxadmonition (environment) -% This is a dispatch supporting -% -% - note, hint, important, tip (via sphinxlightbox) -% - warning, caution, attention, danger, error (via sphinxheavybox) -% -% Each sphinx environment can be redefined by user. -% The defaults are customizable via various colour and dimension -% settings, cf sphinx docs (latex customization). -% -% Requires: -\RequirePackage{framed}% used by sphinxheavybox -% -% Dependencies (they do not need to be defined at time of loading): -% - of course the various colour and dimension options handled via sphinx.sty -% - \sphinxstrong (for sphinxlightbox and sphinxheavybox) -% - dimension register \spx@image@maxheight from sphinxlatexgraphics.sty -% - \savenotes/\spewnotes from sphinxpackagefootnote (for sphinxheavybox) - -% Provides: (also in sphinxlatexliterals.sty) -\providecommand*\sphinxvspacefixafterfrenchlists{% - \ifvmode\ifdim\lastskip<\z@ \vskip\parskip\fi\else\par\fi -} - -% Some are quite plain -% the spx@notice@bordercolor etc are set in the sphinxadmonition environment -\newenvironment{sphinxlightbox}{% - \par - \noindent{\color{spx@notice@bordercolor}% - \rule{\linewidth}{\spx@notice@border}}\par\nobreak - {\parskip\z@skip\noindent}% - } - {% - % counteract previous possible negative skip (French lists!): - % (we can't cancel that any earlier \vskip introduced a potential pagebreak) - \sphinxvspacefixafterfrenchlists - \nobreak\vbox{\noindent\kern\@totalleftmargin - {\color{spx@notice@bordercolor}% - \rule[\dimexpr.4\baselineskip-\spx@notice@border\relax] - {\linewidth}{\spx@notice@border}}\hss}\allowbreak - }% end of sphinxlightbox environment definition -% may be renewenvironment'd by user for complete customization -\newenvironment{sphinxnote}[1] - {\begin{sphinxlightbox}\sphinxstrong{#1} }{\end{sphinxlightbox}} -\newenvironment{sphinxhint}[1] - {\begin{sphinxlightbox}\sphinxstrong{#1} }{\end{sphinxlightbox}} -\newenvironment{sphinximportant}[1] - {\begin{sphinxlightbox}\sphinxstrong{#1} }{\end{sphinxlightbox}} -\newenvironment{sphinxtip}[1] - {\begin{sphinxlightbox}\sphinxstrong{#1} }{\end{sphinxlightbox}} -% or just use the package options -% these are needed for common handling by notice environment of lightbox -% and heavybox but they are currently not used by lightbox environment -% and there is consequently no corresponding package option -\definecolor{sphinxnoteBgColor}{rgb}{1,1,1} -\definecolor{sphinxhintBgColor}{rgb}{1,1,1} -\definecolor{sphinximportantBgColor}{rgb}{1,1,1} -\definecolor{sphinxtipBgColor}{rgb}{1,1,1} - -% Others get more distinction -% Code adapted from framed.sty's "snugshade" environment. -% Nesting works (inner frames do not allow page breaks). -\newenvironment{sphinxheavybox}{\par - \setlength{\FrameRule}{\spx@notice@border}% - \setlength{\FrameSep}{\dimexpr.6\baselineskip-\FrameRule\relax} - \advance\spx@image@maxheight - -\dimexpr2\FrameRule - +2\FrameSep - +\baselineskip\relax % will happen again if nested, needed indeed! - % configure framed.sty's parameters to obtain same vertical spacing - % as for "light" boxes. We need for this to manually insert parskip glue and - % revert a skip done by framed before the frame. - \ltx@ifundefined{OuterFrameSep}{}{\OuterFrameSep\z@skip}% - \vspace{\FrameHeightAdjust} - % copied/adapted from framed.sty's snugshade - \def\FrameCommand##1{\hskip\@totalleftmargin - \fboxsep\FrameSep \fboxrule\FrameRule - \fcolorbox{spx@notice@bordercolor}{spx@notice@bgcolor}{##1}% - \hskip-\linewidth \hskip-\@totalleftmargin \hskip\columnwidth}% - \savenotes - % use a minipage if we are already inside a framed environment - \ifspx@inframed - \noindent\begin{minipage}{\linewidth} - \else - % handle case where notice is first thing in a list item (or is quoted) - \if@inlabel - \noindent\par\vspace{-\baselineskip} - \else - \vspace{\parskip} - \fi - \fi - \MakeFramed {\spx@inframedtrue - \advance\hsize-\width \@totalleftmargin\z@ \linewidth\hsize - % minipage initialization copied from LaTeX source code. - \@pboxswfalse - \let\@listdepth\@mplistdepth \@mplistdepth\z@ - \@minipagerestore - \@setminipage }% - } - {% - \par\unskip - \@minipagefalse - \endMakeFramed - \ifspx@inframed\end{minipage}\fi - % set footnotes at bottom of page - \spewnotes - % arrange for similar spacing below frame as for "light" boxes. - \vskip .4\baselineskip - }% end of sphinxheavybox environment definition -% may be renewenvironment'd by user for complete customization -\newenvironment{sphinxwarning}[1] - {\begin{sphinxheavybox}\sphinxstrong{#1} }{\end{sphinxheavybox}} -\newenvironment{sphinxcaution}[1] - {\begin{sphinxheavybox}\sphinxstrong{#1} }{\end{sphinxheavybox}} -\newenvironment{sphinxattention}[1] - {\begin{sphinxheavybox}\sphinxstrong{#1} }{\end{sphinxheavybox}} -\newenvironment{sphinxdanger}[1] - {\begin{sphinxheavybox}\sphinxstrong{#1} }{\end{sphinxheavybox}} -\newenvironment{sphinxerror}[1] - {\begin{sphinxheavybox}\sphinxstrong{#1} }{\end{sphinxheavybox}} -% or just use package options - -% the \colorlet of xcolor (if at all loaded) is overkill for our use case -\newcommand{\sphinxcolorlet}[2] - {\expandafter\let\csname\@backslashchar color@#1\expandafter\endcsname - \csname\@backslashchar color@#2\endcsname } - -% the main dispatch for all types of notices -\newenvironment{sphinxadmonition}[2]{% #1=type, #2=heading - % can't use #1 directly in definition of end part - \def\spx@noticetype {#1}% - % set parameters of heavybox/lightbox - \sphinxcolorlet{spx@notice@bordercolor}{sphinx#1BorderColor}% - \sphinxcolorlet{spx@notice@bgcolor}{sphinx#1BgColor}% - \spx@notice@border \dimexpr\csname spx@opt@#1border\endcsname\relax - % start specific environment, passing the heading as argument - \begin{sphinx#1}{#2}} - % workaround some LaTeX "feature" of \end command - {\edef\spx@temp{\noexpand\end{sphinx\spx@noticetype}}\spx@temp} - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexcontainers.sty b/krb5-1.21.3/doc/pdf/sphinxlatexcontainers.sty deleted file mode 100644 index 93b2c8c0..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexcontainers.sty +++ /dev/null @@ -1,22 +0,0 @@ -%% CONTAINER DIRECTIVES -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexcontainers.sty}[2021/05/03 containers] - -% The purpose of this file is to provide a dummy environment sphinxclass which -% will be inserted for each class in each container directive. The class name -% will be passed as the argument to the environment. -% -% For a class foo, the user can define customised handling of that class by -% defining the sphinxclassfoo LaTeX environment. - -\newenvironment{sphinxuseclass}[1]{% - \def\sphinxClassFunctionName{sphinxclass#1}% - \ltx@ifundefined{\sphinxClassFunctionName}% - {}% undefined so do nothing - {\expandafter\begin\expandafter{\sphinxClassFunctionName}}% -}{% - \ltx@ifundefined{\sphinxClassFunctionName}% - {}% we did nothing so we keep doing nothing - {\expandafter\end\expandafter{\sphinxClassFunctionName}}% -}% diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexgraphics.sty b/krb5-1.21.3/doc/pdf/sphinxlatexgraphics.sty deleted file mode 100644 index fd0aae63..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexgraphics.sty +++ /dev/null @@ -1,122 +0,0 @@ -%% GRAPHICS -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexgraphics.sty}[2021/01/27 graphics] - -% Provides support for this output mark-up from Sphinx latex writer: -% -% - macros: -% -% - \sphinxfigcaption -% - \sphinxincludegraphics -% -% - environments: -% -% - sphinxfigure-in-table -% -% May change: -% -% - \sphinxcaption (at begin document) -% -% Also provides: -% -% - \sphinxsafeincludegraphics (default of \sphinxincludegraphics since 2.0) -% - \spx@image@maxheight dimension (used by sphinxlatexadmonitions.sty) -% - \spx@image@box scratch box register (also used by sphinxlatexliterals.sty) -% -% Requires: -% \RequirePackage{graphicx}% done in sphinx.sty -\RequirePackage{amstext}% needed for \firstchoice@true(false) - -% \sphinxincludegraphics resizes images larger than the TeX \linewidth (which -% is adjusted in indented environments), or taller than a certain maximal -% height (usually \textheight and this is reduced in the environments which use -% framed.sty to avoid infinite loop if image too tall). -% -% In case height or width options are present the rescaling is done -% (since 2.0), in a way keeping the width:height ratio either native from -% image or from the width and height options if both were present. -% -\newdimen\spx@image@maxheight -\AtBeginDocument{\spx@image@maxheight\textheight} - -% box scratch register -\newbox\spx@image@box -\newcommand*{\sphinxsafeincludegraphics}[2][]{% - % #1 contains possibly width=, height=, but no scale= since 1.8.4 - \setbox\spx@image@box\hbox{\includegraphics[#1,draft]{#2}}% - \in@false % use some handy boolean flag - \ifdim \wd\spx@image@box>\linewidth - \in@true % flag to remember to adjust options and set box dimensions - % compute height which results from rescaling width to \linewidth - % and keep current aspect ratio. multiply-divide in \numexpr uses - % temporarily doubled precision, hence no overflow. (of course we - % assume \ht is not a few sp's below \maxdimen...(about 16384pt). - \edef\spx@image@rescaledheight % with sp units - {\the\numexpr\ht\spx@image@box - *\linewidth/\wd\spx@image@box sp}% - \ifdim\spx@image@rescaledheight>\spx@image@maxheight - % the rescaled height will be too big, so it is height which decides - % the rescaling factor - \def\spx@image@requiredheight{\spx@image@maxheight}% dimen register - \edef\spx@image@requiredwidth % with sp units - {\the\numexpr\wd\spx@image@box - *\spx@image@maxheight/\ht\spx@image@box sp}% - % TODO: decide if this commented-out block could be needed due to - % rounding in numexpr operations going up - % \ifdim\spx@image@requiredwidth>\linewidth - % \def\spx@image@requiredwidth{\linewidth}% dimen register - % \fi - \else - \def\spx@image@requiredwidth{\linewidth}% dimen register - \let\spx@image@requiredheight\spx@image@rescaledheight% sp units - \fi - \else - % width is ok, let's check height - \ifdim\ht\spx@image@box>\spx@image@maxheight - \in@true - \edef\spx@image@requiredwidth % with sp units - {\the\numexpr\wd\spx@image@box - *\spx@image@maxheight/\ht\spx@image@box sp}% - \def\spx@image@requiredheight{\spx@image@maxheight}% dimen register - \fi - \fi % end of check of width and height - \ifin@ - \setbox\spx@image@box - \hbox{\includegraphics - [%#1,% contained only width and/or height and overruled anyhow - width=\spx@image@requiredwidth,height=\spx@image@requiredheight]% - {#2}}% - % \includegraphics does not set box dimensions to the exactly - % requested ones, see https://github.com/latex3/latex2e/issues/112 - \wd\spx@image@box\spx@image@requiredwidth - \ht\spx@image@box\spx@image@requiredheight - \leavevmode\box\spx@image@box - \else - % here we do not modify the options, no need to adjust width and height - % on output, they will be computed exactly as with "draft" option - \setbox\spx@image@box\box\voidb@x % clear memory - \includegraphics[#1]{#2}% - \fi -}% -% Use the "safe" one by default (2.0) -\def\sphinxincludegraphics{\sphinxsafeincludegraphics} - - -%% FIGURE IN TABLE -% -\newenvironment{sphinxfigure-in-table}[1][\linewidth]{% - \def\@captype{figure}% - \sphinxsetvskipsforfigintablecaption - \begin{minipage}{#1}% -}{\end{minipage}} -% tabulary expands twice contents, we need to prevent double counter stepping -\newcommand*\sphinxfigcaption - {\ifx\equation$%$% this is trick to identify tabulary first pass - \firstchoice@false\else\firstchoice@true\fi - \spx@originalcaption } -\newcommand*\sphinxsetvskipsforfigintablecaption - {\abovecaptionskip\smallskipamount - \belowcaptionskip\smallskipamount} - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexindbibtoc.sty b/krb5-1.21.3/doc/pdf/sphinxlatexindbibtoc.sty deleted file mode 100644 index 79e30a1f..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexindbibtoc.sty +++ /dev/null @@ -1,69 +0,0 @@ -%% INDEX, BIBLIOGRAPHY, APPENDIX, TABLE OF CONTENTS -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexindbibtoc.sty}[2021/01/27 index, bib., toc] - -% Provides support for this output mark-up from Sphinx latex writer: -% -% - environments: (backup defaults or get redefined) -% -% - sphinxtheindex (direct mark-up or via python.ist or sphinx.xdy) -% - sphinxthebibliography -% -% - macros: (defines defaults) -% -% - \sphinxmaketitle -% - \sphinxtableofcontents -% - \sphinxnonalphabeticalgroupname -% - \sphinxsymbolsname -% - \sphinxnumbersname -% - \sphinxcite -% -% Requires: -\RequirePackage{makeidx} - -% fix the double index and bibliography on the table of contents -% in jsclasses (Japanese standard document classes) -\ifx\@jsc@uplatextrue\@undefined\else - \renewenvironment{sphinxtheindex} - {\cleardoublepage\phantomsection - \begin{theindex}} - {\end{theindex}} - - \renewenvironment{sphinxthebibliography}[1] - {\cleardoublepage% \phantomsection % not needed here since TeXLive 2010's hyperref - \begin{thebibliography}{#1}} - {\end{thebibliography}} -\fi - -% disable \@chappos in Appendix in pTeX -\ifx\kanjiskip\@undefined\else - \let\py@OldAppendix=\appendix - \renewcommand{\appendix}{ - \py@OldAppendix - \gdef\@chappos{} - } -\fi - -% make commands known to non-Sphinx document classes -\providecommand*{\sphinxmaketitle}{\maketitle} -\providecommand*{\sphinxtableofcontents}{\tableofcontents} -\ltx@ifundefined{sphinxthebibliography} - {\newenvironment - {sphinxthebibliography}{\begin{thebibliography}}{\end{thebibliography}}% - } - {}% else clause of \ltx@ifundefined -\ltx@ifundefined{sphinxtheindex} - {\newenvironment{sphinxtheindex}{\begin{theindex}}{\end{theindex}}}% - {}% else clause of \ltx@ifundefined - -% for usage with xindy: this string gets internationalized in preamble -\newcommand*{\sphinxnonalphabeticalgroupname}{} -% redefined in preamble, headings for makeindex produced index -\newcommand*{\sphinxsymbolsname}{} -\newcommand*{\sphinxnumbersname}{} - -\protected\def\sphinxcite{\cite} - - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexlists.sty b/krb5-1.21.3/doc/pdf/sphinxlatexlists.sty deleted file mode 100644 index ed7521cf..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexlists.sty +++ /dev/null @@ -1,97 +0,0 @@ -%% ALPHANUMERIC LIST ITEMS -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexlists.sty}[2021/01/27 lists] - -% Provides support for this output mark-up from Sphinx latex writer: -% - \sphinxsetlistlabels - -% Dependencies: the \spx@opt@maxlistdepth from sphinx.sty - -\newcommand\sphinxsetlistlabels[5] -{% #1 = style, #2 = enum, #3 = enumnext, #4 = prefix, #5 = suffix - % #2 and #3 are counters used by enumerate environment e.g. enumi, enumii. - % #1 is a macro such as \arabic or \alph - % prefix and suffix are strings (by default empty and a dot). - \@namedef{the#2}{#1{#2}}% - \@namedef{label#2}{#4\@nameuse{the#2}#5}% - \@namedef{p@#3}{\@nameuse{p@#2}#4\@nameuse{the#2}#5}% -}% - - -%% MAXLISTDEPTH -% -% remove LaTeX's cap on nesting depth if 'maxlistdepth' key used. -% This is a hack, which works with the standard classes: it assumes \@toodeep -% is always used in "true" branches: "\if ... \@toodeep \else .. \fi." - -% will force use the "false" branch (if there is one) -\def\spx@toodeep@hack{\fi\iffalse} - -% do nothing if 'maxlistdepth' key not used or if package enumitem loaded. -\ifnum\spx@opt@maxlistdepth=\z@\expandafter\@gobbletwo\fi -\AtBeginDocument{% -\@ifpackageloaded{enumitem}{\remove@to@nnil}{}% - \let\spx@toodeepORI\@toodeep - \def\@toodeep{% - \ifnum\@listdepth<\spx@opt@maxlistdepth\relax - \expandafter\spx@toodeep@hack - \else - \expandafter\spx@toodeepORI - \fi}% -% define all missing \@list... macros - \count@\@ne - \loop - \ltx@ifundefined{@list\romannumeral\the\count@} - {\iffalse}{\iftrue\advance\count@\@ne}% - \repeat - \loop - \ifnum\count@>\spx@opt@maxlistdepth\relax\else - \expandafter\let - \csname @list\romannumeral\the\count@\expandafter\endcsname - \csname @list\romannumeral\the\numexpr\count@-\@ne\endcsname - % workaround 2.6--3.2d babel-french issue (fixed in 3.2e; no change needed) - \ltx@ifundefined{leftmargin\romannumeral\the\count@} - {\expandafter\let - \csname leftmargin\romannumeral\the\count@\expandafter\endcsname - \csname leftmargin\romannumeral\the\numexpr\count@-\@ne\endcsname}{}% - \advance\count@\@ne - \repeat -% define all missing enum... counters and \labelenum... macros and \p@enum.. - \count@\@ne - \loop - \ltx@ifundefined{c@enum\romannumeral\the\count@} - {\iffalse}{\iftrue\advance\count@\@ne}% - \repeat - \loop - \ifnum\count@>\spx@opt@maxlistdepth\relax\else - \newcounter{enum\romannumeral\the\count@}% - \expandafter\def - \csname labelenum\romannumeral\the\count@\expandafter\endcsname - \expandafter - {\csname theenum\romannumeral\the\numexpr\count@\endcsname.}% - \expandafter\def - \csname p@enum\romannumeral\the\count@\expandafter\endcsname - \expandafter - {\csname p@enum\romannumeral\the\numexpr\count@-\@ne\expandafter - \endcsname\csname theenum\romannumeral\the\numexpr\count@-\@ne\endcsname.}% - \advance\count@\@ne - \repeat -% define all missing labelitem... macros - \count@\@ne - \loop - \ltx@ifundefined{labelitem\romannumeral\the\count@} - {\iffalse}{\iftrue\advance\count@\@ne}% - \repeat - \loop - \ifnum\count@>\spx@opt@maxlistdepth\relax\else - \expandafter\let - \csname labelitem\romannumeral\the\count@\expandafter\endcsname - \csname labelitem\romannumeral\the\numexpr\count@-\@ne\endcsname - \advance\count@\@ne - \repeat - \PackageInfo{sphinx}{maximal list depth extended to \spx@opt@maxlistdepth}% -\@gobble\@nnil -} - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexliterals.sty b/krb5-1.21.3/doc/pdf/sphinxlatexliterals.sty deleted file mode 100644 index d2ba89ea..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexliterals.sty +++ /dev/null @@ -1,795 +0,0 @@ -%% LITERAL BLOCKS -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexliterals.sty}[2021/01/27 code-blocks and parsed literals] - -% Provides support for this output mark-up from Sphinx latex writer: -% -% - macros: -% - \sphinxLiteralBlockLabel -% - \sphinxSetupCaptionForVerbatim -% - \sphinxSetupCodeBlockInFootnote -% - \sphinxhref -% - \sphinxnolinkurl -% - \sphinxresetverbatimhllines -% - \sphinxunactivateextrasandspace -% - \sphinxupquote -% - \sphinxurl -% -% - environments: -% - sphinxVerbatim -% - sphinxVerbatimintable -% - sphinxalltt -% -% Dependency: -% -% - hyperref (for \phantomsection and \capstart) (loaded later) -% -% Executes \RequirePackage for: -% -% - framed -% - fancyvrb -% - alltt -% - upquote -% - needspace - -% also in sphinxlatexadmonitions.sty: -% This is a workaround to a "feature" of French lists, when literal block -% follows immediately; usable generally (does only \par then), a priori... -\providecommand*\sphinxvspacefixafterfrenchlists{% - \ifvmode\ifdim\lastskip<\z@ \vskip\parskip\fi\else\par\fi -} - -% For framing allowing pagebreaks -\RequirePackage{framed} -% For source code -% MEMO: fancyvrb is used mainly to -% 1- control horizontal and vertical spacing -% 2- optional line numbering -% 3- optional line emphasizing -% 4- while still allowing expansion of Pygments latex mark-up -% Other aspects such as framing, caption handling, codeline wrapping are -% added on top of it. We should stop using fancyvrb and implement -% 1, 2, 3, 4 by own Sphinx fully native Verbatim. This would allow to solve -% limitations with wrapped long code line not allowing page break. -\RequirePackage{fancyvrb} -% For parsed-literal blocks. -\RequirePackage{alltt} -% Display "real" single quotes in literal blocks. -\RequirePackage{upquote} -% Skip to next page if not enough space at bottom -\RequirePackage{needspace} - -% Based on use of "fancyvrb.sty"'s Verbatim. -% - with framing allowing page breaks ("framed.sty") -% - with breaking of long lines (exploits Pygments mark-up), -% - with possibly of a top caption, non-separable by pagebreak. -% - and usable inside tables or footnotes ("sphinxpackagefootnote.sty"). - -% for emphasizing lines -\define@key{FV}{hllines}{\def\sphinx@verbatim@checkifhl##1{\in@{, ##1,}{#1}}} -% sphinxVerbatim must be usable by third party without requiring hllines set-up -\def\sphinxresetverbatimhllines{\def\sphinx@verbatim@checkifhl##1{\in@false}} -\sphinxresetverbatimhllines - -% Prior to Sphinx 1.5, \Verbatim and \endVerbatim were modified by Sphinx. -% The aliases defined here are used in sphinxVerbatim environment and can -% serve as hook-points with no need to modify \Verbatim itself. -\let\OriginalVerbatim \Verbatim -\let\endOriginalVerbatim\endVerbatim - -% for captions of literal blocks -% at start of caption title -\newcommand*{\fnum@literalblock}{\literalblockname\nobreakspace\theliteralblock} -% this will be overwritten in document preamble by Babel translation -\newcommand*{\literalblockname}{Listing } -% file extension needed for \caption's good functioning, the file is created -% only if a \listof{literalblock}{foo} command is encountered, which is -% analogous to \listoffigures, but for the code listings (foo = chosen title.) -\newcommand*{\ext@literalblock}{lol} - -% if forced use of minipage encapsulation is needed (e.g. table cells) -\newif\ifsphinxverbatimwithminipage \sphinxverbatimwithminipagefalse - -% Framing macro for use with framed.sty's \FrameCommand -% - it obeys current indentation, -% - frame is \fboxsep separated from the contents, -% - the contents use the full available text width, -% - #1 = color of frame, #2 = color of background, -% - #3 = above frame, #4 = below frame, #5 = within frame, -% - #3 and #4 must be already typeset boxes; they must issue \normalcolor -% or similar, else, they are under scope of color #1 -\long\def\spx@fcolorbox #1#2#3#4#5{% - \hskip\@totalleftmargin - \hskip-\fboxsep\hskip-\fboxrule - % use of \color@b@x here is compatible with both xcolor.sty and color.sty - \color@b@x {\color{#1}\spx@CustomFBox{#3}{#4}}{\color{#2}}{#5}% - \hskip-\fboxsep\hskip-\fboxrule - \hskip-\linewidth \hskip-\@totalleftmargin \hskip\columnwidth -}% -% #1 = for material above frame, such as a caption or a "continued" hint -% #2 = for material below frame, such as a caption or "continues on next page" -% #3 = actual contents, which will be typeset with a background color -\long\def\spx@CustomFBox#1#2#3{% - \begingroup - \setbox\@tempboxa\hbox{{#3}}% inner braces to avoid color leaks - \vbox{#1% above frame - % draw frame border _latest_ to avoid pdf viewer issue - \kern\fboxrule - \hbox{\kern\fboxrule - \copy\@tempboxa - \kern-\wd\@tempboxa\kern-\fboxrule - \vrule\@width\fboxrule - \kern\wd\@tempboxa - \vrule\@width\fboxrule}% - \kern-\dimexpr\ht\@tempboxa+\dp\@tempboxa+\fboxrule\relax - \hrule\@height\fboxrule - \kern\dimexpr\ht\@tempboxa+\dp\@tempboxa\relax - \hrule\@height\fboxrule - #2% below frame - }% - \endgroup -}% -\def\spx@fcolorbox@put@c#1{% hide width from framed.sty measuring - \moveright\dimexpr\fboxrule+.5\wd\@tempboxa\hb@xt@\z@{\hss#1\hss}% -}% -\def\spx@fcolorbox@put@r#1{% right align with contents, width hidden - \moveright\dimexpr\fboxrule+\wd\@tempboxa-\fboxsep\hb@xt@\z@{\hss#1}% -}% -\def\spx@fcolorbox@put@l#1{% left align with contents, width hidden - \moveright\dimexpr\fboxrule+\fboxsep\hb@xt@\z@{#1\hss}% -}% -% -\def\sphinxVerbatim@Continued - {\csname spx@fcolorbox@put@\spx@opt@verbatimcontinuedalign\endcsname - {\normalcolor\sphinxstylecodecontinued\literalblockcontinuedname}}% -\def\sphinxVerbatim@Continues - {\csname spx@fcolorbox@put@\spx@opt@verbatimcontinuesalign\endcsname - {\normalcolor\sphinxstylecodecontinues\literalblockcontinuesname}}% -\def\sphinxVerbatim@Title - {\spx@fcolorbox@put@c{\unhcopy\sphinxVerbatim@TitleBox}}% -\let\sphinxVerbatim@Before\@empty -\let\sphinxVerbatim@After\@empty -% Defaults are redefined in document preamble according to language -\newcommand*\literalblockcontinuedname{continued from previous page}% -\newcommand*\literalblockcontinuesname{continues on next page}% -% -\def\spx@verbatimfcolorbox{\spx@fcolorbox{VerbatimBorderColor}{VerbatimColor}}% -\def\sphinxVerbatim@FrameCommand - {\spx@verbatimfcolorbox\sphinxVerbatim@Before\sphinxVerbatim@After}% -\def\sphinxVerbatim@FirstFrameCommand - {\spx@verbatimfcolorbox\sphinxVerbatim@Before\sphinxVerbatim@Continues}% -\def\sphinxVerbatim@MidFrameCommand - {\spx@verbatimfcolorbox\sphinxVerbatim@Continued\sphinxVerbatim@Continues}% -\def\sphinxVerbatim@LastFrameCommand - {\spx@verbatimfcolorbox\sphinxVerbatim@Continued\sphinxVerbatim@After}% - -% For linebreaks inside Verbatim environment from package fancyvrb. -\newbox\sphinxcontinuationbox -\newbox\sphinxvisiblespacebox -\newcommand*\sphinxafterbreak {\copy\sphinxcontinuationbox} - -% Take advantage of the already applied Pygments mark-up to insert -% potential linebreaks for TeX processing. -% {, <, #, %, $, ' and ": go to next line. -% _, }, ^, &, >, -, ~, and \: stay at end of broken line. -% Use of \textquotesingle for straight quote. -% FIXME: convert this to package options ? -\newcommand*\sphinxbreaksbeforelist {% - \do\PYGZob\{\do\PYGZlt\<\do\PYGZsh\#\do\PYGZpc\%% {, <, #, %, - \do\PYGZdl\$\do\PYGZdq\"% $, " - \def\PYGZsq - {\discretionary{}{\sphinxafterbreak\textquotesingle}{\textquotesingle}}% ' -} -\newcommand*\sphinxbreaksafterlist {% - \do\PYGZus\_\do\PYGZcb\}\do\PYGZca\^\do\PYGZam\&% _, }, ^, &, - \do\PYGZgt\>\do\PYGZhy\-\do\PYGZti\~% >, -, ~ - \do\PYGZbs\\% \ -} -\newcommand*\sphinxbreaksatspecials {% - \def\do##1##2% - {\def##1{\discretionary{}{\sphinxafterbreak\char`##2}{\char`##2}}}% - \sphinxbreaksbeforelist - \def\do##1##2% - {\def##1{\discretionary{\char`##2}{\sphinxafterbreak}{\char`##2}}}% - \sphinxbreaksafterlist -} - -\def\sphinx@verbatim@nolig@list {\do \`}% -% Some characters . , ; ? ! / are neither pygmentized nor "tex-escaped". -% This macro makes them "active" and they will insert potential linebreaks. -% Not compatible with math mode (cf \sphinxunactivateextras). -\newcommand*\sphinxbreaksbeforeactivelist {}% none -\newcommand*\sphinxbreaksafteractivelist {\do\.\do\,\do\;\do\?\do\!\do\/} -\newcommand*\sphinxbreaksviaactive {% - \def\do##1{\lccode`\~`##1% - \lowercase{\def~}{\discretionary{}{\sphinxafterbreak\char`##1}{\char`##1}}% - \catcode`##1\active}% - \sphinxbreaksbeforeactivelist - \def\do##1{\lccode`\~`##1% - \lowercase{\def~}{\discretionary{\char`##1}{\sphinxafterbreak}{\char`##1}}% - \catcode`##1\active}% - \sphinxbreaksafteractivelist - \lccode`\~`\~ -} - -% If the linebreak is at a space, the latter will be displayed as visible -% space at end of first line, and a continuation symbol starts next line. -\def\spx@verbatim@space {% - \nobreak\hskip\z@skip - \discretionary{\copy\sphinxvisiblespacebox}{\sphinxafterbreak} - {\kern\fontdimen2\font}% -}% - -% if the available space on page is less than \literalblockneedspace, insert pagebreak -\newcommand{\sphinxliteralblockneedspace}{5\baselineskip} -\newcommand{\sphinxliteralblockwithoutcaptionneedspace}{1.5\baselineskip} -% The title (caption) is specified from outside as macro \sphinxVerbatimTitle. -% \sphinxVerbatimTitle is reset to empty after each use of Verbatim. -\newcommand*\sphinxVerbatimTitle {} -% This box to typeset the caption before framed.sty multiple passes for framing. -\newbox\sphinxVerbatim@TitleBox -% This box to measure contents if nested as inner \MakeFramed requires then -% minipage encapsulation but too long contents then break outer \MakeFramed -\newbox\sphinxVerbatim@ContentsBox -% Holder macro for labels of literal blocks. Set-up by LaTeX writer. -\newcommand*\sphinxLiteralBlockLabel {} -\newcommand*\sphinxSetupCaptionForVerbatim [1] -{% - \sphinxvspacefixafterfrenchlists - \needspace{\sphinxliteralblockneedspace}% -% insert a \label via \sphinxLiteralBlockLabel -% reset to normal the color for the literal block caption - \def\sphinxVerbatimTitle - {\py@NormalColor\sphinxcaption{\sphinxLiteralBlockLabel #1}}% -} -\newcommand*\sphinxSetupCodeBlockInFootnote {% - \fvset{fontsize=\footnotesize}\let\caption\sphinxfigcaption - \sphinxverbatimwithminipagetrue % reduces vertical spaces - % we counteract (this is in a group) the \@normalsize from \caption - \let\normalsize\footnotesize\let\@parboxrestore\relax - \def\spx@abovecaptionskip{\sphinxverbatimsmallskipamount}% -} -\newcommand*{\sphinxverbatimsmallskipamount}{\smallskipamount} -% serves to implement line highlighting and line wrapping -\newcommand\sphinxFancyVerbFormatLine[1]{% - \expandafter\sphinx@verbatim@checkifhl\expandafter{\the\FV@CodeLineNo}% - \ifin@ - \sphinxVerbatimHighlightLine{#1}% - \else - \sphinxVerbatimFormatLine{#1}% - \fi -}% -\newcommand\sphinxVerbatimHighlightLine[1]{% - \edef\sphinxrestorefboxsep{\fboxsep\the\fboxsep\relax}% - \fboxsep0pt\relax % cf LaTeX bug graphics/4524 - \colorbox{sphinxVerbatimHighlightColor}% - {\sphinxrestorefboxsep\sphinxVerbatimFormatLine{#1}}% - % no need to restore \fboxsep here, as this ends up in a \hbox from fancyvrb -}% -% \sphinxVerbatimFormatLine will be set locally to one of those two: -\newcommand\sphinxVerbatimFormatLineWrap{% - \hsize\linewidth - \ifspx@opt@verbatimforcewraps - \expandafter\spx@verb@FormatLineForceWrap - \else\expandafter\spx@verb@FormatLineWrap - \fi -}% -\newcommand\sphinxVerbatimFormatLineNoWrap[1]{\hb@xt@\linewidth{\strut #1\hss}}% -\long\def\spx@verb@FormatLineWrap#1{% - \vtop{\raggedright\hyphenpenalty\z@\exhyphenpenalty\z@ - \doublehyphendemerits\z@\finalhyphendemerits\z@ - \strut #1\strut}% -}% -% -% The normal line wrapping allows breaks at spaces and ascii non -% letters, non digits. The \raggedright above means there will be -% an overfilled line only if some non-breakable "word" was -% encountered, which is longer than a line (it is moved always to -% be on its own on a new line). -% -% The "forced" line wrapping will parse the tokens to add potential -% breakpoints at each character. As some strings are highlighted, -% we have to apply the highlighting character per character, which -% requires to manipulate the output of the Pygments LaTeXFormatter. -% -% Doing this at latex level is complicated. The contents should -% be as expected: i.e. some active characters from -% \sphinxbreaksviaactive, some Pygments character escapes such as -% \PYGZdl{}, and the highlighting \PYG macro with always 2 -% arguments. No other macros should be there, except perhaps -% zero-parameter macros. In particular: -% - the texcomments Pygments option must be set to False -% -% With pdflatex, Unicode input gives multi-bytes characters -% where the first byte is active. We support the "utf8" macros -% only. "utf8x" is not supported. -% -% The highlighting macro \PYG will be applied character per -% character. Highlighting via a colored background gives thus a -% chain of small colored boxes which may cause some artefact in -% some pdf viewers. Can't do anything here if we do want the line -% break to be possible. -% -% First a measurement step is done of what would the standard line -% wrapping give (i.e line breaks only at spaces and non-letter, -% non-digit ascii characters), cf TeX by Topic for the basic -% dissecting technique: TeX unfortunately when building a vertical -% box does not store in an accessible way what was the maximal -% line-width during paragraph building. -% -% Avoid LaTeX 2021 alteration of \@@par which potentially could break our -% measurement step (typically if the para/after hook is configured to use -% \vspace). Of course, breakage could happen only from user or package -% adding things to basic Sphinx latex. And perhaps spring LaTeX 2021 will -% provide a non-hooked \@@par, but this should work anyway and can't be -% beaten for speed. -\ltx@ifundefined{tex_par:D} -% We could use \@ifl@t@r\fmtversion{2020/02/02}{use \tex_par:D}{use \@@par}. - {\let\spx@par\@@par}% \@@par is then expected to be TeX's original \par - {\expandafter\let\expandafter\spx@par\csname tex_par:D\endcsname} -% More hesitation for avoiding the at-start-of-par hooks for our -% measurement : 1. with old LaTeX, we can not avoid hooks from everyhook -% or similar packages, 2. and perhaps the hooks add stuff which we should -% actually measure. Ideally, hooks are for inserting things in margin -% which do not change spacing. Most everything else in fact should not be -% executed in our scratch box for measurement, such as counter stepping. -\ltx@ifundefined{tex_everypar:D} - {\let\spx@everypar\everypar} - {\expandafter\let\expandafter\spx@everypar\csname tex_everypar:D\endcsname} -% -% If the max width exceeds the linewidth by more than verbatimmaxoverfull -% character widths, or if the min width plus verbatimmaxunderfull character -% widths is inferior to linewidth, then we apply the "force wrapping" with -% potential line break at each character, else we don't. -\long\def\spx@verb@FormatLineForceWrap#1{% - % \spx@image@box is a scratch box register that we can use here - \global\let\spx@verb@maxwidth\z@ - \global\let\spx@verb@minwidth\linewidth - \setbox\spx@image@box - \vtop{\raggedright\hyphenpenalty\z@\exhyphenpenalty\z@ - \doublehyphendemerits\z@\finalhyphendemerits\z@ - \spx@everypar{}\noindent\strut #1\strut\spx@par - \spx@verb@getwidths}% - \ifdim\spx@verb@maxwidth> - \dimexpr\linewidth+\spx@opt@verbatimmaxoverfull\fontcharwd\font`X \relax - \spx@verb@FormatLineWrap{\spx@verb@wrapPYG #1\spx@verb@wrapPYG}% - \else - \ifdim\spx@verb@minwidth< - \dimexpr\linewidth-\spx@opt@verbatimmaxunderfull\fontcharwd\font`X \relax - \spx@verb@FormatLineWrap{\spx@verb@wrapPYG #1\spx@verb@wrapPYG}% - \else - \spx@verb@FormatLineWrap{#1}% - \fi\fi -}% -% auxiliary paragraph dissector to get max and min widths -% but minwidth must not take into account the last line -\newbox\spx@scratchbox -\def\spx@verb@getwidths {% - \unskip\unpenalty - \setbox\spx@scratchbox\lastbox - \ifvoid\spx@scratchbox - \else - \setbox\spx@scratchbox\hbox{\unhbox\spx@scratchbox}% - \ifdim\spx@verb@maxwidth<\wd\spx@scratchbox - \xdef\spx@verb@maxwidth{\number\wd\spx@scratchbox sp}% - \fi - \expandafter\spx@verb@getwidths@loop - \fi -}% -\def\spx@verb@getwidths@loop {% - \unskip\unpenalty - \setbox\spx@scratchbox\lastbox - \ifvoid\spx@scratchbox - \else - \setbox\spx@scratchbox\hbox{\unhbox\spx@scratchbox}% - \ifdim\spx@verb@maxwidth<\wd\spx@scratchbox - \xdef\spx@verb@maxwidth{\number\wd\spx@scratchbox sp}% - \fi - \ifdim\spx@verb@minwidth>\wd\spx@scratchbox - \xdef\spx@verb@minwidth{\number\wd\spx@scratchbox sp}% - \fi - \expandafter\spx@verb@getwidths@loop - \fi -}% -% auxiliary macros to implement "cut long line even in middle of word" -\catcode`Z=3 % safe delimiter -\def\spx@verb@wrapPYG{% - \futurelet\spx@nexttoken\spx@verb@wrapPYG@i -}% -\def\spx@verb@wrapPYG@i{% - \ifx\spx@nexttoken\spx@verb@wrapPYG\let\next=\@gobble\else - \ifx\spx@nexttoken\PYG\let\next=\spx@verb@wrapPYG@PYG@onebyone\else - \discretionary{}{\sphinxafterbreak}{}% - \let\next\spx@verb@wrapPYG@ii - \fi\fi - \next -}% -% Let's recognize active characters. We don't support utf8x only utf8. -% And here #1 should not have picked up (non empty) braced contents -\long\def\spx@verb@wrapPYG@ii#1{% - \ifcat\noexpand~\noexpand#1\relax% active character - \expandafter\spx@verb@wrapPYG@active - \else % non-active character, control sequence such as \PYGZdl, or empty - \expandafter\spx@verb@wrapPYG@one - \fi {#1}% -}% -\long\def\spx@verb@wrapPYG@active#1{% -% Let's hope expansion of active character does not really require arguments, -% as we certainly don't want to go into expanding upfront token stream anyway. - \expandafter\spx@verb@wrapPYG@iii#1{}{}{}{}{}{}{}{}{}Z#1% -}% -\long\def\spx@verb@wrapPYG@iii#1#2Z{% - \ifx\UTFviii@four@octets#1\let\next=\spx@verb@wrapPYG@four\else - \ifx\UTFviii@three@octets#1\let\next=\spx@verb@wrapPYG@three\else - \ifx\UTFviii@two@octets#1\let\next=\spx@verb@wrapPYG@two\else - \let\next=\spx@verb@wrapPYG@one - \fi\fi\fi - \next -}% -\long\def\spx@verb@wrapPYG@one #1{#1\futurelet\spx@nexttoken\spx@verb@wrapPYG@i}% -\long\def\spx@verb@wrapPYG@two #1#2{#1#2\futurelet\spx@nexttoken\spx@verb@wrapPYG@i}% -\long\def\spx@verb@wrapPYG@three #1#2#3{#1#2#3\futurelet\spx@nexttoken\spx@verb@wrapPYG@i}% -\long\def\spx@verb@wrapPYG@four #1#2#3#4{#1#2#3#4\futurelet\spx@nexttoken\spx@verb@wrapPYG@i}% -% Replace \PYG by itself applied one character at a time! This way breakpoints -% can be inserted. -\def\spx@verb@wrapPYG@PYG@onebyone#1#2#3{% #1 = \PYG, #2 = highlight spec, #3 = tokens - \def\spx@verb@wrapPYG@PYG@spec{{#2}}% - \futurelet\spx@nexttoken\spx@verb@wrapPYG@PYG@i#3Z% -}% -\def\spx@verb@wrapPYG@PYG@i{% - \ifx\spx@nexttokenZ\let\next=\spx@verb@wrapPYG@PYG@done\else - \discretionary{}{\sphinxafterbreak}{}% - \let\next\spx@verb@wrapPYG@PYG@ii - \fi - \next -}% -\def\spx@verb@wrapPYG@PYG@doneZ{\futurelet\spx@nexttoken\spx@verb@wrapPYG@i}% -\long\def\spx@verb@wrapPYG@PYG@ii#1{% - \ifcat\noexpand~\noexpand#1\relax% active character - \expandafter\spx@verb@wrapPYG@PYG@active - \else % non-active character, control sequence such as \PYGZdl, or empty - \expandafter\spx@verb@wrapPYG@PYG@one - \fi {#1}% -}% -\long\def\spx@verb@wrapPYG@PYG@active#1{% -% Let's hope expansion of active character does not really require arguments, -% as we certainly don't want to go into expanding upfront token stream anyway. - \expandafter\spx@verb@wrapPYG@PYG@iii#1{}{}{}{}{}{}{}{}{}Z#1% -}% -\long\def\spx@verb@wrapPYG@PYG@iii#1#2Z{% - \ifx\UTFviii@four@octets#1\let\next=\spx@verb@wrapPYG@PYG@four\else - \ifx\UTFviii@three@octets#1\let\next=\spx@verb@wrapPYG@PYG@three\else - \ifx\UTFviii@two@octets#1\let\next=\spx@verb@wrapPYG@PYG@two\else - \let\next=\spx@verb@wrapPYG@PYG@one - \fi\fi\fi - \next -}% -\long\def\spx@verb@wrapPYG@PYG@one#1{% - \expandafter\PYG\spx@verb@wrapPYG@PYG@spec{#1}% - \futurelet\spx@nexttoken\spx@verb@wrapPYG@PYG@i -}% -\long\def\spx@verb@wrapPYG@PYG@two#1#2{% - \expandafter\PYG\spx@verb@wrapPYG@PYG@spec{#1#2}% - \futurelet\spx@nexttoken\spx@verb@wrapPYG@PYG@i -}% -\long\def\spx@verb@wrapPYG@PYG@three#1#2#3{% - \expandafter\PYG\spx@verb@wrapPYG@PYG@spec{#1#2#3}% - \futurelet\spx@nexttoken\spx@verb@wrapPYG@PYG@i -}% -\long\def\spx@verb@wrapPYG@PYG@four#1#2#3#4{% - \expandafter\PYG\spx@verb@wrapPYG@PYG@spec{#1#2#3#4}% - \futurelet\spx@nexttoken\spx@verb@wrapPYG@PYG@i -}% -\catcode`Z 11 % -% -\g@addto@macro\FV@SetupFont{% - \sbox\sphinxcontinuationbox {\spx@opt@verbatimcontinued}% - \sbox\sphinxvisiblespacebox {\spx@opt@verbatimvisiblespace}% -}% -\newenvironment{sphinxVerbatim}{% - % first, let's check if there is a caption - \ifx\sphinxVerbatimTitle\empty - \sphinxvspacefixafterfrenchlists - \parskip\z@skip - \vskip\sphinxverbatimsmallskipamount - % there was no caption. Check if nevertheless a label was set. - \ifx\sphinxLiteralBlockLabel\empty\else - % we require some space to be sure hyperlink target from \phantomsection - % will not be separated from upcoming verbatim by a page break - \needspace{\sphinxliteralblockwithoutcaptionneedspace}% - \phantomsection\sphinxLiteralBlockLabel - \fi - \else - \parskip\z@skip - \if t\spx@opt@literalblockcappos - \vskip\spx@abovecaptionskip - \def\sphinxVerbatim@Before - {\sphinxVerbatim@Title\nointerlineskip - \kern\dimexpr-\dp\strutbox+\sphinxbelowcaptionspace - % if no frame (code-blocks inside table cells), remove - % the "verbatimsep" whitespace from the top (better visually) - \ifspx@opt@verbatimwithframe\else-\sphinxverbatimsep\fi - % caption package adds \abovecaptionskip vspace, remove it - \spx@ifcaptionpackage{-\abovecaptionskip}{}\relax}% - \else - \vskip\sphinxverbatimsmallskipamount - \def\sphinxVerbatim@After - {\nointerlineskip\kern\dimexpr\dp\strutbox - \ifspx@opt@verbatimwithframe\else-\sphinxverbatimsep\fi - \spx@ifcaptionpackage{-\abovecaptionskip}{}\relax - \sphinxVerbatim@Title}% - \fi - \def\@captype{literalblock}% - \capstart - % \sphinxVerbatimTitle must reset color - \setbox\sphinxVerbatim@TitleBox - \hbox{\begin{minipage}{\linewidth}% - % caption package may detect wrongly if top or bottom, so we help it - \spx@ifcaptionpackage - {\caption@setposition{\spx@opt@literalblockcappos}}{}% - \sphinxVerbatimTitle - \end{minipage}}% - \fi - \global\let\sphinxLiteralBlockLabel\empty - \global\let\sphinxVerbatimTitle\empty - \fboxsep\sphinxverbatimsep \fboxrule\sphinxverbatimborder - \ifspx@opt@verbatimwithframe\else\fboxrule\z@\fi - \let\FrameCommand \sphinxVerbatim@FrameCommand - \let\FirstFrameCommand\sphinxVerbatim@FirstFrameCommand - \let\MidFrameCommand \sphinxVerbatim@MidFrameCommand - \let\LastFrameCommand \sphinxVerbatim@LastFrameCommand - \ifspx@opt@verbatimhintsturnover\else - \let\sphinxVerbatim@Continued\@empty - \let\sphinxVerbatim@Continues\@empty - \fi - \ifspx@opt@verbatimwrapslines - % fancyvrb's Verbatim puts each input line in (unbreakable) horizontal boxes. - % This customization wraps each line from the input in a \vtop, thus - % allowing it to wrap and display on two or more lines in the latex output. - % - The codeline counter will be increased only once. - % - The wrapped material will not break across pages, it is impossible - % to achieve this without extensive rewrite of fancyvrb. - % - The (not used in sphinx) obeytabs option to Verbatim is - % broken by this change (showtabs and tabspace work). - \let\sphinxVerbatimFormatLine\sphinxVerbatimFormatLineWrap - \let\FV@Space\spx@verbatim@space - % Allow breaks at special characters using \PYG... macros. - \sphinxbreaksatspecials - % Breaks at punctuation characters . , ; ? ! and / (needs catcode activation) - \fvset{codes*=\sphinxbreaksviaactive}% - \else % end of conditional code for wrapping long code lines - \let\sphinxVerbatimFormatLine\sphinxVerbatimFormatLineNoWrap - \fi - \let\FancyVerbFormatLine\sphinxFancyVerbFormatLine - \VerbatimEnvironment - % workaround to fancyvrb's check of current list depth - \def\@toodeep {\advance\@listdepth\@ne}% - % The list environment is needed to control perfectly the vertical space. - % Note: \OuterFrameSep used by framed.sty is later set to \topsep hence 0pt. - % - if caption: distance from last text baseline to caption baseline is - % A+(B-F)+\ht\strutbox, A = \abovecaptionskip (default 10pt), B = - % \baselineskip, F is the framed.sty \FrameHeightAdjust macro, default 6pt. - % Formula valid for F < 10pt. - % - distance of baseline of caption to top of frame is like for tables: - % \sphinxbelowcaptionspace (=0.5\baselineskip) - % - if no caption: distance of last text baseline to code frame is S+(B-F), - % with S = \sphinxverbatimtopskip (=\smallskip) - % - and distance from bottom of frame to next text baseline is - % \baselineskip+\parskip. - % The \trivlist is used to avoid possible "too deeply nested" error. - \itemsep \z@skip - \topsep \z@skip - \partopsep \z@skip - % trivlist will set \parsep to \parskip (which itself is set to zero above) - % \leftmargin will be set to zero by trivlist - \rightmargin\z@ - \parindent \z@% becomes \itemindent. Default zero, but perhaps overwritten. - \trivlist\item\relax - \ifspx@inframed\setbox\sphinxVerbatim@ContentsBox\vbox\bgroup - \@setminipage\hsize\linewidth - % use bulk of minipage paragraph shape restores (this is needed - % in indented contexts, at least for some) - \textwidth\hsize \columnwidth\hsize \@totalleftmargin\z@ - \leftskip\z@skip \rightskip\z@skip \@rightskip\z@skip - \else - \ifsphinxverbatimwithminipage\noindent\begin{minipage}{\linewidth}\fi - \MakeFramed {% adapted over from framed.sty's snugshade environment - \advance\hsize-\width\@totalleftmargin\z@\linewidth\hsize\@setminipage - }% - \fi - % For grid placement from \strut's in \FancyVerbFormatLine - \lineskip\z@skip - % active comma should not be overwritten by \@noligs - \ifspx@opt@verbatimwrapslines - \let\verbatim@nolig@list \sphinx@verbatim@nolig@list - \fi - % will fetch its optional arguments if any - \OriginalVerbatim -} -{% - \endOriginalVerbatim - \ifspx@inframed - \egroup % finish \sphinxVerbatim@ContentsBox vbox - \nobreak % update page totals - \ifdim\dimexpr\ht\sphinxVerbatim@ContentsBox+ - \dp\sphinxVerbatim@ContentsBox+ - \ht\sphinxVerbatim@TitleBox+ - \dp\sphinxVerbatim@TitleBox+ - 2\fboxsep+2\fboxrule+ - % try to account for external frame parameters - \FrameSep+\FrameRule+ - % Usage here of 2 baseline distances is empirical. - % In border case where code-block fits barely in remaining space, - % it gets framed and looks good but the outer frame may continue - % on top of next page and give (if no contents after code-block) - % an empty framed line, as testing showed. - 2\baselineskip+ - % now add all to accumulated page totals and compare to \pagegoal - \pagetotal+\pagedepth>\pagegoal - % long contents: do not \MakeFramed. Do make a caption (either before or - % after) if title exists. Continuation hints across pagebreaks dropped. - % FIXME? a bottom caption may end up isolated at top of next page - % (no problem with a top caption, which is default) - \spx@opt@verbatimwithframefalse - \def\sphinxVerbatim@Title{\noindent\box\sphinxVerbatim@TitleBox\par}% - \sphinxVerbatim@Before - \noindent\unvbox\sphinxVerbatim@ContentsBox\par - \sphinxVerbatim@After - \else - % short enough contents: use \MakeFramed. As it is nested, this requires - % minipage encapsulation. - \noindent\begin{minipage}{\linewidth}% - \MakeFramed {% Use it now with the fetched contents - \advance\hsize-\width\@totalleftmargin\z@\linewidth\hsize\@setminipage - }% - \unvbox\sphinxVerbatim@ContentsBox - % some of this may be superfluous: - \par\unskip\@minipagefalse\endMakeFramed - \end{minipage}% - \fi - \else % non-nested \MakeFramed - \par\unskip\@minipagefalse\endMakeFramed % from framed.sty snugshade - \ifsphinxverbatimwithminipage\end{minipage}\fi - \fi - \endtrivlist -} -\newenvironment {sphinxVerbatimNoFrame} - {\spx@opt@verbatimwithframefalse - \VerbatimEnvironment - \begin{sphinxVerbatim}} - {\end{sphinxVerbatim}} -\newenvironment {sphinxVerbatimintable} - {% don't use a frame if in a table cell - \spx@opt@verbatimwithframefalse - \sphinxverbatimwithminipagetrue - % the literal block caption uses \sphinxcaption which is wrapper of \caption, - % but \caption must be modified because longtable redefines it to work only - % for the own table caption, and tabulary has multiple passes - \let\caption\sphinxfigcaption - % reduce above caption skip - \def\spx@abovecaptionskip{\sphinxverbatimsmallskipamount}% - \VerbatimEnvironment - \begin{sphinxVerbatim}} - {\end{sphinxVerbatim}} - - -%% PARSED LITERALS -% allow long lines to wrap like they do in code-blocks - -% this should be kept in sync with definitions in sphinx.util.texescape -\newcommand*\sphinxbreaksattexescapedchars{% - \def\do##1##2% put potential break point before character - {\def##1{\discretionary{}{\sphinxafterbreak\char`##2}{\char`##2}}}% - \do\{\{\do\textless\<\do\#\#\do\%\%\do\$\$% {, <, #, %, $ - \def\do##1##2% put potential break point after character - {\def##1{\discretionary{\char`##2}{\sphinxafterbreak}{\char`##2}}}% - \do\_\_\do\}\}\do\textasciicircum\^\do\&\&% _, }, ^, &, - \do\textgreater\>\do\textasciitilde\~% >, ~ - \do\textbackslash\\% \ -} -\newcommand*\sphinxbreaksviaactiveinparsedliteral{% - \sphinxbreaksviaactive % by default handles . , ; ? ! / - \lccode`\~`\~ % - % update \dospecials as it is used by \url - % but deactivation will already have been done hence this is unneeded: - % \expandafter\def\expandafter\dospecials\expandafter{\dospecials - % \sphinxbreaksbeforeactivelist\sphinxbreaksafteractivelist\do\-}% -} -\newcommand*\sphinxbreaksatspaceinparsedliteral{% - \lccode`~32 \lowercase{\let~}\spx@verbatim@space\lccode`\~`\~ -} -\newcommand*{\sphinxunactivateextras}{\let\do\@makeother - \sphinxbreaksbeforeactivelist\sphinxbreaksafteractivelist}% -% the \catcode13=5\relax (deactivate end of input lines) is left to callers -\newcommand*{\sphinxunactivateextrasandspace}{\catcode32=10\relax - \sphinxunactivateextras}% -% now for the modified alltt environment -\newenvironment{sphinxalltt} -{% at start of next line to workaround Emacs/AUCTeX issue with this file -\begin{alltt}% - \ifspx@opt@parsedliteralwraps - \sbox\sphinxcontinuationbox {\spx@opt@verbatimcontinued}% - \sbox\sphinxvisiblespacebox {\spx@opt@verbatimvisiblespace}% - \sphinxbreaksattexescapedchars - \sphinxbreaksviaactiveinparsedliteral - \sphinxbreaksatspaceinparsedliteral -% alltt takes care of the ' as derivative ("prime") in math mode - \everymath\expandafter{\the\everymath\sphinxunactivateextrasandspace - \catcode`\<=12\catcode`\>=12\catcode`\^=7\catcode`\_=8 }% -% not sure if displayed math (align,...) can end up in parsed-literal, anyway - \everydisplay\expandafter{\the\everydisplay - \catcode13=5 \sphinxunactivateextrasandspace - \catcode`\<=12\catcode`\>=12\catcode`\^=7\catcode`\_=8 }% - \fi } -{\end{alltt}} - - -%% INLINE MARK-UP -% - -% Protect \href's first argument in contexts such as sphinxalltt (or -% \sphinxcode). Sphinx uses \#, \%, \& ... always inside \sphinxhref. -\protected\def\sphinxhref#1#2{{% - \sphinxunactivateextrasandspace % never do \scantokens with active space! -% for the \endlinechar business, https://github.com/latex3/latex2e/issues/286 - \endlinechar\m@ne\everyeof{{\endlinechar13 #2}}% keep catcode regime for #2 - \scantokens{\href{#1}}% normalise it for #1 during \href expansion -}} -% Same for \url. And also \nolinkurl for coherence. -\protected\def\sphinxurl#1{{% - \sphinxunactivateextrasandspace\everyeof{}% (<- precaution for \scantokens) - \endlinechar\m@ne\scantokens{\url{#1}}% -}} -\protected\def\sphinxnolinkurl#1{{% - \sphinxunactivateextrasandspace\everyeof{}% - \endlinechar\m@ne\scantokens{\nolinkurl{#1}}% -}} - -% \sphinxupquote -% to obtain straight quotes we execute \@noligs as patched by upquote, and -% \scantokens is needed in cases where it would be too late for the macro to -% first set catcodes and then fetch its argument. We also make the contents -% breakable at non-escaped . , ; ? ! / using \sphinxbreaksviaactive, -% and also at \ character (which is escaped to \textbackslash{}). -\protected\def\sphinxtextbackslashbreakbefore - {\discretionary{}{\sphinxafterbreak\sphinx@textbackslash}{\sphinx@textbackslash}} -\protected\def\sphinxtextbackslashbreakafter - {\discretionary{\sphinx@textbackslash}{\sphinxafterbreak}{\sphinx@textbackslash}} -\let\sphinxtextbackslash\sphinxtextbackslashbreakafter -% the macro must be protected if it ends up used in moving arguments, -% in 'alltt' \@noligs is done already, and the \scantokens must be avoided. -\protected\def\sphinxupquote#1{{\def\@tempa{alltt}% - \ifx\@tempa\@currenvir\else - \ifspx@opt@inlineliteralwraps - % break at . , ; ? ! / - \sphinxbreaksviaactive - % break also at \ - \setbox8=\hbox{\textbackslash}% - \def\sphinx@textbackslash{\copy8}% - \let\textbackslash\sphinxtextbackslash - % by default, no continuation symbol on next line but may be added - \let\sphinxafterbreak\sphinxafterbreakofinlineliteral - % do not overwrite the comma set-up - \let\verbatim@nolig@list\sphinx@literal@nolig@list - \fi - % fix a space-gobbling issue due to LaTeX's original \do@noligs -% TODO: using \@noligs as patched by upquote.sty is now unneeded because -% either ` and ' are escaped (non-unicode engines) or they don't build -% ligatures (unicode engines). Thus remove this and unify handling of `, <, >, -% ' and - with the characters . , ; ? ! / as handled via -% \sphinxbreaksviaactive. -% Hence \sphinx@do@noligs will be removed, or rather replaced with code -% inserting discretionaries, as they allow a continuation symbol on start of -% next line to achieve common design with code-blocks. - \let\do@noligs\sphinx@do@noligs - \@noligs\endlinechar\m@ne\everyeof{}% (<- in case inside \sphinxhref) - \expandafter\scantokens - \fi {{#1}}}}% extra brace pair to fix end-space gobbling issue... -\def\sphinx@do@noligs #1{\catcode`#1\active\begingroup\lccode`\~`#1\relax - \lowercase{\endgroup\def~{\leavevmode\kern\z@\char`#1 }}} -\def\sphinx@literal@nolig@list {\do\`\do\<\do\>\do\'\do\-}% -\let\sphinxafterbreakofinlineliteral\empty - - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexnumfig.sty b/krb5-1.21.3/doc/pdf/sphinxlatexnumfig.sty deleted file mode 100644 index 6d729610..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexnumfig.sty +++ /dev/null @@ -1,122 +0,0 @@ -%% NUMBERING OF FIGURES, TABLES, AND LITERAL BLOCKS -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexnumfig.sty}[2021/01/27 numbering] - -% Requires: remreset (old LaTeX only) -% relates to numfig and numfig_secnum_depth configuration variables - -% LaTeX 2018-04-01 and later provides \@removefromreset -\ltx@ifundefined{@removefromreset} - {\RequirePackage{remreset}} - {}% avoid warning -% Everything is delayed to \begin{document} to allow hyperref patches into -% \newcounter to solve duplicate label problems for internal hyperlinks to -% code listings (literalblock counter). User or extension re-definitions of -% \theliteralblock, et al., thus have also to be delayed. (changed at 3.5.0) -\AtBeginDocument{% -\ltx@ifundefined{c@chapter} - {\newcounter{literalblock}}% - {\newcounter{literalblock}[chapter]% - \def\theliteralblock{\ifnum\c@chapter>\z@\arabic{chapter}.\fi - \arabic{literalblock}}% - }% -\ifspx@opt@nonumfigreset - \ltx@ifundefined{c@chapter}{}{% - \@removefromreset{figure}{chapter}% - \@removefromreset{table}{chapter}% - \@removefromreset{literalblock}{chapter}% - \ifspx@opt@mathnumfig - \@removefromreset{equation}{chapter}% - \fi - }% - \def\thefigure{\arabic{figure}}% - \def\thetable {\arabic{table}}% - \def\theliteralblock{\arabic{literalblock}}% - \ifspx@opt@mathnumfig - \def\theequation{\arabic{equation}}% - \fi -\else -\let\spx@preAthefigure\@empty -\let\spx@preBthefigure\@empty -% \ifspx@opt@usespart % <-- LaTeX writer could pass such a 'usespart' boolean -% % as sphinx.sty package option -% If document uses \part, (triggered in Sphinx by latex_toplevel_sectioning) -% LaTeX core per default does not reset chapter or section -% counters at each part. -% But if we modify this, we need to redefine \thechapter, \thesection to -% include the part number and this will cause problems in table of contents -% because of too wide numbering. Simplest is to do nothing. -% \fi -\ifnum\spx@opt@numfigreset>0 - \ltx@ifundefined{c@chapter} - {} - {\g@addto@macro\spx@preAthefigure{\ifnum\c@chapter>\z@\arabic{chapter}.}% - \g@addto@macro\spx@preBthefigure{\fi}}% -\fi -\ifnum\spx@opt@numfigreset>1 - \@addtoreset{figure}{section}% - \@addtoreset{table}{section}% - \@addtoreset{literalblock}{section}% - \ifspx@opt@mathnumfig - \@addtoreset{equation}{section}% - \fi% - \g@addto@macro\spx@preAthefigure{\ifnum\c@section>\z@\arabic{section}.}% - \g@addto@macro\spx@preBthefigure{\fi}% -\fi -\ifnum\spx@opt@numfigreset>2 - \@addtoreset{figure}{subsection}% - \@addtoreset{table}{subsection}% - \@addtoreset{literalblock}{subsection}% - \ifspx@opt@mathnumfig - \@addtoreset{equation}{subsection}% - \fi% - \g@addto@macro\spx@preAthefigure{\ifnum\c@subsection>\z@\arabic{subsection}.}% - \g@addto@macro\spx@preBthefigure{\fi}% -\fi -\ifnum\spx@opt@numfigreset>3 - \@addtoreset{figure}{subsubsection}% - \@addtoreset{table}{subsubsection}% - \@addtoreset{literalblock}{subsubsection}% - \ifspx@opt@mathnumfig - \@addtoreset{equation}{subsubsection}% - \fi% - \g@addto@macro\spx@preAthefigure{\ifnum\c@subsubsection>\z@\arabic{subsubsection}.}% - \g@addto@macro\spx@preBthefigure{\fi}% -\fi -\ifnum\spx@opt@numfigreset>4 - \@addtoreset{figure}{paragraph}% - \@addtoreset{table}{paragraph}% - \@addtoreset{literalblock}{paragraph}% - \ifspx@opt@mathnumfig - \@addtoreset{equation}{paragraph}% - \fi% - \g@addto@macro\spx@preAthefigure{\ifnum\c@subparagraph>\z@\arabic{subparagraph}.}% - \g@addto@macro\spx@preBthefigure{\fi}% -\fi -\ifnum\spx@opt@numfigreset>5 - \@addtoreset{figure}{subparagraph}% - \@addtoreset{table}{subparagraph}% - \@addtoreset{literalblock}{subparagraph}% - \ifspx@opt@mathnumfig - \@addtoreset{equation}{subparagraph}% - \fi% - \g@addto@macro\spx@preAthefigure{\ifnum\c@subsubparagraph>\z@\arabic{subsubparagraph}.}% - \g@addto@macro\spx@preBthefigure{\fi}% -\fi -\expandafter\g@addto@macro -\expandafter\spx@preAthefigure\expandafter{\spx@preBthefigure}% -\let\thefigure\spx@preAthefigure -\let\thetable\spx@preAthefigure -\let\theliteralblock\spx@preAthefigure -\g@addto@macro\thefigure{\arabic{figure}}% -\g@addto@macro\thetable{\arabic{table}}% -\g@addto@macro\theliteralblock{\arabic{literalblock}}% - \ifspx@opt@mathnumfig - \let\theequation\spx@preAthefigure - \g@addto@macro\theequation{\arabic{equation}}% - \fi -\fi -}% end of big \AtBeginDocument - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexobjects.sty b/krb5-1.21.3/doc/pdf/sphinxlatexobjects.sty deleted file mode 100644 index e00881e5..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexobjects.sty +++ /dev/null @@ -1,200 +0,0 @@ -%% MODULE RELEASE DATA AND OBJECT DESCRIPTIONS -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexobjects.sty}[2021/01/27 documentation environments] - -% Provides support for this output mark-up from Sphinx latex writer: -% -% - environments -% -% - fulllineitems -% - productionlist -% - optionlist -% - DUlineblock (also "lineblock") -% -% - macros -% -% - \DUrole -% - various legacy support macros related to author and release -% data of documented objects and modules. - -% \moduleauthor{name}{email} -\newcommand{\moduleauthor}[2]{} - -% \sectionauthor{name}{email} -\newcommand{\sectionauthor}[2]{} - -% Allow the release number to be specified independently of the -% \date{}. This allows the date to reflect the document's date and -% release to specify the release that is documented. -% -\newcommand{\py@release}{\releasename\space\version} -\newcommand{\version}{}% part of \py@release, used by title page and headers -% \releaseinfo is used on titlepage (sphinxmanual.cls, sphinxhowto.cls) -\newcommand{\releaseinfo}{} -\newcommand{\setreleaseinfo}[1]{\renewcommand{\releaseinfo}{#1}} -% this is inserted via template and #1=release config variable -\newcommand{\release}[1]{\renewcommand{\version}{#1}} -% this is defined by template to 'releasename' latex_elements key -\newcommand{\releasename}{} -% Fix issue in case release and releasename deliberately left blank -\newcommand{\sphinxheadercomma}{, }% used in fancyhdr header definition -\newcommand{\sphinxifemptyorblank}[1]{% -% test after one expansion of macro #1 if contents is empty or spaces - \if&\expandafter\@firstofone\detokenize\expandafter{#1}&% - \expandafter\@firstoftwo\else\expandafter\@secondoftwo\fi}% -\AtBeginDocument {% - \sphinxifemptyorblank{\releasename} - {\sphinxifemptyorblank{\version}{\let\sphinxheadercomma\empty}{}} - {}% -}% - -% Allow specification of the author's address separately from the -% author's name. This can be used to format them differently, which -% is a good thing. -% -\newcommand{\py@authoraddress}{} -\newcommand{\authoraddress}[1]{\renewcommand{\py@authoraddress}{#1}} - -% {fulllineitems} is the main environment for object descriptions. -% -% With 4.0.0 \pysigline (and \pysiglinewithargsret), used in a fulllineitems -% environment the #1 will already be of the width which is computed here, i.e. -% the available width on line, so the \makebox becomes a bit superfluous -\newcommand{\py@itemnewline}[1]{% macro used as \makelabel in fulllineitems -% Memo: this presupposes \itemindent is 0pt - \kern\labelsep % because \@labels core latex box does \hskip-\labelsep - \makebox[\dimexpr\linewidth+\labelwidth\relax][l]{#1}% - \kern-\labelsep % because at end of \@labels box there is \hskip\labelsep -} - -\newenvironment{fulllineitems}{% - \begin{list}{}{\labelwidth \leftmargin - \rightmargin \z@ \topsep -\parskip \partopsep \parskip - \itemsep -\parsep - \let\makelabel=\py@itemnewline}% -}{\end{list}} - -% Signatures, possibly multi-line -% -\newlength{\py@argswidth} -\newcommand{\py@sigparams}[2]{% - % The \py@argswidth has been computed in \pysiglinewithargsret to make this - % occupy full available width on line. - \parbox[t]{\py@argswidth}{\raggedright #1\sphinxcode{)}#2\strut}% - % final strut is to help get correct vertical separation in case of multi-line - % box with the item contents. -} -\newcommand{\pysigline}[1]{% -% the \py@argswidth is available we use it despite its name (no "args" here) -% the \relax\relax is because \py@argswidth is a "skip" variable and the first -% \relax only ends its "dimen" part - \py@argswidth=\dimexpr\linewidth+\labelwidth\relax\relax - \item[{\parbox[t]{\py@argswidth}{\raggedright #1\strut}}] -% contrarily to \pysiglinewithargsret, we do not do this: -% \leavevmode\par\nobreak\vskip-\parskip\prevdepth\dp\strutbox -% which would give exact vertical spacing if item parbox is multi-line, -% as it affects negatively more common situation of \pysigline -% used twice or more in a row for labels sharing common description, -% due to bad interaction with the \phantomsection in the mark-up -} -\newcommand{\pysiglinewithargsret}[3]{% - \settowidth{\py@argswidth}{#1\sphinxcode{(}}% - \py@argswidth=\dimexpr\linewidth+\labelwidth-\py@argswidth\relax\relax - \item[{#1\sphinxcode{(}\py@sigparams{#2}{#3}}] -% this strange incantation is because at its root LaTeX in fact did not -% imagine a multi-line label, it is always wrapped in a horizontal box at core -% LaTeX level and we have to find tricks to get correct interline distances. - \leavevmode\par\nobreak\vskip-\parskip\prevdepth\dp\strutbox} -\newcommand{\pysigstartmultiline}{% - \def\pysigstartmultiline{\vskip\smallskipamount\parskip\z@skip\itemsep\z@skip}% - \edef\pysigstopmultiline - {\noexpand\leavevmode\parskip\the\parskip\relax\itemsep\the\itemsep\relax}% - \parskip\z@skip\itemsep\z@skip -} - -% Production lists -% -\newenvironment{productionlist}{% -% \def\sphinxoptional##1{{\Large[}##1{\Large]}} - \def\production##1##2{\\\sphinxcode{\sphinxupquote{##1}}&::=&\sphinxcode{\sphinxupquote{##2}}}% - \def\productioncont##1{\\& &\sphinxcode{\sphinxupquote{##1}}}% - \parindent=2em - \indent - \setlength{\LTpre}{0pt}% - \setlength{\LTpost}{0pt}% - \begin{longtable}[l]{lcl} -}{% - \end{longtable} -} - -% Definition lists; requested by AMK for HOWTO documents. Probably useful -% elsewhere as well, so keep in in the general style support. -% -\newenvironment{definitions}{% - \begin{description}% - \def\term##1{\item[{##1}]\mbox{}\\*[0mm]}% -}{% - \end{description}% -} - -%% FROM DOCTUTILS LATEX WRITER -% -% The following is stuff copied from docutils' latex writer. -% -\newcommand{\optionlistlabel}[1]{\normalfont\bfseries #1 \hfill}% \bf deprecated -\newenvironment{optionlist}[1] -{\begin{list}{} - {\setlength{\labelwidth}{#1} - \setlength{\rightmargin}{1cm} - \setlength{\leftmargin}{\rightmargin} - \addtolength{\leftmargin}{\labelwidth} - \addtolength{\leftmargin}{\labelsep} - \renewcommand{\makelabel}{\optionlistlabel}} -}{\end{list}} - -\newlength{\lineblockindentation} -\setlength{\lineblockindentation}{2.5em} -\newenvironment{lineblock}[1] -{\begin{list}{} - {\setlength{\partopsep}{\parskip} - \addtolength{\partopsep}{\baselineskip} - \topsep0pt\itemsep0.15\baselineskip\parsep0pt - \leftmargin#1\relax} - \raggedright} -{\end{list}} - -% From docutils.writers.latex2e -% inline markup (custom roles) -% \DUrole{#1}{#2} tries \DUrole#1{#2} -\providecommand*{\DUrole}[2]{% - \ifcsname DUrole\detokenize{#1}\endcsname - \csname DUrole\detokenize{#1}\endcsname{#2}% - \else% backwards compatibility: try \docutilsrole#1{#2} - \ifcsname docutilsrole\detokenize{#1}\endcsname - \csname docutilsrole\detokenize{#1}\endcsname{#2}% - \else - #2% - \fi - \fi -} - -\providecommand*{\DUprovidelength}[2]{% - \ifdefined#1\else\newlength{#1}\setlength{#1}{#2}\fi -} - -\DUprovidelength{\DUlineblockindent}{2.5em} -\ifdefined\DUlineblock\else - \newenvironment{DUlineblock}[1]{% - \list{}{\setlength{\partopsep}{\parskip} - \addtolength{\partopsep}{\baselineskip} - \setlength{\topsep}{0pt} - \setlength{\itemsep}{0.15\baselineskip} - \setlength{\parsep}{0pt} - \setlength{\leftmargin}{#1}} - \raggedright - } - {\endlist} -\fi - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexshadowbox.sty b/krb5-1.21.3/doc/pdf/sphinxlatexshadowbox.sty deleted file mode 100644 index 8d6c7866..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexshadowbox.sty +++ /dev/null @@ -1,100 +0,0 @@ -%% TOPIC AND CONTENTS BOXES -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexshadowbox.sty}[2021/01/27 sphinxShadowBox] - -% Provides support for this output mark-up from Sphinx latex writer: -% -% - sphinxShadowBox (environment) -% -% Dependencies (they do not need to be defined at time of loading): -% -% - of course the various colour and dimension options handled via sphinx.sty -% - dimension register \spx@image@maxheight from sphinxlatexgraphics.sty -% - \savenotes/\spewnotes from sphinxpackagefootnote -% - \ifspx@inframed defined in sphinx.sty -% -% Requires: -\RequirePackage{framed} - -% Again based on use of "framed.sty", this allows breakable framed boxes. -\long\def\spx@ShadowFBox#1{% - \leavevmode\begingroup - % first we frame the box #1 - \setbox\@tempboxa - \hbox{\vrule\@width\sphinxshadowrule - \vbox{\hrule\@height\sphinxshadowrule - \kern\sphinxshadowsep - \hbox{\kern\sphinxshadowsep #1\kern\sphinxshadowsep}% - \kern\sphinxshadowsep - \hrule\@height\sphinxshadowrule}% - \vrule\@width\sphinxshadowrule}% - % Now we add the shadow, like \shadowbox from fancybox.sty would do - \dimen@\dimexpr.5\sphinxshadowrule+\sphinxshadowsize\relax - \hbox{\vbox{\offinterlineskip - \hbox{\copy\@tempboxa\kern-.5\sphinxshadowrule - % add shadow on right side - \lower\sphinxshadowsize - \hbox{\vrule\@height\ht\@tempboxa \@width\dimen@}% - }% - \kern-\dimen@ % shift back vertically to bottom of frame - % and add shadow at bottom - \moveright\sphinxshadowsize - \vbox{\hrule\@width\wd\@tempboxa \@height\dimen@}% - }% - % move left by the size of right shadow so shadow adds no width - \kern-\sphinxshadowsize - }% - \endgroup -} - -% use framed.sty to allow page breaks in frame+shadow -% works well inside Lists and Quote-like environments -% produced by ``topic'' directive (or local contents) -% could nest if LaTeX writer authorized it -\newenvironment{sphinxShadowBox} - {\def\FrameCommand {\spx@ShadowFBox }% - \advance\spx@image@maxheight - -\dimexpr2\sphinxshadowrule - +2\sphinxshadowsep - +\sphinxshadowsize - +\baselineskip\relax - % configure framed.sty not to add extra vertical spacing - \ltx@ifundefined{OuterFrameSep}{}{\OuterFrameSep\z@skip}% - % the \trivlist will add the vertical spacing on top and bottom which is - % typical of center environment as used in Sphinx <= 1.4.1 - % the \noindent has the effet of an extra blank line on top, to - % imitate closely the layout from Sphinx <= 1.4.1; the \FrameHeightAdjust - % will put top part of frame on this baseline. - \def\FrameHeightAdjust {\baselineskip}% - % use package footnote to handle footnotes - \savenotes - \trivlist\item\noindent - % use a minipage if we are already inside a framed environment - \ifspx@inframed\begin{minipage}{\linewidth}\fi - \MakeFramed {\spx@inframedtrue - % framed.sty puts into "\width" the added width (=2shadowsep+2shadowrule) - % adjust \hsize to what the contents must use - \advance\hsize-\width - % adjust LaTeX parameters to behave properly in indented/quoted contexts - \FrameRestore - % typeset the contents as in a minipage (Sphinx <= 1.4.1 used a minipage and - % itemize/enumerate are therein typeset more tightly, we want to keep - % that). We copy-paste from LaTeX source code but don't do a real minipage. - \@pboxswfalse - \let\@listdepth\@mplistdepth \@mplistdepth\z@ - \@minipagerestore - \@setminipage - }% - }% - {% insert the "endminipage" code - \par\unskip - \@minipagefalse - \endMakeFramed - \ifspx@inframed\end{minipage}\fi - \endtrivlist - % output the stored footnotes - \spewnotes - } - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexstyleheadings.sty b/krb5-1.21.3/doc/pdf/sphinxlatexstyleheadings.sty deleted file mode 100644 index fa9be82b..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexstyleheadings.sty +++ /dev/null @@ -1,83 +0,0 @@ -%% TITLES -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexstyleheadings.sty}[2021/01/27 headings] - -\RequirePackage[nobottomtitles*]{titlesec} -\@ifpackagelater{titlesec}{2016/03/15}% - {\@ifpackagelater{titlesec}{2016/03/21}% - {}% - {\newif\ifsphinx@ttlpatch@ok - \IfFileExists{etoolbox.sty}{% - \RequirePackage{etoolbox}% - \patchcmd{\ttlh@hang}{\parindent\z@}{\parindent\z@\leavevmode}% - {\sphinx@ttlpatch@oktrue}{}% - \ifsphinx@ttlpatch@ok - \patchcmd{\ttlh@hang}{\noindent}{}{}{\sphinx@ttlpatch@okfalse}% - \fi - }{}% - \ifsphinx@ttlpatch@ok - \typeout{^^J Package Sphinx Info: ^^J - **** titlesec 2.10.1 successfully patched for bugfix ****^^J}% - \else - \AtEndDocument{\PackageWarningNoLine{sphinx}{^^J% -******** titlesec 2.10.1 has a bug, (section numbers disappear) ......|^^J% -******** and Sphinx could not patch it, perhaps because your local ...|^^J% -******** copy is already fixed without a changed release date. .......|^^J% -******** If not, you must update titlesec! ...........................|}}% - \fi - }% - }{} - -% Augment the sectioning commands used to get our own font family in place, -% and reset some internal data items (\titleformat from titlesec package) -\titleformat{\section}{\Large\py@HeaderFamily}% - {\py@TitleColor\thesection}{0.5em}{\py@TitleColor} -\titleformat{\subsection}{\large\py@HeaderFamily}% - {\py@TitleColor\thesubsection}{0.5em}{\py@TitleColor} -\titleformat{\subsubsection}{\py@HeaderFamily}% - {\py@TitleColor\thesubsubsection}{0.5em}{\py@TitleColor} -% By default paragraphs (and subsubsections) will not be numbered because -% sphinxmanual.cls and sphinxhowto.cls set secnumdepth to 2 -\titleformat{\paragraph}{\py@HeaderFamily}% - {\py@TitleColor\theparagraph}{0.5em}{\py@TitleColor} -\titleformat{\subparagraph}{\py@HeaderFamily}% - {\py@TitleColor\thesubparagraph}{0.5em}{\py@TitleColor} - - -% Since Sphinx 1.5, users should use HeaderFamily key to 'sphinxsetup' rather -% than defining their own \py@HeaderFamily command (which is still possible). -% Memo: \py@HeaderFamily is also used by \maketitle as defined in -% sphinxmanual.cls/sphinxhowto.cls -\newcommand{\py@HeaderFamily}{\spx@opt@HeaderFamily} - -% This sets up the fancy chapter headings that make the documents look -% at least a little better than the usual LaTeX output. -\@ifpackagewith{fncychap}{Bjarne}{ - \ChNameVar {\raggedleft\normalsize \py@HeaderFamily} - \ChNumVar {\raggedleft\Large \py@HeaderFamily} - \ChTitleVar{\raggedleft\Large \py@HeaderFamily} - % This creates (numbered) chapter heads without the leading \vspace*{}: - \def\@makechapterhead#1{% - {\parindent \z@ \raggedright \normalfont - \ifnum \c@secnumdepth >\m@ne - \if@mainmatter - \DOCH - \fi - \fi - \interlinepenalty\@M - \if@mainmatter - \DOTI{#1}% - \else% - \DOTIS{#1}% - \fi - }} -}{}% <-- "false" clause of \@ifpackagewith - -% fix fncychap's bug which uses prematurely the \textwidth value -\@ifpackagewith{fncychap}{Bjornstrup} - {\AtBeginDocument{\mylen\textwidth\advance\mylen-2\myhi}}% - {}% <-- "false" clause of \@ifpackagewith - - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexstylepage.sty b/krb5-1.21.3/doc/pdf/sphinxlatexstylepage.sty deleted file mode 100644 index 4066129b..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexstylepage.sty +++ /dev/null @@ -1,79 +0,0 @@ -%% PAGE STYLING -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexstylepage.sty}[2021/01/27 page styling] - -% Separate paragraphs by space by default. -\IfFileExists{parskip-2001-04-09.sty}% since September 2018 TeXLive update -% new parskip.sty, but let it rollback to old one. -% hopefully TeX installation not broken and LaTeX kernel not too old - {\RequirePackage{parskip}[=v1]} -% standard one from 1989. Admittedly \section of article/book gives possibly -% anomalous spacing, but we can't require September 2018 release for some time. - {\RequirePackage{parskip}} - -% Style parameters and macros used by most documents here -\raggedbottom -\sloppy -\hbadness = 5000 % don't print trivial gripes - -% Require package fancyhdr except under memoir class -\@ifclassloaded{memoir}{}{\RequirePackage{fancyhdr}} -% Use \pagestyle{normal} as the primary pagestyle for text. -% Redefine the 'normal' header/footer style when using "fancyhdr" package: -\@ifpackageloaded{fancyhdr}{% - \ltx@ifundefined{c@chapter} - {% no \chapter, "howto" (non-Japanese) docclass - \fancypagestyle{plain}{ - \fancyhf{} - \fancyfoot[C]{{\py@HeaderFamily\thepage}} - \renewcommand{\headrulewidth}{0pt} - \renewcommand{\footrulewidth}{0pt} - } - % Same as 'plain', this way we can use it in template - % FIXME: shouldn't this have a running header with Name and Release like 'manual'? - \fancypagestyle{normal}{ - \fancyhf{} - \fancyfoot[C]{{\py@HeaderFamily\thepage}} - \renewcommand{\headrulewidth}{0pt} - \renewcommand{\footrulewidth}{0pt} - } - }% - {% classes with \chapter command - \fancypagestyle{normal}{ - \fancyhf{} - \fancyfoot[RO]{{\py@HeaderFamily\thepage}} - \fancyfoot[LO]{{\py@HeaderFamily\nouppercase{\rightmark}}} - \fancyhead[RO]{{\py@HeaderFamily \@title\sphinxheadercomma\py@release}} - \if@twoside - \fancyfoot[LE]{{\py@HeaderFamily\thepage}} - \fancyfoot[RE]{{\py@HeaderFamily\nouppercase{\leftmark}}} - \fancyhead[LE]{{\py@HeaderFamily \@title\sphinxheadercomma\py@release}} - \fi - \renewcommand{\headrulewidth}{0.4pt} - \renewcommand{\footrulewidth}{0.4pt} - % define chaptermark with \@chappos when \@chappos is available for Japanese - \ltx@ifundefined{@chappos}{} - {\def\chaptermark##1{\markboth{\@chapapp\space\thechapter\space\@chappos\space ##1}{}}} - } - % Update the plain style so we get the page number & footer line, - % but not a chapter or section title. This is to keep the first - % page of a chapter `clean.' - \fancypagestyle{plain}{ - \fancyhf{} - \fancyfoot[RO]{{\py@HeaderFamily\thepage}} - \if@twoside\fancyfoot[LE]{{\py@HeaderFamily\thepage}}\fi - \renewcommand{\headrulewidth}{0pt} - \renewcommand{\footrulewidth}{0.4pt} - } - } - } - {% no fancyhdr: memoir class - % Provide default for 'normal' style simply as an alias of 'plain' style - % This way we can use \pagestyle{normal} in LaTeX template - \def\ps@normal{\ps@plain} - % Users of memoir class are invited to redefine 'normal' style in preamble - } - - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatexstyletext.sty b/krb5-1.21.3/doc/pdf/sphinxlatexstyletext.sty deleted file mode 100644 index ab50aed5..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatexstyletext.sty +++ /dev/null @@ -1,126 +0,0 @@ -%% TEXT STYLING -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatexstyletext.sty}[2021/01/27 text styling] - -% Basically everything here consists of macros which are part of the latex -% markup produced by the Sphinx latex writer - -% Some custom font markup commands. -\protected\def\sphinxstrong#1{\textbf{#1}} -\protected\def\sphinxcode#1{\texttt{#1}} -\protected\def\sphinxbfcode#1{\textbf{\sphinxcode{#1}}} -\protected\def\sphinxemail#1{\textsf{#1}} -\protected\def\sphinxtablecontinued#1{\textsf{#1}} -\protected\def\sphinxtitleref#1{\emph{#1}} -\protected\def\sphinxmenuselection#1{\emph{#1}} -\protected\def\sphinxguilabel#1{\emph{#1}} -\protected\def\sphinxkeyboard#1{\sphinxcode{#1}} -\protected\def\sphinxaccelerator#1{\underline{#1}} -\protected\def\sphinxcrossref#1{\emph{#1}} -\protected\def\sphinxtermref#1{\emph{#1}} -% \optional is used for ``[, arg]``, i.e. desc_optional nodes. -\long\protected\def\sphinxoptional#1{% - {\textnormal{\Large[}}{#1}\hspace{0.5mm}{\textnormal{\Large]}}} - -% additional customizable styling -\def\sphinxstyleindexentry #1{\texttt{#1}} -\def\sphinxstyleindexextra #1{ (\emph{#1})} -\def\sphinxstyleindexpageref #1{, \pageref{#1}} -\def\sphinxstyleindexpagemain#1{\textbf{#1}} -\def\spxentry{\@backslashchar spxentry}% let to \sphinxstyleindexentry in index -\def\spxextra{\@backslashchar spxextra}% let to \sphinxstyleindexextra in index -\def\sphinxstyleindexlettergroup #1% - {{\Large\sffamily#1}\nopagebreak\vspace{1mm}} -\def\sphinxstyleindexlettergroupDefault #1% - {{\Large\sffamily\sphinxnonalphabeticalgroupname}\nopagebreak\vspace{1mm}} -\protected\def\sphinxstyletopictitle #1{\textbf{#1}\par\medskip} -\let\sphinxstylesidebartitle\sphinxstyletopictitle -\protected\def\sphinxstyleothertitle #1{\textbf{#1}} -\protected\def\sphinxstylesidebarsubtitle #1{~\\\textbf{#1} \smallskip} -% \text.. commands do not allow multiple paragraphs -\protected\def\sphinxstyletheadfamily {\sffamily} -\protected\def\sphinxstyleemphasis #1{\emph{#1}} -\protected\def\sphinxstyleliteralemphasis#1{\emph{\sphinxcode{#1}}} -\protected\def\sphinxstylestrong #1{\textbf{#1}} -\protected\def\sphinxstyleliteralstrong#1{\sphinxbfcode{#1}} -\protected\def\sphinxstyleabbreviation #1{\textsc{#1}} -\protected\def\sphinxstyleliteralintitle#1{\sphinxcode{#1}} -\newcommand*\sphinxstylecodecontinued[1]{\footnotesize(#1)}% -\newcommand*\sphinxstylecodecontinues[1]{\footnotesize(#1)}% -% figure legend comes after caption and may contain arbitrary body elements -\newenvironment{sphinxlegend}{\par\small}{\par} -% reduce hyperref "Token not allowed in a PDF string" warnings on PDF builds -\AtBeginDocument{\pdfstringdefDisableCommands{% -% all "protected" macros possibly ending up in section titles should be here -% TODO: examine if \sphinxhref, \sphinxurl, \sphinnolinkurl should be handled - \let\sphinxstyleemphasis \@firstofone - \let\sphinxstyleliteralemphasis \@firstofone - \let\sphinxstylestrong \@firstofone - \let\sphinxstyleliteralstrong \@firstofone - \let\sphinxstyleabbreviation \@firstofone - \let\sphinxstyleliteralintitle \@firstofone - \let\sphinxupquote \@firstofone - \let\sphinxstrong \@firstofone - \let\sphinxcode \@firstofone - \let\sphinxbfcode \@firstofone - \let\sphinxemail \@firstofone - \let\sphinxcrossref \@firstofone - \let\sphinxtermref \@firstofone - \let\sphinxhyphen\sphinxhyphenforbookmarks -}} - -% Special characters -% -% This definition prevents en-dash and em-dash TeX ligatures. -% -% It inserts a potential breakpoint after the hyphen. This is to keep in sync -% with behavior in code-blocks, parsed and inline literals. For a breakpoint -% before the hyphen use \leavevmode\kern\z@- (within \makeatletter/\makeatother) -\protected\def\sphinxhyphen#1{-\kern\z@} -% The {} from texescape mark-up is kept, else -- gives en-dash in PDF bookmark -\def\sphinxhyphenforbookmarks{-} - -% For curly braces inside \index macro -\def\sphinxleftcurlybrace{\{} -\def\sphinxrightcurlybrace{\}} - -% Declare Unicode characters used by linux tree command to pdflatex utf8/utf8x -\def\spx@bd#1#2{% - \leavevmode - \begingroup - \ifx\spx@bd@height \@undefined\def\spx@bd@height{\baselineskip}\fi - \ifx\spx@bd@width \@undefined\setbox0\hbox{0}\def\spx@bd@width{\wd0 }\fi - \ifx\spx@bd@thickness\@undefined\def\spx@bd@thickness{.6\p@}\fi - \ifx\spx@bd@lower \@undefined\def\spx@bd@lower{\dp\strutbox}\fi - \lower\spx@bd@lower#1{#2}% - \endgroup -}% -\@namedef{sphinx@u2500}% BOX DRAWINGS LIGHT HORIZONTAL - {\spx@bd{\vbox to\spx@bd@height} - {\vss\hrule\@height\spx@bd@thickness - \@width\spx@bd@width\vss}}% -\@namedef{sphinx@u2502}% BOX DRAWINGS LIGHT VERTICAL - {\spx@bd{\hb@xt@\spx@bd@width} - {\hss\vrule\@height\spx@bd@height - \@width \spx@bd@thickness\hss}}% -\@namedef{sphinx@u2514}% BOX DRAWINGS LIGHT UP AND RIGHT - {\spx@bd{\hb@xt@\spx@bd@width} - {\hss\raise.5\spx@bd@height - \hb@xt@\z@{\hss\vrule\@height.5\spx@bd@height - \@width \spx@bd@thickness\hss}% - \vbox to\spx@bd@height{\vss\hrule\@height\spx@bd@thickness - \@width.5\spx@bd@width\vss}}}% -\@namedef{sphinx@u251C}% BOX DRAWINGS LIGHT VERTICAL AND RIGHT - {\spx@bd{\hb@xt@\spx@bd@width} - {\hss - \hb@xt@\z@{\hss\vrule\@height\spx@bd@height - \@width \spx@bd@thickness\hss}% - \vbox to\spx@bd@height{\vss\hrule\@height\spx@bd@thickness - \@width.5\spx@bd@width\vss}}}% -\protected\def\sphinxunichar#1{\@nameuse{sphinx@u#1}}% - -% Tell TeX about pathological hyphenation cases: -\hyphenation{Base-HTTP-Re-quest-Hand-ler} - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxlatextables.sty b/krb5-1.21.3/doc/pdf/sphinxlatextables.sty deleted file mode 100644 index c3c1d6ad..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxlatextables.sty +++ /dev/null @@ -1,481 +0,0 @@ -%% TABLES (WITH SUPPORT FOR MERGED CELLS OF GENERAL CONTENTS) -% -% change this info string if making any custom modification -\ProvidesFile{sphinxlatextables.sty}[2021/01/27 tables]% - -% Provides support for this output mark-up from Sphinx latex writer -% and table templates: -% -% - the tabulary and longtable environments from the eponymous packages -% - the varwidth environment -% - the >{} etc mark-up possible in tabularcolumns is from array package -% which is loaded by longtable and tabulary -% - \X, \Y, T column types; others (L, C, R, J) are from tabulary package -% - \sphinxaftertopcaption -% - \sphinxatlongtableend -% - \sphinxatlongtablestart -% - \sphinxattableend -% - \sphinxattablestart -% - \sphinxcapstartof -% - \sphinxcolwidth -% - \sphinxlongtablecapskipadjust -% - \sphinxmultirow -% - \sphinxstartmulticolumn -% - \sphinxstopmulticolumn -% - \sphinxtablestrut -% - \sphinxthecaptionisattop -% - \sphinxthelongtablecaptionisattop -% -% Executes \RequirePackage for: -% -% - tabulary -% - longtable -% - varwidth -% -% Extends tabulary and longtable via patches and custom macros to support -% merged cells possibly containing code-blocks in complex tables - -\RequirePackage{tabulary} -% tabulary has a bug with its re-definition of \multicolumn in its first pass -% which is not \long. But now Sphinx does not use LaTeX's \multicolumn but its -% own macro. Hence we don't even need to patch tabulary. See -% sphinxpackagemulticell.sty -% X or S (Sphinx) may have meanings if some table package is loaded hence -% \X was chosen to avoid possibility of conflict -\newcolumntype{\X}[2]{p{\dimexpr - (\linewidth-\arrayrulewidth)*#1/#2-\tw@\tabcolsep-\arrayrulewidth\relax}} -\newcolumntype{\Y}[1]{p{\dimexpr - #1\dimexpr\linewidth-\arrayrulewidth\relax-\tw@\tabcolsep-\arrayrulewidth\relax}} -% using here T (for Tabulary) feels less of a problem than the X could be -\newcolumntype{T}{J}% -% For tables allowing pagebreaks -\RequirePackage{longtable} -% User interface to set-up whitespace before and after tables: -\newcommand*\sphinxtablepre {0pt}% -\newcommand*\sphinxtablepost{\medskipamount}% -% Space from caption baseline to top of table or frame of literal-block -\newcommand*\sphinxbelowcaptionspace{.5\sphinxbaselineskip}% -% as one can not use \baselineskip from inside longtable (it is zero there) -% we need \sphinxbaselineskip, which defaults to \baselineskip -\def\sphinxbaselineskip{\baselineskip}% -% The following is to ensure that, whether tabular(y) or longtable: -% - if a caption is on top of table: -% a) the space between its last baseline and the top rule of table is -% exactly \sphinxbelowcaptionspace -% b) the space from last baseline of previous text to first baseline of -% caption is exactly \parskip+\baselineskip+ height of a strut. -% c) the caption text will wrap at width \LTcapwidth (4in) -% - make sure this works also if "caption" package is loaded by user -% (with its width or margin option taking place of \LTcapwidth role) -% TODO: obtain same for caption of literal block: a) & c) DONE, b) TO BE DONE -% -% To modify space below such top caption, adjust \sphinxbelowcaptionspace -% To add or remove space above such top caption, adjust \sphinxtablepre: -% notice that \abovecaptionskip, \belowcaptionskip, \LTpre are **ignored** -% A. Table with longtable -\def\sphinxatlongtablestart - {\par - \vskip\parskip - \vskip\dimexpr\sphinxtablepre\relax % adjust vertical position - \vbox{}% get correct baseline from above - \LTpre\z@skip\LTpost\z@skip % set to zero longtable's own skips - \edef\sphinxbaselineskip{\dimexpr\the\dimexpr\baselineskip\relax\relax}% - }% -% Compatibility with caption package -\def\sphinxthelongtablecaptionisattop{% - \spx@ifcaptionpackage{\noalign{\vskip-\belowcaptionskip}}{}% -}% -% Achieves exactly \sphinxbelowcaptionspace below longtable caption -\def\sphinxlongtablecapskipadjust - {\dimexpr-\dp\strutbox - -\spx@ifcaptionpackage{\abovecaptionskip}{\sphinxbaselineskip}% - +\sphinxbelowcaptionspace\relax}% -\def\sphinxatlongtableend{\@nobreakfalse % latex3/latex2e#173 - \prevdepth\z@\vskip\sphinxtablepost\relax}% -% B. Table with tabular or tabulary -\def\sphinxattablestart{\par\vskip\dimexpr\sphinxtablepre\relax}% -\let\sphinxattableend\sphinxatlongtableend -% This is used by tabular and tabulary templates -\newcommand*\sphinxcapstartof[1]{% - \vskip\parskip - \vbox{}% force baselineskip for good positioning by capstart of hyperanchor - % hyperref puts the anchor 6pt above this baseline; in case of caption - % this baseline will be \ht\strutbox above first baseline of caption - \def\@captype{#1}% - \capstart -% move back vertically, as tabular (or its caption) will compensate - \vskip-\baselineskip\vskip-\parskip -}% -\def\sphinxthecaptionisattop{% locate it after \sphinxcapstartof - \spx@ifcaptionpackage - {\caption@setposition{t}% - \vskip\baselineskip\vskip\parskip % undo those from \sphinxcapstartof - \vskip-\belowcaptionskip % anticipate caption package skip - % caption package uses a \vbox, not a \vtop, so "single line" case - % gives different result from "multi-line" without this: - \nointerlineskip - }% - {}% -}% -\def\sphinxthecaptionisatbottom{% (not finalized; for template usage) - \spx@ifcaptionpackage{\caption@setposition{b}}{}% -}% -% The aim of \sphinxcaption is to apply to tabular(y) the maximal width -% of caption as done by longtable -\def\sphinxtablecapwidth{\LTcapwidth}% -\newcommand\sphinxcaption{\@dblarg\spx@caption}% -\long\def\spx@caption[#1]#2{% - \noindent\hb@xt@\linewidth{\hss - \vtop{\@tempdima\dimexpr\sphinxtablecapwidth\relax -% don't exceed linewidth for the caption width - \ifdim\@tempdima>\linewidth\hsize\linewidth\else\hsize\@tempdima\fi -% longtable ignores \abovecaptionskip/\belowcaptionskip, so do the same here - \abovecaptionskip\sphinxabovecaptionskip % \z@skip - \belowcaptionskip\sphinxbelowcaptionskip % \z@skip - \caption[{#1}]% - {\strut\ignorespaces#2\ifhmode\unskip\@finalstrut\strutbox\fi}% - }\hss}% - \par\prevdepth\dp\strutbox -}% -\def\sphinxabovecaptionskip{\z@skip}% Do not use! Flagged for removal -\def\sphinxbelowcaptionskip{\z@skip}% Do not use! Flagged for removal -% This wrapper of \abovecaptionskip is used in sphinxVerbatim for top -% caption, and with another value in sphinxVerbatimintable -% TODO: To unify space above caption of a code-block with the one above -% caption of a table/longtable, \abovecaptionskip must not be used -% This auxiliary will get renamed and receive a different meaning -% in future. -\def\spx@abovecaptionskip{\abovecaptionskip}% -% Achieve \sphinxbelowcaptionspace below a caption located above a tabular -% or a tabulary -\newcommand\sphinxaftertopcaption -{% - \spx@ifcaptionpackage - {\par\prevdepth\dp\strutbox\nobreak\vskip-\abovecaptionskip}{\nobreak}% - \vskip\dimexpr\sphinxbelowcaptionspace\relax - \vskip-\baselineskip\vskip-\parskip -}% -% varwidth is crucial for our handling of general contents in merged cells -\RequirePackage{varwidth} -% but addition of a compatibility patch with hyperref is needed -% (tested with varwidth v 0.92 Mar 2009) -\AtBeginDocument {% - \let\@@vwid@Hy@raisedlink\Hy@raisedlink - \long\def\@vwid@Hy@raisedlink#1{\@vwid@wrap{\@@vwid@Hy@raisedlink{#1}}}% - \edef\@vwid@setup{% - \let\noexpand\Hy@raisedlink\noexpand\@vwid@Hy@raisedlink % HYPERREF ! - \unexpanded\expandafter{\@vwid@setup}}% -}% - -%%%%%%%%%%%%%%%%%%%%% -% --- MULTICOLUMN --- -% standard LaTeX's \multicolumn -% 1. does not allow verbatim contents, -% 2. interacts very poorly with tabulary. -% -% It is needed to write own macros for Sphinx: to allow code-blocks in merged -% cells rendered by tabular/longtable, and to allow multi-column cells with -% paragraphs to be taken into account sanely by tabulary algorithm for column -% widths. -% -% This requires quite a bit of hacking. First, in Sphinx, the multi-column -% contents will *always* be wrapped in a varwidth environment. The issue -% becomes to pass it the correct target width. We must trick tabulary into -% believing the multicolumn is simply separate columns, else tabulary does not -% incorporate the contents in its algorithm. But then we must clear the -% vertical rules... -% -% configuration of tabulary -\setlength{\tymin}{3\fontcharwd\font`0 }% minimal width of "squeezed" columns -\setlength{\tymax}{10000pt}% allow enough room for paragraphs to "compete" -% we need access to tabulary's final computed width. \@tempdima is too volatile -% to hope it has kept tabulary's value when \sphinxcolwidth needs it. -\newdimen\sphinx@TY@tablewidth -\def\tabulary{% - \def\TY@final{\sphinx@TY@tablewidth\@tempdima\tabular}% - \let\endTY@final\endtabular - \TY@tabular}% -% next hack is needed only if user has set latex_use_latex_multicolumn to True: -% it fixes tabulary's bug with \multicolumn defined "short" in first pass. (if -% upstream tabulary adds a \long, our extra one causes no harm) -\def\sphinx@tempa #1\def\multicolumn#2#3#4#5#6#7#8#9\sphinx@tempa - {\def\TY@tab{#1\long\def\multicolumn####1####2####3{\multispan####1\relax}#9}}% -\expandafter\sphinx@tempa\TY@tab\sphinx@tempa -% -% TN. 1: as \omit is never executed, Sphinx multicolumn does not need to worry -% like standard multicolumn about |l| vs l|. On the other hand it assumes -% columns are separated by a | ... (if not it will add extraneous -% \arrayrulewidth space for each column separation in its estimate of available -% width). -% -% TN. 1b: as Sphinx multicolumn uses neither \omit nor \span, it can not -% (easily) get rid of extra macros from >{...} or <{...} between columns. At -% least, it has been made compatible with colortbl's \columncolor. -% -% TN. 2: tabulary's second pass is handled like tabular/longtable's single -% pass, with the difference that we hacked \TY@final to set in -% \sphinx@TY@tablewidth the final target width as computed by tabulary. This is -% needed only to handle columns with a "horizontal" specifier: "p" type columns -% (inclusive of tabulary's LJRC) holds the target column width in the -% \linewidth dimension. -% -% TN. 3: use of \begin{sphinxmulticolumn}...\end{sphinxmulticolumn} mark-up -% would need some hacking around the fact that groups can not span across table -% cells (the code does inserts & tokens, see TN1b). It was decided to keep it -% simple with \sphinxstartmulticolumn...\sphinxstopmulticolumn. -% -% MEMO about nesting: if sphinxmulticolumn is encountered in a nested tabular -% inside a tabulary it will think to be at top level in the tabulary. But -% Sphinx generates no nested tables, and if some LaTeX macro uses internally a -% tabular this will not have a \sphinxstartmulticolumn within it! -% -\def\sphinxstartmulticolumn{% - \ifx\equation$% $ tabulary's first pass - \expandafter\sphinx@TYI@start@multicolumn - \else % either not tabulary or tabulary's second pass - \expandafter\sphinx@start@multicolumn - \fi -}% -\def\sphinxstopmulticolumn{% - \ifx\equation$% $ tabulary's first pass - \expandafter\sphinx@TYI@stop@multicolumn - \else % either not tabulary or tabulary's second pass - \ignorespaces - \fi -}% -\def\sphinx@TYI@start@multicolumn#1{% - % use \gdef always to avoid stack space build up - \gdef\sphinx@tempa{#1}\begingroup\setbox\z@\hbox\bgroup -}% -\def\sphinx@TYI@stop@multicolumn{\egroup % varwidth was used with \tymax - \xdef\sphinx@tempb{\the\dimexpr\wd\z@/\sphinx@tempa}% per column width - \endgroup - \expandafter\sphinx@TYI@multispan\expandafter{\sphinx@tempa}% -}% -\def\sphinx@TYI@multispan #1{% - \kern\sphinx@tempb\ignorespaces % the per column occupied width - \ifnum#1>\@ne % repeat, taking into account subtleties of TeX's & ... - \expandafter\sphinx@TYI@multispan@next\expandafter{\the\numexpr#1-\@ne\expandafter}% - \fi -}% -\def\sphinx@TYI@multispan@next{&\relax\sphinx@TYI@multispan}% -% -% Now the branch handling either the second pass of tabulary or the single pass -% of tabular/longtable. This is the delicate part where we gather the -% dimensions from the p columns either set-up by tabulary or by user p column -% or Sphinx \X, \Y columns. The difficulty is that to get the said width, the -% template must be inserted (other hacks would be horribly complicated except -% if we rewrote crucial parts of LaTeX's \@array !) and we can not do -% \omit\span like standard \multicolumn's easy approach. Thus we must cancel -% the \vrule separators. Also, perhaps the column specifier is of the l, c, r -% type, then we attempt an ad hoc rescue to give varwidth a reasonable target -% width. -\def\sphinx@start@multicolumn#1{% - \gdef\sphinx@multiwidth{0pt}\gdef\sphinx@tempa{#1}\sphinx@multispan{#1}% -}% -\def\sphinx@multispan #1{% - \ifnum#1=\@ne\expandafter\sphinx@multispan@end - \else\expandafter\sphinx@multispan@next - \fi {#1}% -}% -\def\sphinx@multispan@next #1{% - % trick to recognize L, C, R, J or p, m, b type columns - \ifdim\baselineskip>\z@ - \gdef\sphinx@tempb{\linewidth}% - \else - % if in an l, r, c type column, try and hope for the best - \xdef\sphinx@tempb{\the\dimexpr(\ifx\TY@final\@undefined\linewidth\else - \sphinx@TY@tablewidth\fi-\arrayrulewidth)/\sphinx@tempa - -\tw@\tabcolsep-\arrayrulewidth\relax}% - \fi - \noindent\kern\sphinx@tempb\relax - \xdef\sphinx@multiwidth - {\the\dimexpr\sphinx@multiwidth+\sphinx@tempb+\tw@\tabcolsep+\arrayrulewidth}% - % hack the \vline and the colortbl macros - \sphinx@hack@vline\sphinx@hack@CT&\relax - % repeat - \expandafter\sphinx@multispan\expandafter{\the\numexpr#1-\@ne}% -}% -% packages like colortbl add group levels, we need to "climb back up" to be -% able to hack the \vline and also the colortbl inserted tokens. This creates -% empty space whether or not the columns were | separated: -\def\sphinx@hack@vline{\ifnum\currentgrouptype=6\relax - \kern\arrayrulewidth\arrayrulewidth\z@\else\aftergroup\sphinx@hack@vline\fi}% -\def\sphinx@hack@CT{\ifnum\currentgrouptype=6\relax - \let\CT@setup\sphinx@CT@setup\else\aftergroup\sphinx@hack@CT\fi}% -% It turns out \CT@row@color is not expanded contrarily to \CT@column@color -% during LaTeX+colortbl preamble preparation, hence it would be possible for -% \sphinx@CT@setup to discard only the column color and choose to obey or not -% row color and cell color. It would even be possible to propagate cell color -% to row color for the duration of the Sphinx multicolumn... the (provisional?) -% choice has been made to cancel the colortbl colours for the multicolumn -% duration. -\def\sphinx@CT@setup #1\endgroup{\endgroup}% hack to remove colour commands -\def\sphinx@multispan@end#1{% - % first, trace back our steps horizontally - \noindent\kern-\dimexpr\sphinx@multiwidth\relax - % and now we set the final computed width for the varwidth environment - \ifdim\baselineskip>\z@ - \xdef\sphinx@multiwidth{\the\dimexpr\sphinx@multiwidth+\linewidth}% - \else - \xdef\sphinx@multiwidth{\the\dimexpr\sphinx@multiwidth+ - (\ifx\TY@final\@undefined\linewidth\else - \sphinx@TY@tablewidth\fi-\arrayrulewidth)/\sphinx@tempa - -\tw@\tabcolsep-\arrayrulewidth\relax}% - \fi - % we need to remove colour set-up also for last cell of the multi-column - \aftergroup\sphinx@hack@CT -}% -\newcommand*\sphinxcolwidth[2]{% - % this dimension will always be used for varwidth, and serves as maximum - % width when cells are merged either via multirow or multicolumn or both, - % as always their contents is wrapped in varwidth environment. - \ifnum#1>\@ne % multi-column (and possibly also multi-row) - % we wrote our own multicolumn code especially to handle that (and allow - % verbatim contents) - \ifx\equation$%$ - \tymax % first pass of tabulary (cf MEMO above regarding nesting) - \else % the \@gobble thing is for compatibility with standard \multicolumn - \sphinx@multiwidth\@gobble{#1/#2}% - \fi - \else % single column multirow - \ifx\TY@final\@undefined % not a tabulary. - \ifdim\baselineskip>\z@ - % in a p{..} type column, \linewidth is the target box width - \linewidth - \else - % l, c, r columns. Do our best. - \dimexpr(\linewidth-\arrayrulewidth)/#2- - \tw@\tabcolsep-\arrayrulewidth\relax - \fi - \else % in tabulary - \ifx\equation$%$% first pass - \tymax % it is set to a big value so that paragraphs can express themselves - \else - % second pass. - \ifdim\baselineskip>\z@ - \linewidth % in a L, R, C, J column or a p, \X, \Y ... - \else - % we have hacked \TY@final to put in \sphinx@TY@tablewidth the table width - \dimexpr(\sphinx@TY@tablewidth-\arrayrulewidth)/#2- - \tw@\tabcolsep-\arrayrulewidth\relax - \fi - \fi - \fi - \fi -}% -% fallback default in case user has set latex_use_latex_multicolumn to True: -% \sphinxcolwidth will use this only inside LaTeX's standard \multicolumn -\def\sphinx@multiwidth #1#2{\dimexpr % #1 to gobble the \@gobble (!) - (\ifx\TY@final\@undefined\linewidth\else\sphinx@TY@tablewidth\fi - -\arrayrulewidth)*#2-\tw@\tabcolsep-\arrayrulewidth\relax}% - -%%%%%%%%%%%%%%%%%% -% --- MULTIROW --- -% standard \multirow -% 1. does not allow verbatim contents, -% 2. does not allow blank lines in its argument, -% 3. its * specifier means to typeset "horizontally" which is very -% bad for paragraph content. 2016 version has = specifier but it -% must be used with p type columns only, else results are bad, -% 4. it requires manual intervention if the contents is too long to fit -% in the asked-for number of rows. -% 5. colour panels (either from \rowcolor or \columncolor) will hide -% the bottom part of multirow text, hence manual tuning is needed -% to put the multirow insertion at the _bottom_. -% -% The Sphinx solution consists in always having contents wrapped -% in a varwidth environment so that it makes sense to estimate how many -% lines it will occupy, and then ensure by insertion of suitable struts -% that the table rows have the needed height. The needed mark-up is done -% by LaTeX writer, which has its own id for the merged cells. -% -% The colour issue is solved by clearing colour panels in all cells, -% whether or not the multirow is single-column or multi-column. -% -% In passing we obtain baseline alignements across rows (only if -% \arraystretch is 1, as LaTeX's does not obey \arraystretch in "p" -% multi-line contents, only first and last line...) -% -% TODO: examine the situation with \arraystretch > 1. The \extrarowheight -% is hopeless for multirow anyhow, it makes baseline alignment strictly -% impossible. -\newcommand\sphinxmultirow[2]{\begingroup - % #1 = nb of spanned rows, #2 = Sphinx id of "cell", #3 = contents - % but let's fetch #3 in a way allowing verbatim contents ! - \def\sphinx@nbofrows{#1}\def\sphinx@cellid{#2}% - \afterassignment\sphinx@multirow\let\next= -}% -\def\sphinx@multirow {% - \setbox\z@\hbox\bgroup\aftergroup\sphinx@@multirow\strut -}% -\def\sphinx@@multirow {% - % The contents, which is a varwidth environment, has been captured in - % \box0 (a \hbox). - % We have with \sphinx@cellid an assigned unique id. The goal is to give - % about the same height to all the involved rows. - % For this Sphinx will insert a \sphinxtablestrut{cell_id} mark-up - % in LaTeX file and the expansion of the latter will do the suitable thing. - \dimen@\dp\z@ - \dimen\tw@\ht\@arstrutbox - \advance\dimen@\dimen\tw@ - \advance\dimen\tw@\dp\@arstrutbox - \count@=\dimen@ % type conversion dim -> int - \count\tw@=\dimen\tw@ - \divide\count@\count\tw@ % TeX division truncates - \advance\dimen@-\count@\dimen\tw@ - % 1300sp is about 0.02pt. For comparison a rule default width is 0.4pt. - % (note that if \count@ holds 0, surely \dimen@>1300sp) - \ifdim\dimen@>1300sp \advance\count@\@ne \fi - % now \count@ holds the count L of needed "lines" - % and \sphinx@nbofrows holds the number N of rows - % we have L >= 1 and N >= 1 - % if L is a multiple of N, ... clear what to do ! - % else write L = qN + r, 1 <= r < N and we will - % arrange for each row to have enough space for: - % q+1 "lines" in each of the first r rows - % q "lines" in each of the (N-r) bottom rows - % for a total of (q+1) * r + q * (N-r) = q * N + r = L - % It is possible that q == 0. - \count\tw@\count@ - % the TeX division truncates - \divide\count\tw@\sphinx@nbofrows\relax - \count4\count\tw@ % q - \multiply\count\tw@\sphinx@nbofrows\relax - \advance\count@-\count\tw@ % r - \expandafter\xdef\csname sphinx@tablestrut_\sphinx@cellid\endcsname - {\noexpand\sphinx@tablestrut{\the\count4}{\the\count@}{\sphinx@cellid}}% - \dp\z@\z@ - % this will use the real height if it is >\ht\@arstrutbox - \sphinxtablestrut{\sphinx@cellid}\box\z@ - \endgroup % group was opened in \sphinxmultirow -}% -\newcommand*\sphinxtablestrut[1]{% - % #1 is a "cell_id", i.e. the id of a merged group of table cells - \csname sphinx@tablestrut_#1\endcsname -}% -% LaTeX typesets the table row by row, hence each execution can do -% an update for the next row. -\newcommand*\sphinx@tablestrut[3]{\begingroup - % #1 = q, #2 = (initially) r, #3 = cell_id, q+1 lines in first r rows - % if #2 = 0, create space for max(q,1) table lines - % if #2 > 0, create space for q+1 lines and decrement #2 - \leavevmode - \count@#1\relax - \ifnum#2=\z@ - \ifnum\count@=\z@\count@\@ne\fi - \else - % next row will be with a #2 decremented by one - \expandafter\xdef\csname sphinx@tablestrut_#3\endcsname - {\noexpand\sphinx@tablestrut{#1}{\the\numexpr#2-\@ne}{#3}}% - \advance\count@\@ne - \fi - \vrule\@height\ht\@arstrutbox - \@depth\dimexpr\count@\ht\@arstrutbox+\count@\dp\@arstrutbox-\ht\@arstrutbox\relax - \@width\z@ - \endgroup - % we need this to avoid colour panels hiding bottom parts of multirow text - \sphinx@hack@CT -}% - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxmanual.cls b/krb5-1.21.3/doc/pdf/sphinxmanual.cls deleted file mode 100644 index 2e4b30d9..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxmanual.cls +++ /dev/null @@ -1,128 +0,0 @@ -% -% sphinxmanual.cls for Sphinx (https://www.sphinx-doc.org/) -% - -\NeedsTeXFormat{LaTeX2e}[1995/12/01] -\ProvidesClass{sphinxmanual}[2019/12/01 v2.3.0 Document class (Sphinx manual)] - -% chapters starting at odd pages (overridden by 'openany' document option) -\PassOptionsToClass{openright}{\sphinxdocclass} - -% 'oneside' option overriding the 'twoside' default -\newif\if@oneside -\DeclareOption{oneside}{\@onesidetrue} -% Pass remaining document options to the parent class. -\DeclareOption*{\PassOptionsToClass{\CurrentOption}{\sphinxdocclass}} -\ProcessOptions\relax - -% Defaults two-side document -\if@oneside -% nothing to do (oneside is the default) -\else -\PassOptionsToClass{twoside}{\sphinxdocclass} -\fi - -\LoadClass{\sphinxdocclass} - -% Set some sane defaults for section numbering depth and TOC depth. You can -% reset these counters in your preamble. -% -\setcounter{secnumdepth}{2} -\setcounter{tocdepth}{1} - -% Adapt \and command to the flushright context of \sphinxmaketitle, to -% avoid ragged line endings if author names do not fit all on one single line -\DeclareRobustCommand{\and}{% - \end{tabular}\kern-\tabcolsep - \allowbreak - \hskip\dimexpr1em+\tabcolsep\@plus.17fil\begin{tabular}[t]{c}% -}% -% If it is desired that each author name be on its own line, use in preamble: -%\DeclareRobustCommand{\and}{% -% \end{tabular}\kern-\tabcolsep\\\begin{tabular}[t]{c}% -%}% -% Change the title page to look a bit better, and fit in with the fncychap -% ``Bjarne'' style a bit better. -% -\newcommand{\sphinxmaketitle}{% - \let\sphinxrestorepageanchorsetting\relax - \ifHy@pageanchor\def\sphinxrestorepageanchorsetting{\Hy@pageanchortrue}\fi - \hypersetup{pageanchor=false}% avoid duplicate destination warnings - \begin{titlepage}% - \let\footnotesize\small - \let\footnoterule\relax - \noindent\rule{\textwidth}{1pt}\par - \begingroup % for PDF information dictionary - \def\endgraf{ }\def\and{\& }% - \pdfstringdefDisableCommands{\def\\{, }}% overwrite hyperref setup - \hypersetup{pdfauthor={\@author}, pdftitle={\@title}}% - \endgroup - \begin{flushright}% - \sphinxlogo - \py@HeaderFamily - {\Huge \@title \par} - {\itshape\LARGE \py@release\releaseinfo \par} - \vfill - {\LARGE - \begin{tabular}[t]{c} - \@author - \end{tabular}\kern-\tabcolsep - \par} - \vfill\vfill - {\large - \@date \par - \vfill - \py@authoraddress \par - }% - \end{flushright}%\par - \@thanks - \end{titlepage}% - \setcounter{footnote}{0}% - \let\thanks\relax\let\maketitle\relax - %\gdef\@thanks{}\gdef\@author{}\gdef\@title{} - \clearpage - \ifdefined\sphinxbackoftitlepage\sphinxbackoftitlepage\fi - \if@openright\cleardoublepage\else\clearpage\fi - \sphinxrestorepageanchorsetting -} - -\newcommand{\sphinxtableofcontents}{% - \pagenumbering{roman}% - \begingroup - \parskip \z@skip - \sphinxtableofcontentshook - \tableofcontents - \endgroup - % before resetting page counter, let's do the right thing. - \if@openright\cleardoublepage\else\clearpage\fi - \pagenumbering{arabic}% -} - -% This is needed to get the width of the section # area wide enough in the -% library reference. Doing it here keeps it the same for all the manuals. -% -\newcommand{\sphinxtableofcontentshook}{% - \renewcommand*\l@section{\@dottedtocline{1}{1.5em}{2.6em}}% - \renewcommand*\l@subsection{\@dottedtocline{2}{4.1em}{3.5em}}% -} - -% Fix the bibliography environment to add an entry to the Table of -% Contents. -% For a report document class this environment is a chapter. -% -\newenvironment{sphinxthebibliography}[1]{% - \if@openright\cleardoublepage\else\clearpage\fi - % \phantomsection % not needed here since TeXLive 2010's hyperref - \begin{thebibliography}{#1}% - \addcontentsline{toc}{chapter}{\bibname}}{\end{thebibliography}} - -% Same for the indices. -% The memoir class already does this, so we don't duplicate it in that case. -% -\@ifclassloaded{memoir} - {\newenvironment{sphinxtheindex}{\begin{theindex}}{\end{theindex}}} - {\newenvironment{sphinxtheindex}{% - \if@openright\cleardoublepage\else\clearpage\fi - \phantomsection % needed as no chapter, section, ... created - \begin{theindex}% - \addcontentsline{toc}{chapter}{\indexname}}{\end{theindex}}} diff --git a/krb5-1.21.3/doc/pdf/sphinxmessages.sty b/krb5-1.21.3/doc/pdf/sphinxmessages.sty deleted file mode 100644 index 68ebffa8..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxmessages.sty +++ /dev/null @@ -1,21 +0,0 @@ -% -% sphinxmessages.sty -% -% message resources for Sphinx -% -\ProvidesPackage{sphinxmessages}[2019/01/04 v2.0 Localized LaTeX macros (Sphinx team)] - -\renewcommand{\literalblockcontinuedname}{continued from previous page} -\renewcommand{\literalblockcontinuesname}{continues on next page} -\renewcommand{\sphinxnonalphabeticalgroupname}{Non\sphinxhyphen{}alphabetical} -\renewcommand{\sphinxsymbolsname}{Symbols} -\renewcommand{\sphinxnumbersname}{Numbers} -\def\pageautorefname{page} - -\addto\captionsenglish{\renewcommand{\figurename}{Fig.\@{} }} -\def\fnum@figure{\figurename\thefigure{}} - -\addto\captionsenglish{\renewcommand{\tablename}{Table }} -\def\fnum@table{\tablename\thetable{}} - -\addto\captionsenglish{\renewcommand{\literalblockname}{Listing}} \ No newline at end of file diff --git a/krb5-1.21.3/doc/pdf/sphinxoptionsgeometry.sty b/krb5-1.21.3/doc/pdf/sphinxoptionsgeometry.sty deleted file mode 100644 index af5a804d..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxoptionsgeometry.sty +++ /dev/null @@ -1,54 +0,0 @@ -%% OPTIONS FOR GEOMETRY -% -% change this info string if making any custom modification -\ProvidesFile{sphinxoptionsgeometry.sty}[2021/01/27 geometry] - -% geometry -\ifx\kanjiskip\@undefined - \PassOptionsToPackage{% - hmargin={\unexpanded{\spx@opt@hmargin}},% - vmargin={\unexpanded{\spx@opt@vmargin}},% - marginpar=\unexpanded{\spx@opt@marginpar}} - {geometry} -\else - % set text width for Japanese documents to be integer multiple of 1zw - % and text height to be integer multiple of \baselineskip - % the execution is delayed to \sphinxsetup then geometry.sty - \normalsize\normalfont - \newcommand*\sphinxtextwidthja[1]{% - \if@twocolumn\tw@\fi - \dimexpr - \numexpr\dimexpr\paperwidth-\tw@\dimexpr#1\relax\relax/ - \dimexpr\if@twocolumn\tw@\else\@ne\fi zw\relax - zw\relax}% - \newcommand*\sphinxmarginparwidthja[1]{% - \dimexpr\numexpr\dimexpr#1\relax/\dimexpr1zw\relax zw\relax}% - \newcommand*\sphinxtextlinesja[1]{% - \numexpr\@ne+\dimexpr\paperheight-\topskip-\tw@\dimexpr#1\relax\relax/ - \baselineskip\relax}% - \ifx\@jsc@uplatextrue\@undefined\else - % the way we found in order for the papersize special written by - % geometry in the dvi file to be correct in case of jsbook class - \ifnum\mag=\@m\else % do nothing special if nomag class option or 10pt - \PassOptionsToPackage{truedimen}{geometry}% - \fi - \fi - \PassOptionsToPackage{% - hmarginratio={1:1},% - textwidth=\unexpanded{\sphinxtextwidthja{\spx@opt@hmargin}},% - vmarginratio={1:1},% - lines=\unexpanded{\sphinxtextlinesja{\spx@opt@vmargin}},% - marginpar=\unexpanded{\sphinxmarginparwidthja{\spx@opt@marginpar}},% - footskip=2\baselineskip,% - }{geometry}% - \AtBeginDocument - {% update a dimension used by the jsclasses - \ifx\@jsc@uplatextrue\@undefined\else\fullwidth\textwidth\fi - % for some reason, jreport normalizes all dimensions with \@settopoint - \@ifclassloaded{jreport} - {\@settopoint\textwidth\@settopoint\textheight\@settopoint\marginparwidth} - {}% <-- "false" clause of \@ifclassloaded - }% -\fi - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxoptionshyperref.sty b/krb5-1.21.3/doc/pdf/sphinxoptionshyperref.sty deleted file mode 100644 index b88f108d..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxoptionshyperref.sty +++ /dev/null @@ -1,35 +0,0 @@ -%% Bookmarks and hyperlinks -% -% change this info string if making any custom modification -\ProvidesFile{sphinxoptionshyperref.sty}[2021/01/27 hyperref] - -% to make pdf with correct encoded bookmarks in Japanese -% this should precede the hyperref package -\ifx\kanjiskip\@undefined -% for non-Japanese: make sure bookmarks are ok also with lualatex - \PassOptionsToPackage{pdfencoding=unicode}{hyperref} -\else - \RequirePackage{atbegshi} - \ifx\ucs\@undefined - \ifnum 42146=\euc"A4A2 - \AtBeginShipoutFirst{\special{pdf:tounicode EUC-UCS2}} - \else - \AtBeginShipoutFirst{\special{pdf:tounicode 90ms-RKSJ-UCS2}} - \fi - \else - \AtBeginShipoutFirst{\special{pdf:tounicode UTF8-UCS2}} - \fi -\fi - -\ifx\@jsc@uplatextrue\@undefined\else - \PassOptionsToPackage{setpagesize=false}{hyperref} -\fi - -% These options can be overridden inside 'hyperref' key -% or by later use of \hypersetup. -\PassOptionsToPackage{colorlinks,breaklinks,% - linkcolor=InnerLinkColor,filecolor=OuterLinkColor,% - menucolor=OuterLinkColor,urlcolor=OuterLinkColor,% - citecolor=InnerLinkColor}{hyperref} - -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxpackagecyrillic.sty b/krb5-1.21.3/doc/pdf/sphinxpackagecyrillic.sty deleted file mode 100644 index 9aa62fc2..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxpackagecyrillic.sty +++ /dev/null @@ -1,55 +0,0 @@ -%% CYRILLIC IN NON-CYRILLIC DOCUMENTS (pdflatex only) -% -% refs: https://tex.stackexchange.com/q/460271/ -\ProvidesPackage{sphinxpackagecyrillic}% - [2018/11/21 v2.0 support for Cyrillic in non-Cyrillic documents] -\RequirePackage{kvoptions} -\SetupKeyvalOptions{prefix=spx@cyropt@} % use \spx@cyropt@ prefix -\DeclareBoolOption[false]{Xtwo} -\DeclareBoolOption[false]{TtwoA} -\DeclareDefaultOption{\@unknownoptionerror} -\ProcessLocalKeyvalOptions* % ignore class options - -\ifspx@cyropt@Xtwo -% original code by tex.sx user egreg (updated 2019/10/28): -% https://tex.stackexchange.com/a/460325/ -% 159 Cyrillic glyphs as available in X2 TeX 8bit font encoding -% This assumes inputenc loaded with utf8 option, or LaTeX release -% as recent as 2018/04/01 which does it automatically. - \@tfor\next:=% - {Ð}{Ђ}{Є}{Ð…}{І}{Ј}{Љ}{Њ}{Ћ}{ÐŽ}{Ð}{Ð}{Б}{Ð’}{Г}{Д}{Е}{Ж}{З}{И}{Й}% - {К}{Л}{М}{Ð}{О}{П}{Р}{С}{Т}{У}{Ф}{Ð¥}{Ц}{Ч}{Ш}{Щ}{Ъ}{Ы}{Ь}{Э}{Ю}% - {Я}{а}{б}{в}{г}{д}{е}{ж}{з}{и}{й}{к}{л}{м}{н}{о}{п}{Ñ€}{Ñ}{Ñ‚}{у}% - {Ñ„}{Ñ…}{ц}{ч}{ш}{щ}{ÑŠ}{Ñ‹}{ÑŒ}{Ñ}{ÑŽ}{Ñ}{Ñ‘}{Ñ’}{Ñ”}{Ñ•}{Ñ–}{ј}{Ñ™}{Ñš}{Ñ›}% - {Ñž}{ÑŸ}{Ñ¢}{Ñ£}{Ѫ}{Ñ«}{Ñ´}{ѵ}{Ò}{Ò‘}{Ò’}{Ò“}{Ò”}{Ò•}{Ò–}{Ò—}{Ò˜}{Ò™}{Òš}{Ò›}{Òœ}{Ò}% - {Òž}{ÒŸ}{Ò }{Ò¡}{Ò¢}{Ò£}{Ò¤}{Ò¥}{Ò¦}{Ò§}{Ò¨}{Ò©}{Òª}{Ò«}{Ò¬}{Ò­}{Ò®}{Ò¯}{Ò°}{Ò±}{Ò²}{Ò³}% - {Ò´}{Òµ}{Ò¶}{Ò·}{Ò¸}{Ò¹}{Òº}{Ò»}{Ò¼}{Ò½}{Ò¾}{Ò¿}{Ó€}{Óƒ}{Ó„}{Ó…}{Ó†}{Ó‡}{Óˆ}{Ó‹}{ÓŒ}% - {Ó}{ÓŽ}{Ó”}{Ó•}{Ó˜}{Ó™}{Ó }{Ó¡}{Ó¨}{Ó©}\do - {% - \begingroup\def\IeC{\protect\DeclareTextSymbolDefault}% - \protected@edef\@temp{\endgroup - \@ifl@t@r{\fmtversion}{2019/10/01}{\csname u8:\next\endcsname}{\next}}% - \@temp{X2}% - }% -\else -\ifspx@cyropt@TtwoA -% original code by tex.sx user jfbu: -% https://tex.stackexchange.com/a/460305/ -% 63*2+1=127 Cyrillic glyphs as found in T2A 8bit TeX font-encoding - \@tfor\@tempa:=% - {ae}{a}{b}{chrdsc}{chvcrs}{ch}{c}{dje}{dze}{dzhe}{d}{erev}{ery}{e}% - {f}{ghcrs}{gup}{g}{hdsc}{hrdsn}{h}{ie}{ii}{ishrt}{i}{je}% - {kbeak}{kdsc}{kvcrs}{k}{lje}{l}{m}{ndsc}{ng}{nje}{n}{otld}{o}{p}{r}% - {schwa}{sdsc}{sftsn}{shch}{shha}{sh}{s}{tshe}{t}{ushrt}{u}{v}% - {ya}{yhcrs}{yi}{yo}{yu}{y}{zdsc}{zhdsc}{zh}{z}\do - {% - \expandafter\DeclareTextSymbolDefault\expandafter - {\csname cyr\@tempa\endcsname}{T2A}% - \expandafter\uppercase\expandafter{\expandafter - \def\expandafter\@tempa\expandafter{\@tempa}}% - \expandafter\DeclareTextSymbolDefault\expandafter - {\csname CYR\@tempa\endcsname}{T2A}% - }% - \DeclareTextSymbolDefault{\CYRpalochka}{T2A}% -\fi\fi -\endinput diff --git a/krb5-1.21.3/doc/pdf/sphinxpackagefootnote.sty b/krb5-1.21.3/doc/pdf/sphinxpackagefootnote.sty deleted file mode 100644 index a6071cf1..00000000 --- a/krb5-1.21.3/doc/pdf/sphinxpackagefootnote.sty +++ /dev/null @@ -1,396 +0,0 @@ -\NeedsTeXFormat{LaTeX2e} -\ProvidesPackage{sphinxpackagefootnote}% - [2021/02/04 v1.1d footnotehyper adapted to sphinx (Sphinx team)] -% Provides support for this output mark-up from Sphinx latex writer: -% - footnote environment -% - savenotes environment (table templates) -% - \sphinxfootnotemark -% -%% -%% Package: sphinxpackagefootnote -%% Version: based on footnotehyper.sty 2021/02/04 v1.1d -%% as available at https://www.ctan.org/pkg/footnotehyper -%% License: the one applying to Sphinx -%% -%% Refer to the PDF documentation at https://www.ctan.org/pkg/footnotehyper for -%% the code comments. -%% -%% Differences: -%% 1. a partial tabulary compatibility layer added (enough for Sphinx mark-up), -%% 2. use of \spx@opt@BeforeFootnote from sphinx.sty, -%% 3. use of \sphinxunactivateextrasandspace from sphinx.sty, -%% 4. macro definition \sphinxfootnotemark, -%% 5. macro definition \sphinxlongtablepatch -%% 6. replaced some \undefined by \@undefined -\newif\iffootnotehyperparse\footnotehyperparsetrue -\DeclareOption*{\PackageWarning{sphinxpackagefootnote}{Option `\CurrentOption' is unknown}}% -\ProcessOptions\relax -\newbox\FNH@notes -\newtoks\FNH@toks % 1.1c -\newdimen\FNH@width -\let\FNH@colwidth\columnwidth -\newif\ifFNH@savingnotes -\AtBeginDocument {% - \let\FNH@latex@footnote \footnote - \let\FNH@latex@footnotetext\footnotetext - \let\FNH@H@@footnotetext \@footnotetext - \let\FNH@H@@mpfootnotetext \@mpfootnotetext - \newenvironment{savenotes} - {\FNH@savenotes\ignorespaces}{\FNH@spewnotes\ignorespacesafterend}% - \let\spewnotes \FNH@spewnotes - \let\footnote \FNH@footnote - \let\footnotetext \FNH@footnotetext - \let\endfootnote \FNH@endfntext - \let\endfootnotetext\FNH@endfntext - \@ifpackageloaded{hyperref} - {\ifHy@hyperfootnotes - \let\FNH@H@@footnotetext\H@@footnotetext - \let\FNH@H@@mpfootnotetext\H@@mpfootnotetext - \else - \let\FNH@hyper@fntext\FNH@nohyp@fntext - \fi}% - {\let\FNH@hyper@fntext\FNH@nohyp@fntext}% -}% -\def\FNH@hyper@fntext{\FNH@fntext\FNH@hyper@fntext@i}% -\def\FNH@nohyp@fntext{\FNH@fntext\FNH@nohyp@fntext@i}% -\def\FNH@fntext #1{% - \ifx\ifmeasuring@\@undefined - \expandafter\@secondoftwo\else\expandafter\@firstofone\fi -% these two lines modified for Sphinx (tabulary compatibility): - {\ifmeasuring@\expandafter\@gobbletwo\else\expandafter\@firstofone\fi}% - {\ifx\equation$\expandafter\@gobbletwo\fi #1}%$ -}% -\long\def\FNH@hyper@fntext@i#1{% - \global\setbox\FNH@notes\vbox - {\unvbox\FNH@notes - \FNH@startnote - \@makefntext - {\rule\z@\footnotesep\ignorespaces - \ifHy@nesting\expandafter\ltx@firstoftwo - \else\expandafter\ltx@secondoftwo - \fi - {\expandafter\hyper@@anchor\expandafter{\Hy@footnote@currentHref}{#1}}% - {\Hy@raisedlink - {\expandafter\hyper@@anchor\expandafter{\Hy@footnote@currentHref}% - {\relax}}% - \let\@currentHref\Hy@footnote@currentHref - \let\@currentlabelname\@empty - #1}% - \@finalstrut\strutbox - }% - \FNH@endnote - }% -}% -\long\def\FNH@nohyp@fntext@i#1{% - \global\setbox\FNH@notes\vbox - {\unvbox\FNH@notes - \FNH@startnote - \@makefntext{\rule\z@\footnotesep\ignorespaces#1\@finalstrut\strutbox}% - \FNH@endnote - }% -}% -\def\FNH@startnote{% - \hsize\FNH@colwidth - \interlinepenalty\interfootnotelinepenalty - \reset@font\footnotesize - \floatingpenalty\@MM - \@parboxrestore - \protected@edef\@currentlabel{\csname p@\@mpfn\endcsname\@thefnmark}% - \color@begingroup -}% -\def\FNH@endnote{\color@endgroup}% -\def\FNH@savenotes{% - \begingroup - \ifFNH@savingnotes\else - \FNH@savingnotestrue - \let\@footnotetext \FNH@hyper@fntext - \let\@mpfootnotetext \FNH@hyper@fntext - \let\H@@mpfootnotetext\FNH@nohyp@fntext - \FNH@width\columnwidth - \let\FNH@colwidth\FNH@width - \global\setbox\FNH@notes\box\voidb@x - \let\FNH@thempfn\thempfn - \let\FNH@mpfn\@mpfn - \ifx\@minipagerestore\relax\let\@minipagerestore\@empty\fi - \expandafter\def\expandafter\@minipagerestore\expandafter{% - \@minipagerestore - \let\thempfn\FNH@thempfn - \let\@mpfn\FNH@mpfn - }% - \fi -}% -\def\FNH@spewnotes {% - \if@endpe\ifx\par\@@par\FNH@toks{}\else - \FNH@toks\expandafter{\expandafter - \def\expandafter\par\expandafter{\par}\@endpetrue}% - \expandafter\expandafter\expandafter - \FNH@toks - \expandafter\expandafter\expandafter - {\expandafter\the\expandafter\FNH@toks - \expandafter\def\expandafter\@par\expandafter{\@par}}% - \expandafter\expandafter\expandafter - \FNH@toks - \expandafter\expandafter\expandafter - {\expandafter\the\expandafter\FNH@toks - \expandafter\everypar\expandafter{\the\everypar}}\fi - \else\FNH@toks{}\fi - \expandafter - \endgroup\the\FNH@toks - \ifFNH@savingnotes\else - \ifvoid\FNH@notes\else - \begingroup - \let\@makefntext\@empty - \let\@finalstrut\@gobble - \let\rule\@gobbletwo - \ifx\@footnotetext\@mpfootnotetext - \expandafter\FNH@H@@mpfootnotetext - \else - \expandafter\FNH@H@@footnotetext - \fi{\unvbox\FNH@notes}% - \endgroup - \fi - \fi -}% -\def\FNH@footnote@envname {footnote}% -\def\FNH@footnotetext@envname{footnotetext}% -\def\FNH@footnote{% -% this line added for Sphinx: - \spx@opt@BeforeFootnote - \ifx\@currenvir\FNH@footnote@envname - \expandafter\FNH@footnoteenv - \else - \expandafter\FNH@latex@footnote - \fi -}% -\def\FNH@footnoteenv{% -% this line added for Sphinx (footnotes in parsed literal blocks): - \catcode13=5 \sphinxunactivateextrasandspace - \@ifnextchar[% - \FNH@footnoteenv@i %] - {\stepcounter\@mpfn - \protected@xdef\@thefnmark{\thempfn}% - \@footnotemark - \def\FNH@endfntext@fntext{\@footnotetext}% - \FNH@startfntext}% -}% -\def\FNH@footnoteenv@i[#1]{% - \begingroup - \csname c@\@mpfn\endcsname #1\relax - \unrestored@protected@xdef\@thefnmark{\thempfn}% - \endgroup - \@footnotemark - \def\FNH@endfntext@fntext{\@footnotetext}% - \FNH@startfntext -}% -\def\FNH@footnotetext{% - \ifx\@currenvir\FNH@footnotetext@envname - \expandafter\FNH@footnotetextenv - \else - \expandafter\FNH@latex@footnotetext - \fi -}% -\def\FNH@footnotetextenv{% - \@ifnextchar[% - \FNH@footnotetextenv@i %] - {\protected@xdef\@thefnmark{\thempfn}% - \def\FNH@endfntext@fntext{\@footnotetext}% - \FNH@startfntext}% -}% -\def\FNH@footnotetextenv@i[#1]{% - \begingroup - \csname c@\@mpfn\endcsname #1\relax - \unrestored@protected@xdef\@thefnmark{\thempfn}% - \endgroup - \ifFNH@savingnotes - \def\FNH@endfntext@fntext{\FNH@nohyp@fntext}% - \else - \def\FNH@endfntext@fntext{\FNH@H@@footnotetext}% - \fi - \FNH@startfntext -}% -\def\FNH@startfntext{% - \setbox\z@\vbox\bgroup - \FNH@startnote - \FNH@prefntext - \rule\z@\footnotesep\ignorespaces -}% -\def\FNH@endfntext {% - \@finalstrut\strutbox - \FNH@postfntext - \FNH@endnote - \egroup - \begingroup - \let\@makefntext\@empty\let\@finalstrut\@gobble\let\rule\@gobbletwo - \FNH@endfntext@fntext {\unvbox\z@}% - \endgroup -}% -\let\FNH@prefntext\@empty -\let\FNH@postfntext\@empty -\AtBeginDocument{\iffootnotehyperparse\expandafter\FNH@check\fi}% -\def\FNH@safeif#1{% - \iftrue\csname if#1\endcsname\csname fi\endcsname\expandafter\@firstoftwo - \else\csname fi\endcsname\expandafter\@secondoftwo - \fi -}% -\def\FNH@check{% - \ifx\@makefntextFB\@undefined\expandafter\FNH@check@ - \else\expandafter\FNH@frenchb@ - \fi -}% -\def\FNH@frenchb@{% - \def\FNH@prefntext{% - \localleftbox{}% - \let\FBeverypar@save\FBeverypar@quote - \let\FBeverypar@quote\relax - \FNH@safeif{FB@koma}% - {\FNH@safeif{FBFrenchFootnotes}% - {\ifx\footnote\thanks - \let\@@makefnmark\@@makefnmarkTH - \@makefntextTH{} % space as in french.ldf - \else - \let\@@makefnmark\@@makefnmarkFB - \@makefntextFB{} % space as in french.ldf - \fi - }{\let\@@makefnmark\@@makefnmarkORI - \@makefntextORI{}% no space as in french.ldf - }% - }% - {\FNH@safeif{FBFrenchFootnotes}% - {\@makefntextFB{}}% - {\@makefntextORI{}}% - }% - }% - \def\FNH@postfntext{% - \let\FBeverypar@quote\FBeverypar@save - \localleftbox{\FBeveryline@quote}% - }% -}% -\def\FNH@check@{% - \expandafter\FNH@check@a\@makefntext{1.2!3?4,}% - \FNH@@@1.2!3?4,\FNH@@@\relax -}% -\long\def\FNH@check@a #11.2!3?4,#2\FNH@@@#3{% - \ifx\relax#3\expandafter\FNH@checkagain@ - \else - \def\FNH@prefntext{#1}\def\FNH@postfntext{#2}% - \expandafter\FNH@check@b - \fi -}% -\def\FNH@checkagain@{% - \expandafter\FNH@checkagain@a - \detokenize\expandafter{\@makefntext{1.2!3?4,}}\relax\FNH@@@ -}% -\edef\FNH@temp{\noexpand\FNH@checkagain@a ##1\string{1.2!3?4,\string}}% -\expandafter\def\FNH@temp#2#3\FNH@@@{% - \ifx\relax#2% - \def\FNH@prefntext{\@makefntext{}}% - \else\FNH@bad@makefntext@alert - \fi -}% -\def\FNH@check@b #1\relax{% - \expandafter\expandafter\expandafter\FNH@check@c - \expandafter\meaning\expandafter\FNH@prefntext - \meaning\FNH@postfntext1.2!3?4,\FNH@check@c\relax -}% -\def\FNH@check@c #11.2!3?4,#2#3\relax{% - \ifx\FNH@check@c#2\else\FNH@bad@makefntext@alert\fi -}% -% slight reformulation for Sphinx -\def\FNH@bad@makefntext@alert{% - \PackageWarningNoLine{sphinxpackagefootnote}% - {Footnotes will be sub-optimal, sorry. This is due to the document class or^^J - some package modifying macro \string\@makefntext.^^J - You can try to report this incompatibility at^^J - https://github.com/sphinx-doc/sphinx with this info:}% - \typeout{\meaning\@makefntext}% - \let\FNH@prefntext\@empty\let\FNH@postfntext\@empty -}% -% this macro from original footnote.sty is not used anymore by Sphinx -% but for simplicity sake let's just keep it as is -\def\makesavenoteenv{\@ifnextchar[\FNH@msne@ii\FNH@msne@i}%] -\def\FNH@msne@i #1{% - \expandafter\let\csname FNH$#1\expandafter\endcsname %$ - \csname #1\endcsname - \expandafter\let\csname endFNH$#1\expandafter\endcsname %$ - \csname end#1\endcsname - \FNH@msne@ii[#1]{FNH$#1}%$ -}% -\def\FNH@msne@ii[#1]#2{% - \expandafter\edef\csname#1\endcsname{% - \noexpand\savenotes - \expandafter\noexpand\csname#2\endcsname - }% - \expandafter\edef\csname end#1\endcsname{% - \expandafter\noexpand\csname end#2\endcsname - \noexpand\expandafter - \noexpand\spewnotes - \noexpand\if@endpe\noexpand\@endpetrue\noexpand\fi - }% -}% -% -% some extras for Sphinx : -% \sphinxfootnotemark: usable in section titles and silently removed from TOCs. -\def\sphinxfootnotemark [#1]% - {\ifx\thepage\relax\else\sphinxfootref{#1}\fi}% -% \sphinxfootref: -% - \spx@opt@BeforeFootnote is from BeforeFootnote sphinxsetup option -% - \ref: -% the latex.py writer inserts a \phantomsection\label{.} -% whenever -% - the footnote was explicitly numbered in sources, -% - or it was in restrained context and is rendered using footnotetext -% -% These are the two types of footnotes that \sphinxfootnotemark must -% handle. But for explicitly numbered footnotes the same number -% can be found in document. So a secondary part in is updated -% at each novel such footnote to know what is the target from then on -% for \sphinxfootnotemark and already encountered [1], or [2],... -% -% LaTeX package varioref is not supported by hyperref (from its doc: "There -% are too many problems with varioref. Nobody has time to sort them out. -% Therefore this package is now unsupported.") So we will simply use our own -% macros to access the page number of footnote text and decide whether to print -% it. \pagename is internationalized by latex-babel. -\def\spx@thefnmark#1#2{% - % #1=label for reference, #2=page where footnote was printed - \ifx\spx@tempa\spx@tempb - % same page - #1% - \else - \sphinxthefootnotemark{#1}{#2}% - \fi -}% -\def\sphinxfootref@get #1#2#3#4#5\relax{% - \def\sphinxfootref@label{#1}% - \def\sphinxfootref@page {#2}% - \def\sphinxfootref@Href {#4}% -}% -\protected\def\sphinxfootref#1{% #1 always explicit number in Sphinx usage - \spx@opt@BeforeFootnote - \ltx@ifundefined{r@\thesphinxscope.#1}% - {\gdef\@thefnmark{?}\H@@footnotemark}% - {\expandafter\expandafter\expandafter\sphinxfootref@get - \csname r@\thesphinxscope.#1\endcsname\relax - \edef\spx@tempa{\thepage}\edef\spx@tempb{\sphinxfootref@page}% - \protected@xdef\@thefnmark{\spx@thefnmark{\sphinxfootref@label}{\sphinxfootref@page}}% - \let\spx@@makefnmark\@makefnmark - \def\@makefnmark{% - \hyper@linkstart{link}{\sphinxfootref@Href}% - \spx@@makefnmark - \hyper@linkend - }% - \H@@footnotemark - \let\@makefnmark\spx@@makefnmark - }% -}% -\AtBeginDocument{% - % let hyperref less complain - \pdfstringdefDisableCommands{\def\sphinxfootnotemark [#1]{}}% - % to obtain hyperlinked footnotes in longtable environment we must replace - % hyperref's patch of longtable's patch of \@footnotetext by our own - \let\LT@p@ftntext\FNH@hyper@fntext - % this *requires* longtable to be used always wrapped in savenotes environment -}% -\endinput -%% -%% End of file `sphinxpackagefootnote.sty'. diff --git a/krb5-1.21.3/doc/pdf/user.pdf b/krb5-1.21.3/doc/pdf/user.pdf deleted file mode 100644 index 397b0864ca064c6a909322e3ce2d7ce7c4d6b6dc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 254843 zcma&N1CV7)*DYGMtuEVkb+OCnvTdu&wr$(CZQHJ0wvE>}?)UEdBfb;wo)xhobFLW~ zJ2E5Z$dPl7P4-(vl#Yp>4TfxXacC8WiI9=d*1!UWmluXX+StbQj~O8+D+}TOeqb0x z&8_|zI}kF6TIv5W7BM!oH8O_z`4h(RkAtzkHH_=JwX%%uJ|j}sv8pR#(mLpn?5Ju` zY-XT1UULbo>c&%z4a%0~t zvDs$fM;jjm2Z!>G7D6=-Kle(z^Cll(>2aRz@>QkHgmTl_(=m^nj?>h8krT=JcVU0m zWrrNhTj@sBJKtJr7=(TUf6sfArL?JD6fh*zWOH2c;)dS>SyHU}x$<%ZI8hR}9Qe%Wb}9ih+YdB*IQD6s z2c@q(65DCN&t%VK-nHYlNzE)ZeZx8>GWfR%)J=)fQ|Kj9YS@R5^mPhJ4n@LHNzG42l3}r7v9a(D(-xdi;)R%fSwW_)xCo`Q z2S#8s7SHOZ0f`0DNEez8)}2%sMyvKh8^UHf*uZ4kXTES9FZU(`YGp7tQ#i>+V0Xi# zgk@0e>Gy-#&;k|r%^Wh$GN7uls|f@H_TD7?36>9!)1#~2v=p-rF~3I3dPaI-_p~`- zPxaJ8fH~$OndHXZFz}5Jnr@fft*{2pX^r5l)dyP>6$=z4O?D9JGMLQ6z_`JL$&H~6 zS*I0-2gg>iLMH}EQAEhou;C_PhOx+Lum?IT4Wu8(uuuW|V-~|$gvWgb4^wWnSRa{? z1tBzlt&=fzAECAnq`0rl$C5$QPv~29AIV2`pKx`DAUje$I-@BOm{10gR{D*%BVSa}(e4+9KDgtX?V$@-7 z2^#)7bRva5LUO=+w303EB9wpsxFyI8_ZYg#+jqs=3+a%4g1XmH_VMDflLy?}cRgoJ zFuurvcp087k9hT5Z$7g8xriCfC-CYSjv-Q!bGpGCzny4-F}5-KPgMQw{jZ2*`5%#~ zudhC!B)iIMSt#ioPfA3{zRmj4sEOiXN?|2A^F)HY=C#Lzr6@9Bd7`jpG-P9G;8;4*?15Fke9N zE$i2sYR$d)sxw#nTQf13z>%Q@ub=D(@)f(Jaqi>5Gu<$cg6$d)fArGmq5G=dAc1ft zzy(Q9r;Ft6;?VuNX&{pejCTw&7(|zmKIjB@44^4MVtgk1ZQyWm%X8y@o9K%vzz)n{ zvm6YfM=21LOd! z2zGQ#4`vmRU?7s033GH{-O>OD;N!L$Vj+Ky4y?9JiF9S z*-Trlk!nH86N!t6=Q@OcsF6CP;}6!dDlDlc7b%Den>qClSICZD!m2j$xUAHJr%8_I$jg=xeN{j#eg{JFWEIsXMy3wVsLFmxgxxF=2_i`O4 z4Rb!z#nh~qp*_aMsGDkzVf?B3+FeBd{G?6U9rDdY%C;_8hviHuLp^13t28JcM{${N z(s{9V_v?7;TeZYe=dEyvA@O-@_Pg-__s3()b{4fLjULPKlB}&eO|*1}ZwmMEJ`?k~ zMcQYR=JCiCpws4=@bH|z-wCs6=q0YqDUqi92lZUg*_>!A#pJo0i{!_8)X=NLj8=c1VwPS!lx}?VGCZPzXPoNprniQ^$g`%b^Rk zrOy{D`BZl^5Q7+PFU&zoj8rMx=5USbJl^@*AJQq@Ev}NcRoXI_fCVKCLzV%as7Kta zqu)H+&Lc7@=vF%G*AABWIa2qUngfI_;e8`-Zxx4J&*<&gcAQY!>hLpc0+4`{AmvD} zAv039s`4LE0g)B4HOhmAL)Jt)h(g86qXjn6#o9GGiw=uox)kLHW~wVfvyZGj&%kT~ zJJzPyt=q;oDeZ46eIsJ4*6jV^=a56)Cs&ovKjAR>cq~IYccP!ZfY%X)Y!se40Ko+A zo1WF4w^{I+G@BmPAJ+f}37qO28kxgur!0c<^^wbMme6y2ep)SlR0NN?VWt|ajWfm{ z2zVhT5#V@*SjOz`%w&X^!LLiYVG!S2hT>DCu9fk{`^0H z9w+nvfW7|^5;jiue@{r1CZhimlFnnAPDs+D-d#vi#_(7|#ION`0^q7Am@s`3K@_sR z-kq9?jNVBLM3JS#`i_cAlN*2`kH*nbU-V=JT26CSwTy|_+>F;HJcNCcHbe8pcGZ;i zc1^SGenDA%)#V_g#>jd7iB6`gw#l)jjmOgWFB%W(@e(k%K|52Q7@dR~IVT zg?8ecq-L)v*6aDyJAv*=3f#n0_oeN**m3Zd zB^rrB_o0jYb6T*ZH3I?zolQ9dNUZ_mk?M|66;X z{Oqr>RMyRPFdZ~EMa37@3mP&$k8tsXS_m)si-0?ep_cHsrlXC%&r@F}Pu!o5&{2CV z@T|cejrovvJ?ale=?d+q#&X?1=xgHUH;{{GYAK!NK_Nx2E!hO#vg?);)Um zucB$D$XB;5XAAcZ_fZjNG;U{pe@H82Kv85xrJr!!Pb5F zn$m5q0E!%+3CwL3iRPm!L~+CAnY6ng5nFVPt(>25 zNRhQCnCPDAru#B|4=19N$N`OIzVY!j{G#J$s)l~&CvVoH{=((ESrhR+Cdpr>ESE7c zWA??$>TcHI;_zO}Waq(!&(A89z^YLrQSdw*QFd(aGHdknkpH%3tYee!{qepuY@kl6 z;tJP``^tjvqTS_36{U89vT_y47TbNcp-&!xzJ}76xBO1~Jd( z+JdCgB)T8gkAX!=QK!Q-zZn#j6rD`pUwj`CFD!Rw|y;*RW^ zR%1GM+?(@A`L!L58xBswnucsmR@rLgZg0L7L%%h@#8Z60o}C3s5ANx}U|bdL?&*Y+ zZc4=kdr;NeG5o^6DpCvdpi2JhM7}Db?C(O`i4G~{72PTNo~C{edw;VlP>B!npi_1= zFxq4Km|*T?pZCE;`&vxd&d;Gnc-HU=3*n-{pB5rp$h>&0T>(i!Gxcd-c{IkFq-yzw z@JP0g-H?^*i81sEO!B($G5rVw=2M>IC!n6t|EG{*{cp7Y%WawdEs3>Ok+I$2MC*K4 zHA4iR7q;*gPt?MK5FZ0^FjHLYGpLCkG=d+jC)x=4cwg$Q8^~V`h(dmR+3qCbTHMm* z=RoY{?;M1DS2ph1KefZ|c=_$KgKz5MGL_eH0kHc*HY9l8*jQ+}ICec@zs=lQiJ1b_ z^7y3r6NFrS&W~s=enSSmG~+5jof$pP+~$OoTxUQAg&uFcdbuY+G(a1pjvqYk*z;Z@ z475o5C`-zKp6Asdderhx9j!>NeW<)UaXbK;w4VI;S*+{5SF&p4?shIqoSEG2?YT!j z0XOccbSY~eD-U;n@c9F${&vkT0Ij&&_3vRb51nmzG1tgVENq%p^*_61&5N_Wt)7`O zN-%!vYMmx{;dp;>4o{9Ykk?(!jx5-34B7K^4y`GaDK}efEYTu-5?sTXc6RCrJMsl# zc)wXvYqCD(>r5pVrDY$=L9AHEDz!*(GuWuN`?LU>vYFPU9nn#!(IxdrT9K{5aS=0N zZHzm6H}f$rI8{MYCe8h5`XWGF1uuO0>L%d_(d}e9foxLwfojqe4Kxe}&F*G!_2^dp z0@(d&7Uz?(n*L0u;JB3ZWaNFd4Z`|tiGP9D9Xt=l z^CL-l%Fw>z9t8%Qd}@AGe9dmc_!!46D14VKK`Z(Mxk`PazcuyuK$RM|`S>5ieHvE% z9eydlqTmDmmHbANc5d9`RvA(B1#@mTraQs;YWZMR)+45y{K2>HcxDT(=orw()znm) zp{Nn~x@pT`4MGxTA-nkPb3M40hU$ienc z$ie&{qWCWoSIJVg8;o!x*I#Jcc>*q@22%Cth`)fx5OYKLYB2_?%c`7#ad__!%GnSWtr(Mfx^UB`d*C}jdaMhKFu?v+4DS+cRlRZ@q*1Bqk!xZ z^2Ch#)iOe*o%-?O-Q5Zh{$>_&ak+h3IpEbDc8NT4Z2V+$w&8uKxxGZ28H`z3IGyU- zwny388OicUOHOlm>*jBFouHzP=JE{BCgAVN(UQ(o(7T*%yEoryx8Lb$KcSbn0(2C& z#c1t#-4wOubImYZ?tF5_WG(NoJsQboqF`o&JDBiE?Tmo6n<6_mE8+ViG9HsP1ko8v2Ry)>O)<&45tsuR-ol;+;xh8Sc>+x4+Nj{O# zRKq$9I|)v=(T}E|`*#A`2{E-WjRu?qo3$_x9I9bgm$Xo8Rowus%GZUe7j!P`MrCTV(j zLEt=O9T1wi)^?Gkntn2FIBJ>-(Gc4-60g{$MTMKv5bRkcb9xKvIGYo(@Lb|j&fv}x z><3gd^-{H#_3*3kYe*&OfRMKEeU2M^n(!XqzdZ(=TJ#lpV=b|u+YHj2cL8&gQonxQ zz|yWBJ<*=L+puR%lZTYSvS-!FlbW!gXO79;8AiFdw^!^V>iFS?T-T3h;(^RxRD3iB zJ>JQ4Z{v=#-UL3yVJV-^o&3X!H(#T{&tlD;{0?L9B&vU#sdo~NPJX+e$Jc-fMUw|Z zpYbB^HY3pvtU8^WV{*Fw&+?g-hMO>yTPUo%c;_4Lhtr{7iPKC^mx zfDa45D!0luxkn$Tt6&)lvsbpg=hl$#agl%SqUJr}U|ZD4=RKv?NNo$v~neM+4QTl zYdLV;(z>*(8LnwXCGTmSdr@cOrlm>xWkaJl?l}X|pxp7FAcf-}Acc$TU-Nt8 z7$!MTCb*#Ik8qA{c(!Iodk0IhQc44$ekCVLt?*b4qN~7{_d-4hkrGq&oo6GK?Orvm zuaq2F3uZ8RZ$f#)>t{060aUy5hDxu(ghvtbW2F{WRF+rl1X z5x^#r)W~kV#ch^stj3;HfRROd*5V^KY5;Fl_jbs<&3!vNxOk)plE!1-?O!z+DE1e%NT?`J4IVxjau-9GD{G%XPxM0g|FAAx|3uRM-(?~E zze6p{Z*f(|-*(5$y@H@XhLqrY|NR@R%#8oN_M9C5z7BDjKH-qTh!*_p4MV5zSKcw( zY@VL>huj=@J}LveZ&BY$7=$ys(~Hc}9`0%|O^>H+Ewy6K@A~B12@EO{7{nA*iJsph zKu(tmJXLTU40xNM7c5vDnh?uRM1MD`cb2=Z&B<*qOUJc&po->wn1_H+JQfzIF#c5c z2qyL{qS^V2cR|Ju0ZqvtYQbMvyUD7*4@%fic@CoakzHunC4+EcranlfEvb#gFZt!7~rM36;jysK}wGoR*({OCOR zQ+u<7!YU8A@)$2}iGx#wR3=_28^{C2la`9|k-#Bl)vI)^@d^igB70Gc%V{Euq2j1xsop_;&pzAm6>Cy46!PhALkwDrZCHH;nB@yO~%%Pq%30&?chNm-WR0hk?b-HL zhbRnibfLXnnYmu%MAzcVYL{5JQe5FfbsIy1OcB$JszZvk zqwgsR2?3KJ87dTtG%nZL+%V|yn+W}P1s zNAg-xeK5SMU7mc62gfi}+d=_`) z@_PFdLpn@J{!0{m-1HijnOOD7N4DS~5crgk~?*W5w&LuB?(h^SWJkRYBIS_+3NDUz(#P$Dhf zb4-qi%BoP+o+y(M5fBPCz>Id=AP|g1yT?2MZwRh1azPWITMk#3L}V0A2iE(ej-_3% zbQnRBF;I`eJ67-s7&VR;LBVO1&_Y}Vi1qIT%o2g(1fzxUu@46Q{W1;|`$lt>Ls9fv zk>HGGiSc~RsYJ`9g_~g@u^SZ>;~geoN}&gbBQtQqptWAZi zomhDDVL#J;Jt(?ARk}I=$G-%@7A=;gwiqA`;e~NcgT5~OiccJH`{y zAP#tHy76878JMt%R>|j!Y|{?joS68YjHQs-T$yqkkmaxmy75@kqO2&qjNlqYjn>Fz zv4K6qWKv`z802K?32Q@PL1w|YZ%MUe%HbaEfLD&%kX>qhRE^S9XR~#H&^1Mb%avK{sYbbzBe}x262-ru(Gen&uzOWP9Gx*;w{SW!M%idu?t%IToO9RHb`(ZutHx z=xh&hbnYWJ;VOkY{-=_=*W5PnM4idpW(KquXY|0G-cH1 zO5HLUqYM3$O2x_!*qYMUd0s(j1Gn}jHB9AL-1^umHX0}%9hk1&Z_jb>PDv*6fpS=% zTo7dctfn>_;2gub{Fz;&LX)laKK1D%X2g&J$W5z+{AtwqwG`FrPV$jGmhJS;w(%0` zN3cD5PPO^${>I@`GI_5$d5lo3FI-buo5he^`}OzDy55|9qQ)`03GsmrYF3@Zk)*4p zZ1TBtxh)J(-~4Sobh)Ua<@3KARqG-6C6$Q{`(y%j-Fri;L@DcSL00S1#d&8*x~8P{ zw{zmAq#eTrH+nJFaM@Bktr-SzXVVhOkZ&(sdAE(ULimKOIh>`m*6^W{alm8vRD)s}7>;jQ8J zs@p$NC6>I}fKwc~71#FR1-9(&AX2`F0^_ORaPqR%=^lw(-bB*1j zI}Uaq=Sm|6f)^uH5{CI42{V*tN<1t{EN}U9wi$~48{=7-IscoTF){sncJ_Z5pg;j^ z8=POGpMRczTbzGcSaw`mn~(#&>YqwKA(-E*Qhfq5tMfv6c$Ji@eS?!A;>VO=j^GYl zL3XDd*tj%mXX@$LX;guQevyn!^DL~a3Q!XAq06I_i;?iR{+fq4{op`g9=IO=FawtV zc}o2!chAhi^sf_*ml|6!8?DGbJ3T@Szl?KLUdv)~8BVu!+*P&W$sxjt+aQPXSNg}} z<>F_yzPnlQBr%LlGp20P(Ku;q^MeoUI5S_TBF!*1!DwCWhc@q5Xb|KuZU~VD`_&7L z@hV+Zuf6pJfgf@}FpSml@GeWWbNA7*m2aNT2vmKvwLf1WsRC%n4Ui!#WOAADiy|TI z$%&``)KdGq?72h~A$&i5Jf6Kx?WZisIm4*NDb@9I@rH38_bH5029#voogK0vbhYce zf(&zqp_JiM?;5d{)rU^7hPFkb(LK2%pWnQ0w7^ym_|SvF>UO<)*P%(^e0_Wzg0y2O zgfLY5bbGfs+%=3P>+2bC(aSe4-hQlrG!w9gU|`uJU)@*p5N8zA#S#zH7i4=|md-6M z37y{x5ywUEUfk`6?1I!t^|aaN^{`qvT-a@o_FV|fSR7Vx7dm6 z$#kJYKRF75Cu|+Iay7QL_nD&1GXd?Xsh~Ighf_yo4M!PFE@pdN z@1>%_58=-R&wFt`TgD-b1Z(O=-Wx08ru86JFhxo3=*j}t96R?`BXOZ?0mf+`hPTZq z#vLpiky&W1dJT3EBq$7w3~5Yi_Kwu)~bBIySspZ{XQ9KQP}L4stL6Edfo*VzDY7L@eh+wzdTU0p;5t&tA=K;8^VJ z<;`80CvJ5m4Go20uiM9o`jhmpCkePm6ZS74--ar;SR*J4TL1nL$|6X?r&gJyx5(c) zWrrfhEg{(Dz*&VOCtwHO-BOJ()GC#u>Jl;$PmrDkP`DUxC)LP!*4tnVh_vUjno>L* zt`~_`h-6;Hyu*#i9s6@X%VvYWet^LhN;!&91etqB%MN6`fCCxkbnOo!Lb=%xso&~2 z>flwH3lG5t5#1K))pnoq=fGNhhg)83BN=K4pasngm^k@KiE#_Wki~5)9iD%ZtL{qb zIy-HDyY?$vqAoOm$xnL(<&yiz=*Tgj&5_@AAe}jgmZ*TuZP05NQHRjAWic{nXAd|I zTU`xx;5M>0h<*X%*$rY80wU2|u)Yc-?U8wuW7-PHJOK;T_9s1|F@{Rt`+)HA5%D-b z41+5SMapg zqg7M1$)BCf6MH*yV#3-q>O&I&iw@E&R5{2Pj*z?$YS(<~Z$j@F0FkAv%*J^Ig>g6e zO7@lKv%!C3j=xLryVO2ze@V_BgNd?Mgq$SVtTHdQ8l|+O*DE(%LJgyld{yA^&-59b z(bmGUTDD5AYyx*gqFwQ-HPbq(9u-FBmwMwJB}V)JzpHp47Q87ZaM^2G*Kjs+Hi=0Z z(VM-5r7N1hFkh7h>hICeU|i-%XcYGj)ZaERds(jykX8u0Fd);qCcw7|i}js_$w^L3 zR$J;Hy~)26tuDNVJm;ysD-n|IK@OXq(7m-aDHkzBqQ5kD(wV2hJOi0m#g=?$17<$R z8O|ZgfKWyl3P2(#Q`qcK9-$MFXEJA*bq!rvk!;A0D7WFnJwo&znL$XhM!JvI22IXGOa{cgR+ z=W_T$F~(DC++%F&Mh8p=~UUj-V(je^VHx!uBQ~AUU`0bfT-A?H) z20U? zcO?xV9eCu!Q;S|Sg_b-pPvx3RImlunG@WVsUe0H4K|7uP+r;YVTuX60Zug;@x52(G zD|_~~Jb*CsO`Nhd$+eKHZLr$_*=1swPk>p?o7zj)TE_Yo*M8M+naLIt(pAW;gjX3g8^RwNyVpLT^_O1*2#=e7=+3-$TvY2mMN$-IxWs@qN@f~Gra%#oV zT;EBEN;Sl?S8VehK0$>=;YyRBWW>{3UU)e*F9fxVZGHd1tNu!b|4TpoHzn||RftX4 z+6f!1H=o`?J9Z{lfyQgeTNE&Sl70%gr*P7Hg2$9$Wriiq3mNav7Zzk<&Xe+#lT(B9 z7ESBd+Nb$?m?C}m6$~q?IX-kEziWvj8uYs0jqpZEO(lr@AIV*Dy<5T;e!IA|TfQ&J z(B9w3)bQZ&@hjtc$pCVks+4QY`_(7Y)IPhvp8g7dAHTu}^yPcQT>Fhk1Mch|pPngK zfj%|}4f00=JOZ4c;%P%{e{^=gol>VW;!I&3B1Z(0iiVVH4avVC_&oS_k~3dC)7_;9 z3r9Kd60#yLIWrOi3AOE;x2jH6TR1nq)Jo>p@~u4Iqm(VX+_MR|GQit6*PnYJknJ4Y!hkHi0*!*YJwi#h5Muj0P z9{clo4Qhck6$5j>(AD^9d8!~}PQrio{30%+D^+rWmt+mrvtvzHBfrTwz*hG`VBH4S zabibLi9aL;SAmbX(1vlZN*}4DQCKC~M2Lhp8pfoDeb(diw=I`V5kBviEY3rB?y7l{ zN+aybWDJgcv1XwZ+d096>{gCU?ql>fj@=_Caw|lwD6Why53Y;V?x$vD*Vy|&TTsjlX<1Ojc;U))AH*_qE(t3H{F*CS5nICM=*8yD zY<}pO%L30QwlCSp>y3I)$i|tnbU-`(3~OTh%3Da~w?q4Tvilv%0BDH6i`6cPH&%P3wKdd(9+B41h~ zKm|vI3KBS*lj596n9J#LZT~uY3MpyW%o6E)9YM+x2rZo{990_@%U@6c@=ak_PTuM% z>1_OdTEo5bf{p?|NC`{gI1_GqZCMXx8D4N*9KK|b)BSq+yeugV?hD2 z?y^@X-=nR`ML;s~Fh(Xf4nbmAHw02R9ZUyv@YTC#uj>cFF48Y~Cs`b-b4QY1f~>@s zAd*=K?5+C>g`!nnV)MJcz!yJWGy?>36Ny;uQF_dG7ZEQkC?yg4;x3fT1+0L>X1|9N zZ|6O)W(bUko6f4cTBzr+yZ2Y~Wqg#XQ~zS|65?tvjWtJWS2$EhGm$c$Y}$Hwq~;ZB zc>phZz_4G0!A(o3L~1VVJT0pM6?t?KQ%U|D7~`*3)ihk2&Z@jnF~bsFUzE@Z<>(;- zK9Nm<`FI(tWSC&)cOZoO^%MP|B~>iu(cw2=J(Gh^P&R*&4rDa#kC6ak%$7I1s@A!v zHk&-f)>uI^fK2e29>72E1y0Zk=Y{QmD%a}m>||sxG_6U3jJhMJj5)*Ja{LyT$96b zqalrY?uq&0dXf&0&<0hxao#$8-ELX^&Bu>XrB4OUXOAWG03yObe;WNI%{m^GJ>O^CA%0N`EayjZN`u5?|PoEK?wbq{%W0{h! z2QO`F-p8Br18TLH&Fvc4h#tyDPqA!Ae#B5lR`~Xfk7Il6qyKy9P(+5ShCcy^qQ7i{ zan57Ph~m3vRhwT*R>6(hF5C2?lM;?#ypsU#IRP)?F7IH%w9V2VDb2>Yw7SKdu{y&d zmw29Euol&C9wn~~Eo4jgB5*VACp{*--P1FG96occtWbbY0{x9^1VB9UNa!7|z_ZDV z!GvVwagoWCM2$Vsuv5?{NOG5&*7C7u?f8o426S?+01Gga!qqWx04?4gX`tfcTPas$ zMw+5^J?t_*O6UwWSXuZrIbmAkFS{CSh-h&?`w!0nk<)ih?@o11Ux`7K{FzMDkU$jH z3u2KJ#yTCSUEU{wREDqMxv*)caza()6v!ZCs-y^Le#iJ&Bt4W)516#HJm|VGnrE}% zY|IvH9%okI>g|f)7x>IFoo{4kIF8R)UeR+aF)`ee)~fH}-0tQf#6=Y2<6^><>vVks z8zqJ3fAT#goBuxlRQTYyPT{X+g!RjO`E7oX==OrY!zx!^9SjNLDUh{X&hTLCgCmLc#S9go1;Un?E;G2Xr5l0c z*AFwd0Ve3EKS@8#Cq+(kU=Jw0cNGm1_-v!(nhtek8y?Zr_k&2F1k!h0=4X=NBr z5*yhZbvGF_)}A5|)WvJ(pgNyJn}4r$Lru2R;I!x^s5U0cInl~|C1Sj4U;a}nM{(cC zFP8FhxzE;E5N!sCSodZks(Cxwh^3JveCR)BoW*qb(b(YeCyVHKp}wKlsMq6LSTVJ4 z`;Pp)(}t3>lMVJsEfoD)A68Y4i)+k0twx0?W2HY3KRCNU3NKv0MHrJ07TI_;N*#Z( z8UIpkglCS%iHWa6va_KAv(hi^2V|K#5bhH-ldkI^H|jd4%T z``+7%mTg|ji#WwRK101K8sSI9LXfC(6eJyN5SjNP zp47;`gCAdGpR5M+FZK0=BtH&h5s+ExSaUcZ0PU@Y@A1$Ag^~p>^5`vxq=2>6UU* z->A$#v7^YD_DgOi6rS75w9!b%UvyAj-~6B=?Z!1QAY!7b3Csh!TxO((*%fK}E`&ES zDZn(-`7y!R+M7q<1rS__5*I_l8H=kg_P3#pYoVHf(H4p=+oJ!hM7!#|dbhY4$F6|2%eX&v3)lj`zd4nl4B@vnDlINSfpEH4$FA1ISh+DhGO?;AQBe@*YO`kxpWdx zL08{;(8Mrf$o#8IT8AisCNdmjLR7@>xLdd`WfGO8u;>Ll44TJW(8QfTFL`HX%f62E9>hXwh zxjX@mR}mwjuML6Kl7Ir3?|oU6woL*%D6Bf0RhPt%)ny=P!P{_~8W?e59@zDYx8~C% zb2I>Dl%-vpOuL-+<@#VCZe*D;>V!l5ioIuG=0nNkL7T6l)28(C8er%B5#o-mZgt`^ ztYZqkTW?JZr^((xW~nLD7#oYx>##VP2xgz2hu{!P!<-8bLvA+0`B7nMqQ&xyJrKCC zJio?@MT9@#6hj+zC64@Ms&+3qGNyYs0#;+Q&76F_EjyBC5c^3o4sw@*!IuGe9?l&A z)+@2D2;^VxidUB%E>HFDzgw)8{Kfa&0`XGlufQB*dbqD)f}@Zo6zB%tn5?$o6jE^A_(Xl0(-56!TDWS!3b!wWQg=a2AlHPo`h)n~ZOy#PYd%aB@~ zApX}P2Z}kK->{>HK^|USX*pWm&S}F>`R)B$v_!bQV{nF`gbF1~a*^Ob?Q~U)HuKhE zK>caOPqq0;F6WzY8rk8;IN*mYCV{!Wn z9~V}{)!YyZ*L*Qjw?n?Gea&F4DWLPZ6zDb#j~N z)sSUvj5FV#5&78ouUz}lCG|b>(-9xvCLiR|Bd|>T&{E;xXbshi0yV~;Fd0|xy)a92 zfRt$2fT)E~un$go2i6LOe+8mkT^cl8!)m5Vlj^csRbU&0L@*2;UoP9Gqoh0`MuCnv zBDOA7lL;msMWpLz@@vrQNi|zW411}X@q~}E zapc9&bDs7Ss|NJiZHEN`*kRp8Jzq_VH`t6_HIu)C+~FN9K!SdUfYxGei8g#-sI_dO zrotn|qz0mCH4EF@k&ss`JA=1Mxirph{6HISRk}%%6SMAtpOu}W)xv|ot1iyYyLT*J z>fMgdtLA2Xd9zJQNhtejPO4XHCZLZHZ?J=xj;hy&hTSt4%imo!K^7qkgWt9`MXiQ^A5VDuz({NK8Wp#-w~Z+@bqg)6w!Wr3 zy?Ff$D7?Oiv^vTG`zLqH;MPEe){TIoaxWWove1vAqTpMur6y2Uvf3IFlFexrg1ddo;VDZI83H>#ZCpNC5A&_ z16(MJQ>@({p<21=`1g=!QJRr3Z@0Lpc)r=|x~0pH?wNgOT+vqXyhsvJ8K%_$tiCg` z;CX_d556J7e4I?@?Q5ARVpDHes~AnQ-3C6m8YgpKOZ9sh8;8Hah$lwacqlCc(JIib zVXBD|GSIEl?@QVvrJh+`Y(?&no%;q#^;t@=#&(VR&?~tnL`tQK>bwTV!-8)prh=y| zt$swrLnuN|32wP8o%+o1ju|MWdc922;(1NDCc&Xq2u@*Wyta+UV8hZ5-P&mK!$QG^s* zxlW)xOwZE((pU{e_dqGXe&YKiCNz_Kdz|>q`-r?z)IJqJV5)>E!?WcePE{-a_v#bh z0jGbAS5KUbZuNb)6|T@hEGR840)+JU?XN`L*-aF5)F2%S4-g;_@X=G$T6)kOkBINt z*x8OvASAW5+1RWP)U>q}9`#uuy^!`N$uc1G8E7COEZ{#gugni!&Kwlbn$;p$G>32r zs+8LXLjj>=#DNf|*pxD3#w1ToMx~_4Zr@wuPI4EoIy>{%Y4~l{9kTtpTU+et#O?C| z$^9JGbSc+W6)3BP%?0p2v%wcgob#-T+Ck3JV}Jlc=!wAQ4T{pL)MX%Vgk>PT47{O; zAR$jPZfH||lyvZG7q^8Z_oL>j@yDgeBoXZUyrSb+>G^!E*^fSV17o({PlA8{3-)+$N!wQPt%Q$>rPw8-L{q;)o^LBju_o!53PGsJ=rV^uV$> zy!Esc4shV(!$5?5C}9dTp0jF64LzI!=P6FAtkJ+^+Q4R`i%+P;^XAk0`Z+Hy;7cN^ zOX`bC>NENbomY;XibIQ9S}B@eY0vXm<;9iGLOx;6^h?C+N0O4oUiLpv3&2%kJ2^6B z8EW|uXvsI>Jqa#={pb8SM-iZ!qdqA8&%5p@dOcaB;-<=u#ssEZqvzzJw+qeLM6KUM zoXeX$JE|gimJ7_)xARyOtbvw2G^rE=oHB#!QU;1>-epzNA5}<_l{sj42zFn#&;3pK zW}E(s{6PRj>n*R$r2No28m}ZTbcD$|xs+yRA+iv72?SvQ;$Wx~#R5qZQDO{r77`YC z)X09jYf_Dj>n)+C%$L3EcCp3tmlHqvD++0ZZ6ZJ#%w{-+5Z)`T;P!|V%=X7wiguL} z!Ypwda{?CK=y#2 zRL!n3aG-E*uYrQlFu#*GVz>w54s4pYAs5(qM0qd7=k26zxVSCZu73t0BXU?9PIhOu9C}P;Qi;*RDHw*hEugHm2k~*C;&4UuGiA!cN#6X%PTcj^N(5nj zuq=XHt*J!WlhG;IBeas@rq6I{o1($Zkp#9I4H`GXwf^HP?=&rgrxI0qn9gsk>@yMw zm_kYWX^^_SIxhBT^hLFcC zbBqOYAP9J*e;U2ZoISwTwHTF}+ZaJ5>|9l!yvPL7mq0TZjUD1{THnDl)r0r#FeU}? zi`9Bu3i5;)z!REDid38yx^SvVZ~lrF#y0m8c_u&`tRh1|Uqq?~7?xn*U>LO@izsD) zQb>k^B9OL#V%MY!#Gw6bl4$4xOvpELf!+bcXq*W^nI(OaTBxaOuvMAk*Vj?XU@)y+nqUZ-QtS@#_|3)rXA{gZdbXQKxGbw%)J$|#JVZ6lV?` z#I;T@yB1Brx)~@SSmyn#3IG^|0Zoxb$O1vwu$09|i1eL&o0s2Jt?|R}7>q1%aH^)A zBox6S@COa@;}tCe77Cp&MDP}gprvbu7|0H;>9j%R`Qc}15i{a|^E+-XuB zX?E4PGKKDy#eHXq8WnWhNQs-j;L2zO zI*eq2-^1gjvq0nlX(u$$m}B27it~DsMe_Pvj9*E_JX3d@03xSXvQ~C=wnh=%K9!2~ z641Y{J(8DBF1@Z5hV~X-MS*oQaR)Tj)k>d(p4hA1x_<@62z>*Z^`pOm6D*|#bCCaK zJeta)7lt|pOS|b%6(1B9AWO(_ULPNRAFpLDgDWWYhC-K%ffk~$n8Tr{UKh9fID!=N zW&A1J$^%xYU-`^DJZ5+s@WE+WW8vu2>5`t>w2a8<2Nc3qD(2vWAb)$L+5ZFrhfG{RA}i?J-XCl&tY8zG z1#oDVp)PW&e6ZAff#8h0OJ}a%kY^(N3x4&varot%xBn{AtQ+OMB(n3_1!lMZT+Li zJ^aRu26enTaxxs6leD!Q}Z_YxF013@xUZEVhfsn}FsvKDk$@$D1 zp^?+I00v+7I^Rg>P}+I=wC2XX=Q#-W#P(^eSJ&Q z&DSLpyh&Ch$|!hQLuuW+eC0xLDvfNPZ$;XG_U?9Sf$>DAjJA>az7qzCa1ohD%YdF1 zF0&>*lclGWnG8O6D9P;WtN=JY`{YG6>FS&Fs~98WhUqH*j&2CpbNSye&9RSW?=y+%zX@>sT7vk60QO@}JsiEdxu z40HKFkE#MZv6Kw8Z&C9a^@x1 z3gb9-{rOX$LE1B4T)(j-P?$l%vEQ~NjlZ*`ATe!x643Xk$|#>ZfigYAtvXWK(E<~Q z0{RhyQ{34-zYDey4`ijOq!;zwjTdzVzrY8MOlSX*gRuRV5P*}D>3>?czt;Ne_)lQ@ zbEDT!pIvB11Y+wY^_hQ8+PgD zMT%h1Iiclsuy3M(M$1Y^wJ2|-(O$ArwYucwU19KL!=W7%OstgM>aLIh+D!M?Oc@xy zR$j=xdu(tsH2GN#`sbis9M!I__69TvHh{; zlA=)5JD0!7RzSdo6}6?pmTTwIl!!mrD7f*|LikQ5%0&2B_3Ig&oGj|3qwwl}!?W6y zN|_DCFM;j?TE2KJFf`o`-xjbu-k{nZx>(dHqT#KV)-v8;C35K?gB^IwEwmL#X24## zhhFHByub+qO|&$VLZ%i#Nj&+c0ZJfn*SoFDepPG~O@ zQKQ=n+tPNZZ9`4BjCq}u6FOF8=NC~T+s3NM#>i-9i^|ovJo(3ks2~Rv*jxgv#k>g2 zGF&l{5-}D`{R$=fMC7x=u}v+JgKFDY$r|Q!fBEzg#@IKTb$}%kAoplN?Fyda?_h1= zQ<-31g{u1OeK(U3NR;N&z2bZ6(R{t%Yfo!?e_u#Hziw;EPtqXC8tAGzrolM$_F*cv zJp_4Xvjylpo{9)K)tc>jKSt!4j3iLtqw9CQ7#v>K^qsnQGR)|#5Aa89KEdxbLEgY= zpBUDe)((uKiipCPhTV`3*<4^j3a<{|5X#2pyzAWk#Ky1wr-vCLWTT2bWr$v+cBu5qRm=Wug)q}p1 z37`T~ctKf9005CUtJ%2>F@8IIQ`Yi=UH$>zKpn?tWV+?xIkrs`h$lJm?UdKm?OF}{ zyp`+-F*xrIZy!tAD=hg*ZQ9KjB2DgsMQB{7*1 zy@6EtIxDGvj%S$mV?4hIMt`m`K?;RdljB=0ubz0#38zT{y}<$+E&?9RhyiUyXXQi_R5T1fnojjH`&qgg@qi82qsq!#jxX{6v!^#*h*^=hkj1jC5cp79m1R;_jm; zE;o}(1BJmYh7(BB>B$I!YpnhMcwSQw%jY#VMZ$lAXx)P#TWi%GJeIuq!P~b5Mnh3c z6&vPSZaP5j9xu73i5p2Z7s)j%dI`mLYXgL?l+=rW^$b`;@;km-R4!3e5t{#50l-ur zQmMUa(OH!dkxN=qkEgD{59=>0u%m>Y_Gy#!`p#1}H7lxz`INVI!M4O+g;cMc|*FTrtAn|Va52i;UfBviYMx~z}|PwRj^<<1_6MofcfsxCaLq3eOq0n$bT zGPP#!TstK#9AWnik}xk}Ik9k2Ib#Wy(Ofhp!6u_~H4FFzJKdKH=8XOmib0YzI7^T# z^mvfD;;&Yd6hsaJ!v}@tw_^h3;R<=OUVj%UPJlJmIY7@81HX@6)}N^ooYGscY@F#~ z4&;Tc!dRpKaXPW`QvokV3F4Sk^R3wzQlrULWPC}*iz6o+D@UzWgjjJbp1gBN%cuoe zX@AZS-09DD(Pcdz0`7GUf@BL8hACld=4>^1fpRhjC{`$GrlXSTvyY&m23Q?&l21)g z+&_D0tqoWlR(1|v;m1;xOcjpT1oSXzh~qjF@lG1Tf5kF;O6_>M^l;9>|CfEUbIgASatCbGC3zl_7f=jC|vHU~d*u5#^! zot^ZlwwJ3jasY0m*XzEpvN{1|!Kkb{FKDJu1JY%BHCW0tldX1}Dq{a~5`MEl^omCn z!OEB6`P0xw)Uw-qn5zLP_Ew3P2N$+OrWohp=+&tBmT|&T+1RL&w-Xo(;o>kv${xR+ zQ0KU}l5p`CSm@zQ3G1ORdQ2RFc{B2*tZozD`4vVO9%bwXxfNATBk7yWU+d?^U+Ww~ zQHGbx@}0%+5B*>}CXC(tjEvs^BMS~j9xC3(cp(62u>t>A8wNWdR3iBzTHq`Bq8Z!q zvf;rJ9DKle(2R3FF;_0x;9y6rvbFv*A+gF?BZ~g&)+M5T=-rpaAlLU+|7%8 zsm1;6p>s$))S50~;X3+am`N`qG-NR%Dj?^Z$F$P8GhSSBtHVc5isqM43fUXF^;Iq~ zZ@6wBHwviyzn8M}I(&wkP_F7*N*G?BBbF7NOLhz?&g;gvJZl*Wl#m&5TiJ)GEv9O4 zvty71{X>u+5Ep-`+4!T9tP{(<;g_m3=&^{J8K$=&9d9sNavoRoP|9%hpwIN-1Kjp3 z>K~cg^Fnqo8Dh@N|H<&31fp`cuMmzT+H*S^9L=*3*ub;KIzlU)7Lyz}>O(f9cgD%c zp?bv4Vp@}W6&dhiN);-%>L<>PC%h zLSD0ixp%Vlu?T#I5-2b)>V4gIAB{B!@8mPRuJsADLlgO=&Ts%hZ%zWb&6rr#g#Uh{ zd<@T<*C4bts$VmPH?TNH>PX~oxwk%?Zo6gsoyaGd29)k4oRjS2*3qOc7pOPN%riBv z$pk|VAF$k5V4Vu(LDbW3FFvnK2Jv~G#{)WuCDHT>Y#)hOgcIZ)2;UfiF?fNP3rvbE zAHYIcaYCj{67*uI*DxdEuGXv?`@dL2~LFdpS*-| z@DRbph7A%Q-2Hz`d<^@x?CVm4@KFYC?d$}6bn;_`K~!IuM&Bcb&Wen~fU4S_7%1#a zZk=2noZE^XG5uF1pw4c|2UGc#)nsU>@Nf85VIY9)UGG71m0q2!#To+NLnDl>nD`gx0>bTF@9BN4$O{6dw2lN-* zPd_IIV;enNp^L(Kw6#olYf6))?6cGJm7@KL-ZOB*oN7DC;^UIp9y9c%?43O&#!}@m zRQN>)c3om9ILzbaQUl1bk<7FFFo;GDbjmPAP!pYVx0N;Y>YpAkmfJ!zQ-S>$f{bq{YF1{JXfo(p)a~nkELP55D*O`kOkO8+1QQ@vl zxTJMQoe5kqU`Px%*5DfWxFXe$#8``0%r)Ei}6AeFh@VgmHX7KYS)WPA2ZkVn7t)H6}|T&Gltg%kF$jc5@c_-YO6k%yqK1 ztL7{bYNzgOCi>>gr4%$3QWOS7^ih4dbn2d#0Yn1*-Y6^b@1ng)8DXE*z`k`!o29uJ z;U&>A>e4+b<$rCe;%dG~3qe+jAknSqIkx~rjDd>L|!vqlVjQoF!^?jxsmxHl9g=XvYc4iWC2ZFR<ARNY0yX9j zFCBCbfG1Q2zbhOES42qR0W;r`+i)8mJ0o4scg#I-01z z*U{?pdG*lw=*wee@fK(5yj@S05w2r)!}9iAIVl9NN$vY{V0Ow9;1@JUW2aAIsJhX6 zV8Ye9WxiUGx!}$Ys89cCM z6&;TRT^O`Cm*PE45ljKix%%a4f34^7xa}Z|SJYOtKl3Li1m+hcr07Bl%b^xqgV=wP zrglO>xApuS?>v<3!6?>#Gay7*BzM^MarU|u-}IB2&_GoBczznLJ3A}pG0{ueUNF|? z#mc3z4hHMg`1IZ|es=MgqP1RfQsFr9{pHN`-&d&)4bGcun13sdOkAfX8+hxaUAs@S z*!x7D1CoNP%9lhQBB%r{EoL!(_oqZL{`b=K7}d=C!;(Z7Vqaz47!bFmq^0-#iRBia z-$Uk*V4=XQwphYqRuuz{1sz;T zsDS}HZPGjl8>dSF;5h5J3Rn_IAeF^tPv<;5a^;_qlZeLlZbm2V$8nljAHeL|77^_d&WC1276|bwC)8Xlhxrxb zGsUh=l5nYpRJ!315!=Ow4c>0q3d1pM#oe1NqlpbNmX_O2+|8$}x{LKQp&Sm=RbGqe zGjFf$*6tu3;XjCM5Zu*7gZ)sbADK9H2>C8f)MV8O9L%kVBqPP$Ru}@TF#0*u@gsdl zG_I8Ftkd@)Sea#CM7ls{ zlGMKoPjF*#>n~h?C!LNLTyYaJ`7%ixspNJ>>6Fr3`C|HDv3VNfJj86JAm2i=Rb2RT zb7>#HMiiA9`bg6ocXd+lyl>SnuEFNni=1p~PrjKzymMx#skqZuombxb+-OfWlG##u z&9@h+n_RO@i%v*^ks#6U9`Mi9CqiHZb~LhBm!(ks5fi@HL#%jG7c>M2#IpcX_YavvEoBG{I){g0 z14|h8!z@A2NYAHLx=9E08vhpMP>;tW-hkc|fr>|cp-qST>;&9`PuULa z^yGtbMHC^!vVqzvCm?dl&!xW^^+t+Ey^%?`Vz2Z@OdYpt<<}1OeyfL*c^7{h1i&$4 z0R19rnB)Q;_5%2!6y|!?*Bm~9dSOE5srVX7!SBLM}n0#CI0U?W5!OS707n@uJ ze0(tSE8D>z$p=w26-S&p@y7wkZN-Iy`vCO&uK9+cM=W5#pb8I2Kv^4@tz6c z(%`gjAOV$_8zxxv#QhtX)*$J@7V!PI>kry=hHBSE&sL}C);fV1eech3z&-tFk19fI zo*ND;I}s-Y8ADh&Xo>5SomsFd#^A9DESdC6BKHv6L0}oXIxJqYzD7i&P<^mPcE0hO zK>ZBiscR5zICcGhXAio;l+2mfAhB&T$E8=o+=^;E`%V&_olAI$Q)L+IoCh}|b|VQP z*}o~g9NW0=R+<4()wH zMRsKC`F#RVQ6o%yL$BDzNbxfSf73N=Ms7P*dbYP>zxN+r>qogrxXnWgQqK=IZk*Qc z=@}1oi>@(w+eTg*>Z_{TYhzT3*HJln69I$M3%n0vM*DR_x%*+gu{yd>#P{i3o!=r` z+km&)%V+J^7dgYsk~@pL;)2S#EXjQJMl4KUUhk8N)}uyU+9ax$Ydvw0k$v+cUap#$ z`+U(8A1mbewwAT-<)J@ERNJ_LED);*t~Z5PA~OV80TM=henevNGUgb}FZRWe8LHsi zGg%m|i=2<9gR3`-ZCqfkMq@A2ot#s%V>SUs_y)BNZYx{rUmudGz6RsQln;u) zIH)bBl?f>af?79}34sAKpei(f$3&8y54@JyU4~v9GP($aobpQ1s)By^A9|)}f(h!% z(Vg6fHrZOv8eHheRbB3hP`#!qmhD&TRC12L4oRn(z1Fw{l&E^|%e0*-T@Q!Mlebd+ zo6Vrgy!R`UHYj){5c`f!Hzm^^6I}ouG+_OlPBbMo+abfFAS&#ht%jkw14~iE5cn)V z)>&(9smCq<+$ScTPPM~(+b-OJXO@svZw4-#u98#weRuBS6XDRw(?a;bIb<^lk^;PA z2S6LV-CBdM0m10X7=Ec_8>bqds9E_1PijHN`H!fb{XcNqjI8YcV>-{ZhKB8?D1y&w z?VgkZQW%?O;*?VCn&3i-*Z~^tR$g9tvTzs@Wdd6bu|r@f5~^AUC2B2rID*=3bWVb$0qtx zjnvorH{9NW$#gO8188>;;qLzYA5;4`wg!DcWYt`aI#U-WpyU(>RmTw@V7|YPRz@dDV+f4m`INy!L0+tj zzH$x>V{5AH68}nLpw`Tgv1a%aRf=`=q=Rd|l@*sXD!jEEatMDL=Af7iRc@lr#GkUF z20gXBk*2uEyPq)MjSK4B`lt>S{(KmCy14G@egwp5${vQE$<+1f0j)!m;G&Pky9;RG z@5#ggJZ6Y6L$PtIJG0}p63z?dC61sBr+LwxSr5B1T=B@EHFKlSoVvmjxKEmPoG)ca7BFkul3uAL4nsebk9 zUodFLRC$F&)cL@!QPPe_^o?&>|+Bzo)3R$JH_LXl~fTXIKxn|XpnBfu4jKcnL{MNVWcasG!5>fNUF&w4s&(9 z-TA|EBvAdJy)2^wg7V4Uk_AcJJFYlJ<%^22Un%ewZN+ibU}{mmd{tLf2!0kF`+!Y_ zi6uy;Soxd_ND!fCEwlOOECr0u#=?#mb42wd7?t{~NHK+?vLH>XL4zz>#{t<6hQ?E= zaay`u!%S4A(yJzu1o1v`dg>k%DGhCNtGib*MXcI;9;JPQ<3~2OL%q`Qkc^fkm1MKY zqqMvNcN@jVx-0@ro2oV1=Hwq5zEybxN`_4emEqd(F{x=#HeGUBp5YkrQEz7RUE^=L ziDHVSQeb-&!{8`PYDGn)40Wmb>58Yll~i$fW|Qp2D+0^E>tKA6*0lJVvkJc{lXxto z2~6vygjYzoIomu7m5oratf!PLDKJm|vX5ZsR+dV~B_M=`r6xe;KzwK3VzfTVNP9$b zG{E7_OfYqlNY*66y&WKx_1D8mw?CYTzzJVI4_-Bt!nEo-(+Q=O`!;AgucSJ(PmmqZ z7^MinXv#OU|Gw)8AO<}?IQ~^38c5(WUNVG{L zLG0p01EUjDa%$Ge63_kN1$g%Txkbnk2Hth&9-$CItZ+uUIwbFj(5!?P(4HQUB6ygM zi+&R;At0fT`G^Z8zG?m(ej^f{*AP9h@MT)0Q%HYS*~1paqtWY0*$8Mjv~zDO?@vmm zHzn;tq#Z=2v6=7W&kvh9`n!hF?#HXyV4A77OT?+-+YLmWY`(>>V^k&vwA8Hq`K?p;{zop#GGE49u>orLP5Rqs6{`X>-j@*2mU+u7mqj%=_ zn8*~62MQRq%Y9DDI!o_VlpJMFr?Cm8xw6xY{^Fe~dD1|8i99}0T;Nop2ngkyjR9{z zz+QXt|5YtwXZw#aFD91%r(66#U`j^E@%}H?X2|OoRBXNQp98O2f-+??0%?`dLUc)y z+CCjb-(0(VU?ku~e%;GveCoA;0MO2{tFH|VaVGbNxLg7R5bRG2M5)J-`3^as+6LYC3#|~!fds#hjve)(bzYcoiOo& zJGT3-%{;p=Q0L{7bPc=?p;nQ6RC*y!9J7bT@n>K?8B4{a|M*dJ{1?FJf4dL-|7(1! zv2^~G*B-We18l`+g&_p*8efq{Pm634IhwcIcSybcNXHI>iBu9I=zo7)>Y*cw%ug4b zc!&e~4C{A0)w%9&y8Ar6k?tO2ks)XM5_PdW%3*}7kZjv|-|sy4s`Y=!=@I@-#=)am zUW!P7%`S9uz8@bQUynbkNxHX>B{JOGtm-C7#e*(LJ;;v{yx6Gifd76uA%61bboX|* z@qK^4kavoR{t=M~^F;Fx`(ukp6)z>hZR6Y3(Br8esU0E0S9JHhaw*-jwUWUVs66@))JiG%NGsQ zOE>wUJp3c1uzlF{zz;@6B_qWkA~H*l=CX@0R@w z%5q@|R$f_CE(LUnBj{>cD5tXLOGoo3t$Y>a;gK?refl4(h)kLrh&y1eQ%8fNVw=&Z z;@Lstwh|5$G(k_C@*&OnmoY5xUn810fTNCt(hy=NjS3|(Kb_l%3adIobvHSMKMVf~ z3nzxd&kpkw7wGGnCBmBzlEfdVcbC0`+74$Dze<905+d(2YpkL&NeW!bGjBvxs&>TazNsowMs*GQIdq*Gd_n()C zi*1PgA%ndygrn3UU^xXr4n}@d@!oF-tO7WNVpA!34|r20=V3+Hkp2iu6)!qfPaPx( zw?B&u2)xjOEZwRlo&vy?nQ|=fV5U0x<(0JhsHKqmAEtO!KFz4KZvx1j}_OP@AJ;wYAL z)0VBXO?^5d#<1#Fq7_K5Hk+SG3JQ8ljUQmoULI{kBP@#s!NKmmqsJ;Mhs!LBfeZ^(kX=A}UUD z>s3=hK~aNyY%Tzq8gvIdW9vzFW8~0yz zl#+Nmg=%Rvm&Ji%Xy)Il-q9NQ!xs&>=Yi+g=LQ&#)Y^4|jhP|4BU|WK!O@L>rj;*7 z$HeG)f=dZBwlJ8{>r3fu6lz-f5T^zEYA~l^n9cM(-Pt&`Ps;Tyrn1{wYzgU-+{Vx| z`l`wzBLF*Pj4&KZ*Kf2)G{{iW5g@+v_NNR5BU5tBTUvO82%heW;I`B7*=M| zGZzO&h>&;^549l}mz|N~HDltl?h}jjFY<(O@)U7r3CW4Zt;mnxwX0_sND5;l#T_%Z zcxeX0EeadQW0_sA_zlUQQ#B0jIp*A|hjW~-gCV-Iv7A|2oTSC-r@^PIoyWZ+L@jWE z=bC{_J%D4Z7k~<|bl-%p0!9=26B;+uOC51Ye`8Zs>nAvZ+N@cssr5}3Vfm-yjw3P2 zSd0N@%TqDI9xZ~oCJPc89-<#GKuCpQv3#46T+#$yaOH$~+@`5bpy{bvj@Ol`O8PN! zm9si;Plur`Sh)cJS#gX6j)HYRRgX>+N(M!J)`1U1Hum*ajTKfa#>p!}#mG~(6`ebq z`x0QFzGg0oTY^MKVDIbPdVcR;;+N`6=P6~T$iG2I$MErV?)EH`OcxvwUq+z8iJGzk zx&ok{7|H1ON0#TD?W$ex&f6jNB8;p+Fybv@05yzbgS+zV?`*mZ2IdnFNY4@1d{h*i z$O!Ypj64kvtxq~`Lw#^^A?36C@ z@U|7OZc~Jd;7D7iVu(A6Z-!04r7CaPaJk~1(X;7$pQhxWrj*(~5n z!$ulcilr4Ym8RqD1(-L}xL_69gV?UJWdK!smDofTc3>@$hjqrDF%Pp=(Y|zMTQK0Q zbHHE~Oo8^mlX{B`R^PyJk~y`D^h5H}RJU!CST+_H2iV`0)TP!duF$}1%l*MwJd_7h z#5lU>Ewk_5P8OxH8fm1xVaGM-Wj-{*Hp5ZM?R>kwy8dKGKft-y=_Yl|p-lT}uUCv~ z|Lx1zqhczOl*L;I=py(P_dV-Ul0|j*D_jn6Z2{u}r$eC5Xh9sLdvY7G07#XO8qQEH zHy2%sgNmcfxWNVhuh>*<#U@KgqRUY&3|OV=Vy&{6U`*1xNP4fZsQ;tr0VO)$!of}1DTG^mG!Yd{xU%NohS zWRu{_C_dKo?1U5MoeB}suFw8!c#<6*{g%ACtQMJv7K-$!-7X0`q$*3VyVxn-FXTaD zy1mQlBJ`qD__$(@pZFgOiK&fVMX&4Q`FQ1<082i@f7S&@H=L#~+HAwGBlCk@UB5bfO=Rmd;7qgu7%zS?cEYmO)R`SH*y0 z;hYrlqP9kNqs0d-Rdul?V@LpbTXYk7DNjDos?9bLWGcprRgjVvsEu;{MRqzf59OrY zNVPz)9Gt!ot#Wt)m6T$LAz%=9Rq@btGn#;@?Te4g;-+B!tYTT}s4$ykOhu=Ch6qRy z6^O_2JZ*^Y^r9u_TxMX!g8b@jF~};IsZv?%HP19;ACSgD)QlO?TB;2kP&HY#-uh43?zdaI>$$zWTI;EhwaqWLgF> zQRQ~MGw>@LuO`omsZ<%LGg%hx4D4Uf~!@zCEXGpCQoa~~r z+3;y`{WVr7rZ+EupWq_K&csKKjqsYGrB;XI0qjf!2Av1>i0|mX7JXyq_Va6Z&Duj5 zO^e7Vdy^22UvOxFld#-}f0ddixt6rUhM#WcqUlWqoe$3HiOq4`MxFjGEHGirlWpg9 z=q>M(r;Wa6(D0Bd0w(z!@} zTtY9)@gnjsIE^xO$A5&#od4lv%go01Kdxm}V_E&L5V_Mgm`{=&Q5u0jyu}e;aa3ZP zM0RGyxn%Lu%{)GaGhRHo=-^~`m(Ha>m16SsO&?mj3+*3st!q6so!!&*W%1(bt6H&9 zeQ1Qeae0vD$t*u6C}!C@dB!KVSMRN#r}Cz;q6%G#KkDSSsxd#<$j;F?82^%2B0mkv zT;q6ax;jlV+)3qVmco{)ghJ=Lgb;QnpQG^+BtO*ljGq1VFcW}uD!Y=KW&WRY(b~iS zv{{7U-i#}NbwZz|_aye%;~gSqEh>?O`Xt360r3LO7xIO_wySr0U3zvUg=0B<83{g> z*6CLUgFtCXECRsVtAU_Gh}3B9m7(FFIS(K9ZOTwctHy!(sNR1kSP{3dCkLnlZme>^ z)6^+J8$1vr49fOK6;RJQ5Y@0RI$5r*fPxjtjUa3h3tGr0l=s54G|<8@NLp%URsRm>0SHXzrd(>!yrF|(^Cx+x*&OAMTHwqZ@ZtVE8t(4So zwsDWVlwjFIs|C~#MZ7amrK1u+2RL70thJao7>$fIIUrOgqkA`UTr)lyke5;pz&)Uh zbD#DXbH5=NA#b9^B(eEoWARsv4^%wyrMS^7epC@-ge3S5+VZt-SH4sT=!clKz%D18 zet>N{%We}L6cZU^rUXun(tSB+Ml5?qXp~KZ_)n}b$Qf~mfSiybKy`6ovjMi{RwJ(DWPsL-lX*cz zNV&k$w43Fvoy~rhanf}9vxqeldnVeJ>%-n!T zXzHd~eqBDXq&bLiyx5cOal9*yS8R@?s6h94eRBe%#dSoG%|=5b9TUoqS7W8cI#wx~ zSK#2M5z*)z|G>F47nfbOznnl9pIUmBgfiImfP?-Tz1}@pcTjyA=gq{vX`0eO2I!xF zsf}E6uYGTW!%6hYa~xwZ!1=xB`nog>jadPfHxZ6rqp_ z=e=?8UWr?$nO*OEC=EeA9@=%e$ELszP(+ku2h#X)@jA+nFBgL({>gI-u7O$E zR)4jacET0FHNQFP&2S)aTPnMIzphU%KDJTFqZkz1?Q6+Y7l>ju%=f03m5pf_15&q% zf*9JuAvNCy7OT^`dfzyjaf%QXBDssOa1_n)|G5N^4QSap2ve9ZX#`>nWvoLH9GscX z=Jrhv+EKm)TWACsl1WV6tkBlpRyE)qU{h0D(alv%&|WvvK`YPFf39c(#-XfyI4$k; zRW_C@OG+9`cT#L*c0vmuE09D>EDw4{x9!>O`B z1hJgBrYf&yC0DOu;*wK+DeH(*7V5P;hb@d~z2wzT!tM0`QVWTpUfr8zKlD}aSI`!j4 zan(57C3$5jb4-hGfOD)Hk_d%dKy)^AoiLa{{#h9M4Ihm1ghSQ_P3PuWggA<=aLk}@X<(L&|UQ=_ya(UI8Zhm8x9HZFUfUl;`eoY zM+4Q1-`lid8;n?FM{UIPk*(~5gxXc~sZte^yOTaU7xPf8E>fblcCsWD%&?wXzQr?L zfZ(*V=BO=;HNIqQQc3WD)Z?=P5&LmJUmW{Bb{a zdW;$}l@v~N-0$KNg2yMmSxk+^Df?$OGwT90D|6>|{aaual!4+9bb(}(iz8XAPGR+! z%M8+g7`{PX-Cl(IlXw>tz^Y7tB~%W5?fzqs_Mk-*WNyT_a?-+io~kJsu#~O}7zTF^ zl=a-IgDx{3{tLCJ!tOZ{ee`_|4Er&en|cu%f0^< zQVMn*|HBsc-Qc)J3IU>DSooga2X;ucQya;Xt6qd5qS__B6|Xd-Y24LRTdn162aSv;h{>5rx|b~fN0 z*4uMi@Hiz1AiH(Ab|T-r_kyp~!|}su^j7yKI@egh9IOGrAo}v?LJ8Jd_X7mWjg zBT2_ZX%g?>-7rtfUpwOj1UXX;lFuAGgMcIz)=)^DKvmDmlKur|j);IU3ByfCFoXrZ z%J!w4ppxQT42)r^)w!;Ub;|X6+fJAz!o@r6v?TzxLX^a3TMXw45+IK&0bvfPl8haj zl(ln1(2AA1c2?z`5b?lzw_Nc3Bd!9^!!RCl+hrPy5Xzd>g(3a7;ku@(jpE!=Y$ZMk z4y>h$nhY;*tWvhP1`FtzV~+RW$BxO}d*{XSFr48*&(KqC1>AndVe8Ff;BsNlK+;ru zAPCmfLpa~D*Ge230EUzi3qzhi>Cvl#j@ZZ!INOB#S`JQ@C>Xy|@C&|8plye;vAZ4m z4Q@b1m9s8>Hykk$YBAG0&(=m!gG!qTo!%NZ#{>zx^U2Nqb*I>Ixb;X3$}op zl#X_VT-ygHf*?$f$OWew2f0l>LL8qG5JL^fZ$uoF7KWMfz!E#?F$pq3kSUMXeWT`F z)i}hEyR2{1+fQ26&x;M%R6Cp@WVpsP#z$hoj0ruMB3Pt`_?Aq$)Gu*ZEle!n#!W0HFZu4^%{&rwI00nDQ!a>~Q3o5mHo;j`2YU({ zLG>ncyN6I;DL@|cX;$3_8|DPI`de_$=pU;cf@%1hjXog++^8Ae2tTJ@Mo|qLM!2ld zzU|OP6lzL!ox;!6s#&rf+uGT#7tVi~tk?C2X_lft{KU3errI2iH@V-MfBikR;=|)+Y zd5QZqpp1SWP4)|{Q4vkU4(O`qy@I~g0!9_>J)5q;o zId-?G<;D_d<96p7Jy(_XK?L55KR4N^e?52>jVKAmLaz`j@nRr>zj=O|-uL#GJ2y8w zV^h)jd+XvTd1(V~N{ldY#f^kqFkz(W1KPcW>6P}dT||)YJ|0n{cTJDR5{YVCS&X$x zK4sXu_4FFRWI7_I*G8pY?(a73ATR@-;~m}rpr~EdyCZaUf1~cAMX8%k^)5be5PY*9 zV&lV}35=V#n^DCugR|m^Invjl8^X$?@(mT_?OisYK9F&F%6n=#B16>?{X=8mUr- zjfPKA8nWnvE3LR$Z4WN`*~w17?FfIT629LB|(SQ89CfY@7LyfY=8URpE=xr=_t_1i8>?cup=TKR<9J-f&wbCJXck{AHm zxQot@mqi2j!-bF+?>P`j0s*fvL~Ps6`S!s5sw(h1e@GJ+?P}D{rdtNf<9PeEw+ehy zb)75iSDz(;yGKLY1qF74aN79{*>6}(LWi&nJ>!NjzX7zO@jkokrU!?5`tv>xN&9_v z_`a@AlDI|Si!$&#XO7e?2cl5BYr(k&cY`~DutdT1;*q?<-2YuNfJ zYZ~BWz%TnNg5$TGGK6w_vSTKqs$H&;LE5h}SI&8>Xo83D$1iY1_7K+qP}nwr#9w+qP}nwza0ty39$woqKox?jM~>CpBu+ z`-}mjKOA7Iw8mcL-G)m*T$rxu>s_}6XfJewf^W56esw9-V5+I}Gm5HyFYf|eb;81{ zY1;@?QCRf2uBa}-Mofr)8Q(hbH~^q=jtga+aSEkpbI<)bfTpnZbSrux4D82WA&?M^$noC&?!fjNmbk>QF=che40(`kB=xV< zEPqh|O?CU1bIQ4#iBOzCbMPWak5Ba^@1n6Fo|xM^2W{f2Z9{dHgmXduXOL#WY)e*) zWAz9rI_)df$S>o>6#r6#I%Kou+Lysc1u=?XTJKgrCrujzeJto zLAa}Oio4NY$gvB_23>jCj#qZo4zJiW?v|FGj_K?W9ujK*C$=P=y3Ez?>bvsD66d2? zqtP5DBO;TKYh<^$SgEmQaQ_fA>^7m0PFL8Hi6=KRYp$hQwz6j8i&E$}{k(1Xp$05qcB;me{GJ3BwkS+O)8c5lS`!%;$w)XWNw=AzlPqqkavK4h0DkB; z?c8*0c|LGqp6vo4an;5R1FXRR^4U~wwlOq8>8C(8$tN3^T0<^QZErEmJ_%+u9TgXa zj;m)<=(7RAls?_I=nQb~YdFZ<&#Rk*_w(e7aNMz$o33q@)9$Kvl@2yyy+GmlE-k}-)i#Gsc4x#mwwcU&bJSMMQ*v%(8sOSOO7Zk$K7}n5<^8fL#^liR+Sl93kB9#|gu>It3-Z{YCqOGJ?2ZOoREMz`Pn^QmWvo0=s(Wi-(>OcP~G-Lb;2s zE0ox}QKz)U*qzgpT=gSQeh(@1(1u}gF%Ux{hmxIO19q{Lz|mfLlqq{AIdY>AK-ml9 z-8@wG4a?1`sbCYi08pe@1ph-;a&L=Avs6SXqEQ$h$y6$Q6o{jsBoMD!DvFG{Rzk)%dP|N^o_&_?`WhFYfSJ0=YZEf7amsmB;Inm$ zQBE3fwe;ZB>DM}KyGDgxE#=txWHk8~_xtPOXu`O1!Lw_J>lwD&kP%8~KY+daF;al= zPTm6{VJfA46kLl#HdJt|MNUV0pNA^|#pfm{{u9?$_F>@DU>|v)zw21UA@GiW>j3Um zx}bZ0#Ca}9xb89d3HhhM{084c+2b7?#VfNohOW|OIv>qjp(-;GiM}cUPYf`c_$V@B zBp`t5g$~{?2jQirD4{0_>r>w=iQ4Qt{$6$l*UPkh#Ds<&_pul5VTe z@$V*9(})Qg%c#$oa?!mL*R`o~IcP8vADzZ0I8o2ukpM5e4ZeI4B(K^<$xX~=HzClm z$aJ~7?Me=7V1(Z_SJm3xG6nQ7;!@?@3LWcjV)IOAb>rx&Ny721)-4?~TqesmEglX> z_Ctxc(xBav;Z+HF?Z-Bqv?+n3d2JE48WgXMCjiBMSAUEz$8cxF*I=5j$HbDE5whyI z$9;elTYE7{cJT1%i*>mvgaZi-;BET?=HT@ve7<6&@GG995*Q!AESo{UZe31T^{#%r zwg2KuU%hqOkN-n5m%^0zT;Q9?GCofAXH1CjCLWNjZEWl>Y(7ZRg9aZcIU>4ob^z1W zAC5=J5l>rrwjeD~g7^d2FF3hYLjmpZ4cf;x%2@kGxvx#e+Z=U;?C8wMDY?T6@{YnRY>3)|x99DqPIV`-nZR93%7`4M^Jn%{u`ZFn1ggN%f46R4F&S0gEIFKj^7Ca$d23Gs}(ZY zx!=wJ^P^_~{dw^_gstfj1V{LqqQhF%T*$a3*Q@#X1Y5a`Gu} zjn^$9)Xa_Y0{J76h;&U!NwP(Oh_N}l9Z_qb>_9nr)nm;>c0tRj@S#mlco!Mfoab3Y zrnORqA?Xl1LeX^$n4GEBBSB<_0eeMccOi$x5iv$QZ5|t0Nt#ALF%wB$&>gIJ6NlK_ zNOWy7VF8Y18(DiSAm&!~o*)Q(Oy1)F&IPqdy5gMlPY8~)Va^~%Z{b3#6ASJXs$7tN zg&NOt)WAKWDoog|5$@FhJuEO#O|t^B3ULu1mDoi?f+8iV*Stm3kZP+Q=A{3zF?WWZiyYiQo`G8}*U5xw0OH(Jx#mHMY=P=>m2ta0aAlU%G}C zkEUXP0fWVodO`9*!PsTI{i0G!eiN5THc7F1ejaR8?H*wj2v8;n6Jx0uSfpw~jM%V1 z&6sv3853c7bpRuHgMrK?{6*-kMuW$~3dT&ZPXlK&immh&eAC(qleKI@xZa4<&OkP_w|k>}`FQtJ zicy*#2}^h@KO~83;8B78RPf5e*lnCq4JvWgV*schpg92>7l7?{(bLtX8Eg0F?#&e| zPF|iJz3O1*%wIR=j^Cf>d(O(EmGjfp_m%Fez8n9C>x+fQU;Jpw%A@DUA#u0kR4*8r zwvEk8>J|;`!KM^}TTWcu(jz&n&t}(d@t(-nJuVKPy)2X2H_z|OG4yxpKw)OU%WQTg zNHz^ywtxS`P-UXF0B+_!$suyvMGCi(2d*GSK&9Z4fNyj46C|n=CrYd%gjsO{*4O3Wr~Oh!Qk zFR*aYicExHcwyT}f8Z_D1}L0H4i1nKq=3(%e#{Q6Bx_GPuCtrXY69^t7$*!yD1}M2 zLmm5tah#BJ>=eR1)HMN3V(yqP@Cb2TFc%dQ6)@ho3)wEyR0@BJoA$AY22bt^^8mP= zg*f_8e*+JHJ23;1DiJj%C#J&yx`z~gClB0N%ucQWobcjcPNPOvfZ^1T1*tfi1Zoj6 z;NdEB(gh@rttZYUrX*pcLE9L0V?w3!<^74F2!;5d`2DKmmN;6Fi7k+LU)+(XmwKXp z+A|ld|L+(-GLg|zS|ViW(p(;2PoFYfV^1UPlasR-{z1@0?!K zIZm^v7@9_LLG;sa0apnT7oM^-Qw7e6;PTe)n z0H+i!Q~ZgxL)*eHABJisrqe2IO6Mu*z;xMmvA0`9^HyK4u+kp`x9WPnVX?ra+EfyY z=~Zv+QNig9X<#=oUWrNU-g%4M5!PBI*ZiBdgTfY6vq@$WvVT-@;Yb6WKA$%#96Yo0 z?oa0olk1AE@>Wu5twgUZF5zgS7Y?rr3TO&~os;V>IWC^<5wq>hlAe#S8IOU0(O(8` z{VgQ;meN*S>q@N>zQTI^M;B@_ta!%Tu%KNnS7yJH2MjmxSU9dS9j(=Wx z1g1n@Nn5rIBt)aSU<6CcGb9{FTl6{xzVb@liDnm*YW;qcXRP%HFxQj?0lni z;E2xJ>ZcmbMXL?sP}nLq3Iaz@!CoEvmIQ!6 zUL>KYO~R;djhW7bgO3}_3^R6gJd|}{U*{h+=l;w4@qS_SH1zRdKlIRa=I`}=c9iG; z@nfKYLlSwVB?KE|MFD5kGb%{AU4kD1_0Lva`4JN?Mo@uhpvQ_SB{g=JlDM2P*?XQd zPrKnOBIzS6GC+L%q-+>BK4N-?bXyhX{gkHl+iChN$i2ClO!ifjSDU*(Z3hzn#xoxW zQWtwYWhm$0i3JA~7k3+VFd0Ouc#(MsM`;;h9O`|(HpSy@JI)8CDq_Ra$hBEGAK1!D z)5UrTwp^}@O7K$+ap|$Tsq87#d=uyBZf>vNe^rWc~#Md1kj`4y4f_NwhRWxTa2syHq>{(!7TYhbAkw7f294z90YhcK2cQ z7WVC4`6NXZEeZ>C#14dr)+uPAZO7KzL>3d+EJ~v#r`QNUvfKnEHx*P~N|i?Nt0m{f zy4LA{!du&$lnrKI}N5nWirL zv;cv?srHU9T)G=O-lJ|#uX;AO_i$S}h{U9zt@D-WRFnu#WUyyt^>hEX-C%L<(p61; z#%Q8&{ntEs<^A<yVu$-vLVdeptt{PJhKr5saH+!!~Mx6Yrl#=Loj_4Gw&$_Bt)qA za4^LoRM#JL2ARTjWR?ifx6A1+uxw=xUesIVXnLIJ_=tcBkdbt>53;2o0KAU1U*+m{ z<^b@32|xxkFcqf$VnJT-htsbw+`&c{5TNz*AIpqcm_Zz*aY05$aAt@8f#IpCHmgbP zNs0s=4{0!@!uAh-)ik>|Ps{ZWCM%97mzez8%2yT75XA(N$GL>DYS|dtMaCBfIHSoh zus2R;^3|{TLvIA7`+(7hA_D+S!V^6a(gft)D_2AgGZOB(tbPTPaS0z-m@#<{$8VAp zCWN4Zef2J#aP-qX+V&rCd&s#S3t<=CXj0K4>ejy#c7)&;Y2x=uhsbc4?iY$sp@A)-t$(e)Yj%iA@2_2Ey83F%mF zmDa%|x(81JAhuYI+v?GuV=jL^E^!hw~P;_;AbMx?FQyS>(xds8q z1u!I%I)T=984fWBVI^st-54zus!hzaE7Rnx`{lYBHnccXQ)AuZb}nSL*Kx}M)lK^7 zDeq(5vu2v8fTX%Umx~h-!tBalu7oN21Vrl4RN76$_Ho#z>D)uX8`d_`Gd66RO9aZB zqB?RTDNAJFO~EgOx3kGGYBlc85?29^Kov^uToP-ZiEU8vBoR2d5_VdJ2<9N5f>NVj zBAkFgYgyaHLI(^8SeL^nO4HOwk~vxgwuIC&hT3EZa2?NS+2D>AP*nAz%2=|MQQ*Xn zd^DtlKc7#|)or0|r<1kcs;E+wze#C0Q z+K??~8&pFcIQpmg0^AeXukB{Qkd>mxnu-hmU1-3bRt)DoGqPSCM&;=%JNu zoFzXybay%!tC!V*Gq7+jPQm6;@kLbY8~vCC4I$5qcwn&3Vc2NRI`QU9#{=1Y+==~|(;?U9wQXb*Xk~Q<=ZAc+ z#cecJ8N&o8g=6aD256KelZ2l&GgaWJ;dZRdZPDUz*<$>*LGmjb#g#>xDwu1Eni;l~ zwk_Ot1Ur)AFK}-*R6@}bPOj|IQ=N%8RAiIuqG`_23UE%zD!VBbAJK?46Vo#xtt>lo zrfZtAx@iSkHbuH!&*;fcD%f3cx~v z=zAs*{C{_@|@(f;g5(V;GpI@+JskWm~L)Ja;>vQbiNOyv%#nR4Q)kY)N_2 zrCuv)o($?|v&(%YwpJN*HjfuYU(M138I26nLjYNVYxV9Pjk+YSY>TRi5Pzt5YR18MAXSYrRi(D|Uy*Msq<%*bRWWQ)LX;N0jNa}yb!%2&>tdc8RF$0ibjnVpf?ntGv0`9 z(t5zG_;Xmf+x#AQpiOJc1*t#N7~|(4`_>c+Zr}7MCJa)|^tBK8bKTdkWwk({na zE1^8fA3-?&~0XCIQ(hwkd_Q)fHbc}Fy!`RRF{KhTw$Jm zVX_t@5L*GORRdf2(P;iC7trW4DUDlM%EbC9rJ8k#N0U1r zk1|BpV(cy2#m32>K9EpXKxS&a&7>B>3}PRfU0G|wulpw$_UeG1zKw>}gn~lcK6KPM zc>i{EM$cEIBL?{iM%X$tjzv;LjGXJO=(r;pCrr9kyci()W{OjgYvORy@TsS=td2Xj0RN?Kxo65PpqTVoW`+N8 z;}=Fo;Y&P+TL-&MvG2T9XZxzoBAKsT;(xB93q6)gI^XhNVa@%!ewPup@!4xk=ZPWN zcbjz(?mPJH2QyXhZpgs*o3r7wBq|MGcKE&LZyLrHkX#Gn$Cgg|L-4H-G^69)>4oQU zZeND;2cd>b9Q6&)7=p}(2PzDb^RG8F>VnL=PYPqj{j0yF4Bef7tzUYQc;02Ro+^WYul_0orFI*NiR|9iM@Qy&j9P5!bE zSFsGMmXg%(2^>o)6q7e3hA?`)Mi>$17aFXVoT~cX^V-j4)vUr>{?sp!)VgB+e-NJk z+^GL?yT{D%eaz`W{OOK0~27LOM>+$E;P*?e^PqKZX#m>1O0H5+c%l!3$40Ow!EL5dhI{1x7nij}HEj>Le16bQTeVk9zZRvbhb z<8JVfP4)ZUI;}uQ)n;joa&S?78-E%n5@`y#GP<$(;bF~s|Mhsxo|YsunWM}EmyO#} zMgNAcUknViGzx4NuA57B_ux#L4NaB5E)0)WXADZirCvgbkaT;*P$3e`zgTYaEy}Q${coBdY*kwEX{xkYi-~?~%fI!T)3VL+`#(oo$faZOWG1yjKVyv**2p;KtQRG)3G=zkJcD zB1v#~X1tRpvfeB;g2Nixr4L^Rv?4HgJtgcBAb{4!7lf<~=*pt9r+2Jx-Fhl1mLEIj zbQO=jODEVx`A^yCKXqaRnJiX_WQQpt=?%lov1B04VYvFOs869`XX^6;#IUV7vj2fX zy?AEO@^~*=PXv>eZN2_q|i(_{c&-Ql!O2g*#C#p?AD0) zyb)je^~Ga+DaCsdz6ps%A_b<`im~fgv;q7Dk5A%&>-HXMc{D*7u)mcR_mAJ57OUHX zJQyK?^VpwB%ZXYM}nXMhuH^-kwB#TS{9AhSg6h4)0 zCtx&w9qwXO{#h{};^WG4jfFwUMtJNHYh{sYCxaHEHwcobdU!&K$+~9%vKD+98JRfQ zs!-JDhKlRQr921>=p!=NMdQOksN0M0jzmaQWPk*L1a_yC)KK4l0^O5ADfwv&rK_@K zJYDvG&qJy)$B0a2$}KS9zAo&Upf`PXp-KInJMkDS_kXeU+I79Xa+hi`05NlbP~QhI zp^wR+P?!uBMzqaAU@VXt6m;Gnb#gI*BGS-cmXQN9A$Z5E((DDoLBT~q9pY6bzWfX* zj~FKMDJ;%UOwob^upFa6WD_fq>Q|L#b_R{ctGfp1B{Q5EJYTAgg#sJE4 zDp|iiTrjucFOs>NLdU8PfPYQxov|=XD4w;-!*ruGQQtO}oXNQXd|f-{EkYu1@W@9r z@~0hODw6BEB&^qgmbW1St+dydd{wvATr3v(>LE$@zBg6S&VAY-hAK@cSv`)bhW@Y& z>809&!@{6DC0VrI(`|L(0Cd-PI{cV%J=g{g#!$!*&;_WGZdF`ZCOG|npmmFs-Dh*} zjA{Py;7-MSF~TQZ&ppFNM^Oto5@A`ipEFdc+ zC`9RX;N0ea@Uy@@%<(wTbWs5ckN$3-DZ#sbMTC43UZyvN9ro|GlLkgZ<86*Z;JI4U z`h5tY-h_csOf%j+;cCW;Jq@sskerBGdF|xY!wLc8Rna*gUZD&tv(B(Uk{H|ymjniu z%6ZC&3UZ|HWb@cy?!Xz+4yD?r)|b;dAK&0*vWd$k+l;KhAtqj5M2Xb#0*aTxNR8K* zRzs@4+FbIk-#P2<5Qnc?OH=5&j(#mrPlHev-*gZdw!b@~BJL8L9KB$>dRZ-g9Us~N zfGSW?TCWQ>0DiY>)a{e4Mzxk;s##X?Ij7UOzD%M@4n*cVvJ+{ZC{0F9xcBJYOnOxr zT^qajAe{p>pkMA$)MORt+{n(~zbpEA$MF5Bp3gio<6=KRYOsuLgqFy6^8&w))h6M! ziCwoK#il50d_|VJg3>2~N2wpu8Zab_Fn(!11Ed)`<>COv;vs{sD%N<7S?4IP);hP_ zGK1o>{nH%^2P6#eiM8N{~z`hrvI?7Ffpn)XK=NPcs5^IPKr(ZW%M zaiFIK>^Cq>;z_Yh!J5Uv0sn1+%)R+g*KeKBtdPlT(FQo_;7@zcn5ew|=|F zn7{eA_8&oIsOtO>kC25$;a&Q(qwePVvk*36xP=+u6oZM(+PORY2IRpn`ZzHbNZflQ zD~phW7`4#mPOo{))u8`kRt4l@z7nF^gbq{g4Xhtpd9es745#g9#TW)zl+2+K1ZAW? zUTw3z;|;Il>VDe0aT(wKUcNo7=*E*v1ad=-#+`xRvneylaHubjk2M%zgWj`82)7(L zJgD76f5Y)36>>xc)R?>x$&%WDoo*6?#v&M2ds_2B)oVjkFlO6&!mmEfr{O{OC-fdEMja-! zg2Bog&qq(~jUrQ5;nNE^a^HMd`Z)Uekv2a)ygl$ihd>(nEo$r|=Si#DqG>rt8>QhD zx|Py3C7I{H@aUeuXmVjAp7K2@UuaKtmE4`P{LPISgW~4=>^?9Ju|t5pIwDNxX3n9Ms+cYQ_qgqy-9tAlpY{l=>Q_ z{#tq;ZXMaZ8{0=g@f#6S5s^FYFAC`R?ZWajIJ?T4I59D>rnU$HUc+e*fp0LwdDKIE zepe8Y+(z*5*U%8?H4Zy8JYGo9;sngGe++C>K;cc7QW%b5i1wk|&xMYucp`0s%*!X> za4|os(lgz_k}$H7D-e=2L3Q-qZtw*t2uwbDqqqGO&Jh?2D^4NTf3QbtAgtiUvbBjG zFp5xi>c+6nqV+{-26$;ZJkj)s)L=Q>)!+!NSNCXEpSEQ}3^{t&$fT=gI^f_^DDB5s zm8PxE_cOI;_#VT35RO}2{+Qs1rOh73<<(QxzxngHmtUd%`9YL~j#NRBZ#3?QPvpZRnVFbfU;SvY~f$Gba7-Z6C8@_M}e|Vdk^LM9;k~efQjww z#mxPKVAM=6#VwF!{?jgXGY>wV^_=fMwhEczR70w!_Itie0`B~0eRf~i2OA)PxA+>} zj5~fHqj{Mis*84NT^SkJ+x9JA>W}zwsV8FMpI=CA@82gBl=+;wA(@L7+WU zWc9em!JBoM-#9Oo=-)SIX=D56+y(puoEQnfs>7-em zDK0ssS|eJnk0eVLFZy+di?HB@v<0`$yu48X%yF z-WDrdh_vVNwB0sBagHrMC7LFlJl$RD-4cb9Np&S8|20l87#;qD@TxLIQw`i=oB#6s zyc6g}Yy4a;sJ4DX<_<@VVN@^?uc=pqUQs{wW_BxnvfN&dC2MCj-eI9He{GoypqF6q z*;QMP7Z=1@{ZMNuNS*{tQqy``E+BbP+C2K^%# zz3>gtPr%zcUQ!Sq2-c7CIQb*mAet``QwS4y;tH2?k0J2O~;Iz86$HbUGkKv<9t`HSeVG=PYyBvXX`t&veJK z7R8*JII)*og6bdzAS>u>sq{EgE9bHu>CPdxK`W^HbW(PNnKVCSNv5>4KL-NwY|qt* zWKjQR@m&l{o*d5NbiJN@F-Qr(exITbI&u#XN2i3aD5zhz)c<5^MybxuR-!EqUn5?g zdko%dtgPoq8KQkeNYN5nu?+#+f&%I1?(%%rgSeG%&S6dM%MOdtYCZ1t*6=kLN5Ccs zoN#lx+lwGQpMecf&o;ix?LY^?jn^Z<*{~V8wD_A045yQiuxmK1F6A+9x!@Mt((ddqh<6{HDyl6fmpG{I`Cvw?LQpQWpVrm3ii zTEXO7GQbGng|_cVi389av}=x)2EAuXCf!pf9umg>@5@q0=Y_91^P^kRe2O*FH`y># zV=>hBTOKfY;rt?5>AcNC6_&)7e6%d>&*B41db{{KlY3+8^gxk;K)tp`U(8Vw58X z1db9?hx|48O+!h_w>_-Y%TxEWu?_%6oV->I3PGp>4&q2z`IT_PkNIT`(H)gs-{WPm z#%1ILR!wex&#`5%K0_cFUKJj6k?J24DX-pT5%x>T{KZfmTY2rn55ahR{$P*LP9lR#9#P+ z;WUx|Ad#5=LrV@b8{>a{^e(}&{&zR|(B(JcOAUIiku+r<4Ag>4?y${LUR?;9-M^1Z z8OadejpM1N`aI^Y*R@SbN$J?Po!HdG-PH7?2bR?(TmSKM_%bts-=}P){4R=Bl9ja; zE2Z2Q5haUu=BHCWBir(E-qRO@RL6I7sm!lqS48vn!?;ZD_xER8oL5PF=OI^C*e$LealT0@v zdj`nv`Zaw~|7Q$;3z*yYI6S$a7$%5b6aG~cxLZ2aJ>Ex0HB~?M7bZ2_k@kTpwwYf6 z(ZSEm?}#ss*JtBZmzjR+jQ?cA1$PLTp8r(Qk?#z=_(9(m`&grCaV^ih5q~-=WiqKS<2>Dn1?R9y`hw;(G6`~Mk zpr|m*U5AjfV5;ZjR4ecK){>rMAYoo0QG`pokkVsL7~?*PbAE>*0M*+79X%qzT#U;K z)#KE8tuyXbJ<7XjH7z>6c_MbWV1f1pEGdsfayMmGz194Dp z525Qcp#ja*RD0{!HB1CM1YCm@8I+pRRFvB0tq^Mmbg990fi8|iP&@A9Ws#=SEILgL zuCyQ+A~HA4Pe*lsCefl#Fb=0u6C|650M0Mu@)A`M1duc)VFiLXO`|j25Bg=7Wg(xh z0C~hlrHRE+4-^l#C(Y4DprDxesBuE`&&ag%rf~HGOAGs#FTk0Wb!jo*;cx-Z0ap=7 z7AM-iia+D4Z~BAy<)YtC++O;6j#}ia3~v^sgy@8%j1dpd3hH?%P=D*0;aWpd`I1gO z$7tNXePbTc0mb?cp~H=969Qj|Y)wrp-uIJFdrt$wS5pLr+zHd7@aMTj_T6=9yWBx~ zZkK4s2lvmB4PYVFb5KIi_PX3^^Ukpbc!?nYLXACR@_HTmZnKr!MZW2?Mc<4!H_gM* zWafp0F691oq;bz9=pDY%+77~DpOpD?KjqAo_Nl1IlNX<69hdRgJb2}9yy3E`uH0%e zmnkQWr2Gi$$mr>l&@-!a`>#Fm+`m1BbH^DyQ1{bgezNNTr#>H)WKM=;u9-NBJJWD8 zN#bp382-tm_V4*Cfd&2*uUQNu_nuIA^JnR*s^K^!Aj2b)G-h@^Qzt-YYq8S%K};CU`cthWOj|rMYEY8B07STuZz(|erS{|O znVU(#L?hr7Z-V_WAZ2yF(Hn}FM#A?PuxW{5L53KF;$%S}@l&u^F?f_TM`yBSze^|< z%INNuI9{WgP)QhpCR6Q#cqtEbbc7*K`pBO}svaF6UwaA25t=%r&aNhcw44kWqd6om zT z)+Wl;+Kfr?x;ux*T!BmUhR)j@5-uB=`(mGSFkJW_`aDs8K3Nn*C5T>&mUA?N7$rv# zJt*Y7Qz3)FCnAg}`vUY_1AHX}_2aTVD0X?in%qw)sdWKKPqIrGMC=p+qxNl978b62 zST5q+-ptpjifdZ6MIlu?*L^pK9&i2K39j|ZF{9Txrmd;i)rwTsnh@Z=J?Bdt`s%_1 z3z@-TGs0^?6yo*V9z3eS*o^myqo{HH~k4VUq;YtiE4j?De z!8q~L%DnX4sJ(+mDJIbe0hBp1k&El5J z79uryI_I*HS7wILSHwWQbH#wObEUPofVg4IN~A_(N2~8}K;;kjk~8+4Ov};5MG+|RgO($tfYU9*T+5F=f`l&MqACV?g>A|9^+qgT%c-yO z3X>205+G1-1`9y{A4$x(>YtLrXG2o%{aJzBiDDjoEmBzIqV-gO1V_~fI#J?$9Ix9p zbj*#zsLrxbd`xJRvy=b}wOB>1hag%o2otH&tqWixUGR6IU&P4GlwlT2!u$^MK?^Zx z+kYLRjj9GIl1=2*Ml~f-WKtiS)tvB5DSUg#n^x}qYPLrs?@gQZo~+SEKI zy-+Oug+uNb(6nBFlL=n_BnRa#lqt02so}R|@l`agb%+6|Yc{72U00sQZi*_o z1N~KDuZ9R1H?2@#Y?;gL42*0s##n@9#&VoZCsRrSC-!O^H^VESY(10uYek7c@&1Vh zfdOHUKn91C59m@p_SuVN(xXjiV7g^y*LOO0v;TqmCdE#zTf*>oG`z0r$@NU$T4iCV z{?sl1;b_BU5l0%@fkV$%PkMlC$1zQr*{?3X2$De)sV>0VPi`z3VoDPk<}ndUN=X5~ zyTdfggGC_osT;03D~Un!eQOJ3>66=aw!cj*s)eac+QyYgXQW(l1fUcJ_e2_3OS)vS z3n_3SC7D&t*3)|$gaRs(&6+bE+KC}6wCZP);)Ek@X$Ey6=fQ|x(U>hqWDxOmsj>(? zTvHjgYPS{xwVt&WK_&2F){&wxj|XNm4Hoz|xyvb5&n;#KAIOdro-}8>9~fwb?SmAL z9zjb;r?Js+2PU|0R}`8c<<6B44GpAVLU#Li(&h2K=R)m!q~bd4)Y>ld)%rA49q3^B z8lmg2h}c7nBWVS`EbCB;rKnsfC`U(6tJ7*OJ!D$0TpAxoPq$Al2mndqY|aq^V1Q@5 zwSCep$}KE)aYUzP$c1K_qnBES3les?TAkw1F&;HJb*GUsTTM0s36^*hTfvsCjvikp ztdTG3L~MVmNEG(ee&~*?A@FM_gI!JZtZ!$Ifqk&&9<%y88BtbP?r9|Aj*G`gx&bQk2ttFF6pVx-kti5T zwkPE%fpyHYDpS7C=dBh&Ki(g7JV6zQ8ki#;8L6#=9Zsai<>YfWvcO@!brwts< z64QO0Sl&lYB{ZjTcsvhl#6=X0JMe7AMb_7v@yDJUCI|bNsZaeFTX6db+KwUBzt}B8C;fkWu3ca%_g_uoG}qnI!fH$) z6AsP{ZS2wBA}`z1NXwVyONW7Bomn5oOJ$56Kdan%)x5*$U5>ZNL-)*O^>bIQRUDSL zO=@lv90*dm+g|efe1n$3@@pp?5yq^H`|9G0hFPmI#J&$maM_O(qO!r=5QKG}xYmc1 zRpx|!4|2c9g3&Azv4-T8*N=J@s+-#Zuc-rF%w7_#9{r)qX@e7|u-0KNMF@r2j1&-O0J z8t_Z{KA3k-#)j)fa6a;XX-G9-xoI2;WhGHeviILcOCw;LIE8&Tk@M&5hZVM$TAUXk9KVAQU%yLjTqsfX z*Y{wwug@ltU~^3S#V*xZaZEZ_aJ3$l+0KUIZJ(#J`K0;E9`S$ZeEVZ@totdybtL+D zv-aZs`x39A@C7uy5>KA!M-J(g_oz9rkc}yd*pbVJ?gF(y4c;dFqqYym%N$g9+$fn}~8V zh>Dfl8MY$n&^+)RAz#9D^X(f@6^eEUN}L6YFW5T>To5t#9Du9l3u|LtkuU>IV_V#j zV_6q79Xc1MQ{Qj)PLOnXe`Uzv1O@xKY4w2$N9hXf zIu^8&lqBw5^vFU+#HLuee`ySdl?@U49a`d@fYbpfK&#tEkiBytljR#(68$`b(> zSVTfRXHf33OJy*>x^yh3MEP{YnGtR}UiHOjCl_tjS!>WCVL0hnA9xnxb0^^*&S(MVZ1S4*m0F7I7amuV3rx%_m;(L=jHTH$V90W`+ z1qt8vEf-7;B6MV~UT@yKrbO}xrZ3S33pa%(c}xjSYa_{Q3%Vtnbau*Fj@3#h2PAZ@ zO8v^rX`ion*c7Lx7u57M>Ce@mdq)F;4r@KFtU5Z>deLsnCgTCc=$P$HCYRSttC0%i zg30Q4R~>}XEUbAZWkzXch9_mVw-=0(0BInVz(gI$ngp}5{!J&{dW45sawIJmjr&bwC)uY7$eVuE+=e(I@gLqkAyF& z0C&d|6FKpQWs+-LMPsKWomG!FlGKUa+1fBR&BFabd+iq*v4*>Z2N{NnlV%};90P(wW!60QINF;&^Z|4ad-M29jpENDyN%I5idvmpInSz@?FL zk|fS?XecjR>8dNceg7fEP8n|F5SNg*2L^-q z#@N^JDXlefawNFQJaT`?wZ81r=W1OW5@ruu3c?aE4sYb<3Uo@sNU$EHbEjn$H_I(w zn@o0?wg}5vUnwa^y`fnqtX9Hg-WwvQcX!T-9}=^S;^8YjHNFjYrvxdXEHH`D8#Krj zhYA8OtUzEYC3IbSGYggZe6^i<8z@39=^^MuI2(GkM*@W8`lo&BKrvX=R>GIaz`z#eOUo55^c#E$SQ?eskK`5`)S)PGFSg-$bMVjUk)16_iu*gTKX?*rw$dn zZ$S{DzG2b-2~<%_zqC&y@liwdE=^ayZn^{f@&6sf)RG65x?%BPuGVKKSPs1%* z#4JHGz1=Ug;k|CJRYK}{5-eiqRz#+DYF$%>iG%zr-&tv<@+WwraDyx&shG2V&2;aU z)YN%Ny6NpPK;7#?`pAbv4J&=eZmgk9`e;?7`)y^YnMC%;HQiSMUQUDmx&}9*T0{CY z!%WvHA7f0<1HhU_yYR6nKIYMlzqyAJE;MPw-q`(Nwzj?6gfzM27S~-s)_3-=M!71s zixr>hP1s#;e7C$j_Wxq+ow`G7qjk&J_KIygE4FRhwr$(CZQHh;tk`ztVppqk@wGbp zH_X=Nz&m<>Xi?q5BfsO#eEh9_<4kC?Oz^&Ox8M4=iV^PqQX~N23#D7B(-l7P5i0rc zs!n60-yXN?Um?F!2f`%J2x|`a0_OJzmjA~hoB2Qd{S533|7+Lgu$rc0COeAHOYNTZ zZx2m{0Q9(4BA!_y-5K6WXKf0O#W4>Oh;Fy=`N6$_h_SEPx|yCm1)`3fJ?U!mSMFw} za3^!Va{crLdW4H#2t{be>a3oekPtx!o0J%3D${r;^=_GX&rp5ZSa~JU9D(eR*HV4| zd|Jf#9<;{Rh;~uq06rIlM?cZF(Y5el{q!at9;y7q(;i?-5NUBuvr0s_N1iV5%N3VI zig+h6U&CELsgLQ!M$|W|Y&j*vbvZjUGLx-O@uwe-_W9b11X?60*NqEC4B^k22QLh0 zJ_EvN6#cdGf@Z*!HjgIFR%t)|xgj}#Kpkxf0c0B=1RVfM?!uk0I(M;h%8X-qJ|LXp zE?Iyhv8F}?Ny4}l-aMJ)V>xASrC`=diW#iXEF6CjNUdf-gN;sUG}jRM#k?_Jt7g`1RPv+9zjFtA%2p~4 z?)@>p29<${xv8?oQUyQc1*2-DsTSS!@qzx&dhGM%Xy{TOPeG7CT0DJ_FAvlH#WkN5 zKfs+1z?~ocgkR%++RE7I$R_@pmki;4YttX2J)AUS=1dU=L_()0$!Z^Sd9>L|hrp?q z;1BxsEb0)g2=DpXV!?E&&8Y#SorXOEBA(P|yXgGt^`pTn$(c zt!RSS?qa_eZph&na5Z?+ zpW4nJ)7_{hWs4??MA@;M7U8mE^jg%E>1Rfgj*@L+=X%aIUkKIU1@-5@L5$<__+KhFnORf+eK#AdueI z|HMrR^sH$vjbZ<3(ZLu$Bk%v%Q8pwP#p3b(+9c`ID;oh}8YQ+Txf~C9wh3$(IIhhf z9NquACFtLl6-s;zy>J%OHDgK@c4t%;fTFNU83VEc`$IZ0_d;_And0LUK*nl9T}{p1 zbhe6om-G!fDjN3G4Tb!K9JSWFR1T4)OIh=px-W6;0alOfBR!>~nbXb_x z8J+t&mnPYOF?7V>CXL!0~OzU{*6-Kk)`OFJd+UHJFUUv3x!9v=1nri7Xk z-drt z)}bc;buaqT8Bc)ASYUG9b{oArbM;qp?8YjM+Z+p>45ztftua8{6e2d#+v6znCQwz# z46JMzYm%$a|S#LU;X z$)Gw<6%A_orbyPs=F4fV8kCjBG*8PRXY0M?A7pi`PvrWP6IJIVJP!)7_hP|!G+K4A zVSv$)#{;1C{+ZTuDmb1TXIXnCq-_9E#q^bo+~^`aGxvkiOf!O{c}aYQg50;HQZcOD z0zj!wsZYIV``+meednL=569C%vAjCI?7cZSRM1OK%4q7Hw#7}lWI!2aEgsjz`bhah z`=maF5L;l0LwBqnP6YFAsiI_BXvn#)92ZMsnz~Htn=yqRIHgyTox+xEE3Y|fmA=VT zrPzcx?~^ftZ?*QP!^a;Fo847lkbiGaE*_xS_~G60k%GWCBmEuk4q20Z09<;QQsEp< z%v2jC*rkD~+cLh&KrcmU>;$SVyfa8!nMBPmxP<0y6YDaCeI9WcKU-k$><XZK6Mb}*{Wp!qh(d2AinsLJB)ni|eB9;RfewO-qy{-p`2s&7c-$b|n z<+NINTcMk6Xe_#OKe=+Vx{wE;#82&KGw7&uHG5#fV1ij>tEfIyLpxh2ZIt3uXOcer zzf8-aw7Pdo!aV{nB%2lF%WvU{vJm&RW_hJ#P7-I4!9wLD3EGHxo~qrr+dE2BfF9w| zNC;u7J~Aw=#p(P`CNiYI)8vTEK8RtCih?`^dXE_@{i3-Kj7u>MiJi1}PDjY|2Sm4t z5r-;^z1|pBmY0f`akZK?ZgNCSkxwklHm$nluz}>aQLv<7Abco;lmpkJ z6@1F{>Rb7F7psnrEEys^E@VXb1$BkPyJwxM*%UN%$;J>mpwA%S1AT*5*9GBFq~V-x z_~vpd-o6cwuCH6|S*_wgD$cf*DLP}I66DJ%M^V+r6`oi^V4*R?WD-svI3ZV$uPIKi^*-eqJ7YTCOwEpMJtcP%8PaG~A9h z9(r}hG=R7+Acb!#{EXcL0UTNAnje0&7C zJ~iyo0>BBeivfb>{XkUxOwDEM=skn}RTxK8sST^irg15%B??BNTYP5-jHld2$wn#D zT&l#u?q1xmc|OBuG%kKcrDnR>OxybOm+b&^IfA?rGu3b+gF~M5^(+ z4UyN?1^$z}Gcuf1p3!e9@XhnoIy)bo^LnSC}K#IK#h~X6OFMTWqgw9 zxo9^OEOKjO*8;;C%Q}>lptvg_QlVSKc=8^tSOv0S^p6HU215g7HEw*Cs{uj3lG}9J znO7yjgK_1mf5jqZ#|&zh)Oh_nMA#I9NLDv9hXR|s$M@=b@!Y;SQgy~J$N zdyh#L|L*aJtjpn`%`_RzrOnRyb`K(tUQd{`n3a=1)3TNS?3WB*e&r(J>`I4sS-5T! zalC)HjYm`TmGtx3qf9j` z5j%E6C)UOHpMHP93HZO*+trtYbqFK2&nQxB{b?p`OUDLIYmZ(p>vrlu$>tz5_&E@{ z{$Q`n^n%u6Qn!+wB*%fuP}qcE`k2W-Z`!Sp`~YX5hLXZ!cq`u`2?1cZc8o#b{q znzp{eH{U3Vk3_Qz2q0WV(~nRRr;Pcy;Pi|;AedJv!X<}ETXNu7Wn`5%9G`ut&)D?(ku1@5=dPu=gWs!JZ`I%OZgHRB6iD@)}Tqxv-^bItN>n zC^Dz8{W5Px@}SwWS|En1B%Xa7C>hi53@jCH(~)F8dJa`qI~(PT33V+dNV^!_RA@pE zFi)yw6Q_J!q>p^E$S`^lBo!&RwGp{xmTGYLcU!){5~fZUYEEfj4q9Hr>U${Jb}Wev z+-i&{VLPxWlvMWXy^}r3GDVT) zC3DYL#Z@6(bXBjZeG_@trV-K?OU6PZS+Ew4@{n+@(!;8@8WjXAZl>uI7Ln$UJM;vX zo+p2F7cq9AmMSmL@1F)14AMzPJ||o7OD?6f#=P%#jn7Tv03~8BNoO z!awH_EjO-Pt4STePuhKUfiJ8;4Wl%Vsx&Ivs7zoyN)w6uN8zhcNUaqKe9(&VCH-#x zr`e}y1>Pulse}M;F|H$w>AfkW`Quc!b>YK>Az4UaXL&v%{Y7~$gJ#k?LFEt%E8f!& zYTWwda&|GtbIf^7e4{ncN;7y;Dd`6g>(8(UYXHa};R)4I>j3W;^GtGzOJdGA&q9GA z!pa1C7CMpq7C(3H=|WTXRz#DsQST>g?tsOoHdP35FFe3)Lu2?YA3X^e;_*^cJA%6L zGxj3LzPuY=gP25WK)H%8Klqt)N()5KQz2(>))W_ZgBd0nKJB4qp#1VLr+WM;dDUZ1 z!y!|dI+2x}6uFH*7Hs!dZ>U)e)yO-63BB{ODgFuh6rgxd&^WZW0iu|;U(6<)c=7md zHD?)y&D#HrfD9T1m->3L~0qv#Oap<*QQs&S7ON6tgxIL{OgVr|JjqV zebUw4(7O%R(bHd*NnbZ${qz_3o(|r1XpmVPyG9td8~|*(itOM3EQ0+EiUck{u9|UZ zFzy_S_YnlSDMBG&F^vdT5?QhN9EU~*_bCAEO540VP74dyYj1>}r z2F~3BfT60`%HQAp&(Fv&FWqUYF8`p50iOfJ&4zv`6~ksFOrb0{q3cI66V-A&!a9bp zdC785_s6R(f>O7Jkn|a)xs2{M<9oJw#1VGkELy8i6-O^{$gPd8m-ytlxlV1Qw<&GJ zE!SjAC-QP4qq=3;Uf9?x9^J7bbxY+_tXM}l&@W3_S5CKhm}lvHkJHQhB4EbAxVIPB zKG!%oL`|H}43)kwfQWV_3$xchLk(FHj}L+XoJAPip7^>wI_0?-MU{H0bc$Wb5y zgUR%zJmRFH+$r643eX}2@M|;|&JiEFM)Y5swn^+H5+iSMxv5O5J*@V8JzOpuTvv18 zd%0pjOMlr7iQ_!`G9*a9VVE>`1BljLL?>$(u7}KLc?&Im{q@pjunExeNCT(4|2Sh6 zi4xj}LB&RlN+;*aKuV&hTR#m9bW2T#o^6424oJ;jR9?$GW$$h+Em^}g1SF6%1s0-VC|Tm*FFfK>#@sg%FHPGu9UT1QYn7~7+at7k7tou0dX^ji9B z#J0_Tt54pJvhf8V9dBGV#CSK=ENc`W>8Hn#Uet5%;}}i*E12| zuH?0FNq7){k;3`cIrL%ERwf=#=lj^@ad^7otYK<6A$ra2DFFs(KEf?wFvqQT@?@6YSmDy>Rh=Gt&_jy%-wEMZc?;7RX%??w6ndq?(`UV9>UrU z2;fc6o{zS{c{BxoWSM4+u%~(cR9s1cB62;f50BfDZ9#2trGq;-kOGA_0@=2N`pciV zce2PblmqQQj|i41iFqng(=+;f5H`9>=03b_4;((6-)2vVX~hor*bW^x76-MKA*Q&; z5?v1qygmGM=}_~Zv)R(k(0W+;x}AOC@cE$tDPe#RkKkA%8y({i(iw3@_^-@$5kbj$ zNbUnepFx}(^&)urL^_-XpUhrV0vA|JsRdJqd9&RB_eFlh_{vJfHX^V|1x*?VfXLCj z451sXT{RL;yNLTJ6Kir4NK^Ayp7$&SMKhlTG0#~XS5FM$(rHxG{$_rQ@$8-&3J3)V zEAVKMxGJ82QQi#?x=Z7rwqQp5-LyC`NdrriA~B`3NWU%tIimg-?dK~)FCR5owtwfM zK+mfLzk4{%Ohwnx%S=b6PW}z+H$#Sx!a!%?lxWHph85tz8lF|0fcOx&o)9HP6);;W ze5T7{*QYXi%S`3voJ!+-}PflFz=I@ zlRKZ+S|4#E@}jJQwzR)UL=~o(aN;4Y?JO?qH%dE6BYNu+_4v`;oERFxC$GdLlfC3j z9#PeH73o~oLC8I${%}VyIm&T_UWz_DJG)aev(x3%_hw*Kk0Q@LE9WY2lmt~n8cE}SJyyWtx> zLC&C1`?N@L0y?v8>-8czq!qp?KVbomsqA1{CuS>hC^56hW&VQmD$-7w7HFS;*WE*q zcTTvRY^=VJC~JN%XQq`!_OUK>lQ-h*8WZg0$@5@|Mh!}{|2l*Y=P)# zSZ>VK%WeR%{pq=5mcy3yZT-lzBl>)#`ukQ2GLy54h7X&|sbg*mc<_YUTv0 z;HUbx4@o$?SX?>=90Edr&98sqjY7~5FevQg1PnkqJ=0PWy@l!u!bz{#H3iYQSTUym zC~R+dT;p(&en`aj1K~%b>O8xc?sR<@7UCk*p@)z(rIfrNyg137bBoXbgTo zV_2oOW$JD>wsX)qr`Wf*%WXzRS4-x2KLOPGIl=|ng@%{|mLMuJXq9D+gni*CZgq)w z2@WaVrOsFydQN*Y2ZYa4Gc69>10Izh9Q?F?e&%8U(3C>H#yR<~p=cwCKh_9@^W5FY zkQw@;fe6{Yoj~O7@=R8Z?00%dAGkL&DOZaH~ z!NxQxs|A415^p`Xm9xI*90xwdnm=AXY8Z#nT$6;kI80YO>N&jmOEDIs+D*+GhiPYN zV=o4GIysOAnhpKF z1{-zRyxYZ0&}-z2q?j0fR|&H*OqDI;a=00lo{pw_gP5FtkOn8I=oaD@Na<}6a=%Ku z@7zo{|78?HTPh#M@C(aU5Oo0_Co~@N-olAfxxdwOXl=0Dxi zAr@5k=KF4_r%XN|STnJD9~&}eFT~n2K}o|N95Si;ee$HEsgC^g*a+=g=8Qp4=cvzB zRV2KW(-10**lUly`qJ$Mh*K{utRVDr*Y)R;jQL+GLG*PG1BOt5P{0=WVh(DqU+XSt zOXj8ES7!trgtt&EBgD~5eDy0U&R#pqBP~I+y21S}!fOobcwL=2d9XldY55H0CS@3x z#fTyA1hjYvYlik%O^mT2WJxDhAX-|cc#@V>H5Wr-3oOh;T70^dKeWe5-{m}|0vD4p z@i^M!kQY*JPExb_YinZ#?ShF?haqQXwKxz`+#8EPV~j^(;>tQlkcz6|7iJ zg6*oMm6fQZd$n?vm6g8P+?^hg{XdP7k-oiY)Ig$DG(ffWas^NV)soJGBPD?-E1CSe z&BEYngVxadGu8zM3K($KL@<~52L*e+y)8BT0+dI=UkG=Lq(nFa)U%G3f|EJ;my2Ti z?r?tWDhrLxxVH&&g9IFmVgqmgvce4q&17jD@o%RlH4lu@$1WEsTQ{vuMsTun^uVMbP&vei^2 zH5-@JS6WCasxydfcdiVPejBPm;nugoZubJF>|Gv|As56i6(`RCI$v3!6hipVQm9Sc zpVvpU@96`rC1b8SeT`0U?q=nFeM?hxj>9ulJG+OtpA}Q2=rLL;v?weRPgfu(lJ6vq z;M)~Im$fzPP5_DA`7BT2TUeg}983gGcg7NzP#W}Lcw1ol3?p8ZlKw8bj7zd32({_f z#7rMLcUYs><9&t%c(F$fkyBLa<=%9WrQw7<4=7tb>|!^%=4@vo)eTRXaKXO9ZjhQg znC?UO9^lO@D$oDLEqdbpjCgs@G?V|vmuufgnDjwv03*E5%*8qiUSb(9_Ayj$I8W}d z1;#D#Fqs)$R_Bqb)+O^gbz?6i(t(Wk2ZizT^`T_DL7cJ{i@)kSWnb}kt4x)6VGpVB z^TjVUgOQn-V!qX{j>mdSS3`l9(8436WBx&_pGr2?1G$ShOtpVN-P!uqFRf?lwk=1} zVzlj5Y~aM>LNJCKy#!#FrOl{{+d>!vR@4tXHF!qViKiDiUhrX6;n03|!z1RCg|S3x zqq&ez7$F+e%t7t=f{EW_>*X1BPlnyi<=rLj1XYpK3PAMdRi_3< zb^Qi0;Vo7DW%htX&K>&yqZMcSk4+mB!*AH=|5BGT{2ME})$+^if%Yb^&NF~O^!!bf z`Dz=JP~c3San>M9%#TSLP7~F6t^0lCx;8-f+H6=f`kR5+4_c>o>6v<>VN1Q*!S30` z`*A=u+h{-rXQX#!OG5{dr8c5cMkqR*(=1!P`pkxPwyEx&xUAf`K0)80%c?G27)dMJ z=!mInES&QD6N3I<(SsgeV7I1aKg!-+Ai^>wO7+0)gmIUJ66 zu2sdMK^3~CuDWRS&1#pbt~@zsLxZiM1t9wd3<9f++dsm0(E^N}bNuxjE+W?KvA_{Y zLXs)uD4VX(WVH`5$uW3a;DQ8iJi}8{^e|=7tcT(I3{sYxoYz*;r%cKB_0rL8W zz*GE()bh(~`v|1L5X1y{KK?L|KnBsrP$bbpsAELUfZzbQ$m$Y~ZGbI60vlTg+ZpWY zc25tQ4(8DPBV%6AuWa0%h(mB%g#X5a2{#;t9^~~S5cimx+?|4-jbHfLej~s;7_CU2 zvUW1~^Y(gzICmkmb?i+ozgElz-&i2Vex+SI@uo&)O^WAqP=Keeb5z*yCgT zl=Fs*2|u~rDnEhn`UPB&4qsePrHsvXZIUciPaU*B(wac3Y|hTQo;YtuPcw}5PGI>p z8(YO=HuyakW>|Ae4N}|NiIKAa-0z05-{7p zL_)7q^q?WB%!#AOF;Ec~k|_cw|Cq?N7I+x;@wVkqHjE>gvni|MVXVnl(Ert=AluTs zJKB$9nGQ^iZ$k*P%4Ugn1LQpO`@nucLQMDE(5_D8(p%^DG(f;vg z=A9n!_x}9yNGqL-Cy+MpruWCy(PMf&P_sfm2X$(y*)!QR7UH^eDT&7>>SGKSNaq-Q zh%Zo+!YE))79$1+9V&;47LFs>&)3pPMD?R(8`kD3zsjyQ&_w3}p$H|NB zWe)$G?$?hPzac0Lgw>}@PH*HxEgLm)VKH3TmHY4=#*lvEPSLbwHlQ#UREV<53SlVx zdwd3vqv@`eakuJ!JEAih`mx~?HE^;Ubz8z~L*_i#BF-*S_YL`}HC%g;uHxdMMNtR# z#pWI zmBv6x8SMn->1bRk79%Xl3B6(5?2EKPr8o;TtB$nQ80u5!>32wAuW$3TnwV2%n7MNe& z`!LypNJoo=d@F;nJ5LcN@L9(Ubudd|GMR4#6g&GFrHRjfKM-%oIx|%RtEGt~dR5@K zjwp7Cb01Twmq za}6y)B%sS@B%dsPz5AV4?}yLNA4u3r6A;QNG{?a&Q#Yz7q+2(dSyEtB*P9Cd-`LP1jT=aCH zIP@s3*@#m2R5C##WAiY^fZ~Jvnh?9;3><-wfAHPqpidp9}dCj=C#OqNLOR3XJpi8Q982%mG__H#iruFJ^-X%T5=jxW@|qV}=Fz|u{|d%t{kRFs8k3jusBDxL9BO+H$Lb{}p3Ze~32rP)L#tzyw=^jh z)@^taG>AjRVuu@|EeGMowms+DU<%1)|Gq048_$8J0$2ZT(B??*e~bp{OAl4;vBy#KDnsKxevtqy#4`M z{=?y(GL>)rkE>FKn~Xi>(8;GyOyZaI(x1k=!S%5G7AqxJgbqe7OW(jeV+cU?R9*xD zSiR4YpB4LaICw@jdvmL~o?M1hp)x~*%h4i@4I*Y>GD22A6G%(hbAh}gV14k*)UQR>Coqk|OJL!7p zS(f?Wc@n<2{mVGZ3As2`rGsSfwL%yF>Fa@hC-mya^>o!Jb2Vc9uu}0lGe@P2diJAE z-$n@j3Hdh+?e;S2xmRs099{MV0jd7LL(ejeZ0(%d=(l3^)WY89CfHm37NDMomiY$4{4HF zm;`oexzF)r5neLaqx50@KT2H$YAT9BgyQ@Ea zd;0#qyr}FS00~!aw)2vwV5LSr$8v~BP<1|n^|!94-F+rzGZsHTx^zl-W_Vyn7ysh< zvEXhLSvZ6ZZnz$i5XR&)rruJ}C*_@t1yFq6P9;-T87paHFcy(ki99DG_&(71Wz+HP z0S{L=HhoRhwcwkO_RoQC#||$jx4th(>B(itdDXF8fhAx@F(C{NXp*G+`k&s^Moy{I z=1X2ZbP!WK>h?cDIy0|&K=9FN@NSLv#K9zwsDU#U;0Xy`S?(eb?;PQPRDY0oE)ZmN zW4a!pY_BgSoS;pza6@xm$POv*6DB$but;rT}wVF9uM`RN-!?ei)l0KP^ zO>&U6dK`>y$9pq0zgytt$j=}cEZ(hJ{3G}Yfxe1O0Nc{;WPOX+%t!j3zM-`&kU#!o zj-hA!KeV6!e-TS;|6jxs1Izz@&goW{w#8yY=)S4ltM8UO@`?wE0(kS=1foG8=4fJZ z5JS#~z*Gyq0yyiv$!x~fOhB$-#lnlqF2)@nP2WGXs}>i4%AjV3Z4Q~j#0=KDt>aS{ zl%a^Dq{l9MYXs%*{1??5v`bP}!mkLc0c(vdH4i2gA3_$a@TD$*YHOQsFW8Hz(U07F za)fLg=%3E`Rwf-P6`=BrM(-$dj$vA?)Rzna))DCsZ9fLJaNZ5&3GJamMX!+ul5+|u zXfzfzTpZyJQi(+d!ZPts1QvuD3^;8F)(=vT1Ouk-ot@AoY6cKb#MRPWPD<+VlE*FcW|fy`v{irxO{r9h*QvQhpb&&L9jRnXxcow2yR1A)f z*Lghc_FmL^eE++7s`KdJ=+(&8)gH)=(0(;g>sHgX;nC^R){WV;wtBbzy8g-}%aq-x z&hKX`VD{kF3xj@qN{ea}jUCy~4Q9e=eT=Mo|BB@eOq@rmlxP2W-5UjeV zkG5*_>Ayz7%>G0Fdj2;2?`rZ%nOzViCp%=h@~O1))_vz=FmX}e?fmk#DSY3Y(}r>` zn}W9EFl>D?Iq=v(n<+K3y?4v=SBUD(ZDgCcMwMii>z$5Pg|o%o-vM42TsUcoK8o}e zb-G`aG*

      zm`gIObbVet({p)yq(Sc++2MsA#;{lAQ?Jed|1%w;pNlQFK23awWsAI zsoh%DZFhTun_RzJ=kaz|TY2}j`f~CEQ%RN?>3R`qKk?}C^l+ZKyx7Rq!#>`srY$_P z_gRkOZJJ*e?sKgfxJ3$fes?;Ts{ge3ZekVdpne99-x);zB#Qs+(juz&KduV}t9cvdLMfFVQ3h>o_$-K;=v z4kUkVFpUMfZELhYncb;Qm6TP;4t^oedYWB)#+=yIPl+IRRd9(IoVr z#@?5R%NO;gskY85gSu23&=v%5jY)kvciXL`#M(2q#o%L@=!_h+4|~6G0qfSijTwHb ze9f2;E_4TxW6aWPN*F3a=FlPTb}F;uw-N(SL!%l0s$@Q>R3;CPzS#;`q$nH?S} z&4JJ6Fk(POwQQ`NP~7d^!VhY5FKXs`f&q8}A)~57P--e1;Zm4EZt>vuSe58Wnaq^@ zHmpWJnEA%&G0GS8NUQc984i^rQFZ99YLcnwdq(f>_DE^T6_agllM$)a@@6f3$f2)h z%g2>}Igi`Ak08;Z!>KNL$(@=~H-$uHtB@S_2lxhs5E{2~tt+{q=*nH@(-WNWsU4y> zJEj;|md-!CKZf@=i{gd*8RC1PSYP!D`N+LE6_2$Ho*2N2lN+PTvJZE39)wruS_HLdo56hy5 z^OSu>|H)zsUyM4eh!O@*OM~sf7B{4(EtZ0{rVdBWLAEBGIS|OcpS4Bq))^;O?|QvE ze~ZM^0gcz@NnF^sL#kE)oFu_9SUxD2H05yA+nW>k2T;Kma&FgpG+uyP^U~)*iZ0!0 z^Su1rQSH*)N*0&J?lwXA50uGG=jy`Q@dMCkXt-biFZ^B_`)vT^vL%S-I%y9)V89ws z##Yj<&9zJGPN{q-1RztzkQeU7nUnd#!mK0ZUxf>kj0@)B4P4(hE_0cvM}acIK|-UM z@Im2&YbyX*;_&7-1{Jv;$t0l6#rcDM4sM3dPs>=(i{x6NXC=hW+>jtJ83!COpsWP7 zetlB0es+Aq=r$p(2mv=?6zZ4Nx#p3s^A;R4{ULr7#hE*J^?Ogd<@DJO8z$Cm0|7n76x41)rrpK%Elsy{UpFLqd3P26Vg1Lb}-2;$<%P|N>Hoc;WQMVqbPn3!M z2kTZaJm<2?D_T8nYEV@Tjby@QHAs~qbpr1}vKW+*1OpTfu0+lL_3}eXhhq5d5YAK3 z%zx4Y?%n`D%>8pKd+>bzKuQDk_jh$aj$>U>yAm6ud_L;QwJHlM z?4B5^#~#`MX7!qZfTVid@`nOW+|4}1IKrqnfYa@Asf0|5KjGO09^<&ilL|*mv&csX zeXE#f^1I2Jk6>s?`hX|s(f%80~#RsQBYDVdtwHo0$& z1+a3r$;yf0-;|^wAdC=f6+p3U@gqRrYLnzHy_5+A4Ee`?fLFSssqH&GJ!Q2FbUX@_ z@v^DE5Z|x&Z}4T@vNgTFcL$vpbUp6x!>ajn>3xoWLv*!~n@k#Ogk_bBL`+bGiv8R; z#c5^p39uq^R9$WRv3+C}v{{c_p^1=3f@+Nr3+vsuYV{Cy6eO=#BHpn3= z_3j2URNTzz%Pz4`Sr4R?JSLDGY9>2~Av-7`+y|5$(v}@^%yc|C%n+a9c1(pj*9~LDpVfgmOmON3lYYa`cmD^c|BfX5LraH2SoXk1i zgyJMUQ_qg}3#h)7fs!6zr7#;@!yiJZ>9DH8NKc5OL||#YPtPS2A0|mViz~I2(#>lx zn3|jqYtJtd*0dF6r(=V)tck#V%Iz^V!~G;0`I4I!X;V)K)N8QqHH;NSZNoIjSjGVy zfp_)5RSFnM@2|i)2@Jz&1b>K^03$)a2&=sn)eP1Y8B9jF+Wpk-VoRoax;n*PBN3>| zKhm(2UwLIw%*}x)0sL$td!sj?)F}z}^ZLV0E>91(%g5w4I2UUei8-~_I3G7o{h=rZOgfdlosxS;ujV`ojLdOTtvQ8<(G ztlOK1;Cj|v`qk%cL0IGh*yN3l4@EAQ{P-dIj}In3h!aVoVP)9+(R9A0>k>|2^bXbb zDyHtXmGXVx8{`hjUiApt9Nw0$I-HgG3i;fF!Cymj(pc)O-v=iTR4V$KDFXsBZGywB zW_yzn_D19pNCwrYx0lVqXsz1XA9EMsVNTXe-(ZwNki-dX)9kz9p$!~iJqRtIvMhbQf{NuFr1 zv!Sl@b+x=sfa~^e6lS|s##>p}qcoJleRoH_u-^9F7E5*eDCq6=GqT98C9-)|toxE=GnqR(&Ve#p z?VgAS5PK_Iv^)mseuTJYW2yMI4ONi()sjQl_%e|UXfrftZ~vhS?2#z6Ee>{ZGvNFn zBX2rJAd=n|>-)JZHP45YfYqJ=DEr9Jk%)uOv1S@PAxPQnY()W$^(w=yJ)q&i46fct~${6nl0x--g&EXMAd>;-QG8oPT$_zD43k1wfx4ysy1)?1+9rHYJ^tu zo^xPvJLZi1EWuVEY0CR9@KP;EDno7yH#K?|rKKx&jEo7hi1Dj!H}`Y2_0{KvYhraQv4cMOh&&<0|>SbytU9 zYWtMFoMs9Av_L$Ec#~=ZMcRyHTVuO1R4?2~7EKTLMhfqY03pliax#bD_O9j7$t`z* zt6{@6hnBa{rclh?LrJ*wdcADqHFRe~OYH?(;hMv>^hNuh3=7WZ$as>S0Sd^{jER4o z%yr!#Y7I;d7t8j&yrrW@7CXYPNYh)yz07g5 zqC&~!U8m#=1QeVXL%*M|4FKbU@+P;}tw)*2>>z2Mu{xpI)wieWu1DZZl96X2Z&XiMhQKZ$>dD{|{r|7%NK9ZFy|lwr$(C zZQHhO+qQk~v29!T*mGZICYj`Y$-GXw(^ZxF*_~B;FJub*orx*i)ssTlQ@Eqb;vOa^ zJz{cAR@Vi=b*SKQSDxKRghZZ*I1|9B?F-za(XVSur>0zSdZya9C6h~S=5eN|vx_Af ztt@f!BbsMksu8dh>b9Sc^D9+9Ibh%$TB8jFZ@=8cLelT+|Cc~E$w9;Y>9wada4_Er z-Xg^i=)}OJRTGs0IlmI+tX7hlyq}^}LN}5AoaYw_fKfB`Oe&xLlz|usKo`#dysmeI z^hp2lvR-@h76AtYWkBFwm#*)1?Rq!=>PEF5{@!~Pk2b%QbmjJIOtdo7Sk3n0EDhq& z#SL>Lg?9F$6o}}arttB;>0s%LE}EoaSV9sbyzzRsAg~38mKdq^lTji$GLQmNtv1W0 z*Wcsi?h46vkG0n0_4-P$-}8B@L_URXzx#C$>dV(mJIg9fxV(OsD6V6pOc?!X1zi2t zoPvg0!3Q%7We8|0IWk7>G0psbI}OdI2CV-Aex+-ylzQsl3Tul32> zHoyB4on_cq^gNae@LJa}h^{4N54b@h=69iHlTLn2*cg1PJ=oN^1*c^#<~o(8%s>eg zthuty0`H^|bGF)hmP|;&M`!*G?NCa7acF$A%AaM_%RZByU7jHz+@AA{g&t%o>M7<_ z*-!3K2|P=_(|JXOqY{k9;g58aNJlHzvTtiW9Vtgi;-jmwXi@y6MjGlZb-jKGY{{05 zg`}}EK=cMm51uVmD|Tw3bD2C#B#(BQ_ouA?WC1H$qJ*0jjqeU;E!>R)+u3#T4%mUA z+!*rozC(Ukr-{}_1cPx@1x0vbo^q{e7V2g;vdtpFDw^xd+(*t3h_o^u)wBq2H3N>m z_9-zGv*PkyxO^%KI%TqF!e3wK`Vtg`yu3t|Ut3938p-2g($svZs5uhTA#@-~6COGy zJXB2nR!0!EbNiOpbtpabDG#tS@;23Q* z_f!>)rYBQr5YISfb?q6*cXh?U;pEFF5$Gme3jRtbO+cUhN1OzxS{s+tJTivjEU8V> zDX7Xi#f+`I4IRW;z!0rw=-WgvvxStlp-iWjBbtpBs0}F1&TTqR@8Er>Ynf*JYzqC7P(jXYXScMXk z6&)#AHZbezE&Ig)TK&oYXB`Jfnr=5sUX6K*y^8t1?AJgB_78?2qnog2c+<2eW9ms~ zn!zE7wC*6HDAb-)Ek6W!LLw0+rnzU?-Hl98)^iEBXB6-s1tx!(xJO($bD)fHvWphx zaKRslg~2q{-z*XpQ|F_B;Tt==4`R~PfF!B2SMUT)1ov#&4S7fQ*ojdYgJL|Y8&$}) zN83Ybm{1ITnU>>8_E`iAEORg`D*FJJTFPEV#M{|9`Sg5WG5cYUBXht+j3<(37)L9a zfUu^dA_w^;IN6J|;vqY!o~;F#*C!1Df|y*Tu@yd54cU_vB=WbgU?nmX{<5nvRRM8)%Z<0q@k66_nsBFR=263JD4#P9cie5cv+lE^|+ zfK*i^eA7S$o!FY9?|Y3bc;68m@w1V7`ywH=SvxUq$T8~3&e7(@g$zjwq+vyF;H>H_ z1e^5Q#Ny?URp(XR>ol{n!SrMCjrM;2mbmd_8gHb6B76MmCzy0HG47O<=z1!?q(rTVtNpll*O-4D@brrHj=cP9Qo%Ax4_1u3fyVc zKcDHtZ*H_rI8XjvvYA6WdN7a(W&Iz>Jww?9YOgW0*omk^Rr8jNP5L#orvh@?nW zWKMXHM3Z=!%KJh+P%>;Y zL8>N2`x_N%&YeN6YAKbuLz(RfWa|1NLiZ?MAv~7ZY?&LS!WWh0%`(!wU)ROSW-7jZ z`%!!{-Oh&Fw=@e(@wQo-z8D@3@9uji2$u8YussNO6n zf>!2~i-WE-Q}$Q$A?Xt++^WDw(+)hjf!e)L;v~_E%smw>hU}S!M_1cIbqh*+0hQow z0}uQ2p%BMToFy%3b@ss`OE!99|$*~IhtY@IUB?C2R}31jz1idFQ$iU7j^%t{+kR8G_caSH&7 z_o#_{UZn5d#n$lyS~{c!Cx}&WD!eNbZ!Lf!g}-isjGf9%*UABA>(9?Y+spIw`bi!u z+=s=m&tte|BmJ0N_Iw>uaNr%Y<(~N@bdyaar< zfvq+oq3?pKg-9PiD8gBf!J29(p|yHjkoqi;BSICWgORnFA-P@Lh{fn8y$$Pu zAFFk#=5I6Gg$K^vpe9};xfo4}@!9nmCfOb>L=c?V1`_aWusq3*ZY+}@k!A%EkA%bx*o|($@^&sa52EvNf*QBfO>_~*XUKM#SjPEox^OcFQyfgq1hu#yIAQQ=(c%j zu5uBNBS0Yqt^M`l*sXY{bmI|kuqg?_Wnso=fUaB}B_<*tLb zOF6LI)e)_Mv$}1?OZGV}h(7`cd%duFZME#vxv~-6$tz&_^?M#Hw-aOa-n>$Sv1^yC z_^cR&*>yK$(E1Mi0~3V^_^|Ui+%2< zhd4z2&CyEa^hXeRackzEv7NWe~H9`uBtu1+4Vj!y8Kk(b-+u0?4abN8`& zHvo-8^(1&ETF<1dl7Cw5OK7A1GsQeHI0q^8Rj&#%L*Fu~+@1eYE2W}C^@TWvIECYz z^W(*wll$={3czRwA$-*s0Jd)Adw| zlZBHvAjiW$z~F??RE*O}gH(7T4)`bxUrD_ENHhk#j?(~9qCjy4XmNYA;kbaE32u?a z|3?qq$y(&PT@>e?1_%;l+c+-fU$Q4{4Hi9s5s(i!;MI~sP}~ax4H(vsWn%rBV;hUU zW8-F>s#k%{5g<{x-3e`MPz8tt^tA zCaLa{7WUAp<)nhgz^NO1mU=u?S+wE5ilvo-rz};0)HlETZmsKTRsJE@<<@{XkoytL z;567Ce?c|n@FCm^j-nB0l02Hht&k&G=fDbE z#P4=t!-BSo1^?V^9G_+tC2u%F``^wY@Z2ceM&@V>j{{@zIewIGV>OOsCO*o^Ws}sF z{-&tJ^9u68@YtPMW)*kjC)uok*+YMP1a~v(rS?B*TxLKwl)!F7+!^t7=fm#jp+{J{ z{W>yr{RXJx$(H}}@Vl`e1Vo1$+R7vMC}Iq)xDbSEhM^&Wx%F(Iyn|_iSVvPgYmr6+ z0`%?UtEPg)KsQ_6h9-jZC&wrxasVg{<)T-WbzneP@?Y8@wX)e#ZVX&gE|@_#cWMHs ztzxsdcNDV5kR%rZOcYdNnj%6+3_KGQT^>j|Z;`O9wX!>E@)gSc1*-8m=PKk~dNOqP zjwOiX1f?+p0mPfha-+ad=dx65S(v|ps@@Gh)f~|jUA-sY!rL!`T^Me^w?RT_?$21=)Z{yjU#kbHo#>6OW-^6lF&IM~d`HZ#v9DoZY*wY)2CMu^4 z1mgCrV5iJtfeP{|*uS9I;!~o{@55r~|G~j39lzP57aCeHu z=I!)%cXoE+>&A(XO$#W=lNznym zC2XHnx5&#>l*rc&A?%j5x~}|3hO_WKfm60pGXmDGaxzSqy|U;FKRpE|h5H6<6Gb9R zNlKT(O-Q5mJ#{Ycdt>0Hz&^b(Nw!CzH$WMeos7kKyYFUmefilg2@Hg{JouZz`<|iL zn|19{j0PDcCY_iJKbR0yA5^dMRC)v&GgT7sc_wD^j2JMxejsf8~{ntk0*z+08S3c?a>bZvH zFTJ%7ML*mr6`g}Pat0O@!Dv2szzhznXaQf+5yp9qlt~sumNJ@_+k3QZpKBpXY}fk> z{O!F;?S0D2Xaq88K=OVevXfR2P*@yIn1=FNF8xItH*P+B zZYx6C85hhCJFGi^F9*smy=}*9_Qe1omH_mv#2xBVw>QM>(plS_|5YnH{ayE*E3cp7 z<-Hp04^~cw)@yX|n!)mgp-Oq^oj2$?^h9C@6x_4``G*2{Q8z!oMY#ZjIJpf}SiXKx zeXZ}m&{z|GUTjPpu3Tdo0mxjtsY93UjO==raDpOr{eb84wcfNhLg>(?mt6Gzv>q_< zh6Cueza%NvKM(0~1IB^`@I7hE909QB`gy^{M}KoO;_2vl$U4qf!cUC*WYc%*aWWA%PwbF zjdI5d^riRR_G#%{GPaPWP|1bZphUM;ah05bN6nFORMik0?OXKpPX)rw7B2&_2@{gK z+P7A&VgZ|Csy*c5vF<~kLyV}+xU%E~5d8o)+9@gU9-Fvkl0ryLhnAf_Ung9K#?IWs zsocexE?8(WSF*BpYs_L&%4rea2)mf}pXKiHAAQ(!bK);D?Y>@a-fY0Y%>36rb^0}Rs#H{6 zu`$-<^U9>d(?&hcf3Q~%fUI9V2Hopb{Y!a9;}g#yW^U}0Ih=Mt_* z-#)P51s@P4K3{d)xw~@DFLi)-;|(#pN++J5E?@f-OU7&F2!v zQnY+(AUq;0fNKDF&Oa(B&H*c39Jvz1LIsyD{0sM?9r@|w9S^`{BsB9kd+m#2?|AiX z-0G2@I>tX65qX0?dQ1K=f9Xa9=s#yGeD6lzG3zSd{Z^3|);#uqiuVThb9uq7_gE_6 z;3r3>Eb@8Bumi(HlI;eccp<3y(p!DQS^5=HeA4{DGa<}*{Rd3N`5*Fn8Cm}47E&{s zJNDTU2>!47gTxYs-FpMZ^o~@o#22HtlI1K_5W6fCAUekFQC{DB_GzO551X;b;_mcg zG{ZhWW@hGtv+Cg7_F(=pVD)mC&O|7ZRJjwe!zCh!u{iFVp5Lm%4U#Aur!nCEa1OQq+@nBJMkA!k_L4?2hl68BqgVNa6i7f; zz^ooXh^K*!vBi-Pi%*wMIMVwD)^Xv($6nU%#?P*35JwBk;5okjDqyL7iyA!ti&Bx} zX*g1bGYVOFsf!AN0~aZx2ACe%VF=Q^hhwwH#at}E98g3_Lapy+kw>3%Nsolg7&S#j z&KH$%f?PuwXpfS1$SBzM1nEABcS+pF6S+Z?Lcj)dH!Nl#0v}2o5B+@2JPSTO!yhkp zq+b@&Kp?t$Qz`Qj=}7JL)qw~RZHYRO7j7Jbn})cE8jyz>#lndYlMW6ik>d&5(M}zI zog_k3(nV-1`WYue)WK*)GG~iaknrdr%A8r^ku-NSYnCrc0HL1L@5S-4D)0qT3)x4@ zXGEDqD~!M++b17>co;oDGI8;1qpo%j*(?X@etpOlZ~RwW=Ea^ ztgf6yr+k~=9uJGX?B!Sz#p}NCwfW)En6T%G+cDbpW~XeDA&qYN6F)8FWn9;oDk-g} zoK9^eu;#A&aL5u}&m0PeqSAvo1Kb+;NR?nr-Mll=J;^Rnulp|6{oV#k1BBIJlXOaw z8|=<}Gak-I@!{}}%LV1!t46&n+df2!K)0#d<0F}1f@q=N;1u&}E zkt@_N1Diu6iG7DVKBcrJU9_o(B&PfMQRsTAe>EN(Kjn&-y%LWYMu8en;~&I2ism_=pTXV5NQL5QYtTjJlqp~R4Ok+K zAoRRESkW}Xpt(I3y@T1M{*|v7La0cz&SGam%P+GEH}`|3>oLU3|H;6UeXSTaF2!r_ zFIr#;3fqF;I~sfwW}(oi7JLQ8t!kCgU@m?E|W*}R;xs?TrikY*Dh(RNs;Rr9iFB_5ymc! zN7;nSan}ZulhU5%r#ZCF7Kvmqvqrigp8hg31Vy1)&t6&_ibMdex&dY%0A;tG!r!_f z7aT6$X4+H^?AZ6_{wfYdbtwzDv;Hxc5nUoF_e(U_YrWVup$Cz{G|`u3{q4D*0==## zK((baK!kc%enXoI?O)yh6h*I+9ASskv{5Vo$c4qFvo+^tFgbwplB0Fq@YlRlwvD!g5w$gZH)KgP#1T(=V&1#b7V#x?XRv{_`kOBFRuUS~s>yoYU8x0Txq{8cn2xz_AXayFvB8 zyk1_nn%B~m=#0?7i8QwD&i)rn$q@~1)hIFSQK6a%|CgoZ;rc5G){HLpL5cCx21(+O{8j1iHu zrqbz~-+KOXy6@_2=jiME_Vj+-`!NtU40tb|M5o>xRLH|@`%_CLWX$D~e0RBYE}4j{ zVnXpstZ%=kl}1sxrqKmD#Pe5?ZMt1Jmh)u6aW6GRVJrfw<6`LpTy%Ll-ZNyJM*cZp?DD&!(hAQq(t z4){$5cJ+!?Ni@+$bzuf<#A5MgMbT_cm@@GXni5#3tSN+k#~d@WxMG}ZpQ82?lw|VS z`~q$xAHu|BGC_hvqmwY2ba8H~mk7fml-LS_AOKK!3!kS4qIm-X0!||a6^AdX$@r9 z>t3r~{MeV_iLjFS70sNL@s6q*y8u;mRIUp5y5RJtpf`Z7uXWeDw&jG37eR|8rkoJ6>r}GP7lOAwHM3q;A$eN@_XIzPhp<0j zY2qy`U%SJX6S;B%F!q}Uj-*ZUkCo(Nj{x{c;t%s&T{mqU4F|Q*{bR^)n<2hu{hB+A zSGrfA(fouqSk&{?-6?HHUnyKkG$Zl(&KA1`pnhFYjYB&(}V)*)wG* z!!!li9a$Zze-*X{{Onk&aU+^;&6bdNmg@)>j1gZqaqH~NY@nK&IPAQ0(i*@c$-)~L zTVmtMMXwq0$uj?W{~YKlwcA^n0TY@VTHvOom6B+7vDC;TF?U0QI_tJ??M|Zl-5rE7 zdKjpz>o%*CJpy5KQVpw0$|rdoFN>#QtO(UtjSJI{092+Eg#`;hfM90AI(9)r1!D(@eL_TvFI?2!JTZ{5UvwW5(YpSquD^ zAC5dYgWf!!(#P`ee#KxRh5kB6v^Z=aFT4n3j1(`#1Y5w!;;0TI`y0-ero$0}9V@wG z)3KKt0(7G>|0q6&y0oeiKT202pghOf3IOASCSr7a#_B;D55v#1S{4L?>$blEs5rM? zGD7^cjW@;nTp1|4fRwkrmB0Rujb*0`)@pQVDfU%z zyTYd$UZP8Vbyi7N!Um%Zi%{})w*tlZlXP`Ef=~6FoFaM4|zfZ zDakW%E!c3tclwtlXCGw9$lkCv$zKH#XlQ-EObZKpp%y!&G0+Q`*Zq_xcza~iA)^I04a$2_n08=%F$ zmb}rFFq!CeniZ#ogr!c#OFN5=nCRF5mi9xHxMi{KdvZ&U+lmqh&+gG z5P6W`4IG#nt)a8#Mt@QHOz>XBTeMM{!4kIWCRoxH2$%!I29Pw!(v215VVsIHw6voC8E;*;ilDk1Mq%uTI$d3-$j z-B_U@_PJ%i8{sj-E&{%O$9?Ufof;SX2-g%O3`h=Wo#=fyo%8a~*hr}iVJcKw{97am zcFwU5lyL3N^k@v+hT>rJ-vs_Lenp!K$mR`~|*-ewY)PseoZM)C?< z^G)Pal#}X80T4QT2l>dU=e|SNB^1G4tnnsfUqY8OjPx5P^&i+)SdvJPZB#x+bEeHiY+*U;9W=XAn@iQR-tvYQAv91o=uA!Ab%yK<)KNu6pAjl2F-Vnm!_Q7N zV$O`J90;A$2}Mn~rUS>H>)%v@WkRvdZP!btp;n^5%ehR9oCP_HJ{R6fb?l(57G({M`NN1nc^-LvIuHa;VW?T>Ld;6)+!cI z7!PXwIQ9o;!FVn0I1B*RDx>8kaotw>AoU2^SUWk(CoVLB$IZ-OHbR!usoTDGn=&wG zuSbk62d?%MPRyEmXl~V7FQrbLJTjRmrL(%VkU0r*ha^dgx zbbI=JXL%bIo?@BUMnU2ov}%wU;QyNR9%fXuv$2E+h#KCZf!2E{zMHx(stKREwT2Bs z@>$N=r!F|GQh&9zM=xEOsM5H4UTC0sXHzPc&dMa$IIDiMgnpJ*Fjcap=3_KI=Yi5LuJbga3s*G`tvy_V&kOT+3X^82tsr?8+PY4{(z4Kfp2IYF>2b1~e z>YI193`!7f{9QTUlpMdZDTL4AS?H9Db)!dNj`DQi<9+~RzAG0WBo;&wg^7X2NraeD z-`(I8gkI+t1bHM8>({D9MWPC06<5BC7UycoMpXuoW>DV#DW#}77!ID9VB?c=BqD7F z)Ot-Z7$Qc`9$-|XolNf*G%q9>$%g}@duq=wJNhJJByL=Z2jLN|$*KGy%i!WsvMI*_ z36%-Jz8KIm7hTu`9bDqS|l_oR9uv3ix4 zZbp9n6*@4cVM`sg;g|Ge$l%M5nKv7Dw4mI3FX1IL7Lvb#jQS_1OFg-+N{5@Xwu&da zTviS3B_LEs^<|#auT6@Zu-(_;YI#kJeyuY(J&?dplY1%lMn|LRaM8DR^(FeLdeI^{ zIAM6V!Ey4j$zsvdmCVw0%kP&=`4!~iNh*>pH z3vPFlC2Pi={0SKJA=WlZu70(Q3cC0quS1F}?JuqLyPpOZhA*}p&_%p>K6vqlbHrw< zN!9ZeoLyDHcTs=d_IEY$5Q@gacWWsV3GWS6`ApAMK-ES{uMXcBLIsD)J6ZLV(Fs?5 zX)LLUIa%)?Tk7kJ^+X^rn3slv!+u;AopByFsGgS}`39uJ4PXKP?GP)5=WENy0~r`H zkl~cuZG6EBktXjsLc*KG5z;)9U}n~Cj$o*{r_%=G7&H_ zaj-G}-yt&r!~cCHU}9lm{ok1(|9}15bcd@#&R!EJ6o@;dU2yk*UCbTb(hzon{|2D1 z1%tZ5+$0^y9?3c0@_uK#+RwZB^%a$wE8gy}T06b3uc#;_lU6W9r*UNhlH%a(U}$1y zdI4Mt+LK$L6tFIiE~W^sEzIBzOiawp!^#Q~odB}iHMqDVvfBYY0BmOL)B#DE*nc)a z2PUVdf#v@>=yL(+3RIs0DBA}B&CiJJY(f43DqwpDPQlgP!H|*F5u6eLm$n8cfc+yn zy)dygy16)c;|@a?wigJ17Dv}_3E=k#0MNS~09RMgQr90G#ROy`J8gr@t7}^eNCtNb zpeY6_7En}7{>K8gz|9391E^N!ng$>a&0ol(Lb9R?utX)5C1u3|12Ahfq4gmmDx)b8==TGCgu)X(@SOac3oVVPQ0BVIuC-9mtj1Isr@^ zT^rzh3)BMqOWDXB+*!eRTR`Xs#X!EbrIZMiysV*Y{`P=GUeK(_*_;cSq+J74c0!wGB8^ zAh*@+&HrZm?z^8jDq`vpsDmQ|u%-Z>`5Z=?BO{t~b1T@Rd*~Mr($QKWcpFEzC-djE zv)$F<$>si=AC0C4ciKN4!{GLIq~yTh<{B;q@wfhl0QpNln{*y_00w|7SgtV>b?Gj| ze|Es0dCH!-0_CSqE=~>r8kt+YpuZIq;R*Ea%IXj>OAg(=p#P2^{Rerl*#U66c4k|E z9M2_l;5U-)$lw5C|2-XZPd>}Az$_t*OBcfAz!i#GS;_rBdNwdDmUi(0!oQ}er8`nPGS zBQsz&JtDXi7h(B;pDcEdJr4JrAb`&6Y7ZU?02un}R|j~eBeNEGeg$=4;?W!uf@=4- z0LJRreh7e!6;)PIleO!YH_-n@k|TpNOPgCGC@dS<;PBAs5Oxj*i&_m1E`T2TJS79T z_h%Y6AaY@F0rnWk!O8vccSrSYuX%6+&;aS(_5=M8gdy@rR0n{pu|EQPfaC}L0U(3q zC$=L4P$tPA5jsHflHLfELGoAB27oNHA0kEfmLAA7{Wn@*1NDbU!EN-vrY`m(uv2v3 z|1GG$|65S~{kPECAAvhi@`E1OVeutOK$qo@7!kdy4{})a{cr003;Q9UXIj90ac_rax|@xW9@7XbD(n{sIYE{uZWyitgXp zKkPtWU&7en7TwjYYy3C@ls{_ez$3FWlb~<$PC-u{o?Jh}fFu*&_y{Vn@&7gw%=xoG zqs)EQzs-3IyuSuN&pigc-;Lhu-zoSvWMxMe(<)4D;yjUk#M45N+0m`) zc}*8g<$;=je}BKy2meY4JiKx~!`mw=iqq?Z!LgwM0Ap87(b(Yd^lJ|s{NneS{d&Fq zdd>&fHT;hC=l>(=&O=*(^*5bcjJ+Bre;z64Q2iUXJaIy04QA5CY(93i+c^M^-!* zE)#lE5M`&7WxTNsl&kczG5r$aMiel%9*H4uK4(mGb&S2KN>%A6`su}&V*bD*J>`wg z?NV>5(nI%kazW?N-ah{Nz)1E@MBU;%25P8b+%zxe%Zu^3H2Z3VN@k(0Z|-hD7^K$y z;mEtSxNvl`>)>^!>iB+wCjV(O0&-u3b30rxD_m2+eBUfAz4$f^8GX;`rq1Vs>={qv z8gqDfwodB1>Cvz{sODo&LQb$atdH1vgoqWHa4u+jz2{I?z;h6msgZzh;cnO(3jlD4 zQ3bEwmLCWo!wm8o{0a^}v0lWd5tz0R!m2;KB;c{tux=w3Zj)hAF zi+V8oBnurhwNGm5CDNn9ah1|Ui`)KbWUQruyeUb^YA4WPy3#DH9M>&~@LiVA8nelW zCkj!hU7OWXNqh~HWG&@(TgQG{*pm*%HTK2afF2L7`8?a@os;K##|-Fc|Jxf_3w_Iq z(FgG!Pi%z&zYiu1{SBtFJO5@v7JxR$}WH7kJp-r%8ye=}u%&Nm$XD zbHyRQ@X`y;D=Nd!)Rux#Vi(XW^|ZTApy5YxwSG?X)@5bIh&A%TIa@p%veyt@L zb4QP+{`wFijP?vJXa!KXeBa-m)=LQR%}&rOhuDL`otMh>R1nWDyo_4_dY7@33Hq9R z#=99uDIOPeC~O)A9k6mYY^p_QS)WH|9V#i|}81ryk1F zr1S@MnQ&D0oKN@{9OevJ9#LN-0qiRqrlo-0A?~GZaN#cdT}%3idlQQf^m?}`D-uxC zcA>5|nOa5rRClm>=Rt_6)}>wCQseFYicNVx@8~IZeoE)WVGZ}~9}L(;ROg_EYjPY`)vIL*U>YxZ|oe4v3*#4bNECAut8H-yF?{b%w;*s5U~06gs( ziR$kmZ8}1X8c8P&vSIge-x{8EG*T&~67r!RMbj!QPL-5EQiFd|x_OWbQ?#T2{Nc_6 z@{6h)z0+TArU`pLM_wZobFPisO?)_2se?pnb=NAH7`-M1Ri8u&goPrm?fqf)4L0*I z+m>So=RNyc{ZBPH{!jFs!sNx;a8hp3%5x1jEFQl?T}=b2|U+xj6A{gvTT5W z$m~G+sDoO8#e1+4`ynpHT*f$?pg=rba(-b9>aS-TP6Av+BkR=?T2E{Yu`b))6yn1z zj~wOp&zUg>;eYm)>Nk|oxgu$+Cw9#PVM`6})F+$7Ias&f=+2qi?bZ}qC*H+LF+^8l zvt?;FY^i)_v^tmtv&evRqH`*0L61d$S6+HGT$RMt>!GPBe4%T^pFpn|!XQnI(^vPssjsDXY#<;4ADIAo`*gKaOm8FfLEW% zNk(Voc50ei1)~%QA@iF1GKCIaxG8m|{b{BX2;Anf|BEPW^dyHgAd#pT3y*7tj?j2^f}6 zIeKB6`s}*((MO2(6AhVF6|%v}uD(!k`N7P23AH)6%}&KB8sr2l3MYVIS{lYM6*;p2 zp&);&_NRt|OyQyQC2M`KB*nG6uV5`h;Hs^3cSC;2kkqxpmKZ#^Ie12&G22^C!ReJR z-7bYN!@#2Tp!`dKpf99$RYkJjG>lNn`|-TfU!X=gL+L0l(G*8r8Vt$ad~d)#HqL^S zjZ|om17AofMd|o&WAvEDClpKgINud3e_X2yByzrbMu$5u=38>qAuaR-A>=}apXh9+ z%b}otTu7}ux7T^nCoP}vRrNT*<2%#OZ77aWA}CV&NZM3hWYQl-k@InHCP}+1T@K;A z<+N~`m!cK+avGauRf-XjzprSVHMs8sbobbIZ-p)&vb|n+Cj}$4GPzSI(et%Yoj@|w zJMfIexGusWMJN1DitX~f)?k`hZ7rH8CZ%;`)6jHH%}gDtNl_iy9AAdCvxXHZC#9c@ z@xb;puYAnwFMu{}qyDK+O#rt<4=H-~D2?fG#10XDGUHJT{&tyvYh{hG;g>?l!A~u* z$Z$-J9U4aKltCi`gx7XeGH*5&$DMFh1RD{PPFJquxCO|!RH@EziRe_c(`{2LpOu8_ z_3Pz%e8jpF{qgnE%(dJ(z=sJqjUXUlj(lLo`tj zidfMd*kUdetFlr!b5Dx=Hs!g(Ze4QWovD#1t-4EH#18NtV_OKgltjJsDXbRlQ@5Ng zpTE+RD_X0>Nigx+-~${kxr@* zCzaT-lzTvR%NmkAIIA4Lq+#0%8$(v{cRZX%%=jzSbp{T()I$uueWrowjP2RSCrr29 z!blfoULJs|8gBUvc&4^##Kp})LJ7@D$FzDqMB@*Q@5y0yu`{K3P#HUm)@6!r;bXUg z#>p^MGAmC87F=a3S4B7o++8w(IeynM;@r%#Iy~(YQNe^vss=1447r6#1Z$OiURqo~ zge1S|A|cvmoZ+2*F7OS+j7#d{oEoVwxOYd}aINM9l_6ub&36e#mSp&$z<}LjPQXBj zWH>$CEc%4=$0M9rjk^IY@Sn5vAo{EmE^EZmIcw(hy&pL*^!W0Njv<%amA6rXMHvaD zod>0n^rkLcpCQd><#DKyN_iqsIk-G>q^y5dJPY)hs#;{gMol^64(xttCL!QM?s~jl z{ryrrR-6$lwkXeBI?p>B)^*Hyn^5Ga)zI|La}GE5(%WXOT9fB+vLc{`xk4YSC%*Zf zt$&_^pS@krpfPjR6u5jKCTqzN1t5#@uvjBpKrEIsjrUsJ%ocF~Yxr+~Uek0nb?nDd zg&`Z)*gWpOyf%Sp?9UQ%>XjiNf5eG&w-Vy<7`0H*t9dYAZyzh@l-M*NY&cRq0h^1E z?j%yFuBEb9_sTXE&txlf{@jsDylS(8r^H9uGHQrXx-j}Uxy^z~Nq+6Xft?l6dlTEp#p$OG1$#9!-d#^7p`{TG7F2dKj~p#3m4bhNd&tvn8zfcT#abXSR*UYwg(q zqm1;PDtdw;<$!79hK_TrvVXLGLy=#6vN~*cFLd6!H0s$C!zlHfXc7{+UKx$|cq+ZD z@_YETZ}%9VY0WP|3-&I1RV*)#wG^&cM<-@d=#czaJZE~EY^Dq2Q#vH&ZZG*x>^y$x zp9B~Qg|HBqiut!UzE*!PCq%c|uAqb}-l8lNZJ1xYG`KMF{nh5oqKL$R+r!j>x()A9 z@`%1kdyf>McA{QD@2U08l2=xktFvFmzfV^Wy(oq&Dwwpg~li;ti69HdynjYFLM!q?^g(;Z`&k)E>GUH&H>)1uJDqm}m z6-pVm#wD!h)RYQgz1~csW)xBu_qu^2HrJ@55LruLEVhgr88B`V#Sih0k93_T;+G!$ z15j_1yUkE2NhAf=$J2z#MXTp_J;dL;b*%GbogS8&I035Jg1&p>GUII8`J zB^+tZsSh~Ow0sKGOQ8cpEl?}r0b|ZYRUL4x_L3Sn4{+F(k@WZr!CgHy|J<>8i(X2; zKLqU+8asZ9n|;Zk%~6Z-aX+U)H#L(U95?bD9UL%0F%|$}&L(zb5XA#jRrns7i{pT* zd!GW?>3F1Iot(Y+r@?`0_gmJ6R_l{QWtf ziIYbzXmJ?@&}oiQ4Uv2)aY=U1`@qsvfq~GuPN{iqHyB&82?~Mq#`>Y3Zm1aFj6vA z-KMFkKBn$+vQqBkUA1RV=jzp`>J|Eis-MS_xucfXdXG!mny4>!JhG)OL~wiUWReH3 z9zs6}yJ-j(b%hq~o&;?)1ql-P&88+UaiyT2GQM(Wabrs2?u5hNa06IK?&BpmRjzE+ zUN_=Jy#>C5o{Hh6-e}n>2#cqL7RtksMouCXJVjd-6k0Fe>Wme1XKW6n9rc~qqJkwY zh2=hhs5_80)nMK?FD!oig-TYJKtVho-NN&?6%kpD2?(|ff9d;F;I)_CI`enD^0I-R zlODo+8adSuc(OC3wM23+HigjYu`0S4pIg68WZ7gLI7i)bvPie6AEIDR`a;f7GHHCF zB<3{W^k0yRL&zmpr9L9tW^m9QgP zFA=l5*5yLv(qE$~Gx&OjDx2_&W;Z6`_9tR0am?fI@1T6<#_SOLRz(O>O;PXB4y79C z4P6_fUA!M>QeZwjf@_?_etkH}ZWHs$z{M1W%^``q0Y_M0Tnw=9sH_~CyYNElth++2 z@A=I5)e!5F!G+*%WvPvjiuMaGCm&0k9u=HE=SzdI&)V8t;1NY9w_3X^My{myu<)?~pzC;jTRq`+P&riyRXO}k)Ypoq_+bQ$eD^O?X zd%x<1q_aVA^k4vN1oF4uF}I_Hu`&Y#b zw%iqH2f_=Lm-1Y09(x+K=ga77QQ->1IJ41RU>ug{Ix$NN^Xy&NUD&+nQ6I4_Bv|N% zX|f=9ntrL+9wM@dZf?Zfa0$Ka8)h)VP?4v@W0g7L&*ZDiGTM#t8KDyR3OtTv(s@9St(2epCb-2GoJ?&y$RIDNsqqS_@C9*KtOC2|&lm6LpIuIbZUMX_V={ z?f|XTrOb6@M+;_yAEEdocUWaB@xK_%`5)DuHy6yk8X#7o+cltZ^%nBp61hn{XASu z|17D4D~w1oDMe)`>WvFSsl#L-H)+W|&Jl>*d@t}}+L0}&n5dVh)}S~>O_VS-hMYj! z=Dh54a9}qg|67)RHNls5yvydY86g`ap+Q&^wo$A$56A><;kf5cjVF9!AwdXbwQD-5 z`4ES3>G2xkmbDItCHu}M1Op>qfetM-M}jP6|L3l+D`p2>=vW-$^I#*?R?f0lP5v+< z_OvRkyr-CI2i2bB)2aNBKbBc1IaA&Fj&V~a0vcN%5YIBxnlLU*bHjE@T14xQL>KaC zoH7WE+q2bA;Cgpnj+6sUvR37)o@A5P`y7zH)W@VSD7~L6FE?3c9ODa8MmU;Hus9sv z2l`W#w94X=OpSlQ4lBxHj2V9v+vA3z&qUVMqt^XV!X?C6NFZCY3+zuPWUP%RrW}Oc_(tClkodZyr|TPyY=25TRqA*m9%U?y$A`9Fc&sXi zxrb@cZpaL6)^l0^nk%~>=8O|KK<5(WvZ8H*(XlbPCX!f_o*?6sNCR`Q6*yIKLd4#h z6y{oC?*Sk5HSTE--Qlq`7sazp+JI=*PP$7G&XM5V*BZm;fFChh*QC{X+7w{2Ig(y_ zQagb?l|V&FQH-V+xBRv8>i(w1-I%`nIeX%FV8Q5jyLST^C=7^of-+56Bf1_w)24C~ zR%q@IugqFK4!NDzcN~|$V)KkTx_r!#V-^ecW_U%5+0O!oT$VK97y6W)DpUt6kV(|E z?$=#nDfu%vyw0I?;G!YT)Za(mT3A5nhssf_2?>~QJS}$V+;oK;H6xhP1zuLF8od@6 zS*H(k*s)zrhwdVsZtKD{=Se2p8^h=xAZ~L~z z>&wi%(=nhD=G?j{4o^+3vt~}T@+kZ&+nTY~FVffmt&3?~-@np+qQ4-TGPr#~&atrW zD!W@{_|rmrDe=@4gNX1szkeXP^yh;IwGM}%SS|PT{DEZ|xWy*ijcXWK&(rRnWp{bU z0YwyGWtS0KWZ>pXp`F*065Lw~IqqY)XPLy^-fifFM5#i)iIjE*gFy90W_<~-u+$0Q z`vDD%F2HsCH5Km@A;ArX^$jOyfcJ>BGXUai9a`Wd~@tA$r5 zj*+q+Z-M>+;yI!$Tg>U6dfCxnHBE3&7!Y8lrK1e->Q+Z5fM}ZuAmAOGV8L!kfGAFb zVptD^GT5|nsLU}PTY&G5yj>OFQ3evYhJQb}tV}y3L$URTNSId)@;{NhEOA-2f$Wcw zL@Fo>IsRZDfx&9Nk$Aq99L7N=QeoL6r*TB3}T-Ij@$OVo3I zveuj$-dcnQj>_=vqDW)pJ*T_HV0lR9R?yN9>o-1WS!5MaV4l2ImZcbI8wt?I__1MG zIh~sqgnfmtupx11V^5OMU8ze&p|xo5u?0;EjiI&^s3v$b0A&c`hpje7Ve%}K4V8<= zv(4}7Z8*;g3mU4`qXTUFh}j`G+i*>r13L0M{4WWaIn>*sYe;@#d6uf3Bh7H-!KOh; zJ*m6Zgx$pO8?`e*uibFiQ7zb|`{=flY8^v9gE58{ZMmTYr;JDZn#>6ikQ(6|G`Qtg z*WVyy%s;qR;E2$Rs_*JQ3Dzl`uY8o$xKzM9Z#pHy{S`JBI783z@kK}GT8PGs{7ckP z9wx>{rKMa>aEkO$Ap7#nP30qJo2yiGcX_wCZ=%*G&A>dhsS3o8O*rh z!)|(qk{_*xSE$9lOYQ@LSZ?GNS47uOOk>5Y)PHfdI1 z4G5FCk?R+Tk(&2<#g3@;h(CVibz|QbqVAP#_@e*R@!tJRWc1()i807o11I&WXJsP9 z4^|tmB2PUzxHBH#I~kD{JkoHd35I{@yj^emLhL$*h>yPkn?;pG;KpN9x&*VfMu?vP z!7_ZH?5C-`I=EPYK^H^b_3XFZt6u8CbMov$kBcjs&laeh`mP+8%@9*j2DXhm7}ivF z_;|RMYQ*J*$pW}GB7kJHTsz;7WYUp*UzA*(^0#LmCCiqYJxFNDlnO&*zYZ>h*uo>@ z?!Si^{TaqozfgDHWM>J$8|b2=WZ5DXKTD%>Hi&iCg=^=|`wGCyem^@d+hgrfp%Aq9 zOm9A%rReK{=;5ZM(7Th zBu9y*!n^$$vHA0wi0E7nWQ~j++av%_tsHW45h|-!pN&} zVF+BNoOX+!&w=F?HS4Qu@0`gQXECu6PSY^UXrYJd`GpXrA1Re0?O_`#7K19nn1$cq zA1s+_FK8-UqXnyqSDB~M*~-7q>j=0j%Q--_b2aw7qp&n#*B~rh{WT2>Vxa zz{)R-w18k6+{9LA>p;TheIv#WGUAAy;|L~hsWMFaQO7|7=C>b{6HnCTD&JMnsun*U zF*hG?-9Jt91{wLI!Sa#La3&1yo{1b(H=S=hE0<@e;Rl8wFR_!}+wFs!*@BbW%h3Gv z%N`Oed-Q@aJBq9qYUtie68K5>a(cdIjKcaE>cAeM2aT@OK=JWAjQw})yaZEZKO*OgZ?XlRiS++yx6~>SYU&>G>}e3BZP>0gRA{s@H=&E3W@Au-6U=%Y7}F&*YaJnUCESdG&qfb zL<+RhHVeolAuvG;YMtfYyTk&r;L0{bJ0l#Ffgmn6|}wwh`pF(!ppH#u1pqQ zQP|rE^kTBqBpV@a0V?(|qbr9hUA3=wsSkdANh2_O(=&cL2g)t*&%2|>qFx&M!TmW*2sWcD~!fH>;3ZFIe6W69n9hvUA;DH7hg z4yHKK=6uI*Z+Dp&hr^PsRz!H3Bb;3M2?B;uK`PN{23|r-SDrS3@2LmJiNfwapcz|# z5FOTZ?0NjCF+|GwmLpBo=F7U}McijF_jTcBz#BgQl@yr&W?OfqLSQY`Sv0@*mF}vO zp2t_vEdOh?MvHtVe1`3O7M0=W{vW$3R~1<0e^e&nLYrv1cTI(b-vZ8Rj71Q_-n( z;LyBo6clA3V$lM2@_64K7wc-Bwim^`puFjuma-#@m!Hf?lI1QO=I(jq?%3l|w3 zTZHg2uI_ICO0y0ixv%EGdglI&Nf(goC(oQkM#~T(DOk!;mX92sIycRiuaUpuJ=JU8 zG1=9Ln2r&pyx)84?YTm;p7oU<8n#>cEBKe87?HDp(3aFNgUtbO2%TYfWfs*% z<^0EtuS;gKi^sXa-xfSaMqMSymKB}k)r*SUg<6`3!D_~J;#(v`kvjhBjJSu){pD7sr3eIuYQ_3CjF%sxH-TZ z2B);DsK~h%7gDsuJ+e4w6oP{+W}h_mB{}Z(;1ScP%TUQf$sbI{!}IKyY2IQ9a{L|M z0#^IdZ04Jbj1X*>45Q!m`>H&d+Q%asHpq0 z;K-PK_6aS>N9qke4z#qiXa&m@%~%mih#)*Gr&PS=-X~GWGsc!&QRLvE-zQ9&Px&sT zlBF`$G3Qt(kHd4dj9e8f{5t%|Vl8X?qzB)QqIAfi@5HogP%ts`9F*phZ>o1}2G)rv zRLoxUe%+SfIrxaX&G$?lng$@rI>cst7E?(e{+1Yib#p+bsiT2v!}Rn5)JMJA8{p~l z*!*0%A}f#}|FfB=`$w(ASA44?L|MJ?FS$0ww5sxBsnmP^=-8;acue~bSzHF z(OeD_Y=U&nzo=n*|HMdi3XmQ3vz}Px6P|>#ZNOv)kiOEFd--gO1G7 zS2#*Yv6n%AM&p}uqnkOaq-3begRGtZFNor}FYdxOUEy3CDI9~*35Gr>em#gEPvi}> zqpMHYVr1vLe4v-lP{0n-Kb~o9HHH5=ZM;#gu+&%O)e&2(IZSfNcwlB~{j&Z-Ed)^- zIktmzMp$h8vJ>9wz{CGR#&~s)2olRb9NdX+u2g6Qr5aF8eFhc4JsR~UXzZmn5XoS*ZMXON(pkc6Yw{>v9RCI#(sIrkg$ zTF?ufyMRtVB({~NychmRljc#S-1g{0v3*4Kz?-$7{!sGP|MA~?>-xJbHrIQowD)~v z-%OzDjw60REBD!^t9lzOC^=1G1jwsDQ>$~&usCve~ChK#X z0cl-B&o4r(1YK+e3Kv1Lg_^97%&@u9Mz^sw44mCCY5W?WXO=&GY^K7vc30urIHeEi z35h^_~$>12=^+J|u8GdI3lt7vo~m;Z?B zo5qKy^RtW;ZCBcw>orsyf5d#WWj8r$XxxEMfx>;#BRqMn;MD)q;8q&vVcC4-mxdr^ z*B8!YDM)m=qb&RFiQcxF3mB&{9xLdTFRMOy;B*Z+O{lPs-a=&+%YY18)}xzhfCm>Y zJhk-otC&2PCxO5B5((OKx~<%=oR-_gbwA8(&W6xufdI-IQFrydEo6@}dZSO5dqz^j z0=BT=mWxM%7t_97^R)wkIcFQTktC%Due>#gHT{f+FrNF<29zp~LNE0(p6v}ZxYVOF z+FLkr+s#{8j@w-_!&s_R%owy{9_^k&gO(-9G$#T?caNJ+I+Zb>N1#4PFc#cES2|&; z%63ICWu}SMi<%I=5SwVO$&|WNT;a4yS;BN1G_yO?Op*U^!V+?zAD;ge)q!cbpZZa= zGOX}&wZ!^O)u?baq32xhwK}N&D z0&4C?rm!J@DZ+~n^FzF?fgaZFkG-p^vEpO9#){1{A5;nXZx!s69w>+v{@T5_ed%iA@ ztzVp_79XHxhLdyi2}$%UxIQ^St)e(>xR^i-SegpLigi$tG=7#&FB*CH)T9rdc{AsV zm7D74tEFIpU<^+3$vylB&5P5w-t@^TR|o6!PdLPn957^b+1Yw)2w6m;qJ!7-VDx-n$3%vcto+nZ$0y$Rxu zgmoK6_7dNsm5^b$jW2cVh@ybeA9`QP67dm&g2n0mXBfWERXTROH$sPg7wB=OoD;R& zioPpL(d(IpD|8%pxyYjjFyTom?;PExkDidbzaxjiwH=8ga#D%*TFst>-q=#&4| z=6Yvi`&*o1zE_D=DKQI~udr%l-oq3>)>r{asR;uldO2|&H=6HP4Lqz0O_MJcZezww z@nLJ<&ORJ59eg^kDDPT?b)}i5oHn?53hQ4P@r;?_ewkx+|esRBPNz2(4 z4R~tcY#eX4W+-4|CVcZzyZ>azfmyw$+eDOQ@1?drafY;`6HLYWeVE5TO^z4mz#X^= zjBHCWg;i`84Ef+PAd1K^Z78(9u`e{5y=h&URoFQbRi?}>Q*|wHq-Q97g|csIp7|Ex zANnia6LYhX_5C=yeDLWP6S8TaMdan7y<-U5M%`n)>SqWkyN~SwM-p zFH@jrDK0kTbq*fog}RvV*QP!xqY#-YRU$Si3=Q)Azz=pz`sCrT>u7aMHUwTy+*$z& z1>98)A0k=F_o@0Mn&{vsV}G%aGOx$05OD2*IHP8HO`JbBhEe2 z;&P~AEZZt`@znN}AKjLtOx?KqvRzzuRsKfN-Ev^l#I0oKNdpU$SI)= zHF8r%i39R9m3*7~ZWs5SE_R{mUV(5~+RoCkm%_emSO=a?H7v8yR;i9_L2!SR`WQqw z{s+0NWY<|G1lbR4z11=mqEtAvQxe+1Z>o0FUu%g;y99+kzO0~O$9OAbJKS%_!KVTv zn4-f6rWUqn&$RS>mBG)zD6hUKv&c-Y z_mId-&a)9kUa8+2#~K&L64rwY;8!8)Hi8T|_z=+}uuW=^MnD}{-i9fbCL)IMb=AD} z%S7=a?!FGRZ~y5na=l*kaea}p>neG3h=J0bTOpnvd1*ElnJU(qsEJ9%J2?T}Uqm^V z6@d?dClSQd<4Ti8B=^D-rq1$Cl#NXVePz)IKb3ZgkTVS!wQTA)hu;aOX`NH~SY{+~ zi+5Wp%8kQ1?qX*u*LiMEf5!!X*7}r=GaXQBdi`xF^)XwH%WEIP?Jlzwubt=&UuH{n zIC!j8z2~0DaB$0Ej+gGygBCKku6n*$H}=JEnLC=3onQl>V`g)7KR(bDBb5*?xmM%$ za_R$|DT#hZa6d6_L(F|u2n@Qj7=c%999~vU^0E!2mfX(y zstoAaK)aS&*I3)=V`xadOt4dYsxm9(rlnVpsuXByo_QZHxb~^}GtwYl7bQ`Qn9Tct z{P(h-QI-cI4f2__vW1!h!?tG9mmDe=fj%D^C0J@tk#8>TC)I0@njhaZjWXAP9TYao za&3V7C~a+Adwxhw0bwE$moCj)Whykh=TZe*CjuRbeaj7m^Wq zX+#hKGj?9^Y(2epr7vyhO6SsoSnqh0lF=?a5p#TcPL>gr`x%P`T_Lh|E#x$i=KA0Jm#uVYxO zmLS{r)7TTt#j^~X)cE46+K5iXNy9YC?K3P7Mti3|f3e@uv!pGQg$Vj!b`q1tiPJzS z?uMOO*AR(4KSx`6SuXbO^&^~4&GoJ*{Vl$o9(^{kGUN>4xi;=bjBA5v^6ah3V+?`; zW)N;H-k-*GmXI(hm0mn)xm|y`@RlRsD?{b=-N}wGpn`~LQd@Z#c`%Tq0d8;%OV3!9 zua}1o3PJEHruI|H{z|TtFd-WF=vot}>m7EXM^2r0OKShq<{2q%HrA-9_;MlE=@cz?mH3x@6V)2!c6?N!{1$P>juJ8$z9)l8sP6?uXu>5 zk9l)@0YmvQ#nv$^?EB=Fs-4L1N|a5nB=d#T$cGc^+vIyHcp><{EKy3P16|}(+{T2l zte4}aD3THT!!{2W%_<>LqipO@Q33#FO`VekcUQ0(R+8_R&Dizjt_1P%ES}B2%9w2b z84pR4u^KR};cZ2P^MbD89z^g<8+In11N~?Ymv}WP7*c0XH_{jj1o?|QI^~FvES;Yz zICAq)b7!Nfn(B?11@Yo0{dv(w+vGSm!z2@6DIfMB*-5&#oGV;dXUCLT*(z$5zTFfV zm}6rKPPstJ>|l;Aa*?0yiSs1=OfG5yca&s0G3$~+#wB-82=V=W6)A!kxBi6jaGfgLcX`b!mmq z7>Yn|bCy%w&PzD(TJ~Hx3pDDa>f$nF zAm`OA9Z+oJJZ6?S#YLuLKtHu1dqZ!sJQ}M=#YB80rIvLW+G!H=rGH2oF%@Ko*C;+; zDlECDPD7rmKTf~d+NG&C+NZo2Vxr3*8(Ep}?hC|@$b_6ESt4Hw*tEPT16qzjCjHc2 zLX!x73qtHjX>)!5JZHSwM=~KMsm_dlrTy8}&J&>;N1e6ff|Zos19|4aP=0sNSlM!l z#TwXGR(TZ`8I8L?LLlGk%$@uBn?mpH5u0&}H{)(J{cy_9sI5pf_SRq{*7q`lq}v(E;-1_}Xx& zJgHnB>6dXw?~M1yj3zJV{q zNgdjtRli!zR-EXB{8-1Qt79u=>HO9)KWp>4M5Msm&fQn98a&<8cj)-XEjgDK)6-nnW>L08&>a;l6~n8L485t z{3(H~Z2cWzPv@isl70$3IurXn%g+Bf%KA>KHN?8 zfy5tunqUDFjryxOO$lYP&+`7)QE1pkH)voiq#Y%XeH@2=>|Z4PN~*CeKm;snVITML zL3a-M7P`T}QK0tl#1s7|)tL^OW@iH;a>3v)%6}J^XV^tgLi^1*;Of!u77T+moC~1O zKl>Z_ZC^X^fQfT7xnCWOIA_s}#4d>y3 zaHQkaYmC=EA9A^KN_Yv!ZixT%D#JUuD(${UW%^UQL2GuyX;vngCgHCpy(L^Q>I9gH zs|BBREN)~ve}a|sNyo&|$b*D=7vwGt-tj$(>+_9JYXyAoQ4nq-6Ql-r{|pN4lfnl0 zUZM%-AISot^NSKKT98&P8<1i}O8}^oWQVMbNWDX&V#L9qjn7gWsB1!tOTfkhOAS(c zu(9*W2VNXhIQgXN%^mF5z#DJv#AzZm-d#vc%CANIv;?KfNsqnrz~&V1xO2F8kGtHs#LO|2NN6uRRp)E#rPa3~!3ED;x4_v9&)P<`#isAYFTXp=eq zYgqbR^A=>8Xi3TSI{n6h}aQhr+#WS{Qza>Gx+`wKC1< zT@)TZSpNkqFGSLC5%jE)Ypn5>;a-!7w)}l?m^)zu!BEna#L}$1Rle}*esXrLtwBxY z3EHTm5U>zpF8K7)aWsIs+?mQzQ!C_I!@Tc^s0o25e-f$g2Q!eX>)R+vg;Jmu9Gsm; z#e~HQ_McV1V7$fb&C{jP7)^%N(*Cf6om(mJ6>ql@5zl zwQMS_@^!xzBIj^kMmlSOZZj0gt{(HzDRe`dX4a_iBF(t;tn@el z&iV^a>FxHl)uG22Wq<{;Mp_(+HXr~gy9MypEhQ>i25Pc6<0ZSp zU|N8RaUbVBrMk(9r^vZ}o6Df@%k_l4Mn-;T z{88H_NS`Q?>nGjARARl;Afh3)65f8KhY{<;lXX5CXv!o759x{Ko{DYgxbsad z;z*A^DNh_!!9Ni7fb|UL;vsE=56RLE)sKSu4UIMpO`cv_I;q|La3d7g=x? ziBKmchBAtwT0}LH!gndNmj;gRDI}G8^pBr6GqwiwRgIc-Ej_4RRj9|ipJCNTiXr$y z;%@9>Yi|i&068u$GB2Q|7IT!;6!WfHE4LW`T|l zqo^oF)49jPUfN>P?&Rx5={4sa32T$6lg?RK$Cz5Nr#0$5Efk8t!J*8D>+5&6^_u3~ zzONemY{GjPjzIV5)N-Xl6CHFvOgC->Mw&VFF7#4 z4XQe99a?9GqJ764slk;#u><_eSFj{bTp{S|bGRISmyj6#P{S9naei5v7`UeCm|cGS zgDgQPEU9*d74;{#R<#7u^$Dy-djzG4ydZ75B+$^~Hk25<1DUSg4gO1uoH_!@>`coc z@=9xPzNcfYol5l)7U~na)kQ~^hTeKMPV$WQSo1(93`}S|$aFnHYWgw-2`dLg*a8vN zd9l#T1=THF%zjP#QJN^h5b_3G4#_dBv^}rmlQ1s$rFUX7Z69e#bod%J>Q0Cxg=gGl zA!6}aYP-yjkE!&pKzGH^RJt^p@xE{+y^56=0O`cYjls``Se)%b!|yLpJ6tW}E5Ea< z=$*&yuP6LPlqBB{Fa%pgY*|n?*WJ%M#%h@>`q5ac389ysBmNZz#VNqz_~;wFUXK~o8i__dW~~amETZyUar;biw+cIvMn&ZbpT|E)KKxvw3)PS)eYs{ zNo>NskS7g%-2$UjU*!GZs6^_@7lQhQ=%y!Cwzm*$LQQfN9{5ejI7N!~e8lePhdW+E`l#>L5@HWGLCmww@lxWa;8g!kL7?I>`vot`U};WK6fY7!Z6ebh z$JVytjQ+=IW|5f807@DM^B2Usl_jr`2GdQ(%LYs{f>y%#YRu5|eB36&_9RCVMwZBw ziPA#3=p_%LblLE6p+TK@W0&f1skF%Eb7!-+Xy-|_s3;eV@zB!653HPveaXw7ld^F& z^t%ClLvoqu{lcD~i(}?)tc=j8bf1qOwpV>-eU(O%Q}Z%n))L&f8>RO;bBZKEb5L{S z1g66Vj+0I?i^>E`1pPRn;S2Pq~4T-?NYyF9VT-!1Ut_CGbZ zhcb!&RDyV9)I`{5z%wJ%Xg5*_Vi+=(oF>MN>%S6iC!}nw(TG7x9+9T$&em3YIcP*$ zpmAg?faoMt*^gG6AAZiLZj7zZD{bB{oT)HjKN~A|555&X-#hwvd1n(|hW_i|>K^zV zw_x$pJCx0!kEjfPAZ51As+$y>L;qEi#J5T#Y3iFig*`m;y)!OOBi1PETCvcej9sF; zKFpIET;@^O9vjAKX7Pe2BORTQIJRf3Y;D{_=Ai1X?>#Ex@}P)jH1EQK98Sr-OP=MW zfH@r_MOG;N15885RZB1^MO3P(b!AkNN`08Ro!P`x`T+6MIt$l9SNRm%iFtZh{VF&g zDLrkg|3bRm;>4=ec!4SS67(LOdNm!|>mH*bwu1ABV^oLxhnB>0*A&-ppC=c+4(<#3 zYRT)GY4lh|0sHCS=9<#FYcmWJ>x=@UR5cea3)#^xS9RfNh;cpwn=TnvT}{=#T+?D| z7e(RY{&mQl9@_$!j=@@*)3-B*Q>+g~&RwNnH?%%_T7p8p@~l4}DBv^ET;rJq=20YeHUtc?kdA{h zq5Df21~xnzq08%Kzg@R*4cg3RssF3XZg!qytEWjMGXXkaip=-4D=0jES&zNi<%Ju9 z5ypgXdJsUVvLkI(bE0>d*r${o+hzu-l^Nwh?^;`DGG`C?$6eM;fWSSB@|+Y^nlLY$ z#nl}t;M`*T>eI7_U6^H*jOhMfhlK3&nD_*aFFG+1ma3BaNqefo0N$JdUU|G^ zk>ClLD z&aJ;1(Gf%LO)(*o(-XPaB>U7)XXB1TqA9}A03OJM9JD_V%P1-J7Y+;>e5v+8DRLV` z9s-9k%}OU|Wtiy@64#4gk2G=6?J0>4Mz@vedn*`68V&X{=D$(%ENq&=5&9m1G1x!M zD9S-xTy9(k5_I-K9u@<(u%SMY)GNdN(d5*BuM+xl3vcIGMZZetKrD0 zj+#mz*xPe4&9v*Fayq?MvhcJfTJ4iUX!5mDkhL$oKRNJZIZs>B=E9lk!+PyZ(lt;F zf-9!fYs@A7B(nApwade4m&&60m7AE+M3Ly(k5*GINXj#kwLp6+=))zp0zTO_PE?zy zvzgD7_uP`y1-VmStrN;9HX`^JxaDX!#X?tXd~fe(ELyok+g*R{Jx@wXKbT6aTl2zg z1#Iue?@w!`WwrH4SUxtg^U5AnxZpjewEjM!#nsOR{4Xlt&KZcKm{X6Clek#ODN33W zQ}lwiSU|#`sNrN{k;8WX__R4zv|tvp##_wGIr`w10T}g-JOsg5`=1QeSeLZLWd~}N z*hS(pbYU;Q({J)&&>2C|bK3mHIMiKEmR$&J2bjy*gqb#;|>73ZDj zC_`yzcLNlh3U3E$DgzYdJ1P~cI3wNz@w8LAn22XyUA@z|^}0o{QGwX*C26#M_`N~! zT^ki7layECOdQ+?;))5-Bl;Bn!u+CovsO$c?#s~rO3bI;-uD5hKbDQY@kvU$yC<-? zG3F8fw0=mb((nPMD!Z17;awUr!^;cu@BPkiez9lN&?O0<^Ai!WW?pOLP3dsSweBOb zq}~rFnB5cpr57LUvPhz1LK8u>0J{EJpP$m=@%v;9Kmrt7@XA?W^eorgc{Z9jD5WPH z|E9Aa6nG8vKRR4ilUqBDZ*jMujM?eHiE)Fc^SiB&`4y>fy&O$TE)A&PG-`UQ)s!CkOdvks^F%RF7a-nWL6Ue*L!hnP&qPZiq%hg}&xGxguc=zl?5;&=e zTARozlD&f%WxX}(&rZRSwjPHAs2F3V*ymBYWqo`aX^KB!V2Y|e?E|7hdeXY8Lha8-(#g)`}g zj`!FW6LKfchw6lfIGfzqm!Nl!_y3u6kPZ$gv+2sJwkB*mR_v*?@fUBe%S$b*Ec+a% z=WTM3K{1I#C+pzWN$=lB-D%TtoqNQq5UyeTv;{$g4$&8&)S|lJOGjRz-d|D3qo-8Q zn{8JPE8(CUPH`#mdi_9qKNJnb-SL|8MDBQrB!t1H-b_hz22&Wb9>FFV;8Btq`E-wN zU=MC;J3@IBmh{obEmc%X?chg%o=}wbD0n%yIZ+BaSe-lxuRw(IW6|tmNtoctuj10G*esCxw1dCP)oPBRA8Vx3CSv)DT{7TC?*VV;^;txr)zg{&l9APWSgsCD`SIV}kP43-Zkz*eVOF z^)LTs1@am$6ngyFp#N+_vi?VN-(;>{0~)ceviU6&qH2M&|4Nm zY+rJD|HGw1PZTQrJ{4zU_2h>{oyF{;x3yU_2dy~fXVisS zEkP=x9o-|*mbL`Mg!whC7Nvt7Lh0)q0hToNxjX`qhcbXy4(DOv@GG;&1=gzx$cT0BJX zAKJeM5AxQ@Q|2AF_p@tF^Etqv06VA5}<-$v%WXOGEV&=PviFr>+J%El2B{;2N&_r8((!uvF(vDH}8$qJuRydo~w52CLMg)y8_(`%- zi6Bh?PpRIz!FKumS&OQB;2}D_4AvF9G1TN=DSA7Rt6(|~17VN*n8F$PwDBYjG|nU; z?ych1@9Jq82ZN&8LlmD6s1tb1XHB-CHk*;4l3Pncn>Dw`O3N`J`NcEa&++&9!ge&( zwG@V>)<^|k4X#jhle@Vo8a@w<$@-0#;xs{I%njr}rO4>#9tAtZYz=`A9;l3+Q;aC# zx~AKvD&t6+jjTqOtLfQVka|oQAwq4>h7-(@AF))__OkPvEf^d z-1Buy#^K!r>-?M^R)V=Pi@v99vgM2uU1|`*b2`tJP^U=;s!iUr|9sdb9aae8OSbC% zj7UTizRWi7op?HWX@bW3>9g=V<7kx9e6!H?w5K6mt&1XC$ik87U)ZV*n5%V=#63)t z!o=yXUSR{O2(&2uu7KkLirW|JKHAO1s z?PNy*IQa+v%SCnlN$A!=^?w|;TMo5an8oe9VJtxd}J(bA=jtHQIKT=X+)T@5RAZgEj)^bV1Z-otfUo2~b7^!`B{2U-OM{3)OrgBK<147Ec^xV=>;^x?iK z%*DyWy{16ckH~;4(8fJb`@Hy)>-hsm_=(=b&TNP9jWpV;SI1z&jC~u+*ZOa>n;{iI zbQV8R!m0)oa%{tZsVs#^T8P*_KsK|jz?&~=cEnk-dzCifr&HxzuUp=s8BGkSWU}dH zhGn!X+)wq==x6A*=nm;kzn+)*>P2z0!gthaR&_MKID&|S}n5e}is zL_W|QXYK|yn)%d`aw;CblS}w5q|=6;BGV(}*WyqVKPQM3Tn)d7(ihg*30Xx}z7H|U zu9x+D6rZFvw3^gPl)Tp{o%{f zs}W{s*^j>;cPa;B zZpOcVSk2jyhEz_c(_1bTnaS(=Y%UkNTY0a(F!DVWgEo>3$HWgwDcI)M&2?C#jrJqQ zjuc12ibnE#a9tRh4o1^Ewo@td6IjI1{q)KQl4dr~^hNc(0bRIH7}7A(!kWSaEzWBU zf7Pv$p3(@2#zZxCBQ8nfF0`H4_EezkMzr>PO)C(-d=~t3a-PjJ{?siP9ydd1ocjLfA;7ZdW~qg)!WfqDg=$_#vNByhA5!YEr0UY(+I>O<0veR*)(7P4q&l~f(2;~y2Mo~xOI z<@u;-Sgz&$`m@WC%U-u))Tcq#$FV06nbjU^5E)&Btt;8aH9R=23|vo$n2it$DUV=h zx`vcfSCjACBaqe5${5WL?-<8>wfI80^q{{dLfUC>U}uP+8@VFK-0>W5eiV%WCkZ+B zzGxZ`6UYVN6z?0sQDW!o!d4cK1eiMrdeOP`b~#1`fx!?GL>($rV>7pS*=FF?@kwTV zpd$lYmw&2PdS@rgh&$0jmh`EyoXT)J?TWK*TRQM-@&jIX;w+Vf)70-nc00&Pw3V>j zTS}Oh=Rz6qp!uzH@g%P*vL@(FHU+yIV&ClGOhCScTJaG;d{(RpkY0Z+V|*`1A{dDN z*W|3-mNqHp7g+!z9zS(`%qzZVDCwZtMNJvoWj^cCkHft#)+vq8f?4)X8{^D3elN#7 zuQ(FdLjsXI@H-LH=bhS~&IJ>d4WR;K;<{TUs3AoBynU}ywC#+Bd5lJo5$7qe34Cfx zTR<|!gzD|)oN^3rUA1^M9(GS?Uy;e7Z)C&gccJY|;9f!t-|m?RGT27*AP%C85p}*b zRqhNi3fHe&TWgF7inWDsJR{^<*Dbk|IqDzKVmlgzi);ckLM+9o)Q6#7*wMSY%?2qu zk%Rjq6&u!)N$VRT4i>Abv0)lr1%LQG=0Es!zoXkLAXJ`q<&HW#w|1bKV z@&B^^nFtt}*cmwf^YVYA{~1{r{;>WZF~|QK{Xg~3L|*#}i7pb%Eers-Z!3HE`kJZt z_jZjG*dbI$&ni)$@48H;IL&VbZ3F-fjEs!U&CwoC3~_30U`7q)40Z>g zo}M)Y2sJ!yM}`APBQ3podk6p-Pdj=iV+q7?4=@^#6;OfqOkfItdJCU#esU;n2jc9B z9ArI3V=b^~M@8iNj2DY$dOY1@V?Y1H3c}Fr^oa|z>&5~Q-@!b(d^T0RU{}}=17ML? zpOT%KlmZH1ZUq!?8gB$Jy3yXnNDH9s+5$iv&oTRp-Y|O~3C@U2Yk=Yx)DVzS2+89K+ZVR^Q=X#TcC2%10_yDI3ak?Fll+}y-GfCxXc76re1>8YSQ&h(O3mgL@#pagau9k@ zIxwQDyti7;{m`+0;eTRgZDs!y70{58P?10D74-}>)`4++30$<2Cb5OnR%K&sYkv*Z zc?^8e=CJ*p{uzCPMLXHq)BO3({X&9xGC%Gl8L{|8twr3~iDhH>oe0p^5Y$T2Q6~EerFoSb`L29TfD4^*BH`V!EaO73rX?aico1v5c3IMh@ zK$!@?Dh~<#!=nlhZWa%}=^Q`BT>Zd>RN<6#?U-pyt%wZGj2_Thkw0%z z5t`kBN7tt3g6{ledQz&hGpkpAP%<@FGd}6qdIyJc6sDH@`#?!Z-`R@U&_4M*ObN^Y zkO2;FS?7k2qkFP{(!+MFk9RIx8(!VlHr9Zp1D0h8@S&AvH?TYZBF{cmE8*(!^XmRk zy}Ci=q$BGa8eD#|e%VEVe#f~`YAJC6yy#uFiht9+YmqB{tywPGQBMs{FRvd|d&%r! z9$jVac!r+;JY_%PD@1juYfbcE=Dp)%e4RMt#e_7E{D|%G$y)gPqWhn>ru@XKvqxyP z1xcgOX2neX^qrDq+PgMy3c$%j6q*?Z~#y@S?chdSr?Xbn|5S9GIcRh90r_hd$ zLH722iGg@h@B4v#ft}vO14d(Mj!UjfHvLrM|74*x{%K*ZulwU=YJBN4*IP~W{Ugxe0E}^E{X=Pb0Kl*wghP8N{axNS38(M;4nFp6I=!}u_$Zg%Dq-U6 z+V~;#r0)<2YV}3uA zN70m&aya)O16N18OaedL@ZG%pS?>6`E-Yb>eM)^IAn8Mp zom8vR{|l8%oD~F-$L2-Zv%T;RH^B4~>G+hc(AsWD1iw;c8Tf=SX}&I-jNe~A3> z5ygy?GrcaGPz=WBn}4Q5d8Zlu)Zr9R6?dT0!!RHO{CGCpjYlAB7zB(gY}M&FRM?t1 zQe7_K0><>sm+ig}r(KDM2o_eO63VR|af~dSR*!h|@LfJR&V&F!sOh%!6G6V+vYPa; ziD7fpI({Flu`Gs8FQFp&_;AV1RB4aM1s9Y9UA2%aPQCG)lo_K;qCUUUI__Y`&vYx5 zoz=o&#qiT~*pmAf2-9n*8$(XmAblP_~J>s9c23VyQMJ;T-Lb&dzz93^EbPoF@UUa%;}mprfI6A#|S8BD_>$4Ky%gq^Zy`~_GHw^a~r zOVQ}$l{YaR74=QZr}f(HGM0_ybcZ#@ldsHV=^Q&B9RO`om z=7KQiY$A@>iiY+n_G-*9cJ|Or%i+W{r*B2lDkFa+mJpwmhce4%?TOLuZP(-UW?dn>dpe3_XMHiuBqpyi|)W0{5zgXFlS5S3I}3i}{irXi#?3&%9HIEvSd zT%5X)fy#l5bU?S|i&C`}%bSHJ1&<-#lgH};r8Lq|w9Sn`VyoH}5N z4ra}0vh(rK*jP%>ymm+^$0KOgBQoTPtqrbY;X8E3l2XbZ*o1WHxd{Sm2u0@C5%gD`|k zQyV}+<}D?$nN-*(eSFqmT^Gb_sL`A*pbg%;`j+|QV{Rqz_oi}y?GX|$Lp3&C{_SNM zSAYzrUl`9{e&6g|JC1tqExaue2bm1otcxZp zk*{ODu^U;EosX2(P6C+dA+@Wz^4;C-ekt=SVaBH@w4{ny2M^Y}WL(hTr9(AeHE&*g zu8@>$w3_&`5ab|&p~AKhJxIBNG`(^xr*%tLwFzss2$?>PGA+NMI6RZbVJdDNFj#=4 zEsoXd4Lkb|EYG50>Vy8~Hxp=t>;Qbiyh^_0q_pq^*7%39KF7IfT3uIAPG!F>>AGf? zf58ZPpPCMLgrvV-wqeJTtZA|Q6d~V&n{u53r`uFt0bS5b89sR+AoFPS$>SXdR+j6s z>PO>bO-WP4Wgs9*0-9I-*)cwKJg~kzW_qTN9ZkbaElgC3qY$|vi;;*wb}yHQVRq=E0ye>wE^oTGCZ%Ftm`1yGvh4h5-m0 z9b~8m_c4$xHz~dN_EwXL;%%mvj0~~gqV@=d>(`+LRWNk9KBuKh@=GSK8L z4MoS@gyg?US^2I`?@Fm~VycD@f!@4oWb*7UN%oWo1gFhhpM_E7%fb6ATU}H(kYLz> zINn|<<-Z2JAc~Kc)8D*LAe-aNyY!L&<@sEedLM-wP)WCk=?8!6561}lI>a!!JgZM`nhY}Oo?htMNTF&aa3PU@Pf zmY`Lrt(jA5ZjX^rI^4aNX)mC2r#fFmOnX6zhGI~(Cxh;vjM>LSi{NI~6aCleJp{o7 znf!!!ZgKpxIO@gMUe29|F+dezZkAZYqqRIdutPRnW4THgSBAbUzaovpQ@Dn|{LIqD z^E4(gM6zCXMT!aU)Y7!TYz zTvA&4`wp>_RoaM>?5_2PovcJ9UF00jc`>%LkZvRDJ zWl4Slqj~dDPKKp;ph4+zq!7=(W&xK!^)v0_Jr;>A#h%3Gg}t7G7{}{*u%}eT zECTojKoXd!Nz*r28jKfbuuNvL(vq!FRTeo7zLoU4nag_0fkcMF_FF+Bj46HMC`_c4 z8Ac_4i}{jA-vlN|6Rv=DcaE8rfFxw~RhL9*C7_r%j#Q`=h9-alCSn zX0=@;v+>5F94bVYU%cgUsVi4-gz7Z)ON3=v3LoS(fufXj7#pVCRJuyuze@Gw{8h2T zdG{Z|XZ)KIq>`5??%%V4N%4V*De_E@5!%BmYGxN3#S0rGA+6xT=<>wE2wET?4?v=O z9`@RJaWf-S3>B(`tFgC_?P|^l(QjvQsUin-SGy5~q2P6<+rkLU>^RdY=G4BCk-$N7 zLBgr53N+(sWh_>Kp+3KUealgEzxmRZPu1m(wz6-*i`s;!IF6fC^Yx9rt=oIV*PNh> zy!Pq>P374L!K$#xG&s8~Z@P_+fMNE5lEr(N)iyJq{MWRfd3 zCB>TcI|aTgU}eEy=)s zLTnUQp=A$eRi}0Kx?mUS^#GReqI*uZ4^}(SVwVanAhbap{a1&%XIbmI4;7y|G`Ww~ z5%H#|`|}oUgzYttFg6oTWk%(^R4FC9!E6n5PDb1U?1;R;mf$|ErRcMkZRE&`;3Nl8 zvkgrud)-Hr`2fK5ehDs+L)>J#53e@KB<=&A_{8%U|E6d)M;T$28hLS=fIN#DM*Jv8 z**1621?=v0;+Ar+jbaZGYNI;*xg~n-Z~W*ueOH7ec`!vd203YDNl5Rh0l2bA2`ZV| zyL~NP^n7T;(5c+OoMj;3nQ$Zw74BVx7l({-l42Css?tw38fWnDUS`m^ z{heY4xZ#{I;C(7DTlZ*$qOzNP0;jQcm+?s032eU|w1z(FU>dcK*Shwm4J?q*Y4^2q z0ia|;pC0-&TzBm{{3k@fjvl9&&*d{gDlb_GVl&GezhL75k%;Qxu*AjfcV6@SQ_hE) z%~HeIKE0_>f#(iU!BAxwf|Kg7fZk+fH~qq@h(rMHZVvb~kw~lvjPyDPQTFj75uKcs*6j z{{00k=gu7_Cv(Yl3Jy=-g7IBtv(C3Tsf+nyzcU#}z8koOefmBZF_!6h#bPYjSx4{> zl__OVrFc2sc3xB70=^h`Q= zs2pl*&ws_&z2b>dCqlcXHE#m=3gs71zpE)U)}(e#t1;3=dY_%05Mk!MaOJ?6wQ^%y zxZSrFV3~jM$t!OIPmJi>8-*+Y{&t{YMd&V`EQ2&Lb1D>?6M|bQ* ze4H9nLZn_a+odQBiy={D27 zoPMNv4J}{weJvb!>|r<~bh7gN;!e?yOyp;eaU7O0%U#2ZVINC0$^@_MjMU2z^(pQM zhCLTv=GFG*N>#E2o~f2{KLAPL2v3P3^po>}VZ<}C*aHCS5M=?_W{I5*JU1S=C8Tqq z-0ad#Jxqa@i4acBUnKeJ*vG@5 zT3zYh)sNvwwM6N^Bd2~Y`}Wo6;=09^)l0~Ee*8rzHbViMDs!d=D3TM^utiEFH{{p*0 zaX}Um!A5_&4|@3It(6!|z1sm9xR<2VP)=Gb-lDJxSA^s5L#ph3VD z_8MAdLaC3|TzDq|RuWAfIpuX+Vti%-fh&YwINkE&!jN}n9@@GTJTh;)YYT`ra8SEb zBEv-Y2}cpSC5XV+_=ux>?B`CHKukwz%x8 z-1-DJVvn&vm7n!}FjZI#LQMogI~WgV#d{a3Vwtm2PsD~~FlEtIPOWM_6b$I|0qr0i z-u5@~m2DVv=Z44TGTcb9dSR)%<(QOC&w+)k3!7KWQ6iSIFs`L4T!I9Fn`rJ?bay>| ziuYoN%C-25 z;iD0aPw{g3(9?`gprq3kfrRlJMqZyh7HX#rZ!Xl zB1NRVXh5@lAwBUV@ZoYNo#Jx9+ka4mO8iGIsE=j;?Fc)fIfB;HnDvN4Sh^Lp zbHuttS*#=e+S@}-4C+yOHJeSVQ1dHUx#}sPf@jG70CQ!Fe{i0FO&j zsr9|7NEmxHa<}M5;=t7kt1>MsXy~B7z-obD1h?Drs;^2Vw^?C&H0JA#aBmt8xX2(W z6tMA}X>w&`m}#oM#KapALQi}=C@B*38}To3K-RRf6d>^V+2^?8ZnuUQ^!K%3(rS|p zoN3a@q{z^BL%=I(&)sXAou6yT+iqqDHPO-qUYUevCWcOFoY8lc0>YUfSq}-@f-BI~ zQu{h7)jwBtwv}EwDa&SsplEkmNkrpQAxoz-n1GmNv0Bt%?Sy%4zn!B)3BPSi1DhG% z9yXukPgSF_*KMx@hvUipj@ZZeSEJsD=A&~wB5vyWZ>XoRIH`*D{uc1L#v;G6=SrV= zcyfQ&-aKn8Yin6-xs7Imm51zxhj@N~O|Md>E0HByxS*L#o&+b%kk0ou=Vbut@7A$VQ3?So3yG7obu1-h*2d z4IYC*mG)@z3+Uq3rnod`*jZmk3|;)EV;4`4+d8)L-D2N{iqfuDe?#S7YVr^0?LN&* zl+WR$xo^)Sx8vS^hLJLo*f394_$4GDq#xUrkf>h&I#x{Vv!pv@-<_IFD~Z^shG~94 z9urJNbzn!vh_A}r8B9s(aWINZ%6paQiy;P`Pa9jdCIAmaR7WQAs$9(#kF8&VgLDwV zXuNLlGoW!GSkz$0v~3s&>D#NXv@v8ahYr0Hx1+a-pkWyj1_({UQ@~e|=jtVW^;t&b zxb+S)o5JSI$$e>ivf$NnqoaxyW&)En@wb`;h8f$8pYaG6I8NjyQ-k52AD_{&$3`xOjpR%|fR7BwXOC7+Ka<5g$)Du|i4pf;_W zLr>;`Hc7piw*1kT1OR2A7xC^x+hCe-oJGNO8yibHMP#|{tJ|aX;UqZR0nc|n@H-Vn z_k!-*x43wc;ai4<5I|r$S`uWFAh-FofD+7#c4RRvbF8E)Atc5A+g#@)JE{EkVXROeg!@5+@^|K{?y7v$BKdjrXJM z7ITpmexQYAqcM;*yw)0Hw|>^Fj2v1=IB>}iIfN*&KEsDM7NSpfP*dUOf;2a%U1$*0 zh~~KJj@`NzB;79}3#`Gf_$|;p`OQX~;AtGQ^T4K9TnyNUnHja~Nx$~m(4!YukyYRC+$5+IJNlU`N&y2kcOW`Auv zMAm~IW_Q4x(qi$D9 z6tOMBT&wL_tJmo(IDGk;0Kj<1!7a1~o^qicSmb{X5$Y|b*6`PBS-2~kwQ@Cj=}Z9I zlY+oO^J*Ir`tolPEpXu#Iu?zqh^ci{&&BrhH60B8rC-CioRzJ^Z8@v?4j_SI%HjAA zX8pZ|wh5$K>0U64qa#CX#}dp9eR5zDkqov2Yh#z6;g(Wo!Sr4x-GexuYy*A!`nm*r zH1^4Po@-H%#Cy`FPvVSOTNLhGbt@MniUU$zY)>(l2roVR8zr6!iHrSK_!>N zqEVQ{xgO~z-I^h071!3mOJ*4H*|^ zF}v}n7kBb#8c6;VtPQDxU4B1pbA;P&f(qGs)A4JMYGp}QyH{O25Pc|Qo_dm~V(0Cs zjWe=mLL;+yl&sAe!3gGUu6B|4GxjcIXwrM-gnjy-Noss=w^e9uhx22I`mOLg4aWLS zlp)&@%8z`5(KxvnzT(f??9t}sL@;7#+Nmdh%P&;7>KD_UqLew!jgP0Vq)1A(L22fY&^obD50*!j=P_ zWM;jxBcvxNFxG(BM5LJ@m*sV?FJ^x5H30U@(4gW{fsZ2_l;9p1wS znQ!y7XYpoq1^h=`aADVs?~Yap`a3d37xksETp=tla5>BHkA-ot6~wQg+g*$M=WYf;}r>z=2CxHo#`*e>e7q9y^S}d^`rz z?!gue)W`^WaoINJ3tJG61JtY)W&#VUiMJsclD-SOR9L;loce#B4`Ut8(R5n{Xr-;s z)Mn#Xy0KplAOgzv4rMQfAo{eCHMpZMqYMw6gHw>LQX!3rQxsQJ=#(r|@M)#CoP4Xm zAWu9|dj-A>jcFV$t&dB`qj<^N2QDJohyPUY4APcG9 zonA-}8rf+Nr!Q{-5h2G@CAQOCU-p;?ft||ZfbQKoSlj2pj%JucBHp{^!9pQKX6!u# z@(s3yA`W~bX;!s#cN1_&g@Uh$q`J5<8;&NzR2_lWE|M(ngM&=#r8!2NOP-Be03=nf z$*J(G!KwA+j&YAn%%w@uCb!fd7U-es$&jv#eJJ6vK+(!mLQWkpxSE12z_NewWLrd* zOso=2G><|O+0cp5|Y z%lB*5-PQ|)ouUPmFFGFKhoYw6_N8ZPvyC|>JUmshWhb6jZ|0fS9q`C?cPk zHUlGyc({iLq?2r5oCyPsXQi5|=r!8p%I;2Y1mX7!IU$)^zzt#H1S@tGNs+w)ifMmm zQ50e@-B&eS@+X8E=vTxbk~9V|=ds2l>t|MnZ?RbQiP?v@XFtL2?@80-6+KK*Q!jENKSe^K6D7U^tI2Q$zh#he8mvxus4*fjaRJIO*TE`fR$ znE6&<$y&ZFC1ABoEngrCI)~n$murdv2_wA@IfR&5iJ*fJ+D+@ie_yiIAWe4u{`O|~ z*V(^^4GJXUONY(jVwP_&j8dAOYKhT=-akV}?1fSJ24rj*!EHIeRWuy&MrBybDaG}4l)SspZXofAkB)=K(hQ6W!cKL`a6%E2MwPr}%%VQObrJV(zV=0}G(D5MR^ z=o7h0HicPK`ZOj+WIYUZFLLJoo-)>Cwx|YWBk+sM28}E=(y(9g?Hi(cpm*yovAD@G zI{yL-frgmlSDv-RXUdgaru=;13fjL4vKAH%^}nq`ec=iwg;{5nTMSikiGG5TN5{SL zZnFPTNMa}�(H%k_q=|h#R%DS~8Q9vxYX`?Kw7+Q@hTJ}m|!3l)L z@l+yH8&XRp0+<)0v-BDM9>i{OR};&T7siCBfZ7|-f+o=LwF_`oj`fE(7w3_dO(S{8FLUb!Crj-PiCiWh#o+qX4_jz+L5|1SA^}N<2aC)aT6wZl!zB^ z15=Y5OW5WccKWWf*>q=SFxGfFgHBpfKT~(s_5>f{oU_&C>eKa z;++Hw;a`=`C33leWB2G8O$-r}lsx%sp^`^DfzH?2ERve5Gpr!wufioypOrx%r*JAC zMhOUZE$ABtr|B2H$FsS=Y1D)}(O$|geO;yM+{!vdYvYcnzM_%tpj}o-W(jSp5>%nc zD4o`MSSdIr(ULgtWSn=trdff)rd<)5_nH28JIT)#^NM3ts9>RHi8duMLsabjcdV~>j5Um=`ykW})3J_K) z?{Y3|K%Fjn?|KssWwoFp`3ac|bf=@hTe&OhbMs`x1v0cDDU@>~qi{hI9(y8mMffX-+>{T1V*=ba z#ZU@zxVgYd{84PSZ;xh%n$-b0Mq$_Y;;q(V&@q4D|7La5OJm+a|c8$VA*Dr)ej%@pck01T9Q+Ch3Kb{ zEW%ws@Lcsw92n#bdBhWpN4&1^lJUdv3PgG5K~|(n61BVwK#>qBpODi$NhrJft~Sbp zmFNrfJyr)kmb zFWj%c28msKapmN`I0Pu;Hnl5GgsiBZmj>nykLZ8Fc6 ze{i^-(hlD$30^C+(dxoh9R5X~u4C69DJt}2Q*Zr1nHL0x7wcEtu;M=?PiZrfH8a|2 zi=i=1P+uwO9sOHI{91aYAWAvmQ`muOgUp&s9NcB#!QiGTBrCK$hJfM4+_I8xqHa!M z3HtJVvRI^t588v6(`ZX$qlN72=A>hIbnMVhw8ThZwrN4h-W6d}5uiM9=U8=QGfNs6 zMz-JU!g7}r7Eaww>l0o3C{JrSD7FFa7ZQZHj#_Jt&}Mbz#14k3=%6FhTz)eBEE-|C z>KGJz+q?=GBm5W2I{+Ld)7EbQ{P3x`TeY(q zEab3^U?i(RFt=_s%26MNG*->^p`l@X-G%f_(XO*?GR##Z11#_s@a6MiiJ;&hM?nndjoRH|`X+lML_L1il-2hyr7LMC zVGP+vh~i&q3)%^qKnV_Bt#D>x8rhQfuJWI({430kTtj!(kSt~rgye@R* z14ETAv}Iz~UEUhe$UW)pMOf4Bp9Eh^*Gi5VA$uqHY%7poemxN|dhnhuZumR0i}xy` zam$dKfZ7O=JEqS?V?fIjLeuSb$IqiiHyLbEe(=fM-85ZqJA3%P~)#}+t4UK-Gcc~#laJ`5Qg ziM;p2poJ~;RdfRnE!k5i9dxjNYjVh(>g=EEgrr^d3>#*E2e>BTAN8GZ#4vgQ?hHF1 zm!rM$*dM+EucqY~^0NAsDj7`ijB7O6-k5OfhrgI8du;B3)7lhQg|yXMR(hdS$agzT zD~}T}JoV~R&`?GOSj^f}%0~oY1w-5Pv-_qoAryRDYG9HIGFH1zS$&5GOd|OjYS@#L zs|M&kbAcX7ohxEL6?yz*7`vt+xyw_3sd@^E46BPox*Gf4!p`|8*b)t8 zUe>k&$s&{Q_k;{audG^mIFRLT**ONcE<>^$M)>T;JGGJ5%hR-+s6?1XM7GcSf(eN)>G+ z6!=cpU1AuQ!5M5^8Y+ zI5{~?)XovgMXJQ=BY*3)n+yZuSeFx{;F&z0$AYJLDLy1WTeYh+7OOfO3^y0_K~{ga zy)u!lG<|(Uf9@KAbp$8H4$W;n=X4YX(oBKyeo=z#w%&uNdir>V+01%WJa?T1Fnh4l(ir=A@f|*W#)!4W;b)KJItSPKm|3wEraV z;q1E7dk!{Ooyv|+dy`Tg5OVw^G{}NZaa=?JaeT;n(Q(8uNN)4IkyoPxMW`E3^pKB~ z&`$6WZ7efHkJAJv=Y#pU2;a*NX%hrh{fZ2|4N_V@8w6i#&S(G)s{R zB@G|#0%N%)=Ed5e@}5JkX7zWuN2@?59)ekshcaAeWOg@U(Id=-w`-TL>7lsC;iu9d z$4_W?pcsMgiMtU_*-$YYc&bDikBM|po<2emdu-YE4Z@Ij9hMs`+I3@~dAIG6-zMYz zoOCi^OI}=NboPE=ol0AqQGCDW6XDC^exS8G#AqN8Ok&WzKCEeUQ%z9I@8yu*Oc2FQ zB1B?)X6?*W6AErLmpRz7Y3_pri;b>J`#RGr(XeNqs$3(J9tbCIa7r6S`c0|kl96#K zDiue>LTwN|+7{g31@H-2-wKkI3W|Z&TrQe5r!{Np{`fI}tLCb>zykG)&g3)$tuseV&=P-kYdNAVqGap_M_?sJ zaC1z;@nlQ_TBJ$+3GOdl+|fw1SY){KI(k1GWobzk+vaJOp^(DI1i3X3nU9c~dtavB^;} z>ZKH1$JC2|bOww@Hga5!`zw*opZrJ1_F_*B4LeX5Si|Hh9&sWeTK5CzcZ{XpA#dWV zE_7KsB`=0B*?xHx3O#ZA!Qi6p>@J~-^t}o{%=!Bw`ZxQ6siSNP)z9&N3l6j!ragX( z_-Xo;{8a8Ttrwm!DzbMN-)3KtXtc;JgfjJOJ%nhSw9Ka`+00dfy-^}bN4--iU)Ntw z@Awu?_##DwR5HQxT&dZKSDGRV9@?9fcY0f^#`w&ZLnLDfGdEI~tBf$-vD&f-B$PZc zAcJZFB7z6JWu52CMt}1`1kUNi_>P#vDw(~Rb$9oXjDgH6f`>G5y`)uIVX zA=j&t1N*b8o=ZdR#0j)=bCj|kEfW$LtecSNN#LG5*s3O`$?-`FgBWpIfmDYt$a#T?xv&0$;aeOl0OgEI*Q6veo)9D=q?s2_Dyw< zMG>4zyPq>Hz98S%-5I~S5YP+r52~-meB#WL#+l8&6v=tKv!qd|z`Cn#JtJLU^Mb=1 zCsP!1Xde}+C3MH1m%lpC;whF-Ys5SxV$k5VlL{BQIw8fgS<7VP<2r9Dz0WdyqO}3fHXKgIgMk8--af;i! z{a&RGZf@|`Xq$xY_K??TGzgotZOFS9mtWoFA6Z@%-5(FX612GX??n|MUi+pGfPN$78g(sE@1Vvw6;A;fJA<;JZAGb82x?Fc<_H%l^z^G>43_^et@Ll=xUzG zM(DFlv)ldSc;c{*h%WYzjx7y!&R@7eLBEkJ|Ms8z0A;vm0OY*l`f85ezRy~O^NM|{3IGXI5f@Sw zOECXX)Y+wNjO1VWucgJMwe>lavn!xGfB^Tfsj1&ZDpL!1nFf#mzLA#{SiG8-OI(Ejf04WqV`LmL3QIm6V#A*l)HD9v&VHnhjkI4BQMF zOib&12gEW}H4g_T%LX8CXPRGYSC7=Skq!9IFlzFs9-uE927#FgR0Zj6ZIOR(586=( zY7yz+@0SQH75wPfzxQy>?4F;!tI<*I_Z!~t|Jb~>@>6T&P3V2S<4(XV8dGbbgCVT# zfN{x>2t@K1)%=WOEn=+f1ls&81K9%t2?Tt5c}5=-EYU^(G%khQxsg30MM7CVI?fmD zLsjhil{?#iBlj*%?YG|iq#X35OwX?#(T_PwN;(2?8Bu%9E@EzE20pf9b^L1w5dUci z;N@qY?}>r~3IE5z^&>0u?e{n9CuQrWMQ9K(IX0&{F1LQf53Z)Z>wf?u4u5rO|xXVET9h)=oE|Fn~6Hu z*@1++!2g~KF)L7qTpgUf82`)Bx3PEdu=n|IE9O@AX1}WpFmrQcRJXTsasx_>{m*`o z3I31G0_X~00sx&rN7>Yp@i*mP2jRDw`L`KV4L=`82S{tyTKQWsfKf+YUR+X@_P-3_UmL~kO&!dv>@7eO&H*rX zb~g5cX97(Y3p+c&hZ%HM%z&PMjUIrJ!QR0YcsQ{vcKWqx2sHVwe4cK?>+Q$y!cC~Z{{^9%G5myg~e>i{yyZz}mDB54I zGA^bL&i_;iDuMeyASerue{>8K)bk$@#On1A2+Gj=PlljK-azNS75w`Zr1bm2{@25b z>Cc_?KW}k=VO3XW2OFTKl^N(=_#a#3jX_iEsmla<(lCSUpr8N!rvGmQ6n`F)|L_(O zaq#q^X9t}|dR8{(-_ynZyJ=j0|K@A@_shp$PdU&;|1bXi*arZCom6sd&G>7G42yyrkOJ; z496aqfpP5Z!Pw7jKNL97q%vi~=+5R3Ks1*I&tp`4H^321;_R-0^Q+@06@T=Wn7NrE zN*^aYCqZ!X=k|s0lf9p1Qy=++lc%_6^WLV;Lg&D3Z`z!Kt|(+|dYD)5Z|CaYv;;`a z-1wm)f^~vIB$?8g1(0ojkrJeEl7-f2SC_`4vcDxI-r{DEoKM8H;7M}@=()H{4Sj;R z{9+cHsd(w|W?F@!fj6#r1ao=H*D}bbFa{jip_Iuelb3Y!4_Z(V%rwAAK2ocF-l^~u2r9QK8OQ`y?pjEWqk4{ zU~Q~2@R+axr;9P>!pvpkQ{Ssvh&rxaVuHk6M=R8P~fcG`RZ0gjY6!$27wo7 z(5gK!2cgp`cV=EW>BW0SaYMzI+Wd~!%l;J>yfU}Zrytz}0+3n)QJQ$BpJ|47SbhpRZaL(gHj!soeh?Vr zNbOzx(NA_45qph;VbZ8ha?gHhksjOYjpr_?bki?Ljlo%+n{4u`{+7kvbJyBAW;r z{O>m$LU&Zsy3oH^A2<_E{hEwhuS8O_GGcfIK0_k$I&?T9dV`1a%eVWxw3CIb9w$_D z35X4$t;L96rg#iSU|NTN!s?)!&!AK_$bHSj9YWT;JscJ4)0h?Dftf4J@2hD7jW~QBX3|C2mOlyzVBq2L>&OmK_|2;*TP;cA z&pKos!!k997+6qFup~ZwO?xL!hp@Tq=;JpYsc!?d5k)cryEc4LZ29t1xhCtkBCc0M zloS{iU@W6DI<3`|gOv=e0v3@>k)$>u8m5+VXEqOGb7^(!@9DG68ON_JmU^cO&zFsj zM5>2X6MKNu`BO0o8Z7W5-*9!ku@i0WP#}e8LTU5zWao%;+EY9fzTbtJuW*F92VlbE zN19@;vOA}$lxOxfLc>>7+`0II&J*6OLdP{^PeR-GJT%JZdV3)u23ixES*qv2CT&`U zpRL@f%9U)-Ph#B-)WVMi z2WlR4b@i~aY<=oMJ8`?T_!4RK?()i1juU1ug)NUb^+IOkhw})R&&bj69a+Y5Wc)xt zUOu0#w2Z?S_crM^yJ09M7oldSadA01wZtm!t}2m}%vtzjuu4eewhyFiPH)&y zsRz|$l?0CAdKZmKs(W(oiwJHL$$y~Omr#gwbBjtUXik2gYQI1=j``j`Q*iu)?#GYU zMJW+0XHX73aUqy55Uxn^iu*2ku-MlI0m98?K5!5J)?_H+|auKNRlT;Qrqz%Q$!BVqK#-_Dz zI0Nj?y7P$Jk=XGNO8bV>Uoa|Y)MKq68dlL)`j1^sbJiYmb{PB2Qb}+x zG|XTw&aooxo{e{P5GvW~5j_0tAR)hJM~IVwyCnSl65Xwd3d5k(FD6B(T8j%2$XiP$ zNiV|iHP_bqoL;WY0&}>2{sHFA<{7TkubSJ}CgL&b7oyO)2vs?!_NqgYDVx1$lfbqI z)xHREa-%7{c*L7Wyg62a89jmOc=(cqJ|9P>M1T7nZiv1l>=8VqP=}9och6^`eAx=; zQ@i2O-OnffLQsaN*U=m(i2SG16iD}ZHi-oTJYOQNNKO)C5tQ?MRLQ(;E)uNm-nb6@ z#wK}sDZlaw8)qqk+ZVm8Go!0GE$$+yudUi1^j}Wkh_P=cW#&#jznJK{ND1jfAHC^X zYE9^|sW^!*(tmFPScr1a*@7_?VKB5x;CT)bUm%i9H)4MBK4^Sb&=hJOjgjM`niR-j zGZmvN;&@jvS`qujz}3c0+G!xXHOP{J6yihe&nEO~`i)cb5K!F}bxjef8?TuOZ9 zpYGqv_gB=kxnjj8|G}rsqBLbm%}d`xZiMJ}op7DZ5mo)o;F!jkBHaI$tZ#9eu68^( ztTaKUwo&Cl=s}zp!EpD^g6;#dBGAYZ?hw(>*``P^kPJ5;A|-@C%#qRt$KFvCSp)G z_0>shLd&OKny})*PMK+KzH$@+tu(@>6c6_$#dfcPt=UJ3@}*|?_cUaRMPaf1g9}lR zt6(n%3k+SdsFjrN7`%Psqgh{*0*KLLv3BsMSrMDORRr|2q;pUu$IUS@3IrVeBgY3D z#ydWU>~AM&Gh=t>qp>-+mR{n9qX7yMgpQJZWL}3~uJJzo* z*>OH9AyeRdxo|l=3q~EIWi(2Sc^sZgH<3Pp4{1hUzgv@bYYSuKqnO;6_-MiKrBx$& zYP-nuaC%!m44%ho!3+rxz6Y1<9ni!-*~m&`l4XUmttv-1*7HcK_z1qQNz$k4##Owc zCvn!N^Y#H&9&RnmBCWl(!f0X22Eg+Sw9h%?6zAwo|WyCw^YT}Em<-&gM+Q>l z?G>gNvi$T_$|fFG6kx_j?Zpn*lva70=)A2Xusq6pl#Jv&LU&d8VK1v`TeYe&8@9P>`|ZnHxE6spEbl z?`NBW<tH`X zXZci0c_4 z3BJNKQ6%9~z|)o6bQ4Sx>nUu%P_i)XcwnUqY{97K4W@W} zmj74(FBg*IHwH*9)DU<%D%+-(L(JqfN(2O5efdZAhj3mkQa**_o<_La@CK0TmCU|m z{3d3s$6enOw!Vio*$`QR?_@Gx8$US=y&lCu*bFuf5+~IU*)hvx$vnH6cl^3?MKaIg z|M3fY9jyqVG~EGX!ZTIyqjQ^@P@=R|!PN|S$V z&2>`n44FM#h^O80omHaIL&(Rzn?n6WeuDF|?SZuTw<6ncXF#<<2Gi{;$3v1+2) zb|(e#Cb7RG5VE*?vnun6T&VZFF>OVQ4EW7F5$~uFW;iJfC|Bv1P-G_xOFOo7ysUX@ z2oNbu%73o|R<(Pt4m4fe;RVds&GeZ%sYc~g#!Q+-u%`0W>}L6upDu^Nox4ZoQ6B5C z_$(_s4zn!h0_4ue1*=2^wjuE8BaCZ(Pqi?*QP%7n6?)KvJ~fslEW9tXhaq*X%SGo@ zyLY32UH2Gi)GH{upLJiwm;2=T%}%`gz(;6me=AWeosvtx2U}3lul8ci{@%}lQ;eaYN|v<166GV6@;v z_N$=K2`#EbX3hwV&JV^-raLEt=Ix9~)=p+y4U|Xr`wZ8J(|frm!u~>Hal6jDIQk(~ zUD|F7&9;UtgV}Qv(StO#hxN1nrp(Mr!z!b!)|B zo>44{HFd z*Ui-e>oJs!nV!sm2ErPfU|CpUBNs%w`Ui!)hMzr6tzqosx3LPuZE+{Zv;@RD4Sitx zYouGy1vfSF6x5?_1tWtq-q$ltD*AqB+o;84pNc<`ozi|e<}Zfk^}*z0i`;Q}J84cK zZo3f>St5<kGM^+bPUVmSP|*iln|YVonL$*{XiI`T{Pi&MS+9MAe? zylAGFwEMLp6A5*@Tx?jMdg0c}7QN2a{se zq73+qoDd^b(E5_Gd(1K89q~BB=!dnKdY$4k>|STWMMwc1aGWs1h+RYDRFEsLd@Tdp zkO!WS?E~pfas>+y_mVgtVI6|2h>|>-p93t-5Z5REY$z>ZZR1U$q~y>e z!j*)o_p|x2N8>P@xWL;2;CK^Rcjoew1gL?3RoE`K)T2>afOKj!8YEsAG${5w82`EX zpuiDBEQ(6-x_!Y2qAx8~P;tAhyc(g_OO=(=zNt5S4L=Nu6-v5pZL+V;(yQ7c=@4DS znsw5%TnrsS*DM;1YW=j`tSeXcyHGaU~M{%Ls`W5 zJoUZQv6r-8WCf~oSSemEj-xS-0viyw6_)M&4`_H6s)4f9-G+OSHYbR4R2nRcdUO@# z$?q~Km+FSo9_Gxoi4scqrnw}WTFF8Nmd~27o~uyVlVUDkUg<`PI;U2D##i#D%rmQ^ zbJjWIArdbRY^mH;CfjJE(a^xDIyNOV+8JH0*;nQ(S*e;>jxyFc=X@x&Xn-u%L$*a@ zBwQ$Qi~&x_H^IglrLQM{nGp)|glTUjS#%G!+waEzB}8@WvxG6Vr%~p>q8;^7qZr6} zCk~5(-}(hz8V2WO(>LnwV*tZ0H_YRFzHDZvuHK1=Q~5U*7-M(Ub5wK9*iLY2NjM;P zV+Zv7DU>ilc z7+TN#TsG1$*`bPvR>{DKt*9Q~;NnM@nJN19ncnmqhj5Z~waKLwM<70twRGOFLn{FJ zVUAwM$!mrpgQ)JZlJmqL4vnn2{doDn3oNUuh$+SWs5%j{vE|}T@7dG%;&M=t>wECp z;rezoY{h2rd(q7oaqO)lhy?-i7NYsf2@EMZsTWL*4z6#t(}7H5-%L@T2=A?K3QN}@ z`K^&G^M=T=LR#gpEMts;<=vMWceO|^esp}f(XZlG;a8TQyZ03aj>GV8#_`{eqg;*+ zlPDyd!5AM=NoQ1LT&^iV(OL+ka>y22aQ2nr^TumUnt}_f|A3VJSR+Ry{_VC4c_uta z`{kJnFvBQ;Ovm`4X~Lk$&{yVydw7=CrUE+&cM18yw;8KLfEKtE!7_kCB5RKM$nqG; z`Iv$Bsn-^Ll1Abdji}-~SMu6HdHpe_;~iAw<1(dj3Ac^K;plrelINLV25%%oNQ-hR zaUmZ0i70w1ICr9E3^7`*N!{r7z4aOy#;x;H`sos%y2YI}TL_m1ibz#iWHTOUGlA$3 z$Uy2tmJ95%SHI}Bo$g_NAn8E)9;B+QhC`ztsz6&%qRsyJNd^=FUO@GXx4(?Oj!+60 zM%G)xB}(2T91_~Q$cIF(LJw;I45u2Y9WQ&lyv(Gg6otM@zmzQXMCBDOTW0W=l;c;he8zC>K%MHnJlOGqjd`*4C0=S-I8ckN+uNAta31bv&zD{#2q3Z~ zh7VF4iz60pqF`vr!k4WjU76Y3-&JuQFc<-G9F_%eZi~|@#Dw?>g&X_(=!@0TT3F0u ze+lx!nTLXx1_D6S4~lr-2J9Gj+3E+LV2gDUn$@FER8=omp=u!!B3Nq z|LfDn*LQ{$wDB8y3v|Ff|L~xxavturcprb*oG8WO82nZo;U~vVWO&&wR5^d0ubP+O zr2Mc+qX+RM2v&;3Z9lv*Y(E#ZYV2i(lQ7LB{jw?dUXDhn8J)ZIKAJ>afqN%Sxw*pM zq*mYkeNtdp^#g7k!%0DN1YJyy35K@7g2SnuL2itoHhNE60ePkomqJsk!oV9%v-DG}?f#)RDc@MJb!<*$GdA8%Mb+9Hkbl%(0zh-fA42 zx3w(UedZ5?n|tF&qxBPo-8k@;#hwj~mD2FqOX{scY#z7D=B+Go97sS$UjkeOF;bb> z?R4>F%(6eP`Awh0KC+tE27I_Sn2yycQJN2qDW_p^9osMnmR-gt#=1pJbx> zk2lwysy3xBuMF20a1idWY`i2S^of+GQj_y$Y?0{)+dhd5q=C;En@zjjqu8oj7+SyZ zZQ2Yt`4nWhd$ThvCuKe&AU$eHgA*({JV<4lm4(I+T~8Ow1}HC%lREQNtKTe;nNzu> z!F)g0nN(l&D&Hu4G-oAHsV+fk9TN3T(I@g9YseCeXEWmrV*En3y|G)1uOV?9cbd8V zE|0ZjYYKicu5aEffE0G;0!Ni7wic_9 zcp``Yw=A824uu90UY9of$ZbNT-3J5b2tF}x==V4w6TMBVYJNY^g5M`XHM~zhh9Yk2 z(g2@op7H9W*aIeFTHUUz&rs1+RxhvcVrh32dzQBtu}F;(i8VHtY{ssr+*HrCjb?-M za5f(A`BK)ewA>}CB&I;ia>6OaGceSJTM-9e$D>xyap5erpZKKeRYlrZ4NUQHPm)gM zF!Jj{Kps8eTz&eAoI2&s-~sSAB0X9_prS<&UCS*s=Il$ve?H%)K{(&}s1;)-cY8~( zh=V_Bl`W3#@98P&R3BEM`(oGarevyA{BFFzK?uaQg6Rpt2N$Pmh>rrXg zbUEE4uG-9Wa9VX!ZkhMnHwN5G5|a!$!!UO2Ug1xV)ZcPz#S#ieKQQk`N$|@hXIiXE z{5<`JE?9NWI`>JtjB48D@{d27pgVfIc9ShIsna>nlUA;uX@>WB;J zg~aXcPTDbncFZcRcvet-794z`K`a=Dxi#wrpGP!)5YlA$Cv&8JE?~<+pH48g*09Fo z^!JxTWNBrkS#gQaWSBGWw+Znokc=#7*m4;pQ?^>mA%g8|KX^)nOqq|uwLn30eK}YU zY+i@f?~5T2XihhKshfj(Jl(HA6IoVIKF?bq&X6AFLJ;ZyM6>5=VV$qdCPqH%%6i+rKHSDMR)zN;_#c*hVXe;8Eta6}H$X_Twc%pjGnD~AF`J-BnHklJE z5tZ7`$%jTYR<7BXr1yJvH}%6n80O2bGD4?($a;?F8RWKrt|jCP23J+h5sWADaktk} zE?AL6RGXfwrtPa3`0xa{ckol*p(e-j@Ck~Q%KE~q?Ha0 zRe6lr1|%11OqbyFBh>H3z~`ethNkLjBl_nzX>?-|Z6%OUieVkCK|*`ajoTvjcgpGA z`wn=yY7@IeR&`&rs||+SNdo2C{drm?(wKz2zQqdPl1eSXY~id++j?F6YIL@UM=Z&4 zex4O4D+ppovcDMY=l%w)W;#O5jq^(W$aZh!X*}+&nP7|<_Mv;@!==;U&B!~a>ZM5* z-v+cDgRcipk-eepg$Hl#+J=bG3TYE!_si{3Ib;(pH68j!7ic?ph5Yntn$|@`b>tT6 zn+9Fsm{pAB>4&7=2umt9Q-kAsbMGV4b925XX}o@YWyIMZwD=e<)BAxHu_>KvDG0|} z&_7IDo`RAqE5N5R?Njd)RMjAXO9W~TTG(d|sa{5TSz15g8F`LuSmi8yD2?BBO^m1*Jgl8z-Qx0OPfy}qF zbtrto`;_%RGThIAF-lc*aV%dxd@#f}RZ(-}4#c>SmA-Q_yI|`HG$O5p>a>aCE#Sk4 z#WJW;jUZ{~4fKfvT-lZiXMSrjCG%1sMt^mP@e^fz$-@48A--A5C$SALN-20aMKiwu zj67jo+1zwbOJn%S!-FvZg}-X30%oWkZ$w60&mAI{64?;z8U0I1A&UPe)(|uEYcXC& zIgGCza+#YHfJs+{G##d@H9#1ie&h0a~bsoPP8{$qePGC$n?n3Ju5)5 z_-ZC%{{h%*A(pH(X?KJH&FgKUj{=SNrRBDQjj~&X7HDuXABk_mO;;@-e!%HOvlLtC2!QpgN1%diQ@)MCI%Co`O zSvvc1qkDSneRp@C@*)~JeSrs|Hq)GX1W%qBA|b!L_x)gd=0E%Sio0H1C~Kmzlvth*^*!+Hl4+w% zPZ~y$K!V<$9}DjU1jRN8O76)!)A+e4F3||ZXne0w_nD^o%=<7um^zCCeZmX7e;kwj z+_EUs-nNLUXIQh>9RJQLMHS-_k0L$aca%U2NGUm`LxB(RDySv9WBinc`(FHlhO?>S zyN3)D*qbnwGMB~A0++%~j7~Rs<>!UT)aX%TTFz}RTBwGrwux$74ZRY~+?EfbO*JVS z2ozPed3|DJ{NWT&;Cc}7>$3YRnn-^64}fRYf5Y4T~)p z>t^dX2#cX9y*J9iXWx7)jy2*216q@5W^r%;S-gEyk4 z7s1P7wWevG2kIBRlADPONiq}8ZIgU}zyOM`;6&3puD45DoE(E)>vck2&bGyZW8Kp1 z1Tuy{!Jz+6O?-u01=Z zfR#$OqHMB%`eC#BE$IvrP~TjuQnuVjFxVrOQ!2kXn#7JfW$2QiS)+6H0V9R^2|LkE zQ-)~zYYZ@ZWW(cG$mcfU3Y|Naq+;PMrfZ{i%v_D{+4=0QfVz1mTLa~W2XCw~aJxF6 zmPCGE=hfTx`BQRE#hTdnIBGmAS1-#l3n3{lRC1U@Eb^5(x6J-ifF?OZdD%)L#sHb3 zh3SCPug&a3rt?Z%sqX;yQQZq;$SOr?lhX7tCi7@qxHab%eAymb^J{EKLDpKwuk*$L zw8?eVGtzb9=d573hP4-Ue=IpaY3BCVtVE9f%1x&_gdzx5A=ME3#|*-8t5Ryck(guVywIp*B9hOLr6z?;k) z^BXhQxn1x8&c@nKug3L!rRS02eXnA_rXfIUgUylKdH{&Q*j8V)nsl7zk6t#$qkJS5 zhn}9b9*2p>lBHa&z+TN&-Ht|}i&Ks+j|89Iaf!d5NIG3cQk5h*PND~+TvMuFjDrRo z{X*FMRzv9`=JyVUB`BOku`t+2^UL$pyc*_b(lA=G;&4XYO2Wbo3{k%X{=Va1#lDkY zI=7y)FfY|95i@r_v5MffWr%W_bIB`kcPNB2Ie8IdEq!QUm%y$}t@6OT zgkL*u?7KfSbhH~sT!9CaB{rV0r`JT6!v+LtC=rj;3}&laDjTw{W*^TpyA)D5pZl$e zF2QzE#VlyVtvr5JL#|qxVp6cV-5;*)1RQCoJ%||IQ z$P|m~<^=SV(kBWMvlez9`<@Fq(Pq-YaYGdEpHv@={q)N)c!ST=$3CiDAt!4Nd)4!GfI*E6?{+j=;{pz#dKx0m&ygF~XgF13?3FSnce#nP5wXr-t9xm-7 zIQG36vY`QFDKLjbaHc~Uf6oYHG4z)>*fLW=L?)dM>6I5%iK6Ln6&_D4*7M7GAF8`V z3w8BPq00Vy3(c$_9|c;rVvgC$U1ARU#mkXCrKu+vxpUCILRqA>W}dQ|t^ck3#{5<_bE9AboT*Mv) zPfsDuW4*Wa-GRBUf#J#-tfVlvG7@!`p%D3U4FsVStg2UFC;F!AXTRjkru@U5BUuU9^-hR+Tl~3x-U0w2p63Wj={< zKxsdE%She^b3U@2njLC=*bIzusUJ^a;w##kvCQ5x2_lqZj7c7F@h?TrHbtYG=_!U8 z9FN_jtaKzl?=uLCdzW>`3@24>F*ZVhcKO?(*R@Wt7$k`gIsuL`)Z#SB#t0ned1yaB zN}F+aQ?XDlbw&!#&6t(y70eBod69iuYUT{2H|GhqnnR0}Xt!X-y`*;s4z4>NdO&%1 z`Xl(M#UbQcEuhi~|JWgfMd4u!^jEybQQD$+@YMf?B~1Pt?BZ47b7essFLC>>ke~Mc zvW=YcqkF{~HZ0W`X>&3%4*!<0N&^Z*RCHPJS88>P=vw7X{{Yz)tW!^tM+F1)mGP)T z72}@?b7jqj6)Jw7lY*7y40a zzar49{d*3De+1Xi5DV3lf{Z7ULJWiNyZ6X?MPY()Doj+UderKv@?z+v)kVZR+ zEURSFsMA-{+6f~~5-K{`UXN5ugyWX6QXoJWgtq(MK0ZEqK?#S42BF{+3@$hNBg&xp zbiLoVLbal#vEEg$=M~C>M^L~!-Os`ikzZXfs{a(Ve8XAbdAbYu)q{iG8G;&$iv-Sw z?{Rx6(#){Fl+Y#p1s!zB^I!Cp>$iwx_lcC5rYC11-(IqbR$!s9R}Px+j@Q}_&eJ&5 z1t)k<)M`B zmUW))F%!*mBXhl#YoyWWlt!J&V zFVuy;j>LL(ynEk+&L3wzgaoVO@1JD_De5;PirQ!>`Z?fNm;K=Iz~w`2TczO^C@aDg zjECH<==F4darBeTjK`b6`sXU@Am_v#Iup%7P-+;KP`>pf8e35$ntLS?MC{>yKXJ3W_ZgTIOCL*&lQmZL4hTN8^RA|mFHXC`dC|^>+;iRdStY#4l2GJ3dPI_LE$5?P4N^vljHPxM>U|ACUx5B#OXO$uvg!-hBj!-7S zfeEhw?yqlp(zBm4tu3nHFu(JM<-k+9qp+Fy%yE;P{N$U}Kxkd``Jj63+dW3CAS4Udc-+Nn zd74c-F4)v7D^6nFOI}9`rrx78Y;GOI{wLB)pKMMR&Ds#Z`$44jx0n;!JHKjG0#yoI zwvzWGHObmWx_p{F7W@$Ijy~6J4x@g614spuIfYx;6mXc$oE2R>-OCBVGen=o>-jiw zDex%8?DQ|=DgD`pU&olY(o=muU{&lYqKIRpo5YN6f6c2&W<5A2*h;>4Wu5#07gtb+ zzHeEIQEfOQ{DEC~sd%(4MmOOsTY(?f2|U)g>%NLc_Gjz6f{mw_TyS0V{9D(Q0RZ)_dOXo&e980_3TIl(@09~nr>T!rrBCI?u*r)>+=ji&dXpPKul;6Dnr9Y; zdq&bF4*MX2h}+mNMS8jN-7>M*?&Peq=A+1X)%JRo6favImL44zD+I1*TTX|XyM5KB z`fmkojM5kH#k4djdl|70Ej-2<$1qoRh)o2iu&`GOkTW?>-ZAScwckeK)ZhQ?l+LLN9n)uiI73M=xsE+Zr=Uh*;ay*+T6Q)ZO6XV^T;i^@#BK2z_g z<>_7kng-7FzW$C%*Z@P0qv6-YOyj86{OgG%(l}Y}<2MiDH5%D9(g%idj$6!13@7~! z2S>JMnJ-$?W5&b`=ZDl5YWeax5-1WqJYzYU%Mgq z%s1YySgRDTvs<4*Tb&v`KJTe@QF_`$AW%5_JBD_be__X-zZgPrre_%ac)9yij!|?~ z_{VEoT(&^8@ZCeV6+AiPj_oTZi=;x8A7etQI&-g?wX&k-)kPbGe->Pt@gO;BoZFE? zolv7uUL?d1xCF>y2Z7L?*f_)!e2jH|`UI;<>-q-C(!4W<@^va-WU=hS-R(U=aGZym z;l8A%Ew{T&K-UwoTo{M98{UrSL^<^j2|`%0&o3Nw`Qt$C{uQiIBn|1%Mk)b^%3hMv zPpe9RiLZ%CZdDNq-jz8G=Q+w&rGEPqgN#Ea@26~*r}K}mSeQQ>qx^b4{}!zBlZ<{!p-%;_4?9T6MHgk_2 z*Fp`ew{03>qf2NJURp;LQl;PYRdKb?!G-4b^{nuOvKCA~4{sIryWh(k zRJSSlc+-|?s)DPO6q<5a;2&&YpFL}cDe-6s!ql*WMIerP=@%-*#bzJ!l6hXiqJpQT z;>L&~n_!F==Rho>N3TE*j____1T<4CXiC<4ryZ!Nwd@SUHXnb5hhHvQ(3A0g)b%oA ze2+L*0#k2jcJzI`GY4f=f$*})IDv7Qzl*j0TyGhM{~^xkbO*0G5RWJBhqo4_Dcj6o zx*1^DVHmpJTkYsQ;^{exxxaF+(8Z9oV^?gOHa}Xj+NwoaI_HQC5jh3MS zCtJjDvi%N2sYKMRv`!n`$_AFrO-Vf|s>?5TH#o0Sf+}G`#39~gGRNbpA$j!!dyX5W zD<{_DLtLRPMZsDaN8e{cMLL_@8E%56Py*jsemyY?Ccf^z)zcq0Td+q6y3k)zJ5B_@ z357{O!eg-bc}2+d7y)Jid+pBzAmvfy;O-uNe2nMaif1MuFvw{PO#>849&bgftL31w^~$L)G7@9@FiPdQG_Wj!<5nF{}%6Fp^Sfu!|WtZ0X(jRDlex#bmhs3ulGOtZo0I2T1u}-N^WO*JW8( z@zKz21Ef-0(?PUJx~r|jJIKqEJ+IXnHbYCb5`HD6`JLkA#X@r)%IjCs?UURT-XU_f>aw=0HB6xd)#J4|{D=HG(C=w^() zLy#^_8*be;pSEq=wr$(qZDY4>W4CSFwr$(){@;J_MV!GIoMBdE)SxmWGwRB`*SeQu zRZx_QI;($VgFmE{ysRQ8+f<#*V<-ntj(KyqRS-`TnJY{5bunqFe*Mo`7$T9U9($}y za6w8(>^GV#>GUUAL7{7WB(e&|3qDG)FI<>Tr{yMaeZ@6yZJo!|YiwBbBxJ0W9Ioz$ zn-;G0hN_Voa_pjl!#AAi#+X44R(h$*CX#!4GJa)Y^4bxvQg<2W>_?(=Hbw*DPIwen~us<=NU zu0s){5VlHNI3jW?jS)3zPnk9GG}R~qugs`rR^dCmt5VjK8OfkC^a=jRMwBBza(uZ2`Xgem{ zvaEAMF4}jK^7F3}3>mA&V0b8T7Y7Kbt+KDFdeZ%m?T^Rhlw(q=+{lc&R{9JWypUi3 z`=@;l45qJX_8d+PPqUT#-Pr=N<}~JuGVf~(Grq1Y9@dP6rKAXq7g)&rpOhHW#J;ie zLnJrUT&*IIvt;)AfV~Qa^{ZmQH&}863nYV~^>w*lDV7v~aBzxq4v7H2bXP&^s+L%u z0!`2*e3evlV%D{aful%PdgDJ9U6X0Rp5LC+zl57X6;gg;lPM}K;cUHV&%9n?dZ-cH zAT-MZRRsvI)o#1-|0baGTF<7heGr|ivtT$pDQs`KDo?8W6ZQ^Rd3p&jqc))E6h;vx z$-`lK3P$%*V2Jh{x-0ME;{$m109Mnj;~}$q%N^vYALQ zDr*6RXh~NJ&)^N6v}szEF@qI z5(d4!Uk@9tNG6me?@?E0_Pe{LB+OETTI=FMnx*b$R;Bsl8yxhSzXMeA1={}Azc*sb zv$R-gYU%hSFm)u^jzJ)6`Ih3gBlByK@JAe!yP@J|r1C4x`0H_ENy<4%*hXQw`h2~X zT93qWHU6QVK=(%a7jEJDv8+X_m4a>r<=t$Lt}EwaT6Z#{gV*H&%hrRnzF4%LA<5;` z7zXe9+JSVozskv3N%sC}Dw#nh%Nv|Mav^*lxTE>OBS=BjbDclF1$|KD))31AMkM}Y zt`!J&0S4Nt3kk|eI>H0=(rGE*0X{o~((KOlRmpX5_v^((izO8Ky2a|TKBF@y*p!X! zq{RXP@nA^(Qt*9L$7K|*0cobadvLwMB>qU3Q<4h04Sd+GM$mu}dWRil9s70~4M^(0 zm>Uo{TaM9s-`#?J=8pw2TYY#t3$0xcc2;5S=S7|lmGsjr<&fiJvqObV(}bA?|6I}W z;#5Z)IwlyR^he9qo*;MIi&>Pkhg$}=sGe;q47!mMve1KMZEkW#R<(6Tt*`zJiTNL# zqW*-NlSrBqIy{|Z5u8 zIveGNYbwJezc_z+KSTUM=l4(`yU8LmxR^Ay3|)fDa*~m*s8(cn#?HC%ik7w6uaRmKajHyB981IHKlknEB09=#d}7w4zab%kNkB0 z0j!AxB-G)rgt*;03@BEs8+M=muXWf2hxem~L!_k;&_iIWT*XdR3Lz%lXfjE#ae#w0 zkk?9@Sq|cVW53sf|)+D5~>h7xt#Q6-ApOp@^J3K)!{lvgCjZ3dQNQ*qmk z3@7TOnw{Q)orik|rK?(ZvP`?#B>yF$ytzgwtbLsD!h0?y>nw73)q}kNTig#p1dd?I zm$p!CNHia!&vz6^pby*LGoUiidvjzctjHS|hzc1Tc_joC=oj^5cZhX7Q~A8AveE52 zvZJj|&T%J@t$rCJ|G~=pEU2g}CVx;>Z-NxfO^+}~LJG`*%6Gq=yXuujDDn!8l)hz{ ze9@PA;vERvfJ~Zxj1GmY8b2l{pA8hhtB=*)aQgOUxxh z8FJS|T4CsfL%E3Ss%s0{v+d?-NE>nKv^t^kp%-UYkBg8a3qSGC^g1Mxl+?bI|Bjt} z3KwRlo-ve_)dJ47dA6h3brz{S6|P(@huPh6tB^jzB6mXqU~Zxl2A_ifCX2*%O8!@$RlbE! zEy|y?ti~!HpX^S!*I79}_vXq!TA=7zddCcZ;tD!D8snrVC%(iHd-&oYe(h)%0V_mE zg&h08!t%dYfQv~I4yRu0<>e+gFlFO*YQD92+_`72v=dO$Ht!0o7s+cl*T~)zR>rOy zpH|j%hM-?s=6{8;Dmh7FPt9>QvHTox$h(sx4(#Wk{H72m@v=#ByGUenqgw#Q4P(*7 zSs`ztFwJ|siuP5LLTOJN6e3&~19QH#M@Ljt_2La@QJO9BHRG3YR9?;PX5CPw1yj#3 zqoJD}adJxwtq_lS$pt_+l1WU6(`^93Q%&!vb{C60E>n(stM-G1uxzur~z}Z#PgLpUIJ!KRDgrZ5o*q<3J>SF$o4Q;tYT{rhCo=^R`&dwJh`QyKl;(T~$ z;&oykdDYZF`EShnk01$Ty>MxKoO45gBXLW81u)8V`0R$ISuXGRw%s}M6o=-{hh=oD&#do_s`hmJ)n!DwZmUBA zZ#2QUS*uU(^=7;r_~Kq0v&egHqy{bxIqvY`%3&~Te)Rp7PS5Jn+ey#oP_)^;g=Z86d<9H* z7{4_iDK4rM`JJo$5VxvL-~@xnCzvw6Sh=qqnvl2$9X8aU@*6^=1}FH&gxzu6;QxK! z{1LP{D-v%Idy-F%%Q)IaZWDqX$-vPoN08V@2zemV#q2o0ilHp~as#EI0W>y)`OjMa zkFMw*6Uu^G;~gV&g6QdxNmM_J{&n*$TPP1~N|l1={~v82TR~Zb}C@E#=T~7 zt0-&0GwD_uDE!Bz=tpB%ny2`G_|9cm{Esd^DguS=EE#zQZ4^Op_4zqxjG1^ibVUaZ zU=dd_{VKDg0VG+3C~M|OEj!FbqrJNFhccDLK%+$#qve%J3UE9av4x(4q`N+{QCxX} z-!xAl(K}Wa%W@3Zt26&)fE^+l0*M^AE_2BhA#&pHTF+?66AHD#T#@;8SQsydbK#Xz zeHnVv*UVM!=QjTDoR5a}gXr1}yu1JrZ!0pBcjYIf5DX&XkD9#L>%x(Ixawzc(s)(p z_h-Jye^(I+j3jjUp(O9ihVj0d>0hJZVZ$+&QYzfTTnxr!$Rj4aY)GYq=tn@3Qbc{TgGk|@pL4C&<)VR+Ppj(FT)%5HHZygC2#T@X0{uex_;B0tBbM9eW;u0s>_^{J?+>xNwb9$k`Le4BA z3aYu=L{bX?p|($bxuWc{_}B<&f?9{FAFfW)JT;s@S`c08)!_T?Hp&l}Zs)ZrKL!Ix zG9IWGn*Yl>t~?FPY5lFIaD@N)1J*_{Xfz$mw=Z7P$4^g!r?V;<|2{sECm#n5a@X}uEWdd=r8-t>5cE>3P6KF* ziRjykjA@YFx-W_-#9YSq z7F=6Z#;kqz11}Ehrx|Ud4RIt4+^vl7&@x^`o`ZA_zWkAwtxRPIvH^P9q`E02FCOLV z^%865HN`ycJ#J0VJh3%D58u8kHsiChcY{O*?vvy&Y@qf=@fM6sX05Mup_ZY0+jGS<}}su*Bz#g!&=j$w(@c7E`nTP&9UG3 zP#3G1>aK$N_L7|##A`yy+tQ6?`iyXM+%Ox&BcbfU5`;YgmhqX zLTA2tU{4<&YX6I)E?0ga0*MKC;N$9Y++65vd^pp!^C zv`=prcP>&sWT%RP`|rizcJASEMRNWBmMiwB7CQHg9h-|`X#eEahMSBR^g%XzL4l1n zBPEMhsmFA!9`!%g{XsTnnEE#?PG3$#sJHNGr|P%3tOYI@2IHK6Nzmi%I5q=w{D)kF zBBd_K(!R1$tr2A7k2e%y%-#&oL~^bb{3xQPy@Ek)N!&JZwJ@dCK{zFfkE0FTDCzJl zfyJZXG_soIvii2!FJKpbEh7~aIqnlKs`+%T7?y=Z`XN@$O;i1SK=@dkkb4}#Ba&P6->Q=(HD2F8FYM}1k zpHc+Gpqd5jL)`%#Yfd^YB$-Jje%)|ui1B~%Dp!IuHY>5zD&)9!+n|cz>#7cvjhY%q zZSN~q`j5=rJQcaeN=5a;>#>45cKr=v@WS0(*(>2H7-Mj4K>yN8<)Q#^Gq~o@lIig- zco8~7M5+*FuD1xZ?2nC3)6=8E|6nk+Ly^j-7IQ-fiM{3X^RxgtDkGd8Updx@CM@PBT2Hu+-Jzi>leOxBr#ahuLOQ4^1pCS>(v()s)g(}iMHgmo8SaL(# z`ogkduVA0TCal(~a+{w}B65IeI?8^+xshOt6#J*}&5LE|8#uF3sKiN$c{1f&jy>Hl zk@Ol;;Q?*u^i&FGXJj$D#$H6OX@Q6A&ea5;@ocC%rP)c;Ttj=P^avzSdeaT|ZI)Nb zS+7z*Pl2Km;mqP)usMBtYb^00R^#b6{W~h&)7;_eGU+HF2wNW*sMzAuyu_>Fyp)rb z+L4c(OXZ;n#l2?hgZPbi+(8B7wtwhTSc-Ky{iz$|gwSn7XG^=Snq?;gSx#-fiPHQS zI&EAXA>q#H2oJ_Q?v<%X!0+#i;B4{fTlZ**Q18$1*QCCGPM)1OH7_&QIG2y7ss6q& zPltk35&Do-$0Al>B=C$+q&k~ zG=*9-(OL>*SE?+hhsdCWJ9bZt#Nm57j((KkHF0Wf7r2EA?SN_zvuN}^=X3LFTS5Ye z#7HhhsBiYWY8H5iW@MS7AQh5?{;b5gpagWGiE{2X=?~u6Cb!^CQFS&}De$SHWhUtN1W|oB7D}Uh z#o$duC$I%zf-FHVm=c9!axX&13u0%4SHLOfS@sf>`-?f~;ka*~sR7OoCfiL{1v#gG zc2``GR6bBamLlEBZ6I3JJ7$`{7OfG{*w{B#BR@A<=1LS%_%lW&bUJE}t@gfOvXyI?$A_B{=o4m=l_ZEN*pAsBu(|4K%Ya zihN`I@eMEa(N%=rpd_HW_Gp$UT4Ry`tq?#yhs5wH7Mtx;kIIH2ckC1pp|GD*CLP}_ z%?#Pn7`WVs6{b#6{CDfXaW=Qkux`Wd!`7&%imKIjgW3U;M1+O4Q&i4M3#DtYF!~e# z{4Y@VLwR>&W~~#!{bw&K&OQ%RhNO+!IbhTcZQ`?&d%nyiEdQpiXFq48?1q z5HWivLm#4y9)V8|0{!NOfA<#;lES|{lDxHu_ARFBM4E3b*!@ID0-79?G_PBg^LM|q%vM;(d z2*6mK=f)Xk)=IL`BMxobuG#X|84`&$fIn+MzsR7F00FlP-5RE@(n_MB zw&K}#XNh>A-TcYLOGYlr8vAJ7uoIeTmO^VChhuz@C@w((IKhIZib2eijx9`Mg}W9p zb)MRVJD?M^8K?_vxGFZve@DnbR0#s$jA)=aU^6KMd+Qs^^e1gX{M1&U3 z5ugLKcSeP~L9Bqsje+c=tDN~}8QrPMbudIo*zS3`CYsFW{p-aX`>rweP0Ha#)JAH6 zMC1E)$f3nVU6;>_KDVoe!a*H@HQSbU#=3^&=?aegOb-3$OhyNx)Mb>xdP~2@ERKMv z`8#J!D@V47kn=(LoOX+QV-25u!yT;D05kWn>>+_dz z89ucMg92=OrrhB8;Q_TEd=7K3ECj!ysz(i>psQUdGBra)p9~UFG>Q?a>|}tH|MAzZ z^xhTjn9JXu;*V|47)AYFgzI~H(-1#enY`~6;N&%%P2^CEIC#VzRxs>3x7E70*@UM? ziATBAdV%H*yswvkI^+!zcDss~kf-ZwgQ~0zm>J7z`fre)mpXrNx}-+XrTRiDGn7jZ z0chZ&Ao1;W>}6QkCdTQq?ZuiOJA-~B8W3-;8?p(coF=#0;F!Jg5#)&Q%r=AVCYx&u z29@o$wUPo|&zb=M6t`J{t(sdSe6U$kN$F{)@{f^W4$eweY3Ft*jlo7M<{0(VBmJxZ z8Q*l=PfSG{d=zFug@&V|^$0>TM4ezlGPn!}v|=3fs-8!eZ4&aOK6h5wbgKFBzX)TKc3U7 z#ts@Qx_dUp9tFvAq=_=*3noWZLbc6OdBj0cN;{g0Cn#ta4eJO&83WO(2Waj3PaHi( zk}n6Kh5U4^`OPtFd`ii*lu4%)@5C6`i%irigc-lkBXO97PSV1MgjG%gTh7Z=YE>!x z@dar4$5F$+h|CS2PV@=kQ0u}JeH|Aliz&aoqkAE-(fSMuD?bltLBKRGg<4s*F`FHp zr@b?%D2K1zb{Lj*jGg40vw%_`FQHw})y%3B_rcho>FjURk3K984k{u53p4Lo!u`;N zLq+E7f@M8L2Z)Y(p+VZMQnL6Fw(JR8W^l|?X8Q!^l`=Yae*C`*8{APa!y<@&_?tHt zaMC!TGy}NjA0WvWS3)RAIft%chYE}2xV~eX9b$I0Dirh!hN_IXT&UgT9Sg%0+*7AM zppW*nF{{jfSd$ttDuEn|-YjzuMjZ`+0>I)}BI40+>AC9owsvA$>$Xg^Z%C<76g1uByV-bblXNMhddi!%po5{BvT7Dx`pc0k{; zwc36xYz+6~t%}b$p`a_xyL5Vd=yslPjuTCL!cOW@JuBSwc&M<6TR$Su=Y^5CMc6UA zF!h}&*NVWZzl|x9IHy8{^A{0oAmf@io>$s`_(ZqxKANB9= zz0vj+5+RWwm1^uH=tH-}gQN&z^0EnQy?yt-UHRA4j}?nl?iShuQw#Tna&HSd&?cr5 zIvqM0_r6$W8i<+^l}E>f+4z@gmxcr^GaE{rJZh6kRMGyGU!SpFLg z>`m&mfcY1888uvp*VZuRx<9F34%MjLN<3-Ax!?AOr&RgM@-=&BPJ0a@=38(@fb2vh z@Lz>ou^LrNB^v4T&M!tkuOOIyf9bR0=Lc#s27rY7gpaonaA*%2uYTu&%}04%gjpHYF?>Ll{&skSkk+!L==dzY^xlpXr6H zPy26?Bd7&s9slttiyj1JEw@qT+sH|Yrk1po1$<$Qk?X$7O? z$(ZISB;I<=EnBGmouU4O$t2*_C#p%>bS4S9KUF^xzP@@V2DxR)-R7`HMZ*k9SYiSW zTi_?p;0>NRFOf>HvREGbG1%DleZm9D4~#(cciM9X4KldBWvJW_hXTyCQ>h5lLFnquJN|bNU&y?W%BYsG zwqXIZQUC%v$81tR5Ji5mnZm!2_-`mjykaGux5BEj`v6SqlxG?JNtK&)f~SpW%UF?# z)k&#ikz7;T>HaSbt-;m92xwK`D)%hs1K+FL^COaVnnZ%t#X>kEap{xRti;Pp)oUPa zxNXv7#)dBDlrJ8FG)jYUPl;xQMcWq+ilT>?MkmM04w&(T%N#>bFvItctV#a z;@|@PfI}9Ak$4uu&RGZX9aXv}R+iNy=&K|v=dw zoE^A9k?G=C{fTB28sB1K93n4+`p9aVb#7*$3y1g!o`sqs_xd&1ML}Y^z$QNiOXY+V z4cL6W35?{HPB1t%m&88=52${!x(e)%Qf%6;zWAd_70qL!oRVQXyZ@3ky6oamq*$N`E7VkAS+4Rpv?LFnf;7q1?*#O0d^ueRXj3jx|ov zyLz-C>|!Z`(5gPHJo{??u}QGY{>v{L=%2hcp&5jbK)Mim7Rdv3E;Xj~kK@(mzfAap zlsu z={eq6`CTnm&={OzC?06_W76Xl4B!}X`Fq${(uJ|PEPG2EKi!Slri%rZkKlnogYey} z|BS0E5EwFJPNlEjkM?^UWTx5qE91izTBOpGxIHR>oCorj!-8dd>3U=Eun)ReDrEob- zyf0b`>Xc;OQSf4(a+3oUdm^!5`ulD`L~&oe*4;t306FCI0lnd z|3t1I8wD%h^*0PR88R&MUJ>!UT#VWTv~ zT@z6wV~ng@CM{HgpO*0DZE&iyglM*r&&Li_zD)(DAY>v^9~pO$!IUY#0@QR!oFV45 znbl24owid-?dfmEa76!KYRyJ}SYP;dwYxorPsu<3YzoNdB!_lugw< z^cFJ294FY-<@*5W0G|tk-+*`7Q#3NR)4*nUd6-oWw?CWHc_k}=0^y;9&L#Yy{)2if zHKBr0cGvcDpBeC6K}9zJv9Ls4^EgoK&enw%wGFac1-JgsEh9Cx$VPCA<`iuYGzcYi z;%=^N{5@KKYIxA6Yf0=bVl{$g$=^{Q;4b@b$33Dgqu&^_(J%W@I}3R&A2C*-Z>zWA z;rZtn!{d@oNsa{8BuMS0*=Q=>srZQ?5c!Q)6_sAN##7N{Zm|a0?EvpN6A3qfZ*m?p zH{9NweRKBefWT6odz%C0?tlf(t7^Y#m#6<<@00$CO_^s z{kuJFnTfO~cU!YM0;A7i`@-0MDirc4gSngp^9 z{vt^eG6}w@ukZnyE~=lM!z8W2kD?WJOie+cHc+Q=%}IZ`L_>o}01Q~+9@cPzO)EQV z*?>93;VRVrzqrigz`_JHBBfHy5l241xhG?A4whi3Rn1UgTf%0_$T`+4`3?;tqniPJ z=i+MGLr9~}NoVEr^A$=}*ycRb+^=70WXmmG^G#Z8`Q$94vs=kUxtMsB;3jkk{$l4K zmY|i*M<5U{Qtjj%P-{!2p{PobM(0YW38(75zmAR_J3DG$Gb_O8AX1yx;mHtv#2~f~ zGEcS*`J%Ro}sZXm;sVVatNQvY$hyTU$huA;c&9g%6bI~~aYw6lpuX^b+?Oodh zsHD3v3wG=U!>u+`E7gFT5txipp%dhwEFxVS6?#bp?_JHCN%DT8bcn_X7ao}ZZSskr zWDioz-MgXkM89V?l2$%p7ki?98#{Gr^LF91qjw|=ONr!1!$IB#v!PK2eCW0))moM3 zit}XpKbWHX?_iKS3?58Oje&mmz0i>W3l%o)swT%0L2<)l+3kD>X5!J1Pso0Ao=~PV z1&D`xJJ2{%KmIRUjj8mx1Mzi-&d+q1a;4-PhpQU7bg-Sr2DKfD2Gn;27DPZ>$ zrS~SS-xL8DX9zLLPK%IL*dTF}-};0&y&<$}i6Us)Db;sgiH5jco)?|A;W8 z;kooi^Ra$y<)0b7aoJ6({ZnX>7(+hhWSO|rvmR1X6-yK|ThanHdJ&c>Y_~)r?Nghr z%W|a_92U-Z=1IVd4h(ctpv5{|EH6d0|Wg7~<%GvYiOwgs$uFzOA`Yftgg-2;TArtqF^-Y z8sY=pY80(sACVA;dQC|Oe|)pLtzIPLD5<4-5QKUN^|jY1Be1t>pC@hvHxU{}$PV8Y z*p6INF0DfAqdFtW@T$w8_J;5M>?pw`;;ZTpi&hdWFK~=wkb2CF{EvW7b5xu%I$j53 zLIO&$^9)v;IEKiQ7CGkiy?^Zp=F59tw@X=I5Ji7hs z_n*`CBficv-7Sw)7r%Y%G-hPZu2@n+-(h>;ZiNnxEUwWS>u0%M_foOADxIDne`CLi z6z*WZf7e)-t!NX6-4}>4m}sC}p4u-djV)Mzid@+A=xua4OGms&jYs|ZuA|bR9CG4{ zGB-_YlN;^4{1+(eFaJg+KHuRZ-P1H7`yK%o^qYV}{2V~hG|1u{J(D4;z~82s)CLNw zh;EOIN%l~vZ@ge-zaNhn2WdUMn*`7E$qz*`jtpw3F#+6_SUD|{*ZcF4XYwYoqt}g$ z1~)zhmT>k#0=n9YNfh2o_r91_y6o!}Uadcq*_1{1wQCbYpOG8|azxG`O6?5x4VeGU z-8i9jhqeCPk|&HIk=(NB!)_94S5-rM+!HsII@k&f`IiYDy{wz(p3PWq46uWaS2VYU zSGef-g*$nz&Db6$9LSw-^|q6-$j7Nnvh-#)+W(9kn|m2>yq+t!02{>R1Gii|6;@z1 z*73AWdHSi(1s}wWpacT@P3unJcTEf0@6gCb9b;>$`M>doa+OBVz?jQr!Iaqz}L;eEJSTSN8 z1f6bXwlkvh+_zHdJSScP0Xf(0C2BW$!lWpygGe!5HU!gfxJyoAL8`mBy~I?yB)?NA z<(Jks{p?1#E?O9Mj%a#cS_oG+;l4F^$kCb*B^dr4_$@b1Y6WiD!WPuXay|9h z6KLEIaEdOr`>4cdkxXCT*R^`K-YrK66G>ajv@yHzv(8D|c?v@Q(mVW#S;`NPoFs1q zCxC{}%2m+;bLvvDQK};NoET0UgK?E@q#T#Y5T)hUT`f2ZXTWvfqHDLG+tGTwgj1kP z1$LoVvWGS&A$;4|MjW$j@^SsQF`5-I2nBO8HAs2{5vDQ{58*Y9W=q3gLf(+lo}qX< z^i`3tQYe#M?z!b{;YFdGFD>vU*LM(Q5~%!mc|lmHqDJOWYIpOZ$}Xp`i3HLJ;%aA| z6nOncb2oenL7ipq`(j5i=-!_oD0hTCV3&=gQ}B_%G~Dcx+25;;ySC>fUU`gL0#xUf zOXp-AOWQq=a7K1S^XO48F$>&hv>S8{g82#DKR37RqP=n2FndeX#(++K7lmz?;`I;;(1Y~;N)oN z6w^n@U3Ug$xBX?h$f=48kcdtY53(z{$b)^eie-X;XFB;Zd>c*e#KhFoK;4_36=4vb zY0B)+e8GX$Qr!5ndo+9F<}?|65YQfeyab1)e-Ek(*A1~bJH@afCu3h= zkIL8lwAlY6{}p4e7u(Bi)L_k@*nwVzNa9IA&{7^MPE|b}%{p3{>u159Rx6vDNTA(? z2H#|^QfPwXE8D)#<><$dS(n3ArFn-pwki6kTF(H&Sl)OjfoqucE4~S%=?mOs-^Dx1 zu2-)f35^KOBD7uHl7xpv9sKNczJ9Xbc^-YHBHp%oP!2#4snUfdym%lET1Kud4DUYD zMM~JHY^@h)hFU|v*ZvRz2I@ngvPpE`rA?VjK)0LO+&0pW8v+_EkT1QXg;RB!;sVU7 zFZ|z}w5jN|Jb;QxQx$wQ!Jlh?Sq{>pQ>ljqL3GyknRUGbhgmB~;@ zC6%IvB`SLzEtKfiG6P2&J=F!o7N43NMj{D+WC`kQjMUu7p5g?dt&<6)iItJDj!a24 zj4LE)A;Y8Nl+O~5(RXYMtjO%-=e`eRXl8yQln*8uXe$(ZE3Fbx4=D(I1gH8~_n*zu zGQc0$jEBMk!X$sO6Wi3r-U{}gF9&jCPz+H_xcQ7+Fb03B4F15{8m$5>No^8L;w2h4mAVShM@SL8d^_PA`zDtsGsT z{}dYOlIT)X3Ylj5k11#$h@!4Jc5|-^NBh29%_% zES$pjs3excoIcTMVCnn1ezxr3^N{EOFySDv~VXKn+(j`tKYfFDxH zZ`;AX(NLkD(v*cnmBf{W)nfMfbm05}Gk5OaSUKA{zmZ~M!lJrD2frmhB6ADaM^75v zKX1&w3=PH2D2Jcs{;;+?G(R(EzAC4`u^<1v+aF5jcN%;T45XXqqc?2S^krrv;@m(c zC;dls;J?7SY=n@3guI}P`W{2(zt6$r=*IMG^7%V{=U+4fa`uE_=4oc;82~@G@X~!5 z&_aIul^r-kFAvnvYkG?~mV9+v6bxic9~@et?rJFA@8#nDxq)VR2dFZ4Un^xS#Y-ICh!d)xeJayMEW-uCsWb!-Sx*CQ}> zTdFy*qB=D*a+1@AGLTn;)ap|k-pLG-0#j^GTz2r7thJGwCxbUypyj~6LmoGNheI_2TLvAGU96|f>t=pe%~ z_X!zPiZb`yt%s*4xRd*<`lS%kHvrDq%+lyH8Ye;u)Y*+nu6L8{Bv*2F?xuL1;{Ut#6 zW0FCBrT}C4)Ao)SQ=C*(%rmCCzOX)YaBKZd_v_7ptm9&X6cG6L(4pWX&&c%KPk84R zXi`99tTQs>UEt5{w1cr3tg|zSqswnGNO$SIfM##n6QTuBQeyWt*N#OME-sKl>Z^(=jPq|LGO%oPi`&dCIgmGo#jSvu_}d~a zuPzYz9>M%>I8LAGm%|XKA@jS#69p#uqQ4+I5Xu=rJX)XWi^JH5y^Z-hA{$P?_!mJu zUZ3eb;ux^u$LWE)vifhpZB^AT@UGtG7fwUhV#7D2PpR1};+y>B55b+U!Ki=Vt8dN^ zFc+}w%zs^3b$@dHi>>_iIOWORVt=8sk8^S^1@?G&TK$jqb7Dsg?)=rY-e-BgZRi<) zJFk8_cz*{fW@6pc3FTxKUp3D=0{1+xKz6EUMesbUa;ger~z8JnNHb4Xk-Q%GL2C8zP4falt zLidabBD(GYmeTkmhYg59+70!Ju;qu1Fu=c0fKT-;nYp!{IEf7%L!)sHQ$snv&-6$IOqdF&Y#~*hbm^ld^^( z4tr?x;1g>}?9MSHjXgulkzLk`s=;}%>?(bLLV*`wriirr#(OV}T-s$db--8Z>HSe>yxU!C z%@_0SMeFLYt7>N=*BoE!=h5N!hPC1o?_!GXrjd`($^z75u0Ub-=sb$agp+*RE+MIc z&5vOF_gIBoUZMrD?3@=YUCk-(Xnhk^=o#>BD4eh6E*L<+F#)C{M{nxbv3{Sx+fSP{ zjbxkXfK@DYVq>6bp7&(vw$yHYF!yGB8A;)o;!6{UQmOK%Z7})|3&Q2M%(*(4L+DCM zwB|WC?X^n+eliMrbA^T|OXHC|q)~zCJ62YKk_n?rxi+8=*>9%v#n|mn^*_F%iDrTw zp`PI?p+WwQq}DeT1`_6~skN&H_Pt|`QA8cS`@r@rrh#LKBu_{s79pFc15-y?%r^KQ zuXKF^M-#pwSN@#CJ3O|a7H3YUcxnEKjRQ7u#3azqcBi;L~-qA)i z!JODKZsTH3-PhSS*Oe2CkvACUe<$sN25(wAnwNaCt90nGowJh&juRc*F0D`i(yG{g z9gy_eN;P*&vz5%`J_Z%BPs)>QM%C z6oNbh(B7)?Sz_YIYD2sajF>B+she|qd1?h#LQRXQ+0>oZN5R5T5|0FvWUb4w#r19E za4TfSOf7b<89&B(r4l3Rcy;V%zypt5+%$^=5np6 zY#}dZtg(!(az9_!Ozle;(N|V_Z?w~i41k`=J!YCH<@L27?ztzM1@QCnxh_CHM8#UsX?f;v6ET^-2##n^ghvmQ5Y-}(~;C}t7j2;#JU;=mQ_)CG!- zWrL1I%vLy^ZkOA=aC=y4y;&0jlzJKRx_(eB13oiBSW=UnFQ|;M`pJj%;A!jPvJNz@ zwMdwcd?_UNALa5nDvemA>0x6`hIGAJ#<86qrj959p}^jkv0PcEptVW{)cBjN1zyh* z`dZsoL%?g@Nl-GJSUM5Rp{f0@xP<92OL|fSX#Dp#RPQ{WOR@B+AwzPAi{8&kJRX|| zTL4%8X@Dt_ozda8WFXun!ky!l_{=@Wsr#X$wYP2fXq*R4cgMso6 zETXGN>C3}_ngZN4*KOI{sg(~WUtzndv=2ZYH2hce?VA1@yIEl`booK}c8{9N4GFt(N=_ZYI9=rCCcb7M*s`#wHMY0MiMQQ#t84cos^_Y@*w@@Ga=dH z@K&$cjTe}8)13Q+{B8i+NP&GkH#EZ!kG$*O51-kVf+rl&)=Jd+v0wcE0ZKr%zo$|p zlbVBoO6jYxQ9%y<7Vb(!>GRXYIlO{$Bf&*N4O|ZjA>D52X+z>fB99UXx&Vhp$P1P) zXWEA91q5KT_+BVFVx*2j^F3cbkJNY8C01~D&o+DKke?f3^10K*ZNH%R8tn(Fn&>u!$+@ekh7Y&|x#;IJ~Sz8{2 zDuN?TL8hFfemmz+d8(F*R-tD@MMXYafT||24z31=BFQXurhi9)UK0M>i%}w_l{x8K zt89eJN#BY+8w6YFyeYm#Bx0*Ah7-SyG;ZPtmdiuGHJZmsZB1)BUm$n?gxAbO%OG#0 ziCgV@o3zsaoc~l-BvezD?N>q0ydeyak8K^F+ zvf@D5W-aw)46XRILV_#F4EAbwzMH_@zAZGmeNWKPbpl@kb#VF$lUUa(wS<#0|5*mV z$V^xoXl`#LvMg9=O-BN*=M2_cCV$Xp83cs8-$-qrBA*%rga5&4$Nq`mZs{Wg>qPS_ zKgL!hLqdpu1h2!@ITk%KUGbMvz(>kbmtgK!KTBck!+2nKU2_=>m>k@fLu!uwedCeK zz@&;kdYg~2IP7rd-)odxBBdtEK3xB_1jawQbyz7*Ha@w}i4T@Ok0<8P3ma+>EIjpS zERY$sj#Gww>rrSTVVlP;%lLIInw$X3WWo=ZceFmjS)Ufdjvc~NT*2^S?_iDvD3NX{TGckn>!sEg9&Fonl+ zb!5xxisK@%pCi^;!&A2XoMMuIZ388uJQk;FlR0?Rfy$1^@7zY_4UZvY3+;VC_RDU< zx3#rTv+TSR!m+x&OHigPnw~NgRN2=a=!hn)U(u z?ouDwr>wGzSO8HIrXS10<^zJ9*`+#0p#a;uOz7)wURtKKn5dR;kGN zt+GiKH#$8nw6Q)X%inlsUP8{PYSd-h+yd70$C}prtE426XX+IX+2_$|&i0xg?VSGp z(E*5HtO^EpHmJODs)u3G#tnF~j&So)d9;u9N~#2t1Z?;awgQgD&nVcZpB@}UFm#*; z@3P8Im`#bzA4Jt|}54f|y?T0DJ@9W!~G zqSNSUN--qzg{&q4JxZJ*jdfS#)ouIQH#6v*W1j- zW_s>rCdd4f@W&eWBKS<&1jOE)G4%|_IYxKiL0up-CH*7h*;rDI{G$g+# zrLHF~@BA3bRxHV`BMNSw|ssrVPW7 zY<71&YUS!4_P$x@X8bpMt_V2a3KeODad>tM1U*u|c1Jy?Pbo5|Bfz@1qR$<0rjjMN zb0i!UR>%sBx4Ala)Y2;G9TLpzEr7l;gAnuyi3h`LV2A0r!WOv z)^I3Eb^FqZ#-8rMH*QYdFa^=hSU5YKg$d#t$+e^{{vTTUo(Zk-u^&3sZ8A=p3e->8 zv*0zBY>X}X#!zzOjn%p~c%L|#3Rc`Ig%1rY2#L?4g1$0&=E7&^&x5w|n53#t{ljqw zgI+GOXSf|GKo%^)Oy`8d!M+eaiRV4RUMqIvT)DB^EcXwFvgwM>n=7h8RDNhR4j=2+SZkihatm-Q7aJq(D9RuUYkaW zbQ7Xd;|dn$E5oY)Z!6SW9Ba&VRXHxbRsMn%2MPJ>l6)rWQ2c+-rIsVH@)wTqLVmZs`KVhlD3L^7*K6>!kDb*smNt@p!^$clht;KL zz`Uk~;R<1{6<2F=7wrG(6$n9H5NAtD-X5al{X_k=&2HY3+O~`jMcE@;Dh_3ONG&KX zSJ@4G!Lj*RHCg1oDgAiT$!nk6tY*11&1zDfXG4skJ;-d1zeKk?)DTfK!A+oT9u~&Y z>-?riRZ!1|zqbc5D1NY`7N9s(c>?4wPPy2yU zgdJxpP3pv|0K1{F4f#x2C|Y7a0W3zYy|RMOH6C1{hM7Oz@@r2~n)i1=;od6B8>}zO%fKHgyYuov^nQW^DqNu zaa`p3X8pWzxS3-kZSbpXWO^ExjfDwA;u20`Z%_Njc}V%~;{MID!K8t(7V@$|We!8D zczv0ek6h{_RfW-Tk6*n%Sxq@@}Z;qbuPI>sKcms{YOV0lfIU2>7=BV z;k3N()67qIWm)m_2>!FMi=0XcO!a8VR*`KcVirJ7vPFdwj>^C(9UmPUPkN50gWflr zAMhEw$y(jleJzp>xcBNP#`l=LuraBcukj zQtv}mccJBiTtvM$iy0kyLc^T{!*`bXLFf%ONaFgna7Le0AN26z-WZg<>iyBMd_Bao zdgktx%v+_?tMtpY>rCEMN*QzRLlj)21JG4}a2Syq+_s3O{rhENC- zv@TEmL@tKW-qSam-;E@Lq$SHp`Gd`*8#TG}2k?jw*i63gggZ3b$6-W^-K(s_k}Yvm zj}D%YnIu0%Z3$6G_w^0AaUtdndQ1>HwoAh{hZboQV^587iFzEjD`D;LG6Es&zIBUu zx-tdF)@+%ncLy@*`P%aB6t0>IYr|z5Noq@qqh`^*I+*AiPyecvCt7+5?XWKiB+#7b zKTo1UKjK|1k%oBqKF9Nh+%*AaB6cI~6ygrLwh5IFBWo4IBs3P) z<*IOSEMSP90h=}AZpdx@;9_z+vvDuVlwo((a;Ml~BBc9cZS_rA!q1>3;QZ2!_FQ}j z(l3_+1;C1H4yM&xUR9zO9yI&6(OfC~x*=^;8H@=X-FuoxzTB<6Lhi`_!x$U`TDOF53*DdsLa7mRt7jv@yTUy#(Dt8w3;Gpx9sN6WWFp%H535%mBGwv6_es(pkvWiRbdOV-NMlK+++l8 zin@%gSvxKhu|r&BlUs?f0Y^$Ezm*-PB)i5DT|R+hi05rMH{P%(`zM(XnpaGGjxV6& zZrLM}4W_u;$t^=H-o-z%hBt=uO0NsZ>jaHD^vNoZHc|RTX$~h@`FKvHwshA=CU?Bd zhj4?#lY)S~ye`>K{?0ny^n798mA#Bo8D~v4CY4gu{l4W!BlIGLa^zb$M`~p1;4SM} zFP&$@7l1fM5hs}tSQuYN%9p=^^BvvzBlifH>wE5dJg?Uvq_^-WWpHDs2fF^ox1)b` z!Zg~_nFVuFQRc3)P#R`PkmamG$b1|Kh@k9W5n=c#f&~6)!8>Ji_+z-aqf!IEgHSf( zPl6BDBDBpq%;Ahtz>SWTQ)%19yvTSGHF<^0Lhq=v=>X~;*^RH`hyt4{zaN(1!~3ms zF12)t04}PHF$36**-u?6P3^9MfGLZLBRRrkw9m9ZY)<-k0Yoy7wUy_JfsuMwG|`SJ zvw*lbCRhk3l~%7LjIkkcj6vV+KDEIOG8o+-#>saRqT~DX9zUoRR|d%Cf&qo!#vv~~ ze$gWj3+V*=s(MWZPjok|+BPeGy{K$SQ+xlj-xjfW((^yW3k`{~0pMUYZ&^-2)H$&?x zaGAQAfY}G)%MpPNWMd)DrWzgtR!i>aT!qSnPN4d(?er5v-D(gwS>Gxc{Pw5L_6fyo z8D!5wBNM7nLLKX&GO`&7IeOyio(2P84E_NUu)hUy7O|rGnU z{~7~QiaFgvdaSUX#|3lWCqKVk)dWAjz|p0*n5$Cylb6@PNP1EuSpm5qn-KUDrMeYM z&x{2;ZI1>oGh0d-?vBsm_Me{#JL8-Q3ZGKQjF7{5s?>}z6zz_<$G-8bw`0lKbuH7n z)19-;DkiVG@UWG9z4D!&7XGc=&I|+H^mFGnSk;DJ%anB5c%H_V3<`9O@7#Vf;LP@E zIZ?R`_hX9FXQqm3W=XQKNS}&Xa`R$u>@xu8$2*vB(dUu6H_-e~l>8KZx;h19Bog1S z3EAO@L_b^GeRR(;D{Wk#FRL(@TUeZY{39g09q7_9sqh8Z;TH8z9xCu(Fu zaopj$hP@l8;;o@nl~-?pUOvw13CXRUDr2jrv&S|hofC^&`1r#e;jXe3`J6wOL4Aqf zVc2MH45%bz|L1YPyfuZ5td19-{Ppv3&a3QLO7<0M-r_zkblbDBo+i%psGy~Sura&` zKo27tk1-?Mi0J39ynOF`h#147|3_CSz0|(vU z{=B~78k*mR>`@sq{=Ks!55uCe2W}j%{4y8G1)53nrJmKS^_xyoPSpur{`O2WU}>f0 zt2QL8-^l*`uD4*D1u5Xd21#$?>nv5MfIh+`u+S=nF6z_m7p(f4zI(+)$Oh3g`@ur$ z1^SA@Q1G??SZm3*AlCrf+{lNBHVc)G-rAUBjT0I<{$Zcr%f#Qow)mxpE2A=BM4ym` zgZx{^K$j5bWp)E45%sNRefWr{4o0KoQ32PW^N$39X%%+|CSZR_jxFOC5|eVTlp9<=3ZUZ?}|o|*mgYh3!zS3#AvoIhn(CKwM@$gsU zQC79|*o{2PZj&2&*2M{)rh!IBuj1Uzp`dm|+z6NRTZ^vadQM22ITu7xS=_M#c2&Gl z+@r&j9&m|A6Vr0s!_I&36?2T_p-k&cBS9(8YNy_T_gyWODWF>{>zOUl<1f?XJH^WO zlF^4L@LXlKRxEvEmRr1A0amAb()d&u|2B7em7U48gpo?%yCd^6Qn*qE)(PEET#+Yc z)836$^r0v4cq?%_3oTOmYBdxqomutY&D{&0WF>g8V5M0<^8X4QVR9v_1?hjB!6uyh zsKq%X9)+2C|4LV*hs{6WSsbk+62w0>co<-vET;fj3i&Oe#8V-wKxtD^8a1L~R~8}+ z^)&wDhf>K8=_0(G`)D_aTw_dEAC_e;Tf`rD=uFw*r=>1TWgTql{Oc8w+cET-M|*JY zNOOklWiWfP!Ure>o4EGN55|G66{NYc2)*Q7L}+<4OCbr?oxJ?i4A6S!TmItVB$SX1(9zq9ro_xKz}ce zi<<+2ViZWz$6(5HJj8DMS;|c6=;8RsZ?=m@;=KO;kX?+*rIiG2QpX|u)(ZM%;qfycb6`=jE+zlXkm@S zF(wQ5E{hm}8Z|de4xnlZLAsSftl7Me_x>bG>tTZQ9cG_74trJ()aat1MS5jD8yUz? zfO%Bxhx-5&msJ#GUYQeHfe$Q+n+-BsL3t?46B__Go36QUYz69pBnfKEN{6FVDVGjt z>+T%qed{WTG5*x_@MW#a>c!5eDD75B{gmbm7?ssE+J)5_ovApBG4f*8Dw8oa;xWuh zZvJdv6nBc1Z-HD5%_2g9pF=$-YJX;)IcXRQAT!;IPZO&X)=b^#bqoxT%{^2$(8>L> zE_KkCbCI{1Fap>#e`P@qK(vIa)hG>Vx$q?a2*h!FW{HhoBsC_z7kxn$#Ii(Y>T*+) zwHDPY-Jh{>_9h7!mnmTAb!d5U0PaS5)YDm~ZcXVxu4@=aAJ&Ykv!qe={%G-G+i%E7 zQ<*ko2(=-z1}9IXlP~7i47CUjdaPZGlBOq+MgA}n`f`Kid9jeNvB)^RRE0%5HH48w zHNX$1L_!rApVe*lRTimYCg!4xEsnn;KHa*qJDls7RL#Zxh7iJ0$IZunu{M|MN?4g6 zXN(lTZ4glJX+zX|jO&xsBn##OU%R@gczRC4^YVnRoRqZQfPut<_0C0(Vn=}Y5clxI4|zA9c2aebtsm~^@q*Q~ zhuh+T>w#^nzJY?8G=z~Nn#?-x`Fm@?hh=5#`!oz~xND5cAe=X?`jtHtevcTD;RNp| zG=l;w#r@~{I7RR~-bA~hiGtLrYsQ(JS$fV~M@5nweTRCKspdhq^VUck5(9{wor>>a=g5#`t z+<+)*Z`C)4|LS`XFMuzZ$^)4!MixKCo+R8ReQ=}6T<0G%@K$^(X7@3twxjqvYZmu@s#CXAUrm6Bd7qMeANS_ph8QpTY+r~h($bb=0XR$tw!4^Gpa!$l&WwTs-!tY^gXK9YIUNX zJoe~JTIZ0Rho8LF8DBgM=+>c^M7PaU#WN3Fq(@@=b5Q5Lpq+nPsm_#qv&dsH^l>gA@OI$~1q>y^>g;kCtN^4l_4=MucnPbnZ> zVgIz$g$MJ@?b>fA>m_u(r2ey+l)26akIp0PB^{J1`Ag8$&(chXrcU%kgYHM*1{}8! zN?@yhzvLb!x7kk0b2u_VX*vS1Y{>P;*{82aIquLWmh0^cftELwARzv!p2-W={n#s2 z_jvYrrNMO18%VOUOjhm9>;RsyM!2`pLeg(ZBz~OV#3R4iPN(#051Km)Mw=~kf9Hd# zXVI#LH;&>Uyo9j4Ha|&Xc;0l6F82Ftk|Q1FxuL^+4-&nD|J`8jHSU>I*#xEX23=;6 z6>s}jCr8Txr)bG_C~7$(u%J3Z?fh;$4N-e!AYtkV>(a^an->!?ZHyTRb~b+ z?IxlXSZU-!pRbq;E*+DadBFHD!L)SpcE0r&o(Ozzb)|%K7?+L0 zKRNx-a%Y-czxBb74HLIkp#A!w{%%99-(6I5x-M;XO>Iyp!yoWKvdA%OSOB}Cg zHnjzD{xS|K&6AI`Dt1HtBRg8eE_MR8Tye7&_+vdEVoWZd^$X0adusrjR@+@-Fp(@z zK~iib6V?iBJsW~c7W@WAzH(QS26xVJdIA8CthkaFp#9Wh1W54UT3v-=V2EfIpq|?P zwHb0=0deFfXT{rA6;B!U;HRX=SmB;++Bc)EesrBt7P%(sJ>PorqK|#UXOiVZMU$o9 zNFTxwvOaDc_%nL=2%fwh7#z%4O4eIGBZ%kWz)vwXAdI;z(^a^7LriBW5wO%rI<`UT zb?N9F-t^mTQcPPMY4-_CM=U!SKZfnZwb7(#$&`q?!$96;u1VBRB$cHtQ}7h&x}HY5 z8aCC1JYAtFhDvxLk}O)wh0}JmaAulI&uMSAhyqx8M*Fo+z+E9-(_GzQI5bMShN1TY7B5 z0NdA)ndv$zzIa%9DO^4-XQ~57Tzwf!w(Ws=eZNH$-pC7QA2Oe1{9yIT-`tbF*n@AX z2v5Is%(vP&XSOZYLr39p78gR(4H@qedg0)=4T(xwUFrm*xQ{v!di<>Y#ix>_Tlca< zdoZrrARE%2lu76Eu7xjX9L#4;mMa11nuUJg0l`9-Dt6aJS6bV6x$Ca|*@_4 zltWyfpj@ODGEdMeUhZB+Nz%ntE;YBDc)dzVkVq%P?-STW)yT4#Fsd9{Vni|@B`~VV zd~DF2N4y0z>k_-jiovR55xvGAhnq^S@t7K^xY~MJ;N6+=A;Go5UwG-~W)i~(%~83? zRJzL+ly#~;|Aad^Fuw>P{ew+4*7#GPy zsEd7$X`R&!bITl0MZesfV*IibU-jjTqBweO2`|YXDJ#+THx^N$}xgE~~|7IiZeR!PMK~q)(C_UU3-tIMJL5 zTaxkD8%`#{@!%!E$lnL>H#xnWpopDzD>MP^G9snZsVA{7-^r4{Y)bg=VDb z3ncZIQTZ*aQok{pkV)>T6odHXO@+cx*YKW52plQuQ_8e-o;{eD4540X4RK}Y-*d=| z4X+qNO8q)np zN;=SnQ(`nW6~e1Ps_B8(5OF$kXuz_Ae!=^b!W)Y!q;*zi0h6z%C~I;rwnPxO$p{ z+QI3A>9IQSyS0Zi#{QA-mT`q45}aurA0vj1NiFU68|TEd``(V7RhzgghGUY$3&AD< z{tOhIPHzr(S+W5@`&EfC-UDtgh@gYotjH+O7Y+woT#fg2{&6kz| z>AHAuxNENZN{%@8I;($M8=WQha^2;3xIvXRTGj;`#mU`PI`W!Ghzfxz4N2DHnz;8-DX!=W~HnK~B>CGIbzk1J4Y>PX6v6#_Q2Pn^H zpfVnvbF#Qw!YQFH-Ha8yw!F?v-GiwSG&%7xi5Im+AuGX{Pmp0P-*RFx2JKxt9+br* z`+_K(C)UXI_cJ6Fua)TIl8-xRgpbXN*^E_=esmf$(4hp=mI=^3@WHa`KY9Z@PN3aG z9m(2h|;{I!u=ucAVkcV?p?>9Ter08}A7xigAm3QJtt~4{$tzvVc2|;i%AtuZ3 zP2^4TGZ*@B{6{!Q&HKizdlg?!iI-elBABl1ORav7q!gaIX^V{`?ZgxYNw#gw%AJ>= zO2t*32dlEs4jUo}(QSYWo*b2Pv0X^iDSS^W19ydL9d)By%kSm^4zz8*=_#vF@?;bK zsy05_HvkiPBHF?d1=-c+Wle3iTQ|3p=K^kxDZKBXXu9swJ#3_d96l(gdGjTqY`I)4 z56hPjj;v*GT~g;zqom%p&6r&C6h(zE74oKyiP_*_;M>6E5y2++kFOEggqHWbS$gU9 zC8mEjds?MaFRFqh+E#D>DR7@mIKsS6rEV{BPihb~of|gdvp`e3nM=tmf`fj8{Cwq5 z)Nfp=JJ*vLqVc^H;Xx}V2MnA|ci{eone2W(-2GSIe~;G7muk=bEIr%Yy^v4wA2J4uT#2=>D{7v1qWLgNL6`A z{`;^v<_%?)RmefJ#_Zjee_wgG*NFw75?O}*-L;U-@~HOK)&X8pM$yNwPd z6^LxpiAIp%zOWpRtu8Ye*CfvGF~rPVN{FYd%&;t>`3!FGxV1;Ti^9~w4tW|fcQ2XF z>3B?jOwqY=^RAWRVh?uHvlm|;l&xxVj2i+D4D~D`qYRYk)}IlVubj1Z-!1CLvX&mv zm$TO+;k;xw&*b|W9DKq(WNVgQ)_B8ABVtT>iY$cb*q(n0m=_xQi4j4k-Oc%l_%|0) zV@U*>?Dq!wEyfWJC=8`5YeksxI+b zSi7cPUZS`-jQ4V@mYOffl6osP^hwp_4#}boppe@d=0RaVX6R^St!X&b_wk|Wg{t(i za8ljrjVyb-AoSsEce9#Wd*1ax(0xN`&MKK2h52}W`o(z%zq{AuXQIits^s*Wqvw_U ztG8`WMrYn}1=-gDHf15e$$RIGgVe7`_lFXEQ&A&lMR*0-j(VRF{gK zo=#jmc?J>5#-|Uzg($ObXrDQ-E^i9%2pRm;ECR(9hB)N6i*SfuK8A>sjTg%yn!|*0 zmS9=B5xa@YN+FW)-uetaZ@Kp*Kti@mYrL?G)3nqZ+`cfu_Pt}v6PTNXj6U+J}^M-NdLt$^%-AV4rd2^8O7;WKO8@kt0 zGxR`cx3E7jvo29e?8=oLr9aHs?S2iC`WhIskMP`rDcnomzbQq{1yyPAQtn=&5?m{r zYDgB6RW)Ei&c=Fds^jK7F~6b=2&L&RU5bG@AYg~S@txia4&5o37Rxdcx;8=WnIJ!2 zG_$P+OrZK9W4_6%c(js^@6=3$Jbi9xWnz}XFElV<`6X*oDdgW;5_EOriN*7{7Dnd? z9};-6j%B{8jT6Evo+-P^7*ui-`MnrXY&Zg2Dn9e_3R8MIN_veS#>ep-7_}CjR&S;@ zjo3Z@Q%+n9iSWjdnA3Vb2Hi3?c~=TZX{Hd((Pz*>#;$~Y>HDCD|E9nyQgRs?Zd1hn z$PbC#RD*8x94T_`5(kJrr<c<(mL$xIXo2Zek(M7j;d&T8A()Hl*UM8^ z3>^}vH<)l11C((q2*)vVjKfX#_(miHHuURnc$?9ZzjvWhJ~FClpf2S`ol?2FIv2dzjPltiOe@nKlhLDna-Jf9w0_15o!Rh)S6r}| zO;Y=bn8sLhLJ~Qh54K_rDK7X}!3V-a=WRT4{DQ0<>Fh(AgW2H<)h7)9@S!UY*o?spbX^kCRqb}*m7 zLFHV~1$pdUt<6C}Zg~jOS7`6=4^lsCv1QL1?gh1vzu;dp9=Le8GfM^sL8Os4BX!%O z%=_;t7H^EdIQM8zT$oWv+_sTrI$^S*efdh#{@J>cpkaZXR)3Mhl{Y~6{>q7AZ67gO z)(j_Eqt7e~)9KeG25rFC#&-R|eK)MDpAhAO0jc&^yFA#^dD1#zLFUBYmM%*V7cIiIuGTkYUTpO*T5 z#bMCr=Sw=x^#0zAKC%NN&>bS#E}D%0+saUwD*RBvBC~OS@DXSNfo|#hxH-_%*YhMDkJ*3MQgh+t~~P--i9+ z+b6%|gs*9tO;G@R=#+)9V!CH7%HKi%m!Gv~>k}U#BF{x=?oFhhQa_Ol_Fn!-_|_qf zt6@karbK{fOT1oAi8fn9WFW37i(MJsKFcRJKhsw4<82xNgZ%J4@UksIQ1+hoS4OSX zqdA7K>Rd*3R$y32S8+?c^|lX%Njd`SolIU7aapFjgJH3TQ<Sx8aW@tZQOyKeh*kYmg;mU!{yZ3ncDim+A!;uvAkgiR`gt!YnY`xmq1 zTQk|dhOQeBgu0svbl68*USt&tkLS|oQPF!;CTgS+3HkM0Y74q4ccJ9WG)W^Ntoy+2 z&*c@RKTm;C@&T;&iKR z0%K_F3q7&&D8isOjEQXpp?|r9%dkyFX*g~?LEus0*r^-P8w5YXXsqZIo!g22Zs2s^Fs{eg*I+^^)=I2tsRJ3N7|)qZNEuQc%T5 z0`FHia08ab#p1>T#O#h}HyEwzA(Jmk@Uj5U%c>^SO`!$E9GZ~0IqPnsAQF+C)R}rS-fOT5HEjc{RDCD6AH3U zz$H2OOzHH^aBo7NhC6t^P90h0Lq$;yDQA4}HUw;qWvTGU*Ts9z6FFxeDkGiNC_mTK zPq*U$VDPUV%2yQzO$;hy!O)gN3+th!P#*7^q1$*Bi-ZnY_UFkWa|Ob* z59<5;<;-KD*)U%}j4yTzn3(OQyqTL524ulT*2Pz3FYvCnAu4pPu1qzNt%rI^ntS}7 zvq7gMK@Oh@{&WC7($~hGFFb-6Sj}Ea<)KaLzs5C((&7}4|F+~q`-IZscmate(5awn zpgOM+<$?Y+vq~>oaT&m1FrpF6YN^@q`&x$nSb0P62O#A-#O0_|^-jw)`X}8l&wZi* zLrlm26T=Za?#DV_*f)XJp6W|x1K@~$&^NKVI2{uYo+UXslqw!>O~$tsQivXvrE8?S z?Vw0_vjlQJ(6&tMGjpEWhwW%4iKrJi%qMLAxFU0#cL_<}tqrKd8Kp2jH5Y3w{7;vX zibd`HPn{h+KNzCA>>w#4Lqm}nns%S_N}%?v+6?9$f&kd^oEGXI1P6N)n_JogaengV z5YFI&9BBIx*GJ_(>$?=T<5}WPsxjRGQ``BRm#?34uwcxq*w>4SdR{p3Q`&--enfHNu=BdEe90Y>Y{zc2;~KmXIzbSzetIo_ zO?#g_Rq>xjW2G;L>xy`Ip8liji7D@8Umaa37{0Jbp2f;wkA6!XK$!PxtarSz(SSo) z`t<&??D7~481&7H-$1nRixB!)suwrtQ|Y(W2|2B5z8VWd7^Ma_St)ek&f-8xAF5$I z1t~kKnz^n1#$j(^>2`#QUb~!clw)W) z&k%Jix*b2?gcs|R9>fC54S_m4p7q*hbAuPR;2Rt>ed$`x1Q zXclBKlJ=`iLS?1GS)WzmG^$G6{~brS>QntaI=Y`c`|!ZtFkX7qQar-e&w}M(9L0zC zn&4oA7`gX|o(d__huwym02&;0zu%Qk6Oj^fc#$+xjy)}l*snfbxx9Pfk6yQ=K*n>{ zB@x^J@Q9;^%Xgq)wJHBmkYUlC8vZKALJPiu>h@|10}f|Fz+j+~VnSS+KrUE$QQSqL zSB)%2i9;s0sHFQ_3p}ZO-zFrqDJWV7>*`^<6F^n6Q!>QzugNf;zz(Z)Yd&fbn+|-g zkyV|>rL(%VRv28Lh!yT_7xG#hi+!Xo(R8FNP_l2lHWOW&(sUcuqz|wQslXK4Aw>J& z2rk$Zv%HQDP#?YQ**qT!Q&=Rk4HYNOT z=#u2ZM`sttr*oJ4Aq|GewkkjyEh6K+3N}wl$^K-(gKG)KbU}LL1IArcuytE!Vkjfx zkwc3zV2IIbV^K?K?zmV@YRHKF{@zD}ra7kCk?)UQR^#dmwax(o0RURiF?WElZuU9> zF1iJ3NqZO58k0lhgK;XZ!tm<@nl?<2Do~Lmi6tXTlQ;X~vl0MN19D+b@?sB$8?e;pzyNwD{j+5PYddznAoZ zgrLO{Xu6sPeXGE?Qk7W~KsmtwTuITbnQCXN2^82pg`5VckrYdmJ&D#iX8f4h$}+imGlVJ>y~}*k znLQrDxH0<3vs!SFz2UQfN*#&ct_OHLmrex2kv=1vQsvs%VqPj`yVmi7hEJW->7V#u zG6K7_ON)WoFJnj?&inKxPS}tQ7ujH!HY$j(>+^*{tsAi}95};EXlb2j<_o3b2!Z3%nNK&Te)&m_(`NErH2AE<7nQ& zrnuGLbQ@T2!E39YnF;Pv&)MCjZbP&_;&&+KK)$lB)l^Fctw`F{<9EXIb;{8?kVG71 zJ{w(W!PUa5-wu`qQquk>=TZ~nw~5@xHj56P&KF|<)v_}t+cBFJ3AUYWotOhz=io-- zk%I8>(f8E_TS99b>9ewtMgxIUACeZJKqCFtWBu1Z7$MC=0EVW$KJt9LZxZS|)p3}t z6$G4_(CCx#T`N8_a&VY_M z4MFSbh4*Q;IeXpwi=V}05K0o}ZqO7>o5&9TYAR`>+1OHS`_sopdKGK(bdl)>mMR4* zJe}b63O&^LcsWr0imin*XxBehZ~nfCM>UGnU(O)pgWo;;b;L6Y z+!1jAY!}rYm_K13r@u%pM9bPOufeU(A!h)7+T^Wx&+ql!tCSK_v?yXf(dHplTfCxd zm}<&taZcidF?ICk(nsp0zZ>jR-2t8ayfB%o%TWpp#i7qtoi5idcz?-Tb0;8<#~k`j zCftQr1+UARqyr8rK<2A-0xX8*PB=RN8~F=f>??Dc5Sur!eu`#}Xwes@4rm+K#%~?b zk}T{C4F8xtAX=eFou(m#L?Y0sOABWPh&HMeX?GrXL`p{qz9`^bK57N~BgU=v3MLs2 zy5V}1MRh>*5Tjr+(L3pz;ysWs&Oy_hAkIe29FYGfbDofyq_vB+J~$`zWha<$%7?JP z4kt-K3r(7f>QF0F8kNv=r(`W&FnascoUQ*I$E|~liF(&4vt5Rq_k=j>b)?b`u@n-~ z0VT z-x3i9$G}{!C6v_nE?>9cGe9dQdEy#jY>QF5oDX;g*~my|%&GQyL*I!QKP zlpu8F=Ca;95}EL!=Cm|``&~J;QGrTZhT@qpq1wMtVI@QUUhJwGG9XyeN#ZuoL)~3p zBYzHLl)pBk7uX1zpzO`fK+bx^mlfE(3TOk^u}*bT#ni-v4=({~Lp2WoGz$Kk4MP0> z^|kHX&lZ!L;%Ce;pdH@c2=y+wv|Gc0DH-uk@epxE8cFZbFd}zU`WwO(4!BI31fG(o z-;)#E65vph3KL-gHrC-#J#)Da4r_#q zFVHlCX+yW)q&$6$5^*iMb|T{BPJCrIbON4mlar+Q-N=RIkB7Zu1?Ww`BYX!zAnB!* z?U7U)N9eS$B=I1l^m0Si3FPw{x8?7bFH2U+l5s#W6zDQC^_VEADJQGl0Nuuv6FWVD zX_8}H>i1JRsDx#HT^$nQWOf)vCn6DL$E5!}Eh1IrpV_hBJHu{F^mDo_?MOE3S7r?g z<&?2yEa*i&821^#0%O(JG)NscU}h)LeE%6XJ#1KrDZ)}(0X1yQ%U$3M=!0G~I?-u_ z{xB<*Rl5h}y+7KNN*k=%{k3h|wr$(CZQHhO+qP}nwtdgP zn2A~3%`7XUqN1Xrc5mjBc--Z?SZ3%@AMa6dDYhf%rBfOaD|LMiy(#@4zD){IqDQ36 zRkDR4Bkx|RV!k^<3xUX87~~`O0#nQoZ+AiR6^`uh;bdq3^%R`qdY32!t-wlhh@!b= zGA(@;Zl{h@@YJDmywZUrn>mMFitytN5KV zGXN@+r7@#|_S63UwSkM!3Kqyw?2Q@jplxccK;*Wi6c0{i#3+cwKa{>)ZNV-vNJ_TM zBQKkPOEGszC?uh5UgOP*P|)>UtJKo-O_HlrYd!eiQ;cd;cmygj7UB@zu!_Dl?+T%q z^Ww`G@Kb|E!w=ZeV#sM zylIy1AYN!DI`!v4`KO;$d7dc?9|VJ{21~~#c2Pf#VWA3&Xe33aBPiL<;DBIn_e70Q zZG$Ww^fXE6|hwSw`G%tR%&!)jIuxSac*POPaw5 zY!V769+UfY94M6g-}yNCQ!9q;n$CFVNG(8!!?$GA=(CpbiM8pUg)^!3wVqY&G4|m| zy~g{Q-gPQI*+?&)>rigYJBgK1F-OVLpUE;l_N2W&^Fl9l3$XOuyL1k#cg251ZI2@( z?EZ7W1=KD;(9&=BKV~`P(z0Da6m}L43Q_wTjx=H2M2NAZ*)(^0EAASk=82cX3}SXd zQmZkzCkw3~gkFU|Q>(;zXug~LS$zk|5?Wbn(XN@pd!mzaY^e9<%J)g(P$?B83|089 z-ZvC%UTB(iz-KjKz(cvFtl1i$;Q*`APWAAYnAPYF-Xn6ApyjFT)Gi+1XU6#5#6CCW zjz!0SO!v=0DXe{gmrz_6{2IigK=B(t;=1lf#5j9xB;Nx1@|kUZa1<&}!fuDXvLC)^ z>m)9xkQSlrY3Auu4Qt7E$7OihSSaD1Dxo5*5NIkrRBZJ;hp7seKj%bT#yIw(gTX_Y z!LU;)*|HU&*vAC$!{D4X$bii#LX|n{4DwhRd;O1UWhH=%kHH{Vx0Q8Fzzpj2%0MhG z)?XQGijDLJD5xaf9JKV5=|5|*!}7wa6<&=*qg+zq5=)RiEe~n64+4K*bV4Ou^(qu~ z6DDSbR0R4=p2d)Uk+fGKR_7?&S%MiDovT(}m}y{HgDC7mln(LV(2GjtZX>@)di0Et zq-NoR6|NWQTNT0Xi+w2k<1!yz4kAJHmYS^^i;^3{-g?Lil?~yK0*T0izC9OQ% zwO7LkVTVc`Ua0gg!OjgViDa(&?}}1Q2a1>ccagqvitupt4e(GEd7yW;|JdwpSc!cv zy=C|~{pI7y9qmE|1yBF|q1K@x1U45GWPjlW(Nd9DG9uT2c`d zu`?t`dV2ma14$RB6nh-mcRzBH?)e(co9f(YyFsPA1Lv+7@u8&f)Dkv}(Gh{|0f)=w zndmDaHm7$gRSBGO7S!>y_G1>zE(xJ4k9(q*>a{_K>?_~WKeM`H<@Zph^DfQ7S4kdN zH*JC4+Qe7W?kbXDOY@#^ccz?4*hF=c>?$B@T7KA)VP9el;ihgeQ| za0Imcr-SXUZ|ahtlGRfI5jY*NM&^bF5Pzyq+uTCD!V186S*2N-1zjCrla*ghOiA39-@l`!BC4W; zY90jo{y%$Ax~BT~jMnNhLcRq|aJMv0jRrn4%XW4)KkeV7q@a+JR44>KMQJq!2!JIM zpz(je~DnR|P_F==#A0y9wiv=OX zK<_y)!^?{x$M(i*awl0r!siZrKsAZEW^AJnzE zwSFgsv?Qbz#4mlzec+qxKm&d+S7~%m;z>5w1Jv>Qeo)x>IAQdGz%D;>tN)$+OKAPa zh6aER9?br^chR6Js2-&8*MdC#Nrhx;fnp+KD#8IlVFFXpryi*7%VqD<^l9?tXZ#+w zsF4-;S6E$MSqW}W-{KG~ol{Z75u8_5QH6!h|B?p%_)k;*N5>hTe{g2xM9ot2PqpKl ztjn)W2pd>pY<_oaZuzJWY;Ab~=K4ph?{7oWX}o{SUuVG23;4Hc@f9ASxQ#XT@2}^} z-bpWja@|lcw*7s1{V0DUoPG2!e+G{=E`i^r=gAZER5qVbA}~ z!T!7%DuH2n)&0Fa{%Mv1eW&pK{Jk0grM5l*YnE@eXKMZJ)byP=)|SS@ke!;Fzy&*h z(j~0c360}6GU1!`&D4p3{l~w(>2rxMU~6*%4jcfu?Ni|wNBE0kEiUL22U2H2VJ=xF zM*n+b{%uj6T);LqI5G#paL4tph>EH}gTyi(W^eBR%4wgLsLrjEr|3y0{R zm|3|~3sdl&fq-N4SGi6*{~y>B3!h;Soz~ z`)KfcXMTg$Iq)@^#H;+E@G;T_T49bm%q~8|(!cZ$``jM=x*PszT7f!$jd=LZ{Eq*a z_0Iy0jX*aH`}t6Xgirqjw&4R$@x8{a|Hx=+^$@|r_9A{UJyoOl@Pk3`+rY#v0{)^W zf2;z6LMYZh-E@2-vUj9!{)i5O<3ptzdn$(TatTOUzKfvYD^pqfh#Yvwf=wX0xRU;2!*- zfzZDCivO@dXu++>#<>H2&55~+IcNK-o}fAa2mErJ`^duI(vX2Y?6WrhoWwiceXV}I zuHAo2KIu5PidX%Tb8!^a@9!-68$p0@tbaLTxBFHBcK*)6*oGn2N1xnG;Y0Pm_`+gx za1j68*7c6gEpPsP8<`TMIK2S;7yvvRyn03P8~(Zgfn)_~|5Ec28@>JaboFC+OOOti zA7H`4FP}hynrA;*Ov6cR^Cxzof8LtqznyVEE?xRxKkx5rCtq~c2bcdEfiBn8`FjVy z8-yp28$Wnp*74PVT*I*+-|pl@|G@d5zEq#WTH4vim%=i#g24Kx2gZJ_%pSfmy>0va z)-(Tn%)YNQ|9Q;*VEuL00Q&RG<#S99vc-4sm)m#>xmWZpk3}%LWBR5JL3$hLdDtP5g*(HD5c^+I~l0!fgmqTe5o`dI&o~$nNBF@HK9`hO~pRJH9m1 zIkZZnW6ibQW{;3JTcl}=*HdZU=PYWn^qJOBdr^r-8p`l&@|ycaY0ISTUZ;Eawnkqu z{oI<d9=kWv+`2;pB?JX4PT@ri2j`UILg_hdCJ)xNEuXlKaQ%>zP1pZj&HGg7zSzlPq|%UVi2t30q^n3S3# zc(K9$xwh{#!`&9`A8~gW{^o?%fw~;IY*Ca@_AXcI+{xlKIM|nDfm-prBE-@UYab#> z;4cqexG}fpLEf{5&?)NQFc>U`OX&~GX1|Iv>PAwOcpw7;n})6O6_G>q#i?tZ$E&YV zSv!GNKfKP#hcF!(H#X; zeyUr-ylCBPMr2Fr+PK6UR}B*F;5#YDsyp*E#7Y1Fo0tyt$Y=Mh`S~sh3f$9 zuyU$Y#4bI4E*|opSwQo?sG}ad;}Z}#+0k$7*|{raBgVasS%N!PHoOdKL5a1jsS6!2 zM~mzQ`*pfVg9%@5^A}_~5)!nhbYCG+FPEzUW^e(dNxThQmNF(#o8`kw92o+Nd zF@jIAUOqYmvZ}eM`jkqPY{aPrf_pu99QVC-rL@&sv=g!?O|1jrF?7la@6&5^u_Eq3 z;ay8ZsDRo+pfn=Wvk|u`_Fn5L?_~qmnW{Aa6=YCWJn*8kt)HXzR^kOJ;=-nO3q=s! zvxR*UICB`~7-$NGn)Dkn@zW{8uxAiN(oR* zYy#C4m4*-OZJCLDf;V|7ZF@~ldCZ9MIoi3wXD~Mhl;KKlqPYDE+}Fe^;x8O7Wx1Rt zP&xmYYEPhSnWZq>cDY%gb422f@@DV~M@&KcG&#gbQ}0)nM-zM8-3r{frb~cAvIdx- zq1t`ipTHkjf34aEHCFet_$ZCXU8>OsjKf&dpl$=*oYcMuaXU?)p=m5MTGpM|7tL@Q zoY0>yV>_(1e6wVZ+NBb{(y;?SR(#QW(|a?$2L;ZG3@Z>moPx}dCAxSL7g>w#=Vyq} zqDzQ=j8+@SHCTSjX$`ye>vbv3ctcO4?#}{b9j8=}*T4sS>*bjm&*-I0g`uqJS z=H{;5NukDnfJJht^+26zMl2LGr;qL3^l+x43ph|=SF9R{ATKuJ8lA#qmq+$xGt6&k zx8TLxxP{SB`M8cOsXM6LRZ7@pI(6Bz}8-3j(N}dr~@envPl#}3c3O2Y(G9MT; zs*dEi1z7Mshn=f%mxwN*z{JR1e-y?A(XH{^Hql;elNAaB<(L+i!S15NDYhB0zADAX zBL%A|Cx<(a(K@FUO9iZGDA<@G2@Qe@?=n4c6jry1O|jIWMQ&>I`TW8&om@(V zU_MPIF0x{9Ca2JN4+8oF1vE7a*n82z46YlX4-a_(|v8-RR4A z&Vg8d0mW2?a{^x2YZl&(z*Fgs7YfO=O6}NZNFr=`X+-$k3=vR|Mu~@FLtPni5Bs*B z>cj})4*qi?tH3E#U9EF%Ui`i>KzTDR;mmC!E{cyq?4MY|Pp`lUkA~7c0WOlol{Opd z(o&Cd?OA|>*MYSR9c7#jmr>s5qvQyJ&+esLQqb#6=B z;|-KvV6Js+vlrq01(x^Wk!T84@jk0Zqh6Hq>xX6|h*_atski0qI4 zx%9gEEBuVY#yI+oO2c|)n9N8xeveHvT>@?L=cKoQ@`YpN4{6F~^P2q(tq&IMS;%%5 z7)x=)-4*kk-kGf*DHZq#k39w5!KP2_^?cr3{9>T%1>>a}0#o6vz7z3Yy7vL`ZBwAFQBpD9S~T;k zwD`OkfhjcMdIda=vUwCT@F7q2CyW+jgSnYCCan@KJ6bUB z8=6l%OyqrRIo%sW$E4u*q^|&BzI(@BO7jS8#oa$saS{zd@SF_y>;s4k zr=l>LcatMEADd+eMQ)j2poj@=1$?J*>}xcZ+f>F2?`NOTnNmRaD_9`ZiN+_Q#^A9n zHN82Nozd@Yk89|2J~kk@M$fd2$tAiSG5O?ShlP%0-mp~~>%o{T$&8J{4OG9@UI>kL z2Jp-rG4h8c5fWv0`Mo0HsMZ2u{}m7ZF^CJXnx6%!7$;vFu^UP3Tr^PeocK)^%G0Sr z*qy%I*~n$5-(|rT@!{DL2^9uyhg{?e;gUndlzLl}`5_P87AIA`COKcUKD!*ToQpwf zZCfJs^p8a$3c@bSsXfwzOR6Lm@T?AR&#`>He@h556~9^z*3*pnUayi=kKo@J{eD+G zu6Zyt7dh)68BseGH(Ba61&`4{rH#JGJUud-w2q0Mlzv`!1X7e6s87-4eOfSvwF+lv z=?_Qb6&kJ>lpO8#W+llavuU~mK64yd&5cS8 z-NRB%NKvU)ZQtwltY&7}pDkEA?0=wXo|r#axE5Ro1cgahyKC*PA0BzwF8ySgfz1Dv zHfOxCXc4L$qoR2#X$E;M(A}GlR)Sx8PY92I#mK>)peEnAwelEXtS`!3j4h;i&^q|c zalWr5?AnCVT9v}fk}AJ}EfjiG4Z&gw`YchB^IAh#We~54?iUmKQ)W+P#2bDOTS8Yk z;4?f)wFK;&218Fb zY#Ki#@zFckcJa%eP5IOH;#F;LV;SNQzYqzYSG?RQpby6e-M&5_2zpS0g_xhLZ-RlH zXNaB@`&!ToU|2adHdv@9dVJ;3XTGUHb$2W07AYKl>Pc#_)JY@6{@lr{k)fBKud}a$ zL5U$aefqr`gwOVV((0$y$2n3eCTutT&Y1g`8=Y};KX>1K0d*$oHcZ@ZKH!5XoSbgN zBCx8w#$*b`T7{zd09;9Qhxgw8B5G|tjTt^V5oC`|;%Gk5LxioI?x5w+RL`kv9;*h2 zG-AJwc4aLqcmYO-H|xEMGPLVYwzpcrt<>pBfKhmE=tos@6Lk|b&`Gvl@QcB zg|4JP(m-q@?3pL`^r8=9?CcNvGWVpOY38c88aDB!{h|1HKQ6Lq-i_9)W;YzWL`4^ zhdrnA4S94@RDIY}lWtEO`d<@~Js3F&n+g>>Ux-5)v)@yfCNn-PO8$IV74QZWyD(e0i#yt(&uw5lDZ5m*Ckw!MZ@i+ z6rI*N(zCeX<_Yw6H!1?#%L{5lid&#{J*j*pGfydZkrZ%rPJ|GZoUU{ly?1dX8;>2;$;UMhjXbj|d0lA?ftx_RQKeyN8==D$LRgGpc8V zg-$r(bb-8P%$Nl3RXXuYi>FPn%69-@)mg-~}Yb>NDwl#}Aufa-A#WKL(xQJTJgERp#2ZjQl zW%tcT#e(8neWc&F!JbyTYX;AB2*hJ52ay7fM#~_aTYCr;(czmH@y850!9r4@UJ5jv zZW|9D`GIqNh2&@lPuDaKnZEJ%AZpgbhis(HQCJjqOiax}sWNBP^f`s1hfGQWO5_2c zEV&w^AaBZTBV>n^B>hG&RD2JV6Vsur30Tr*_&h6_0xE77+(u?#W#zu zO&+;->F?X1g`-i*Z#y{xddryV`i8;ET={s7re<{57iek4NH9}ons!SGBGG2bvqKFh zGtFpM`<6J)CmXM!9ilu7;=4+P0BzU}z)XAHhT(U6qH{*vd@x1RPH0noi^O=yQX?`& zq*`{h1PhopU-$_Nm4n!mL5eJCj!BC=#vIyDkH4$%n$YLQP6~?OY+Y( zbeF=)Tz4G@u#tl8=o{A_h+HM~V7jUQS&`U=|3iyFv;<*h15wEGCT&MKq?r1&QH!{7 zgr~$fS@lTjC2n;Wk7UbS>Eg$RZ|#K~L0$Mbe$D>~Ase~)&=QDehM;*aGF|lwpWV{; zq=0VIv2#?C8TWeLDBeVp-_7~{h~(QPP{bxX??GIa=^Jc4@Ps6gyt1%DL(Rk_5a$~( zPQUd+^z_-HWZsxl2Flp(k~A8ZnAPI=cnFy&`}ooAQKS!9b}U-#ihC{6S$ec@*Aef& zPTL8>tqbEG$?DSUyWhs@Wp-CR1Yiu@IW2{phpDSmKPtNgu@#eeN%h*c96em4AYk zHP2j^tI-F`9JtwVup~eTONFf{d-$XE)G}i>c0$8h3HO3{v?FoQQ73@Je?I_spwP`8 zx@DX@D5E^VDu@*OuuDCu-VH1|YfK9S{Kx4{=MR!)i_+0?)R&M&uL#sEhF($6Ec1c; ziQF+Pl{{ulK@^Kk&V$+=j&0Uj&DN5%aU1r8%=21eT+kTu9yfqL;9eGyaroiA?!@7r zt)A&j&Z)CMYw#$nZ|KXvrZkS>&Ok)7+Tbz3huq31%dcf_kjtu?HR?=BGs1c^vW_aZ zJBV!E^a?`kZf}jFFDtAhD(l$W1YrT4wmlu(>@;8fqDsscuA_{E#VBSm6;1aSx=oQ< znK(_l3?OGqoLQ;^1)p{@*{)MiYrMv2S#*O$3*T(%%Le;Z7uEe@_;?*<6cC>m?Z{}C zX7OX&UNE|#u^#sBVx6(ND?u@$(Z2BqO80cmt!IZ)FepY=>UwP+#%s)8!4I-vIi5Sb z@SNZ?Dv~7qwe1LVmg5eTSN+L8Bb$g(dC|Pok#QGR_&3CV{g? zx4_ct^RIQGOy;QTLaYuY(h8olCdx5hLL)CHF;J&nD5POB(#x&{sy936n9)1uxJx&YxUAbZxG-i^!^!5flDtERd4>LDSZ)XFdf2a0jLlP~@5Y;gqHhcFL zU`VoG4j-$UPv)zxXq%oyWn0x)m-VV?cWLdlc+w1Gh-zb5 zpXp|`69)H3ZFrF(u@=VQZj4Oy&bmHJTf^P|n=;wBT-OGF3`YkwIblyj`tTWn?>b)wo_QO{F4agZ)bndAp}O_6zQgpS)y0&9jA?WO!9r8X+i@ZaE!4_j(s4dk z#$(Kzx`cOt$Hf`4`YQ7s@BHmhQIly2n)u~OhXH%hsj9QLi`eBBaUZ)=iQN64b+5I| z;DP;VRNVZ+6kbf`ZcL;}Z_%BpSl`dvhlum~KIdEKaBKf#m89_j50hE3+kZ)IUZj)Z zolQ#a>>SPzlw@I{?5AnPA)9alJec0Zjnzd=-P7M+{F>)x3tyE0^6b=u+k)!H#a3SYJudHwn*jE0RZR5FMkqjhU~h$H9$aazTxn>)>8>GD zI)|yTfWn2Wq+Zd&%Ck)I);w?GJ-{V}--(NZ!%$H5WPu3nQO0PtHguZ*YU2V1w>$6D z7v{sA|7dC)Vu7wMOy)6VWK>l180kGoWX&IT)WHKGdWW^Gt`Odv*Sj^6(KLxzxXzB@ zlYKzldeXlZY)tb`)FHcdHQjI`?TelDz!yTH@HUoEyeo*g?6r zddks!D`I)Jw?UO6^cJPpPbuN;BCE|4P{GFhO0S{Yduw{hA9%z#Q;%t+yo%uCTT$3+ z_!(M0>;@|bYOG!!+L;gsL3$q;Dsx5Pop%l|Z{$7!P1|X`ls}Mi?HV*I@h~`o52E18 zXRP3GY2kV<4}B~ls&a9r^t;K>hu*BNeO7y{CzyZ{XQF%v3Kk zwPjPbw6|Z+dd*|6ef^h!U5uQGHdj?TGA+=QU)V|4?7`7Q_%*sG-c?)1Qs<+r#rEoD zK4rX^yNYaNCOBhiWgsoqu3^DD>qg)E zFwmynEMAWYr&#ozlQn8*M~vPlq;4yS631cRtC4cdyB5W9A^K2N6*(l1lvw^Hf&esd z3#YH;g>RdaLCV@JWYi47O5r`~6+Jn5_pUngUh8Dq#wnTrJhKaZg~f(OCl9;w$Xnfv zJ6idw|C+rb$M3qxRB%r?%FsG4sZR6j+^EZE3;*7K{yc zjPWwdS%Zw_h}d``vzX)}%(%+DN7=r4WUO%R9bYb?*sXphnOVUtr?bUmMtU3jZUuXi z(geNe)fbhARCUH4SaLp6vlhSLAb*WW3u9Lv9~|g2StE`hDGxtxdZ|pA@=!y=%W*yc znuC73{^J$2L6l_LCbK~m|9X|7$eUItTVnd5!jI6ne_lN9)wHPQpsCR+Rz6P|Xp@CfstD=7Z8B7gxcR-Lr=q zL|{qYN+0nl`(mCP)Z_^klMiUqTw%>+L?t{(PY8VJll>P00Ok5n#Sd{|tI2Tdf^)-J z5DfED#yce9Q=E9!<2E2p>7EVqX@q_oE0(-qlboq@%W|qsy}*i#@f-UlsFZTNiY-r?t8JjiM2J%tH4WDFfUYwDEIcfZBnHs6&$RpY~AWRiXoD7BVt3BD@U=Xa-_d zP!*qh8uR{v9&3Re%eJfKU1-vohZbNqEm2kMfEY6WP(VZg!vkCf+b(V}Nn*_h&t+UX zzhKhs2bE-H>8fae$t!Q%VH24B4p*>A=7S0L%tYn8<SPaO&;f&8^c{-dM5oyG89YIhoR;whLu+wYl|8{4o|(?X)kMe^bvTu>PJN=17lKj+;(`vHpe+>3p`3 z@aXH7@lKJmU2DG5Y0c8YAtn3=JFIC6GND1y66Pa`=@3p#WSW6SBB@C7_w)ErG8gpn zmCo>2WNnRi3Zd&4FkkE!QUUC%_1aq$o_?0U3%Y~ac;kx znBx*9|8VxcFvmY-0=vqy4Qm(L3$Pse+kQN=0BymK4H%{fm_hY~rCRa(tkQKM)AFk! zUx?YoRx60jbFRjxSyGwK=*c~zOa;`lSk$sSXW+^`cqf`4^pnV?Ue7$`3La%_ZLJnZ zgz$}WNHF->LZu7dp3i-p-y@Y9Z|+jn$*y`;Qb$C+C@EX9PqC9zvRv zW-~{#9Vu6_!@y1Oi@?Z5N-Kosqh-pa8LF7O}vGCL zF3a`>f}3b7+zc@pXK*vqz$vmUHP-WwrXe*eZ{|=M4Uy;XP3AFkWxy2qfp(8Io-&!3 zbV8YwxZo;;HF@=v^`LGR(|Z)F9Lh0BVdyCDP#jevkon9tY%eORvW3DSZ z&mWda8{Lsi4_EG8O*>NOW<5pXVhJd84Jp#GX_J4yB}*g0m)=bNOIu~$YcS`m|Jl=&XSC>!cj?vwzfdLUPH8MHjAA?JoVgy{vMFi*lw%4;z^Z=C0=Q;;MSkgK}2?A50* z$vRj|0N2u_<(#cN%?N}3F)oea^2JyltF#G!wX$w;hNO*`7=xXQ%3?lW`sm|YaxhM% zCCt0I%5@PG-PrAQx8u=W%kt|C4zg~aGu-X_tUcscX4I|c>1K7J#@Q` z(LVXpX6|uSHYJftL8+KR(<08tE|6$Paj1^3VtGNxFNGoUIY?>lm=YwVJ`ATbow3Y7 z)D@fWqX=@fCb_rs;*{!H63|yPp(29O25T%SmIM$*cs993Z`n zvH1N9(^g~aJ+7cGXwxe5*>P=Tig^PZaj%;%PxoHsi#4AdPl~p;(dmNGM2B&tH2{Se zz<$n(MU`XHly1fLvggZ722Gr8S+-GHf%~kXYgZZB&h|#-M(8EK>rW;9Ubd?j55}KZ zc=R8WazqoNeh`|s6lpaCO_Q*PBN&t%xlvG*~mQD&55IXfRo?3OpUu z(ujB-W7b+VNf660L@hYc5HC49FVGE`0o!;RQPPs2mhTy(sKcx3=ddj^Q>vVDs~+CS zKsZz3mH-M>bDT~%8>-2UmgPCTMQ>iVocV{I?=g(nBgawHsSAu(|An<`!ybXr>#-rW z#jdnVzXUE`2*YA5uobuM{i@gxB+`{tZl>HsIMh9HYMgTD;uEDo?8K^SSbRn^X0aYN zYxe7_rx;6?g*aB@*#YPxTA^v&AI)`HL}pO!6hAn-gc=3pQ4~UG%Ai6^OD8h0d)jrF z3WYhA5_Yq6Lcr2=MQB)Rl`<5m2Ihde^i|=e3?{C(r-J+QZoxrah_E{{b|^;l)H1td ziU7RoYML+ZCajln+?^bfb9@B$0B_+j>EOTJo!b(NY4D#VE0j)F{AZ#!;vqh*FUDa>@B224!DC zd_vYF*}2E$`+R7d+q5Hp<6^#m{HXdI#reyVcj-Vw_jN`^gzQ(rx=diOU{+b9Ogzs; z-1S}3Pvw=2mLk}+P(>`VZbzf7P1H4`d->Soj=;S#xI*W>Y+i7xth_w0V+dT5Wn9Un z#S#$gB-4VZd;W-YI*1@~9$?hP`Itlv{T#3$)C#S6HqL`PiL03Hb&1)!`Rb;5XL*@Y zPmUpfvnp;2Vj-L7$H)DeJtw_aYr1vWz5ukeE&TeArDal?K;cv|PTdA3kasuhGB+gE zXGr5=`S;F9`7VoCTyrXV=zz!hpHTTKc})P59o#I89H9cwTTNOzliN1Yu>?f)ifUE5z?p%v1Bu$(H*?{W+!T$EAen9aPJcKkuLYBm$WjvmaAOfo3(4V zju(^OLxcn1&0^p+%g0WB!YkG~B?+*)ib%Wib+A;xznT>$sSsl-g|2iwOJP{?f@I@H ztC!?B_v~R5Hd8l!#zBYK)jZ_+&C$RC(DPEpHi6dVN8P9ZQx)e#s6C@F?CIfCdsf>- z4qwI%-(!y`o*K7iYfVPN#Z|)+Y@D;zZjpq8T}z_3(Acq&+p`H7RZpLaVXMe;5)S0@ zJMf~M(CJc{^4#X(Xw1&PBe&-1uUvhj0_vI>MsFqALmX2=E9OsL3Ufb4`d-Jic?uLy zuIKxe?{5v$_6C!c0tWjcdF4O`ALjnk&C2nw!V@kfM}z8R;_G<@2YP80&&q2rPA0ce zf41v(B#|AXc&Wv}-?`btr-YOk%gm}9iZJM#E1qTv)QKW24L$G89;yDWsgNWuNHKU> z2q2hk4h=>n1|sZ-H5(f5jN}<#jsp_g;}Ju*l#b7!?cRM_lEBF49uf?aBSx!`cDbLV z=?{j9-OHAwOjqk^m>c){bKXKzXH2~)xvDOU4U_!Zt4brucmtHRJDva$!BEzXH3wo=f>%Yf+Bk4!%I=Lef@maK; z2=kUD0XHyroiYQvUaFd}io`YAhP65<_>EPctguehRay>VLUdV`HNmjBn#21}uI3&J z0ymL~wd&1sFPs4NCZX1~&EHHCqG<+IjSz+4I0<})ANk*_iODc;0a3Bkc0xgK0!piT z#sl0U=RB9Z;hsyWVj|eH@1QS%(G!3m63k_3A5aXVFm$>G?Yhgca@6OgnV#$-IWHvE zT{E`BR#xXE_tm9#(90tlE)>S3C&?YD1K6nE0kT-s*Oa^l>~qkWwg|7!nJmQ_GV@_Y z)dKiHM2rVivP%&7e4i-cJc%dLc+K5Q5PMZl&4dWT>(Uy?Dak63{uAFkelqtF%v2~9}EeL`Ojoq67c7`R(-|yje)wIZj z72>*oAwmTrYa=cAfN&V^^PGCDRp(!CmaGpu!cgSzkd-fj#$V+a)zUd1#l}TiRu(D* z<=;Usi~L5pVThWd&c#(2D4Fy1;|M~TM%M6aR35#>Vz1sej(EsNM27cvcU(?fH7;ME z-Bh=3EFAdOr_USQw>LYvaAk?>eu#z_bMDo(LMqK}Q|h82rp^Jn@@%RHS$;6CqUvpE zPONK!T0MxuXfaE_XOfCsR)nRN%CLmCDQh6^as32kblO|iF`YGl7PZ&fR9_8Eccx5` zU~RsR4qy*VhCn0c&|BxsuD0>!e#iW{Ud7e1kkZ0ic6{W^Y1^Zq_#Ut{kcQ6q#n`8g z0q+79CU46>d@J#E}j>mK!o0@Z@}21dHzLKc#Pca6VVRmyv0$R)3vBKr`uW~xMTb5IkC+KTapfj*v1d< z(c28#yg?2n$6Luv$5*{BJ^%&s)DC&A<=i_cIVWc9~BZP*j77|OFJ(*7%i zEUvVU1$hBps?0%;T{?`g;J6*)V4D%FN9-wRDr`tZf^A+#rML-7H&Y50s{M?Y;+_v| z+%OVPtD5}E=f1naQya9f_ompR2zzcTgC+!P^et(a;MTY|A2qd6umey6J zmGX&lK~6aD=v~hR4jSz2ODO+&E?sqXONCT-jsi=jE7+b@**PKa_F-Mt(JY0FjSy#W z-d)OX49V>a#i^(<5i@k23sF5k6ZcC$c^(|((6-I}8T9HT_^MU*%o`0*yh~N^GJtE4 zq$t#1B?0NwBvp*7_o!p=H1JR)%1L{|+@M_>J_iyZA`Q1;BGS=aFZ>rZ3^;LzG;b-& za5=0e2`1O^RXC{v3*&QR8~PA)8`ahuNQl^ce zD(gc$bXpr1 zEg(l@=*#)GK@npXR*k*6CoG4*zJ#5LmkILDL#Z5wiSS`al>2o#H^ zv*yH&x1S9Qe>dae6gQ)GMpTa8pVjyyU93n&o&~LefXBgf*I{FHT94AOh~Vl+SV)Y+ zYB7}ozXOe_n3}Kdrz#ZOW$Ip8({HyfjBj+mYq4Kmz_GzePCmoO$GMa>+G#P$^^vU1 zSy^x%7}NWKa#sqmWp8z+6CCiHlGyblZLa$oZ5a)95V@3}*VilCa52rYa<9d{gZC{F z&KGmvz2&{ixTCZq=t&pR)M{C_+gyH%i=pkZaqp~AWj;??j7(<@+ol% zT(UfC-c8WDIp zCO~PhM~g0AJ+OLTtItwyNhI_>Tw_|&n?4I2?m%G)o8CrW8h`a&eOk{BG^~@@>WW(% z>Ucj8>522rLqN#GEyW2?tl%idfYesw!0yWe7YlBBBd#E(Bcq=5jlgJppF(olBHeNq zQx*~5uE!4lOU8TjX7&i;0-3n0m7T4tjj7C8tEJ^`n%xDp)s82P>ekcKq6yf}H zP-zpYMY2(I z=DF&>Tqs!$DfF*?LWS_nw}0FDfS=l5$IPm3Qn6s$m9_=EVJbaCgHravf#I)ZLv60a6dYCv z@$|Haay$Es)ya)RJ3>Y%Ge%ALyzj8AWy#+eG~UBexSCd(a9)Wq>+=wio+Tay)Q&j2 zq)21BBi$i|L_EbDw*)--V3cEB&eus)YdmVE$OTV}b*|z~+R(CQls_RUR6hv$pp{*O zcNwj9;)mZl+LtVX3JM7+!d>GLoB?^>pl4{gHHWvEJeP&%85>O6+l&hhL^LPi+lkO# z?MJ%u`)9$B5S(7jNW;l$u)R(%Ww?O3XRu1esPbd2^HdWn*$$4pdaOI zeBe%V1J3uML%W-fuzRUCebX25u==Q#L>PlqQ*E59kd31|7TS%OH-k*`tQGkpfdr_S zc7zwNL8~&->vvi%$HZoanI-cBpCyCAdb(zh%I6!J&B^k|EU8)5e^_f_D`)y1tK9bd z=B_;?OSUxtwmNz^MW+91JbW)}jmDdi{V#1aMhoHeLB8nQ3E-piThk*KhD&{u5p zhV$AR@LZr>kWlsj`vdAGRO*w+ySUQw46H)l^fV};fyb86ce{rJ62g3%+$!RUMFv!+ zMvF*_CgYE6BDeii^b`v}!c)~NsVuTBY5ZR~HCUTV?EmKZ4?ht41;Uw7bki{hvp+q} zR5NyC@GRQW8l7Lp1MabeN|KOPl?DR+Mf!=d2WSxBMa+Vfn!Vzse9EIiLJc7x{6VjFfhDR(aTQ+uF<890M}PyMrCO0 zO|CjT{Q7&s-YRNHV-(GyU;ArFZ>UW*=j8^4xh4ri)-a@)4GwicgdgJsrPjln_Pd8_ zB|;w&5>(q$;5ruY`J0JTjZy_xBZExuq{-SGmWl@$SJ>WR|KzvRnQ>}dCt%`A!9hZF zf5o*;%QgvRtVV9|;UL=dvaq91PWD@E`8b)Ew55~wo-W;71yUt6_w4TzOjS@wTEQaf>H=)F#eDpCfK3RTt&Mo zph9jH>u^Wn&|T^fb<#!2I%p_|l^%<*AK6^LRDv6bMN%6#ms>V^2kfrHbK0$LaVQwE z89FudwBa3>6OBl9%`|?Z3@IzTSA%7O-c?0? z-F-x)JDf-Fwty2n$(A6Ynd*`zNs8zm2pE&}GRiYZv zfG8n#;l^-O`!|V%H_|2W+gL^}7w_p*(H;7h-@edYWZB%Ap(ryVVvwK1oenj|wHD2F zW_MwoYaR}M@JSq)Ws3#Tw290fH&sR5L9y8QG9F}w49W;g)!}QD9S92 zeWx4pTKSH7Mt29*p+kl>gztlEZ5P#&+1guO{K8sJNgGVjW1fM zQn34UM?+X_>1D6YYSIx2RK2GGUowkeZc?&%#U4*$zgtI>EosQ>J8AL;1lM3)kHzf$-?9RyTUn8@z6^1@%{HQzo391h9lA zFu@mG(XS?yA$^&@aN(a$`PTXh=%V~c!_$HpiDGkO()e<+>-VJZjVI9i`Q$xHRs$zM3ZG{^^Xph~Y9-|f zhwe6YEZ$ApyM#Cf+fVB~KJnI(HE3(fGmYm%?Y(OZ{#I~bf$u@&>rv!M5$MJ9lM2j6 zRtj2}lCApCkMV4KwjKiHL`mqk#@h-My#N{6+RP63X$H>DT0%p9m*+b6L<{AknUw@r zmjIP^L0E&&?S#}HDvB84RGR$gB|^V_Lc**U^~VgWp2bvHzp!37cvm}w%h}CrqaMOW z^CHupoC@*elD&b6Xu3$0NNhDvHRX~I)fMrj8pd|I%?L%40Q%tzIeGC(Od;m=i-x6| z3;g&OOZigc%Oc%Lq{3N=pp>vKW9Zt zE(RRw$8u}GU`#qwsd9auO+Hu!@A_-thH?K3EZBNs4OS@P>6O@`(l5Gj>U&4#w4MGv ziI$2A_o3LB%bBO2u+Q|}g|cZKuxzFY>po?iOX-TaC!LG1GftN%5?cy%5-QbKelQIA zs_aBWRW=eCtm*xQs1Z*Xd6bWIYE`HaPIp1a1rEiCrpp3J5+t%}+YqgQI|u)+wcjCx zKIvd@qtzuZmIXuX>5Il0`>_1%G13r6@|}vJUGQ7~{f$<1V45V;c1^dG>IcA2hWwUo z0iBK`g1yvx(fj(*8X9(asjgVNx>U|<80UcD_?PD=udqMx4gEiConvz) z4AZS+XW~pav2EM7ZQHhO?%1|Hv5kps?bzq8Q}uj%|G@gVR$pD!y}lW`YQcI2zU$`Nez0hK|W=5al#x_|Al6_4V!N}O; zDfTK}@-p(G2`LY#JYHBLE}egW`daM835tMqnn&)2%fK@IJ+D*=B8(68VQh9|ERX@s zMShhRCH16%)Ew^R{i_hO(c*)?ccT&cDGp(#uy-Z=!A$u;iZ&?9CytfE(a3H|3iJ!b z;%A{~QetsYM6NieHh(QPIF6xfA|t4i5r`P*tEqjI!g*CQ0x(;m7jnf-@S^pLG}*22 zCC+1nBm@d>onsf*a&>WwXrXSDEDsSkJ>uw~)vM;+CnM#B``!n-X(dhQGhDAKnSYi+&#BjLmVy7gLxE>|`ArHSNWP&x!Yup&+44H886~kFG@5TY zyScY&533dciQebIZU|>QZb>yTng>j+9nykORPKuz<^&4vmMu!XmDVKjaMz7!CGPQf zb_$g#_5{9m_uNd~8`h83g9Nz@bHkV2JfvJhjqVa_Z`2xoSexU}*iLeELVM$2NBlhj zm*2V2uYdL<-snWk?aL)UEWP3&Cu-(bm4BMuY&^7}7=#U9b^QAkpJ4tI59IRPfhTVh zA@&dvw}E_Gcu{BYN_zQjJpt=+n(O?duvNaH(V%fntCb_nJ%URLWD;P>Y)R(C3^A<6 z{>>!jVq`4;Yr8cp3o-==$2Pf;kctAXIWwXV>AVhV*&@D>j(&+`fC`nVr-av=ouW9g z0cHakf+`_c7smeUaI+0aipDaFkJOD^)7>%`wu{zNhBvh4d(nS(XIb?YV zp+C2&V-S44T$7_p%0!_y+%6LG1uN4{C|xmJ9zot=zum01>LB$g7lEDrQ#%o=f^Jt? z88b{(8bHF^AOQ;~?=6s3NAu!C#BaA;eB4f3<@fi#?Xe@a>sfLoG9Z=eQdyE@?Ji#_TF@-&wiBwHa_FB7@qoP#rW_!{7nJCj{364>=vP|;_#c;l@_x4Sd{-PoHi zf@cgnT;$jTBh3>Yt~ps+`kAT;XRssfY-ofDd?EcBks!pj=D9;kJP_{t)4Ec>{X8jk zNfcq?K>qXLuXST;jIbQtprV0*p-(Msa-$6#Mh7W~aOf;4T*OR|Q2|DwkuuB5y+BOo z&~_Syz~a*J$I%LjTbI^|S)#2@G4KGcFrjsA&iAb?vP9IYRwlD>GWh7OXcG1M?dQI= zt#EPaNS>E^eOgPTVKIApq?)X!OeAGxPW|GuOe5UN;qlVFvRZk;<-%O`6`5t0KUtkb z>^B)@ubOcQwi7-AcEg}2aBga6VQn6%EhVk#8u+6LV=D&2E*EtluVvgx;P`dQqFLA3 za}{-_dlQS^<#<2cNA-43XdZXrzeYTJFZh!*SJB86^n+ok!oL{i>f37`{lkQ-m*kJv zD4R%jE0ieb)~xN{_+6-RTiR#mu4Xy=q}3xrLH58Lbh>2$q&vV6gX3BblsfVy*H4Z_QWlQOQIlHLTyNi=mqYB`!bN z5d3lC&R3`7o{n@~v)Aw-UbUHBp3a{;FxxWqldaX%_sa79x~yS3u&Z`f=BRp%NHK+i z9xB^{zXc;G((1eJ&`E*0)%g<6Ax$KTkR*_&rmSf}{(R#ew=;&AR%7)B43JKfwuSzK ze~%;t6w$OGO6>+8QGVr7bji!C88hBjU)cLdk7VRw2l@!`jdWFnsiB3s!U)>>^6j&5 zJ~2=lM1FxlX{?jV-sf>H#+ol4nYZkR=utZ=;!4){E?NUOqSW$tHISMUCx2+komW6b zA{tB;5yAqX-VoEq@^s1!8gTxC&#A+yYWtKp;t+CR9HJef9OE=l{5h3OTWG;x(w%<3 zn!%XiMd0Obd{GfZzkIfVS``GPLyn(ep+a#A18z<1)iTZTw$7LHPTL602B-fZBu{!t ze>@vq?^C+tV@hX=r0MiuIioT9cyc6I{uG0N{xcn%XIPzV@gfP5;sC;%M$zm;d`rKo z+iqfeGFo96{kHiQ{^d28=7^H4kdK_C2m0F@fsc4&&^iU3-C*Zv+A4}S+WuQi(%%{ZEI?=Lw-bM6y%JdWJ$N0rArEhN5;=D?qJI?s2@P!7Fxhw?| z3s$>Aq+RdBu*|l366iFq&O?aLE>C5Iq-4yi)j6`P&Z@`%cqn2hJJC9Hrff6)U)9*K%jmqQP)UwAWAgzd|yp(LZYNrbRM5Y94MaiMSTE=)bLww z@;R8B1F!zc8plc$t!gZTGVMkccj3wmCgmmqg2A|qm>eHwv2;j`-%fNvIK zEqgs5EL(;@_qOQ67X#~YNciw!&x}F4ki_>Z&FXj^%Q$dTuGBJt=C{1qyCuWT#);i^ z#WyEERn3p3P|Z*G-WUjO=i25 zhlhmrqrf7z!V3^oY7__o*ASL3R(5r98%uj{V7R+t<~S$`sTzWX8e987GWIkU?A9M1 zrwn3m7LN@z9*R9p%hZN+I`LK>y8d1l*wLQjZ|FZJj&UCV(G-zqR&3>_##?a|iF=@K zrg2y*?*3P?2P5_N&al_kzZ@sCa@Fgj%R!TL_1onI0DFq8BZ|`?4jwHdOe|3EE0bar z!(D%_^3k{4c_ZEeUTb;h&!}E*hr@BAud!f5L{_NbsrV9sX1IhZGh?}`&WH}hcP|Ll zFIGC%cc|{pIR~-~agZZ5f-Ixb56*NLFHLXQ;M)S07HI_LhV1}#naKZ}&Gq-#hIX5= z?C$pcZ+&KGAhyYBK%dMVj`xf+3tUg05Fh?fO}ydG-vBmX?!)`dWUmU;tW2;17^gtB zjU0uer120}gO^f#6udmsNe54Ti;eQ5yDd5(V|IKqI^h{J!h>;JZ5uUR?mR5h1$1j4 z?(Cg$&dChFCuimFbOA`*8toJu9nl3`J<^HL_B?F5_C-g|K_$mZD z0K#5UU(C20a#w3n*`HTp|CeI9y*_hu@2Okyk@ zVb0sKL|T^<5Sj+*)t3>bZr|rI{yQ612ZO|M3CSxR#LaypJ-6u@+MnJv?p2Cspwi`Oi2Kapg-ovvi5bvmrUgoS+8TA9418#>X#bb5We>xot z6Yz8ej0kKWn_+NdB(ORZT&H{tLJd!!gE7>hq}4uYPgucm>3(Ys4k=q284axqoLfXs zVpspn=x7xOP78+4Np#I>MO|tg?{|XH(My0lJx19?ze}`0aP0El;M0*)#GyN+hofuy zb$_bbN987fw$oVo*SV#T#@FI`Z);Ir@Li3}MfPtv5(+ZB?lmXX2m4h!$!Q(Q{-RXl zz%eGqP5Wl^d3JWXvA<4fQfkCWw8%)2p>6xOL=uFPY6#=Xg!S|mMvjhrFMS(R)qKeP zzL@m|LPv|^I+mUh>O42_v+pgOM4`?#x?^<|$)MSO^fI`&vn(I$-?!EC$w-3o#z|C& zm4}@4o{3wz%KDa^LyxAbx@KioUI@;9&&XeR^o>UJ+=~uGbKg~X*2&@dwv6K?8Z;)P z^~_-xkn!ktP!gcSd!;!vZ4l2RTh-iS#7jZxo`vSA?eS>IJq_mL`;UBNbMj{&t@aon zCEQ(IO8bTgEo~|FXiR=>pT!J;Ac$t5Rb3vHs2~YIDx^MIw;u z@^FxgxvQ1`{pAQI13XB^B&xMtOy5qrySugq!#mKXKfM5NY^wW-fXpB&4dc2klkZDJ z?>h|XX$rAF{AOgpBrlj3JSv<#ByuZQ6FLlSx9RvlHj3W9R<|s&Y7!i^ep;y{78#F> z3E%;y&ewm!7tgUohp2gXVAOlV1s6LTL*=1?oi%*16w(#Oo$RSX*Im!f)-I5o>21dQ zRnmJjA8L@IHY)QbAZHl{^}?gSRAhI#UeyHt2 zzB$DPGx>rwTTRHPj?LrLP_}oQ@qd?r#zdhHRzq}qGR_unDE2*QJTRY^iCwI0n%4+@ z_vfN!MQhOEa0DlK+vwAF%!TFCnN7%Z5xiOLQfK=sM%1825TYA{iXZs%H+2UA{7DWu z%hX7H6|>Xe7ys7GP0cyI2J{rd5BqB^yIrA*5%|;;FmLY;etr#y>noBh$rXAuZgWJe z3abHa_{i6Qlx<^+7~~<#-@cZ$y*+A=SN1b@(=}zfsUo}OV~GntS`VZ+n|s$lES&^ zWi|7zV-OAX;L|XGrE|iiuI>O>K~E>Ptm({v?e=vnv!7=3R)L?i>L|e7?j;#eM_>@J zoa%(Ti8|ETk<8bS%=JsUz&ay3p&$#hC?GM*A9c4UPus>;T|iU z<8#QaO5+$un1o0;rEby?v_oA1l1iadNab7#sZgUdh~Q1l%y{W@8$~6Td3039?74$# zAX=8$FwiJK^IrY@V)P39<4StaUNu=|I=N7qhsssSN;|z^c~{B}(Hd>GG6(V%TULV} z#Fh+niPJ?^{sVsG9c6l!Kr$az&eLUwCs3Q|r86%(mV%kAP{J*zTS`~2dQ-zs6oj7k zHrPuFSlmpSw$1*S8X&zEyDG`7X%xxpkSmXVk03J3j7E2C#o?x{mbJiofqj@$uXhQ} zvO1oPI+VUz#lY|Mnqxn`RIV-E0wF42IK=YguVGYDIQd)2DmgSld1LSn6+by2B|k-r z9j^8ej@pHt1Do2tGKKcsyFFt463|UCnQ`6QPR+uVx&_o;r<7s{Ka%mfiy>R@M<6~p zlPsi6e*oKE+uE+TGSWJM#ZbMdln!cn-|8kt@X%)M6lJC|xcdkdKgr^FmF?kQ4rPq% zEE3BF|64$7W--#c1;r_Jw_Y5!ti=w92(q+N9A);i1mP!TmO%<7gy(Mw6TNuf{sx2$ zxPJ@rYvHw=v;7!Jz*zNv4gu=kc+ z_PXu;72t~3Qgv`)cAca52di`7_$<-#UbC_Gn|n3C_JVJb%3R2bfP`1`>#}Ogx6YjU6U^H&a8RYYZlegKvA$fw-4H_G{gLwIE+g3f2uPO^mmBxf_~ zeb`W9kDlc|ROE9Z5F~zQW+tT{iviJ%3Mo5PSjsSG{@d&B;gcIKxJwonv?aO2SaXdRnNs#V(pas1QwxEzf=TD?`1Qf)LT8Xh%ZTc2YL^Rx=i@4ztU;iD{A#OEB&P>@)T;qryoL21T))O7s z4PvH#IP9-6m@Fj7Lni=!@BjO@di%S$wk?C7nVUMoy}hpe#LLuyfSX1K_*xDpD^zT- zk@<`YlQk9vQnU0?cczb=fGl7(<_Rwpw7vkUP%G8JDqt*6`fM^95PteNY&vzbf4S3t%eyJxS=$pfBK)R_)zXCM0;uu7n<;sYb8^W+INiv)S4?mBU z>MeL_O=3ea*8I$zaCgGMo3G-HIN<*oQU*FedeMk5Oo&|kGLTUk!x&hlCwAWJNvG%- zBdz{|<8}K5{}ptN;Ygb*^z{SgIe{NCH*w*bWvJ*9{$Tv@k~ol-%#0mJAm?*7hv{<> z=o{Cl8rH|I7R%!nQLZv>U5rW4gvw06&~;U9lk!sU}(9Z-t^( za$23u{KEcrj+^JM=BsRDyy>F#6VNWI0BG65;F$LQF3{Olv%;y)FR&}SiAm^IeNpFb zeL|dE$6Ns|Ls0r4;Pk+wAj46Fj*rdU64@jkRdJ;B3d%fKY7paJBWwzwOarIztMBN+ z5Sc#66sRh7?%MDY^DxgdlSdCoTbDNWwnWx$WaH_1hk^hT zLaf*!Np*2c&;Sy*bYJ!(BYWD1g7^H1JmbZjm^cr&kS7(64a z+A%I)v7)%}QMA#yPE<(K_=gA)81YI{zdra|75kYg$?zcgy2gZ(J0&YBW1I>gJ=wS$+IspM3vBMKiRke6N%6qp#ze`~uXhp2qe(d$3BsQo&yi%4vhuyx}kAGuV& zQV1-!>DMpYt`ZN+TiTE^pZX9#4-P-8*6A6k7-m{u>%o+3%NK5$uh4ugZZ~oNwT4+F z3KA0P-;%#ldL1bHR&K)Xa}~C+XuAt{G4FT+^Kgd6_6A%J&WNlpz^~<*hmad?sC(cL zp@q43IcFtk&%a$V8z4&H{mzUnl_X+)&Xx0H6RlUP4J0A{w#KMht1p-T4G9AC7B(u6`l=zOSeA`q#8ua?lxJ270rUtaIa*!>h5lP$7k2ot7B7%@#uhZi5S6i%?U|s{@M&h77u0EsvN2C%zNBT@qnY zdhq%|?ga!c<-n5U6@J;O*49$Lquh;hXNlN`wN=dDUJ@N&^Nfx(n$SM*dL(`&A}Zb| zf8Ff4=JEzavVf%C1I5Pi29F^rUGWZ40Zg!##tsSSg!H5{@wIHcEo?g24xlmJMy4Xz zcVHXzBi;<{mHVEPy+^@NM>wQ(%8N`cCW%h* zVF1MKhimd(uMN(uItTXE?SAVRMFZn-ReW(nNVYa<1CuUQ_O`h7rQjfKWF?Qg)d*(j z(4|3OuVfo43bem1ca-IK5-bBXAU65WI;@im@&%xYJMb7A+yJpz94yOVu+AYh*&z}#8iZbAl0-Odx%kpT%q(_glHhWJ?MY*FkD2M}45g2v0Zzx5 zwNf0Pc(a);yeS33~4nPz=-e1@Ia%TO<+cQm7;abaPf@Z63&R`_P@;_#x zhGDEJONtG@(IeVilIl$HwoFkY+fh7DQVYLd7rN#~aKs{{t1EI7*{Lly(DgjyCvwuY z)C1pZTgI|U+=NcS%%BpUHSHG8Rb_ZB6j6nSnB_Gch-c1_KY?h`86#vy8q=9TIu4MM%yQPGTPixPg0;IgNj>y~bdoI9LMz)%kAw)I zeTM%Ib_qsK8||~LL{d}>4FBB`KzTBH6N!_+fac9*Tnm(vGr_dlTXcE=Asvv6b^2iR zB4B}ws(9kTlEoT3bd>$K|F zckuk@1;j4u#y){^Ar-l`zb}pxu1|K`6$O5^E0*kPE;v7+(vP<$!hi?Ew-`UwU12qe zt%Av*(S~5t{bCt0Bl93Wkf(PC`!ekV9pYE*t|3JOA((7ukk!OH5Z--tW`48&5$i1- z^k>kd4Vz$~d6_*$cl;uHlgFV&KWQoC`(Wx^-EdBRNeX-mR>A$_>!Sr>4ny4|gWWs5 zfRB3+YR@4!KFw5bvb9*us(K>`Bc;arIvrHYL*ZvEZ>@OsQueei{O(`$#c(KjCN09I z*FTqcj~IW22LD;BwgHKqKK?|7`{&6gVyW#I=rDVgwrp%%-;-H2IGk+mg3J> zAZ{{bB>RtB`qZarg{>I>!i!R76oXprmPtgYJ)kI?w%-feEn;R~7g!WQ3cs{2;X>J} zJc|G^QG_PC>5t;th`+Z>A2pZc@B#=58FxK&H7dsoUbxKS;!A*j{VbDI<2B?)zS&6W_kg-}xV~KGk0+dsS)fjD6 zqxWnnlKA<6?`@1@g$$}{EJ4cxk+I$5wOY;3CeqCTw3oUnrC(%n;^vS7c%KW9V?I_U zUVLB6@z|-41JkoDB)<5{iS_LohQ-2&!*$%@5)#H4ssn%e7~-#`@6%8;jCEH zL}%|jD#KBjf%C$fbf2`_?tT-Ndq>8q@`j?>4sUQnRD}gaS;NhEK{giUA?@^}94M0E zSQy-x$@|w9n5}EqpKEcr)iTVM0H?;!c0)AfNCS7~q>K~p^`g4gKwUcVS)PLtkHEJe zRsAq!gLC7>{VB*|n|b}VmV=Iw4icm6ikX3z^25izxRe;_;{|0m)#$4N64z)l3(CO%d^h{|RY!d(T^n9O{EY zDz2ybE&Q&wDm&1LSnjRKimjUmc8v?I@EbkN2m_YdeBT|kl#H$Zyj1A?Y>X|a=bS6; zCM$X%HVC&vy@}FYRgX093N=&K}G91oHZse zw`&u-2ul7E=a6^?^*%R*Y@fL|8RTo4RW>@ldgvCaBbyO0!l|4xOI$gfpXd<@|lFOORF=s?Kzif~N5BHG7Jottn0>@Xo z-P|0$5_AKs*B=~#_yZZ9kqEp;dokme3R&8)vjWQ1o!ieNV=y9l@)r@noTZv2xu@3l zZ8Jtn@5QHN4d}O^m{lZt3)G51rsy}Gnx!MN`P4Q!`BZBISXR&y^V-6DiN3!!6T;^N z;OH;@CuE|g;(wyvxRRBHeSM|Yj76k8>g zDiXj=%q1?Q-rGH`D;W%h8h%B&@O!r2cq#k@Cj(Vl8{lLbe=)uCoA8<0?5d)(uGh}>+YH{kJ{df zlY!ytYs0&ebbruT-mY)wft{apatB1K9RVdO^Jk>;*MDX=^%219IC}l3Qv6=TptT6X zK-esWn0TlKj#`m;=!{4Z$=fO1C(dXvNh{FT<4cS_wV8&tr17FE>zB2I`ByC4R@G2y<5y^VQ_}vg@odS*9($sX^aIG1 zTDFki)bFk5cYJe6bcS7ophfe^1+zB>jdKRw9OsC^+D31NLa6_sl{&b`5=9bW{S&|( ziLWw~d=J6!;>$wAaQ;MA7K98g^>WC}AH2#kYWs@1R0jOzN5!vPt`6pg$&E1L9+)aX zOS>$PRc7(UwUq>+bW)DTnJe=85=v@3`c1gj_GEt^?rfvTK0f4GQj0=Xgl*^79Xx+@ zw)dLu&N$C6+1;K#6khA1bB{Vl)=5p9aG>cDz zA#d&JbI1wCx_QYO!;>(6>2y5xXq6$EOnC()7GPwNUc^K0NG93<-5>7r0v>n5Uv6x( zlM>2C*f)HO19hw)V|@va(!$>vcD40L36?DU(OAS=iMme2huq35!f0eN1k6tOIVj|E zE^Q?~!H)S&kuL-AnV45}#{3-Ti+6}7rMG4zu=E)QnjNLJYoL8`Za4kvtr8Kk?FfY3JReU%hvvROcJ_ z14*ieOpp%I%SFY&a}8bK) zAF@nT{n>UNJeFu9@h9z`qEz?TGM41xf)Xu7w&O##gIKLvo{r8v#u=8|FQ|?~ELak-KdadaCh+o3b{Z;pjRWuGb7jSLV z!}FNyk3-n?a3C6JlI0(egJjQ$Ho*p$0}tz(y@_Vc30W5T>*`>Yw4n6nC2+QSeL}O3 zTk2f&)OoN!T5R`MrQ(e6Z9Fk*^_*YDhodU6#&6+I8iA<; z_ddwos0<{22;$9Az754TSCt{KI&$vbK>m|EvHMAmL!e{jZ836e4K%=yK7411#j~d4 z+Hb#C*&xwyvH#|^e+8|96E>w|h1yJf6+lVTqrg;Bl~of1b1>NElxdb+=YpIYEyAwf z2wEjVLV#9aAVXsW1+KG~ojxu;#R)7Uh`etm->@0^5yJ-WQJQG!1^uNNI||BHM3xQj z+Kh4^i!yBjW)~^(-F*OxJ`-|r4+s<}X*FM~slsjT4x0He!A=yMT;~am4@zF2 z9gF)T40RyeuKY)v(xOg{l!aeO zvPN5V67KQ^4;Y^UHCDXW>FX!Rz=Fcxm=3sjX&)P9=_(8MEAcwAXk*TcuwF|K&qqVc zb*j0cwfu3m?_dwxwlBv)ED3EMN9)s5VIPfIXUhN0ZC2Sb^gz79BgXoAi%m{*c(O+r z!sJ+%q9)6&E7Mb-Tw?jx(umxLL$l4VDM%t{~_Z(&=nJe1quE4KLXv) zVtg>bN3Il9u5zeU)GA@XKXHLyH|JfuU$~n~L#Obl`6@k3N4!4Ade@O0;|l(RMUHJ50neGr}~A1|8O^O1E(7`pxlTRzg#RQl|pqiFE=+q2z7T_q;TJ{a@r0D(0Dn z!mW)kcPY6AA63l*1K(E5E}oL$`5*JyG@l*^{QQ773#9uy>Zq2Z-N!SnelEK@gmK9x zh-iO3D&Va(h1)}x=Dv)O+72xuq`?8?bB3%Ud|m?BjqpQh+6NZ;>iSS^MI`yCpZ|Uc_BfLzKM zWBR7CNh-^bEtDLYH8PueAoR^LL4dRDfqf}L2QLe8`~cUh9u~=WUh)A*ncyo*I<8|; zRW%A+ocWrLV~xQzM6jTEPA3Gk@=!s`XF>=bY)H;1zZzY2&cHrk3dcF%wsSZ=D1sQ~ zZVF;+8;!{c^RWK2`1DsBaQ6FV1?74WpG&7m6;yUW{3nJNvMLZ&tq|#z*E!#|-xiqI zY!HBwxaZ1$syoJ${_uOyMI;T$Y+DxWp#B_$+PWFX)4UAUsy->mmoeO84Dxf!DPrNw8#q%Q`W3`FvUpp8Yzz{GF|L9G47D{ zn~-vz#4?gD51n1?JLk|lH``4+SDU91vgDJJS4=XFe|C>uJ=wCZ3s9a#qY6Gq1m8{J zw*bCRH8xd5A)Z;f(VbX3BUZBQ_K$0?kkiKt*WcJ&=SleK`FG#L)cljba!?Y#@2S$0 zoy<3>Y|+m0U}(X=X*88smk?rH_%y2bXB&Cz$eh ziY)V|JN#~oph2+AbAl!rH{b!Q)=GkV*U5)J(wagsy_)Df44?c#*ZSv7G=U*GrW8ME zL4RqBb|v>mgO%@(sX6>GM59v&oQe$qExzz|g~3kLDx?ECm88syt^4Ntlu7EeH#X8# zP*2nh&3lkvpr>C6Q=-)!#cG$bJ3t``((ndko3Dpi#WxWWb1grUurBI#o-=oplhYeP zUJX>IIi6!IaTm))wfb75iO3r-H|QJ`_-cXnlIK!PH%R(u0lJU_H^;!*`oe3SK)SF8 zjZ(E|%XPiYA85(pCzMHX9QM2FSTUN4Qty@aJ5KI5hoTU9I;|Hcvd=lD#7pgz#C0@E-cDFLfzbt1=G%g3oZ&-tB$f{QW} zK8{d6C>Fe(R^MZv(vx7bdB8lP8@c;tZCk7FZt;a5gOh!er@Vg<7>|eH!2!vRn*?>T z?*_)CZ^#H5|9qP(J=(0?lp?4QJnsl7cThi6l7Uz8b%Z?{ve^U&t+Gb=R&qy>)yHI@ zHzIVbF+3R!XHkE$v!clXwF)HF|M~Y!O1ykPCz5U(OHtX{np4g7dp-}Yz8>Xd=k%!E zX36PQ5)mOQ!06V{Q}9LFQw3$v2coRrbhkK&tW>gFRSX;l)GD}P0&HQSbk`tP z+_{BmBR9@|=Vbb6Iz9UqxghIe#hB(eU-C{LfT(!_A5$G&AEV34ZLwnkY!lBAVJ1qs zRRQT~Y=UucQunbbDg#i<@LyvB3zKyhb7~OS{Et?H_3Lm`zpK!{VTH?)&g|~_eM3ab z)BH!&_pUcjby6n&499*g+9;>|W`D>`!#~E#lAsx$BX%mZ=aOw`cBJe9kwr1E&{C)& ztjoNRWXcpsR=RgRkp{*rm_lK+s|{K>H3{twj)D{<|8_7#?o_r-CCiPI>VGDmNykjhDz1b14P%I{0Y!%gHQ!?Mp^oq`v?0-mB>Xh^uCKE@qTdbq?OUTALbR_97u&OHsQ7FC3K{TDi%)7-> zHh7#;vnER^Ud)d5izg_CB?C$L`Ji{xscfhi2O6co?AhC~q=I+f+h#}x+%uhEY#d$neTaBe5 z+MB?Ui@bMk?=eAJSAvFfS2hk>_Od^mBjo^e6;~xwrKaotD? z>kmyPKjX)h#GrrAq7pwXfqAO4M7au%E!pF@_E7@|?s4f5vqSZ8be2EZ)1dD7!MYyj z$R4q6lsDCs;G$!@tjF>9<3KVPvT@VANS$0bcHU1z7Z8T>4=h9-jaT$fz)5@INNyjYlV)s7I))qj+CJCzwXP-2e?;WU774yS|4Q^ z?dQA7zglz*yK(J||FxU?Rp;s(%IKepu^HOPUb`yX867+GjN^*Yd(@j^Ceb%l?wUyk z#h*LTCoFsSQSOfYMqo=6bi>2U|5u#Rmpq%WER;hFabp?&OMK!|leXT4KN%HJbJx8x zcOH1Ty=h*Lv>lqpjKIvXq=fz>0>B>6UqzJ!-%n_pG6FilieRk97X&=qurnKCc9-P0 ze2pB4B3VM?81Y>pn(Z<8YL3AB3$yO)WR(qLRue5Lb+U4H70=~(Z*qlunNB7V5Dur6 zEx7QE##Jwn-d5wVZbTAvH$b-NW^ezo2-*YmEq8syTKgA}5+p5b4u@qG#_7cl3pGND z>OrGdaw~&;8?KNG(?LYIX+jGlKcscJbE}hydNl0E?9>vk)+)SNjEdEF21A0K>cvG& zpLT(TQnjk_q6QoZJ*k|j>Tlr2vD>W%EnXQxIo*_3!Me>;RD^D!I_3pnIUmozPTYbK zv*X{RZkKyD9#?ejx=$Dzv96{o4_#Qnm4p&uP6C-nbEjsZj^7Zz{Ye0?Fxp^6(jn@x z0FS;Mc}?e+Os6ESV3kow*y8wG#eC`hqHkW6L5(IZqlOZAc#f5=Aho%NfJ=n7_ToSNet&C2ayMGLrgI z=VK=S2?Kwqh1kqi0kUU*+NYhEAUkj* z@&zC-x|5nac1_{D9AwV7Ut<=+#h}72^4Mf$ro)FZw=HLWeKnP2sv@D={cNbl5TbAh)bVY32qy)uPP5_D18GpKitaDfUa6^h zPPFrEnkam_mDdXcp2VPiz}$G@@h(JWB5Scpn|bM|c-%+#IMxAYFXr}Vb)AERfe37j zYDBW{;rHAxtBUcgORgQsxW@QwjBWY9>~5ixNaW_3`H0UjvcD$cut{;bv<`Ag6`2k? zSpR%Z#IAK*GKU00J1ZvUF7?|Ed1bHyM`F7}!@m$Ud3sx>-Nzipu}xO9uP{zt zn8064^huB%|2_n%#HLW0OK(g}1@1}BrdqB+9!*7zHiMEl!fl~RzX^v;G@5w3FQiks zh)r(RY<3t(G@$DdS?b{wC}Bc2#j1i0MvCbCdZWLfwh19e#NPbnEhQfqXZX1l!9MPZ z#VkD?b6k5n-$|ST*Dq-1 zy*3cxILv-IXEN#zfCUw0&_F#*d_k@8Gs-|t4Cd?nO0pABr5}zJxWJ0{3E1HHGAc!h zzK0tvX(AEMsXTfyszA&@^!xo+u;k1{IG?-*tXwN7a7-(IE8H_|@C!Si|4pvUH-C0p zrA01nimDw6w^p3?iqXnPzd>gcplbm6M$a9Cn)RBCRDtlmxmXL%%O>I-K(OGC)Al$&Lcgd zYF`*qS!ycL%U1f&nTYS4Lgu%pksJpN1jqjAX;q-SJPoT=Sp1JAkfr=;L+SMmA|$TK4!RLgZi>WkUESfkTAEyY)Iyo~QBtuzJ22 zoO}gt%H*2uq6`)9x>^}m*BoK4Jv9)GY5rINPRpVIA#c39-mFFt3hebF z&P@2xVJZw+g!T6ixUivhY0y~H;j{keblVWt&#vps2qK1sLUt zAZj+3k-Jkr7tk${0PfzulIE?+if-Bow9logoP|MPOq=w`T%Fb$RLGWf$=7E^jK6loVs~= z9b2OtsJ)vzFA%$^I=aX)B0$&wh+@J?TM4cfbaqCO=UCJ48LU{BdpTC3fXy331F!|U z#fQ6hdU=(<_s+|FeiO8SC1`1?o?!u(!&}`{0ByJ%WNG}M5dVAP&Z|eY#HgLQU5;T~|f%WcNk<5;@C`dwLKpfB5 zk{c{?hD~{p-nX{;vChm*>b4?yc&h*ux53k?!lV$&NKv~8tnfWOE&j(UxFqlNbI+o$ z3`H)td!DunSjRD#|Mf&BnOkH1W6ZhTq$ynq@hqK-xcWQJr|`1lI~Hr-e&pjt!_?lE zz2H>YpRN^BWRN<#qecb5FXbWtdZPop;NG=YX?dR}qz1JGLm$LPdH3#=`2WRI7a_R1PNCs zn=#sZ-U?-IWOHhpWkh9TZ)9Z(K0XR_baG{3Z3=kW%=&dy+*{HH3ga%p9U8ab?(Q1ggEj7ry9Jlv z1b0GkcMI3*tq)vl+icI{s;pe9#UXA(1aGzCgK zI=C{iF|+amG=MrXUM@flpo={a#3bixVrOjzU}t7!RfA^?0)GI=Ihb3U{5DsT(h$?oRh436`JD{_ z8^9gBr}ghh|BDU{m<-@=Hegc=7f1U)8vy96TwR^`Sy((gJeV!rK(5S=E|$zrcJ#kD z(6F)wb8vLA1%TgOfOfz?DRy%(2N%W_OyrM)-z5epTAP7$3H(C}2>hc|5>u9wmQvSX z0%wcqcfy(esy(x-r|TasYEoj7N>cwz{X0NwJ0R#!y?*;L2N&7e4#W)J>@R^mxZ>c5 zz?-`Mhc&n`uD=7e`zsaz2nYl_`rq_eEWlBNSpKyX#PXX7leCJm29u(kgp{(n)SoCF zUH*39>Sp=d_WzaP|4E&d3FuGAimIxL0DBW_2XNP!IGBOsb2V{w0|6-h$iOe4ImKT| z2LdGATwH!rQ~I~c|RmRSN_0jvO^Gx#{0 zS+V@y_RnGXEoS>I24}?2$H~zNU}0hh0{U570KsoaJ|Gi!aGScg0sVabsrbJLiH!$f zZf)iYKKkIPg7n9`oP&iUfbTCcIFf&>{?&wZe|JqN?!O{*0U}EF?OQ`vK1lfVl1$gpX|GqfDDpuD2(t%sv%+>)20s*+W z|EPfAB>q?2;DY{+8o(m1qM@KH$M`>+@y}8z2Qx==YX?hkw{rtbTwF}NkXXST#?HkB z@L>a=8*`xNpB4nLFgrN9f=vKUZmxd63yk!;O}P00EKqWU-D z0I;b4jW_`;8h;~h0E^b&2<%h$KZuV9z+&<@;svmn{*AyZ&HjUar;5e=9}pZ3@E?#J zz+&+?WCz?g%*^R;HQ3h41UzT$fEKQQOWFP< z{p+ayM+^?q3Fu<&_>a7?ftkAe1A=LR{sF-jf7^3`-MU)20RN5#JTzHcJskgG04DDC zcgeus{@k=6Ge?(yascPU{T~p_(c>S*0&nB>2maqiSN(mF{27d_e|P@Bo*MpObypWh zTcEbJIr!P@A4`->TwSa^^;yAFjSVaZ|NQ%t;s4oy`tO1K4{LF8M^7InPH+!1vGagW z3&-zYtURoK|HszsugmVwLf=Qi-P`8KDR)(lyf$-EuoDRpgDFV!Pn9K5X(OKigB4r zVeqAGJs;Mic%H2p+rd4ZT9ITg8Y(CFpxHvXmWf6~pk8Px z7q>*Gncw6je!4U`e@68LioWhJM7t+Z?Z%u9x-VKsO=0+}yYO*4Ob3z*KJA)`M|+PN zhxAe}v4^WQVcBMgUVug@g?eZoV8b>dYhi{X*!fytg?YvirNm}Tzr;eHAJg+2#fkcf zOSgS_bH3tiCy4#s@&4kqeFd&Hdcp54KR?c#IH&*7y-s%$kED7Qd!?Y@7KVNU?~_!T zE?l_pyYDFeNNW@()kZO`R>r#yR&d{n(cW_)T4VAvp(>Rt8s)4+FEUgi&d}kX@J>bd zs0j4&)*vz+N;;{3mlQY^<}uZF(RJU84F&P?@)q7uTjy#z$zS_rx!uxh-PRP73Y>&JgkEEZJ%*ihwBdP{H3)&FAiRT$Y>SeG8W-pLDuy33?KV)$};#dWEYQNP#e%=U7BiT(v zh@wZ4uN&us--hZVCC@B$*2^0Gb;pXwNgUXerN~2Hs_eWYtyq0ow$jh4&jO#`KK4Xq8a^^X$P6y%B2;mWg`0&a z6!1Mv9jzedZY+Hwnpn-V)1dO1iT1`+fkKZSNH!^Cwt)!WMTt+S|3q~Brk1>q9AEy2yydy_a>PRv)VBZA%(Y%^A*io zW%R?ok2ynmDhjsZXh`YUje0JPOd){-7%Yk%W1f9mxv{}3haS0-Rvsl@o%I5F09@}^ zm#v?Exk2*?O4XM#%Shsr4W#zmMxXeKq#Qt;zJ2UnZnB(J8q29tsTZ0)OMSAah=P%} zgIm*eIL9VC{%w?MoAe5S+{JHd@>vx=qtn(uQW_-dI>Pal*9?LH{`HWt28c%yqX?iX zYqaEf0WN*oGNBlE9+dE8cDFt&?0(~R&nR@*^a%YV`Yp|zy*tj-=h?>iXlzvJs+_0K zM|*;1$9~&4U-s^^JOGX15Qx!{-A|1vKU40zRA6JKxC)XiKQZO^HMFUYn3saiPro(u zU_InHWY%kD!G0S3J}Nz>U>WN;Ww)Ll_fD2Q^@G=*z6f5Ihkatq`o_}mcM%pX4*pqA ziRbJ^mN(ndDTu`{kybATF*uIWeJoIsfnQX6;R%f^y9q`z(N__C7?LgJ(aV<~G6=`7{qoZ)MrBhGnSruXUBxJ>tLJ0LI-vt*cO*INgnjNlvYB*v z{9lOZFPjX;&Gho(T@cd%l@@;{gggxq{FGFh1vN2p4+ z&UfgTlA3xbb9c|{vglhs1<@4uSV8jFj$9p4w%>t(*BH$t7Z~|G{EZw*Vy(+g|Ti{Y#qY;L2+h6*+1a zgYtA7b$_Uvu4TWCEw-+OUI%DV|t4mlUgAtcY0}WROoxM~A znYMxQIJ zE4!^sFKo)LC}#~tgf+YyYEj5X|J_vr)As>B`m^`L9VEDRc<(4fru>}QJ!se5@StAf z{Pdogqc~Sbybh5L_9}fnJO>15!u*eSNAuCf-*9{4@f&UPK%#Erv~u3GloEKT{Gf7k z)i4?Dsq}cvRLnCt(%uQB=P=#sL^k|bsLr+`s@gM>Jo^~0teQlLjFDBrKk?B8n`uXu z#o3`7D$mLHs58>_^cIhX9~on4nfEC{HZ-WD_VP(o^AN=QPEM4Y2cf%RbWNz$;M>-(R(#2X}y(KO7zI~pY`|OeQPw54Czx$KT|d%Kr|mu43CpOWwN?FTI4_;UQ+jh*p`X+` zN)7WGxTcYG0G+^7m^V0;z?qPM$P<8@B-{gTd7cP8*)QnRB|o)Gt=EY=xCX7J2*>v~ z*SI}i>y{p3@k^w^L1$QH>tg_W?0cQoZiX@Cx=2S*mhKjWg zwlEw)HICc%qp$rauKRH0=4SMdNAmU@gZs7Sh7@H#*+Wc8~;xB+4`WkfFfd8+D!>dnh_IE z5l_w;>I;Un*7r7C(o}uKR;5+h0l89#ira;2oQ?(&vsQu(T8 zq#)1sRZNXdIp0Q81$8_%30HA6eP0(a`<7~=?j1VtqxuE|&M(M62XPd+DIFTlWq{A3 zKJ%F702#Ix_W0P_)qR<5wue`Qj|&xqA9X8OTz6;_as5zmQ#`*f*_;T0UaeYc>vLR| z>m6kIP+jN^%6p1Y-EF)moavl~2QHW2K3PZwIb!sBC1(=9CypThpDD^cU~`L&)O)^keHponSH-0wLe_T1cZXqV=+AiM{?cwh)3({9-MVdh41; zYu$84v?f(zIEb&tk-@vvk^O=GnXb_d!PAu#GZtr;aEb$^!COt(FhefujZEM4QEn=K zS99n$$}le}V!*7S4b}OuX)r7X;{(nMab^1SQ4b68?RHM$BDu~^Sfgi^i|Mb>_v3fr z;<@sCDU&8Vj3z=}0&=W%TWiX80Zz?!4Pg?oRDMt#BGDql(O-A+B!WmF%VqSIUmc@O zDsO4HM}CkI<7N&%X5Ya~2ut z&Mc7XC6lxGzkA#lyDEGDIC2v1SQm1F?5U+-(HM_Z^=wpXRI z6({?8f=9JBl@sf6IVKYAQRUb~`3)f`=TqcI^(RaWW+edM789em9x zjo1`r5KFE=%k`;J)gcnyODf7BVl_x6P(gJf#c%&>RW{zIx=d=E;B0B)p$Z5bqa>EX zn|e{ReUxY4ajp-1P>$%db#lj-eS}BZ1dpAn&6H-lv_FC#l52bV>qBV_#+MXdtUda0 z&U*A`4d2lT;RuC)*dSbFFGL7u;s5mfc&$ zGwFGAcaTiDdjsb)1y&T^DX~>AWl(2onCBSpof4*Rg9zD`Ux>;VJ-yObOl853CvvbE zm%v}+8DkMM`JRD@6I4rx$k!ha)10`ai7bu=+SBZ80uH^^u0+(R`cdX}&@ZSLNw@2y zwqK=x%-B6D8OigCCg(59rxy?{W?jjhyuC~fz76LTzQvGR7r4BJw92%YFyJOt%?b4%}p6H^-d%G z4_jnuEmPzq--cQv%kBuIy0IrO#8#0m*RF#ULt%MB-??;2x%`LpKK#!w+|vtCX!u2` z)M$Rt`rBJQYV5PRj^_pAkv+06L%bI+vDNW6yaDLi2pLS9UyA|n=OzF+h4DM$zIbw} z+0_CrQ!_VS*CotO`t~zV=yo{St1Y48A1!?j%HOT?Ag2^NATo;pbU^mTzMqe^nAfA) z4eg)?Ow!Fyy4(wAkueStRt5~ zRm;xbg*NX%mnt#@|vu@}t4oqe9@xXu2KzM5es|Axc_^1V_3d1GbRs zW*+)ogmd@izHm?Pk!qKF ziy>(5tVU=S$r%!tHb}2X=&eWN+X_72BsuvJxAHtX$3D__pP-CA&9P6yk5cTPj|Qk6 zHPp#ca2~yrbxK&5NVJ++F&!aPhHpJIj|(o4n1tmV3p)fXlouy;V2Zi)TL-@zS1l)I zD4*)`a<3=Lep51#e9oxyr-*_gXUqB?HuFtBI{Yg|ipeg0;Xwf9S;?lHfp2!IHPr=` zIeamJ0e7N1yXJsY;(cKk4rP{AT;1I?5n6)?8s^uZ!5{X>jQDs+_mHH&as4{rZi0l% zAm-Fp2wtnB#ue|V$H0sZIMc{dW{OsoR7d7O)Yg2qE)>e~Y=3`O=Lgz9lOM8ia=M^) zu-{OtjV)qTATq0VL9n%RKznO|Kv5|_&RZgju6baR1o;H;FJ&nBdZZ!CfSV*-YK+a$ zt)-AudZyX$^6j!ef`M46d^=+9QDEn8sf zB^=mBj+KkQli4gLhs)!>XLRron+r?|QOXV?~CB>mV-VnOtS?t8zi{r=zld8J8anXXDqsx{HCi1q`Tt7|fm# zMW3V~O`CZH$A8u-%IjvYH7RNN1>j@vtG45Bg>`wo@7Dvc>gDH!*N&&D#i~ZkZ2KJ+ zaQ{G52^<|m%ziNLXD&Dm3Y44@bm?WD#mbmDFI`)Uoc<|5C140tTf)zle{7SOcn}{x zsS3deW|(lQ!b1`F(}@;h*v*zYhEeB%lWD@)w+#aj zroLhqUnm^Cb0M7s`JhU)lG?I?`AD*B5*9T2Ifpq~;UIV)muU!P;VtW+k6Nw0rwj*0 z+=NTgVeGh!RD~7IGx4DM?oWFH?`odX!@a5^wJ(i?LE$Q&>s#A6_G>C3J=TVdH(eUh z!CRFqi7a1=WtIAJ`yw%<6>?4@8~=b#FZQrk>@*vy7`C~kx7b1e1&CF~?x2b{e@=jd zb3!F-Iq;A9$dayFyY0-wXgkG6s?#0pH?|%zj#GU`POXPP$^5jiaHnef42yKWdR=Z< zq>}MeU%=bE`VnO-m_f$GJRKrepZ<~Ki0@2@;U!6qElCI4s}%hUNEikFHd9hIR%dN7 zJ>ZMR+B}yP&{ANxaltBObjyiD<#wq-`qt+T>G(>IVcQ`k#xilPwk;4&m`khDYPzn9 z3l?Up-AX?Hz>JY%;SGqI#%>o{OCr%-|A!gkFf@s(q4iqhO{H{=U5j|m+cT2wx3!fQ zdXTLN&%yi~hddgriuVe#l{vpg&A#WBLZ-X+XR1Mveb5YRU0(j43>eCCpbSqbaXcLG zkqauBTt9i%vR@RIFN|BH(~_>PnK5fVk1kvpk+e}Wu4eap=rufHIEo<%*=pD(v)rdw z5;Q*Q@kC1_;Zrk@-mPe0Jh9g|%p1MPf?J(K5p9~&7B510^uSSW_H$H|#Z8;kJjI8c z-Pw*rBXk&cx1$Ra%2zqggUnQBv7Zl>Ztt;u{T9||v2zt(MYt(>kpt^P=*%fp(NEm5 zj>dZV-G0o2f-n)&u%k~l3+9q`#_0%!G!6$yk{OxMmsn)yHY3&OTPTM!$e8_!QDeNFN2#pS$)By@^$sitW9puk-np2i{Orlq zyIQPnegOXPKv{}=CuTsjXsrSe8alDtWuov-;e>bP!CV6=yv*W3iF{L2|iDjA3t}R4Kz>2zwXS< z!}#=Jd!p1dam2>lu|{CgeDmq!WC& zSE-M3u9L3~8fFIb{1&Q+#GKaj7`J1XYV|Heu7bXPGPiIGk;xK;xP(xufQhO97~eu$ zKpdie?g!@g95ov6x_($hzGvY^-KsBN zy4Bcu%gn)nalP?`rSZe`Jqkyq2b?3#{U*+%u4QEU58|mtD>;@E8%!p33XYjrgg9P5 zLq9XJuV_Z-W6Pw_2(n-NYb2i^d2Ee8P8SR* zwgS$uux74>U;Fe6qtR~Ue=^5$RP5XWe{ySZwtC94d=!IZSPFu({KT{ezjdi++? z`UJNV3e?y5!IGclFqUdZZhCoeR!3Q9 zfO}qmMtkG=BBlo5stebXJoBsmIap)w*HGU@-R8_U1%U+zT5R}%_pY)8UxB5_99_M0 z?$(>u@XYWv1D*YAilS9!jXY*)cvpG<9>aZnL20AH`9TQf*EhWHmsmEH3}t&kLv&0X zf$%ODM(JbKiLgFjc`555*5sCZsMy{XtEF_K0wNn>8?R`NbMr>Tb&eoybS&Q7awG>l zmN_x&@16O6E^7A?9*jlGLOc^H5#bCI`aVK)NRmX+`u!JEGeXrWDBuSLa$i zWuwp;QpG@m21EsovwYJC6ReAjW>a&onK@U5m9?9xS5wHiYgLYTbAx6%Uvav5Y$Ol{oD%Ckhfkm?Y*A>^aioWF4w5FFGs^)83MLO7gqlY5AF#RJRE=-OffM_+_l&ybEkU|_jGqG&E zZ)iF22{y;%GeM z{GI0FcOU$ROfvq`4|Jiu^QOR2gbpG8m2l4A%!|zE za(KwyK7dNs*!zJmbKvVcOdp%DWOP-+Bq=S)lY2203xbR`9--Q*GKXJI)UC{#8-_Y* z7s6}xT#h-6**ni#4SQU3J+z5qk_E`raf{B$<%erbUW)-U#KygOBe~IscB4<38(f=^ zNZC_pvZCdOX69)hZqsJB-b0D?7)WNv?n~%{TqVg~#_|)D*r#;5gM!2HckzZCq8xL)Me6pE?5_VlyX)V;J_6aQN|S6n~% z`Dj#?dBZeVht-)D`c%XoG5H{9v6K&lNCD+Ut#qdJU(?Bw(whFeVlr5o1+NU)b$D$ItYl@SpP*n%*5=$@O zvCA7dUSJt+miqDsnMqJ}nL0h|V>e;4e|9;2mly&laak7HZ%#lO)Du@4xwRA>UGn!o z%0hLrL4(ChH64E9p!7rBc7L>Oozlc%VfaLMsb;aI^2G{oGNbUN!oX(E$rTG*GwoSz zN!T^P5(C9(geM)~5fO7|u&mdo7CWFdxqsBftz&j|QIx8EqR+@bAR23}A^w<5i<*E^ zjiK=#t>ugzDcrb9ZymE^yyg05-=1_ni`bxRfJSFk&`D=ypO}K}rN=Y-Bc^sf>Hrl3 z@WitNFz2xteVXRGrK~#4X{rz#KZ?-TheO#&BUVRetT<72Fyr_Y`!4dfFGR-loKZg|@TW1%jf5(heW%NWFlcnk%Pk%jm3X5X5! z_FJUTAI3fiZ=q65w4-BwfA4Bc?va(}KD*oRAX7SMR9~I;ojQ2{KMz`zH`%71>ocvL zRq!%Q$KX1@93X=@|-n1Fj-Pe|R}wd@NfZMe8Y5`uHP10|(~Cp1eOJI+~ny)j|ugXS3-WXJflr{!xmAoa_BGoP*Rh?FeO_l%(1*;& zgN|&>K1G)z$!VwiwD!zyd%Wqtj$~jgCw*)UCgdTC!t7ZhpLoQL4|}FHTtmvS+!;M# z>3>Wtv(Mckbj8=|e8Y!}6PDbBhv6@3y$S2%V9`1Ovdxwxs1|(1wLw!ppk?m8%52^? z;GRG|AQF`MIA$`Y(c;t$zMj-ww}*EeCMq=9V3us??!U9oBJ9gbo@AO(>6{HrNuXk( zeH#ujpT_!lc*xS^t)=4SE$`D+hQWNL`Xqi)dDcV^QmH0HzJh@(SY7$)CT5jCzewRXZmBg+QN6;Btay zrZs%{YGvxRwrs`s(t)0f85JiRd4_c)ahM4u;z%sXZB8tcqAj>-Uw4~arN150MoM%Q>gyHqn;~jS+TMvj28x#Hi5)o=Ic7p zO^e4{k(E?`9Su`mTAP@E_*^|NqsaT`q~TJNC6Omvcn(F0AQV7Ik_C=jGk_y;sR@)va-7*Y8PW5z(u zT5YTYOp2Q5221Ytnw&!uR8?$OL zt}nbBSY03oBa!Ja1@%D`v`h0=xX?BnJCle$DvVzV^6zVse|`*|&@?{@d7LqLBkQiD zoQP`9_(@02*hTQ>Qpx>Js3}Q@VnfDN&btJQ$-ir>5`Gmiu-G68$8&YM3|Za1v%6h; zRo>4N#xa#l@?6Vhpk$P+Yes+0ci!_&ZQiTR;8Y6DsIJfJekde`%Qv?4ifPPR!C5m{ zA7?gvxzEQ+n>?xCyHR=Pc?|iZ)fMaZbq_j)O8Kw21y>5~HX@F#Z#+G@Q`Ma(@Eg8L z17lV2w}efOW>H0+2~H?ot`k=SyAY`Q4zQ~So72=S*!l+}k*L?UISRyCA& zUQN_cB^8i-3%3^Nr3-jF#q;&-R_u+)QUj>*0trl<1lfr$<1iP|9bDCQojdyyL?`bo z(e9;%M7)rcU^rOary_mWM#d zJ>hmQBFu#$xzs^LMK^BkP9jb5a~9cm`vCZjJpf7BFX~pxp)AOra6ymmJ-qfsKDRh8 z6zQwG4?1|?TkzcA1Lo6O72a$<7a^9lqGBxm)PF=jXe6ac1@8K{=o&(-#dnN1>^=KT zJrvR+h0a6XtUd3pv2hLzLCTX1UJD4T@qcFPI1>Nh(NftRZR#ubY;`Q~NO2CE_C0v% zV7R|tOba8^saUx2Tt{*xIi8uOw zRisO-ZpQ-#7bR>M0-qCOMfT~V9=$1HP}81S?Yp#RN%D!?i}GSvR%1kF^=ShJopJlQ z6E^5JHqW;Xq)qn9`kX19Xru-*I&wXF4LR^ZKZ%6o6zm=%coa^e8tJqys!_FWvqc-! z-(8+X>c>&oAOmjlLS|2~bCw-#;BR8qT<#|XuMg~|+*~#G%QDl1LIfeXxIdP@#S+>L zvulPfZZ>vS<83087b->>BfVMnJNGKKY^!${4_2q^_N5e4rvDJWv68HupW1C}HHC-< zBP59MjL&+GgDV!exw+I??zV*wZD6i-I4~q!qMPM57A_y!^UURHSgbDSr8UFueAB&; z?Gk%$agr-RKxK@-)|BS4-hv}}%NeNcM3_p^8|hPWuHp1#X3$Ja61~=txbRp~VpXT3 zCu9s~#ZGbVQ+w{R!twcvV%6}1_515gniYQ`feO`paVC#>#GnQo7gVi8D zEBjB+q`T+N`$42~SnlMjBuHQov*23Qc+!40g^1sYdQ~8ZDW+qxEi51>N!)Ar+ zP7fLsFjpcgk{q(NOy8;P^MBok==J@&8A#AEj9SbQH#iKh-BVJUsMe1#ZuT%BOB*g& z5DfoOR^6qJ0EnCMjDl~m7~-g@eI2?25;&r6o9XS@I+!j~#ucw2cNFPPc2mnSY!waI zL`6ZNd<-UuL}7oQN-5qmTQ;`?o1aajJ@k#MP z6^6i+oKY@~71Tp+B;|ml%n)(?C=kjddADa8s)(%sS^xGD+j?rwhrUbYNhW`1im37dQ}$M|_y^rD zC9Lpkk66SKCrld-KK>!=3@)%b>7Fc*>^P~H((7$Z7+8U;Whwv9Wzu#iD$1v z&GQ?~U|hp~p14w(u|~$|f6B14jt$0M;oLuHqzVA>km2l|oAc84th6SbbDna;QTHW`e*S$><<}O2L6-_2>64n?!j{H0 z@(Ve-SRd5>kAH&cNg4IrcoFA^m|P5n{mg;`os0D8;1~H-T2Gr@^DeJj3qe)w*{(OY z)<_*30*#zy5UqCpSr*5Q%O&|Bu0QCo37N9GHhmA9Rf0Y9u1yA zhciCLX4R(Yx5AZ+Csy4>v*k%?x4Um>UIoCqS1*`VBSeD<3BXk=b72_<-J4gtR zn`B%wxySUJEdJVMUE-dN$so4Tm-{~VT}=~Ka=E9aE~fEV)K8s5pWJ}i=KFf98@<8D zFq1J`up)d!aDj2YiLmvGtr?!$6qp7nS8vCspFK79IP*AuImDszFGM7c-mEOBW+&aq}aHCw$3~{0RiBBNMF8 zXrBH!c$5lqK#YE+Idc_47`VrPC#l5^$q{V4C^wnEW+1sHVuu;f(2Y4IA9^k6G-qw$aoJ{vrdXe$bdp=cbA+NZFF zj<8<1Ke%EA{_$nlh4tq}uW`psto(L>By>v_fPt|=2>PR92b<`9f@?x#V<7Ly+c6-Y z>14c**-_SGrCEDIi!^*nb2`w^3_f7|i z=XzP^28A{4tV0fKA%E2Hy)a*7{yVIfPsO-CW>ApCyUcmq-B=l@S82y7=gdLTTnATU zgIZu)T!+==m;83%en1+UC;IpY3hcZc9l|X5&!}GFr4UK56bMO{MHR~vh%B<^2FK9B znS171#+zuRvxh9u*lguxBuMWv8CZr#1P1e4aE7bGkz<3DfNICyx_f;T^1QFIAR6rL zwuzV)tuGHc3{MXCbzv?)g-^4A=wLZ_Ewfd@G*2k0ZtQH9(8^V}ocDFYdTIY`{`jj1 zL8fOqCDg*_FpJTCB;*jNgT^eEP)m2n!6`!^5}yQ8IK`ndp<&0pKNYA1DWoRCr4Ey*Y4?jF_bvSg8|z}gcu4UXVgE& zZu7e5mDlm<%%Gt>UVo6hw%fO@NX$6w@^`)XrAxJusF2JWvfAw@iAnQGr@gvqqjl*7 z$T*RXBjS#eq9Tvtx|s6o^{)WW!M&xkoWlI#0v(AH>9(@C5ObU`dG z5;Z@VJ8rRSpwICEOG%(0Fq@2xyRxBZ-#y_zm<2ar9z!%7s-B5&?;8+*Tlofp1gQu} zKi_5P{-$OZE8LG54CFr+5@;k@fK;bqF5onmo)amqpu%Nd6>na9ONl{RE>#J2Hw4!= zq<*MhaN{J9ztW)rid$u?f*}-XHi3(bK3D`D5Ja-wC|#04Iy&A>4hhqW`5c~`)1M3FyMs816Y$GWMqE4*DBnjbMHz!NDLao3PMmpuoq_L4s z<4k|i8?3NQ@ASyKJ=e1-4YYxYZQQWdhO;<(lTFy3_&AtZl|KYWcPlY&VW=PXyQE`vMz4$^V!XPm}NL`{pggGQ-A^$8#Ofvt>TQBo*?{g zIbW)^KrT@V-R_{i&-zExm~(5#TBlBP7TH}oo`dW?88ap#61%(0&3?DU>EGpDH7%(< zX1H3hF4z;Tv@(#nBCPWiIB@UX)x~lQpHYkYV$hsSuYHo*1Ch|GasQTGi<^%jnt}A{ zuoT9j01y(j(mS3kVzY9d=w}j?xiZ~i^uw2uLaHh-yq=hB35vf!)JB@Ivgk(^unV0# zbvDD7TSK=Db=xk`I9+&|D*sunXywsHW_uh?GMJjyQ*bjFgh@br^;CVJoL-Y8ek>7x z8-`5TP9zvFR77e~RQW)@=-YKD$F@DEiBM9Ch&=!$0k=j7Q;tQCCmgb$uqnN{elh^w zC^QDS&3w})8n&o#ZEwKiYwKvN2V6{A-hAU5w~HpSUzm<9kxk&@yWNS8X5Id%WLfku zU_l<(`v?)@WSDt2-;s;o!OPz*a2`Pb!7xv}qo?*ZM~`}9#L?U~?Aw-^E-XMbI}|f} zG)H7U)4_ZplY$Sc)~;0M{7?)~zCEb(GLXg2xc$MS)F7Op)cVvK!$UF_kyf#h^&m$X zL;<6KfS+;<+>2&LRKTjyHuYVi>?l(7@{1F=Kp*s!-XkG9mGAN4W(m) zpOl>yUItalQUHJ@*oz))tTM{gQJy3Jbm|Xqs>_#!2N)*`v<{XB{fe<}_-k2I)l_^O z%~R|AyQgZ#q5Al@_Jf@xr7Q(GP23?wP3{&K(`5{PNi-74BY_2AXMrV zZ04<7`-G7)`s?!V*G1NA*on_iLZt1NHt+DOy)zTeUwJWmd*us*@B~i`Ma15RLs<1D z_a>wX^rRhYRg9)i!y%&4#6rU&9ij24`!EBOXcQIo`-Acuyb()Z?OiS1(Uo+ziYB7! zz816&lZgP@(_d4aiChH!?#}@Xd;Vde=7E#!k~9amm@RB}m#VnkT18fc@QtJGaWRR< zb%wW#!0#{AVLvsUh=Zn3^Bey)bsMbM9_L{4N6LF+fdyUX)IRc@$n8}eTPjv=2S`-0 z?au1i^SC8gD%`)QuwKv?>`8{YGZ2KYxuRmby$~y$AjYHc_vV!Kzs_u1!)jU*l1{)5 zo54m-Ng@%Qj0|zYdRIA=w!^ia-kv7mm1vJ>pIE`$c{ZUZ{44d42+_Xmdpr~MK6(Y? zjj8qYehD`>9h9L1)DRT=4;kL5m+e}1;#m+oO{ey%I%cS~a4u1oSUPHa;J(7zkG^Vq zqq3)x#NT4Ivp*Oa$NTOSp^HXf8NRs7R59MpMq@SEtZantP7s_*gHq$VJ}6OrHUg}O zV4Dn0%NF1bqo0{8MWn?8xoyvq!GXG}Q(<~fvPNDY$|HphH6}j%geu-UC)2EWXKMgv z)0PtRqg(9(up`DZ z7ZiD~FPgZ!*-%0|-Fnz6x^H=9Gg4nH0+rNJDYxVGReLo&sK3?8z6op#EJRyOdi5Cf zk88|H$3nesGe{wm{p-kn?e`~=;$-|NPr0IBk>?TyQSqV)Pg_INs+@7<>CyXSG%}Mg zz^MZX#5|&yF1>D$QuU~NJY9Hs(|4*dhN9G8@z$;*6R!RgKMh_M)JjB+4>aqJS~nc& zRhDBeNqJxhdB-2)sg$Gj@Xw+m4JdQ`FgH^OYkibG@Lh`FOZ^_6NMKKiPaUOlFCrIx zW){1M{n^zq)lkaS2nuD4&d_<;quxfm`2!XsFOJ=iZp$vKX%r3ADwU?Xs~%a3r>?@M z-t0dn@qP=At!Lqv_DXGoSIxl*K1F-``%NQek7?&%E-~@1=cF1MZou=8bv&WKiQn`b zLjaYiC}y4i;}_?E1Y%miJO^)Z;_>3DkTF}ICrFJN+N{M%AlC|}`#gnJ zjuJ|0Ye)Vv8r{s^Kd zPLMQH-ke$#wB(>JLOUjY2elqH#za9K1DxgH;Iv%lmi}CaBHjcAYAs`{597(lh20;Z zT@nB0M!vugDNxYfqcG0?B*rEp6DFVAzW)P@b4)I(h~keFjUeZ!pReTD z#I0Hf(FhpSN#e?98UWB1A=9>tVg@e~$@DZ_)gEJ|L#ts6xz&i7e_rm+T1nicb9AsY z+zkz$4>;@!UJhY!4^?c7a=~5T0ux`p%*EgUpT$)#3U+j_Djr|30p~R_)d79F&opO8C*I zLR*HFtm6v^4qd_c{Y~-_G!oOnlAezeV$Bdiakia1@->{$mCs4ET0R_lIfx=AjlI!! zGXbCcT?^@lykwkFFto=5^$ws6ifxelWHAD_h`#I~CX*QYbDKv+6G^m2Z)uECwoj4U z060{68b40502DE;BFBf_Ge0OyG~^398XpzJ+%0z|xad=F1ha|`j_q^VQ9SigK%&nx9NR~5Re<{mt$hb z3S+xBGH8`fekg#%%{gM;hi?g)PnAtzmjnT<*SE)o(~m0f*9C&&ZE?`UzptH%L6rgw zR{h+dW6~bAAR~y!1WY&AYBejRSvlxb+SZ7?HLk_hpMeyI37|>aSUl0L$WdQZ=vv-O z<>uB#`7C)Ac#T_JQL21?XI^K?5boGQBU5-gl|sGGSB>|MvI^V^JS44gNA$VCvE~r! zrj6^}qstWN-f&V&kdGmG6I(+t4*sG7GG4Gm80y*oh1WPj)+A4@h zCCsRA617vC8H%u3$upg~uf@*_1cW0JJt8UaO}7Mf#pI>uTg-28VNSv`?lA!E;zKx4 zT@;Q(Iji3tJEFUVGflAsFUvK>Ou_;iE<2LD%XHwwA~i>Os)FG8nRq63T6>$&cdOLl zSh>koTj1Ta%oh0j^D?Tue05KdMd|WSjn$J=wqoCe;;v-YO!JP<<7dccfhI13{ZF|s z+68RN5PoqIeTmhhvn6fB()F&L@-7GH0Thc!RJTF?Ir^88doWU}tyOqCU+7i&H$CKD=o`&O6 zzquO`wzHoZ!k4}mJEPrzw1J##P)03h`V_!SUQhNgV`q@^OM2z}i~8A(mI|t#^WI4V znb{&}jGm-qCAX=jmmb042;#u|ajlaE52)MGAr}1ERc+g}5f_KENWZ^!o+oJ;X5|Ax zm#2^m9l{*MZLR{UYbTy8-)J;6ZR$kVI_E_0kJz+od~2qu>)`;xe2in+N`EcA%aR{P z&qTf;?hxb-no!JkZJz0tS@S=(f5Z@S{)n6Ev=YcYzh3kMuheD#`!x?}0tg~i0HiYm zne|AL9cV`K%XLi(R2G8{vvZDoYC98NnGWS43@Jvn)!aeq5?(5B7uLmdDrwx2Wl4nA zt=ex!U`qO{M6<-n3+?J>kQHCNa8e2M=tXB5X+r~Z4oOv6A0$oRrKher;MYIdxaRc@ zjP>h^w5=at_C(fO8WMmO6nG0tVAQL@ciA)w~;Ep0bosFs`rZIkj4XN%8 zUc^7SSd^%a(rToxm}u>>0dG^RIH8#jg&xIoi@p(T6?Y5gv7RyiS8dL$g5&bfp{#_8 z*nkds(xL7jAw8AC73=fwOZCrYh{_F`9o|dyelzQ`d2U~z$aszeOXZjp|GDQseU?en zU`cgprTf$ZLpX<1d9w#5TgE=prJu=Cf-4dA1P!?CHIrLdt7xy9)Q0oF*jeZnq>uXQ zmfED_2`Qz-XPu9f~`mT+|3g%}o7n6ue)Z)tZ2wsf_GmO#)E?#^Mz%Ga5ft@+{( z1mL1&JR+Poj@{Z%MxiTdTK0zk|7?yZa@5sjI`e|}GUG}#eV?vLXcS$9*4=`2VyaM* zUV?|3x(20!?28#gE=``B6&iVj?={MMdg+M9jK<`2Q!sO>=)`{i>|6|I62Qp4qZ)Zz zp4`u^b)=^`cluMFNpMg^*f&wsODc6)dXz>&M>^!yR@cW%Nz%KleK!M(58tP@Xyd$D zh=Gw$*Pag*$e+|Fh62L~)U|^dR5$lI^V0uV)_>OIL&B6~s@!bEyRe?f9AyfAV;!{Ory$|8IrdoTj<{zY(Nh*H5 z*?SFAj1UrDw@4;mc!RUWgLF~yGpl*y(!7aK;c|wS5*o17!jS1Z?{Sfr@s#yv^O<7q zpB>E&Ki*M6QJF;A=nC$65TJyn?vGNJmyO5K)miAr=E)(wvd)-_M1yr1*d*ccz(gct zi3 zig$b9kjR2}~QNiYG&`3g(8aV~}-#$@OwC%2Iy_8pIJZ=LXFV+$U0gAUuxI<~! z>{oIC296_S;^Rvz&uJSPA4?jcU|*YenTdJ8kxMrpN`I}Gx_QC4xEs5?mr_t|RIhZ3 z43W*X6&85UN^JSYmo-!_pK_{Wb_IRbx~{)NuuRvs7vtX6UJ0qk0#y-&C6Lp zU$pJ(=NDNPdXTIv*SpJ$?cPb@l&e|LS8!N1tfTCi?l_b(i4|T=FtJ3ihsd#l)MkdR!Nq-$#v)k>Tz? z?Ho>Et6}(%nS`eV?Prz1xVmMh{|*%Fdn8>^?tNb>c5*>4YC|Or^ynx2!uP+b{_GuN zaVn%0+NDO)r0eUxkTVh$|L_F1l3jx{-&hRt*0Yt?o?!q-fHlngfUb@)JT#Oa{)1+I zDOSNJ#6t3^8#cac{lK(@@ox?NO_x@gT?B;qMeJU_pp-GswL>6C?Bru3=gQXwS3_2U zIqevOwvUYsLIof`e|Y}bAk1N-1DuLy=G!NUO&s%k_+x|w6Nq&63iIbV09$E*%R~3H zA51fW?eHm}lJHECYas0JH>`9^i$rVYxZI_4IJ}6tvwzjOTtA%pnGPSi5DX*qKMyFh z|25)qjytyt zH0bjPnNOJf1$T-Rv!AvqN8^Ywi2;9reCv$ZB$yMH48cUbz2H+9As%T&s|TTf3=_#I z_EK?pl@o&`u%DhIPtg0FyQ$*1DndaBa>+RP7?9WUiQ9ZOJKC)_j2w3uA!V}hP@GYr z97A%Fek#AZjR7DE_(hCCd@jm@l7 zMTOfB*@nAaZJ}%KJAnwS%uNZU$Tk(GWvkDcy*`m`7t=l-z||?+#;NS?AvK0Po&jgE|J=S8)rp3J@o;p(gxME*~ABiTaxn)(Y51O6)SwU<-% zce{7mY!8>p5A!^bgO=M2ODU709y^H7Atuc2aEN~@%+`Iey|7V1o9;>N+ErtvenAlW z+>|)-jB!ZWE+zK8grP(-BaG?rMJjlM&Ws>7F6lh1;YodC{A8&DA(@ENaZb#;RGwD6 zk}i$W)v0{EVui0#C&t1g?z4KyMJ!pHJET1HPVt?m!R=x|7CMu^Zd9r=izw*sj$ zlWHc?O6LBgUA|j>m?jiWBxN_Zr@}s`0}G$drE&bR>}A=G4J8c}<(E-aJdedI4Vn?g zDgQ;bcZl6z8pfGQ2$s-&O9tql1@xUdFfhjC0QwZeW=4dBxhd++5hA|mk zO>E9ns@-x?b}@y;`Wkaem*21Gz?tN2(6$;eMZm7%5KX*SJKHp(cQFB9>u!2?G(9Oo z;IBoF4ErskaT0v0KmNOEtNQ8}fjf-SbNBXRRHF_nY`N$nUKQh*%%W1=&$jACET(e%k|ov8;y zcyBwDj|b+{fE++&=%k6^&BnGkPks|4C8BoA< z(!BoTbfN-k%{-uS%1~K6;S5k7B&`B#)IeA&dHsgLy0FmpeBOjXt!~gG6d~Bd^|H%D z`fZRK?l4cn;EU4EhB6-)d^~gvJu1sjD1)iyHuIBI*<&@7TaN%?fbs-P2@{YHUV0vY zxQJQzL^kj>-z2*2nu;%Wb-j~h|0YY|Gu|`GP@~WPo#iiAAmpm8=F(0KEEa8`plY&< z$;k96%JkE?uBlDB!-+rvb$Ymm;nA`cP;|y^o4r+vH)aJ`XtJQG=Q?6YkrTW z#*zsdb!#4LU(M`^Mjp@b7DdFKdZ{Y3bRd7|*CwIopyv-mjYlu-6(n_DvhEY?f15rV z_hqSU|62rH)RD;F9*?j)YY<0U2}{xw5KxVp(I-@LkqCu*Z4$(jY!pODTBh>W9FW1F z4idpm-=s_l*_vY>k1=(&afR}QeD(PJn;_x4K+32=0vhq*jIjwur3}Ar`S_OY5#y77 z#g!0yZ*ZmwNsl9}%@g>|#es$pOLT69XBxHLGUi4j9)BmV-ZZUAjhncB&X;S*>}0>}L(5*$Fje~3L`1_i*u8o_e5VBBdcRRb z34P%$Lv%C2A;61-_NjKU%T2+ZR9{@?;mue3A#2_HkmOrAcrIQeMS51Os(y;SrxgwW z^U4&u@n`LdfxeUfmZ>&`pZD&B(@~~A{UmNIfiXR>@E|N==9WJ0b5cOM;MT$fPn`uB zt=09U{3O2@w_UB{u4xrl0f5h;hpLRk*6rq8?43(SL-^)n1VO*uld&fUhFYpXz9S+>&94|UE;_zGe0)VepZS-L zOJ6=odO!T&1g^|#m-T~YGI>u zZ5!S$Z=unSs=?Tq@rv>j$fn?%b09j>!=s*v22hk zmQ$=@tCZlMSkCWy{#h_4iY2F9bmi#50&T9Vl~@>13^q)pLfsDF!bl;!u=X>}1qIJd z_)B<#umIJ&nxz?$gik46)K&<*5oX%6YV^*ea?i?a(2+G6^bja#I`u9s@+4QJ&RKSq zns`PvE%JmPFGN)8m)J&}E?e}lx@Ylgy~ZxD8yFgM`;?#*p_0nwZ?*q(E8nu_=_Rom^*z^|NbV z>U5DEzA(%ImY!yvE5Gl8UbODCGF8TkmJVqUyk!QnrzNy}YM9PU4~FGGpoSW~qviX6 zxn~fb_FfRNUn)$FZ!)e{dNoHb;lv%KGr1GRX0x05`(YoR&1RTiXlM=k3D?!5?TEDz z+?hT66l^Rxe3>J-U?52_sZGhcTvwM3hb&4SfO~05fhc&L=vLnaR0D=P*+SReF)mZs z>)P`Rl$~uI63JID5(F z)v?3;V+x2@B3lQ5Pxl2u=da0s; zMJ?f_nowbIgDuwQRZtO}gfLW`KLQp>v#>HC(#M?|Sv6~SLYXk07NH*2upcuGh~7I= z99n{nxX5Yo`(WIh@TJZS-N0Y7&l-(0afz<3OfxNADbEX~!VGRGHDSna-lS<*qLGME5vxj$!|Ku~^1bWV?$;pQNxRSdGJ>f@(+vXjj zcGjoiVk-y#9^k@i$?+}OrOegQMfi7-S##G_samuBf%%1Qpknymr9ecraoz-ahx{nx zO=sQRdP8juTa%A_i-yOUdmoTkVYHq+(q5fhB>(5hW5rV+{wf7$*|qjMD?)#$zgu#Q z3d)t&PZc0@w9H6x^I}u7h!PVneOMR2ZaU=!BPAbSi@&{h6UWr$ASI7YEu+@s_-*ly zWqg4B-5TrB^)ZzQ_GLuUgu>S7h_*xNGMNb-;9gkAYVpQMJym=wy3|>k?8^RRMt3tazXC7^;j)1 zDR2vAxW-O81a|aja5?~OTZpl0hTDgaH?85#mizW4Q{2fU(h#y*qhz5yuh{nau$vGc z4)Zr-h$>sJm2|I*#itQ)F*UEOId5Y8m8=IKQ>7Yi6^*i-vExj0XM7(qo9M3W2eQoT ziP<%YFThYg>6LJ|q07~6o)6KUrBf6qo>u-{Dm4KOY!ev^t43?j3ie_~y=YEBo6_pm zW|iG9u|*l&@LQy~6HrqBABJBt{*6=BjCZJKMGoDt7&AqCm7O%*Bn3|ROTpq;cwl5u z)WVqF(|7!Zb?4$AkLm2#K3)#n_PP~pqpVevc|B>-U1e;DIF;4qd|CGaN%2XPAJ$&v zZMo(Qae`??6KlkHd5h&R%}3UmevG_9S9hsO`o9dw5%{%GDqJ{J1r{tjIo;RfOg}(a zLtPe5P+s<$(e8 zC${c3w-0MkLqEpttynTJd#Fr5JK!m`zc_=LV zUCnaNO1kFGHb!sXzBarZWQ^F59NuvHVe_l3?sj9t3TiT?Zr@A!gOe(T!>gekU$`~h zbb)7DgtHYj>@|z)z0s}liw=j4A0u1o1=)Wysm!!A0heAM2cR6t&3!kY2Zt;D;ZpPw zEq2%OrL}G~)zif!lB&N}@Ua9Psz9?`yROr!46)e!AS{$SoQn-N74#WHb!ys@-t@s=O|FD!ay`u~MR&%nUM{9pJyBLNdTBkO;= z|B0e!W?^Fdza;wq4-~ymk_Y>e4f<$^@vc{ia)(DKz74f*{ z`lw34UxGa+ycLTPCTbN z3?4`V5EZa{cpfqy{Fr3GxrlJHy*LJ5$gug~owx}A5ix8+QYv6jKLCszsmViJ1R}>( zV?rDH)Ug@JKdC=HfRch@VbUKE1S%FhJD!#tru#__&?lM+&7b_Mk+_S;_tQI`ovsmr zKo%_pU@Q@W8tfXLAb#eE+m3ky<0KYj$Pf3*?~C3IW#ji(M4eE9cJm$9JBS>9JX7!nG;7i`aAXH3sj3I-@bsEA%1xf=cAR2~2U1m-7g z_5cg&CRD)F1MtDGGrGYYCEL4w(vMBz=AJs=%JA(rh+uns@lyx>1XRrM&i}wpl)w+u z_=lB%A>3~^fP1&Ml)%PueCh1rn8|PVP;UkrgB>kkpdEnm0SW*nEa-hP2oNIUD1aZr zp9p^kp8q4EGbMFE|NaQ2Zx9iBkqUBUr`7QAaUYf{>I`*eDT&=F5U1Lvb+_4X1w-?V6%W?+=ff8?(|W>@*;9^TgaX zHkiejjIM7#x6ZX)?Uum=LETQM}!1+(_3ls?HGkn%F7CS1V?a&JP3&kDv$xdfNN9pI$;L;%Hq zMclwUl8)B*3k}_HR6EZb#%d~N_9I?){EbR8zD8EbCSwJILUm;x)U{mo$6>9-AG3+g z$1go+-J02HRFVUd1NZk-F>@!e$t*5WzH3ZlJ09(|BI2X$jlp!vk?{62Ovu~Krt0cF zoU5Qy8J(b+*YDsy#!ItYsa#fR!dB--=AHq6Z$pLvm+Xs52 zty*h53}+lbFp9zOmI8iHL~dGX91l{vU1zfMja1&z)OJ^_5T(z1F1FZ0Zf9;=CHYPH zmZpqZN9nB4^t^ft=$(#SvM!L9_}L3t;3Z6}OIYnqbRL$;DL;M|GnzH7rs<{r$hEzd zs*W;~F_uNP_4?b6m4!v$Mzo(WSm)TF@yP%zu(0Jq(?F<((_;7Xa8u9txJ?4i){1F> z2|^^0!>FPnx$0;>`!_(|;V$;{CQ4luE@{F(&V2xMg*vY4wt2y3B$Ss&Fn0z5HHLT5 zd9S|_oqm|TEo!AR>vnaBJNUGq6@TbjNvk=AX^dst-uyA!`R>x>NSmRl8ort5;F&(w zEGy{uvcLAQtXsN#C)TgEzO=bD=RivmmM=tQg90C&Ud_Lw^)x4K394qHe8rd5v2qfWI3lk%GoN8sCn`wzEK*}n_fM12 zTo)f?BGY~oHQ3e!Jy^8^D-VQi=A#^DE*;fCB$7hf&MF1tcXI_0Py-F6aF_vN1S51! z49e@&0SX(Tuyhdip;Zi%4asJV^m#>eUVNG{PA!`8oTf@eH`r^f7>zzpMk0eO3)<*E zT1=3dA4h_LF@##%R29~KWT+eAW==dd8_>$Fm`@+f8>qMKwEpltJ-`8RM_3qdoL9EC zQUh9|?a4g)Z>La5h#IIy@rAowj3L@sc#_Y$d}%pZ+fw%Ya(0* z%nGV(*pn=Rdb;-2Le-V&cubEzNvgVW*0wbI=%!fTg6!{oQUQw=dyoATg=@$2i|PWY zbmQSaIct?pPW@blE3o8E`?AO}VyvTJq0>3SoN7b#j&=Ax9&0N|KYfe-uu_nATeNI+ zT2NatGv%1ljRy?R7XV@s_;ZQ5P89^>2rnsZ+D_9g+l#UZsGcRqxmE;0q zxht&~}uzQ> z8k$RB!ucS*xW@+xV_lhS6o0SwN^_~D-sYYky1L4^pzWNw$YQrfdD#-F4#8OBgFOW} z#?F`|ViQ_L6qcEKFxCU4ERhM0py3PgJ%OxCTKRW@BRe51mtP?4JuWJ)T7C z4VN2QJ=IcZ2TCli?nK7A;JpB7e0^EPP2_pnrxFFoWeZovSoBg-k8lhy!@D09G!m+tV1*;ZD_6!8|#NGuNhGdPW7*lpW%1# zj2;Ia;E@d_;tsvqVu*5W>IEwCJUgu{-PvgUTrhp596Ai*siw#1>AQij?=r25OZ0)f zoz56nr_BxpF3DD6KT@VgUA%B$&QE55iM*%&ohJEqbqh4n4&4uC&gbW30Y2jc_f%d2 zN-kI&PVQDoP1LTTTy0eLdVO+}EVh2vX@Qw06>V@fS!5G0YPqA zPT!M1Et)E)XNDuZNkdD%pbEMfwKoxQT2t6!1HQ9}6E{N@@$9S5plU4&?>;_B^f`D7 zrfb)|SO`QC2dV>-O0&3ekBg1|Bie7_nW7uoMs|~1hbAiZ&fkW2RVId$q<5JNlo81)2Zdp1JGJ6jh+(+4LIz^hnnwS?wT155VW_)XHP;=*S&+Fg_#x7@aF=?_? z!S|vceLhODTP=no{@QboD2Bfrosw@AODZGv>IQQhEPrDFu+Vr#D~Cf`nyk))bX#;Plu=!p#_KT;W0sBwI2L^d@KU(h zndK$RwSlb5b=tL(g0m+G`geWFaS1K*yq2jk^2@OdsZsw_)WY}vq78p?-UH{Z3(`RE@Fr&U(VOwV_`iVw)-jA;4OPHOO$$H$JnU6rCcJ^JN~C^x6b z*69|bKA9zog=-H+uEABR--sDgVnP&3lYuO>f8zGPl0`Ib21ampye%rBM(-Tt3CW#RR)tP9dpga*)gWWv*6jr8(`|Xht2S%kf7x-_M2GS? zfAf8ZuzXCOh_xbiin_2h@~S7LdYNksC@tLaCQ*vTv&S9^mQjzi4lwU016|zu-Z6lO zj(1u|HMBJn9@`>e)w&cp`3Nd=6Z2s}b@O=)*O+WaB$; zl5O#peH`3Y4Nu?|69ALRBoKZ6{5Wo2!h5MLHNT@99j(PFWQd?%wv1Bsh+}Phl~dNl zlB8Ic4EHc$PN+|&l(l&B82x2xA->3D-a=zf@atabQ*+Tlis{7gx{=8}LkTvKkpG2F zX&A4$nWfYw$@zX!j?=j3vt<=>79_$WBfEnPB*i0_<%Nd5c`HX67xl}W$(Mgn((4d8 z1%pjMUql%epKvGRqSn8eV&n(B;KBQ*{nI;+NW<7|M5~>V3apJ%ou2e?j(BYNBD}^L z4obEqO>VzQ3!fY#pQKeM7ADgg^)J7cva!@GrO(UOdL0-wf~>&WMLuB?tLUQ)omMdA)m=w_mXk1I!Sd_O1JjCkgYeej}Yn z7y0D*Xh_1HmlS<<`TzWnGfbYMleCG(f1`SOj`xi zH3yMq>}v8yb6TrARfGDbgj(+(oevK%Nf9cAm;K|w4Dbs{!4y~)Y%|8z8va{k-@aW2 zw@Q<0R@XIi$l)$5Lq@9)c+Rg?-2Y80V*FpUB1U?8hX1NVj0EhgEdQ_jpIQ+I8w>0I zw^ropqQ11b!Ac-59u_<_x4peUqO$-)-zP5wLlTqk?B*uP2DGpM0U-_{F777fbGUPA zy>;4MdzOPcY{g?`PO;3aK|)PnN}v%AoSc#rBLo3({NyhPxMhuF-rTG>LqLE6 z;}8!fC?E(ROY16&=Sm9)2M6%ab0t_0&tj6E5!+Y=J$KOt3XTr%AC;FE1|AaytPjW< z1~kR5st?ZmvU`t;Lrn-E+tYiDRvY`f+!2tiqyGm041-JjaPx7O8_ zlHUu#f4{ElCl1RTzV-3z7vn6jPjy8eAc%1c=*sf9R}++c4$hi(U*7~A$o`84sBP_+1V0?w?_|V3A)sqLkp2Awp#RJazZ^3h02$0ZP!~I(zWNOwKsrM105#!^d9T^fC^Ynk))U(SaJ>{SkuN~!5-}1$y%Zmj06^yyUw9sHAMIy2 zJK&XLTsU+e?QeKH;1yIH#7ON^xc*fg9%8i4J7WKu%72Py{67FjYF@(hyfI=Rhl}3A z+yJgMVjxDVzQXjbIsYkqgy~;a|FifN9w}G@=vN?HyPm!tGRUB8YzF8lE<5b94Fk#% ztaFW*6)_d=s`48da>Vc@Tp!Pr-$@IdD?jSF2xUc!$t)cMqy<>xXMgfLZtJ~{>OKxA zwfdbe99`4^t|16_*$?UPou;Afw+Lj7!?^7Ycz_%qIv|J9b*>lV&G#}#JHXYiz0a}D z+d1Ia6w>vRc*KrnX!#u;JUwFBNH~4x;-6UcZ2=_p)Bw+2zpmlMsTqXxQ|~|C=f|&J z%Ie3zmTmp(UoXpTIt5O(e)Br*yEOP=`U}Bf02Zg*Rj&?LA9EMyk1cw=XKDB11+V^{ zfJ9c!7C%~Sz(DBd?%+58<>IY8$c_^*LlEXClN$EOx8OIMf}I*jJoa8UeIG}$tH(%x z6nE}0zSCHiu6Jph~%f`w#|99eR0K5aRInN4Jyq1mTqL6BIjh6CYtk?v<|= zkGgymA7SL;J^jzrGwj&A-GpDA8VkW1VCC`o+br?D*X~aU$L~m{yjeJnIJz}p%g>@P zCPb$d9vF@_PCeDY{pag0UD0o6F9``Do^Ewly&Gt2BD;ryE0DG}?{6cMn@ea6=Ev$M zq!-9f6it8qDKy9fKt|E@H2+jckhNvdMr|dDZhMn$G_TIjJR(-nD*6C)N!Ijzqi;wy zDckuU3rht7=IrX1ny2ld=vU~{pehFV!P;p5l0Wa($se-r*@~iHQt-{Y6ne}^z6~~;mQB@l}dX8#w3qjtcgIZ z78Sn(;w~@^#SXZziaRVT&f)b6K^&CzDD~}1V6b_Qk}(^jY=IeEKaq@R1x`M+A#ZYa zCzY~Ye=rBfz>B# zl8MzRagc{Ax#cYn?EF8JeN&L8QIKUX{z%zN^jw4WV4Y`6$NY?X5U(agvAy6I|*)OIk*L)l-@wSS=S_q}j( zcr2{D&+_I5Hkv!Qhls&q94G$%-yBDk6ITlK>t3%ao3Ozkw{Ca;03_ckGL`9d zBrLxzz2=@;kJJ#z+!(3PwD(W`j>WfA7ZX|0WjJqcY=jhQcbRcNwIvm(6nsqBwO%<$ z&AW|Hus{NfOMCwr_tN*{X4w1te4mA8prhubJvE(Yq;KwVE5s@>QD=-E&tb~Sxz=s; z>~z1rEoX@|Q>a5h?vP=ztW(P^wlHzm8jpbsjU|xM0v0>CAA>k%u0$b8otGA|nf!y= zm&22YQSjqldZ5Fdf2P5v{vV>S7lWm8N2|epn^Pa61^i0ozEp>LO}%nb=X%d^D zvctQ4j(cKV0ckDVZFcjncBSZH_lq-9ZwE~Zc%_?N%PICqOr(4Kauyrw(Lva#=zUgR zqIu@hSfNzL16vKQg~Z6)wa^P}s-MePTQ zmaruC50?>giGK=#u3Ex=eY{OHOA96gN)SL9s1_%2JSrt^-I0$EttM(<#NO@Ao54+x z{*+lf@203nM_aY7haQv~Zf^+U$d9crnspIC5Y*Fvz0h%SkS8*HqD$(^tPA8Ny5?2E zr?m?BmGAQ9lbw>aDgswE2~gCpy1kd~h;th@yQayg;=O@MBCyr5y1>-cBq>x-EqEA* zb5(3s`NSHI+mFoLBgFYrr}&Igf1E+BEgdfVVjz1&2JRqrc(!%Sy7@xvwMfFzgEd$# zV43VPIQoX4=>>(*>PT)0bVOaJ{`7DH?%KaNEw`b5ab8bXz1O*YizjjB%}Tm-1$2{n3`_&i`1 z($Vph!kzQS@^+XGhxo=_(L{|{TCKNy)ATF(C*3G|_`2hI5)u6oV7aguTv;!yPT%T) zIUe%R@W=r;f38n9Czv-bhitqsXfc+{f@^g}hkSn1NE?nupItVKyH6PVdB)^9TAm$R zkG*40is$35B4hX?fC)_>kW>CoN9e|IhKWIwEsIUw0g5?1v6K%m4UvFkdgDO}f5k{( zNHK`tf*0)G3vb6*P{_jyMK2t&H>=Jvv4SAJUs-a z<#g&*`gj>UsqZcFN_$#@bKv5s?S?a-JZlj{@; z*jm2-NwaH}{asfbwn+98yjJHIPr@&AED9<{x0sXAp2j_o{D4%5-xh+-*3!8@gH{!x z-t>sCes%W(P92-Yljh_hIZ6PvLXM`@Hi9umXh|5#4r>obiFkdV0WLp@sybwGkCztm zF~>DANNgm6=7xtZ8{N(=BeK^y&{&fta6aaNUj-x4esM`QOW#1HlJn7EN9Kusizf@M zPVCUSys{7tiTiD*f#_QZZK6H#VP-?kHwa z=N~qLb-+#jU;@@!UbR zC)0e+pnt~m{rq!>Mr&Wh-U_ySUCS2vFEYv)*kLsAec&Pz>iW}#wPiBb$C{2$Cm@V& zx#5nsvrHLBC$Tz`;DoPYQwK3GM1(z)5rV|-;7I6c_u0eUD_DI=oL)Sh zeWePPS_MC*veaPy=O;y49@`eZ%>nO-Y+qKmd%=%nXfaQu^z?BbwaY(Mi`pAY#XX_+ zLitCQaXb|<@4q#x7WP557`Fe_mXs21)g6L0qEHjU3q>~T{H;7NX#@6@o=m}x4m~`9 zxS|1R9L#?W_)s*soBSIK?NEabQGg)<_cZ6wFwqW|PinKUZi4s+JHrliqVjb!K8a9< zjR!Il74b0N7#tss{ot1+7M}m6e8>*QI_u~xA8f=#GlYMc7+!QT78TTn%Y#0RL#D=- z<_t)CGX@0F2-Th(BUTl+T|Sd+nSzlVg|eUce$SRMpixiy)(EM^jUbJ0J{P?fh0C+<>p#l$=yUKtghgGzLs} zn_@HH$m_;HJC3nZ)VZ}iHOGRM(wS8A{BANF8P2$Xvvz^JkjMt^_3hJ;%Uoh4cS8K4 z*)?szPOW@Kx7N&8PhbJdS-+t63`aOk7e6!NH9P(f5z5;g*Dbgo@3u{}YgAfD71uK6 z3i{*=%_DmSwiK0md>6Nn3S+}Og7osQ!qTk*1&C&JcJaG!Vtf(}qBz>L3NLp>#BhWm zltt5D#OCG2-kdEXe)dGCK?5fRx3l2&bWEmnxpg-AyS%%(j77mMwJFf5$$*+Q(0mY4 zcNMwZUhlCiVP3o0WR4a-xlJ}^l7SmUJI4W#+U_7ZSGBzy)5x*y>upCw#APbFFqGFp zk!qHh z^8G;rLVI7edgRi)s$*?WF(Nz{4-j@JFS+Xr#y4Kl)e0ssL(!ly@}<9b!aawz*sEoo zcPJsqHXbNWyC&#Eds5=1)!(|ht{8}+5S&LHu-4&qY4+n@ZT`K2$G)j{ldG6; z-5(5KlO@Hek|rtThK1|KAucZACaoUm^t9qW+cw4|lrl8Ut89Bn+=CUd>FMXIY%4c% z&`f=_7w)q6dV={&`do?w5FXkz`*p6&W^9ettZBXMv9!BUA$Lc&AMlgYxn`^f8}w+f zQ32&{87@U{guYbT=1=)ep=>STr1;nZJXlKT%*#b}`_3}a{;x&%hCS4?wYv`;HZrqU zzf4OrNgo2_hX^?9@F-b&*A-P%UCdX68e(O+sjDsM$^%IKL@6GJ1mT6x;$t|4Y2{oWZ{^!Jw}I3hWZ9)G4^hRj3jTfTD0EN_AY?SP|ucGCx_5;pz! z-G;N7n8(dPl{5AiyOEBwt*CYLOwdx=6ip&=Xmm zPfpwVx>Wg3H&^>Qeg^kUcb;fnjAzAk^lG=8 z@^Tq74-uqj5mGlYe2*U2hxN$^NRkM!C8!dQ;O3zHzRQ?0q2_j9sV~4Bu16nU=r-!e zW8)3}+jS9v0&q8^u&-*d+C;N*B6DM~0nvRK%F0r-7}+WZaB54X&t9v&#TmMDkS>G#y|DjvUV(3IB`RG z@1-oBLAq2sDn%cu^6ug?7Ro@5o*wj!8JDZ4igF0fJ-&T=nw)BGm+x*+pcP24z|P=% zlgHoRS|56%V{C^Bd{nykyBC~#4obb*m(G`!be7h$6SjCOw(5)e1QVAQ*?5;Cf0;lo zh%rLkiHUiNqLn8qWzEbXKgS{5OS3aLOC(lN78pj&u6sQ=NM3V)0D-GK88E%EN!YE~ z0Pse4w{pGb$TuF-HxkYt;=0@**kHUCbY2H3amF)B&9zg26DwNn^A302T2>KrB^`zv zCKgps&(eiiSvsAim_B_ZZCxZSE-%$AL&l)cHbjWu$2Mtwz;<4W zq;&CV1#Mzx;SDlWpch`3>lZxn2a(h!+)#p`nNLhHd8EbnbF4RSfA85P- z`qrQOmY8B3V66g|Pmx2Th}`6V)p_)Xz>!TM9Yh z@7diKth1kd#|Z$=KL91l#{BZIKI1T2-KU!f2bWBM47Sm@18(U4Bcde3ys~mL4^BPH73(Ckqfp?rnppq<$~OHGP8bl#6hpYsOo?dQyV@)w$ms$zzs zNBb;>&vOjn9Cjm71Fx*Si^N-rqRgPRq<2S33?&N>bQ9?8Y2lspvmQZM+ZS4uSxV^s z!+EL1l054Yp6YL$(d<3+hkNH~wQ+D6BIKl#>048L)=C{wVjxatFS)-!x>AXIjH;mt zA?ylsb>R*OKQ;0nTVr^;wW2e`@Oq@<6A{ktNGW(V!Aj%FhiD7-Q1{=C{wY1GlVsZB zIhG+#?nnjWM>PzDm|2BOX2Yy+8E!ySRa>9%b)MnX%_+1LO?SP0PnKOgf-*k9`;g>k z%Pm+c-`8_S?puc)sya2&f@9x2o8f%u{5#G`x4_-jLK}jbb!aB*-n~NK!h0^iza-DO zV@Xpzy}xuo;TMhV;SYh5P7odaN-`bNEQY~5kQew_zr5bb_+Q{1oP^ku!OdSVWtqMB zvC~{qN`4z#b=b7uf=@B_oqk1ITg2L$-eRE|opuKldJJi;{E*~$UrcHnImmvJK11&h zd2LBg`bKQCf53x6`#hfxpZ_%6t=&~w$e~b@#r`m@1uMOL-T*5jeM60rM4E#+y=~j` zR+yrOKP}_pLfFBQV2+EhBh@nRKE;&_z?fLLuPc}mtg5KDW(Gh`q$@f(9U^d$E44HR z(OB7eYr)Rt|w}85IwC*dE-GD;7vkDKZ4tII8wHxA#(}h+q=GsA6>^C6)bO8Rs1Q z_IEBrJ{9v_8E#)8z8z0C^rQeP(3+Zm&{K!vSGxnfGV2D2@hW4vcSfy%HoIres1N*o~01Jd5@?7jeR(NbLQVUyBhs2vXe8E^Hm`OB3rgwoWB9ARl^Q-YhNup)y~0h5RsF(M=H zx~vwD8xIXefRup$A7;UVa*E6IEA)0$U4}w?4tY1scP1y0G}QCn77SXuq+ACyOsc<- z85A@}*vN^QAL&gMOhkI!%36>&r?MXTPQj0?`Y;UIH+ITe^}{|%t)iV`r_J8!;4>+H zV5)#9giW2;ZK2uXN&|P4DTSr0W8+(-Tz_ z_?kOP!My*R*Xm|EF*em|XIE30F;f(FKq3JW2*}kzJOj5X7ud9;+|uJ+uW)#>c?MX8 z!IqaYh1#hY$F?m|4xiO{w-V<@qH$dhBNz^KupQ2pCNvH8F6gw3yTD-@og?mK%vi{v zWl^nyn81t0dB<7S4`%cTYS4Mi(d%aiBAAAGeXuSh(w!<+H;=zaZhd6*6cE0rb25&b zR$Vnf#y?l`>dj&6-!w006=t`m#Sv>Z=JS4=^3!Hh341T{7JI7LiU#iwy%a}wAO$f# zRvgfj5d$JuflWUdpaTOG~W3f*U+uQq_r6mP0JMS^Q6?7 zDSfrlSQDOB_I^FmQL;&q`<-rRc6Rq2`KUd?K6$tcUa?}ju~b~YENv=ub*3s%d|T}* zWUU`LETgP6ADxmM4!pdI-^3V93qPWe9&|*If8#T7Ijy%vd5Q_l=1I-Msil>&fLlgZ z`NVzKVB(N>bCv}3rI-h+n!0k729Z$nTO@=xI#!so3$B_eArzDw!P8V}P#|wLshact zfm3%Co8h$0iqelN7-`J2tw<2)9hr@f;W!XBt6nzCLK=TIQko{>Q zZL(O?;9=GwN9<+Qkx;OtXQuRLl_eslMezy7LDvd zA1uvUJCh)s)@Fx|j5j+#dT_4@rCg->8*P-AI5N~ux!!NJGQL>wbR!?>1KeVlOq)e7 zInnkLjGc>Co5%%TFg3-fe>$-BfyHmbVV70pLrQy*(x_sd=){it%jL44Aeku0Oj3=q z{`s(_L{#1j5r&j5eVo0HU5@}L(5%W;yKBmYV$KGW{-cE7+dTKB!v}TY2LnyzB^KEy zE<7#%i0>~)Mre0tKzu7HVOn;9*N?u7{>~n3{qty**nCX!J>?n)7dvt=fnCxXY!9{@ z{{U-fE0vL&Hqf#?oFnz81Y^m(RLr{PnVjXQU+A5ZW>wL4;C58w+F>w#(x;9M_f?3# zmE1KQ;piB!wigeoc=F7mA28K5O2eFRaY1JDn50kpu|8C>OlvoESRoX zQR0=UYm6k9P0u%0iM<(#-MPdi<`8=;Q(vRj~VFha1qlC zmif|(VGTVd0({lQ;BAXj?vyeoZ}GksIjGvBH^fNtf-abRX%YL}MYrh9pacZe$rr`q@*#%n^ZQtUgz=ti9rw)FbTt^^&u<7{4cBtatS4wvtU6KwQGu^K$cY zc5ZgcA$Sa%J}}O;HbzjpqDJN35QS2WgGQDH3`eC@)bMEeHVAVZ$8Ay(qoNw;65yeN zuw9UFj~1dYt(bGqG!2iN_jK^HDTNPVYCaK$hGfNT)ez2FM0D?my$LURMy_8W?=qms zK*FQ5y-l(*cP`>$VJY*P5y_vE42av$ifZ?4&4QoV9i`+Y%HSgey#BnZyWCEy^2|*W-;vo3I)5;5sOzM^DTE7j7V=*9dmz9cO3EOS%LJu4Puc~rT>e(g)ygw zmq&cbmm+R$X}HGTipemM(Q2hzW>w;ccu$d0LVL}kqqS3st*UG7Ias<|trME%n&k!mW(p-87hq}5I zjP`o=sBUKO_jL<)BGeT!z1(1GR;o|BwK4@FxW5s2VqBpT&vfgS4Y#cHBXHsdUS~>i{qLMIs~Q6A`^?w4B^- zRm5u;!jk&4SFtBK@YVP!^vFT{!Cn*%88T)CBkm~- zL4!Q?*(TM8n-5ii-fPd8JP~@eXqJ3UDpIK5j6gr>!KODuM;hFBP5C6$MIxOUiyn-x z8@9!`d=Dlo2ETt{za3f2Lq^kPI>skDYPBYuTd>_3^^(*}MS+u7`4ljbH9Lvew$}&8 zf+^{S*}s5Y2yxSOlQ{wMkuUDQ6W$hAuQDK0^ zi=-AgDJ+z@WPqwft=BV9dMO1B1VdB*9V6mGA4QC>9ER`^RR)7bJ2 zW?S?hxX>%YcWgUW*9;joMkN?&Cqn^M&3RE@v_`)alST1!n~6tH%)80^*QO4RJBXZm z^Utotm7KU+2NUNqxsLoEeu_b8o)WsfKQUCX@Y_YQB~(h(bo{Y<^Lbu-Zum(!W2{Gp z<1vvT{q6x8#o?-x;#Wmi_#W5~q5~zyQf(Q;Z0T{9VClKB@&a?R_=WHGt{lao*DUr- zPP&KmIyX`El_G>3$GTg_LFzXm)?sMrh?q-S!1_idHiit{UFMmz?4L)bbSZCY+PL_% z*AQw!epSpk1Mydf{5Q_718B9w7WIQbP5%3rh@r*ZOa!Z5>9dgRDZ7-9&7q9RMHN+* z_i739We{%L^8`8L#7|LCUZIGA=ii=BsUj3l7K1KqkYBI(M!KPO3nWJMmppC)O#;}# zcDAH?X$lL?#|hG(7`OY#UK294(4v& z9YXGT1MVyiSrp9e=8UquW@BQFI|kOdf%TzgY(X(LHqWekL+oCdj+w|q16BgwgaN;F zt4B_Iok>P>V&QRY-$b`mk8A9RK6@l`X;l->BE4=&MVAx#i-T=P!If6PU0~(cxSpc0 zWJaFOFlJ-ZCbG8p9`aDwKppR?M(9{{k21Uziim)gSt-Z;=Zfn|dBfv|u*_9_-9tk9 zbLVZp=^~K|)m_<@e)M2evEcxignYd-uG5K63vNCDf(Vbv6Oc}n1YOp-c;JG(^ zT>%^Tpz!NcUd=$B)Y>Cg=nW_|@ydL?Jw`m&es0fq`%rBASB%X>Sy;LV&~U*RUc#`xZfaFfUMH;`S8 z_PIm6f}b*YVk4BTg@_W<65MJXo`yNA!g<7GGY(^U`_?*(^6WH)2G}2I891cjlkJmt zW08w9aR2z^GN+w@9H#KkhEAl9CB`)}dh}SM9ENB1&77?G1Xr$$DHePMwhFWG>ud(O z>ooJKi}6r%Dz`>1{;&D;2+*?4PN4Xf$bDyGVOrM9O-_!6&Y%Gmn& zwVv44nIvReeH+2eb=Cf>o@Ccsaty6KY`UxwB+^PFU;$X-JX^U zI>vn|S9i_4k?qgK@=w`<4)Ppl+YE~4kHRhz4cIJ>+;g8g$0eQ#rdocOFT}q#Q=;*z zKXiuGd6|w<6WNUDo#nD0)2QZZWz_e~9-L2F&@CJc%2Lh2{{&4Ywo{YVBsP!nXGdRl zqO^x+p-ZsDvT;1rj`Cx4QbgXw&o(zF={6!(lgi3IIeS5l7bwSoZcn-x2aDVxUXLq< z?K95{v$`M`VuJ>_8E3WmBETPEvgdJJ1#z~2vCP+W~>`)V&=w;8qN&1<9fy1#2q_)RVH-_6{8a6H}I-1iUSv-f6 zRG1np-J6V_vqcgdpeP()9#+U7vpy|(0rcZIke|l$Sj0vc)V&`TiVwYj7^=FBsS?Iq zBfmEs?uMR5O*sx+Eq;536uf^^*Zfo#;L}f#R^V^VCw02_FasG9;4sqk-^QLSc#HP2 zdjmDeYvDW3*->CpxJ048ez{EA5yh`pswmD|8FEf{|Gi05>n16&@3$neFT~{9LV9uo zBZrz-J|RsT36#8i1tOWmsnky`@SyWxVJ$el|NSvwrEl@yVbWOs8%!EIE7Sjlq_HzG z|DTWlj7Vc-VrBiGBGQypU?5gpq{rnXT_$I#=UJDS>l7&@YA7fb7*?3~6jfa4BxPvE zr)HfbXe62y8CVwBS?1aQ0psMwX+R#T{G)&9=^ybZ_tRqnt}k3Ol@&dQ%6@_ONaVE zO63XqUJ_=^vlfOj^Z>pk1$+2A0XK0=I)*F#6H+wt(vuVl^}aXCas&|KGJZ>4C{KnT zLg+XU9|^L2J>R+;@#4QH+fPVOON~ze)EF6=lq6`Vq^gdX6c|4}N}!fQp)&Ye)hLQp zfACh;rlslqTq=~8*Ho;GPt_X&jU+ab0tF5%d?hX&NZT`jkhaUy!i!H$QA3u~_=6LU zvFi5_2IFfhCg5P*B4VX5^eC$_Vpo9zy&j?(v;k0XFpI^xX94@_uCr$ zgrSCJ)_+T1Eu@g9qow*8ip=2wG6*puH~E{3o3)vUHRJN6`OEk+wMvH8%h%dInQqm` zGxhp=&?g6(D9$xKwM<7(K4*WBZxX0jpd>h<8L_zd%eKn8)4f_$^Kv`R36&B2lw~LD zgt0fc|M|?Q6utvm?)%G|fmel&RF4YS_5L(78hA?%Ht|3%+$dZr2iN;jy8IP?|L8KC z`n9e0#WV5HELbzpVD~d}u~^Cz_w?FpdI`6@?4j;R**Ka%PhR0EdI4c}?$Iwpb1LPp zXJl8VBVWn%)J3$);a7vrg!ZpAt)~f!EQ+uZ1wX8r}r#`Z`U{v-p*Il9Q1m+~~Ivt}de1$t zM_H0ByYSwrbFy(wF6teBYOXFqvdG`M$mDD&ErC0_Rkzh&?rP_}gRL>HCCte@C3tL; zRF{zmoQ5r(+s#|wkH|&T0aK&5Vk;A>a?;^!#zyy$4S(!q-|57n$S!HW^)A(3@Uq{< z{2Bpeif-cD?=$jYYMi5SkG|vH)7dsUulASMLeYg_+^TvDPbS@^?G`5=5GLa%9429W zVtL4s;4@tvirPTp8+}5(z~ZgR!`2G4uOs(e{1vaRBCi9xYPjkxicpE9(;Zi!w^2mN z@Kwv-Y3N>z zrmmh)GLKrbG(@cf!mnbyl9o@D^J?0Vbsb0;hpl{+j=P%W{@hnJdQKB|F0@=TnX4X8UAGAZ*wt3h{RGGY{CU-}cS>qLKEBGlpKqT~S*;xma=+PhJQa1wvTd|cigV+0-%Ku* zI<8UJ1=o00WzQo#BevDszFk-U#vNVXSIisf$dDN7SvedZ^?ucGm-XKN4ft{d%C}Aj z$-gQ}${oq1w3tmX{C<=OOV>-my)3yPXFT{}5wK8LG3nr0WajZ=O5pLz7k$%Z6Khka z8}%Obmm?a;P1yx~BIk4b(cyvIs+asu-zl}4gQEkOpKZKO(y&2gx$UWe~)SGzv#v1nD4A#z*E$F0@?X4oN0MJk`N$aet%ioKsp*f#ww zEEx~{(tY2ds~7@yz&vg`l8EQ!cVUbH(S5K8EH;usf?UoE@yXKY5PJKF$C zU#Q1eO6sSg^h6iv%$mfKa;5`ZbfzZhTouwtovaaB_nf_Mqil=@ix;3ktf+P+(td*H zWZ^1R)JI3Y7SvH_=u8F9#$crV4E1D6=x?CA$a5O?$em3_BO9nTLugC*8^wS&qfOMx z8@|y*4jSnRu0UlnQn3rWt25k%aua4knI`vfg z-3!)Ro^)fr>42x;k~Gad6f@c4)g5ht?j%l^fgNlY>s7Ttbk0S7PxBSIcik1|uvwE7 zQ&1l0p&_dcqYbSrk!?&Iv###P4!&Q9=9&5-|7y%lJ5E}4oqeC~*-HR&FFSp!T z>%R*D_Wv3J>Mca|QKMK8BQnO73Zs7)1R(4g&g0IHD&MepP z)xxGCfC zY%3f-3f)}pdIixmb@?Z6N&t=4RmH4EhJNtITQq{dxC;I`s3fduSFWU6aIJOyUklfh2l(k z(XgBcFkD!k%&Wtb81X-suL{XzC9u%SFawK(V1WiR?Pu6%IAJHGFMz|Jcyvx9WxX`& zr9bH~!|=rZW{U`CQwZjyf2lFDV0+vzmPO5q>dg$?ZHqe$Q;-|p<_``9zu#c?xX#(E zaYN#gb-SBg9g|@_gaBE+*(hK1p+@eA_MIdXvS`}SSxBo0hug`D1r&CJZ-YZxg1;1t zna4AJ?IKt7lHe=xWucfEY50X_x_*@Ak2d&1-&P$r5>B0pwR3K(Wej#EI$+BAK>;z} z(ilDXMulB2y#5H7^UUk_iJNP_a`wk=BWgU&o&6J3_vTIR*ZaxhSNUIqf|dP0FM=q0 z*qad0%NbfKIom+d%Mvg$FhJ3ZS~xm66L2!H|DV#EfSLJ!z5#NrrD3-zj^w*qyLSi! zX0VHn0E2LvEx{y#BS$v~-!QedF{Vf~&OHA80jyXr7MEl)8J(d6gHFE*8os%xsEsAl z8u^Ge8#$M@4_h!zocyn&|NWieKcDh5j8LCdz3f0ebzixkw&UwYI(#A)c{ZFl9)n99I9fv zt(B+XK;I@n1}$DIhS+|KD-#ULQZ;Tzb$rH4Hq{xVdJ^e1GELQyvP0QF8V+9S0(fG6 zY0JBM@WA-ka2eB__+QX;Ir2+~Or@an!Bd=N^M$L>b^84^t8I25D7PSx(Dz^<0vf0d zdvi8~LjCP&Wt4%*C%-Bol@jofPy(?Jvi3{}Kv4rk6P17CNgESV4`}!41T9013l#M? z#wQvFYJ@CpBvL30et>C$^et#SVO~I!cxIxD7bf(l5RF+1u?~cVLP7u_M-+uIicCRN zMJ}8C1N^rX7BMsgR)RX+z^~@5JEm@Srq_rUaMupj`LOnKImBU+F{!a5#bzc$867N^ z-kw)Myg2h>bkQfT7>wxgc_!8b?p-o)VeO+zxZYmc`(pMj81-KnZ5Vav^w&c1@auqv zjGgImks?k1W_4X0nDDQrdW}M{aDm~_4-ktmr|xWYv1bc+@C`x_R0;KNw}1FQGnnaK z^D}j&$;7nI8EBFh#EhDzIhVGj$bDu&#&x;+o%RYuT0}5mDI3LPg<)*u!3;#QVxW={ zjdqL3=vSAH-d&b|SKg>BqG?zM>4`CH-g#XgcRn9yQPbvaXUUpjTriAK8~~V2y8h_b z(#NLN1Fd<0Ec#xJ?-Go0LXX5R!N8Fl{Kz!|Q&IJhusi*Efm2O+oW=J33B(M?HYoY+ zC`Ip_`q9Q94Y2pWO?^&>>nv*RZy6*DOVQiY{+iBrF{;OkmAYKP58BW0VPn~0-}A+x zkc1c4fmvt-nr#-Fa}$bl_Ve$)@V0?^gEDp8`=L0l=H5+Dm`m&oQ! zaGGG}QNE_2=-5&OLqJi!sQuY=d-&^~Elgz9nK-^LQEQ9)pTHxqsM5!~KSk1#>F~}=%bmcn#Kq9uJi`&5=*?fUC7ippF=UM#uk><-| zC{Sg_=CAwM+@roSJ#Gs+C*Z2vS+L*fd6qh6%0g~Mid>q`P5M~#-lSCfBr{>uaXW^m zX}MGPsG#~d#*7BZGCV6gxh{Xm^eoa5?6Oc~~qxcQ!4c@u8f0S-1*jLTO9NEI^Uk0~PRxhftib&aen7p!41V zny}9FHwW5N=&6{QB_PKtJ&brSl@daij9@K+ItgTz3(r8T$F1iB|KZeG;^|X%Rj99^;X2kRV{N9)ZOmy)qcyv z!hqM&wSZ|cH%F~9rO)tt`TQY$d0xsYlUL_H_wWg<%{wTHsb@=e_DScNBeu4N1O0q# zIW4I{CC>XTadr*f?Q%Z$H5~2w0uxyeShFFl#w(ntlEnkr& zy+=7-)5h^4JR)^f44b%X$OQ(~`h7$FRRiSCogtuPr?3t*A9b(T zoDVLzX|l&C=q%xr)K=HF+$`15a6G7KNIgkch-jsxu&Q2*ivh=rR8~q4ULicnUD#Ju zHQbhO7aFyyxnl%)6#vyq70ZpvX?u)~#qg@j!fdo8bgCWh%aI2?yRce5HX_S4(R`hN zD0Mi+s`eepHW`ufBhOCTHdX0S*hN$Z-$fnvZHABq&uduF>h^uITN(B)$Z%K@5hHU7 zmWnZ_jb8Z-=@P}nG*+YJomxXcq*_dwXjOFFM`)-mvpU$Y73C_D49E;=gmQo4g>!8x zUo&+_as3I01L3rQ*8DLER~T6f7&@`AxqcgH-eH@uKF)X=zPRq2@bZ zJ^JKuc5=OIYWpun?%~X(n%#@9A8=CO{^q{b-w*kcwWP}L%dr`uaVrwKWor0iQR^uSFGIn zehutbv|gh-jquiEvFqV6rl+Sut^-hLVJ7&aZ=aR=_-5!%t`jqB>#eh9!^tu09`3j@P>=)*fy#JN5nQd)NP=C?T#+ z6@}wQ)X{AIV(;pH7XN(#epkZRt^o8TEu-L^0l%h;;FOiXOR9f4Wx(A)v@Zm1RD}45 zH~VK7+Dp#Us1}-6>)uyZeGfjK!sD;5aZ{X}4g>Zc(V$oFp_2=WM0}g=FIAlO>)SOs zRyX@f2Q1e&BDecnF+E2IIk|J;#quJLi{IL+E*`@L2ab)|XdO6tG3jR1?~e^R4Di){ z#ilv#68^DVYGCle~+>B_gTsrwN)B)vbs=R#KyTB8}m4@p!yldWkcD z2Tz7f*>?T)zhlqyQSGe>(H89syC_k5kRW%#^y#n{7lTMN7(WJxTzm zQ)5@O{ETx-;*e+#w2pIOjw?O%#I#&sS4;b7JzC`?p>+qH@_b2o#Xeq z=)1JnTjWm+3z;R~bMM^6vNc7=WWpLTYsE}of^{TY7hV!FJTnoU!PYI-ca;q;PIGOF z=yc0g8`Y~pbwZ1m{JgzM_}v28r_Y$XGMn%@G4fH}Sp5v` z_x$W9mraV!iWQf3I4)6tQZ1S%`FI7}Z{=GaJ6K8MPEZZrt? zv$_FXyI7z?pjZl)7%;(;=wELMpdzj!>MP7F8jyMt!BGhy3&BxW6*LJMTO7953FE1YhyX0py)K#+~Fz%FEeGHH>nSFN7Qh5E~txd$%Hb9$`G7E{CA zp2F5YPxgD+#B4fJISSVT`)UkZzcdNPd0m4U!P7#qu?TAbv1c-7`K4DMzQP2df|9-m ztgddRQR_5A)`9j6V-=LNzmiyki}wBe?YDq50AI7rnMpgXXfa}}NX}Q8blXL>DDmptGnEW3Qo|ZX*==E(XdNwCdf}2u4Qv|0 z@Bwlz)Ivtf7_BeK_QF>9VkG&V*{|bRUg8vRd6h0`bn0eMsQe-W7W@0EpiMqSK@%ez zNwlAz>ES&6c`%C3`>)Ly8|!~&aQuHXV;rpiw;5yPHg|M5TRqir^Im-Llol^8vX@?TMVUBt z?Gv~2Ust*nnEuP&$`E;P=t)s^5()Pi+7+OAI}Q9B3H$u|7% zN^wNW&OKx#gm#3VOu?||sQW@vIR?n_++-w=46=N?g<*_J_R0oRT0@}G%xcfgPU6Y$#K`M+^%JvzQ9(i1N%dT9xM?;Es;_rhv)J9+!Xk!S%#IUPosLQGdgQXHj)&9*#yQJ6#!MwFAiJSv0l&0BsG$Kh6;R_s|x{ zKCX@lSa6n11z8(^gHbJP!!+iDq8x23hdOHPZF!d+EVR1H@F3Ml zv1e5Lz9b#Ud=95RcVt6`6C9GgpP|_s)kl&w*J#n~cTdyot#N<8ZXdUOzAo+J^7Q=L z{n~xL7B4r`zzaQIUpGg4yY@N^n*BZpYkPqY_UA9xt=o^!_m8+H_-?&}CO2t*ULKu; z4L0N7!0YckpTicrB=#tF+HRkJ|6gEl9FT^=FoaokN44HjwZ5vOZhuC7Jl4hCYmz&% zRc(hny*tr;=%y?$&r#;ihNmljpP9@oA*T`JTAs@yKP_b^5=2go zCPkw;(!ut(xF#v|g`hsX*#vcxAf$z;et`+CTzw}Jm2?H^+Hw15ktD9v@3aY|&qQS! zXs-l4DygfKuSC*bk_Rb|i0(wahNCoLUrPFVHACrCjHGbJW73zZx>>ZB!uBDlD-DA@ z+AEQOh&=t>ZrW+mdF@OVH!db|+&_m57h)qCrhk}XuQ_9*5lXWQr&%l>GXSSeEb+oI z7K(@CTIGxymePeIEamq&Quq2Rq#M#nY_s(!)boZS!f9ml%RJE?O|9W{^NL{J@{jwd zrT0|7e)aTI{yV>9iL6-?UI4(8#8Ns5Yj!6ROe#iVDV>Zp*N779sv|g5BBoSbGHZOn z6v?KfAj7F@aFfe>B=rNXH|;WT;pNwRWc*Ia_eZCG-)r!KJ;Y&dqRT`=acR}PPrm_# z>mwZXZM80xtsQ8z`gb(z(31qsf83Q&{Z@4c%uC6MGRH{L;^dA3CMoq8u?`|d>#;I>7VE(~)kRFAgWbS`>d&0UoDk8TUU!LvRYqe(saPli1xbmLR=7j08eK5lNdFt}P(D0NxmDS;!5T1FBCtnOm`qDyWP->&F8 zkdoEvy;2E|{z=+X2eoiVP~gZ@(dt+W6?2C`h{Zi|uOhw95&G*IY1H8{9E(^rwX7lwJNfL4Ex~5BA+Uf3(~UVXSrM2!fZkH3ncjkXGAIAZWB}VkH*!JtF=i~A4`}}qPm#b|%jl5Qy=1`0L=YZT_-}kS! zUSLf-K=z`&t+qJ@Ut#gGbagcO)$sLDd#5er2>2YTPVAGJx&Yqio&5HGtoO?6w5w^< zZvw=8oZRJ)xQe9tTG;8?LTJlxe2Fgi?ui`M0sA20rg;exs8KWu2Y#nK3I;lx<5Q4Ar%i|7Y6 zg`of#0s#TRZQ~duTC7nJ(hMWM&4K^`aFq}z3Gsr!y~qqI@t@Sr5)Dy8VkIQ(pIMrO zrAtTW{~P^Hhm+{yB!ny>1PLKR;GS_|6k<5T2m(JCOT;t8{<+}AZiA1L z86+@Cybv85ON@ZPor&?sX|V*lk+>f}fMi;<9iBl18`)VR00auaATXvF00CG)0n{D< z*dxZd(g^_d#D zi<<@`VWuckv;_i#MnVxV%-^CcHW2&nLS_=dVy_Tz0+9)~BZiUj(GYNC44y%v6Y*f? zU+ciYkT8@40s&cDOWrFji~_=-|8aZjUk85(@gd%SF2o}M^S>{|n*zwc?%+zaREF4b zxC2!j9Xnz;jX;#tPG^Xt8wEP?;!?5e1ue5p86VfwEk|WL4YIaCq?BZA7e`T$(nU29 z$4M?FW%YmvJO8?9q?dQ{S@>k=fXLZBLHAJUkcnaJEB8KS{r*<-`KPM!+vx>+doN6G z4?3K1L3y9Ew7q=gd)L@pFh8Puh?Xg^)$?vravN9MUe%U2VB@|_jM2+>(I#|Pfh_IZ z3@u&2!R8jbav8f>o1P<^x!PV&m6b?7$A%J33m>sJWQWnThOlZR39Qjo{vZocH_1) zT*EPb-?at%G52q&OJAf2QW?2IWAcsupi4D%fz0cDK?Z*WK?9=N33oe7T7q{ZukPz< zK<^*?g3?cS=A3iF^T~xvLqZ;UiT) zMtrp+RNF`Psw=0n8k%L-;wyDb zQRB9B8*ZOQ>h(jaS(+XoJLEOB-UvrX6}Iq2CRrVTNe%O{j+gZPeGDfTPP&PTg_o4# zvqA*tr$6oj1jgfm`1bHveK@OUP(>Pk1|PRS}gin)}n0)`}Qel{*fv z(A`zoK(z+hgLGWuHf`R{M+<5S)Qou(Qncb|7T(c!L;q-RpgaL;UV0hoYeUDq1Ci$H zf~3L`2SFMi8r6U|#$b4e`ZwdyTc@8^8L2-Ds;ZGLb#C#pp`R@T_0DQR;gG(s$G)w+ zsh@P)k>&iM#`%NO0Z3aUW$e)t?#nMludOQqz%KrhAwKsU} zeCG)vCA{ShvUPc8>Ql@+W|U5b{`!Da=DDGE)ffX3&NuA)Z>%$D%?ZEu#uns8Xl+8! z_x_i!7I5U7A)oS-wym!%)f|60zDi#I%lD|^Rmi163^$%SeCh-it6lMnhaAywZdv#A za&6oC+i#JtSLvd`ocgcP>mAAFuU;`fhUi|na(CjSXpY(CM!Wx!`Ke(dJ8zEbygq-u zlxbeZ8hM?ZuUPK!pK{2*@BjIE5F9lp%00#Q7O0DouBo=k1$OJ$DECBjgpIC_Na{`uE6O$i ze+S#d+exH2xvOC#CIy?$ z;IwgI_^v!1KMSh%c=kMp$$^EfDER>atWWQv85j1DA_&pAd++GWT zjzGZ&0rFfg=gug>x<`_ii<7?VHz*1lm){nJ@_^NA!3kSNrL9u=XIwb}_~otuk!JC7 zyh{B69%tlYg136S)Tpdgj(2KMdK|aKg>q|_t>dTblhdIvn@&E&1AloJe1^i@CK!MvHX=Iw#!nnQiv#*2NQNwaS4W9ficQ z(?h-~Z22CYJ@_Z=G_1;E-Ls*KKLqNX27VHR*ZcQVHUb&^1tgpMr$FWD0k9~A{iL3a zF~M(6!v?43RsTSY;cxyx1f}G0ehAF)ygy9@PiYbpT>2`wP|}(@(;w?1sP1`{$=|HH zSl2yMKfgyY@vhQ1i?1Z41^)%qu$HlHN}*wk&jo%@(~)K4;$U0*=`=`LVxt$jO#DnZ zWvTzH_P(l5cFkpJ?6f)n-C3^je*f*${Ltw?y6?}51y+g*semkXd*S@Xgy(xhjWwSt z>0CeU9p)4jI=Bcb?sFAzja+2H_Y|^ON^E9vKssA~`M1bWQTLWboAKqhK&vKxb4%UN z$J+YDfq8a*ZKDhHkU-|uq?GhlOGG0-0)PL-F3kvM0CA3!LALcZ}>Ku4Q=B<9_O_vd3cQ7I;&K&r7iTaM;Gf31unHdWhJA+QOp->nObv`>YBSyArC@`J$yN|(4<-&K}eIqo| zOjG}gR&RcXJe)S7mpIV6*hiVcfJ^IL9Zw}KrO(abNbV2Lz32IcLLIH1Q*Y6IHV=DL zlmoLi=M7lA1?=e28Wz^nDh1#-1*er1#g%G(b0362>Vr%to20IdPYhJeEgHD6sm~@p z=L=MNHugK@HVcDqJj=nSeJaQ)O+>ka-2}?(lqqnTinCmIj~^(2JBL-o)yidBq&%C|-QXy)Rvu6Ue2d{hiN)gD7+N z)cvEz3aqyA?yWZ$w?%v?za+EH!T;JZTZ0MZk?wRKg%*u8@PSthI*d2{3UTJpry^C*2yFOrT3dp{ z?Xlh1Go;JIYbSMv#7AtA;6mU{tIUz&h2%NDxkowadEqbdF}MY!kR z^QK;ZcBCl0bJA>vpby<}Ka}IqS6rx9u&0JVR;_e{TyiRT2;p5pM0#dK9+LHB-Ye*= y8G+VBlgkbF-|J2OKBl*{e|BzT*}tbsIs+feI3b>tfDmYeg*h5zXlQ@L0rY@ diff --git a/krb5-1.21.3/doc/pdf/user.tex b/krb5-1.21.3/doc/pdf/user.tex deleted file mode 100644 index 38d9d91b..00000000 --- a/krb5-1.21.3/doc/pdf/user.tex +++ /dev/null @@ -1,2456 +0,0 @@ -%% Generated by Sphinx. -\def\sphinxdocclass{report} -\documentclass[letterpaper,10pt,english]{sphinxmanual} -\ifdefined\pdfpxdimen - \let\sphinxpxdimen\pdfpxdimen\else\newdimen\sphinxpxdimen -\fi \sphinxpxdimen=.75bp\relax -\ifdefined\pdfimageresolution - \pdfimageresolution= \numexpr \dimexpr1in\relax/\sphinxpxdimen\relax -\fi -%% let collapsible pdf bookmarks panel have high depth per default -\PassOptionsToPackage{bookmarksdepth=5}{hyperref} - -\PassOptionsToPackage{warn}{textcomp} -\usepackage[utf8]{inputenc} -\ifdefined\DeclareUnicodeCharacter -% support both utf8 and utf8x syntaxes - \ifdefined\DeclareUnicodeCharacterAsOptional - \def\sphinxDUC#1{\DeclareUnicodeCharacter{"#1}} - \else - \let\sphinxDUC\DeclareUnicodeCharacter - \fi - \sphinxDUC{00A0}{\nobreakspace} - \sphinxDUC{2500}{\sphinxunichar{2500}} - \sphinxDUC{2502}{\sphinxunichar{2502}} - \sphinxDUC{2514}{\sphinxunichar{2514}} - \sphinxDUC{251C}{\sphinxunichar{251C}} - \sphinxDUC{2572}{\textbackslash} -\fi -\usepackage{cmap} -\usepackage[T1]{fontenc} -\usepackage{amsmath,amssymb,amstext} -\usepackage{babel} - - - -\usepackage{tgtermes} -\usepackage{tgheros} -\renewcommand{\ttdefault}{txtt} - - - -\usepackage[Bjarne]{fncychap} -\usepackage{sphinx} - -\fvset{fontsize=auto} -\usepackage{geometry} - - -% Include hyperref last. -\usepackage{hyperref} -% Fix anchor placement for figures with captions. -\usepackage{hypcap}% it must be loaded after hyperref. -% Set up styles of URL: it should be placed after hyperref. -\urlstyle{same} - - -\usepackage{sphinxmessages} -\setcounter{tocdepth}{1} - - - -\title{Kerberos User Guide} -\date{ } -\release{1.21.3} -\author{MIT} -\newcommand{\sphinxlogo}{\vbox{}} -\renewcommand{\releasename}{Release} -\makeindex -\begin{document} - -\pagestyle{empty} -\sphinxmaketitle -\pagestyle{plain} -\sphinxtableofcontents -\pagestyle{normal} -\phantomsection\label{\detokenize{user/index::doc}} - - - -\chapter{Password management} -\label{\detokenize{user/pwd_mgmt:password-management}}\label{\detokenize{user/pwd_mgmt::doc}} -\sphinxAtStartPar -Your password is the only way Kerberos has of verifying your identity. -If someone finds out your password, that person can masquerade as -you—send email that comes from you, read, edit, or delete your files, -or log into other hosts as you—and no one will be able to tell the -difference. For this reason, it is important that you choose a good -password, and keep it secret. If you need to give access to your -account to someone else, you can do so through Kerberos (see -{\hyperref[\detokenize{user/pwd_mgmt:grant-access}]{\sphinxcrossref{\DUrole{std,std-ref}{Granting access to your account}}}}). You should never tell your password to anyone, -including your system administrator, for any reason. You should -change your password frequently, particularly any time you think -someone may have found out what it is. - - -\section{Changing your password} -\label{\detokenize{user/pwd_mgmt:changing-your-password}} -\sphinxAtStartPar -To change your Kerberos password, use the {\hyperref[\detokenize{user/user_commands/kpasswd:kpasswd-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kpasswd}}}} command. -It will ask you for your old password (to prevent someone else from -walking up to your computer when you’re not there and changing your -password), and then prompt you for the new one twice. (The reason you -have to type it twice is to make sure you have typed it correctly.) -For example, user \sphinxcode{\sphinxupquote{david}} would do the following: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kpasswd} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{david}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}} \PYG{n}{Type} \PYG{n}{your} \PYG{n}{old} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Enter} \PYG{n}{new} \PYG{n}{password}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}} \PYG{n}{Type} \PYG{n}{your} \PYG{n}{new} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Enter} \PYG{n}{it} \PYG{n}{again}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}} \PYG{n}{Type} \PYG{n}{the} \PYG{n}{new} \PYG{n}{password} \PYG{n}{again}\PYG{o}{.} -\PYG{n}{Password} \PYG{n}{changed}\PYG{o}{.} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If \sphinxcode{\sphinxupquote{david}} typed the incorrect old password, he would get the -following message: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kpasswd} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{david}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}} \PYG{n}{Type} \PYG{n}{the} \PYG{n}{incorrect} \PYG{n}{old} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{kpasswd}\PYG{p}{:} \PYG{n}{Password} \PYG{n}{incorrect} \PYG{k}{while} \PYG{n}{getting} \PYG{n}{initial} \PYG{n}{ticket} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If you make a mistake and don’t type the new password the same way -twice, kpasswd will ask you to try again: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kpasswd} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{david}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}} \PYG{n}{Type} \PYG{n}{the} \PYG{n}{old} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Enter} \PYG{n}{new} \PYG{n}{password}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}} \PYG{n}{Type} \PYG{n}{the} \PYG{n}{new} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{Enter} \PYG{n}{it} \PYG{n}{again}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}} \PYG{n}{Type} \PYG{n}{a} \PYG{n}{different} \PYG{n}{new} \PYG{n}{password}\PYG{o}{.} -\PYG{n}{kpasswd}\PYG{p}{:} \PYG{n}{Password} \PYG{n}{mismatch} \PYG{k}{while} \PYG{n}{reading} \PYG{n}{password} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Once you change your password, it takes some time for the change to -propagate through the system. Depending on how your system is set up, -this might be anywhere from a few minutes to an hour or more. If you -need to get new Kerberos tickets shortly after changing your password, -try the new password. If the new password doesn’t work, try again -using the old one. - - -\section{Granting access to your account} -\label{\detokenize{user/pwd_mgmt:granting-access-to-your-account}}\label{\detokenize{user/pwd_mgmt:grant-access}} -\sphinxAtStartPar -If you need to give someone access to log into your account, you can -do so through Kerberos, without telling the person your password. -Simply create a file called {\hyperref[\detokenize{user/user_config/k5login:k5login-5}]{\sphinxcrossref{\DUrole{std,std-ref}{.k5login}}}} in your home directory. -This file should contain the Kerberos principal of each person to whom -you wish to give access. Each principal must be on a separate line. -Here is a sample .k5login file: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{david}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This file would allow the users \sphinxcode{\sphinxupquote{jennifer}} and \sphinxcode{\sphinxupquote{david}} to use your -user ID, provided that they had Kerberos tickets in their respective -realms. If you will be logging into other hosts across a network, you -will want to include your own Kerberos principal in your .k5login file -on each of these hosts. - -\sphinxAtStartPar -Using a .k5login file is much safer than giving out your password, -because: -\begin{itemize} -\item {} -\sphinxAtStartPar -You can take access away any time simply by removing the principal -from your .k5login file. - -\item {} -\sphinxAtStartPar -Although the user has full access to your account on one particular -host (or set of hosts if your .k5login file is shared, e.g., over -NFS), that user does not inherit your network privileges. - -\item {} -\sphinxAtStartPar -Kerberos keeps a log of who obtains tickets, so a system -administrator could find out, if necessary, who was capable of using -your user ID at a particular time. - -\end{itemize} - -\sphinxAtStartPar -One common application is to have a .k5login file in root’s home -directory, giving root access to that machine to the Kerberos -principals listed. This allows system administrators to allow users -to become root locally, or to log in remotely as root, without their -having to give out the root password, and without anyone having to -type the root password over the network. - - -\section{Password quality verification} -\label{\detokenize{user/pwd_mgmt:password-quality-verification}} -\sphinxAtStartPar -TODO - - -\chapter{Ticket management} -\label{\detokenize{user/tkt_mgmt:ticket-management}}\label{\detokenize{user/tkt_mgmt::doc}} -\sphinxAtStartPar -On many systems, Kerberos is built into the login program, and you get -tickets automatically when you log in. Other programs, such as ssh, -can forward copies of your tickets to a remote host. Most of these -programs also automatically destroy your tickets when they exit. -However, MIT recommends that you explicitly destroy your Kerberos -tickets when you are through with them, just to be sure. One way to -help ensure that this happens is to add the {\hyperref[\detokenize{user/user_commands/kdestroy:kdestroy-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kdestroy}}}} command -to your .logout file. Additionally, if you are going to be away from -your machine and are concerned about an intruder using your -permissions, it is safest to either destroy all copies of your -tickets, or use a screensaver that locks the screen. - - -\section{Kerberos ticket properties} -\label{\detokenize{user/tkt_mgmt:kerberos-ticket-properties}} -\sphinxAtStartPar -There are various properties that Kerberos tickets can have: - -\sphinxAtStartPar -If a ticket is \sphinxstylestrong{forwardable}, then the KDC can issue a new ticket -(with a different network address, if necessary) based on the -forwardable ticket. This allows for authentication forwarding without -requiring a password to be typed in again. For example, if a user -with a forwardable TGT logs into a remote system, the KDC could issue -a new TGT for that user with the network address of the remote system, -allowing authentication on that host to work as though the user were -logged in locally. - -\sphinxAtStartPar -When the KDC creates a new ticket based on a forwardable ticket, it -sets the \sphinxstylestrong{forwarded} flag on that new ticket. Any tickets that are -created based on a ticket with the forwarded flag set will also have -their forwarded flags set. - -\sphinxAtStartPar -A \sphinxstylestrong{proxiable} ticket is similar to a forwardable ticket in that it -allows a service to take on the identity of the client. Unlike a -forwardable ticket, however, a proxiable ticket is only issued for -specific services. In other words, a ticket\sphinxhyphen{}granting ticket cannot be -issued based on a ticket that is proxiable but not forwardable. - -\sphinxAtStartPar -A \sphinxstylestrong{proxy} ticket is one that was issued based on a proxiable ticket. - -\sphinxAtStartPar -A \sphinxstylestrong{postdated} ticket is issued with the invalid flag set. After the -starting time listed on the ticket, it can be presented to the KDC to -obtain valid tickets. - -\sphinxAtStartPar -Ticket\sphinxhyphen{}granting tickets with the \sphinxstylestrong{postdateable} flag set can be used -to obtain postdated service tickets. - -\sphinxAtStartPar -\sphinxstylestrong{Renewable} tickets can be used to obtain new session keys without -the user entering their password again. A renewable ticket has two -expiration times. The first is the time at which this particular -ticket expires. The second is the latest possible expiration time for -any ticket issued based on this renewable ticket. - -\sphinxAtStartPar -A ticket with the \sphinxstylestrong{initial flag} set was issued based on the -authentication protocol, and not on a ticket\sphinxhyphen{}granting ticket. -Application servers that wish to ensure that the user’s key has been -recently presented for verification could specify that this flag must -be set to accept the ticket. - -\sphinxAtStartPar -An \sphinxstylestrong{invalid} ticket must be rejected by application servers. -Postdated tickets are usually issued with this flag set, and must be -validated by the KDC before they can be used. - -\sphinxAtStartPar -A \sphinxstylestrong{preauthenticated} ticket is one that was only issued after the -client requesting the ticket had authenticated itself to the KDC. - -\sphinxAtStartPar -The \sphinxstylestrong{hardware authentication} flag is set on a ticket which required -the use of hardware for authentication. The hardware is expected to -be possessed only by the client which requested the tickets. - -\sphinxAtStartPar -If a ticket has the \sphinxstylestrong{transit policy} checked flag set, then the KDC -that issued this ticket implements the transited\sphinxhyphen{}realm check policy -and checked the transited\sphinxhyphen{}realms list on the ticket. The -transited\sphinxhyphen{}realms list contains a list of all intermediate realms -between the realm of the KDC that issued the first ticket and that of -the one that issued the current ticket. If this flag is not set, then -the application server must check the transited realms itself or else -reject the ticket. - -\sphinxAtStartPar -The \sphinxstylestrong{okay as delegate} flag indicates that the server specified in -the ticket is suitable as a delegate as determined by the policy of -that realm. Some client applications may use this flag to decide -whether to forward tickets to a remote host, although many -applications do not honor it. - -\sphinxAtStartPar -An \sphinxstylestrong{anonymous} ticket is one in which the named principal is a -generic principal for that realm; it does not actually specify the -individual that will be using the ticket. This ticket is meant only -to securely distribute a session key. - - -\section{Obtaining tickets with kinit} -\label{\detokenize{user/tkt_mgmt:obtaining-tickets-with-kinit}}\label{\detokenize{user/tkt_mgmt:obtain-tkt}} -\sphinxAtStartPar -If your site has integrated Kerberos V5 with the login system, you -will get Kerberos tickets automatically when you log in. Otherwise, -you may need to explicitly obtain your Kerberos tickets, using the -{\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}} program. Similarly, if your Kerberos tickets expire, -use the kinit program to obtain new ones. - -\sphinxAtStartPar -To use the kinit program, simply type \sphinxcode{\sphinxupquote{kinit}} and then type your -password at the prompt. For example, Jennifer (whose username is -\sphinxcode{\sphinxupquote{jennifer}}) works for Bleep, Inc. (a fictitious company with the -domain name mit.edu and the Kerberos realm ATHENA.MIT.EDU). She would -type: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kinit} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}} \PYG{p}{[}\PYG{n}{Type} \PYG{n}{jennifer}\PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{s password here.]} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If you type your password incorrectly, kinit will give you the -following error message: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kinit} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}} \PYG{p}{[}\PYG{n}{Type} \PYG{n}{the} \PYG{n}{wrong} \PYG{n}{password} \PYG{n}{here}\PYG{o}{.}\PYG{p}{]} -\PYG{n}{kinit}\PYG{p}{:} \PYG{n}{Password} \PYG{n}{incorrect} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -and you won’t get Kerberos tickets. - -\sphinxAtStartPar -By default, kinit assumes you want tickets for your own username in -your default realm. Suppose Jennifer’s friend David is visiting, and -he wants to borrow a window to check his mail. David needs to get -tickets for himself in his own realm, EXAMPLE.COM. He would type: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kinit} \PYG{n}{david}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{david}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}} \PYG{p}{[}\PYG{n}{Type} \PYG{n}{david}\PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{s password here.]} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -David would then have tickets which he could use to log onto his own -machine. Note that he typed his password locally on Jennifer’s -machine, but it never went over the network. Kerberos on the local -host performed the authentication to the KDC in the other realm. - -\sphinxAtStartPar -If you want to be able to forward your tickets to another host, you -need to request forwardable tickets. You do this by specifying the -\sphinxstylestrong{\sphinxhyphen{}f} option: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kinit} \PYG{o}{\PYGZhy{}}\PYG{n}{f} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}} \PYG{p}{[}\PYG{n}{Type} \PYG{n}{your} \PYG{n}{password} \PYG{n}{here}\PYG{o}{.}\PYG{p}{]} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Note that kinit does not tell you that it obtained forwardable -tickets; you can verify this using the {\hyperref[\detokenize{user/user_commands/klist:klist-1}]{\sphinxcrossref{\DUrole{std,std-ref}{klist}}}} command (see -{\hyperref[\detokenize{user/tkt_mgmt:view-tkt}]{\sphinxcrossref{\DUrole{std,std-ref}{Viewing tickets with klist}}}}). - -\sphinxAtStartPar -Normally, your tickets are good for your system’s default ticket -lifetime, which is ten hours on many systems. You can specify a -different ticket lifetime with the \sphinxstylestrong{\sphinxhyphen{}l} option. Add the letter -\sphinxstylestrong{s} to the value for seconds, \sphinxstylestrong{m} for minutes, \sphinxstylestrong{h} for hours, or -\sphinxstylestrong{d} for days. For example, to obtain forwardable tickets for -\sphinxcode{\sphinxupquote{david@EXAMPLE.COM}} that would be good for three hours, you would -type: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kinit} \PYG{o}{\PYGZhy{}}\PYG{n}{f} \PYG{o}{\PYGZhy{}}\PYG{n}{l} \PYG{l+m+mi}{3}\PYG{n}{h} \PYG{n}{david}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{Password} \PYG{k}{for} \PYG{n}{david}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM}\PYG{p}{:} \PYG{o}{\PYGZlt{}}\PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}} \PYG{p}{[}\PYG{n}{Type} \PYG{n}{david}\PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{s password here.]} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -You cannot mix units; specifying a lifetime of 3h30m would -result in an error. Note also that most systems specify a -maximum ticket lifetime. If you request a longer ticket -lifetime, it will be automatically truncated to the maximum -lifetime. -\end{sphinxadmonition} - - -\section{Viewing tickets with klist} -\label{\detokenize{user/tkt_mgmt:viewing-tickets-with-klist}}\label{\detokenize{user/tkt_mgmt:view-tkt}} -\sphinxAtStartPar -The {\hyperref[\detokenize{user/user_commands/klist:klist-1}]{\sphinxcrossref{\DUrole{std,std-ref}{klist}}}} command shows your tickets. When you first obtain -tickets, you will have only the ticket\sphinxhyphen{}granting ticket. The listing -would look like this: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{klist} -\PYG{n}{Ticket} \PYG{n}{cache}\PYG{p}{:} \PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{krb5cc\PYGZus{}ttypa} -\PYG{n}{Default} \PYG{n}{principal}\PYG{p}{:} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - -\PYG{n}{Valid} \PYG{n}{starting} \PYG{n}{Expires} \PYG{n}{Service} \PYG{n}{principal} -\PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{19}\PYG{p}{:}\PYG{l+m+mi}{49}\PYG{p}{:}\PYG{l+m+mi}{21} \PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{08}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{05}\PYG{p}{:}\PYG{l+m+mi}{49}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The ticket cache is the location of your ticket file. In the above -example, this file is named \sphinxcode{\sphinxupquote{/tmp/krb5cc\_ttypa}}. The default -principal is your Kerberos principal. - -\sphinxAtStartPar -The “valid starting†and “expires†fields describe the period of time -during which the ticket is valid. The “service principal†describes -each ticket. The ticket\sphinxhyphen{}granting ticket has a first component -\sphinxcode{\sphinxupquote{krbtgt}}, and a second component which is the realm name. - -\sphinxAtStartPar -Now, if \sphinxcode{\sphinxupquote{jennifer}} connected to the machine \sphinxcode{\sphinxupquote{daffodil.mit.edu}}, -and then typed “klist†again, she would have gotten the following -result: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{klist} -\PYG{n}{Ticket} \PYG{n}{cache}\PYG{p}{:} \PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{krb5cc\PYGZus{}ttypa} -\PYG{n}{Default} \PYG{n}{principal}\PYG{p}{:} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - -\PYG{n}{Valid} \PYG{n}{starting} \PYG{n}{Expires} \PYG{n}{Service} \PYG{n}{principal} -\PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{19}\PYG{p}{:}\PYG{l+m+mi}{49}\PYG{p}{:}\PYG{l+m+mi}{21} \PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{08}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{05}\PYG{p}{:}\PYG{l+m+mi}{49}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{20}\PYG{p}{:}\PYG{l+m+mi}{22}\PYG{p}{:}\PYG{l+m+mi}{30} \PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{08}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{05}\PYG{p}{:}\PYG{l+m+mi}{49}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{host}\PYG{o}{/}\PYG{n}{daffodil}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Here’s what happened: when \sphinxcode{\sphinxupquote{jennifer}} used ssh to connect to the -host \sphinxcode{\sphinxupquote{daffodil.mit.edu}}, the ssh program presented her -ticket\sphinxhyphen{}granting ticket to the KDC and requested a host ticket for the -host \sphinxcode{\sphinxupquote{daffodil.mit.edu}}. The KDC sent the host ticket, which ssh -then presented to the host \sphinxcode{\sphinxupquote{daffodil.mit.edu}}, and she was allowed -to log in without typing her password. - -\sphinxAtStartPar -Suppose your Kerberos tickets allow you to log into a host in another -domain, such as \sphinxcode{\sphinxupquote{trillium.example.com}}, which is also in another -Kerberos realm, \sphinxcode{\sphinxupquote{EXAMPLE.COM}}. If you ssh to this host, you will -receive a ticket\sphinxhyphen{}granting ticket for the realm \sphinxcode{\sphinxupquote{EXAMPLE.COM}}, plus -the new host ticket for \sphinxcode{\sphinxupquote{trillium.example.com}}. klist will now -show: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{klist} -\PYG{n}{Ticket} \PYG{n}{cache}\PYG{p}{:} \PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{krb5cc\PYGZus{}ttypa} -\PYG{n}{Default} \PYG{n}{principal}\PYG{p}{:} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - -\PYG{n}{Valid} \PYG{n}{starting} \PYG{n}{Expires} \PYG{n}{Service} \PYG{n}{principal} -\PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{19}\PYG{p}{:}\PYG{l+m+mi}{49}\PYG{p}{:}\PYG{l+m+mi}{21} \PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{08}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{05}\PYG{p}{:}\PYG{l+m+mi}{49}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{20}\PYG{p}{:}\PYG{l+m+mi}{22}\PYG{p}{:}\PYG{l+m+mi}{30} \PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{08}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{05}\PYG{p}{:}\PYG{l+m+mi}{49}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{host}\PYG{o}{/}\PYG{n}{daffodil}\PYG{o}{.}\PYG{n}{mit}\PYG{o}{.}\PYG{n}{edu}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{20}\PYG{p}{:}\PYG{l+m+mi}{24}\PYG{p}{:}\PYG{l+m+mi}{18} \PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{08}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{05}\PYG{p}{:}\PYG{l+m+mi}{49}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} -\PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{20}\PYG{p}{:}\PYG{l+m+mi}{24}\PYG{p}{:}\PYG{l+m+mi}{18} \PYG{l+m+mi}{06}\PYG{o}{/}\PYG{l+m+mi}{08}\PYG{o}{/}\PYG{l+m+mi}{04} \PYG{l+m+mi}{05}\PYG{p}{:}\PYG{l+m+mi}{49}\PYG{p}{:}\PYG{l+m+mi}{19} \PYG{n}{host}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Depending on your host’s and realm’s configuration, you may also see a -ticket with the service principal \sphinxcode{\sphinxupquote{host/trillium.example.com@}}. If -so, this means that your host did not know what realm -trillium.example.com is in, so it asked the \sphinxcode{\sphinxupquote{ATHENA.MIT.EDU}} KDC for -a referral. The next time you connect to \sphinxcode{\sphinxupquote{trillium.example.com}}, -the odd\sphinxhyphen{}looking entry will be used to avoid needing to ask for a -referral again. - -\sphinxAtStartPar -You can use the \sphinxstylestrong{\sphinxhyphen{}f} option to view the flags that apply to your -tickets. The flags are: - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -F -& -\sphinxAtStartPar -Forwardable -\\ -\hline -\sphinxAtStartPar -f -& -\sphinxAtStartPar -forwarded -\\ -\hline -\sphinxAtStartPar -P -& -\sphinxAtStartPar -Proxiable -\\ -\hline -\sphinxAtStartPar -p -& -\sphinxAtStartPar -proxy -\\ -\hline -\sphinxAtStartPar -D -& -\sphinxAtStartPar -postDateable -\\ -\hline -\sphinxAtStartPar -d -& -\sphinxAtStartPar -postdated -\\ -\hline -\sphinxAtStartPar -R -& -\sphinxAtStartPar -Renewable -\\ -\hline -\sphinxAtStartPar -I -& -\sphinxAtStartPar -Initial -\\ -\hline -\sphinxAtStartPar -i -& -\sphinxAtStartPar -invalid -\\ -\hline -\sphinxAtStartPar -H -& -\sphinxAtStartPar -Hardware authenticated -\\ -\hline -\sphinxAtStartPar -A -& -\sphinxAtStartPar -preAuthenticated -\\ -\hline -\sphinxAtStartPar -T -& -\sphinxAtStartPar -Transit policy checked -\\ -\hline -\sphinxAtStartPar -O -& -\sphinxAtStartPar -Okay as delegate -\\ -\hline -\sphinxAtStartPar -a -& -\sphinxAtStartPar -anonymous -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - -\sphinxAtStartPar -Here is a sample listing. In this example, the user \sphinxstyleemphasis{jennifer} -obtained her initial tickets (\sphinxstylestrong{I}), which are forwardable (\sphinxstylestrong{F}) -and postdated (\sphinxstylestrong{d}) but not yet validated (\sphinxstylestrong{i}): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{klist} \PYG{o}{\PYGZhy{}}\PYG{n}{f} -\PYG{n}{Ticket} \PYG{n}{cache}\PYG{p}{:} \PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{krb5cc\PYGZus{}320} -\PYG{n}{Default} \PYG{n}{principal}\PYG{p}{:} \PYG{n}{jennifer}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - -\PYG{n}{Valid} \PYG{n}{starting} \PYG{n}{Expires} \PYG{n}{Service} \PYG{n}{principal} -\PYG{l+m+mi}{31}\PYG{o}{/}\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{05} \PYG{l+m+mi}{19}\PYG{p}{:}\PYG{l+m+mi}{06}\PYG{p}{:}\PYG{l+m+mi}{25} \PYG{l+m+mi}{31}\PYG{o}{/}\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{05} \PYG{l+m+mi}{19}\PYG{p}{:}\PYG{l+m+mi}{16}\PYG{p}{:}\PYG{l+m+mi}{25} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU}\PYG{n+nd}{@ATHENA}\PYG{o}{.}\PYG{n}{MIT}\PYG{o}{.}\PYG{n}{EDU} - \PYG{n}{Flags}\PYG{p}{:} \PYG{n}{FdiI} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -In the following example, the user \sphinxstyleemphasis{david}’s tickets were forwarded -(\sphinxstylestrong{f}) to this host from another host. The tickets are reforwardable -(\sphinxstylestrong{F}): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{klist} \PYG{o}{\PYGZhy{}}\PYG{n}{f} -\PYG{n}{Ticket} \PYG{n}{cache}\PYG{p}{:} \PYG{o}{/}\PYG{n}{tmp}\PYG{o}{/}\PYG{n}{krb5cc\PYGZus{}p11795} -\PYG{n}{Default} \PYG{n}{principal}\PYG{p}{:} \PYG{n}{david}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} - -\PYG{n}{Valid} \PYG{n}{starting} \PYG{n}{Expires} \PYG{n}{Service} \PYG{n}{principal} -\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{31}\PYG{o}{/}\PYG{l+m+mi}{05} \PYG{l+m+mi}{11}\PYG{p}{:}\PYG{l+m+mi}{52}\PYG{p}{:}\PYG{l+m+mi}{29} \PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{31}\PYG{o}{/}\PYG{l+m+mi}{05} \PYG{l+m+mi}{21}\PYG{p}{:}\PYG{l+m+mi}{11}\PYG{p}{:}\PYG{l+m+mi}{23} \PYG{n}{krbtgt}\PYG{o}{/}\PYG{n}{EXAMPLE}\PYG{o}{.}\PYG{n}{COM}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} - \PYG{n}{Flags}\PYG{p}{:} \PYG{n}{Ff} -\PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{31}\PYG{o}{/}\PYG{l+m+mi}{05} \PYG{l+m+mi}{12}\PYG{p}{:}\PYG{l+m+mi}{03}\PYG{p}{:}\PYG{l+m+mi}{48} \PYG{l+m+mi}{07}\PYG{o}{/}\PYG{l+m+mi}{31}\PYG{o}{/}\PYG{l+m+mi}{05} \PYG{l+m+mi}{21}\PYG{p}{:}\PYG{l+m+mi}{11}\PYG{p}{:}\PYG{l+m+mi}{23} \PYG{n}{host}\PYG{o}{/}\PYG{n}{trillium}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} - \PYG{n}{Flags}\PYG{p}{:} \PYG{n}{Ff} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - - -\section{Destroying tickets with kdestroy} -\label{\detokenize{user/tkt_mgmt:destroying-tickets-with-kdestroy}} -\sphinxAtStartPar -Your Kerberos tickets are proof that you are indeed yourself, and -tickets could be stolen if someone gains access to a computer where -they are stored. If this happens, the person who has them can -masquerade as you until they expire. For this reason, you should -destroy your Kerberos tickets when you are away from your computer. - -\sphinxAtStartPar -Destroying your tickets is easy. Simply type kdestroy: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdestroy} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If {\hyperref[\detokenize{user/user_commands/kdestroy:kdestroy-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kdestroy}}}} fails to destroy your tickets, it will beep and -give an error message. For example, if kdestroy can’t find any -tickets to destroy, it will give the following message: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{kdestroy} -\PYG{n}{kdestroy}\PYG{p}{:} \PYG{n}{No} \PYG{n}{credentials} \PYG{n}{cache} \PYG{n}{file} \PYG{n}{found} \PYG{k}{while} \PYG{n}{destroying} \PYG{n}{cache} -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} -\end{sphinxVerbatim} - - -\chapter{User config files} -\label{\detokenize{user/user_config/index:user-config-files}}\label{\detokenize{user/user_config/index::doc}} -\sphinxAtStartPar -The following files in your home directory can be used to control the -behavior of Kerberos as it applies to your account (unless they have -been disabled by your host’s configuration): - - -\section{kerberos} -\label{\detokenize{user/user_config/kerberos:kerberos}}\label{\detokenize{user/user_config/kerberos:kerberos-7}}\label{\detokenize{user/user_config/kerberos::doc}} - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_config/kerberos:description}} -\sphinxAtStartPar -The Kerberos system authenticates individual users in a network -environment. After authenticating yourself to Kerberos, you can use -Kerberos\sphinxhyphen{}enabled programs without having to present passwords or -certificates to those programs. - -\sphinxAtStartPar -If you receive the following response from {\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}}: - -\sphinxAtStartPar -kinit: Client not found in Kerberos database while getting initial -credentials - -\sphinxAtStartPar -you haven’t been registered as a Kerberos user. See your system -administrator. - -\sphinxAtStartPar -A Kerberos name usually contains three parts. The first is the -\sphinxstylestrong{primary}, which is usually a user’s or service’s name. The second -is the \sphinxstylestrong{instance}, which in the case of a user is usually null. -Some users may have privileged instances, however, such as \sphinxcode{\sphinxupquote{root}} or -\sphinxcode{\sphinxupquote{admin}}. In the case of a service, the instance is the fully -qualified name of the machine on which it runs; i.e. there can be an -ssh service running on the machine ABC (\sphinxhref{mailto:ssh/ABC@REALM}{ssh/ABC@REALM}), which is -different from the ssh service running on the machine XYZ -(\sphinxhref{mailto:ssh/XYZ@REALM}{ssh/XYZ@REALM}). The third part of a Kerberos name is the \sphinxstylestrong{realm}. -The realm corresponds to the Kerberos service providing authentication -for the principal. Realms are conventionally all\sphinxhyphen{}uppercase, and often -match the end of hostnames in the realm (for instance, host01.example.com -might be in realm EXAMPLE.COM). - -\sphinxAtStartPar -When writing a Kerberos name, the principal name is separated from the -instance (if not null) by a slash, and the realm (if not the local -realm) follows, preceded by an “@†sign. The following are examples -of valid Kerberos names: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{david} -\PYG{n}{jennifer}\PYG{o}{/}\PYG{n}{admin} -\PYG{n}{joeuser}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{cbrown}\PYG{o}{/}\PYG{n}{root}\PYG{n+nd}{@FUBAR}\PYG{o}{.}\PYG{n}{ORG} -\end{sphinxVerbatim} - -\sphinxAtStartPar -When you authenticate yourself with Kerberos you get an initial -Kerberos \sphinxstylestrong{ticket}. (A Kerberos ticket is an encrypted protocol -message that provides authentication.) Kerberos uses this ticket for -network utilities such as ssh. The ticket transactions are done -transparently, so you don’t have to worry about their management. - -\sphinxAtStartPar -Note, however, that tickets expire. Administrators may configure more -privileged tickets, such as those with service or instance of \sphinxcode{\sphinxupquote{root}} -or \sphinxcode{\sphinxupquote{admin}}, to expire in a few minutes, while tickets that carry -more ordinary privileges may be good for several hours or a day. If -your login session extends beyond the time limit, you will have to -re\sphinxhyphen{}authenticate yourself to Kerberos to get new tickets using the -{\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}} command. - -\sphinxAtStartPar -Some tickets are \sphinxstylestrong{renewable} beyond their initial lifetime. This -means that \sphinxcode{\sphinxupquote{kinit \sphinxhyphen{}R}} can extend their lifetime without requiring -you to re\sphinxhyphen{}authenticate. - -\sphinxAtStartPar -If you wish to delete your local tickets, use the {\hyperref[\detokenize{user/user_commands/kdestroy:kdestroy-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kdestroy}}}} -command. - -\sphinxAtStartPar -Kerberos tickets can be forwarded. In order to forward tickets, you -must request \sphinxstylestrong{forwardable} tickets when you kinit. Once you have -forwardable tickets, most Kerberos programs have a command line option -to forward them to the remote host. This can be useful for, e.g., -running kinit on your local machine and then sshing into another to do -work. Note that this should not be done on untrusted machines since -they will then have your tickets. - - -\subsection{ENVIRONMENT VARIABLES} -\label{\detokenize{user/user_config/kerberos:environment-variables}} -\sphinxAtStartPar -Several environment variables affect the operation of Kerberos\sphinxhyphen{}enabled -programs. These include: -\begin{description} -\item[{\sphinxstylestrong{KRB5CCNAME}}] \leavevmode -\sphinxAtStartPar -Default name for the credentials cache file, in the form -\sphinxstyleemphasis{TYPE}:\sphinxstyleemphasis{residual}. The type of the default cache may determine -the availability of a cache collection. \sphinxcode{\sphinxupquote{FILE}} is not a -collection type; \sphinxcode{\sphinxupquote{KEYRING}}, \sphinxcode{\sphinxupquote{DIR}}, and \sphinxcode{\sphinxupquote{KCM}} are. - -\sphinxAtStartPar -If not set, the value of \sphinxstylestrong{default\_ccache\_name} from -configuration files (see \sphinxstylestrong{KRB5\_CONFIG}) will be used. If that -is also not set, the default \sphinxstyleemphasis{type} is \sphinxcode{\sphinxupquote{FILE}}, and the -\sphinxstyleemphasis{residual} is the path /tmp/krb5cc\_*uid*, where \sphinxstyleemphasis{uid} is the -decimal user ID of the user. - -\item[{\sphinxstylestrong{KRB5\_KTNAME}}] \leavevmode -\sphinxAtStartPar -Specifies the location of the default keytab file, in the form -\sphinxstyleemphasis{TYPE}:\sphinxstyleemphasis{residual}. If no \sphinxstyleemphasis{type} is present, the \sphinxstylestrong{FILE} type is -assumed and \sphinxstyleemphasis{residual} is the pathname of the keytab file. If -unset, \DUrole{xref,std,std-ref}{DEFKTNAME} will be used. - -\item[{\sphinxstylestrong{KRB5\_CONFIG}}] \leavevmode -\sphinxAtStartPar -Specifies the location of the Kerberos configuration file. The -default is \DUrole{xref,std,std-ref}{SYSCONFDIR}\sphinxcode{\sphinxupquote{/krb5.conf}}. Multiple filenames can -be specified, separated by a colon; all files which are present -will be read. - -\item[{\sphinxstylestrong{KRB5\_KDC\_PROFILE}}] \leavevmode -\sphinxAtStartPar -Specifies the location of the KDC configuration file, which -contains additional configuration directives for the Key -Distribution Center daemon and associated programs. The default -is \DUrole{xref,std,std-ref}{LOCALSTATEDIR}\sphinxcode{\sphinxupquote{/krb5kdc}}\sphinxcode{\sphinxupquote{/kdc.conf}}. - -\item[{\sphinxstylestrong{KRB5RCACHENAME}}] \leavevmode -\sphinxAtStartPar -(New in release 1.18) Specifies the location of the default replay -cache, in the form \sphinxstyleemphasis{type}:\sphinxstyleemphasis{residual}. The \sphinxcode{\sphinxupquote{file2}} type with a -pathname residual specifies a replay cache file in the version\sphinxhyphen{}2 -format in the specified location. The \sphinxcode{\sphinxupquote{none}} type (residual is -ignored) disables the replay cache. The \sphinxcode{\sphinxupquote{dfl}} type (residual is -ignored) indicates the default, which uses a file2 replay cache in -a temporary directory. The default is \sphinxcode{\sphinxupquote{dfl:}}. - -\item[{\sphinxstylestrong{KRB5RCACHETYPE}}] \leavevmode -\sphinxAtStartPar -Specifies the type of the default replay cache, if -\sphinxstylestrong{KRB5RCACHENAME} is unspecified. No residual can be specified, -so \sphinxcode{\sphinxupquote{none}} and \sphinxcode{\sphinxupquote{dfl}} are the only useful types. - -\item[{\sphinxstylestrong{KRB5RCACHEDIR}}] \leavevmode -\sphinxAtStartPar -Specifies the directory used by the \sphinxcode{\sphinxupquote{dfl}} replay cache type. -The default is the value of the \sphinxstylestrong{TMPDIR} environment variable, -or \sphinxcode{\sphinxupquote{/var/tmp}} if \sphinxstylestrong{TMPDIR} is not set. - -\item[{\sphinxstylestrong{KRB5\_TRACE}}] \leavevmode -\sphinxAtStartPar -Specifies a filename to write trace log output to. Trace logs can -help illuminate decisions made internally by the Kerberos -libraries. For example, \sphinxcode{\sphinxupquote{env KRB5\_TRACE=/dev/stderr kinit}} -would send tracing information for {\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}} to -\sphinxcode{\sphinxupquote{/dev/stderr}}. The default is not to write trace log output -anywhere. - -\item[{\sphinxstylestrong{KRB5\_CLIENT\_KTNAME}}] \leavevmode -\sphinxAtStartPar -Default client keytab file name. If unset, \DUrole{xref,std,std-ref}{DEFCKTNAME} will be -used). - -\item[{\sphinxstylestrong{KPROP\_PORT}}] \leavevmode -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{kprop(8)} port to use. Defaults to 754. - -\item[{\sphinxstylestrong{GSS\_MECH\_CONFIG}}] \leavevmode -\sphinxAtStartPar -Specifies a filename containing GSSAPI mechanism module -configuration. The default is to read \DUrole{xref,std,std-ref}{SYSCONFDIR}\sphinxcode{\sphinxupquote{/gss/mech}} -and files with a \sphinxcode{\sphinxupquote{.conf}} suffix within the directory -\DUrole{xref,std,std-ref}{SYSCONFDIR}\sphinxcode{\sphinxupquote{/gss/mech.d}}. - -\end{description} - -\sphinxAtStartPar -Most environment variables are disabled for certain programs, such as -login system programs and setuid programs, which are designed to be -secure when run within an untrusted process environment. - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_config/kerberos:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{user/user_commands/kdestroy:kdestroy-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kdestroy}}}}, {\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}}, {\hyperref[\detokenize{user/user_commands/klist:klist-1}]{\sphinxcrossref{\DUrole{std,std-ref}{klist}}}}, -{\hyperref[\detokenize{user/user_commands/kswitch:kswitch-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kswitch}}}}, {\hyperref[\detokenize{user/user_commands/kpasswd:kpasswd-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kpasswd}}}}, {\hyperref[\detokenize{user/user_commands/ksu:ksu-1}]{\sphinxcrossref{\DUrole{std,std-ref}{ksu}}}}, -\DUrole{xref,std,std-ref}{krb5.conf(5)}, \DUrole{xref,std,std-ref}{kdc.conf(5)}, \DUrole{xref,std,std-ref}{kadmin(1)}, -\DUrole{xref,std,std-ref}{kadmind(8)}, \DUrole{xref,std,std-ref}{kdb5\_util(8)}, \DUrole{xref,std,std-ref}{krb5kdc(8)} - - -\subsection{BUGS} -\label{\detokenize{user/user_config/kerberos:bugs}} - -\subsection{AUTHORS} -\label{\detokenize{user/user_config/kerberos:authors}} -\begin{DUlineblock}{0em} -\item[] Steve Miller, MIT Project Athena/Digital Equipment Corporation -\item[] Clifford Neuman, MIT Project Athena -\item[] Greg Hudson, MIT Kerberos Consortium -\item[] Robbie Harwood, Red Hat, Inc. -\end{DUlineblock} - - -\subsection{HISTORY} -\label{\detokenize{user/user_config/kerberos:history}} -\sphinxAtStartPar -The MIT Kerberos 5 implementation was developed at MIT, with -contributions from many outside parties. It is currently maintained -by the MIT Kerberos Consortium. - - -\subsection{RESTRICTIONS} -\label{\detokenize{user/user_config/kerberos:restrictions}} -\sphinxAtStartPar -Copyright 1985, 1986, 1989\sphinxhyphen{}1996, 2002, 2011, 2018 Masachusetts -Institute of Technology - - -\section{.k5login} -\label{\detokenize{user/user_config/k5login:k5login}}\label{\detokenize{user/user_config/k5login:k5login-5}}\label{\detokenize{user/user_config/k5login::doc}} - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_config/k5login:description}} -\sphinxAtStartPar -The .k5login file, which resides in a user’s home directory, contains -a list of the Kerberos principals. Anyone with valid tickets for a -principal in the file is allowed host access with the UID of the user -in whose home directory the file resides. One common use is to place -a .k5login file in root’s home directory, thereby granting system -administrators remote root access to the host via Kerberos. - - -\subsection{EXAMPLES} -\label{\detokenize{user/user_config/k5login:examples}} -\sphinxAtStartPar -Suppose the user \sphinxcode{\sphinxupquote{alice}} had a .k5login file in her home directory -containing just the following line: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{bob}\PYG{n+nd}{@FOOBAR}\PYG{o}{.}\PYG{n}{ORG} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This would allow \sphinxcode{\sphinxupquote{bob}} to use Kerberos network applications, such as -ssh(1), to access \sphinxcode{\sphinxupquote{alice}}’s account, using \sphinxcode{\sphinxupquote{bob}}’s Kerberos -tickets. In a default configuration (with \sphinxstylestrong{k5login\_authoritative} set -to true in \DUrole{xref,std,std-ref}{krb5.conf(5)}), this .k5login file would not let -\sphinxcode{\sphinxupquote{alice}} use those network applications to access her account, since -she is not listed! With no .k5login file, or with \sphinxstylestrong{k5login\_authoritative} -set to false, a default rule would permit the principal \sphinxcode{\sphinxupquote{alice}} in the -machine’s default realm to access the \sphinxcode{\sphinxupquote{alice}} account. - -\sphinxAtStartPar -Let us further suppose that \sphinxcode{\sphinxupquote{alice}} is a system administrator. -Alice and the other system administrators would have their principals -in root’s .k5login file on each host: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{alice}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM} - -\PYG{n}{joeadmin}\PYG{o}{/}\PYG{n}{root}\PYG{n+nd}{@BLEEP}\PYG{o}{.}\PYG{n}{COM} -\end{sphinxVerbatim} - -\sphinxAtStartPar -This would allow either system administrator to log in to these hosts -using their Kerberos tickets instead of having to type the root -password. Note that because \sphinxcode{\sphinxupquote{bob}} retains the Kerberos tickets for -his own principal, \sphinxcode{\sphinxupquote{bob@FOOBAR.ORG}}, he would not have any of the -privileges that require \sphinxcode{\sphinxupquote{alice}}’s tickets, such as root access to -any of the site’s hosts, or the ability to change \sphinxcode{\sphinxupquote{alice}}’s -password. - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_config/k5login:see-also}} -\sphinxAtStartPar -kerberos(1) - - -\section{.k5identity} -\label{\detokenize{user/user_config/k5identity:k5identity}}\label{\detokenize{user/user_config/k5identity:k5identity-5}}\label{\detokenize{user/user_config/k5identity::doc}} - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_config/k5identity:description}} -\sphinxAtStartPar -The .k5identity file, which resides in a user’s home directory, -contains a list of rules for selecting a client principals based on -the server being accessed. These rules are used to choose a -credential cache within the cache collection when possible. - -\sphinxAtStartPar -Blank lines and lines beginning with \sphinxcode{\sphinxupquote{\#}} are ignored. Each line has -the form: -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{principal} \sphinxstyleemphasis{field}=\sphinxstyleemphasis{value} … -\end{quote} - -\sphinxAtStartPar -If the server principal meets all of the field constraints, then -principal is chosen as the client principal. The following fields are -recognized: -\begin{description} -\item[{\sphinxstylestrong{realm}}] \leavevmode -\sphinxAtStartPar -If the realm of the server principal is known, it is matched -against \sphinxstyleemphasis{value}, which may be a pattern using shell wildcards. -For host\sphinxhyphen{}based server principals, the realm will generally only be -known if there is a \DUrole{xref,std,std-ref}{domain\_realm} section in -\DUrole{xref,std,std-ref}{krb5.conf(5)} with a mapping for the hostname. - -\item[{\sphinxstylestrong{service}}] \leavevmode -\sphinxAtStartPar -If the server principal is a host\sphinxhyphen{}based principal, its service -component is matched against \sphinxstyleemphasis{value}, which may be a pattern using -shell wildcards. - -\item[{\sphinxstylestrong{host}}] \leavevmode -\sphinxAtStartPar -If the server principal is a host\sphinxhyphen{}based principal, its hostname -component is converted to lower case and matched against \sphinxstyleemphasis{value}, -which may be a pattern using shell wildcards. - -\sphinxAtStartPar -If the server principal matches the constraints of multiple lines -in the .k5identity file, the principal from the first matching -line is used. If no line matches, credentials will be selected -some other way, such as the realm heuristic or the current primary -cache. - -\end{description} - - -\subsection{EXAMPLE} -\label{\detokenize{user/user_config/k5identity:example}} -\sphinxAtStartPar -The following example .k5identity file selects the client principal -\sphinxcode{\sphinxupquote{alice@KRBTEST.COM}} if the server principal is within that realm, -the principal \sphinxcode{\sphinxupquote{alice/root@EXAMPLE.COM}} if the server host is within -a servers subdomain, and the principal \sphinxcode{\sphinxupquote{alice/mail@EXAMPLE.COM}} when -accessing the IMAP service on \sphinxcode{\sphinxupquote{mail.example.com}}: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{alice}\PYG{n+nd}{@KRBTEST}\PYG{o}{.}\PYG{n}{COM} \PYG{n}{realm}\PYG{o}{=}\PYG{n}{KRBTEST}\PYG{o}{.}\PYG{n}{COM} -\PYG{n}{alice}\PYG{o}{/}\PYG{n}{root}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} \PYG{n}{host}\PYG{o}{=}\PYG{o}{*}\PYG{o}{.}\PYG{n}{servers}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com} -\PYG{n}{alice}\PYG{o}{/}\PYG{n}{mail}\PYG{n+nd}{@EXAMPLE}\PYG{o}{.}\PYG{n}{COM} \PYG{n}{host}\PYG{o}{=}\PYG{n}{mail}\PYG{o}{.}\PYG{n}{example}\PYG{o}{.}\PYG{n}{com} \PYG{n}{service}\PYG{o}{=}\PYG{n}{imap} -\end{sphinxVerbatim} - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_config/k5identity:see-also}} -\sphinxAtStartPar -kerberos(1), \DUrole{xref,std,std-ref}{krb5.conf(5)} - - -\chapter{User commands} -\label{\detokenize{user/user_commands/index:user-commands}}\label{\detokenize{user/user_commands/index:id1}}\label{\detokenize{user/user_commands/index::doc}} - -\section{kdestroy} -\label{\detokenize{user/user_commands/kdestroy:kdestroy}}\label{\detokenize{user/user_commands/kdestroy:kdestroy-1}}\label{\detokenize{user/user_commands/kdestroy::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{user/user_commands/kdestroy:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kdestroy} -{[}\sphinxstylestrong{\sphinxhyphen{}A}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}q}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{cache\_name}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{princ\_name}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_commands/kdestroy:description}} -\sphinxAtStartPar -The kdestroy utility destroys the user’s active Kerberos authorization -tickets by overwriting and deleting the credentials cache that -contains them. If the credentials cache is not specified, the default -credentials cache is destroyed. - - -\subsection{OPTIONS} -\label{\detokenize{user/user_commands/kdestroy:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}A}}] \leavevmode -\sphinxAtStartPar -Destroys all caches in the collection, if a cache collection is -available. May be used with the \sphinxstylestrong{\sphinxhyphen{}c} option to specify the -collection to be destroyed. - -\item[{\sphinxstylestrong{\sphinxhyphen{}q}}] \leavevmode -\sphinxAtStartPar -Run quietly. Normally kdestroy beeps if it fails to destroy the -user’s tickets. The \sphinxstylestrong{\sphinxhyphen{}q} flag suppresses this behavior. - -\item[{\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{cache\_name}}] \leavevmode -\sphinxAtStartPar -Use \sphinxstyleemphasis{cache\_name} as the credentials (ticket) cache name and -location; if this option is not used, the default cache name and -location are used. - -\sphinxAtStartPar -The default credentials cache may vary between systems. If the -\sphinxstylestrong{KRB5CCNAME} environment variable is set, its value is used to -name the default ticket cache. - -\item[{\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{princ\_name}}] \leavevmode -\sphinxAtStartPar -If a cache collection is available, destroy the cache for -\sphinxstyleemphasis{princ\_name} instead of the primary cache. May be used with the -\sphinxstylestrong{\sphinxhyphen{}c} option to specify the collection to be searched. - -\end{description} - - -\subsection{NOTE} -\label{\detokenize{user/user_commands/kdestroy:note}} -\sphinxAtStartPar -Most installations recommend that you place the kdestroy command in -your .logout file, so that your tickets are destroyed automatically -when you log out. - - -\subsection{ENVIRONMENT} -\label{\detokenize{user/user_commands/kdestroy:environment}} -\sphinxAtStartPar -See {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} for a description of Kerberos environment -variables. - - -\subsection{FILES} -\label{\detokenize{user/user_commands/kdestroy:files}}\begin{description} -\item[{\DUrole{xref,std,std-ref}{DEFCCNAME}}] \leavevmode -\sphinxAtStartPar -Default location of Kerberos 5 credentials cache - -\end{description} - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_commands/kdestroy:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}}, {\hyperref[\detokenize{user/user_commands/klist:klist-1}]{\sphinxcrossref{\DUrole{std,std-ref}{klist}}}}, {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} - - -\section{kinit} -\label{\detokenize{user/user_commands/kinit:kinit}}\label{\detokenize{user/user_commands/kinit:kinit-1}}\label{\detokenize{user/user_commands/kinit::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{user/user_commands/kinit:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kinit} -{[}\sphinxstylestrong{\sphinxhyphen{}V}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}l} \sphinxstyleemphasis{lifetime}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}s} \sphinxstyleemphasis{start\_time}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{renewable\_life}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}p} | \sphinxhyphen{}\sphinxstylestrong{P}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}f} | \sphinxhyphen{}\sphinxstylestrong{F}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}a}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}A}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}C}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}E}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}v}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}R}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}k} {[}\sphinxstylestrong{\sphinxhyphen{}i} | \sphinxhyphen{}\sphinxstylestrong{t} \sphinxstyleemphasis{keytab\_file}{]}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{cache\_name}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}n}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}S} \sphinxstyleemphasis{service\_name}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}I} \sphinxstyleemphasis{input\_ccache}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}T} \sphinxstyleemphasis{armor\_ccache}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}X} \sphinxstyleemphasis{attribute}{[}=\sphinxstyleemphasis{value}{]}{]} -{[}\sphinxstylestrong{\textendash{}request\sphinxhyphen{}pac} | \sphinxstylestrong{\textendash{}no\sphinxhyphen{}request\sphinxhyphen{}pac}{]} -{[}\sphinxstyleemphasis{principal}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_commands/kinit:description}} -\sphinxAtStartPar -kinit obtains and caches an initial ticket\sphinxhyphen{}granting ticket for -\sphinxstyleemphasis{principal}. If \sphinxstyleemphasis{principal} is absent, kinit chooses an appropriate -principal name based on existing credential cache contents or the -local username of the user invoking kinit. Some options modify the -choice of principal name. - - -\subsection{OPTIONS} -\label{\detokenize{user/user_commands/kinit:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}V}}] \leavevmode -\sphinxAtStartPar -display verbose output. - -\item[{\sphinxstylestrong{\sphinxhyphen{}l} \sphinxstyleemphasis{lifetime}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} string.) Requests a ticket with the lifetime -\sphinxstyleemphasis{lifetime}. - -\sphinxAtStartPar -For example, \sphinxcode{\sphinxupquote{kinit \sphinxhyphen{}l 5:30}} or \sphinxcode{\sphinxupquote{kinit \sphinxhyphen{}l 5h30m}}. - -\sphinxAtStartPar -If the \sphinxstylestrong{\sphinxhyphen{}l} option is not specified, the default ticket lifetime -(configured by each site) is used. Specifying a ticket lifetime -longer than the maximum ticket lifetime (configured by each site) -will not override the configured maximum ticket lifetime. - -\item[{\sphinxstylestrong{\sphinxhyphen{}s} \sphinxstyleemphasis{start\_time}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} string.) Requests a postdated ticket. Postdated -tickets are issued with the \sphinxstylestrong{invalid} flag set, and need to be -resubmitted to the KDC for validation before use. - -\sphinxAtStartPar -\sphinxstyleemphasis{start\_time} specifies the duration of the delay before the ticket -can become valid. - -\item[{\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{renewable\_life}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} string.) Requests renewable tickets, with a total -lifetime of \sphinxstyleemphasis{renewable\_life}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}f}}] \leavevmode -\sphinxAtStartPar -requests forwardable tickets. - -\item[{\sphinxstylestrong{\sphinxhyphen{}F}}] \leavevmode -\sphinxAtStartPar -requests non\sphinxhyphen{}forwardable tickets. - -\item[{\sphinxstylestrong{\sphinxhyphen{}p}}] \leavevmode -\sphinxAtStartPar -requests proxiable tickets. - -\item[{\sphinxstylestrong{\sphinxhyphen{}P}}] \leavevmode -\sphinxAtStartPar -requests non\sphinxhyphen{}proxiable tickets. - -\item[{\sphinxstylestrong{\sphinxhyphen{}a}}] \leavevmode -\sphinxAtStartPar -requests tickets restricted to the host’s local address{[}es{]}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}A}}] \leavevmode -\sphinxAtStartPar -requests tickets not restricted by address. - -\item[{\sphinxstylestrong{\sphinxhyphen{}C}}] \leavevmode -\sphinxAtStartPar -requests canonicalization of the principal name, and allows the -KDC to reply with a different client principal from the one -requested. - -\item[{\sphinxstylestrong{\sphinxhyphen{}E}}] \leavevmode -\sphinxAtStartPar -treats the principal name as an enterprise name. - -\item[{\sphinxstylestrong{\sphinxhyphen{}v}}] \leavevmode -\sphinxAtStartPar -requests that the ticket\sphinxhyphen{}granting ticket in the cache (with the -\sphinxstylestrong{invalid} flag set) be passed to the KDC for validation. If the -ticket is within its requested time range, the cache is replaced -with the validated ticket. - -\item[{\sphinxstylestrong{\sphinxhyphen{}R}}] \leavevmode -\sphinxAtStartPar -requests renewal of the ticket\sphinxhyphen{}granting ticket. Note that an -expired ticket cannot be renewed, even if the ticket is still -within its renewable life. - -\sphinxAtStartPar -Note that renewable tickets that have expired as reported by -{\hyperref[\detokenize{user/user_commands/klist:klist-1}]{\sphinxcrossref{\DUrole{std,std-ref}{klist}}}} may sometimes be renewed using this option, -because the KDC applies a grace period to account for client\sphinxhyphen{}KDC -clock skew. See \DUrole{xref,std,std-ref}{krb5.conf(5)} \sphinxstylestrong{clockskew} setting. - -\item[{\sphinxstylestrong{\sphinxhyphen{}k} {[}\sphinxstylestrong{\sphinxhyphen{}i} | \sphinxstylestrong{\sphinxhyphen{}t} \sphinxstyleemphasis{keytab\_file}{]}}] \leavevmode -\sphinxAtStartPar -requests a ticket, obtained from a key in the local host’s keytab. -The location of the keytab may be specified with the \sphinxstylestrong{\sphinxhyphen{}t} -\sphinxstyleemphasis{keytab\_file} option, or with the \sphinxstylestrong{\sphinxhyphen{}i} option to specify the use -of the default client keytab; otherwise the default keytab will be -used. By default, a host ticket for the local host is requested, -but any principal may be specified. On a KDC, the special keytab -location \sphinxcode{\sphinxupquote{KDB:}} can be used to indicate that kinit should open -the KDC database and look up the key directly. This permits an -administrator to obtain tickets as any principal that supports -authentication based on the key. - -\item[{\sphinxstylestrong{\sphinxhyphen{}n}}] \leavevmode -\sphinxAtStartPar -Requests anonymous processing. Two types of anonymous principals -are supported. - -\sphinxAtStartPar -For fully anonymous Kerberos, configure pkinit on the KDC and -configure \sphinxstylestrong{pkinit\_anchors} in the client’s \DUrole{xref,std,std-ref}{krb5.conf(5)}. -Then use the \sphinxstylestrong{\sphinxhyphen{}n} option with a principal of the form \sphinxcode{\sphinxupquote{@REALM}} -(an empty principal name followed by the at\sphinxhyphen{}sign and a realm -name). If permitted by the KDC, an anonymous ticket will be -returned. - -\sphinxAtStartPar -A second form of anonymous tickets is supported; these -realm\sphinxhyphen{}exposed tickets hide the identity of the client but not the -client’s realm. For this mode, use \sphinxcode{\sphinxupquote{kinit \sphinxhyphen{}n}} with a normal -principal name. If supported by the KDC, the principal (but not -realm) will be replaced by the anonymous principal. - -\sphinxAtStartPar -As of release 1.8, the MIT Kerberos KDC only supports fully -anonymous operation. - -\end{description} - -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}I} \sphinxstyleemphasis{input\_ccache} -\begin{quote} - -\sphinxAtStartPar -Specifies the name of a credentials cache that already contains a -ticket. When obtaining that ticket, if information about how that -ticket was obtained was also stored to the cache, that information -will be used to affect how new credentials are obtained, including -preselecting the same methods of authenticating to the KDC. -\end{quote} -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}T} \sphinxstyleemphasis{armor\_ccache}}] \leavevmode -\sphinxAtStartPar -Specifies the name of a credentials cache that already contains a -ticket. If supported by the KDC, this cache will be used to armor -the request, preventing offline dictionary attacks and allowing -the use of additional preauthentication mechanisms. Armoring also -makes sure that the response from the KDC is not modified in -transit. - -\item[{\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{cache\_name}}] \leavevmode -\sphinxAtStartPar -use \sphinxstyleemphasis{cache\_name} as the Kerberos 5 credentials (ticket) cache -location. If this option is not used, the default cache location -is used. - -\sphinxAtStartPar -The default cache location may vary between systems. If the -\sphinxstylestrong{KRB5CCNAME} environment variable is set, its value is used to -locate the default cache. If a principal name is specified and -the type of the default cache supports a collection (such as the -DIR type), an existing cache containing credentials for the -principal is selected or a new one is created and becomes the new -primary cache. Otherwise, any existing contents of the default -cache are destroyed by kinit. - -\item[{\sphinxstylestrong{\sphinxhyphen{}S} \sphinxstyleemphasis{service\_name}}] \leavevmode -\sphinxAtStartPar -specify an alternate service name to use when getting initial -tickets. - -\item[{\sphinxstylestrong{\sphinxhyphen{}X} \sphinxstyleemphasis{attribute}{[}=\sphinxstyleemphasis{value}{]}}] \leavevmode -\sphinxAtStartPar -specify a pre\sphinxhyphen{}authentication \sphinxstyleemphasis{attribute} and \sphinxstyleemphasis{value} to be -interpreted by pre\sphinxhyphen{}authentication modules. The acceptable -attribute and value values vary from module to module. This -option may be specified multiple times to specify multiple -attributes. If no value is specified, it is assumed to be “yesâ€. - -\sphinxAtStartPar -The following attributes are recognized by the PKINIT -pre\sphinxhyphen{}authentication mechanism: -\begin{description} -\item[{\sphinxstylestrong{X509\_user\_identity}=\sphinxstyleemphasis{value}}] \leavevmode -\sphinxAtStartPar -specify where to find user’s X509 identity information - -\item[{\sphinxstylestrong{X509\_anchors}=\sphinxstyleemphasis{value}}] \leavevmode -\sphinxAtStartPar -specify where to find trusted X509 anchor information - -\item[{\sphinxstylestrong{flag\_RSA\_PROTOCOL}{[}\sphinxstylestrong{=yes}{]}}] \leavevmode -\sphinxAtStartPar -specify use of RSA, rather than the default Diffie\sphinxhyphen{}Hellman -protocol - -\item[{\sphinxstylestrong{disable\_freshness}{[}\sphinxstylestrong{=yes}{]}}] \leavevmode -\sphinxAtStartPar -disable sending freshness tokens (for testing purposes only) - -\end{description} - -\item[{\sphinxstylestrong{\textendash{}request\sphinxhyphen{}pac} | \sphinxstylestrong{\textendash{}no\sphinxhyphen{}request\sphinxhyphen{}pac}}] \leavevmode -\sphinxAtStartPar -mutually exclusive. If \sphinxstylestrong{\textendash{}request\sphinxhyphen{}pac} is set, ask the KDC to -include a PAC in authdata; if \sphinxstylestrong{\textendash{}no\sphinxhyphen{}request\sphinxhyphen{}pac} is set, ask the -KDC not to include a PAC; if neither are set, the KDC will follow -its default, which is typically is to include a PAC if doing so is -supported. - -\end{description} - - -\subsection{ENVIRONMENT} -\label{\detokenize{user/user_commands/kinit:environment}} -\sphinxAtStartPar -See {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} for a description of Kerberos environment -variables. - - -\subsection{FILES} -\label{\detokenize{user/user_commands/kinit:files}}\begin{description} -\item[{\DUrole{xref,std,std-ref}{DEFCCNAME}}] \leavevmode -\sphinxAtStartPar -default location of Kerberos 5 credentials cache - -\item[{\DUrole{xref,std,std-ref}{DEFKTNAME}}] \leavevmode -\sphinxAtStartPar -default location for the local host’s keytab. - -\end{description} - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_commands/kinit:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{user/user_commands/klist:klist-1}]{\sphinxcrossref{\DUrole{std,std-ref}{klist}}}}, {\hyperref[\detokenize{user/user_commands/kdestroy:kdestroy-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kdestroy}}}}, {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} - - -\section{klist} -\label{\detokenize{user/user_commands/klist:klist}}\label{\detokenize{user/user_commands/klist:klist-1}}\label{\detokenize{user/user_commands/klist::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{user/user_commands/klist:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{klist} -{[}\sphinxstylestrong{\sphinxhyphen{}e}{]} -{[}{[}\sphinxstylestrong{\sphinxhyphen{}c}{]} {[}\sphinxstylestrong{\sphinxhyphen{}l}{]} {[}\sphinxstylestrong{\sphinxhyphen{}A}{]} {[}\sphinxstylestrong{\sphinxhyphen{}f}{]} {[}\sphinxstylestrong{\sphinxhyphen{}s}{]} {[}\sphinxstylestrong{\sphinxhyphen{}a} {[}\sphinxstylestrong{\sphinxhyphen{}n}{]}{]}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}C}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}k} {[}\sphinxstylestrong{\sphinxhyphen{}i}{]} {[}\sphinxstylestrong{\sphinxhyphen{}t}{]} {[}\sphinxstylestrong{\sphinxhyphen{}K}{]}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}V}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}d}{]} -{[}\sphinxstyleemphasis{cache\_name}|\sphinxstyleemphasis{keytab\_name}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_commands/klist:description}} -\sphinxAtStartPar -klist lists the Kerberos principal and Kerberos tickets held in a -credentials cache, or the keys held in a keytab file. - - -\subsection{OPTIONS} -\label{\detokenize{user/user_commands/klist:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}e}}] \leavevmode -\sphinxAtStartPar -Displays the encryption types of the session key and the ticket -for each credential in the credential cache, or each key in the -keytab file. - -\item[{\sphinxstylestrong{\sphinxhyphen{}l}}] \leavevmode -\sphinxAtStartPar -If a cache collection is available, displays a table summarizing -the caches present in the collection. - -\item[{\sphinxstylestrong{\sphinxhyphen{}A}}] \leavevmode -\sphinxAtStartPar -If a cache collection is available, displays the contents of all -of the caches in the collection. - -\item[{\sphinxstylestrong{\sphinxhyphen{}c}}] \leavevmode -\sphinxAtStartPar -List tickets held in a credentials cache. This is the default if -neither \sphinxstylestrong{\sphinxhyphen{}c} nor \sphinxstylestrong{\sphinxhyphen{}k} is specified. - -\item[{\sphinxstylestrong{\sphinxhyphen{}f}}] \leavevmode -\sphinxAtStartPar -Shows the flags present in the credentials, using the following -abbreviations: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{F} \PYG{n}{Forwardable} -\PYG{n}{f} \PYG{n}{forwarded} -\PYG{n}{P} \PYG{n}{Proxiable} -\PYG{n}{p} \PYG{n}{proxy} -\PYG{n}{D} \PYG{n}{postDateable} -\PYG{n}{d} \PYG{n}{postdated} -\PYG{n}{R} \PYG{n}{Renewable} -\PYG{n}{I} \PYG{n}{Initial} -\PYG{n}{i} \PYG{n}{invalid} -\PYG{n}{H} \PYG{n}{Hardware} \PYG{n}{authenticated} -\PYG{n}{A} \PYG{n}{preAuthenticated} -\PYG{n}{T} \PYG{n}{Transit} \PYG{n}{policy} \PYG{n}{checked} -\PYG{n}{O} \PYG{n}{Okay} \PYG{k}{as} \PYG{n}{delegate} -\PYG{n}{a} \PYG{n}{anonymous} -\end{sphinxVerbatim} - -\item[{\sphinxstylestrong{\sphinxhyphen{}s}}] \leavevmode -\sphinxAtStartPar -Causes klist to run silently (produce no output). klist will exit -with status 1 if the credentials cache cannot be read or is -expired, and with status 0 otherwise. - -\item[{\sphinxstylestrong{\sphinxhyphen{}a}}] \leavevmode -\sphinxAtStartPar -Display list of addresses in credentials. - -\item[{\sphinxstylestrong{\sphinxhyphen{}n}}] \leavevmode -\sphinxAtStartPar -Show numeric addresses instead of reverse\sphinxhyphen{}resolving addresses. - -\item[{\sphinxstylestrong{\sphinxhyphen{}C}}] \leavevmode -\sphinxAtStartPar -List configuration data that has been stored in the credentials -cache when klist encounters it. By default, configuration data -is not listed. - -\item[{\sphinxstylestrong{\sphinxhyphen{}k}}] \leavevmode -\sphinxAtStartPar -List keys held in a keytab file. - -\item[{\sphinxstylestrong{\sphinxhyphen{}i}}] \leavevmode -\sphinxAtStartPar -In combination with \sphinxstylestrong{\sphinxhyphen{}k}, defaults to using the default client -keytab instead of the default acceptor keytab, if no name is -given. - -\item[{\sphinxstylestrong{\sphinxhyphen{}t}}] \leavevmode -\sphinxAtStartPar -Display the time entry timestamps for each keytab entry in the -keytab file. - -\item[{\sphinxstylestrong{\sphinxhyphen{}K}}] \leavevmode -\sphinxAtStartPar -Display the value of the encryption key in each keytab entry in -the keytab file. - -\item[{\sphinxstylestrong{\sphinxhyphen{}d}}] \leavevmode -\sphinxAtStartPar -Display the authdata types (if any) for each entry. - -\item[{\sphinxstylestrong{\sphinxhyphen{}V}}] \leavevmode -\sphinxAtStartPar -Display the Kerberos version number and exit. - -\end{description} - -\sphinxAtStartPar -If \sphinxstyleemphasis{cache\_name} or \sphinxstyleemphasis{keytab\_name} is not specified, klist will display -the credentials in the default credentials cache or keytab file as -appropriate. If the \sphinxstylestrong{KRB5CCNAME} environment variable is set, its -value is used to locate the default ticket cache. - - -\subsection{ENVIRONMENT} -\label{\detokenize{user/user_commands/klist:environment}} -\sphinxAtStartPar -See {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} for a description of Kerberos environment -variables. - - -\subsection{FILES} -\label{\detokenize{user/user_commands/klist:files}}\begin{description} -\item[{\DUrole{xref,std,std-ref}{DEFCCNAME}}] \leavevmode -\sphinxAtStartPar -Default location of Kerberos 5 credentials cache - -\item[{\DUrole{xref,std,std-ref}{DEFKTNAME}}] \leavevmode -\sphinxAtStartPar -Default location for the local host’s keytab file. - -\end{description} - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_commands/klist:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}}, {\hyperref[\detokenize{user/user_commands/kdestroy:kdestroy-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kdestroy}}}}, {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} - - -\section{kpasswd} -\label{\detokenize{user/user_commands/kpasswd:kpasswd}}\label{\detokenize{user/user_commands/kpasswd:kpasswd-1}}\label{\detokenize{user/user_commands/kpasswd::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{user/user_commands/kpasswd:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kpasswd} {[}\sphinxstyleemphasis{principal}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_commands/kpasswd:description}} -\sphinxAtStartPar -The kpasswd command is used to change a Kerberos principal’s password. -kpasswd first prompts for the current Kerberos password, then prompts -the user twice for the new password, and the password is changed. - -\sphinxAtStartPar -If the principal is governed by a policy that specifies the length -and/or number of character classes required in the new password, the -new password must conform to the policy. (The five character classes -are lower case, upper case, numbers, punctuation, and all other -characters.) - - -\subsection{OPTIONS} -\label{\detokenize{user/user_commands/kpasswd:options}}\begin{description} -\item[{\sphinxstyleemphasis{principal}}] \leavevmode -\sphinxAtStartPar -Change the password for the Kerberos principal principal. -Otherwise, kpasswd uses the principal name from an existing ccache -if there is one; if not, the principal is derived from the -identity of the user invoking the kpasswd command. - -\end{description} - - -\subsection{ENVIRONMENT} -\label{\detokenize{user/user_commands/kpasswd:environment}} -\sphinxAtStartPar -See {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_commands/kpasswd:see-also}} -\sphinxAtStartPar -\DUrole{xref,std,std-ref}{kadmin(1)}, \DUrole{xref,std,std-ref}{kadmind(8)}, {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} - - -\section{krb5\sphinxhyphen{}config} -\label{\detokenize{user/user_commands/krb5-config:krb5-config}}\label{\detokenize{user/user_commands/krb5-config:krb5-config-1}}\label{\detokenize{user/user_commands/krb5-config::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{user/user_commands/krb5-config:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{krb5\sphinxhyphen{}config} -{[}\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}help} | \sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}all} | \sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}version} | \sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}vendor} | \sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}prefix} | \sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}exec\sphinxhyphen{}prefix} | \sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}defccname} | \sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}defktname} | \sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}defcktname} | \sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}cflags} | \sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}libs} {[}\sphinxstyleemphasis{libraries}{]}{]} - - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_commands/krb5-config:description}} -\sphinxAtStartPar -krb5\sphinxhyphen{}config tells the application programmer what flags to use to compile -and link programs against the installed Kerberos libraries. - - -\subsection{OPTIONS} -\label{\detokenize{user/user_commands/krb5-config:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}help}}] \leavevmode -\sphinxAtStartPar -prints a usage message. This is the default behavior when no options -are specified. - -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}all}}] \leavevmode -\sphinxAtStartPar -prints the version, vendor, prefix, and exec\sphinxhyphen{}prefix. - -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}version}}] \leavevmode -\sphinxAtStartPar -prints the version number of the Kerberos installation. - -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}vendor}}] \leavevmode -\sphinxAtStartPar -prints the name of the vendor of the Kerberos installation. - -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}prefix}}] \leavevmode -\sphinxAtStartPar -prints the prefix for which the Kerberos installation was built. - -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}exec\sphinxhyphen{}prefix}}] \leavevmode -\sphinxAtStartPar -prints the prefix for executables for which the Kerberos installation -was built. - -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}defccname}}] \leavevmode -\sphinxAtStartPar -prints the built\sphinxhyphen{}in default credentials cache location. - -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}defktname}}] \leavevmode -\sphinxAtStartPar -prints the built\sphinxhyphen{}in default keytab location. - -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}defcktname}}] \leavevmode -\sphinxAtStartPar -prints the built\sphinxhyphen{}in default client (initiator) keytab location. - -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}cflags}}] \leavevmode -\sphinxAtStartPar -prints the compilation flags used to build the Kerberos installation. - -\item[{\sphinxstylestrong{\sphinxhyphen{}}\sphinxstylestrong{\sphinxhyphen{}libs} {[}\sphinxstyleemphasis{library}{]}}] \leavevmode -\sphinxAtStartPar -prints the compiler options needed to link against \sphinxstyleemphasis{library}. -Allowed values for \sphinxstyleemphasis{library} are: - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -krb5 -& -\sphinxAtStartPar -Kerberos 5 applications (default) -\\ -\hline -\sphinxAtStartPar -gssapi -& -\sphinxAtStartPar -GSSAPI applications with Kerberos 5 bindings -\\ -\hline -\sphinxAtStartPar -kadm\sphinxhyphen{}client -& -\sphinxAtStartPar -Kadmin client -\\ -\hline -\sphinxAtStartPar -kadm\sphinxhyphen{}server -& -\sphinxAtStartPar -Kadmin server -\\ -\hline -\sphinxAtStartPar -kdb -& -\sphinxAtStartPar -Applications that access the Kerberos database -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - -\end{description} - - -\subsection{EXAMPLES} -\label{\detokenize{user/user_commands/krb5-config:examples}} -\sphinxAtStartPar -krb5\sphinxhyphen{}config is particularly useful for compiling against a Kerberos -installation that was installed in a non\sphinxhyphen{}standard location. For example, -a Kerberos installation that is installed in \sphinxcode{\sphinxupquote{/opt/krb5/}} but uses -libraries in \sphinxcode{\sphinxupquote{/usr/local/lib/}} for text localization would produce -the following output: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{shell}\PYG{o}{\PYGZpc{}} \PYG{n}{krb5}\PYG{o}{\PYGZhy{}}\PYG{n}{config} \PYG{o}{\PYGZhy{}}\PYG{o}{\PYGZhy{}}\PYG{n}{libs} \PYG{n}{krb5} -\PYG{o}{\PYGZhy{}}\PYG{n}{L}\PYG{o}{/}\PYG{n}{opt}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{/}\PYG{n}{lib} \PYG{o}{\PYGZhy{}}\PYG{n}{Wl}\PYG{p}{,}\PYG{o}{\PYGZhy{}}\PYG{n}{rpath} \PYG{o}{\PYGZhy{}}\PYG{n}{Wl}\PYG{p}{,}\PYG{o}{/}\PYG{n}{opt}\PYG{o}{/}\PYG{n}{krb5}\PYG{o}{/}\PYG{n}{lib} \PYG{o}{\PYGZhy{}}\PYG{n}{L}\PYG{o}{/}\PYG{n}{usr}\PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{lib} \PYG{o}{\PYGZhy{}}\PYG{n}{lkrb5} \PYG{o}{\PYGZhy{}}\PYG{n}{lk5crypto} \PYG{o}{\PYGZhy{}}\PYG{n}{lcom\PYGZus{}err} -\end{sphinxVerbatim} - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_commands/krb5-config:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}}, cc(1) - - -\section{ksu} -\label{\detokenize{user/user_commands/ksu:ksu}}\label{\detokenize{user/user_commands/ksu:ksu-1}}\label{\detokenize{user/user_commands/ksu::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{user/user_commands/ksu:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{ksu} -{[} \sphinxstyleemphasis{target\_user} {]} -{[} \sphinxstylestrong{\sphinxhyphen{}n} \sphinxstyleemphasis{target\_principal\_name} {]} -{[} \sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{source\_cache\_name} {]} -{[} \sphinxstylestrong{\sphinxhyphen{}k} {]} -{[} \sphinxstylestrong{\sphinxhyphen{}r} time {]} -{[} \sphinxstylestrong{\sphinxhyphen{}p} | \sphinxstylestrong{\sphinxhyphen{}P}{]} -{[} \sphinxstylestrong{\sphinxhyphen{}f} | \sphinxstylestrong{\sphinxhyphen{}F}{]} -{[} \sphinxstylestrong{\sphinxhyphen{}l} \sphinxstyleemphasis{lifetime} {]} -{[} \sphinxstylestrong{\sphinxhyphen{}z | Z} {]} -{[} \sphinxstylestrong{\sphinxhyphen{}q} {]} -{[} \sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{command} {[} args … {]} {]} {[} \sphinxstylestrong{\sphinxhyphen{}a} {[} args … {]} {]} - - -\subsection{REQUIREMENTS} -\label{\detokenize{user/user_commands/ksu:requirements}} -\sphinxAtStartPar -Must have Kerberos version 5 installed to compile ksu. Must have a -Kerberos version 5 server running to use ksu. - - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_commands/ksu:description}} -\sphinxAtStartPar -ksu is a Kerberized version of the su program that has two missions: -one is to securely change the real and effective user ID to that of -the target user, and the other is to create a new security context. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -For the sake of clarity, all references to and attributes of -the user invoking the program will start with “source†-(e.g., “source userâ€, “source cacheâ€, etc.). - -\sphinxAtStartPar -Likewise, all references to and attributes of the target -account will start with “targetâ€. -\end{sphinxadmonition} - - -\subsection{AUTHENTICATION} -\label{\detokenize{user/user_commands/ksu:authentication}} -\sphinxAtStartPar -To fulfill the first mission, ksu operates in two phases: -authentication and authorization. Resolving the target principal name -is the first step in authentication. The user can either specify his -principal name with the \sphinxstylestrong{\sphinxhyphen{}n} option (e.g., \sphinxcode{\sphinxupquote{\sphinxhyphen{}n jqpublic@USC.EDU}}) -or a default principal name will be assigned using a heuristic -described in the OPTIONS section (see \sphinxstylestrong{\sphinxhyphen{}n} option). The target user -name must be the first argument to ksu; if not specified root is the -default. If \sphinxcode{\sphinxupquote{.}} is specified then the target user will be the -source user (e.g., \sphinxcode{\sphinxupquote{ksu .}}). If the source user is root or the -target user is the source user, no authentication or authorization -takes place. Otherwise, ksu looks for an appropriate Kerberos ticket -in the source cache. - -\sphinxAtStartPar -The ticket can either be for the end\sphinxhyphen{}server or a ticket granting -ticket (TGT) for the target principal’s realm. If the ticket for the -end\sphinxhyphen{}server is already in the cache, it’s decrypted and verified. If -it’s not in the cache but the TGT is, the TGT is used to obtain the -ticket for the end\sphinxhyphen{}server. The end\sphinxhyphen{}server ticket is then verified. -If neither ticket is in the cache, but ksu is compiled with the -\sphinxstylestrong{GET\_TGT\_VIA\_PASSWD} define, the user will be prompted for a -Kerberos password which will then be used to get a TGT. If the user -is logged in remotely and does not have a secure channel, the password -may be exposed. If neither ticket is in the cache and -\sphinxstylestrong{GET\_TGT\_VIA\_PASSWD} is not defined, authentication fails. - - -\subsection{AUTHORIZATION} -\label{\detokenize{user/user_commands/ksu:authorization}} -\sphinxAtStartPar -This section describes authorization of the source user when ksu is -invoked without the \sphinxstylestrong{\sphinxhyphen{}e} option. For a description of the \sphinxstylestrong{\sphinxhyphen{}e} -option, see the OPTIONS section. - -\sphinxAtStartPar -Upon successful authentication, ksu checks whether the target -principal is authorized to access the target account. In the target -user’s home directory, ksu attempts to access two authorization files: -{\hyperref[\detokenize{user/user_config/k5login:k5login-5}]{\sphinxcrossref{\DUrole{std,std-ref}{.k5login}}}} and .k5users. In the .k5login file each line -contains the name of a principal that is authorized to access the -account. - -\sphinxAtStartPar -For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{jqpublic}\PYG{n+nd}{@USC}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{jqpublic}\PYG{o}{/}\PYG{n}{secure}\PYG{n+nd}{@USC}\PYG{o}{.}\PYG{n}{EDU} -\PYG{n}{jqpublic}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@USC}\PYG{o}{.}\PYG{n}{EDU} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The format of .k5users is the same, except the principal name may be -followed by a list of commands that the principal is authorized to -execute (see the \sphinxstylestrong{\sphinxhyphen{}e} option in the OPTIONS section for details). - -\sphinxAtStartPar -Thus if the target principal name is found in the .k5login file the -source user is authorized to access the target account. Otherwise ksu -looks in the .k5users file. If the target principal name is found -without any trailing commands or followed only by \sphinxcode{\sphinxupquote{*}} then the -source user is authorized. If either .k5login or .k5users exist but -an appropriate entry for the target principal does not exist then -access is denied. If neither file exists then the principal will be -granted access to the account according to the aname\sphinxhyphen{}\textgreater{}lname mapping -rules. Otherwise, authorization fails. - - -\subsection{EXECUTION OF THE TARGET SHELL} -\label{\detokenize{user/user_commands/ksu:execution-of-the-target-shell}} -\sphinxAtStartPar -Upon successful authentication and authorization, ksu proceeds in a -similar fashion to su. The environment is unmodified with the -exception of USER, HOME and SHELL variables. If the target user is -not root, USER gets set to the target user name. Otherwise USER -remains unchanged. Both HOME and SHELL are set to the target login’s -default values. In addition, the environment variable \sphinxstylestrong{KRB5CCNAME} -gets set to the name of the target cache. The real and effective user -ID are changed to that of the target user. The target user’s shell is -then invoked (the shell name is specified in the password file). Upon -termination of the shell, ksu deletes the target cache (unless ksu is -invoked with the \sphinxstylestrong{\sphinxhyphen{}k} option). This is implemented by first doing a -fork and then an exec, instead of just exec, as done by su. - - -\subsection{CREATING A NEW SECURITY CONTEXT} -\label{\detokenize{user/user_commands/ksu:creating-a-new-security-context}} -\sphinxAtStartPar -ksu can be used to create a new security context for the target -program (either the target shell, or command specified via the \sphinxstylestrong{\sphinxhyphen{}e} -option). The target program inherits a set of credentials from the -source user. By default, this set includes all of the credentials in -the source cache plus any additional credentials obtained during -authentication. The source user is able to limit the credentials in -this set by using \sphinxstylestrong{\sphinxhyphen{}z} or \sphinxstylestrong{\sphinxhyphen{}Z} option. \sphinxstylestrong{\sphinxhyphen{}z} restricts the copy -of tickets from the source cache to the target cache to only the -tickets where client == the target principal name. The \sphinxstylestrong{\sphinxhyphen{}Z} option -provides the target user with a fresh target cache (no creds in the -cache). Note that for security reasons, when the source user is root -and target user is non\sphinxhyphen{}root, \sphinxstylestrong{\sphinxhyphen{}z} option is the default mode of -operation. - -\sphinxAtStartPar -While no authentication takes place if the source user is root or is -the same as the target user, additional tickets can still be obtained -for the target cache. If \sphinxstylestrong{\sphinxhyphen{}n} is specified and no credentials can -be copied to the target cache, the source user is prompted for a -Kerberos password (unless \sphinxstylestrong{\sphinxhyphen{}Z} specified or \sphinxstylestrong{GET\_TGT\_VIA\_PASSWD} -is undefined). If successful, a TGT is obtained from the Kerberos -server and stored in the target cache. Otherwise, if a password is -not provided (user hit return) ksu continues in a normal mode of -operation (the target cache will not contain the desired TGT). If the -wrong password is typed in, ksu fails. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -During authentication, only the tickets that could be -obtained without providing a password are cached in the -source cache. -\end{sphinxadmonition} - - -\subsection{OPTIONS} -\label{\detokenize{user/user_commands/ksu:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}n} \sphinxstyleemphasis{target\_principal\_name}}] \leavevmode -\sphinxAtStartPar -Specify a Kerberos target principal name. Used in authentication -and authorization phases of ksu. - -\sphinxAtStartPar -If ksu is invoked without \sphinxstylestrong{\sphinxhyphen{}n}, a default principal name is -assigned via the following heuristic: -\begin{itemize} -\item {} -\sphinxAtStartPar -Case 1: source user is non\sphinxhyphen{}root. - -\sphinxAtStartPar -If the target user is the source user the default principal name -is set to the default principal of the source cache. If the -cache does not exist then the default principal name is set to -\sphinxcode{\sphinxupquote{target\_user@local\_realm}}. If the source and target users are -different and neither \sphinxcode{\sphinxupquote{\textasciitilde{}target\_user/.k5users}} nor -\sphinxcode{\sphinxupquote{\textasciitilde{}target\_user/.k5login}} exist then the default principal name -is \sphinxcode{\sphinxupquote{target\_user\_login\_name@local\_realm}}. Otherwise, starting -with the first principal listed below, ksu checks if the -principal is authorized to access the target account and whether -there is a legitimate ticket for that principal in the source -cache. If both conditions are met that principal becomes the -default target principal, otherwise go to the next principal. -\begin{enumerate} -\sphinxsetlistlabels{\alph}{enumi}{enumii}{}{)}% -\item {} -\sphinxAtStartPar -default principal of the source cache - -\item {} -\sphinxAtStartPar -target\_user@local\_realm - -\item {} -\sphinxAtStartPar -source\_user@local\_realm - -\end{enumerate} - -\sphinxAtStartPar -If a\sphinxhyphen{}c fails try any principal for which there is a ticket in -the source cache and that is authorized to access the target -account. If that fails select the first principal that is -authorized to access the target account from the above list. If -none are authorized and ksu is configured with -\sphinxstylestrong{PRINC\_LOOK\_AHEAD} turned on, select the default principal as -follows: - -\sphinxAtStartPar -For each candidate in the above list, select an authorized -principal that has the same realm name and first part of the -principal name equal to the prefix of the candidate. For -example if candidate a) is \sphinxcode{\sphinxupquote{jqpublic@ISI.EDU}} and -\sphinxcode{\sphinxupquote{jqpublic/secure@ISI.EDU}} is authorized to access the target -account then the default principal is set to -\sphinxcode{\sphinxupquote{jqpublic/secure@ISI.EDU}}. - -\item {} -\sphinxAtStartPar -Case 2: source user is root. - -\sphinxAtStartPar -If the target user is non\sphinxhyphen{}root then the default principal name -is \sphinxcode{\sphinxupquote{target\_user@local\_realm}}. Else, if the source cache -exists the default principal name is set to the default -principal of the source cache. If the source cache does not -exist, default principal name is set to \sphinxcode{\sphinxupquote{root\textbackslash{}@local\_realm}}. - -\end{itemize} - -\end{description} - -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{source\_cache\_name} -\begin{quote} - -\sphinxAtStartPar -Specify source cache name (e.g., \sphinxcode{\sphinxupquote{\sphinxhyphen{}c FILE:/tmp/my\_cache}}). If -\sphinxstylestrong{\sphinxhyphen{}c} option is not used then the name is obtained from -\sphinxstylestrong{KRB5CCNAME} environment variable. If \sphinxstylestrong{KRB5CCNAME} is not -defined the source cache name is set to \sphinxcode{\sphinxupquote{krb5cc\_\textless{}source uid\textgreater{}}}. -The target cache name is automatically set to \sphinxcode{\sphinxupquote{krb5cc\_\textless{}target -uid\textgreater{}.(gen\_sym())}}, where gen\_sym generates a new number such that -the resulting cache does not already exist. For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{krb5cc\PYGZus{}1984}\PYG{l+m+mf}{.2} -\end{sphinxVerbatim} -\end{quote} -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}k}}] \leavevmode -\sphinxAtStartPar -Do not delete the target cache upon termination of the target -shell or a command (\sphinxstylestrong{\sphinxhyphen{}e} command). Without \sphinxstylestrong{\sphinxhyphen{}k}, ksu deletes -the target cache. - -\item[{\sphinxstylestrong{\sphinxhyphen{}z}}] \leavevmode -\sphinxAtStartPar -Restrict the copy of tickets from the source cache to the target -cache to only the tickets where client == the target principal -name. Use the \sphinxstylestrong{\sphinxhyphen{}n} option if you want the tickets for other then -the default principal. Note that the \sphinxstylestrong{\sphinxhyphen{}z} option is mutually -exclusive with the \sphinxstylestrong{\sphinxhyphen{}Z} option. - -\item[{\sphinxstylestrong{\sphinxhyphen{}Z}}] \leavevmode -\sphinxAtStartPar -Don’t copy any tickets from the source cache to the target cache. -Just create a fresh target cache, where the default principal name -of the cache is initialized to the target principal name. Note -that the \sphinxstylestrong{\sphinxhyphen{}Z} option is mutually exclusive with the \sphinxstylestrong{\sphinxhyphen{}z} -option. - -\item[{\sphinxstylestrong{\sphinxhyphen{}q}}] \leavevmode -\sphinxAtStartPar -Suppress the printing of status messages. - -\end{description} - -\sphinxAtStartPar -Ticket granting ticket options: -\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}l} \sphinxstyleemphasis{lifetime} \sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{time} \sphinxstylestrong{\sphinxhyphen{}p} \sphinxstylestrong{\sphinxhyphen{}P} \sphinxstylestrong{\sphinxhyphen{}f} \sphinxstylestrong{\sphinxhyphen{}F}}] \leavevmode -\sphinxAtStartPar -The ticket granting ticket options only apply to the case where -there are no appropriate tickets in the cache to authenticate the -source user. In this case if ksu is configured to prompt users -for a Kerberos password (\sphinxstylestrong{GET\_TGT\_VIA\_PASSWD} is defined), the -ticket granting ticket options that are specified will be used -when getting a ticket granting ticket from the Kerberos server. - -\item[{\sphinxstylestrong{\sphinxhyphen{}l} \sphinxstyleemphasis{lifetime}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} string.) Specifies the lifetime to be requested -for the ticket; if this option is not specified, the default ticket -lifetime (12 hours) is used instead. - -\item[{\sphinxstylestrong{\sphinxhyphen{}r} \sphinxstyleemphasis{time}}] \leavevmode -\sphinxAtStartPar -(\DUrole{xref,std,std-ref}{duration} string.) Specifies that the \sphinxstylestrong{renewable} option -should be requested for the ticket, and specifies the desired -total lifetime of the ticket. - -\item[{\sphinxstylestrong{\sphinxhyphen{}p}}] \leavevmode -\sphinxAtStartPar -specifies that the \sphinxstylestrong{proxiable} option should be requested for -the ticket. - -\item[{\sphinxstylestrong{\sphinxhyphen{}P}}] \leavevmode -\sphinxAtStartPar -specifies that the \sphinxstylestrong{proxiable} option should not be requested -for the ticket, even if the default configuration is to ask for -proxiable tickets. - -\item[{\sphinxstylestrong{\sphinxhyphen{}f}}] \leavevmode -\sphinxAtStartPar -option specifies that the \sphinxstylestrong{forwardable} option should be -requested for the ticket. - -\item[{\sphinxstylestrong{\sphinxhyphen{}F}}] \leavevmode -\sphinxAtStartPar -option specifies that the \sphinxstylestrong{forwardable} option should not be -requested for the ticket, even if the default configuration is to -ask for forwardable tickets. - -\item[{\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{command} {[}\sphinxstyleemphasis{args} …{]}}] \leavevmode -\sphinxAtStartPar -ksu proceeds exactly the same as if it was invoked without the -\sphinxstylestrong{\sphinxhyphen{}e} option, except instead of executing the target shell, ksu -executes the specified command. Example of usage: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{ksu} \PYG{n}{bob} \PYG{o}{\PYGZhy{}}\PYG{n}{e} \PYG{n}{ls} \PYG{o}{\PYGZhy{}}\PYG{n}{lag} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The authorization algorithm for \sphinxstylestrong{\sphinxhyphen{}e} is as follows: - -\sphinxAtStartPar -If the source user is root or source user == target user, no -authorization takes place and the command is executed. If source -user id != 0, and \sphinxcode{\sphinxupquote{\textasciitilde{}target\_user/.k5users}} file does not exist, -authorization fails. Otherwise, \sphinxcode{\sphinxupquote{\textasciitilde{}target\_user/.k5users}} file -must have an appropriate entry for target principal to get -authorized. - -\sphinxAtStartPar -The .k5users file format: - -\sphinxAtStartPar -A single principal entry on each line that may be followed by a -list of commands that the principal is authorized to execute. A -principal name followed by a \sphinxcode{\sphinxupquote{*}} means that the user is -authorized to execute any command. Thus, in the following -example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{jqpublic}\PYG{n+nd}{@USC}\PYG{o}{.}\PYG{n}{EDU} \PYG{n}{ls} \PYG{n}{mail} \PYG{o}{/}\PYG{n}{local}\PYG{o}{/}\PYG{n}{kerberos}\PYG{o}{/}\PYG{n}{klist} -\PYG{n}{jqpublic}\PYG{o}{/}\PYG{n}{secure}\PYG{n+nd}{@USC}\PYG{o}{.}\PYG{n}{EDU} \PYG{o}{*} -\PYG{n}{jqpublic}\PYG{o}{/}\PYG{n}{admin}\PYG{n+nd}{@USC}\PYG{o}{.}\PYG{n}{EDU} -\end{sphinxVerbatim} - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{jqpublic@USC.EDU}} is only authorized to execute \sphinxcode{\sphinxupquote{ls}}, -\sphinxcode{\sphinxupquote{mail}} and \sphinxcode{\sphinxupquote{klist}} commands. \sphinxcode{\sphinxupquote{jqpublic/secure@USC.EDU}} is -authorized to execute any command. \sphinxcode{\sphinxupquote{jqpublic/admin@USC.EDU}} is -not authorized to execute any command. Note, that -\sphinxcode{\sphinxupquote{jqpublic/admin@USC.EDU}} is authorized to execute the target -shell (regular ksu, without the \sphinxstylestrong{\sphinxhyphen{}e} option) but -\sphinxcode{\sphinxupquote{jqpublic@USC.EDU}} is not. - -\sphinxAtStartPar -The commands listed after the principal name must be either a full -path names or just the program name. In the second case, -\sphinxstylestrong{CMD\_PATH} specifying the location of authorized programs must -be defined at the compilation time of ksu. Which command gets -executed? - -\sphinxAtStartPar -If the source user is root or the target user is the source user -or the user is authorized to execute any command (\sphinxcode{\sphinxupquote{*}} entry) -then command can be either a full or a relative path leading to -the target program. Otherwise, the user must specify either a -full path or just the program name. - -\item[{\sphinxstylestrong{\sphinxhyphen{}a} \sphinxstyleemphasis{args}}] \leavevmode -\sphinxAtStartPar -Specify arguments to be passed to the target shell. Note that all -flags and parameters following \sphinxhyphen{}a will be passed to the shell, -thus all options intended for ksu must precede \sphinxstylestrong{\sphinxhyphen{}a}. - -\sphinxAtStartPar -The \sphinxstylestrong{\sphinxhyphen{}a} option can be used to simulate the \sphinxstylestrong{\sphinxhyphen{}e} option if -used as follows: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{o}{\PYGZhy{}}\PYG{n}{a} \PYG{o}{\PYGZhy{}}\PYG{n}{c} \PYG{p}{[}\PYG{n}{command} \PYG{p}{[}\PYG{n}{arguments}\PYG{p}{]}\PYG{p}{]}\PYG{o}{.} -\end{sphinxVerbatim} - -\sphinxAtStartPar -\sphinxstylestrong{\sphinxhyphen{}c} is interpreted by the c\sphinxhyphen{}shell to execute the command. - -\end{description} - - -\subsection{INSTALLATION INSTRUCTIONS} -\label{\detokenize{user/user_commands/ksu:installation-instructions}} -\sphinxAtStartPar -ksu can be compiled with the following four flags: -\begin{description} -\item[{\sphinxstylestrong{GET\_TGT\_VIA\_PASSWD}}] \leavevmode -\sphinxAtStartPar -In case no appropriate tickets are found in the source cache, the -user will be prompted for a Kerberos password. The password is -then used to get a ticket granting ticket from the Kerberos -server. The danger of configuring ksu with this macro is if the -source user is logged in remotely and does not have a secure -channel, the password may get exposed. - -\item[{\sphinxstylestrong{PRINC\_LOOK\_AHEAD}}] \leavevmode -\sphinxAtStartPar -During the resolution of the default principal name, -\sphinxstylestrong{PRINC\_LOOK\_AHEAD} enables ksu to find principal names in -the .k5users file as described in the OPTIONS section -(see \sphinxstylestrong{\sphinxhyphen{}n} option). - -\item[{\sphinxstylestrong{CMD\_PATH}}] \leavevmode -\sphinxAtStartPar -Specifies a list of directories containing programs that users are -authorized to execute (via .k5users file). - -\item[{\sphinxstylestrong{HAVE\_GETUSERSHELL}}] \leavevmode -\sphinxAtStartPar -If the source user is non\sphinxhyphen{}root, ksu insists that the target user’s -shell to be invoked is a “legal shellâ€. \sphinxstyleemphasis{getusershell(3)} is -called to obtain the names of “legal shellsâ€. Note that the -target user’s shell is obtained from the passwd file. - -\end{description} - -\sphinxAtStartPar -Sample configuration: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{KSU\PYGZus{}OPTS} \PYG{o}{=} \PYG{o}{\PYGZhy{}}\PYG{n}{DGET\PYGZus{}TGT\PYGZus{}VIA\PYGZus{}PASSWD} \PYG{o}{\PYGZhy{}}\PYG{n}{DPRINC\PYGZus{}LOOK\PYGZus{}AHEAD} \PYG{o}{\PYGZhy{}}\PYG{n}{DCMD\PYGZus{}PATH}\PYG{o}{=}\PYG{l+s+s1}{\PYGZsq{}}\PYG{l+s+s1}{\PYGZdq{}}\PYG{l+s+s1}{/bin /usr/ucb /local/bin}\PYG{l+s+s1}{\PYGZdq{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -ksu should be owned by root and have the set user id bit turned on. - -\sphinxAtStartPar -ksu attempts to get a ticket for the end server just as Kerberized -telnet and rlogin. Thus, there must be an entry for the server in the -Kerberos database (e.g., \sphinxcode{\sphinxupquote{host/nii.isi.edu@ISI.EDU}}). The keytab -file must be in an appropriate location. - - -\subsection{SIDE EFFECTS} -\label{\detokenize{user/user_commands/ksu:side-effects}} -\sphinxAtStartPar -ksu deletes all expired tickets from the source cache. - - -\subsection{AUTHOR OF KSU} -\label{\detokenize{user/user_commands/ksu:author-of-ksu}} -\sphinxAtStartPar -GENNADY (ARI) MEDVINSKY - - -\subsection{ENVIRONMENT} -\label{\detokenize{user/user_commands/ksu:environment}} -\sphinxAtStartPar -See {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_commands/ksu:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}}, {\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}} - - -\section{kswitch} -\label{\detokenize{user/user_commands/kswitch:kswitch}}\label{\detokenize{user/user_commands/kswitch:kswitch-1}}\label{\detokenize{user/user_commands/kswitch::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{user/user_commands/kswitch:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kswitch} -\{\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{cachename}|\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{principal}\} - - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_commands/kswitch:description}} -\sphinxAtStartPar -kswitch makes the specified credential cache the primary cache for the -collection, if a cache collection is available. - - -\subsection{OPTIONS} -\label{\detokenize{user/user_commands/kswitch:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{cachename}}] \leavevmode -\sphinxAtStartPar -Directly specifies the credential cache to be made primary. - -\item[{\sphinxstylestrong{\sphinxhyphen{}p} \sphinxstyleemphasis{principal}}] \leavevmode -\sphinxAtStartPar -Causes the cache collection to be searched for a cache containing -credentials for \sphinxstyleemphasis{principal}. If one is found, that collection is -made primary. - -\end{description} - - -\subsection{ENVIRONMENT} -\label{\detokenize{user/user_commands/kswitch:environment}} -\sphinxAtStartPar -See {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} for a description of Kerberos environment -variables. - - -\subsection{FILES} -\label{\detokenize{user/user_commands/kswitch:files}}\begin{description} -\item[{\DUrole{xref,std,std-ref}{DEFCCNAME}}] \leavevmode -\sphinxAtStartPar -Default location of Kerberos 5 credentials cache - -\end{description} - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_commands/kswitch:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}}, {\hyperref[\detokenize{user/user_commands/kdestroy:kdestroy-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kdestroy}}}}, {\hyperref[\detokenize{user/user_commands/klist:klist-1}]{\sphinxcrossref{\DUrole{std,std-ref}{klist}}}}, -{\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} - - -\section{kvno} -\label{\detokenize{user/user_commands/kvno:kvno}}\label{\detokenize{user/user_commands/kvno:kvno-1}}\label{\detokenize{user/user_commands/kvno::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{user/user_commands/kvno:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{kvno} -{[}\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{ccache}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{etype}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{keytab}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}q}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}u} | \sphinxstylestrong{\sphinxhyphen{}S} \sphinxstyleemphasis{sname}{]} -{[}\sphinxstylestrong{\sphinxhyphen{}P}{]} -{[}\sphinxstylestrong{\textendash{}cached\sphinxhyphen{}only}{]} -{[}\sphinxstylestrong{\textendash{}no\sphinxhyphen{}store}{]} -{[}\sphinxstylestrong{\textendash{}out\sphinxhyphen{}cache} \sphinxstyleemphasis{cache}{]} -{[}{[}\{\sphinxstylestrong{\sphinxhyphen{}F} \sphinxstyleemphasis{cert\_file} | \{\sphinxstylestrong{\sphinxhyphen{}I} | \sphinxstylestrong{\sphinxhyphen{}U}\} \sphinxstyleemphasis{for\_user}\} {[}\sphinxstylestrong{\sphinxhyphen{}P}{]}{]} | \sphinxstylestrong{\textendash{}u2u} \sphinxstyleemphasis{ccache}{]} -\sphinxstyleemphasis{service1 service2} … - - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_commands/kvno:description}} -\sphinxAtStartPar -kvno acquires a service ticket for the specified Kerberos principals -and prints out the key version numbers of each. - - -\subsection{OPTIONS} -\label{\detokenize{user/user_commands/kvno:options}}\begin{description} -\item[{\sphinxstylestrong{\sphinxhyphen{}c} \sphinxstyleemphasis{ccache}}] \leavevmode -\sphinxAtStartPar -Specifies the name of a credentials cache to use (if not the -default) - -\item[{\sphinxstylestrong{\sphinxhyphen{}e} \sphinxstyleemphasis{etype}}] \leavevmode -\sphinxAtStartPar -Specifies the enctype which will be requested for the session key -of all the services named on the command line. This is useful in -certain backward compatibility situations. - -\item[{\sphinxstylestrong{\sphinxhyphen{}k} \sphinxstyleemphasis{keytab}}] \leavevmode -\sphinxAtStartPar -Decrypt the acquired tickets using \sphinxstyleemphasis{keytab} to confirm their -validity. - -\item[{\sphinxstylestrong{\sphinxhyphen{}q}}] \leavevmode -\sphinxAtStartPar -Suppress printing output when successful. If a service ticket -cannot be obtained, an error message will still be printed and -kvno will exit with nonzero status. - -\item[{\sphinxstylestrong{\sphinxhyphen{}u}}] \leavevmode -\sphinxAtStartPar -Use the unknown name type in requested service principal names. -This option Cannot be used with \sphinxstyleemphasis{\sphinxhyphen{}S}. - -\item[{\sphinxstylestrong{\sphinxhyphen{}P}}] \leavevmode -\sphinxAtStartPar -Specifies that the \sphinxstyleemphasis{service1 service2} … arguments are to be -treated as services for which credentials should be acquired using -constrained delegation. This option is only valid when used in -conjunction with protocol transition. - -\item[{\sphinxstylestrong{\sphinxhyphen{}S} \sphinxstyleemphasis{sname}}] \leavevmode -\sphinxAtStartPar -Specifies that the \sphinxstyleemphasis{service1 service2} … arguments are -interpreted as hostnames, and the service principals are to be -constructed from those hostnames and the service name \sphinxstyleemphasis{sname}. -The service hostnames will be canonicalized according to the usual -rules for constructing service principals. - -\item[{\sphinxstylestrong{\sphinxhyphen{}I} \sphinxstyleemphasis{for\_user}}] \leavevmode -\sphinxAtStartPar -Specifies that protocol transition (S4U2Self) is to be used to -acquire a ticket on behalf of \sphinxstyleemphasis{for\_user}. If constrained -delegation is not requested, the service name must match the -credentials cache client principal. - -\item[{\sphinxstylestrong{\sphinxhyphen{}U} \sphinxstyleemphasis{for\_user}}] \leavevmode -\sphinxAtStartPar -Same as \sphinxhyphen{}I, but treats \sphinxstyleemphasis{for\_user} as an enterprise name. - -\item[{\sphinxstylestrong{\sphinxhyphen{}F} \sphinxstyleemphasis{cert\_file}}] \leavevmode -\sphinxAtStartPar -Specifies that protocol transition is to be used, identifying the -client principal with the X.509 certificate in \sphinxstyleemphasis{cert\_file}. The -certificate file must be in PEM format. - -\item[{\sphinxstylestrong{\textendash{}cached\sphinxhyphen{}only}}] \leavevmode -\sphinxAtStartPar -Only retrieve credentials already present in the cache, not from -the KDC. (Added in release 1.19.) - -\item[{\sphinxstylestrong{\textendash{}no\sphinxhyphen{}store}}] \leavevmode -\sphinxAtStartPar -Do not store retrieved credentials in the cache. If -\sphinxstylestrong{\textendash{}out\sphinxhyphen{}cache} is also specified, credentials will still be -stored into the output credential cache. (Added in release 1.19.) - -\item[{\sphinxstylestrong{\textendash{}out\sphinxhyphen{}cache} \sphinxstyleemphasis{ccache}}] \leavevmode -\sphinxAtStartPar -Initialize \sphinxstyleemphasis{ccache} and store all retrieved credentials into it. -Do not store acquired credentials in the input cache. (Added in -release 1.19.) - -\item[{\sphinxstylestrong{\textendash{}u2u} \sphinxstyleemphasis{ccache}}] \leavevmode -\sphinxAtStartPar -Requests a user\sphinxhyphen{}to\sphinxhyphen{}user ticket. \sphinxstyleemphasis{ccache} must contain a local -krbtgt ticket for the server principal. The reported version -number will typically be 0, as the resulting ticket is not -encrypted in the server’s long\sphinxhyphen{}term key. - -\end{description} - - -\subsection{ENVIRONMENT} -\label{\detokenize{user/user_commands/kvno:environment}} -\sphinxAtStartPar -See {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} for a description of Kerberos environment -variables. - - -\subsection{FILES} -\label{\detokenize{user/user_commands/kvno:files}}\begin{description} -\item[{\DUrole{xref,std,std-ref}{DEFCCNAME}}] \leavevmode -\sphinxAtStartPar -Default location of the credentials cache - -\end{description} - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_commands/kvno:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}}, {\hyperref[\detokenize{user/user_commands/kdestroy:kdestroy-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kdestroy}}}}, {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} - - -\section{sclient} -\label{\detokenize{user/user_commands/sclient:sclient}}\label{\detokenize{user/user_commands/sclient:sclient-1}}\label{\detokenize{user/user_commands/sclient::doc}} - -\subsection{SYNOPSIS} -\label{\detokenize{user/user_commands/sclient:synopsis}} -\sphinxAtStartPar -\sphinxstylestrong{sclient} \sphinxstyleemphasis{remotehost} - - -\subsection{DESCRIPTION} -\label{\detokenize{user/user_commands/sclient:description}} -\sphinxAtStartPar -sclient is a sample application, primarily useful for testing -purposes. It contacts a sample server \DUrole{xref,std,std-ref}{sserver(8)} and -authenticates to it using Kerberos version 5 tickets, then displays -the server’s response. - - -\subsection{ENVIRONMENT} -\label{\detokenize{user/user_commands/sclient:environment}} -\sphinxAtStartPar -See {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} for a description of Kerberos environment -variables. - - -\subsection{SEE ALSO} -\label{\detokenize{user/user_commands/sclient:see-also}} -\sphinxAtStartPar -{\hyperref[\detokenize{user/user_commands/kinit:kinit-1}]{\sphinxcrossref{\DUrole{std,std-ref}{kinit}}}}, \DUrole{xref,std,std-ref}{sserver(8)}, {\hyperref[\detokenize{user/user_config/kerberos:kerberos-7}]{\sphinxcrossref{\DUrole{std,std-ref}{kerberos}}}} - - - -\renewcommand{\indexname}{Index} -\printindex -\end{document} \ No newline at end of file diff --git a/krb5-1.21.3/doc/plugindev/ccselect.rst b/krb5-1.21.3/doc/plugindev/ccselect.rst deleted file mode 100644 index 1253fe6b..00000000 --- a/krb5-1.21.3/doc/plugindev/ccselect.rst +++ /dev/null @@ -1,28 +0,0 @@ -.. _ccselect_plugin: - -Credential cache selection interface (ccselect) -=============================================== - -The ccselect interface allows modules to control how credential caches -are chosen when a GSSAPI client contacts a service. For a detailed -description of the ccselect interface, see the header file -````. - -The primary ccselect method is **choose**, which accepts a server -principal as input and returns a ccache and/or principal name as -output. A module can use the krb5_cccol APIs to iterate over the -cache collection in order to find an appropriate ccache to use. - -.. TODO: add reference to the admin guide for ccaches and cache - collections when we have appropriate sections. - -A module can create and destroy per-library-context state objects by -implementing the **init** and **fini** methods. State objects have -the type krb5_ccselect_moddata, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. - -A module can have one of two priorities, "authoritative" or -"heuristic". Results from authoritative modules, if any are -available, will take priority over results from heuristic modules. A -module communicates its priority as a result of the **init** method. diff --git a/krb5-1.21.3/doc/plugindev/certauth.rst b/krb5-1.21.3/doc/plugindev/certauth.rst deleted file mode 100644 index 3740c5f7..00000000 --- a/krb5-1.21.3/doc/plugindev/certauth.rst +++ /dev/null @@ -1,36 +0,0 @@ -.. _certauth_plugin: - -PKINIT certificate authorization interface (certauth) -===================================================== - -The certauth interface was first introduced in release 1.16. It -allows customization of the X.509 certificate attribute requirements -placed on certificates used by PKINIT enabled clients. For a detailed -description of the certauth interface, see the header file -```` - -A certauth module implements the **authorize** method to determine -whether a client's certificate is authorized to authenticate a client -principal. **authorize** receives the DER-encoded certificate, the -requested client principal, and a pointer to the client's -krb5_db_entry (for modules that link against libkdb5). The method -must decode the certificate and inspect its attributes to determine if -it should authorize PKINIT authentication. It returns the -authorization status and optionally outputs a list of authentication -indicator strings to be added to the ticket. - -Beginning in release 1.19, the authorize method can request that the -hardware authentication bit be set in the ticket by returning -**KRB5_CERTAUTH_HWAUTH**. Beginning in release 1.20, the authorize -method can return **KRB5_CERTAUTH_HWAUTH_PASS** to request that the -hardware authentication bit be set in the ticket but otherwise defer -authorization to another certauth module. A module must use its own -internal or library-provided ASN.1 certificate decoder. - -A module can optionally create and destroy module data with the -**init** and **fini** methods. Module data objects last for the -lifetime of the KDC process. - -If a module allocates and returns a list of authentication indicators -from **authorize**, it must also implement the **free_ind** method -to free the list. diff --git a/krb5-1.21.3/doc/plugindev/clpreauth.rst b/krb5-1.21.3/doc/plugindev/clpreauth.rst deleted file mode 100644 index 38aa52e8..00000000 --- a/krb5-1.21.3/doc/plugindev/clpreauth.rst +++ /dev/null @@ -1,54 +0,0 @@ -Client preauthentication interface (clpreauth) -============================================== - -During an initial ticket request, a KDC may ask a client to prove its -knowledge of the password before issuing an encrypted ticket, or to -use credentials other than a password. This process is called -preauthentication, and is described in :rfc:`4120` and :rfc:`6113`. -The clpreauth interface allows the addition of client support for -preauthentication mechanisms beyond those included in the core MIT -krb5 code base. For a detailed description of the clpreauth -interface, see the header file ```` (or -```` before release 1.12). - -A clpreauth module is generally responsible for: - -* Supplying a list of preauth type numbers used by the module in the - **pa_type_list** field of the vtable structure. - -* Indicating what kind of preauthentication mechanism it implements, - with the **flags** method. In the most common case, this method - just returns ``PA_REAL``, indicating that it implements a normal - preauthentication type. - -* Examining the padata information included in a PREAUTH_REQUIRED or - MORE_PREAUTH_DATA_REQUIRED error and producing padata values for the - next AS request. This is done with the **process** method. - -* Examining the padata information included in a successful ticket - reply, possibly verifying the KDC identity and computing a reply - key. This is also done with the **process** method. - -* For preauthentication types which support it, recovering from errors - by examining the error data from the KDC and producing a padata - value for another AS request. This is done with the **tryagain** - method. - -* Receiving option information (supplied by ``kinit -X`` or by an - application), with the **gic_opts** method. - -A clpreauth module can create and destroy per-library-context and -per-request state objects by implementing the **init**, **fini**, -**request_init**, and **request_fini** methods. Per-context state -objects have the type krb5_clpreauth_moddata, and per-request state -objects have the type krb5_clpreauth_modreq. These are abstract -pointer types; a module should typically cast these to internal -types for the state objects. - -The **process** and **tryagain** methods have access to a callback -function and handle (called a "rock") which can be used to get -additional information about the current request, including the -expected enctype of the AS reply, the FAST armor key, and the client -long-term key (prompting for the user password if necessary). A -callback can also be used to replace the AS reply key if the -preauthentication mechanism computes one. diff --git a/krb5-1.21.3/doc/plugindev/general.rst b/krb5-1.21.3/doc/plugindev/general.rst deleted file mode 100644 index fba9bf6e..00000000 --- a/krb5-1.21.3/doc/plugindev/general.rst +++ /dev/null @@ -1,118 +0,0 @@ -General plugin concepts -======================= - -A krb5 dynamic plugin module is a Unix shared object or Windows DLL. -Typically, the source code for a dynamic plugin module should live in -its own project with a build system using automake_ and libtool_, or -tools with similar functionality. - -A plugin module must define a specific symbol name, which depends on -the pluggable interface and module name. For most pluggable -interfaces, the exported symbol is a function named -``INTERFACE_MODULE_initvt``, where *INTERFACE* is the name of the -pluggable interface and *MODULE* is the name of the module. For these -interfaces, it is possible for one shared object or DLL to implement -multiple plugin modules, either for the same pluggable interface or -for different ones. For example, a shared object could implement both -KDC and client preauthentication mechanisms, by exporting functions -named ``kdcpreauth_mymech_initvt`` and ``clpreauth_mymech_initvt``. - -.. note: The profile, locate, and GSSAPI mechglue pluggable interfaces - follow different conventions. See the documentation for - those interfaces for details. The remainder of this section - applies to pluggable interfaces which use the standard - conventions. - -A plugin module implementation should include the header file -````, where *INTERFACE* is the name of the -pluggable interface. For instance, a ccselect plugin module -implementation should use ``#include ``. - -.. note: clpreauth and kdcpreauth module implementations should - include . - -initvt functions have the following prototype:: - - krb5_error_code interface_modname_initvt(krb5_context context, - int maj_ver, int min_ver, - krb5_plugin_vtable vtable); - -and should do the following: - -1. Check that the supplied maj_ver argument is supported by the - module. If it is not supported, the function should return - KRB5_PLUGIN_VER_NOTSUPP. - -2. Cast the supplied vtable pointer to the structure type - corresponding to the major version, as documented in the pluggable - interface header file. - -3. Fill in the structure fields with pointers to method functions and - static data, stopping at the field indicated by the supplied minor - version. Fields for unimplemented optional methods can be left - alone; it is not necessary to initialize them to NULL. - -In most cases, the context argument will not be used. The initvt -function should not allocate memory; think of it as a glorified -structure initializer. Each pluggable interface defines methods for -allocating and freeing module state if doing so is necessary for the -interface. - -Pluggable interfaces typically include a **name** field in the vtable -structure, which should be filled in with a pointer to a string -literal containing the module name. - -Here is an example of what an initvt function might look like for a -fictional pluggable interface named fences, for a module named -"wicker":: - - krb5_error_code - fences_wicker_initvt(krb5_context context, int maj_ver, - int min_ver, krb5_plugin_vtable vtable) - { - krb5_ccselect_vtable vt; - - if (maj_ver == 1) { - krb5_fences_vtable vt = (krb5_fences_vtable)vtable; - vt->name = "wicker"; - vt->slats = wicker_slats; - vt->braces = wicker_braces; - } else if (maj_ver == 2) { - krb5_fences_vtable_v2 vt = (krb5_fences_vtable_v2)vtable; - vt->name = "wicker"; - vt->material = wicker_material; - vt->construction = wicker_construction; - if (min_ver < 2) - return 0; - vt->footing = wicker_footing; - if (min_ver < 3) - return 0; - vt->appearance = wicker_appearance; - } else { - return KRB5_PLUGIN_VER_NOTSUPP; - } - return 0; - } - -Logging from KDC and kadmind plugin modules -------------------------------------------- - -Plugin modules for the KDC or kadmind daemons can write to the -configured logging outputs (see :ref:`logging`) by calling the -**com_err** function. The first argument (*whoami*) is ignored. If -the second argument (*code*) is zero, the formatted message is logged -at informational severity; otherwise, the formatted message is logged -at error severity and includes the error message for the supplied -code. Here are examples:: - - com_err("", 0, "Client message contains %d items", nitems); - com_err("", retval, "while decoding client message"); - -(The behavior described above is new in release 1.17. In prior -releases, the *whoami* argument is included for some logging output -types, the logged message does not include the usual header for some -output types, and the severity for syslog outputs is configured as -part of the logging specification, defaulting to error severity.) - -.. _automake: https://www.gnu.org/software/automake/ -.. _libtool: https://www.gnu.org/software/libtool/ diff --git a/krb5-1.21.3/doc/plugindev/gssapi.rst b/krb5-1.21.3/doc/plugindev/gssapi.rst deleted file mode 100644 index 0918d151..00000000 --- a/krb5-1.21.3/doc/plugindev/gssapi.rst +++ /dev/null @@ -1,134 +0,0 @@ -GSSAPI mechanism interface -========================== - -The GSSAPI library in MIT krb5 can load mechanism modules to augment -the set of built-in mechanisms. - -.. note: The GSSAPI loadable mechanism interface does not follow the - normal conventions for MIT krb5 pluggable interfaces. - -A mechanism module is a Unix shared object or Windows DLL, built -separately from the krb5 tree. Modules are loaded according to the -GSS mechanism config files described in :ref:`gssapi_plugin_config`. - -For the most part, a GSSAPI mechanism module exports the same -functions as would a GSSAPI implementation itself, with the same -function signatures. The mechanism selection layer within the GSSAPI -library (called the "mechglue") will dispatch calls from the -application to the module if the module's mechanism is requested. If -a module does not wish to implement a GSSAPI extension, it can simply -refrain from exporting it, and the mechglue will fail gracefully if -the application calls that function. - -The mechglue does not invoke a module's **gss_add_cred**, -**gss_add_cred_from**, **gss_add_cred_impersonate_name**, or -**gss_add_cred_with_password** function. A mechanism only needs to -implement the "acquire" variants of those functions. - -A module does not need to coordinate its minor status codes with those -of other mechanisms. If the mechglue detects conflicts, it will map -the mechanism's status codes onto unique values, and then map them -back again when **gss_display_status** is called. - - -NegoEx modules --------------- - -Some Windows GSSAPI mechanisms can only be negotiated via a Microsoft -extension to SPNEGO called NegoEx. Beginning with release 1.18, -mechanism modules can support NegoEx as follows: - -* Implement the gssspi_query_meta_data(), gssspi_exchange_meta_data(), - and gssspi_query_mechanism_info() SPIs declared in - ````. - -* Implement gss_inquire_sec_context_by_oid() and answer the - **GSS_C_INQ_NEGOEX_KEY** and **GSS_C_INQ_NEGOEX_VERIFY_KEY** OIDs - to provide the checksum keys for outgoing and incoming checksums, - respectively. The answer must be in two buffers: the first buffer - contains the key contents, and the second buffer contains the key - encryption type as a four-byte little-endian integer. - -By default, NegoEx mechanisms will not be directly negotiated via -SPNEGO. If direct SPNEGO negotiation is required for -interoperability, implement gss_inquire_attrs_for_mech() and assert -the GSS_C_MA_NEGOEX_AND_SPNEGO attribute (along with any applicable -RFC 5587 attributes). - - -Interposer modules ------------------- - -The mechglue also supports a kind of loadable module, called an -interposer module, which intercepts calls to existing mechanisms -rather than implementing a new mechanism. - -An interposer module must export the symbol **gss_mech_interposer** -with the following signature:: - - gss_OID_set gss_mech_interposer(gss_OID mech_type); - -This function is invoked with the OID of the interposer mechanism as -specified in the mechanism config file, and returns a set of mechanism -OIDs to be interposed. The returned OID set must have been created -using the mechglue's gss_create_empty_oid_set and -gss_add_oid_set_member functions. - -An interposer module must use the prefix ``gssi_`` for the GSSAPI -functions it exports, instead of the prefix ``gss_``. In most cases, -unexported ``gssi_`` functions will result in failure from their -corresponding ``gss_`` calls. - -An interposer module can link against the GSSAPI library in order to -make calls to the original mechanism. To do so, it must specify a -special mechanism OID which is the concatention of the interposer's -own OID byte string and the original mechanism's OID byte string. - -Functions that do not accept a mechanism argument directly require no -special handling, with the following exceptions: - -Since **gss_accept_sec_context** does not accept a mechanism argument, -an interposer mechanism must, in order to invoke the original -mechanism's function, acquire a credential for the concatenated OID -and pass that as the *verifier_cred_handle* parameter. - -Since **gss_import_name**, **gss_import_cred**, and -**gss_import_sec_context** do not accept mechanism parameters, the SPI -has been extended to include variants which do. This allows the -interposer module to know which mechanism should be used to interpret -the token. These functions have the following signatures:: - - OM_uint32 gssi_import_sec_context_by_mech(OM_uint32 *minor_status, - gss_OID desired_mech, gss_buffer_t interprocess_token, - gss_ctx_id_t *context_handle); - - OM_uint32 gssi_import_name_by_mech(OM_uint32 *minor_status, - gss_OID mech_type, gss_buffer_t input_name_buffer, - gss_OID input_name_type, gss_name_t output_name); - - OM_uint32 gssi_import_cred_by_mech(OM_uint32 *minor_status, - gss_OID mech_type, gss_buffer_t token, - gss_cred_id_t *cred_handle); - -To re-enter the original mechanism when importing tokens for the above -functions, the interposer module must wrap the mechanism token in the -mechglue's format, using the concatenated OID (except in -**gss_import_name**). The mechglue token formats are: - -* For **gss_import_sec_context**, a four-byte OID length in big-endian - order, followed by the concatenated OID, followed by the mechanism - token. - -* For **gss_import_name**, the bytes 04 01, followed by a two-byte OID - length in big-endian order, followed by the mechanism OID, followed - by a four-byte token length in big-endian order, followed by the - mechanism token. Unlike most uses of OIDs in the API, the mechanism - OID encoding must include the DER tag and length for an object - identifier (06 followed by the DER length of the OID byte string), - and this prefix must be included in the two-byte OID length. - input_name_type must also be set to GSS_C_NT_EXPORT_NAME. - -* For **gss_import_cred**, a four-byte OID length in big-endian order, - followed by the concatenated OID, followed by a four-byte token - length in big-endian order, followed by the mechanism token. This - sequence may be repeated multiple times. diff --git a/krb5-1.21.3/doc/plugindev/hostrealm.rst b/krb5-1.21.3/doc/plugindev/hostrealm.rst deleted file mode 100644 index 4d488ef7..00000000 --- a/krb5-1.21.3/doc/plugindev/hostrealm.rst +++ /dev/null @@ -1,39 +0,0 @@ -.. _hostrealm_plugin: - -Host-to-realm interface (hostrealm) -=================================== - -The host-to-realm interface was first introduced in release 1.12. It -allows modules to control the local mapping of hostnames to realm -names as well as the default realm. For a detailed description of the -hostrealm interface, see the header file -````. - -Although the mapping methods in the hostrealm interface return a list -of one or more realms, only the first realm in the list is currently -used by callers. Callers may begin using later responses in the -future. - -Any mapping method may return KRB5_PLUGIN_NO_HANDLE to defer -processing to a later module. - -A module can create and destroy per-library-context state objects -using the **init** and **fini** methods. If the module does not need -any state, it does not need to implement these methods. - -The optional **host_realm** method allows a module to determine -authoritative realm mappings for a hostname. The first authoritative -mapping is used in preference to KDC referrals when getting service -credentials. - -The optional **fallback_realm** method allows a module to determine -fallback mappings for a hostname. The first fallback mapping is tried -if there is no authoritative mapping for a realm, and KDC referrals -failed to produce a successful result. - -The optional **default_realm** method allows a module to determine the -local default realm. - -If a module implements any of the above methods, it must also -implement **free_list** to ensure that memory is allocated and -deallocated consistently. diff --git a/krb5-1.21.3/doc/plugindev/index.rst b/krb5-1.21.3/doc/plugindev/index.rst deleted file mode 100644 index 5e783463..00000000 --- a/krb5-1.21.3/doc/plugindev/index.rst +++ /dev/null @@ -1,38 +0,0 @@ -For plugin module developers -============================ - -Kerberos plugin modules allow increased control over MIT krb5 library -and server behavior. This guide describes how to create dynamic -plugin modules and the currently available pluggable interfaces. - -See :ref:`plugin_config` for information on how to register dynamic -plugin modules and how to enable and disable modules via -:ref:`krb5.conf(5)`. - -.. TODO: update the above reference when we have a free-form section - in the admin guide about plugin configuration - - -Contents --------- - -.. toctree:: - :maxdepth: 2 - - general.rst - clpreauth.rst - kdcpreauth.rst - ccselect.rst - pwqual.rst - kadm5_hook.rst - kadm5_auth.rst - hostrealm.rst - localauth.rst - locate.rst - profile.rst - gssapi.rst - internal.rst - certauth.rst - kdcpolicy.rst - -.. TODO: GSSAPI mechanism plugins diff --git a/krb5-1.21.3/doc/plugindev/internal.rst b/krb5-1.21.3/doc/plugindev/internal.rst deleted file mode 100644 index 99e30bb7..00000000 --- a/krb5-1.21.3/doc/plugindev/internal.rst +++ /dev/null @@ -1,32 +0,0 @@ -Internal pluggable interfaces -============================= - -Following are brief discussions of pluggable interfaces which have not -yet been made public. These interfaces are functional, but the -interfaces are likely to change in incompatible ways from release to -release. In some cases, it may be necessary to copy header files from -the krb5 source tree to use an internal interface. Use these with -care, and expect to need to update your modules for each new release -of MIT krb5. - - -Kerberos database interface (KDB) ---------------------------------- - -A KDB module implements a database back end for KDC principal and -policy information, and can also control many aspects of KDC behavior. -For a full description of the interface, see the header file -````. - -The KDB pluggable interface is often referred to as the DAL (Database -Access Layer). - - -Authorization data interface (authdata) ---------------------------------------- - -The authdata interface allows a module to provide (from the KDC) or -consume (in application servers) authorization data of types beyond -those handled by the core MIT krb5 code base. The interface is -defined in the header file ````, which is not -installed by the build. diff --git a/krb5-1.21.3/doc/plugindev/kadm5_auth.rst b/krb5-1.21.3/doc/plugindev/kadm5_auth.rst deleted file mode 100644 index b4839617..00000000 --- a/krb5-1.21.3/doc/plugindev/kadm5_auth.rst +++ /dev/null @@ -1,35 +0,0 @@ -.. _kadm5_auth_plugin: - -kadmin authorization interface (kadm5_auth) -=========================================== - -The kadm5_auth interface (new in release 1.16) allows modules to -determine whether a client principal is authorized to perform an -operation in the kadmin protocol, and to apply restrictions to -principal operations. For a detailed description of the kadm5_auth -interface, see the header file ````. - -A module can create and destroy per-process state objects by -implementing the **init** and **fini** methods. State objects have -the type kadm5_auth_modinfo, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. - -The kadm5_auth interface has one method for each kadmin operation, -with parameters specific to the operation. Each method can return -either 0 to authorize access, KRB5_PLUGIN_NO_HANDLE to defer the -decision to other modules, or another error (canonically EPERM) to -authoritatively deny access. Access is granted if at least one module -grants access and no module authoritatively denies access. - -The **addprinc** and **modprinc** methods can also impose restrictions -on the principal operation by returning a ``struct -kadm5_auth_restrictions`` object. The module should also implement -the **free_restrictions** method if it dynamically allocates -restrictions objects for principal operations. - -kadm5_auth modules can optionally inspect principal or policy objects. -To do this, the module must also include ```` to gain -access to the structure definitions for those objects. As the kadmin -interface is explicitly not as stable as other public interfaces, -modules which do this may not retain compatibility across releases. diff --git a/krb5-1.21.3/doc/plugindev/kadm5_hook.rst b/krb5-1.21.3/doc/plugindev/kadm5_hook.rst deleted file mode 100644 index ece3eacf..00000000 --- a/krb5-1.21.3/doc/plugindev/kadm5_hook.rst +++ /dev/null @@ -1,27 +0,0 @@ -.. _kadm5_hook_plugin: - -KADM5 hook interface (kadm5_hook) -================================= - -The kadm5_hook interface allows modules to perform actions when -changes are made to the Kerberos database through :ref:`kadmin(1)`. -For a detailed description of the kadm5_hook interface, see the header -file ````. - -The kadm5_hook interface has five primary methods: **chpass**, -**create**, **modify**, **remove**, and **rename**. (The **rename** -method was introduced in release 1.14.) Each of these methods is -called twice when the corresponding administrative action takes place, -once before the action is committed and once afterwards. A module can -prevent the action from taking place by returning an error code during -the pre-commit stage. - -A module can create and destroy per-process state objects by -implementing the **init** and **fini** methods. State objects have -the type kadm5_hook_modinfo, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. - -Because the kadm5_hook interface is tied closely to the kadmin -interface (which is explicitly unstable), it may not remain as stable -across versions as other public pluggable interfaces. diff --git a/krb5-1.21.3/doc/plugindev/kdcpolicy.rst b/krb5-1.21.3/doc/plugindev/kdcpolicy.rst deleted file mode 100644 index 74f21f08..00000000 --- a/krb5-1.21.3/doc/plugindev/kdcpolicy.rst +++ /dev/null @@ -1,24 +0,0 @@ -.. _kdcpolicy_plugin: - -KDC policy interface (kdcpolicy) -================================ - -The kdcpolicy interface was first introduced in release 1.16. It -allows modules to veto otherwise valid AS and TGS requests or restrict -the lifetime and renew time of the resulting ticket. For a detailed -description of the kdcpolicy interface, see the header file -````. - -The optional **check_as** and **check_tgs** functions allow the module -to perform access control. Additionally, a module can create and -destroy module data with the **init** and **fini** methods. Module -data objects last for the lifetime of the KDC process, and are -provided to all other methods. The data has the type -krb5_kdcpolicy_moddata, which should be cast to the appropriate -internal type. - -kdcpolicy modules can optionally inspect principal entries. To do -this, the module must also include ```` to gain access to the -principal entry structure definition. As the KDB interface is -explicitly not as stable as other public interfaces, modules which do -this may not retain compatibility across releases. diff --git a/krb5-1.21.3/doc/plugindev/kdcpreauth.rst b/krb5-1.21.3/doc/plugindev/kdcpreauth.rst deleted file mode 100644 index ab7f3a90..00000000 --- a/krb5-1.21.3/doc/plugindev/kdcpreauth.rst +++ /dev/null @@ -1,79 +0,0 @@ -KDC preauthentication interface (kdcpreauth) -============================================ - -The kdcpreauth interface allows the addition of KDC support for -preauthentication mechanisms beyond those included in the core MIT -krb5 code base. For a detailed description of the kdcpreauth -interface, see the header file ```` (or -```` before release 1.12). - -A kdcpreauth module is generally responsible for: - -* Supplying a list of preauth type numbers used by the module in the - **pa_type_list** field of the vtable structure. - -* Indicating what kind of preauthentication mechanism it implements, - with the **flags** method. If the mechanism computes a new reply - key, it must specify the ``PA_REPLACES_KEY`` flag. If the mechanism - is generally only used with hardware tokens, the ``PA_HARDWARE`` - flag allows the mechanism to work with principals which have the - **requires_hwauth** flag set. - -* Producing a padata value to be sent with a preauth_required error, - with the **edata** method. - -* Examining a padata value sent by a client and verifying that it - proves knowledge of the appropriate client credential information. - This is done with the **verify** method. - -* Producing a padata response value for the client, and possibly - computing a reply key. This is done with the **return_padata** - method. - -A module can create and destroy per-KDC state objects by implementing -the **init** and **fini** methods. Per-KDC state objects have the -type krb5_kdcpreauth_moddata, which is an abstract pointer types. A -module should typically cast this to an internal type for the state -object. - -A module can create a per-request state object by returning one in the -**verify** method, receiving it in the **return_padata** method, and -destroying it in the **free_modreq** method. Note that these state -objects only apply to the processing of a single AS request packet, -not to an entire authentication exchange (since an authentication -exchange may remain unfinished by the client or may involve multiple -different KDC hosts). Per-request state objects have the type -krb5_kdcpreauth_modreq, which is an abstract pointer type. - -The **edata**, **verify**, and **return_padata** methods have access -to a callback function and handle (called a "rock") which can be used -to get additional information about the current request, including the -maximum allowable clock skew, the client's long-term keys, the -DER-encoded request body, the FAST armor key, string attributes on the -client's database entry, and the client's database entry itself. The -**verify** method can assert one or more authentication indicators to -be included in the issued ticket using the ``add_auth_indicator`` -callback (new in release 1.14). - -A module can generate state information to be included with the next -client request using the ``set_cookie`` callback (new in release -1.14). On the next request, the module can read this state -information using the ``get_cookie`` callback. Cookie information is -encrypted, timestamped, and transmitted to the client in a -``PA-FX-COOKIE`` pa-data item. Older clients may not support cookies -and therefore may not transmit the cookie in the next request; in this -case, ``get_cookie`` will not yield the saved information. - -If a module implements a mechanism which requires multiple round -trips, its **verify** method can respond with the code -``KRB5KDC_ERR_MORE_PREAUTH_DATA_REQUIRED`` and a list of pa-data in -the *e_data* parameter to be processed by the client. - -The **edata** and **verify** methods can be implemented -asynchronously. Because of this, they do not return values directly -to the caller, but must instead invoke responder functions with their -results. A synchronous implementation can invoke the responder -function immediately. An asynchronous implementation can use the -callback to get an event context for use with the libverto_ API. - -.. _libverto: https://fedorahosted.org/libverto/ diff --git a/krb5-1.21.3/doc/plugindev/localauth.rst b/krb5-1.21.3/doc/plugindev/localauth.rst deleted file mode 100644 index 6f396a9c..00000000 --- a/krb5-1.21.3/doc/plugindev/localauth.rst +++ /dev/null @@ -1,43 +0,0 @@ -.. _localauth_plugin: - -Local authorization interface (localauth) -========================================= - -The localauth interface was first introduced in release 1.12. It -allows modules to control the relationship between Kerberos principals -and local system accounts. When an application calls -:c:func:`krb5_kuserok` or :c:func:`krb5_aname_to_localname`, localauth -modules are consulted to determine the result. For a detailed -description of the localauth interface, see the header file -````. - -A module can create and destroy per-library-context state objects -using the **init** and **fini** methods. If the module does not need -any state, it does not need to implement these methods. - -The optional **userok** method allows a module to control the behavior -of :c:func:`krb5_kuserok`. The module receives the authenticated name -and the local account name as inputs, and can return either 0 to -authorize access, KRB5_PLUGIN_NO_HANDLE to defer the decision to other -modules, or another error (canonically EPERM) to authoritatively deny -access. Access is granted if at least one module grants access and no -module authoritatively denies access. - -The optional **an2ln** method can work in two different ways. If the -module sets an array of uppercase type names in **an2ln_types**, then -the module's **an2ln** method will only be invoked by -:c:func:`krb5_aname_to_localname` if an **auth_to_local** value in -:ref:`krb5.conf(5)` refers to one of the module's types. In this -case, the *type* and *residual* arguments will give the type name and -residual string of the **auth_to_local** value. - -If the module does not set **an2ln_types** but does implement -**an2ln**, the module's **an2ln** method will be invoked for all -:c:func:`krb5_aname_to_localname` operations unless an earlier module -determines a mapping, with *type* and *residual* set to NULL. The -module can return KRB5_LNAME_NO_TRANS to defer mapping to later -modules. - -If a module implements **an2ln**, it must also implement -**free_string** to ensure that memory is allocated and deallocated -consistently. diff --git a/krb5-1.21.3/doc/plugindev/locate.rst b/krb5-1.21.3/doc/plugindev/locate.rst deleted file mode 100644 index fca6a4da..00000000 --- a/krb5-1.21.3/doc/plugindev/locate.rst +++ /dev/null @@ -1,32 +0,0 @@ -Server location interface (locate) -================================== - -The locate interface allows modules to control how KDCs and similar -services are located by clients. For a detailed description of the -ccselect interface, see the header file ````. - -.. note: The locate interface does not follow the normal conventions - for MIT krb5 pluggable interfaces, because it was made public - before those conventions were established. - -A locate module exports a structure object of type -krb5plugin_service_locate_ftable, with the name ``service_locator``. -The structure contains a minor version and pointers to the module's -methods. - -The primary locate method is **lookup**, which accepts a service type, -realm name, desired socket type, and desired address family (which -will be AF_UNSPEC if no specific address family is desired). The -method should invoke the callback function once for each server -address it wants to return, passing a socket type (SOCK_STREAM for TCP -or SOCK_DGRAM for UDP) and socket address. The **lookup** method -should return 0 if it has authoritatively determined the server -addresses for the realm, KRB5_PLUGIN_NO_HANDLE if it wants to let -other location mechanisms determine the server addresses, or another -code if it experienced a failure which should abort the location -process. - -A module can create and destroy per-library-context state objects by -implementing the **init** and **fini** methods. State objects have -the type void \*, and should be cast to an internal type for the state -object. diff --git a/krb5-1.21.3/doc/plugindev/profile.rst b/krb5-1.21.3/doc/plugindev/profile.rst deleted file mode 100644 index 209c0644..00000000 --- a/krb5-1.21.3/doc/plugindev/profile.rst +++ /dev/null @@ -1,96 +0,0 @@ -.. _profile_plugin: - -Configuration interface (profile) -================================= - -The profile interface allows a module to control how krb5 -configuration information is obtained by the Kerberos library and -applications. For a detailed description of the profile interface, -see the header file ````. - -.. note:: - - The profile interface does not follow the normal conventions - for MIT krb5 pluggable interfaces, because it is part of a - lower-level component of the krb5 library. - -As with other types of plugin modules, a profile module is a Unix -shared object or Windows DLL, built separately from the krb5 tree. -The krb5 library will dynamically load and use a profile plugin module -if it reads a ``module`` directive at the beginning of krb5.conf, as -described in :ref:`profile_plugin_config`. - -A profile module exports a function named ``profile_module_init`` -matching the signature of the profile_module_init_fn type. This -function accepts a residual string, which may be used to help locate -the configuration source. The function fills in a vtable and may also -create a per-profile state object. If the module uses state objects, -it should implement the **copy** and **cleanup** methods to manage -them. - -A basic read-only profile module need only implement the -**get_values** and **free_values** methods. The **get_values** method -accepts a null-terminated list of C string names (e.g., an array -containing "libdefaults", "clockskew", and NULL for the **clockskew** -variable in the :ref:`libdefaults` section) and returns a -null-terminated list of values, which will be cleaned up with the -**free_values** method when the caller is done with them. - -Iterable profile modules must also define the **iterator_create**, -**iterator**, **iterator_free**, and **free_string** methods. The -core krb5 code does not require profiles to be iterable, but some -applications may iterate over the krb5 profile object in order to -present configuration interfaces. - -Writable profile modules must also define the **writable**, -**modified**, **update_relation**, **rename_section**, -**add_relation**, and **flush** methods. The core krb5 code does not -require profiles to be writable, but some applications may write to -the krb5 profile in order to present configuration interfaces. - -The following is an example of a very basic read-only profile module -which returns a hardcoded value for the **default_realm** variable in -:ref:`libdefaults`, and provides no other configuration information. -(For conciseness, the example omits code for checking the return -values of malloc and strdup.) :: - - #include - #include - #include - - static long - get_values(void *cbdata, const char *const *names, char ***values) - { - if (names[0] != NULL && strcmp(names[0], "libdefaults") == 0 && - names[1] != NULL && strcmp(names[1], "default_realm") == 0) { - *values = malloc(2 * sizeof(char *)); - (*values)[0] = strdup("ATHENA.MIT.EDU"); - (*values)[1] = NULL; - return 0; - } - return PROF_NO_RELATION; - } - - static void - free_values(void *cbdata, char **values) - { - char **v; - - for (v = values; *v; v++) - free(*v); - free(values); - } - - long - profile_module_init(const char *residual, struct profile_vtable *vtable, - void **cb_ret); - - long - profile_module_init(const char *residual, struct profile_vtable *vtable, - void **cb_ret) - { - *cb_ret = NULL; - vtable->get_values = get_values; - vtable->free_values = free_values; - return 0; - } diff --git a/krb5-1.21.3/doc/plugindev/pwqual.rst b/krb5-1.21.3/doc/plugindev/pwqual.rst deleted file mode 100644 index 523b95c5..00000000 --- a/krb5-1.21.3/doc/plugindev/pwqual.rst +++ /dev/null @@ -1,25 +0,0 @@ -.. _pwqual_plugin: - -Password quality interface (pwqual) -=================================== - -The pwqual interface allows modules to control what passwords are -allowed when a user changes passwords. For a detailed description of -the pwqual interface, see the header file ````. - -The primary pwqual method is **check**, which receives a password as -input and returns success (0) or a ``KADM5_PASS_Q_`` failure code -depending on whether the password is allowed. The **check** method -also receives the principal name and the name of the principal's -password policy as input; although there is no stable interface for -the module to obtain the fields of the password policy, it can define -its own configuration or data store based on the policy name. - -A module can create and destroy per-process state objects by -implementing the **open** and **close** methods. State objects have -the type krb5_pwqual_moddata, which is an abstract pointer type. A -module should typically cast this to an internal type for the state -object. The **open** method also receives the name of the realm's -dictionary file (as configured by the **dict_file** variable in the -:ref:`kdc_realms` section of :ref:`kdc.conf(5)`) if it wishes to use -it. diff --git a/krb5-1.21.3/doc/resources.rst b/krb5-1.21.3/doc/resources.rst deleted file mode 100644 index 2ac2791c..00000000 --- a/krb5-1.21.3/doc/resources.rst +++ /dev/null @@ -1,60 +0,0 @@ -Resources -========= - -Mailing lists -------------- - -* kerberos@mit.edu is a community resource for discussion and - questions about MIT krb5 and other Kerberos implementations. To - subscribe to the list, please follow the instructions at - https://mailman.mit.edu/mailman/listinfo/kerberos. -* krbdev@mit.edu is the primary list for developers of MIT Kerberos. - To subscribe to the list, please follow the instructions at - https://mailman.mit.edu/mailman/listinfo/krbdev. -* krb5-bugs@mit.edu is notified when a ticket is created or updated. - This list helps track bugs and feature requests. - In addition, this list is used to track documentation criticism - and recommendations for improvements. -* krbcore@mit.edu is a private list for the MIT krb5 core team. Send - mail to this list if you need to contact the core team. -* krbcore-security@mit.edu is the point of contact for security problems - with MIT Kerberos. Please use PGP-encrypted mail to report possible - vulnerabilities to this list. - - -IRC channels ------------- - -The IRC channel `#kerberos` on libera.chat is a community resource for -general Kerberos discussion and support. - -The main IRC channel for MIT Kerberos development is `#krbdev` on -Libera Chat. - -For more information about Libera Chat, see https://libera.chat/. - - -Archives --------- - -* The archive https://mailman.mit.edu/pipermail/kerberos/ contains - past postings from the `kerberos@mit.edu` list. - -* The https://mailman.mit.edu/pipermail/krbdev/ contains past postings - from the `krbdev@mit.edu` list. - - -Wiki ----- - -The wiki at https://k5wiki.kerberos.org/ contains useful information -for developers working on the MIT Kerberos source code. Some of the -information on the wiki may be useful for advanced users or system -administrators. - -Web pages ---------- - -* https://web.mit.edu/kerberos/ is the MIT Kerberos software web page. - -* https://kerberos.org/ is the MIT Kerberos Consortium web page. diff --git a/krb5-1.21.3/doc/rpc/design.tex b/krb5-1.21.3/doc/rpc/design.tex deleted file mode 100644 index 801034b0..00000000 --- a/krb5-1.21.3/doc/rpc/design.tex +++ /dev/null @@ -1,1037 +0,0 @@ -\documentstyle[fullpage,12pt]{article} - -\title{GSS-API Extensions to Sun RPC} -\date{Draft---\today} -\author{Barry Jaspan} - -\setlength{\parskip}{.7\baselineskip} -\setlength{\parindent}{0pt} - -\makeatletter -\newcount\savecnt\savecnt=0 -\def\saveenum#1{\global\savecnt=\csname c@enum#1\endcsname} -\def\restoreenum#1{\csname c@enum#1\endcsname=\savecnt} -\makeatother - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -%% Make _ actually generate an _, and allow line-breaking after it. -\let\underscore=\_ -\catcode`_=13 -\def_{\underscore\penalty75\relax} -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - -\begin{document} - - -{\setlength{\parskip}{0pt}\maketitle\tableofcontents} - -\section{Introduction} - -This document describes the integration of GSS-API authentication and -security with Sun RPC. - -\section{Requirements} - -The requirements of the GSS-API authentication system for Sun RPC are: - -\begin{enumerate} -\item It must provide mutual authentication between RPC clients and -servers. - -\item It must provide for integrity checking and encryption of all -procedure arguments and results passed over the network. -\saveenum{i} -\end{enumerate} - -The following features are desired, but not mandatory: - -\begin{enumerate} -\restoreenum{i} -\item It should provide for integrity checking and encryption of all -``header information'' that specifies the program and procedure being -called. - -\item It should obey the Sun RPC protocol so that clients using -it can interoperate with existing servers. In this case, -``interoperate'' means that existing servers will return an error code -indicating that they do not understand the authentication flavor, but -not that they do not understand the request at all. - -\item It should require minimal or no changes to the standard Sun RPC -programming paradigm for either clients or servers so that existing -code can use it with little or no effort. - -\item It should operate correctly with all the standard Sun RPC -transport mechansims (e.g. UDP and TCP). -\saveenum{i} -\end{enumerate} - -\section{Functional Specification} - -This section describes the programmer's interface to the GSS-API -authentication flavor. Knowledge of standard Sun RPC programming is -assumed. - -\subsection{Client Side} - -A RPC client can select the GSS-API authentication flavor in the same -way it can select any other authentication flavor, by setting the -cl_auth field of the CLIENT structure to the appropriate value: - -\begin{verbatim} - clnt = clnt_create(server_host, PROG_NUM, PROG_VERS, protocol); - clnt->cl_auth = auth_gssapi_create(clnt, ...); -\end{verbatim} - -There are two functions that create GSS-API authentication flavor -structures for the cl_auth field, auth_gssapi_create and -auth_gssapi_create_default. - -\begin{verbatim} -AUTH *auth_gssapi_create(CLIENT *clnt, - OM_uint32 *major_status, - OM_uint32 *minor_status, - gss_cred_id_t claimant_cred_handle, - gss_name_t target_name, - gss_OID mech_type, - int req_flags, - int time_req, - gss_OID *actual_mech_type, - int *ret_flags, - OM_uint32 *time_rec); -\end{verbatim} - -auth_gssapi_create creates a GSS-API authentication structure and -provides most of the flexibility of gss_init_sec_context. The -arguments have the same interpretation as those of -gss_init_sec_context with the same name, except: - -\begin{description} -\item[clnt] The CLIENT structure returned by client_create or one of -its relatives. It is not modified. -\end{description} - -auth_gssapi_create calls gss_init_sec_context as needed, passing each -generated token to and processing each token returned from the RPC -server specified by the RPC handle clnt. On return, if major_status -is GSS_S_COMPLETE, the context has been established, the returned AUTH -structure is valid, and all of the arguments filled in by -gss_init_sec_context have the correct values. If major_status is not -GSS_S_COMPLETE then it and minor_status contain error codes that can -be passed to gss_display_status and the returned value is NULL. - -\begin{verbatim} -AUTH *auth_gssapi_create_default(CLIENT *clnt, char *service_name); -\end{verbatim} - -auth_gssapi_create_default is a shorthand for auth_gssapi_create that -attempts to create a context that provides procedure call and result -integrity, using the default credentials and GSS-API mechanism. -service_name is parsed as a GSS-API ``service'' name and used as the -target name. The other arguments to auth_gssapi_create are as follows: - -\begin{verbatim} -auth_gssapi_create(clnt, - &dummy, - &dummy, - GSS_C_NO_CREDENTIAL, - target_name, - GSS_C_NULL_OID, - GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG, - 0, - NULL, - NULL, - NULL); -\end{verbatim} - -Note that if the underlying default mechanism does not support data -integrity (e.g. the trust mechanism), this function will fail. - -The GSS-API major and minor status codes can be interpreted with -auth_gssapi_display_status: - -\begin{verbatim} -void auth_gssapi_display_status(char *msg, OM_uint32 major, - OM_uint32 minor); -\end{verbatim} - -All of the error messages associated with the major and minor status -are displated on the standard error output, preceeded by the message -``GSS-API authentication error $<$msg$>$:''. - -\subsection{Server Side} - -\subsubsection{Service Name Registration} - -An application server must register the service name(s) that it will -use for GSS-API connections before any AUTH_GSSAPI requests will -succeed. - -\begin{verbatim} -typedef struct _auth_gssapi_name { - char *name; - gss_OID type; -} auth_gssapi_name; - -bool_t _svcauth_gssapi_set_names(auth_gssapi_name *names, int num); -\end{verbatim} - -names is an array of name specifications, each of which consists of a -null-terminated ASCII representation of a name and the GSS-API name -type that should be used to import it with gss_import_name. The -name type ``gss_nt_service_name'' is recommended. - -\subsubsection{Calling Client and Service Identification} - -Each application server's dispatch function is passed two arguments, -the transport mechanism (transp) and the RPC service request (rqstp). -If the service request's credential flavor (rq_cred.oa_flavor) is -AUTH_GSSAPI (300001)\footnote{The value 4 was originally used, but -300001 has been officially assigned by the IETF.}, then the call has -been authenticated. The rq_clntcred field of transp contains the -gss_name_t of the authenticated caller and can be passed to -gss_display_name to obtain a string represtation or gss_compare_name -to compare it with other names. The rq_svccred field of transp -contains the GSS-API context established with the caller and can be -passed to gss_inquire_context. - -\subsubsection{Error Logging} - -An application server can register a function to be called when a -failure occurs during GSS-API context establishment with -_svcauth_set_log_badauth_func. - -\begin{verbatim} -typedef void (*auth_gssapi_log_badauth_func)(OM_uint32 major, - OM_uint32 minor, - struct sockaddr_in *raddr, - caddr_t data); - -void _svcauth_set_log_badauth_func(auth_gssapi_log_badauth_func func, - caddr_t data); -\end{verbatim} - -The function func is called each time gss_accept_sec_context fails. -The major and minor arguments indicate the GSS-API major and minor -status codes returned. The raddr field contains the INET socket that -the request came from, and the data field contains the data argument -of _svcauth_gssapi_set_log_badauth_func. - -An application server can register a function to be called when an RPC -request with an invalid verifier arrives with -_svcauth_set_log_badverf_func. - -\begin{verbatim} -typedef void (*auth_gssapi_log_badverf_func)(gss_name_t client, - gss_name_t server, - struct svc_req *rqst, - struct rpc_msg *msg, - caddr_t data); - -void _svcauth_set_log_badverf_func(auth_gssapi_log_badverf_func func, - caddr_t data); -\end{verbatim} - -The function specified in func is called each time an invalid verifier -is received. The client and server fields identify the (falsely -claimed) originating client and the server it originally authenticated -to. The raddr and addrlen fields contain the INET socket that the -request (claims to have) come from, and data contains the data -argument of _svcauth_set_log_badverf_func. - -\section{Modifications to Sun RPC} - -The Sun RPC extensible authentication mechanism is designed to allow -different authentication systems to be integrated into Sun RPC easily. -Unfortunately, it has two drawbacks. First, the existing system has a -number of non-general design properties that are intended specifically -for Sun's Secure RPC, and second, the existing system has no concept -of or ability to perform authentication-flavor-specific operations on -function arguments and results passed over the wire. The first -problem merely makes the system confusing, since a number of features -touted as ``general'' do not make any sense for arbitrary -authentication systems. The second problem is more substantial, and -can only be corrected by modifications to Sun RPC internals. - -The following sections describe the necessary modifications to Sun -RPC. - -\subsection{Client Side Authentication, AUTH Structure} - -The AUTH structure (figure \ref{fig:auth}) encapsulates the data and -function pointers for an authentication flavor instance. It has been -changed in two ways. - -\begin{figure}[htbp] -\begin{verbatim} -typedef struct { - struct opaque_auth ah_cred; - struct opaque_auth ah_verf; - union des_block ah_key; - struct auth_ops { - void (*ah_nextverf)(); - int (*ah_marshal)(); /* nextverf & serialize */ - int (*ah_validate)(); /* validate varifier */ - int (*ah_refresh)(); /* refresh credentials */ - int (*ah_wrap)(); /* encode data for wire */ - int (*ah_unwrap)(); /* decode data from wire */ - void (*ah_destroy)(); /* destroy this structure */ - } *ah_ops; - caddr_t ah_private; -} AUTH; -\end{verbatim} -\caption{The AUTH structure, with the new function pointers ah_wrap -and ah_unwrap.} -\label{fig:auth} -\end{figure} - -First, the new functions ah_wrap and ah_unwrap prepare function -arguments and results for transmission over the wire. The -authentication mechanism can use them to sign, encrypt, or perform any -other operation on the data. Their prototype is: - -\begin{verbatim} -bool_t ah_wrap(AUTH *auth, XDR *out_xdrs, xdrproc_t func, caddr_t ptr); -bool_t ah_unwrap(AUTH *auth, XDR *in_xdrs, xdrproc_t func, caddr_t ptr); -\end{verbatim} - -ah_wrap encodes function arguments for transmission. func and ptr are -the XDR procedure and pointer that serialize the arguments, and -out_xdrs is the xdr stream that the encoded arguments should be -written to. ah_unwrap decodes function arguments received from the -network. Its arguments are the converse of those to ah_wrap. - -It is the responsibility of RPC transport mechanisms to call an -authorization flavor's ah_wrap and ah_unwrap functions when function -arguments or results would normally be written to or read from the -wire. Authorization flavors that do not need to perform any encoding -or decoding can use the provided function authany_wrap for ah_wrap -and ah_unwrap; it consists of the single statement ``return -(*func)(out_xdrs, ptr)'' (or in_xdrs, as appropriate). - -Second, the function ah_refresh has been changed to take the RPC error -message that resulted in its being called as an argument. This is -necessary since the contents of the error message may dictate how -ah_refresh should go about correcting the authentication failure. - -\subsection{Client Side Transport Mechanisms} - -Each client side transport mechanism must be modified to call the -ah_wrap and ah_unwrap functions from the cl_auth field of the CLIENT -structure during the call and reply process. The modification is -fairly simple. For example, the UDP transport mechanism used to -encode procedure calls like this: - -\begin{verbatim} - if ((! XDR_PUTLONG(xdrs, (long *)&proc)) || - (! AUTH_MARSHALL(cl->cl_auth, xdrs)) || - (! (*xargs)(xdrs, argsp))) - return (cu->cu_error.re_status = RPC_CANTENCODEARGS); -\end{verbatim} - -The last function call in the conditional serializes the arguments -onto the xdr stream. This must be replaced with a call to the -appropriate ah_wrap function: - -\begin{verbatim} - if ((! XDR_PUTLONG(xdrs, (long *)&proc)) || - (! AUTH_MARSHALL(cl->cl_auth, xdrs)) || - (! AUTH_WRAP(cl->cl_auth, xdrs, xargs, argsp))) - return (cu->cu_error.re_status = RPC_CANTENCODEARGS); -\end{verbatim} - -AUTH_WRAP is a macro that takes the four arguments for an ah_wrap -function and extracts and calls the function pointer from the cl_auth -structure with the specified arguments. - -Similarly, the transport mechanism must unwrap procedure results. -Again, the UDP mechanism will be instructive. It used to deserialize -function results like this: - -\begin{verbatim} - reply_msg.acpted_rply.ar_results.where = resultsp; - reply_msg.acpted_rply.ar_results.proc = xresults; - - ok = xdr_replymsg(&reply_xdrs, &reply_msg); -\end{verbatim} - -The problem here is that xdr_replymsg deserializes an entire reply -message, including the results. Since xresults and resultsp are the -function and pointer to decode the results, they will be automatically -deserialized {\it without} ah_unwrap being invoked. The simplest -solution (which is also the normal method used by the TCP mechanism) -is to arrange to deserialize the function results explicitly: - -\begin{verbatim} - reply_msg.acpted_rply.ar_results.where = NULL; - reply_msg.acpted_rply.ar_results.proc = xdr_void; - - if ((! xdr_replymsg(&reply_xdrs, &reply_msg)) || - (! AUTH_UNWRAP(cl->cl_auth, reply_xdrs, xresults, - resultsp))) { - return (cu->cu_error.re_status = RPC_CANTENCODEARGS); - } -\end{verbatim} - -Since xdr_void does not read any data from the XDR stream, the -function results are still available when AUTH_UNWRAP is called. Note -that AUTH_UNWRAP should only be called on {\it successful} calls; if -the reply message status is not RPC_SUCCESS there are no arguments to -read. - -Currently, the UDP and TCP transport mechanisms has been -converted.\footnote{The ``raw'' mechanism, for direct connections, has -not been.} - -\subsection{Service Side Authentication, SVCAUTH and XPRT} - -Standard Sun RPC service-side authentication consists of a single -function per authentication flavor; there is no concept of an AUTH -structure containing function pointers and private data as with the -client side. Previously, nothing else was necessary, because each -flavor only did a single thing (authenticated individual calls in a -stateless manner). More functions and state are now required, -however; they are stored in the SVCAUTH structure, see figure -\ref{fig:svcauth}. - -\begin{figure}[htbp] -\begin{verbatim} -typedef struct { - struct svc_auth_ops { - int (*svc_ah_wrap)(); - int (*svc_ah_unwrap)(); - } *svc_ah_ops; - caddr_t svc_ah_private; -} SVCAUTH; -\end{verbatim} -\caption{The new SVCAUTH structure.} -\label{fig:svcauth} -\end{figure} - -There is one SVCAUTH structure per authentication flavor (there is a -default, svc_auth_any, for existing authentication flavors that do not -need the extra functionality). The svc_ah_wrap and svc_ah_unwrap -perform the same logical function as their client-side counterparts. - -Just as with the client side, it is the responsibility of the -transport mechanism to call the svc_ah_wrap and svc_ah_unwrap -functions associated with the authentication flavor associated with -each RPC call at the appropriate time. Unfortunately, the transport -mechanism code does not have access to the RPC call structure -containing the authenticator flavor because the RPC call structure -itself is not passed as an argument to the necessary functions. The -present solution is to add another argument to the transport mechanism -structure, xp_auth, that stores the SVCAUTH of the {\it current} call -on that mechanism; see figure \ref{fig:xprt}. xp_auth is initialized -to svc_auth_any so that existing authentication mechanisms that do not -set the field will still operate correctly. \footnote{This is not an -great solution, because it forces each transport mechanism to be -single threaded. The correct solution is to store the SVCAUTH -associated with each RPC call in the RPC call structure; however, -doing so would require changing a lot of code to pass around the RPC -call structure that currently does not do so. Since other parts of -Sun RPC use the XPRT structure in a non-reentrant way, the present -solution does not make the situation any -worse.}$^{\mbox{,}}$\footnote{A somewhat irrelevant side effect of -adding SVCAUTH to XPRT is that the standard include file -$<$rpc/rpc.h$>$ had to be changed to include $<$rpc/svc_auth$>$ before -$<$rpc/svc.h$>$, whereas they used to be in the opposite order.} - -\begin{figure}[htbp] -\begin{verbatim} -typedef struct { - int xp_sock; - u_short xp_port; /* associated port number */ - struct xp_ops { - bool_t (*xp_recv)(); /* receive incomming requests */ - enum xprt_stat (*xp_stat)(); /* get transport status */ - bool_t (*xp_getargs)(); /* get arguments */ - bool_t (*xp_reply)(); /* send reply */ - bool_t (*xp_freeargs)();/* free mem allocated for args */ - void (*xp_destroy)(); /* destroy this struct */ - } *xp_ops; - int xp_addrlen; /* length of remote address */ - struct sockaddr_in xp_raddr; /* remote address */ - struct opaque_auth xp_verf; /* raw response verifier */ - SVCAUTH *xp_auth; /* auth flavor of current req */ - caddr_t xp_p1; /* private */ - caddr_t xp_p2; /* private */ -} SVCXPRT; -\end{verbatim} -\caption{The modified XPRT structure, with the xp_auth field.} -\label{fig:xprt} -\end{figure} - -Finally, with the modified XPRT structure carrying around the -authentication flavor structure, the functions that serialize and -deserialize function arguments and results must be modified to use the -svc_ah_wrap and svc_ah_unwrap functions. Each service-side transport -mechanism has getargs and reply functions that must be modified to use -the SVCAUTH_UNWRAP and SVCAUTH_WRAP macros, respectively, in a manner -completely parallel to the client side. - -\subsection{Authenticated Service Identification, svc_req} - -Sun RPC provides the authenticated credentials of a client to the -application server via rq_clntcred (``cooked credentials'') field of -the service request (svc_req) structure. In many authentication -systems, services are also named entities, and there is no reason that -an RPC should be restricted to accepting connections as a single -authenticated service name. However, access control decisions may be -based on the service name a client authenticated to, so that -information must be available to the application server. - -Figure \ref{fig:svc-req} shows the modified service request structure -that contains a single new field, rq_svccred. Like rq_clntcred, the -authentication flavor is responsible for setting rq_svccred to the -``cooked'' service credentials associated with a given RPC call. -Authentication flavors that do not have the concept of service names -can of course leave this field blank. - -\begin{figure}[htbp] -\begin{verbatim} -struct svc_req { - u_long rq_prog; /* service program number */ - u_long rq_vers; /* service protocol version */ - u_long rq_proc; /* the desired procedure */ - struct opaque_auth rq_cred; /* raw creds from the wire */ - caddr_t rq_clntcred; /* read only cooked client cred */ - caddr_t rq_svccred; /* read only cooked svc cred */ - SVCXPRT *rq_xprt; /* associated transport */ -}; -\end{verbatim} -\caption{The modified svc_req structure, with the rq_svccred field.} -\label{fig:svc-req} -\end{figure} - - - -\subsection{Authentication Negotiation, no_dispatch} - -In order to avoid having to transmit a full set of authentication -information with every call, the service-side authentication mechanism -must save state between calls. Establishing that state may require -multiple messages between the client-side and service-side -authentication mechanisms. The client-side authentication mechanism -can make arbitrary RPC calls to the server simply by requiring the -programmer to specify the CLIENT structure to the authentication -flavor initialization routine. The service side, however, is more -complex. In the normal course of events, an RPC call comes in, is -authenticated, and is then dispatched to the appropriate procedure. -For client- and service-side authentication flavors to communicate -independent of the server implemented above the RPC layer, the -service-side flavor must be able to send a reply to the client -directly and {\it prevent} the call from being dispatched. - -This is implemented by a simple modification to the _authenticate -routine, which dispatches each RPC call to the appropriate -authentication flavor; see figure \ref{fig:authenticate}. It takes an -additional argument, no_dispatch, that instructs the mechanism not to -dispatch the RPC call to the specified procedure. - -\begin{figure}[htbp] -\begin{verbatim} - why=_authenticate(&r, &msg, &no_dispatch); - if (why != AUTH_OK) { - svcerr_auth(xprt, why); - goto call_done; - } else if (no_dispatch) { - goto call_done; - } -\end{verbatim} -\caption{A call to the modified _authenticate.} -\label{fig:authenticate} -\end{figure} - -If _authenticate sets no_dispatch to true, the call is considered -finished and no procedure dispatch takes place. Presumably, an -authentication flavor that sets no_dispatch to true also replies to -the RPC call with svc_sendreply. Authentication flavors that do not -modify no_dispatch implicitly leave it set to false, so the normal -dispatch takes place. - -\subsection{Affected Files} - -Table \ref{tab:modfiles} lists the files that were -affected for each of the modifications described in previous sections. - -\begin{table}[htbp] -\centering -\caption{Files modified for each change to Sun RPC.} -\label{tab:modfiles} -\begin{tabular}{ll} -AUTH structure & auth.h \\ - & auth_none.c \\ - & auth_exit.c \\ - & auth_any.c \\ -Client Transport Mechanisms & clnt_udp.c \\ - & clnt_tcp.c \\ -SVCAUTH and XPRT structures & rpc.h \\ - & svc.h \\ - & svc_auth.h \\ - & svc.c \\ - & svc_auth.c \\ - & svc_auth_any.c \\ - & svc_auth_unix.c \\ -Server Transport Mechanisms & svc_udp.c \\ - & svc_tcp.c -\end{tabular} -\end{table} - -\section{GSS-API Authentication Flavor} - -The following sections describe the implementation of the GSS-API -authentication flavor for Sun RPC. - -\subsection{Authentication Algorithms} -\label{sec:algorithms} - -\subsubsection{Context Initiation} - -The client creates a GSS-API context with the server each time it -calls auth_gssapi_create. The context is created using the standard -gss_init_sec_context and gss_accept_sec_context function calls. The -generated tokens are passed between the client and server as arguments -and results of normal RPC calls. - -The client side, in auth_gssapi_create, performs the following steps -to initiate a context: - -\begin{enumerate} -\item\label{item:process-token} The client calls gss_init_sec_context. -On the first such call, no input token is provided; on subsequent -calls, the token received from the server is provided. - -\item If gss_init_sec_context produces an output token: - -\begin{enumerate} -\item The client transmits the token to the server, identifying itself -with client_handle if it has already been received (see next step). -The return value from the server will contain a client_handle and one -or both of a token and a signed initial sequence number. - -\item If this is the first response from the server, the client_handle -is stored for subsequent calls. Otherwise, the client_handle should be -the same as returned on the previous call. - -\item If the response contains a signed initian sequence number but -the context is not yet established, then the response also contains a -token that will established the context. The signed initial sequence -number is stored. - -\item If the response contains a token, step \ref{item:process-token} -repeated. -\end{enumerate} - -\item The signed initial sequence number is verified using the -established context. -\end{enumerate} - -The server side, in _svcauth_gssapi, performs the following steps to -initiate a context: - -\begin{enumerate} -\item If a call arrives with no client_handle, a new client_handle is -allocated and stored in the database. Otherwise, the client's -previous state is is looked up in the database. - -\item The received token is passed to gss_accept_sec_context. If an -output token is generated, it is returned to the client. Note that -since the application server may have registered multiple service -names and there is no way to determine {\it a priori} which service a -token is for, _svcauth_gssapi calls gss_accept_sec_context once for -each registered credential until one of them succeeds. The code -assumes that GSS_S_FAILURE is the only error that can result from a -credential mismatch, so any other error terminates the loop -immediately. - -\item If the context is established, the server signs an initial -sequence number and returns it to the client. -\end{enumerate} - -Note that these algorithms require context establishment to be -synchronous. If gss_init_sec_context returns GSS_S_COMPLETE upon -processing a token, it will either produce a token or not. If it -does, then gss_accept_sec_context will return GSS_S_COMPLETE when that -token is processed; if it does not, then gss_accept_sec_context -already returned GSS_S_COMPLETE (and presumably returned the token -that caused gss_init_sec_context to return GSS_S_COMPLETE when -processed). The reverse is also true. - -\subsubsection{RPC Calls} - -After the GSS-API context is established, both the server and the -client possess a client handle and a corresponding sequence number. -Each call from the client contains the client handle as the -``credential'' so that the server can identify which context to apply -to the call. - -Each client call and server response includes a ``verifier'' that -contains the sealed current sequence number.\footnote{In a future -version, the verifier will also contain a signature block for the call -header, including the procedure number called.} The sequence number -prevents replay attacks\footnote{Although some GSS-API mechanisms -provide replay detection themselves, not all of them do; explicitly -including the sequence number in the RPC therefore provides better -end-to-end security}, but by itself it does not prevent splicing -attacks. - -Each procedure argument and result block consists of the current -sequence number and the actual serialized argument string, all sealed -with gss_seal. Combining the sequence number with the argument/result -data prevents splicing attacks. - -The sequence number is incremented by one for each RPC call and by one -for each response. The client and server will both reject messages -that do not contain the expected sequence number. Packets -retransmitted by the client should use the {\it same} sequence number -as the original packet, since even if the server receives multiple -copies only one will be honored. - -\subsection{RPC Call Credential Structure} - -Every message transmitted from the client to the server has a -credentials (cb_cred) field of the type auth_gssapi_creds: - -\begin{verbatim} -typedef struct _auth_gssapi_creds { - bool_t auth_msg; - gss_buffer_desc client_handle; -}; -\end{verbatim} - -The auth_msg field indicates whether the message is intended for the -authentication mechanism for the actual server. Any message whose -auth_msg field is true is processed by the authentication mechanism; -any message whose auth_msg is false is passed to the application -server's dispatch function if authentication succeeds. All messages -must have an auth_msg of true until the context is established, since -authentication cannot succeed until it is. - -The client_handle field contains the client handle obtained from the -first call to the server. On the first call, this field is empty. - -\subsection{GSS-API Authentication Flavor Procedures} - -The GSS-API authentication flavor uses standard RPC calls over the -client handle it is provided for the interactions described in -\ref{sec:algorithms}. All of the following procedures require the -auth_msg field in the credentials to be true; otherwise, the -server-side authentication flavor will simply attempt to authenticate -the caller and pass the call to the application server. The -server-side authentication flavor uses the no_dispatch variable to -indicate that it has handled the call. - -\subsubsection{AUTH_GSSAPI_INIT, AUTH_GSSAPI_CONTINUE_INIT} - -Context initiation is performed via AUTH_GSSAPI_INIT and -AUTH_GSSAPI_CONTINUE_INIT. The former is used to transfer the first -token generated by gss_init_sec_context, when no client handle is -included in the credentials; the latter is used on subsequent calls, -when a client handle is included. - -Both procedures take an argument of type auth_gssapi_init_arg and -return results of the type auth_gssapi_init_res. - -\begin{verbatim} -typedef struct _auth_gssapi_init_arg { - u_long version; - gss_buffer_desc token; -} auth_gssapi_init_arg; -\end{verbatim} - -\begin{description} -\item[version] Three versions are presently defined. - -\begin{description} -\item[1] The original version, as described in this document - -\item[2] In earlier versions of Secure there was a bug in the GSS-API -library that affected the contents of accept_sec_context output -tokens. A client specifies version 2 to indicate that it expects the -correct (fixed) behavior. If the server indicates AUTH_BADCRED or -AUTH_FAILED it does not understand this version, so the client should -fall back to version 1. - -\item[3] Version three indicates that channel bindings are in use. -The client must specify channel bindings with the version, and the -server will as well. If the server indicates AUTH_BADCRED or -AUTH_FAILED it does not understand this version, so the client should -fall back to version 2 (and cease specifying channel bindings). - -\item[4] The previous versions all used the old GSS-API krb5 mechanism -oid; this version uses the new one specified in the RFC. -\end{description} - -\item[token] The token field contains the token generated by -gss_init_sec_context. -\end{description} - -\begin{verbatim} -typedef struct _auth_gssapi_init_res { - u_long version; - gss_buffer_desc client_handle; - gss_buffer_desc token; - OM_uint32 gss_major, gss_minor; - gss_buffer_desc signed_isn; -} auth_gssapi_init_res; -\end{verbatim} - -\begin{description} -\item[version] There are two versions currently defined. -\begin{description} -\item[1] The original version, as described in this document. This is -the response version for {\it both} versions 1 and 2. The Secure 1.1 -server will always return this version. - -\item[3] Version three indicates that the server specified channel -bindings in response to a call arg version number of three. The -server must not specify this version unless the client does. -\end{description} - -\item[client_handle] The client_handle field contains the client -handle that the client must use in the credentials field in all -subsequent RPC calls. In response to AUTH_GSSAPI_CONTINUE_INIT, it is -the same client handle that arrived in the credentials. - -\item[gss_major, gss_minor] The GSS-API error codes that resulted from -processing the auth_gssapi_init_arg. If gss_major is GSS_S_COMPLETE, -the argument token was processed successfully. Otherwise, gss_major -and gss_minor contain the relevant major and minor status codes, and -the context currently being negotiated is no longer valid. - -\item[token] In any response that the client is expecting another -token (i.e.: gss_init_sec_context last returned GSS_S_CONTINUE), the -token field contains the output token from gss_accept_sec_context. If -the client is not expecting a token and this field is not empty, an -error has occurred. - -\item[signed_isn] If the client is not expecting another token (i.e.: -the previous call to gss_init_sec_context yielded a token and returned -GSS_S_COMPLETE) or the supplied token completes the context, the -signed_isn field contains the signed initial sequence number. The -server expects the first RPC call to have a sequence number one -greater than the initial sequence number (so that the signed_isn block -cannot be replayed). If the client is expecting another token and the -signed_isn field is not empty, an error has occurred. -\end{description} - -\subsubsection{AUTH_GSSAPI_DESTROY} - -Context tear-down is performed via AUTH_GSSAPI_DESTROY. This -procedure takes no arguments and returns no results; it merely informs -the server that the client wishes to destroy the established context. - -When a client wishes to tear down an established context between -itself and a server, auth_gssapi_destroy first calls the -AUTH_GSSAPI_DESTROY procedure. The server authenticates the message -and immediately sends a ``success'' response with no results. The -client and server then both independently call gss_delete_sec_context -and discard the context-destruction token that is generated. - -No RPC error checking is performed by either the client or the server. -The client waits a brief time for a success response from the server, -but if none arrives it destroys the context anyway since presumably -the user is waiting for the application to exit. The server similar -ignores any RPC errors since it knows that the client will ignore any -errors that are reported. - -\subsection{RPC Call Authentication Implementation} - -Once the context has been established, all subsequent RPC calls are -authenticated via the verifier described in section -\ref{sec:algorithms}. - -auth_gssapi_marshall, invoked via AUTH_MARSHALL while the RPC call is -being created on the client side, serializes the client_handle -obtained during context initiation {\it in plaintext} as the -credentials and serializes the current sequence number, sealed with -gss_seal, as the verifier. - -auth_gssapi_wrap, invoked next via AUTH_WRAP, serializes a sealed -token containing both the sequence number of the current call and the -serialized arguments. - -_svcauth_gssapi, invoked on the server side by _authenticate, uses the -client_handle contained in the credentials to look up the correct -context and verifies the sequence number provided in the verifier; if -the sequence number is not correct, it declares a potential replay -attack.\footnote{Retransmitted packets will appear as replay attacks, -of course.} The response verifier is set to the serialized sealed -incremented sequence number. - -svc_auth_gssapi_unwrap, invoked when either the application server or -_svcauth_gssapi (in response to an AUTH_GSSAPI authentication flavor -message) attempts to read its arguments, deserialzes and unseals the -block containing the current sequence number and serialized arguments. -If the sequence number is incorrect, it declares a splicing attack; -otherwise, it unserializes the arguments into the original structure. - -svc_auth_gssapi_wrap, invoked when either the application server or -_svcauth_gssapi attempts to write its response, performs the same -operation as auth_gssapi_wrap. - -auth_gssapi_validate, invoked by the client-side RPC mechanism when -an RPC_SUCCESS response is received, verifies that the returned sequence -number is one greater than the previous value sent by -auth_gssapi_marshall. - -Finally, auth_gssapi_unwrap, invoked by the client-side RPC mechanism -after auth_gssapi_validate succeeds, performs the same operation as -svc_auth_gssapi_unwrap. - -If an RPC request generates an error message (a status of other than -RPC_SUCCESS), auth_gssapi_refresh is called. If the error status is -AUTH_REJECTEDVERF, then the server rejected the sequence number as -invalid or replayed. The client guesses that, on some previous call, -the server received a message but the server's response did not make -it back to the client; this could happen if the packet got lost or if -the server was being debugged and the client timed out waiting for it. -As a result, the server is expected a higher sequence number than the -client sent. auth_gssapi_refresh increments the sequence number and -returns true so that the call will be tried again. The transport -mechanism will only call auth_gssapi_refresh twice for each RPC -request, so if some other error occurred an infinite loop will not -result; however, it is unlikely the the client and server will be able -to resynchronize after such an event. - -\subsection{Client State Information} - -The client-side GSS-API authentication flavor maintains an -auth_gssapi_data structure for each authentication instance: - -\begin{verbatim} -struct auth_gssapi_data { - bool_t established; - CLIENT *clnt; - gss_ctx_id_t context; - gss_buffer_desc client_handle; - u_long seq_num; - int def_cred; - - /* pre-serialized ah_cred */ - u_char cred_buf[MAX_AUTH_BYTES]; - u_long cred_len; -}; -\end{verbatim} - -The established field indicates whether the authentication context -between the client and server has been established. It is set to true -when gss_init_sec_context returns GSS_S_COM\-PLETE. When this field is -false, the auth_gssapi functions marshall, validate, wrap, and unwrap -mimic the ``no authentication'' flavor since there is no context with -which to perform authentication functions.\footnote{This field is -necessary because, when auth_gssapi_create calls clnt_call to make an -RPC call, it has to have set the client's authentication flavor to -AUTH_GSSAPI; otherwise, the service-side RPC mechanism will not know -to dispatch the call to _svcauth_gssapi. However, with the client's -authentication flavor set, all of the authentication flavor's -functions will be automatically invoked, even though they are not -ready to operate.} - -The clnt field contains the RPC client structure that can be used to -communicate with the GSS-API authentication flavor on the server. - -The context field contains the context structure created by -gss_init_sec_context. - -The client_handle field contains the client handle used on all RPC -calls except the first one; the handle is obtained as the result of -the first call. - -The sequence_number field contains the sequence number that will be -used when transmitting RPC calls to the server and verifying the -server's responses after the context is initialized. - -The def_cred field is true if gss_init_sec_context created a default -credential, in which case the authentication mechanism is responsible -for releasing the default credential that gets automatically -allocated. - -The cred_buf and cred_len fields contain the pre-serialized -credentials structure used in each call. This provides a small -performance enhancement since the credentials structure does not -change very often; the same pre-serialized version can be used on -virtually every call. - -\subsection{Server State Information} -\label{sec:server-state} - -The server-side GSS-API authentication flavor maintains an -svcauth_gssapi_data structure for each established or partially -established context: - -\begin{verbatim} -typedef struct _svc_auth_gssapi_data { - bool_t established; - gss_ctx_id_t context; - gss_name_t client_name, server_name; - gss_cred_id_t server_creds; - - u_long expiration; - u_long seq_num; - u_long key; - - SVCAUTH svcauth; -} svc_auth_gssapi_data; -\end{verbatim} - -The established field indicates whether the context is fully -established. - -The context field contains the context created by -gss_accept_sec_context. - -The client_name field contains the client's authenticated name, as -returned by gss_accept_sec_context. _svcauth_gssapi sets the ``cooked -credentials'' field of the RPC call structure to this value after the -call is authenticated; the application server can use it to perform -authorization. - -The server_name field contains the service name that the client -established a context with. This is useful if the application server -registered more than one service name with the library; it allows the -server to determine which service the client chose. - -The server_creds field contains the service credentials that the -client established a context with. It is used to avoid having to scan -through the server_creds_list multiple times in the case that context -establishment requires more than one round-trip to the server. - -The expiration field contains the expiration time of the context, as a -Unix timestamp. If a context has no expiration (time_rec is -GSS_C_INDEFINITE), the expiration time is set to 24 hours in the -future. When the structure is created, before the context is -established, the expiration time is initialized to small duration -(currently 5 minutes) so that partially created and abandoned contexts -will be expired quickly. - -The seq_num field is the current sequence number for the client. - -The key field is the client's key into the hash table (see below). -The client_handle field sent to the client is the key treated as an -arbitrary four-byte string. - -The svcauth field is a kludge that allows the svc_auth_gssapi -functions to access the per-client data structure while processing a -call. One SVCAUTH structure is allocated for each client structure, -and the svc_ah_private field is set to the corresponding client. The -client's svcauth field is then set to the new SVCAUTH structure, so -that client_data->svcauth->svc_ah_private == client_data. As each -request is processed, the transport mechanism's xp_auth field is set -to the client's svcauth field; thus, the server-side functions that -dispatch to server-side authentication flavors can access an -appropriate SVCAUTH structure, and the server-side authentication -function that is called can determine the appropriate per-client -structure from the SVCAUTH structure. - -The per-client structures are all stored both in a BSD 4.4 db library -hash table and b-tree. The hash table maps client handles (key -fields) the client structures, and is used to look up client -structures based on the client_handle field of a call's credentials -structure. The b-tree stores the client structures as keys, sorted by -their expiration time. Each time _svcauth_gssapi is activated, it -traverses the tree and destroys all client structures that have -expired. - -\end{document} diff --git a/krb5-1.21.3/doc/thread-safe.txt b/krb5-1.21.3/doc/thread-safe.txt deleted file mode 100644 index d6c8c6ea..00000000 --- a/krb5-1.21.3/doc/thread-safe.txt +++ /dev/null @@ -1,241 +0,0 @@ -[May be out of date. Last significant update: Jan 2005.] - -In general, it's assumed that the library initialization function (if -initialization isn't delayed) and the library finalization function -are run in some thread-safe fashion, with no other parts of the -library in question in use. (If dlopen or dlsym in one thread starts -running the initializer, and then dlopen/dlsym in another thread -returns and lets you start accessing functions or data in the library -before the initializer is finished, that really seems like a -dlopen/dlsym bug.) - -It's also assumed that if library A depends on library B, then library -B's initializer runs first, and its finalizer last, whether loading -dynamically at run time or at process startup/exit. (It appears that -AIX 4.3.3 may violate this, at least when we use gcc's -constructor/destructor attributes in shared libraries.) - -Support for freeing the heap storage allocated by a library has NOT, -in general, been written. There are hooks, but often they ignore some -of the library's local storage, mutexes, etc. - -If shared library finalization code doesn't get run at all at dlclose -time, or if we can't use it because the execution order is wrong, then -you'll get memory leaks. Deal with it. - -Several debugging variables that are not part of our official API are -not protected by mutexes. In general, the only way to set them is by -changing the sources and recompiling, which obviously has no run-time -thread safety issues, or by stopping the process under a debugger, -which we blithely assert is "safe enough". - -Debug code that we don't normally enable may be less thread safe than -might be desired. For example, multiple printf calls may be made, -with the assumption that the output will not be intermixed with output -from some other thread. Offhand, I'm not aware of any cases where -debugging code is "really" unsafe, as in likely to crash the program -or produce insecure results. - -Various libraries may call assert() and abort(). This should only be -for "can't happen" cases, and indicate programming errors. In some -cases, the compiler may be able to infer that the "can't happen" cases -really can't happen, and drop the calls, but in many cases, this is -not possible. - -There are cases (e.g., in the com_err library) where errors arising -when dealing with other errors are handled by calling abort, for lack -of anything better. We should probably clean those up someday. - -Various libraries call getenv(). This is perfectly safe, as long as -nothing is calling setenv or putenv or what have you, while multiple -threads are executing. Of course, that severely curtails the ability -to control our libraries through that "interface". - -Various libraries call the ctype functions/macros (isupper, etc). It -is assumed that the program does not call setlocale, or does so only -while the program is still single-threaded or while calls into the -Kerberos libraries are not in progress. - -The Windows thread safety support is unfinished. - -I'm assuming that structure fields that are never written to (e.g., -after a structure has been initialized and *then* made possibly -visible to multiple threads) are safe to read from one thread while -another field is being updated by another thread. If that's not the -case, some more work is needed (and I'd like details on why it's not -safe). - ----------------- - -libcom_err - -Issues: - -The callback hook support (set_com_err_hook, reset_com_err_hook, and -calls to com_err and com_err_va) uses a mutex to protect the handle on -the hook function. As a side effect of this, if a callback function -is registered which pops up a window and waits for the users' -acknowledgement, then other errors cannot be reported by other threads -until after the acknowledgement. This could be fixed with -multiple-reader-one-writer type locks, but that's a bit more -complicated. - -The string returned by error_message may be per-thread storage. It -can be passed off between threads, but it shouldn't be in use by any -thread by the time the originating thread calls error_message again. - -Error tables must no longer be in use (including pointers returned by -error_message) when the library containing them is unloaded. - -Temporary: A flag variable has been created in error_message.c which -is used to try to catch cases where remove_error_table is called after -the library finalization function. This generally indicates -out-of-order execution of the library finalization functions. The -handling of this flag is not thread-safe, but if the finalization -function is called, other threads should in theory be finished with -this library anyways. - -Statics: error_message.c, com_err.c, covered above. - ----------------- - -libprofile (and its use in libkrb5) - -Does no checks to see if it's opened multiple instances of the same -file under different names. Does not guard against trying to open a -file while another thread or process is in the process of replacing -it, or two threads trying to update a file at the same time. The -former should be pretty safe on UNIX with atomic rename, but on -Windows there's a race condition; there's a window (so to speak) where -the filename does not correspond to an actual file. - -Statics: prof_file.c, a list of opened config files and their parse -trees, and a mutex to protect it. - ----------------- - -libk5crypto - -Uses ctype macros; what happens if the locale is changed in a -multi-threaded program? - -Debug var in pbkdf2.c. - -Statics: pbkdf2.c: debug variable. - -Statics: crypto_libinit.c: library initializer aux data. - ----------------- - -libkrb5 - -(TBD) - -Uses: ctype macros - -Uses: getaddrinfo, getnameinfo. According to current specifications, -getaddrinfo should be thread-safe; some implementations are not, and -we're not attempting to figure out which ones. NetBSD 1.6, for -example, had an unsafe implementation. - -Uses: res_ninit, res_nsearch. If these aren't available, the non-'n' -versions will be used, and they are sometimes not thread-safe. - -Uses: mkstemp, mktemp -- Are these, or our uses of them, likely to be -thread-safe? - -Uses: sigaction - -The use of sigaction is in the code prompting for a password; we try -to catch the keyboard interrupt character being used and turn it into -an error return from that function. THIS IS NOT THREAD-SAFE. - -Uses: tcgetattr, tcsetattr. This is also in the password-prompting -code. These are fine as long as no other threads are accessing the -same terminal at the same time. - -Uses: fopen. This is thread-safe, actually, but a multi-threaded -server is likely to be using lots of file descriptors. On 32-bit -Solaris platforms, fopen will not work if the next available file -descriptor number is 256 or higher. This can cause the keytab code to -fail. - -Statics: prompter.c: interrupt flag - -Statics: ccdefops.c: default operations table pointer - -Statics: ktdefname.c: variable to override default keytab name, NO -LOCKING. DON'T TOUCH THESE VARIABLES, at least in threaded programs. - -Statics: conv_creds.c: debug variable - -Statics: sendto_kdc.c: debug variable, in export list for KDC - -Statics: parse.c: default realm cache, changed to not cache - -Statics: krb5_libinit.c: lib init aux data - -Statics: osconfig.c: various internal variables, probably should be const - -Statics: init_ctx.c: "brand" string; not written. - -Statics: cc_memory.c: list of caches, with mutex. - -Statics: c_ustime.c: last timestamp, to implement "microseconds must -always increment" - -Statics: ktbase.c, ccbase.c, rc_base.c: type registries and mutexes. - ----------------- - -libgssapi_krb5 - -(TBD) - -Uses: ctype macros - -Statics: acquire_cred.c: name of keytab to use, and mutex. - -Statics: gssapi_krb5.c: - -Statics: init_sec_context.c: - -Statics: set_ccache.c: - -Statics: gssapi_generic.c: OID definitions, non-const by -specification. We probably could make them const anyways. - -The keytab name saved away by krb5_gss_register_acceptor_identity is -global and protected by a mutex; the ccache name stored by -gss_krb5_ccache_name is per-thread. This inconsistency is due to the -anticipated usage patterns. - -The old ccache name returned by gss_krb5_ccache_name if the last -parameter is not a null pointer is also stored per-thread, and will be -discarded at the next call to that routine from the same thread, or at -thread termination. - -Needs work: check various objects for thread safety - ----------------- - -libgssrpc - -New version is in place. Ignore it for now? - ----------------- - -libkadm5* -libkdb5 - -Skip these for now. We may want the KDC libraries to be thread-safe -eventually, so the KDC can take better advantage of hyperthreaded or -multiprocessor systems. - ----------------- - -libapputils -libss - -Used by single-threaded programs only (but see above re KDC). Don't -bother for now. diff --git a/krb5-1.21.3/doc/threads.txt b/krb5-1.21.3/doc/threads.txt deleted file mode 100644 index 956fb9ed..00000000 --- a/krb5-1.21.3/doc/threads.txt +++ /dev/null @@ -1,101 +0,0 @@ -Thread safety in the MIT Kerberos libraries - -The return value from krb5_cc_default_name is a handle on internal -storage from the krb5_context. It is valid only until -krb5_cc_set_default_name or krb5_free_context is called. If -krb5_cc_set_default_name may be called, the calling code must ensure -that the storage returned by krb5_cc_default_name is no longer in use -by that time. - -Any use of krb5_context must be confined to one thread at a time by -the application code. - -Uses of credentials caches, replay caches, and keytabs may happen in -multiple threads simultaneously as long as none of them destroys the -object while other threads may still be using it. (Any internal data -modification in those objects will be protected by mutexes or other -means, within the krb5 library.) - -The simple, exposed data structures in krb5.h like krb5_principal are -not protected; they should not be used in one thread while another -thread might be modifying them. (TO DO: Build a list of which calls -keep references to supplied data or return references to -otherwise-referenced data, as opposed to everything making copies.) - - - -[ This part is a little outdated already. ] - - // Between these two, we should be able to do pure compile-time - // and pure run-time initialization. - // POSIX: partial initializer is PTHREAD_MUTEX_INITIALIZER, - // finish does nothing - // Windows: partial initializer is zero/empty, - // finish does the actual work and runs at load time - // debug: partial initializer sets one magic value, - // finish verifies, sets a new magic value - k5_mutex_t foo_mutex = K5_MUTEX_PARTIAL_INITIALIZER; - int k5_mutex_finish_init(k5_mutex_t *); - // for dynamic allocation - int k5_mutex_init(k5_mutex_t *); - // Must work for both kinds of allocation, even if it means adding - // a flag. - int k5_mutex_destroy(k5_mutex_t *); - // - // Per library, one function to finish the static mutex - // initialization. - // - // A second function called at various possible "first" entry - // points which either calls pthread_once on the first function - // (POSIX), or checks some flag set by the first function (Windows, - // debug support), and possibly returns an error. - // - // A third function for library termination calls mutex_destroy on - // each mutex for the library. - // - // - int k5_mutex_lock(k5_mutex_t *); - int k5_mutex_unlock(k5_mutex_t *); - // Optional (always defined, but need not do anything): - void k5_mutex_assert_locked(k5_mutex_t *); - void k5_mutex_assert_unlocked(k5_mutex_t *); - - - k5_key_t key; - int k5_key_create(k5_key_t *, void (*destructor)(void *)); - void *k5_getspecific(k5_key_t); - int k5_setspecific(k5_key_t, const void *); - ... stuff to signal library termination ... - -This is **NOT** an exported interface, and is subject to change. - -On many platforms with weak reference support, we can declare certain -symbols to be weak, and test the addresses before calling them. The -references generally will be non-null if the application pulls in the -pthread support. Sometimes stubs are present in the C library for -some of these routines, and sometimes they're not functional; if so, -we need to figure out which ones, and check for the presence of some -*other* routines. - -AIX 4.3.3 doesn't support weak references. However, it looks like -calling dlsym(NULL) causes the pthread library to get loaded, so we're -going to just go ahead and link against it anyways. - -On Tru64 we also link against the thread library always. - - -For now, the basic model is: - - If weak references are supported, use them. - Else, assume support is present; if that means explicitly pulling in - the thread library, so be it. - - - -The locking described above may not be sufficient, at least for good -performance. At some point we may want to switch to read/write locks, -so multiple threads can grovel over a data structure at once as long -as they don't change it. - - -See also notes in src/include/k5-thread.h. diff --git a/krb5-1.21.3/doc/tools/README b/krb5-1.21.3/doc/tools/README deleted file mode 100644 index 4bed11b0..00000000 --- a/krb5-1.21.3/doc/tools/README +++ /dev/null @@ -1,62 +0,0 @@ -How to deploy the Doxygen output in Sphinx project. -==================================================== - -The text below is meant to give the instructions on how to incorporate MIT Kerberos API reference documentation into Sphinx document hierarchy. The Sphinx API documentation can be constructed with (Part B) or without (Part A) the bridge to the original Doxygen HTML output. - -Pre-requisites: -- python 2.5+ with Cheetah, lxml and xml extension modules installed; -- For part B only: - - Sphinx "doxylink" extension; - - Doxygen HTML output - - -Part A: Transforming Doxygen XML output into reStructuredText (rst) without the bridge to Doxygen HTML output. - -1. Delete lines containing text "Doxygen reference" from the template files func_document.tmpl and type_document.tmpl; - -2. In the Doxygen configuration file set GENERATE_XML to YES. Generate Doxygen XML output; - -3. Suppose the Doxygen XML output is located in doxy_xml_dir and the desired output directory is rst_dir. - Run: - python doxy.py -i doxy_xml_dir -o rst_dir -t func - This will result in the storing of the API function documentation files in rst format in the rst_dir. The file names are constructed based on the function name. For example, the file for krb5_build_principal() will be krb5_build_principal.rst - - Run: - python doxy.py -i doxy_xml_dir -o rst_dir -t typedef - It is similar to the API function conversion, but for data types. The result will be stored under rst_dir/types directory - - Alternatively, running - python doxy.py -i doxy_xml_dir -o rst_dir - or - python doxy.py -i doxy_xml_dir -o rst_dir -t all - converts Doxygen XML output into reStructuredText format files both for API functions and data types; - -4. In appdev/index.rst add the following section to point to the API references: - - .. toctree:: - :maxdepth: 1 - - refs/index.rst - -5. Copy the content of rst_dir into appdev/refs/api/ directory and rst_dir/types into appdev/refs/types directory; - -6. Rebuild Sphinx source: - sphinx-build source_dir build_dir - - - - -Part B: Bridge to Doxygen HTML output. - -1. Transform Doxygen XML output into reStructuredText. - In src/Doxygen configuration file request generation of the tag file and XML output: - GENERATE_TAGFILE = krb5doxy.tag - GENERATE_XML = YES - -2. Modify Sphinx conf.py file to point to the "doxylink" extension and Doxygen tag file: - extensions = ['sphinx.ext.autodoc', 'sphinxcontrib.doxylink'] - doxylink = { ' krb5doxy' : ('/tmp/krb5doxy.tag, ' doxy_html_dir ') } - - where doxy_html_dir is the location of the Doxygen HTML output - -3. Continue with steps 3 - 6 of Part A. diff --git a/krb5-1.21.3/doc/tools/define_document.tmpl b/krb5-1.21.3/doc/tools/define_document.tmpl deleted file mode 100644 index 8e74dc30..00000000 --- a/krb5-1.21.3/doc/tools/define_document.tmpl +++ /dev/null @@ -1,27 +0,0 @@ -.. highlight:: c - -.. $composite.macro_reference($composite.name): - -#set $title = $composite.name -$title -#echo ''.join(['=']*len($title)) # - -.. -.. data:: $composite.name -.. - -#if $composite.short_description is not None and len($composite.short_description) -$composite.short_description -#end if - -$composite.long_description - -#if $composite.name_signature is not None and len($composite.name_signature) -#echo ''.join(['=']*(len($composite.name_signature)+4)) + '== ======================' # -``$composite.name_signature`` ``$composite.initializer`` -#echo ''.join(['=']*(len($composite.name_signature)+4)) + '== ======================' # -#else -#echo ''.join(['=']*(len($composite.name)+4)) + '=== ======================' # -``$composite.name`` ``$composite.initializer`` -#echo ''.join(['=']*(len($composite.name)+4)) + '=== ======================' # -#end if diff --git a/krb5-1.21.3/doc/tools/docmodel.py b/krb5-1.21.3/doc/tools/docmodel.py deleted file mode 100644 index e5d4d11b..00000000 --- a/krb5-1.21.3/doc/tools/docmodel.py +++ /dev/null @@ -1,251 +0,0 @@ -''' - Copyright 2011 by the Massachusetts - Institute of Technology. All Rights Reserved. - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of M.I.T. not be used in advertising or publicity pertaining - to distribution of the software without specific, written prior - permission. Furthermore if you modify this software you must label - your software as modified software and not distribute it in such a - fashion that it might be confused with the original M.I.T. software. - M.I.T. makes no representations about the suitability of - this software for any purpose. It is provided "as is" without express - or implied warranty. -''' -import re - -from Cheetah.Template import Template - -class Attribute(object): - def __init__(self, **argkw): - self.definition = argkw.get('definition') - self.name = argkw.get('name') - self.type = argkw.get('type') - self.typeId = argkw.get('typeId') - self.short_description = argkw.get('short_description') - self.long_description = argkw.get('long_description') - self.version = argkw.get('version') - - def __repr__(self): - result = list() - for (attr,value) in self.__dict__.iteritems(): - result.append('%s=%s' % (attr,value)) - return 'Attribute: %s' % ','.join(result) - - -class CompositeType(): - def __init__(self, **argkw): - self.category = 'composite' - self.definition = argkw.get('definition') - self.name = argkw.get('name') - self.name_signature = argkw.get('name_signature') - self.Id = argkw.get('Id') - self.initializer = argkw.get('initializer') - self.active = argkw.get('active', False) - self.version = argkw.get('version') - self.return_type = argkw.get('return_type') - self.short_description = argkw.get('short_description') - self.long_description = argkw.get('long_description') - self.friends = argkw.get('friends') - self.type = argkw.get('type') - self.attributes = self._setAttributes(argkw.get('attributes')) - - def __repr__(self): - result = list() - for (attr,value) in self.__dict__.iteritems(): - if attr == 'attributes': - if value is not None: - attributes = ['%s' % a for a in value] - value = '\n %s' % '\n '.join(attributes) - - result.append('%s: %s' % (attr,value)) - result = '\n'.join(result) - - return result - - def _setAttributes(self, attributes): - result = None - if attributes is not None: - result = list() - for a in attributes: - result.append(Attribute(**a)) - - return result - - def struct_reference(self, name): - result = re.sub(r'_', '-', name) - result = '_%s-struct' % result - - return result - - def macro_reference(self, name): - result = re.sub(r'_', '-', name) - result = '_%s-data' % result - - return result - -class Parameter(object): - def __init__(self, **argkw): - self.seqno = argkw.get('seqno') - self.name = argkw.get('name') - self.direction = argkw.get('direction') - self.type = argkw.get('type') - self.typeId = argkw.get('typeId') - self.description = argkw.get('description') - self.version = argkw.get('version') - - def __repr__(self): - content = (self.name,self.direction,self.seqno,self.type,self.typeId,self.description) - return 'Parameter: name=%s,direction=%s,seqno=%s,type=%s,typeId=%s,descr=%s' % content - -class Function(object): - def __init__(self, **argkw): - self.category = 'function' - self.name = argkw.get('name') - self.Id = argkw.get('Id') - self.active = argkw.get('active', False) - self.version = argkw.get('version') - self.parameters = self._setParameters(argkw.get('parameters')) - self.return_type = argkw.get('return_type') - self.return_description = argkw.get('return_description') - self.retval_description = argkw.get('retval_description') - self.warn_description = argkw.get('warn_description') - self.sa_description = argkw.get('sa_description') - self.notes_description = argkw.get('notes_description') - self.version_num = argkw.get('version_num') - self.short_description = argkw.get('short_description') - self.long_description = argkw.get('long_description') - self.deprecated_description = argkw.get('deprecated_description') - self.friends = argkw.get('friends') - - def _setParameters(self, parameters): - result = None - if parameters is not None: - result = list() - for p in parameters: - result.append(Parameter(**p)) - - return result - - def getObjectRow(self): - result = [str(self.Id), - self.name, - self.category] - - return ','.join(result) - - def getObjectDescriptionRow(self): - result = [self.Id, - self.active, - self.version, - self.short_description, - self.long_description] - - return ','.join(result) - - def getParameterRows(self): - result = list() - for p in self.parameters: - p_row = [self.Id, - p.name, - p.seqno, - p.type, - p.typeId, - p.description, - p.version] - result.append(','.join(p_row)) - - return '\n'.join(result) - - def __repr__(self): - lines = list() - lines.append('Category: %s' % self.category) - lines.append('Function name: %s' % self.name) - lines.append('Function Id: %s' % self.Id) - parameters = [' %s' % p for p in self.parameters] - lines.append('Parameters:\n%s' % '\n'.join(parameters)) - lines.append('Function return type: %s' % self.return_type) - lines.append('Function return type description:\n%s' % self.return_description) - lines.append('Function retval description:\n%s' % self.retval_description) - lines.append('Function short description:\n%s' % self.short_description) - lines.append('Function long description:\n%s' % self.long_description) - lines.append('Warning description:\n%s' % self.warn_description) - lines.append('See also description:\n%s' % self.sa_description) - lines.append('NOTE description:\n%s' % self.notes_description) - lines.append('Version introduced:\n%s' % self.version_num) - lines.append('Deprecated description:\n%s' % self.deprecated_description) - result = '\n'.join(lines) - - return result - - -class DocModel(object): - def __init__(self, **argkw): - if len(argkw): - self.name = argkw['name'] - if argkw['category'] == 'function': - self.category = 'function' - self.function = Function(**argkw) - elif argkw['category'] == 'composite': - self.category = 'composite' - self.composite = CompositeType(**argkw) - - def __repr__(self): - obj = getattr(self,self.category) - return str(obj) - - def signature(self): - param_list = list() - for p in self.function.parameters: - if p.type is "... " : - param_list.append('%s %s' % (p.type,' ')) - else: - param_list.append('%s %s' % (p.type, p.name)) - param_list = ', '.join(param_list) - result = '%s %s(%s)' % (self.function.return_type, - self.function.name, param_list) - - return result - - def save(self, path, template_path): - f = open(template_path, 'r') - t = Template(f.read(),self) - out = open(path, 'w') - out.write(str(t)) - out.close() - f.close() - - -class DocModelTest(DocModel): - def __init__(self): - doc_path = '../docutil/example.yml' - argkw = yaml.load(open(doc_path,'r')) - super(DocModelTest,self).__init__(**argkw) - - def run_tests(self): - self.test_save() - - def test_print(self): - print('testing') - print(self) - - - def test_save(self): - template_path = '../docutil/function2edit.html' - - path = '/var/tsitkova/Sources/v10/trunk/documentation/test_doc.html' - - self.save(path, template_path) - -if __name__ == '__main__': - tester = DocModelTest() - tester.run_tests() diff --git a/krb5-1.21.3/doc/tools/doxy.py b/krb5-1.21.3/doc/tools/doxy.py deleted file mode 100644 index c82f88eb..00000000 --- a/krb5-1.21.3/doc/tools/doxy.py +++ /dev/null @@ -1,64 +0,0 @@ -''' - Copyright 2011 by the Massachusetts - Institute of Technology. All Rights Reserved. - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of M.I.T. not be used in advertising or publicity pertaining - to distribution of the software without specific, written prior - permission. Furthermore if you modify this software you must label - your software as modified software and not distribute it in such a - fashion that it might be confused with the original M.I.T. software. - M.I.T. makes no representations about the suitability of - this software for any purpose. It is provided "as is" without express - or implied warranty. -''' -import sys -import os -import re -from optparse import OptionParser - - -from doxybuilder_types import * -from doxybuilder_funcs import * - - -def processOptions(): - usage = "\n\t\t%prog -t type -i in_dir -o out_dir" - description = "Description:\n\tProcess doxygen output for c-types and/or functions" - parser = OptionParser(usage=usage, description=description) - - parser.add_option("-t", "--type", type="string", dest="action_type", help="process typedef and/or function. Possible choices: typedef, func, all. Default: all.", default="all") - parser.add_option("-i", "--in", type="string", dest="in_dir", help="input directory") - parser.add_option("-o", "--out", type="string", dest= "out_dir", help="output directory. Note: The subdirectory ./types will be created for typedef") - - (options, args) = parser.parse_args() - action = options.action_type - in_dir = options.in_dir - out_dir = options.out_dir - - - if in_dir is None or out_dir is None: - parser.error("Input and output directories are required") - - if action == "all" or action == "typedef": - builder = DoxyBuilderTypes(in_dir, out_dir) - builder.run_all() - - if action == "all" or action == "func" or action == "function": - builder = DoxyBuilderFuncs(in_dir, out_dir) - builder.run_all() - - -if __name__ == '__main__': - parser = processOptions() - - diff --git a/krb5-1.21.3/doc/tools/doxybuilder_funcs.py b/krb5-1.21.3/doc/tools/doxybuilder_funcs.py deleted file mode 100644 index 9a11977a..00000000 --- a/krb5-1.21.3/doc/tools/doxybuilder_funcs.py +++ /dev/null @@ -1,594 +0,0 @@ -''' - Copyright 2011 by the Massachusetts - Institute of Technology. All Rights Reserved. - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of M.I.T. not be used in advertising or publicity pertaining - to distribution of the software without specific, written prior - permission. Furthermore if you modify this software you must label - your software as modified software and not distribute it in such a - fashion that it might be confused with the original M.I.T. software. - M.I.T. makes no representations about the suitability of - this software for any purpose. It is provided "as is" without express - or implied warranty. -''' -import sys -import re - -from collections import defaultdict -from xml.sax import make_parser -from xml.sax.handler import ContentHandler -from docmodel import * - -exclude_funcs = ['krb5_free_octet_data'] - -class DocNode(object): - """ - Represents the structure of xml node. - """ - def __init__(self, name): - """ - @param node: name - the name of a node. - @param attributes: a dictionary populated with attributes of a node - @param children: a dictionary with lists of children nodes. Nodes - in lists are ordered as they appear in a document. - @param content: a content of xml node represented as a list of - tuples [(type,value)] with type = ['char'|'element']. - If type is 'char' then the value is a character string otherwise - it is a reference to a child node. - """ - self.name = name - self.content = list() - self.attributes = dict() - self.children = defaultdict(list) - - def walk(self, decorators, sub_ws, stack=[]): - result = list() - decorator = decorators.get(self.name, decorators['default']) - stack.append(decorators['default']) - decorators['default'] = decorator - - for (obj_type,obj) in self.content: - if obj_type == 'char': - if obj != '': - result.append(obj) - else: - partial = obj.walk(decorators,1, stack) - if partial is not None: - result.append(' %s ' % partial) - decorators['default'] = stack.pop() - result = decorator(self, ''.join(result)) - if result is not None: - if sub_ws == 1: - result = re.sub(r'[ ]+', r' ', result) - else: - result = result.strip() - - return result - - def getContent(self): - decorators = {'default': lambda node,value: value} - result = self.walk(decorators, 1) - if len(result) == 0: - result = None - - return result - - def __repr__(self): - result = ['Content: %s' % self.content] - - for (key,value) in self.attributes.iteritems(): - result.append('Attr: %s = %s' % (key,value)) - for (key,value) in self.children.iteritems(): - result.append('Child: %s,%i' % (key,len(value))) - - return '\n'.join(result) - -class DoxyContenHandler(ContentHandler): - def __init__(self, builder): - self.builder = builder - self.counters = defaultdict(int) - self._nodes = None - self._current = None - - def startDocument(self): - pass - - def endDocument(self): - import sys - - def startElement(self, name, attrs): - if name == self.builder.toplevel: - self._nodes = [] - - if name == 'memberdef': - kind = attrs.get('kind') - if kind is None: - raise ValueError('Kind is not defined') - self.counters[kind] += 1 - - if self._nodes is None: - return - - node = DocNode(name) - for (key,value) in attrs.items(): - node.attributes[key] = value - if self._current is not None: - self._current.children[name].append(node) - self._nodes.append(self._current) - self._current = node - - def characters(self, content): - - if self._current is not None: - self._current.content.append(('char',content.strip())) - - def endElement(self, name): - if name == self.builder.toplevel: - assert(len(self._nodes) == 0) - self._nodes = None - self.builder.document.append(self._current) - self._current = None - else: - if self._nodes is not None: - node = self._current - self._current = self._nodes.pop() - self._current.content.append(('element',node)) - - -class XML2AST(object): - """ - Translates XML document into Abstract Syntax Tree like representation - The content of document is stored in self.document - """ - def __init__(self, xmlpath, toplevel='doxygen'): - self.document = list() - self.toplevel = toplevel - self.parser = make_parser() - handler = DoxyContenHandler(self) - self.parser.setContentHandler(handler) - filename = 'krb5_8hin.xml' - filepath = '%s/%s' % (xmlpath,filename) - self.parser.parse(open(filepath,'r')) - - -class DoxyFuncs(XML2AST): - def __init__(self, path): - super(DoxyFuncs, self).__init__(path,toplevel='memberdef') - self.objects = list() - - def run(self): - for node in self.document: - self.process(node) - - def process(self, node): - node_type = node.attributes['kind'] - if node_type == 'function': - data = self._process_function_node(node) - else: - return - - if 'name' in data and data['name'] in exclude_funcs: - return - self.objects.append(DocModel(**data)) - - def save(self, templates, target_dir): - for obj in self.objects: - template_path = templates[obj.category] - outpath = '%s/%s.rst' % (target_dir,obj.name) - obj.save(outpath, template_path) - - - def _process_function_node(self, node): - f_name = node.children['name'][0].getContent() - f_Id = node.attributes['id'] - f_ret_type = self._process_type_node(node.children['type'][0]) - f_brief = node.children['briefdescription'][0].getContent() - f_detailed = node.children['detaileddescription'][0] - detailed_description = self._process_description_node(f_detailed) - return_value_description = self._process_return_value_description(f_detailed) - retval_description = self._process_retval_description(f_detailed) - warning_description = self._process_warning_description(f_detailed) - seealso_description = self._process_seealso_description(f_detailed) - notes_description = self._process_notes_description(f_detailed) - f_version = self._process_version_description(f_detailed) - deprecated_description = self._process_deprecated_description(f_detailed) - param_description_map = self.process_parameter_description(f_detailed) - f_definition = node.children['definition'][0].getContent() - f_argsstring = node.children['argsstring'][0].getContent() - - function_descr = {'category': 'function', - 'name': f_name, - 'Id': f_Id, - 'return_type': f_ret_type[1], - 'return_description': return_value_description, - 'retval_description': retval_description, - 'sa_description': seealso_description, - 'warn_description': warning_description, - 'notes_description': notes_description, - 'short_description': f_brief, - 'version_num': f_version, - 'long_description': detailed_description, - 'deprecated_description': deprecated_description, - 'parameters': list()} - - parameters = function_descr['parameters'] - for (i,p) in enumerate(node.children['param']): - type_node = p.children['type'][0] - p_type = self._process_type_node(type_node) - if p_type[1].find('...') > -1 : - p_name = '' - else: - p_name = None - p_name_node = p.children.get('declname') - if p_name_node is not None: - p_name = p_name_node[0].getContent() - (p_direction,p_descr) = param_description_map.get(p_name,(None,None)) - - param_descr = {'seqno': i, - 'name': p_name, - 'direction': p_direction, - 'type': p_type[1], - 'typeId': p_type[0], - 'description': p_descr} - parameters.append(param_descr) - result = Function(**function_descr) - print(result, file=self.tmp) - - return function_descr - - def _process_type_node(self, type_node): - """ - Type node has form - type_string - for build in types and - - - 'type_name' - - postfix (ex. *, **m, etc.) - - for user defined types. - """ - type_ref_node = type_node.children.get('ref') - if type_ref_node is not None: - p_type_id = type_ref_node[0].attributes['refid'] - else: - p_type_id = None - p_type = type_node.getContent() - # remove some macros - p_type = re.sub('KRB5_ATTR_DEPRECATED', '', p_type) - p_type = re.sub('KRB5_CALLCONV_C', '', p_type) - p_type = re.sub('KRB5_CALLCONV_WRONG', '', p_type) - p_type = re.sub('KRB5_CALLCONV', '', p_type) - p_type = p_type.strip() - - return (p_type_id, p_type) - - def _process_description_node(self, node): - """ - Description node is comprised of ... sections - """ - para = node.children.get('para') - result = list() - if para is not None: - decorators = {'default': self.paragraph_content_decorator} - for e in para: - result.append(str(e.walk(decorators, 1))) - result.append('\n') - result = '\n'.join(result) - - return result - - def return_value_description_decorator(self, node, value): - if node.name == 'simplesect': - if node.attributes['kind'] == 'return': - cont = set() - cont = node.getContent() - return value - else: - return None - - def paragraph_content_decorator(self, node, value): - if node.name == 'para': - return value + '\n' - elif node.name == 'simplesect': - if node.attributes['kind'] == 'return': - return None - elif node.name == 'ref': - if value.find('()') >= 0: - # functions - return ':c:func:' + '`' + value + '`' - else: - # macro's - return ':data:' + '`' + value + '`' - elif node.name == 'emphasis': - return '*' + value + '*' - elif node.name == 'itemizedlist': - return '\n' + value - elif node.name == 'listitem': - return '\n\t - ' + value + '\n' - elif node.name == 'computeroutput': - return '**' + value + '**' - else: - return None - - def parameter_name_decorator(self, node, value): - if node.name == 'parametername': - direction = node.attributes.get('direction') - if direction is not None: - value = '%s:%s' % (value,direction) - return value - - elif node.name == 'parameterdescription': - return None - else: - return value - - def parameter_description_decorator(self, node, value): - if node.name == 'parameterdescription': - return value - elif node.name == 'parametername': - return None - else: - return value - - def process_parameter_description(self, node): - """ - Parameter descriptions reside inside detailed description section. - """ - para = node.children.get('para') - result = dict() - if para is not None: - for e in para: - - param_list = e.children.get('parameterlist') - if param_list is None: - continue - param_items = param_list[0].children.get('parameteritem') - if param_items is None: - continue - for it in param_items: - decorators = {'default': self.parameter_name_decorator} - direction = None - name = it.walk(decorators,0).split(':') - if len(name) == 2: - direction = name[1] - - decorators = {'default': self.parameter_description_decorator, - 'para': self.paragraph_content_decorator} - description = it.walk(decorators, 0) - result[name[0]] = (direction,description) - return result - - - def _process_return_value_description(self, node): - result = None - ret = list() - - para = node.children.get('para') - if para is not None: - for p in para: - simplesect_list = p.children.get('simplesect') - if simplesect_list is None: - continue - for it in simplesect_list: - decorators = {'default': self.return_value_description_decorator, - 'para': self.parameter_name_decorator} - result = it.walk(decorators, 1) - if result is not None: - ret.append(result) - return ret - - - def _process_retval_description(self, node): - """ - retval descriptions reside inside detailed description section. - """ - para = node.children.get('para') - - result = None - ret = list() - if para is not None: - - for e in para: - param_list = e.children.get('parameterlist') - if param_list is None: - continue - for p in param_list: - kind = p.attributes['kind'] - if kind == 'retval': - - param_items = p.children.get('parameteritem') - if param_items is None: - continue - - - for it in param_items: - param_descr = it.children.get('parameterdescription') - if param_descr is not None: - val = param_descr[0].children.get('para') - - if val is not None: - val_descr = val[0].getContent() - - else: - val_descr ='' - - decorators = {'default': self.parameter_name_decorator} - - name = it.walk(decorators, 1).split(':') - - val = name[0] - result = " %s %s" % (val, val_descr) - ret.append (result) - return ret - - def return_warning_decorator(self, node, value): - if node.name == 'simplesect': - if node.attributes['kind'] == 'warning': - return value - else: - return None - - def _process_warning_description(self, node): - result = None - para = node.children.get('para') - if para is not None: - for p in para: - simplesect_list = p.children.get('simplesect') - if simplesect_list is None: - continue - for it in simplesect_list: - decorators = {'default': self.return_warning_decorator, - 'para': self.paragraph_content_decorator} - result = it.walk(decorators, 1) - # Assuming that only one Warning per function - if result is not None: - return result - return result - - def return_seealso_decorator(self, node, value): - if node.name == 'simplesect': - if node.attributes['kind'] == 'see': - return value - else: - return None - - def _process_seealso_description(self, node): - result = None - para = node.children.get('para') - if para is not None: - for p in para: - simplesect_list = p.children.get('simplesect') - if simplesect_list is None: - continue - for it in simplesect_list: - decorators = {'default': self.return_seealso_decorator, - 'para': self.paragraph_content_decorator} - result = it.walk(decorators, 1) - return result - - def return_version_decorator(self, node, value): - if node.name == 'simplesect': - if node.attributes['kind'] == 'version': - return value - else: - return None - - def _process_version_description(self, node): - result = None - para = node.children.get('para') - if para is not None: - for p in para: - simplesect_list = p.children.get('simplesect') - if simplesect_list is None: - continue - for it in simplesect_list: - decorators = {'default': self.return_version_decorator, - 'para': self.paragraph_content_decorator} - result = it.walk(decorators, 1) - if result is not None: - return result - return result - - def return_notes_decorator(self, node, value): - if node.name == 'simplesect': - if node.attributes['kind'] == 'note': - # We indent notes with an extra tab. Do it for all paragraphs. - return value.replace("\n ", "\n\n\t "); - else: - return None - - def _process_notes_description(self, node): - result = None - para = node.children.get('para') - if para is not None: - for p in para: - simplesect_list = p.children.get('simplesect') - if simplesect_list is None: - continue - for it in simplesect_list: - decorators = {'default': self.return_notes_decorator, - 'para': self.paragraph_content_decorator} - result = it.walk(decorators, 1) - if result is not None: - return result - return result - - def return_deprecated_decorator(self, node, value): - if node.name == 'xrefsect': - if node.attributes['id'].find('deprecated_') > -1: - xreftitle = node.children.get('xreftitle') - if xreftitle[0] is not None: - xrefdescr = node.children.get('xrefdescription') - deprecated_descr = "DEPRECATED %s" % xrefdescr[0].getContent() - return deprecated_descr - else: - return None - - def _process_deprecated_description(self, node): - result = None - para = node.children.get('para') - if para is not None: - for p in para: - xrefsect_list = p.children.get('xrefsect') - if xrefsect_list is None: - continue - for it in xrefsect_list: - decorators = {'default': self.return_deprecated_decorator, - 'para': self.paragraph_content_decorator} - result = it.walk(decorators, 1) - if result is not None: - return result - return result - - def break_into_lines(self, value, linelen=82): - breaks = range(0,len(value),linelen) + [len(value)] - result = list() - for (start,end) in zip(breaks[:-1],breaks[1:]): - result.append(value[start:end]) - result = '\n'.join(result) - - return result - - def _save(self, table, path = None): - if path is None: - f = sys.stdout - else: - f = open(path, 'w') - for l in table: - f.write('%s\n' % ','.join(l)) - if path is not None: - f.close() - - - -class DoxyBuilderFuncs(DoxyFuncs): - def __init__(self, xmlpath, rstpath): - super(DoxyBuilderFuncs,self).__init__(xmlpath) - self.target_dir = rstpath - outfile = '%s/%s' % (self.target_dir, 'out.txt') - self.tmp = open(outfile, 'w') - - def run_all(self): - self.run() - templates = {'function': 'func_document.tmpl'} - self.save(templates, self.target_dir) - - def test_run(self): - self.run() - -if __name__ == '__main__': - builder = DoxyBuilderFuncs(xmlpath, rstpath) - builder.run_all() - diff --git a/krb5-1.21.3/doc/tools/doxybuilder_types.py b/krb5-1.21.3/doc/tools/doxybuilder_types.py deleted file mode 100644 index 6fa2f02a..00000000 --- a/krb5-1.21.3/doc/tools/doxybuilder_types.py +++ /dev/null @@ -1,382 +0,0 @@ -''' - Copyright 2011 by the Massachusetts - Institute of Technology. All Rights Reserved. - - Export of this software from the United States of America may - require a specific license from the United States Government. - It is the responsibility of any person or organization contemplating - export to obtain such a license before exporting. - - WITHIN THAT CONSTRAINT, permission to use, copy, modify, and - distribute this software and its documentation for any purpose and - without fee is hereby granted, provided that the above copyright - notice appear in all copies and that both that copyright notice and - this permission notice appear in supporting documentation, and that - the name of M.I.T. not be used in advertising or publicity pertaining - to distribution of the software without specific, written prior - permission. Furthermore if you modify this software you must label - your software as modified software and not distribute it in such a - fashion that it might be confused with the original M.I.T. software. - M.I.T. makes no representations about the suitability of - this software for any purpose. It is provided "as is" without express - or implied warranty. -''' - -import sys -import os -import re -import textwrap - -from lxml import etree - -from docmodel import * - -exclude_types = [ 'TRUE', 'FALSE', 'KRB5_ATTR_DEPRECATED', - 'KRB5_CALLCONV', 'KRB5_CALLCONV_C', 'KRB5_CALLCONV_WRONG', - 'KRB5_GENERAL__', 'KRB5_KEYUSAGE_PA_REFERRAL', - 'KRB5_OLD_CRYPTO', - 'KRB5INT_BEGIN_DECLS', 'KRB5INT_END_DECLS', - 'krb5_cc_ops', 'krb5_octet_data' ] - -class DoxyTypes(object): - def __init__(self, xmlpath): - self.xmlpath = xmlpath - - def run_compound(self, filename, include=None): - path = '%s/%s' % (self.xmlpath,filename) - tree = etree.parse(path) - root = tree.getroot() - - brief_node = root.xpath('./compounddef/briefdescription')[0] - brief_description = self._get_brief_description(brief_node) - details_node = root.xpath('./compounddef/detaileddescription')[0] - detailed_description = self._get_detailed_description(details_node) - - fields = list() - for node in root.iterfind(".//memberdef[@kind]"): - data = {} - kind = node.attrib['kind'] - if include is None or kind in include: - if kind == 'variable': - data = self._process_variable_node(node) - else: - pass - fields.append(data) - - result = {'brief_description': brief_description, - 'detailed_description': detailed_description, - 'attributes': fields} - - return result - - - - def run(self, filename, include=None): - """ - Parses xml file generated by doxygen. - - @param filename: doxygen xml file name - @param include: members sections to include, in None -- include all - """ - path = '%s/%s' % (self.xmlpath,filename) - tree = etree.parse(path) - root = tree.getroot() - result = list() - for node in root.iterfind(".//memberdef[@kind]"): - data = {} - kind = node.attrib['kind'] - if include is None or kind in include: - if kind == 'typedef': - data = self._process_typedef_node(node) - elif kind == 'variable': - data = self._process_variable_node(node) - elif kind == 'define': - data = self._process_define_node(node) - if 'name' in data and data['name'] in exclude_types: - continue - result.append(data) - return result - - - def _process_typedef_node(self, node): - t_name = node.xpath('./name/text()')[0] - - t_Id = node.attrib['id'] - t_definition = node.xpath('./definition/text()')[0] - t_type = self._process_type_node(node.xpath("./type")[0]) - brief_node = node.xpath('./briefdescription')[0] - t_brief = self._get_brief_description(brief_node) - details_node = node.xpath('./detaileddescription')[0] - t_detailed = self._get_detailed_description(details_node) - # remove macros - t_definition = re.sub('KRB5_CALLCONV_C', '', t_definition) - t_definition = re.sub('KRB5_CALLCONV', '', t_definition) - t_definition = re.sub(r'\*', '\\*', t_definition) - # handle fp - if t_type[1].find('(') >= 0: - t_type = (t_type[0],None) - - typedef_descr = {'category': 'composite', - 'definition': t_definition, - 'name': t_name, - 'Id': t_Id, - 'initializer': '', - 'type': t_type[1], - 'short_description': t_brief, - 'long_description': t_detailed, - 'attributes': list() - } - if t_type[0] is not None : - filename = '%s.xml' % t_type[0] - path = '%s/%s' % (self.xmlpath,filename) - if not os.path.exists(path): - # nothing can be done - return typedef_descr - - compound_info = self.run_compound(filename) - if compound_info is not None: - brief_description = compound_info.get('brief_description') - if brief_description is not None and len(brief_description): - # override brief description - typedef_descr['short_description'] = brief_description - detailed_description = compound_info.get('detailed_description') - if detailed_description is not None and len(detailed_description): - # check if this is not a duplicate - if detailed_description.find(t_detailed) < 0: - typedef_descr['long_description'] = '%s\n%s' % \ - (detailed_description, - typedef_descr['long_description']) - typedef_descr['attributes'] = compound_info['attributes'] - return typedef_descr - - def _process_variable_node(self, node): - v_name = node.xpath('./name/text()')[0] - v_Id = node.attrib['id'] - v_definition = node.xpath('./definition/text()')[0] - v_type = self._process_type_node(node.xpath("./type")[0]) - brief_node = node.xpath('./briefdescription')[0] - v_brief = self._get_brief_description(brief_node) - details_node = node.xpath('./detaileddescription')[0] - detailed_description = self._get_detailed_description(details_node) - # remove macros - v_definition = re.sub('KRB5_CALLCONV_C', '', v_definition) - v_definition = re.sub('KRB5_CALLCONV', '', v_definition) - v_definition = re.sub(r'\*', '\\*', v_definition) - - variable_descr = {'category': 'variable', - 'definition': v_definition, - 'name': v_name, - 'Id': v_Id, - 'initializer': '', - 'type': v_type[1], - 'short_description': v_brief, - 'long_description': detailed_description, - 'attributes': list() - } - - return variable_descr - - def _process_define_node(self, node): - d_name = node.xpath('./name/text()')[0] - d_initializer = '' - d_type = '' - d_signature = '' - - # Process param/defname node - if len(node.xpath('./param/defname')) > 0: - prm_str = '' - prm_list = list() - for p in node.xpath("./param"): - x = self._process_paragraph_content(p) - if x is not None and len(x): - prm_list.append(x) - if prm_list is not None: - prm_str = prm_str.join(prm_list) - d_signature = " %s (%s) " % (d_name , prm_str) - d_signature = re.sub(r', \)', ')', d_signature).strip() - - if len(node.xpath('./initializer')) > 0: - len_ref = len(node.xpath('./initializer/ref')) - if len(node.xpath('./initializer/ref')) > 0: - d_type = self._process_type_node(node.xpath("./initializer/ref")[0]) - if len(d_type) > 0: - len_text = len(node.xpath('./initializer/text()')) - if len_text == 0 and d_type[1]: - d_initializer = d_type[1] - if len_text > 0 and len(node.xpath('./initializer/text()')[0]) > 0: - d_initializer = node.xpath('./initializer/text()')[0] + d_type[1] - if len_text > 1: - if node.xpath('./initializer/text()')[1] is not None: - d_initializer = d_initializer + node.xpath('./initializer/text()')[1] - else: - d_initializer = node.xpath('./initializer/text()')[0] - d_Id = node.attrib['id'] - brief_node = node.xpath('./briefdescription')[0] - d_brief = self._get_brief_description(brief_node) - details_node = node.xpath('./detaileddescription')[0] - detailed_description = self._get_detailed_description(details_node) - # Condense multiline macros, stripping leading whitespace. - d_initializer = re.sub(" *\\\\\n *", " ", d_initializer) - - define_descr = {'category': 'composite', - 'definition': '', - 'name': d_name, - 'name_signature': d_signature, - 'Id': d_Id, - 'initializer': d_initializer, - 'type': '', - 'short_description': d_brief, - 'long_description': detailed_description, - 'attributes': list() - } - - return define_descr - - - def _get_brief_description(self, node): - result = list() - for p in node.xpath("./para"): - x = self._process_paragraph_content(p) - if x is not None and len(x): - result.append(x) - result = '\n'.join(result) - - return result - - - def _get_detailed_description(self, node): - """ - Description node is comprised of ... sections. - There are few types of these sections: - a) Content section - b) Return value section -- skip - c) Parameter list section -- skip - @param node: detailed description node - """ - result = list() - for p in node.xpath("./para"): - if len(p.xpath("./simplesect[@kind='return']")): - continue - elif len(p.xpath("./parameterlist[@kind='param']")): - continue - else: - x = self._process_paragraph_content(p) - result.append(x) - result = '\n'.join(result) - - return result - - def _process_paragraph_content(self, node): - - def add_text(l, s): - # Add a space if it wouldn't be at the start or end of a line. - if l and not l[-1].endswith('\n') and not s.startswith('\n'): - l.append(' ') - l.append(s) - - result = list() - content = node.xpath(".//text()") - for e in content: - if e.is_tail or node is e.getparent(): - add_text(result, e.strip()) - elif e.getparent().tag == 'ref': - if e.strip().find('(') > 0: - add_text(result, ':c:func:`%s`' % e.strip()) - elif e.isupper(): - add_text(result, ':c:data:`%s`' % e.strip()) - else: - add_text(result, ':c:type:`%s`' % e.strip()) - elif e.getparent().tag == 'emphasis': - add_text(result, '*%s*' % e.strip()) - elif e.getparent().tag == 'computeroutput': - add_text(result, '*%s*' % e.strip()) - elif e.getparent().tag == 'defname': - add_text(result, '%s, ' % e.strip()) - elif e.getparent().tag == 'verbatim': - add_text(result, '\n::\n\n') - add_text(result, textwrap.indent(e, ' ', lambda x: True)) - add_text(result, '\n') - - result = ''.join(result) - - return result - - def _process_type_node(self, node): - """ - Type node has form - type_string - for build in types and - - - 'type_name' - - postfix (ex. *, **m, etc.) - - for user defined types. - """ - p_id = node.xpath("./ref/@refid") - if len(p_id) == 1: - p_id = p_id[0] - elif len(p_id) == 0: - p_id = None - p_type = ' '.join(node.xpath(".//text()")) - - # remove macros - p_type = re.sub('KRB5_CALLCONV_C', ' ', p_type) - p_type = re.sub('KRB5_CALLCONV', ' ', p_type) - - return (p_id,p_type) - - def save(self, obj, templates, target_dir): - template_path = templates[obj.category] - outpath = '%s/%s.rst' % (target_dir,obj.name) - obj.save(outpath, template_path) - - - -class DoxyBuilderTypes(DoxyTypes): - def __init__(self, xmlpath, rstpath): - self.templates = { 'composite': 'type_document.tmpl'} - self.target_dir = rstpath - - super(DoxyBuilderTypes,self).__init__(xmlpath) - - def run_all(self): - self.process_typedef_nodes() - self.process_define_nodes() - - def test_run(self): - filename = 'krb5_8hin.xml' - self.run(filename) - - def process_variable_nodes(self): - filename = 'struct__krb5__octet__data.xml' - result = self.run(filename, include=['variable']) - - def process_typedef_nodes(self): - # run parser for typedefs - filename = 'krb5_8hin.xml' - result = self.run(filename, include=['typedef']) - target_dir = '%s/types' % (self.target_dir) - if not os.path.exists(target_dir): - os.makedirs(target_dir, 0o755) - for t in result: - obj = DocModel(**t) - self.save(obj, self.templates, target_dir) - - def process_define_nodes(self): - # run parser for define's - filename = 'krb5_8hin.xml' - result = self.run(filename, include=['define']) - target_dir = '%s/macros' % (self.target_dir) - if not os.path.exists(target_dir): - os.makedirs(target_dir, 0o755) - for t in result: - obj = DocModel(**t) - tmpl = {'composite': 'define_document.tmpl'} - self.save(obj, tmpl, target_dir) - -if __name__ == '__main__': - - builder = DoxyBuilderTypes( xml_inpath, rst_outpath) - builder.run_all() diff --git a/krb5-1.21.3/doc/tools/func_document.tmpl b/krb5-1.21.3/doc/tools/func_document.tmpl deleted file mode 100644 index 104930b6..00000000 --- a/krb5-1.21.3/doc/tools/func_document.tmpl +++ /dev/null @@ -1,102 +0,0 @@ -#if $function.short_description is not None - #set $title = $function.name + ' - ' + $function.short_description -#else - #set $title = $function.name -#end if -$title -#echo ''.join(['=']*len($title)) # - -.. - -.. c:function:: $signature - -.. - - -:param: - -#for $param in $function.parameters: - #if $param.name == '' - #continue - #end if - #if $param.direction is not None - #set name_description = '**[%s]** **%s**' % ($param.direction, $param.name) - #else - #set name_description = '**%s**' % $param.name - #end if - #if $param.description is not None - #set $description= ' - ' + $param.description - #else - #set $description='' - #end if - $name_description$description - -#end for - -.. - -#if len($function.retval_description) > 0 - -:retval: -#for $retval in $function.retval_description: - - $retval -#end for -#end if - -#if len($function.return_description) > 0 - -:return: -#for $retval in $function.return_description: - - $retval -#end for -#end if - -.. - -#if $function.deprecated_description is not None - -$function.deprecated_description -#end if - - - - -#if $function.long_description is not None - - -$function.long_description - -#end if - - -.. - -#if $function.sa_description is not None -.. seealso:: - $function.sa_description -#end if - - -#if $function.warn_description is not None or $function.notes_description is not None - - -#if $function.warn_description is not None -.. warning:: - - $function.warn_description -#end if - -#if $function.notes_description is not None -.. note:: - - $function.notes_description -#end if - -#end if - -#if $function.version_num is not None -.. note:: - - $function.version_num -#end if - diff --git a/krb5-1.21.3/doc/tools/type_document.tmpl b/krb5-1.21.3/doc/tools/type_document.tmpl deleted file mode 100644 index 11aafb81..00000000 --- a/krb5-1.21.3/doc/tools/type_document.tmpl +++ /dev/null @@ -1,43 +0,0 @@ -.. highlight:: c - -.. $composite.struct_reference($composite.name): - -#set $title = $composite.name -$title -#echo ''.join(['=']*len($title)) # - -.. -.. c:type:: $composite.name -.. - -#if $composite.short_description is not None and len($composite.short_description) -$composite.short_description -#end if - -$composite.long_description - -Declaration ------------- - -$composite.definition - -#if $composite.Id is not None -#if len($composite.attributes) - -Members ---------- - -#end if - -#for $attr in $composite.attributes: -#if $attr.name is not None -.. c:member:: $attr.type $composite.name.$attr.name - - $attr.short_description -#if $attr.long_description is not None - $attr.long_description -#end if - -#end if -#end for -#end if diff --git a/krb5-1.21.3/doc/user/index.rst b/krb5-1.21.3/doc/user/index.rst deleted file mode 100644 index 233c3ef5..00000000 --- a/krb5-1.21.3/doc/user/index.rst +++ /dev/null @@ -1,10 +0,0 @@ -For users -========= - -.. toctree:: - :maxdepth: 2 - - pwd_mgmt.rst - tkt_mgmt.rst - user_config/index.rst - user_commands/index.rst diff --git a/krb5-1.21.3/doc/user/pwd_mgmt.rst b/krb5-1.21.3/doc/user/pwd_mgmt.rst deleted file mode 100644 index ed7d459f..00000000 --- a/krb5-1.21.3/doc/user/pwd_mgmt.rst +++ /dev/null @@ -1,106 +0,0 @@ -Password management -=================== - -Your password is the only way Kerberos has of verifying your identity. -If someone finds out your password, that person can masquerade as -you---send email that comes from you, read, edit, or delete your files, -or log into other hosts as you---and no one will be able to tell the -difference. For this reason, it is important that you choose a good -password, and keep it secret. If you need to give access to your -account to someone else, you can do so through Kerberos (see -:ref:`grant_access`). You should never tell your password to anyone, -including your system administrator, for any reason. You should -change your password frequently, particularly any time you think -someone may have found out what it is. - - -Changing your password ----------------------- - -To change your Kerberos password, use the :ref:`kpasswd(1)` command. -It will ask you for your old password (to prevent someone else from -walking up to your computer when you're not there and changing your -password), and then prompt you for the new one twice. (The reason you -have to type it twice is to make sure you have typed it correctly.) -For example, user ``david`` would do the following:: - - shell% kpasswd - Password for david: <- Type your old password. - Enter new password: <- Type your new password. - Enter it again: <- Type the new password again. - Password changed. - shell% - -If ``david`` typed the incorrect old password, he would get the -following message:: - - shell% kpasswd - Password for david: <- Type the incorrect old password. - kpasswd: Password incorrect while getting initial ticket - shell% - -If you make a mistake and don't type the new password the same way -twice, kpasswd will ask you to try again:: - - shell% kpasswd - Password for david: <- Type the old password. - Enter new password: <- Type the new password. - Enter it again: <- Type a different new password. - kpasswd: Password mismatch while reading password - shell% - -Once you change your password, it takes some time for the change to -propagate through the system. Depending on how your system is set up, -this might be anywhere from a few minutes to an hour or more. If you -need to get new Kerberos tickets shortly after changing your password, -try the new password. If the new password doesn't work, try again -using the old one. - - -.. _grant_access: - -Granting access to your account -------------------------------- - -If you need to give someone access to log into your account, you can -do so through Kerberos, without telling the person your password. -Simply create a file called :ref:`.k5login(5)` in your home directory. -This file should contain the Kerberos principal of each person to whom -you wish to give access. Each principal must be on a separate line. -Here is a sample .k5login file:: - - jennifer@ATHENA.MIT.EDU - david@EXAMPLE.COM - -This file would allow the users ``jennifer`` and ``david`` to use your -user ID, provided that they had Kerberos tickets in their respective -realms. If you will be logging into other hosts across a network, you -will want to include your own Kerberos principal in your .k5login file -on each of these hosts. - -Using a .k5login file is much safer than giving out your password, -because: - -* You can take access away any time simply by removing the principal - from your .k5login file. - -* Although the user has full access to your account on one particular - host (or set of hosts if your .k5login file is shared, e.g., over - NFS), that user does not inherit your network privileges. - -* Kerberos keeps a log of who obtains tickets, so a system - administrator could find out, if necessary, who was capable of using - your user ID at a particular time. - -One common application is to have a .k5login file in root's home -directory, giving root access to that machine to the Kerberos -principals listed. This allows system administrators to allow users -to become root locally, or to log in remotely as root, without their -having to give out the root password, and without anyone having to -type the root password over the network. - - -Password quality verification ------------------------------ - -TODO diff --git a/krb5-1.21.3/doc/user/tkt_mgmt.rst b/krb5-1.21.3/doc/user/tkt_mgmt.rst deleted file mode 100644 index 9ec7f1e7..00000000 --- a/krb5-1.21.3/doc/user/tkt_mgmt.rst +++ /dev/null @@ -1,314 +0,0 @@ -Ticket management -================= - -On many systems, Kerberos is built into the login program, and you get -tickets automatically when you log in. Other programs, such as ssh, -can forward copies of your tickets to a remote host. Most of these -programs also automatically destroy your tickets when they exit. -However, MIT recommends that you explicitly destroy your Kerberos -tickets when you are through with them, just to be sure. One way to -help ensure that this happens is to add the :ref:`kdestroy(1)` command -to your .logout file. Additionally, if you are going to be away from -your machine and are concerned about an intruder using your -permissions, it is safest to either destroy all copies of your -tickets, or use a screensaver that locks the screen. - - -Kerberos ticket properties --------------------------- - -There are various properties that Kerberos tickets can have: - -If a ticket is **forwardable**, then the KDC can issue a new ticket -(with a different network address, if necessary) based on the -forwardable ticket. This allows for authentication forwarding without -requiring a password to be typed in again. For example, if a user -with a forwardable TGT logs into a remote system, the KDC could issue -a new TGT for that user with the network address of the remote system, -allowing authentication on that host to work as though the user were -logged in locally. - -When the KDC creates a new ticket based on a forwardable ticket, it -sets the **forwarded** flag on that new ticket. Any tickets that are -created based on a ticket with the forwarded flag set will also have -their forwarded flags set. - -A **proxiable** ticket is similar to a forwardable ticket in that it -allows a service to take on the identity of the client. Unlike a -forwardable ticket, however, a proxiable ticket is only issued for -specific services. In other words, a ticket-granting ticket cannot be -issued based on a ticket that is proxiable but not forwardable. - -A **proxy** ticket is one that was issued based on a proxiable ticket. - -A **postdated** ticket is issued with the invalid flag set. After the -starting time listed on the ticket, it can be presented to the KDC to -obtain valid tickets. - -Ticket-granting tickets with the **postdateable** flag set can be used -to obtain postdated service tickets. - -**Renewable** tickets can be used to obtain new session keys without -the user entering their password again. A renewable ticket has two -expiration times. The first is the time at which this particular -ticket expires. The second is the latest possible expiration time for -any ticket issued based on this renewable ticket. - -A ticket with the **initial flag** set was issued based on the -authentication protocol, and not on a ticket-granting ticket. -Application servers that wish to ensure that the user's key has been -recently presented for verification could specify that this flag must -be set to accept the ticket. - -An **invalid** ticket must be rejected by application servers. -Postdated tickets are usually issued with this flag set, and must be -validated by the KDC before they can be used. - -A **preauthenticated** ticket is one that was only issued after the -client requesting the ticket had authenticated itself to the KDC. - -The **hardware authentication** flag is set on a ticket which required -the use of hardware for authentication. The hardware is expected to -be possessed only by the client which requested the tickets. - -If a ticket has the **transit policy** checked flag set, then the KDC -that issued this ticket implements the transited-realm check policy -and checked the transited-realms list on the ticket. The -transited-realms list contains a list of all intermediate realms -between the realm of the KDC that issued the first ticket and that of -the one that issued the current ticket. If this flag is not set, then -the application server must check the transited realms itself or else -reject the ticket. - -The **okay as delegate** flag indicates that the server specified in -the ticket is suitable as a delegate as determined by the policy of -that realm. Some client applications may use this flag to decide -whether to forward tickets to a remote host, although many -applications do not honor it. - -An **anonymous** ticket is one in which the named principal is a -generic principal for that realm; it does not actually specify the -individual that will be using the ticket. This ticket is meant only -to securely distribute a session key. - - -.. _obtain_tkt: - -Obtaining tickets with kinit ----------------------------- - -If your site has integrated Kerberos V5 with the login system, you -will get Kerberos tickets automatically when you log in. Otherwise, -you may need to explicitly obtain your Kerberos tickets, using the -:ref:`kinit(1)` program. Similarly, if your Kerberos tickets expire, -use the kinit program to obtain new ones. - -To use the kinit program, simply type ``kinit`` and then type your -password at the prompt. For example, Jennifer (whose username is -``jennifer``) works for Bleep, Inc. (a fictitious company with the -domain name mit.edu and the Kerberos realm ATHENA.MIT.EDU). She would -type:: - - shell% kinit - Password for jennifer@ATHENA.MIT.EDU: <-- [Type jennifer's password here.] - shell% - -If you type your password incorrectly, kinit will give you the -following error message:: - - shell% kinit - Password for jennifer@ATHENA.MIT.EDU: <-- [Type the wrong password here.] - kinit: Password incorrect - shell% - -and you won't get Kerberos tickets. - -By default, kinit assumes you want tickets for your own username in -your default realm. Suppose Jennifer's friend David is visiting, and -he wants to borrow a window to check his mail. David needs to get -tickets for himself in his own realm, EXAMPLE.COM. He would type:: - - shell% kinit david@EXAMPLE.COM - Password for david@EXAMPLE.COM: <-- [Type david's password here.] - shell% - -David would then have tickets which he could use to log onto his own -machine. Note that he typed his password locally on Jennifer's -machine, but it never went over the network. Kerberos on the local -host performed the authentication to the KDC in the other realm. - -If you want to be able to forward your tickets to another host, you -need to request forwardable tickets. You do this by specifying the -**-f** option:: - - shell% kinit -f - Password for jennifer@ATHENA.MIT.EDU: <-- [Type your password here.] - shell% - -Note that kinit does not tell you that it obtained forwardable -tickets; you can verify this using the :ref:`klist(1)` command (see -:ref:`view_tkt`). - -Normally, your tickets are good for your system's default ticket -lifetime, which is ten hours on many systems. You can specify a -different ticket lifetime with the **-l** option. Add the letter -**s** to the value for seconds, **m** for minutes, **h** for hours, or -**d** for days. For example, to obtain forwardable tickets for -``david@EXAMPLE.COM`` that would be good for three hours, you would -type:: - - shell% kinit -f -l 3h david@EXAMPLE.COM - Password for david@EXAMPLE.COM: <-- [Type david's password here.] - shell% - -.. note:: - - You cannot mix units; specifying a lifetime of 3h30m would - result in an error. Note also that most systems specify a - maximum ticket lifetime. If you request a longer ticket - lifetime, it will be automatically truncated to the maximum - lifetime. - - -.. _view_tkt: - -Viewing tickets with klist --------------------------- - -The :ref:`klist(1)` command shows your tickets. When you first obtain -tickets, you will have only the ticket-granting ticket. The listing -would look like this:: - - shell% klist - Ticket cache: /tmp/krb5cc_ttypa - Default principal: jennifer@ATHENA.MIT.EDU - - Valid starting Expires Service principal - 06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - shell% - -The ticket cache is the location of your ticket file. In the above -example, this file is named ``/tmp/krb5cc_ttypa``. The default -principal is your Kerberos principal. - -The "valid starting" and "expires" fields describe the period of time -during which the ticket is valid. The "service principal" describes -each ticket. The ticket-granting ticket has a first component -``krbtgt``, and a second component which is the realm name. - -Now, if ``jennifer`` connected to the machine ``daffodil.mit.edu``, -and then typed "klist" again, she would have gotten the following -result:: - - shell% klist - Ticket cache: /tmp/krb5cc_ttypa - Default principal: jennifer@ATHENA.MIT.EDU - - Valid starting Expires Service principal - 06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - 06/07/04 20:22:30 06/08/04 05:49:19 host/daffodil.mit.edu@ATHENA.MIT.EDU - shell% - -Here's what happened: when ``jennifer`` used ssh to connect to the -host ``daffodil.mit.edu``, the ssh program presented her -ticket-granting ticket to the KDC and requested a host ticket for the -host ``daffodil.mit.edu``. The KDC sent the host ticket, which ssh -then presented to the host ``daffodil.mit.edu``, and she was allowed -to log in without typing her password. - -Suppose your Kerberos tickets allow you to log into a host in another -domain, such as ``trillium.example.com``, which is also in another -Kerberos realm, ``EXAMPLE.COM``. If you ssh to this host, you will -receive a ticket-granting ticket for the realm ``EXAMPLE.COM``, plus -the new host ticket for ``trillium.example.com``. klist will now -show:: - - shell% klist - Ticket cache: /tmp/krb5cc_ttypa - Default principal: jennifer@ATHENA.MIT.EDU - - Valid starting Expires Service principal - 06/07/04 19:49:21 06/08/04 05:49:19 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - 06/07/04 20:22:30 06/08/04 05:49:19 host/daffodil.mit.edu@ATHENA.MIT.EDU - 06/07/04 20:24:18 06/08/04 05:49:19 krbtgt/EXAMPLE.COM@ATHENA.MIT.EDU - 06/07/04 20:24:18 06/08/04 05:49:19 host/trillium.example.com@EXAMPLE.COM - shell% - -Depending on your host's and realm's configuration, you may also see a -ticket with the service principal ``host/trillium.example.com@``. If -so, this means that your host did not know what realm -trillium.example.com is in, so it asked the ``ATHENA.MIT.EDU`` KDC for -a referral. The next time you connect to ``trillium.example.com``, -the odd-looking entry will be used to avoid needing to ask for a -referral again. - -You can use the **-f** option to view the flags that apply to your -tickets. The flags are: - -===== ========================= - F Forwardable - f forwarded - P Proxiable - p proxy - D postDateable - d postdated - R Renewable - I Initial - i invalid - H Hardware authenticated - A preAuthenticated - T Transit policy checked - O Okay as delegate - a anonymous -===== ========================= - -Here is a sample listing. In this example, the user *jennifer* -obtained her initial tickets (**I**), which are forwardable (**F**) -and postdated (**d**) but not yet validated (**i**):: - - shell% klist -f - Ticket cache: /tmp/krb5cc_320 - Default principal: jennifer@ATHENA.MIT.EDU - - Valid starting Expires Service principal - 31/07/05 19:06:25 31/07/05 19:16:25 krbtgt/ATHENA.MIT.EDU@ATHENA.MIT.EDU - Flags: FdiI - shell% - -In the following example, the user *david*'s tickets were forwarded -(**f**) to this host from another host. The tickets are reforwardable -(**F**):: - - shell% klist -f - Ticket cache: /tmp/krb5cc_p11795 - Default principal: david@EXAMPLE.COM - - Valid starting Expires Service principal - 07/31/05 11:52:29 07/31/05 21:11:23 krbtgt/EXAMPLE.COM@EXAMPLE.COM - Flags: Ff - 07/31/05 12:03:48 07/31/05 21:11:23 host/trillium.example.com@EXAMPLE.COM - Flags: Ff - shell% - - -Destroying tickets with kdestroy --------------------------------- - -Your Kerberos tickets are proof that you are indeed yourself, and -tickets could be stolen if someone gains access to a computer where -they are stored. If this happens, the person who has them can -masquerade as you until they expire. For this reason, you should -destroy your Kerberos tickets when you are away from your computer. - -Destroying your tickets is easy. Simply type kdestroy:: - - shell% kdestroy - shell% - -If :ref:`kdestroy(1)` fails to destroy your tickets, it will beep and -give an error message. For example, if kdestroy can't find any -tickets to destroy, it will give the following message:: - - shell% kdestroy - kdestroy: No credentials cache file found while destroying cache - shell% diff --git a/krb5-1.21.3/doc/user/user_commands/index.rst b/krb5-1.21.3/doc/user/user_commands/index.rst deleted file mode 100644 index 7ce86a14..00000000 --- a/krb5-1.21.3/doc/user/user_commands/index.rst +++ /dev/null @@ -1,17 +0,0 @@ -.. _user_commands: - -User commands -============= - -.. toctree:: - :maxdepth: 1 - - kdestroy.rst - kinit.rst - klist.rst - kpasswd.rst - krb5-config.rst - ksu.rst - kswitch.rst - kvno.rst - sclient.rst diff --git a/krb5-1.21.3/doc/user/user_commands/kdestroy.rst b/krb5-1.21.3/doc/user/user_commands/kdestroy.rst deleted file mode 100644 index b15846f9..00000000 --- a/krb5-1.21.3/doc/user/user_commands/kdestroy.rst +++ /dev/null @@ -1,77 +0,0 @@ -.. _kdestroy(1): - -kdestroy -======== - -SYNOPSIS --------- - -**kdestroy** -[**-A**] -[**-q**] -[**-c** *cache_name*] -[**-p** *princ_name*] - - -DESCRIPTION ------------ - -The kdestroy utility destroys the user's active Kerberos authorization -tickets by overwriting and deleting the credentials cache that -contains them. If the credentials cache is not specified, the default -credentials cache is destroyed. - - -OPTIONS -------- - -**-A** - Destroys all caches in the collection, if a cache collection is - available. May be used with the **-c** option to specify the - collection to be destroyed. - -**-q** - Run quietly. Normally kdestroy beeps if it fails to destroy the - user's tickets. The **-q** flag suppresses this behavior. - -**-c** *cache_name* - Use *cache_name* as the credentials (ticket) cache name and - location; if this option is not used, the default cache name and - location are used. - - The default credentials cache may vary between systems. If the - **KRB5CCNAME** environment variable is set, its value is used to - name the default ticket cache. - -**-p** *princ_name* - If a cache collection is available, destroy the cache for - *princ_name* instead of the primary cache. May be used with the - **-c** option to specify the collection to be searched. - - -NOTE ----- - -Most installations recommend that you place the kdestroy command in -your .logout file, so that your tickets are destroyed automatically -when you log out. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -FILES ------ - -|ccache| - Default location of Kerberos 5 credentials cache - - -SEE ALSO --------- - -:ref:`kinit(1)`, :ref:`klist(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/user/user_commands/kinit.rst b/krb5-1.21.3/doc/user/user_commands/kinit.rst deleted file mode 100644 index 5b105e35..00000000 --- a/krb5-1.21.3/doc/user/user_commands/kinit.rst +++ /dev/null @@ -1,230 +0,0 @@ -.. _kinit(1): - -kinit -===== - -SYNOPSIS --------- - -**kinit** -[**-V**] -[**-l** *lifetime*] -[**-s** *start_time*] -[**-r** *renewable_life*] -[**-p** | -**P**] -[**-f** | -**F**] -[**-a**] -[**-A**] -[**-C**] -[**-E**] -[**-v**] -[**-R**] -[**-k** [**-i** | -**t** *keytab_file*]] -[**-c** *cache_name*] -[**-n**] -[**-S** *service_name*] -[**-I** *input_ccache*] -[**-T** *armor_ccache*] -[**-X** *attribute*\ [=\ *value*]] -[**--request-pac** | **--no-request-pac**] -[*principal*] - - -DESCRIPTION ------------ - -kinit obtains and caches an initial ticket-granting ticket for -*principal*. If *principal* is absent, kinit chooses an appropriate -principal name based on existing credential cache contents or the -local username of the user invoking kinit. Some options modify the -choice of principal name. - - -OPTIONS -------- - -**-V** - display verbose output. - -**-l** *lifetime* - (:ref:`duration` string.) Requests a ticket with the lifetime - *lifetime*. - - For example, ``kinit -l 5:30`` or ``kinit -l 5h30m``. - - If the **-l** option is not specified, the default ticket lifetime - (configured by each site) is used. Specifying a ticket lifetime - longer than the maximum ticket lifetime (configured by each site) - will not override the configured maximum ticket lifetime. - -**-s** *start_time* - (:ref:`duration` string.) Requests a postdated ticket. Postdated - tickets are issued with the **invalid** flag set, and need to be - resubmitted to the KDC for validation before use. - - *start_time* specifies the duration of the delay before the ticket - can become valid. - -**-r** *renewable_life* - (:ref:`duration` string.) Requests renewable tickets, with a total - lifetime of *renewable_life*. - -**-f** - requests forwardable tickets. - -**-F** - requests non-forwardable tickets. - -**-p** - requests proxiable tickets. - -**-P** - requests non-proxiable tickets. - -**-a** - requests tickets restricted to the host's local address[es]. - -**-A** - requests tickets not restricted by address. - -**-C** - requests canonicalization of the principal name, and allows the - KDC to reply with a different client principal from the one - requested. - -**-E** - treats the principal name as an enterprise name. - -**-v** - requests that the ticket-granting ticket in the cache (with the - **invalid** flag set) be passed to the KDC for validation. If the - ticket is within its requested time range, the cache is replaced - with the validated ticket. - -**-R** - requests renewal of the ticket-granting ticket. Note that an - expired ticket cannot be renewed, even if the ticket is still - within its renewable life. - - Note that renewable tickets that have expired as reported by - :ref:`klist(1)` may sometimes be renewed using this option, - because the KDC applies a grace period to account for client-KDC - clock skew. See :ref:`krb5.conf(5)` **clockskew** setting. - -**-k** [**-i** | **-t** *keytab_file*] - requests a ticket, obtained from a key in the local host's keytab. - The location of the keytab may be specified with the **-t** - *keytab_file* option, or with the **-i** option to specify the use - of the default client keytab; otherwise the default keytab will be - used. By default, a host ticket for the local host is requested, - but any principal may be specified. On a KDC, the special keytab - location ``KDB:`` can be used to indicate that kinit should open - the KDC database and look up the key directly. This permits an - administrator to obtain tickets as any principal that supports - authentication based on the key. - -**-n** - Requests anonymous processing. Two types of anonymous principals - are supported. - - For fully anonymous Kerberos, configure pkinit on the KDC and - configure **pkinit_anchors** in the client's :ref:`krb5.conf(5)`. - Then use the **-n** option with a principal of the form ``@REALM`` - (an empty principal name followed by the at-sign and a realm - name). If permitted by the KDC, an anonymous ticket will be - returned. - - A second form of anonymous tickets is supported; these - realm-exposed tickets hide the identity of the client but not the - client's realm. For this mode, use ``kinit -n`` with a normal - principal name. If supported by the KDC, the principal (but not - realm) will be replaced by the anonymous principal. - - As of release 1.8, the MIT Kerberos KDC only supports fully - anonymous operation. - -**-I** *input_ccache* - - Specifies the name of a credentials cache that already contains a - ticket. When obtaining that ticket, if information about how that - ticket was obtained was also stored to the cache, that information - will be used to affect how new credentials are obtained, including - preselecting the same methods of authenticating to the KDC. - -**-T** *armor_ccache* - Specifies the name of a credentials cache that already contains a - ticket. If supported by the KDC, this cache will be used to armor - the request, preventing offline dictionary attacks and allowing - the use of additional preauthentication mechanisms. Armoring also - makes sure that the response from the KDC is not modified in - transit. - -**-c** *cache_name* - use *cache_name* as the Kerberos 5 credentials (ticket) cache - location. If this option is not used, the default cache location - is used. - - The default cache location may vary between systems. If the - **KRB5CCNAME** environment variable is set, its value is used to - locate the default cache. If a principal name is specified and - the type of the default cache supports a collection (such as the - DIR type), an existing cache containing credentials for the - principal is selected or a new one is created and becomes the new - primary cache. Otherwise, any existing contents of the default - cache are destroyed by kinit. - -**-S** *service_name* - specify an alternate service name to use when getting initial - tickets. - -**-X** *attribute*\ [=\ *value*] - specify a pre-authentication *attribute* and *value* to be - interpreted by pre-authentication modules. The acceptable - attribute and value values vary from module to module. This - option may be specified multiple times to specify multiple - attributes. If no value is specified, it is assumed to be "yes". - - The following attributes are recognized by the PKINIT - pre-authentication mechanism: - - **X509_user_identity**\ =\ *value* - specify where to find user's X509 identity information - - **X509_anchors**\ =\ *value* - specify where to find trusted X509 anchor information - - **flag_RSA_PROTOCOL**\ [**=yes**] - specify use of RSA, rather than the default Diffie-Hellman - protocol - - **disable_freshness**\ [**=yes**] - disable sending freshness tokens (for testing purposes only) - -**--request-pac** | **--no-request-pac** - mutually exclusive. If **--request-pac** is set, ask the KDC to - include a PAC in authdata; if **--no-request-pac** is set, ask the - KDC not to include a PAC; if neither are set, the KDC will follow - its default, which is typically is to include a PAC if doing so is - supported. - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -FILES ------ - -|ccache| - default location of Kerberos 5 credentials cache - -|keytab| - default location for the local host's keytab. - - -SEE ALSO --------- - -:ref:`klist(1)`, :ref:`kdestroy(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/user/user_commands/klist.rst b/krb5-1.21.3/doc/user/user_commands/klist.rst deleted file mode 100644 index eb556450..00000000 --- a/krb5-1.21.3/doc/user/user_commands/klist.rst +++ /dev/null @@ -1,129 +0,0 @@ -.. _klist(1): - -klist -===== - -SYNOPSIS --------- - -**klist** -[**-e**] -[[**-c**] [**-l**] [**-A**] [**-f**] [**-s**] [**-a** [**-n**]]] -[**-C**] -[**-k** [**-i**] [**-t**] [**-K**]] -[**-V**] -[**-d**] -[*cache_name*\|\ *keytab_name*] - - -DESCRIPTION ------------ - -klist lists the Kerberos principal and Kerberos tickets held in a -credentials cache, or the keys held in a keytab file. - - -OPTIONS -------- - -**-e** - Displays the encryption types of the session key and the ticket - for each credential in the credential cache, or each key in the - keytab file. - -**-l** - If a cache collection is available, displays a table summarizing - the caches present in the collection. - -**-A** - If a cache collection is available, displays the contents of all - of the caches in the collection. - -**-c** - List tickets held in a credentials cache. This is the default if - neither **-c** nor **-k** is specified. - -**-f** - Shows the flags present in the credentials, using the following - abbreviations:: - - F Forwardable - f forwarded - P Proxiable - p proxy - D postDateable - d postdated - R Renewable - I Initial - i invalid - H Hardware authenticated - A preAuthenticated - T Transit policy checked - O Okay as delegate - a anonymous - -**-s** - Causes klist to run silently (produce no output). klist will exit - with status 1 if the credentials cache cannot be read or is - expired, and with status 0 otherwise. - -**-a** - Display list of addresses in credentials. - -**-n** - Show numeric addresses instead of reverse-resolving addresses. - -**-C** - List configuration data that has been stored in the credentials - cache when klist encounters it. By default, configuration data - is not listed. - -**-k** - List keys held in a keytab file. - -**-i** - In combination with **-k**, defaults to using the default client - keytab instead of the default acceptor keytab, if no name is - given. - -**-t** - Display the time entry timestamps for each keytab entry in the - keytab file. - -**-K** - Display the value of the encryption key in each keytab entry in - the keytab file. - -**-d** - Display the authdata types (if any) for each entry. - -**-V** - Display the Kerberos version number and exit. - -If *cache_name* or *keytab_name* is not specified, klist will display -the credentials in the default credentials cache or keytab file as -appropriate. If the **KRB5CCNAME** environment variable is set, its -value is used to locate the default ticket cache. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -FILES ------ - -|ccache| - Default location of Kerberos 5 credentials cache - -|keytab| - Default location for the local host's keytab file. - - -SEE ALSO --------- - -:ref:`kinit(1)`, :ref:`kdestroy(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/user/user_commands/kpasswd.rst b/krb5-1.21.3/doc/user/user_commands/kpasswd.rst deleted file mode 100644 index 0583bbd0..00000000 --- a/krb5-1.21.3/doc/user/user_commands/kpasswd.rst +++ /dev/null @@ -1,46 +0,0 @@ -.. _kpasswd(1): - -kpasswd -======= - -SYNOPSIS --------- - -**kpasswd** [*principal*] - - -DESCRIPTION ------------ - -The kpasswd command is used to change a Kerberos principal's password. -kpasswd first prompts for the current Kerberos password, then prompts -the user twice for the new password, and the password is changed. - -If the principal is governed by a policy that specifies the length -and/or number of character classes required in the new password, the -new password must conform to the policy. (The five character classes -are lower case, upper case, numbers, punctuation, and all other -characters.) - - -OPTIONS -------- - -*principal* - Change the password for the Kerberos principal principal. - Otherwise, kpasswd uses the principal name from an existing ccache - if there is one; if not, the principal is derived from the - identity of the user invoking the kpasswd command. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kadmin(1)`, :ref:`kadmind(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/user/user_commands/krb5-config.rst b/krb5-1.21.3/doc/user/user_commands/krb5-config.rst deleted file mode 100644 index 2c09141a..00000000 --- a/krb5-1.21.3/doc/user/user_commands/krb5-config.rst +++ /dev/null @@ -1,83 +0,0 @@ -.. _krb5-config(1): - -krb5-config -=========== - -SYNOPSIS --------- - -**krb5-config** -[**-**\ **-help** | **-**\ **-all** | **-**\ **-version** | **-**\ **-vendor** | **-**\ **-prefix** | **-**\ **-exec-prefix** | **-**\ **-defccname** | **-**\ **-defktname** | **-**\ **-defcktname** | **-**\ **-cflags** | **-**\ **-libs** [*libraries*]] - - -DESCRIPTION ------------ - -krb5-config tells the application programmer what flags to use to compile -and link programs against the installed Kerberos libraries. - - -OPTIONS -------- - -**-**\ **-help** - prints a usage message. This is the default behavior when no options - are specified. - -**-**\ **-all** - prints the version, vendor, prefix, and exec-prefix. - -**-**\ **-version** - prints the version number of the Kerberos installation. - -**-**\ **-vendor** - prints the name of the vendor of the Kerberos installation. - -**-**\ **-prefix** - prints the prefix for which the Kerberos installation was built. - -**-**\ **-exec-prefix** - prints the prefix for executables for which the Kerberos installation - was built. - -**-**\ **-defccname** - prints the built-in default credentials cache location. - -**-**\ **-defktname** - prints the built-in default keytab location. - -**-**\ **-defcktname** - prints the built-in default client (initiator) keytab location. - -**-**\ **-cflags** - prints the compilation flags used to build the Kerberos installation. - -**-**\ **-libs** [*library*] - prints the compiler options needed to link against *library*. - Allowed values for *library* are: - - ============ =============================================== - krb5 Kerberos 5 applications (default) - gssapi GSSAPI applications with Kerberos 5 bindings - kadm-client Kadmin client - kadm-server Kadmin server - kdb Applications that access the Kerberos database - ============ =============================================== - -EXAMPLES --------- - -krb5-config is particularly useful for compiling against a Kerberos -installation that was installed in a non-standard location. For example, -a Kerberos installation that is installed in ``/opt/krb5/`` but uses -libraries in ``/usr/local/lib/`` for text localization would produce -the following output:: - - shell% krb5-config --libs krb5 - -L/opt/krb5/lib -Wl,-rpath -Wl,/opt/krb5/lib -L/usr/local/lib -lkrb5 -lk5crypto -lcom_err - - -SEE ALSO --------- - -:ref:`kerberos(7)`, cc(1) diff --git a/krb5-1.21.3/doc/user/user_commands/ksu.rst b/krb5-1.21.3/doc/user/user_commands/ksu.rst deleted file mode 100644 index 93373822..00000000 --- a/krb5-1.21.3/doc/user/user_commands/ksu.rst +++ /dev/null @@ -1,411 +0,0 @@ -.. _ksu(1): - -ksu -=== - -SYNOPSIS --------- - -**ksu** -[ *target_user* ] -[ **-n** *target_principal_name* ] -[ **-c** *source_cache_name* ] -[ **-k** ] -[ **-r** time ] -[ **-p** | **-P**] -[ **-f** | **-F**] -[ **-l** *lifetime* ] -[ **-z | Z** ] -[ **-q** ] -[ **-e** *command* [ args ... ] ] [ **-a** [ args ... ] ] - - -REQUIREMENTS ------------- - -Must have Kerberos version 5 installed to compile ksu. Must have a -Kerberos version 5 server running to use ksu. - - -DESCRIPTION ------------ - -ksu is a Kerberized version of the su program that has two missions: -one is to securely change the real and effective user ID to that of -the target user, and the other is to create a new security context. - -.. note:: - - For the sake of clarity, all references to and attributes of - the user invoking the program will start with "source" - (e.g., "source user", "source cache", etc.). - - Likewise, all references to and attributes of the target - account will start with "target". - -AUTHENTICATION --------------- - -To fulfill the first mission, ksu operates in two phases: -authentication and authorization. Resolving the target principal name -is the first step in authentication. The user can either specify his -principal name with the **-n** option (e.g., ``-n jqpublic@USC.EDU``) -or a default principal name will be assigned using a heuristic -described in the OPTIONS section (see **-n** option). The target user -name must be the first argument to ksu; if not specified root is the -default. If ``.`` is specified then the target user will be the -source user (e.g., ``ksu .``). If the source user is root or the -target user is the source user, no authentication or authorization -takes place. Otherwise, ksu looks for an appropriate Kerberos ticket -in the source cache. - -The ticket can either be for the end-server or a ticket granting -ticket (TGT) for the target principal's realm. If the ticket for the -end-server is already in the cache, it's decrypted and verified. If -it's not in the cache but the TGT is, the TGT is used to obtain the -ticket for the end-server. The end-server ticket is then verified. -If neither ticket is in the cache, but ksu is compiled with the -**GET_TGT_VIA_PASSWD** define, the user will be prompted for a -Kerberos password which will then be used to get a TGT. If the user -is logged in remotely and does not have a secure channel, the password -may be exposed. If neither ticket is in the cache and -**GET_TGT_VIA_PASSWD** is not defined, authentication fails. - - -AUTHORIZATION -------------- - -This section describes authorization of the source user when ksu is -invoked without the **-e** option. For a description of the **-e** -option, see the OPTIONS section. - -Upon successful authentication, ksu checks whether the target -principal is authorized to access the target account. In the target -user's home directory, ksu attempts to access two authorization files: -:ref:`.k5login(5)` and .k5users. In the .k5login file each line -contains the name of a principal that is authorized to access the -account. - -For example:: - - jqpublic@USC.EDU - jqpublic/secure@USC.EDU - jqpublic/admin@USC.EDU - -The format of .k5users is the same, except the principal name may be -followed by a list of commands that the principal is authorized to -execute (see the **-e** option in the OPTIONS section for details). - -Thus if the target principal name is found in the .k5login file the -source user is authorized to access the target account. Otherwise ksu -looks in the .k5users file. If the target principal name is found -without any trailing commands or followed only by ``*`` then the -source user is authorized. If either .k5login or .k5users exist but -an appropriate entry for the target principal does not exist then -access is denied. If neither file exists then the principal will be -granted access to the account according to the aname->lname mapping -rules. Otherwise, authorization fails. - - -EXECUTION OF THE TARGET SHELL ------------------------------ - -Upon successful authentication and authorization, ksu proceeds in a -similar fashion to su. The environment is unmodified with the -exception of USER, HOME and SHELL variables. If the target user is -not root, USER gets set to the target user name. Otherwise USER -remains unchanged. Both HOME and SHELL are set to the target login's -default values. In addition, the environment variable **KRB5CCNAME** -gets set to the name of the target cache. The real and effective user -ID are changed to that of the target user. The target user's shell is -then invoked (the shell name is specified in the password file). Upon -termination of the shell, ksu deletes the target cache (unless ksu is -invoked with the **-k** option). This is implemented by first doing a -fork and then an exec, instead of just exec, as done by su. - - -CREATING A NEW SECURITY CONTEXT -------------------------------- - -ksu can be used to create a new security context for the target -program (either the target shell, or command specified via the **-e** -option). The target program inherits a set of credentials from the -source user. By default, this set includes all of the credentials in -the source cache plus any additional credentials obtained during -authentication. The source user is able to limit the credentials in -this set by using **-z** or **-Z** option. **-z** restricts the copy -of tickets from the source cache to the target cache to only the -tickets where client == the target principal name. The **-Z** option -provides the target user with a fresh target cache (no creds in the -cache). Note that for security reasons, when the source user is root -and target user is non-root, **-z** option is the default mode of -operation. - -While no authentication takes place if the source user is root or is -the same as the target user, additional tickets can still be obtained -for the target cache. If **-n** is specified and no credentials can -be copied to the target cache, the source user is prompted for a -Kerberos password (unless **-Z** specified or **GET_TGT_VIA_PASSWD** -is undefined). If successful, a TGT is obtained from the Kerberos -server and stored in the target cache. Otherwise, if a password is -not provided (user hit return) ksu continues in a normal mode of -operation (the target cache will not contain the desired TGT). If the -wrong password is typed in, ksu fails. - -.. note:: - - During authentication, only the tickets that could be - obtained without providing a password are cached in the - source cache. - - -OPTIONS -------- - -**-n** *target_principal_name* - Specify a Kerberos target principal name. Used in authentication - and authorization phases of ksu. - - If ksu is invoked without **-n**, a default principal name is - assigned via the following heuristic: - - * Case 1: source user is non-root. - - If the target user is the source user the default principal name - is set to the default principal of the source cache. If the - cache does not exist then the default principal name is set to - ``target_user@local_realm``. If the source and target users are - different and neither ``~target_user/.k5users`` nor - ``~target_user/.k5login`` exist then the default principal name - is ``target_user_login_name@local_realm``. Otherwise, starting - with the first principal listed below, ksu checks if the - principal is authorized to access the target account and whether - there is a legitimate ticket for that principal in the source - cache. If both conditions are met that principal becomes the - default target principal, otherwise go to the next principal. - - a) default principal of the source cache - b) target_user\@local_realm - c) source_user\@local_realm - - If a-c fails try any principal for which there is a ticket in - the source cache and that is authorized to access the target - account. If that fails select the first principal that is - authorized to access the target account from the above list. If - none are authorized and ksu is configured with - **PRINC_LOOK_AHEAD** turned on, select the default principal as - follows: - - For each candidate in the above list, select an authorized - principal that has the same realm name and first part of the - principal name equal to the prefix of the candidate. For - example if candidate a) is ``jqpublic@ISI.EDU`` and - ``jqpublic/secure@ISI.EDU`` is authorized to access the target - account then the default principal is set to - ``jqpublic/secure@ISI.EDU``. - - * Case 2: source user is root. - - If the target user is non-root then the default principal name - is ``target_user@local_realm``. Else, if the source cache - exists the default principal name is set to the default - principal of the source cache. If the source cache does not - exist, default principal name is set to ``root\@local_realm``. - -**-c** *source_cache_name* - - Specify source cache name (e.g., ``-c FILE:/tmp/my_cache``). If - **-c** option is not used then the name is obtained from - **KRB5CCNAME** environment variable. If **KRB5CCNAME** is not - defined the source cache name is set to ``krb5cc_``. - The target cache name is automatically set to ``krb5cc_.(gen_sym())``, where gen_sym generates a new number such that - the resulting cache does not already exist. For example:: - - krb5cc_1984.2 - -**-k** - Do not delete the target cache upon termination of the target - shell or a command (**-e** command). Without **-k**, ksu deletes - the target cache. - -**-z** - Restrict the copy of tickets from the source cache to the target - cache to only the tickets where client == the target principal - name. Use the **-n** option if you want the tickets for other then - the default principal. Note that the **-z** option is mutually - exclusive with the **-Z** option. - -**-Z** - Don't copy any tickets from the source cache to the target cache. - Just create a fresh target cache, where the default principal name - of the cache is initialized to the target principal name. Note - that the **-Z** option is mutually exclusive with the **-z** - option. - -**-q** - Suppress the printing of status messages. - -Ticket granting ticket options: - -**-l** *lifetime* **-r** *time* **-p** **-P** **-f** **-F** - The ticket granting ticket options only apply to the case where - there are no appropriate tickets in the cache to authenticate the - source user. In this case if ksu is configured to prompt users - for a Kerberos password (**GET_TGT_VIA_PASSWD** is defined), the - ticket granting ticket options that are specified will be used - when getting a ticket granting ticket from the Kerberos server. - -**-l** *lifetime* - (:ref:`duration` string.) Specifies the lifetime to be requested - for the ticket; if this option is not specified, the default ticket - lifetime (12 hours) is used instead. - -**-r** *time* - (:ref:`duration` string.) Specifies that the **renewable** option - should be requested for the ticket, and specifies the desired - total lifetime of the ticket. - -**-p** - specifies that the **proxiable** option should be requested for - the ticket. - -**-P** - specifies that the **proxiable** option should not be requested - for the ticket, even if the default configuration is to ask for - proxiable tickets. - -**-f** - option specifies that the **forwardable** option should be - requested for the ticket. - -**-F** - option specifies that the **forwardable** option should not be - requested for the ticket, even if the default configuration is to - ask for forwardable tickets. - -**-e** *command* [*args* ...] - ksu proceeds exactly the same as if it was invoked without the - **-e** option, except instead of executing the target shell, ksu - executes the specified command. Example of usage:: - - ksu bob -e ls -lag - - The authorization algorithm for **-e** is as follows: - - If the source user is root or source user == target user, no - authorization takes place and the command is executed. If source - user id != 0, and ``~target_user/.k5users`` file does not exist, - authorization fails. Otherwise, ``~target_user/.k5users`` file - must have an appropriate entry for target principal to get - authorized. - - The .k5users file format: - - A single principal entry on each line that may be followed by a - list of commands that the principal is authorized to execute. A - principal name followed by a ``*`` means that the user is - authorized to execute any command. Thus, in the following - example:: - - jqpublic@USC.EDU ls mail /local/kerberos/klist - jqpublic/secure@USC.EDU * - jqpublic/admin@USC.EDU - - ``jqpublic@USC.EDU`` is only authorized to execute ``ls``, - ``mail`` and ``klist`` commands. ``jqpublic/secure@USC.EDU`` is - authorized to execute any command. ``jqpublic/admin@USC.EDU`` is - not authorized to execute any command. Note, that - ``jqpublic/admin@USC.EDU`` is authorized to execute the target - shell (regular ksu, without the **-e** option) but - ``jqpublic@USC.EDU`` is not. - - The commands listed after the principal name must be either a full - path names or just the program name. In the second case, - **CMD_PATH** specifying the location of authorized programs must - be defined at the compilation time of ksu. Which command gets - executed? - - If the source user is root or the target user is the source user - or the user is authorized to execute any command (``*`` entry) - then command can be either a full or a relative path leading to - the target program. Otherwise, the user must specify either a - full path or just the program name. - -**-a** *args* - Specify arguments to be passed to the target shell. Note that all - flags and parameters following -a will be passed to the shell, - thus all options intended for ksu must precede **-a**. - - The **-a** option can be used to simulate the **-e** option if - used as follows:: - - -a -c [command [arguments]]. - - **-c** is interpreted by the c-shell to execute the command. - - -INSTALLATION INSTRUCTIONS -------------------------- - -ksu can be compiled with the following four flags: - -**GET_TGT_VIA_PASSWD** - In case no appropriate tickets are found in the source cache, the - user will be prompted for a Kerberos password. The password is - then used to get a ticket granting ticket from the Kerberos - server. The danger of configuring ksu with this macro is if the - source user is logged in remotely and does not have a secure - channel, the password may get exposed. - -**PRINC_LOOK_AHEAD** - During the resolution of the default principal name, - **PRINC_LOOK_AHEAD** enables ksu to find principal names in - the .k5users file as described in the OPTIONS section - (see **-n** option). - -**CMD_PATH** - Specifies a list of directories containing programs that users are - authorized to execute (via .k5users file). - -**HAVE_GETUSERSHELL** - If the source user is non-root, ksu insists that the target user's - shell to be invoked is a "legal shell". *getusershell(3)* is - called to obtain the names of "legal shells". Note that the - target user's shell is obtained from the passwd file. - -Sample configuration:: - - KSU_OPTS = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /usr/ucb /local/bin" - -ksu should be owned by root and have the set user id bit turned on. - -ksu attempts to get a ticket for the end server just as Kerberized -telnet and rlogin. Thus, there must be an entry for the server in the -Kerberos database (e.g., ``host/nii.isi.edu@ISI.EDU``). The keytab -file must be in an appropriate location. - - -SIDE EFFECTS ------------- - -ksu deletes all expired tickets from the source cache. - - -AUTHOR OF KSU -------------- - -GENNADY (ARI) MEDVINSKY - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kerberos(7)`, :ref:`kinit(1)` diff --git a/krb5-1.21.3/doc/user/user_commands/kswitch.rst b/krb5-1.21.3/doc/user/user_commands/kswitch.rst deleted file mode 100644 index 010332e6..00000000 --- a/krb5-1.21.3/doc/user/user_commands/kswitch.rst +++ /dev/null @@ -1,50 +0,0 @@ -.. _kswitch(1): - -kswitch -======= - -SYNOPSIS --------- - -**kswitch** -{**-c** *cachename*\|\ **-p** *principal*} - - -DESCRIPTION ------------ - -kswitch makes the specified credential cache the primary cache for the -collection, if a cache collection is available. - - -OPTIONS -------- - -**-c** *cachename* - Directly specifies the credential cache to be made primary. - -**-p** *principal* - Causes the cache collection to be searched for a cache containing - credentials for *principal*. If one is found, that collection is - made primary. - - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -FILES ------ - -|ccache| - Default location of Kerberos 5 credentials cache - - -SEE ALSO --------- - -:ref:`kinit(1)`, :ref:`kdestroy(1)`, :ref:`klist(1)`, -:ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/user/user_commands/kvno.rst b/krb5-1.21.3/doc/user/user_commands/kvno.rst deleted file mode 100644 index 970fbb47..00000000 --- a/krb5-1.21.3/doc/user/user_commands/kvno.rst +++ /dev/null @@ -1,119 +0,0 @@ -.. _kvno(1): - -kvno -==== - -SYNOPSIS --------- - -**kvno** -[**-c** *ccache*] -[**-e** *etype*] -[**-k** *keytab*] -[**-q**] -[**-u** | **-S** *sname*] -[**-P**] -[**--cached-only**] -[**--no-store**] -[**--out-cache** *cache*] -[[{**-F** *cert_file* | {**-I** | **-U**} *for_user*} [**-P**]] | **--u2u** *ccache*] -*service1 service2* ... - - -DESCRIPTION ------------ - -kvno acquires a service ticket for the specified Kerberos principals -and prints out the key version numbers of each. - - -OPTIONS -------- - -**-c** *ccache* - Specifies the name of a credentials cache to use (if not the - default) - -**-e** *etype* - Specifies the enctype which will be requested for the session key - of all the services named on the command line. This is useful in - certain backward compatibility situations. - -**-k** *keytab* - Decrypt the acquired tickets using *keytab* to confirm their - validity. - -**-q** - Suppress printing output when successful. If a service ticket - cannot be obtained, an error message will still be printed and - kvno will exit with nonzero status. - -**-u** - Use the unknown name type in requested service principal names. - This option Cannot be used with *-S*. - -**-P** - Specifies that the *service1 service2* ... arguments are to be - treated as services for which credentials should be acquired using - constrained delegation. This option is only valid when used in - conjunction with protocol transition. - -**-S** *sname* - Specifies that the *service1 service2* ... arguments are - interpreted as hostnames, and the service principals are to be - constructed from those hostnames and the service name *sname*. - The service hostnames will be canonicalized according to the usual - rules for constructing service principals. - -**-I** *for_user* - Specifies that protocol transition (S4U2Self) is to be used to - acquire a ticket on behalf of *for_user*. If constrained - delegation is not requested, the service name must match the - credentials cache client principal. - -**-U** *for_user* - Same as -I, but treats *for_user* as an enterprise name. - -**-F** *cert_file* - Specifies that protocol transition is to be used, identifying the - client principal with the X.509 certificate in *cert_file*. The - certificate file must be in PEM format. - -**--cached-only** - Only retrieve credentials already present in the cache, not from - the KDC. (Added in release 1.19.) - -**--no-store** - Do not store retrieved credentials in the cache. If - **--out-cache** is also specified, credentials will still be - stored into the output credential cache. (Added in release 1.19.) - -**--out-cache** *ccache* - Initialize *ccache* and store all retrieved credentials into it. - Do not store acquired credentials in the input cache. (Added in - release 1.19.) - -**--u2u** *ccache* - Requests a user-to-user ticket. *ccache* must contain a local - krbtgt ticket for the server principal. The reported version - number will typically be 0, as the resulting ticket is not - encrypted in the server's long-term key. - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -FILES ------ - -|ccache| - Default location of the credentials cache - - -SEE ALSO --------- - -:ref:`kinit(1)`, :ref:`kdestroy(1)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/user/user_commands/sclient.rst b/krb5-1.21.3/doc/user/user_commands/sclient.rst deleted file mode 100644 index 1e3d38f8..00000000 --- a/krb5-1.21.3/doc/user/user_commands/sclient.rst +++ /dev/null @@ -1,30 +0,0 @@ -.. _sclient(1): - -sclient -======= - -SYNOPSIS --------- - -**sclient** *remotehost* - - -DESCRIPTION ------------ - -sclient is a sample application, primarily useful for testing -purposes. It contacts a sample server :ref:`sserver(8)` and -authenticates to it using Kerberos version 5 tickets, then displays -the server's response. - -ENVIRONMENT ------------ - -See :ref:`kerberos(7)` for a description of Kerberos environment -variables. - - -SEE ALSO --------- - -:ref:`kinit(1)`, :ref:`sserver(8)`, :ref:`kerberos(7)` diff --git a/krb5-1.21.3/doc/user/user_config/index.rst b/krb5-1.21.3/doc/user/user_config/index.rst deleted file mode 100644 index ad0dc1a7..00000000 --- a/krb5-1.21.3/doc/user/user_config/index.rst +++ /dev/null @@ -1,13 +0,0 @@ -User config files -================= - -The following files in your home directory can be used to control the -behavior of Kerberos as it applies to your account (unless they have -been disabled by your host's configuration): - -.. toctree:: - :maxdepth: 1 - - kerberos.rst - k5login.rst - k5identity.rst diff --git a/krb5-1.21.3/doc/user/user_config/k5identity.rst b/krb5-1.21.3/doc/user/user_config/k5identity.rst deleted file mode 100644 index cf5d95e5..00000000 --- a/krb5-1.21.3/doc/user/user_config/k5identity.rst +++ /dev/null @@ -1,64 +0,0 @@ -.. _.k5identity(5): - -.k5identity -=========== - -DESCRIPTION ------------ - -The .k5identity file, which resides in a user's home directory, -contains a list of rules for selecting a client principals based on -the server being accessed. These rules are used to choose a -credential cache within the cache collection when possible. - -Blank lines and lines beginning with ``#`` are ignored. Each line has -the form: - - *principal* *field*\=\ *value* ... - -If the server principal meets all of the field constraints, then -principal is chosen as the client principal. The following fields are -recognized: - -**realm** - If the realm of the server principal is known, it is matched - against *value*, which may be a pattern using shell wildcards. - For host-based server principals, the realm will generally only be - known if there is a :ref:`domain_realm` section in - :ref:`krb5.conf(5)` with a mapping for the hostname. - -**service** - If the server principal is a host-based principal, its service - component is matched against *value*, which may be a pattern using - shell wildcards. - -**host** - If the server principal is a host-based principal, its hostname - component is converted to lower case and matched against *value*, - which may be a pattern using shell wildcards. - - If the server principal matches the constraints of multiple lines - in the .k5identity file, the principal from the first matching - line is used. If no line matches, credentials will be selected - some other way, such as the realm heuristic or the current primary - cache. - - -EXAMPLE -------- - -The following example .k5identity file selects the client principal -``alice@KRBTEST.COM`` if the server principal is within that realm, -the principal ``alice/root@EXAMPLE.COM`` if the server host is within -a servers subdomain, and the principal ``alice/mail@EXAMPLE.COM`` when -accessing the IMAP service on ``mail.example.com``:: - - alice@KRBTEST.COM realm=KRBTEST.COM - alice/root@EXAMPLE.COM host=*.servers.example.com - alice/mail@EXAMPLE.COM host=mail.example.com service=imap - - -SEE ALSO --------- - -kerberos(1), :ref:`krb5.conf(5)` diff --git a/krb5-1.21.3/doc/user/user_config/k5login.rst b/krb5-1.21.3/doc/user/user_config/k5login.rst deleted file mode 100644 index 8a9753da..00000000 --- a/krb5-1.21.3/doc/user/user_config/k5login.rst +++ /dev/null @@ -1,54 +0,0 @@ -.. _.k5login(5): - -.k5login -======== - -DESCRIPTION ------------ - -The .k5login file, which resides in a user's home directory, contains -a list of the Kerberos principals. Anyone with valid tickets for a -principal in the file is allowed host access with the UID of the user -in whose home directory the file resides. One common use is to place -a .k5login file in root's home directory, thereby granting system -administrators remote root access to the host via Kerberos. - - -EXAMPLES --------- - -Suppose the user ``alice`` had a .k5login file in her home directory -containing just the following line:: - - bob@FOOBAR.ORG - -This would allow ``bob`` to use Kerberos network applications, such as -ssh(1), to access ``alice``'s account, using ``bob``'s Kerberos -tickets. In a default configuration (with **k5login_authoritative** set -to true in :ref:`krb5.conf(5)`), this .k5login file would not let -``alice`` use those network applications to access her account, since -she is not listed! With no .k5login file, or with **k5login_authoritative** -set to false, a default rule would permit the principal ``alice`` in the -machine's default realm to access the ``alice`` account. - -Let us further suppose that ``alice`` is a system administrator. -Alice and the other system administrators would have their principals -in root's .k5login file on each host:: - - alice@BLEEP.COM - - joeadmin/root@BLEEP.COM - -This would allow either system administrator to log in to these hosts -using their Kerberos tickets instead of having to type the root -password. Note that because ``bob`` retains the Kerberos tickets for -his own principal, ``bob@FOOBAR.ORG``, he would not have any of the -privileges that require ``alice``'s tickets, such as root access to -any of the site's hosts, or the ability to change ``alice``'s -password. - - -SEE ALSO --------- - -kerberos(1) diff --git a/krb5-1.21.3/doc/user/user_config/kerberos.rst b/krb5-1.21.3/doc/user/user_config/kerberos.rst deleted file mode 100644 index 1830447a..00000000 --- a/krb5-1.21.3/doc/user/user_config/kerberos.rst +++ /dev/null @@ -1,185 +0,0 @@ -.. _kerberos(7): - -kerberos -======== - -DESCRIPTION ------------ - -The Kerberos system authenticates individual users in a network -environment. After authenticating yourself to Kerberos, you can use -Kerberos-enabled programs without having to present passwords or -certificates to those programs. - -If you receive the following response from :ref:`kinit(1)`: - -kinit: Client not found in Kerberos database while getting initial -credentials - -you haven't been registered as a Kerberos user. See your system -administrator. - -A Kerberos name usually contains three parts. The first is the -**primary**, which is usually a user's or service's name. The second -is the **instance**, which in the case of a user is usually null. -Some users may have privileged instances, however, such as ``root`` or -``admin``. In the case of a service, the instance is the fully -qualified name of the machine on which it runs; i.e. there can be an -ssh service running on the machine ABC (ssh/ABC@REALM), which is -different from the ssh service running on the machine XYZ -(ssh/XYZ@REALM). The third part of a Kerberos name is the **realm**. -The realm corresponds to the Kerberos service providing authentication -for the principal. Realms are conventionally all-uppercase, and often -match the end of hostnames in the realm (for instance, host01.example.com -might be in realm EXAMPLE.COM). - -When writing a Kerberos name, the principal name is separated from the -instance (if not null) by a slash, and the realm (if not the local -realm) follows, preceded by an "@" sign. The following are examples -of valid Kerberos names:: - - david - jennifer/admin - joeuser@BLEEP.COM - cbrown/root@FUBAR.ORG - -When you authenticate yourself with Kerberos you get an initial -Kerberos **ticket**. (A Kerberos ticket is an encrypted protocol -message that provides authentication.) Kerberos uses this ticket for -network utilities such as ssh. The ticket transactions are done -transparently, so you don't have to worry about their management. - -Note, however, that tickets expire. Administrators may configure more -privileged tickets, such as those with service or instance of ``root`` -or ``admin``, to expire in a few minutes, while tickets that carry -more ordinary privileges may be good for several hours or a day. If -your login session extends beyond the time limit, you will have to -re-authenticate yourself to Kerberos to get new tickets using the -:ref:`kinit(1)` command. - -Some tickets are **renewable** beyond their initial lifetime. This -means that ``kinit -R`` can extend their lifetime without requiring -you to re-authenticate. - -If you wish to delete your local tickets, use the :ref:`kdestroy(1)` -command. - -Kerberos tickets can be forwarded. In order to forward tickets, you -must request **forwardable** tickets when you kinit. Once you have -forwardable tickets, most Kerberos programs have a command line option -to forward them to the remote host. This can be useful for, e.g., -running kinit on your local machine and then sshing into another to do -work. Note that this should not be done on untrusted machines since -they will then have your tickets. - -ENVIRONMENT VARIABLES ---------------------- - -Several environment variables affect the operation of Kerberos-enabled -programs. These include: - -**KRB5CCNAME** - Default name for the credentials cache file, in the form - *TYPE*:*residual*. The type of the default cache may determine - the availability of a cache collection. ``FILE`` is not a - collection type; ``KEYRING``, ``DIR``, and ``KCM`` are. - - If not set, the value of **default_ccache_name** from - configuration files (see **KRB5_CONFIG**) will be used. If that - is also not set, the default *type* is ``FILE``, and the - *residual* is the path /tmp/krb5cc_*uid*, where *uid* is the - decimal user ID of the user. - -**KRB5_KTNAME** - Specifies the location of the default keytab file, in the form - *TYPE*:*residual*. If no *type* is present, the **FILE** type is - assumed and *residual* is the pathname of the keytab file. If - unset, |keytab| will be used. - -**KRB5_CONFIG** - Specifies the location of the Kerberos configuration file. The - default is |sysconfdir|\ ``/krb5.conf``. Multiple filenames can - be specified, separated by a colon; all files which are present - will be read. - -**KRB5_KDC_PROFILE** - Specifies the location of the KDC configuration file, which - contains additional configuration directives for the Key - Distribution Center daemon and associated programs. The default - is |kdcdir|\ ``/kdc.conf``. - -**KRB5RCACHENAME** - (New in release 1.18) Specifies the location of the default replay - cache, in the form *type*:*residual*. The ``file2`` type with a - pathname residual specifies a replay cache file in the version-2 - format in the specified location. The ``none`` type (residual is - ignored) disables the replay cache. The ``dfl`` type (residual is - ignored) indicates the default, which uses a file2 replay cache in - a temporary directory. The default is ``dfl:``. - -**KRB5RCACHETYPE** - Specifies the type of the default replay cache, if - **KRB5RCACHENAME** is unspecified. No residual can be specified, - so ``none`` and ``dfl`` are the only useful types. - -**KRB5RCACHEDIR** - Specifies the directory used by the ``dfl`` replay cache type. - The default is the value of the **TMPDIR** environment variable, - or ``/var/tmp`` if **TMPDIR** is not set. - -**KRB5_TRACE** - Specifies a filename to write trace log output to. Trace logs can - help illuminate decisions made internally by the Kerberos - libraries. For example, ``env KRB5_TRACE=/dev/stderr kinit`` - would send tracing information for :ref:`kinit(1)` to - ``/dev/stderr``. The default is not to write trace log output - anywhere. - -**KRB5_CLIENT_KTNAME** - Default client keytab file name. If unset, |ckeytab| will be - used). - -**KPROP_PORT** - :ref:`kprop(8)` port to use. Defaults to 754. - -**GSS_MECH_CONFIG** - Specifies a filename containing GSSAPI mechanism module - configuration. The default is to read |sysconfdir|\ ``/gss/mech`` - and files with a ``.conf`` suffix within the directory - |sysconfdir|\ ``/gss/mech.d``. - -Most environment variables are disabled for certain programs, such as -login system programs and setuid programs, which are designed to be -secure when run within an untrusted process environment. - -SEE ALSO --------- - -:ref:`kdestroy(1)`, :ref:`kinit(1)`, :ref:`klist(1)`, -:ref:`kswitch(1)`, :ref:`kpasswd(1)`, :ref:`ksu(1)`, -:ref:`krb5.conf(5)`, :ref:`kdc.conf(5)`, :ref:`kadmin(1)`, -:ref:`kadmind(8)`, :ref:`kdb5_util(8)`, :ref:`krb5kdc(8)` - -BUGS ----- - -AUTHORS -------- - -| Steve Miller, MIT Project Athena/Digital Equipment Corporation -| Clifford Neuman, MIT Project Athena -| Greg Hudson, MIT Kerberos Consortium -| Robbie Harwood, Red Hat, Inc. - -HISTORY -------- - -The MIT Kerberos 5 implementation was developed at MIT, with -contributions from many outside parties. It is currently maintained -by the MIT Kerberos Consortium. - -RESTRICTIONS ------------- - -Copyright 1985, 1986, 1989-1996, 2002, 2011, 2018 Masachusetts -Institute of Technology From 852e3f8755a2970228b0152584e88471ec30b71d Mon Sep 17 00:00:00 2001 From: Panos Date: Wed, 22 Jan 2025 23:39:17 +0000 Subject: [PATCH 3/3] Updated ci cfg --- .circleci/config.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index e2389afb..fcb38202 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -35,11 +35,8 @@ jobs: - run: command: | pip uninstall -y cython - python setup.py sdist - cd dist - pip install * + pip install -e . python -c 'from ssh.session import Session; Session()' - cd .. eval "$(ssh-agent -s)" name: Build - run: @@ -55,6 +52,14 @@ jobs: command: | flake8 ssh name: Flake + - run: + command: | + python setup.py sdist + cd dist + pip install * + python -c 'from ssh.session import Session; Session()' + cd .. + name: Sdist Install - run: command: | cd doc

      5`AlyjEhc zL07_Sf*z9s?78;!0WyKEg2Wb!SA1m=(7l2nQoVh~TaAq1ZgI=7$dMv;g5v8n!f~tP0|n zsw;`luLIqM>)X%LhdJ6I$w$FO>>quvu%q9oSsX5h)aNdE<*$%)u_MNVWhcJx)j^&P zBAh33#!EGe#+xmMb~|2vFn6B5x2-|!ESuhcs4!#D)t03X5iEN}uFB8Q_SB`S!PG49 z=s5k*h$yj45nsVP`dOf+C`vKnSw~Y^>Z&-;^E;}I&@k6Cv6~yLw*t{MxK-5`8s-jT z8Req#&@-qViG`Pi?q!NMo?sse9*=qmg6d+nd)k%5fS)b7bMd2abhm7&yz@onrfScZ zZq3WEFp(`6%rZ4JRa%T3!@eMFOwK0}LJJ`SEPzG{QQVM}JKtgX-kKM1uG3;dC1(wC zY+#GA*4aa(QAJt05tY8~D8I4sjubuK^KOtiIeoe$*}EH`_i2!hQM1!}7M;y|V`TA; zeXi-XiIIM$)aitu7YWWFm%g8sc%*6#ksDcrr-N5YZc(4e^BcayKD0jVxG1^)i)qMB zIHu88HH(Y)eYE{7Q8Dz<-AxCYPcG5HcLVT+Esi;-9PpMffiZh{g?ef}#R_Y+uGuNG z9&+qusgyDnqE${M7!6gUd~7MCi=7o!!&*DETNxpnv|!*ITFuOns_g1MRt0p|Hon)u zLz9M=)7&W?GL^%+INl0$|2t zQOk(eTr=o*Gr1O7xBj12sMS)wP7XH{t*kD)>Ez#aZ@l&Bu)!)=HYz)i5gOCB%&~uO z-G<@Fo@Ww;KJz(!|HhAu;Va^@0J&<-pqR+aXJ%-T!fwU`YLCf{ss(G49v}?y6*}N^ zV)zAzx5(~F)&mqB)cp*N^N(#c1P#~z7R+dPj6{-Q$D^wQky&J+mWWGjJM+?Zo4YYGB@Lw?sZ+;9?7SvRHnM|OI|F8_ZiekW7FvRYF|6aifxv6Ok zmNk~yfL}}nGmJVfwz8J*w7Jsh3d2x9H!T*#eKyHbwd9&gAiC{IJjhR57yA+I`GEW=_yT{ zraMq+mu)B~lI}i!>%`p}HFT;s9%az-{@!5aoI0Y?&g!FMtcEo$qaGR^o)Li%eJ+mm zd-s8K2rQA3x_t(yFy%$XEmLc!FMKymL0b)995}>L_1~n-%?0WxLTeGdABKP6_jd7~ zE5h2o&Ze`|ZO@UIjVI4sTx>H$RD^$bBd!0Wd~WweW4Jk$-Z%eEhx}neX69MoknyGe zhN?h|9){Fp38gbV2UuyhLqQK_%G&xkW4LmjFzq`VFJ2g zjp6BVI17Uym1=b|l_*+r=Q$QRh#j$jQuib|4teCZocy!^ya5~UP)8A$K#%=xc(n`O(I;_q1s}0!cV% z9KpJ$pOBPx6J|(|<5;11B)@*7|=4kF$?jVo3L%e6O(13`Z)W`SM^cM`=F^zFyS9#Hncg z=2d7~o$WH2DAHesT&YOVb3zhaCVB~?<=)6_@KA@(KXx$cFWM_;+_TBJtcQspH+D8Eab@o=+#vV*bF<*5FVYiOu`0~ zg$agT3+7+MIQivQKXpkD)76~a+ci6tzjO4B z$NwJGMJ3GqK2{Y{x;RhZZGpjaCUGOpHk~&H(<%Wws&}UA)kuQmJYGaaGDT?{9w)## z(xDO~Rb%nHurx&RBfm8s7N_S|E;n5|*X7BNC?Cc+659rBVg@5p97n;0HpxE0KwFex zac-cmgb`!)@9YJnKSN$%tsVc2(PkN^HmTuvKc#VHvx5%Qzc5oTN5Ld`ooY}VpOtY0e<7ZUaAzz7FZ6TQGrzOgXb`}V8-ms=zf?}ouG;q%RLW(fZa z0&R-Q#4=+<()FjstFh^5E<+?ORG~A12%yH7nfTYmFDI2B)z;oX8H>E3b*-3x_iF5P z5{2TYM7t;>gTYIDEHB)`oe=<5?uYceEvo_Vy>BIDrAf-5w9kwhr1(_(_}yqAISvpy%4W`T z@lMLzRrQqsXxVYbgX~|B&izH_VjT;@=^acC(P%5iM=nY~)yE9ncbqQtuQ9U5sR%A`wO#|JUfpQ=wb zj%pueakAhN4@<}22Y#5bcn@gvVoQxkDhRd7Aw!lkdjVK{!#VVWwc_X?`h|gQfM6w|#T<4V+Sibb!HjOPoE_3}H<;x6KQr zj^Vziwmc7sBrNUa{w#N`dfU;SrR~mkX0CQ@e7YoB!y{NEgj#!;yN8YBK0d7cATh$m zl8dN^1d;DmQrOIy~r5%UFgRVMk zd1clWe$akt4_vPv820$`ZdXCv!_*S42vRCzA`Wv3FTKR*$KY+oWXh>oYs6jo<}p8O zX!>l~%fW|+Ub1SNfm`4Eg1VSvnzFpc)`ipC#u2dAu}iSg?rh>6TYjVak(6TYf;o&v ziQ0uI6^=Y?!Ovl&Z(FeVNJ7fxTy|X0gWhKORSQOPYId;rAy^2X=w-s|k)>32`ASC$ z==MC3{LGU6*eVWPge~|GI@csun*W-12hh}55U%-7BMHSbm!`9uDu3$VWG$oPv1z1} zn)$R!?Mt0{`iG4&N`6;q^bbj|jY0qYH>Xs>C3f(SP%;vcUukDGU z@2s|RVzmMV7(g6{KyWfOC_t{RIi)?)+ASxj~Q{wWCjqaYVAD>0*RB#ev||LaYgZP~a!By9eZoj_EmH44w_kS4>gG zewrn<_JZ%RTo2VOCm;Ht>BN}^A#~tJGv1Sw3XG8N?BpcIY=%RXC}oX(s8OX+REXoi zz3xt}XG+$CO(3sWS+d9hFc=0AdP@W?=MCAl8ZVje#M@X-q96WD-JQxc{fhD)+e8yO zuXxe&G8fJJ(ZtWn?rwpHghk6b0zRRuFIqx&V*NN4B0X}1!Hi3ef@qsBvv_J+@uC22 zR%a6+&by!&x%`H^zmY~y9Zwz8(QgcTfBM45Pk$+O#_&X%9?_G!mZw>p72AE^b#+TD zM6c`9t5IW%YKYI9(Xf>P?V!h1wM;3^t!Uxm>9>RuSnHJryS%xkuQx(cG6?eMyEWIo zfogM(_dcFoMUi;#Ft@`HO>829h!ni%@7c1;wn@2u{rL+X?O z2V61a8feO%%6v`bLrZpJb6rj;Wv}nP8Wo8zGeuNKssT`Qc$;{4$gju8AQ05KcsF|+ zae2HHsQ$-kBh{xF(Zh~uQ6NH7Y;nVguJ+Y0b!VaM5aIbF-@p)zuQYh_m^0I$%yPkQ zO7ixX!K%yBimTzx;h@v;sM1_^ILZkR%}SpSd~Gpo&i2z|9SF^Kvu+r51fjQPW^#LG zW}jvVl_G+)ZZ_u>k7)3xRqJ*`z!5k6_P)ezZXWu(H?*5C1?E!{goY(&!8m403Z|qn zK^yw10A~-r00a zgN^-#cPyFgeZJ=1lYPH3rOam%c_E98#lC)_`%jQFIPrZqTWK3TcbAjH{Nv%l8Y6EG zXoZ-WsHo{?gPuLLr=Q>IdvoJyTohq+gPHhR2&vI>jd$3iGC;ek6A?U|ZFV9aC#)3d zQJD`IHzb@YQWIBa6NJdTgpdpj>LGpx^Q!jPzJpJRD!7@jNU*x2-*Gn1bNohUZLlX@yVzV?m3EnSGu(Zt~3qp}N!Cw5TNV&+2KAwag zlMRbO;(Rl5O7LRF`R#O*&h;x{;yt$?p2OPfW;*2z2a*Rt%dC>I)g`iqGB$@tpl9yv zcq75_NAfoBjcdwEiq98JG0^ha_G(thhNh_+tf%~;5R9@lG!rh(;0J4I{9F0j&SqV` zKivTE6ts>!19T^)Fek2JY9)CU0t!5;9N6Qo57$v64+3@X^5S_-r)Xj$9nfs zp2%fqG&J;6N$qRUwj_rQiRv&cO~K;|HBGZ7wfCthd|l}ZWgBDvHs(6P8`hN<%|>m< znZxJxuMytjbG_GV7T!o_`IpnzY}`}c5L9pMq_3?)Ej_yl4QeE$5s4_U^R-m7?>e>5 zAE6_4rrM_ZhqNQ%KfSxfUV0MN8kRaYCh_|@O91yOI%^N74cqXI5Gi=wdirRR7J$>+zs9x!ar_hY4Q=s3E7YTbs zxIksI&pA@{dfAUrMrGEAlMopeyLh`iUOt6-N)dZ;E~Pe5l;v<(rDs0g`}4KL3-Bu*26j&%oVPU@JYldLO9|F3C-^<3p#u57|MxaY}Hwsg=-P-`8yq=@9WG?q>+@K=KWVMvP^HD zp$l>kJCzmEE!ZU}@Q!}^ldNGtJ_`-09)*Vate@#vxTqEN*q6N|VFp|*2I<9sBjmfj z9aD>G>bugnzvI;T~HCzL6#3ue{~$`lI_HOX!P3saA5E zwdtW+a1sIcn^Uith+G20*xItSLFu;AMBlO8HTNCg^{ViNQ(fQZ@|T}q6$y=Hq=XX*}R=G+r=3bl%F#bx{%G;>F;=(fT5-Kc@!dvwA6 zZ?D&r*;6>Mvck!nw0vgi<#{C`%qJ*sWt zn;B%pBy)QCnsi8K%M>1G*<9De$4b(ktbR)2*gXr>1a8c0Ci{J3jnW1%IuX`NVs2xyz+3B844#Th-~DpCA1WQb=Mv@UF93qJ;%zdm-Sn zSo#>g9J+GAe`59_ua}bT(5tbYP2`yM?FVc{B@pjZ4_P-h;qED9;rZjX_NZWB_zt&d8FSB#(UkypuR2_Vx5WWydLPQWqJRX|a1 z@tH@+&Z_P`G-VT;@?7+F)EaR_oUE>h^nSdo>(a@YoOYkBY5W-IGuh_3|M8sa86RjX}?fc@mvf|U9SBc7zR%`~lf$w9Q+e8HWVG|SvbYrP(gZS_*_ z5-4ql`%&Kf9ici5Wq6A6si_T%mu9#u_!!_=UJ~mPD_Wew9Q`}KppuL7= zUf&%Lr8t8#x|S9DmYo~GaGD$7QjdJBA<21?)F0{}{@!z=T27;Ny}qk%1%>4xCKmEU zIc_PkqfFtG34R&Ijdk(TM{R-x=nZmAN5&P{Qki9s%#*X4Bz5$=#Yz-e3r|jO&ZspZ z)F(S(NDk;o0b*-IYz$6wF$O_T(i@E;@_G;YbUrLo?7bZPI6vPBJXPrUJf$RXCG1ss ztSYbKfaigoU<)C8Y-W<7u(s2Yt)Ju@9#A$y3sWb|t>J zWo7qOIp7NeXFnpPQLMoC< z;#H(_!$x>|813Z_n~SVTeI;Xm@TQ6{c)IQLuz#F)%-wfH*oIw?C$r&A!?V+NTHY$A z=Y@rf9~m1XvNhR|PGeK*8?qR2C=1BKQZ{(TxjaX0@JusX>knGvTVJ$%$cEhcZ!AJ> z9%p)0JGytFi>l9|1U}KZ@6RyJY)SDI~oigv~uCe5trVMXR&hU*CJl=P@FpU)Sz*U5c zQkO)N!IU`|10ltp=$9{738bk4?xq^E5nkou=K7?LM*}y)&ge z*By$=>s@ftILV;a>8wrJ9u1odw77V}b0pH~*aV9hzn6?&RG!<@H?-?|$hi@egb^*) zZ)(Mdj~_PSkW2F{;3e+c^t^qo;b+ZtiS36v(nE@EfTs1N>4)nz^pw<=@{<-xItzv- z>U(~ZL1BVl45D~ zo8w?R1#WfXZcmcidAkQjhob2|8Btkqls5=8nex0LM#Eyk*Rw7G=#D7wG4bUpWug2Y z@xc5C`k_=4TzV7IrA1$-b?}1~??ccDA%bqKdfDN>g+Vz$l7v}ejMsr%o4$5UU2(H- z!{M8=n6RP?RDV-d^s8B5j{Sab_yQ+KnXG$m47hw;C~ci4Re9LyOSvvbf%4~S{x~!2 zfZ=eGG^AqhW-P%uWgwR=pc&ax+kUzw2V3SPRgdUi>qtF?vQRXbbKa+8xPzn?v7T-Q zLzEIisjyeLohiQ~vs0mYjHii7-<3eB-H#i9Ae-C=KOb$p06!a8;~dEYJ8&W4Fd^RG z1qJ`EB9{<7*BtZhR-*7;m5CrwrI5T z{fhGZ3bnPJlWQ{_xT1lY&W#?M6>bjYh$qh+s2CTOCVnB`EB1L5;@EvAC(6N=T8dmL zg!lB^U&_K9Y1hba%S4EV$BWU5^50P@DUZWKE{c6S&uaxnvn^l}BBPo6L}Dh?I}}>Z zi_+eBVovLKOKC3#+~bW55FF!*L-BD8gg=on+|c|kY_6VEQRek7-;pz4Ra+kr34Rz$nWm`%BRKryzyewGwfD7 z>2%cIa*#Q3lGo1byF-Nt9}(5C136Y6|5A7s7?bCfjxKSz5P*h~e+>EY00prDVi|Un zeeez36}S4&pD)24m*3u?BW&kD5Ath*6DW9@w)hq(qy_VGM$VomB+|K0j~r*ox882j z+s_sU^UVaj9XiaWWQksauQ4HqA{A>rwiadZmagSa9#_MUr3mOiv464N;zHWL449O> z;tb3ZSF&;O@*42UVvt69`auzfWlyeH_t^hfQj=KN_+HTl)lS<$y}E30U^>FE&N%Pe zJ0+Cptz;XIR$x_-6moB#=T_gF7!R3=Er=f_%dI%D02=imP48GIlWp7pKriKSG{cMl zt(uw7&uMS_TSi*PkbvPvo~v4~GZC3$9wTtGZdq{-3_L%=FT*`0CzQydp@ih7YUC60fIv`P?A^0Z&H$9W? z{85)H4Sz86sNf)*3xpOcrJO*b-Veof>K#;i6U7~`#~I7ilO(RT!Cx+@sw*A2+fT3) zogb5+;6Q);&c`chLR&egzn`$WI<3vs-t;=O!%AV8(iqBuUJxF3s#fD|=+I3sby}tz z9$K;_Y}(tBMPs^(L`Ar1&(`Zh zyd2z3-l~`nS4kx=$3;(WYoPH}mJfT)e%br@`&%h7V?^3qT>BP;uRcWK&Etbz>c@f< zS}I$_y%l~7HT8p3-)P>VZ2IQ%en^qcO?qKZ&3BzcP|EE^TZrL;Uv+lbn#S26?1N1y z|5&`bUp%`pwj=+Q0p_~KTte~Zhj59tbEbON6t1qcyG`T+#@#Xzp?jhn22oqxFGJKi z4t4S)FW+spUdLj-<3*bF^|n?%VJU=LykMjvUKqslLdhQ;Z^xm@kJ496ozgV-2$?9{ z=#YFZF!|<$F3n{;eDlUrmjjLPkn$*S8v}vc;!FKyy*0u?CJmzhikSGaenvM9qeMLVvU=&a#!aZfSSyZv3xJrodK!+kyt#*X0yJesCf%gEzXEvQ z@uVmXNeAg_d+4W-T+9T);M*s63139*>l*3J%l_D1Dy1vLJTRRNHJ`}j{OR!wW#xqI zJ!$BOgan3^@@%tm0XD43DvWBoxNL}EHJDeI+R&GUO5@m^>vW?l5Fq7$6=Y#G%7$4| zUB=W8&s-(5@I`NK69q?dHXX)9+&X+v7cnEH-!sXZfmZr+2*UW@soZ0rL%MWPyn{CTv0KRGuvh^(%cKhZ zZhviJYsgaE5(QtKBmo!y>z*X^9@ep~KOY&In5|vEY_SbwcW!pryMqxCm+uet@6s6B zac$$pzn2Jgj(zp*U02K6#h;DwRpt74U9+SuD32{O#?@7IsO%QmzXm1|Liz?Z*MLi5 zG8&vCKkxLsH#i*viQphk5Iz5XM@KUQKLW;g4H9zhnZ||EbiRbfuU%AYV*5~i>5a<= z`+&NVd}(d$l*WOvJ0;m6RxYU|D%3W2A{+&=F+`hTT_RWnC;AfOCUDJGl}Q~#C1in! ze0Ssae5Y0C0I=BwVQ!fqYcL2L2kuP=#@6S2$-I1nYqCpU&bInNsC=%bpP$FIf)iH` zX{x}T339%%N&E;9b}G;{!IJhY88QIJl#9}Hp8YXE&lu)(xTK8Z!3hg!Hdvlqs>Yzd zaE_+fv>(qHsXcwoixlEtfXceH#x`s~~asHN4dV-J_;=s%n|gY;5eJ z#PhU>>p#+48pd(tjz1A(x&PQzd^1oY<)TyNployD;K4Icfet^{t}HR1uc~>*wQ~ra zOg8>aQLi5>xjr_Svs+YhsoWgoXd17Niav#+edegO9NX41q?I+S?0N1*@`kxZj~wddTcL5JJqv? zhOi8WEJP2rvtFqO-4K4*b}3iL?BE}9HT9RtiUk}yYAf9}W5K9X$F&vaG;?fp+cAC% z@hK3z@6AV^IvomXt-7>Bo9Q~Ic~0vnv*5hnQ=ssu^<4w9gx&>sAv}dKC8Frqg$Aw&U91p$8{_8Evwf`M9AkF?g_D4Qnb|xcrJbFD@TkV5nKV zZd^2SW{~}LeTWrFBoNGwWfl(mP|K9YF)42f8vCi@>5i{1pA38J9(>pwH0rqEwCHfn zzwzFji%2!Bu0?ki)hv^mhS;SFLnL$ivZ)P8V0IPqWGt!T3kY~z5vlMfo}d*ndu~t| z{_sW5Of_pN6MSRB1GftneO7AUr9;Cn?uhB~(tGEIq1vdw5kdJi>N*}dPV#!-8#5f) z=l5Qz`C*9$2wt}{nQbdt!d@ksVCN=j6Js+Wi+q7FBl6*{@3dnWd?L-c3nh-d)l6{B zyzIpGyZWH}8;he@w>PVy5r(RkWh=8-o}>=+hf@6Da*Nz{K1#`PpKVw2ra^UhTQI^5 z$(h+yYcW3ScW~eU*BtTAo~5lljqt7bHR$s8C!z;#1MMtL^BP9#7bryw(q9eG_Ye?6 zwU6ejG-EW_S`+eaGb!LvpEIjp_RH(5qy+Y8@ICwzFjzu4sk=o4cW@zUppW#|=e%eN zT2|H}m{(X-g~yo|@V0RYlQM{l-h?pdy@#6?Abc>ZnJKjesNtpdhcvzi*hxE z(#C(cF*#7SA$|JLI8H@5!HYt2`xB+WAfo=|2^E2=Yipp^eU|H+(0HZ>le^3WB>1V8 zg-uBZ_U`hV(g>l4)Ts3@;SZW=JtXc3COcd5@wJ+h>in5kuX(2f^l!__u&X-v@Rbe3 zc8S}BORwY93;Q+ea{*YV5T%{4H!j1(<6o&v&V!vik>q2snMVyZ*VZ!kV#|?Dl&QUw zZsGOZ4~eQL@e+dyhL7|t=plDsf?U$7nO_+E{{4UbFEGhWi~>f*$@Or+W!(YDX1Y(k zkEx2ns!fxl_cdEjaZqu0w{M}b<|!I~@^P`!@i1OD|cOBULM2_<|pT$0W0q`|{$*Ugw8H7{~> zGz%5di+IU{fw)`4m@3xfj%pv#Da7RgByEW8xx*bJB3kr~egHi6csjpg(dwFO^h7!Q3$m=w=Yus`snWIvD(pA+B% z-e(dA*jzc3Fm20&ZEP1(@E!$oP;tBFJme6cH-^7*UDvg?EQ~m9a2}7zu8cy?2{_*lA zSotKHIu=?ZhcgMR$N+L1O~4-H($19LkWdZf#ux9o>;-iFYk*vqHv*qz^@b**;8>yZ zCeESpZ+iU}yv4=CZ-?OVrHQA3N~p=sMF^d-StZ&GpE(2nQfKIB4efbYYm`2Q8%)AS zHGbcPtxqQlyQ)wFL*K$))=oiJjS9^bzz;)Ijp}*`(yQ2_Ef>$WpfnPe0~HbyJwy-A zejT^f9Nr-13zhLXRZR`b&+@S(o*AGH7(Dkt_hC_3gB6zQV%?xPIOM3ehG>Gl5o-bI z&D%*Wi>j9;%~ja#goS9EY`Qh!G;LW$*^bvV(ZXG|^*Uu+K{sG}Ija3g;#Et#`Q67M zzW86nTN0QSfXy-SeMS1w|58nr!aE79fiR`>osv2x{qz}2%?KY%)b2HL+II5CI!ljao6!ytSFnK$Ar^P!r4s=cU9I>UhoQ~~c@O`~CuP3~#@gmz#c%IC$`w;EU) ztlU9Lg;bgUraVzWKWL$h?LAkfCHiZC?o0Y@+_s$a>oC|9bs{DUbO995hSGA-IuL3W zNX#Ag=O8!)$|ax^eh5Qp*MWx;BPKdC#bSyg4?NN@Scdh^-%*QRs#=}r1@s>tx4PYw*N1UE$$R+keP`{lJbtZogk=m;x!uIm8hG^4DBDk1MSL5jWqP9!Hw zNs--c$C3r^Ul7Eejfk}-QYw0fS{WJ=dx9X0l$LgeJ#YvM$M1Wcdf|A!Miry_2AEwv z7#vepOqVnC?N!5znEXmciEVLg(cpu6*dhHzDoneGWeeD=a8hcTRl>~CORkFx6+(V7 z8y>x6ffm{(h52tWFeTXT`i>PA*ss21^2sKF!#?}rm9=-I>S9idRv#3$CMhf+^@8v& zJdm(9Lz$g~Gi4=d%ub79z=K@sLv-8+d3ejLMa0i{8jop-d$Qi$VZ)W0@V5<8$Fs zH$-8L^1W0C@_7F>Sb_Xp1#>7?GA!x7Rr{{d=#Z!#P5CXLiki{|+h zv?1<@bY))^pM0_0LLNW5mGW2Fmw{e@4Z*vW7JQK(8LWWc6tj{8j0IWDJswYkXvpar z9PliDF&;>#=3>I+lc7+J8$49#y^?Es@rnE2C{@M+J56K6A`ac@7bdRKt5;@yQbz4$CZZgFZ!a9v zB;DZ1c>_g65CVxy&aa)9Pw7q`0pMG`SN^NFpXF;xi0-z1f3&y;_q{R+T-QA8TNtFh z0zV7NO`Fs&^?qw52WKf>X`T_V#LWCZ(p7>tdZoZx1Qr|i_Wqkw#_*v1b`OedkVkPL z0%!O1r&@ck*om2l!uI31CRSnlUkBF9)%4iSxxX38o-#p_VwnwJd6E|GII1WaZU?zZ z7G+`?OOs5$)lXmJmo`G-^q76Gw3)Q8?=|a{{FZ&@nOQaURJ;$E`jJMzR)9W)d}ZOE zqGdchi`vbBkyC;rs15~ z7&2IfsSU`}>Gw8u{2l%oS2M*VA`#489eeti2iw?}BoJWFr*Z`@9jMd5*vPHiw;jU*RGzihFK3u)y)M;lu)iK`}e%RMW z>fG{oezP+V&}|P%&$H;;R}THWrO3l%`RWt-rKwRNBr;SK791+qP}nS!vt0 zZQFL<`tMq|Zx4FVvp6fp?|RRPc=q1oo*|jPk5(2-Ni8_9rYR&@r^yI@H)b?fNu;k& zBED79@QPBZ2zEFk%fGLIa!s#4ba?gN819Q1`kc?k)heB$Y_n;i{1THu-40#bR8}bK zkV>l>vJGN8GA$7S{*|>_081~RTZ9)HXcdx=FE>wwgu=WPJu)-lz=YUpj;>vjmvID< zxRX9}^cF&Xx&Q{hRJauvlEQ8BWe_k~Ttn#)F^1*`1nwB?RR@MjEHuB&7L!>YlnTCk?&(3-Ie}?*j7Us_TO}l z$Wp#toeM=>7GO;us1j>(KQJ{#wCB5NmQr|0?k;5;(QXKi4nW7Nnvh#dAcQo_JZcQS zzZc$JFMf~=f-3u>k_*h(_U9b_OphB9d3ou&D;mX_bn1Q2 zFSU~EdN3fH(!8?#f{3X+1Cgx#kjVY5i&oI7KUS%o6jgp79hR&W$A(r4KlGa}1ZtZR zgPD)C?fxXw{v`Kc_*SN=$y5{ju*uzT?nG_qNd5zJ4u2W|>=V;51Feka(z(L;Rp__I z&PWCmIECsrhfvPy@$bL<1f13e$G}9m^n)J0uh)Uy?Jwy%_QzJezy3gVdW58}>D{Ys%ZrxB|nzmGL0^OWG+ z5Q{&csfxd$24B^NvmiDQ5tvzj}9a`j>&o*`VzO3ZTw&Xu0%tP4w867hKX12+lkmH9ah zZU_7|lIX}BtIVjxZ7&a~NUs=X_V#4~{@F<6kBYO3q)0FjQeSG@08+| z=`7IZzh~&182k~^&q>bZ2&G9MlPw{Af7-V&oIe5iBHN20Pd#`y+T&rnMm1R=U-#-# z7@aq~L^lF1FnZLIdMN~JYzlYKako>+l}X#suOcAnlK5MmCrCCV5^ybbbPgSOhbwKR znZa7-jkaF?M42B)noN^fWXBfIV{HQ*4GmcbF&?!ZEHzF;Y)abwXXUJ-jJNnn8Q?YG zv42q4RT*7RsXYazW_af-g2zanF7@?xHM`c*d6VS(6VkUk_zDD=S9CrVf+;;p{WT4+^CugfHPcTel7L!7Ya2rl*9siCg#myY6y%n19g9pNagCT{V)|}rmlOMOoQyiQ^}1`7bT#~OJBZtX4k&* zK9^DZ8&S}pM}*Jmnh-HR4Y3S5Y{0RJMB9ANyGk)FkMUyZk+m^qdi{zlnM+lL0^bBb zeoRq}znS0Y-&sHuRtC$n{~ZY>ee%8xO<0Ok|~v?&f1^?zI z@=0a3Q(T-XT4BDq!c8d(`_t`y{xw_Se7S(v2!(>|+FX%KAV$sqhPhZsUZa4u8 z(?G-&`X(<@ri>y7_PZ&b;_4?~we=R%2~}TNVF&}6EYNy`QeFHkqT{4p6s*?|<2d}? zhWIH)Nd5S?CL0AVr$#9VqKQB}hAKr#b>UwUMJdNEs`o7U3bfiO{x*5%6&5NuY|d$cMbzQriov z$rFL18%cd1p!~dFZ}LXlt*Cd;nh@@E#~ zhdxHC1^&7{nP$B93k)Gr3bP^-xKJ0np!zIYbl|d=H*^H;Tr%yg+M-)8I5pZ7H!1)W~6f4EOAMa7Ec-w<~Lqsp}i z1D`)1i1rG;7)@%LTJi8ZFMe-pK0uF|0By&6C~Li4SBNA-q&*MwYPr==yyZaNfSl!CtX zpO_Zdl?r(4C*-ehEH-2583NfRvuR|=a(S1+z84C0e`$GARu!7bi)kDfY=6VK)kv=I z-X_~78hPd_WiebvHVLF);$$mWy+lRJ{DVe@R~psW#qSaVzypf&Oj!@r1U-l zCuJXNI7Q>3d2)4THS@g;wE*3@_WEg>gr2(QyCDr#^ii3IO7FM#SnnQQT3Ke_kB!1& zG{Dd^SM$$Q?J-p8V2VAhNgyGFYDh7lH3xC~VoDZwNf#`L;wJA@^w-Uq6^W5AtV&ya zlRNc7B*2$YjoeP_edHd^ev;B*MezIEJ%Kk`g^b+KHN8vM6z4CFz!9+_CWa1)wP|OY z9e7LYx=l)Z$Nefw=hsaSY`NZYrudbxu^p`&J` z3by)&$&hZJaCMF*F_MkeLxs@u#IU1I2a3_ybo9(6A~MjAXZf<0)@GLMIX#^BME5A( zbpOET^1nT`tt6AZoGZHlIK~kdBv0;=E4ZJeOps{v_=5(?Q&V`W`TU%Tw1s_!S?7j$ zvPokW=>T>Y_|AO32?2IBUFy6inv2UVn(jz024@d6ufbm7n(DMBRFtNbU{UjR-?HJq zoD)Vp+hpjB3mOT6vE7J~?j|}5a!oc8V(5QXmgFCFZ5T926H{s!^*#4!fz^x|6EsDa z^QK|dycV9dr?ZyJ3T<&>vl7{)#`PtRR2LySs%Ler_Gh_A>2GbEw9ME%=lxzbDS_x+ zO83$8wB(1QwgCS|1KLg^`PySPp%a#H*6pUiLv$<^b|cWt&XvGT``k<&oXG+woM zubxzpp`o>JFM)xlX*w7*)uT^E5bEPt8o^S2VDIKWVAST?9>kdxxE49mEHZ9Kj7%jzf8n=bwSg-H zRzxH;0rEP1aEXy&6p$^zC*l zJbMN*!yM-X*o1yK>xs2gSc9};7Nl;na$a27(4H7mgtreBV?~~%WmAaDZ!@Kg3XVVV ziQ_UGt>wp&?{-;_g*o##2<(^^ViU+xa9Q`N?{zYt>)@1&WqW9H2b$!BPl?eLeSIP^ zD{Iiww+QEaEufQls0*uzBbk2U0j-uqXm?zVXWMUa`yfh-7*N?K=;!V)Q^Pb;KGvD` zO^`yWC22;2$NZ6vzcreKXqcpjjlJ>i>P=ZrTFA7cuM?J{IHlouKzNshYEkx1U2N;T z`i!T&PSY&Zra~<8i*$hJpDbXcSln}L#!PSP>_G=QnP%id*8PnW>J(Sd1_t zs#3@hL0rLPYjDPVAqFRNZ$73!!Z&ZIl(1q>D*adCayFvuf57Bgm}^B47_`7p!we9$ zJwI1H9ox+~#CVQM#G!hmGMeb{Ro=&trVORt?z(BZ>MU5R^9X8w#6DCZ~3MT#6Li#tC5UI0PJSUY6HQs#l?X_fSM=~ZgM9Q0{SI-{DvHup-p<;Xc1 z^5oN`1x81jy6d=ugD;rh{W3kUD^M`KIlHT>nFvGbjQz8f-d4&{sH^0+Vj;kmP&XvF zj=Us80n~HvbE?h0-+p)HUrN3|=apBIzG0ypkibS4@&bcmkEbPHt!zK9!pA+FWuPSR zmA%qkm?0;hd53}XAl1cU^_2u|BM)Vjm4vy`*EC>W!iL43jJ?fnrZ>0^Pr2E<7E<6W z=heMwJr<}8Z~({+T~{XUgQ8XEU=YrO&*zW4ZF&-KguWaE*(8nhf5M){rF_6Lx>Qy=#1=!rfeC(TP9^% z6c~Vv@|{4yn(=CEJ0V{YKcl7O+E*qQl{Mh|3}wTIe_XG%Dm%PA<3;f^|7x4iJAm$` z4{v1JF6zp;!z6lO98uUTT?6)P`H%Wk92pyJe?`Rsts+=4Jw5clLdap zuaH$@zxiSY(edxddZwNW6%_aNe7i)yn7KY7)K~MSvq+M9S*fmwk>ov2d#NqENKBwnAMWRh~M0c~l3oQ+feD-%PG^t{@*Q zMU5ICS9n)CmR0$7>k7W+Z;i$7E;D{9AM)SfebpA}!0%aaFzYLIcrE7(#hPvlEAAs( zN8*aqhr)YHj``s( zcu30K=}eF+IUOkPBaqft9z`p?@XNnmohy z1_#&0hGI#wOvo%HY{`NOES*b!?A%X^ba}lloCrbph$f*Y#F5*P@u2<$s15W#!i`?E zBZt*E%6YW(>peyJfyA$tvN(HUHf1$3N`t42&8 zxrtSvWUE=tuE}6b#^9M0X5#w09|o>fHOIBLU1>MtIoOvVqHtkZhR%B3JBEX>aZW1{ zh~T-l|5l-yXbhR9}Z<1j(+Zy!zbgHczUidD(-bDPar+6dLR( zzc}t_37bWIN#Gl8>mYy0=7h5DH~F>R3kc(66Ie9tC*UzD(lm1Jjt9IAcnwknX}|`E z)pt%vE6f;4@5K>r3fjx*chxHHlcuE%3h2^OqOdSUy0TRtC~vG*uY*vfEB+g@SAAkl z(zaR_FgeU{D{x{YPu7mD2q=F|=Q=E=i*^hBNu2t-_dMR4^>sT(@F=)~H;lb#kYEyT z-LbVHb1c`R3r5!?j(p~j7zo3eJ!D8?GQN=M#?8jg)@7z0yI9CMjpkM4&n=!owe8J= zCYTe|+Wn9EQ7vtBrtDZD5{7K__+XF1Y*JrnCO1P0^&BM;r69{U5gX#gU@tTK=~mWl z`L$S(L#^F7vGc7%kVx5LLiqkjG^Il|1M@RvEYHqrm3}KC zHzX!cK2k%kT5juzMTp=vd4j$FEO%E&Xb8bCgO5kzaZp4>0isL%K-*aM{-C@oBsuUz zk|CV7gvM#)08smTs$s{B@A^>IJu)XsQYEWI_0$p0&6FJmur;e$!9R8)s9~9IgEbb; z!0yG&LAUmkc&HPQkqci*X)ExeTJMn;GrA3Kl2PNa`GoHllW^;FnZ>z6MO)^R z4xIwPJu&Fxxu!S-ZZ+ z4lG}*T#Qa_lkL+5e{)6m1)PaD<;zf?tEaFAt2OZqrmpn3{QB( z;qh2Deizy&00@&RAbBF@wU5!G=uDY@JfiPs_eoZW4nf{IjRtNV_nyE&WtZj0ww7!X z**_NF{y{qG*j4oD2njy9!Q`uCM-HE5VYqQZuYsUdUo)7Aa@ zOu(qWUX)QVesOJWnQV845tE0ND^AE|Bhd>yrF!)Lr+Uu@uenc2=j(9tX4?U|)BO#M zZjJcZfWbpZtJ&|UxXC+FvYJgq?AlDQ8#x*FwL7IM%f`GhvrO=IIZivUgpSnJ6K~4% zM{Z@3?Ij8A-jTKS;v0QD8C038ot>mX?~Koo1TEo@a#SYOcqmG$lA7sKiLhqgoJbHs z^B<7G;X61n{b-=4%W`nxyq|Lhps0}S7DX7Xy|jT-v=(f=J@C&U$9@FzHayb_<4ho$ zLFVJ@e)*o>?}Rexy%dZ&_unB3-yIAUsO%Gs>a?HCnA#oK(84nJ6@&PJKO0=&!XPy* z7l&BJ{x_^dP=e1*XHlTW@RgSWhe60yNdo=b>CGuUS8U4^K~GCYLUtYdKkV8M`;NwVOy_X}jCx2MtIyW#KL z7+D5}cJD`fEe!1`QN^}}PB$()iAU8|dBzZmtW9;BKb#k@_SL6Nq=e;4+w3w z@beRQ&L6%6_!MT!F+a_1JwyGeA9TwS}ICSbqoSgd@yLnz3cSN zN(JyUVGORTi&)3JIfq0)8xhh|pgm!u-9}eOK3KrpwjX`V5o3e@$21zY{~?Wrk@Yvn z|I3{DO~Ce>{lBtl{(Be=J0l0jf1+sqH(@m1Db8w1ThA{*=5Y#qV?ZQDA=h!&HgP6? z@tBz4XV<7_*N8w!=4VOQ3hf<5AK52dCtPmRH|^V&-)+2}SI)jYmRFuNmS%sISkwk- z2uujf!?>e@vy-I(07F-nz&=1$rBzyEBeGl^B`j=RDs!+uDBu#8&xMWv0tW}D7Zscw z=ryn$*((#9M{ki1Xy+d)@iYG zd6m87hCBzw0AlDB)&<#3Ku7e{Wb*?XMb0^~vaGPOfBG+BG4YEk-~Yh|TI=h0 z$$d%xlOA}f59t1>1v|X~i}9uRyQKYYLAd??u7Kfl7l#tpW-Rf|J?IHgcs@pisqI4Z z3(SPjgAUGU*RKa!-5Z3v)r0WcJJtpwP<3nKQ}Kj^%>lNv3vmacA(Wf!i3tzI0ib?Z zp4sjL0fz9yF#t(!Bs>7Q`}kKNzQ4X z`H8<%#oUMeA_nRnI!6e?u>FGQuYmaRw>x0MPYLEJw=c#D95Yp2}u@0{~t_;kzG z7MSPD`FdknZ2{dJYTnNA$yE8>{_tg_o}mnD)7$N^^^Z=~9TL-4TZWLwNX;BDcx)GF(|1}}!&{Cp`}^B4W}gh*nEpLc z$uuHRw3JI63xO_FYp1#RgO+66qz|#EU1ca%&B3EaX1$UR6&(?|LVvrcR{3)v*5a_0 z415&)(f*HO3xDTTR;DiN{Y^$T>(iSnkc(fxBUibQf?ATA$pf825Z+RSv0Co7W~Ui& z8Gn64N!If1F9ibnsqD>%?AN`PJ}zMI5dLVy6qTFQ8Fa+o-qym+GS{A|8~1=KQ0OvK z%Nb@(ZMyAsRiT7*K}PVQh1mLE#;9mQJu&G{z{KZ4ofZ*TI5H7X@%hCK5_-2`H_e!RA)vCZtW=dEJS-|X3s|@1%B{8^?eUQrNb}3- z5zE3$M1MM67dZ8_=}YLSaTDKv3t2m3?t8mY4&<4HOwzLbno6?oT={xq{i>4G(uUQc zk)e|Qc*!n2C3%?&T!9CR^J~r@I_-a_U>2h;-w8Nx(&s2rJAA&?6Xg%)Z(tu zqko6P8bZxV$ha3+KjJTP!(VIOwWtD79ExoyMi^ukj8q@@*v-0YDReGnvf7v7iZ)@| zsEU*Tm+V%Y3Z^Y}hLz7hD~L6&CRG8QDu5S?dw#l+7V6U!Wn(I18G~g6%5&&u>iC1h z2lV*nz+o8W_~cXnMBWr(4=lsdy!;L^Naq=DW9Nh=&nrkNr4&|YpK;+Ajgn9ye2R1S zNr~W8K8~9xy4pDf=b|mA`uZ~?qK=RTOiC~8G@T6OT-9I}q0jWU@ z&dY`+WKsiu`o?_9qQhpya!Q*WovpNq>>54c1O^{g5oPyV43bO{>vWBaY-basL>bC1 z?z4gr7gPi6wz+&u>aa>*64V}!TSLjjYJctUF%fU$-Yr(_jNT&8OZ{#pq(UwH5E?^3 zSEldLx{a@wEEN*8L%4W0!zSjh9_|hHK*UwHMFp)yMtz%iq3UNtI7o0J5C_{zBd9)0228bw>FdO%p-@jD&j39Qod7q$CKLJwy=^ZfR@ zDOz^*#OeZc))c-{xLZxEyk?`aZOjpVOP_-rS+F9($!asP97qc=4GY@N2)&VJ3`Tz( zpY^mjLr*S#Lz@%Yd|gfmcC@zSk3D+~rY1Nt6_shc?>0GkBr9Ya^^MXM#;pd>gAgE6D%thc~{hMwZ_O?fox6H5B zeavWWtQU&fD%Y+_!71H#`d*SdXyDC_x3b2*lo?i&rkm5NvMg+mqJXkM^}+C$?4`b| zv(q8js)8@7Cd8v`{V)8?99~TxeqlQgCv2jBS3>J%LWzHBnJK1_thUX!^O4Jw)dy57 zir3wF=5aKE!cqTu=L5jOO-lsmZa3#lpcG0oxDY`u54YwM!gPG7tN}|pi4Xm&A_h`S zj>@mUjHQ)5GJt12c017^1E)$fGj-VL)Y02anAw*=K%#iV^S<&P87#QYF!tebrVi$7 zVq<{k6~EouoW6tZSMSjrcLTxvJoHr?PGw_?tqH52`Xar*OhP_!pHJkv56woB(2jor zv~?6Y355*t=-i>s0X#iBk6Dx58HCIi{N@7&q^B`*&|~2&xo{Ulkk3EIgzwJFOnJU2 zG#nebwK9BdZ?tixYQawD&u2H5u`2^|0UyYR#8f7Z`{xhCHx=!^Peag@@9Ys^%*NTOSvFcFx&-m?m^~WSUh>RSPU)+t&N+ zwg>$m2|q0l*$&K{&ACd+lgJ_o6B4=z`H7>PNt)IeB~B)ccjEKOZCx%?zPOxmJ$Wtd zglz;{dE~UWqRHLgDSVrU)-!EC5?(sr9)Wc^LCRV1)~Y&Q^Gi#01j&Ry?7rO^+(ll+ zzao+kJcOuM`!1mw)Wj>@KK5#x@6~*uDeu_aRgVur<3U0GAhWzBQekjDb?EFH41xj@tKq4VKK6-eY z(pD{+;EH&#HpV?MPacv8Jjl|Pj)M8wDZU7GVnGIWCgzt0TD45$GHJ`Nt56u#z8?mC z5ou1YjhU7~byeS%uj1TJn%Sc;ejbB>6GIwAw>Nw1KR^@mIS`F_z@%MqOu^@Ai6R@g ztWZtLE#9H-E|b%CbS9AStfHh6N1M@5UXc-o+@IM5bOTgUZJ0Ne31CdsIZ~*X7@jlk zXHP^?tWHru_mq)oCjR_sD&?0==Eu#|^0^Ws8lb@lPkHz#XiCI|<0-Fh=$@@qvNcuk zl7pux<2eKw8gl#=7YI1U`qwKW9W;-DrYVN(R)HcutjhOWx=G4cWP_Jtd`y?RTdDV! zh{rW5wX3ARyXp332oJHgik3G~g^fS%Ddq~NbOO92%y4b$tRsNz@e5}oh^4U5{;V5^ zD9*G*Lj19y5vGMtHSgfrJt0MLz)C$qcF8Q(oxO1H5j}9fQ7C5O)e=0q|}${Y~#^`I^2{98#e8s2wko+V&| zpxtUzG@CriMM3&hBIUwQINu9$JFcS+AoDb}TN@!Eh_wBeiEy8?)Xywp;kA=zpP@}%qxs6+-O5kh?!#rE0mUQ#8nxVVECU>d;d-JK?l<6nA_VO18Ld|iQ2Zm$u#afSzU*GC!(SV zRfs{9URz#b4<|luM?KQ=ZLmEccsD`GznJY$dGFG+1Lsjk8!;9p$S6Nq0^LA02@ROe z&Yy7ZnhqQ@MALe~j?(hokAjlC1>fFMNh+t^))SwCNmdRh;x-B8g7)!!0uK&4{pQz= zW(Fzw%f*(BnItIcam=*zF3)&mh|eO$?w`gcl`#J?gVZ}T)o)0HK9on5AM0i35IES* za!S?;pTB$;4C6InLXaYcWHI%v&h^N=Oe_?G$Co*=f;tW|+bzC>u^S0$G9tNs`*q}` z5j*?gQUAk6I5 zo#jgxcSILw5(hh4A#qb0-&c8xxXU17d{|xl z)P9*D98q`oZ=FccjlqKMghu;bE})Tg`Y(UXR%Frzii7(6mCWq|Et_Z8jeGLOF|EYA zFm;Dyu#G}-t^H;mn4n_p;Zc8es7Gj+DDNexf#wwH{#cOM)R(S)f-Xijk%K$~2WlS|1z%x?_zd ztdvo0d({b31v8OnHC#4CILM8)9WULsroxIY%m+ zQr_`!;V7DUGe}ZRk5^+8Pt~o#ZD!|n>q3q*j~XNQQPKQEk$ivencwt2L%3?B znLq|hJZ|@XA}WeR1>7^@M?HEcE9Iq|uY0ELE2u)F;9AV}ZmDrWbAN=^$Un=+Njdk! z$_-R}+>uxS5qnW5JmbU7HObXQT#5{RG`{`Y%~N~!d7UJl#z`}|)$D9uc&$<-pW2#e z$$+6%3l)?f%7G9a0+Uqwvj=uM@%c?L%tE?3Y^5c z-iE}UYM8TBd`Mf$E0wO^=A)i3I)Ko7T#zyGV=TJZPKkqdozhe%lc+7)T&utsao=gT zOYd8l-1%FmYC_zlfLl)+q$jC-7zBmR_k)ZF#oq{u@VdInQA}NEadi$M1Q73t*%I09 z$)+7mPZKQM{kj9IGn*zOZJ;oap<3N{D1P9~UTx8q=gy}CAXOgo1tbySHZb+Z7N4rA z@QzS6)77rNk|>CbFW!{lf2SGiUT<}fr7^^IU-f-8CjS!4l6LQ93MF6Y{ZVt&l@N{_ zGH-QvJsKnAcBc98>9+0yY8$aHKyNm}ug|T@V_YxV^r?i0U?c$}{#JayR9P5RC;;{jfA*0pt=RR)QPg9D zcoOW8FMOabz)X7ieF(+!GhdGjZ-@lk;(VEWn$3Tp02V{s#pzKEj4VjKzPbXJJj|V zrmsW?iGXbK%fTAugJ5QZ)C2LuE-_ZvOOdq}PHp4dt6iW$jOTsE5RKD)(<=;D46pkz6Bmjp67g%?C=ie=Z`n7El++r_VSNm1aMh z?-wz_tEC1ctd0u`a*4UA->Qyw#M|9*b!xj;mcI05W(&@0;<0PoXzKI%0|FFgpECBm z!QQ5-)h@kmA4On%EFu#DMdtVdPnKST(DoTAlm(P+7ET$dRS#DA^g1O$jA zA_cmBYtE@74SQHe9h0nU4tJ2B0xGGj^EGgMkAGIRC(*itky_n{GF&%W4b_Ew81UHH zW~qWjaSP;pD_m>&HqEU)p3Tka3NqLs3aSTUi~h&}s|dF!Vatx*z3gYmbS|5|)mO%| zcI2I=guQ3?ny}SuQ&0^prBk^CPpS!l^wa^}X}q9wk?Y|J>T#NtiKL?o`j{5?n5_%vJhb!FnQ~$VIn-ud6cZ&TUaV+(gQy_6ydZ@!9U8k+(-?^Kr9FY zTdXhMV_}SJ%2lHwWb8l2ofy=nw%vL-WXWc!#aHm$M_2*Xh5P!nN$hBhM&+!RrY}OT zsMkl;JYJgX0)!#UxHO9t8Z=P0^IG#VB{CPzdI!I?XA1#7C~Doou;`VsE6x+Xf-)TB-M7sc2Lr2nVQZsq0@lt-nem&Fm zO~jN#KMV{z(BIjS7kX^C&MtlpR7Hq>;i@u^`fp{%%r#$h{OI&=M2h8R7bOstZ6>i! zu!&I1FdoZCdAceh_d*>#2#^@t_+2tV1b zZ*A%<8!hru3+`dDG%~DDHur|6Og1agT2zTCFP!m{_5KI%_S@DjQfa$~)~uoWT`=3K zjk%Og3!Sca#vm7TAFP-UO2fq5WX6+<{F1hk6R;6fN?RG-}jaFUXV>sfbibs6)oRkyv&Vc~cp6 z`xDg16l6%^_JiVnr&KCzVC+I4^&!RR06KR8Aqs7S!Q?L}@L=v};D5|1dU@azzTd%; zY~+PEE(P{Tv$e_(>*`d~Isg$;qK|t>9%Za6F!$DFV)u#&6&mw7E`DcLPQ`Nvz43#( zn((}^!!2!|jZj=*DCT+3kI~5+kKh04STP|BX3trxPqG1bi90nuc~_13&#RJPt8%hg z;PIB=2J6=2i>ap?f;$ zVimj>-1Qat{R$@i<>EhqoxKSW6Lc}6ch__M-%;>c`r)}u{6SOn^39nMW`&9d*BwM z=w&cfmxWEWIR%SMWx>GB=u_4{u*qy3g<7aVBs@pSQzc~zMY;bRvwdDKv)X*lLB#28 zJng6Qp4X*#nq2FYAb3Fzgczo(ZX&Nh_lW4{Ka;yozoD*@@Y_(X+w^VtbSzwlX4n-e z=ldf1uhd2vrMG3F(n6CZ6S#uBKYhqM!6w zUA)>SD?l&cx%Q$LaPUfy{H5S1gO5$)wa=(3O1USkMTbGbAh_)7Z%{qtUX1+=TrP>O zF+Mw)i|g|VQBblmxXh4B==nz{6V9l7Za3Z|DwI@gUlY@6lZooHdES~Ye}&>Wvk`@A zJSEDfTMrd?s;^WXyAo!b385;8Sjo!UB1uzd`+P=idKB0xq})F4f^{F$>=#WNdr)xP z1YBECWak5`nk;9?*1R4$>U(q)S(gK49Q{AD~!08D*;T|u|HMWLFm z>&b`j=4RW7iipzn3X1bL_XL-4C=FEgileE^82!eC&Jaa%k*gzFNOu$?VXRl67@6k_ zOdaRjab;Ee23AyjJ0C~76XI%Xd1A#SA>;4+m$_!q@v&pJJmhWH z)8-FI#sE3p|HvP3{15!WZ^qvY|DQkLU}E{N(|_j=7#Ua?nEto?fvdC9qU8#!_B^B* zLY|YWt82?607MXhR;)C@Zys_!dwz?QcI#JwpOfza$Bg4G*Nw(bhOf`c_Q&?e`bxLq z6tx74w28f>sAFDKAxKbqcJM#+K>sC(50FJ;Wmcmj-VT@|AP|M1WP+3f^iKDUPY;dv z4G)7e1oFiL9tEYbuuBRrk1b5TI0K>sVS4)}CWeBC`@m~K)%gI&e3o$_*cUgS_wXt) z0GFJes}viVpQknuZLNG^fYWTjBfv~tQWT;VqZio>O#1{JydrH41jxzv?w!|$$rEw) z;s+%U22_2658yP;CmEOd_2Y3wXrdPv+#1M&390w70qT$ptQ z=tDjQ2Il}Q;cD~ukODC@{38!yWhcOm^iKdz&R}*wBgOlWK3QW}#95b(Z2E zQsBl=ik=67XJfY@VvmIpK*Zl3q6t=oYGP;%OU0u-o7r6IRuQT zWLzN2{{;_@_YIDNhr#tiiER83I02wX*H8ctflOm#d%GaMR6y1yK{tR}6r*v6X@3vA zHsXi%E7}cEi7Xq2(M$Cf^a`j{kPXBCM@J&;8-vu2a}l}#DlSp>0kz}Ygff7NPm}-^ zRWE_ra|u~U4ed85{)!4NLNn(jUqt-I_VxcXeg8GF|I>VcvIkOY%0Wzud`1aym~$79 zqidIi92dTU;%__s3H+CK51WJNl)c6qhSEMgxee8>I+;iOU6TwmK0Ap9>;%-d&OHWG z49*?&bLd~q`~y)ZC`(w;mOg&Zw>J4JIrsL&zFzFeS??4Y0$-&uZ&$*`j$@_@YBtZ^C?I9a~k#w`&KCeCu0K0 zWA1Y=^nCwy5Wao&PS?gvR7Tdu>^C_RM&3YA$@tJW{zZ@JIG8m^I~sqC@1;LHr-%*TO3(F(@A2T%#wjF_Mn>R|8f4Qq;crf*{?f+HSynCo=R99qqU#+- zz8Bu4lMpg{Fn6B2!0`iUR>!6{V#dbE(wx@(Dgi4kKVK`TG7?0D5ngmY$5w7@D>Lbq zot2J?;KGUAc7f8PY>B%#_aOQ*JE=`lqhX zhp*T|k$f)Tz#74fU+EiPVYeyzJRgC=F0%OG%YW*DvRfm>PBPszuJBSt;FE8}Xtm@* zN#|pjvW=5bg{jG;I@Al#gS{+aure}%^v<{)E*+wChY;7NbB`Dh5=?A7O1`{IJe5jU zmY@bC=^`&qk5oe#bG8yhiXT}n5LyBPg%=}zOz6s{v_X-@}#>3wZC z?;`?>^x;ymwhoEPzOz$NiSAw4b`-VfC7Ivu$T{jAG?5loR2Nl2mx0dxvRnL|9p7a9qa%tU(!s5@1y*-GuoMPqTU~1S8P*A7qi132j{}qSvk)#L-swi zTevLwZc1L|mxv^KIdcwl8ALB1lFotH+l^sfj97I|^w$E$;27E7Dam_h=%cVITmXn< zjs$C=Rq^EAAYxeb$!*LN8M31Dtt~s71s66Dq4!!DcFN~Xv=fIK<#Mh^q!PQ)EjuE? zy6-dnE)*R)3w^3n-;qvw_ybObi5A_sD&ya?o(_xRX4foAnV;rc|Ol~nJPt4hY%#&_4| z6^?I>?qCEimecjb-bvO@#>{PROQ|K4RVHLV_p6^4^7mazXf_k?{>xIx!9?90BUO8) zb^#w{0Kuz;n=Z7uYQ^k@?u^?B`dQw!U>Q8@3V79BTLWbXjUM27UoM>V?;t=2a zXPC{teoCsibX4h^WI`di<-;fpb^?XRQ@;L1zOlVe7cv@?MZtQ`Ny$`naHW|mOQ$;t z+Z+0&!=6-tMYT^;S_Di$9c-pxH|(4dPlg{^T0ocWyz%RQbJ6ZODYWTn6et4<*q*0|plWZ2-tP;Z4 zqFGR)Hm@gUc!aSdcfmY|#h*bV;ynHGkFUrkRv4=H4Y{loBNU>xmHFKj)`ivgZR#`= zLFPQHLwYSdMVnt5o0pp5zK$PF1Vh^7##f33YlH!DX08r&1UQ)Z6m)HY8?%BvscN(% zNehNs$(a({B%36^tLBkb_O? z*vOU0@E%+y*_;vKE%kcSzas05{ND~j_L~=*cyQ?}uUiXdMQf%;+!UAl!zAntu&N4@ z&X04gB`N9vZX6xFIHVo`Fqdl0UCEVNW*h8YX(MPAwTX?&(9ImT_l?mG&c}W3c0*dv znW~n7+@cKj4V?W}W+Viaz*zP_5r76V=zii|Hr+zfHgC8X>tcI5GPcs6w=x~~n*209 zXy9JkCs`>Pf493176S0?>Vv{MC;S$1-SWFs_E*mh<;l!#3?rN_C(qLSh_a{V#K&e- z``x^DOmsooWGVjC+v9v-IpjVE|A`wv586;La1Y*TDJSslj6~A94K^eL%HBf9li;&m zwMOBhjA`XT$+nQn^>89|T+mV*3wjFr=v{BHF#ah7I$7-rk2SfuM%B}5UISpsdWP>B zAjD2xONC>P%K6k;R#$c?=#?~6S?=PA+6;iyjs)KLHyX5+3y~*;(pyU~KfsFEc@o2C zX*zmuqoiSR=HATXi$*k*gN$h~X=m%%U!&`pe@ItW3pF zam>Sa|H!(U$)Ue*YR$uXx}mX=#>()^2D+h@!D}!8(Fk3J;gbxl6$6D3b?S<1FJ7*4 zEaH9n^LVfZ4tadLc>voa&-)+^@t8Fs1a@wAAtwy2sQVCMMYe$>o7d!{(hr@it+N*o zlSRX;Lvs1Hq72|2Ol+Vxz{b{MLTK~I#0{`G1aV6?6`pLetfrWEjW1p?EfvHf1MbY# z(Mu%TpjWxq*dwOwTqg{WPSbl2ZD{BD!y6hc^1c+WZ8%}|Zq1F*D&NqibXPu+ogTQI znAHhlT90L(Dc&&_v%g%x2kYdYiLayHl`RE5j4+r2HwJkVXKZE_RzkZ_O>!NCSu`Px zlZON>Ez3EPqO0#rt;XC|6&eyRnWM87N{ zy{+`A{wd{P+-kgOi1X-%l>$?}7N*B~SejVWfZ>2*O@Ul7yk)$i)=Wh43EOExQ8|zh z8i_!qYKC52qYY86T|lzW1;Z78Zr3vcW39N#2Qp`j!*N-t$ASdIQSvQ4`5rN$!j@Y< za4f;x1dUzNTGgd9a(~c9sQJJMi@dUS;^OQGIHp z`fl!xayIPInm;JaL!Bon^kdr^+Q+%bsIEbROqjBzp6Fovmak{l zXCA~~S^(E;iX%&)zNW^fR%*T|LF6r^4CapSg{yj}Yu|$$M*AGw$V1^SC9f?u{!3ps zfvXbzqSRg3H^ufmVeo=Z9OT?5u2Peh#PXo+a&$m+ji)r2t?)Qz52kE);QJf{8VPZi zfMozxDcq+C4G(U+t)a#3b04*?(~F>Tk&K_XeqfT5Bq1%6kCij#RKeud>Z_3<9c(!W zr`3wQNzmL_QU!lHoNwLKU;GrArebR#xvKi!V1&^NsQGah@P3=o#F>-$c&B92KF!y1 zvbt6!K6A_fWl*!e)C9ntNT{$_tv6>|T;Ry8AI>dlyJJWzxeDRQyvW7o#V*5mPzQRPl1m4~iGR zlhPO0MrVDp_DK^GSt$9pyxr6MilEOFCTmZ?GOzmNd)mtL_q{gng>r(!=*|Y~B6B3E z@YL(#S#tab^V%O5w~NWup?3y1lpCY6oh7zh`m-z z$1!vWmB7r;<*T2F!ItDAOCG6snv-!c6*00Or(ZbNkKwzqW(j?NN2)*;=s7)g`=r%+ zp}Pn%xWEFM`7=Xs5nc6nJ0=2)ZloE?S*d1@4C5md7ty6-m=#4k?OHsc9srxw z$J!$ZFVaw?%@#GIgbmj2BI?F0U^c22s19^XtEG+mThyH-M^#U!+`8c|G`oSa&^i&b zWb3f!vB)Uj5A};SnYIFRm8U(7=VrvG-shdT$Ii7sN2;-IQ&cwAx>sHYknNa>k2V|_ zdU%)k=$a0KdtE#F6Aonxx1_nEM3WiQLLxx^yt+J@%VP@iA93pAQZjikWN$>3zUafwZ0T0naOiQn%ngdw zK@=XY#)MOOg$du z4o`1E1!01B;x3JyzJG z)bRTy5c|Q8Gx;6+w407I+Z4x>R;!8z0VYATllbW`q_qk9t7op>si14Okr~d*_YD}D zM+X+_{XZF~#1|N99Ni&#fcPNfgmvzL=54rahGdhjdzV?`UnHf?W9^24=g}!H;(F~3{iZzO~*zn{* zONIOR*E)eWQlzSQL+^~Bp&==W##`%^CLXz2uz)nfoK)G1%6v$W-$=3^Ok-kPAq!#q z!=UZ+HS5r&^Bee6<2-U z1y+jSa)$$-N0RJWvKTZT6aFPsENb@=4+YFqouBHjzfLM$yyjLPLmtZ5kU$#I2M(7y zF!*Ca0hNl&tHdjX3Ml(S_M|be>*#74TZu= z-%Zw<8Z2y_@M6y0YDL6A*fX&Kastr1bV^xO_>dAPm^-pvd)t3ly?4}bpHy>zc|lAs z>TZQ_dc~3JNtWc*zy-&7U&fM3K`rUZ^cvD%rlgo7<(;Z&v(5dZ;r0`x+O^YlGmaf= zT92aoC;c0n%$lbs=vgfN^QrV)Bzp76JIMv(5>Ojt$Dt9LDJdw(+GvlQ5mkM}WXmhrCCx|!$f zozl4;w0L3Wuw3(rn;Thd!@bJbw$3{yK_<71lZzCe`ryGEQ6$K6904!)i9)fVBX`@u z9y&1CQU)cw%{RLh0!DAY&0LmNT7G1~vJbvzI#SKI{XCbRd?9jm)nxr5xq;CqN%{t6 zsXuIP(fC7xx!m0n&z3Wcz2OfmjFIb=OazH9-Q1stnk@5O@3;B4bjzoHrz8Tmv)xfTFyWt2@IPAZDV(t0Pnd zDZ0lmXGL7r;TGdkCTQv0A8m+YVilU^6D{OMbX8-_G{K4T(r}k5{(7Cm`lGTM4$P0v zyhhAOw{G6i#^p-nRqAxFSqvh}TfhnSc_FfYPj>8_Ik3n&fG&fC3@Xr;$1-Y=oABmQ zr8SPk%rw^`F+1OA47wZnN>$!P*YvP7o^EMQ;SnK6%%nfl#?x+E4RmCElH9!EW0b9} zJlbyCEoW1}PVPabYj)3IFM>J^F*B;rsvrNeIS322##f*kuJDj z60bUFg)j~cmp<)}yxzri>(r{AT1QG9(B1NG#VNp7eme_I2LzdHZ@L2{A&IvrLuY*J<_RWN=2lojKy_@Fq>q6U-p2INVoW3SG8?&W;TqWV#3b-u z9lKkhwQ_D5NNLy*qFk2H!YYY(Ey+P79S$h^7`=c7iC%Q|QlB#-ja6ZV4O_G=K4$mh zkHFq)E2p^y%Tl#WIWX=Hxfa6NChyPIGRbUUa%fhYr*|cS_AXG%@NSU&Z9)?m!9M<> z%8IyKt+m+giuQ=?_{avaW3{pi`Ucs$DOa6zY>(%o{}VHK(J`wE$&U@>v#PKZOazNq zIN7yp^HP-&h;_FxoF3i2fGwsqQ`H1!&Isyl6~c&Z(?Pp*etP$|Aw$`KIJc)Ijao@u zGD)3HkzaX|ekH@FJJ6OPQ_|b36KNBjY3R;9Kv>#{*rumOg>Lq9(Z`Db{hjn^)kGss z)EdqMAJ*VFr=FNI9!96?!Of=4k~hN{^Fr9}lggfI!aakoLa1xe1h>$IKU-z#V`O`1 zprRpo{DPFG5*n7TkLtDWW4w8aUzY>msea5Z#Dsi6IR}t!w^)eU?DYqRnD5_2Ii##2 zdS8;d7mK&gz=51Wo(Y9uVTv){g`ap{w8I%_H79e*q^0*Y`7yKly z15%0S+7*Ggx3#o546T<}Bp8>EWg5~zqrZYFPl_s*(6gayv2f24r&r{@X;XYOQkTbFO8 z-fpqhJw(_#_a;L6qe*!M>H6{t>~qO<&++ZVyG5Yz4pWrvd|bgmr5PYJp9w}*0~ z7+QbCEi7qg;aDFi(oRmrZ+Ep-^U8?Z&zts15h+D#QJp;Aod)FJ$;udumeAXl__*d^ zr>Cd41`Usmji^7yO(I?-4Ex#eOn&H@3oA|J$4|LrZmIK1|FAu>9Vy%vt#suGz>>Mj z>5%>fHsy(7j<3N}dy6WWf}BOYb-ptxTnbxbPqL@B^d*Y0736UvSFVS3$G^0MoW9i% z^~OddoI{Wi59s{lYP0A}Jd*0>p=C$`p} zD%m?#3F*}9^-T5~Q`J22{8yMN65ugS8`nOLCB&p}oma3ogAp>8W)kzOF;V0Af^OKc zYa*F2_4(W&2QWxdNsnvpZmlapWL!o>Ia8F4igO;;e+RZMu#rD6)WUP^qLynwaEHU7 z-gS17U>APq1YavLbDp-i7HMcq#&UHS2)dtG7~$DF!)n@Mhlv>%7K@AqzRM=M^uxb0 z0j9>i+4J}Mt+z%p`B8T~Tler8y+^9t9u{}rK{a?eDN@MSj6$8l1h->rIW z5}p+D^?JK5GyW2+Wv9YEU@)DhwbvqfXkDn!wk5e{vr%P{v(OyVK>QW3H{N#NGZuF9Pa z*^p+_yvT^FeZOG*z}+Qj;s_Oy)?PW>4A-(+;H$L3>7k1NeEMat+&@H8IVRy{XN{Ll zUEc7?UC^^z|gp9C3crd_b@- zZHYZq6Ah^sh)4%N!;071H|uKcMD*(#vE3~dhLB}gE*Z9F0gYn2UWdn24eS+ z!hc;XVXQ1wYeq58?NqHfqzc!T^RmgG$+4X~#g_jjD}02q7~&3jUZw*FKXaH1YhyJa zjXbNEu(=v#%Z4#k$hx^rZ+y&JFTHZ`Lg)^jdxUW4gza&{GQFBZ>{Y!Cmiu%ndwhN6 zrQOQDq6enoyY#1DM|C_*C6}RCW0Vdnj~Ps@ei_h@?I#7K`r(o+@57~*o0c#BRG{1H z$SwizrP+*R-gUHDh$bS98O?7v*SVD4Or2Q0k?Gd#hlUGw?#MRw7xon!To?PI+s80n z`x=_UK#hF4v%SfTn`q@~W7Wl4 z_35su_PJ?D7t6ea47h6b>@^A$T1j&uiK(AQCHjZER`Rzv0xv5^b#9NqCVX1&8@)AN zxYto4i3Hu2mm7?zq^~_fw)`jT^fb7&tA(JhhT4FZDBgW4{B$TXzOiXGM0C1j5nwaA zzOnI=rOn}&+^x4l8MM)dVVOIDV zlPn-od8>@^Fj0H{A{E@9Dq%%VM_aG~ttD0Hs!MGb;Hr>&r277a6G}Pw(50YR_ZcR# zO|bgI_}n)EaH~;#w-jOBVep}tn^4=I;G^4~S&-C{XCZQJLcHDfk$TX%E_4 zSJvdd8^LC4X%xw)lh9E%Q zgPi#9a_wW_F*D`GaaHyHXY6s*1it!=2j(pvV~#Ze1Q#ziIJ)q=$8afi$w){tv{Ghi zo&NgRVjWhXgoCi5X%X{cT}$A3rp<%VhiAH=WRtB&p+T>VoWxBl{ka_5gikA&Y2Qd{ zBLoC^kMq@hYJ8+m6IxiVWm;6o01dsEi3V%M4qwTsRDF?#^ZcuL+54CqDLQlsy{?ZvTf=SVD-jMAYb9d zHcSHJ7U+4nPYOn}B~62lZv)qXb!KsWqPY`kf{<@RQ8t#CGXl#U)<4F|W=E_RZdMiC zRoJW&N|cFFj13><7#jpvEZR6Gdi-msr&~3^DS3st@Oxi4s5Bnp>$&-9ln?wyPAUR# z9k}$1SaZh$fvfxe+n14dl8DSV$Efe?>>xd?wE@qy=WO7BqSk81v8K9o^#X^aP?+I@ z_*5bCnW6Jy)~-~e|#nyg9RjnJRa7NYP^Q0u~lzqm)?kxL}KFYt&;theHSQV zQsecpUaM7c28Y`i6m&BpLSyqpdtEmD?Y~K_!^lz%3567-;c^kyr5G0%7Y14B-K`JU z^OLZ3* zwHJwyTv2Hx%rRX`hZ9?j!ng5Kd~Zapu%~hXk&^?eB9U^Nk*K2?v;b%G(W* zs-B8~S$AjZ>a5KqGf|v$pcRi}o)U>cY|I6+oae>{vqfTj8(Vvq*Nq##GgNzRJ$qbo zgHrX0xcFvA&lp$xQKt(yNF51(OmY0(f*1hqAq9)-!=w1tvCFxC9ZX)hVQxh?(Z&#U zxxQp0hhpEe=T(fG0Y$o42T;8d&=6;Wy*dTE?j;gr^e3sqM{jO;nrtqPOTZ6S#)S26 zFjIoV8mVsfTY|w`_9$=N7w*p>M**R>XDb;gpjPt3)flDakDKfz1G$CsKBAq5_ zb*S?ZKlHlke)$uRj=A)I7S_2jdNNEf#YxG4C26*Z`9%z}1zQ0b7N=9UY9!I-*|dDw zq=!N$t1bw%$joJA1bwH^3QWei>;@W5rmIftuRp{X+{v%TG2@FPEMnip=)=M8%qqM} zKl>1<7c$DvM|y1SIeoRqyE zBiRvwulyDe225>Sgwdn0$vCmr>@jbS3s+K(k zaQ)Y8=W@>YjaVa}wQ1ZJqQk)33(4o(^s;YGk!<6agtRY6g%B$eC=rwpn(0c0gZcbP z0P2OCXh)lah;jsp>ITdVG3|C_L)D8YDIalk-$~~(21@>*O>jlpYu{gTBQ0cE}8VgS~n~P5_d;M8yLa|i-ShkQNBtAhxF~%w`b96){(XpVXNU7 z`}*Pp_v<}%k-ZgNixPsg^d#=)wR|m)M>|lo>o-Jp1aDrS7H??ketY_-+?}c1PQHYv z_GVhF`*2^VUb(AGR9D@**D43ce9U6wTy&3H!tS{&DHCn*lQRt-g%x!mS`^UyzX(0M zHk}dGN}#DFNt6}`4u0J9Kd$A>!cvK_>dgqOR&RrgFMb3oS*Om`g%z*G{FZ z2N%R5B3`otp=Q3AGMNp%^$Khit}DPl@4o3 z$=9!AHYA_9gdI)BY)qr;YYik`f~m&S(4y1yOfNJkBqn=pjmC4Si9U0Pf>H2iLbZbHe@W0Wm}F?Z53*)57fs@K+jQY0dcsbrm&X zseicw2+WPT7s!pE5zay2?{Uxe449}PW84Px7e?8EPRbbkL4u73`<&8p=*KVBnF9d& zebiBL0B>)#^P6Z$To*{p_^UkC%Kj0y_15V;mMHz;8yj9`yT6 zsWA5q=O$1PAtw$E13&ydx}8-$ak_J={@+uiFQ?ic2mrNTH^P1U?6y3RXlJFPd;kzp z%H*U($Tu~dMPRvy#J9^ne$30h4M3sJRP$ywObIT|Xd%j7S6}ZggEGOKEh)p=-?y;y zQZ9znxgmq$$J@rQ?5Bz)XWfpWYx$Bg&!iZ!NWrks?+y_)S6$DoW>XM3QXO}G;w4XB zV7-6ug73Y%7va27gAN?9ZW?r>GhE)i|!6A z#eroDN$!}ph&R5mXepsC|L`o;bns(U?cUF5v`*3JZn3UUdYQ$$XZpI2YNmF@_U2lS zP<6r1?_ierUl1;Yg7u4BK5CpiNKugp7qq50HUh&0kD+wgatxdGKHsWHd?UTx$2}c$ zt$GgJ*o1J+3}7ef5KPqFwNB~YcmI1t*rl*AvecfxeB1TFE_Y|pVj+-;`?}C)~FP-BxZwB(9hM&a&qp z^W$H{M;R>=%RV>k!`?AIWHgDvD32Ykt~ClUf3LmK)?*=^ty05M)WX0)$o7vS+V?xF z(jL5(qH6LbdyDpw;`?YzZ3X35a1Iq!?g*>g@oV*ANpMuk*_nj%*tlB0*;n;i|SJA3Lrif^BI^`m_L_UD9_W3_Qka(|aJ_cIr- zrE&_rB$iB5q(|#4DV5hssc^O) z<@e27lzcF{=-a94XJg%%?fS>(uv6$>BN4x!nteVMM(%e>xH zw%6TbQSN#>FfKLx4YjDcYjicV4}l=sG_>|d2Kn_YEzOFQjrQF&IQ^lT9z9z-S0Y;e z+0hVFcEui4tJe)c_mc;sd$&mDe0lZ7$iM0fd2$>kNqChro3Z9EW@X}dyIsTjnIRid z7(#nT4ar~HoYij;HCdASwxm=;Knp*8HPsq931P*hOL`#RBvrb+JE4kpw8QN178Y3| zC^A3(8lh*42@tN!Ws1D^BeL9e{MPM4)AXE%%8L#o#i}Uhn_6=;V`yJghN4s~f}+-A zm%t^0cHE)M>J+7(D+BOe4!bu|?q0@2kbo68b8b5sa=u&}0S$q?rO?DHbxEeV{TSVX z;nb)lDT;81CoPN?=pVNQvZPzOkK43k42y5~aTclPo}`bEz~aeLSaIZU_LXzUV@_$A z`|P?0w(pAl4R(pfmlP0C^9|j6SK#st_RhLxA9TZIvG$?bLghRfh4@^f;mt?=>2Apt z)q=9GK@oJ!^WJabFjbHF0H9TmKHlHh##N_!Q`Mp}Z>pe8h7PJ?y`?HSf5N^Zg(gd$ zm*)qv9eRrN)%P>fTX1$SbK^d;pk@CJ-HBOg@#&8U5YIi4_E3G_c1KXox%kk{K5Z$Z zgzrXzklVYab9-&rX?e0#jlVV@--kh3)?tznLZnUht>wb2GsFq#=1oJri)?(nw*?PK zh?z+8fzuY2(hK&rx{FzWfu!^aOP|}TKS3sWb}{Zredu<6RwY>YbVcmL+vg&NJ!IfOlh}XzKB^ah>Q{-4`;!{+> z)I{WUOLL}B@xdym&%!@M27HfNTio`iznN3n{9D|tt!B`br|Oh4AFo2>duBpYe)zd>KYS<5?~N`p)&!s?17uU0s%vdu0ysRta}rP%{YK?Q6HCRh=@}UH z6z#R{Ce-e!d~d}z(YA-Xvy`ZJ8@R2;DMZC=HqDYHI)k2}^#ie(f)SFP^_8l7e`WJZ z+`4#I;A9e(q7deky$~U@dKLSu9)ofCW&Mpq1cP4QGLyvsL4DQw*-LuM<@RmZwL&I- z;K{cED!r>7fG$QE8kn}WWKa@aO8V>HdE%^?7gP5sCV0){B{{HkB2XZBPh;>FIOirs zQF-iwP}x0?j-%tY!)bfsJwg@^^pjKJ08+O?c8ztRpyS%BOr*93DSA4d1J?p#Jx^wm z?#Ygmx#gdE9%H3u9#cpMQzzAwpJWhNxI#O6XcHZa*Ln|kWc>xa-pN$y(N{sh%1d9| zU5UWA)-#AKk5-)9yxU??4_|{0&4s>xf1kjn?~Q+^8IUDD>BexGb8(B@SYB8C*FFv{ z6cRN%Y!+pp(d{p?31ggKd5lXg;dT^`2MsG5c7J%PJJ+Pra;mil;!(hHD%c^$AjKF^ zlH(uR&|2-p@$_&xQDr*+D#E2dUCO+kOy{CXUK&eh+AOWzM!K~K4-k6~fP80{O#eVi@!{9v zs>&r5!Cdaoo4wIB+@zrcK2&sn^W)|iFTkKmA|{Q;)J`0K7&0j`o7s9Ze@L*7-bbba zVZ&m&jtAZC8s8Xyas|BzHJUnOo!a%p289b{6vfZ^O-PB)6pZ6-$2BH-lZdqpZ$^Wr zsGhFunqWhKcFSAA!nU)=kL+djkAZJYwOth(PkJw&NeCG*J=PJ^v^&7MGZX;-h)X}J zWigy}ji_$0c4*>0v0aD@j1_)}4(`trZ_Y1#FWb0m<~};2mOR&?KjH4c z`q#36R1Wrm>#!!7(z>Rynk^0I5Ir4rA@xwVg4D2xqoo^Fuo3j_uH(~-UG(M*{2Naa zMQS5aRS;kxpCIq%CUr!~nRc8XP9}{VE`J*KNE>Yb$kzLSC{K%o-+D;nrdXYq8d;id zqCRlJH}@eW%v;34FgAQl|G5}ofl4$I!n*=j{;xqO)Owobk7l&FL^7FDg*r<$@UA|+m3*fP zX`U`RW@2gEg@sf3ZFDv+9W?T@4Kp!mR$3wIw905Y)YwS#^Y8kn_q?LK$pykqCRQh*=y+s7RZBM>D4?A^yWA06+A;d|dM?&D(fPojN zpPx>kf<&vFRRLy9=3ccV7otVWBr3(<)L^5Ig>wFNeP8`Pxst*#yjV(T79Lh-y0X); zJ5C|m=#MAUxIpKKv9l$ixTu~(Ed-`N1i;keEia2mbxLebijY%1nn$mj(qtoi#ADn~ z#&?K*1xZ?ThTjUacd*}AUgffxd1%IQOl`~Hu`SDWjXNGx)V1bnRdDaF&kv1RC_XX8 zN}!eDH^o$neb3W0aj|kb{ zCR(J{$1fxSo)q@8twIfxqB-@KUCe2uaboHJCI#7acq;=b?!)gqz}~a1bJ==zg%q7= zz_2}7!Q3s*uH#1S#h&JU7SE&N=`6FVc&TPE3yL3o^p{-%9M#I@J-l2S1)d#0n!s1= zg2Z!atL`?(e77(6xzBQRSMzVrD_kd_T7*n#2uGD~nLkwy35!;!+Kzc$#zVcLpusl6 zb|mSUPeI{krm6a12+QXbg&kF)@9fja*F}(T$i+rP+IY{`vfa2F(js|vP`_mr*$YE+ zwV#&{ttZOQC{sA9eIE27h#K4Z^fGaCav}RZC}uK< z>(<}#Fm~O$ljAiGzb1luHehUMPod zL^nxgcV8%Xi=Iy3-`$-pbL@3a$Ei#`Y3^L9`x^#w6?=EdX7^ICw)jv=jYZduK49V$ zS+5sfOEq{C#|&|_vN5y?t3_u_70aEb?C9-8^9%1G%B;j#pqD3ug@D!VIBM$v*d&Ej zh_OdNJX}4nI~t~jvWrqSKNw}?D)KIvDgk8{iEh4{dvjT*mj)n2OYP5O(F$%6&gCJI z#f_Zw&PkWh>c?p_5f^>%5v3*z{YOjZpGkvnXJ`q@&HZ1t4Ff(K3*&z+{%522|F(Dj zZ$pQHk%i^IYv?GcK!dNkNKeQ~x=hVcEwC&z)hm)q)RI#u(62K6Ra9}Im6V~Ln4WWz zpq6M+q-S1aV_slmq^Fk`rv`ke_Kyb8%WtILTRa$cj)w#$`se-`2@x655&?%KPah$M z6fZwbbJP07zvp^byhDbX!rvz^0;OwfSSm2gBZ9)@mt;cnQz<<>I#Qx2DlYkdNIE%w zAv!6cF!$dK#>-C6OjisS;d8Sv@e~OQ46(70G%=&;tTqudkTGpA(D9I|3;+-&Yh0yj zBxEASYb0hD$SW#mLL$JJ5WN5*bN>eh)5wB`zOG+tUM*bjZ`diBC^cK~zxt{~;J>(eEV) z#?w|z&db5f%}`7Xs2*l(C?;DUGwowz5W^U z$w4BFb4^bz*U^*D*&pJa`c^DZ5}eeGSXu(Mt+wuRuMyR}+=+8SVfb^(yqk5x&=)-L zd}dSz*9j%}^W{y?qe4rfNBQ0T{xmxlcuNL0`9LPzBwQs2+xJqo@)dvo=rWi3wWIdM zJ^9cgSUcEg2NbzfEai!FdhIo{j8jqmP=BOs9L=96ukaMT2tPOf=$D~6o$~7$*`4Xg zTRJm+5v_9g)o3%Ry<;PhwwJnndgi6u^md8X^v+`D?$Ya7Qd@~4o9SCYdtJljB;a>4 znHcBW#y)uJT6?>xiJ*xY_G0d)(CjqOWUX$Z2ezk%4Wb_CpdTO2BI|Fofitm}3 zQLjn+W8!cHFpHNeJvU3iz{IG&@8jaqgbiws;-eR~)-+}wQbS8U;hahDx%c%bOR{wj z&O3EpHm=!4y_2u@>LMhI?5&$r&W6JBdsnymw&u%S?VM+*EylH!DVe(zmvxHrG7_G{ zu(fNaW&7t5sfa3IdhAwgby8JMI-J$m=pLex&tCSORxFD2lIBP6Qtbsd`(4bhsia)d zO?>BlRz6IPV=V5`cfxxn+eYWr{_4&lXYCIU+1~xz~zdmO-BY+UqT1M>`KzM z?Z)U#UV$^&l0Ps2r@R`*e>`1T{-4topOu6D|2sGT8&0^5vW(RsJ#zP_nmJs^OZ@)~ zX3!GgzXLn2w=$b-SQ%332pM8+1zh*(&3MU5rQsTm9=u}>exFawHzN`W!^7zOscHa4F$R1Y&o8aI%L^4*(k-i@w#s%mq{JhD(wA> z&a1NJ5u6d(>h0WasQ=)MZR{)Njdo^84EL@cPK>E6DoV;7 z$)vQJP1A!sN`$5BrQlqaUXU>y09XVp7FJFs`VgJW2;7CMUQ&CmU`^Kmi!+V;oAuf5Jf$lOM% zq}UvX+Uj-s?sa$Q(;SOdM;Riumww!84Pt~HB3GvJDvSISlt8i#a0=U|zl9~^{<(DD zcjzt#hZ!`Fn~5akegP?rF(AAT7JNBoUFr4tExJA znCs0eO=1)@s9-k&gw|0kL!f6_(}3*OH(|I-e1~Q?wDwoa?gEOe9Mz= z$~PVK6kL|3zK3KYUAnrXDbSt5?l!Q4>1MgA5s1#Y$nR~rBJ-}l;utY&mSPOb13ffk zv0<>GktMW^iDS~${n*9x>(o3`KjdGF`E2*;Y!yQNKHKcnO?3C74D`#baMt>d8esi@ zHNZyC{{Ke8!RCGU?yZMd^^$44ZZ@MqeuQ6|y?U|2TE6h&er#|FKs-1x^?EF} zT@L;kS0o+0ld?yx}o;!Gv(Rxk7y$5pnrvTeZhmS%x zmpfm4k57i^n|g~^oqElP_ar^+(VrmZU69AHURR%`-pI?k#jnK|XYO8(ad<}cI+5#_ z-om}#@0-8FUt2uBj=6lXvgRME)m0akY}jromu}ZpP^yZxBbC%^0alm4tA?}g8*#HsSh2}?Z@Fj! zlw!&HQ$G>O4%lm`{lc@W)& z`N_N{Jc$ACbLFa#R8|5LwHza`NC@WJV7B873l%%;gyf~<5D1snX|%kLTD=U279$K- z>^ECPIGbEBC;dx}ff>u=eyKcaPE>Dp@NP%kVT7E_@HT&FIQabrqt|ubW}OQHhqTAt z?CO{l^C9G$#haDlMIUnXj&R>eG9in)9gUf!nqZ`Zv{*o4FZeb%q&4_Uv6yKh19%Uq zvX2-~i8l+`%t*s8Jk#}~EPt%g7wWe9xQSr;RIGzzM=fKhE71W%&JXe%<1LNBgLh2W z<-&_kz?^$QzhB&3^Oa*Db_YS@Y5t6BPScwwc|Z?{*{|w9sDkw$4d?&dyOllcP4MaD z3@w$MZ6N7n@fqm0P-ZeG|-rrlQKUvQh8oF@*u-NQM4@}v4nIap>eZ1ZMBAtb` z&{xNv-YX8tE%^}enr);eX5S~SOncQESPxOzq3gjs_n_j zP!X_i5X(L*xhwp!tQ;h}RZtoMyG%v;2?&E?D9F4bzy>Cx>^>&~`H<6;zpw%GqMRr( zC;y6gq3MtXEidg*mgPosK^C4VFHJe@l;WdD`e?3A$NR??i~}tpp`~#sQETmWaAG?} z?J4ou>r28f{*x5q{w*`UfEWY9p4$}IufR=K77jngLA`Ghto^N)es&9W9uFhR5h^J? z5rK+KOW0R3IP{HESGE(DjgF^*?M(tK931-9GaE0T$bZ#4SCxDErGLZzQ?HpBjrz== zw+|;w7QHQa~cw)3)JXd8}7w7PbzD6nK6DO<#Yd z7PGwL+ftWDryum2SJ&%26Ky=TyZHHm;_3(?(wD44Mlk~w!yqe3NDvcgE6V5@#ug9i zGmSp$?cvn;tSG8?VFmrOw7GluQCL|FzvRAv>n*dd9B#r5}5^-oy$F8RFa8^V6bFm{w%B_IHxKqBJCE#KxOjrd|BJv?vo&kBzp zBInJ-RO#7SWFQb}!hIF<)d-5`p7eq%wXg&DTt>Q%9iKDN90awC^Z@l-)=IU?Kx+cP3?f#>4}$SHG(E2VdW16LDkkR)rgcuP{)SjeL@y#M z;45h!o|OG&l}0UK+C;;<$*)1g3sstds!es%)|r5CTnu}RqRcoua`CT9sPR!Blb^8` z3la0a(*@y+F?2+S%M~a5lt#pRqe!{)z+H6B3xic;YFP{YM6yU;H6O9(y!?$(J@`z~ zf|7_jwY@VtWsHogZ9ejlDh7k=IjLAFwNFg(=J}_FD zg490xcBE(wzlv}W_;;HtHm++*T%+^`=-N>4lVWGUeB>aC2~#XWfPg6aUbumrkwPc} zMrIzCogL}=fc3f4Kmn&njLCO=6mM(8&-gS5NH2D$v&kc&Cj>Rmw$OVd-x6_+bNX-V zyUbYLBap81q&W;B!hjRsSe%#?Nkf`_^1ZC&cH@t^yLM-*2)UZp+jc_|5uu6^c7pI`OK4S-iIvMA zR$z|651qC-89n>d<9PX(AH3qCPCMV54C4Lf(DLQw$Q6@ZU0>Q0p;3F;l$Cmrg8icC z=c%GNh<|pvGvnH!yM^zj@7+8lc8U3CQ@6N9^SHW!w~E`(ymOl$G1M3Dl~EV(Sg;zH z%PR}2q~SZ#0kzD)Lcs(33gXrA=^Z-mfW_s=Xdabj7~{NUJBO}`YZ!2lrKQFR zu5#-8!b!x=sTXW7(wgdBTnwe6aU0F&USQSmC_AYaV=CSn(KY(%zYHeTFn^~=vHg*W zvM=0@i_qJv263G>f=gbxi!qiR#k?$rRKXYRN4_L&&8H1yqM7Z zL+Qc=t7K(Fdg@)V?f0KeZ6$F-Oo>qgpGoJ?BEH8W_6>jC#OAU#hsYKX4la|S$iBFV z-FRf?rkW<<^PapU_AYi(u@uYYF-b{jmM*?MACo~SJ!k(_7Wm_}PiJ9JlZSm8+d~7* z7e5*ah5$1Mhxh)<=!965%xNFh+TH&&eztSZ{G}(q*n$@f>W9pFf#GGR9x9efmrjbf4j`F6?U0Qr!CeD!DLd`;|w3sh5V!^%vcr3|?r{ z44OCd;pDT#&(G>MB?mqnD0~1*)RtzlfO73?gM=NQ5pC!``?#+)<;F7wK>nyfg(Ac( zgk^`*Sfx_Ktx*{25@;iorDXH2$EV}2KyHq({5FCPV44?pNO_&k@yhIQA7E55T(>R z%;DUoPtz&9mg0@tv~JOR-Xz;1Ri6dgT`}e(?RTF>yv{;Q%2;C>oGH#ZI&JS)#||oq z%)Wm*Dj!Jazkb_aG7;t?*6_W-I9UFV~GhqS?-_@n~iKc9SCcoLU_nX}TT! z`)h>!9}6a~_9E3Qrb~CWqjbAEep3Xs`~6`(&NoZV`1Vq4Nt@gCWUaJQ>T&z@Bq)g| zTxgBAJ4nXN-|fWDhEbVhiKLTDH7;Z`@tSyTN8}E3?T7jd?}@}6YUpt2Zs>{F1N8W8 z?k?R9@!Q}fL&SP6II z#T(+noUgAMIfFv;H)uo`0?sVM+i$P0{}c$Aa`_T*;bs;Vmmq`Q%2skL=rBR}MehPK@XNkz7RzZ2M`5IX36a#MIQGg@eMwl-5hI=vd`X+HVtYVi zYDO&+e1Eoa9~2;-brD_%;Zc5gXfTU&lq((%i#~Jlp1y?5tp2Q7X?cqa8@r~s>QaTg zGI6}2@33!0A=x!XGT}FlF!6q9F4W<~(RJ|Qsj_uF3G?Ss^~h$b>#KE}^s-s|D2=re z%zW-HpT!Y-Yr1i9J$^CX{-s;xN5J~ z;v3!`+K-pLsL-qRF2PeJe6S@6_)ze$k*KGBk)NETH#{$G8vcsap8nHw%iWdSSdjgi z-sfNKvdir#TrWE}_6z+E<5Tp$Iz8%tN;ZmIf7gBIy+UzvH#%J4*H+Lk^6AU*=^MPw zi(hHzoxv?Fx3@D9bU7c;J2%d|72EL?(#QPKo6ob=;#0ZZw2E|)I1Zfxi&}SnSpQ0M z=~xRq{hhemt)i}*qe*)@Y53f8fcCCsm)P_JP?>JLSpAqIZYSFO(%PR}c%Xf+KGZi| zM(+H20Orlcl?Bq-!O!H-+pw0bK$&Sy25?g4Y~0G3eB;mAGt)P9P@3IloXQoR zzArOmj82VWpHd17a~Pe5xQ(-Jso1=l>-Uufq_S#O8Psp9U8)GZoH-u0M1x%$muS>W zUkS@$;c*21fM_cytX`;>k)&)&%+8DwU2TRA&D2Cr<;&Rb@Y=CBSK}PlJUeClWvWc4`(8{{2$WddmxV%Uovkf&&SCFBSf7|v^J&RcG)5!TAw_P7%-SXpePYW~ z#8izRUuu}X`EB}nmsroLTwfCbN|~b?z|{p{i|@0K2yI;@P51IR*YxkG;ge4r*HV?Gxlt%*@y;K>r# zSwKK^npp9Un34Tk6OmOb0WW#fM|@v-)gadE7DGMO&zqj+HA&x1$+L+Y#!Ea(HYIek zn@n5l6DMsU?ZV_{7M!e|NXwZ)f#P$9nZp|LAXf2k+$czm;r^ahS|#-}p)~J^X@kM) zwhZ>gw}L(%zASV-B{?1hfA9))THl1n^L{IwwL5Sil>draXEpV`B<#zR63FZ$zsb5|0V*u>#^1vr&*>R^7DM0vQJ)G!TQnvQ;}zcQ=YHvTIBm}kwRoOi zs#N1{2OVf9e4@|@pml$_NV@T+VD)y4pe>*-e%)duIvTWs=84?e9KNh}fmavspg@kd zZ6$9>g)=%BRe7!N#EIW()45s~NZ3}HSgzFHaVkbLNG0~|fU#%YF(D|*EB@6LMiU#O zctkPYw`f>oRx~UO`5MDzn>-I$mx4UclAnxRP^A=xsQDSoiPpXScG6ujT$s0m5Y^lM z3f&Y*rXTs76(_!#sDHBDlvy)IPF7x+w=xm@;rTq^vpcDytIMCZ;)ig0 zj_hBsh&M}Oj?>ABk_8l`i9}nQ2|*|U!c^B7AJ#RP#Vz$WhUEA3-|i@C|CH%3b21Vl zPbi#%ZG3c!k3sVf_by)2Gh11`Kf5%`A89`hz1!d4I$9BUyg$lNhqyi5#=Mj_a+v+y zf3&i;_PA?xO_DJEXRVWTB?B|4Mx_8z?!`;{C9{X%+nb;0#XWi}#o-JWL_*;^^29T} z-`N%7(}W#35noOsbh#t(2B)O5X`&3rB==}cKhxiicX~C@l_SPJfFaeNEIDo-#D-#@ zJY3%>#?I%Pu9z}QOWfnvgTOKJ7wCeGbTX9G+(B5rp;u_B<3 zU$KaAIJD9X5xpp|z`-}wsDe#eN`Z?6h;HLH*=PIc9EpQETM#rJz7<(A5&wzQ1lz6N z>AyJ%lLi!{#ij-dXmBW4V1Yi}vVFw`xDlC6~(wGO^aqJrMkr1CbSXkw_^U?h3my!rj2qFKQpv4TR*!6=YV?I)(C z@T#YA(&iMgN_Kf*ZM|nelf*M~EXg3LN{`>NvR=v+)Sw^mKS6n#)Pssi9%YYj2^XM8 zLZ__o{RrTzjQ|1SEXw;wlq{oE47?+#9?+=5&ljdxKgVO!V=QwPFTZ8n;8&rarq&M| zp6a~nr2qXw%$8uKFH)0knB+^lUj;#=bX0~Nd6n^-5l8Fc&0_N+{1!oa#`F|q=R{@2 z_T5^hgFH<}vpV$h&_n5#~6u>JaR0i=rUs*uW%M|BF6ss?1ZgQMJ zqlQg~I8pd@L1L9IWLP1xLNI56oOhcoHJX&^;VKPm|H2EdVm^ipfA3@a| zanbq1Llcl)lg$@tEx{2%1wZTCAZD>yvL?KPFV$R>qaCqH9U3f3aVW&cL@CN7mr%wdRu(v#ve|Q)#}80%II#N3;^_UHxvJilH6vwB z&JG*R1C?I|Uu?oj^TY;(dwd^49^~1@*u(8->e|7^OqMffBW9$RJJBQYHD>*q7wHd_ zST>Louj}aAe|3)@vUGOZfszW;ZoIwGdq3Hk?L!H+knAK`qc0zu^-dPVzLphUqlqW#4Hba| zibn4E*$nXFS_hmHck16OyEfMwKgW|3J+^**+n{S~IC3%6#a5Ud#`2zr!(y*Nd~3%& z^jF*3r{j$L*LZ<$sHV^817ukY@0S@&-#7KR8oN@(=uL;-UF`2(cE`a&Uq5aXsarrp zZi}qq&=?$kh{Mlo%Fn;sB38!^r80}JmY9$j40+tx4=ou}>1HVJpbvwX-#+&7^j;*! z&_{>Z#dht7ZM2s?hGsv0zRHDV|01=w*z+KZ6}tKWLsOSJY*Kh`Qq-KyB#1uv#$!|X%9G7*?6Yq&j-O%-FOf3wgl9ap1?p&JP4_thGP_Si>*_PmR5e*f%m3f_1U=ycd!}Xogb(b$ z;nO<{6y`Ub< zlA}nhj!ylI+B3P=Zd+vjZpiuj1FZ?mA!DD;_EX^bSx(m7rR2i8n6>vC){HWzW3 zd1m-|)v7!{{F2n0tsblRi*9VZLt0JPJH2MwH^QJOa?|BSF>ub7fK zLjQmzx@{<0M!-!SF}ZL3{qgFFIyz(KQNu6IjSw%Wf5~TD7I>{RJEh^ZcA~eb`zMyT zj=yI8VKQ7WnY+Qwrqsvd8WuKAo%c9sGMcEgm>8_1w(Pc4A9jabbR?}| z^KX=}uJ*e!5dEeuRS8aE@D)7x;+j?i{zGle((I4-I_f;>vM$FbF<@0ZH01VtiDvB~ z=u-Y>{@KINrLz3a!ONS`W3#o#8(TkaarThwn}^HG58+E+%vK+-ZE22-@3+(?Yzk1; z9mD7m-PZUY(Z|uI zq(Zaqw~Y@K%d|kJoXUQy(@f;Ucf6k(qn)mgg^nxE?yS6!^YNZ zN-lgCUIN5<5)7bEP(0ZS7x0SAprg- z1hnA@*zjrUrc0Nk5*1g=jf`lPr#3{SzS!eKzYp%8=%Fpa3>=dRT|0TkiPFh0^+9Ow zBX%H;)Cbi`C)_}`NK=_fr)THck*1>sbNJ_rC}N(IPGslg5!9-a^yr=GQi=HI_7T)V zdm3nB(vwA)f!hW0Wak)Ci7)n&BdKjB=~2Y83*>PFQ~!5V{B!dj**0)DjC+rZ=9rRm z3PA|Y0IesUp408YiMqZei$D02M2d8%=iohZG#afyPg-~piY7u=I^9cUve~z^LUL6k{%@qGdm?@7KaoDQ1Pp>iq|PcB7y#~H{xF+7y8p*5&HR7g z()_=O!wU)ieGKFNkHhegOl4Oid3@Pj(}AV%cDMUgUJ5Xd)<3Dw09Svn7YN|5qNXsiL^U%>W)A^2#FDHL z;06B>i7E`^!zIT#6mgbCy~Y(O>X*5!n3C$++T1%)tjDJkXT5+XxO52@Se>ve50yh%H5ZT9<&(HfNV;cj@;44tkM zcX5-dn2_TbdMqot`Sx?TuJ^KODUa~HU#uMZEp9wV$X+D&QM# z7Y6V*0oBQ=#D%QnW7Nl63;SQ%HSC=XXE6!~c@qD|y~3#Oir*Zr#?4<(Y0UELdFi+3 zp%>)YjlYVRzs!MUDH~(Pa2%%oDzSkMmY$H7wjR(G6P*;3K4Y3zzT2^gbovm4K9{WCWbOFiArt&WDS{e3r-LqEIbqz&tGCNl-i&jm@jtYa`C0MKYQ? zyKf0MD!>lcMmA!)TtjmWzx7%Fq_qAeJRft$0P!T8R!ZFM@at-4loRi1tA1tgP#OcOaK~FIe1c9DuO#U zuX67gJp`aqSSEF@EgK4NJM({~RuG9XPR-B;Ru-1&o~OQ2kKC((<{3_D5sINr6+KDx zZ>S^pG-TCl_L5&EN}ZP%%CiJAOj+TJRqjnesTI#jUnMdJHWkYMD+BfaR%-JfB)odQ zlg~>pq$34jyn++aSt>-wHKvl4JSRoO#8O$q{j0n|cT9i&kkws(DgxO=s5(3Ez+#z&q zKsB&`SRWCz2`nhJfe6rJT9)2GfuJ#I!`z?Rm%IQB>0<*bf$jfAcLgw~q!dJY4R(i4 zAo~aUkKP#f|0i$kKOf1mR9z_r@Z~OrW!HMF@1JpEZzDD+khTrP;Q5IZ4o|l>xHE}N4=9 zmq}x!h_C7=6=?HeEOe80<+5lu*eOE@`5sK%LC@-Fxr4|LiO8rim*}jHu_WoN_E8m* z>pAnn*Mi2|!nV@Ag3xY5g10jYLqVrYGHm4tNqIRA~l&Op&hSMP4)IE$*D{ z(8qnDAPZuD6^nf#I}OFYAOlXyh(|JV_d&suQ+7f{<%9MyGLcn(s+@tqK|Wv>H6uj;1=zEWqG;~lXZDXxFv6h*!{SF zs9WIV4l)YzwH6GUc!RyxR*es@Wr30`haE8vTcRLBg!_&YBX3B*rRb3CfC89KMW6p1 zh3hxj0T>*L`1vj^OwiqOhwQ-dN9^ZVb`#*2zKp6RyyxYQF@3+W|B!rLdpC3 zf5qfs-O6MWhaJkmEW#~n%$Sf@I025w4)ypZ$bA=k&^vU}Z|;=eGLgR~et$Z5+1))@ zHTDqw_;9hGLE3+N)gsXye81bCZ!JV)c6IS*?a~doWz?+u;ZltK$oKk(GU_jM_a&!- zZbVcCs!6is4qZHNez{$vq}bdpr0M- zgljEWbtw%AFKBUkm~Co^V==D`mChBAR!QzqnqpFI{*}oSsSklw^A}bK+6$1df<{G; zF7z*<{NF+{v#b&5UGWgDY$ed8MByD>B(OrWIE_vbfT!82l&lMQ2@+MgIuPJm;))GtBzAfM(63!)#$<&!}IUNoh47tYlu5P%DPqTxiAG*$-=*M z_5TaiQG{ZEbBVK>BxzU`!ct*NCryvdhj3-)B;oaGlww2-qE4^FztoGr#VVnqWQ*R@loNvbuCFP2!zM9{75gibuQETBHLQr9f?nl@9 z%YwfsU-@s!Pd!mS`@d1X2~K$^_CHa+3Ql?V|3>+ZC(85w6XmPnl#lo?$^#fcoC@L0 zsG$niG@mZ7oBwhA`uk4A|I`x`6cGAP!>f?2u}TI3LdfMM=r?Ly$yHhpDO!IunpJcF zB1fPFCx6rH=zt*kZ>l=7<*5~_Ex&aSK4S($wY7ad>pK$IpjL(wQj9T#e37rAGNi2OwAWh@3{(?gAssS|omCYT^3O&{6blx-@;Zfol&S-5CFLF*fhpl;DEfX!q$#=!^ z7r|I^5PW^n)0xxgh>;JZh(zUdC@QM-cha-%tP7(KnbU=m1F0_%+Ypk-UOxYmJm!8O znJ&a<_PXKgnCX38^4MONpmmnlDbdT(+$t%w9KTE~z51`$_4z~GcG7Q^)7xwgM$&~E zugcQfj@Z!6vzEv!2kO4I5hYq=QJ`GfDN<0ur6r^`XfW+8inBIecnlPk1HEG_9pA*vS zaWzHvA2&i=3a(E3@o3Il?K5)m5O-9<#ZtKxizL zTq>2sACZJQs)--Djt2K7`cD|j5uvUHOg6oYKpe0)vMdkKM0yHAmLJR@GsOtR1Y0A^ za>J97pOOS+k{N-xV1Hx?570n*0|6ocPuh4&vPXt+15Kr22oQcS(^C=vo`lK+G?eZ| zKotOU%D@=m-iG^AlJQd#KbTeqULywB92u1xo`i|s>5LmVjNZwL7YLW*cy2WD8`lX( z_Ry#!{+QOCGqj5C*?1$f3y$w8ON~dg5>l@8$lwb^@L}df+e!HYehU_HpxhhD5pF|h z6J6Jz4^i}D|KJtH(!}qG*<1^VSpN$L_nCNFyIvxoD{Iv+Bp>dY=6*Xby?KHO2wA!cuX@)&dXrR(@0Z4`0&z}>-a3d=1t0iM}Q46@~d1H z?2JSlY|gsX9LOCdIhNSh!WWI@6pi7auOHDzUt*w;hF#h^g)qcJsBK{{8@GOsu%eXu z)Rup$E+;qtrYifx>#l85y|JywT+195x!!_n8Gz)qN6_jFV5QlgfM;@Iuloe5n^ZY5 z;;9#plWCW{@9JU7|Mm1pnZ3@_%p7D4W+z+A#o_-%*Pk zTnOaW=cfje;{`g23hHnunlPh~Ye}3cot$&NH|U?yU###6P!>3Ue*QfM`-s5Nzyg+E z(3W4Y{Asd*q;S%7@|$T#NzT&SUC)F=uh(3gCbl$-SlLThhRr0vMXWxYoMqDv*vJv8 z%OV!w2zBfTm2K%sKwQnK*|$L+^GRL8g74*mt7b2~wJRqGFpz^S6)2Ga$_(_=H3ka6 zzZy9hvD6Z0vNd{3D@T430n+w6zw>;H?FdwT1&Ks5X3DiyHe&8rHMVeTS+G(*hU8U= zG|+Sh=Po3!>9RL`seS(Y)i1JxxMe-JxH>B^6A2*Sw*G^urNwK4o)g zLq4~E?ed7lZoF*Zr2y}vrEMR6vBYjgQgk*LS#(?gb5p$< zN|&jWy=ahaj;LxL(pA`cH?O;0%9MpNJq~e}-Dk39aom+|F7#zDN0-@+@OGcJ6w(xH zO&g~Z%G7*4k!s{Y0R`FBvgLs6hHK1AbG^JMRD@U@-a5;2eZnZsb&^5UVwcTt17c(&oN}gvL0nq0+WJ2*2A-upBAz25PbEnv7bEl<1MD1pJys z)yjMA)0=8n<@@TM8mX%bp&a$uz z>LsYA5&vL+oGX(yt0SBCn?%dUnZoZ@RH!w>)NX!H~U93@E4%2&Z=A-k;ArH zTGS<49@vjhySsyKZ{`v&qeCBK+{_*?LvWkEOyna+5dDGl2w*(k-1xmdL?4ky@x;K# zuO?w~M~Drx>w6mM@4vj=EHmp4^1BwlKa+Ums|#JvB|Bi@*?x1Yz{hcbNUd|y1J!4gb)2l8D;e`Jk!hTB+X%SBk*M0T5&X>$)o9WM)n(Npth?GnNmD%9)Q(SWksd_aFrZK1wF7BfqI6-xea!&&NXZQ;C5 z$04)tD!5HbaQJsa)sTTKMHQ#vfR>&|6I8%NcAPo8rmsY2uevW@hxAuU6=@`^Y?Zwg zk#LoJvtxi(Q4TSu%P;0hN#e2*%hsyeFCq=DBRyOk#@6zcJYGsHzqT5jF}7A8!`$DQ zs0j=Hnn|FA<2HdJb?>eB9vE}e)K)b(u*y?5bg#t6J;&(Ria*_YDFFvLoEXDlxr{12 zZ;H{UM-R`*d455$i{$M4g?}JX9ly0QX+?Hz23m@Gd3zZ$`FGSpamsS;{H3;kI zYBA*G4cqQIWj&y(b<42dJ9g$0Q-#kix8!WF#$F6HBfzgg=Ocyrz ziQ_%}F6DQMs1#PVLlADx zMK}P$vgsCf+X2gWh%-Stf1XskSCJ5}`i0Ic$zC=*4 zm{YTu3+aZz1s+|5m@`0WJ<_H=Vop8MvOeOOKH{hl61;>CAuL6@g^C8sap}y`ute+k zWxV;2QDutdb%Z7%EH2&jvc{xM1BIN%NgPT}JW9RFtRvZ)iZK(_`-~W9Um%;5~BNo5h;4Ykz~N{j~={NLyUJ8gxFXb4yvc)bpYYc z!^zIQlFgzab-cWGY2&*4(-c0d+p2ns)zxZgI=I$p`TwS-(on9)fS8CIH~b%l^;tvJ zX9GrxDnVCmNV&Lt6`afP`$iqgcBS<3H(m*&a9-%9n+%L2u6h#|<{} Ekg^=lZStR z8j;NOpb%!!gR!1QfD&!i^VWbAgV0qJ{u*>U~J@7QC7|i`6epD_^>PR)V4xt zUp8gd+jwutyl=ycFA0e*b40$@l^S2BMq_S>hI6a<$V`_AceuN zp7P8$r)>Dm(O&(FmpO&>CeNEEs)s9zew(YR6*=;M=QO5f&d#k0w^OYRr7j9|ui7ac zZX+{$@5KpiOA9&KTK25ha(g{eLRn35q2VxZ&`ilIDX)v@kSt2-5)~urn-M5fyx5g= z@*MnGF7U3GFnKVe^b`*5WF_5-nvFB{CxSqvuaVvm7mwNZg6HR%=m${OOC$$}z~At* zG^V{Ar~~~DD){i~UVl}?MWhbg977&~UCP{FZNwyUbl;!eo0%QuQ3t+#ygB{xlHzRl zD!)7Q_U8CFU*K*x6h3X}p4bgDdAPFDrY%Dt0X$ya%xyK40sfSL1GPCbyQ1M?knz#{ z$E%CoOT9N{A=mfnyO%$XAFn?^?{RePP|rLEOD<*{O{SOMc^XxVANK&P;2T1XF~W)SnPY&?@n$ZGwtCe} zo89)IYcMDk3&In;t0F~-xN&>_)kB2-)?ia*?OME3(6ixPj;`05vSB;@mwV|AR^92D z{se@r;J`knd8?bo&sh)W?J5%qlpnTBXT8-X*n~VklK|}MbMvS@Q80eZSS^pYwe#G= zOAEa*DSauAtLK?Xt?gaz9$7hX?!}WgAg6uy``|eQm#DVf@YSrQ_881D2BN^$llb|K$(ZHDeAHLa zXxo8J@UJrmS7^9P>CiLJ7i4o-dF8qEG+sFHy$4kVcYUA%9KkJVj?+fW18}eXBH2GG zf{;{W-TuoOC5|(fTldnvyC&iH^2&}G*Eb@JPmPbXJr6+W>CckFhem<&xe$RTU zB5}_?g7Lbzbzlg1F?WFM_5XeFh`ckSs~e3%1XJXmdGr0#MN0U zh=>J{XtNde;lOe2g#t9S*TKDLI`R8U5dbyFfj7&A2&{IHp{*h*(`TWRE4c0#?NUHLp8UI#y(Q+-J( zU=R39!{dVnXJIy@_{>_7<(&74(ae;S_xMn~6Scn!b-HC+qINGq(rt61khkW<%KQD- z_P3>LHi3UB_QH;~&IiV71J*wV=)X-nKX2U$zwSD+de{2C{wRlW{M>WxqTWgPs%D?| z&23(u(VXbXqGdpm!@Q9r(4&w)D9ge0>WaRhfA{cU=s4fH=bHPjJY=^euosRs&yC$}^&l02^%E zTU8KAN5Rym!3m+mg*q2tyy^u)1(_Pc`v{=L;CZPH9AE;N0n&#Ha4T?+>H`6NpVsQ= zfNHR$NcbBXK$trKLJ3@y?8Sg+GVK+tqXFcYQl+KPpBC+;dw~F9CKu!qS*A>B2VA8k zNe2QzDL6ZF8oqod?EnJ0KP}(UrKU?GqCc(ZNrwXgf=oWhC2~wBQNKeu6Ew8{aRC4O zQ9l360sQYTO9}qRAAW#jj#X~UVM8v@fFa@db5rVR&#|K`coXaR7LOtqh-cgb zcI?P+EiE`C(_tq7>$kUu=&N@pM1Ky74cy-mz z=vWty*EkLo1RZEbXd;-Fqw5=daj1%yS$GV z;T^y9sag6QW3-7O?u0Chl%LBU^V^>$uyc%;zRvq-eZ>~BJ)roWji_@$KGv)j@b%bN z+Stw$ z?1}O?H{RwhC(PS^agKd%(TI2@5;JEg`2)$hKJMOwanpx`(JvVA! zqI&q*?$&*oNps3UBOZFUb^Ik*qWkK4D>THx@2y!^Xg(1W)1g6cfq1P%=-uThJr_sl z-TC#0ipP$J{YW$BZIA2z{73!Y0;F@AWw{xPd>MgnBpk2RwWki*r4X?oVybQ}#*Fi( z5kYYRDC&?(M)5%Kdi(vE(es1%{^LiY6d}&L3ny*w&vh&S5RP@zlDus>zK+L>4q!Ap zQ1IdxzXqlf{%2{hQ_6&-vPpS{37 zdit;RYb2;Gli|}UKJn8kJ|Pr^sUeJx44MvRkW5Aej)RM%`Vave1@6&we=X-D!k6>e zVeVnlSWKxfcT5Np&`=VF4N+zS7EB@mxPi zQTBsWG9#MsRT2^G`t_uO2q-VXcV_7fOlj++QefhUR8%8)9K#*4NJvk#-gVtNO&$CO0^8b}V~ zjs8^zgyboVK?p!+>Imy2gQkK7B{xukBjDC2OxOy*(S3gfFA(AJ3}zTOECLm1&7>_Y z^>^VfyCV=v*b17kQ5jQ-{{=-8p%NCDSWbOmZz7r_qIb{1;yg9}!TE}rw172^dSS1E zHxM9~2$`a%5KEIwG(XoT6>FF(;tfP8`qH@(810Yz+WZC>exJ6|#3(Da^oaNT`4 z=g#@my?)txb*~qgrR{Ku;hXq&#q3YRQjzy-los?~h}Mnr4i^}OyhF#-TsN2=ZSQs|F~k8rF|8=(t>*#tDxy@OCi}snwb(&}JxbDi`xY|#VVu5O6XCA=aDOoZi z_kBUkF#*pZF*wZjy|*bLi2_vTUqNKC9>5_nSj^_%rg*4n6GWEoAw3iThuN{${oBOz z+Z6BNFcbib*|H~^f|Mjccb@gzr1;ykdL^wjJYx&PtpHrwBAbKkIW^8Vv%pm(xt6xHA>@mufkHW)CN9L?`d z7aH>CEHoe+8f+kbAM{B)mI=L93ieH2Y@AAKWa>r}>?18!q^kuqzDijvj;lnV!kWOyxDCP_>xno3F~l8IQv}C#`PO$5ug0j62V}9UcI@g zNyAI?7I8}n(k|8{c1oJYf9>PXR2i@?3=UZ1$9KDHH*rKdC5_`Be5{Z#U?|=F_&h^Dju2vda>NsILc+{*JZ=PLjqe@Us^zh{ zS~hXe{Dvk>E_GX9_(>CE$qwU-ep)B^b1yN;IthOM42|!zbSW72^>_0|ff-U!aFi zLEoiA-@!sR4QE3!B!%qghrhuep%!*-jF~KEs4|V8V5t}c#g%X%6RGAyHxr?MMx5h@ zT15l0L=n)9zvqV_8YHEm6J49U=KY2#+{Q?Y&gZa{BO0RHU^$u6fr8%Rq?w$>ACiE$ z#$&^=KVVeYy+GZM7STIw#44(RK~Chng&+)^lwjVQ8}HxzjOa~#hCs6qx*$h?*shw) zV(~b+UTD9>-Z}qK#nzqa`|IvtqtpBOY2_$Gbv^a@;qG8z!ShM;`AQi2WAyCyDCl7D zO1R_cZ14mm{4@w%S=E`b?ej3gqGcbvE>b$!=$}WMK(-c~aqY=)6sc@4d@Wgc>#5>- z_~gA>#+`hqV^4B)Lv>WHtU&Hrx*+S(7X7Hka!CNZa&MoZX{V2d@!glHY^+(QyMc&R zPV}mfoq>I(uB6D;_qJkhh6R4cgxq?#kN1xJ)^0pBe{0A8tpUe-hXt-y>-oY9mcPwnS{jT_F3CV$r$9)cD#%E4GQ$(5C=jyU? z^UQUI+4VZ*w9mKiI)Mn@_6M!B<)|G}~r~X*OxRU|GuvnS+^x;^e-v{AwsU|b* zsbq1&P*?{7s5ZcRBs{hl@u7m$8Vd(_>$K3ioIb{DF%aF>1%Z?|Iu!0Dj^YHD8zih& zR1%nSY^D;Kl$SC}tY7JUX|RrI!B<R%A~xIbEqx8kaMD)S0OQ1A6g-?QZKFd<^L}Z*~;c(^VF)z ziL^`SJbfUNbM*w7nQc$b27!0gd1_wA5O6ki`TPg%-09`)Id7P4cc14AA+!0Oy+(2j z>v}57@(;3N*7e#7kTVsZDO6~X-DLlY_H9BPJv7?w{}t^@XtWy>+o_?^Zv3xkr!MOJ zj&{R;M!WKNw5My5`t<1`*vD=oKC}?!-!X1Hc7tZZBk6AwHKf(J^YfF{Qe~fy#<50~ z0n=l`B6K2$02 zVs{C#6c)l{dxx>l8~2t&^_!Oj0Vt+;?~(6eSk`;6u&WH-3kf&gP$Ya{UigrzG;wkY zNOiLvd%Myx_Ow`Vg|Nc9b<`0?l9t)=ZsPu38rkFSV0CwT<)U0rrNE%9xBi5l*QNFz zuW*By$9VO(^e&InANAwbgX3}IG6OH9wikn6VjvXakAnsH<6*}AU|16Xj%p;M)ac+; zT^@J&T>*X?K>922rsbY9cy(i*bG*Jvk9&zX``aE(0HG^UV(&!)H_MW7p zq1A5vvw%n8t)o727x!wGavzdg*5HFS<4tpi7}}>#RnwAt4?T_n(1$^{OLTOk%dX8g zx{DGaO$?dpY`EDec6aZsFlj3wA{|v{5a_wtgFmE{c?FxUDQv0a9pR%u&2~aaEYhST zqiMb#&%Z8DZzn2!+s?IjdT&>D)}%VtHr9VV9E^-)R<5*+*$*1%|7sS>T*!s~_1@9! zB=f#IPp;3rEn8b*%wsIBVXVm;TPCmlWw4_%-(+_0!J%~&J!XR6F?Q)BiNDM!qXkOH zkC|Jl6!wg9(J>q6JB9eTrv=4Rt0hV#)@emU8r6i%f}U(n3Jc4IeS&{0d4DN_OB2KE zz3Vz41xRhpZPo4kdR#lSojGKFS*PZ9c)e#`8zc+SU(#9Bv5q#iPY~=OD;JDySA!sf z>LAjPqT^SP3+`clFpZv}IH$M=RpZ(A}0|*UdeZsV)V`gs@Jx?~Y zP7ewc)CN(3N})u7C!9;UHByV#)|EqK3GKn{4Up91`kIBRqlSN|wNqw`}GqZNOyl6hCNMAth z%xNARDXP{Udf2aWBV?9;DDg)(vP~=~Q!;y7qy4DbUR3g0sXe*eyF_1g?n{yW=)8~` zOUa>xDhsrS``nij&sTG3_9rSgIVJkyH$6K4{y^2=u(H2lb&z6DB{h~DPyfF+PA(Vz zYo9?4|K6DW_pYR^GfQ5p-B6Ugp8gy5w-2_z$3{@@O>e9!5kY5sT>g}CEM-Q15>9HH z_&ZG(zAvXS3X(rRMwVFLv_0SIDA?D2t;rj%`5w!4bWs?+LZ4Z4D(t=Q=&Th|Shih= zDQIq*Jr)~Zuc1YxRsQ5v*ICYPF;l>k2-yZZINf2{f4o!mG`UTVIVf|ix9gsY<3^E{tPTiAlMrCF|dT2ViP?QqPVZ7sG3a~h||Tb8#t z9_BjW?|@~`NC8_N`UB z;STM_=u$3G$68Zyqwee%La>LXluxE`6NsL3O5IgXG;}1GVq} z(GfkqzOGWd$rE*jI{@R*5wBE!J#(^=@;apb!JV4H_4frfwiX(l4iZmNdADn!BC+FZ*(&eQs_P|)wTjKx)UR5oe~ z3|BDvCG2eaVT605&FiUg;_TUTMC}#-84HVn?`wwqlO*3?*E=U0XN^Pa8@?WoXSPo3 z>)y|h&f6w=JLt?KqzErQQ@duCVv-)fM5b+)olw{(dZbScRQlRs-QS>Tg#w(ClMTUV zsvj0TQreL@8WMt>d?+OZ$}g&1WmC&C!IrbnY-iV-o=HKX>6J#1Kn68#Fy(|G@?-Cz zb^rE>#YaPXSqS2>_rN+LNT-I|@C*RqT3m^3hXtioFLdiC9pf#oM6_c-T1+du^ev8E zs*v{01;T6i4}wa zWmFe-XCxk@EM7$jqC@IT4g3Yi78klZn3psR6#x*Is!CZ1-r@q`<5qp$wKi;Je#*l1 zxwfa~PLMi6IpJdnsqbsdeDCapXbq(Dl!f^a(!xaMdV;z`IoV)!Jqf`QIdG~tK@tUYCt+vqOV{AJBI0of>_7`WQ|Kbb-<=puH za9%fua$fis=gR-$tnUZqJo5i=X8Fze>R+7q{)@9hSBCkq<-eHDM0k@PA0a$Gt^t-^ zCM#%{cfMU_QzcHGlw|0YFvrTFnm(XUOA=7#Mhd2m>} zG;35w@H><6kBO^K9v!PqpJ_*G=N^lq8yl6tLwZK4LeUTDqj7GTi2Z;vx!q5iw?ob3 zjqA?lvmKR(Db$!!LWJzYB-IlogyvqC#;hADw-`r)yp^PT zn_I1q;=;qtV^?6ueW8(0vA(cEDQrz=qh2Am8D+0&@m@Sue-J)}8T=;6Gk?At#|hRP z)JiTdFdCuN2&NWr+A`{)#S}V2;7LJEXF{yqF4ZCw@~%0UaWI?#B$3g0U+z1tNqrmQ zB0%)Mv=CGW@P>vEXO7;vQ}SGlhK68f+7PG`jCX_$#~lv&;rZzE|5DzoCC3`Hmsp^e z$^xvAR>&@hbURuEgU(m1TQ=)eN(BXs^h>)MOHy{oNN$x8$PZ{K6q-~TZU>Wx#(k#S zGsj zNea*IE2ZmhkCe*#SN8Pq*`b!Xu+^#6-qEC`0xyNxg>gNe1C>pLZ8Dd_a$QKE6OrL; zV+5jres;(vDB5Gdb%JM}m!2R@!>l3x9HU0igw*&(a{LYMkFqz-qqRAcF8L8B7(B%_ z?PS<2C1vT@Yoc6TTIHIt=5mJPrDk$4x;GJo>nrRH&*+;bDO%mqZS=K;@QEpD+rLKE z0P&m1-AbQxy@v!%P)>iDTmurR_G^ZJc}lkx#bT3eT`PYEhbPeT(2UADFusVwCLvx= zqiS04_~VBz&VJL7+VOK-cr`rjOHe9K`X>Dkcv|!-agS)s&d;TIfeIJ-HK z98x#=h+=7)qC)&>nkpuV(kgg$2sE(UbO29Y*VD z4n`+=R~-G*%~yA&e5DV_BJAVICX8LYZ{=np*hVY028f)2GM{hrFRJB;X)KdyEK#Bm z47ER-gk=9j#DIj;@)RpJ)AA_2IF@;T3|oL6cP$%t4NrULyoK`dLZ$~NecR&%<<$Aq z{d4V1yG##c24a#T6eZWmA*0|Byw(UG5+Wz-uv@jQ{TXmvMa@&mipeCSOC~8KSEH9| zD(g@&=_Tv1UX=&GKtF)3YjVum%_*>|9SihoNunV{{q)R29{nR@Q#%AMpSCG# zX5|1sAl&ow5pwMaldB^Edg9Zxuji+u@42*%Q5H%HcBGk$piiyB+d?Ko<-PMGg=LQ$ zf;5~$f|pijKX6hu!I(R*;m#Zq6`LK8VXFyR6O6II5o!@K1Hg{n1Iw=|Zfbc2uqFwK zYhQW|ah^B#`48mSF7sSI?g6?GwG(MpY|!1=ZeS z)JdLC!I*3MU|q4)0jcoAly)yBzv;)H1X7*iR|Mr`PU-7#IgW|B@fCM!(bLRE{NZws z+nw+xHDglbH+_{pxa26E$3^*sK9RZVnG3#Sx#17Tx#?0T2!bDYOI)t$Zi;Giq%5WQ zrEYn{Ny@{s610Ewh%WVT`A-JsYZ!XX-N=b6W)sEi20e3EETc~B` z4ri+&E?+CMMd&_edmHN`<<-7WbCJO7CUGHacNv`;&pqlQDJLO?r*#I>dhom~RrZde z3E_pWJ1|=F%ev_uFiaz@c-4U32xDPwhn_#+J#6%u>)l{-IBy?9K3pbGgn9p-U+Qd^ z*s3X)p8}s8%BYYCFWT6q?uf^Ma>4U)V0qzl;HM|rV;^<8_iN|*>Z3n`86=1bl>JRO zM)U0+dzwRzT4q(2#w%!KvB-kbYA8??y#kqGH@s!yITt%_xn(rU^TS#ir( z>u+xMS^%2zpZn}Vuhepu$3+)Zt6l&|C6 z*U@=8r`}ulvgdP5K_aw&d`u$$_4CHS;JFp{uI>EH;Ma8_ycv^_xXajDNI8(fT1PC6 zWeAj(B|pz4kyc?l85ojBLWAX{e}_SXt6{688?=3>xsuhym(+mRey`#lM}_@K@mg+H|IMo&H`eT?2Kow7 zM_aXY5l1Jsd=bY_%%Sk%aWxI1IG-#jM0x*sdZ(CP7LG&r(bP6z+f>g2wtr~Hv674K zqfI`X{C9V7ipaUg7Jss0`luOw{&wO`u3|cEe?EHn4AhIG_G>Owd3RRtfKNWF%w7S? z**rH9F68*(DtZ**?;V#1r=f#ynD*b6Q{SJ2uhB=vK^9{1f}62;{SNIOqkn8JehrU% zf-}NZW0jF1=QKR6o+)FAbnsdrIrrzw6rVNzuN95&T&9$6qf|zgcRka*^%%UfY%3O; z*9#JYvPECjcfu5tXD+nE@UnJUorM+n*uOWuhIhB;b)3><{$w_C*c{5PkDSiiwyPliOYCeMLG453 zD5*rU`;t5{7m^;A+I^RH=nR}Lnef>Pij*6vS?^|x8)<;3YFkj)dtO&-SPz4TcP$Gw zlWx|p-zu2v(fH@=Dr>ym^lV!^jWC z8Y6Mk?*_xjA7FbSaqN_|aQnAeRkU4{Xb!fTa%H{K6Mil!r%z^g{sF zx;UNW;l1T_Ymw+RVWu6$53AQ^aH!R?TyK!~n&^60b_;HWJbo2N<`-oaj4%nnu=|fsWf!agjaXBfW zRe&P38kitBE3PaDk#9Pl8(b{bje>%+b2sXjs}iPmghcsajJbvIeC(dOdoJd1pS~?L zH)hO7FWM?Zi*CEdy1jlULFhEAXs0nI9+VTo``W2=$uADBp(fwr@;65|>AKl5MTXhL zW-YUEyOcCF#IOPsr|3eg8=I~k{f0vBN2%k6{6R`9a&EBzla*z5Zm>rUOM3)afOy)H zAJ1S>tOu%syq+n)=SK9*f*r_{C$vZz%F|263VYw(UCVw?*6kIj-bSRt>D7>UWR9)z zoexc`>&lGDS1kD{Ea1ex5xI8170tFE<&jz4`uF%AtT(mx2bNhD&$Q(lHt8i9DUyW3 zcC?Lduj0##jjB06DGm5%OQ`f3`zot7sL4Jx4Cz2=7)dFs0WcPwROQPoczoaKv4<&R z*PHQF(+Q@0=X<<%lC>2Ywmf<)GA=Uqo`pwgc+RJ-u#nWB#~BJVrONF_(PhUT@-sb( znJ3?Z|JG2qNs)nxGe>#eLIuOVM2jKjI`>(zW@KXa~2&nKGBEvvyW)Y?we2)aJ56N_y-(2fx8qmx}p}5}U znDf3{ zMMJ`@!TPR5?qkPYfapjs5#~iXlwf1xOT8Y#<*u6gf`0s zT}_GXRqBcq`)rS>Q(s6#pv98q8RX~_9VG47M_z-Mp5QieN1`x3eegXQK7%E&O@9Rk z>Eg4Z@IzS+l>{@L_n9xge#95&w)s)*P-nN4C0Dy3nAhqzP>jO0xS2j>AKxg6Q))Ev zg9A)bbXeB+n1|^V4ISIJT|1>YFWonet~UKA^_i_`MFjGaIha-v0g~ji-yB~+ISvkd zm(1Ocu-3?RRBUQ_<2jzS2UP9a)IM^2MZw=PHxL{pxE~=%x;`ssd`-1awIfGFE5jRS z6B`e(tf$&JPu%&cN0LlFL8ik#-o5~E2W`Qn`cnbieb;E4(9UtCGc9llLQr*ig8GSn zU^-YwqbKxeZ@PrsGH3m==o{6}8uToy!tc5|7wvMu&NUY`cTP-GQz5H=(PDF8=-77p zaRXj%Q=I~l=6qqOM^Eux6&(;)9B}10G<6g;ehA#J$?b)=GaD%WUMo4+jP3qo<9nwh z|J5s=FFTT3D%R>;FsbKcdagFf(Mw=TzF)j5**C9eovq zvT7Vf_l;(MDwod^0yHo1I+_|?oJl;2GIsy*D7JMih`?zt$4&0UG7tOAN~$VoUpVxMWDX=0xtd5nK^JbpDdu+HQ4 z(uyj~`0`+)$Z8&zQvEKdzDv4C(AqyH5Ht^4k~YS%CD?Mj_-12S8XNiJs!bofvWEkk zF>LW(zmudWSWII`k#!u{8h=%UG-)PQc)4oar>W~<$7ak}A<#&`hOaSC&sL&_&sHzN z#fU4pVk3<5J12srUWiTb;4J~eU~9tCU^{Y6DeX}25@SXKX%AtDTZ;L^peU(A{i58G z6bSeNegl&|Oh=$&%!G1&%`1OUvaI!9KiV5qagUxRC8&6N^J3#g4VA{#4hb#;lI@3&lvykBEo z%LN;cTc)LpxkD41tBh50_3-K&-UOpkZW*rmD&B=W-V~8uc(mR^AAd@|ElwWF?;f?cI)((2p!0yET;9pq`7+VApvBv{zgpx&YEcRx4WS~z; z_OlPOK*Yn`xhAr%KO*h>W=3}41QJ?IMzxUJJjny}!>?DFLD+X9K7SMq`z$Jo9OXs+ z-Sw5<`8*jv`>O1O`}{(aS%xD_-KUr^#u14EDVU)?K~)pa2UnH@^t3_!mbsI}EJrv2 zlOFqoBB&6^&S1)^czw88<>fnUEMR?NT)VV^wGKTW$Ws!B*(9GAh;s=zWH{z?pPCek zbB*e#P>?p$Y%mi4&a6?1Ap9dP~x6;30phpJw`p%ymTC!NAjDgh!F14jcyAuon;IH*ma;CSMVEkdQgMIX#W)6xd~dKILqc9_Qx=ed+$I%qFB!BH0ihv79Oxt zxbw#fe!hpSnZ_MI=bR`D*6A?5jBaV#LrshewF`Wec!H%q6I-^L1AZ>=a>U8sr(&9n zkS{Uvt0rMF@@1Z;x<#C*p?pI8Q~_}-b~}p!>Z9>*sW{=N@F@dU-Vu}ogD+GSpoCK1(Od+PQO|1i7}2PJ2+9Zn+^cQ z$;1;j9%lqj4=yo5PgSgHNt#Ry(4Pj>>AxX8zai8SP}MynXS6B*bYI|f=kS+4vvA?m z`1j!AmRWHJXcDD3$}%!S{q%ux%?6lk_pFZEb+6x~Jj2X)oe%$yi69={e|Q5Q8!N~E z-2lMB&iaq<;PXyzA3tu23BGc|L%p>z{8A>2Z+M3qfzG8TSEVV(>fi3~{mgo_Ba_$I z8Y>!oSFIH-e(^40kyhi-#h`h*(nH5PRCcfo^XRhrP)y(Yw4m+GdX@cfrfDEvEpwMs zwO(k5b9J(0K@(pXLc6kY2wd9`7CchXRe>9v=M>Bl+TmPS&fRTdY1VjJBS;!8b9Cb| z=GNYcZL(g?PWn+LI8cS!G(hT8ELUfT97kk=bKE_dnpE)ci{oqrkz#F4uFP}PBjxS% zyCjJ$HI@;&sL0L<1ns9!L#;ynJHdC5uN`*R-x=)sXm9bHRHMCn-oMHmW$;pmr_f+b zA0qwHVs^sT2eBMT!R<_>@1U;O2{t*>9+@)9OkX)FJHRm6mc!4g2>) z>``{mTM9j=LHJ|(l{fuBxzY=w$J|VN?MHAp-%{!V0rz;|34`$X&dQ$c%bT1k?~@R4 z-crY%N%QQW;Bv>lNwhhr&U=o5c_mlAp2+>#!uNF%q?p`^u;pax$AH=rX|Pld@LG#_UGFF6J)9 zA2w)(ysH=yg6s9dcRZf5G15O#;rN-+A+DMh-g8 zz6oz@`#|rXjpV++R>*yy!3N|#AjsXxpuzJ4I?an(3oLYa0<+;45$t9p1O*XrakEvd zO_pLfEU9bxy;`Bm1Qu_tOwxmjA|3H_xCVw=;BP~~AvDCPsAqHexiXVH6QAKD0p_0v z2mzwtzyt0aNI$y8IRU)aXziKGCA)ka@P{fSe<{Zf$A1Q(c)9ub1_Rw> zAbV?t)aqMLvZ8gq`Rog#m|z;84v;ge;w5gzEb9?&ffg;Wz+VfxR(DkU{-8B`G}S`w z8MZd#pzCz1yX$-03`2+}ZJ`E6^~aAP0+=sV-j~gU)|dy4+xd^v%BB?}a0o_@Yl+Ov z1QPoh52K50k-R$%cpm|?lCg3LK!b*C-_Y>j;3b@_f(5~M*H1LKUr&C>(Y;w2N>LmI zxC2J8HcDkf01C5TLf+4ID~UD4;bi#P(9#OPEM3A9d_9SXG8d|?JDi^Cng%3GV#t4j z1LB*IEin%W)a(S(M%ieDP_mHN&eZWF>PI*+j-e=!EYX1DZQ_zncxvRKAbES>bxOWk zQq-;{UqA?~Jo|2pEjx`VLwX0iDFZiHq~Vhr52WXUOCC-0L5z&N>N+H(tjNse(nPK= z+eq%aI-<$@2KH1&^gqYEs_tdR8>omPYIyqE+0Um0z_4LRSB1A>sBPuB=+UxG#hc%#16XFTL@^dVF&$D>8m ztCE=%0}3hm4N-$a9MH{0%X(7!KWp*^>0upJChVd`3f21mKJec&Pl^9>n1FejzO{$09vs$#RlVIST%4bMdcIwZ`5{3X=VQiAWG)lHJD z?eT8d#HzsGF#(MT1x&w(_m?;^rbA&qe+tX9p>ZsV25#8jubyA>x zBy>ID22nm9=mlvVaGbcMeoA2D#}y}YiyYef0PtuO)5V%FzzYT!AqLjiZq&_uwk zrLsoNawe11kq`|8+R2{}@HluNih*j9xdLY>qNPyGAdBz;|@RyHgED~Tk+m?>gK%Y;PBj6+M zbBIhDPX`eJsN2~d)dGD&>x@J*n65e{zHE{-bt3!-h=1Ujp;ezw!~DzL;-GJ);A0l_#j`tAZ0AE zJNHeVF;SSnNg3sc6&ndL(+LdpVAPH%^C$}44Bl{uVh%36t!e(o7Uz<-WI{T1r#KBm zC?p6E!9Fp?oaZBLqbn_ueL_mT**J}LhaCt^iaj&YZ+D6YGIr-LB-y$=IoUJA4mv_k zBK;g87)n$*c)xc2GF{N#?xn9lg=$DJY$f@<{O!wh=Z;7?TrXmlbm!#>&QdJ9_xu6o zY8JN_XF76NOSNJFNk7AD3`rX7YU8>WRJPdT%I` zFQ^GCOK;nat*M+ws)>BOl%4ITtL8zVI7vqCPm`cOjlwZ>L*P%-OhP&Nqta^BBI2Si zdF`sTt3qIEOOTlyS>XPFhYrYz<*sZA71OCT+^`^5AYGP5u6GD*I}sBztOAiOH;()C zZ%iz?y|}_bTlZJmVAtY!kxDP@Y>nJj{Y@FlQZxa}cuZ6Q%eD_)ar15Maf2Upd^be8 zDkKrO9K~gCIQ?lNAt&LK+VqSl9G0pY*vDQv8)!Yq#}~Kg;x9g1slqlBB^2f9)@91r z@saU-bg0U^>IgG!FrzOHh|nre*sFXmHNWHb%}`#f|-?~BfjCUXj)q7n~RD53y0`g;Z`(Mupl z5n|=}Ru1V;>X)1)p>$qNc0&5NN4*=wQQWv!MrY7aisXK2;9&4-qT^M%b5IH{grXTm zwt6Mpl6yi*?*$3|kUDQ_zC+|lcNThy%I?<_BJ-uZCxrJ76i$&=!u;1z^2|QG?aTX+ z`94%erwQ-9+%PiU`_cZ50LL^9zEEheyLqD1aMe5p?K{|pLmzpb+qZbWU9;yn*(!~M zKDs+u2w14rVWCY;i}^8&%f5^Iw?I(P3r$3&{f=bo!yPQtSX6(IMf0WzH5VoHM>kB& z&szkxyXgc>H@nN=hRZFXUwRwReQogvCrEztRkg||-P`b6j&!h0@>@ervKmDsk9D{4 z%UN=W?t&hja2Qn2F-YiLu<6J)X@wila*LU;YR7Wvy1DooHP)vV288tAJ4Imy)`l|q;PG1Yjr z;5~3cD*tfOkgjKkHy=4^57$fDzH3yZTcw~lRQKf@EPwsw(|$k<0;G0!cRd+m2ZNPGvXXoKAz8lYqPXf}B<0tmqLc&_OVY4e!h z6kF%FJ~z^MFY+hDIOyX)5C+o40|*1Zr@^AX|IzM?_?F&409k1VgbouU$j?D=PB(}3 zQu4<)HAKqG0s4Sf3D>r)In!dn-JxshnHDr^zR#pRTT1JDU@QvzD@Wuhx`a>v5;3>j zo4+2^fcMD$U1ZS85y_Q21Ct7IcwRf)O#&@l|0TW}?D2U4$CSVPD-q*2VEDa&b?|?S z`3wyy)fT6_Noa4*w^bHU`b0NrQrskaTVFmO@nVpF5**wTE99Kq60>*Jp{TJ4L4+f6 z0dKuxE{}n3+(Hx<+tZN8Am(uxA69?d|@Jr0_A3#yjppR~Wva$`mA)>NX zy&+Tk#D7Rn0?+AT$q^5T?OB@H56_Lxp^xJV$oNDm^wRqDY)|2PshAi{B;rZD>mBR9 z=-5_oR$l*Buc5#lYmxNc`IZ%=`R%_(qUSZXB}PUnq+6#nv?W%7#_QGOULAy~!Et-* z89K2dpN$d8T%rme*d*Nw^OmOl9u1kz63I*?RA$6bB-Df3O;U(8XD!1?ziP&tgwZGo{z7K8y3&@%yO6&5MLjh%U%$yeR~y6+BXM7@Qhfm z>XrRJ<~DeF|6y+fHZ~5nzgHu3aQyTB!;!k})6}iDqh~5|`)XAb7h+%4=mq^p{8f@* zSMoOzYhZ`Y>~k#IH!{Q^=QihajBIbF-h>{!bu^FI(r6waaGaaE$}!-32Cxk5gpjk$cQX;zkVQmkH95I)JrQhaR6D(%JcnwYM-&Ss54!HGI?l1FcsGV_;U zvOIk*BE?W$ecMfC77bAg<0Mcs%hP3%pi~@J`!#sIX&Ey~F48=B%2c-;eKBjts+TQr zp5f3hbr^5AO7te2&aaru`&aHH1l2qi{#3a zh<2NmCMI;@F@rZpJb+hda4tQ)ErW?Zo3~=()f@uY9Fxe+oyt{q@5c?vLSAneuj6ho zX!)nLV~FK=dD6;m`lrl*Ek3w8(x*b|^^xz6D>jxp5HrM&GoA($WT}myvin9Cn1N)l zB#L3gl2Z|^$%9}UoC&Z3zWpqv{pQn3`o-!T)-&1dX6omt6ymb-bP$Am``E%$qXabavsf2Dinpkw5FXvg%}OHP{5eHvJqT zIJ4Yreug0Q9Ih%Zos!L*jf4*<* z`~`l9_PvKrLp)}7K0o>XI`{V6U(v+@d>_6!Tc|tPRi6I30mZJ|g? zxt-~sahizYms$-$H0?8s)&`7i<#7R=EGPaDh+mE`NX1=5iN8fBT_0)rb>T?hg897W z@*dUF=m*(H+tY1~?xqA5bWKRf`3o^aJ8uJ`=C-l}<8u7f4!L0Ux})ig>~{^20GXPQ zuOE8#@yHbE(#=Y>91_dTVd|OC=3n$CF0zR|)?AKGk&#Gh|Mt>rSIJmy$lXSb|MJ}H zq5@_;_KclZM@NZ==H_Dn2-kA4v2AiTkJ;C=-S^_K zT27McP=+YcRrGN=I_JrVefbDB6BU!LXL605ForF^hDVSH%74)L)Ku}y4FBfPGKTvl zE8%ZHa1nX(PIvu`qrv5Du%30haFdkvH?CQlGjH6Zmf^yGg&Pax5Zr&iOwfpsb_NSd zVh1+dA`|W)8p%GQ_as4x`+BcHZGO@S7{-1a#pUL2bBsAlbG@wU(R-C z60ky}1tSquYfOqbu1&XIB+{WgG+IP0I_7Y?tE80tk+#6nAkxw>T%5YSL z!i@I5Z{LCsBJKT%mNX*}IBSB8&=o0lie_JM*4(h6M46bRSUaSz&gar?yD)FF<%vYv zFm^;n__D}`QkkWme3<}=K5jeN5PE2>1~O5yV2<$X*UqZC`%MwI=(M4YbKnPaWBGe) zvBC}6eQVPl*s{JPB2ec+^Eax5rUPO+^GG@-kDj^{(y{^V8R$t!tcu09+0hvKFm`)y zcjX9!47a8%@hCc#oeA;GJEhH~{K; zS*^3a4iSL)xZN@8TJpdgEdH}0xwG-OHgVkc7xmeuot0B>M7^6reVxS5!m#H@gHFwR z(n{$6_IC3cq?bwG*AJ`5W16>sopqW@%0l(ezC&9jwz?GEy$LpUIbCMj-vB}^a7 zW^Q7Wlm;HqZPYWt-Qad17yjTx?DEPyJ#qYV@!MOB-Gx<$SnVIk>rX5CPcMadqi2WZ zzKiQ?jqZ{~s2c5GHm6D%iKnwXD<6zv`aK)&nh-<4aOcgboek;uMipVpL^u|Fl}2(e z&%XtFk1aSC+w3|4MEVsbkC=ClkdE4SkLrK&XfHX(guqd_u(H)rC-Yc*jHjwyZBjJS zBW_tgo;dq6M05ymEz3rncq+T&$1?btapx?#*Juyclt1+%>gh~Kx^=u(N;A9nM*M+h zqM1i}Dc;Qo@91BW;@8!9AVpGNWVDL4@ailRcB%;VBzkoWFYIo$@@Py)EOz%b&v&|t zZ}c~7M|O{!h~Fhw8i3nRA0>!r%x0Pa@5VUvyqu3})Dyp2IDVbd$q$h`{BH~&zR zWmue&Kza9QE(LLZByQvhCdJvP)bBA=h~mz1i;lXM7(6 zy=-4GZey_ZCJl9IO@g=168tB|;2envq^T<`&Z~2|ihU3>LzuS*x-i?K3E?sy5x2+B zcR=m#U#mWFm6Wr;)qQ<}>~ljZJ!6p)%fq!)S`*$^# z41;Qw5}hY=6X)HP+D3PmUk$?vI~Y-7)CoIAZ^u%q-g74tZ0_8Z!F?`&AZ&ZlriccU zp~Tuhlf#CQyBQqm2(PvYz<)rUIhMBdH!AfB#{9LkNGW^4zM?sK-5*6UW9n= zyav{5tOvNSUGUc{bb-TGcwYEnBCh+h5C|c4jGu2ww7B5AVaz7d#Mlz-<`b zU0N!1gU#BjNr?~$ksCU5Jzy!i8ys+Fg@*~-&WfUZE}1LekaTlVazqOjByXW@npF0p z(!b&;hCiRm!)BGgLGHBO8oYbqGmS^olEol8qmJaB+Q8QZh^jOMhyp$$xeEtuw6Etu z2p?Yvq$YQ{e5NUYaleiUE>F(lMNp+%tQr1h#Cy8Eucy(vPZp!Y&XgGQQjS4Wkw9A6 z!L})A2LLA%E|g4QM>wd}NIE2Y0&vADHzXVpspA{bM2wo%8en(G8;7`{lN8sQ#hX6lKysbOH8M1 zLEMT6#XI`>Q{4D?RU-sLBPZmpZc&Jem@$X+$Je|Q{t6vf0SZHc!wlybN5XFqtdhO~ zxSyAGH&mbt9FPLJb{}B1MoQMS4|wq=SH=g9u0w0wVA#MFgpWAVoR~ zC*T zw_$Qh!J*_a{DvrB=I%7UHtXlDNM6cZ)Alst8^W0DyeUsv+pBM>c9DEx6_r|aeN_|R z8cjx-)d1DMTfHDmLeDC?fIts3-`N7HTEieeu9gz(Sy2f~Te$8Nsoy5=$~L`zNl!Tc zKi7d0D&KhQXD{^?p{v~vsn~kUXClm0Q}U(ux&Q*TEVQDYnZ5>T~Bk*kGHuHfqt;t}! z0R2dR%C1t*FoV?A$Cwgyk4?L@eA_qtF0)e#RaELyF+?Rd8~eWxgS$yl=?;@{!3=ydN`up2} z0Oo3aOq}@3EWs|4T)y>|=1BhV)0j|NFe6kxg*wdz&`lTsjIECP81|++HAOW{v&8v) z$q(_`;9D4-PI6_|;Ph^mmJQMf>_^y>OoZQ!%c}G9AGYB1>OUtybY1CvqyU-XkPk*j zGNoz{_i-_-?P(BW{g72FnMIsm6zi_oO`#N=UfXp>od0(rXe<>IbW5QuyqBu7SQ;Mb zA#_8(P)C@8<8Jy$9)50-bSd8r1s`XE4uiu-?528dBlus9bKkV5XYz|x^SRX9QHtug zwc+WF1co&e;0)$v)<_HCt72)1$SXo3>hAVB{l>bO39Zf;$m|fNF9p*lAftV-&wSn5dHYcLY9H2N9KG6Ycb@RWL7r5{s#+Nau~PMZjhz* zU9DKiP|6X3{)f-I%Qdf!9vZr5;`{eow5p-VSVYvZVx@;b)4H^3d(5L}OC;#WQ`=uv z8f0|0b&`!y2LHO9qZ}+N<||#%i2qIcd-mQYkYc9~N>VBEV`HRsmYr zr-7E5YsU~E9m-;_9;osr)hpRJ%=iUEp-FFw!;V~i?`Ih3=9KsY6q&r@2sMoRj`k5A z|Ib~D2&)$i1!IClE17jXMG!{c+#I#oJVtJ!mybt_@P&U$m!Zg;IP83!F2r0q>TBp< zLYRDW8`@*@O2m-dU|tRi3lu&fFzOq3wwhUs4~n$N3O+yeOzI#2+R*>imIt(nmj3+) zQ;5}=!p9@?2rTkJR-tUKx?-@IlM*rK{8Ps`YKF2J z>*?(@t#KJaV~;yqSe;;1NQT@iY$2RHW4&U8!GU9`n?we1u(^&+xR5siZo10?*H`(Dam<;seDcMdNz-R zc2;OHx6(QeNJte9UAst*@2;qHGRI~OBL0#a_ueP@CTm}-ldb%+dsc4ir1W%3#=50K z=Dn86)1KnfDbI9D&3mD*v+UP?k7PDaN_gNEif1Q3eVsZmxS?2>y|{2zZu5h0;P(E& z;*_ZPTjHQlTaLFGJB{;cK{Ynq_?$&{b!X!Jj9>1Jx>z5=8hJyDzcJA_8^3;1AL1m* z5ma{+_UO3tYmq=Dyq~G{HD)8UaI^QMLgF8#W5>{l2M;1X=M&DOl_$R02Mi9WNZ7az z=x&BScwpPKrYzXoGTlPaRyFE9q#?0Z@g(B-CV`%oz5YrCQm%JKA;25ib%xUEo&j`Ogu}YsmqtnV7UJ;{OT{2#0 zE`bv3mv`6g#F}NgTfgs*FMV~To^4nvUHi0F_hjaj-Dj6jX<)RnuTJTAsLFfQ-@OZ# z`GEvM_p_GmT=y4LCSFpqRNso`jq7+&@F1s)XriL#@~BZ}>Gy_I66K*4LaQ)<$Q2@Sap8< zlyh10y*00}(rI6PnWvq2;$ddG`_=k7_t&exn9Bl9Mam6K!IvrK;%Cohh8`Rqnrl^i zoyK!UoF5NO5d}xjk!=xo(PM=EeYvHt!kb;FV(9PFuCo?QkxVAnP*<}#aoPv-0cnJx4_ek@yl&nf*oTK2Gaq2nO8aN4roEI={f z_=7pBQM#hjGw*a&_1c@nFzz1edU*P>{mN(kmtiVtQg{an~0Fx`ZaOpW5wxy z?nK_&@Tmr6{I`y*F=Z2kTF~;T*Jj_2`{!?U&Lo*nxg?pVwk+;d{!V+#R7Gnm#Lug5 ztZ#rWLg&GB;PNb{##BAv+G)yg>AHNrIXpc7XIj86|0dYD3kw`76HjN(&9zswq) zzmL2|etcDIHJ2`<_qG!#+gKdFr-T1K$SbwoR^M5Eq!sJ*UlcVP?BM&zLkB1M}lLZyZ>d_f!?&8JMmhlfa+FvyY*b0GPzF5D0W6hv5B@=p& zF0kllLPk5+741AiVj=nYAo~MC=7`N{j!3;Ph(s~tKkqUojp>oR{kL^f5L5S`r1Kg? z#f_ORg#Pqmi@oKQ+9E@MNK`bg>CyR?#`?yfLA7Wj?tf7iF)bKB+uWdyF_t!P)RQ0o zu%iw1fC|3d9|L2s?Ms99m($E;$;+oXLiD~6CMn9)m^&ivm2oKFWTt5-pGAd;vhO!S)XdWo?Qh1?9UNbB$D?<{Kc*q0tbF-C zG(=@W$!g2MbnqDHsUNg@+$R**q<1z{cehRD)4!sf?rDDgV_MjH&g%1HS4IM>JjsyS z0ml@nHNmnBK4@~ff==g`mxn4k2-aegTB+ynXq}t=G7UaPtXf~_0#ZL80V(y*FUeGO zKCl#3@y-%D9QxX|OrpV+z(=r=hex}|4*H(U^Ba$SS+ESY~^mXrpRsI#S>p;`}#|hHz zomDS%j;D=<14bT=jTc5pbJr8pm%706W@S{2McPAom+;2-kEr)!V)h+S8-&vkG3-nG z?sw8u_plgQHEMh>6bIono-8SvK%We}o{e>iD85dZJFVQNoxyV@tPq~sqE=&zq*7D- z_ti%`EtmU_mGd8h;j4x8_E+2K>~(N2-Oe`(y6>te$MP@tZADBR#Jn!9cv~XE8bJ5q z&6t`8pQ+nN^!W9cBO~zFG6MCD?5ATxPg{Itl;>5Dsyc-u#G-VM-ryw>@_Mz?MSVqS z@+8Uz%NVp$Yz8H#PPQJUt1V<|@J8yUMY;3c6iR1HCKT=&zb}QKZ1de!dnH-CtU=p# z9U)7X#Bkp-xtpg)T!**jdd->l)y8TCPrk=vO5Zt4U(+14xrI9S&KIY_iidlWV}xSo z-TCx|__qx@GaZc!c_}(e-j3#y|JY>ZtobKdL7uK~SnJu(OvcWVjG|igN&oa)l_k$& z84Yp?u1XkaP?LONC=Z;Y7mDIG?2#x1!$6?DWzVr~fha*D0~)pr7K0Sn=HjV&Nu z&FtT8pg)e@@ zZoGV^EJewJk#TQm71cLKjQ7-U_ZOzb#0W<#(9yl3nAW?XL{=!sZ`2)vc z?dYOH%6Zqv&^K4VQKZMnCOo}bJ4}2}>gSvBTATcS+YcsB`d6G=oq=H912`y69|NVt z&62>woaXY5t3%j(_7{%^0cQ~J{M&Z}^0qq)6^b#&N@K5@yrMZaO`YpMIaW45RM0}M8kFQ0Pt z`p2@%(Ql0Q2Cq#EhAg$x$sXsX%Pt_^1T~d2r9{Ygr=?pg&}i#ACSRKpl;4@ZDXSY5 z36f;QR4y+T{^DnCN?M$$6Ay5wWOmcXBaD3;dj9du)F6njHKL;wHubMeR$Kg86V+WhDrmo!4gx92rrZ{^(CnP`{_&u10`C>t9-tBGcTbS* zO8kQGoBfW}jjnryto=(NMSD^!Hd+IAAMOHeX)Sfvpe#DzIf2P(gLT)Yn01t~$-h3I z0&P+W!m@`$x%=iGb81mN32v>Je8lJ8YMbb(we#AxidU9bekiwCaY`aUKQK_==4fNR z^8Molq`r>9PO9zZD;a?<%#Vui=3gtW1%|x%am~X(OO5Nz(YB57Ec-@9ufTjd$1}cK zeE8T$mZ+C++jBECBDiSeKlWu8{c>KA->Nv?{yV&J;N603=UY83Tyoxgp=BZP^atK2 zcD_Y==JBh6ih2nFwKg2PS)NG|(<|}I;4|;6BzN^PYZ}aue*{H!DScLuXzHWN1NAS2 zEY_Br0u5Ux!*QFkTOtHv*IBvXhF7Ngs{~%xW$k)@_tbG;`(ArQ_K;x5 zAlz(*7oJtF6G-xkQ&GnY!+v@cNn&ipp5u(d>~0_7MTUDNA1eh&D$PnO(~)clCh{eI zHB2w1stTNVIw3F{xan%X;Pd%(ZRkPn?~-SVu%8NllrDucIy3ePhgBa-JUCrYJzuV} zdvF+#dpt9tdj8jGtrqUMhTleBLw+dQ?fY}V4YeHGC&%W_>DBG4m^D-LEkfmHUG>Sq zOPK#D822Np}8=fp1d^nE%#eisyUzOy^@KJ0Yn{A8(bZ^Pz?Pgd4)c*u|JT2$}5PfqeOM*_sWwDIpx6}p-^c`TNCpR**nissgA zY+HzXeNJm@de{1P=_#$$<%i-7HiGXqs>DX=wz4S7~(loLrK>ze!Hk>y7hkGCuB|9ZJ)}s z{2P9wJ|3>ts(YDhzay=qf-fHle-Ieo34cGOq%c+l;$OW^~`Pjh3*f zWMEhCW|Qp|G?8WOqLGRB@22p*)CYZWUN@dKm3;P0a=sD078~t$J5aC`&>3+z@89tq5x6A)1TwfjE>4kTqH|CeWg-}Loy4sdeu1$*(u zUL61Tw?5dne%OmOOd7mku&dY$^1l~PY|0ILal&34uowUT=HaS)W8eO#x(4U8~z+P}IIpb;yNtgsUy1O{}3kpeG^L26X2jkXv0Mo%0+B~8<_9O}=Hsp5;P1jEsG%SUlaz+ZO3K1zVUjQ@F_^Rf z3?=~NZumI=-$YD(9gs*DXD$gX2Twm2a*3O!nik?(0iK?Y4&L6_#WB6>=Env8T`ZC) zmzj&NA849ON*sKl2Rxr$Rz^xpQe5^ws|PB8zU#XMx^RJBNlG|_FoA}Pqnm@b5SIti z!T+wGivw5SzdB^arNpJNB0}UUD%ekqkE1&|90r&F|9b+j4EQfnT5i66{#-H$$^U+% z2z2HD`T2&=atwVKv}t-a<ifu5TOMnkex8Sj!M=MXJFq&&^3u@%T!6f=qna@!!9m zsv&hU`p$fXO8LLc->>eBt;yUlRlbopeO`a6c)sYStN(*nH>X}Zk8hb{u}EDx-MLoj zpN|0{oyIkbWQJc49aD6V--)KanJEL0L^k=9#8tmZw*NJeo;|xXup_JfI$em3_gyAo z2{{XQc~OyryxJjmQ@Z7>Y3O)&dI(h$yzGW@QMZ{cwfwz*B78EI-;vf8DOuXR?O1M7 z_q!{^nbeVAEBMLX+Sts_`=!wF*w>v*-#PI#E3)#y#H>X9;^kpoA-~s4H<$VY=PGoZ z%bXgZ>zfd?(8zU18VXSyw^qiW@|?sY)a-v%Xwsrq(muCavLqK$Cd} z>uyhXIv7F7NbUO5%%b|g(A!VEUOjs)=Jv)^yDavJL}jIT;QR04h@!Xk4bCNh@4WI8 zOT|m&N>$S;^h5g9+z;75-1tZNeAMCmY;NOh;Lkuq-JYoO(d}PTpL%w8%h1WOVT3M( zyUZ)sue;gk|8aV)A6i*VaE&C6isCEnqp&gaddb5?GqOhin=6IYR~=qd$nMm%RNgXZ z)HtyoAdaOZXJe3k<<84lUVfWrwbS6(_L*_d*%L{=%2h&r@EFry1I8 zQkK#S6?`sUMZF|=o^pFUP1B~fuF5n&1yK+)~2j51$zRc>J4$-uJV zweX%sT4{e)8;$0XL!XERV+FZcPrl&J8#j|#-iRk^KTz&!GKH)S-H%JW8tnYKBU^5K z(ffqURA}fh(Ul9tHmF4as*zpZ;E! zpFX>r!1(ww_HX_A)vSQJ!+wTDt2c*?g}6U9<22Xro^65om;Q=qKefXnwNo37NuYs0 zZz;C(dvo|HBX5n~8o%SpuyX>`=&GsQu1EFZ?+Q(d0qkUS$%WfB$v-eEDUU9!(1&95F{qnu3~?8}k!iUZwk|%a}%# z$i=>sjz$!3@pW&8&_NUZr5}fcCRbsMnUQ4I)L?{}Z>J4JCj*loNp)a_$q)`Cq=6{s z@?X*<>$iCWnaQL6;ldLbgmh3m_Lg}zj`}X`82^lGlFS&{NlsG%`DHe$85@+6OJy5{ zx$*%;#;XRycec8*3_WRiQoZPKh14vH0$q*gY_(8-cPq*({^ND}JQy7z?^P-TG-Ri4 z?r8q(bjXLp`@ORCm#Vj%``L8*l2I;P7R2D9y$IhZ%cC4|+0Ag8YB7&wrNHmtqM^WN zG-X|Q)_*kRS2>#KTKVOet^s9#iL?PFyqc6_5ODf;O1eL>B>OtOEeboOS9n|B9Xz7)WV<=0F~d=7M-|C84N@+?=htGbhydhPE}1cFQ6A4|{XV!0{U zm%|g@sEoV^)sso5|9pRcLiG>8oOAFX=(SZaR-k*w)9*=Z z9vdBR*F0Fvy>Cl4PuT6-Mf}PUke}X@|M&n8^(8a+|IBNo{uf?z@%vsD#xAbp5<1?_ zF2P(@FfKSuQbyW_T*AaH)aBw0xr8~F6`V_o3l6f4eSG|J*>Ir97+cTP2lpOJn6U3P zxU7^kU~-ahS;=b}nsRUrd0CmOu&XlaFiA~KjcZym>Y6YWuK&9TXzM=@1eQifUmzwH zPCfkr)=Ox40z#qT;^gD(f(2whe?UmQ$b+Z(TJKxrom(ys#p4mHBPf=y5icpxlX5?X z=#ZAusFUW<#6h^*X+Au(wX>nNFE)E+HDTAox%)~v@wa2rLmMFrn|dvqmY*}X?~{od zf4lv*Gcd{HcObilS#jlBZNWtId5grx{vV}+j45Fz9XWGdVwQo0e|$e}OrI6p5_F_&VWREnUH zFdKg&Ifu+TZXoJ@LJpC0mrGZG!xE$kNra?^*{E??lUWP6s@#Mu$2X^1k}`DI#ILoB z66<0%I_jOW@LiBLNH6qaJ7c4uwMYruOVoYxi6~35V9c1rKCBf*ZE!mB=obk-ase3x zk5>EO+ef@X<;tAUUUu&7WJ~l414Z6Ie{GjR?7H!~QX<(mB&`Wt#gGIW!r#OO6$&{v zE`PhB-yzmW+!(4aGfX-`S~}qWX9jr#DF@rd1kG)9{mKgcbstHMsdRePb$c$q_Sa{KCzYsM1%Zmkp#VKRg7MVL^+(z7IcVHjsu6K1T3d{qE> zh~yp=++wJtG1&M;kl#TxhmSs0qY$SMn4p3T&5aGI3|_S--QdsbbYu?3D~;H*Pk~6x zF+3nIGqR_sWUIvYgC=zCwhKW8Q0B;yRmMRbdvb45gMUt@J1ZHF7c2RwS}={Fzx@~E)?g)xL3jWeebvShhA*&Hg|>zbmDE-2M0cZEc5r7} zyrXO_q5C^&9^unC9fnP_4mTRpw=YoNJ&@)YW0=vkMu7j>>A&6rW=80-Hf5bUK67;d-X-0Y>yQjejTS+GH_Q}DR8#=l7 zNbkK%nhctmqq)zQk~kT(+4aSo)-eo>S_O5VNG=X!adyHX8pC~{V!h*#l_OnZOSi^) zbLyNgW_TQAhU51^XhI@^U_mGC5Uqa`P*>0qG8YGxO6AX-ANMOcF;rhzMdWhY!+=+ol9cAbF4zGCUk7CwYwDm%tM8D2KeLgEl4&YgSa*m;SXW zk_(&Sh4E6u>rkEue5sMx9D<*nUptlC{qaJO0mx_QLp40;i@QHnT)A%&mVW+)vnpmy z-rwkA@L73rw}`S1+K6Au<=Nv;z=)(rilLvNNWAGbI7*ndI$GmAdjArbtsgEVAbgpm zNMkT#4}xG_YJ`;x8?sBc3dt*>m1K3Sjl@h*9^Dmqm0g+`R+vX58c(VhJ(Y&xOK1bzBg=TgG zp0+q4ZA7@lSb)vn|4>z_#90-L4krUWNBZiXiFc zUG(K{;+00~SKS1A9{LJzHg?k!hm=n26W}2drP#46BmKO5ty7IKg;AG}@{jOMB7u%q zGv$#UNYP(BLTH)x00fzlcsY@GdzoE2d<_+f*iHHtPG4OqIA~u^qtodLVVz?x>Ux;X zkCBDWyxL+|V#kO>@h=%V$`b5jR-(5=1}_&frl^n_+Be|+MpE3IL%5P4Ia6M%2Se-V zgCRjA-V}A0f=MSRJUm|EZSZ@>RzjP^IkrtoUTzbKd zKLqqD2RvF0h1l8llSb-{V#I2~Le*%%A=m}at zvZoBzsTg7m51M?i4>_1OyWvQ*OOJ3h09e9E_0#yxKM`s7k5G4ztJx4&RhsCGgvDt* zjC`KPdKZ*14kL{b!r2n*mJ*t`9en@I8HZK|1eQcg2%310NE3tsqzZF1S7~p6Z-QJU zh?R6yt#_=_w$fx_(nv`woCrK}koAYI+JbM*(^tTC{}F zTrbVWOfFoHE=@T7D+%(PSFw3hNYSCCBM~3C)YdI{qp9& znsDajRZIx*7!V+ReHHk>__IchQj}Ek(i!q1eZyG!jlymdl}_n?Pr)~+>Tqk&?a)vz zotTq`d~gxm{7Ve2LtJZIVECFp-c|GN%VfmENyFEZdeGdS3;-E!ywJMf>)TP2hCW@~ z>%$EEj;gJf;)kwvPYZz*N#7ttXl&x7q1Bwl$C!jsFtll^K3#r>K8^L#{W+Sz1ZGt* zZfeYAL~Jk6_Ujs=!H)ayJ%O09iQ*C+D-!%>3xg?FbjB`BRaG&8(C3w&D~Z) zinvc#;V*>=J8itv750%AW%PC(|KtqgKrBVf>w1;Tv+SK_v-SNJ9VlkBW0)R6z}HoC zPP*%;fMP(nCJ#FensQN6MaG80o~bE7I~YT8`y_9p`ge3ry9**q`=5BUrJ5{s;KfZQ zS1S8rtJ;q!x=_?F{2k0e`<1c89BPJk_;lQc(`9^3Bq8!8K^?PT$KE#z*70BJN5<+9A}qVILPsnisVOfUNyt z>l@4P;TTIw>u3{BX~%KM#M~GOCAz+y5cKB$k8%!?|ANL~66=afU&kHaza z)U^<_I2UzFjxryXB5rdV2{M_;2}ha4UvNYPQ8p6^3*u6$QKw9ThPD1B%dA*&r+1O$ zhz1CEtNIm8q|+sucQL<+!oarB+Qv!RUPe8F-4_iyjV5Bj(!^xMg)qL18dWRzt|G4N zs0q7NY>!#|-0FqS(bS$HT8&Qc;pU*fo7%`$~;pJ{x3XIa(X#?|#egi0!@ zZCB6SVsw_&*g=`_TaIp-F3MK|vsaIe;jxbU^WJJGb!yZ*t3! zKkBGqpf*ddiwT_%iYySJ>Qg<+9&>yP0 zao6$m>QredGv!q%+1|+yU<=SsCT!*%M?>IrYKN@_&i&Co`ZPEV~6zc zlX2Arn8OI}?t(VB_Xs&Fh`oWk%-fxB4T%#yrjJ!r5wl=lPH{m)pKRP@Flhvu}q})&wD}YruD~q!9&s- z0ki{w3Ye~#N&1H(u|$rl>g!~bg&Y?-bT#VaxN*#+sSyG41jXdoJ1<#x zXn?URcXUH<3R=~aJ{WlzzJA5g@UFjTv=k~i`Jr%DM5Hm+s}>N*#<^{*>`8FINAmKl zFWj~S%L}(H!4l`TZU6G&;*=u!5bM;$`JoHzRQu**O|q0$3Ws)1dzWx-8}ztW4QG=n zQxb(ZqpbNxZrzJ@s#)LsB?nHmLG<_)?8Z4-Sd8=A$YgPT+oTi8Sbzf;exDp^r1W69 z8Y6U;i*W2WHe8jwa^blVC0LtX`i5G#)~+V$%6^l&FCK;0bj%O92%{|*Ssh+=)lGPp z@TaO^H+=7|Io|UN$SapV=W~@pQm0JyoL@kmH+K}gp)WNTfx6yWB}Mp2-lAE2RxE%kDbU^s)Q4?Immj} zjJ}Fh;&HHP9|x3lRm{Cl4q?0~1Ag2^85`UK+qm!aEXopBe+$q_P$Y=*aU=(wDZl&x zfFGy?76I@{?R7=+zijAGB&hSMrwZU7?QshJsX~bY1sERd_8JI1CWOa#e0l&#rTV&J z82kDJ*80NZr-tle%OF?R6)A!vK!D^D=-KfhFV_Crx=8#Z0&1dIK^E!JHM9|Eek&x= z4n!eA2cipAL70SV&#x_aZ=jw4;;5Rv5{8Zj_d7(3<^Ty3POa7d0*VRltftqK@e@w- zhPqA|(F;Iixeot5fI_wP<&hZ>kc89}NTnTN!7$s~s^&qTAyAv#4|paJ2tzGM0HO)B z@CJ~%3Zo{6WQ>`d6!5wuKL41q1I7nr6B_{>0$I_46C$)FwkrvL;C_(q2yxnF2e60{ zpG7ya%Q9$>n_Q!<^}mzW6x7M>mJ2EKVI}L}yHTKTQ&UyI{%DSy2=B9uQUax9W*}|? z?hVvudT3kF#X8eJYrCh|0amRU_EBI5WQaapeFp=5y3!4d5Zf@#*WX}ER9$WkdO+?< z2}-8$4;E{0gX$jR*Ly3#%r&`E0xQJUspcCb1_ivZg85=H(ESRIFaV9%?&@~P0c-?~ zXJxkmaKyG5^6M!eo}O~IWO<-=&^m%f>Ud<>0{U4y0U~CBt!o{hqZ2N4sDr>(X zhEa6G{|%#Xv|WTzI=3mE_V9)O2sxDzS&TEJ^ z9O(pg72tm&@xdrBV*GHaLj_n;Bpt$)-%in0=q7O=-QYx=C6#p~sDg{3fQi95aiHpk zLnt06v~yd==_nEcl}g#fd2#UOg9|q<#*Ymb^qP})Fe8}2@a1U@vI4Kp*Pzp_y#hqN zwmS+pFXQ%3+iyWwH_o85tk0An8A+ESKKjY0O9ycg>*s@hHyR>sa9Qbg4N`NSk|4o=h81PF`>?B{#u~nq20C;>>MG2SKY3AgN%1K&IfG#nt4= z<;j_2b*#04BH+rQfM_1zoZw!>(i8|$TlX7z1SluCR}hAiCpiGY8oIwBFl|V;iohqq zA}u`Z-4rm+gm8mgBM?c!-kSjBF&rb*U34mk%CwW`nSb#=6ydY*;8oD7KC5rr1qM z{?=xonh)BFpFgFwZYBCQEE~4HD(g7w*t9shMo$a6m*n+Wf<5EzG${6r4qH{=xd$rO z815B2(Di^~y-p)=Cg9cG)}uR+9hDf`Kzn>yM6AF%Zs#IpC&~ZnJGO3ln6DhR?^a=u zHN8%ab*yT!Omh%nIqd7~7mHbV1~N~a92P-!iJFGwi)^#oKg`hy&mM?Yd~51+f79XM ztN^IHJlhcbWf3R^T_f#NjJe3n-G2TH3<^w+g;Dh7ic!dm83h3O4V8iP#<_-cpK-1sS?R^O0Rk6m5t#edJ{CP2n}Gzh z^sh34Y#C>z2Ay9PUe(RafhMYOfllzrdzE(r0Y-k|6e0m11x_KI!9}2@(+IH9g7zBC z?Ks$rb`wN{plwqrbuh8O93kvDk~vSB7k468#KO761tSEeC>n<+5@?ty_HZIv9=|2V zDQW%|0756^`tMeNgKE$V>#V{Q<%pm&+8OesU)*dU|HNA7c%HUtFpr8c!JQcF3H`uP zPcZ3LQP=~Wnz#Fxu?WcV1POvI5bT{CE`@tf4yyz2T?*zufoKcO{mk%(a@3RVmHVEb~qZKa7{2#Jv;uHWFq`@gL`V-0m zq%ZgU0rAX8oC1J^8X!w|;17cd)kS-uVrwnyg^b7Vr>?Fit(z!;_zPBHX>cf<9ovzD zdF;6yXlzd?9~{hqvK$$uRO~{weNgGa#$YbWKv?ra{8uMf%VVBnh9Lrd>?naa2*Y5@ z#<#xpiDGA9K+F)FD_rz@8m@;O)8(E~U}!*-j}^yD!FaJ|$F&!3b~_&&GJyT)PVr(> zqLAA9F^~r5;i$=d&`lgO#pYa4)1jETFCf^N5MJ;k3u}Uao7Ro&tl+q50a=$Hj+-9q zGjjkld;}E0l&~?+?lw@*NKUAc=2%5U%n;aO;^e-iTL?HEcgK~HIRMDR3V|aBFo_^R zX1@o(52(aiB(AwWaEOQNE=Oz+AZ%FO;1mxqS}BKM2ICjl0d#I%U?!;c0+|QFwKjxf zr#PYhgwyVar>(hD*nznq6HW<1Wsl(DPBKT;tGHp)0bes}a(}Ae{_vOoX7XHQf;xA% z2x|&JA3m`X0rwiz7CHE`c_Ftxq#SaQ_opLEyTm|i{Ww>~7ajoI^(xD2H-2&d9=-pa z{LE9o)t)6U$_{%HVIAr8V58}g&St(Tpeb3}Rj4}#O2}LpafkV@^qhIFl;8mU9v#YL zs}vld3veTd-oHz^u9Vnb^J%LHV5PtV}fo^2_&5U6o=9it77_9uC5F0 zV@M++7M_HIbBfz@AbEmIPR~ucZXH*z(|1Ssa;A_)bEdd}dB`9^>NB4-h#rGk0kNG< zjP@OzI$CJQ(B??3AH0(gxdJjxvVh7w| z>sk}Gl^rN(Wp>1+U{!H8vPtbpQK@gl98qtXU!w`?Hra`gotSrEydJNZb~iR5JF9U zbf=wX%9Ho$$Lluee@LUc1G)kvz!MTqj)24!)TE9j?L5hId7l=DqkxNMf?di|%QiuR zviRJ$9^kb+qqxi+5s>?bpMon;(jw--!Ts}7;JQ4px;V)oaMvF>K6?_daGW6;w$&6{ z5dJ=$d_1=(^|bh`HuTcjA`Of}zw;}eoc@S!r9l(fH+)ud_c~8alDoteiiCoW2qWA z*j*uUYzJXFX2Lj>1BR$j+l0U<<8PVjnDW?;;DZ~GDoDUbhOJzsNF7wCqIY`4@`N*M zdq=%VuaYHAsdJJWzuR(`{3zH3MN8mDk6aTM+O@C=lL86EH zBOfIaM2IsG7 z#^M0BMT@x;c?Gj9+Q`F{r=8VhB%=mY@S`5Zy$FKrFsC#?{lmAwjnD5_6Q zVwl9A&F|FO{Ba%9O8&Px>RlOU0-pP#JdBhAudDr%Jz)aD&?C2L)B8m{9=zw%v2zlt z51LR=HQH@*G+_zE`hH%&9euC=8Ov*E#+~)&bX)j8pEftT3^qS7(@y;8H2)Vtz@?B{ zhmv+8=2eKjLUzt;B>DQhU@5Dw=v3*mtZUfKQkwq0nBQ>20R7q_C;S66LqT8nFLnE<3sGR}f^5W(cZO%DB4Q3C#X1Jz+n&zTD9I+{j#- zK=<>MW0TpvP?o4&iz!6n=t6UE*u=Zrzp9tNPlUv*z_~+DCVhvxX-oSIQQ)grTz^x% zCL?C!#~?;w`gt7m&-=p8j0+3C)K8n`mouvWMbjupxHV18YvF0-F5E*+D(6EocO+xq z$0g^ieNiU;vM>RKp}Np^=kgMSL_6r#s8Zb@`L|9}$!7s|p6Mp-xxhL(0Z$G7}#YXtNFy4r^K?q*D zmce19dto=a=dC}rq_)978)c+7dsIokFT8gk_cT#`QR0qTQ+vG_Vf&4;km@deCCi_V z>gjS4Z@lDo@O6!0if?t4C$CuV;@ysvEo5JTY!EzCV`%gm)P8V7OcjzDc}vKA_bHrX zMQ+TNv+!HlsoEgNK{z`zBvbSji$MWv-44CG4-GT17DVN_IM;BHe~xj10c7WluTZ-5 zAg{{D#$=)Qf6@$(j*@xo0(l5oseJd zXZ)z4!-u0i=6T|6(f(d`a!Z$d#yE^RnVyQbee~b{TAZ{g{QW0wpd!a)N$nWJkL3X! zCOd<74bAJ3j_mE*VQjzVXRb5ZiM(t0J=U-<;NC{ELiBu({B0!{^MUu5o}eW0HY0y8 z)wkN^{tTOcT%IRY(b$B=uFT(8od_&|KR7dx(Y4s>`6tPT+-7E4qG*!X{VSxSeF7B% zX5OopqcNnzuBgS+50ZCs(^^<9Wk6Oy&2>PwDR2Z`#VYd{&l%rREk)<^Lg|miJ9zrU z2MuAU^-Ql=6g$I??aM<)lz*mIF+@jj#y{to&e>jNt^~<9h}4~@+499Xvzg{j!sZoA zL@o)f?p9|8^%Xy>6*Pq$aww-WNgFQTJThPOtWTm;9a))TD|ZZQ9mP^}=&?0aJO-0aH()ryQ}$Q9?`#OT`T(Dg6phT0$7r^hcn4yqR; zf9zGC{HDx{THm+dr+iVRkdwK3LVV?R?aKyAD?cNCGSeBYibFridV3b4O!%$W6uCbK zDNbdm^dZx7CG)SnGs4biXYjZ-ousQXJT3D$ysug93+cm7>OTwK$2uoL;(>H5G2hYAR+>iGe{hU zD1t-@k_RLspde|;IS344<__OE_q=!S`K#W$Rrjy@@2#5Z?%k`qSMNQ0X06q`cQ4D^ zGz@w)iSFWS;@_O!R$IDOTLkG?P}ATO?XwvVW4rLqg}0lq!j@Ba)6f~Gh-AOO-=Btf zC{vPR>xrtjUbnRU04_P`U|zm`T~uGja0$sU?r$4ITf)yS-g}DLvaCLfRmsA_DL+lSA>Lid3 z8f#yMzNF92KW;UEC7k;KCiyYy_nSu9^O&Ci&u|^|MUNrYWv+R2BMjY!7);x(*sPZ2 zIY7F9Zy-!%p;ZSvZG?0lJBUpTeVG;BynF=^^6jliIGRV$*KEX6fzTuD_3FXcH6Pe< z<1!CG=SA+q7YAk1`zbY2flchn@2@~xtH<)4WLKq=;7lHDW_#v zwVWW~_G2#GR#Q2Mi-}SxIMkzga(hCkl`-13C%uD_Om^sK)w1MI4JW}@dW zvUau5Y}8ytmz|r@?9YyHniSOJLH*eN%M=G{n2Nq3NgO0C)j=9v;Dy^$vsyztId zrv3rsv*W)@ndA`wXm2C(tHG)vJxa3%bZg4XQI~XmvDo|0eP6r{D)9ZIGW9jsT55`Hf++2dXx_7PkTU%t#cyv`*hdK|jVF2cS~Br6R}GbyMJfj;hve!%N<)W=6($q8 zYRQMq7r=j>1*LaBc))dmtM-G?K_&?4&;&M-ZHDJt*Sx~1E$^Kq9qh$0vQ(dojEnMz zZ4b>X9|ZfFrTtg?5e1BGsuo8sgPx_3csN=UtahGiaYx` zTdd056d5(m););*%MBcn*Tk0$lh~(f4z}qQL~i{!K{@+B)4CZ5uUSa>$mm>^<0`!u!lY zXcfb=M&^p8*=O>1s=BgoN{O-*;Qny|40FtOu&i(H4kOE!BBmzaBIs1;s5X=+Hv$;F zFWBF5&2g|?d;Qawl_nz9NA#e^kmJvvsUUwnG3PQ*vgp?qJ&Ram!=q*Y^PjKk;wK#) zBk8K84IOg^$zg2$%=j#{z&tgg8bAWK3mQFW};10Wa?kg() zUK$0IVs>fRfyYzEcgc0el1KcJ>bK8YBFU!1YL)B$Bfv@0#BSh1q`JN^e@imGM zskw|_M%o(RG~5EnH%V&&q+Ym8%RFAB+63q{O7{Rwyj=A67b{-3-H0i;$Zjf9nYI9V z@crVyKQ*JgeAY3~%l%tN)GOU65~ zsqalG6DL0ydo-ND7?`3l{kaH|{%pl%g7lN5p8Fs^%`0$$M*&Jg&G0$AyL_1AjF6p+ z>2d!&*7+Y75Xaa*isyl^@D6kN>myj)khXo4_<@#kJ=fS?YWm zy=`xFU&l^UC10|2b1v0)>M#4BHdLD3@F`NVh<(8)Bk(-BlX6T`$CYY|L-?V5rLt*` zcgripHroFW^%aLXQ*Ye7NrA3$Wfodjt+IUCO5kU;psq!MF956D)%ND>l=>~_($7x* zz?{fN^~=DhP^yEyTSJO1j%=zkm8^@q>Po@WkE;ZK&^MgmB@;GrBOaX5mFoan)xWi? zdpQtez^tICL@KYtTiz<$60xVD2B+<7*OqY{hvRIAR`eX)C+Z?6`CG0LQF0pFZ^T7k z-e*%$?ZV4kjtl`cPkjNsoJ(iwY@vVc?obv6$~|FIO)b4>jg*Fg|00}zvFpRyJJiBX z7|kT`PC*Qa{|UAC+#8Ljd<2$? zg(<*~TQFk;NVP!dxnsR_2>}p;WFU=Rm#$xSX+Yc%de856C*Y>*bfgKOu52h>gR@ck zln@2%a6lG_60SPlpL)M6yX1y2v zE5qg{ZU*aH9D`6-9E5#mzekDU*S;2TG68?aEUTWZOa688`<~w^2>-mSb31TwLz4ak) ztIx-ErKb5y zzUr8>M!yybl$81}RzKwj$9(L3c6XyvDVCfIXt_-9;_Yxkh}~~8_u7+hY7uIWR)^Ho zUe)3YT6NYW?&-Xf_Q<(%`s~tVN*Hto-^;f5$8~E3NQ*nQIBVAcz7NOV1gDZ%6B&os z{xe*E`(s9o$B}TqD{EkT6O?V$@mw=@?y+tfuCAZC;;pl zedo03&lmWbYaZ|kK?dwsJ9~SNzn4wPoxcZZ{GDck5-@?^1BFLf#xHB@>rPg^C?EuCvNIr-s^cGcI_HmOgQYum7@|O>|oWF>z^xvG%LCQY7UF?5>Kcu>nQO7EWo|b5+J;r8eMq# zby=ZNG8rS-ZM*>u4K<3EVht zozYQpm=bnkO!Q-l2MN88USHq?wYgc^8ru{(^oCHP)a4fsH0ThnmN#7(gid{ymW)Ok zAMW12_!9oJp3k&J^yAVq5?>EJK_}}aK^dX>A{N4=ucBVln%X+0l@uV}krMM~Z+RR{ z9*gP$LvU8lWyqCcMGz!zGA& z)@q|Ov~M;oYJo_rQ6R!xQ(%OwHZ3W%x$uT*wHm#!X@Z*2?lCy`*9pnbKLo}QO#%En z6(^7q%44vkn@SQsTe$vl+u%LePg+wKQ7cTa z0eX~CoyN~y{HNJXkt_AGC4-x?Sjbn(Kti8Rd|VW-VZf$8e^)3sL8SO?!qaA9QH-Xo zo`n8OphlNZz4AVO{eHJN5D=ZDPp3Yf#GlT8xA^V*r)CTrcZAxQ%?83zKB`wsE8>$( z9S7sc+hM0AW=7%E(-XtLZy2Cf2FcqP1Hx>Ldfgi4$CrA-Ss-<-~HXymKj47 z)L>Ebw&WkYV&rq)%%p581TgZAfmWnJ@?N!GRsz_zIGWA>)wmd~ZtHDIoClJC$nbZI z6V+uh<-)GP7;d2EkVrkfePbWX|9c+a@kGWGd_h7wDe7bTxY2gg`)Tf=K5X{`p$3+J@$@Hr|v!9y$ z?aam6M|i03+AX^cF@9xVfq$@pAI?G3lj=`XV^e^BTgK;qtTW(Y=Ou? z9Zc9g=4OcqVARw=q&t|$HSY$LFWKt)zNI%V1)D0Y@aKi$2Xs^+;&;DHBGTxSUS=jt z5%T%jO5kKPDz_FW{Avt{m>{7!5X;UN7O(}>8Duo$r@T%kwh^xBAbfhvou{jzjbz)x zEyvov&p08C39BIkSK)HP$#&21qGIuxpf z7_3VR_=1P5WnDeOpFZijm(#LlD&SEHIJ_Il%EfK| zHfmDB;bFz9wy!AOC;oKz8L)%(J#fxDE4DJ8$pE_LpiH}2xSh;=U5O(n8Bf-6qxkr$ zS;W(*C^K%Sy7@vs!?FOg5@UIm$=t=0XVAfiT&o)g)Yq!1St!3Hm+N1d?or0&X^= zo8V=TRvq?$idCV*1U<7<8&m_@q@FKTO|+3FFiv=`fF%#0=Rx5)$AOrFTfw458hru2 z=HAairWXCrs@Lkalt|0acY#Uw`@e#r8hrK4>jX&s&8}9CC|%)3d=1AUbKS~0ns(bDA%&uI&?4qHFo!EuRU|WJbQk?bQF$Kx+M{Jx~8YU*)%Hd z8|@yrcR$cS)NV3(AKT)3ZVE!8mkGZ?(sizIILr6Qthmk7>4UuOPS=RMbPHRKFh{#d zf8xl1$%RkL_h!U5mBJiz9MS}sR!JfQ!W>(HT$HN^doAqDD*MV!td5dK8iT){=DXWg zEL>sk!l={s0D=k9Mu@@tEH14BIhUNiQZ&~xbTmgAT}uBTK}W_gSJ|V6z~4i>oLA)@ zhAr34emuq}nswT2gKYp}cz~Ki4s}}Z+R-xp^m76G*h^kWcWFTWBcoVOsnRy+pz;Yp zKmVUNtW78lQJ|ll;Dz+=7j21c8uCDb&fk223zkIjR~#MH|6m~k#k&i!Kg#jp{}W=k zvYG=`Zm8`PEnnc1&|xuJRI5-d^)wH`$u_8BTZ7H3TAOWqMp?I!=FREpCE!*yBLNfD zNmPQeO|whq_RFG4Wu)v54MU(t7v6qJ=;rO!Uwo4i+yo~cGppm1N?z3^YI<@ZMk~qt z*qm%y)H`3&*WYqBh3Wvvd<}{1QojUJj>*gk)rJZIF1$DIlq27K^=R$w|72imd>(E?y}&x80tCHudgbpNXW>_Dq!EltjJu$hM@`HVtc_w|AV*)pq?c zK{$%TxJDax%?t0&VZVvmvw>#z0fMq;@ZX2*#IU&Y#WS{~`mLJ+kl>G4au`zW>N*yI zf*JOM1bHTM!B8c{JRwvHp~{&Dg@)c*xUmg65Wq!pLQn6DB61HQS3!GIq4f}p#~V~&KW{-?h^-&}0@2~sB%mnp+zmi_ay$h} z+SsT93l5DNC1+zv6VFR<2<>K)I{*WK*S@-IBXiz_VJH~{o{ha5cxuLT|a&azG`PrJYW0M#OLdCE|fKnBk(7sCQ_|1zX6!6XCc^j`gGZ; z&|aT;CHzDNgov3Glz41}K^QU^p2m3Uzy&F*^En{ zP!Di>FZh55@`L!D47Zbk>bn}$#ha@2o5_jXls`;0qU9{_ZwM|q7!VeC&RC`BT&?Qa z-m@$(J*4}Dw_$V^MDen!bOgNlARzK>;*@D639fR3lWTu3LsxonUgoknGIVNxj|FSn z+2-c&DEi2R4yS$E-R5R$ZFS8F-Jyix1vaf%VFN!rXIR9nJGI@E0kKwFg!@0NZnitS z1;aQPah1l!?i6bki!Cx)FN;xje)slY&hN?yCsizV$S5^L5>4$du&ng{*dJw4vFg-z z(cu?e9ymV*yTY>x2x%=$5 z3;l{WEzXwpWvcdjndbr+?mm5NZB+El!hcoYxjg=7dbCC9(oL*fC%#zqGI?m$VuW;y zXC&j${A#R^7c5s6P;$RlZ>m<8^For?s2s_S!$v{?s z>7^Srw7<$xW!c!}WqNIX)dt4&)QtdIS7i*5Y3%`;oqT&eU~Vjn4HHT6ny5i~$O9*T zesdl`R!0n^m|2juiI!!UQ|7T)`D}Yf>yWkR87z*hI6>$?dCo{-Eqgcz&K@#{-rh=- zY^jc6OgZ=_WoOw#HsJ5bEPi`@Wr+BqXQCju@2jm~bs^x!Q>G|0s8Qgpe% zIjA-!F6CfUO2w*2d*JXxE38*&K+gG}+BGrvQv?9f<)TKQBy;PK@1)U1K>H63?B{VR z$DiDb{C36_764~dRIS`ziiqs4dLEBfcCVwIsLbcuvq6eW#jn0(?y1gB3|6KEc#Lse z!mNaDAl%S`gowxJk=OFb#|8EZhvCU3aR-ge)19`03lm;};$+s{w~IMU*eK%-;S|z^bf%oQi~j_MZ&v_G zCDAMCwH=RTG`majLW^;Da4;r$Nz=*s@1Q{OVFdq9e-ul%vgD?6_ZhB-Ni{Nh5;Wl# zJqa}RiC&CmqKsOE{dZs-FBHl8Fv&4`bVm{!!2JUV^%nX;0(~O%gAi&b)T7H^OzNr( z+bsSALZ(EfIUzqp9yuXnuECpY5Egl4K2h?Xe`iME*h)AelIWqZ-!<^M2JY9ug`W!L z+~=xkHn9II+BJExo?bEj>mPacc4rY`jmQCW(-3mW3dA~-lhtUI-Tp!}X-p#^nSQ)? z@BFLotvp&MIUh~UhB5u0XB2blzFqq((a5mH0s2Xhy0!>%J0jNHbeN320^!8SVKX{B zv%f&fVbk$i@~Ds)0m#*Xszr zra*nAUx|LqczkT7mORMxh8Afb=}C(ueH`fRp)Fb##hjf6eIR)*|Ix|G$5w6SThw-V z>pi|2I$;W}M*^nQF@1&za;6X2&;#*TN*@#KUtg|eD3tsv{Az8egV<%9%Yo91Hz|Mo zX-k)-Um7b6=FP073bo>I`(9=uQ$Y@qsg(knmDL#6OOzj({-sC%i4-{5!d+?&kNz1h zX*QsXD=i^459)qU)MRD{nM7W~TuljqX2oN5&md$_k1>3W+!Um-84)5ONmpA2m=up_ z0z>8Ub#b_XDn!}w-WOgEMEQNDpCwKCT2DVAhbok0$}Bfk&FwR2W9!NP3h9i zZJPtQx3V55WG+S6S5ft8=~9~;QVZ?{LkgKC0_seVcH_~uqR;l@?$b+C!dL{QO99D7 zkB{5@kFUssRn_N*M^2^BeZ_I|^6Hw2>1;3se(7U$jPLK79M>Mgh3IrA*ch+0oWl*G z!37vIn}mA(@W_s|&jtCM$~D<7Z2{B`9~>!>R!RIKRkB(J#NPA1AwIYe!Hhj})|zZw zKVhDn|MpxO*%ZO*V(LaFK8X0nV3+oB>hW$yt-Tm@K=^Zn$YcEGR2GAXAciZYf^QZ+ z2Qeti_W)r#O_yQBBYI_(g4(+pC;xKx_{vZvlp?*h?i9h13=rQ&Y~Qq-9;LefCzs3T zB6d@IbVm`5z3rJNjiZSb+L!%YXtl9dx1k`IY-E~@EQ54S2@mO*iClfIrXHhwX|CH_e5*LsRie9 z!cq7aKZOGdSY(A=)x*X>$u-7bnc{SQ?TyuGtjT}!!&{(pTqBsm8?ysb3$NAj@2KLM zDxqG?W{Jiarpb54a3-^GV-hBx0FQ{XHT!XTjcNG~UqhR0p6wT)jVvYw?fx~5{zh95 zcH1fXJ`CGNPFYVvv~X#30*b%XCwi0meR^#b#+UGKo$;NuD*0{zCD)`JI|;p-(2Xqq zolN265rh*z(k|bd4{4Mi#*2jHC-D5tGe1m422AfbE?GByxhY6A3o|?b;U9k80r))+ z{ZT1mdaholVmkYp0QdgU@pImYP#*aUR0dpf6yIlYISr?To;Zoj$+?C6_4r0Sexf7~z)t5Y)~^p$NI>1Qd~s$L zP@ac+nv$l3>dxY(Yibdqru}L~BBq?&PFe5knzn_Z6cd0tK;=J`Jo5VG_Cic75NY8^ zZG=turaFQvTo{5tzjjqZJo(16?0&^#`vZIoG6q<gRYm7!0vmb;tsS=ayZc=I~4?&dHeCxFYYgk}WR%=0Ji z-c7&!($8CK!2kMLO{?u`BHDUpE-~gvH12SO^?KTQ{3t0WW-QV8l~l&VEV8}P{$$vI zT-#}iK3{|dgMU%5Mb1k;KMVesMIII*K5SA~9CMLkfsacqAwp(| z^IX98G&NL@o6_n68}{rpmA}q}lXh)X+3H zTIfRdpnm<%P%i!zNAlmgGZk!ex~PiVv%1X{vp)!XFmM-z^lDptRXn(NJHOr{619Mx`TEB-vO1Dg`Et) zVvg3ze5D+l|C$yPR&F`$5CJNY?3Ft2Juvn7BhZ5(d+AH~srj#MG1}&LUAs$M?a*pD zH7iH8=Ux+Xp_rp4wYSsB0k)+-l06=jCMWC3cgwYz2;YAiy(75qHa4j8so7|Im#+Du zYgeV9{rY1!EpU87_WnpV)hEK6h3?Bm_>PKWv(fafH0kzobnwa{CDYno%YBReuz$6P z^z(RC4@0ZtR8L60U1j!QE|Qz{XWEi?tubGdN35A!N^h9K>Q9n2n&;$j)ixH??H2_5 zD!>*az#d)uh0k0_m6wOnmeR_MxzjV}G4oCL6_j}u1@jsEsLn4)11_OAfDc z#rbBPSICAs%2fm^X3bZ{XI+tbT(AaLxefiS0bnu@yxg?Y{2|Nk= zC5H>d-;1O*;9A1bW8wiorHysHOw)BWM;UWitzCj2_74sZkR=s>{4x8r^zbjGYh zHOMYisJ=RZBvCmnRO+Z_V@Pg}+2U~CCo$(ph#g8fr`LlCZM!8+*9Tg^ZYoh+_HoJD zjTz7OGWpdrV9>POwl3v7XO>~RGHJ$b>pWD1TRInQrbUnW9=ImvgxIEjz$h3R_4Geu z$E!Z7jU6xXI<)NFn3kI}QWVOa6YAVEnm(a1X%Mo(S1sb7UxonDmiNQ+TGY>% zYwC3dF7N(+WgXJ&F(%D0VaL$fNtTGk={99TzgE`4mV*O-t?~*OjIS0N{4Cb_oKW7X z^E0v7;5@l@!!@H2gWZ1lvzWMPf!i;C3F>$YMff1hn<$^FMkC915ysUdF!c`XRdbh7 zfbztQP0pl&j_6g$g(0>@=o!mlpy7hjUgj0s*&gN%M~4!CUCBQnPr-lo5azcZzXIQL zxP8N38vN5Scc1-)485p%OPQcUnT^3-4SWX2R3~AK`&ut=tiG0KQd$nmQyt-4r#dD& z2VcRlkkJ4Ahi?q7UUMi1NQj{wF*!=yaj1tin&ywn+!M`a#Nq}Lod_bc-z6)rt>*gl zI;~8kU?%U^=>2$9uOvF$$1x)^jCyg{vYp8IsEsY2aV3vHp7+g4ltzF~innQOzgNHm zyAQtdx2jM&0S0!d_r0xt$IGsW23Y_8Ank4bJNXoy)grE=5`T2~(I)<#w~k7}fVXBP zN~Tdv7F|4>@XK3!7p07`RQX`EB8{x{8`A=lxQ}u&NnArx&TIa}z(1i0Z zZpSt7^~I~M28h4!y!h}SNf{s!^i(C=rYWH9@~wYBRi^ku2NcUQ-1jqi+Q8P z#R_*PsG;fmFGaW;yk_O-pom-W*7j`VksF}7yGk=%c$RFRjr*$2DAIQN8I$bjS;W)u zoo05GSj?M%Q9ewOt%E&w;atlzn5UtUW_FfX>={Ao-LMOmj^OtTNG(q@o`xct*)d|V zCj^Xl!kU>o=3*ACv^+(58a~j>_7RIcBuJGE3uNk0j#(hp@+9PG2&S2BC1yRgt;Yk| zbwziYyX(zQX=ZDQJ*)_1MZ+=~It<<|6l;2RamzW;*j!6xR}v3B2&XuYwItBK9md1Z zLGx}Q>c0zA5LcSx+gOj;zx+eg(1M^uBy60%Vd!ese z^%xvqw_0CIRey5+bZ8waO_o7?Dnf~Ye*d_~a9AB=#PI=N&w7Siq{i$^Khiz5*ZGao zEyWd`0A0WSjO~Lhhhf{P;KO{jB(68;YPJu8;{7JEC`oxS@d1$< zF#)uhyiisDmbb3q0PA6K3*YkrMQ^PkRP$j@R^lmNKasbcN)nm3u~@&h_k+qlvqt`@ zmB`s7Yj5k_KHEkC&H;hLh{1g-29dU_*XdqI7Zs{kMVQG{Z~NASsuk7%u6fd{UHjc* z#Vf-+1{qlKn#!n2X*&SL0w{ zbo;^iKU{Lg`IV}@c!5VHNE zex30=BIG|6d8R(VZ91*&VV$rPFLZo%)}2=DLqoA29R(vlGDSKuMgJRta&F|d=yt!! z1C4=5g1U+S{}Qn0eN;wT4pN};pc)jh{xy|IlNQtdh=89*f*IaVtbdd-{2%iFC3=Sw z`A?-gxh4Om{x7k=Eq>oK8I=7V)7};2r1JfR=i^UOs+5cSK2D#`->7EVGe`DI=tnwA zktaH)T^dV#*B-<}c&?$CIrd6+6*q{`_vi1F_HZ;tlWuFOnLbxMUA3@aw8kBvFE@WW{c5zo%%~Foa^>$E;`{K^tIIb>Wts0L-2&Gv z>KV$~u?ubLw_AjJN+5P`G>4*uV*N>xE+1foO(I6 z+7`cN`R8Yl_2}EpI!u1PVu4!;V_E1`YNqOBTx(l;oATH6&@;^Aki*kVOlq#jYKiLX zVB1yyW9;(MW9&cHh1%{Ox#g!p#Ab+-mfI&m$Q_} z!~$L_%S)#PIo*;MOPfU+czE$Mx+bh|_r19!m2=oFHAENt7+R>}_ zhwH`YG5f<-t;4&<-iGoWdi%631mgb>N_g{$x5P1VJhlJcG;C++Z=4s-`wT3jYCKj?G|1jR`A8#rCqF`~b|mWmGUg>^ON164Txr$z zMEzhIW#O@UsNoj# diff --git a/krb5-1.21.3/doc/pdf/appdev.tex b/krb5-1.21.3/doc/pdf/appdev.tex deleted file mode 100644 index 1f9ec20e..00000000 --- a/krb5-1.21.3/doc/pdf/appdev.tex +++ /dev/null @@ -1,31210 +0,0 @@ -%% Generated by Sphinx. -\def\sphinxdocclass{report} -\documentclass[letterpaper,10pt,english]{sphinxmanual} -\ifdefined\pdfpxdimen - \let\sphinxpxdimen\pdfpxdimen\else\newdimen\sphinxpxdimen -\fi \sphinxpxdimen=.75bp\relax -\ifdefined\pdfimageresolution - \pdfimageresolution= \numexpr \dimexpr1in\relax/\sphinxpxdimen\relax -\fi -%% let collapsible pdf bookmarks panel have high depth per default -\PassOptionsToPackage{bookmarksdepth=5}{hyperref} - -\PassOptionsToPackage{warn}{textcomp} -\usepackage[utf8]{inputenc} -\ifdefined\DeclareUnicodeCharacter -% support both utf8 and utf8x syntaxes - \ifdefined\DeclareUnicodeCharacterAsOptional - \def\sphinxDUC#1{\DeclareUnicodeCharacter{"#1}} - \else - \let\sphinxDUC\DeclareUnicodeCharacter - \fi - \sphinxDUC{00A0}{\nobreakspace} - \sphinxDUC{2500}{\sphinxunichar{2500}} - \sphinxDUC{2502}{\sphinxunichar{2502}} - \sphinxDUC{2514}{\sphinxunichar{2514}} - \sphinxDUC{251C}{\sphinxunichar{251C}} - \sphinxDUC{2572}{\textbackslash} -\fi -\usepackage{cmap} -\usepackage[T1]{fontenc} -\usepackage{amsmath,amssymb,amstext} -\usepackage{babel} - - - -\usepackage{tgtermes} -\usepackage{tgheros} -\renewcommand{\ttdefault}{txtt} - - - -\usepackage[Bjarne]{fncychap} -\usepackage{sphinx} - -\fvset{fontsize=auto} -\usepackage{geometry} - - -% Include hyperref last. -\usepackage{hyperref} -% Fix anchor placement for figures with captions. -\usepackage{hypcap}% it must be loaded after hyperref. -% Set up styles of URL: it should be placed after hyperref. -\urlstyle{same} - - -\usepackage{sphinxmessages} -\setcounter{tocdepth}{0} - - - -\title{Kerberos Application Developer Guide} -\date{ } -\release{1.21.3} -\author{MIT} -\newcommand{\sphinxlogo}{\vbox{}} -\renewcommand{\releasename}{Release} -\makeindex -\begin{document} - -\pagestyle{empty} -\sphinxmaketitle -\pagestyle{plain} -\sphinxtableofcontents -\pagestyle{normal} -\phantomsection\label{\detokenize{appdev/index::doc}} - - - -\chapter{Developing with GSSAPI} -\label{\detokenize{appdev/gssapi:developing-with-gssapi}}\label{\detokenize{appdev/gssapi::doc}} -\sphinxAtStartPar -The GSSAPI (Generic Security Services API) allows applications to -communicate securely using Kerberos 5 or other security mechanisms. -We recommend using the GSSAPI (or a higher\sphinxhyphen{}level framework which -encompasses GSSAPI, such as SASL) for secure network communication -over using the libkrb5 API directly. - -\sphinxAtStartPar -GSSAPIv2 is specified in \index{RFC@\spxentry{RFC}!RFC 2743@\spxentry{RFC 2743}}\sphinxhref{https://tools.ietf.org/html/rfc2743.html}{\sphinxstylestrong{RFC 2743}} and \index{RFC@\spxentry{RFC}!RFC 2744@\spxentry{RFC 2744}}\sphinxhref{https://tools.ietf.org/html/rfc2744.html}{\sphinxstylestrong{RFC 2744}}. Also see -\index{RFC@\spxentry{RFC}!RFC 7546@\spxentry{RFC 7546}}\sphinxhref{https://tools.ietf.org/html/rfc7546.html}{\sphinxstylestrong{RFC 7546}} for a description of how to use the GSSAPI in a client or -server program. - -\sphinxAtStartPar -This documentation will describe how various ways of using the -GSSAPI will behave with the krb5 mechanism as implemented in MIT krb5, -as well as krb5\sphinxhyphen{}specific extensions to the GSSAPI. - - -\section{Name types} -\label{\detokenize{appdev/gssapi:name-types}} -\sphinxAtStartPar -A GSSAPI application can name a local or remote entity by calling -\sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.16}{gss\_import\_name}, specifying a name type and a value. The following -name types are supported by the krb5 mechanism: -\begin{itemize} -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_NT\_HOSTBASED\_SERVICE}: The value should be a string of the -form \sphinxcode{\sphinxupquote{service}} or \sphinxcode{\sphinxupquote{service@hostname}}. This is the most common -way to name target services when initiating a security context, and -is the most likely name type to work across multiple mechanisms. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_KRB5\_NT\_PRINCIPAL\_NAME}: The value should be a principal name -string. This name type only works with the krb5 mechanism, and is -defined in the \sphinxcode{\sphinxupquote{\textless{}gssapi/gssapi\_krb5.h\textgreater{}}} header. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_NT\_USER\_NAME} or \sphinxstylestrong{GSS\_C\_NULL\_OID}: The value is treated -as an unparsed principal name string, as above. These name types -may work with mechanisms other than krb5, but will have different -interpretations in those mechanisms. \sphinxstylestrong{GSS\_C\_NT\_USER\_NAME} is -intended to be used with a local username, which will parse into a -single\sphinxhyphen{}component principal in the default realm. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_NT\_ANONYMOUS}: The value is ignored. The anonymous -principal is used, allowing a client to authenticate to a server -without asserting a particular identity (which may or may not be -allowed by a particular server or Kerberos realm). - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_NT\_MACHINE\_UID\_NAME}: The value is uid\_t object. On -Unix\sphinxhyphen{}like systems, the username of the uid is looked up in the -system user database and the resulting username is parsed as a -principal name. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_NT\_STRING\_UID\_NAME}: As above, but the value is a decimal -string representation of the uid. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_NT\_EXPORT\_NAME}: The value must be the result of a -\sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.13}{gss\_export\_name} call. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_KRB5\_NT\_ENTERPRISE\_NAME}: The value should be a krb5 -enterprise name string (see \index{RFC@\spxentry{RFC}!RFC 6806@\spxentry{RFC 6806}}\sphinxhref{https://tools.ietf.org/html/rfc6806.html}{\sphinxstylestrong{RFC 6806}} section 5), in the form -\sphinxcode{\sphinxupquote{user@suffix}}. This name type is used to convey alias names, and -is defined in the \sphinxcode{\sphinxupquote{\textless{}gssapi/gssapi\_krb5.h\textgreater{}}} header. (New in -release 1.17.) - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_KRB5\_NT\_X509\_CERT}: The value should be an X.509 certificate -encoded according to \index{RFC@\spxentry{RFC}!RFC 5280@\spxentry{RFC 5280}}\sphinxhref{https://tools.ietf.org/html/rfc5280.html}{\sphinxstylestrong{RFC 5280}}. This name form can be used for -the desired\_name parameter of gss\_acquire\_cred\_impersonate\_name(), -to identify the S4U2Self user by certificate. (New in release -1.19.) - -\end{itemize} - - -\section{Initiator credentials} -\label{\detokenize{appdev/gssapi:initiator-credentials}} -\sphinxAtStartPar -A GSSAPI client application uses \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.19}{gss\_init\_sec\_context} to establish a -security context. The \sphinxstyleemphasis{initiator\_cred\_handle} parameter determines -what tickets are used to establish the connection. An application can -either pass \sphinxstylestrong{GSS\_C\_NO\_CREDENTIAL} to use the default client -credential, or it can use \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred} beforehand to acquire an -initiator credential. The call to \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred} may include a -\sphinxstyleemphasis{desired\_name} parameter, or it may pass \sphinxstylestrong{GSS\_C\_NO\_NAME} if it does -not have a specific name preference. - -\sphinxAtStartPar -If the desired name for a krb5 initiator credential is a host\sphinxhyphen{}based -name, it is converted to a principal name of the form -\sphinxcode{\sphinxupquote{service/hostname}} in the local realm, where \sphinxstyleemphasis{hostname} is the local -hostname if not specified. The hostname will be canonicalized using -forward name resolution, and possibly also using reverse name -resolution depending on the value of the \sphinxstylestrong{rdns} variable in -\DUrole{xref,std,std-ref}{libdefaults}. - -\sphinxAtStartPar -If a desired name is specified in the call to \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred}, the -krb5 mechanism will attempt to find existing tickets for that client -principal name in the default credential cache or collection. If the -default cache type does not support a collection, and the default -cache contains credentials for a different principal than the desired -name, a \sphinxstylestrong{GSS\_S\_CRED\_UNAVAIL} error will be returned with a minor -code indicating a mismatch. - -\sphinxAtStartPar -If no existing tickets are available for the desired name, but the -name has an entry in the default client \DUrole{xref,std,std-ref}{keytab\_definition}, the -krb5 mechanism will acquire initial tickets for the name using the -default client keytab. - -\sphinxAtStartPar -If no desired name is specified, credential acquisition will be -deferred until the credential is used in a call to -\sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.19}{gss\_init\_sec\_context} or \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.21}{gss\_inquire\_cred}. If the call is to -\sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.19}{gss\_init\_sec\_context}, the target name will be used to choose a client -principal name using the credential cache selection facility. (This -facility might, for instance, try to choose existing tickets for a -client principal in the same realm as the target service). If there -are no existing tickets for the chosen principal, but it is present in -the default client keytab, the krb5 mechanism will acquire initial -tickets using the keytab. - -\sphinxAtStartPar -If the target name cannot be used to select a client principal -(because the credentials are used in a call to \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.21}{gss\_inquire\_cred}), or -if the credential cache selection facility cannot choose a principal -for it, the default credential cache will be selected if it exists and -contains tickets. - -\sphinxAtStartPar -If the default credential cache does not exist, but the default client -keytab does, the krb5 mechanism will try to acquire initial tickets -for the first principal in the default client keytab. - -\sphinxAtStartPar -If the krb5 mechanism acquires initial tickets using the default -client keytab, the resulting tickets will be stored in the default -cache or collection, and will be refreshed by future calls to -\sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred} as they approach their expire time. - - -\section{Acceptor names} -\label{\detokenize{appdev/gssapi:acceptor-names}} -\sphinxAtStartPar -A GSSAPI server application uses \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.1}{gss\_accept\_sec\_context} to establish -a security context based on tokens provided by the client. The -\sphinxstyleemphasis{acceptor\_cred\_handle} parameter determines what -\DUrole{xref,std,std-ref}{keytab\_definition} entries may be authenticated to by the -client, if the krb5 mechanism is used. - -\sphinxAtStartPar -The simplest choice is to pass \sphinxstylestrong{GSS\_C\_NO\_CREDENTIAL} as the acceptor -credential. In this case, clients may authenticate to any service -principal in the default keytab (typically \DUrole{xref,std,std-ref}{DEFKTNAME}, or the value of -the \sphinxstylestrong{KRB5\_KTNAME} environment variable). This is the recommended -approach if the server application has no specific requirements to the -contrary. - -\sphinxAtStartPar -A server may acquire an acceptor credential with \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred} and -a \sphinxstyleemphasis{cred\_usage} of \sphinxstylestrong{GSS\_C\_ACCEPT} or \sphinxstylestrong{GSS\_C\_BOTH}. If the -\sphinxstyleemphasis{desired\_name} parameter is \sphinxstylestrong{GSS\_C\_NO\_NAME}, then clients will be -allowed to authenticate to any service principal in the default -keytab, just as if no acceptor credential was supplied. - -\sphinxAtStartPar -If a server wishes to specify a \sphinxstyleemphasis{desired\_name} to \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred}, -the most common choice is a host\sphinxhyphen{}based name. If the host\sphinxhyphen{}based -\sphinxstyleemphasis{desired\_name} contains just a \sphinxstyleemphasis{service}, then clients will be allowed -to authenticate to any host\sphinxhyphen{}based service principal (that is, a -principal of the form \sphinxcode{\sphinxupquote{service/hostname@REALM}}) for the named -service, regardless of hostname or realm, as long as it is present in -the default keytab. If the input name contains both a \sphinxstyleemphasis{service} and a -\sphinxstyleemphasis{hostname}, clients will be allowed to authenticate to any host\sphinxhyphen{}based -principal for the named service and hostname, regardless of realm. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If a \sphinxstyleemphasis{hostname} is specified, it will be canonicalized -using forward name resolution, and possibly also using -reverse name resolution depending on the value of the -\sphinxstylestrong{rdns} variable in \DUrole{xref,std,std-ref}{libdefaults}. -\end{sphinxadmonition} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If the \sphinxstylestrong{ignore\_acceptor\_hostname} variable in -\DUrole{xref,std,std-ref}{libdefaults} is enabled, then \sphinxstyleemphasis{hostname} will be -ignored even if one is specified in the input name. -\end{sphinxadmonition} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -In MIT krb5 versions prior to 1.10, and in Heimdal’s -implementation of the krb5 mechanism, an input name with -just a \sphinxstyleemphasis{service} is treated like an input name of -\sphinxcode{\sphinxupquote{service@localhostname}}, where \sphinxstyleemphasis{localhostname} is the -string returned by gethostname(). -\end{sphinxadmonition} - -\sphinxAtStartPar -If the \sphinxstyleemphasis{desired\_name} is a krb5 principal name or a local system name -type which is mapped to a krb5 principal name, clients will only be -allowed to authenticate to that principal in the default keytab. - - -\section{Name Attributes} -\label{\detokenize{appdev/gssapi:name-attributes}} -\sphinxAtStartPar -In release 1.8 or later, the \sphinxhref{https://tools.ietf.org/html/rfc6680.txt\#section-7.4}{gss\_inquire\_name} and -\sphinxhref{https://tools.ietf.org/html/6680.html\#section-7.5}{gss\_get\_name\_attribute} functions, specified in \index{RFC@\spxentry{RFC}!RFC 6680@\spxentry{RFC 6680}}\sphinxhref{https://tools.ietf.org/html/rfc6680.html}{\sphinxstylestrong{RFC 6680}}, can be -used to retrieve name attributes from the \sphinxstyleemphasis{src\_name} returned by -\sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.1}{gss\_accept\_sec\_context}. The following attributes are defined when -the krb5 mechanism is used: - -\phantomsection\label{\detokenize{appdev/gssapi:gssapi-authind-attr}}\begin{itemize} -\item {} -\sphinxAtStartPar -“auth\sphinxhyphen{}indicators†attribute: - -\end{itemize} - -\sphinxAtStartPar -This attribute will be included in the \sphinxhref{https://tools.ietf.org/html/rfc6680.txt\#section-7.4}{gss\_inquire\_name} output if the -ticket contains \DUrole{xref,std,std-ref}{authentication indicators}. -One indicator is returned per invocation of \sphinxhref{https://tools.ietf.org/html/6680.html\#section-7.5}{gss\_get\_name\_attribute}, -so multiple invocations may be necessary to retrieve all of the -indicators from the ticket. (New in release 1.15.) - - -\section{Credential store extensions} -\label{\detokenize{appdev/gssapi:credential-store-extensions}} -\sphinxAtStartPar -Beginning with release 1.11, the following GSSAPI extensions declared -in \sphinxcode{\sphinxupquote{\textless{}gssapi/gssapi\_ext.h\textgreater{}}} can be used to specify how credentials -are acquired or stored: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{struct} \PYG{n}{gss\PYGZus{}key\PYGZus{}value\PYGZus{}element\PYGZus{}struct} \PYG{p}{\PYGZob{}} - \PYG{n}{const} \PYG{n}{char} \PYG{o}{*}\PYG{n}{key}\PYG{p}{;} - \PYG{n}{const} \PYG{n}{char} \PYG{o}{*}\PYG{n}{value}\PYG{p}{;} -\PYG{p}{\PYGZcb{}}\PYG{p}{;} -\PYG{n}{typedef} \PYG{n}{struct} \PYG{n}{gss\PYGZus{}key\PYGZus{}value\PYGZus{}element\PYGZus{}struct} \PYG{n}{gss\PYGZus{}key\PYGZus{}value\PYGZus{}element\PYGZus{}desc}\PYG{p}{;} - -\PYG{n}{struct} \PYG{n}{gss\PYGZus{}key\PYGZus{}value\PYGZus{}set\PYGZus{}struct} \PYG{p}{\PYGZob{}} - \PYG{n}{OM\PYGZus{}uint32} \PYG{n}{count}\PYG{p}{;} - \PYG{n}{gss\PYGZus{}key\PYGZus{}value\PYGZus{}element\PYGZus{}desc} \PYG{o}{*}\PYG{n}{elements}\PYG{p}{;} -\PYG{p}{\PYGZcb{}}\PYG{p}{;} -\PYG{n}{typedef} \PYG{n}{const} \PYG{n}{struct} \PYG{n}{gss\PYGZus{}key\PYGZus{}value\PYGZus{}set\PYGZus{}struct} \PYG{n}{gss\PYGZus{}key\PYGZus{}value\PYGZus{}set\PYGZus{}desc}\PYG{p}{;} -\PYG{n}{typedef} \PYG{n}{const} \PYG{n}{gss\PYGZus{}key\PYGZus{}value\PYGZus{}set\PYGZus{}desc} \PYG{o}{*}\PYG{n}{gss\PYGZus{}const\PYGZus{}key\PYGZus{}value\PYGZus{}set\PYGZus{}t}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}acquire\PYGZus{}cred\PYGZus{}from}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{const} \PYG{n}{gss\PYGZus{}name\PYGZus{}t} \PYG{n}{desired\PYGZus{}name}\PYG{p}{,} - \PYG{n}{OM\PYGZus{}uint32} \PYG{n}{time\PYGZus{}req}\PYG{p}{,} - \PYG{n}{const} \PYG{n}{gss\PYGZus{}OID\PYGZus{}set} \PYG{n}{desired\PYGZus{}mechs}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}usage\PYGZus{}t} \PYG{n}{cred\PYGZus{}usage}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}const\PYGZus{}key\PYGZus{}value\PYGZus{}set\PYGZus{}t} \PYG{n}{cred\PYGZus{}store}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t} \PYG{o}{*}\PYG{n}{output\PYGZus{}cred\PYGZus{}handle}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}OID\PYGZus{}set} \PYG{o}{*}\PYG{n}{actual\PYGZus{}mechs}\PYG{p}{,} - \PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{time\PYGZus{}rec}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}store\PYGZus{}cred\PYGZus{}into}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t} \PYG{n}{input\PYGZus{}cred\PYGZus{}handle}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}usage\PYGZus{}t} \PYG{n}{cred\PYGZus{}usage}\PYG{p}{,} - \PYG{n}{const} \PYG{n}{gss\PYGZus{}OID} \PYG{n}{desired\PYGZus{}mech}\PYG{p}{,} - \PYG{n}{OM\PYGZus{}uint32} \PYG{n}{overwrite\PYGZus{}cred}\PYG{p}{,} - \PYG{n}{OM\PYGZus{}uint32} \PYG{n}{default\PYGZus{}cred}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}const\PYGZus{}key\PYGZus{}value\PYGZus{}set\PYGZus{}t} \PYG{n}{cred\PYGZus{}store}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}OID\PYGZus{}set} \PYG{o}{*}\PYG{n}{elements\PYGZus{}stored}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}usage\PYGZus{}t} \PYG{o}{*}\PYG{n}{cred\PYGZus{}usage\PYGZus{}stored}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The additional \sphinxstyleemphasis{cred\_store} parameter allows the caller to specify -information about how the credentials should be obtained and stored. -The following options are supported by the krb5 mechanism: -\begin{itemize} -\item {} -\sphinxAtStartPar -\sphinxstylestrong{ccache}: For acquiring initiator credentials, the name of the -\DUrole{xref,std,std-ref}{credential cache} to which the handle will -refer. For storing credentials, the name of the cache or collection -where the credentials will be stored (see below). - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{client\_keytab}: For acquiring initiator credentials, the name of -the \DUrole{xref,std,std-ref}{keytab} which will be used, if -necessary, to refresh the credentials in the cache. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{keytab}: For acquiring acceptor credentials, the name of the -\DUrole{xref,std,std-ref}{keytab} to which the handle will refer. -In release 1.19 and later, this option also determines the keytab to -be used for verification when initiator credentials are acquired -using a password and verified. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{password}: For acquiring initiator credentials, this option -instructs the mechanism to acquire fresh credentials into a unique -memory credential cache. This option may not be used with the -\sphinxstylestrong{ccache} or \sphinxstylestrong{client\_keytab} options, and a \sphinxstyleemphasis{desired\_name} must -be specified. (New in release 1.19.) - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{rcache}: For acquiring acceptor credentials, the name of the -\DUrole{xref,std,std-ref}{replay cache} to be used when processing -the initiator tokens. (New in release 1.13.) - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{verify}: For acquiring initiator credentials, this option -instructs the mechanism to verify the credentials by obtaining a -ticket to a service with a known key. The service key is obtained -from the keytab specified with the \sphinxstylestrong{keytab} option or the default -keytab. The value may be the name of a principal in the keytab, or -the empty string. If the empty string is given, any \sphinxcode{\sphinxupquote{host}} -service principal in the keytab may be used. (New in release 1.19.) - -\end{itemize} - -\sphinxAtStartPar -In release 1.20 or later, if a collection name is specified for -\sphinxstylestrong{cache} in a call to gss\_store\_cred\_into(), an existing cache for -the client principal within the collection will be selected, or a new -cache will be created within the collection. If \sphinxstyleemphasis{overwrite\_cred} is -false and the selected credential cache already exists, a -\sphinxstylestrong{GSS\_S\_DUPLICATE\_ELEMENT} error will be returned. If \sphinxstyleemphasis{default\_cred} -is true, the primary cache of the collection will be switched to the -selected cache. - - -\section{Importing and exporting credentials} -\label{\detokenize{appdev/gssapi:importing-and-exporting-credentials}} -\sphinxAtStartPar -The following GSSAPI extensions can be used to import and export -credentials (declared in \sphinxcode{\sphinxupquote{\textless{}gssapi/gssapi\_ext.h\textgreater{}}}): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}export\PYGZus{}cred}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t} \PYG{n}{cred\PYGZus{}handle}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{token}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}import\PYGZus{}cred}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{token}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t} \PYG{o}{*}\PYG{n}{cred\PYGZus{}handle}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The first function serializes a GSSAPI credential handle into a -buffer; the second unseralizes a buffer into a GSSAPI credential -handle. Serializing a credential does not destroy it. If any of the -mechanisms used in \sphinxstyleemphasis{cred\_handle} do not support serialization, -gss\_export\_cred will return \sphinxstylestrong{GSS\_S\_UNAVAILABLE}. As with other -GSSAPI serialization functions, these extensions are only intended to -work with a matching implementation on the other side; they do not -serialize credentials in a standardized format. - -\sphinxAtStartPar -A serialized credential may contain secret information such as ticket -session keys. The serialization format does not protect this -information from eavesdropping or tampering. The calling application -must take care to protect the serialized credential when communicating -it over an insecure channel or to an untrusted party. - -\sphinxAtStartPar -A krb5 GSSAPI credential may contain references to a credential cache, -a client keytab, an acceptor keytab, and a replay cache. These -resources are normally serialized as references to their external -locations (such as the filename of the credential cache). Because of -this, a serialized krb5 credential can only be imported by a process -with similar privileges to the exporter. A serialized credential -should not be trusted if it originates from a source with lower -privileges than the importer, as it may contain references to external -credential cache, keytab, or replay cache resources not accessible to -the originator. - -\sphinxAtStartPar -An exception to the above rule applies when a krb5 GSSAPI credential -refers to a memory credential cache, as is normally the case for -delegated credentials received by \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.1}{gss\_accept\_sec\_context}. In this -case, the contents of the credential cache are serialized, so that the -resulting token may be imported even if the original memory credential -cache no longer exists. - - -\section{Constrained delegation (S4U)} -\label{\detokenize{appdev/gssapi:constrained-delegation-s4u}} -\sphinxAtStartPar -The Microsoft S4U2Self and S4U2Proxy Kerberos protocol extensions -allow an intermediate service to acquire credentials from a client to -a target service without requiring the client to delegate a -ticket\sphinxhyphen{}granting ticket, if the KDC is configured to allow it. - -\sphinxAtStartPar -To perform a constrained delegation operation, the intermediate -service must submit to the KDC an “evidence ticket†from the client to -the intermediate service. An evidence ticket can be acquired when the -client authenticates to the intermediate service with Kerberos, or -with an S4U2Self request if the KDC allows it. The MIT krb5 GSSAPI -library represents an evidence ticket using a “proxy credentialâ€, -which is a special kind of gss\_cred\_id\_t object whose underlying -credential cache contains the evidence ticket and a krbtgt ticket for -the intermediate service. - -\sphinxAtStartPar -To acquire a proxy credential during client authentication, the -service should first create an acceptor credential using the -\sphinxstylestrong{GSS\_C\_BOTH} usage. The application should then pass this -credential as the \sphinxstyleemphasis{acceptor\_cred\_handle} to \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.1}{gss\_accept\_sec\_context}, -and also pass a \sphinxstyleemphasis{delegated\_cred\_handle} output parameter to receive a -proxy credential containing the evidence ticket. The output value of -\sphinxstyleemphasis{delegated\_cred\_handle} may be a delegated ticket\sphinxhyphen{}granting ticket if -the client sent one, or a proxy credential if not. If the library can -determine that the client’s ticket is not a valid evidence ticket, it -will place \sphinxstylestrong{GSS\_C\_NO\_CREDENTIAL} in \sphinxstyleemphasis{delegated\_cred\_handle}. - -\sphinxAtStartPar -To acquire a proxy credential using an S4U2Self request, the service -can use the following GSSAPI extension: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}acquire\PYGZus{}cred\PYGZus{}impersonate\PYGZus{}name}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t} \PYG{n}{icred}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}name\PYGZus{}t} \PYG{n}{desired\PYGZus{}name}\PYG{p}{,} - \PYG{n}{OM\PYGZus{}uint32} \PYG{n}{time\PYGZus{}req}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}OID\PYGZus{}set} \PYG{n}{desired\PYGZus{}mechs}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}usage\PYGZus{}t} \PYG{n}{cred\PYGZus{}usage}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t} \PYG{o}{*}\PYG{n}{output\PYGZus{}cred}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}OID\PYGZus{}set} \PYG{o}{*}\PYG{n}{actual\PYGZus{}mechs}\PYG{p}{,} - \PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{time\PYGZus{}rec}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The parameters to this function are similar to those of -\sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.2}{gss\_acquire\_cred}, except that \sphinxstyleemphasis{icred} is used to make an S4U2Self -request to the KDC for a ticket from \sphinxstyleemphasis{desired\_name} to the -intermediate service. Both \sphinxstyleemphasis{icred} and \sphinxstyleemphasis{desired\_name} are required -for this function; passing \sphinxstylestrong{GSS\_C\_NO\_CREDENTIAL} or -\sphinxstylestrong{GSS\_C\_NO\_NAME} will cause the call to fail. \sphinxstyleemphasis{icred} must contain a -krbtgt ticket for the intermediate service. The result of this -operation is a proxy credential. (Prior to release 1.18, the result -of this operation may be a regular credential for \sphinxstyleemphasis{desired\_name}, if -the KDC issues a non\sphinxhyphen{}forwardable ticket.) - -\sphinxAtStartPar -Once the intermediate service has a proxy credential, it can simply -pass it to \sphinxhref{https://tools.ietf.org/html/rfc2744.html\#section-5.19}{gss\_init\_sec\_context} as the \sphinxstyleemphasis{initiator\_cred\_handle} -parameter, and the desired service as the \sphinxstyleemphasis{target\_name} parameter. -The GSSAPI library will present the krbtgt ticket and evidence ticket -in the proxy credential to the KDC in an S4U2Proxy request; if the -intermediate service has the appropriate permissions, the KDC will -issue a ticket from the client to the target service. The GSSAPI -library will then use this ticket to authenticate to the target -service. - -\sphinxAtStartPar -If an application needs to find out whether a credential it holds is a -proxy credential and the name of the intermediate service, it can -query the credential with the \sphinxstylestrong{GSS\_KRB5\_GET\_CRED\_IMPERSONATOR} OID -(new in release 1.16, declared in \sphinxcode{\sphinxupquote{\textless{}gssapi/gssapi\_krb5.h\textgreater{}}}) using -the gss\_inquire\_cred\_by\_oid extension (declared in -\sphinxcode{\sphinxupquote{\textless{}gssapi/gssapi\_ext.h\textgreater{}}}): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}inquire\PYGZus{}cred\PYGZus{}by\PYGZus{}oid}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{const} \PYG{n}{gss\PYGZus{}cred\PYGZus{}id\PYGZus{}t} \PYG{n}{cred\PYGZus{}handle}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}OID} \PYG{n}{desired\PYGZus{}object}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}buffer\PYGZus{}set\PYGZus{}t} \PYG{o}{*}\PYG{n}{data\PYGZus{}set}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the call succeeds and \sphinxstyleemphasis{cred\_handle} is a proxy credential, -\sphinxstyleemphasis{data\_set} will be set to a single\sphinxhyphen{}element buffer set containing the -unparsed principal name of the intermediate service. If \sphinxstyleemphasis{cred\_handle} -is not a proxy credential, \sphinxstyleemphasis{data\_set} will be set to an empty buffer -set. If the library does not support the query, -gss\_inquire\_cred\_by\_oid will return \sphinxstylestrong{GSS\_S\_UNAVAILABLE}. - - -\section{AEAD message wrapping} -\label{\detokenize{appdev/gssapi:aead-message-wrapping}} -\sphinxAtStartPar -The following GSSAPI extensions (declared in -\sphinxcode{\sphinxupquote{\textless{}gssapi/gssapi\_ext.h\textgreater{}}}) can be used to wrap and unwrap messages -with additional “associated data†which is integrity\sphinxhyphen{}checked but is -not included in the output buffer: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}wrap\PYGZus{}aead}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t} \PYG{n}{context\PYGZus{}handle}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{n}{conf\PYGZus{}req\PYGZus{}flag}\PYG{p}{,} \PYG{n}{gss\PYGZus{}qop\PYGZus{}t} \PYG{n}{qop\PYGZus{}req}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{input\PYGZus{}assoc\PYGZus{}buffer}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{input\PYGZus{}payload\PYGZus{}buffer}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{o}{*}\PYG{n}{conf\PYGZus{}state}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{output\PYGZus{}message\PYGZus{}buffer}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}unwrap\PYGZus{}aead}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t} \PYG{n}{context\PYGZus{}handle}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{input\PYGZus{}message\PYGZus{}buffer}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{input\PYGZus{}assoc\PYGZus{}buffer}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}buffer\PYGZus{}t} \PYG{n}{output\PYGZus{}payload\PYGZus{}buffer}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{o}{*}\PYG{n}{conf\PYGZus{}state}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}qop\PYGZus{}t} \PYG{o}{*}\PYG{n}{qop\PYGZus{}state}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Wrap tokens created with gss\_wrap\_aead will successfully unwrap only -if the same \sphinxstyleemphasis{input\_assoc\_buffer} contents are presented to -gss\_unwrap\_aead. - - -\section{IOV message wrapping} -\label{\detokenize{appdev/gssapi:iov-message-wrapping}} -\sphinxAtStartPar -The following extensions (declared in \sphinxcode{\sphinxupquote{\textless{}gssapi/gssapi\_ext.h\textgreater{}}}) can -be used for in\sphinxhyphen{}place encryption, fine\sphinxhyphen{}grained control over wrap token -layout, and for constructing wrap tokens compatible with Microsoft DCE -RPC: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{typedef} \PYG{n}{struct} \PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc\PYGZus{}struct} \PYG{p}{\PYGZob{}} - \PYG{n}{OM\PYGZus{}uint32} \PYG{n+nb}{type}\PYG{p}{;} - \PYG{n}{gss\PYGZus{}buffer\PYGZus{}desc} \PYG{n}{buffer}\PYG{p}{;} -\PYG{p}{\PYGZcb{}} \PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc}\PYG{p}{,} \PYG{o}{*}\PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}t}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}wrap\PYGZus{}iov}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t} \PYG{n}{context\PYGZus{}handle}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{n}{conf\PYGZus{}req\PYGZus{}flag}\PYG{p}{,} \PYG{n}{gss\PYGZus{}qop\PYGZus{}t} \PYG{n}{qop\PYGZus{}req}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{o}{*}\PYG{n}{conf\PYGZus{}state}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{o}{*}\PYG{n}{iov}\PYG{p}{,} \PYG{n+nb}{int} \PYG{n}{iov\PYGZus{}count}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}unwrap\PYGZus{}iov}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t} \PYG{n}{context\PYGZus{}handle}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{o}{*}\PYG{n}{conf\PYGZus{}state}\PYG{p}{,} \PYG{n}{gss\PYGZus{}qop\PYGZus{}t} \PYG{o}{*}\PYG{n}{qop\PYGZus{}state}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{o}{*}\PYG{n}{iov}\PYG{p}{,} \PYG{n+nb}{int} \PYG{n}{iov\PYGZus{}count}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}wrap\PYGZus{}iov\PYGZus{}length}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t} \PYG{n}{context\PYGZus{}handle}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{n}{conf\PYGZus{}req\PYGZus{}flag}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}qop\PYGZus{}t} \PYG{n}{qop\PYGZus{}req}\PYG{p}{,} \PYG{n+nb}{int} \PYG{o}{*}\PYG{n}{conf\PYGZus{}state}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{o}{*}\PYG{n}{iov}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{n}{iov\PYGZus{}count}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}release\PYGZus{}iov\PYGZus{}buffer}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{o}{*}\PYG{n}{iov}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{n}{iov\PYGZus{}count}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The caller of gss\_wrap\_iov provides an array of gss\_iov\_buffer\_desc -structures, each containing a type and a gss\_buffer\_desc structure. -Valid types include: -\begin{itemize} -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_BUFFER\_TYPE\_DATA}: A data buffer to be included in the -token, and to be encrypted or decrypted in\sphinxhyphen{}place if the token is -confidentiality\sphinxhyphen{}protected. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_BUFFER\_TYPE\_HEADER}: The GSSAPI wrap token header and -underlying cryptographic header. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_BUFFER\_TYPE\_TRAILER}: The cryptographic trailer, if one is -required. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_BUFFER\_TYPE\_PADDING}: Padding to be combined with the data -during encryption and decryption. (The implementation may choose to -place padding in the trailer buffer, in which case it will set the -padding buffer length to 0.) - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_BUFFER\_TYPE\_STREAM}: For unwrapping only, a buffer -containing a complete wrap token in standard format to be unwrapped. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_BUFFER\_TYPE\_SIGN\_ONLY}: A buffer to be included in the -token’s integrity protection checksum, but not to be encrypted or -included in the token itself. - -\end{itemize} - -\sphinxAtStartPar -For gss\_wrap\_iov, the IOV list should contain one HEADER buffer, -followed by zero or more SIGN\_ONLY buffers, followed by one or more -DATA buffers, followed by a TRAILER buffer. The memory pointed to by -the buffers is not required to be contiguous or in any particular -order. If \sphinxstyleemphasis{conf\_req\_flag} is true, DATA buffers will be encrypted -in\sphinxhyphen{}place, while SIGN\_ONLY buffers will not be modified. - -\sphinxAtStartPar -The type of an output buffer may be combined with -\sphinxstylestrong{GSS\_C\_BUFFER\_FLAG\_ALLOCATE} to request that gss\_wrap\_iov allocate -the buffer contents. If gss\_wrap\_iov allocates a buffer, it sets the -\sphinxstylestrong{GSS\_C\_BUFFER\_FLAG\_ALLOCATED} flag on the buffer type. -gss\_release\_iov\_buffer can be used to release all allocated buffers -within an iov list and unset their allocated flags. Here is an -example of how gss\_wrap\_iov can be used with allocation requested -(\sphinxstyleemphasis{ctx} is assumed to be a previously established gss\_ctx\_id\_t): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{;} -\PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{4}\PYG{p}{]}\PYG{p}{;} -\PYG{n}{char} \PYG{n+nb}{str}\PYG{p}{[}\PYG{p}{]} \PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{message}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} - -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}HEADER} \PYG{o}{|} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}FLAG\PYGZus{}ALLOCATE}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}DATA}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{n+nb}{str}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{=} \PYG{n}{strlen}\PYG{p}{(}\PYG{n+nb}{str}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{2}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}PADDING} \PYG{o}{|} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}FLAG\PYGZus{}ALLOCATE}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{3}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}TRAILER} \PYG{o}{|} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}FLAG\PYGZus{}ALLOCATE}\PYG{p}{;} - -\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}wrap\PYGZus{}iov}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} - \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{4}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{GSS\PYGZus{}ERROR}\PYG{p}{(}\PYG{n}{major}\PYG{p}{)}\PYG{p}{)} - \PYG{n}{handle\PYGZus{}error}\PYG{p}{(}\PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{)}\PYG{p}{;} - -\PYG{o}{/}\PYG{o}{*} \PYG{n}{Transmit} \PYG{o+ow}{or} \PYG{n}{otherwise} \PYG{n}{use} \PYG{n}{resulting} \PYG{n}{buffers}\PYG{o}{.} \PYG{o}{*}\PYG{o}{/} - -\PYG{p}{(}\PYG{n}{void}\PYG{p}{)}\PYG{n}{gss\PYGZus{}release\PYGZus{}iov\PYGZus{}buffer}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{4}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the caller does not choose to request buffer allocation by -gss\_wrap\_iov, it should first call gss\_wrap\_iov\_length to query the -lengths of the HEADER, PADDING, and TRAILER buffers. DATA buffers -must be provided in the iov list so that padding length can be -computed correctly, but the output buffers need not be initialized. -Here is an example of using gss\_wrap\_iov\_length and gss\_wrap\_iov: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{;} -\PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{4}\PYG{p}{]}\PYG{p}{;} -\PYG{n}{char} \PYG{n+nb}{str}\PYG{p}{[}\PYG{l+m+mi}{1024}\PYG{p}{]} \PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{message}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{,} \PYG{o}{*}\PYG{n}{ptr}\PYG{p}{;} - -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}HEADER}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}DATA}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{n+nb}{str}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{=} \PYG{n}{strlen}\PYG{p}{(}\PYG{n+nb}{str}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{2}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}PADDING}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{3}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}TRAILER}\PYG{p}{;} - -\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}wrap\PYGZus{}iov\PYGZus{}length}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT}\PYG{p}{,} - \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{4}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{GSS\PYGZus{}ERROR}\PYG{p}{(}\PYG{n}{major}\PYG{p}{)}\PYG{p}{)} - \PYG{n}{handle\PYGZus{}error}\PYG{p}{(}\PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{strlen}\PYG{p}{(}\PYG{n+nb}{str}\PYG{p}{)} \PYG{o}{+} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{+} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{2}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{+} - \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{3}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{\PYGZgt{}} \PYG{n}{sizeof}\PYG{p}{(}\PYG{n+nb}{str}\PYG{p}{)}\PYG{p}{)} - \PYG{n}{handle\PYGZus{}out\PYGZus{}of\PYGZus{}space\PYGZus{}error}\PYG{p}{(}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{ptr} \PYG{o}{=} \PYG{n+nb}{str} \PYG{o}{+} \PYG{n}{strlen}\PYG{p}{(}\PYG{n+nb}{str}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{n}{ptr}\PYG{p}{;} -\PYG{n}{ptr} \PYG{o}{+}\PYG{o}{=} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{2}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{n}{ptr}\PYG{p}{;} -\PYG{n}{ptr} \PYG{o}{+}\PYG{o}{=} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{2}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{3}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{n}{ptr}\PYG{p}{;} - -\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}wrap\PYGZus{}iov}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{l+m+mi}{1}\PYG{p}{,} \PYG{n}{GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} - \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{4}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{GSS\PYGZus{}ERROR}\PYG{p}{(}\PYG{n}{major}\PYG{p}{)}\PYG{p}{)} - \PYG{n}{handle\PYGZus{}error}\PYG{p}{(}\PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the context was established using the \sphinxstylestrong{GSS\_C\_DCE\_STYLE} flag -(described in \index{RFC@\spxentry{RFC}!RFC 4757@\spxentry{RFC 4757}}\sphinxhref{https://tools.ietf.org/html/rfc4757.html}{\sphinxstylestrong{RFC 4757}}), wrap tokens compatible with Microsoft DCE -RPC can be constructed. In this case, the IOV list must include a -SIGN\_ONLY buffer, a DATA buffer, a second SIGN\_ONLY buffer, and a -HEADER buffer in that order (the order of the buffer contents remains -arbitrary). The application must pad the DATA buffer to a multiple of -16 bytes as no padding or trailer buffer is used. - -\sphinxAtStartPar -gss\_unwrap\_iov may be called with an IOV list just like one which -would be provided to gss\_wrap\_iov. DATA buffers will be decrypted -in\sphinxhyphen{}place if they were encrypted, and SIGN\_ONLY buffers will not be -modified. - -\sphinxAtStartPar -Alternatively, gss\_unwrap\_iov may be called with a single STREAM -buffer, zero or more SIGN\_ONLY buffers, and a single DATA buffer. The -STREAM buffer is interpreted as a complete wrap token. The STREAM -buffer will be modified in\sphinxhyphen{}place to decrypt its contents. The DATA -buffer will be initialized to point to the decrypted data within the -STREAM buffer, unless it has the \sphinxstylestrong{GSS\_C\_BUFFER\_FLAG\_ALLOCATE} flag -set, in which case it will be initialized with a copy of the decrypted -data. Here is an example (\sphinxstyleemphasis{token} and \sphinxstyleemphasis{token\_len} are assumed to be a -pre\sphinxhyphen{}existing pointer and length for a modifiable region of data): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{;} -\PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{2}\PYG{p}{]}\PYG{p}{;} - -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}STREAM}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{n}{token}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{=} \PYG{n}{token\PYGZus{}len}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}DATA}\PYG{p}{;} -\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}unwrap\PYGZus{}iov}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{2}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{GSS\PYGZus{}ERROR}\PYG{p}{(}\PYG{n}{major}\PYG{p}{)}\PYG{p}{)} - \PYG{n}{handle\PYGZus{}error}\PYG{p}{(}\PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{)}\PYG{p}{;} - -\PYG{o}{/}\PYG{o}{*} \PYG{n}{Decrypted} \PYG{n}{data} \PYG{o+ow}{is} \PYG{o+ow}{in} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{p}{,} \PYG{n}{pointing} \PYG{n}{to} \PYG{n}{a} \PYG{n}{subregion} \PYG{n}{of} - \PYG{o}{*} \PYG{n}{token}\PYG{o}{.} \PYG{o}{*}\PYG{o}{/} -\end{sphinxVerbatim} - - -\section{IOV MIC tokens} -\label{\detokenize{appdev/gssapi:iov-mic-tokens}}\label{\detokenize{appdev/gssapi:gssapi-mic-token}} -\sphinxAtStartPar -The following extensions (declared in \sphinxcode{\sphinxupquote{\textless{}gssapi/gssapi\_ext.h\textgreater{}}}) can -be used in release 1.12 or later to construct and verify MIC tokens -using an IOV list: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}get\PYGZus{}mic\PYGZus{}iov}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t} \PYG{n}{context\PYGZus{}handle}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}qop\PYGZus{}t} \PYG{n}{qop\PYGZus{}req}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{o}{*}\PYG{n}{iov}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{n}{iov\PYGZus{}count}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}get\PYGZus{}mic\PYGZus{}iov\PYGZus{}length}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t} \PYG{n}{context\PYGZus{}handle}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}qop\PYGZus{}t} \PYG{n}{qop\PYGZus{}req}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{o}{*}\PYG{n}{iov}\PYG{p}{,} - \PYG{n}{iov\PYGZus{}count}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{gss\PYGZus{}verify\PYGZus{}mic\PYGZus{}iov}\PYG{p}{(}\PYG{n}{OM\PYGZus{}uint32} \PYG{o}{*}\PYG{n}{minor\PYGZus{}status}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}ctx\PYGZus{}id\PYGZus{}t} \PYG{n}{context\PYGZus{}handle}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}qop\PYGZus{}t} \PYG{o}{*}\PYG{n}{qop\PYGZus{}state}\PYG{p}{,} - \PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{o}{*}\PYG{n}{iov}\PYG{p}{,} - \PYG{n+nb}{int} \PYG{n}{iov\PYGZus{}count}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The caller of gss\_get\_mic\_iov provides an array of gss\_iov\_buffer\_desc -structures, each containing a type and a gss\_buffer\_desc structure. -Valid types include: -\begin{itemize} -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_BUFFER\_TYPE\_DATA} and \sphinxstylestrong{GSS\_C\_BUFFER\_TYPE\_SIGN\_ONLY}: The -corresponding buffer for each of these types will be signed for the -MIC token, in the order provided. - -\item {} -\sphinxAtStartPar -\sphinxstylestrong{GSS\_C\_BUFFER\_TYPE\_MIC\_TOKEN}: The GSSAPI MIC token. - -\end{itemize} - -\sphinxAtStartPar -The type of the MIC\_TOKEN buffer may be combined with -\sphinxstylestrong{GSS\_C\_BUFFER\_FLAG\_ALLOCATE} to request that gss\_get\_mic\_iov -allocate the buffer contents. If gss\_get\_mic\_iov allocates the -buffer, it sets the \sphinxstylestrong{GSS\_C\_BUFFER\_FLAG\_ALLOCATED} flag on the buffer -type. gss\_release\_iov\_buffer can be used to release all allocated -buffers within an iov list and unset their allocated flags. Here is -an example of how gss\_get\_mic\_iov can be used with allocation -requested (\sphinxstyleemphasis{ctx} is assumed to be a previously established -gss\_ctx\_id\_t): - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{;} -\PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{3}\PYG{p}{]}\PYG{p}{;} - -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}DATA}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{sign1}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{=} \PYG{l+m+mi}{5}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}SIGN\PYGZus{}ONLY}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{sign2}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{=} \PYG{l+m+mi}{5}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{2}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}MIC\PYGZus{}TOKEN} \PYG{o}{|} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}FLAG\PYGZus{}ALLOCATE}\PYG{p}{;} - -\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}get\PYGZus{}mic\PYGZus{}iov}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{n}{GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT}\PYG{p}{,} \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{3}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{GSS\PYGZus{}ERROR}\PYG{p}{(}\PYG{n}{major}\PYG{p}{)}\PYG{p}{)} - \PYG{n}{handle\PYGZus{}error}\PYG{p}{(}\PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{)}\PYG{p}{;} - -\PYG{o}{/}\PYG{o}{*} \PYG{n}{Transmit} \PYG{o+ow}{or} \PYG{n}{otherwise} \PYG{n}{use} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{2}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.} \PYG{o}{*}\PYG{o}{/} - -\PYG{p}{(}\PYG{n}{void}\PYG{p}{)}\PYG{n}{gss\PYGZus{}release\PYGZus{}iov\PYGZus{}buffer}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{3}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -If the caller does not choose to request buffer allocation by -gss\_get\_mic\_iov, it should first call gss\_get\_mic\_iov\_length to query -the length of the MIC\_TOKEN buffer. Here is an example of using -gss\_get\_mic\_iov\_length and gss\_get\_mic\_iov: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{OM\PYGZus{}uint32} \PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{;} -\PYG{n}{gss\PYGZus{}iov\PYGZus{}buffer\PYGZus{}desc} \PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{2}\PYG{p}{]}\PYG{p}{;} -\PYG{n}{char} \PYG{n}{data}\PYG{p}{[}\PYG{l+m+mi}{1024}\PYG{p}{]}\PYG{p}{;} - -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}MIC\PYGZus{}TOKEN}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{type} \PYG{o}{=} \PYG{n}{GSS\PYGZus{}IOV\PYGZus{}BUFFER\PYGZus{}TYPE\PYGZus{}DATA}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{message}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{1}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{=} \PYG{l+m+mi}{7}\PYG{p}{;} - -\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}get\PYGZus{}mic\PYGZus{}iov\PYGZus{}length}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{n}{GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT}\PYG{p}{,} \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{2}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{GSS\PYGZus{}ERROR}\PYG{p}{(}\PYG{n}{major}\PYG{p}{)}\PYG{p}{)} - \PYG{n}{handle\PYGZus{}error}\PYG{p}{(}\PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{length} \PYG{o}{\PYGZgt{}} \PYG{n}{sizeof}\PYG{p}{(}\PYG{n}{data}\PYG{p}{)}\PYG{p}{)} - \PYG{n}{handle\PYGZus{}out\PYGZus{}of\PYGZus{}space\PYGZus{}error}\PYG{p}{(}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{iov}\PYG{p}{[}\PYG{l+m+mi}{0}\PYG{p}{]}\PYG{o}{.}\PYG{n}{buffer}\PYG{o}{.}\PYG{n}{value} \PYG{o}{=} \PYG{n}{data}\PYG{p}{;} - -\PYG{n}{major} \PYG{o}{=} \PYG{n}{gss\PYGZus{}get\PYGZus{}mic\PYGZus{}iov}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{minor}\PYG{p}{,} \PYG{n}{ctx}\PYG{p}{,} \PYG{n}{GSS\PYGZus{}C\PYGZus{}QOP\PYGZus{}DEFAULT}\PYG{p}{,} \PYG{n}{iov}\PYG{p}{,} \PYG{l+m+mi}{2}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{GSS\PYGZus{}ERROR}\PYG{p}{(}\PYG{n}{major}\PYG{p}{)}\PYG{p}{)} - \PYG{n}{handle\PYGZus{}error}\PYG{p}{(}\PYG{n}{major}\PYG{p}{,} \PYG{n}{minor}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - - -\chapter{Year 2038 considerations for uses of krb5\_timestamp} -\label{\detokenize{appdev/y2038:year-2038-considerations-for-uses-of-krb5-timestamp}}\label{\detokenize{appdev/y2038::doc}} -\sphinxAtStartPar -POSIX time values, which measure the number of seconds since January 1 -1970, will exceed the maximum value representable in a signed 32\sphinxhyphen{}bit -integer in January 2038. This documentation describes considerations -for consumers of the MIT krb5 libraries. - -\sphinxAtStartPar -Applications or libraries which use libkrb5 and consume the timestamps -included in credentials or other structures make use of the -{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_timestamp}}}}} type. For historical reasons, krb5\_timestamp -is a signed 32\sphinxhyphen{}bit integer, even on platforms where a larger type is -natively used to represent time values. To behave properly for time -values after January 2038, calling code should cast krb5\_timestamp -values to uint32\_t, and then to time\_t: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{(}\PYG{n}{time\PYGZus{}t}\PYG{p}{)}\PYG{p}{(}\PYG{n}{uint32\PYGZus{}t}\PYG{p}{)}\PYG{n}{timestamp} -\end{sphinxVerbatim} - -\sphinxAtStartPar -Used in this way, krb5\_timestamp values can represent time values up -until February 2106, provided that the platform uses a 64\sphinxhyphen{}bit or -larger time\_t type. This usage will also remain safe if a later -version of MIT krb5 changes krb5\_timestamp to an unsigned 32\sphinxhyphen{}bit -integer. - -\sphinxAtStartPar -The GSSAPI only uses representations of time intervals, not absolute -times. Callers of the GSSAPI should require no changes to behave -correctly after January 2038, provided that they use MIT krb5 release -1.16 or later. - - -\chapter{Differences between Heimdal and MIT Kerberos API} -\label{\detokenize{appdev/h5l_mit_apidiff:differences-between-heimdal-and-mit-kerberos-api}}\label{\detokenize{appdev/h5l_mit_apidiff::doc}} - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|l|l|} -\hline - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_auth_con_getaddrs:c.krb5_auth_con_getaddrs}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_auth\_con\_getaddrs()}}}}} -& -\sphinxAtStartPar -H5l: If either of the pointers to local\_addr -and remote\_addr is not NULL, it is freed -first and then reallocated before being -populated with the content of corresponding -address from authentication context. -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_auth_con_setaddrs:c.krb5_auth_con_setaddrs}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_auth\_con\_setaddrs()}}}}} -& -\sphinxAtStartPar -H5l: If either address is NULL, the previous -address remains in place -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_auth_con_setports:c.krb5_auth_con_setports}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_auth\_con\_setports()}}}}} -& -\sphinxAtStartPar -H5l: Not implemented as of version 1.3.3 -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_auth_con_setrecvsubkey:c.krb5_auth_con_setrecvsubkey}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_auth\_con\_setrecvsubkey()}}}}} -& -\sphinxAtStartPar -H5l: If either port is NULL, the previous -port remains in place -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_auth_con_setsendsubkey:c.krb5_auth_con_setsendsubkey}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_auth\_con\_setsendsubkey()}}}}} -& -\sphinxAtStartPar -H5l: Not implemented as of version 1.3.3 -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_cc_set_config:c.krb5_cc_set_config}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_cc\_set\_config()}}}}} -& -\sphinxAtStartPar -MIT: Before version 1.10 it was assumed that -the last argument \sphinxstyleemphasis{data} is ALWAYS non\sphinxhyphen{}zero. -\\ -\hline -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_cccol\_last\_change\_time()}} -& -\sphinxAtStartPar -MIT: not implemented -\\ -\hline -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_set_default_realm:c.krb5_set_default_realm}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_set\_default\_realm()}}}}} -& -\sphinxAtStartPar -H5l: Caches the computed default realm context -field. If the second argument is NULL, -it tries to retrieve it from libdefaults or DNS. -MIT: Computes the default realm each time -if it wasn’t explicitly set in the context -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\chapter{Initial credentials} -\label{\detokenize{appdev/init_creds:initial-credentials}}\label{\detokenize{appdev/init_creds::doc}} -\sphinxAtStartPar -Software that performs tasks such as logging users into a computer -when they type their Kerberos password needs to get initial -credentials (usually ticket granting tickets) from Kerberos. Such -software shares some behavior with the \DUrole{xref,std,std-ref}{kinit(1)} program. - -\sphinxAtStartPar -Whenever a program grants access to a resource (such as a local login -session on a desktop computer) based on a user successfully getting -initial Kerberos credentials, it must verify those credentials against -a secure shared secret (e.g., a host keytab) to ensure that the user -credentials actually originate from a legitimate KDC. Failure to -perform this verification is a critical vulnerability, because a -malicious user can execute the “Zanarotti attackâ€: the user constructs -a fake response that appears to come from the legitimate KDC, but -whose contents come from an attacker\sphinxhyphen{}controlled KDC. - -\sphinxAtStartPar -Some applications read a Kerberos password over the network (ideally -over a secure channel), which they then verify against the KDC. While -this technique may be the only practical way to integrate Kerberos -into some existing legacy systems, its use is contrary to the original -design goals of Kerberos. - -\sphinxAtStartPar -The function {\hyperref[\detokenize{appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_get\_init\_creds\_password()}}}}} will get initial -credentials for a client using a password. An application that needs -to verify the credentials can call {\hyperref[\detokenize{appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_verify\_init\_creds()}}}}}. -Here is an example of code to obtain and verify TGT credentials, given -strings \sphinxstyleemphasis{princname} and \sphinxstyleemphasis{password} for the client principal name and -password: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{krb5\PYGZus{}error\PYGZus{}code} \PYG{n}{ret}\PYG{p}{;} -\PYG{n}{krb5\PYGZus{}creds} \PYG{n}{creds}\PYG{p}{;} -\PYG{n}{krb5\PYGZus{}principal} \PYG{n}{client\PYGZus{}princ} \PYG{o}{=} \PYG{n}{NULL}\PYG{p}{;} - -\PYG{n}{memset}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{,} \PYG{l+m+mi}{0}\PYG{p}{,} \PYG{n}{sizeof}\PYG{p}{(}\PYG{n}{creds}\PYG{p}{)}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}parse\PYGZus{}name}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{n}{princname}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{client\PYGZus{}princ}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{ret}\PYG{p}{)} - \PYG{n}{goto} \PYG{n}{cleanup}\PYG{p}{;} -\PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}password}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{,} \PYG{n}{client\PYGZus{}princ}\PYG{p}{,} - \PYG{n}{password}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{l+m+mi}{0}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{ret}\PYG{p}{)} - \PYG{n}{goto} \PYG{n}{cleanup}\PYG{p}{;} -\PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}verify\PYGZus{}init\PYGZus{}creds}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{cleanup}\PYG{p}{:} -\PYG{n}{krb5\PYGZus{}free\PYGZus{}principal}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{n}{client\PYGZus{}princ}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{krb5\PYGZus{}free\PYGZus{}cred\PYGZus{}contents}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{return} \PYG{n}{ret}\PYG{p}{;} -\end{sphinxVerbatim} - - -\section{Options for get\_init\_creds} -\label{\detokenize{appdev/init_creds:options-for-get-init-creds}} -\sphinxAtStartPar -The function {\hyperref[\detokenize{appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_get\_init\_creds\_password()}}}}} takes an options -parameter (which can be a null pointer). Use the function -{\hyperref[\detokenize{appdev/refs/api/krb5_get_init_creds_opt_alloc:c.krb5_get_init_creds_opt_alloc}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_get\_init\_creds\_opt\_alloc()}}}}} to allocate an options -structure, and {\hyperref[\detokenize{appdev/refs/api/krb5_get_init_creds_opt_free:c.krb5_get_init_creds_opt_free}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_get\_init\_creds\_opt\_free()}}}}} to free it. For -example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{krb5\PYGZus{}error\PYGZus{}code} \PYG{n}{ret}\PYG{p}{;} -\PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt} \PYG{o}{*}\PYG{n}{opt} \PYG{o}{=} \PYG{n}{NULL}\PYG{p}{;} -\PYG{n}{krb5\PYGZus{}creds} \PYG{n}{creds}\PYG{p}{;} - -\PYG{n}{memset}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{,} \PYG{l+m+mi}{0}\PYG{p}{,} \PYG{n}{sizeof}\PYG{p}{(}\PYG{n}{creds}\PYG{p}{)}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}alloc}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{opt}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{ret}\PYG{p}{)} - \PYG{n}{goto} \PYG{n}{cleanup}\PYG{p}{;} -\PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}set\PYGZus{}tkt\PYGZus{}life}\PYG{p}{(}\PYG{n}{opt}\PYG{p}{,} \PYG{l+m+mi}{24} \PYG{o}{*} \PYG{l+m+mi}{60} \PYG{o}{*} \PYG{l+m+mi}{60}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}password}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{,} \PYG{n}{client\PYGZus{}princ}\PYG{p}{,} - \PYG{n}{password}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{l+m+mi}{0}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{opt}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{ret}\PYG{p}{)} - \PYG{n}{goto} \PYG{n}{cleanup}\PYG{p}{;} - -\PYG{n}{cleanup}\PYG{p}{:} -\PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}free}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{n}{opt}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{krb5\PYGZus{}free\PYGZus{}cred\PYGZus{}contents}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{return} \PYG{n}{ret}\PYG{p}{;} -\end{sphinxVerbatim} - - -\section{Getting anonymous credentials} -\label{\detokenize{appdev/init_creds:getting-anonymous-credentials}} -\sphinxAtStartPar -As of release 1.8, it is possible to obtain fully anonymous or -partially anonymous (realm\sphinxhyphen{}exposed) credentials, if the KDC supports -it. The MIT KDC supports issuing fully anonymous credentials as of -release 1.8 if configured appropriately (see \DUrole{xref,std,std-ref}{anonymous\_pkinit}), -but does not support issuing realm\sphinxhyphen{}exposed anonymous credentials at -this time. - -\sphinxAtStartPar -To obtain fully anonymous credentials, call -{\hyperref[\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_anonymous:c.krb5_get_init_creds_opt_set_anonymous}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_get\_init\_creds\_opt\_set\_anonymous()}}}}} on the options -structure to set the anonymous flag, and specify a client principal -with the KDC’s realm and a single empty data component (the principal -obtained by parsing \sphinxcode{\sphinxupquote{@}}\sphinxstyleemphasis{realmname}). Authentication will take -place using anonymous PKINIT; if successful, the client principal of -the resulting tickets will be -\sphinxcode{\sphinxupquote{WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS}}. Here is an example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}set\PYGZus{}anonymous}\PYG{p}{(}\PYG{n}{opt}\PYG{p}{,} \PYG{l+m+mi}{1}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}build\PYGZus{}principal}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{client\PYGZus{}princ}\PYG{p}{,} \PYG{n}{strlen}\PYG{p}{(}\PYG{n}{myrealm}\PYG{p}{)}\PYG{p}{,} - \PYG{n}{myrealm}\PYG{p}{,} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{,} \PYG{p}{(}\PYG{n}{char} \PYG{o}{*}\PYG{p}{)}\PYG{n}{NULL}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{ret}\PYG{p}{)} - \PYG{n}{goto} \PYG{n}{cleanup}\PYG{p}{;} -\PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}password}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{,} \PYG{n}{client\PYGZus{}princ}\PYG{p}{,} - \PYG{n}{password}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{l+m+mi}{0}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{opt}\PYG{p}{)}\PYG{p}{;} -\PYG{k}{if} \PYG{p}{(}\PYG{n}{ret}\PYG{p}{)} - \PYG{n}{goto} \PYG{n}{cleanup}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -To obtain realm\sphinxhyphen{}exposed anonymous credentials, set the anonymous flag -on the options structure as above, but specify a normal client -principal in order to prove membership in the realm. Authentication -will take place as it normally does; if successful, the client -principal of the resulting tickets will be \sphinxcode{\sphinxupquote{WELLKNOWN/ANONYMOUS@}}\sphinxstyleemphasis{realmname}. - - -\section{User interaction} -\label{\detokenize{appdev/init_creds:user-interaction}} -\sphinxAtStartPar -Authenticating a user usually requires the entry of secret -information, such as a password. A password can be supplied directly -to {\hyperref[\detokenize{appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_get\_init\_creds\_password()}}}}} via the \sphinxstyleemphasis{password} -parameter, or the application can supply prompter and/or responder -callbacks instead. If callbacks are used, the user can also be -queried for other secret information such as a PIN, informed of -impending password expiration, or prompted to change a password which -has expired. - - -\subsection{Prompter callback} -\label{\detokenize{appdev/init_creds:prompter-callback}} -\sphinxAtStartPar -A prompter callback can be specified via the \sphinxstyleemphasis{prompter} and \sphinxstyleemphasis{data} -parameters to {\hyperref[\detokenize{appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_get\_init\_creds\_password()}}}}}. The prompter -will be invoked each time the krb5 library has a question to ask or -information to present. When the prompter callback is invoked, the -\sphinxstyleemphasis{banner} argument (if not null) is intended to be displayed to the -user, and the questions to be answered are specified in the \sphinxstyleemphasis{prompts} -array. Each prompt contains a text question in the \sphinxstyleemphasis{prompt} field, a -\sphinxstyleemphasis{hidden} bit to indicate whether the answer should be hidden from -display, and a storage area for the answer in the \sphinxstyleemphasis{reply} field. The -callback should fill in each question’s \sphinxcode{\sphinxupquote{reply\sphinxhyphen{}\textgreater{}data}} with the -answer, up to a maximum number of \sphinxcode{\sphinxupquote{reply\sphinxhyphen{}\textgreater{}length}} bytes, and then -reset \sphinxcode{\sphinxupquote{reply\sphinxhyphen{}\textgreater{}length}} to the length of the answer. - -\sphinxAtStartPar -A prompter callback can call {\hyperref[\detokenize{appdev/refs/api/krb5_get_prompt_types:c.krb5_get_prompt_types}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_get\_prompt\_types()}}}}} to get an -array of type constants corresponding to the prompts, to get -programmatic information about the semantic meaning of the questions. -{\hyperref[\detokenize{appdev/refs/api/krb5_get_prompt_types:c.krb5_get_prompt_types}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_get\_prompt\_types()}}}}} may return a null pointer if no prompt -type information is available. - -\sphinxAtStartPar -Text\sphinxhyphen{}based applications can use a built\sphinxhyphen{}in text prompter -implementation by supplying {\hyperref[\detokenize{appdev/refs/api/krb5_prompter_posix:c.krb5_prompter_posix}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_prompter\_posix()}}}}} as the -\sphinxstyleemphasis{prompter} parameter and a null pointer as the \sphinxstyleemphasis{data} parameter. For -example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}password}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{,} \PYG{n}{client\PYGZus{}princ}\PYG{p}{,} - \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{krb5\PYGZus{}prompter\PYGZus{}posix}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{l+m+mi}{0}\PYG{p}{,} - \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - - -\subsection{Responder callback} -\label{\detokenize{appdev/init_creds:responder-callback}} -\sphinxAtStartPar -A responder callback can be specified through the init\_creds options -using the {\hyperref[\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_responder:c.krb5_get_init_creds_opt_set_responder}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_get\_init\_creds\_opt\_set\_responder()}}}}} function. -Responder callbacks can present a more sophisticated user interface -for authentication secrets. The responder callback is usually invoked -only once per authentication, with a list of questions produced by all -of the allowed preauthentication mechanisms. - -\sphinxAtStartPar -When the responder callback is invoked, the \sphinxstyleemphasis{rctx} argument can be -accessed to obtain the list of questions and to answer them. The -{\hyperref[\detokenize{appdev/refs/api/krb5_responder_list_questions:c.krb5_responder_list_questions}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_responder\_list\_questions()}}}}} function retrieves an array of -question types. For each question type, the -{\hyperref[\detokenize{appdev/refs/api/krb5_responder_get_challenge:c.krb5_responder_get_challenge}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_responder\_get\_challenge()}}}}} function retrieves additional -information about the question, if applicable, and the -{\hyperref[\detokenize{appdev/refs/api/krb5_responder_set_answer:c.krb5_responder_set_answer}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_responder\_set\_answer()}}}}} function sets the answer. - -\sphinxAtStartPar -Responder question types, challenges, and answers are UTF\sphinxhyphen{}8 strings. -The question type is a well\sphinxhyphen{}known string; the meaning of the challenge -and answer depend on the question type. If an application does not -understand a question type, it cannot interpret the challenge or -provide an answer. Failing to answer a question typically results in -the prompter callback being used as a fallback. - - -\subsubsection{Password question} -\label{\detokenize{appdev/init_creds:password-question}} -\sphinxAtStartPar -The \sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_QUESTION\_PASSWORD}} (or \sphinxcode{\sphinxupquote{"password"}}) -question type requests the user’s password. This question does not -have a challenge, and the response is simply the password string. - - -\subsubsection{One\sphinxhyphen{}time password question} -\label{\detokenize{appdev/init_creds:one-time-password-question}} -\sphinxAtStartPar -The \sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_QUESTION\_OTP}} (or \sphinxcode{\sphinxupquote{"otp"}}) question -type requests a choice among one\sphinxhyphen{}time password tokens and the PIN and -value for the chosen token. The challenge and answer are JSON\sphinxhyphen{}encoded -strings, but an application can use convenience functions to avoid -doing any JSON processing itself. - -\sphinxAtStartPar -The {\hyperref[\detokenize{appdev/refs/api/krb5_responder_otp_get_challenge:c.krb5_responder_otp_get_challenge}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_responder\_otp\_get\_challenge()}}}}} function decodes the -challenge into a krb5\_responder\_otp\_challenge structure. The -{\hyperref[\detokenize{appdev/refs/api/krb5_responder_otp_set_answer:c.krb5_responder_otp_set_answer}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_responder\_otp\_set\_answer()}}}}} function selects one of the -token information elements from the challenge and supplies the value -and pin for that token. - - -\subsubsection{PKINIT password or PIN question} -\label{\detokenize{appdev/init_creds:pkinit-password-or-pin-question}} -\sphinxAtStartPar -The \sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_QUESTION\_PKINIT}} (or \sphinxcode{\sphinxupquote{"pkinit"}}) question -type requests PINs for hardware devices and/or passwords for encrypted -credentials which are stored on disk, potentially also supplying -information about the state of the hardware devices. The challenge and -answer are JSON\sphinxhyphen{}encoded strings, but an application can use convenience -functions to avoid doing any JSON processing itself. - -\sphinxAtStartPar -The {\hyperref[\detokenize{appdev/refs/api/krb5_responder_pkinit_get_challenge:c.krb5_responder_pkinit_get_challenge}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_responder\_pkinit\_get\_challenge()}}}}} function decodes the -challenges into a krb5\_responder\_pkinit\_challenge structure. The -{\hyperref[\detokenize{appdev/refs/api/krb5_responder_pkinit_set_answer:c.krb5_responder_pkinit_set_answer}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_responder\_pkinit\_set\_answer()}}}}} function can be used to -supply the PIN or password for a particular client credential, and can -be called multiple times. - - -\subsubsection{Example} -\label{\detokenize{appdev/init_creds:example}} -\sphinxAtStartPar -Here is an example of using a responder callback: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{static} \PYG{n}{krb5\PYGZus{}error\PYGZus{}code} -\PYG{n}{my\PYGZus{}responder}\PYG{p}{(}\PYG{n}{krb5\PYGZus{}context} \PYG{n}{context}\PYG{p}{,} \PYG{n}{void} \PYG{o}{*}\PYG{n}{data}\PYG{p}{,} - \PYG{n}{krb5\PYGZus{}responder\PYGZus{}context} \PYG{n}{rctx}\PYG{p}{)} -\PYG{p}{\PYGZob{}} - \PYG{n}{krb5\PYGZus{}error\PYGZus{}code} \PYG{n}{ret}\PYG{p}{;} - \PYG{n}{krb5\PYGZus{}responder\PYGZus{}otp\PYGZus{}challenge} \PYG{o}{*}\PYG{n}{chl}\PYG{p}{;} - - \PYG{k}{if} \PYG{p}{(}\PYG{n}{krb5\PYGZus{}responder\PYGZus{}get\PYGZus{}challenge}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{n}{rctx}\PYG{p}{,} - \PYG{n}{KRB5\PYGZus{}RESPONDER\PYGZus{}QUESTION\PYGZus{}PASSWORD}\PYG{p}{)}\PYG{p}{)} \PYG{p}{\PYGZob{}} - \PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}responder\PYGZus{}set\PYGZus{}answer}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{n}{rctx}\PYG{p}{,} - \PYG{n}{KRB5\PYGZus{}RESPONDER\PYGZus{}QUESTION\PYGZus{}PASSWORD}\PYG{p}{,} - \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{open sesame}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{)}\PYG{p}{;} - \PYG{k}{if} \PYG{p}{(}\PYG{n}{ret}\PYG{p}{)} - \PYG{k}{return} \PYG{n}{ret}\PYG{p}{;} - \PYG{p}{\PYGZcb{}} - \PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}responder\PYGZus{}otp\PYGZus{}get\PYGZus{}challenge}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{n}{rctx}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{chl}\PYG{p}{)}\PYG{p}{;} - \PYG{k}{if} \PYG{p}{(}\PYG{n}{ret} \PYG{o}{==} \PYG{l+m+mi}{0} \PYG{o}{\PYGZam{}}\PYG{o}{\PYGZam{}} \PYG{n}{chl} \PYG{o}{!=} \PYG{n}{NULL}\PYG{p}{)} \PYG{p}{\PYGZob{}} - \PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}responder\PYGZus{}otp\PYGZus{}set\PYGZus{}answer}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{n}{rctx}\PYG{p}{,} \PYG{l+m+mi}{0}\PYG{p}{,} \PYG{l+s+s2}{\PYGZdq{}}\PYG{l+s+s2}{1234}\PYG{l+s+s2}{\PYGZdq{}}\PYG{p}{,} - \PYG{n}{NULL}\PYG{p}{)}\PYG{p}{;} - \PYG{n}{krb5\PYGZus{}responder\PYGZus{}otp\PYGZus{}challenge\PYGZus{}free}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{n}{rctx}\PYG{p}{,} \PYG{n}{chl}\PYG{p}{)}\PYG{p}{;} - \PYG{k}{if} \PYG{p}{(}\PYG{n}{ret}\PYG{p}{)} - \PYG{k}{return} \PYG{n}{ret}\PYG{p}{;} - \PYG{p}{\PYGZcb{}} - \PYG{k}{return} \PYG{l+m+mi}{0}\PYG{p}{;} -\PYG{p}{\PYGZcb{}} - -\PYG{n}{static} \PYG{n}{krb5\PYGZus{}error\PYGZus{}code} -\PYG{n}{get\PYGZus{}creds}\PYG{p}{(}\PYG{n}{krb5\PYGZus{}context} \PYG{n}{context}\PYG{p}{,} \PYG{n}{krb5\PYGZus{}principal} \PYG{n}{client\PYGZus{}princ}\PYG{p}{)} -\PYG{p}{\PYGZob{}} - \PYG{n}{krb5\PYGZus{}error\PYGZus{}code} \PYG{n}{ret}\PYG{p}{;} - \PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt} \PYG{o}{*}\PYG{n}{opt} \PYG{o}{=} \PYG{n}{NULL}\PYG{p}{;} - \PYG{n}{krb5\PYGZus{}creds} \PYG{n}{creds}\PYG{p}{;} - - \PYG{n}{memset}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{,} \PYG{l+m+mi}{0}\PYG{p}{,} \PYG{n}{sizeof}\PYG{p}{(}\PYG{n}{creds}\PYG{p}{)}\PYG{p}{)}\PYG{p}{;} - \PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}alloc}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{opt}\PYG{p}{)}\PYG{p}{;} - \PYG{k}{if} \PYG{p}{(}\PYG{n}{ret}\PYG{p}{)} - \PYG{n}{goto} \PYG{n}{cleanup}\PYG{p}{;} - \PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}set\PYGZus{}responder}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{n}{opt}\PYG{p}{,} \PYG{n}{my\PYGZus{}responder}\PYG{p}{,} - \PYG{n}{NULL}\PYG{p}{)}\PYG{p}{;} - \PYG{k}{if} \PYG{p}{(}\PYG{n}{ret}\PYG{p}{)} - \PYG{n}{goto} \PYG{n}{cleanup}\PYG{p}{;} - \PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}password}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{,} \PYG{n}{client\PYGZus{}princ}\PYG{p}{,} - \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{l+m+mi}{0}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{opt}\PYG{p}{)}\PYG{p}{;} - -\PYG{n}{cleanup}\PYG{p}{:} - \PYG{n}{krb5\PYGZus{}get\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}free}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{n}{opt}\PYG{p}{)}\PYG{p}{;} - \PYG{n}{krb5\PYGZus{}free\PYGZus{}cred\PYGZus{}contents}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{)}\PYG{p}{;} - \PYG{k}{return} \PYG{n}{ret}\PYG{p}{;} -\PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - - -\section{Verifying initial credentials} -\label{\detokenize{appdev/init_creds:verifying-initial-credentials}} -\sphinxAtStartPar -Use the function {\hyperref[\detokenize{appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_verify\_init\_creds()}}}}} to verify initial -credentials. It takes an options structure (which can be a null -pointer). Use {\hyperref[\detokenize{appdev/refs/api/krb5_verify_init_creds_opt_init:c.krb5_verify_init_creds_opt_init}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_verify\_init\_creds\_opt\_init()}}}}} to initialize -the caller\sphinxhyphen{}allocated options structure, and -{\hyperref[\detokenize{appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail:c.krb5_verify_init_creds_opt_set_ap_req_nofail}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail()}}}}} to set the -“nofail†option. For example: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{n}{krb5\PYGZus{}verify\PYGZus{}init\PYGZus{}creds\PYGZus{}opt} \PYG{n}{vopt}\PYG{p}{;} - -\PYG{n}{krb5\PYGZus{}verify\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}init}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{vopt}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{krb5\PYGZus{}verify\PYGZus{}init\PYGZus{}creds\PYGZus{}opt\PYGZus{}set\PYGZus{}ap\PYGZus{}req\PYGZus{}nofail}\PYG{p}{(}\PYG{o}{\PYGZam{}}\PYG{n}{vopt}\PYG{p}{,} \PYG{l+m+mi}{1}\PYG{p}{)}\PYG{p}{;} -\PYG{n}{ret} \PYG{o}{=} \PYG{n}{krb5\PYGZus{}verify\PYGZus{}init\PYGZus{}creds}\PYG{p}{(}\PYG{n}{context}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{creds}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{n}{NULL}\PYG{p}{,} \PYG{o}{\PYGZam{}}\PYG{n}{vopt}\PYG{p}{)}\PYG{p}{;} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The confusingly named “nofail†option, when set, means that the -verification must actually succeed in order for -{\hyperref[\detokenize{appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_verify\_init\_creds()}}}}} to indicate success. The default -state of this option (cleared) means that if there is no key material -available to verify the user credentials, the verification will -succeed anyway. (The default can be changed by a configuration file -setting.) - -\sphinxAtStartPar -This accommodates a use case where a large number of unkeyed shared -desktop workstations need to allow users to log in using Kerberos. -The security risks from this practice are mitigated by the absence of -valuable state on the shared workstations—any valuable resources -that the users would access reside on networked servers. - - -\chapter{Principal manipulation and parsing} -\label{\detokenize{appdev/princ_handle:principal-manipulation-and-parsing}}\label{\detokenize{appdev/princ_handle::doc}} -\sphinxAtStartPar -Kerberos principal structure - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_principal\_data}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_principal}}}}} - -\sphinxAtStartPar -Create and free principal - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_build_principal:c.krb5_build_principal}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_build\_principal()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_build_principal_alloc_va:c.krb5_build_principal_alloc_va}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_build\_principal\_alloc\_va()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_build_principal_ext:c.krb5_build_principal_ext}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_build\_principal\_ext()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_copy_principal:c.krb5_copy_principal}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_copy\_principal()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_free_principal:c.krb5_free_principal}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_free\_principal()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_cc_get_principal:c.krb5_cc_get_principal}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_cc\_get\_principal()}}}}} - -\sphinxAtStartPar -Comparing - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_principal_compare:c.krb5_principal_compare}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_principal\_compare()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_principal_compare_flags:c.krb5_principal_compare_flags}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_principal\_compare\_flags()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_principal_compare_any_realm:c.krb5_principal_compare_any_realm}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_principal\_compare\_any\_realm()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_sname_match:c.krb5_sname_match}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_sname\_match()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_sname_to_principal:c.krb5_sname_to_principal}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_sname\_to\_principal()}}}}} - -\sphinxAtStartPar -Parsing: - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_parse_name:c.krb5_parse_name}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_parse\_name()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_parse_name_flags:c.krb5_parse_name_flags}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_parse\_name\_flags()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_unparse_name:c.krb5_unparse_name}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_unparse\_name()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_unparse_name_flags:c.krb5_unparse_name_flags}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_unparse\_name\_flags()}}}}} - -\sphinxAtStartPar -Utilities: - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_is_config_principal:c.krb5_is_config_principal}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_is\_config\_principal()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_kuserok:c.krb5_kuserok}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_kuserok()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_set_password:c.krb5_set_password}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_set\_password()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_set_password_using_ccache:c.krb5_set_password_using_ccache}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_set\_password\_using\_ccache()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_set_principal_realm:c.krb5_set_principal_realm}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_set\_principal\_realm()}}}}} - -\sphinxAtStartPar -{\hyperref[\detokenize{appdev/refs/api/krb5_realm_compare:c.krb5_realm_compare}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_realm\_compare()}}}}} - - -\chapter{Complete reference \sphinxhyphen{} API and datatypes} -\label{\detokenize{appdev/refs/index:complete-reference-api-and-datatypes}}\label{\detokenize{appdev/refs/index::doc}} - -\section{krb5 API} -\label{\detokenize{appdev/refs/api/index:krb5-api}}\label{\detokenize{appdev/refs/api/index::doc}} - -\subsection{Frequently used public interfaces} -\label{\detokenize{appdev/refs/api/index:frequently-used-public-interfaces}} - -\subsubsection{krb5\_build\_principal \sphinxhyphen{} Build a principal name using null\sphinxhyphen{}terminated strings.} -\label{\detokenize{appdev/refs/api/krb5_build_principal:krb5-build-principal-build-a-principal-name-using-null-terminated-strings}}\label{\detokenize{appdev/refs/api/krb5_build_principal::doc}}\index{krb5\_build\_principal (C function)@\spxentry{krb5\_build\_principal}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_build_principal:c.krb5_build_principal}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_build\_principal}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{princ}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{rlen}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}, \DUrole{p}{...}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{princ} \sphinxhyphen{} Principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rlen} \sphinxhyphen{} Realm name length - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{realm} \sphinxhyphen{} Realm name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Call krb5\_free\_principal() to free \sphinxstyleemphasis{princ} when it is no longer needed. - -\sphinxAtStartPar -Beginning with release 1.20, the name type of the principal will be inferred as \sphinxstylestrong{KRB5\_NT\_SRV\_INST} or \sphinxstylestrong{KRB5\_NT\_WELLKNOWN} based on the principal name. The type will be \sphinxstylestrong{KRB5\_NT\_PRINCIPAL} if a type cannot be inferred. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -krb5\_build\_principal() and krb5\_build\_principal\_alloc\_va() perform the same task. krb5\_build\_principal() takes variadic arguments. krb5\_build\_principal\_alloc\_va() takes a pre\sphinxhyphen{}computed \sphinxstyleemphasis{varargs} pointer. -\end{sphinxadmonition} - - -\subsubsection{krb5\_build\_principal\_alloc\_va \sphinxhyphen{} Build a principal name, using a precomputed variable argument list.} -\label{\detokenize{appdev/refs/api/krb5_build_principal_alloc_va:krb5-build-principal-alloc-va-build-a-principal-name-using-a-precomputed-variable-argument-list}}\label{\detokenize{appdev/refs/api/krb5_build_principal_alloc_va::doc}}\index{krb5\_build\_principal\_alloc\_va (C function)@\spxentry{krb5\_build\_principal\_alloc\_va}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_build_principal_alloc_va:c.krb5_build_principal_alloc_va}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_build\_principal\_alloc\_va}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{princ}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{rlen}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}, \DUrole{n}{va\_list}\DUrole{w}{ }\DUrole{n}{ap}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{princ} \sphinxhyphen{} Principal structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rlen} \sphinxhyphen{} Realm name length - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{realm} \sphinxhyphen{} Realm name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ap} \sphinxhyphen{} List of char * components, ending with NULL - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Similar to krb5\_build\_principal(), this function builds a principal name, but its name components are specified as a va\_list. - -\sphinxAtStartPar -Use krb5\_free\_principal() to deallocate \sphinxstyleemphasis{princ} when it is no longer needed. - - -\subsubsection{krb5\_build\_principal\_ext \sphinxhyphen{} Build a principal name using length\sphinxhyphen{}counted strings.} -\label{\detokenize{appdev/refs/api/krb5_build_principal_ext:krb5-build-principal-ext-build-a-principal-name-using-length-counted-strings}}\label{\detokenize{appdev/refs/api/krb5_build_principal_ext::doc}}\index{krb5\_build\_principal\_ext (C function)@\spxentry{krb5\_build\_principal\_ext}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_build_principal_ext:c.krb5_build_principal_ext}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_build\_principal\_ext}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{princ}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{rlen}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}, \DUrole{p}{...}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{princ} \sphinxhyphen{} Principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rlen} \sphinxhyphen{} Realm name length - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{realm} \sphinxhyphen{} Realm name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a principal from a length\sphinxhyphen{}counted string and a variable\sphinxhyphen{}length list of length\sphinxhyphen{}counted components. The list of components ends with the first 0 length argument (so it is not possible to specify an empty component with this function). Call krb5\_free\_principal() to free allocated memory for principal when it is no longer needed. - -\sphinxAtStartPar -Beginning with release 1.20, the name type of the principal will be inferred as \sphinxstylestrong{KRB5\_NT\_SRV\_INST} or \sphinxstylestrong{KRB5\_NT\_WELLKNOWN} based on the principal name. The type will be \sphinxstylestrong{KRB5\_NT\_PRINCIPAL} if a type cannot be inferred. - - -\subsubsection{krb5\_cc\_close \sphinxhyphen{} Close a credential cache handle.} -\label{\detokenize{appdev/refs/api/krb5_cc_close:krb5-cc-close-close-a-credential-cache-handle}}\label{\detokenize{appdev/refs/api/krb5_cc_close::doc}}\index{krb5\_cc\_close (C function)@\spxentry{krb5\_cc\_close}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_close:c.krb5_cc_close}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_close}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function closes a credential cache handle \sphinxstyleemphasis{cache} without affecting the contents of the cache. - - -\subsubsection{krb5\_cc\_default \sphinxhyphen{} Resolve the default credential cache name.} -\label{\detokenize{appdev/refs/api/krb5_cc_default:krb5-cc-default-resolve-the-default-credential-cache-name}}\label{\detokenize{appdev/refs/api/krb5_cc_default::doc}}\index{krb5\_cc\_default (C function)@\spxentry{krb5\_cc\_default}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_default:c.krb5_cc_default}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_default}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ccache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Pointer to credential cache name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KV5M\_CONTEXT Bad magic number for \_krb5\_context structure - -\item {} -\sphinxAtStartPar -KRB5\_FCC\_INTERNAL The name of the default credential cache cannot be obtained - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Create a handle to the default credential cache as given by krb5\_cc\_default\_name(). - - -\subsubsection{krb5\_cc\_default\_name \sphinxhyphen{} Return the name of the default credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_default_name:krb5-cc-default-name-return-the-name-of-the-default-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_default_name::doc}}\index{krb5\_cc\_default\_name (C function)@\spxentry{krb5\_cc\_default\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_default_name:c.krb5_cc_default_name}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_default\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Name of default credential cache for the current user. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Return a pointer to the default credential cache name for \sphinxstyleemphasis{context} , as determined by a prior call to krb5\_cc\_set\_default\_name(), by the KRB5CCNAME environment variable, by the default\_ccache\_name profile variable, or by the operating system or build\sphinxhyphen{}time default value. The returned value must not be modified or freed by the caller. The returned value becomes invalid when \sphinxstyleemphasis{context} is destroyed krb5\_free\_context() or if a subsequent call to krb5\_cc\_set\_default\_name() is made on \sphinxstyleemphasis{context} . - -\sphinxAtStartPar -The default credential cache name is cached in \sphinxstyleemphasis{context} between calls to this function, so if the value of KRB5CCNAME changes in the process environment after the first call to this function on, that change will not be reflected in later calls with the same context. The caller can invoke krb5\_cc\_set\_default\_name() with a NULL value of \sphinxstyleemphasis{name} to clear the cached value and force the default name to be recomputed. - - -\subsubsection{krb5\_cc\_destroy \sphinxhyphen{} Destroy a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_destroy:krb5-cc-destroy-destroy-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_destroy::doc}}\index{krb5\_cc\_destroy (C function)@\spxentry{krb5\_cc\_destroy}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_destroy:c.krb5_cc_destroy}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_destroy}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Permission errors - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function destroys any existing contents of \sphinxstyleemphasis{cache} and closes the handle to it. - - -\subsubsection{krb5\_cc\_dup \sphinxhyphen{} Duplicate ccache handle.} -\label{\detokenize{appdev/refs/api/krb5_cc_dup:krb5-cc-dup-duplicate-ccache-handle}}\label{\detokenize{appdev/refs/api/krb5_cc_dup::doc}}\index{krb5\_cc\_dup (C function)@\spxentry{krb5\_cc\_dup}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_dup:c.krb5_cc_dup}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_dup}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{in}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in} \sphinxhyphen{} Credential cache handle to be duplicated - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} - -\sphinxAtStartPar -Create a new handle referring to the same cache as \sphinxstyleemphasis{in} . The new handle and \sphinxstyleemphasis{in} can be closed independently. - - -\subsubsection{krb5\_cc\_get\_name \sphinxhyphen{} Retrieve the name, but not type of a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_get_name:krb5-cc-get-name-retrieve-the-name-but-not-type-of-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_get_name::doc}}\index{krb5\_cc\_get\_name (C function)@\spxentry{krb5\_cc\_get\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_get_name:c.krb5_cc_get_name}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_get\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -On success \sphinxhyphen{} the name of the credential cache. - -\end{itemize} - -\end{description}\end{quote} - -\begin{sphinxadmonition}{warning}{Warning:} -\sphinxAtStartPar -Returns the name of the credential cache. The result is an alias into \sphinxstyleemphasis{cache} and should not be freed or modified by the caller. This name does not include the cache type, so should not be used as input to krb5\_cc\_resolve(). -\end{sphinxadmonition} - - -\subsubsection{krb5\_cc\_get\_principal \sphinxhyphen{} Get the default principal of a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_get_principal:krb5-cc-get-principal-get-the-default-principal-of-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_get_principal::doc}}\index{krb5\_cc\_get\_principal (C function)@\spxentry{krb5\_cc\_get\_principal}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_get_principal:c.krb5_cc_get_principal}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_get\_principal}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{principal}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Primary principal - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Returns the default client principal of a credential cache as set by krb5\_cc\_initialize(). - -\sphinxAtStartPar -Use krb5\_free\_principal() to free \sphinxstyleemphasis{principal} when it is no longer needed. - - -\subsubsection{krb5\_cc\_get\_type \sphinxhyphen{} Retrieve the type of a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_get_type:krb5-cc-get-type-retrieve-the-type-of-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_get_type::doc}}\index{krb5\_cc\_get\_type (C function)@\spxentry{krb5\_cc\_get\_type}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_get_type:c.krb5_cc_get_type}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_get\_type}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -The type of a credential cache as an alias that must not be modified or freed by the caller. - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_cc\_initialize \sphinxhyphen{} Initialize a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_initialize:krb5-cc-initialize-initialize-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_initialize::doc}}\index{krb5\_cc\_initialize (C function)@\spxentry{krb5\_cc\_initialize}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_initialize:c.krb5_cc_initialize}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_initialize}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Default principal name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -System errors; Permission errors; Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Destroy any existing contents of \sphinxstyleemphasis{cache} and initialize it for the default principal \sphinxstyleemphasis{principal} . - - -\subsubsection{krb5\_cc\_new\_unique \sphinxhyphen{} Create a new credential cache of the specified type with a unique name.} -\label{\detokenize{appdev/refs/api/krb5_cc_new_unique:krb5-cc-new-unique-create-a-new-credential-cache-of-the-specified-type-with-a-unique-name}}\label{\detokenize{appdev/refs/api/krb5_cc_new_unique::doc}}\index{krb5\_cc\_new\_unique (C function)@\spxentry{krb5\_cc\_new\_unique}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_new_unique:c.krb5_cc_new_unique}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_new\_unique}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{type}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{hint}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{id}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{type} \sphinxhyphen{} Credential cache type name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{hint} \sphinxhyphen{} Unused - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{id} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_cc\_resolve \sphinxhyphen{} Resolve a credential cache name.} -\label{\detokenize{appdev/refs/api/krb5_cc_resolve:krb5-cc-resolve-resolve-a-credential-cache-name}}\label{\detokenize{appdev/refs/api/krb5_cc_resolve::doc}}\index{krb5\_cc\_resolve (C function)@\spxentry{krb5\_cc\_resolve}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_resolve:c.krb5_cc_resolve}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_resolve}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{name}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{name} \sphinxhyphen{} Credential cache name to be resolved - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Fills in \sphinxstyleemphasis{cache} with a \sphinxstyleemphasis{cache} handle that corresponds to the name in \sphinxstyleemphasis{name} . \sphinxstyleemphasis{name} should be of the form \sphinxstylestrong{type:residual} , and \sphinxstyleemphasis{type} must be a type known to the library. If the \sphinxstyleemphasis{name} does not contain a colon, interpret it as a file name. - - -\subsubsection{krb5\_change\_password \sphinxhyphen{} Change a password for an existing Kerberos account.} -\label{\detokenize{appdev/refs/api/krb5_change_password:krb5-change-password-change-a-password-for-an-existing-kerberos-account}}\label{\detokenize{appdev/refs/api/krb5_change_password::doc}}\index{krb5\_change\_password (C function)@\spxentry{krb5\_change\_password}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_change_password:c.krb5_change_password}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_change\_password}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{newpw}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{result\_code}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{result\_code\_string}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{result\_string}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Credentials for kadmin/changepw service - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{newpw} \sphinxhyphen{} New password - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{result\_code} \sphinxhyphen{} Numeric error code from server - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{result\_code\_string} \sphinxhyphen{} String equivalent to \sphinxstyleemphasis{result\_code} - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{result\_string} \sphinxhyphen{} Change password response from the KDC - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Change the password for the existing principal identified by \sphinxstyleemphasis{creds} . - -\sphinxAtStartPar -The possible values of the output \sphinxstyleemphasis{result\_code} are: -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_KPASSWD\_SUCCESS (0) \sphinxhyphen{} success - -\item {} -\sphinxAtStartPar -\#KRB5\_KPASSWD\_MALFORMED (1) \sphinxhyphen{} Malformed request error - -\item {} -\sphinxAtStartPar -\#KRB5\_KPASSWD\_HARDERROR (2) \sphinxhyphen{} Server error - -\item {} -\sphinxAtStartPar -\#KRB5\_KPASSWD\_AUTHERROR (3) \sphinxhyphen{} Authentication error - -\item {} -\sphinxAtStartPar -\#KRB5\_KPASSWD\_SOFTERROR (4) \sphinxhyphen{} Password change rejected - -\end{itemize} - - -\subsubsection{krb5\_chpw\_message \sphinxhyphen{} Get a result message for changing or setting a password.} -\label{\detokenize{appdev/refs/api/krb5_chpw_message:krb5-chpw-message-get-a-result-message-for-changing-or-setting-a-password}}\label{\detokenize{appdev/refs/api/krb5_chpw_message::doc}}\index{krb5\_chpw\_message (C function)@\spxentry{krb5\_chpw\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_chpw_message:c.krb5_chpw_message}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_chpw\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{server\_string}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{message\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server\_string} \sphinxhyphen{} Data returned from the remote system - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{message\_out} \sphinxhyphen{} A message displayable to the user - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function processes the \sphinxstyleemphasis{server\_string} returned in the \sphinxstyleemphasis{result\_string} parameter of krb5\_change\_password(), krb5\_set\_password(), and related functions, and returns a displayable string. If \sphinxstyleemphasis{server\_string} contains Active Directory structured policy information, it will be converted into human\sphinxhyphen{}readable text. - -\sphinxAtStartPar -Use krb5\_free\_string() to free \sphinxstyleemphasis{message\_out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_expand\_hostname \sphinxhyphen{} Canonicalize a hostname, possibly using name service.} -\label{\detokenize{appdev/refs/api/krb5_expand_hostname:krb5-expand-hostname-canonicalize-a-hostname-possibly-using-name-service}}\label{\detokenize{appdev/refs/api/krb5_expand_hostname::doc}}\index{krb5\_expand\_hostname (C function)@\spxentry{krb5\_expand\_hostname}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_expand_hostname:c.krb5_expand_hostname}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_expand\_hostname}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{host}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{canonhost\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{host} \sphinxhyphen{} Input hostname - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{canonhost\_out} \sphinxhyphen{} Canonicalized hostname - -\end{description}\end{quote} - -\sphinxAtStartPar -This function canonicalizes orig\_hostname, possibly using name service lookups if configuration permits. Use krb5\_free\_string() to free \sphinxstyleemphasis{canonhost\_out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.15 -\end{sphinxadmonition} - - -\subsubsection{krb5\_free\_context \sphinxhyphen{} Free a krb5 library context.} -\label{\detokenize{appdev/refs/api/krb5_free_context:krb5-free-context-free-a-krb5-library-context}}\label{\detokenize{appdev/refs/api/krb5_free_context::doc}}\index{krb5\_free\_context (C function)@\spxentry{krb5\_free\_context}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_context:c.krb5_free_context}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_context}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees a \sphinxstyleemphasis{context} that was created by krb5\_init\_context() or krb5\_init\_secure\_context(). - - -\subsubsection{krb5\_free\_error\_message \sphinxhyphen{} Free an error message generated by krb5\_get\_error\_message().} -\label{\detokenize{appdev/refs/api/krb5_free_error_message:krb5-free-error-message-free-an-error-message-generated-by-krb5-get-error-message}}\label{\detokenize{appdev/refs/api/krb5_free_error_message::doc}}\index{krb5\_free\_error\_message (C function)@\spxentry{krb5\_free\_error\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_error_message:c.krb5_free_error_message}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_error\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{msg}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{msg} \sphinxhyphen{} Pointer to error message - -\end{description}\end{quote} - - -\subsubsection{krb5\_free\_principal \sphinxhyphen{} Free the storage assigned to a principal.} -\label{\detokenize{appdev/refs/api/krb5_free_principal:krb5-free-principal-free-the-storage-assigned-to-a-principal}}\label{\detokenize{appdev/refs/api/krb5_free_principal::doc}}\index{krb5\_free\_principal (C function)@\spxentry{krb5\_free\_principal}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_principal:c.krb5_free_principal}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_principal}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Principal to be freed - -\end{description}\end{quote} - - -\subsubsection{krb5\_fwd\_tgt\_creds \sphinxhyphen{} Get a forwarded TGT and format a KRB\sphinxhyphen{}CRED message.} -\label{\detokenize{appdev/refs/api/krb5_fwd_tgt_creds:krb5-fwd-tgt-creds-get-a-forwarded-tgt-and-format-a-krb-cred-message}}\label{\detokenize{appdev/refs/api/krb5_fwd_tgt_creds::doc}}\index{krb5\_fwd\_tgt\_creds (C function)@\spxentry{krb5\_fwd\_tgt\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_fwd_tgt_creds:c.krb5_fwd_tgt_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_fwd\_tgt\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{rhost}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{client}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{server}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cc}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{forwardable}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{outbuf}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rhost} \sphinxhyphen{} Remote host - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{client} \sphinxhyphen{} Client principal of TGT - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Principal of server to receive TGT - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cc} \sphinxhyphen{} Credential cache handle (NULL to use default) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{forwardable} \sphinxhyphen{} Whether TGT should be forwardable - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outbuf} \sphinxhyphen{} KRB\sphinxhyphen{}CRED message - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -ENOMEM Insufficient memory - -\item {} -\sphinxAtStartPar -KRB5\_PRINC\_NOMATCH Requested principal and ticket do not match - -\item {} -\sphinxAtStartPar -KRB5\_NO\_TKT\_SUPPLIED Request did not supply a ticket - -\item {} -\sphinxAtStartPar -KRB5\_CC\_BADNAME Credential cache name or principal name malformed - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Get a TGT for use at the remote host \sphinxstyleemphasis{rhost} and format it into a KRB\sphinxhyphen{}CRED message. If \sphinxstyleemphasis{rhost} is NULL and \sphinxstyleemphasis{server} is of type \#KRB5\_NT\_SRV\_HST, the second component of \sphinxstyleemphasis{server} will be used. - - -\subsubsection{krb5\_get\_default\_realm \sphinxhyphen{} Retrieve the default realm.} -\label{\detokenize{appdev/refs/api/krb5_get_default_realm:krb5-get-default-realm-retrieve-the-default-realm}}\label{\detokenize{appdev/refs/api/krb5_get_default_realm::doc}}\index{krb5\_get\_default\_realm (C function)@\spxentry{krb5\_get\_default\_realm}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_default_realm:c.krb5_get_default_realm}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_default\_realm}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{lrealm}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{lrealm} \sphinxhyphen{} Default realm name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Retrieves the default realm to be used if no user\sphinxhyphen{}specified realm is available. - -\sphinxAtStartPar -Use krb5\_free\_default\_realm() to free \sphinxstyleemphasis{lrealm} when it is no longer needed. - - -\subsubsection{krb5\_get\_error\_message \sphinxhyphen{} Get the (possibly extended) error message for a code.} -\label{\detokenize{appdev/refs/api/krb5_get_error_message:krb5-get-error-message-get-the-possibly-extended-error-message-for-a-code}}\label{\detokenize{appdev/refs/api/krb5_get_error_message::doc}}\index{krb5\_get\_error\_message (C function)@\spxentry{krb5\_get\_error\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_error_message:c.krb5_get_error_message}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_error\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\DUrole{n}{code}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{code} \sphinxhyphen{} Error code - -\end{description}\end{quote} - -\sphinxAtStartPar -The behavior of krb5\_get\_error\_message() is only defined the first time it is called after a failed call to a krb5 function using the same context, and only when the error code passed in is the same as that returned by the krb5 function. - -\sphinxAtStartPar -This function never returns NULL, so its result may be used unconditionally as a C string. - -\sphinxAtStartPar -The string returned by this function must be freed using krb5\_free\_error\_message() - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -Future versions may return the same string for the second and following calls. -\end{sphinxadmonition} - - -\subsubsection{krb5\_get\_host\_realm \sphinxhyphen{} Get the Kerberos realm names for a host.} -\label{\detokenize{appdev/refs/api/krb5_get_host_realm:krb5-get-host-realm-get-the-kerberos-realm-names-for-a-host}}\label{\detokenize{appdev/refs/api/krb5_get_host_realm::doc}}\index{krb5\_get\_host\_realm (C function)@\spxentry{krb5\_get\_host\_realm}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_host_realm:c.krb5_get_host_realm}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_host\_realm}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{host}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{realmsp}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{host} \sphinxhyphen{} Host name (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{realmsp} \sphinxhyphen{} Null\sphinxhyphen{}terminated list of realm names - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -ENOMEM Insufficient memory - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Fill in \sphinxstyleemphasis{realmsp} with a pointer to a null\sphinxhyphen{}terminated list of realm names. If there are no known realms for the host, a list containing the referral (empty) realm is returned. - -\sphinxAtStartPar -If \sphinxstyleemphasis{host} is NULL, the local host’s realms are determined. - -\sphinxAtStartPar -Use krb5\_free\_host\_realm() to release \sphinxstyleemphasis{realmsp} when it is no longer needed. - - -\subsubsection{krb5\_get\_credentials \sphinxhyphen{} Get an additional ticket.} -\label{\detokenize{appdev/refs/api/krb5_get_credentials:krb5-get-credentials-get-an-additional-ticket}}\label{\detokenize{appdev/refs/api/krb5_get_credentials::doc}}\index{krb5\_get\_credentials (C function)@\spxentry{krb5\_get\_credentials}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_credentials:c.krb5_get_credentials}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_credentials}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{options}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{out\_creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{options} \sphinxhyphen{} Options - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_creds} \sphinxhyphen{} Input credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out\_creds} \sphinxhyphen{} Output updated credentials - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use \sphinxstyleemphasis{ccache} or a TGS exchange to get a service ticket matching \sphinxstyleemphasis{in\_creds} . - -\sphinxAtStartPar -Valid values for \sphinxstyleemphasis{options} are: -\begin{quote} -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_GC\_CACHED Search only credential cache for the ticket - -\item {} -\sphinxAtStartPar -\#KRB5\_GC\_USER\_USER Return a user to user authentication ticket - -\end{itemize} - -\sphinxAtStartPar -\sphinxstyleemphasis{in\_creds} must be non\sphinxhyphen{}null. \sphinxstyleemphasis{in\_creds\sphinxhyphen{}\textgreater{}client} and \sphinxstyleemphasis{in\_creds\sphinxhyphen{}\textgreater{}server} must be filled in to specify the client and the server respectively. If any authorization data needs to be requested for the service ticket (such as restrictions on how the ticket can be used), specify it in \sphinxstyleemphasis{in\_creds\sphinxhyphen{}\textgreater{}authdata} ; otherwise set \sphinxstyleemphasis{in\_creds\sphinxhyphen{}\textgreater{}authdata} to NULL. The session key type is specified in \sphinxstyleemphasis{in\_creds\sphinxhyphen{}\textgreater{}keyblock.enctype} , if it is nonzero. -\end{quote} - -\sphinxAtStartPar -The expiration date is specified in \sphinxstyleemphasis{in\_creds\sphinxhyphen{}\textgreater{}times.endtime} . The KDC may return tickets with an earlier expiration date. If \sphinxstyleemphasis{in\_creds\sphinxhyphen{}\textgreater{}times.endtime} is set to 0, the latest possible expiration date will be requested. - -\sphinxAtStartPar -Any returned ticket and intermediate ticket\sphinxhyphen{}granting tickets are stored in \sphinxstyleemphasis{ccache} . - -\sphinxAtStartPar -Use krb5\_free\_creds() to free \sphinxstyleemphasis{out\_creds} when it is no longer needed. - - -\subsubsection{krb5\_get\_fallback\_host\_realm} -\label{\detokenize{appdev/refs/api/krb5_get_fallback_host_realm:krb5-get-fallback-host-realm}}\label{\detokenize{appdev/refs/api/krb5_get_fallback_host_realm::doc}}\index{krb5\_get\_fallback\_host\_realm (C function)@\spxentry{krb5\_get\_fallback\_host\_realm}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_fallback_host_realm:c.krb5_get_fallback_host_realm}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_fallback\_host\_realm}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{hdata}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{realmsp}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{hdata} \sphinxhyphen{} Host name (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{realmsp} \sphinxhyphen{} Null\sphinxhyphen{}terminated list of realm names - -\end{description}\end{quote} - -\sphinxAtStartPar -Fill in \sphinxstyleemphasis{realmsp} with a pointer to a null\sphinxhyphen{}terminated list of realm names obtained through heuristics or insecure resolution methods which have lower priority than KDC referrals. - -\sphinxAtStartPar -If \sphinxstyleemphasis{host} is NULL, the local host’s realms are determined. - -\sphinxAtStartPar -Use krb5\_free\_host\_realm() to release \sphinxstyleemphasis{realmsp} when it is no longer needed. - - -\subsubsection{krb5\_get\_init\_creds\_keytab \sphinxhyphen{} Get initial credentials using a key table.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_keytab:krb5-get-init-creds-keytab-get-initial-credentials-using-a-key-table}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_keytab::doc}}\index{krb5\_get\_init\_creds\_keytab (C function)@\spxentry{krb5\_get\_init\_creds\_keytab}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_keytab:c.krb5_get_init_creds_keytab}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_keytab}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{client}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{arg\_keytab}, {\hyperref[\detokenize{appdev/refs/types/krb5_deltat:c.krb5_deltat}]{\sphinxcrossref{\DUrole{n}{krb5\_deltat}}}}\DUrole{w}{ }\DUrole{n}{start\_time}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_tkt\_service}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{k5\_gic\_options}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds} \sphinxhyphen{} New credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{client} \sphinxhyphen{} Client principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{arg\_keytab} \sphinxhyphen{} Key table handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{start\_time} \sphinxhyphen{} Time when ticket becomes valid (0 for now) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_tkt\_service} \sphinxhyphen{} Service name of initial credentials (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{k5\_gic\_options} \sphinxhyphen{} Initial credential options - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function requests KDC for an initial credentials for \sphinxstyleemphasis{client} using a client key stored in \sphinxstyleemphasis{arg\_keytab} . If \sphinxstyleemphasis{in\_tkt\_service} is specified, it is parsed as a principal name (with the realm ignored) and used as the service principal for the request; otherwise the ticket\sphinxhyphen{}granting service is used. - - -\subsubsection{krb5\_get\_init\_creds\_opt\_alloc \sphinxhyphen{} Allocate a new initial credential options structure.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_alloc:krb5-get-init-creds-opt-alloc-allocate-a-new-initial-credential-options-structure}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_alloc::doc}}\index{krb5\_get\_init\_creds\_opt\_alloc (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_alloc}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_alloc:c.krb5_get_init_creds_opt_alloc}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_alloc}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{opt}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{opt} \sphinxhyphen{} New options structure - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 \sphinxhyphen{} Success; Kerberos errors otherwise. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is the preferred way to create an options structure for getting initial credentials, and is required to make use of certain options. Use krb5\_get\_init\_creds\_opt\_free() to free \sphinxstyleemphasis{opt} when it is no longer needed. - - -\subsubsection{krb5\_get\_init\_creds\_opt\_free \sphinxhyphen{} Free initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_free:krb5-get-init-creds-opt-free-free-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_free::doc}}\index{krb5\_get\_init\_creds\_opt\_free (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_free}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_free:c.krb5_get_init_creds_opt_free}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_free}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure to free - -\end{description}\end{quote} - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_get\_init\_creds\_opt\_alloc() - - - - -\subsubsection{krb5\_get\_init\_creds\_opt\_get\_fast\_flags \sphinxhyphen{} Retrieve FAST flags from initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags:krb5-get-init-creds-opt-get-fast-flags-retrieve-fast-flags-from-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags::doc}}\index{krb5\_get\_init\_creds\_opt\_get\_fast\_flags (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_get\_fast\_flags}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_get_fast_flags:c.krb5_get_init_creds_opt_get_fast_flags}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_get\_fast\_flags}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{out\_flags}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out\_flags} \sphinxhyphen{} FAST flags - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 \sphinxhyphen{} Success; Kerberos errors otherwise. - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_address\_list \sphinxhyphen{} Set address restrictions in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_address_list:krb5-get-init-creds-opt-set-address-list-set-address-restrictions-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_address_list::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_address\_list (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_address\_list}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_address_list:c.krb5_get_init_creds_opt_set_address_list}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_address\_list}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{addresses}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{addresses} \sphinxhyphen{} Null\sphinxhyphen{}terminated array of addresses - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_anonymous \sphinxhyphen{} Set or unset the anonymous flag in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_anonymous:krb5-get-init-creds-opt-set-anonymous-set-or-unset-the-anonymous-flag-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_anonymous::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_anonymous (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_anonymous}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_anonymous:c.krb5_get_init_creds_opt_set_anonymous}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_anonymous}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{anonymous}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{anonymous} \sphinxhyphen{} Whether to make an anonymous request - -\end{description}\end{quote} - -\sphinxAtStartPar -This function may be used to request anonymous credentials from the KDC by setting \sphinxstyleemphasis{anonymous} to non\sphinxhyphen{}zero. Note that anonymous credentials are only a request; clients must verify that credentials are anonymous if that is a requirement. - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_canonicalize \sphinxhyphen{} Set or unset the canonicalize flag in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize:krb5-get-init-creds-opt-set-canonicalize-set-or-unset-the-canonicalize-flag-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_canonicalize (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_canonicalize}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_canonicalize:c.krb5_get_init_creds_opt_set_canonicalize}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_canonicalize}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{canonicalize}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{canonicalize} \sphinxhyphen{} Whether to canonicalize client principal - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_change\_password\_prompt \sphinxhyphen{} Set or unset change\sphinxhyphen{}password\sphinxhyphen{}prompt flag in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt:krb5-get-init-creds-opt-set-change-password-prompt-set-or-unset-change-password-prompt-flag-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_change\_password\_prompt (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_change\_password\_prompt}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_change_password_prompt:c.krb5_get_init_creds_opt_set_change_password_prompt}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_change\_password\_prompt}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{prompt}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{prompt} \sphinxhyphen{} Whether to prompt to change password - -\end{description}\end{quote} - -\sphinxAtStartPar -This flag is on by default. It controls whether krb5\_get\_init\_creds\_password() will react to an expired\sphinxhyphen{}password error by prompting for a new password and attempting to change the old one. - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_etype\_list \sphinxhyphen{} Set allowable encryption types in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_etype_list:krb5-get-init-creds-opt-set-etype-list-set-allowable-encryption-types-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_etype_list::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_etype\_list (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_etype\_list}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_etype_list:c.krb5_get_init_creds_opt_set_etype_list}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_etype\_list}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{etype\_list}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{etype\_list\_length}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{etype\_list} \sphinxhyphen{} Array of encryption types - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{etype\_list\_length} \sphinxhyphen{} Length of \sphinxstyleemphasis{etype\_list} - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_expire\_callback \sphinxhyphen{} Set an expiration callback in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback:krb5-get-init-creds-opt-set-expire-callback-set-an-expiration-callback-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_expire\_callback (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_expire\_callback}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_expire_callback:c.krb5_get_init_creds_opt_set_expire_callback}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_expire\_callback}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_expire_callback_func:c.krb5_expire_callback_func}]{\sphinxcrossref{\DUrole{n}{krb5\_expire\_callback\_func}}}}\DUrole{w}{ }\DUrole{n}{cb}, \DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cb} \sphinxhyphen{} Callback function - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} Callback argument - -\end{description}\end{quote} - -\sphinxAtStartPar -Set a callback to receive password and account expiration times. -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{cb} will be invoked if and only if credentials are successfully acquired. The callback will receive the \sphinxstyleemphasis{context} from the calling function and the \sphinxstyleemphasis{data} argument supplied with this API. The remaining arguments should be interpreted as follows: -\end{quote} - -\sphinxAtStartPar -If \sphinxstyleemphasis{is\_last\_req} is true, then the KDC reply contained last\sphinxhyphen{}req entries which unambiguously indicated the password expiration, account expiration, or both. (If either value was not present, the corresponding argument will be 0.) Furthermore, a non\sphinxhyphen{}zero \sphinxstyleemphasis{password\_expiration} should be taken as a suggestion from the KDC that a warning be displayed. - -\sphinxAtStartPar -If \sphinxstyleemphasis{is\_last\_req} is false, then \sphinxstyleemphasis{account\_expiration} will be 0 and \sphinxstyleemphasis{password\_expiration} will contain the expiration time of either the password or account, or 0 if no expiration time was indicated in the KDC reply. The callback should independently decide whether to display a password expiration warning. - -\sphinxAtStartPar -Note that \sphinxstyleemphasis{cb} may be invoked even if credentials are being acquired for the kadmin/changepw service in order to change the password. It is the caller’s responsibility to avoid displaying a password expiry warning in this case. - -\begin{sphinxadmonition}{warning}{Warning:} -\sphinxAtStartPar -Setting an expire callback with this API will cause krb5\_get\_init\_creds\_password() not to send password expiry warnings to the prompter, as it ordinarily may. -\end{sphinxadmonition} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache \sphinxhyphen{} Set FAST armor cache in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache:krb5-get-init-creds-opt-set-fast-ccache-set-fast-armor-cache-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache:c.krb5_get_init_creds_opt_set_fast_ccache}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is similar to krb5\_get\_init\_creds\_opt\_set\_fast\_ccache\_name(), but uses a credential cache handle instead of a name. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache\_name \sphinxhyphen{} Set location of FAST armor ccache in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name:krb5-get-init-creds-opt-set-fast-ccache-name-set-location-of-fast-armor-ccache-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache\_name (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_fast_ccache_name:c.krb5_get_init_creds_opt_set_fast_ccache_name}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_fast\_ccache\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{fast\_ccache\_name}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fast\_ccache\_name} \sphinxhyphen{} Credential cache name - -\end{description}\end{quote} - -\sphinxAtStartPar -Sets the location of a credential cache containing an armor ticket to protect an initial credential exchange using the FAST protocol extension. - -\sphinxAtStartPar -In version 1.7, setting an armor ccache requires that FAST be used for the exchange. In version 1.8 or later, setting the armor ccache causes FAST to be used if the KDC supports it; krb5\_get\_init\_creds\_opt\_set\_fast\_flags() must be used to require that FAST be used. - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_fast\_flags \sphinxhyphen{} Set FAST flags in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags:krb5-get-init-creds-opt-set-fast-flags-set-fast-flags-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_fast\_flags (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_fast\_flags}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_fast_flags:c.krb5_get_init_creds_opt_set_fast_flags}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_fast\_flags}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{flags}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} FAST flags - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 \sphinxhyphen{} Success; Kerberos errors otherwise. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -The following flag values are valid: -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_FAST\_REQUIRED \sphinxhyphen{} Require FAST to be used - -\end{itemize} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_forwardable \sphinxhyphen{} Set or unset the forwardable flag in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_forwardable:krb5-get-init-creds-opt-set-forwardable-set-or-unset-the-forwardable-flag-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_forwardable::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_forwardable (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_forwardable}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_forwardable:c.krb5_get_init_creds_opt_set_forwardable}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_forwardable}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{forwardable}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{forwardable} \sphinxhyphen{} Whether credentials should be forwardable - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_in\_ccache \sphinxhyphen{} Set an input credential cache in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache:krb5-get-init-creds-opt-set-in-ccache-set-an-input-credential-cache-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_in\_ccache (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_in\_ccache}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_in_ccache:c.krb5_get_init_creds_opt_set_in_ccache}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_in\_ccache}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} - -\sphinxAtStartPar -If an input credential cache is set, then the krb5\_get\_init\_creds family of APIs will read settings from it. Setting an input ccache is desirable when the application wishes to perform authentication in the same way (using the same preauthentication mechanisms, and making the same non\sphinxhyphen{}security\sphinxhyphen{} sensitive choices) as the previous authentication attempt, which stored information in the passed\sphinxhyphen{}in ccache. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_out\_ccache \sphinxhyphen{} Set an output credential cache in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache:krb5-get-init-creds-opt-set-out-ccache-set-an-output-credential-cache-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_out\_ccache (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_out\_ccache}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_out_ccache:c.krb5_get_init_creds_opt_set_out_ccache}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_out\_ccache}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} - -\sphinxAtStartPar -If an output credential cache is set, then the krb5\_get\_init\_creds family of APIs will write credentials to it. Setting an output ccache is desirable both because it simplifies calling code and because it permits the krb5\_get\_init\_creds APIs to write out configuration information about the realm to the ccache. - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_pa \sphinxhyphen{} Supply options for preauthentication in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_pa:krb5-get-init-creds-opt-set-pa-supply-options-for-preauthentication-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_pa::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_pa (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_pa}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_pa:c.krb5_get_init_creds_opt_set_pa}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_pa}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{attr}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{value}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{attr} \sphinxhyphen{} Preauthentication option name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{value} \sphinxhyphen{} Preauthentication option value - -\end{description}\end{quote} - -\sphinxAtStartPar -This function allows the caller to supply options for preauthentication. The values of \sphinxstyleemphasis{attr} and \sphinxstyleemphasis{value} are supplied to each preauthentication module available within \sphinxstyleemphasis{context} . - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_pac\_request \sphinxhyphen{} Ask the KDC to include or not include a PAC in the ticket.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_pac_request:krb5-get-init-creds-opt-set-pac-request-ask-the-kdc-to-include-or-not-include-a-pac-in-the-ticket}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_pac_request::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_pac\_request (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_pac\_request}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_pac_request:c.krb5_get_init_creds_opt_set_pac_request}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_pac\_request}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{n}{req\_pac}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{req\_pac} \sphinxhyphen{} Whether to request a PAC or not - -\end{description}\end{quote} - -\sphinxAtStartPar -If this option is set, the AS request will include a PAC\sphinxhyphen{}REQUEST pa\sphinxhyphen{}data item explicitly asking the KDC to either include or not include a privilege attribute certificate in the ticket authorization data. By default, no request is made; typically the KDC will default to including a PAC if it supports them. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.15 -\end{sphinxadmonition} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_preauth\_list \sphinxhyphen{} Set preauthentication types in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list:krb5-get-init-creds-opt-set-preauth-list-set-preauthentication-types-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_preauth\_list (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_preauth\_list}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_preauth_list:c.krb5_get_init_creds_opt_set_preauth_list}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_preauth\_list}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype}]{\sphinxcrossref{\DUrole{n}{krb5\_preauthtype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{preauth\_list}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{preauth\_list\_length}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{preauth\_list} \sphinxhyphen{} Array of preauthentication types - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{preauth\_list\_length} \sphinxhyphen{} Length of \sphinxstyleemphasis{preauth\_list} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function can be used to perform optimistic preauthentication when getting initial credentials, in combination with krb5\_get\_init\_creds\_opt\_set\_salt() and krb5\_get\_init\_creds\_opt\_set\_pa(). - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_proxiable \sphinxhyphen{} Set or unset the proxiable flag in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_proxiable:krb5-get-init-creds-opt-set-proxiable-set-or-unset-the-proxiable-flag-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_proxiable::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_proxiable (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_proxiable}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_proxiable:c.krb5_get_init_creds_opt_set_proxiable}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_proxiable}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{proxiable}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{proxiable} \sphinxhyphen{} Whether credentials should be proxiable - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_renew\_life \sphinxhyphen{} Set the ticket renewal lifetime in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_renew_life:krb5-get-init-creds-opt-set-renew-life-set-the-ticket-renewal-lifetime-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_renew_life::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_renew\_life (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_renew\_life}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_renew_life:c.krb5_get_init_creds_opt_set_renew_life}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_renew\_life}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_deltat:c.krb5_deltat}]{\sphinxcrossref{\DUrole{n}{krb5\_deltat}}}}\DUrole{w}{ }\DUrole{n}{renew\_life}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Pointer to \sphinxstyleemphasis{options} field - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{renew\_life} \sphinxhyphen{} Ticket renewal lifetime - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_responder \sphinxhyphen{} Set the responder function in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_responder:krb5-get-init-creds-opt-set-responder-set-the-responder-function-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_responder::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_responder (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_responder}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_responder:c.krb5_get_init_creds_opt_set_responder}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_responder}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_fn:c.krb5_responder_fn}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_fn}}}}\DUrole{w}{ }\DUrole{n}{responder}, \DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{responder} \sphinxhyphen{} Responder function - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} Responder data argument - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_salt \sphinxhyphen{} Set salt for optimistic preauthentication in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_salt:krb5-get-init-creds-opt-set-salt-set-salt-for-optimistic-preauthentication-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_salt::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_salt (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_salt}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_salt:c.krb5_get_init_creds_opt_set_salt}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_salt}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{salt}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{salt} \sphinxhyphen{} Salt data - -\end{description}\end{quote} - -\sphinxAtStartPar -When getting initial credentials with a password, a salt string it used to convert the password to a key. Normally this salt is obtained from the first KDC reply, but when performing optimistic preauthentication, the client may need to supply the salt string with this function. - - -\subsubsection{krb5\_get\_init\_creds\_opt\_set\_tkt\_life \sphinxhyphen{} Set the ticket lifetime in initial credential options.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life:krb5-get-init-creds-opt-set-tkt-life-set-the-ticket-lifetime-in-initial-credential-options}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life::doc}}\index{krb5\_get\_init\_creds\_opt\_set\_tkt\_life (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_set\_tkt\_life}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_set_tkt_life:c.krb5_get_init_creds_opt_set_tkt_life}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_set\_tkt\_life}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_deltat:c.krb5_deltat}]{\sphinxcrossref{\DUrole{n}{krb5\_deltat}}}}\DUrole{w}{ }\DUrole{n}{tkt\_life}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{tkt\_life} \sphinxhyphen{} Ticket lifetime - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_init\_creds\_password \sphinxhyphen{} Get initial credentials using a password.} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_password:krb5-get-init-creds-password-get-initial-credentials-using-a-password}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_password::doc}}\index{krb5\_get\_init\_creds\_password (C function)@\spxentry{krb5\_get\_init\_creds\_password}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_password:c.krb5_get_init_creds_password}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_password}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{client}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{password}, {\hyperref[\detokenize{appdev/refs/types/krb5_prompter_fct:c.krb5_prompter_fct}]{\sphinxcrossref{\DUrole{n}{krb5\_prompter\_fct}}}}\DUrole{w}{ }\DUrole{n}{prompter}, \DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, {\hyperref[\detokenize{appdev/refs/types/krb5_deltat:c.krb5_deltat}]{\sphinxcrossref{\DUrole{n}{krb5\_deltat}}}}\DUrole{w}{ }\DUrole{n}{start\_time}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_tkt\_service}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{k5\_gic\_options}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds} \sphinxhyphen{} New credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{client} \sphinxhyphen{} Client principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{password} \sphinxhyphen{} Password (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{prompter} \sphinxhyphen{} Prompter function - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} Prompter callback data - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{start\_time} \sphinxhyphen{} Time when ticket becomes valid (0 for now) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_tkt\_service} \sphinxhyphen{} Service name of initial credentials (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{k5\_gic\_options} \sphinxhyphen{} Initial credential options - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -EINVAL Invalid argument - -\item {} -\sphinxAtStartPar -KRB5\_KDC\_UNREACH Cannot contact any KDC for requested realm - -\item {} -\sphinxAtStartPar -KRB5\_PREAUTH\_FAILED Generic Pre\sphinxhyphen{}athentication failure - -\item {} -\sphinxAtStartPar -KRB5\_LIBOS\_PWDINTR Password read interrupted - -\item {} -\sphinxAtStartPar -KRB5\_REALM\_CANT\_RESOLVE Cannot resolve network address for KDC in requested realm - -\item {} -\sphinxAtStartPar -KRB5KDC\_ERR\_KEY\_EXP Password has expired - -\item {} -\sphinxAtStartPar -KRB5\_LIBOS\_BADPWDMATCH Password mismatch - -\item {} -\sphinxAtStartPar -KRB5\_CHPW\_PWDNULL New password cannot be zero length - -\item {} -\sphinxAtStartPar -KRB5\_CHPW\_FAIL Password change failed - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function requests KDC for an initial credentials for \sphinxstyleemphasis{client} using \sphinxstyleemphasis{password} . If \sphinxstyleemphasis{password} is NULL, a password will be prompted for using \sphinxstyleemphasis{prompter} if necessary. If \sphinxstyleemphasis{in\_tkt\_service} is specified, it is parsed as a principal name (with the realm ignored) and used as the service principal for the request; otherwise the ticket\sphinxhyphen{}granting service is used. - - -\subsubsection{krb5\_get\_profile \sphinxhyphen{} Retrieve configuration profile from the context.} -\label{\detokenize{appdev/refs/api/krb5_get_profile:krb5-get-profile-retrieve-configuration-profile-from-the-context}}\label{\detokenize{appdev/refs/api/krb5_get_profile::doc}}\index{krb5\_get\_profile (C function)@\spxentry{krb5\_get\_profile}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_profile:c.krb5_get_profile}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_profile}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{struct}\DUrole{w}{ }\DUrole{n}{\_profile\_t}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{profile}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{profile} \sphinxhyphen{} Pointer to data read from a configuration file - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new \sphinxstyleemphasis{profile} object that reflects profile in the supplied \sphinxstyleemphasis{context} . - -\sphinxAtStartPar -The \sphinxstyleemphasis{profile} object may be freed with profile\_release() function. See profile.h and profile API for more details. - - -\subsubsection{krb5\_get\_prompt\_types \sphinxhyphen{} Get prompt types array from a context.} -\label{\detokenize{appdev/refs/api/krb5_get_prompt_types:krb5-get-prompt-types-get-prompt-types-array-from-a-context}}\label{\detokenize{appdev/refs/api/krb5_get_prompt_types::doc}}\index{krb5\_get\_prompt\_types (C function)@\spxentry{krb5\_get\_prompt\_types}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_prompt_types:c.krb5_get_prompt_types}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_prompt_type:c.krb5_prompt_type}]{\sphinxcrossref{\DUrole{n}{krb5\_prompt\_type}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_prompt\_types}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Pointer to an array of prompt types corresponding to the prompter’s prompts arguments. Each type has one of the following values: \#KRB5\_PROMPT\_TYPE\_PASSWORD \#KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD \#KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN \#KRB5\_PROMPT\_TYPE\_PREAUTH - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_renewed\_creds \sphinxhyphen{} Get renewed credential from KDC using an existing credential.} -\label{\detokenize{appdev/refs/api/krb5_get_renewed_creds:krb5-get-renewed-creds-get-renewed-credential-from-kdc-using-an-existing-credential}}\label{\detokenize{appdev/refs/api/krb5_get_renewed_creds::doc}}\index{krb5\_get\_renewed\_creds (C function)@\spxentry{krb5\_get\_renewed\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_renewed_creds:c.krb5_get_renewed_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_renewed\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{client}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_tkt\_service}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Renewed credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{client} \sphinxhyphen{} Client principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_tkt\_service} \sphinxhyphen{} Server principal string (or NULL) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function gets a renewed credential using an existing one from \sphinxstyleemphasis{ccache} . If \sphinxstyleemphasis{in\_tkt\_service} is specified, it is parsed (with the realm part ignored) and used as the server principal of the credential; otherwise, the ticket\sphinxhyphen{}granting service is used. - -\sphinxAtStartPar -If successful, the renewed credential is placed in \sphinxstyleemphasis{creds} . - - -\subsubsection{krb5\_get\_validated\_creds \sphinxhyphen{} Get validated credentials from the KDC.} -\label{\detokenize{appdev/refs/api/krb5_get_validated_creds:krb5-get-validated-creds-get-validated-credentials-from-the-kdc}}\label{\detokenize{appdev/refs/api/krb5_get_validated_creds::doc}}\index{krb5\_get\_validated\_creds (C function)@\spxentry{krb5\_get\_validated\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_validated_creds:c.krb5_get_validated_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_validated\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{client}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_tkt\_service}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Validated credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{client} \sphinxhyphen{} Client principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_tkt\_service} \sphinxhyphen{} Server principal string (or NULL) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KRB5\_NO\_2ND\_TKT Request missing second ticket - -\item {} -\sphinxAtStartPar -KRB5\_NO\_TKT\_SUPPLIED Request did not supply a ticket - -\item {} -\sphinxAtStartPar -KRB5\_PRINC\_NOMATCH Requested principal and ticket do not match - -\item {} -\sphinxAtStartPar -KRB5\_KDCREP\_MODIFIED KDC reply did not match expectations - -\item {} -\sphinxAtStartPar -KRB5\_KDCREP\_SKEW Clock skew too great in KDC reply - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function gets a validated credential using a postdated credential from \sphinxstyleemphasis{ccache} . If \sphinxstyleemphasis{in\_tkt\_service} is specified, it is parsed (with the realm part ignored) and used as the server principal of the credential; otherwise, the ticket\sphinxhyphen{}granting service is used. - -\sphinxAtStartPar -If successful, the validated credential is placed in \sphinxstyleemphasis{creds} . - - -\subsubsection{krb5\_init\_context \sphinxhyphen{} Create a krb5 library context.} -\label{\detokenize{appdev/refs/api/krb5_init_context:krb5-init-context-create-a-krb5-library-context}}\label{\detokenize{appdev/refs/api/krb5_init_context::doc}}\index{krb5\_init\_context (C function)@\spxentry{krb5\_init\_context}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_context:c.krb5_init_context}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_context}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{context}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -The \sphinxstyleemphasis{context} must be released by calling krb5\_free\_context() when it is no longer needed. - -\begin{sphinxadmonition}{warning}{Warning:} -\sphinxAtStartPar -Any program or module that needs the Kerberos code to not trust the environment must use krb5\_init\_secure\_context(), or clean out the environment. -\end{sphinxadmonition} - - -\subsubsection{krb5\_init\_secure\_context \sphinxhyphen{} Create a krb5 library context using only configuration files.} -\label{\detokenize{appdev/refs/api/krb5_init_secure_context:krb5-init-secure-context-create-a-krb5-library-context-using-only-configuration-files}}\label{\detokenize{appdev/refs/api/krb5_init_secure_context::doc}}\index{krb5\_init\_secure\_context (C function)@\spxentry{krb5\_init\_secure\_context}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_secure_context:c.krb5_init_secure_context}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_secure\_context}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{context}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Create a context structure, using only system configuration files. All information passed through the environment variables is ignored. - -\sphinxAtStartPar -The \sphinxstyleemphasis{context} must be released by calling krb5\_free\_context() when it is no longer needed. - - -\subsubsection{krb5\_is\_config\_principal \sphinxhyphen{} Test whether a principal is a configuration principal.} -\label{\detokenize{appdev/refs/api/krb5_is_config_principal:krb5-is-config-principal-test-whether-a-principal-is-a-configuration-principal}}\label{\detokenize{appdev/refs/api/krb5_is_config_principal::doc}}\index{krb5\_is\_config\_principal (C function)@\spxentry{krb5\_is\_config\_principal}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_is_config_principal:c.krb5_is_config_principal}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_is\_config\_principal}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Principal to check - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if the principal is a configuration principal (generated part of krb5\_cc\_set\_config()); FALSE otherwise. - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_is\_thread\_safe \sphinxhyphen{} Test whether the Kerberos library was built with multithread support.} -\label{\detokenize{appdev/refs/api/krb5_is_thread_safe:krb5-is-thread-safe-test-whether-the-kerberos-library-was-built-with-multithread-support}}\label{\detokenize{appdev/refs/api/krb5_is_thread_safe::doc}}\index{krb5\_is\_thread\_safe (C function)@\spxentry{krb5\_is\_thread\_safe}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_is_thread_safe:c.krb5_is_thread_safe}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_is\_thread\_safe}}}}{\DUrole{kt}{void}\DUrole{w}{ }\DUrole{n}{None}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{None} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if the library is threadsafe; FALSE otherwise - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_kt\_close \sphinxhyphen{} Close a key table handle.} -\label{\detokenize{appdev/refs/api/krb5_kt_close:krb5-kt-close-close-a-key-table-handle}}\label{\detokenize{appdev/refs/api/krb5_kt_close::doc}}\index{krb5\_kt\_close (C function)@\spxentry{krb5\_kt\_close}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_close:c.krb5_kt_close}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_close}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 None - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_kt\_client\_default \sphinxhyphen{} Resolve the default client key table.} -\label{\detokenize{appdev/refs/api/krb5_kt_client_default:krb5-kt-client-default-resolve-the-default-client-key-table}}\label{\detokenize{appdev/refs/api/krb5_kt_client_default::doc}}\index{krb5\_kt\_client\_default (C function)@\spxentry{krb5\_kt\_client\_default}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_client_default:c.krb5_kt_client_default}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_client\_default}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keytab\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{keytab\_out} \sphinxhyphen{} Key table handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Fill \sphinxstyleemphasis{keytab\_out} with a handle to the default client key table. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_kt\_default \sphinxhyphen{} Resolve the default key table.} -\label{\detokenize{appdev/refs/api/krb5_kt_default:krb5-kt-default-resolve-the-default-key-table}}\label{\detokenize{appdev/refs/api/krb5_kt_default::doc}}\index{krb5\_kt\_default (C function)@\spxentry{krb5\_kt\_default}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_default:c.krb5_kt_default}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_default}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{id}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{id} \sphinxhyphen{} Key table handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Set \sphinxstyleemphasis{id} to a handle to the default key table. The key table is not opened. - - -\subsubsection{krb5\_kt\_default\_name \sphinxhyphen{} Get the default key table name.} -\label{\detokenize{appdev/refs/api/krb5_kt_default_name:krb5-kt-default-name-get-the-default-key-table-name}}\label{\detokenize{appdev/refs/api/krb5_kt_default_name::doc}}\index{krb5\_kt\_default\_name (C function)@\spxentry{krb5\_kt\_default\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_default_name:c.krb5_kt_default_name}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_default\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{name}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{name\_size}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{name} \sphinxhyphen{} Default key table name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{name\_size} \sphinxhyphen{} Space available in \sphinxstyleemphasis{name} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KRB5\_CONFIG\_NOTENUFSPACE Buffer is too short - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Fill \sphinxstyleemphasis{name} with the name of the default key table for \sphinxstyleemphasis{context} . - - -\subsubsection{krb5\_kt\_dup \sphinxhyphen{} Duplicate keytab handle.} -\label{\detokenize{appdev/refs/api/krb5_kt_dup:krb5-kt-dup-duplicate-keytab-handle}}\label{\detokenize{appdev/refs/api/krb5_kt_dup::doc}}\index{krb5\_kt\_dup (C function)@\spxentry{krb5\_kt\_dup}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_dup:c.krb5_kt_dup}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_dup}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{in}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in} \sphinxhyphen{} Key table handle to be duplicated - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out} \sphinxhyphen{} Key table handle - -\end{description}\end{quote} - -\sphinxAtStartPar -Create a new handle referring to the same key table as \sphinxstyleemphasis{in} . The new handle and \sphinxstyleemphasis{in} can be closed independently. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.12 -\end{sphinxadmonition} - - -\subsubsection{krb5\_kt\_get\_name \sphinxhyphen{} Get a key table name.} -\label{\detokenize{appdev/refs/api/krb5_kt_get_name:krb5-kt-get-name-get-a-key-table-name}}\label{\detokenize{appdev/refs/api/krb5_kt_get_name::doc}}\index{krb5\_kt\_get\_name (C function)@\spxentry{krb5\_kt\_get\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_get_name:c.krb5_kt_get_name}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_get\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{name}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{namelen}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{name} \sphinxhyphen{} Key table name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{namelen} \sphinxhyphen{} Maximum length to fill in name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KRB5\_KT\_NAME\_TOOLONG Key table name does not fit in namelen bytes - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Fill \sphinxstyleemphasis{name} with the name of \sphinxstyleemphasis{keytab} including the type and delimiter. - - -\subsubsection{krb5\_kt\_get\_type \sphinxhyphen{} Return the type of a key table.} -\label{\detokenize{appdev/refs/api/krb5_kt_get_type:krb5-kt-get-type-return-the-type-of-a-key-table}}\label{\detokenize{appdev/refs/api/krb5_kt_get_type::doc}}\index{krb5\_kt\_get\_type (C function)@\spxentry{krb5\_kt\_get\_type}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_get_type:c.krb5_kt_get_type}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_get\_type}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -The type of a key table as an alias that must not be modified or freed by the caller. - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_kt\_resolve \sphinxhyphen{} Get a handle for a key table.} -\label{\detokenize{appdev/refs/api/krb5_kt_resolve:krb5-kt-resolve-get-a-handle-for-a-key-table}}\label{\detokenize{appdev/refs/api/krb5_kt_resolve::doc}}\index{krb5\_kt\_resolve (C function)@\spxentry{krb5\_kt\_resolve}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_resolve:c.krb5_kt_resolve}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_resolve}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{name}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ktid}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{name} \sphinxhyphen{} Name of the key table - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ktid} \sphinxhyphen{} Key table handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Resolve the key table name \sphinxstyleemphasis{name} and set \sphinxstyleemphasis{ktid} to a handle identifying the key table. Use krb5\_kt\_close() to free \sphinxstyleemphasis{ktid} when it is no longer needed. -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{name} must be of the form \sphinxstylestrong{type:residual} , where \sphinxstyleemphasis{type} must be a type known to the library and \sphinxstyleemphasis{residual} portion should be specific to the particular keytab type. If no \sphinxstyleemphasis{type} is given, the default is \sphinxstylestrong{FILE} . -\end{quote} - -\sphinxAtStartPar -If \sphinxstyleemphasis{name} is of type \sphinxstylestrong{FILE} , the keytab file is not opened by this call. - - -\subsubsection{krb5\_kuserok \sphinxhyphen{} Determine if a principal is authorized to log in as a local user.} -\label{\detokenize{appdev/refs/api/krb5_kuserok:krb5-kuserok-determine-if-a-principal-is-authorized-to-log-in-as-a-local-user}}\label{\detokenize{appdev/refs/api/krb5_kuserok::doc}}\index{krb5\_kuserok (C function)@\spxentry{krb5\_kuserok}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kuserok:c.krb5_kuserok}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kuserok}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{luser}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{luser} \sphinxhyphen{} Local username - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE Principal is authorized to log in as user; FALSE otherwise. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Determine whether \sphinxstyleemphasis{principal} is authorized to log in as a local user \sphinxstyleemphasis{luser} . - - -\subsubsection{krb5\_parse\_name \sphinxhyphen{} Convert a string principal name to a krb5\_principal structure.} -\label{\detokenize{appdev/refs/api/krb5_parse_name:krb5-parse-name-convert-a-string-principal-name-to-a-krb5-principal-structure}}\label{\detokenize{appdev/refs/api/krb5_parse_name::doc}}\index{krb5\_parse\_name (C function)@\spxentry{krb5\_parse\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_parse_name:c.krb5_parse_name}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_parse\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{name}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{principal\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{name} \sphinxhyphen{} String representation of a principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{principal\_out} \sphinxhyphen{} New principal - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Convert a string representation of a principal name to a krb5\_principal structure. - -\sphinxAtStartPar -A string representation of a Kerberos name consists of one or more principal name components, separated by slashes, optionally followed by the @ character and a realm name. If the realm name is not specified, the local realm is used. - -\sphinxAtStartPar -To use the slash and @ symbols as part of a component (quoted) instead of using them as a component separator or as a realm prefix), put a backslash () character in front of the symbol. Similarly, newline, tab, backspace, and NULL characters can be included in a component by using \sphinxstylestrong{n} , \sphinxstylestrong{t} , \sphinxstylestrong{b} or \sphinxstylestrong{0} , respectively. - -\sphinxAtStartPar -Beginning with release 1.20, the name type of the principal will be inferred as \sphinxstylestrong{KRB5\_NT\_SRV\_INST} or \sphinxstylestrong{KRB5\_NT\_WELLKNOWN} based on the principal name. The type will be \sphinxstylestrong{KRB5\_NT\_PRINCIPAL} if a type cannot be inferred. - -\sphinxAtStartPar -Use krb5\_free\_principal() to free \sphinxstyleemphasis{principal\_out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The realm in a Kerberos \sphinxstyleemphasis{name} cannot contain slash, colon, or NULL characters. -\end{sphinxadmonition} - - -\subsubsection{krb5\_parse\_name\_flags \sphinxhyphen{} Convert a string principal name to a krb5\_principal with flags.} -\label{\detokenize{appdev/refs/api/krb5_parse_name_flags:krb5-parse-name-flags-convert-a-string-principal-name-to-a-krb5-principal-with-flags}}\label{\detokenize{appdev/refs/api/krb5_parse_name_flags::doc}}\index{krb5\_parse\_name\_flags (C function)@\spxentry{krb5\_parse\_name\_flags}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_parse_name_flags:c.krb5_parse_name_flags}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_parse\_name\_flags}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{name}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{flags}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{principal\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{name} \sphinxhyphen{} String representation of a principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Flag - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{principal\_out} \sphinxhyphen{} New principal - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Similar to krb5\_parse\_name(), this function converts a single\sphinxhyphen{}string representation of a principal name to a krb5\_principal structure. - -\sphinxAtStartPar -The following flags are valid: -\begin{quote} -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_PARSE\_NO\_REALM \sphinxhyphen{} no realm must be present in \sphinxstyleemphasis{name} - -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM \sphinxhyphen{} realm must be present in \sphinxstyleemphasis{name} - -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE \sphinxhyphen{} create single\sphinxhyphen{}component enterprise principal - -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM \sphinxhyphen{} ignore realm if present in \sphinxstyleemphasis{name} - -\end{itemize} - -\sphinxAtStartPar -If \sphinxstylestrong{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM} or \sphinxstylestrong{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM} is specified in \sphinxstyleemphasis{flags} , the realm of the new principal will be empty. Otherwise, the default realm for \sphinxstyleemphasis{context} will be used if \sphinxstyleemphasis{name} does not specify a realm. -\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_principal() to free \sphinxstyleemphasis{principal\_out} when it is no longer needed. - - -\subsubsection{krb5\_principal\_compare \sphinxhyphen{} Compare two principals.} -\label{\detokenize{appdev/refs/api/krb5_principal_compare:krb5-principal-compare-compare-two-principals}}\label{\detokenize{appdev/refs/api/krb5_principal_compare::doc}}\index{krb5\_principal\_compare (C function)@\spxentry{krb5\_principal\_compare}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_principal_compare:c.krb5_principal_compare}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_principal\_compare}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ1}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ2}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{princ1} \sphinxhyphen{} First principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{princ2} \sphinxhyphen{} Second principal - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if the principals are the same; FALSE otherwise - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_principal\_compare\_any\_realm \sphinxhyphen{} Compare two principals ignoring realm components.} -\label{\detokenize{appdev/refs/api/krb5_principal_compare_any_realm:krb5-principal-compare-any-realm-compare-two-principals-ignoring-realm-components}}\label{\detokenize{appdev/refs/api/krb5_principal_compare_any_realm::doc}}\index{krb5\_principal\_compare\_any\_realm (C function)@\spxentry{krb5\_principal\_compare\_any\_realm}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_principal_compare_any_realm:c.krb5_principal_compare_any_realm}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_principal\_compare\_any\_realm}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ1}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ2}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{princ1} \sphinxhyphen{} First principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{princ2} \sphinxhyphen{} Second principal - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if the principals are the same; FALSE otherwise - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Similar to krb5\_principal\_compare(), but do not compare the realm components of the principals. - - -\subsubsection{krb5\_principal\_compare\_flags \sphinxhyphen{} Compare two principals with additional flags.} -\label{\detokenize{appdev/refs/api/krb5_principal_compare_flags:krb5-principal-compare-flags-compare-two-principals-with-additional-flags}}\label{\detokenize{appdev/refs/api/krb5_principal_compare_flags::doc}}\index{krb5\_principal\_compare\_flags (C function)@\spxentry{krb5\_principal\_compare\_flags}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_principal_compare_flags:c.krb5_principal_compare_flags}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_principal\_compare\_flags}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ1}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ2}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{flags}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{princ1} \sphinxhyphen{} First principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{princ2} \sphinxhyphen{} Second principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Flags - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if the principal names are the same; FALSE otherwise - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Valid flags are: -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM \sphinxhyphen{} ignore realm component - -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE \sphinxhyphen{} UPNs as real principals - -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD case\sphinxhyphen{}insensitive - -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_COMPARE\_UTF8 \sphinxhyphen{} treat principals as UTF\sphinxhyphen{}8 - -\end{itemize} - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_principal\_compare() - - - - -\subsubsection{krb5\_prompter\_posix \sphinxhyphen{} Prompt user for password.} -\label{\detokenize{appdev/refs/api/krb5_prompter_posix:krb5-prompter-posix-prompt-user-for-password}}\label{\detokenize{appdev/refs/api/krb5_prompter_posix::doc}}\index{krb5\_prompter\_posix (C function)@\spxentry{krb5\_prompter\_posix}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_prompter_posix:c.krb5_prompter_posix}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_prompter\_posix}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{name}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{banner}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{num\_prompts}, {\hyperref[\detokenize{appdev/refs/types/krb5_prompt:c.krb5_prompt}]{\sphinxcrossref{\DUrole{n}{krb5\_prompt}}}}\DUrole{w}{ }\DUrole{n}{prompts}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{data} \sphinxhyphen{} Unused (callback argument) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{name} \sphinxhyphen{} Name to output during prompt - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{banner} \sphinxhyphen{} Banner to output during prompt - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{num\_prompts} \sphinxhyphen{} Number of prompts in \sphinxstyleemphasis{prompts} - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{prompts} \sphinxhyphen{} Array of prompts and replies - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is intended to be used as a prompter callback for krb5\_get\_init\_creds\_password() or krb5\_init\_creds\_init(). - -\sphinxAtStartPar -Writes \sphinxstyleemphasis{name} and \sphinxstyleemphasis{banner} to stdout, each followed by a newline, then writes each prompt field in the \sphinxstyleemphasis{prompts} array, followed byâ€:â€, and sets the reply field of the entry to a line of input read from stdin. If the hidden flag is set for a prompt, then terminal echoing is turned off when input is read. - - -\subsubsection{krb5\_realm\_compare \sphinxhyphen{} Compare the realms of two principals.} -\label{\detokenize{appdev/refs/api/krb5_realm_compare:krb5-realm-compare-compare-the-realms-of-two-principals}}\label{\detokenize{appdev/refs/api/krb5_realm_compare::doc}}\index{krb5\_realm\_compare (C function)@\spxentry{krb5\_realm\_compare}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_realm_compare:c.krb5_realm_compare}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_realm\_compare}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ1}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ2}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{princ1} \sphinxhyphen{} First principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{princ2} \sphinxhyphen{} Second principal - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if the realm names are the same; FALSE otherwise - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_responder\_get\_challenge \sphinxhyphen{} Retrieve the challenge data for a given question in the responder context.} -\label{\detokenize{appdev/refs/api/krb5_responder_get_challenge:krb5-responder-get-challenge-retrieve-the-challenge-data-for-a-given-question-in-the-responder-context}}\label{\detokenize{appdev/refs/api/krb5_responder_get_challenge::doc}}\index{krb5\_responder\_get\_challenge (C function)@\spxentry{krb5\_responder\_get\_challenge}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_responder_get_challenge:c.krb5_responder_get_challenge}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_get\_challenge}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_context}}}}\DUrole{w}{ }\DUrole{n}{rctx}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{question}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rctx} \sphinxhyphen{} Responder context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{question} \sphinxhyphen{} Question name - -\end{description}\end{quote} - -\sphinxAtStartPar -Return a pointer to a C string containing the challenge for \sphinxstyleemphasis{question} within \sphinxstyleemphasis{rctx} , or NULL if the question is not present in \sphinxstyleemphasis{rctx} . The structure of the question depends on the question name, but will always be printable UTF\sphinxhyphen{}8 text. The returned pointer is an alias, valid only as long as the lifetime of \sphinxstyleemphasis{rctx} , and should not be modified or freed by the caller. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_responder\_list\_questions \sphinxhyphen{} List the question names contained in the responder context.} -\label{\detokenize{appdev/refs/api/krb5_responder_list_questions:krb5-responder-list-questions-list-the-question-names-contained-in-the-responder-context}}\label{\detokenize{appdev/refs/api/krb5_responder_list_questions::doc}}\index{krb5\_responder\_list\_questions (C function)@\spxentry{krb5\_responder\_list\_questions}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_responder_list_questions:c.krb5_responder_list_questions}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_list\_questions}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_context}}}}\DUrole{w}{ }\DUrole{n}{rctx}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rctx} \sphinxhyphen{} Responder context - -\end{description}\end{quote} - -\sphinxAtStartPar -Return a pointer to a null\sphinxhyphen{}terminated list of question names which are present in \sphinxstyleemphasis{rctx} . The pointer is an alias, valid only as long as the lifetime of \sphinxstyleemphasis{rctx} , and should not be modified or freed by the caller. A question’s challenge can be retrieved using krb5\_responder\_get\_challenge() and answered using krb5\_responder\_set\_answer(). - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_responder\_set\_answer \sphinxhyphen{} Answer a named question in the responder context.} -\label{\detokenize{appdev/refs/api/krb5_responder_set_answer:krb5-responder-set-answer-answer-a-named-question-in-the-responder-context}}\label{\detokenize{appdev/refs/api/krb5_responder_set_answer::doc}}\index{krb5\_responder\_set\_answer (C function)@\spxentry{krb5\_responder\_set\_answer}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_responder_set_answer:c.krb5_responder_set_answer}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_set\_answer}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_context}}}}\DUrole{w}{ }\DUrole{n}{rctx}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{question}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{answer}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rctx} \sphinxhyphen{} Responder context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{question} \sphinxhyphen{} Question name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{answer} \sphinxhyphen{} The string to set (MUST be printable UTF\sphinxhyphen{}8) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -EINVAL question is not present within rctx - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function supplies an answer to \sphinxstyleemphasis{question} within \sphinxstyleemphasis{rctx} . The appropriate form of the answer depends on the question name. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_responder\_otp\_get\_challenge \sphinxhyphen{} Decode the KRB5\_RESPONDER\_QUESTION\_OTP to a C struct.} -\label{\detokenize{appdev/refs/api/krb5_responder_otp_get_challenge:krb5-responder-otp-get-challenge-decode-the-krb5-responder-question-otp-to-a-c-struct}}\label{\detokenize{appdev/refs/api/krb5_responder_otp_get_challenge::doc}}\index{krb5\_responder\_otp\_get\_challenge (C function)@\spxentry{krb5\_responder\_otp\_get\_challenge}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_responder_otp_get_challenge:c.krb5_responder_otp_get_challenge}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_otp\_get\_challenge}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_context}}}}\DUrole{w}{ }\DUrole{n}{rctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_challenge}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{chl}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rctx} \sphinxhyphen{} Responder context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{chl} \sphinxhyphen{} Challenge structure - -\end{description}\end{quote} - -\sphinxAtStartPar -A convenience function which parses the KRB5\_RESPONDER\_QUESTION\_OTP question challenge data, making it available in native C. The main feature of this function is the ability to interact with OTP tokens without parsing the JSON. - -\sphinxAtStartPar -The returned value must be passed to krb5\_responder\_otp\_challenge\_free() to be freed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_responder\_otp\_set\_answer \sphinxhyphen{} Answer the KRB5\_RESPONDER\_QUESTION\_OTP question.} -\label{\detokenize{appdev/refs/api/krb5_responder_otp_set_answer:krb5-responder-otp-set-answer-answer-the-krb5-responder-question-otp-question}}\label{\detokenize{appdev/refs/api/krb5_responder_otp_set_answer::doc}}\index{krb5\_responder\_otp\_set\_answer (C function)@\spxentry{krb5\_responder\_otp\_set\_answer}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_responder_otp_set_answer:c.krb5_responder_otp_set_answer}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_otp\_set\_answer}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_context}}}}\DUrole{w}{ }\DUrole{n}{rctx}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{ti}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{value}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pin}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rctx} \sphinxhyphen{} Responder context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ti} \sphinxhyphen{} The index of the tokeninfo selected - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{value} \sphinxhyphen{} The value to set, or NULL for none - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pin} \sphinxhyphen{} The pin to set, or NULL for none - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_responder\_otp\_challenge\_free \sphinxhyphen{} Free the value returned by krb5\_responder\_otp\_get\_challenge().} -\label{\detokenize{appdev/refs/api/krb5_responder_otp_challenge_free:krb5-responder-otp-challenge-free-free-the-value-returned-by-krb5-responder-otp-get-challenge}}\label{\detokenize{appdev/refs/api/krb5_responder_otp_challenge_free::doc}}\index{krb5\_responder\_otp\_challenge\_free (C function)@\spxentry{krb5\_responder\_otp\_challenge\_free}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_responder_otp_challenge_free:c.krb5_responder_otp_challenge_free}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_otp\_challenge\_free}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_context}}}}\DUrole{w}{ }\DUrole{n}{rctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_challenge}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{chl}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rctx} \sphinxhyphen{} Responder context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{chl} \sphinxhyphen{} The challenge to free - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_responder\_pkinit\_get\_challenge \sphinxhyphen{} Decode the KRB5\_RESPONDER\_QUESTION\_PKINIT to a C struct.} -\label{\detokenize{appdev/refs/api/krb5_responder_pkinit_get_challenge:krb5-responder-pkinit-get-challenge-decode-the-krb5-responder-question-pkinit-to-a-c-struct}}\label{\detokenize{appdev/refs/api/krb5_responder_pkinit_get_challenge::doc}}\index{krb5\_responder\_pkinit\_get\_challenge (C function)@\spxentry{krb5\_responder\_pkinit\_get\_challenge}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_responder_pkinit_get_challenge:c.krb5_responder_pkinit_get_challenge}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_pkinit\_get\_challenge}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_context}}}}\DUrole{w}{ }\DUrole{n}{rctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_pkinit_challenge:c.krb5_responder_pkinit_challenge}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_pkinit\_challenge}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{chl\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rctx} \sphinxhyphen{} Responder context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{chl\_out} \sphinxhyphen{} Challenge structure - -\end{description}\end{quote} - -\sphinxAtStartPar -A convenience function which parses the KRB5\_RESPONDER\_QUESTION\_PKINIT question challenge data, making it available in native C. The main feature of this function is the ability to read the challenge without parsing the JSON. - -\sphinxAtStartPar -The returned value must be passed to krb5\_responder\_pkinit\_challenge\_free() to be freed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.12 -\end{sphinxadmonition} - - -\subsubsection{krb5\_responder\_pkinit\_set\_answer \sphinxhyphen{} Answer the KRB5\_RESPONDER\_QUESTION\_PKINIT question for one identity.} -\label{\detokenize{appdev/refs/api/krb5_responder_pkinit_set_answer:krb5-responder-pkinit-set-answer-answer-the-krb5-responder-question-pkinit-question-for-one-identity}}\label{\detokenize{appdev/refs/api/krb5_responder_pkinit_set_answer::doc}}\index{krb5\_responder\_pkinit\_set\_answer (C function)@\spxentry{krb5\_responder\_pkinit\_set\_answer}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_responder_pkinit_set_answer:c.krb5_responder_pkinit_set_answer}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_pkinit\_set\_answer}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_context}}}}\DUrole{w}{ }\DUrole{n}{rctx}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{identity}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pin}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rctx} \sphinxhyphen{} Responder context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{identity} \sphinxhyphen{} The identity for which a PIN is being supplied - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pin} \sphinxhyphen{} The provided PIN, or NULL for none - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.12 -\end{sphinxadmonition} - - -\subsubsection{krb5\_responder\_pkinit\_challenge\_free \sphinxhyphen{} Free the value returned by krb5\_responder\_pkinit\_get\_challenge().} -\label{\detokenize{appdev/refs/api/krb5_responder_pkinit_challenge_free:krb5-responder-pkinit-challenge-free-free-the-value-returned-by-krb5-responder-pkinit-get-challenge}}\label{\detokenize{appdev/refs/api/krb5_responder_pkinit_challenge_free::doc}}\index{krb5\_responder\_pkinit\_challenge\_free (C function)@\spxentry{krb5\_responder\_pkinit\_challenge\_free}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_responder_pkinit_challenge_free:c.krb5_responder_pkinit_challenge_free}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_pkinit\_challenge\_free}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_context}}}}\DUrole{w}{ }\DUrole{n}{rctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_responder_pkinit_challenge:c.krb5_responder_pkinit_challenge}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_pkinit\_challenge}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{chl}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rctx} \sphinxhyphen{} Responder context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{chl} \sphinxhyphen{} The challenge to free - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.12 -\end{sphinxadmonition} - - -\subsubsection{krb5\_set\_default\_realm \sphinxhyphen{} Override the default realm for the specified context.} -\label{\detokenize{appdev/refs/api/krb5_set_default_realm:krb5-set-default-realm-override-the-default-realm-for-the-specified-context}}\label{\detokenize{appdev/refs/api/krb5_set_default_realm::doc}}\index{krb5\_set\_default\_realm (C function)@\spxentry{krb5\_set\_default\_realm}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_default_realm:c.krb5_set_default_realm}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_default\_realm}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{lrealm}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{lrealm} \sphinxhyphen{} Realm name for the default realm - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -If \sphinxstyleemphasis{lrealm} is NULL, clear the default realm setting. - - -\subsubsection{krb5\_set\_password \sphinxhyphen{} Set a password for a principal using specified credentials.} -\label{\detokenize{appdev/refs/api/krb5_set_password:krb5-set-password-set-a-password-for-a-principal-using-specified-credentials}}\label{\detokenize{appdev/refs/api/krb5_set_password::doc}}\index{krb5\_set\_password (C function)@\spxentry{krb5\_set\_password}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_password:c.krb5_set_password}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_password}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{newpw}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{change\_password\_for}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{result\_code}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{result\_code\_string}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{result\_string}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Credentials for kadmin/changepw service - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{newpw} \sphinxhyphen{} New password - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{change\_password\_for} \sphinxhyphen{} Change the password for this principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{result\_code} \sphinxhyphen{} Numeric error code from server - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{result\_code\_string} \sphinxhyphen{} String equivalent to \sphinxstyleemphasis{result\_code} - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{result\_string} \sphinxhyphen{} Data returned from the remote system - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success and result\_code is set to \#KRB5\_KPASSWD\_SUCCESS. - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function uses the credentials \sphinxstyleemphasis{creds} to set the password \sphinxstyleemphasis{newpw} for the principal \sphinxstyleemphasis{change\_password\_for} . It implements the set password operation of RFC 3244, for interoperability with Microsoft Windows implementations. - -\sphinxAtStartPar -The error code and strings are returned in \sphinxstyleemphasis{result\_code} , \sphinxstyleemphasis{result\_code\_string} and \sphinxstyleemphasis{result\_string} . - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If \sphinxstyleemphasis{change\_password\_for} is NULL, the change is performed on the current principal. If \sphinxstyleemphasis{change\_password\_for} is non\sphinxhyphen{}null, the change is performed on the principal name passed in \sphinxstyleemphasis{change\_password\_for} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_set\_password\_using\_ccache \sphinxhyphen{} Set a password for a principal using cached credentials.} -\label{\detokenize{appdev/refs/api/krb5_set_password_using_ccache:krb5-set-password-using-ccache-set-a-password-for-a-principal-using-cached-credentials}}\label{\detokenize{appdev/refs/api/krb5_set_password_using_ccache::doc}}\index{krb5\_set\_password\_using\_ccache (C function)@\spxentry{krb5\_set\_password\_using\_ccache}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_password_using_ccache:c.krb5_set_password_using_ccache}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_password\_using\_ccache}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{newpw}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{change\_password\_for}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{result\_code}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{result\_code\_string}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{result\_string}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{newpw} \sphinxhyphen{} New password - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{change\_password\_for} \sphinxhyphen{} Change the password for this principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{result\_code} \sphinxhyphen{} Numeric error code from server - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{result\_code\_string} \sphinxhyphen{} String equivalent to \sphinxstyleemphasis{result\_code} - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{result\_string} \sphinxhyphen{} Data returned from the remote system - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function uses the cached credentials from \sphinxstyleemphasis{ccache} to set the password \sphinxstyleemphasis{newpw} for the principal \sphinxstyleemphasis{change\_password\_for} . It implements RFC 3244 set password operation (interoperable with MS Windows implementations) using the credential cache. - -\sphinxAtStartPar -The error code and strings are returned in \sphinxstyleemphasis{result\_code} , \sphinxstyleemphasis{result\_code\_string} and \sphinxstyleemphasis{result\_string} . - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If \sphinxstyleemphasis{change\_password\_for} is set to NULL, the change is performed on the default principal in \sphinxstyleemphasis{ccache} . If \sphinxstyleemphasis{change\_password\_for} is non null, the change is performed on the specified principal. -\end{sphinxadmonition} - - -\subsubsection{krb5\_set\_principal\_realm \sphinxhyphen{} Set the realm field of a principal.} -\label{\detokenize{appdev/refs/api/krb5_set_principal_realm:krb5-set-principal-realm-set-the-realm-field-of-a-principal}}\label{\detokenize{appdev/refs/api/krb5_set_principal_realm::doc}}\index{krb5\_set\_principal\_realm (C function)@\spxentry{krb5\_set\_principal\_realm}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_principal_realm:c.krb5_set_principal_realm}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_principal\_realm}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{realm} \sphinxhyphen{} Realm name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Set the realm name part of \sphinxstyleemphasis{principal} to \sphinxstyleemphasis{realm} , overwriting the previous realm. - - -\subsubsection{krb5\_set\_trace\_callback \sphinxhyphen{} Specify a callback function for trace events.} -\label{\detokenize{appdev/refs/api/krb5_set_trace_callback:krb5-set-trace-callback-specify-a-callback-function-for-trace-events}}\label{\detokenize{appdev/refs/api/krb5_set_trace_callback::doc}}\index{krb5\_set\_trace\_callback (C function)@\spxentry{krb5\_set\_trace\_callback}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_trace_callback:c.krb5_set_trace_callback}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_trace\_callback}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_trace_callback:c.krb5_trace_callback}]{\sphinxcrossref{\DUrole{n}{krb5\_trace\_callback}}}}\DUrole{w}{ }\DUrole{n}{fn}, \DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cb\_data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fn} \sphinxhyphen{} Callback function - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cb\_data} \sphinxhyphen{} Callback data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Returns KRB5\_TRACE\_NOSUPP if tracing is not supported in the library (unless fn is NULL). - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Specify a callback for trace events occurring in krb5 operations performed within \sphinxstyleemphasis{context} . \sphinxstyleemphasis{fn} will be invoked with \sphinxstyleemphasis{context} as the first argument, \sphinxstyleemphasis{cb\_data} as the last argument, and a pointer to a krb5\_trace\_info as the second argument. If the trace callback is reset via this function or \sphinxstyleemphasis{context} is destroyed, \sphinxstyleemphasis{fn} will be invoked with a NULL second argument so it can clean up \sphinxstyleemphasis{cb\_data} . Supply a NULL value for \sphinxstyleemphasis{fn} to disable trace callbacks within \sphinxstyleemphasis{context} . - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function overrides the information passed through the \sphinxstyleemphasis{KRB5\_TRACE} environment variable. -\end{sphinxadmonition} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_set\_trace\_filename \sphinxhyphen{} Specify a file name for directing trace events.} -\label{\detokenize{appdev/refs/api/krb5_set_trace_filename:krb5-set-trace-filename-specify-a-file-name-for-directing-trace-events}}\label{\detokenize{appdev/refs/api/krb5_set_trace_filename::doc}}\index{krb5\_set\_trace\_filename (C function)@\spxentry{krb5\_set\_trace\_filename}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_trace_filename:c.krb5_set_trace_filename}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_trace\_filename}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{filename}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{filename} \sphinxhyphen{} File name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -KRB5\_TRACE\_NOSUPP Tracing is not supported in the library. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Open \sphinxstyleemphasis{filename} for appending (creating it, if necessary) and set up a callback to write trace events to it. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function overrides the information passed through the \sphinxstyleemphasis{KRB5\_TRACE} environment variable. -\end{sphinxadmonition} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_sname\_match \sphinxhyphen{} Test whether a principal matches a matching principal.} -\label{\detokenize{appdev/refs/api/krb5_sname_match:krb5-sname-match-test-whether-a-principal-matches-a-matching-principal}}\label{\detokenize{appdev/refs/api/krb5_sname_match::doc}}\index{krb5\_sname\_match (C function)@\spxentry{krb5\_sname\_match}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_sname_match:c.krb5_sname_match}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_sname\_match}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{matching}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{matching} \sphinxhyphen{} Matching principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{princ} \sphinxhyphen{} Principal to test - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if princ matches matching , FALSE otherwise. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -If \sphinxstyleemphasis{matching} is NULL, return TRUE. If \sphinxstyleemphasis{matching} is not a matching principal, return the value of krb5\_principal\_compare(context, matching, princ). - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -A matching principal is a host\sphinxhyphen{}based principal with an empty realm and/or second data component (hostname). Profile configuration may cause the hostname to be ignored even if it is present. A principal matches a matching principal if the former has the same non\sphinxhyphen{}empty (and non\sphinxhyphen{}ignored) components of the latter. -\end{sphinxadmonition} - - -\subsubsection{krb5\_sname\_to\_principal \sphinxhyphen{} Generate a full principal name from a service name.} -\label{\detokenize{appdev/refs/api/krb5_sname_to_principal:krb5-sname-to-principal-generate-a-full-principal-name-from-a-service-name}}\label{\detokenize{appdev/refs/api/krb5_sname_to_principal::doc}}\index{krb5\_sname\_to\_principal (C function)@\spxentry{krb5\_sname\_to\_principal}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_sname_to_principal:c.krb5_sname_to_principal}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_sname\_to\_principal}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{hostname}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{sname}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{n}{type}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ret\_princ}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{hostname} \sphinxhyphen{} Host name, or NULL to use local host - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{sname} \sphinxhyphen{} Service name, or NULL to use \sphinxstylestrong{“hostâ€} - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{type} \sphinxhyphen{} Principal type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ret\_princ} \sphinxhyphen{} Generated principal - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function converts a \sphinxstyleemphasis{hostname} and \sphinxstyleemphasis{sname} into \sphinxstyleemphasis{krb5\_principal} structure \sphinxstyleemphasis{ret\_princ} . The returned principal will be of the form \sphinxstyleemphasis{sname/hostname@REALM} where REALM is determined by krb5\_get\_host\_realm(). In some cases this may be the referral (empty) realm. - -\sphinxAtStartPar -The \sphinxstyleemphasis{type} can be one of the following: -\begin{quote} -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_NT\_SRV\_HST canonicalizes the host name before looking up the realm and generating the principal. - -\item {} -\sphinxAtStartPar -\#KRB5\_NT\_UNKNOWN accepts the hostname as given, and does not canonicalize it. - -\end{itemize} - -\sphinxAtStartPar -Use krb5\_free\_principal to free \sphinxstyleemphasis{ret\_princ} when it is no longer needed. -\end{quote} - - -\subsubsection{krb5\_unparse\_name \sphinxhyphen{} Convert a krb5\_principal structure to a string representation.} -\label{\detokenize{appdev/refs/api/krb5_unparse_name:krb5-unparse-name-convert-a-krb5-principal-structure-to-a-string-representation}}\label{\detokenize{appdev/refs/api/krb5_unparse_name::doc}}\index{krb5\_unparse\_name (C function)@\spxentry{krb5\_unparse\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_unparse_name:c.krb5_unparse_name}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_unparse\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{name}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{name} \sphinxhyphen{} String representation of principal name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -The resulting string representation uses the format and quoting conventions described for krb5\_parse\_name(). - -\sphinxAtStartPar -Use krb5\_free\_unparsed\_name() to free \sphinxstyleemphasis{name} when it is no longer needed. - - -\subsubsection{krb5\_unparse\_name\_ext \sphinxhyphen{} Convert krb5\_principal structure to string and length.} -\label{\detokenize{appdev/refs/api/krb5_unparse_name_ext:krb5-unparse-name-ext-convert-krb5-principal-structure-to-string-and-length}}\label{\detokenize{appdev/refs/api/krb5_unparse_name_ext::doc}}\index{krb5\_unparse\_name\_ext (C function)@\spxentry{krb5\_unparse\_name\_ext}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_unparse_name_ext:c.krb5_unparse_name_ext}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_unparse\_name\_ext}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{name}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{size}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{name} \sphinxhyphen{} String representation of principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{size} \sphinxhyphen{} Size of unparsed name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes. On failure name is set to NULL - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is similar to krb5\_unparse\_name(), but allows the use of an existing buffer for the result. If size is not NULL, then \sphinxstyleemphasis{name} must point to either NULL or an existing buffer of at least the size pointed to by \sphinxstyleemphasis{size} . The buffer will be allocated or resized if necessary, with the new pointer stored into \sphinxstyleemphasis{name} . Whether or not the buffer is resized, the necessary space for the result, including null terminator, will be stored into \sphinxstyleemphasis{size} . - -\sphinxAtStartPar -If size is NULL, this function behaves exactly as krb5\_unparse\_name(). - - -\subsubsection{krb5\_unparse\_name\_flags \sphinxhyphen{} Convert krb5\_principal structure to a string with flags.} -\label{\detokenize{appdev/refs/api/krb5_unparse_name_flags:krb5-unparse-name-flags-convert-krb5-principal-structure-to-a-string-with-flags}}\label{\detokenize{appdev/refs/api/krb5_unparse_name_flags::doc}}\index{krb5\_unparse\_name\_flags (C function)@\spxentry{krb5\_unparse\_name\_flags}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_unparse_name_flags:c.krb5_unparse_name_flags}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_unparse\_name\_flags}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{flags}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{name}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Flags - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{name} \sphinxhyphen{} String representation of principal name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes. On failure name is set to NULL - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Similar to krb5\_unparse\_name(), this function converts a krb5\_principal structure to a string representation. - -\sphinxAtStartPar -The following flags are valid: -\begin{quote} -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_UNPARSE\_SHORT \sphinxhyphen{} omit realm if it is the local realm - -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM \sphinxhyphen{} omit realm - -\item {} -\sphinxAtStartPar -\#KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY \sphinxhyphen{} do not quote special characters - -\end{itemize} - -\sphinxAtStartPar -Use krb5\_free\_unparsed\_name() to free \sphinxstyleemphasis{name} when it is no longer needed. -\end{quote} - - -\subsubsection{krb5\_unparse\_name\_flags\_ext \sphinxhyphen{} Convert krb5\_principal structure to string format with flags.} -\label{\detokenize{appdev/refs/api/krb5_unparse_name_flags_ext:krb5-unparse-name-flags-ext-convert-krb5-principal-structure-to-string-format-with-flags}}\label{\detokenize{appdev/refs/api/krb5_unparse_name_flags_ext::doc}}\index{krb5\_unparse\_name\_flags\_ext (C function)@\spxentry{krb5\_unparse\_name\_flags\_ext}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_unparse_name_flags_ext:c.krb5_unparse_name_flags_ext}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_unparse\_name\_flags\_ext}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{flags}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{name}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{size}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Flags - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{name} \sphinxhyphen{} Single string format of principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{size} \sphinxhyphen{} Size of unparsed name buffer - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes. On failure name is set to NULL - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_us\_timeofday \sphinxhyphen{} Retrieve the system time of day, in sec and ms, since the epoch.} -\label{\detokenize{appdev/refs/api/krb5_us_timeofday:krb5-us-timeofday-retrieve-the-system-time-of-day-in-sec-and-ms-since-the-epoch}}\label{\detokenize{appdev/refs/api/krb5_us_timeofday::doc}}\index{krb5\_us\_timeofday (C function)@\spxentry{krb5\_us\_timeofday}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_us_timeofday:c.krb5_us_timeofday}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_us\_timeofday}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{seconds}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{microseconds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{seconds} \sphinxhyphen{} System timeofday, seconds portion - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{microseconds} \sphinxhyphen{} System timeofday, microseconds portion - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function retrieves the system time of day with the context specific time offset adjustment. - - -\subsubsection{krb5\_verify\_authdata\_kdc\_issued \sphinxhyphen{} Unwrap and verify AD\sphinxhyphen{}KDCIssued authorization data.} -\label{\detokenize{appdev/refs/api/krb5_verify_authdata_kdc_issued:krb5-verify-authdata-kdc-issued-unwrap-and-verify-ad-kdcissued-authorization-data}}\label{\detokenize{appdev/refs/api/krb5_verify_authdata_kdc_issued::doc}}\index{krb5\_verify\_authdata\_kdc\_issued (C function)@\spxentry{krb5\_verify\_authdata\_kdc\_issued}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_verify_authdata_kdc_issued:c.krb5_verify_authdata_kdc_issued}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_verify\_authdata\_kdc\_issued}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ad\_kdcissued}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{issuer}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{authdata}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Session key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ad\_kdcissued} \sphinxhyphen{} AD\sphinxhyphen{}KDCIssued authorization data to be unwrapped - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{issuer} \sphinxhyphen{} Name of issuing principal (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{authdata} \sphinxhyphen{} Unwrapped list of authorization data - -\end{description}\end{quote} - -\sphinxAtStartPar -This function unwraps an AD\sphinxhyphen{}KDCIssued authdatum (see RFC 4120 section 5.2.6.2) and verifies its signature against \sphinxstyleemphasis{key} . The issuer field of the authdatum element is returned in \sphinxstyleemphasis{issuer} , and the unwrapped list of authdata is returned in \sphinxstyleemphasis{authdata} . - - -\subsection{Rarely used public interfaces} -\label{\detokenize{appdev/refs/api/index:rarely-used-public-interfaces}} - -\subsubsection{krb5\_425\_conv\_principal \sphinxhyphen{} Convert a Kerberos V4 principal to a Kerberos V5 principal.} -\label{\detokenize{appdev/refs/api/krb5_425_conv_principal:krb5-425-conv-principal-convert-a-kerberos-v4-principal-to-a-kerberos-v5-principal}}\label{\detokenize{appdev/refs/api/krb5_425_conv_principal::doc}}\index{krb5\_425\_conv\_principal (C function)@\spxentry{krb5\_425\_conv\_principal}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_425_conv_principal:c.krb5_425_conv_principal}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_425\_conv\_principal}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{name}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{instance}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{princ}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{name} \sphinxhyphen{} V4 name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{instance} \sphinxhyphen{} V4 instance - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{realm} \sphinxhyphen{} Realm - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{princ} \sphinxhyphen{} V5 principal - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function builds a \sphinxstyleemphasis{princ} from V4 specification based on given input \sphinxstyleemphasis{name.instance@realm} . - -\sphinxAtStartPar -Use krb5\_free\_principal() to free \sphinxstyleemphasis{princ} when it is no longer needed. - - -\subsubsection{krb5\_524\_conv\_principal \sphinxhyphen{} Convert a Kerberos V5 principal to a Kerberos V4 principal.} -\label{\detokenize{appdev/refs/api/krb5_524_conv_principal:krb5-524-conv-principal-convert-a-kerberos-v5-principal-to-a-kerberos-v4-principal}}\label{\detokenize{appdev/refs/api/krb5_524_conv_principal::doc}}\index{krb5\_524\_conv\_principal (C function)@\spxentry{krb5\_524\_conv\_principal}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_524_conv_principal:c.krb5_524_conv_principal}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_524\_conv\_principal}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{name}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{inst}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{princ} \sphinxhyphen{} V5 Principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{name} \sphinxhyphen{} V4 principal’s name to be filled in - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{inst} \sphinxhyphen{} V4 principal’s instance name to be filled in - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{realm} \sphinxhyphen{} Principal’s realm name to be filled in - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KRB5\_INVALID\_PRINCIPAL Invalid principal name - -\item {} -\sphinxAtStartPar -KRB5\_CONFIG\_CANTOPEN Can’t open or find Kerberos configuration file - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function separates a V5 principal \sphinxstyleemphasis{princ} into \sphinxstyleemphasis{name} , \sphinxstyleemphasis{instance} , and \sphinxstyleemphasis{realm} . - - -\subsubsection{krb5\_address\_compare \sphinxhyphen{} Compare two Kerberos addresses.} -\label{\detokenize{appdev/refs/api/krb5_address_compare:krb5-address-compare-compare-two-kerberos-addresses}}\label{\detokenize{appdev/refs/api/krb5_address_compare::doc}}\index{krb5\_address\_compare (C function)@\spxentry{krb5\_address\_compare}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_address_compare:c.krb5_address_compare}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_address\_compare}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{addr1}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{addr2}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{addr1} \sphinxhyphen{} First address to be compared - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{addr2} \sphinxhyphen{} Second address to be compared - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if the addresses are the same, FALSE otherwise - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_address\_order \sphinxhyphen{} Return an ordering of the specified addresses.} -\label{\detokenize{appdev/refs/api/krb5_address_order:krb5-address-order-return-an-ordering-of-the-specified-addresses}}\label{\detokenize{appdev/refs/api/krb5_address_order::doc}}\index{krb5\_address\_order (C function)@\spxentry{krb5\_address\_order}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_address_order:c.krb5_address_order}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{int}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_address\_order}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{addr1}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{addr2}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{addr1} \sphinxhyphen{} First address - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{addr2} \sphinxhyphen{} Second address - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 if The two addresses are the same - -\item {} -\sphinxAtStartPar -\textless{} 0 First address is less than second - -\item {} -\sphinxAtStartPar -\textgreater{} 0 First address is greater than second - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_address\_search \sphinxhyphen{} Search a list of addresses for a specified address.} -\label{\detokenize{appdev/refs/api/krb5_address_search:krb5-address-search-search-a-list-of-addresses-for-a-specified-address}}\label{\detokenize{appdev/refs/api/krb5_address_search::doc}}\index{krb5\_address\_search (C function)@\spxentry{krb5\_address\_search}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_address_search:c.krb5_address_search}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_address\_search}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{addr}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{addrlist}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{addr} \sphinxhyphen{} Address to search for - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{addrlist} \sphinxhyphen{} Address list to be searched (or NULL) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if addr is listed in addrlist , or addrlist is NULL; FALSE otherwise - -\end{itemize} - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If \sphinxstyleemphasis{addrlist} contains only a NetBIOS addresses, it will be treated as a null list. -\end{sphinxadmonition} - - -\subsubsection{krb5\_allow\_weak\_crypto \sphinxhyphen{} Allow the application to override the profile’s allow\_weak\_crypto setting.} -\label{\detokenize{appdev/refs/api/krb5_allow_weak_crypto:krb5-allow-weak-crypto-allow-the-application-to-override-the-profile-s-allow-weak-crypto-setting}}\label{\detokenize{appdev/refs/api/krb5_allow_weak_crypto::doc}}\index{krb5\_allow\_weak\_crypto (C function)@\spxentry{krb5\_allow\_weak\_crypto}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_allow_weak_crypto:c.krb5_allow_weak_crypto}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_allow\_weak\_crypto}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{n}{enable}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enable} \sphinxhyphen{} Boolean flag - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 (always) - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function allows an application to override the allow\_weak\_crypto setting. It is primarily for use by aklog. - - -\subsubsection{krb5\_aname\_to\_localname \sphinxhyphen{} Convert a principal name to a local name.} -\label{\detokenize{appdev/refs/api/krb5_aname_to_localname:krb5-aname-to-localname-convert-a-principal-name-to-a-local-name}}\label{\detokenize{appdev/refs/api/krb5_aname_to_localname::doc}}\index{krb5\_aname\_to\_localname (C function)@\spxentry{krb5\_aname\_to\_localname}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_aname_to_localname:c.krb5_aname_to_localname}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_aname\_to\_localname}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{aname}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{lnsize\_in}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{lname}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{aname} \sphinxhyphen{} Principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{lnsize\_in} \sphinxhyphen{} Space available in \sphinxstyleemphasis{lname} - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{lname} \sphinxhyphen{} Local name buffer to be filled in - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -System errors - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -If \sphinxstyleemphasis{aname} does not correspond to any local account, KRB5\_LNAME\_NOTRANS is returned. If \sphinxstyleemphasis{lnsize\_in} is too small for the local name, KRB5\_CONFIG\_NOTENUFSPACE is returned. - -\sphinxAtStartPar -Local names, rather than principal names, can be used by programs that translate to an environment\sphinxhyphen{}specific name (for example, a user account name). - - -\subsubsection{krb5\_anonymous\_principal \sphinxhyphen{} Build an anonymous principal.} -\label{\detokenize{appdev/refs/api/krb5_anonymous_principal:krb5-anonymous-principal-build-an-anonymous-principal}}\label{\detokenize{appdev/refs/api/krb5_anonymous_principal::doc}}\index{krb5\_anonymous\_principal (C function)@\spxentry{krb5\_anonymous\_principal}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_anonymous_principal:c.krb5_anonymous_principal}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_anonymous\_principal}}}}{\DUrole{kt}{void}\DUrole{w}{ }\DUrole{n}{None}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{None} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function returns constant storage that must not be freed. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -\#KRB5\_ANONYMOUS\_PRINCSTR - - - - -\subsubsection{krb5\_anonymous\_realm \sphinxhyphen{} Return an anonymous realm data.} -\label{\detokenize{appdev/refs/api/krb5_anonymous_realm:krb5-anonymous-realm-return-an-anonymous-realm-data}}\label{\detokenize{appdev/refs/api/krb5_anonymous_realm::doc}}\index{krb5\_anonymous\_realm (C function)@\spxentry{krb5\_anonymous\_realm}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_anonymous_realm:c.krb5_anonymous_realm}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_anonymous\_realm}}}}{\DUrole{kt}{void}\DUrole{w}{ }\DUrole{n}{None}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{None} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function returns constant storage that must not be freed. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -\#KRB5\_ANONYMOUS\_REALMSTR - - - - -\subsubsection{krb5\_appdefault\_boolean \sphinxhyphen{} Retrieve a boolean value from the appdefaults section of krb5.conf.} -\label{\detokenize{appdev/refs/api/krb5_appdefault_boolean:krb5-appdefault-boolean-retrieve-a-boolean-value-from-the-appdefaults-section-of-krb5-conf}}\label{\detokenize{appdev/refs/api/krb5_appdefault_boolean::doc}}\index{krb5\_appdefault\_boolean (C function)@\spxentry{krb5\_appdefault\_boolean}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_appdefault_boolean:c.krb5_appdefault_boolean}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_appdefault\_boolean}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{appname}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{option}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{default\_value}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ret\_value}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{appname} \sphinxhyphen{} Application name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{realm} \sphinxhyphen{} Realm name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{option} \sphinxhyphen{} Option to be checked - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{default\_value} \sphinxhyphen{} Default value to return if no match is found - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ret\_value} \sphinxhyphen{} Boolean value of \sphinxstyleemphasis{option} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function gets the application defaults for \sphinxstyleemphasis{option} based on the given \sphinxstyleemphasis{appname} and/or \sphinxstyleemphasis{realm} . - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_appdefault\_string() - - - - -\subsubsection{krb5\_appdefault\_string \sphinxhyphen{} Retrieve a string value from the appdefaults section of krb5.conf.} -\label{\detokenize{appdev/refs/api/krb5_appdefault_string:krb5-appdefault-string-retrieve-a-string-value-from-the-appdefaults-section-of-krb5-conf}}\label{\detokenize{appdev/refs/api/krb5_appdefault_string::doc}}\index{krb5\_appdefault\_string (C function)@\spxentry{krb5\_appdefault\_string}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_appdefault_string:c.krb5_appdefault_string}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_appdefault\_string}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{appname}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{option}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{default\_value}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{ret\_value}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{appname} \sphinxhyphen{} Application name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{realm} \sphinxhyphen{} Realm name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{option} \sphinxhyphen{} Option to be checked - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{default\_value} \sphinxhyphen{} Default value to return if no match is found - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ret\_value} \sphinxhyphen{} String value of \sphinxstyleemphasis{option} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function gets the application defaults for \sphinxstyleemphasis{option} based on the given \sphinxstyleemphasis{appname} and/or \sphinxstyleemphasis{realm} . - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_appdefault\_boolean() - - - - -\subsubsection{krb5\_auth\_con\_free \sphinxhyphen{} Free a krb5\_auth\_context structure.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_free:krb5-auth-con-free-free-a-krb5-auth-context-structure}}\label{\detokenize{appdev/refs/api/krb5_auth_con_free::doc}}\index{krb5\_auth\_con\_free (C function)@\spxentry{krb5\_auth\_con\_free}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_free:c.krb5_auth_con_free}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_free}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context to be freed - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 (always) - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees an auth context allocated by krb5\_auth\_con\_init(). - - -\subsubsection{krb5\_auth\_con\_genaddrs \sphinxhyphen{} Generate auth context addresses from a connected socket.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_genaddrs:krb5-auth-con-genaddrs-generate-auth-context-addresses-from-a-connected-socket}}\label{\detokenize{appdev/refs/api/krb5_auth_con_genaddrs::doc}}\index{krb5\_auth\_con\_genaddrs (C function)@\spxentry{krb5\_auth\_con\_genaddrs}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_genaddrs:c.krb5_auth_con_genaddrs}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_genaddrs}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{infd}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{flags}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{infd} \sphinxhyphen{} Connected socket descriptor - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Flags - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets the local and/or remote addresses in \sphinxstyleemphasis{auth\_context} based on the local and remote endpoints of the socket \sphinxstyleemphasis{infd} . The following flags determine the operations performed: -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR Generate local address. - -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR Generate remote address. - -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR Generate local address and port. - -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR Generate remote address and port. - -\end{itemize} - - -\subsubsection{krb5\_auth\_con\_get\_checksum\_func \sphinxhyphen{} Get the checksum callback from an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_get_checksum_func:krb5-auth-con-get-checksum-func-get-the-checksum-callback-from-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_get_checksum_func::doc}}\index{krb5\_auth\_con\_get\_checksum\_func (C function)@\spxentry{krb5\_auth\_con\_get\_checksum\_func}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_get_checksum_func:c.krb5_auth_con_get_checksum_func}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_get\_checksum\_func}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_mk_req_checksum_func:c.krb5_mk_req_checksum_func}]{\sphinxcrossref{\DUrole{n}{krb5\_mk\_req\_checksum\_func}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{func}, \DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{func} \sphinxhyphen{} Checksum callback - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{data} \sphinxhyphen{} Callback argument - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 (always) - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_auth\_con\_getaddrs \sphinxhyphen{} Retrieve address fields from an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getaddrs:krb5-auth-con-getaddrs-retrieve-address-fields-from-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getaddrs::doc}}\index{krb5\_auth\_con\_getaddrs (C function)@\spxentry{krb5\_auth\_con\_getaddrs}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getaddrs:c.krb5_auth_con_getaddrs}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getaddrs}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{local\_addr}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{remote\_addr}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{local\_addr} \sphinxhyphen{} Local address (NULL if not needed) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{remote\_addr} \sphinxhyphen{} Remote address (NULL if not needed) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_auth\_con\_getauthenticator \sphinxhyphen{} Retrieve the authenticator from an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getauthenticator:krb5-auth-con-getauthenticator-retrieve-the-authenticator-from-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getauthenticator::doc}}\index{krb5\_auth\_con\_getauthenticator (C function)@\spxentry{krb5\_auth\_con\_getauthenticator}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getauthenticator:c.krb5_auth_con_getauthenticator}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getauthenticator}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{authenticator}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{authenticator} \sphinxhyphen{} Authenticator - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success. Otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_authenticator() to free \sphinxstyleemphasis{authenticator} when it is no longer needed. - - -\subsubsection{krb5\_auth\_con\_getflags \sphinxhyphen{} Retrieve flags from a krb5\_auth\_context structure.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getflags:krb5-auth-con-getflags-retrieve-flags-from-a-krb5-auth-context-structure}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getflags::doc}}\index{krb5\_auth\_con\_getflags (C function)@\spxentry{krb5\_auth\_con\_getflags}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getflags:c.krb5_auth_con_getflags}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getflags}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{flags}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Flags bit mask - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 (always) - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Valid values for \sphinxstyleemphasis{flags} are: -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_DO\_TIME Use timestamps - -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_RET\_TIME Save timestamps - -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE Use sequence numbers - -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE Save sequence numbers - -\end{itemize} - - -\subsubsection{krb5\_auth\_con\_getkey \sphinxhyphen{} Retrieve the session key from an auth context as a keyblock.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getkey:krb5-auth-con-getkey-retrieve-the-session-key-from-an-auth-context-as-a-keyblock}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getkey::doc}}\index{krb5\_auth\_con\_getkey (C function)@\spxentry{krb5\_auth\_con\_getkey}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getkey:c.krb5_auth_con_getkey}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getkey}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{keyblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{keyblock} \sphinxhyphen{} Session key - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success. Otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a keyblock containing the session key from \sphinxstyleemphasis{auth\_context} . Use krb5\_free\_keyblock() to free \sphinxstyleemphasis{keyblock} when it is no longer needed - - -\subsubsection{krb5\_auth\_con\_getkey\_k \sphinxhyphen{} Retrieve the session key from an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getkey_k:krb5-auth-con-getkey-k-retrieve-the-session-key-from-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getkey_k::doc}}\index{krb5\_auth\_con\_getkey\_k (C function)@\spxentry{krb5\_auth\_con\_getkey\_k}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getkey_k:c.krb5_auth_con_getkey_k}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getkey\_k}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{key} \sphinxhyphen{} Session key - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 (always) - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets \sphinxstyleemphasis{key} to the session key from \sphinxstyleemphasis{auth\_context} . Use krb5\_k\_free\_key() to release \sphinxstyleemphasis{key} when it is no longer needed. - - -\subsubsection{krb5\_auth\_con\_getlocalseqnumber \sphinxhyphen{} Retrieve the local sequence number from an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getlocalseqnumber:krb5-auth-con-getlocalseqnumber-retrieve-the-local-sequence-number-from-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getlocalseqnumber::doc}}\index{krb5\_auth\_con\_getlocalseqnumber (C function)@\spxentry{krb5\_auth\_con\_getlocalseqnumber}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getlocalseqnumber:c.krb5_auth_con_getlocalseqnumber}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getlocalseqnumber}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{seqnumber}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{seqnumber} \sphinxhyphen{} Local sequence number - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Retrieve the local sequence number from \sphinxstyleemphasis{auth\_context} and return it in \sphinxstyleemphasis{seqnumber} . The \#KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE flag must be set in \sphinxstyleemphasis{auth\_context} for this function to be useful. - - -\subsubsection{krb5\_auth\_con\_getrcache \sphinxhyphen{} Retrieve the replay cache from an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getrcache:krb5-auth-con-getrcache-retrieve-the-replay-cache-from-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getrcache::doc}}\index{krb5\_auth\_con\_getrcache (C function)@\spxentry{krb5\_auth\_con\_getrcache}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getrcache:c.krb5_auth_con_getrcache}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getrcache}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_rcache:c.krb5_rcache}]{\sphinxcrossref{\DUrole{n}{krb5\_rcache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{rcache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rcache} \sphinxhyphen{} Replay cache handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 (always) - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function fetches the replay cache from \sphinxstyleemphasis{auth\_context} . The caller should not close \sphinxstyleemphasis{rcache} . - - -\subsubsection{krb5\_auth\_con\_getrecvsubkey \sphinxhyphen{} Retrieve the receiving subkey from an auth context as a keyblock.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getrecvsubkey:krb5-auth-con-getrecvsubkey-retrieve-the-receiving-subkey-from-an-auth-context-as-a-keyblock}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getrecvsubkey::doc}}\index{krb5\_auth\_con\_getrecvsubkey (C function)@\spxentry{krb5\_auth\_con\_getrecvsubkey}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getrecvsubkey:c.krb5_auth_con_getrecvsubkey}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getrecvsubkey}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{ac}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{keyblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ac} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{keyblock} \sphinxhyphen{} Receiving subkey - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a keyblock containing the receiving subkey from \sphinxstyleemphasis{auth\_context} . Use krb5\_free\_keyblock() to free \sphinxstyleemphasis{keyblock} when it is no longer needed. - - -\subsubsection{krb5\_auth\_con\_getrecvsubkey\_k \sphinxhyphen{} Retrieve the receiving subkey from an auth context as a keyblock.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getrecvsubkey_k:krb5-auth-con-getrecvsubkey-k-retrieve-the-receiving-subkey-from-an-auth-context-as-a-keyblock}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getrecvsubkey_k::doc}}\index{krb5\_auth\_con\_getrecvsubkey\_k (C function)@\spxentry{krb5\_auth\_con\_getrecvsubkey\_k}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getrecvsubkey_k:c.krb5_auth_con_getrecvsubkey_k}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getrecvsubkey\_k}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{ac}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ac} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{key} \sphinxhyphen{} Receiving subkey - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets \sphinxstyleemphasis{key} to the receiving subkey from \sphinxstyleemphasis{auth\_context} . Use krb5\_k\_free\_key() to release \sphinxstyleemphasis{key} when it is no longer needed. - - -\subsubsection{krb5\_auth\_con\_getremoteseqnumber \sphinxhyphen{} Retrieve the remote sequence number from an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getremoteseqnumber:krb5-auth-con-getremoteseqnumber-retrieve-the-remote-sequence-number-from-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getremoteseqnumber::doc}}\index{krb5\_auth\_con\_getremoteseqnumber (C function)@\spxentry{krb5\_auth\_con\_getremoteseqnumber}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getremoteseqnumber:c.krb5_auth_con_getremoteseqnumber}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getremoteseqnumber}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{seqnumber}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{seqnumber} \sphinxhyphen{} Remote sequence number - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Retrieve the remote sequence number from \sphinxstyleemphasis{auth\_context} and return it in \sphinxstyleemphasis{seqnumber} . The \#KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE flag must be set in \sphinxstyleemphasis{auth\_context} for this function to be useful. - - -\subsubsection{krb5\_auth\_con\_getsendsubkey \sphinxhyphen{} Retrieve the send subkey from an auth context as a keyblock.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getsendsubkey:krb5-auth-con-getsendsubkey-retrieve-the-send-subkey-from-an-auth-context-as-a-keyblock}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getsendsubkey::doc}}\index{krb5\_auth\_con\_getsendsubkey (C function)@\spxentry{krb5\_auth\_con\_getsendsubkey}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getsendsubkey:c.krb5_auth_con_getsendsubkey}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getsendsubkey}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{ac}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{keyblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ac} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{keyblock} \sphinxhyphen{} Send subkey - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a keyblock containing the send subkey from \sphinxstyleemphasis{auth\_context} . Use krb5\_free\_keyblock() to free \sphinxstyleemphasis{keyblock} when it is no longer needed. - - -\subsubsection{krb5\_auth\_con\_getsendsubkey\_k \sphinxhyphen{} Retrieve the send subkey from an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getsendsubkey_k:krb5-auth-con-getsendsubkey-k-retrieve-the-send-subkey-from-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getsendsubkey_k::doc}}\index{krb5\_auth\_con\_getsendsubkey\_k (C function)@\spxentry{krb5\_auth\_con\_getsendsubkey\_k}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getsendsubkey_k:c.krb5_auth_con_getsendsubkey_k}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getsendsubkey\_k}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{ac}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ac} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{key} \sphinxhyphen{} Send subkey - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets \sphinxstyleemphasis{key} to the send subkey from \sphinxstyleemphasis{auth\_context} . Use krb5\_k\_free\_key() to release \sphinxstyleemphasis{key} when it is no longer needed. - - -\subsubsection{krb5\_auth\_con\_init \sphinxhyphen{} Create and initialize an authentication context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_init:krb5-auth-con-init-create-and-initialize-an-authentication-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_init::doc}}\index{krb5\_auth\_con\_init (C function)@\spxentry{krb5\_auth\_con\_init}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_init:c.krb5_auth_con_init}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_init}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{auth\_context}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates an authentication context to hold configuration and state relevant to krb5 functions for authenticating principals and protecting messages once authentication has occurred. - -\sphinxAtStartPar -By default, flags for the context are set to enable the use of the replay cache (\#KRB5\_AUTH\_CONTEXT\_DO\_TIME), but not sequence numbers. Use krb5\_auth\_con\_setflags() to change the flags. - -\sphinxAtStartPar -The allocated \sphinxstyleemphasis{auth\_context} must be freed with krb5\_auth\_con\_free() when it is no longer needed. - - -\subsubsection{krb5\_auth\_con\_set\_checksum\_func \sphinxhyphen{} Set a checksum callback in an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_set_checksum_func:krb5-auth-con-set-checksum-func-set-a-checksum-callback-in-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_set_checksum_func::doc}}\index{krb5\_auth\_con\_set\_checksum\_func (C function)@\spxentry{krb5\_auth\_con\_set\_checksum\_func}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_set_checksum_func:c.krb5_auth_con_set_checksum_func}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_set\_checksum\_func}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_mk_req_checksum_func:c.krb5_mk_req_checksum_func}]{\sphinxcrossref{\DUrole{n}{krb5\_mk\_req\_checksum\_func}}}}\DUrole{w}{ }\DUrole{n}{func}, \DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{func} \sphinxhyphen{} Checksum callback - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} Callback argument - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 (always) - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Set a callback to obtain checksum data in krb5\_mk\_req(). The callback will be invoked after the subkey and local sequence number are stored in \sphinxstyleemphasis{auth\_context} . - - -\subsubsection{krb5\_auth\_con\_set\_req\_cksumtype \sphinxhyphen{} Set checksum type in an an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_set_req_cksumtype:krb5-auth-con-set-req-cksumtype-set-checksum-type-in-an-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_set_req_cksumtype::doc}}\index{krb5\_auth\_con\_set\_req\_cksumtype (C function)@\spxentry{krb5\_auth\_con\_set\_req\_cksumtype}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_set_req_cksumtype:c.krb5_auth_con_set_req_cksumtype}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_set\_req\_cksumtype}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{cksumtype}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksumtype} \sphinxhyphen{} Checksum type - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success. Otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets the checksum type in \sphinxstyleemphasis{auth\_context} to be used by krb5\_mk\_req() for the authenticator checksum. - - -\subsubsection{krb5\_auth\_con\_setaddrs \sphinxhyphen{} Set the local and remote addresses in an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_setaddrs:krb5-auth-con-setaddrs-set-the-local-and-remote-addresses-in-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_setaddrs::doc}}\index{krb5\_auth\_con\_setaddrs (C function)@\spxentry{krb5\_auth\_con\_setaddrs}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_setaddrs:c.krb5_auth_con_setaddrs}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_setaddrs}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{local\_addr}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{remote\_addr}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{local\_addr} \sphinxhyphen{} Local address - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{remote\_addr} \sphinxhyphen{} Remote address - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function releases the storage assigned to the contents of the local and remote addresses of \sphinxstyleemphasis{auth\_context} and then sets them to \sphinxstyleemphasis{local\_addr} and \sphinxstyleemphasis{remote\_addr} respectively. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_auth\_con\_genaddrs() - - - - -\subsubsection{krb5\_auth\_con\_setflags \sphinxhyphen{} Set a flags field in a krb5\_auth\_context structure.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_setflags:krb5-auth-con-setflags-set-a-flags-field-in-a-krb5-auth-context-structure}}\label{\detokenize{appdev/refs/api/krb5_auth_con_setflags::doc}}\index{krb5\_auth\_con\_setflags (C function)@\spxentry{krb5\_auth\_con\_setflags}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_setflags:c.krb5_auth_con_setflags}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_setflags}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{n}{flags}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Flags bit mask - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 (always) - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Valid values for \sphinxstyleemphasis{flags} are: -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_DO\_TIME Use timestamps - -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_RET\_TIME Save timestamps - -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE Use sequence numbers - -\item {} -\sphinxAtStartPar -\#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE Save sequence numbers - -\end{itemize} - - -\subsubsection{krb5\_auth\_con\_setports \sphinxhyphen{} Set local and remote port fields in an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_setports:krb5-auth-con-setports-set-local-and-remote-port-fields-in-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_setports::doc}}\index{krb5\_auth\_con\_setports (C function)@\spxentry{krb5\_auth\_con\_setports}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_setports:c.krb5_auth_con_setports}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_setports}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{local\_port}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{remote\_port}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{local\_port} \sphinxhyphen{} Local port - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{remote\_port} \sphinxhyphen{} Remote port - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function releases the storage assigned to the contents of the local and remote ports of \sphinxstyleemphasis{auth\_context} and then sets them to \sphinxstyleemphasis{local\_port} and \sphinxstyleemphasis{remote\_port} respectively. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_auth\_con\_genaddrs() - - - - -\subsubsection{krb5\_auth\_con\_setrcache \sphinxhyphen{} Set the replay cache in an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_setrcache:krb5-auth-con-setrcache-set-the-replay-cache-in-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_setrcache::doc}}\index{krb5\_auth\_con\_setrcache (C function)@\spxentry{krb5\_auth\_con\_setrcache}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_setrcache:c.krb5_auth_con_setrcache}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_setrcache}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_rcache:c.krb5_rcache}]{\sphinxcrossref{\DUrole{n}{krb5\_rcache}}}}\DUrole{w}{ }\DUrole{n}{rcache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{rcache} \sphinxhyphen{} Replay cache haddle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets the replay cache in \sphinxstyleemphasis{auth\_context} to \sphinxstyleemphasis{rcache} . \sphinxstyleemphasis{rcache} will be closed when \sphinxstyleemphasis{auth\_context} is freed, so the caller should relinquish that responsibility. - - -\subsubsection{krb5\_auth\_con\_setrecvsubkey \sphinxhyphen{} Set the receiving subkey in an auth context with a keyblock.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_setrecvsubkey:krb5-auth-con-setrecvsubkey-set-the-receiving-subkey-in-an-auth-context-with-a-keyblock}}\label{\detokenize{appdev/refs/api/krb5_auth_con_setrecvsubkey::doc}}\index{krb5\_auth\_con\_setrecvsubkey (C function)@\spxentry{krb5\_auth\_con\_setrecvsubkey}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_setrecvsubkey:c.krb5_auth_con_setrecvsubkey}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_setrecvsubkey}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{ac}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keyblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ac} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keyblock} \sphinxhyphen{} Receiving subkey - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets the receiving subkey in \sphinxstyleemphasis{ac} to a copy of \sphinxstyleemphasis{keyblock} . - - -\subsubsection{krb5\_auth\_con\_setrecvsubkey\_k \sphinxhyphen{} Set the receiving subkey in an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_setrecvsubkey_k:krb5-auth-con-setrecvsubkey-k-set-the-receiving-subkey-in-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_setrecvsubkey_k::doc}}\index{krb5\_auth\_con\_setrecvsubkey\_k (C function)@\spxentry{krb5\_auth\_con\_setrecvsubkey\_k}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_setrecvsubkey_k:c.krb5_auth_con_setrecvsubkey_k}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_setrecvsubkey\_k}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{ac}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ac} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Receiving subkey - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets the receiving subkey in \sphinxstyleemphasis{ac} to \sphinxstyleemphasis{key} , incrementing its reference count. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_auth\_con\_setsendsubkey \sphinxhyphen{} Set the send subkey in an auth context with a keyblock.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_setsendsubkey:krb5-auth-con-setsendsubkey-set-the-send-subkey-in-an-auth-context-with-a-keyblock}}\label{\detokenize{appdev/refs/api/krb5_auth_con_setsendsubkey::doc}}\index{krb5\_auth\_con\_setsendsubkey (C function)@\spxentry{krb5\_auth\_con\_setsendsubkey}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_setsendsubkey:c.krb5_auth_con_setsendsubkey}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_setsendsubkey}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{ac}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keyblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ac} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keyblock} \sphinxhyphen{} Send subkey - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success. Otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets the send subkey in \sphinxstyleemphasis{ac} to a copy of \sphinxstyleemphasis{keyblock} . - - -\subsubsection{krb5\_auth\_con\_setsendsubkey\_k \sphinxhyphen{} Set the send subkey in an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_setsendsubkey_k:krb5-auth-con-setsendsubkey-k-set-the-send-subkey-in-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_setsendsubkey_k::doc}}\index{krb5\_auth\_con\_setsendsubkey\_k (C function)@\spxentry{krb5\_auth\_con\_setsendsubkey\_k}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_setsendsubkey_k:c.krb5_auth_con_setsendsubkey_k}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_setsendsubkey\_k}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{ac}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ac} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{key} \sphinxhyphen{} Send subkey - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets the send subkey in \sphinxstyleemphasis{ac} to \sphinxstyleemphasis{key} , incrementing its reference count. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_auth\_con\_setuseruserkey \sphinxhyphen{} Set the session key in an auth context.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_setuseruserkey:krb5-auth-con-setuseruserkey-set-the-session-key-in-an-auth-context}}\label{\detokenize{appdev/refs/api/krb5_auth_con_setuseruserkey::doc}}\index{krb5\_auth\_con\_setuseruserkey (C function)@\spxentry{krb5\_auth\_con\_setuseruserkey}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_setuseruserkey:c.krb5_auth_con_setuseruserkey}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_setuseruserkey}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keyblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keyblock} \sphinxhyphen{} User key - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_cc\_cache\_match \sphinxhyphen{} Find a credential cache with a specified client principal.} -\label{\detokenize{appdev/refs/api/krb5_cc_cache_match:krb5-cc-cache-match-find-a-credential-cache-with-a-specified-client-principal}}\label{\detokenize{appdev/refs/api/krb5_cc_cache_match::doc}}\index{krb5\_cc\_cache\_match (C function)@\spxentry{krb5\_cc\_cache\_match}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_cache_match:c.krb5_cc_cache_match}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_cache\_match}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{client}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cache\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{client} \sphinxhyphen{} Client principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cache\_out} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KRB5\_CC\_NOTFOUND None - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Find a cache within the collection whose default principal is \sphinxstyleemphasis{client} . Use \sphinxstyleemphasis{krb5\_cc\_close} to close \sphinxstyleemphasis{ccache} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.10 -\end{sphinxadmonition} - - -\subsubsection{krb5\_cc\_copy\_creds \sphinxhyphen{} Copy a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_copy_creds:krb5-cc-copy-creds-copy-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_copy_creds::doc}}\index{krb5\_cc\_copy\_creds (C function)@\spxentry{krb5\_cc\_copy\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_copy_creds:c.krb5_cc_copy_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_copy\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{incc}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{outcc}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{incc} \sphinxhyphen{} Credential cache to be copied - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outcc} \sphinxhyphen{} Copy of credential cache to be filled in - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_cc\_end\_seq\_get \sphinxhyphen{} Finish a series of sequential processing credential cache entries.} -\label{\detokenize{appdev/refs/api/krb5_cc_end_seq_get:krb5-cc-end-seq-get-finish-a-series-of-sequential-processing-credential-cache-entries}}\label{\detokenize{appdev/refs/api/krb5_cc_end_seq_get::doc}}\index{krb5\_cc\_end\_seq\_get (C function)@\spxentry{krb5\_cc\_end\_seq\_get}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_end_seq_get:c.krb5_cc_end_seq_get}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_end\_seq\_get}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, {\hyperref[\detokenize{appdev/refs/types/krb5_cc_cursor:c.krb5_cc_cursor}]{\sphinxcrossref{\DUrole{n}{krb5\_cc\_cursor}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cursor}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cursor} \sphinxhyphen{} Cursor - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 (always) - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function finishes processing credential cache entries and invalidates \sphinxstyleemphasis{cursor} . - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_cc\_start\_seq\_get(), krb5\_cc\_next\_cred() - - - - -\subsubsection{krb5\_cc\_get\_config \sphinxhyphen{} Get a configuration value from a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_get_config:krb5-cc-get-config-get-a-configuration-value-from-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_get_config::doc}}\index{krb5\_cc\_get\_config (C function)@\spxentry{krb5\_cc\_get\_config}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_get_config:c.krb5_cc_get_config}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_get\_config}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{id}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{id} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Configuration for this principal; if NULL, global for the whole cache - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Name of config variable - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{data} \sphinxhyphen{} Data to be fetched - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{data} when it is no longer needed. - - -\subsubsection{krb5\_cc\_get\_flags \sphinxhyphen{} Retrieve flags from a credential cache structure.} -\label{\detokenize{appdev/refs/api/krb5_cc_get_flags:krb5-cc-get-flags-retrieve-flags-from-a-credential-cache-structure}}\label{\detokenize{appdev/refs/api/krb5_cc_get_flags::doc}}\index{krb5\_cc\_get\_flags (C function)@\spxentry{krb5\_cc\_get\_flags}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_get_flags:c.krb5_cc_get_flags}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_get\_flags}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{flags}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Flag bit mask - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\begin{sphinxadmonition}{warning}{Warning:} -\sphinxAtStartPar -For memory credential cache always returns a flag mask of 0. -\end{sphinxadmonition} - - -\subsubsection{krb5\_cc\_get\_full\_name \sphinxhyphen{} Retrieve the full name of a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_get_full_name:krb5-cc-get-full-name-retrieve-the-full-name-of-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_get_full_name::doc}}\index{krb5\_cc\_get\_full\_name (C function)@\spxentry{krb5\_cc\_get\_full\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_get_full_name:c.krb5_cc_get_full_name}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_get\_full\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{fullname\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{fullname\_out} \sphinxhyphen{} Full name of cache - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_string() to free \sphinxstyleemphasis{fullname\_out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.10 -\end{sphinxadmonition} - - -\subsubsection{krb5\_cc\_move \sphinxhyphen{} Move a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_move:krb5-cc-move-move-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_move::doc}}\index{krb5\_cc\_move (C function)@\spxentry{krb5\_cc\_move}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_move:c.krb5_cc_move}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_move}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{src}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{dst}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{src} \sphinxhyphen{} The credential cache to move the content from - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{dst} \sphinxhyphen{} The credential cache to move the content to - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; src is closed. - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes; src is still allocated. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function reinitializes \sphinxstyleemphasis{dst} and populates it with the credentials and default principal of \sphinxstyleemphasis{src} ; then, if successful, destroys \sphinxstyleemphasis{src} . - - -\subsubsection{krb5\_cc\_next\_cred \sphinxhyphen{} Retrieve the next entry from the credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_next_cred:krb5-cc-next-cred-retrieve-the-next-entry-from-the-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_next_cred::doc}}\index{krb5\_cc\_next\_cred (C function)@\spxentry{krb5\_cc\_next\_cred}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_next_cred:c.krb5_cc_next_cred}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_next\_cred}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, {\hyperref[\detokenize{appdev/refs/types/krb5_cc_cursor:c.krb5_cc_cursor}]{\sphinxcrossref{\DUrole{n}{krb5\_cc\_cursor}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cursor}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cursor} \sphinxhyphen{} Cursor - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Next credential cache entry - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function fills in \sphinxstyleemphasis{creds} with the next entry in \sphinxstyleemphasis{cache} and advances \sphinxstyleemphasis{cursor} . - -\sphinxAtStartPar -Use krb5\_free\_cred\_contents() to free \sphinxstyleemphasis{creds} when it is no longer needed. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_cc\_start\_seq\_get(), krb5\_end\_seq\_get() - - - - -\subsubsection{krb5\_cc\_remove\_cred \sphinxhyphen{} Remove credentials from a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_remove_cred:krb5-cc-remove-cred-remove-credentials-from-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_remove_cred::doc}}\index{krb5\_cc\_remove\_cred (C function)@\spxentry{krb5\_cc\_remove\_cred}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_remove_cred:c.krb5_cc_remove_cred}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_remove\_cred}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{flags}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Bitwise\sphinxhyphen{}ORed search flags - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Credentials to be matched - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -KRB5\_CC\_NOSUPP Not implemented for this cache type - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -No matches found; Data cannot be deleted; Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function accepts the same flag values as krb5\_cc\_retrieve\_cred(). - -\begin{sphinxadmonition}{warning}{Warning:} -\sphinxAtStartPar -This function is not implemented for some cache types. -\end{sphinxadmonition} - - -\subsubsection{krb5\_cc\_retrieve\_cred \sphinxhyphen{} Retrieve a specified credentials from a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_retrieve_cred:krb5-cc-retrieve-cred-retrieve-a-specified-credentials-from-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_retrieve_cred::doc}}\index{krb5\_cc\_retrieve\_cred (C function)@\spxentry{krb5\_cc\_retrieve\_cred}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_retrieve_cred:c.krb5_cc_retrieve_cred}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_retrieve\_cred}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{flags}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{mcreds}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Flags bit mask - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{mcreds} \sphinxhyphen{} Credentials to match - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Credentials matching the requested value - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function searches a credential cache for credentials matching \sphinxstyleemphasis{mcreds} and returns it if found. - -\sphinxAtStartPar -Valid values for \sphinxstyleemphasis{flags} are: -\begin{quote} -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_TC\_MATCH\_TIMES The requested lifetime must be at least as great as in \sphinxstyleemphasis{mcreds} . - -\item {} -\sphinxAtStartPar -\#KRB5\_TC\_MATCH\_IS\_SKEY The \sphinxstyleemphasis{is\_skey} field much match exactly. - -\item {} -\sphinxAtStartPar -\#KRB5\_TC\_MATCH\_FLAGS Flags set in \sphinxstyleemphasis{mcreds} must be set. - -\item {} -\sphinxAtStartPar -\#KRB5\_TC\_MATCH\_TIMES\_EXACT The requested lifetime must match exactly. - -\item {} -\sphinxAtStartPar -\#KRB5\_TC\_MATCH\_FLAGS\_EXACT Flags must match exactly. - -\item {} -\sphinxAtStartPar -\#KRB5\_TC\_MATCH\_AUTHDATA The authorization data must match. - -\item {} -\sphinxAtStartPar -\#KRB5\_TC\_MATCH\_SRV\_NAMEONLY Only the name portion of the principal name must match, not the realm. - -\item {} -\sphinxAtStartPar -\#KRB5\_TC\_MATCH\_2ND\_TKT The second tickets must match. - -\item {} -\sphinxAtStartPar -\#KRB5\_TC\_MATCH\_KTYPE The encryption key types must match. - -\item {} -\sphinxAtStartPar -\#KRB5\_TC\_SUPPORTED\_KTYPES Check all matching entries that have any supported encryption type and return the one with the encryption type listed earliest. - -\end{itemize} - -\sphinxAtStartPar -Use krb5\_free\_cred\_contents() to free \sphinxstyleemphasis{creds} when it is no longer needed. -\end{quote} - - -\subsubsection{krb5\_cc\_select \sphinxhyphen{} Select a credential cache to use with a server principal.} -\label{\detokenize{appdev/refs/api/krb5_cc_select:krb5-cc-select-select-a-credential-cache-to-use-with-a-server-principal}}\label{\detokenize{appdev/refs/api/krb5_cc_select::doc}}\index{krb5\_cc\_select (C function)@\spxentry{krb5\_cc\_select}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_select:c.krb5_cc_select}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_select}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{server}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cache\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{princ\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Server principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cache\_out} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{princ\_out} \sphinxhyphen{} Client principal - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -If an appropriate cache is found, 0 is returned, cache\_out is set to the selected cache, and princ\_out is set to the default principal of that cache. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Select a cache within the collection containing credentials most appropriate for use with \sphinxstyleemphasis{server} , according to configured rules and heuristics. - -\sphinxAtStartPar -Use krb5\_cc\_close() to release \sphinxstyleemphasis{cache\_out} when it is no longer needed. Use krb5\_free\_principal() to release \sphinxstyleemphasis{princ\_out} when it is no longer needed. Note that \sphinxstyleemphasis{princ\_out} is set in some error conditions. - -\sphinxAtStartPar -If the appropriate client principal can be authoritatively determined but the cache collection contains no credentials for that principal, then KRB5\_CC\_NOTFOUND is returned, \sphinxstyleemphasis{cache\_out} is set to NULL, and \sphinxstyleemphasis{princ\_out} is set to the appropriate client principal. - -\sphinxAtStartPar -If no configured mechanism can determine the appropriate cache or principal, KRB5\_CC\_NOTFOUND is returned and \sphinxstyleemphasis{cache\_out} and \sphinxstyleemphasis{princ\_out} are set to NULL. - -\sphinxAtStartPar -Any other error code indicates a fatal error in the processing of a cache selection mechanism. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.10 -\end{sphinxadmonition} - - -\subsubsection{krb5\_cc\_set\_config \sphinxhyphen{} Store a configuration value in a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_set_config:krb5-cc-set-config-store-a-configuration-value-in-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_set_config::doc}}\index{krb5\_cc\_set\_config (C function)@\spxentry{krb5\_cc\_set\_config}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_set_config:c.krb5_cc_set_config}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_set\_config}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{id}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{id} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Configuration for a specific principal; if NULL, global for the whole cache - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Name of config variable - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} Data to store, or NULL to remove - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\begin{sphinxadmonition}{warning}{Warning:} -\sphinxAtStartPar -Before version 1.10 \sphinxstyleemphasis{data} was assumed to be always non\sphinxhyphen{}null. -\end{sphinxadmonition} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -Existing configuration under the same key is over\sphinxhyphen{}written. -\end{sphinxadmonition} - - -\subsubsection{krb5\_cc\_set\_default\_name \sphinxhyphen{} Set the default credential cache name.} -\label{\detokenize{appdev/refs/api/krb5_cc_set_default_name:krb5-cc-set-default-name-set-the-default-credential-cache-name}}\label{\detokenize{appdev/refs/api/krb5_cc_set_default_name::doc}}\index{krb5\_cc\_set\_default\_name (C function)@\spxentry{krb5\_cc\_set\_default\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_set_default_name:c.krb5_cc_set_default_name}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_set\_default\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{name}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{name} \sphinxhyphen{} Default credential cache name or NULL - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KV5M\_CONTEXT Bad magic number for \_krb5\_context structure - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Set the default credential cache name to \sphinxstyleemphasis{name} for future operations using \sphinxstyleemphasis{context} . If \sphinxstyleemphasis{name} is NULL, clear any previous application\sphinxhyphen{}set default name and forget any cached value of the default name for \sphinxstyleemphasis{context} . - -\sphinxAtStartPar -Calls to this function invalidate the result of any previous calls to krb5\_cc\_default\_name() using \sphinxstyleemphasis{context} . - - -\subsubsection{krb5\_cc\_set\_flags \sphinxhyphen{} Set options flags on a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_set_flags:krb5-cc-set-flags-set-options-flags-on-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_set_flags::doc}}\index{krb5\_cc\_set\_flags (C function)@\spxentry{krb5\_cc\_set\_flags}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_set_flags:c.krb5_cc_set_flags}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_set\_flags}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{flags}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Flag bit mask - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function resets \sphinxstyleemphasis{cache} flags to \sphinxstyleemphasis{flags} . - - -\subsubsection{krb5\_cc\_start\_seq\_get \sphinxhyphen{} Prepare to sequentially read every credential in a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_start_seq_get:krb5-cc-start-seq-get-prepare-to-sequentially-read-every-credential-in-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_start_seq_get::doc}}\index{krb5\_cc\_start\_seq\_get (C function)@\spxentry{krb5\_cc\_start\_seq\_get}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_start_seq_get:c.krb5_cc_start_seq_get}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_start\_seq\_get}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, {\hyperref[\detokenize{appdev/refs/types/krb5_cc_cursor:c.krb5_cc_cursor}]{\sphinxcrossref{\DUrole{n}{krb5\_cc\_cursor}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cursor}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cursor} \sphinxhyphen{} Cursor - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -krb5\_cc\_end\_seq\_get() must be called to complete the retrieve operation. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If the cache represented by \sphinxstyleemphasis{cache} is modified between the time of the call to this function and the time of the final krb5\_cc\_end\_seq\_get(), these changes may not be reflected in the results of krb5\_cc\_next\_cred() calls. -\end{sphinxadmonition} - - -\subsubsection{krb5\_cc\_store\_cred \sphinxhyphen{} Store credentials in a credential cache.} -\label{\detokenize{appdev/refs/api/krb5_cc_store_cred:krb5-cc-store-cred-store-credentials-in-a-credential-cache}}\label{\detokenize{appdev/refs/api/krb5_cc_store_cred::doc}}\index{krb5\_cc\_store\_cred (C function)@\spxentry{krb5\_cc\_store\_cred}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_store_cred:c.krb5_cc_store_cred}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_store\_cred}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Credentials to be stored in cache - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Permission errors; storage failure errors; Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function stores \sphinxstyleemphasis{creds} into \sphinxstyleemphasis{cache} . If \sphinxstyleemphasis{creds\sphinxhyphen{}\textgreater{}server} and the server in the decoded ticket \sphinxstyleemphasis{creds\sphinxhyphen{}\textgreater{}ticket} differ, the credentials will be stored under both server principal names. - - -\subsubsection{krb5\_cc\_support\_switch \sphinxhyphen{} Determine whether a credential cache type supports switching.} -\label{\detokenize{appdev/refs/api/krb5_cc_support_switch:krb5-cc-support-switch-determine-whether-a-credential-cache-type-supports-switching}}\label{\detokenize{appdev/refs/api/krb5_cc_support_switch::doc}}\index{krb5\_cc\_support\_switch (C function)@\spxentry{krb5\_cc\_support\_switch}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_support_switch:c.krb5_cc_support_switch}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_support\_switch}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{type}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{type} \sphinxhyphen{} Credential cache type - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if type supports switching - -\item {} -\sphinxAtStartPar -FALSE if it does not or is not a valid credential cache type. - -\end{itemize} - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.10 -\end{sphinxadmonition} - - -\subsubsection{krb5\_cc\_switch \sphinxhyphen{} Make a credential cache the primary cache for its collection.} -\label{\detokenize{appdev/refs/api/krb5_cc_switch:krb5-cc-switch-make-a-credential-cache-the-primary-cache-for-its-collection}}\label{\detokenize{appdev/refs/api/krb5_cc_switch::doc}}\index{krb5\_cc\_switch (C function)@\spxentry{krb5\_cc\_switch}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_switch:c.krb5_cc_switch}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_switch}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{cache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cache} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success, or the type of cache doesn’t support switching - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -If the type of \sphinxstyleemphasis{cache} supports it, set \sphinxstyleemphasis{cache} to be the primary credential cache for the collection it belongs to. - - -\subsubsection{krb5\_cccol\_cursor\_free \sphinxhyphen{} Free a credential cache collection cursor.} -\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_free:krb5-cccol-cursor-free-free-a-credential-cache-collection-cursor}}\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_free::doc}}\index{krb5\_cccol\_cursor\_free (C function)@\spxentry{krb5\_cccol\_cursor\_free}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_free:c.krb5_cccol_cursor_free}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cccol\_cursor\_free}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cccol_cursor:c.krb5_cccol_cursor}]{\sphinxcrossref{\DUrole{n}{krb5\_cccol\_cursor}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cursor}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cursor} \sphinxhyphen{} Cursor - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_cccol\_cursor\_new(), krb5\_cccol\_cursor\_next() - - - - -\subsubsection{krb5\_cccol\_cursor\_new \sphinxhyphen{} Prepare to iterate over the collection of known credential caches.} -\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_new:krb5-cccol-cursor-new-prepare-to-iterate-over-the-collection-of-known-credential-caches}}\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_new::doc}}\index{krb5\_cccol\_cursor\_new (C function)@\spxentry{krb5\_cccol\_cursor\_new}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_new:c.krb5_cccol_cursor_new}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cccol\_cursor\_new}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cccol_cursor:c.krb5_cccol_cursor}]{\sphinxcrossref{\DUrole{n}{krb5\_cccol\_cursor}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cursor}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cursor} \sphinxhyphen{} Cursor - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Get a new cache iteration \sphinxstyleemphasis{cursor} that will iterate over all known credential caches independent of type. - -\sphinxAtStartPar -Use krb5\_cccol\_cursor\_free() to release \sphinxstyleemphasis{cursor} when it is no longer needed. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_cccol\_cursor\_next() - - - - -\subsubsection{krb5\_cccol\_cursor\_next \sphinxhyphen{} Get the next credential cache in the collection.} -\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_next:krb5-cccol-cursor-next-get-the-next-credential-cache-in-the-collection}}\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_next::doc}}\index{krb5\_cccol\_cursor\_next (C function)@\spxentry{krb5\_cccol\_cursor\_next}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cccol_cursor_next:c.krb5_cccol_cursor_next}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cccol\_cursor\_next}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cccol_cursor:c.krb5_cccol_cursor}]{\sphinxcrossref{\DUrole{n}{krb5\_cccol\_cursor}}}}\DUrole{w}{ }\DUrole{n}{cursor}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ccache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cursor} \sphinxhyphen{} Cursor - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_cc\_close() to close \sphinxstyleemphasis{ccache} when it is no longer needed. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_cccol\_cursor\_new(), krb5\_cccol\_cursor\_free() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -When all caches are iterated over and the end of the list is reached, \sphinxstyleemphasis{ccache} is set to NULL. -\end{sphinxadmonition} - - -\subsubsection{krb5\_cccol\_have\_content \sphinxhyphen{} Check if the credential cache collection contains any initialized caches.} -\label{\detokenize{appdev/refs/api/krb5_cccol_have_content:krb5-cccol-have-content-check-if-the-credential-cache-collection-contains-any-initialized-caches}}\label{\detokenize{appdev/refs/api/krb5_cccol_have_content::doc}}\index{krb5\_cccol\_have\_content (C function)@\spxentry{krb5\_cccol\_have\_content}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cccol_have_content:c.krb5_cccol_have_content}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cccol\_have\_content}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 At least one initialized cache is present in the collection - -\item {} -\sphinxAtStartPar -KRB5\_CC\_NOTFOUND The collection contains no caches - -\end{itemize} - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_clear\_error\_message \sphinxhyphen{} Clear the extended error message in a context.} -\label{\detokenize{appdev/refs/api/krb5_clear_error_message:krb5-clear-error-message-clear-the-extended-error-message-in-a-context}}\label{\detokenize{appdev/refs/api/krb5_clear_error_message::doc}}\index{krb5\_clear\_error\_message (C function)@\spxentry{krb5\_clear\_error\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_clear_error_message:c.krb5_clear_error_message}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_clear\_error\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\end{description}\end{quote} - -\sphinxAtStartPar -This function unsets the extended error message in a context, to ensure that it is not mistakenly applied to another occurrence of the same error code. - - -\subsubsection{krb5\_check\_clockskew \sphinxhyphen{} Check if a timestamp is within the allowed clock skew of the current time.} -\label{\detokenize{appdev/refs/api/krb5_check_clockskew:krb5-check-clockskew-check-if-a-timestamp-is-within-the-allowed-clock-skew-of-the-current-time}}\label{\detokenize{appdev/refs/api/krb5_check_clockskew::doc}}\index{krb5\_check\_clockskew (C function)@\spxentry{krb5\_check\_clockskew}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_check_clockskew:c.krb5_check_clockskew}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_check\_clockskew}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{n}{date}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{date} \sphinxhyphen{} Timestamp to check - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KRB5KRB\_AP\_ERR\_SKEW date is not within allowable clock skew - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function checks if \sphinxstyleemphasis{date} is close enough to the current time according to the configured allowable clock skew. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.10 -\end{sphinxadmonition} - - -\subsubsection{krb5\_copy\_addresses \sphinxhyphen{} Copy an array of addresses.} -\label{\detokenize{appdev/refs/api/krb5_copy_addresses:krb5-copy-addresses-copy-an-array-of-addresses}}\label{\detokenize{appdev/refs/api/krb5_copy_addresses::doc}}\index{krb5\_copy\_addresses (C function)@\spxentry{krb5\_copy\_addresses}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_addresses:c.krb5_copy_addresses}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_addresses}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{inaddr}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{outaddr}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inaddr} \sphinxhyphen{} Array of addresses to be copied - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outaddr} \sphinxhyphen{} Copy of array of addresses - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new address array containing a copy of \sphinxstyleemphasis{inaddr} . Use krb5\_free\_addresses() to free \sphinxstyleemphasis{outaddr} when it is no longer needed. - - -\subsubsection{krb5\_copy\_authdata \sphinxhyphen{} Copy an authorization data list.} -\label{\detokenize{appdev/refs/api/krb5_copy_authdata:krb5-copy-authdata-copy-an-authorization-data-list}}\label{\detokenize{appdev/refs/api/krb5_copy_authdata::doc}}\index{krb5\_copy\_authdata (C function)@\spxentry{krb5\_copy\_authdata}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_authdata:c.krb5_copy_authdata}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_authdata}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_authdat}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_authdat} \sphinxhyphen{} List of \sphinxstyleemphasis{krb5\_authdata} structures - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out} \sphinxhyphen{} New array of \sphinxstyleemphasis{krb5\_authdata} structures - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new authorization data list containing a copy of \sphinxstyleemphasis{in\_authdat} , which must be null\sphinxhyphen{}terminated. Use krb5\_free\_authdata() to free \sphinxstyleemphasis{out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The last array entry in \sphinxstyleemphasis{in\_authdat} must be a NULL pointer. -\end{sphinxadmonition} - - -\subsubsection{krb5\_copy\_authenticator \sphinxhyphen{} Copy a krb5\_authenticator structure.} -\label{\detokenize{appdev/refs/api/krb5_copy_authenticator:krb5-copy-authenticator-copy-a-krb5-authenticator-structure}}\label{\detokenize{appdev/refs/api/krb5_copy_authenticator::doc}}\index{krb5\_copy\_authenticator (C function)@\spxentry{krb5\_copy\_authenticator}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_authenticator:c.krb5_copy_authenticator}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_authenticator}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{authfrom}, {\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{authto}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{authfrom} \sphinxhyphen{} krb5\_authenticator structure to be copied - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{authto} \sphinxhyphen{} Copy of krb5\_authenticator structure - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new krb5\_authenticator structure with the content of \sphinxstyleemphasis{authfrom} . Use krb5\_free\_authenticator() to free \sphinxstyleemphasis{authto} when it is no longer needed. - - -\subsubsection{krb5\_copy\_checksum \sphinxhyphen{} Copy a krb5\_checksum structure.} -\label{\detokenize{appdev/refs/api/krb5_copy_checksum:krb5-copy-checksum-copy-a-krb5-checksum-structure}}\label{\detokenize{appdev/refs/api/krb5_copy_checksum::doc}}\index{krb5\_copy\_checksum (C function)@\spxentry{krb5\_copy\_checksum}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_checksum:c.krb5_copy_checksum}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_checksum}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ckfrom}, {\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{ckto}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ckfrom} \sphinxhyphen{} Checksum to be copied - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ckto} \sphinxhyphen{} Copy of krb5\_checksum structure - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new krb5\_checksum structure with the contents of \sphinxstyleemphasis{ckfrom} . Use krb5\_free\_checksum() to free \sphinxstyleemphasis{ckto} when it is no longer needed. - - -\subsubsection{krb5\_copy\_context \sphinxhyphen{} Copy a krb5\_context structure.} -\label{\detokenize{appdev/refs/api/krb5_copy_context:krb5-copy-context-copy-a-krb5-context-structure}}\label{\detokenize{appdev/refs/api/krb5_copy_context::doc}}\index{krb5\_copy\_context (C function)@\spxentry{krb5\_copy\_context}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_context:c.krb5_copy_context}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_context}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{nctx\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{nctx\_out} \sphinxhyphen{} New context structure - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -The newly created context must be released by calling krb5\_free\_context() when it is no longer needed. - - -\subsubsection{krb5\_copy\_creds \sphinxhyphen{} Copy a krb5\_creds structure.} -\label{\detokenize{appdev/refs/api/krb5_copy_creds:krb5-copy-creds-copy-a-krb5-creds-structure}}\label{\detokenize{appdev/refs/api/krb5_copy_creds::doc}}\index{krb5\_copy\_creds (C function)@\spxentry{krb5\_copy\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_creds:c.krb5_copy_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{incred}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{outcred}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{incred} \sphinxhyphen{} Credentials structure to be copied - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outcred} \sphinxhyphen{} Copy of \sphinxstyleemphasis{incred} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new credential with the contents of \sphinxstyleemphasis{incred} . Use krb5\_free\_creds() to free \sphinxstyleemphasis{outcred} when it is no longer needed. - - -\subsubsection{krb5\_copy\_data \sphinxhyphen{} Copy a krb5\_data object.} -\label{\detokenize{appdev/refs/api/krb5_copy_data:krb5-copy-data-copy-a-krb5-data-object}}\label{\detokenize{appdev/refs/api/krb5_copy_data::doc}}\index{krb5\_copy\_data (C function)@\spxentry{krb5\_copy\_data}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_data:c.krb5_copy_data}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_data}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{indata}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{outdata}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{indata} \sphinxhyphen{} Data object to be copied - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outdata} \sphinxhyphen{} Copy of \sphinxstyleemphasis{indata} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new krb5\_data object with the contents of \sphinxstyleemphasis{indata} . Use krb5\_free\_data() to free \sphinxstyleemphasis{outdata} when it is no longer needed. - - -\subsubsection{krb5\_copy\_error\_message \sphinxhyphen{} Copy the most recent extended error message from one context to another.} -\label{\detokenize{appdev/refs/api/krb5_copy_error_message:krb5-copy-error-message-copy-the-most-recent-extended-error-message-from-one-context-to-another}}\label{\detokenize{appdev/refs/api/krb5_copy_error_message::doc}}\index{krb5\_copy\_error\_message (C function)@\spxentry{krb5\_copy\_error\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_error_message:c.krb5_copy_error_message}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_error\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{dest\_ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{src\_ctx}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{dest\_ctx} \sphinxhyphen{} Library context to copy message to - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{src\_ctx} \sphinxhyphen{} Library context with current message - -\end{description}\end{quote} - - -\subsubsection{krb5\_copy\_keyblock \sphinxhyphen{} Copy a keyblock.} -\label{\detokenize{appdev/refs/api/krb5_copy_keyblock:krb5-copy-keyblock-copy-a-keyblock}}\label{\detokenize{appdev/refs/api/krb5_copy_keyblock::doc}}\index{krb5\_copy\_keyblock (C function)@\spxentry{krb5\_copy\_keyblock}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_keyblock:c.krb5_copy_keyblock}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_keyblock}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{from}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{to}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{from} \sphinxhyphen{} Keyblock to be copied - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{to} \sphinxhyphen{} Copy of keyblock \sphinxstyleemphasis{from} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new keyblock with the same contents as \sphinxstyleemphasis{from} . Use krb5\_free\_keyblock() to free \sphinxstyleemphasis{to} when it is no longer needed. - - -\subsubsection{krb5\_copy\_keyblock\_contents \sphinxhyphen{} Copy the contents of a keyblock.} -\label{\detokenize{appdev/refs/api/krb5_copy_keyblock_contents:krb5-copy-keyblock-contents-copy-the-contents-of-a-keyblock}}\label{\detokenize{appdev/refs/api/krb5_copy_keyblock_contents::doc}}\index{krb5\_copy\_keyblock\_contents (C function)@\spxentry{krb5\_copy\_keyblock\_contents}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_keyblock_contents:c.krb5_copy_keyblock_contents}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_keyblock\_contents}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{from}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{to}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{from} \sphinxhyphen{} Key to be copied - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{to} \sphinxhyphen{} Output key - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function copies the contents of \sphinxstyleemphasis{from} to \sphinxstyleemphasis{to} . Use krb5\_free\_keyblock\_contents() to free \sphinxstyleemphasis{to} when it is no longer needed. - - -\subsubsection{krb5\_copy\_principal \sphinxhyphen{} Copy a principal.} -\label{\detokenize{appdev/refs/api/krb5_copy_principal:krb5-copy-principal-copy-a-principal}}\label{\detokenize{appdev/refs/api/krb5_copy_principal::doc}}\index{krb5\_copy\_principal (C function)@\spxentry{krb5\_copy\_principal}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_principal:c.krb5_copy_principal}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_principal}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{inprinc}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{outprinc}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inprinc} \sphinxhyphen{} Principal to be copied - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outprinc} \sphinxhyphen{} Copy of \sphinxstyleemphasis{inprinc} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new principal structure with the contents of \sphinxstyleemphasis{inprinc} . Use krb5\_free\_principal() to free \sphinxstyleemphasis{outprinc} when it is no longer needed. - - -\subsubsection{krb5\_copy\_ticket \sphinxhyphen{} Copy a krb5\_ticket structure.} -\label{\detokenize{appdev/refs/api/krb5_copy_ticket:krb5-copy-ticket-copy-a-krb5-ticket-structure}}\label{\detokenize{appdev/refs/api/krb5_copy_ticket::doc}}\index{krb5\_copy\_ticket (C function)@\spxentry{krb5\_copy\_ticket}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_copy_ticket:c.krb5_copy_ticket}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_copy\_ticket}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{from}, {\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{pto}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{from} \sphinxhyphen{} Ticket to be copied - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{pto} \sphinxhyphen{} Copy of ticket - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new krb5\_ticket structure containing the contents of \sphinxstyleemphasis{from} . Use krb5\_free\_ticket() to free \sphinxstyleemphasis{pto} when it is no longer needed. - - -\subsubsection{krb5\_find\_authdata \sphinxhyphen{} Find authorization data elements.} -\label{\detokenize{appdev/refs/api/krb5_find_authdata:krb5-find-authdata-find-authorization-data-elements}}\label{\detokenize{appdev/refs/api/krb5_find_authdata::doc}}\index{krb5\_find\_authdata (C function)@\spxentry{krb5\_find\_authdata}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_find_authdata:c.krb5_find_authdata}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_find\_authdata}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ticket\_authdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ap\_req\_authdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdatatype:c.krb5_authdatatype}]{\sphinxcrossref{\DUrole{n}{krb5\_authdatatype}}}}\DUrole{w}{ }\DUrole{n}{ad\_type}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{results}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ticket\_authdata} \sphinxhyphen{} Authorization data list from ticket - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ap\_req\_authdata} \sphinxhyphen{} Authorization data list from AP request - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ad\_type} \sphinxhyphen{} Authorization data type to find - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{results} \sphinxhyphen{} List of matching entries - -\end{description}\end{quote} - -\sphinxAtStartPar -This function searches \sphinxstyleemphasis{ticket\_authdata} and \sphinxstyleemphasis{ap\_req\_authdata} for elements of type \sphinxstyleemphasis{ad\_type} . Either input list may be NULL, in which case it will not be searched; otherwise, the input lists must be terminated by NULL entries. This function will search inside AD\sphinxhyphen{}IF\sphinxhyphen{}RELEVANT containers if found in either list. Use krb5\_free\_authdata() to free \sphinxstyleemphasis{results} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.10 -\end{sphinxadmonition} - - -\subsubsection{krb5\_free\_addresses \sphinxhyphen{} Free the data stored in array of addresses.} -\label{\detokenize{appdev/refs/api/krb5_free_addresses:krb5-free-addresses-free-the-data-stored-in-array-of-addresses}}\label{\detokenize{appdev/refs/api/krb5_free_addresses::doc}}\index{krb5\_free\_addresses (C function)@\spxentry{krb5\_free\_addresses}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_addresses:c.krb5_free_addresses}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_addresses}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Array of addresses to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} and the array itself. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The last entry in the array must be a NULL pointer. -\end{sphinxadmonition} - - -\subsubsection{krb5\_free\_ap\_rep\_enc\_part \sphinxhyphen{} Free a krb5\_ap\_rep\_enc\_part structure.} -\label{\detokenize{appdev/refs/api/krb5_free_ap_rep_enc_part:krb5-free-ap-rep-enc-part-free-a-krb5-ap-rep-enc-part-structure}}\label{\detokenize{appdev/refs/api/krb5_free_ap_rep_enc_part::doc}}\index{krb5\_free\_ap\_rep\_enc\_part (C function)@\spxentry{krb5\_free\_ap\_rep\_enc\_part}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_ap_rep_enc_part:c.krb5_free_ap_rep_enc_part}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_ap\_rep\_enc\_part}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_rep\_enc\_part}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} AP\sphinxhyphen{}REP enc part to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} and the structure itself. - - -\subsubsection{krb5\_free\_authdata \sphinxhyphen{} Free the storage assigned to array of authentication data.} -\label{\detokenize{appdev/refs/api/krb5_free_authdata:krb5-free-authdata-free-the-storage-assigned-to-array-of-authentication-data}}\label{\detokenize{appdev/refs/api/krb5_free_authdata::doc}}\index{krb5\_free\_authdata (C function)@\spxentry{krb5\_free\_authdata}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_authdata:c.krb5_free_authdata}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_authdata}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Array of authentication data to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} and the array itself. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The last entry in the array must be a NULL pointer. -\end{sphinxadmonition} - - -\subsubsection{krb5\_free\_authenticator \sphinxhyphen{} Free a krb5\_authenticator structure.} -\label{\detokenize{appdev/refs/api/krb5_free_authenticator:krb5-free-authenticator-free-a-krb5-authenticator-structure}}\label{\detokenize{appdev/refs/api/krb5_free_authenticator::doc}}\index{krb5\_free\_authenticator (C function)@\spxentry{krb5\_free\_authenticator}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_authenticator:c.krb5_free_authenticator}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_authenticator}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Authenticator structure to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} and the structure itself. - - -\subsubsection{krb5\_free\_cred\_contents \sphinxhyphen{} Free the contents of a krb5\_creds structure.} -\label{\detokenize{appdev/refs/api/krb5_free_cred_contents:krb5-free-cred-contents-free-the-contents-of-a-krb5-creds-structure}}\label{\detokenize{appdev/refs/api/krb5_free_cred_contents::doc}}\index{krb5\_free\_cred\_contents (C function)@\spxentry{krb5\_free\_cred\_contents}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_cred_contents:c.krb5_free_cred_contents}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_cred\_contents}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Credential structure to free contents of - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} , but not the structure itself. - - -\subsubsection{krb5\_free\_creds \sphinxhyphen{} Free a krb5\_creds structure.} -\label{\detokenize{appdev/refs/api/krb5_free_creds:krb5-free-creds-free-a-krb5-creds-structure}}\label{\detokenize{appdev/refs/api/krb5_free_creds::doc}}\index{krb5\_free\_creds (C function)@\spxentry{krb5\_free\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_creds:c.krb5_free_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Credential structure to be freed. - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} and the structure itself. - - -\subsubsection{krb5\_free\_data \sphinxhyphen{} Free a krb5\_data structure.} -\label{\detokenize{appdev/refs/api/krb5_free_data:krb5-free-data-free-a-krb5-data-structure}}\label{\detokenize{appdev/refs/api/krb5_free_data::doc}}\index{krb5\_free\_data (C function)@\spxentry{krb5\_free\_data}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_data:c.krb5_free_data}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_data}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Data structure to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} and the structure itself. - - -\subsubsection{krb5\_free\_data\_contents \sphinxhyphen{} Free the contents of a krb5\_data structure and zero the data field.} -\label{\detokenize{appdev/refs/api/krb5_free_data_contents:krb5-free-data-contents-free-the-contents-of-a-krb5-data-structure-and-zero-the-data-field}}\label{\detokenize{appdev/refs/api/krb5_free_data_contents::doc}}\index{krb5\_free\_data\_contents (C function)@\spxentry{krb5\_free\_data\_contents}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_data_contents:c.krb5_free_data_contents}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_data\_contents}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Data structure to free contents of - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} , but not the structure itself. It sets the structure’s data pointer to null and (beginning in release 1.19) sets its length to zero. - - -\subsubsection{krb5\_free\_default\_realm \sphinxhyphen{} Free a default realm string returned by krb5\_get\_default\_realm().} -\label{\detokenize{appdev/refs/api/krb5_free_default_realm:krb5-free-default-realm-free-a-default-realm-string-returned-by-krb5-get-default-realm}}\label{\detokenize{appdev/refs/api/krb5_free_default_realm::doc}}\index{krb5\_free\_default\_realm (C function)@\spxentry{krb5\_free\_default\_realm}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_default_realm:c.krb5_free_default_realm}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_default\_realm}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{lrealm}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{lrealm} \sphinxhyphen{} Realm to be freed - -\end{description}\end{quote} - - -\subsubsection{krb5\_free\_enctypes \sphinxhyphen{} Free an array of encryption types.} -\label{\detokenize{appdev/refs/api/krb5_free_enctypes:krb5-free-enctypes-free-an-array-of-encryption-types}}\label{\detokenize{appdev/refs/api/krb5_free_enctypes::doc}}\index{krb5\_free\_enctypes (C function)@\spxentry{krb5\_free\_enctypes}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_enctypes:c.krb5_free_enctypes}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_enctypes}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Array of enctypes to be freed - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.12 -\end{sphinxadmonition} - - -\subsubsection{krb5\_free\_error \sphinxhyphen{} Free an error allocated by krb5\_read\_error() or krb5\_sendauth().} -\label{\detokenize{appdev/refs/api/krb5_free_error:krb5-free-error-free-an-error-allocated-by-krb5-read-error-or-krb5-sendauth}}\label{\detokenize{appdev/refs/api/krb5_free_error::doc}}\index{krb5\_free\_error (C function)@\spxentry{krb5\_free\_error}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_error:c.krb5_free_error}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_error}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Error data structure to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} and the structure itself. - - -\subsubsection{krb5\_free\_host\_realm \sphinxhyphen{} Free the memory allocated by krb5\_get\_host\_realm().} -\label{\detokenize{appdev/refs/api/krb5_free_host_realm:krb5-free-host-realm-free-the-memory-allocated-by-krb5-get-host-realm}}\label{\detokenize{appdev/refs/api/krb5_free_host_realm::doc}}\index{krb5\_free\_host\_realm (C function)@\spxentry{krb5\_free\_host\_realm}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_host_realm:c.krb5_free_host_realm}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_host\_realm}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realmlist}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{realmlist} \sphinxhyphen{} List of realm names to be released - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_free\_keyblock \sphinxhyphen{} Free a krb5\_keyblock structure.} -\label{\detokenize{appdev/refs/api/krb5_free_keyblock:krb5-free-keyblock-free-a-krb5-keyblock-structure}}\label{\detokenize{appdev/refs/api/krb5_free_keyblock::doc}}\index{krb5\_free\_keyblock (C function)@\spxentry{krb5\_free\_keyblock}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_keyblock:c.krb5_free_keyblock}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_keyblock}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Keyblock to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} and the structure itself. - - -\subsubsection{krb5\_free\_keyblock\_contents \sphinxhyphen{} Free the contents of a krb5\_keyblock structure.} -\label{\detokenize{appdev/refs/api/krb5_free_keyblock_contents:krb5-free-keyblock-contents-free-the-contents-of-a-krb5-keyblock-structure}}\label{\detokenize{appdev/refs/api/krb5_free_keyblock_contents::doc}}\index{krb5\_free\_keyblock\_contents (C function)@\spxentry{krb5\_free\_keyblock\_contents}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_keyblock_contents:c.krb5_free_keyblock_contents}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_keyblock\_contents}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Keyblock to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{key} , but not the structure itself. - - -\subsubsection{krb5\_free\_keytab\_entry\_contents \sphinxhyphen{} Free the contents of a key table entry.} -\label{\detokenize{appdev/refs/api/krb5_free_keytab_entry_contents:krb5-free-keytab-entry-contents-free-the-contents-of-a-key-table-entry}}\label{\detokenize{appdev/refs/api/krb5_free_keytab_entry_contents::doc}}\index{krb5\_free\_keytab\_entry\_contents (C function)@\spxentry{krb5\_free\_keytab\_entry\_contents}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_keytab_entry_contents:c.krb5_free_keytab_entry_contents}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_keytab\_entry\_contents}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{entry}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{entry} \sphinxhyphen{} Key table entry whose contents are to be freed - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The pointer is not freed. -\end{sphinxadmonition} - - -\subsubsection{krb5\_free\_string \sphinxhyphen{} Free a string allocated by a krb5 function.} -\label{\detokenize{appdev/refs/api/krb5_free_string:krb5-free-string-free-a-string-allocated-by-a-krb5-function}}\label{\detokenize{appdev/refs/api/krb5_free_string::doc}}\index{krb5\_free\_string (C function)@\spxentry{krb5\_free\_string}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_string:c.krb5_free_string}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_string}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} String to be freed - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.10 -\end{sphinxadmonition} - - -\subsubsection{krb5\_free\_ticket \sphinxhyphen{} Free a ticket.} -\label{\detokenize{appdev/refs/api/krb5_free_ticket:krb5-free-ticket-free-a-ticket}}\label{\detokenize{appdev/refs/api/krb5_free_ticket::doc}}\index{krb5\_free\_ticket (C function)@\spxentry{krb5\_free\_ticket}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_ticket:c.krb5_free_ticket}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_ticket}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Ticket to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} and the structure itself. - - -\subsubsection{krb5\_free\_unparsed\_name \sphinxhyphen{} Free a string representation of a principal.} -\label{\detokenize{appdev/refs/api/krb5_free_unparsed_name:krb5-free-unparsed-name-free-a-string-representation-of-a-principal}}\label{\detokenize{appdev/refs/api/krb5_free_unparsed_name::doc}}\index{krb5\_free\_unparsed\_name (C function)@\spxentry{krb5\_free\_unparsed\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_unparsed_name:c.krb5_free_unparsed_name}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_unparsed\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Name string to be freed - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_etype\_info \sphinxhyphen{} Retrieve enctype, salt and s2kparams from KDC.} -\label{\detokenize{appdev/refs/api/krb5_get_etype_info:krb5-get-etype-info-retrieve-enctype-salt-and-s2kparams-from-kdc}}\label{\detokenize{appdev/refs/api/krb5_get_etype_info::doc}}\index{krb5\_get\_etype\_info (C function)@\spxentry{krb5\_get\_etype\_info}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_etype_info:c.krb5_get_etype_info}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_etype\_info}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{enctype\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{salt\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{s2kparams\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Principal whose information is requested - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{opt} \sphinxhyphen{} Initial credential options - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{enctype\_out} \sphinxhyphen{} The enctype chosen by KDC - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{salt\_out} \sphinxhyphen{} Salt returned from KDC - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{s2kparams\_out} \sphinxhyphen{} String\sphinxhyphen{}to\sphinxhyphen{}key parameters returned from KDC - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -A Kerberos error code - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Send an initial ticket request for \sphinxstyleemphasis{principal} and extract the encryption type, salt type, and string\sphinxhyphen{}to\sphinxhyphen{}key parameters from the KDC response. If the KDC provides no etype\sphinxhyphen{}info, set \sphinxstyleemphasis{enctype\_out} to \sphinxstylestrong{ENCTYPE\_NULL} and set \sphinxstyleemphasis{salt\_out} and \sphinxstyleemphasis{s2kparams\_out} to empty. If the KDC etype\sphinxhyphen{}info provides no salt, compute the default salt and place it in \sphinxstyleemphasis{salt\_out} . If the KDC etype\sphinxhyphen{}info provides no string\sphinxhyphen{}to\sphinxhyphen{}key parameters, set \sphinxstyleemphasis{s2kparams\_out} to empty. -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{opt} may be used to specify options which affect the initial request, such as request encryption types or a FAST armor cache (see krb5\_get\_init\_creds\_opt\_set\_etype\_list() and krb5\_get\_init\_creds\_opt\_set\_fast\_ccache\_name()). -\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{salt\_out} and \sphinxstyleemphasis{s2kparams\_out} when they are no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.17 -\end{sphinxadmonition} - - -\subsubsection{krb5\_get\_permitted\_enctypes \sphinxhyphen{} Return a list of encryption types permitted for session keys.} -\label{\detokenize{appdev/refs/api/krb5_get_permitted_enctypes:krb5-get-permitted-enctypes-return-a-list-of-encryption-types-permitted-for-session-keys}}\label{\detokenize{appdev/refs/api/krb5_get_permitted_enctypes::doc}}\index{krb5\_get\_permitted\_enctypes (C function)@\spxentry{krb5\_get\_permitted\_enctypes}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_permitted_enctypes:c.krb5_get_permitted_enctypes}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_permitted\_enctypes}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{ktypes}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ktypes} \sphinxhyphen{} Zero\sphinxhyphen{}terminated list of encryption types - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function returns the list of encryption types permitted for session keys within \sphinxstyleemphasis{context} , as determined by configuration or by a previous call to krb5\_set\_default\_tgs\_enctypes(). - -\sphinxAtStartPar -Use krb5\_free\_enctypes() to free \sphinxstyleemphasis{ktypes} when it is no longer needed. - - -\subsubsection{krb5\_get\_server\_rcache \sphinxhyphen{} Generate a replay cache object for server use and open it.} -\label{\detokenize{appdev/refs/api/krb5_get_server_rcache:krb5-get-server-rcache-generate-a-replay-cache-object-for-server-use-and-open-it}}\label{\detokenize{appdev/refs/api/krb5_get_server_rcache::doc}}\index{krb5\_get\_server\_rcache (C function)@\spxentry{krb5\_get\_server\_rcache}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_server_rcache:c.krb5_get_server_rcache}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_server\_rcache}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{piece}, {\hyperref[\detokenize{appdev/refs/types/krb5_rcache:c.krb5_rcache}]{\sphinxcrossref{\DUrole{n}{krb5\_rcache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{rcptr}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{piece} \sphinxhyphen{} Unused (replay cache identifier) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rcptr} \sphinxhyphen{} Handle to an open rcache - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a handle to the default replay cache. Use krb5\_rc\_close() to close \sphinxstyleemphasis{rcptr} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -Prior to release 1.18, this function creates a handle to a different replay cache for each unique value of \sphinxstyleemphasis{piece} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_get\_time\_offsets \sphinxhyphen{} Return the time offsets from the os context.} -\label{\detokenize{appdev/refs/api/krb5_get_time_offsets:krb5-get-time-offsets-return-the-time-offsets-from-the-os-context}}\label{\detokenize{appdev/refs/api/krb5_get_time_offsets::doc}}\index{krb5\_get\_time\_offsets (C function)@\spxentry{krb5\_get\_time\_offsets}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_time_offsets:c.krb5_get_time_offsets}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_time\_offsets}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{seconds}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{microseconds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{seconds} \sphinxhyphen{} Time offset, seconds portion - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{microseconds} \sphinxhyphen{} Time offset, microseconds portion - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function returns the time offsets in \sphinxstyleemphasis{context} . - - -\subsubsection{krb5\_init\_context\_profile \sphinxhyphen{} Create a krb5 library context using a specified profile.} -\label{\detokenize{appdev/refs/api/krb5_init_context_profile:krb5-init-context-profile-create-a-krb5-library-context-using-a-specified-profile}}\label{\detokenize{appdev/refs/api/krb5_init_context_profile::doc}}\index{krb5\_init\_context\_profile (C function)@\spxentry{krb5\_init\_context\_profile}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_context_profile:c.krb5_init_context_profile}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_context\_profile}}}}{\DUrole{k}{struct}\DUrole{w}{ }\DUrole{n}{\_profile\_t}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{profile}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{flags}, {\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{context}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{profile} \sphinxhyphen{} Profile object (NULL to create default profile) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Context initialization flags - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\end{description}\end{quote} - -\sphinxAtStartPar -Create a context structure, optionally using a specified profile and initialization flags. If \sphinxstyleemphasis{profile} is NULL, the default profile will be created from config files. If \sphinxstyleemphasis{profile} is non\sphinxhyphen{}null, a copy of it will be made for the new context; the caller should still clean up its copy. Valid flag values are: -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_INIT\_CONTEXT\_SECURE Ignore environment variables - -\item {} -\sphinxAtStartPar -\#KRB5\_INIT\_CONTEXT\_KDC Use KDC configuration if creating profile - -\end{itemize} - - -\subsubsection{krb5\_init\_creds\_free \sphinxhyphen{} Free an initial credentials context.} -\label{\detokenize{appdev/refs/api/krb5_init_creds_free:krb5-init-creds-free-free-an-initial-credentials-context}}\label{\detokenize{appdev/refs/api/krb5_init_creds_free::doc}}\index{krb5\_init\_creds\_free (C function)@\spxentry{krb5\_init\_creds\_free}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_creds_free:c.krb5_init_creds_free}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_free}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_init\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Initial credentials context - -\end{description}\end{quote} -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{context} must be the same as the one passed to krb5\_init\_creds\_init() for this initial credentials context. -\end{quote} - - -\subsubsection{krb5\_init\_creds\_get \sphinxhyphen{} Acquire credentials using an initial credentials context.} -\label{\detokenize{appdev/refs/api/krb5_init_creds_get:krb5-init-creds-get-acquire-credentials-using-an-initial-credentials-context}}\label{\detokenize{appdev/refs/api/krb5_init_creds_get::doc}}\index{krb5\_init\_creds\_get (C function)@\spxentry{krb5\_init\_creds\_get}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_creds_get:c.krb5_init_creds_get}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_get}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_init\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Initial credentials context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function synchronously obtains credentials using a context created by krb5\_init\_creds\_init(). On successful return, the credentials can be retrieved with krb5\_init\_creds\_get\_creds(). -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{context} must be the same as the one passed to krb5\_init\_creds\_init() for this initial credentials context. -\end{quote} - - -\subsubsection{krb5\_init\_creds\_get\_creds \sphinxhyphen{} Retrieve acquired credentials from an initial credentials context.} -\label{\detokenize{appdev/refs/api/krb5_init_creds_get_creds:krb5-init-creds-get-creds-retrieve-acquired-credentials-from-an-initial-credentials-context}}\label{\detokenize{appdev/refs/api/krb5_init_creds_get_creds::doc}}\index{krb5\_init\_creds\_get\_creds (C function)@\spxentry{krb5\_init\_creds\_get\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_creds_get_creds:c.krb5_init_creds_get_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_get\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_init\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Initial credentials context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Acquired credentials - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function copies the acquired initial credentials from \sphinxstyleemphasis{ctx} into \sphinxstyleemphasis{creds} , after the successful completion of krb5\_init\_creds\_get() or krb5\_init\_creds\_step(). Use krb5\_free\_cred\_contents() to free \sphinxstyleemphasis{creds} when it is no longer needed. - - -\subsubsection{krb5\_init\_creds\_get\_error \sphinxhyphen{} Get the last error from KDC from an initial credentials context.} -\label{\detokenize{appdev/refs/api/krb5_init_creds_get_error:krb5-init-creds-get-error-get-the-last-error-from-kdc-from-an-initial-credentials-context}}\label{\detokenize{appdev/refs/api/krb5_init_creds_get_error::doc}}\index{krb5\_init\_creds\_get\_error (C function)@\spxentry{krb5\_init\_creds\_get\_error}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_creds_get_error:c.krb5_init_creds_get_error}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_get\_error}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_init\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{error}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Initial credentials context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{error} \sphinxhyphen{} Error from KDC, or NULL if none was received - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_init\_creds\_get\_times \sphinxhyphen{} Retrieve ticket times from an initial credentials context.} -\label{\detokenize{appdev/refs/api/krb5_init_creds_get_times:krb5-init-creds-get-times-retrieve-ticket-times-from-an-initial-credentials-context}}\label{\detokenize{appdev/refs/api/krb5_init_creds_get_times::doc}}\index{krb5\_init\_creds\_get\_times (C function)@\spxentry{krb5\_init\_creds\_get\_times}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_creds_get_times:c.krb5_init_creds_get_times}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_get\_times}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_init\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket\_times}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{times}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Initial credentials context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{times} \sphinxhyphen{} Ticket times for acquired credentials - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -The initial credentials context must have completed obtaining credentials via either krb5\_init\_creds\_get() or krb5\_init\_creds\_step(). - - -\subsubsection{krb5\_init\_creds\_init \sphinxhyphen{} Create a context for acquiring initial credentials.} -\label{\detokenize{appdev/refs/api/krb5_init_creds_init:krb5-init-creds-init-create-a-context-for-acquiring-initial-credentials}}\label{\detokenize{appdev/refs/api/krb5_init_creds_init::doc}}\index{krb5\_init\_creds\_init (C function)@\spxentry{krb5\_init\_creds\_init}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_creds_init:c.krb5_init_creds_init}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_init}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{client}, {\hyperref[\detokenize{appdev/refs/types/krb5_prompter_fct:c.krb5_prompter_fct}]{\sphinxcrossref{\DUrole{n}{krb5\_prompter\_fct}}}}\DUrole{w}{ }\DUrole{n}{prompter}, \DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, {\hyperref[\detokenize{appdev/refs/types/krb5_deltat:c.krb5_deltat}]{\sphinxcrossref{\DUrole{n}{krb5\_deltat}}}}\DUrole{w}{ }\DUrole{n}{start\_time}, {\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{options}, {\hyperref[\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_init\_creds\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ctx}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{client} \sphinxhyphen{} Client principal to get initial creds for - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{prompter} \sphinxhyphen{} Prompter callback - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} Prompter callback argument - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{start\_time} \sphinxhyphen{} Time when credentials become valid (0 for now) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{options} \sphinxhyphen{} Options structure (NULL for default) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} New initial credentials context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a new context for acquiring initial credentials. Use krb5\_init\_creds\_free() to free \sphinxstyleemphasis{ctx} when it is no longer needed. - -\sphinxAtStartPar -Any subsequent calls to krb5\_init\_creds\_step(), krb5\_init\_creds\_get(), or krb5\_init\_creds\_free() for this initial credentials context must use the same \sphinxstyleemphasis{context} argument as the one passed to this function. - - -\subsubsection{krb5\_init\_creds\_set\_keytab \sphinxhyphen{} Specify a keytab to use for acquiring initial credentials.} -\label{\detokenize{appdev/refs/api/krb5_init_creds_set_keytab:krb5-init-creds-set-keytab-specify-a-keytab-to-use-for-acquiring-initial-credentials}}\label{\detokenize{appdev/refs/api/krb5_init_creds_set_keytab::doc}}\index{krb5\_init\_creds\_set\_keytab (C function)@\spxentry{krb5\_init\_creds\_set\_keytab}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_creds_set_keytab:c.krb5_init_creds_set_keytab}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_set\_keytab}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_init\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Initial credentials context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function supplies a keytab containing the client key for an initial credentials request. - - -\subsubsection{krb5\_init\_creds\_set\_password \sphinxhyphen{} Set a password for acquiring initial credentials.} -\label{\detokenize{appdev/refs/api/krb5_init_creds_set_password:krb5-init-creds-set-password-set-a-password-for-acquiring-initial-credentials}}\label{\detokenize{appdev/refs/api/krb5_init_creds_set_password::doc}}\index{krb5\_init\_creds\_set\_password (C function)@\spxentry{krb5\_init\_creds\_set\_password}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_creds_set_password:c.krb5_init_creds_set_password}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_set\_password}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_init\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{password}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Initial credentials context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{password} \sphinxhyphen{} Password - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function supplies a password to be used to construct the client key for an initial credentials request. - - -\subsubsection{krb5\_init\_creds\_set\_service \sphinxhyphen{} Specify a service principal for acquiring initial credentials.} -\label{\detokenize{appdev/refs/api/krb5_init_creds_set_service:krb5-init-creds-set-service-specify-a-service-principal-for-acquiring-initial-credentials}}\label{\detokenize{appdev/refs/api/krb5_init_creds_set_service::doc}}\index{krb5\_init\_creds\_set\_service (C function)@\spxentry{krb5\_init\_creds\_set\_service}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_creds_set_service:c.krb5_init_creds_set_service}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_set\_service}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_init\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{service}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Initial credentials context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{service} \sphinxhyphen{} Service principal string - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function supplies a service principal string to acquire initial credentials for instead of the default krbtgt service. \sphinxstyleemphasis{service} is parsed as a principal name; any realm part is ignored. - - -\subsubsection{krb5\_init\_creds\_step \sphinxhyphen{} Get the next KDC request for acquiring initial credentials.} -\label{\detokenize{appdev/refs/api/krb5_init_creds_step:krb5-init-creds-step-get-the-next-kdc-request-for-acquiring-initial-credentials}}\label{\detokenize{appdev/refs/api/krb5_init_creds_step::doc}}\index{krb5\_init\_creds\_step (C function)@\spxentry{krb5\_init\_creds\_step}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_creds_step:c.krb5_init_creds_step}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_step}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_init\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{out}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{flags}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Initial credentials context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in} \sphinxhyphen{} KDC response (empty on the first call) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out} \sphinxhyphen{} Next KDC request - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{realm} \sphinxhyphen{} Realm for next KDC request - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Output flags - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function constructs the next KDC request in an initial credential exchange, allowing the caller to control the transport of KDC requests and replies. On the first call, \sphinxstyleemphasis{in} should be set to an empty buffer; on subsequent calls, it should be set to the KDC’s reply to the previous request. - -\sphinxAtStartPar -If more requests are needed, \sphinxstyleemphasis{flags} will be set to \#KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE and the next request will be placed in \sphinxstyleemphasis{out} . If no more requests are needed, \sphinxstyleemphasis{flags} will not contain \#KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE and \sphinxstyleemphasis{out} will be empty. - -\sphinxAtStartPar -If this function returns \sphinxstylestrong{KRB5KRB\_ERR\_RESPONSE\_TOO\_BIG} , the caller should transmit the next request using TCP rather than UDP. If this function returns any other error, the initial credential exchange has failed. -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{context} must be the same as the one passed to krb5\_init\_creds\_init() for this initial credentials context. -\end{quote} - - -\subsubsection{krb5\_init\_keyblock \sphinxhyphen{} Initialize an empty krb5\_keyblock .} -\label{\detokenize{appdev/refs/api/krb5_init_keyblock:krb5-init-keyblock-initialize-an-empty-krb5-keyblock}}\label{\detokenize{appdev/refs/api/krb5_init_keyblock::doc}}\index{krb5\_init\_keyblock (C function)@\spxentry{krb5\_init\_keyblock}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_keyblock:c.krb5_init_keyblock}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_keyblock}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{length}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{length} \sphinxhyphen{} Length of keyblock (or 0) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out} \sphinxhyphen{} New keyblock structure - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Initialize a new keyblock and allocate storage for the contents of the key. It is legal to pass in a length of 0, in which case contents are left unallocated. Use krb5\_free\_keyblock() to free \sphinxstyleemphasis{out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If \sphinxstyleemphasis{length} is set to 0, contents are left unallocated. -\end{sphinxadmonition} - - -\subsubsection{krb5\_is\_referral\_realm \sphinxhyphen{} Check for a match with KRB5\_REFERRAL\_REALM.} -\label{\detokenize{appdev/refs/api/krb5_is_referral_realm:krb5-is-referral-realm-check-for-a-match-with-krb5-referral-realm}}\label{\detokenize{appdev/refs/api/krb5_is_referral_realm::doc}}\index{krb5\_is\_referral\_realm (C function)@\spxentry{krb5\_is\_referral\_realm}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_is_referral_realm:c.krb5_is_referral_realm}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_is\_referral\_realm}}}}{\DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{r}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{r} \sphinxhyphen{} Realm to check - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if r is zero\sphinxhyphen{}length, FALSE otherwise - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_kdc\_sign\_ticket \sphinxhyphen{} Sign a PAC, possibly including a ticket signature.} -\label{\detokenize{appdev/refs/api/krb5_kdc_sign_ticket:krb5-kdc-sign-ticket-sign-a-pac-possibly-including-a-ticket-signature}}\label{\detokenize{appdev/refs/api/krb5_kdc_sign_ticket::doc}}\index{krb5\_kdc\_sign\_ticket (C function)@\spxentry{krb5\_kdc\_sign\_ticket}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kdc_sign_ticket:c.krb5_kdc_sign_ticket}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kdc\_sign\_ticket}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{enc\_tkt}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{n}{pac}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{server\_princ}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{client\_princ}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{server}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{privsvr}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{n}{with\_realm}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enc\_tkt} \sphinxhyphen{} The ticket for the signature - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pac} \sphinxhyphen{} PAC handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server\_princ} \sphinxhyphen{} Canonical ticket server name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{client\_princ} \sphinxhyphen{} PAC\_CLIENT\_INFO principal (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Key for server checksum - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{privsvr} \sphinxhyphen{} Key for KDC and ticket checksum - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{with\_realm} \sphinxhyphen{} If true, include the realm of \sphinxstyleemphasis{principal} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 on success, otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Sign \sphinxstyleemphasis{pac} using the keys \sphinxstyleemphasis{server} and \sphinxstyleemphasis{privsvr} . Include a ticket signature over \sphinxstyleemphasis{enc\_tkt} if \sphinxstyleemphasis{server\_princ} is not a TGS or kadmin/changepw principal name. Add the signed PAC’s encoding to the authorization data of \sphinxstyleemphasis{enc\_tkt} in the first slot, wrapped in an AD\sphinxhyphen{}IF\sphinxhyphen{}RELEVANT container. If \sphinxstyleemphasis{client\_princ} is non\sphinxhyphen{}null, add a PAC\_CLIENT\_INFO buffer, including the realm if \sphinxstyleemphasis{with\_realm} is true. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.20 -\end{sphinxadmonition} - - -\subsubsection{krb5\_kdc\_verify\_ticket \sphinxhyphen{} Verify a PAC, possibly including ticket signature.} -\label{\detokenize{appdev/refs/api/krb5_kdc_verify_ticket:krb5-kdc-verify-ticket-verify-a-pac-possibly-including-ticket-signature}}\label{\detokenize{appdev/refs/api/krb5_kdc_verify_ticket::doc}}\index{krb5\_kdc\_verify\_ticket (C function)@\spxentry{krb5\_kdc\_verify\_ticket}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kdc_verify_ticket:c.krb5_kdc_verify_ticket}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kdc\_verify\_ticket}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{enc\_tkt}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{server\_princ}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{server}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{privsvr}, {\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pac\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enc\_tkt} \sphinxhyphen{} Ticket enc\sphinxhyphen{}part, possibly containing a PAC - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server\_princ} \sphinxhyphen{} Canonicalized name of ticket server - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Key to validate server checksum (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{privsvr} \sphinxhyphen{} Key to validate KDC checksum (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{pac\_out} \sphinxhyphen{} Verified PAC (NULL if no PAC included) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -If a PAC is present in \sphinxstyleemphasis{enc\_tkt} , verify its signatures. If \sphinxstyleemphasis{privsvr} is not NULL and \sphinxstyleemphasis{server\_princ} is not a krbtgt or kadmin/changepw service, require a ticket signature over \sphinxstyleemphasis{enc\_tkt} in addition to the KDC signature. Place the verified PAC in \sphinxstyleemphasis{pac\_out} . If an invalid PAC signature is found, return an error matching the Windows KDC protocol code for that condition as closely as possible. - -\sphinxAtStartPar -If no PAC is present in \sphinxstyleemphasis{enc\_tkt} , set \sphinxstyleemphasis{pac\_out} to NULL and return successfully. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function does not validate the PAC\_CLIENT\_INFO buffer. If a specific value is expected, the caller can make a separate call to krb5\_pac\_verify\_ext() with a principal but no keys. -\end{sphinxadmonition} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.20 -\end{sphinxadmonition} - - -\subsubsection{krb5\_kt\_add\_entry \sphinxhyphen{} Add a new entry to a key table.} -\label{\detokenize{appdev/refs/api/krb5_kt_add_entry:krb5-kt-add-entry-add-a-new-entry-to-a-key-table}}\label{\detokenize{appdev/refs/api/krb5_kt_add_entry::doc}}\index{krb5\_kt\_add\_entry (C function)@\spxentry{krb5\_kt\_add\_entry}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_add_entry:c.krb5_kt_add_entry}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_add\_entry}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{id}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{entry}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{id} \sphinxhyphen{} Key table handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{entry} \sphinxhyphen{} Entry to be added - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -ENOMEM Insufficient memory - -\item {} -\sphinxAtStartPar -KRB5\_KT\_NOWRITE Key table is not writeable - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_kt\_end\_seq\_get \sphinxhyphen{} Release a keytab cursor.} -\label{\detokenize{appdev/refs/api/krb5_kt_end_seq_get:krb5-kt-end-seq-get-release-a-keytab-cursor}}\label{\detokenize{appdev/refs/api/krb5_kt_end_seq_get::doc}}\index{krb5\_kt\_end\_seq\_get (C function)@\spxentry{krb5\_kt\_end\_seq\_get}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_end_seq_get:c.krb5_kt_end_seq_get}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_end\_seq\_get}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}, {\hyperref[\detokenize{appdev/refs/types/krb5_kt_cursor:c.krb5_kt_cursor}]{\sphinxcrossref{\DUrole{n}{krb5\_kt\_cursor}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cursor}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cursor} \sphinxhyphen{} Cursor - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function should be called to release the cursor created by krb5\_kt\_start\_seq\_get(). - - -\subsubsection{krb5\_kt\_get\_entry \sphinxhyphen{} Get an entry from a key table.} -\label{\detokenize{appdev/refs/api/krb5_kt_get_entry:krb5-kt-get-entry-get-an-entry-from-a-key-table}}\label{\detokenize{appdev/refs/api/krb5_kt_get_entry::doc}}\index{krb5\_kt\_get\_entry (C function)@\spxentry{krb5\_kt\_get\_entry}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_get_entry:c.krb5_kt_get_entry}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_get\_entry}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, {\hyperref[\detokenize{appdev/refs/types/krb5_kvno:c.krb5_kvno}]{\sphinxcrossref{\DUrole{n}{krb5\_kvno}}}}\DUrole{w}{ }\DUrole{n}{vno}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{entry}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{vno} \sphinxhyphen{} Key version number (0 for highest available) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type (0 zero for any enctype) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{entry} \sphinxhyphen{} Returned entry from key table - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -Kerberos error codes on failure - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Retrieve an entry from a key table which matches the \sphinxstyleemphasis{keytab} , \sphinxstyleemphasis{principal} , \sphinxstyleemphasis{vno} , and \sphinxstyleemphasis{enctype} . If \sphinxstyleemphasis{vno} is zero, retrieve the highest\sphinxhyphen{}numbered kvno matching the other fields. If \sphinxstyleemphasis{enctype} is 0, match any enctype. - -\sphinxAtStartPar -Use krb5\_free\_keytab\_entry\_contents() to free \sphinxstyleemphasis{entry} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -If \sphinxstyleemphasis{vno} is zero, the function retrieves the highest\sphinxhyphen{}numbered\sphinxhyphen{}kvno entry that matches the specified principal. -\end{sphinxadmonition} - - -\subsubsection{krb5\_kt\_have\_content \sphinxhyphen{} Check if a keytab exists and contains entries.} -\label{\detokenize{appdev/refs/api/krb5_kt_have_content:krb5-kt-have-content-check-if-a-keytab-exists-and-contains-entries}}\label{\detokenize{appdev/refs/api/krb5_kt_have_content::doc}}\index{krb5\_kt\_have\_content (C function)@\spxentry{krb5\_kt\_have\_content}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_have_content:c.krb5_kt_have_content}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_have\_content}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Keytab exists and contains entries - -\item {} -\sphinxAtStartPar -KRB5\_KT\_NOTFOUND Keytab does not contain entries - -\end{itemize} - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.11 -\end{sphinxadmonition} - - -\subsubsection{krb5\_kt\_next\_entry \sphinxhyphen{} Retrieve the next entry from the key table.} -\label{\detokenize{appdev/refs/api/krb5_kt_next_entry:krb5-kt-next-entry-retrieve-the-next-entry-from-the-key-table}}\label{\detokenize{appdev/refs/api/krb5_kt_next_entry::doc}}\index{krb5\_kt\_next\_entry (C function)@\spxentry{krb5\_kt\_next\_entry}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_next_entry:c.krb5_kt_next_entry}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_next\_entry}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{entry}, {\hyperref[\detokenize{appdev/refs/types/krb5_kt_cursor:c.krb5_kt_cursor}]{\sphinxcrossref{\DUrole{n}{krb5\_kt\_cursor}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cursor}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{entry} \sphinxhyphen{} Returned key table entry - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cursor} \sphinxhyphen{} Key table cursor - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KRB5\_KT\_END \sphinxhyphen{} if the last entry was reached - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Return the next sequential entry in \sphinxstyleemphasis{keytab} and advance \sphinxstyleemphasis{cursor} . Callers must release the returned entry with krb5\_kt\_free\_entry(). - - -\subsubsection{krb5\_kt\_read\_service\_key \sphinxhyphen{} Retrieve a service key from a key table.} -\label{\detokenize{appdev/refs/api/krb5_kt_read_service_key:krb5-kt-read-service-key-retrieve-a-service-key-from-a-key-table}}\label{\detokenize{appdev/refs/api/krb5_kt_read_service_key::doc}}\index{krb5\_kt\_read\_service\_key (C function)@\spxentry{krb5\_kt\_read\_service\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_read_service_key:c.krb5_kt_read_service_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_read\_service\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{n}{keyprocarg}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, {\hyperref[\detokenize{appdev/refs/types/krb5_kvno:c.krb5_kvno}]{\sphinxcrossref{\DUrole{n}{krb5\_kvno}}}}\DUrole{w}{ }\DUrole{n}{vno}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keyprocarg} \sphinxhyphen{} Name of a key table (NULL to use default name) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Service principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{vno} \sphinxhyphen{} Key version number (0 for highest available) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type (0 for any type) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{key} \sphinxhyphen{} Service key from key table - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error code if not found or keyprocarg is invalid. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Open and search the specified key table for the entry identified by \sphinxstyleemphasis{principal} , \sphinxstyleemphasis{enctype} , and \sphinxstyleemphasis{vno} . If no key is found, return an error code. - -\sphinxAtStartPar -The default key table is used, unless \sphinxstyleemphasis{keyprocarg} is non\sphinxhyphen{}null. \sphinxstyleemphasis{keyprocarg} designates a specific key table. - -\sphinxAtStartPar -Use krb5\_free\_keyblock() to free \sphinxstyleemphasis{key} when it is no longer needed. - - -\subsubsection{krb5\_kt\_remove\_entry \sphinxhyphen{} Remove an entry from a key table.} -\label{\detokenize{appdev/refs/api/krb5_kt_remove_entry:krb5-kt-remove-entry-remove-an-entry-from-a-key-table}}\label{\detokenize{appdev/refs/api/krb5_kt_remove_entry::doc}}\index{krb5\_kt\_remove\_entry (C function)@\spxentry{krb5\_kt\_remove\_entry}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_remove_entry:c.krb5_kt_remove_entry}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_remove\_entry}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{id}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{entry}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{id} \sphinxhyphen{} Key table handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{entry} \sphinxhyphen{} Entry to remove from key table - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KRB5\_KT\_NOWRITE Key table is not writable - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_kt\_start\_seq\_get \sphinxhyphen{} Start a sequential retrieval of key table entries.} -\label{\detokenize{appdev/refs/api/krb5_kt_start_seq_get:krb5-kt-start-seq-get-start-a-sequential-retrieval-of-key-table-entries}}\label{\detokenize{appdev/refs/api/krb5_kt_start_seq_get::doc}}\index{krb5\_kt\_start\_seq\_get (C function)@\spxentry{krb5\_kt\_start\_seq\_get}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_start_seq_get:c.krb5_kt_start_seq_get}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_start\_seq\_get}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}, {\hyperref[\detokenize{appdev/refs/types/krb5_kt_cursor:c.krb5_kt_cursor}]{\sphinxcrossref{\DUrole{n}{krb5\_kt\_cursor}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cursor}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cursor} \sphinxhyphen{} Cursor - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Prepare to read sequentially every key in the specified key table. Use krb5\_kt\_end\_seq\_get() to release the cursor when it is no longer needed. - - -\subsubsection{krb5\_make\_authdata\_kdc\_issued \sphinxhyphen{} Encode and sign AD\sphinxhyphen{}KDCIssued authorization data.} -\label{\detokenize{appdev/refs/api/krb5_make_authdata_kdc_issued:krb5-make-authdata-kdc-issued-encode-and-sign-ad-kdcissued-authorization-data}}\label{\detokenize{appdev/refs/api/krb5_make_authdata_kdc_issued::doc}}\index{krb5\_make\_authdata\_kdc\_issued (C function)@\spxentry{krb5\_make\_authdata\_kdc\_issued}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_make_authdata_kdc_issued:c.krb5_make_authdata_kdc_issued}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_make\_authdata\_kdc\_issued}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{issuer}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{authdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{ad\_kdcissued}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Session key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{issuer} \sphinxhyphen{} The name of the issuing principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{authdata} \sphinxhyphen{} List of authorization data to be signed - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ad\_kdcissued} \sphinxhyphen{} List containing AD\sphinxhyphen{}KDCIssued authdata - -\end{description}\end{quote} - -\sphinxAtStartPar -This function wraps a list of authorization data entries \sphinxstyleemphasis{authdata} in an AD\sphinxhyphen{}KDCIssued container (see RFC 4120 section 5.2.6.2) signed with \sphinxstyleemphasis{key} . The result is returned in \sphinxstyleemphasis{ad\_kdcissued} as a single\sphinxhyphen{}element list. - - -\subsubsection{krb5\_marshal\_credentials \sphinxhyphen{} Serialize a krb5\_creds object.} -\label{\detokenize{appdev/refs/api/krb5_marshal_credentials:krb5-marshal-credentials-serialize-a-krb5-creds-object}}\label{\detokenize{appdev/refs/api/krb5_marshal_credentials::doc}}\index{krb5\_marshal\_credentials (C function)@\spxentry{krb5\_marshal\_credentials}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_marshal_credentials:c.krb5_marshal_credentials}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_marshal\_credentials}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{data\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_creds} \sphinxhyphen{} The credentials object to serialize - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{data\_out} \sphinxhyphen{} The serialized credentials - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Serialize \sphinxstyleemphasis{creds} in the format used by the FILE ccache format (vesion 4) and KCM ccache protocol. - -\sphinxAtStartPar -Use krb5\_free\_data() to free \sphinxstyleemphasis{data\_out} when it is no longer needed. - - -\subsubsection{krb5\_merge\_authdata \sphinxhyphen{} Merge two authorization data lists into a new list.} -\label{\detokenize{appdev/refs/api/krb5_merge_authdata:krb5-merge-authdata-merge-two-authorization-data-lists-into-a-new-list}}\label{\detokenize{appdev/refs/api/krb5_merge_authdata::doc}}\index{krb5\_merge\_authdata (C function)@\spxentry{krb5\_merge\_authdata}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_merge_authdata:c.krb5_merge_authdata}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_merge\_authdata}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{inauthdat1}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{inauthdat2}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{outauthdat}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inauthdat1} \sphinxhyphen{} First list of \sphinxstyleemphasis{krb5\_authdata} structures - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inauthdat2} \sphinxhyphen{} Second list of \sphinxstyleemphasis{krb5\_authdata} structures - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outauthdat} \sphinxhyphen{} Merged list of \sphinxstyleemphasis{krb5\_authdata} structures - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Merge two authdata arrays, such as the array from a ticket and authenticator. Use krb5\_free\_authdata() to free \sphinxstyleemphasis{outauthdat} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The last array entry in \sphinxstyleemphasis{inauthdat1} and \sphinxstyleemphasis{inauthdat2} must be a NULL pointer. -\end{sphinxadmonition} - - -\subsubsection{krb5\_mk\_1cred \sphinxhyphen{} Format a KRB\sphinxhyphen{}CRED message for a single set of credentials.} -\label{\detokenize{appdev/refs/api/krb5_mk_1cred:krb5-mk-1cred-format-a-krb-cred-message-for-a-single-set-of-credentials}}\label{\detokenize{appdev/refs/api/krb5_mk_1cred::doc}}\index{krb5\_mk\_1cred (C function)@\spxentry{krb5\_mk\_1cred}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_1cred:c.krb5_mk_1cred}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_mk\_1cred}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{der\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{\DUrole{n}{krb5\_replay\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{rdata\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Pointer to credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{der\_out} \sphinxhyphen{} Encoded credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} \sphinxhyphen{} Replay cache data (NULL if not needed) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -ENOMEM Insufficient memory - -\item {} -\sphinxAtStartPar -KRB5\_RC\_REQUIRED Message replay detection requires rcache parameter - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This is a convenience function that calls krb5\_mk\_ncred() with a single set of credentials. - - -\subsubsection{krb5\_mk\_error \sphinxhyphen{} Format and encode a KRB\_ERROR message.} -\label{\detokenize{appdev/refs/api/krb5_mk_error:krb5-mk-error-format-and-encode-a-krb-error-message}}\label{\detokenize{appdev/refs/api/krb5_mk_error::doc}}\index{krb5\_mk\_error (C function)@\spxentry{krb5\_mk\_error}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_error:c.krb5_mk_error}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_mk\_error}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{dec\_err}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{enc\_err}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{dec\_err} \sphinxhyphen{} Error structure to be encoded - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{enc\_err} \sphinxhyphen{} Encoded error structure - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates a \sphinxstylestrong{KRB\_ERROR} message in \sphinxstyleemphasis{enc\_err} . Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{enc\_err} when it is no longer needed. - - -\subsubsection{krb5\_mk\_ncred \sphinxhyphen{} Format a KRB\sphinxhyphen{}CRED message for an array of credentials.} -\label{\detokenize{appdev/refs/api/krb5_mk_ncred:krb5-mk-ncred-format-a-krb-cred-message-for-an-array-of-credentials}}\label{\detokenize{appdev/refs/api/krb5_mk_ncred::doc}}\index{krb5\_mk\_ncred (C function)@\spxentry{krb5\_mk\_ncred}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_ncred:c.krb5_mk_ncred}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_mk\_ncred}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{der\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{\DUrole{n}{krb5\_replay\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{rdata\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Null\sphinxhyphen{}terminated array of credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{der\_out} \sphinxhyphen{} Encoded credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} \sphinxhyphen{} Replay cache information (NULL if not needed) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -ENOMEM Insufficient memory - -\item {} -\sphinxAtStartPar -KRB5\_RC\_REQUIRED Message replay detection requires rcache parameter - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function takes an array of credentials \sphinxstyleemphasis{creds} and formats a \sphinxstylestrong{KRB\sphinxhyphen{}CRED} message \sphinxstyleemphasis{der\_out} to pass to krb5\_rd\_cred(). - -\sphinxAtStartPar -The local and remote addresses in \sphinxstyleemphasis{auth\_context} are optional; if either is specified, they are used to form the sender and receiver addresses in the KRB\sphinxhyphen{}CRED message. - -\sphinxAtStartPar -If the \#KRB5\_AUTH\_CONTEXT\_DO\_TIME flag is set in \sphinxstyleemphasis{auth\_context} , an entry for the message is entered in an in\sphinxhyphen{}memory replay cache to detect if the message is reflected by an attacker. If \#KRB5\_AUTH\_CONTEXT\_DO\_TIME is not set, no replay cache is used. If \#KRB5\_AUTH\_CONTEXT\_RET\_TIME is set in \sphinxstyleemphasis{auth\_context} , the timestamp used for the KRB\sphinxhyphen{}CRED message is stored in \sphinxstyleemphasis{rdata\_out} . - -\sphinxAtStartPar -If either \#KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE or \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE is set, the \sphinxstyleemphasis{auth\_context} local sequence number is included in the KRB\sphinxhyphen{}CRED message and then incremented. If \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE is set, the sequence number used is stored in \sphinxstyleemphasis{rdata\_out} . - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{der\_out} when it is no longer needed. - -\sphinxAtStartPar -The message will be encrypted using the send subkey of \sphinxstyleemphasis{auth\_context} if it is present, or the session key otherwise. If neither key is present, the credentials will not be encrypted, and the message should only be sent over a secure channel. No replay cache entry is used in this case. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The \sphinxstyleemphasis{rdata\_out} argument is required if the \#KRB5\_AUTH\_CONTEXT\_RET\_TIME or \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE flag is set in \sphinxstyleemphasis{auth\_context} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_mk\_priv \sphinxhyphen{} Format a KRB\sphinxhyphen{}PRIV message.} -\label{\detokenize{appdev/refs/api/krb5_mk_priv:krb5-mk-priv-format-a-krb-priv-message}}\label{\detokenize{appdev/refs/api/krb5_mk_priv::doc}}\index{krb5\_mk\_priv (C function)@\spxentry{krb5\_mk\_priv}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_priv:c.krb5_mk_priv}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_mk\_priv}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{userdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{der\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{\DUrole{n}{krb5\_replay\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{rdata\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{userdata} \sphinxhyphen{} User data for \sphinxstylestrong{KRB\sphinxhyphen{}PRIV} message - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{der\_out} \sphinxhyphen{} Formatted \sphinxstylestrong{KRB\sphinxhyphen{}PRIV} message - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} \sphinxhyphen{} Replay data (NULL if not needed) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is similar to krb5\_mk\_safe(), but the message is encrypted and integrity\sphinxhyphen{}protected, not just integrity\sphinxhyphen{}protected. - -\sphinxAtStartPar -The local address in \sphinxstyleemphasis{auth\_context} must be set, and is used to form the sender address used in the KRB\sphinxhyphen{}PRIV message. The remote address is optional; if specified, it will be used to form the receiver address used in the message. - -\sphinxAtStartPar -If the \#KRB5\_AUTH\_CONTEXT\_DO\_TIME flag is set in \sphinxstyleemphasis{auth\_context} , a timestamp is included in the KRB\sphinxhyphen{}PRIV message, and an entry for the message is entered in an in\sphinxhyphen{}memory replay cache to detect if the message is reflected by an attacker. If \#KRB5\_AUTH\_CONTEXT\_DO\_TIME is not set, no replay cache is used. If \#KRB5\_AUTH\_CONTEXT\_RET\_TIME is set in \sphinxstyleemphasis{auth\_context} , a timestamp is included in the KRB\sphinxhyphen{}PRIV message and is stored in \sphinxstyleemphasis{rdata\_out} . - -\sphinxAtStartPar -If either \#KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE or \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE is set, the \sphinxstyleemphasis{auth\_context} local sequence number is included in the KRB\sphinxhyphen{}PRIV message and then incremented. If \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE is set, the sequence number used is stored in \sphinxstyleemphasis{rdata\_out} . - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{der\_out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The \sphinxstyleemphasis{rdata\_out} argument is required if the \#KRB5\_AUTH\_CONTEXT\_RET\_TIME or \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE flag is set in \sphinxstyleemphasis{auth\_context} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_mk\_rep \sphinxhyphen{} Format and encrypt a KRB\_AP\_REP message.} -\label{\detokenize{appdev/refs/api/krb5_mk_rep:krb5-mk-rep-format-and-encrypt-a-krb-ap-rep-message}}\label{\detokenize{appdev/refs/api/krb5_mk_rep::doc}}\index{krb5\_mk\_rep (C function)@\spxentry{krb5\_mk\_rep}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_rep:c.krb5_mk_rep}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_mk\_rep}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{outbuf}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outbuf} \sphinxhyphen{} \sphinxstylestrong{AP\sphinxhyphen{}REP} message - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function fills in \sphinxstyleemphasis{outbuf} with an AP\sphinxhyphen{}REP message using information from \sphinxstyleemphasis{auth\_context} . - -\sphinxAtStartPar -If the flags in \sphinxstyleemphasis{auth\_context} indicate that a sequence number should be used (either \#KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE or \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE) and the local sequence number in \sphinxstyleemphasis{auth\_context} is 0, a new number will be generated with krb5\_generate\_seq\_number(). - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{outbuf} when it is no longer needed. - - -\subsubsection{krb5\_mk\_rep\_dce \sphinxhyphen{} Format and encrypt a KRB\_AP\_REP message for DCE RPC.} -\label{\detokenize{appdev/refs/api/krb5_mk_rep_dce:krb5-mk-rep-dce-format-and-encrypt-a-krb-ap-rep-message-for-dce-rpc}}\label{\detokenize{appdev/refs/api/krb5_mk_rep_dce::doc}}\index{krb5\_mk\_rep\_dce (C function)@\spxentry{krb5\_mk\_rep\_dce}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_rep_dce:c.krb5_mk_rep_dce}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_mk\_rep\_dce}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{outbuf}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outbuf} \sphinxhyphen{} \sphinxstylestrong{AP\sphinxhyphen{}REP} message - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{outbuf} when it is no longer needed. - - -\subsubsection{krb5\_mk\_req \sphinxhyphen{} Create a KRB\_AP\_REQ message.} -\label{\detokenize{appdev/refs/api/krb5_mk_req:krb5-mk-req-create-a-krb-ap-req-message}}\label{\detokenize{appdev/refs/api/krb5_mk_req::doc}}\index{krb5\_mk\_req (C function)@\spxentry{krb5\_mk\_req}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_req:c.krb5_mk_req}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_mk\_req}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{ap\_req\_options}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{service}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{hostname}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_data}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{outbuf}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Pre\sphinxhyphen{}existing or newly created auth context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ap\_req\_options} \sphinxhyphen{} Options (see AP\_OPTS macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{service} \sphinxhyphen{} Service name, or NULL to use \sphinxstylestrong{“hostâ€} - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{hostname} \sphinxhyphen{} Host name, or NULL to use local hostname - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_data} \sphinxhyphen{} Application data to be checksummed in the authenticator, or NULL - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache used to obtain credentials for the desired service. - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outbuf} \sphinxhyphen{} \sphinxstylestrong{AP\sphinxhyphen{}REQ} message - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is similar to krb5\_mk\_req\_extended() except that it uses a given \sphinxstyleemphasis{hostname} , \sphinxstyleemphasis{service} , and \sphinxstyleemphasis{ccache} to construct a service principal name and obtain credentials. - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{outbuf} when it is no longer needed. - - -\subsubsection{krb5\_mk\_req\_extended \sphinxhyphen{} Create a KRB\_AP\_REQ message using supplied credentials.} -\label{\detokenize{appdev/refs/api/krb5_mk_req_extended:krb5-mk-req-extended-create-a-krb-ap-req-message-using-supplied-credentials}}\label{\detokenize{appdev/refs/api/krb5_mk_req_extended::doc}}\index{krb5\_mk\_req\_extended (C function)@\spxentry{krb5\_mk\_req\_extended}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_req_extended:c.krb5_mk_req_extended}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_mk\_req\_extended}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{ap\_req\_options}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_data}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{outbuf}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Pre\sphinxhyphen{}existing or newly created auth context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ap\_req\_options} \sphinxhyphen{} Options (see AP\_OPTS macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_data} \sphinxhyphen{} Application data to be checksummed in the authenticator, or NULL - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_creds} \sphinxhyphen{} Credentials for the service with valid ticket and key - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{outbuf} \sphinxhyphen{} \sphinxstylestrong{AP\sphinxhyphen{}REQ} message - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Valid \sphinxstyleemphasis{ap\_req\_options} are: -\begin{quote} -\begin{itemize} -\item {} -\sphinxAtStartPar -\#AP\_OPTS\_USE\_SESSION\_KEY \sphinxhyphen{} Use the session key when creating the request used for user to user authentication. - -\item {} -\sphinxAtStartPar -\#AP\_OPTS\_MUTUAL\_REQUIRED \sphinxhyphen{} Request a mutual authentication packet from the receiver. - -\item {} -\sphinxAtStartPar -\#AP\_OPTS\_USE\_SUBKEY \sphinxhyphen{} Generate a subsession key from the current session key obtained from the credentials. - -\end{itemize} - -\sphinxAtStartPar -This function creates a KRB\_AP\_REQ message using supplied credentials \sphinxstyleemphasis{in\_creds} . \sphinxstyleemphasis{auth\_context} may point to an existing auth context or to NULL, in which case a new one will be created. If \sphinxstyleemphasis{in\_data} is non\sphinxhyphen{}null, a checksum of it will be included in the authenticator contained in the KRB\_AP\_REQ message. Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{outbuf} when it is no longer needed. -\end{quote} - -\sphinxAtStartPar -On successful return, the authenticator is stored in \sphinxstyleemphasis{auth\_context} with the \sphinxstyleemphasis{client} and \sphinxstyleemphasis{checksum} fields nulled out. (This is to prevent pointer\sphinxhyphen{}sharing problems; the caller should not need these fields anyway, since the caller supplied them.) - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_mk\_req() - - - - -\subsubsection{krb5\_mk\_safe \sphinxhyphen{} Format a KRB\sphinxhyphen{}SAFE message.} -\label{\detokenize{appdev/refs/api/krb5_mk_safe:krb5-mk-safe-format-a-krb-safe-message}}\label{\detokenize{appdev/refs/api/krb5_mk_safe::doc}}\index{krb5\_mk\_safe (C function)@\spxentry{krb5\_mk\_safe}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_mk_safe:c.krb5_mk_safe}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_mk\_safe}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{userdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{der\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{\DUrole{n}{krb5\_replay\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{rdata\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{userdata} \sphinxhyphen{} User data in the message - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{der\_out} \sphinxhyphen{} Formatted \sphinxstylestrong{KRB\sphinxhyphen{}SAFE} buffer - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} \sphinxhyphen{} Replay data. Specify NULL if not needed - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function creates an integrity protected \sphinxstylestrong{KRB\sphinxhyphen{}SAFE} message using data supplied by the application. - -\sphinxAtStartPar -Fields in \sphinxstyleemphasis{auth\_context} specify the checksum type, the keyblock that can be used to seed the checksum, full addresses (host and port) for the sender and receiver, and KRB5\_AUTH\_CONTEXT flags. - -\sphinxAtStartPar -The local address in \sphinxstyleemphasis{auth\_context} must be set, and is used to form the sender address used in the KRB\sphinxhyphen{}SAFE message. The remote address is optional; if specified, it will be used to form the receiver address used in the message. - -\sphinxAtStartPar -If the \#KRB5\_AUTH\_CONTEXT\_DO\_TIME flag is set in \sphinxstyleemphasis{auth\_context} , a timestamp is included in the KRB\sphinxhyphen{}SAFE message, and an entry for the message is entered in an in\sphinxhyphen{}memory replay cache to detect if the message is reflected by an attacker. If \#KRB5\_AUTH\_CONTEXT\_DO\_TIME is not set, no replay cache is used. If \#KRB5\_AUTH\_CONTEXT\_RET\_TIME is set in \sphinxstyleemphasis{auth\_context} , a timestamp is included in the KRB\sphinxhyphen{}SAFE message and is stored in \sphinxstyleemphasis{rdata\_out} . - -\sphinxAtStartPar -If either \#KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE or \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE is set, the \sphinxstyleemphasis{auth\_context} local sequence number is included in the KRB\sphinxhyphen{}SAFE message and then incremented. If \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE is set, the sequence number used is stored in \sphinxstyleemphasis{rdata\_out} . - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{der\_out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The \sphinxstyleemphasis{rdata\_out} argument is required if the \#KRB5\_AUTH\_CONTEXT\_RET\_TIME or \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE flag is set in \sphinxstyleemphasis{auth\_context} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_os\_localaddr \sphinxhyphen{} Return all interface addresses for this host.} -\label{\detokenize{appdev/refs/api/krb5_os_localaddr:krb5-os-localaddr-return-all-interface-addresses-for-this-host}}\label{\detokenize{appdev/refs/api/krb5_os_localaddr::doc}}\index{krb5\_os\_localaddr (C function)@\spxentry{krb5\_os\_localaddr}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_os_localaddr:c.krb5_os_localaddr}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_os\_localaddr}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{addr}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{addr} \sphinxhyphen{} Array of krb5\_address pointers, ending with NULL - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_addresses() to free \sphinxstyleemphasis{addr} when it is no longer needed. - - -\subsubsection{krb5\_pac\_add\_buffer \sphinxhyphen{} Add a buffer to a PAC handle.} -\label{\detokenize{appdev/refs/api/krb5_pac_add_buffer:krb5-pac-add-buffer-add-a-buffer-to-a-pac-handle}}\label{\detokenize{appdev/refs/api/krb5_pac_add_buffer::doc}}\index{krb5\_pac\_add\_buffer (C function)@\spxentry{krb5\_pac\_add\_buffer}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_add_buffer:c.krb5_pac_add_buffer}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_add\_buffer}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{n}{pac}, {\hyperref[\detokenize{appdev/refs/types/krb5_ui_4:c.krb5_ui_4}]{\sphinxcrossref{\DUrole{n}{krb5\_ui\_4}}}}\DUrole{w}{ }\DUrole{n}{type}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pac} \sphinxhyphen{} PAC handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{type} \sphinxhyphen{} Buffer type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} contents - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function adds a buffer of type \sphinxstyleemphasis{type} and contents \sphinxstyleemphasis{data} to \sphinxstyleemphasis{pac} if there isn’t already a buffer of this type present. - -\sphinxAtStartPar -The valid values of \sphinxstyleemphasis{type} is one of the following: -\begin{itemize} -\item {} -\sphinxAtStartPar -\#KRB5\_PAC\_LOGON\_INFO \sphinxhyphen{} Logon information - -\item {} -\sphinxAtStartPar -\#KRB5\_PAC\_CREDENTIALS\_INFO \sphinxhyphen{} Credentials information - -\item {} -\sphinxAtStartPar -\#KRB5\_PAC\_SERVER\_CHECKSUM \sphinxhyphen{} Server checksum - -\item {} -\sphinxAtStartPar -\#KRB5\_PAC\_PRIVSVR\_CHECKSUM \sphinxhyphen{} KDC checksum - -\item {} -\sphinxAtStartPar -\#KRB5\_PAC\_CLIENT\_INFO \sphinxhyphen{} Client name and ticket information - -\item {} -\sphinxAtStartPar -\#KRB5\_PAC\_DELEGATION\_INFO \sphinxhyphen{} Constrained delegation information - -\item {} -\sphinxAtStartPar -\#KRB5\_PAC\_UPN\_DNS\_INFO \sphinxhyphen{} User principal name and DNS information - -\end{itemize} - - -\subsubsection{krb5\_pac\_free \sphinxhyphen{} Free a PAC handle.} -\label{\detokenize{appdev/refs/api/krb5_pac_free:krb5-pac-free-free-a-pac-handle}}\label{\detokenize{appdev/refs/api/krb5_pac_free::doc}}\index{krb5\_pac\_free (C function)@\spxentry{krb5\_pac\_free}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_free:c.krb5_pac_free}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_free}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{n}{pac}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pac} \sphinxhyphen{} PAC to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{pac} and the structure itself. - - -\subsubsection{krb5\_pac\_get\_buffer \sphinxhyphen{} Retrieve a buffer value from a PAC.} -\label{\detokenize{appdev/refs/api/krb5_pac_get_buffer:krb5-pac-get-buffer-retrieve-a-buffer-value-from-a-pac}}\label{\detokenize{appdev/refs/api/krb5_pac_get_buffer::doc}}\index{krb5\_pac\_get\_buffer (C function)@\spxentry{krb5\_pac\_get\_buffer}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_get_buffer:c.krb5_pac_get_buffer}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_get\_buffer}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{n}{pac}, {\hyperref[\detokenize{appdev/refs/types/krb5_ui_4:c.krb5_ui_4}]{\sphinxcrossref{\DUrole{n}{krb5\_ui\_4}}}}\DUrole{w}{ }\DUrole{n}{type}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pac} \sphinxhyphen{} PAC handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{type} \sphinxhyphen{} Type of buffer to retrieve - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{data} \sphinxhyphen{} Buffer value - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{data} when it is no longer needed. - - -\subsubsection{krb5\_pac\_get\_types \sphinxhyphen{} Return an array of buffer types in a PAC handle.} -\label{\detokenize{appdev/refs/api/krb5_pac_get_types:krb5-pac-get-types-return-an-array-of-buffer-types-in-a-pac-handle}}\label{\detokenize{appdev/refs/api/krb5_pac_get_types::doc}}\index{krb5\_pac\_get\_types (C function)@\spxentry{krb5\_pac\_get\_types}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_get_types:c.krb5_pac_get_types}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_get\_types}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{n}{pac}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{len}, {\hyperref[\detokenize{appdev/refs/types/krb5_ui_4:c.krb5_ui_4}]{\sphinxcrossref{\DUrole{n}{krb5\_ui\_4}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{types}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pac} \sphinxhyphen{} PAC handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{len} \sphinxhyphen{} Number of entries in \sphinxstyleemphasis{types} - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{types} \sphinxhyphen{} Array of buffer types - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_pac\_init \sphinxhyphen{} Create an empty Privilege Attribute Certificate (PAC) handle.} -\label{\detokenize{appdev/refs/api/krb5_pac_init:krb5-pac-init-create-an-empty-privilege-attribute-certificate-pac-handle}}\label{\detokenize{appdev/refs/api/krb5_pac_init::doc}}\index{krb5\_pac\_init (C function)@\spxentry{krb5\_pac\_init}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_init:c.krb5_pac_init}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_init}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pac}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{pac} \sphinxhyphen{} New PAC handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_pac\_free() to free \sphinxstyleemphasis{pac} when it is no longer needed. - - -\subsubsection{krb5\_pac\_parse \sphinxhyphen{} Unparse an encoded PAC into a new handle.} -\label{\detokenize{appdev/refs/api/krb5_pac_parse:krb5-pac-parse-unparse-an-encoded-pac-into-a-new-handle}}\label{\detokenize{appdev/refs/api/krb5_pac_parse::doc}}\index{krb5\_pac\_parse (C function)@\spxentry{krb5\_pac\_parse}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_parse:c.krb5_pac_parse}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_parse}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ptr}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{len}, {\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pac}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ptr} \sphinxhyphen{} PAC buffer - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{len} \sphinxhyphen{} Length of \sphinxstyleemphasis{ptr} - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{pac} \sphinxhyphen{} PAC handle - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_pac\_free() to free \sphinxstyleemphasis{pac} when it is no longer needed. - - -\subsubsection{krb5\_pac\_sign} -\label{\detokenize{appdev/refs/api/krb5_pac_sign:krb5-pac-sign}}\label{\detokenize{appdev/refs/api/krb5_pac_sign::doc}}\index{krb5\_pac\_sign (C function)@\spxentry{krb5\_pac\_sign}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_sign:c.krb5_pac_sign}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_sign}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{n}{pac}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{n}{authtime}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{server\_key}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{privsvr\_key}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{pac} - -\sphinxAtStartPar -\sphinxstylestrong{authtime} - -\sphinxAtStartPar -\sphinxstylestrong{principal} - -\sphinxAtStartPar -\sphinxstylestrong{server\_key} - -\sphinxAtStartPar -\sphinxstylestrong{privsvr\_key} - -\sphinxAtStartPar -\sphinxstylestrong{data} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Use krb5\_kdc\_sign\_ticket() instead. - - -\subsubsection{krb5\_pac\_sign\_ext} -\label{\detokenize{appdev/refs/api/krb5_pac_sign_ext:krb5-pac-sign-ext}}\label{\detokenize{appdev/refs/api/krb5_pac_sign_ext::doc}}\index{krb5\_pac\_sign\_ext (C function)@\spxentry{krb5\_pac\_sign\_ext}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_sign_ext:c.krb5_pac_sign_ext}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_sign\_ext}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{n}{pac}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{n}{authtime}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{server\_key}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{privsvr\_key}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{n}{with\_realm}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{pac} - -\sphinxAtStartPar -\sphinxstylestrong{authtime} - -\sphinxAtStartPar -\sphinxstylestrong{principal} - -\sphinxAtStartPar -\sphinxstylestrong{server\_key} - -\sphinxAtStartPar -\sphinxstylestrong{privsvr\_key} - -\sphinxAtStartPar -\sphinxstylestrong{with\_realm} - -\sphinxAtStartPar -\sphinxstylestrong{data} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Use krb5\_kdc\_sign\_ticket() instead. - - -\subsubsection{krb5\_pac\_verify \sphinxhyphen{} Verify a PAC.} -\label{\detokenize{appdev/refs/api/krb5_pac_verify:krb5-pac-verify-verify-a-pac}}\label{\detokenize{appdev/refs/api/krb5_pac_verify::doc}}\index{krb5\_pac\_verify (C function)@\spxentry{krb5\_pac\_verify}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_verify:c.krb5_pac_verify}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_verify}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{n}{pac}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{n}{authtime}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{server}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{privsvr}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pac} \sphinxhyphen{} PAC handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{authtime} \sphinxhyphen{} Expected timestamp - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Expected principal name (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Key to validate server checksum (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{privsvr} \sphinxhyphen{} Key to validate KDC checksum (or NULL) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function validates \sphinxstyleemphasis{pac} against the supplied \sphinxstyleemphasis{server} , \sphinxstyleemphasis{privsvr} , \sphinxstyleemphasis{principal} and \sphinxstyleemphasis{authtime} . If \sphinxstyleemphasis{principal} is NULL, the principal and authtime are not verified. If \sphinxstyleemphasis{server} or \sphinxstyleemphasis{privsvr} is NULL, the corresponding checksum is not verified. - -\sphinxAtStartPar -If successful, \sphinxstyleemphasis{pac} is marked as verified. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -A checksum mismatch can occur if the PAC was copied from a cross\sphinxhyphen{}realm TGT by an ignorant KDC; also macOS Server Open Directory (as of 10.6) generates PACs with no server checksum at all. One should consider not failing the whole authentication because of this reason, but, instead, treating the ticket as if it did not contain a PAC or marking the PAC information as non\sphinxhyphen{}verified. -\end{sphinxadmonition} - - -\subsubsection{krb5\_pac\_verify\_ext \sphinxhyphen{} Verify a PAC, possibly from a specified realm.} -\label{\detokenize{appdev/refs/api/krb5_pac_verify_ext:krb5-pac-verify-ext-verify-a-pac-possibly-from-a-specified-realm}}\label{\detokenize{appdev/refs/api/krb5_pac_verify_ext::doc}}\index{krb5\_pac\_verify\_ext (C function)@\spxentry{krb5\_pac\_verify\_ext}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_verify_ext:c.krb5_pac_verify_ext}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_verify\_ext}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{n}{pac}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{n}{authtime}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{principal}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{server}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{privsvr}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{n}{with\_realm}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pac} \sphinxhyphen{} PAC handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{authtime} \sphinxhyphen{} Expected timestamp - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{principal} \sphinxhyphen{} Expected principal name (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Key to validate server checksum (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{privsvr} \sphinxhyphen{} Key to validate KDC checksum (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{with\_realm} \sphinxhyphen{} If true, expect the realm of \sphinxstyleemphasis{principal} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is similar to krb5\_pac\_verify(), but adds a parameter \sphinxstyleemphasis{with\_realm} . If \sphinxstyleemphasis{with\_realm} is true, the PAC\_CLIENT\_INFO field is expected to include the realm of \sphinxstyleemphasis{principal} as well as the name. This flag is necessary to verify PACs in cross\sphinxhyphen{}realm S4U2Self referral TGTs. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.17 -\end{sphinxadmonition} - - -\subsubsection{krb5\_pac\_get\_client\_info \sphinxhyphen{} Read client information from a PAC.} -\label{\detokenize{appdev/refs/api/krb5_pac_get_client_info:krb5-pac-get-client-info-read-client-information-from-a-pac}}\label{\detokenize{appdev/refs/api/krb5_pac_get_client_info::doc}}\index{krb5\_pac\_get\_client\_info (C function)@\spxentry{krb5\_pac\_get\_client\_info}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_pac_get_client_info:c.krb5_pac_get_client_info}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac\_get\_client\_info}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}]{\sphinxcrossref{\DUrole{n}{krb5\_pac}}}}\DUrole{w}{ }\DUrole{n}{pac}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{authtime\_out}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{princname\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pac} \sphinxhyphen{} PAC handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{authtime\_out} \sphinxhyphen{} Authentication timestamp (NULL if not needed) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{princname\_out} \sphinxhyphen{} Client account name - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 on success, ENOENT if no PAC\_CLIENT\_INFO buffer is present in pac , ERANGE if the buffer contains invalid lengths. - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Read the PAC\_CLIENT\_INFO buffer in \sphinxstyleemphasis{pac} . Place the client account name as a string in \sphinxstyleemphasis{princname\_out} . If \sphinxstyleemphasis{authtime\_out} is not NULL, place the initial authentication timestamp in \sphinxstyleemphasis{authtime\_out} . - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.18 -\end{sphinxadmonition} - - -\subsubsection{krb5\_prepend\_error\_message \sphinxhyphen{} Add a prefix to the message for an error code.} -\label{\detokenize{appdev/refs/api/krb5_prepend_error_message:krb5-prepend-error-message-add-a-prefix-to-the-message-for-an-error-code}}\label{\detokenize{appdev/refs/api/krb5_prepend_error_message::doc}}\index{krb5\_prepend\_error\_message (C function)@\spxentry{krb5\_prepend\_error\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_prepend_error_message:c.krb5_prepend_error_message}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_prepend\_error\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\DUrole{n}{code}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{fmt}, \DUrole{p}{...}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{code} \sphinxhyphen{} Error code - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fmt} \sphinxhyphen{} Format string for error message prefix - -\end{description}\end{quote} - -\sphinxAtStartPar -Format a message and prepend it to the current message for \sphinxstyleemphasis{code} . The prefix will be separated from the old message with a colon and space. - - -\subsubsection{krb5\_principal2salt \sphinxhyphen{} Convert a principal name into the default salt for that principal.} -\label{\detokenize{appdev/refs/api/krb5_principal2salt:krb5-principal2salt-convert-a-principal-name-into-the-default-salt-for-that-principal}}\label{\detokenize{appdev/refs/api/krb5_principal2salt::doc}}\index{krb5\_principal2salt (C function)@\spxentry{krb5\_principal2salt}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_principal2salt:c.krb5_principal2salt}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_principal2salt}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{pr}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ret}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pr} \sphinxhyphen{} Principal name - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ret} \sphinxhyphen{} Default salt for \sphinxstyleemphasis{pr} to be filled in - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_rd\_cred \sphinxhyphen{} Read and validate a KRB\sphinxhyphen{}CRED message.} -\label{\detokenize{appdev/refs/api/krb5_rd_cred:krb5-rd-cred-read-and-validate-a-krb-cred-message}}\label{\detokenize{appdev/refs/api/krb5_rd_cred::doc}}\index{krb5\_rd\_cred (C function)@\spxentry{krb5\_rd\_cred}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_cred:c.krb5_rd_cred}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_rd\_cred}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creddata}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{creds\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{\DUrole{n}{krb5\_replay\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{rdata\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creddata} \sphinxhyphen{} \sphinxstylestrong{KRB\sphinxhyphen{}CRED} message - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds\_out} \sphinxhyphen{} Null\sphinxhyphen{}terminated array of forwarded credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} \sphinxhyphen{} Replay data (NULL if not needed) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{creddata} will be decrypted using the receiving subkey if it is present in \sphinxstyleemphasis{auth\_context} , or the session key if the receiving subkey is not present or fails to decrypt the message. -\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_tgt\_creds() to free \sphinxstyleemphasis{creds\_out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The \sphinxstyleemphasis{rdata\_out} argument is required if the \#KRB5\_AUTH\_CONTEXT\_RET\_TIME or \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE flag is set in \sphinxstyleemphasis{auth\_context} .\textasciigrave{} -\end{sphinxadmonition} - - -\subsubsection{krb5\_rd\_error \sphinxhyphen{} Decode a KRB\sphinxhyphen{}ERROR message.} -\label{\detokenize{appdev/refs/api/krb5_rd_error:krb5-rd-error-decode-a-krb-error-message}}\label{\detokenize{appdev/refs/api/krb5_rd_error::doc}}\index{krb5\_rd\_error (C function)@\spxentry{krb5\_rd\_error}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_error:c.krb5_rd_error}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_rd\_error}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{enc\_errbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{dec\_error}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enc\_errbuf} \sphinxhyphen{} Encoded error message - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{dec\_error} \sphinxhyphen{} Decoded error message - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function processes \sphinxstylestrong{KRB\sphinxhyphen{}ERROR} message \sphinxstyleemphasis{enc\_errbuf} and returns an allocated structure \sphinxstyleemphasis{dec\_error} containing the error message. Use krb5\_free\_error() to free \sphinxstyleemphasis{dec\_error} when it is no longer needed. - - -\subsubsection{krb5\_rd\_priv \sphinxhyphen{} Process a KRB\sphinxhyphen{}PRIV message.} -\label{\detokenize{appdev/refs/api/krb5_rd_priv:krb5-rd-priv-process-a-krb-priv-message}}\label{\detokenize{appdev/refs/api/krb5_rd_priv::doc}}\index{krb5\_rd\_priv (C function)@\spxentry{krb5\_rd\_priv}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_priv:c.krb5_rd_priv}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_rd\_priv}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{inbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{userdata\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{\DUrole{n}{krb5\_replay\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{rdata\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inbuf} \sphinxhyphen{} \sphinxstylestrong{KRB\sphinxhyphen{}PRIV} message to be parsed - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{userdata\_out} \sphinxhyphen{} Data parsed from \sphinxstylestrong{KRB\sphinxhyphen{}PRIV} message - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} \sphinxhyphen{} Replay data. Specify NULL if not needed - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function parses a \sphinxstylestrong{KRB\sphinxhyphen{}PRIV} message, verifies its integrity, and stores its unencrypted data into \sphinxstyleemphasis{userdata\_out} . - -\sphinxAtStartPar -If \sphinxstyleemphasis{auth\_context} has a remote address set, the address will be used to verify the sender address in the KRB\sphinxhyphen{}PRIV message. If \sphinxstyleemphasis{auth\_context} has a local address set, it will be used to verify the receiver address in the KRB\sphinxhyphen{}PRIV message if the message contains one. - -\sphinxAtStartPar -If the \#KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE flag is set in \sphinxstyleemphasis{auth\_context} , the sequence number of the KRB\sphinxhyphen{}PRIV message is checked against the remote sequence number field of \sphinxstyleemphasis{auth\_context} . Otherwise, the sequence number is not used. - -\sphinxAtStartPar -If the \#KRB5\_AUTH\_CONTEXT\_DO\_TIME flag is set in \sphinxstyleemphasis{auth\_context} , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in\sphinxhyphen{}memory replay cache to detect reflections or replays. - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{userdata\_out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The \sphinxstyleemphasis{rdata\_out} argument is required if the \#KRB5\_AUTH\_CONTEXT\_RET\_TIME or \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE flag is set in \sphinxstyleemphasis{auth\_context} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_rd\_rep \sphinxhyphen{} Parse and decrypt a KRB\_AP\_REP message.} -\label{\detokenize{appdev/refs/api/krb5_rd_rep:krb5-rd-rep-parse-and-decrypt-a-krb-ap-rep-message}}\label{\detokenize{appdev/refs/api/krb5_rd_rep::doc}}\index{krb5\_rd\_rep (C function)@\spxentry{krb5\_rd\_rep}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_rep:c.krb5_rd_rep}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_rd\_rep}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{inbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_rep\_enc\_part}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{repl}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inbuf} \sphinxhyphen{} AP\sphinxhyphen{}REP message - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{repl} \sphinxhyphen{} Decrypted reply message - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function parses, decrypts and verifies a message from \sphinxstyleemphasis{inbuf} and fills in \sphinxstyleemphasis{repl} with a pointer to allocated memory containing the fields from the encrypted response. - -\sphinxAtStartPar -Use krb5\_free\_ap\_rep\_enc\_part() to free \sphinxstyleemphasis{repl} when it is no longer needed. - - -\subsubsection{krb5\_rd\_rep\_dce \sphinxhyphen{} Parse and decrypt a KRB\_AP\_REP message for DCE RPC.} -\label{\detokenize{appdev/refs/api/krb5_rd_rep_dce:krb5-rd-rep-dce-parse-and-decrypt-a-krb-ap-rep-message-for-dce-rpc}}\label{\detokenize{appdev/refs/api/krb5_rd_rep_dce::doc}}\index{krb5\_rd\_rep\_dce (C function)@\spxentry{krb5\_rd\_rep\_dce}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_rep_dce:c.krb5_rd_rep_dce}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_rd\_rep\_dce}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{inbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_ui_4:c.krb5_ui_4}]{\sphinxcrossref{\DUrole{n}{krb5\_ui\_4}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{nonce}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inbuf} \sphinxhyphen{} AP\sphinxhyphen{}REP message - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{nonce} \sphinxhyphen{} Sequence number from the decrypted reply - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function parses, decrypts and verifies a message from \sphinxstyleemphasis{inbuf} and fills in \sphinxstyleemphasis{nonce} with a decrypted reply sequence number. - - -\subsubsection{krb5\_rd\_req \sphinxhyphen{} Parse and decrypt a KRB\_AP\_REQ message.} -\label{\detokenize{appdev/refs/api/krb5_rd_req:krb5-rd-req-parse-and-decrypt-a-krb-ap-req-message}}\label{\detokenize{appdev/refs/api/krb5_rd_req::doc}}\index{krb5\_rd\_req (C function)@\spxentry{krb5\_rd\_req}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_req:c.krb5_rd_req}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_rd\_req}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{auth\_context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{inbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{w}{ }\DUrole{n}{server}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ap\_req\_options}, {\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{ticket}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Pre\sphinxhyphen{}existing or newly created auth context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inbuf} \sphinxhyphen{} AP\sphinxhyphen{}REQ message to be parsed - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Matching principal for server, or NULL to allow any principal in keytab - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table, or NULL to use the default - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ap\_req\_options} \sphinxhyphen{} If non\sphinxhyphen{}null, the AP\sphinxhyphen{}REQ flags on output - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ticket} \sphinxhyphen{} If non\sphinxhyphen{}null, ticket from the AP\sphinxhyphen{}REQ message - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function parses, decrypts and verifies a AP\sphinxhyphen{}REQ message from \sphinxstyleemphasis{inbuf} and stores the authenticator in \sphinxstyleemphasis{auth\_context} . - -\sphinxAtStartPar -If a keyblock was specified in \sphinxstyleemphasis{auth\_context} using krb5\_auth\_con\_setuseruserkey(), that key is used to decrypt the ticket in AP\sphinxhyphen{}REQ message and \sphinxstyleemphasis{keytab} is ignored. In this case, \sphinxstyleemphasis{server} should be specified as a complete principal name to allow for proper transited\sphinxhyphen{}path checking and replay cache selection. - -\sphinxAtStartPar -Otherwise, the decryption key is obtained from \sphinxstyleemphasis{keytab} , or from the default keytab if it is NULL. In this case, \sphinxstyleemphasis{server} may be a complete principal name, a matching principal (see krb5\_sname\_match()), or NULL to match any principal name. The keys tried against the encrypted part of the ticket are determined as follows: -\begin{itemize} -\item {} -\sphinxAtStartPar -If \sphinxstyleemphasis{server} is a complete principal name, then its entry in \sphinxstyleemphasis{keytab} is tried. - -\item {} -\sphinxAtStartPar -Otherwise, if \sphinxstyleemphasis{keytab} is iterable, then all entries in \sphinxstyleemphasis{keytab} which match \sphinxstyleemphasis{server} are tried. - -\item {} -\sphinxAtStartPar -Otherwise, the server principal in the ticket must match \sphinxstyleemphasis{server} , and its entry in \sphinxstyleemphasis{keytab} is tried. - -\end{itemize} - -\sphinxAtStartPar -The client specified in the decrypted authenticator must match the client specified in the decrypted ticket. - -\sphinxAtStartPar -If the \sphinxstyleemphasis{remote\_addr} field of \sphinxstyleemphasis{auth\_context} is set, the request must come from that address. - -\sphinxAtStartPar -If a replay cache handle is provided in the \sphinxstyleemphasis{auth\_context} , the authenticator and ticket are verified against it. If no conflict is found, the new authenticator is then stored in the replay cache of \sphinxstyleemphasis{auth\_context} . - -\sphinxAtStartPar -Various other checks are performed on the decoded data, including cross\sphinxhyphen{}realm policy, clockskew, and ticket validation times. - -\sphinxAtStartPar -On success the authenticator, subkey, and remote sequence number of the request are stored in \sphinxstyleemphasis{auth\_context} . If the \#AP\_OPTS\_MUTUAL\_REQUIRED bit is set, the local sequence number is XORed with the remote sequence number in the request. - -\sphinxAtStartPar -Use krb5\_free\_ticket() to free \sphinxstyleemphasis{ticket} when it is no longer needed. - - -\subsubsection{krb5\_rd\_safe \sphinxhyphen{} Process KRB\sphinxhyphen{}SAFE message.} -\label{\detokenize{appdev/refs/api/krb5_rd_safe:krb5-rd-safe-process-krb-safe-message}}\label{\detokenize{appdev/refs/api/krb5_rd_safe::doc}}\index{krb5\_rd\_safe (C function)@\spxentry{krb5\_rd\_safe}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_rd_safe:c.krb5_rd_safe}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_rd\_safe}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{inbuf}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{userdata\_out}, {\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{\DUrole{n}{krb5\_replay\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{rdata\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inbuf} \sphinxhyphen{} \sphinxstylestrong{KRB\sphinxhyphen{}SAFE} message to be parsed - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{userdata\_out} \sphinxhyphen{} Data parsed from \sphinxstylestrong{KRB\sphinxhyphen{}SAFE} message - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rdata\_out} \sphinxhyphen{} Replay data. Specify NULL if not needed - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function parses a \sphinxstylestrong{KRB\sphinxhyphen{}SAFE} message, verifies its integrity, and stores its data into \sphinxstyleemphasis{userdata\_out} . - -\sphinxAtStartPar -If \sphinxstyleemphasis{auth\_context} has a remote address set, the address will be used to verify the sender address in the KRB\sphinxhyphen{}SAFE message. If \sphinxstyleemphasis{auth\_context} has a local address set, it will be used to verify the receiver address in the KRB\sphinxhyphen{}SAFE message if the message contains one. - -\sphinxAtStartPar -If the \#KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE flag is set in \sphinxstyleemphasis{auth\_context} , the sequence number of the KRB\sphinxhyphen{}SAFE message is checked against the remote sequence number field of \sphinxstyleemphasis{auth\_context} . Otherwise, the sequence number is not used. - -\sphinxAtStartPar -If the \#KRB5\_AUTH\_CONTEXT\_DO\_TIME flag is set in \sphinxstyleemphasis{auth\_context} , then the timestamp in the message is verified to be within the permitted clock skew of the current time, and the message is checked against an in\sphinxhyphen{}memory replay cache to detect reflections or replays. - -\sphinxAtStartPar -Use krb5\_free\_data\_contents() to free \sphinxstyleemphasis{userdata\_out} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The \sphinxstyleemphasis{rdata\_out} argument is required if the \#KRB5\_AUTH\_CONTEXT\_RET\_TIME or \#KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE flag is set in \sphinxstyleemphasis{auth\_context} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_read\_password \sphinxhyphen{} Read a password from keyboard input.} -\label{\detokenize{appdev/refs/api/krb5_read_password:krb5-read-password-read-a-password-from-keyboard-input}}\label{\detokenize{appdev/refs/api/krb5_read_password::doc}}\index{krb5\_read\_password (C function)@\spxentry{krb5\_read\_password}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_read_password:c.krb5_read_password}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_read\_password}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{prompt}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{prompt2}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{return\_pwd}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{size\_return}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{prompt} \sphinxhyphen{} First user prompt when reading password - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{prompt2} \sphinxhyphen{} Second user prompt (NULL to prompt only once) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{return\_pwd} \sphinxhyphen{} Returned password - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{size\_return} \sphinxhyphen{} On input, maximum size of password; on output, size of password read - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Error in reading or verifying the password - -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function reads a password from keyboard input and stores it in \sphinxstyleemphasis{return\_pwd} . \sphinxstyleemphasis{size\_return} should be set by the caller to the amount of storage space available in \sphinxstyleemphasis{return\_pwd} ; on successful return, it will be set to the length of the password read. -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{prompt} is printed to the terminal, followed byâ€:â€, and then a password is read from the keyboard. -\end{quote} - -\sphinxAtStartPar -If \sphinxstyleemphasis{prompt2} is NULL, the password is read only once. Otherwise, \sphinxstyleemphasis{prompt2} is printed to the terminal and a second password is read. If the two passwords entered are not identical, KRB5\_LIBOS\_BADPWDMATCH is returned. - -\sphinxAtStartPar -Echoing is turned off when the password is read. - - -\subsubsection{krb5\_salttype\_to\_string \sphinxhyphen{} Convert a salt type to a string.} -\label{\detokenize{appdev/refs/api/krb5_salttype_to_string:krb5-salttype-to-string-convert-a-salt-type-to-a-string}}\label{\detokenize{appdev/refs/api/krb5_salttype_to_string::doc}}\index{krb5\_salttype\_to\_string (C function)@\spxentry{krb5\_salttype\_to\_string}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_salttype_to_string:c.krb5_salttype_to_string}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_salttype\_to\_string}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{n}{salttype}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{buffer}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{buflen}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{salttype} \sphinxhyphen{} Salttype to convert - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{buffer} \sphinxhyphen{} Buffer to receive the converted string - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{buflen} \sphinxhyphen{} Storage available in \sphinxstyleemphasis{buffer} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_server\_decrypt\_ticket\_keytab \sphinxhyphen{} Decrypt a ticket using the specified key table.} -\label{\detokenize{appdev/refs/api/krb5_server_decrypt_ticket_keytab:krb5-server-decrypt-ticket-keytab-decrypt-a-ticket-using-the-specified-key-table}}\label{\detokenize{appdev/refs/api/krb5_server_decrypt_ticket_keytab::doc}}\index{krb5\_server\_decrypt\_ticket\_keytab (C function)@\spxentry{krb5\_server\_decrypt\_ticket\_keytab}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_server_decrypt_ticket_keytab:c.krb5_server_decrypt_ticket_keytab}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_server\_decrypt\_ticket\_keytab}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{kt}, {\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ticket}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{kt} \sphinxhyphen{} Key table - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ticket} \sphinxhyphen{} Ticket to be decrypted - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function takes a \sphinxstyleemphasis{ticket} as input and decrypts it using key data from \sphinxstyleemphasis{kt} . The result is placed into \sphinxstyleemphasis{ticket\sphinxhyphen{}\textgreater{}enc\_part2} . - - -\subsubsection{krb5\_set\_default\_tgs\_enctypes \sphinxhyphen{} Set default TGS encryption types in a krb5\_context structure.} -\label{\detokenize{appdev/refs/api/krb5_set_default_tgs_enctypes:krb5-set-default-tgs-enctypes-set-default-tgs-encryption-types-in-a-krb5-context-structure}}\label{\detokenize{appdev/refs/api/krb5_set_default_tgs_enctypes::doc}}\index{krb5\_set\_default\_tgs\_enctypes (C function)@\spxentry{krb5\_set\_default\_tgs\_enctypes}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_default_tgs_enctypes:c.krb5_set_default_tgs_enctypes}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_default\_tgs\_enctypes}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{etypes}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{etypes} \sphinxhyphen{} Encryption type(s) to set - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\item {} -\sphinxAtStartPar -KRB5\_PROG\_ETYPE\_NOSUPP Program lacks support for encryption type - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets the default enctype list for TGS requests made using \sphinxstyleemphasis{context} to \sphinxstyleemphasis{etypes} . - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This overrides the default list (from config file or built\sphinxhyphen{}in). -\end{sphinxadmonition} - - -\subsubsection{krb5\_set\_error\_message \sphinxhyphen{} Set an extended error message for an error code.} -\label{\detokenize{appdev/refs/api/krb5_set_error_message:krb5-set-error-message-set-an-extended-error-message-for-an-error-code}}\label{\detokenize{appdev/refs/api/krb5_set_error_message::doc}}\index{krb5\_set\_error\_message (C function)@\spxentry{krb5\_set\_error\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_error_message:c.krb5_set_error_message}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_error\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\DUrole{n}{code}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{fmt}, \DUrole{p}{...}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{code} \sphinxhyphen{} Error code - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fmt} \sphinxhyphen{} Error string for the error code - -\end{description}\end{quote} - - -\subsubsection{krb5\_set\_kdc\_recv\_hook \sphinxhyphen{} Set a KDC post\sphinxhyphen{}receive hook function.} -\label{\detokenize{appdev/refs/api/krb5_set_kdc_recv_hook:krb5-set-kdc-recv-hook-set-a-kdc-post-receive-hook-function}}\label{\detokenize{appdev/refs/api/krb5_set_kdc_recv_hook::doc}}\index{krb5\_set\_kdc\_recv\_hook (C function)@\spxentry{krb5\_set\_kdc\_recv\_hook}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_kdc_recv_hook:c.krb5_set_kdc_recv_hook}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_kdc\_recv\_hook}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_post_recv_fn:c.krb5_post_recv_fn}]{\sphinxcrossref{\DUrole{n}{krb5\_post\_recv\_fn}}}}\DUrole{w}{ }\DUrole{n}{recv\_hook}, \DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} The library context. - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{recv\_hook} \sphinxhyphen{} Hook function (or NULL to disable the hook) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} Callback data to be passed to \sphinxstyleemphasis{recv\_hook} - -\end{description}\end{quote} -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{recv\_hook} will be called after a reply is received from a KDC during a call to a library function such as krb5\_get\_credentials(). The hook function may inspect or override the reply. This hook will not be executed if the pre\sphinxhyphen{}send hook returns a synthetic reply. -\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.15 -\end{sphinxadmonition} - - -\subsubsection{krb5\_set\_kdc\_send\_hook \sphinxhyphen{} Set a KDC pre\sphinxhyphen{}send hook function.} -\label{\detokenize{appdev/refs/api/krb5_set_kdc_send_hook:krb5-set-kdc-send-hook-set-a-kdc-pre-send-hook-function}}\label{\detokenize{appdev/refs/api/krb5_set_kdc_send_hook::doc}}\index{krb5\_set\_kdc\_send\_hook (C function)@\spxentry{krb5\_set\_kdc\_send\_hook}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_kdc_send_hook:c.krb5_set_kdc_send_hook}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_kdc\_send\_hook}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pre_send_fn:c.krb5_pre_send_fn}]{\sphinxcrossref{\DUrole{n}{krb5\_pre\_send\_fn}}}}\DUrole{w}{ }\DUrole{n}{send\_hook}, \DUrole{kt}{void}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{send\_hook} \sphinxhyphen{} Hook function (or NULL to disable the hook) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} Callback data to be passed to \sphinxstyleemphasis{send\_hook} - -\end{description}\end{quote} -\begin{quote} - -\sphinxAtStartPar -\sphinxstyleemphasis{send\_hook} will be called before messages are sent to KDCs by library functions such as krb5\_get\_credentials(). The hook function may inspect, override, or synthesize its own reply to the message. -\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.15 -\end{sphinxadmonition} - - -\subsubsection{krb5\_set\_real\_time \sphinxhyphen{} Set time offset field in a krb5\_context structure.} -\label{\detokenize{appdev/refs/api/krb5_set_real_time:krb5-set-real-time-set-time-offset-field-in-a-krb5-context-structure}}\label{\detokenize{appdev/refs/api/krb5_set_real_time::doc}}\index{krb5\_set\_real\_time (C function)@\spxentry{krb5\_set\_real\_time}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_set_real_time:c.krb5_set_real_time}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_set\_real\_time}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{n}{seconds}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{n}{microseconds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{seconds} \sphinxhyphen{} Real time, seconds portion - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{microseconds} \sphinxhyphen{} Real time, microseconds portion - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function sets the time offset in \sphinxstyleemphasis{context} to the difference between the system time and the real time as determined by \sphinxstyleemphasis{seconds} and \sphinxstyleemphasis{microseconds} . - - -\subsubsection{krb5\_string\_to\_cksumtype \sphinxhyphen{} Convert a string to a checksum type.} -\label{\detokenize{appdev/refs/api/krb5_string_to_cksumtype:krb5-string-to-cksumtype-convert-a-string-to-a-checksum-type}}\label{\detokenize{appdev/refs/api/krb5_string_to_cksumtype::doc}}\index{krb5\_string\_to\_cksumtype (C function)@\spxentry{krb5\_string\_to\_cksumtype}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_string_to_cksumtype:c.krb5_string_to_cksumtype}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_string\_to\_cksumtype}}}}{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{string}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cksumtypep}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{string} \sphinxhyphen{} String to be converted - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cksumtypep} \sphinxhyphen{} Checksum type to be filled in - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} EINVAL - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_string\_to\_deltat \sphinxhyphen{} Convert a string to a delta time value.} -\label{\detokenize{appdev/refs/api/krb5_string_to_deltat:krb5-string-to-deltat-convert-a-string-to-a-delta-time-value}}\label{\detokenize{appdev/refs/api/krb5_string_to_deltat::doc}}\index{krb5\_string\_to\_deltat (C function)@\spxentry{krb5\_string\_to\_deltat}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_string_to_deltat:c.krb5_string_to_deltat}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_string\_to\_deltat}}}}{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{string}, {\hyperref[\detokenize{appdev/refs/types/krb5_deltat:c.krb5_deltat}]{\sphinxcrossref{\DUrole{n}{krb5\_deltat}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{deltatp}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{string} \sphinxhyphen{} String to be converted - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{deltatp} \sphinxhyphen{} Delta time to be filled in - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} KRB5\_DELTAT\_BADFORMAT - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_string\_to\_enctype \sphinxhyphen{} Convert a string to an encryption type.} -\label{\detokenize{appdev/refs/api/krb5_string_to_enctype:krb5-string-to-enctype-convert-a-string-to-an-encryption-type}}\label{\detokenize{appdev/refs/api/krb5_string_to_enctype::doc}}\index{krb5\_string\_to\_enctype (C function)@\spxentry{krb5\_string\_to\_enctype}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_string_to_enctype:c.krb5_string_to_enctype}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_string\_to\_enctype}}}}{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{string}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{enctypep}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{string} \sphinxhyphen{} String to convert to an encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{enctypep} \sphinxhyphen{} Encryption type - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} EINVAL - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_string\_to\_salttype \sphinxhyphen{} Convert a string to a salt type.} -\label{\detokenize{appdev/refs/api/krb5_string_to_salttype:krb5-string-to-salttype-convert-a-string-to-a-salt-type}}\label{\detokenize{appdev/refs/api/krb5_string_to_salttype::doc}}\index{krb5\_string\_to\_salttype (C function)@\spxentry{krb5\_string\_to\_salttype}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_string_to_salttype:c.krb5_string_to_salttype}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_string\_to\_salttype}}}}{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{string}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{salttypep}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{string} \sphinxhyphen{} String to convert to an encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{salttypep} \sphinxhyphen{} Salt type to be filled in - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} EINVAL - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_string\_to\_timestamp \sphinxhyphen{} Convert a string to a timestamp.} -\label{\detokenize{appdev/refs/api/krb5_string_to_timestamp:krb5-string-to-timestamp-convert-a-string-to-a-timestamp}}\label{\detokenize{appdev/refs/api/krb5_string_to_timestamp::doc}}\index{krb5\_string\_to\_timestamp (C function)@\spxentry{krb5\_string\_to\_timestamp}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_string_to_timestamp:c.krb5_string_to_timestamp}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_string\_to\_timestamp}}}}{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{string}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{timestampp}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{string} \sphinxhyphen{} String to be converted - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{timestampp} \sphinxhyphen{} Pointer to timestamp - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} EINVAL - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_timeofday \sphinxhyphen{} Retrieve the current time with context specific time offset adjustment.} -\label{\detokenize{appdev/refs/api/krb5_timeofday:krb5-timeofday-retrieve-the-current-time-with-context-specific-time-offset-adjustment}}\label{\detokenize{appdev/refs/api/krb5_timeofday::doc}}\index{krb5\_timeofday (C function)@\spxentry{krb5\_timeofday}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_timeofday:c.krb5_timeofday}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_timeofday}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{timeret}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{timeret} \sphinxhyphen{} Timestamp to fill in - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success - -\end{itemize} - -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function retrieves the system time of day with the context specific time offset adjustment. - - -\subsubsection{krb5\_timestamp\_to\_sfstring \sphinxhyphen{} Convert a timestamp to a string, with optional output padding.} -\label{\detokenize{appdev/refs/api/krb5_timestamp_to_sfstring:krb5-timestamp-to-sfstring-convert-a-timestamp-to-a-string-with-optional-output-padding}}\label{\detokenize{appdev/refs/api/krb5_timestamp_to_sfstring::doc}}\index{krb5\_timestamp\_to\_sfstring (C function)@\spxentry{krb5\_timestamp\_to\_sfstring}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_timestamp_to_sfstring:c.krb5_timestamp_to_sfstring}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_timestamp\_to\_sfstring}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{n}{timestamp}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{buffer}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{buflen}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pad}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{timestamp} \sphinxhyphen{} Timestamp to convert - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{buffer} \sphinxhyphen{} Buffer to hold the converted timestamp - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{buflen} \sphinxhyphen{} Length of buffer - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pad} \sphinxhyphen{} Optional value to pad \sphinxstyleemphasis{buffer} if converted timestamp does not fill it - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -If \sphinxstyleemphasis{pad} is not NULL, \sphinxstyleemphasis{buffer} is padded out to \sphinxstyleemphasis{buflen} \sphinxhyphen{} 1 characters with the value of * \sphinxstyleemphasis{pad} . - - -\subsubsection{krb5\_timestamp\_to\_string \sphinxhyphen{} Convert a timestamp to a string.} -\label{\detokenize{appdev/refs/api/krb5_timestamp_to_string:krb5-timestamp-to-string-convert-a-timestamp-to-a-string}}\label{\detokenize{appdev/refs/api/krb5_timestamp_to_string::doc}}\index{krb5\_timestamp\_to\_string (C function)@\spxentry{krb5\_timestamp\_to\_string}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_timestamp_to_string:c.krb5_timestamp_to_string}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_timestamp\_to\_string}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\DUrole{n}{timestamp}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{buffer}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{buflen}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{timestamp} \sphinxhyphen{} Timestamp to convert - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{buffer} \sphinxhyphen{} Buffer to hold converted timestamp - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{buflen} \sphinxhyphen{} Storage available in \sphinxstyleemphasis{buffer} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -The string is returned in the locale’s appropriate date and time representation. - - -\subsubsection{krb5\_tkt\_creds\_free \sphinxhyphen{} Free a TGS request context.} -\label{\detokenize{appdev/refs/api/krb5_tkt_creds_free:krb5-tkt-creds-free-free-a-tgs-request-context}}\label{\detokenize{appdev/refs/api/krb5_tkt_creds_free::doc}}\index{krb5\_tkt\_creds\_free (C function)@\spxentry{krb5\_tkt\_creds\_free}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_tkt_creds_free:c.krb5_tkt_creds_free}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_tkt\_creds\_free}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_tkt\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} TGS request context - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_tkt\_creds\_get \sphinxhyphen{} Synchronously obtain credentials using a TGS request context.} -\label{\detokenize{appdev/refs/api/krb5_tkt_creds_get:krb5-tkt-creds-get-synchronously-obtain-credentials-using-a-tgs-request-context}}\label{\detokenize{appdev/refs/api/krb5_tkt_creds_get::doc}}\index{krb5\_tkt\_creds\_get (C function)@\spxentry{krb5\_tkt\_creds\_get}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_tkt_creds_get:c.krb5_tkt_creds_get}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_tkt\_creds\_get}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_tkt\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} TGS request context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function synchronously obtains credentials using a context created by krb5\_tkt\_creds\_init(). On successful return, the credentials can be retrieved with krb5\_tkt\_creds\_get\_creds(). - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_tkt\_creds\_get\_creds \sphinxhyphen{} Retrieve acquired credentials from a TGS request context.} -\label{\detokenize{appdev/refs/api/krb5_tkt_creds_get_creds:krb5-tkt-creds-get-creds-retrieve-acquired-credentials-from-a-tgs-request-context}}\label{\detokenize{appdev/refs/api/krb5_tkt_creds_get_creds::doc}}\index{krb5\_tkt\_creds\_get\_creds (C function)@\spxentry{krb5\_tkt\_creds\_get\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_tkt_creds_get_creds:c.krb5_tkt_creds_get_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_tkt\_creds\_get\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_tkt\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} TGS request context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Acquired credentials - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function copies the acquired initial credentials from \sphinxstyleemphasis{ctx} into \sphinxstyleemphasis{creds} , after the successful completion of krb5\_tkt\_creds\_get() or krb5\_tkt\_creds\_step(). Use krb5\_free\_cred\_contents() to free \sphinxstyleemphasis{creds} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_tkt\_creds\_get\_times \sphinxhyphen{} Retrieve ticket times from a TGS request context.} -\label{\detokenize{appdev/refs/api/krb5_tkt_creds_get_times:krb5-tkt-creds-get-times-retrieve-ticket-times-from-a-tgs-request-context}}\label{\detokenize{appdev/refs/api/krb5_tkt_creds_get_times::doc}}\index{krb5\_tkt\_creds\_get\_times (C function)@\spxentry{krb5\_tkt\_creds\_get\_times}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_tkt_creds_get_times:c.krb5_tkt_creds_get_times}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_tkt\_creds\_get\_times}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_tkt\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket\_times}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{times}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} TGS request context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{times} \sphinxhyphen{} Ticket times for acquired credentials - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -The TGS request context must have completed obtaining credentials via either krb5\_tkt\_creds\_get() or krb5\_tkt\_creds\_step(). - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_tkt\_creds\_init \sphinxhyphen{} Create a context to get credentials from a KDC’s Ticket Granting Service.} -\label{\detokenize{appdev/refs/api/krb5_tkt_creds_init:krb5-tkt-creds-init-create-a-context-to-get-credentials-from-a-kdc-s-ticket-granting-service}}\label{\detokenize{appdev/refs/api/krb5_tkt_creds_init::doc}}\index{krb5\_tkt\_creds\_init (C function)@\spxentry{krb5\_tkt\_creds\_init}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_tkt_creds_init:c.krb5_tkt_creds_init}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_tkt\_creds\_init}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{options}, {\hyperref[\detokenize{appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_tkt\_creds\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ctx}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache handle - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Input credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{options} \sphinxhyphen{} Options (see KRB5\_GC macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} New TGS request context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function prepares to obtain credentials matching \sphinxstyleemphasis{creds} , either by retrieving them from \sphinxstyleemphasis{ccache} or by making requests to ticket\sphinxhyphen{}granting services beginning with a ticket\sphinxhyphen{}granting ticket for the client principal’s realm. - -\sphinxAtStartPar -The resulting TGS acquisition context can be used asynchronously with krb5\_tkt\_creds\_step() or synchronously with krb5\_tkt\_creds\_get(). See also krb5\_get\_credentials() for synchronous use. - -\sphinxAtStartPar -Use krb5\_tkt\_creds\_free() to free \sphinxstyleemphasis{ctx} when it is no longer needed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_tkt\_creds\_step \sphinxhyphen{} Get the next KDC request in a TGS exchange.} -\label{\detokenize{appdev/refs/api/krb5_tkt_creds_step:krb5-tkt-creds-step-get-the-next-kdc-request-in-a-tgs-exchange}}\label{\detokenize{appdev/refs/api/krb5_tkt_creds_step::doc}}\index{krb5\_tkt\_creds\_step (C function)@\spxentry{krb5\_tkt\_creds\_step}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_tkt_creds_step:c.krb5_tkt_creds_step}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_tkt\_creds\_step}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context}]{\sphinxcrossref{\DUrole{n}{krb5\_tkt\_creds\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{out}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{flags}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} TGS request context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in} \sphinxhyphen{} KDC response (empty on the first call) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out} \sphinxhyphen{} Next KDC request - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{realm} \sphinxhyphen{} Realm for next KDC request - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Output flags - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function constructs the next KDC request for a TGS exchange, allowing the caller to control the transport of KDC requests and replies. On the first call, \sphinxstyleemphasis{in} should be set to an empty buffer; on subsequent calls, it should be set to the KDC’s reply to the previous request. - -\sphinxAtStartPar -If more requests are needed, \sphinxstyleemphasis{flags} will be set to \#KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE and the next request will be placed in \sphinxstyleemphasis{out} . If no more requests are needed, \sphinxstyleemphasis{flags} will not contain \#KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE and \sphinxstyleemphasis{out} will be empty. - -\sphinxAtStartPar -If this function returns \sphinxstylestrong{KRB5KRB\_ERR\_RESPONSE\_TOO\_BIG} , the caller should transmit the next request using TCP rather than UDP. If this function returns any other error, the TGS exchange has failed. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_unmarshal\_credentials \sphinxhyphen{} Deserialize a krb5\_creds object.} -\label{\detokenize{appdev/refs/api/krb5_unmarshal_credentials:krb5-unmarshal-credentials-deserialize-a-krb5-creds-object}}\label{\detokenize{appdev/refs/api/krb5_unmarshal_credentials::doc}}\index{krb5\_unmarshal\_credentials (C function)@\spxentry{krb5\_unmarshal\_credentials}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_unmarshal_credentials:c.krb5_unmarshal_credentials}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_unmarshal\_credentials}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{creds\_out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} The serialized credentials - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{creds\_out} \sphinxhyphen{} The resulting creds object - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Deserialize \sphinxstyleemphasis{data} to credentials in the format used by the FILE ccache format (vesion 4) and KCM ccache protocol. - -\sphinxAtStartPar -Use krb5\_free\_creds() to free \sphinxstyleemphasis{creds\_out} when it is no longer needed. - - -\subsubsection{krb5\_verify\_init\_creds \sphinxhyphen{} Verify initial credentials against a keytab.} -\label{\detokenize{appdev/refs/api/krb5_verify_init_creds:krb5-verify-init-creds-verify-initial-credentials-against-a-keytab}}\label{\detokenize{appdev/refs/api/krb5_verify_init_creds::doc}}\index{krb5\_verify\_init\_creds (C function)@\spxentry{krb5\_verify\_init\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_verify_init_creds:c.krb5_verify_init_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_verify\_init\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{server}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_verify\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{options}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{creds} \sphinxhyphen{} Initial credentials to be verified - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Server principal (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table (NULL to use default keytab) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache for fetched creds (or NULL) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{options} \sphinxhyphen{} Verification options (NULL for default options) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function attempts to verify that \sphinxstyleemphasis{creds} were obtained from a KDC with knowledge of a key in \sphinxstyleemphasis{keytab} , or the default keytab if \sphinxstyleemphasis{keytab} is NULL. If \sphinxstyleemphasis{server} is provided, the highest\sphinxhyphen{}kvno key entry for that principal name is used to verify the credentials; otherwise, all uniqueâ€hostâ€service principals in the keytab are tried. - -\sphinxAtStartPar -If the specified keytab does not exist, or is empty, or cannot be read, or does not contain an entry for \sphinxstyleemphasis{server} , then credential verification may be skipped unless configuration demands that it succeed. The caller can control this behavior by providing a verification options structure; see krb5\_verify\_init\_creds\_opt\_init() and krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail(). - -\sphinxAtStartPar -If \sphinxstyleemphasis{ccache} is NULL, any additional credentials fetched during the verification process will be destroyed. If \sphinxstyleemphasis{ccache} points to NULL, a memory ccache will be created for the additional credentials and returned in \sphinxstyleemphasis{ccache} . If \sphinxstyleemphasis{ccache} points to a valid credential cache handle, the additional credentials will be stored in that cache. - - -\subsubsection{krb5\_verify\_init\_creds\_opt\_init \sphinxhyphen{} Initialize a credential verification options structure.} -\label{\detokenize{appdev/refs/api/krb5_verify_init_creds_opt_init:krb5-verify-init-creds-opt-init-initialize-a-credential-verification-options-structure}}\label{\detokenize{appdev/refs/api/krb5_verify_init_creds_opt_init::doc}}\index{krb5\_verify\_init\_creds\_opt\_init (C function)@\spxentry{krb5\_verify\_init\_creds\_opt\_init}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_verify_init_creds_opt_init:c.krb5_verify_init_creds_opt_init}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_verify\_init\_creds\_opt\_init}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_verify\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{k5\_vic\_options}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{k5\_vic\_options} \sphinxhyphen{} Verification options structure - -\end{description}\end{quote} - - -\subsubsection{krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail \sphinxhyphen{} Set whether credential verification is required.} -\label{\detokenize{appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail:krb5-verify-init-creds-opt-set-ap-req-nofail-set-whether-credential-verification-is-required}}\label{\detokenize{appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail::doc}}\index{krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail (C function)@\spxentry{krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_verify_init_creds_opt_set_ap_req_nofail:c.krb5_verify_init_creds_opt_set_ap_req_nofail}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_verify\_init\_creds\_opt\_set\_ap\_req\_nofail}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_verify\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{k5\_vic\_options}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{ap\_req\_nofail}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{k5\_vic\_options} \sphinxhyphen{} Verification options structure - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ap\_req\_nofail} \sphinxhyphen{} Whether to require successful verification - -\end{description}\end{quote} - -\sphinxAtStartPar -This function determines how krb5\_verify\_init\_creds() behaves if no keytab information is available. If \sphinxstyleemphasis{ap\_req\_nofail} is \sphinxstylestrong{FALSE} , verification will be skipped in this case and krb5\_verify\_init\_creds() will return successfully. If \sphinxstyleemphasis{ap\_req\_nofail} is \sphinxstylestrong{TRUE} , krb5\_verify\_init\_creds() will not return successfully unless verification can be performed. - -\sphinxAtStartPar -If this function is not used, the behavior of krb5\_verify\_init\_creds() is determined through configuration. - - -\subsubsection{krb5\_vprepend\_error\_message \sphinxhyphen{} Add a prefix to the message for an error code using a va\_list.} -\label{\detokenize{appdev/refs/api/krb5_vprepend_error_message:krb5-vprepend-error-message-add-a-prefix-to-the-message-for-an-error-code-using-a-va-list}}\label{\detokenize{appdev/refs/api/krb5_vprepend_error_message::doc}}\index{krb5\_vprepend\_error\_message (C function)@\spxentry{krb5\_vprepend\_error\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_vprepend_error_message:c.krb5_vprepend_error_message}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_vprepend\_error\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\DUrole{n}{code}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{fmt}, \DUrole{n}{va\_list}\DUrole{w}{ }\DUrole{n}{args}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{code} \sphinxhyphen{} Error code - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fmt} \sphinxhyphen{} Format string for error message prefix - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{args} \sphinxhyphen{} List of vprintf(3) style arguments - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is similar to krb5\_prepend\_error\_message(), but uses a va\_list instead of variadic arguments. - - -\subsubsection{krb5\_vset\_error\_message \sphinxhyphen{} Set an extended error message for an error code using a va\_list.} -\label{\detokenize{appdev/refs/api/krb5_vset_error_message:krb5-vset-error-message-set-an-extended-error-message-for-an-error-code-using-a-va-list}}\label{\detokenize{appdev/refs/api/krb5_vset_error_message::doc}}\index{krb5\_vset\_error\_message (C function)@\spxentry{krb5\_vset\_error\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_vset_error_message:c.krb5_vset_error_message}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_vset\_error\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\DUrole{n}{code}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{fmt}, \DUrole{n}{va\_list}\DUrole{w}{ }\DUrole{n}{args}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{code} \sphinxhyphen{} Error code - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fmt} \sphinxhyphen{} Error string for the error code - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{args} \sphinxhyphen{} List of vprintf(3) style arguments - -\end{description}\end{quote} - - -\subsubsection{krb5\_vwrap\_error\_message \sphinxhyphen{} Add a prefix to a different error code’s message using a va\_list.} -\label{\detokenize{appdev/refs/api/krb5_vwrap_error_message:krb5-vwrap-error-message-add-a-prefix-to-a-different-error-code-s-message-using-a-va-list}}\label{\detokenize{appdev/refs/api/krb5_vwrap_error_message::doc}}\index{krb5\_vwrap\_error\_message (C function)@\spxentry{krb5\_vwrap\_error\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_vwrap_error_message:c.krb5_vwrap_error_message}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_vwrap\_error\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\DUrole{n}{old\_code}, {\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\DUrole{n}{code}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{fmt}, \DUrole{n}{va\_list}\DUrole{w}{ }\DUrole{n}{args}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{old\_code} \sphinxhyphen{} Previous error code - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{code} \sphinxhyphen{} Error code - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fmt} \sphinxhyphen{} Format string for error message prefix - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{args} \sphinxhyphen{} List of vprintf(3) style arguments - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is similar to krb5\_wrap\_error\_message(), but uses a va\_list instead of variadic arguments. - - -\subsubsection{krb5\_wrap\_error\_message \sphinxhyphen{} Add a prefix to a different error code’s message.} -\label{\detokenize{appdev/refs/api/krb5_wrap_error_message:krb5-wrap-error-message-add-a-prefix-to-a-different-error-code-s-message}}\label{\detokenize{appdev/refs/api/krb5_wrap_error_message::doc}}\index{krb5\_wrap\_error\_message (C function)@\spxentry{krb5\_wrap\_error\_message}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_wrap_error_message:c.krb5_wrap_error_message}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_wrap\_error\_message}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{ctx}, {\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\DUrole{n}{old\_code}, {\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\DUrole{n}{code}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{fmt}, \DUrole{p}{...}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctx} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{old\_code} \sphinxhyphen{} Previous error code - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{code} \sphinxhyphen{} Error code - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fmt} \sphinxhyphen{} Format string for error message prefix - -\end{description}\end{quote} - -\sphinxAtStartPar -Format a message and prepend it to the message for \sphinxstyleemphasis{old\_code} . The prefix will be separated from the old message with a colon and space. Set the resulting message as the extended error message for \sphinxstyleemphasis{code} . - - -\subsection{Public interfaces that should not be called directly} -\label{\detokenize{appdev/refs/api/index:public-interfaces-that-should-not-be-called-directly}} - -\subsubsection{krb5\_c\_block\_size \sphinxhyphen{} Return cipher block size.} -\label{\detokenize{appdev/refs/api/krb5_c_block_size:krb5-c-block-size-return-cipher-block-size}}\label{\detokenize{appdev/refs/api/krb5_c_block_size::doc}}\index{krb5\_c\_block\_size (C function)@\spxentry{krb5\_c\_block\_size}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_block_size:c.krb5_c_block_size}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_block\_size}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{blocksize}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{blocksize} \sphinxhyphen{} Block size for \sphinxstyleemphasis{enctype} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_checksum\_length \sphinxhyphen{} Return the length of checksums for a checksum type.} -\label{\detokenize{appdev/refs/api/krb5_c_checksum_length:krb5-c-checksum-length-return-the-length-of-checksums-for-a-checksum-type}}\label{\detokenize{appdev/refs/api/krb5_c_checksum_length::doc}}\index{krb5\_c\_checksum\_length (C function)@\spxentry{krb5\_c\_checksum\_length}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_checksum_length:c.krb5_c_checksum_length}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_checksum\_length}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{cksumtype}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{length}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksumtype} \sphinxhyphen{} Checksum type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{length} \sphinxhyphen{} Checksum length - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_crypto\_length \sphinxhyphen{} Return a length of a message field specific to the encryption type.} -\label{\detokenize{appdev/refs/api/krb5_c_crypto_length:krb5-c-crypto-length-return-a-length-of-a-message-field-specific-to-the-encryption-type}}\label{\detokenize{appdev/refs/api/krb5_c_crypto_length::doc}}\index{krb5\_c\_crypto\_length (C function)@\spxentry{krb5\_c\_crypto\_length}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_crypto_length:c.krb5_c_crypto_length}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_crypto\_length}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, {\hyperref[\detokenize{appdev/refs/types/krb5_cryptotype:c.krb5_cryptotype}]{\sphinxcrossref{\DUrole{n}{krb5\_cryptotype}}}}\DUrole{w}{ }\DUrole{n}{type}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{size}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{type} \sphinxhyphen{} Type field (See KRB5\_CRYPTO\_TYPE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{size} \sphinxhyphen{} Length of the \sphinxstyleemphasis{type} specific to \sphinxstyleemphasis{enctype} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_crypto\_length\_iov \sphinxhyphen{} Fill in lengths for header, trailer and padding in a IOV array.} -\label{\detokenize{appdev/refs/api/krb5_c_crypto_length_iov:krb5-c-crypto-length-iov-fill-in-lengths-for-header-trailer-and-padding-in-a-iov-array}}\label{\detokenize{appdev/refs/api/krb5_c_crypto_length_iov::doc}}\index{krb5\_c\_crypto\_length\_iov (C function)@\spxentry{krb5\_c\_crypto\_length\_iov}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_crypto_length_iov:c.krb5_c_crypto_length_iov}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_crypto\_length\_iov}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, {\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{num\_data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{data} \sphinxhyphen{} IOV array - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{num\_data} \sphinxhyphen{} Size of \sphinxstyleemphasis{data} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Padding is set to the actual padding required based on the provided \sphinxstyleemphasis{data} buffers. Typically this API is used after setting up the data buffers and \#KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY buffers, but before actually allocating header, trailer and padding. - - -\subsubsection{krb5\_c\_decrypt \sphinxhyphen{} Decrypt data using a key (operates on keyblock).} -\label{\detokenize{appdev/refs/api/krb5_c_decrypt:krb5-c-decrypt-decrypt-data-using-a-key-operates-on-keyblock}}\label{\detokenize{appdev/refs/api/krb5_c_decrypt::doc}}\index{krb5\_c\_decrypt (C function)@\spxentry{krb5\_c\_decrypt}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_decrypt:c.krb5_c_decrypt}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_decrypt}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cipher\_state}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{input}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{output}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{cipher\_state} \sphinxhyphen{} Cipher state; specify NULL if not needed - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{input} \sphinxhyphen{} Encrypted data - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{output} \sphinxhyphen{} Decrypted data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function decrypts the data block \sphinxstyleemphasis{input} and stores the output into \sphinxstyleemphasis{output} . The actual decryption key will be derived from \sphinxstyleemphasis{key} and \sphinxstyleemphasis{usage} if key derivation is specified for the encryption type. If non\sphinxhyphen{}null, \sphinxstyleemphasis{cipher\_state} specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The caller must initialize \sphinxstyleemphasis{output} and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let krb5\_c\_decrypt() trim \sphinxstyleemphasis{output\sphinxhyphen{}\textgreater{}length} . For some enctypes, the resulting \sphinxstyleemphasis{output\sphinxhyphen{}\textgreater{}length} may include padding bytes. -\end{sphinxadmonition} - - -\subsubsection{krb5\_c\_decrypt\_iov \sphinxhyphen{} Decrypt data in place supporting AEAD (operates on keyblock).} -\label{\detokenize{appdev/refs/api/krb5_c_decrypt_iov:krb5-c-decrypt-iov-decrypt-data-in-place-supporting-aead-operates-on-keyblock}}\label{\detokenize{appdev/refs/api/krb5_c_decrypt_iov::doc}}\index{krb5\_c\_decrypt\_iov (C function)@\spxentry{krb5\_c\_decrypt\_iov}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_decrypt_iov:c.krb5_c_decrypt_iov}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_decrypt\_iov}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keyblock}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cipher\_state}, {\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{num\_data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keyblock} \sphinxhyphen{} Encryption key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cipher\_state} \sphinxhyphen{} Cipher state; specify NULL if not needed - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{data} \sphinxhyphen{} IOV array. Modified in\sphinxhyphen{}place. - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{num\_data} \sphinxhyphen{} Size of \sphinxstyleemphasis{data} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function decrypts the data block \sphinxstyleemphasis{data} and stores the output in\sphinxhyphen{}place. The actual decryption key will be derived from \sphinxstyleemphasis{keyblock} and \sphinxstyleemphasis{usage} if key derivation is specified for the encryption type. If non\sphinxhyphen{}null, \sphinxstyleemphasis{cipher\_state} specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5\_crypto\_iov structures before calling into this API. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_c\_decrypt\_iov() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -On return from a krb5\_c\_decrypt\_iov() call, the \sphinxstyleemphasis{data\sphinxhyphen{}\textgreater{}length} in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. -\end{sphinxadmonition} - - -\subsubsection{krb5\_c\_derive\_prfplus \sphinxhyphen{} Derive a key using some input data (via RFC 6113 PRF+).} -\label{\detokenize{appdev/refs/api/krb5_c_derive_prfplus:krb5-c-derive-prfplus-derive-a-key-using-some-input-data-via-rfc-6113-prf}}\label{\detokenize{appdev/refs/api/krb5_c_derive_prfplus::doc}}\index{krb5\_c\_derive\_prfplus (C function)@\spxentry{krb5\_c\_derive\_prfplus}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_derive_prfplus:c.krb5_c_derive_prfplus}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_derive\_prfplus}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{k}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{input}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{k} \sphinxhyphen{} KDC contribution key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{input} \sphinxhyphen{} Input string - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Output key enctype (or \sphinxstylestrong{ENCTYPE\_NULL} ) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out} \sphinxhyphen{} Derived keyblock - -\end{description}\end{quote} - -\sphinxAtStartPar -This function uses PRF+ as defined in RFC 6113 to derive a key from another key and an input string. If \sphinxstyleemphasis{enctype} is \sphinxstylestrong{ENCTYPE\_NULL} , the output key will have the same enctype as the input key. - - -\subsubsection{krb5\_c\_encrypt \sphinxhyphen{} Encrypt data using a key (operates on keyblock).} -\label{\detokenize{appdev/refs/api/krb5_c_encrypt:krb5-c-encrypt-encrypt-data-using-a-key-operates-on-keyblock}}\label{\detokenize{appdev/refs/api/krb5_c_encrypt::doc}}\index{krb5\_c\_encrypt (C function)@\spxentry{krb5\_c\_encrypt}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_encrypt:c.krb5_c_encrypt}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_encrypt}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cipher\_state}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{input}, {\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{output}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{cipher\_state} \sphinxhyphen{} Cipher state; specify NULL if not needed - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{input} \sphinxhyphen{} Data to be encrypted - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{output} \sphinxhyphen{} Encrypted data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function encrypts the data block \sphinxstyleemphasis{input} and stores the outputinto \sphinxstyleemphasis{output} . The actual encryption key will be derived from \sphinxstyleemphasis{key} and \sphinxstyleemphasis{usage} if key derivation is specified for the encryption type. If non\sphinxhyphen{}null, \sphinxstyleemphasis{cipher\_state} specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The caller must initialize \sphinxstyleemphasis{output} and allocate at least enough space for the result (using krb5\_c\_encrypt\_length() to determine the amount of space needed). \sphinxstyleemphasis{output\sphinxhyphen{}\textgreater{}length} will be set to the actual length of the ciphertext. -\end{sphinxadmonition} - - -\subsubsection{krb5\_c\_encrypt\_iov \sphinxhyphen{} Encrypt data in place supporting AEAD (operates on keyblock).} -\label{\detokenize{appdev/refs/api/krb5_c_encrypt_iov:krb5-c-encrypt-iov-encrypt-data-in-place-supporting-aead-operates-on-keyblock}}\label{\detokenize{appdev/refs/api/krb5_c_encrypt_iov::doc}}\index{krb5\_c\_encrypt\_iov (C function)@\spxentry{krb5\_c\_encrypt\_iov}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_encrypt_iov:c.krb5_c_encrypt_iov}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_encrypt\_iov}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keyblock}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cipher\_state}, {\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{num\_data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keyblock} \sphinxhyphen{} Encryption key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cipher\_state} \sphinxhyphen{} Cipher state; specify NULL if not needed - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{data} \sphinxhyphen{} IOV array. Modified in\sphinxhyphen{}place. - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{num\_data} \sphinxhyphen{} Size of \sphinxstyleemphasis{data} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function encrypts the data block \sphinxstyleemphasis{data} and stores the output in\sphinxhyphen{}place. The actual encryption key will be derived from \sphinxstyleemphasis{keyblock} and \sphinxstyleemphasis{usage} if key derivation is specified for the encryption type. If non\sphinxhyphen{}null, \sphinxstyleemphasis{cipher\_state} specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5\_crypto\_iov structures before calling into this API. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_c\_decrypt\_iov() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -On return from a krb5\_c\_encrypt\_iov() call, the \sphinxstyleemphasis{data\sphinxhyphen{}\textgreater{}length} in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. -\end{sphinxadmonition} - - -\subsubsection{krb5\_c\_encrypt\_length \sphinxhyphen{} Compute encrypted data length.} -\label{\detokenize{appdev/refs/api/krb5_c_encrypt_length:krb5-c-encrypt-length-compute-encrypted-data-length}}\label{\detokenize{appdev/refs/api/krb5_c_encrypt_length::doc}}\index{krb5\_c\_encrypt\_length (C function)@\spxentry{krb5\_c\_encrypt\_length}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_encrypt_length:c.krb5_c_encrypt_length}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_encrypt\_length}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{inputlen}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{length}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{inputlen} \sphinxhyphen{} Length of the data to be encrypted - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{length} \sphinxhyphen{} Length of the encrypted data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function computes the length of the ciphertext produced by encrypting \sphinxstyleemphasis{inputlen} bytes including padding, confounder, and checksum. - - -\subsubsection{krb5\_c\_enctype\_compare \sphinxhyphen{} Compare two encryption types.} -\label{\detokenize{appdev/refs/api/krb5_c_enctype_compare:krb5-c-enctype-compare-compare-two-encryption-types}}\label{\detokenize{appdev/refs/api/krb5_c_enctype_compare::doc}}\index{krb5\_c\_enctype\_compare (C function)@\spxentry{krb5\_c\_enctype\_compare}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_enctype_compare:c.krb5_c_enctype_compare}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_enctype\_compare}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{e1}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{e2}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{similar}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{e1} \sphinxhyphen{} First encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{e2} \sphinxhyphen{} Second encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{similar} \sphinxhyphen{} \sphinxstylestrong{TRUE} if types are similar, \sphinxstylestrong{FALSE} if not - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function determines whether two encryption types use the same kind of keys. - - -\subsubsection{krb5\_c\_free\_state \sphinxhyphen{} Free a cipher state previously allocated by krb5\_c\_init\_state().} -\label{\detokenize{appdev/refs/api/krb5_c_free_state:krb5-c-free-state-free-a-cipher-state-previously-allocated-by-krb5-c-init-state}}\label{\detokenize{appdev/refs/api/krb5_c_free_state::doc}}\index{krb5\_c\_free\_state (C function)@\spxentry{krb5\_c\_free\_state}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_free_state:c.krb5_c_free_state}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_free\_state}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{state}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{state} \sphinxhyphen{} Cipher state to be freed - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_fx\_cf2\_simple \sphinxhyphen{} Compute the KRB\sphinxhyphen{}FX\sphinxhyphen{}CF2 combination of two keys and pepper strings.} -\label{\detokenize{appdev/refs/api/krb5_c_fx_cf2_simple:krb5-c-fx-cf2-simple-compute-the-krb-fx-cf2-combination-of-two-keys-and-pepper-strings}}\label{\detokenize{appdev/refs/api/krb5_c_fx_cf2_simple::doc}}\index{krb5\_c\_fx\_cf2\_simple (C function)@\spxentry{krb5\_c\_fx\_cf2\_simple}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_fx_cf2_simple:c.krb5_c_fx_cf2_simple}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_fx\_cf2\_simple}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{k1}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pepper1}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{k2}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pepper2}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{k1} \sphinxhyphen{} KDC contribution key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pepper1} \sphinxhyphen{} Stringâ€PKINIT†- -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{k2} \sphinxhyphen{} Reply key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{pepper2} \sphinxhyphen{} Stringâ€KeyExchange†- -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out} \sphinxhyphen{} Output key - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function computes the KRB\sphinxhyphen{}FX\sphinxhyphen{}CF2 function over its inputs and places the results in a newly allocated keyblock. This function is simple in that it assumes that \sphinxstyleemphasis{pepper1} and \sphinxstyleemphasis{pepper2} are C strings with no internal nulls and that the enctype of the result will be the same as that of \sphinxstyleemphasis{k1} . \sphinxstyleemphasis{k1} and \sphinxstyleemphasis{k2} may be of different enctypes. - - -\subsubsection{krb5\_c\_init\_state \sphinxhyphen{} Initialize a new cipher state.} -\label{\detokenize{appdev/refs/api/krb5_c_init_state:krb5-c-init-state-initialize-a-new-cipher-state}}\label{\detokenize{appdev/refs/api/krb5_c_init_state::doc}}\index{krb5\_c\_init\_state (C function)@\spxentry{krb5\_c\_init\_state}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_init_state:c.krb5_c_init_state}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_init\_state}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{new\_state}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{new\_state} \sphinxhyphen{} New cipher state - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_is\_coll\_proof\_cksum \sphinxhyphen{} Test whether a checksum type is collision\sphinxhyphen{}proof.} -\label{\detokenize{appdev/refs/api/krb5_c_is_coll_proof_cksum:krb5-c-is-coll-proof-cksum-test-whether-a-checksum-type-is-collision-proof}}\label{\detokenize{appdev/refs/api/krb5_c_is_coll_proof_cksum::doc}}\index{krb5\_c\_is\_coll\_proof\_cksum (C function)@\spxentry{krb5\_c\_is\_coll\_proof\_cksum}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_is_coll_proof_cksum:c.krb5_c_is_coll_proof_cksum}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_is\_coll\_proof\_cksum}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{ctype}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctype} \sphinxhyphen{} Checksum type - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if ctype is collision\sphinxhyphen{}proof, FALSE if it is not collision\sphinxhyphen{}proof or not a valid checksum type. - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_is\_keyed\_cksum \sphinxhyphen{} Test whether a checksum type is keyed.} -\label{\detokenize{appdev/refs/api/krb5_c_is_keyed_cksum:krb5-c-is-keyed-cksum-test-whether-a-checksum-type-is-keyed}}\label{\detokenize{appdev/refs/api/krb5_c_is_keyed_cksum::doc}}\index{krb5\_c\_is\_keyed\_cksum (C function)@\spxentry{krb5\_c\_is\_keyed\_cksum}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_is_keyed_cksum:c.krb5_c_is_keyed_cksum}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_is\_keyed\_cksum}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{ctype}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctype} \sphinxhyphen{} Checksum type - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if ctype is a keyed checksum type, FALSE otherwise. - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_keyed\_checksum\_types \sphinxhyphen{} Return a list of keyed checksum types usable with an encryption type.} -\label{\detokenize{appdev/refs/api/krb5_c_keyed_checksum_types:krb5-c-keyed-checksum-types-return-a-list-of-keyed-checksum-types-usable-with-an-encryption-type}}\label{\detokenize{appdev/refs/api/krb5_c_keyed_checksum_types::doc}}\index{krb5\_c\_keyed\_checksum\_types (C function)@\spxentry{krb5\_c\_keyed\_checksum\_types}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_keyed_checksum_types:c.krb5_c_keyed_checksum_types}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_keyed\_checksum\_types}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{count}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{cksumtypes}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{count} \sphinxhyphen{} Count of allowable checksum types - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cksumtypes} \sphinxhyphen{} Array of allowable checksum types - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_cksumtypes() to free \sphinxstyleemphasis{cksumtypes} when it is no longer needed. - - -\subsubsection{krb5\_c\_keylengths \sphinxhyphen{} Return length of the specified key in bytes.} -\label{\detokenize{appdev/refs/api/krb5_c_keylengths:krb5-c-keylengths-return-length-of-the-specified-key-in-bytes}}\label{\detokenize{appdev/refs/api/krb5_c_keylengths::doc}}\index{krb5\_c\_keylengths (C function)@\spxentry{krb5\_c\_keylengths}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_keylengths:c.krb5_c_keylengths}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_keylengths}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keybytes}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keylength}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{keybytes} \sphinxhyphen{} Number of bytes required to make a key - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{keylength} \sphinxhyphen{} Length of final key - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_make\_checksum \sphinxhyphen{} Compute a checksum (operates on keyblock).} -\label{\detokenize{appdev/refs/api/krb5_c_make_checksum:krb5-c-make-checksum-compute-a-checksum-operates-on-keyblock}}\label{\detokenize{appdev/refs/api/krb5_c_make_checksum::doc}}\index{krb5\_c\_make\_checksum (C function)@\spxentry{krb5\_c\_make\_checksum}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_make_checksum:c.krb5_c_make_checksum}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_make\_checksum}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{cksumtype}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{input}, {\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cksum}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksumtype} \sphinxhyphen{} Checksum type (0 for mandatory type) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key for a keyed checksum - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{input} \sphinxhyphen{} Input data - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cksum} \sphinxhyphen{} Generated checksum - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function computes a checksum of type \sphinxstyleemphasis{cksumtype} over \sphinxstyleemphasis{input} , using \sphinxstyleemphasis{key} if the checksum type is a keyed checksum. If \sphinxstyleemphasis{cksumtype} is 0 and \sphinxstyleemphasis{key} is non\sphinxhyphen{}null, the checksum type will be the mandatory\sphinxhyphen{}to\sphinxhyphen{}implement checksum type for the key’s encryption type. The actual checksum key will be derived from \sphinxstyleemphasis{key} and \sphinxstyleemphasis{usage} if key derivation is specified for the checksum type. The newly created \sphinxstyleemphasis{cksum} must be released by calling krb5\_free\_checksum\_contents() when it is no longer needed. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_c\_verify\_checksum() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function is similar to krb5\_k\_make\_checksum(), but operates on keyblock \sphinxstyleemphasis{key} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_c\_make\_checksum\_iov \sphinxhyphen{} Fill in a checksum element in IOV array (operates on keyblock)} -\label{\detokenize{appdev/refs/api/krb5_c_make_checksum_iov:krb5-c-make-checksum-iov-fill-in-a-checksum-element-in-iov-array-operates-on-keyblock}}\label{\detokenize{appdev/refs/api/krb5_c_make_checksum_iov::doc}}\index{krb5\_c\_make\_checksum\_iov (C function)@\spxentry{krb5\_c\_make\_checksum\_iov}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_make_checksum_iov:c.krb5_c_make_checksum_iov}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_make\_checksum\_iov}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{cksumtype}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, {\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{num\_data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksumtype} \sphinxhyphen{} Checksum type (0 for mandatory type) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key for a keyed checksum - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{data} \sphinxhyphen{} IOV array - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{num\_data} \sphinxhyphen{} Size of \sphinxstyleemphasis{data} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Create a checksum in the \#KRB5\_CRYPTO\_TYPE\_CHECKSUM element over \#KRB5\_CRYPTO\_TYPE\_DATA and \#KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY chunks in \sphinxstyleemphasis{data} . Only the \#KRB5\_CRYPTO\_TYPE\_CHECKSUM region is modified. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_c\_verify\_checksum\_iov() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function is similar to krb5\_k\_make\_checksum\_iov(), but operates on keyblock \sphinxstyleemphasis{key} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_c\_make\_random\_key \sphinxhyphen{} Generate an enctype\sphinxhyphen{}specific random encryption key.} -\label{\detokenize{appdev/refs/api/krb5_c_make_random_key:krb5-c-make-random-key-generate-an-enctype-specific-random-encryption-key}}\label{\detokenize{appdev/refs/api/krb5_c_make_random_key::doc}}\index{krb5\_c\_make\_random\_key (C function)@\spxentry{krb5\_c\_make\_random\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_make_random_key:c.krb5_c_make_random_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_make\_random\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{k5\_random\_key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type of the generated key - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{k5\_random\_key} \sphinxhyphen{} An allocated and initialized keyblock - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_keyblock\_contents() to free \sphinxstyleemphasis{k5\_random\_key} when no longer needed. - - -\subsubsection{krb5\_c\_padding\_length \sphinxhyphen{} Return a number of padding octets.} -\label{\detokenize{appdev/refs/api/krb5_c_padding_length:krb5-c-padding-length-return-a-number-of-padding-octets}}\label{\detokenize{appdev/refs/api/krb5_c_padding_length::doc}}\index{krb5\_c\_padding\_length (C function)@\spxentry{krb5\_c\_padding\_length}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_padding_length:c.krb5_c_padding_length}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_padding\_length}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{data\_length}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{size}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data\_length} \sphinxhyphen{} Length of the plaintext to pad - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{size} \sphinxhyphen{} Number of padding octets - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} KRB5\_BAD\_ENCTYPE - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function returns the number of the padding octets required to pad \sphinxstyleemphasis{data\_length} octets of plaintext. - - -\subsubsection{krb5\_c\_prf \sphinxhyphen{} Generate enctype\sphinxhyphen{}specific pseudo\sphinxhyphen{}random bytes.} -\label{\detokenize{appdev/refs/api/krb5_c_prf:krb5-c-prf-generate-enctype-specific-pseudo-random-bytes}}\label{\detokenize{appdev/refs/api/krb5_c_prf::doc}}\index{krb5\_c\_prf (C function)@\spxentry{krb5\_c\_prf}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_prf:c.krb5_c_prf}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_prf}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keyblock}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{input}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{output}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keyblock} \sphinxhyphen{} Key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{input} \sphinxhyphen{} Input data - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{output} \sphinxhyphen{} Output data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function selects a pseudo\sphinxhyphen{}random function based on \sphinxstyleemphasis{keyblock} and computes its value over \sphinxstyleemphasis{input} , placing the result into \sphinxstyleemphasis{output} . The caller must preinitialize \sphinxstyleemphasis{output} and allocate space for the result, using krb5\_c\_prf\_length() to determine the required length. - - -\subsubsection{krb5\_c\_prfplus \sphinxhyphen{} Generate pseudo\sphinxhyphen{}random bytes using RFC 6113 PRF+.} -\label{\detokenize{appdev/refs/api/krb5_c_prfplus:krb5-c-prfplus-generate-pseudo-random-bytes-using-rfc-6113-prf}}\label{\detokenize{appdev/refs/api/krb5_c_prfplus::doc}}\index{krb5\_c\_prfplus (C function)@\spxentry{krb5\_c\_prfplus}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_prfplus:c.krb5_c_prfplus}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_prfplus}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{k}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{input}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{output}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{k} \sphinxhyphen{} KDC contribution key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{input} \sphinxhyphen{} Input data - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{output} \sphinxhyphen{} Pseudo\sphinxhyphen{}random output buffer - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 on success, E2BIG if output\sphinxhyphen{}\textgreater{}length is too large for PRF+ to generate, ENOMEM on allocation failure, or an error code from krb5\_c\_prf() - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function fills \sphinxstyleemphasis{output} with PRF+(k, input) as defined in RFC 6113 section 5.1. The caller must preinitialize \sphinxstyleemphasis{output} and allocate the desired amount of space. The length of the pseudo\sphinxhyphen{}random output will match the length of \sphinxstyleemphasis{output} . - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -RFC 4402 defines a different PRF+ operation. This function does not implement that operation. -\end{sphinxadmonition} - - -\subsubsection{krb5\_c\_prf\_length \sphinxhyphen{} Get the output length of pseudo\sphinxhyphen{}random functions for an encryption type.} -\label{\detokenize{appdev/refs/api/krb5_c_prf_length:krb5-c-prf-length-get-the-output-length-of-pseudo-random-functions-for-an-encryption-type}}\label{\detokenize{appdev/refs/api/krb5_c_prf_length::doc}}\index{krb5\_c\_prf\_length (C function)@\spxentry{krb5\_c\_prf\_length}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_prf_length:c.krb5_c_prf_length}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_prf\_length}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{len}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{len} \sphinxhyphen{} Length of PRF output - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_random\_add\_entropy} -\label{\detokenize{appdev/refs/api/krb5_c_random_add_entropy:krb5-c-random-add-entropy}}\label{\detokenize{appdev/refs/api/krb5_c_random_add_entropy::doc}}\index{krb5\_c\_random\_add\_entropy (C function)@\spxentry{krb5\_c\_random\_add\_entropy}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_random_add_entropy:c.krb5_c_random_add_entropy}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_random\_add\_entropy}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{randsource}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{randsource} - -\sphinxAtStartPar -\sphinxstylestrong{data} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED This call is no longer necessary. - - -\subsubsection{krb5\_c\_random\_make\_octets \sphinxhyphen{} Generate pseudo\sphinxhyphen{}random bytes.} -\label{\detokenize{appdev/refs/api/krb5_c_random_make_octets:krb5-c-random-make-octets-generate-pseudo-random-bytes}}\label{\detokenize{appdev/refs/api/krb5_c_random_make_octets::doc}}\index{krb5\_c\_random\_make\_octets (C function)@\spxentry{krb5\_c\_random\_make\_octets}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_random_make_octets:c.krb5_c_random_make_octets}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_random\_make\_octets}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{data} \sphinxhyphen{} Random data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Fills in \sphinxstyleemphasis{data} with bytes from the PRNG used by krb5 crypto operations. The caller must preinitialize \sphinxstyleemphasis{data} and allocate the desired amount of space. - - -\subsubsection{krb5\_c\_random\_os\_entropy} -\label{\detokenize{appdev/refs/api/krb5_c_random_os_entropy:krb5-c-random-os-entropy}}\label{\detokenize{appdev/refs/api/krb5_c_random_os_entropy::doc}}\index{krb5\_c\_random\_os\_entropy (C function)@\spxentry{krb5\_c\_random\_os\_entropy}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_random_os_entropy:c.krb5_c_random_os_entropy}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_random\_os\_entropy}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{strong}, \DUrole{kt}{int}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{success}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{strong} - -\sphinxAtStartPar -\sphinxstylestrong{success} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED This call is no longer necessary. - - -\subsubsection{krb5\_c\_random\_to\_key \sphinxhyphen{} Generate an enctype\sphinxhyphen{}specific key from random data.} -\label{\detokenize{appdev/refs/api/krb5_c_random_to_key:krb5-c-random-to-key-generate-an-enctype-specific-key-from-random-data}}\label{\detokenize{appdev/refs/api/krb5_c_random_to_key::doc}}\index{krb5\_c\_random\_to\_key (C function)@\spxentry{krb5\_c\_random\_to\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_random_to_key:c.krb5_c_random_to_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_random\_to\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{random\_data}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{k5\_random\_key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{random\_data} \sphinxhyphen{} Random input data - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{k5\_random\_key} \sphinxhyphen{} Resulting key - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function takes random input data \sphinxstyleemphasis{random\_data} and produces a valid key \sphinxstyleemphasis{k5\_random\_key} for a given \sphinxstyleemphasis{enctype} . - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_c\_keylengths() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -It is assumed that \sphinxstyleemphasis{k5\_random\_key} has already been initialized and \sphinxstyleemphasis{k5\_random\_key\sphinxhyphen{}\textgreater{}contents} has been allocated with the correct length. -\end{sphinxadmonition} - - -\subsubsection{krb5\_c\_string\_to\_key \sphinxhyphen{} Convert a string (such a password) to a key.} -\label{\detokenize{appdev/refs/api/krb5_c_string_to_key:krb5-c-string-to-key-convert-a-string-such-a-password-to-a-key}}\label{\detokenize{appdev/refs/api/krb5_c_string_to_key::doc}}\index{krb5\_c\_string\_to\_key (C function)@\spxentry{krb5\_c\_string\_to\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_string_to_key:c.krb5_c_string_to_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_string\_to\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{string}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{salt}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{string} \sphinxhyphen{} String to be converted - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{salt} \sphinxhyphen{} Salt value - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{key} \sphinxhyphen{} Generated key - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function converts \sphinxstyleemphasis{string} to a \sphinxstyleemphasis{key} of encryption type \sphinxstyleemphasis{enctype} , using the specified \sphinxstyleemphasis{salt} . The newly created \sphinxstyleemphasis{key} must be released by calling krb5\_free\_keyblock\_contents() when it is no longer needed. - - -\subsubsection{krb5\_c\_string\_to\_key\_with\_params \sphinxhyphen{} Convert a string (such as a password) to a key with additional parameters.} -\label{\detokenize{appdev/refs/api/krb5_c_string_to_key_with_params:krb5-c-string-to-key-with-params-convert-a-string-such-as-a-password-to-a-key-with-additional-parameters}}\label{\detokenize{appdev/refs/api/krb5_c_string_to_key_with_params::doc}}\index{krb5\_c\_string\_to\_key\_with\_params (C function)@\spxentry{krb5\_c\_string\_to\_key\_with\_params}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_string_to_key_with_params:c.krb5_c_string_to_key_with_params}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_string\_to\_key\_with\_params}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{string}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{salt}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{params}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{string} \sphinxhyphen{} String to be converted - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{salt} \sphinxhyphen{} Salt value - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{params} \sphinxhyphen{} Parameters - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{key} \sphinxhyphen{} Generated key - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is similar to krb5\_c\_string\_to\_key(), but also takes parameters which may affect the algorithm in an enctype\sphinxhyphen{}dependent way. The newly created \sphinxstyleemphasis{key} must be released by calling krb5\_free\_keyblock\_contents() when it is no longer needed. - - -\subsubsection{krb5\_c\_valid\_cksumtype \sphinxhyphen{} Verify that specified checksum type is a valid Kerberos checksum type.} -\label{\detokenize{appdev/refs/api/krb5_c_valid_cksumtype:krb5-c-valid-cksumtype-verify-that-specified-checksum-type-is-a-valid-kerberos-checksum-type}}\label{\detokenize{appdev/refs/api/krb5_c_valid_cksumtype::doc}}\index{krb5\_c\_valid\_cksumtype (C function)@\spxentry{krb5\_c\_valid\_cksumtype}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_valid_cksumtype:c.krb5_c_valid_cksumtype}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_valid\_cksumtype}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{ctype}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ctype} \sphinxhyphen{} Checksum type - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if ctype is valid, FALSE if not - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_valid\_enctype \sphinxhyphen{} Verify that a specified encryption type is a valid Kerberos encryption type.} -\label{\detokenize{appdev/refs/api/krb5_c_valid_enctype:krb5-c-valid-enctype-verify-that-a-specified-encryption-type-is-a-valid-kerberos-encryption-type}}\label{\detokenize{appdev/refs/api/krb5_c_valid_enctype::doc}}\index{krb5\_c\_valid\_enctype (C function)@\spxentry{krb5\_c\_valid\_enctype}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_valid_enctype:c.krb5_c_valid_enctype}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_valid\_enctype}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{ktype}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ktype} \sphinxhyphen{} Encryption type - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{return}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -TRUE if ktype is valid, FALSE if not - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_c\_verify\_checksum \sphinxhyphen{} Verify a checksum (operates on keyblock).} -\label{\detokenize{appdev/refs/api/krb5_c_verify_checksum:krb5-c-verify-checksum-verify-a-checksum-operates-on-keyblock}}\label{\detokenize{appdev/refs/api/krb5_c_verify_checksum::doc}}\index{krb5\_c\_verify\_checksum (C function)@\spxentry{krb5\_c\_verify\_checksum}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_verify_checksum:c.krb5_c_verify_checksum}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_verify\_checksum}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cksum}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{valid}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key for a keyed checksum - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} \sphinxstyleemphasis{key} usage - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} Data to be used to compute a new checksum using \sphinxstyleemphasis{key} to compare \sphinxstyleemphasis{cksum} against - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksum} \sphinxhyphen{} Checksum to be verified - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{valid} \sphinxhyphen{} Non\sphinxhyphen{}zero for success, zero for failure - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function verifies that \sphinxstyleemphasis{cksum} is a valid checksum for \sphinxstyleemphasis{data} . If the checksum type of \sphinxstyleemphasis{cksum} is a keyed checksum, \sphinxstyleemphasis{key} is used to verify the checksum. If the checksum type in \sphinxstyleemphasis{cksum} is 0 and \sphinxstyleemphasis{key} is not NULL, the mandatory checksum type for \sphinxstyleemphasis{key} will be used. The actual checksum key will be derived from \sphinxstyleemphasis{key} and \sphinxstyleemphasis{usage} if key derivation is specified for the checksum type. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function is similar to krb5\_k\_verify\_checksum(), but operates on keyblock \sphinxstyleemphasis{key} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_c\_verify\_checksum\_iov \sphinxhyphen{} Validate a checksum element in IOV array (operates on keyblock).} -\label{\detokenize{appdev/refs/api/krb5_c_verify_checksum_iov:krb5-c-verify-checksum-iov-validate-a-checksum-element-in-iov-array-operates-on-keyblock}}\label{\detokenize{appdev/refs/api/krb5_c_verify_checksum_iov::doc}}\index{krb5\_c\_verify\_checksum\_iov (C function)@\spxentry{krb5\_c\_verify\_checksum\_iov}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_verify_checksum_iov:c.krb5_c_verify_checksum_iov}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_verify\_checksum\_iov}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{cksumtype}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{num\_data}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{valid}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksumtype} \sphinxhyphen{} Checksum type (0 for mandatory type) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key for a keyed checksum - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} IOV array - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{num\_data} \sphinxhyphen{} Size of \sphinxstyleemphasis{data} - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{valid} \sphinxhyphen{} Non\sphinxhyphen{}zero for success, zero for failure - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Confirm that the checksum in the \#KRB5\_CRYPTO\_TYPE\_CHECKSUM element is a valid checksum of the \#KRB5\_CRYPTO\_TYPE\_DATA and \#KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY regions in the iov. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_c\_make\_checksum\_iov() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function is similar to krb5\_k\_verify\_checksum\_iov(), but operates on keyblock \sphinxstyleemphasis{key} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_cksumtype\_to\_string \sphinxhyphen{} Convert a checksum type to a string.} -\label{\detokenize{appdev/refs/api/krb5_cksumtype_to_string:krb5-cksumtype-to-string-convert-a-checksum-type-to-a-string}}\label{\detokenize{appdev/refs/api/krb5_cksumtype_to_string::doc}}\index{krb5\_cksumtype\_to\_string (C function)@\spxentry{krb5\_cksumtype\_to\_string}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cksumtype_to_string:c.krb5_cksumtype_to_string}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cksumtype\_to\_string}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{cksumtype}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{buffer}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{buflen}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksumtype} \sphinxhyphen{} Checksum type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{buffer} \sphinxhyphen{} Buffer to hold converted checksum type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{buflen} \sphinxhyphen{} Storage available in \sphinxstyleemphasis{buffer} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_decode\_authdata\_container \sphinxhyphen{} Unwrap authorization data.} -\label{\detokenize{appdev/refs/api/krb5_decode_authdata_container:krb5-decode-authdata-container-unwrap-authorization-data}}\label{\detokenize{appdev/refs/api/krb5_decode_authdata_container::doc}}\index{krb5\_decode\_authdata\_container (C function)@\spxentry{krb5\_decode\_authdata\_container}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_decode_authdata_container:c.krb5_decode_authdata_container}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_decode\_authdata\_container}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdatatype:c.krb5_authdatatype}]{\sphinxcrossref{\DUrole{n}{krb5\_authdatatype}}}}\DUrole{w}{ }\DUrole{n}{type}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{container}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{authdata}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{type} \sphinxhyphen{} Container type (see KRB5\_AUTHDATA macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{container} \sphinxhyphen{} Authorization data to be decoded - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{authdata} \sphinxhyphen{} List of decoded authorization data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_encode\_authdata\_container() - - - - -\subsubsection{krb5\_decode\_ticket \sphinxhyphen{} Decode an ASN.1\sphinxhyphen{}formatted ticket.} -\label{\detokenize{appdev/refs/api/krb5_decode_ticket:krb5-decode-ticket-decode-an-asn-1-formatted-ticket}}\label{\detokenize{appdev/refs/api/krb5_decode_ticket::doc}}\index{krb5\_decode\_ticket (C function)@\spxentry{krb5\_decode\_ticket}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_decode_ticket:c.krb5_decode_ticket}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_decode\_ticket}}}}{\DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{code}, {\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{rep}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{code} \sphinxhyphen{} ASN.1\sphinxhyphen{}formatted ticket - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rep} \sphinxhyphen{} Decoded ticket information - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_deltat\_to\_string \sphinxhyphen{} Convert a relative time value to a string.} -\label{\detokenize{appdev/refs/api/krb5_deltat_to_string:krb5-deltat-to-string-convert-a-relative-time-value-to-a-string}}\label{\detokenize{appdev/refs/api/krb5_deltat_to_string::doc}}\index{krb5\_deltat\_to\_string (C function)@\spxentry{krb5\_deltat\_to\_string}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_deltat_to_string:c.krb5_deltat_to_string}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_deltat\_to\_string}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_deltat:c.krb5_deltat}]{\sphinxcrossref{\DUrole{n}{krb5\_deltat}}}}\DUrole{w}{ }\DUrole{n}{deltat}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{buffer}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{buflen}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{deltat} \sphinxhyphen{} Relative time value to convert - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{buffer} \sphinxhyphen{} Buffer to hold time string - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{buflen} \sphinxhyphen{} Storage available in \sphinxstyleemphasis{buffer} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_encode\_authdata\_container \sphinxhyphen{} Wrap authorization data in a container.} -\label{\detokenize{appdev/refs/api/krb5_encode_authdata_container:krb5-encode-authdata-container-wrap-authorization-data-in-a-container}}\label{\detokenize{appdev/refs/api/krb5_encode_authdata_container::doc}}\index{krb5\_encode\_authdata\_container (C function)@\spxentry{krb5\_encode\_authdata\_container}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_encode_authdata_container:c.krb5_encode_authdata_container}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_encode\_authdata\_container}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdatatype:c.krb5_authdatatype}]{\sphinxcrossref{\DUrole{n}{krb5\_authdatatype}}}}\DUrole{w}{ }\DUrole{n}{type}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{authdata}, {\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{container}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{type} \sphinxhyphen{} Container type (see KRB5\_AUTHDATA macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{authdata} \sphinxhyphen{} List of authorization data to be encoded - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{container} \sphinxhyphen{} List of encoded authorization data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -The result is returned in \sphinxstyleemphasis{container} as a single\sphinxhyphen{}element list. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_decode\_authdata\_container() - - - - -\subsubsection{krb5\_enctype\_to\_name \sphinxhyphen{} Convert an encryption type to a name or alias.} -\label{\detokenize{appdev/refs/api/krb5_enctype_to_name:krb5-enctype-to-name-convert-an-encryption-type-to-a-name-or-alias}}\label{\detokenize{appdev/refs/api/krb5_enctype_to_name::doc}}\index{krb5\_enctype\_to\_name (C function)@\spxentry{krb5\_enctype\_to\_name}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_enctype_to_name:c.krb5_enctype_to_name}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_enctype\_to\_name}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{n}{shortest}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{buffer}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{buflen}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{shortest} \sphinxhyphen{} Flag - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{buffer} \sphinxhyphen{} Buffer to hold encryption type string - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{buflen} \sphinxhyphen{} Storage available in \sphinxstyleemphasis{buffer} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -If \sphinxstyleemphasis{shortest} is FALSE, this function returns the enctype’s canonical name (likeâ€aes128\sphinxhyphen{}cts\sphinxhyphen{}hmac\sphinxhyphen{}sha1\sphinxhyphen{}96â€). If \sphinxstyleemphasis{shortest} is TRUE, it return the enctype’s shortest alias (likeâ€aes128\sphinxhyphen{}ctsâ€). - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -New in 1.9 -\end{sphinxadmonition} - - -\subsubsection{krb5\_enctype\_to\_string \sphinxhyphen{} Convert an encryption type to a string.} -\label{\detokenize{appdev/refs/api/krb5_enctype_to_string:krb5-enctype-to-string-convert-an-encryption-type-to-a-string}}\label{\detokenize{appdev/refs/api/krb5_enctype_to_string::doc}}\index{krb5\_enctype\_to\_string (C function)@\spxentry{krb5\_enctype\_to\_string}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_enctype_to_string:c.krb5_enctype_to_string}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_enctype\_to\_string}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{buffer}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{buflen}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{enctype} \sphinxhyphen{} Encryption type - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{buffer} \sphinxhyphen{} Buffer to hold encryption type string - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{buflen} \sphinxhyphen{} Storage available in \sphinxstyleemphasis{buffer} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - - -\subsubsection{krb5\_free\_checksum \sphinxhyphen{} Free a krb5\_checksum structure.} -\label{\detokenize{appdev/refs/api/krb5_free_checksum:krb5-free-checksum-free-a-krb5-checksum-structure}}\label{\detokenize{appdev/refs/api/krb5_free_checksum::doc}}\index{krb5\_free\_checksum (C function)@\spxentry{krb5\_free\_checksum}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_checksum:c.krb5_free_checksum}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_checksum}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Checksum structure to be freed - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} and the structure itself. - - -\subsubsection{krb5\_free\_checksum\_contents \sphinxhyphen{} Free the contents of a krb5\_checksum structure.} -\label{\detokenize{appdev/refs/api/krb5_free_checksum_contents:krb5-free-checksum-contents-free-the-contents-of-a-krb5-checksum-structure}}\label{\detokenize{appdev/refs/api/krb5_free_checksum_contents::doc}}\index{krb5\_free\_checksum\_contents (C function)@\spxentry{krb5\_free\_checksum\_contents}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_checksum_contents:c.krb5_free_checksum_contents}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_checksum\_contents}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Checksum structure to free contents of - -\end{description}\end{quote} - -\sphinxAtStartPar -This function frees the contents of \sphinxstyleemphasis{val} , but not the structure itself. It sets the checksum’s data pointer to null and (beginning in release 1.19) sets its length to zero. - - -\subsubsection{krb5\_free\_cksumtypes \sphinxhyphen{} Free an array of checksum types.} -\label{\detokenize{appdev/refs/api/krb5_free_cksumtypes:krb5-free-cksumtypes-free-an-array-of-checksum-types}}\label{\detokenize{appdev/refs/api/krb5_free_cksumtypes::doc}}\index{krb5\_free\_cksumtypes (C function)@\spxentry{krb5\_free\_cksumtypes}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_cksumtypes:c.krb5_free_cksumtypes}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_cksumtypes}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{val}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{val} \sphinxhyphen{} Array of checksum types to be freed - -\end{description}\end{quote} - - -\subsubsection{krb5\_free\_tgt\_creds \sphinxhyphen{} Free an array of credential structures.} -\label{\detokenize{appdev/refs/api/krb5_free_tgt_creds:krb5-free-tgt-creds-free-an-array-of-credential-structures}}\label{\detokenize{appdev/refs/api/krb5_free_tgt_creds::doc}}\index{krb5\_free\_tgt\_creds (C function)@\spxentry{krb5\_free\_tgt\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_free_tgt_creds:c.krb5_free_tgt_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_free\_tgt\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{tgts}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{tgts} \sphinxhyphen{} Null\sphinxhyphen{}terminated array of credentials to free - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The last entry in the array \sphinxstyleemphasis{tgts} must be a NULL pointer. -\end{sphinxadmonition} - - -\subsubsection{krb5\_k\_create\_key \sphinxhyphen{} Create a krb5\_key from the enctype and key data in a keyblock.} -\label{\detokenize{appdev/refs/api/krb5_k_create_key:krb5-k-create-key-create-a-krb5-key-from-the-enctype-and-key-data-in-a-keyblock}}\label{\detokenize{appdev/refs/api/krb5_k_create_key::doc}}\index{krb5\_k\_create\_key (C function)@\spxentry{krb5\_k\_create\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_create_key:c.krb5_k_create_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_create\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key\_data}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{out}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key\_data} \sphinxhyphen{} Keyblock - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out} \sphinxhyphen{} Opaque key - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} KRB5\_BAD\_ENCTYPE - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -The reference count on a key \sphinxstyleemphasis{out} is set to 1. Use krb5\_k\_free\_key() to free \sphinxstyleemphasis{out} when it is no longer needed. - - -\subsubsection{krb5\_k\_decrypt \sphinxhyphen{} Decrypt data using a key (operates on opaque key).} -\label{\detokenize{appdev/refs/api/krb5_k_decrypt:krb5-k-decrypt-decrypt-data-using-a-key-operates-on-opaque-key}}\label{\detokenize{appdev/refs/api/krb5_k_decrypt::doc}}\index{krb5\_k\_decrypt (C function)@\spxentry{krb5\_k\_decrypt}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_decrypt:c.krb5_k_decrypt}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_decrypt}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cipher\_state}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{input}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{output}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{cipher\_state} \sphinxhyphen{} Cipher state; specify NULL if not needed - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{input} \sphinxhyphen{} Encrypted data - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{output} \sphinxhyphen{} Decrypted data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function decrypts the data block \sphinxstyleemphasis{input} and stores the output into \sphinxstyleemphasis{output} . The actual decryption key will be derived from \sphinxstyleemphasis{key} and \sphinxstyleemphasis{usage} if key derivation is specified for the encryption type. If non\sphinxhyphen{}null, \sphinxstyleemphasis{cipher\_state} specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The caller must initialize \sphinxstyleemphasis{output} and allocate at least enough space for the result. The usual practice is to allocate an output buffer as long as the ciphertext, and let krb5\_c\_decrypt() trim \sphinxstyleemphasis{output\sphinxhyphen{}\textgreater{}length} . For some enctypes, the resulting \sphinxstyleemphasis{output\sphinxhyphen{}\textgreater{}length} may include padding bytes. -\end{sphinxadmonition} - - -\subsubsection{krb5\_k\_decrypt\_iov \sphinxhyphen{} Decrypt data in place supporting AEAD (operates on opaque key).} -\label{\detokenize{appdev/refs/api/krb5_k_decrypt_iov:krb5-k-decrypt-iov-decrypt-data-in-place-supporting-aead-operates-on-opaque-key}}\label{\detokenize{appdev/refs/api/krb5_k_decrypt_iov::doc}}\index{krb5\_k\_decrypt\_iov (C function)@\spxentry{krb5\_k\_decrypt\_iov}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_decrypt_iov:c.krb5_k_decrypt_iov}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_decrypt\_iov}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cipher\_state}, {\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{num\_data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cipher\_state} \sphinxhyphen{} Cipher state; specify NULL if not needed - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{data} \sphinxhyphen{} IOV array. Modified in\sphinxhyphen{}place. - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{num\_data} \sphinxhyphen{} Size of \sphinxstyleemphasis{data} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function decrypts the data block \sphinxstyleemphasis{data} and stores the output in\sphinxhyphen{}place. The actual decryption key will be derived from \sphinxstyleemphasis{key} and \sphinxstyleemphasis{usage} if key derivation is specified for the encryption type. If non\sphinxhyphen{}null, \sphinxstyleemphasis{cipher\_state} specifies the beginning state for the decryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5\_crypto\_iov structures before calling into this API. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_k\_encrypt\_iov() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -On return from a krb5\_c\_decrypt\_iov() call, the \sphinxstyleemphasis{data\sphinxhyphen{}\textgreater{}length} in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. -\end{sphinxadmonition} - - -\subsubsection{krb5\_k\_encrypt \sphinxhyphen{} Encrypt data using a key (operates on opaque key).} -\label{\detokenize{appdev/refs/api/krb5_k_encrypt:krb5-k-encrypt-encrypt-data-using-a-key-operates-on-opaque-key}}\label{\detokenize{appdev/refs/api/krb5_k_encrypt::doc}}\index{krb5\_k\_encrypt (C function)@\spxentry{krb5\_k\_encrypt}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_encrypt:c.krb5_k_encrypt}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_encrypt}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cipher\_state}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{input}, {\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{output}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{cipher\_state} \sphinxhyphen{} Cipher state; specify NULL if not needed - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{input} \sphinxhyphen{} Data to be encrypted - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{output} \sphinxhyphen{} Encrypted data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function encrypts the data block \sphinxstyleemphasis{input} and stores the output into \sphinxstyleemphasis{output} . The actual encryption key will be derived from \sphinxstyleemphasis{key} and \sphinxstyleemphasis{usage} if key derivation is specified for the encryption type. If non\sphinxhyphen{}null, \sphinxstyleemphasis{cipher\_state} specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -The caller must initialize \sphinxstyleemphasis{output} and allocate at least enough space for the result (using krb5\_c\_encrypt\_length() to determine the amount of space needed). \sphinxstyleemphasis{output\sphinxhyphen{}\textgreater{}length} will be set to the actual length of the ciphertext. -\end{sphinxadmonition} - - -\subsubsection{krb5\_k\_encrypt\_iov \sphinxhyphen{} Encrypt data in place supporting AEAD (operates on opaque key).} -\label{\detokenize{appdev/refs/api/krb5_k_encrypt_iov:krb5-k-encrypt-iov-encrypt-data-in-place-supporting-aead-operates-on-opaque-key}}\label{\detokenize{appdev/refs/api/krb5_k_encrypt_iov::doc}}\index{krb5\_k\_encrypt\_iov (C function)@\spxentry{krb5\_k\_encrypt\_iov}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_encrypt_iov:c.krb5_k_encrypt_iov}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_encrypt\_iov}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cipher\_state}, {\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{num\_data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cipher\_state} \sphinxhyphen{} Cipher state; specify NULL if not needed - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{data} \sphinxhyphen{} IOV array. Modified in\sphinxhyphen{}place. - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{num\_data} \sphinxhyphen{} Size of \sphinxstyleemphasis{data} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function encrypts the data block \sphinxstyleemphasis{data} and stores the output in\sphinxhyphen{}place. The actual encryption key will be derived from \sphinxstyleemphasis{key} and \sphinxstyleemphasis{usage} if key derivation is specified for the encryption type. If non\sphinxhyphen{}null, \sphinxstyleemphasis{cipher\_state} specifies the beginning state for the encryption operation, and is updated with the state to be passed as input to the next operation. The caller must allocate the right number of krb5\_crypto\_iov structures before calling into this API. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_k\_decrypt\_iov() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -On return from a krb5\_c\_encrypt\_iov() call, the \sphinxstyleemphasis{data\sphinxhyphen{}\textgreater{}length} in the iov structure are adjusted to reflect actual lengths of the ciphertext used. For example, if the padding length is too large, the length will be reduced. Lengths are never increased. -\end{sphinxadmonition} - - -\subsubsection{krb5\_k\_free\_key \sphinxhyphen{} Decrement the reference count on a key and free it if it hits zero.} -\label{\detokenize{appdev/refs/api/krb5_k_free_key:krb5-k-free-key-decrement-the-reference-count-on-a-key-and-free-it-if-it-hits-zero}}\label{\detokenize{appdev/refs/api/krb5_k_free_key::doc}}\index{krb5\_k\_free\_key (C function)@\spxentry{krb5\_k\_free\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_free_key:c.krb5_k_free_key}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_free\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{key} - -\end{description}\end{quote} - - -\subsubsection{krb5\_k\_key\_enctype \sphinxhyphen{} Retrieve the enctype of a krb5\_key structure.} -\label{\detokenize{appdev/refs/api/krb5_k_key_enctype:krb5-k-key-enctype-retrieve-the-enctype-of-a-krb5-key-structure}}\label{\detokenize{appdev/refs/api/krb5_k_key_enctype::doc}}\index{krb5\_k\_key\_enctype (C function)@\spxentry{krb5\_k\_key\_enctype}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_key_enctype:c.krb5_k_key_enctype}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_key\_enctype}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{key} - -\end{description}\end{quote} - - -\subsubsection{krb5\_k\_key\_keyblock \sphinxhyphen{} Retrieve a copy of the keyblock from a krb5\_key structure.} -\label{\detokenize{appdev/refs/api/krb5_k_key_keyblock:krb5-k-key-keyblock-retrieve-a-copy-of-the-keyblock-from-a-krb5-key-structure}}\label{\detokenize{appdev/refs/api/krb5_k_key_keyblock::doc}}\index{krb5\_k\_key\_keyblock (C function)@\spxentry{krb5\_k\_key\_keyblock}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_key_keyblock:c.krb5_k_key_keyblock}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_key\_keyblock}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{key\_data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{key} - -\sphinxAtStartPar -\sphinxstylestrong{key\_data} - -\end{description}\end{quote} - - -\subsubsection{krb5\_k\_make\_checksum \sphinxhyphen{} Compute a checksum (operates on opaque key).} -\label{\detokenize{appdev/refs/api/krb5_k_make_checksum:krb5-k-make-checksum-compute-a-checksum-operates-on-opaque-key}}\label{\detokenize{appdev/refs/api/krb5_k_make_checksum::doc}}\index{krb5\_k\_make\_checksum (C function)@\spxentry{krb5\_k\_make\_checksum}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_make_checksum:c.krb5_k_make_checksum}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_make\_checksum}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{cksumtype}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{input}, {\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cksum}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksumtype} \sphinxhyphen{} Checksum type (0 for mandatory type) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key for a keyed checksum - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{input} \sphinxhyphen{} Input data - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{cksum} \sphinxhyphen{} Generated checksum - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function computes a checksum of type \sphinxstyleemphasis{cksumtype} over \sphinxstyleemphasis{input} , using \sphinxstyleemphasis{key} if the checksum type is a keyed checksum. If \sphinxstyleemphasis{cksumtype} is 0 and \sphinxstyleemphasis{key} is non\sphinxhyphen{}null, the checksum type will be the mandatory\sphinxhyphen{}to\sphinxhyphen{}implement checksum type for the key’s encryption type. The actual checksum key will be derived from \sphinxstyleemphasis{key} and \sphinxstyleemphasis{usage} if key derivation is specified for the checksum type. The newly created \sphinxstyleemphasis{cksum} must be released by calling krb5\_free\_checksum\_contents() when it is no longer needed. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_c\_verify\_checksum() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function is similar to krb5\_c\_make\_checksum(), but operates on opaque \sphinxstyleemphasis{key} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_k\_make\_checksum\_iov \sphinxhyphen{} Fill in a checksum element in IOV array (operates on opaque key)} -\label{\detokenize{appdev/refs/api/krb5_k_make_checksum_iov:krb5-k-make-checksum-iov-fill-in-a-checksum-element-in-iov-array-operates-on-opaque-key}}\label{\detokenize{appdev/refs/api/krb5_k_make_checksum_iov::doc}}\index{krb5\_k\_make\_checksum\_iov (C function)@\spxentry{krb5\_k\_make\_checksum\_iov}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_make_checksum_iov:c.krb5_k_make_checksum_iov}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_make\_checksum\_iov}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{cksumtype}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, {\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{num\_data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksumtype} \sphinxhyphen{} Checksum type (0 for mandatory type) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key for a keyed checksum - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{data} \sphinxhyphen{} IOV array - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{num\_data} \sphinxhyphen{} Size of \sphinxstyleemphasis{data} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Create a checksum in the \#KRB5\_CRYPTO\_TYPE\_CHECKSUM element over \#KRB5\_CRYPTO\_TYPE\_DATA and \#KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY chunks in \sphinxstyleemphasis{data} . Only the \#KRB5\_CRYPTO\_TYPE\_CHECKSUM region is modified. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_k\_verify\_checksum\_iov() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function is similar to krb5\_c\_make\_checksum\_iov(), but operates on opaque \sphinxstyleemphasis{key} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_k\_prf \sphinxhyphen{} Generate enctype\sphinxhyphen{}specific pseudo\sphinxhyphen{}random bytes (operates on opaque key).} -\label{\detokenize{appdev/refs/api/krb5_k_prf:krb5-k-prf-generate-enctype-specific-pseudo-random-bytes-operates-on-opaque-key}}\label{\detokenize{appdev/refs/api/krb5_k_prf::doc}}\index{krb5\_k\_prf (C function)@\spxentry{krb5\_k\_prf}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_prf:c.krb5_k_prf}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_prf}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{input}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{output}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Key - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{input} \sphinxhyphen{} Input data - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{output} \sphinxhyphen{} Output data - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function selects a pseudo\sphinxhyphen{}random function based on \sphinxstyleemphasis{key} and computes its value over \sphinxstyleemphasis{input} , placing the result into \sphinxstyleemphasis{output} . The caller must preinitialize \sphinxstyleemphasis{output} and allocate space for the result. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function is similar to krb5\_c\_prf(), but operates on opaque \sphinxstyleemphasis{key} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_k\_reference\_key \sphinxhyphen{} Increment the reference count on a key.} -\label{\detokenize{appdev/refs/api/krb5_k_reference_key:krb5-k-reference-key-increment-the-reference-count-on-a-key}}\label{\detokenize{appdev/refs/api/krb5_k_reference_key::doc}}\index{krb5\_k\_reference\_key (C function)@\spxentry{krb5\_k\_reference\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_reference_key:c.krb5_k_reference_key}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_reference\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{key} - -\end{description}\end{quote} - - -\subsubsection{krb5\_k\_verify\_checksum \sphinxhyphen{} Verify a checksum (operates on opaque key).} -\label{\detokenize{appdev/refs/api/krb5_k_verify_checksum:krb5-k-verify-checksum-verify-a-checksum-operates-on-opaque-key}}\label{\detokenize{appdev/refs/api/krb5_k_verify_checksum::doc}}\index{krb5\_k\_verify\_checksum (C function)@\spxentry{krb5\_k\_verify\_checksum}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_verify_checksum:c.krb5_k_verify_checksum}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_verify\_checksum}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cksum}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{valid}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key for a keyed checksum - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} \sphinxstyleemphasis{key} usage - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} Data to be used to compute a new checksum using \sphinxstyleemphasis{key} to compare \sphinxstyleemphasis{cksum} against - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksum} \sphinxhyphen{} Checksum to be verified - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{valid} \sphinxhyphen{} Non\sphinxhyphen{}zero for success, zero for failure - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function verifies that \sphinxstyleemphasis{cksum} is a valid checksum for \sphinxstyleemphasis{data} . If the checksum type of \sphinxstyleemphasis{cksum} is a keyed checksum, \sphinxstyleemphasis{key} is used to verify the checksum. If the checksum type in \sphinxstyleemphasis{cksum} is 0 and \sphinxstyleemphasis{key} is not NULL, the mandatory checksum type for \sphinxstyleemphasis{key} will be used. The actual checksum key will be derived from \sphinxstyleemphasis{key} and \sphinxstyleemphasis{usage} if key derivation is specified for the checksum type. - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function is similar to krb5\_c\_verify\_checksum(), but operates on opaque \sphinxstyleemphasis{key} . -\end{sphinxadmonition} - - -\subsubsection{krb5\_k\_verify\_checksum\_iov \sphinxhyphen{} Validate a checksum element in IOV array (operates on opaque key).} -\label{\detokenize{appdev/refs/api/krb5_k_verify_checksum_iov:krb5-k-verify-checksum-iov-validate-a-checksum-element-in-iov-array-operates-on-opaque-key}}\label{\detokenize{appdev/refs/api/krb5_k_verify_checksum_iov::doc}}\index{krb5\_k\_verify\_checksum\_iov (C function)@\spxentry{krb5\_k\_verify\_checksum\_iov}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_k_verify_checksum_iov:c.krb5_k_verify_checksum_iov}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_k\_verify\_checksum\_iov}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{cksumtype}, {\hyperref[\detokenize{appdev/refs/types/krb5_key:c.krb5_key}]{\sphinxcrossref{\DUrole{n}{krb5\_key}}}}\DUrole{w}{ }\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}]{\sphinxcrossref{\DUrole{n}{krb5\_keyusage}}}}\DUrole{w}{ }\DUrole{n}{usage}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{num\_data}, {\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{valid}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{cksumtype} \sphinxhyphen{} Checksum type (0 for mandatory type) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{key} \sphinxhyphen{} Encryption key for a keyed checksum - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{usage} \sphinxhyphen{} Key usage (see KRB5\_KEYUSAGE macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{data} \sphinxhyphen{} IOV array - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{num\_data} \sphinxhyphen{} Size of \sphinxstyleemphasis{data} - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{valid} \sphinxhyphen{} Non\sphinxhyphen{}zero for success, zero for failure - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Confirm that the checksum in the \#KRB5\_CRYPTO\_TYPE\_CHECKSUM element is a valid checksum of the \#KRB5\_CRYPTO\_TYPE\_DATA and \#KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY regions in the iov. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_k\_make\_checksum\_iov() - - - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -This function is similar to krb5\_c\_verify\_checksum\_iov(), but operates on opaque \sphinxstyleemphasis{key} . -\end{sphinxadmonition} - - -\subsection{Legacy convenience interfaces} -\label{\detokenize{appdev/refs/api/index:legacy-convenience-interfaces}} - -\subsubsection{krb5\_recvauth \sphinxhyphen{} Server function for sendauth protocol.} -\label{\detokenize{appdev/refs/api/krb5_recvauth:krb5-recvauth-server-function-for-sendauth-protocol}}\label{\detokenize{appdev/refs/api/krb5_recvauth::doc}}\index{krb5\_recvauth (C function)@\spxentry{krb5\_recvauth}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_recvauth:c.krb5_recvauth}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_recvauth}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{n}{fd}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{appl\_version}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{server}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{n}{flags}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}, {\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{ticket}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Pre\sphinxhyphen{}existing or newly created auth context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fd} \sphinxhyphen{} File descriptor - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{appl\_version} \sphinxhyphen{} Application protocol version to be matched against the client’s application version - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Server principal (NULL for any in \sphinxstyleemphasis{keytab} ) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Additional specifications - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Key table containing service keys - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ticket} \sphinxhyphen{} Ticket (NULL if not needed) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function performs the server side of a sendauth/recvauth exchange by sending and receiving messages over \sphinxstyleemphasis{fd} . - -\sphinxAtStartPar -Use krb5\_free\_ticket() to free \sphinxstyleemphasis{ticket} when it is no longer needed. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_sendauth() - - - - -\subsubsection{krb5\_recvauth\_version \sphinxhyphen{} Server function for sendauth protocol with version parameter.} -\label{\detokenize{appdev/refs/api/krb5_recvauth_version:krb5-recvauth-version-server-function-for-sendauth-protocol-with-version-parameter}}\label{\detokenize{appdev/refs/api/krb5_recvauth_version::doc}}\index{krb5\_recvauth\_version (C function)@\spxentry{krb5\_recvauth\_version}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_recvauth_version:c.krb5_recvauth_version}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_recvauth\_version}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{n}{fd}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{server}, {\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\DUrole{n}{flags}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{keytab}, {\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{ticket}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{version}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Pre\sphinxhyphen{}existing or newly created auth context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fd} \sphinxhyphen{} File descriptor - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Server principal (NULL for any in \sphinxstyleemphasis{keytab} ) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{flags} \sphinxhyphen{} Additional specifications - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{keytab} \sphinxhyphen{} Decryption key - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{ticket} \sphinxhyphen{} Ticket (NULL if not needed) - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{version} \sphinxhyphen{} sendauth protocol version (NULL if not needed) - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function is similar to krb5\_recvauth() with the additional output information place into \sphinxstyleemphasis{version} . - - -\subsubsection{krb5\_sendauth \sphinxhyphen{} Client function for sendauth protocol.} -\label{\detokenize{appdev/refs/api/krb5_sendauth:krb5-sendauth-client-function-for-sendauth-protocol}}\label{\detokenize{appdev/refs/api/krb5_sendauth::doc}}\index{krb5\_sendauth (C function)@\spxentry{krb5\_sendauth}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_sendauth:c.krb5_sendauth}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_sendauth}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{n}{fd}, \DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{appl\_version}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{client}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{server}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{ap\_req\_options}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_data}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{error}, {\hyperref[\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_rep\_enc\_part}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{rep\_result}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{out\_creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}inout{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Pre\sphinxhyphen{}existing or newly created auth context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{fd} \sphinxhyphen{} File descriptor that describes network socket - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{appl\_version} \sphinxhyphen{} Application protocol version to be matched with the receiver’s application version - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{client} \sphinxhyphen{} Client principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{server} \sphinxhyphen{} Server principal - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ap\_req\_options} \sphinxhyphen{} Options (see AP\_OPTS macros) - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_data} \sphinxhyphen{} Data to be sent to the server - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{in\_creds} \sphinxhyphen{} Input credentials, or NULL to use \sphinxstyleemphasis{ccache} - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{ccache} \sphinxhyphen{} Credential cache - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{error} \sphinxhyphen{} If non\sphinxhyphen{}null, contains KRB\_ERROR message returned from server - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{rep\_result} \sphinxhyphen{} If non\sphinxhyphen{}null and \sphinxstyleemphasis{ap\_req\_options} is \#AP\_OPTS\_MUTUAL\_REQUIRED, contains the result of mutual authentication exchange - -\sphinxAtStartPar -\sphinxstylestrong{{[}out{]}} \sphinxstylestrong{out\_creds} \sphinxhyphen{} If non\sphinxhyphen{}null, the retrieved credentials - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -This function performs the client side of a sendauth/recvauth exchange by sending and receiving messages over \sphinxstyleemphasis{fd} . - -\sphinxAtStartPar -Credentials may be specified in three ways: -\begin{quote} -\begin{itemize} -\item {} -\sphinxAtStartPar -If \sphinxstyleemphasis{in\_creds} is NULL, credentials are obtained with krb5\_get\_credentials() using the principals \sphinxstyleemphasis{client} and \sphinxstyleemphasis{server} . \sphinxstyleemphasis{server} must be non\sphinxhyphen{}null; \sphinxstyleemphasis{client} may NULL to use the default principal of \sphinxstyleemphasis{ccache} . - -\item {} -\sphinxAtStartPar -If \sphinxstyleemphasis{in\_creds} is non\sphinxhyphen{}null, but does not contain a ticket, credentials for the exchange are obtained with krb5\_get\_credentials() using \sphinxstyleemphasis{in\_creds} . In this case, the values of \sphinxstyleemphasis{client} and \sphinxstyleemphasis{server} are unused. - -\item {} -\sphinxAtStartPar -If \sphinxstyleemphasis{in\_creds} is a complete credentials structure, it used directly. In this case, the values of \sphinxstyleemphasis{client} , \sphinxstyleemphasis{server} , and \sphinxstyleemphasis{ccache} are unused. - -\end{itemize} - -\sphinxAtStartPar -If the server is using a different application protocol than that specified in \sphinxstyleemphasis{appl\_version} , an error will be returned. -\end{quote} - -\sphinxAtStartPar -Use krb5\_free\_creds() to free \sphinxstyleemphasis{out\_creds} , krb5\_free\_ap\_rep\_enc\_part() to free \sphinxstyleemphasis{rep\_result} , and krb5\_free\_error() to free \sphinxstyleemphasis{error} when they are no longer needed. - - -\sphinxstrong{See also:} -\nopagebreak - - -\sphinxAtStartPar -krb5\_recvauth() - - - - -\subsection{Deprecated public interfaces} -\label{\detokenize{appdev/refs/api/index:deprecated-public-interfaces}} - -\subsubsection{krb5\_524\_convert\_creds \sphinxhyphen{} Convert a Kerberos V5 credentials to a Kerberos V4 credentials.} -\label{\detokenize{appdev/refs/api/krb5_524_convert_creds:krb5-524-convert-creds-convert-a-kerberos-v5-credentials-to-a-kerberos-v4-credentials}}\label{\detokenize{appdev/refs/api/krb5_524_convert_creds::doc}}\index{krb5\_524\_convert\_creds (C function)@\spxentry{krb5\_524\_convert\_creds}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_524_convert_creds:c.krb5_524_convert_creds}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{int}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_524\_convert\_creds}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{v5creds}, \DUrole{k}{struct}\DUrole{w}{ }\DUrole{n}{credentials}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{v4creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{v5creds} - -\sphinxAtStartPar -\sphinxstylestrong{v4creds} - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -KRB524\_KRB4\_DISABLED (always) - -\end{itemize} - -\end{description}\end{quote} - -\begin{sphinxadmonition}{note}{Note:} -\sphinxAtStartPar -Not implemented -\end{sphinxadmonition} - - -\subsubsection{krb5\_auth\_con\_getlocalsubkey} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getlocalsubkey:krb5-auth-con-getlocalsubkey}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getlocalsubkey::doc}}\index{krb5\_auth\_con\_getlocalsubkey (C function)@\spxentry{krb5\_auth\_con\_getlocalsubkey}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getlocalsubkey:c.krb5_auth_con_getlocalsubkey}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getlocalsubkey}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{keyblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{auth\_context} - -\sphinxAtStartPar -\sphinxstylestrong{keyblock} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_auth\_con\_getsendsubkey(). - - -\subsubsection{krb5\_auth\_con\_getremotesubkey} -\label{\detokenize{appdev/refs/api/krb5_auth_con_getremotesubkey:krb5-auth-con-getremotesubkey}}\label{\detokenize{appdev/refs/api/krb5_auth_con_getremotesubkey::doc}}\index{krb5\_auth\_con\_getremotesubkey (C function)@\spxentry{krb5\_auth\_con\_getremotesubkey}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_getremotesubkey:c.krb5_auth_con_getremotesubkey}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_getremotesubkey}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{keyblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{auth\_context} - -\sphinxAtStartPar -\sphinxstylestrong{keyblock} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_auth\_con\_getrecvsubkey(). - - -\subsubsection{krb5\_auth\_con\_initivector \sphinxhyphen{} Cause an auth context to use cipher state.} -\label{\detokenize{appdev/refs/api/krb5_auth_con_initivector:krb5-auth-con-initivector-cause-an-auth-context-to-use-cipher-state}}\label{\detokenize{appdev/refs/api/krb5_auth_con_initivector::doc}}\index{krb5\_auth\_con\_initivector (C function)@\spxentry{krb5\_auth\_con\_initivector}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_auth_con_initivector:c.krb5_auth_con_initivector}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_con\_initivector}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}]{\sphinxcrossref{\DUrole{n}{krb5\_auth\_context}}}}\DUrole{w}{ }\DUrole{n}{auth\_context}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{context} \sphinxhyphen{} Library context - -\sphinxAtStartPar -\sphinxstylestrong{{[}in{]}} \sphinxstylestrong{auth\_context} \sphinxhyphen{} Authentication context - -\end{description}\end{quote} -\begin{quote}\begin{description} -\item[{retval}] \leavevmode\begin{itemize} -\item {} -\sphinxAtStartPar -0 Success; otherwise \sphinxhyphen{} Kerberos error codes - -\end{itemize} - -\end{description}\end{quote} - -\sphinxAtStartPar -Prepare \sphinxstyleemphasis{auth\_context} to use cipher state when krb5\_mk\_priv() or krb5\_rd\_priv() encrypt or decrypt data. - - -\subsubsection{krb5\_build\_principal\_va} -\label{\detokenize{appdev/refs/api/krb5_build_principal_va:krb5-build-principal-va}}\label{\detokenize{appdev/refs/api/krb5_build_principal_va::doc}}\index{krb5\_build\_principal\_va (C function)@\spxentry{krb5\_build\_principal\_va}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_build_principal_va:c.krb5_build_principal_va}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_build\_principal\_va}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\DUrole{n}{princ}, \DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\DUrole{n}{rlen}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{realm}, \DUrole{n}{va\_list}\DUrole{w}{ }\DUrole{n}{ap}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{princ} - -\sphinxAtStartPar -\sphinxstylestrong{rlen} - -\sphinxAtStartPar -\sphinxstylestrong{realm} - -\sphinxAtStartPar -\sphinxstylestrong{ap} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_build\_principal\_alloc\_va(). - - -\subsubsection{krb5\_c\_random\_seed} -\label{\detokenize{appdev/refs/api/krb5_c_random_seed:krb5-c-random-seed}}\label{\detokenize{appdev/refs/api/krb5_c_random_seed::doc}}\index{krb5\_c\_random\_seed (C function)@\spxentry{krb5\_c\_random\_seed}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_c_random_seed:c.krb5_c_random_seed}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_c\_random\_seed}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{data} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED This call is no longer necessary. - - -\subsubsection{krb5\_calculate\_checksum} -\label{\detokenize{appdev/refs/api/krb5_calculate_checksum:krb5-calculate-checksum}}\label{\detokenize{appdev/refs/api/krb5_calculate_checksum::doc}}\index{krb5\_calculate\_checksum (C function)@\spxentry{krb5\_calculate\_checksum}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_calculate_checksum:c.krb5_calculate_checksum}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_calculate\_checksum}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{ctype}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_pointer}}}}\DUrole{w}{ }\DUrole{n}{in}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{in\_length}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_pointer}}}}\DUrole{w}{ }\DUrole{n}{seed}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{seed\_length}, {\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{outcksum}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{ctype} - -\sphinxAtStartPar -\sphinxstylestrong{in} - -\sphinxAtStartPar -\sphinxstylestrong{in\_length} - -\sphinxAtStartPar -\sphinxstylestrong{seed} - -\sphinxAtStartPar -\sphinxstylestrong{seed\_length} - -\sphinxAtStartPar -\sphinxstylestrong{outcksum} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED See krb5\_c\_make\_checksum() - - -\subsubsection{krb5\_checksum\_size} -\label{\detokenize{appdev/refs/api/krb5_checksum_size:krb5-checksum-size}}\label{\detokenize{appdev/refs/api/krb5_checksum_size::doc}}\index{krb5\_checksum\_size (C function)@\spxentry{krb5\_checksum\_size}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_checksum_size:c.krb5_checksum_size}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{n}{size\_t}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_checksum\_size}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{ctype}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{ctype} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED See krb5\_c\_checksum\_length() - - -\subsubsection{krb5\_encrypt} -\label{\detokenize{appdev/refs/api/krb5_encrypt:krb5-encrypt}}\label{\detokenize{appdev/refs/api/krb5_encrypt::doc}}\index{krb5\_encrypt (C function)@\spxentry{krb5\_encrypt}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_encrypt:c.krb5_encrypt}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_encrypt}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_pointer}}}}\DUrole{w}{ }\DUrole{n}{inptr}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{n}{outptr}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{size}, {\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{eblock}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{n}{ivec}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{inptr} - -\sphinxAtStartPar -\sphinxstylestrong{outptr} - -\sphinxAtStartPar -\sphinxstylestrong{size} - -\sphinxAtStartPar -\sphinxstylestrong{eblock} - -\sphinxAtStartPar -\sphinxstylestrong{ivec} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_c\_* API family. - - -\subsubsection{krb5\_decrypt} -\label{\detokenize{appdev/refs/api/krb5_decrypt:krb5-decrypt}}\label{\detokenize{appdev/refs/api/krb5_decrypt::doc}}\index{krb5\_decrypt (C function)@\spxentry{krb5\_decrypt}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_decrypt:c.krb5_decrypt}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_decrypt}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_pointer}}}}\DUrole{w}{ }\DUrole{n}{inptr}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{n}{outptr}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{size}, {\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{eblock}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{n}{ivec}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{inptr} - -\sphinxAtStartPar -\sphinxstylestrong{outptr} - -\sphinxAtStartPar -\sphinxstylestrong{size} - -\sphinxAtStartPar -\sphinxstylestrong{eblock} - -\sphinxAtStartPar -\sphinxstylestrong{ivec} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_c\_* API family. - - -\subsubsection{krb5\_eblock\_enctype} -\label{\detokenize{appdev/refs/api/krb5_eblock_enctype:krb5-eblock-enctype}}\label{\detokenize{appdev/refs/api/krb5_eblock_enctype::doc}}\index{krb5\_eblock\_enctype (C function)@\spxentry{krb5\_eblock\_enctype}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_eblock_enctype:c.krb5_eblock_enctype}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_eblock\_enctype}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{eblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{eblock} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_c\_* API family. - - -\subsubsection{krb5\_encrypt\_size} -\label{\detokenize{appdev/refs/api/krb5_encrypt_size:krb5-encrypt-size}}\label{\detokenize{appdev/refs/api/krb5_encrypt_size::doc}}\index{krb5\_encrypt\_size (C function)@\spxentry{krb5\_encrypt\_size}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_encrypt_size:c.krb5_encrypt_size}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{n}{size\_t}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_encrypt\_size}}}}{\DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{length}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{crypto}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{length} - -\sphinxAtStartPar -\sphinxstylestrong{crypto} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_c\_* API family. - - -\subsubsection{krb5\_finish\_key} -\label{\detokenize{appdev/refs/api/krb5_finish_key:krb5-finish-key}}\label{\detokenize{appdev/refs/api/krb5_finish_key::doc}}\index{krb5\_finish\_key (C function)@\spxentry{krb5\_finish\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_finish_key:c.krb5_finish_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_finish\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{eblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{eblock} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_c\_* API family. - - -\subsubsection{krb5\_finish\_random\_key} -\label{\detokenize{appdev/refs/api/krb5_finish_random_key:krb5-finish-random-key}}\label{\detokenize{appdev/refs/api/krb5_finish_random_key::doc}}\index{krb5\_finish\_random\_key (C function)@\spxentry{krb5\_finish\_random\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_finish_random_key:c.krb5_finish_random_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_finish\_random\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{eblock}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ptr}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{eblock} - -\sphinxAtStartPar -\sphinxstylestrong{ptr} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_c\_* API family. - - -\subsubsection{krb5\_cc\_gen\_new} -\label{\detokenize{appdev/refs/api/krb5_cc_gen_new:krb5-cc-gen-new}}\label{\detokenize{appdev/refs/api/krb5_cc_gen_new::doc}}\index{krb5\_cc\_gen\_new (C function)@\spxentry{krb5\_cc\_gen\_new}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_cc_gen_new:c.krb5_cc_gen_new}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_gen\_new}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cache}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{cache} - -\end{description}\end{quote} - - -\subsubsection{krb5\_get\_credentials\_renew} -\label{\detokenize{appdev/refs/api/krb5_get_credentials_renew:krb5-get-credentials-renew}}\label{\detokenize{appdev/refs/api/krb5_get_credentials_renew::doc}}\index{krb5\_get\_credentials\_renew (C function)@\spxentry{krb5\_get\_credentials\_renew}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_credentials_renew:c.krb5_get_credentials_renew}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_credentials\_renew}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{options}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{out\_creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{options} - -\sphinxAtStartPar -\sphinxstylestrong{ccache} - -\sphinxAtStartPar -\sphinxstylestrong{in\_creds} - -\sphinxAtStartPar -\sphinxstylestrong{out\_creds} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_get\_renewed\_creds. - - -\subsubsection{krb5\_get\_credentials\_validate} -\label{\detokenize{appdev/refs/api/krb5_get_credentials_validate:krb5-get-credentials-validate}}\label{\detokenize{appdev/refs/api/krb5_get_credentials_validate::doc}}\index{krb5\_get\_credentials\_validate (C function)@\spxentry{krb5\_get\_credentials\_validate}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_credentials_validate:c.krb5_get_credentials_validate}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_credentials\_validate}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{options}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{in\_creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{out\_creds}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{options} - -\sphinxAtStartPar -\sphinxstylestrong{ccache} - -\sphinxAtStartPar -\sphinxstylestrong{in\_creds} - -\sphinxAtStartPar -\sphinxstylestrong{out\_creds} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_get\_validated\_creds. - - -\subsubsection{krb5\_get\_in\_tkt\_with\_password} -\label{\detokenize{appdev/refs/api/krb5_get_in_tkt_with_password:krb5-get-in-tkt-with-password}}\label{\detokenize{appdev/refs/api/krb5_get_in_tkt_with_password::doc}}\index{krb5\_get\_in\_tkt\_with\_password (C function)@\spxentry{krb5\_get\_in\_tkt\_with\_password}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_in_tkt_with_password:c.krb5_get_in_tkt_with_password}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_in\_tkt\_with\_password}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{options}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{addrs}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ktypes}, {\hyperref[\detokenize{appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype}]{\sphinxcrossref{\DUrole{n}{krb5\_preauthtype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pre\_auth\_types}, \DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{password}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_rep}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{ret\_as\_reply}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{options} - -\sphinxAtStartPar -\sphinxstylestrong{addrs} - -\sphinxAtStartPar -\sphinxstylestrong{ktypes} - -\sphinxAtStartPar -\sphinxstylestrong{pre\_auth\_types} - -\sphinxAtStartPar -\sphinxstylestrong{password} - -\sphinxAtStartPar -\sphinxstylestrong{ccache} - -\sphinxAtStartPar -\sphinxstylestrong{creds} - -\sphinxAtStartPar -\sphinxstylestrong{ret\_as\_reply} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_get\_init\_creds\_password(). - - -\subsubsection{krb5\_get\_in\_tkt\_with\_skey} -\label{\detokenize{appdev/refs/api/krb5_get_in_tkt_with_skey:krb5-get-in-tkt-with-skey}}\label{\detokenize{appdev/refs/api/krb5_get_in_tkt_with_skey::doc}}\index{krb5\_get\_in\_tkt\_with\_skey (C function)@\spxentry{krb5\_get\_in\_tkt\_with\_skey}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_in_tkt_with_skey:c.krb5_get_in_tkt_with_skey}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_in\_tkt\_with\_skey}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{options}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{addrs}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ktypes}, {\hyperref[\detokenize{appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype}]{\sphinxcrossref{\DUrole{n}{krb5\_preauthtype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pre\_auth\_types}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_rep}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{ret\_as\_reply}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{options} - -\sphinxAtStartPar -\sphinxstylestrong{addrs} - -\sphinxAtStartPar -\sphinxstylestrong{ktypes} - -\sphinxAtStartPar -\sphinxstylestrong{pre\_auth\_types} - -\sphinxAtStartPar -\sphinxstylestrong{key} - -\sphinxAtStartPar -\sphinxstylestrong{ccache} - -\sphinxAtStartPar -\sphinxstylestrong{creds} - -\sphinxAtStartPar -\sphinxstylestrong{ret\_as\_reply} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_get\_init\_creds(). - - -\subsubsection{krb5\_get\_in\_tkt\_with\_keytab} -\label{\detokenize{appdev/refs/api/krb5_get_in_tkt_with_keytab:krb5-get-in-tkt-with-keytab}}\label{\detokenize{appdev/refs/api/krb5_get_in_tkt_with_keytab::doc}}\index{krb5\_get\_in\_tkt\_with\_keytab (C function)@\spxentry{krb5\_get\_in\_tkt\_with\_keytab}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_in_tkt_with_keytab:c.krb5_get_in_tkt_with_keytab}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_in\_tkt\_with\_keytab}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\DUrole{n}{options}, {\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{k}{const}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{addrs}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ktypes}, {\hyperref[\detokenize{appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype}]{\sphinxcrossref{\DUrole{n}{krb5\_preauthtype}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{pre\_auth\_types}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab}}}}\DUrole{w}{ }\DUrole{n}{arg\_keytab}, {\hyperref[\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}]{\sphinxcrossref{\DUrole{n}{krb5\_ccache}}}}\DUrole{w}{ }\DUrole{n}{ccache}, {\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{creds}, {\hyperref[\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_rep}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{ret\_as\_reply}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{options} - -\sphinxAtStartPar -\sphinxstylestrong{addrs} - -\sphinxAtStartPar -\sphinxstylestrong{ktypes} - -\sphinxAtStartPar -\sphinxstylestrong{pre\_auth\_types} - -\sphinxAtStartPar -\sphinxstylestrong{arg\_keytab} - -\sphinxAtStartPar -\sphinxstylestrong{ccache} - -\sphinxAtStartPar -\sphinxstylestrong{creds} - -\sphinxAtStartPar -\sphinxstylestrong{ret\_as\_reply} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_get\_init\_creds\_keytab(). - - -\subsubsection{krb5\_get\_init\_creds\_opt\_init} -\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_init:krb5-get-init-creds-opt-init}}\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_init::doc}}\index{krb5\_get\_init\_creds\_opt\_init (C function)@\spxentry{krb5\_get\_init\_creds\_opt\_init}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_get_init_creds_opt_init:c.krb5_get_init_creds_opt_init}}% -\pysigstartmultiline -\pysiglinewithargsret{\DUrole{kt}{void}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt\_init}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{opt}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{opt} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Use krb5\_get\_init\_creds\_opt\_alloc() instead. - - -\subsubsection{krb5\_init\_random\_key} -\label{\detokenize{appdev/refs/api/krb5_init_random_key:krb5-init-random-key}}\label{\detokenize{appdev/refs/api/krb5_init_random_key::doc}}\index{krb5\_init\_random\_key (C function)@\spxentry{krb5\_init\_random\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_init_random_key:c.krb5_init_random_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_random\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{eblock}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keyblock}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{ptr}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{eblock} - -\sphinxAtStartPar -\sphinxstylestrong{keyblock} - -\sphinxAtStartPar -\sphinxstylestrong{ptr} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_c\_* API family. - - -\subsubsection{krb5\_kt\_free\_entry} -\label{\detokenize{appdev/refs/api/krb5_kt_free_entry:krb5-kt-free-entry}}\label{\detokenize{appdev/refs/api/krb5_kt_free_entry::doc}}\index{krb5\_kt\_free\_entry (C function)@\spxentry{krb5\_kt\_free\_entry}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_kt_free_entry:c.krb5_kt_free_entry}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_free\_entry}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{entry}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{entry} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Use krb5\_free\_keytab\_entry\_contents instead. - - -\subsubsection{krb5\_random\_key} -\label{\detokenize{appdev/refs/api/krb5_random_key:krb5-random-key}}\label{\detokenize{appdev/refs/api/krb5_random_key::doc}}\index{krb5\_random\_key (C function)@\spxentry{krb5\_random\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_random_key:c.krb5_random_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_random\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{eblock}, {\hyperref[\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_pointer}}}}\DUrole{w}{ }\DUrole{n}{ptr}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\DUrole{n}{keyblock}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{eblock} - -\sphinxAtStartPar -\sphinxstylestrong{ptr} - -\sphinxAtStartPar -\sphinxstylestrong{keyblock} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_c\_* API family. - - -\subsubsection{krb5\_process\_key} -\label{\detokenize{appdev/refs/api/krb5_process_key:krb5-process-key}}\label{\detokenize{appdev/refs/api/krb5_process_key::doc}}\index{krb5\_process\_key (C function)@\spxentry{krb5\_process\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_process_key:c.krb5_process_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_process\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{eblock}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{key}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{eblock} - -\sphinxAtStartPar -\sphinxstylestrong{key} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_c\_* API family. - - -\subsubsection{krb5\_string\_to\_key} -\label{\detokenize{appdev/refs/api/krb5_string_to_key:krb5-string-to-key}}\label{\detokenize{appdev/refs/api/krb5_string_to_key::doc}}\index{krb5\_string\_to\_key (C function)@\spxentry{krb5\_string\_to\_key}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_string_to_key:c.krb5_string_to_key}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_string\_to\_key}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{eblock}, {\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{keyblock}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{data}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{salt}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{eblock} - -\sphinxAtStartPar -\sphinxstylestrong{keyblock} - -\sphinxAtStartPar -\sphinxstylestrong{data} - -\sphinxAtStartPar -\sphinxstylestrong{salt} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED See krb5\_c\_string\_to\_key() - - -\subsubsection{krb5\_use\_enctype} -\label{\detokenize{appdev/refs/api/krb5_use_enctype:krb5-use-enctype}}\label{\detokenize{appdev/refs/api/krb5_use_enctype::doc}}\index{krb5\_use\_enctype (C function)@\spxentry{krb5\_use\_enctype}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_use_enctype:c.krb5_use_enctype}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_use\_enctype}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{eblock}, {\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{n}{enctype}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{eblock} - -\sphinxAtStartPar -\sphinxstylestrong{enctype} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED Replaced by krb5\_c\_* API family. - - -\subsubsection{krb5\_verify\_checksum} -\label{\detokenize{appdev/refs/api/krb5_verify_checksum:krb5-verify-checksum}}\label{\detokenize{appdev/refs/api/krb5_verify_checksum::doc}}\index{krb5\_verify\_checksum (C function)@\spxentry{krb5\_verify\_checksum}\spxextra{C function}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/api/krb5_verify_checksum:c.krb5_verify_checksum}}% -\pysigstartmultiline -\pysiglinewithargsret{{\hyperref[\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}]{\sphinxcrossref{\DUrole{n}{krb5\_error\_code}}}}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_verify\_checksum}}}}{{\hyperref[\detokenize{appdev/refs/types/krb5_context:c.krb5_context}]{\sphinxcrossref{\DUrole{n}{krb5\_context}}}}\DUrole{w}{ }\DUrole{n}{context}, {\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\DUrole{n}{ctype}, \DUrole{k}{const}\DUrole{w}{ }{\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{n}{cksum}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_pointer}}}}\DUrole{w}{ }\DUrole{n}{in}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{in\_length}, {\hyperref[\detokenize{appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_pointer}}}}\DUrole{w}{ }\DUrole{n}{seed}, \DUrole{n}{size\_t}\DUrole{w}{ }\DUrole{n}{seed\_length}}{}% -\pysigstopmultiline -\end{fulllineitems} - -\begin{quote}\begin{description} -\item[{param}] \leavevmode -\sphinxAtStartPar -\sphinxstylestrong{context} - -\sphinxAtStartPar -\sphinxstylestrong{ctype} - -\sphinxAtStartPar -\sphinxstylestrong{cksum} - -\sphinxAtStartPar -\sphinxstylestrong{in} - -\sphinxAtStartPar -\sphinxstylestrong{in\_length} - -\sphinxAtStartPar -\sphinxstylestrong{seed} - -\sphinxAtStartPar -\sphinxstylestrong{seed\_length} - -\end{description}\end{quote} - -\sphinxAtStartPar -DEPRECATED See krb5\_c\_verify\_checksum() - - -\section{krb5 types and structures} -\label{\detokenize{appdev/refs/types/index:krb5-types-and-structures}}\label{\detokenize{appdev/refs/types/index::doc}} - -\subsection{Public} -\label{\detokenize{appdev/refs/types/index:public}} - -\subsubsection{krb5\_address} -\label{\detokenize{appdev/refs/types/krb5_address:krb5-address}}\label{\detokenize{appdev/refs/types/krb5_address:krb5-address-struct}}\label{\detokenize{appdev/refs/types/krb5_address::doc}}\index{krb5\_address (C type)@\spxentry{krb5\_address}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_address:c.krb5_address}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_address}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Structure for address. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_address:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_address krb5\_address - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_address:members}}\index{krb5\_address.magic (C member)@\spxentry{krb5\_address.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_address:c.krb5_address.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_address.addrtype (C member)@\spxentry{krb5\_address.addrtype}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_address:c.krb5_address.addrtype}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_addrtype:c.krb5_addrtype}]{\sphinxcrossref{\DUrole{n}{krb5\_addrtype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{addrtype}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_address.length (C member)@\spxentry{krb5\_address.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_address:c.krb5_address.length}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_address.contents (C member)@\spxentry{krb5\_address.contents}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_address:c.krb5_address.contents}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_octet:c.krb5_octet}]{\sphinxcrossref{\DUrole{n}{krb5\_octet}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{contents}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_addrtype} -\label{\detokenize{appdev/refs/types/krb5_addrtype:krb5-addrtype}}\label{\detokenize{appdev/refs/types/krb5_addrtype:krb5-addrtype-struct}}\label{\detokenize{appdev/refs/types/krb5_addrtype::doc}}\index{krb5\_addrtype (C type)@\spxentry{krb5\_addrtype}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_addrtype:c.krb5_addrtype}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_addrtype}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_addrtype:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_addrtype - - -\subsubsection{krb5\_ap\_req} -\label{\detokenize{appdev/refs/types/krb5_ap_req:krb5-ap-req}}\label{\detokenize{appdev/refs/types/krb5_ap_req:krb5-ap-req-struct}}\label{\detokenize{appdev/refs/types/krb5_ap_req::doc}}\index{krb5\_ap\_req (C type)@\spxentry{krb5\_ap\_req}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_req:c.krb5_ap_req}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_ap\_req}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Authentication header. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_ap_req:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_ap\_req krb5\_ap\_req - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_ap_req:members}}\index{krb5\_ap\_req.magic (C member)@\spxentry{krb5\_ap\_req.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_req:c.krb5_ap_req.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_req:c.krb5_ap_req}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_ap\_req.ap\_options (C member)@\spxentry{krb5\_ap\_req.ap\_options}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_req:c.krb5_ap_req.ap_options}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_req:c.krb5_ap_req}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ap\_options}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Requested options. - -\end{fulllineitems} - -\index{krb5\_ap\_req.ticket (C member)@\spxentry{krb5\_ap\_req.ticket}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_req:c.krb5_ap_req.ticket}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_req:c.krb5_ap_req}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ticket}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Ticket. - -\end{fulllineitems} - -\index{krb5\_ap\_req.authenticator (C member)@\spxentry{krb5\_ap\_req.authenticator}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_req:c.krb5_ap_req.authenticator}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_req:c.krb5_ap_req}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{authenticator}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Encrypted authenticator. - -\end{fulllineitems} - - - -\subsubsection{krb5\_ap\_rep} -\label{\detokenize{appdev/refs/types/krb5_ap_rep:krb5-ap-rep}}\label{\detokenize{appdev/refs/types/krb5_ap_rep:krb5-ap-rep-struct}}\label{\detokenize{appdev/refs/types/krb5_ap_rep::doc}}\index{krb5\_ap\_rep (C type)@\spxentry{krb5\_ap\_rep}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_rep:c.krb5_ap_rep}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_ap\_rep}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -C representaton of AP\sphinxhyphen{}REP message. - -\sphinxAtStartPar -The server’s response to a client’s request for mutual authentication. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_ap_rep:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_ap\_rep krb5\_ap\_rep - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_ap_rep:members}}\index{krb5\_ap\_rep.magic (C member)@\spxentry{krb5\_ap\_rep.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_rep:c.krb5_ap_rep.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_rep:c.krb5_ap_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_rep}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_ap\_rep.enc\_part (C member)@\spxentry{krb5\_ap\_rep.enc\_part}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_rep:c.krb5_ap_rep.enc_part}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_rep:c.krb5_ap_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_rep}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{enc\_part}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Ciphertext of ApRepEncPart. - -\end{fulllineitems} - - - -\subsubsection{krb5\_ap\_rep\_enc\_part} -\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:krb5-ap-rep-enc-part}}\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:krb5-ap-rep-enc-part-struct}}\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part::doc}}\index{krb5\_ap\_rep\_enc\_part (C type)@\spxentry{krb5\_ap\_rep\_enc\_part}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_ap\_rep\_enc\_part}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Cleartext that is encrypted and put into \sphinxcode{\sphinxupquote{\_krb5\_ap\_rep}} . - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_ap\_rep\_enc\_part krb5\_ap\_rep\_enc\_part - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:members}}\index{krb5\_ap\_rep\_enc\_part.magic (C member)@\spxentry{krb5\_ap\_rep\_enc\_part.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_rep\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_ap\_rep\_enc\_part.ctime (C member)@\spxentry{krb5\_ap\_rep\_enc\_part.ctime}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part.ctime}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_rep\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ctime}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Client time, seconds portion. - -\end{fulllineitems} - -\index{krb5\_ap\_rep\_enc\_part.cusec (C member)@\spxentry{krb5\_ap\_rep\_enc\_part.cusec}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part.cusec}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_rep\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{cusec}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Client time, microseconds portion. - -\end{fulllineitems} - -\index{krb5\_ap\_rep\_enc\_part.subkey (C member)@\spxentry{krb5\_ap\_rep\_enc\_part.subkey}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part.subkey}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_rep\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{subkey}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Subkey (optional) - -\end{fulllineitems} - -\index{krb5\_ap\_rep\_enc\_part.seq\_number (C member)@\spxentry{krb5\_ap\_rep\_enc\_part.seq\_number}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part.seq_number}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ui_4:c.krb5_ui_4}]{\sphinxcrossref{\DUrole{n}{krb5\_ui\_4}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ap_rep_enc_part:c.krb5_ap_rep_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_ap\_rep\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{seq\_number}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Sequence number. - -\end{fulllineitems} - - - -\subsubsection{krb5\_authdata} -\label{\detokenize{appdev/refs/types/krb5_authdata:krb5-authdata}}\label{\detokenize{appdev/refs/types/krb5_authdata:krb5-authdata-struct}}\label{\detokenize{appdev/refs/types/krb5_authdata::doc}}\index{krb5\_authdata (C type)@\spxentry{krb5\_authdata}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_authdata}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Structure for auth data. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_authdata:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_authdata krb5\_authdata - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_authdata:members}}\index{krb5\_authdata.magic (C member)@\spxentry{krb5\_authdata.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_authdata.ad\_type (C member)@\spxentry{krb5\_authdata.ad\_type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata.ad_type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_authdatatype:c.krb5_authdatatype}]{\sphinxcrossref{\DUrole{n}{krb5\_authdatatype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ad\_type}}}}% -\pysigstopmultiline -\sphinxAtStartPar -ADTYPE. - -\end{fulllineitems} - -\index{krb5\_authdata.length (C member)@\spxentry{krb5\_authdata.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata.length}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Length of data. - -\end{fulllineitems} - -\index{krb5\_authdata.contents (C member)@\spxentry{krb5\_authdata.contents}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata.contents}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_octet:c.krb5_octet}]{\sphinxcrossref{\DUrole{n}{krb5\_octet}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{contents}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Data. - -\end{fulllineitems} - - - -\subsubsection{krb5\_authdatatype} -\label{\detokenize{appdev/refs/types/krb5_authdatatype:krb5-authdatatype}}\label{\detokenize{appdev/refs/types/krb5_authdatatype:krb5-authdatatype-struct}}\label{\detokenize{appdev/refs/types/krb5_authdatatype::doc}}\index{krb5\_authdatatype (C type)@\spxentry{krb5\_authdatatype}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authdatatype:c.krb5_authdatatype}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_authdatatype}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_authdatatype:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_authdatatype - - -\subsubsection{krb5\_authenticator} -\label{\detokenize{appdev/refs/types/krb5_authenticator:krb5-authenticator}}\label{\detokenize{appdev/refs/types/krb5_authenticator:krb5-authenticator-struct}}\label{\detokenize{appdev/refs/types/krb5_authenticator::doc}}\index{krb5\_authenticator (C type)@\spxentry{krb5\_authenticator}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_authenticator}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Ticket authenticator. - -\sphinxAtStartPar -The C representation of an unencrypted authenticator. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_authenticator:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_authenticator krb5\_authenticator - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_authenticator:members}}\index{krb5\_authenticator.magic (C member)@\spxentry{krb5\_authenticator.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_authenticator.client (C member)@\spxentry{krb5\_authenticator.client}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.client}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{client}}}}% -\pysigstopmultiline -\sphinxAtStartPar -client name/realm - -\end{fulllineitems} - -\index{krb5\_authenticator.checksum (C member)@\spxentry{krb5\_authenticator.checksum}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.checksum}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{checksum}}}}% -\pysigstopmultiline -\sphinxAtStartPar -checksum, includes type, optional - -\end{fulllineitems} - -\index{krb5\_authenticator.cusec (C member)@\spxentry{krb5\_authenticator.cusec}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.cusec}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{cusec}}}}% -\pysigstopmultiline -\sphinxAtStartPar -client usec portion - -\end{fulllineitems} - -\index{krb5\_authenticator.ctime (C member)@\spxentry{krb5\_authenticator.ctime}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.ctime}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ctime}}}}% -\pysigstopmultiline -\sphinxAtStartPar -client sec portion - -\end{fulllineitems} - -\index{krb5\_authenticator.subkey (C member)@\spxentry{krb5\_authenticator.subkey}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.subkey}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{subkey}}}}% -\pysigstopmultiline -\sphinxAtStartPar -true session key, optional - -\end{fulllineitems} - -\index{krb5\_authenticator.seq\_number (C member)@\spxentry{krb5\_authenticator.seq\_number}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.seq_number}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ui_4:c.krb5_ui_4}]{\sphinxcrossref{\DUrole{n}{krb5\_ui\_4}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{seq\_number}}}}% -\pysigstopmultiline -\sphinxAtStartPar -sequence \#, optional - -\end{fulllineitems} - -\index{krb5\_authenticator.authorization\_data (C member)@\spxentry{krb5\_authenticator.authorization\_data}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator.authorization_data}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{authorization\_data}}}}% -\pysigstopmultiline -\sphinxAtStartPar -authoriazation data - -\end{fulllineitems} - - - -\subsubsection{krb5\_boolean} -\label{\detokenize{appdev/refs/types/krb5_boolean:krb5-boolean}}\label{\detokenize{appdev/refs/types/krb5_boolean:krb5-boolean-struct}}\label{\detokenize{appdev/refs/types/krb5_boolean::doc}}\index{krb5\_boolean (C type)@\spxentry{krb5\_boolean}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_boolean}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_boolean:declaration}} -\sphinxAtStartPar -typedef unsigned int krb5\_boolean - - -\subsubsection{krb5\_checksum} -\label{\detokenize{appdev/refs/types/krb5_checksum:krb5-checksum}}\label{\detokenize{appdev/refs/types/krb5_checksum:krb5-checksum-struct}}\label{\detokenize{appdev/refs/types/krb5_checksum::doc}}\index{krb5\_checksum (C type)@\spxentry{krb5\_checksum}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_checksum}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_checksum:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_checksum krb5\_checksum - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_checksum:members}}\index{krb5\_checksum.magic (C member)@\spxentry{krb5\_checksum.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_checksum.checksum\_type (C member)@\spxentry{krb5\_checksum.checksum\_type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum.checksum_type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}]{\sphinxcrossref{\DUrole{n}{krb5\_cksumtype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{checksum\_type}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_checksum.length (C member)@\spxentry{krb5\_checksum.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum.length}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_checksum.contents (C member)@\spxentry{krb5\_checksum.contents}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum.contents}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_octet:c.krb5_octet}]{\sphinxcrossref{\DUrole{n}{krb5\_octet}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{contents}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_const\_pointer} -\label{\detokenize{appdev/refs/types/krb5_const_pointer:krb5-const-pointer}}\label{\detokenize{appdev/refs/types/krb5_const_pointer:krb5-const-pointer-struct}}\label{\detokenize{appdev/refs/types/krb5_const_pointer::doc}}\index{krb5\_const\_pointer (C type)@\spxentry{krb5\_const\_pointer}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_const_pointer:c.krb5_const_pointer}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_const\_pointer}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_const_pointer:declaration}} -\sphinxAtStartPar -typedef void const* krb5\_const\_pointer - - -\subsubsection{krb5\_const\_principal} -\label{\detokenize{appdev/refs/types/krb5_const_principal:krb5-const-principal}}\label{\detokenize{appdev/refs/types/krb5_const_principal:krb5-const-principal-struct}}\label{\detokenize{appdev/refs/types/krb5_const_principal::doc}}\index{krb5\_const\_principal (C type)@\spxentry{krb5\_const\_principal}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_const\_principal}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Constant version of {\hyperref[\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data}]{\sphinxcrossref{\sphinxcode{\sphinxupquote{krb5\_principal\_data}}}}} . - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_const_principal:declaration}} -\sphinxAtStartPar -typedef const krb5\_principal\_data* krb5\_const\_principal - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_const_principal:members}}\index{krb5\_const\_principal.magic (C member)@\spxentry{krb5\_const\_principal.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_const\_principal.realm (C member)@\spxentry{krb5\_const\_principal.realm}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.realm}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{realm}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_const\_principal.data (C member)@\spxentry{krb5\_const\_principal.data}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.data}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{data}}}}% -\pysigstopmultiline -\sphinxAtStartPar -An array of strings. - -\end{fulllineitems} - -\index{krb5\_const\_principal.length (C member)@\spxentry{krb5\_const\_principal.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.length}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_const\_principal.type (C member)@\spxentry{krb5\_const\_principal.type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal.type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_const_principal:c.krb5_const_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_const\_principal}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{type}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_cred} -\label{\detokenize{appdev/refs/types/krb5_cred:krb5-cred}}\label{\detokenize{appdev/refs/types/krb5_cred:krb5-cred-struct}}\label{\detokenize{appdev/refs/types/krb5_cred::doc}}\index{krb5\_cred (C type)@\spxentry{krb5\_cred}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred:c.krb5_cred}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cred}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Credentials data structure. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_cred:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_cred krb5\_cred - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_cred:members}}\index{krb5\_cred.magic (C member)@\spxentry{krb5\_cred.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred:c.krb5_cred.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred:c.krb5_cred}]{\sphinxcrossref{\DUrole{n}{krb5\_cred}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_cred.tickets (C member)@\spxentry{krb5\_cred.tickets}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred:c.krb5_cred.tickets}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred:c.krb5_cred}]{\sphinxcrossref{\DUrole{n}{krb5\_cred}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{tickets}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Tickets. - -\end{fulllineitems} - -\index{krb5\_cred.enc\_part (C member)@\spxentry{krb5\_cred.enc\_part}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred:c.krb5_cred.enc_part}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred:c.krb5_cred}]{\sphinxcrossref{\DUrole{n}{krb5\_cred}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{enc\_part}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Encrypted part. - -\end{fulllineitems} - -\index{krb5\_cred.enc\_part2 (C member)@\spxentry{krb5\_cred.enc\_part2}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred:c.krb5_cred.enc_part2}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_enc\_part}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred:c.krb5_cred}]{\sphinxcrossref{\DUrole{n}{krb5\_cred}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{enc\_part2}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Unencrypted version, if available. - -\end{fulllineitems} - - - -\subsubsection{krb5\_cred\_enc\_part} -\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:krb5-cred-enc-part}}\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:krb5-cred-enc-part-struct}}\label{\detokenize{appdev/refs/types/krb5_cred_enc_part::doc}}\index{krb5\_cred\_enc\_part (C type)@\spxentry{krb5\_cred\_enc\_part}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cred\_enc\_part}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Cleartext credentials information. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_cred\_enc\_part krb5\_cred\_enc\_part - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:members}}\index{krb5\_cred\_enc\_part.magic (C member)@\spxentry{krb5\_cred\_enc\_part.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_cred\_enc\_part.nonce (C member)@\spxentry{krb5\_cred\_enc\_part.nonce}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.nonce}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{nonce}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Nonce (optional) - -\end{fulllineitems} - -\index{krb5\_cred\_enc\_part.timestamp (C member)@\spxentry{krb5\_cred\_enc\_part.timestamp}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.timestamp}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{timestamp}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Generation time, seconds portion. - -\end{fulllineitems} - -\index{krb5\_cred\_enc\_part.usec (C member)@\spxentry{krb5\_cred\_enc\_part.usec}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.usec}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{usec}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Generation time, microseconds portion. - -\end{fulllineitems} - -\index{krb5\_cred\_enc\_part.s\_address (C member)@\spxentry{krb5\_cred\_enc\_part.s\_address}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.s_address}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{s\_address}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Sender address (optional) - -\end{fulllineitems} - -\index{krb5\_cred\_enc\_part.r\_address (C member)@\spxentry{krb5\_cred\_enc\_part.r\_address}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.r_address}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{r\_address}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Recipient address (optional) - -\end{fulllineitems} - -\index{krb5\_cred\_enc\_part.ticket\_info (C member)@\spxentry{krb5\_cred\_enc\_part.ticket\_info}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part.ticket_info}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_info}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_enc_part:c.krb5_cred_enc_part}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_enc\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ticket\_info}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_cred\_info} -\label{\detokenize{appdev/refs/types/krb5_cred_info:krb5-cred-info}}\label{\detokenize{appdev/refs/types/krb5_cred_info:krb5-cred-info-struct}}\label{\detokenize{appdev/refs/types/krb5_cred_info::doc}}\index{krb5\_cred\_info (C type)@\spxentry{krb5\_cred\_info}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cred\_info}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Credentials information inserted into \sphinxstyleemphasis{EncKrbCredPart} . - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_cred_info:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_cred\_info krb5\_cred\_info - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_cred_info:members}}\index{krb5\_cred\_info.magic (C member)@\spxentry{krb5\_cred\_info.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_info}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_cred\_info.session (C member)@\spxentry{krb5\_cred\_info.session}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.session}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_info}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{session}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Session key used to encrypt ticket. - -\end{fulllineitems} - -\index{krb5\_cred\_info.client (C member)@\spxentry{krb5\_cred\_info.client}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.client}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_info}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{client}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Client principal and realm. - -\end{fulllineitems} - -\index{krb5\_cred\_info.server (C member)@\spxentry{krb5\_cred\_info.server}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.server}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_info}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{server}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Server principal and realm. - -\end{fulllineitems} - -\index{krb5\_cred\_info.flags (C member)@\spxentry{krb5\_cred\_info.flags}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.flags}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_info}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{flags}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Ticket flags. - -\end{fulllineitems} - -\index{krb5\_cred\_info.times (C member)@\spxentry{krb5\_cred\_info.times}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.times}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket\_times}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_info}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{times}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Auth, start, end, renew\_till. - -\end{fulllineitems} - -\index{krb5\_cred\_info.caddrs (C member)@\spxentry{krb5\_cred\_info.caddrs}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info.caddrs}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_cred_info:c.krb5_cred_info}]{\sphinxcrossref{\DUrole{n}{krb5\_cred\_info}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{caddrs}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Array of pointers to addrs (optional) - -\end{fulllineitems} - - - -\subsubsection{krb5\_creds} -\label{\detokenize{appdev/refs/types/krb5_creds:krb5-creds}}\label{\detokenize{appdev/refs/types/krb5_creds:krb5-creds-struct}}\label{\detokenize{appdev/refs/types/krb5_creds::doc}}\index{krb5\_creds (C type)@\spxentry{krb5\_creds}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_creds}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Credentials structure including ticket, session key, and lifetime info. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_creds:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_creds krb5\_creds - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_creds:members}}\index{krb5\_creds.magic (C member)@\spxentry{krb5\_creds.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_creds.client (C member)@\spxentry{krb5\_creds.client}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.client}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{client}}}}% -\pysigstopmultiline -\sphinxAtStartPar -client’s principal identifier - -\end{fulllineitems} - -\index{krb5\_creds.server (C member)@\spxentry{krb5\_creds.server}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.server}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{server}}}}% -\pysigstopmultiline -\sphinxAtStartPar -server’s principal identifier - -\end{fulllineitems} - -\index{krb5\_creds.keyblock (C member)@\spxentry{krb5\_creds.keyblock}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.keyblock}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{keyblock}}}}% -\pysigstopmultiline -\sphinxAtStartPar -session encryption key info - -\end{fulllineitems} - -\index{krb5\_creds.times (C member)@\spxentry{krb5\_creds.times}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.times}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket\_times}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{times}}}}% -\pysigstopmultiline -\sphinxAtStartPar -lifetime info - -\end{fulllineitems} - -\index{krb5\_creds.is\_skey (C member)@\spxentry{krb5\_creds.is\_skey}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.is_skey}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{is\_skey}}}}% -\pysigstopmultiline -\sphinxAtStartPar -true if ticket is encrypted in another ticket’s skey - -\end{fulllineitems} - -\index{krb5\_creds.ticket\_flags (C member)@\spxentry{krb5\_creds.ticket\_flags}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.ticket_flags}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ticket\_flags}}}}% -\pysigstopmultiline -\sphinxAtStartPar -flags in ticket - -\end{fulllineitems} - -\index{krb5\_creds.addresses (C member)@\spxentry{krb5\_creds.addresses}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.addresses}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{addresses}}}}% -\pysigstopmultiline -\sphinxAtStartPar -addrs in ticket - -\end{fulllineitems} - -\index{krb5\_creds.ticket (C member)@\spxentry{krb5\_creds.ticket}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.ticket}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ticket}}}}% -\pysigstopmultiline -\sphinxAtStartPar -ticket string itself - -\end{fulllineitems} - -\index{krb5\_creds.second\_ticket (C member)@\spxentry{krb5\_creds.second\_ticket}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.second_ticket}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{second\_ticket}}}}% -\pysigstopmultiline -\sphinxAtStartPar -second ticket, if related to ticket (via DUPLICATE\sphinxhyphen{}SKEY or ENC\sphinxhyphen{}TKT\sphinxhyphen{}IN\sphinxhyphen{}SKEY) - -\end{fulllineitems} - -\index{krb5\_creds.authdata (C member)@\spxentry{krb5\_creds.authdata}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds.authdata}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_creds:c.krb5_creds}]{\sphinxcrossref{\DUrole{n}{krb5\_creds}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{authdata}}}}% -\pysigstopmultiline -\sphinxAtStartPar -authorization data - -\end{fulllineitems} - - - -\subsubsection{krb5\_crypto\_iov} -\label{\detokenize{appdev/refs/types/krb5_crypto_iov:krb5-crypto-iov}}\label{\detokenize{appdev/refs/types/krb5_crypto_iov:krb5-crypto-iov-struct}}\label{\detokenize{appdev/refs/types/krb5_crypto_iov::doc}}\index{krb5\_crypto\_iov (C type)@\spxentry{krb5\_crypto\_iov}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_crypto\_iov}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Structure to describe a region of text to be encrypted or decrypted. - -\sphinxAtStartPar -The \sphinxstyleemphasis{flags} member describes the type of the iov. The \sphinxstyleemphasis{data} member points to the memory that will be manipulated. All iov APIs take a pointer to the first element of an array of krb5\_crypto\_iov’s along with the size of that array. Buffer contents are manipulated in\sphinxhyphen{}place; data is overwritten. Callers must allocate the right number of krb5\_crypto\_iov structures before calling into an iov API. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_crypto_iov:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_crypto\_iov krb5\_crypto\_iov - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_crypto_iov:members}}\index{krb5\_crypto\_iov.flags (C member)@\spxentry{krb5\_crypto\_iov.flags}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov.flags}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_cryptotype:c.krb5_cryptotype}]{\sphinxcrossref{\DUrole{n}{krb5\_cryptotype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{flags}}}}% -\pysigstopmultiline -\sphinxAtStartPar -iov type (see KRB5\_CRYPTO\_TYPE macros) - -\end{fulllineitems} - -\index{krb5\_crypto\_iov.data (C member)@\spxentry{krb5\_crypto\_iov.data}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov.data}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_crypto_iov:c.krb5_crypto_iov}]{\sphinxcrossref{\DUrole{n}{krb5\_crypto\_iov}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_cryptotype} -\label{\detokenize{appdev/refs/types/krb5_cryptotype:krb5-cryptotype}}\label{\detokenize{appdev/refs/types/krb5_cryptotype:krb5-cryptotype-struct}}\label{\detokenize{appdev/refs/types/krb5_cryptotype::doc}}\index{krb5\_cryptotype (C type)@\spxentry{krb5\_cryptotype}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cryptotype:c.krb5_cryptotype}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cryptotype}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_cryptotype:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_cryptotype - - -\subsubsection{krb5\_data} -\label{\detokenize{appdev/refs/types/krb5_data:krb5-data}}\label{\detokenize{appdev/refs/types/krb5_data:krb5-data-struct}}\label{\detokenize{appdev/refs/types/krb5_data::doc}}\index{krb5\_data (C type)@\spxentry{krb5\_data}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_data:c.krb5_data}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_data:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_data krb5\_data - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_data:members}}\index{krb5\_data.magic (C member)@\spxentry{krb5\_data.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_data:c.krb5_data.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_data.length (C member)@\spxentry{krb5\_data.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_data:c.krb5_data.length}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_data.data (C member)@\spxentry{krb5\_data.data}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_data:c.krb5_data.data}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_deltat} -\label{\detokenize{appdev/refs/types/krb5_deltat:krb5-deltat}}\label{\detokenize{appdev/refs/types/krb5_deltat:krb5-deltat-struct}}\label{\detokenize{appdev/refs/types/krb5_deltat::doc}}\index{krb5\_deltat (C type)@\spxentry{krb5\_deltat}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_deltat:c.krb5_deltat}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_deltat}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_deltat:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_deltat - - -\subsubsection{krb5\_enc\_data} -\label{\detokenize{appdev/refs/types/krb5_enc_data:krb5-enc-data}}\label{\detokenize{appdev/refs/types/krb5_enc_data:krb5-enc-data-struct}}\label{\detokenize{appdev/refs/types/krb5_enc_data::doc}}\index{krb5\_enc\_data (C type)@\spxentry{krb5\_enc\_data}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_enc\_data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_enc_data:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_enc\_data krb5\_enc\_data - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_enc_data:members}}\index{krb5\_enc\_data.magic (C member)@\spxentry{krb5\_enc\_data.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_enc\_data.enctype (C member)@\spxentry{krb5\_enc\_data.enctype}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data.enctype}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{enctype}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_enc\_data.kvno (C member)@\spxentry{krb5\_enc\_data.kvno}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data.kvno}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_kvno:c.krb5_kvno}]{\sphinxcrossref{\DUrole{n}{krb5\_kvno}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{kvno}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_enc\_data.ciphertext (C member)@\spxentry{krb5\_enc\_data.ciphertext}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data.ciphertext}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ciphertext}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_enc\_kdc\_rep\_part} -\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:krb5-enc-kdc-rep-part}}\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:krb5-enc-kdc-rep-part-struct}}\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part::doc}}\index{krb5\_enc\_kdc\_rep\_part (C type)@\spxentry{krb5\_enc\_kdc\_rep\_part}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -C representation of \sphinxstyleemphasis{EncKDCRepPart} protocol message. - -\sphinxAtStartPar -This is the cleartext message that is encrypted and inserted in \sphinxstyleemphasis{KDC\sphinxhyphen{}REP} . - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_enc\_kdc\_rep\_part krb5\_enc\_kdc\_rep\_part - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:members}}\index{krb5\_enc\_kdc\_rep\_part.magic (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_enc\_kdc\_rep\_part.msg\_type (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.msg\_type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.msg_type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_msgtype:c.krb5_msgtype}]{\sphinxcrossref{\DUrole{n}{krb5\_msgtype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{msg\_type}}}}% -\pysigstopmultiline -\sphinxAtStartPar -krb5 message type - -\end{fulllineitems} - -\index{krb5\_enc\_kdc\_rep\_part.session (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.session}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.session}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{session}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Session key. - -\end{fulllineitems} - -\index{krb5\_enc\_kdc\_rep\_part.last\_req (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.last\_req}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.last_req}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_last\_req\_entry}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{last\_req}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Array of pointers to entries. - -\end{fulllineitems} - -\index{krb5\_enc\_kdc\_rep\_part.nonce (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.nonce}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.nonce}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{nonce}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Nonce from request. - -\end{fulllineitems} - -\index{krb5\_enc\_kdc\_rep\_part.key\_exp (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.key\_exp}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.key_exp}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{key\_exp}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Expiration date. - -\end{fulllineitems} - -\index{krb5\_enc\_kdc\_rep\_part.flags (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.flags}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.flags}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{flags}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Ticket flags. - -\end{fulllineitems} - -\index{krb5\_enc\_kdc\_rep\_part.times (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.times}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.times}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket\_times}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{times}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Lifetime info. - -\end{fulllineitems} - -\index{krb5\_enc\_kdc\_rep\_part.server (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.server}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.server}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{server}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Server’s principal identifier. - -\end{fulllineitems} - -\index{krb5\_enc\_kdc\_rep\_part.caddrs (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.caddrs}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.caddrs}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{caddrs}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Array of ptrs to addrs, optional. - -\end{fulllineitems} - -\index{krb5\_enc\_kdc\_rep\_part.enc\_padata (C member)@\spxentry{krb5\_enc\_kdc\_rep\_part.enc\_padata}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part.enc_padata}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{enc\_padata}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Encrypted preauthentication data. - -\end{fulllineitems} - - - -\subsubsection{krb5\_enc\_tkt\_part} -\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:krb5-enc-tkt-part}}\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:krb5-enc-tkt-part-struct}}\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part::doc}}\index{krb5\_enc\_tkt\_part (C type)@\spxentry{krb5\_enc\_tkt\_part}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_enc\_tkt\_part}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Encrypted part of ticket. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_enc\_tkt\_part krb5\_enc\_tkt\_part - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:members}}\index{krb5\_enc\_tkt\_part.magic (C member)@\spxentry{krb5\_enc\_tkt\_part.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_enc\_tkt\_part.flags (C member)@\spxentry{krb5\_enc\_tkt\_part.flags}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.flags}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{flags}}}}% -\pysigstopmultiline -\sphinxAtStartPar -flags - -\end{fulllineitems} - -\index{krb5\_enc\_tkt\_part.session (C member)@\spxentry{krb5\_enc\_tkt\_part.session}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.session}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{session}}}}% -\pysigstopmultiline -\sphinxAtStartPar -session key: includes enctype - -\end{fulllineitems} - -\index{krb5\_enc\_tkt\_part.client (C member)@\spxentry{krb5\_enc\_tkt\_part.client}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.client}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{client}}}}% -\pysigstopmultiline -\sphinxAtStartPar -client name/realm - -\end{fulllineitems} - -\index{krb5\_enc\_tkt\_part.transited (C member)@\spxentry{krb5\_enc\_tkt\_part.transited}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.transited}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_transited:c.krb5_transited}]{\sphinxcrossref{\DUrole{n}{krb5\_transited}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{transited}}}}% -\pysigstopmultiline -\sphinxAtStartPar -list of transited realms - -\end{fulllineitems} - -\index{krb5\_enc\_tkt\_part.times (C member)@\spxentry{krb5\_enc\_tkt\_part.times}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.times}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket\_times}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{times}}}}% -\pysigstopmultiline -\sphinxAtStartPar -auth, start, end, renew\_till - -\end{fulllineitems} - -\index{krb5\_enc\_tkt\_part.caddrs (C member)@\spxentry{krb5\_enc\_tkt\_part.caddrs}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.caddrs}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{caddrs}}}}% -\pysigstopmultiline -\sphinxAtStartPar -array of ptrs to addresses - -\end{fulllineitems} - -\index{krb5\_enc\_tkt\_part.authorization\_data (C member)@\spxentry{krb5\_enc\_tkt\_part.authorization\_data}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part.authorization_data}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{authorization\_data}}}}% -\pysigstopmultiline -\sphinxAtStartPar -auth data - -\end{fulllineitems} - - - -\subsubsection{krb5\_encrypt\_block} -\label{\detokenize{appdev/refs/types/krb5_encrypt_block:krb5-encrypt-block}}\label{\detokenize{appdev/refs/types/krb5_encrypt_block:krb5-encrypt-block-struct}}\label{\detokenize{appdev/refs/types/krb5_encrypt_block::doc}}\index{krb5\_encrypt\_block (C type)@\spxentry{krb5\_encrypt\_block}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_encrypt\_block}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_encrypt_block:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_encrypt\_block krb5\_encrypt\_block - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_encrypt_block:members}}\index{krb5\_encrypt\_block.magic (C member)@\spxentry{krb5\_encrypt\_block.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_encrypt\_block.crypto\_entry (C member)@\spxentry{krb5\_encrypt\_block.crypto\_entry}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block.crypto_entry}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{crypto\_entry}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_encrypt\_block.key (C member)@\spxentry{krb5\_encrypt\_block.key}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block.key}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_encrypt_block:c.krb5_encrypt_block}]{\sphinxcrossref{\DUrole{n}{krb5\_encrypt\_block}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{key}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_enctype} -\label{\detokenize{appdev/refs/types/krb5_enctype:krb5-enctype}}\label{\detokenize{appdev/refs/types/krb5_enctype:krb5-enctype-struct}}\label{\detokenize{appdev/refs/types/krb5_enctype::doc}}\index{krb5\_enctype (C type)@\spxentry{krb5\_enctype}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_enctype}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_enctype:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_enctype - - -\subsubsection{krb5\_error} -\label{\detokenize{appdev/refs/types/krb5_error:krb5-error}}\label{\detokenize{appdev/refs/types/krb5_error:krb5-error-struct}}\label{\detokenize{appdev/refs/types/krb5_error::doc}}\index{krb5\_error (C type)@\spxentry{krb5\_error}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_error}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Error message structure. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_error:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_error krb5\_error - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_error:members}}\index{krb5\_error.magic (C member)@\spxentry{krb5\_error.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_error.ctime (C member)@\spxentry{krb5\_error.ctime}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error.ctime}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ctime}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Client sec portion; optional. - -\end{fulllineitems} - -\index{krb5\_error.cusec (C member)@\spxentry{krb5\_error.cusec}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error.cusec}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{cusec}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Client usec portion; optional. - -\end{fulllineitems} - -\index{krb5\_error.susec (C member)@\spxentry{krb5\_error.susec}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error.susec}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{susec}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Server usec portion. - -\end{fulllineitems} - -\index{krb5\_error.stime (C member)@\spxentry{krb5\_error.stime}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error.stime}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{stime}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Server sec portion. - -\end{fulllineitems} - -\index{krb5\_error.error (C member)@\spxentry{krb5\_error.error}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error.error}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ui_4:c.krb5_ui_4}]{\sphinxcrossref{\DUrole{n}{krb5\_ui\_4}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{error}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Error code (protocol error \#’s) - -\end{fulllineitems} - -\index{krb5\_error.client (C member)@\spxentry{krb5\_error.client}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error.client}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{client}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Client principal and realm. - -\end{fulllineitems} - -\index{krb5\_error.server (C member)@\spxentry{krb5\_error.server}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error.server}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{server}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Server principal and realm. - -\end{fulllineitems} - -\index{krb5\_error.text (C member)@\spxentry{krb5\_error.text}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error.text}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{text}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Descriptive text. - -\end{fulllineitems} - -\index{krb5\_error.e\_data (C member)@\spxentry{krb5\_error.e\_data}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error:c.krb5_error.e_data}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_error:c.krb5_error}]{\sphinxcrossref{\DUrole{n}{krb5\_error}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{e\_data}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Additional error\sphinxhyphen{}describing data. - -\end{fulllineitems} - - - -\subsubsection{krb5\_error\_code} -\label{\detokenize{appdev/refs/types/krb5_error_code:krb5-error-code}}\label{\detokenize{appdev/refs/types/krb5_error_code:krb5-error-code-struct}}\label{\detokenize{appdev/refs/types/krb5_error_code::doc}}\index{krb5\_error\_code (C type)@\spxentry{krb5\_error\_code}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_error_code:c.krb5_error_code}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_error\_code}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Used to convey an operation status. - -\sphinxAtStartPar -The value 0 indicates success; any other values are com\_err codes. Use krb5\_get\_error\_message() to obtain a string describing the error. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_error_code:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_error\_code - - -\subsubsection{krb5\_expire\_callback\_func} -\label{\detokenize{appdev/refs/types/krb5_expire_callback_func:krb5-expire-callback-func}}\label{\detokenize{appdev/refs/types/krb5_expire_callback_func:krb5-expire-callback-func-struct}}\label{\detokenize{appdev/refs/types/krb5_expire_callback_func::doc}}\index{krb5\_expire\_callback\_func (C type)@\spxentry{krb5\_expire\_callback\_func}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_expire_callback_func:c.krb5_expire_callback_func}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_expire\_callback\_func}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_expire_callback_func:declaration}} -\sphinxAtStartPar -typedef void( * krb5\_expire\_callback\_func) (krb5\_context context, void *data, krb5\_timestamp password\_expiration, krb5\_timestamp account\_expiration, krb5\_boolean is\_last\_req) - - -\subsubsection{krb5\_flags} -\label{\detokenize{appdev/refs/types/krb5_flags:krb5-flags}}\label{\detokenize{appdev/refs/types/krb5_flags:krb5-flags-struct}}\label{\detokenize{appdev/refs/types/krb5_flags::doc}}\index{krb5\_flags (C type)@\spxentry{krb5\_flags}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_flags}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_flags:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_flags - - -\subsubsection{krb5\_get\_init\_creds\_opt} -\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:krb5-get-init-creds-opt}}\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:krb5-get-init-creds-opt-struct}}\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt::doc}}\index{krb5\_get\_init\_creds\_opt (C type)@\spxentry{krb5\_get\_init\_creds\_opt}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Store options for \sphinxstyleemphasis{\_krb5\_get\_init\_creds} . - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_get\_init\_creds\_opt krb5\_get\_init\_creds\_opt - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:members}}\index{krb5\_get\_init\_creds\_opt.flags (C member)@\spxentry{krb5\_get\_init\_creds\_opt.flags}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.flags}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{flags}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_get\_init\_creds\_opt.tkt\_life (C member)@\spxentry{krb5\_get\_init\_creds\_opt.tkt\_life}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.tkt_life}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_deltat:c.krb5_deltat}]{\sphinxcrossref{\DUrole{n}{krb5\_deltat}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{tkt\_life}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_get\_init\_creds\_opt.renew\_life (C member)@\spxentry{krb5\_get\_init\_creds\_opt.renew\_life}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.renew_life}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_deltat:c.krb5_deltat}]{\sphinxcrossref{\DUrole{n}{krb5\_deltat}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{renew\_life}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_get\_init\_creds\_opt.forwardable (C member)@\spxentry{krb5\_get\_init\_creds\_opt.forwardable}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.forwardable}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{forwardable}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_get\_init\_creds\_opt.proxiable (C member)@\spxentry{krb5\_get\_init\_creds\_opt.proxiable}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.proxiable}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{proxiable}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_get\_init\_creds\_opt.etype\_list (C member)@\spxentry{krb5\_get\_init\_creds\_opt.etype\_list}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.etype_list}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{etype\_list}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_get\_init\_creds\_opt.etype\_list\_length (C member)@\spxentry{krb5\_get\_init\_creds\_opt.etype\_list\_length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.etype_list_length}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{etype\_list\_length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_get\_init\_creds\_opt.address\_list (C member)@\spxentry{krb5\_get\_init\_creds\_opt.address\_list}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.address_list}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{address\_list}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_get\_init\_creds\_opt.preauth\_list (C member)@\spxentry{krb5\_get\_init\_creds\_opt.preauth\_list}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.preauth_list}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype}]{\sphinxcrossref{\DUrole{n}{krb5\_preauthtype}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{preauth\_list}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_get\_init\_creds\_opt.preauth\_list\_length (C member)@\spxentry{krb5\_get\_init\_creds\_opt.preauth\_list\_length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.preauth_list_length}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{preauth\_list\_length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_get\_init\_creds\_opt.salt (C member)@\spxentry{krb5\_get\_init\_creds\_opt.salt}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt.salt}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_get_init_creds_opt:c.krb5_get_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_get\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{salt}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_gic\_opt\_pa\_data} -\label{\detokenize{appdev/refs/types/krb5_gic_opt_pa_data:krb5-gic-opt-pa-data}}\label{\detokenize{appdev/refs/types/krb5_gic_opt_pa_data:krb5-gic-opt-pa-data-struct}}\label{\detokenize{appdev/refs/types/krb5_gic_opt_pa_data::doc}}\index{krb5\_gic\_opt\_pa\_data (C type)@\spxentry{krb5\_gic\_opt\_pa\_data}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_gic_opt_pa_data:c.krb5_gic_opt_pa_data}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_gic\_opt\_pa\_data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Generic preauth option attribute/value pairs. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_gic_opt_pa_data:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_gic\_opt\_pa\_data krb5\_gic\_opt\_pa\_data - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_gic_opt_pa_data:members}}\index{krb5\_gic\_opt\_pa\_data.attr (C member)@\spxentry{krb5\_gic\_opt\_pa\_data.attr}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_gic_opt_pa_data:c.krb5_gic_opt_pa_data.attr}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_gic_opt_pa_data:c.krb5_gic_opt_pa_data}]{\sphinxcrossref{\DUrole{n}{krb5\_gic\_opt\_pa\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{attr}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_gic\_opt\_pa\_data.value (C member)@\spxentry{krb5\_gic\_opt\_pa\_data.value}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_gic_opt_pa_data:c.krb5_gic_opt_pa_data.value}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_gic_opt_pa_data:c.krb5_gic_opt_pa_data}]{\sphinxcrossref{\DUrole{n}{krb5\_gic\_opt\_pa\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{value}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_int16} -\label{\detokenize{appdev/refs/types/krb5_int16:krb5-int16}}\label{\detokenize{appdev/refs/types/krb5_int16:krb5-int16-struct}}\label{\detokenize{appdev/refs/types/krb5_int16::doc}}\index{krb5\_int16 (C type)@\spxentry{krb5\_int16}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_int16:c.krb5_int16}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_int16}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_int16:declaration}} -\sphinxAtStartPar -typedef int16\_t krb5\_int16 - - -\subsubsection{krb5\_int32} -\label{\detokenize{appdev/refs/types/krb5_int32:krb5-int32}}\label{\detokenize{appdev/refs/types/krb5_int32:krb5-int32-struct}}\label{\detokenize{appdev/refs/types/krb5_int32::doc}}\index{krb5\_int32 (C type)@\spxentry{krb5\_int32}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_int32}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_int32:declaration}} -\sphinxAtStartPar -typedef int32\_t krb5\_int32 - - -\subsubsection{krb5\_kdc\_rep} -\label{\detokenize{appdev/refs/types/krb5_kdc_rep:krb5-kdc-rep}}\label{\detokenize{appdev/refs/types/krb5_kdc_rep:krb5-kdc-rep-struct}}\label{\detokenize{appdev/refs/types/krb5_kdc_rep::doc}}\index{krb5\_kdc\_rep (C type)@\spxentry{krb5\_kdc\_rep}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kdc\_rep}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Representation of the \sphinxstyleemphasis{KDC\sphinxhyphen{}REP} protocol message. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_kdc_rep:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_kdc\_rep krb5\_kdc\_rep - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_kdc_rep:members}}\index{krb5\_kdc\_rep.magic (C member)@\spxentry{krb5\_kdc\_rep.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_rep}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_kdc\_rep.msg\_type (C member)@\spxentry{krb5\_kdc\_rep.msg\_type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.msg_type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_msgtype:c.krb5_msgtype}]{\sphinxcrossref{\DUrole{n}{krb5\_msgtype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_rep}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{msg\_type}}}}% -\pysigstopmultiline -\sphinxAtStartPar -KRB5\_AS\_REP or KRB5\_KDC\_REP. - -\end{fulllineitems} - -\index{krb5\_kdc\_rep.padata (C member)@\spxentry{krb5\_kdc\_rep.padata}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.padata}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_rep}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{padata}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Preauthentication data from KDC. - -\end{fulllineitems} - -\index{krb5\_kdc\_rep.client (C member)@\spxentry{krb5\_kdc\_rep.client}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.client}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_rep}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{client}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Client principal and realm. - -\end{fulllineitems} - -\index{krb5\_kdc\_rep.ticket (C member)@\spxentry{krb5\_kdc\_rep.ticket}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.ticket}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_rep}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ticket}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Ticket. - -\end{fulllineitems} - -\index{krb5\_kdc\_rep.enc\_part (C member)@\spxentry{krb5\_kdc\_rep.enc\_part}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.enc_part}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_rep}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{enc\_part}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Encrypted part of reply. - -\end{fulllineitems} - -\index{krb5\_kdc\_rep.enc\_part2 (C member)@\spxentry{krb5\_kdc\_rep.enc\_part2}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep.enc_part2}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_kdc_rep_part:c.krb5_enc_kdc_rep_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_kdc\_rep\_part}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_rep:c.krb5_kdc_rep}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_rep}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{enc\_part2}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Unencrypted version, if available. - -\end{fulllineitems} - - - -\subsubsection{krb5\_kdc\_req} -\label{\detokenize{appdev/refs/types/krb5_kdc_req:krb5-kdc-req}}\label{\detokenize{appdev/refs/types/krb5_kdc_req:krb5-kdc-req-struct}}\label{\detokenize{appdev/refs/types/krb5_kdc_req::doc}}\index{krb5\_kdc\_req (C type)@\spxentry{krb5\_kdc\_req}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kdc\_req}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -C representation of KDC\sphinxhyphen{}REQ protocol message, including KDC\sphinxhyphen{}REQ\sphinxhyphen{}BODY. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_kdc_req:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_kdc\_req krb5\_kdc\_req - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_kdc_req:members}}\index{krb5\_kdc\_req.magic (C member)@\spxentry{krb5\_kdc\_req.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_kdc\_req.msg\_type (C member)@\spxentry{krb5\_kdc\_req.msg\_type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.msg_type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_msgtype:c.krb5_msgtype}]{\sphinxcrossref{\DUrole{n}{krb5\_msgtype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{msg\_type}}}}% -\pysigstopmultiline -\sphinxAtStartPar -KRB5\_AS\_REQ or KRB5\_TGS\_REQ. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.padata (C member)@\spxentry{krb5\_kdc\_req.padata}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.padata}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{padata}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Preauthentication data. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.kdc\_options (C member)@\spxentry{krb5\_kdc\_req.kdc\_options}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.kdc_options}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{kdc\_options}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Requested options. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.client (C member)@\spxentry{krb5\_kdc\_req.client}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.client}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{client}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Client principal and realm. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.server (C member)@\spxentry{krb5\_kdc\_req.server}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.server}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{server}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Server principal and realm. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.from (C member)@\spxentry{krb5\_kdc\_req.from}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.from}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{from}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Requested start time. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.till (C member)@\spxentry{krb5\_kdc\_req.till}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.till}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{till}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Requested end time. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.rtime (C member)@\spxentry{krb5\_kdc\_req.rtime}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.rtime}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{rtime}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Requested renewable end time. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.nonce (C member)@\spxentry{krb5\_kdc\_req.nonce}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.nonce}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{nonce}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Nonce to match request and response. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.nktypes (C member)@\spxentry{krb5\_kdc\_req.nktypes}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.nktypes}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{nktypes}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Number of enctypes. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.ktype (C member)@\spxentry{krb5\_kdc\_req.ktype}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.ktype}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ktype}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Requested enctypes. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.addresses (C member)@\spxentry{krb5\_kdc\_req.addresses}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.addresses}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_address:c.krb5_address}]{\sphinxcrossref{\DUrole{n}{krb5\_address}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{addresses}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Requested addresses (optional) - -\end{fulllineitems} - -\index{krb5\_kdc\_req.authorization\_data (C member)@\spxentry{krb5\_kdc\_req.authorization\_data}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.authorization_data}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{authorization\_data}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Encrypted authz data (optional) - -\end{fulllineitems} - -\index{krb5\_kdc\_req.unenc\_authdata (C member)@\spxentry{krb5\_kdc\_req.unenc\_authdata}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.unenc_authdata}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_authdata:c.krb5_authdata}]{\sphinxcrossref{\DUrole{n}{krb5\_authdata}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{unenc\_authdata}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Unencrypted authz data. - -\end{fulllineitems} - -\index{krb5\_kdc\_req.second\_ticket (C member)@\spxentry{krb5\_kdc\_req.second\_ticket}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req.second_ticket}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_kdc_req:c.krb5_kdc_req}]{\sphinxcrossref{\DUrole{n}{krb5\_kdc\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{second\_ticket}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Second ticket array (optional) - -\end{fulllineitems} - - - -\subsubsection{krb5\_keyblock} -\label{\detokenize{appdev/refs/types/krb5_keyblock:krb5-keyblock}}\label{\detokenize{appdev/refs/types/krb5_keyblock:krb5-keyblock-struct}}\label{\detokenize{appdev/refs/types/krb5_keyblock::doc}}\index{krb5\_keyblock (C type)@\spxentry{krb5\_keyblock}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_keyblock}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Exposed contents of a key. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_keyblock:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_keyblock krb5\_keyblock - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_keyblock:members}}\index{krb5\_keyblock.magic (C member)@\spxentry{krb5\_keyblock.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_keyblock.enctype (C member)@\spxentry{krb5\_keyblock.enctype}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock.enctype}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enctype:c.krb5_enctype}]{\sphinxcrossref{\DUrole{n}{krb5\_enctype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{enctype}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_keyblock.length (C member)@\spxentry{krb5\_keyblock.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock.length}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_keyblock.contents (C member)@\spxentry{krb5\_keyblock.contents}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock.contents}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_octet:c.krb5_octet}]{\sphinxcrossref{\DUrole{n}{krb5\_octet}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{contents}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_keytab\_entry} -\label{\detokenize{appdev/refs/types/krb5_keytab_entry:krb5-keytab-entry}}\label{\detokenize{appdev/refs/types/krb5_keytab_entry:krb5-keytab-entry-struct}}\label{\detokenize{appdev/refs/types/krb5_keytab_entry::doc}}\index{krb5\_keytab\_entry (C type)@\spxentry{krb5\_keytab\_entry}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_keytab\_entry}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -A key table entry. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_keytab_entry:declaration}} -\sphinxAtStartPar -typedef struct krb5\_keytab\_entry\_st krb5\_keytab\_entry - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_keytab_entry:members}}\index{krb5\_keytab\_entry.magic (C member)@\spxentry{krb5\_keytab\_entry.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_keytab\_entry.principal (C member)@\spxentry{krb5\_keytab\_entry.principal}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry.principal}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{principal}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Principal of this key. - -\end{fulllineitems} - -\index{krb5\_keytab\_entry.timestamp (C member)@\spxentry{krb5\_keytab\_entry.timestamp}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry.timestamp}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{timestamp}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Time entry written to keytable. - -\end{fulllineitems} - -\index{krb5\_keytab\_entry.vno (C member)@\spxentry{krb5\_keytab\_entry.vno}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry.vno}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_kvno:c.krb5_kvno}]{\sphinxcrossref{\DUrole{n}{krb5\_kvno}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{vno}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Key version number. - -\end{fulllineitems} - -\index{krb5\_keytab\_entry.key (C member)@\spxentry{krb5\_keytab\_entry.key}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry.key}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_keyblock:c.krb5_keyblock}]{\sphinxcrossref{\DUrole{n}{krb5\_keyblock}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_keytab_entry:c.krb5_keytab_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_keytab\_entry}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{key}}}}% -\pysigstopmultiline -\sphinxAtStartPar -The secret key. - -\end{fulllineitems} - - - -\subsubsection{krb5\_keyusage} -\label{\detokenize{appdev/refs/types/krb5_keyusage:krb5-keyusage}}\label{\detokenize{appdev/refs/types/krb5_keyusage:krb5-keyusage-struct}}\label{\detokenize{appdev/refs/types/krb5_keyusage::doc}}\index{krb5\_keyusage (C type)@\spxentry{krb5\_keyusage}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keyusage:c.krb5_keyusage}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_keyusage}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_keyusage:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_keyusage - - -\subsubsection{krb5\_kt\_cursor} -\label{\detokenize{appdev/refs/types/krb5_kt_cursor:krb5-kt-cursor}}\label{\detokenize{appdev/refs/types/krb5_kt_cursor:krb5-kt-cursor-struct}}\label{\detokenize{appdev/refs/types/krb5_kt_cursor::doc}}\index{krb5\_kt\_cursor (C type)@\spxentry{krb5\_kt\_cursor}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kt_cursor:c.krb5_kt_cursor}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kt\_cursor}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_kt_cursor:declaration}} -\sphinxAtStartPar -typedef krb5\_pointer krb5\_kt\_cursor - - -\subsubsection{krb5\_kvno} -\label{\detokenize{appdev/refs/types/krb5_kvno:krb5-kvno}}\label{\detokenize{appdev/refs/types/krb5_kvno:krb5-kvno-struct}}\label{\detokenize{appdev/refs/types/krb5_kvno::doc}}\index{krb5\_kvno (C type)@\spxentry{krb5\_kvno}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_kvno:c.krb5_kvno}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_kvno}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_kvno:declaration}} -\sphinxAtStartPar -typedef unsigned int krb5\_kvno - - -\subsubsection{krb5\_last\_req\_entry} -\label{\detokenize{appdev/refs/types/krb5_last_req_entry:krb5-last-req-entry}}\label{\detokenize{appdev/refs/types/krb5_last_req_entry:krb5-last-req-entry-struct}}\label{\detokenize{appdev/refs/types/krb5_last_req_entry::doc}}\index{krb5\_last\_req\_entry (C type)@\spxentry{krb5\_last\_req\_entry}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_last\_req\_entry}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Last request entry. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_last_req_entry:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_last\_req\_entry krb5\_last\_req\_entry - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_last_req_entry:members}}\index{krb5\_last\_req\_entry.magic (C member)@\spxentry{krb5\_last\_req\_entry.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_last\_req\_entry}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_last\_req\_entry.lr\_type (C member)@\spxentry{krb5\_last\_req\_entry.lr\_type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry.lr_type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_last\_req\_entry}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{lr\_type}}}}% -\pysigstopmultiline -\sphinxAtStartPar -LR type. - -\end{fulllineitems} - -\index{krb5\_last\_req\_entry.value (C member)@\spxentry{krb5\_last\_req\_entry.value}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry.value}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_last_req_entry:c.krb5_last_req_entry}]{\sphinxcrossref{\DUrole{n}{krb5\_last\_req\_entry}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{value}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Timestamp. - -\end{fulllineitems} - - - -\subsubsection{krb5\_magic} -\label{\detokenize{appdev/refs/types/krb5_magic:krb5-magic}}\label{\detokenize{appdev/refs/types/krb5_magic:krb5-magic-struct}}\label{\detokenize{appdev/refs/types/krb5_magic::doc}}\index{krb5\_magic (C type)@\spxentry{krb5\_magic}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_magic:declaration}} -\sphinxAtStartPar -typedef krb5\_error\_code krb5\_magic - - -\subsubsection{krb5\_mk\_req\_checksum\_func} -\label{\detokenize{appdev/refs/types/krb5_mk_req_checksum_func:krb5-mk-req-checksum-func}}\label{\detokenize{appdev/refs/types/krb5_mk_req_checksum_func:krb5-mk-req-checksum-func-struct}}\label{\detokenize{appdev/refs/types/krb5_mk_req_checksum_func::doc}}\index{krb5\_mk\_req\_checksum\_func (C type)@\spxentry{krb5\_mk\_req\_checksum\_func}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_mk_req_checksum_func:c.krb5_mk_req_checksum_func}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_mk\_req\_checksum\_func}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Type of function used as a callback to generate checksum data for mk\_req. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_mk_req_checksum_func:declaration}} -\sphinxAtStartPar -typedef krb5\_error\_code( * krb5\_mk\_req\_checksum\_func) (krb5\_context, krb5\_auth\_context, void *, krb5\_data **) - - -\subsubsection{krb5\_msgtype} -\label{\detokenize{appdev/refs/types/krb5_msgtype:krb5-msgtype}}\label{\detokenize{appdev/refs/types/krb5_msgtype:krb5-msgtype-struct}}\label{\detokenize{appdev/refs/types/krb5_msgtype::doc}}\index{krb5\_msgtype (C type)@\spxentry{krb5\_msgtype}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_msgtype:c.krb5_msgtype}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_msgtype}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_msgtype:declaration}} -\sphinxAtStartPar -typedef unsigned int krb5\_msgtype - - -\subsubsection{krb5\_octet} -\label{\detokenize{appdev/refs/types/krb5_octet:krb5-octet}}\label{\detokenize{appdev/refs/types/krb5_octet:krb5-octet-struct}}\label{\detokenize{appdev/refs/types/krb5_octet::doc}}\index{krb5\_octet (C type)@\spxentry{krb5\_octet}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_octet:c.krb5_octet}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_octet}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_octet:declaration}} -\sphinxAtStartPar -typedef uint8\_t krb5\_octet - - -\subsubsection{krb5\_pa\_pac\_req} -\label{\detokenize{appdev/refs/types/krb5_pa_pac_req:krb5-pa-pac-req}}\label{\detokenize{appdev/refs/types/krb5_pa_pac_req:krb5-pa-pac-req-struct}}\label{\detokenize{appdev/refs/types/krb5_pa_pac_req::doc}}\index{krb5\_pa\_pac\_req (C type)@\spxentry{krb5\_pa\_pac\_req}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_pac_req:c.krb5_pa_pac_req}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pa\_pac\_req}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_pa_pac_req:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_pa\_pac\_req krb5\_pa\_pac\_req - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_pa_pac_req:members}}\index{krb5\_pa\_pac\_req.include\_pac (C member)@\spxentry{krb5\_pa\_pac\_req.include\_pac}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_pac_req:c.krb5_pa_pac_req.include_pac}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_boolean:c.krb5_boolean}]{\sphinxcrossref{\DUrole{n}{krb5\_boolean}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_pac_req:c.krb5_pa_pac_req}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_pac\_req}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{include\_pac}}}}% -\pysigstopmultiline -\sphinxAtStartPar -TRUE if a PAC should be included in TGS\sphinxhyphen{}REP. - -\end{fulllineitems} - - - -\subsubsection{krb5\_pa\_server\_referral\_data} -\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data:krb5-pa-server-referral-data}}\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data:krb5-pa-server-referral-data-struct}}\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data::doc}}\index{krb5\_pa\_server\_referral\_data (C type)@\spxentry{krb5\_pa\_server\_referral\_data}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pa\_server\_referral\_data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_pa\_server\_referral\_data krb5\_pa\_server\_referral\_data - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data:members}}\index{krb5\_pa\_server\_referral\_data.referred\_realm (C member)@\spxentry{krb5\_pa\_server\_referral\_data.referred\_realm}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data.referred_realm}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_server\_referral\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{referred\_realm}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_pa\_server\_referral\_data.true\_principal\_name (C member)@\spxentry{krb5\_pa\_server\_referral\_data.true\_principal\_name}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data.true_principal_name}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_server\_referral\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{true\_principal\_name}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_pa\_server\_referral\_data.requested\_principal\_name (C member)@\spxentry{krb5\_pa\_server\_referral\_data.requested\_principal\_name}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data.requested_principal_name}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_server\_referral\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{requested\_principal\_name}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_pa\_server\_referral\_data.referral\_valid\_until (C member)@\spxentry{krb5\_pa\_server\_referral\_data.referral\_valid\_until}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data.referral_valid_until}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_server\_referral\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{referral\_valid\_until}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_pa\_server\_referral\_data.rep\_cksum (C member)@\spxentry{krb5\_pa\_server\_referral\_data.rep\_cksum}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data.rep_cksum}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_checksum:c.krb5_checksum}]{\sphinxcrossref{\DUrole{n}{krb5\_checksum}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_server_referral_data:c.krb5_pa_server_referral_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_server\_referral\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{rep\_cksum}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_pa\_svr\_referral\_data} -\label{\detokenize{appdev/refs/types/krb5_pa_svr_referral_data:krb5-pa-svr-referral-data}}\label{\detokenize{appdev/refs/types/krb5_pa_svr_referral_data:krb5-pa-svr-referral-data-struct}}\label{\detokenize{appdev/refs/types/krb5_pa_svr_referral_data::doc}}\index{krb5\_pa\_svr\_referral\_data (C type)@\spxentry{krb5\_pa\_svr\_referral\_data}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_svr_referral_data:c.krb5_pa_svr_referral_data}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pa\_svr\_referral\_data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_pa_svr_referral_data:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_pa\_svr\_referral\_data krb5\_pa\_svr\_referral\_data - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_pa_svr_referral_data:members}}\index{krb5\_pa\_svr\_referral\_data.principal (C member)@\spxentry{krb5\_pa\_svr\_referral\_data.principal}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_svr_referral_data:c.krb5_pa_svr_referral_data.principal}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_svr_referral_data:c.krb5_pa_svr_referral_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_svr\_referral\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{principal}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Referred name, only realm is required. - -\end{fulllineitems} - - - -\subsubsection{krb5\_pa\_data} -\label{\detokenize{appdev/refs/types/krb5_pa_data:krb5-pa-data}}\label{\detokenize{appdev/refs/types/krb5_pa_data:krb5-pa-data-struct}}\label{\detokenize{appdev/refs/types/krb5_pa_data::doc}}\index{krb5\_pa\_data (C type)@\spxentry{krb5\_pa\_data}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pa\_data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Pre\sphinxhyphen{}authentication data. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_pa_data:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_pa\_data krb5\_pa\_data - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_pa_data:members}}\index{krb5\_pa\_data.magic (C member)@\spxentry{krb5\_pa\_data.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_pa\_data.pa\_type (C member)@\spxentry{krb5\_pa\_data.pa\_type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data.pa_type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype}]{\sphinxcrossref{\DUrole{n}{krb5\_preauthtype}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{pa\_type}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Preauthentication data type. - -\end{fulllineitems} - -\index{krb5\_pa\_data.length (C member)@\spxentry{krb5\_pa\_data.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data.length}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Length of data. - -\end{fulllineitems} - -\index{krb5\_pa\_data.contents (C member)@\spxentry{krb5\_pa\_data.contents}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data.contents}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_octet:c.krb5_octet}]{\sphinxcrossref{\DUrole{n}{krb5\_octet}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pa_data:c.krb5_pa_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pa\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{contents}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Data. - -\end{fulllineitems} - - - -\subsubsection{krb5\_pointer} -\label{\detokenize{appdev/refs/types/krb5_pointer:krb5-pointer}}\label{\detokenize{appdev/refs/types/krb5_pointer:krb5-pointer-struct}}\label{\detokenize{appdev/refs/types/krb5_pointer::doc}}\index{krb5\_pointer (C type)@\spxentry{krb5\_pointer}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pointer:c.krb5_pointer}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pointer}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_pointer:declaration}} -\sphinxAtStartPar -typedef void* krb5\_pointer - - -\subsubsection{krb5\_post\_recv\_fn} -\label{\detokenize{appdev/refs/types/krb5_post_recv_fn:krb5-post-recv-fn}}\label{\detokenize{appdev/refs/types/krb5_post_recv_fn:krb5-post-recv-fn-struct}}\label{\detokenize{appdev/refs/types/krb5_post_recv_fn::doc}}\index{krb5\_post\_recv\_fn (C type)@\spxentry{krb5\_post\_recv\_fn}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_post_recv_fn:c.krb5_post_recv_fn}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_post\_recv\_fn}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Hook function for inspecting or overriding KDC replies. - -\sphinxAtStartPar -If \sphinxstyleemphasis{code} is non\sphinxhyphen{}zero, KDC communication failed and \sphinxstyleemphasis{reply} should be ignored. The hook function may return \sphinxstyleemphasis{code} or a different error code, or may synthesize a reply by setting \sphinxstyleemphasis{new\_reply\_out} and return successfully. -The hook function should use krb5\_copy\_data() to construct the value for \sphinxstyleemphasis{new\_reply\_out} , to ensure that it can be freed correctly by the library. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_post_recv_fn:declaration}} -\sphinxAtStartPar -typedef krb5\_error\_code( * krb5\_post\_recv\_fn) (krb5\_context context, void *data, krb5\_error\_code code, const krb5\_data *realm, const krb5\_data *message, const krb5\_data *reply, krb5\_data **new\_reply\_out) - - -\subsubsection{krb5\_pre\_send\_fn} -\label{\detokenize{appdev/refs/types/krb5_pre_send_fn:krb5-pre-send-fn}}\label{\detokenize{appdev/refs/types/krb5_pre_send_fn:krb5-pre-send-fn-struct}}\label{\detokenize{appdev/refs/types/krb5_pre_send_fn::doc}}\index{krb5\_pre\_send\_fn (C type)@\spxentry{krb5\_pre\_send\_fn}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pre_send_fn:c.krb5_pre_send_fn}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pre\_send\_fn}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Hook function for inspecting or modifying messages sent to KDCs. - -\sphinxAtStartPar -If the hook function sets \sphinxstyleemphasis{new\_reply\_out} , \sphinxstyleemphasis{message} will not be sent to the KDC, and the given reply will used instead. -If the hook function sets \sphinxstyleemphasis{new\_message\_out} , the given message will be sent to the KDC in place of \sphinxstyleemphasis{message} . -If the hook function returns successfully without setting either output, \sphinxstyleemphasis{message} will be sent to the KDC normally. -The hook function should use krb5\_copy\_data() to construct the value for \sphinxstyleemphasis{new\_message\_out} or \sphinxstyleemphasis{reply\_out} , to ensure that it can be freed correctly by the library. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_pre_send_fn:declaration}} -\sphinxAtStartPar -typedef krb5\_error\_code( * krb5\_pre\_send\_fn) (krb5\_context context, void *data, const krb5\_data *realm, const krb5\_data *message, krb5\_data **new\_message\_out, krb5\_data **new\_reply\_out) - - -\subsubsection{krb5\_preauthtype} -\label{\detokenize{appdev/refs/types/krb5_preauthtype:krb5-preauthtype}}\label{\detokenize{appdev/refs/types/krb5_preauthtype:krb5-preauthtype-struct}}\label{\detokenize{appdev/refs/types/krb5_preauthtype::doc}}\index{krb5\_preauthtype (C type)@\spxentry{krb5\_preauthtype}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_preauthtype:c.krb5_preauthtype}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_preauthtype}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_preauthtype:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_preauthtype - - -\subsubsection{krb5\_principal} -\label{\detokenize{appdev/refs/types/krb5_principal:krb5-principal}}\label{\detokenize{appdev/refs/types/krb5_principal:krb5-principal-struct}}\label{\detokenize{appdev/refs/types/krb5_principal::doc}}\index{krb5\_principal (C type)@\spxentry{krb5\_principal}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_principal}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_principal:declaration}} -\sphinxAtStartPar -typedef krb5\_principal\_data* krb5\_principal - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_principal:members}}\index{krb5\_principal.magic (C member)@\spxentry{krb5\_principal.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_principal.realm (C member)@\spxentry{krb5\_principal.realm}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal.realm}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{realm}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_principal.data (C member)@\spxentry{krb5\_principal.data}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal.data}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{data}}}}% -\pysigstopmultiline -\sphinxAtStartPar -An array of strings. - -\end{fulllineitems} - -\index{krb5\_principal.length (C member)@\spxentry{krb5\_principal.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal.length}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_principal.type (C member)@\spxentry{krb5\_principal.type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal.type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{type}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_principal\_data} -\label{\detokenize{appdev/refs/types/krb5_principal_data:krb5-principal-data}}\label{\detokenize{appdev/refs/types/krb5_principal_data:krb5-principal-data-struct}}\label{\detokenize{appdev/refs/types/krb5_principal_data::doc}}\index{krb5\_principal\_data (C type)@\spxentry{krb5\_principal\_data}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_principal\_data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_principal_data:declaration}} -\sphinxAtStartPar -typedef struct krb5\_principal\_data krb5\_principal\_data - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_principal_data:members}}\index{krb5\_principal\_data.magic (C member)@\spxentry{krb5\_principal\_data.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data}]{\sphinxcrossref{\DUrole{n}{krb5\_principal\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_principal\_data.realm (C member)@\spxentry{krb5\_principal\_data.realm}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data.realm}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data}]{\sphinxcrossref{\DUrole{n}{krb5\_principal\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{realm}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_principal\_data.data (C member)@\spxentry{krb5\_principal\_data.data}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data.data}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data}]{\sphinxcrossref{\DUrole{n}{krb5\_principal\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{data}}}}% -\pysigstopmultiline -\sphinxAtStartPar -An array of strings. - -\end{fulllineitems} - -\index{krb5\_principal\_data.length (C member)@\spxentry{krb5\_principal\_data.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data.length}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data}]{\sphinxcrossref{\DUrole{n}{krb5\_principal\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_principal\_data.type (C member)@\spxentry{krb5\_principal\_data.type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data.type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_principal_data:c.krb5_principal_data}]{\sphinxcrossref{\DUrole{n}{krb5\_principal\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{type}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_prompt} -\label{\detokenize{appdev/refs/types/krb5_prompt:krb5-prompt}}\label{\detokenize{appdev/refs/types/krb5_prompt:krb5-prompt-struct}}\label{\detokenize{appdev/refs/types/krb5_prompt::doc}}\index{krb5\_prompt (C type)@\spxentry{krb5\_prompt}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_prompt:c.krb5_prompt}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_prompt}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Text for prompt used in prompter callback function. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_prompt:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_prompt krb5\_prompt - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_prompt:members}}\index{krb5\_prompt.prompt (C member)@\spxentry{krb5\_prompt.prompt}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_prompt:c.krb5_prompt.prompt}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_prompt:c.krb5_prompt}]{\sphinxcrossref{\DUrole{n}{krb5\_prompt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{prompt}}}}% -\pysigstopmultiline -\sphinxAtStartPar -The prompt to show to the user. - -\end{fulllineitems} - -\index{krb5\_prompt.hidden (C member)@\spxentry{krb5\_prompt.hidden}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_prompt:c.krb5_prompt.hidden}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_prompt:c.krb5_prompt}]{\sphinxcrossref{\DUrole{n}{krb5\_prompt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{hidden}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Boolean; informative prompt or hidden (e.g. -PIN) - -\end{fulllineitems} - -\index{krb5\_prompt.reply (C member)@\spxentry{krb5\_prompt.reply}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_prompt:c.krb5_prompt.reply}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_prompt:c.krb5_prompt}]{\sphinxcrossref{\DUrole{n}{krb5\_prompt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{reply}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Must be allocated before call to prompt routine. - -\end{fulllineitems} - - - -\subsubsection{krb5\_prompt\_type} -\label{\detokenize{appdev/refs/types/krb5_prompt_type:krb5-prompt-type}}\label{\detokenize{appdev/refs/types/krb5_prompt_type:krb5-prompt-type-struct}}\label{\detokenize{appdev/refs/types/krb5_prompt_type::doc}}\index{krb5\_prompt\_type (C type)@\spxentry{krb5\_prompt\_type}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_prompt_type:c.krb5_prompt_type}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_prompt\_type}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_prompt_type:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_prompt\_type - - -\subsubsection{krb5\_prompter\_fct} -\label{\detokenize{appdev/refs/types/krb5_prompter_fct:krb5-prompter-fct}}\label{\detokenize{appdev/refs/types/krb5_prompter_fct:krb5-prompter-fct-struct}}\label{\detokenize{appdev/refs/types/krb5_prompter_fct::doc}}\index{krb5\_prompter\_fct (C type)@\spxentry{krb5\_prompter\_fct}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_prompter_fct:c.krb5_prompter_fct}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_prompter\_fct}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Pointer to a prompter callback function. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_prompter_fct:declaration}} -\sphinxAtStartPar -typedef krb5\_error\_code( * krb5\_prompter\_fct) (krb5\_context context, void *data, const char *name, const char *banner, int num\_prompts, krb5\_prompt prompts{[}{]}) - - -\subsubsection{krb5\_pwd\_data} -\label{\detokenize{appdev/refs/types/krb5_pwd_data:krb5-pwd-data}}\label{\detokenize{appdev/refs/types/krb5_pwd_data:krb5-pwd-data-struct}}\label{\detokenize{appdev/refs/types/krb5_pwd_data::doc}}\index{krb5\_pwd\_data (C type)@\spxentry{krb5\_pwd\_data}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pwd\_data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_pwd_data:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_pwd\_data krb5\_pwd\_data - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_pwd_data:members}}\index{krb5\_pwd\_data.magic (C member)@\spxentry{krb5\_pwd\_data.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pwd\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_pwd\_data.sequence\_count (C member)@\spxentry{krb5\_pwd\_data.sequence\_count}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data.sequence_count}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pwd\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{sequence\_count}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_pwd\_data.element (C member)@\spxentry{krb5\_pwd\_data.element}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data.element}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element}]{\sphinxcrossref{\DUrole{n}{passwd\_phrase\_element}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_pwd_data:c.krb5_pwd_data}]{\sphinxcrossref{\DUrole{n}{krb5\_pwd\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{element}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_responder\_context} -\label{\detokenize{appdev/refs/types/krb5_responder_context:krb5-responder-context}}\label{\detokenize{appdev/refs/types/krb5_responder_context:krb5-responder-context-struct}}\label{\detokenize{appdev/refs/types/krb5_responder_context::doc}}\index{krb5\_responder\_context (C type)@\spxentry{krb5\_responder\_context}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_context:c.krb5_responder_context}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_context}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -A container for a set of preauthentication questions and answers. - -\sphinxAtStartPar -A responder context is supplied by the krb5 authentication system to a krb5\_responder\_fn callback. It contains a list of questions and can receive answers. Questions contained in a responder context can be listed using krb5\_responder\_list\_questions(), retrieved using krb5\_responder\_get\_challenge(), or answered using krb5\_responder\_set\_answer(). The form of a question’s challenge and answer depend on the question name. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_responder_context:declaration}} -\sphinxAtStartPar -typedef struct krb5\_responder\_context\_st* krb5\_responder\_context - - -\subsubsection{krb5\_responder\_fn} -\label{\detokenize{appdev/refs/types/krb5_responder_fn:krb5-responder-fn}}\label{\detokenize{appdev/refs/types/krb5_responder_fn:krb5-responder-fn-struct}}\label{\detokenize{appdev/refs/types/krb5_responder_fn::doc}}\index{krb5\_responder\_fn (C type)@\spxentry{krb5\_responder\_fn}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_fn:c.krb5_responder_fn}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_fn}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Responder function for an initial credential exchange. - -\sphinxAtStartPar -If a required question is unanswered, the prompter may be called. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_responder_fn:declaration}} -\sphinxAtStartPar -typedef krb5\_error\_code( * krb5\_responder\_fn) (krb5\_context ctx, void *data, krb5\_responder\_context rctx) - - -\subsubsection{krb5\_responder\_otp\_challenge} -\label{\detokenize{appdev/refs/types/krb5_responder_otp_challenge:krb5-responder-otp-challenge}}\label{\detokenize{appdev/refs/types/krb5_responder_otp_challenge:krb5-responder-otp-challenge-struct}}\label{\detokenize{appdev/refs/types/krb5_responder_otp_challenge::doc}}\index{krb5\_responder\_otp\_challenge (C type)@\spxentry{krb5\_responder\_otp\_challenge}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_otp\_challenge}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_responder_otp_challenge:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_responder\_otp\_challenge krb5\_responder\_otp\_challenge - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_responder_otp_challenge:members}}\index{krb5\_responder\_otp\_challenge.service (C member)@\spxentry{krb5\_responder\_otp\_challenge.service}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge.service}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_challenge}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{service}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_responder\_otp\_challenge.tokeninfo (C member)@\spxentry{krb5\_responder\_otp\_challenge.tokeninfo}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge.tokeninfo}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_tokeninfo}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_challenge:c.krb5_responder_otp_challenge}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_challenge}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{tokeninfo}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_responder\_otp\_tokeninfo} -\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:krb5-responder-otp-tokeninfo}}\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:krb5-responder-otp-tokeninfo-struct}}\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo::doc}}\index{krb5\_responder\_otp\_tokeninfo (C type)@\spxentry{krb5\_responder\_otp\_tokeninfo}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_otp\_tokeninfo}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_responder\_otp\_tokeninfo krb5\_responder\_otp\_tokeninfo - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:members}}\index{krb5\_responder\_otp\_tokeninfo.flags (C member)@\spxentry{krb5\_responder\_otp\_tokeninfo.flags}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.flags}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_tokeninfo}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{flags}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_responder\_otp\_tokeninfo.format (C member)@\spxentry{krb5\_responder\_otp\_tokeninfo.format}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.format}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_tokeninfo}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{format}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_responder\_otp\_tokeninfo.length (C member)@\spxentry{krb5\_responder\_otp\_tokeninfo.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.length}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_tokeninfo}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_responder\_otp\_tokeninfo.vendor (C member)@\spxentry{krb5\_responder\_otp\_tokeninfo.vendor}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.vendor}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_tokeninfo}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{vendor}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_responder\_otp\_tokeninfo.challenge (C member)@\spxentry{krb5\_responder\_otp\_tokeninfo.challenge}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.challenge}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_tokeninfo}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{challenge}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_responder\_otp\_tokeninfo.token\_id (C member)@\spxentry{krb5\_responder\_otp\_tokeninfo.token\_id}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.token_id}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_tokeninfo}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{token\_id}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_responder\_otp\_tokeninfo.alg\_id (C member)@\spxentry{krb5\_responder\_otp\_tokeninfo.alg\_id}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo.alg_id}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_otp_tokeninfo:c.krb5_responder_otp_tokeninfo}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_otp\_tokeninfo}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{alg\_id}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_responder\_pkinit\_challenge} -\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_challenge:krb5-responder-pkinit-challenge}}\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_challenge:krb5-responder-pkinit-challenge-struct}}\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_challenge::doc}}\index{krb5\_responder\_pkinit\_challenge (C type)@\spxentry{krb5\_responder\_pkinit\_challenge}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_challenge:c.krb5_responder_pkinit_challenge}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_pkinit\_challenge}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_challenge:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_responder\_pkinit\_challenge krb5\_responder\_pkinit\_challenge - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_challenge:members}}\index{krb5\_responder\_pkinit\_challenge.identities (C member)@\spxentry{krb5\_responder\_pkinit\_challenge.identities}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_challenge:c.krb5_responder_pkinit_challenge.identities}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_pkinit_identity:c.krb5_responder_pkinit_identity}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_pkinit\_identity}}}}\DUrole{w}{ }\DUrole{p}{*}\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_pkinit_challenge:c.krb5_responder_pkinit_challenge}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_pkinit\_challenge}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{identities}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_responder\_pkinit\_identity} -\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_identity:krb5-responder-pkinit-identity}}\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_identity:krb5-responder-pkinit-identity-struct}}\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_identity::doc}}\index{krb5\_responder\_pkinit\_identity (C type)@\spxentry{krb5\_responder\_pkinit\_identity}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_identity:c.krb5_responder_pkinit_identity}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_responder\_pkinit\_identity}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_identity:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_responder\_pkinit\_identity krb5\_responder\_pkinit\_identity - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_identity:members}}\index{krb5\_responder\_pkinit\_identity.identity (C member)@\spxentry{krb5\_responder\_pkinit\_identity.identity}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_identity:c.krb5_responder_pkinit_identity.identity}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_pkinit_identity:c.krb5_responder_pkinit_identity}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_pkinit\_identity}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{identity}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_responder\_pkinit\_identity.token\_flags (C member)@\spxentry{krb5\_responder\_pkinit\_identity.token\_flags}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_responder_pkinit_identity:c.krb5_responder_pkinit_identity.token_flags}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_responder_pkinit_identity:c.krb5_responder_pkinit_identity}]{\sphinxcrossref{\DUrole{n}{krb5\_responder\_pkinit\_identity}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{token\_flags}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_response} -\label{\detokenize{appdev/refs/types/krb5_response:krb5-response}}\label{\detokenize{appdev/refs/types/krb5_response:krb5-response-struct}}\label{\detokenize{appdev/refs/types/krb5_response::doc}}\index{krb5\_response (C type)@\spxentry{krb5\_response}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_response:c.krb5_response}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_response}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_response:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_response krb5\_response - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_response:members}}\index{krb5\_response.magic (C member)@\spxentry{krb5\_response.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_response:c.krb5_response.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_response:c.krb5_response}]{\sphinxcrossref{\DUrole{n}{krb5\_response}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_response.message\_type (C member)@\spxentry{krb5\_response.message\_type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_response:c.krb5_response.message_type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_octet:c.krb5_octet}]{\sphinxcrossref{\DUrole{n}{krb5\_octet}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_response:c.krb5_response}]{\sphinxcrossref{\DUrole{n}{krb5\_response}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{message\_type}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_response.response (C member)@\spxentry{krb5\_response.response}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_response:c.krb5_response.response}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_response:c.krb5_response}]{\sphinxcrossref{\DUrole{n}{krb5\_response}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{response}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_response.expected\_nonce (C member)@\spxentry{krb5\_response.expected\_nonce}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_response:c.krb5_response.expected_nonce}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_response:c.krb5_response}]{\sphinxcrossref{\DUrole{n}{krb5\_response}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{expected\_nonce}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_response.request\_time (C member)@\spxentry{krb5\_response.request\_time}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_response:c.krb5_response.request_time}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_response:c.krb5_response}]{\sphinxcrossref{\DUrole{n}{krb5\_response}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{request\_time}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_replay\_data} -\label{\detokenize{appdev/refs/types/krb5_replay_data:krb5-replay-data}}\label{\detokenize{appdev/refs/types/krb5_replay_data:krb5-replay-data-struct}}\label{\detokenize{appdev/refs/types/krb5_replay_data::doc}}\index{krb5\_replay\_data (C type)@\spxentry{krb5\_replay\_data}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_replay\_data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Replay data. - -\sphinxAtStartPar -Sequence number and timestamp information output by krb5\_rd\_priv() and krb5\_rd\_safe(). - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_replay_data:declaration}} -\sphinxAtStartPar -typedef struct krb5\_replay\_data krb5\_replay\_data - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_replay_data:members}}\index{krb5\_replay\_data.timestamp (C member)@\spxentry{krb5\_replay\_data.timestamp}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data.timestamp}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{\DUrole{n}{krb5\_replay\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{timestamp}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Timestamp, seconds portion. - -\end{fulllineitems} - -\index{krb5\_replay\_data.usec (C member)@\spxentry{krb5\_replay\_data.usec}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data.usec}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{\DUrole{n}{krb5\_replay\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{usec}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Timestamp, microseconds portion. - -\end{fulllineitems} - -\index{krb5\_replay\_data.seq (C member)@\spxentry{krb5\_replay\_data.seq}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data.seq}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ui_4:c.krb5_ui_4}]{\sphinxcrossref{\DUrole{n}{krb5\_ui\_4}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_replay_data:c.krb5_replay_data}]{\sphinxcrossref{\DUrole{n}{krb5\_replay\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{seq}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Sequence number. - -\end{fulllineitems} - - - -\subsubsection{krb5\_ticket} -\label{\detokenize{appdev/refs/types/krb5_ticket:krb5-ticket}}\label{\detokenize{appdev/refs/types/krb5_ticket:krb5-ticket-struct}}\label{\detokenize{appdev/refs/types/krb5_ticket::doc}}\index{krb5\_ticket (C type)@\spxentry{krb5\_ticket}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_ticket}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Ticket structure. - -\sphinxAtStartPar -The C representation of the ticket message, with a pointer to the C representation of the encrypted part. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_ticket:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_ticket krb5\_ticket - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_ticket:members}}\index{krb5\_ticket.magic (C member)@\spxentry{krb5\_ticket.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_ticket.server (C member)@\spxentry{krb5\_ticket.server}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket.server}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_principal:c.krb5_principal}]{\sphinxcrossref{\DUrole{n}{krb5\_principal}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{server}}}}% -\pysigstopmultiline -\sphinxAtStartPar -server name/realm - -\end{fulllineitems} - -\index{krb5\_ticket.enc\_part (C member)@\spxentry{krb5\_ticket.enc\_part}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket.enc_part}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_data:c.krb5_enc_data}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{enc\_part}}}}% -\pysigstopmultiline -\sphinxAtStartPar -encryption type, kvno, encrypted encoding - -\end{fulllineitems} - -\index{krb5\_ticket.enc\_part2 (C member)@\spxentry{krb5\_ticket.enc\_part2}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket.enc_part2}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_enc_tkt_part:c.krb5_enc_tkt_part}]{\sphinxcrossref{\DUrole{n}{krb5\_enc\_tkt\_part}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{enc\_part2}}}}% -\pysigstopmultiline -\sphinxAtStartPar -ptr to decrypted version, if available - -\end{fulllineitems} - - - -\subsubsection{krb5\_ticket\_times} -\label{\detokenize{appdev/refs/types/krb5_ticket_times:krb5-ticket-times}}\label{\detokenize{appdev/refs/types/krb5_ticket_times:krb5-ticket-times-struct}}\label{\detokenize{appdev/refs/types/krb5_ticket_times::doc}}\index{krb5\_ticket\_times (C type)@\spxentry{krb5\_ticket\_times}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_ticket\_times}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Ticket start time, end time, and renewal duration. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_ticket_times:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_ticket\_times krb5\_ticket\_times - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_ticket_times:members}}\index{krb5\_ticket\_times.authtime (C member)@\spxentry{krb5\_ticket\_times.authtime}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times.authtime}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket\_times}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{authtime}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Time at which KDC issued the initial ticket that corresponds to this ticket. - -\end{fulllineitems} - -\index{krb5\_ticket\_times.starttime (C member)@\spxentry{krb5\_ticket\_times.starttime}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times.starttime}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket\_times}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{starttime}}}}% -\pysigstopmultiline -\sphinxAtStartPar -optional in ticket, if not present, use \sphinxstyleemphasis{authtime} - -\end{fulllineitems} - -\index{krb5\_ticket\_times.endtime (C member)@\spxentry{krb5\_ticket\_times.endtime}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times.endtime}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket\_times}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{endtime}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Ticket expiration time. - -\end{fulllineitems} - -\index{krb5\_ticket\_times.renew\_till (C member)@\spxentry{krb5\_ticket\_times.renew\_till}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times.renew_till}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}]{\sphinxcrossref{\DUrole{n}{krb5\_timestamp}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket_times:c.krb5_ticket_times}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket\_times}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{renew\_till}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Latest time at which renewal of ticket can be valid. - -\end{fulllineitems} - - - -\subsubsection{krb5\_timestamp} -\label{\detokenize{appdev/refs/types/krb5_timestamp:krb5-timestamp}}\label{\detokenize{appdev/refs/types/krb5_timestamp:krb5-timestamp-struct}}\label{\detokenize{appdev/refs/types/krb5_timestamp::doc}}\index{krb5\_timestamp (C type)@\spxentry{krb5\_timestamp}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_timestamp:c.krb5_timestamp}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_timestamp}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Represents a timestamp in seconds since the POSIX epoch. - -\sphinxAtStartPar -This legacy type is used frequently in the ABI, but cannot represent timestamps after 2038 as a positive number. Code which uses this type should cast values of it to uint32\_t so that negative values are treated as timestamps between 2038 and 2106 on platforms with 64\sphinxhyphen{}bit time\_t. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_timestamp:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_timestamp - - -\subsubsection{krb5\_tkt\_authent} -\label{\detokenize{appdev/refs/types/krb5_tkt_authent:krb5-tkt-authent}}\label{\detokenize{appdev/refs/types/krb5_tkt_authent:krb5-tkt-authent-struct}}\label{\detokenize{appdev/refs/types/krb5_tkt_authent::doc}}\index{krb5\_tkt\_authent (C type)@\spxentry{krb5\_tkt\_authent}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_tkt\_authent}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Ticket authentication data. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_tkt_authent:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_tkt\_authent krb5\_tkt\_authent - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_tkt_authent:members}}\index{krb5\_tkt\_authent.magic (C member)@\spxentry{krb5\_tkt\_authent.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent}]{\sphinxcrossref{\DUrole{n}{krb5\_tkt\_authent}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_tkt\_authent.ticket (C member)@\spxentry{krb5\_tkt\_authent.ticket}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent.ticket}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_ticket:c.krb5_ticket}]{\sphinxcrossref{\DUrole{n}{krb5\_ticket}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent}]{\sphinxcrossref{\DUrole{n}{krb5\_tkt\_authent}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ticket}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_tkt\_authent.authenticator (C member)@\spxentry{krb5\_tkt\_authent.authenticator}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent.authenticator}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_authenticator:c.krb5_authenticator}]{\sphinxcrossref{\DUrole{n}{krb5\_authenticator}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent}]{\sphinxcrossref{\DUrole{n}{krb5\_tkt\_authent}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{authenticator}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_tkt\_authent.ap\_options (C member)@\spxentry{krb5\_tkt\_authent.ap\_options}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent.ap_options}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_tkt_authent:c.krb5_tkt_authent}]{\sphinxcrossref{\DUrole{n}{krb5\_tkt\_authent}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ap\_options}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_trace\_callback} -\label{\detokenize{appdev/refs/types/krb5_trace_callback:krb5-trace-callback}}\label{\detokenize{appdev/refs/types/krb5_trace_callback:krb5-trace-callback-struct}}\label{\detokenize{appdev/refs/types/krb5_trace_callback::doc}}\index{krb5\_trace\_callback (C type)@\spxentry{krb5\_trace\_callback}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_trace_callback:c.krb5_trace_callback}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_trace\_callback}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_trace_callback:declaration}} -\sphinxAtStartPar -typedef void( * krb5\_trace\_callback) (krb5\_context context, const krb5\_trace\_info *info, void *cb\_data) - - -\subsubsection{krb5\_trace\_info} -\label{\detokenize{appdev/refs/types/krb5_trace_info:krb5-trace-info}}\label{\detokenize{appdev/refs/types/krb5_trace_info:krb5-trace-info-struct}}\label{\detokenize{appdev/refs/types/krb5_trace_info::doc}}\index{krb5\_trace\_info (C type)@\spxentry{krb5\_trace\_info}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_trace_info:c.krb5_trace_info}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_trace\_info}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -A wrapper for passing information to a \sphinxstyleemphasis{krb5\_trace\_callback} . - -\sphinxAtStartPar -Currently, it only contains the formatted message as determined the the format string and arguments of the tracing macro, but it may be extended to contain more fields in the future. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_trace_info:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_trace\_info krb5\_trace\_info - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_trace_info:members}}\index{krb5\_trace\_info.message (C member)@\spxentry{krb5\_trace\_info.message}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_trace_info:c.krb5_trace_info.message}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{const}\DUrole{w}{ }\DUrole{kt}{char}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_trace_info:c.krb5_trace_info}]{\sphinxcrossref{\DUrole{n}{krb5\_trace\_info}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{message}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_transited} -\label{\detokenize{appdev/refs/types/krb5_transited:krb5-transited}}\label{\detokenize{appdev/refs/types/krb5_transited:krb5-transited-struct}}\label{\detokenize{appdev/refs/types/krb5_transited::doc}}\index{krb5\_transited (C type)@\spxentry{krb5\_transited}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_transited:c.krb5_transited}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_transited}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Structure for transited encoding. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_transited:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_transited krb5\_transited - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_transited:members}}\index{krb5\_transited.magic (C member)@\spxentry{krb5\_transited.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_transited:c.krb5_transited.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_transited:c.krb5_transited}]{\sphinxcrossref{\DUrole{n}{krb5\_transited}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_transited.tr\_type (C member)@\spxentry{krb5\_transited.tr\_type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_transited:c.krb5_transited.tr_type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_octet:c.krb5_octet}]{\sphinxcrossref{\DUrole{n}{krb5\_octet}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_transited:c.krb5_transited}]{\sphinxcrossref{\DUrole{n}{krb5\_transited}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{tr\_type}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Transited encoding type. - -\end{fulllineitems} - -\index{krb5\_transited.tr\_contents (C member)@\spxentry{krb5\_transited.tr\_contents}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_transited:c.krb5_transited.tr_contents}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_transited:c.krb5_transited}]{\sphinxcrossref{\DUrole{n}{krb5\_transited}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{tr\_contents}}}}% -\pysigstopmultiline -\sphinxAtStartPar -Contents. - -\end{fulllineitems} - - - -\subsubsection{krb5\_typed\_data} -\label{\detokenize{appdev/refs/types/krb5_typed_data:krb5-typed-data}}\label{\detokenize{appdev/refs/types/krb5_typed_data:krb5-typed-data-struct}}\label{\detokenize{appdev/refs/types/krb5_typed_data::doc}}\index{krb5\_typed\_data (C type)@\spxentry{krb5\_typed\_data}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_typed_data:c.krb5_typed_data}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_typed\_data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_typed_data:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_typed\_data krb5\_typed\_data - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_typed_data:members}}\index{krb5\_typed\_data.magic (C member)@\spxentry{krb5\_typed\_data.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_typed_data:c.krb5_typed_data.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_typed_data:c.krb5_typed_data}]{\sphinxcrossref{\DUrole{n}{krb5\_typed\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_typed\_data.type (C member)@\spxentry{krb5\_typed\_data.type}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_typed_data:c.krb5_typed_data.type}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_int32:c.krb5_int32}]{\sphinxcrossref{\DUrole{n}{krb5\_int32}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_typed_data:c.krb5_typed_data}]{\sphinxcrossref{\DUrole{n}{krb5\_typed\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{type}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_typed\_data.length (C member)@\spxentry{krb5\_typed\_data.length}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_typed_data:c.krb5_typed_data.length}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{unsigned}\DUrole{w}{ }\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_typed_data:c.krb5_typed_data}]{\sphinxcrossref{\DUrole{n}{krb5\_typed\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{length}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_typed\_data.data (C member)@\spxentry{krb5\_typed\_data.data}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_typed_data:c.krb5_typed_data.data}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_octet:c.krb5_octet}]{\sphinxcrossref{\DUrole{n}{krb5\_octet}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_typed_data:c.krb5_typed_data}]{\sphinxcrossref{\DUrole{n}{krb5\_typed\_data}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{data}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsubsection{krb5\_ui\_2} -\label{\detokenize{appdev/refs/types/krb5_ui_2:krb5-ui-2}}\label{\detokenize{appdev/refs/types/krb5_ui_2:krb5-ui-2-struct}}\label{\detokenize{appdev/refs/types/krb5_ui_2::doc}}\index{krb5\_ui\_2 (C type)@\spxentry{krb5\_ui\_2}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ui_2:c.krb5_ui_2}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_ui\_2}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_ui_2:declaration}} -\sphinxAtStartPar -typedef uint16\_t krb5\_ui\_2 - - -\subsubsection{krb5\_ui\_4} -\label{\detokenize{appdev/refs/types/krb5_ui_4:krb5-ui-4}}\label{\detokenize{appdev/refs/types/krb5_ui_4:krb5-ui-4-struct}}\label{\detokenize{appdev/refs/types/krb5_ui_4::doc}}\index{krb5\_ui\_4 (C type)@\spxentry{krb5\_ui\_4}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ui_4:c.krb5_ui_4}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_ui\_4}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_ui_4:declaration}} -\sphinxAtStartPar -typedef uint32\_t krb5\_ui\_4 - - -\subsubsection{krb5\_verify\_init\_creds\_opt} -\label{\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:krb5-verify-init-creds-opt}}\label{\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:krb5-verify-init-creds-opt-struct}}\label{\detokenize{appdev/refs/types/krb5_verify_init_creds_opt::doc}}\index{krb5\_verify\_init\_creds\_opt (C type)@\spxentry{krb5\_verify\_init\_creds\_opt}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_verify\_init\_creds\_opt}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_verify\_init\_creds\_opt krb5\_verify\_init\_creds\_opt - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:members}}\index{krb5\_verify\_init\_creds\_opt.flags (C member)@\spxentry{krb5\_verify\_init\_creds\_opt.flags}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt.flags}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_flags:c.krb5_flags}]{\sphinxcrossref{\DUrole{n}{krb5\_flags}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_verify\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{flags}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{krb5\_verify\_init\_creds\_opt.ap\_req\_nofail (C member)@\spxentry{krb5\_verify\_init\_creds\_opt.ap\_req\_nofail}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt.ap_req_nofail}}% -\pysigstartmultiline -\pysigline{\DUrole{kt}{int}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/krb5_verify_init_creds_opt:c.krb5_verify_init_creds_opt}]{\sphinxcrossref{\DUrole{n}{krb5\_verify\_init\_creds\_opt}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{ap\_req\_nofail}}}}% -\pysigstopmultiline -\sphinxAtStartPar -boolean - -\end{fulllineitems} - - - -\subsubsection{passwd\_phrase\_element} -\label{\detokenize{appdev/refs/types/passwd_phrase_element:passwd-phrase-element}}\label{\detokenize{appdev/refs/types/passwd_phrase_element:passwd-phrase-element-struct}}\label{\detokenize{appdev/refs/types/passwd_phrase_element::doc}}\index{passwd\_phrase\_element (C type)@\spxentry{passwd\_phrase\_element}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{passwd\_phrase\_element}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/passwd_phrase_element:declaration}} -\sphinxAtStartPar -typedef struct \_passwd\_phrase\_element passwd\_phrase\_element - - -\paragraph{Members} -\label{\detokenize{appdev/refs/types/passwd_phrase_element:members}}\index{passwd\_phrase\_element.magic (C member)@\spxentry{passwd\_phrase\_element.magic}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element.magic}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_magic:c.krb5_magic}]{\sphinxcrossref{\DUrole{n}{krb5\_magic}}}}\DUrole{w}{ }\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element}]{\sphinxcrossref{\DUrole{n}{passwd\_phrase\_element}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{magic}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{passwd\_phrase\_element.passwd (C member)@\spxentry{passwd\_phrase\_element.passwd}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element.passwd}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element}]{\sphinxcrossref{\DUrole{n}{passwd\_phrase\_element}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{passwd}}}}% -\pysigstopmultiline -\end{fulllineitems} - -\index{passwd\_phrase\_element.phrase (C member)@\spxentry{passwd\_phrase\_element.phrase}\spxextra{C member}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element.phrase}}% -\pysigstartmultiline -\pysigline{{\hyperref[\detokenize{appdev/refs/types/krb5_data:c.krb5_data}]{\sphinxcrossref{\DUrole{n}{krb5\_data}}}}\DUrole{w}{ }\DUrole{p}{*}\sphinxcode{\sphinxupquote{{\hyperref[\detokenize{appdev/refs/types/passwd_phrase_element:c.passwd_phrase_element}]{\sphinxcrossref{\DUrole{n}{passwd\_phrase\_element}}}}\DUrole{p}{.}}}\sphinxbfcode{\sphinxupquote{\DUrole{n}{phrase}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\subsection{Internal} -\label{\detokenize{appdev/refs/types/index:internal}} - -\subsubsection{krb5\_auth\_context} -\label{\detokenize{appdev/refs/types/krb5_auth_context:krb5-auth-context}}\label{\detokenize{appdev/refs/types/krb5_auth_context:krb5-auth-context-struct}}\label{\detokenize{appdev/refs/types/krb5_auth_context::doc}}\index{krb5\_auth\_context (C type)@\spxentry{krb5\_auth\_context}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_auth_context:c.krb5_auth_context}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_auth\_context}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_auth_context:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_auth\_context* krb5\_auth\_context - - -\subsubsection{krb5\_cksumtype} -\label{\detokenize{appdev/refs/types/krb5_cksumtype:krb5-cksumtype}}\label{\detokenize{appdev/refs/types/krb5_cksumtype:krb5-cksumtype-struct}}\label{\detokenize{appdev/refs/types/krb5_cksumtype::doc}}\index{krb5\_cksumtype (C type)@\spxentry{krb5\_cksumtype}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cksumtype:c.krb5_cksumtype}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cksumtype}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_cksumtype:declaration}} -\sphinxAtStartPar -typedef krb5\_int32 krb5\_cksumtype - - -\subsubsection{krb5\_context} -\label{\detokenize{appdev/refs/types/krb5_context:krb5-context}}\label{\detokenize{appdev/refs/types/krb5_context:krb5-context-struct}}\label{\detokenize{appdev/refs/types/krb5_context::doc}}\index{krb5\_context (C type)@\spxentry{krb5\_context}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_context:c.krb5_context}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_context}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_context:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_context* krb5\_context - - -\subsubsection{krb5\_cc\_cursor} -\label{\detokenize{appdev/refs/types/krb5_cc_cursor:krb5-cc-cursor}}\label{\detokenize{appdev/refs/types/krb5_cc_cursor:krb5-cc-cursor-struct}}\label{\detokenize{appdev/refs/types/krb5_cc_cursor::doc}}\index{krb5\_cc\_cursor (C type)@\spxentry{krb5\_cc\_cursor}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cc_cursor:c.krb5_cc_cursor}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cc\_cursor}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Cursor for sequential lookup. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_cc_cursor:declaration}} -\sphinxAtStartPar -typedef krb5\_pointer krb5\_cc\_cursor - - -\subsubsection{krb5\_ccache} -\label{\detokenize{appdev/refs/types/krb5_ccache:krb5-ccache}}\label{\detokenize{appdev/refs/types/krb5_ccache:krb5-ccache-struct}}\label{\detokenize{appdev/refs/types/krb5_ccache::doc}}\index{krb5\_ccache (C type)@\spxentry{krb5\_ccache}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_ccache:c.krb5_ccache}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_ccache}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_ccache:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_ccache* krb5\_ccache - - -\subsubsection{krb5\_cccol\_cursor} -\label{\detokenize{appdev/refs/types/krb5_cccol_cursor:krb5-cccol-cursor}}\label{\detokenize{appdev/refs/types/krb5_cccol_cursor:krb5-cccol-cursor-struct}}\label{\detokenize{appdev/refs/types/krb5_cccol_cursor::doc}}\index{krb5\_cccol\_cursor (C type)@\spxentry{krb5\_cccol\_cursor}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_cccol_cursor:c.krb5_cccol_cursor}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_cccol\_cursor}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Cursor for iterating over all ccaches. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_cccol_cursor:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_cccol\_cursor* krb5\_cccol\_cursor - - -\subsubsection{krb5\_init\_creds\_context} -\label{\detokenize{appdev/refs/types/krb5_init_creds_context:krb5-init-creds-context}}\label{\detokenize{appdev/refs/types/krb5_init_creds_context:krb5-init-creds-context-struct}}\label{\detokenize{appdev/refs/types/krb5_init_creds_context::doc}}\index{krb5\_init\_creds\_context (C type)@\spxentry{krb5\_init\_creds\_context}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_init_creds_context:c.krb5_init_creds_context}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_init\_creds\_context}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_init_creds_context:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_init\_creds\_context* krb5\_init\_creds\_context - - -\subsubsection{krb5\_key} -\label{\detokenize{appdev/refs/types/krb5_key:krb5-key}}\label{\detokenize{appdev/refs/types/krb5_key:krb5-key-struct}}\label{\detokenize{appdev/refs/types/krb5_key::doc}}\index{krb5\_key (C type)@\spxentry{krb5\_key}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_key:c.krb5_key}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_key}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -Opaque identifier for a key. - -\sphinxAtStartPar -Use with the krb5\_k APIs for better performance for repeated operations with the same key and usage. Key identifiers must not be used simultaneously within multiple threads, as they may contain mutable internal state and are not mutex\sphinxhyphen{}protected. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_key:declaration}} -\sphinxAtStartPar -typedef struct krb5\_key\_st* krb5\_key - - -\subsubsection{krb5\_keytab} -\label{\detokenize{appdev/refs/types/krb5_keytab:krb5-keytab}}\label{\detokenize{appdev/refs/types/krb5_keytab:krb5-keytab-struct}}\label{\detokenize{appdev/refs/types/krb5_keytab::doc}}\index{krb5\_keytab (C type)@\spxentry{krb5\_keytab}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_keytab:c.krb5_keytab}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_keytab}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_keytab:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_kt* krb5\_keytab - - -\subsubsection{krb5\_pac} -\label{\detokenize{appdev/refs/types/krb5_pac:krb5-pac}}\label{\detokenize{appdev/refs/types/krb5_pac:krb5-pac-struct}}\label{\detokenize{appdev/refs/types/krb5_pac::doc}}\index{krb5\_pac (C type)@\spxentry{krb5\_pac}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_pac:c.krb5_pac}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_pac}}}}% -\pysigstopmultiline -\end{fulllineitems} - - -\sphinxAtStartPar -PAC data structure to convey authorization information. - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_pac:declaration}} -\sphinxAtStartPar -typedef struct krb5\_pac\_data* krb5\_pac - - -\subsubsection{krb5\_rcache} -\label{\detokenize{appdev/refs/types/krb5_rcache:krb5-rcache}}\label{\detokenize{appdev/refs/types/krb5_rcache:krb5-rcache-struct}}\label{\detokenize{appdev/refs/types/krb5_rcache::doc}}\index{krb5\_rcache (C type)@\spxentry{krb5\_rcache}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_rcache:c.krb5_rcache}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_rcache}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_rcache:declaration}} -\sphinxAtStartPar -typedef struct krb5\_rc\_st* krb5\_rcache - - -\subsubsection{krb5\_tkt\_creds\_context} -\label{\detokenize{appdev/refs/types/krb5_tkt_creds_context:krb5-tkt-creds-context}}\label{\detokenize{appdev/refs/types/krb5_tkt_creds_context:krb5-tkt-creds-context-struct}}\label{\detokenize{appdev/refs/types/krb5_tkt_creds_context::doc}}\index{krb5\_tkt\_creds\_context (C type)@\spxentry{krb5\_tkt\_creds\_context}\spxextra{C type}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/types/krb5_tkt_creds_context:c.krb5_tkt_creds_context}}% -\pysigstartmultiline -\pysigline{\DUrole{k}{type}\DUrole{w}{ }\sphinxbfcode{\sphinxupquote{\DUrole{n}{krb5\_tkt\_creds\_context}}}}% -\pysigstopmultiline -\end{fulllineitems} - - - -\paragraph{Declaration} -\label{\detokenize{appdev/refs/types/krb5_tkt_creds_context:declaration}} -\sphinxAtStartPar -typedef struct \_krb5\_tkt\_creds\_context* krb5\_tkt\_creds\_context - - -\section{krb5 simple macros} -\label{\detokenize{appdev/refs/macros/index:krb5-simple-macros}}\label{\detokenize{appdev/refs/macros/index::doc}} - -\subsection{Public} -\label{\detokenize{appdev/refs/macros/index:public}} - -\subsubsection{ADDRTYPE\_ADDRPORT} -\label{\detokenize{appdev/refs/macros/ADDRTYPE_ADDRPORT:addrtype-addrport}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_ADDRPORT:addrtype-addrport-data}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_ADDRPORT::doc}}\index{ADDRTYPE\_ADDRPORT (built\sphinxhyphen{}in variable)@\spxentry{ADDRTYPE\_ADDRPORT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ADDRTYPE_ADDRPORT:ADDRTYPE_ADDRPORT}}\pysigline{\sphinxbfcode{\sphinxupquote{ADDRTYPE\_ADDRPORT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ADDRTYPE\_ADDRPORT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0100}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ADDRTYPE\_CHAOS} -\label{\detokenize{appdev/refs/macros/ADDRTYPE_CHAOS:addrtype-chaos}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_CHAOS:addrtype-chaos-data}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_CHAOS::doc}}\index{ADDRTYPE\_CHAOS (built\sphinxhyphen{}in variable)@\spxentry{ADDRTYPE\_CHAOS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ADDRTYPE_CHAOS:ADDRTYPE_CHAOS}}\pysigline{\sphinxbfcode{\sphinxupquote{ADDRTYPE\_CHAOS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ADDRTYPE\_CHAOS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0005}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ADDRTYPE\_DDP} -\label{\detokenize{appdev/refs/macros/ADDRTYPE_DDP:addrtype-ddp}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_DDP:addrtype-ddp-data}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_DDP::doc}}\index{ADDRTYPE\_DDP (built\sphinxhyphen{}in variable)@\spxentry{ADDRTYPE\_DDP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ADDRTYPE_DDP:ADDRTYPE_DDP}}\pysigline{\sphinxbfcode{\sphinxupquote{ADDRTYPE\_DDP}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ADDRTYPE\_DDP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0010}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ADDRTYPE\_INET} -\label{\detokenize{appdev/refs/macros/ADDRTYPE_INET:addrtype-inet}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_INET:addrtype-inet-data}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_INET::doc}}\index{ADDRTYPE\_INET (built\sphinxhyphen{}in variable)@\spxentry{ADDRTYPE\_INET}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ADDRTYPE_INET:ADDRTYPE_INET}}\pysigline{\sphinxbfcode{\sphinxupquote{ADDRTYPE\_INET}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ADDRTYPE\_INET}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ADDRTYPE\_INET6} -\label{\detokenize{appdev/refs/macros/ADDRTYPE_INET6:addrtype-inet6}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_INET6:addrtype-inet6-data}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_INET6::doc}}\index{ADDRTYPE\_INET6 (built\sphinxhyphen{}in variable)@\spxentry{ADDRTYPE\_INET6}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ADDRTYPE_INET6:ADDRTYPE_INET6}}\pysigline{\sphinxbfcode{\sphinxupquote{ADDRTYPE\_INET6}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ADDRTYPE\_INET6}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0018}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ADDRTYPE\_IPPORT} -\label{\detokenize{appdev/refs/macros/ADDRTYPE_IPPORT:addrtype-ipport}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_IPPORT:addrtype-ipport-data}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_IPPORT::doc}}\index{ADDRTYPE\_IPPORT (built\sphinxhyphen{}in variable)@\spxentry{ADDRTYPE\_IPPORT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ADDRTYPE_IPPORT:ADDRTYPE_IPPORT}}\pysigline{\sphinxbfcode{\sphinxupquote{ADDRTYPE\_IPPORT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ADDRTYPE\_IPPORT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0101}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ADDRTYPE\_ISO} -\label{\detokenize{appdev/refs/macros/ADDRTYPE_ISO:addrtype-iso}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_ISO:addrtype-iso-data}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_ISO::doc}}\index{ADDRTYPE\_ISO (built\sphinxhyphen{}in variable)@\spxentry{ADDRTYPE\_ISO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ADDRTYPE_ISO:ADDRTYPE_ISO}}\pysigline{\sphinxbfcode{\sphinxupquote{ADDRTYPE\_ISO}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ADDRTYPE\_ISO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0007}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ADDRTYPE\_IS\_LOCAL} -\label{\detokenize{appdev/refs/macros/ADDRTYPE_IS_LOCAL:addrtype-is-local}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_IS_LOCAL:addrtype-is-local-data}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_IS_LOCAL::doc}}\index{ADDRTYPE\_IS\_LOCAL (built\sphinxhyphen{}in variable)@\spxentry{ADDRTYPE\_IS\_LOCAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ADDRTYPE_IS_LOCAL:ADDRTYPE_IS_LOCAL}}\pysigline{\sphinxbfcode{\sphinxupquote{ADDRTYPE\_IS\_LOCAL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ADDRTYPE\_IS\_LOCAL (addrtype)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(addrtype \& 0x8000)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ADDRTYPE\_NETBIOS} -\label{\detokenize{appdev/refs/macros/ADDRTYPE_NETBIOS:addrtype-netbios}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_NETBIOS:addrtype-netbios-data}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_NETBIOS::doc}}\index{ADDRTYPE\_NETBIOS (built\sphinxhyphen{}in variable)@\spxentry{ADDRTYPE\_NETBIOS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ADDRTYPE_NETBIOS:ADDRTYPE_NETBIOS}}\pysigline{\sphinxbfcode{\sphinxupquote{ADDRTYPE\_NETBIOS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ADDRTYPE\_NETBIOS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0014}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ADDRTYPE\_XNS} -\label{\detokenize{appdev/refs/macros/ADDRTYPE_XNS:addrtype-xns}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_XNS:addrtype-xns-data}}\label{\detokenize{appdev/refs/macros/ADDRTYPE_XNS::doc}}\index{ADDRTYPE\_XNS (built\sphinxhyphen{}in variable)@\spxentry{ADDRTYPE\_XNS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ADDRTYPE_XNS:ADDRTYPE_XNS}}\pysigline{\sphinxbfcode{\sphinxupquote{ADDRTYPE\_XNS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ADDRTYPE\_XNS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0006}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{AD\_TYPE\_EXTERNAL} -\label{\detokenize{appdev/refs/macros/AD_TYPE_EXTERNAL:ad-type-external}}\label{\detokenize{appdev/refs/macros/AD_TYPE_EXTERNAL:ad-type-external-data}}\label{\detokenize{appdev/refs/macros/AD_TYPE_EXTERNAL::doc}}\index{AD\_TYPE\_EXTERNAL (built\sphinxhyphen{}in variable)@\spxentry{AD\_TYPE\_EXTERNAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/AD_TYPE_EXTERNAL:AD_TYPE_EXTERNAL}}\pysigline{\sphinxbfcode{\sphinxupquote{AD\_TYPE\_EXTERNAL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{AD\_TYPE\_EXTERNAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x4000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{AD\_TYPE\_FIELD\_TYPE\_MASK} -\label{\detokenize{appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK:ad-type-field-type-mask}}\label{\detokenize{appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK:ad-type-field-type-mask-data}}\label{\detokenize{appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK::doc}}\index{AD\_TYPE\_FIELD\_TYPE\_MASK (built\sphinxhyphen{}in variable)@\spxentry{AD\_TYPE\_FIELD\_TYPE\_MASK}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/AD_TYPE_FIELD_TYPE_MASK:AD_TYPE_FIELD_TYPE_MASK}}\pysigline{\sphinxbfcode{\sphinxupquote{AD\_TYPE\_FIELD\_TYPE\_MASK}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{AD\_TYPE\_FIELD\_TYPE\_MASK}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x1fff}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{AD\_TYPE\_REGISTERED} -\label{\detokenize{appdev/refs/macros/AD_TYPE_REGISTERED:ad-type-registered}}\label{\detokenize{appdev/refs/macros/AD_TYPE_REGISTERED:ad-type-registered-data}}\label{\detokenize{appdev/refs/macros/AD_TYPE_REGISTERED::doc}}\index{AD\_TYPE\_REGISTERED (built\sphinxhyphen{}in variable)@\spxentry{AD\_TYPE\_REGISTERED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/AD_TYPE_REGISTERED:AD_TYPE_REGISTERED}}\pysigline{\sphinxbfcode{\sphinxupquote{AD\_TYPE\_REGISTERED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{AD\_TYPE\_REGISTERED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x2000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{AD\_TYPE\_RESERVED} -\label{\detokenize{appdev/refs/macros/AD_TYPE_RESERVED:ad-type-reserved}}\label{\detokenize{appdev/refs/macros/AD_TYPE_RESERVED:ad-type-reserved-data}}\label{\detokenize{appdev/refs/macros/AD_TYPE_RESERVED::doc}}\index{AD\_TYPE\_RESERVED (built\sphinxhyphen{}in variable)@\spxentry{AD\_TYPE\_RESERVED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/AD_TYPE_RESERVED:AD_TYPE_RESERVED}}\pysigline{\sphinxbfcode{\sphinxupquote{AD\_TYPE\_RESERVED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{AD\_TYPE\_RESERVED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x8000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{AP\_OPTS\_ETYPE\_NEGOTIATION} -\label{\detokenize{appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION:ap-opts-etype-negotiation}}\label{\detokenize{appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION:ap-opts-etype-negotiation-data}}\label{\detokenize{appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION::doc}}\index{AP\_OPTS\_ETYPE\_NEGOTIATION (built\sphinxhyphen{}in variable)@\spxentry{AP\_OPTS\_ETYPE\_NEGOTIATION}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/AP_OPTS_ETYPE_NEGOTIATION:AP_OPTS_ETYPE_NEGOTIATION}}\pysigline{\sphinxbfcode{\sphinxupquote{AP\_OPTS\_ETYPE\_NEGOTIATION}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{AP\_OPTS\_ETYPE\_NEGOTIATION}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{AP\_OPTS\_MUTUAL\_REQUIRED} -\label{\detokenize{appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:ap-opts-mutual-required}}\label{\detokenize{appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:ap-opts-mutual-required-data}}\label{\detokenize{appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED::doc}}\index{AP\_OPTS\_MUTUAL\_REQUIRED (built\sphinxhyphen{}in variable)@\spxentry{AP\_OPTS\_MUTUAL\_REQUIRED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/AP_OPTS_MUTUAL_REQUIRED:AP_OPTS_MUTUAL_REQUIRED}}\pysigline{\sphinxbfcode{\sphinxupquote{AP\_OPTS\_MUTUAL\_REQUIRED}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Perform a mutual authentication exchange. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{AP\_OPTS\_MUTUAL\_REQUIRED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x20000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{AP\_OPTS\_RESERVED} -\label{\detokenize{appdev/refs/macros/AP_OPTS_RESERVED:ap-opts-reserved}}\label{\detokenize{appdev/refs/macros/AP_OPTS_RESERVED:ap-opts-reserved-data}}\label{\detokenize{appdev/refs/macros/AP_OPTS_RESERVED::doc}}\index{AP\_OPTS\_RESERVED (built\sphinxhyphen{}in variable)@\spxentry{AP\_OPTS\_RESERVED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/AP_OPTS_RESERVED:AP_OPTS_RESERVED}}\pysigline{\sphinxbfcode{\sphinxupquote{AP\_OPTS\_RESERVED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{AP\_OPTS\_RESERVED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x80000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{AP\_OPTS\_USE\_SESSION\_KEY} -\label{\detokenize{appdev/refs/macros/AP_OPTS_USE_SESSION_KEY:ap-opts-use-session-key}}\label{\detokenize{appdev/refs/macros/AP_OPTS_USE_SESSION_KEY:ap-opts-use-session-key-data}}\label{\detokenize{appdev/refs/macros/AP_OPTS_USE_SESSION_KEY::doc}}\index{AP\_OPTS\_USE\_SESSION\_KEY (built\sphinxhyphen{}in variable)@\spxentry{AP\_OPTS\_USE\_SESSION\_KEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/AP_OPTS_USE_SESSION_KEY:AP_OPTS_USE_SESSION_KEY}}\pysigline{\sphinxbfcode{\sphinxupquote{AP\_OPTS\_USE\_SESSION\_KEY}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Use session key. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{AP\_OPTS\_USE\_SESSION\_KEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x40000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{AP\_OPTS\_USE\_SUBKEY} -\label{\detokenize{appdev/refs/macros/AP_OPTS_USE_SUBKEY:ap-opts-use-subkey}}\label{\detokenize{appdev/refs/macros/AP_OPTS_USE_SUBKEY:ap-opts-use-subkey-data}}\label{\detokenize{appdev/refs/macros/AP_OPTS_USE_SUBKEY::doc}}\index{AP\_OPTS\_USE\_SUBKEY (built\sphinxhyphen{}in variable)@\spxentry{AP\_OPTS\_USE\_SUBKEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/AP_OPTS_USE_SUBKEY:AP_OPTS_USE_SUBKEY}}\pysigline{\sphinxbfcode{\sphinxupquote{AP\_OPTS\_USE\_SUBKEY}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Generate a subsession key from the current session key obtained from the credentials. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{AP\_OPTS\_USE\_SUBKEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{AP\_OPTS\_WIRE\_MASK} -\label{\detokenize{appdev/refs/macros/AP_OPTS_WIRE_MASK:ap-opts-wire-mask}}\label{\detokenize{appdev/refs/macros/AP_OPTS_WIRE_MASK:ap-opts-wire-mask-data}}\label{\detokenize{appdev/refs/macros/AP_OPTS_WIRE_MASK::doc}}\index{AP\_OPTS\_WIRE\_MASK (built\sphinxhyphen{}in variable)@\spxentry{AP\_OPTS\_WIRE\_MASK}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/AP_OPTS_WIRE_MASK:AP_OPTS_WIRE_MASK}}\pysigline{\sphinxbfcode{\sphinxupquote{AP\_OPTS\_WIRE\_MASK}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{AP\_OPTS\_WIRE\_MASK}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0xfffffff0}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_CMAC\_CAMELLIA128} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128:cksumtype-cmac-camellia128}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128:cksumtype-cmac-camellia128-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128::doc}}\index{CKSUMTYPE\_CMAC\_CAMELLIA128 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_CMAC\_CAMELLIA128}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA128:CKSUMTYPE_CMAC_CAMELLIA128}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_CMAC\_CAMELLIA128}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6803. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_CMAC\_CAMELLIA128}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0011}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_CMAC\_CAMELLIA256} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256:cksumtype-cmac-camellia256}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256:cksumtype-cmac-camellia256-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256::doc}}\index{CKSUMTYPE\_CMAC\_CAMELLIA256 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_CMAC\_CAMELLIA256}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CMAC_CAMELLIA256:CKSUMTYPE_CMAC_CAMELLIA256}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_CMAC\_CAMELLIA256}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6803. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_CMAC\_CAMELLIA256}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0012}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_CRC32} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CRC32:cksumtype-crc32}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CRC32:cksumtype-crc32-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CRC32::doc}}\index{CKSUMTYPE\_CRC32 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_CRC32}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_CRC32:CKSUMTYPE_CRC32}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_CRC32}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_CRC32}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_DESCBC} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_DESCBC:cksumtype-descbc}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_DESCBC:cksumtype-descbc-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_DESCBC::doc}}\index{CKSUMTYPE\_DESCBC (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_DESCBC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_DESCBC:CKSUMTYPE_DESCBC}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_DESCBC}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_DESCBC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0004}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_HMAC\_MD5\_ARCFOUR} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR:cksumtype-hmac-md5-arcfour}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR:cksumtype-hmac-md5-arcfour-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR::doc}}\index{CKSUMTYPE\_HMAC\_MD5\_ARCFOUR (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_HMAC\_MD5\_ARCFOUR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_MD5_ARCFOUR:CKSUMTYPE_HMAC_MD5_ARCFOUR}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_HMAC\_MD5\_ARCFOUR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 4757. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_HMAC\_MD5\_ARCFOUR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{\sphinxhyphen{}138}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_HMAC\_SHA1\_96\_AES128} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128:cksumtype-hmac-sha1-96-aes128}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128:cksumtype-hmac-sha1-96-aes128-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128::doc}}\index{CKSUMTYPE\_HMAC\_SHA1\_96\_AES128 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_HMAC\_SHA1\_96\_AES128}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES128:CKSUMTYPE_HMAC_SHA1_96_AES128}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_HMAC\_SHA1\_96\_AES128}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 3962. - -\sphinxAtStartPar -Used with ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_HMAC\_SHA1\_96\_AES128}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x000f}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_HMAC\_SHA1\_96\_AES256} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256:cksumtype-hmac-sha1-96-aes256}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256:cksumtype-hmac-sha1-96-aes256-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256::doc}}\index{CKSUMTYPE\_HMAC\_SHA1\_96\_AES256 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_HMAC\_SHA1\_96\_AES256}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_96_AES256:CKSUMTYPE_HMAC_SHA1_96_AES256}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_HMAC\_SHA1\_96\_AES256}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 3962. - -\sphinxAtStartPar -Used with ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_HMAC\_SHA1\_96\_AES256}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0010}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_HMAC\_SHA256\_128\_AES128} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128:cksumtype-hmac-sha256-128-aes128}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128:cksumtype-hmac-sha256-128-aes128-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128::doc}}\index{CKSUMTYPE\_HMAC\_SHA256\_128\_AES128 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_HMAC\_SHA256\_128\_AES128}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA256_128_AES128:CKSUMTYPE_HMAC_SHA256_128_AES128}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_HMAC\_SHA256\_128\_AES128}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 8009. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_HMAC\_SHA256\_128\_AES128}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0013}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_HMAC\_SHA384\_192\_AES256} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256:cksumtype-hmac-sha384-192-aes256}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256:cksumtype-hmac-sha384-192-aes256-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256::doc}}\index{CKSUMTYPE\_HMAC\_SHA384\_192\_AES256 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_HMAC\_SHA384\_192\_AES256}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA384_192_AES256:CKSUMTYPE_HMAC_SHA384_192_AES256}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_HMAC\_SHA384\_192\_AES256}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 8009. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_HMAC\_SHA384\_192\_AES256}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0014}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_HMAC\_SHA1\_DES3} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3:cksumtype-hmac-sha1-des3}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3:cksumtype-hmac-sha1-des3-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3::doc}}\index{CKSUMTYPE\_HMAC\_SHA1\_DES3 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_HMAC\_SHA1\_DES3}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_HMAC_SHA1_DES3:CKSUMTYPE_HMAC_SHA1_DES3}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_HMAC\_SHA1\_DES3}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_HMAC\_SHA1\_DES3}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x000c}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_MD5\_HMAC\_ARCFOUR} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR:cksumtype-md5-hmac-arcfour}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR:cksumtype-md5-hmac-arcfour-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR::doc}}\index{CKSUMTYPE\_MD5\_HMAC\_ARCFOUR (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_MD5\_HMAC\_ARCFOUR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_MD5_HMAC_ARCFOUR:CKSUMTYPE_MD5_HMAC_ARCFOUR}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_MD5\_HMAC\_ARCFOUR}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_MD5\_HMAC\_ARCFOUR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{\sphinxhyphen{}137 /* Microsoft netlogon */}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_NIST\_SHA} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_NIST_SHA:cksumtype-nist-sha}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_NIST_SHA:cksumtype-nist-sha-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_NIST_SHA::doc}}\index{CKSUMTYPE\_NIST\_SHA (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_NIST\_SHA}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_NIST_SHA:CKSUMTYPE_NIST_SHA}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_NIST\_SHA}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_NIST\_SHA}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0009}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_RSA\_MD4} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD4:cksumtype-rsa-md4}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD4:cksumtype-rsa-md4-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD4::doc}}\index{CKSUMTYPE\_RSA\_MD4 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_RSA\_MD4}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD4:CKSUMTYPE_RSA_MD4}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_RSA\_MD4}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_RSA\_MD4}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_RSA\_MD4\_DES} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES:cksumtype-rsa-md4-des}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES:cksumtype-rsa-md4-des-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES::doc}}\index{CKSUMTYPE\_RSA\_MD4\_DES (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_RSA\_MD4\_DES}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD4_DES:CKSUMTYPE_RSA_MD4_DES}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_RSA\_MD4\_DES}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_RSA\_MD4\_DES}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0003}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_RSA\_MD5} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD5:cksumtype-rsa-md5}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD5:cksumtype-rsa-md5-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD5::doc}}\index{CKSUMTYPE\_RSA\_MD5 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_RSA\_MD5}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD5:CKSUMTYPE_RSA_MD5}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_RSA\_MD5}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_RSA\_MD5}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0007}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_RSA\_MD5\_DES} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES:cksumtype-rsa-md5-des}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES:cksumtype-rsa-md5-des-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES::doc}}\index{CKSUMTYPE\_RSA\_MD5\_DES (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_RSA\_MD5\_DES}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_RSA_MD5_DES:CKSUMTYPE_RSA_MD5_DES}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_RSA\_MD5\_DES}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_RSA\_MD5\_DES}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0008}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{CKSUMTYPE\_SHA1} -\label{\detokenize{appdev/refs/macros/CKSUMTYPE_SHA1:cksumtype-sha1}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_SHA1:cksumtype-sha1-data}}\label{\detokenize{appdev/refs/macros/CKSUMTYPE_SHA1::doc}}\index{CKSUMTYPE\_SHA1 (built\sphinxhyphen{}in variable)@\spxentry{CKSUMTYPE\_SHA1}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/CKSUMTYPE_SHA1:CKSUMTYPE_SHA1}}\pysigline{\sphinxbfcode{\sphinxupquote{CKSUMTYPE\_SHA1}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 3961. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{CKSUMTYPE\_SHA1}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x000e}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96} -\label{\detokenize{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96:enctype-aes128-cts-hmac-sha1-96}}\label{\detokenize{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96:enctype-aes128-cts-hmac-sha1-96-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96::doc}}\index{ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96 (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA1_96:ENCTYPE_AES128_CTS_HMAC_SHA1_96}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 3962. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_AES128\_CTS\_HMAC\_SHA1\_96}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0011}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_AES128\_CTS\_HMAC\_SHA256\_128} -\label{\detokenize{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128:enctype-aes128-cts-hmac-sha256-128}}\label{\detokenize{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128:enctype-aes128-cts-hmac-sha256-128-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128::doc}}\index{ENCTYPE\_AES128\_CTS\_HMAC\_SHA256\_128 (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_AES128\_CTS\_HMAC\_SHA256\_128}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_AES128_CTS_HMAC_SHA256_128:ENCTYPE_AES128_CTS_HMAC_SHA256_128}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_AES128\_CTS\_HMAC\_SHA256\_128}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 8009. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_AES128\_CTS\_HMAC\_SHA256\_128}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0013}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96} -\label{\detokenize{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96:enctype-aes256-cts-hmac-sha1-96}}\label{\detokenize{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96:enctype-aes256-cts-hmac-sha1-96-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96::doc}}\index{ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96 (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA1_96:ENCTYPE_AES256_CTS_HMAC_SHA1_96}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 3962. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_AES256\_CTS\_HMAC\_SHA1\_96}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0012}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_AES256\_CTS\_HMAC\_SHA384\_192} -\label{\detokenize{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192:enctype-aes256-cts-hmac-sha384-192}}\label{\detokenize{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192:enctype-aes256-cts-hmac-sha384-192-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192::doc}}\index{ENCTYPE\_AES256\_CTS\_HMAC\_SHA384\_192 (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_AES256\_CTS\_HMAC\_SHA384\_192}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_AES256_CTS_HMAC_SHA384_192:ENCTYPE_AES256_CTS_HMAC_SHA384_192}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_AES256\_CTS\_HMAC\_SHA384\_192}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 8009. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_AES256\_CTS\_HMAC\_SHA384\_192}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0014}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_ARCFOUR\_HMAC} -\label{\detokenize{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC:enctype-arcfour-hmac}}\label{\detokenize{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC:enctype-arcfour-hmac-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC::doc}}\index{ENCTYPE\_ARCFOUR\_HMAC (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_ARCFOUR\_HMAC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC:ENCTYPE_ARCFOUR_HMAC}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_ARCFOUR\_HMAC}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 4757. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_ARCFOUR\_HMAC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0017}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_ARCFOUR\_HMAC\_EXP} -\label{\detokenize{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP:enctype-arcfour-hmac-exp}}\label{\detokenize{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP:enctype-arcfour-hmac-exp-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP::doc}}\index{ENCTYPE\_ARCFOUR\_HMAC\_EXP (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_ARCFOUR\_HMAC\_EXP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_ARCFOUR_HMAC_EXP:ENCTYPE_ARCFOUR_HMAC_EXP}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_ARCFOUR\_HMAC\_EXP}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 4757. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_ARCFOUR\_HMAC\_EXP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0018}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_CAMELLIA128\_CTS\_CMAC} -\label{\detokenize{appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC:enctype-camellia128-cts-cmac}}\label{\detokenize{appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC:enctype-camellia128-cts-cmac-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC::doc}}\index{ENCTYPE\_CAMELLIA128\_CTS\_CMAC (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_CAMELLIA128\_CTS\_CMAC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_CAMELLIA128_CTS_CMAC:ENCTYPE_CAMELLIA128_CTS_CMAC}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_CAMELLIA128\_CTS\_CMAC}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6803. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_CAMELLIA128\_CTS\_CMAC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0019}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_CAMELLIA256\_CTS\_CMAC} -\label{\detokenize{appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC:enctype-camellia256-cts-cmac}}\label{\detokenize{appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC:enctype-camellia256-cts-cmac-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC::doc}}\index{ENCTYPE\_CAMELLIA256\_CTS\_CMAC (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_CAMELLIA256\_CTS\_CMAC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_CAMELLIA256_CTS_CMAC:ENCTYPE_CAMELLIA256_CTS_CMAC}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_CAMELLIA256\_CTS\_CMAC}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6803. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_CAMELLIA256\_CTS\_CMAC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x001a}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_DES3\_CBC\_ENV} -\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_ENV:enctype-des3-cbc-env}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_ENV:enctype-des3-cbc-env-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_ENV::doc}}\index{ENCTYPE\_DES3\_CBC\_ENV (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_DES3\_CBC\_ENV}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_ENV:ENCTYPE_DES3_CBC_ENV}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_DES3\_CBC\_ENV}}} -\end{fulllineitems} - - -\sphinxAtStartPar -DES\sphinxhyphen{}3 cbc mode, CMS enveloped data. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_DES3\_CBC\_ENV}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x000f}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_DES3\_CBC\_RAW} -\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_RAW:enctype-des3-cbc-raw}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_RAW:enctype-des3-cbc-raw-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_RAW::doc}}\index{ENCTYPE\_DES3\_CBC\_RAW (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_DES3\_CBC\_RAW}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_RAW:ENCTYPE_DES3_CBC_RAW}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_DES3\_CBC\_RAW}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_DES3\_CBC\_RAW}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0006}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_DES3\_CBC\_SHA} -\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA:enctype-des3-cbc-sha}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA:enctype-des3-cbc-sha-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA::doc}}\index{ENCTYPE\_DES3\_CBC\_SHA (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_DES3\_CBC\_SHA}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA:ENCTYPE_DES3_CBC_SHA}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_DES3\_CBC\_SHA}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_DES3\_CBC\_SHA}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0005}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_DES3\_CBC\_SHA1} -\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1:enctype-des3-cbc-sha1}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1:enctype-des3-cbc-sha1-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1::doc}}\index{ENCTYPE\_DES3\_CBC\_SHA1 (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_DES3\_CBC\_SHA1}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_DES3_CBC_SHA1:ENCTYPE_DES3_CBC_SHA1}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_DES3\_CBC\_SHA1}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_DES3\_CBC\_SHA1}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0010}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_DES\_CBC\_CRC} -\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_CRC:enctype-des-cbc-crc}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_CRC:enctype-des-cbc-crc-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_CRC::doc}}\index{ENCTYPE\_DES\_CBC\_CRC (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_DES\_CBC\_CRC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_CRC:ENCTYPE_DES_CBC_CRC}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_DES\_CBC\_CRC}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_DES\_CBC\_CRC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_DES\_CBC\_MD4} -\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_MD4:enctype-des-cbc-md4}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_MD4:enctype-des-cbc-md4-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_MD4::doc}}\index{ENCTYPE\_DES\_CBC\_MD4 (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_DES\_CBC\_MD4}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_MD4:ENCTYPE_DES_CBC_MD4}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_DES\_CBC\_MD4}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_DES\_CBC\_MD4}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_DES\_CBC\_MD5} -\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_MD5:enctype-des-cbc-md5}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_MD5:enctype-des-cbc-md5-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_MD5::doc}}\index{ENCTYPE\_DES\_CBC\_MD5 (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_DES\_CBC\_MD5}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_MD5:ENCTYPE_DES_CBC_MD5}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_DES\_CBC\_MD5}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_DES\_CBC\_MD5}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0003}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_DES\_CBC\_RAW} -\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_RAW:enctype-des-cbc-raw}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_RAW:enctype-des-cbc-raw-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_RAW::doc}}\index{ENCTYPE\_DES\_CBC\_RAW (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_DES\_CBC\_RAW}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_CBC_RAW:ENCTYPE_DES_CBC_RAW}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_DES\_CBC\_RAW}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_DES\_CBC\_RAW}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0004}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_DES\_HMAC\_SHA1} -\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1:enctype-des-hmac-sha1}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1:enctype-des-hmac-sha1-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1::doc}}\index{ENCTYPE\_DES\_HMAC\_SHA1 (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_DES\_HMAC\_SHA1}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_DES_HMAC_SHA1:ENCTYPE_DES_HMAC_SHA1}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_DES\_HMAC\_SHA1}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_DES\_HMAC\_SHA1}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0008}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_DSA\_SHA1\_CMS} -\label{\detokenize{appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS:enctype-dsa-sha1-cms}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS:enctype-dsa-sha1-cms-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS::doc}}\index{ENCTYPE\_DSA\_SHA1\_CMS (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_DSA\_SHA1\_CMS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_DSA_SHA1_CMS:ENCTYPE_DSA_SHA1_CMS}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_DSA\_SHA1\_CMS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -DSA with SHA1, CMS signature. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_DSA\_SHA1\_CMS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0009}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_MD5\_RSA\_CMS} -\label{\detokenize{appdev/refs/macros/ENCTYPE_MD5_RSA_CMS:enctype-md5-rsa-cms}}\label{\detokenize{appdev/refs/macros/ENCTYPE_MD5_RSA_CMS:enctype-md5-rsa-cms-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_MD5_RSA_CMS::doc}}\index{ENCTYPE\_MD5\_RSA\_CMS (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_MD5\_RSA\_CMS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_MD5_RSA_CMS:ENCTYPE_MD5_RSA_CMS}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_MD5\_RSA\_CMS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -MD5 with RSA, CMS signature. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_MD5\_RSA\_CMS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x000a}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_NULL} -\label{\detokenize{appdev/refs/macros/ENCTYPE_NULL:enctype-null}}\label{\detokenize{appdev/refs/macros/ENCTYPE_NULL:enctype-null-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_NULL::doc}}\index{ENCTYPE\_NULL (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_NULL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_NULL:ENCTYPE_NULL}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_NULL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_NULL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_RC2\_CBC\_ENV} -\label{\detokenize{appdev/refs/macros/ENCTYPE_RC2_CBC_ENV:enctype-rc2-cbc-env}}\label{\detokenize{appdev/refs/macros/ENCTYPE_RC2_CBC_ENV:enctype-rc2-cbc-env-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_RC2_CBC_ENV::doc}}\index{ENCTYPE\_RC2\_CBC\_ENV (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_RC2\_CBC\_ENV}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_RC2_CBC_ENV:ENCTYPE_RC2_CBC_ENV}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_RC2\_CBC\_ENV}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RC2 cbc mode, CMS enveloped data. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_RC2\_CBC\_ENV}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x000c}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_RSA\_ENV} -\label{\detokenize{appdev/refs/macros/ENCTYPE_RSA_ENV:enctype-rsa-env}}\label{\detokenize{appdev/refs/macros/ENCTYPE_RSA_ENV:enctype-rsa-env-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_RSA_ENV::doc}}\index{ENCTYPE\_RSA\_ENV (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_RSA\_ENV}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_RSA_ENV:ENCTYPE_RSA_ENV}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_RSA\_ENV}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RSA encryption, CMS enveloped data. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_RSA\_ENV}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x000d}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_RSA\_ES\_OAEP\_ENV} -\label{\detokenize{appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV:enctype-rsa-es-oaep-env}}\label{\detokenize{appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV:enctype-rsa-es-oaep-env-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV::doc}}\index{ENCTYPE\_RSA\_ES\_OAEP\_ENV (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_RSA\_ES\_OAEP\_ENV}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_RSA_ES_OAEP_ENV:ENCTYPE_RSA_ES_OAEP_ENV}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_RSA\_ES\_OAEP\_ENV}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RSA w/OEAP encryption, CMS enveloped data. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_RSA\_ES\_OAEP\_ENV}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x000e}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_SHA1\_RSA\_CMS} -\label{\detokenize{appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS:enctype-sha1-rsa-cms}}\label{\detokenize{appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS:enctype-sha1-rsa-cms-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS::doc}}\index{ENCTYPE\_SHA1\_RSA\_CMS (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_SHA1\_RSA\_CMS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_SHA1_RSA_CMS:ENCTYPE_SHA1_RSA_CMS}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_SHA1\_RSA\_CMS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -SHA1 with RSA, CMS signature. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_SHA1\_RSA\_CMS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x000b}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{ENCTYPE\_UNKNOWN} -\label{\detokenize{appdev/refs/macros/ENCTYPE_UNKNOWN:enctype-unknown}}\label{\detokenize{appdev/refs/macros/ENCTYPE_UNKNOWN:enctype-unknown-data}}\label{\detokenize{appdev/refs/macros/ENCTYPE_UNKNOWN::doc}}\index{ENCTYPE\_UNKNOWN (built\sphinxhyphen{}in variable)@\spxentry{ENCTYPE\_UNKNOWN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/ENCTYPE_UNKNOWN:ENCTYPE_UNKNOWN}}\pysigline{\sphinxbfcode{\sphinxupquote{ENCTYPE\_UNKNOWN}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{ENCTYPE\_UNKNOWN}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x01ff}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_ALLOW\_POSTDATE} -\label{\detokenize{appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE:kdc-opt-allow-postdate}}\label{\detokenize{appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE:kdc-opt-allow-postdate-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE::doc}}\index{KDC\_OPT\_ALLOW\_POSTDATE (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_ALLOW\_POSTDATE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_ALLOW_POSTDATE:KDC_OPT_ALLOW_POSTDATE}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_ALLOW\_POSTDATE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_ALLOW\_POSTDATE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x04000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_CANONICALIZE} -\label{\detokenize{appdev/refs/macros/KDC_OPT_CANONICALIZE:kdc-opt-canonicalize}}\label{\detokenize{appdev/refs/macros/KDC_OPT_CANONICALIZE:kdc-opt-canonicalize-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_CANONICALIZE::doc}}\index{KDC\_OPT\_CANONICALIZE (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_CANONICALIZE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_CANONICALIZE:KDC_OPT_CANONICALIZE}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_CANONICALIZE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_CANONICALIZE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00010000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_CNAME\_IN\_ADDL\_TKT} -\label{\detokenize{appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT:kdc-opt-cname-in-addl-tkt}}\label{\detokenize{appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT:kdc-opt-cname-in-addl-tkt-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT::doc}}\index{KDC\_OPT\_CNAME\_IN\_ADDL\_TKT (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_CNAME\_IN\_ADDL\_TKT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_CNAME_IN_ADDL_TKT:KDC_OPT_CNAME_IN_ADDL_TKT}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_CNAME\_IN\_ADDL\_TKT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_CNAME\_IN\_ADDL\_TKT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00020000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_DISABLE\_TRANSITED\_CHECK} -\label{\detokenize{appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK:kdc-opt-disable-transited-check}}\label{\detokenize{appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK:kdc-opt-disable-transited-check-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK::doc}}\index{KDC\_OPT\_DISABLE\_TRANSITED\_CHECK (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_DISABLE\_TRANSITED\_CHECK}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_DISABLE_TRANSITED_CHECK:KDC_OPT_DISABLE_TRANSITED_CHECK}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_DISABLE\_TRANSITED\_CHECK}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_DISABLE\_TRANSITED\_CHECK}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000020}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_ENC\_TKT\_IN\_SKEY} -\label{\detokenize{appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY:kdc-opt-enc-tkt-in-skey}}\label{\detokenize{appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY:kdc-opt-enc-tkt-in-skey-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY::doc}}\index{KDC\_OPT\_ENC\_TKT\_IN\_SKEY (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_ENC\_TKT\_IN\_SKEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_ENC_TKT_IN_SKEY:KDC_OPT_ENC_TKT_IN_SKEY}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_ENC\_TKT\_IN\_SKEY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_ENC\_TKT\_IN\_SKEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000008}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_FORWARDABLE} -\label{\detokenize{appdev/refs/macros/KDC_OPT_FORWARDABLE:kdc-opt-forwardable}}\label{\detokenize{appdev/refs/macros/KDC_OPT_FORWARDABLE:kdc-opt-forwardable-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_FORWARDABLE::doc}}\index{KDC\_OPT\_FORWARDABLE (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_FORWARDABLE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_FORWARDABLE:KDC_OPT_FORWARDABLE}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_FORWARDABLE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_FORWARDABLE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x40000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_FORWARDED} -\label{\detokenize{appdev/refs/macros/KDC_OPT_FORWARDED:kdc-opt-forwarded}}\label{\detokenize{appdev/refs/macros/KDC_OPT_FORWARDED:kdc-opt-forwarded-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_FORWARDED::doc}}\index{KDC\_OPT\_FORWARDED (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_FORWARDED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_FORWARDED:KDC_OPT_FORWARDED}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_FORWARDED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_FORWARDED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x20000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_POSTDATED} -\label{\detokenize{appdev/refs/macros/KDC_OPT_POSTDATED:kdc-opt-postdated}}\label{\detokenize{appdev/refs/macros/KDC_OPT_POSTDATED:kdc-opt-postdated-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_POSTDATED::doc}}\index{KDC\_OPT\_POSTDATED (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_POSTDATED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_POSTDATED:KDC_OPT_POSTDATED}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_POSTDATED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_POSTDATED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x02000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_PROXIABLE} -\label{\detokenize{appdev/refs/macros/KDC_OPT_PROXIABLE:kdc-opt-proxiable}}\label{\detokenize{appdev/refs/macros/KDC_OPT_PROXIABLE:kdc-opt-proxiable-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_PROXIABLE::doc}}\index{KDC\_OPT\_PROXIABLE (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_PROXIABLE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_PROXIABLE:KDC_OPT_PROXIABLE}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_PROXIABLE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_PROXIABLE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x10000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_PROXY} -\label{\detokenize{appdev/refs/macros/KDC_OPT_PROXY:kdc-opt-proxy}}\label{\detokenize{appdev/refs/macros/KDC_OPT_PROXY:kdc-opt-proxy-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_PROXY::doc}}\index{KDC\_OPT\_PROXY (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_PROXY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_PROXY:KDC_OPT_PROXY}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_PROXY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_PROXY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x08000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_RENEW} -\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEW:kdc-opt-renew}}\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEW:kdc-opt-renew-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEW::doc}}\index{KDC\_OPT\_RENEW (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_RENEW}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEW:KDC_OPT_RENEW}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_RENEW}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_RENEW}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_RENEWABLE} -\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEWABLE:kdc-opt-renewable}}\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEWABLE:kdc-opt-renewable-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEWABLE::doc}}\index{KDC\_OPT\_RENEWABLE (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_RENEWABLE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEWABLE:KDC_OPT_RENEWABLE}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_RENEWABLE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_RENEWABLE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00800000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_RENEWABLE\_OK} -\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEWABLE_OK:kdc-opt-renewable-ok}}\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEWABLE_OK:kdc-opt-renewable-ok-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEWABLE_OK::doc}}\index{KDC\_OPT\_RENEWABLE\_OK (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_RENEWABLE\_OK}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_RENEWABLE_OK:KDC_OPT_RENEWABLE_OK}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_RENEWABLE\_OK}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_RENEWABLE\_OK}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000010}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_REQUEST\_ANONYMOUS} -\label{\detokenize{appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS:kdc-opt-request-anonymous}}\label{\detokenize{appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS:kdc-opt-request-anonymous-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS::doc}}\index{KDC\_OPT\_REQUEST\_ANONYMOUS (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_REQUEST\_ANONYMOUS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_REQUEST_ANONYMOUS:KDC_OPT_REQUEST_ANONYMOUS}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_REQUEST\_ANONYMOUS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_REQUEST\_ANONYMOUS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00008000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_OPT\_VALIDATE} -\label{\detokenize{appdev/refs/macros/KDC_OPT_VALIDATE:kdc-opt-validate}}\label{\detokenize{appdev/refs/macros/KDC_OPT_VALIDATE:kdc-opt-validate-data}}\label{\detokenize{appdev/refs/macros/KDC_OPT_VALIDATE::doc}}\index{KDC\_OPT\_VALIDATE (built\sphinxhyphen{}in variable)@\spxentry{KDC\_OPT\_VALIDATE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_OPT_VALIDATE:KDC_OPT_VALIDATE}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_OPT\_VALIDATE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_OPT\_VALIDATE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KDC\_TKT\_COMMON\_MASK} -\label{\detokenize{appdev/refs/macros/KDC_TKT_COMMON_MASK:kdc-tkt-common-mask}}\label{\detokenize{appdev/refs/macros/KDC_TKT_COMMON_MASK:kdc-tkt-common-mask-data}}\label{\detokenize{appdev/refs/macros/KDC_TKT_COMMON_MASK::doc}}\index{KDC\_TKT\_COMMON\_MASK (built\sphinxhyphen{}in variable)@\spxentry{KDC\_TKT\_COMMON\_MASK}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KDC_TKT_COMMON_MASK:KDC_TKT_COMMON_MASK}}\pysigline{\sphinxbfcode{\sphinxupquote{KDC\_TKT\_COMMON\_MASK}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KDC\_TKT\_COMMON\_MASK}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x54800000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_ALTAUTH\_ATT\_CHALLENGE\_RESPONSE} -\label{\detokenize{appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE:krb5-altauth-att-challenge-response}}\label{\detokenize{appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE:krb5-altauth-att-challenge-response-data}}\label{\detokenize{appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE::doc}}\index{KRB5\_ALTAUTH\_ATT\_CHALLENGE\_RESPONSE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_ALTAUTH\_ATT\_CHALLENGE\_RESPONSE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE:KRB5_ALTAUTH_ATT_CHALLENGE_RESPONSE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_ALTAUTH\_ATT\_CHALLENGE\_RESPONSE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -alternate authentication types - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_ALTAUTH\_ATT\_CHALLENGE\_RESPONSE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{64}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_ANONYMOUS\_PRINCSTR} -\label{\detokenize{appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR:krb5-anonymous-princstr}}\label{\detokenize{appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR:krb5-anonymous-princstr-data}}\label{\detokenize{appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR::doc}}\index{KRB5\_ANONYMOUS\_PRINCSTR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_ANONYMOUS\_PRINCSTR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_ANONYMOUS_PRINCSTR:KRB5_ANONYMOUS_PRINCSTR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_ANONYMOUS\_PRINCSTR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Anonymous principal name. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_ANONYMOUS\_PRINCSTR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{"ANONYMOUS"}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_ANONYMOUS\_REALMSTR} -\label{\detokenize{appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR:krb5-anonymous-realmstr}}\label{\detokenize{appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR:krb5-anonymous-realmstr-data}}\label{\detokenize{appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR::doc}}\index{KRB5\_ANONYMOUS\_REALMSTR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_ANONYMOUS\_REALMSTR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_ANONYMOUS_REALMSTR:KRB5_ANONYMOUS_REALMSTR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_ANONYMOUS\_REALMSTR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Anonymous realm. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_ANONYMOUS\_REALMSTR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{"WELLKNOWN:ANONYMOUS"}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AP\_REP} -\label{\detokenize{appdev/refs/macros/KRB5_AP_REP:krb5-ap-rep}}\label{\detokenize{appdev/refs/macros/KRB5_AP_REP:krb5-ap-rep-data}}\label{\detokenize{appdev/refs/macros/KRB5_AP_REP::doc}}\index{KRB5\_AP\_REP (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AP\_REP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AP_REP:KRB5_AP_REP}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AP\_REP}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Response to mutual AP request. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AP\_REP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((krb5\_msgtype)15)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AP\_REQ} -\label{\detokenize{appdev/refs/macros/KRB5_AP_REQ:krb5-ap-req}}\label{\detokenize{appdev/refs/macros/KRB5_AP_REQ:krb5-ap-req-data}}\label{\detokenize{appdev/refs/macros/KRB5_AP_REQ::doc}}\index{KRB5\_AP\_REQ (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AP\_REQ}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AP_REQ:KRB5_AP_REQ}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AP\_REQ}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Auth req to application server. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AP\_REQ}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((krb5\_msgtype)14)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AS\_REP} -\label{\detokenize{appdev/refs/macros/KRB5_AS_REP:krb5-as-rep}}\label{\detokenize{appdev/refs/macros/KRB5_AS_REP:krb5-as-rep-data}}\label{\detokenize{appdev/refs/macros/KRB5_AS_REP::doc}}\index{KRB5\_AS\_REP (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AS\_REP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AS_REP:KRB5_AS_REP}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AS\_REP}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Response to AS request. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AS\_REP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((krb5\_msgtype)11)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AS\_REQ} -\label{\detokenize{appdev/refs/macros/KRB5_AS_REQ:krb5-as-req}}\label{\detokenize{appdev/refs/macros/KRB5_AS_REQ:krb5-as-req-data}}\label{\detokenize{appdev/refs/macros/KRB5_AS_REQ::doc}}\index{KRB5\_AS\_REQ (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AS\_REQ}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AS_REQ:KRB5_AS_REQ}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AS\_REQ}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Initial authentication request. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AS\_REQ}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((krb5\_msgtype)10)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_AND\_OR} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AND_OR:krb5-authdata-and-or}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AND_OR:krb5-authdata-and-or-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AND_OR::doc}}\index{KRB5\_AUTHDATA\_AND\_OR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_AND\_OR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AND_OR:KRB5_AUTHDATA_AND_OR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_AND\_OR}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_AND\_OR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{5}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_AP\_OPTIONS} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS:krb5-authdata-ap-options}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS:krb5-authdata-ap-options-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS::doc}}\index{KRB5\_AUTHDATA\_AP\_OPTIONS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_AP\_OPTIONS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AP_OPTIONS:KRB5_AUTHDATA_AP_OPTIONS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_AP\_OPTIONS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_AP\_OPTIONS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{143}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_AUTH\_INDICATOR} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR:krb5-authdata-auth-indicator}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR:krb5-authdata-auth-indicator-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR::doc}}\index{KRB5\_AUTHDATA\_AUTH\_INDICATOR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_AUTH\_INDICATOR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_AUTH_INDICATOR:KRB5_AUTHDATA_AUTH_INDICATOR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_AUTH\_INDICATOR}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_AUTH\_INDICATOR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{97}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_CAMMAC} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_CAMMAC:krb5-authdata-cammac}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_CAMMAC:krb5-authdata-cammac-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_CAMMAC::doc}}\index{KRB5\_AUTHDATA\_CAMMAC (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_CAMMAC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_CAMMAC:KRB5_AUTHDATA_CAMMAC}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_CAMMAC}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_CAMMAC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{96}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_ETYPE\_NEGOTIATION} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION:krb5-authdata-etype-negotiation}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION:krb5-authdata-etype-negotiation-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION::doc}}\index{KRB5\_AUTHDATA\_ETYPE\_NEGOTIATION (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_ETYPE\_NEGOTIATION}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_ETYPE_NEGOTIATION:KRB5_AUTHDATA_ETYPE_NEGOTIATION}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_ETYPE\_NEGOTIATION}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 4537. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_ETYPE\_NEGOTIATION}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{129}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_FX\_ARMOR} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR:krb5-authdata-fx-armor}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR:krb5-authdata-fx-armor-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR::doc}}\index{KRB5\_AUTHDATA\_FX\_ARMOR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_FX\_ARMOR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_FX_ARMOR:KRB5_AUTHDATA_FX_ARMOR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_FX\_ARMOR}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_FX\_ARMOR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{71}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_IF\_RELEVANT} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT:krb5-authdata-if-relevant}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT:krb5-authdata-if-relevant-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT::doc}}\index{KRB5\_AUTHDATA\_IF\_RELEVANT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_IF\_RELEVANT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_IF_RELEVANT:KRB5_AUTHDATA_IF_RELEVANT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_IF\_RELEVANT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_IF\_RELEVANT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_INITIAL\_VERIFIED\_CAS} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS:krb5-authdata-initial-verified-cas}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS:krb5-authdata-initial-verified-cas-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS::doc}}\index{KRB5\_AUTHDATA\_INITIAL\_VERIFIED\_CAS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_INITIAL\_VERIFIED\_CAS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_INITIAL_VERIFIED_CAS:KRB5_AUTHDATA_INITIAL_VERIFIED_CAS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_INITIAL\_VERIFIED\_CAS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_INITIAL\_VERIFIED\_CAS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{9}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_KDC\_ISSUED} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED:krb5-authdata-kdc-issued}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED:krb5-authdata-kdc-issued-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED::doc}}\index{KRB5\_AUTHDATA\_KDC\_ISSUED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_KDC\_ISSUED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_KDC_ISSUED:KRB5_AUTHDATA_KDC_ISSUED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_KDC\_ISSUED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_KDC\_ISSUED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_MANDATORY\_FOR\_KDC} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC:krb5-authdata-mandatory-for-kdc}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC:krb5-authdata-mandatory-for-kdc-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC::doc}}\index{KRB5\_AUTHDATA\_MANDATORY\_FOR\_KDC (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_MANDATORY\_FOR\_KDC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_MANDATORY_FOR_KDC:KRB5_AUTHDATA_MANDATORY_FOR_KDC}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_MANDATORY\_FOR\_KDC}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_MANDATORY\_FOR\_KDC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{8}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_OSF\_DCE} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE:krb5-authdata-osf-dce}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE:krb5-authdata-osf-dce-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE::doc}}\index{KRB5\_AUTHDATA\_OSF\_DCE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_OSF\_DCE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_OSF_DCE:KRB5_AUTHDATA_OSF_DCE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_OSF\_DCE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_OSF\_DCE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{64}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_SESAME} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_SESAME:krb5-authdata-sesame}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_SESAME:krb5-authdata-sesame-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_SESAME::doc}}\index{KRB5\_AUTHDATA\_SESAME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_SESAME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_SESAME:KRB5_AUTHDATA_SESAME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_SESAME}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_SESAME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{65}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_SIGNTICKET} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET:krb5-authdata-signticket}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET:krb5-authdata-signticket-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET::doc}}\index{KRB5\_AUTHDATA\_SIGNTICKET (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_SIGNTICKET}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_SIGNTICKET:KRB5_AUTHDATA_SIGNTICKET}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_SIGNTICKET}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_SIGNTICKET}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{512}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTHDATA\_WIN2K\_PAC} -\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC:krb5-authdata-win2k-pac}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC:krb5-authdata-win2k-pac-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC::doc}}\index{KRB5\_AUTHDATA\_WIN2K\_PAC (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTHDATA\_WIN2K\_PAC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTHDATA_WIN2K_PAC:KRB5_AUTHDATA_WIN2K_PAC}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTHDATA\_WIN2K\_PAC}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTHDATA\_WIN2K\_PAC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{128}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE} -\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:krb5-auth-context-do-sequence}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:krb5-auth-context-do-sequence-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE::doc}}\index{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_SEQUENCE:KRB5_AUTH_CONTEXT_DO_SEQUENCE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Prevent replays with sequence numbers. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_DO\_SEQUENCE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000004}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTH\_CONTEXT\_DO\_TIME} -\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:krb5-auth-context-do-time}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:krb5-auth-context-do-time-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME::doc}}\index{KRB5\_AUTH\_CONTEXT\_DO\_TIME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTH\_CONTEXT\_DO\_TIME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_DO_TIME:KRB5_AUTH_CONTEXT_DO_TIME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_DO\_TIME}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Prevent replays with timestamps and replay cache. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_DO\_TIME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR} -\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR:krb5-auth-context-generate-local-addr}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR:krb5-auth-context-generate-local-addr-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR::doc}}\index{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR:KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Generate the local network address. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_ADDR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR} -\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR:krb5-auth-context-generate-local-full-addr}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR:krb5-auth-context-generate-local-full-addr-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR::doc}}\index{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR:KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Generate the local network address and the local port. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_GENERATE\_LOCAL\_FULL\_ADDR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000004}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR} -\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR:krb5-auth-context-generate-remote-addr}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR:krb5-auth-context-generate-remote-addr-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR::doc}}\index{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR:KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Generate the remote network address. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_ADDR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR} -\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR:krb5-auth-context-generate-remote-full-addr}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR:krb5-auth-context-generate-remote-full-addr-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR::doc}}\index{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR:KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Generate the remote network address and the remote port. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_GENERATE\_REMOTE\_FULL\_ADDR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000008}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTH\_CONTEXT\_PERMIT\_ALL} -\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL:krb5-auth-context-permit-all}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL:krb5-auth-context-permit-all-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL::doc}}\index{KRB5\_AUTH\_CONTEXT\_PERMIT\_ALL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTH\_CONTEXT\_PERMIT\_ALL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_PERMIT_ALL:KRB5_AUTH_CONTEXT_PERMIT_ALL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_PERMIT\_ALL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_PERMIT\_ALL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000010}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE} -\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:krb5-auth-context-ret-sequence}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:krb5-auth-context-ret-sequence-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE::doc}}\index{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_SEQUENCE:KRB5_AUTH_CONTEXT_RET_SEQUENCE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Save sequence numbers for application. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_RET\_SEQUENCE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000008}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTH\_CONTEXT\_RET\_TIME} -\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:krb5-auth-context-ret-time}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:krb5-auth-context-ret-time-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME::doc}}\index{KRB5\_AUTH\_CONTEXT\_RET\_TIME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTH\_CONTEXT\_RET\_TIME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_RET_TIME:KRB5_AUTH_CONTEXT_RET_TIME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_RET\_TIME}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Save timestamps for application. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_RET\_TIME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_AUTH\_CONTEXT\_USE\_SUBKEY} -\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY:krb5-auth-context-use-subkey}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY:krb5-auth-context-use-subkey-data}}\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY::doc}}\index{KRB5\_AUTH\_CONTEXT\_USE\_SUBKEY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_AUTH\_CONTEXT\_USE\_SUBKEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_AUTH_CONTEXT_USE_SUBKEY:KRB5_AUTH_CONTEXT_USE_SUBKEY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_USE\_SUBKEY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_AUTH\_CONTEXT\_USE\_SUBKEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000020}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_CRED} -\label{\detokenize{appdev/refs/macros/KRB5_CRED:krb5-cred}}\label{\detokenize{appdev/refs/macros/KRB5_CRED:krb5-cred-data}}\label{\detokenize{appdev/refs/macros/KRB5_CRED::doc}}\index{KRB5\_CRED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_CRED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_CRED:KRB5_CRED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_CRED}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Cred forwarding message. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_CRED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((krb5\_msgtype)22)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_CRYPTO\_TYPE\_CHECKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:krb5-crypto-type-checksum}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:krb5-crypto-type-checksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM::doc}}\index{KRB5\_CRYPTO\_TYPE\_CHECKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_CRYPTO\_TYPE\_CHECKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_CHECKSUM:KRB5_CRYPTO_TYPE_CHECKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_CHECKSUM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -{[}out{]} checksum for MIC - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_CHECKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{6}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_CRYPTO\_TYPE\_DATA} -\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA:krb5-crypto-type-data}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA:krb5-crypto-type-data-data}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA::doc}}\index{KRB5\_CRYPTO\_TYPE\_DATA (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_CRYPTO\_TYPE\_DATA}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_DATA:KRB5_CRYPTO_TYPE_DATA}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_DATA}}} -\end{fulllineitems} - - -\sphinxAtStartPar -{[}in, out{]} plaintext - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_DATA}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_CRYPTO\_TYPE\_EMPTY} -\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY:krb5-crypto-type-empty}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY:krb5-crypto-type-empty-data}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY::doc}}\index{KRB5\_CRYPTO\_TYPE\_EMPTY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_CRYPTO\_TYPE\_EMPTY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_EMPTY:KRB5_CRYPTO_TYPE_EMPTY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_EMPTY}}} -\end{fulllineitems} - - -\sphinxAtStartPar -{[}in{]} ignored - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_EMPTY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_CRYPTO\_TYPE\_HEADER} -\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER:krb5-crypto-type-header}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER:krb5-crypto-type-header-data}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER::doc}}\index{KRB5\_CRYPTO\_TYPE\_HEADER (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_CRYPTO\_TYPE\_HEADER}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_HEADER:KRB5_CRYPTO_TYPE_HEADER}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_HEADER}}} -\end{fulllineitems} - - -\sphinxAtStartPar -{[}out{]} header - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_HEADER}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_CRYPTO\_TYPE\_PADDING} -\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING:krb5-crypto-type-padding}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING:krb5-crypto-type-padding-data}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING::doc}}\index{KRB5\_CRYPTO\_TYPE\_PADDING (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_CRYPTO\_TYPE\_PADDING}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_PADDING:KRB5_CRYPTO_TYPE_PADDING}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_PADDING}}} -\end{fulllineitems} - - -\sphinxAtStartPar -{[}out{]} padding - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_PADDING}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY} -\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:krb5-crypto-type-sign-only}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:krb5-crypto-type-sign-only-data}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY::doc}}\index{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_SIGN_ONLY:KRB5_CRYPTO_TYPE_SIGN_ONLY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY}}} -\end{fulllineitems} - - -\sphinxAtStartPar -{[}in{]} associated data - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_SIGN\_ONLY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{3}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_CRYPTO\_TYPE\_STREAM} -\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM:krb5-crypto-type-stream}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM:krb5-crypto-type-stream-data}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM::doc}}\index{KRB5\_CRYPTO\_TYPE\_STREAM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_CRYPTO\_TYPE\_STREAM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_STREAM:KRB5_CRYPTO_TYPE_STREAM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_STREAM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -{[}in{]} entire message without decomposing the structure into header, data and trailer buffers - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_STREAM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{7}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_CRYPTO\_TYPE\_TRAILER} -\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER:krb5-crypto-type-trailer}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER:krb5-crypto-type-trailer-data}}\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER::doc}}\index{KRB5\_CRYPTO\_TYPE\_TRAILER (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_CRYPTO\_TYPE\_TRAILER}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_CRYPTO_TYPE_TRAILER:KRB5_CRYPTO_TYPE_TRAILER}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_TRAILER}}} -\end{fulllineitems} - - -\sphinxAtStartPar -{[}out{]} checksum for encrypt - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_CRYPTO\_TYPE\_TRAILER}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{5}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_CYBERSAFE\_SECUREID} -\label{\detokenize{appdev/refs/macros/KRB5_CYBERSAFE_SECUREID:krb5-cybersafe-secureid}}\label{\detokenize{appdev/refs/macros/KRB5_CYBERSAFE_SECUREID:krb5-cybersafe-secureid-data}}\label{\detokenize{appdev/refs/macros/KRB5_CYBERSAFE_SECUREID::doc}}\index{KRB5\_CYBERSAFE\_SECUREID (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_CYBERSAFE\_SECUREID}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_CYBERSAFE_SECUREID:KRB5_CYBERSAFE_SECUREID}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_CYBERSAFE\_SECUREID}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Cybersafe. - -\sphinxAtStartPar -RFC 4120 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_CYBERSAFE\_SECUREID}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{9}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_DOMAIN\_X500\_COMPRESS} -\label{\detokenize{appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS:krb5-domain-x500-compress}}\label{\detokenize{appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS:krb5-domain-x500-compress-data}}\label{\detokenize{appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS::doc}}\index{KRB5\_DOMAIN\_X500\_COMPRESS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_DOMAIN\_X500\_COMPRESS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_DOMAIN_X500_COMPRESS:KRB5_DOMAIN_X500_COMPRESS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_DOMAIN\_X500\_COMPRESS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Transited encoding types. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_DOMAIN\_X500\_COMPRESS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_ENCPADATA\_REQ\_ENC\_PA\_REP} -\label{\detokenize{appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP:krb5-encpadata-req-enc-pa-rep}}\label{\detokenize{appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP:krb5-encpadata-req-enc-pa-rep-data}}\label{\detokenize{appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP::doc}}\index{KRB5\_ENCPADATA\_REQ\_ENC\_PA\_REP (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_ENCPADATA\_REQ\_ENC\_PA\_REP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_ENCPADATA_REQ_ENC_PA_REP:KRB5_ENCPADATA_REQ_ENC_PA_REP}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_ENCPADATA\_REQ\_ENC\_PA\_REP}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6806. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_ENCPADATA\_REQ\_ENC\_PA\_REP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{149}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_ERROR} -\label{\detokenize{appdev/refs/macros/KRB5_ERROR:krb5-error}}\label{\detokenize{appdev/refs/macros/KRB5_ERROR:krb5-error-data}}\label{\detokenize{appdev/refs/macros/KRB5_ERROR::doc}}\index{KRB5\_ERROR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_ERROR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_ERROR:KRB5_ERROR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_ERROR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Error response. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_ERROR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((krb5\_msgtype)30)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_FAST\_REQUIRED} -\label{\detokenize{appdev/refs/macros/KRB5_FAST_REQUIRED:krb5-fast-required}}\label{\detokenize{appdev/refs/macros/KRB5_FAST_REQUIRED:krb5-fast-required-data}}\label{\detokenize{appdev/refs/macros/KRB5_FAST_REQUIRED::doc}}\index{KRB5\_FAST\_REQUIRED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_FAST\_REQUIRED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_FAST_REQUIRED:KRB5_FAST_REQUIRED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_FAST\_REQUIRED}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Require KDC to support FAST. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_FAST\_REQUIRED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GC\_CACHED} -\label{\detokenize{appdev/refs/macros/KRB5_GC_CACHED:krb5-gc-cached}}\label{\detokenize{appdev/refs/macros/KRB5_GC_CACHED:krb5-gc-cached-data}}\label{\detokenize{appdev/refs/macros/KRB5_GC_CACHED::doc}}\index{KRB5\_GC\_CACHED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GC\_CACHED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GC_CACHED:KRB5_GC_CACHED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GC\_CACHED}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Want cached ticket only. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GC\_CACHED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GC\_CANONICALIZE} -\label{\detokenize{appdev/refs/macros/KRB5_GC_CANONICALIZE:krb5-gc-canonicalize}}\label{\detokenize{appdev/refs/macros/KRB5_GC_CANONICALIZE:krb5-gc-canonicalize-data}}\label{\detokenize{appdev/refs/macros/KRB5_GC_CANONICALIZE::doc}}\index{KRB5\_GC\_CANONICALIZE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GC\_CANONICALIZE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GC_CANONICALIZE:KRB5_GC_CANONICALIZE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GC\_CANONICALIZE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Set canonicalize KDC option. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GC\_CANONICALIZE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GC\_CONSTRAINED\_DELEGATION} -\label{\detokenize{appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION:krb5-gc-constrained-delegation}}\label{\detokenize{appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION:krb5-gc-constrained-delegation-data}}\label{\detokenize{appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION::doc}}\index{KRB5\_GC\_CONSTRAINED\_DELEGATION (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GC\_CONSTRAINED\_DELEGATION}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GC_CONSTRAINED_DELEGATION:KRB5_GC_CONSTRAINED_DELEGATION}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GC\_CONSTRAINED\_DELEGATION}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Constrained delegation. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GC\_CONSTRAINED\_DELEGATION}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{64}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GC\_FORWARDABLE} -\label{\detokenize{appdev/refs/macros/KRB5_GC_FORWARDABLE:krb5-gc-forwardable}}\label{\detokenize{appdev/refs/macros/KRB5_GC_FORWARDABLE:krb5-gc-forwardable-data}}\label{\detokenize{appdev/refs/macros/KRB5_GC_FORWARDABLE::doc}}\index{KRB5\_GC\_FORWARDABLE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GC\_FORWARDABLE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GC_FORWARDABLE:KRB5_GC_FORWARDABLE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GC\_FORWARDABLE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Acquire forwardable tickets. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GC\_FORWARDABLE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{16}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GC\_NO\_STORE} -\label{\detokenize{appdev/refs/macros/KRB5_GC_NO_STORE:krb5-gc-no-store}}\label{\detokenize{appdev/refs/macros/KRB5_GC_NO_STORE:krb5-gc-no-store-data}}\label{\detokenize{appdev/refs/macros/KRB5_GC_NO_STORE::doc}}\index{KRB5\_GC\_NO\_STORE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GC\_NO\_STORE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GC_NO_STORE:KRB5_GC_NO_STORE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GC\_NO\_STORE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Do not store in credential cache. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GC\_NO\_STORE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{8}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GC\_NO\_TRANSIT\_CHECK} -\label{\detokenize{appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK:krb5-gc-no-transit-check}}\label{\detokenize{appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK:krb5-gc-no-transit-check-data}}\label{\detokenize{appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK::doc}}\index{KRB5\_GC\_NO\_TRANSIT\_CHECK (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GC\_NO\_TRANSIT\_CHECK}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GC_NO_TRANSIT_CHECK:KRB5_GC_NO_TRANSIT_CHECK}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GC\_NO\_TRANSIT\_CHECK}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Disable transited check. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GC\_NO\_TRANSIT\_CHECK}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{32}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GC\_USER\_USER} -\label{\detokenize{appdev/refs/macros/KRB5_GC_USER_USER:krb5-gc-user-user}}\label{\detokenize{appdev/refs/macros/KRB5_GC_USER_USER:krb5-gc-user-user-data}}\label{\detokenize{appdev/refs/macros/KRB5_GC_USER_USER::doc}}\index{KRB5\_GC\_USER\_USER (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GC\_USER\_USER}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GC_USER_USER:KRB5_GC_USER_USER}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GC\_USER\_USER}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Want user\sphinxhyphen{}user ticket. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GC\_USER\_USER}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_ADDRESS\_LIST} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST:krb5-get-init-creds-opt-address-list}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST:krb5-get-init-creds-opt-address-list-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_ADDRESS\_LIST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_ADDRESS\_LIST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST:KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_ADDRESS\_LIST}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_ADDRESS\_LIST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0020}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_ANONYMOUS} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS:krb5-get-init-creds-opt-anonymous}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS:krb5-get-init-creds-opt-anonymous-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_ANONYMOUS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_ANONYMOUS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ANONYMOUS:KRB5_GET_INIT_CREDS_OPT_ANONYMOUS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_ANONYMOUS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_ANONYMOUS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0400}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_CANONICALIZE} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE:krb5-get-init-creds-opt-canonicalize}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE:krb5-get-init-creds-opt-canonicalize-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_CANONICALIZE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_CANONICALIZE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CANONICALIZE:KRB5_GET_INIT_CREDS_OPT_CANONICALIZE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_CANONICALIZE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_CANONICALIZE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0200}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_CHG\_PWD\_PRMPT} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT:krb5-get-init-creds-opt-chg-pwd-prmpt}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT:krb5-get-init-creds-opt-chg-pwd-prmpt-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_CHG\_PWD\_PRMPT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_CHG\_PWD\_PRMPT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT:KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_CHG\_PWD\_PRMPT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_CHG\_PWD\_PRMPT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0100}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_ETYPE\_LIST} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST:krb5-get-init-creds-opt-etype-list}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST:krb5-get-init-creds-opt-etype-list-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_ETYPE\_LIST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_ETYPE\_LIST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST:KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_ETYPE\_LIST}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_ETYPE\_LIST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0010}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_FORWARDABLE} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE:krb5-get-init-creds-opt-forwardable}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE:krb5-get-init-creds-opt-forwardable-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_FORWARDABLE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_FORWARDABLE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_FORWARDABLE:KRB5_GET_INIT_CREDS_OPT_FORWARDABLE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_FORWARDABLE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_FORWARDABLE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0004}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_PREAUTH\_LIST} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST:krb5-get-init-creds-opt-preauth-list}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST:krb5-get-init-creds-opt-preauth-list-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_PREAUTH\_LIST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_PREAUTH\_LIST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST:KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_PREAUTH\_LIST}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_PREAUTH\_LIST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0040}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_PROXIABLE} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE:krb5-get-init-creds-opt-proxiable}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE:krb5-get-init-creds-opt-proxiable-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_PROXIABLE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_PROXIABLE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_PROXIABLE:KRB5_GET_INIT_CREDS_OPT_PROXIABLE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_PROXIABLE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_PROXIABLE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0008}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_RENEW\_LIFE} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE:krb5-get-init-creds-opt-renew-life}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE:krb5-get-init-creds-opt-renew-life-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_RENEW\_LIFE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_RENEW\_LIFE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE:KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_RENEW\_LIFE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_RENEW\_LIFE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_SALT} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT:krb5-get-init-creds-opt-salt}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT:krb5-get-init-creds-opt-salt-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_SALT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_SALT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_SALT:KRB5_GET_INIT_CREDS_OPT_SALT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_SALT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_SALT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0080}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_GET\_INIT\_CREDS\_OPT\_TKT\_LIFE} -\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE:krb5-get-init-creds-opt-tkt-life}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE:krb5-get-init-creds-opt-tkt-life-data}}\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE::doc}}\index{KRB5\_GET\_INIT\_CREDS\_OPT\_TKT\_LIFE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_GET\_INIT\_CREDS\_OPT\_TKT\_LIFE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_GET_INIT_CREDS_OPT_TKT_LIFE:KRB5_GET_INIT_CREDS_OPT_TKT_LIFE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_TKT\_LIFE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_GET\_INIT\_CREDS\_OPT\_TKT\_LIFE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_INIT\_CONTEXT\_SECURE} -\label{\detokenize{appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE:krb5-init-context-secure}}\label{\detokenize{appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE:krb5-init-context-secure-data}}\label{\detokenize{appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE::doc}}\index{KRB5\_INIT\_CONTEXT\_SECURE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_INIT\_CONTEXT\_SECURE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_INIT_CONTEXT_SECURE:KRB5_INIT_CONTEXT_SECURE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_INIT\_CONTEXT\_SECURE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Use secure context configuration. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_INIT\_CONTEXT\_SECURE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_INIT\_CONTEXT\_KDC} -\label{\detokenize{appdev/refs/macros/KRB5_INIT_CONTEXT_KDC:krb5-init-context-kdc}}\label{\detokenize{appdev/refs/macros/KRB5_INIT_CONTEXT_KDC:krb5-init-context-kdc-data}}\label{\detokenize{appdev/refs/macros/KRB5_INIT_CONTEXT_KDC::doc}}\index{KRB5\_INIT\_CONTEXT\_KDC (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_INIT\_CONTEXT\_KDC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_INIT_CONTEXT_KDC:KRB5_INIT_CONTEXT_KDC}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_INIT\_CONTEXT\_KDC}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Use KDC configuration if available. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_INIT\_CONTEXT\_KDC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE} -\label{\detokenize{appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE:krb5-init-creds-step-flag-continue}}\label{\detokenize{appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE:krb5-init-creds-step-flag-continue-data}}\label{\detokenize{appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE::doc}}\index{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_INIT_CREDS_STEP_FLAG_CONTINUE:KRB5_INIT_CREDS_STEP_FLAG_CONTINUE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -More responses needed. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_INIT\_CREDS\_STEP\_FLAG\_CONTINUE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_INT16\_MAX} -\label{\detokenize{appdev/refs/macros/KRB5_INT16_MAX:krb5-int16-max}}\label{\detokenize{appdev/refs/macros/KRB5_INT16_MAX:krb5-int16-max-data}}\label{\detokenize{appdev/refs/macros/KRB5_INT16_MAX::doc}}\index{KRB5\_INT16\_MAX (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_INT16\_MAX}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_INT16_MAX:KRB5_INT16_MAX}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_INT16\_MAX}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_INT16\_MAX}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{65535}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_INT16\_MIN} -\label{\detokenize{appdev/refs/macros/KRB5_INT16_MIN:krb5-int16-min}}\label{\detokenize{appdev/refs/macros/KRB5_INT16_MIN:krb5-int16-min-data}}\label{\detokenize{appdev/refs/macros/KRB5_INT16_MIN::doc}}\index{KRB5\_INT16\_MIN (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_INT16\_MIN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_INT16_MIN:KRB5_INT16_MIN}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_INT16\_MIN}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_INT16\_MIN}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(\sphinxhyphen{}KRB5\_INT16\_MAX\sphinxhyphen{}1)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_INT32\_MAX} -\label{\detokenize{appdev/refs/macros/KRB5_INT32_MAX:krb5-int32-max}}\label{\detokenize{appdev/refs/macros/KRB5_INT32_MAX:krb5-int32-max-data}}\label{\detokenize{appdev/refs/macros/KRB5_INT32_MAX::doc}}\index{KRB5\_INT32\_MAX (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_INT32\_MAX}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_INT32_MAX:KRB5_INT32_MAX}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_INT32\_MAX}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_INT32\_MAX}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2147483647}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_INT32\_MIN} -\label{\detokenize{appdev/refs/macros/KRB5_INT32_MIN:krb5-int32-min}}\label{\detokenize{appdev/refs/macros/KRB5_INT32_MIN:krb5-int32-min-data}}\label{\detokenize{appdev/refs/macros/KRB5_INT32_MIN::doc}}\index{KRB5\_INT32\_MIN (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_INT32\_MIN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_INT32_MIN:KRB5_INT32_MIN}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_INT32\_MIN}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_INT32\_MIN}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(\sphinxhyphen{}KRB5\_INT32\_MAX\sphinxhyphen{}1)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_AD\_ITE} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE:krb5-keyusage-ad-ite}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE:krb5-keyusage-ad-ite-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE::doc}}\index{KRB5\_KEYUSAGE\_AD\_ITE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_AD\_ITE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_ITE:KRB5_KEYUSAGE_AD_ITE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_AD\_ITE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_AD\_ITE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{21}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_AD\_KDCISSUED\_CKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM:krb5-keyusage-ad-kdcissued-cksum}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM:krb5-keyusage-ad-kdcissued-cksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM::doc}}\index{KRB5\_KEYUSAGE\_AD\_KDCISSUED\_CKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_AD\_KDCISSUED\_CKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM:KRB5_KEYUSAGE_AD_KDCISSUED_CKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_AD\_KDCISSUED\_CKSUM}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_AD\_KDCISSUED\_CKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{19}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_AD\_MTE} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE:krb5-keyusage-ad-mte}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE:krb5-keyusage-ad-mte-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE::doc}}\index{KRB5\_KEYUSAGE\_AD\_MTE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_AD\_MTE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_MTE:KRB5_KEYUSAGE_AD_MTE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_AD\_MTE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_AD\_MTE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{20}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_AD\_SIGNEDPATH} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH:krb5-keyusage-ad-signedpath}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH:krb5-keyusage-ad-signedpath-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH::doc}}\index{KRB5\_KEYUSAGE\_AD\_SIGNEDPATH (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_AD\_SIGNEDPATH}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AD_SIGNEDPATH:KRB5_KEYUSAGE_AD_SIGNEDPATH}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_AD\_SIGNEDPATH}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_AD\_SIGNEDPATH}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{\sphinxhyphen{}21}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_APP\_DATA\_CKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM:krb5-keyusage-app-data-cksum}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM:krb5-keyusage-app-data-cksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM::doc}}\index{KRB5\_KEYUSAGE\_APP\_DATA\_CKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_APP\_DATA\_CKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_CKSUM:KRB5_KEYUSAGE_APP_DATA_CKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_APP\_DATA\_CKSUM}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_APP\_DATA\_CKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{17}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_APP\_DATA\_ENCRYPT} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT:krb5-keyusage-app-data-encrypt}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT:krb5-keyusage-app-data-encrypt-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT::doc}}\index{KRB5\_KEYUSAGE\_APP\_DATA\_ENCRYPT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_APP\_DATA\_ENCRYPT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_APP_DATA_ENCRYPT:KRB5_KEYUSAGE_APP_DATA_ENCRYPT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_APP\_DATA\_ENCRYPT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_APP\_DATA\_ENCRYPT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{16}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_AP\_REP\_ENCPART} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART:krb5-keyusage-ap-rep-encpart}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART:krb5-keyusage-ap-rep-encpart-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART::doc}}\index{KRB5\_KEYUSAGE\_AP\_REP\_ENCPART (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_AP\_REP\_ENCPART}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REP_ENCPART:KRB5_KEYUSAGE_AP_REP_ENCPART}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_AP\_REP\_ENCPART}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_AP\_REP\_ENCPART}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{12}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH:krb5-keyusage-ap-req-auth}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH:krb5-keyusage-ap-req-auth-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH::doc}}\index{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH:KRB5_KEYUSAGE_AP_REQ_AUTH}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{11}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH\_CKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM:krb5-keyusage-ap-req-auth-cksum}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM:krb5-keyusage-ap-req-auth-cksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM::doc}}\index{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH\_CKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH\_CKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM:KRB5_KEYUSAGE_AP_REQ_AUTH_CKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH\_CKSUM}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_AP\_REQ\_AUTH\_CKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{10}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_AS\_REP\_ENCPART} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART:krb5-keyusage-as-rep-encpart}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART:krb5-keyusage-as-rep-encpart-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART::doc}}\index{KRB5\_KEYUSAGE\_AS\_REP\_ENCPART (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_AS\_REP\_ENCPART}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REP_ENCPART:KRB5_KEYUSAGE_AS_REP_ENCPART}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_AS\_REP\_ENCPART}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_AS\_REP\_ENCPART}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{3}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_AS\_REQ} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ:krb5-keyusage-as-req}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ:krb5-keyusage-as-req-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ::doc}}\index{KRB5\_KEYUSAGE\_AS\_REQ (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_AS\_REQ}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ:KRB5_KEYUSAGE_AS_REQ}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_AS\_REQ}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_AS\_REQ}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{56}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_AS\_REQ\_PA\_ENC\_TS} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS:krb5-keyusage-as-req-pa-enc-ts}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS:krb5-keyusage-as-req-pa-enc-ts-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS::doc}}\index{KRB5\_KEYUSAGE\_AS\_REQ\_PA\_ENC\_TS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_AS\_REQ\_PA\_ENC\_TS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS:KRB5_KEYUSAGE_AS_REQ_PA_ENC_TS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_AS\_REQ\_PA\_ENC\_TS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_AS\_REQ\_PA\_ENC\_TS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_CAMMAC} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC:krb5-keyusage-cammac}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC:krb5-keyusage-cammac-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC::doc}}\index{KRB5\_KEYUSAGE\_CAMMAC (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_CAMMAC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_CAMMAC:KRB5_KEYUSAGE_CAMMAC}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_CAMMAC}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_CAMMAC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{64}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_CLIENT} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT:krb5-keyusage-enc-challenge-client}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT:krb5-keyusage-enc-challenge-client-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT::doc}}\index{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_CLIENT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_CLIENT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT:KRB5_KEYUSAGE_ENC_CHALLENGE_CLIENT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_CLIENT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_CLIENT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{54}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_KDC} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC:krb5-keyusage-enc-challenge-kdc}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC:krb5-keyusage-enc-challenge-kdc-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC::doc}}\index{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_KDC (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_KDC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_ENC_CHALLENGE_KDC:KRB5_KEYUSAGE_ENC_CHALLENGE_KDC}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_KDC}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_ENC\_CHALLENGE\_KDC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{55}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_FAST\_ENC} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC:krb5-keyusage-fast-enc}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC:krb5-keyusage-fast-enc-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC::doc}}\index{KRB5\_KEYUSAGE\_FAST\_ENC (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_FAST\_ENC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_ENC:KRB5_KEYUSAGE_FAST_ENC}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_FAST\_ENC}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_FAST\_ENC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{51}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_FAST\_FINISHED} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED:krb5-keyusage-fast-finished}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED:krb5-keyusage-fast-finished-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED::doc}}\index{KRB5\_KEYUSAGE\_FAST\_FINISHED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_FAST\_FINISHED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_FINISHED:KRB5_KEYUSAGE_FAST_FINISHED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_FAST\_FINISHED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_FAST\_FINISHED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{53}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_FAST\_REP} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP:krb5-keyusage-fast-rep}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP:krb5-keyusage-fast-rep-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP::doc}}\index{KRB5\_KEYUSAGE\_FAST\_REP (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_FAST\_REP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REP:KRB5_KEYUSAGE_FAST_REP}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_FAST\_REP}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_FAST\_REP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{52}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_FAST\_REQ\_CHKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM:krb5-keyusage-fast-req-chksum}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM:krb5-keyusage-fast-req-chksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM::doc}}\index{KRB5\_KEYUSAGE\_FAST\_REQ\_CHKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_FAST\_REQ\_CHKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_FAST_REQ_CHKSUM:KRB5_KEYUSAGE_FAST_REQ_CHKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_FAST\_REQ\_CHKSUM}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_FAST\_REQ\_CHKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{50}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_GSS\_TOK\_MIC} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC:krb5-keyusage-gss-tok-mic}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC:krb5-keyusage-gss-tok-mic-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC::doc}}\index{KRB5\_KEYUSAGE\_GSS\_TOK\_MIC (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_GSS\_TOK\_MIC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_MIC:KRB5_KEYUSAGE_GSS_TOK_MIC}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_GSS\_TOK\_MIC}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_GSS\_TOK\_MIC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{22}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_INTEG} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG:krb5-keyusage-gss-tok-wrap-integ}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG:krb5-keyusage-gss-tok-wrap-integ-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG::doc}}\index{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_INTEG (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_INTEG}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG:KRB5_KEYUSAGE_GSS_TOK_WRAP_INTEG}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_INTEG}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_INTEG}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{23}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_PRIV} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV:krb5-keyusage-gss-tok-wrap-priv}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV:krb5-keyusage-gss-tok-wrap-priv-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV::doc}}\index{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_PRIV (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_PRIV}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV:KRB5_KEYUSAGE_GSS_TOK_WRAP_PRIV}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_PRIV}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_GSS\_TOK\_WRAP\_PRIV}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{24}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_IAKERB\_FINISHED} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED:krb5-keyusage-iakerb-finished}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED:krb5-keyusage-iakerb-finished-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED::doc}}\index{KRB5\_KEYUSAGE\_IAKERB\_FINISHED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_IAKERB\_FINISHED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_IAKERB_FINISHED:KRB5_KEYUSAGE_IAKERB_FINISHED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_IAKERB\_FINISHED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_IAKERB\_FINISHED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{42}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_KDC\_REP\_TICKET} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET:krb5-keyusage-kdc-rep-ticket}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET:krb5-keyusage-kdc-rep-ticket-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET::doc}}\index{KRB5\_KEYUSAGE\_KDC\_REP\_TICKET (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_KDC\_REP\_TICKET}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KDC_REP_TICKET:KRB5_KEYUSAGE_KDC_REP_TICKET}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_KDC\_REP\_TICKET}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_KDC\_REP\_TICKET}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_KRB\_CRED\_ENCPART} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART:krb5-keyusage-krb-cred-encpart}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART:krb5-keyusage-krb-cred-encpart-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART::doc}}\index{KRB5\_KEYUSAGE\_KRB\_CRED\_ENCPART (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_KRB\_CRED\_ENCPART}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_CRED_ENCPART:KRB5_KEYUSAGE_KRB_CRED_ENCPART}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_KRB\_CRED\_ENCPART}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_KRB\_CRED\_ENCPART}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{14}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_KRB\_ERROR\_CKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM:krb5-keyusage-krb-error-cksum}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM:krb5-keyusage-krb-error-cksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM::doc}}\index{KRB5\_KEYUSAGE\_KRB\_ERROR\_CKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_KRB\_ERROR\_CKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_ERROR_CKSUM:KRB5_KEYUSAGE_KRB_ERROR_CKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_KRB\_ERROR\_CKSUM}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_KRB\_ERROR\_CKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{18}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_KRB\_PRIV\_ENCPART} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART:krb5-keyusage-krb-priv-encpart}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART:krb5-keyusage-krb-priv-encpart-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART::doc}}\index{KRB5\_KEYUSAGE\_KRB\_PRIV\_ENCPART (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_KRB\_PRIV\_ENCPART}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_PRIV_ENCPART:KRB5_KEYUSAGE_KRB_PRIV_ENCPART}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_KRB\_PRIV\_ENCPART}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_KRB\_PRIV\_ENCPART}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{13}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_KRB\_SAFE\_CKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM:krb5-keyusage-krb-safe-cksum}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM:krb5-keyusage-krb-safe-cksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM::doc}}\index{KRB5\_KEYUSAGE\_KRB\_SAFE\_CKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_KRB\_SAFE\_CKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_KRB_SAFE_CKSUM:KRB5_KEYUSAGE_KRB_SAFE_CKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_KRB\_SAFE\_CKSUM}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_KRB\_SAFE\_CKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{15}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_PA\_AS\_FRESHNESS} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS:krb5-keyusage-pa-as-freshness}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS:krb5-keyusage-pa-as-freshness-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS::doc}}\index{KRB5\_KEYUSAGE\_PA\_AS\_FRESHNESS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_PA\_AS\_FRESHNESS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_AS_FRESHNESS:KRB5_KEYUSAGE_PA_AS_FRESHNESS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_AS\_FRESHNESS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Used for freshness tokens. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_AS\_FRESHNESS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{514}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_PA\_FX\_COOKIE} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE:krb5-keyusage-pa-fx-cookie}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE:krb5-keyusage-pa-fx-cookie-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE::doc}}\index{KRB5\_KEYUSAGE\_PA\_FX\_COOKIE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_PA\_FX\_COOKIE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_FX_COOKIE:KRB5_KEYUSAGE_PA_FX_COOKIE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_FX\_COOKIE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Used for encrypted FAST cookies. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_FX\_COOKIE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{513}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_PA\_OTP\_REQUEST} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST:krb5-keyusage-pa-otp-request}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST:krb5-keyusage-pa-otp-request-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST::doc}}\index{KRB5\_KEYUSAGE\_PA\_OTP\_REQUEST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_PA\_OTP\_REQUEST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_OTP_REQUEST:KRB5_KEYUSAGE_PA_OTP_REQUEST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_OTP\_REQUEST}}} -\end{fulllineitems} - - -\sphinxAtStartPar -See RFC 6560 section 4.2. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_OTP\_REQUEST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{45}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_PA\_PKINIT\_KX} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX:krb5-keyusage-pa-pkinit-kx}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX:krb5-keyusage-pa-pkinit-kx-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX::doc}}\index{KRB5\_KEYUSAGE\_PA\_PKINIT\_KX (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_PA\_PKINIT\_KX}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_PKINIT_KX:KRB5_KEYUSAGE_PA_PKINIT_KX}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_PKINIT\_KX}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_PKINIT\_KX}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{44}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REPLY} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY:krb5-keyusage-pa-s4u-x509-user-reply}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY:krb5-keyusage-pa-s4u-x509-user-reply-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY::doc}}\index{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REPLY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REPLY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY:KRB5_KEYUSAGE_PA_S4U_X509_USER_REPLY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REPLY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REPLY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{27}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REQUEST} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST:krb5-keyusage-pa-s4u-x509-user-request}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST:krb5-keyusage-pa-s4u-x509-user-request-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST::doc}}\index{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REQUEST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REQUEST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST:KRB5_KEYUSAGE_PA_S4U_X509_USER_REQUEST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REQUEST}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_S4U\_X509\_USER\_REQUEST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{26}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_CKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM:krb5-keyusage-pa-sam-challenge-cksum}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM:krb5-keyusage-pa-sam-challenge-cksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM::doc}}\index{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_CKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_CKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM:KRB5_KEYUSAGE_PA_SAM_CHALLENGE_CKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_CKSUM}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_CKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{25}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_TRACKID} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID:krb5-keyusage-pa-sam-challenge-trackid}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID:krb5-keyusage-pa-sam-challenge-trackid-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID::doc}}\index{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_TRACKID (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_TRACKID}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID:KRB5_KEYUSAGE_PA_SAM_CHALLENGE_TRACKID}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_TRACKID}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_SAM\_CHALLENGE\_TRACKID}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{26}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_PA\_SAM\_RESPONSE} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE:krb5-keyusage-pa-sam-response}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE:krb5-keyusage-pa-sam-response-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE::doc}}\index{KRB5\_KEYUSAGE\_PA\_SAM\_RESPONSE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_PA\_SAM\_RESPONSE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_PA_SAM_RESPONSE:KRB5_KEYUSAGE_PA_SAM_RESPONSE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_SAM\_RESPONSE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_PA\_SAM\_RESPONSE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{27}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_SPAKE} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_SPAKE:krb5-keyusage-spake}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_SPAKE:krb5-keyusage-spake-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_SPAKE::doc}}\index{KRB5\_KEYUSAGE\_SPAKE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_SPAKE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_SPAKE:KRB5_KEYUSAGE_SPAKE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_SPAKE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_SPAKE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{65}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SESSKEY} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY:krb5-keyusage-tgs-rep-encpart-sesskey}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY:krb5-keyusage-tgs-rep-encpart-sesskey-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY::doc}}\index{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SESSKEY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SESSKEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY:KRB5_KEYUSAGE_TGS_REP_ENCPART_SESSKEY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SESSKEY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SESSKEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{8}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SUBKEY} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY:krb5-keyusage-tgs-rep-encpart-subkey}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY:krb5-keyusage-tgs-rep-encpart-subkey-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY::doc}}\index{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SUBKEY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SUBKEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY:KRB5_KEYUSAGE_TGS_REP_ENCPART_SUBKEY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SUBKEY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REP\_ENCPART\_SUBKEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{9}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SESSKEY} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY:krb5-keyusage-tgs-req-ad-sesskey}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY:krb5-keyusage-tgs-req-ad-sesskey-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY::doc}}\index{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SESSKEY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SESSKEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY:KRB5_KEYUSAGE_TGS_REQ_AD_SESSKEY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SESSKEY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SESSKEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SUBKEY} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY:krb5-keyusage-tgs-req-ad-subkey}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY:krb5-keyusage-tgs-req-ad-subkey-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY::doc}}\index{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SUBKEY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SUBKEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY:KRB5_KEYUSAGE_TGS_REQ_AD_SUBKEY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SUBKEY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REQ\_AD\_SUBKEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{5}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH:krb5-keyusage-tgs-req-auth}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH:krb5-keyusage-tgs-req-auth-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH::doc}}\index{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH:KRB5_KEYUSAGE_TGS_REQ_AUTH}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{7}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH\_CKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM:krb5-keyusage-tgs-req-auth-cksum}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM:krb5-keyusage-tgs-req-auth-cksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM::doc}}\index{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH\_CKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH\_CKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM:KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH\_CKSUM}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KEYUSAGE\_TGS\_REQ\_AUTH\_CKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{6}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KPASSWD\_ACCESSDENIED} -\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED:krb5-kpasswd-accessdenied}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED:krb5-kpasswd-accessdenied-data}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED::doc}}\index{KRB5\_KPASSWD\_ACCESSDENIED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KPASSWD\_ACCESSDENIED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_ACCESSDENIED:KRB5_KPASSWD_ACCESSDENIED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KPASSWD\_ACCESSDENIED}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Not authorized. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KPASSWD\_ACCESSDENIED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{5}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KPASSWD\_AUTHERROR} -\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_AUTHERROR:krb5-kpasswd-autherror}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_AUTHERROR:krb5-kpasswd-autherror-data}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_AUTHERROR::doc}}\index{KRB5\_KPASSWD\_AUTHERROR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KPASSWD\_AUTHERROR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_AUTHERROR:KRB5_KPASSWD_AUTHERROR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KPASSWD\_AUTHERROR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Authentication error. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KPASSWD\_AUTHERROR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{3}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KPASSWD\_BAD\_VERSION} -\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION:krb5-kpasswd-bad-version}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION:krb5-kpasswd-bad-version-data}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION::doc}}\index{KRB5\_KPASSWD\_BAD\_VERSION (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KPASSWD\_BAD\_VERSION}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_BAD_VERSION:KRB5_KPASSWD_BAD_VERSION}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KPASSWD\_BAD\_VERSION}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Unknown RPC version. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KPASSWD\_BAD\_VERSION}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{6}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KPASSWD\_HARDERROR} -\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_HARDERROR:krb5-kpasswd-harderror}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_HARDERROR:krb5-kpasswd-harderror-data}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_HARDERROR::doc}}\index{KRB5\_KPASSWD\_HARDERROR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KPASSWD\_HARDERROR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_HARDERROR:KRB5_KPASSWD_HARDERROR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KPASSWD\_HARDERROR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Server error. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KPASSWD\_HARDERROR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KPASSWD\_INITIAL\_FLAG\_NEEDED} -\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED:krb5-kpasswd-initial-flag-needed}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED:krb5-kpasswd-initial-flag-needed-data}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED::doc}}\index{KRB5\_KPASSWD\_INITIAL\_FLAG\_NEEDED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KPASSWD\_INITIAL\_FLAG\_NEEDED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_INITIAL_FLAG_NEEDED:KRB5_KPASSWD_INITIAL_FLAG_NEEDED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KPASSWD\_INITIAL\_FLAG\_NEEDED}}} -\end{fulllineitems} - - -\sphinxAtStartPar -The presented credentials were not obtained using a password directly. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KPASSWD\_INITIAL\_FLAG\_NEEDED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{7}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KPASSWD\_MALFORMED} -\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_MALFORMED:krb5-kpasswd-malformed}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_MALFORMED:krb5-kpasswd-malformed-data}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_MALFORMED::doc}}\index{KRB5\_KPASSWD\_MALFORMED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KPASSWD\_MALFORMED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_MALFORMED:KRB5_KPASSWD_MALFORMED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KPASSWD\_MALFORMED}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Malformed request. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KPASSWD\_MALFORMED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KPASSWD\_SOFTERROR} -\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_SOFTERROR:krb5-kpasswd-softerror}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_SOFTERROR:krb5-kpasswd-softerror-data}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_SOFTERROR::doc}}\index{KRB5\_KPASSWD\_SOFTERROR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KPASSWD\_SOFTERROR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_SOFTERROR:KRB5_KPASSWD_SOFTERROR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KPASSWD\_SOFTERROR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Password change rejected. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KPASSWD\_SOFTERROR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_KPASSWD\_SUCCESS} -\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_SUCCESS:krb5-kpasswd-success}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_SUCCESS:krb5-kpasswd-success-data}}\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_SUCCESS::doc}}\index{KRB5\_KPASSWD\_SUCCESS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_KPASSWD\_SUCCESS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_KPASSWD_SUCCESS:KRB5_KPASSWD_SUCCESS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_KPASSWD\_SUCCESS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Success. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_KPASSWD\_SUCCESS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ALL\_ACCT\_EXPTIME} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME:krb5-lrq-all-acct-exptime}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME:krb5-lrq-all-acct-exptime-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME::doc}}\index{KRB5\_LRQ\_ALL\_ACCT\_EXPTIME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ALL\_ACCT\_EXPTIME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_ACCT_EXPTIME:KRB5_LRQ_ALL_ACCT_EXPTIME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ALL\_ACCT\_EXPTIME}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ALL\_ACCT\_EXPTIME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{7}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ALL\_LAST\_INITIAL} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL:krb5-lrq-all-last-initial}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL:krb5-lrq-all-last-initial-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL::doc}}\index{KRB5\_LRQ\_ALL\_LAST\_INITIAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ALL\_LAST\_INITIAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_INITIAL:KRB5_LRQ_ALL_LAST_INITIAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ALL\_LAST\_INITIAL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ALL\_LAST\_INITIAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ALL\_LAST\_RENEWAL} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL:krb5-lrq-all-last-renewal}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL:krb5-lrq-all-last-renewal-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL::doc}}\index{KRB5\_LRQ\_ALL\_LAST\_RENEWAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ALL\_LAST\_RENEWAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_RENEWAL:KRB5_LRQ_ALL_LAST_RENEWAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ALL\_LAST\_RENEWAL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ALL\_LAST\_RENEWAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ALL\_LAST\_REQ} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ:krb5-lrq-all-last-req}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ:krb5-lrq-all-last-req-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ::doc}}\index{KRB5\_LRQ\_ALL\_LAST\_REQ (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ALL\_LAST\_REQ}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_REQ:KRB5_LRQ_ALL_LAST_REQ}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ALL\_LAST\_REQ}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ALL\_LAST\_REQ}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{5}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ALL\_LAST\_TGT} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT:krb5-lrq-all-last-tgt}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT:krb5-lrq-all-last-tgt-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT::doc}}\index{KRB5\_LRQ\_ALL\_LAST\_TGT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ALL\_LAST\_TGT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT:KRB5_LRQ_ALL_LAST_TGT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ALL\_LAST\_TGT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ALL\_LAST\_TGT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ALL\_LAST\_TGT\_ISSUED} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED:krb5-lrq-all-last-tgt-issued}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED:krb5-lrq-all-last-tgt-issued-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED::doc}}\index{KRB5\_LRQ\_ALL\_LAST\_TGT\_ISSUED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ALL\_LAST\_TGT\_ISSUED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_LAST_TGT_ISSUED:KRB5_LRQ_ALL_LAST_TGT_ISSUED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ALL\_LAST\_TGT\_ISSUED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ALL\_LAST\_TGT\_ISSUED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{3}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ALL\_PW\_EXPTIME} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME:krb5-lrq-all-pw-exptime}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME:krb5-lrq-all-pw-exptime-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME::doc}}\index{KRB5\_LRQ\_ALL\_PW\_EXPTIME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ALL\_PW\_EXPTIME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ALL_PW_EXPTIME:KRB5_LRQ_ALL_PW_EXPTIME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ALL\_PW\_EXPTIME}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ALL\_PW\_EXPTIME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{6}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_NONE} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_NONE:krb5-lrq-none}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_NONE:krb5-lrq-none-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_NONE::doc}}\index{KRB5\_LRQ\_NONE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_NONE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_NONE:KRB5_LRQ_NONE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_NONE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_NONE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ONE\_ACCT\_EXPTIME} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME:krb5-lrq-one-acct-exptime}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME:krb5-lrq-one-acct-exptime-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME::doc}}\index{KRB5\_LRQ\_ONE\_ACCT\_EXPTIME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ONE\_ACCT\_EXPTIME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_ACCT_EXPTIME:KRB5_LRQ_ONE_ACCT_EXPTIME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ONE\_ACCT\_EXPTIME}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ONE\_ACCT\_EXPTIME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(\sphinxhyphen{}7)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ONE\_LAST\_INITIAL} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL:krb5-lrq-one-last-initial}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL:krb5-lrq-one-last-initial-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL::doc}}\index{KRB5\_LRQ\_ONE\_LAST\_INITIAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ONE\_LAST\_INITIAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_INITIAL:KRB5_LRQ_ONE_LAST_INITIAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ONE\_LAST\_INITIAL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ONE\_LAST\_INITIAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(\sphinxhyphen{}2)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ONE\_LAST\_RENEWAL} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL:krb5-lrq-one-last-renewal}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL:krb5-lrq-one-last-renewal-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL::doc}}\index{KRB5\_LRQ\_ONE\_LAST\_RENEWAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ONE\_LAST\_RENEWAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_RENEWAL:KRB5_LRQ_ONE_LAST_RENEWAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ONE\_LAST\_RENEWAL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ONE\_LAST\_RENEWAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(\sphinxhyphen{}4)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ONE\_LAST\_REQ} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ:krb5-lrq-one-last-req}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ:krb5-lrq-one-last-req-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ::doc}}\index{KRB5\_LRQ\_ONE\_LAST\_REQ (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ONE\_LAST\_REQ}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_REQ:KRB5_LRQ_ONE_LAST_REQ}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ONE\_LAST\_REQ}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ONE\_LAST\_REQ}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(\sphinxhyphen{}5)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ONE\_LAST\_TGT} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT:krb5-lrq-one-last-tgt}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT:krb5-lrq-one-last-tgt-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT::doc}}\index{KRB5\_LRQ\_ONE\_LAST\_TGT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ONE\_LAST\_TGT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT:KRB5_LRQ_ONE_LAST_TGT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ONE\_LAST\_TGT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ONE\_LAST\_TGT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(\sphinxhyphen{}1)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ONE\_LAST\_TGT\_ISSUED} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED:krb5-lrq-one-last-tgt-issued}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED:krb5-lrq-one-last-tgt-issued-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED::doc}}\index{KRB5\_LRQ\_ONE\_LAST\_TGT\_ISSUED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ONE\_LAST\_TGT\_ISSUED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_LAST_TGT_ISSUED:KRB5_LRQ_ONE_LAST_TGT_ISSUED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ONE\_LAST\_TGT\_ISSUED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ONE\_LAST\_TGT\_ISSUED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(\sphinxhyphen{}3)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_LRQ\_ONE\_PW\_EXPTIME} -\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME:krb5-lrq-one-pw-exptime}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME:krb5-lrq-one-pw-exptime-data}}\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME::doc}}\index{KRB5\_LRQ\_ONE\_PW\_EXPTIME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_LRQ\_ONE\_PW\_EXPTIME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_LRQ_ONE_PW_EXPTIME:KRB5_LRQ_ONE_PW_EXPTIME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_LRQ\_ONE\_PW\_EXPTIME}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_LRQ\_ONE\_PW\_EXPTIME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(\sphinxhyphen{}6)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_ENTERPRISE\_PRINCIPAL} -\label{\detokenize{appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL:krb5-nt-enterprise-principal}}\label{\detokenize{appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL:krb5-nt-enterprise-principal-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL::doc}}\index{KRB5\_NT\_ENTERPRISE\_PRINCIPAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_ENTERPRISE\_PRINCIPAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_ENTERPRISE_PRINCIPAL:KRB5_NT_ENTERPRISE_PRINCIPAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_ENTERPRISE\_PRINCIPAL}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Windows 2000 UPN. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_ENTERPRISE\_PRINCIPAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{10}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_ENT\_PRINCIPAL\_AND\_ID} -\label{\detokenize{appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID:krb5-nt-ent-principal-and-id}}\label{\detokenize{appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID:krb5-nt-ent-principal-and-id-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID::doc}}\index{KRB5\_NT\_ENT\_PRINCIPAL\_AND\_ID (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_ENT\_PRINCIPAL\_AND\_ID}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_ENT_PRINCIPAL_AND_ID:KRB5_NT_ENT_PRINCIPAL_AND_ID}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_ENT\_PRINCIPAL\_AND\_ID}}} -\end{fulllineitems} - - -\sphinxAtStartPar -NT 4 style name and SID. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_ENT\_PRINCIPAL\_AND\_ID}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{\sphinxhyphen{}130}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_MS\_PRINCIPAL} -\label{\detokenize{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL:krb5-nt-ms-principal}}\label{\detokenize{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL:krb5-nt-ms-principal-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL::doc}}\index{KRB5\_NT\_MS\_PRINCIPAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_MS\_PRINCIPAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL:KRB5_NT_MS_PRINCIPAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_MS\_PRINCIPAL}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Windows 2000 UPN and SID. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_MS\_PRINCIPAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{\sphinxhyphen{}128}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_MS\_PRINCIPAL\_AND\_ID} -\label{\detokenize{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID:krb5-nt-ms-principal-and-id}}\label{\detokenize{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID:krb5-nt-ms-principal-and-id-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID::doc}}\index{KRB5\_NT\_MS\_PRINCIPAL\_AND\_ID (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_MS\_PRINCIPAL\_AND\_ID}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_MS_PRINCIPAL_AND_ID:KRB5_NT_MS_PRINCIPAL_AND_ID}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_MS\_PRINCIPAL\_AND\_ID}}} -\end{fulllineitems} - - -\sphinxAtStartPar -NT 4 style name. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_MS\_PRINCIPAL\_AND\_ID}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{\sphinxhyphen{}129}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_PRINCIPAL} -\label{\detokenize{appdev/refs/macros/KRB5_NT_PRINCIPAL:krb5-nt-principal}}\label{\detokenize{appdev/refs/macros/KRB5_NT_PRINCIPAL:krb5-nt-principal-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_PRINCIPAL::doc}}\index{KRB5\_NT\_PRINCIPAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_PRINCIPAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_PRINCIPAL:KRB5_NT_PRINCIPAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_PRINCIPAL}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Just the name of the principal as in DCE, or for users. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_PRINCIPAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_SMTP\_NAME} -\label{\detokenize{appdev/refs/macros/KRB5_NT_SMTP_NAME:krb5-nt-smtp-name}}\label{\detokenize{appdev/refs/macros/KRB5_NT_SMTP_NAME:krb5-nt-smtp-name-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_SMTP_NAME::doc}}\index{KRB5\_NT\_SMTP\_NAME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_SMTP\_NAME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_SMTP_NAME:KRB5_NT_SMTP_NAME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_SMTP\_NAME}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Name in form of SMTP email name. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_SMTP\_NAME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{7}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_SRV\_HST} -\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_HST:krb5-nt-srv-hst}}\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_HST:krb5-nt-srv-hst-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_HST::doc}}\index{KRB5\_NT\_SRV\_HST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_SRV\_HST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_HST:KRB5_NT_SRV_HST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_SRV\_HST}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Service with host name as instance (telnet, rcommands) - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_SRV\_HST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{3}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_SRV\_INST} -\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_INST:krb5-nt-srv-inst}}\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_INST:krb5-nt-srv-inst-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_INST::doc}}\index{KRB5\_NT\_SRV\_INST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_SRV\_INST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_INST:KRB5_NT_SRV_INST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_SRV\_INST}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Service and other unique instance (krbtgt) - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_SRV\_INST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_SRV\_XHST} -\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_XHST:krb5-nt-srv-xhst}}\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_XHST:krb5-nt-srv-xhst-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_XHST::doc}}\index{KRB5\_NT\_SRV\_XHST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_SRV\_XHST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_SRV_XHST:KRB5_NT_SRV_XHST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_SRV\_XHST}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Service with host as remaining components. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_SRV\_XHST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_UID} -\label{\detokenize{appdev/refs/macros/KRB5_NT_UID:krb5-nt-uid}}\label{\detokenize{appdev/refs/macros/KRB5_NT_UID:krb5-nt-uid-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_UID::doc}}\index{KRB5\_NT\_UID (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_UID}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_UID:KRB5_NT_UID}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_UID}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Unique ID. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_UID}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{5}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_UNKNOWN} -\label{\detokenize{appdev/refs/macros/KRB5_NT_UNKNOWN:krb5-nt-unknown}}\label{\detokenize{appdev/refs/macros/KRB5_NT_UNKNOWN:krb5-nt-unknown-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_UNKNOWN::doc}}\index{KRB5\_NT\_UNKNOWN (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_UNKNOWN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_UNKNOWN:KRB5_NT_UNKNOWN}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_UNKNOWN}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Name type not known. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_UNKNOWN}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_WELLKNOWN} -\label{\detokenize{appdev/refs/macros/KRB5_NT_WELLKNOWN:krb5-nt-wellknown}}\label{\detokenize{appdev/refs/macros/KRB5_NT_WELLKNOWN:krb5-nt-wellknown-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_WELLKNOWN::doc}}\index{KRB5\_NT\_WELLKNOWN (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_WELLKNOWN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_WELLKNOWN:KRB5_NT_WELLKNOWN}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_WELLKNOWN}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Well\sphinxhyphen{}known (special) principal. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_WELLKNOWN}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{11}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_NT\_X500\_PRINCIPAL} -\label{\detokenize{appdev/refs/macros/KRB5_NT_X500_PRINCIPAL:krb5-nt-x500-principal}}\label{\detokenize{appdev/refs/macros/KRB5_NT_X500_PRINCIPAL:krb5-nt-x500-principal-data}}\label{\detokenize{appdev/refs/macros/KRB5_NT_X500_PRINCIPAL::doc}}\index{KRB5\_NT\_X500\_PRINCIPAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_NT\_X500\_PRINCIPAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_NT_X500_PRINCIPAL:KRB5_NT_X500_PRINCIPAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_NT\_X500\_PRINCIPAL}}} -\end{fulllineitems} - - -\sphinxAtStartPar -PKINIT. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_NT\_X500\_PRINCIPAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{6}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_ATTRIBUTES\_INFO} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO:krb5-pac-attributes-info}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO:krb5-pac-attributes-info-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO::doc}}\index{KRB5\_PAC\_ATTRIBUTES\_INFO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_ATTRIBUTES\_INFO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_ATTRIBUTES_INFO:KRB5_PAC_ATTRIBUTES_INFO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_ATTRIBUTES\_INFO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -PAC attributes. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_ATTRIBUTES\_INFO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{17}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_CLIENT\_INFO} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_CLIENT_INFO:krb5-pac-client-info}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_CLIENT_INFO:krb5-pac-client-info-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_CLIENT_INFO::doc}}\index{KRB5\_PAC\_CLIENT\_INFO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_CLIENT\_INFO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_CLIENT_INFO:KRB5_PAC_CLIENT_INFO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_CLIENT\_INFO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Client name and ticket info. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_CLIENT\_INFO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{10}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_CLIENT\_CLAIMS} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS:krb5-pac-client-claims}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS:krb5-pac-client-claims-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS::doc}}\index{KRB5\_PAC\_CLIENT\_CLAIMS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_CLIENT\_CLAIMS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_CLIENT_CLAIMS:KRB5_PAC_CLIENT_CLAIMS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_CLIENT\_CLAIMS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Client claims information. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_CLIENT\_CLAIMS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{13}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_CREDENTIALS\_INFO} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO:krb5-pac-credentials-info}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO:krb5-pac-credentials-info-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO::doc}}\index{KRB5\_PAC\_CREDENTIALS\_INFO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_CREDENTIALS\_INFO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_CREDENTIALS_INFO:KRB5_PAC_CREDENTIALS_INFO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_CREDENTIALS\_INFO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Credentials information. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_CREDENTIALS\_INFO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_DELEGATION\_INFO} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_DELEGATION_INFO:krb5-pac-delegation-info}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_DELEGATION_INFO:krb5-pac-delegation-info-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_DELEGATION_INFO::doc}}\index{KRB5\_PAC\_DELEGATION\_INFO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_DELEGATION\_INFO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_DELEGATION_INFO:KRB5_PAC_DELEGATION_INFO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_DELEGATION\_INFO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Constrained delegation info. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_DELEGATION\_INFO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{11}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_DEVICE\_CLAIMS} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS:krb5-pac-device-claims}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS:krb5-pac-device-claims-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS::doc}}\index{KRB5\_PAC\_DEVICE\_CLAIMS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_DEVICE\_CLAIMS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_DEVICE_CLAIMS:KRB5_PAC_DEVICE_CLAIMS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_DEVICE\_CLAIMS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Device claims information. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_DEVICE\_CLAIMS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{15}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_DEVICE\_INFO} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_DEVICE_INFO:krb5-pac-device-info}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_DEVICE_INFO:krb5-pac-device-info-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_DEVICE_INFO::doc}}\index{KRB5\_PAC\_DEVICE\_INFO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_DEVICE\_INFO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_DEVICE_INFO:KRB5_PAC_DEVICE_INFO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_DEVICE\_INFO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Device information. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_DEVICE\_INFO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{14}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_LOGON\_INFO} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_LOGON_INFO:krb5-pac-logon-info}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_LOGON_INFO:krb5-pac-logon-info-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_LOGON_INFO::doc}}\index{KRB5\_PAC\_LOGON\_INFO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_LOGON\_INFO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_LOGON_INFO:KRB5_PAC_LOGON_INFO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_LOGON\_INFO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Logon information. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_LOGON\_INFO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_PRIVSVR\_CHECKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM:krb5-pac-privsvr-checksum}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM:krb5-pac-privsvr-checksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM::doc}}\index{KRB5\_PAC\_PRIVSVR\_CHECKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_PRIVSVR\_CHECKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_PRIVSVR_CHECKSUM:KRB5_PAC_PRIVSVR_CHECKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_PRIVSVR\_CHECKSUM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -KDC checksum. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_PRIVSVR\_CHECKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{7}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_REQUESTOR} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_REQUESTOR:krb5-pac-requestor}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_REQUESTOR:krb5-pac-requestor-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_REQUESTOR::doc}}\index{KRB5\_PAC\_REQUESTOR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_REQUESTOR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_REQUESTOR:KRB5_PAC_REQUESTOR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_REQUESTOR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -PAC requestor SID. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_REQUESTOR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{18}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_SERVER\_CHECKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM:krb5-pac-server-checksum}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM:krb5-pac-server-checksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM::doc}}\index{KRB5\_PAC\_SERVER\_CHECKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_SERVER\_CHECKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_SERVER_CHECKSUM:KRB5_PAC_SERVER_CHECKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_SERVER\_CHECKSUM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Server checksum. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_SERVER\_CHECKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{6}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_TICKET\_CHECKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM:krb5-pac-ticket-checksum}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM:krb5-pac-ticket-checksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM::doc}}\index{KRB5\_PAC\_TICKET\_CHECKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_TICKET\_CHECKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_TICKET_CHECKSUM:KRB5_PAC_TICKET_CHECKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_TICKET\_CHECKSUM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Ticket checksum. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_TICKET\_CHECKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{16}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_UPN\_DNS\_INFO} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO:krb5-pac-upn-dns-info}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO:krb5-pac-upn-dns-info-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO::doc}}\index{KRB5\_PAC\_UPN\_DNS\_INFO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_UPN\_DNS\_INFO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_UPN_DNS_INFO:KRB5_PAC_UPN_DNS_INFO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_UPN\_DNS\_INFO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -User principal name and DNS info. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_UPN\_DNS\_INFO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{12}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PAC\_FULL\_CHECKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM:krb5-pac-full-checksum}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM:krb5-pac-full-checksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM::doc}}\index{KRB5\_PAC\_FULL\_CHECKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PAC\_FULL\_CHECKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PAC_FULL_CHECKSUM:KRB5_PAC_FULL_CHECKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PAC\_FULL\_CHECKSUM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -KDC full checksum. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PAC\_FULL\_CHECKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{19}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_AFS3\_SALT} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AFS3_SALT:krb5-padata-afs3-salt}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AFS3_SALT:krb5-padata-afs3-salt-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AFS3_SALT::doc}}\index{KRB5\_PADATA\_AFS3\_SALT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_AFS3\_SALT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AFS3_SALT:KRB5_PADATA_AFS3_SALT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_AFS3\_SALT}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Cygnus. - -\sphinxAtStartPar -RFC 4120, 3961 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_AFS3\_SALT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{10}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_AP\_REQ} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AP_REQ:krb5-padata-ap-req}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AP_REQ:krb5-padata-ap-req-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AP_REQ::doc}}\index{KRB5\_PADATA\_AP\_REQ (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_AP\_REQ}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AP_REQ:KRB5_PADATA_AP_REQ}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_AP\_REQ}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_AP\_REQ}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_AS\_CHECKSUM} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM:krb5-padata-as-checksum}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM:krb5-padata-as-checksum-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM::doc}}\index{KRB5\_PADATA\_AS\_CHECKSUM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_AS\_CHECKSUM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AS_CHECKSUM:KRB5_PADATA_AS_CHECKSUM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_AS\_CHECKSUM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -AS checksum. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_AS\_CHECKSUM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{132}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_AS\_FRESHNESS} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS:krb5-padata-as-freshness}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS:krb5-padata-as-freshness-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS::doc}}\index{KRB5\_PADATA\_AS\_FRESHNESS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_AS\_FRESHNESS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_AS_FRESHNESS:KRB5_PADATA_AS_FRESHNESS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_AS\_FRESHNESS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 8070. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_AS\_FRESHNESS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{150}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_ENCRYPTED\_CHALLENGE} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE:krb5-padata-encrypted-challenge}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE:krb5-padata-encrypted-challenge-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE::doc}}\index{KRB5\_PADATA\_ENCRYPTED\_CHALLENGE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_ENCRYPTED\_CHALLENGE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENCRYPTED_CHALLENGE:KRB5_PADATA_ENCRYPTED_CHALLENGE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_ENCRYPTED\_CHALLENGE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6113. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_ENCRYPTED\_CHALLENGE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{138}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_ENC\_SANDIA\_SECURID} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID:krb5-padata-enc-sandia-securid}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID:krb5-padata-enc-sandia-securid-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID::doc}}\index{KRB5\_PADATA\_ENC\_SANDIA\_SECURID (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_ENC\_SANDIA\_SECURID}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_SANDIA_SECURID:KRB5_PADATA_ENC_SANDIA_SECURID}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_ENC\_SANDIA\_SECURID}}} -\end{fulllineitems} - - -\sphinxAtStartPar -SecurId passcode. - -\sphinxAtStartPar -RFC 4120 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_ENC\_SANDIA\_SECURID}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{6}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_ENC\_TIMESTAMP} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP:krb5-padata-enc-timestamp}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP:krb5-padata-enc-timestamp-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP::doc}}\index{KRB5\_PADATA\_ENC\_TIMESTAMP (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_ENC\_TIMESTAMP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_TIMESTAMP:KRB5_PADATA_ENC_TIMESTAMP}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_ENC\_TIMESTAMP}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 4120. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_ENC\_TIMESTAMP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_ENC\_UNIX\_TIME} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME:krb5-padata-enc-unix-time}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME:krb5-padata-enc-unix-time-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME::doc}}\index{KRB5\_PADATA\_ENC\_UNIX\_TIME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_ENC\_UNIX\_TIME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ENC_UNIX_TIME:KRB5_PADATA_ENC_UNIX_TIME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_ENC\_UNIX\_TIME}}} -\end{fulllineitems} - - -\sphinxAtStartPar -timestamp encrypted in key. - -\sphinxAtStartPar -RFC 4120 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_ENC\_UNIX\_TIME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{5}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_ETYPE\_INFO} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO:krb5-padata-etype-info}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO:krb5-padata-etype-info-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO::doc}}\index{KRB5\_PADATA\_ETYPE\_INFO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_ETYPE\_INFO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO:KRB5_PADATA_ETYPE_INFO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_ETYPE\_INFO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Etype info for preauth. - -\sphinxAtStartPar -RFC 4120 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_ETYPE\_INFO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{11}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_ETYPE\_INFO2} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2:krb5-padata-etype-info2}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2:krb5-padata-etype-info2-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2::doc}}\index{KRB5\_PADATA\_ETYPE\_INFO2 (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_ETYPE\_INFO2}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_ETYPE_INFO2:KRB5_PADATA_ETYPE_INFO2}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_ETYPE\_INFO2}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 4120. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_ETYPE\_INFO2}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{19}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_FOR\_USER} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FOR_USER:krb5-padata-for-user}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FOR_USER:krb5-padata-for-user-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FOR_USER::doc}}\index{KRB5\_PADATA\_FOR\_USER (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_FOR\_USER}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FOR_USER:KRB5_PADATA_FOR_USER}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_FOR\_USER}}} -\end{fulllineitems} - - -\sphinxAtStartPar -username protocol transition request - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_FOR\_USER}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{129}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_FX\_COOKIE} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_COOKIE:krb5-padata-fx-cookie}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_COOKIE:krb5-padata-fx-cookie-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_COOKIE::doc}}\index{KRB5\_PADATA\_FX\_COOKIE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_FX\_COOKIE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_COOKIE:KRB5_PADATA_FX_COOKIE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_FX\_COOKIE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6113. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_FX\_COOKIE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{133}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_FX\_ERROR} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_ERROR:krb5-padata-fx-error}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_ERROR:krb5-padata-fx-error-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_ERROR::doc}}\index{KRB5\_PADATA\_FX\_ERROR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_FX\_ERROR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_ERROR:KRB5_PADATA_FX_ERROR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_FX\_ERROR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6113. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_FX\_ERROR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{137}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_FX\_FAST} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_FAST:krb5-padata-fx-fast}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_FAST:krb5-padata-fx-fast-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_FAST::doc}}\index{KRB5\_PADATA\_FX\_FAST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_FX\_FAST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_FX_FAST:KRB5_PADATA_FX_FAST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_FX\_FAST}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6113. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_FX\_FAST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{136}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_GET\_FROM\_TYPED\_DATA} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA:krb5-padata-get-from-typed-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA:krb5-padata-get-from-typed-data-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA::doc}}\index{KRB5\_PADATA\_GET\_FROM\_TYPED\_DATA (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_GET\_FROM\_TYPED\_DATA}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_GET_FROM_TYPED_DATA:KRB5_PADATA_GET_FROM_TYPED_DATA}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_GET\_FROM\_TYPED\_DATA}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Embedded in typed data. - -\sphinxAtStartPar -RFC 4120 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_GET\_FROM\_TYPED\_DATA}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{22}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_NONE} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_NONE:krb5-padata-none}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_NONE:krb5-padata-none-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_NONE::doc}}\index{KRB5\_PADATA\_NONE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_NONE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_NONE:KRB5_PADATA_NONE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_NONE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_NONE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_OSF\_DCE} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OSF_DCE:krb5-padata-osf-dce}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OSF_DCE:krb5-padata-osf-dce-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OSF_DCE::doc}}\index{KRB5\_PADATA\_OSF\_DCE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_OSF\_DCE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OSF_DCE:KRB5_PADATA_OSF_DCE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_OSF\_DCE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -OSF DCE. - -\sphinxAtStartPar -RFC 4120 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_OSF\_DCE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{8}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_OTP\_CHALLENGE} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE:krb5-padata-otp-challenge}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE:krb5-padata-otp-challenge-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE::doc}}\index{KRB5\_PADATA\_OTP\_CHALLENGE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_OTP\_CHALLENGE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_CHALLENGE:KRB5_PADATA_OTP_CHALLENGE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_OTP\_CHALLENGE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6560 section 4.1. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_OTP\_CHALLENGE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{141}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_OTP\_PIN\_CHANGE} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE:krb5-padata-otp-pin-change}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE:krb5-padata-otp-pin-change-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE::doc}}\index{KRB5\_PADATA\_OTP\_PIN\_CHANGE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_OTP\_PIN\_CHANGE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_PIN_CHANGE:KRB5_PADATA_OTP_PIN_CHANGE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_OTP\_PIN\_CHANGE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6560 section 4.3. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_OTP\_PIN\_CHANGE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{144}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_OTP\_REQUEST} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_REQUEST:krb5-padata-otp-request}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_REQUEST:krb5-padata-otp-request-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_REQUEST::doc}}\index{KRB5\_PADATA\_OTP\_REQUEST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_OTP\_REQUEST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_OTP_REQUEST:KRB5_PADATA_OTP_REQUEST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_OTP\_REQUEST}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6560 section 4.2. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_OTP\_REQUEST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{142}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_PAC\_OPTIONS} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS:krb5-padata-pac-options}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS:krb5-padata-pac-options-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS::doc}}\index{KRB5\_PADATA\_PAC\_OPTIONS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_PAC\_OPTIONS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_OPTIONS:KRB5_PADATA_PAC_OPTIONS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_PAC\_OPTIONS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -MS\sphinxhyphen{}KILE and MS\sphinxhyphen{}SFU. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_PAC\_OPTIONS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{167}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_PAC\_REQUEST} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_REQUEST:krb5-padata-pac-request}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_REQUEST:krb5-padata-pac-request-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_REQUEST::doc}}\index{KRB5\_PADATA\_PAC\_REQUEST (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_PAC\_REQUEST}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PAC_REQUEST:KRB5_PADATA_PAC_REQUEST}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_PAC\_REQUEST}}} -\end{fulllineitems} - - -\sphinxAtStartPar -include Windows PAC - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_PAC\_REQUEST}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{128}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_PKINIT\_KX} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PKINIT_KX:krb5-padata-pkinit-kx}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PKINIT_KX:krb5-padata-pkinit-kx-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PKINIT_KX::doc}}\index{KRB5\_PADATA\_PKINIT\_KX (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_PKINIT\_KX}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PKINIT_KX:KRB5_PADATA_PKINIT_KX}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_PKINIT\_KX}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 6112. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_PKINIT\_KX}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{147}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_PK\_AS\_REP} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REP:krb5-padata-pk-as-rep}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REP:krb5-padata-pk-as-rep-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REP::doc}}\index{KRB5\_PADATA\_PK\_AS\_REP (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_PK\_AS\_REP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REP:KRB5_PADATA_PK_AS_REP}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_PK\_AS\_REP}}} -\end{fulllineitems} - - -\sphinxAtStartPar -PKINIT. - -\sphinxAtStartPar -RFC 4556 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_PK\_AS\_REP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{17}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_PK\_AS\_REP\_OLD} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD:krb5-padata-pk-as-rep-old}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD:krb5-padata-pk-as-rep-old-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD::doc}}\index{KRB5\_PADATA\_PK\_AS\_REP\_OLD (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_PK\_AS\_REP\_OLD}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REP_OLD:KRB5_PADATA_PK_AS_REP_OLD}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_PK\_AS\_REP\_OLD}}} -\end{fulllineitems} - - -\sphinxAtStartPar -PKINIT. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_PK\_AS\_REP\_OLD}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{15}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_PK\_AS\_REQ} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ:krb5-padata-pk-as-req}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ:krb5-padata-pk-as-req-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ::doc}}\index{KRB5\_PADATA\_PK\_AS\_REQ (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_PK\_AS\_REQ}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ:KRB5_PADATA_PK_AS_REQ}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_PK\_AS\_REQ}}} -\end{fulllineitems} - - -\sphinxAtStartPar -PKINIT. - -\sphinxAtStartPar -RFC 4556 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_PK\_AS\_REQ}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{16}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_PK\_AS\_REQ\_OLD} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD:krb5-padata-pk-as-req-old}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD:krb5-padata-pk-as-req-old-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD::doc}}\index{KRB5\_PADATA\_PK\_AS\_REQ\_OLD (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_PK\_AS\_REQ\_OLD}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PK_AS_REQ_OLD:KRB5_PADATA_PK_AS_REQ_OLD}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_PK\_AS\_REQ\_OLD}}} -\end{fulllineitems} - - -\sphinxAtStartPar -PKINIT. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_PK\_AS\_REQ\_OLD}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{14}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_PW\_SALT} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PW_SALT:krb5-padata-pw-salt}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PW_SALT:krb5-padata-pw-salt-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PW_SALT::doc}}\index{KRB5\_PADATA\_PW\_SALT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_PW\_SALT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_PW_SALT:KRB5_PADATA_PW_SALT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_PW\_SALT}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 4120. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_PW\_SALT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{3}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_REFERRAL} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REFERRAL:krb5-padata-referral}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REFERRAL:krb5-padata-referral-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REFERRAL::doc}}\index{KRB5\_PADATA\_REFERRAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_REFERRAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REFERRAL:KRB5_PADATA_REFERRAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_REFERRAL}}} -\end{fulllineitems} - - -\sphinxAtStartPar -draft referral system - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_REFERRAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{25}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_S4U\_X509\_USER} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_S4U_X509_USER:krb5-padata-s4u-x509-user}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_S4U_X509_USER:krb5-padata-s4u-x509-user-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_S4U_X509_USER::doc}}\index{KRB5\_PADATA\_S4U\_X509\_USER (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_S4U\_X509\_USER}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_S4U_X509_USER:KRB5_PADATA_S4U_X509_USER}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_S4U\_X509\_USER}}} -\end{fulllineitems} - - -\sphinxAtStartPar -certificate protocol transition request - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_S4U\_X509\_USER}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{130}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_SAM\_CHALLENGE} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE:krb5-padata-sam-challenge}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE:krb5-padata-sam-challenge-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE::doc}}\index{KRB5\_PADATA\_SAM\_CHALLENGE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_SAM\_CHALLENGE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE:KRB5_PADATA_SAM_CHALLENGE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_SAM\_CHALLENGE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -SAM/OTP. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_SAM\_CHALLENGE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{12}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_SAM\_CHALLENGE\_2} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2:krb5-padata-sam-challenge-2}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2:krb5-padata-sam-challenge-2-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2::doc}}\index{KRB5\_PADATA\_SAM\_CHALLENGE\_2 (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_SAM\_CHALLENGE\_2}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_CHALLENGE_2:KRB5_PADATA_SAM_CHALLENGE_2}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_SAM\_CHALLENGE\_2}}} -\end{fulllineitems} - - -\sphinxAtStartPar -draft challenge system, updated - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_SAM\_CHALLENGE\_2}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{30}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_SAM\_REDIRECT} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT:krb5-padata-sam-redirect}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT:krb5-padata-sam-redirect-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT::doc}}\index{KRB5\_PADATA\_SAM\_REDIRECT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_SAM\_REDIRECT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_REDIRECT:KRB5_PADATA_SAM_REDIRECT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_SAM\_REDIRECT}}} -\end{fulllineitems} - - -\sphinxAtStartPar -SAM/OTP. - -\sphinxAtStartPar -RFC 4120 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_SAM\_REDIRECT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{21}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_SAM\_RESPONSE} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE:krb5-padata-sam-response}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE:krb5-padata-sam-response-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE::doc}}\index{KRB5\_PADATA\_SAM\_RESPONSE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_SAM\_RESPONSE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE:KRB5_PADATA_SAM_RESPONSE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_SAM\_RESPONSE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -SAM/OTP. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_SAM\_RESPONSE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{13}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_SAM\_RESPONSE\_2} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2:krb5-padata-sam-response-2}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2:krb5-padata-sam-response-2-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2::doc}}\index{KRB5\_PADATA\_SAM\_RESPONSE\_2 (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_SAM\_RESPONSE\_2}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SAM_RESPONSE_2:KRB5_PADATA_SAM_RESPONSE_2}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_SAM\_RESPONSE\_2}}} -\end{fulllineitems} - - -\sphinxAtStartPar -draft challenge system, updated - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_SAM\_RESPONSE\_2}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{31}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_SESAME} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SESAME:krb5-padata-sesame}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SESAME:krb5-padata-sesame-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SESAME::doc}}\index{KRB5\_PADATA\_SESAME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_SESAME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SESAME:KRB5_PADATA_SESAME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_SESAME}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Sesame project. - -\sphinxAtStartPar -RFC 4120 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_SESAME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{7}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_SPAKE} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SPAKE:krb5-padata-spake}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SPAKE:krb5-padata-spake-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SPAKE::doc}}\index{KRB5\_PADATA\_SPAKE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_SPAKE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SPAKE:KRB5_PADATA_SPAKE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_SPAKE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_SPAKE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{151}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_REDHAT\_IDP\_OAUTH2} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2:krb5-padata-redhat-idp-oauth2}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2:krb5-padata-redhat-idp-oauth2-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2::doc}}\index{KRB5\_PADATA\_REDHAT\_IDP\_OAUTH2 (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_REDHAT\_IDP\_OAUTH2}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REDHAT_IDP_OAUTH2:KRB5_PADATA_REDHAT_IDP_OAUTH2}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_REDHAT\_IDP\_OAUTH2}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Red Hat IdP mechanism. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_REDHAT\_IDP\_OAUTH2}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{152}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_REDHAT\_PASSKEY} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY:krb5-padata-redhat-passkey}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY:krb5-padata-redhat-passkey-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY::doc}}\index{KRB5\_PADATA\_REDHAT\_PASSKEY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_REDHAT\_PASSKEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_REDHAT_PASSKEY:KRB5_PADATA_REDHAT_PASSKEY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_REDHAT\_PASSKEY}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Red Hat Passkey mechanism. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_REDHAT\_PASSKEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{153}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_SVR\_REFERRAL\_INFO} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO:krb5-padata-svr-referral-info}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO:krb5-padata-svr-referral-info-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO::doc}}\index{KRB5\_PADATA\_SVR\_REFERRAL\_INFO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_SVR\_REFERRAL\_INFO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_SVR_REFERRAL_INFO:KRB5_PADATA_SVR_REFERRAL_INFO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_SVR\_REFERRAL\_INFO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Windows 2000 referrals. - -\sphinxAtStartPar -RFC 6820 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_SVR\_REFERRAL\_INFO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{20}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_TGS\_REQ} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_TGS_REQ:krb5-padata-tgs-req}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_TGS_REQ:krb5-padata-tgs-req-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_TGS_REQ::doc}}\index{KRB5\_PADATA\_TGS\_REQ (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_TGS\_REQ}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_TGS_REQ:KRB5_PADATA_TGS_REQ}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_TGS\_REQ}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_TGS\_REQ}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_AP\_REQ}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PADATA\_USE\_SPECIFIED\_KVNO} -\label{\detokenize{appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO:krb5-padata-use-specified-kvno}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO:krb5-padata-use-specified-kvno-data}}\label{\detokenize{appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO::doc}}\index{KRB5\_PADATA\_USE\_SPECIFIED\_KVNO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PADATA\_USE\_SPECIFIED\_KVNO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PADATA_USE_SPECIFIED_KVNO:KRB5_PADATA_USE_SPECIFIED_KVNO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PADATA\_USE\_SPECIFIED\_KVNO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -RFC 4120. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PADATA\_USE\_SPECIFIED\_KVNO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{20}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD:krb5-principal-compare-casefold}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD:krb5-principal-compare-casefold-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD::doc}}\index{KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_CASEFOLD:KRB5_PRINCIPAL_COMPARE_CASEFOLD}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD}}} -\end{fulllineitems} - - -\sphinxAtStartPar -case\sphinxhyphen{}insensitive - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_COMPARE\_CASEFOLD}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE:krb5-principal-compare-enterprise}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE:krb5-principal-compare-enterprise-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE::doc}}\index{KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_ENTERPRISE:KRB5_PRINCIPAL_COMPARE_ENTERPRISE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -UPNs as real principals. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_COMPARE\_ENTERPRISE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM:krb5-principal-compare-ignore-realm}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM:krb5-principal-compare-ignore-realm-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM::doc}}\index{KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_IGNORE_REALM:KRB5_PRINCIPAL_COMPARE_IGNORE_REALM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -ignore realm component - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_COMPARE\_IGNORE\_REALM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_COMPARE\_UTF8} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8:krb5-principal-compare-utf8}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8:krb5-principal-compare-utf8-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8::doc}}\index{KRB5\_PRINCIPAL\_COMPARE\_UTF8 (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_COMPARE\_UTF8}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_COMPARE_UTF8:KRB5_PRINCIPAL_COMPARE_UTF8}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_COMPARE\_UTF8}}} -\end{fulllineitems} - - -\sphinxAtStartPar -treat principals as UTF\sphinxhyphen{}8 - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_COMPARE\_UTF8}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{8}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE:krb5-principal-parse-enterprise}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE:krb5-principal-parse-enterprise-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE::doc}}\index{KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_ENTERPRISE:KRB5_PRINCIPAL_PARSE_ENTERPRISE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Create single\sphinxhyphen{}component enterprise principle. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_PARSE\_ENTERPRISE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM:krb5-principal-parse-ignore-realm}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM:krb5-principal-parse-ignore-realm-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM::doc}}\index{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_IGNORE_REALM:KRB5_PRINCIPAL_PARSE_IGNORE_REALM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Ignore realm if present. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_PARSE\_IGNORE\_REALM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x8}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_PARSE\_NO\_DEF\_REALM} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM:krb5-principal-parse-no-def-realm}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM:krb5-principal-parse-no-def-realm-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM::doc}}\index{KRB5\_PRINCIPAL\_PARSE\_NO\_DEF\_REALM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_PARSE\_NO\_DEF\_REALM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_DEF_REALM:KRB5_PRINCIPAL_PARSE_NO_DEF_REALM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_PARSE\_NO\_DEF\_REALM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Don’t add default realm. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_PARSE\_NO\_DEF\_REALM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x10}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM:krb5-principal-parse-no-realm}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM:krb5-principal-parse-no-realm-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM::doc}}\index{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_NO_REALM:KRB5_PRINCIPAL_PARSE_NO_REALM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Error if realm is present. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_PARSE\_NO\_REALM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM:krb5-principal-parse-require-realm}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM:krb5-principal-parse-require-realm-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM::doc}}\index{KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM:KRB5_PRINCIPAL_PARSE_REQUIRE_REALM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Error if realm is not present. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_PARSE\_REQUIRE\_REALM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY:krb5-principal-unparse-display}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY:krb5-principal-unparse-display-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY::doc}}\index{KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_DISPLAY:KRB5_PRINCIPAL_UNPARSE_DISPLAY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Don’t escape special characters. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_UNPARSE\_DISPLAY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM:krb5-principal-unparse-no-realm}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM:krb5-principal-unparse-no-realm-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM::doc}}\index{KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_NO_REALM:KRB5_PRINCIPAL_UNPARSE_NO_REALM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Omit realm always. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_UNPARSE\_NO\_REALM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRINCIPAL\_UNPARSE\_SHORT} -\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT:krb5-principal-unparse-short}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT:krb5-principal-unparse-short-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT::doc}}\index{KRB5\_PRINCIPAL\_UNPARSE\_SHORT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRINCIPAL\_UNPARSE\_SHORT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRINCIPAL_UNPARSE_SHORT:KRB5_PRINCIPAL_UNPARSE_SHORT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRINCIPAL\_UNPARSE\_SHORT}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Omit realm if it is the local realm. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRINCIPAL\_UNPARSE\_SHORT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PRIV} -\label{\detokenize{appdev/refs/macros/KRB5_PRIV:krb5-priv}}\label{\detokenize{appdev/refs/macros/KRB5_PRIV:krb5-priv-data}}\label{\detokenize{appdev/refs/macros/KRB5_PRIV::doc}}\index{KRB5\_PRIV (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PRIV}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PRIV:KRB5_PRIV}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PRIV}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Private application message. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PRIV}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((krb5\_msgtype)21)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD} -\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD:krb5-prompt-type-new-password}}\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD:krb5-prompt-type-new-password-data}}\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD::doc}}\index{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD:KRB5_PROMPT_TYPE_NEW_PASSWORD}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Prompt for new password (during password change) - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN} -\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN:krb5-prompt-type-new-password-again}}\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN:krb5-prompt-type-new-password-again-data}}\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN::doc}}\index{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN:KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Prompt for new password again. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PROMPT\_TYPE\_NEW\_PASSWORD\_AGAIN}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x3}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PROMPT\_TYPE\_PASSWORD} -\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD:krb5-prompt-type-password}}\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD:krb5-prompt-type-password-data}}\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD::doc}}\index{KRB5\_PROMPT\_TYPE\_PASSWORD (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PROMPT\_TYPE\_PASSWORD}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_PASSWORD:KRB5_PROMPT_TYPE_PASSWORD}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PROMPT\_TYPE\_PASSWORD}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Prompt for password. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PROMPT\_TYPE\_PASSWORD}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PROMPT\_TYPE\_PREAUTH} -\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH:krb5-prompt-type-preauth}}\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH:krb5-prompt-type-preauth-data}}\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH::doc}}\index{KRB5\_PROMPT\_TYPE\_PREAUTH (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PROMPT\_TYPE\_PREAUTH}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PROMPT_TYPE_PREAUTH:KRB5_PROMPT_TYPE_PREAUTH}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PROMPT\_TYPE\_PREAUTH}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Prompt for preauthentication data (such as an OTP value) - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PROMPT\_TYPE\_PREAUTH}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x4}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_PVNO} -\label{\detokenize{appdev/refs/macros/KRB5_PVNO:krb5-pvno}}\label{\detokenize{appdev/refs/macros/KRB5_PVNO:krb5-pvno-data}}\label{\detokenize{appdev/refs/macros/KRB5_PVNO::doc}}\index{KRB5\_PVNO (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_PVNO}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_PVNO:KRB5_PVNO}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_PVNO}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Protocol version number. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_PVNO}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{5}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_REALM\_BRANCH\_CHAR} -\label{\detokenize{appdev/refs/macros/KRB5_REALM_BRANCH_CHAR:krb5-realm-branch-char}}\label{\detokenize{appdev/refs/macros/KRB5_REALM_BRANCH_CHAR:krb5-realm-branch-char-data}}\label{\detokenize{appdev/refs/macros/KRB5_REALM_BRANCH_CHAR::doc}}\index{KRB5\_REALM\_BRANCH\_CHAR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_REALM\_BRANCH\_CHAR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_REALM_BRANCH_CHAR:KRB5_REALM_BRANCH_CHAR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_REALM\_BRANCH\_CHAR}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_REALM\_BRANCH\_CHAR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{\textquotesingle{}.\textquotesingle{}}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RECVAUTH\_BADAUTHVERS} -\label{\detokenize{appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS:krb5-recvauth-badauthvers}}\label{\detokenize{appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS:krb5-recvauth-badauthvers-data}}\label{\detokenize{appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS::doc}}\index{KRB5\_RECVAUTH\_BADAUTHVERS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RECVAUTH\_BADAUTHVERS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RECVAUTH_BADAUTHVERS:KRB5_RECVAUTH_BADAUTHVERS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RECVAUTH\_BADAUTHVERS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RECVAUTH\_BADAUTHVERS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RECVAUTH\_SKIP\_VERSION} -\label{\detokenize{appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION:krb5-recvauth-skip-version}}\label{\detokenize{appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION:krb5-recvauth-skip-version-data}}\label{\detokenize{appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION::doc}}\index{KRB5\_RECVAUTH\_SKIP\_VERSION (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RECVAUTH\_SKIP\_VERSION}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RECVAUTH_SKIP_VERSION:KRB5_RECVAUTH_SKIP_VERSION}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RECVAUTH\_SKIP\_VERSION}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RECVAUTH\_SKIP\_VERSION}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_REFERRAL\_REALM} -\label{\detokenize{appdev/refs/macros/KRB5_REFERRAL_REALM:krb5-referral-realm}}\label{\detokenize{appdev/refs/macros/KRB5_REFERRAL_REALM:krb5-referral-realm-data}}\label{\detokenize{appdev/refs/macros/KRB5_REFERRAL_REALM::doc}}\index{KRB5\_REFERRAL\_REALM (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_REFERRAL\_REALM}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_REFERRAL_REALM:KRB5_REFERRAL_REALM}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_REFERRAL\_REALM}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Constant for realm referrals. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_REFERRAL\_REALM}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{""}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_COUNT\_LOW} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW:krb5-responder-pkinit-flags-token-user-pin-count-low}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW:krb5-responder-pkinit-flags-token-user-pin-count-low-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW::doc}}\index{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_COUNT\_LOW (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_COUNT\_LOW}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW:KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_COUNT_LOW}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_COUNT\_LOW}}} -\end{fulllineitems} - - -\sphinxAtStartPar -This flag indicates that an incorrect PIN was supplied at least once since the last time the correct PIN was supplied. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_COUNT\_LOW}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(1 \textless{}\textless{} 0)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_FINAL\_TRY} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY:krb5-responder-pkinit-flags-token-user-pin-final-try}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY:krb5-responder-pkinit-flags-token-user-pin-final-try-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY::doc}}\index{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_FINAL\_TRY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_FINAL\_TRY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY:KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_FINAL_TRY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_FINAL\_TRY}}} -\end{fulllineitems} - - -\sphinxAtStartPar -This flag indicates that supplying an incorrect PIN will cause the token to lock itself. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_FINAL\_TRY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(1 \textless{}\textless{} 1)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_LOCKED} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED:krb5-responder-pkinit-flags-token-user-pin-locked}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED:krb5-responder-pkinit-flags-token-user-pin-locked-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED::doc}}\index{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_LOCKED (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_LOCKED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED:KRB5_RESPONDER_PKINIT_FLAGS_TOKEN_USER_PIN_LOCKED}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_LOCKED}}} -\end{fulllineitems} - - -\sphinxAtStartPar -This flag indicates that the user PIN is locked, and you can’t log in to the token with it. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_USER\_PIN\_LOCKED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(1 \textless{}\textless{} 2)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_QUESTION\_PKINIT} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT:krb5-responder-question-pkinit}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT:krb5-responder-question-pkinit-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT::doc}}\index{KRB5\_RESPONDER\_QUESTION\_PKINIT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_QUESTION\_PKINIT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PKINIT:KRB5_RESPONDER_QUESTION_PKINIT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_QUESTION\_PKINIT}}} -\end{fulllineitems} - - -\sphinxAtStartPar -PKINIT responder question. - -\sphinxAtStartPar -The PKINIT responder question is asked when the client needs a password that’s being used to protect key information, and is formatted as a JSON object. A specific identity’s flags value, if not zero, is the bitwise\sphinxhyphen{}OR of one or more of the KRB5\_RESPONDER\_PKINIT\_FLAGS\_TOKEN\_* flags defined below, and possibly other flags to be added later. Any resemblance to similarly\sphinxhyphen{}named CKF\_* values in the PKCS\#11 API should not be depended on. - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{\PYGZob{}} -\PYG{+w}{ }\PYG{n}{identity}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{o}{\PYGZgt{}}\PYG{+w}{ }\PYG{o}{:}\PYG{+w}{ }\PYG{n}{flags}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{number}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{p}{.}\PYG{p}{.}\PYG{p}{.} -\PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The answer to the question MUST be JSON formatted: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{\PYGZob{}} -\PYG{+w}{ }\PYG{n}{identity}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{o}{\PYGZgt{}}\PYG{+w}{ }\PYG{o}{:}\PYG{+w}{ }\PYG{n}{password}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{p}{.}\PYG{p}{.}\PYG{p}{.} -\PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_QUESTION\_PKINIT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{"pkinit"}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN:krb5-responder-otp-flags-collect-pin}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN:krb5-responder-otp-flags-collect-pin-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN::doc}}\index{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN:KRB5_RESPONDER_OTP_FLAGS_COLLECT_PIN}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN}}} -\end{fulllineitems} - - -\sphinxAtStartPar -This flag indicates that the PIN value MUST be collected. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_TOKEN} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN:krb5-responder-otp-flags-collect-token}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN:krb5-responder-otp-flags-collect-token-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN::doc}}\index{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_TOKEN (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_TOKEN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN:KRB5_RESPONDER_OTP_FLAGS_COLLECT_TOKEN}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_TOKEN}}} -\end{fulllineitems} - - -\sphinxAtStartPar -This flag indicates that the token value MUST be collected. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_TOKEN}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_OTP\_FLAGS\_NEXTOTP} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP:krb5-responder-otp-flags-nextotp}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP:krb5-responder-otp-flags-nextotp-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP::doc}}\index{KRB5\_RESPONDER\_OTP\_FLAGS\_NEXTOTP (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_OTP\_FLAGS\_NEXTOTP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_NEXTOTP:KRB5_RESPONDER_OTP_FLAGS_NEXTOTP}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FLAGS\_NEXTOTP}}} -\end{fulllineitems} - - -\sphinxAtStartPar -This flag indicates that the token is now in re\sphinxhyphen{}synchronization mode with the server. - -\sphinxAtStartPar -The user is expected to reply with the next code displayed on the token. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FLAGS\_NEXTOTP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0004}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_OTP\_FLAGS\_SEPARATE\_PIN} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN:krb5-responder-otp-flags-separate-pin}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN:krb5-responder-otp-flags-separate-pin-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN::doc}}\index{KRB5\_RESPONDER\_OTP\_FLAGS\_SEPARATE\_PIN (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_OTP\_FLAGS\_SEPARATE\_PIN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN:KRB5_RESPONDER_OTP_FLAGS_SEPARATE_PIN}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FLAGS\_SEPARATE\_PIN}}} -\end{fulllineitems} - - -\sphinxAtStartPar -This flag indicates that the PIN MUST be returned as a separate item. - -\sphinxAtStartPar -This flag only takes effect if KRB5\_RESPONDER\_OTP\_FLAGS\_COLLECT\_PIN is set. If this flag is not set, the responder may either concatenate PIN + token value and store it as “value†in the answer or it may return them separately. If they are returned separately, they will be concatenated internally. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FLAGS\_SEPARATE\_PIN}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0008}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_OTP\_FORMAT\_ALPHANUMERIC} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC:krb5-responder-otp-format-alphanumeric}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC:krb5-responder-otp-format-alphanumeric-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC::doc}}\index{KRB5\_RESPONDER\_OTP\_FORMAT\_ALPHANUMERIC (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_OTP\_FORMAT\_ALPHANUMERIC}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC:KRB5_RESPONDER_OTP_FORMAT_ALPHANUMERIC}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FORMAT\_ALPHANUMERIC}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FORMAT\_ALPHANUMERIC}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{2}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_OTP\_FORMAT\_DECIMAL} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL:krb5-responder-otp-format-decimal}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL:krb5-responder-otp-format-decimal-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL::doc}}\index{KRB5\_RESPONDER\_OTP\_FORMAT\_DECIMAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_OTP\_FORMAT\_DECIMAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_DECIMAL:KRB5_RESPONDER_OTP_FORMAT_DECIMAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FORMAT\_DECIMAL}}} -\end{fulllineitems} - - -\sphinxAtStartPar -These format constants identify the format of the token value. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FORMAT\_DECIMAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_OTP\_FORMAT\_HEXADECIMAL} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL:krb5-responder-otp-format-hexadecimal}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL:krb5-responder-otp-format-hexadecimal-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL::doc}}\index{KRB5\_RESPONDER\_OTP\_FORMAT\_HEXADECIMAL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_OTP\_FORMAT\_HEXADECIMAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL:KRB5_RESPONDER_OTP_FORMAT_HEXADECIMAL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FORMAT\_HEXADECIMAL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_OTP\_FORMAT\_HEXADECIMAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_QUESTION\_OTP} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP:krb5-responder-question-otp}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP:krb5-responder-question-otp-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP::doc}}\index{KRB5\_RESPONDER\_QUESTION\_OTP (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_QUESTION\_OTP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_OTP:KRB5_RESPONDER_QUESTION_OTP}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_QUESTION\_OTP}}} -\end{fulllineitems} - - -\sphinxAtStartPar -OTP responder question. - -\sphinxAtStartPar -The OTP responder question is asked when the KDC indicates that an OTP value is required in order to complete the authentication. The JSON format of the challenge is: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{\PYGZob{}} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{service}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{+w}{ }\PYG{p}{(}\PYG{n}{optional}\PYG{p}{)}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{tokenInfo}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{p}{[} -\PYG{+w}{ }\PYG{p}{\PYGZob{}} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{flags}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{number}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{vendor}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{+w}{ }\PYG{p}{(}\PYG{n}{optional}\PYG{p}{)}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{challenge}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{+w}{ }\PYG{p}{(}\PYG{n}{optional}\PYG{p}{)}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{length}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{number}\PYG{+w}{ }\PYG{p}{(}\PYG{n}{optional}\PYG{p}{)}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{format}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{number}\PYG{+w}{ }\PYG{p}{(}\PYG{n}{optional}\PYG{p}{)}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{tokenID}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{+w}{ }\PYG{p}{(}\PYG{n}{optional}\PYG{p}{)}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{algID}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{+w}{ }\PYG{p}{(}\PYG{n}{optional}\PYG{p}{)}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{p}{\PYGZcb{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{p}{.}\PYG{p}{.}\PYG{p}{.} -\PYG{+w}{ }\PYG{p}{]} -\PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -The answer to the question MUST be JSON formatted: - -\begin{sphinxVerbatim}[commandchars=\\\{\}] -\PYG{p}{\PYGZob{}} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{tokeninfo}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{number}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{value}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{+w}{ }\PYG{p}{(}\PYG{n}{optional}\PYG{p}{)}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{+w}{ }\PYG{l+s}{\PYGZdq{}}\PYG{l+s}{pin}\PYG{l+s}{\PYGZdq{}}\PYG{o}{:}\PYG{+w}{ }\PYG{o}{\PYGZlt{}}\PYG{n}{string}\PYG{+w}{ }\PYG{p}{(}\PYG{n}{optional}\PYG{p}{)}\PYG{o}{\PYGZgt{}}\PYG{p}{,} -\PYG{p}{\PYGZcb{}} -\end{sphinxVerbatim} - -\sphinxAtStartPar -For more detail, please see RFC 6560. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_QUESTION\_OTP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{"otp"}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_RESPONDER\_QUESTION\_PASSWORD} -\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD:krb5-responder-question-password}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD:krb5-responder-question-password-data}}\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD::doc}}\index{KRB5\_RESPONDER\_QUESTION\_PASSWORD (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_RESPONDER\_QUESTION\_PASSWORD}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_RESPONDER_QUESTION_PASSWORD:KRB5_RESPONDER_QUESTION_PASSWORD}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_RESPONDER\_QUESTION\_PASSWORD}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Long\sphinxhyphen{}term password responder question. - -\sphinxAtStartPar -This question is asked when the long\sphinxhyphen{}term password is needed. It has no challenge and the response is simply the password string. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_RESPONDER\_QUESTION\_PASSWORD}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{"password"}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_SAFE} -\label{\detokenize{appdev/refs/macros/KRB5_SAFE:krb5-safe}}\label{\detokenize{appdev/refs/macros/KRB5_SAFE:krb5-safe-data}}\label{\detokenize{appdev/refs/macros/KRB5_SAFE::doc}}\index{KRB5\_SAFE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_SAFE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_SAFE:KRB5_SAFE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_SAFE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Safe application message. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_SAFE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((krb5\_msgtype)20)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_SAM\_MUST\_PK\_ENCRYPT\_SAD} -\label{\detokenize{appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD:krb5-sam-must-pk-encrypt-sad}}\label{\detokenize{appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD:krb5-sam-must-pk-encrypt-sad-data}}\label{\detokenize{appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD::doc}}\index{KRB5\_SAM\_MUST\_PK\_ENCRYPT\_SAD (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_SAM\_MUST\_PK\_ENCRYPT\_SAD}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_SAM_MUST_PK_ENCRYPT_SAD:KRB5_SAM_MUST_PK_ENCRYPT_SAD}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_SAM\_MUST\_PK\_ENCRYPT\_SAD}}} -\end{fulllineitems} - - -\sphinxAtStartPar -currently must be zero - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_SAM\_MUST\_PK\_ENCRYPT\_SAD}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x20000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_SAM\_SEND\_ENCRYPTED\_SAD} -\label{\detokenize{appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD:krb5-sam-send-encrypted-sad}}\label{\detokenize{appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD:krb5-sam-send-encrypted-sad-data}}\label{\detokenize{appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD::doc}}\index{KRB5\_SAM\_SEND\_ENCRYPTED\_SAD (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_SAM\_SEND\_ENCRYPTED\_SAD}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_SAM_SEND_ENCRYPTED_SAD:KRB5_SAM_SEND_ENCRYPTED_SAD}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_SAM\_SEND\_ENCRYPTED\_SAD}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_SAM\_SEND\_ENCRYPTED\_SAD}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x40000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_SAM\_USE\_SAD\_AS\_KEY} -\label{\detokenize{appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY:krb5-sam-use-sad-as-key}}\label{\detokenize{appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY:krb5-sam-use-sad-as-key-data}}\label{\detokenize{appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY::doc}}\index{KRB5\_SAM\_USE\_SAD\_AS\_KEY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_SAM\_USE\_SAD\_AS\_KEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_SAM_USE_SAD_AS_KEY:KRB5_SAM_USE_SAD_AS_KEY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_SAM\_USE\_SAD\_AS\_KEY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_SAM\_USE\_SAD\_AS\_KEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x80000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_MATCH\_2ND\_TKT} -\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT:krb5-tc-match-2nd-tkt}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT:krb5-tc-match-2nd-tkt-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT::doc}}\index{KRB5\_TC\_MATCH\_2ND\_TKT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_MATCH\_2ND\_TKT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_2ND_TKT:KRB5_TC_MATCH_2ND_TKT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_MATCH\_2ND\_TKT}}} -\end{fulllineitems} - - -\sphinxAtStartPar -The second ticket must match. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_MATCH\_2ND\_TKT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000080}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_MATCH\_AUTHDATA} -\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA:krb5-tc-match-authdata}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA:krb5-tc-match-authdata-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA::doc}}\index{KRB5\_TC\_MATCH\_AUTHDATA (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_MATCH\_AUTHDATA}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_AUTHDATA:KRB5_TC_MATCH_AUTHDATA}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_MATCH\_AUTHDATA}}} -\end{fulllineitems} - - -\sphinxAtStartPar -The authorization data must match. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_MATCH\_AUTHDATA}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000020}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_MATCH\_FLAGS} -\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_FLAGS:krb5-tc-match-flags}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_FLAGS:krb5-tc-match-flags-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_FLAGS::doc}}\index{KRB5\_TC\_MATCH\_FLAGS (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_MATCH\_FLAGS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_FLAGS:KRB5_TC_MATCH_FLAGS}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_MATCH\_FLAGS}}} -\end{fulllineitems} - - -\sphinxAtStartPar -All the flags set in the match credentials must be set. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_MATCH\_FLAGS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000004}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_MATCH\_FLAGS\_EXACT} -\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT:krb5-tc-match-flags-exact}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT:krb5-tc-match-flags-exact-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT::doc}}\index{KRB5\_TC\_MATCH\_FLAGS\_EXACT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_MATCH\_FLAGS\_EXACT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_FLAGS_EXACT:KRB5_TC_MATCH_FLAGS_EXACT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_MATCH\_FLAGS\_EXACT}}} -\end{fulllineitems} - - -\sphinxAtStartPar -All the flags must match exactly. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_MATCH\_FLAGS\_EXACT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000010}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_MATCH\_IS\_SKEY} -\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY:krb5-tc-match-is-skey}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY:krb5-tc-match-is-skey-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY::doc}}\index{KRB5\_TC\_MATCH\_IS\_SKEY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_MATCH\_IS\_SKEY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_IS_SKEY:KRB5_TC_MATCH_IS_SKEY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_MATCH\_IS\_SKEY}}} -\end{fulllineitems} - - -\sphinxAtStartPar -The is\_skey field must match exactly. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_MATCH\_IS\_SKEY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_MATCH\_KTYPE} -\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_KTYPE:krb5-tc-match-ktype}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_KTYPE:krb5-tc-match-ktype-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_KTYPE::doc}}\index{KRB5\_TC\_MATCH\_KTYPE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_MATCH\_KTYPE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_KTYPE:KRB5_TC_MATCH_KTYPE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_MATCH\_KTYPE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -The encryption key type must match. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_MATCH\_KTYPE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000100}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_MATCH\_SRV\_NAMEONLY} -\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY:krb5-tc-match-srv-nameonly}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY:krb5-tc-match-srv-nameonly-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY::doc}}\index{KRB5\_TC\_MATCH\_SRV\_NAMEONLY (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_MATCH\_SRV\_NAMEONLY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_SRV_NAMEONLY:KRB5_TC_MATCH_SRV_NAMEONLY}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_MATCH\_SRV\_NAMEONLY}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Only the name portion of the principal name must match. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_MATCH\_SRV\_NAMEONLY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000040}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_MATCH\_TIMES} -\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_TIMES:krb5-tc-match-times}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_TIMES:krb5-tc-match-times-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_TIMES::doc}}\index{KRB5\_TC\_MATCH\_TIMES (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_MATCH\_TIMES}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_TIMES:KRB5_TC_MATCH_TIMES}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_MATCH\_TIMES}}} -\end{fulllineitems} - - -\sphinxAtStartPar -The requested lifetime must be at least as great as the time specified. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_MATCH\_TIMES}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_MATCH\_TIMES\_EXACT} -\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT:krb5-tc-match-times-exact}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT:krb5-tc-match-times-exact-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT::doc}}\index{KRB5\_TC\_MATCH\_TIMES\_EXACT (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_MATCH\_TIMES\_EXACT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_MATCH_TIMES_EXACT:KRB5_TC_MATCH_TIMES_EXACT}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_MATCH\_TIMES\_EXACT}}} -\end{fulllineitems} - - -\sphinxAtStartPar -All the time fields must match exactly. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_MATCH\_TIMES\_EXACT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000008}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_NOTICKET} -\label{\detokenize{appdev/refs/macros/KRB5_TC_NOTICKET:krb5-tc-noticket}}\label{\detokenize{appdev/refs/macros/KRB5_TC_NOTICKET:krb5-tc-noticket-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_NOTICKET::doc}}\index{KRB5\_TC\_NOTICKET (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_NOTICKET}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_NOTICKET:KRB5_TC_NOTICKET}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_NOTICKET}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_NOTICKET}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000002}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_OPENCLOSE} -\label{\detokenize{appdev/refs/macros/KRB5_TC_OPENCLOSE:krb5-tc-openclose}}\label{\detokenize{appdev/refs/macros/KRB5_TC_OPENCLOSE:krb5-tc-openclose-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_OPENCLOSE::doc}}\index{KRB5\_TC\_OPENCLOSE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_OPENCLOSE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_OPENCLOSE:KRB5_TC_OPENCLOSE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_OPENCLOSE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Open and close the file for each cache operation. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_OPENCLOSE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TC\_SUPPORTED\_KTYPES} -\label{\detokenize{appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES:krb5-tc-supported-ktypes}}\label{\detokenize{appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES:krb5-tc-supported-ktypes-data}}\label{\detokenize{appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES::doc}}\index{KRB5\_TC\_SUPPORTED\_KTYPES (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TC\_SUPPORTED\_KTYPES}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TC_SUPPORTED_KTYPES:KRB5_TC_SUPPORTED_KTYPES}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TC\_SUPPORTED\_KTYPES}}} -\end{fulllineitems} - - -\sphinxAtStartPar -The supported key types must match. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TC\_SUPPORTED\_KTYPES}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00000200}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TGS\_NAME} -\label{\detokenize{appdev/refs/macros/KRB5_TGS_NAME:krb5-tgs-name}}\label{\detokenize{appdev/refs/macros/KRB5_TGS_NAME:krb5-tgs-name-data}}\label{\detokenize{appdev/refs/macros/KRB5_TGS_NAME::doc}}\index{KRB5\_TGS\_NAME (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TGS\_NAME}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TGS_NAME:KRB5_TGS_NAME}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TGS\_NAME}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TGS\_NAME}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{"krbtgt"}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TGS\_NAME\_SIZE} -\label{\detokenize{appdev/refs/macros/KRB5_TGS_NAME_SIZE:krb5-tgs-name-size}}\label{\detokenize{appdev/refs/macros/KRB5_TGS_NAME_SIZE:krb5-tgs-name-size-data}}\label{\detokenize{appdev/refs/macros/KRB5_TGS_NAME_SIZE::doc}}\index{KRB5\_TGS\_NAME\_SIZE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TGS\_NAME\_SIZE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TGS_NAME_SIZE:KRB5_TGS_NAME_SIZE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TGS\_NAME\_SIZE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TGS\_NAME\_SIZE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{6}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TGS\_REP} -\label{\detokenize{appdev/refs/macros/KRB5_TGS_REP:krb5-tgs-rep}}\label{\detokenize{appdev/refs/macros/KRB5_TGS_REP:krb5-tgs-rep-data}}\label{\detokenize{appdev/refs/macros/KRB5_TGS_REP::doc}}\index{KRB5\_TGS\_REP (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TGS\_REP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TGS_REP:KRB5_TGS_REP}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TGS\_REP}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Response to TGS request. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TGS\_REP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((krb5\_msgtype)13)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TGS\_REQ} -\label{\detokenize{appdev/refs/macros/KRB5_TGS_REQ:krb5-tgs-req}}\label{\detokenize{appdev/refs/macros/KRB5_TGS_REQ:krb5-tgs-req-data}}\label{\detokenize{appdev/refs/macros/KRB5_TGS_REQ::doc}}\index{KRB5\_TGS\_REQ (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TGS\_REQ}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TGS_REQ:KRB5_TGS_REQ}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TGS\_REQ}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Ticket granting server request. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TGS\_REQ}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((krb5\_msgtype)12)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE} -\label{\detokenize{appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE:krb5-tkt-creds-step-flag-continue}}\label{\detokenize{appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE:krb5-tkt-creds-step-flag-continue-data}}\label{\detokenize{appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE::doc}}\index{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_TKT_CREDS_STEP_FLAG_CONTINUE:KRB5_TKT_CREDS_STEP_FLAG_CONTINUE}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE}}} -\end{fulllineitems} - - -\sphinxAtStartPar -More responses needed. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_TKT\_CREDS\_STEP\_FLAG\_CONTINUE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x1}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_VERIFY\_INIT\_CREDS\_OPT\_AP\_REQ\_NOFAIL} -\label{\detokenize{appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL:krb5-verify-init-creds-opt-ap-req-nofail}}\label{\detokenize{appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL:krb5-verify-init-creds-opt-ap-req-nofail-data}}\label{\detokenize{appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL::doc}}\index{KRB5\_VERIFY\_INIT\_CREDS\_OPT\_AP\_REQ\_NOFAIL (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_VERIFY\_INIT\_CREDS\_OPT\_AP\_REQ\_NOFAIL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL:KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_VERIFY\_INIT\_CREDS\_OPT\_AP\_REQ\_NOFAIL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_VERIFY\_INIT\_CREDS\_OPT\_AP\_REQ\_NOFAIL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x0001}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{KRB5\_WELLKNOWN\_NAMESTR} -\label{\detokenize{appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR:krb5-wellknown-namestr}}\label{\detokenize{appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR:krb5-wellknown-namestr-data}}\label{\detokenize{appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR::doc}}\index{KRB5\_WELLKNOWN\_NAMESTR (built\sphinxhyphen{}in variable)@\spxentry{KRB5\_WELLKNOWN\_NAMESTR}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/KRB5_WELLKNOWN_NAMESTR:KRB5_WELLKNOWN_NAMESTR}}\pysigline{\sphinxbfcode{\sphinxupquote{KRB5\_WELLKNOWN\_NAMESTR}}} -\end{fulllineitems} - - -\sphinxAtStartPar -First component of NT\_WELLKNOWN principals. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{KRB5\_WELLKNOWN\_NAMESTR}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{"WELLKNOWN"}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{LR\_TYPE\_INTERPRETATION\_MASK} -\label{\detokenize{appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK:lr-type-interpretation-mask}}\label{\detokenize{appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK:lr-type-interpretation-mask-data}}\label{\detokenize{appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK::doc}}\index{LR\_TYPE\_INTERPRETATION\_MASK (built\sphinxhyphen{}in variable)@\spxentry{LR\_TYPE\_INTERPRETATION\_MASK}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/LR_TYPE_INTERPRETATION_MASK:LR_TYPE_INTERPRETATION_MASK}}\pysigline{\sphinxbfcode{\sphinxupquote{LR\_TYPE\_INTERPRETATION\_MASK}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{LR\_TYPE\_INTERPRETATION\_MASK}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x7fff}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{LR\_TYPE\_THIS\_SERVER\_ONLY} -\label{\detokenize{appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY:lr-type-this-server-only}}\label{\detokenize{appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY:lr-type-this-server-only-data}}\label{\detokenize{appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY::doc}}\index{LR\_TYPE\_THIS\_SERVER\_ONLY (built\sphinxhyphen{}in variable)@\spxentry{LR\_TYPE\_THIS\_SERVER\_ONLY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/LR_TYPE_THIS_SERVER_ONLY:LR_TYPE_THIS_SERVER_ONLY}}\pysigline{\sphinxbfcode{\sphinxupquote{LR\_TYPE\_THIS\_SERVER\_ONLY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{LR\_TYPE\_THIS\_SERVER\_ONLY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x8000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{MAX\_KEYTAB\_NAME\_LEN} -\label{\detokenize{appdev/refs/macros/MAX_KEYTAB_NAME_LEN:max-keytab-name-len}}\label{\detokenize{appdev/refs/macros/MAX_KEYTAB_NAME_LEN:max-keytab-name-len-data}}\label{\detokenize{appdev/refs/macros/MAX_KEYTAB_NAME_LEN::doc}}\index{MAX\_KEYTAB\_NAME\_LEN (built\sphinxhyphen{}in variable)@\spxentry{MAX\_KEYTAB\_NAME\_LEN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/MAX_KEYTAB_NAME_LEN:MAX_KEYTAB_NAME_LEN}}\pysigline{\sphinxbfcode{\sphinxupquote{MAX\_KEYTAB\_NAME\_LEN}}} -\end{fulllineitems} - - -\sphinxAtStartPar -Long enough for MAXPATHLEN + some extra. - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{MAX\_KEYTAB\_NAME\_LEN}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{1100}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{MSEC\_DIRBIT} -\label{\detokenize{appdev/refs/macros/MSEC_DIRBIT:msec-dirbit}}\label{\detokenize{appdev/refs/macros/MSEC_DIRBIT:msec-dirbit-data}}\label{\detokenize{appdev/refs/macros/MSEC_DIRBIT::doc}}\index{MSEC\_DIRBIT (built\sphinxhyphen{}in variable)@\spxentry{MSEC\_DIRBIT}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/MSEC_DIRBIT:MSEC_DIRBIT}}\pysigline{\sphinxbfcode{\sphinxupquote{MSEC\_DIRBIT}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{MSEC\_DIRBIT}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x8000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{MSEC\_VAL\_MASK} -\label{\detokenize{appdev/refs/macros/MSEC_VAL_MASK:msec-val-mask}}\label{\detokenize{appdev/refs/macros/MSEC_VAL_MASK:msec-val-mask-data}}\label{\detokenize{appdev/refs/macros/MSEC_VAL_MASK::doc}}\index{MSEC\_VAL\_MASK (built\sphinxhyphen{}in variable)@\spxentry{MSEC\_VAL\_MASK}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/MSEC_VAL_MASK:MSEC_VAL_MASK}}\pysigline{\sphinxbfcode{\sphinxupquote{MSEC\_VAL\_MASK}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{MSEC\_VAL\_MASK}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x7fff}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{SALT\_TYPE\_AFS\_LENGTH} -\label{\detokenize{appdev/refs/macros/SALT_TYPE_AFS_LENGTH:salt-type-afs-length}}\label{\detokenize{appdev/refs/macros/SALT_TYPE_AFS_LENGTH:salt-type-afs-length-data}}\label{\detokenize{appdev/refs/macros/SALT_TYPE_AFS_LENGTH::doc}}\index{SALT\_TYPE\_AFS\_LENGTH (built\sphinxhyphen{}in variable)@\spxentry{SALT\_TYPE\_AFS\_LENGTH}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/SALT_TYPE_AFS_LENGTH:SALT_TYPE_AFS_LENGTH}}\pysigline{\sphinxbfcode{\sphinxupquote{SALT\_TYPE\_AFS\_LENGTH}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{SALT\_TYPE\_AFS\_LENGTH}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{UINT\_MAX}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{SALT\_TYPE\_NO\_LENGTH} -\label{\detokenize{appdev/refs/macros/SALT_TYPE_NO_LENGTH:salt-type-no-length}}\label{\detokenize{appdev/refs/macros/SALT_TYPE_NO_LENGTH:salt-type-no-length-data}}\label{\detokenize{appdev/refs/macros/SALT_TYPE_NO_LENGTH::doc}}\index{SALT\_TYPE\_NO\_LENGTH (built\sphinxhyphen{}in variable)@\spxentry{SALT\_TYPE\_NO\_LENGTH}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/SALT_TYPE_NO_LENGTH:SALT_TYPE_NO_LENGTH}}\pysigline{\sphinxbfcode{\sphinxupquote{SALT\_TYPE\_NO\_LENGTH}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{SALT\_TYPE\_NO\_LENGTH}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{UINT\_MAX}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{THREEPARAMOPEN} -\label{\detokenize{appdev/refs/macros/THREEPARAMOPEN:threeparamopen}}\label{\detokenize{appdev/refs/macros/THREEPARAMOPEN:threeparamopen-data}}\label{\detokenize{appdev/refs/macros/THREEPARAMOPEN::doc}}\index{THREEPARAMOPEN (built\sphinxhyphen{}in variable)@\spxentry{THREEPARAMOPEN}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/THREEPARAMOPEN:THREEPARAMOPEN}}\pysigline{\sphinxbfcode{\sphinxupquote{THREEPARAMOPEN}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{THREEPARAMOPEN (x, y, z)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{open(x,y,z)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_ANONYMOUS} -\label{\detokenize{appdev/refs/macros/TKT_FLG_ANONYMOUS:tkt-flg-anonymous}}\label{\detokenize{appdev/refs/macros/TKT_FLG_ANONYMOUS:tkt-flg-anonymous-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_ANONYMOUS::doc}}\index{TKT\_FLG\_ANONYMOUS (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_ANONYMOUS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_ANONYMOUS:TKT_FLG_ANONYMOUS}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_ANONYMOUS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_ANONYMOUS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00008000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_ENC\_PA\_REP} -\label{\detokenize{appdev/refs/macros/TKT_FLG_ENC_PA_REP:tkt-flg-enc-pa-rep}}\label{\detokenize{appdev/refs/macros/TKT_FLG_ENC_PA_REP:tkt-flg-enc-pa-rep-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_ENC_PA_REP::doc}}\index{TKT\_FLG\_ENC\_PA\_REP (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_ENC\_PA\_REP}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_ENC_PA_REP:TKT_FLG_ENC_PA_REP}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_ENC\_PA\_REP}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_ENC\_PA\_REP}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00010000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_FORWARDABLE} -\label{\detokenize{appdev/refs/macros/TKT_FLG_FORWARDABLE:tkt-flg-forwardable}}\label{\detokenize{appdev/refs/macros/TKT_FLG_FORWARDABLE:tkt-flg-forwardable-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_FORWARDABLE::doc}}\index{TKT\_FLG\_FORWARDABLE (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_FORWARDABLE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_FORWARDABLE:TKT_FLG_FORWARDABLE}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_FORWARDABLE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_FORWARDABLE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x40000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_FORWARDED} -\label{\detokenize{appdev/refs/macros/TKT_FLG_FORWARDED:tkt-flg-forwarded}}\label{\detokenize{appdev/refs/macros/TKT_FLG_FORWARDED:tkt-flg-forwarded-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_FORWARDED::doc}}\index{TKT\_FLG\_FORWARDED (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_FORWARDED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_FORWARDED:TKT_FLG_FORWARDED}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_FORWARDED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_FORWARDED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x20000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_HW\_AUTH} -\label{\detokenize{appdev/refs/macros/TKT_FLG_HW_AUTH:tkt-flg-hw-auth}}\label{\detokenize{appdev/refs/macros/TKT_FLG_HW_AUTH:tkt-flg-hw-auth-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_HW_AUTH::doc}}\index{TKT\_FLG\_HW\_AUTH (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_HW\_AUTH}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_HW_AUTH:TKT_FLG_HW_AUTH}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_HW\_AUTH}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_HW\_AUTH}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00100000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_INITIAL} -\label{\detokenize{appdev/refs/macros/TKT_FLG_INITIAL:tkt-flg-initial}}\label{\detokenize{appdev/refs/macros/TKT_FLG_INITIAL:tkt-flg-initial-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_INITIAL::doc}}\index{TKT\_FLG\_INITIAL (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_INITIAL}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_INITIAL:TKT_FLG_INITIAL}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_INITIAL}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_INITIAL}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00400000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_INVALID} -\label{\detokenize{appdev/refs/macros/TKT_FLG_INVALID:tkt-flg-invalid}}\label{\detokenize{appdev/refs/macros/TKT_FLG_INVALID:tkt-flg-invalid-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_INVALID::doc}}\index{TKT\_FLG\_INVALID (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_INVALID}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_INVALID:TKT_FLG_INVALID}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_INVALID}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_INVALID}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x01000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_MAY\_POSTDATE} -\label{\detokenize{appdev/refs/macros/TKT_FLG_MAY_POSTDATE:tkt-flg-may-postdate}}\label{\detokenize{appdev/refs/macros/TKT_FLG_MAY_POSTDATE:tkt-flg-may-postdate-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_MAY_POSTDATE::doc}}\index{TKT\_FLG\_MAY\_POSTDATE (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_MAY\_POSTDATE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_MAY_POSTDATE:TKT_FLG_MAY_POSTDATE}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_MAY\_POSTDATE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_MAY\_POSTDATE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x04000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_OK\_AS\_DELEGATE} -\label{\detokenize{appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE:tkt-flg-ok-as-delegate}}\label{\detokenize{appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE:tkt-flg-ok-as-delegate-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE::doc}}\index{TKT\_FLG\_OK\_AS\_DELEGATE (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_OK\_AS\_DELEGATE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_OK_AS_DELEGATE:TKT_FLG_OK_AS_DELEGATE}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_OK\_AS\_DELEGATE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_OK\_AS\_DELEGATE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00040000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_POSTDATED} -\label{\detokenize{appdev/refs/macros/TKT_FLG_POSTDATED:tkt-flg-postdated}}\label{\detokenize{appdev/refs/macros/TKT_FLG_POSTDATED:tkt-flg-postdated-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_POSTDATED::doc}}\index{TKT\_FLG\_POSTDATED (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_POSTDATED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_POSTDATED:TKT_FLG_POSTDATED}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_POSTDATED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_POSTDATED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x02000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_PRE\_AUTH} -\label{\detokenize{appdev/refs/macros/TKT_FLG_PRE_AUTH:tkt-flg-pre-auth}}\label{\detokenize{appdev/refs/macros/TKT_FLG_PRE_AUTH:tkt-flg-pre-auth-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_PRE_AUTH::doc}}\index{TKT\_FLG\_PRE\_AUTH (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_PRE\_AUTH}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_PRE_AUTH:TKT_FLG_PRE_AUTH}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_PRE\_AUTH}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_PRE\_AUTH}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00200000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_PROXIABLE} -\label{\detokenize{appdev/refs/macros/TKT_FLG_PROXIABLE:tkt-flg-proxiable}}\label{\detokenize{appdev/refs/macros/TKT_FLG_PROXIABLE:tkt-flg-proxiable-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_PROXIABLE::doc}}\index{TKT\_FLG\_PROXIABLE (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_PROXIABLE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_PROXIABLE:TKT_FLG_PROXIABLE}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_PROXIABLE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_PROXIABLE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x10000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_PROXY} -\label{\detokenize{appdev/refs/macros/TKT_FLG_PROXY:tkt-flg-proxy}}\label{\detokenize{appdev/refs/macros/TKT_FLG_PROXY:tkt-flg-proxy-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_PROXY::doc}}\index{TKT\_FLG\_PROXY (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_PROXY}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_PROXY:TKT_FLG_PROXY}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_PROXY}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_PROXY}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x08000000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_RENEWABLE} -\label{\detokenize{appdev/refs/macros/TKT_FLG_RENEWABLE:tkt-flg-renewable}}\label{\detokenize{appdev/refs/macros/TKT_FLG_RENEWABLE:tkt-flg-renewable-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_RENEWABLE::doc}}\index{TKT\_FLG\_RENEWABLE (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_RENEWABLE}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_RENEWABLE:TKT_FLG_RENEWABLE}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_RENEWABLE}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_RENEWABLE}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00800000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{TKT\_FLG\_TRANSIT\_POLICY\_CHECKED} -\label{\detokenize{appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED:tkt-flg-transit-policy-checked}}\label{\detokenize{appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED:tkt-flg-transit-policy-checked-data}}\label{\detokenize{appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED::doc}}\index{TKT\_FLG\_TRANSIT\_POLICY\_CHECKED (built\sphinxhyphen{}in variable)@\spxentry{TKT\_FLG\_TRANSIT\_POLICY\_CHECKED}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/TKT_FLG_TRANSIT_POLICY_CHECKED:TKT_FLG_TRANSIT_POLICY_CHECKED}}\pysigline{\sphinxbfcode{\sphinxupquote{TKT\_FLG\_TRANSIT\_POLICY\_CHECKED}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{TKT\_FLG\_TRANSIT\_POLICY\_CHECKED}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{0x00080000}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{VALID\_INT\_BITS} -\label{\detokenize{appdev/refs/macros/VALID_INT_BITS:valid-int-bits}}\label{\detokenize{appdev/refs/macros/VALID_INT_BITS:valid-int-bits-data}}\label{\detokenize{appdev/refs/macros/VALID_INT_BITS::doc}}\index{VALID\_INT\_BITS (built\sphinxhyphen{}in variable)@\spxentry{VALID\_INT\_BITS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/VALID_INT_BITS:VALID_INT_BITS}}\pysigline{\sphinxbfcode{\sphinxupquote{VALID\_INT\_BITS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{VALID\_INT\_BITS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{INT\_MAX}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{VALID\_UINT\_BITS} -\label{\detokenize{appdev/refs/macros/VALID_UINT_BITS:valid-uint-bits}}\label{\detokenize{appdev/refs/macros/VALID_UINT_BITS:valid-uint-bits-data}}\label{\detokenize{appdev/refs/macros/VALID_UINT_BITS::doc}}\index{VALID\_UINT\_BITS (built\sphinxhyphen{}in variable)@\spxentry{VALID\_UINT\_BITS}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/VALID_UINT_BITS:VALID_UINT_BITS}}\pysigline{\sphinxbfcode{\sphinxupquote{VALID\_UINT\_BITS}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{VALID\_UINT\_BITS}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{UINT\_MAX}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_const} -\label{\detokenize{appdev/refs/macros/krb5_const:krb5-const}}\label{\detokenize{appdev/refs/macros/krb5_const:krb5-const-data}}\label{\detokenize{appdev/refs/macros/krb5_const::doc}}\index{krb5\_const (built\sphinxhyphen{}in variable)@\spxentry{krb5\_const}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_const:krb5_const}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_const}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_const}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{const}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_princ\_component} -\label{\detokenize{appdev/refs/macros/krb5_princ_component:krb5-princ-component}}\label{\detokenize{appdev/refs/macros/krb5_princ_component:krb5-princ-component-data}}\label{\detokenize{appdev/refs/macros/krb5_princ_component::doc}}\index{krb5\_princ\_component (built\sphinxhyphen{}in variable)@\spxentry{krb5\_princ\_component}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_princ_component:krb5_princ_component}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_princ\_component}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_princ\_component (context, princ, i)}} -& -\sphinxAtStartPar -\textasciigrave{}\textasciigrave{} (((i) \textless{} krb5\_princ\_size(context, princ)) ? (princ)\sphinxhyphen{}\textgreater{}data + (i) : NULL)\textasciigrave{}\textasciigrave{} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_princ\_name} -\label{\detokenize{appdev/refs/macros/krb5_princ_name:krb5-princ-name}}\label{\detokenize{appdev/refs/macros/krb5_princ_name:krb5-princ-name-data}}\label{\detokenize{appdev/refs/macros/krb5_princ_name::doc}}\index{krb5\_princ\_name (built\sphinxhyphen{}in variable)@\spxentry{krb5\_princ\_name}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_princ_name:krb5_princ_name}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_princ\_name}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_princ\_name (context, princ)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(princ)\sphinxhyphen{}\textgreater{}data}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_princ\_realm} -\label{\detokenize{appdev/refs/macros/krb5_princ_realm:krb5-princ-realm}}\label{\detokenize{appdev/refs/macros/krb5_princ_realm:krb5-princ-realm-data}}\label{\detokenize{appdev/refs/macros/krb5_princ_realm::doc}}\index{krb5\_princ\_realm (built\sphinxhyphen{}in variable)@\spxentry{krb5\_princ\_realm}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_princ_realm:krb5_princ_realm}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_princ\_realm}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_princ\_realm (context, princ)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(\&(princ)\sphinxhyphen{}\textgreater{}realm)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_princ\_set\_realm} -\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm:krb5-princ-set-realm}}\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm:krb5-princ-set-realm-data}}\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm::doc}}\index{krb5\_princ\_set\_realm (built\sphinxhyphen{}in variable)@\spxentry{krb5\_princ\_set\_realm}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm:krb5_princ_set_realm}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_princ\_set\_realm}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_princ\_set\_realm (context, princ, value)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((princ)\sphinxhyphen{}\textgreater{}realm = *(value))}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_princ\_set\_realm\_data} -\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm_data:krb5-princ-set-realm-data}}\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm_data:krb5-princ-set-realm-data-data}}\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm_data::doc}}\index{krb5\_princ\_set\_realm\_data (built\sphinxhyphen{}in variable)@\spxentry{krb5\_princ\_set\_realm\_data}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm_data:krb5_princ_set_realm_data}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_princ\_set\_realm\_data}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_princ\_set\_realm\_data (context, princ, value)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(princ)\sphinxhyphen{}\textgreater{}realm.data = (value)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_princ\_set\_realm\_length} -\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm_length:krb5-princ-set-realm-length}}\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm_length:krb5-princ-set-realm-length-data}}\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm_length::doc}}\index{krb5\_princ\_set\_realm\_length (built\sphinxhyphen{}in variable)@\spxentry{krb5\_princ\_set\_realm\_length}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_princ_set_realm_length:krb5_princ_set_realm_length}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_princ\_set\_realm\_length}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_princ\_set\_realm\_length (context, princ, value)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(princ)\sphinxhyphen{}\textgreater{}realm.length = (value)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_princ\_size} -\label{\detokenize{appdev/refs/macros/krb5_princ_size:krb5-princ-size}}\label{\detokenize{appdev/refs/macros/krb5_princ_size:krb5-princ-size-data}}\label{\detokenize{appdev/refs/macros/krb5_princ_size::doc}}\index{krb5\_princ\_size (built\sphinxhyphen{}in variable)@\spxentry{krb5\_princ\_size}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_princ_size:krb5_princ_size}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_princ\_size}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_princ\_size (context, princ)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(princ)\sphinxhyphen{}\textgreater{}length}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_princ\_type} -\label{\detokenize{appdev/refs/macros/krb5_princ_type:krb5-princ-type}}\label{\detokenize{appdev/refs/macros/krb5_princ_type:krb5-princ-type-data}}\label{\detokenize{appdev/refs/macros/krb5_princ_type::doc}}\index{krb5\_princ\_type (built\sphinxhyphen{}in variable)@\spxentry{krb5\_princ\_type}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_princ_type:krb5_princ_type}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_princ\_type}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_princ\_type (context, princ)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(princ)\sphinxhyphen{}\textgreater{}type}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_roundup} -\label{\detokenize{appdev/refs/macros/krb5_roundup:krb5-roundup}}\label{\detokenize{appdev/refs/macros/krb5_roundup:krb5-roundup-data}}\label{\detokenize{appdev/refs/macros/krb5_roundup::doc}}\index{krb5\_roundup (built\sphinxhyphen{}in variable)@\spxentry{krb5\_roundup}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_roundup:krb5_roundup}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_roundup}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_roundup (x, y)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((((x) + (y) \sphinxhyphen{} 1)/(y))*(y))}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_x} -\label{\detokenize{appdev/refs/macros/krb5_x:krb5-x}}\label{\detokenize{appdev/refs/macros/krb5_x:krb5-x-data}}\label{\detokenize{appdev/refs/macros/krb5_x::doc}}\index{krb5\_x (built\sphinxhyphen{}in variable)@\spxentry{krb5\_x}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_x:krb5_x}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_x}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_x (ptr, args)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((ptr)?((*(ptr)) args):(abort(),1))}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb5\_xc} -\label{\detokenize{appdev/refs/macros/krb5_xc:krb5-xc}}\label{\detokenize{appdev/refs/macros/krb5_xc:krb5-xc-data}}\label{\detokenize{appdev/refs/macros/krb5_xc::doc}}\index{krb5\_xc (built\sphinxhyphen{}in variable)@\spxentry{krb5\_xc}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb5_xc:krb5_xc}}\pysigline{\sphinxbfcode{\sphinxupquote{krb5\_xc}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_xc (ptr, args)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{((ptr)?((*(ptr)) args):(abort(),(char*)0))}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsection{Deprecated macros} -\label{\detokenize{appdev/refs/macros/index:deprecated-macros}} - -\subsubsection{krb524\_convert\_creds\_kdc} -\label{\detokenize{appdev/refs/macros/krb524_convert_creds_kdc:krb524-convert-creds-kdc}}\label{\detokenize{appdev/refs/macros/krb524_convert_creds_kdc:krb524-convert-creds-kdc-data}}\label{\detokenize{appdev/refs/macros/krb524_convert_creds_kdc::doc}}\index{krb524\_convert\_creds\_kdc (built\sphinxhyphen{}in variable)@\spxentry{krb524\_convert\_creds\_kdc}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb524_convert_creds_kdc:krb524_convert_creds_kdc}}\pysigline{\sphinxbfcode{\sphinxupquote{krb524\_convert\_creds\_kdc}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb524\_convert\_creds\_kdc}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb5\_524\_convert\_creds}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - -\subsubsection{krb524\_init\_ets} -\label{\detokenize{appdev/refs/macros/krb524_init_ets:krb524-init-ets}}\label{\detokenize{appdev/refs/macros/krb524_init_ets:krb524-init-ets-data}}\label{\detokenize{appdev/refs/macros/krb524_init_ets::doc}}\index{krb524\_init\_ets (built\sphinxhyphen{}in variable)@\spxentry{krb524\_init\_ets}\spxextra{built\sphinxhyphen{}in variable}} - -\begin{fulllineitems} -\phantomsection\label{\detokenize{appdev/refs/macros/krb524_init_ets:krb524_init_ets}}\pysigline{\sphinxbfcode{\sphinxupquote{krb524\_init\_ets}}} -\end{fulllineitems} - - - -\begin{savenotes}\sphinxattablestart -\centering -\begin{tabulary}{\linewidth}[t]{|T|T|} -\hline - -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{krb524\_init\_ets (x)}} -& -\sphinxAtStartPar -\sphinxcode{\sphinxupquote{(0)}} -\\ -\hline -\end{tabulary} -\par -\sphinxattableend\end{savenotes} - - - -\renewcommand{\indexname}{Index} -\printindex -\end{document} \ No newline at end of file diff --git a/krb5-1.21.3/doc/pdf/basic.pdf b/krb5-1.21.3/doc/pdf/basic.pdf deleted file mode 100644 index 9f9887df5c16c891f72505b03652fe8df785802e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 185464 zcma%jb8shJ^Ka~IY;)s$W81cEZEV}NZQFLTNjA1^+jno>_ujfy?^E@A=AUzVPMw;X zp8jY*nO<#hLF4lIxIV;795uq zB#zrs4WoIPOkNVHjEuT7f;vy8I-RBMC0Y4x}#`)Ojn zQS{Ny1Hs0ovaS82hKrALxx;0Hho|f~-*)M$%4R~P`RwVKOHS8$>b=;R2@ z4(6?FJ^GzzH7y*%ppmclJ=#jzJ&#p%_K2P>>&g2$Z?b!74KhVX>j_ev8(hhvu*7J8 zv&RbZv{-kR1CVd|Jf)%fu#NjsC9dn6_2;VY%*7j!TX`C}&7B>JFz0|Fog10XT-wIh;qV~D`a>zqU%&@RvbO{p&lW(bD-Lzov4TOX|HX$6uoc0U6& z9f4H8NLk~jeiDVIeZ**gm!RZu6bz-*++-9PCJQDD6ZZ&B;Ryw9sQK3~$n<4b!3@@* zNGw3fj6ph(SP->zk=aoFNu^PYS|79#Y?gx!OqPAt3&-(NU&?-+48}$(JJ~4gPDHej z42nJ7UI+_nkkX#HL*`i~R1H=Qfk5Eyn?wM?(&2GNO!b?#QuZOn*I0S)XdmpZ4m<3r zzD6i8+iVnr+;4Yue3OIb+a-@*n1kmu#&FgeLv2Y)g-Vj9+X%Fo3>M*FoM1xaCeTLA ze-uZC##b=ICWc6ng~`*g;3i;3Fv+R02D_>Zr60#JQT7eSEk`g3kNXWDrrhf=Ke8YT zL#h8tC*vBvg6$uO@n2bwr9)<)(6<`Cl8+j`5gHClxrQl!Pr6Y!ED`jdWIc*0CqCj# zW={0$i&8@du2$np!_hzr;c{R;H0<%=8&iK3)}npqPeptWA$>CxqJ1-@{uSpVzHf#i zzSEW?zLoVpLVc*egv^M(3T=tL0`&;=Ouzzpg{hT=g zc##9~Hab}v_3pjicw}ssrp6CK>D zx|k8SrCPr_k3<){-1cP>*Gnkm3{TGNZ=W=m%_27hJtBk0E@$!fxx26FRikpz@nJi) ztb1V2FIpn29q51NfD`>{?vQuCja~+ zP}-IWfsV$ak_n{Vi2g`7}j#mUhoIvyTyl(`lt=0&%>9|c#_cvm+GR;2NdW>9CxX+e;F)nzN;Jb{T z9F?4$PYAdki&f)nM$OIhxZ}ThR8AkLT1Ut%=lEhD%BcBjWAj*k>PehEx7<^O3EAj9 z=B^H!KEcA&UcL@Ok>fLfxvwBne^iGmt-C&x_7o;ziLSC#@DUCxG53ZL-80QY8gzYfXFnRuU%s0+6W?Qy{0$j$nG@6IU(C!N=AEt%?{y4z zo*ejm%z}x`nza&z&m)oL$M&u>#=M7ox3%M)8$9oi_hsRO^-`5rINqFBmOK|7u6WfH zI*BSO)g+rN+r}lhR(CA~&c(CE#qMaZIp`+EOS4oVfo=?p)YyUTU`lQ!U?@j4Pm^;1 zj!BLMN*1Rk$-Fq(l8B!n>Hg`SrXWh=@F|Q@Rf;>4U2tev(0Nj;eRHa?7UAk>MQBAK zf{-JMj=U+l-<$BubnOLF2SP@%NFj`|seKzp%;DttYJKIl#0@3sqf5S5_7Gh+?2x)1 zzxJVH!R=U_$wGLHdZZ|_?CC@KQrw~x>KBY&jM7`_{T%7VyjtoClgpB6@vI+%ij$*H zM{4Eil`z?<*-r*$;h0VP6-$*gG>Q4>E&>3Z40E$#!^v8>QW!C@Uw3o2)jf}csBdxd zQcA3I%h-Uyg`-rHF)o#u5N}O(Y#*ge0<$r$YFv1|^hcc09kUt?m(F_&E-C-^qu)kD zldxu?o0HYHnt59rZza%gEiVZ_KVZ+!f~1Fbbz#u2ig$K(BS<%-;zK+s8|>&s@UM#1 zgFGoy{w^Y26;lj!qi)B9mT`-27k~eudJlhpvny0h2==5^aWgdDW%!t2>|&ks#X$X9 zNZl&PrTX!#=^Y-*L5=@MkZeBd;<0WSBo)=nw`2Ly1ap$I^&7%7#XfFbR<1YJ$Tuk2 z`@+}kBOI7VWtNYCYQo?j5XJQ0h++T$82)t{rYd8*&W_sku4aw^JSSx7Bc7y<2_ZfX z;$W_{&~I29Gh_@u)IhWz`tiQlRXN=I*d9iQzg=9qVzP>)+dU5P_!g`yvxg0ySU&rN}9zYO!^*J}HweSrY z{L+G>2z6%sJbjxRT6&!c860-J`ReVF2+;^_g7W*|aoe8z^2cDSw6BV!4Cr}&ErMqq z_tep{c{fKofAG^ z(A3|l#l?Ob&Q`;F`1C_pJ8tYXQZo~aR&@h!kE}&Wj?b@WhRjlQUOny8L~m@LFZPki zu}1RxtC`Vx`}JXauCC!##d4LFU+arBKRyYr;mo?abcGywg3*26tf;h@9}9G+Qi{`a z4&@-0t>ctiB{=DAG&+1+_nUJV)}$TLkg3ol^-0>0eu3j4WWm~)boFf%pkJ`7fu>Gc z_*3^sg18A>`0>HY{Yk@Z zBZOds{~CEmSATiW^Bdn5)ROt)U^l<3&C4YJhWWI-bDfc78``NI?@hA5qi3)Q>ebCl znH?IlfMf7rNWpxSk%jvzAr#dcK?=;w|7stC_1zTz0eE?7F@|Ou$`m1xhzvjE0UYzF-h0qteosf z6NB@h%BsInUpD$Bfcp>^ZR00|XWI^Md7hR)4uq9vT&X{K%=-pOZ{Z*O*X)B<7>;Z* zQQB0LiH!ivX58uW3m!FOA>W_g$yVWdh*I3nbot>ZUy?>TxbMl1mn*g;FCMaFAs>z> zO1j<<+)}&O)}Hs37MC-&U##82^(c{)_jw6e-(v z0Nm*H7wT3%zw4NxR0A4<2=F*UUMNo;`e03YwF@vdmtBHT@2B(}W3^!@*hjiYT+(T; z4ezJdMw*SA3(hN9xNrNt9iCPzW$&fj?34^k({kZC{dV@b_Hp-d?d`O^Il(4b4=q7O z=$G9qH@wfudaKp(N7*+*!`0)=J>tsG9&ZO<*6lOCOfXSyJUZLNP=b*}G&$9%t8E)@ zf{-t(EFTGE2A;C_8r&GfLyomST*F$u&lCCABkr9qSgf&%NUotzj3{5Nqm(*nA1^*V zZTmvsjKZ$2w@=Fl+w8Rlr%9MUJ*G2eBHU)(pif7mox467TX>6+r1qpbP`wloh9wD+S}eY#q9+g)AX0y zpX{;OOWQ1u#n?5YdU#;zA=01YVAh_S z^pNQurS?gX_0`POIM!L!MVh8BBfh(zQeC6EC9^f?^HpU_K9Nw@z&eaL3;b!P8_PHk z=-Tff#L&ht9&{FH(Z)D%sDWKs)JCaObKh@M+3GV)ZUxgljPByJJy>)nsr`fF?z}Zt zc`vG)&31Rz6|Z(2{fnL6fP-GaL6^N|uPaW?eeg9rWGncWX}UgcFgO=kCxlj>wOtgc zmcNWUwz`&L48#_-#4A==anXh}1Z#Hbtp2j5QogH)YW1N;j7 zDq?BIerS8d9@`B*bwsb<-x)o29on*jiMCkqZ6;~%JHLf#ng0NHP+51czG!d$ZTPd6 z=|k#J`Lo*ONo{!WGu!0OG(ax??G@{YDq*BC&+X%xcrZ(Zl84%`*C%E6?YE<>4}ot< zcYaqGi_ebt_RyRm4mVTdd9 zbeOmIT^81;l__rT{+F0<|7Yy4w(oe_=fAr@W3}zSNtQRh$Kap&>T>R%JqrGAhcyjT zlQKO~k@2?5M__rZ4#uBx+!nMopW@6vz6Sis?(LuX&bX_}duI0b1RoK4RcVuL_J}#o zP{lM7Vy$X_&#NWho&!(tfdsZWFcSBRSI6S zI+OR58Cq9}Rc)%Whb^Cgjo?w^WN{OXwB^ zO08GuI;HZ=g1w*SV;66EJKf)hd6q9|zryh!JPPYScoYt{f1TW$#PZ02G9U_jen(JV zN2KYzUpQ+bh9e6Dw?!%j4b2?96CYkTx{CR?Sr#pJm1+#IK{*P2-x;bW_8~$VH1v!8 zLNIM6zj){YTRmmo+iLw`ZaBBGKiCzm9lOds*%fM4MQU(B@8*(1NhE592YdIU@~qe; zpK5v9fv5R#NTMP~cGQ|Dxr9ffSw`S0nYs-&^OPhU;yIBa>j4QvmnBmBR5)`5DK5bVB$)yICfAaW#Ov-7#aI z04R_V1^DiNUxESf4{udWtStXp@zsekwgLQzA=e)f99Q@&e|!dXt*Xi)GgWPtK+&p7 z^3W|bzr8VBtqNtNrMvqW``)?XxS(qN0AYYE+s2b4S;?IU2@^15NBIz@CWt6xY4sl( zz$kNt8Qf6~UlfJ)Yc;J0%8H0+Jsw+zH# zT?*wA5@ZQF>&fC@4(PSt;d0(laBkZnGRaEC<5vm1q{~PO0>(H!KAktn(-bPsTYb8t z{E&gSqo$2EYYjIbB3mgw$+d#zI!pP?*FGy9<@YY0RqWx#C}IQjTjXxPoO`Jxsp7n{ zoA^uNOdM9C-cDTjBDYAcQlM~=fi)Qnkkb}tjU(jS?&|i}P$3({?pTA{|DGG{QE-c|FaPOLfCdV|0e%{{DAiOfb#I1 z`1E!`2Rb#UDt|#3`4y>t{^^xD!F=2*3bp>BNf7a43NS}-2aaI7(@rcLYV|XX46Jm@ zpd$Y$0K*&;GqWO;ghJTT*yKVK{B3~NA@%?`5SS;9=Re#51IvHk0V5m7f2{m}w((-@ zafkJ>$C}zcT78ujQKL{BY^@w~ZWr84mGUH>Q1q1qM1x(R9g4U2uH|c%FbJYlogS#} zUhiU%>n+$WJ$jI@FL$C{9Jjd%LHb00@qz{F%t(4)ur2&0-+K@R)beLzSr*-_qnqmP zX^iiV7ZcapGiy}$V2U}wql>Gqws<_`oK&Rz7~!pp=XK<_N2AP#ueSGwj_=w>{ri-5 ze0|s+^AHy!ilU?~j%a~jZTsCc!m``Lp2sn98hQFy!HXDDmOx~L_>jR~F>+7TcIi3W zGJy-5TCZ)3K?-P(!j7JGK@dZ)X;mOr{yIg{Q8uk%(!G>grZp;<&+2)%&8Xxed#X?Q z?`Y`{NSSrLK++Qrt{;I8YoX~uIugtH9Ugo$^{$zK8)x6jcN_Hq%#(+CAr&S+Btl^5 zY36h1!itn1pUu!HdW(xWEy|tWTv5gc+xsCl&b4RQq0^bnx9+yL4elrGC;0Yn>*TT@ zz*u0?+me(KLB+f$24$RnI1uG}mB5s^kZz1g^?XiEyu4-cqGwRHpghIcl}|aYuSo+4 ze!y{no9_xq8Jwwl{7Rvz#(K*Kej(#}^yh&7WS#Z1yWmizZ|L@7TZ_3zF!(gp`QKm| zDgh%v9p{h2ph~OF#jJZ;2BSUmLY?91M&eEZ1+R`Ipx^50t@^--c*!En20r^co0-eZ zGZfia`Uoxw;eBwK(L^a~s%Iwwj@>Sd7l;f@jaLiF-yIxlb8ig_oH zb2q6)6YCiZv@*A4`?aErw*s}?NSMkbo4EcG%TRW;;!gWjWx!aOf)O1GV?~8H z8%d5n44V%$>)6x(HB{t(6v6B1ZPvy3!q}s#ww4E%38}i)QuRX=w{EFIl!U1eR~seQ z6XaNeg!mZOgGE}s0tp&;bNX{LP^WeKlsCX&h=4O`7ez=u>SvDjzL_gw3)VyySN&)Q zF@BzB%92u#M`lsuScU=w(u~o1W%3T}%pGyP82=^0XgpZs6iK`w<4)MIrVPG>X}s4To)u1Uq3RD_Gvp&7dF0sKzazZH%p;SeVK&*pf%78r2F2kctJ4z-HULaeeF6Oi zGmVBf2EN;zbZc!Iyl~?X-QYji6`liiMA`UpPKMC!HtUiDzHyzrA%EkT5mD4$Vbz?` z9yO2C0sv`s^#gtq18BD}wB4IVM+VveX_-wy7$N)OQx*3W6 zoK{Yf?k@&#fkP4P#4*G1D2)z&|2THk5wULR$yKf-)q>`)q%fUhcw*!i!aN8wM<3i~ zmkSR$EZB|Tmp2BvfMGnR!~a|Jv*{H3)6m=u8Rw-=`tGp8QZM?4B=?Pj+CcFe>g0pfyV3TTuZqvixmj2mL4_Q{swden*z zqp#0mtTbVduI38wh$rL0-3P6sIsqLaQQ(^sl=szY#kL!O*TRhs_PYV?kPt_UNvnkD zzWe)k_pZ+BD_r+~c63}O!%J)I1;R=bpZfL%p3L0Bncl!&sO7o9ITt6W+o$A}7w-1} z?8At^OAd?5NjB>YF=crdJ;cPNtEZ3g%c40zM2Bz^TIS-b;uXps1WfdB-UIu-1ND zQ5)PBjL|}mBpJJb1baO?n$I94WA7Wcz~__)B%(?TfcGX9W$k^JJNR#Q6cQ(zDi_PT zl0r4q)RPH71|);Z9x+)FGoX_u2bYGziG#(#1D0%UeR_Me3u#ddveuL$FTfHjNg1%s zb^u-J`4}bNj;>X!oul<*0YfTqRN@7MVDBo;@f5P^S_V#Mn>)W&cVPNi$~t!I!-0=h zGMCMf>~&vkqmR!ocQq^hw*zP>@{n39fkI(;rX-Z0fu-Vr6+ruVY%Q3xzwPS-Zut4x zE-O5ZYkonOO`=3j@G}JlOzykamNKvaU8#CmA_L3**y*|SC);~LJ|no|P@hXMSb(EZ z_7^+1I30gEfU$cY0?Xo|fU7@X$HdUeQ7g$b3qM|W+Gd}Vo%jh1DYtF|wG?OaK}O~0V?`s>)~%{p(N+3C z&^88O0n=1JT0(@!R9L2#hgD9J!o~SdY8UYhTCYoWxPoE|(P8ZT@gR$HiB<~BLdKu3 z#@YDz-Q!g`QKLaF*D^j+b{#ecd-q3)oNd9O8{?C|Y}l^}JywxO4jzwfj;wSo$B4vO zgglUQxNw0L1No=4{||K*wbo`5H%=*|}K?;^kH zKOVq zwY1TtZRUT3XhklW_?cbrJbyV$H@_IIReR)c2?>#=#P_2T^+kNIsrL%1kT*CDylkF7r=AzfAju{fz0>V_q3O9M zAz~bX1C%Q)>yArO_&y1PB2|^$>^yGqo^AzTPq3w6wWp;4iN_xSl-@yD<5pXeuGP(3U#IG;=)i`&pSfje&3ZE;{QYb%*gQ%`7=8M z`@gN>4{L5ZW{n~FF6-6X8dP@S=7O@z#Z0?6aSVqSS5{KL$+EVCbxRH-nM2&5^RO+QaLgqg)L59QbDUqBy}jD*Vz1C z6gwt3Cv-7x{hRI8vI!(`)~=Vtg*soreZpqE5?ZA{C+K>y-E7)@zE8&Wxt6b3YeqB{drhQu+wi~3>;4jpCQXx}vpD#WR_tJAmN=)lBqS!z+jzzyP>_eDbFNXL1REm`S5>OLrwyZHfcUK&5b#qa3FB6&NR*s?EKh%6msnj z{~U4`nHXX5S2}XozH8Unn$NR%-J?H8R33G;DgI^Nu|{Co4*6tkvF+vTF2r@!X$@Ba zA2_s%52;LcVzB>igFZ@nQD$%60(X;yK{Tg17q^``Bn zLrv%*IEDGq-uQzfgkRTJt)fl(S-}RI%@vj*lxizS>U_8p?Rx4V3l0 z1Y{SVK^#Hh?_}q2;jWemOG)i6s3k==;my->Y6QS4b0pH- z6P1EWW&#|4y+Ia_4iarInXM>nM+7(XF5*jPws_~q-T>7QTdc6MARmDvqd^SEV_uK# z8$dkF&X#RAk9HhPkH4o=lg{2rD~$D+6=L><4g#EPn7tdaI#grc_^ARfIU2wV7-z)l%q>M-tLTkUJETR*xPjZ@O2pCd>(G%OCXDFzRlvOcJjTjZ&>o4(_!f z;^CUbQ>p6N9(KSzG?@EK8!)|oMh?~_y1V}-n&SII7=#W`;;V0Vj_!oS^GvpWL0qJ) z-Z7WXd;zgw%9}+s2!6f%2nGb{s=f*zF@FhG;Y99f!I2413$%(u+Mk6xb`YqPiL zZ?pFZ0wN7;c{m+1K9$tnsQy6RzH9i1NVffeB9+ORcp&_EB-}U+Jq$JjbYGhw3C&UZ zD&@WPzJcop_80RPaMWJNoZiJ`xjQh&m!(* z>&aJ@)ToOx4V!6#+qp=9M@ffdL%=3dYMD#K$$!Sn`qc1J$A!-@L1llq^hpg6=6Txl zKkr#?Zap$D<3n};o^X2JQ!sDn^j#Arvyb_o<;ejOJq<{j|AyL>x76y z)xdnnqRh`TVG=+ho%ScVROQCcy@pxelxh?Cn3w)p<$gSphv4glxts={HRFa&!YP>o z*EwX62wfG`)=g=+CoqR$#>cz41WvkTDh^{%5wlQhz|W>X|N7x#&`BW_{Xmh{%Oo73 z6lUHI6>FFmk%-`!aBG%WU08^uiq^7STnHl+g#i;c)CHjc1Ctpubx@SXI9XMbnV#zD zl|uhjRPVPiGrKmF-NRI6zHbxQep`Z9B&_bYS2SF&=1re`TRl`2$gc`SUy=Tb64JUN zD)U0BOpsVso~ShCtBRF$1k-k+cMWNsyg#H<8L$e`EfQL$2s6cfm{fvM`2(eKoVm(G zXvC=m?FL{4#A%4U{Ger=0}E5?`8_x*3%#!?i()qpw&(>Y5kD%#5;63kr}Ytm?NHA* zX0Ol&q-mmGc637K?6H!!&XYrqE@0G<7_bJr$1v$GVjt!4P-7S@tS&x!;-9_*wyoaa zY|5~$0s*s;nq?jy0n^H^GBMf3#rX2mWUq#^h{85!qico;I?baF!ojWJ_c7Y>K_2%j z{Q9UsBr2pzQUbN{^KYClujOPRRG;YreRS3`uL7Ptla^2IasaAvvV(i-`CQhh1-6EM zIHf;78d%2~N6t~I3B>8J{6ZI03pO{yY1l(+mF{ARhoL9!?L7JuLxte`WwjcJXJ-`Y z?_Kl_wdCml#9k~Lu@Fl~W&jpza`r zjdAI9x7zg6U|Hd@uJpYfZ^?^*8?Z@%06h1c$jM$^GMl)`--f@h{BE0Q$an{Ddj_9{JzANrZ_Cj#$dJ!@(<2M{_93^lTTLhUjSJHA(bqO?P zF~>g5(V5<%YMaY6n?^1KhAwyt-zB94)1u2S z%D|s76SwVNQ-H6HGS8T40w<%giTQ)|&W}V7@=9;!ci|l!lD!q&Cb8_;SbMm)JB$aD zkx`TQW4<)m&twfR?#mK+3a=ro+vRmJU)MWEzoxHe%nje-S;M7d-qJ;3vQ?$(9Hi7o zQ?>Nt!08WySVOIDxHVxT`T zeOTSqNYztmUkHX{Uh@BtQZxNSFN%fZKdhL4(RRsJ9=BNspmv>8yA=UN9#xR>BSfbb zP-^DY*w`SBA!kF)>`7WGetYK%|8Bm3pmiXA75yZb2*L|HugR(98P!C-S12irLYRKA23dkHsGfg2tM*5;upEg&Un25V z2neM4mfK3DwMF+tWrMKaQ1iUM2Nsu+Go&2~_-N1n&@ytr)0m8+}Rp zbTv+<;cRLO-VArPoXyUJy$%XXHHwb}wOFP|?v4`o>n^-}lXm$Kyr93@@OpiJ4l>>R$HwoA1-qjoyaV zgkc1~?K^8cPN&_K)W}}U&G``Uwf>CP%nUsSA-ZiAE~yq?S-&1KMkL+cw6&+Fj?&m3`R0$M5ii7!IAZ9!4WtHz{N^;hCiZPK@-9gmUl8*6Jw1py z3u_ZkNX4nZ#r)_>Wt^|aV3UzXyqyi+*1a&?MoQ>iA=Oo3<>w`tK~vqxFlKhcT0ODY z5gUlP2N>?~3P=i)`q-wQc|?ImOb8563i0neo;cZ_1_Bx+yID1_Y&&?xf!tPh`3L)C z{s;C2Bjdj(LPp0i*bV>?gI&KPaIDL5Tc+#xn-$8zP^#I65Rrwbz$w7WeS67mLL}j& zOFer$eYPdo{eoPduvfeU!0@{l(FgFeAj~A0a|oO2cB%7W@oPKXcn}OrbjB<1%fq(| zc3OAIs0r$09}yi3<*7;Q;iaC?SAxqQ;=z)m;WVjc(zgd zxuGcqv20oLabt7j2KFPggoyLrYY1MZ%8@8kPZ|-c z=-Htl$sh-gS;ZPmJVLOZ`L4AASiod)0uFeY0u>WgyP?F~-MSM2e?M52D#EW-Q;4m< zx6Dz|L?UyyUjSpckuO*V?nI=w@|mskl#EsqI*$1?PUz%`%gW4K->w$^Ncm>ggaxq$ zszWJ)9FjUPpB)1>1Vo!e@Z_pSoG|a2}8eTn9JRT#vT^R>f zwGbr>{^IPMcNRU+TldgA2lXgL)ii=lI{-D11cO;jKzYCoWhzYMhXh=E6eU-q2PT5* z^9B`Va~RONtGjcc78EAsc^I*D-=5hj6r6MHyV z_Q(Q+4&5*O&<*Renu+{Bd;J2cpRTC6qg0B{y)O`nOkW7BX7Mb26OpO4wOh2>LxjY{ zILM_Go11iUDoCsOLd4VpjCYh@PHHgenTI+`X-`$kzi(ES ze0`uU)(70QIULfO7qXo-3eazk>8@Sf8VfQ@>*>Lopfb_9YD@>`7w(q4VFG_J<#=XAqM8R@&+|ie*F+BhW*2w zm1z=>mx*R|PhU*uX_Y85s-lp}lKQS{Cbn1X!#48k)pnX**Sbgdy*eF#C=-Z+s>{6M1i>8S7{S?pU+x4XLmm;|SHR5vA$t1_d_PD? z;JD{2q3{r66!#nA?ut(1zoYp7&x2BSw=*H6mov0fa=Y5AQh8yW9A*i2YqD@**nA82J(t%oebcG5QBDLFauG}4ESl!_f8>Okhs&- zW<%uHrja)W1vn1VCxk#o9U=u&6Mz)^0AwJ+x#{bp1 zFpkBbJVNktMTw2Z-LtBUh@)o8A00~Es@DaP4jR+Du z`&9a>Hr7vN z5!M|^ApIg(YgA4F9rHH22Xm;9exkr4L95$(B59Jy{_^^ z^WHP#HuZQxmNCNS4UN~JAE+K84UJWK;RN-PY$w>BMNGRA#c2JrjoN4hHlq7F3obi$ z+H5_y1{lIz6v29|^Nt)eA7&1%6rKyyY@Kv$Tq@b>1cJEH5jfIF6jnU zA6}QR8nPX==FZvZsBma>&}_{-5!auQ-W?elFkz-V;94}!b}!FMo=|^Or4+q)PgSd$ zZ|fb_O^fcg{mGax-25qwm7CQ0=DzNg=PAzHs5|Gd0>RXo5Xm$1V( z(#oBa^IGXE-FP5U^-Yrz`?(LE4Sd{bR3SIIjiJo^!0E>{kpar?&%No-GO=!rorSp^ z_1oecTJ?N6aU3<{&q3bLEwk^LpipvNW(0-b2*8?y3+82KiSH94_wUo07tr8;?YJivp8}WkqxM7wgf3{!BJ0u^lmnUh{hcz3vSBNrD%$j zle9YSCS;Oa<|?&E$!=01KT-EMj53}4$|ZR>Wa|msyzxPkzsdoN(B|Q3dWw7eqj`am zmw}}Ph%x4ISqo$8%wrDKQ?dNjH{?K#`O6;L+2$vvmpG_={k}qN$QgqakW_4H0 zdWm{_i@Pw_zDuSNZF>$!ODSAw5#!P%5l3crgS$En`{4t?>i`~Y4Q>Lf)L|$4Nx-33 z(=w7KtX<3eMyO`x@(xm!=DiEq*wGAoz3rH}WjAgfU4>tS2DpKWJXVFl3@uPwgiE6^ zS5i6Cg~U=y_R79`&QyL<1aaWdfFm+7a#w&u7O4w=$!wKkdiNA;eX<=&+1+Yh|& zHSgf_t8ncV9IuUNZrXPE1C7MpBmo#Un$W4Pa0_)=qe`66dW|Z#?joJkdv^KTIvsr_ z-fKb(d5b#$ue^-Nv-p*-4XxP9e+NAVmVavPGW>f^baWh-EeHc*&|gk8tuL)KJRLffF-ld!63-dJ_%|vi@z^y^3>H!XGF!(RKw36wW)*eUs1C2|DdVAeC7Z8p8z8Z z;6FUr|2Y9j#+pdjXT93e%df^=s=>ArQ79bHQ zCGZ1!Y+!0`S4V~dA>7IXy}kh73Jvwk?d5@TgUGo_n2{3R8C7(5|Gar!?xP0!O2l~4 zDCxq8RPl_L+|_W;#rN@Xd;YkIeOB~H&n=gCpZ-bzJ17@oKuO~ylJF@9_WJ(n{gY_x z^X6&)et-UJ`8f9i9qE-(k?4v8%m>vYRQ@d;v1$J`v~*N#$lJ|JSE_7pNY3~{jZC{P za$rG@ER3Rv0I9QdH1>OwK)BAcb2?!2`zaJ4Az&E}gw^;FOXFF`ekCyS8<{IloifoA z7OZH)`AE}(^iFcS{m(P;mJXbcXs2EPyE&KU8yQrfjb)C$gJLQM+-C2>oP{MjqGV44jmnSn|8IrAG_Q1F9Ur2c(Wf+d&lW zTCki})hpMsr@E6`B?sRrRtypnDC=k>;6A|U4yNDKlRt+al4K}hcP$g=>-B20!b!CT zq@BTC^d5G$*a?nRB--Kq=*f~p(wIZ&f1-w2A~4qW#6=RHyNFQssKIPSOSfBu!d?f> z@U;NxSq= z)Jcyncd!X!QmXMcp?L{11Q*WIT@K-&X#9jtvo~y1kBkboq&6R2d!`}g0H&+?Ar&c2mz5Tw zH9dHkd`zT&SBQpITHkqg;;E{ePzoEfuC8*q#aY85f^0Jdi|Asx;=l~{zZiSR zAWfoeTeNI_W!tuG+g&!gY};M7ZKKP!ZQHi%^@(>+#EZB);_dvExz>-&HDhJY5p#|) zl4_E+-mraA(BLVwb1oA^ms6%(^Vc6k`zzJaY|y+F6*M5!TSw2g`8dts2Vq-2nI6Ey z_E~yWqz(IMl2a~Ng?Ny}&j)`&4HR!A6kAClJ!~9$P1=OUbxh8FJTn%DSIlA zz2%%%MIpSsCOsGH$FdR?j%zNt+iw~1oa9iUkyi{k*^33udW$RCeLTGAB>Tkz0d-Be zN*X1_timLj#M=fo;+N^Vnf&7n$DK~=__g1s&erQ)hE);J*2vrJ84|$Lqnf{5`tYwT z1luXoY_&EX)62HJ25r)Fg^qiSiIz0GW`SU=E-cM_DGJq(bwGr!yBo!t6>R#?p#NBw zFeVc